diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml index ee30d86282..b8a831c87d 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test.yml @@ -10,18 +10,9 @@ permissions: jobs: lint-test: name: lint-test - if: ${{ github.head_ref != 'chore/branding-slug-cleanup-20260303-clean' }} runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - uses: KooshaPari/phenotypeActions/actions/lint-test@main - - lint-test-skip-branch-ci-unblock: - name: lint-test - if: ${{ github.head_ref == 'chore/branding-slug-cleanup-20260303-clean' }} - runs-on: ubuntu-latest - steps: - - name: Skip lint-test for temporary CI unblock branch - run: echo "Skipping lint-test for temporary CI unblock branch." diff --git a/.github/workflows/pr-test-build.yml b/.github/workflows/pr-test-build.yml index e53b660df6..86b2f91d55 100644 --- a/.github/workflows/pr-test-build.yml +++ b/.github/workflows/pr-test-build.yml @@ -9,7 +9,7 @@ permissions: jobs: build: name: build - if: ${{ !startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') && github.head_ref != 'chore/branding-slug-cleanup-20260303-clean' }} + if: ${{ !startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') }} runs-on: ubuntu-latest steps: - name: Checkout @@ -26,8 +26,373 @@ jobs: build-skip-for-migrated-router-fix: name: build - if: ${{ startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') || github.head_ref == 'chore/branding-slug-cleanup-20260303-clean' }} + if: ${{ startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') }} runs-on: ubuntu-latest steps: - - name: Skip build for temporary CI unblock branch - run: echo "Skipping compile step for temporary CI unblock branch." + - name: Skip build for migrated router compatibility branch + run: echo "Skipping compile step for migrated router compatibility branch." + + go-ci: + name: go-ci + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Run full tests with baseline + run: | + mkdir -p target + go test -json ./... > target/test-baseline.json + go test ./... > target/test-baseline.txt + - name: Upload baseline artifact + uses: actions/upload-artifact@v4 + with: + name: go-test-baseline + path: | + target/test-baseline.json + target/test-baseline.txt + if-no-files-found: error + + quality-ci: + name: quality-ci + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Install golangci-lint + run: | + if ! command -v golangci-lint >/dev/null 2>&1; then + go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 + fi + - name: Install staticcheck + run: | + if ! command -v staticcheck >/dev/null 2>&1; then + go install honnef.co/go/tools/cmd/staticcheck@latest + fi + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Run CI quality gates + env: + QUALITY_DIFF_RANGE: "${{ github.event.pull_request.base.sha }}...${{ github.sha }}" + ENABLE_STATICCHECK: "1" + run: task quality:ci + + quality-staged-check: + name: quality-staged-check + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Install golangci-lint + run: | + if ! command -v golangci-lint >/dev/null 2>&1; then + go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 + fi + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Check staged/diff files in PR range + env: + QUALITY_DIFF_RANGE: "${{ github.event.pull_request.base.sha }}...${{ github.sha }}" + run: task quality:fmt-staged:check + + fmt-check: + name: fmt-check + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Verify formatting + run: task quality:fmt:check + + golangci-lint: + name: golangci-lint + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Install golangci-lint + run: | + if ! command -v golangci-lint >/dev/null 2>&1; then + go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 + fi + - name: Run golangci-lint + run: | + golangci-lint run ./... + + route-lifecycle: + name: route-lifecycle + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Run route lifecycle tests + run: | + go test -run 'TestServer_' ./pkg/llmproxy/api + + provider-smoke-matrix: + name: provider-smoke-matrix + if: ${{ vars.CLIPROXY_PROVIDER_SMOKE_CASES != '' }} + runs-on: ubuntu-latest + env: + CLIPROXY_PROVIDER_SMOKE_CASES: ${{ vars.CLIPROXY_PROVIDER_SMOKE_CASES }} + CLIPROXY_SMOKE_EXPECT_SUCCESS: ${{ vars.CLIPROXY_SMOKE_EXPECT_SUCCESS }} + CLIPROXY_SMOKE_WAIT_FOR_READY: "1" + CLIPROXY_BASE_URL: "http://127.0.0.1:8317" + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Build cliproxy proxy + run: go build -o cliproxyapi++ ./cmd/server + - name: Run proxy in background + run: | + ./cliproxyapi++ --config config.example.yaml > /tmp/cliproxy-smoke.log 2>&1 & + echo $! > /tmp/cliproxy-smoke.pid + sleep 1 + env: + CLIPROXY_BASE_URL: "${{ env.CLIPROXY_BASE_URL }}" + - name: Run provider smoke matrix + run: | + ./scripts/provider-smoke-matrix.sh + - name: Stop proxy + if: always() + run: | + if [ -f /tmp/cliproxy-smoke.pid ]; then + kill "$(cat /tmp/cliproxy-smoke.pid)" || true + fi + wait || true + + provider-smoke-matrix-cheapest: + name: provider-smoke-matrix-cheapest + runs-on: ubuntu-latest + env: + CLIPROXY_SMOKE_EXPECT_SUCCESS: "0" + CLIPROXY_SMOKE_WAIT_FOR_READY: "1" + CLIPROXY_BASE_URL: "http://127.0.0.1:8317" + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Build cliproxy proxy + run: go build -o cliproxyapi++ ./cmd/server + - name: Run proxy in background + run: | + ./cliproxyapi++ --config config.example.yaml > /tmp/cliproxy-smoke.log 2>&1 & + echo $! > /tmp/cliproxy-smoke.pid + sleep 1 + - name: Run provider smoke matrix (cheapest aliases) + run: ./scripts/provider-smoke-matrix-cheapest.sh + - name: Stop proxy + if: always() + run: | + if [ -f /tmp/cliproxy-smoke.pid ]; then + kill "$(cat /tmp/cliproxy-smoke.pid)" || true + fi + wait || true + + test-smoke: + name: test-smoke + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Run startup and control-plane smoke tests + run: task test:smoke + + pre-release-config-compat-smoke: + name: pre-release-config-compat-smoke + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Validate config compatibility path + run: | + task quality:release-lint + + distributed-critical-paths: + name: distributed-critical-paths + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - name: Run targeted critical-path checks + run: ./.github/scripts/check-distributed-critical-paths.sh + + changelog-scope-classifier: + name: changelog-scope-classifier + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Detect change scopes + run: | + mkdir -p target + if [ "${{ github.base_ref }}" = "" ]; then + base_ref="HEAD~1" + else + base_ref="origin/${{ github.base_ref }}" + fi + if git rev-parse --verify "${base_ref}" >/dev/null 2>&1; then + true + else + git fetch origin "${{ github.base_ref }}" --depth=1 || true + fi + if [ "${{ github.event_name }}" = "pull_request" ]; then + git fetch origin "${{ github.base_ref }}" + changed_files="$(git diff --name-only "${base_ref}...${{ github.sha }}")" + else + changed_files="$(git diff --name-only HEAD~1...HEAD)" + fi + + if [ -z "${changed_files}" ]; then + echo "No changed files detected; scope=none" + echo "scope=none" >> "$GITHUB_ENV" + echo "scope=none" > target/changelog-scope.txt + exit 0 + fi + + scope="none" + if echo "${changed_files}" | grep -qE '(^|/)pkg/(auth|config|runtime|api|usage)/|(^|/)sdk/(access|auth|cliproxy)/'; then + scope="routing" + elif echo "${changed_files}" | grep -qE '(^|/)docs/'; then + scope="docs" + elif echo "${changed_files}" | grep -qE '(^|/)security|policy|oauth|token|auth'; then + scope="security" + fi + echo "Detected changelog scope: ${scope}" + echo "scope=${scope}" >> "$GITHUB_ENV" + echo "scope=${scope}" > target/changelog-scope.txt + - name: Upload changelog scope artifact + uses: actions/upload-artifact@v4 + with: + name: changelog-scope + path: target/changelog-scope.txt + + docs-build: + name: docs-build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: "20" + cache: "npm" + cache-dependency-path: docs/package.json + - name: Build docs + working-directory: docs + run: | + npm install + npm run docs:build + + ci-summary: + name: ci-summary + runs-on: ubuntu-latest + needs: + - quality-ci + - quality-staged-check + - go-ci + - fmt-check + - golangci-lint + - route-lifecycle + - test-smoke + - pre-release-config-compat-smoke + - distributed-critical-paths + - provider-smoke-matrix + - provider-smoke-matrix-cheapest + - changelog-scope-classifier + - docs-build + if: always() + steps: + - name: Summarize PR CI checks + run: | + echo "### cliproxyapi++ PR CI summary" >> "$GITHUB_STEP_SUMMARY" + echo "- quality-ci: ${{ needs.quality-ci.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- quality-staged-check: ${{ needs.quality-staged-check.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- go-ci: ${{ needs.go-ci.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- fmt-check: ${{ needs.fmt-check.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- golangci-lint: ${{ needs.golangci-lint.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- route-lifecycle: ${{ needs.route-lifecycle.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- test-smoke: ${{ needs.test-smoke.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- pre-release-config-compat-smoke: ${{ needs.pre-release-config-compat-smoke.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- distributed-critical-paths: ${{ needs.distributed-critical-paths.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- provider-smoke-matrix: ${{ needs.provider-smoke-matrix.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- provider-smoke-matrix-cheapest: ${{ needs.provider-smoke-matrix-cheapest.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- changelog-scope-classifier: ${{ needs.changelog-scope-classifier.result }}" >> "$GITHUB_STEP_SUMMARY" + echo "- docs-build: ${{ needs.docs-build.result }}" >> "$GITHUB_STEP_SUMMARY" diff --git a/.gitignore b/.gitignore index db74f720fa..4ad44183f1 100644 --- a/.gitignore +++ b/.gitignore @@ -57,26 +57,8 @@ _bmad-output/* *.bak # Local worktree shelves (canonical checkout must stay clean) PROJECT-wtrees/ - -# Added by Spec Kitty CLI (auto-managed) -.opencode/ -.windsurf/ -.qwen/ -.augment/ -.roo/ -.amazonq/ -.github/copilot/ -.kittify/.dashboard - - -# AI tool artifacts -.claude/ -.codex/ -.cursor/ -.gemini/ -.kittify/ -.kilocode/ -.github/prompts/ -.github/copilot-instructions.md -.claudeignore -.llmignore +.worktrees/ +cli-proxy-api-plus-integration-test +boardsync +releasebatch +.cache diff --git a/.worktrees/config/m/config-build/active/.dockerignore b/.worktrees/config/m/config-build/active/.dockerignore deleted file mode 100644 index ef021aea01..0000000000 --- a/.worktrees/config/m/config-build/active/.dockerignore +++ /dev/null @@ -1,36 +0,0 @@ -# Git and GitHub folders -.git/* -.github/* - -# Docker and CI/CD related files -docker-compose.yml -.dockerignore -.gitignore -.goreleaser.yml -Dockerfile - -# Documentation and license -docs/* -README.md -README_CN.md -LICENSE - -# Runtime data folders (should be mounted as volumes) -auths/* -logs/* -conv/* -config.yaml - -# Development/editor -bin/* -.vscode/* -.claude/* -.codex/* -.gemini/* -.serena/* -.agent/* -.agents/* -.opencode/* -.bmad/* -_bmad/* -_bmad-output/* diff --git a/.worktrees/config/m/config-build/active/.env.example b/.worktrees/config/m/config-build/active/.env.example deleted file mode 100644 index 5b0546f4c5..0000000000 --- a/.worktrees/config/m/config-build/active/.env.example +++ /dev/null @@ -1,34 +0,0 @@ -# Example environment configuration for CLIProxyAPI. -# Copy this file to `.env` and uncomment the variables you need. -# -# NOTE: Environment variables are only required when using remote storage options. -# For local file-based storage (default), no environment variables need to be set. - -# ------------------------------------------------------------------------------ -# Management Web UI -# ------------------------------------------------------------------------------ -# MANAGEMENT_PASSWORD=change-me-to-a-strong-password - -# ------------------------------------------------------------------------------ -# Postgres Token Store (optional) -# ------------------------------------------------------------------------------ -# PGSTORE_DSN=postgresql://user:pass@localhost:5432/cliproxy -# PGSTORE_SCHEMA=public -# PGSTORE_LOCAL_PATH=/var/lib/cliproxy - -# ------------------------------------------------------------------------------ -# Git-Backed Config Store (optional) -# ------------------------------------------------------------------------------ -# GITSTORE_GIT_URL=https://github.com/your-org/cli-proxy-config.git -# GITSTORE_GIT_USERNAME=git-user -# GITSTORE_GIT_TOKEN=ghp_your_personal_access_token -# GITSTORE_LOCAL_PATH=/data/cliproxy/gitstore - -# ------------------------------------------------------------------------------ -# Object Store Token Store (optional) -# ------------------------------------------------------------------------------ -# OBJECTSTORE_ENDPOINT=https://s3.your-cloud.example.com -# OBJECTSTORE_BUCKET=cli-proxy-config -# OBJECTSTORE_ACCESS_KEY=your_access_key -# OBJECTSTORE_SECRET_KEY=your_secret_key -# OBJECTSTORE_LOCAL_PATH=/data/cliproxy/objectstore diff --git a/.worktrees/config/m/config-build/active/.github/FUNDING.yml b/.worktrees/config/m/config-build/active/.github/FUNDING.yml deleted file mode 100644 index 5cb02483dd..0000000000 --- a/.worktrees/config/m/config-build/active/.github/FUNDING.yml +++ /dev/null @@ -1 +0,0 @@ -github: [router-for-me] diff --git a/.worktrees/config/m/config-build/active/.github/ISSUE_TEMPLATE/bug_report.md b/.worktrees/config/m/config-build/active/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 0fd62b5991..0000000000 --- a/.worktrees/config/m/config-build/active/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: '' -assignees: '' - ---- - -**Is it a request payload issue?** -[ ] Yes, this is a request payload issue. I am using a client/cURL to send a request payload, but I received an unexpected error. -[ ] No, it's another issue. - -**If it's a request payload issue, you MUST know** -Our team doesn't have any GODs or ORACLEs or MIND READERs. Please make sure to attach the request log or curl payload. - -**Describe the bug** -A clear and concise description of what the bug is. - -**CLI Type** -What type of CLI account do you use? (gemini-cli, gemini, codex, claude code or openai-compatibility) - -**Model Name** -What model are you using? (example: gemini-2.5-pro, claude-sonnet-4-20250514, gpt-5, etc.) - -**LLM Client** -What LLM Client are you using? (example: roo-code, cline, claude code, etc.) - -**Request Information** -The best way is to paste the cURL command of the HTTP request here. -Alternatively, you can set `request-log: true` in the `config.yaml` file and then upload the detailed log file. - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**OS Type** - - OS: [e.g. macOS] - - Version [e.g. 15.6.0] - -**Additional context** -Add any other context about the problem here. diff --git a/.worktrees/config/m/config-build/active/.github/dependabot.yml b/.worktrees/config/m/config-build/active/.github/dependabot.yml deleted file mode 100644 index 6d275ceab6..0000000000 --- a/.worktrees/config/m/config-build/active/.github/dependabot.yml +++ /dev/null @@ -1,11 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - - package-ecosystem: "" # See documentation for possible values haha - directory: "/" # Location of package manifests - schedule: - interval: "weekly" diff --git a/.worktrees/config/m/config-build/active/.github/policies/approved-external-endpoints.txt b/.worktrees/config/m/config-build/active/.github/policies/approved-external-endpoints.txt deleted file mode 100644 index 4b6588b8d2..0000000000 --- a/.worktrees/config/m/config-build/active/.github/policies/approved-external-endpoints.txt +++ /dev/null @@ -1,42 +0,0 @@ -# Approved external endpoint hosts. -# Matching is exact host or subdomain of an entry. - -accounts.google.com -aiplatform.googleapis.com -ampcode.com -api.anthropic.com -api.api.githubcopilot.com -api.deepseek.com -api.fireworks.ai -api.github.com -api.groq.com -api.kilo.ai -api.kimi.com -api.minimax.chat -api.minimax.io -api.mistral.ai -api.novita.ai -api.openai.com -api.roocode.com -api.siliconflow.cn -api.together.xyz -apis.iflow.cn -auth.openai.com -chat.qwen.ai -chatgpt.com -claude.ai -cloudcode-pa.googleapis.com -cloudresourcemanager.googleapis.com -generativelanguage.googleapis.com -github.com -golang.org -iflow.cn -integrate.api.nvidia.com -oauth2.googleapis.com -openrouter.ai -platform.iflow.cn -platform.openai.com -portal.qwen.ai -raw.githubusercontent.com -serviceusage.googleapis.com -www.googleapis.com diff --git a/.worktrees/config/m/config-build/active/.github/release-required-checks.txt b/.worktrees/config/m/config-build/active/.github/release-required-checks.txt deleted file mode 100644 index 51d61ffa2a..0000000000 --- a/.worktrees/config/m/config-build/active/.github/release-required-checks.txt +++ /dev/null @@ -1,13 +0,0 @@ -# workflow_file|job_name -pr-test-build.yml|go-ci -pr-test-build.yml|quality-ci -pr-test-build.yml|quality-staged-check -pr-test-build.yml|fmt-check -pr-test-build.yml|golangci-lint -pr-test-build.yml|route-lifecycle -pr-test-build.yml|test-smoke -pr-test-build.yml|pre-release-config-compat-smoke -pr-test-build.yml|distributed-critical-paths -pr-test-build.yml|changelog-scope-classifier -pr-test-build.yml|docs-build -pr-test-build.yml|ci-summary diff --git a/.worktrees/config/m/config-build/active/.github/required-checks.txt b/.worktrees/config/m/config-build/active/.github/required-checks.txt deleted file mode 100644 index c9cbf6eab7..0000000000 --- a/.worktrees/config/m/config-build/active/.github/required-checks.txt +++ /dev/null @@ -1,16 +0,0 @@ -# workflow_file|job_name -pr-test-build.yml|go-ci -pr-test-build.yml|quality-ci -pr-test-build.yml|quality-staged-check -pr-test-build.yml|fmt-check -pr-test-build.yml|golangci-lint -pr-test-build.yml|route-lifecycle -pr-test-build.yml|provider-smoke-matrix -pr-test-build.yml|provider-smoke-matrix-cheapest -pr-test-build.yml|test-smoke -pr-test-build.yml|pre-release-config-compat-smoke -pr-test-build.yml|distributed-critical-paths -pr-test-build.yml|changelog-scope-classifier -pr-test-build.yml|docs-build -pr-test-build.yml|ci-summary -pr-path-guard.yml|ensure-no-translator-changes diff --git a/.worktrees/config/m/config-build/active/.github/scripts/check-approved-external-endpoints.sh b/.worktrees/config/m/config-build/active/.github/scripts/check-approved-external-endpoints.sh deleted file mode 100755 index 2d95aa6354..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/check-approved-external-endpoints.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -policy_file=".github/policies/approved-external-endpoints.txt" -if [[ ! -f "${policy_file}" ]]; then - echo "Missing policy file: ${policy_file}" - exit 1 -fi - -mapfile -t approved_hosts < <(grep -Ev '^\s*#|^\s*$' "${policy_file}" | tr '[:upper:]' '[:lower:]') -if [[ "${#approved_hosts[@]}" -eq 0 ]]; then - echo "No approved hosts in policy file" - exit 1 -fi - -matches_policy() { - local host="$1" - local approved - for approved in "${approved_hosts[@]}"; do - if [[ "${host}" == "${approved}" || "${host}" == *."${approved}" ]]; then - return 0 - fi - done - return 1 -} - -mapfile -t discovered_hosts < <( - rg -No --hidden \ - --glob '!docs/**' \ - --glob '!**/*_test.go' \ - --glob '!**/node_modules/**' \ - --glob '!**/*.png' \ - --glob '!**/*.jpg' \ - --glob '!**/*.jpeg' \ - --glob '!**/*.gif' \ - --glob '!**/*.svg' \ - --glob '!**/*.webp' \ - 'https?://[^"\047 )\]]+' \ - cmd pkg sdk scripts .github/workflows config.example.yaml README.md README_CN.md 2>/dev/null \ - | awk -F'://' '{print $2}' \ - | cut -d/ -f1 \ - | cut -d: -f1 \ - | tr '[:upper:]' '[:lower:]' \ - | sort -u -) - -unknown=() -for host in "${discovered_hosts[@]}"; do - [[ -z "${host}" ]] && continue - [[ "${host}" == *"%"* ]] && continue - [[ "${host}" == *"{"* ]] && continue - [[ "${host}" == "localhost" || "${host}" == "127.0.0.1" || "${host}" == "0.0.0.0" ]] && continue - [[ "${host}" == "example.com" || "${host}" == "www.example.com" ]] && continue - [[ "${host}" == "proxy.com" || "${host}" == "proxy.local" ]] && continue - [[ "${host}" == "api.example.com" ]] && continue - if ! matches_policy "${host}"; then - unknown+=("${host}") - fi -done - -if [[ "${#unknown[@]}" -ne 0 ]]; then - echo "Found external hosts not in ${policy_file}:" - printf ' - %s\n' "${unknown[@]}" - exit 1 -fi - -echo "external endpoint policy check passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/check-distributed-critical-paths.sh b/.worktrees/config/m/config-build/active/.github/scripts/check-distributed-critical-paths.sh deleted file mode 100755 index 3e603faf49..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/check-distributed-critical-paths.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -echo "[distributed-critical-paths] validating filesystem-sensitive paths" -go test -count=1 -run '^(TestMultiSourceSecret_FileHandling|TestMultiSourceSecret_CacheBehavior|TestMultiSourceSecret_Concurrency|TestAmpModule_OnConfigUpdated_CacheInvalidation)$' ./pkg/llmproxy/api/modules/amp - -echo "[distributed-critical-paths] validating ops endpoint route registration" -go test -count=1 -run '^TestRegisterManagementRoutes$' ./pkg/llmproxy/api/modules/amp - -echo "[distributed-critical-paths] validating compute/cache-sensitive paths" -go test -count=1 -run '^(TestEnsureCacheControl|TestCacheControlOrder|TestCountOpenAIChatTokens|TestCountClaudeChatTokens)$' ./pkg/llmproxy/runtime/executor - -echo "[distributed-critical-paths] validating queue telemetry to provider metrics path" -go test -count=1 -run '^TestBuildProviderMetricsFromSnapshot_FailoverAndQueueTelemetry$' ./pkg/llmproxy/usage - -echo "[distributed-critical-paths] validating signature cache primitives" -go test -count=1 -run '^(TestCacheSignature_BasicStorageAndRetrieval|TestCacheSignature_ExpirationLogic)$' ./pkg/llmproxy/cache - -echo "[distributed-critical-paths] all targeted checks passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/check-docs-secret-samples.sh b/.worktrees/config/m/config-build/active/.github/scripts/check-docs-secret-samples.sh deleted file mode 100755 index 95d6b0ac81..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/check-docs-secret-samples.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -patterns=( - 'sk-[A-Za-z0-9]{20,}' - 'ghp_[A-Za-z0-9]{20,}' - 'AKIA[0-9A-Z]{16}' - 'AIza[0-9A-Za-z_-]{20,}' - '-----BEGIN (RSA|OPENSSH|EC|DSA|PRIVATE) KEY-----' -) - -allowed_context='\$\{|\{\{.*\}\}|<[^>]+>|\[REDACTED|your[_-]?|example|dummy|sample|placeholder' - -tmp_hits="$(mktemp)" -trap 'rm -f "${tmp_hits}"' EXIT - -for pattern in "${patterns[@]}"; do - rg -n --pcre2 --hidden \ - --glob '!docs/node_modules/**' \ - --glob '!**/*.min.*' \ - --glob '!**/*.svg' \ - --glob '!**/*.png' \ - --glob '!**/*.jpg' \ - --glob '!**/*.jpeg' \ - --glob '!**/*.gif' \ - --glob '!**/*.webp' \ - --glob '!**/*.pdf' \ - --glob '!**/*.lock' \ - --glob '!**/*.snap' \ - -e "${pattern}" docs README.md README_CN.md examples >> "${tmp_hits}" || true -done - -if [[ ! -s "${tmp_hits}" ]]; then - echo "docs secret sample check passed" - exit 0 -fi - -violations=0 -while IFS= read -r hit; do - line_content="${hit#*:*:}" - if printf '%s' "${line_content}" | rg -qi "${allowed_context}"; then - continue - fi - echo "Potential secret detected: ${hit}" - violations=1 -done < "${tmp_hits}" - -if [[ "${violations}" -ne 0 ]]; then - echo "Secret sample check failed. Replace with placeholders or redact." - exit 1 -fi - -echo "docs secret sample check passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/check-open-items-fragmented-parity.sh b/.worktrees/config/m/config-build/active/.github/scripts/check-open-items-fragmented-parity.sh deleted file mode 100755 index e7e947f212..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/check-open-items-fragmented-parity.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -report="${REPORT_PATH:-docs/reports/fragemented/OPEN_ITEMS_VALIDATION_2026-02-22.md}" -if [[ ! -f "$report" ]]; then - echo "[FAIL] Missing report: $report" - exit 1 -fi - -section="$(awk ' - BEGIN { in_issue=0 } - /^- Issue #258/ { in_issue=1 } - in_issue { - if ($0 ~ /^- (Issue|PR) #[0-9]+/ && $0 !~ /^- Issue #258/) { - exit - } - print - } -' "$report")" - -if [[ -z "$section" ]]; then - echo "[FAIL] $report missing Issue #258 section." - exit 1 -fi - -status_line="$(echo "$section" | awk 'BEGIN{IGNORECASE=1} /- (Status|State):/{print; exit}')" -if [[ -z "$status_line" ]]; then - echo "[FAIL] $report missing explicit status line for #258 (expected '- Status:' or '- State:')." - exit 1 -fi - -status_lower="$(echo "$status_line" | tr '[:upper:]' '[:lower:]')" - -if echo "$status_lower" | rg -q "\b(partial|partially|not implemented|todo|to-do|pending|wip|in progress|open|blocked|backlog)\b"; then - echo "[FAIL] $report has non-implemented status for #258: $status_line" - exit 1 -fi - -if ! echo "$status_lower" | rg -q "\b(implemented|resolved|complete|completed|closed|done|fixed|landed|shipped)\b"; then - echo "[FAIL] $report has unrecognized completion status for #258: $status_line" - exit 1 -fi - -if ! rg -n "pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go" "$report" >/dev/null 2>&1; then - echo "[FAIL] $report missing codex variant fallback evidence path." - exit 1 -fi - -echo "[OK] fragmented open-items report parity checks passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/check-phase-doc-placeholder-tokens.sh b/.worktrees/config/m/config-build/active/.github/scripts/check-phase-doc-placeholder-tokens.sh deleted file mode 100755 index 9068b3f9d5..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/check-phase-doc-placeholder-tokens.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" -cd "$ROOT" - -# Guard against unresolved generator placeholders in planning reports. -# Allow natural-language "undefined" mentions; block explicit malformed token patterns. -PATTERN='undefinedBKM-[A-Za-z0-9_-]+|undefined[A-Z0-9_-]+undefined' - -if rg -n --pcre2 "$PATTERN" docs/planning/reports -g '*.md'; then - echo "[FAIL] unresolved placeholder-like tokens detected in docs/planning/reports" - exit 1 -fi - -echo "[OK] no unresolved placeholder-like tokens in docs/planning/reports" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/check-workflow-token-permissions.sh b/.worktrees/config/m/config-build/active/.github/scripts/check-workflow-token-permissions.sh deleted file mode 100755 index 41f3525cc2..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/check-workflow-token-permissions.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -violations=0 -allowed_write_keys='security-events|id-token|pages' - -for workflow in .github/workflows/*.yml .github/workflows/*.yaml; do - [[ -f "${workflow}" ]] || continue - - if rg -n '^permissions:\s*write-all\s*$' "${workflow}" >/dev/null; then - echo "${workflow}: uses permissions: write-all" - violations=1 - fi - - if rg -n '^on:' "${workflow}" >/dev/null && rg -n 'pull_request:' "${workflow}" >/dev/null; then - while IFS= read -r line; do - key="$(printf '%s' "${line}" | sed -E 's/^[0-9]+:\s*([a-zA-Z-]+):\s*write\s*$/\1/')" - if [[ "${key}" != "${line}" ]] && ! printf '%s' "${key}" | grep -Eq "^(${allowed_write_keys})$"; then - echo "${workflow}: pull_request workflow grants '${key}: write'" - violations=1 - fi - done < <(rg -n '^\s*[a-zA-Z-]+:\s*write\s*$' "${workflow}") - fi -done - -if [[ "${violations}" -ne 0 ]]; then - echo "workflow token permission check failed" - exit 1 -fi - -echo "workflow token permission check passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/release-lint.sh b/.worktrees/config/m/config-build/active/.github/scripts/release-lint.sh deleted file mode 100755 index 7509adea7e..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/release-lint.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" -cd "$REPO_ROOT" - -echo "==> release-lint: config example and compatibility tests" -go test ./pkg/llmproxy/config -run 'TestLoadConfig|TestMigrateOAuthModelAlias|TestConfig_Validate' - -if ! command -v python3 >/dev/null 2>&1; then - echo "[SKIP] python3 not available for markdown snippet parsing" - exit 0 -fi - -echo "==> release-lint: markdown yaml/json snippet parse" -python3 - "$@" <<'PY' -import re -import sys -from pathlib import Path - -import json -import yaml - - -repo_root = Path.cwd() -docs_root = repo_root / "docs" -md_roots = [repo_root / "README.md", repo_root / "README_CN.md", docs_root] -skip_markers = [ - "${", - "{{", - " list[Path]: - files: list[Path] = [] - for path in md_roots: - if path.is_file(): - files.append(path) - if docs_root.is_dir(): - files.extend(sorted(p for p in docs_root.rglob("*.md") if p.is_file())) - return files - - -def should_skip(text: str) -> bool: - return any(marker in text for marker in skip_markers) or "${" in text - - -def is_parseable_json(block: str) -> bool: - stripped = [] - for line in block.splitlines(): - line = line.strip() - if not line or line.startswith("//"): - continue - stripped.append(line) - payload = "\n".join(stripped) - payload = re.sub(r",\s*([}\]])", r"\1", payload) - json.loads(payload) - return True - - -def is_parseable_yaml(block: str) -> bool: - yaml.safe_load(block) - return True - - -failed: list[str] = [] -for file in gather_files(): - text = file.read_text(encoding="utf-8", errors="replace") - for match in fence_pattern.finditer(text): - lang = match.group(1).lower() - snippet = match.group(2).strip() - if not snippet: - continue - parser = supported_languages.get(lang) - if not parser: - continue - if should_skip(snippet): - continue - try: - if parser == "json": - is_parseable_json(snippet) - else: - is_parseable_yaml(snippet) - except Exception as error: - failed.append(f"{file}:{match.start(0)}::{lang}::{error}") - -if failed: - print("release-lint: markdown snippet parse failed:") - for item in failed: - print(f"- {item}") - sys.exit(1) - -print("release-lint: markdown snippet parse passed") -PY diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-lane-f2-cpb-0691-0700.sh b/.worktrees/config/m/config-build/active/.github/scripts/tests/check-lane-f2-cpb-0691-0700.sh deleted file mode 100755 index 97898a8b4c..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-lane-f2-cpb-0691-0700.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../.." && pwd)" -REPORT="${ROOT_DIR}/docs/planning/reports/issue-wave-cpb-0691-0700-lane-f2-implementation-2026-02-23.md" -QUICKSTARTS="${ROOT_DIR}/docs/provider-quickstarts.md" - -# Files exist -[ -f "${REPORT}" ] -[ -f "${QUICKSTARTS}" ] - -# Tracker coverage for all 10 items -for id in 0691 0692 0693 0694 0695 0696 0697 0698 0699 0700; do - rg -n "CPB-${id}" "${REPORT}" >/dev/null - rg -n "CPB-${id}" docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.csv >/dev/null -done - -# Docs coverage anchors -rg -n "Copilot Unlimited Mode Compatibility" "${QUICKSTARTS}" >/dev/null -rg -n "OpenAI->Anthropic Event Ordering Guard" "${QUICKSTARTS}" >/dev/null -rg -n "Gemini Long-Output 429 Observability" "${QUICKSTARTS}" >/dev/null -rg -n "Global Alias \+ Model Capability Safety" "${QUICKSTARTS}" >/dev/null -rg -n "Load-Balance Naming \+ Distribution Check" "${QUICKSTARTS}" >/dev/null - -# Focused regression signal -( cd "${ROOT_DIR}" && go test ./pkg/llmproxy/translator/openai/claude -run 'TestEnsureMessageStartBeforeContentBlocks' -count=1 ) - -echo "lane-f2-cpb-0691-0700: PASS" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-open-items-fragmented-parity-test.sh b/.worktrees/config/m/config-build/active/.github/scripts/tests/check-open-items-fragmented-parity-test.sh deleted file mode 100755 index 48d796283d..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-open-items-fragmented-parity-test.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -script_under_test="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/check-open-items-fragmented-parity.sh" - -run_case() { - local label="$1" - local expect_exit="$2" - local expected_text="$3" - local report_file="$4" - - local output status - output="" - status=0 - - set +e - output="$(REPORT_PATH="$report_file" "$script_under_test" 2>&1)" - status=$? - set -e - - printf '===== %s =====\n' "$label" - echo "$output" - - if [[ "$status" -ne "$expect_exit" ]]; then - echo "[FAIL] $label: expected exit $expect_exit, got $status" - exit 1 - fi - - if ! echo "$output" | rg -q "$expected_text"; then - echo "[FAIL] $label: expected output to contain '$expected_text'" - exit 1 - fi -} - -make_report() { - local file="$1" - local status_line="$2" - - cat >"$file" </dev/null; then - echo "[FAIL] missing CPB-${id} section in report" - exit 1 - fi - if ! rg -n "^CPB-${id},.*implemented-wave80-lane-j" "$BOARD1000" >/dev/null; then - echo "[FAIL] CPB-${id} missing implemented marker in 1000-board" - exit 1 - fi - if ! rg -n "CP2K-${id}.*implemented-wave80-lane-j" "$BOARD2000" >/dev/null; then - echo "[FAIL] CP2K-${id} missing implemented marker in 2000-board" - exit 1 - fi -done - -implemented_count="$(rg -n 'Status: `implemented`' "$REPORT" | wc -l | tr -d ' ')" -if [[ "$implemented_count" -lt 10 ]]; then - echo "[FAIL] expected at least 10 implemented statuses, got $implemented_count" - exit 1 -fi - -if ! rg -n 'Lane-D Validation Checklist \(Implemented\)' "$REPORT" >/dev/null; then - echo "[FAIL] missing lane validation checklist" - exit 1 -fi - -echo "[OK] wave80 lane-d CPB-0556..0560 + CPB-0606..0610 report validation passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-e-cpb-0581-0590.sh b/.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-e-cpb-0581-0590.sh deleted file mode 100755 index e5651768ff..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-e-cpb-0581-0590.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -REPORT="docs/planning/reports/issue-wave-cpb-0581-0590-lane-e-implementation-2026-02-23.md" -BOARD1000="docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.csv" -BOARD2000="docs/planning/CLIPROXYAPI_2000_ITEM_EXECUTION_BOARD_2026-02-22.csv" - -if [[ ! -f "$REPORT" ]]; then - echo "[FAIL] missing report: $REPORT" - exit 1 -fi - -for id in 0581 0582 0583 0584 0585 0586 0587 0588 0589 0590; do - if ! rg -n "CPB-${id}" "$REPORT" >/dev/null; then - echo "[FAIL] missing CPB-${id} section in report" - exit 1 - fi - if ! rg -n "^CPB-${id},.*implemented-wave80-lane-j" "$BOARD1000" >/dev/null; then - echo "[FAIL] CPB-${id} missing implemented marker in 1000-board" - exit 1 - fi - if ! rg -n "CP2K-${id}.*implemented-wave80-lane-j" "$BOARD2000" >/dev/null; then - echo "[FAIL] CP2K-${id} missing implemented marker in 2000-board" - exit 1 - fi -done - -implemented_count="$(rg -n 'Status: `implemented`' "$REPORT" | wc -l | tr -d ' ')" -if [[ "$implemented_count" -lt 10 ]]; then - echo "[FAIL] expected at least 10 implemented statuses, got $implemented_count" - exit 1 -fi - -if ! rg -n 'Lane-E Validation Checklist \(Implemented\)' "$REPORT" >/dev/null; then - echo "[FAIL] missing lane validation checklist" - exit 1 -fi - -echo "[OK] wave80 lane-e CPB-0581..0590 validation passed" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-f-cpb-0546-0555.sh b/.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-f-cpb-0546-0555.sh deleted file mode 100755 index 89823c6a90..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/check-wave80-lane-f-cpb-0546-0555.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../.." && pwd)" -REPORT="${ROOT_DIR}/docs/planning/reports/issue-wave-cpb-0546-0555-lane-f-implementation-2026-02-23.md" -QUICKSTARTS="${ROOT_DIR}/docs/provider-quickstarts.md" -OPERATIONS="${ROOT_DIR}/docs/provider-operations.md" -BOARD1000="${ROOT_DIR}/docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.csv" - -test -f "${REPORT}" -test -f "${QUICKSTARTS}" -test -f "${OPERATIONS}" -test -f "${BOARD1000}" - -for id in 0546 0547 0548 0549 0550 0551 0552 0553 0554 0555; do - rg -n "^CPB-${id}," "${BOARD1000}" >/dev/null - rg -n "CPB-${id}" "${REPORT}" >/dev/null -done - -rg -n "Homebrew install" "${QUICKSTARTS}" >/dev/null -rg -n "embeddings.*OpenAI-compatible path" "${QUICKSTARTS}" >/dev/null -rg -n "Gemini model-list parity" "${QUICKSTARTS}" >/dev/null -rg -n "Codex.*triage.*provider-agnostic" "${QUICKSTARTS}" >/dev/null - -rg -n "Windows duplicate auth-file display safeguards" "${OPERATIONS}" >/dev/null -rg -n "Metadata naming conventions for provider quota/refresh commands" "${OPERATIONS}" >/dev/null -rg -n "TrueNAS Apprise notification DX checks" "${OPERATIONS}" >/dev/null - -echo "lane-f-cpb-0546-0555: PASS" diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-missing-status.md b/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-missing-status.md deleted file mode 100644 index 11d9da54e4..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-missing-status.md +++ /dev/null @@ -1,7 +0,0 @@ -# Open Items Validation - -- Issue #258 `Support variant fallback for reasoning_effort in codex models` - - Notes: this issue is implemented, but status mapping is missing. - -## Evidence -- `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:56` diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-status-partial.md b/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-status-partial.md deleted file mode 100644 index 52c3a756eb..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/fail-status-partial.md +++ /dev/null @@ -1,9 +0,0 @@ -# Open Items Validation - -- Issue #258 `Support variant fallback for reasoning_effort in codex models` - - Status: partial - - This block also says implemented in free text, but status should govern. - - implemented keyword should not override status mapping. - -## Evidence -- `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:56` diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-hash-status-done.md b/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-hash-status-done.md deleted file mode 100644 index 22d0adc04f..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-hash-status-done.md +++ /dev/null @@ -1,11 +0,0 @@ -# Open Items Validation - -- Issue #258 `Support variant fallback for reasoning_effort in codex models` - - #status: done - - Notes: no drift. - -- Issue #259 `Normalize Codex schema handling` - - Status: partial - -## Evidence -- `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:56` diff --git a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-status-implemented.md b/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-status-implemented.md deleted file mode 100644 index f182125b53..0000000000 --- a/.worktrees/config/m/config-build/active/.github/scripts/tests/fixtures/open-items-parity/pass-status-implemented.md +++ /dev/null @@ -1,9 +0,0 @@ -# Open Items Validation - -## Already Implemented -- Issue #258 `Support variant fallback for reasoning_effort in codex models` - - Status: Implemented on current `main`. - - Notes: tracked with evidence below. - -## Evidence -- `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:56` diff --git a/.worktrees/config/m/config-build/active/.github/workflows/ci-rerun-flaky.yml b/.worktrees/config/m/config-build/active/.github/workflows/ci-rerun-flaky.yml deleted file mode 100644 index 9e82e2aadd..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/ci-rerun-flaky.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: ci-rerun-flaky - -on: - pull_request_target: - types: - - labeled - -permissions: - actions: write - contents: read - pull-requests: write - -jobs: - rerun-failed-jobs: - name: rerun-failed-jobs - if: github.event.label.name == 'ci:rerun-flaky' - runs-on: ubuntu-latest - steps: - - name: Rerun failed CI jobs and remove rerun label - uses: actions/github-script@v7 - with: - script: | - const label = 'ci:rerun-flaky'; - const { owner, repo } = context.repo; - const pr = context.payload.pull_request; - const headSha = pr.head.sha; - - const workflows = [ - 'pr-test-build.yml', - 'pr-path-guard.yml', - ]; - - let rerunCount = 0; - for (const workflow_id of workflows) { - const runsResp = await github.rest.actions.listWorkflowRuns({ - owner, - repo, - workflow_id, - event: 'pull_request', - head_sha: headSha, - per_page: 1, - }); - - const run = runsResp.data.workflow_runs[0]; - if (!run) { - core.info(`No run found for ${workflow_id} at ${headSha}`); - continue; - } - - if (run.status !== 'completed') { - core.info(`Run ${run.id} for ${workflow_id} is still ${run.status}; skipping rerun.`); - continue; - } - - if (run.conclusion === 'success') { - core.info(`Run ${run.id} for ${workflow_id} is already successful; skipping.`); - continue; - } - - try { - await github.request('POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs', { - owner, - repo, - run_id: run.id, - }); - rerunCount += 1; - core.notice(`Triggered rerun of failed jobs for run ${run.id} (${workflow_id}).`); - } catch (error) { - core.warning(`Failed to trigger rerun for run ${run.id} (${workflow_id}): ${error.message}`); - } - } - - try { - await github.rest.issues.removeLabel({ - owner, - repo, - issue_number: pr.number, - name: label, - }); - core.notice(`Removed label '${label}' from PR #${pr.number}.`); - } catch (error) { - if (error.status === 404) { - core.info(`Label '${label}' was already removed from PR #${pr.number}.`); - } else { - throw error; - } - } - - if (rerunCount === 0) { - core.notice('No failed CI runs were eligible for rerun.'); - } diff --git a/.worktrees/config/m/config-build/active/.github/workflows/codeql.yml b/.worktrees/config/m/config-build/active/.github/workflows/codeql.yml deleted file mode 100644 index 855c47f783..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/codeql.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: codeql - -on: - pull_request: - push: - branches: - - main - schedule: - - cron: '0 6 * * 1' - -permissions: - actions: read - contents: read - security-events: write - -jobs: - analyze: - name: Analyze (Go) - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - language: [go] - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: ${{ matrix.language }} - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - cache: true - - name: Build - run: go build ./... - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 diff --git a/.worktrees/config/m/config-build/active/.github/workflows/docker-image.yml b/.worktrees/config/m/config-build/active/.github/workflows/docker-image.yml deleted file mode 100644 index 7609a68b9b..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/docker-image.yml +++ /dev/null @@ -1,140 +0,0 @@ -name: docker-image - -on: - workflow_dispatch: - push: - tags: - - v* - -env: - APP_NAME: CLIProxyAPI - DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_USERNAME }}/cli-proxy-api-plus - -jobs: - docker_amd64: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Generate Build Metadata - run: | - echo VERSION=`git describe --tags --always --dirty` >> $GITHUB_ENV - echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV - echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV - - name: Build and push (amd64) - uses: docker/build-push-action@v6 - with: - context: . - platforms: linux/amd64 - push: true - build-args: | - VERSION=${{ env.VERSION }} - COMMIT=${{ env.COMMIT }} - BUILD_DATE=${{ env.BUILD_DATE }} - tags: | - ${{ env.DOCKERHUB_REPO }}:latest-amd64 - ${{ env.DOCKERHUB_REPO }}:${{ env.VERSION }}-amd64 - - docker_arm64: - runs-on: ubuntu-24.04-arm - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Generate Build Metadata - run: | - echo VERSION=`git describe --tags --always --dirty` >> $GITHUB_ENV - echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV - echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV - - name: Build and push (arm64) - uses: docker/build-push-action@v6 - with: - context: . - platforms: linux/arm64 - push: true - build-args: | - VERSION=${{ env.VERSION }} - COMMIT=${{ env.COMMIT }} - BUILD_DATE=${{ env.BUILD_DATE }} - tags: | - ${{ env.DOCKERHUB_REPO }}:latest-arm64 - ${{ env.DOCKERHUB_REPO }}:${{ env.VERSION }}-arm64 - - docker_manifest: - runs-on: ubuntu-latest - needs: - - docker_amd64 - - docker_arm64 - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Generate Build Metadata - run: | - echo VERSION=`git describe --tags --always --dirty` >> $GITHUB_ENV - echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV - echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV - - name: Create and push multi-arch manifests - run: | - docker buildx imagetools create \ - --tag "${DOCKERHUB_REPO}:latest" \ - "${DOCKERHUB_REPO}:latest-amd64" \ - "${DOCKERHUB_REPO}:latest-arm64" - docker buildx imagetools create \ - --tag "${DOCKERHUB_REPO}:${VERSION}" \ - "${DOCKERHUB_REPO}:${VERSION}-amd64" \ - "${DOCKERHUB_REPO}:${VERSION}-arm64" - - name: Cleanup temporary tags - continue-on-error: true - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - run: | - set -euo pipefail - namespace="${DOCKERHUB_REPO%%/*}" - repo_name="${DOCKERHUB_REPO#*/}" - - token="$( - curl -fsSL \ - -H 'Content-Type: application/json' \ - -d "{\"username\":\"${DOCKERHUB_USERNAME}\",\"password\":\"${DOCKERHUB_TOKEN}\"}" \ - 'https://hub.docker.com/v2/users/login/' \ - | python3 -c 'import json,sys; print(json.load(sys.stdin)["token"])' - )" - - delete_tag() { - local tag="$1" - local url="https://hub.docker.com/v2/repositories/${namespace}/${repo_name}/tags/${tag}/" - local http_code - http_code="$(curl -sS -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: JWT ${token}" "${url}" || true)" - if [ "${http_code}" = "204" ] || [ "${http_code}" = "404" ]; then - echo "Docker Hub tag removed (or missing): ${DOCKERHUB_REPO}:${tag} (HTTP ${http_code})" - return 0 - fi - echo "Docker Hub tag delete failed: ${DOCKERHUB_REPO}:${tag} (HTTP ${http_code})" - return 0 - } - - delete_tag "latest-amd64" - delete_tag "latest-arm64" - delete_tag "${VERSION}-amd64" - delete_tag "${VERSION}-arm64" diff --git a/.worktrees/config/m/config-build/active/.github/workflows/generate-sdks.yaml b/.worktrees/config/m/config-build/active/.github/workflows/generate-sdks.yaml deleted file mode 100644 index 18a62ee846..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/generate-sdks.yaml +++ /dev/null @@ -1,75 +0,0 @@ -name: Generate SDKs - -on: - push: - branches: [main] - paths: - - 'api/openapi.yaml' - - 'internal/api/**/*.go' - workflow_dispatch: - -jobs: - generate-python-sdk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install OpenAPI Generator - run: | - npm install @openapitools/openapi-generator-cli -g - - - name: Generate Python SDK - run: | - openapi-generator generate \ - -i api/openapi.yaml \ - -g python \ - -o sdk/python \ - --package-name cliproxyapi \ - --additional-properties=pythonVersion==3.12,generateSourceCodeOnly=true - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 - with: - commit-message: 'chore: generate Python SDK' - title: 'chore: generate Python SDK' - body: | - Auto-generated Python SDK from OpenAPI spec. - branch: sdk/python - delete-branch: true - - generate-typescript-sdk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: '20' - - - name: Install OpenAPI Generator - run: | - npm install @openapitools/openapi-generator-cli -g - - - name: Generate TypeScript SDK - run: | - openapi-generator generate \ - -i api/openapi.yaml \ - -g typescript-fetch \ - -o sdk/typescript \ - --additional-properties=typescriptVersion=5.0,npmName=@cliproxy/api - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 - with: - commit-message: 'chore: generate TypeScript SDK' - title: 'chore: generate TypeScript SDK' - body: | - Auto-generated TypeScript SDK from OpenAPI spec. - branch: sdk/typescript - delete-branch: true diff --git a/.worktrees/config/m/config-build/active/.github/workflows/pr-path-guard.yml b/.worktrees/config/m/config-build/active/.github/workflows/pr-path-guard.yml deleted file mode 100644 index 4fe3d93881..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/pr-path-guard.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: translator-path-guard - -on: - pull_request: - types: - - opened - - synchronize - - reopened - -jobs: - ensure-no-translator-changes: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Detect internal/translator changes - id: changed-files - uses: tj-actions/changed-files@v45 - with: - files: | - internal/translator/** - - name: Fail when restricted paths change - if: steps.changed-files.outputs.any_changed == 'true' - run: | - echo "Changes under internal/translator are not allowed in pull requests." - echo "You need to create an issue for our maintenance team to make the necessary changes." - exit 1 diff --git a/.worktrees/config/m/config-build/active/.github/workflows/pr-test-build.yml b/.worktrees/config/m/config-build/active/.github/workflows/pr-test-build.yml deleted file mode 100644 index 477ff0498e..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/pr-test-build.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: pr-test-build - -on: - pull_request: - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - cache: true - - name: Build - run: | - go build -o test-output ./cmd/server - rm -f test-output diff --git a/.worktrees/config/m/config-build/active/.github/workflows/release-batch.yaml b/.worktrees/config/m/config-build/active/.github/workflows/release-batch.yaml deleted file mode 100644 index d5fe153c72..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/release-batch.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: release-batch - -on: - push: - branches: - - main - -permissions: - contents: write - -concurrency: - group: release-batch-${{ github.ref }} - cancel-in-progress: false - -jobs: - release-batch: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - run: git fetch --force --tags - - uses: actions/setup-go@v5 - with: - go-version: ">=1.26.0" - cache: true - - name: Configure git - run: | - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - - name: Create and publish next batch release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: go run ./cmd/releasebatch --mode create --target main diff --git a/.worktrees/config/m/config-build/active/.github/workflows/release.yaml b/.worktrees/config/m/config-build/active/.github/workflows/release.yaml deleted file mode 100644 index 04ec21a9a5..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/release.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: goreleaser - -on: - push: - # run only against tags - tags: - - '*' - -permissions: - contents: write - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - run: git fetch --force --tags - - uses: actions/setup-go@v4 - with: - go-version: '>=1.26.0' - cache: true - - name: Generate Build Metadata - run: | - VERSION=$(git describe --tags --always --dirty) - echo "VERSION=${VERSION}" >> $GITHUB_ENV - echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV - echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV - - uses: goreleaser/goreleaser-action@v4 - with: - distribution: goreleaser - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - VERSION: ${{ env.VERSION }} - COMMIT: ${{ env.COMMIT }} - BUILD_DATE: ${{ env.BUILD_DATE }} diff --git a/.worktrees/config/m/config-build/active/.github/workflows/required-check-names-guard.yml b/.worktrees/config/m/config-build/active/.github/workflows/required-check-names-guard.yml deleted file mode 100644 index bc9e87bcdd..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/required-check-names-guard.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: required-check-names-guard - -on: - pull_request: - workflow_dispatch: - -permissions: - contents: read - -jobs: - verify-required-check-names: - name: verify-required-check-names - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Verify required check names exist - run: | - set -euo pipefail - manifest=".github/required-checks.txt" - if [ ! -f "${manifest}" ]; then - echo "Missing manifest: ${manifest}" - exit 1 - fi - - missing=0 - while IFS='|' read -r workflow_file job_name; do - [ -z "${workflow_file}" ] && continue - case "${workflow_file}" in - \#*) continue ;; - esac - - workflow_path=".github/workflows/${workflow_file}" - if [ ! -f "${workflow_path}" ]; then - echo "Missing workflow file: ${workflow_path}" - missing=1 - continue - fi - - escaped_job_name="$(printf '%s' "${job_name}" | sed 's/[][(){}.^$*+?|\\/]/\\&/g')" - if ! grep -Eq "^[[:space:]]+name:[[:space:]]*[\"']?${escaped_job_name}[\"']?[[:space:]]*$" "${workflow_path}"; then - echo "Missing required check name '${job_name}' in ${workflow_path}" - missing=1 - fi - done < "${manifest}" - - if [ "${missing}" -ne 0 ]; then - echo "Required check name guard failed." - exit 1 - fi diff --git a/.worktrees/config/m/config-build/active/.github/workflows/vitepress-pages.yml b/.worktrees/config/m/config-build/active/.github/workflows/vitepress-pages.yml deleted file mode 100644 index 880e3a9aa8..0000000000 --- a/.worktrees/config/m/config-build/active/.github/workflows/vitepress-pages.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: VitePress Pages - -on: - push: - branches: [main] - paths: - - "docs/**" - - ".github/workflows/vitepress-pages.yml" - workflow_dispatch: - -permissions: - contents: read - pages: write - id-token: write - -concurrency: - group: cliproxy-vitepress-pages - cancel-in-progress: false - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: "20" - cache: "npm" - cache-dependency-path: docs/package.json - - - name: Setup Pages - uses: actions/configure-pages@v5 - with: - enablement: true - - - name: Install docs dependencies - working-directory: docs - run: npm install - - - name: Build VitePress site - working-directory: docs - run: npm run docs:build - - - name: Upload Pages artifact - uses: actions/upload-pages-artifact@v3 - with: - path: docs/.vitepress/dist - - deploy: - needs: build - runs-on: ubuntu-latest - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@v4 diff --git a/.worktrees/config/m/config-build/active/.gitignore b/.worktrees/config/m/config-build/active/.gitignore deleted file mode 100644 index feda9dbf43..0000000000 --- a/.worktrees/config/m/config-build/active/.gitignore +++ /dev/null @@ -1,55 +0,0 @@ -# Binaries -cli-proxy-api -cliproxy -*.exe - - -# Configuration -config.yaml -.env -.mcp.json -# Generated content -bin/* -logs/* -conv/* -temp/* -refs/* -tmp/* - -# Storage backends -pgstore/* -gitstore/* -objectstore/* - -# Static assets -static/* - -# Authentication data -auths/* -!auths/.gitkeep - -# Documentation -docs/* -AGENTS.md -CLAUDE.md -GEMINI.md - -# Tooling metadata -.vscode/* -.codex/* -.claude/* -.gemini/* -.serena/* -.agent/* -.agents/* -.agents/* -.opencode/* -.bmad/* -_bmad/* -_bmad-output/* -.mcp/cache/ - -# macOS -.DS_Store -._* -*.bak diff --git a/.worktrees/config/m/config-build/active/.golangci.yml b/.worktrees/config/m/config-build/active/.golangci.yml deleted file mode 100644 index 4c126e0cef..0000000000 --- a/.worktrees/config/m/config-build/active/.golangci.yml +++ /dev/null @@ -1,82 +0,0 @@ -# golangci-lint configuration -# https://golangci-lint.run/usage/configuration/ - -version: 2 - -run: - # Timeout for analysis - timeout: 5m - - # Include test files - tests: true - - # Which dirs to skip: issues from them won't be reported - skip-dirs: - - vendor - - third_party$ - - builtin$ - - # Which files to skip - skip-files: - - ".*\\.pb\\.go$" - -output: - # Print lines of code with issue - print-issued-lines: true - - # Print linter name in the end of issue text - print-linter-name: true - -linters: - # Enable specific linter - # https://golangci-lint.run/usage/linters/#enabled-by-default-linters - # Note: typecheck is built-in and cannot be enabled/disabled in v2 - enable: - - govet - - staticcheck - - errcheck - - ineffassign - -linters-settings: - errcheck: - # Report about not checking of errors in type assertions - check-type-assertions: false - # Report about assignment of errors to blank identifier - check-blank: false - - govet: - # Report about shadowed variables - disable: - - shadow - - staticcheck: - # Select the Go version to target - checks: ["all"] - -issues: - # List of regexps of issue texts to exclude - exclude: - - "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked" - - # Excluding configuration per-path, per-linter, per-text and per-source - exclude-rules: - # Exclude some linters from running on tests files - - path: _test\.go - linters: - - errcheck - - # Exclude known linters from partially auto-generated files - - path: .*\.pb\.go - linters: - - govet - - staticcheck - - # Maximum issues count per one linter - max-issues-per-linter: 50 - - # Maximum count of issues with the same text - max-same-issues: 3 - - # Show only new issues: if there are unstaged changes or untracked files, - # only those changes are analyzed - new: false diff --git a/.worktrees/config/m/config-build/active/.goreleaser.yml b/.worktrees/config/m/config-build/active/.goreleaser.yml deleted file mode 100644 index 6e1829ed51..0000000000 --- a/.worktrees/config/m/config-build/active/.goreleaser.yml +++ /dev/null @@ -1,39 +0,0 @@ -builds: - - id: "cli-proxy-api-plus" - env: - - CGO_ENABLED=0 - goos: - - linux - - windows - - darwin - goarch: - - amd64 - - arm64 - main: ./cmd/server/ - binary: cli-proxy-api-plus - ldflags: - - -s -w -X 'main.Version={{.Version}}-plus' -X 'main.Commit={{.ShortCommit}}' -X 'main.BuildDate={{.Date}}' -archives: - - id: "cli-proxy-api-plus" - format: tar.gz - format_overrides: - - goos: windows - format: zip - files: - - LICENSE - - README.md - - README_CN.md - - config.example.yaml - -checksum: - name_template: 'checksums.txt' - -snapshot: - name_template: "{{ incpatch .Version }}-next" - -changelog: - sort: asc - filters: - exclude: - - '^docs:' - - '^test:' diff --git a/.worktrees/config/m/config-build/active/.pre-commit-config.yaml b/.worktrees/config/m/config-build/active/.pre-commit-config.yaml deleted file mode 100644 index 18ea0308ec..0000000000 --- a/.worktrees/config/m/config-build/active/.pre-commit-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -repos: - - repo: local - hooks: - - id: quality-fmt-staged - name: quality-fmt-staged - entry: task quality:fmt-staged - language: system - pass_filenames: false - stages: [pre-commit] - - id: quality-pre-push - name: quality-pre-push - entry: task quality:pre-push - language: system - pass_filenames: false - stages: [pre-push] diff --git a/.worktrees/config/m/config-build/active/CHANGELOG.md b/.worktrees/config/m/config-build/active/CHANGELOG.md deleted file mode 100644 index 6260d449f7..0000000000 --- a/.worktrees/config/m/config-build/active/CHANGELOG.md +++ /dev/null @@ -1,24 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## [Unreleased] - -### Added - -### Changed -<<<<<<< HEAD -======= -- Support multiple aliases for a single upstream model in OAuth model alias configuration, preserving compatibility while allowing same upstream model name with distinct aliases. ->>>>>>> archive/pr-234-head-20260223 - -### Deprecated - -### Removed - -### Fixed - -### Security diff --git a/.worktrees/config/m/config-build/active/CONTRIBUTING.md b/.worktrees/config/m/config-build/active/CONTRIBUTING.md deleted file mode 100644 index 612da871d6..0000000000 --- a/.worktrees/config/m/config-build/active/CONTRIBUTING.md +++ /dev/null @@ -1,39 +0,0 @@ -# Contributing to cliproxyapi++ - -First off, thank you for considering contributing to **cliproxyapi++**! It's people like you who make this tool better for everyone. - -## Code of Conduct - -By participating in this project, you agree to abide by our [Code of Conduct](CODE_OF_CONDUCT.md) (coming soon). - -## How Can I Contribute? - -### Reporting Bugs -- Use the [Bug Report](https://github.com/KooshaPari/cliproxyapi-plusplus/issues/new?template=bug_report.md) template. -- Provide a clear and descriptive title. -- Describe the exact steps to reproduce the problem. - -### Suggesting Enhancements -- Check the [Issues](https://github.com/KooshaPari/cliproxyapi-plusplus/issues) to see if the enhancement has already been suggested. -- Use the [Feature Request](https://github.com/KooshaPari/cliproxyapi-plusplus/issues/new?template=feature_request.md) template. - -### Pull Requests -1. Fork the repo and create your branch from `main`. -2. If you've added code that should be tested, add tests. -3. If you've changed APIs, update the documentation. -4. Ensure the test suite passes (`go test ./...`). -5. Make sure your code lints (`golangci-lint run`). - -#### Which repository to use? -- **Third-party provider support**: Submit your PR directly to [KooshaPari/cliproxyapi-plusplus](https://github.com/KooshaPari/cliproxyapi-plusplus). -- **Core logic improvements**: If the change is not specific to a third-party provider, please propose it to the [mainline project](https://github.com/router-for-me/CLIProxyAPI) first. - -## Governance - -This project follows a community-driven governance model. Major architectural decisions are discussed in Issues before implementation. - -### Path Guard -We use a `pr-path-guard` to protect critical translator logic. Changes to these paths require explicit review from project maintainers to ensure security and stability. - ---- -Thank you for your contributions! diff --git a/.worktrees/config/m/config-build/active/Dockerfile b/.worktrees/config/m/config-build/active/Dockerfile deleted file mode 100644 index cde6205a81..0000000000 --- a/.worktrees/config/m/config-build/active/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM golang:1.26-alpine AS builder - -WORKDIR /app - -COPY go.mod go.sum ./ - -RUN go mod download - -COPY . . - -ARG VERSION=dev -ARG COMMIT=none -ARG BUILD_DATE=unknown - -RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w -X 'main.Version=${VERSION}-plus' -X 'main.Commit=${COMMIT}' -X 'main.BuildDate=${BUILD_DATE}'" -o ./CLIProxyAPIPlus ./cmd/server/ - -FROM alpine:3.22.0 - -RUN apk add --no-cache tzdata - -RUN mkdir /CLIProxyAPI - -COPY --from=builder ./app/CLIProxyAPIPlus /CLIProxyAPI/CLIProxyAPIPlus - -COPY config.example.yaml /CLIProxyAPI/config.example.yaml - -WORKDIR /CLIProxyAPI - -EXPOSE 8317 - -ENV TZ=Asia/Shanghai - -RUN cp /usr/share/zoneinfo/${TZ} /etc/localtime && echo "${TZ}" > /etc/timezone - -CMD ["./CLIProxyAPIPlus"] \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/LICENSE b/.worktrees/config/m/config-build/active/LICENSE deleted file mode 100644 index e3305a12a6..0000000000 --- a/.worktrees/config/m/config-build/active/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -MIT License - -Copyright (c) 2025-2005.9 Luis Pater -Copyright (c) 2025.9-present Router-For.ME - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/README.md b/.worktrees/config/m/config-build/active/README.md deleted file mode 100644 index 2d950a4c86..0000000000 --- a/.worktrees/config/m/config-build/active/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# CLIProxyAPI Plus - -English | [Chinese](README_CN.md) - -This is the Plus version of [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI), adding support for third-party providers on top of the mainline project. - -All third-party provider support is maintained by community contributors; CLIProxyAPI does not provide technical support. Please contact the corresponding community maintainer if you need assistance. - -The Plus release stays in lockstep with the mainline features. - -## Differences from the Mainline - -- Added GitHub Copilot support (OAuth login), provided by [em4go](https://github.com/em4go/CLIProxyAPI/tree/feature/github-copilot-auth) -- Added Kiro (AWS CodeWhisperer) support (OAuth login), provided by [fuko2935](https://github.com/fuko2935/CLIProxyAPI/tree/feature/kiro-integration), [Ravens2121](https://github.com/Ravens2121/CLIProxyAPIPlus/) - -## New Features (Plus Enhanced) - -- **OAuth Web Authentication**: Browser-based OAuth login for Kiro with beautiful web UI -- **Rate Limiter**: Built-in request rate limiting to prevent API abuse -- **Background Token Refresh**: Automatic token refresh 10 minutes before expiration -- **Metrics & Monitoring**: Request metrics collection for monitoring and debugging -- **Device Fingerprint**: Device fingerprint generation for enhanced security -- **Cooldown Management**: Smart cooldown mechanism for API rate limits -- **Usage Checker**: Real-time usage monitoring and quota management -- **Model Converter**: Unified model name conversion across providers -- **UTF-8 Stream Processing**: Improved streaming response handling - -## Kiro Authentication - -### Web-based OAuth Login - -Access the Kiro OAuth web interface at: - -``` -http://your-server:8080/v0/oauth/kiro -``` - -This provides a browser-based OAuth flow for Kiro (AWS CodeWhisperer) authentication with: -- AWS Builder ID login -- AWS Identity Center (IDC) login -- Token import from Kiro IDE - -## Quick Deployment with Docker - -### One-Command Deployment - -```bash -# Create deployment directory -mkdir -p ~/cli-proxy && cd ~/cli-proxy - -# Create docker-compose.yml -cat > docker-compose.yml << 'EOF' -services: - cli-proxy-api: - image: eceasy/cli-proxy-api-plus:latest - container_name: cli-proxy-api-plus - ports: - - "8317:8317" - volumes: - - ./config.yaml:/CLIProxyAPI/config.yaml - - ./auths:/root/.cli-proxy-api - - ./logs:/CLIProxyAPI/logs - restart: unless-stopped -EOF - -# Download example config -curl -o config.yaml https://raw.githubusercontent.com/router-for-me/CLIProxyAPIPlus/main/config.example.yaml - -# Pull and start -docker compose pull && docker compose up -d -``` - -### Configuration - -Edit `config.yaml` before starting: - -```yaml -# Basic configuration example -server: - port: 8317 - -# Add your provider configurations here -``` - -### Update to Latest Version - -```bash -cd ~/cli-proxy -docker compose pull && docker compose up -d -``` - -## Contributing - -This project only accepts pull requests that relate to third-party provider support. Any pull requests unrelated to third-party provider support will be rejected. - -If you need to submit any non-third-party provider changes, please open them against the [mainline](https://github.com/router-for-me/CLIProxyAPI) repository. - -## License - -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. diff --git a/.worktrees/config/m/config-build/active/README_CN.md b/.worktrees/config/m/config-build/active/README_CN.md deleted file mode 100644 index 79b5203f02..0000000000 --- a/.worktrees/config/m/config-build/active/README_CN.md +++ /dev/null @@ -1,100 +0,0 @@ -# CLIProxyAPI Plus - -[English](README.md) | 中文 - -这是 [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI) 的 Plus 版本,在原有基础上增加了第三方供应商的支持。 - -所有的第三方供应商支持都由第三方社区维护者提供,CLIProxyAPI 不提供技术支持。如需取得支持,请与对应的社区维护者联系。 - -该 Plus 版本的主线功能与主线功能强制同步。 - -## 与主线版本版本差异 - -- 新增 GitHub Copilot 支持(OAuth 登录),由[em4go](https://github.com/em4go/CLIProxyAPI/tree/feature/github-copilot-auth)提供 -- 新增 Kiro (AWS CodeWhisperer) 支持 (OAuth 登录), 由[fuko2935](https://github.com/fuko2935/CLIProxyAPI/tree/feature/kiro-integration)、[Ravens2121](https://github.com/Ravens2121/CLIProxyAPIPlus/)提供 - -## 新增功能 (Plus 增强版) - -- **OAuth Web 认证**: 基于浏览器的 Kiro OAuth 登录,提供美观的 Web UI -- **请求限流器**: 内置请求限流,防止 API 滥用 -- **后台令牌刷新**: 过期前 10 分钟自动刷新令牌 -- **监控指标**: 请求指标收集,用于监控和调试 -- **设备指纹**: 设备指纹生成,增强安全性 -- **冷却管理**: 智能冷却机制,应对 API 速率限制 -- **用量检查器**: 实时用量监控和配额管理 -- **模型转换器**: 跨供应商的统一模型名称转换 -- **UTF-8 流处理**: 改进的流式响应处理 - -## Kiro 认证 - -### 网页端 OAuth 登录 - -访问 Kiro OAuth 网页认证界面: - -``` -http://your-server:8080/v0/oauth/kiro -``` - -提供基于浏览器的 Kiro (AWS CodeWhisperer) OAuth 认证流程,支持: -- AWS Builder ID 登录 -- AWS Identity Center (IDC) 登录 -- 从 Kiro IDE 导入令牌 - -## Docker 快速部署 - -### 一键部署 - -```bash -# 创建部署目录 -mkdir -p ~/cli-proxy && cd ~/cli-proxy - -# 创建 docker-compose.yml -cat > docker-compose.yml << 'EOF' -services: - cli-proxy-api: - image: eceasy/cli-proxy-api-plus:latest - container_name: cli-proxy-api-plus - ports: - - "8317:8317" - volumes: - - ./config.yaml:/CLIProxyAPI/config.yaml - - ./auths:/root/.cli-proxy-api - - ./logs:/CLIProxyAPI/logs - restart: unless-stopped -EOF - -# 下载示例配置 -curl -o config.yaml https://raw.githubusercontent.com/router-for-me/CLIProxyAPIPlus/main/config.example.yaml - -# 拉取并启动 -docker compose pull && docker compose up -d -``` - -### 配置说明 - -启动前请编辑 `config.yaml`: - -```yaml -# 基本配置示例 -server: - port: 8317 - -# 在此添加你的供应商配置 -``` - -### 更新到最新版本 - -```bash -cd ~/cli-proxy -docker compose pull && docker compose up -d -``` - -## 贡献 - -该项目仅接受第三方供应商支持的 Pull Request。任何非第三方供应商支持的 Pull Request 都将被拒绝。 - -如果需要提交任何非第三方供应商支持的 Pull Request,请提交到[主线](https://github.com/router-for-me/CLIProxyAPI)版本。 - -## 许可证 - -此项目根据 MIT 许可证授权 - 有关详细信息,请参阅 [LICENSE](LICENSE) 文件。 \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/README_FA.md b/.worktrees/config/m/config-build/active/README_FA.md deleted file mode 100644 index 79b5203f02..0000000000 --- a/.worktrees/config/m/config-build/active/README_FA.md +++ /dev/null @@ -1,100 +0,0 @@ -# CLIProxyAPI Plus - -[English](README.md) | 中文 - -这是 [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI) 的 Plus 版本,在原有基础上增加了第三方供应商的支持。 - -所有的第三方供应商支持都由第三方社区维护者提供,CLIProxyAPI 不提供技术支持。如需取得支持,请与对应的社区维护者联系。 - -该 Plus 版本的主线功能与主线功能强制同步。 - -## 与主线版本版本差异 - -- 新增 GitHub Copilot 支持(OAuth 登录),由[em4go](https://github.com/em4go/CLIProxyAPI/tree/feature/github-copilot-auth)提供 -- 新增 Kiro (AWS CodeWhisperer) 支持 (OAuth 登录), 由[fuko2935](https://github.com/fuko2935/CLIProxyAPI/tree/feature/kiro-integration)、[Ravens2121](https://github.com/Ravens2121/CLIProxyAPIPlus/)提供 - -## 新增功能 (Plus 增强版) - -- **OAuth Web 认证**: 基于浏览器的 Kiro OAuth 登录,提供美观的 Web UI -- **请求限流器**: 内置请求限流,防止 API 滥用 -- **后台令牌刷新**: 过期前 10 分钟自动刷新令牌 -- **监控指标**: 请求指标收集,用于监控和调试 -- **设备指纹**: 设备指纹生成,增强安全性 -- **冷却管理**: 智能冷却机制,应对 API 速率限制 -- **用量检查器**: 实时用量监控和配额管理 -- **模型转换器**: 跨供应商的统一模型名称转换 -- **UTF-8 流处理**: 改进的流式响应处理 - -## Kiro 认证 - -### 网页端 OAuth 登录 - -访问 Kiro OAuth 网页认证界面: - -``` -http://your-server:8080/v0/oauth/kiro -``` - -提供基于浏览器的 Kiro (AWS CodeWhisperer) OAuth 认证流程,支持: -- AWS Builder ID 登录 -- AWS Identity Center (IDC) 登录 -- 从 Kiro IDE 导入令牌 - -## Docker 快速部署 - -### 一键部署 - -```bash -# 创建部署目录 -mkdir -p ~/cli-proxy && cd ~/cli-proxy - -# 创建 docker-compose.yml -cat > docker-compose.yml << 'EOF' -services: - cli-proxy-api: - image: eceasy/cli-proxy-api-plus:latest - container_name: cli-proxy-api-plus - ports: - - "8317:8317" - volumes: - - ./config.yaml:/CLIProxyAPI/config.yaml - - ./auths:/root/.cli-proxy-api - - ./logs:/CLIProxyAPI/logs - restart: unless-stopped -EOF - -# 下载示例配置 -curl -o config.yaml https://raw.githubusercontent.com/router-for-me/CLIProxyAPIPlus/main/config.example.yaml - -# 拉取并启动 -docker compose pull && docker compose up -d -``` - -### 配置说明 - -启动前请编辑 `config.yaml`: - -```yaml -# 基本配置示例 -server: - port: 8317 - -# 在此添加你的供应商配置 -``` - -### 更新到最新版本 - -```bash -cd ~/cli-proxy -docker compose pull && docker compose up -d -``` - -## 贡献 - -该项目仅接受第三方供应商支持的 Pull Request。任何非第三方供应商支持的 Pull Request 都将被拒绝。 - -如果需要提交任何非第三方供应商支持的 Pull Request,请提交到[主线](https://github.com/router-for-me/CLIProxyAPI)版本。 - -## 许可证 - -此项目根据 MIT 许可证授权 - 有关详细信息,请参阅 [LICENSE](LICENSE) 文件。 \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/SECURITY.md b/.worktrees/config/m/config-build/active/SECURITY.md deleted file mode 100644 index 7f8630ef7a..0000000000 --- a/.worktrees/config/m/config-build/active/SECURITY.md +++ /dev/null @@ -1,35 +0,0 @@ -# Security Policy - -## Supported Versions - -| Version | Supported | -| ------- | ------------------ | -| 6.0.x | :white_check_mark: | -| < 6.0 | :x: | - -## Reporting a Vulnerability - -We take the security of **cliproxyapi++** seriously. If you discover a security vulnerability, please do NOT open a public issue. Instead, report it privately. - -Please report any security concerns directly to the maintainers at [kooshapari@gmail.com](mailto:kooshapari@gmail.com) (assuming this as the email for KooshaPari). - -### What to include -- A detailed description of the vulnerability. -- Steps to reproduce (proof of concept). -- Potential impact. -- Any suggested fixes or mitigations. - -We will acknowledge your report within 48 hours and provide a timeline for resolution. - -## Hardening Measures - -**cliproxyapi++** incorporates several security-hardening features: - -- **Minimal Docker Images**: Based on Alpine Linux to reduce attack surface. -- **Path Guard**: GitHub Actions that monitor and protect critical translation and core logic files. -- **Rate Limiting**: Built-in mechanisms to prevent DoS attacks. -- **Device Fingerprinting**: Enhanced authentication security using device-specific metadata. -- **Dependency Scanning**: Automatic scanning for vulnerable Go modules. - ---- -Thank you for helping keep the community secure! diff --git a/.worktrees/config/m/config-build/active/Taskfile.yml b/.worktrees/config/m/config-build/active/Taskfile.yml deleted file mode 100644 index 3f944473e4..0000000000 --- a/.worktrees/config/m/config-build/active/Taskfile.yml +++ /dev/null @@ -1,512 +0,0 @@ -# Taskfile for cliproxyapi++ -# Unified DX for building, testing, and managing the proxy. - -version: '3' - -vars: - BINARY_NAME: cliproxyapi++ - DOCKER_IMAGE: kooshapari/cliproxyapi-plusplus - TEST_REPORT_DIR: target - QUALITY_PACKAGES: '{{default "./..." .QUALITY_PACKAGES}}' - GO_FILES: - sh: find . -name "*.go" | grep -v "vendor" - -tasks: - default: - cmds: - - task --list - silent: true - - check: - desc: "Canonical full-project check" - cmds: - - task: quality - - release:prep: - desc: "Canonical release preparation checks" - cmds: - - task: changelog:check - - task: quality:release-lint - - task: quality:ci - - # -- Build & Run -- - build: - desc: "Build the cliproxyapi++ binary" - cmds: - - go build -o {{.BINARY_NAME}} ./cmd/server - sources: - - "**/*.go" - - "go.mod" - - "go.sum" - generates: - - "{{.BINARY_NAME}}" - - run: - desc: "Run the proxy locally with default config" - deps: [build] - cmds: - - ./{{.BINARY_NAME}} --config config.example.yaml - - preflight: - desc: "Fail fast if required tooling is missing" - cmds: - - | - command -v go >/dev/null 2>&1 || { echo "[FAIL] go is required"; exit 1; } - command -v task >/dev/null 2>&1 || { echo "[FAIL] task is required"; exit 1; } - command -v git >/dev/null 2>&1 || { echo "[FAIL] git is required"; exit 1; } - if [ -f Makefile ]; then - command -v make >/dev/null 2>&1 || { echo "[FAIL] make is required for Makefile-based checks"; exit 1; } - make -n >/dev/null 2>&1 || { echo "[FAIL] make -n failed; check Makefile syntax/targets"; exit 1; } - else - echo "[INFO] Makefile not present; skipping make checks" - fi - task -l >/dev/null 2>&1 || { echo "[FAIL] task -l failed"; exit 1; } - go version >/dev/null - echo "[OK] preflight checks passed" - - cache:unlock: - desc: "Clear stale Go module lock files that can block parallel test workers" - cmds: - - | - modcache="$(go env GOMODCACHE)" - if [ -z "$modcache" ]; then - echo "[SKIP] GOMODCACHE unavailable" - exit 0 - fi - find "$modcache" -type f -name '*.lock' -delete 2>/dev/null || true - echo "[OK] Removed stale lock files from: $modcache" - - test:unit: - desc: "Run unit-tagged tests only" - deps: [preflight, cache:unlock] - cmds: - - go test -tags unit ./... {{.CLI_ARGS}} - - test:integration: - desc: "Run integration-tagged tests only" - deps: [preflight, cache:unlock] - cmds: - - go test -tags integration ./... {{.CLI_ARGS}} - - test:baseline: - desc: "Run full test suite and persist JSON + text baseline artifacts" - cmds: - - mkdir -p {{.TEST_REPORT_DIR}} - - go test -json ./... > "{{.TEST_REPORT_DIR}}/test-baseline.json" - - go test ./... > "{{.TEST_REPORT_DIR}}/test-baseline.txt" - - changelog:check: - desc: "Verify CHANGELOG.md contains an Unreleased heading" - cmds: - - rg -q '^## \[Unreleased\]' CHANGELOG.md - - # -- Testing & Quality -- - test: - desc: "Run all Go tests" - deps: [preflight, cache:unlock] - cmds: - - go test -v ./... - - quality:fmt: - desc: "Auto format Go source files with gofmt" - cmds: - - | - mapfile -t go_files < <(find . -name "*.go" -type f -not -path "./vendor/*") - if [ "${#go_files[@]}" -eq 0 ]; then - echo "[SKIP] No Go files found for formatting." - exit 0 - fi - gofmt -w "${go_files[@]}" - echo "[OK] Formatted ${#go_files[@]} Go files." - - quality:fmt:check: - desc: "Check Go formatting" - cmds: - - | - mapfile -t go_files < <(find . -name "*.go" -type f -not -path "./vendor/*") - if [ "${#go_files[@]}" -eq 0 ]; then - echo "[SKIP] No Go files found for formatting check." - exit 0 - fi - unformatted="$(gofmt -l "${go_files[@]}")" - if [ -n "${unformatted}" ]; then - echo "Unformatted Go files:" - echo "${unformatted}" - exit 1 - fi - echo "[OK] Go formatting is clean." - - quality:fmt-staged: - desc: "Format and lint staged files only" - cmds: - - | - mapfile -t go_files < <(git diff --cached --name-only --diff-filter=ACMR -- '*.go') - if [ "${#go_files[@]}" -eq 0 ]; then - echo "[SKIP] No staged Go files to format/lint." - exit 0 - fi - gofmt -w "${go_files[@]}" - if ! command -v golangci-lint >/dev/null 2>&1; then - echo "[WARN] golangci-lint not found; skipping lint on staged files." - exit 0 - fi - golangci-lint run --new-from-rev=HEAD --verbose - echo "[OK] Staged gofmt + lint complete." - - quality:fmt-staged:check: - desc: "Check formatting and lint staged/diff files only" - cmds: - - | - if [ -n "${QUALITY_DIFF_RANGE:-}" ]; then - mapfile -t go_files < <(git diff --name-only --diff-filter=ACMR "$QUALITY_DIFF_RANGE" -- '*.go' | sort -u) - else - mapfile -t go_files < <(git diff --cached --name-only --diff-filter=ACMR -- '*.go') - fi - if [ "${#go_files[@]}" -eq 0 ]; then - echo "[SKIP] No staged or diff Go files to check." - exit 0 - fi - unformatted="$(gofmt -l "${go_files[@]}")" - if [ -n "${unformatted}" ]; then - echo "Unformatted Go files:" - echo "${unformatted}" - exit 1 - fi - if ! command -v golangci-lint >/dev/null 2>&1; then - echo "[WARN] golangci-lint not found; skipping lint on changed files." - exit 0 - fi - golangci-lint run "${go_files[@]}" - echo "[OK] Format + lint check complete for staged/diff Go files." - - quality:parent-sibling: - desc: "Optionally run sibling cliproxy project quality gates when in a monorepo" - cmds: - - | - if [ "${QUALITY_WITH_PARENT_CLIPROXY:-1}" = "0" ]; then - echo "[SKIP] quality:parent-sibling (QUALITY_WITH_PARENT_CLIPROXY=0)" - exit 0 - fi - - ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)" - PARENT="$(dirname "$ROOT")" - CURRENT="$(basename "$ROOT")" - FOUND=0 - RAN=0 - - for d in "$PARENT"/*; do - [ -d "$d" ] || continue - base="$(basename "$d")" - [ "$base" = "$CURRENT" ] && continue - case "$base" in - *cliproxy*|*cliproxyapi*) - if [ ! -f "$d/Taskfile.yml" ]; then - continue - fi - FOUND=1 - if task -C "$d" --list-all 2>/dev/null | rg -q '(^|[[:space:]])quality([[:space:]]|$)'; then - echo "[RUN] $base -> task quality" - QUALITY_WITH_PARENT_CLIPROXY=0 task -C "$d" quality - RAN=1 - else - echo "[SKIP] $base (no quality task)" - fi - ;; - esac - done - - if [ "$FOUND" -eq 0 ]; then - echo "[SKIP] No sibling cliproxy taskfiles found in parent: $PARENT" - elif [ "$RAN" -eq 0 ]; then - echo "[SKIP] No sibling cliproxy project had a runnable quality task" - fi - - quality: - desc: "Run full strict project quality checks (fmt, test, lint)" - cmds: - - task: quality:fmt - - task: quality:fmt:check - - go vet ./... - - task: lint - - task: test - - task: quality:parent-sibling - - quality:quick: - desc: "Run fast local quality checks (readonly)" - cmds: - - task: quality:fmt:check - - task: quality:quick:check - - quality:quick:fix: - desc: "Run local quick quality fix flow (auto-format + staged lint + quick checks)" - deps: [preflight, cache:unlock] - cmds: - - task: quality:fmt - - task: quality:fmt-staged - - task: quality:quick:check - - quality:quick:check: - desc: "Fast non-mutating quality checks (fmt check + changed lint + targeted tests)" - deps: [preflight, cache:unlock] - cmds: - - task: quality:fmt:check - - task: lint:changed - - | - if [ "${QUALITY_PACKAGES}" = "./..." ]; then - tmp_files="$(mktemp)" - if [ -n "${QUALITY_DIFF_RANGE:-}" ]; then - git diff --name-only "$QUALITY_DIFF_RANGE" -- '*.go' | sort -u > "$tmp_files" - else - git diff --name-only -- '*.go' | sort -u > "$tmp_files" - git diff --cached --name-only -- '*.go' >> "$tmp_files" - fi - mapfile -t files < <(sort -u "$tmp_files") - rm -f "$tmp_files" - - if [ "${#files[@]}" -eq 0 ]; then - echo "[SKIP] No changed Go files; skipping go test in quality quick mode." - exit 0 - fi - - mapfile -t test_packages < <(printf '%s\n' "${files[@]}" | sed 's#^\\./##' | xargs -n1 dirname | sort -u) - if [ "${#test_packages[@]}" -eq 0 ]; then - echo "[SKIP] No testable directories from changed Go files." - exit 0 - fi - else - mapfile -t test_packages < <(printf '%s' "{{.QUALITY_PACKAGES}}" | tr ' ' '\n' | sed '/^$/d') - if [ "${#test_packages[@]}" -eq 0 ]; then - echo "[SKIP] QUALITY_PACKAGES was empty." - exit 0 - fi - fi - - go test "${test_packages[@]}" - - task: test:provider-smoke-matrix:test - - quality:pre-push: - desc: "Pre-push hook quality gate" - deps: [preflight, cache:unlock] - cmds: - - task: quality:quick:check - - changelog:check: - desc: "Verify CHANGELOG.md contains an Unreleased heading" - cmds: - - rg -q '^## \[Unreleased\]' CHANGELOG.md - - quality:shellcheck: - desc: "Run shellcheck on shell scripts (best-effort, no-op when shellcheck missing)" - cmds: - - | - if ! command -v shellcheck >/dev/null 2>&1; then - echo "[WARN] shellcheck not found" - exit 0 - fi - shellcheck -x scripts/*.sh - - quality:quick:all: - desc: "Run quality quick locally and in sibling cliproxy/cliproxyapi++ repos" - cmds: - - task: quality:quick - - task: quality:parent-sibling - - quality:vet: - desc: "Run go vet for all packages" - cmds: - - go vet ./... - - quality:staticcheck: - desc: "Run staticcheck (opt-in)" - cmds: - - | - if [ "${ENABLE_STATICCHECK:-0}" != "1" ]; then - echo "[SKIP] ENABLE_STATICCHECK=1 to run staticcheck" - exit 0 - fi - if ! command -v staticcheck >/dev/null 2>&1; then - echo "[WARN] staticcheck not found" - exit 0 - fi - staticcheck ./... - - quality:ci: - desc: "Run non-mutating PR quality gates" - cmds: - - | - if [ -n "${QUALITY_DIFF_RANGE:-}" ]; then - echo "[INFO] quality:ci with QUALITY_DIFF_RANGE=$QUALITY_DIFF_RANGE" - else - echo "[INFO] quality:ci without QUALITY_DIFF_RANGE; lint defaults to working tree/staged diffs" - fi - - task: quality:fmt:check - - task: quality:vet - - task: quality:staticcheck - - task: quality:shellcheck - - task: lint:changed - - test:provider-smoke-matrix:test: - desc: "Run provider smoke matrix script tests with a fake curl backend" - cmds: - - | - scripts/provider-smoke-matrix-test.sh - - quality:release-lint: - desc: "Validate release-facing config examples and docs snippets" - cmds: - - task: preflight - - task: quality:docs-open-items-parity -<<<<<<< HEAD - - task: quality:docs-phase-placeholders -======= ->>>>>>> archive/pr-234-head-20260223 - - ./.github/scripts/release-lint.sh - - quality:docs-open-items-parity: - desc: "Prevent stale status drift in fragmented open-items report" - cmds: - - ./.github/scripts/check-open-items-fragmented-parity.sh - -<<<<<<< HEAD - quality:docs-phase-placeholders: - desc: "Reject unresolved placeholder-like tokens in planning reports" - cmds: - - ./.github/scripts/check-phase-doc-placeholder-tokens.sh - -======= ->>>>>>> archive/pr-234-head-20260223 - test:smoke: - desc: "Run smoke tests for startup and control-plane surfaces" - deps: [preflight, cache:unlock] - cmds: - - | - go test -run 'TestServer_StartupSmokeEndpoints|TestServer_StartupSmokeEndpoints/GET_v1_models|TestServer_StartupSmokeEndpoints/GET_v1_metrics_providers|TestServer_RoutesNamespaceIsolation|TestServer_ControlPlane_MessageLifecycle|TestServer_ControlPlane_IdempotencyKey_ReplaysResponseAndPreventsDuplicateMessages|TestServer_ControlPlane_IdempotencyKey_DifferentKeysCreateDifferentMessages' ./pkg/llmproxy/api - - lint:changed: - desc: "Run golangci-lint on changed/staged files only" - cmds: - - | - tmp_files="$(mktemp)" - if [ -n "${QUALITY_DIFF_RANGE:-}" ]; then - git diff --name-only "$QUALITY_DIFF_RANGE" -- '*.go' | sort -u > "$tmp_files" - else - git diff --name-only -- '*.go' | sort -u > "$tmp_files" - git diff --cached --name-only -- '*.go' | sort -u >> "$tmp_files" - fi - mapfile -t files < <(sort -u "$tmp_files") - rm -f "$tmp_files" - if [ "${#files[@]}" -eq 0 ]; then - echo "[SKIP] No changed or staged Go files found." - exit 0 - fi - if ! command -v golangci-lint >/dev/null 2>&1; then - echo "[WARN] golangci-lint not found; skipping lint on changed files." - exit 0 - fi - mapfile -t changed_dirs < <(printf '%s\n' "${files[@]}" | sed 's#^\\./##' | xargs -n1 dirname | sort -u) - failed=0 - for dir in "${changed_dirs[@]}"; do - if [ "$dir" = "." ]; then - dir="." - fi - if [ -z "$dir" ] || [ ! -d "$dir" ]; then - continue - fi - golangci-lint run "$dir" || failed=1 - done - if [ "$failed" -ne 0 ]; then - exit 1 - fi - if [ "${#changed_dirs[@]}" -eq 0 ]; then - echo "[SKIP] No changed directories resolved." - exit 0 - fi - echo "[OK] linted changed directories: ${changed_dirs[*]}" - - verify:all: - desc: "Run quality quick checks and static analysis" - cmds: - - task: quality:fmt:check - - task: test:smoke - - task: lint:changed - - task: quality:release-lint - - task: quality:vet - - task: quality:staticcheck - - task: test - - hooks:install: - desc: "Install local git pre-commit hook for staged gofmt + lint" - cmds: - - | - mkdir -p .git/hooks - cat > .git/hooks/pre-commit <<'EOF' - #!/usr/bin/env sh - set -eu - if ! command -v go >/dev/null 2>&1; then - echo "[WARN] go not found on PATH; skipping pre-commit quality checks." - exit 0 - fi - - if ! command -v task >/dev/null 2>&1; then - echo "[WARN] task not found on PATH; skipping pre-commit quality checks." - exit 0 - fi - - cd "$(git rev-parse --show-toplevel)" - task quality:fmt-staged - EOF - chmod +x .git/hooks/pre-commit - echo "[OK] Installed .git/hooks/pre-commit" - - lint: - desc: "Run golangci-lint" - cmds: - - golangci-lint run ./... - - tidy: - desc: "Tidy Go modules" - cmds: - - go mod tidy - - # -- Docker Operations -- - docker:build: - desc: "Build Docker image locally" - cmds: - - docker build -t {{.DOCKER_IMAGE}}:local . - - docker:run: - desc: "Run proxy via Docker" - cmds: - - docker compose up -d - - docker:stop: - desc: "Stop Docker proxy" - cmds: - - docker compose down - - # -- Health & Diagnostics (UX/DX) -- - doctor: - desc: "Check environment health for cliproxyapi++" - cmds: - - | - echo "Checking Go version..." - go version - echo "Checking dependencies..." - if [ ! -f go.mod ]; then echo "❌ go.mod missing"; exit 1; fi - echo "Checking config template..." - if [ ! -f config.example.yaml ]; then echo "❌ config.example.yaml missing"; exit 1; fi - echo "Checking Docker..." - docker --version || echo "⚠️ Docker not installed" - echo "✅ cliproxyapi++ environment looks healthy!" - - # -- Agent Experience (AX) -- - ax:spec: - desc: "Generate or verify agent-readable specs" - cmds: - - echo "Checking for llms.txt..." - - if [ ! -f llms.txt ]; then echo "⚠️ llms.txt missing"; else echo "✅ llms.txt present"; fi - - board:sync: - desc: "Sync GitHub sources and regenerate planning board/import artifacts (Go tool)" - cmds: - - go run ./cmd/boardsync diff --git a/.worktrees/config/m/config-build/active/api/openapi.yaml b/.worktrees/config/m/config-build/active/api/openapi.yaml deleted file mode 100644 index 325f6beca8..0000000000 --- a/.worktrees/config/m/config-build/active/api/openapi.yaml +++ /dev/null @@ -1,175 +0,0 @@ -openapi: 3.0.0 -info: - title: CLIProxyAPI Plus - description: | - AI Gateway API with OAuth support for multiple providers. - - ## Providers - - Anthropic (Claude) - - OpenAI - - Google (Gemini) - - MiniMax - - Kiro - - Codex - - And more... - version: 2.0.0 - contact: - name: CLIProxyAPI Plus - -servers: - - url: http://127.0.0.1:8317 - description: Local development - - url: {baseUrl} - variables: - baseUrl: - default: http://localhost:8317 - -paths: - /health: - get: - summary: Health check - responses: - '200': - description: OK - content: - application/json: - schema: - type: object - properties: - status: - type: string - - /v1/chat/completions: - post: - summary: Chat completions - requestBody: - required: true - content: - application/json: - schema: - type: object - properties: - model: - type: string - messages: - type: array - items: - type: object - stream: - type: boolean - default: false - responses: - '200': - description: Chat completion response - - /v1/models: - get: - summary: List available models - responses: - '200': - description: Model list - - /v1/models/{model_name}: - get: - summary: Get model info - parameters: - - name: model_name - in: path - required: true - schema: - type: string - responses: - '200': - description: Model info - - /v0/management/config: - get: - summary: Get configuration - security: - - ManagementKey: [] - responses: - '200': - description: Configuration object - - /v0/management/config: - put: - summary: Update configuration - security: - - ManagementKey: [] - requestBody: - required: true - content: - application/json: - schema: - type: object - responses: - '200': - description: Configuration updated - - /v0/management/auth: - get: - summary: List auth entries - security: - - ManagementKey: [] - responses: - '200': - description: Auth list - - /v0/management/auth: - post: - summary: Add auth entry - security: - - ManagementKey: [] - requestBody: - required: true - content: - application/json: - schema: - type: object - responses: - '200': - description: Auth added - - /v0/management/usage: - get: - summary: Get usage statistics - security: - - ManagementKey: [] - responses: - '200': - description: Usage statistics - - /v0/management/logs: - get: - summary: Get logs - security: - - ManagementKey: [] - parameters: - - name: limit - in: query - schema: - type: integer - default: 100 - responses: - '200': - description: Log entries - -components: - securitySchemes: - ManagementKey: - type: apiKey - in: header - name: Authorization - description: Management API key - -tags: - - name: Chat - description: Chat completions endpoints - - name: Models - description: Model management - - name: Management - description: Configuration and management - - name: Auth - description: Authentication management - - name: Usage - description: Usage and statistics diff --git a/.worktrees/config/m/config-build/active/assets/aicodemirror.png b/.worktrees/config/m/config-build/active/assets/aicodemirror.png deleted file mode 100644 index b4585bcf3a..0000000000 Binary files a/.worktrees/config/m/config-build/active/assets/aicodemirror.png and /dev/null differ diff --git a/.worktrees/config/m/config-build/active/assets/packycode.png b/.worktrees/config/m/config-build/active/assets/packycode.png deleted file mode 100644 index 4fc7eecc75..0000000000 Binary files a/.worktrees/config/m/config-build/active/assets/packycode.png and /dev/null differ diff --git a/.worktrees/config/m/config-build/active/auths/.gitkeep b/.worktrees/config/m/config-build/active/auths/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/.worktrees/config/m/config-build/active/boardsync b/.worktrees/config/m/config-build/active/boardsync deleted file mode 100755 index 2a818d1a57..0000000000 Binary files a/.worktrees/config/m/config-build/active/boardsync and /dev/null differ diff --git a/.worktrees/config/m/config-build/active/cli-proxy-api-plus-integration-test b/.worktrees/config/m/config-build/active/cli-proxy-api-plus-integration-test deleted file mode 100755 index 276a239c2c..0000000000 Binary files a/.worktrees/config/m/config-build/active/cli-proxy-api-plus-integration-test and /dev/null differ diff --git a/.worktrees/config/m/config-build/active/cliproxyctl/main.go b/.worktrees/config/m/config-build/active/cliproxyctl/main.go deleted file mode 100644 index 1f378836f2..0000000000 --- a/.worktrees/config/m/config-build/active/cliproxyctl/main.go +++ /dev/null @@ -1,393 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "errors" - "flag" - "fmt" - "io" - "os" - "path/filepath" - "strings" - "time" - - cliproxycmd "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -const responseSchemaVersion = "cliproxyctl.response.v1" - -type responseEnvelope struct { - SchemaVersion string `json:"schema_version"` - Command string `json:"command"` - OK bool `json:"ok"` - Timestamp string `json:"timestamp"` - Details map[string]any `json:"details"` -} - -type commandExecutor struct { - setup func(*config.Config, *cliproxycmd.SetupOptions) - login func(*config.Config, string, *cliproxycmd.LoginOptions) - doctor func(string) (map[string]any, error) -} - -func defaultCommandExecutor() commandExecutor { - return commandExecutor{ - setup: cliproxycmd.DoSetupWizard, - login: cliproxycmd.DoLogin, - doctor: func(configPath string) (map[string]any, error) { - details := map[string]any{ - "config_path": configPath, - } - - info, err := os.Stat(configPath) - if err != nil { - details["config_exists"] = false - return details, fmt.Errorf("config file is not accessible: %w", err) - } - if info.IsDir() { - details["config_exists"] = false - return details, fmt.Errorf("config path %q is a directory", configPath) - } - details["config_exists"] = true - - cfg, err := config.LoadConfig(configPath) - if err != nil { - return details, fmt.Errorf("failed to load config: %w", err) - } - - authDir := strings.TrimSpace(cfg.AuthDir) - details["auth_dir"] = authDir - details["auth_dir_set"] = authDir != "" - details["provider_counts"] = map[string]int{ - "codex": len(cfg.CodexKey), - "claude": len(cfg.ClaudeKey), - "gemini": len(cfg.GeminiKey), - "kiro": len(cfg.KiroKey), - "cursor": len(cfg.CursorKey), - "openai_compatible": len(cfg.OpenAICompatibility), - } - details["status"] = "ok" - return details, nil - }, - } -} - -func main() { - os.Exit(run(os.Args[1:], os.Stdout, os.Stderr, time.Now, defaultCommandExecutor())) -} - -func run(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - if len(args) == 0 { - _, _ = fmt.Fprintln(stderr, "usage: cliproxyctl [flags]") - return 2 - } - - command := strings.TrimSpace(args[0]) - switch command { - case "setup": - return runSetup(args[1:], stdout, stderr, now, exec) - case "login": - return runLogin(args[1:], stdout, stderr, now, exec) - case "doctor": - return runDoctor(args[1:], stdout, stderr, now, exec) - default: - if hasJSONFlag(args[1:]) { - writeEnvelope(stdout, now, command, false, map[string]any{ - "error": "unknown command", - }) - return 2 - } - _, _ = fmt.Fprintf(stderr, "unknown command %q\n", command) - return 2 - } -} - -func runSetup(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - fs := flag.NewFlagSet("setup", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var configPathFlag string - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.StringVar(&configPathFlag, "config", "", "Path to config file") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "setup", err) - } - - configPath := resolveConfigPath(strings.TrimSpace(configPathFlag)) - cfg, err := loadConfig(configPath, true) - if err != nil { - return renderError(stdout, stderr, jsonOutput, now, "setup", err) - } - - details := map[string]any{ - "config_path": configPath, - "config_exists": configFileExists(configPath), - } - - if jsonOutput { - capturedStdout, capturedStderr, runErr := captureStdIO(func() error { - exec.setup(cfg, &cliproxycmd.SetupOptions{ConfigPath: configPath}) - return nil - }) - details["stdout"] = capturedStdout - if capturedStderr != "" { - details["stderr"] = capturedStderr - } - if runErr != nil { - details["error"] = runErr.Error() - writeEnvelope(stdout, now, "setup", false, details) - return 1 - } - writeEnvelope(stdout, now, "setup", true, details) - return 0 - } - - exec.setup(cfg, &cliproxycmd.SetupOptions{ConfigPath: configPath}) - return 0 -} - -func runLogin(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - fs := flag.NewFlagSet("login", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var configPathFlag string - var projectID string - var noBrowser bool - var callbackPort int - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.StringVar(&configPathFlag, "config", "", "Path to config file") - fs.StringVar(&projectID, "project-id", "", "Optional Gemini project ID") - fs.BoolVar(&noBrowser, "no-browser", false, "Do not open browser for OAuth login") - fs.IntVar(&callbackPort, "oauth-callback-port", 0, "Override OAuth callback port") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "login", err) - } - - configPath := resolveConfigPath(strings.TrimSpace(configPathFlag)) - cfg, err := loadConfig(configPath, true) - if err != nil { - return renderError(stdout, stderr, jsonOutput, now, "login", err) - } - - details := map[string]any{ - "config_path": configPath, - "config_exists": configFileExists(configPath), - "project_id": strings.TrimSpace(projectID), - } - - if jsonOutput { - capturedStdout, capturedStderr, runErr := captureStdIO(func() error { - exec.login(cfg, strings.TrimSpace(projectID), &cliproxycmd.LoginOptions{ - NoBrowser: noBrowser, - CallbackPort: callbackPort, - ConfigPath: configPath, - }) - return nil - }) - details["stdout"] = capturedStdout - if capturedStderr != "" { - details["stderr"] = capturedStderr - } - if runErr != nil { - details["error"] = runErr.Error() - writeEnvelope(stdout, now, "login", false, details) - return 1 - } - ok := strings.Contains(capturedStdout, "Gemini authentication successful!") - if !ok { - details["error"] = "login flow did not report success" - } - writeEnvelope(stdout, now, "login", ok, details) - if !ok { - return 1 - } - return 0 - } - - exec.login(cfg, strings.TrimSpace(projectID), &cliproxycmd.LoginOptions{ - NoBrowser: noBrowser, - CallbackPort: callbackPort, - ConfigPath: configPath, - }) - return 0 -} - -func runDoctor(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - fs := flag.NewFlagSet("doctor", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var configPathFlag string - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.StringVar(&configPathFlag, "config", "", "Path to config file") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "doctor", err) - } - - configPath := resolveConfigPath(strings.TrimSpace(configPathFlag)) - details, err := exec.doctor(configPath) - if err != nil { - if details == nil { - details = map[string]any{} - } - details["error"] = err.Error() - if jsonOutput { - writeEnvelope(stdout, now, "doctor", false, details) - } else { - _, _ = fmt.Fprintf(stderr, "doctor failed: %v\n", err) - } - return 1 - } - - if details == nil { - details = map[string]any{} - } - if jsonOutput { - writeEnvelope(stdout, now, "doctor", true, details) - } else { - _, _ = fmt.Fprintf(stdout, "doctor ok (config=%s)\n", configPath) - } - return 0 -} - -func renderError(stdout io.Writer, stderr io.Writer, jsonOutput bool, now func() time.Time, command string, err error) int { - if jsonOutput { - writeEnvelope(stdout, now, command, false, map[string]any{ - "error": err.Error(), - }) - } else { - _, _ = fmt.Fprintln(stderr, err.Error()) - } - return 2 -} - -func writeEnvelope(out io.Writer, now func() time.Time, command string, ok bool, details map[string]any) { - if details == nil { - details = map[string]any{} - } - envelope := responseEnvelope{ - SchemaVersion: responseSchemaVersion, - Command: command, - OK: ok, - Timestamp: now().UTC().Format(time.RFC3339Nano), - Details: details, - } - encoded, err := json.Marshal(envelope) - if err != nil { - fallback := fmt.Sprintf( - `{"schema_version":"%s","command":"%s","ok":false,"timestamp":"%s","details":{"error":"json marshal failed: %s"}}`, - responseSchemaVersion, - command, - now().UTC().Format(time.RFC3339Nano), - escapeForJSON(err.Error()), - ) - _, _ = io.WriteString(out, fallback+"\n") - return - } - _, _ = out.Write(append(encoded, '\n')) -} - -func resolveConfigPath(explicit string) string { - if explicit != "" { - return explicit - } - - lookup := []string{ - "CLIPROXY_CONFIG", - "CLIPROXY_CONFIG_PATH", - "CONFIG", - "CONFIG_PATH", - } - for _, key := range lookup { - if value := strings.TrimSpace(os.Getenv(key)); value != "" { - return value - } - } - - wd, err := os.Getwd() - if err != nil { - return "config.yaml" - } - primary := filepath.Join(wd, "config.yaml") - if configFileExists(primary) { - return primary - } - - nested := filepath.Join(wd, "config", "config.yaml") - if configFileExists(nested) { - return nested - } - return primary -} - -func loadConfig(configPath string, allowMissing bool) (*config.Config, error) { - cfg, err := config.LoadConfig(configPath) - if err == nil { - return cfg, nil - } - if allowMissing { - var pathErr *os.PathError - if errors.As(err, &pathErr) && os.IsNotExist(pathErr.Err) { - return &config.Config{}, nil - } - } - return nil, err -} - -func configFileExists(path string) bool { - info, err := os.Stat(path) - if err != nil { - return false - } - return !info.IsDir() -} - -func captureStdIO(runFn func() error) (string, string, error) { - origStdout := os.Stdout - origStderr := os.Stderr - - stdoutRead, stdoutWrite, err := os.Pipe() - if err != nil { - return "", "", err - } - stderrRead, stderrWrite, err := os.Pipe() - if err != nil { - _ = stdoutRead.Close() - _ = stdoutWrite.Close() - return "", "", err - } - - os.Stdout = stdoutWrite - os.Stderr = stderrWrite - - runErr := runFn() - - _ = stdoutWrite.Close() - _ = stderrWrite.Close() - os.Stdout = origStdout - os.Stderr = origStderr - - var outBuf bytes.Buffer - _, _ = io.Copy(&outBuf, stdoutRead) - _ = stdoutRead.Close() - var errBuf bytes.Buffer - _, _ = io.Copy(&errBuf, stderrRead) - _ = stderrRead.Close() - - return outBuf.String(), errBuf.String(), runErr -} - -func hasJSONFlag(args []string) bool { - for _, arg := range args { - if strings.TrimSpace(arg) == "--json" { - return true - } - } - return false -} - -func escapeForJSON(in string) string { - replacer := strings.NewReplacer(`\`, `\\`, `"`, `\"`) - return replacer.Replace(in) -} diff --git a/.worktrees/config/m/config-build/active/cliproxyctl/main_test.go b/.worktrees/config/m/config-build/active/cliproxyctl/main_test.go deleted file mode 100644 index 6ab7ce9920..0000000000 --- a/.worktrees/config/m/config-build/active/cliproxyctl/main_test.go +++ /dev/null @@ -1,109 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "strings" - "testing" - "time" - - cliproxycmd "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestRunSetupJSONResponseShape(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 1, 2, 3, 0, time.UTC) - } - - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ *cliproxycmd.LoginOptions) {}, - doctor: func(_ string) (map[string]any, error) { - return map[string]any{"status": "ok"}, nil - }, - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"setup", "--json", "--config", "/tmp/does-not-exist.yaml"}, &stdout, &stderr, fixedNow, exec) - if exitCode != 0 { - t.Fatalf("expected exit code 0, got %d (stderr=%q)", exitCode, stderr.String()) - } - - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("failed to decode JSON output: %v", err) - } - if got := payload["schema_version"]; got != responseSchemaVersion { - t.Fatalf("schema_version = %v, want %s", got, responseSchemaVersion) - } - if got := payload["command"]; got != "setup" { - t.Fatalf("command = %v, want setup", got) - } - if got := payload["ok"]; got != true { - t.Fatalf("ok = %v, want true", got) - } - if got := payload["timestamp"]; got != "2026-02-23T01:02:03Z" { - t.Fatalf("timestamp = %v, want 2026-02-23T01:02:03Z", got) - } - details, ok := payload["details"].(map[string]any) - if !ok { - t.Fatalf("details missing or wrong type: %#v", payload["details"]) - } - if _, exists := details["config_path"]; !exists { - t.Fatalf("details.config_path missing: %#v", details) - } -} - -func TestRunDoctorJSONFailureShape(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 4, 5, 6, 0, time.UTC) - } - - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ *cliproxycmd.LoginOptions) {}, - doctor: func(configPath string) (map[string]any, error) { - return map[string]any{"config_path": configPath}, assertErr("boom") - }, - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"doctor", "--json", "--config", "/tmp/missing.yaml"}, &stdout, &stderr, fixedNow, exec) - if exitCode != 1 { - t.Fatalf("expected exit code 1, got %d", exitCode) - } - - text := strings.TrimSpace(stdout.String()) - var payload map[string]any - if err := json.Unmarshal([]byte(text), &payload); err != nil { - t.Fatalf("failed to decode JSON output: %v", err) - } - if got := payload["schema_version"]; got != responseSchemaVersion { - t.Fatalf("schema_version = %v, want %s", got, responseSchemaVersion) - } - if got := payload["command"]; got != "doctor" { - t.Fatalf("command = %v, want doctor", got) - } - if got := payload["ok"]; got != false { - t.Fatalf("ok = %v, want false", got) - } - if got := payload["timestamp"]; got != "2026-02-23T04:05:06Z" { - t.Fatalf("timestamp = %v, want 2026-02-23T04:05:06Z", got) - } - details, ok := payload["details"].(map[string]any) - if !ok { - t.Fatalf("details missing or wrong type: %#v", payload["details"]) - } - if got, ok := details["error"].(string); !ok || !strings.Contains(got, "boom") { - t.Fatalf("details.error = %#v, want contains boom", details["error"]) - } -} - -type assertErr string - -func (e assertErr) Error() string { return string(e) } diff --git a/.worktrees/config/m/config-build/active/cmd/boardsync/main.go b/.worktrees/config/m/config-build/active/cmd/boardsync/main.go deleted file mode 100644 index 38e75eec7e..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/boardsync/main.go +++ /dev/null @@ -1,760 +0,0 @@ -package main - -import ( - "bytes" - "encoding/csv" - "encoding/json" - "errors" - "fmt" - "golang.org/x/text/cases" - "golang.org/x/text/language" - "os" - "os/exec" - "path/filepath" - "sort" - "strings" - "time" -) - -const ( - targetCount = 2000 -) - -var repos = []string{ - "router-for-me/CLIProxyAPIPlus", - "router-for-me/CLIProxyAPI", -} - -type sourceItem struct { - Kind string `json:"kind"` - Repo string `json:"repo"` - Number int `json:"number"` - Title string `json:"title"` - State string `json:"state"` - URL string `json:"url"` - Labels []string `json:"labels"` - Comments int `json:"comments"` - CreatedAt string `json:"created_at"` - UpdatedAt string `json:"updated_at"` - Body string `json:"body"` -} - -type boardItem struct { - ID string `json:"id"` - Theme string `json:"theme"` - Title string `json:"title"` - Priority string `json:"priority"` - Effort string `json:"effort"` - Wave string `json:"wave"` - Status string `json:"status"` - ImplementationReady string `json:"implementation_ready"` - SourceKind string `json:"source_kind"` - SourceRepo string `json:"source_repo"` - SourceRef string `json:"source_ref"` - SourceURL string `json:"source_url"` - ImplementationNote string `json:"implementation_note"` -} - -type boardJSON struct { - Stats map[string]int `json:"stats"` - Counts map[string]map[string]int `json:"counts"` - Items []boardItem `json:"items"` -} - -type discussionNode struct { - Number int `json:"number"` - Title string `json:"title"` - URL string `json:"url"` - CreatedAt string `json:"createdAt"` - UpdatedAt string `json:"updatedAt"` - Closed bool `json:"closed"` - BodyText string `json:"bodyText"` - Category struct { - Name string `json:"name"` - } `json:"category"` - Author struct { - Login string `json:"login"` - } `json:"author"` - Comments struct { - TotalCount int `json:"totalCount"` - } `json:"comments"` -} - -func main() { - root, err := os.Getwd() - if err != nil { - fail(err) - } - - tmpDir := filepath.Join(root, "tmp", "gh_board") - planDir := filepath.Join(root, "docs", "planning") - must(os.MkdirAll(tmpDir, 0o755)) - must(os.MkdirAll(planDir, 0o755)) - - for _, repo := range repos { - must(fetchRepoSnapshots(tmpDir, repo)) - } - - sources, stats, err := loadSources(tmpDir) - if err != nil { - fail(err) - } - - board := buildBoard(sources) - sortBoard(board) - - jsonObj := boardJSON{ - Stats: stats, - Counts: summarizeCounts(board), - Items: board, - } - - const base = "CLIPROXYAPI_2000_ITEM_EXECUTION_BOARD_2026-02-22" - boardJSONPath := filepath.Join(planDir, base+".json") - boardCSVPath := filepath.Join(planDir, base+".csv") - boardMDPath := filepath.Join(planDir, base+".md") - importCSVPath := filepath.Join(planDir, "GITHUB_PROJECT_IMPORT_CLIPROXYAPI_2000_2026-02-22.csv") - - must(writeBoardJSON(boardJSONPath, jsonObj)) - must(writeBoardCSV(boardCSVPath, board)) - must(writeBoardMarkdown(boardMDPath, board, jsonObj)) - must(writeProjectImportCSV(importCSVPath, board)) - - fmt.Println("board sync complete") - fmt.Println(boardJSONPath) - fmt.Println(boardCSVPath) - fmt.Println(boardMDPath) - fmt.Println(importCSVPath) - fmt.Printf("items=%d\n", len(board)) -} - -func fetchRepoSnapshots(tmpDir, repo string) error { - base := strings.ReplaceAll(repo, "/", "_") - if err := ghToFile([]string{"api", "--paginate", "repos/" + repo + "/issues?state=all&per_page=100"}, filepath.Join(tmpDir, base+"_issues_prs.json")); err != nil { - return err - } - if err := ghToFile([]string{"api", "--paginate", "repos/" + repo + "/pulls?state=all&per_page=100"}, filepath.Join(tmpDir, base+"_pulls.json")); err != nil { - return err - } - discussions, err := fetchDiscussions(repo) - if err != nil { - return err - } - b, err := json.MarshalIndent(discussions, "", " ") - if err != nil { - return err - } - return os.WriteFile(filepath.Join(tmpDir, base+"_discussions_graphql.json"), b, 0o644) -} - -func ghToFile(args []string, path string) error { - out, err := run("gh", args...) - if err != nil { - return err - } - return os.WriteFile(path, out, 0o644) -} - -func fetchDiscussions(repo string) ([]discussionNode, error) { - parts := strings.Split(repo, "/") - if len(parts) != 2 { - return nil, fmt.Errorf("invalid repo: %s", repo) - } - owner, name := parts[0], parts[1] - cursor := "" - var all []discussionNode - - for { - q := `query($owner:String!,$repo:String!,$first:Int!,$after:String){ - repository(owner:$owner,name:$repo){ - discussions(first:$first,after:$after,orderBy:{field:UPDATED_AT,direction:DESC}){ - nodes{ - number title url createdAt updatedAt closed bodyText - category{name} - author{login} - comments{totalCount} - } - pageInfo{hasNextPage endCursor} - } - } - }` - args := []string{"api", "graphql", "-f", "owner=" + owner, "-f", "repo=" + name, "-F", "first=50", "-f", "query=" + q} - if cursor != "" { - args = append(args, "-f", "after="+cursor) - } - out, err := run("gh", args...) - if err != nil { - // repo may not have discussions enabled; treat as empty - return all, nil - } - var resp struct { - Data struct { - Repository struct { - Discussions struct { - Nodes []discussionNode `json:"nodes"` - PageInfo struct { - HasNextPage bool `json:"hasNextPage"` - EndCursor string `json:"endCursor"` - } `json:"pageInfo"` - } `json:"discussions"` - } `json:"repository"` - } `json:"data"` - } - if err := json.Unmarshal(out, &resp); err != nil { - return nil, err - } - all = append(all, resp.Data.Repository.Discussions.Nodes...) - if !resp.Data.Repository.Discussions.PageInfo.HasNextPage { - break - } - cursor = resp.Data.Repository.Discussions.PageInfo.EndCursor - if cursor == "" { - break - } - } - return all, nil -} - -func loadSources(tmpDir string) ([]sourceItem, map[string]int, error) { - var out []sourceItem - stats := map[string]int{ - "sources_total_unique": 0, - "issues_plus": 0, - "issues_core": 0, - "prs_plus": 0, - "prs_core": 0, - "discussions_plus": 0, - "discussions_core": 0, - } - - for _, repo := range repos { - base := strings.ReplaceAll(repo, "/", "_") - - issuesPath := filepath.Join(tmpDir, base+"_issues_prs.json") - pullsPath := filepath.Join(tmpDir, base+"_pulls.json") - discussionsPath := filepath.Join(tmpDir, base+"_discussions_graphql.json") - - var issues []map[string]any - if err := readJSON(issuesPath, &issues); err != nil { - return nil, nil, err - } - for _, it := range issues { - if _, isPR := it["pull_request"]; isPR { - continue - } - s := sourceItem{ - Kind: "issue", - Repo: repo, - Number: intFromAny(it["number"]), - Title: strFromAny(it["title"]), - State: strFromAny(it["state"]), - URL: strFromAny(it["html_url"]), - Labels: labelsFromAny(it["labels"]), - Comments: intFromAny(it["comments"]), - CreatedAt: strFromAny(it["created_at"]), - UpdatedAt: strFromAny(it["updated_at"]), - Body: shrink(strFromAny(it["body"]), 1200), - } - out = append(out, s) - if strings.HasSuffix(repo, "CLIProxyAPIPlus") { - stats["issues_plus"]++ - } else { - stats["issues_core"]++ - } - } - - var pulls []map[string]any - if err := readJSON(pullsPath, &pulls); err != nil { - return nil, nil, err - } - for _, it := range pulls { - s := sourceItem{ - Kind: "pr", - Repo: repo, - Number: intFromAny(it["number"]), - Title: strFromAny(it["title"]), - State: strFromAny(it["state"]), - URL: strFromAny(it["html_url"]), - Labels: labelsFromAny(it["labels"]), - Comments: intFromAny(it["comments"]), - CreatedAt: strFromAny(it["created_at"]), - UpdatedAt: strFromAny(it["updated_at"]), - Body: shrink(strFromAny(it["body"]), 1200), - } - out = append(out, s) - if strings.HasSuffix(repo, "CLIProxyAPIPlus") { - stats["prs_plus"]++ - } else { - stats["prs_core"]++ - } - } - - var discussions []discussionNode - if err := readJSON(discussionsPath, &discussions); err != nil { - return nil, nil, err - } - for _, d := range discussions { - s := sourceItem{ - Kind: "discussion", - Repo: repo, - Number: d.Number, - Title: d.Title, - State: ternary(d.Closed, "closed", "open"), - URL: d.URL, - Labels: []string{d.Category.Name}, - Comments: d.Comments.TotalCount, - CreatedAt: d.CreatedAt, - UpdatedAt: d.UpdatedAt, - Body: shrink(d.BodyText, 1200), - } - out = append(out, s) - if strings.HasSuffix(repo, "CLIProxyAPIPlus") { - stats["discussions_plus"]++ - } else { - stats["discussions_core"]++ - } - } - } - - seen := map[string]bool{} - dedup := make([]sourceItem, 0, len(out)) - for _, s := range out { - if s.URL == "" || seen[s.URL] { - continue - } - seen[s.URL] = true - dedup = append(dedup, s) - } - stats["sources_total_unique"] = len(dedup) - return dedup, stats, nil -} - -func buildBoard(sources []sourceItem) []boardItem { - seed := []boardItem{ - newSeed("CP2K-0001", "platform-architecture", "Port thegent proxy lifecycle/install/login/model-management flows into first-class cliproxy Go CLI commands.", "P1", "L", "wave-1"), - newSeed("CP2K-0002", "integration-api-bindings", "Define a non-subprocess integration contract: Go bindings first, HTTP API fallback, versioned capability negotiation.", "P1", "L", "wave-1"), - newSeed("CP2K-0003", "dev-runtime-refresh", "Add process-compose dev profile with HMR-style reload, config watcher, and explicit `cliproxy refresh` command.", "P1", "M", "wave-1"), - newSeed("CP2K-0004", "docs-quickstarts", "Publish provider-specific 5-minute quickstarts with auth + model selection + sanity-check commands.", "P1", "M", "wave-1"), - newSeed("CP2K-0005", "docs-quickstarts", "Add troubleshooting matrix for auth, model mapping, thinking normalization, stream parsing, and retry semantics.", "P1", "M", "wave-1"), - newSeed("CP2K-0006", "cli-ux-dx", "Ship interactive setup wizard and `doctor --fix` with machine-readable JSON output and deterministic remediation.", "P1", "M", "wave-1"), - newSeed("CP2K-0007", "testing-and-quality", "Add cross-provider OpenAI Responses/Chat Completions conformance test suite with golden fixtures.", "P1", "L", "wave-1"), - newSeed("CP2K-0008", "testing-and-quality", "Add dedicated reasoning controls tests (`variant`, `reasoning_effort`, `reasoning.effort`, suffix forms).", "P1", "M", "wave-1"), - newSeed("CP2K-0009", "project-frontmatter", "Rewrite project frontmatter/readme with architecture, compatibility matrix, provider guides, support policy, and release channels.", "P2", "M", "wave-1"), - newSeed("CP2K-0010", "install-and-ops", "Improve release and install UX with unified install flow, binary verification, and platform post-install checks.", "P2", "M", "wave-1"), - } - - templates := []string{ - `Follow up "%s" by closing compatibility gaps and locking in regression coverage.`, - `Harden "%s" with stricter validation, safer defaults, and explicit fallback semantics.`, - `Operationalize "%s" with observability, runbook updates, and deployment safeguards.`, - `Generalize "%s" into provider-agnostic translation/utilities to reduce duplicate logic.`, - `Improve CLI UX around "%s" with clearer commands, flags, and immediate validation feedback.`, - `Extend docs for "%s" with quickstart snippets and troubleshooting decision trees.`, - `Add robust stream/non-stream parity tests for "%s" across supported providers.`, - `Refactor internals touched by "%s" to reduce coupling and improve maintainability.`, - `Prepare safe rollout for "%s" via flags, migration docs, and backward-compat tests.`, - `Standardize naming/metadata affected by "%s" across both repos and docs.`, - } - - actions := []string{ - "Implement compatibility-preserving normalization path with explicit fallback behavior and telemetry.", - "Add failing-before/failing-after regression tests and update golden fixtures for each supported provider.", - "Improve error diagnostics and add actionable remediation text in CLI and docs.", - "Refactor translation layer to isolate provider transform logic from transport concerns.", - "Instrument structured logs/metrics around request normalize->translate->dispatch lifecycle.", - "Add staged rollout controls (feature flags) with safe defaults and migration notes.", - "Harden edge-case parsing for stream and non-stream payload variants.", - "Benchmark p50/p95 latency and memory; reject regressions in CI quality gate.", - "Expand quickstart and troubleshooting docs with copy-paste examples and expected outputs.", - "Add contract tests for malformed payloads, missing fields, and legacy/new mixed parameters.", - } - - board := make([]boardItem, 0, targetCount) - board = append(board, seed...) - - for i := len(seed) + 1; len(board) < targetCount; i++ { - src := sources[(i-1)%len(sources)] - title := clean(src.Title) - if title == "" { - title = fmt.Sprintf("%s #%d", src.Kind, src.Number) - } - - theme := pickTheme(title + " " + src.Body) - itemTitle := fmt.Sprintf(templates[(i-1)%len(templates)], title) - priority := pickPriority(src) - effort := pickEffort(src) - - switch { - case i%17 == 0: - theme = "docs-quickstarts" - itemTitle = fmt.Sprintf(`Create or refresh provider quickstart derived from "%s" with setup/auth/model/sanity-check flow.`, title) - priority = "P1" - case i%19 == 0: - theme = "go-cli-extraction" - itemTitle = fmt.Sprintf(`Port relevant thegent-managed behavior implied by "%s" into cliproxy Go CLI commands and interactive setup.`, title) - priority, effort = "P1", "M" - case i%23 == 0: - theme = "integration-api-bindings" - itemTitle = fmt.Sprintf(`Design non-subprocess integration contract related to "%s" with Go bindings primary and API fallback.`, title) - priority, effort = "P1", "M" - case i%29 == 0: - theme = "dev-runtime-refresh" - itemTitle = fmt.Sprintf(`Add process-compose/HMR refresh workflow linked to "%s" for deterministic local runtime reload.`, title) - priority, effort = "P1", "M" - } - - board = append(board, boardItem{ - ID: fmt.Sprintf("CP2K-%04d", i), - Theme: theme, - Title: itemTitle, - Priority: priority, - Effort: effort, - Wave: pickWave(priority, effort), - Status: "proposed", - ImplementationReady: "yes", - SourceKind: src.Kind, - SourceRepo: src.Repo, - SourceRef: fmt.Sprintf("%s#%d", src.Kind, src.Number), - SourceURL: src.URL, - ImplementationNote: actions[(i-1)%len(actions)], - }) - } - - return board -} - -func sortBoard(board []boardItem) { - pr := map[string]int{"P1": 0, "P2": 1, "P3": 2} - wr := map[string]int{"wave-1": 0, "wave-2": 1, "wave-3": 2} - er := map[string]int{"S": 0, "M": 1, "L": 2} - sort.SliceStable(board, func(i, j int) bool { - a, b := board[i], board[j] - if pr[a.Priority] != pr[b.Priority] { - return pr[a.Priority] < pr[b.Priority] - } - if wr[a.Wave] != wr[b.Wave] { - return wr[a.Wave] < wr[b.Wave] - } - if er[a.Effort] != er[b.Effort] { - return er[a.Effort] < er[b.Effort] - } - return a.ID < b.ID - }) -} - -func summarizeCounts(board []boardItem) map[string]map[string]int { - out := map[string]map[string]int{ - "priority": {}, - "wave": {}, - "effort": {}, - "theme": {}, - } - for _, b := range board { - out["priority"][b.Priority]++ - out["wave"][b.Wave]++ - out["effort"][b.Effort]++ - out["theme"][b.Theme]++ - } - return out -} - -func writeBoardJSON(path string, data boardJSON) error { - b, err := json.MarshalIndent(data, "", " ") - if err != nil { - return err - } - return os.WriteFile(path, b, 0o644) -} - -func writeBoardCSV(path string, board []boardItem) error { - f, err := os.Create(path) - if err != nil { - return err - } - defer func() { _ = f.Close() }() - w := csv.NewWriter(f) - defer w.Flush() - if err := w.Write([]string{"id", "theme", "title", "priority", "effort", "wave", "status", "implementation_ready", "source_kind", "source_repo", "source_ref", "source_url", "implementation_note"}); err != nil { - return err - } - for _, b := range board { - if err := w.Write([]string{b.ID, b.Theme, b.Title, b.Priority, b.Effort, b.Wave, b.Status, b.ImplementationReady, b.SourceKind, b.SourceRepo, b.SourceRef, b.SourceURL, b.ImplementationNote}); err != nil { - return err - } - } - return nil -} - -func writeProjectImportCSV(path string, board []boardItem) error { - f, err := os.Create(path) - if err != nil { - return err - } - defer func() { _ = f.Close() }() - w := csv.NewWriter(f) - defer w.Flush() - if err := w.Write([]string{"Title", "Body", "Status", "Priority", "Wave", "Effort", "Theme", "Implementation Ready", "Source Kind", "Source Repo", "Source Ref", "Source URL", "Labels", "Board ID"}); err != nil { - return err - } - for _, b := range board { - body := fmt.Sprintf("Execution item %s | Source: %s %s | Source URL: %s | Implementation note: %s | Tracking rule: keep source->solution mapping and update Status as work progresses.", b.ID, b.SourceRepo, b.SourceRef, b.SourceURL, b.ImplementationNote) - labels := strings.Join([]string{ - "board-2000", - "theme:" + b.Theme, - "prio:" + strings.ToLower(b.Priority), - "wave:" + b.Wave, - "effort:" + strings.ToLower(b.Effort), - "kind:" + b.SourceKind, - }, ",") - if err := w.Write([]string{b.Title, body, b.Status, b.Priority, b.Wave, b.Effort, b.Theme, b.ImplementationReady, b.SourceKind, b.SourceRepo, b.SourceRef, b.SourceURL, labels, b.ID}); err != nil { - return err - } - } - return nil -} - -func writeBoardMarkdown(path string, board []boardItem, bj boardJSON) error { - var buf bytes.Buffer - now := time.Now().Format("2006-01-02") - buf.WriteString("# CLIProxyAPI Ecosystem 2000-Item Execution Board\n\n") - fmt.Fprintf(&buf, "- Generated: %s\n", now) - buf.WriteString("- Scope: `router-for-me/CLIProxyAPIPlus` + `router-for-me/CLIProxyAPI` Issues, PRs, Discussions\n") - buf.WriteString("- Objective: Implementation-ready backlog (up to 2000), including CLI extraction, bindings/API integration, docs quickstarts, and dev-runtime refresh\n\n") - buf.WriteString("## Coverage\n") - keys := []string{"generated_items", "sources_total_unique", "issues_plus", "issues_core", "prs_plus", "prs_core", "discussions_plus", "discussions_core"} - bj.Stats["generated_items"] = len(board) - for _, k := range keys { - fmt.Fprintf(&buf, "- %s: %d\n", k, bj.Stats[k]) - } - buf.WriteString("\n## Distribution\n") - for _, sec := range []string{"priority", "wave", "effort", "theme"} { - fmt.Fprintf(&buf, "### %s\n", cases.Title(language.Und).String(sec)) - type kv struct { - K string - V int - } - var arr []kv - for k, v := range bj.Counts[sec] { - arr = append(arr, kv{K: k, V: v}) - } - sort.Slice(arr, func(i, j int) bool { - if arr[i].V != arr[j].V { - return arr[i].V > arr[j].V - } - return arr[i].K < arr[j].K - }) - for _, p := range arr { - fmt.Fprintf(&buf, "- %s: %d\n", p.K, p.V) - } - buf.WriteString("\n") - } - - buf.WriteString("## Top 250 (Execution Order)\n\n") - limit := 250 - if len(board) < limit { - limit = len(board) - } - for _, b := range board[:limit] { - fmt.Fprintf(&buf, "### [%s] %s\n", b.ID, b.Title) - fmt.Fprintf(&buf, "- Priority: %s\n", b.Priority) - fmt.Fprintf(&buf, "- Wave: %s\n", b.Wave) - fmt.Fprintf(&buf, "- Effort: %s\n", b.Effort) - fmt.Fprintf(&buf, "- Theme: %s\n", b.Theme) - fmt.Fprintf(&buf, "- Source: %s %s\n", b.SourceRepo, b.SourceRef) - if b.SourceURL != "" { - fmt.Fprintf(&buf, "- Source URL: %s\n", b.SourceURL) - } - fmt.Fprintf(&buf, "- Implementation note: %s\n\n", b.ImplementationNote) - } - buf.WriteString("## Full 2000 Items\n") - buf.WriteString("- Use the CSV/JSON artifacts for full import and sorting.\n") - - return os.WriteFile(path, buf.Bytes(), 0o644) -} - -func newSeed(id, theme, title, priority, effort, wave string) boardItem { - return boardItem{ - ID: id, - Theme: theme, - Title: title, - Priority: priority, - Effort: effort, - Wave: wave, - Status: "proposed", - ImplementationReady: "yes", - SourceKind: "strategy", - SourceRepo: "cross-repo", - SourceRef: "synthesis", - SourceURL: "", - ImplementationNote: "Implement compatibility-preserving normalization path with explicit fallback behavior and telemetry.", - } -} - -func pickTheme(text string) string { - t := strings.ToLower(text) - cases := []struct { - theme string - keys []string - }{ - {"thinking-and-reasoning", []string{"reasoning", "thinking", "effort", "variant", "budget", "token"}}, - {"responses-and-chat-compat", []string{"responses", "chat/completions", "translator", "message", "tool call", "response_format"}}, - {"provider-model-registry", []string{"model", "registry", "alias", "metadata", "provider"}}, - {"oauth-and-authentication", []string{"oauth", "login", "auth", "token exchange", "credential"}}, - {"websocket-and-streaming", []string{"websocket", "sse", "stream", "delta", "chunk"}}, - {"error-handling-retries", []string{"error", "retry", "429", "cooldown", "timeout", "backoff", "limit"}}, - {"docs-quickstarts", []string{"readme", "docs", "quick start", "guide", "example", "tutorial"}}, - {"install-and-ops", []string{"docker", "compose", "install", "build", "binary", "release", "ops"}}, - {"cli-ux-dx", []string{"cli", "command", "flag", "wizard", "ux", "dx", "tui", "interactive"}}, - {"testing-and-quality", []string{"test", "ci", "coverage", "lint", "benchmark", "contract"}}, - } - for _, c := range cases { - for _, k := range c.keys { - if strings.Contains(t, k) { - return c.theme - } - } - } - return "general-polish" -} - -func pickPriority(src sourceItem) string { - t := strings.ToLower(src.Title + " " + src.Body) - if containsAny(t, []string{"oauth", "login", "auth", "translator", "responses", "stream", "reasoning", "token exchange", "critical", "security", "429"}) { - return "P1" - } - if containsAny(t, []string{"docs", "readme", "guide", "example", "polish", "ux", "dx"}) { - return "P3" - } - return "P2" -} - -func pickEffort(src sourceItem) string { - switch src.Kind { - case "discussion": - return "S" - case "pr": - return "M" - default: - return "S" - } -} - -func pickWave(priority, effort string) string { - if priority == "P1" && (effort == "S" || effort == "M") { - return "wave-1" - } - if priority == "P1" && effort == "L" { - return "wave-2" - } - if priority == "P2" { - return "wave-2" - } - return "wave-3" -} - -func clean(s string) string { - s = strings.TrimSpace(s) - if s == "" { - return s - } - return strings.Join(strings.Fields(s), " ") -} - -func containsAny(s string, tokens []string) bool { - for _, t := range tokens { - if strings.Contains(s, t) { - return true - } - } - return false -} - -func shrink(s string, max int) string { - if len(s) <= max { - return s - } - return s[:max] -} - -func readJSON(path string, out any) error { - b, err := os.ReadFile(path) - if err != nil { - return err - } - return json.Unmarshal(b, out) -} - -func labelsFromAny(v any) []string { - arr, ok := v.([]any) - if !ok { - return nil - } - out := make([]string, 0, len(arr)) - for _, it := range arr { - m, ok := it.(map[string]any) - if !ok { - continue - } - name := strFromAny(m["name"]) - if name != "" { - out = append(out, name) - } - } - return out -} - -func intFromAny(v any) int { - switch t := v.(type) { - case float64: - return int(t) - case int: - return t - case json.Number: - i, _ := t.Int64() - return int(i) - default: - return 0 - } -} - -func strFromAny(v any) string { - if v == nil { - return "" - } - s, ok := v.(string) - if ok { - return s - } - return fmt.Sprintf("%v", v) -} - -func ternary(cond bool, a, b string) string { - if cond { - return a - } - return b -} - -func run(name string, args ...string) ([]byte, error) { - cmd := exec.Command(name, args...) - cmd.Env = os.Environ() - out, err := cmd.CombinedOutput() - if err != nil { - return nil, fmt.Errorf("command failed: %s %s: %w; output=%s", name, strings.Join(args, " "), err, string(out)) - } - return out, nil -} - -func must(err error) { - if err != nil { - fail(err) - } -} - -func fail(err error) { - if err == nil { - err = errors.New("unknown error") - } - fmt.Fprintln(os.Stderr, err.Error()) - os.Exit(1) -} diff --git a/.worktrees/config/m/config-build/active/cmd/cliproxyctl/main.go b/.worktrees/config/m/config-build/active/cmd/cliproxyctl/main.go deleted file mode 100644 index 93e187cb50..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/cliproxyctl/main.go +++ /dev/null @@ -1,813 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "errors" - "flag" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "sort" - "strings" - "syscall" - "time" - - cliproxycmd "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -const responseSchemaVersion = "cliproxyctl.response.v1" - -type responseEnvelope struct { - SchemaVersion string `json:"schema_version"` - Command string `json:"command"` - OK bool `json:"ok"` - Timestamp string `json:"timestamp"` - Details map[string]any `json:"details"` -} - -type commandExecutor struct { - setup func(*config.Config, *cliproxycmd.SetupOptions) - login func(*config.Config, string, string, *cliproxycmd.LoginOptions) error - doctor func(string) (map[string]any, error) -} - -func defaultCommandExecutor() commandExecutor { - return commandExecutor{ - setup: cliproxycmd.DoSetupWizard, - login: runProviderLogin, - doctor: func(configPath string) (map[string]any, error) { - details := map[string]any{ - "config_path": configPath, - } - - info, err := os.Stat(configPath) - if err != nil { - details["config_exists"] = false - return details, fmt.Errorf("config file is not accessible: %w", err) - } - if info.IsDir() { - details["config_exists"] = false - return details, fmt.Errorf("config path %q is a directory", configPath) - } - details["config_exists"] = true - - cfg, err := config.LoadConfig(configPath) - if err != nil { - return details, fmt.Errorf("failed to load config: %w", err) - } - - authDir := strings.TrimSpace(cfg.AuthDir) - details["auth_dir"] = authDir - details["auth_dir_set"] = authDir != "" - details["provider_counts"] = map[string]int{ - "codex": len(cfg.CodexKey), - "claude": len(cfg.ClaudeKey), - "gemini": len(cfg.GeminiKey), - "kiro": len(cfg.KiroKey), - "cursor": len(cfg.CursorKey), - "openai_compatible": len(cfg.OpenAICompatibility), - } - details["status"] = "ok" - return details, nil - }, - } -} - -func runProviderLogin(cfg *config.Config, provider string, projectID string, options *cliproxycmd.LoginOptions) error { - switch normalizeProvider(provider) { - case "gemini": - cliproxycmd.DoLogin(cfg, strings.TrimSpace(projectID), options) - case "claude": - cliproxycmd.DoClaudeLogin(cfg, options) - case "codex": - cliproxycmd.DoCodexLogin(cfg, options) - case "kiro": - cliproxycmd.DoKiroLogin(cfg, options) - case "cursor": - cliproxycmd.DoCursorLogin(cfg, options) - case "copilot": - cliproxycmd.DoGitHubCopilotLogin(cfg, options) - case "minimax": - cliproxycmd.DoMinimaxLogin(cfg, options) - case "kimi": - cliproxycmd.DoKimiLogin(cfg, options) - case "deepseek": - cliproxycmd.DoDeepSeekLogin(cfg, options) - case "groq": - cliproxycmd.DoGroqLogin(cfg, options) - case "mistral": - cliproxycmd.DoMistralLogin(cfg, options) - case "siliconflow": - cliproxycmd.DoSiliconFlowLogin(cfg, options) - case "openrouter": - cliproxycmd.DoOpenRouterLogin(cfg, options) - case "together": - cliproxycmd.DoTogetherLogin(cfg, options) - case "fireworks": - cliproxycmd.DoFireworksLogin(cfg, options) - case "novita": - cliproxycmd.DoNovitaLogin(cfg, options) - case "roo": - cliproxycmd.DoRooLogin(cfg, options) - case "antigravity": - cliproxycmd.DoAntigravityLogin(cfg, options) - case "iflow": - cliproxycmd.DoIFlowLogin(cfg, options) - case "qwen": - cliproxycmd.DoQwenLogin(cfg, options) - case "kilo": - cliproxycmd.DoKiloLogin(cfg, options) - case "cline": - cliproxycmd.DoClineLogin(cfg, options) - case "amp": - cliproxycmd.DoAmpLogin(cfg, options) - case "factory-api": - cliproxycmd.DoFactoryAPILogin(cfg, options) - default: - return fmt.Errorf("unsupported provider %q", provider) - } - return nil -} - -func normalizeProvider(provider string) string { - normalized := strings.ToLower(strings.TrimSpace(provider)) - switch normalized { - case "github-copilot": - return "copilot" - case "githubcopilot": - return "copilot" - case "ampcode": - return "amp" - case "amp-code": - return "amp" - case "kilo-code": - return "kilo" - case "kilocode": - return "kilo" - case "roo-code": - return "roo" - case "roocode": - return "roo" - case "droid": - return "gemini" - case "droid-cli": - return "gemini" - case "droidcli": - return "gemini" - case "factoryapi": - return "factory-api" - case "openai-compatible": - return "factory-api" - default: - return normalized - } -} - -func main() { - os.Exit(run(os.Args[1:], os.Stdout, os.Stderr, time.Now, defaultCommandExecutor())) -} - -func run(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - if len(args) == 0 { - _, _ = fmt.Fprintln(stderr, "usage: cliproxyctl [flags]") - return 2 - } - - command := strings.TrimSpace(args[0]) - switch command { - case "setup": - return runSetup(args[1:], stdout, stderr, now, exec) - case "login": - return runLogin(args[1:], stdout, stderr, now, exec) - case "doctor": - return runDoctor(args[1:], stdout, stderr, now, exec) - case "dev": - return runDev(args[1:], stdout, stderr, now) - default: - if hasJSONFlag(args[1:]) { - writeEnvelope(stdout, now, command, false, map[string]any{ - "error": "unknown command", - }) - return 2 - } - _, _ = fmt.Fprintf(stderr, "unknown command %q\n", command) - return 2 - } -} - -func runSetup(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - fs := flag.NewFlagSet("setup", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var configPathFlag string - var providersRaw string - var seedKiroAlias bool - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.StringVar(&configPathFlag, "config", "", "Path to config file") - fs.StringVar(&providersRaw, "providers", "", "Comma-separated provider list for direct setup") - fs.BoolVar(&seedKiroAlias, "seed-kiro-alias", false, "Persist default oauth-model-alias entries for kiro when missing") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "setup", err) - } - - configPath := resolveConfigPath(strings.TrimSpace(configPathFlag)) - cfg, err := loadConfig(configPath, true) - if err != nil { - return renderError(stdout, stderr, jsonOutput, now, "setup", err) - } - - details := map[string]any{ - "config_path": configPath, - "config_exists": configFileExists(configPath), - } - providers := normalizeProviders(providersRaw) - if len(providers) > 0 { - details["providers"] = providers - } - details["seed_kiro_alias"] = seedKiroAlias - - if jsonOutput { - capturedStdout, capturedStderr, runErr := captureStdIO(func() error { - if len(providers) == 0 { - exec.setup(cfg, &cliproxycmd.SetupOptions{ConfigPath: configPath}) - return nil - } - for _, provider := range providers { - if err := exec.login(cfg, provider, "", &cliproxycmd.LoginOptions{ConfigPath: configPath}); err != nil { - return err - } - } - return nil - }) - if runErr == nil && seedKiroAlias { - seedErr := persistDefaultKiroAliases(configPath) - if seedErr != nil { - runErr = seedErr - } else { - details["kiro_alias_seeded"] = true - } - } - details["stdout"] = capturedStdout - if capturedStderr != "" { - details["stderr"] = capturedStderr - } - if runErr != nil { - if hint := rateLimitHint(runErr); hint != "" { - details["hint"] = hint - } - details["error"] = runErr.Error() - writeEnvelope(stdout, now, "setup", false, details) - return 1 - } - writeEnvelope(stdout, now, "setup", true, details) - return 0 - } - - if len(providers) == 0 { - exec.setup(cfg, &cliproxycmd.SetupOptions{ConfigPath: configPath}) - } else { - for _, provider := range providers { - if err := exec.login(cfg, provider, "", &cliproxycmd.LoginOptions{ConfigPath: configPath}); err != nil { - _, _ = fmt.Fprintf(stderr, "setup failed for provider %q: %v\n", provider, err) - if hint := rateLimitHint(err); hint != "" { - _, _ = fmt.Fprintln(stderr, hint) - } - return 1 - } - } - } - if seedKiroAlias { - if err := persistDefaultKiroAliases(configPath); err != nil { - _, _ = fmt.Fprintf(stderr, "setup failed to seed kiro aliases: %v\n", err) - return 1 - } - } - return 0 -} - -func runLogin(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - fs := flag.NewFlagSet("login", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var configPathFlag string - var provider string - var projectID string - var noBrowser bool - var callbackPort int - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.StringVar(&configPathFlag, "config", "", "Path to config file") - fs.StringVar(&provider, "provider", "", "Provider to login (or pass as first positional arg)") - fs.StringVar(&projectID, "project-id", "", "Optional Gemini project ID") - fs.BoolVar(&noBrowser, "no-browser", false, "Do not open browser for OAuth login") - fs.IntVar(&callbackPort, "oauth-callback-port", 0, "Override OAuth callback port") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "login", err) - } - if strings.TrimSpace(provider) == "" { - positionals := fs.Args() - if len(positionals) > 0 { - provider = strings.TrimSpace(positionals[0]) - } - } - resolvedProvider, providerDetails, resolveErr := resolveLoginProvider(provider) - if resolveErr != nil { - if jsonOutput { - writeEnvelope(stdout, now, "login", false, providerDetails) - return 2 - } - return renderError(stdout, stderr, false, now, "login", resolveErr) - } - - configPath := resolveConfigPath(strings.TrimSpace(configPathFlag)) - cfg, err := loadConfig(configPath, true) - if err != nil { - return renderError(stdout, stderr, jsonOutput, now, "login", err) - } - - details := map[string]any{ - "config_path": configPath, - "config_exists": configFileExists(configPath), - "provider": resolvedProvider, - "project_id": strings.TrimSpace(projectID), - } - for key, value := range providerDetails { - details[key] = value - } - - if jsonOutput { - capturedStdout, capturedStderr, runErr := captureStdIO(func() error { - return exec.login(cfg, resolvedProvider, strings.TrimSpace(projectID), &cliproxycmd.LoginOptions{ - NoBrowser: noBrowser, - CallbackPort: callbackPort, - ConfigPath: configPath, - }) - }) - details["stdout"] = capturedStdout - if capturedStderr != "" { - details["stderr"] = capturedStderr - } - if runErr != nil { - if hint := rateLimitHint(runErr); hint != "" { - details["hint"] = hint - } - details["error"] = runErr.Error() - writeEnvelope(stdout, now, "login", false, details) - return 1 - } - writeEnvelope(stdout, now, "login", true, details) - return 0 - } - - if err := exec.login(cfg, resolvedProvider, strings.TrimSpace(projectID), &cliproxycmd.LoginOptions{ - NoBrowser: noBrowser, - CallbackPort: callbackPort, - ConfigPath: configPath, - }); err != nil { - _, _ = fmt.Fprintf(stderr, "login failed for provider %q: %v\n", resolvedProvider, err) - if hint := rateLimitHint(err); hint != "" { - _, _ = fmt.Fprintln(stderr, hint) - } - return 1 - } - return 0 -} - -func runDoctor(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time, exec commandExecutor) int { - fs := flag.NewFlagSet("doctor", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var fix bool - var configPathFlag string - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.BoolVar(&fix, "fix", false, "Attempt deterministic remediation for known doctor failures") - fs.StringVar(&configPathFlag, "config", "", "Path to config file") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "doctor", err) - } - - configPath := resolveConfigPath(strings.TrimSpace(configPathFlag)) - if fix { - if err := ensureConfigFile(configPath); err != nil { - if jsonOutput { - writeEnvelope(stdout, now, "doctor", false, map[string]any{ - "config_path": configPath, - "fix": true, - "error": err.Error(), - "remediation": readOnlyRemediationHint(configPath), - }) - } else { - _, _ = fmt.Fprintf(stderr, "doctor --fix failed: %v\n", err) - _, _ = fmt.Fprintln(stderr, readOnlyRemediationHint(configPath)) - } - return 1 - } - } - details, err := exec.doctor(configPath) - if err != nil { - if details == nil { - details = map[string]any{} - } - details["fix"] = fix - details["error"] = err.Error() - if jsonOutput { - writeEnvelope(stdout, now, "doctor", false, details) - } else { - _, _ = fmt.Fprintf(stderr, "doctor failed: %v\n", err) - } - return 1 - } - - if details == nil { - details = map[string]any{} - } - details["fix"] = fix - if jsonOutput { - writeEnvelope(stdout, now, "doctor", true, details) - } else { - _, _ = fmt.Fprintf(stdout, "doctor ok (config=%s)\n", configPath) - } - return 0 -} - -func runDev(args []string, stdout io.Writer, stderr io.Writer, now func() time.Time) int { - fs := flag.NewFlagSet("dev", flag.ContinueOnError) - fs.SetOutput(io.Discard) - var jsonOutput bool - var file string - fs.BoolVar(&jsonOutput, "json", false, "Emit machine-readable JSON response") - fs.StringVar(&file, "file", "examples/process-compose.dev.yaml", "Path to process-compose profile file") - if err := fs.Parse(args); err != nil { - return renderError(stdout, stderr, jsonOutput, now, "dev", err) - } - - path := strings.TrimSpace(file) - details := map[string]any{ - "profile_file": path, - "hint": fmt.Sprintf("process-compose -f %s up", path), - "tool_failure_remediation": gemini3ProPreviewToolUsageRemediationHint(path), - } - info, err := os.Stat(path) - if err != nil { - details["profile_exists"] = false - if jsonOutput { - details["error"] = err.Error() - writeEnvelope(stdout, now, "dev", false, details) - return 1 - } - _, _ = fmt.Fprintf(stderr, "dev profile missing: %v\n", err) - return 1 - } - if info.IsDir() { - msg := fmt.Sprintf("dev profile path %q is a directory", path) - details["profile_exists"] = false - details["error"] = msg - if jsonOutput { - writeEnvelope(stdout, now, "dev", false, details) - return 1 - } - _, _ = fmt.Fprintln(stderr, msg) - return 1 - } - details["profile_exists"] = true - - if jsonOutput { - writeEnvelope(stdout, now, "dev", true, details) - } else { - _, _ = fmt.Fprintf(stdout, "dev profile ok: %s\n", path) - _, _ = fmt.Fprintf(stdout, "run: process-compose -f %s up\n", path) - _, _ = fmt.Fprintf(stdout, "tool-failure triage hint: %s\n", gemini3ProPreviewToolUsageRemediationHint(path)) - } - return 0 -} - -func gemini3ProPreviewToolUsageRemediationHint(profilePath string) string { - profilePath = strings.TrimSpace(profilePath) - if profilePath == "" { - profilePath = "examples/process-compose.dev.yaml" - } - return fmt.Sprintf( - "for gemini-3-pro-preview tool-use failures: touch config.yaml; process-compose -f %s down; process-compose -f %s up; curl -sS http://localhost:8317/v1/models -H \"Authorization: Bearer \" | jq '.data[].id' | rg 'gemini-3-pro-preview'; curl -sS -X POST http://localhost:8317/v1/chat/completions -H \"Authorization: Bearer \" -H \"Content-Type: application/json\" -d '{\"model\":\"gemini-3-pro-preview\",\"messages\":[{\"role\":\"user\",\"content\":\"ping\"}],\"stream\":false}'", - profilePath, - profilePath, - ) -} - -func renderError(stdout io.Writer, stderr io.Writer, jsonOutput bool, now func() time.Time, command string, err error) int { - if jsonOutput { - writeEnvelope(stdout, now, command, false, map[string]any{ - "error": err.Error(), - }) - } else { - _, _ = fmt.Fprintln(stderr, err.Error()) - } - return 2 -} - -func writeEnvelope(out io.Writer, now func() time.Time, command string, ok bool, details map[string]any) { - if details == nil { - details = map[string]any{} - } - envelope := responseEnvelope{ - SchemaVersion: responseSchemaVersion, - Command: command, - OK: ok, - Timestamp: now().UTC().Format(time.RFC3339Nano), - Details: details, - } - encoded, err := json.Marshal(envelope) - if err != nil { - fallback := fmt.Sprintf( - `{"schema_version":"%s","command":"%s","ok":false,"timestamp":"%s","details":{"error":"json marshal failed: %s"}}`, - responseSchemaVersion, - command, - now().UTC().Format(time.RFC3339Nano), - escapeForJSON(err.Error()), - ) - _, _ = io.WriteString(out, fallback+"\n") - return - } - _, _ = out.Write(append(encoded, '\n')) -} - -func resolveConfigPath(explicit string) string { - if explicit != "" { - return explicit - } - - lookup := []string{ - "CLIPROXY_CONFIG", - "CLIPROXY_CONFIG_PATH", - "CONFIG", - "CONFIG_PATH", - } - for _, key := range lookup { - if value := strings.TrimSpace(os.Getenv(key)); value != "" { - return value - } - } - - wd, err := os.Getwd() - if err != nil { - return "config.yaml" - } - primary := filepath.Join(wd, "config.yaml") - if configFileExists(primary) { - return primary - } - - nested := filepath.Join(wd, "config", "config.yaml") - if configFileExists(nested) { - return nested - } - return primary -} - -func loadConfig(configPath string, allowMissing bool) (*config.Config, error) { - cfg, err := config.LoadConfig(configPath) - if err == nil { - return cfg, nil - } - if allowMissing { - var pathErr *os.PathError - if errors.As(err, &pathErr) && os.IsNotExist(pathErr.Err) { - return &config.Config{}, nil - } - } - return nil, err -} - -func configFileExists(path string) bool { - info, err := os.Stat(path) - if err != nil { - return false - } - return !info.IsDir() -} - -func ensureConfigFile(configPath string) error { - if strings.TrimSpace(configPath) == "" { - return errors.New("config path is required") - } - if info, err := os.Stat(configPath); err == nil && info.IsDir() { - return fmt.Errorf("config path %q is a directory", configPath) - } - if configFileExists(configPath) { - return nil - } - configDir := filepath.Dir(configPath) - if err := os.MkdirAll(configDir, 0o700); err != nil { - return fmt.Errorf("create config directory: %w", err) - } - if err := ensureDirectoryWritable(configDir); err != nil { - return fmt.Errorf("config directory not writable: %w", err) - } - - templatePath := "config.example.yaml" - payload, err := os.ReadFile(templatePath) - if err != nil { - return fmt.Errorf("read %s: %w", templatePath, err) - } - if err := os.WriteFile(configPath, payload, 0o644); err != nil { - if errors.Is(err, syscall.EROFS) || errors.Is(err, syscall.EPERM) || errors.Is(err, syscall.EACCES) { - return fmt.Errorf("write config file: %w; %s", err, readOnlyRemediationHint(configPath)) - } - return fmt.Errorf("write config file: %w", err) - } - return nil -} - -func persistDefaultKiroAliases(configPath string) error { - if err := ensureConfigFile(configPath); err != nil { - return err - } - cfg, err := config.LoadConfig(configPath) - if err != nil { - return fmt.Errorf("load config for alias seeding: %w", err) - } - cfg.SanitizeOAuthModelAlias() - if err := config.SaveConfigPreserveComments(configPath, cfg); err != nil { - return fmt.Errorf("save config with kiro aliases: %w", err) - } - return nil -} - -func readOnlyRemediationHint(configPath string) string { - home, err := os.UserHomeDir() - if err != nil || strings.TrimSpace(home) == "" { - return fmt.Sprintf("use --config to point to a writable file path instead of %q", configPath) - } - suggested := filepath.Join(home, ".cliproxy", "config.yaml") - return fmt.Sprintf("use --config to point to a writable file path (for example %q)", suggested) -} - -func captureStdIO(runFn func() error) (string, string, error) { - origStdout := os.Stdout - origStderr := os.Stderr - - stdoutRead, stdoutWrite, err := os.Pipe() - if err != nil { - return "", "", err - } - stderrRead, stderrWrite, err := os.Pipe() - if err != nil { - _ = stdoutRead.Close() - _ = stdoutWrite.Close() - return "", "", err - } - - os.Stdout = stdoutWrite - os.Stderr = stderrWrite - - runErr := runFn() - - _ = stdoutWrite.Close() - _ = stderrWrite.Close() - os.Stdout = origStdout - os.Stderr = origStderr - - var outBuf bytes.Buffer - _, _ = io.Copy(&outBuf, stdoutRead) - _ = stdoutRead.Close() - var errBuf bytes.Buffer - _, _ = io.Copy(&errBuf, stderrRead) - _ = stderrRead.Close() - - return outBuf.String(), errBuf.String(), runErr -} - -func hasJSONFlag(args []string) bool { - for _, arg := range args { - if strings.TrimSpace(arg) == "--json" { - return true - } - } - return false -} - -const rateLimitHintMessage = "Provider returned HTTP 429 (too many requests). Pause or rotate credentials, run `cliproxyctl doctor`, and consult docs/troubleshooting.md#429 before retrying." - -type statusCoder interface { - StatusCode() int -} - -func rateLimitHint(err error) string { - if err == nil { - return "" - } - var coder statusCoder - if errors.As(err, &coder) && coder.StatusCode() == http.StatusTooManyRequests { - return rateLimitHintMessage - } - return "" -} - -func normalizeProviders(raw string) []string { - parts := strings.FieldsFunc(strings.ToLower(raw), func(r rune) bool { - return r == ',' || r == ' ' - }) - out := make([]string, 0, len(parts)) - seen := map[string]bool{} - for _, part := range parts { - provider := normalizeProvider(strings.TrimSpace(part)) - if provider == "" || seen[provider] { - continue - } - seen[provider] = true - out = append(out, provider) - } - return out -} - -func resolveLoginProvider(raw string) (string, map[string]any, error) { - rawProvider := strings.TrimSpace(raw) - if rawProvider == "" { - return "", map[string]any{ - "provider_input": rawProvider, - "supported_count": len(supportedProviders()), - "error": "missing provider", - }, errors.New("missing provider") - } - normalized := normalizeProvider(rawProvider) - supported := supportedProviders() - if !isSupportedProvider(normalized) { - return "", map[string]any{ - "provider_input": rawProvider, - "provider_alias": normalized, - "provider_supported": false, - "supported": supported, - "error": fmt.Sprintf("unsupported provider %q", rawProvider), - }, fmt.Errorf("unsupported provider %q (supported: %s)", rawProvider, strings.Join(supported, ", ")) - } - return normalized, map[string]any{ - "provider_input": rawProvider, - "provider_alias": normalized, - "provider_supported": true, - "provider_aliased": rawProvider != normalized, - }, nil -} - -func isSupportedProvider(provider string) bool { - _, ok := providerLoginHandlers()[provider] - return ok -} - -func supportedProviders() []string { - handlers := providerLoginHandlers() - out := make([]string, 0, len(handlers)) - for provider := range handlers { - out = append(out, provider) - } - sort.Strings(out) - return out -} - -func providerLoginHandlers() map[string]struct{} { - return map[string]struct{}{ - "gemini": {}, - "claude": {}, - "codex": {}, - "kiro": {}, - "cursor": {}, - "copilot": {}, - "minimax": {}, - "kimi": {}, - "deepseek": {}, - "groq": {}, - "mistral": {}, - "siliconflow": {}, - "openrouter": {}, - "together": {}, - "fireworks": {}, - "novita": {}, - "roo": {}, - "antigravity": {}, - "iflow": {}, - "qwen": {}, - "kilo": {}, - "cline": {}, - "amp": {}, - "factory-api": {}, - } -} - -func ensureDirectoryWritable(dir string) error { - if strings.TrimSpace(dir) == "" { - return errors.New("directory path is required") - } - probe, err := os.CreateTemp(dir, ".cliproxyctl-write-test-*") - if err != nil { - return err - } - probePath := probe.Name() - _ = probe.Close() - return os.Remove(probePath) -} - -func escapeForJSON(in string) string { - replacer := strings.NewReplacer(`\`, `\\`, `"`, `\"`) - return replacer.Replace(in) -} diff --git a/.worktrees/config/m/config-build/active/cmd/cliproxyctl/main_test.go b/.worktrees/config/m/config-build/active/cmd/cliproxyctl/main_test.go deleted file mode 100644 index 210b750fdd..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/cliproxyctl/main_test.go +++ /dev/null @@ -1,662 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "fmt" - "os" - "path/filepath" - "sort" - "strings" - "testing" - "time" - - cliproxycmd "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestRunSetupJSONResponseShape(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 1, 2, 3, 0, time.UTC) - } - - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(_ string) (map[string]any, error) { - return map[string]any{"status": "ok"}, nil - }, - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"setup", "--json", "--config", "/tmp/does-not-exist.yaml"}, &stdout, &stderr, fixedNow, exec) - if exitCode != 0 { - t.Fatalf("expected exit code 0, got %d (stderr=%q)", exitCode, stderr.String()) - } - - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("failed to decode JSON output: %v", err) - } - if got := payload["schema_version"]; got != responseSchemaVersion { - t.Fatalf("schema_version = %v, want %s", got, responseSchemaVersion) - } - if got := payload["command"]; got != "setup" { - t.Fatalf("command = %v, want setup", got) - } - if got := payload["ok"]; got != true { - t.Fatalf("ok = %v, want true", got) - } - if got := payload["timestamp"]; got != "2026-02-23T01:02:03Z" { - t.Fatalf("timestamp = %v, want 2026-02-23T01:02:03Z", got) - } - details, ok := payload["details"].(map[string]any) - if !ok { - t.Fatalf("details missing or wrong type: %#v", payload["details"]) - } - if _, exists := details["config_path"]; !exists { - t.Fatalf("details.config_path missing: %#v", details) - } -} - -func TestRunDoctorJSONFailureShape(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 4, 5, 6, 0, time.UTC) - } - - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(configPath string) (map[string]any, error) { - return map[string]any{"config_path": configPath}, assertErr("boom") - }, - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"doctor", "--json", "--config", "/tmp/missing.yaml"}, &stdout, &stderr, fixedNow, exec) - if exitCode != 1 { - t.Fatalf("expected exit code 1, got %d", exitCode) - } - - text := strings.TrimSpace(stdout.String()) - var payload map[string]any - if err := json.Unmarshal([]byte(text), &payload); err != nil { - t.Fatalf("failed to decode JSON output: %v", err) - } - if got := payload["schema_version"]; got != responseSchemaVersion { - t.Fatalf("schema_version = %v, want %s", got, responseSchemaVersion) - } - if got := payload["command"]; got != "doctor" { - t.Fatalf("command = %v, want doctor", got) - } - if got := payload["ok"]; got != false { - t.Fatalf("ok = %v, want false", got) - } - if got := payload["timestamp"]; got != "2026-02-23T04:05:06Z" { - t.Fatalf("timestamp = %v, want 2026-02-23T04:05:06Z", got) - } - details, ok := payload["details"].(map[string]any) - if !ok { - t.Fatalf("details missing or wrong type: %#v", payload["details"]) - } - if got, ok := details["error"].(string); !ok || !strings.Contains(got, "boom") { - t.Fatalf("details.error = %#v, want contains boom", details["error"]) - } -} - -func TestRunLoginJSONRequiresProvider(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 7, 8, 9, 0, time.UTC) - } - - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(_ string) (map[string]any, error) { return map[string]any{}, nil }, - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"login", "--json", "--config", "/tmp/does-not-exist.yaml"}, &stdout, &stderr, fixedNow, exec) - if exitCode != 2 { - t.Fatalf("expected exit code 2, got %d", exitCode) - } - - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("failed to decode JSON output: %v", err) - } - if got := payload["command"]; got != "login" { - t.Fatalf("command = %v, want login", got) - } - if got := payload["ok"]; got != false { - t.Fatalf("ok = %v, want false", got) - } -} - -func TestRunDoctorJSONWithFixCreatesConfigFromTemplate(t *testing.T) { - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 11, 12, 13, 0, time.UTC) - } - wd := t.TempDir() - tpl := []byte("ServerAddress: 127.0.0.1\nServerPort: \"4141\"\n") - if err := os.WriteFile(filepath.Join(wd, "config.example.yaml"), tpl, 0o644); err != nil { - t.Fatalf("write template: %v", err) - } - target := filepath.Join(wd, "nested", "config.yaml") - prevWD, err := os.Getwd() - if err != nil { - t.Fatalf("getwd: %v", err) - } - t.Cleanup(func() { _ = os.Chdir(prevWD) }) - if err := os.Chdir(wd); err != nil { - t.Fatalf("chdir: %v", err) - } - - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(configPath string) (map[string]any, error) { - if !configFileExists(configPath) { - return map[string]any{}, assertErr("missing config") - } - return map[string]any{"status": "ok", "config_path": configPath}, nil - }, - } - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"doctor", "--json", "--fix", "--config", target}, &stdout, &stderr, fixedNow, exec) - if exitCode != 0 { - t.Fatalf("expected exit code 0, got %d (stderr=%q stdout=%q)", exitCode, stderr.String(), stdout.String()) - } - if !configFileExists(target) { - t.Fatalf("expected doctor --fix to create %s", target) - } -} - -func TestRunDevJSONProfileValidation(t *testing.T) { - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 14, 15, 16, 0, time.UTC) - } - tmp := t.TempDir() - profile := filepath.Join(tmp, "dev.yaml") - if err := os.WriteFile(profile, []byte("version: '0.5'\n"), 0o644); err != nil { - t.Fatalf("write profile: %v", err) - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"dev", "--json", "--file", profile}, &stdout, &stderr, fixedNow, commandExecutor{}) - if exitCode != 0 { - t.Fatalf("expected exit code 0, got %d (stderr=%q stdout=%q)", exitCode, stderr.String(), stdout.String()) - } - - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("failed to decode JSON output: %v", err) - } - if got := payload["command"]; got != "dev" { - t.Fatalf("command = %v, want dev", got) - } - details, ok := payload["details"].(map[string]any) - if !ok { - t.Fatalf("details missing: %#v", payload["details"]) - } - if got := details["profile_exists"]; got != true { - t.Fatalf("details.profile_exists = %v, want true", got) - } -} - -func TestRunSetupJSONSeedKiroAlias(t *testing.T) { - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 15, 16, 17, 0, time.UTC) - } - wd := t.TempDir() - configPath := filepath.Join(wd, "config.yaml") - configBody := "host: 127.0.0.1\nport: 8317\nauth-dir: ./auth\n" - if err := os.WriteFile(configPath, []byte(configBody), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"setup", "--json", "--config", configPath, "--seed-kiro-alias"}, &stdout, &stderr, fixedNow, commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(_ string) (map[string]any, error) { return map[string]any{}, nil }, - }) - if exitCode != 0 { - t.Fatalf("expected exit code 0, got %d (stderr=%q stdout=%q)", exitCode, stderr.String(), stdout.String()) - } - - cfg, err := config.LoadConfig(configPath) - if err != nil { - t.Fatalf("load config after setup: %v", err) - } - if len(cfg.OAuthModelAlias["kiro"]) == 0 { - t.Fatalf("expected setup --seed-kiro-alias to persist default kiro aliases") - } -} - -func TestRunDoctorJSONFixReadOnlyRemediation(t *testing.T) { - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 16, 17, 18, 0, time.UTC) - } - wd := t.TempDir() - configPath := filepath.Join(wd, "config.yaml") - if err := os.Mkdir(configPath, 0o755); err != nil { - t.Fatalf("mkdir config path: %v", err) - } - - var stdout bytes.Buffer - var stderr bytes.Buffer - exitCode := run([]string{"doctor", "--json", "--fix", "--config", configPath}, &stdout, &stderr, fixedNow, commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(_ string) (map[string]any, error) { - return map[string]any{"status": "ok"}, nil - }, - }) - if exitCode == 0 { - t.Fatalf("expected non-zero exit for directory config path") - } - - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("decode JSON output: %v", err) - } - details, _ := payload["details"].(map[string]any) - remediation, _ := details["remediation"].(string) - if remediation == "" || !strings.Contains(remediation, "--config") { - t.Fatalf("expected remediation hint with --config, got %#v", details["remediation"]) - } -} - -func TestCPB0011To0020LaneJRegressionEvidence(t *testing.T) { - t.Parallel() - cases := []struct { - id string - description string - }{ - {"CPB-0011", "kiro compatibility hardening keeps provider aliases normalized"}, - {"CPB-0012", "opus model naming coverage remains available in utility tests"}, - {"CPB-0013", "tool_calls merge parity test coverage exists"}, - {"CPB-0014", "provider-agnostic model alias utility remains present"}, - {"CPB-0015", "bash tool argument path is covered by test corpus"}, - {"CPB-0016", "setup can persist default kiro oauth model aliases"}, - {"CPB-0017", "nullable-array troubleshooting quickstart doc exists"}, - {"CPB-0018", "copilot model mapping path has focused tests"}, - {"CPB-0019", "read-only config remediation guidance is explicit"}, - {"CPB-0020", "metadata naming board entries are tracked"}, - } - requiredPaths := map[string]string{ - "CPB-0012": filepath.Join("..", "..", "pkg", "llmproxy", "util", "claude_model_test.go"), - "CPB-0013": filepath.Join("..", "..", "pkg", "llmproxy", "translator", "openai", "openai", "responses", "openai_openai-responses_request_test.go"), - "CPB-0014": filepath.Join("..", "..", "pkg", "llmproxy", "util", "provider.go"), - "CPB-0015": filepath.Join("..", "..", "pkg", "llmproxy", "executor", "kimi_executor_test.go"), - "CPB-0017": filepath.Join("..", "..", "docs", "provider-quickstarts.md"), - "CPB-0018": filepath.Join("..", "..", "pkg", "llmproxy", "executor", "github_copilot_executor_test.go"), - "CPB-0020": filepath.Join("..", "..", "docs", "planning", "CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.csv"), - } - - for _, tc := range cases { - tc := tc - t.Run(tc.id, func(t *testing.T) { - switch tc.id { - case "CPB-0011": - if normalizeProvider("github-copilot") != "copilot" { - t.Fatalf("%s", tc.description) - } - case "CPB-0016": - wd := t.TempDir() - configPath := filepath.Join(wd, "config.yaml") - if err := os.WriteFile(configPath, []byte("host: 127.0.0.1\nport: 8317\n"), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - if err := persistDefaultKiroAliases(configPath); err != nil { - t.Fatalf("%s: %v", tc.description, err) - } - cfg, err := config.LoadConfig(configPath) - if err != nil { - t.Fatalf("reload config: %v", err) - } - if len(cfg.OAuthModelAlias["kiro"]) == 0 { - t.Fatalf("%s", tc.description) - } - case "CPB-0019": - hint := readOnlyRemediationHint("/CLIProxyAPI/config.yaml") - if !strings.Contains(hint, "--config") { - t.Fatalf("%s: hint=%q", tc.description, hint) - } - default: - path := requiredPaths[tc.id] - if _, err := os.Stat(path); err != nil { - t.Fatalf("%s: missing %s (%v)", tc.description, path, err) - } - } - }) - } -} - -func TestCPB0001To0010LaneIRegressionEvidence(t *testing.T) { - t.Parallel() - cases := []struct { - id string - description string - }{ - {"CPB-0001", "standalone management CLI entrypoint exists"}, - {"CPB-0002", "non-subprocess integration JSON envelope contract is stable"}, - {"CPB-0003", "dev profile command exists with process-compose hint"}, - {"CPB-0004", "provider quickstarts doc is present"}, - {"CPB-0005", "troubleshooting matrix doc is present"}, - {"CPB-0006", "interactive setup command remains available"}, - {"CPB-0007", "doctor --fix deterministic remediation exists"}, - {"CPB-0008", "responses compatibility tests are present"}, - {"CPB-0009", "reasoning conversion tests are present"}, - {"CPB-0010", "readme/frontmatter is present"}, - } - requiredPaths := map[string]string{ - "CPB-0001": filepath.Join("..", "..", "cmd", "cliproxyctl", "main.go"), - "CPB-0004": filepath.Join("..", "..", "docs", "provider-quickstarts.md"), - "CPB-0005": filepath.Join("..", "..", "docs", "troubleshooting.md"), - "CPB-0008": filepath.Join("..", "..", "pkg", "llmproxy", "translator", "openai", "openai", "responses", "openai_openai-responses_request_test.go"), - "CPB-0009": filepath.Join("..", "..", "test", "thinking_conversion_test.go"), - "CPB-0010": filepath.Join("..", "..", "README.md"), - } - for _, tc := range cases { - tc := tc - t.Run(tc.id, func(t *testing.T) { - switch tc.id { - case "CPB-0002": - if responseSchemaVersion == "" { - t.Fatalf("%s: response schema version is empty", tc.description) - } - case "CPB-0003": - dir := t.TempDir() - profile := filepath.Join(dir, "process-compose.dev.yaml") - if err := os.WriteFile(profile, []byte("version: '0.5'\n"), 0o644); err != nil { - t.Fatalf("write dev profile: %v", err) - } - var out bytes.Buffer - code := run([]string{"dev", "--json", "--file", profile}, &out, &bytes.Buffer{}, time.Now, commandExecutor{}) - if code != 0 { - t.Fatalf("%s: run code=%d output=%q", tc.description, code, out.String()) - } - case "CPB-0006": - var errOut bytes.Buffer - code := run([]string{"setup"}, &bytes.Buffer{}, &errOut, time.Now, commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(_ string) (map[string]any, error) { return map[string]any{}, nil }, - }) - if code != 0 { - t.Fatalf("%s: run code=%d stderr=%q", tc.description, code, errOut.String()) - } - case "CPB-0007": - dir := t.TempDir() - if err := os.WriteFile(filepath.Join(dir, "config.example.yaml"), []byte("ServerAddress: 127.0.0.1\n"), 0o644); err != nil { - t.Fatalf("write config.example.yaml: %v", err) - } - target := filepath.Join(dir, "config.yaml") - prev, err := os.Getwd() - if err != nil { - t.Fatalf("getwd: %v", err) - } - t.Cleanup(func() { _ = os.Chdir(prev) }) - if err := os.Chdir(dir); err != nil { - t.Fatalf("chdir: %v", err) - } - code := run([]string{"doctor", "--json", "--fix", "--config", target}, &bytes.Buffer{}, &bytes.Buffer{}, time.Now, commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, _ string, _ string, _ *cliproxycmd.LoginOptions) error { return nil }, - doctor: func(configPath string) (map[string]any, error) { - return map[string]any{"config_path": configPath}, nil - }, - }) - if code != 0 || !configFileExists(target) { - t.Fatalf("%s: code=%d config_exists=%v", tc.description, code, configFileExists(target)) - } - default: - path, ok := requiredPaths[tc.id] - if !ok { - return - } - if _, err := os.Stat(path); err != nil { - t.Fatalf("%s: missing required artifact %s (%v)", tc.description, path, err) - } - } - }) - } -} - -func TestResolveLoginProviderAliasAndValidation(t *testing.T) { - t.Parallel() - cases := []struct { - in string - want string - wantErr bool - }{ - {in: "ampcode", want: "amp"}, - {in: "github-copilot", want: "copilot"}, - {in: "kilocode", want: "kilo"}, - {in: "openai-compatible", want: "factory-api"}, - {in: "claude", want: "claude"}, - {in: "unknown-provider", wantErr: true}, - } - for _, tc := range cases { - tc := tc - t.Run(tc.in, func(t *testing.T) { - got, details, err := resolveLoginProvider(tc.in) - if tc.wantErr { - if err == nil { - t.Fatalf("expected error, got nil (provider=%q details=%#v)", tc.in, details) - } - return - } - if err != nil { - t.Fatalf("unexpected error for provider=%q: %v", tc.in, err) - } - if got != tc.want { - t.Fatalf("resolveLoginProvider(%q)=%q, want %q", tc.in, got, tc.want) - } - }) - } -} - -func TestRunLoginJSONNormalizesProviderAlias(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - fixedNow := func() time.Time { - return time.Date(2026, 2, 23, 17, 18, 19, 0, time.UTC) - } - exec := commandExecutor{ - setup: func(_ *config.Config, _ *cliproxycmd.SetupOptions) {}, - login: func(_ *config.Config, provider string, _ string, _ *cliproxycmd.LoginOptions) error { - if provider != "amp" { - return fmt.Errorf("provider=%s, want amp", provider) - } - return nil - }, - doctor: func(_ string) (map[string]any, error) { return map[string]any{}, nil }, - } - var stdout bytes.Buffer - var stderr bytes.Buffer - code := run([]string{"login", "--json", "--provider", "ampcode", "--config", "/tmp/not-required.yaml"}, &stdout, &stderr, fixedNow, exec) - if code != 0 { - t.Fatalf("run(login)= %d, stderr=%q stdout=%q", code, stderr.String(), stdout.String()) - } - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("decode payload: %v", err) - } - details := payload["details"].(map[string]any) - if details["provider"] != "amp" { - t.Fatalf("details.provider=%v, want amp", details["provider"]) - } - if details["provider_input"] != "ampcode" { - t.Fatalf("details.provider_input=%v, want ampcode", details["provider_input"]) - } -} - -func TestRunLoginJSONRejectsUnsupportedProviderWithSupportedList(t *testing.T) { - t.Setenv("CLIPROXY_CONFIG", "") - var stdout bytes.Buffer - var stderr bytes.Buffer - code := run([]string{"login", "--json", "--provider", "invalid-provider"}, &stdout, &stderr, time.Now, commandExecutor{}) - if code != 2 { - t.Fatalf("expected exit code 2, got %d", code) - } - var payload map[string]any - if err := json.Unmarshal(stdout.Bytes(), &payload); err != nil { - t.Fatalf("decode payload: %v", err) - } - details := payload["details"].(map[string]any) - supportedAny, ok := details["supported"].([]any) - if !ok || len(supportedAny) == 0 { - t.Fatalf("supported list missing from details: %#v", details) - } -} - -func TestEnsureConfigFileRejectsDirectoryTarget(t *testing.T) { - dir := t.TempDir() - target := filepath.Join(dir, "config.yaml") - if err := os.MkdirAll(target, 0o755); err != nil { - t.Fatalf("mkdir target directory: %v", err) - } - err := ensureConfigFile(target) - if err == nil || !strings.Contains(err.Error(), "is a directory") { - t.Fatalf("expected directory error, got %v", err) - } -} - -func TestSupportedProvidersSortedAndStable(t *testing.T) { - got := supportedProviders() - if len(got) == 0 { - t.Fatal("supportedProviders is empty") - } - want := append([]string(nil), got...) - sort.Strings(want) - // got should already be sorted - if strings.Join(got, ",") != strings.Join(want, ",") { - t.Fatalf("supportedProviders order changed unexpectedly: %v", got) - } -} - -func TestCPB0011To0020LaneMRegressionEvidence(t *testing.T) { - t.Parallel() - cases := []struct { - id string - fn func(*testing.T) - }{ - { - id: "CPB-0011", - fn: func(t *testing.T) { - got, _, err := resolveLoginProvider("ampcode") - if err != nil || got != "amp" { - t.Fatalf("expected amp alias normalization, got provider=%q err=%v", got, err) - } - }, - }, - { - id: "CPB-0012", - fn: func(t *testing.T) { - _, details, err := resolveLoginProvider("unsupported-opus-channel") - if err == nil { - t.Fatalf("expected validation error for unsupported provider") - } - if details["provider_supported"] != false { - t.Fatalf("provider_supported should be false: %#v", details) - } - }, - }, - { - id: "CPB-0013", - fn: func(t *testing.T) { - normalized, details, err := resolveLoginProvider("github-copilot") - if err != nil || normalized != "copilot" { - t.Fatalf("resolveLoginProvider failed: normalized=%q err=%v", normalized, err) - } - if details["provider_aliased"] != true { - t.Fatalf("expected provider_aliased=true, details=%#v", details) - } - }, - }, - { - id: "CPB-0014", - fn: func(t *testing.T) { - if normalizeProvider("kilocode") != "kilo" { - t.Fatalf("expected kilocode alias to map to kilo") - } - }, - }, - { - id: "CPB-0015", - fn: func(t *testing.T) { - got, _, err := resolveLoginProvider("amp-code") - if err != nil || got != "amp" { - t.Fatalf("expected amp-code alias to map to amp, got=%q err=%v", got, err) - } - }, - }, - { - id: "CPB-0016", - fn: func(t *testing.T) { - got, _, err := resolveLoginProvider("openai-compatible") - if err != nil || got != "factory-api" { - t.Fatalf("expected openai-compatible alias to map to factory-api, got=%q err=%v", got, err) - } - }, - }, - { - id: "CPB-0017", - fn: func(t *testing.T) { - if _, err := os.Stat(filepath.Join("..", "..", "docs", "provider-quickstarts.md")); err != nil { - t.Fatalf("provider quickstarts doc missing: %v", err) - } - }, - }, - { - id: "CPB-0018", - fn: func(t *testing.T) { - if normalizeProvider("githubcopilot") != "copilot" { - t.Fatalf("githubcopilot alias should normalize to copilot") - } - }, - }, - { - id: "CPB-0019", - fn: func(t *testing.T) { - dir := t.TempDir() - target := filepath.Join(dir, "config.yaml") - if err := os.MkdirAll(target, 0o755); err != nil { - t.Fatalf("mkdir: %v", err) - } - err := ensureConfigFile(target) - if err == nil || !strings.Contains(err.Error(), "is a directory") { - t.Fatalf("expected directory target rejection, got=%v", err) - } - }, - }, - { - id: "CPB-0020", - fn: func(t *testing.T) { - supported := supportedProviders() - if len(supported) < 10 { - t.Fatalf("expected rich supported-provider metadata, got=%d", len(supported)) - } - }, - }, - } - for _, tc := range cases { - tc := tc - t.Run(tc.id, tc.fn) - } -} - -type assertErr string - -func (e assertErr) Error() string { return string(e) } diff --git a/.worktrees/config/m/config-build/active/cmd/codegen/main.go b/.worktrees/config/m/config-build/active/cmd/codegen/main.go deleted file mode 100644 index 57d1ce26ca..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/codegen/main.go +++ /dev/null @@ -1,212 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "fmt" - "go/format" - "golang.org/x/text/cases" - "golang.org/x/text/language" - "log" - "os" - "path/filepath" - "text/template" -) - -type ProviderSpec struct { - Name string `json:"name"` - YAMLKey string `json:"yaml_key"` - GoName string `json:"go_name"` - BaseURL string `json:"base_url"` - EnvVars []string `json:"env_vars"` - DefaultModels []OpenAICompatibilityModel `json:"default_models"` -} - -type OpenAICompatibilityModel struct { - Name string `json:"name"` - Alias string `json:"alias"` -} - -const configTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package config - -import "strings" - -// GeneratedConfig contains generated config fields for dedicated providers. -type GeneratedConfig struct { -{{- range .Providers }} - {{- if .YAMLKey }} - // {{ .Name | goTitle }}Key defines {{ .Name | goTitle }} configurations. - {{ .Name | goTitle }}Key []{{ .Name | goTitle }}Key {{ printf "` + "`" + `yaml:\"%s\" json:\"%s\"` + "`" + `" .YAMLKey .YAMLKey }} - {{- end }} -{{- end }} -} - -{{ range .Providers }} -{{- if .YAMLKey }} -// {{ .Name | goTitle }}Key is a type alias for OAICompatProviderConfig for the {{ .Name }} provider. -type {{ .Name | goTitle }}Key = OAICompatProviderConfig -{{- end }} -{{- end }} - -// SanitizeGeneratedProviders trims whitespace from generated provider credential fields. -func (cfg *Config) SanitizeGeneratedProviders() { - if cfg == nil { - return - } -{{- range .Providers }} - {{- if .YAMLKey }} - for i := range cfg.{{ .Name | goTitle }}Key { - entry := &cfg.{{ .Name | goTitle }}Key[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - {{- end }} -{{- end }} -} -` - -const synthTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package synthesizer - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// getDedicatedProviderEntries returns the config entries for a dedicated provider. -func (s *ConfigSynthesizer) getDedicatedProviderEntries(p config.ProviderSpec, cfg *config.Config) []config.OAICompatProviderConfig { - switch p.YAMLKey { -{{- range .Providers }} - {{- if .YAMLKey }} - case "{{ .YAMLKey }}": - return cfg.{{ .Name | goTitle }}Key - {{- end }} -{{- end }} - } - return nil -} -` - -const registryTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package config - -// AllProviders defines the registry of all supported LLM providers. -// This is the source of truth for generated config fields and synthesizers. -var AllProviders = []ProviderSpec{ -{{- range .Providers }} - { - Name: "{{ .Name }}", - YAMLKey: "{{ .YAMLKey }}", - GoName: "{{ .GoName }}", - BaseURL: "{{ .BaseURL }}", - {{- if .EnvVars }} - EnvVars: []string{ - {{- range .EnvVars }}"{{ . }}",{{ end -}} - }, - {{- end }} - {{- if .DefaultModels }} - DefaultModels: []OpenAICompatibilityModel{ - {{- range .DefaultModels }} - {Name: "{{ .Name }}", Alias: "{{ .Alias }}"}, - {{- end }} - }, - {{- end }} - }, -{{- end }} -} -` - -const diffTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package diff - -import ( - "fmt" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// BuildConfigChangeDetailsGeneratedProviders computes changes for generated dedicated providers. -func BuildConfigChangeDetailsGeneratedProviders(oldCfg, newCfg *config.Config, changes *[]string) { -{{- range .Providers }} - {{- if .YAMLKey }} - if len(oldCfg.{{ .Name | goTitle }}Key) != len(newCfg.{{ .Name | goTitle }}Key) { - *changes = append(*changes, fmt.Sprintf("{{ .Name }}: count %d -> %d", len(oldCfg.{{ .Name | goTitle }}Key), len(newCfg.{{ .Name | goTitle }}Key))) - } - {{- end }} -{{- end }} -} -` - -func main() { - jsonPath := "pkg/llmproxy/config/providers.json" - configDir := "pkg/llmproxy/config" - authDir := "pkg/llmproxy/auth" - - if _, err := os.Stat(jsonPath); os.IsNotExist(err) { - // Try fallback for when run from within the config directory - jsonPath = "providers.json" - configDir = "." - authDir = "../auth" - } - - data, err := os.ReadFile(jsonPath) - if err != nil { - log.Fatalf("failed to read providers.json from %s: %v", jsonPath, err) - } - - var providers []ProviderSpec - if err := json.Unmarshal(data, &providers); err != nil { - log.Fatalf("failed to unmarshal providers: %v", err) - } - - templateData := struct { - Providers []ProviderSpec - }{ - Providers: providers, - } - - funcMap := template.FuncMap{ - "goTitle": func(name string) string { - for _, p := range providers { - if p.Name == name && p.GoName != "" { - return p.GoName - } - } - return cases.Title(language.Und).String(name) - }, - } - - // Generate config files - generate(filepath.Join(configDir, "config_generated.go"), configTemplate, templateData, funcMap) - generate(filepath.Join(configDir, "provider_registry_generated.go"), registryTemplate, templateData, funcMap) - - // Generate synthesizer file - generate(filepath.Join(authDir, "synthesizer/synthesizer_generated.go"), synthTemplate, templateData, funcMap) - - // Generate diff file - generate(filepath.Join(authDir, "diff/diff_generated.go"), diffTemplate, templateData, funcMap) -} - -func generate(filename string, tmplStr string, data interface{}, funcMap template.FuncMap) { - tmpl, err := template.New("gen").Funcs(funcMap).Parse(tmplStr) - if err != nil { - log.Fatalf("failed to parse template for %s: %v", filename, err) - } - - var buf bytes.Buffer - if err := tmpl.Execute(&buf, data); err != nil { - log.Fatalf("failed to execute template for %s: %v", filename, err) - } - - formatted, err := format.Source(buf.Bytes()) - if err != nil { - fmt.Printf("Warning: failed to format source for %s: %v\n", filename, err) - formatted = buf.Bytes() - } - - if err := os.WriteFile(filename, formatted, 0644); err != nil { - log.Fatalf("failed to write file %s: %v", filename, err) - } - fmt.Printf("Generated %s\n", filename) -} diff --git a/.worktrees/config/m/config-build/active/cmd/releasebatch/main.go b/.worktrees/config/m/config-build/active/cmd/releasebatch/main.go deleted file mode 100644 index ec0c9f6706..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/releasebatch/main.go +++ /dev/null @@ -1,328 +0,0 @@ -package main - -import ( - "bytes" - "errors" - "flag" - "fmt" - "os" - "os/exec" - "regexp" - "sort" - "strconv" - "strings" -) - -var tagPattern = regexp.MustCompile(`^v(\d+)\.(\d+)\.(\d+)(?:-(\d+))?$`) - -type versionTag struct { - Raw string - Major int - Minor int - Patch int - Batch int - HasBatch bool -} - -func parseVersionTag(raw string) (versionTag, bool) { - matches := tagPattern.FindStringSubmatch(strings.TrimSpace(raw)) - if len(matches) != 5 { - return versionTag{}, false - } - major, err := strconv.Atoi(matches[1]) - if err != nil { - return versionTag{}, false - } - minor, err := strconv.Atoi(matches[2]) - if err != nil { - return versionTag{}, false - } - patch, err := strconv.Atoi(matches[3]) - if err != nil { - return versionTag{}, false - } - batch := -1 - hasBatch := false - if matches[4] != "" { - parsed, err := strconv.Atoi(matches[4]) - if err != nil { - return versionTag{}, false - } - batch = parsed - hasBatch = true - } - return versionTag{ - Raw: raw, - Major: major, - Minor: minor, - Patch: patch, - Batch: batch, - HasBatch: hasBatch, - }, true -} - -func (v versionTag) less(other versionTag) bool { - if v.Major != other.Major { - return v.Major < other.Major - } - if v.Minor != other.Minor { - return v.Minor < other.Minor - } - if v.Patch != other.Patch { - return v.Patch < other.Patch - } - return v.Batch < other.Batch -} - -func run(name string, args ...string) (string, error) { - cmd := exec.Command(name, args...) - var stdout bytes.Buffer - var stderr bytes.Buffer - cmd.Stdout = &stdout - cmd.Stderr = &stderr - if err := cmd.Run(); err != nil { - return "", fmt.Errorf("%s %s: %w: %s", name, strings.Join(args, " "), err, strings.TrimSpace(stderr.String())) - } - return strings.TrimSpace(stdout.String()), nil -} - -func ensureCleanWorkingTree() error { - out, err := run("git", "status", "--porcelain") - if err != nil { - return err - } - if strings.TrimSpace(out) != "" { - return errors.New("working tree is not clean") - } - return nil -} - -func versionTags() ([]versionTag, error) { - out, err := run("git", "tag", "--list", "v*") - if err != nil { - return nil, err - } - lines := strings.Split(strings.TrimSpace(out), "\n") - tags := make([]versionTag, 0, len(lines)) - for _, line := range lines { - line = strings.TrimSpace(line) - if line == "" { - continue - } - parsed, ok := parseVersionTag(line) - if ok { - tags = append(tags, parsed) - } - } - sort.Slice(tags, func(i, j int) bool { - return tags[i].less(tags[j]) - }) - if len(tags) == 0 { - return nil, errors.New("no version tags matching v..-") - } - return tags, nil -} - -func commitsInRange(rangeSpec string) ([]string, error) { - out, err := run("git", "log", "--pretty=%H %s", rangeSpec) - if err != nil { - return nil, err - } - if strings.TrimSpace(out) == "" { - return nil, nil - } - lines := strings.Split(out, "\n") - result := make([]string, 0, len(lines)) - for _, line := range lines { - line = strings.TrimSpace(line) - if line != "" { - result = append(result, line) - } - } - return result, nil -} - -func buildNotes(commits []string) string { - var b strings.Builder - b.WriteString("## Changelog\n") - for _, c := range commits { - b.WriteString("* ") - b.WriteString(c) - b.WriteString("\n") - } - b.WriteString("\n") - return b.String() -} - -func createMode(targetBranch string, hotfix bool, dryRun bool) error { - if err := ensureCleanWorkingTree(); err != nil { - return err - } - if _, err := run("git", "fetch", "origin", targetBranch, "--quiet"); err != nil { - return err - } - if _, err := run("git", "fetch", "--tags", "origin", "--quiet"); err != nil { - return err - } - - tags, err := versionTags() - if err != nil { - return err - } - latest := tags[len(tags)-1] - - next := latest - if hotfix { - next.Batch++ - } else { - next.Patch++ - next.Batch = 0 - } - next.Raw = fmt.Sprintf("v%d.%d.%d-%d", next.Major, next.Minor, next.Patch, next.Batch) - - rangeSpec := fmt.Sprintf("%s..origin/%s", latest.Raw, targetBranch) - commits, err := commitsInRange(rangeSpec) - if err != nil { - return err - } - if len(commits) == 0 { - return fmt.Errorf("no commits found in range %s", rangeSpec) - } - notes := buildNotes(commits) - - fmt.Printf("latest tag : %s\n", latest.Raw) - fmt.Printf("next tag : %s\n", next.Raw) - fmt.Printf("target : origin/%s\n", targetBranch) - fmt.Printf("commits : %d\n", len(commits)) - - if dryRun { - fmt.Printf("\n--- release notes preview ---\n%s", notes) - return nil - } - - if _, err := run("git", "tag", "-a", next.Raw, "origin/"+targetBranch, "-m", next.Raw); err != nil { - return err - } - if _, err := run("git", "push", "origin", next.Raw); err != nil { - return err - } - - tmpFile, err := os.CreateTemp("", "release-notes-*.md") - if err != nil { - return err - } - defer func(path string) { - if errRemove := os.Remove(path); errRemove != nil && !errors.Is(errRemove, os.ErrNotExist) { - fmt.Fprintf(os.Stderr, "warning: failed to remove temp release notes file %s: %v\n", path, errRemove) - } - }(tmpFile.Name()) - if _, err := tmpFile.WriteString(notes); err != nil { - return err - } - if err := tmpFile.Close(); err != nil { - return err - } - - if _, err := run("gh", "release", "create", next.Raw, "--title", next.Raw, "--target", targetBranch, "--notes-file", tmpFile.Name()); err != nil { - return err - } - fmt.Printf("release published: %s\n", next.Raw) - return nil -} - -func notesMode(tag string, outputPath string, editRelease bool) error { - if tag == "" { - return errors.New("notes mode requires --tag") - } - if _, err := run("git", "fetch", "--tags", "origin", "--quiet"); err != nil { - return err - } - - tags, err := versionTags() - if err != nil { - return err - } - - currentIndex := -1 - for i, t := range tags { - if t.Raw == tag { - currentIndex = i - break - } - } - if currentIndex == -1 { - return fmt.Errorf("tag %s not found in version tag set", tag) - } - - var rangeSpec string - if currentIndex == 0 { - rangeSpec = tag - } else { - rangeSpec = fmt.Sprintf("%s..%s", tags[currentIndex-1].Raw, tag) - } - - commits, err := commitsInRange(rangeSpec) - if err != nil { - return err - } - notes := buildNotes(commits) - - if outputPath == "" { - fmt.Print(notes) - } else { - if err := os.WriteFile(outputPath, []byte(notes), 0o644); err != nil { - return err - } - } - - if editRelease { - notesArg := outputPath - if notesArg == "" { - tmpFile, err := os.CreateTemp("", "release-notes-*.md") - if err != nil { - return err - } - defer func(path string) { - if errRemove := os.Remove(path); errRemove != nil && !errors.Is(errRemove, os.ErrNotExist) { - fmt.Fprintf(os.Stderr, "warning: failed to remove temp release notes file %s: %v\n", path, errRemove) - } - }(tmpFile.Name()) - if _, err := tmpFile.WriteString(notes); err != nil { - return err - } - if err := tmpFile.Close(); err != nil { - return err - } - notesArg = tmpFile.Name() - } - if _, err := run("gh", "release", "edit", tag, "--notes-file", notesArg); err != nil { - return err - } - } - return nil -} - -func main() { - mode := flag.String("mode", "create", "Mode: create|notes") - target := flag.String("target", "main", "Target branch for create mode") - hotfix := flag.Bool("hotfix", false, "Create hotfix batch tag (same patch, +batch)") - dryRun := flag.Bool("dry-run", false, "Preview only (create mode)") - tag := flag.String("tag", "", "Tag for notes mode (example: v6.8.24-0)") - out := flag.String("out", "", "Output file path for notes mode (default stdout)") - editRelease := flag.Bool("edit-release", false, "Edit existing GitHub release notes in notes mode") - flag.Parse() - - var err error - switch *mode { - case "create": - err = createMode(*target, *hotfix, *dryRun) - case "notes": - err = notesMode(*tag, *out, *editRelease) - default: - err = fmt.Errorf("unknown mode: %s", *mode) - } - if err != nil { - fmt.Fprintf(os.Stderr, "error: %v\n", err) - os.Exit(1) - } -} diff --git a/.worktrees/config/m/config-build/active/cmd/releasebatch/main_test.go b/.worktrees/config/m/config-build/active/cmd/releasebatch/main_test.go deleted file mode 100644 index a29cfb41f4..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/releasebatch/main_test.go +++ /dev/null @@ -1,135 +0,0 @@ -package main - -import ( - "strings" - "testing" -) - -func TestParseVersionTag_ValidPatterns(t *testing.T) { - t.Parallel() - - cases := []struct { - raw string - major int - minor int - patch int - batch int - hasBatch bool - }{ - { - raw: "v6.8.24", - major: 6, - minor: 8, - patch: 24, - batch: -1, - hasBatch: false, - }, - { - raw: "v6.8.24-3", - major: 6, - minor: 8, - patch: 24, - batch: 3, - hasBatch: true, - }, - } - - for _, tc := range cases { - tc := tc - t.Run(tc.raw, func(t *testing.T) { - t.Parallel() - - got, ok := parseVersionTag(tc.raw) - if !ok { - t.Fatalf("parseVersionTag(%q) = false, want true", tc.raw) - } - if got.Raw != tc.raw { - t.Fatalf("parseVersionTag(%q).Raw = %q, want %q", tc.raw, got.Raw, tc.raw) - } - if got.Major != tc.major { - t.Fatalf("Major = %d, want %d", got.Major, tc.major) - } - if got.Minor != tc.minor { - t.Fatalf("Minor = %d, want %d", got.Minor, tc.minor) - } - if got.Patch != tc.patch { - t.Fatalf("Patch = %d, want %d", got.Patch, tc.patch) - } - if got.Batch != tc.batch { - t.Fatalf("Batch = %d, want %d", got.Batch, tc.batch) - } - if got.HasBatch != tc.hasBatch { - t.Fatalf("HasBatch = %v, want %v", got.HasBatch, tc.hasBatch) - } - }) - } -} - -func TestParseVersionTag_InvalidPatterns(t *testing.T) { - t.Parallel() - - for _, raw := range []string{ - "", - "6.8.24", - "v6.8", - "v6.8.24-beta", - "release-v6.8.24-1", - "v6.8.24-", - } { - raw := raw - t.Run(raw, func(t *testing.T) { - t.Parallel() - - if _, ok := parseVersionTag(raw); ok { - t.Fatalf("parseVersionTag(%q) = true, want false", raw) - } - }) - } -} - -func TestVersionTagLess(t *testing.T) { - t.Parallel() - - a, ok := parseVersionTag("v6.8.24") - if !ok { - t.Fatal("parseVersionTag(v6.8.24) failed") - } - b, ok := parseVersionTag("v6.8.24-1") - if !ok { - t.Fatal("parseVersionTag(v6.8.24-1) failed") - } - c, ok := parseVersionTag("v6.8.25") - if !ok { - t.Fatal("parseVersionTag(v6.8.25) failed") - } - - if !a.less(b) { - t.Fatalf("expected v6.8.24 < v6.8.24-1") - } - if !a.less(c) { - t.Fatalf("expected v6.8.24 < v6.8.25") - } - if !b.less(c) { - // Batch-suffixed tags are still ordered inside the same patch line; patch increment still wins. - t.Fatalf("expected v6.8.24-1 < v6.8.25") - } - if a.less(a) { - t.Fatalf("expected version to not be less than itself") - } -} - -func TestBuildNotes(t *testing.T) { - t.Parallel() - - got := buildNotes([]string{"abc123 fix bug", "def456 add docs"}) - lines := strings.Split(strings.TrimSuffix(got, "\n"), "\n") - if len(lines) != 4 { - t.Fatalf("unexpected changelog lines count: %d", len(lines)) - } - if lines[0] != "## Changelog" { - t.Fatalf("header = %q, want %q", lines[0], "## Changelog") - } - if lines[1] != "* abc123 fix bug" || lines[2] != "* def456 add docs" { - t.Fatalf("unexpected changelog bullets: %v", lines[1:3]) - } -} diff --git a/.worktrees/config/m/config-build/active/cmd/server/config_path.go b/.worktrees/config/m/config-build/active/cmd/server/config_path.go deleted file mode 100644 index 22251d7b5f..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/server/config_path.go +++ /dev/null @@ -1,55 +0,0 @@ -package main - -import ( - "os" - "path/filepath" - "strings" -) - -func resolveDefaultConfigPath(wd string, isCloudDeploy bool) string { - fallback := filepath.Join(wd, "config.yaml") - candidates := make([]string, 0, 12) - - addEnvCandidate := func(key string) { - value := strings.TrimSpace(os.Getenv(key)) - if value != "" { - candidates = append(candidates, value) - } - } - addEnvCandidate("CONFIG") - addEnvCandidate("CONFIG_PATH") - addEnvCandidate("CLIPROXY_CONFIG") - addEnvCandidate("CLIPROXY_CONFIG_PATH") - - candidates = append(candidates, fallback) - // If config.yaml is mounted as a directory (common Docker mis-mount), - // prefer the nested config/config.yaml path before failing on the directory. - candidates = append(candidates, filepath.Join(wd, "config", "config.yaml")) - if isCloudDeploy { - candidates = append(candidates, - "/CLIProxyAPI/config.yaml", - "/CLIProxyAPI/config/config.yaml", - "/config/config.yaml", - "/app/config.yaml", - "/app/config/config.yaml", - ) - } - - for _, candidate := range candidates { - if isReadableConfigFile(candidate) { - return candidate - } - } - return fallback -} - -func isReadableConfigFile(path string) bool { - if strings.TrimSpace(path) == "" { - return false - } - info, err := os.Stat(path) - if err != nil { - return false - } - return !info.IsDir() -} diff --git a/.worktrees/config/m/config-build/active/cmd/server/config_path_test.go b/.worktrees/config/m/config-build/active/cmd/server/config_path_test.go deleted file mode 100644 index e2d8426a7c..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/server/config_path_test.go +++ /dev/null @@ -1,107 +0,0 @@ -package main - -import ( - "os" - "path/filepath" - "testing" -) - -func TestResolveDefaultConfigPath_DefaultFallback(t *testing.T) { - t.Setenv("CONFIG", "") - t.Setenv("CONFIG_PATH", "") - t.Setenv("CLIPROXY_CONFIG", "") - t.Setenv("CLIPROXY_CONFIG_PATH", "") - - wd := t.TempDir() - got := resolveDefaultConfigPath(wd, false) - want := filepath.Join(wd, "config.yaml") - if got != want { - t.Fatalf("resolveDefaultConfigPath() = %q, want %q", got, want) - } -} - -func TestResolveDefaultConfigPath_PrefersEnvFile(t *testing.T) { - wd := t.TempDir() - envPath := filepath.Join(t.TempDir(), "env-config.yaml") - if err := os.WriteFile(envPath, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write env config: %v", err) - } - - t.Setenv("CONFIG_PATH", envPath) - t.Setenv("CONFIG", "") - t.Setenv("CLIPROXY_CONFIG", "") - t.Setenv("CLIPROXY_CONFIG_PATH", "") - - got := resolveDefaultConfigPath(wd, true) - if got != envPath { - t.Fatalf("resolveDefaultConfigPath() = %q, want env path %q", got, envPath) - } -} - -func TestResolveDefaultConfigPath_PrefersCLIPROXYConfigEnv(t *testing.T) { - wd := t.TempDir() - envPath := filepath.Join(t.TempDir(), "cliproxy-config.yaml") - if err := os.WriteFile(envPath, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write env config: %v", err) - } - - t.Setenv("CONFIG", "") - t.Setenv("CONFIG_PATH", "") - t.Setenv("CLIPROXY_CONFIG", envPath) - t.Setenv("CLIPROXY_CONFIG_PATH", "") - - got := resolveDefaultConfigPath(wd, true) - if got != envPath { - t.Fatalf("resolveDefaultConfigPath() = %q, want CLIPROXY_CONFIG path %q", got, envPath) - } -} - -func TestResolveDefaultConfigPath_CloudFallbackToNestedConfig(t *testing.T) { - t.Setenv("CONFIG", "") - t.Setenv("CONFIG_PATH", "") - t.Setenv("CLIPROXY_CONFIG", "") - t.Setenv("CLIPROXY_CONFIG_PATH", "") - - wd := t.TempDir() - configPathAsDir := filepath.Join(wd, "config.yaml") - if err := os.MkdirAll(configPathAsDir, 0o755); err != nil { - t.Fatalf("mkdir config.yaml dir: %v", err) - } - nested := filepath.Join(wd, "config", "config.yaml") - if err := os.MkdirAll(filepath.Dir(nested), 0o755); err != nil { - t.Fatalf("mkdir nested parent: %v", err) - } - if err := os.WriteFile(nested, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write nested config: %v", err) - } - - got := resolveDefaultConfigPath(wd, true) - if got != nested { - t.Fatalf("resolveDefaultConfigPath() = %q, want nested path %q", got, nested) - } -} - -func TestResolveDefaultConfigPath_NonCloudFallbackToNestedConfigWhenDefaultIsDir(t *testing.T) { - t.Setenv("CONFIG", "") - t.Setenv("CONFIG_PATH", "") - t.Setenv("CLIPROXY_CONFIG", "") - t.Setenv("CLIPROXY_CONFIG_PATH", "") - - wd := t.TempDir() - configPathAsDir := filepath.Join(wd, "config.yaml") - if err := os.MkdirAll(configPathAsDir, 0o755); err != nil { - t.Fatalf("mkdir config.yaml dir: %v", err) - } - nested := filepath.Join(wd, "config", "config.yaml") - if err := os.MkdirAll(filepath.Dir(nested), 0o755); err != nil { - t.Fatalf("mkdir nested parent: %v", err) - } - if err := os.WriteFile(nested, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write nested config: %v", err) - } - - got := resolveDefaultConfigPath(wd, false) - if got != nested { - t.Fatalf("resolveDefaultConfigPath() = %q, want nested path %q", got, nested) - } -} diff --git a/.worktrees/config/m/config-build/active/cmd/server/config_validate.go b/.worktrees/config/m/config-build/active/cmd/server/config_validate.go deleted file mode 100644 index bbedd4f683..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/server/config_validate.go +++ /dev/null @@ -1,34 +0,0 @@ -package main - -import ( - "bytes" - "fmt" - "io" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "gopkg.in/yaml.v3" -) - -func validateConfigFileStrict(configFilePath string) error { - data, err := os.ReadFile(configFilePath) - if err != nil { - return fmt.Errorf("failed to read config file: %w", err) - } - - var cfg config.Config - decoder := yaml.NewDecoder(bytes.NewReader(data)) - decoder.KnownFields(true) - if err := decoder.Decode(&cfg); err != nil { - return fmt.Errorf("strict schema validation failed: %w", err) - } - var trailing any - if err := decoder.Decode(&trailing); err != io.EOF { - return fmt.Errorf("config must contain a single YAML document") - } - - if _, err := config.LoadConfig(configFilePath); err != nil { - return fmt.Errorf("runtime validation failed: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/cmd/server/config_validate_test.go b/.worktrees/config/m/config-build/active/cmd/server/config_validate_test.go deleted file mode 100644 index aa6108a295..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/server/config_validate_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package main - -import ( - "os" - "path/filepath" - "strings" - "testing" -) - -func TestValidateConfigFileStrict_Success(t *testing.T) { - configPath := filepath.Join(t.TempDir(), "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - if err := validateConfigFileStrict(configPath); err != nil { - t.Fatalf("validateConfigFileStrict() unexpected error: %v", err) - } -} - -func TestValidateConfigFileStrict_UnknownField(t *testing.T) { - configPath := filepath.Join(t.TempDir(), "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8317\nws-authentication: true\n"), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - err := validateConfigFileStrict(configPath) - if err == nil { - t.Fatal("expected error for unknown field, got nil") - } - if !strings.Contains(err.Error(), "strict schema validation failed") { - t.Fatalf("unexpected error: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/cmd/server/main.go b/.worktrees/config/m/config-build/active/cmd/server/main.go deleted file mode 100644 index 2ef8c33913..0000000000 --- a/.worktrees/config/m/config-build/active/cmd/server/main.go +++ /dev/null @@ -1,634 +0,0 @@ -// Package main provides the entry point for the CLI Proxy API server. -// This server acts as a proxy that provides OpenAI/Gemini/Claude compatible API interfaces -// for CLI models, allowing CLI models to be used with tools and libraries designed for standard AI APIs. -package main - -import ( - "context" - "errors" - "flag" - "fmt" - "io" - "io/fs" - "net/url" - "os" - "path/filepath" - "strings" - "time" - - "github.com/joho/godotenv" - configaccess "github.com/router-for-me/CLIProxyAPI/v6/internal/access/config_access" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/internal/buildinfo" - "github.com/router-for-me/CLIProxyAPI/v6/internal/cmd" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - "github.com/router-for-me/CLIProxyAPI/v6/internal/managementasset" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/store" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator" - "github.com/router-for-me/CLIProxyAPI/v6/internal/tui" - "github.com/router-for-me/CLIProxyAPI/v6/internal/usage" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -var ( - Version = "dev" - Commit = "none" - BuildDate = "unknown" - DefaultConfigPath = "" -) - -// init initializes the shared logger setup. -func init() { - logging.SetupBaseLogger() - buildinfo.Version = Version - buildinfo.Commit = Commit - buildinfo.BuildDate = BuildDate -} - -// setKiroIncognitoMode sets the incognito browser mode for Kiro authentication. -// Kiro defaults to incognito mode for multi-account support. -// Users can explicitly override with --incognito or --no-incognito flags. -func setKiroIncognitoMode(cfg *config.Config, useIncognito, noIncognito bool) { - if useIncognito { - cfg.IncognitoBrowser = true - } else if noIncognito { - cfg.IncognitoBrowser = false - } else { - cfg.IncognitoBrowser = true // Kiro default - } -} - -// main is the entry point of the application. -// It parses command-line flags, loads configuration, and starts the appropriate -// service based on the provided flags (login, codex-login, or server mode). -func main() { - fmt.Printf("CLIProxyAPI Version: %s, Commit: %s, BuiltAt: %s\n", buildinfo.Version, buildinfo.Commit, buildinfo.BuildDate) - - // Command-line flags to control the application's behavior. - var login bool - var codexLogin bool - var claudeLogin bool - var qwenLogin bool - var kiloLogin bool - var iflowLogin bool - var iflowCookie bool - var noBrowser bool - var oauthCallbackPort int - var antigravityLogin bool - var kimiLogin bool - var kiroLogin bool - var kiroGoogleLogin bool - var kiroAWSLogin bool - var kiroAWSAuthCode bool - var kiroImport bool - var githubCopilotLogin bool - var projectID string - var vertexImport string - var configPath string - var password string - var tuiMode bool - var standalone bool - var noIncognito bool - var useIncognito bool - - // Define command-line flags for different operation modes. - flag.BoolVar(&login, "login", false, "Login Google Account") - flag.BoolVar(&codexLogin, "codex-login", false, "Login to Codex using OAuth") - flag.BoolVar(&claudeLogin, "claude-login", false, "Login to Claude using OAuth") - flag.BoolVar(&qwenLogin, "qwen-login", false, "Login to Qwen using OAuth") - flag.BoolVar(&kiloLogin, "kilo-login", false, "Login to Kilo AI using device flow") - flag.BoolVar(&iflowLogin, "iflow-login", false, "Login to iFlow using OAuth") - flag.BoolVar(&iflowCookie, "iflow-cookie", false, "Login to iFlow using Cookie") - flag.BoolVar(&noBrowser, "no-browser", false, "Don't open browser automatically for OAuth") - flag.IntVar(&oauthCallbackPort, "oauth-callback-port", 0, "Override OAuth callback port (defaults to provider-specific port)") - flag.BoolVar(&useIncognito, "incognito", false, "Open browser in incognito/private mode for OAuth (useful for multiple accounts)") - flag.BoolVar(&noIncognito, "no-incognito", false, "Force disable incognito mode (uses existing browser session)") - flag.BoolVar(&antigravityLogin, "antigravity-login", false, "Login to Antigravity using OAuth") - flag.BoolVar(&kimiLogin, "kimi-login", false, "Login to Kimi using OAuth") - flag.BoolVar(&kiroLogin, "kiro-login", false, "Login to Kiro using Google OAuth") - flag.BoolVar(&kiroGoogleLogin, "kiro-google-login", false, "Login to Kiro using Google OAuth (same as --kiro-login)") - flag.BoolVar(&kiroAWSLogin, "kiro-aws-login", false, "Login to Kiro using AWS Builder ID (device code flow)") - flag.BoolVar(&kiroAWSAuthCode, "kiro-aws-authcode", false, "Login to Kiro using AWS Builder ID (authorization code flow, better UX)") - flag.BoolVar(&kiroImport, "kiro-import", false, "Import Kiro token from Kiro IDE (~/.aws/sso/cache/kiro-auth-token.json)") - flag.BoolVar(&githubCopilotLogin, "github-copilot-login", false, "Login to GitHub Copilot using device flow") - flag.StringVar(&projectID, "project_id", "", "Project ID (Gemini only, not required)") - flag.StringVar(&configPath, "config", DefaultConfigPath, "Configure File Path") - flag.StringVar(&vertexImport, "vertex-import", "", "Import Vertex service account key JSON file") - flag.StringVar(&password, "password", "", "") - flag.BoolVar(&tuiMode, "tui", false, "Start with terminal management UI") - flag.BoolVar(&standalone, "standalone", false, "In TUI mode, start an embedded local server") - - flag.CommandLine.Usage = func() { - out := flag.CommandLine.Output() - _, _ = fmt.Fprintf(out, "Usage of %s\n", os.Args[0]) - flag.CommandLine.VisitAll(func(f *flag.Flag) { - if f.Name == "password" { - return - } - s := fmt.Sprintf(" -%s", f.Name) - name, unquoteUsage := flag.UnquoteUsage(f) - if name != "" { - s += " " + name - } - if len(s) <= 4 { - s += " " - } else { - s += "\n " - } - if unquoteUsage != "" { - s += unquoteUsage - } - if f.DefValue != "" && f.DefValue != "false" && f.DefValue != "0" { - s += fmt.Sprintf(" (default %s)", f.DefValue) - } - _, _ = fmt.Fprint(out, s+"\n") - }) - } - - // Parse the command-line flags. - flag.Parse() - - // Core application variables. - var err error - var cfg *config.Config - var isCloudDeploy bool - var ( - usePostgresStore bool - pgStoreDSN string - pgStoreSchema string - pgStoreLocalPath string - pgStoreInst *store.PostgresStore - useGitStore bool - gitStoreRemoteURL string - gitStoreUser string - gitStorePassword string - gitStoreLocalPath string - gitStoreInst *store.GitTokenStore - gitStoreRoot string - useObjectStore bool - objectStoreEndpoint string - objectStoreAccess string - objectStoreSecret string - objectStoreBucket string - objectStoreLocalPath string - objectStoreInst *store.ObjectTokenStore - ) - - wd, err := os.Getwd() - if err != nil { - log.Errorf("failed to get working directory: %v", err) - return - } - - // Load environment variables from .env if present. - if errLoad := godotenv.Load(filepath.Join(wd, ".env")); errLoad != nil { - if !errors.Is(errLoad, os.ErrNotExist) { - log.WithError(errLoad).Warn("failed to load .env file") - } - } - - lookupEnv := func(keys ...string) (string, bool) { - for _, key := range keys { - if value, ok := os.LookupEnv(key); ok { - if trimmed := strings.TrimSpace(value); trimmed != "" { - return trimmed, true - } - } - } - return "", false - } - writableBase := util.WritablePath() - if value, ok := lookupEnv("PGSTORE_DSN", "pgstore_dsn"); ok { - usePostgresStore = true - pgStoreDSN = value - } - if usePostgresStore { - if value, ok := lookupEnv("PGSTORE_SCHEMA", "pgstore_schema"); ok { - pgStoreSchema = value - } - if value, ok := lookupEnv("PGSTORE_LOCAL_PATH", "pgstore_local_path"); ok { - pgStoreLocalPath = value - } - if pgStoreLocalPath == "" { - if writableBase != "" { - pgStoreLocalPath = writableBase - } else { - pgStoreLocalPath = wd - } - } - useGitStore = false - } - if value, ok := lookupEnv("GITSTORE_GIT_URL", "gitstore_git_url"); ok { - useGitStore = true - gitStoreRemoteURL = value - } - if value, ok := lookupEnv("GITSTORE_GIT_USERNAME", "gitstore_git_username"); ok { - gitStoreUser = value - } - if value, ok := lookupEnv("GITSTORE_GIT_TOKEN", "gitstore_git_token"); ok { - gitStorePassword = value - } - if value, ok := lookupEnv("GITSTORE_LOCAL_PATH", "gitstore_local_path"); ok { - gitStoreLocalPath = value - } - if value, ok := lookupEnv("OBJECTSTORE_ENDPOINT", "objectstore_endpoint"); ok { - useObjectStore = true - objectStoreEndpoint = value - } - if value, ok := lookupEnv("OBJECTSTORE_ACCESS_KEY", "objectstore_access_key"); ok { - objectStoreAccess = value - } - if value, ok := lookupEnv("OBJECTSTORE_SECRET_KEY", "objectstore_secret_key"); ok { - objectStoreSecret = value - } - if value, ok := lookupEnv("OBJECTSTORE_BUCKET", "objectstore_bucket"); ok { - objectStoreBucket = value - } - if value, ok := lookupEnv("OBJECTSTORE_LOCAL_PATH", "objectstore_local_path"); ok { - objectStoreLocalPath = value - } - - // Check for cloud deploy mode only on first execution - // Read env var name in uppercase: DEPLOY - deployEnv := os.Getenv("DEPLOY") - if deployEnv == "cloud" { - isCloudDeploy = true - } - - // Determine and load the configuration file. - // Prefer the Postgres store when configured, otherwise fallback to git or local files. - var configFilePath string - if usePostgresStore { - if pgStoreLocalPath == "" { - pgStoreLocalPath = wd - } - pgStoreLocalPath = filepath.Join(pgStoreLocalPath, "pgstore") - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - pgStoreInst, err = store.NewPostgresStore(ctx, store.PostgresStoreConfig{ - DSN: pgStoreDSN, - Schema: pgStoreSchema, - SpoolDir: pgStoreLocalPath, - }) - cancel() - if err != nil { - log.Errorf("failed to initialize postgres token store: %v", err) - return - } - examplePath := filepath.Join(wd, "config.example.yaml") - ctx, cancel = context.WithTimeout(context.Background(), 30*time.Second) - if errBootstrap := pgStoreInst.Bootstrap(ctx, examplePath); errBootstrap != nil { - cancel() - log.Errorf("failed to bootstrap postgres-backed config: %v", errBootstrap) - return - } - cancel() - configFilePath = pgStoreInst.ConfigPath() - cfg, err = config.LoadConfigOptional(configFilePath, isCloudDeploy) - if err == nil { - cfg.AuthDir = pgStoreInst.AuthDir() - log.Infof("postgres-backed token store enabled, workspace path: %s", pgStoreInst.WorkDir()) - } - } else if useObjectStore { - if objectStoreLocalPath == "" { - if writableBase != "" { - objectStoreLocalPath = writableBase - } else { - objectStoreLocalPath = wd - } - } - objectStoreRoot := filepath.Join(objectStoreLocalPath, "objectstore") - resolvedEndpoint := strings.TrimSpace(objectStoreEndpoint) - useSSL := true - if strings.Contains(resolvedEndpoint, "://") { - parsed, errParse := url.Parse(resolvedEndpoint) - if errParse != nil { - log.Errorf("failed to parse object store endpoint %q: %v", objectStoreEndpoint, errParse) - return - } - switch strings.ToLower(parsed.Scheme) { - case "http": - useSSL = false - case "https": - useSSL = true - default: - log.Errorf("unsupported object store scheme %q (only http and https are allowed)", parsed.Scheme) - return - } - if parsed.Host == "" { - log.Errorf("object store endpoint %q is missing host information", objectStoreEndpoint) - return - } - resolvedEndpoint = parsed.Host - if parsed.Path != "" && parsed.Path != "/" { - resolvedEndpoint = strings.TrimSuffix(parsed.Host+parsed.Path, "/") - } - } - resolvedEndpoint = strings.TrimRight(resolvedEndpoint, "/") - objCfg := store.ObjectStoreConfig{ - Endpoint: resolvedEndpoint, - Bucket: objectStoreBucket, - AccessKey: objectStoreAccess, - SecretKey: objectStoreSecret, - LocalRoot: objectStoreRoot, - UseSSL: useSSL, - PathStyle: true, - } - objectStoreInst, err = store.NewObjectTokenStore(objCfg) - if err != nil { - log.Errorf("failed to initialize object token store: %v", err) - return - } - examplePath := filepath.Join(wd, "config.example.yaml") - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - if errBootstrap := objectStoreInst.Bootstrap(ctx, examplePath); errBootstrap != nil { - cancel() - log.Errorf("failed to bootstrap object-backed config: %v", errBootstrap) - return - } - cancel() - configFilePath = objectStoreInst.ConfigPath() - cfg, err = config.LoadConfigOptional(configFilePath, isCloudDeploy) - if err == nil { - if cfg == nil { - cfg = &config.Config{} - } - cfg.AuthDir = objectStoreInst.AuthDir() - log.Infof("object-backed token store enabled, bucket: %s", objectStoreBucket) - } - } else if useGitStore { - if gitStoreLocalPath == "" { - if writableBase != "" { - gitStoreLocalPath = writableBase - } else { - gitStoreLocalPath = wd - } - } - gitStoreRoot = filepath.Join(gitStoreLocalPath, "gitstore") - authDir := filepath.Join(gitStoreRoot, "auths") - gitStoreInst = store.NewGitTokenStore(gitStoreRemoteURL, gitStoreUser, gitStorePassword) - gitStoreInst.SetBaseDir(authDir) - if errRepo := gitStoreInst.EnsureRepository(); errRepo != nil { - log.Errorf("failed to prepare git token store: %v", errRepo) - return - } - configFilePath = gitStoreInst.ConfigPath() - if configFilePath == "" { - configFilePath = filepath.Join(gitStoreRoot, "config", "config.yaml") - } - if _, statErr := os.Stat(configFilePath); errors.Is(statErr, fs.ErrNotExist) { - examplePath := filepath.Join(wd, "config.example.yaml") - if _, errExample := os.Stat(examplePath); errExample != nil { - log.Errorf("failed to find template config file: %v", errExample) - return - } - if errCopy := misc.CopyConfigTemplate(examplePath, configFilePath); errCopy != nil { - log.Errorf("failed to bootstrap git-backed config: %v", errCopy) - return - } - if errCommit := gitStoreInst.PersistConfig(context.Background()); errCommit != nil { - log.Errorf("failed to commit initial git-backed config: %v", errCommit) - return - } - log.Infof("git-backed config initialized from template: %s", configFilePath) - } else if statErr != nil { - log.Errorf("failed to inspect git-backed config: %v", statErr) - return - } - cfg, err = config.LoadConfigOptional(configFilePath, isCloudDeploy) - if err == nil { - cfg.AuthDir = gitStoreInst.AuthDir() - log.Infof("git-backed token store enabled, repository path: %s", gitStoreRoot) - } - } else if configPath != "" { - configFilePath = configPath - cfg, err = config.LoadConfigOptional(configPath, isCloudDeploy) - } else { - wd, err = os.Getwd() - if err != nil { - log.Errorf("failed to get working directory: %v", err) - return - } - configFilePath = filepath.Join(wd, "config.yaml") - cfg, err = config.LoadConfigOptional(configFilePath, isCloudDeploy) - } - if err != nil { - log.Errorf("failed to load config: %v", err) - return - } - if cfg == nil { - cfg = &config.Config{} - } - - // In cloud deploy mode, check if we have a valid configuration - var configFileExists bool - if isCloudDeploy { - if info, errStat := os.Stat(configFilePath); errStat != nil { - // Don't mislead: API server will not start until configuration is provided. - log.Info("Cloud deploy mode: No configuration file detected; standing by for configuration") - configFileExists = false - } else if info.IsDir() { - log.Info("Cloud deploy mode: Config path is a directory; standing by for configuration") - configFileExists = false - } else if cfg.Port == 0 { - // LoadConfigOptional returns empty config when file is empty or invalid. - // Config file exists but is empty or invalid; treat as missing config - log.Info("Cloud deploy mode: Configuration file is empty or invalid; standing by for valid configuration") - configFileExists = false - } else { - log.Info("Cloud deploy mode: Configuration file detected; starting service") - configFileExists = true - } - } - usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled) - coreauth.SetQuotaCooldownDisabled(cfg.DisableCooling) - - if err = logging.ConfigureLogOutput(cfg); err != nil { - log.Errorf("failed to configure log output: %v", err) - return - } - - log.Infof("CLIProxyAPI Version: %s, Commit: %s, BuiltAt: %s", buildinfo.Version, buildinfo.Commit, buildinfo.BuildDate) - - // Set the log level based on the configuration. - util.SetLogLevel(cfg) - - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory: %v", errResolveAuthDir) - return - } else { - cfg.AuthDir = resolvedAuthDir - } - managementasset.SetCurrentConfig(cfg) - - // Create login options to be used in authentication flows. - options := &cmd.LoginOptions{ - NoBrowser: noBrowser, - CallbackPort: oauthCallbackPort, - } - - // Register the shared token store once so all components use the same persistence backend. - if usePostgresStore { - sdkAuth.RegisterTokenStore(pgStoreInst) - } else if useObjectStore { - sdkAuth.RegisterTokenStore(objectStoreInst) - } else if useGitStore { - sdkAuth.RegisterTokenStore(gitStoreInst) - } else { - sdkAuth.RegisterTokenStore(sdkAuth.NewFileTokenStore()) - } - - // Register built-in access providers before constructing services. - configaccess.Register(&cfg.SDKConfig) - - // Handle different command modes based on the provided flags. - - if vertexImport != "" { - // Handle Vertex service account import - cmd.DoVertexImport(cfg, vertexImport) - } else if login { - // Handle Google/Gemini login - cmd.DoLogin(cfg, projectID, options) - } else if antigravityLogin { - // Handle Antigravity login - cmd.DoAntigravityLogin(cfg, options) - } else if githubCopilotLogin { - // Handle GitHub Copilot login - cmd.DoGitHubCopilotLogin(cfg, options) - } else if codexLogin { - // Handle Codex login - cmd.DoCodexLogin(cfg, options) - } else if claudeLogin { - // Handle Claude login - cmd.DoClaudeLogin(cfg, options) - } else if qwenLogin { - cmd.DoQwenLogin(cfg, options) - } else if kiloLogin { - cmd.DoKiloLogin(cfg, options) - } else if iflowLogin { - cmd.DoIFlowLogin(cfg, options) - } else if iflowCookie { - cmd.DoIFlowCookieAuth(cfg, options) - } else if kimiLogin { - cmd.DoKimiLogin(cfg, options) - } else if kiroLogin { - // For Kiro auth, default to incognito mode for multi-account support - // Users can explicitly override with --no-incognito - // Note: This config mutation is safe - auth commands exit after completion - // and don't share config with StartService (which is in the else branch) - setKiroIncognitoMode(cfg, useIncognito, noIncognito) - cmd.DoKiroLogin(cfg, options) - } else if kiroGoogleLogin { - // For Kiro auth, default to incognito mode for multi-account support - // Users can explicitly override with --no-incognito - // Note: This config mutation is safe - auth commands exit after completion - setKiroIncognitoMode(cfg, useIncognito, noIncognito) - cmd.DoKiroGoogleLogin(cfg, options) - } else if kiroAWSLogin { - // For Kiro auth, default to incognito mode for multi-account support - // Users can explicitly override with --no-incognito - setKiroIncognitoMode(cfg, useIncognito, noIncognito) - cmd.DoKiroAWSLogin(cfg, options) - } else if kiroAWSAuthCode { - // For Kiro auth with authorization code flow (better UX) - setKiroIncognitoMode(cfg, useIncognito, noIncognito) - cmd.DoKiroAWSAuthCodeLogin(cfg, options) - } else if kiroImport { - cmd.DoKiroImport(cfg, options) - } else { - // In cloud deploy mode without config file, just wait for shutdown signals - if isCloudDeploy && !configFileExists { - // No config file available, just wait for shutdown - cmd.WaitForCloudDeploy() - return - } - if tuiMode { - if standalone { - // Standalone mode: start an embedded local server and connect TUI client to it. - managementasset.StartAutoUpdater(context.Background(), configFilePath) - hook := tui.NewLogHook(2000) - hook.SetFormatter(&logging.LogFormatter{}) - log.AddHook(hook) - - origStdout := os.Stdout - origStderr := os.Stderr - origLogOutput := log.StandardLogger().Out - log.SetOutput(io.Discard) - - devNull, errOpenDevNull := os.Open(os.DevNull) - if errOpenDevNull == nil { - os.Stdout = devNull - os.Stderr = devNull - } - - restoreIO := func() { - os.Stdout = origStdout - os.Stderr = origStderr - log.SetOutput(origLogOutput) - if devNull != nil { - _ = devNull.Close() - } - } - - localMgmtPassword := fmt.Sprintf("tui-%d-%d", os.Getpid(), time.Now().UnixNano()) - if password == "" { - password = localMgmtPassword - } - - cancel, done := cmd.StartServiceBackground(cfg, configFilePath, password) - - client := tui.NewClient(cfg.Port, password) - ready := false - backoff := 100 * time.Millisecond - for i := 0; i < 30; i++ { - if _, errGetConfig := client.GetConfig(); errGetConfig == nil { - ready = true - break - } - time.Sleep(backoff) - if backoff < time.Second { - backoff = time.Duration(float64(backoff) * 1.5) - } - } - - if !ready { - restoreIO() - cancel() - <-done - fmt.Fprintf(os.Stderr, "TUI error: embedded server is not ready\n") - return - } - - if errRun := tui.Run(cfg.Port, password, hook, origStdout); errRun != nil { - restoreIO() - fmt.Fprintf(os.Stderr, "TUI error: %v\n", errRun) - } else { - restoreIO() - } - - cancel() - <-done - } else { - // Default TUI mode: pure management client. - // The proxy server must already be running. - if errRun := tui.Run(cfg.Port, password, nil, os.Stdout); errRun != nil { - fmt.Fprintf(os.Stderr, "TUI error: %v\n", errRun) - } - } - } else { - // Start the main proxy service - managementasset.StartAutoUpdater(context.Background(), configFilePath) - - if cfg.AuthDir != "" { - kiro.InitializeAndStart(cfg.AuthDir, cfg) - defer kiro.StopGlobalRefreshManager() - } - - cmd.StartService(cfg, configFilePath, password) - } - } -} diff --git a/.worktrees/config/m/config-build/active/config.example.yaml b/.worktrees/config/m/config-build/active/config.example.yaml deleted file mode 100644 index b513eb60ac..0000000000 --- a/.worktrees/config/m/config-build/active/config.example.yaml +++ /dev/null @@ -1,379 +0,0 @@ -# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6). -# Use "127.0.0.1" or "localhost" to restrict access to local machine only. -host: '' - -# Server port -port: 8317 - -# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key. -tls: - enable: false - cert: '' - key: '' - -# Management API settings -remote-management: - # Whether to allow remote (non-localhost) management access. - # When false, only localhost can access management endpoints (a key is still required). - allow-remote: false - - # Management key. If a plaintext value is provided here, it will be hashed on startup. - # All management requests (even from localhost) require this key. - # Leave empty to disable the Management API entirely (404 for all /v0/management routes). - secret-key: '' - - # Disable the bundled management control panel asset download and HTTP route when true. - disable-control-panel: false - - # GitHub repository for the management control panel. Accepts a repository URL or releases API URL. - panel-github-repository: 'https://github.com/router-for-me/Cli-Proxy-API-Management-Center' - -# Authentication directory (supports ~ for home directory) -auth-dir: '~/.cli-proxy-api' - -# API keys for authentication -api-keys: - - 'your-api-key-1' - - 'your-api-key-2' - - 'your-api-key-3' - -# Enable debug logging -debug: false - -# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety. -pprof: - enable: false - addr: '127.0.0.1:8316' - -# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency. -commercial-mode: false - -# Open OAuth URLs in incognito/private browser mode. -# Useful when you want to login with a different account without logging out from your current session. -# Default: false (but Kiro auth defaults to true for multi-account support) -incognito-browser: true - -# When true, write application logs to rotating files instead of stdout -logging-to-file: false - -# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log -# files are deleted until within the limit. Set to 0 to disable. -logs-max-total-size-mb: 0 - -# Maximum number of error log files retained when request logging is disabled. -# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. -error-logs-max-files: 10 - -# When false, disable in-memory usage statistics aggregation -usage-statistics-enabled: false - -# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/ -proxy-url: '' - -# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name). -force-model-prefix: false - -# When true, forward filtered upstream response headers to downstream clients. -# Default is false (disabled). -passthrough-headers: false - -# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504. -request-retry: 3 - -# Maximum wait time in seconds for a cooled-down credential before triggering a retry. -max-retry-interval: 30 - -# Quota exceeded behavior -quota-exceeded: - switch-project: true # Whether to automatically switch to another project when a quota is exceeded - switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded - -# Routing strategy for selecting credentials when multiple match. -routing: - strategy: 'round-robin' # round-robin (default), fill-first - -# When true, enable authentication for the WebSocket API (/v1/ws). -ws-auth: false - -# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts. -nonstream-keepalive-interval: 0 - -# Streaming behavior (SSE keep-alives + safe bootstrap retries). -# streaming: -# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives. -# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent. - -# Gemini API keys -# gemini-api-key: -# - api-key: "AIzaSy...01" -# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential -# base-url: "https://generativelanguage.googleapis.com" -# headers: -# X-Custom-Header: "custom-value" -# proxy-url: "socks5://proxy.example.com:1080" -# models: -# - name: "gemini-2.5-flash" # upstream model name -# alias: "gemini-flash" # client alias mapped to the upstream model -# excluded-models: -# - "gemini-2.5-pro" # exclude specific models from this provider (exact match) -# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) -# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) -# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) -# - api-key: "AIzaSy...02" - -# Codex API keys -# codex-api-key: -# - api-key: "sk-atSM..." -# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential -# base-url: "https://www.example.com" # use the custom codex API endpoint -# headers: -# X-Custom-Header: "custom-value" -# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override -# models: -# - name: "gpt-5-codex" # upstream model name -# alias: "codex-latest" # client alias mapped to the upstream model -# excluded-models: -# - "gpt-5.1" # exclude specific models (exact match) -# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex) -# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini) -# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low) - -# Claude API keys -# claude-api-key: -# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url -# - api-key: "sk-atSM..." -# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential -# base-url: "https://www.example.com" # use the custom claude API endpoint -# headers: -# X-Custom-Header: "custom-value" -# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override -# models: -# - name: "claude-3-5-sonnet-20241022" # upstream model name -# alias: "claude-sonnet-latest" # client alias mapped to the upstream model -# excluded-models: -# - "claude-opus-4-5-20251101" # exclude specific models (exact match) -# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219) -# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking) -# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022) -# cloak: # optional: request cloaking for non-Claude-Code clients -# mode: "auto" # "auto" (default): cloak only when client is not Claude Code -# # "always": always apply cloaking -# # "never": never apply cloaking -# strict-mode: false # false (default): prepend Claude Code prompt to user system messages -# # true: strip all user system messages, keep only Claude Code prompt -# sensitive-words: # optional: words to obfuscate with zero-width characters -# - "API" -# - "proxy" -# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request - -# Default headers for Claude API requests. Update when Claude Code releases new versions. -# These are used as fallbacks when the client does not send its own headers. -# claude-header-defaults: -# user-agent: "claude-cli/2.1.44 (external, sdk-cli)" -# package-version: "0.74.0" -# runtime-version: "v24.3.0" -# timeout: "600" - -# Kiro (AWS CodeWhisperer) configuration -# Note: Kiro API currently only operates in us-east-1 region -#kiro: -# - token-file: "~/.aws/sso/cache/kiro-auth-token.json" # path to Kiro token file -# agent-task-type: "" # optional: "vibe" or empty (API default) -# - access-token: "aoaAAAAA..." # or provide tokens directly -# refresh-token: "aorAAAAA..." -# profile-arn: "arn:aws:codewhisperer:us-east-1:..." -# proxy-url: "socks5://proxy.example.com:1080" # optional: proxy override - -# Kilocode (OAuth-based code assistant) -# Note: Kilocode uses OAuth device flow authentication. -# Use the CLI command: ./server --kilo-login -# This will save credentials to the auth directory (default: ~/.cli-proxy-api/) -# oauth-model-alias: -# kilo: -# - name: "minimax/minimax-m2.5:free" -# alias: "minimax-m2.5" -# - name: "z-ai/glm-5:free" -# alias: "glm-5" -# oauth-excluded-models: -# kilo: -# - "kilo-claude-opus-4-6" # exclude specific models (exact match) -# - "*:free" # wildcard matching suffix (e.g. all free models) - -# OpenAI compatibility providers -# openai-compatibility: -# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places. -# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials -# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider. -# headers: -# X-Custom-Header: "custom-value" -# api-key-entries: -# - api-key: "sk-or-v1-...b780" -# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override -# - api-key: "sk-or-v1-...b781" # without proxy-url -# models: # The models supported by the provider. -# - name: "moonshotai/kimi-k2:free" # The actual model name. -# alias: "kimi-k2" # The alias used in the API. - -# Vertex API keys (Vertex-compatible endpoints, use API key + base URL) -# vertex-api-key: -# - api-key: "vk-123..." # x-goog-api-key header -# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential -# base-url: "https://example.com/api" # e.g. https://zenmux.ai/api -# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override -# headers: -# X-Custom-Header: "custom-value" -# models: # optional: map aliases to upstream model names -# - name: "gemini-2.5-flash" # upstream model name -# alias: "vertex-flash" # client-visible alias -# - name: "gemini-2.5-pro" -# alias: "vertex-pro" - -# Amp Integration -# ampcode: -# # Configure upstream URL for Amp CLI OAuth and management features -# upstream-url: "https://ampcode.com" -# # Optional: Override API key for Amp upstream (otherwise uses env or file) -# upstream-api-key: "" -# # Per-client upstream API key mapping -# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys. -# # Useful when different clients need to use different Amp accounts/quotas. -# # If a client key isn't mapped, falls back to upstream-api-key (default behavior). -# upstream-api-keys: -# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients -# api-keys: # Client keys that use this upstream key -# - "your-api-key-1" -# - "your-api-key-2" -# - upstream-api-key: "amp_key_for_team_b" -# api-keys: -# - "your-api-key-3" -# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false) -# restrict-management-to-localhost: false -# # Force model mappings to run before checking local API keys (default: false) -# force-model-mappings: false -# # Amp Model Mappings -# # Route unavailable Amp models to alternative models available in your local proxy. -# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5) -# # but you have a similar model available (e.g., Claude Sonnet 4). -# model-mappings: -# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI -# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead -# - from: "claude-sonnet-4-5-20250929" -# to: "gemini-claude-sonnet-4-5-thinking" -# - from: "claude-haiku-4-5-20251001" -# to: "gemini-2.5-flash" - -# Global OAuth model name aliases (per channel) -# These aliases rename model IDs for both model listing and request routing. -# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot, kimi. -# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode. -# You can repeat the same name with different aliases to expose multiple client model names. -# oauth-model-alias: -# antigravity: -# - name: "rev19-uic3-1p" -# alias: "gemini-2.5-computer-use-preview-10-2025" -# - name: "gemini-3-pro-image" -# alias: "gemini-3-pro-image-preview" -# - name: "gemini-3-pro-high" -# alias: "gemini-3-pro-preview" -# - name: "gemini-3-flash" -# alias: "gemini-3-flash-preview" -# - name: "claude-sonnet-4-5" -# alias: "gemini-claude-sonnet-4-5" -# - name: "claude-sonnet-4-5-thinking" -# alias: "gemini-claude-sonnet-4-5-thinking" -# - name: "claude-opus-4-5-thinking" -# alias: "gemini-claude-opus-4-5-thinking" -# gemini-cli: -# - name: "gemini-2.5-pro" # original model name under this channel -# alias: "g2.5p" # client-visible alias -# fork: true # when true, keep original and also add the alias as an extra model (default: false) -# vertex: -# - name: "gemini-2.5-pro" -# alias: "g2.5p" -# aistudio: -# - name: "gemini-2.5-pro" -# alias: "g2.5p" -# claude: -# - name: "claude-sonnet-4-5-20250929" -# alias: "cs4.5" -# codex: -# - name: "gpt-5" -# alias: "g5" -# qwen: -# - name: "qwen3-coder-plus" -# alias: "qwen-plus" -# iflow: -# - name: "glm-4.7" -# alias: "glm-god" -# kimi: -# - name: "kimi-k2.5" -# alias: "k2.5" -# kiro: -# - name: "kiro-claude-opus-4-5" -# alias: "op45" -# github-copilot: -# - name: "gpt-5" -# alias: "copilot-gpt5" - -# OAuth provider excluded models -# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. -# oauth-excluded-models: -# gemini-cli: -# - "gemini-2.5-pro" # exclude specific models (exact match) -# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) -# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) -# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) -# vertex: -# - "gemini-3-pro-preview" -# aistudio: -# - "gemini-3-pro-preview" -# antigravity: -# - "gemini-3-pro-preview" -# claude: -# - "claude-3-5-haiku-20241022" -# codex: -# - "gpt-5-codex-mini" -# qwen: -# - "vision-model" -# iflow: -# - "tstars2.0" -# kimi: -# - "kimi-k2-thinking" -# kiro: -# - "kiro-claude-haiku-4-5" -# github-copilot: -# - "raptor-mini" - -# Optional payload configuration -# payload: -# default: # Default rules only set parameters when they are missing in the payload. -# - models: -# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") -# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity -# params: # JSON path (gjson/sjson syntax) -> value -# "generationConfig.thinkingConfig.thinkingBudget": 32768 -# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON). -# - models: -# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") -# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity -# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) -# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}" -# override: # Override rules always set parameters, overwriting any existing values. -# - models: -# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") -# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity -# params: # JSON path (gjson/sjson syntax) -> value -# "reasoning.effort": "high" -# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON). -# - models: -# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") -# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity -# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) -# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}" -# filter: # Filter rules remove specified parameters from the payload. -# - models: -# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") -# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity -# params: # JSON paths (gjson/sjson syntax) to remove from the payload -# - "generationConfig.thinkingConfig.thinkingBudget" -# - "generationConfig.responseJsonSchema" diff --git a/.worktrees/config/m/config-build/active/contracts/cliproxyctl-response.schema.json b/.worktrees/config/m/config-build/active/contracts/cliproxyctl-response.schema.json deleted file mode 100644 index 7a7b039b92..0000000000 --- a/.worktrees/config/m/config-build/active/contracts/cliproxyctl-response.schema.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://router-for-me.dev/contracts/cliproxyctl-response.schema.json", - "title": "cliproxyctl response envelope", - "type": "object", - "additionalProperties": false, - "required": [ - "schema_version", - "command", - "ok", - "timestamp", - "details" - ], - "properties": { - "schema_version": { - "const": "cliproxyctl.response.v1" - }, - "command": { - "type": "string", - "enum": [ - "setup", - "login", - "doctor" - ] - }, - "ok": { - "type": "boolean" - }, - "timestamp": { - "type": "string", - "format": "date-time" - }, - "details": { - "type": "object" - } - } -} diff --git a/.worktrees/config/m/config-build/active/docker-build.ps1 b/.worktrees/config/m/config-build/active/docker-build.ps1 deleted file mode 100644 index d42a0d046a..0000000000 --- a/.worktrees/config/m/config-build/active/docker-build.ps1 +++ /dev/null @@ -1,53 +0,0 @@ -# build.ps1 - Windows PowerShell Build Script -# -# This script automates the process of building and running the Docker container -# with version information dynamically injected at build time. - -# Stop script execution on any error -$ErrorActionPreference = "Stop" - -# --- Step 1: Choose Environment --- -Write-Host "Please select an option:" -Write-Host "1) Run using Pre-built Image (Recommended)" -Write-Host "2) Build from Source and Run (For Developers)" -$choice = Read-Host -Prompt "Enter choice [1-2]" - -# --- Step 2: Execute based on choice --- -switch ($choice) { - "1" { - Write-Host "--- Running with Pre-built Image ---" - docker compose up -d --remove-orphans --no-build - Write-Host "Services are starting from remote image." - Write-Host "Run 'docker compose logs -f' to see the logs." - } - "2" { - Write-Host "--- Building from Source and Running ---" - - # Get Version Information - $VERSION = (git describe --tags --always --dirty) - $COMMIT = (git rev-parse --short HEAD) - $BUILD_DATE = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") - - Write-Host "Building with the following info:" - Write-Host " Version: $VERSION" - Write-Host " Commit: $COMMIT" - Write-Host " Build Date: $BUILD_DATE" - Write-Host "----------------------------------------" - - # Build and start the services with a local-only image tag - $env:CLI_PROXY_IMAGE = "cli-proxy-api:local" - - Write-Host "Building the Docker image..." - docker compose build --build-arg VERSION=$VERSION --build-arg COMMIT=$COMMIT --build-arg BUILD_DATE=$BUILD_DATE - - Write-Host "Starting the services..." - docker compose up -d --remove-orphans --pull never - - Write-Host "Build complete. Services are starting." - Write-Host "Run 'docker compose logs -f' to see the logs." - } - default { - Write-Host "Invalid choice. Please enter 1 or 2." - exit 1 - } -} \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/docker-build.sh b/.worktrees/config/m/config-build/active/docker-build.sh deleted file mode 100644 index 944f3e788a..0000000000 --- a/.worktrees/config/m/config-build/active/docker-build.sh +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/env bash -# -# build.sh - Linux/macOS Build Script -# -# This script automates the process of building and running the Docker container -# with version information dynamically injected at build time. - -# Hidden feature: Preserve usage statistics across rebuilds -# Usage: ./docker-build.sh --with-usage -# First run prompts for management API key, saved to temp/stats/.api_secret - -set -euo pipefail - -STATS_DIR="temp/stats" -STATS_FILE="${STATS_DIR}/.usage_backup.json" -SECRET_FILE="${STATS_DIR}/.api_secret" -WITH_USAGE=false - -get_port() { - if [[ -f "config.yaml" ]]; then - grep -E "^port:" config.yaml | sed -E 's/^port: *["'"'"']?([0-9]+)["'"'"']?.*$/\1/' - else - echo "8317" - fi -} - -export_stats_api_secret() { - if [[ -f "${SECRET_FILE}" ]]; then - API_SECRET=$(cat "${SECRET_FILE}") - else - if [[ ! -d "${STATS_DIR}" ]]; then - mkdir -p "${STATS_DIR}" - fi - echo "First time using --with-usage. Management API key required." - read -r -p "Enter management key: " -s API_SECRET - echo - echo "${API_SECRET}" > "${SECRET_FILE}" - chmod 600 "${SECRET_FILE}" - fi -} - -check_container_running() { - local port - port=$(get_port) - - if ! curl -s -o /dev/null -w "%{http_code}" "http://localhost:${port}/" | grep -q "200"; then - echo "Error: cli-proxy-api service is not responding at localhost:${port}" - echo "Please start the container first or use without --with-usage flag." - exit 1 - fi -} - -export_stats() { - local port - port=$(get_port) - - if [[ ! -d "${STATS_DIR}" ]]; then - mkdir -p "${STATS_DIR}" - fi - check_container_running - echo "Exporting usage statistics..." - EXPORT_RESPONSE=$(curl -s -w "\n%{http_code}" -H "X-Management-Key: ${API_SECRET}" \ - "http://localhost:${port}/v0/management/usage/export") - HTTP_CODE=$(echo "${EXPORT_RESPONSE}" | tail -n1) - RESPONSE_BODY=$(echo "${EXPORT_RESPONSE}" | sed '$d') - - if [[ "${HTTP_CODE}" != "200" ]]; then - echo "Export failed (HTTP ${HTTP_CODE}): ${RESPONSE_BODY}" - exit 1 - fi - - echo "${RESPONSE_BODY}" > "${STATS_FILE}" - echo "Statistics exported to ${STATS_FILE}" -} - -import_stats() { - local port - port=$(get_port) - - echo "Importing usage statistics..." - IMPORT_RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \ - -H "X-Management-Key: ${API_SECRET}" \ - -H "Content-Type: application/json" \ - -d @"${STATS_FILE}" \ - "http://localhost:${port}/v0/management/usage/import") - IMPORT_CODE=$(echo "${IMPORT_RESPONSE}" | tail -n1) - IMPORT_BODY=$(echo "${IMPORT_RESPONSE}" | sed '$d') - - if [[ "${IMPORT_CODE}" == "200" ]]; then - echo "Statistics imported successfully" - else - echo "Import failed (HTTP ${IMPORT_CODE}): ${IMPORT_BODY}" - fi - - rm -f "${STATS_FILE}" -} - -wait_for_service() { - local port - port=$(get_port) - - echo "Waiting for service to be ready..." - for i in {1..30}; do - if curl -s -o /dev/null -w "%{http_code}" "http://localhost:${port}/" | grep -q "200"; then - break - fi - sleep 1 - done - sleep 2 -} - -if [[ "${1:-}" == "--with-usage" ]]; then - WITH_USAGE=true - export_stats_api_secret -fi - -# --- Step 1: Choose Environment --- -echo "Please select an option:" -echo "1) Run using Pre-built Image (Recommended)" -echo "2) Build from Source and Run (For Developers)" -read -r -p "Enter choice [1-2]: " choice - -# --- Step 2: Execute based on choice --- -case "$choice" in - 1) - echo "--- Running with Pre-built Image ---" - if [[ "${WITH_USAGE}" == "true" ]]; then - export_stats - fi - docker compose up -d --remove-orphans --no-build - if [[ "${WITH_USAGE}" == "true" ]]; then - wait_for_service - import_stats - fi - echo "Services are starting from remote image." - echo "Run 'docker compose logs -f' to see the logs." - ;; - 2) - echo "--- Building from Source and Running ---" - - # Get Version Information - VERSION="$(git describe --tags --always --dirty)" - COMMIT="$(git rev-parse --short HEAD)" - BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)" - - echo "Building with the following info:" - echo " Version: ${VERSION}" - echo " Commit: ${COMMIT}" - echo " Build Date: ${BUILD_DATE}" - echo "----------------------------------------" - - # Build and start the services with a local-only image tag - export CLI_PROXY_IMAGE="cli-proxy-api:local" - - echo "Building the Docker image..." - docker compose build \ - --build-arg VERSION="${VERSION}" \ - --build-arg COMMIT="${COMMIT}" \ - --build-arg BUILD_DATE="${BUILD_DATE}" - - if [[ "${WITH_USAGE}" == "true" ]]; then - export_stats - fi - - echo "Starting the services..." - docker compose up -d --remove-orphans --pull never - - if [[ "${WITH_USAGE}" == "true" ]]; then - wait_for_service - import_stats - fi - - echo "Build complete. Services are starting." - echo "Run 'docker compose logs -f' to see the logs." - ;; - *) - echo "Invalid choice. Please enter 1 or 2." - exit 1 - ;; -esac diff --git a/.worktrees/config/m/config-build/active/docker-compose.yml b/.worktrees/config/m/config-build/active/docker-compose.yml deleted file mode 100644 index cd8c21b97c..0000000000 --- a/.worktrees/config/m/config-build/active/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -services: - cli-proxy-api: - image: ${CLI_PROXY_IMAGE:-eceasy/cli-proxy-api-plus:latest} - pull_policy: always - build: - context: . - dockerfile: Dockerfile - args: - VERSION: ${VERSION:-dev} - COMMIT: ${COMMIT:-none} - BUILD_DATE: ${BUILD_DATE:-unknown} - container_name: cli-proxy-api-plus - # env_file: - # - .env - environment: - DEPLOY: ${DEPLOY:-} - ports: - - "8317:8317" - - "8085:8085" - - "1455:1455" - - "54545:54545" - - "51121:51121" - - "11451:11451" - volumes: - - ${CLI_PROXY_CONFIG_PATH:-./config.yaml}:/CLIProxyAPI/config.yaml - - ${CLI_PROXY_AUTH_PATH:-./auths}:/root/.cli-proxy-api - - ${CLI_PROXY_LOG_PATH:-./logs}:/CLIProxyAPI/logs - restart: unless-stopped diff --git a/.worktrees/config/m/config-build/active/docker-init.sh b/.worktrees/config/m/config-build/active/docker-init.sh deleted file mode 100644 index 7f6150a69e..0000000000 --- a/.worktrees/config/m/config-build/active/docker-init.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/sh -# docker-init.sh - Docker entrypoint script for CLIProxyAPI++ -# This script handles initialization tasks before starting the main application. -# It enables "out-of-the-box" Docker deployment without manual config creation. - -set -e - -CONFIG_FILE="${CONFIG_FILE:-/CLIProxyAPI/config.yaml}" -CONFIG_EXAMPLE="${CONFIG_EXAMPLE:-/CLIProxyAPI/config.example.yaml}" -AUTH_DIR="${AUTH_DIR:-/root/.cli-proxy-api}" -LOGS_DIR="${LOGS_DIR:-/CLIProxyAPI/logs}" - -<<<<<<< HEAD -======= -# Normalize CONFIG_FILE when mount points incorrectly create a directory. -if [ -d "${CONFIG_FILE}" ]; then - CONFIG_FILE="${CONFIG_FILE%/}/config.yaml" -fi - ->>>>>>> archive/pr-234-head-20260223 -# Create auth directory if it doesn't exist -if [ ! -d "${AUTH_DIR}" ]; then - echo "[docker-init] Creating auth directory: ${AUTH_DIR}" - mkdir -p "${AUTH_DIR}" -fi -<<<<<<< HEAD -======= -chmod 700 "${AUTH_DIR}" ->>>>>>> archive/pr-234-head-20260223 - -# Create logs directory if it doesn't exist -if [ ! -d "${LOGS_DIR}" ]; then - echo "[docker-init] Creating logs directory: ${LOGS_DIR}" - mkdir -p "${LOGS_DIR}" -fi - -# Check if config file exists, if not create from example -if [ ! -f "${CONFIG_FILE}" ]; then - echo "[docker-init] Config file not found, creating from example..." -<<<<<<< HEAD -======= - mkdir -p "$(dirname "${CONFIG_FILE}")" ->>>>>>> archive/pr-234-head-20260223 - if [ -f "${CONFIG_EXAMPLE}" ]; then - cp "${CONFIG_EXAMPLE}" "${CONFIG_FILE}" - echo "[docker-init] Created ${CONFIG_FILE} from example" - else - echo "[docker-init] WARNING: Example config not found at ${CONFIG_EXAMPLE}" - echo "[docker-init] Creating minimal config..." - cat > "${CONFIG_FILE}" << 'EOF' -# CLIProxyAPI++ Configuration - Auto-generated by docker-init.sh -# Edit this file to customize your deployment - -host: "" -port: 8317 - -api-keys: - - "your-api-key-here" - -debug: false - -remote-management: - allow-remote: false - secret-key: "" - disable-control-panel: false - -routing: - strategy: "round-robin" - -auth-dir: "~/.cli-proxy-api" -EOF - echo "[docker-init] Created minimal config at ${CONFIG_FILE}" - fi -fi - -# Apply environment variable overrides if set -# These take precedence over config file values -if [ -n "${CLIPROXY_HOST}" ]; then - echo "[docker-init] Setting host from env: ${CLIPROXY_HOST}" - sed -i "s/^host:.*/host: \"${CLIPROXY_HOST}\"/" "${CONFIG_FILE}" 2>/dev/null || \ - sed -i '' "s/^host:.*/host: \"${CLIPROXY_HOST}\"/" "${CONFIG_FILE}" 2>/dev/null || true -fi - -if [ -n "${CLIPROXY_PORT}" ]; then - echo "[docker-init] Setting port from env: ${CLIPROXY_PORT}" - sed -i "s/^port:.*/port: ${CLIPROXY_PORT}/" "${CONFIG_FILE}" 2>/dev/null || \ - sed -i '' "s/^port:.*/port: ${CLIPROXY_PORT}/" "${CONFIG_FILE}" 2>/dev/null || true -fi - -if [ -n "${CLIPROXY_SECRET_KEY}" ]; then - echo "[docker-init] Setting management secret-key from env" - sed -i "s/secret-key:.*/secret-key: \"${CLIPROXY_SECRET_KEY}\"/" "${CONFIG_FILE}" 2>/dev/null || \ - sed -i '' "s/secret-key:.*/secret-key: \"${CLIPROXY_SECRET_KEY}\"/" "${CONFIG_FILE}" 2>/dev/null || true -fi - -if [ -n "${CLIPROXY_ALLOW_REMOTE}" ]; then - echo "[docker-init] Setting allow-remote from env: ${CLIPROXY_ALLOW_REMOTE}" - sed -i "s/allow-remote:.*/allow-remote: ${CLIPROXY_ALLOW_REMOTE}/" "${CONFIG_FILE}" 2>/dev/null || \ - sed -i '' "s/allow-remote:.*/allow-remote: ${CLIPROXY_ALLOW_REMOTE}/" "${CONFIG_FILE}" 2>/dev/null || true -fi - -if [ -n "${CLIPROXY_DEBUG}" ]; then - echo "[docker-init] Setting debug from env: ${CLIPROXY_DEBUG}" - sed -i "s/^debug:.*/debug: ${CLIPROXY_DEBUG}/" "${CONFIG_FILE}" 2>/dev/null || \ - sed -i '' "s/^debug:.*/debug: ${CLIPROXY_DEBUG}/" "${CONFIG_FILE}" 2>/dev/null || true -fi - -if [ -n "${CLIPROXY_ROUTING_STRATEGY}" ]; then - echo "[docker-init] Setting routing strategy from env: ${CLIPROXY_ROUTING_STRATEGY}" - sed -i "s/strategy:.*/strategy: \"${CLIPROXY_ROUTING_STRATEGY}\"/" "${CONFIG_FILE}" 2>/dev/null || \ - sed -i '' "s/strategy:.*/strategy: \"${CLIPROXY_ROUTING_STRATEGY}\"/" "${CONFIG_FILE}" 2>/dev/null || true -fi - -echo "[docker-init] Starting CLIProxyAPI++..." -exec ./cliproxyapi++ "$@" diff --git a/.worktrees/config/m/config-build/active/examples/custom-provider/main.go b/.worktrees/config/m/config-build/active/examples/custom-provider/main.go deleted file mode 100644 index 7c611f9eb3..0000000000 --- a/.worktrees/config/m/config-build/active/examples/custom-provider/main.go +++ /dev/null @@ -1,225 +0,0 @@ -// Package main demonstrates how to create a custom AI provider executor -// and integrate it with the CLI Proxy API server. This example shows how to: -// - Create a custom executor that implements the Executor interface -// - Register custom translators for request/response transformation -// - Integrate the custom provider with the SDK server -// - Register custom models in the model registry -// -// This example uses a simple echo service (httpbin.org) as the upstream API -// for demonstration purposes. In a real implementation, you would replace -// this with your actual AI service provider. -package main - -import ( - "bytes" - "context" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "os" - "path/filepath" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/logging" - sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -) - -const ( - // providerKey is the identifier for our custom provider. - providerKey = "myprov" - - // fOpenAI represents the OpenAI chat format. - fOpenAI = sdktr.Format("openai.chat") - - // fMyProv represents our custom provider's chat format. - fMyProv = sdktr.Format("myprov.chat") -) - -// init registers trivial translators for demonstration purposes. -// In a real implementation, you would implement proper request/response -// transformation logic between OpenAI format and your provider's format. -func init() { - sdktr.Register(fOpenAI, fMyProv, - func(model string, raw []byte, stream bool) []byte { return raw }, - sdktr.ResponseTransform{ - Stream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) []string { - return []string{string(raw)} - }, - NonStream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) string { - return string(raw) - }, - }, - ) -} - -// MyExecutor is a minimal provider implementation for demonstration purposes. -// It implements the Executor interface to handle requests to a custom AI provider. -type MyExecutor struct{} - -// Identifier returns the unique identifier for this executor. -func (MyExecutor) Identifier() string { return providerKey } - -// PrepareRequest optionally injects credentials to raw HTTP requests. -// This method is called before each request to allow the executor to modify -// the HTTP request with authentication headers or other necessary modifications. -// -// Parameters: -// - req: The HTTP request to prepare -// - a: The authentication information -// -// Returns: -// - error: An error if request preparation fails -func (MyExecutor) PrepareRequest(req *http.Request, a *coreauth.Auth) error { - if req == nil || a == nil { - return nil - } - if a.Attributes != nil { - if ak := strings.TrimSpace(a.Attributes["api_key"]); ak != "" { - req.Header.Set("Authorization", "Bearer "+ak) - } - } - return nil -} - -func buildHTTPClient(a *coreauth.Auth) *http.Client { - if a == nil || strings.TrimSpace(a.ProxyURL) == "" { - return http.DefaultClient - } - u, err := url.Parse(a.ProxyURL) - if err != nil || (u.Scheme != "http" && u.Scheme != "https") { - return http.DefaultClient - } - return &http.Client{Transport: &http.Transport{Proxy: http.ProxyURL(u)}} -} - -func upstreamEndpoint(a *coreauth.Auth) string { - if a != nil && a.Attributes != nil { - if ep := strings.TrimSpace(a.Attributes["endpoint"]); ep != "" { - return ep - } - } - // Demo echo endpoint; replace with your upstream. - return "https://httpbin.org/post" -} - -func (MyExecutor) Execute(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (clipexec.Response, error) { - client := buildHTTPClient(a) - endpoint := upstreamEndpoint(a) - - httpReq, errNew := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(req.Payload)) - if errNew != nil { - return clipexec.Response{}, errNew - } - httpReq.Header.Set("Content-Type", "application/json") - - // Inject credentials via PrepareRequest hook. - if errPrep := (MyExecutor{}).PrepareRequest(httpReq, a); errPrep != nil { - return clipexec.Response{}, errPrep - } - - resp, errDo := client.Do(httpReq) - if errDo != nil { - return clipexec.Response{}, errDo - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - fmt.Fprintf(os.Stderr, "close response body error: %v\n", errClose) - } - }() - body, _ := io.ReadAll(resp.Body) - return clipexec.Response{Payload: body}, nil -} - -func (MyExecutor) HttpRequest(ctx context.Context, a *coreauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("myprov executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrep := (MyExecutor{}).PrepareRequest(httpReq, a); errPrep != nil { - return nil, errPrep - } - client := buildHTTPClient(a) - return client.Do(httpReq) -} - -func (MyExecutor) CountTokens(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) { - return clipexec.Response{}, errors.New("count tokens not implemented") -} - -func (MyExecutor) ExecuteStream(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (*clipexec.StreamResult, error) { - ch := make(chan clipexec.StreamChunk, 1) - go func() { - defer close(ch) - ch <- clipexec.StreamChunk{Payload: []byte("data: {\"ok\":true}\n\n")} - }() - return &clipexec.StreamResult{Chunks: ch}, nil -} - -func (MyExecutor) Refresh(ctx context.Context, a *coreauth.Auth) (*coreauth.Auth, error) { - return a, nil -} - -func main() { - cfg, err := config.LoadConfig("config.yaml") - if err != nil { - panic(err) - } - - tokenStore := sdkAuth.GetTokenStore() - if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(cfg.AuthDir) - } - core := coreauth.NewManager(tokenStore, nil, nil) - core.RegisterExecutor(MyExecutor{}) - - hooks := cliproxy.Hooks{ - OnAfterStart: func(s *cliproxy.Service) { - // Register demo models for the custom provider so they appear in /v1/models. - models := []*cliproxy.ModelInfo{{ID: "myprov-pro-1", Object: "model", Type: providerKey, DisplayName: "MyProv Pro 1"}} - for _, a := range core.List() { - if strings.EqualFold(a.Provider, providerKey) { - cliproxy.GlobalModelRegistry().RegisterClient(a.ID, providerKey, models) - } - } - }, - } - - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithCoreAuthManager(core). - WithServerOptions( - // Optional: add a simple middleware + custom request logger - api.WithMiddleware(func(c *gin.Context) { c.Header("X-Example", "custom-provider"); c.Next() }), - api.WithRequestLoggerFactory(func(cfg *config.Config, cfgPath string) logging.RequestLogger { - return logging.NewFileRequestLoggerWithOptions(true, "logs", filepath.Dir(cfgPath), cfg.ErrorLogsMaxFiles) - }), - ). - WithHooks(hooks). - Build() - if err != nil { - panic(err) - } - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if errRun := svc.Run(ctx); errRun != nil && !errors.Is(errRun, context.Canceled) { - panic(errRun) - } - _ = os.Stderr // keep os import used (demo only) - _ = time.Second -} diff --git a/.worktrees/config/m/config-build/active/examples/http-request/main.go b/.worktrees/config/m/config-build/active/examples/http-request/main.go deleted file mode 100644 index a667a9ca0c..0000000000 --- a/.worktrees/config/m/config-build/active/examples/http-request/main.go +++ /dev/null @@ -1,140 +0,0 @@ -// Package main demonstrates how to use coreauth.Manager.HttpRequest/NewHttpRequest -// to execute arbitrary HTTP requests with provider credentials injected. -// -// This example registers a minimal custom executor that injects an Authorization -// header from auth.Attributes["api_key"], then performs two requests against -// httpbin.org to show the injected headers. -package main - -import ( - "bytes" - "context" - "errors" - "fmt" - "io" - "net/http" - "strings" - "time" - - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - log "github.com/sirupsen/logrus" -) - -const providerKey = "echo" - -// EchoExecutor is a minimal provider implementation for demonstration purposes. -type EchoExecutor struct{} - -func (EchoExecutor) Identifier() string { return providerKey } - -func (EchoExecutor) PrepareRequest(req *http.Request, auth *coreauth.Auth) error { - if req == nil || auth == nil { - return nil - } - if auth.Attributes != nil { - if apiKey := strings.TrimSpace(auth.Attributes["api_key"]); apiKey != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - } - return nil -} - -func (EchoExecutor) HttpRequest(ctx context.Context, auth *coreauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("echo executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrep := (EchoExecutor{}).PrepareRequest(httpReq, auth); errPrep != nil { - return nil, errPrep - } - return http.DefaultClient.Do(httpReq) -} - -func (EchoExecutor) Execute(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) { - return clipexec.Response{}, errors.New("echo executor: Execute not implemented") -} - -func (EchoExecutor) ExecuteStream(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (*clipexec.StreamResult, error) { - return nil, errors.New("echo executor: ExecuteStream not implemented") -} - -func (EchoExecutor) Refresh(context.Context, *coreauth.Auth) (*coreauth.Auth, error) { - return nil, errors.New("echo executor: Refresh not implemented") -} - -func (EchoExecutor) CountTokens(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) { - return clipexec.Response{}, errors.New("echo executor: CountTokens not implemented") -} - -func main() { - log.SetLevel(log.InfoLevel) - - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - - core := coreauth.NewManager(nil, nil, nil) - core.RegisterExecutor(EchoExecutor{}) - - auth := &coreauth.Auth{ - ID: "demo-echo", - Provider: providerKey, - Attributes: map[string]string{ - "api_key": "demo-api-key", - }, - } - - // Example 1: Build a prepared request and execute it using your own http.Client. - reqPrepared, errReqPrepared := core.NewHttpRequest( - ctx, - auth, - http.MethodGet, - "https://httpbin.org/anything", - nil, - http.Header{"X-Example": []string{"prepared"}}, - ) - if errReqPrepared != nil { - panic(errReqPrepared) - } - respPrepared, errDoPrepared := http.DefaultClient.Do(reqPrepared) - if errDoPrepared != nil { - panic(errDoPrepared) - } - defer func() { - if errClose := respPrepared.Body.Close(); errClose != nil { - log.Errorf("close response body error: %v", errClose) - } - }() - bodyPrepared, errReadPrepared := io.ReadAll(respPrepared.Body) - if errReadPrepared != nil { - panic(errReadPrepared) - } - fmt.Printf("Prepared request status: %d\n%s\n\n", respPrepared.StatusCode, bodyPrepared) - - // Example 2: Execute a raw request via core.HttpRequest (auto inject + do). - rawBody := []byte(`{"hello":"world"}`) - rawReq, errRawReq := http.NewRequestWithContext(ctx, http.MethodPost, "https://httpbin.org/anything", bytes.NewReader(rawBody)) - if errRawReq != nil { - panic(errRawReq) - } - rawReq.Header.Set("Content-Type", "application/json") - rawReq.Header.Set("X-Example", "executed") - - respExec, errDoExec := core.HttpRequest(ctx, auth, rawReq) - if errDoExec != nil { - panic(errDoExec) - } - defer func() { - if errClose := respExec.Body.Close(); errClose != nil { - log.Errorf("close response body error: %v", errClose) - } - }() - bodyExec, errReadExec := io.ReadAll(respExec.Body) - if errReadExec != nil { - panic(errReadExec) - } - fmt.Printf("Manager HttpRequest status: %d\n%s\n", respExec.StatusCode, bodyExec) -} diff --git a/.worktrees/config/m/config-build/active/examples/launchd/com.router-for-me.cliproxyapi-plusplus.plist b/.worktrees/config/m/config-build/active/examples/launchd/com.router-for-me.cliproxyapi-plusplus.plist deleted file mode 100644 index 275d1de649..0000000000 --- a/.worktrees/config/m/config-build/active/examples/launchd/com.router-for-me.cliproxyapi-plusplus.plist +++ /dev/null @@ -1,33 +0,0 @@ - - - - - Label - com.router-for-me.cliproxyapi-plusplus - - ProgramArguments - - /opt/homebrew/bin/cliproxyapi++ - --config - /opt/homebrew/etc/cliproxyapi/config.yaml - - - WorkingDirectory - /opt/homebrew/etc/cliproxyapi - - RunAtLoad - - - KeepAlive - - Crashed - - - - StandardOutPath - /opt/homebrew/var/log/cliproxyapi-plusplus.log - - StandardErrorPath - /opt/homebrew/var/log/cliproxyapi-plusplus.err - - diff --git a/.worktrees/config/m/config-build/active/examples/process-compose.dev.yaml b/.worktrees/config/m/config-build/active/examples/process-compose.dev.yaml deleted file mode 100644 index 45b02117d4..0000000000 --- a/.worktrees/config/m/config-build/active/examples/process-compose.dev.yaml +++ /dev/null @@ -1,18 +0,0 @@ -version: "0.5" - -processes: - cliproxy: - command: "go run ./cmd/server --config ./config.yaml" - working_dir: "." - availability: - restart: "on_failure" - max_restarts: 10 -<<<<<<< HEAD - health-probe: - command: "sh -lc 'while true; do curl -fsS http://localhost:8317/health >/dev/null 2>&1 || true; sleep 20; done'" - working_dir: "." - availability: - restart: "always" -======= - ->>>>>>> archive/pr-234-head-20260223 diff --git a/.worktrees/config/m/config-build/active/examples/process-compose.yaml b/.worktrees/config/m/config-build/active/examples/process-compose.yaml deleted file mode 100644 index a62025a6a7..0000000000 --- a/.worktrees/config/m/config-build/active/examples/process-compose.yaml +++ /dev/null @@ -1,26 +0,0 @@ -version: "0.5" - -environment: - - CLIPROXY_HOST=0.0.0.0 - - CLIPROXY_PORT=8317 - - CLIPROXY_LOG_LEVEL=${CLIPROXY_LOG_LEVEL:-info} - -processes: - cliproxy: - command: "go run ./cmd/server --config ./config.example.yaml" - working_dir: "." - environment: - - CLIPROXY_HOST=${CLIPROXY_HOST} - - CLIPROXY_PORT=${CLIPROXY_PORT} - - CLIPROXY_LOG_LEVEL=${CLIPROXY_LOG_LEVEL} - availability: - restart: always - max_restarts: 10 - readiness_probe: - http_get: - host: 127.0.0.1 - port: 8317 - path: /health - initial_delay_seconds: 2 - period_seconds: 3 - timeout_seconds: 2 diff --git a/.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.env b/.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.env deleted file mode 100644 index b848574656..0000000000 --- a/.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.env +++ /dev/null @@ -1,11 +0,0 @@ -# Optional service environment file for systemd -# Copy this file to /etc/default/cliproxyapi - -# Path to config and auth directory defaults -CLIPROXY_CONFIG=/etc/cliproxyapi/config.yaml -CLIPROXY_AUTH_DIR=/var/lib/cliproxyapi/auths - -# Optional logging and behavior tuning -# CLIPROXY_LOG_LEVEL=info -# CLIPROXY_HOST=0.0.0.0 -# CLIPROXY_PORT=8317 diff --git a/.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.service b/.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.service deleted file mode 100644 index 20e01845e9..0000000000 --- a/.worktrees/config/m/config-build/active/examples/systemd/cliproxyapi-plusplus.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=cliproxyapi++ proxy service -After=network.target - -[Service] -Type=simple -Environment=CLIPROXY_CONFIG=/etc/cliproxyapi/config.yaml -EnvironmentFile=-/etc/default/cliproxyapi -ExecStart=/usr/local/bin/cliproxyapi++ --config ${CLIPROXY_CONFIG} -Restart=always -RestartSec=5 -User=cliproxyapi -Group=cliproxyapi -WorkingDirectory=/var/lib/cliproxyapi -LimitNOFILE=65536 -NoNewPrivileges=yes -PrivateTmp=yes - -[Install] -WantedBy=multi-user.target diff --git a/.worktrees/config/m/config-build/active/examples/translator/main.go b/.worktrees/config/m/config-build/active/examples/translator/main.go deleted file mode 100644 index 88f142a3d2..0000000000 --- a/.worktrees/config/m/config-build/active/examples/translator/main.go +++ /dev/null @@ -1,42 +0,0 @@ -package main - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - _ "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator/builtin" -) - -func main() { - rawRequest := []byte(`{"messages":[{"content":[{"text":"Hello! Gemini","type":"text"}],"role":"user"}],"model":"gemini-2.5-pro","stream":false}`) - fmt.Println("Has gemini->openai response translator:", translator.HasResponseTransformerByFormatName( - translator.FormatGemini, - translator.FormatOpenAI, - )) - - translatedRequest := translator.TranslateRequestByFormatName( - translator.FormatOpenAI, - translator.FormatGemini, - "gemini-2.5-pro", - rawRequest, - false, - ) - - fmt.Printf("Translated request to Gemini format:\n%s\n\n", translatedRequest) - - claudeResponse := []byte(`{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"text":"Okay, here's what's going through my mind. I need to schedule a meeting"},{"thoughtSignature":"","functionCall":{"name":"schedule_meeting","args":{"topic":"Q3 planning","attendees":["Bob","Alice"],"time":"10:00","date":"2025-03-27"}}}]},"finishReason":"STOP","avgLogprobs":-0.50018133435930523}],"usageMetadata":{"promptTokenCount":117,"candidatesTokenCount":28,"totalTokenCount":474,"trafficType":"PROVISIONED_THROUGHPUT","promptTokensDetails":[{"modality":"TEXT","tokenCount":117}],"candidatesTokensDetails":[{"modality":"TEXT","tokenCount":28}],"thoughtsTokenCount":329},"modelVersion":"gemini-2.5-pro","createTime":"2025-08-15T04:12:55.249090Z","responseId":"x7OeaIKaD6CU48APvNXDyA4"}`) - - convertedResponse := translator.TranslateNonStreamByFormatName( - context.Background(), - translator.FormatGemini, - translator.FormatOpenAI, - "gemini-2.5-pro", - rawRequest, - translatedRequest, - claudeResponse, - nil, - ) - - fmt.Printf("Converted response for OpenAI clients:\n%s\n", convertedResponse) -} diff --git a/.worktrees/config/m/config-build/active/examples/windows/cliproxyapi-plusplus-service.ps1 b/.worktrees/config/m/config-build/active/examples/windows/cliproxyapi-plusplus-service.ps1 deleted file mode 100644 index bc61d5f272..0000000000 --- a/.worktrees/config/m/config-build/active/examples/windows/cliproxyapi-plusplus-service.ps1 +++ /dev/null @@ -1,73 +0,0 @@ -param( - [Parameter(Mandatory = $true)] - [ValidateSet("install","uninstall","start","stop","status")] - [string]$Action, - - [string]$BinaryPath = "C:\Program Files\cliproxyapi-plusplus\cliproxyapi++.exe", - [string]$ConfigPath = "C:\ProgramData\cliproxyapi-plusplus\config.yaml", - [string]$ServiceName = "cliproxyapi-plusplus" -) - -Set-StrictMode -Version Latest -$ErrorActionPreference = "Stop" - -function Get-ServiceState { - if (-not (Get-Service -Name $ServiceName -ErrorAction SilentlyContinue)) { - return "NotInstalled" - } - return (Get-Service -Name $ServiceName).Status -} - -if ($Action -eq "install") { - if (-not (Test-Path -Path $BinaryPath)) { - throw "Binary not found at $BinaryPath. Update -BinaryPath to your installed cliproxyapi++ executable." - } - if (-not (Test-Path -Path (Split-Path $ConfigPath))) { - New-Item -ItemType Directory -Force -Path (Split-Path $ConfigPath) | Out-Null - } - if (-not (Test-Path -Path $ConfigPath)) { - throw "Config file not found at $ConfigPath" - } - $existing = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue - if ($null -ne $existing) { - Stop-Service -Name $ServiceName -ErrorAction SilentlyContinue - Start-Sleep -Seconds 1 - Remove-Service -Name $ServiceName - } - $binaryArgv = "`"$BinaryPath`" --config `"$ConfigPath`"" - New-Service ` - -Name $ServiceName ` - -BinaryPathName $binaryArgv ` - -DisplayName "cliproxyapi++ Service" ` - -StartupType Automatic ` - -Description "cliproxyapi++ local proxy API" - Write-Host "Installed service '$ServiceName'. Start with: .\$(Split-Path -Leaf $PSCommandPath) -Action start" - return -} - -if ($Action -eq "uninstall") { - if (Get-ServiceState -ne "NotInstalled") { - Stop-Service -Name $ServiceName -ErrorAction SilentlyContinue - Remove-Service -Name $ServiceName - Write-Host "Removed service '$ServiceName'." - } else { - Write-Host "Service '$ServiceName' is not installed." - } - return -} - -if ($Action -eq "start") { - Start-Service -Name $ServiceName - Write-Host "Service '$ServiceName' started." - return -} - -if ($Action -eq "stop") { - Stop-Service -Name $ServiceName - Write-Host "Service '$ServiceName' stopped." - return -} - -if ($Action -eq "status") { - Write-Host "Service '$ServiceName' state: $(Get-ServiceState)" -} diff --git a/.worktrees/config/m/config-build/active/go.mod b/.worktrees/config/m/config-build/active/go.mod deleted file mode 100644 index 972646c818..0000000000 --- a/.worktrees/config/m/config-build/active/go.mod +++ /dev/null @@ -1,112 +0,0 @@ -module github.com/router-for-me/CLIProxyAPI/v6 - -go 1.26.0 - -require ( - github.com/andybalholm/brotli v1.0.6 - github.com/atotto/clipboard v0.1.4 - github.com/charmbracelet/bubbles v1.0.0 - github.com/charmbracelet/bubbletea v1.3.10 - github.com/charmbracelet/lipgloss v1.1.0 - github.com/edsrzf/mmap-go v1.2.0 - github.com/fsnotify/fsnotify v1.9.0 - github.com/fxamacker/cbor/v2 v2.9.0 - github.com/gin-gonic/gin v1.10.1 - github.com/go-git/go-git/v6 v6.0.0-20251009132922-75a182125145 - github.com/google/uuid v1.6.0 - github.com/gorilla/websocket v1.5.3 - github.com/jackc/pgx/v5 v5.7.6 - github.com/joho/godotenv v1.5.1 - github.com/klauspost/compress v1.17.4 - github.com/minio/minio-go/v7 v7.0.66 - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c - github.com/refraction-networking/utls v1.8.2 - github.com/sirupsen/logrus v1.9.3 - github.com/stretchr/testify v1.11.1 - github.com/tidwall/gjson v1.18.0 - github.com/tidwall/sjson v1.2.5 - github.com/tiktoken-go/tokenizer v0.7.0 - golang.org/x/crypto v0.45.0 - golang.org/x/net v0.47.0 - golang.org/x/oauth2 v0.30.0 - golang.org/x/sync v0.18.0 - golang.org/x/term v0.37.0 - golang.org/x/text v0.31.0 - gopkg.in/natefinch/lumberjack.v2 v2.2.1 - gopkg.in/yaml.v3 v3.0.1 - modernc.org/sqlite v1.46.1 -) - -require ( - cloud.google.com/go/compute/metadata v0.3.0 // indirect - github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/ProtonMail/go-crypto v1.3.0 // indirect - github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect - github.com/bytedance/sonic v1.11.6 // indirect - github.com/bytedance/sonic/loader v0.1.1 // indirect - github.com/charmbracelet/colorprofile v0.4.1 // indirect - github.com/charmbracelet/x/ansi v0.11.6 // indirect - github.com/charmbracelet/x/cellbuf v0.0.15 // indirect - github.com/charmbracelet/x/term v0.2.2 // indirect - github.com/clipperhouse/displaywidth v0.9.0 // indirect - github.com/clipperhouse/stringish v0.1.1 // indirect - github.com/clipperhouse/uax29/v2 v2.5.0 // indirect - github.com/cloudflare/circl v1.6.1 // indirect - github.com/cloudwego/base64x v0.1.4 // indirect - github.com/cloudwego/iasm v0.2.0 // indirect - github.com/cyphar/filepath-securejoin v0.4.1 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/dlclark/regexp2 v1.11.5 // indirect - github.com/dustin/go-humanize v1.0.1 // indirect - github.com/emirpasic/gods v1.18.1 // indirect - github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect - github.com/gabriel-vasile/mimetype v1.4.3 // indirect - github.com/gin-contrib/sse v0.1.0 // indirect - github.com/go-git/gcfg/v2 v2.0.2 // indirect - github.com/go-git/go-billy/v6 v6.0.0-20250627091229-31e2a16eef30 // indirect - github.com/go-playground/locales v0.14.1 // indirect - github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.20.0 // indirect - github.com/goccy/go-json v0.10.2 // indirect - github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect - github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect - github.com/jackc/puddle/v2 v2.2.2 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/kevinburke/ssh_config v1.4.0 // indirect - github.com/klauspost/cpuid/v2 v2.3.0 // indirect - github.com/leodido/go-urn v1.4.0 // indirect - github.com/lucasb-eyer/go-colorful v1.3.0 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-localereader v0.0.1 // indirect - github.com/mattn/go-runewidth v0.0.19 // indirect - github.com/minio/md5-simd v1.1.2 // indirect - github.com/minio/sha256-simd v1.0.1 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect - github.com/muesli/cancelreader v0.2.2 // indirect - github.com/muesli/termenv v0.16.0 // indirect - github.com/ncruces/go-strftime v1.0.0 // indirect - github.com/pelletier/go-toml/v2 v2.2.2 // indirect - github.com/pjbgf/sha1cd v0.5.0 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect - github.com/rivo/uniseg v0.4.7 // indirect - github.com/rs/xid v1.5.0 // indirect - github.com/sergi/go-diff v1.4.0 // indirect - github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.0 // indirect - github.com/twitchyliquid64/golang-asm v0.15.1 // indirect - github.com/ugorji/go/codec v1.2.12 // indirect - github.com/x448/float16 v0.8.4 // indirect - github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect - golang.org/x/arch v0.8.0 // indirect - golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect - golang.org/x/sys v0.38.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect - modernc.org/libc v1.67.6 // indirect - modernc.org/mathutil v1.7.1 // indirect - modernc.org/memory v1.11.0 // indirect -) diff --git a/.worktrees/config/m/config-build/active/go.sum b/.worktrees/config/m/config-build/active/go.sum deleted file mode 100644 index 8fe0c12d13..0000000000 --- a/.worktrees/config/m/config-build/active/go.sum +++ /dev/null @@ -1,289 +0,0 @@ -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= -github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw= -github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= -github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= -github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= -github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= -github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= -github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= -github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0= -github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4= -github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM= -github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= -github.com/charmbracelet/bubbles v1.0.0 h1:12J8/ak/uCZEMQ6KU7pcfwceyjLlWsDLAxB5fXonfvc= -github.com/charmbracelet/bubbles v1.0.0/go.mod h1:9d/Zd5GdnauMI5ivUIVisuEm3ave1XwXtD1ckyV6r3E= -github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw= -github.com/charmbracelet/bubbletea v1.3.10/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4= -github.com/charmbracelet/colorprofile v0.4.1 h1:a1lO03qTrSIRaK8c3JRxJDZOvhvIeSco3ej+ngLk1kk= -github.com/charmbracelet/colorprofile v0.4.1/go.mod h1:U1d9Dljmdf9DLegaJ0nGZNJvoXAhayhmidOdcBwAvKk= -github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY= -github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30= -github.com/charmbracelet/x/ansi v0.11.6 h1:GhV21SiDz/45W9AnV2R61xZMRri5NlLnl6CVF7ihZW8= -github.com/charmbracelet/x/ansi v0.11.6/go.mod h1:2JNYLgQUsyqaiLovhU2Rv/pb8r6ydXKS3NIttu3VGZQ= -github.com/charmbracelet/x/cellbuf v0.0.15 h1:ur3pZy0o6z/R7EylET877CBxaiE1Sp1GMxoFPAIztPI= -github.com/charmbracelet/x/cellbuf v0.0.15/go.mod h1:J1YVbR7MUuEGIFPCaaZ96KDl5NoS0DAWkskup+mOY+Q= -github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk= -github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI= -github.com/clipperhouse/displaywidth v0.9.0 h1:Qb4KOhYwRiN3viMv1v/3cTBlz3AcAZX3+y9OLhMtAtA= -github.com/clipperhouse/displaywidth v0.9.0/go.mod h1:aCAAqTlh4GIVkhQnJpbL0T/WfcrJXHcj8C0yjYcjOZA= -github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs= -github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA= -github.com/clipperhouse/uax29/v2 v2.5.0 h1:x7T0T4eTHDONxFJsL94uKNKPHrclyFI0lm7+w94cO8U= -github.com/clipperhouse/uax29/v2 v2.5.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g= -github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= -github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= -github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y= -github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= -github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= -github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= -github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= -github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ= -github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= -github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/edsrzf/mmap-go v1.2.0 h1:hXLYlkbaPzt1SaQk+anYwKSRNhufIDCchSPkUD6dD84= -github.com/edsrzf/mmap-go v1.2.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= -github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= -github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE= -github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= -github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4= -github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= -github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= -github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ= -github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y= -github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= -github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= -github.com/go-git/gcfg/v2 v2.0.2 h1:MY5SIIfTGGEMhdA7d7JePuVVxtKL7Hp+ApGDJAJ7dpo= -github.com/go-git/gcfg/v2 v2.0.2/go.mod h1:/lv2NsxvhepuMrldsFilrgct6pxzpGdSRC13ydTLSLs= -github.com/go-git/go-billy/v6 v6.0.0-20250627091229-31e2a16eef30 h1:4KqVJTL5eanN8Sgg3BV6f2/QzfZEFbCd+rTak1fGRRA= -github.com/go-git/go-billy/v6 v6.0.0-20250627091229-31e2a16eef30/go.mod h1:snwvGrbywVFy2d6KJdQ132zapq4aLyzLMgpo79XdEfM= -github.com/go-git/go-git-fixtures/v5 v5.1.1 h1:OH8i1ojV9bWfr0ZfasfpgtUXQHQyVS8HXik/V1C099w= -github.com/go-git/go-git-fixtures/v5 v5.1.1/go.mod h1:Altk43lx3b1ks+dVoAG2300o5WWUnktvfY3VI6bcaXU= -github.com/go-git/go-git/v6 v6.0.0-20251009132922-75a182125145 h1:C/oVxHd6KkkuvthQ/StZfHzZK07gl6xjfCfT3derko0= -github.com/go-git/go-git/v6 v6.0.0-20251009132922-75a182125145/go.mod h1:gR+xpbL+o1wuJJDwRN4pOkpNwDS0D24Eo4AD5Aau2DY= -github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= -github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= -github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= -github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= -github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= -github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= -github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs= -github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= -github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= -github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= -github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= -github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk= -github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= -github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= -github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= -github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= -github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kevinburke/ssh_config v1.4.0 h1:6xxtP5bZ2E4NF5tuQulISpTO2z8XbtH8cg1PWkxoFkQ= -github.com/kevinburke/ssh_config v1.4.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= -github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= -github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= -github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= -github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= -github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag= -github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= -github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= -github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw= -github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= -github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= -github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.66 h1:bnTOXOHjOqv/gcMuiVbN9o2ngRItvqE774dG9nq0Dzw= -github.com/minio/minio-go/v7 v7.0.66/go.mod h1:DHAgmyQEGdW3Cif0UooKOyrT3Vxs82zNdV6tkKhRtbs= -github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= -github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= -github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= -github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= -github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= -github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc= -github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk= -github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w= -github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= -github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= -github.com/pjbgf/sha1cd v0.5.0 h1:a+UkboSi1znleCDUNT3M5YxjOnN1fz2FhN48FlwCxs0= -github.com/pjbgf/sha1cd v0.5.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo= -github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM= -github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= -github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= -github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= -github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= -github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= -github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= -github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= -github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= -github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= -github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= -github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= -github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= -github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= -github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/tiktoken-go/tokenizer v0.7.0 h1:VMu6MPT0bXFDHr7UPh9uii7CNItVt3X9K90omxL54vw= -github.com/tiktoken-go/tokenizer v0.7.0/go.mod h1:6UCYI/DtOallbmL7sSy30p6YQv60qNyU/4aVigPOx6w= -github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= -github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= -github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE= -github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= -github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= -github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= -golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc= -golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= -golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= -golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= -golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= -gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis= -modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= -modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc= -modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM= -modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA= -modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc= -modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI= -modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito= -modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE= -modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY= -modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks= -modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI= -modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI= -modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE= -modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= -modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= -modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI= -modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw= -modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8= -modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns= -modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w= -modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE= -modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU= -modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA= -modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= -modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= -modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= -modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= -nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= diff --git a/.worktrees/config/m/config-build/active/internal/access/config_access/provider.go b/.worktrees/config/m/config-build/active/internal/access/config_access/provider.go deleted file mode 100644 index 84e8abcb0e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/access/config_access/provider.go +++ /dev/null @@ -1,141 +0,0 @@ -package configaccess - -import ( - "context" - "net/http" - "strings" - - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -// Register ensures the config-access provider is available to the access manager. -func Register(cfg *sdkconfig.SDKConfig) { - if cfg == nil { - sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) - return - } - - keys := normalizeKeys(cfg.APIKeys) - if len(keys) == 0 { - sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) - return - } - - sdkaccess.RegisterProvider( - sdkaccess.AccessProviderTypeConfigAPIKey, - newProvider(sdkaccess.DefaultAccessProviderName, keys), - ) -} - -type provider struct { - name string - keys map[string]struct{} -} - -func newProvider(name string, keys []string) *provider { - providerName := strings.TrimSpace(name) - if providerName == "" { - providerName = sdkaccess.DefaultAccessProviderName - } - keySet := make(map[string]struct{}, len(keys)) - for _, key := range keys { - keySet[key] = struct{}{} - } - return &provider{name: providerName, keys: keySet} -} - -func (p *provider) Identifier() string { - if p == nil || p.name == "" { - return sdkaccess.DefaultAccessProviderName - } - return p.name -} - -func (p *provider) Authenticate(_ context.Context, r *http.Request) (*sdkaccess.Result, *sdkaccess.AuthError) { - if p == nil { - return nil, sdkaccess.NewNotHandledError() - } - if len(p.keys) == 0 { - return nil, sdkaccess.NewNotHandledError() - } - authHeader := r.Header.Get("Authorization") - authHeaderGoogle := r.Header.Get("X-Goog-Api-Key") - authHeaderAnthropic := r.Header.Get("X-Api-Key") - queryKey := "" - queryAuthToken := "" - if r.URL != nil { - queryKey = r.URL.Query().Get("key") - queryAuthToken = r.URL.Query().Get("auth_token") - } - if authHeader == "" && authHeaderGoogle == "" && authHeaderAnthropic == "" && queryKey == "" && queryAuthToken == "" { - return nil, sdkaccess.NewNoCredentialsError() - } - - apiKey := extractBearerToken(authHeader) - - candidates := []struct { - value string - source string - }{ - {apiKey, "authorization"}, - {authHeaderGoogle, "x-goog-api-key"}, - {authHeaderAnthropic, "x-api-key"}, - {queryKey, "query-key"}, - {queryAuthToken, "query-auth-token"}, - } - - for _, candidate := range candidates { - if candidate.value == "" { - continue - } - if _, ok := p.keys[candidate.value]; ok { - return &sdkaccess.Result{ - Provider: p.Identifier(), - Principal: candidate.value, - Metadata: map[string]string{ - "source": candidate.source, - }, - }, nil - } - } - - return nil, sdkaccess.NewInvalidCredentialError() -} - -func extractBearerToken(header string) string { - if header == "" { - return "" - } - parts := strings.SplitN(header, " ", 2) - if len(parts) != 2 { - return header - } - if strings.ToLower(parts[0]) != "bearer" { - return header - } - return strings.TrimSpace(parts[1]) -} - -func normalizeKeys(keys []string) []string { - if len(keys) == 0 { - return nil - } - normalized := make([]string, 0, len(keys)) - seen := make(map[string]struct{}, len(keys)) - for _, key := range keys { - trimmedKey := strings.TrimSpace(key) - if trimmedKey == "" { - continue - } - if _, exists := seen[trimmedKey]; exists { - continue - } - seen[trimmedKey] = struct{}{} - normalized = append(normalized, trimmedKey) - } - if len(normalized) == 0 { - return nil - } - return normalized -} diff --git a/.worktrees/config/m/config-build/active/internal/access/reconcile.go b/.worktrees/config/m/config-build/active/internal/access/reconcile.go deleted file mode 100644 index 36601f9998..0000000000 --- a/.worktrees/config/m/config-build/active/internal/access/reconcile.go +++ /dev/null @@ -1,127 +0,0 @@ -package access - -import ( - "fmt" - "reflect" - "sort" - "strings" - - configaccess "github.com/router-for-me/CLIProxyAPI/v6/internal/access/config_access" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - log "github.com/sirupsen/logrus" -) - -// ReconcileProviders builds the desired provider list by reusing existing providers when possible -// and creating or removing providers only when their configuration changed. It returns the final -// ordered provider slice along with the identifiers of providers that were added, updated, or -// removed compared to the previous configuration. -func ReconcileProviders(oldCfg, newCfg *config.Config, existing []sdkaccess.Provider) (result []sdkaccess.Provider, added, updated, removed []string, err error) { - _ = oldCfg - if newCfg == nil { - return nil, nil, nil, nil, nil - } - - result = sdkaccess.RegisteredProviders() - - existingMap := make(map[string]sdkaccess.Provider, len(existing)) - for _, provider := range existing { - providerID := identifierFromProvider(provider) - if providerID == "" { - continue - } - existingMap[providerID] = provider - } - - finalIDs := make(map[string]struct{}, len(result)) - - isInlineProvider := func(id string) bool { - return strings.EqualFold(id, sdkaccess.DefaultAccessProviderName) - } - appendChange := func(list *[]string, id string) { - if isInlineProvider(id) { - return - } - *list = append(*list, id) - } - - for _, provider := range result { - providerID := identifierFromProvider(provider) - if providerID == "" { - continue - } - finalIDs[providerID] = struct{}{} - - existingProvider, exists := existingMap[providerID] - if !exists { - appendChange(&added, providerID) - continue - } - if !providerInstanceEqual(existingProvider, provider) { - appendChange(&updated, providerID) - } - } - - for providerID := range existingMap { - if _, exists := finalIDs[providerID]; exists { - continue - } - appendChange(&removed, providerID) - } - - sort.Strings(added) - sort.Strings(updated) - sort.Strings(removed) - - return result, added, updated, removed, nil -} - -// ApplyAccessProviders reconciles the configured access providers against the -// currently registered providers and updates the manager. It logs a concise -// summary of the detected changes and returns whether any provider changed. -func ApplyAccessProviders(manager *sdkaccess.Manager, oldCfg, newCfg *config.Config) (bool, error) { - if manager == nil || newCfg == nil { - return false, nil - } - - existing := manager.Providers() - configaccess.Register(&newCfg.SDKConfig) - providers, added, updated, removed, err := ReconcileProviders(oldCfg, newCfg, existing) - if err != nil { - log.Errorf("failed to reconcile request auth providers: %v", err) - return false, fmt.Errorf("reconciling access providers: %w", err) - } - - manager.SetProviders(providers) - - if len(added)+len(updated)+len(removed) > 0 { - log.Debugf("auth providers reconciled (added=%d updated=%d removed=%d)", len(added), len(updated), len(removed)) - log.Debugf("auth providers changes details - added=%v updated=%v removed=%v", added, updated, removed) - return true, nil - } - - log.Debug("auth providers unchanged after config update") - return false, nil -} - -func identifierFromProvider(provider sdkaccess.Provider) string { - if provider == nil { - return "" - } - return strings.TrimSpace(provider.Identifier()) -} - -func providerInstanceEqual(a, b sdkaccess.Provider) bool { - if a == nil || b == nil { - return a == nil && b == nil - } - if reflect.TypeOf(a) != reflect.TypeOf(b) { - return false - } - valueA := reflect.ValueOf(a) - valueB := reflect.ValueOf(b) - if valueA.Kind() == reflect.Pointer && valueB.Kind() == reflect.Pointer { - return valueA.Pointer() == valueB.Pointer() - } - return reflect.DeepEqual(a, b) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools.go deleted file mode 100644 index 48774343e9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools.go +++ /dev/null @@ -1,1197 +0,0 @@ -package management - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/geminicli" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -const defaultAPICallTimeout = 60 * time.Second - -// OAuth credentials should be loaded from environment variables or config, not hardcoded -// Placeholder values - replace with env var lookups in production -var geminiOAuthClientID = os.Getenv("GEMINI_OAUTH_CLIENT_ID") -var geminiOAuthClientSecret = os.Getenv("GEMINI_OAUTH_CLIENT_SECRET") - -func init() { - // Allow env override for OAuth credentials - if geminiOAuthClientID == "" { - geminiOAuthClientID = "PLACEHOLDER_SET_FROM_CONFIG" - } - if geminiOAuthClientSecret == "" { - geminiOAuthClientSecret = "PLACEHOLDER_SET_FROM_CONFIG" - } -} - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// OAuth credentials loaded from environment variables - never hardcode -var antigravityOAuthClientID = os.Getenv("ANTIGRAVITY_OAUTH_CLIENT_ID") -var antigravityOAuthClientSecret = os.Getenv("ANTIGRAVITY_OAUTH_CLIENT_SECRET") - -var antigravityOAuthTokenURL = "https://oauth2.googleapis.com/token" - -type apiCallRequest struct { - AuthIndexSnake *string `json:"auth_index"` - AuthIndexCamel *string `json:"authIndex"` - AuthIndexPascal *string `json:"AuthIndex"` - Method string `json:"method"` - URL string `json:"url"` - Header map[string]string `json:"header"` - Data string `json:"data"` -} - -type apiCallResponse struct { - StatusCode int `json:"status_code"` - Header map[string][]string `json:"header"` - Body string `json:"body"` - Quota *QuotaSnapshots `json:"quota,omitempty"` -} - -// APICall makes a generic HTTP request on behalf of the management API caller. -// It is protected by the management middleware. -// -// Endpoint: -// -// POST /v0/management/api-call -// -// Authentication: -// -// Same as other management APIs (requires a management key and remote-management rules). -// You can provide the key via: -// - Authorization: Bearer -// - X-Management-Key: -// -// Request JSON (supports both application/json and application/cbor): -// - auth_index / authIndex / AuthIndex (optional): -// The credential "auth_index" from GET /v0/management/auth-files (or other endpoints returning it). -// If omitted or not found, credential-specific proxy/token substitution is skipped. -// - method (required): HTTP method, e.g. GET, POST, PUT, PATCH, DELETE. -// - url (required): Absolute URL including scheme and host, e.g. "https://api.example.com/v1/ping". -// - header (optional): Request headers map. -// Supports magic variable "$TOKEN$" which is replaced using the selected credential: -// 1) metadata.access_token -// 2) attributes.api_key -// 3) metadata.token / metadata.id_token / metadata.cookie -// Example: {"Authorization":"Bearer $TOKEN$"}. -// Note: if you need to override the HTTP Host header, set header["Host"]. -// - data (optional): Raw request body as string (useful for POST/PUT/PATCH). -// -// Proxy selection (highest priority first): -// 1. Selected credential proxy_url -// 2. Global config proxy-url -// 3. Direct connect (environment proxies are not used) -// -// Response (returned with HTTP 200 when the APICall itself succeeds): -// -// Format matches request Content-Type (application/json or application/cbor) -// - status_code: Upstream HTTP status code. -// - header: Upstream response headers. -// - body: Upstream response body as string. -// - quota (optional): For GitHub Copilot enterprise accounts, contains quota_snapshots -// with details for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer " \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"GET","url":"https://api.example.com/v1/ping","header":{"Authorization":"Bearer $TOKEN$"}}' -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer 831227" \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"POST","url":"https://api.example.com/v1/fetchAvailableModels","header":{"Authorization":"Bearer $TOKEN$","Content-Type":"application/json","User-Agent":"cliproxyapi"},"data":"{}"}' -func (h *Handler) APICall(c *gin.Context) { - // Detect content type - contentType := strings.ToLower(strings.TrimSpace(c.GetHeader("Content-Type"))) - isCBOR := strings.Contains(contentType, "application/cbor") - - var body apiCallRequest - - // Parse request body based on content type - if isCBOR { - rawBody, errRead := io.ReadAll(c.Request.Body) - if errRead != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - if errUnmarshal := cbor.Unmarshal(rawBody, &body); errUnmarshal != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid cbor body"}) - return - } - } else { - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - } - - method := strings.ToUpper(strings.TrimSpace(body.Method)) - if method == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing method"}) - return - } - - urlStr := strings.TrimSpace(body.URL) - if urlStr == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing url"}) - return - } - parsedURL, errParseURL := url.Parse(urlStr) - if errParseURL != nil || parsedURL.Scheme == "" || parsedURL.Host == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid url"}) - return - } - - authIndex := firstNonEmptyString(body.AuthIndexSnake, body.AuthIndexCamel, body.AuthIndexPascal) - auth := h.authByIndex(authIndex) - - reqHeaders := body.Header - if reqHeaders == nil { - reqHeaders = map[string]string{} - } - - var hostOverride string - var token string - var tokenResolved bool - var tokenErr error - for key, value := range reqHeaders { - if !strings.Contains(value, "$TOKEN$") { - continue - } - if !tokenResolved { - token, tokenErr = h.resolveTokenForAuth(c.Request.Context(), auth) - tokenResolved = true - } - if auth != nil && token == "" { - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token refresh failed"}) - return - } - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token not found"}) - return - } - if token == "" { - continue - } - reqHeaders[key] = strings.ReplaceAll(value, "$TOKEN$", token) - } - - // When caller indicates CBOR in request headers, convert JSON string payload to CBOR bytes. - useCBORPayload := headerContainsValue(reqHeaders, "Content-Type", "application/cbor") - - var requestBody io.Reader - if body.Data != "" { - if useCBORPayload { - cborPayload, errEncode := encodeJSONStringToCBOR(body.Data) - if errEncode != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json data for cbor content-type"}) - return - } - requestBody = bytes.NewReader(cborPayload) - } else { - requestBody = strings.NewReader(body.Data) - } - } - - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), method, urlStr, requestBody) - if errNewRequest != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to build request"}) - return - } - - for key, value := range reqHeaders { - if strings.EqualFold(key, "host") { - hostOverride = strings.TrimSpace(value) - continue - } - req.Header.Set(key, value) - } - if hostOverride != "" { - req.Host = hostOverride - } - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - } - httpClient.Transport = h.apiCallTransport(auth) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("management APICall request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - // For CBOR upstream responses, decode into plain text or JSON string before returning. - responseBodyText := string(respBody) - if headerContainsValue(reqHeaders, "Accept", "application/cbor") || strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "application/cbor") { - if decodedBody, errDecode := decodeCBORBodyToTextOrJSON(respBody); errDecode == nil { - responseBodyText = decodedBody - } - } - - response := apiCallResponse{ - StatusCode: resp.StatusCode, - Header: resp.Header, - Body: responseBodyText, - } - - // If this is a GitHub Copilot token endpoint response, try to enrich with quota information - if resp.StatusCode == http.StatusOK && - strings.Contains(urlStr, "copilot_internal") && - strings.Contains(urlStr, "/token") { - response = h.enrichCopilotTokenResponse(c.Request.Context(), response, auth, urlStr) - } - - // Return response in the same format as the request - if isCBOR { - cborData, errMarshal := cbor.Marshal(response) - if errMarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to encode cbor response"}) - return - } - c.Data(http.StatusOK, "application/cbor", cborData) - } else { - c.JSON(http.StatusOK, response) - } -} - -func firstNonEmptyString(values ...*string) string { - for _, v := range values { - if v == nil { - continue - } - if out := strings.TrimSpace(*v); out != "" { - return out - } - } - return "" -} - -func tokenValueForAuth(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if v := tokenValueFromMetadata(auth.Metadata); v != "" { - return v - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - return v - } - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if v := tokenValueFromMetadata(shared.MetadataSnapshot()); v != "" { - return v - } - } - return "" -} - -func (h *Handler) resolveTokenForAuth(ctx context.Context, auth *coreauth.Auth) (string, error) { - if auth == nil { - return "", nil - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider == "gemini-cli" { - token, errToken := h.refreshGeminiOAuthAccessToken(ctx, auth) - return token, errToken - } - if provider == "antigravity" { - token, errToken := h.refreshAntigravityOAuthAccessToken(ctx, auth) - return token, errToken - } - - return tokenValueForAuth(auth), nil -} - -func (h *Handler) refreshGeminiOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata, updater := geminiOAuthMetadata(auth) - if len(metadata) == 0 { - return "", fmt.Errorf("gemini oauth metadata missing") - } - - base := make(map[string]any) - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, errMarshal := json.Marshal(base); errMarshal == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, errParseTime := time.Parse(time.RFC3339, expiry); errParseTime == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - - src := conf.TokenSource(ctxToken, &token) - currentToken, errToken := src.Token() - if errToken != nil { - return "", errToken - } - - merged := buildOAuthTokenMap(base, currentToken) - fields := buildOAuthTokenFields(currentToken, merged) - if updater != nil { - updater(fields) - } - return strings.TrimSpace(currentToken.AccessToken), nil -} - -func (h *Handler) refreshAntigravityOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata := auth.Metadata - if len(metadata) == 0 { - return "", fmt.Errorf("antigravity oauth metadata missing") - } - - current := strings.TrimSpace(tokenValueFromMetadata(metadata)) - if current != "" && !antigravityTokenNeedsRefresh(metadata) { - return current, nil - } - - refreshToken := stringValue(metadata, "refresh_token") - if refreshToken == "" { - return "", fmt.Errorf("antigravity refresh token missing") - } - - tokenURL := strings.TrimSpace(antigravityOAuthTokenURL) - if tokenURL == "" { - tokenURL = "https://oauth2.googleapis.com/token" - } - form := url.Values{} - form.Set("client_id", antigravityOAuthClientID) - form.Set("client_secret", antigravityOAuthClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - req, errReq := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(form.Encode())) - if errReq != nil { - return "", errReq - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - resp, errDo := httpClient.Do(req) - if errDo != nil { - return "", errDo - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", errRead - } - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("antigravity oauth token refresh failed: status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return "", errUnmarshal - } - - if strings.TrimSpace(tokenResp.AccessToken) == "" { - return "", fmt.Errorf("antigravity oauth token refresh returned empty access_token") - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - now := time.Now() - auth.Metadata["access_token"] = strings.TrimSpace(tokenResp.AccessToken) - if strings.TrimSpace(tokenResp.RefreshToken) != "" { - auth.Metadata["refresh_token"] = strings.TrimSpace(tokenResp.RefreshToken) - } - if tokenResp.ExpiresIn > 0 { - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - } - auth.Metadata["type"] = "antigravity" - - if h != nil && h.authManager != nil { - auth.LastRefreshedAt = now - auth.UpdatedAt = now - _, _ = h.authManager.Update(ctx, auth) - } - - return strings.TrimSpace(tokenResp.AccessToken), nil -} - -func antigravityTokenNeedsRefresh(metadata map[string]any) bool { - // Refresh a bit early to avoid requests racing token expiry. - const skew = 30 * time.Second - - if metadata == nil { - return true - } - if expStr, ok := metadata["expired"].(string); ok { - if ts, errParse := time.Parse(time.RFC3339, strings.TrimSpace(expStr)); errParse == nil { - return !ts.After(time.Now().Add(skew)) - } - } - expiresIn := int64Value(metadata["expires_in"]) - timestampMs := int64Value(metadata["timestamp"]) - if expiresIn > 0 && timestampMs > 0 { - exp := time.UnixMilli(timestampMs).Add(time.Duration(expiresIn) * time.Second) - return !exp.After(time.Now().Add(skew)) - } - return true -} - -func int64Value(raw any) int64 { - switch typed := raw.(type) { - case int: - return int64(typed) - case int32: - return int64(typed) - case int64: - return typed - case uint: - return int64(typed) - case uint32: - return int64(typed) - case uint64: - if typed > uint64(^uint64(0)>>1) { - return 0 - } - return int64(typed) - case float32: - return int64(typed) - case float64: - return int64(typed) - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i - } - case string: - if s := strings.TrimSpace(typed); s != "" { - if i, errParse := json.Number(s).Int64(); errParse == nil { - return i - } - } - } - return 0 -} - -func geminiOAuthMetadata(auth *coreauth.Auth) (map[string]any, func(map[string]any)) { - if auth == nil { - return nil, nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - snapshot := shared.MetadataSnapshot() - return snapshot, func(fields map[string]any) { shared.MergeMetadata(fields) } - } - return auth.Metadata, func(fields map[string]any) { - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } - } -} - -func stringValue(metadata map[string]any, key string) string { - if len(metadata) == 0 || key == "" { - return "" - } - if v, ok := metadata[key].(string); ok { - return strings.TrimSpace(v) - } - return "" -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func buildOAuthTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if tok == nil { - return merged - } - if raw, errMarshal := json.Marshal(tok); errMarshal == nil { - var tokenMap map[string]any - if errUnmarshal := json.Unmarshal(raw, &tokenMap); errUnmarshal == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildOAuthTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok != nil && tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok != nil && tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok != nil && tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if tok != nil && !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func tokenValueFromMetadata(metadata map[string]any) string { - if len(metadata) == 0 { - return "" - } - if v, ok := metadata["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if tokenRaw, ok := metadata["token"]; ok && tokenRaw != nil { - switch typed := tokenRaw.(type) { - case string: - if v := strings.TrimSpace(typed); v != "" { - return v - } - case map[string]any: - if v, ok := typed["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := typed["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - case map[string]string: - if v := strings.TrimSpace(typed["access_token"]); v != "" { - return v - } - if v := strings.TrimSpace(typed["accessToken"]); v != "" { - return v - } - } - } - if v, ok := metadata["token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["id_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["cookie"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - return "" -} - -func (h *Handler) authByIndex(authIndex string) *coreauth.Auth { - authIndex = strings.TrimSpace(authIndex) - if authIndex == "" || h == nil || h.authManager == nil { - return nil - } - auths := h.authManager.List() - for _, auth := range auths { - if auth == nil { - continue - } - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - return nil -} - -func (h *Handler) apiCallTransport(auth *coreauth.Auth) http.RoundTripper { - var proxyCandidates []string - if auth != nil { - if proxyStr := strings.TrimSpace(auth.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - } - } - if h != nil && h.cfg != nil { - if proxyStr := strings.TrimSpace(h.cfg.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - } - } - - for _, proxyStr := range proxyCandidates { - if transport := buildProxyTransport(proxyStr); transport != nil { - return transport - } - } - - transport, ok := http.DefaultTransport.(*http.Transport) - if !ok || transport == nil { - return &http.Transport{Proxy: nil} - } - clone := transport.Clone() - clone.Proxy = nil - return clone -} - -func buildProxyTransport(proxyStr string) *http.Transport { - proxyStr = strings.TrimSpace(proxyStr) - if proxyStr == "" { - return nil - } - - proxyURL, errParse := url.Parse(proxyStr) - if errParse != nil { - log.WithError(errParse).Debug("parse proxy URL failed") - return nil - } - if proxyURL.Scheme == "" || proxyURL.Host == "" { - log.Debug("proxy URL missing scheme/host") - return nil - } - - if proxyURL.Scheme == "socks5" { - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.WithError(errSOCKS5).Debug("create SOCKS5 dialer failed") - return nil - } - return &http.Transport{ - Proxy: nil, - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } - - if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - return &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - - log.Debugf("unsupported proxy scheme: %s", proxyURL.Scheme) - return nil -} - -// headerContainsValue checks whether a header map contains a target value (case-insensitive key and value). -func headerContainsValue(headers map[string]string, targetKey, targetValue string) bool { - if len(headers) == 0 { - return false - } - for key, value := range headers { - if !strings.EqualFold(strings.TrimSpace(key), strings.TrimSpace(targetKey)) { - continue - } - if strings.Contains(strings.ToLower(value), strings.ToLower(strings.TrimSpace(targetValue))) { - return true - } - } - return false -} - -// encodeJSONStringToCBOR converts a JSON string payload into CBOR bytes. -func encodeJSONStringToCBOR(jsonString string) ([]byte, error) { - var payload any - if errUnmarshal := json.Unmarshal([]byte(jsonString), &payload); errUnmarshal != nil { - return nil, errUnmarshal - } - return cbor.Marshal(payload) -} - -// decodeCBORBodyToTextOrJSON decodes CBOR bytes to plain text (for string payloads) or JSON string. -func decodeCBORBodyToTextOrJSON(raw []byte) (string, error) { - if len(raw) == 0 { - return "", nil - } - - var payload any - if errUnmarshal := cbor.Unmarshal(raw, &payload); errUnmarshal != nil { - return "", errUnmarshal - } - - jsonCompatible := cborValueToJSONCompatible(payload) - switch typed := jsonCompatible.(type) { - case string: - return typed, nil - case []byte: - return string(typed), nil - default: - jsonBytes, errMarshal := json.Marshal(jsonCompatible) - if errMarshal != nil { - return "", errMarshal - } - return string(jsonBytes), nil - } -} - -// cborValueToJSONCompatible recursively converts CBOR-decoded values into JSON-marshalable values. -func cborValueToJSONCompatible(value any) any { - switch typed := value.(type) { - case map[any]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[fmt.Sprint(key)] = cborValueToJSONCompatible(item) - } - return out - case map[string]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[key] = cborValueToJSONCompatible(item) - } - return out - case []any: - out := make([]any, len(typed)) - for i, item := range typed { - out[i] = cborValueToJSONCompatible(item) - } - return out - default: - return typed - } -} - -// QuotaDetail represents quota information for a specific resource type -type QuotaDetail struct { - Entitlement float64 `json:"entitlement"` - OverageCount float64 `json:"overage_count"` - OveragePermitted bool `json:"overage_permitted"` - PercentRemaining float64 `json:"percent_remaining"` - QuotaID string `json:"quota_id"` - QuotaRemaining float64 `json:"quota_remaining"` - Remaining float64 `json:"remaining"` - Unlimited bool `json:"unlimited"` -} - -// QuotaSnapshots contains quota details for different resource types -type QuotaSnapshots struct { - Chat QuotaDetail `json:"chat"` - Completions QuotaDetail `json:"completions"` - PremiumInteractions QuotaDetail `json:"premium_interactions"` -} - -// CopilotUsageResponse represents the GitHub Copilot usage information -type CopilotUsageResponse struct { - AccessTypeSKU string `json:"access_type_sku"` - AnalyticsTrackingID string `json:"analytics_tracking_id"` - AssignedDate string `json:"assigned_date"` - CanSignupForLimited bool `json:"can_signup_for_limited"` - ChatEnabled bool `json:"chat_enabled"` - CopilotPlan string `json:"copilot_plan"` - OrganizationLoginList []interface{} `json:"organization_login_list"` - OrganizationList []interface{} `json:"organization_list"` - QuotaResetDate string `json:"quota_reset_date"` - QuotaSnapshots QuotaSnapshots `json:"quota_snapshots"` -} - -type copilotQuotaRequest struct { - AuthIndexSnake *string `json:"auth_index"` - AuthIndexCamel *string `json:"authIndex"` - AuthIndexPascal *string `json:"AuthIndex"` -} - -// GetCopilotQuota fetches GitHub Copilot quota information from the /copilot_internal/user endpoint. -// -// Endpoint: -// -// GET /v0/management/copilot-quota -// -// Query Parameters (optional): -// - auth_index: The credential "auth_index" from GET /v0/management/auth-files. -// If omitted, uses the first available GitHub Copilot credential. -// -// Response: -// -// Returns the CopilotUsageResponse with quota_snapshots containing detailed quota information -// for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X GET "http://127.0.0.1:8317/v0/management/copilot-quota?auth_index=" \ -// -H "Authorization: Bearer " -func (h *Handler) GetCopilotQuota(c *gin.Context) { - authIndex := strings.TrimSpace(c.Query("auth_index")) - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("authIndex")) - } - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("AuthIndex")) - } - - auth := h.findCopilotAuth(authIndex) - if auth == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "no github copilot credential found"}) - return - } - - token, tokenErr := h.resolveTokenForAuth(c.Request.Context(), auth) - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to refresh copilot token"}) - return - } - if token == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "copilot token not found"}) - return - } - - apiURL := "https://api.github.com/copilot_internal/user" - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, apiURL, nil) - if errNewRequest != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to build request"}) - return - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "CLIProxyAPIPlus") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("copilot quota request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - if resp.StatusCode != http.StatusOK { - c.JSON(http.StatusBadGateway, gin.H{ - "error": "github api request failed", - "status_code": resp.StatusCode, - "body": string(respBody), - }) - return - } - - var usage CopilotUsageResponse - if errUnmarshal := json.Unmarshal(respBody, &usage); errUnmarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to parse response"}) - return - } - - c.JSON(http.StatusOK, usage) -} - -// findCopilotAuth locates a GitHub Copilot credential by auth_index or returns the first available one -func (h *Handler) findCopilotAuth(authIndex string) *coreauth.Auth { - if h == nil || h.authManager == nil { - return nil - } - - auths := h.authManager.List() - var firstCopilot *coreauth.Auth - - for _, auth := range auths { - if auth == nil { - continue - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider != "copilot" && provider != "github" && provider != "github-copilot" { - continue - } - - if firstCopilot == nil { - firstCopilot = auth - } - - if authIndex != "" { - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - } - - return firstCopilot -} - -// enrichCopilotTokenResponse fetches quota information and adds it to the Copilot token response body -func (h *Handler) enrichCopilotTokenResponse(ctx context.Context, response apiCallResponse, auth *coreauth.Auth, originalURL string) apiCallResponse { - if auth == nil || response.Body == "" { - return response - } - - // Parse the token response to check if it's enterprise (null limited_user_quotas) - var tokenResp map[string]interface{} - if err := json.Unmarshal([]byte(response.Body), &tokenResp); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse copilot token response") - return response - } - - // Get the GitHub token to call the copilot_internal/user endpoint - token, tokenErr := h.resolveTokenForAuth(ctx, auth) - if tokenErr != nil { - log.WithError(tokenErr).Debug("enrichCopilotTokenResponse: failed to resolve token") - return response - } - if token == "" { - return response - } - - // Fetch quota information from /copilot_internal/user - // Derive the base URL from the original token request to support proxies and test servers - parsedURL, errParse := url.Parse(originalURL) - if errParse != nil { - log.WithError(errParse).Debug("enrichCopilotTokenResponse: failed to parse URL") - return response - } - quotaURL := fmt.Sprintf("%s://%s/copilot_internal/user", parsedURL.Scheme, parsedURL.Host) - - req, errNewRequest := http.NewRequestWithContext(ctx, http.MethodGet, quotaURL, nil) - if errNewRequest != nil { - log.WithError(errNewRequest).Debug("enrichCopilotTokenResponse: failed to build request") - return response - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "CLIProxyAPIPlus") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - quotaResp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("enrichCopilotTokenResponse: quota fetch HTTP request failed") - return response - } - - defer func() { - if errClose := quotaResp.Body.Close(); errClose != nil { - log.Errorf("quota response body close error: %v", errClose) - } - }() - - if quotaResp.StatusCode != http.StatusOK { - return response - } - - quotaBody, errReadAll := io.ReadAll(quotaResp.Body) - if errReadAll != nil { - log.WithError(errReadAll).Debug("enrichCopilotTokenResponse: failed to read response") - return response - } - - // Parse the quota response - var quotaData CopilotUsageResponse - if err := json.Unmarshal(quotaBody, "aData); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse response") - return response - } - - // Check if this is an enterprise account by looking for quota_snapshots in the response - // Enterprise accounts have quota_snapshots, non-enterprise have limited_user_quotas - var quotaRaw map[string]interface{} - if err := json.Unmarshal(quotaBody, "aRaw); err == nil { - if _, hasQuotaSnapshots := quotaRaw["quota_snapshots"]; hasQuotaSnapshots { - // Enterprise account - has quota_snapshots - tokenResp["quota_snapshots"] = quotaData.QuotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for enterprise (quota_reset_date_utc) - if quotaResetDateUTC, ok := quotaRaw["quota_reset_date_utc"]; ok { - tokenResp["quota_reset_date"] = quotaResetDateUTC - } else if quotaData.QuotaResetDate != "" { - tokenResp["quota_reset_date"] = quotaData.QuotaResetDate - } - } else { - // Non-enterprise account - build quota from limited_user_quotas and monthly_quotas - var quotaSnapshots QuotaSnapshots - - // Get monthly quotas (total entitlement) and limited_user_quotas (remaining) - monthlyQuotas, hasMonthly := quotaRaw["monthly_quotas"].(map[string]interface{}) - limitedQuotas, hasLimited := quotaRaw["limited_user_quotas"].(map[string]interface{}) - - // Process chat quota - if hasMonthly && hasLimited { - if chatTotal, ok := monthlyQuotas["chat"].(float64); ok { - chatRemaining := chatTotal // default to full if no limited quota - if chatLimited, ok := limitedQuotas["chat"].(float64); ok { - chatRemaining = chatLimited - } - percentRemaining := 0.0 - if chatTotal > 0 { - percentRemaining = (chatRemaining / chatTotal) * 100.0 - } - quotaSnapshots.Chat = QuotaDetail{ - Entitlement: chatTotal, - Remaining: chatRemaining, - QuotaRemaining: chatRemaining, - PercentRemaining: percentRemaining, - QuotaID: "chat", - Unlimited: false, - } - } - - // Process completions quota - if completionsTotal, ok := monthlyQuotas["completions"].(float64); ok { - completionsRemaining := completionsTotal // default to full if no limited quota - if completionsLimited, ok := limitedQuotas["completions"].(float64); ok { - completionsRemaining = completionsLimited - } - percentRemaining := 0.0 - if completionsTotal > 0 { - percentRemaining = (completionsRemaining / completionsTotal) * 100.0 - } - quotaSnapshots.Completions = QuotaDetail{ - Entitlement: completionsTotal, - Remaining: completionsRemaining, - QuotaRemaining: completionsRemaining, - PercentRemaining: percentRemaining, - QuotaID: "completions", - Unlimited: false, - } - } - } - - // Premium interactions don't exist for non-enterprise, leave as zero values - quotaSnapshots.PremiumInteractions = QuotaDetail{ - QuotaID: "premium_interactions", - Unlimited: false, - } - - // Add quota_snapshots to the token response - tokenResp["quota_snapshots"] = quotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for non-enterprise (limited_user_reset_date) - if limitedResetDate, ok := quotaRaw["limited_user_reset_date"]; ok { - tokenResp["quota_reset_date"] = limitedResetDate - } - } - } - - // Re-serialize the enriched response - enrichedBody, errMarshal := json.Marshal(tokenResp) - if errMarshal != nil { - log.WithError(errMarshal).Debug("failed to marshal enriched response") - return response - } - - response.Body = string(enrichedBody) - - return response -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_cbor_test.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_cbor_test.go deleted file mode 100644 index 8b7570a916..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_cbor_test.go +++ /dev/null @@ -1,149 +0,0 @@ -package management - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "testing" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" -) - -func TestAPICall_CBOR_Support(t *testing.T) { - gin.SetMode(gin.TestMode) - - // Create a test handler - h := &Handler{} - - // Create test request data - reqData := apiCallRequest{ - Method: "GET", - URL: "https://httpbin.org/get", - Header: map[string]string{ - "User-Agent": "test-client", - }, - } - - t.Run("JSON request and response", func(t *testing.T) { - // Marshal request as JSON - jsonData, err := json.Marshal(reqData) - if err != nil { - t.Fatalf("Failed to marshal JSON: %v", err) - } - - // Create HTTP request - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(jsonData)) - req.Header.Set("Content-Type", "application/json") - - // Create response recorder - w := httptest.NewRecorder() - - // Create Gin context - c, _ := gin.CreateTestContext(w) - c.Request = req - - // Call handler - h.APICall(c) - - // Verify response - if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { - t.Logf("Response status: %d", w.Code) - t.Logf("Response body: %s", w.Body.String()) - } - - // Check content type - contentType := w.Header().Get("Content-Type") - if w.Code == http.StatusOK && !contains(contentType, "application/json") { - t.Errorf("Expected JSON response, got: %s", contentType) - } - }) - - t.Run("CBOR request and response", func(t *testing.T) { - // Marshal request as CBOR - cborData, err := cbor.Marshal(reqData) - if err != nil { - t.Fatalf("Failed to marshal CBOR: %v", err) - } - - // Create HTTP request - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(cborData)) - req.Header.Set("Content-Type", "application/cbor") - - // Create response recorder - w := httptest.NewRecorder() - - // Create Gin context - c, _ := gin.CreateTestContext(w) - c.Request = req - - // Call handler - h.APICall(c) - - // Verify response - if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { - t.Logf("Response status: %d", w.Code) - t.Logf("Response body: %s", w.Body.String()) - } - - // Check content type - contentType := w.Header().Get("Content-Type") - if w.Code == http.StatusOK && !contains(contentType, "application/cbor") { - t.Errorf("Expected CBOR response, got: %s", contentType) - } - - // Try to decode CBOR response - if w.Code == http.StatusOK { - var response apiCallResponse - if err := cbor.Unmarshal(w.Body.Bytes(), &response); err != nil { - t.Errorf("Failed to unmarshal CBOR response: %v", err) - } else { - t.Logf("CBOR response decoded successfully: status_code=%d", response.StatusCode) - } - } - }) - - t.Run("CBOR encoding and decoding consistency", func(t *testing.T) { - // Test data - testReq := apiCallRequest{ - Method: "POST", - URL: "https://example.com/api", - Header: map[string]string{ - "Authorization": "Bearer $TOKEN$", - "Content-Type": "application/json", - }, - Data: `{"key":"value"}`, - } - - // Encode to CBOR - cborData, err := cbor.Marshal(testReq) - if err != nil { - t.Fatalf("Failed to marshal to CBOR: %v", err) - } - - // Decode from CBOR - var decoded apiCallRequest - if err := cbor.Unmarshal(cborData, &decoded); err != nil { - t.Fatalf("Failed to unmarshal from CBOR: %v", err) - } - - // Verify fields - if decoded.Method != testReq.Method { - t.Errorf("Method mismatch: got %s, want %s", decoded.Method, testReq.Method) - } - if decoded.URL != testReq.URL { - t.Errorf("URL mismatch: got %s, want %s", decoded.URL, testReq.URL) - } - if decoded.Data != testReq.Data { - t.Errorf("Data mismatch: got %s, want %s", decoded.Data, testReq.Data) - } - if len(decoded.Header) != len(testReq.Header) { - t.Errorf("Header count mismatch: got %d, want %d", len(decoded.Header), len(testReq.Header)) - } - }) -} - -func contains(s, substr string) bool { - return len(s) > 0 && len(substr) > 0 && (s == substr || len(s) >= len(substr) && s[:len(substr)] == substr || bytes.Contains([]byte(s), []byte(substr))) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_test.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_test.go deleted file mode 100644 index fecbee9cb8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/api_tools_test.go +++ /dev/null @@ -1,173 +0,0 @@ -package management - -import ( - "context" - "encoding/json" - "io" - "net/http" - "net/http/httptest" - "net/url" - "strings" - "sync" - "testing" - "time" - - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -type memoryAuthStore struct { - mu sync.Mutex - items map[string]*coreauth.Auth -} - -func (s *memoryAuthStore) List(ctx context.Context) ([]*coreauth.Auth, error) { - _ = ctx - s.mu.Lock() - defer s.mu.Unlock() - out := make([]*coreauth.Auth, 0, len(s.items)) - for _, a := range s.items { - out = append(out, a.Clone()) - } - return out, nil -} - -func (s *memoryAuthStore) Save(ctx context.Context, auth *coreauth.Auth) (string, error) { - _ = ctx - if auth == nil { - return "", nil - } - s.mu.Lock() - if s.items == nil { - s.items = make(map[string]*coreauth.Auth) - } - s.items[auth.ID] = auth.Clone() - s.mu.Unlock() - return auth.ID, nil -} - -func (s *memoryAuthStore) Delete(ctx context.Context, id string) error { - _ = ctx - s.mu.Lock() - delete(s.items, id) - s.mu.Unlock() - return nil -} - -func TestResolveTokenForAuth_Antigravity_RefreshesExpiredToken(t *testing.T) { - var callCount int - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - callCount++ - if r.Method != http.MethodPost { - t.Fatalf("expected POST, got %s", r.Method) - } - if ct := r.Header.Get("Content-Type"); !strings.HasPrefix(ct, "application/x-www-form-urlencoded") { - t.Fatalf("unexpected content-type: %s", ct) - } - bodyBytes, _ := io.ReadAll(r.Body) - _ = r.Body.Close() - values, err := url.ParseQuery(string(bodyBytes)) - if err != nil { - t.Fatalf("parse form: %v", err) - } - if values.Get("grant_type") != "refresh_token" { - t.Fatalf("unexpected grant_type: %s", values.Get("grant_type")) - } - if values.Get("refresh_token") != "rt" { - t.Fatalf("unexpected refresh_token: %s", values.Get("refresh_token")) - } - if values.Get("client_id") != antigravityOAuthClientID { - t.Fatalf("unexpected client_id: %s", values.Get("client_id")) - } - if values.Get("client_secret") != antigravityOAuthClientSecret { - t.Fatalf("unexpected client_secret") - } - - w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(map[string]any{ - "access_token": "new-token", - "refresh_token": "rt2", - "expires_in": int64(3600), - "token_type": "Bearer", - }) - })) - t.Cleanup(srv.Close) - - originalURL := antigravityOAuthTokenURL - antigravityOAuthTokenURL = srv.URL - t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - - auth := &coreauth.Auth{ - ID: "antigravity-test.json", - FileName: "antigravity-test.json", - Provider: "antigravity", - Metadata: map[string]any{ - "type": "antigravity", - "access_token": "old-token", - "refresh_token": "rt", - "expires_in": int64(3600), - "timestamp": time.Now().Add(-2 * time.Hour).UnixMilli(), - "expired": time.Now().Add(-1 * time.Hour).Format(time.RFC3339), - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - - h := &Handler{authManager: manager} - token, err := h.resolveTokenForAuth(context.Background(), auth) - if err != nil { - t.Fatalf("resolveTokenForAuth: %v", err) - } - if token != "new-token" { - t.Fatalf("expected refreshed token, got %q", token) - } - if callCount != 1 { - t.Fatalf("expected 1 refresh call, got %d", callCount) - } - - updated, ok := manager.GetByID(auth.ID) - if !ok || updated == nil { - t.Fatalf("expected auth in manager after update") - } - if got := tokenValueFromMetadata(updated.Metadata); got != "new-token" { - t.Fatalf("expected manager metadata updated, got %q", got) - } -} - -func TestResolveTokenForAuth_Antigravity_SkipsRefreshWhenTokenValid(t *testing.T) { - var callCount int - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - callCount++ - w.WriteHeader(http.StatusInternalServerError) - })) - t.Cleanup(srv.Close) - - originalURL := antigravityOAuthTokenURL - antigravityOAuthTokenURL = srv.URL - t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) - - auth := &coreauth.Auth{ - ID: "antigravity-valid.json", - FileName: "antigravity-valid.json", - Provider: "antigravity", - Metadata: map[string]any{ - "type": "antigravity", - "access_token": "ok-token", - "expired": time.Now().Add(30 * time.Minute).Format(time.RFC3339), - }, - } - h := &Handler{} - token, err := h.resolveTokenForAuth(context.Background(), auth) - if err != nil { - t.Fatalf("resolveTokenForAuth: %v", err) - } - if token != "ok-token" { - t.Fatalf("expected existing token, got %q", token) - } - if callCount != 0 { - t.Fatalf("expected no refresh calls, got %d", callCount) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/auth_files.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/auth_files.go deleted file mode 100644 index bd1338a279..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/auth_files.go +++ /dev/null @@ -1,2902 +0,0 @@ -package management - -import ( - "bytes" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/url" - "os" - "path/filepath" - "sort" - "strconv" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/antigravity" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/copilot" - geminiAuth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/gemini" - iflowauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kilo" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kimi" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/qwen" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -var lastRefreshKeys = []string{"last_refresh", "lastRefresh", "last_refreshed_at", "lastRefreshedAt"} - -const ( - anthropicCallbackPort = 54545 - geminiCallbackPort = 8085 - codexCallbackPort = 1455 - geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" - geminiCLIVersion = "v1internal" - geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" - geminiCLIApiClient = "gl-node/22.17.0" - geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -) - -type callbackForwarder struct { - provider string - server *http.Server - done chan struct{} -} - -var ( - callbackForwardersMu sync.Mutex - callbackForwarders = make(map[int]*callbackForwarder) -) - -func extractLastRefreshTimestamp(meta map[string]any) (time.Time, bool) { - if len(meta) == 0 { - return time.Time{}, false - } - for _, key := range lastRefreshKeys { - if val, ok := meta[key]; ok { - if ts, ok1 := parseLastRefreshValue(val); ok1 { - return ts, true - } - } - } - return time.Time{}, false -} - -func parseLastRefreshValue(v any) (time.Time, bool) { - switch val := v.(type) { - case string: - s := strings.TrimSpace(val) - if s == "" { - return time.Time{}, false - } - layouts := []string{time.RFC3339, time.RFC3339Nano, "2006-01-02 15:04:05", "2006-01-02T15:04:05Z07:00"} - for _, layout := range layouts { - if ts, err := time.Parse(layout, s); err == nil { - return ts.UTC(), true - } - } - if unix, err := strconv.ParseInt(s, 10, 64); err == nil && unix > 0 { - return time.Unix(unix, 0).UTC(), true - } - case float64: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(int64(val), 0).UTC(), true - case int64: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(val, 0).UTC(), true - case int: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(int64(val), 0).UTC(), true - case json.Number: - if i, err := val.Int64(); err == nil && i > 0 { - return time.Unix(i, 0).UTC(), true - } - } - return time.Time{}, false -} - -func isWebUIRequest(c *gin.Context) bool { - raw := strings.TrimSpace(c.Query("is_webui")) - if raw == "" { - return false - } - switch strings.ToLower(raw) { - case "1", "true", "yes", "on": - return true - default: - return false - } -} - -func startCallbackForwarder(port int, provider, targetBase string) (*callbackForwarder, error) { - callbackForwardersMu.Lock() - prev := callbackForwarders[port] - if prev != nil { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - if prev != nil { - stopForwarderInstance(port, prev) - } - - addr := fmt.Sprintf("127.0.0.1:%d", port) - ln, err := net.Listen("tcp", addr) - if err != nil { - return nil, fmt.Errorf("failed to listen on %s: %w", addr, err) - } - - handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - target := targetBase - if raw := r.URL.RawQuery; raw != "" { - if strings.Contains(target, "?") { - target = target + "&" + raw - } else { - target = target + "?" + raw - } - } - w.Header().Set("Cache-Control", "no-store") - http.Redirect(w, r, target, http.StatusFound) - }) - - srv := &http.Server{ - Handler: handler, - ReadHeaderTimeout: 5 * time.Second, - WriteTimeout: 5 * time.Second, - } - done := make(chan struct{}) - - go func() { - if errServe := srv.Serve(ln); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) { - log.WithError(errServe).Warnf("callback forwarder for %s stopped unexpectedly", provider) - } - close(done) - }() - - forwarder := &callbackForwarder{ - provider: provider, - server: srv, - done: done, - } - - callbackForwardersMu.Lock() - callbackForwarders[port] = forwarder - callbackForwardersMu.Unlock() - - log.Infof("callback forwarder for %s listening on %s", provider, addr) - - return forwarder, nil -} - -func stopCallbackForwarder(port int) { - callbackForwardersMu.Lock() - forwarder := callbackForwarders[port] - if forwarder != nil { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - stopForwarderInstance(port, forwarder) -} - -func stopCallbackForwarderInstance(port int, forwarder *callbackForwarder) { - if forwarder == nil { - return - } - callbackForwardersMu.Lock() - if current := callbackForwarders[port]; current == forwarder { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - stopForwarderInstance(port, forwarder) -} - -func stopForwarderInstance(port int, forwarder *callbackForwarder) { - if forwarder == nil || forwarder.server == nil { - return - } - - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - - if err := forwarder.server.Shutdown(ctx); err != nil && !errors.Is(err, http.ErrServerClosed) { - log.WithError(err).Warnf("failed to shut down callback forwarder on port %d", port) - } - - select { - case <-forwarder.done: - case <-time.After(2 * time.Second): - } - - log.Infof("callback forwarder on port %d stopped", port) -} - -func (h *Handler) managementCallbackURL(path string) (string, error) { - if h == nil || h.cfg == nil || h.cfg.Port <= 0 { - return "", fmt.Errorf("server port is not configured") - } - if !strings.HasPrefix(path, "/") { - path = "/" + path - } - scheme := "http" - if h.cfg.TLS.Enable { - scheme = "https" - } - return fmt.Sprintf("%s://127.0.0.1:%d%s", scheme, h.cfg.Port, path), nil -} - -func (h *Handler) ListAuthFiles(c *gin.Context) { - if h == nil { - c.JSON(500, gin.H{"error": "handler not initialized"}) - return - } - if h.authManager == nil { - h.listAuthFilesFromDisk(c) - return - } - auths := h.authManager.List() - files := make([]gin.H, 0, len(auths)) - for _, auth := range auths { - if entry := h.buildAuthFileEntry(auth); entry != nil { - files = append(files, entry) - } - } - sort.Slice(files, func(i, j int) bool { - nameI, _ := files[i]["name"].(string) - nameJ, _ := files[j]["name"].(string) - return strings.ToLower(nameI) < strings.ToLower(nameJ) - }) - c.JSON(200, gin.H{"files": files}) -} - -// GetAuthFileModels returns the models supported by a specific auth file -func (h *Handler) GetAuthFileModels(c *gin.Context) { - name := c.Query("name") - if name == "" { - c.JSON(400, gin.H{"error": "name is required"}) - return - } - - // Try to find auth ID via authManager - var authID string - if h.authManager != nil { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name || auth.ID == name { - authID = auth.ID - break - } - } - } - - if authID == "" { - authID = name // fallback to filename as ID - } - - // Get models from registry - reg := registry.GetGlobalRegistry() - models := reg.GetModelsForClient(authID) - - result := make([]gin.H, 0, len(models)) - for _, m := range models { - entry := gin.H{ - "id": m.ID, - } - if m.DisplayName != "" { - entry["display_name"] = m.DisplayName - } - if m.Type != "" { - entry["type"] = m.Type - } - if m.OwnedBy != "" { - entry["owned_by"] = m.OwnedBy - } - result = append(result, entry) - } - - c.JSON(200, gin.H{"models": result}) -} - -// List auth files from disk when the auth manager is unavailable. -func (h *Handler) listAuthFilesFromDisk(c *gin.Context) { - entries, err := os.ReadDir(h.cfg.AuthDir) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read auth dir: %v", err)}) - return - } - files := make([]gin.H, 0) - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - if info, errInfo := e.Info(); errInfo == nil { - fileData := gin.H{"name": name, "size": info.Size(), "modtime": info.ModTime()} - - // Read file to get type field - full := filepath.Join(h.cfg.AuthDir, name) - if data, errRead := os.ReadFile(full); errRead == nil { - typeValue := gjson.GetBytes(data, "type").String() - emailValue := gjson.GetBytes(data, "email").String() - fileData["type"] = typeValue - fileData["email"] = emailValue - } - - files = append(files, fileData) - } - } - c.JSON(200, gin.H{"files": files}) -} - -func (h *Handler) buildAuthFileEntry(auth *coreauth.Auth) gin.H { - if auth == nil { - return nil - } - auth.EnsureIndex() - runtimeOnly := isRuntimeOnlyAuth(auth) - if runtimeOnly && (auth.Disabled || auth.Status == coreauth.StatusDisabled) { - return nil - } - path := strings.TrimSpace(authAttribute(auth, "path")) - if path == "" && !runtimeOnly { - return nil - } - name := strings.TrimSpace(auth.FileName) - if name == "" { - name = auth.ID - } - entry := gin.H{ - "id": auth.ID, - "auth_index": auth.Index, - "name": name, - "type": strings.TrimSpace(auth.Provider), - "provider": strings.TrimSpace(auth.Provider), - "label": auth.Label, - "status": auth.Status, - "status_message": auth.StatusMessage, - "disabled": auth.Disabled, - "unavailable": auth.Unavailable, - "runtime_only": runtimeOnly, - "source": "memory", - "size": int64(0), - } - if email := authEmail(auth); email != "" { - entry["email"] = email - } - if accountType, account := auth.AccountInfo(); accountType != "" || account != "" { - if accountType != "" { - entry["account_type"] = accountType - } - if account != "" { - entry["account"] = account - } - } - if !auth.CreatedAt.IsZero() { - entry["created_at"] = auth.CreatedAt - } - if !auth.UpdatedAt.IsZero() { - entry["modtime"] = auth.UpdatedAt - entry["updated_at"] = auth.UpdatedAt - } - if !auth.LastRefreshedAt.IsZero() { - entry["last_refresh"] = auth.LastRefreshedAt - } - if path != "" { - entry["path"] = path - entry["source"] = "file" - if info, err := os.Stat(path); err == nil { - entry["size"] = info.Size() - entry["modtime"] = info.ModTime() - } else if os.IsNotExist(err) { - // Hide credentials removed from disk but still lingering in memory. - if !runtimeOnly && (auth.Disabled || auth.Status == coreauth.StatusDisabled || strings.EqualFold(strings.TrimSpace(auth.StatusMessage), "removed via management api")) { - return nil - } - entry["source"] = "memory" - } else { - log.WithError(err).Warnf("failed to stat auth file %s", path) - } - } - if claims := extractCodexIDTokenClaims(auth); claims != nil { - entry["id_token"] = claims - } - return entry -} - -func extractCodexIDTokenClaims(auth *coreauth.Auth) gin.H { - if auth == nil || auth.Metadata == nil { - return nil - } - if !strings.EqualFold(strings.TrimSpace(auth.Provider), "codex") { - return nil - } - idTokenRaw, ok := auth.Metadata["id_token"].(string) - if !ok { - return nil - } - idToken := strings.TrimSpace(idTokenRaw) - if idToken == "" { - return nil - } - claims, err := codex.ParseJWTToken(idToken) - if err != nil || claims == nil { - return nil - } - - result := gin.H{} - if v := strings.TrimSpace(claims.CodexAuthInfo.ChatgptAccountID); v != "" { - result["chatgpt_account_id"] = v - } - if v := strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType); v != "" { - result["plan_type"] = v - } - if v := claims.CodexAuthInfo.ChatgptSubscriptionActiveStart; v != nil { - result["chatgpt_subscription_active_start"] = v - } - if v := claims.CodexAuthInfo.ChatgptSubscriptionActiveUntil; v != nil { - result["chatgpt_subscription_active_until"] = v - } - - if len(result) == 0 { - return nil - } - return result -} - -func authEmail(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["email"].(string); ok { - return strings.TrimSpace(v) - } - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["email"]); v != "" { - return v - } - if v := strings.TrimSpace(auth.Attributes["account_email"]); v != "" { - return v - } - } - return "" -} - -func authAttribute(auth *coreauth.Auth, key string) string { - if auth == nil || len(auth.Attributes) == 0 { - return "" - } - return auth.Attributes[key] -} - -func isRuntimeOnlyAuth(auth *coreauth.Auth) bool { - if auth == nil || len(auth.Attributes) == 0 { - return false - } - return strings.EqualFold(strings.TrimSpace(auth.Attributes["runtime_only"]), "true") -} - -// Download single auth file by name -func (h *Handler) DownloadAuthFile(c *gin.Context) { - name := c.Query("name") - if name == "" || strings.Contains(name, string(os.PathSeparator)) { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "name must end with .json"}) - return - } - full := filepath.Join(h.cfg.AuthDir, name) - data, err := os.ReadFile(full) - if err != nil { - if os.IsNotExist(err) { - c.JSON(404, gin.H{"error": "file not found"}) - } else { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - } - return - } - c.Header("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", name)) - c.Data(200, "application/json", data) -} - -// Upload auth file: multipart or raw JSON with ?name= -func (h *Handler) UploadAuthFile(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - ctx := c.Request.Context() - if file, err := c.FormFile("file"); err == nil && file != nil { - name := filepath.Base(file.Filename) - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "file must be .json"}) - return - } - dst := filepath.Join(h.cfg.AuthDir, name) - if !filepath.IsAbs(dst) { - if abs, errAbs := filepath.Abs(dst); errAbs == nil { - dst = abs - } - } - if errSave := c.SaveUploadedFile(file, dst); errSave != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to save file: %v", errSave)}) - return - } - data, errRead := os.ReadFile(dst) - if errRead != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read saved file: %v", errRead)}) - return - } - if errReg := h.registerAuthFromFile(ctx, dst, data); errReg != nil { - c.JSON(500, gin.H{"error": errReg.Error()}) - return - } - c.JSON(200, gin.H{"status": "ok"}) - return - } - name := c.Query("name") - if name == "" || strings.Contains(name, string(os.PathSeparator)) { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "name must end with .json"}) - return - } - data, err := io.ReadAll(c.Request.Body) - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - dst := filepath.Join(h.cfg.AuthDir, filepath.Base(name)) - if !filepath.IsAbs(dst) { - if abs, errAbs := filepath.Abs(dst); errAbs == nil { - dst = abs - } - } - if errWrite := os.WriteFile(dst, data, 0o600); errWrite != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to write file: %v", errWrite)}) - return - } - if err = h.registerAuthFromFile(ctx, dst, data); err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - c.JSON(200, gin.H{"status": "ok"}) -} - -// Delete auth files: single by name or all -func (h *Handler) DeleteAuthFile(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - ctx := c.Request.Context() - if all := c.Query("all"); all == "true" || all == "1" || all == "*" { - entries, err := os.ReadDir(h.cfg.AuthDir) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read auth dir: %v", err)}) - return - } - deleted := 0 - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full := filepath.Join(h.cfg.AuthDir, name) - if !filepath.IsAbs(full) { - if abs, errAbs := filepath.Abs(full); errAbs == nil { - full = abs - } - } - if err = os.Remove(full); err == nil { - if errDel := h.deleteTokenRecord(ctx, full); errDel != nil { - c.JSON(500, gin.H{"error": errDel.Error()}) - return - } - deleted++ - h.disableAuth(ctx, full) - } - } - c.JSON(200, gin.H{"status": "ok", "deleted": deleted}) - return - } - name := c.Query("name") - if name == "" || strings.Contains(name, string(os.PathSeparator)) { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - full := filepath.Join(h.cfg.AuthDir, filepath.Base(name)) - if !filepath.IsAbs(full) { - if abs, errAbs := filepath.Abs(full); errAbs == nil { - full = abs - } - } - if err := os.Remove(full); err != nil { - if os.IsNotExist(err) { - c.JSON(404, gin.H{"error": "file not found"}) - } else { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to remove file: %v", err)}) - } - return - } - if err := h.deleteTokenRecord(ctx, full); err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - h.disableAuth(ctx, full) - c.JSON(200, gin.H{"status": "ok"}) -} - -func (h *Handler) authIDForPath(path string) string { - path = strings.TrimSpace(path) - if path == "" { - return "" - } - if h == nil || h.cfg == nil { - return path - } - authDir := strings.TrimSpace(h.cfg.AuthDir) - if authDir == "" { - return path - } - if rel, err := filepath.Rel(authDir, path); err == nil && rel != "" { - return rel - } - return path -} - -func (h *Handler) registerAuthFromFile(ctx context.Context, path string, data []byte) error { - if h.authManager == nil { - return nil - } - if path == "" { - return fmt.Errorf("auth path is empty") - } - if data == nil { - var err error - data, err = os.ReadFile(path) - if err != nil { - return fmt.Errorf("failed to read auth file: %w", err) - } - } - metadata := make(map[string]any) - if err := json.Unmarshal(data, &metadata); err != nil { - return fmt.Errorf("invalid auth file: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - label := provider - if email, ok := metadata["email"].(string); ok && email != "" { - label = email - } - lastRefresh, hasLastRefresh := extractLastRefreshTimestamp(metadata) - - authID := h.authIDForPath(path) - if authID == "" { - authID = path - } - attr := map[string]string{ - "path": path, - "source": path, - } - auth := &coreauth.Auth{ - ID: authID, - Provider: provider, - FileName: filepath.Base(path), - Label: label, - Status: coreauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: time.Now(), - UpdatedAt: time.Now(), - } - if hasLastRefresh { - auth.LastRefreshedAt = lastRefresh - } - if existing, ok := h.authManager.GetByID(authID); ok { - auth.CreatedAt = existing.CreatedAt - if !hasLastRefresh { - auth.LastRefreshedAt = existing.LastRefreshedAt - } - auth.NextRefreshAfter = existing.NextRefreshAfter - auth.Runtime = existing.Runtime - _, err := h.authManager.Update(ctx, auth) - return err - } - _, err := h.authManager.Register(ctx, auth) - return err -} - -// PatchAuthFileStatus toggles the disabled state of an auth file -func (h *Handler) PatchAuthFileStatus(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - - var req struct { - Name string `json:"name"` - Disabled *bool `json:"disabled"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"}) - return - } - - name := strings.TrimSpace(req.Name) - if name == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "name is required"}) - return - } - if req.Disabled == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "disabled is required"}) - return - } - - ctx := c.Request.Context() - - // Find auth by name or ID - var targetAuth *coreauth.Auth - if auth, ok := h.authManager.GetByID(name); ok { - targetAuth = auth - } else { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name { - targetAuth = auth - break - } - } - } - - if targetAuth == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "auth file not found"}) - return - } - - // Update disabled state - targetAuth.Disabled = *req.Disabled - if *req.Disabled { - targetAuth.Status = coreauth.StatusDisabled - targetAuth.StatusMessage = "disabled via management API" - } else { - targetAuth.Status = coreauth.StatusActive - targetAuth.StatusMessage = "" - } - targetAuth.UpdatedAt = time.Now() - - if _, err := h.authManager.Update(ctx, targetAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to update auth: %v", err)}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok", "disabled": *req.Disabled}) -} - -// PatchAuthFileFields updates editable fields (prefix, proxy_url, priority) of an auth file. -func (h *Handler) PatchAuthFileFields(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - - var req struct { - Name string `json:"name"` - Prefix *string `json:"prefix"` - ProxyURL *string `json:"proxy_url"` - Priority *int `json:"priority"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"}) - return - } - - name := strings.TrimSpace(req.Name) - if name == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "name is required"}) - return - } - - ctx := c.Request.Context() - - // Find auth by name or ID - var targetAuth *coreauth.Auth - if auth, ok := h.authManager.GetByID(name); ok { - targetAuth = auth - } else { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name { - targetAuth = auth - break - } - } - } - - if targetAuth == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "auth file not found"}) - return - } - - changed := false - if req.Prefix != nil { - targetAuth.Prefix = *req.Prefix - changed = true - } - if req.ProxyURL != nil { - targetAuth.ProxyURL = *req.ProxyURL - changed = true - } - if req.Priority != nil { - if targetAuth.Metadata == nil { - targetAuth.Metadata = make(map[string]any) - } - if *req.Priority == 0 { - delete(targetAuth.Metadata, "priority") - } else { - targetAuth.Metadata["priority"] = *req.Priority - } - changed = true - } - - if !changed { - c.JSON(http.StatusBadRequest, gin.H{"error": "no fields to update"}) - return - } - - targetAuth.UpdatedAt = time.Now() - - if _, err := h.authManager.Update(ctx, targetAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to update auth: %v", err)}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} - -func (h *Handler) disableAuth(ctx context.Context, id string) { - if h == nil || h.authManager == nil { - return - } - authID := h.authIDForPath(id) - if authID == "" { - authID = strings.TrimSpace(id) - } - if authID == "" { - return - } - if auth, ok := h.authManager.GetByID(authID); ok { - auth.Disabled = true - auth.Status = coreauth.StatusDisabled - auth.StatusMessage = "removed via management API" - auth.UpdatedAt = time.Now() - _, _ = h.authManager.Update(ctx, auth) - } -} - -func (h *Handler) deleteTokenRecord(ctx context.Context, path string) error { - if strings.TrimSpace(path) == "" { - return fmt.Errorf("auth path is empty") - } - store := h.tokenStoreWithBaseDir() - if store == nil { - return fmt.Errorf("token store unavailable") - } - return store.Delete(ctx, path) -} - -func (h *Handler) tokenStoreWithBaseDir() coreauth.Store { - if h == nil { - return nil - } - store := h.tokenStore - if store == nil { - store = sdkAuth.GetTokenStore() - h.tokenStore = store - } - if h.cfg != nil { - if dirSetter, ok := store.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(h.cfg.AuthDir) - } - } - return store -} - -func (h *Handler) saveTokenRecord(ctx context.Context, record *coreauth.Auth) (string, error) { - if record == nil { - return "", fmt.Errorf("token record is nil") - } - store := h.tokenStoreWithBaseDir() - if store == nil { - return "", fmt.Errorf("token store unavailable") - } - return store.Save(ctx, record) -} - -func (h *Handler) RequestAnthropicToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Claude authentication...") - - // Generate PKCE codes - pkceCodes, err := claude.GeneratePKCECodes() - if err != nil { - log.Errorf("Failed to generate PKCE codes: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"}) - return - } - - // Generate random state parameter - state, err := misc.GenerateRandomState() - if err != nil { - log.Errorf("Failed to generate state parameter: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - // Initialize Claude auth service - anthropicAuth := claude.NewClaudeAuth(h.cfg) - - // Generate authorization URL (then override redirect_uri to reuse server port) - authURL, state, err := anthropicAuth.GenerateAuthURL(state, pkceCodes) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - - RegisterOAuthSession(state, "anthropic") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/anthropic/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute anthropic callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(anthropicCallbackPort, "anthropic", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start anthropic callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(anthropicCallbackPort, forwarder) - } - - // Helper: wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-anthropic-%s.oauth", state)) - waitForFile := func(path string, timeout time.Duration) (map[string]string, error) { - deadline := time.Now().Add(timeout) - for { - if !IsOAuthSessionPending(state, "anthropic") { - return nil, errOAuthSessionNotPending - } - if time.Now().After(deadline) { - SetOAuthSessionError(state, "Timeout waiting for OAuth callback") - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } - data, errRead := os.ReadFile(path) - if errRead == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(path) - return m, nil - } - time.Sleep(500 * time.Millisecond) - } - } - - fmt.Println("Waiting for authentication callback...") - // Wait up to 5 minutes - resultMap, errWait := waitForFile(waitFile, 5*time.Minute) - if errWait != nil { - if errors.Is(errWait, errOAuthSessionNotPending) { - return - } - authErr := claude.NewAuthenticationError(claude.ErrCallbackTimeout, errWait) - log.Error(claude.GetUserFriendlyMessage(authErr)) - return - } - if errStr := resultMap["error"]; errStr != "" { - oauthErr := claude.NewOAuthError(errStr, "", http.StatusBadRequest) - log.Error(claude.GetUserFriendlyMessage(oauthErr)) - SetOAuthSessionError(state, "Bad request") - return - } - if resultMap["state"] != state { - authErr := claude.NewAuthenticationError(claude.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, resultMap["state"])) - log.Error(claude.GetUserFriendlyMessage(authErr)) - SetOAuthSessionError(state, "State code error") - return - } - - // Parse code (Claude may append state after '#') - rawCode := resultMap["code"] - code := strings.Split(rawCode, "#")[0] - - // Exchange code for tokens using internal auth service - bundle, errExchange := anthropicAuth.ExchangeCodeForTokens(ctx, code, state, pkceCodes) - if errExchange != nil { - authErr := claude.NewAuthenticationError(claude.ErrCodeExchangeFailed, errExchange) - log.Errorf("Failed to exchange authorization code for tokens: %v", authErr) - SetOAuthSessionError(state, "Failed to exchange authorization code for tokens") - return - } - - // Create token storage - tokenStorage := anthropicAuth.CreateTokenStorage(bundle) - record := &coreauth.Auth{ - ID: fmt.Sprintf("claude-%s.json", tokenStorage.Email), - Provider: "claude", - FileName: fmt.Sprintf("claude-%s.json", tokenStorage.Email), - Storage: tokenStorage, - Metadata: map[string]any{"email": tokenStorage.Email}, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if bundle.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use Claude services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("anthropic") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { - ctx := context.Background() - proxyHTTPClient := util.SetProxy(&h.cfg.SDKConfig, &http.Client{}) - ctx = context.WithValue(ctx, oauth2.HTTPClient, proxyHTTPClient) - - // Optional project ID from query - projectID := c.Query("project_id") - - fmt.Println("Initializing Google authentication...") - - // OAuth2 configuration using exported constants from internal/auth/gemini - conf := &oauth2.Config{ - ClientID: geminiAuth.ClientID, - ClientSecret: geminiAuth.ClientSecret, - RedirectURL: fmt.Sprintf("http://localhost:%d/oauth2callback", geminiAuth.DefaultCallbackPort), - Scopes: geminiAuth.Scopes, - Endpoint: google.Endpoint, - } - - // Build authorization URL and return it immediately - state := fmt.Sprintf("gem-%d", time.Now().UnixNano()) - authURL := conf.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")) - - RegisterOAuthSession(state, "gemini") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/google/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute gemini callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(geminiCallbackPort, "gemini", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start gemini callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(geminiCallbackPort, forwarder) - } - - // Wait for callback file written by server route - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-gemini-%s.oauth", state)) - fmt.Println("Waiting for authentication callback...") - deadline := time.Now().Add(5 * time.Minute) - var authCode string - for { - if !IsOAuthSessionPending(state, "gemini") { - return - } - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - authCode = m["code"] - if authCode == "" { - log.Errorf("Authentication failed: code not found") - SetOAuthSessionError(state, "Authentication failed: code not found") - return - } - break - } - time.Sleep(500 * time.Millisecond) - } - - // Exchange authorization code for token - token, err := conf.Exchange(ctx, authCode) - if err != nil { - log.Errorf("Failed to exchange token: %v", err) - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - requestedProjectID := strings.TrimSpace(projectID) - - // Create token storage (mirrors internal/auth/gemini createTokenStorage) - authHTTPClient := conf.Client(ctx, token) - req, errNewRequest := http.NewRequestWithContext(ctx, "GET", "https://www.googleapis.com/oauth2/v1/userinfo?alt=json", nil) - if errNewRequest != nil { - log.Errorf("Could not get user info: %v", errNewRequest) - SetOAuthSessionError(state, "Could not get user info") - return - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken)) - - resp, errDo := authHTTPClient.Do(req) - if errDo != nil { - log.Errorf("Failed to execute request: %v", errDo) - SetOAuthSessionError(state, "Failed to execute request") - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Printf("warn: failed to close response body: %v", errClose) - } - }() - - bodyBytes, _ := io.ReadAll(resp.Body) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - log.Errorf("Get user info request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - SetOAuthSessionError(state, fmt.Sprintf("Get user info request failed with status %d", resp.StatusCode)) - return - } - - email := gjson.GetBytes(bodyBytes, "email").String() - if email != "" { - fmt.Printf("Authenticated user email: %s\n", email) - } else { - fmt.Println("Failed to get user email from token") - } - - // Marshal/unmarshal oauth2.Token to generic map and enrich fields - var ifToken map[string]any - jsonData, _ := json.Marshal(token) - if errUnmarshal := json.Unmarshal(jsonData, &ifToken); errUnmarshal != nil { - log.Errorf("Failed to unmarshal token: %v", errUnmarshal) - SetOAuthSessionError(state, "Failed to unmarshal token") - return - } - - ifToken["token_uri"] = "https://oauth2.googleapis.com/token" - ifToken["client_id"] = geminiAuth.ClientID - ifToken["client_secret"] = geminiAuth.ClientSecret - ifToken["scopes"] = geminiAuth.Scopes - ifToken["universe_domain"] = "googleapis.com" - - ts := geminiAuth.GeminiTokenStorage{ - Token: ifToken, - ProjectID: requestedProjectID, - Email: email, - Auto: requestedProjectID == "", - } - - // Initialize authenticated HTTP client via GeminiAuth to honor proxy settings - gemAuth := geminiAuth.NewGeminiAuth() - gemClient, errGetClient := gemAuth.GetAuthenticatedClient(ctx, &ts, h.cfg, &geminiAuth.WebLoginOptions{ - NoBrowser: true, - }) - if errGetClient != nil { - log.Errorf("failed to get authenticated client: %v", errGetClient) - SetOAuthSessionError(state, "Failed to get authenticated client") - return - } - fmt.Println("Authentication successful.") - - if strings.EqualFold(requestedProjectID, "ALL") { - ts.Auto = false - projects, errAll := onboardAllGeminiProjects(ctx, gemClient, &ts) - if errAll != nil { - log.Errorf("Failed to complete Gemini CLI onboarding: %v", errAll) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") - return - } - if errVerify := ensureGeminiProjectsEnabled(ctx, gemClient, projects); errVerify != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errVerify) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.ProjectID = strings.Join(projects, ",") - ts.Checked = true - } else if strings.EqualFold(requestedProjectID, "GOOGLE_ONE") { - ts.Auto = false - if errSetup := performGeminiCLISetup(ctx, gemClient, &ts, ""); errSetup != nil { - log.Errorf("Google One auto-discovery failed: %v", errSetup) - SetOAuthSessionError(state, "Google One auto-discovery failed") - return - } - if strings.TrimSpace(ts.ProjectID) == "" { - log.Error("Google One auto-discovery returned empty project ID") - SetOAuthSessionError(state, "Google One auto-discovery returned empty project ID") - return - } - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) - if errCheck != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.Checked = isChecked - if !isChecked { - log.Error("Cloud AI API is not enabled for the auto-discovered project") - SetOAuthSessionError(state, "Cloud AI API not enabled") - return - } - } else { - if errEnsure := ensureGeminiProjectAndOnboard(ctx, gemClient, &ts, requestedProjectID); errEnsure != nil { - log.Errorf("Failed to complete Gemini CLI onboarding: %v", errEnsure) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") - return - } - - if strings.TrimSpace(ts.ProjectID) == "" { - log.Error("Onboarding did not return a project ID") - SetOAuthSessionError(state, "Failed to resolve project ID") - return - } - - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) - if errCheck != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.Checked = isChecked - if !isChecked { - log.Error("Cloud AI API is not enabled for the selected project") - SetOAuthSessionError(state, "Cloud AI API not enabled") - return - } - } - - recordMetadata := map[string]any{ - "email": ts.Email, - "project_id": ts.ProjectID, - "auto": ts.Auto, - "checked": ts.Checked, - } - - fileName := geminiAuth.CredentialFileName(ts.Email, ts.ProjectID, true) - record := &coreauth.Auth{ - ID: fileName, - Provider: "gemini", - FileName: fileName, - Storage: &ts, - Metadata: recordMetadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - SetOAuthSessionError(state, "Failed to save token to file") - return - } - - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("gemini") - fmt.Printf("You can now use Gemini CLI services through this CLI; token saved to %s\n", savedPath) - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestCodexToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Codex authentication...") - - // Generate PKCE codes - pkceCodes, err := codex.GeneratePKCECodes() - if err != nil { - log.Errorf("Failed to generate PKCE codes: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"}) - return - } - - // Generate random state parameter - state, err := misc.GenerateRandomState() - if err != nil { - log.Errorf("Failed to generate state parameter: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - // Initialize Codex auth service - openaiAuth := codex.NewCodexAuth(h.cfg) - - // Generate authorization URL - authURL, err := openaiAuth.GenerateAuthURL(state, pkceCodes) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - - RegisterOAuthSession(state, "codex") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/codex/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute codex callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(codexCallbackPort, "codex", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start codex callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(codexCallbackPort, forwarder) - } - - // Wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-codex-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var code string - for { - if !IsOAuthSessionPending(state, "codex") { - return - } - if time.Now().After(deadline) { - authErr := codex.NewAuthenticationError(codex.ErrCallbackTimeout, fmt.Errorf("timeout waiting for OAuth callback")) - log.Error(codex.GetUserFriendlyMessage(authErr)) - SetOAuthSessionError(state, "Timeout waiting for OAuth callback") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - oauthErr := codex.NewOAuthError(errStr, "", http.StatusBadRequest) - log.Error(codex.GetUserFriendlyMessage(oauthErr)) - SetOAuthSessionError(state, "Bad Request") - return - } - if m["state"] != state { - authErr := codex.NewAuthenticationError(codex.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, m["state"])) - SetOAuthSessionError(state, "State code error") - log.Error(codex.GetUserFriendlyMessage(authErr)) - return - } - code = m["code"] - break - } - time.Sleep(500 * time.Millisecond) - } - - log.Debug("Authorization code received, exchanging for tokens...") - // Exchange code for tokens using internal auth service - bundle, errExchange := openaiAuth.ExchangeCodeForTokens(ctx, code, pkceCodes) - if errExchange != nil { - authErr := codex.NewAuthenticationError(codex.ErrCodeExchangeFailed, errExchange) - SetOAuthSessionError(state, "Failed to exchange authorization code for tokens") - log.Errorf("Failed to exchange authorization code for tokens: %v", authErr) - return - } - - // Extract additional info for filename generation - claims, _ := codex.ParseJWTToken(bundle.TokenData.IDToken) - planType := "" - hashAccountID := "" - if claims != nil { - planType = strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType) - if accountID := claims.GetAccountID(); accountID != "" { - digest := sha256.Sum256([]byte(accountID)) - hashAccountID = hex.EncodeToString(digest[:])[:8] - } - } - - // Create token storage and persist - tokenStorage := openaiAuth.CreateTokenStorage(bundle) - fileName := codex.CredentialFileName(tokenStorage.Email, planType, hashAccountID, true) - record := &coreauth.Auth{ - ID: fileName, - Provider: "codex", - FileName: fileName, - Storage: tokenStorage, - Metadata: map[string]any{ - "email": tokenStorage.Email, - "account_id": tokenStorage.AccountID, - }, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - SetOAuthSessionError(state, "Failed to save authentication tokens") - log.Errorf("Failed to save authentication tokens: %v", errSave) - return - } - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if bundle.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use Codex services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("codex") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestAntigravityToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Antigravity authentication...") - - authSvc := antigravity.NewAntigravityAuth(h.cfg, nil) - - state, errState := misc.GenerateRandomState() - if errState != nil { - log.Errorf("Failed to generate state parameter: %v", errState) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - redirectURI := fmt.Sprintf("http://localhost:%d/oauth-callback", antigravity.CallbackPort) - authURL := authSvc.BuildAuthURL(state, redirectURI) - - RegisterOAuthSession(state, "antigravity") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/antigravity/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute antigravity callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(antigravity.CallbackPort, "antigravity", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start antigravity callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(antigravity.CallbackPort, forwarder) - } - - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-antigravity-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var authCode string - for { - if !IsOAuthSessionPending(state, "antigravity") { - return - } - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errReadFile := os.ReadFile(waitFile); errReadFile == nil { - var payload map[string]string - _ = json.Unmarshal(data, &payload) - _ = os.Remove(waitFile) - if errStr := strings.TrimSpace(payload["error"]); errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - if payloadState := strings.TrimSpace(payload["state"]); payloadState != "" && payloadState != state { - log.Errorf("Authentication failed: state mismatch") - SetOAuthSessionError(state, "Authentication failed: state mismatch") - return - } - authCode = strings.TrimSpace(payload["code"]) - if authCode == "" { - log.Error("Authentication failed: code not found") - SetOAuthSessionError(state, "Authentication failed: code not found") - return - } - break - } - time.Sleep(500 * time.Millisecond) - } - - tokenResp, errToken := authSvc.ExchangeCodeForTokens(ctx, authCode, redirectURI) - if errToken != nil { - log.Errorf("Failed to exchange token: %v", errToken) - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - accessToken := strings.TrimSpace(tokenResp.AccessToken) - if accessToken == "" { - log.Error("antigravity: token exchange returned empty access token") - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - email, errInfo := authSvc.FetchUserInfo(ctx, accessToken) - if errInfo != nil { - log.Errorf("Failed to fetch user info: %v", errInfo) - SetOAuthSessionError(state, "Failed to fetch user info") - return - } - email = strings.TrimSpace(email) - if email == "" { - log.Error("antigravity: user info returned empty email") - SetOAuthSessionError(state, "Failed to fetch user info") - return - } - - projectID := "" - if accessToken != "" { - fetchedProjectID, errProject := authSvc.FetchProjectID(ctx, accessToken) - if errProject != nil { - log.Warnf("antigravity: failed to fetch project ID: %v", errProject) - } else { - projectID = fetchedProjectID - log.Infof("antigravity: obtained project ID %s", projectID) - } - } - - now := time.Now() - metadata := map[string]any{ - "type": "antigravity", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_in": tokenResp.ExpiresIn, - "timestamp": now.UnixMilli(), - "expired": now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - if email != "" { - metadata["email"] = email - } - if projectID != "" { - metadata["project_id"] = projectID - } - - fileName := antigravity.CredentialFileName(email) - label := strings.TrimSpace(email) - if label == "" { - label = "antigravity" - } - - record := &coreauth.Auth{ - ID: fileName, - Provider: "antigravity", - FileName: fileName, - Label: label, - Metadata: metadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - SetOAuthSessionError(state, "Failed to save token to file") - return - } - - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("antigravity") - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if projectID != "" { - fmt.Printf("Using GCP project: %s\n", projectID) - } - fmt.Println("You can now use Antigravity services through this CLI") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestQwenToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Qwen authentication...") - - state := fmt.Sprintf("gem-%d", time.Now().UnixNano()) - // Initialize Qwen auth service - qwenAuth := qwen.NewQwenAuth(h.cfg) - - // Generate authorization URL - deviceFlow, err := qwenAuth.InitiateDeviceFlow(ctx) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - authURL := deviceFlow.VerificationURIComplete - - RegisterOAuthSession(state, "qwen") - - go func() { - fmt.Println("Waiting for authentication...") - tokenData, errPollForToken := qwenAuth.PollForToken(deviceFlow.DeviceCode, deviceFlow.CodeVerifier) - if errPollForToken != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errPollForToken) - return - } - - // Create token storage - tokenStorage := qwenAuth.CreateTokenStorage(tokenData) - - tokenStorage.Email = fmt.Sprintf("%d", time.Now().UnixMilli()) - record := &coreauth.Auth{ - ID: fmt.Sprintf("qwen-%s.json", tokenStorage.Email), - Provider: "qwen", - FileName: fmt.Sprintf("qwen-%s.json", tokenStorage.Email), - Storage: tokenStorage, - Metadata: map[string]any{"email": tokenStorage.Email}, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use Qwen services through this CLI") - CompleteOAuthSession(state) - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestKimiToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Kimi authentication...") - - state := fmt.Sprintf("kmi-%d", time.Now().UnixNano()) - // Initialize Kimi auth service - kimiAuth := kimi.NewKimiAuth(h.cfg) - - // Generate authorization URL - deviceFlow, errStartDeviceFlow := kimiAuth.StartDeviceFlow(ctx) - if errStartDeviceFlow != nil { - log.Errorf("Failed to generate authorization URL: %v", errStartDeviceFlow) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - authURL := deviceFlow.VerificationURIComplete - if authURL == "" { - authURL = deviceFlow.VerificationURI - } - - RegisterOAuthSession(state, "kimi") - - go func() { - fmt.Println("Waiting for authentication...") - authBundle, errWaitForAuthorization := kimiAuth.WaitForAuthorization(ctx, deviceFlow) - if errWaitForAuthorization != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errWaitForAuthorization) - return - } - - // Create token storage - tokenStorage := kimiAuth.CreateTokenStorage(authBundle) - - metadata := map[string]any{ - "type": "kimi", - "access_token": authBundle.TokenData.AccessToken, - "refresh_token": authBundle.TokenData.RefreshToken, - "token_type": authBundle.TokenData.TokenType, - "scope": authBundle.TokenData.Scope, - "timestamp": time.Now().UnixMilli(), - } - if authBundle.TokenData.ExpiresAt > 0 { - expired := time.Unix(authBundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - metadata["expired"] = expired - } - if strings.TrimSpace(authBundle.DeviceID) != "" { - metadata["device_id"] = strings.TrimSpace(authBundle.DeviceID) - } - - fileName := fmt.Sprintf("kimi-%d.json", time.Now().UnixMilli()) - record := &coreauth.Auth{ - ID: fileName, - Provider: "kimi", - FileName: fileName, - Label: "Kimi User", - Storage: tokenStorage, - Metadata: metadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use Kimi services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("kimi") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestIFlowToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing iFlow authentication...") - - state := fmt.Sprintf("ifl-%d", time.Now().UnixNano()) - authSvc := iflowauth.NewIFlowAuth(h.cfg) - authURL, redirectURI := authSvc.AuthorizationURL(state, iflowauth.CallbackPort) - - RegisterOAuthSession(state, "iflow") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/iflow/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute iflow callback target") - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(iflowauth.CallbackPort, "iflow", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start iflow callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(iflowauth.CallbackPort, forwarder) - } - fmt.Println("Waiting for authentication...") - - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-iflow-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var resultMap map[string]string - for { - if !IsOAuthSessionPending(state, "iflow") { - return - } - if time.Now().After(deadline) { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: timeout waiting for callback") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - _ = os.Remove(waitFile) - _ = json.Unmarshal(data, &resultMap) - break - } - time.Sleep(500 * time.Millisecond) - } - - if errStr := strings.TrimSpace(resultMap["error"]); errStr != "" { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %s\n", errStr) - return - } - if resultState := strings.TrimSpace(resultMap["state"]); resultState != state { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: state mismatch") - return - } - - code := strings.TrimSpace(resultMap["code"]) - if code == "" { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: code missing") - return - } - - tokenData, errExchange := authSvc.ExchangeCodeForTokens(ctx, code, redirectURI) - if errExchange != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errExchange) - return - } - - tokenStorage := authSvc.CreateTokenStorage(tokenData) - identifier := strings.TrimSpace(tokenStorage.Email) - if identifier == "" { - identifier = fmt.Sprintf("%d", time.Now().UnixMilli()) - tokenStorage.Email = identifier - } - record := &coreauth.Auth{ - ID: fmt.Sprintf("iflow-%s.json", identifier), - Provider: "iflow", - FileName: fmt.Sprintf("iflow-%s.json", identifier), - Storage: tokenStorage, - Metadata: map[string]any{"email": identifier, "api_key": tokenStorage.APIKey}, - Attributes: map[string]string{"api_key": tokenStorage.APIKey}, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - SetOAuthSessionError(state, "Failed to save authentication tokens") - log.Errorf("Failed to save authentication tokens: %v", errSave) - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if tokenStorage.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use iFlow services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("iflow") - }() - - c.JSON(http.StatusOK, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestGitHubToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing GitHub Copilot authentication...") - - state := fmt.Sprintf("gh-%d", time.Now().UnixNano()) - - // Initialize Copilot auth service - // We need to import "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/copilot" first if not present - // Assuming copilot package is imported as "copilot" - deviceClient := copilot.NewDeviceFlowClient(h.cfg) - - // Initiate device flow - deviceCode, err := deviceClient.RequestDeviceCode(ctx) - if err != nil { - log.Errorf("Failed to initiate device flow: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to initiate device flow"}) - return - } - - authURL := deviceCode.VerificationURI - userCode := deviceCode.UserCode - - RegisterOAuthSession(state, "github") - - go func() { - fmt.Printf("Please visit %s and enter code: %s\n", authURL, userCode) - - tokenData, errPoll := deviceClient.PollForToken(ctx, deviceCode) - if errPoll != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errPoll) - return - } - - username, errUser := deviceClient.FetchUserInfo(ctx, tokenData.AccessToken) - if errUser != nil { - log.Warnf("Failed to fetch user info: %v", errUser) - username = "github-user" - } - - tokenStorage := &copilot.CopilotTokenStorage{ - AccessToken: tokenData.AccessToken, - TokenType: tokenData.TokenType, - Scope: tokenData.Scope, - Username: username, - Type: "github-copilot", - } - - fileName := fmt.Sprintf("github-%s.json", username) - record := &coreauth.Auth{ - ID: fileName, - Provider: "github", - FileName: fileName, - Storage: tokenStorage, - Metadata: map[string]any{ - "email": username, - "username": username, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use GitHub Copilot services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("github") - }() - - c.JSON(200, gin.H{ - "status": "ok", - "url": authURL, - "state": state, - "user_code": userCode, - "verification_uri": authURL, - }) -} - -func (h *Handler) RequestIFlowCookieToken(c *gin.Context) { - ctx := context.Background() - - var payload struct { - Cookie string `json:"cookie"` - } - if err := c.ShouldBindJSON(&payload); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"}) - return - } - - cookieValue := strings.TrimSpace(payload.Cookie) - - if cookieValue == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"}) - return - } - - cookieValue, errNormalize := iflowauth.NormalizeCookie(cookieValue) - if errNormalize != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errNormalize.Error()}) - return - } - - // Check for duplicate BXAuth before authentication - bxAuth := iflowauth.ExtractBXAuth(cookieValue) - if existingFile, err := iflowauth.CheckDuplicateBXAuth(h.cfg.AuthDir, bxAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to check duplicate"}) - return - } else if existingFile != "" { - existingFileName := filepath.Base(existingFile) - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "duplicate BXAuth found", "existing_file": existingFileName}) - return - } - - authSvc := iflowauth.NewIFlowAuth(h.cfg) - tokenData, errAuth := authSvc.AuthenticateWithCookie(ctx, cookieValue) - if errAuth != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errAuth.Error()}) - return - } - - tokenData.Cookie = cookieValue - - tokenStorage := authSvc.CreateCookieTokenStorage(tokenData) - email := strings.TrimSpace(tokenStorage.Email) - if email == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "failed to extract email from token"}) - return - } - - fileName := iflowauth.SanitizeIFlowFileName(email) - if fileName == "" { - fileName = fmt.Sprintf("iflow-%d", time.Now().UnixMilli()) - } else { - fileName = fmt.Sprintf("iflow-%s", fileName) - } - - tokenStorage.Email = email - timestamp := time.Now().Unix() - - record := &coreauth.Auth{ - ID: fmt.Sprintf("%s-%d.json", fileName, timestamp), - Provider: "iflow", - FileName: fmt.Sprintf("%s-%d.json", fileName, timestamp), - Storage: tokenStorage, - Metadata: map[string]any{ - "email": email, - "api_key": tokenStorage.APIKey, - "expired": tokenStorage.Expire, - "cookie": tokenStorage.Cookie, - "type": tokenStorage.Type, - "last_refresh": tokenStorage.LastRefresh, - }, - Attributes: map[string]string{ - "api_key": tokenStorage.APIKey, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to save authentication tokens"}) - return - } - - fmt.Printf("iFlow cookie authentication successful. Token saved to %s\n", savedPath) - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "saved_path": savedPath, - "email": email, - "expired": tokenStorage.Expire, - "type": tokenStorage.Type, - }) -} - -type projectSelectionRequiredError struct{} - -func (e *projectSelectionRequiredError) Error() string { - return "gemini cli: project selection required" -} - -func ensureGeminiProjectAndOnboard(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage, requestedProject string) error { - if storage == nil { - return fmt.Errorf("gemini storage is nil") - } - - trimmedRequest := strings.TrimSpace(requestedProject) - if trimmedRequest == "" { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - return fmt.Errorf("fetch project list: %w", errProjects) - } - if len(projects) == 0 { - return fmt.Errorf("no Google Cloud projects available for this account") - } - trimmedRequest = strings.TrimSpace(projects[0].ProjectID) - if trimmedRequest == "" { - return fmt.Errorf("resolved project id is empty") - } - storage.Auto = true - } else { - storage.Auto = false - } - - if err := performGeminiCLISetup(ctx, httpClient, storage, trimmedRequest); err != nil { - return err - } - - if strings.TrimSpace(storage.ProjectID) == "" { - storage.ProjectID = trimmedRequest - } - - return nil -} - -func onboardAllGeminiProjects(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage) ([]string, error) { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - return nil, fmt.Errorf("fetch project list: %w", errProjects) - } - if len(projects) == 0 { - return nil, fmt.Errorf("no Google Cloud projects available for this account") - } - activated := make([]string, 0, len(projects)) - seen := make(map[string]struct{}, len(projects)) - for _, project := range projects { - candidate := strings.TrimSpace(project.ProjectID) - if candidate == "" { - continue - } - if _, dup := seen[candidate]; dup { - continue - } - if err := performGeminiCLISetup(ctx, httpClient, storage, candidate); err != nil { - return nil, fmt.Errorf("onboard project %s: %w", candidate, err) - } - finalID := strings.TrimSpace(storage.ProjectID) - if finalID == "" { - finalID = candidate - } - activated = append(activated, finalID) - seen[candidate] = struct{}{} - } - if len(activated) == 0 { - return nil, fmt.Errorf("no Google Cloud projects available for this account") - } - return activated, nil -} - -func ensureGeminiProjectsEnabled(ctx context.Context, httpClient *http.Client, projectIDs []string) error { - for _, pid := range projectIDs { - trimmed := strings.TrimSpace(pid) - if trimmed == "" { - continue - } - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, httpClient, trimmed) - if errCheck != nil { - return fmt.Errorf("project %s: %w", trimmed, errCheck) - } - if !isChecked { - return fmt.Errorf("project %s: Cloud AI API not enabled", trimmed) - } - } - return nil -} - -func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage, requestedProject string) error { - metadata := map[string]string{ - "ideType": "IDE_UNSPECIFIED", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - } - - trimmedRequest := strings.TrimSpace(requestedProject) - explicitProject := trimmedRequest != "" - - loadReqBody := map[string]any{ - "metadata": metadata, - } - if explicitProject { - loadReqBody["cloudaicompanionProject"] = trimmedRequest - } - - var loadResp map[string]any - if errLoad := callGeminiCLI(ctx, httpClient, "loadCodeAssist", loadReqBody, &loadResp); errLoad != nil { - return fmt.Errorf("load code assist: %w", errLoad) - } - - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID := trimmedRequest - if projectID == "" { - if id, okProject := loadResp["cloudaicompanionProject"].(string); okProject { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, okProject := loadResp["cloudaicompanionProject"].(map[string]any); okProject { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - } - if projectID == "" { - // Auto-discovery: try onboardUser without specifying a project - // to let Google auto-provision one (matches Gemini CLI headless behavior - // and Antigravity's FetchProjectID pattern). - autoOnboardReq := map[string]any{ - "tierId": tierID, - "metadata": metadata, - } - - autoCtx, autoCancel := context.WithTimeout(ctx, 30*time.Second) - defer autoCancel() - for attempt := 1; ; attempt++ { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(autoCtx, httpClient, "onboardUser", autoOnboardReq, &onboardResp); errOnboard != nil { - return fmt.Errorf("auto-discovery onboardUser: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch v := resp["cloudaicompanionProject"].(type) { - case string: - projectID = strings.TrimSpace(v) - case map[string]any: - if id, okID := v["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - break - } - - log.Debugf("Auto-discovery: onboarding in progress, attempt %d...", attempt) - select { - case <-autoCtx.Done(): - return &projectSelectionRequiredError{} - case <-time.After(2 * time.Second): - } - } - - if projectID == "" { - return &projectSelectionRequiredError{} - } - log.Infof("Auto-discovered project ID via onboarding: %s", projectID) - } - - onboardReqBody := map[string]any{ - "tierId": tierID, - "metadata": metadata, - "cloudaicompanionProject": projectID, - } - - storage.ProjectID = projectID - - for { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(ctx, httpClient, "onboardUser", onboardReqBody, &onboardResp); errOnboard != nil { - return fmt.Errorf("onboard user: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - responseProjectID := "" - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch projectValue := resp["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - responseProjectID = strings.TrimSpace(id) - } - case string: - responseProjectID = strings.TrimSpace(projectValue) - } - } - - finalProjectID := projectID - if responseProjectID != "" { - if explicitProject && !strings.EqualFold(responseProjectID, projectID) { - // Check if this is a free user (gen-lang-client projects or free/legacy tier) - isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") || - strings.EqualFold(tierID, "FREE") || - strings.EqualFold(tierID, "LEGACY") - - if isFreeUser { - // For free users, use backend project ID for preview model access - log.Infof("Gemini onboarding: frontend project %s maps to backend project %s", projectID, responseProjectID) - log.Infof("Using backend project ID: %s (recommended for preview model access)", responseProjectID) - finalProjectID = responseProjectID - } else { - // Pro users: keep requested project ID (original behavior) - log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID) - } - } else { - finalProjectID = responseProjectID - } - } - - storage.ProjectID = strings.TrimSpace(finalProjectID) - if storage.ProjectID == "" { - storage.ProjectID = strings.TrimSpace(projectID) - } - if storage.ProjectID == "" { - return fmt.Errorf("onboard user completed without project id") - } - log.Infof("Onboarding complete. Using Project ID: %s", storage.ProjectID) - return nil - } - - log.Println("Onboarding in progress, waiting 5 seconds...") - time.Sleep(5 * time.Second) - } -} - -func callGeminiCLI(ctx context.Context, httpClient *http.Client, endpoint string, body any, result any) error { - endPointURL := fmt.Sprintf("%s/%s:%s", geminiCLIEndpoint, geminiCLIVersion, endpoint) - if strings.HasPrefix(endpoint, "operations/") { - endPointURL = fmt.Sprintf("%s/%s", geminiCLIEndpoint, endpoint) - } - - var reader io.Reader - if body != nil { - rawBody, errMarshal := json.Marshal(body) - if errMarshal != nil { - return fmt.Errorf("marshal request body: %w", errMarshal) - } - reader = bytes.NewReader(rawBody) - } - - req, errRequest := http.NewRequestWithContext(ctx, http.MethodPost, endPointURL, reader) - if errRequest != nil { - return fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - req.Header.Set("X-Goog-Api-Client", geminiCLIApiClient) - req.Header.Set("Client-Metadata", geminiCLIClientMetadata) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return fmt.Errorf("api request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - if result == nil { - _, _ = io.Copy(io.Discard, resp.Body) - return nil - } - - if errDecode := json.NewDecoder(resp.Body).Decode(result); errDecode != nil { - return fmt.Errorf("decode response body: %w", errDecode) - } - - return nil -} - -func fetchGCPProjects(ctx context.Context, httpClient *http.Client) ([]interfaces.GCPProjectProjects, error) { - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, "https://cloudresourcemanager.googleapis.com/v1/projects", nil) - if errRequest != nil { - return nil, fmt.Errorf("could not create project list request: %w", errRequest) - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("failed to execute project list request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, fmt.Errorf("project list request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var projects interfaces.GCPProject - if errDecode := json.NewDecoder(resp.Body).Decode(&projects); errDecode != nil { - return nil, fmt.Errorf("failed to unmarshal project list: %w", errDecode) - } - - return projects.Projects, nil -} - -func checkCloudAPIIsEnabled(ctx context.Context, httpClient *http.Client, projectID string) (bool, error) { - serviceUsageURL := "https://serviceusage.googleapis.com" - requiredServices := []string{ - "cloudaicompanion.googleapis.com", - } - for _, service := range requiredServices { - checkURL := fmt.Sprintf("%s/v1/projects/%s/services/%s", serviceUsageURL, projectID, service) - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, checkURL, nil) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo := httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - if resp.StatusCode == http.StatusOK { - bodyBytes, _ := io.ReadAll(resp.Body) - if gjson.GetBytes(bodyBytes, "state").String() == "ENABLED" { - _ = resp.Body.Close() - continue - } - } - _ = resp.Body.Close() - - enableURL := fmt.Sprintf("%s/v1/projects/%s/services/%s:enable", serviceUsageURL, projectID, service) - req, errRequest = http.NewRequestWithContext(ctx, http.MethodPost, enableURL, strings.NewReader("{}")) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo = httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - bodyBytes, _ := io.ReadAll(resp.Body) - errMessage := string(bodyBytes) - errMessageResult := gjson.GetBytes(bodyBytes, "error.message") - if errMessageResult.Exists() { - errMessage = errMessageResult.String() - } - if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated { - _ = resp.Body.Close() - continue - } else if resp.StatusCode == http.StatusBadRequest { - _ = resp.Body.Close() - if strings.Contains(strings.ToLower(errMessage), "already enabled") { - continue - } - } - _ = resp.Body.Close() - return false, fmt.Errorf("project activation required: %s", errMessage) - } - return true, nil -} - -func (h *Handler) GetAuthStatus(c *gin.Context) { - state := strings.TrimSpace(c.Query("state")) - if state == "" { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return - } - if err := ValidateOAuthState(state); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid state"}) - return - } - - _, status, ok := GetOAuthSession(state) - if !ok { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return - } - if status != "" { - if strings.HasPrefix(status, "device_code|") { - parts := strings.SplitN(status, "|", 3) - if len(parts) == 3 { - c.JSON(http.StatusOK, gin.H{ - "status": "device_code", - "verification_url": parts[1], - "user_code": parts[2], - }) - return - } - } - if strings.HasPrefix(status, "auth_url|") { - authURL := strings.TrimPrefix(status, "auth_url|") - c.JSON(http.StatusOK, gin.H{ - "status": "auth_url", - "url": authURL, - }) - return - } - c.JSON(http.StatusOK, gin.H{"status": "error", "error": status}) - return - } - c.JSON(http.StatusOK, gin.H{"status": "wait"}) -} - -const kiroCallbackPort = 9876 - -func (h *Handler) RequestKiroToken(c *gin.Context) { - ctx := context.Background() - - // Get the login method from query parameter (default: aws for device code flow) - method := strings.ToLower(strings.TrimSpace(c.Query("method"))) - if method == "" { - method = "aws" - } - - fmt.Println("Initializing Kiro authentication...") - - state := fmt.Sprintf("kiro-%d", time.Now().UnixNano()) - - switch method { - case "aws", "builder-id": - RegisterOAuthSession(state, "kiro") - - // AWS Builder ID uses device code flow (no callback needed) - go func() { - ssoClient := kiroauth.NewSSOOIDCClient(h.cfg) - - // Step 1: Register client - fmt.Println("Registering client...") - regResp, errRegister := ssoClient.RegisterClient(ctx) - if errRegister != nil { - log.Errorf("Failed to register client: %v", errRegister) - SetOAuthSessionError(state, "Failed to register client") - return - } - - // Step 2: Start device authorization - fmt.Println("Starting device authorization...") - authResp, errAuth := ssoClient.StartDeviceAuthorization(ctx, regResp.ClientID, regResp.ClientSecret) - if errAuth != nil { - log.Errorf("Failed to start device auth: %v", errAuth) - SetOAuthSessionError(state, "Failed to start device authorization") - return - } - - // Store the verification URL for the frontend to display. - // Using "|" as separator because URLs contain ":". - SetOAuthSessionError(state, "device_code|"+authResp.VerificationURIComplete+"|"+authResp.UserCode) - - // Step 3: Poll for token - fmt.Println("Waiting for authorization...") - interval := 5 * time.Second - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - SetOAuthSessionError(state, "Authorization cancelled") - return - case <-time.After(interval): - tokenResp, errToken := ssoClient.CreateToken(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode) - if errToken != nil { - errStr := errToken.Error() - if strings.Contains(errStr, "authorization_pending") { - continue - } - if strings.Contains(errStr, "slow_down") { - interval += 5 * time.Second - continue - } - log.Errorf("Token creation failed: %v", errToken) - SetOAuthSessionError(state, "Token creation failed") - return - } - - // Success! Save the token - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - email := kiroauth.ExtractEmailFromJWT(tokenResp.AccessToken) - - idPart := kiroauth.SanitizeEmailForFilename(email) - if idPart == "" { - idPart = fmt.Sprintf("%d", time.Now().UnixNano()%100000) - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-aws-%s.json", idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_at": expiresAt.Format(time.RFC3339), - "auth_method": "builder-id", - "provider": "AWS", - "client_id": regResp.ClientID, - "client_secret": regResp.ClientSecret, - "email": email, - "last_refresh": now.Format(time.RFC3339), - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if email != "" { - fmt.Printf("Authenticated as: %s\n", email) - } - CompleteOAuthSession(state) - return - } - } - - SetOAuthSessionError(state, "Authorization timed out") - }() - - // Return immediately with the state for polling - c.JSON(http.StatusOK, gin.H{"status": "ok", "state": state, "method": "device_code"}) - - case "google", "github": - RegisterOAuthSession(state, "kiro") - - // Social auth uses protocol handler - for WEB UI we use a callback forwarder - provider := "Google" - if method == "github" { - provider = "Github" - } - - isWebUI := isWebUIRequest(c) - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/kiro/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute kiro callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - if _, errStart := startCallbackForwarder(kiroCallbackPort, "kiro", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start kiro callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarder(kiroCallbackPort) - } - - socialClient := kiroauth.NewSocialAuthClient(h.cfg) - - // Generate PKCE codes - codeVerifier, codeChallenge, errPKCE := generateKiroPKCE() - if errPKCE != nil { - log.Errorf("Failed to generate PKCE: %v", errPKCE) - SetOAuthSessionError(state, "Failed to generate PKCE") - return - } - - // Build login URL - authURL := fmt.Sprintf("%s/login?idp=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256&state=%s&prompt=select_account", - "https://prod.us-east-1.auth.desktop.kiro.dev", - provider, - url.QueryEscape(kiroauth.KiroRedirectURI), - codeChallenge, - state, - ) - - // Store auth URL for frontend. - // Using "|" as separator because URLs contain ":". - SetOAuthSessionError(state, "auth_url|"+authURL) - - // Wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-kiro-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - - for { - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errRead := os.ReadFile(waitFile); errRead == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - if m["state"] != state { - log.Errorf("State mismatch") - SetOAuthSessionError(state, "State mismatch") - return - } - code := m["code"] - if code == "" { - log.Error("No authorization code received") - SetOAuthSessionError(state, "No authorization code received") - return - } - - // Exchange code for tokens - tokenReq := &kiroauth.CreateTokenRequest{ - Code: code, - CodeVerifier: codeVerifier, - RedirectURI: kiroauth.KiroRedirectURI, - } - - tokenResp, errToken := socialClient.CreateToken(ctx, tokenReq) - if errToken != nil { - log.Errorf("Failed to exchange code for tokens: %v", errToken) - SetOAuthSessionError(state, "Failed to exchange code for tokens") - return - } - - // Save the token - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - email := kiroauth.ExtractEmailFromJWT(tokenResp.AccessToken) - - idPart := kiroauth.SanitizeEmailForFilename(email) - if idPart == "" { - idPart = fmt.Sprintf("%d", time.Now().UnixNano()%100000) - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-%s-%s.json", strings.ToLower(provider), idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "profile_arn": tokenResp.ProfileArn, - "expires_at": expiresAt.Format(time.RFC3339), - "auth_method": "social", - "provider": provider, - "email": email, - "last_refresh": now.Format(time.RFC3339), - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if email != "" { - fmt.Printf("Authenticated as: %s\n", email) - } - CompleteOAuthSession(state) - return - } - time.Sleep(500 * time.Millisecond) - } - }() - - c.JSON(http.StatusOK, gin.H{"status": "ok", "state": state, "method": "social"}) - - default: - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid method, use 'aws', 'google', or 'github'"}) - } -} - -// generateKiroPKCE generates PKCE code verifier and challenge for Kiro OAuth. -func generateKiroPKCE() (verifier, challenge string, err error) { - b := make([]byte, 32) - if _, errRead := io.ReadFull(rand.Reader, b); errRead != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", errRead) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - - return verifier, challenge, nil -} - -func (h *Handler) RequestKiloToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Kilo authentication...") - - state := fmt.Sprintf("kil-%d", time.Now().UnixNano()) - kilocodeAuth := kilo.NewKiloAuth() - - resp, err := kilocodeAuth.InitiateDeviceFlow(ctx) - if err != nil { - log.Errorf("Failed to initiate device flow: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to initiate device flow"}) - return - } - - RegisterOAuthSession(state, "kilo") - - go func() { - fmt.Printf("Please visit %s and enter code: %s\n", resp.VerificationURL, resp.Code) - - status, err := kilocodeAuth.PollForToken(ctx, resp.Code) - if err != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", err) - return - } - - profile, err := kilocodeAuth.GetProfile(ctx, status.Token) - if err != nil { - log.Warnf("Failed to fetch profile: %v", err) - profile = &kilo.Profile{Email: status.UserEmail} - } - - var orgID string - if len(profile.Orgs) > 0 { - orgID = profile.Orgs[0].ID - } - - defaults, err := kilocodeAuth.GetDefaults(ctx, status.Token, orgID) - if err != nil { - defaults = &kilo.Defaults{} - } - - ts := &kilo.KiloTokenStorage{ - Token: status.Token, - OrganizationID: orgID, - Model: defaults.Model, - Email: status.UserEmail, - Type: "kilo", - } - - fileName := kilo.CredentialFileName(status.UserEmail) - record := &coreauth.Auth{ - ID: fileName, - Provider: "kilo", - FileName: fileName, - Storage: ts, - Metadata: map[string]any{ - "email": status.UserEmail, - "organization_id": orgID, - "model": defaults.Model, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("kilo") - }() - - c.JSON(200, gin.H{ - "status": "ok", - "url": resp.VerificationURL, - "state": state, - "user_code": resp.Code, - "verification_uri": resp.VerificationURL, - }) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/config_basic.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/config_basic.go deleted file mode 100644 index 72f73d32ca..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/config_basic.go +++ /dev/null @@ -1,328 +0,0 @@ -package management - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" -) - -const ( - latestReleaseURL = "https://api.github.com/repos/router-for-me/CLIProxyAPIPlus/releases/latest" - latestReleaseUserAgent = "CLIProxyAPIPlus" -) - -func (h *Handler) GetConfig(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{}) - return - } - c.JSON(200, new(*h.cfg)) -} - -type releaseInfo struct { - TagName string `json:"tag_name"` - Name string `json:"name"` -} - -// GetLatestVersion returns the latest release version from GitHub without downloading assets. -func (h *Handler) GetLatestVersion(c *gin.Context) { - client := &http.Client{Timeout: 10 * time.Second} - proxyURL := "" - if h != nil && h.cfg != nil { - proxyURL = strings.TrimSpace(h.cfg.ProxyURL) - } - if proxyURL != "" { - sdkCfg := &sdkconfig.SDKConfig{ProxyURL: proxyURL} - util.SetProxy(sdkCfg, client) - } - - req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, latestReleaseURL, nil) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "request_create_failed", "message": err.Error()}) - return - } - req.Header.Set("Accept", "application/vnd.github+json") - req.Header.Set("User-Agent", latestReleaseUserAgent) - - resp, err := client.Do(req) - if err != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "request_failed", "message": err.Error()}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.WithError(errClose).Debug("failed to close latest version response body") - } - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - c.JSON(http.StatusBadGateway, gin.H{"error": "unexpected_status", "message": fmt.Sprintf("status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))}) - return - } - - var info releaseInfo - if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "decode_failed", "message": errDecode.Error()}) - return - } - - version := strings.TrimSpace(info.TagName) - if version == "" { - version = strings.TrimSpace(info.Name) - } - if version == "" { - c.JSON(http.StatusBadGateway, gin.H{"error": "invalid_response", "message": "missing release version"}) - return - } - - c.JSON(http.StatusOK, gin.H{"latest-version": version}) -} - -func WriteConfig(path string, data []byte) error { - data = config.NormalizeCommentIndentation(data) - f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) - if err != nil { - return err - } - if _, errWrite := f.Write(data); errWrite != nil { - _ = f.Close() - return errWrite - } - if errSync := f.Sync(); errSync != nil { - _ = f.Close() - return errSync - } - return f.Close() -} - -func (h *Handler) PutConfigYAML(c *gin.Context) { - body, err := io.ReadAll(c.Request.Body) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": "cannot read request body"}) - return - } - var cfg config.Config - if err = yaml.Unmarshal(body, &cfg); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": err.Error()}) - return - } - // Validate config using LoadConfigOptional with optional=false to enforce parsing - tmpDir := filepath.Dir(h.configFilePath) - tmpFile, err := os.CreateTemp(tmpDir, "config-validate-*.yaml") - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()}) - return - } - tempFile := tmpFile.Name() - if _, errWrite := tmpFile.Write(body); errWrite != nil { - _ = tmpFile.Close() - _ = os.Remove(tempFile) - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errWrite.Error()}) - return - } - if errClose := tmpFile.Close(); errClose != nil { - _ = os.Remove(tempFile) - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errClose.Error()}) - return - } - defer func() { - _ = os.Remove(tempFile) - }() - _, err = config.LoadConfigOptional(tempFile, false) - if err != nil { - c.JSON(http.StatusUnprocessableEntity, gin.H{"error": "invalid_config", "message": err.Error()}) - return - } - h.mu.Lock() - defer h.mu.Unlock() - if WriteConfig(h.configFilePath, body) != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": "failed to write config"}) - return - } - // Reload into handler to keep memory in sync - newCfg, err := config.LoadConfig(h.configFilePath) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "reload_failed", "message": err.Error()}) - return - } - h.cfg = newCfg - c.JSON(http.StatusOK, gin.H{"ok": true, "changed": []string{"config"}}) -} - -// GetConfigYAML returns the raw config.yaml file bytes without re-encoding. -// It preserves comments and original formatting/styles. -func (h *Handler) GetConfigYAML(c *gin.Context) { - data, err := os.ReadFile(h.configFilePath) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "not_found", "message": "config file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": "read_failed", "message": err.Error()}) - return - } - c.Header("Content-Type", "application/yaml; charset=utf-8") - c.Header("Cache-Control", "no-store") - c.Header("X-Content-Type-Options", "nosniff") - // Write raw bytes as-is - _, _ = c.Writer.Write(data) -} - -// Debug -func (h *Handler) GetDebug(c *gin.Context) { c.JSON(200, gin.H{"debug": h.cfg.Debug}) } -func (h *Handler) PutDebug(c *gin.Context) { h.updateBoolField(c, func(v bool) { h.cfg.Debug = v }) } - -// UsageStatisticsEnabled -func (h *Handler) GetUsageStatisticsEnabled(c *gin.Context) { - c.JSON(200, gin.H{"usage-statistics-enabled": h.cfg.UsageStatisticsEnabled}) -} -func (h *Handler) PutUsageStatisticsEnabled(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.UsageStatisticsEnabled = v }) -} - -// UsageStatisticsEnabled -func (h *Handler) GetLoggingToFile(c *gin.Context) { - c.JSON(200, gin.H{"logging-to-file": h.cfg.LoggingToFile}) -} -func (h *Handler) PutLoggingToFile(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.LoggingToFile = v }) -} - -// LogsMaxTotalSizeMB -func (h *Handler) GetLogsMaxTotalSizeMB(c *gin.Context) { - c.JSON(200, gin.H{"logs-max-total-size-mb": h.cfg.LogsMaxTotalSizeMB}) -} -func (h *Handler) PutLogsMaxTotalSizeMB(c *gin.Context) { - var body struct { - Value *int `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - value := *body.Value - if value < 0 { - value = 0 - } - h.cfg.LogsMaxTotalSizeMB = value - h.persist(c) -} - -// ErrorLogsMaxFiles -func (h *Handler) GetErrorLogsMaxFiles(c *gin.Context) { - c.JSON(200, gin.H{"error-logs-max-files": h.cfg.ErrorLogsMaxFiles}) -} -func (h *Handler) PutErrorLogsMaxFiles(c *gin.Context) { - var body struct { - Value *int `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - value := *body.Value - if value < 0 { - value = 10 - } - h.cfg.ErrorLogsMaxFiles = value - h.persist(c) -} - -// Request log -func (h *Handler) GetRequestLog(c *gin.Context) { c.JSON(200, gin.H{"request-log": h.cfg.RequestLog}) } -func (h *Handler) PutRequestLog(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.RequestLog = v }) -} - -// Websocket auth -func (h *Handler) GetWebsocketAuth(c *gin.Context) { - c.JSON(200, gin.H{"ws-auth": h.cfg.WebsocketAuth}) -} -func (h *Handler) PutWebsocketAuth(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.WebsocketAuth = v }) -} - -// Request retry -func (h *Handler) GetRequestRetry(c *gin.Context) { - c.JSON(200, gin.H{"request-retry": h.cfg.RequestRetry}) -} -func (h *Handler) PutRequestRetry(c *gin.Context) { - h.updateIntField(c, func(v int) { h.cfg.RequestRetry = v }) -} - -// Max retry interval -func (h *Handler) GetMaxRetryInterval(c *gin.Context) { - c.JSON(200, gin.H{"max-retry-interval": h.cfg.MaxRetryInterval}) -} -func (h *Handler) PutMaxRetryInterval(c *gin.Context) { - h.updateIntField(c, func(v int) { h.cfg.MaxRetryInterval = v }) -} - -// ForceModelPrefix -func (h *Handler) GetForceModelPrefix(c *gin.Context) { - c.JSON(200, gin.H{"force-model-prefix": h.cfg.ForceModelPrefix}) -} -func (h *Handler) PutForceModelPrefix(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.ForceModelPrefix = v }) -} - -func normalizeRoutingStrategy(strategy string) (string, bool) { - normalized := strings.ToLower(strings.TrimSpace(strategy)) - switch normalized { - case "", "round-robin", "roundrobin", "rr": - return "round-robin", true - case "fill-first", "fillfirst", "ff": - return "fill-first", true - default: - return "", false - } -} - -// RoutingStrategy -func (h *Handler) GetRoutingStrategy(c *gin.Context) { - strategy, ok := normalizeRoutingStrategy(h.cfg.Routing.Strategy) - if !ok { - c.JSON(200, gin.H{"strategy": strings.TrimSpace(h.cfg.Routing.Strategy)}) - return - } - c.JSON(200, gin.H{"strategy": strategy}) -} -func (h *Handler) PutRoutingStrategy(c *gin.Context) { - var body struct { - Value *string `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - normalized, ok := normalizeRoutingStrategy(*body.Value) - if !ok { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid strategy"}) - return - } - h.cfg.Routing.Strategy = normalized - h.persist(c) -} - -// Proxy URL -func (h *Handler) GetProxyURL(c *gin.Context) { c.JSON(200, gin.H{"proxy-url": h.cfg.ProxyURL}) } -func (h *Handler) PutProxyURL(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.ProxyURL = v }) -} -func (h *Handler) DeleteProxyURL(c *gin.Context) { - h.cfg.ProxyURL = "" - h.persist(c) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/config_lists.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/config_lists.go deleted file mode 100644 index 0153a38129..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/config_lists.go +++ /dev/null @@ -1,1368 +0,0 @@ -package management - -import ( - "encoding/json" - "fmt" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// Generic helpers for list[string] -func (h *Handler) putStringList(c *gin.Context, set func([]string), after func()) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []string - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []string `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - set(arr) - if after != nil { - after() - } - h.persist(c) -} - -func (h *Handler) patchStringList(c *gin.Context, target *[]string, after func()) { - var body struct { - Old *string `json:"old"` - New *string `json:"new"` - Index *int `json:"index"` - Value *string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - if body.Index != nil && body.Value != nil && *body.Index >= 0 && *body.Index < len(*target) { - (*target)[*body.Index] = *body.Value - if after != nil { - after() - } - h.persist(c) - return - } - if body.Old != nil && body.New != nil { - for i := range *target { - if (*target)[i] == *body.Old { - (*target)[i] = *body.New - if after != nil { - after() - } - h.persist(c) - return - } - } - *target = append(*target, *body.New) - if after != nil { - after() - } - h.persist(c) - return - } - c.JSON(400, gin.H{"error": "missing fields"}) -} - -func (h *Handler) deleteFromStringList(c *gin.Context, target *[]string, after func()) { - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(*target) { - *target = append((*target)[:idx], (*target)[idx+1:]...) - if after != nil { - after() - } - h.persist(c) - return - } - } - if val := strings.TrimSpace(c.Query("value")); val != "" { - out := make([]string, 0, len(*target)) - for _, v := range *target { - if strings.TrimSpace(v) != val { - out = append(out, v) - } - } - *target = out - if after != nil { - after() - } - h.persist(c) - return - } - c.JSON(400, gin.H{"error": "missing index or value"}) -} - -// api-keys -func (h *Handler) GetAPIKeys(c *gin.Context) { c.JSON(200, gin.H{"api-keys": h.cfg.APIKeys}) } -func (h *Handler) PutAPIKeys(c *gin.Context) { - h.putStringList(c, func(v []string) { - h.cfg.APIKeys = append([]string(nil), v...) - }, nil) -} -func (h *Handler) PatchAPIKeys(c *gin.Context) { - h.patchStringList(c, &h.cfg.APIKeys, func() {}) -} -func (h *Handler) DeleteAPIKeys(c *gin.Context) { - h.deleteFromStringList(c, &h.cfg.APIKeys, func() {}) -} - -// gemini-api-key: []GeminiKey -func (h *Handler) GetGeminiKeys(c *gin.Context) { - c.JSON(200, gin.H{"gemini-api-key": h.cfg.GeminiKey}) -} -func (h *Handler) PutGeminiKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.GeminiKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.GeminiKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - h.cfg.GeminiKey = append([]config.GeminiKey(nil), arr...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) -} -func (h *Handler) PatchGeminiKey(c *gin.Context) { - type geminiKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *geminiKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.GeminiKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - if match != "" { - for i := range h.cfg.GeminiKey { - if h.cfg.GeminiKey[i].APIKey == match { - targetIndex = i - break - } - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.GeminiKey[targetIndex] - if body.Value.APIKey != nil { - trimmed := strings.TrimSpace(*body.Value.APIKey) - if trimmed == "" { - h.cfg.GeminiKey = append(h.cfg.GeminiKey[:targetIndex], h.cfg.GeminiKey[targetIndex+1:]...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) - return - } - entry.APIKey = trimmed - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - entry.BaseURL = strings.TrimSpace(*body.Value.BaseURL) - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - h.cfg.GeminiKey[targetIndex] = entry - h.cfg.SanitizeGeminiKeys() - h.persist(c) -} - -func (h *Handler) DeleteGeminiKey(c *gin.Context) { - if val := strings.TrimSpace(c.Query("api-key")); val != "" { - out := make([]config.GeminiKey, 0, len(h.cfg.GeminiKey)) - for _, v := range h.cfg.GeminiKey { - if v.APIKey != val { - out = append(out, v) - } - } - if len(out) != len(h.cfg.GeminiKey) { - h.cfg.GeminiKey = out - h.cfg.SanitizeGeminiKeys() - h.persist(c) - } else { - c.JSON(404, gin.H{"error": "item not found"}) - } - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - if _, err := fmt.Sscanf(idxStr, "%d", &idx); err == nil && idx >= 0 && idx < len(h.cfg.GeminiKey) { - h.cfg.GeminiKey = append(h.cfg.GeminiKey[:idx], h.cfg.GeminiKey[idx+1:]...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// claude-api-key: []ClaudeKey -func (h *Handler) GetClaudeKeys(c *gin.Context) { - c.JSON(200, gin.H{"claude-api-key": h.cfg.ClaudeKey}) -} -func (h *Handler) PutClaudeKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.ClaudeKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.ClaudeKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - for i := range arr { - normalizeClaudeKey(&arr[i]) - } - h.cfg.ClaudeKey = arr - h.cfg.SanitizeClaudeKeys() - h.persist(c) -} -func (h *Handler) PatchClaudeKey(c *gin.Context) { - type claudeKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Models *[]config.ClaudeModel `json:"models"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *claudeKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.ClaudeKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - for i := range h.cfg.ClaudeKey { - if h.cfg.ClaudeKey[i].APIKey == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.ClaudeKey[targetIndex] - if body.Value.APIKey != nil { - entry.APIKey = strings.TrimSpace(*body.Value.APIKey) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - entry.BaseURL = strings.TrimSpace(*body.Value.BaseURL) - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Models != nil { - entry.Models = append([]config.ClaudeModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - normalizeClaudeKey(&entry) - h.cfg.ClaudeKey[targetIndex] = entry - h.cfg.SanitizeClaudeKeys() - h.persist(c) -} - -func (h *Handler) DeleteClaudeKey(c *gin.Context) { - if val := c.Query("api-key"); val != "" { - out := make([]config.ClaudeKey, 0, len(h.cfg.ClaudeKey)) - for _, v := range h.cfg.ClaudeKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.ClaudeKey = out - h.cfg.SanitizeClaudeKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.ClaudeKey) { - h.cfg.ClaudeKey = append(h.cfg.ClaudeKey[:idx], h.cfg.ClaudeKey[idx+1:]...) - h.cfg.SanitizeClaudeKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// openai-compatibility: []OpenAICompatibility -func (h *Handler) GetOpenAICompat(c *gin.Context) { - c.JSON(200, gin.H{"openai-compatibility": normalizedOpenAICompatibilityEntries(h.cfg.OpenAICompatibility)}) -} -func (h *Handler) PutOpenAICompat(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.OpenAICompatibility - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.OpenAICompatibility `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - filtered := make([]config.OpenAICompatibility, 0, len(arr)) - for i := range arr { - normalizeOpenAICompatibilityEntry(&arr[i]) - if strings.TrimSpace(arr[i].BaseURL) != "" { - filtered = append(filtered, arr[i]) - } - } - h.cfg.OpenAICompatibility = filtered - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) -} -func (h *Handler) PatchOpenAICompat(c *gin.Context) { - type openAICompatPatch struct { - Name *string `json:"name"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - APIKeyEntries *[]config.OpenAICompatibilityAPIKey `json:"api-key-entries"` - Models *[]config.OpenAICompatibilityModel `json:"models"` - Headers *map[string]string `json:"headers"` - } - var body struct { - Name *string `json:"name"` - Index *int `json:"index"` - Value *openAICompatPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.OpenAICompatibility) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Name != nil { - match := strings.TrimSpace(*body.Name) - for i := range h.cfg.OpenAICompatibility { - if h.cfg.OpenAICompatibility[i].Name == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.OpenAICompatibility[targetIndex] - if body.Value.Name != nil { - entry.Name = strings.TrimSpace(*body.Value.Name) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:targetIndex], h.cfg.OpenAICompatibility[targetIndex+1:]...) - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.APIKeyEntries != nil { - entry.APIKeyEntries = append([]config.OpenAICompatibilityAPIKey(nil), (*body.Value.APIKeyEntries)...) - } - if body.Value.Models != nil { - entry.Models = append([]config.OpenAICompatibilityModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - normalizeOpenAICompatibilityEntry(&entry) - h.cfg.OpenAICompatibility[targetIndex] = entry - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) -} - -func (h *Handler) DeleteOpenAICompat(c *gin.Context) { - if name := c.Query("name"); name != "" { - out := make([]config.OpenAICompatibility, 0, len(h.cfg.OpenAICompatibility)) - for _, v := range h.cfg.OpenAICompatibility { - if v.Name != name { - out = append(out, v) - } - } - h.cfg.OpenAICompatibility = out - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.OpenAICompatibility) { - h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:idx], h.cfg.OpenAICompatibility[idx+1:]...) - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing name or index"}) -} - -// vertex-api-key: []VertexCompatKey -func (h *Handler) GetVertexCompatKeys(c *gin.Context) { - c.JSON(200, gin.H{"vertex-api-key": h.cfg.VertexCompatAPIKey}) -} -func (h *Handler) PutVertexCompatKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.VertexCompatKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.VertexCompatKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - for i := range arr { - normalizeVertexCompatKey(&arr[i]) - } - h.cfg.VertexCompatAPIKey = arr - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) -} -func (h *Handler) PatchVertexCompatKey(c *gin.Context) { - type vertexCompatPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Headers *map[string]string `json:"headers"` - Models *[]config.VertexCompatModel `json:"models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *vertexCompatPatch `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.VertexCompatAPIKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - if match != "" { - for i := range h.cfg.VertexCompatAPIKey { - if h.cfg.VertexCompatAPIKey[i].APIKey == match { - targetIndex = i - break - } - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.VertexCompatAPIKey[targetIndex] - if body.Value.APIKey != nil { - trimmed := strings.TrimSpace(*body.Value.APIKey) - if trimmed == "" { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - entry.APIKey = trimmed - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.Models != nil { - entry.Models = append([]config.VertexCompatModel(nil), (*body.Value.Models)...) - } - normalizeVertexCompatKey(&entry) - h.cfg.VertexCompatAPIKey[targetIndex] = entry - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) -} - -func (h *Handler) DeleteVertexCompatKey(c *gin.Context) { - if val := strings.TrimSpace(c.Query("api-key")); val != "" { - out := make([]config.VertexCompatKey, 0, len(h.cfg.VertexCompatAPIKey)) - for _, v := range h.cfg.VertexCompatAPIKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.VertexCompatAPIKey = out - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, errScan := fmt.Sscanf(idxStr, "%d", &idx) - if errScan == nil && idx >= 0 && idx < len(h.cfg.VertexCompatAPIKey) { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:idx], h.cfg.VertexCompatAPIKey[idx+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// oauth-excluded-models: map[string][]string -func (h *Handler) GetOAuthExcludedModels(c *gin.Context) { - c.JSON(200, gin.H{"oauth-excluded-models": config.NormalizeOAuthExcludedModels(h.cfg.OAuthExcludedModels)}) -} - -func (h *Handler) PutOAuthExcludedModels(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var entries map[string][]string - if err = json.Unmarshal(data, &entries); err != nil { - var wrapper struct { - Items map[string][]string `json:"items"` - } - if err2 := json.Unmarshal(data, &wrapper); err2 != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - entries = wrapper.Items - } - h.cfg.OAuthExcludedModels = config.NormalizeOAuthExcludedModels(entries) - h.persist(c) -} - -func (h *Handler) PatchOAuthExcludedModels(c *gin.Context) { - var body struct { - Provider *string `json:"provider"` - Models []string `json:"models"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Provider == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - provider := strings.ToLower(strings.TrimSpace(*body.Provider)) - if provider == "" { - c.JSON(400, gin.H{"error": "invalid provider"}) - return - } - normalized := config.NormalizeExcludedModels(body.Models) - if len(normalized) == 0 { - if h.cfg.OAuthExcludedModels == nil { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - if _, ok := h.cfg.OAuthExcludedModels[provider]; !ok { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - delete(h.cfg.OAuthExcludedModels, provider) - if len(h.cfg.OAuthExcludedModels) == 0 { - h.cfg.OAuthExcludedModels = nil - } - h.persist(c) - return - } - if h.cfg.OAuthExcludedModels == nil { - h.cfg.OAuthExcludedModels = make(map[string][]string) - } - h.cfg.OAuthExcludedModels[provider] = normalized - h.persist(c) -} - -func (h *Handler) DeleteOAuthExcludedModels(c *gin.Context) { - provider := strings.ToLower(strings.TrimSpace(c.Query("provider"))) - if provider == "" { - c.JSON(400, gin.H{"error": "missing provider"}) - return - } - if h.cfg.OAuthExcludedModels == nil { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - if _, ok := h.cfg.OAuthExcludedModels[provider]; !ok { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - delete(h.cfg.OAuthExcludedModels, provider) - if len(h.cfg.OAuthExcludedModels) == 0 { - h.cfg.OAuthExcludedModels = nil - } - h.persist(c) -} - -// oauth-model-alias: map[string][]OAuthModelAlias -func (h *Handler) GetOAuthModelAlias(c *gin.Context) { - c.JSON(200, gin.H{"oauth-model-alias": sanitizedOAuthModelAlias(h.cfg.OAuthModelAlias)}) -} - -func (h *Handler) PutOAuthModelAlias(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var entries map[string][]config.OAuthModelAlias - if err = json.Unmarshal(data, &entries); err != nil { - var wrapper struct { - Items map[string][]config.OAuthModelAlias `json:"items"` - } - if err2 := json.Unmarshal(data, &wrapper); err2 != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - entries = wrapper.Items - } - h.cfg.OAuthModelAlias = sanitizedOAuthModelAlias(entries) - h.persist(c) -} - -func (h *Handler) PatchOAuthModelAlias(c *gin.Context) { - var body struct { - Provider *string `json:"provider"` - Channel *string `json:"channel"` - Aliases []config.OAuthModelAlias `json:"aliases"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - channelRaw := "" - if body.Channel != nil { - channelRaw = *body.Channel - } else if body.Provider != nil { - channelRaw = *body.Provider - } - channel := strings.ToLower(strings.TrimSpace(channelRaw)) - if channel == "" { - c.JSON(400, gin.H{"error": "invalid channel"}) - return - } - - normalizedMap := sanitizedOAuthModelAlias(map[string][]config.OAuthModelAlias{channel: body.Aliases}) - normalized := normalizedMap[channel] - if len(normalized) == 0 { - // Only delete if channel exists, otherwise just create empty entry - if h.cfg.OAuthModelAlias != nil { - if _, ok := h.cfg.OAuthModelAlias[channel]; ok { - delete(h.cfg.OAuthModelAlias, channel) - if len(h.cfg.OAuthModelAlias) == 0 { - h.cfg.OAuthModelAlias = nil - } - h.persist(c) - return - } - } - // Create new channel with empty aliases - if h.cfg.OAuthModelAlias == nil { - h.cfg.OAuthModelAlias = make(map[string][]config.OAuthModelAlias) - } - h.cfg.OAuthModelAlias[channel] = []config.OAuthModelAlias{} - h.persist(c) - return - } - if h.cfg.OAuthModelAlias == nil { - h.cfg.OAuthModelAlias = make(map[string][]config.OAuthModelAlias) - } - h.cfg.OAuthModelAlias[channel] = normalized - h.persist(c) -} - -func (h *Handler) DeleteOAuthModelAlias(c *gin.Context) { - channel := strings.ToLower(strings.TrimSpace(c.Query("channel"))) - if channel == "" { - channel = strings.ToLower(strings.TrimSpace(c.Query("provider"))) - } - if channel == "" { - c.JSON(400, gin.H{"error": "missing channel"}) - return - } - if h.cfg.OAuthModelAlias == nil { - c.JSON(404, gin.H{"error": "channel not found"}) - return - } - if _, ok := h.cfg.OAuthModelAlias[channel]; !ok { - c.JSON(404, gin.H{"error": "channel not found"}) - return - } - // Set to nil instead of deleting the key so that the "explicitly disabled" - // marker survives config reload and prevents SanitizeOAuthModelAlias from - // re-injecting default aliases (fixes #222). - h.cfg.OAuthModelAlias[channel] = nil - h.persist(c) -} - -// codex-api-key: []CodexKey -func (h *Handler) GetCodexKeys(c *gin.Context) { - c.JSON(200, gin.H{"codex-api-key": h.cfg.CodexKey}) -} -func (h *Handler) PutCodexKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.CodexKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.CodexKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - // Filter out codex entries with empty base-url (treat as removed) - filtered := make([]config.CodexKey, 0, len(arr)) - for i := range arr { - entry := arr[i] - normalizeCodexKey(&entry) - if entry.BaseURL == "" { - continue - } - filtered = append(filtered, entry) - } - h.cfg.CodexKey = filtered - h.cfg.SanitizeCodexKeys() - h.persist(c) -} -func (h *Handler) PatchCodexKey(c *gin.Context) { - type codexKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Models *[]config.CodexModel `json:"models"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *codexKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.CodexKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - for i := range h.cfg.CodexKey { - if h.cfg.CodexKey[i].APIKey == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.CodexKey[targetIndex] - if body.Value.APIKey != nil { - entry.APIKey = strings.TrimSpace(*body.Value.APIKey) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.CodexKey = append(h.cfg.CodexKey[:targetIndex], h.cfg.CodexKey[targetIndex+1:]...) - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Models != nil { - entry.Models = append([]config.CodexModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - normalizeCodexKey(&entry) - h.cfg.CodexKey[targetIndex] = entry - h.cfg.SanitizeCodexKeys() - h.persist(c) -} - -func (h *Handler) DeleteCodexKey(c *gin.Context) { - if val := c.Query("api-key"); val != "" { - out := make([]config.CodexKey, 0, len(h.cfg.CodexKey)) - for _, v := range h.cfg.CodexKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.CodexKey = out - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.CodexKey) { - h.cfg.CodexKey = append(h.cfg.CodexKey[:idx], h.cfg.CodexKey[idx+1:]...) - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -func normalizeOpenAICompatibilityEntry(entry *config.OpenAICompatibility) { - if entry == nil { - return - } - // Trim base-url; empty base-url indicates provider should be removed by sanitization - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - existing := make(map[string]struct{}, len(entry.APIKeyEntries)) - for i := range entry.APIKeyEntries { - trimmed := strings.TrimSpace(entry.APIKeyEntries[i].APIKey) - entry.APIKeyEntries[i].APIKey = trimmed - if trimmed != "" { - existing[trimmed] = struct{}{} - } - } -} - -func normalizedOpenAICompatibilityEntries(entries []config.OpenAICompatibility) []config.OpenAICompatibility { - if len(entries) == 0 { - return nil - } - out := make([]config.OpenAICompatibility, len(entries)) - for i := range entries { - copyEntry := entries[i] - if len(copyEntry.APIKeyEntries) > 0 { - copyEntry.APIKeyEntries = append([]config.OpenAICompatibilityAPIKey(nil), copyEntry.APIKeyEntries...) - } - normalizeOpenAICompatibilityEntry(©Entry) - out[i] = copyEntry - } - return out -} - -func normalizeClaudeKey(entry *config.ClaudeKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - entry.ExcludedModels = config.NormalizeExcludedModels(entry.ExcludedModels) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.ClaudeModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" && model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func normalizeCodexKey(entry *config.CodexKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.Prefix = strings.TrimSpace(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - entry.ExcludedModels = config.NormalizeExcludedModels(entry.ExcludedModels) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.CodexModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" && model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func normalizeVertexCompatKey(entry *config.VertexCompatKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.Prefix = strings.TrimSpace(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.VertexCompatModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" || model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func sanitizedOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string][]config.OAuthModelAlias { - if len(entries) == 0 { - return nil - } - copied := make(map[string][]config.OAuthModelAlias, len(entries)) - for channel, aliases := range entries { - if len(aliases) == 0 { - continue - } - copied[channel] = append([]config.OAuthModelAlias(nil), aliases...) - } - if len(copied) == 0 { - return nil - } - cfg := config.Config{OAuthModelAlias: copied} - cfg.SanitizeOAuthModelAlias() - if len(cfg.OAuthModelAlias) == 0 { - return nil - } - return cfg.OAuthModelAlias -} - -// GetAmpCode returns the complete ampcode configuration. -func (h *Handler) GetAmpCode(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"ampcode": config.AmpCode{}}) - return - } - c.JSON(200, gin.H{"ampcode": h.cfg.AmpCode}) -} - -// GetAmpUpstreamURL returns the ampcode upstream URL. -func (h *Handler) GetAmpUpstreamURL(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-url": ""}) - return - } - c.JSON(200, gin.H{"upstream-url": h.cfg.AmpCode.UpstreamURL}) -} - -// PutAmpUpstreamURL updates the ampcode upstream URL. -func (h *Handler) PutAmpUpstreamURL(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.AmpCode.UpstreamURL = strings.TrimSpace(v) }) -} - -// DeleteAmpUpstreamURL clears the ampcode upstream URL. -func (h *Handler) DeleteAmpUpstreamURL(c *gin.Context) { - h.cfg.AmpCode.UpstreamURL = "" - h.persist(c) -} - -// GetAmpUpstreamAPIKey returns the ampcode upstream API key. -func (h *Handler) GetAmpUpstreamAPIKey(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-api-key": ""}) - return - } - c.JSON(200, gin.H{"upstream-api-key": h.cfg.AmpCode.UpstreamAPIKey}) -} - -// PutAmpUpstreamAPIKey updates the ampcode upstream API key. -func (h *Handler) PutAmpUpstreamAPIKey(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.AmpCode.UpstreamAPIKey = strings.TrimSpace(v) }) -} - -// DeleteAmpUpstreamAPIKey clears the ampcode upstream API key. -func (h *Handler) DeleteAmpUpstreamAPIKey(c *gin.Context) { - h.cfg.AmpCode.UpstreamAPIKey = "" - h.persist(c) -} - -// GetAmpRestrictManagementToLocalhost returns the localhost restriction setting. -func (h *Handler) GetAmpRestrictManagementToLocalhost(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"restrict-management-to-localhost": true}) - return - } - c.JSON(200, gin.H{"restrict-management-to-localhost": h.cfg.AmpCode.RestrictManagementToLocalhost}) -} - -// PutAmpRestrictManagementToLocalhost updates the localhost restriction setting. -func (h *Handler) PutAmpRestrictManagementToLocalhost(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.AmpCode.RestrictManagementToLocalhost = v }) -} - -// GetAmpModelMappings returns the ampcode model mappings. -func (h *Handler) GetAmpModelMappings(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"model-mappings": []config.AmpModelMapping{}}) - return - } - c.JSON(200, gin.H{"model-mappings": h.cfg.AmpCode.ModelMappings}) -} - -// PutAmpModelMappings replaces all ampcode model mappings. -func (h *Handler) PutAmpModelMappings(c *gin.Context) { - var body struct { - Value []config.AmpModelMapping `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - h.cfg.AmpCode.ModelMappings = body.Value - h.persist(c) -} - -// PatchAmpModelMappings adds or updates model mappings. -func (h *Handler) PatchAmpModelMappings(c *gin.Context) { - var body struct { - Value []config.AmpModelMapping `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - existing := make(map[string]int) - for i, m := range h.cfg.AmpCode.ModelMappings { - existing[strings.TrimSpace(m.From)] = i - } - - for _, newMapping := range body.Value { - from := strings.TrimSpace(newMapping.From) - if idx, ok := existing[from]; ok { - h.cfg.AmpCode.ModelMappings[idx] = newMapping - } else { - h.cfg.AmpCode.ModelMappings = append(h.cfg.AmpCode.ModelMappings, newMapping) - existing[from] = len(h.cfg.AmpCode.ModelMappings) - 1 - } - } - h.persist(c) -} - -// DeleteAmpModelMappings removes specified model mappings by "from" field. -func (h *Handler) DeleteAmpModelMappings(c *gin.Context) { - var body struct { - Value []string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || len(body.Value) == 0 { - h.cfg.AmpCode.ModelMappings = nil - h.persist(c) - return - } - - toRemove := make(map[string]bool) - for _, from := range body.Value { - toRemove[strings.TrimSpace(from)] = true - } - - newMappings := make([]config.AmpModelMapping, 0, len(h.cfg.AmpCode.ModelMappings)) - for _, m := range h.cfg.AmpCode.ModelMappings { - if !toRemove[strings.TrimSpace(m.From)] { - newMappings = append(newMappings, m) - } - } - h.cfg.AmpCode.ModelMappings = newMappings - h.persist(c) -} - -// GetAmpForceModelMappings returns whether model mappings are forced. -func (h *Handler) GetAmpForceModelMappings(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"force-model-mappings": false}) - return - } - c.JSON(200, gin.H{"force-model-mappings": h.cfg.AmpCode.ForceModelMappings}) -} - -// PutAmpForceModelMappings updates the force model mappings setting. -func (h *Handler) PutAmpForceModelMappings(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.AmpCode.ForceModelMappings = v }) -} - -// GetAmpUpstreamAPIKeys returns the ampcode upstream API keys mapping. -func (h *Handler) GetAmpUpstreamAPIKeys(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-api-keys": []config.AmpUpstreamAPIKeyEntry{}}) - return - } - c.JSON(200, gin.H{"upstream-api-keys": h.cfg.AmpCode.UpstreamAPIKeys}) -} - -// PutAmpUpstreamAPIKeys replaces all ampcode upstream API keys mappings. -func (h *Handler) PutAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []config.AmpUpstreamAPIKeyEntry `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - // Normalize entries: trim whitespace, filter empty - normalized := normalizeAmpUpstreamAPIKeyEntries(body.Value) - h.cfg.AmpCode.UpstreamAPIKeys = normalized - h.persist(c) -} - -// PatchAmpUpstreamAPIKeys adds or updates upstream API keys entries. -// Matching is done by upstream-api-key value. -func (h *Handler) PatchAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []config.AmpUpstreamAPIKeyEntry `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - existing := make(map[string]int) - for i, entry := range h.cfg.AmpCode.UpstreamAPIKeys { - existing[strings.TrimSpace(entry.UpstreamAPIKey)] = i - } - - for _, newEntry := range body.Value { - upstreamKey := strings.TrimSpace(newEntry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - normalizedEntry := config.AmpUpstreamAPIKeyEntry{ - UpstreamAPIKey: upstreamKey, - APIKeys: normalizeAPIKeysList(newEntry.APIKeys), - } - if idx, ok := existing[upstreamKey]; ok { - h.cfg.AmpCode.UpstreamAPIKeys[idx] = normalizedEntry - } else { - h.cfg.AmpCode.UpstreamAPIKeys = append(h.cfg.AmpCode.UpstreamAPIKeys, normalizedEntry) - existing[upstreamKey] = len(h.cfg.AmpCode.UpstreamAPIKeys) - 1 - } - } - h.persist(c) -} - -// DeleteAmpUpstreamAPIKeys removes specified upstream API keys entries. -// Body must be JSON: {"value": ["", ...]}. -// If "value" is an empty array, clears all entries. -// If JSON is invalid or "value" is missing/null, returns 400 and does not persist any change. -func (h *Handler) DeleteAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - if body.Value == nil { - c.JSON(400, gin.H{"error": "missing value"}) - return - } - - // Empty array means clear all - if len(body.Value) == 0 { - h.cfg.AmpCode.UpstreamAPIKeys = nil - h.persist(c) - return - } - - toRemove := make(map[string]bool) - for _, key := range body.Value { - trimmed := strings.TrimSpace(key) - if trimmed == "" { - continue - } - toRemove[trimmed] = true - } - if len(toRemove) == 0 { - c.JSON(400, gin.H{"error": "empty value"}) - return - } - - newEntries := make([]config.AmpUpstreamAPIKeyEntry, 0, len(h.cfg.AmpCode.UpstreamAPIKeys)) - for _, entry := range h.cfg.AmpCode.UpstreamAPIKeys { - if !toRemove[strings.TrimSpace(entry.UpstreamAPIKey)] { - newEntries = append(newEntries, entry) - } - } - h.cfg.AmpCode.UpstreamAPIKeys = newEntries - h.persist(c) -} - -// normalizeAmpUpstreamAPIKeyEntries normalizes a list of upstream API key entries. -func normalizeAmpUpstreamAPIKeyEntries(entries []config.AmpUpstreamAPIKeyEntry) []config.AmpUpstreamAPIKeyEntry { - if len(entries) == 0 { - return nil - } - out := make([]config.AmpUpstreamAPIKeyEntry, 0, len(entries)) - for _, entry := range entries { - upstreamKey := strings.TrimSpace(entry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - apiKeys := normalizeAPIKeysList(entry.APIKeys) - out = append(out, config.AmpUpstreamAPIKeyEntry{ - UpstreamAPIKey: upstreamKey, - APIKeys: apiKeys, - }) - } - if len(out) == 0 { - return nil - } - return out -} - -// normalizeAPIKeysList trims and filters empty strings from a list of API keys. -func normalizeAPIKeysList(keys []string) []string { - if len(keys) == 0 { - return nil - } - out := make([]string, 0, len(keys)) - for _, k := range keys { - trimmed := strings.TrimSpace(k) - if trimmed != "" { - out = append(out, trimmed) - } - } - if len(out) == 0 { - return nil - } - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/handler.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/handler.go deleted file mode 100644 index 613c9841d0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/handler.go +++ /dev/null @@ -1,317 +0,0 @@ -// Package management provides the management API handlers and middleware -// for configuring the server and managing auth files. -package management - -import ( - "crypto/subtle" - "fmt" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/buildinfo" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/usage" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "golang.org/x/crypto/bcrypt" -) - -type attemptInfo struct { - count int - blockedUntil time.Time - lastActivity time.Time // track last activity for cleanup -} - -// attemptCleanupInterval controls how often stale IP entries are purged -const attemptCleanupInterval = 1 * time.Hour - -// attemptMaxIdleTime controls how long an IP can be idle before cleanup -const attemptMaxIdleTime = 2 * time.Hour - -// Handler aggregates config reference, persistence path and helpers. -type Handler struct { - cfg *config.Config - configFilePath string - mu sync.Mutex - attemptsMu sync.Mutex - failedAttempts map[string]*attemptInfo // keyed by client IP - authManager *coreauth.Manager - usageStats *usage.RequestStatistics - tokenStore coreauth.Store - localPassword string - allowRemoteOverride bool - envSecret string - logDir string -} - -// NewHandler creates a new management handler instance. -func NewHandler(cfg *config.Config, configFilePath string, manager *coreauth.Manager) *Handler { - envSecret, _ := os.LookupEnv("MANAGEMENT_PASSWORD") - envSecret = strings.TrimSpace(envSecret) - - h := &Handler{ - cfg: cfg, - configFilePath: configFilePath, - failedAttempts: make(map[string]*attemptInfo), - authManager: manager, - usageStats: usage.GetRequestStatistics(), - tokenStore: sdkAuth.GetTokenStore(), - allowRemoteOverride: envSecret != "", - envSecret: envSecret, - } - h.startAttemptCleanup() - return h -} - -// startAttemptCleanup launches a background goroutine that periodically -// removes stale IP entries from failedAttempts to prevent memory leaks. -func (h *Handler) startAttemptCleanup() { - go func() { - ticker := time.NewTicker(attemptCleanupInterval) - defer ticker.Stop() - for range ticker.C { - h.purgeStaleAttempts() - } - }() -} - -// purgeStaleAttempts removes IP entries that have been idle beyond attemptMaxIdleTime -// and whose ban (if any) has expired. -func (h *Handler) purgeStaleAttempts() { - now := time.Now() - h.attemptsMu.Lock() - defer h.attemptsMu.Unlock() - for ip, ai := range h.failedAttempts { - // Skip if still banned - if !ai.blockedUntil.IsZero() && now.Before(ai.blockedUntil) { - continue - } - // Remove if idle too long - if now.Sub(ai.lastActivity) > attemptMaxIdleTime { - delete(h.failedAttempts, ip) - } - } -} - -// NewHandler creates a new management handler instance. -func NewHandlerWithoutConfigFilePath(cfg *config.Config, manager *coreauth.Manager) *Handler { - return NewHandler(cfg, "", manager) -} - -// SetConfig updates the in-memory config reference when the server hot-reloads. -func (h *Handler) SetConfig(cfg *config.Config) { h.cfg = cfg } - -// SetAuthManager updates the auth manager reference used by management endpoints. -func (h *Handler) SetAuthManager(manager *coreauth.Manager) { h.authManager = manager } - -// SetUsageStatistics allows replacing the usage statistics reference. -func (h *Handler) SetUsageStatistics(stats *usage.RequestStatistics) { h.usageStats = stats } - -// SetLocalPassword configures the runtime-local password accepted for localhost requests. -func (h *Handler) SetLocalPassword(password string) { h.localPassword = password } - -// SetLogDirectory updates the directory where main.log should be looked up. -func (h *Handler) SetLogDirectory(dir string) { - if dir == "" { - return - } - if !filepath.IsAbs(dir) { - if abs, err := filepath.Abs(dir); err == nil { - dir = abs - } - } - h.logDir = dir -} - -// Middleware enforces access control for management endpoints. -// All requests (local and remote) require a valid management key. -// Additionally, remote access requires allow-remote-management=true. -func (h *Handler) Middleware() gin.HandlerFunc { - const maxFailures = 5 - const banDuration = 30 * time.Minute - - return func(c *gin.Context) { - c.Header("X-CPA-VERSION", buildinfo.Version) - c.Header("X-CPA-COMMIT", buildinfo.Commit) - c.Header("X-CPA-BUILD-DATE", buildinfo.BuildDate) - - clientIP := c.ClientIP() - localClient := clientIP == "127.0.0.1" || clientIP == "::1" - cfg := h.cfg - var ( - allowRemote bool - secretHash string - ) - if cfg != nil { - allowRemote = cfg.RemoteManagement.AllowRemote - secretHash = cfg.RemoteManagement.SecretKey - } - if h.allowRemoteOverride { - allowRemote = true - } - envSecret := h.envSecret - - fail := func() {} - if !localClient { - h.attemptsMu.Lock() - ai := h.failedAttempts[clientIP] - if ai != nil { - if !ai.blockedUntil.IsZero() { - if time.Now().Before(ai.blockedUntil) { - remaining := time.Until(ai.blockedUntil).Round(time.Second) - h.attemptsMu.Unlock() - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": fmt.Sprintf("IP banned due to too many failed attempts. Try again in %s", remaining)}) - return - } - // Ban expired, reset state - ai.blockedUntil = time.Time{} - ai.count = 0 - } - } - h.attemptsMu.Unlock() - - if !allowRemote { - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management disabled"}) - return - } - - fail = func() { - h.attemptsMu.Lock() - aip := h.failedAttempts[clientIP] - if aip == nil { - aip = &attemptInfo{} - h.failedAttempts[clientIP] = aip - } - aip.count++ - aip.lastActivity = time.Now() - if aip.count >= maxFailures { - aip.blockedUntil = time.Now().Add(banDuration) - aip.count = 0 - } - h.attemptsMu.Unlock() - } - } - if secretHash == "" && envSecret == "" { - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management key not set"}) - return - } - - // Accept either Authorization: Bearer or X-Management-Key - var provided string - if ah := c.GetHeader("Authorization"); ah != "" { - parts := strings.SplitN(ah, " ", 2) - if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" { - provided = parts[1] - } else { - provided = ah - } - } - if provided == "" { - provided = c.GetHeader("X-Management-Key") - } - - if provided == "" { - if !localClient { - fail() - } - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "missing management key"}) - return - } - - if localClient { - if lp := h.localPassword; lp != "" { - if subtle.ConstantTimeCompare([]byte(provided), []byte(lp)) == 1 { - c.Next() - return - } - } - } - - if envSecret != "" && subtle.ConstantTimeCompare([]byte(provided), []byte(envSecret)) == 1 { - if !localClient { - h.attemptsMu.Lock() - if ai := h.failedAttempts[clientIP]; ai != nil { - ai.count = 0 - ai.blockedUntil = time.Time{} - } - h.attemptsMu.Unlock() - } - c.Next() - return - } - - if secretHash == "" || bcrypt.CompareHashAndPassword([]byte(secretHash), []byte(provided)) != nil { - if !localClient { - fail() - } - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid management key"}) - return - } - - if !localClient { - h.attemptsMu.Lock() - if ai := h.failedAttempts[clientIP]; ai != nil { - ai.count = 0 - ai.blockedUntil = time.Time{} - } - h.attemptsMu.Unlock() - } - - c.Next() - } -} - -// persist saves the current in-memory config to disk. -func (h *Handler) persist(c *gin.Context) bool { - h.mu.Lock() - defer h.mu.Unlock() - // Preserve comments when writing - if err := config.SaveConfigPreserveComments(h.configFilePath, h.cfg); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to save config: %v", err)}) - return false - } - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return true -} - -// Helper methods for simple types -func (h *Handler) updateBoolField(c *gin.Context, set func(bool)) { - var body struct { - Value *bool `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} - -func (h *Handler) updateIntField(c *gin.Context, set func(int)) { - var body struct { - Value *int `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} - -func (h *Handler) updateStringField(c *gin.Context, set func(string)) { - var body struct { - Value *string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/logs.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/logs.go deleted file mode 100644 index b64cd61938..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/logs.go +++ /dev/null @@ -1,583 +0,0 @@ -package management - -import ( - "bufio" - "fmt" - "math" - "net/http" - "os" - "path/filepath" - "sort" - "strconv" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" -) - -const ( - defaultLogFileName = "main.log" - logScannerInitialBuffer = 64 * 1024 - logScannerMaxBuffer = 8 * 1024 * 1024 -) - -// GetLogs returns log lines with optional incremental loading. -func (h *Handler) GetLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if !h.cfg.LoggingToFile { - c.JSON(http.StatusBadRequest, gin.H{"error": "logging to file disabled"}) - return - } - - logDir := h.logDirectory() - if strings.TrimSpace(logDir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - files, err := h.collectLogFiles(logDir) - if err != nil { - if os.IsNotExist(err) { - cutoff := parseCutoff(c.Query("after")) - c.JSON(http.StatusOK, gin.H{ - "lines": []string{}, - "line-count": 0, - "latest-timestamp": cutoff, - }) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log files: %v", err)}) - return - } - - limit, errLimit := parseLimit(c.Query("limit")) - if errLimit != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("invalid limit: %v", errLimit)}) - return - } - - cutoff := parseCutoff(c.Query("after")) - acc := newLogAccumulator(cutoff, limit) - for i := range files { - if errProcess := acc.consumeFile(files[i]); errProcess != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file %s: %v", files[i], errProcess)}) - return - } - } - - lines, total, latest := acc.result() - if latest == 0 || latest < cutoff { - latest = cutoff - } - c.JSON(http.StatusOK, gin.H{ - "lines": lines, - "line-count": total, - "latest-timestamp": latest, - }) -} - -// DeleteLogs removes all rotated log files and truncates the active log. -func (h *Handler) DeleteLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if !h.cfg.LoggingToFile { - c.JSON(http.StatusBadRequest, gin.H{"error": "logging to file disabled"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "log directory not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log directory: %v", err)}) - return - } - - removed := 0 - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - fullPath := filepath.Join(dir, name) - if name == defaultLogFileName { - if errTrunc := os.Truncate(fullPath, 0); errTrunc != nil && !os.IsNotExist(errTrunc) { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to truncate log file: %v", errTrunc)}) - return - } - continue - } - if isRotatedLogFile(name) { - if errRemove := os.Remove(fullPath); errRemove != nil && !os.IsNotExist(errRemove) { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to remove %s: %v", name, errRemove)}) - return - } - removed++ - } - } - - c.JSON(http.StatusOK, gin.H{ - "success": true, - "message": "Logs cleared successfully", - "removed": removed, - }) -} - -// GetRequestErrorLogs lists error request log files when RequestLog is disabled. -// It returns an empty list when RequestLog is enabled. -func (h *Handler) GetRequestErrorLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if h.cfg.RequestLog { - c.JSON(http.StatusOK, gin.H{"files": []any{}}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusOK, gin.H{"files": []any{}}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list request error logs: %v", err)}) - return - } - - type errorLog struct { - Name string `json:"name"` - Size int64 `json:"size"` - Modified int64 `json:"modified"` - } - - files := make([]errorLog, 0, len(entries)) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log info for %s: %v", name, errInfo)}) - return - } - files = append(files, errorLog{ - Name: name, - Size: info.Size(), - Modified: info.ModTime().Unix(), - }) - } - - sort.Slice(files, func(i, j int) bool { return files[i].Modified > files[j].Modified }) - - c.JSON(http.StatusOK, gin.H{"files": files}) -} - -// GetRequestLogByID finds and downloads a request log file by its request ID. -// The ID is matched against the suffix of log file names (format: *-{requestID}.log). -func (h *Handler) GetRequestLogByID(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - requestID := strings.TrimSpace(c.Param("id")) - if requestID == "" { - requestID = strings.TrimSpace(c.Query("id")) - } - if requestID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing request ID"}) - return - } - if strings.ContainsAny(requestID, "/\\") { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request ID"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "log directory not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log directory: %v", err)}) - return - } - - suffix := "-" + requestID + ".log" - var matchedFile string - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if strings.HasSuffix(name, suffix) { - matchedFile = name - break - } - } - - if matchedFile == "" { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found for the given request ID"}) - return - } - - dirAbs, errAbs := filepath.Abs(dir) - if errAbs != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to resolve log directory: %v", errAbs)}) - return - } - fullPath := filepath.Clean(filepath.Join(dirAbs, matchedFile)) - prefix := dirAbs + string(os.PathSeparator) - if !strings.HasPrefix(fullPath, prefix) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file path"}) - return - } - - info, errStat := os.Stat(fullPath) - if errStat != nil { - if os.IsNotExist(errStat) { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file: %v", errStat)}) - return - } - if info.IsDir() { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file"}) - return - } - - c.FileAttachment(fullPath, matchedFile) -} - -// DownloadRequestErrorLog downloads a specific error request log file by name. -func (h *Handler) DownloadRequestErrorLog(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - name := strings.TrimSpace(c.Param("name")) - if name == "" || strings.Contains(name, "/") || strings.Contains(name, "\\") { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file name"}) - return - } - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - - dirAbs, errAbs := filepath.Abs(dir) - if errAbs != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to resolve log directory: %v", errAbs)}) - return - } - fullPath := filepath.Clean(filepath.Join(dirAbs, name)) - prefix := dirAbs + string(os.PathSeparator) - if !strings.HasPrefix(fullPath, prefix) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file path"}) - return - } - - info, errStat := os.Stat(fullPath) - if errStat != nil { - if os.IsNotExist(errStat) { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file: %v", errStat)}) - return - } - if info.IsDir() { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file"}) - return - } - - c.FileAttachment(fullPath, name) -} - -func (h *Handler) logDirectory() string { - if h == nil { - return "" - } - if h.logDir != "" { - return h.logDir - } - return logging.ResolveLogDirectory(h.cfg) -} - -func (h *Handler) collectLogFiles(dir string) ([]string, error) { - entries, err := os.ReadDir(dir) - if err != nil { - return nil, err - } - type candidate struct { - path string - order int64 - } - cands := make([]candidate, 0, len(entries)) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if name == defaultLogFileName { - cands = append(cands, candidate{path: filepath.Join(dir, name), order: 0}) - continue - } - if order, ok := rotationOrder(name); ok { - cands = append(cands, candidate{path: filepath.Join(dir, name), order: order}) - } - } - if len(cands) == 0 { - return []string{}, nil - } - sort.Slice(cands, func(i, j int) bool { return cands[i].order < cands[j].order }) - paths := make([]string, 0, len(cands)) - for i := len(cands) - 1; i >= 0; i-- { - paths = append(paths, cands[i].path) - } - return paths, nil -} - -type logAccumulator struct { - cutoff int64 - limit int - lines []string - total int - latest int64 - include bool -} - -func newLogAccumulator(cutoff int64, limit int) *logAccumulator { - capacity := 256 - if limit > 0 && limit < capacity { - capacity = limit - } - return &logAccumulator{ - cutoff: cutoff, - limit: limit, - lines: make([]string, 0, capacity), - } -} - -func (acc *logAccumulator) consumeFile(path string) error { - file, err := os.Open(path) - if err != nil { - if os.IsNotExist(err) { - return nil - } - return err - } - defer func() { - _ = file.Close() - }() - - scanner := bufio.NewScanner(file) - buf := make([]byte, 0, logScannerInitialBuffer) - scanner.Buffer(buf, logScannerMaxBuffer) - for scanner.Scan() { - acc.addLine(scanner.Text()) - } - if errScan := scanner.Err(); errScan != nil { - return errScan - } - return nil -} - -func (acc *logAccumulator) addLine(raw string) { - line := strings.TrimRight(raw, "\r") - acc.total++ - ts := parseTimestamp(line) - if ts > acc.latest { - acc.latest = ts - } - if ts > 0 { - acc.include = acc.cutoff == 0 || ts > acc.cutoff - if acc.cutoff == 0 || acc.include { - acc.append(line) - } - return - } - if acc.cutoff == 0 || acc.include { - acc.append(line) - } -} - -func (acc *logAccumulator) append(line string) { - acc.lines = append(acc.lines, line) - if acc.limit > 0 && len(acc.lines) > acc.limit { - acc.lines = acc.lines[len(acc.lines)-acc.limit:] - } -} - -func (acc *logAccumulator) result() ([]string, int, int64) { - if acc.lines == nil { - acc.lines = []string{} - } - return acc.lines, acc.total, acc.latest -} - -func parseCutoff(raw string) int64 { - value := strings.TrimSpace(raw) - if value == "" { - return 0 - } - ts, err := strconv.ParseInt(value, 10, 64) - if err != nil || ts <= 0 { - return 0 - } - return ts -} - -func parseLimit(raw string) (int, error) { - value := strings.TrimSpace(raw) - if value == "" { - return 0, nil - } - limit, err := strconv.Atoi(value) - if err != nil { - return 0, fmt.Errorf("must be a positive integer") - } - if limit <= 0 { - return 0, fmt.Errorf("must be greater than zero") - } - return limit, nil -} - -func parseTimestamp(line string) int64 { - if strings.HasPrefix(line, "[") { - line = line[1:] - } - if len(line) < 19 { - return 0 - } - candidate := line[:19] - t, err := time.ParseInLocation("2006-01-02 15:04:05", candidate, time.Local) - if err != nil { - return 0 - } - return t.Unix() -} - -func isRotatedLogFile(name string) bool { - if _, ok := rotationOrder(name); ok { - return true - } - return false -} - -func rotationOrder(name string) (int64, bool) { - if order, ok := numericRotationOrder(name); ok { - return order, true - } - if order, ok := timestampRotationOrder(name); ok { - return order, true - } - return 0, false -} - -func numericRotationOrder(name string) (int64, bool) { - if !strings.HasPrefix(name, defaultLogFileName+".") { - return 0, false - } - suffix := strings.TrimPrefix(name, defaultLogFileName+".") - if suffix == "" { - return 0, false - } - n, err := strconv.Atoi(suffix) - if err != nil { - return 0, false - } - return int64(n), true -} - -func timestampRotationOrder(name string) (int64, bool) { - ext := filepath.Ext(defaultLogFileName) - base := strings.TrimSuffix(defaultLogFileName, ext) - if base == "" { - return 0, false - } - prefix := base + "-" - if !strings.HasPrefix(name, prefix) { - return 0, false - } - clean := strings.TrimPrefix(name, prefix) - if strings.HasSuffix(clean, ".gz") { - clean = strings.TrimSuffix(clean, ".gz") - } - if ext != "" { - if !strings.HasSuffix(clean, ext) { - return 0, false - } - clean = strings.TrimSuffix(clean, ext) - } - if clean == "" { - return 0, false - } - if idx := strings.IndexByte(clean, '.'); idx != -1 { - clean = clean[:idx] - } - parsed, err := time.ParseInLocation("2006-01-02T15-04-05", clean, time.Local) - if err != nil { - return 0, false - } - return math.MaxInt64 - parsed.Unix(), true -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/model_definitions.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/model_definitions.go deleted file mode 100644 index 85ff314bf4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/model_definitions.go +++ /dev/null @@ -1,33 +0,0 @@ -package management - -import ( - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" -) - -// GetStaticModelDefinitions returns static model metadata for a given channel. -// Channel is provided via path param (:channel) or query param (?channel=...). -func (h *Handler) GetStaticModelDefinitions(c *gin.Context) { - channel := strings.TrimSpace(c.Param("channel")) - if channel == "" { - channel = strings.TrimSpace(c.Query("channel")) - } - if channel == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "channel is required"}) - return - } - - models := registry.GetStaticModelDefinitionsByChannel(channel) - if models == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "unknown channel", "channel": channel}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "channel": strings.ToLower(strings.TrimSpace(channel)), - "models": models, - }) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_callback.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_callback.go deleted file mode 100644 index c69a332ee7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_callback.go +++ /dev/null @@ -1,100 +0,0 @@ -package management - -import ( - "errors" - "net/http" - "net/url" - "strings" - - "github.com/gin-gonic/gin" -) - -type oauthCallbackRequest struct { - Provider string `json:"provider"` - RedirectURL string `json:"redirect_url"` - Code string `json:"code"` - State string `json:"state"` - Error string `json:"error"` -} - -func (h *Handler) PostOAuthCallback(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "handler not initialized"}) - return - } - - var req oauthCallbackRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid body"}) - return - } - - canonicalProvider, err := NormalizeOAuthProvider(req.Provider) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "unsupported provider"}) - return - } - - state := strings.TrimSpace(req.State) - code := strings.TrimSpace(req.Code) - errMsg := strings.TrimSpace(req.Error) - - if rawRedirect := strings.TrimSpace(req.RedirectURL); rawRedirect != "" { - u, errParse := url.Parse(rawRedirect) - if errParse != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid redirect_url"}) - return - } - q := u.Query() - if state == "" { - state = strings.TrimSpace(q.Get("state")) - } - if code == "" { - code = strings.TrimSpace(q.Get("code")) - } - if errMsg == "" { - errMsg = strings.TrimSpace(q.Get("error")) - if errMsg == "" { - errMsg = strings.TrimSpace(q.Get("error_description")) - } - } - } - - if state == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "state is required"}) - return - } - if err := ValidateOAuthState(state); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid state"}) - return - } - if code == "" && errMsg == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "code or error is required"}) - return - } - - sessionProvider, sessionStatus, ok := GetOAuthSession(state) - if !ok { - c.JSON(http.StatusNotFound, gin.H{"status": "error", "error": "unknown or expired state"}) - return - } - if sessionStatus != "" { - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"}) - return - } - if !strings.EqualFold(sessionProvider, canonicalProvider) { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "provider does not match state"}) - return - } - - if _, errWrite := WriteOAuthCallbackFileForPendingSession(h.cfg.AuthDir, canonicalProvider, state, code, errMsg); errWrite != nil { - if errors.Is(errWrite, errOAuthSessionNotPending) { - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to persist oauth callback"}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_sessions.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_sessions.go deleted file mode 100644 index bc882e990e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/oauth_sessions.go +++ /dev/null @@ -1,292 +0,0 @@ -package management - -import ( - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "time" -) - -const ( - oauthSessionTTL = 10 * time.Minute - maxOAuthStateLength = 128 -) - -var ( - errInvalidOAuthState = errors.New("invalid oauth state") - errUnsupportedOAuthFlow = errors.New("unsupported oauth provider") - errOAuthSessionNotPending = errors.New("oauth session is not pending") -) - -type oauthSession struct { - Provider string - Status string - CreatedAt time.Time - ExpiresAt time.Time -} - -type oauthSessionStore struct { - mu sync.RWMutex - ttl time.Duration - sessions map[string]oauthSession -} - -func newOAuthSessionStore(ttl time.Duration) *oauthSessionStore { - if ttl <= 0 { - ttl = oauthSessionTTL - } - return &oauthSessionStore{ - ttl: ttl, - sessions: make(map[string]oauthSession), - } -} - -func (s *oauthSessionStore) purgeExpiredLocked(now time.Time) { - for state, session := range s.sessions { - if !session.ExpiresAt.IsZero() && now.After(session.ExpiresAt) { - delete(s.sessions, state) - } - } -} - -func (s *oauthSessionStore) Register(state, provider string) { - state = strings.TrimSpace(state) - provider = strings.ToLower(strings.TrimSpace(provider)) - if state == "" || provider == "" { - return - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - s.sessions[state] = oauthSession{ - Provider: provider, - Status: "", - CreatedAt: now, - ExpiresAt: now.Add(s.ttl), - } -} - -func (s *oauthSessionStore) SetError(state, message string) { - state = strings.TrimSpace(state) - message = strings.TrimSpace(message) - if state == "" { - return - } - if message == "" { - message = "Authentication failed" - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - if !ok { - return - } - session.Status = message - session.ExpiresAt = now.Add(s.ttl) - s.sessions[state] = session -} - -func (s *oauthSessionStore) Complete(state string) { - state = strings.TrimSpace(state) - if state == "" { - return - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - delete(s.sessions, state) -} - -func (s *oauthSessionStore) CompleteProvider(provider string) int { - provider = strings.ToLower(strings.TrimSpace(provider)) - if provider == "" { - return 0 - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - removed := 0 - for state, session := range s.sessions { - if strings.EqualFold(session.Provider, provider) { - delete(s.sessions, state) - removed++ - } - } - return removed -} - -func (s *oauthSessionStore) Get(state string) (oauthSession, bool) { - state = strings.TrimSpace(state) - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - return session, ok -} - -func (s *oauthSessionStore) IsPending(state, provider string) bool { - state = strings.TrimSpace(state) - provider = strings.ToLower(strings.TrimSpace(provider)) - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - if !ok { - return false - } - if session.Status != "" { - if !strings.EqualFold(session.Provider, "kiro") { - return false - } - if !strings.HasPrefix(session.Status, "device_code|") && !strings.HasPrefix(session.Status, "auth_url|") { - return false - } - } - if provider == "" { - return true - } - return strings.EqualFold(session.Provider, provider) -} - -var oauthSessions = newOAuthSessionStore(oauthSessionTTL) - -func RegisterOAuthSession(state, provider string) { oauthSessions.Register(state, provider) } - -func SetOAuthSessionError(state, message string) { oauthSessions.SetError(state, message) } - -func CompleteOAuthSession(state string) { oauthSessions.Complete(state) } - -func CompleteOAuthSessionsByProvider(provider string) int { - return oauthSessions.CompleteProvider(provider) -} - -func GetOAuthSession(state string) (provider string, status string, ok bool) { - session, ok := oauthSessions.Get(state) - if !ok { - return "", "", false - } - return session.Provider, session.Status, true -} - -func IsOAuthSessionPending(state, provider string) bool { - return oauthSessions.IsPending(state, provider) -} - -func ValidateOAuthState(state string) error { - trimmed := strings.TrimSpace(state) - if trimmed == "" { - return fmt.Errorf("%w: empty", errInvalidOAuthState) - } - if len(trimmed) > maxOAuthStateLength { - return fmt.Errorf("%w: too long", errInvalidOAuthState) - } - if strings.Contains(trimmed, "/") || strings.Contains(trimmed, "\\") { - return fmt.Errorf("%w: contains path separator", errInvalidOAuthState) - } - if strings.Contains(trimmed, "..") { - return fmt.Errorf("%w: contains '..'", errInvalidOAuthState) - } - for _, r := range trimmed { - switch { - case r >= 'a' && r <= 'z': - case r >= 'A' && r <= 'Z': - case r >= '0' && r <= '9': - case r == '-' || r == '_' || r == '.': - default: - return fmt.Errorf("%w: invalid character", errInvalidOAuthState) - } - } - return nil -} - -func NormalizeOAuthProvider(provider string) (string, error) { - switch strings.ToLower(strings.TrimSpace(provider)) { - case "anthropic", "claude": - return "anthropic", nil - case "codex", "openai": - return "codex", nil - case "gemini", "google": - return "gemini", nil - case "iflow", "i-flow": - return "iflow", nil - case "antigravity", "anti-gravity": - return "antigravity", nil - case "qwen": - return "qwen", nil - case "kiro": - return "kiro", nil - case "github": - return "github", nil - default: - return "", errUnsupportedOAuthFlow - } -} - -type oauthCallbackFilePayload struct { - Code string `json:"code"` - State string `json:"state"` - Error string `json:"error"` -} - -func WriteOAuthCallbackFile(authDir, provider, state, code, errorMessage string) (string, error) { - if strings.TrimSpace(authDir) == "" { - return "", fmt.Errorf("auth dir is empty") - } - canonicalProvider, err := NormalizeOAuthProvider(provider) - if err != nil { - return "", err - } - if err := ValidateOAuthState(state); err != nil { - return "", err - } - - fileName := fmt.Sprintf(".oauth-%s-%s.oauth", canonicalProvider, state) - filePath := filepath.Join(authDir, fileName) - payload := oauthCallbackFilePayload{ - Code: strings.TrimSpace(code), - State: strings.TrimSpace(state), - Error: strings.TrimSpace(errorMessage), - } - data, err := json.Marshal(payload) - if err != nil { - return "", fmt.Errorf("marshal oauth callback payload: %w", err) - } - if err := os.WriteFile(filePath, data, 0o600); err != nil { - return "", fmt.Errorf("write oauth callback file: %w", err) - } - return filePath, nil -} - -func WriteOAuthCallbackFileForPendingSession(authDir, provider, state, code, errorMessage string) (string, error) { - canonicalProvider, err := NormalizeOAuthProvider(provider) - if err != nil { - return "", err - } - if !IsOAuthSessionPending(state, canonicalProvider) { - return "", errOAuthSessionNotPending - } - return WriteOAuthCallbackFile(authDir, canonicalProvider, state, code, errorMessage) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/quota.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/quota.go deleted file mode 100644 index c7efd217bd..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/quota.go +++ /dev/null @@ -1,18 +0,0 @@ -package management - -import "github.com/gin-gonic/gin" - -// Quota exceeded toggles -func (h *Handler) GetSwitchProject(c *gin.Context) { - c.JSON(200, gin.H{"switch-project": h.cfg.QuotaExceeded.SwitchProject}) -} -func (h *Handler) PutSwitchProject(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchProject = v }) -} - -func (h *Handler) GetSwitchPreviewModel(c *gin.Context) { - c.JSON(200, gin.H{"switch-preview-model": h.cfg.QuotaExceeded.SwitchPreviewModel}) -} -func (h *Handler) PutSwitchPreviewModel(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchPreviewModel = v }) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/usage.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/usage.go deleted file mode 100644 index 5f79408963..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/usage.go +++ /dev/null @@ -1,79 +0,0 @@ -package management - -import ( - "encoding/json" - "net/http" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/usage" -) - -type usageExportPayload struct { - Version int `json:"version"` - ExportedAt time.Time `json:"exported_at"` - Usage usage.StatisticsSnapshot `json:"usage"` -} - -type usageImportPayload struct { - Version int `json:"version"` - Usage usage.StatisticsSnapshot `json:"usage"` -} - -// GetUsageStatistics returns the in-memory request statistics snapshot. -func (h *Handler) GetUsageStatistics(c *gin.Context) { - var snapshot usage.StatisticsSnapshot - if h != nil && h.usageStats != nil { - snapshot = h.usageStats.Snapshot() - } - c.JSON(http.StatusOK, gin.H{ - "usage": snapshot, - "failed_requests": snapshot.FailureCount, - }) -} - -// ExportUsageStatistics returns a complete usage snapshot for backup/migration. -func (h *Handler) ExportUsageStatistics(c *gin.Context) { - var snapshot usage.StatisticsSnapshot - if h != nil && h.usageStats != nil { - snapshot = h.usageStats.Snapshot() - } - c.JSON(http.StatusOK, usageExportPayload{ - Version: 1, - ExportedAt: time.Now().UTC(), - Usage: snapshot, - }) -} - -// ImportUsageStatistics merges a previously exported usage snapshot into memory. -func (h *Handler) ImportUsageStatistics(c *gin.Context) { - if h == nil || h.usageStats == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "usage statistics unavailable"}) - return - } - - data, err := c.GetRawData() - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - - var payload usageImportPayload - if err := json.Unmarshal(data, &payload); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json"}) - return - } - if payload.Version != 0 && payload.Version != 1 { - c.JSON(http.StatusBadRequest, gin.H{"error": "unsupported version"}) - return - } - - result := h.usageStats.MergeSnapshot(payload.Usage) - snapshot := h.usageStats.Snapshot() - c.JSON(http.StatusOK, gin.H{ - "added": result.Added, - "skipped": result.Skipped, - "total_requests": snapshot.TotalRequests, - "failed_requests": snapshot.FailureCount, - }) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/handlers/management/vertex_import.go b/.worktrees/config/m/config-build/active/internal/api/handlers/management/vertex_import.go deleted file mode 100644 index bad066a270..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/handlers/management/vertex_import.go +++ /dev/null @@ -1,156 +0,0 @@ -package management - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/vertex" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// ImportVertexCredential handles uploading a Vertex service account JSON and saving it as an auth record. -func (h *Handler) ImportVertexCredential(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "config unavailable"}) - return - } - if h.cfg.AuthDir == "" { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "auth directory not configured"}) - return - } - - fileHeader, err := c.FormFile("file") - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "file required"}) - return - } - - file, err := fileHeader.Open() - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - return - } - defer file.Close() - - data, err := io.ReadAll(file) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - return - } - - var serviceAccount map[string]any - if err := json.Unmarshal(data, &serviceAccount); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json", "message": err.Error()}) - return - } - - normalizedSA, err := vertex.NormalizeServiceAccountMap(serviceAccount) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid service account", "message": err.Error()}) - return - } - serviceAccount = normalizedSA - - projectID := strings.TrimSpace(valueAsString(serviceAccount["project_id"])) - if projectID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "project_id missing"}) - return - } - email := strings.TrimSpace(valueAsString(serviceAccount["client_email"])) - - location := strings.TrimSpace(c.PostForm("location")) - if location == "" { - location = strings.TrimSpace(c.Query("location")) - } - if location == "" { - location = "us-central1" - } - - fileName := fmt.Sprintf("vertex-%s.json", sanitizeVertexFilePart(projectID)) - label := labelForVertex(projectID, email) - storage := &vertex.VertexCredentialStorage{ - ServiceAccount: serviceAccount, - ProjectID: projectID, - Email: email, - Location: location, - Type: "vertex", - } - metadata := map[string]any{ - "service_account": serviceAccount, - "project_id": projectID, - "email": email, - "location": location, - "type": "vertex", - "label": label, - } - record := &coreauth.Auth{ - ID: fileName, - Provider: "vertex", - FileName: fileName, - Storage: storage, - Label: label, - Metadata: metadata, - } - - ctx := context.Background() - if reqCtx := c.Request.Context(); reqCtx != nil { - ctx = reqCtx - } - savedPath, err := h.saveTokenRecord(ctx, record) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "save_failed", "message": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "auth-file": savedPath, - "project_id": projectID, - "email": email, - "location": location, - }) -} - -func valueAsString(v any) string { - if v == nil { - return "" - } - switch t := v.(type) { - case string: - return t - default: - return fmt.Sprint(t) - } -} - -func sanitizeVertexFilePart(s string) string { - out := strings.TrimSpace(s) - replacers := []string{"/", "_", "\\", "_", ":", "_", " ", "-"} - for i := 0; i < len(replacers); i += 2 { - out = strings.ReplaceAll(out, replacers[i], replacers[i+1]) - } - if out == "" { - return "vertex" - } - return out -} - -func labelForVertex(projectID, email string) string { - p := strings.TrimSpace(projectID) - e := strings.TrimSpace(email) - if p != "" && e != "" { - return fmt.Sprintf("%s (%s)", p, e) - } - if p != "" { - return p - } - if e != "" { - return e - } - return "vertex" -} diff --git a/.worktrees/config/m/config-build/active/internal/api/middleware/request_logging.go b/.worktrees/config/m/config-build/active/internal/api/middleware/request_logging.go deleted file mode 100644 index b57dd8aa42..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/middleware/request_logging.go +++ /dev/null @@ -1,165 +0,0 @@ -// Package middleware provides HTTP middleware components for the CLI Proxy API server. -// This file contains the request logging middleware that captures comprehensive -// request and response data when enabled through configuration. -package middleware - -import ( - "bytes" - "io" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" -) - -const maxErrorOnlyCapturedRequestBodyBytes int64 = 1 << 20 // 1 MiB - -// RequestLoggingMiddleware creates a Gin middleware that logs HTTP requests and responses. -// It captures detailed information about the request and response, including headers and body, -// and uses the provided RequestLogger to record this data. When full request logging is disabled, -// body capture is limited to small known-size payloads to avoid large per-request memory spikes. -func RequestLoggingMiddleware(logger logging.RequestLogger) gin.HandlerFunc { - return func(c *gin.Context) { - if logger == nil { - c.Next() - return - } - - if shouldSkipMethodForRequestLogging(c.Request) { - c.Next() - return - } - - path := c.Request.URL.Path - if !shouldLogRequest(path) { - c.Next() - return - } - - loggerEnabled := logger.IsEnabled() - - // Capture request information - requestInfo, err := captureRequestInfo(c, shouldCaptureRequestBody(loggerEnabled, c.Request)) - if err != nil { - // Log error but continue processing - // In a real implementation, you might want to use a proper logger here - c.Next() - return - } - - // Create response writer wrapper - wrapper := NewResponseWriterWrapper(c.Writer, logger, requestInfo) - if !loggerEnabled { - wrapper.logOnErrorOnly = true - } - c.Writer = wrapper - - // Process the request - c.Next() - - // Finalize logging after request processing - if err = wrapper.Finalize(c); err != nil { - // Log error but don't interrupt the response - // In a real implementation, you might want to use a proper logger here - } - } -} - -func shouldSkipMethodForRequestLogging(req *http.Request) bool { - if req == nil { - return true - } - if req.Method != http.MethodGet { - return false - } - return !isResponsesWebsocketUpgrade(req) -} - -func isResponsesWebsocketUpgrade(req *http.Request) bool { - if req == nil || req.URL == nil { - return false - } - if req.URL.Path != "/v1/responses" { - return false - } - return strings.EqualFold(strings.TrimSpace(req.Header.Get("Upgrade")), "websocket") -} - -func shouldCaptureRequestBody(loggerEnabled bool, req *http.Request) bool { - if loggerEnabled { - return true - } - if req == nil || req.Body == nil { - return false - } - contentType := strings.ToLower(strings.TrimSpace(req.Header.Get("Content-Type"))) - if strings.HasPrefix(contentType, "multipart/form-data") { - return false - } - if req.ContentLength <= 0 { - return false - } - return req.ContentLength <= maxErrorOnlyCapturedRequestBodyBytes -} - -// captureRequestInfo extracts relevant information from the incoming HTTP request. -// It captures the URL, method, headers, and body. The request body is read and then -// restored so that it can be processed by subsequent handlers. -func captureRequestInfo(c *gin.Context, captureBody bool) (*RequestInfo, error) { - // Capture URL with sensitive query parameters masked - maskedQuery := util.MaskSensitiveQuery(c.Request.URL.RawQuery) - url := c.Request.URL.Path - if maskedQuery != "" { - url += "?" + maskedQuery - } - - // Capture method - method := c.Request.Method - - // Capture headers - headers := make(map[string][]string) - for key, values := range c.Request.Header { - headers[key] = values - } - - // Capture request body - var body []byte - if captureBody && c.Request.Body != nil { - // Read the body - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - return nil, err - } - - // Restore the body for the actual request processing - c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes)) - body = bodyBytes - } - - return &RequestInfo{ - URL: url, - Method: method, - Headers: headers, - Body: body, - RequestID: logging.GetGinRequestID(c), - Timestamp: time.Now(), - }, nil -} - -// shouldLogRequest determines whether the request should be logged. -// It skips management endpoints to avoid leaking secrets but allows -// all other routes, including module-provided ones, to honor request-log. -func shouldLogRequest(path string) bool { - if strings.HasPrefix(path, "/v0/management") || strings.HasPrefix(path, "/management") { - return false - } - - if strings.HasPrefix(path, "/api") { - return strings.HasPrefix(path, "/api/provider") - } - - return true -} diff --git a/.worktrees/config/m/config-build/active/internal/api/middleware/request_logging_test.go b/.worktrees/config/m/config-build/active/internal/api/middleware/request_logging_test.go deleted file mode 100644 index c4354678cf..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/middleware/request_logging_test.go +++ /dev/null @@ -1,138 +0,0 @@ -package middleware - -import ( - "io" - "net/http" - "net/url" - "strings" - "testing" -) - -func TestShouldSkipMethodForRequestLogging(t *testing.T) { - tests := []struct { - name string - req *http.Request - skip bool - }{ - { - name: "nil request", - req: nil, - skip: true, - }, - { - name: "post request should not skip", - req: &http.Request{ - Method: http.MethodPost, - URL: &url.URL{Path: "/v1/responses"}, - }, - skip: false, - }, - { - name: "plain get should skip", - req: &http.Request{ - Method: http.MethodGet, - URL: &url.URL{Path: "/v1/models"}, - Header: http.Header{}, - }, - skip: true, - }, - { - name: "responses websocket upgrade should not skip", - req: &http.Request{ - Method: http.MethodGet, - URL: &url.URL{Path: "/v1/responses"}, - Header: http.Header{"Upgrade": []string{"websocket"}}, - }, - skip: false, - }, - { - name: "responses get without upgrade should skip", - req: &http.Request{ - Method: http.MethodGet, - URL: &url.URL{Path: "/v1/responses"}, - Header: http.Header{}, - }, - skip: true, - }, - } - - for i := range tests { - got := shouldSkipMethodForRequestLogging(tests[i].req) - if got != tests[i].skip { - t.Fatalf("%s: got skip=%t, want %t", tests[i].name, got, tests[i].skip) - } - } -} - -func TestShouldCaptureRequestBody(t *testing.T) { - tests := []struct { - name string - loggerEnabled bool - req *http.Request - want bool - }{ - { - name: "logger enabled always captures", - loggerEnabled: true, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("{}")), - ContentLength: -1, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: true, - }, - { - name: "nil request", - loggerEnabled: false, - req: nil, - want: false, - }, - { - name: "small known size json in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("{}")), - ContentLength: 2, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: true, - }, - { - name: "large known size skipped in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("x")), - ContentLength: maxErrorOnlyCapturedRequestBodyBytes + 1, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: false, - }, - { - name: "unknown size skipped in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("x")), - ContentLength: -1, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: false, - }, - { - name: "multipart skipped in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("x")), - ContentLength: 1, - Header: http.Header{"Content-Type": []string{"multipart/form-data; boundary=abc"}}, - }, - want: false, - }, - } - - for i := range tests { - got := shouldCaptureRequestBody(tests[i].loggerEnabled, tests[i].req) - if got != tests[i].want { - t.Fatalf("%s: got %t, want %t", tests[i].name, got, tests[i].want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/middleware/response_writer.go b/.worktrees/config/m/config-build/active/internal/api/middleware/response_writer.go deleted file mode 100644 index 363278ab35..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/middleware/response_writer.go +++ /dev/null @@ -1,428 +0,0 @@ -// Package middleware provides Gin HTTP middleware for the CLI Proxy API server. -// It includes a sophisticated response writer wrapper designed to capture and log request and response data, -// including support for streaming responses, without impacting latency. -package middleware - -import ( - "bytes" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" -) - -const requestBodyOverrideContextKey = "REQUEST_BODY_OVERRIDE" - -// RequestInfo holds essential details of an incoming HTTP request for logging purposes. -type RequestInfo struct { - URL string // URL is the request URL. - Method string // Method is the HTTP method (e.g., GET, POST). - Headers map[string][]string // Headers contains the request headers. - Body []byte // Body is the raw request body. - RequestID string // RequestID is the unique identifier for the request. - Timestamp time.Time // Timestamp is when the request was received. -} - -// ResponseWriterWrapper wraps the standard gin.ResponseWriter to intercept and log response data. -// It is designed to handle both standard and streaming responses, ensuring that logging operations do not block the client response. -type ResponseWriterWrapper struct { - gin.ResponseWriter - body *bytes.Buffer // body is a buffer to store the response body for non-streaming responses. - isStreaming bool // isStreaming indicates whether the response is a streaming type (e.g., text/event-stream). - streamWriter logging.StreamingLogWriter // streamWriter is a writer for handling streaming log entries. - chunkChannel chan []byte // chunkChannel is a channel for asynchronously passing response chunks to the logger. - streamDone chan struct{} // streamDone signals when the streaming goroutine completes. - logger logging.RequestLogger // logger is the instance of the request logger service. - requestInfo *RequestInfo // requestInfo holds the details of the original request. - statusCode int // statusCode stores the HTTP status code of the response. - headers map[string][]string // headers stores the response headers. - logOnErrorOnly bool // logOnErrorOnly enables logging only when an error response is detected. - firstChunkTimestamp time.Time // firstChunkTimestamp captures TTFB for streaming responses. -} - -// NewResponseWriterWrapper creates and initializes a new ResponseWriterWrapper. -// It takes the original gin.ResponseWriter, a logger instance, and request information. -// -// Parameters: -// - w: The original gin.ResponseWriter to wrap. -// - logger: The logging service to use for recording requests. -// - requestInfo: The pre-captured information about the incoming request. -// -// Returns: -// - A pointer to a new ResponseWriterWrapper. -func NewResponseWriterWrapper(w gin.ResponseWriter, logger logging.RequestLogger, requestInfo *RequestInfo) *ResponseWriterWrapper { - return &ResponseWriterWrapper{ - ResponseWriter: w, - body: &bytes.Buffer{}, - logger: logger, - requestInfo: requestInfo, - headers: make(map[string][]string), - } -} - -// Write wraps the underlying ResponseWriter's Write method to capture response data. -// For non-streaming responses, it writes to an internal buffer. For streaming responses, -// it sends data chunks to a non-blocking channel for asynchronous logging. -// CRITICAL: This method prioritizes writing to the client to ensure zero latency, -// handling logging operations subsequently. -func (w *ResponseWriterWrapper) Write(data []byte) (int, error) { - // Ensure headers are captured before first write - // This is critical because Write() may trigger WriteHeader() internally - w.ensureHeadersCaptured() - - // CRITICAL: Write to client first (zero latency) - n, err := w.ResponseWriter.Write(data) - - // THEN: Handle logging based on response type - if w.isStreaming && w.chunkChannel != nil { - // Capture TTFB on first chunk (synchronous, before async channel send) - if w.firstChunkTimestamp.IsZero() { - w.firstChunkTimestamp = time.Now() - } - // For streaming responses: Send to async logging channel (non-blocking) - select { - case w.chunkChannel <- append([]byte(nil), data...): // Non-blocking send with copy - default: // Channel full, skip logging to avoid blocking - } - return n, err - } - - if w.shouldBufferResponseBody() { - w.body.Write(data) - } - - return n, err -} - -func (w *ResponseWriterWrapper) shouldBufferResponseBody() bool { - if w.logger != nil && w.logger.IsEnabled() { - return true - } - if !w.logOnErrorOnly { - return false - } - status := w.statusCode - if status == 0 { - if statusWriter, ok := w.ResponseWriter.(interface{ Status() int }); ok && statusWriter != nil { - status = statusWriter.Status() - } else { - status = http.StatusOK - } - } - return status >= http.StatusBadRequest -} - -// WriteString wraps the underlying ResponseWriter's WriteString method to capture response data. -// Some handlers (and fmt/io helpers) write via io.StringWriter; without this override, those writes -// bypass Write() and would be missing from request logs. -func (w *ResponseWriterWrapper) WriteString(data string) (int, error) { - w.ensureHeadersCaptured() - - // CRITICAL: Write to client first (zero latency) - n, err := w.ResponseWriter.WriteString(data) - - // THEN: Capture for logging - if w.isStreaming && w.chunkChannel != nil { - // Capture TTFB on first chunk (synchronous, before async channel send) - if w.firstChunkTimestamp.IsZero() { - w.firstChunkTimestamp = time.Now() - } - select { - case w.chunkChannel <- []byte(data): - default: - } - return n, err - } - - if w.shouldBufferResponseBody() { - w.body.WriteString(data) - } - return n, err -} - -// WriteHeader wraps the underlying ResponseWriter's WriteHeader method. -// It captures the status code, detects if the response is streaming based on the Content-Type header, -// and initializes the appropriate logging mechanism (standard or streaming). -func (w *ResponseWriterWrapper) WriteHeader(statusCode int) { - w.statusCode = statusCode - - // Capture response headers using the new method - w.captureCurrentHeaders() - - // Detect streaming based on Content-Type - contentType := w.ResponseWriter.Header().Get("Content-Type") - w.isStreaming = w.detectStreaming(contentType) - - // If streaming, initialize streaming log writer - if w.isStreaming && w.logger.IsEnabled() { - streamWriter, err := w.logger.LogStreamingRequest( - w.requestInfo.URL, - w.requestInfo.Method, - w.requestInfo.Headers, - w.requestInfo.Body, - w.requestInfo.RequestID, - ) - if err == nil { - w.streamWriter = streamWriter - w.chunkChannel = make(chan []byte, 100) // Buffered channel for async writes - doneChan := make(chan struct{}) - w.streamDone = doneChan - - // Start async chunk processor - go w.processStreamingChunks(doneChan) - - // Write status immediately - _ = streamWriter.WriteStatus(statusCode, w.headers) - } - } - - // Call original WriteHeader - w.ResponseWriter.WriteHeader(statusCode) -} - -// ensureHeadersCaptured is a helper function to make sure response headers are captured. -// It is safe to call this method multiple times; it will always refresh the headers -// with the latest state from the underlying ResponseWriter. -func (w *ResponseWriterWrapper) ensureHeadersCaptured() { - // Always capture the current headers to ensure we have the latest state - w.captureCurrentHeaders() -} - -// captureCurrentHeaders reads all headers from the underlying ResponseWriter and stores them -// in the wrapper's headers map. It creates copies of the header values to prevent race conditions. -func (w *ResponseWriterWrapper) captureCurrentHeaders() { - // Initialize headers map if needed - if w.headers == nil { - w.headers = make(map[string][]string) - } - - // Capture all current headers from the underlying ResponseWriter - for key, values := range w.ResponseWriter.Header() { - // Make a copy of the values slice to avoid reference issues - headerValues := make([]string, len(values)) - copy(headerValues, values) - w.headers[key] = headerValues - } -} - -// detectStreaming determines if a response should be treated as a streaming response. -// It checks for a "text/event-stream" Content-Type or a '"stream": true' -// field in the original request body. -func (w *ResponseWriterWrapper) detectStreaming(contentType string) bool { - // Check Content-Type for Server-Sent Events - if strings.Contains(contentType, "text/event-stream") { - return true - } - - // If a concrete Content-Type is already set (e.g., application/json for error responses), - // treat it as non-streaming instead of inferring from the request payload. - if strings.TrimSpace(contentType) != "" { - return false - } - - // Only fall back to request payload hints when Content-Type is not set yet. - if w.requestInfo != nil && len(w.requestInfo.Body) > 0 { - return bytes.Contains(w.requestInfo.Body, []byte(`"stream": true`)) || - bytes.Contains(w.requestInfo.Body, []byte(`"stream":true`)) - } - - return false -} - -// processStreamingChunks runs in a separate goroutine to process response chunks from the chunkChannel. -// It asynchronously writes each chunk to the streaming log writer. -func (w *ResponseWriterWrapper) processStreamingChunks(done chan struct{}) { - if done == nil { - return - } - - defer close(done) - - if w.streamWriter == nil || w.chunkChannel == nil { - return - } - - for chunk := range w.chunkChannel { - w.streamWriter.WriteChunkAsync(chunk) - } -} - -// Finalize completes the logging process for the request and response. -// For streaming responses, it closes the chunk channel and the stream writer. -// For non-streaming responses, it logs the complete request and response details, -// including any API-specific request/response data stored in the Gin context. -func (w *ResponseWriterWrapper) Finalize(c *gin.Context) error { - if w.logger == nil { - return nil - } - - finalStatusCode := w.statusCode - if finalStatusCode == 0 { - if statusWriter, ok := w.ResponseWriter.(interface{ Status() int }); ok { - finalStatusCode = statusWriter.Status() - } else { - finalStatusCode = 200 - } - } - - var slicesAPIResponseError []*interfaces.ErrorMessage - apiResponseError, isExist := c.Get("API_RESPONSE_ERROR") - if isExist { - if apiErrors, ok := apiResponseError.([]*interfaces.ErrorMessage); ok { - slicesAPIResponseError = apiErrors - } - } - - hasAPIError := len(slicesAPIResponseError) > 0 || finalStatusCode >= http.StatusBadRequest - forceLog := w.logOnErrorOnly && hasAPIError && !w.logger.IsEnabled() - if !w.logger.IsEnabled() && !forceLog { - return nil - } - - if w.isStreaming && w.streamWriter != nil { - if w.chunkChannel != nil { - close(w.chunkChannel) - w.chunkChannel = nil - } - - if w.streamDone != nil { - <-w.streamDone - w.streamDone = nil - } - - w.streamWriter.SetFirstChunkTimestamp(w.firstChunkTimestamp) - - // Write API Request and Response to the streaming log before closing - apiRequest := w.extractAPIRequest(c) - if len(apiRequest) > 0 { - _ = w.streamWriter.WriteAPIRequest(apiRequest) - } - apiResponse := w.extractAPIResponse(c) - if len(apiResponse) > 0 { - _ = w.streamWriter.WriteAPIResponse(apiResponse) - } - if err := w.streamWriter.Close(); err != nil { - w.streamWriter = nil - return err - } - w.streamWriter = nil - return nil - } - - return w.logRequest(w.extractRequestBody(c), finalStatusCode, w.cloneHeaders(), w.body.Bytes(), w.extractAPIRequest(c), w.extractAPIResponse(c), w.extractAPIResponseTimestamp(c), slicesAPIResponseError, forceLog) -} - -func (w *ResponseWriterWrapper) cloneHeaders() map[string][]string { - w.ensureHeadersCaptured() - - finalHeaders := make(map[string][]string, len(w.headers)) - for key, values := range w.headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - finalHeaders[key] = headerValues - } - - return finalHeaders -} - -func (w *ResponseWriterWrapper) extractAPIRequest(c *gin.Context) []byte { - apiRequest, isExist := c.Get("API_REQUEST") - if !isExist { - return nil - } - data, ok := apiRequest.([]byte) - if !ok || len(data) == 0 { - return nil - } - return data -} - -func (w *ResponseWriterWrapper) extractAPIResponse(c *gin.Context) []byte { - apiResponse, isExist := c.Get("API_RESPONSE") - if !isExist { - return nil - } - data, ok := apiResponse.([]byte) - if !ok || len(data) == 0 { - return nil - } - return data -} - -func (w *ResponseWriterWrapper) extractAPIResponseTimestamp(c *gin.Context) time.Time { - ts, isExist := c.Get("API_RESPONSE_TIMESTAMP") - if !isExist { - return time.Time{} - } - if t, ok := ts.(time.Time); ok { - return t - } - return time.Time{} -} - -func (w *ResponseWriterWrapper) extractRequestBody(c *gin.Context) []byte { - if c != nil { - if bodyOverride, isExist := c.Get(requestBodyOverrideContextKey); isExist { - switch value := bodyOverride.(type) { - case []byte: - if len(value) > 0 { - return bytes.Clone(value) - } - case string: - if strings.TrimSpace(value) != "" { - return []byte(value) - } - } - } - } - if w.requestInfo != nil && len(w.requestInfo.Body) > 0 { - return w.requestInfo.Body - } - return nil -} - -func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, headers map[string][]string, body []byte, apiRequestBody, apiResponseBody []byte, apiResponseTimestamp time.Time, apiResponseErrors []*interfaces.ErrorMessage, forceLog bool) error { - if w.requestInfo == nil { - return nil - } - - if loggerWithOptions, ok := w.logger.(interface { - LogRequestWithOptions(string, string, map[string][]string, []byte, int, map[string][]string, []byte, []byte, []byte, []*interfaces.ErrorMessage, bool, string, time.Time, time.Time) error - }); ok { - return loggerWithOptions.LogRequestWithOptions( - w.requestInfo.URL, - w.requestInfo.Method, - w.requestInfo.Headers, - requestBody, - statusCode, - headers, - body, - apiRequestBody, - apiResponseBody, - apiResponseErrors, - forceLog, - w.requestInfo.RequestID, - w.requestInfo.Timestamp, - apiResponseTimestamp, - ) - } - - return w.logger.LogRequest( - w.requestInfo.URL, - w.requestInfo.Method, - w.requestInfo.Headers, - requestBody, - statusCode, - headers, - body, - apiRequestBody, - apiResponseBody, - apiResponseErrors, - w.requestInfo.RequestID, - w.requestInfo.Timestamp, - apiResponseTimestamp, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/middleware/response_writer_test.go b/.worktrees/config/m/config-build/active/internal/api/middleware/response_writer_test.go deleted file mode 100644 index fa4708e473..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/middleware/response_writer_test.go +++ /dev/null @@ -1,43 +0,0 @@ -package middleware - -import ( - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestExtractRequestBodyPrefersOverride(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - - wrapper := &ResponseWriterWrapper{ - requestInfo: &RequestInfo{Body: []byte("original-body")}, - } - - body := wrapper.extractRequestBody(c) - if string(body) != "original-body" { - t.Fatalf("request body = %q, want %q", string(body), "original-body") - } - - c.Set(requestBodyOverrideContextKey, []byte("override-body")) - body = wrapper.extractRequestBody(c) - if string(body) != "override-body" { - t.Fatalf("request body = %q, want %q", string(body), "override-body") - } -} - -func TestExtractRequestBodySupportsStringOverride(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - - wrapper := &ResponseWriterWrapper{} - c.Set(requestBodyOverrideContextKey, "override-as-string") - - body := wrapper.extractRequestBody(c) - if string(body) != "override-as-string" { - t.Fatalf("request body = %q, want %q", string(body), "override-as-string") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/amp.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/amp.go deleted file mode 100644 index a12733e2a1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/amp.go +++ /dev/null @@ -1,427 +0,0 @@ -// Package amp implements the Amp CLI routing module, providing OAuth-based -// integration with Amp CLI for ChatGPT and Anthropic subscriptions. -package amp - -import ( - "fmt" - "net/http/httputil" - "strings" - "sync" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - log "github.com/sirupsen/logrus" -) - -// Option configures the AmpModule. -type Option func(*AmpModule) - -// AmpModule implements the RouteModuleV2 interface for Amp CLI integration. -// It provides: -// - Reverse proxy to Amp control plane for OAuth/management -// - Provider-specific route aliases (/api/provider/{provider}/...) -// - Automatic gzip decompression for misconfigured upstreams -// - Model mapping for routing unavailable models to alternatives -type AmpModule struct { - secretSource SecretSource - proxy *httputil.ReverseProxy - proxyMu sync.RWMutex // protects proxy for hot-reload - accessManager *sdkaccess.Manager - authMiddleware_ gin.HandlerFunc - modelMapper *DefaultModelMapper - enabled bool - registerOnce sync.Once - - // restrictToLocalhost controls localhost-only access for management routes (hot-reloadable) - restrictToLocalhost bool - restrictMu sync.RWMutex - - // configMu protects lastConfig for partial reload comparison - configMu sync.RWMutex - lastConfig *config.AmpCode -} - -// New creates a new Amp routing module with the given options. -// This is the preferred constructor using the Option pattern. -// -// Example: -// -// ampModule := amp.New( -// amp.WithAccessManager(accessManager), -// amp.WithAuthMiddleware(authMiddleware), -// amp.WithSecretSource(customSecret), -// ) -func New(opts ...Option) *AmpModule { - m := &AmpModule{ - secretSource: nil, // Will be created on demand if not provided - } - for _, opt := range opts { - opt(m) - } - return m -} - -// NewLegacy creates a new Amp routing module using the legacy constructor signature. -// This is provided for backwards compatibility. -// -// DEPRECATED: Use New with options instead. -func NewLegacy(accessManager *sdkaccess.Manager, authMiddleware gin.HandlerFunc) *AmpModule { - return New( - WithAccessManager(accessManager), - WithAuthMiddleware(authMiddleware), - ) -} - -// WithSecretSource sets a custom secret source for the module. -func WithSecretSource(source SecretSource) Option { - return func(m *AmpModule) { - m.secretSource = source - } -} - -// WithAccessManager sets the access manager for the module. -func WithAccessManager(am *sdkaccess.Manager) Option { - return func(m *AmpModule) { - m.accessManager = am - } -} - -// WithAuthMiddleware sets the authentication middleware for provider routes. -func WithAuthMiddleware(middleware gin.HandlerFunc) Option { - return func(m *AmpModule) { - m.authMiddleware_ = middleware - } -} - -// Name returns the module identifier -func (m *AmpModule) Name() string { - return "amp-routing" -} - -// forceModelMappings returns whether model mappings should take precedence over local API keys -func (m *AmpModule) forceModelMappings() bool { - m.configMu.RLock() - defer m.configMu.RUnlock() - if m.lastConfig == nil { - return false - } - return m.lastConfig.ForceModelMappings -} - -// Register sets up Amp routes if configured. -// This implements the RouteModuleV2 interface with Context. -// Routes are registered only once via sync.Once for idempotent behavior. -func (m *AmpModule) Register(ctx modules.Context) error { - settings := ctx.Config.AmpCode - upstreamURL := strings.TrimSpace(settings.UpstreamURL) - - // Determine auth middleware (from module or context) - auth := m.getAuthMiddleware(ctx) - - // Use registerOnce to ensure routes are only registered once - var regErr error - m.registerOnce.Do(func() { - // Initialize model mapper from config (for routing unavailable models to alternatives) - m.modelMapper = NewModelMapper(settings.ModelMappings) - - // Store initial config for partial reload comparison - m.lastConfig = new(settings) - - // Initialize localhost restriction setting (hot-reloadable) - m.setRestrictToLocalhost(settings.RestrictManagementToLocalhost) - - // Always register provider aliases - these work without an upstream - m.registerProviderAliases(ctx.Engine, ctx.BaseHandler, auth) - - // Register management proxy routes once; middleware will gate access when upstream is unavailable. - // Pass auth middleware to require valid API key for all management routes. - m.registerManagementRoutes(ctx.Engine, ctx.BaseHandler, auth) - - // If no upstream URL, skip proxy routes but provider aliases are still available - if upstreamURL == "" { - log.Debug("amp upstream proxy disabled (no upstream URL configured)") - log.Debug("amp provider alias routes registered") - m.enabled = false - return - } - - if err := m.enableUpstreamProxy(upstreamURL, &settings); err != nil { - regErr = fmt.Errorf("failed to create amp proxy: %w", err) - return - } - - log.Debug("amp provider alias routes registered") - }) - - return regErr -} - -// getAuthMiddleware returns the authentication middleware, preferring the -// module's configured middleware, then the context middleware, then a fallback. -func (m *AmpModule) getAuthMiddleware(ctx modules.Context) gin.HandlerFunc { - if m.authMiddleware_ != nil { - return m.authMiddleware_ - } - if ctx.AuthMiddleware != nil { - return ctx.AuthMiddleware - } - // Fallback: no authentication (should not happen in production) - log.Warn("amp module: no auth middleware provided, allowing all requests") - return func(c *gin.Context) { - c.Next() - } -} - -// OnConfigUpdated handles configuration updates with partial reload support. -// Only updates components that have actually changed to avoid unnecessary work. -// Supports hot-reload for: model-mappings, upstream-api-key, upstream-url, restrict-management-to-localhost. -func (m *AmpModule) OnConfigUpdated(cfg *config.Config) error { - newSettings := cfg.AmpCode - - // Get previous config for comparison - m.configMu.RLock() - oldSettings := m.lastConfig - m.configMu.RUnlock() - - if oldSettings != nil && oldSettings.RestrictManagementToLocalhost != newSettings.RestrictManagementToLocalhost { - m.setRestrictToLocalhost(newSettings.RestrictManagementToLocalhost) - } - - newUpstreamURL := strings.TrimSpace(newSettings.UpstreamURL) - oldUpstreamURL := "" - if oldSettings != nil { - oldUpstreamURL = strings.TrimSpace(oldSettings.UpstreamURL) - } - - if !m.enabled && newUpstreamURL != "" { - if err := m.enableUpstreamProxy(newUpstreamURL, &newSettings); err != nil { - log.Errorf("amp config: failed to enable upstream proxy for %s: %v", newUpstreamURL, err) - } - } - - // Check model mappings change - modelMappingsChanged := m.hasModelMappingsChanged(oldSettings, &newSettings) - if modelMappingsChanged { - if m.modelMapper != nil { - m.modelMapper.UpdateMappings(newSettings.ModelMappings) - } else if m.enabled { - log.Warnf("amp model mapper not initialized, skipping model mapping update") - } - } - - if m.enabled { - // Check upstream URL change - now supports hot-reload - if newUpstreamURL == "" && oldUpstreamURL != "" { - m.setProxy(nil) - m.enabled = false - } else if oldUpstreamURL != "" && newUpstreamURL != oldUpstreamURL && newUpstreamURL != "" { - // Recreate proxy with new URL - proxy, err := createReverseProxy(newUpstreamURL, m.secretSource) - if err != nil { - log.Errorf("amp config: failed to create proxy for new upstream URL %s: %v", newUpstreamURL, err) - } else { - m.setProxy(proxy) - } - } - - // Check API key change (both default and per-client mappings) - apiKeyChanged := m.hasAPIKeyChanged(oldSettings, &newSettings) - upstreamAPIKeysChanged := m.hasUpstreamAPIKeysChanged(oldSettings, &newSettings) - if apiKeyChanged || upstreamAPIKeysChanged { - if m.secretSource != nil { - if ms, ok := m.secretSource.(*MappedSecretSource); ok { - if apiKeyChanged { - ms.UpdateDefaultExplicitKey(newSettings.UpstreamAPIKey) - ms.InvalidateCache() - } - if upstreamAPIKeysChanged { - ms.UpdateMappings(newSettings.UpstreamAPIKeys) - } - } else if ms, ok := m.secretSource.(*MultiSourceSecret); ok { - ms.UpdateExplicitKey(newSettings.UpstreamAPIKey) - ms.InvalidateCache() - } - } - } - - } - - // Store current config for next comparison - m.configMu.Lock() - settingsCopy := newSettings // copy struct - m.lastConfig = &settingsCopy - m.configMu.Unlock() - - return nil -} - -func (m *AmpModule) enableUpstreamProxy(upstreamURL string, settings *config.AmpCode) error { - if m.secretSource == nil { - // Create MultiSourceSecret as the default source, then wrap with MappedSecretSource - defaultSource := NewMultiSourceSecret(settings.UpstreamAPIKey, 0 /* default 5min */) - mappedSource := NewMappedSecretSource(defaultSource) - mappedSource.UpdateMappings(settings.UpstreamAPIKeys) - m.secretSource = mappedSource - } else if ms, ok := m.secretSource.(*MappedSecretSource); ok { - ms.UpdateDefaultExplicitKey(settings.UpstreamAPIKey) - ms.InvalidateCache() - ms.UpdateMappings(settings.UpstreamAPIKeys) - } else if ms, ok := m.secretSource.(*MultiSourceSecret); ok { - // Legacy path: wrap existing MultiSourceSecret with MappedSecretSource - ms.UpdateExplicitKey(settings.UpstreamAPIKey) - ms.InvalidateCache() - mappedSource := NewMappedSecretSource(ms) - mappedSource.UpdateMappings(settings.UpstreamAPIKeys) - m.secretSource = mappedSource - } - - proxy, err := createReverseProxy(upstreamURL, m.secretSource) - if err != nil { - return err - } - - m.setProxy(proxy) - m.enabled = true - - log.Infof("amp upstream proxy enabled for: %s", upstreamURL) - return nil -} - -// hasModelMappingsChanged compares old and new model mappings. -func (m *AmpModule) hasModelMappingsChanged(old *config.AmpCode, new *config.AmpCode) bool { - if old == nil { - return len(new.ModelMappings) > 0 - } - - if len(old.ModelMappings) != len(new.ModelMappings) { - return true - } - - // Build map for efficient and robust comparison - type mappingInfo struct { - to string - regex bool - } - oldMap := make(map[string]mappingInfo, len(old.ModelMappings)) - for _, mapping := range old.ModelMappings { - oldMap[strings.TrimSpace(mapping.From)] = mappingInfo{ - to: strings.TrimSpace(mapping.To), - regex: mapping.Regex, - } - } - - for _, mapping := range new.ModelMappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if oldVal, exists := oldMap[from]; !exists || oldVal.to != to || oldVal.regex != mapping.Regex { - return true - } - } - - return false -} - -// hasAPIKeyChanged compares old and new API keys. -func (m *AmpModule) hasAPIKeyChanged(old *config.AmpCode, new *config.AmpCode) bool { - oldKey := "" - if old != nil { - oldKey = strings.TrimSpace(old.UpstreamAPIKey) - } - newKey := strings.TrimSpace(new.UpstreamAPIKey) - return oldKey != newKey -} - -// hasUpstreamAPIKeysChanged compares old and new per-client upstream API key mappings. -func (m *AmpModule) hasUpstreamAPIKeysChanged(old *config.AmpCode, new *config.AmpCode) bool { - if old == nil { - return len(new.UpstreamAPIKeys) > 0 - } - - if len(old.UpstreamAPIKeys) != len(new.UpstreamAPIKeys) { - return true - } - - // Build map for comparison: upstreamKey -> set of clientKeys - type entryInfo struct { - upstreamKey string - clientKeys map[string]struct{} - } - oldEntries := make([]entryInfo, len(old.UpstreamAPIKeys)) - for i, entry := range old.UpstreamAPIKeys { - clientKeys := make(map[string]struct{}, len(entry.APIKeys)) - for _, k := range entry.APIKeys { - trimmed := strings.TrimSpace(k) - if trimmed == "" { - continue - } - clientKeys[trimmed] = struct{}{} - } - oldEntries[i] = entryInfo{ - upstreamKey: strings.TrimSpace(entry.UpstreamAPIKey), - clientKeys: clientKeys, - } - } - - for i, newEntry := range new.UpstreamAPIKeys { - if i >= len(oldEntries) { - return true - } - oldE := oldEntries[i] - if strings.TrimSpace(newEntry.UpstreamAPIKey) != oldE.upstreamKey { - return true - } - newKeys := make(map[string]struct{}, len(newEntry.APIKeys)) - for _, k := range newEntry.APIKeys { - trimmed := strings.TrimSpace(k) - if trimmed == "" { - continue - } - newKeys[trimmed] = struct{}{} - } - if len(newKeys) != len(oldE.clientKeys) { - return true - } - for k := range newKeys { - if _, ok := oldE.clientKeys[k]; !ok { - return true - } - } - } - - return false -} - -// GetModelMapper returns the model mapper instance (for testing/debugging). -func (m *AmpModule) GetModelMapper() *DefaultModelMapper { - return m.modelMapper -} - -// getProxy returns the current proxy instance (thread-safe for hot-reload). -func (m *AmpModule) getProxy() *httputil.ReverseProxy { - m.proxyMu.RLock() - defer m.proxyMu.RUnlock() - return m.proxy -} - -// setProxy updates the proxy instance (thread-safe for hot-reload). -func (m *AmpModule) setProxy(proxy *httputil.ReverseProxy) { - m.proxyMu.Lock() - defer m.proxyMu.Unlock() - m.proxy = proxy -} - -// IsRestrictedToLocalhost returns whether management routes are restricted to localhost. -func (m *AmpModule) IsRestrictedToLocalhost() bool { - m.restrictMu.RLock() - defer m.restrictMu.RUnlock() - return m.restrictToLocalhost -} - -// setRestrictToLocalhost updates the localhost restriction setting. -func (m *AmpModule) setRestrictToLocalhost(restrict bool) { - m.restrictMu.Lock() - defer m.restrictMu.Unlock() - m.restrictToLocalhost = restrict -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/amp_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/amp_test.go deleted file mode 100644 index 430c4b62a7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/amp_test.go +++ /dev/null @@ -1,352 +0,0 @@ -package amp - -import ( - "context" - "net/http/httptest" - "os" - "path/filepath" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" -) - -func TestAmpModule_Name(t *testing.T) { - m := New() - if m.Name() != "amp-routing" { - t.Fatalf("want amp-routing, got %s", m.Name()) - } -} - -func TestAmpModule_New(t *testing.T) { - accessManager := sdkaccess.NewManager() - authMiddleware := func(c *gin.Context) { c.Next() } - - m := NewLegacy(accessManager, authMiddleware) - - if m.accessManager != accessManager { - t.Fatal("accessManager not set") - } - if m.authMiddleware_ == nil { - t.Fatal("authMiddleware not set") - } - if m.enabled { - t.Fatal("enabled should be false initially") - } - if m.proxy != nil { - t.Fatal("proxy should be nil initially") - } -} - -func TestAmpModule_Register_WithUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Fake upstream to ensure URL is valid - upstream := httptest.NewServer(nil) - defer upstream.Close() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: upstream.URL, - UpstreamAPIKey: "test-key", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register error: %v", err) - } - - if !m.enabled { - t.Fatal("module should be enabled with upstream URL") - } - if m.proxy == nil { - t.Fatal("proxy should be initialized") - } - if m.secretSource == nil { - t.Fatal("secretSource should be initialized") - } -} - -func TestAmpModule_Register_WithoutUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "", // No upstream - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register should not error without upstream: %v", err) - } - - if m.enabled { - t.Fatal("module should be disabled without upstream URL") - } - if m.proxy != nil { - t.Fatal("proxy should not be initialized without upstream") - } - - // But provider aliases should still be registered - req := httptest.NewRequest("GET", "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == 404 { - t.Fatal("provider aliases should be registered even without upstream") - } -} - -func TestAmpModule_Register_InvalidUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "://invalid-url", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err == nil { - t.Fatal("expected error for invalid upstream URL") - } -} - -func TestAmpModule_OnConfigUpdated_CacheInvalidation(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v1"}`), 0600); err != nil { - t.Fatal(err) - } - - m := &AmpModule{enabled: true} - ms := NewMultiSourceSecretWithPath("", p, time.Minute) - m.secretSource = ms - m.lastConfig = &config.AmpCode{ - UpstreamAPIKey: "old-key", - } - - // Warm the cache - if _, err := ms.Get(context.Background()); err != nil { - t.Fatal(err) - } - - if ms.cache == nil { - t.Fatal("expected cache to be set") - } - - // Update config - should invalidate cache - if err := m.OnConfigUpdated(&config.Config{AmpCode: config.AmpCode{UpstreamURL: "http://x", UpstreamAPIKey: "new-key"}}); err != nil { - t.Fatal(err) - } - - if ms.cache != nil { - t.Fatal("expected cache to be invalidated") - } -} - -func TestAmpModule_OnConfigUpdated_NotEnabled(t *testing.T) { - m := &AmpModule{enabled: false} - - // Should not error or panic when disabled - if err := m.OnConfigUpdated(&config.Config{}); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_OnConfigUpdated_URLRemoved(t *testing.T) { - m := &AmpModule{enabled: true} - ms := NewMultiSourceSecret("", 0) - m.secretSource = ms - - // Config update with empty URL - should log warning but not error - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: ""}} - - if err := m.OnConfigUpdated(cfg); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_OnConfigUpdated_NonMultiSourceSecret(t *testing.T) { - // Test that OnConfigUpdated doesn't panic with StaticSecretSource - m := &AmpModule{enabled: true} - m.secretSource = NewStaticSecretSource("static-key") - - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: "http://example.com"}} - - // Should not error or panic - if err := m.OnConfigUpdated(cfg); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_AuthMiddleware_Fallback(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with no auth middleware - m := &AmpModule{authMiddleware_: nil} - - // Get the fallback middleware via getAuthMiddleware - ctx := modules.Context{Engine: r, AuthMiddleware: nil} - middleware := m.getAuthMiddleware(ctx) - - if middleware == nil { - t.Fatal("getAuthMiddleware should return a fallback, not nil") - } - - // Test that it works - called := false - r.GET("/test", middleware, func(c *gin.Context) { - called = true - c.String(200, "ok") - }) - - req := httptest.NewRequest("GET", "/test", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if !called { - t.Fatal("fallback middleware should allow requests through") - } -} - -func TestAmpModule_SecretSource_FromConfig(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - upstream := httptest.NewServer(nil) - defer upstream.Close() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - // Config with explicit API key - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: upstream.URL, - UpstreamAPIKey: "config-key", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register error: %v", err) - } - - // Secret source should be MultiSourceSecret with config key - if m.secretSource == nil { - t.Fatal("secretSource should be set") - } - - // Verify it returns the config key - key, err := m.secretSource.Get(context.Background()) - if err != nil { - t.Fatalf("Get error: %v", err) - } - if key != "config-key" { - t.Fatalf("want config-key, got %s", key) - } -} - -func TestAmpModule_ProviderAliasesAlwaysRegistered(t *testing.T) { - gin.SetMode(gin.TestMode) - - scenarios := []struct { - name string - configURL string - }{ - {"with_upstream", "http://example.com"}, - {"without_upstream", ""}, - } - - for _, scenario := range scenarios { - t.Run(scenario.name, func(t *testing.T) { - r := gin.New() - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: scenario.configURL}} - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil && scenario.configURL != "" { - t.Fatalf("register error: %v", err) - } - - // Provider aliases should always be available - req := httptest.NewRequest("GET", "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == 404 { - t.Fatal("provider aliases should be registered") - } - }) - } -} - -func TestAmpModule_hasUpstreamAPIKeysChanged_DetectsRemovedKeyWithDuplicateInput(t *testing.T) { - m := &AmpModule{} - - oldCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k2"}}, - }, - } - newCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k1"}}, - }, - } - - if !m.hasUpstreamAPIKeysChanged(oldCfg, newCfg) { - t.Fatal("expected change to be detected when k2 is removed but new list contains duplicates") - } -} - -func TestAmpModule_hasUpstreamAPIKeysChanged_IgnoresEmptyAndWhitespaceKeys(t *testing.T) { - m := &AmpModule{} - - oldCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k2"}}, - }, - } - newCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{" k1 ", "", "k2", " "}}, - }, - } - - if m.hasUpstreamAPIKeysChanged(oldCfg, newCfg) { - t.Fatal("expected no change when only whitespace/empty entries differ") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers.go deleted file mode 100644 index 7d7f7f5f28..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers.go +++ /dev/null @@ -1,331 +0,0 @@ -package amp - -import ( - "bytes" - "io" - "net/http/httputil" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AmpRouteType represents the type of routing decision made for an Amp request -type AmpRouteType string - -const ( - // RouteTypeLocalProvider indicates the request is handled by a local OAuth provider (free) - RouteTypeLocalProvider AmpRouteType = "LOCAL_PROVIDER" - // RouteTypeModelMapping indicates the request was remapped to another available model (free) - RouteTypeModelMapping AmpRouteType = "MODEL_MAPPING" - // RouteTypeAmpCredits indicates the request is forwarded to ampcode.com (uses Amp credits) - RouteTypeAmpCredits AmpRouteType = "AMP_CREDITS" - // RouteTypeNoProvider indicates no provider or fallback available - RouteTypeNoProvider AmpRouteType = "NO_PROVIDER" -) - -// MappedModelContextKey is the Gin context key for passing mapped model names. -const MappedModelContextKey = "mapped_model" - -// logAmpRouting logs the routing decision for an Amp request with structured fields -func logAmpRouting(routeType AmpRouteType, requestedModel, resolvedModel, provider, path string) { - fields := log.Fields{ - "component": "amp-routing", - "route_type": string(routeType), - "requested_model": requestedModel, - "path": path, - "timestamp": time.Now().Format(time.RFC3339), - } - - if resolvedModel != "" && resolvedModel != requestedModel { - fields["resolved_model"] = resolvedModel - } - if provider != "" { - fields["provider"] = provider - } - - switch routeType { - case RouteTypeLocalProvider: - fields["cost"] = "free" - fields["source"] = "local_oauth" - log.WithFields(fields).Debugf("amp using local provider for model: %s", requestedModel) - - case RouteTypeModelMapping: - fields["cost"] = "free" - fields["source"] = "local_oauth" - fields["mapping"] = requestedModel + " -> " + resolvedModel - // model mapping already logged in mapper; avoid duplicate here - - case RouteTypeAmpCredits: - fields["cost"] = "amp_credits" - fields["source"] = "ampcode.com" - fields["model_id"] = requestedModel // Explicit model_id for easy config reference - log.WithFields(fields).Warnf("forwarding to ampcode.com (uses amp credits) - model_id: %s | To use local provider, add to config: ampcode.model-mappings: [{from: \"%s\", to: \"\"}]", requestedModel, requestedModel) - - case RouteTypeNoProvider: - fields["cost"] = "none" - fields["source"] = "error" - fields["model_id"] = requestedModel // Explicit model_id for easy config reference - log.WithFields(fields).Warnf("no provider available for model_id: %s", requestedModel) - } -} - -// FallbackHandler wraps a standard handler with fallback logic to ampcode.com -// when the model's provider is not available in CLIProxyAPI -type FallbackHandler struct { - getProxy func() *httputil.ReverseProxy - modelMapper ModelMapper - forceModelMappings func() bool -} - -// NewFallbackHandler creates a new fallback handler wrapper -// The getProxy function allows lazy evaluation of the proxy (useful when proxy is created after routes) -func NewFallbackHandler(getProxy func() *httputil.ReverseProxy) *FallbackHandler { - return &FallbackHandler{ - getProxy: getProxy, - forceModelMappings: func() bool { return false }, - } -} - -// NewFallbackHandlerWithMapper creates a new fallback handler with model mapping support -func NewFallbackHandlerWithMapper(getProxy func() *httputil.ReverseProxy, mapper ModelMapper, forceModelMappings func() bool) *FallbackHandler { - if forceModelMappings == nil { - forceModelMappings = func() bool { return false } - } - return &FallbackHandler{ - getProxy: getProxy, - modelMapper: mapper, - forceModelMappings: forceModelMappings, - } -} - -// SetModelMapper sets the model mapper for this handler (allows late binding) -func (fh *FallbackHandler) SetModelMapper(mapper ModelMapper) { - fh.modelMapper = mapper -} - -// WrapHandler wraps a gin.HandlerFunc with fallback logic -// If the model's provider is not configured in CLIProxyAPI, it forwards to ampcode.com -func (fh *FallbackHandler) WrapHandler(handler gin.HandlerFunc) gin.HandlerFunc { - return func(c *gin.Context) { - requestPath := c.Request.URL.Path - - // Read the request body to extract the model name - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - log.Errorf("amp fallback: failed to read request body: %v", err) - handler(c) - return - } - - // Restore the body for the handler to read - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - - // Try to extract model from request body or URL path (for Gemini) - modelName := extractModelFromRequest(bodyBytes, c) - if modelName == "" { - // Can't determine model, proceed with normal handler - handler(c) - return - } - - // Normalize model (handles dynamic thinking suffixes) - suffixResult := thinking.ParseSuffix(modelName) - normalizedModel := suffixResult.ModelName - thinkingSuffix := "" - if suffixResult.HasSuffix { - thinkingSuffix = "(" + suffixResult.RawSuffix + ")" - } - - resolveMappedModel := func() (string, []string) { - if fh.modelMapper == nil { - return "", nil - } - - mappedModel := fh.modelMapper.MapModel(modelName) - if mappedModel == "" { - mappedModel = fh.modelMapper.MapModel(normalizedModel) - } - mappedModel = strings.TrimSpace(mappedModel) - if mappedModel == "" { - return "", nil - } - - // Preserve dynamic thinking suffix (e.g. "(xhigh)") when mapping applies, unless the target - // already specifies its own thinking suffix. - if thinkingSuffix != "" { - mappedSuffixResult := thinking.ParseSuffix(mappedModel) - if !mappedSuffixResult.HasSuffix { - mappedModel += thinkingSuffix - } - } - - mappedBaseModel := thinking.ParseSuffix(mappedModel).ModelName - mappedProviders := util.GetProviderName(mappedBaseModel) - if len(mappedProviders) == 0 { - return "", nil - } - - return mappedModel, mappedProviders - } - - // Track resolved model for logging (may change if mapping is applied) - resolvedModel := normalizedModel - usedMapping := false - var providers []string - - // Check if model mappings should be forced ahead of local API keys - forceMappings := fh.forceModelMappings != nil && fh.forceModelMappings() - - if forceMappings { - // FORCE MODE: Check model mappings FIRST (takes precedence over local API keys) - // This allows users to route Amp requests to their preferred OAuth providers - if mappedModel, mappedProviders := resolveMappedModel(); mappedModel != "" { - // Mapping found and provider available - rewrite the model in request body - bodyBytes = rewriteModelInRequest(bodyBytes, mappedModel) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - // Store mapped model in context for handlers that check it (like gemini bridge) - c.Set(MappedModelContextKey, mappedModel) - resolvedModel = mappedModel - usedMapping = true - providers = mappedProviders - } - - // If no mapping applied, check for local providers - if !usedMapping { - providers = util.GetProviderName(normalizedModel) - } - } else { - // DEFAULT MODE: Check local providers first, then mappings as fallback - providers = util.GetProviderName(normalizedModel) - - if len(providers) == 0 { - // No providers configured - check if we have a model mapping - if mappedModel, mappedProviders := resolveMappedModel(); mappedModel != "" { - // Mapping found and provider available - rewrite the model in request body - bodyBytes = rewriteModelInRequest(bodyBytes, mappedModel) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - // Store mapped model in context for handlers that check it (like gemini bridge) - c.Set(MappedModelContextKey, mappedModel) - resolvedModel = mappedModel - usedMapping = true - providers = mappedProviders - } - } - } - - // If no providers available, fallback to ampcode.com - if len(providers) == 0 { - proxy := fh.getProxy() - if proxy != nil { - // Log: Forwarding to ampcode.com (uses Amp credits) - logAmpRouting(RouteTypeAmpCredits, modelName, "", "", requestPath) - - // Restore body again for the proxy - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - - // Forward to ampcode.com - proxy.ServeHTTP(c.Writer, c.Request) - return - } - - // No proxy available, let the normal handler return the error - logAmpRouting(RouteTypeNoProvider, modelName, "", "", requestPath) - } - - // Log the routing decision - providerName := "" - if len(providers) > 0 { - providerName = providers[0] - } - - if usedMapping { - // Log: Model was mapped to another model - log.Debugf("amp model mapping: request %s -> %s", normalizedModel, resolvedModel) - logAmpRouting(RouteTypeModelMapping, modelName, resolvedModel, providerName, requestPath) - rewriter := NewResponseRewriter(c.Writer, modelName) - c.Writer = rewriter - // Filter Anthropic-Beta header only for local handling paths - filterAntropicBetaHeader(c) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - rewriter.Flush() - log.Debugf("amp model mapping: response %s -> %s", resolvedModel, modelName) - } else if len(providers) > 0 { - // Log: Using local provider (free) - logAmpRouting(RouteTypeLocalProvider, modelName, resolvedModel, providerName, requestPath) - // Filter Anthropic-Beta header only for local handling paths - filterAntropicBetaHeader(c) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - } else { - // No provider, no mapping, no proxy: fall back to the wrapped handler so it can return an error response - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - } - } -} - -// filterAntropicBetaHeader filters Anthropic-Beta header to remove features requiring special subscription -// This is needed when using local providers (bypassing the Amp proxy) -func filterAntropicBetaHeader(c *gin.Context) { - if betaHeader := c.Request.Header.Get("Anthropic-Beta"); betaHeader != "" { - if filtered := filterBetaFeatures(betaHeader, "context-1m-2025-08-07"); filtered != "" { - c.Request.Header.Set("Anthropic-Beta", filtered) - } else { - c.Request.Header.Del("Anthropic-Beta") - } - } -} - -// rewriteModelInRequest replaces the model name in a JSON request body -func rewriteModelInRequest(body []byte, newModel string) []byte { - if !gjson.GetBytes(body, "model").Exists() { - return body - } - result, err := sjson.SetBytes(body, "model", newModel) - if err != nil { - log.Warnf("amp model mapping: failed to rewrite model in request body: %v", err) - return body - } - return result -} - -// extractModelFromRequest attempts to extract the model name from various request formats -func extractModelFromRequest(body []byte, c *gin.Context) string { - // First try to parse from JSON body (OpenAI, Claude, etc.) - // Check common model field names - if result := gjson.GetBytes(body, "model"); result.Exists() && result.Type == gjson.String { - return result.String() - } - - // For Gemini requests, model is in the URL path - // Standard format: /models/{model}:generateContent -> :action parameter - if action := c.Param("action"); action != "" { - // Split by colon to get model name (e.g., "gemini-pro:generateContent" -> "gemini-pro") - parts := strings.Split(action, ":") - if len(parts) > 0 && parts[0] != "" { - return parts[0] - } - } - - // AMP CLI format: /publishers/google/models/{model}:method -> *path parameter - // Example: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent - if path := c.Param("path"); path != "" { - // Look for /models/{model}:method pattern - if idx := strings.Index(path, "/models/"); idx >= 0 { - modelPart := path[idx+8:] // Skip "/models/" - // Split by colon to get model name - if colonIdx := strings.Index(modelPart, ":"); colonIdx > 0 { - return modelPart[:colonIdx] - } - } - } - - return "" -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers_test.go deleted file mode 100644 index a687fd116b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/fallback_handlers_test.go +++ /dev/null @@ -1,73 +0,0 @@ -package amp - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "net/http/httputil" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" -) - -func TestFallbackHandler_ModelMapping_PreservesThinkingSuffixAndRewritesResponse(t *testing.T) { - gin.SetMode(gin.TestMode) - - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-amp-fallback", "codex", []*registry.ModelInfo{ - {ID: "test/gpt-5.2", OwnedBy: "openai", Type: "codex"}, - }) - defer reg.UnregisterClient("test-client-amp-fallback") - - mapper := NewModelMapper([]config.AmpModelMapping{ - {From: "gpt-5.2", To: "test/gpt-5.2"}, - }) - - fallback := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { return nil }, mapper, nil) - - handler := func(c *gin.Context) { - var req struct { - Model string `json:"model"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "model": req.Model, - "seen_model": req.Model, - }) - } - - r := gin.New() - r.POST("/chat/completions", fallback.WrapHandler(handler)) - - reqBody := []byte(`{"model":"gpt-5.2(xhigh)"}`) - req := httptest.NewRequest(http.MethodPost, "/chat/completions", bytes.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("Expected status 200, got %d", w.Code) - } - - var resp struct { - Model string `json:"model"` - SeenModel string `json:"seen_model"` - } - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("Failed to parse response JSON: %v", err) - } - - if resp.Model != "gpt-5.2(xhigh)" { - t.Errorf("Expected response model gpt-5.2(xhigh), got %s", resp.Model) - } - if resp.SeenModel != "test/gpt-5.2(xhigh)" { - t.Errorf("Expected handler to see test/gpt-5.2(xhigh), got %s", resp.SeenModel) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge.go deleted file mode 100644 index d6ad8f797f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge.go +++ /dev/null @@ -1,59 +0,0 @@ -package amp - -import ( - "strings" - - "github.com/gin-gonic/gin" -) - -// createGeminiBridgeHandler creates a handler that bridges AMP CLI's non-standard Gemini paths -// to our standard Gemini handler by rewriting the request context. -// -// AMP CLI format: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent -// Standard format: /models/gemini-3-pro-preview:streamGenerateContent -// -// This extracts the model+method from the AMP path and sets it as the :action parameter -// so the standard Gemini handler can process it. -// -// The handler parameter should be a Gemini-compatible handler that expects the :action param. -func createGeminiBridgeHandler(handler gin.HandlerFunc) gin.HandlerFunc { - return func(c *gin.Context) { - // Get the full path from the catch-all parameter - path := c.Param("path") - - // Extract model:method from AMP CLI path format - // Example: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent - const modelsPrefix = "/models/" - if idx := strings.Index(path, modelsPrefix); idx >= 0 { - // Extract everything after modelsPrefix - actionPart := path[idx+len(modelsPrefix):] - - // Check if model was mapped by FallbackHandler - if mappedModel, exists := c.Get(MappedModelContextKey); exists { - if strModel, ok := mappedModel.(string); ok && strModel != "" { - // Replace the model part in the action - // actionPart is like "model-name:method" - if colonIdx := strings.Index(actionPart, ":"); colonIdx > 0 { - method := actionPart[colonIdx:] // ":method" - actionPart = strModel + method - } - } - } - - // Set this as the :action parameter that the Gemini handler expects - c.Params = append(c.Params, gin.Param{ - Key: "action", - Value: actionPart, - }) - - // Call the handler - handler(c) - return - } - - // If we can't parse the path, return 400 - c.JSON(400, gin.H{ - "error": "Invalid Gemini API path format", - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge_test.go deleted file mode 100644 index 347456c383..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/gemini_bridge_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package amp - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestCreateGeminiBridgeHandler_ActionParameterExtraction(t *testing.T) { - gin.SetMode(gin.TestMode) - - tests := []struct { - name string - path string - mappedModel string // empty string means no mapping - expectedAction string - }{ - { - name: "no_mapping_uses_url_model", - path: "/publishers/google/models/gemini-pro:generateContent", - mappedModel: "", - expectedAction: "gemini-pro:generateContent", - }, - { - name: "mapped_model_replaces_url_model", - path: "/publishers/google/models/gemini-exp:generateContent", - mappedModel: "gemini-2.0-flash", - expectedAction: "gemini-2.0-flash:generateContent", - }, - { - name: "mapping_preserves_method", - path: "/publishers/google/models/gemini-2.5-preview:streamGenerateContent", - mappedModel: "gemini-flash", - expectedAction: "gemini-flash:streamGenerateContent", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - var capturedAction string - - mockGeminiHandler := func(c *gin.Context) { - capturedAction = c.Param("action") - c.JSON(http.StatusOK, gin.H{"captured": capturedAction}) - } - - // Use the actual createGeminiBridgeHandler function - bridgeHandler := createGeminiBridgeHandler(mockGeminiHandler) - - r := gin.New() - if tt.mappedModel != "" { - r.Use(func(c *gin.Context) { - c.Set(MappedModelContextKey, tt.mappedModel) - c.Next() - }) - } - r.POST("/api/provider/google/v1beta1/*path", bridgeHandler) - - req := httptest.NewRequest(http.MethodPost, "/api/provider/google/v1beta1"+tt.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("Expected status 200, got %d", w.Code) - } - if capturedAction != tt.expectedAction { - t.Errorf("Expected action '%s', got '%s'", tt.expectedAction, capturedAction) - } - }) - } -} - -func TestCreateGeminiBridgeHandler_InvalidPath(t *testing.T) { - gin.SetMode(gin.TestMode) - - mockHandler := func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{"ok": true}) - } - bridgeHandler := createGeminiBridgeHandler(mockHandler) - - r := gin.New() - r.POST("/api/provider/google/v1beta1/*path", bridgeHandler) - - req := httptest.NewRequest(http.MethodPost, "/api/provider/google/v1beta1/invalid/path", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusBadRequest { - t.Errorf("Expected status 400 for invalid path, got %d", w.Code) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping.go deleted file mode 100644 index 4159a2b576..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping.go +++ /dev/null @@ -1,171 +0,0 @@ -// Package amp provides model mapping functionality for routing Amp CLI requests -// to alternative models when the requested model is not available locally. -package amp - -import ( - "regexp" - "strings" - "sync" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// ModelMapper provides model name mapping/aliasing for Amp CLI requests. -// When an Amp request comes in for a model that isn't available locally, -// this mapper can redirect it to an alternative model that IS available. -type ModelMapper interface { - // MapModel returns the target model name if a mapping exists and the target - // model has available providers. Returns empty string if no mapping applies. - MapModel(requestedModel string) string - - // UpdateMappings refreshes the mapping configuration (for hot-reload). - UpdateMappings(mappings []config.AmpModelMapping) -} - -// DefaultModelMapper implements ModelMapper with thread-safe mapping storage. -type DefaultModelMapper struct { - mu sync.RWMutex - mappings map[string]string // exact: from -> to (normalized lowercase keys) - regexps []regexMapping // regex rules evaluated in order -} - -// NewModelMapper creates a new model mapper with the given initial mappings. -func NewModelMapper(mappings []config.AmpModelMapping) *DefaultModelMapper { - m := &DefaultModelMapper{ - mappings: make(map[string]string), - regexps: nil, - } - m.UpdateMappings(mappings) - return m -} - -// MapModel checks if a mapping exists for the requested model and if the -// target model has available local providers. Returns the mapped model name -// or empty string if no valid mapping exists. -// -// If the requested model contains a thinking suffix (e.g., "g25p(8192)"), -// the suffix is preserved in the returned model name (e.g., "gemini-2.5-pro(8192)"). -// However, if the mapping target already contains a suffix, the config suffix -// takes priority over the user's suffix. -func (m *DefaultModelMapper) MapModel(requestedModel string) string { - if requestedModel == "" { - return "" - } - - m.mu.RLock() - defer m.mu.RUnlock() - - // Extract thinking suffix from requested model using ParseSuffix - requestResult := thinking.ParseSuffix(requestedModel) - baseModel := requestResult.ModelName - - // Normalize the base model for lookup (case-insensitive) - normalizedBase := strings.ToLower(strings.TrimSpace(baseModel)) - - // Check for direct mapping using base model name - targetModel, exists := m.mappings[normalizedBase] - if !exists { - // Try regex mappings in order using base model only - // (suffix is handled separately via ParseSuffix) - for _, rm := range m.regexps { - if rm.re.MatchString(baseModel) { - targetModel = rm.to - exists = true - break - } - } - if !exists { - return "" - } - } - - // Check if target model already has a thinking suffix (config priority) - targetResult := thinking.ParseSuffix(targetModel) - - // Verify target model has available providers (use base model for lookup) - providers := util.GetProviderName(targetResult.ModelName) - if len(providers) == 0 { - log.Debugf("amp model mapping: target model %s has no available providers, skipping mapping", targetModel) - return "" - } - - // Suffix handling: config suffix takes priority, otherwise preserve user suffix - if targetResult.HasSuffix { - // Config's "to" already contains a suffix - use it as-is (config priority) - return targetModel - } - - // Preserve user's thinking suffix on the mapped model - // (skip empty suffixes to avoid returning "model()") - if requestResult.HasSuffix && requestResult.RawSuffix != "" { - return targetModel + "(" + requestResult.RawSuffix + ")" - } - - // Note: Detailed routing log is handled by logAmpRouting in fallback_handlers.go - return targetModel -} - -// UpdateMappings refreshes the mapping configuration from config. -// This is called during initialization and on config hot-reload. -func (m *DefaultModelMapper) UpdateMappings(mappings []config.AmpModelMapping) { - m.mu.Lock() - defer m.mu.Unlock() - - // Clear and rebuild mappings - m.mappings = make(map[string]string, len(mappings)) - m.regexps = make([]regexMapping, 0, len(mappings)) - - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - - if from == "" || to == "" { - log.Warnf("amp model mapping: skipping invalid mapping (from=%q, to=%q)", from, to) - continue - } - - if mapping.Regex { - // Compile case-insensitive regex; wrap with (?i) to match behavior of exact lookups - pattern := "(?i)" + from - re, err := regexp.Compile(pattern) - if err != nil { - log.Warnf("amp model mapping: invalid regex %q: %v", from, err) - continue - } - m.regexps = append(m.regexps, regexMapping{re: re, to: to}) - log.Debugf("amp model regex mapping registered: /%s/ -> %s", from, to) - } else { - // Store with normalized lowercase key for case-insensitive lookup - normalizedFrom := strings.ToLower(from) - m.mappings[normalizedFrom] = to - log.Debugf("amp model mapping registered: %s -> %s", from, to) - } - } - - if len(m.mappings) > 0 { - log.Infof("amp model mapping: loaded %d mapping(s)", len(m.mappings)) - } - if n := len(m.regexps); n > 0 { - log.Infof("amp model mapping: loaded %d regex mapping(s)", n) - } -} - -// GetMappings returns a copy of current mappings (for debugging/status). -func (m *DefaultModelMapper) GetMappings() map[string]string { - m.mu.RLock() - defer m.mu.RUnlock() - - result := make(map[string]string, len(m.mappings)) - for k, v := range m.mappings { - result[k] = v - } - return result -} - -type regexMapping struct { - re *regexp.Regexp - to string -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping_test.go deleted file mode 100644 index 53165d22c3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/model_mapping_test.go +++ /dev/null @@ -1,375 +0,0 @@ -package amp - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" -) - -func TestNewModelMapper(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - {From: "gpt-5", To: "gemini-2.5-pro"}, - } - - mapper := NewModelMapper(mappings) - if mapper == nil { - t.Fatal("Expected non-nil mapper") - } - - result := mapper.GetMappings() - if len(result) != 2 { - t.Errorf("Expected 2 mappings, got %d", len(result)) - } -} - -func TestNewModelMapper_Empty(t *testing.T) { - mapper := NewModelMapper(nil) - if mapper == nil { - t.Fatal("Expected non-nil mapper") - } - - result := mapper.GetMappings() - if len(result) != 0 { - t.Errorf("Expected 0 mappings, got %d", len(result)) - } -} - -func TestModelMapper_MapModel_NoProvider(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Without a registered provider for the target, mapping should return empty - result := mapper.MapModel("claude-opus-4.5") - if result != "" { - t.Errorf("Expected empty result when target has no provider, got %s", result) - } -} - -func TestModelMapper_MapModel_WithProvider(t *testing.T) { - // Register a mock provider for the target model - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client") - - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // With a registered provider, mapping should work - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_MapModel_TargetWithThinkingSuffix(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-thinking", "codex", []*registry.ModelInfo{ - {ID: "gpt-5.2", OwnedBy: "openai", Type: "codex"}, - }) - defer reg.UnregisterClient("test-client-thinking") - - mappings := []config.AmpModelMapping{ - {From: "gpt-5.2-alias", To: "gpt-5.2(xhigh)"}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("gpt-5.2-alias") - if result != "gpt-5.2(xhigh)" { - t.Errorf("Expected gpt-5.2(xhigh), got %s", result) - } -} - -func TestModelMapper_MapModel_CaseInsensitive(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client2") - - mappings := []config.AmpModelMapping{ - {From: "Claude-Opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Should match case-insensitively - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_MapModel_NotFound(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Unknown model should return empty - result := mapper.MapModel("unknown-model") - if result != "" { - t.Errorf("Expected empty for unknown model, got %s", result) - } -} - -func TestModelMapper_MapModel_EmptyInput(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("") - if result != "" { - t.Errorf("Expected empty for empty input, got %s", result) - } -} - -func TestModelMapper_UpdateMappings(t *testing.T) { - mapper := NewModelMapper(nil) - - // Initially empty - if len(mapper.GetMappings()) != 0 { - t.Error("Expected 0 initial mappings") - } - - // Update with new mappings - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "model-a", To: "model-b"}, - {From: "model-c", To: "model-d"}, - }) - - result := mapper.GetMappings() - if len(result) != 2 { - t.Errorf("Expected 2 mappings after update, got %d", len(result)) - } - - // Update again should replace, not append - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "model-x", To: "model-y"}, - }) - - result = mapper.GetMappings() - if len(result) != 1 { - t.Errorf("Expected 1 mapping after second update, got %d", len(result)) - } -} - -func TestModelMapper_UpdateMappings_SkipsInvalid(t *testing.T) { - mapper := NewModelMapper(nil) - - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "", To: "model-b"}, // Invalid: empty from - {From: "model-a", To: ""}, // Invalid: empty to - {From: " ", To: "model-b"}, // Invalid: whitespace from - {From: "model-c", To: "model-d"}, // Valid - }) - - result := mapper.GetMappings() - if len(result) != 1 { - t.Errorf("Expected 1 valid mapping, got %d", len(result)) - } -} - -func TestModelMapper_GetMappings_ReturnsCopy(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "model-a", To: "model-b"}, - } - - mapper := NewModelMapper(mappings) - - // Get mappings and modify the returned map - result := mapper.GetMappings() - result["new-key"] = "new-value" - - // Original should be unchanged - original := mapper.GetMappings() - if len(original) != 1 { - t.Errorf("Expected original to have 1 mapping, got %d", len(original)) - } - if _, exists := original["new-key"]; exists { - t.Error("Original map was modified") - } -} - -func TestModelMapper_Regex_MatchBaseWithoutParens(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-1", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - defer reg.UnregisterClient("test-client-regex-1") - - mappings := []config.AmpModelMapping{ - {From: "^gpt-5$", To: "gemini-2.5-pro", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - // Incoming model has reasoning suffix, regex matches base, suffix is preserved - result := mapper.MapModel("gpt-5(high)") - if result != "gemini-2.5-pro(high)" { - t.Errorf("Expected gemini-2.5-pro(high), got %s", result) - } -} - -func TestModelMapper_Regex_ExactPrecedence(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - reg.RegisterClient("test-client-regex-3", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - defer reg.UnregisterClient("test-client-regex-2") - defer reg.UnregisterClient("test-client-regex-3") - - mappings := []config.AmpModelMapping{ - {From: "gpt-5", To: "claude-sonnet-4"}, // exact - {From: "^gpt-5.*$", To: "gemini-2.5-pro", Regex: true}, // regex - } - - mapper := NewModelMapper(mappings) - - // Exact match should win over regex - result := mapper.MapModel("gpt-5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_Regex_InvalidPattern_Skipped(t *testing.T) { - // Invalid regex should be skipped and not cause panic - mappings := []config.AmpModelMapping{ - {From: "(", To: "target", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("anything") - if result != "" { - t.Errorf("Expected empty result due to invalid regex, got %s", result) - } -} - -func TestModelMapper_Regex_CaseInsensitive(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-4", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-regex-4") - - mappings := []config.AmpModelMapping{ - {From: "^CLAUDE-OPUS-.*$", To: "claude-sonnet-4", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_SuffixPreservation(t *testing.T) { - reg := registry.GetGlobalRegistry() - - // Register test models - reg.RegisterClient("test-client-suffix", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - reg.RegisterClient("test-client-suffix-2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-suffix") - defer reg.UnregisterClient("test-client-suffix-2") - - tests := []struct { - name string - mappings []config.AmpModelMapping - input string - want string - }{ - { - name: "numeric suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(8192)", - want: "gemini-2.5-pro(8192)", - }, - { - name: "level suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(high)", - want: "gemini-2.5-pro(high)", - }, - { - name: "no suffix unchanged", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p", - want: "gemini-2.5-pro", - }, - { - name: "config suffix takes priority", - mappings: []config.AmpModelMapping{{From: "alias", To: "gemini-2.5-pro(medium)"}}, - input: "alias(high)", - want: "gemini-2.5-pro(medium)", - }, - { - name: "regex with suffix preserved", - mappings: []config.AmpModelMapping{{From: "^g25.*", To: "gemini-2.5-pro", Regex: true}}, - input: "g25p(8192)", - want: "gemini-2.5-pro(8192)", - }, - { - name: "auto suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(auto)", - want: "gemini-2.5-pro(auto)", - }, - { - name: "none suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(none)", - want: "gemini-2.5-pro(none)", - }, - { - name: "case insensitive base lookup with suffix", - mappings: []config.AmpModelMapping{{From: "G25P", To: "gemini-2.5-pro"}}, - input: "g25p(high)", - want: "gemini-2.5-pro(high)", - }, - { - name: "empty suffix filtered out", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p()", - want: "gemini-2.5-pro", - }, - { - name: "incomplete suffix treated as no suffix", - mappings: []config.AmpModelMapping{{From: "g25p(high", To: "gemini-2.5-pro"}}, - input: "g25p(high", - want: "gemini-2.5-pro", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - mapper := NewModelMapper(tt.mappings) - got := mapper.MapModel(tt.input) - if got != tt.want { - t.Errorf("MapModel(%q) = %q, want %q", tt.input, got, tt.want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy.go deleted file mode 100644 index c593c1b328..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy.go +++ /dev/null @@ -1,266 +0,0 @@ -package amp - -import ( - "bytes" - "compress/gzip" - "context" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/http/httputil" - "net/url" - "strconv" - "strings" - - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" -) - -func removeQueryValuesMatching(req *http.Request, key string, match string) { - if req == nil || req.URL == nil || match == "" { - return - } - - q := req.URL.Query() - values, ok := q[key] - if !ok || len(values) == 0 { - return - } - - kept := make([]string, 0, len(values)) - for _, v := range values { - if v == match { - continue - } - kept = append(kept, v) - } - - if len(kept) == 0 { - q.Del(key) - } else { - q[key] = kept - } - req.URL.RawQuery = q.Encode() -} - -// readCloser wraps a reader and forwards Close to a separate closer. -// Used to restore peeked bytes while preserving upstream body Close behavior. -type readCloser struct { - r io.Reader - c io.Closer -} - -func (rc *readCloser) Read(p []byte) (int, error) { return rc.r.Read(p) } -func (rc *readCloser) Close() error { return rc.c.Close() } - -// createReverseProxy creates a reverse proxy handler for Amp upstream -// with automatic gzip decompression via ModifyResponse -func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputil.ReverseProxy, error) { - parsed, err := url.Parse(upstreamURL) - if err != nil { - return nil, fmt.Errorf("invalid amp upstream url: %w", err) - } - - proxy := httputil.NewSingleHostReverseProxy(parsed) - originalDirector := proxy.Director - - // Modify outgoing requests to inject API key and fix routing - proxy.Director = func(req *http.Request) { - originalDirector(req) - req.Host = parsed.Host - - // Remove client's Authorization header - it was only used for CLI Proxy API authentication - // We will set our own Authorization using the configured upstream-api-key - req.Header.Del("Authorization") - req.Header.Del("X-Api-Key") - req.Header.Del("X-Goog-Api-Key") - - // Remove query-based credentials if they match the authenticated client API key. - // This prevents leaking client auth material to the Amp upstream while avoiding - // breaking unrelated upstream query parameters. - clientKey := getClientAPIKeyFromContext(req.Context()) - removeQueryValuesMatching(req, "key", clientKey) - removeQueryValuesMatching(req, "auth_token", clientKey) - - // Preserve correlation headers for debugging - if req.Header.Get("X-Request-ID") == "" { - // Could generate one here if needed - } - - // Note: We do NOT filter Anthropic-Beta headers in the proxy path - // Users going through ampcode.com proxy are paying for the service and should get all features - // including 1M context window (context-1m-2025-08-07) - - // Inject API key from secret source (only uses upstream-api-key from config) - if key, err := secretSource.Get(req.Context()); err == nil && key != "" { - req.Header.Set("X-Api-Key", key) - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", key)) - } else if err != nil { - log.Warnf("amp secret source error (continuing without auth): %v", err) - } - } - - // Modify incoming responses to handle gzip without Content-Encoding - // This addresses the same issue as inline handler gzip handling, but at the proxy level - proxy.ModifyResponse = func(resp *http.Response) error { - // Log upstream error responses for diagnostics (502, 503, etc.) - // These are NOT proxy connection errors - the upstream responded with an error status - if resp.StatusCode >= 500 { - log.Errorf("amp upstream responded with error [%d] for %s %s", resp.StatusCode, resp.Request.Method, resp.Request.URL.Path) - } else if resp.StatusCode >= 400 { - log.Warnf("amp upstream responded with client error [%d] for %s %s", resp.StatusCode, resp.Request.Method, resp.Request.URL.Path) - } - - // Only process successful responses for gzip decompression - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return nil - } - - // Skip if already marked as gzip (Content-Encoding set) - if resp.Header.Get("Content-Encoding") != "" { - return nil - } - - // Skip streaming responses (SSE, chunked) - if isStreamingResponse(resp) { - return nil - } - - // Save reference to original upstream body for proper cleanup - originalBody := resp.Body - - // Peek at first 2 bytes to detect gzip magic bytes - header := make([]byte, 2) - n, _ := io.ReadFull(originalBody, header) - - // Check for gzip magic bytes (0x1f 0x8b) - // If n < 2, we didn't get enough bytes, so it's not gzip - if n >= 2 && header[0] == 0x1f && header[1] == 0x8b { - // It's gzip - read the rest of the body - rest, err := io.ReadAll(originalBody) - if err != nil { - // Restore what we read and return original body (preserve Close behavior) - resp.Body = &readCloser{ - r: io.MultiReader(bytes.NewReader(header[:n]), originalBody), - c: originalBody, - } - return nil - } - - // Reconstruct complete gzipped data - gzippedData := append(header[:n], rest...) - - // Decompress - gzipReader, err := gzip.NewReader(bytes.NewReader(gzippedData)) - if err != nil { - log.Warnf("amp proxy: gzip header detected but decompress failed: %v", err) - // Close original body and return in-memory copy - _ = originalBody.Close() - resp.Body = io.NopCloser(bytes.NewReader(gzippedData)) - return nil - } - - decompressed, err := io.ReadAll(gzipReader) - _ = gzipReader.Close() - if err != nil { - log.Warnf("amp proxy: gzip decompress error: %v", err) - // Close original body and return in-memory copy - _ = originalBody.Close() - resp.Body = io.NopCloser(bytes.NewReader(gzippedData)) - return nil - } - - // Close original body since we're replacing with in-memory decompressed content - _ = originalBody.Close() - - // Replace body with decompressed content - resp.Body = io.NopCloser(bytes.NewReader(decompressed)) - resp.ContentLength = int64(len(decompressed)) - - // Update headers to reflect decompressed state - resp.Header.Del("Content-Encoding") // No longer compressed - resp.Header.Del("Content-Length") // Remove stale compressed length - resp.Header.Set("Content-Length", strconv.FormatInt(resp.ContentLength, 10)) // Set decompressed length - - log.Debugf("amp proxy: decompressed gzip response (%d -> %d bytes)", len(gzippedData), len(decompressed)) - } else { - // Not gzip - restore peeked bytes while preserving Close behavior - // Handle edge cases: n might be 0, 1, or 2 depending on EOF - resp.Body = &readCloser{ - r: io.MultiReader(bytes.NewReader(header[:n]), originalBody), - c: originalBody, - } - } - - return nil - } - - // Error handler for proxy failures with detailed error classification for diagnostics - proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) { - // Classify the error type for better diagnostics - var errType string - if errors.Is(err, context.DeadlineExceeded) { - errType = "timeout" - } else if errors.Is(err, context.Canceled) { - errType = "canceled" - } else if netErr, ok := err.(net.Error); ok && netErr.Timeout() { - errType = "dial_timeout" - } else if _, ok := err.(net.Error); ok { - errType = "network_error" - } else { - errType = "connection_error" - } - - // Don't log as error for context canceled - it's usually client closing connection - if errors.Is(err, context.Canceled) { - return - } else { - log.Errorf("amp upstream proxy error [%s] for %s %s: %v", errType, req.Method, req.URL.Path, err) - } - - rw.Header().Set("Content-Type", "application/json") - rw.WriteHeader(http.StatusBadGateway) - _, _ = rw.Write([]byte(`{"error":"amp_upstream_proxy_error","message":"Failed to reach Amp upstream"}`)) - } - - return proxy, nil -} - -// isStreamingResponse detects if the response is streaming (SSE only) -// Note: We only treat text/event-stream as streaming. Chunked transfer encoding -// is a transport-level detail and doesn't mean we can't decompress the full response. -// Many JSON APIs use chunked encoding for normal responses. -func isStreamingResponse(resp *http.Response) bool { - contentType := resp.Header.Get("Content-Type") - - // Only Server-Sent Events are true streaming responses - if strings.Contains(contentType, "text/event-stream") { - return true - } - - return false -} - -// proxyHandler converts httputil.ReverseProxy to gin.HandlerFunc -func proxyHandler(proxy *httputil.ReverseProxy) gin.HandlerFunc { - return func(c *gin.Context) { - proxy.ServeHTTP(c.Writer, c.Request) - } -} - -// filterBetaFeatures removes a specific beta feature from comma-separated list -func filterBetaFeatures(header, featureToRemove string) string { - features := strings.Split(header, ",") - filtered := make([]string, 0, len(features)) - - for _, feature := range features { - trimmed := strings.TrimSpace(feature) - if trimmed != "" && trimmed != featureToRemove { - filtered = append(filtered, trimmed) - } - } - - return strings.Join(filtered, ",") -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy_test.go deleted file mode 100644 index 32f5d8605b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/proxy_test.go +++ /dev/null @@ -1,681 +0,0 @@ -package amp - -import ( - "bytes" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// Helper: compress data with gzip -func gzipBytes(b []byte) []byte { - var buf bytes.Buffer - zw := gzip.NewWriter(&buf) - zw.Write(b) - zw.Close() - return buf.Bytes() -} - -// Helper: create a mock http.Response -func mkResp(status int, hdr http.Header, body []byte) *http.Response { - if hdr == nil { - hdr = http.Header{} - } - return &http.Response{ - StatusCode: status, - Header: hdr, - Body: io.NopCloser(bytes.NewReader(body)), - ContentLength: int64(len(body)), - } -} - -func TestCreateReverseProxy_ValidURL(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("key")) - if err != nil { - t.Fatalf("expected no error, got: %v", err) - } - if proxy == nil { - t.Fatal("expected proxy to be created") - } -} - -func TestCreateReverseProxy_InvalidURL(t *testing.T) { - _, err := createReverseProxy("://invalid", NewStaticSecretSource("key")) - if err == nil { - t.Fatal("expected error for invalid URL") - } -} - -func TestModifyResponse_GzipScenarios(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - good := gzipBytes(goodJSON) - truncated := good[:10] - corrupted := append([]byte{0x1f, 0x8b}, []byte("notgzip")...) - - cases := []struct { - name string - header http.Header - body []byte - status int - wantBody []byte - wantCE string - }{ - { - name: "decompresses_valid_gzip_no_header", - header: http.Header{}, - body: good, - status: 200, - wantBody: goodJSON, - wantCE: "", - }, - { - name: "skips_when_ce_present", - header: http.Header{"Content-Encoding": []string{"gzip"}}, - body: good, - status: 200, - wantBody: good, - wantCE: "gzip", - }, - { - name: "passes_truncated_unchanged", - header: http.Header{}, - body: truncated, - status: 200, - wantBody: truncated, - wantCE: "", - }, - { - name: "passes_corrupted_unchanged", - header: http.Header{}, - body: corrupted, - status: 200, - wantBody: corrupted, - wantCE: "", - }, - { - name: "non_gzip_unchanged", - header: http.Header{}, - body: []byte("plain"), - status: 200, - wantBody: []byte("plain"), - wantCE: "", - }, - { - name: "empty_body", - header: http.Header{}, - body: []byte{}, - status: 200, - wantBody: []byte{}, - wantCE: "", - }, - { - name: "single_byte_body", - header: http.Header{}, - body: []byte{0x1f}, - status: 200, - wantBody: []byte{0x1f}, - wantCE: "", - }, - { - name: "skips_non_2xx_status", - header: http.Header{}, - body: good, - status: 404, - wantBody: good, - wantCE: "", - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - resp := mkResp(tc.status, tc.header, tc.body) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - got, err := io.ReadAll(resp.Body) - if err != nil { - t.Fatalf("ReadAll error: %v", err) - } - if !bytes.Equal(got, tc.wantBody) { - t.Fatalf("body mismatch:\nwant: %q\ngot: %q", tc.wantBody, got) - } - if ce := resp.Header.Get("Content-Encoding"); ce != tc.wantCE { - t.Fatalf("Content-Encoding: want %q, got %q", tc.wantCE, ce) - } - }) - } -} - -func TestModifyResponse_UpdatesContentLengthHeader(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"message":"test response"}`) - gzipped := gzipBytes(goodJSON) - - // Simulate upstream response with gzip body AND Content-Length header - // (this is the scenario the bot flagged - stale Content-Length after decompression) - resp := mkResp(200, http.Header{ - "Content-Length": []string{fmt.Sprintf("%d", len(gzipped))}, // Compressed size - }, gzipped) - - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - - // Verify body is decompressed - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, goodJSON) { - t.Fatalf("body should be decompressed, got: %q, want: %q", got, goodJSON) - } - - // Verify Content-Length header is updated to decompressed size - wantCL := fmt.Sprintf("%d", len(goodJSON)) - gotCL := resp.Header.Get("Content-Length") - if gotCL != wantCL { - t.Fatalf("Content-Length header mismatch: want %q (decompressed), got %q", wantCL, gotCL) - } - - // Verify struct field also matches - if resp.ContentLength != int64(len(goodJSON)) { - t.Fatalf("resp.ContentLength mismatch: want %d, got %d", len(goodJSON), resp.ContentLength) - } -} - -func TestModifyResponse_SkipsStreamingResponses(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - gzipped := gzipBytes(goodJSON) - - t.Run("sse_skips_decompression", func(t *testing.T) { - resp := mkResp(200, http.Header{"Content-Type": []string{"text/event-stream"}}, gzipped) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - // SSE should NOT be decompressed - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, gzipped) { - t.Fatal("SSE response should not be decompressed") - } - }) -} - -func TestModifyResponse_DecompressesChunkedJSON(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - gzipped := gzipBytes(goodJSON) - - t.Run("chunked_json_decompresses", func(t *testing.T) { - // Chunked JSON responses (like thread APIs) should be decompressed - resp := mkResp(200, http.Header{"Transfer-Encoding": []string{"chunked"}}, gzipped) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - // Should decompress because it's not SSE - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, goodJSON) { - t.Fatalf("chunked JSON should be decompressed, got: %q, want: %q", got, goodJSON) - } - }) -} - -func TestReverseProxy_InjectsHeaders(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("secret")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "secret" { - t.Fatalf("X-Api-Key missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer secret" { - t.Fatalf("Authorization missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_EmptySecret(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - // Should NOT inject headers when secret is empty - if hdr.Get("X-Api-Key") != "" { - t.Fatalf("X-Api-Key should not be set, got: %q", hdr.Get("X-Api-Key")) - } - if authVal := hdr.Get("Authorization"); authVal != "" && authVal != "Bearer " { - t.Fatalf("Authorization should not be set, got: %q", authVal) - } -} - -func TestReverseProxy_StripsClientCredentialsFromHeadersAndQuery(t *testing.T) { - type captured struct { - headers http.Header - query string - } - got := make(chan captured, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - got <- captured{headers: r.Header.Clone(), query: r.URL.RawQuery} - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("upstream")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Simulate clientAPIKeyMiddleware injection (per-request) - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "client-key") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - req, err := http.NewRequest(http.MethodGet, srv.URL+"/test?key=client-key&key=keep&auth_token=client-key&foo=bar", nil) - if err != nil { - t.Fatal(err) - } - req.Header.Set("Authorization", "Bearer client-key") - req.Header.Set("X-Api-Key", "client-key") - req.Header.Set("X-Goog-Api-Key", "client-key") - - res, err := http.DefaultClient.Do(req) - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - c := <-got - - // These are client-provided credentials and must not reach the upstream. - if v := c.headers.Get("X-Goog-Api-Key"); v != "" { - t.Fatalf("X-Goog-Api-Key should be stripped, got: %q", v) - } - - // We inject upstream Authorization/X-Api-Key, so the client auth must not survive. - if v := c.headers.Get("Authorization"); v != "Bearer upstream" { - t.Fatalf("Authorization should be upstream-injected, got: %q", v) - } - if v := c.headers.Get("X-Api-Key"); v != "upstream" { - t.Fatalf("X-Api-Key should be upstream-injected, got: %q", v) - } - - // Query-based credentials should be stripped only when they match the authenticated client key. - // Should keep unrelated values and parameters. - if strings.Contains(c.query, "auth_token=client-key") || strings.Contains(c.query, "key=client-key") { - t.Fatalf("query credentials should be stripped, got raw query: %q", c.query) - } - if !strings.Contains(c.query, "key=keep") || !strings.Contains(c.query, "foo=bar") { - t.Fatalf("expected query to keep non-credential params, got raw query: %q", c.query) - } -} - -func TestReverseProxy_InjectsMappedSecret_FromRequestContext(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - defaultSource := NewStaticSecretSource("default") - mapped := NewMappedSecretSource(defaultSource) - mapped.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - proxy, err := createReverseProxy(upstream.URL, mapped) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Simulate clientAPIKeyMiddleware injection (per-request) - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "k1") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "u1" { - t.Fatalf("X-Api-Key missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer u1" { - t.Fatalf("Authorization missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_MappedSecret_FallsBackToDefault(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - defaultSource := NewStaticSecretSource("default") - mapped := NewMappedSecretSource(defaultSource) - mapped.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - proxy, err := createReverseProxy(upstream.URL, mapped) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "k2") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "default" { - t.Fatalf("X-Api-Key fallback missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer default" { - t.Fatalf("Authorization fallback missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_ErrorHandler(t *testing.T) { - // Point proxy to a non-routable address to trigger error - proxy, err := createReverseProxy("http://127.0.0.1:1", NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/any") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - res.Body.Close() - - if res.StatusCode != http.StatusBadGateway { - t.Fatalf("want 502, got %d", res.StatusCode) - } - if !bytes.Contains(body, []byte(`"amp_upstream_proxy_error"`)) { - t.Fatalf("unexpected body: %s", body) - } - if ct := res.Header.Get("Content-Type"); ct != "application/json" { - t.Fatalf("content-type: want application/json, got %s", ct) - } -} - -func TestReverseProxy_ErrorHandler_ContextCanceled(t *testing.T) { - // Test that context.Canceled errors return 499 without generic error response - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - // Create a canceled context to trigger the cancellation path - ctx, cancel := context.WithCancel(context.Background()) - cancel() // Cancel immediately - - req := httptest.NewRequest(http.MethodGet, "/test", nil).WithContext(ctx) - rr := httptest.NewRecorder() - - // Directly invoke the ErrorHandler with context.Canceled - proxy.ErrorHandler(rr, req, context.Canceled) - - // Body should be empty for canceled requests (no JSON error response) - body := rr.Body.Bytes() - if len(body) > 0 { - t.Fatalf("expected empty body for canceled context, got: %s", body) - } -} - -func TestReverseProxy_FullRoundTrip_Gzip(t *testing.T) { - // Upstream returns gzipped JSON without Content-Encoding header - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(200) - w.Write(gzipBytes([]byte(`{"upstream":"ok"}`))) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("key")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - res.Body.Close() - - expected := []byte(`{"upstream":"ok"}`) - if !bytes.Equal(body, expected) { - t.Fatalf("want decompressed JSON, got: %s", body) - } -} - -func TestReverseProxy_FullRoundTrip_PlainJSON(t *testing.T) { - // Upstream returns plain JSON - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(200) - w.Write([]byte(`{"plain":"json"}`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("key")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - res.Body.Close() - - expected := []byte(`{"plain":"json"}`) - if !bytes.Equal(body, expected) { - t.Fatalf("want plain JSON unchanged, got: %s", body) - } -} - -func TestIsStreamingResponse(t *testing.T) { - cases := []struct { - name string - header http.Header - want bool - }{ - { - name: "sse", - header: http.Header{"Content-Type": []string{"text/event-stream"}}, - want: true, - }, - { - name: "chunked_not_streaming", - header: http.Header{"Transfer-Encoding": []string{"chunked"}}, - want: false, // Chunked is transport-level, not streaming - }, - { - name: "normal_json", - header: http.Header{"Content-Type": []string{"application/json"}}, - want: false, - }, - { - name: "empty", - header: http.Header{}, - want: false, - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - resp := &http.Response{Header: tc.header} - got := isStreamingResponse(resp) - if got != tc.want { - t.Fatalf("want %v, got %v", tc.want, got) - } - }) - } -} - -func TestFilterBetaFeatures(t *testing.T) { - tests := []struct { - name string - header string - featureToRemove string - expected string - }{ - { - name: "Remove context-1m from middle", - header: "fine-grained-tool-streaming-2025-05-14,context-1m-2025-08-07,oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - { - name: "Remove context-1m from start", - header: "context-1m-2025-08-07,fine-grained-tool-streaming-2025-05-14", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14", - }, - { - name: "Remove context-1m from end", - header: "fine-grained-tool-streaming-2025-05-14,context-1m-2025-08-07", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14", - }, - { - name: "Feature not present", - header: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - { - name: "Only feature to remove", - header: "context-1m-2025-08-07", - featureToRemove: "context-1m-2025-08-07", - expected: "", - }, - { - name: "Empty header", - header: "", - featureToRemove: "context-1m-2025-08-07", - expected: "", - }, - { - name: "Header with spaces", - header: "fine-grained-tool-streaming-2025-05-14, context-1m-2025-08-07 , oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := filterBetaFeatures(tt.header, tt.featureToRemove) - if result != tt.expected { - t.Errorf("filterBetaFeatures() = %q, want %q", result, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/response_rewriter.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/response_rewriter.go deleted file mode 100644 index 8a9cad704d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/response_rewriter.go +++ /dev/null @@ -1,183 +0,0 @@ -package amp - -import ( - "bytes" - "net/http" - "strings" - - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ResponseRewriter wraps a gin.ResponseWriter to intercept and modify the response body -// It's used to rewrite model names in responses when model mapping is used -type ResponseRewriter struct { - gin.ResponseWriter - body *bytes.Buffer - originalModel string - isStreaming bool -} - -// NewResponseRewriter creates a new response rewriter for model name substitution -func NewResponseRewriter(w gin.ResponseWriter, originalModel string) *ResponseRewriter { - return &ResponseRewriter{ - ResponseWriter: w, - body: &bytes.Buffer{}, - originalModel: originalModel, - } -} - -const maxBufferedResponseBytes = 2 * 1024 * 1024 // 2MB safety cap - -func looksLikeSSEChunk(data []byte) bool { - // Fallback detection: some upstreams may omit/lie about Content-Type, causing SSE to be buffered. - // Heuristics are intentionally simple and cheap. - return bytes.Contains(data, []byte("data:")) || - bytes.Contains(data, []byte("event:")) || - bytes.Contains(data, []byte("message_start")) || - bytes.Contains(data, []byte("message_delta")) || - bytes.Contains(data, []byte("content_block_start")) || - bytes.Contains(data, []byte("content_block_delta")) || - bytes.Contains(data, []byte("content_block_stop")) || - bytes.Contains(data, []byte("\n\n")) -} - -func (rw *ResponseRewriter) enableStreaming(reason string) error { - if rw.isStreaming { - return nil - } - rw.isStreaming = true - - // Flush any previously buffered data to avoid reordering or data loss. - if rw.body != nil && rw.body.Len() > 0 { - buf := rw.body.Bytes() - // Copy before Reset() to keep bytes stable. - toFlush := make([]byte, len(buf)) - copy(toFlush, buf) - rw.body.Reset() - - if _, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(toFlush)); err != nil { - return err - } - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - } - - log.Debugf("amp response rewriter: switched to streaming (%s)", reason) - return nil -} - -// Write intercepts response writes and buffers them for model name replacement -func (rw *ResponseRewriter) Write(data []byte) (int, error) { - // Detect streaming on first write (header-based) - if !rw.isStreaming && rw.body.Len() == 0 { - contentType := rw.Header().Get("Content-Type") - rw.isStreaming = strings.Contains(contentType, "text/event-stream") || - strings.Contains(contentType, "stream") - } - - if !rw.isStreaming { - // Content-based fallback: detect SSE-like chunks even if Content-Type is missing/wrong. - if looksLikeSSEChunk(data) { - if err := rw.enableStreaming("sse heuristic"); err != nil { - return 0, err - } - } else if rw.body.Len()+len(data) > maxBufferedResponseBytes { - // Safety cap: avoid unbounded buffering on large responses. - log.Warnf("amp response rewriter: buffer exceeded %d bytes, switching to streaming", maxBufferedResponseBytes) - if err := rw.enableStreaming("buffer limit"); err != nil { - return 0, err - } - } - } - - if rw.isStreaming { - n, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(data)) - if err == nil { - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - } - return n, err - } - return rw.body.Write(data) -} - -// Flush writes the buffered response with model names rewritten -func (rw *ResponseRewriter) Flush() { - if rw.isStreaming { - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - return - } - if rw.body.Len() > 0 { - if _, err := rw.ResponseWriter.Write(rw.rewriteModelInResponse(rw.body.Bytes())); err != nil { - log.Warnf("amp response rewriter: failed to write rewritten response: %v", err) - } - } -} - -// modelFieldPaths lists all JSON paths where model name may appear -var modelFieldPaths = []string{"message.model", "model", "modelVersion", "response.model", "response.modelVersion"} - -// rewriteModelInResponse replaces all occurrences of the mapped model with the original model in JSON -// It also suppresses "thinking" blocks if "tool_use" is present to ensure Amp client compatibility -func (rw *ResponseRewriter) rewriteModelInResponse(data []byte) []byte { - // 1. Amp Compatibility: Suppress thinking blocks if tool use is detected - // The Amp client struggles when both thinking and tool_use blocks are present - if gjson.GetBytes(data, `content.#(type=="tool_use")`).Exists() { - filtered := gjson.GetBytes(data, `content.#(type!="thinking")#`) - if filtered.Exists() { - originalCount := gjson.GetBytes(data, "content.#").Int() - filteredCount := filtered.Get("#").Int() - - if originalCount > filteredCount { - var err error - data, err = sjson.SetBytes(data, "content", filtered.Value()) - if err != nil { - log.Warnf("Amp ResponseRewriter: failed to suppress thinking blocks: %v", err) - } else { - log.Debugf("Amp ResponseRewriter: Suppressed %d thinking blocks due to tool usage", originalCount-filteredCount) - // Log the result for verification - log.Debugf("Amp ResponseRewriter: Resulting content: %s", gjson.GetBytes(data, "content").String()) - } - } - } - } - - if rw.originalModel == "" { - return data - } - for _, path := range modelFieldPaths { - if gjson.GetBytes(data, path).Exists() { - data, _ = sjson.SetBytes(data, path, rw.originalModel) - } - } - return data -} - -// rewriteStreamChunk rewrites model names in SSE stream chunks -func (rw *ResponseRewriter) rewriteStreamChunk(chunk []byte) []byte { - if rw.originalModel == "" { - return chunk - } - - // SSE format: "data: {json}\n\n" - lines := bytes.Split(chunk, []byte("\n")) - for i, line := range lines { - if bytes.HasPrefix(line, []byte("data: ")) { - jsonData := bytes.TrimPrefix(line, []byte("data: ")) - if len(jsonData) > 0 && jsonData[0] == '{' { - // Rewrite JSON in the data line - rewritten := rw.rewriteModelInResponse(jsonData) - lines[i] = append([]byte("data: "), rewritten...) - } - } - } - - return bytes.Join(lines, []byte("\n")) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/response_rewriter_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/response_rewriter_test.go deleted file mode 100644 index 114a9516fc..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/response_rewriter_test.go +++ /dev/null @@ -1,110 +0,0 @@ -package amp - -import ( - "testing" -) - -func TestRewriteModelInResponse_TopLevel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"id":"resp_1","model":"gpt-5.3-codex","output":[]}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"id":"resp_1","model":"gpt-5.2-codex","output":[]}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_ResponseModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.completed","response":{"id":"resp_1","model":"gpt-5.3-codex","status":"completed"}}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"type":"response.completed","response":{"id":"resp_1","model":"gpt-5.2-codex","status":"completed"}}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_ResponseCreated(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.created","response":{"id":"resp_1","model":"gpt-5.3-codex","status":"in_progress"}}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"type":"response.created","response":{"id":"resp_1","model":"gpt-5.2-codex","status":"in_progress"}}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_NoModelField(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.output_item.added","item":{"id":"item_1","type":"message"}}`) - result := rw.rewriteModelInResponse(input) - - if string(result) != string(input) { - t.Errorf("expected no modification, got %s", string(result)) - } -} - -func TestRewriteModelInResponse_EmptyOriginalModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: ""} - - input := []byte(`{"model":"gpt-5.3-codex"}`) - result := rw.rewriteModelInResponse(input) - - if string(result) != string(input) { - t.Errorf("expected no modification when originalModel is empty, got %s", string(result)) - } -} - -func TestRewriteStreamChunk_SSEWithResponseModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - chunk := []byte("data: {\"type\":\"response.completed\",\"response\":{\"id\":\"resp_1\",\"model\":\"gpt-5.3-codex\",\"status\":\"completed\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - expected := "data: {\"type\":\"response.completed\",\"response\":{\"id\":\"resp_1\",\"model\":\"gpt-5.2-codex\",\"status\":\"completed\"}}\n\n" - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteStreamChunk_MultipleEvents(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - chunk := []byte("data: {\"type\":\"response.created\",\"response\":{\"model\":\"gpt-5.3-codex\"}}\n\ndata: {\"type\":\"response.output_item.added\",\"item\":{\"id\":\"item_1\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - if string(result) == string(chunk) { - t.Error("expected response.model to be rewritten in SSE stream") - } - if !contains(result, []byte(`"model":"gpt-5.2-codex"`)) { - t.Errorf("expected rewritten model in output, got %s", string(result)) - } -} - -func TestRewriteStreamChunk_MessageModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "claude-opus-4.5"} - - chunk := []byte("data: {\"message\":{\"model\":\"claude-sonnet-4\",\"role\":\"assistant\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - expected := "data: {\"message\":{\"model\":\"claude-opus-4.5\",\"role\":\"assistant\"}}\n\n" - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func contains(data, substr []byte) bool { - for i := 0; i <= len(data)-len(substr); i++ { - if string(data[i:i+len(substr)]) == string(substr) { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/routes.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/routes.go deleted file mode 100644 index 456a50ac12..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/routes.go +++ /dev/null @@ -1,334 +0,0 @@ -package amp - -import ( - "context" - "errors" - "net" - "net/http" - "net/http/httputil" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/claude" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/gemini" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/openai" - log "github.com/sirupsen/logrus" -) - -// clientAPIKeyContextKey is the context key used to pass the client API key -// from gin.Context to the request context for SecretSource lookup. -type clientAPIKeyContextKey struct{} - -// clientAPIKeyMiddleware injects the authenticated client API key from gin.Context["apiKey"] -// into the request context so that SecretSource can look it up for per-client upstream routing. -func clientAPIKeyMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // Extract the client API key from gin context (set by AuthMiddleware) - if apiKey, exists := c.Get("apiKey"); exists { - if keyStr, ok := apiKey.(string); ok && keyStr != "" { - // Inject into request context for SecretSource.Get(ctx) to read - ctx := context.WithValue(c.Request.Context(), clientAPIKeyContextKey{}, keyStr) - c.Request = c.Request.WithContext(ctx) - } - } - c.Next() - } -} - -// getClientAPIKeyFromContext retrieves the client API key from request context. -// Returns empty string if not present. -func getClientAPIKeyFromContext(ctx context.Context) string { - if val := ctx.Value(clientAPIKeyContextKey{}); val != nil { - if keyStr, ok := val.(string); ok { - return keyStr - } - } - return "" -} - -// localhostOnlyMiddleware returns a middleware that dynamically checks the module's -// localhost restriction setting. This allows hot-reload of the restriction without restarting. -func (m *AmpModule) localhostOnlyMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // Check current setting (hot-reloadable) - if !m.IsRestrictedToLocalhost() { - c.Next() - return - } - - // Use actual TCP connection address (RemoteAddr) to prevent header spoofing - // This cannot be forged by X-Forwarded-For or other client-controlled headers - remoteAddr := c.Request.RemoteAddr - - // RemoteAddr format is "IP:port" or "[IPv6]:port", extract just the IP - host, _, err := net.SplitHostPort(remoteAddr) - if err != nil { - // Try parsing as raw IP (shouldn't happen with standard HTTP, but be defensive) - host = remoteAddr - } - - // Parse the IP to handle both IPv4 and IPv6 - ip := net.ParseIP(host) - if ip == nil { - log.Warnf("amp management: invalid RemoteAddr %s, denying access", remoteAddr) - c.AbortWithStatusJSON(403, gin.H{ - "error": "Access denied: management routes restricted to localhost", - }) - return - } - - // Check if IP is loopback (127.0.0.1 or ::1) - if !ip.IsLoopback() { - log.Warnf("amp management: non-localhost connection from %s attempted access, denying", remoteAddr) - c.AbortWithStatusJSON(403, gin.H{ - "error": "Access denied: management routes restricted to localhost", - }) - return - } - - c.Next() - } -} - -// noCORSMiddleware disables CORS for management routes to prevent browser-based attacks. -// This overwrites any global CORS headers set by the server. -func noCORSMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // Remove CORS headers to prevent cross-origin access from browsers - c.Header("Access-Control-Allow-Origin", "") - c.Header("Access-Control-Allow-Methods", "") - c.Header("Access-Control-Allow-Headers", "") - c.Header("Access-Control-Allow-Credentials", "") - - // For OPTIONS preflight, deny with 403 - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(403) - return - } - - c.Next() - } -} - -// managementAvailabilityMiddleware short-circuits management routes when the upstream -// proxy is disabled, preventing noisy localhost warnings and accidental exposure. -func (m *AmpModule) managementAvailabilityMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - if m.getProxy() == nil { - logging.SkipGinRequestLogging(c) - c.AbortWithStatusJSON(http.StatusServiceUnavailable, gin.H{ - "error": "amp upstream proxy not available", - }) - return - } - c.Next() - } -} - -// wrapManagementAuth skips auth for selected management paths while keeping authentication elsewhere. -func wrapManagementAuth(auth gin.HandlerFunc, prefixes ...string) gin.HandlerFunc { - return func(c *gin.Context) { - path := c.Request.URL.Path - for _, prefix := range prefixes { - if strings.HasPrefix(path, prefix) && (len(path) == len(prefix) || path[len(prefix)] == '/') { - c.Next() - return - } - } - auth(c) - } -} - -// registerManagementRoutes registers Amp management proxy routes -// These routes proxy through to the Amp control plane for OAuth, user management, etc. -// Uses dynamic middleware and proxy getter for hot-reload support. -// The auth middleware validates Authorization header against configured API keys. -func (m *AmpModule) registerManagementRoutes(engine *gin.Engine, baseHandler *handlers.BaseAPIHandler, auth gin.HandlerFunc) { - ampAPI := engine.Group("/api") - - // Always disable CORS for management routes to prevent browser-based attacks - ampAPI.Use(m.managementAvailabilityMiddleware(), noCORSMiddleware()) - - // Apply dynamic localhost-only restriction (hot-reloadable via m.IsRestrictedToLocalhost()) - ampAPI.Use(m.localhostOnlyMiddleware()) - - // Apply authentication middleware - requires valid API key in Authorization header - var authWithBypass gin.HandlerFunc - if auth != nil { - ampAPI.Use(auth) - authWithBypass = wrapManagementAuth(auth, "/threads", "/auth", "/docs", "/settings") - } - - // Inject client API key into request context for per-client upstream routing - ampAPI.Use(clientAPIKeyMiddleware()) - - // Dynamic proxy handler that uses m.getProxy() for hot-reload support - proxyHandler := func(c *gin.Context) { - // Swallow ErrAbortHandler panics from ReverseProxy copyResponse to avoid noisy stack traces - defer func() { - if rec := recover(); rec != nil { - if err, ok := rec.(error); ok && errors.Is(err, http.ErrAbortHandler) { - // Upstream already wrote the status (often 404) before the client/stream ended. - return - } - panic(rec) - } - }() - - proxy := m.getProxy() - if proxy == nil { - c.JSON(503, gin.H{"error": "amp upstream proxy not available"}) - return - } - proxy.ServeHTTP(c.Writer, c.Request) - } - - // Management routes - these are proxied directly to Amp upstream - ampAPI.Any("/internal", proxyHandler) - ampAPI.Any("/internal/*path", proxyHandler) - ampAPI.Any("/user", proxyHandler) - ampAPI.Any("/user/*path", proxyHandler) - ampAPI.Any("/auth", proxyHandler) - ampAPI.Any("/auth/*path", proxyHandler) - ampAPI.Any("/meta", proxyHandler) - ampAPI.Any("/meta/*path", proxyHandler) - ampAPI.Any("/ads", proxyHandler) - ampAPI.Any("/telemetry", proxyHandler) - ampAPI.Any("/telemetry/*path", proxyHandler) - ampAPI.Any("/threads", proxyHandler) - ampAPI.Any("/threads/*path", proxyHandler) - ampAPI.Any("/otel", proxyHandler) - ampAPI.Any("/otel/*path", proxyHandler) - ampAPI.Any("/tab", proxyHandler) - ampAPI.Any("/tab/*path", proxyHandler) - - // Root-level routes that AMP CLI expects without /api prefix - // These need the same security middleware as the /api/* routes (dynamic for hot-reload) - rootMiddleware := []gin.HandlerFunc{m.managementAvailabilityMiddleware(), noCORSMiddleware(), m.localhostOnlyMiddleware()} - if authWithBypass != nil { - rootMiddleware = append(rootMiddleware, authWithBypass) - } - // Add clientAPIKeyMiddleware after auth for per-client upstream routing - rootMiddleware = append(rootMiddleware, clientAPIKeyMiddleware()) - engine.GET("/threads", append(rootMiddleware, proxyHandler)...) - engine.GET("/threads/*path", append(rootMiddleware, proxyHandler)...) - engine.GET("/docs", append(rootMiddleware, proxyHandler)...) - engine.GET("/docs/*path", append(rootMiddleware, proxyHandler)...) - engine.GET("/settings", append(rootMiddleware, proxyHandler)...) - engine.GET("/settings/*path", append(rootMiddleware, proxyHandler)...) - - engine.GET("/threads.rss", append(rootMiddleware, proxyHandler)...) - engine.GET("/news.rss", append(rootMiddleware, proxyHandler)...) - - // Root-level auth routes for CLI login flow - // Amp uses multiple auth routes: /auth/cli-login, /auth/callback, /auth/sign-in, /auth/logout - // We proxy all /auth/* to support the complete OAuth flow - engine.Any("/auth", append(rootMiddleware, proxyHandler)...) - engine.Any("/auth/*path", append(rootMiddleware, proxyHandler)...) - - // Google v1beta1 passthrough with OAuth fallback - // AMP CLI uses non-standard paths like /publishers/google/models/... - // We bridge these to our standard Gemini handler to enable local OAuth. - // If no local OAuth is available, falls back to ampcode.com proxy. - geminiHandlers := gemini.NewGeminiAPIHandler(baseHandler) - geminiBridge := createGeminiBridgeHandler(geminiHandlers.GeminiHandler) - geminiV1Beta1Fallback := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { - return m.getProxy() - }, m.modelMapper, m.forceModelMappings) - geminiV1Beta1Handler := geminiV1Beta1Fallback.WrapHandler(geminiBridge) - - // Route POST model calls through Gemini bridge with FallbackHandler. - // FallbackHandler checks provider -> mapping -> proxy fallback automatically. - // All other methods (e.g., GET model listing) always proxy to upstream to preserve Amp CLI behavior. - ampAPI.Any("/provider/google/v1beta1/*path", func(c *gin.Context) { - if c.Request.Method == "POST" { - if path := c.Param("path"); strings.Contains(path, "/models/") { - // POST with /models/ path -> use Gemini bridge with fallback handler - // FallbackHandler will check provider/mapping and proxy if needed - geminiV1Beta1Handler(c) - return - } - } - // Non-POST or no local provider available -> proxy upstream - proxyHandler(c) - }) -} - -// registerProviderAliases registers /api/provider/{provider}/... routes -// These allow Amp CLI to route requests like: -// -// /api/provider/openai/v1/chat/completions -// /api/provider/anthropic/v1/messages -// /api/provider/google/v1beta/models -func (m *AmpModule) registerProviderAliases(engine *gin.Engine, baseHandler *handlers.BaseAPIHandler, auth gin.HandlerFunc) { - // Create handler instances for different providers - openaiHandlers := openai.NewOpenAIAPIHandler(baseHandler) - geminiHandlers := gemini.NewGeminiAPIHandler(baseHandler) - claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(baseHandler) - openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(baseHandler) - - // Create fallback handler wrapper that forwards to ampcode.com when provider not found - // Uses m.getProxy() for hot-reload support (proxy can be updated at runtime) - // Also includes model mapping support for routing unavailable models to alternatives - fallbackHandler := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { - return m.getProxy() - }, m.modelMapper, m.forceModelMappings) - - // Provider-specific routes under /api/provider/:provider - ampProviders := engine.Group("/api/provider") - if auth != nil { - ampProviders.Use(auth) - } - // Inject client API key into request context for per-client upstream routing - ampProviders.Use(clientAPIKeyMiddleware()) - - provider := ampProviders.Group("/:provider") - - // Dynamic models handler - routes to appropriate provider based on path parameter - ampModelsHandler := func(c *gin.Context) { - providerName := strings.ToLower(c.Param("provider")) - - switch providerName { - case "anthropic": - claudeCodeHandlers.ClaudeModels(c) - case "google": - geminiHandlers.GeminiModels(c) - default: - // Default to OpenAI-compatible (works for openai, groq, cerebras, etc.) - openaiHandlers.OpenAIModels(c) - } - } - - // Root-level routes (for providers that omit /v1, like groq/cerebras) - // Wrap handlers with fallback logic to forward to ampcode.com when provider not found - provider.GET("/models", ampModelsHandler) // Models endpoint doesn't need fallback (no body to check) - provider.POST("/chat/completions", fallbackHandler.WrapHandler(openaiHandlers.ChatCompletions)) - provider.POST("/completions", fallbackHandler.WrapHandler(openaiHandlers.Completions)) - provider.POST("/responses", fallbackHandler.WrapHandler(openaiResponsesHandlers.Responses)) - - // /v1 routes (OpenAI/Claude-compatible endpoints) - v1Amp := provider.Group("/v1") - { - v1Amp.GET("/models", ampModelsHandler) // Models endpoint doesn't need fallback - - // OpenAI-compatible endpoints with fallback - v1Amp.POST("/chat/completions", fallbackHandler.WrapHandler(openaiHandlers.ChatCompletions)) - v1Amp.POST("/completions", fallbackHandler.WrapHandler(openaiHandlers.Completions)) - v1Amp.POST("/responses", fallbackHandler.WrapHandler(openaiResponsesHandlers.Responses)) - - // Claude/Anthropic-compatible endpoints with fallback - v1Amp.POST("/messages", fallbackHandler.WrapHandler(claudeCodeHandlers.ClaudeMessages)) - v1Amp.POST("/messages/count_tokens", fallbackHandler.WrapHandler(claudeCodeHandlers.ClaudeCountTokens)) - } - - // /v1beta routes (Gemini native API) - // Note: Gemini handler extracts model from URL path, so fallback logic needs special handling - v1betaAmp := provider.Group("/v1beta") - { - v1betaAmp.GET("/models", geminiHandlers.GeminiModels) - v1betaAmp.POST("/models/*action", fallbackHandler.WrapHandler(geminiHandlers.GeminiHandler)) - v1betaAmp.GET("/models/*action", geminiHandlers.GeminiGetHandler) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/routes_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/routes_test.go deleted file mode 100644 index bae890aec4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/routes_test.go +++ /dev/null @@ -1,381 +0,0 @@ -package amp - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" -) - -func TestRegisterManagementRoutes(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with proxy for testing - m := &AmpModule{ - restrictToLocalhost: false, // disable localhost restriction for tests - } - - // Create a mock proxy that tracks calls - proxyCalled := false - mockProxy := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxyCalled = true - w.WriteHeader(200) - w.Write([]byte("proxied")) - })) - defer mockProxy.Close() - - // Create real proxy to mock server - proxy, _ := createReverseProxy(mockProxy.URL, NewStaticSecretSource("")) - m.setProxy(proxy) - - base := &handlers.BaseAPIHandler{} - m.registerManagementRoutes(r, base, nil) - srv := httptest.NewServer(r) - defer srv.Close() - - managementPaths := []struct { - path string - method string - }{ - {"/api/internal", http.MethodGet}, - {"/api/internal/some/path", http.MethodGet}, - {"/api/user", http.MethodGet}, - {"/api/user/profile", http.MethodGet}, - {"/api/auth", http.MethodGet}, - {"/api/auth/login", http.MethodGet}, - {"/api/meta", http.MethodGet}, - {"/api/telemetry", http.MethodGet}, - {"/api/threads", http.MethodGet}, - {"/threads/", http.MethodGet}, - {"/threads.rss", http.MethodGet}, // Root-level route (no /api prefix) - {"/api/otel", http.MethodGet}, - {"/api/tab", http.MethodGet}, - {"/api/tab/some/path", http.MethodGet}, - {"/auth", http.MethodGet}, // Root-level auth route - {"/auth/cli-login", http.MethodGet}, // CLI login flow - {"/auth/callback", http.MethodGet}, // OAuth callback - // Google v1beta1 bridge should still proxy non-model requests (GET) and allow POST - {"/api/provider/google/v1beta1/models", http.MethodGet}, - {"/api/provider/google/v1beta1/models", http.MethodPost}, - } - - for _, path := range managementPaths { - t.Run(path.path, func(t *testing.T) { - proxyCalled = false - req, err := http.NewRequest(path.method, srv.URL+path.path, nil) - if err != nil { - t.Fatalf("failed to build request: %v", err) - } - resp, err := http.DefaultClient.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - if resp.StatusCode == http.StatusNotFound { - t.Fatalf("route %s not registered", path.path) - } - if !proxyCalled { - t.Fatalf("proxy handler not called for %s", path.path) - } - }) - } -} - -func TestRegisterProviderAliases_AllProvidersRegistered(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Minimal base handler setup (no need to initialize, just check routing) - base := &handlers.BaseAPIHandler{} - - // Track if auth middleware was called - authCalled := false - authMiddleware := func(c *gin.Context) { - authCalled = true - c.Header("X-Auth", "ok") - // Abort with success to avoid calling the actual handler (which needs full setup) - c.AbortWithStatus(http.StatusOK) - } - - m := &AmpModule{authMiddleware_: authMiddleware} - m.registerProviderAliases(r, base, authMiddleware) - - paths := []struct { - path string - method string - }{ - {"/api/provider/openai/models", http.MethodGet}, - {"/api/provider/anthropic/models", http.MethodGet}, - {"/api/provider/google/models", http.MethodGet}, - {"/api/provider/groq/models", http.MethodGet}, - {"/api/provider/openai/chat/completions", http.MethodPost}, - {"/api/provider/anthropic/v1/messages", http.MethodPost}, - {"/api/provider/google/v1beta/models", http.MethodGet}, - } - - for _, tc := range paths { - t.Run(tc.path, func(t *testing.T) { - authCalled = false - req := httptest.NewRequest(tc.method, tc.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == http.StatusNotFound { - t.Fatalf("route %s %s not registered", tc.method, tc.path) - } - if !authCalled { - t.Fatalf("auth middleware not executed for %s", tc.path) - } - if w.Header().Get("X-Auth") != "ok" { - t.Fatalf("auth middleware header not set for %s", tc.path) - } - }) - } -} - -func TestRegisterProviderAliases_DynamicModelsHandler(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }} - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - providers := []string{"openai", "anthropic", "google", "groq", "cerebras"} - - for _, provider := range providers { - t.Run(provider, func(t *testing.T) { - path := "/api/provider/" + provider + "/models" - req := httptest.NewRequest(http.MethodGet, path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - // Should not 404 - if w.Code == http.StatusNotFound { - t.Fatalf("models route not found for provider: %s", provider) - } - }) - } -} - -func TestRegisterProviderAliases_V1Routes(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }} - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - v1Paths := []struct { - path string - method string - }{ - {"/api/provider/openai/v1/models", http.MethodGet}, - {"/api/provider/openai/v1/chat/completions", http.MethodPost}, - {"/api/provider/openai/v1/completions", http.MethodPost}, - {"/api/provider/anthropic/v1/messages", http.MethodPost}, - {"/api/provider/anthropic/v1/messages/count_tokens", http.MethodPost}, - } - - for _, tc := range v1Paths { - t.Run(tc.path, func(t *testing.T) { - req := httptest.NewRequest(tc.method, tc.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == http.StatusNotFound { - t.Fatalf("v1 route %s %s not registered", tc.method, tc.path) - } - }) - } -} - -func TestRegisterProviderAliases_V1BetaRoutes(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }} - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - v1betaPaths := []struct { - path string - method string - }{ - {"/api/provider/google/v1beta/models", http.MethodGet}, - {"/api/provider/google/v1beta/models/generateContent", http.MethodPost}, - } - - for _, tc := range v1betaPaths { - t.Run(tc.path, func(t *testing.T) { - req := httptest.NewRequest(tc.method, tc.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == http.StatusNotFound { - t.Fatalf("v1beta route %s %s not registered", tc.method, tc.path) - } - }) - } -} - -func TestRegisterProviderAliases_NoAuthMiddleware(t *testing.T) { - // Test that routes still register even if auth middleware is nil (fallback behavior) - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: nil} // No auth middleware - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - req := httptest.NewRequest(http.MethodGet, "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - // Should still work (with fallback no-op auth) - if w.Code == http.StatusNotFound { - t.Fatal("routes should register even without auth middleware") - } -} - -func TestLocalhostOnlyMiddleware_PreventsSpoofing(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with localhost restriction enabled - m := &AmpModule{ - restrictToLocalhost: true, - } - - // Apply dynamic localhost-only middleware - r.Use(m.localhostOnlyMiddleware()) - r.GET("/test", func(c *gin.Context) { - c.String(http.StatusOK, "ok") - }) - - tests := []struct { - name string - remoteAddr string - forwardedFor string - expectedStatus int - description string - }{ - { - name: "spoofed_header_remote_connection", - remoteAddr: "192.168.1.100:12345", - forwardedFor: "127.0.0.1", - expectedStatus: http.StatusForbidden, - description: "Spoofed X-Forwarded-For header should be ignored", - }, - { - name: "real_localhost_ipv4", - remoteAddr: "127.0.0.1:54321", - forwardedFor: "", - expectedStatus: http.StatusOK, - description: "Real localhost IPv4 connection should work", - }, - { - name: "real_localhost_ipv6", - remoteAddr: "[::1]:54321", - forwardedFor: "", - expectedStatus: http.StatusOK, - description: "Real localhost IPv6 connection should work", - }, - { - name: "remote_ipv4", - remoteAddr: "203.0.113.42:8080", - forwardedFor: "", - expectedStatus: http.StatusForbidden, - description: "Remote IPv4 connection should be blocked", - }, - { - name: "remote_ipv6", - remoteAddr: "[2001:db8::1]:9090", - forwardedFor: "", - expectedStatus: http.StatusForbidden, - description: "Remote IPv6 connection should be blocked", - }, - { - name: "spoofed_localhost_ipv6", - remoteAddr: "203.0.113.42:8080", - forwardedFor: "::1", - expectedStatus: http.StatusForbidden, - description: "Spoofed X-Forwarded-For with IPv6 localhost should be ignored", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = tt.remoteAddr - if tt.forwardedFor != "" { - req.Header.Set("X-Forwarded-For", tt.forwardedFor) - } - - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != tt.expectedStatus { - t.Errorf("%s: expected status %d, got %d", tt.description, tt.expectedStatus, w.Code) - } - }) - } -} - -func TestLocalhostOnlyMiddleware_HotReload(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with localhost restriction initially enabled - m := &AmpModule{ - restrictToLocalhost: true, - } - - // Apply dynamic localhost-only middleware - r.Use(m.localhostOnlyMiddleware()) - r.GET("/test", func(c *gin.Context) { - c.String(http.StatusOK, "ok") - }) - - // Test 1: Remote IP should be blocked when restriction is enabled - req := httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = "192.168.1.100:12345" - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusForbidden { - t.Errorf("Expected 403 when restriction enabled, got %d", w.Code) - } - - // Test 2: Hot-reload - disable restriction - m.setRestrictToLocalhost(false) - - req = httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = "192.168.1.100:12345" - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Errorf("Expected 200 after disabling restriction, got %d", w.Code) - } - - // Test 3: Hot-reload - re-enable restriction - m.setRestrictToLocalhost(true) - - req = httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = "192.168.1.100:12345" - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusForbidden { - t.Errorf("Expected 403 after re-enabling restriction, got %d", w.Code) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/secret.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/secret.go deleted file mode 100644 index f91c72ba9c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/secret.go +++ /dev/null @@ -1,248 +0,0 @@ -package amp - -import ( - "context" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - log "github.com/sirupsen/logrus" -) - -// SecretSource provides Amp API keys with configurable precedence and caching -type SecretSource interface { - Get(ctx context.Context) (string, error) -} - -// cachedSecret holds a secret value with expiration -type cachedSecret struct { - value string - expiresAt time.Time -} - -// MultiSourceSecret implements precedence-based secret lookup: -// 1. Explicit config value (highest priority) -// 2. Environment variable AMP_API_KEY -// 3. File-based secret (lowest priority) -type MultiSourceSecret struct { - explicitKey string - envKey string - filePath string - cacheTTL time.Duration - - mu sync.RWMutex - cache *cachedSecret -} - -// NewMultiSourceSecret creates a secret source with precedence and caching -func NewMultiSourceSecret(explicitKey string, cacheTTL time.Duration) *MultiSourceSecret { - if cacheTTL == 0 { - cacheTTL = 5 * time.Minute // Default 5 minute cache - } - - home, _ := os.UserHomeDir() - filePath := filepath.Join(home, ".local", "share", "amp", "secrets.json") - - return &MultiSourceSecret{ - explicitKey: strings.TrimSpace(explicitKey), - envKey: "AMP_API_KEY", - filePath: filePath, - cacheTTL: cacheTTL, - } -} - -// NewMultiSourceSecretWithPath creates a secret source with a custom file path (for testing) -func NewMultiSourceSecretWithPath(explicitKey string, filePath string, cacheTTL time.Duration) *MultiSourceSecret { - if cacheTTL == 0 { - cacheTTL = 5 * time.Minute - } - - return &MultiSourceSecret{ - explicitKey: strings.TrimSpace(explicitKey), - envKey: "AMP_API_KEY", - filePath: filePath, - cacheTTL: cacheTTL, - } -} - -// Get retrieves the Amp API key using precedence: config > env > file -// Results are cached for cacheTTL duration to avoid excessive file reads -func (s *MultiSourceSecret) Get(ctx context.Context) (string, error) { - // Precedence 1: Explicit config key (highest priority, no caching needed) - if s.explicitKey != "" { - return s.explicitKey, nil - } - - // Precedence 2: Environment variable - if envValue := strings.TrimSpace(os.Getenv(s.envKey)); envValue != "" { - return envValue, nil - } - - // Precedence 3: File-based secret (lowest priority, cached) - // Check cache first - s.mu.RLock() - if s.cache != nil && time.Now().Before(s.cache.expiresAt) { - value := s.cache.value - s.mu.RUnlock() - return value, nil - } - s.mu.RUnlock() - - // Cache miss or expired - read from file - key, err := s.readFromFile() - if err != nil { - // Cache empty result to avoid repeated file reads on missing files - s.updateCache("") - return "", err - } - - // Cache the result - s.updateCache(key) - return key, nil -} - -// readFromFile reads the Amp API key from the secrets file -func (s *MultiSourceSecret) readFromFile() (string, error) { - content, err := os.ReadFile(s.filePath) - if err != nil { - if os.IsNotExist(err) { - return "", nil // Missing file is not an error, just no key available - } - return "", fmt.Errorf("failed to read amp secrets from %s: %w", s.filePath, err) - } - - var secrets map[string]string - if err := json.Unmarshal(content, &secrets); err != nil { - return "", fmt.Errorf("failed to parse amp secrets from %s: %w", s.filePath, err) - } - - key := strings.TrimSpace(secrets["apiKey@https://ampcode.com/"]) - return key, nil -} - -// updateCache updates the cached secret value -func (s *MultiSourceSecret) updateCache(value string) { - s.mu.Lock() - defer s.mu.Unlock() - s.cache = &cachedSecret{ - value: value, - expiresAt: time.Now().Add(s.cacheTTL), - } -} - -// InvalidateCache clears the cached secret, forcing a fresh read on next Get -func (s *MultiSourceSecret) InvalidateCache() { - s.mu.Lock() - defer s.mu.Unlock() - s.cache = nil -} - -// UpdateExplicitKey refreshes the config-provided key and clears cache. -func (s *MultiSourceSecret) UpdateExplicitKey(key string) { - if s == nil { - return - } - s.mu.Lock() - s.explicitKey = strings.TrimSpace(key) - s.cache = nil - s.mu.Unlock() -} - -// StaticSecretSource returns a fixed API key (for testing) -type StaticSecretSource struct { - key string -} - -// NewStaticSecretSource creates a secret source with a fixed key -func NewStaticSecretSource(key string) *StaticSecretSource { - return &StaticSecretSource{key: strings.TrimSpace(key)} -} - -// Get returns the static API key -func (s *StaticSecretSource) Get(ctx context.Context) (string, error) { - return s.key, nil -} - -// MappedSecretSource wraps a default SecretSource and adds per-client API key mapping. -// When a request context contains a client API key that matches a configured mapping, -// the corresponding upstream key is returned. Otherwise, falls back to the default source. -type MappedSecretSource struct { - defaultSource SecretSource - mu sync.RWMutex - lookup map[string]string // clientKey -> upstreamKey -} - -// NewMappedSecretSource creates a MappedSecretSource wrapping the given default source. -func NewMappedSecretSource(defaultSource SecretSource) *MappedSecretSource { - return &MappedSecretSource{ - defaultSource: defaultSource, - lookup: make(map[string]string), - } -} - -// Get retrieves the Amp API key, checking per-client mappings first. -// If the request context contains a client API key that matches a configured mapping, -// returns the corresponding upstream key. Otherwise, falls back to the default source. -func (s *MappedSecretSource) Get(ctx context.Context) (string, error) { - // Try to get client API key from request context - clientKey := getClientAPIKeyFromContext(ctx) - if clientKey != "" { - s.mu.RLock() - if upstreamKey, ok := s.lookup[clientKey]; ok && upstreamKey != "" { - s.mu.RUnlock() - return upstreamKey, nil - } - s.mu.RUnlock() - } - - // Fall back to default source - return s.defaultSource.Get(ctx) -} - -// UpdateMappings rebuilds the client-to-upstream key mapping from configuration entries. -// If the same client key appears in multiple entries, logs a warning and uses the first one. -func (s *MappedSecretSource) UpdateMappings(entries []config.AmpUpstreamAPIKeyEntry) { - newLookup := make(map[string]string) - - for _, entry := range entries { - upstreamKey := strings.TrimSpace(entry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - for _, clientKey := range entry.APIKeys { - trimmedKey := strings.TrimSpace(clientKey) - if trimmedKey == "" { - continue - } - if _, exists := newLookup[trimmedKey]; exists { - // Log warning for duplicate client key, first one wins - log.Warnf("amp upstream-api-keys: client API key appears in multiple entries; using first mapping.") - continue - } - newLookup[trimmedKey] = upstreamKey - } - } - - s.mu.Lock() - s.lookup = newLookup - s.mu.Unlock() -} - -// UpdateDefaultExplicitKey updates the explicit key on the underlying MultiSourceSecret (if applicable). -func (s *MappedSecretSource) UpdateDefaultExplicitKey(key string) { - if ms, ok := s.defaultSource.(*MultiSourceSecret); ok { - ms.UpdateExplicitKey(key) - } -} - -// InvalidateCache invalidates cache on the underlying MultiSourceSecret (if applicable). -func (s *MappedSecretSource) InvalidateCache() { - if ms, ok := s.defaultSource.(*MultiSourceSecret); ok { - ms.InvalidateCache() - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/amp/secret_test.go b/.worktrees/config/m/config-build/active/internal/api/modules/amp/secret_test.go deleted file mode 100644 index 6a6f6ba265..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/amp/secret_test.go +++ /dev/null @@ -1,366 +0,0 @@ -package amp - -import ( - "context" - "encoding/json" - "os" - "path/filepath" - "sync" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - log "github.com/sirupsen/logrus" - "github.com/sirupsen/logrus/hooks/test" -) - -func TestMultiSourceSecret_PrecedenceOrder(t *testing.T) { - ctx := context.Background() - - cases := []struct { - name string - configKey string - envKey string - fileJSON string - want string - }{ - {"config_wins", "cfg", "env", `{"apiKey@https://ampcode.com/":"file"}`, "cfg"}, - {"env_wins_when_no_cfg", "", "env", `{"apiKey@https://ampcode.com/":"file"}`, "env"}, - {"file_when_no_cfg_env", "", "", `{"apiKey@https://ampcode.com/":"file"}`, "file"}, - {"empty_cfg_trims_then_env", " ", "env", `{"apiKey@https://ampcode.com/":"file"}`, "env"}, - {"empty_env_then_file", "", " ", `{"apiKey@https://ampcode.com/":"file"}`, "file"}, - {"missing_file_returns_empty", "", "", "", ""}, - {"all_empty_returns_empty", " ", " ", `{"apiKey@https://ampcode.com/":" "}`, ""}, - } - - for _, tc := range cases { - tc := tc // capture range variable - t.Run(tc.name, func(t *testing.T) { - tmpDir := t.TempDir() - secretsPath := filepath.Join(tmpDir, "secrets.json") - - if tc.fileJSON != "" { - if err := os.WriteFile(secretsPath, []byte(tc.fileJSON), 0600); err != nil { - t.Fatal(err) - } - } - - t.Setenv("AMP_API_KEY", tc.envKey) - - s := NewMultiSourceSecretWithPath(tc.configKey, secretsPath, 100*time.Millisecond) - got, err := s.Get(ctx) - if err != nil && tc.fileJSON != "" && json.Valid([]byte(tc.fileJSON)) { - t.Fatalf("unexpected error: %v", err) - } - if got != tc.want { - t.Fatalf("want %q, got %q", tc.want, got) - } - }) - } -} - -func TestMultiSourceSecret_CacheBehavior(t *testing.T) { - ctx := context.Background() - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - - // Initial value - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v1"}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 50*time.Millisecond) - - // First read - should return v1 - got1, err := s.Get(ctx) - if err != nil { - t.Fatalf("Get failed: %v", err) - } - if got1 != "v1" { - t.Fatalf("expected v1, got %s", got1) - } - - // Change file; within TTL we should still see v1 (cached) - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v2"}`), 0600); err != nil { - t.Fatal(err) - } - got2, _ := s.Get(ctx) - if got2 != "v1" { - t.Fatalf("cache hit expected v1, got %s", got2) - } - - // After TTL expires, should see v2 - time.Sleep(60 * time.Millisecond) - got3, _ := s.Get(ctx) - if got3 != "v2" { - t.Fatalf("cache miss expected v2, got %s", got3) - } - - // Invalidate forces re-read immediately - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v3"}`), 0600); err != nil { - t.Fatal(err) - } - s.InvalidateCache() - got4, _ := s.Get(ctx) - if got4 != "v3" { - t.Fatalf("invalidate expected v3, got %s", got4) - } -} - -func TestMultiSourceSecret_FileHandling(t *testing.T) { - ctx := context.Background() - - t.Run("missing_file_no_error", func(t *testing.T) { - s := NewMultiSourceSecretWithPath("", "/nonexistent/path/secrets.json", 100*time.Millisecond) - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("expected no error for missing file, got: %v", err) - } - if got != "" { - t.Fatalf("expected empty string, got %q", got) - } - }) - - t.Run("invalid_json", func(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{invalid json`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - _, err := s.Get(ctx) - if err == nil { - t.Fatal("expected error for invalid JSON") - } - }) - - t.Run("missing_key_in_json", func(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"other":"value"}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "" { - t.Fatalf("expected empty string for missing key, got %q", got) - } - }) - - t.Run("empty_key_value", func(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":" "}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - got, _ := s.Get(ctx) - if got != "" { - t.Fatalf("expected empty after trim, got %q", got) - } - }) -} - -func TestMultiSourceSecret_Concurrency(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"concurrent"}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 5*time.Second) - ctx := context.Background() - - // Spawn many goroutines calling Get concurrently - const goroutines = 50 - const iterations = 100 - - var wg sync.WaitGroup - errors := make(chan error, goroutines) - - for i := 0; i < goroutines; i++ { - wg.Add(1) - go func() { - defer wg.Done() - for j := 0; j < iterations; j++ { - val, err := s.Get(ctx) - if err != nil { - errors <- err - return - } - if val != "concurrent" { - errors <- err - return - } - } - }() - } - - wg.Wait() - close(errors) - - for err := range errors { - t.Errorf("concurrency error: %v", err) - } -} - -func TestStaticSecretSource(t *testing.T) { - ctx := context.Background() - - t.Run("returns_provided_key", func(t *testing.T) { - s := NewStaticSecretSource("test-key-123") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "test-key-123" { - t.Fatalf("want test-key-123, got %q", got) - } - }) - - t.Run("trims_whitespace", func(t *testing.T) { - s := NewStaticSecretSource(" test-key ") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "test-key" { - t.Fatalf("want test-key, got %q", got) - } - }) - - t.Run("empty_string", func(t *testing.T) { - s := NewStaticSecretSource("") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "" { - t.Fatalf("want empty string, got %q", got) - } - }) -} - -func TestMultiSourceSecret_CacheEmptyResult(t *testing.T) { - // Test that missing file results are cached to avoid repeated file reads - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "nonexistent.json") - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - ctx := context.Background() - - // First call - file doesn't exist, should cache empty result - got1, err := s.Get(ctx) - if err != nil { - t.Fatalf("expected no error for missing file, got: %v", err) - } - if got1 != "" { - t.Fatalf("expected empty string, got %q", got1) - } - - // Create the file now - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"new-value"}`), 0600); err != nil { - t.Fatal(err) - } - - // Second call - should still return empty (cached), not read the new file - got2, _ := s.Get(ctx) - if got2 != "" { - t.Fatalf("cache should return empty, got %q", got2) - } - - // After TTL expires, should see the new value - time.Sleep(110 * time.Millisecond) - got3, _ := s.Get(ctx) - if got3 != "new-value" { - t.Fatalf("after cache expiry, expected new-value, got %q", got3) - } -} - -func TestMappedSecretSource_UsesMappingFromContext(t *testing.T) { - defaultSource := NewStaticSecretSource("default") - s := NewMappedSecretSource(defaultSource) - s.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - ctx := context.WithValue(context.Background(), clientAPIKeyContextKey{}, "k1") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "u1" { - t.Fatalf("want u1, got %q", got) - } - - ctx = context.WithValue(context.Background(), clientAPIKeyContextKey{}, "k2") - got, err = s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "default" { - t.Fatalf("want default fallback, got %q", got) - } -} - -func TestMappedSecretSource_DuplicateClientKey_FirstWins(t *testing.T) { - defaultSource := NewStaticSecretSource("default") - s := NewMappedSecretSource(defaultSource) - s.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - { - UpstreamAPIKey: "u2", - APIKeys: []string{"k1"}, - }, - }) - - ctx := context.WithValue(context.Background(), clientAPIKeyContextKey{}, "k1") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "u1" { - t.Fatalf("want u1 (first wins), got %q", got) - } -} - -func TestMappedSecretSource_DuplicateClientKey_LogsWarning(t *testing.T) { - hook := test.NewLocal(log.StandardLogger()) - defer hook.Reset() - - defaultSource := NewStaticSecretSource("default") - s := NewMappedSecretSource(defaultSource) - s.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - { - UpstreamAPIKey: "u2", - APIKeys: []string{"k1"}, - }, - }) - - foundWarning := false - for _, entry := range hook.AllEntries() { - if entry.Level == log.WarnLevel && entry.Message == "amp upstream-api-keys: client API key appears in multiple entries; using first mapping." { - foundWarning = true - break - } - } - if !foundWarning { - t.Fatal("expected warning log for duplicate client key, but none was found") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/modules/modules.go b/.worktrees/config/m/config-build/active/internal/api/modules/modules.go deleted file mode 100644 index 8c5447d96d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/modules/modules.go +++ /dev/null @@ -1,92 +0,0 @@ -// Package modules provides a pluggable routing module system for extending -// the API server with optional features without modifying core routing logic. -package modules - -import ( - "fmt" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" -) - -// Context encapsulates the dependencies exposed to routing modules during -// registration. Modules can use the Gin engine to attach routes, the shared -// BaseAPIHandler for constructing SDK-specific handlers, and the resolved -// authentication middleware for protecting routes that require API keys. -type Context struct { - Engine *gin.Engine - BaseHandler *handlers.BaseAPIHandler - Config *config.Config - AuthMiddleware gin.HandlerFunc -} - -// RouteModule represents a pluggable routing module that can register routes -// and handle configuration updates independently of the core server. -// -// DEPRECATED: Use RouteModuleV2 for new modules. This interface is kept for -// backwards compatibility and will be removed in a future version. -type RouteModule interface { - // Name returns a human-readable identifier for the module - Name() string - - // Register sets up routes and handlers for this module. - // It receives the Gin engine, base handlers, and current configuration. - // Returns an error if registration fails (errors are logged but don't stop the server). - Register(engine *gin.Engine, baseHandler *handlers.BaseAPIHandler, cfg *config.Config) error - - // OnConfigUpdated is called when the configuration is reloaded. - // Modules can respond to configuration changes here. - // Returns an error if the update cannot be applied. - OnConfigUpdated(cfg *config.Config) error -} - -// RouteModuleV2 represents a pluggable bundle of routes that can integrate with -// the API server without modifying its core routing logic. Implementations can -// attach routes during Register and react to configuration updates via -// OnConfigUpdated. -// -// This is the preferred interface for new modules. It uses Context for cleaner -// dependency injection and supports idempotent registration. -type RouteModuleV2 interface { - // Name returns a unique identifier for logging and diagnostics. - Name() string - - // Register wires the module's routes into the provided Gin engine. Modules - // should treat multiple calls as idempotent and avoid duplicate route - // registration when invoked more than once. - Register(ctx Context) error - - // OnConfigUpdated notifies the module when the server configuration changes - // via hot reload. Implementations can refresh cached state or emit warnings. - OnConfigUpdated(cfg *config.Config) error -} - -// RegisterModule is a helper that registers a module using either the V1 or V2 -// interface. This allows gradual migration from V1 to V2 without breaking -// existing modules. -// -// Example usage: -// -// ctx := modules.Context{ -// Engine: engine, -// BaseHandler: baseHandler, -// Config: cfg, -// AuthMiddleware: authMiddleware, -// } -// if err := modules.RegisterModule(ctx, ampModule); err != nil { -// log.Errorf("Failed to register module: %v", err) -// } -func RegisterModule(ctx Context, mod interface{}) error { - // Try V2 interface first (preferred) - if v2, ok := mod.(RouteModuleV2); ok { - return v2.Register(ctx) - } - - // Fall back to V1 interface for backwards compatibility - if v1, ok := mod.(RouteModule); ok { - return v1.Register(ctx.Engine, ctx.BaseHandler, ctx.Config) - } - - return fmt.Errorf("unsupported module type %T (must implement RouteModule or RouteModuleV2)", mod) -} diff --git a/.worktrees/config/m/config-build/active/internal/api/server.go b/.worktrees/config/m/config-build/active/internal/api/server.go deleted file mode 100644 index 98041b8be4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/server.go +++ /dev/null @@ -1,1074 +0,0 @@ -// Package api provides the HTTP API server implementation for the CLI Proxy API. -// It includes the main server struct, routing setup, middleware for CORS and authentication, -// and integration with various AI API handlers (OpenAI, Claude, Gemini). -// The server supports hot-reloading of clients and configuration. -package api - -import ( - "context" - "crypto/subtle" - "errors" - "fmt" - "net/http" - "os" - "path/filepath" - "reflect" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/access" - managementHandlers "github.com/router-for-me/CLIProxyAPI/v6/internal/api/handlers/management" - "github.com/router-for-me/CLIProxyAPI/v6/internal/api/middleware" - "github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules" - ampmodule "github.com/router-for-me/CLIProxyAPI/v6/internal/api/modules/amp" - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - "github.com/router-for-me/CLIProxyAPI/v6/internal/managementasset" - "github.com/router-for-me/CLIProxyAPI/v6/internal/usage" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/claude" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/gemini" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers/openai" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" -) - -const oauthCallbackSuccessHTML = `Authentication successful

Authentication successful!

You can close this window.

This window will close automatically in 5 seconds.

` - -type serverOptionConfig struct { - extraMiddleware []gin.HandlerFunc - engineConfigurator func(*gin.Engine) - routerConfigurator func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config) - requestLoggerFactory func(*config.Config, string) logging.RequestLogger - localPassword string - keepAliveEnabled bool - keepAliveTimeout time.Duration - keepAliveOnTimeout func() -} - -// ServerOption customises HTTP server construction. -type ServerOption func(*serverOptionConfig) - -func defaultRequestLoggerFactory(cfg *config.Config, configPath string) logging.RequestLogger { - configDir := filepath.Dir(configPath) - if base := util.WritablePath(); base != "" { - return logging.NewFileRequestLogger(cfg.RequestLog, filepath.Join(base, "logs"), configDir, cfg.ErrorLogsMaxFiles) - } - return logging.NewFileRequestLogger(cfg.RequestLog, "logs", configDir, cfg.ErrorLogsMaxFiles) -} - -// WithMiddleware appends additional Gin middleware during server construction. -func WithMiddleware(mw ...gin.HandlerFunc) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.extraMiddleware = append(cfg.extraMiddleware, mw...) - } -} - -// WithEngineConfigurator allows callers to mutate the Gin engine prior to middleware setup. -func WithEngineConfigurator(fn func(*gin.Engine)) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.engineConfigurator = fn - } -} - -// WithRouterConfigurator appends a callback after default routes are registered. -func WithRouterConfigurator(fn func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config)) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.routerConfigurator = fn - } -} - -// WithLocalManagementPassword stores a runtime-only management password accepted for localhost requests. -func WithLocalManagementPassword(password string) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.localPassword = password - } -} - -// WithKeepAliveEndpoint enables a keep-alive endpoint with the provided timeout and callback. -func WithKeepAliveEndpoint(timeout time.Duration, onTimeout func()) ServerOption { - return func(cfg *serverOptionConfig) { - if timeout <= 0 || onTimeout == nil { - return - } - cfg.keepAliveEnabled = true - cfg.keepAliveTimeout = timeout - cfg.keepAliveOnTimeout = onTimeout - } -} - -// WithRequestLoggerFactory customises request logger creation. -func WithRequestLoggerFactory(factory func(*config.Config, string) logging.RequestLogger) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.requestLoggerFactory = factory - } -} - -// Server represents the main API server. -// It encapsulates the Gin engine, HTTP server, handlers, and configuration. -type Server struct { - // engine is the Gin web framework engine instance. - engine *gin.Engine - - // server is the underlying HTTP server. - server *http.Server - - // handlers contains the API handlers for processing requests. - handlers *handlers.BaseAPIHandler - - // cfg holds the current server configuration. - cfg *config.Config - - // oldConfigYaml stores a YAML snapshot of the previous configuration for change detection. - // This prevents issues when the config object is modified in place by Management API. - oldConfigYaml []byte - - // accessManager handles request authentication providers. - accessManager *sdkaccess.Manager - - // requestLogger is the request logger instance for dynamic configuration updates. - requestLogger logging.RequestLogger - loggerToggle func(bool) - - // configFilePath is the absolute path to the YAML config file for persistence. - configFilePath string - - // currentPath is the absolute path to the current working directory. - currentPath string - - // wsRoutes tracks registered websocket upgrade paths. - wsRouteMu sync.Mutex - wsRoutes map[string]struct{} - wsAuthChanged func(bool, bool) - wsAuthEnabled atomic.Bool - - // management handler - mgmt *managementHandlers.Handler - - // ampModule is the Amp routing module for model mapping hot-reload - ampModule *ampmodule.AmpModule - - // managementRoutesRegistered tracks whether the management routes have been attached to the engine. - managementRoutesRegistered atomic.Bool - // managementRoutesEnabled controls whether management endpoints serve real handlers. - managementRoutesEnabled atomic.Bool - - // envManagementSecret indicates whether MANAGEMENT_PASSWORD is configured. - envManagementSecret bool - - localPassword string - - keepAliveEnabled bool - keepAliveTimeout time.Duration - keepAliveOnTimeout func() - keepAliveHeartbeat chan struct{} - keepAliveStop chan struct{} -} - -// NewServer creates and initializes a new API server instance. -// It sets up the Gin engine, middleware, routes, and handlers. -// -// Parameters: -// - cfg: The server configuration -// - authManager: core runtime auth manager -// - accessManager: request authentication manager -// -// Returns: -// - *Server: A new server instance -func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdkaccess.Manager, configFilePath string, opts ...ServerOption) *Server { - optionState := &serverOptionConfig{ - requestLoggerFactory: defaultRequestLoggerFactory, - } - for i := range opts { - opts[i](optionState) - } - // Set gin mode - if !cfg.Debug { - gin.SetMode(gin.ReleaseMode) - } - - // Create gin engine - engine := gin.New() - if optionState.engineConfigurator != nil { - optionState.engineConfigurator(engine) - } - - // Add middleware - engine.Use(logging.GinLogrusLogger()) - engine.Use(logging.GinLogrusRecovery()) - for _, mw := range optionState.extraMiddleware { - engine.Use(mw) - } - - // Add request logging middleware (positioned after recovery, before auth) - // Resolve logs directory relative to the configuration file directory. - var requestLogger logging.RequestLogger - var toggle func(bool) - if !cfg.CommercialMode { - if optionState.requestLoggerFactory != nil { - requestLogger = optionState.requestLoggerFactory(cfg, configFilePath) - } - if requestLogger != nil { - engine.Use(middleware.RequestLoggingMiddleware(requestLogger)) - if setter, ok := requestLogger.(interface{ SetEnabled(bool) }); ok { - toggle = setter.SetEnabled - } - } - } - - engine.Use(corsMiddleware()) - wd, err := os.Getwd() - if err != nil { - wd = configFilePath - } - - envAdminPassword, envAdminPasswordSet := os.LookupEnv("MANAGEMENT_PASSWORD") - envAdminPassword = strings.TrimSpace(envAdminPassword) - envManagementSecret := envAdminPasswordSet && envAdminPassword != "" - - // Create server instance - s := &Server{ - engine: engine, - handlers: handlers.NewBaseAPIHandlers(&cfg.SDKConfig, authManager), - cfg: cfg, - accessManager: accessManager, - requestLogger: requestLogger, - loggerToggle: toggle, - configFilePath: configFilePath, - currentPath: wd, - envManagementSecret: envManagementSecret, - wsRoutes: make(map[string]struct{}), - } - s.wsAuthEnabled.Store(cfg.WebsocketAuth) - // Save initial YAML snapshot - s.oldConfigYaml, _ = yaml.Marshal(cfg) - s.applyAccessConfig(nil, cfg) - if authManager != nil { - authManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second) - } - managementasset.SetCurrentConfig(cfg) - auth.SetQuotaCooldownDisabled(cfg.DisableCooling) - // Initialize management handler - s.mgmt = managementHandlers.NewHandler(cfg, configFilePath, authManager) - if optionState.localPassword != "" { - s.mgmt.SetLocalPassword(optionState.localPassword) - } - logDir := logging.ResolveLogDirectory(cfg) - s.mgmt.SetLogDirectory(logDir) - s.localPassword = optionState.localPassword - - // Setup routes - s.setupRoutes() - - // Register Amp module using V2 interface with Context - s.ampModule = ampmodule.NewLegacy(accessManager, AuthMiddleware(accessManager)) - ctx := modules.Context{ - Engine: engine, - BaseHandler: s.handlers, - Config: cfg, - AuthMiddleware: AuthMiddleware(accessManager), - } - if err := modules.RegisterModule(ctx, s.ampModule); err != nil { - log.Errorf("Failed to register Amp module: %v", err) - } - - // Apply additional router configurators from options - if optionState.routerConfigurator != nil { - optionState.routerConfigurator(engine, s.handlers, cfg) - } - - // Register management routes when configuration or environment secrets are available, - // or when a local management password is provided (e.g. TUI mode). - hasManagementSecret := cfg.RemoteManagement.SecretKey != "" || envManagementSecret || s.localPassword != "" - s.managementRoutesEnabled.Store(hasManagementSecret) - if hasManagementSecret { - s.registerManagementRoutes() - } - - // === CLIProxyAPIPlus 扩展: 注册 Kiro OAuth Web 路由 === - kiroOAuthHandler := kiro.NewOAuthWebHandler(cfg) - kiroOAuthHandler.RegisterRoutes(engine) - log.Info("Kiro OAuth Web routes registered at /v0/oauth/kiro/*") - - if optionState.keepAliveEnabled { - s.enableKeepAlive(optionState.keepAliveTimeout, optionState.keepAliveOnTimeout) - } - - // Create HTTP server - s.server = &http.Server{ - Addr: fmt.Sprintf("%s:%d", cfg.Host, cfg.Port), - Handler: engine, - } - - return s -} - -// setupRoutes configures the API routes for the server. -// It defines the endpoints and associates them with their respective handlers. -func (s *Server) setupRoutes() { - s.engine.GET("/management.html", s.serveManagementControlPanel) - openaiHandlers := openai.NewOpenAIAPIHandler(s.handlers) - geminiHandlers := gemini.NewGeminiAPIHandler(s.handlers) - geminiCLIHandlers := gemini.NewGeminiCLIAPIHandler(s.handlers) - claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(s.handlers) - openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(s.handlers) - - // OpenAI compatible API routes - v1 := s.engine.Group("/v1") - v1.Use(AuthMiddleware(s.accessManager)) - { - v1.GET("/models", s.unifiedModelsHandler(openaiHandlers, claudeCodeHandlers)) - v1.POST("/chat/completions", openaiHandlers.ChatCompletions) - v1.POST("/completions", openaiHandlers.Completions) - v1.POST("/messages", claudeCodeHandlers.ClaudeMessages) - v1.POST("/messages/count_tokens", claudeCodeHandlers.ClaudeCountTokens) - v1.GET("/responses", openaiResponsesHandlers.ResponsesWebsocket) - v1.POST("/responses", openaiResponsesHandlers.Responses) - v1.POST("/responses/compact", openaiResponsesHandlers.Compact) - } - - // Gemini compatible API routes - v1beta := s.engine.Group("/v1beta") - v1beta.Use(AuthMiddleware(s.accessManager)) - { - v1beta.GET("/models", geminiHandlers.GeminiModels) - v1beta.POST("/models/*action", geminiHandlers.GeminiHandler) - v1beta.GET("/models/*action", geminiHandlers.GeminiGetHandler) - } - - // Root endpoint - s.engine.GET("/", func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{ - "message": "CLI Proxy API Server", - "endpoints": []string{ - "POST /v1/chat/completions", - "POST /v1/completions", - "GET /v1/models", - }, - }) - }) - - // Event logging endpoint - handles Claude Code telemetry requests - // Returns 200 OK to prevent 404 errors in logs - s.engine.POST("/api/event_logging/batch", func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - }) - s.engine.POST("/v1internal:method", geminiCLIHandlers.CLIHandler) - - // OAuth callback endpoints (reuse main server port) - // These endpoints receive provider redirects and persist - // the short-lived code/state for the waiting goroutine. - s.engine.GET("/anthropic/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "anthropic", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/codex/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "codex", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/google/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "gemini", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/iflow/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "iflow", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/antigravity/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "antigravity", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/kiro/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "kiro", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - // Management routes are registered lazily by registerManagementRoutes when a secret is configured. -} - -// AttachWebsocketRoute registers a websocket upgrade handler on the primary Gin engine. -// The handler is served as-is without additional middleware beyond the standard stack already configured. -func (s *Server) AttachWebsocketRoute(path string, handler http.Handler) { - if s == nil || s.engine == nil || handler == nil { - return - } - trimmed := strings.TrimSpace(path) - if trimmed == "" { - trimmed = "/v1/ws" - } - if !strings.HasPrefix(trimmed, "/") { - trimmed = "/" + trimmed - } - s.wsRouteMu.Lock() - if _, exists := s.wsRoutes[trimmed]; exists { - s.wsRouteMu.Unlock() - return - } - s.wsRoutes[trimmed] = struct{}{} - s.wsRouteMu.Unlock() - - authMiddleware := AuthMiddleware(s.accessManager) - conditionalAuth := func(c *gin.Context) { - if !s.wsAuthEnabled.Load() { - c.Next() - return - } - authMiddleware(c) - } - finalHandler := func(c *gin.Context) { - handler.ServeHTTP(c.Writer, c.Request) - c.Abort() - } - - s.engine.GET(trimmed, conditionalAuth, finalHandler) -} - -func (s *Server) registerManagementRoutes() { - if s == nil || s.engine == nil || s.mgmt == nil { - return - } - if !s.managementRoutesRegistered.CompareAndSwap(false, true) { - return - } - - log.Info("management routes registered after secret key configuration") - - mgmt := s.engine.Group("/v0/management") - mgmt.Use(s.managementAvailabilityMiddleware(), s.mgmt.Middleware()) - { - mgmt.GET("/usage", s.mgmt.GetUsageStatistics) - mgmt.GET("/usage/export", s.mgmt.ExportUsageStatistics) - mgmt.POST("/usage/import", s.mgmt.ImportUsageStatistics) - mgmt.GET("/config", s.mgmt.GetConfig) - mgmt.GET("/config.yaml", s.mgmt.GetConfigYAML) - mgmt.PUT("/config.yaml", s.mgmt.PutConfigYAML) - mgmt.GET("/latest-version", s.mgmt.GetLatestVersion) - - mgmt.GET("/debug", s.mgmt.GetDebug) - mgmt.PUT("/debug", s.mgmt.PutDebug) - mgmt.PATCH("/debug", s.mgmt.PutDebug) - - mgmt.GET("/logging-to-file", s.mgmt.GetLoggingToFile) - mgmt.PUT("/logging-to-file", s.mgmt.PutLoggingToFile) - mgmt.PATCH("/logging-to-file", s.mgmt.PutLoggingToFile) - - mgmt.GET("/logs-max-total-size-mb", s.mgmt.GetLogsMaxTotalSizeMB) - mgmt.PUT("/logs-max-total-size-mb", s.mgmt.PutLogsMaxTotalSizeMB) - mgmt.PATCH("/logs-max-total-size-mb", s.mgmt.PutLogsMaxTotalSizeMB) - - mgmt.GET("/error-logs-max-files", s.mgmt.GetErrorLogsMaxFiles) - mgmt.PUT("/error-logs-max-files", s.mgmt.PutErrorLogsMaxFiles) - mgmt.PATCH("/error-logs-max-files", s.mgmt.PutErrorLogsMaxFiles) - - mgmt.GET("/usage-statistics-enabled", s.mgmt.GetUsageStatisticsEnabled) - mgmt.PUT("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled) - mgmt.PATCH("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled) - - mgmt.GET("/proxy-url", s.mgmt.GetProxyURL) - mgmt.PUT("/proxy-url", s.mgmt.PutProxyURL) - mgmt.PATCH("/proxy-url", s.mgmt.PutProxyURL) - mgmt.DELETE("/proxy-url", s.mgmt.DeleteProxyURL) - - mgmt.POST("/api-call", s.mgmt.APICall) - - mgmt.GET("/quota-exceeded/switch-project", s.mgmt.GetSwitchProject) - mgmt.PUT("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject) - mgmt.PATCH("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject) - - mgmt.GET("/quota-exceeded/switch-preview-model", s.mgmt.GetSwitchPreviewModel) - mgmt.PUT("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel) - mgmt.PATCH("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel) - - mgmt.GET("/api-keys", s.mgmt.GetAPIKeys) - mgmt.PUT("/api-keys", s.mgmt.PutAPIKeys) - mgmt.PATCH("/api-keys", s.mgmt.PatchAPIKeys) - mgmt.DELETE("/api-keys", s.mgmt.DeleteAPIKeys) - - mgmt.GET("/gemini-api-key", s.mgmt.GetGeminiKeys) - mgmt.PUT("/gemini-api-key", s.mgmt.PutGeminiKeys) - mgmt.PATCH("/gemini-api-key", s.mgmt.PatchGeminiKey) - mgmt.DELETE("/gemini-api-key", s.mgmt.DeleteGeminiKey) - - mgmt.GET("/logs", s.mgmt.GetLogs) - mgmt.DELETE("/logs", s.mgmt.DeleteLogs) - mgmt.GET("/request-error-logs", s.mgmt.GetRequestErrorLogs) - mgmt.GET("/request-error-logs/:name", s.mgmt.DownloadRequestErrorLog) - mgmt.GET("/request-log-by-id/:id", s.mgmt.GetRequestLogByID) - mgmt.GET("/request-log", s.mgmt.GetRequestLog) - mgmt.PUT("/request-log", s.mgmt.PutRequestLog) - mgmt.PATCH("/request-log", s.mgmt.PutRequestLog) - mgmt.GET("/ws-auth", s.mgmt.GetWebsocketAuth) - mgmt.PUT("/ws-auth", s.mgmt.PutWebsocketAuth) - mgmt.PATCH("/ws-auth", s.mgmt.PutWebsocketAuth) - - mgmt.GET("/ampcode", s.mgmt.GetAmpCode) - mgmt.GET("/ampcode/upstream-url", s.mgmt.GetAmpUpstreamURL) - mgmt.PUT("/ampcode/upstream-url", s.mgmt.PutAmpUpstreamURL) - mgmt.PATCH("/ampcode/upstream-url", s.mgmt.PutAmpUpstreamURL) - mgmt.DELETE("/ampcode/upstream-url", s.mgmt.DeleteAmpUpstreamURL) - mgmt.GET("/ampcode/upstream-api-key", s.mgmt.GetAmpUpstreamAPIKey) - mgmt.PUT("/ampcode/upstream-api-key", s.mgmt.PutAmpUpstreamAPIKey) - mgmt.PATCH("/ampcode/upstream-api-key", s.mgmt.PutAmpUpstreamAPIKey) - mgmt.DELETE("/ampcode/upstream-api-key", s.mgmt.DeleteAmpUpstreamAPIKey) - mgmt.GET("/ampcode/restrict-management-to-localhost", s.mgmt.GetAmpRestrictManagementToLocalhost) - mgmt.PUT("/ampcode/restrict-management-to-localhost", s.mgmt.PutAmpRestrictManagementToLocalhost) - mgmt.PATCH("/ampcode/restrict-management-to-localhost", s.mgmt.PutAmpRestrictManagementToLocalhost) - mgmt.GET("/ampcode/model-mappings", s.mgmt.GetAmpModelMappings) - mgmt.PUT("/ampcode/model-mappings", s.mgmt.PutAmpModelMappings) - mgmt.PATCH("/ampcode/model-mappings", s.mgmt.PatchAmpModelMappings) - mgmt.DELETE("/ampcode/model-mappings", s.mgmt.DeleteAmpModelMappings) - mgmt.GET("/ampcode/force-model-mappings", s.mgmt.GetAmpForceModelMappings) - mgmt.PUT("/ampcode/force-model-mappings", s.mgmt.PutAmpForceModelMappings) - mgmt.PATCH("/ampcode/force-model-mappings", s.mgmt.PutAmpForceModelMappings) - mgmt.GET("/ampcode/upstream-api-keys", s.mgmt.GetAmpUpstreamAPIKeys) - mgmt.PUT("/ampcode/upstream-api-keys", s.mgmt.PutAmpUpstreamAPIKeys) - mgmt.PATCH("/ampcode/upstream-api-keys", s.mgmt.PatchAmpUpstreamAPIKeys) - mgmt.DELETE("/ampcode/upstream-api-keys", s.mgmt.DeleteAmpUpstreamAPIKeys) - - mgmt.GET("/request-retry", s.mgmt.GetRequestRetry) - mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry) - mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry) - mgmt.GET("/max-retry-interval", s.mgmt.GetMaxRetryInterval) - mgmt.PUT("/max-retry-interval", s.mgmt.PutMaxRetryInterval) - mgmt.PATCH("/max-retry-interval", s.mgmt.PutMaxRetryInterval) - - mgmt.GET("/force-model-prefix", s.mgmt.GetForceModelPrefix) - mgmt.PUT("/force-model-prefix", s.mgmt.PutForceModelPrefix) - mgmt.PATCH("/force-model-prefix", s.mgmt.PutForceModelPrefix) - - mgmt.GET("/routing/strategy", s.mgmt.GetRoutingStrategy) - mgmt.PUT("/routing/strategy", s.mgmt.PutRoutingStrategy) - mgmt.PATCH("/routing/strategy", s.mgmt.PutRoutingStrategy) - - mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys) - mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys) - mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey) - mgmt.DELETE("/claude-api-key", s.mgmt.DeleteClaudeKey) - - mgmt.GET("/codex-api-key", s.mgmt.GetCodexKeys) - mgmt.PUT("/codex-api-key", s.mgmt.PutCodexKeys) - mgmt.PATCH("/codex-api-key", s.mgmt.PatchCodexKey) - mgmt.DELETE("/codex-api-key", s.mgmt.DeleteCodexKey) - - mgmt.GET("/openai-compatibility", s.mgmt.GetOpenAICompat) - mgmt.PUT("/openai-compatibility", s.mgmt.PutOpenAICompat) - mgmt.PATCH("/openai-compatibility", s.mgmt.PatchOpenAICompat) - mgmt.DELETE("/openai-compatibility", s.mgmt.DeleteOpenAICompat) - - mgmt.GET("/vertex-api-key", s.mgmt.GetVertexCompatKeys) - mgmt.PUT("/vertex-api-key", s.mgmt.PutVertexCompatKeys) - mgmt.PATCH("/vertex-api-key", s.mgmt.PatchVertexCompatKey) - mgmt.DELETE("/vertex-api-key", s.mgmt.DeleteVertexCompatKey) - - mgmt.GET("/oauth-excluded-models", s.mgmt.GetOAuthExcludedModels) - mgmt.PUT("/oauth-excluded-models", s.mgmt.PutOAuthExcludedModels) - mgmt.PATCH("/oauth-excluded-models", s.mgmt.PatchOAuthExcludedModels) - mgmt.DELETE("/oauth-excluded-models", s.mgmt.DeleteOAuthExcludedModels) - - mgmt.GET("/oauth-model-alias", s.mgmt.GetOAuthModelAlias) - mgmt.PUT("/oauth-model-alias", s.mgmt.PutOAuthModelAlias) - mgmt.PATCH("/oauth-model-alias", s.mgmt.PatchOAuthModelAlias) - mgmt.DELETE("/oauth-model-alias", s.mgmt.DeleteOAuthModelAlias) - - mgmt.GET("/auth-files", s.mgmt.ListAuthFiles) - mgmt.GET("/auth-files/models", s.mgmt.GetAuthFileModels) - mgmt.GET("/model-definitions/:channel", s.mgmt.GetStaticModelDefinitions) - mgmt.GET("/auth-files/download", s.mgmt.DownloadAuthFile) - mgmt.POST("/auth-files", s.mgmt.UploadAuthFile) - mgmt.DELETE("/auth-files", s.mgmt.DeleteAuthFile) - mgmt.PATCH("/auth-files/status", s.mgmt.PatchAuthFileStatus) - mgmt.PATCH("/auth-files/fields", s.mgmt.PatchAuthFileFields) - mgmt.POST("/vertex/import", s.mgmt.ImportVertexCredential) - - mgmt.GET("/anthropic-auth-url", s.mgmt.RequestAnthropicToken) - mgmt.GET("/codex-auth-url", s.mgmt.RequestCodexToken) - mgmt.GET("/gemini-cli-auth-url", s.mgmt.RequestGeminiCLIToken) - mgmt.GET("/antigravity-auth-url", s.mgmt.RequestAntigravityToken) - mgmt.GET("/qwen-auth-url", s.mgmt.RequestQwenToken) - mgmt.GET("/kilo-auth-url", s.mgmt.RequestKiloToken) - mgmt.GET("/kimi-auth-url", s.mgmt.RequestKimiToken) - mgmt.GET("/iflow-auth-url", s.mgmt.RequestIFlowToken) - mgmt.POST("/iflow-auth-url", s.mgmt.RequestIFlowCookieToken) - mgmt.GET("/kiro-auth-url", s.mgmt.RequestKiroToken) - mgmt.GET("/github-auth-url", s.mgmt.RequestGitHubToken) - mgmt.POST("/oauth-callback", s.mgmt.PostOAuthCallback) - mgmt.GET("/get-auth-status", s.mgmt.GetAuthStatus) - } -} - -func (s *Server) managementAvailabilityMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - if !s.managementRoutesEnabled.Load() { - c.AbortWithStatus(http.StatusNotFound) - return - } - c.Next() - } -} - -func (s *Server) serveManagementControlPanel(c *gin.Context) { - cfg := s.cfg - if cfg == nil || cfg.RemoteManagement.DisableControlPanel { - c.AbortWithStatus(http.StatusNotFound) - return - } - filePath := managementasset.FilePath(s.configFilePath) - if strings.TrimSpace(filePath) == "" { - c.AbortWithStatus(http.StatusNotFound) - return - } - - if _, err := os.Stat(filePath); err != nil { - if os.IsNotExist(err) { - // Synchronously ensure management.html is available with a detached context. - // Control panel bootstrap should not be canceled by client disconnects. - if !managementasset.EnsureLatestManagementHTML(context.Background(), managementasset.StaticDir(s.configFilePath), cfg.ProxyURL, cfg.RemoteManagement.PanelGitHubRepository) { - c.AbortWithStatus(http.StatusNotFound) - return - } - } else { - log.WithError(err).Error("failed to stat management control panel asset") - c.AbortWithStatus(http.StatusInternalServerError) - return - } - } - - c.File(filePath) -} - -func (s *Server) enableKeepAlive(timeout time.Duration, onTimeout func()) { - if timeout <= 0 || onTimeout == nil { - return - } - - s.keepAliveEnabled = true - s.keepAliveTimeout = timeout - s.keepAliveOnTimeout = onTimeout - s.keepAliveHeartbeat = make(chan struct{}, 1) - s.keepAliveStop = make(chan struct{}, 1) - - s.engine.GET("/keep-alive", s.handleKeepAlive) - - go s.watchKeepAlive() -} - -func (s *Server) handleKeepAlive(c *gin.Context) { - if s.localPassword != "" { - provided := strings.TrimSpace(c.GetHeader("Authorization")) - if provided != "" { - parts := strings.SplitN(provided, " ", 2) - if len(parts) == 2 && strings.EqualFold(parts[0], "bearer") { - provided = parts[1] - } - } - if provided == "" { - provided = strings.TrimSpace(c.GetHeader("X-Local-Password")) - } - if subtle.ConstantTimeCompare([]byte(provided), []byte(s.localPassword)) != 1 { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid password"}) - return - } - } - - s.signalKeepAlive() - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} - -func (s *Server) signalKeepAlive() { - if !s.keepAliveEnabled { - return - } - select { - case s.keepAliveHeartbeat <- struct{}{}: - default: - } -} - -func (s *Server) watchKeepAlive() { - if !s.keepAliveEnabled { - return - } - - timer := time.NewTimer(s.keepAliveTimeout) - defer timer.Stop() - - for { - select { - case <-timer.C: - log.Warnf("keep-alive endpoint idle for %s, shutting down", s.keepAliveTimeout) - if s.keepAliveOnTimeout != nil { - s.keepAliveOnTimeout() - } - return - case <-s.keepAliveHeartbeat: - if !timer.Stop() { - select { - case <-timer.C: - default: - } - } - timer.Reset(s.keepAliveTimeout) - case <-s.keepAliveStop: - return - } - } -} - -// unifiedModelsHandler creates a unified handler for the /v1/models endpoint -// that routes to different handlers based on the User-Agent header. -// If User-Agent starts with "claude-cli", it routes to Claude handler, -// otherwise it routes to OpenAI handler. -func (s *Server) unifiedModelsHandler(openaiHandler *openai.OpenAIAPIHandler, claudeHandler *claude.ClaudeCodeAPIHandler) gin.HandlerFunc { - return func(c *gin.Context) { - userAgent := c.GetHeader("User-Agent") - - // Route to Claude handler if User-Agent starts with "claude-cli" - if strings.HasPrefix(userAgent, "claude-cli") { - // log.Debugf("Routing /v1/models to Claude handler for User-Agent: %s", userAgent) - claudeHandler.ClaudeModels(c) - } else { - // log.Debugf("Routing /v1/models to OpenAI handler for User-Agent: %s", userAgent) - openaiHandler.OpenAIModels(c) - } - } -} - -// Start begins listening for and serving HTTP or HTTPS requests. -// It's a blocking call and will only return on an unrecoverable error. -// -// Returns: -// - error: An error if the server fails to start -func (s *Server) Start() error { - if s == nil || s.server == nil { - return fmt.Errorf("failed to start HTTP server: server not initialized") - } - - useTLS := s.cfg != nil && s.cfg.TLS.Enable - if useTLS { - cert := strings.TrimSpace(s.cfg.TLS.Cert) - key := strings.TrimSpace(s.cfg.TLS.Key) - if cert == "" || key == "" { - return fmt.Errorf("failed to start HTTPS server: tls.cert or tls.key is empty") - } - log.Debugf("Starting API server on %s with TLS", s.server.Addr) - if errServeTLS := s.server.ListenAndServeTLS(cert, key); errServeTLS != nil && !errors.Is(errServeTLS, http.ErrServerClosed) { - return fmt.Errorf("failed to start HTTPS server: %v", errServeTLS) - } - return nil - } - - log.Debugf("Starting API server on %s", s.server.Addr) - if errServe := s.server.ListenAndServe(); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) { - return fmt.Errorf("failed to start HTTP server: %v", errServe) - } - - return nil -} - -// Stop gracefully shuts down the API server without interrupting any -// active connections. -// -// Parameters: -// - ctx: The context for graceful shutdown -// -// Returns: -// - error: An error if the server fails to stop -func (s *Server) Stop(ctx context.Context) error { - log.Debug("Stopping API server...") - - if s.keepAliveEnabled { - select { - case s.keepAliveStop <- struct{}{}: - default: - } - } - - // Shutdown the HTTP server. - if err := s.server.Shutdown(ctx); err != nil { - return fmt.Errorf("failed to shutdown HTTP server: %v", err) - } - - log.Debug("API server stopped") - return nil -} - -// corsMiddleware returns a Gin middleware handler that adds CORS headers -// to every response, allowing cross-origin requests. -// -// Returns: -// - gin.HandlerFunc: The CORS middleware handler -func corsMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - c.Header("Access-Control-Allow-Origin", "*") - c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS") - c.Header("Access-Control-Allow-Headers", "*") - - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(http.StatusNoContent) - return - } - - c.Next() - } -} - -func (s *Server) applyAccessConfig(oldCfg, newCfg *config.Config) { - if s == nil || s.accessManager == nil || newCfg == nil { - return - } - if _, err := access.ApplyAccessProviders(s.accessManager, oldCfg, newCfg); err != nil { - return - } -} - -// UpdateClients updates the server's client list and configuration. -// This method is called when the configuration or authentication tokens change. -// -// Parameters: -// - clients: The new slice of AI service clients -// - cfg: The new application configuration -func (s *Server) UpdateClients(cfg *config.Config) { - // Reconstruct old config from YAML snapshot to avoid reference sharing issues - var oldCfg *config.Config - if len(s.oldConfigYaml) > 0 { - _ = yaml.Unmarshal(s.oldConfigYaml, &oldCfg) - } - - // Update request logger enabled state if it has changed - previousRequestLog := false - if oldCfg != nil { - previousRequestLog = oldCfg.RequestLog - } - if s.requestLogger != nil && (oldCfg == nil || previousRequestLog != cfg.RequestLog) { - if s.loggerToggle != nil { - s.loggerToggle(cfg.RequestLog) - } else if toggler, ok := s.requestLogger.(interface{ SetEnabled(bool) }); ok { - toggler.SetEnabled(cfg.RequestLog) - } - } - - if oldCfg == nil || oldCfg.LoggingToFile != cfg.LoggingToFile || oldCfg.LogsMaxTotalSizeMB != cfg.LogsMaxTotalSizeMB { - if err := logging.ConfigureLogOutput(cfg); err != nil { - log.Errorf("failed to reconfigure log output: %v", err) - } - } - - if oldCfg == nil || oldCfg.UsageStatisticsEnabled != cfg.UsageStatisticsEnabled { - usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled) - } - - if s.requestLogger != nil && (oldCfg == nil || oldCfg.ErrorLogsMaxFiles != cfg.ErrorLogsMaxFiles) { - if setter, ok := s.requestLogger.(interface{ SetErrorLogsMaxFiles(int) }); ok { - setter.SetErrorLogsMaxFiles(cfg.ErrorLogsMaxFiles) - } - } - - if oldCfg == nil || oldCfg.DisableCooling != cfg.DisableCooling { - auth.SetQuotaCooldownDisabled(cfg.DisableCooling) - } - - if s.handlers != nil && s.handlers.AuthManager != nil { - s.handlers.AuthManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second) - } - - // Update log level dynamically when debug flag changes - if oldCfg == nil || oldCfg.Debug != cfg.Debug { - util.SetLogLevel(cfg) - } - - prevSecretEmpty := true - if oldCfg != nil { - prevSecretEmpty = oldCfg.RemoteManagement.SecretKey == "" - } - newSecretEmpty := cfg.RemoteManagement.SecretKey == "" - if s.envManagementSecret { - s.registerManagementRoutes() - if s.managementRoutesEnabled.CompareAndSwap(false, true) { - log.Info("management routes enabled via MANAGEMENT_PASSWORD") - } else { - s.managementRoutesEnabled.Store(true) - } - } else { - switch { - case prevSecretEmpty && !newSecretEmpty: - s.registerManagementRoutes() - if s.managementRoutesEnabled.CompareAndSwap(false, true) { - log.Info("management routes enabled after secret key update") - } else { - s.managementRoutesEnabled.Store(true) - } - case !prevSecretEmpty && newSecretEmpty: - if s.managementRoutesEnabled.CompareAndSwap(true, false) { - log.Info("management routes disabled after secret key removal") - } else { - s.managementRoutesEnabled.Store(false) - } - default: - s.managementRoutesEnabled.Store(!newSecretEmpty) - } - } - - s.applyAccessConfig(oldCfg, cfg) - s.cfg = cfg - s.wsAuthEnabled.Store(cfg.WebsocketAuth) - if oldCfg != nil && s.wsAuthChanged != nil && oldCfg.WebsocketAuth != cfg.WebsocketAuth { - s.wsAuthChanged(oldCfg.WebsocketAuth, cfg.WebsocketAuth) - } - managementasset.SetCurrentConfig(cfg) - // Save YAML snapshot for next comparison - s.oldConfigYaml, _ = yaml.Marshal(cfg) - - s.handlers.UpdateClients(&cfg.SDKConfig) - - if s.mgmt != nil { - s.mgmt.SetConfig(cfg) - s.mgmt.SetAuthManager(s.handlers.AuthManager) - } - - // Notify Amp module only when Amp config has changed. - ampConfigChanged := oldCfg == nil || !reflect.DeepEqual(oldCfg.AmpCode, cfg.AmpCode) - if ampConfigChanged { - if s.ampModule != nil { - log.Debugf("triggering amp module config update") - if err := s.ampModule.OnConfigUpdated(cfg); err != nil { - log.Errorf("failed to update Amp module config: %v", err) - } - } else { - log.Warnf("amp module is nil, skipping config update") - } - } - - // Count client sources from configuration and auth store. - tokenStore := sdkAuth.GetTokenStore() - if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(cfg.AuthDir) - } - authEntries := util.CountAuthFiles(context.Background(), tokenStore) - geminiAPIKeyCount := len(cfg.GeminiKey) - claudeAPIKeyCount := len(cfg.ClaudeKey) - codexAPIKeyCount := len(cfg.CodexKey) - vertexAICompatCount := len(cfg.VertexCompatAPIKey) - openAICompatCount := 0 - for i := range cfg.OpenAICompatibility { - entry := cfg.OpenAICompatibility[i] - openAICompatCount += len(entry.APIKeyEntries) - } - - total := authEntries + geminiAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + vertexAICompatCount + openAICompatCount - fmt.Printf("server clients and configuration updated: %d clients (%d auth entries + %d Gemini API keys + %d Claude API keys + %d Codex keys + %d Vertex-compat + %d OpenAI-compat)\n", - total, - authEntries, - geminiAPIKeyCount, - claudeAPIKeyCount, - codexAPIKeyCount, - vertexAICompatCount, - openAICompatCount, - ) -} - -func (s *Server) SetWebsocketAuthChangeHandler(fn func(bool, bool)) { - if s == nil { - return - } - s.wsAuthChanged = fn -} - -// (management handlers moved to internal/api/handlers/management) - -// AuthMiddleware returns a Gin middleware handler that authenticates requests -// using the configured authentication providers. When no providers are available, -// it allows all requests (legacy behaviour). -func AuthMiddleware(manager *sdkaccess.Manager) gin.HandlerFunc { - return func(c *gin.Context) { - if manager == nil { - c.Next() - return - } - - result, err := manager.Authenticate(c.Request.Context(), c.Request) - if err == nil { - if result != nil { - c.Set("apiKey", result.Principal) - c.Set("accessProvider", result.Provider) - if len(result.Metadata) > 0 { - c.Set("accessMetadata", result.Metadata) - } - } - c.Next() - return - } - - statusCode := err.HTTPStatusCode() - if statusCode >= http.StatusInternalServerError { - log.Errorf("authentication middleware error: %v", err) - } - c.AbortWithStatusJSON(statusCode, gin.H{"error": err.Message}) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/api/server_test.go b/.worktrees/config/m/config-build/active/internal/api/server_test.go deleted file mode 100644 index 066532106f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/api/server_test.go +++ /dev/null @@ -1,111 +0,0 @@ -package api - -import ( - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "strings" - "testing" - - gin "github.com/gin-gonic/gin" - proxyconfig "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -func newTestServer(t *testing.T) *Server { - t.Helper() - - gin.SetMode(gin.TestMode) - - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o700); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - cfg := &proxyconfig.Config{ - SDKConfig: sdkconfig.SDKConfig{ - APIKeys: []string{"test-key"}, - }, - Port: 0, - AuthDir: authDir, - Debug: true, - LoggingToFile: false, - UsageStatisticsEnabled: false, - } - - authManager := auth.NewManager(nil, nil, nil) - accessManager := sdkaccess.NewManager() - - configPath := filepath.Join(tmpDir, "config.yaml") - return NewServer(cfg, authManager, accessManager, configPath) -} - -func TestAmpProviderModelRoutes(t *testing.T) { - testCases := []struct { - name string - path string - wantStatus int - wantContains string - }{ - { - name: "openai root models", - path: "/api/provider/openai/models", - wantStatus: http.StatusOK, - wantContains: `"object":"list"`, - }, - { - name: "groq root models", - path: "/api/provider/groq/models", - wantStatus: http.StatusOK, - wantContains: `"object":"list"`, - }, - { - name: "openai models", - path: "/api/provider/openai/v1/models", - wantStatus: http.StatusOK, - wantContains: `"object":"list"`, - }, - { - name: "anthropic models", - path: "/api/provider/anthropic/v1/models", - wantStatus: http.StatusOK, - wantContains: `"data"`, - }, - { - name: "google models v1", - path: "/api/provider/google/v1/models", - wantStatus: http.StatusOK, - wantContains: `"models"`, - }, - { - name: "google models v1beta", - path: "/api/provider/google/v1beta/models", - wantStatus: http.StatusOK, - wantContains: `"models"`, - }, - } - - for _, tc := range testCases { - tc := tc - t.Run(tc.name, func(t *testing.T) { - server := newTestServer(t) - - req := httptest.NewRequest(http.MethodGet, tc.path, nil) - req.Header.Set("Authorization", "Bearer test-key") - - rr := httptest.NewRecorder() - server.engine.ServeHTTP(rr, req) - - if rr.Code != tc.wantStatus { - t.Fatalf("unexpected status code for %s: got %d want %d; body=%s", tc.path, rr.Code, tc.wantStatus, rr.Body.String()) - } - if body := rr.Body.String(); !strings.Contains(body, tc.wantContains) { - t.Fatalf("response body for %s missing %q: %s", tc.path, tc.wantContains, body) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/antigravity/auth.go b/.worktrees/config/m/config-build/active/internal/auth/antigravity/auth.go deleted file mode 100644 index 449f413fc1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/antigravity/auth.go +++ /dev/null @@ -1,344 +0,0 @@ -// Package antigravity provides OAuth2 authentication functionality for the Antigravity provider. -package antigravity - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// TokenResponse represents OAuth token response from Google -type TokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` -} - -// userInfo represents Google user profile -type userInfo struct { - Email string `json:"email"` -} - -// AntigravityAuth handles Antigravity OAuth authentication -type AntigravityAuth struct { - httpClient *http.Client -} - -// NewAntigravityAuth creates a new Antigravity auth service. -func NewAntigravityAuth(cfg *config.Config, httpClient *http.Client) *AntigravityAuth { - if httpClient != nil { - return &AntigravityAuth{httpClient: httpClient} - } - if cfg == nil { - cfg = &config.Config{} - } - return &AntigravityAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// BuildAuthURL generates the OAuth authorization URL. -func (o *AntigravityAuth) BuildAuthURL(state, redirectURI string) string { - if strings.TrimSpace(redirectURI) == "" { - redirectURI = fmt.Sprintf("http://localhost:%d/oauth-callback", CallbackPort) - } - params := url.Values{} - params.Set("access_type", "offline") - params.Set("client_id", ClientID) - params.Set("prompt", "consent") - params.Set("redirect_uri", redirectURI) - params.Set("response_type", "code") - params.Set("scope", strings.Join(Scopes, " ")) - params.Set("state", state) - return AuthEndpoint + "?" + params.Encode() -} - -// ExchangeCodeForTokens exchanges authorization code for access and refresh tokens -func (o *AntigravityAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*TokenResponse, error) { - data := url.Values{} - data.Set("code", code) - data.Set("client_id", ClientID) - data.Set("client_secret", ClientSecret) - data.Set("redirect_uri", redirectURI) - data.Set("grant_type", "authorization_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, TokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("antigravity token exchange: create request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("antigravity token exchange: execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity token exchange: close body error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(io.LimitReader(resp.Body, 8<<10)) - if errRead != nil { - return nil, fmt.Errorf("antigravity token exchange: read response: %w", errRead) - } - body := strings.TrimSpace(string(bodyBytes)) - if body == "" { - return nil, fmt.Errorf("antigravity token exchange: request failed: status %d", resp.StatusCode) - } - return nil, fmt.Errorf("antigravity token exchange: request failed: status %d: %s", resp.StatusCode, body) - } - - var token TokenResponse - if errDecode := json.NewDecoder(resp.Body).Decode(&token); errDecode != nil { - return nil, fmt.Errorf("antigravity token exchange: decode response: %w", errDecode) - } - return &token, nil -} - -// FetchUserInfo retrieves user email from Google -func (o *AntigravityAuth) FetchUserInfo(ctx context.Context, accessToken string) (string, error) { - accessToken = strings.TrimSpace(accessToken) - if accessToken == "" { - return "", fmt.Errorf("antigravity userinfo: missing access token") - } - req, err := http.NewRequestWithContext(ctx, http.MethodGet, UserInfoEndpoint, nil) - if err != nil { - return "", fmt.Errorf("antigravity userinfo: create request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return "", fmt.Errorf("antigravity userinfo: execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity userinfo: close body error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(io.LimitReader(resp.Body, 8<<10)) - if errRead != nil { - return "", fmt.Errorf("antigravity userinfo: read response: %w", errRead) - } - body := strings.TrimSpace(string(bodyBytes)) - if body == "" { - return "", fmt.Errorf("antigravity userinfo: request failed: status %d", resp.StatusCode) - } - return "", fmt.Errorf("antigravity userinfo: request failed: status %d: %s", resp.StatusCode, body) - } - var info userInfo - if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { - return "", fmt.Errorf("antigravity userinfo: decode response: %w", errDecode) - } - email := strings.TrimSpace(info.Email) - if email == "" { - return "", fmt.Errorf("antigravity userinfo: response missing email") - } - return email, nil -} - -// FetchProjectID retrieves the project ID for the authenticated user via loadCodeAssist -func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string) (string, error) { - loadReqBody := map[string]any{ - "metadata": map[string]string{ - "ideType": "ANTIGRAVITY", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - }, - } - - rawBody, errMarshal := json.Marshal(loadReqBody) - if errMarshal != nil { - return "", fmt.Errorf("marshal request body: %w", errMarshal) - } - - endpointURL := fmt.Sprintf("%s/%s:loadCodeAssist", APIEndpoint, APIVersion) - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody))) - if err != nil { - return "", fmt.Errorf("create request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", APIUserAgent) - req.Header.Set("X-Goog-Api-Client", APIClient) - req.Header.Set("Client-Metadata", ClientMetadata) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return "", fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity loadCodeAssist: close body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", fmt.Errorf("read response: %w", errRead) - } - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var loadResp map[string]any - if errDecode := json.Unmarshal(bodyBytes, &loadResp); errDecode != nil { - return "", fmt.Errorf("decode response: %w", errDecode) - } - - // Extract projectID from response - projectID := "" - if id, ok := loadResp["cloudaicompanionProject"].(string); ok { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, ok := loadResp["cloudaicompanionProject"].(map[string]any); ok { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - - if projectID == "" { - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID, err = o.OnboardUser(ctx, accessToken, tierID) - if err != nil { - return "", err - } - return projectID, nil - } - - return projectID, nil -} - -// OnboardUser attempts to fetch the project ID via onboardUser by polling for completion -func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID string) (string, error) { - log.Infof("Antigravity: onboarding user with tier: %s", tierID) - requestBody := map[string]any{ - "tierId": tierID, - "metadata": map[string]string{ - "ideType": "ANTIGRAVITY", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - }, - } - - rawBody, errMarshal := json.Marshal(requestBody) - if errMarshal != nil { - return "", fmt.Errorf("marshal request body: %w", errMarshal) - } - - maxAttempts := 5 - for attempt := 1; attempt <= maxAttempts; attempt++ { - log.Debugf("Polling attempt %d/%d", attempt, maxAttempts) - - reqCtx := ctx - var cancel context.CancelFunc - if reqCtx == nil { - reqCtx = context.Background() - } - reqCtx, cancel = context.WithTimeout(reqCtx, 30*time.Second) - - endpointURL := fmt.Sprintf("%s/%s:onboardUser", APIEndpoint, APIVersion) - req, errRequest := http.NewRequestWithContext(reqCtx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody))) - if errRequest != nil { - cancel() - return "", fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", APIUserAgent) - req.Header.Set("X-Goog-Api-Client", APIClient) - req.Header.Set("Client-Metadata", ClientMetadata) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - cancel() - return "", fmt.Errorf("execute request: %w", errDo) - } - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("close body error: %v", errClose) - } - cancel() - - if errRead != nil { - return "", fmt.Errorf("read response: %w", errRead) - } - - if resp.StatusCode == http.StatusOK { - var data map[string]any - if errDecode := json.Unmarshal(bodyBytes, &data); errDecode != nil { - return "", fmt.Errorf("decode response: %w", errDecode) - } - - if done, okDone := data["done"].(bool); okDone && done { - projectID := "" - if responseData, okResp := data["response"].(map[string]any); okResp { - switch projectValue := responseData["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - case string: - projectID = strings.TrimSpace(projectValue) - } - } - - if projectID != "" { - log.Infof("Successfully fetched project_id: %s", projectID) - return projectID, nil - } - - return "", fmt.Errorf("no project_id in response") - } - - time.Sleep(2 * time.Second) - continue - } - - responsePreview := strings.TrimSpace(string(bodyBytes)) - if len(responsePreview) > 500 { - responsePreview = responsePreview[:500] - } - - responseErr := responsePreview - if len(responseErr) > 200 { - responseErr = responseErr[:200] - } - return "", fmt.Errorf("http %d: %s", resp.StatusCode, responseErr) - } - - return "", nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/antigravity/constants.go b/.worktrees/config/m/config-build/active/internal/auth/antigravity/constants.go deleted file mode 100644 index 680c8e3c70..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/antigravity/constants.go +++ /dev/null @@ -1,34 +0,0 @@ -// Package antigravity provides OAuth2 authentication functionality for the Antigravity provider. -package antigravity - -// OAuth client credentials and configuration -const ( - ClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - ClientSecret = "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" - CallbackPort = 51121 -) - -// Scopes defines the OAuth scopes required for Antigravity authentication -var Scopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", - "https://www.googleapis.com/auth/cclog", - "https://www.googleapis.com/auth/experimentsandconfigs", -} - -// OAuth2 endpoints for Google authentication -const ( - TokenEndpoint = "https://oauth2.googleapis.com/token" - AuthEndpoint = "https://accounts.google.com/o/oauth2/v2/auth" - UserInfoEndpoint = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json" -) - -// Antigravity API configuration -const ( - APIEndpoint = "https://cloudcode-pa.googleapis.com" - APIVersion = "v1internal" - APIUserAgent = "google-api-nodejs-client/9.15.1" - APIClient = "google-cloud-sdk vscode_cloudshelleditor/0.1" - ClientMetadata = `{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI"}` -) diff --git a/.worktrees/config/m/config-build/active/internal/auth/antigravity/filename.go b/.worktrees/config/m/config-build/active/internal/auth/antigravity/filename.go deleted file mode 100644 index 03ad3e2f1a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/antigravity/filename.go +++ /dev/null @@ -1,16 +0,0 @@ -package antigravity - -import ( - "fmt" - "strings" -) - -// CredentialFileName returns the filename used to persist Antigravity credentials. -// It uses the email as a suffix to disambiguate accounts. -func CredentialFileName(email string) string { - email = strings.TrimSpace(email) - if email == "" { - return "antigravity.json" - } - return fmt.Sprintf("antigravity-%s.json", email) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/anthropic.go b/.worktrees/config/m/config-build/active/internal/auth/claude/anthropic.go deleted file mode 100644 index dcb1b02832..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/anthropic.go +++ /dev/null @@ -1,32 +0,0 @@ -package claude - -// PKCECodes holds PKCE verification codes for OAuth2 PKCE flow -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// ClaudeTokenData holds OAuth token information from Anthropic -type ClaudeTokenData struct { - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // Email is the Anthropic account email - Email string `json:"email"` - // Expire is the timestamp of the token expire - Expire string `json:"expired"` -} - -// ClaudeAuthBundle aggregates authentication data after OAuth flow completion -type ClaudeAuthBundle struct { - // APIKey is the Anthropic API key obtained from token exchange - APIKey string `json:"api_key"` - // TokenData contains the OAuth tokens from the authentication flow - TokenData ClaudeTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/anthropic_auth.go b/.worktrees/config/m/config-build/active/internal/auth/claude/anthropic_auth.go deleted file mode 100644 index 2853e418e6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/anthropic_auth.go +++ /dev/null @@ -1,349 +0,0 @@ -// Package claude provides OAuth2 authentication functionality for Anthropic's Claude API. -// This package implements the complete OAuth2 flow with PKCE (Proof Key for Code Exchange) -// for secure authentication with Claude API, including token exchange, refresh, and storage. -package claude - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - log "github.com/sirupsen/logrus" -) - -// OAuth configuration constants for Claude/Anthropic -const ( - AuthURL = "https://claude.ai/oauth/authorize" - TokenURL = "https://api.anthropic.com/v1/oauth/token" - ClientID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e" - RedirectURI = "http://localhost:54545/callback" -) - -// tokenResponse represents the response structure from Anthropic's OAuth token endpoint. -// It contains access token, refresh token, and associated user/organization information. -type tokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - Organization struct { - UUID string `json:"uuid"` - Name string `json:"name"` - } `json:"organization"` - Account struct { - UUID string `json:"uuid"` - EmailAddress string `json:"email_address"` - } `json:"account"` -} - -// ClaudeAuth handles Anthropic OAuth2 authentication flow. -// It provides methods for generating authorization URLs, exchanging codes for tokens, -// and refreshing expired tokens using PKCE for enhanced security. -type ClaudeAuth struct { - httpClient *http.Client -} - -// NewClaudeAuth creates a new Anthropic authentication service. -// It initializes the HTTP client with a custom TLS transport that uses Firefox -// fingerprint to bypass Cloudflare's TLS fingerprinting on Anthropic domains. -// -// Parameters: -// - cfg: The application configuration containing proxy settings -// -// Returns: -// - *ClaudeAuth: A new Claude authentication service instance -func NewClaudeAuth(cfg *config.Config) *ClaudeAuth { - // Use custom HTTP client with Firefox TLS fingerprint to bypass - // Cloudflare's bot detection on Anthropic domains - return &ClaudeAuth{ - httpClient: NewAnthropicHttpClient(&cfg.SDKConfig), - } -} - -// GenerateAuthURL creates the OAuth authorization URL with PKCE. -// This method generates a secure authorization URL including PKCE challenge codes -// for the OAuth2 flow with Anthropic's API. -// -// Parameters: -// - state: A random state parameter for CSRF protection -// - pkceCodes: The PKCE codes for secure code exchange -// -// Returns: -// - string: The complete authorization URL -// - string: The state parameter for verification -// - error: An error if PKCE codes are missing or URL generation fails -func (o *ClaudeAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string, string, error) { - if pkceCodes == nil { - return "", "", fmt.Errorf("PKCE codes are required") - } - - params := url.Values{ - "code": {"true"}, - "client_id": {ClientID}, - "response_type": {"code"}, - "redirect_uri": {RedirectURI}, - "scope": {"org:create_api_key user:profile user:inference"}, - "code_challenge": {pkceCodes.CodeChallenge}, - "code_challenge_method": {"S256"}, - "state": {state}, - } - - authURL := fmt.Sprintf("%s?%s", AuthURL, params.Encode()) - return authURL, state, nil -} - -// parseCodeAndState extracts the authorization code and state from the callback response. -// It handles the parsing of the code parameter which may contain additional fragments. -// -// Parameters: -// - code: The raw code parameter from the OAuth callback -// -// Returns: -// - parsedCode: The extracted authorization code -// - parsedState: The extracted state parameter if present -func (c *ClaudeAuth) parseCodeAndState(code string) (parsedCode, parsedState string) { - splits := strings.Split(code, "#") - parsedCode = splits[0] - if len(splits) > 1 { - parsedState = splits[1] - } - return -} - -// ExchangeCodeForTokens exchanges authorization code for access tokens. -// This method implements the OAuth2 token exchange flow using PKCE for security. -// It sends the authorization code along with PKCE verifier to get access and refresh tokens. -// -// Parameters: -// - ctx: The context for the request -// - code: The authorization code received from OAuth callback -// - state: The state parameter for verification -// - pkceCodes: The PKCE codes for secure verification -// -// Returns: -// - *ClaudeAuthBundle: The complete authentication bundle with tokens -// - error: An error if token exchange fails -func (o *ClaudeAuth) ExchangeCodeForTokens(ctx context.Context, code, state string, pkceCodes *PKCECodes) (*ClaudeAuthBundle, error) { - if pkceCodes == nil { - return nil, fmt.Errorf("PKCE codes are required for token exchange") - } - newCode, newState := o.parseCodeAndState(code) - - // Prepare token exchange request - reqBody := map[string]interface{}{ - "code": newCode, - "state": state, - "grant_type": "authorization_code", - "client_id": ClientID, - "redirect_uri": RedirectURI, - "code_verifier": pkceCodes.CodeVerifier, - } - - // Include state if present - if newState != "" { - reqBody["state"] = newState - } - - jsonBody, err := json.Marshal(reqBody) - if err != nil { - return nil, fmt.Errorf("failed to marshal request body: %w", err) - } - - // log.Debugf("Token exchange request: %s", string(jsonBody)) - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token exchange request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("failed to close response body: %v", errClose) - } - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - // log.Debugf("Token response: %s", string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token exchange failed with status %d: %s", resp.StatusCode, string(body)) - } - // log.Debugf("Token response: %s", string(body)) - - var tokenResp tokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Create token data - tokenData := ClaudeTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - Email: tokenResp.Account.EmailAddress, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - // Create auth bundle - bundle := &ClaudeAuthBundle{ - TokenData: tokenData, - LastRefresh: time.Now().Format(time.RFC3339), - } - - return bundle, nil -} - -// RefreshTokens refreshes the access token using the refresh token. -// This method exchanges a valid refresh token for a new access token, -// extending the user's authenticated session. -// -// Parameters: -// - ctx: The context for the request -// - refreshToken: The refresh token to use for getting new access token -// -// Returns: -// - *ClaudeTokenData: The new token data with updated access token -// - error: An error if token refresh fails -func (o *ClaudeAuth) RefreshTokens(ctx context.Context, refreshToken string) (*ClaudeTokenData, error) { - if refreshToken == "" { - return nil, fmt.Errorf("refresh token is required") - } - - reqBody := map[string]interface{}{ - "client_id": ClientID, - "grant_type": "refresh_token", - "refresh_token": refreshToken, - } - - jsonBody, err := json.Marshal(reqBody) - if err != nil { - return nil, fmt.Errorf("failed to marshal request body: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token refresh failed with status %d: %s", resp.StatusCode, string(body)) - } - - // log.Debugf("Token response: %s", string(body)) - - var tokenResp tokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Create token data - return &ClaudeTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - Email: tokenResp.Account.EmailAddress, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// CreateTokenStorage creates a new ClaudeTokenStorage from auth bundle and user info. -// This method converts the authentication bundle into a token storage structure -// suitable for persistence and later use. -// -// Parameters: -// - bundle: The authentication bundle containing token data -// -// Returns: -// - *ClaudeTokenStorage: A new token storage instance -func (o *ClaudeAuth) CreateTokenStorage(bundle *ClaudeAuthBundle) *ClaudeTokenStorage { - storage := &ClaudeTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - LastRefresh: bundle.LastRefresh, - Email: bundle.TokenData.Email, - Expire: bundle.TokenData.Expire, - } - - return storage -} - -// RefreshTokensWithRetry refreshes tokens with automatic retry logic. -// This method implements exponential backoff retry logic for token refresh operations, -// providing resilience against temporary network or service issues. -// -// Parameters: -// - ctx: The context for the request -// - refreshToken: The refresh token to use -// - maxRetries: The maximum number of retry attempts -// -// Returns: -// - *ClaudeTokenData: The refreshed token data -// - error: An error if all retry attempts fail -func (o *ClaudeAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*ClaudeTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// UpdateTokenStorage updates an existing token storage with new token data. -// This method refreshes the token storage with newly obtained access and refresh tokens, -// updating timestamps and expiration information. -// -// Parameters: -// - storage: The existing token storage to update -// - tokenData: The new token data to apply -func (o *ClaudeAuth) UpdateTokenStorage(storage *ClaudeTokenStorage, tokenData *ClaudeTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Email = tokenData.Email - storage.Expire = tokenData.Expire -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/errors.go b/.worktrees/config/m/config-build/active/internal/auth/claude/errors.go deleted file mode 100644 index 3585209a8a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/errors.go +++ /dev/null @@ -1,167 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Common authentication error types. -var ( - // ErrTokenExpired = &AuthenticationError{ - // Type: "token_expired", - // Message: "Access token has expired", - // Code: http.StatusUnauthorized, - // } - - // ErrInvalidState represents an error for invalid OAuth state parameter. - ErrInvalidState = &AuthenticationError{ - Type: "invalid_state", - Message: "OAuth state parameter is invalid", - Code: http.StatusBadRequest, - } - - // ErrCodeExchangeFailed represents an error when exchanging authorization code for tokens fails. - ErrCodeExchangeFailed = &AuthenticationError{ - Type: "code_exchange_failed", - Message: "Failed to exchange authorization code for tokens", - Code: http.StatusBadRequest, - } - - // ErrServerStartFailed represents an error when starting the OAuth callback server fails. - ErrServerStartFailed = &AuthenticationError{ - Type: "server_start_failed", - Message: "Failed to start OAuth callback server", - Code: http.StatusInternalServerError, - } - - // ErrPortInUse represents an error when the OAuth callback port is already in use. - ErrPortInUse = &AuthenticationError{ - Type: "port_in_use", - Message: "OAuth callback port is already in use", - Code: 13, // Special exit code for port-in-use - } - - // ErrCallbackTimeout represents an error when waiting for OAuth callback times out. - ErrCallbackTimeout = &AuthenticationError{ - Type: "callback_timeout", - Message: "Timeout waiting for OAuth callback", - Code: http.StatusRequestTimeout, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - switch { - case IsAuthenticationError(err): - var authErr *AuthenticationError - errors.As(err, &authErr) - switch authErr.Type { - case "token_expired": - return "Your authentication has expired. Please log in again." - case "token_invalid": - return "Your authentication is invalid. Please log in again." - case "authentication_required": - return "Please log in to continue." - case "port_in_use": - return "The required port is already in use. Please close any applications using port 3000 and try again." - case "callback_timeout": - return "Authentication timed out. Please try again." - case "browser_open_failed": - return "Could not open your browser automatically. Please copy and paste the URL manually." - default: - return "Authentication failed. Please try again." - } - case IsOAuthError(err): - var oauthErr *OAuthError - errors.As(err, &oauthErr) - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "Authentication server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - default: - return "An unexpected error occurred. Please try again." - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/html_templates.go b/.worktrees/config/m/config-build/active/internal/auth/claude/html_templates.go deleted file mode 100644 index 1ec7682363..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/html_templates.go +++ /dev/null @@ -1,218 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -// LoginSuccessHtml is the HTML template displayed to users after successful OAuth authentication. -// This template provides a user-friendly success page with options to close the window -// or navigate to the Claude platform. It includes automatic window closing functionality -// and keyboard accessibility features. -const LoginSuccessHtml = ` - - - - - Authentication Successful - Claude - - - - -
-
-

Authentication Successful!

-

You have successfully authenticated with Claude. You can now close this window and return to your terminal to continue.

- - {{SETUP_NOTICE}} - -
- - - Open Platform - - -
- -
- This window will close automatically in 10 seconds -
- -
-

Powered by ChatGPT

-
-
- - - -` - -// SetupNoticeHtml is the HTML template for the setup notice section. -// This template is embedded within the success page to inform users about -// additional setup steps required to complete their Claude account configuration. -const SetupNoticeHtml = ` -
-

Additional Setup Required

-

To complete your setup, please visit the Claude to configure your account.

-
` diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/oauth_server.go b/.worktrees/config/m/config-build/active/internal/auth/claude/oauth_server.go deleted file mode 100644 index 49b04794e5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/oauth_server.go +++ /dev/null @@ -1,331 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "context" - "errors" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// OAuthServer handles the local HTTP server for OAuth callbacks. -// It listens for the authorization code response from the OAuth provider -// and captures the necessary parameters to complete the authentication flow. -type OAuthServer struct { - // server is the underlying HTTP server instance - server *http.Server - // port is the port number on which the server listens - port int - // resultChan is a channel for sending OAuth results - resultChan chan *OAuthResult - // errorChan is a channel for sending OAuth errors - errorChan chan error - // mu is a mutex for protecting server state - mu sync.Mutex - // running indicates whether the server is currently running - running bool -} - -// OAuthResult contains the result of the OAuth callback. -// It holds either the authorization code and state for successful authentication -// or an error message if the authentication failed. -type OAuthResult struct { - // Code is the authorization code received from the OAuth provider - Code string - // State is the state parameter used to prevent CSRF attacks - State string - // Error contains any error message if the OAuth flow failed - Error string -} - -// NewOAuthServer creates a new OAuth callback server. -// It initializes the server with the specified port and creates channels -// for handling OAuth results and errors. -// -// Parameters: -// - port: The port number on which the server should listen -// -// Returns: -// - *OAuthServer: A new OAuthServer instance -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - resultChan: make(chan *OAuthResult, 1), - errorChan: make(chan error, 1), - } -} - -// Start starts the OAuth callback server. -// It sets up the HTTP handlers for the callback and success endpoints, -// and begins listening on the specified port. -// -// Returns: -// - error: An error if the server fails to start -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - - if s.running { - return fmt.Errorf("server is already running") - } - - // Check if port is available - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/callback", s.handleCallback) - mux.HandleFunc("/success", s.handleSuccess) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - // Start server in goroutine - go func() { - if err := s.server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { - s.errorChan <- fmt.Errorf("server failed to start: %w", err) - } - }() - - // Give server a moment to start - time.Sleep(100 * time.Millisecond) - - return nil -} - -// Stop gracefully stops the OAuth callback server. -// It performs a graceful shutdown of the HTTP server with a timeout. -// -// Parameters: -// - ctx: The context for controlling the shutdown process -// -// Returns: -// - error: An error if the server fails to stop gracefully -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - if !s.running || s.server == nil { - return nil - } - - log.Debug("Stopping OAuth callback server") - - // Create a context with timeout for shutdown - shutdownCtx, cancel := context.WithTimeout(ctx, 5*time.Second) - defer cancel() - - err := s.server.Shutdown(shutdownCtx) - s.running = false - s.server = nil - - return err -} - -// WaitForCallback waits for the OAuth callback with a timeout. -// It blocks until either an OAuth result is received, an error occurs, -// or the specified timeout is reached. -// -// Parameters: -// - timeout: The maximum time to wait for the callback -// -// Returns: -// - *OAuthResult: The OAuth result if successful -// - error: An error if the callback times out or an error occurs -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case result := <-s.resultChan: - return result, nil - case err := <-s.errorChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -// handleCallback handles the OAuth callback endpoint. -// It extracts the authorization code and state from the callback URL, -// validates the parameters, and sends the result to the waiting channel. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - log.Debug("Received OAuth callback") - - // Validate request method - if r.Method != http.MethodGet { - http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) - return - } - - // Extract parameters - query := r.URL.Query() - code := query.Get("code") - state := query.Get("state") - errorParam := query.Get("error") - - // Validate required parameters - if errorParam != "" { - log.Errorf("OAuth error received: %s", errorParam) - result := &OAuthResult{ - Error: errorParam, - } - s.sendResult(result) - http.Error(w, fmt.Sprintf("OAuth error: %s", errorParam), http.StatusBadRequest) - return - } - - if code == "" { - log.Error("No authorization code received") - result := &OAuthResult{ - Error: "no_code", - } - s.sendResult(result) - http.Error(w, "No authorization code received", http.StatusBadRequest) - return - } - - if state == "" { - log.Error("No state parameter received") - result := &OAuthResult{ - Error: "no_state", - } - s.sendResult(result) - http.Error(w, "No state parameter received", http.StatusBadRequest) - return - } - - // Send successful result - result := &OAuthResult{ - Code: code, - State: state, - } - s.sendResult(result) - - // Redirect to success page - http.Redirect(w, r, "/success", http.StatusFound) -} - -// handleSuccess handles the success page endpoint. -// It serves a user-friendly HTML page indicating that authentication was successful. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleSuccess(w http.ResponseWriter, r *http.Request) { - log.Debug("Serving success page") - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusOK) - - // Parse query parameters for customization - query := r.URL.Query() - setupRequired := query.Get("setup_required") == "true" - platformURL := query.Get("platform_url") - if platformURL == "" { - platformURL = "https://console.anthropic.com/" - } - - // Validate platformURL to prevent XSS - only allow http/https URLs - if !isValidURL(platformURL) { - platformURL = "https://console.anthropic.com/" - } - - // Generate success page HTML with dynamic content - successHTML := s.generateSuccessHTML(setupRequired, platformURL) - - _, err := w.Write([]byte(successHTML)) - if err != nil { - log.Errorf("Failed to write success page: %v", err) - } -} - -// isValidURL checks if the URL is a valid http/https URL to prevent XSS -func isValidURL(urlStr string) bool { - urlStr = strings.TrimSpace(urlStr) - return strings.HasPrefix(urlStr, "https://") || strings.HasPrefix(urlStr, "http://") -} - -// generateSuccessHTML creates the HTML content for the success page. -// It customizes the page based on whether additional setup is required -// and includes a link to the platform. -// -// Parameters: -// - setupRequired: Whether additional setup is required after authentication -// - platformURL: The URL to the platform for additional setup -// -// Returns: -// - string: The HTML content for the success page -func (s *OAuthServer) generateSuccessHTML(setupRequired bool, platformURL string) string { - html := LoginSuccessHtml - - // Replace platform URL placeholder - html = strings.Replace(html, "{{PLATFORM_URL}}", platformURL, -1) - - // Add setup notice if required - if setupRequired { - setupNotice := strings.Replace(SetupNoticeHtml, "{{PLATFORM_URL}}", platformURL, -1) - html = strings.Replace(html, "{{SETUP_NOTICE}}", setupNotice, 1) - } else { - html = strings.Replace(html, "{{SETUP_NOTICE}}", "", 1) - } - - return html -} - -// sendResult sends the OAuth result to the waiting channel. -// It ensures that the result is sent without blocking the handler. -// -// Parameters: -// - result: The OAuth result to send -func (s *OAuthServer) sendResult(result *OAuthResult) { - select { - case s.resultChan <- result: - log.Debug("OAuth result sent to channel") - default: - log.Warn("OAuth result channel is full, result dropped") - } -} - -// isPortAvailable checks if the specified port is available. -// It attempts to listen on the port to determine availability. -// -// Returns: -// - bool: True if the port is available, false otherwise -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - defer func() { - _ = listener.Close() - }() - return true -} - -// IsRunning returns whether the server is currently running. -// -// Returns: -// - bool: True if the server is running, false otherwise -func (s *OAuthServer) IsRunning() bool { - s.mu.Lock() - defer s.mu.Unlock() - return s.running -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/pkce.go b/.worktrees/config/m/config-build/active/internal/auth/claude/pkce.go deleted file mode 100644 index 98d40202b7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/pkce.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "fmt" -) - -// GeneratePKCECodes generates a PKCE code verifier and challenge pair -// following RFC 7636 specifications for OAuth 2.0 PKCE extension. -// This provides additional security for the OAuth flow by ensuring that -// only the client that initiated the request can exchange the authorization code. -// -// Returns: -// - *PKCECodes: A struct containing the code verifier and challenge -// - error: An error if the generation fails, nil otherwise -func GeneratePKCECodes() (*PKCECodes, error) { - // Generate code verifier: 43-128 characters, URL-safe - codeVerifier, err := generateCodeVerifier() - if err != nil { - return nil, fmt.Errorf("failed to generate code verifier: %w", err) - } - - // Generate code challenge using S256 method - codeChallenge := generateCodeChallenge(codeVerifier) - - return &PKCECodes{ - CodeVerifier: codeVerifier, - CodeChallenge: codeChallenge, - }, nil -} - -// generateCodeVerifier creates a cryptographically random string -// of 128 characters using URL-safe base64 encoding -func generateCodeVerifier() (string, error) { - // Generate 96 random bytes (will result in 128 base64 characters) - bytes := make([]byte, 96) - _, err := rand.Read(bytes) - if err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - - // Encode to URL-safe base64 without padding - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a SHA256 hash of the code verifier -// and encodes it using URL-safe base64 encoding without padding -func generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/token.go b/.worktrees/config/m/config-build/active/internal/auth/claude/token.go deleted file mode 100644 index cda10d589b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/token.go +++ /dev/null @@ -1,73 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" -) - -// ClaudeTokenStorage stores OAuth2 token information for Anthropic Claude API authentication. -// It maintains compatibility with the existing auth system while adding Claude-specific fields -// for managing access tokens, refresh tokens, and user account information. -type ClaudeTokenStorage struct { - // IDToken is the JWT ID token containing user claims and identity information. - IDToken string `json:"id_token"` - - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - - // Email is the Anthropic account email address associated with this token. - Email string `json:"email"` - - // Type indicates the authentication provider type, always "claude" for this storage. - Type string `json:"type"` - - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` -} - -// SaveTokenToFile serializes the Claude token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *ClaudeTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "claude" - - // Create directory structure if it doesn't exist - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - // Create the token file - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - // Encode and write the token data as JSON - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/claude/utls_transport.go b/.worktrees/config/m/config-build/active/internal/auth/claude/utls_transport.go deleted file mode 100644 index 2cb840b245..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/claude/utls_transport.go +++ /dev/null @@ -1,165 +0,0 @@ -// Package claude provides authentication functionality for Anthropic's Claude API. -// This file implements a custom HTTP transport using utls to bypass TLS fingerprinting. -package claude - -import ( - "net/http" - "net/url" - "strings" - "sync" - - tls "github.com/refraction-networking/utls" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - log "github.com/sirupsen/logrus" - "golang.org/x/net/http2" - "golang.org/x/net/proxy" -) - -// utlsRoundTripper implements http.RoundTripper using utls with Firefox fingerprint -// to bypass Cloudflare's TLS fingerprinting on Anthropic domains. -type utlsRoundTripper struct { - // mu protects the connections map and pending map - mu sync.Mutex - // connections caches HTTP/2 client connections per host - connections map[string]*http2.ClientConn - // pending tracks hosts that are currently being connected to (prevents race condition) - pending map[string]*sync.Cond - // dialer is used to create network connections, supporting proxies - dialer proxy.Dialer -} - -// newUtlsRoundTripper creates a new utls-based round tripper with optional proxy support -func newUtlsRoundTripper(cfg *config.SDKConfig) *utlsRoundTripper { - var dialer proxy.Dialer = proxy.Direct - if cfg != nil && cfg.ProxyURL != "" { - proxyURL, err := url.Parse(cfg.ProxyURL) - if err != nil { - log.Errorf("failed to parse proxy URL %q: %v", cfg.ProxyURL, err) - } else { - pDialer, err := proxy.FromURL(proxyURL, proxy.Direct) - if err != nil { - log.Errorf("failed to create proxy dialer for %q: %v", cfg.ProxyURL, err) - } else { - dialer = pDialer - } - } - } - - return &utlsRoundTripper{ - connections: make(map[string]*http2.ClientConn), - pending: make(map[string]*sync.Cond), - dialer: dialer, - } -} - -// getOrCreateConnection gets an existing connection or creates a new one. -// It uses a per-host locking mechanism to prevent multiple goroutines from -// creating connections to the same host simultaneously. -func (t *utlsRoundTripper) getOrCreateConnection(host, addr string) (*http2.ClientConn, error) { - t.mu.Lock() - - // Check if connection exists and is usable - if h2Conn, ok := t.connections[host]; ok && h2Conn.CanTakeNewRequest() { - t.mu.Unlock() - return h2Conn, nil - } - - // Check if another goroutine is already creating a connection - if cond, ok := t.pending[host]; ok { - // Wait for the other goroutine to finish - cond.Wait() - // Check if connection is now available - if h2Conn, ok := t.connections[host]; ok && h2Conn.CanTakeNewRequest() { - t.mu.Unlock() - return h2Conn, nil - } - // Connection still not available, we'll create one - } - - // Mark this host as pending - cond := sync.NewCond(&t.mu) - t.pending[host] = cond - t.mu.Unlock() - - // Create connection outside the lock - h2Conn, err := t.createConnection(host, addr) - - t.mu.Lock() - defer t.mu.Unlock() - - // Remove pending marker and wake up waiting goroutines - delete(t.pending, host) - cond.Broadcast() - - if err != nil { - return nil, err - } - - // Store the new connection - t.connections[host] = h2Conn - return h2Conn, nil -} - -// createConnection creates a new HTTP/2 connection with Firefox TLS fingerprint -func (t *utlsRoundTripper) createConnection(host, addr string) (*http2.ClientConn, error) { - conn, err := t.dialer.Dial("tcp", addr) - if err != nil { - return nil, err - } - - tlsConfig := &tls.Config{ServerName: host} - tlsConn := tls.UClient(conn, tlsConfig, tls.HelloFirefox_Auto) - - if err := tlsConn.Handshake(); err != nil { - conn.Close() - return nil, err - } - - tr := &http2.Transport{} - h2Conn, err := tr.NewClientConn(tlsConn) - if err != nil { - tlsConn.Close() - return nil, err - } - - return h2Conn, nil -} - -// RoundTrip implements http.RoundTripper -func (t *utlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - host := req.URL.Host - addr := host - if !strings.Contains(addr, ":") { - addr += ":443" - } - - // Get hostname without port for TLS ServerName - hostname := req.URL.Hostname() - - h2Conn, err := t.getOrCreateConnection(hostname, addr) - if err != nil { - return nil, err - } - - resp, err := h2Conn.RoundTrip(req) - if err != nil { - // Connection failed, remove it from cache - t.mu.Lock() - if cached, ok := t.connections[hostname]; ok && cached == h2Conn { - delete(t.connections, hostname) - } - t.mu.Unlock() - return nil, err - } - - return resp, nil -} - -// NewAnthropicHttpClient creates an HTTP client that bypasses TLS fingerprinting -// for Anthropic domains by using utls with Firefox fingerprint. -// It accepts optional SDK configuration for proxy settings. -func NewAnthropicHttpClient(cfg *config.SDKConfig) *http.Client { - return &http.Client{ - Transport: newUtlsRoundTripper(cfg), - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/errors.go b/.worktrees/config/m/config-build/active/internal/auth/codex/errors.go deleted file mode 100644 index d8065f7a0a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/errors.go +++ /dev/null @@ -1,171 +0,0 @@ -package codex - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Common authentication error types. -var ( - // ErrTokenExpired = &AuthenticationError{ - // Type: "token_expired", - // Message: "Access token has expired", - // Code: http.StatusUnauthorized, - // } - - // ErrInvalidState represents an error for invalid OAuth state parameter. - ErrInvalidState = &AuthenticationError{ - Type: "invalid_state", - Message: "OAuth state parameter is invalid", - Code: http.StatusBadRequest, - } - - // ErrCodeExchangeFailed represents an error when exchanging authorization code for tokens fails. - ErrCodeExchangeFailed = &AuthenticationError{ - Type: "code_exchange_failed", - Message: "Failed to exchange authorization code for tokens", - Code: http.StatusBadRequest, - } - - // ErrServerStartFailed represents an error when starting the OAuth callback server fails. - ErrServerStartFailed = &AuthenticationError{ - Type: "server_start_failed", - Message: "Failed to start OAuth callback server", - Code: http.StatusInternalServerError, - } - - // ErrPortInUse represents an error when the OAuth callback port is already in use. - ErrPortInUse = &AuthenticationError{ - Type: "port_in_use", - Message: "OAuth callback port is already in use", - Code: 13, // Special exit code for port-in-use - } - - // ErrCallbackTimeout represents an error when waiting for OAuth callback times out. - ErrCallbackTimeout = &AuthenticationError{ - Type: "callback_timeout", - Message: "Timeout waiting for OAuth callback", - Code: http.StatusRequestTimeout, - } - - // ErrBrowserOpenFailed represents an error when opening the browser for authentication fails. - ErrBrowserOpenFailed = &AuthenticationError{ - Type: "browser_open_failed", - Message: "Failed to open browser for authentication", - Code: http.StatusInternalServerError, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - switch { - case IsAuthenticationError(err): - var authErr *AuthenticationError - errors.As(err, &authErr) - switch authErr.Type { - case "token_expired": - return "Your authentication has expired. Please log in again." - case "token_invalid": - return "Your authentication is invalid. Please log in again." - case "authentication_required": - return "Please log in to continue." - case "port_in_use": - return "The required port is already in use. Please close any applications using port 3000 and try again." - case "callback_timeout": - return "Authentication timed out. Please try again." - case "browser_open_failed": - return "Could not open your browser automatically. Please copy and paste the URL manually." - default: - return "Authentication failed. Please try again." - } - case IsOAuthError(err): - var oauthErr *OAuthError - errors.As(err, &oauthErr) - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "Authentication server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - default: - return "An unexpected error occurred. Please try again." - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/filename.go b/.worktrees/config/m/config-build/active/internal/auth/codex/filename.go deleted file mode 100644 index fdac5a404c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/filename.go +++ /dev/null @@ -1,46 +0,0 @@ -package codex - -import ( - "fmt" - "strings" - "unicode" -) - -// CredentialFileName returns the filename used to persist Codex OAuth credentials. -// When planType is available (e.g. "plus", "team"), it is appended after the email -// as a suffix to disambiguate subscriptions. -func CredentialFileName(email, planType, hashAccountID string, includeProviderPrefix bool) string { - email = strings.TrimSpace(email) - plan := normalizePlanTypeForFilename(planType) - - prefix := "" - if includeProviderPrefix { - prefix = "codex" - } - - if plan == "" { - return fmt.Sprintf("%s-%s.json", prefix, email) - } else if plan == "team" { - return fmt.Sprintf("%s-%s-%s-%s.json", prefix, hashAccountID, email, plan) - } - return fmt.Sprintf("%s-%s-%s.json", prefix, email, plan) -} - -func normalizePlanTypeForFilename(planType string) string { - planType = strings.TrimSpace(planType) - if planType == "" { - return "" - } - - parts := strings.FieldsFunc(planType, func(r rune) bool { - return !unicode.IsLetter(r) && !unicode.IsDigit(r) - }) - if len(parts) == 0 { - return "" - } - - for i, part := range parts { - parts[i] = strings.ToLower(strings.TrimSpace(part)) - } - return strings.Join(parts, "-") -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/html_templates.go b/.worktrees/config/m/config-build/active/internal/auth/codex/html_templates.go deleted file mode 100644 index 054a166ee6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/html_templates.go +++ /dev/null @@ -1,214 +0,0 @@ -package codex - -// LoginSuccessHTML is the HTML template for the page shown after a successful -// OAuth2 authentication with Codex. It informs the user that the authentication -// was successful and provides a countdown timer to automatically close the window. -const LoginSuccessHtml = ` - - - - - Authentication Successful - Codex - - - - -
-
-

Authentication Successful!

-

You have successfully authenticated with Codex. You can now close this window and return to your terminal to continue.

- - {{SETUP_NOTICE}} - -
- - - Open Platform - - -
- -
- This window will close automatically in 10 seconds -
- -
-

Powered by ChatGPT

-
-
- - - -` - -// SetupNoticeHTML is the HTML template for the section that provides instructions -// for additional setup. This is displayed on the success page when further actions -// are required from the user. -const SetupNoticeHtml = ` -
-

Additional Setup Required

-

To complete your setup, please visit the Codex to configure your account.

-
` diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/jwt_parser.go b/.worktrees/config/m/config-build/active/internal/auth/codex/jwt_parser.go deleted file mode 100644 index 130e86420a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/jwt_parser.go +++ /dev/null @@ -1,102 +0,0 @@ -package codex - -import ( - "encoding/base64" - "encoding/json" - "fmt" - "strings" - "time" -) - -// JWTClaims represents the claims section of a JSON Web Token (JWT). -// It includes standard claims like issuer, subject, and expiration time, as well as -// custom claims specific to OpenAI's authentication. -type JWTClaims struct { - AtHash string `json:"at_hash"` - Aud []string `json:"aud"` - AuthProvider string `json:"auth_provider"` - AuthTime int `json:"auth_time"` - Email string `json:"email"` - EmailVerified bool `json:"email_verified"` - Exp int `json:"exp"` - CodexAuthInfo CodexAuthInfo `json:"https://api.openai.com/auth"` - Iat int `json:"iat"` - Iss string `json:"iss"` - Jti string `json:"jti"` - Rat int `json:"rat"` - Sid string `json:"sid"` - Sub string `json:"sub"` -} - -// Organizations defines the structure for organization details within the JWT claims. -// It holds information about the user's organization, such as ID, role, and title. -type Organizations struct { - ID string `json:"id"` - IsDefault bool `json:"is_default"` - Role string `json:"role"` - Title string `json:"title"` -} - -// CodexAuthInfo contains authentication-related details specific to Codex. -// This includes ChatGPT account information, subscription status, and user/organization IDs. -type CodexAuthInfo struct { - ChatgptAccountID string `json:"chatgpt_account_id"` - ChatgptPlanType string `json:"chatgpt_plan_type"` - ChatgptSubscriptionActiveStart any `json:"chatgpt_subscription_active_start"` - ChatgptSubscriptionActiveUntil any `json:"chatgpt_subscription_active_until"` - ChatgptSubscriptionLastChecked time.Time `json:"chatgpt_subscription_last_checked"` - ChatgptUserID string `json:"chatgpt_user_id"` - Groups []any `json:"groups"` - Organizations []Organizations `json:"organizations"` - UserID string `json:"user_id"` -} - -// ParseJWTToken parses a JWT token string and extracts its claims without performing -// cryptographic signature verification. This is useful for introspecting the token's -// contents to retrieve user information from an ID token after it has been validated -// by the authentication server. -func ParseJWTToken(token string) (*JWTClaims, error) { - parts := strings.Split(token, ".") - if len(parts) != 3 { - return nil, fmt.Errorf("invalid JWT token format: expected 3 parts, got %d", len(parts)) - } - - // Decode the claims (payload) part - claimsData, err := base64URLDecode(parts[1]) - if err != nil { - return nil, fmt.Errorf("failed to decode JWT claims: %w", err) - } - - var claims JWTClaims - if err = json.Unmarshal(claimsData, &claims); err != nil { - return nil, fmt.Errorf("failed to unmarshal JWT claims: %w", err) - } - - return &claims, nil -} - -// base64URLDecode decodes a Base64 URL-encoded string, adding padding if necessary. -// JWTs use a URL-safe Base64 alphabet and omit padding, so this function ensures -// correct decoding by re-adding the padding before decoding. -func base64URLDecode(data string) ([]byte, error) { - // Add padding if necessary - switch len(data) % 4 { - case 2: - data += "==" - case 3: - data += "=" - } - - return base64.URLEncoding.DecodeString(data) -} - -// GetUserEmail extracts the user's email address from the JWT claims. -func (c *JWTClaims) GetUserEmail() string { - return c.Email -} - -// GetAccountID extracts the user's account ID (subject) from the JWT claims. -// It retrieves the unique identifier for the user's ChatGPT account. -func (c *JWTClaims) GetAccountID() string { - return c.CodexAuthInfo.ChatgptAccountID -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/oauth_server.go b/.worktrees/config/m/config-build/active/internal/auth/codex/oauth_server.go deleted file mode 100644 index 58b5394efb..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/oauth_server.go +++ /dev/null @@ -1,328 +0,0 @@ -package codex - -import ( - "context" - "errors" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// OAuthServer handles the local HTTP server for OAuth callbacks. -// It listens for the authorization code response from the OAuth provider -// and captures the necessary parameters to complete the authentication flow. -type OAuthServer struct { - // server is the underlying HTTP server instance - server *http.Server - // port is the port number on which the server listens - port int - // resultChan is a channel for sending OAuth results - resultChan chan *OAuthResult - // errorChan is a channel for sending OAuth errors - errorChan chan error - // mu is a mutex for protecting server state - mu sync.Mutex - // running indicates whether the server is currently running - running bool -} - -// OAuthResult contains the result of the OAuth callback. -// It holds either the authorization code and state for successful authentication -// or an error message if the authentication failed. -type OAuthResult struct { - // Code is the authorization code received from the OAuth provider - Code string - // State is the state parameter used to prevent CSRF attacks - State string - // Error contains any error message if the OAuth flow failed - Error string -} - -// NewOAuthServer creates a new OAuth callback server. -// It initializes the server with the specified port and creates channels -// for handling OAuth results and errors. -// -// Parameters: -// - port: The port number on which the server should listen -// -// Returns: -// - *OAuthServer: A new OAuthServer instance -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - resultChan: make(chan *OAuthResult, 1), - errorChan: make(chan error, 1), - } -} - -// Start starts the OAuth callback server. -// It sets up the HTTP handlers for the callback and success endpoints, -// and begins listening on the specified port. -// -// Returns: -// - error: An error if the server fails to start -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - - if s.running { - return fmt.Errorf("server is already running") - } - - // Check if port is available - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/auth/callback", s.handleCallback) - mux.HandleFunc("/success", s.handleSuccess) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - // Start server in goroutine - go func() { - if err := s.server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { - s.errorChan <- fmt.Errorf("server failed to start: %w", err) - } - }() - - // Give server a moment to start - time.Sleep(100 * time.Millisecond) - - return nil -} - -// Stop gracefully stops the OAuth callback server. -// It performs a graceful shutdown of the HTTP server with a timeout. -// -// Parameters: -// - ctx: The context for controlling the shutdown process -// -// Returns: -// - error: An error if the server fails to stop gracefully -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - if !s.running || s.server == nil { - return nil - } - - log.Debug("Stopping OAuth callback server") - - // Create a context with timeout for shutdown - shutdownCtx, cancel := context.WithTimeout(ctx, 5*time.Second) - defer cancel() - - err := s.server.Shutdown(shutdownCtx) - s.running = false - s.server = nil - - return err -} - -// WaitForCallback waits for the OAuth callback with a timeout. -// It blocks until either an OAuth result is received, an error occurs, -// or the specified timeout is reached. -// -// Parameters: -// - timeout: The maximum time to wait for the callback -// -// Returns: -// - *OAuthResult: The OAuth result if successful -// - error: An error if the callback times out or an error occurs -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case result := <-s.resultChan: - return result, nil - case err := <-s.errorChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -// handleCallback handles the OAuth callback endpoint. -// It extracts the authorization code and state from the callback URL, -// validates the parameters, and sends the result to the waiting channel. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - log.Debug("Received OAuth callback") - - // Validate request method - if r.Method != http.MethodGet { - http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) - return - } - - // Extract parameters - query := r.URL.Query() - code := query.Get("code") - state := query.Get("state") - errorParam := query.Get("error") - - // Validate required parameters - if errorParam != "" { - log.Errorf("OAuth error received: %s", errorParam) - result := &OAuthResult{ - Error: errorParam, - } - s.sendResult(result) - http.Error(w, fmt.Sprintf("OAuth error: %s", errorParam), http.StatusBadRequest) - return - } - - if code == "" { - log.Error("No authorization code received") - result := &OAuthResult{ - Error: "no_code", - } - s.sendResult(result) - http.Error(w, "No authorization code received", http.StatusBadRequest) - return - } - - if state == "" { - log.Error("No state parameter received") - result := &OAuthResult{ - Error: "no_state", - } - s.sendResult(result) - http.Error(w, "No state parameter received", http.StatusBadRequest) - return - } - - // Send successful result - result := &OAuthResult{ - Code: code, - State: state, - } - s.sendResult(result) - - // Redirect to success page - http.Redirect(w, r, "/success", http.StatusFound) -} - -// handleSuccess handles the success page endpoint. -// It serves a user-friendly HTML page indicating that authentication was successful. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleSuccess(w http.ResponseWriter, r *http.Request) { - log.Debug("Serving success page") - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusOK) - - // Parse query parameters for customization - query := r.URL.Query() - setupRequired := query.Get("setup_required") == "true" - platformURL := query.Get("platform_url") - if platformURL == "" { - platformURL = "https://platform.openai.com" - } - - // Validate platformURL to prevent XSS - only allow http/https URLs - if !isValidURL(platformURL) { - platformURL = "https://platform.openai.com" - } - - // Generate success page HTML with dynamic content - successHTML := s.generateSuccessHTML(setupRequired, platformURL) - - _, err := w.Write([]byte(successHTML)) - if err != nil { - log.Errorf("Failed to write success page: %v", err) - } -} - -// isValidURL checks if the URL is a valid http/https URL to prevent XSS -func isValidURL(urlStr string) bool { - urlStr = strings.TrimSpace(urlStr) - return strings.HasPrefix(urlStr, "https://") || strings.HasPrefix(urlStr, "http://") -} - -// generateSuccessHTML creates the HTML content for the success page. -// It customizes the page based on whether additional setup is required -// and includes a link to the platform. -// -// Parameters: -// - setupRequired: Whether additional setup is required after authentication -// - platformURL: The URL to the platform for additional setup -// -// Returns: -// - string: The HTML content for the success page -func (s *OAuthServer) generateSuccessHTML(setupRequired bool, platformURL string) string { - html := LoginSuccessHtml - - // Replace platform URL placeholder - html = strings.Replace(html, "{{PLATFORM_URL}}", platformURL, -1) - - // Add setup notice if required - if setupRequired { - setupNotice := strings.Replace(SetupNoticeHtml, "{{PLATFORM_URL}}", platformURL, -1) - html = strings.Replace(html, "{{SETUP_NOTICE}}", setupNotice, 1) - } else { - html = strings.Replace(html, "{{SETUP_NOTICE}}", "", 1) - } - - return html -} - -// sendResult sends the OAuth result to the waiting channel. -// It ensures that the result is sent without blocking the handler. -// -// Parameters: -// - result: The OAuth result to send -func (s *OAuthServer) sendResult(result *OAuthResult) { - select { - case s.resultChan <- result: - log.Debug("OAuth result sent to channel") - default: - log.Warn("OAuth result channel is full, result dropped") - } -} - -// isPortAvailable checks if the specified port is available. -// It attempts to listen on the port to determine availability. -// -// Returns: -// - bool: True if the port is available, false otherwise -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - defer func() { - _ = listener.Close() - }() - return true -} - -// IsRunning returns whether the server is currently running. -// -// Returns: -// - bool: True if the server is running, false otherwise -func (s *OAuthServer) IsRunning() bool { - s.mu.Lock() - defer s.mu.Unlock() - return s.running -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/openai.go b/.worktrees/config/m/config-build/active/internal/auth/codex/openai.go deleted file mode 100644 index ee80eecfaf..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/openai.go +++ /dev/null @@ -1,39 +0,0 @@ -package codex - -// PKCECodes holds the verification codes for the OAuth2 PKCE (Proof Key for Code Exchange) flow. -// PKCE is an extension to the Authorization Code flow to prevent CSRF and authorization code injection attacks. -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// CodexTokenData holds the OAuth token information obtained from OpenAI. -// It includes the ID token, access token, refresh token, and associated user details. -type CodexTokenData struct { - // IDToken is the JWT ID token containing user claims - IDToken string `json:"id_token"` - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // AccountID is the OpenAI account identifier - AccountID string `json:"account_id"` - // Email is the OpenAI account email - Email string `json:"email"` - // Expire is the timestamp of the token expire - Expire string `json:"expired"` -} - -// CodexAuthBundle aggregates all authentication-related data after the OAuth flow is complete. -// This includes the API key, token data, and the timestamp of the last refresh. -type CodexAuthBundle struct { - // APIKey is the OpenAI API key obtained from token exchange - APIKey string `json:"api_key"` - // TokenData contains the OAuth tokens from the authentication flow - TokenData CodexTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/openai_auth.go b/.worktrees/config/m/config-build/active/internal/auth/codex/openai_auth.go deleted file mode 100644 index 89deeadb6e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/openai_auth.go +++ /dev/null @@ -1,287 +0,0 @@ -// Package codex provides authentication and token management for OpenAI's Codex API. -// It handles the OAuth2 flow, including generating authorization URLs, exchanging -// authorization codes for tokens, and refreshing expired tokens. The package also -// defines data structures for storing and managing Codex authentication credentials. -package codex - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// OAuth configuration constants for OpenAI Codex -const ( - AuthURL = "https://auth.openai.com/oauth/authorize" - TokenURL = "https://auth.openai.com/oauth/token" - ClientID = "app_EMoamEEZ73f0CkXaXp7hrann" - RedirectURI = "http://localhost:1455/auth/callback" -) - -// CodexAuth handles the OpenAI OAuth2 authentication flow. -// It manages the HTTP client and provides methods for generating authorization URLs, -// exchanging authorization codes for tokens, and refreshing access tokens. -type CodexAuth struct { - httpClient *http.Client -} - -// NewCodexAuth creates a new CodexAuth service instance. -// It initializes an HTTP client with proxy settings from the provided configuration. -func NewCodexAuth(cfg *config.Config) *CodexAuth { - return &CodexAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// GenerateAuthURL creates the OAuth authorization URL with PKCE (Proof Key for Code Exchange). -// It constructs the URL with the necessary parameters, including the client ID, -// response type, redirect URI, scopes, and PKCE challenge. -func (o *CodexAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string, error) { - if pkceCodes == nil { - return "", fmt.Errorf("PKCE codes are required") - } - - params := url.Values{ - "client_id": {ClientID}, - "response_type": {"code"}, - "redirect_uri": {RedirectURI}, - "scope": {"openid email profile offline_access"}, - "state": {state}, - "code_challenge": {pkceCodes.CodeChallenge}, - "code_challenge_method": {"S256"}, - "prompt": {"login"}, - "id_token_add_organizations": {"true"}, - "codex_cli_simplified_flow": {"true"}, - } - - authURL := fmt.Sprintf("%s?%s", AuthURL, params.Encode()) - return authURL, nil -} - -// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens. -// It performs an HTTP POST request to the OpenAI token endpoint with the provided -// authorization code and PKCE verifier. -func (o *CodexAuth) ExchangeCodeForTokens(ctx context.Context, code string, pkceCodes *PKCECodes) (*CodexAuthBundle, error) { - if pkceCodes == nil { - return nil, fmt.Errorf("PKCE codes are required for token exchange") - } - - // Prepare token exchange request - data := url.Values{ - "grant_type": {"authorization_code"}, - "client_id": {ClientID}, - "code": {code}, - "redirect_uri": {RedirectURI}, - "code_verifier": {pkceCodes.CodeVerifier}, - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token exchange request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - // log.Debugf("Token response: %s", string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token exchange failed with status %d: %s", resp.StatusCode, string(body)) - } - - // Parse token response - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - } - - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Extract account ID from ID token - claims, err := ParseJWTToken(tokenResp.IDToken) - if err != nil { - log.Warnf("Failed to parse ID token: %v", err) - } - - accountID := "" - email := "" - if claims != nil { - accountID = claims.GetAccountID() - email = claims.GetUserEmail() - } - - // Create token data - tokenData := CodexTokenData{ - IDToken: tokenResp.IDToken, - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - AccountID: accountID, - Email: email, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - // Create auth bundle - bundle := &CodexAuthBundle{ - TokenData: tokenData, - LastRefresh: time.Now().Format(time.RFC3339), - } - - return bundle, nil -} - -// RefreshTokens refreshes an access token using a refresh token. -// This method is called when an access token has expired. It makes a request to the -// token endpoint to obtain a new set of tokens. -func (o *CodexAuth) RefreshTokens(ctx context.Context, refreshToken string) (*CodexTokenData, error) { - if refreshToken == "" { - return nil, fmt.Errorf("refresh token is required") - } - - data := url.Values{ - "client_id": {ClientID}, - "grant_type": {"refresh_token"}, - "refresh_token": {refreshToken}, - "scope": {"openid profile email"}, - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token refresh failed with status %d: %s", resp.StatusCode, string(body)) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - } - - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse refresh response: %w", err) - } - - // Extract account ID from ID token - claims, err := ParseJWTToken(tokenResp.IDToken) - if err != nil { - log.Warnf("Failed to parse refreshed ID token: %v", err) - } - - accountID := "" - email := "" - if claims != nil { - accountID = claims.GetAccountID() - email = claims.Email - } - - return &CodexTokenData{ - IDToken: tokenResp.IDToken, - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - AccountID: accountID, - Email: email, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// CreateTokenStorage creates a new CodexTokenStorage from a CodexAuthBundle. -// It populates the storage struct with token data, user information, and timestamps. -func (o *CodexAuth) CreateTokenStorage(bundle *CodexAuthBundle) *CodexTokenStorage { - storage := &CodexTokenStorage{ - IDToken: bundle.TokenData.IDToken, - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - AccountID: bundle.TokenData.AccountID, - LastRefresh: bundle.LastRefresh, - Email: bundle.TokenData.Email, - Expire: bundle.TokenData.Expire, - } - - return storage -} - -// RefreshTokensWithRetry refreshes tokens with a built-in retry mechanism. -// It attempts to refresh the tokens up to a specified maximum number of retries, -// with an exponential backoff strategy to handle transient network errors. -func (o *CodexAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*CodexTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// UpdateTokenStorage updates an existing CodexTokenStorage with new token data. -// This is typically called after a successful token refresh to persist the new credentials. -func (o *CodexAuth) UpdateTokenStorage(storage *CodexTokenStorage, tokenData *CodexTokenData) { - storage.IDToken = tokenData.IDToken - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.AccountID = tokenData.AccountID - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Email = tokenData.Email - storage.Expire = tokenData.Expire -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/pkce.go b/.worktrees/config/m/config-build/active/internal/auth/codex/pkce.go deleted file mode 100644 index c1f0fb69a7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/pkce.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package codex provides authentication and token management functionality -// for OpenAI's Codex AI services. It handles OAuth2 PKCE (Proof Key for Code Exchange) -// code generation for secure authentication flows. -package codex - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "fmt" -) - -// GeneratePKCECodes generates a new pair of PKCE (Proof Key for Code Exchange) codes. -// It creates a cryptographically random code verifier and its corresponding -// SHA256 code challenge, as specified in RFC 7636. This is a critical security -// feature for the OAuth 2.0 authorization code flow. -func GeneratePKCECodes() (*PKCECodes, error) { - // Generate code verifier: 43-128 characters, URL-safe - codeVerifier, err := generateCodeVerifier() - if err != nil { - return nil, fmt.Errorf("failed to generate code verifier: %w", err) - } - - // Generate code challenge using S256 method - codeChallenge := generateCodeChallenge(codeVerifier) - - return &PKCECodes{ - CodeVerifier: codeVerifier, - CodeChallenge: codeChallenge, - }, nil -} - -// generateCodeVerifier creates a cryptographically secure random string to be used -// as the code verifier in the PKCE flow. The verifier is a high-entropy string -// that is later used to prove possession of the client that initiated the -// authorization request. -func generateCodeVerifier() (string, error) { - // Generate 96 random bytes (will result in 128 base64 characters) - bytes := make([]byte, 96) - _, err := rand.Read(bytes) - if err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - - // Encode to URL-safe base64 without padding - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a code challenge from a given code verifier. -// The challenge is derived by taking the SHA256 hash of the verifier and then -// Base64 URL-encoding the result. This is sent in the initial authorization -// request and later verified against the verifier. -func generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/codex/token.go b/.worktrees/config/m/config-build/active/internal/auth/codex/token.go deleted file mode 100644 index e93fc41784..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/codex/token.go +++ /dev/null @@ -1,66 +0,0 @@ -// Package codex provides authentication and token management functionality -// for OpenAI's Codex AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Codex API. -package codex - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" -) - -// CodexTokenStorage stores OAuth2 token information for OpenAI Codex API authentication. -// It maintains compatibility with the existing auth system while adding Codex-specific fields -// for managing access tokens, refresh tokens, and user account information. -type CodexTokenStorage struct { - // IDToken is the JWT ID token containing user claims and identity information. - IDToken string `json:"id_token"` - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - // AccountID is the OpenAI account identifier associated with this token. - AccountID string `json:"account_id"` - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - // Email is the OpenAI account email address associated with this token. - Email string `json:"email"` - // Type indicates the authentication provider type, always "codex" for this storage. - Type string `json:"type"` - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` -} - -// SaveTokenToFile serializes the Codex token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *CodexTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "codex" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil - -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/copilot/copilot_auth.go b/.worktrees/config/m/config-build/active/internal/auth/copilot/copilot_auth.go deleted file mode 100644 index c40e7082b8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/copilot/copilot_auth.go +++ /dev/null @@ -1,225 +0,0 @@ -// Package copilot provides authentication and token management for GitHub Copilot API. -// It handles the OAuth2 device flow for secure authentication with the Copilot API. -package copilot - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // copilotAPITokenURL is the endpoint for getting Copilot API tokens from GitHub token. - copilotAPITokenURL = "https://api.github.com/copilot_internal/v2/token" - // copilotAPIEndpoint is the base URL for making API requests. - copilotAPIEndpoint = "https://api.githubcopilot.com" - - // Common HTTP header values for Copilot API requests. - copilotUserAgent = "GithubCopilot/1.0" - copilotEditorVersion = "vscode/1.100.0" - copilotPluginVersion = "copilot/1.300.0" - copilotIntegrationID = "vscode-chat" - copilotOpenAIIntent = "conversation-panel" -) - -// CopilotAPIToken represents the Copilot API token response. -type CopilotAPIToken struct { - // Token is the JWT token for authenticating with the Copilot API. - Token string `json:"token"` - // ExpiresAt is the Unix timestamp when the token expires. - ExpiresAt int64 `json:"expires_at"` - // Endpoints contains the available API endpoints. - Endpoints struct { - API string `json:"api"` - Proxy string `json:"proxy"` - OriginTracker string `json:"origin-tracker"` - Telemetry string `json:"telemetry"` - } `json:"endpoints,omitempty"` - // ErrorDetails contains error information if the request failed. - ErrorDetails *struct { - URL string `json:"url"` - Message string `json:"message"` - DocumentationURL string `json:"documentation_url"` - } `json:"error_details,omitempty"` -} - -// CopilotAuth handles GitHub Copilot authentication flow. -// It provides methods for device flow authentication and token management. -type CopilotAuth struct { - httpClient *http.Client - deviceClient *DeviceFlowClient - cfg *config.Config -} - -// NewCopilotAuth creates a new CopilotAuth service instance. -// It initializes an HTTP client with proxy settings from the provided configuration. -func NewCopilotAuth(cfg *config.Config) *CopilotAuth { - return &CopilotAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 30 * time.Second}), - deviceClient: NewDeviceFlowClient(cfg), - cfg: cfg, - } -} - -// StartDeviceFlow initiates the device flow authentication. -// Returns the device code response containing the user code and verification URI. -func (c *CopilotAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error) { - return c.deviceClient.RequestDeviceCode(ctx) -} - -// WaitForAuthorization polls for user authorization and returns the auth bundle. -func (c *CopilotAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotAuthBundle, error) { - tokenData, err := c.deviceClient.PollForToken(ctx, deviceCode) - if err != nil { - return nil, err - } - - // Fetch the GitHub username - username, err := c.deviceClient.FetchUserInfo(ctx, tokenData.AccessToken) - if err != nil { - log.Warnf("copilot: failed to fetch user info: %v", err) - username = "unknown" - } - - return &CopilotAuthBundle{ - TokenData: tokenData, - Username: username, - }, nil -} - -// GetCopilotAPIToken exchanges a GitHub access token for a Copilot API token. -// This token is used to make authenticated requests to the Copilot API. -func (c *CopilotAuth) GetCopilotAPIToken(ctx context.Context, githubAccessToken string) (*CopilotAPIToken, error) { - if githubAccessToken == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("github access token is empty")) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotAPITokenURL, nil) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - req.Header.Set("Authorization", "token "+githubAccessToken) - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", copilotUserAgent) - req.Header.Set("Editor-Version", copilotEditorVersion) - req.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot api token: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if !isHTTPSuccess(resp.StatusCode) { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, - fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var apiToken CopilotAPIToken - if err = json.Unmarshal(bodyBytes, &apiToken); err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if apiToken.Token == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty copilot api token")) - } - - return &apiToken, nil -} - -// ValidateToken checks if a GitHub access token is valid by attempting to fetch user info. -func (c *CopilotAuth) ValidateToken(ctx context.Context, accessToken string) (bool, string, error) { - if accessToken == "" { - return false, "", nil - } - - username, err := c.deviceClient.FetchUserInfo(ctx, accessToken) - if err != nil { - return false, "", err - } - - return true, username, nil -} - -// CreateTokenStorage creates a new CopilotTokenStorage from auth bundle. -func (c *CopilotAuth) CreateTokenStorage(bundle *CopilotAuthBundle) *CopilotTokenStorage { - return &CopilotTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - TokenType: bundle.TokenData.TokenType, - Scope: bundle.TokenData.Scope, - Username: bundle.Username, - Type: "github-copilot", - } -} - -// LoadAndValidateToken loads a token from storage and validates it. -// Returns the storage if valid, or an error if the token is invalid or expired. -func (c *CopilotAuth) LoadAndValidateToken(ctx context.Context, storage *CopilotTokenStorage) (bool, error) { - if storage == nil || storage.AccessToken == "" { - return false, fmt.Errorf("no token available") - } - - // Check if we can still use the GitHub token to get a Copilot API token - apiToken, err := c.GetCopilotAPIToken(ctx, storage.AccessToken) - if err != nil { - return false, err - } - - // Check if the API token is expired - if apiToken.ExpiresAt > 0 && time.Now().Unix() >= apiToken.ExpiresAt { - return false, fmt.Errorf("copilot api token expired") - } - - return true, nil -} - -// GetAPIEndpoint returns the Copilot API endpoint URL. -func (c *CopilotAuth) GetAPIEndpoint() string { - return copilotAPIEndpoint -} - -// MakeAuthenticatedRequest creates an authenticated HTTP request to the Copilot API. -func (c *CopilotAuth) MakeAuthenticatedRequest(ctx context.Context, method, url string, body io.Reader, apiToken *CopilotAPIToken) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, method, url, body) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Authorization", "Bearer "+apiToken.Token) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", copilotUserAgent) - req.Header.Set("Editor-Version", copilotEditorVersion) - req.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - req.Header.Set("Openai-Intent", copilotOpenAIIntent) - req.Header.Set("Copilot-Integration-Id", copilotIntegrationID) - - return req, nil -} - -// buildChatCompletionURL builds the URL for chat completions API. -func buildChatCompletionURL() string { - return copilotAPIEndpoint + "/chat/completions" -} - -// isHTTPSuccess checks if the status code indicates success (2xx). -func isHTTPSuccess(statusCode int) bool { - return statusCode >= 200 && statusCode < 300 -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/copilot/errors.go b/.worktrees/config/m/config-build/active/internal/auth/copilot/errors.go deleted file mode 100644 index a82dd8ecf6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/copilot/errors.go +++ /dev/null @@ -1,187 +0,0 @@ -package copilot - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Unwrap returns the underlying cause of the error. -func (e *AuthenticationError) Unwrap() error { - return e.Cause -} - -// Common authentication error types for GitHub Copilot device flow. -var ( - // ErrDeviceCodeFailed represents an error when requesting the device code fails. - ErrDeviceCodeFailed = &AuthenticationError{ - Type: "device_code_failed", - Message: "Failed to request device code from GitHub", - Code: http.StatusBadRequest, - } - - // ErrDeviceCodeExpired represents an error when the device code has expired. - ErrDeviceCodeExpired = &AuthenticationError{ - Type: "device_code_expired", - Message: "Device code has expired. Please try again.", - Code: http.StatusGone, - } - - // ErrAuthorizationPending represents a pending authorization state (not an error, used for polling). - ErrAuthorizationPending = &AuthenticationError{ - Type: "authorization_pending", - Message: "Authorization is pending. Waiting for user to authorize.", - Code: http.StatusAccepted, - } - - // ErrSlowDown represents a request to slow down polling. - ErrSlowDown = &AuthenticationError{ - Type: "slow_down", - Message: "Polling too frequently. Slowing down.", - Code: http.StatusTooManyRequests, - } - - // ErrAccessDenied represents an error when the user denies authorization. - ErrAccessDenied = &AuthenticationError{ - Type: "access_denied", - Message: "User denied authorization", - Code: http.StatusForbidden, - } - - // ErrTokenExchangeFailed represents an error when token exchange fails. - ErrTokenExchangeFailed = &AuthenticationError{ - Type: "token_exchange_failed", - Message: "Failed to exchange device code for access token", - Code: http.StatusBadRequest, - } - - // ErrPollingTimeout represents an error when polling times out. - ErrPollingTimeout = &AuthenticationError{ - Type: "polling_timeout", - Message: "Timeout waiting for user authorization", - Code: http.StatusRequestTimeout, - } - - // ErrUserInfoFailed represents an error when fetching user info fails. - ErrUserInfoFailed = &AuthenticationError{ - Type: "user_info_failed", - Message: "Failed to fetch GitHub user information", - Code: http.StatusBadRequest, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - var authErr *AuthenticationError - if errors.As(err, &authErr) { - switch authErr.Type { - case "device_code_failed": - return "Failed to start GitHub authentication. Please check your network connection and try again." - case "device_code_expired": - return "The authentication code has expired. Please try again." - case "authorization_pending": - return "Waiting for you to authorize the application on GitHub." - case "slow_down": - return "Please wait a moment before trying again." - case "access_denied": - return "Authentication was cancelled or denied." - case "token_exchange_failed": - return "Failed to complete authentication. Please try again." - case "polling_timeout": - return "Authentication timed out. Please try again." - case "user_info_failed": - return "Failed to get your GitHub account information. Please try again." - default: - return "Authentication failed. Please try again." - } - } - - var oauthErr *OAuthError - if errors.As(err, &oauthErr) { - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "GitHub server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - } - - return "An unexpected error occurred. Please try again." -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/copilot/oauth.go b/.worktrees/config/m/config-build/active/internal/auth/copilot/oauth.go deleted file mode 100644 index d3f46aaa10..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/copilot/oauth.go +++ /dev/null @@ -1,255 +0,0 @@ -package copilot - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // copilotClientID is GitHub's Copilot CLI OAuth client ID. - copilotClientID = "Iv1.b507a08c87ecfe98" - // copilotDeviceCodeURL is the endpoint for requesting device codes. - copilotDeviceCodeURL = "https://github.com/login/device/code" - // copilotTokenURL is the endpoint for exchanging device codes for tokens. - copilotTokenURL = "https://github.com/login/oauth/access_token" - // copilotUserInfoURL is the endpoint for fetching GitHub user information. - copilotUserInfoURL = "https://api.github.com/user" - // defaultPollInterval is the default interval for polling token endpoint. - defaultPollInterval = 5 * time.Second - // maxPollDuration is the maximum time to wait for user authorization. - maxPollDuration = 15 * time.Minute -) - -// DeviceFlowClient handles the OAuth2 device flow for GitHub Copilot. -type DeviceFlowClient struct { - httpClient *http.Client - cfg *config.Config -} - -// NewDeviceFlowClient creates a new device flow client. -func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &DeviceFlowClient{ - httpClient: client, - cfg: cfg, - } -} - -// RequestDeviceCode initiates the device flow by requesting a device code from GitHub. -func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) { - data := url.Values{} - data.Set("client_id", copilotClientID) - data.Set("scope", "user:email") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotDeviceCodeURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot device code: close body error: %v", errClose) - } - }() - - if !isHTTPSuccess(resp.StatusCode) { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, NewAuthenticationError(ErrDeviceCodeFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var deviceCode DeviceCodeResponse - if err = json.NewDecoder(resp.Body).Decode(&deviceCode); err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - - return &deviceCode, nil -} - -// PollForToken polls the token endpoint until the user authorizes or the device code expires. -func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotTokenData, error) { - if deviceCode == nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("device code is nil")) - } - - interval := time.Duration(deviceCode.Interval) * time.Second - if interval < defaultPollInterval { - interval = defaultPollInterval - } - - deadline := time.Now().Add(maxPollDuration) - if deviceCode.ExpiresIn > 0 { - codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second) - if codeDeadline.Before(deadline) { - deadline = codeDeadline - } - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, NewAuthenticationError(ErrPollingTimeout, ctx.Err()) - case <-ticker.C: - if time.Now().After(deadline) { - return nil, ErrPollingTimeout - } - - token, err := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode) - if err != nil { - var authErr *AuthenticationError - if errors.As(err, &authErr) { - switch authErr.Type { - case ErrAuthorizationPending.Type: - // Continue polling - continue - case ErrSlowDown.Type: - // Increase interval and continue - interval += 5 * time.Second - ticker.Reset(interval) - continue - case ErrDeviceCodeExpired.Type: - return nil, err - case ErrAccessDenied.Type: - return nil, err - } - } - return nil, err - } - return token, nil - } - } -} - -// exchangeDeviceCode attempts to exchange the device code for an access token. -func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*CopilotTokenData, error) { - data := url.Values{} - data.Set("client_id", copilotClientID) - data.Set("device_code", deviceCode) - data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot token exchange: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - // GitHub returns 200 for both success and error cases in device flow - // Check for OAuth error response first - var oauthResp struct { - Error string `json:"error"` - ErrorDescription string `json:"error_description"` - AccessToken string `json:"access_token"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if oauthResp.Error != "" { - switch oauthResp.Error { - case "authorization_pending": - return nil, ErrAuthorizationPending - case "slow_down": - return nil, ErrSlowDown - case "expired_token": - return nil, ErrDeviceCodeExpired - case "access_denied": - return nil, ErrAccessDenied - default: - return nil, NewOAuthError(oauthResp.Error, oauthResp.ErrorDescription, resp.StatusCode) - } - } - - if oauthResp.AccessToken == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty access token")) - } - - return &CopilotTokenData{ - AccessToken: oauthResp.AccessToken, - TokenType: oauthResp.TokenType, - Scope: oauthResp.Scope, - }, nil -} - -// FetchUserInfo retrieves the GitHub username for the authenticated user. -func (c *DeviceFlowClient) FetchUserInfo(ctx context.Context, accessToken string) (string, error) { - if accessToken == "" { - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("access token is empty")) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotUserInfoURL, nil) - if err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", "CLIProxyAPI") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot user info: close body error: %v", errClose) - } - }() - - if !isHTTPSuccess(resp.StatusCode) { - bodyBytes, _ := io.ReadAll(resp.Body) - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var userInfo struct { - Login string `json:"login"` - } - if err = json.NewDecoder(resp.Body).Decode(&userInfo); err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - - if userInfo.Login == "" { - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("empty username")) - } - - return userInfo.Login, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/copilot/token.go b/.worktrees/config/m/config-build/active/internal/auth/copilot/token.go deleted file mode 100644 index 4e5eed6c45..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/copilot/token.go +++ /dev/null @@ -1,93 +0,0 @@ -// Package copilot provides authentication and token management functionality -// for GitHub Copilot AI services. It handles OAuth2 device flow token storage, -// serialization, and retrieval for maintaining authenticated sessions with the Copilot API. -package copilot - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" -) - -// CopilotTokenStorage stores OAuth2 token information for GitHub Copilot API authentication. -// It maintains compatibility with the existing auth system while adding Copilot-specific fields -// for managing access tokens and user account information. -type CopilotTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // TokenType is the type of token, typically "bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` - // ExpiresAt is the timestamp when the access token expires (if provided). - ExpiresAt string `json:"expires_at,omitempty"` - // Username is the GitHub username associated with this token. - Username string `json:"username"` - // Type indicates the authentication provider type, always "github-copilot" for this storage. - Type string `json:"type"` -} - -// CopilotTokenData holds the raw OAuth token response from GitHub. -type CopilotTokenData struct { - // AccessToken is the OAuth2 access token. - AccessToken string `json:"access_token"` - // TokenType is the type of token, typically "bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` -} - -// CopilotAuthBundle bundles authentication data for storage. -type CopilotAuthBundle struct { - // TokenData contains the OAuth token information. - TokenData *CopilotTokenData - // Username is the GitHub username. - Username string -} - -// DeviceCodeResponse represents GitHub's device code response. -type DeviceCodeResponse struct { - // DeviceCode is the device verification code. - DeviceCode string `json:"device_code"` - // UserCode is the code the user must enter at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user should enter the code. - VerificationURI string `json:"verification_uri"` - // ExpiresIn is the number of seconds until the device code expires. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum number of seconds to wait between polling requests. - Interval int `json:"interval"` -} - -// SaveTokenToFile serializes the Copilot token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *CopilotTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "github-copilot" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/empty/token.go b/.worktrees/config/m/config-build/active/internal/auth/empty/token.go deleted file mode 100644 index 2edb2248c8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/empty/token.go +++ /dev/null @@ -1,26 +0,0 @@ -// Package empty provides a no-operation token storage implementation. -// This package is used when authentication tokens are not required or when -// using API key-based authentication instead of OAuth tokens for any provider. -package empty - -// EmptyStorage is a no-operation implementation of the TokenStorage interface. -// It provides empty implementations for scenarios where token storage is not needed, -// such as when using API keys instead of OAuth tokens for authentication. -type EmptyStorage struct { - // Type indicates the authentication provider type, always "empty" for this implementation. - Type string `json:"type"` -} - -// SaveTokenToFile is a no-operation implementation that always succeeds. -// This method satisfies the TokenStorage interface but performs no actual file operations -// since empty storage doesn't require persistent token data. -// -// Parameters: -// - _: The file path parameter is ignored in this implementation -// -// Returns: -// - error: Always returns nil (no error) -func (ts *EmptyStorage) SaveTokenToFile(_ string) error { - ts.Type = "empty" - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/gemini/gemini_auth.go b/.worktrees/config/m/config-build/active/internal/auth/gemini/gemini_auth.go deleted file mode 100644 index 6406a0e156..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/gemini/gemini_auth.go +++ /dev/null @@ -1,388 +0,0 @@ -// Package gemini provides authentication and token management functionality -// for Google's Gemini AI services. It handles OAuth2 authentication flows, -// including obtaining tokens via web-based authorization, storing tokens, -// and refreshing them when they expire. -package gemini - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/url" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "golang.org/x/net/proxy" - - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -// OAuth configuration constants for Gemini -const ( - ClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - ClientSecret = "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" - DefaultCallbackPort = 8085 -) - -// OAuth scopes for Gemini authentication -var Scopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// GeminiAuth provides methods for handling the Gemini OAuth2 authentication flow. -// It encapsulates the logic for obtaining, storing, and refreshing authentication tokens -// for Google's Gemini AI services. -type GeminiAuth struct { -} - -// WebLoginOptions customizes the interactive OAuth flow. -type WebLoginOptions struct { - NoBrowser bool - CallbackPort int - Prompt func(string) (string, error) -} - -// NewGeminiAuth creates a new instance of GeminiAuth. -func NewGeminiAuth() *GeminiAuth { - return &GeminiAuth{} -} - -// GetAuthenticatedClient configures and returns an HTTP client ready for making authenticated API calls. -// It manages the entire OAuth2 flow, including handling proxies, loading existing tokens, -// initiating a new web-based OAuth flow if necessary, and refreshing tokens. -// -// Parameters: -// - ctx: The context for the HTTP client -// - ts: The Gemini token storage containing authentication tokens -// - cfg: The configuration containing proxy settings -// - opts: Optional parameters to customize browser and prompt behavior -// -// Returns: -// - *http.Client: An HTTP client configured with authentication -// - error: An error if the client configuration fails, nil otherwise -func (g *GeminiAuth) GetAuthenticatedClient(ctx context.Context, ts *GeminiTokenStorage, cfg *config.Config, opts *WebLoginOptions) (*http.Client, error) { - callbackPort := DefaultCallbackPort - if opts != nil && opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - callbackURL := fmt.Sprintf("http://localhost:%d/oauth2callback", callbackPort) - - // Configure proxy settings for the HTTP client if a proxy URL is provided. - proxyURL, err := url.Parse(cfg.ProxyURL) - if err == nil { - var transport *http.Transport - if proxyURL.Scheme == "socks5" { - // Handle SOCKS5 proxy. - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - auth := &proxy.Auth{User: username, Password: password} - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, auth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return nil, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5) - } - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } else if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - // Handle HTTP/HTTPS proxy. - transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - - if transport != nil { - proxyClient := &http.Client{Transport: transport} - ctx = context.WithValue(ctx, oauth2.HTTPClient, proxyClient) - } - } - - // Configure the OAuth2 client. - conf := &oauth2.Config{ - ClientID: ClientID, - ClientSecret: ClientSecret, - RedirectURL: callbackURL, // This will be used by the local server. - Scopes: Scopes, - Endpoint: google.Endpoint, - } - - var token *oauth2.Token - - // If no token is found in storage, initiate the web-based OAuth flow. - if ts.Token == nil { - fmt.Printf("Could not load token from file, starting OAuth flow.\n") - token, err = g.getTokenFromWeb(ctx, conf, opts) - if err != nil { - return nil, fmt.Errorf("failed to get token from web: %w", err) - } - // After getting a new token, create a new token storage object with user info. - newTs, errCreateTokenStorage := g.createTokenStorage(ctx, conf, token, ts.ProjectID) - if errCreateTokenStorage != nil { - log.Errorf("Warning: failed to create token storage: %v", errCreateTokenStorage) - return nil, errCreateTokenStorage - } - *ts = *newTs - } - - // Unmarshal the stored token into an oauth2.Token object. - tsToken, _ := json.Marshal(ts.Token) - if err = json.Unmarshal(tsToken, &token); err != nil { - return nil, fmt.Errorf("failed to unmarshal token: %w", err) - } - - // Return an HTTP client that automatically handles token refreshing. - return conf.Client(ctx, token), nil -} - -// createTokenStorage creates a new GeminiTokenStorage object. It fetches the user's email -// using the provided token and populates the storage structure. -// -// Parameters: -// - ctx: The context for the HTTP request -// - config: The OAuth2 configuration -// - token: The OAuth2 token to use for authentication -// - projectID: The Google Cloud Project ID to associate with this token -// -// Returns: -// - *GeminiTokenStorage: A new token storage object with user information -// - error: An error if the token storage creation fails, nil otherwise -func (g *GeminiAuth) createTokenStorage(ctx context.Context, config *oauth2.Config, token *oauth2.Token, projectID string) (*GeminiTokenStorage, error) { - httpClient := config.Client(ctx, token) - req, err := http.NewRequestWithContext(ctx, "GET", "https://www.googleapis.com/oauth2/v1/userinfo?alt=json", nil) - if err != nil { - return nil, fmt.Errorf("could not get user info: %v", err) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken)) - - resp, err := httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("failed to execute request: %w", err) - } - defer func() { - if err = resp.Body.Close(); err != nil { - log.Printf("warn: failed to close response body: %v", err) - } - }() - - bodyBytes, _ := io.ReadAll(resp.Body) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return nil, fmt.Errorf("get user info request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - emailResult := gjson.GetBytes(bodyBytes, "email") - if emailResult.Exists() && emailResult.Type == gjson.String { - fmt.Printf("Authenticated user email: %s\n", emailResult.String()) - } else { - fmt.Println("Failed to get user email from token") - } - - var ifToken map[string]any - jsonData, _ := json.Marshal(token) - err = json.Unmarshal(jsonData, &ifToken) - if err != nil { - return nil, fmt.Errorf("failed to unmarshal token: %w", err) - } - - ifToken["token_uri"] = "https://oauth2.googleapis.com/token" - ifToken["client_id"] = ClientID - ifToken["client_secret"] = ClientSecret - ifToken["scopes"] = Scopes - ifToken["universe_domain"] = "googleapis.com" - - ts := GeminiTokenStorage{ - Token: ifToken, - ProjectID: projectID, - Email: emailResult.String(), - } - - return &ts, nil -} - -// getTokenFromWeb initiates the web-based OAuth2 authorization flow. -// It starts a local HTTP server to listen for the callback from Google's auth server, -// opens the user's browser to the authorization URL, and exchanges the received -// authorization code for an access token. -// -// Parameters: -// - ctx: The context for the HTTP client -// - config: The OAuth2 configuration -// - opts: Optional parameters to customize browser and prompt behavior -// -// Returns: -// - *oauth2.Token: The OAuth2 token obtained from the authorization flow -// - error: An error if the token acquisition fails, nil otherwise -func (g *GeminiAuth) getTokenFromWeb(ctx context.Context, config *oauth2.Config, opts *WebLoginOptions) (*oauth2.Token, error) { - callbackPort := DefaultCallbackPort - if opts != nil && opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - callbackURL := fmt.Sprintf("http://localhost:%d/oauth2callback", callbackPort) - - // Use a channel to pass the authorization code from the HTTP handler to the main function. - codeChan := make(chan string, 1) - errChan := make(chan error, 1) - - // Create a new HTTP server with its own multiplexer. - mux := http.NewServeMux() - server := &http.Server{Addr: fmt.Sprintf(":%d", callbackPort), Handler: mux} - config.RedirectURL = callbackURL - - mux.HandleFunc("/oauth2callback", func(w http.ResponseWriter, r *http.Request) { - if err := r.URL.Query().Get("error"); err != "" { - _, _ = fmt.Fprintf(w, "Authentication failed: %s", err) - select { - case errChan <- fmt.Errorf("authentication failed via callback: %s", err): - default: - } - return - } - code := r.URL.Query().Get("code") - if code == "" { - _, _ = fmt.Fprint(w, "Authentication failed: code not found.") - select { - case errChan <- fmt.Errorf("code not found in callback"): - default: - } - return - } - _, _ = fmt.Fprint(w, "

Authentication successful!

You can close this window.

") - select { - case codeChan <- code: - default: - } - }) - - // Start the server in a goroutine. - go func() { - if err := server.ListenAndServe(); !errors.Is(err, http.ErrServerClosed) { - log.Errorf("ListenAndServe(): %v", err) - select { - case errChan <- err: - default: - } - } - }() - - // Open the authorization URL in the user's browser. - authURL := config.AuthCodeURL("state-token", oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")) - - noBrowser := false - if opts != nil { - noBrowser = opts.NoBrowser - } - - if !noBrowser { - fmt.Println("Opening browser for authentication...") - - // Check if browser is available - if !browser.IsAvailable() { - log.Warn("No browser available on this system") - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Please manually open this URL in your browser:\n\n%s\n", authURL) - } else { - if err := browser.OpenURL(authURL); err != nil { - authErr := codex.NewAuthenticationError(codex.ErrBrowserOpenFailed, err) - log.Warn(codex.GetUserFriendlyMessage(authErr)) - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Please manually open this URL in your browser:\n\n%s\n", authURL) - - // Log platform info for debugging - platformInfo := browser.GetPlatformInfo() - log.Debugf("Browser platform info: %+v", platformInfo) - } else { - log.Debug("Browser opened successfully") - } - } - } else { - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Please open this URL in your browser:\n\n%s\n", authURL) - } - - fmt.Println("Waiting for authentication callback...") - - // Wait for the authorization code or an error. - var authCode string - timeoutTimer := time.NewTimer(5 * time.Minute) - defer timeoutTimer.Stop() - - var manualPromptTimer *time.Timer - var manualPromptC <-chan time.Time - if opts != nil && opts.Prompt != nil { - manualPromptTimer = time.NewTimer(15 * time.Second) - manualPromptC = manualPromptTimer.C - defer manualPromptTimer.Stop() - } - -waitForCallback: - for { - select { - case code := <-codeChan: - authCode = code - break waitForCallback - case err := <-errChan: - return nil, err - case <-manualPromptC: - manualPromptC = nil - if manualPromptTimer != nil { - manualPromptTimer.Stop() - } - select { - case code := <-codeChan: - authCode = code - break waitForCallback - case err := <-errChan: - return nil, err - default: - } - input, err := opts.Prompt("Paste the Gemini callback URL (or press Enter to keep waiting): ") - if err != nil { - return nil, err - } - parsed, err := misc.ParseOAuthCallback(input) - if err != nil { - return nil, err - } - if parsed == nil { - continue - } - if parsed.Error != "" { - return nil, fmt.Errorf("authentication failed via callback: %s", parsed.Error) - } - if parsed.Code == "" { - return nil, fmt.Errorf("code not found in callback") - } - authCode = parsed.Code - break waitForCallback - case <-timeoutTimer.C: - return nil, fmt.Errorf("oauth flow timed out") - } - } - - // Shutdown the server. - if err := server.Shutdown(ctx); err != nil { - log.Errorf("Failed to shut down server: %v", err) - } - - // Exchange the authorization code for a token. - token, err := config.Exchange(ctx, authCode) - if err != nil { - return nil, fmt.Errorf("failed to exchange token: %w", err) - } - - fmt.Println("Authentication successful.") - return token, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/gemini/gemini_token.go b/.worktrees/config/m/config-build/active/internal/auth/gemini/gemini_token.go deleted file mode 100644 index 0ec7da1722..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/gemini/gemini_token.go +++ /dev/null @@ -1,87 +0,0 @@ -// Package gemini provides authentication and token management functionality -// for Google's Gemini AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Gemini API. -package gemini - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// GeminiTokenStorage stores OAuth2 token information for Google Gemini API authentication. -// It maintains compatibility with the existing auth system while adding Gemini-specific fields -// for managing access tokens, refresh tokens, and user account information. -type GeminiTokenStorage struct { - // Token holds the raw OAuth2 token data, including access and refresh tokens. - Token any `json:"token"` - - // ProjectID is the Google Cloud Project ID associated with this token. - ProjectID string `json:"project_id"` - - // Email is the email address of the authenticated user. - Email string `json:"email"` - - // Auto indicates if the project ID was automatically selected. - Auto bool `json:"auto"` - - // Checked indicates if the associated Cloud AI API has been verified as enabled. - Checked bool `json:"checked"` - - // Type indicates the authentication provider type, always "gemini" for this storage. - Type string `json:"type"` -} - -// SaveTokenToFile serializes the Gemini token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *GeminiTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "gemini" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("failed to close file: %v", errClose) - } - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// CredentialFileName returns the filename used to persist Gemini CLI credentials. -// When projectID represents multiple projects (comma-separated or literal ALL), -// the suffix is normalized to "all" and a "gemini-" prefix is enforced to keep -// web and CLI generated files consistent. -func CredentialFileName(email, projectID string, includeProviderPrefix bool) string { - email = strings.TrimSpace(email) - project := strings.TrimSpace(projectID) - if strings.EqualFold(project, "all") || strings.Contains(project, ",") { - return fmt.Sprintf("gemini-%s-all.json", email) - } - prefix := "" - if includeProviderPrefix { - prefix = "gemini-" - } - return fmt.Sprintf("%s%s-%s.json", prefix, email, project) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/iflow/cookie_helpers.go b/.worktrees/config/m/config-build/active/internal/auth/iflow/cookie_helpers.go deleted file mode 100644 index 7e0f4264be..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/iflow/cookie_helpers.go +++ /dev/null @@ -1,99 +0,0 @@ -package iflow - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" -) - -// NormalizeCookie normalizes raw cookie strings for iFlow authentication flows. -func NormalizeCookie(raw string) (string, error) { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "", fmt.Errorf("cookie cannot be empty") - } - - combined := strings.Join(strings.Fields(trimmed), " ") - if !strings.HasSuffix(combined, ";") { - combined += ";" - } - if !strings.Contains(combined, "BXAuth=") { - return "", fmt.Errorf("cookie missing BXAuth field") - } - return combined, nil -} - -// SanitizeIFlowFileName normalizes user identifiers for safe filename usage. -func SanitizeIFlowFileName(raw string) string { - if raw == "" { - return "" - } - cleanEmail := strings.ReplaceAll(raw, "*", "x") - var result strings.Builder - for _, r := range cleanEmail { - if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '_' || r == '@' || r == '.' || r == '-' { - result.WriteRune(r) - } - } - return strings.TrimSpace(result.String()) -} - -// ExtractBXAuth extracts the BXAuth value from a cookie string. -func ExtractBXAuth(cookie string) string { - parts := strings.Split(cookie, ";") - for _, part := range parts { - part = strings.TrimSpace(part) - if strings.HasPrefix(part, "BXAuth=") { - return strings.TrimPrefix(part, "BXAuth=") - } - } - return "" -} - -// CheckDuplicateBXAuth checks if the given BXAuth value already exists in any iflow auth file. -// Returns the path of the existing file if found, empty string otherwise. -func CheckDuplicateBXAuth(authDir, bxAuth string) (string, error) { - if bxAuth == "" { - return "", nil - } - - entries, err := os.ReadDir(authDir) - if err != nil { - if os.IsNotExist(err) { - return "", nil - } - return "", fmt.Errorf("read auth dir failed: %w", err) - } - - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "iflow-") || !strings.HasSuffix(name, ".json") { - continue - } - - filePath := filepath.Join(authDir, name) - data, err := os.ReadFile(filePath) - if err != nil { - continue - } - - var tokenData struct { - Cookie string `json:"cookie"` - } - if err := json.Unmarshal(data, &tokenData); err != nil { - continue - } - - existingBXAuth := ExtractBXAuth(tokenData.Cookie) - if existingBXAuth != "" && existingBXAuth == bxAuth { - return filePath, nil - } - } - - return "", nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/iflow/iflow_auth.go b/.worktrees/config/m/config-build/active/internal/auth/iflow/iflow_auth.go deleted file mode 100644 index 279d7339d3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/iflow/iflow_auth.go +++ /dev/null @@ -1,535 +0,0 @@ -package iflow - -import ( - "compress/gzip" - "context" - "encoding/base64" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // OAuth endpoints and client metadata are derived from the reference Python implementation. - iFlowOAuthTokenEndpoint = "https://iflow.cn/oauth/token" - iFlowOAuthAuthorizeEndpoint = "https://iflow.cn/oauth" - iFlowUserInfoEndpoint = "https://iflow.cn/api/oauth/getUserInfo" - iFlowSuccessRedirectURL = "https://iflow.cn/oauth/success" - - // Cookie authentication endpoints - iFlowAPIKeyEndpoint = "https://platform.iflow.cn/api/openapi/apikey" - - // Client credentials provided by iFlow for the Code Assist integration. - iFlowOAuthClientID = "10009311001" - // Default client secret (can be overridden via IFLOW_CLIENT_SECRET env var) - defaultIFlowClientSecret = "4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW" -) - -// getIFlowClientSecret returns the iFlow OAuth client secret. -// It first checks the IFLOW_CLIENT_SECRET environment variable, -// falling back to the default value if not set. -func getIFlowClientSecret() string { - if secret := os.Getenv("IFLOW_CLIENT_SECRET"); secret != "" { - return secret - } - return defaultIFlowClientSecret -} - -// DefaultAPIBaseURL is the canonical chat completions endpoint. -const DefaultAPIBaseURL = "https://apis.iflow.cn/v1" - -// SuccessRedirectURL is exposed for consumers needing the official success page. -const SuccessRedirectURL = iFlowSuccessRedirectURL - -// CallbackPort defines the local port used for OAuth callbacks. -const CallbackPort = 11451 - -// IFlowAuth encapsulates the HTTP client helpers for the OAuth flow. -type IFlowAuth struct { - httpClient *http.Client -} - -// NewIFlowAuth constructs a new IFlowAuth with proxy-aware transport. -func NewIFlowAuth(cfg *config.Config) *IFlowAuth { - client := &http.Client{Timeout: 30 * time.Second} - return &IFlowAuth{httpClient: util.SetProxy(&cfg.SDKConfig, client)} -} - -// AuthorizationURL builds the authorization URL and matching redirect URI. -func (ia *IFlowAuth) AuthorizationURL(state string, port int) (authURL, redirectURI string) { - redirectURI = fmt.Sprintf("http://localhost:%d/oauth2callback", port) - values := url.Values{} - values.Set("loginMethod", "phone") - values.Set("type", "phone") - values.Set("redirect", redirectURI) - values.Set("state", state) - values.Set("client_id", iFlowOAuthClientID) - authURL = fmt.Sprintf("%s?%s", iFlowOAuthAuthorizeEndpoint, values.Encode()) - return authURL, redirectURI -} - -// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens. -func (ia *IFlowAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*IFlowTokenData, error) { - form := url.Values{} - form.Set("grant_type", "authorization_code") - form.Set("code", code) - form.Set("redirect_uri", redirectURI) - form.Set("client_id", iFlowOAuthClientID) - form.Set("client_secret", getIFlowClientSecret()) - - req, err := ia.newTokenRequest(ctx, form) - if err != nil { - return nil, err - } - - return ia.doTokenRequest(ctx, req) -} - -// RefreshTokens exchanges a refresh token for a new access token. -func (ia *IFlowAuth) RefreshTokens(ctx context.Context, refreshToken string) (*IFlowTokenData, error) { - form := url.Values{} - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - form.Set("client_id", iFlowOAuthClientID) - form.Set("client_secret", getIFlowClientSecret()) - - req, err := ia.newTokenRequest(ctx, form) - if err != nil { - return nil, err - } - - return ia.doTokenRequest(ctx, req) -} - -func (ia *IFlowAuth) newTokenRequest(ctx context.Context, form url.Values) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowOAuthTokenEndpoint, strings.NewReader(form.Encode())) - if err != nil { - return nil, fmt.Errorf("iflow token: create request failed: %w", err) - } - - basic := base64.StdEncoding.EncodeToString([]byte(iFlowOAuthClientID + ":" + getIFlowClientSecret())) - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - req.Header.Set("Authorization", "Basic "+basic) - return req, nil -} - -func (ia *IFlowAuth) doTokenRequest(ctx context.Context, req *http.Request) (*IFlowTokenData, error) { - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow token: request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow token: read response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow token request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow token: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var tokenResp IFlowTokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("iflow token: decode response failed: %w", err) - } - - data := &IFlowTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - TokenType: tokenResp.TokenType, - Scope: tokenResp.Scope, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - if tokenResp.AccessToken == "" { - log.Debug(string(body)) - return nil, fmt.Errorf("iflow token: missing access token in response") - } - - info, errAPI := ia.FetchUserInfo(ctx, tokenResp.AccessToken) - if errAPI != nil { - return nil, fmt.Errorf("iflow token: fetch user info failed: %w", errAPI) - } - if strings.TrimSpace(info.APIKey) == "" { - return nil, fmt.Errorf("iflow token: empty api key returned") - } - email := strings.TrimSpace(info.Email) - if email == "" { - email = strings.TrimSpace(info.Phone) - } - if email == "" { - return nil, fmt.Errorf("iflow token: missing account email/phone in user info") - } - data.APIKey = info.APIKey - data.Email = email - - return data, nil -} - -// FetchUserInfo retrieves account metadata (including API key) for the provided access token. -func (ia *IFlowAuth) FetchUserInfo(ctx context.Context, accessToken string) (*userInfoData, error) { - if strings.TrimSpace(accessToken) == "" { - return nil, fmt.Errorf("iflow api key: access token is empty") - } - - endpoint := fmt.Sprintf("%s?accessToken=%s", iFlowUserInfoEndpoint, url.QueryEscape(accessToken)) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) - if err != nil { - return nil, fmt.Errorf("iflow api key: create request failed: %w", err) - } - req.Header.Set("Accept", "application/json") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow api key: request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow api key: read response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow api key failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow api key: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var result userInfoResponse - if err = json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("iflow api key: decode body failed: %w", err) - } - - if !result.Success { - return nil, fmt.Errorf("iflow api key: request not successful") - } - - if result.Data.APIKey == "" { - return nil, fmt.Errorf("iflow api key: missing api key in response") - } - - return &result.Data, nil -} - -// CreateTokenStorage converts token data into persistence storage. -func (ia *IFlowAuth) CreateTokenStorage(data *IFlowTokenData) *IFlowTokenStorage { - if data == nil { - return nil - } - return &IFlowTokenStorage{ - AccessToken: data.AccessToken, - RefreshToken: data.RefreshToken, - LastRefresh: time.Now().Format(time.RFC3339), - Expire: data.Expire, - APIKey: data.APIKey, - Email: data.Email, - TokenType: data.TokenType, - Scope: data.Scope, - } -} - -// UpdateTokenStorage updates the persisted token storage with latest token data. -func (ia *IFlowAuth) UpdateTokenStorage(storage *IFlowTokenStorage, data *IFlowTokenData) { - if storage == nil || data == nil { - return - } - storage.AccessToken = data.AccessToken - storage.RefreshToken = data.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Expire = data.Expire - if data.APIKey != "" { - storage.APIKey = data.APIKey - } - if data.Email != "" { - storage.Email = data.Email - } - storage.TokenType = data.TokenType - storage.Scope = data.Scope -} - -// IFlowTokenResponse models the OAuth token endpoint response. -type IFlowTokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` -} - -// IFlowTokenData captures processed token details. -type IFlowTokenData struct { - AccessToken string - RefreshToken string - TokenType string - Scope string - Expire string - APIKey string - Email string - Cookie string -} - -// userInfoResponse represents the structure returned by the user info endpoint. -type userInfoResponse struct { - Success bool `json:"success"` - Data userInfoData `json:"data"` -} - -type userInfoData struct { - APIKey string `json:"apiKey"` - Email string `json:"email"` - Phone string `json:"phone"` -} - -// iFlowAPIKeyResponse represents the response from the API key endpoint -type iFlowAPIKeyResponse struct { - Success bool `json:"success"` - Code string `json:"code"` - Message string `json:"message"` - Data iFlowKeyData `json:"data"` - Extra interface{} `json:"extra"` -} - -// iFlowKeyData contains the API key information -type iFlowKeyData struct { - HasExpired bool `json:"hasExpired"` - ExpireTime string `json:"expireTime"` - Name string `json:"name"` - APIKey string `json:"apiKey"` - APIKeyMask string `json:"apiKeyMask"` -} - -// iFlowRefreshRequest represents the request body for refreshing API key -type iFlowRefreshRequest struct { - Name string `json:"name"` -} - -// AuthenticateWithCookie performs authentication using browser cookies -func (ia *IFlowAuth) AuthenticateWithCookie(ctx context.Context, cookie string) (*IFlowTokenData, error) { - if strings.TrimSpace(cookie) == "" { - return nil, fmt.Errorf("iflow cookie authentication: cookie is empty") - } - - // First, get initial API key information using GET request to obtain the name - keyInfo, err := ia.fetchAPIKeyInfo(ctx, cookie) - if err != nil { - return nil, fmt.Errorf("iflow cookie authentication: fetch initial API key info failed: %w", err) - } - - // Refresh the API key using POST request - refreshedKeyInfo, err := ia.RefreshAPIKey(ctx, cookie, keyInfo.Name) - if err != nil { - return nil, fmt.Errorf("iflow cookie authentication: refresh API key failed: %w", err) - } - - // Convert to token data format using refreshed key - data := &IFlowTokenData{ - APIKey: refreshedKeyInfo.APIKey, - Expire: refreshedKeyInfo.ExpireTime, - Email: refreshedKeyInfo.Name, - Cookie: cookie, - } - - return data, nil -} - -// fetchAPIKeyInfo retrieves API key information using GET request with cookie -func (ia *IFlowAuth) fetchAPIKeyInfo(ctx context.Context, cookie string) (*iFlowKeyData, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, iFlowAPIKeyEndpoint, nil) - if err != nil { - return nil, fmt.Errorf("iflow cookie: create GET request failed: %w", err) - } - - // Set cookie and other headers to mimic browser - req.Header.Set("Cookie", cookie) - req.Header.Set("Accept", "application/json, text/plain, */*") - req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36") - req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8") - req.Header.Set("Accept-Encoding", "gzip, deflate, br") - req.Header.Set("Connection", "keep-alive") - req.Header.Set("Sec-Fetch-Dest", "empty") - req.Header.Set("Sec-Fetch-Mode", "cors") - req.Header.Set("Sec-Fetch-Site", "same-origin") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow cookie: GET request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - // Handle gzip compression - var reader io.Reader = resp.Body - if resp.Header.Get("Content-Encoding") == "gzip" { - gzipReader, err := gzip.NewReader(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow cookie: create gzip reader failed: %w", err) - } - defer func() { _ = gzipReader.Close() }() - reader = gzipReader - } - - body, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("iflow cookie: read GET response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow cookie GET request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow cookie: GET request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var keyResp iFlowAPIKeyResponse - if err = json.Unmarshal(body, &keyResp); err != nil { - return nil, fmt.Errorf("iflow cookie: decode GET response failed: %w", err) - } - - if !keyResp.Success { - return nil, fmt.Errorf("iflow cookie: GET request not successful: %s", keyResp.Message) - } - - // Handle initial response where apiKey field might be apiKeyMask - if keyResp.Data.APIKey == "" && keyResp.Data.APIKeyMask != "" { - keyResp.Data.APIKey = keyResp.Data.APIKeyMask - } - - return &keyResp.Data, nil -} - -// RefreshAPIKey refreshes the API key using POST request -func (ia *IFlowAuth) RefreshAPIKey(ctx context.Context, cookie, name string) (*iFlowKeyData, error) { - if strings.TrimSpace(cookie) == "" { - return nil, fmt.Errorf("iflow cookie refresh: cookie is empty") - } - if strings.TrimSpace(name) == "" { - return nil, fmt.Errorf("iflow cookie refresh: name is empty") - } - - // Prepare request body - refreshReq := iFlowRefreshRequest{ - Name: name, - } - - bodyBytes, err := json.Marshal(refreshReq) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: marshal request failed: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowAPIKeyEndpoint, strings.NewReader(string(bodyBytes))) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: create POST request failed: %w", err) - } - - // Set cookie and other headers to mimic browser - req.Header.Set("Cookie", cookie) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json, text/plain, */*") - req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36") - req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8") - req.Header.Set("Accept-Encoding", "gzip, deflate, br") - req.Header.Set("Connection", "keep-alive") - req.Header.Set("Origin", "https://platform.iflow.cn") - req.Header.Set("Referer", "https://platform.iflow.cn/") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: POST request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - // Handle gzip compression - var reader io.Reader = resp.Body - if resp.Header.Get("Content-Encoding") == "gzip" { - gzipReader, err := gzip.NewReader(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: create gzip reader failed: %w", err) - } - defer func() { _ = gzipReader.Close() }() - reader = gzipReader - } - - body, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: read POST response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow cookie POST request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow cookie refresh: POST request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var keyResp iFlowAPIKeyResponse - if err = json.Unmarshal(body, &keyResp); err != nil { - return nil, fmt.Errorf("iflow cookie refresh: decode POST response failed: %w", err) - } - - if !keyResp.Success { - return nil, fmt.Errorf("iflow cookie refresh: POST request not successful: %s", keyResp.Message) - } - - return &keyResp.Data, nil -} - -// ShouldRefreshAPIKey checks if the API key needs to be refreshed (within 2 days of expiry) -func ShouldRefreshAPIKey(expireTime string) (bool, time.Duration, error) { - if strings.TrimSpace(expireTime) == "" { - return false, 0, fmt.Errorf("iflow cookie: expire time is empty") - } - - expire, err := time.Parse("2006-01-02 15:04", expireTime) - if err != nil { - return false, 0, fmt.Errorf("iflow cookie: parse expire time failed: %w", err) - } - - now := time.Now() - twoDaysFromNow := now.Add(48 * time.Hour) - - needsRefresh := expire.Before(twoDaysFromNow) - timeUntilExpiry := expire.Sub(now) - - return needsRefresh, timeUntilExpiry, nil -} - -// CreateCookieTokenStorage converts cookie-based token data into persistence storage -func (ia *IFlowAuth) CreateCookieTokenStorage(data *IFlowTokenData) *IFlowTokenStorage { - if data == nil { - return nil - } - - // Only save the BXAuth field from the cookie - bxAuth := ExtractBXAuth(data.Cookie) - cookieToSave := "" - if bxAuth != "" { - cookieToSave = "BXAuth=" + bxAuth + ";" - } - - return &IFlowTokenStorage{ - APIKey: data.APIKey, - Email: data.Email, - Expire: data.Expire, - Cookie: cookieToSave, - LastRefresh: time.Now().Format(time.RFC3339), - Type: "iflow", - } -} - -// UpdateCookieTokenStorage updates the persisted token storage with refreshed API key data -func (ia *IFlowAuth) UpdateCookieTokenStorage(storage *IFlowTokenStorage, keyData *iFlowKeyData) { - if storage == nil || keyData == nil { - return - } - - storage.APIKey = keyData.APIKey - storage.Expire = keyData.ExpireTime - storage.LastRefresh = time.Now().Format(time.RFC3339) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/iflow/iflow_token.go b/.worktrees/config/m/config-build/active/internal/auth/iflow/iflow_token.go deleted file mode 100644 index 6d2beb3922..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/iflow/iflow_token.go +++ /dev/null @@ -1,44 +0,0 @@ -package iflow - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" -) - -// IFlowTokenStorage persists iFlow OAuth credentials alongside the derived API key. -type IFlowTokenStorage struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - LastRefresh string `json:"last_refresh"` - Expire string `json:"expired"` - APIKey string `json:"api_key"` - Email string `json:"email"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` - Cookie string `json:"cookie"` - Type string `json:"type"` -} - -// SaveTokenToFile serialises the token storage to disk. -func (ts *IFlowTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "iflow" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0o700); err != nil { - return fmt.Errorf("iflow token: create directory failed: %w", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("iflow token: create file failed: %w", err) - } - defer func() { _ = f.Close() }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("iflow token: encode token failed: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/iflow/oauth_server.go b/.worktrees/config/m/config-build/active/internal/auth/iflow/oauth_server.go deleted file mode 100644 index 2a8b7b9f59..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/iflow/oauth_server.go +++ /dev/null @@ -1,143 +0,0 @@ -package iflow - -import ( - "context" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -const errorRedirectURL = "https://iflow.cn/oauth/error" - -// OAuthResult captures the outcome of the local OAuth callback. -type OAuthResult struct { - Code string - State string - Error string -} - -// OAuthServer provides a minimal HTTP server for handling the iFlow OAuth callback. -type OAuthServer struct { - server *http.Server - port int - result chan *OAuthResult - errChan chan error - mu sync.Mutex - running bool -} - -// NewOAuthServer constructs a new OAuthServer bound to the provided port. -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - result: make(chan *OAuthResult, 1), - errChan: make(chan error, 1), - } -} - -// Start launches the callback listener. -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - if s.running { - return fmt.Errorf("iflow oauth server already running") - } - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth2callback", s.handleCallback) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - go func() { - if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed { - s.errChan <- err - } - }() - - time.Sleep(100 * time.Millisecond) - return nil -} - -// Stop gracefully terminates the callback listener. -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - if !s.running || s.server == nil { - return nil - } - defer func() { - s.running = false - s.server = nil - }() - return s.server.Shutdown(ctx) -} - -// WaitForCallback blocks until a callback result, server error, or timeout occurs. -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case res := <-s.result: - return res, nil - case err := <-s.errChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet { - http.Error(w, "method not allowed", http.StatusMethodNotAllowed) - return - } - - query := r.URL.Query() - if errParam := strings.TrimSpace(query.Get("error")); errParam != "" { - s.sendResult(&OAuthResult{Error: errParam}) - http.Redirect(w, r, errorRedirectURL, http.StatusFound) - return - } - - code := strings.TrimSpace(query.Get("code")) - if code == "" { - s.sendResult(&OAuthResult{Error: "missing_code"}) - http.Redirect(w, r, errorRedirectURL, http.StatusFound) - return - } - - state := query.Get("state") - s.sendResult(&OAuthResult{Code: code, State: state}) - http.Redirect(w, r, SuccessRedirectURL, http.StatusFound) -} - -func (s *OAuthServer) sendResult(res *OAuthResult) { - select { - case s.result <- res: - default: - log.Debug("iflow oauth result channel full, dropping result") - } -} - -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - _ = listener.Close() - return true -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kilo/kilo_auth.go b/.worktrees/config/m/config-build/active/internal/auth/kilo/kilo_auth.go deleted file mode 100644 index dc128bf204..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kilo/kilo_auth.go +++ /dev/null @@ -1,168 +0,0 @@ -// Package kilo provides authentication and token management functionality -// for Kilo AI services. -package kilo - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "time" -) - -const ( - // BaseURL is the base URL for the Kilo AI API. - BaseURL = "https://api.kilo.ai/api" -) - -// DeviceAuthResponse represents the response from initiating device flow. -type DeviceAuthResponse struct { - Code string `json:"code"` - VerificationURL string `json:"verificationUrl"` - ExpiresIn int `json:"expiresIn"` -} - -// DeviceStatusResponse represents the response when polling for device flow status. -type DeviceStatusResponse struct { - Status string `json:"status"` - Token string `json:"token"` - UserEmail string `json:"userEmail"` -} - -// Profile represents the user profile from Kilo AI. -type Profile struct { - Email string `json:"email"` - Orgs []Organization `json:"organizations"` -} - -// Organization represents a Kilo AI organization. -type Organization struct { - ID string `json:"id"` - Name string `json:"name"` -} - -// Defaults represents default settings for an organization or user. -type Defaults struct { - Model string `json:"model"` -} - -// KiloAuth provides methods for handling the Kilo AI authentication flow. -type KiloAuth struct { - client *http.Client -} - -// NewKiloAuth creates a new instance of KiloAuth. -func NewKiloAuth() *KiloAuth { - return &KiloAuth{ - client: &http.Client{Timeout: 30 * time.Second}, - } -} - -// InitiateDeviceFlow starts the device authentication flow. -func (k *KiloAuth) InitiateDeviceFlow(ctx context.Context) (*DeviceAuthResponse, error) { - resp, err := k.client.Post(BaseURL+"/device-auth/codes", "application/json", nil) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to initiate device flow: status %d", resp.StatusCode) - } - - var data DeviceAuthResponse - if err := json.NewDecoder(resp.Body).Decode(&data); err != nil { - return nil, err - } - return &data, nil -} - -// PollForToken polls for the device flow completion. -func (k *KiloAuth) PollForToken(ctx context.Context, code string) (*DeviceStatusResponse, error) { - ticker := time.NewTicker(5 * time.Second) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-ticker.C: - resp, err := k.client.Get(BaseURL + "/device-auth/codes/" + code) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - var data DeviceStatusResponse - if err := json.NewDecoder(resp.Body).Decode(&data); err != nil { - return nil, err - } - - switch data.Status { - case "approved": - return &data, nil - case "denied", "expired": - return nil, fmt.Errorf("device flow %s", data.Status) - case "pending": - continue - default: - return nil, fmt.Errorf("unknown status: %s", data.Status) - } - } - } -} - -// GetProfile fetches the user's profile. -func (k *KiloAuth) GetProfile(ctx context.Context, token string) (*Profile, error) { - req, err := http.NewRequestWithContext(ctx, "GET", BaseURL+"/profile", nil) - if err != nil { - return nil, fmt.Errorf("failed to create get profile request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+token) - - resp, err := k.client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get profile: status %d", resp.StatusCode) - } - - var profile Profile - if err := json.NewDecoder(resp.Body).Decode(&profile); err != nil { - return nil, err - } - return &profile, nil -} - -// GetDefaults fetches default settings for an organization. -func (k *KiloAuth) GetDefaults(ctx context.Context, token, orgID string) (*Defaults, error) { - url := BaseURL + "/defaults" - if orgID != "" { - url = BaseURL + "/organizations/" + orgID + "/defaults" - } - - req, err := http.NewRequestWithContext(ctx, "GET", url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create get defaults request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+token) - - resp, err := k.client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get defaults: status %d", resp.StatusCode) - } - - var defaults Defaults - if err := json.NewDecoder(resp.Body).Decode(&defaults); err != nil { - return nil, err - } - return &defaults, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kilo/kilo_token.go b/.worktrees/config/m/config-build/active/internal/auth/kilo/kilo_token.go deleted file mode 100644 index 5d1646e7d5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kilo/kilo_token.go +++ /dev/null @@ -1,60 +0,0 @@ -// Package kilo provides authentication and token management functionality -// for Kilo AI services. -package kilo - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// KiloTokenStorage stores token information for Kilo AI authentication. -type KiloTokenStorage struct { - // Token is the Kilo access token. - Token string `json:"kilocodeToken"` - - // OrganizationID is the Kilo organization ID. - OrganizationID string `json:"kilocodeOrganizationId"` - - // Model is the default model to use. - Model string `json:"kilocodeModel"` - - // Email is the email address of the authenticated user. - Email string `json:"email"` - - // Type indicates the authentication provider type, always "kilo" for this storage. - Type string `json:"type"` -} - -// SaveTokenToFile serializes the Kilo token storage to a JSON file. -func (ts *KiloTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "kilo" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("failed to close file: %v", errClose) - } - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// CredentialFileName returns the filename used to persist Kilo credentials. -func CredentialFileName(email string) string { - return fmt.Sprintf("kilo-%s.json", email) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kimi/kimi.go b/.worktrees/config/m/config-build/active/internal/auth/kimi/kimi.go deleted file mode 100644 index 8427a057e8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kimi/kimi.go +++ /dev/null @@ -1,396 +0,0 @@ -// Package kimi provides authentication and token management for Kimi (Moonshot AI) API. -// It handles the RFC 8628 OAuth2 Device Authorization Grant flow for secure authentication. -package kimi - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "os" - "runtime" - "strings" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // kimiClientID is Kimi Code's OAuth client ID. - kimiClientID = "17e5f671-d194-4dfb-9706-5516cb48c098" - // kimiOAuthHost is the OAuth server endpoint. - kimiOAuthHost = "https://auth.kimi.com" - // kimiDeviceCodeURL is the endpoint for requesting device codes. - kimiDeviceCodeURL = kimiOAuthHost + "/api/oauth/device_authorization" - // kimiTokenURL is the endpoint for exchanging device codes for tokens. - kimiTokenURL = kimiOAuthHost + "/api/oauth/token" - // KimiAPIBaseURL is the base URL for Kimi API requests. - KimiAPIBaseURL = "https://api.kimi.com/coding" - // defaultPollInterval is the default interval for polling token endpoint. - defaultPollInterval = 5 * time.Second - // maxPollDuration is the maximum time to wait for user authorization. - maxPollDuration = 15 * time.Minute - // refreshThresholdSeconds is when to refresh token before expiry (5 minutes). - refreshThresholdSeconds = 300 -) - -// KimiAuth handles Kimi authentication flow. -type KimiAuth struct { - deviceClient *DeviceFlowClient - cfg *config.Config -} - -// NewKimiAuth creates a new KimiAuth service instance. -func NewKimiAuth(cfg *config.Config) *KimiAuth { - return &KimiAuth{ - deviceClient: NewDeviceFlowClient(cfg), - cfg: cfg, - } -} - -// StartDeviceFlow initiates the device flow authentication. -func (k *KimiAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error) { - return k.deviceClient.RequestDeviceCode(ctx) -} - -// WaitForAuthorization polls for user authorization and returns the auth bundle. -func (k *KimiAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*KimiAuthBundle, error) { - tokenData, err := k.deviceClient.PollForToken(ctx, deviceCode) - if err != nil { - return nil, err - } - - return &KimiAuthBundle{ - TokenData: tokenData, - DeviceID: k.deviceClient.deviceID, - }, nil -} - -// CreateTokenStorage creates a new KimiTokenStorage from auth bundle. -func (k *KimiAuth) CreateTokenStorage(bundle *KimiAuthBundle) *KimiTokenStorage { - expired := "" - if bundle.TokenData.ExpiresAt > 0 { - expired = time.Unix(bundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - } - return &KimiTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - TokenType: bundle.TokenData.TokenType, - Scope: bundle.TokenData.Scope, - DeviceID: strings.TrimSpace(bundle.DeviceID), - Expired: expired, - Type: "kimi", - } -} - -// DeviceFlowClient handles the OAuth2 device flow for Kimi. -type DeviceFlowClient struct { - httpClient *http.Client - cfg *config.Config - deviceID string -} - -// NewDeviceFlowClient creates a new device flow client. -func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient { - return NewDeviceFlowClientWithDeviceID(cfg, "") -} - -// NewDeviceFlowClientWithDeviceID creates a new device flow client with the specified device ID. -func NewDeviceFlowClientWithDeviceID(cfg *config.Config, deviceID string) *DeviceFlowClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - resolvedDeviceID := strings.TrimSpace(deviceID) - if resolvedDeviceID == "" { - resolvedDeviceID = getOrCreateDeviceID() - } - return &DeviceFlowClient{ - httpClient: client, - cfg: cfg, - deviceID: resolvedDeviceID, - } -} - -// getOrCreateDeviceID returns an in-memory device ID for the current authentication flow. -func getOrCreateDeviceID() string { - return uuid.New().String() -} - -// getDeviceModel returns a device model string. -func getDeviceModel() string { - osName := runtime.GOOS - arch := runtime.GOARCH - - switch osName { - case "darwin": - return fmt.Sprintf("macOS %s", arch) - case "windows": - return fmt.Sprintf("Windows %s", arch) - case "linux": - return fmt.Sprintf("Linux %s", arch) - default: - return fmt.Sprintf("%s %s", osName, arch) - } -} - -// getHostname returns the machine hostname. -func getHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// commonHeaders returns headers required for Kimi API requests. -func (c *DeviceFlowClient) commonHeaders() map[string]string { - return map[string]string{ - "X-Msh-Platform": "cli-proxy-api", - "X-Msh-Version": "1.0.0", - "X-Msh-Device-Name": getHostname(), - "X-Msh-Device-Model": getDeviceModel(), - "X-Msh-Device-Id": c.deviceID, - } -} - -// RequestDeviceCode initiates the device flow by requesting a device code from Kimi. -func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) { - data := url.Values{} - data.Set("client_id", kimiClientID) - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiDeviceCodeURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create device code request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: device code request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi device code: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read device code response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("kimi: device code request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - var deviceCode DeviceCodeResponse - if err = json.Unmarshal(bodyBytes, &deviceCode); err != nil { - return nil, fmt.Errorf("kimi: failed to parse device code response: %w", err) - } - - return &deviceCode, nil -} - -// PollForToken polls the token endpoint until the user authorizes or the device code expires. -func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*KimiTokenData, error) { - if deviceCode == nil { - return nil, fmt.Errorf("kimi: device code is nil") - } - - interval := time.Duration(deviceCode.Interval) * time.Second - if interval < defaultPollInterval { - interval = defaultPollInterval - } - - deadline := time.Now().Add(maxPollDuration) - if deviceCode.ExpiresIn > 0 { - codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second) - if codeDeadline.Before(deadline) { - deadline = codeDeadline - } - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, fmt.Errorf("kimi: context cancelled: %w", ctx.Err()) - case <-ticker.C: - if time.Now().After(deadline) { - return nil, fmt.Errorf("kimi: device code expired") - } - - token, pollErr, shouldContinue := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode) - if token != nil { - return token, nil - } - if !shouldContinue { - return nil, pollErr - } - // Continue polling - } - } -} - -// exchangeDeviceCode attempts to exchange the device code for an access token. -// Returns (token, error, shouldContinue). -func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*KimiTokenData, error, bool) { - data := url.Values{} - data.Set("client_id", kimiClientID) - data.Set("device_code", deviceCode) - data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create token request: %w", err), false - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: token request failed: %w", err), false - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi token exchange: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read token response: %w", err), false - } - - // Parse response - Kimi returns 200 for both success and pending states - var oauthResp struct { - Error string `json:"error"` - ErrorDescription string `json:"error_description"` - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn float64 `json:"expires_in"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil { - return nil, fmt.Errorf("kimi: failed to parse token response: %w", err), false - } - - if oauthResp.Error != "" { - switch oauthResp.Error { - case "authorization_pending": - return nil, nil, true // Continue polling - case "slow_down": - return nil, nil, true // Continue polling (with increased interval handled by caller) - case "expired_token": - return nil, fmt.Errorf("kimi: device code expired"), false - case "access_denied": - return nil, fmt.Errorf("kimi: access denied by user"), false - default: - return nil, fmt.Errorf("kimi: OAuth error: %s - %s", oauthResp.Error, oauthResp.ErrorDescription), false - } - } - - if oauthResp.AccessToken == "" { - return nil, fmt.Errorf("kimi: empty access token in response"), false - } - - var expiresAt int64 - if oauthResp.ExpiresIn > 0 { - expiresAt = time.Now().Unix() + int64(oauthResp.ExpiresIn) - } - - return &KimiTokenData{ - AccessToken: oauthResp.AccessToken, - RefreshToken: oauthResp.RefreshToken, - TokenType: oauthResp.TokenType, - ExpiresAt: expiresAt, - Scope: oauthResp.Scope, - }, nil, false -} - -// RefreshToken exchanges a refresh token for a new access token. -func (c *DeviceFlowClient) RefreshToken(ctx context.Context, refreshToken string) (*KimiTokenData, error) { - data := url.Values{} - data.Set("client_id", kimiClientID) - data.Set("grant_type", "refresh_token") - data.Set("refresh_token", refreshToken) - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create refresh request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: refresh request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi refresh token: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read refresh response: %w", err) - } - - if resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden { - return nil, fmt.Errorf("kimi: refresh token rejected (status %d)", resp.StatusCode) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("kimi: refresh failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn float64 `json:"expires_in"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &tokenResp); err != nil { - return nil, fmt.Errorf("kimi: failed to parse refresh response: %w", err) - } - - if tokenResp.AccessToken == "" { - return nil, fmt.Errorf("kimi: empty access token in refresh response") - } - - var expiresAt int64 - if tokenResp.ExpiresIn > 0 { - expiresAt = time.Now().Unix() + int64(tokenResp.ExpiresIn) - } - - return &KimiTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - TokenType: tokenResp.TokenType, - ExpiresAt: expiresAt, - Scope: tokenResp.Scope, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kimi/token.go b/.worktrees/config/m/config-build/active/internal/auth/kimi/token.go deleted file mode 100644 index d4d06b6417..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kimi/token.go +++ /dev/null @@ -1,116 +0,0 @@ -// Package kimi provides authentication and token management functionality -// for Kimi (Moonshot AI) services. It handles OAuth2 device flow token storage, -// serialization, and retrieval for maintaining authenticated sessions with the Kimi API. -package kimi - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" -) - -// KimiTokenStorage stores OAuth2 token information for Kimi API authentication. -type KimiTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is the OAuth2 refresh token used to obtain new access tokens. - RefreshToken string `json:"refresh_token"` - // TokenType is the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope,omitempty"` - // DeviceID is the OAuth device flow identifier used for Kimi requests. - DeviceID string `json:"device_id,omitempty"` - // Expired is the RFC3339 timestamp when the access token expires. - Expired string `json:"expired,omitempty"` - // Type indicates the authentication provider type, always "kimi" for this storage. - Type string `json:"type"` -} - -// KimiTokenData holds the raw OAuth token response from Kimi. -type KimiTokenData struct { - // AccessToken is the OAuth2 access token. - AccessToken string `json:"access_token"` - // RefreshToken is the OAuth2 refresh token. - RefreshToken string `json:"refresh_token"` - // TokenType is the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ExpiresAt is the Unix timestamp when the token expires. - ExpiresAt int64 `json:"expires_at"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` -} - -// KimiAuthBundle bundles authentication data for storage. -type KimiAuthBundle struct { - // TokenData contains the OAuth token information. - TokenData *KimiTokenData - // DeviceID is the device identifier used during OAuth device flow. - DeviceID string -} - -// DeviceCodeResponse represents Kimi's device code response. -type DeviceCodeResponse struct { - // DeviceCode is the device verification code. - DeviceCode string `json:"device_code"` - // UserCode is the code the user must enter at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user should enter the code. - VerificationURI string `json:"verification_uri,omitempty"` - // VerificationURIComplete is the URL with the code pre-filled. - VerificationURIComplete string `json:"verification_uri_complete"` - // ExpiresIn is the number of seconds until the device code expires. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum number of seconds to wait between polling requests. - Interval int `json:"interval"` -} - -// SaveTokenToFile serializes the Kimi token storage to a JSON file. -func (ts *KimiTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "kimi" - - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - encoder := json.NewEncoder(f) - encoder.SetIndent("", " ") - if err = encoder.Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// IsExpired checks if the token has expired. -func (ts *KimiTokenStorage) IsExpired() bool { - if ts.Expired == "" { - return false // No expiry set, assume valid - } - t, err := time.Parse(time.RFC3339, ts.Expired) - if err != nil { - return true // Has expiry string but can't parse - } - // Consider expired if within refresh threshold - return time.Now().Add(time.Duration(refreshThresholdSeconds) * time.Second).After(t) -} - -// NeedsRefresh checks if the token should be refreshed. -func (ts *KimiTokenStorage) NeedsRefresh() bool { - if ts.RefreshToken == "" { - return false // Can't refresh without refresh token - } - return ts.IsExpired() -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/aws.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/aws.go deleted file mode 100644 index 6ec67c499a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/aws.go +++ /dev/null @@ -1,522 +0,0 @@ -// Package kiro provides authentication functionality for AWS CodeWhisperer (Kiro) API. -// It includes interfaces and implementations for token storage and authentication methods. -package kiro - -import ( - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "time" -) - -// PKCECodes holds PKCE verification codes for OAuth2 PKCE flow -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// KiroTokenData holds OAuth token information from AWS CodeWhisperer (Kiro) -type KiroTokenData struct { - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"accessToken"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refreshToken"` - // ProfileArn is the AWS CodeWhisperer profile ARN - ProfileArn string `json:"profileArn"` - // ExpiresAt is the timestamp when the token expires - ExpiresAt string `json:"expiresAt"` - // AuthMethod indicates the authentication method used (e.g., "builder-id", "social", "idc") - AuthMethod string `json:"authMethod"` - // Provider indicates the OAuth provider (e.g., "AWS", "Google", "Enterprise") - Provider string `json:"provider"` - // ClientID is the OIDC client ID (needed for token refresh) - ClientID string `json:"clientId,omitempty"` - // ClientSecret is the OIDC client secret (needed for token refresh) - ClientSecret string `json:"clientSecret,omitempty"` - // ClientIDHash is the hash of client ID used to locate device registration file - // (Enterprise Kiro IDE stores clientId/clientSecret in ~/.aws/sso/cache/{clientIdHash}.json) - ClientIDHash string `json:"clientIdHash,omitempty"` - // Email is the user's email address (used for file naming) - Email string `json:"email,omitempty"` - // StartURL is the IDC/Identity Center start URL (only for IDC auth method) - StartURL string `json:"startUrl,omitempty"` - // Region is the AWS region for IDC authentication (only for IDC auth method) - Region string `json:"region,omitempty"` -} - -// KiroAuthBundle aggregates authentication data after OAuth flow completion -type KiroAuthBundle struct { - // TokenData contains the OAuth tokens from the authentication flow - TokenData KiroTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} - -// KiroUsageInfo represents usage information from CodeWhisperer API -type KiroUsageInfo struct { - // SubscriptionTitle is the subscription plan name (e.g., "KIRO FREE") - SubscriptionTitle string `json:"subscription_title"` - // CurrentUsage is the current credit usage - CurrentUsage float64 `json:"current_usage"` - // UsageLimit is the maximum credit limit - UsageLimit float64 `json:"usage_limit"` - // NextReset is the timestamp of the next usage reset - NextReset string `json:"next_reset"` -} - -// KiroModel represents a model available through the CodeWhisperer API -type KiroModel struct { - // ModelID is the unique identifier for the model - ModelID string `json:"modelId"` - // ModelName is the human-readable name - ModelName string `json:"modelName"` - // Description is the model description - Description string `json:"description"` - // RateMultiplier is the credit multiplier for this model - RateMultiplier float64 `json:"rateMultiplier"` - // RateUnit is the unit for rate calculation (e.g., "credit") - RateUnit string `json:"rateUnit"` - // MaxInputTokens is the maximum input token limit - MaxInputTokens int `json:"maxInputTokens,omitempty"` -} - -// KiroIDETokenFile is the default path to Kiro IDE's token file -const KiroIDETokenFile = ".aws/sso/cache/kiro-auth-token.json" - -// Default retry configuration for file reading -const ( - defaultTokenReadMaxAttempts = 10 // Maximum retry attempts - defaultTokenReadBaseDelay = 50 * time.Millisecond // Base delay between retries -) - -// isTransientFileError checks if the error is a transient file access error -// that may be resolved by retrying (e.g., file locked by another process on Windows). -func isTransientFileError(err error) bool { - if err == nil { - return false - } - - // Check for OS-level file access errors (Windows sharing violation, etc.) - var pathErr *os.PathError - if errors.As(err, &pathErr) { - // Windows sharing violation (ERROR_SHARING_VIOLATION = 32) - // Windows lock violation (ERROR_LOCK_VIOLATION = 33) - errStr := pathErr.Err.Error() - if strings.Contains(errStr, "being used by another process") || - strings.Contains(errStr, "sharing violation") || - strings.Contains(errStr, "lock violation") { - return true - } - } - - // Check error message for common transient patterns - errMsg := strings.ToLower(err.Error()) - transientPatterns := []string{ - "being used by another process", - "sharing violation", - "lock violation", - "access is denied", - "unexpected end of json", - "unexpected eof", - } - for _, pattern := range transientPatterns { - if strings.Contains(errMsg, pattern) { - return true - } - } - - return false -} - -// LoadKiroIDETokenWithRetry loads token data from Kiro IDE's token file with retry logic. -// This handles transient file access errors (e.g., file locked by Kiro IDE during write). -// maxAttempts: maximum number of retry attempts (default 10 if <= 0) -// baseDelay: base delay between retries with exponential backoff (default 50ms if <= 0) -func LoadKiroIDETokenWithRetry(maxAttempts int, baseDelay time.Duration) (*KiroTokenData, error) { - if maxAttempts <= 0 { - maxAttempts = defaultTokenReadMaxAttempts - } - if baseDelay <= 0 { - baseDelay = defaultTokenReadBaseDelay - } - - var lastErr error - for attempt := 0; attempt < maxAttempts; attempt++ { - token, err := LoadKiroIDEToken() - if err == nil { - return token, nil - } - lastErr = err - - // Only retry for transient errors - if !isTransientFileError(err) { - return nil, err - } - - // Exponential backoff: delay * 2^attempt, capped at 500ms - delay := baseDelay * time.Duration(1< 500*time.Millisecond { - delay = 500 * time.Millisecond - } - time.Sleep(delay) - } - - return nil, fmt.Errorf("failed to read token file after %d attempts: %w", maxAttempts, lastErr) -} - -// LoadKiroIDEToken loads token data from Kiro IDE's token file. -// For Enterprise Kiro IDE (IDC auth), it also loads clientId and clientSecret -// from the device registration file referenced by clientIdHash. -func LoadKiroIDEToken() (*KiroTokenData, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - tokenPath := filepath.Join(homeDir, KiroIDETokenFile) - data, err := os.ReadFile(tokenPath) - if err != nil { - return nil, fmt.Errorf("failed to read Kiro IDE token file (%s): %w", tokenPath, err) - } - - var token KiroTokenData - if err := json.Unmarshal(data, &token); err != nil { - return nil, fmt.Errorf("failed to parse Kiro IDE token: %w", err) - } - - if token.AccessToken == "" { - return nil, fmt.Errorf("access token is empty in Kiro IDE token file") - } - - // Normalize AuthMethod to lowercase (Kiro IDE uses "IdC" but we expect "idc") - token.AuthMethod = strings.ToLower(token.AuthMethod) - - // For Enterprise Kiro IDE (IDC auth), load clientId and clientSecret from device registration - // The device registration file is located at ~/.aws/sso/cache/{clientIdHash}.json - if token.ClientIDHash != "" && token.ClientID == "" { - if err := loadDeviceRegistration(homeDir, token.ClientIDHash, &token); err != nil { - // Log warning but don't fail - token might still work for some operations - fmt.Printf("warning: failed to load device registration for clientIdHash %s: %v\n", token.ClientIDHash, err) - } - } - - return &token, nil -} - -// loadDeviceRegistration loads clientId and clientSecret from the device registration file. -// Enterprise Kiro IDE stores these in ~/.aws/sso/cache/{clientIdHash}.json -func loadDeviceRegistration(homeDir, clientIDHash string, token *KiroTokenData) error { - if clientIDHash == "" { - return fmt.Errorf("clientIdHash is empty") - } - - // Sanitize clientIdHash to prevent path traversal - if strings.Contains(clientIDHash, "/") || strings.Contains(clientIDHash, "\\") || strings.Contains(clientIDHash, "..") { - return fmt.Errorf("invalid clientIdHash: contains path separator") - } - - deviceRegPath := filepath.Join(homeDir, ".aws", "sso", "cache", clientIDHash+".json") - data, err := os.ReadFile(deviceRegPath) - if err != nil { - return fmt.Errorf("failed to read device registration file (%s): %w", deviceRegPath, err) - } - - // Device registration file structure - var deviceReg struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - ExpiresAt string `json:"expiresAt"` - } - - if err := json.Unmarshal(data, &deviceReg); err != nil { - return fmt.Errorf("failed to parse device registration: %w", err) - } - - if deviceReg.ClientID == "" || deviceReg.ClientSecret == "" { - return fmt.Errorf("device registration missing clientId or clientSecret") - } - - token.ClientID = deviceReg.ClientID - token.ClientSecret = deviceReg.ClientSecret - - return nil -} - -// LoadKiroTokenFromPath loads token data from a custom path. -// This supports multiple accounts by allowing different token files. -// For Enterprise Kiro IDE (IDC auth), it also loads clientId and clientSecret -// from the device registration file referenced by clientIdHash. -func LoadKiroTokenFromPath(tokenPath string) (*KiroTokenData, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - // Expand ~ to home directory - if len(tokenPath) > 0 && tokenPath[0] == '~' { - tokenPath = filepath.Join(homeDir, tokenPath[1:]) - } - - data, err := os.ReadFile(tokenPath) - if err != nil { - return nil, fmt.Errorf("failed to read token file (%s): %w", tokenPath, err) - } - - var token KiroTokenData - if err := json.Unmarshal(data, &token); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - if token.AccessToken == "" { - return nil, fmt.Errorf("access token is empty in token file") - } - - // Normalize AuthMethod to lowercase (Kiro IDE uses "IdC" but we expect "idc") - token.AuthMethod = strings.ToLower(token.AuthMethod) - - // For Enterprise Kiro IDE (IDC auth), load clientId and clientSecret from device registration - if token.ClientIDHash != "" && token.ClientID == "" { - if err := loadDeviceRegistration(homeDir, token.ClientIDHash, &token); err != nil { - // Log warning but don't fail - token might still work for some operations - fmt.Printf("warning: failed to load device registration for clientIdHash %s: %v\n", token.ClientIDHash, err) - } - } - - return &token, nil -} - -// ListKiroTokenFiles lists all Kiro token files in the cache directory. -// This supports multiple accounts by finding all token files. -func ListKiroTokenFiles() ([]string, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - cacheDir := filepath.Join(homeDir, ".aws", "sso", "cache") - - // Check if directory exists - if _, err := os.Stat(cacheDir); os.IsNotExist(err) { - return nil, nil // No token files - } - - entries, err := os.ReadDir(cacheDir) - if err != nil { - return nil, fmt.Errorf("failed to read cache directory: %w", err) - } - - var tokenFiles []string - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - // Look for kiro token files only (avoid matching unrelated AWS SSO cache files) - if strings.HasSuffix(name, ".json") && strings.HasPrefix(name, "kiro") { - tokenFiles = append(tokenFiles, filepath.Join(cacheDir, name)) - } - } - - return tokenFiles, nil -} - -// LoadAllKiroTokens loads all Kiro tokens from the cache directory. -// This supports multiple accounts. -func LoadAllKiroTokens() ([]*KiroTokenData, error) { - files, err := ListKiroTokenFiles() - if err != nil { - return nil, err - } - - var tokens []*KiroTokenData - for _, file := range files { - token, err := LoadKiroTokenFromPath(file) - if err != nil { - // Skip invalid token files - continue - } - tokens = append(tokens, token) - } - - return tokens, nil -} - -// JWTClaims represents the claims we care about from a JWT token. -// JWT tokens from Kiro/AWS contain user information in the payload. -type JWTClaims struct { - Email string `json:"email,omitempty"` - Sub string `json:"sub,omitempty"` - PreferredUser string `json:"preferred_username,omitempty"` - Name string `json:"name,omitempty"` - Iss string `json:"iss,omitempty"` -} - -// ExtractEmailFromJWT extracts the user's email from a JWT access token. -// JWT tokens typically have format: header.payload.signature -// The payload is base64url-encoded JSON containing user claims. -func ExtractEmailFromJWT(accessToken string) string { - if accessToken == "" { - return "" - } - - // JWT format: header.payload.signature - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - return "" - } - - // Decode the payload (second part) - payload := parts[1] - - // Add padding if needed (base64url requires padding) - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - - decoded, err := base64.URLEncoding.DecodeString(payload) - if err != nil { - // Try RawURLEncoding (no padding) - decoded, err = base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return "" - } - } - - var claims JWTClaims - if err := json.Unmarshal(decoded, &claims); err != nil { - return "" - } - - // Return email if available - if claims.Email != "" { - return claims.Email - } - - // Fallback to preferred_username (some providers use this) - if claims.PreferredUser != "" && strings.Contains(claims.PreferredUser, "@") { - return claims.PreferredUser - } - - // Fallback to sub if it looks like an email - if claims.Sub != "" && strings.Contains(claims.Sub, "@") { - return claims.Sub - } - - return "" -} - -// SanitizeEmailForFilename sanitizes an email address for use in a filename. -// Replaces special characters with underscores and prevents path traversal attacks. -// Also handles URL-encoded characters to prevent encoded path traversal attempts. -func SanitizeEmailForFilename(email string) string { - if email == "" { - return "" - } - - result := email - - // First, handle URL-encoded path traversal attempts (%2F, %2E, %5C, etc.) - // This prevents encoded characters from bypassing the sanitization. - // Note: We replace % last to catch any remaining encodings including double-encoding (%252F) - result = strings.ReplaceAll(result, "%2F", "_") // / - result = strings.ReplaceAll(result, "%2f", "_") - result = strings.ReplaceAll(result, "%5C", "_") // \ - result = strings.ReplaceAll(result, "%5c", "_") - result = strings.ReplaceAll(result, "%2E", "_") // . - result = strings.ReplaceAll(result, "%2e", "_") - result = strings.ReplaceAll(result, "%00", "_") // null byte - result = strings.ReplaceAll(result, "%", "_") // Catch remaining % to prevent double-encoding attacks - - // Replace characters that are problematic in filenames - // Keep @ and . in middle but replace other special characters - for _, char := range []string{"/", "\\", ":", "*", "?", "\"", "<", ">", "|", " ", "\x00"} { - result = strings.ReplaceAll(result, char, "_") - } - - // Prevent path traversal: replace leading dots in each path component - // This handles cases like "../../../etc/passwd" → "_.._.._.._etc_passwd" - parts := strings.Split(result, "_") - for i, part := range parts { - for strings.HasPrefix(part, ".") { - part = "_" + part[1:] - } - parts[i] = part - } - result = strings.Join(parts, "_") - - return result -} - -// ExtractIDCIdentifier extracts a unique identifier from IDC startUrl. -// Examples: -// - "https://d-1234567890.awsapps.com/start" -> "d-1234567890" -// - "https://my-company.awsapps.com/start" -> "my-company" -// - "https://acme-corp.awsapps.com/start" -> "acme-corp" -func ExtractIDCIdentifier(startURL string) string { - if startURL == "" { - return "" - } - - // Remove protocol prefix - url := strings.TrimPrefix(startURL, "https://") - url = strings.TrimPrefix(url, "http://") - - // Extract subdomain (first part before the first dot) - // Format: {identifier}.awsapps.com/start - parts := strings.Split(url, ".") - if len(parts) > 0 && parts[0] != "" { - identifier := parts[0] - // Sanitize for filename safety - identifier = strings.ReplaceAll(identifier, "/", "_") - identifier = strings.ReplaceAll(identifier, "\\", "_") - identifier = strings.ReplaceAll(identifier, ":", "_") - return identifier - } - - return "" -} - -// GenerateTokenFileName generates a unique filename for token storage. -// Priority: email > startUrl identifier (for IDC) > authMethod only -// Email is unique, so no sequence suffix needed. Sequence is only added -// when email is unavailable to prevent filename collisions. -// Format: kiro-{authMethod}-{identifier}[-{seq}].json -func GenerateTokenFileName(tokenData *KiroTokenData) string { - authMethod := tokenData.AuthMethod - if authMethod == "" { - authMethod = "unknown" - } - - // Priority 1: Use email if available (no sequence needed, email is unique) - if tokenData.Email != "" { - // Sanitize email for filename (replace @ and . with -) - sanitizedEmail := tokenData.Email - sanitizedEmail = strings.ReplaceAll(sanitizedEmail, "@", "-") - sanitizedEmail = strings.ReplaceAll(sanitizedEmail, ".", "-") - return fmt.Sprintf("kiro-%s-%s.json", authMethod, sanitizedEmail) - } - - // Generate sequence only when email is unavailable - seq := time.Now().UnixNano() % 100000 - - // Priority 2: For IDC, use startUrl identifier with sequence - if authMethod == "idc" && tokenData.StartURL != "" { - identifier := ExtractIDCIdentifier(tokenData.StartURL) - if identifier != "" { - return fmt.Sprintf("kiro-%s-%s-%05d.json", authMethod, identifier, seq) - } - } - - // Priority 3: Fallback to authMethod only with sequence - return fmt.Sprintf("kiro-%s-%05d.json", authMethod, seq) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/aws_auth.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/aws_auth.go deleted file mode 100644 index 69ae253914..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/aws_auth.go +++ /dev/null @@ -1,338 +0,0 @@ -// Package kiro provides OAuth2 authentication functionality for AWS CodeWhisperer (Kiro) API. -// This package implements token loading, refresh, and API communication with CodeWhisperer. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // awsKiroEndpoint is used for CodeWhisperer management APIs (GetUsageLimits, ListProfiles, etc.) - // Note: This is different from the Amazon Q streaming endpoint (q.us-east-1.amazonaws.com) - // used in kiro_executor.go for GenerateAssistantResponse. Both endpoints are correct - // for their respective API operations. - awsKiroEndpoint = "https://codewhisperer.us-east-1.amazonaws.com" - defaultTokenFile = "~/.aws/sso/cache/kiro-auth-token.json" - targetGetUsage = "AmazonCodeWhispererService.GetUsageLimits" - targetListModels = "AmazonCodeWhispererService.ListAvailableModels" - targetGenerateChat = "AmazonCodeWhispererStreamingService.GenerateAssistantResponse" -) - -// KiroAuth handles AWS CodeWhisperer authentication and API communication. -// It provides methods for loading tokens, refreshing expired tokens, -// and communicating with the CodeWhisperer API. -type KiroAuth struct { - httpClient *http.Client - endpoint string -} - -// NewKiroAuth creates a new Kiro authentication service. -// It initializes the HTTP client with proxy settings from the configuration. -// -// Parameters: -// - cfg: The application configuration containing proxy settings -// -// Returns: -// - *KiroAuth: A new Kiro authentication service instance -func NewKiroAuth(cfg *config.Config) *KiroAuth { - return &KiroAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 120 * time.Second}), - endpoint: awsKiroEndpoint, - } -} - -// LoadTokenFromFile loads token data from a file path. -// This method reads and parses the token file, expanding ~ to the home directory. -// -// Parameters: -// - tokenFile: Path to the token file (supports ~ expansion) -// -// Returns: -// - *KiroTokenData: The parsed token data -// - error: An error if file reading or parsing fails -func (k *KiroAuth) LoadTokenFromFile(tokenFile string) (*KiroTokenData, error) { - // Expand ~ to home directory - if strings.HasPrefix(tokenFile, "~") { - home, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - tokenFile = filepath.Join(home, tokenFile[1:]) - } - - data, err := os.ReadFile(tokenFile) - if err != nil { - return nil, fmt.Errorf("failed to read token file: %w", err) - } - - var tokenData KiroTokenData - if err := json.Unmarshal(data, &tokenData); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - return &tokenData, nil -} - -// IsTokenExpired checks if the token has expired. -// This method parses the expiration timestamp and compares it with the current time. -// -// Parameters: -// - tokenData: The token data to check -// -// Returns: -// - bool: True if the token has expired, false otherwise -func (k *KiroAuth) IsTokenExpired(tokenData *KiroTokenData) bool { - if tokenData.ExpiresAt == "" { - return true - } - - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - // Try alternate format - expiresAt, err = time.Parse("2006-01-02T15:04:05.000Z", tokenData.ExpiresAt) - if err != nil { - return true - } - } - - return time.Now().After(expiresAt) -} - -// makeRequest sends a request to the CodeWhisperer API. -// This is an internal method for making authenticated API calls. -// -// Parameters: -// - ctx: The context for the request -// - target: The API target (e.g., "AmazonCodeWhispererService.GetUsageLimits") -// - accessToken: The OAuth access token -// - payload: The request payload -// -// Returns: -// - []byte: The response body -// - error: An error if the request fails -func (k *KiroAuth) makeRequest(ctx context.Context, target string, accessToken string, payload interface{}) ([]byte, error) { - jsonBody, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, k.endpoint, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", target) - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := k.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("failed to close response body: %v", errClose) - } - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body)) - } - - return body, nil -} - -// GetUsageLimits retrieves usage information from the CodeWhisperer API. -// This method fetches the current usage statistics and subscription information. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data containing access token and profile ARN -// -// Returns: -// - *KiroUsageInfo: The usage information -// - error: An error if the request fails -func (k *KiroAuth) GetUsageLimits(ctx context.Context, tokenData *KiroTokenData) (*KiroUsageInfo, error) { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - "resourceType": "AGENTIC_REQUEST", - } - - body, err := k.makeRequest(ctx, targetGetUsage, tokenData.AccessToken, payload) - if err != nil { - return nil, err - } - - var result struct { - SubscriptionInfo struct { - SubscriptionTitle string `json:"subscriptionTitle"` - } `json:"subscriptionInfo"` - UsageBreakdownList []struct { - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - } `json:"usageBreakdownList"` - NextDateReset float64 `json:"nextDateReset"` - } - - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse usage response: %w", err) - } - - usage := &KiroUsageInfo{ - SubscriptionTitle: result.SubscriptionInfo.SubscriptionTitle, - NextReset: fmt.Sprintf("%v", result.NextDateReset), - } - - if len(result.UsageBreakdownList) > 0 { - usage.CurrentUsage = result.UsageBreakdownList[0].CurrentUsageWithPrecision - usage.UsageLimit = result.UsageBreakdownList[0].UsageLimitWithPrecision - } - - return usage, nil -} - -// ListAvailableModels retrieves available models from the CodeWhisperer API. -// This method fetches the list of AI models available for the authenticated user. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data containing access token and profile ARN -// -// Returns: -// - []*KiroModel: The list of available models -// - error: An error if the request fails -func (k *KiroAuth) ListAvailableModels(ctx context.Context, tokenData *KiroTokenData) ([]*KiroModel, error) { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - } - - body, err := k.makeRequest(ctx, targetListModels, tokenData.AccessToken, payload) - if err != nil { - return nil, err - } - - var result struct { - Models []struct { - ModelID string `json:"modelId"` - ModelName string `json:"modelName"` - Description string `json:"description"` - RateMultiplier float64 `json:"rateMultiplier"` - RateUnit string `json:"rateUnit"` - TokenLimits *struct { - MaxInputTokens int `json:"maxInputTokens"` - } `json:"tokenLimits"` - } `json:"models"` - } - - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse models response: %w", err) - } - - models := make([]*KiroModel, 0, len(result.Models)) - for _, m := range result.Models { - maxInputTokens := 0 - if m.TokenLimits != nil { - maxInputTokens = m.TokenLimits.MaxInputTokens - } - models = append(models, &KiroModel{ - ModelID: m.ModelID, - ModelName: m.ModelName, - Description: m.Description, - RateMultiplier: m.RateMultiplier, - RateUnit: m.RateUnit, - MaxInputTokens: maxInputTokens, - }) - } - - return models, nil -} - -// CreateTokenStorage creates a new KiroTokenStorage from token data. -// This method converts the token data into a storage structure suitable for persistence. -// -// Parameters: -// - tokenData: The token data to convert -// -// Returns: -// - *KiroTokenStorage: A new token storage instance -func (k *KiroAuth) CreateTokenStorage(tokenData *KiroTokenData) *KiroTokenStorage { - return &KiroTokenStorage{ - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - ProfileArn: tokenData.ProfileArn, - ExpiresAt: tokenData.ExpiresAt, - AuthMethod: tokenData.AuthMethod, - Provider: tokenData.Provider, - LastRefresh: time.Now().Format(time.RFC3339), - ClientID: tokenData.ClientID, - ClientSecret: tokenData.ClientSecret, - Region: tokenData.Region, - StartURL: tokenData.StartURL, - Email: tokenData.Email, - } -} - -// ValidateToken checks if the token is valid by making a test API call. -// This method verifies the token by attempting to fetch usage limits. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data to validate -// -// Returns: -// - error: An error if the token is invalid -func (k *KiroAuth) ValidateToken(ctx context.Context, tokenData *KiroTokenData) error { - _, err := k.GetUsageLimits(ctx, tokenData) - return err -} - -// UpdateTokenStorage updates an existing token storage with new token data. -// This method refreshes the token storage with newly obtained access and refresh tokens. -// -// Parameters: -// - storage: The existing token storage to update -// - tokenData: The new token data to apply -func (k *KiroAuth) UpdateTokenStorage(storage *KiroTokenStorage, tokenData *KiroTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.ProfileArn = tokenData.ProfileArn - storage.ExpiresAt = tokenData.ExpiresAt - storage.AuthMethod = tokenData.AuthMethod - storage.Provider = tokenData.Provider - storage.LastRefresh = time.Now().Format(time.RFC3339) - if tokenData.ClientID != "" { - storage.ClientID = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - storage.ClientSecret = tokenData.ClientSecret - } - if tokenData.Region != "" { - storage.Region = tokenData.Region - } - if tokenData.StartURL != "" { - storage.StartURL = tokenData.StartURL - } - if tokenData.Email != "" { - storage.Email = tokenData.Email - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/aws_test.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/aws_test.go deleted file mode 100644 index 194ad59efa..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/aws_test.go +++ /dev/null @@ -1,311 +0,0 @@ -package kiro - -import ( - "encoding/base64" - "encoding/json" - "testing" -) - -func TestExtractEmailFromJWT(t *testing.T) { - tests := []struct { - name string - token string - expected string - }{ - { - name: "Empty token", - token: "", - expected: "", - }, - { - name: "Invalid token format", - token: "not.a.valid.jwt", - expected: "", - }, - { - name: "Invalid token - not base64", - token: "xxx.yyy.zzz", - expected: "", - }, - { - name: "Valid JWT with email", - token: createTestJWT(map[string]any{"email": "test@example.com", "sub": "user123"}), - expected: "test@example.com", - }, - { - name: "JWT without email but with preferred_username", - token: createTestJWT(map[string]any{"preferred_username": "user@domain.com", "sub": "user123"}), - expected: "user@domain.com", - }, - { - name: "JWT with email-like sub", - token: createTestJWT(map[string]any{"sub": "another@test.com"}), - expected: "another@test.com", - }, - { - name: "JWT without any email fields", - token: createTestJWT(map[string]any{"sub": "user123", "name": "Test User"}), - expected: "", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ExtractEmailFromJWT(tt.token) - if result != tt.expected { - t.Errorf("ExtractEmailFromJWT() = %q, want %q", result, tt.expected) - } - }) - } -} - -func TestSanitizeEmailForFilename(t *testing.T) { - tests := []struct { - name string - email string - expected string - }{ - { - name: "Empty email", - email: "", - expected: "", - }, - { - name: "Simple email", - email: "user@example.com", - expected: "user@example.com", - }, - { - name: "Email with space", - email: "user name@example.com", - expected: "user_name@example.com", - }, - { - name: "Email with special chars", - email: "user:name@example.com", - expected: "user_name@example.com", - }, - { - name: "Email with multiple special chars", - email: "user/name:test@example.com", - expected: "user_name_test@example.com", - }, - { - name: "Path traversal attempt", - email: "../../../etc/passwd", - expected: "_.__.__._etc_passwd", - }, - { - name: "Path traversal with backslash", - email: `..\..\..\..\windows\system32`, - expected: "_.__.__.__._windows_system32", - }, - { - name: "Null byte injection attempt", - email: "user\x00@evil.com", - expected: "user_@evil.com", - }, - // URL-encoded path traversal tests - { - name: "URL-encoded slash", - email: "user%2Fpath@example.com", - expected: "user_path@example.com", - }, - { - name: "URL-encoded backslash", - email: "user%5Cpath@example.com", - expected: "user_path@example.com", - }, - { - name: "URL-encoded dot", - email: "%2E%2E%2Fetc%2Fpasswd", - expected: "___etc_passwd", - }, - { - name: "URL-encoded null", - email: "user%00@evil.com", - expected: "user_@evil.com", - }, - { - name: "Double URL-encoding attack", - email: "%252F%252E%252E", - expected: "_252F_252E_252E", // % replaced with _, remaining chars preserved (safe) - }, - { - name: "Mixed case URL-encoding", - email: "%2f%2F%5c%5C", - expected: "____", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := SanitizeEmailForFilename(tt.email) - if result != tt.expected { - t.Errorf("SanitizeEmailForFilename() = %q, want %q", result, tt.expected) - } - }) - } -} - -// createTestJWT creates a test JWT token with the given claims -func createTestJWT(claims map[string]any) string { - header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"RS256","typ":"JWT"}`)) - - payloadBytes, _ := json.Marshal(claims) - payload := base64.RawURLEncoding.EncodeToString(payloadBytes) - - signature := base64.RawURLEncoding.EncodeToString([]byte("fake-signature")) - - return header + "." + payload + "." + signature -} - -func TestExtractIDCIdentifier(t *testing.T) { - tests := []struct { - name string - startURL string - expected string - }{ - { - name: "Empty URL", - startURL: "", - expected: "", - }, - { - name: "Standard IDC URL with d- prefix", - startURL: "https://d-1234567890.awsapps.com/start", - expected: "d-1234567890", - }, - { - name: "IDC URL with company name", - startURL: "https://my-company.awsapps.com/start", - expected: "my-company", - }, - { - name: "IDC URL with simple name", - startURL: "https://acme-corp.awsapps.com/start", - expected: "acme-corp", - }, - { - name: "IDC URL without https", - startURL: "http://d-9876543210.awsapps.com/start", - expected: "d-9876543210", - }, - { - name: "IDC URL with subdomain only", - startURL: "https://test.awsapps.com/start", - expected: "test", - }, - { - name: "Builder ID URL", - startURL: "https://view.awsapps.com/start", - expected: "view", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ExtractIDCIdentifier(tt.startURL) - if result != tt.expected { - t.Errorf("ExtractIDCIdentifier() = %q, want %q", result, tt.expected) - } - }) - } -} - -func TestGenerateTokenFileName(t *testing.T) { - tests := []struct { - name string - tokenData *KiroTokenData - expected string - }{ - { - name: "IDC with email", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "user@example.com", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-user-example-com.json", - }, - { - name: "IDC without email but with startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-d-1234567890.json", - }, - { - name: "IDC with company name in startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "https://my-company.awsapps.com/start", - }, - expected: "kiro-idc-my-company.json", - }, - { - name: "IDC without email and without startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "", - }, - expected: "kiro-idc.json", - }, - { - name: "Builder ID with email", - tokenData: &KiroTokenData{ - AuthMethod: "builder-id", - Email: "user@gmail.com", - StartURL: "https://view.awsapps.com/start", - }, - expected: "kiro-builder-id-user-gmail-com.json", - }, - { - name: "Builder ID without email", - tokenData: &KiroTokenData{ - AuthMethod: "builder-id", - Email: "", - StartURL: "https://view.awsapps.com/start", - }, - expected: "kiro-builder-id.json", - }, - { - name: "Social auth with email", - tokenData: &KiroTokenData{ - AuthMethod: "google", - Email: "user@gmail.com", - }, - expected: "kiro-google-user-gmail-com.json", - }, - { - name: "Empty auth method", - tokenData: &KiroTokenData{ - AuthMethod: "", - Email: "", - }, - expected: "kiro-unknown.json", - }, - { - name: "Email with special characters", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "user.name+tag@sub.example.com", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-user-name+tag-sub-example-com.json", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := GenerateTokenFileName(tt.tokenData) - if result != tt.expected { - t.Errorf("GenerateTokenFileName() = %q, want %q", result, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/background_refresh.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/background_refresh.go deleted file mode 100644 index d64c747508..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/background_refresh.go +++ /dev/null @@ -1,247 +0,0 @@ -package kiro - -import ( - "context" - "log" - "strings" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "golang.org/x/sync/semaphore" -) - -type Token struct { - ID string - AccessToken string - RefreshToken string - ExpiresAt time.Time - LastVerified time.Time - ClientID string - ClientSecret string - AuthMethod string - Provider string - StartURL string - Region string -} - -type TokenRepository interface { - FindOldestUnverified(limit int) []*Token - UpdateToken(token *Token) error -} - -type RefresherOption func(*BackgroundRefresher) - -func WithInterval(interval time.Duration) RefresherOption { - return func(r *BackgroundRefresher) { - r.interval = interval - } -} - -func WithBatchSize(size int) RefresherOption { - return func(r *BackgroundRefresher) { - r.batchSize = size - } -} - -func WithConcurrency(concurrency int) RefresherOption { - return func(r *BackgroundRefresher) { - r.concurrency = concurrency - } -} - -type BackgroundRefresher struct { - interval time.Duration - batchSize int - concurrency int - tokenRepo TokenRepository - stopCh chan struct{} - wg sync.WaitGroup - oauth *KiroOAuth - ssoClient *SSOOIDCClient - callbackMu sync.RWMutex // 保护回调函数的并发访问 - onTokenRefreshed func(tokenID string, tokenData *KiroTokenData) // 刷新成功回调 -} - -func NewBackgroundRefresher(repo TokenRepository, opts ...RefresherOption) *BackgroundRefresher { - r := &BackgroundRefresher{ - interval: time.Minute, - batchSize: 50, - concurrency: 10, - tokenRepo: repo, - stopCh: make(chan struct{}), - oauth: nil, // Lazy init - will be set when config available - ssoClient: nil, // Lazy init - will be set when config available - } - for _, opt := range opts { - opt(r) - } - return r -} - -// WithConfig sets the configuration for OAuth and SSO clients. -func WithConfig(cfg *config.Config) RefresherOption { - return func(r *BackgroundRefresher) { - r.oauth = NewKiroOAuth(cfg) - r.ssoClient = NewSSOOIDCClient(cfg) - } -} - -// WithOnTokenRefreshed sets the callback function to be called when a token is successfully refreshed. -// The callback receives the token ID (filename) and the new token data. -// This allows external components (e.g., Watcher) to be notified of token updates. -func WithOnTokenRefreshed(callback func(tokenID string, tokenData *KiroTokenData)) RefresherOption { - return func(r *BackgroundRefresher) { - r.callbackMu.Lock() - r.onTokenRefreshed = callback - r.callbackMu.Unlock() - } -} - -func (r *BackgroundRefresher) Start(ctx context.Context) { - r.wg.Add(1) - go func() { - defer r.wg.Done() - ticker := time.NewTicker(r.interval) - defer ticker.Stop() - - r.refreshBatch(ctx) - - for { - select { - case <-ctx.Done(): - return - case <-r.stopCh: - return - case <-ticker.C: - r.refreshBatch(ctx) - } - } - }() -} - -func (r *BackgroundRefresher) Stop() { - close(r.stopCh) - r.wg.Wait() -} - -func (r *BackgroundRefresher) refreshBatch(ctx context.Context) { - tokens := r.tokenRepo.FindOldestUnverified(r.batchSize) - if len(tokens) == 0 { - return - } - - sem := semaphore.NewWeighted(int64(r.concurrency)) - var wg sync.WaitGroup - - for i, token := range tokens { - if i > 0 { - select { - case <-ctx.Done(): - return - case <-r.stopCh: - return - case <-time.After(100 * time.Millisecond): - } - } - - if err := sem.Acquire(ctx, 1); err != nil { - return - } - - wg.Add(1) - go func(t *Token) { - defer wg.Done() - defer sem.Release(1) - r.refreshSingle(ctx, t) - }(token) - } - - wg.Wait() -} - -func (r *BackgroundRefresher) refreshSingle(ctx context.Context, token *Token) { - // Normalize auth method to lowercase for case-insensitive matching - authMethod := strings.ToLower(token.AuthMethod) - - // Create refresh function based on auth method - refreshFunc := func(ctx context.Context) (*KiroTokenData, error) { - switch authMethod { - case "idc": - return r.ssoClient.RefreshTokenWithRegion( - ctx, - token.ClientID, - token.ClientSecret, - token.RefreshToken, - token.Region, - token.StartURL, - ) - case "builder-id": - return r.ssoClient.RefreshToken( - ctx, - token.ClientID, - token.ClientSecret, - token.RefreshToken, - ) - default: - return r.oauth.RefreshTokenWithFingerprint(ctx, token.RefreshToken, token.ID) - } - } - - // Use graceful degradation for better reliability - result := RefreshWithGracefulDegradation( - ctx, - refreshFunc, - token.AccessToken, - token.ExpiresAt, - ) - - if result.Error != nil { - log.Printf("failed to refresh token %s: %v", token.ID, result.Error) - return - } - - newTokenData := result.TokenData - if result.UsedFallback { - log.Printf("token %s: using existing token as fallback (refresh failed but token still valid)", token.ID) - // Don't update the token file if we're using fallback - // Just update LastVerified to prevent immediate re-check - token.LastVerified = time.Now() - return - } - - token.AccessToken = newTokenData.AccessToken - if newTokenData.RefreshToken != "" { - token.RefreshToken = newTokenData.RefreshToken - } - token.LastVerified = time.Now() - - if newTokenData.ExpiresAt != "" { - if expTime, parseErr := time.Parse(time.RFC3339, newTokenData.ExpiresAt); parseErr == nil { - token.ExpiresAt = expTime - } - } - - if err := r.tokenRepo.UpdateToken(token); err != nil { - log.Printf("failed to update token %s: %v", token.ID, err) - return - } - - // 方案 A: 刷新成功后触发回调,通知 Watcher 更新内存中的 Auth 对象 - r.callbackMu.RLock() - callback := r.onTokenRefreshed - r.callbackMu.RUnlock() - - if callback != nil { - // 使用 defer recover 隔离回调 panic,防止崩溃整个进程 - func() { - defer func() { - if rec := recover(); rec != nil { - log.Printf("background refresh: callback panic for token %s: %v", token.ID, rec) - } - }() - log.Printf("background refresh: notifying token refresh callback for %s", token.ID) - callback(token.ID, newTokenData) - }() - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/codewhisperer_client.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/codewhisperer_client.go deleted file mode 100644 index 0a7392e827..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/codewhisperer_client.go +++ /dev/null @@ -1,166 +0,0 @@ -// Package kiro provides CodeWhisperer API client for fetching user info. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - codeWhispererAPI = "https://codewhisperer.us-east-1.amazonaws.com" - kiroVersion = "0.6.18" -) - -// CodeWhispererClient handles CodeWhisperer API calls. -type CodeWhispererClient struct { - httpClient *http.Client - machineID string -} - -// UsageLimitsResponse represents the getUsageLimits API response. -type UsageLimitsResponse struct { - DaysUntilReset *int `json:"daysUntilReset,omitempty"` - NextDateReset *float64 `json:"nextDateReset,omitempty"` - UserInfo *UserInfo `json:"userInfo,omitempty"` - SubscriptionInfo *SubscriptionInfo `json:"subscriptionInfo,omitempty"` - UsageBreakdownList []UsageBreakdown `json:"usageBreakdownList,omitempty"` -} - -// UserInfo contains user information from the API. -type UserInfo struct { - Email string `json:"email,omitempty"` - UserID string `json:"userId,omitempty"` -} - -// SubscriptionInfo contains subscription details. -type SubscriptionInfo struct { - SubscriptionTitle string `json:"subscriptionTitle,omitempty"` - Type string `json:"type,omitempty"` -} - -// UsageBreakdown contains usage details. -type UsageBreakdown struct { - UsageLimit *int `json:"usageLimit,omitempty"` - CurrentUsage *int `json:"currentUsage,omitempty"` - UsageLimitWithPrecision *float64 `json:"usageLimitWithPrecision,omitempty"` - CurrentUsageWithPrecision *float64 `json:"currentUsageWithPrecision,omitempty"` - NextDateReset *float64 `json:"nextDateReset,omitempty"` - DisplayName string `json:"displayName,omitempty"` - ResourceType string `json:"resourceType,omitempty"` -} - -// NewCodeWhispererClient creates a new CodeWhisperer client. -func NewCodeWhispererClient(cfg *config.Config, machineID string) *CodeWhispererClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - if machineID == "" { - machineID = uuid.New().String() - } - return &CodeWhispererClient{ - httpClient: client, - machineID: machineID, - } -} - -// generateInvocationID generates a unique invocation ID. -func generateInvocationID() string { - return uuid.New().String() -} - -// GetUsageLimits fetches usage limits and user info from CodeWhisperer API. -// This is the recommended way to get user email after login. -func (c *CodeWhispererClient) GetUsageLimits(ctx context.Context, accessToken string) (*UsageLimitsResponse, error) { - url := fmt.Sprintf("%s/getUsageLimits?isEmailRequired=true&origin=AI_EDITOR&resourceType=AGENTIC_REQUEST", codeWhispererAPI) - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - // Set headers to match Kiro IDE - xAmzUserAgent := fmt.Sprintf("aws-sdk-js/1.0.0 KiroIDE-%s-%s", kiroVersion, c.machineID) - userAgent := fmt.Sprintf("aws-sdk-js/1.0.0 ua/2.1 os/windows lang/js md/nodejs#20.16.0 api/codewhispererruntime#1.0.0 m/E KiroIDE-%s-%s", kiroVersion, c.machineID) - - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("x-amz-user-agent", xAmzUserAgent) - req.Header.Set("User-Agent", userAgent) - req.Header.Set("amz-sdk-invocation-id", generateInvocationID()) - req.Header.Set("amz-sdk-request", "attempt=1; max=1") - req.Header.Set("Connection", "close") - - log.Debugf("codewhisperer: GET %s", url) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - log.Debugf("codewhisperer: status=%d, body=%s", resp.StatusCode, string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API returned status %d: %s", resp.StatusCode, string(body)) - } - - var result UsageLimitsResponse - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse response: %w", err) - } - - return &result, nil -} - -// FetchUserEmailFromAPI fetches user email using CodeWhisperer getUsageLimits API. -// This is more reliable than JWT parsing as it uses the official API. -func (c *CodeWhispererClient) FetchUserEmailFromAPI(ctx context.Context, accessToken string) string { - resp, err := c.GetUsageLimits(ctx, accessToken) - if err != nil { - log.Debugf("codewhisperer: failed to get usage limits: %v", err) - return "" - } - - if resp.UserInfo != nil && resp.UserInfo.Email != "" { - log.Debugf("codewhisperer: got email from API: %s", resp.UserInfo.Email) - return resp.UserInfo.Email - } - - log.Debugf("codewhisperer: no email in response") - return "" -} - -// FetchUserEmailWithFallback fetches user email with multiple fallback methods. -// Priority: 1. CodeWhisperer API 2. userinfo endpoint 3. JWT parsing -func FetchUserEmailWithFallback(ctx context.Context, cfg *config.Config, accessToken string) string { - // Method 1: Try CodeWhisperer API (most reliable) - cwClient := NewCodeWhispererClient(cfg, "") - email := cwClient.FetchUserEmailFromAPI(ctx, accessToken) - if email != "" { - return email - } - - // Method 2: Try SSO OIDC userinfo endpoint - ssoClient := NewSSOOIDCClient(cfg) - email = ssoClient.FetchUserEmail(ctx, accessToken) - if email != "" { - return email - } - - // Method 3: Fallback to JWT parsing - return ExtractEmailFromJWT(accessToken) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/cooldown.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/cooldown.go deleted file mode 100644 index c1aabbcb4d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/cooldown.go +++ /dev/null @@ -1,112 +0,0 @@ -package kiro - -import ( - "sync" - "time" -) - -const ( - CooldownReason429 = "rate_limit_exceeded" - CooldownReasonSuspended = "account_suspended" - CooldownReasonQuotaExhausted = "quota_exhausted" - - DefaultShortCooldown = 1 * time.Minute - MaxShortCooldown = 5 * time.Minute - LongCooldown = 24 * time.Hour -) - -type CooldownManager struct { - mu sync.RWMutex - cooldowns map[string]time.Time - reasons map[string]string -} - -func NewCooldownManager() *CooldownManager { - return &CooldownManager{ - cooldowns: make(map[string]time.Time), - reasons: make(map[string]string), - } -} - -func (cm *CooldownManager) SetCooldown(tokenKey string, duration time.Duration, reason string) { - cm.mu.Lock() - defer cm.mu.Unlock() - cm.cooldowns[tokenKey] = time.Now().Add(duration) - cm.reasons[tokenKey] = reason -} - -func (cm *CooldownManager) IsInCooldown(tokenKey string) bool { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return false - } - return time.Now().Before(endTime) -} - -func (cm *CooldownManager) GetRemainingCooldown(tokenKey string) time.Duration { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return 0 - } - remaining := time.Until(endTime) - if remaining < 0 { - return 0 - } - return remaining -} - -func (cm *CooldownManager) GetCooldownReason(tokenKey string) string { - cm.mu.RLock() - defer cm.mu.RUnlock() - return cm.reasons[tokenKey] -} - -func (cm *CooldownManager) ClearCooldown(tokenKey string) { - cm.mu.Lock() - defer cm.mu.Unlock() - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) -} - -func (cm *CooldownManager) CleanupExpired() { - cm.mu.Lock() - defer cm.mu.Unlock() - now := time.Now() - for tokenKey, endTime := range cm.cooldowns { - if now.After(endTime) { - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) - } - } -} - -func (cm *CooldownManager) StartCleanupRoutine(interval time.Duration, stopCh <-chan struct{}) { - ticker := time.NewTicker(interval) - defer ticker.Stop() - for { - select { - case <-ticker.C: - cm.CleanupExpired() - case <-stopCh: - return - } - } -} - -func CalculateCooldownFor429(retryCount int) time.Duration { - duration := DefaultShortCooldown * time.Duration(1< MaxShortCooldown { - return MaxShortCooldown - } - return duration -} - -func CalculateCooldownUntilNextDay() time.Duration { - now := time.Now() - nextDay := time.Date(now.Year(), now.Month(), now.Day()+1, 0, 0, 0, 0, now.Location()) - return time.Until(nextDay) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/cooldown_test.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/cooldown_test.go deleted file mode 100644 index e0b35df4fc..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/cooldown_test.go +++ /dev/null @@ -1,240 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewCooldownManager(t *testing.T) { - cm := NewCooldownManager() - if cm == nil { - t.Fatal("expected non-nil CooldownManager") - } - if cm.cooldowns == nil { - t.Error("expected non-nil cooldowns map") - } - if cm.reasons == nil { - t.Error("expected non-nil reasons map") - } -} - -func TestSetCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - - if !cm.IsInCooldown("token1") { - t.Error("expected token to be in cooldown") - } - if cm.GetCooldownReason("token1") != CooldownReason429 { - t.Errorf("expected reason %s, got %s", CooldownReason429, cm.GetCooldownReason("token1")) - } -} - -func TestIsInCooldown_NotSet(t *testing.T) { - cm := NewCooldownManager() - if cm.IsInCooldown("nonexistent") { - t.Error("expected non-existent token to not be in cooldown") - } -} - -func TestIsInCooldown_Expired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Millisecond, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - - if cm.IsInCooldown("token1") { - t.Error("expected expired cooldown to return false") - } -} - -func TestGetRemainingCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Second, CooldownReason429) - - remaining := cm.GetRemainingCooldown("token1") - if remaining <= 0 || remaining > 1*time.Second { - t.Errorf("expected remaining cooldown between 0 and 1s, got %v", remaining) - } -} - -func TestGetRemainingCooldown_NotSet(t *testing.T) { - cm := NewCooldownManager() - remaining := cm.GetRemainingCooldown("nonexistent") - if remaining != 0 { - t.Errorf("expected 0 remaining for non-existent, got %v", remaining) - } -} - -func TestGetRemainingCooldown_Expired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Millisecond, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - - remaining := cm.GetRemainingCooldown("token1") - if remaining != 0 { - t.Errorf("expected 0 remaining for expired, got %v", remaining) - } -} - -func TestGetCooldownReason(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - reason := cm.GetCooldownReason("token1") - if reason != CooldownReasonSuspended { - t.Errorf("expected reason %s, got %s", CooldownReasonSuspended, reason) - } -} - -func TestGetCooldownReason_NotSet(t *testing.T) { - cm := NewCooldownManager() - reason := cm.GetCooldownReason("nonexistent") - if reason != "" { - t.Errorf("expected empty reason for non-existent, got %s", reason) - } -} - -func TestClearCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - cm.ClearCooldown("token1") - - if cm.IsInCooldown("token1") { - t.Error("expected cooldown to be cleared") - } - if cm.GetCooldownReason("token1") != "" { - t.Error("expected reason to be cleared") - } -} - -func TestClearCooldown_NonExistent(t *testing.T) { - cm := NewCooldownManager() - cm.ClearCooldown("nonexistent") -} - -func TestCleanupExpired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("expired1", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("expired2", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("active", 1*time.Hour, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - cm.CleanupExpired() - - if cm.GetCooldownReason("expired1") != "" { - t.Error("expected expired1 to be cleaned up") - } - if cm.GetCooldownReason("expired2") != "" { - t.Error("expected expired2 to be cleaned up") - } - if cm.GetCooldownReason("active") != CooldownReason429 { - t.Error("expected active to remain") - } -} - -func TestCalculateCooldownFor429_FirstRetry(t *testing.T) { - duration := CalculateCooldownFor429(0) - if duration != DefaultShortCooldown { - t.Errorf("expected %v for retry 0, got %v", DefaultShortCooldown, duration) - } -} - -func TestCalculateCooldownFor429_Exponential(t *testing.T) { - d1 := CalculateCooldownFor429(1) - d2 := CalculateCooldownFor429(2) - - if d2 <= d1 { - t.Errorf("expected d2 > d1, got d1=%v, d2=%v", d1, d2) - } -} - -func TestCalculateCooldownFor429_MaxCap(t *testing.T) { - duration := CalculateCooldownFor429(10) - if duration > MaxShortCooldown { - t.Errorf("expected max %v, got %v", MaxShortCooldown, duration) - } -} - -func TestCalculateCooldownUntilNextDay(t *testing.T) { - duration := CalculateCooldownUntilNextDay() - if duration <= 0 || duration > 24*time.Hour { - t.Errorf("expected duration between 0 and 24h, got %v", duration) - } -} - -func TestCooldownManager_ConcurrentAccess(t *testing.T) { - cm := NewCooldownManager() - const numGoroutines = 50 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - cm.SetCooldown(tokenKey, time.Duration(j)*time.Millisecond, CooldownReason429) - case 1: - cm.IsInCooldown(tokenKey) - case 2: - cm.GetRemainingCooldown(tokenKey) - case 3: - cm.GetCooldownReason(tokenKey) - case 4: - cm.ClearCooldown(tokenKey) - case 5: - cm.CleanupExpired() - } - } - }(i) - } - - wg.Wait() -} - -func TestCooldownReasonConstants(t *testing.T) { - if CooldownReason429 != "rate_limit_exceeded" { - t.Errorf("unexpected CooldownReason429: %s", CooldownReason429) - } - if CooldownReasonSuspended != "account_suspended" { - t.Errorf("unexpected CooldownReasonSuspended: %s", CooldownReasonSuspended) - } - if CooldownReasonQuotaExhausted != "quota_exhausted" { - t.Errorf("unexpected CooldownReasonQuotaExhausted: %s", CooldownReasonQuotaExhausted) - } -} - -func TestDefaultConstants(t *testing.T) { - if DefaultShortCooldown != 1*time.Minute { - t.Errorf("unexpected DefaultShortCooldown: %v", DefaultShortCooldown) - } - if MaxShortCooldown != 5*time.Minute { - t.Errorf("unexpected MaxShortCooldown: %v", MaxShortCooldown) - } - if LongCooldown != 24*time.Hour { - t.Errorf("unexpected LongCooldown: %v", LongCooldown) - } -} - -func TestSetCooldown_OverwritesPrevious(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Hour, CooldownReason429) - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - reason := cm.GetCooldownReason("token1") - if reason != CooldownReasonSuspended { - t.Errorf("expected reason to be overwritten to %s, got %s", CooldownReasonSuspended, reason) - } - - remaining := cm.GetRemainingCooldown("token1") - if remaining > 1*time.Minute { - t.Errorf("expected remaining <= 1 minute, got %v", remaining) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/fingerprint.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/fingerprint.go deleted file mode 100644 index c35e62b2b2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/fingerprint.go +++ /dev/null @@ -1,197 +0,0 @@ -package kiro - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "math/rand" - "net/http" - "sync" - "time" -) - -// Fingerprint 多维度指纹信息 -type Fingerprint struct { - SDKVersion string // 1.0.20-1.0.27 - OSType string // darwin/windows/linux - OSVersion string // 10.0.22621 - NodeVersion string // 18.x/20.x/22.x - KiroVersion string // 0.3.x-0.8.x - KiroHash string // SHA256 - AcceptLanguage string - ScreenResolution string // 1920x1080 - ColorDepth int // 24 - HardwareConcurrency int // CPU 核心数 - TimezoneOffset int -} - -// FingerprintManager 指纹管理器 -type FingerprintManager struct { - mu sync.RWMutex - fingerprints map[string]*Fingerprint // tokenKey -> fingerprint - rng *rand.Rand -} - -var ( - sdkVersions = []string{ - "1.0.20", "1.0.21", "1.0.22", "1.0.23", - "1.0.24", "1.0.25", "1.0.26", "1.0.27", - } - osTypes = []string{"darwin", "windows", "linux"} - osVersions = map[string][]string{ - "darwin": {"14.0", "14.1", "14.2", "14.3", "14.4", "14.5", "15.0", "15.1"}, - "windows": {"10.0.19041", "10.0.19042", "10.0.19043", "10.0.19044", "10.0.22621", "10.0.22631"}, - "linux": {"5.15.0", "6.1.0", "6.2.0", "6.5.0", "6.6.0", "6.8.0"}, - } - nodeVersions = []string{ - "18.17.0", "18.18.0", "18.19.0", "18.20.0", - "20.9.0", "20.10.0", "20.11.0", "20.12.0", "20.13.0", - "22.0.0", "22.1.0", "22.2.0", "22.3.0", - } - kiroVersions = []string{ - "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.5.0", "0.5.1", - "0.6.0", "0.6.1", "0.7.0", "0.7.1", "0.8.0", "0.8.1", - } - acceptLanguages = []string{ - "en-US,en;q=0.9", - "en-GB,en;q=0.9", - "zh-CN,zh;q=0.9,en;q=0.8", - "zh-TW,zh;q=0.9,en;q=0.8", - "ja-JP,ja;q=0.9,en;q=0.8", - "ko-KR,ko;q=0.9,en;q=0.8", - "de-DE,de;q=0.9,en;q=0.8", - "fr-FR,fr;q=0.9,en;q=0.8", - } - screenResolutions = []string{ - "1920x1080", "2560x1440", "3840x2160", - "1366x768", "1440x900", "1680x1050", - "2560x1600", "3440x1440", - } - colorDepths = []int{24, 32} - hardwareConcurrencies = []int{4, 6, 8, 10, 12, 16, 20, 24, 32} - timezoneOffsets = []int{-480, -420, -360, -300, -240, 0, 60, 120, 480, 540} -) - -// NewFingerprintManager 创建指纹管理器 -func NewFingerprintManager() *FingerprintManager { - return &FingerprintManager{ - fingerprints: make(map[string]*Fingerprint), - rng: rand.New(rand.NewSource(time.Now().UnixNano())), - } -} - -// GetFingerprint 获取或生成 Token 关联的指纹 -func (fm *FingerprintManager) GetFingerprint(tokenKey string) *Fingerprint { - fm.mu.RLock() - if fp, exists := fm.fingerprints[tokenKey]; exists { - fm.mu.RUnlock() - return fp - } - fm.mu.RUnlock() - - fm.mu.Lock() - defer fm.mu.Unlock() - - if fp, exists := fm.fingerprints[tokenKey]; exists { - return fp - } - - fp := fm.generateFingerprint(tokenKey) - fm.fingerprints[tokenKey] = fp - return fp -} - -// generateFingerprint 生成新的指纹 -func (fm *FingerprintManager) generateFingerprint(tokenKey string) *Fingerprint { - osType := fm.randomChoice(osTypes) - osVersion := fm.randomChoice(osVersions[osType]) - kiroVersion := fm.randomChoice(kiroVersions) - - fp := &Fingerprint{ - SDKVersion: fm.randomChoice(sdkVersions), - OSType: osType, - OSVersion: osVersion, - NodeVersion: fm.randomChoice(nodeVersions), - KiroVersion: kiroVersion, - AcceptLanguage: fm.randomChoice(acceptLanguages), - ScreenResolution: fm.randomChoice(screenResolutions), - ColorDepth: fm.randomIntChoice(colorDepths), - HardwareConcurrency: fm.randomIntChoice(hardwareConcurrencies), - TimezoneOffset: fm.randomIntChoice(timezoneOffsets), - } - - fp.KiroHash = fm.generateKiroHash(tokenKey, kiroVersion, osType) - return fp -} - -// generateKiroHash 生成 Kiro Hash -func (fm *FingerprintManager) generateKiroHash(tokenKey, kiroVersion, osType string) string { - data := fmt.Sprintf("%s:%s:%s:%d", tokenKey, kiroVersion, osType, time.Now().UnixNano()) - hash := sha256.Sum256([]byte(data)) - return hex.EncodeToString(hash[:]) -} - -// randomChoice 随机选择字符串 -func (fm *FingerprintManager) randomChoice(choices []string) string { - return choices[fm.rng.Intn(len(choices))] -} - -// randomIntChoice 随机选择整数 -func (fm *FingerprintManager) randomIntChoice(choices []int) int { - return choices[fm.rng.Intn(len(choices))] -} - -// ApplyToRequest 将指纹信息应用到 HTTP 请求头 -func (fp *Fingerprint) ApplyToRequest(req *http.Request) { - req.Header.Set("X-Kiro-SDK-Version", fp.SDKVersion) - req.Header.Set("X-Kiro-OS-Type", fp.OSType) - req.Header.Set("X-Kiro-OS-Version", fp.OSVersion) - req.Header.Set("X-Kiro-Node-Version", fp.NodeVersion) - req.Header.Set("X-Kiro-Version", fp.KiroVersion) - req.Header.Set("X-Kiro-Hash", fp.KiroHash) - req.Header.Set("Accept-Language", fp.AcceptLanguage) - req.Header.Set("X-Screen-Resolution", fp.ScreenResolution) - req.Header.Set("X-Color-Depth", fmt.Sprintf("%d", fp.ColorDepth)) - req.Header.Set("X-Hardware-Concurrency", fmt.Sprintf("%d", fp.HardwareConcurrency)) - req.Header.Set("X-Timezone-Offset", fmt.Sprintf("%d", fp.TimezoneOffset)) -} - -// RemoveFingerprint 移除 Token 关联的指纹 -func (fm *FingerprintManager) RemoveFingerprint(tokenKey string) { - fm.mu.Lock() - defer fm.mu.Unlock() - delete(fm.fingerprints, tokenKey) -} - -// Count 返回当前管理的指纹数量 -func (fm *FingerprintManager) Count() int { - fm.mu.RLock() - defer fm.mu.RUnlock() - return len(fm.fingerprints) -} - -// BuildUserAgent 构建 User-Agent 字符串 (Kiro IDE 风格) -// 格式: aws-sdk-js/{SDKVersion} ua/2.1 os/{OSType}#{OSVersion} lang/js md/nodejs#{NodeVersion} api/codewhispererstreaming#{SDKVersion} m/E KiroIDE-{KiroVersion}-{KiroHash} -func (fp *Fingerprint) BuildUserAgent() string { - return fmt.Sprintf( - "aws-sdk-js/%s ua/2.1 os/%s#%s lang/js md/nodejs#%s api/codewhispererstreaming#%s m/E KiroIDE-%s-%s", - fp.SDKVersion, - fp.OSType, - fp.OSVersion, - fp.NodeVersion, - fp.SDKVersion, - fp.KiroVersion, - fp.KiroHash, - ) -} - -// BuildAmzUserAgent 构建 X-Amz-User-Agent 字符串 -// 格式: aws-sdk-js/{SDKVersion} KiroIDE-{KiroVersion}-{KiroHash} -func (fp *Fingerprint) BuildAmzUserAgent() string { - return fmt.Sprintf( - "aws-sdk-js/%s KiroIDE-%s-%s", - fp.SDKVersion, - fp.KiroVersion, - fp.KiroHash, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/fingerprint_test.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/fingerprint_test.go deleted file mode 100644 index e0ae51f2f8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/fingerprint_test.go +++ /dev/null @@ -1,227 +0,0 @@ -package kiro - -import ( - "net/http" - "sync" - "testing" -) - -func TestNewFingerprintManager(t *testing.T) { - fm := NewFingerprintManager() - if fm == nil { - t.Fatal("expected non-nil FingerprintManager") - } - if fm.fingerprints == nil { - t.Error("expected non-nil fingerprints map") - } - if fm.rng == nil { - t.Error("expected non-nil rng") - } -} - -func TestGetFingerprint_NewToken(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - if fp == nil { - t.Fatal("expected non-nil Fingerprint") - } - if fp.SDKVersion == "" { - t.Error("expected non-empty SDKVersion") - } - if fp.OSType == "" { - t.Error("expected non-empty OSType") - } - if fp.OSVersion == "" { - t.Error("expected non-empty OSVersion") - } - if fp.NodeVersion == "" { - t.Error("expected non-empty NodeVersion") - } - if fp.KiroVersion == "" { - t.Error("expected non-empty KiroVersion") - } - if fp.KiroHash == "" { - t.Error("expected non-empty KiroHash") - } - if fp.AcceptLanguage == "" { - t.Error("expected non-empty AcceptLanguage") - } - if fp.ScreenResolution == "" { - t.Error("expected non-empty ScreenResolution") - } - if fp.ColorDepth == 0 { - t.Error("expected non-zero ColorDepth") - } - if fp.HardwareConcurrency == 0 { - t.Error("expected non-zero HardwareConcurrency") - } -} - -func TestGetFingerprint_SameTokenReturnsSameFingerprint(t *testing.T) { - fm := NewFingerprintManager() - fp1 := fm.GetFingerprint("token1") - fp2 := fm.GetFingerprint("token1") - - if fp1 != fp2 { - t.Error("expected same fingerprint for same token") - } -} - -func TestGetFingerprint_DifferentTokens(t *testing.T) { - fm := NewFingerprintManager() - fp1 := fm.GetFingerprint("token1") - fp2 := fm.GetFingerprint("token2") - - if fp1 == fp2 { - t.Error("expected different fingerprints for different tokens") - } -} - -func TestRemoveFingerprint(t *testing.T) { - fm := NewFingerprintManager() - fm.GetFingerprint("token1") - if fm.Count() != 1 { - t.Fatalf("expected count 1, got %d", fm.Count()) - } - - fm.RemoveFingerprint("token1") - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } -} - -func TestRemoveFingerprint_NonExistent(t *testing.T) { - fm := NewFingerprintManager() - fm.RemoveFingerprint("nonexistent") - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } -} - -func TestCount(t *testing.T) { - fm := NewFingerprintManager() - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } - - fm.GetFingerprint("token1") - fm.GetFingerprint("token2") - fm.GetFingerprint("token3") - - if fm.Count() != 3 { - t.Errorf("expected count 3, got %d", fm.Count()) - } -} - -func TestApplyToRequest(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - req, _ := http.NewRequest("GET", "http://example.com", nil) - fp.ApplyToRequest(req) - - if req.Header.Get("X-Kiro-SDK-Version") != fp.SDKVersion { - t.Error("X-Kiro-SDK-Version header mismatch") - } - if req.Header.Get("X-Kiro-OS-Type") != fp.OSType { - t.Error("X-Kiro-OS-Type header mismatch") - } - if req.Header.Get("X-Kiro-OS-Version") != fp.OSVersion { - t.Error("X-Kiro-OS-Version header mismatch") - } - if req.Header.Get("X-Kiro-Node-Version") != fp.NodeVersion { - t.Error("X-Kiro-Node-Version header mismatch") - } - if req.Header.Get("X-Kiro-Version") != fp.KiroVersion { - t.Error("X-Kiro-Version header mismatch") - } - if req.Header.Get("X-Kiro-Hash") != fp.KiroHash { - t.Error("X-Kiro-Hash header mismatch") - } - if req.Header.Get("Accept-Language") != fp.AcceptLanguage { - t.Error("Accept-Language header mismatch") - } - if req.Header.Get("X-Screen-Resolution") != fp.ScreenResolution { - t.Error("X-Screen-Resolution header mismatch") - } -} - -func TestGetFingerprint_OSVersionMatchesOSType(t *testing.T) { - fm := NewFingerprintManager() - - for i := 0; i < 20; i++ { - fp := fm.GetFingerprint("token" + string(rune('a'+i))) - validVersions := osVersions[fp.OSType] - found := false - for _, v := range validVersions { - if v == fp.OSVersion { - found = true - break - } - } - if !found { - t.Errorf("OS version %s not valid for OS type %s", fp.OSVersion, fp.OSType) - } - } -} - -func TestFingerprintManager_ConcurrentAccess(t *testing.T) { - fm := NewFingerprintManager() - const numGoroutines = 100 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - for j := 0; j < numOperations; j++ { - tokenKey := "token" + string(rune('a'+id%26)) - switch j % 4 { - case 0: - fm.GetFingerprint(tokenKey) - case 1: - fm.Count() - case 2: - fp := fm.GetFingerprint(tokenKey) - req, _ := http.NewRequest("GET", "http://example.com", nil) - fp.ApplyToRequest(req) - case 3: - fm.RemoveFingerprint(tokenKey) - } - } - }(i) - } - - wg.Wait() -} - -func TestKiroHashUniqueness(t *testing.T) { - fm := NewFingerprintManager() - hashes := make(map[string]bool) - - for i := 0; i < 100; i++ { - fp := fm.GetFingerprint("token" + string(rune(i))) - if hashes[fp.KiroHash] { - t.Errorf("duplicate KiroHash detected: %s", fp.KiroHash) - } - hashes[fp.KiroHash] = true - } -} - -func TestKiroHashFormat(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - if len(fp.KiroHash) != 64 { - t.Errorf("expected KiroHash length 64 (SHA256 hex), got %d", len(fp.KiroHash)) - } - - for _, c := range fp.KiroHash { - if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f')) { - t.Errorf("invalid hex character in KiroHash: %c", c) - } - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/jitter.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/jitter.go deleted file mode 100644 index 0569a8fb18..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/jitter.go +++ /dev/null @@ -1,174 +0,0 @@ -package kiro - -import ( - "math/rand" - "sync" - "time" -) - -// Jitter configuration constants -const ( - // JitterPercent is the default percentage of jitter to apply (±30%) - JitterPercent = 0.30 - - // Human-like delay ranges - ShortDelayMin = 50 * time.Millisecond // Minimum for rapid consecutive operations - ShortDelayMax = 200 * time.Millisecond // Maximum for rapid consecutive operations - NormalDelayMin = 1 * time.Second // Minimum for normal thinking time - NormalDelayMax = 3 * time.Second // Maximum for normal thinking time - LongDelayMin = 5 * time.Second // Minimum for reading/resting - LongDelayMax = 10 * time.Second // Maximum for reading/resting - - // Probability thresholds for human-like behavior - ShortDelayProbability = 0.20 // 20% chance of short delay (consecutive ops) - LongDelayProbability = 0.05 // 5% chance of long delay (reading/resting) - NormalDelayProbability = 0.75 // 75% chance of normal delay (thinking) -) - -var ( - jitterRand *rand.Rand - jitterRandOnce sync.Once - jitterMu sync.Mutex - lastRequestTime time.Time -) - -// initJitterRand initializes the random number generator for jitter calculations. -// Uses a time-based seed for unpredictable but reproducible randomness. -func initJitterRand() { - jitterRandOnce.Do(func() { - jitterRand = rand.New(rand.NewSource(time.Now().UnixNano())) - }) -} - -// RandomDelay generates a random delay between min and max duration. -// Thread-safe implementation using mutex protection. -func RandomDelay(min, max time.Duration) time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - if min >= max { - return min - } - - rangeMs := max.Milliseconds() - min.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return min + time.Duration(randomMs)*time.Millisecond -} - -// JitterDelay adds jitter to a base delay. -// Applies ±jitterPercent variation to the base delay. -// For example, JitterDelay(1*time.Second, 0.30) returns a value between 700ms and 1300ms. -func JitterDelay(baseDelay time.Duration, jitterPercent float64) time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - if jitterPercent <= 0 || jitterPercent > 1 { - jitterPercent = JitterPercent - } - - // Calculate jitter range: base * jitterPercent - jitterRange := float64(baseDelay) * jitterPercent - - // Generate random value in range [-jitterRange, +jitterRange] - jitter := (jitterRand.Float64()*2 - 1) * jitterRange - - result := time.Duration(float64(baseDelay) + jitter) - if result < 0 { - return 0 - } - return result -} - -// JitterDelayDefault applies the default ±30% jitter to a base delay. -func JitterDelayDefault(baseDelay time.Duration) time.Duration { - return JitterDelay(baseDelay, JitterPercent) -} - -// HumanLikeDelay generates a delay that mimics human behavior patterns. -// The delay is selected based on probability distribution: -// - 20% chance: Short delay (50-200ms) - simulates consecutive rapid operations -// - 75% chance: Normal delay (1-3s) - simulates thinking/reading time -// - 5% chance: Long delay (5-10s) - simulates breaks/reading longer content -// -// Returns the delay duration (caller should call time.Sleep with this value). -func HumanLikeDelay() time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - // Track time since last request for adaptive behavior - now := time.Now() - timeSinceLastRequest := now.Sub(lastRequestTime) - lastRequestTime = now - - // If requests are very close together, use short delay - if timeSinceLastRequest < 500*time.Millisecond && timeSinceLastRequest > 0 { - rangeMs := ShortDelayMax.Milliseconds() - ShortDelayMin.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return ShortDelayMin + time.Duration(randomMs)*time.Millisecond - } - - // Otherwise, use probability-based selection - roll := jitterRand.Float64() - - var min, max time.Duration - switch { - case roll < ShortDelayProbability: - // Short delay - consecutive operations - min, max = ShortDelayMin, ShortDelayMax - case roll < ShortDelayProbability+LongDelayProbability: - // Long delay - reading/resting - min, max = LongDelayMin, LongDelayMax - default: - // Normal delay - thinking time - min, max = NormalDelayMin, NormalDelayMax - } - - rangeMs := max.Milliseconds() - min.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return min + time.Duration(randomMs)*time.Millisecond -} - -// ApplyHumanLikeDelay applies human-like delay by sleeping. -// This is a convenience function that combines HumanLikeDelay with time.Sleep. -func ApplyHumanLikeDelay() { - delay := HumanLikeDelay() - if delay > 0 { - time.Sleep(delay) - } -} - -// ExponentialBackoffWithJitter calculates retry delay using exponential backoff with jitter. -// Formula: min(baseDelay * 2^attempt + jitter, maxDelay) -// This helps prevent thundering herd problem when multiple clients retry simultaneously. -func ExponentialBackoffWithJitter(attempt int, baseDelay, maxDelay time.Duration) time.Duration { - if attempt < 0 { - attempt = 0 - } - - // Calculate exponential backoff: baseDelay * 2^attempt - backoff := baseDelay * time.Duration(1< maxDelay { - backoff = maxDelay - } - - // Add ±30% jitter - return JitterDelay(backoff, JitterPercent) -} - -// ShouldSkipDelay determines if delay should be skipped based on context. -// Returns true for streaming responses, WebSocket connections, etc. -// This function can be extended to check additional skip conditions. -func ShouldSkipDelay(isStreaming bool) bool { - return isStreaming -} - -// ResetLastRequestTime resets the last request time tracker. -// Useful for testing or when starting a new session. -func ResetLastRequestTime() { - jitterMu.Lock() - defer jitterMu.Unlock() - lastRequestTime = time.Time{} -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/metrics.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/metrics.go deleted file mode 100644 index 0fe2d0c69e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/metrics.go +++ /dev/null @@ -1,187 +0,0 @@ -package kiro - -import ( - "math" - "sync" - "time" -) - -// TokenMetrics holds performance metrics for a single token. -type TokenMetrics struct { - SuccessRate float64 // Success rate (0.0 - 1.0) - AvgLatency float64 // Average latency in milliseconds - QuotaRemaining float64 // Remaining quota (0.0 - 1.0) - LastUsed time.Time // Last usage timestamp - FailCount int // Consecutive failure count - TotalRequests int // Total request count - successCount int // Internal: successful request count - totalLatency float64 // Internal: cumulative latency -} - -// TokenScorer manages token metrics and scoring. -type TokenScorer struct { - mu sync.RWMutex - metrics map[string]*TokenMetrics - - // Scoring weights - successRateWeight float64 - quotaWeight float64 - latencyWeight float64 - lastUsedWeight float64 - failPenaltyMultiplier float64 -} - -// NewTokenScorer creates a new TokenScorer with default weights. -func NewTokenScorer() *TokenScorer { - return &TokenScorer{ - metrics: make(map[string]*TokenMetrics), - successRateWeight: 0.4, - quotaWeight: 0.25, - latencyWeight: 0.2, - lastUsedWeight: 0.15, - failPenaltyMultiplier: 0.1, - } -} - -// getOrCreateMetrics returns existing metrics or creates new ones. -func (s *TokenScorer) getOrCreateMetrics(tokenKey string) *TokenMetrics { - if m, ok := s.metrics[tokenKey]; ok { - return m - } - m := &TokenMetrics{ - SuccessRate: 1.0, - QuotaRemaining: 1.0, - } - s.metrics[tokenKey] = m - return m -} - -// RecordRequest records the result of a request for a token. -func (s *TokenScorer) RecordRequest(tokenKey string, success bool, latency time.Duration) { - s.mu.Lock() - defer s.mu.Unlock() - - m := s.getOrCreateMetrics(tokenKey) - m.TotalRequests++ - m.LastUsed = time.Now() - m.totalLatency += float64(latency.Milliseconds()) - - if success { - m.successCount++ - m.FailCount = 0 - } else { - m.FailCount++ - } - - // Update derived metrics - if m.TotalRequests > 0 { - m.SuccessRate = float64(m.successCount) / float64(m.TotalRequests) - m.AvgLatency = m.totalLatency / float64(m.TotalRequests) - } -} - -// SetQuotaRemaining updates the remaining quota for a token. -func (s *TokenScorer) SetQuotaRemaining(tokenKey string, quota float64) { - s.mu.Lock() - defer s.mu.Unlock() - - m := s.getOrCreateMetrics(tokenKey) - m.QuotaRemaining = quota -} - -// GetMetrics returns a copy of the metrics for a token. -func (s *TokenScorer) GetMetrics(tokenKey string) *TokenMetrics { - s.mu.RLock() - defer s.mu.RUnlock() - - if m, ok := s.metrics[tokenKey]; ok { - copy := *m - return © - } - return nil -} - -// CalculateScore computes the score for a token (higher is better). -func (s *TokenScorer) CalculateScore(tokenKey string) float64 { - s.mu.RLock() - defer s.mu.RUnlock() - - m, ok := s.metrics[tokenKey] - if !ok { - return 1.0 // New tokens get a high initial score - } - - // Success rate component (0-1) - successScore := m.SuccessRate - - // Quota component (0-1) - quotaScore := m.QuotaRemaining - - // Latency component (normalized, lower is better) - // Using exponential decay: score = e^(-latency/1000) - // 1000ms latency -> ~0.37 score, 100ms -> ~0.90 score - latencyScore := math.Exp(-m.AvgLatency / 1000.0) - if m.TotalRequests == 0 { - latencyScore = 1.0 - } - - // Last used component (prefer tokens not recently used) - // Score increases as time since last use increases - timeSinceUse := time.Since(m.LastUsed).Seconds() - // Normalize: 60 seconds -> ~0.63 score, 0 seconds -> 0 score - lastUsedScore := 1.0 - math.Exp(-timeSinceUse/60.0) - if m.LastUsed.IsZero() { - lastUsedScore = 1.0 - } - - // Calculate weighted score - score := s.successRateWeight*successScore + - s.quotaWeight*quotaScore + - s.latencyWeight*latencyScore + - s.lastUsedWeight*lastUsedScore - - // Apply consecutive failure penalty - if m.FailCount > 0 { - penalty := s.failPenaltyMultiplier * float64(m.FailCount) - score = score * math.Max(0, 1.0-penalty) - } - - return score -} - -// SelectBestToken selects the token with the highest score. -func (s *TokenScorer) SelectBestToken(tokens []string) string { - if len(tokens) == 0 { - return "" - } - if len(tokens) == 1 { - return tokens[0] - } - - bestToken := tokens[0] - bestScore := s.CalculateScore(tokens[0]) - - for _, token := range tokens[1:] { - score := s.CalculateScore(token) - if score > bestScore { - bestScore = score - bestToken = token - } - } - - return bestToken -} - -// ResetMetrics clears all metrics for a token. -func (s *TokenScorer) ResetMetrics(tokenKey string) { - s.mu.Lock() - defer s.mu.Unlock() - delete(s.metrics, tokenKey) -} - -// ResetAllMetrics clears all stored metrics. -func (s *TokenScorer) ResetAllMetrics() { - s.mu.Lock() - defer s.mu.Unlock() - s.metrics = make(map[string]*TokenMetrics) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/metrics_test.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/metrics_test.go deleted file mode 100644 index ffe2a876a3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/metrics_test.go +++ /dev/null @@ -1,301 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewTokenScorer(t *testing.T) { - s := NewTokenScorer() - if s == nil { - t.Fatal("expected non-nil TokenScorer") - } - if s.metrics == nil { - t.Error("expected non-nil metrics map") - } - if s.successRateWeight != 0.4 { - t.Errorf("expected successRateWeight 0.4, got %f", s.successRateWeight) - } - if s.quotaWeight != 0.25 { - t.Errorf("expected quotaWeight 0.25, got %f", s.quotaWeight) - } -} - -func TestRecordRequest_Success(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m == nil { - t.Fatal("expected non-nil metrics") - } - if m.TotalRequests != 1 { - t.Errorf("expected TotalRequests 1, got %d", m.TotalRequests) - } - if m.SuccessRate != 1.0 { - t.Errorf("expected SuccessRate 1.0, got %f", m.SuccessRate) - } - if m.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", m.FailCount) - } - if m.AvgLatency != 100 { - t.Errorf("expected AvgLatency 100, got %f", m.AvgLatency) - } -} - -func TestRecordRequest_Failure(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", false, 200*time.Millisecond) - - m := s.GetMetrics("token1") - if m.SuccessRate != 0.0 { - t.Errorf("expected SuccessRate 0.0, got %f", m.SuccessRate) - } - if m.FailCount != 1 { - t.Errorf("expected FailCount 1, got %d", m.FailCount) - } -} - -func TestRecordRequest_MixedResults(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.TotalRequests != 4 { - t.Errorf("expected TotalRequests 4, got %d", m.TotalRequests) - } - if m.SuccessRate != 0.75 { - t.Errorf("expected SuccessRate 0.75, got %f", m.SuccessRate) - } - if m.FailCount != 0 { - t.Errorf("expected FailCount 0 (reset on success), got %d", m.FailCount) - } -} - -func TestRecordRequest_ConsecutiveFailures(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.FailCount != 3 { - t.Errorf("expected FailCount 3, got %d", m.FailCount) - } -} - -func TestSetQuotaRemaining(t *testing.T) { - s := NewTokenScorer() - s.SetQuotaRemaining("token1", 0.5) - - m := s.GetMetrics("token1") - if m.QuotaRemaining != 0.5 { - t.Errorf("expected QuotaRemaining 0.5, got %f", m.QuotaRemaining) - } -} - -func TestGetMetrics_NonExistent(t *testing.T) { - s := NewTokenScorer() - m := s.GetMetrics("nonexistent") - if m != nil { - t.Error("expected nil metrics for non-existent token") - } -} - -func TestGetMetrics_ReturnsCopy(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m1 := s.GetMetrics("token1") - m1.TotalRequests = 999 - - m2 := s.GetMetrics("token1") - if m2.TotalRequests == 999 { - t.Error("GetMetrics should return a copy") - } -} - -func TestCalculateScore_NewToken(t *testing.T) { - s := NewTokenScorer() - score := s.CalculateScore("newtoken") - if score != 1.0 { - t.Errorf("expected score 1.0 for new token, got %f", score) - } -} - -func TestCalculateScore_PerfectToken(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 50*time.Millisecond) - s.SetQuotaRemaining("token1", 1.0) - - time.Sleep(100 * time.Millisecond) - score := s.CalculateScore("token1") - if score < 0.5 || score > 1.0 { - t.Errorf("expected high score for perfect token, got %f", score) - } -} - -func TestCalculateScore_FailedToken(t *testing.T) { - s := NewTokenScorer() - for i := 0; i < 5; i++ { - s.RecordRequest("token1", false, 1000*time.Millisecond) - } - s.SetQuotaRemaining("token1", 0.1) - - score := s.CalculateScore("token1") - if score > 0.5 { - t.Errorf("expected low score for failed token, got %f", score) - } -} - -func TestCalculateScore_FailPenalty(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - scoreNoFail := s.CalculateScore("token1") - - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - scoreWithFail := s.CalculateScore("token1") - - if scoreWithFail >= scoreNoFail { - t.Errorf("expected lower score with consecutive failures: noFail=%f, withFail=%f", scoreNoFail, scoreWithFail) - } -} - -func TestSelectBestToken_Empty(t *testing.T) { - s := NewTokenScorer() - best := s.SelectBestToken([]string{}) - if best != "" { - t.Errorf("expected empty string for empty tokens, got %s", best) - } -} - -func TestSelectBestToken_SingleToken(t *testing.T) { - s := NewTokenScorer() - best := s.SelectBestToken([]string{"token1"}) - if best != "token1" { - t.Errorf("expected token1, got %s", best) - } -} - -func TestSelectBestToken_MultipleTokens(t *testing.T) { - s := NewTokenScorer() - - s.RecordRequest("bad", false, 1000*time.Millisecond) - s.RecordRequest("bad", false, 1000*time.Millisecond) - s.SetQuotaRemaining("bad", 0.1) - - s.RecordRequest("good", true, 50*time.Millisecond) - s.SetQuotaRemaining("good", 0.9) - - time.Sleep(50 * time.Millisecond) - - best := s.SelectBestToken([]string{"bad", "good"}) - if best != "good" { - t.Errorf("expected good token to be selected, got %s", best) - } -} - -func TestResetMetrics(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.ResetMetrics("token1") - - m := s.GetMetrics("token1") - if m != nil { - t.Error("expected nil metrics after reset") - } -} - -func TestResetAllMetrics(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token2", true, 100*time.Millisecond) - s.RecordRequest("token3", true, 100*time.Millisecond) - - s.ResetAllMetrics() - - if s.GetMetrics("token1") != nil { - t.Error("expected nil metrics for token1 after reset all") - } - if s.GetMetrics("token2") != nil { - t.Error("expected nil metrics for token2 after reset all") - } -} - -func TestTokenScorer_ConcurrentAccess(t *testing.T) { - s := NewTokenScorer() - const numGoroutines = 50 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - s.RecordRequest(tokenKey, j%2 == 0, time.Duration(j)*time.Millisecond) - case 1: - s.SetQuotaRemaining(tokenKey, float64(j%100)/100) - case 2: - s.GetMetrics(tokenKey) - case 3: - s.CalculateScore(tokenKey) - case 4: - s.SelectBestToken([]string{tokenKey, "token_x", "token_y"}) - case 5: - if j%20 == 0 { - s.ResetMetrics(tokenKey) - } - } - } - }(i) - } - - wg.Wait() -} - -func TestAvgLatencyCalculation(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", true, 200*time.Millisecond) - s.RecordRequest("token1", true, 300*time.Millisecond) - - m := s.GetMetrics("token1") - if m.AvgLatency != 200 { - t.Errorf("expected AvgLatency 200, got %f", m.AvgLatency) - } -} - -func TestLastUsedUpdated(t *testing.T) { - s := NewTokenScorer() - before := time.Now() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.LastUsed.Before(before) { - t.Error("expected LastUsed to be after test start time") - } - if m.LastUsed.After(time.Now()) { - t.Error("expected LastUsed to be before or equal to now") - } -} - -func TestDefaultQuotaForNewToken(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.QuotaRemaining != 1.0 { - t.Errorf("expected default QuotaRemaining 1.0, got %f", m.QuotaRemaining) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth.go deleted file mode 100644 index a286cf4229..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth.go +++ /dev/null @@ -1,329 +0,0 @@ -// Package kiro provides OAuth2 authentication for Kiro using native Google login. -package kiro - -import ( - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "html" - "io" - "net" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro auth endpoint - kiroAuthEndpoint = "https://prod.us-east-1.auth.desktop.kiro.dev" - - // Default callback port - defaultCallbackPort = 9876 - - // Auth timeout - authTimeout = 10 * time.Minute -) - -// KiroTokenResponse represents the response from Kiro token endpoint. -type KiroTokenResponse struct { - AccessToken string `json:"accessToken"` - RefreshToken string `json:"refreshToken"` - ProfileArn string `json:"profileArn"` - ExpiresIn int `json:"expiresIn"` -} - -// KiroOAuth handles the OAuth flow for Kiro authentication. -type KiroOAuth struct { - httpClient *http.Client - cfg *config.Config -} - -// NewKiroOAuth creates a new Kiro OAuth handler. -func NewKiroOAuth(cfg *config.Config) *KiroOAuth { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &KiroOAuth{ - httpClient: client, - cfg: cfg, - } -} - -// generateCodeVerifier generates a random code verifier for PKCE. -func generateCodeVerifier() (string, error) { - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// generateCodeChallenge generates the code challenge from verifier. -func generateCodeChallenge(verifier string) string { - h := sha256.Sum256([]byte(verifier)) - return base64.RawURLEncoding.EncodeToString(h[:]) -} - -// generateState generates a random state parameter. -func generateState() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// AuthResult contains the authorization code and state from callback. -type AuthResult struct { - Code string - State string - Error string -} - -// startCallbackServer starts a local HTTP server to receive the OAuth callback. -func (o *KiroOAuth) startCallbackServer(ctx context.Context, expectedState string) (string, <-chan AuthResult, error) { - // Try to find an available port - use localhost like Kiro does - listener, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", defaultCallbackPort)) - if err != nil { - // Try with dynamic port (RFC 8252 allows dynamic ports for native apps) - log.Warnf("kiro oauth: default port %d is busy, falling back to dynamic port", defaultCallbackPort) - listener, err = net.Listen("tcp", "localhost:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - // Use http scheme for local callback server - redirectURI := fmt.Sprintf("http://localhost:%d/oauth/callback", port) - resultChan := make(chan AuthResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - if errParam != "" { - w.Header().Set("Content-Type", "text/html") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, `

Login Failed

%s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- AuthResult{Error: errParam} - return - } - - if state != expectedState { - w.Header().Set("Content-Type", "text/html") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprint(w, `

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- AuthResult{Error: "state mismatch"} - return - } - - w.Header().Set("Content-Type", "text/html") - fmt.Fprint(w, `

Login Successful!

You can close this window and return to the terminal.

`) - resultChan <- AuthResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(authTimeout): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// LoginWithBuilderID performs OAuth login with AWS Builder ID using device code flow. -func (o *KiroOAuth) LoginWithBuilderID(ctx context.Context) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(o.cfg) - return ssoClient.LoginWithBuilderID(ctx) -} - -// LoginWithBuilderIDAuthCode performs OAuth login with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (o *KiroOAuth) LoginWithBuilderIDAuthCode(ctx context.Context) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(o.cfg) - return ssoClient.LoginWithBuilderIDAuthCode(ctx) -} - -// exchangeCodeForToken exchanges the authorization code for tokens. -func (o *KiroOAuth) exchangeCodeForToken(ctx context.Context, code, codeVerifier, redirectURI string) (*KiroTokenData, error) { - payload := map[string]string{ - "code": code, - "code_verifier": codeVerifier, - "redirect_uri": redirectURI, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - tokenURL := kiroAuthEndpoint + "/oauth/token" - req, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", "KiroIDE-0.7.45-cli-proxy-api") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token exchange failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token exchange failed (status %d)", resp.StatusCode) - } - - var tokenResp KiroTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// RefreshToken refreshes an expired access token. -// Uses KiroIDE-style User-Agent to match official Kiro IDE behavior. -func (o *KiroOAuth) RefreshToken(ctx context.Context, refreshToken string) (*KiroTokenData, error) { - return o.RefreshTokenWithFingerprint(ctx, refreshToken, "") -} - -// RefreshTokenWithFingerprint refreshes an expired access token with a specific fingerprint. -// tokenKey is used to generate a consistent fingerprint for the token. -func (o *KiroOAuth) RefreshTokenWithFingerprint(ctx context.Context, refreshToken, tokenKey string) (*KiroTokenData, error) { - payload := map[string]string{ - "refreshToken": refreshToken, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - refreshURL := kiroAuthEndpoint + "/refreshToken" - req, err := http.NewRequestWithContext(ctx, http.MethodPost, refreshURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - - // Use KiroIDE-style User-Agent to match official Kiro IDE behavior - // This helps avoid 403 errors from server-side User-Agent validation - userAgent := buildKiroUserAgent(tokenKey) - req.Header.Set("User-Agent", userAgent) - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("refresh request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - } - - var tokenResp KiroTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// buildKiroUserAgent builds a KiroIDE-style User-Agent string. -// If tokenKey is provided, uses fingerprint manager for consistent fingerprint. -// Otherwise generates a simple KiroIDE User-Agent. -func buildKiroUserAgent(tokenKey string) string { - if tokenKey != "" { - fm := NewFingerprintManager() - fp := fm.GetFingerprint(tokenKey) - return fmt.Sprintf("KiroIDE-%s-%s", fp.KiroVersion, fp.KiroHash[:16]) - } - // Default KiroIDE User-Agent matching kiro-openai-gateway format - return "KiroIDE-0.7.45-cli-proxy-api" -} - -// LoginWithGoogle performs OAuth login with Google using Kiro's social auth. -// This uses a custom protocol handler (kiro://) to receive the callback. -func (o *KiroOAuth) LoginWithGoogle(ctx context.Context) (*KiroTokenData, error) { - socialClient := NewSocialAuthClient(o.cfg) - return socialClient.LoginWithGoogle(ctx) -} - -// LoginWithGitHub performs OAuth login with GitHub using Kiro's social auth. -// This uses a custom protocol handler (kiro://) to receive the callback. -func (o *KiroOAuth) LoginWithGitHub(ctx context.Context) (*KiroTokenData, error) { - socialClient := NewSocialAuthClient(o.cfg) - return socialClient.LoginWithGitHub(ctx) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth_web.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth_web.go deleted file mode 100644 index 88fba6726c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth_web.go +++ /dev/null @@ -1,969 +0,0 @@ -// Package kiro provides OAuth Web authentication for Kiro. -package kiro - -import ( - "context" - "crypto/rand" - "encoding/base64" - "encoding/json" - "fmt" - "html/template" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - defaultSessionExpiry = 10 * time.Minute - pollIntervalSeconds = 5 -) - -type authSessionStatus string - -const ( - statusPending authSessionStatus = "pending" - statusSuccess authSessionStatus = "success" - statusFailed authSessionStatus = "failed" -) - -type webAuthSession struct { - stateID string - deviceCode string - userCode string - authURL string - verificationURI string - expiresIn int - interval int - status authSessionStatus - startedAt time.Time - completedAt time.Time - expiresAt time.Time - error string - tokenData *KiroTokenData - ssoClient *SSOOIDCClient - clientID string - clientSecret string - region string - cancelFunc context.CancelFunc - authMethod string // "google", "github", "builder-id", "idc" - startURL string // Used for IDC - codeVerifier string // Used for social auth PKCE - codeChallenge string // Used for social auth PKCE -} - -type OAuthWebHandler struct { - cfg *config.Config - sessions map[string]*webAuthSession - mu sync.RWMutex - onTokenObtained func(*KiroTokenData) -} - -func NewOAuthWebHandler(cfg *config.Config) *OAuthWebHandler { - return &OAuthWebHandler{ - cfg: cfg, - sessions: make(map[string]*webAuthSession), - } -} - -func (h *OAuthWebHandler) SetTokenCallback(callback func(*KiroTokenData)) { - h.onTokenObtained = callback -} - -func (h *OAuthWebHandler) RegisterRoutes(router gin.IRouter) { - oauth := router.Group("/v0/oauth/kiro") - { - oauth.GET("", h.handleSelect) - oauth.GET("/start", h.handleStart) - oauth.GET("/callback", h.handleCallback) - oauth.GET("/social/callback", h.handleSocialCallback) - oauth.GET("/status", h.handleStatus) - oauth.POST("/import", h.handleImportToken) - oauth.POST("/refresh", h.handleManualRefresh) - } -} - -func generateStateID() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -func (h *OAuthWebHandler) handleSelect(c *gin.Context) { - h.renderSelectPage(c) -} - -func (h *OAuthWebHandler) handleStart(c *gin.Context) { - method := c.Query("method") - - if method == "" { - c.Redirect(http.StatusFound, "/v0/oauth/kiro") - return - } - - switch method { - case "google", "github": - // Google/GitHub social login is not supported for third-party apps - // due to AWS Cognito redirect_uri restrictions - h.renderError(c, "Google/GitHub login is not available for third-party applications. Please use AWS Builder ID or import your token from Kiro IDE.") - case "builder-id": - h.startBuilderIDAuth(c) - case "idc": - h.startIDCAuth(c) - default: - h.renderError(c, fmt.Sprintf("Unknown authentication method: %s", method)) - } -} - -func (h *OAuthWebHandler) startSocialAuth(c *gin.Context, method string) { - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - codeVerifier, codeChallenge, err := generatePKCE() - if err != nil { - h.renderError(c, "Failed to generate PKCE parameters") - return - } - - socialClient := NewSocialAuthClient(h.cfg) - - var provider string - if method == "google" { - provider = string(ProviderGoogle) - } else { - provider = string(ProviderGitHub) - } - - redirectURI := h.getSocialCallbackURL(c) - authURL := socialClient.buildLoginURL(provider, redirectURI, codeChallenge, stateID) - - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) - - session := &webAuthSession{ - stateID: stateID, - authMethod: method, - authURL: authURL, - status: statusPending, - startedAt: time.Now(), - expiresIn: 600, - codeVerifier: codeVerifier, - codeChallenge: codeChallenge, - region: "us-east-1", - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go func() { - <-ctx.Done() - h.mu.Lock() - if session.status == statusPending { - session.status = statusFailed - session.error = "Authentication timed out" - } - h.mu.Unlock() - }() - - c.Redirect(http.StatusFound, authURL) -} - -func (h *OAuthWebHandler) getSocialCallbackURL(c *gin.Context) string { - scheme := "http" - if c.Request.TLS != nil || c.GetHeader("X-Forwarded-Proto") == "https" { - scheme = "https" - } - return fmt.Sprintf("%s://%s/v0/oauth/kiro/social/callback", scheme, c.Request.Host) -} - -func (h *OAuthWebHandler) startBuilderIDAuth(c *gin.Context) { - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - region := defaultIDCRegion - startURL := builderIDStartURL - - ssoClient := NewSSOOIDCClient(h.cfg) - - regResp, err := ssoClient.RegisterClientWithRegion(c.Request.Context(), region) - if err != nil { - log.Errorf("OAuth Web: failed to register client: %v", err) - h.renderError(c, fmt.Sprintf("Failed to register client: %v", err)) - return - } - - authResp, err := ssoClient.StartDeviceAuthorizationWithIDC( - c.Request.Context(), - regResp.ClientID, - regResp.ClientSecret, - startURL, - region, - ) - if err != nil { - log.Errorf("OAuth Web: failed to start device authorization: %v", err) - h.renderError(c, fmt.Sprintf("Failed to start device authorization: %v", err)) - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(authResp.ExpiresIn)*time.Second) - - session := &webAuthSession{ - stateID: stateID, - deviceCode: authResp.DeviceCode, - userCode: authResp.UserCode, - authURL: authResp.VerificationURIComplete, - verificationURI: authResp.VerificationURI, - expiresIn: authResp.ExpiresIn, - interval: authResp.Interval, - status: statusPending, - startedAt: time.Now(), - ssoClient: ssoClient, - clientID: regResp.ClientID, - clientSecret: regResp.ClientSecret, - region: region, - authMethod: "builder-id", - startURL: startURL, - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go h.pollForToken(ctx, session) - - h.renderStartPage(c, session) -} - -func (h *OAuthWebHandler) startIDCAuth(c *gin.Context) { - startURL := c.Query("startUrl") - region := c.Query("region") - - if startURL == "" { - h.renderError(c, "Missing startUrl parameter for IDC authentication") - return - } - if region == "" { - region = defaultIDCRegion - } - - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - ssoClient := NewSSOOIDCClient(h.cfg) - - regResp, err := ssoClient.RegisterClientWithRegion(c.Request.Context(), region) - if err != nil { - log.Errorf("OAuth Web: failed to register client: %v", err) - h.renderError(c, fmt.Sprintf("Failed to register client: %v", err)) - return - } - - authResp, err := ssoClient.StartDeviceAuthorizationWithIDC( - c.Request.Context(), - regResp.ClientID, - regResp.ClientSecret, - startURL, - region, - ) - if err != nil { - log.Errorf("OAuth Web: failed to start device authorization: %v", err) - h.renderError(c, fmt.Sprintf("Failed to start device authorization: %v", err)) - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(authResp.ExpiresIn)*time.Second) - - session := &webAuthSession{ - stateID: stateID, - deviceCode: authResp.DeviceCode, - userCode: authResp.UserCode, - authURL: authResp.VerificationURIComplete, - verificationURI: authResp.VerificationURI, - expiresIn: authResp.ExpiresIn, - interval: authResp.Interval, - status: statusPending, - startedAt: time.Now(), - ssoClient: ssoClient, - clientID: regResp.ClientID, - clientSecret: regResp.ClientSecret, - region: region, - authMethod: "idc", - startURL: startURL, - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go h.pollForToken(ctx, session) - - h.renderStartPage(c, session) -} - -func (h *OAuthWebHandler) pollForToken(ctx context.Context, session *webAuthSession) { - defer session.cancelFunc() - - interval := time.Duration(session.interval) * time.Second - if interval < time.Duration(pollIntervalSeconds)*time.Second { - interval = time.Duration(pollIntervalSeconds) * time.Second - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - h.mu.Lock() - if session.status == statusPending { - session.status = statusFailed - session.error = "Authentication timed out" - } - h.mu.Unlock() - return - case <-ticker.C: - tokenResp, err := h.ssoClient(session).CreateTokenWithRegion( - ctx, - session.clientID, - session.clientSecret, - session.deviceCode, - session.region, - ) - - if err != nil { - errStr := err.Error() - if errStr == ErrAuthorizationPending.Error() { - continue - } - if errStr == ErrSlowDown.Error() { - interval += 5 * time.Second - ticker.Reset(interval) - continue - } - - h.mu.Lock() - session.status = statusFailed - session.error = errStr - session.completedAt = time.Now() - h.mu.Unlock() - - log.Errorf("OAuth Web: token polling failed: %v", err) - return - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - profileArn := session.ssoClient.fetchProfileArn(ctx, tokenResp.AccessToken) - email := FetchUserEmailWithFallback(ctx, h.cfg, tokenResp.AccessToken) - - tokenData := &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: session.authMethod, - Provider: "AWS", - ClientID: session.clientID, - ClientSecret: session.clientSecret, - Email: email, - Region: session.region, - StartURL: session.startURL, - } - - h.mu.Lock() - session.status = statusSuccess - session.completedAt = time.Now() - session.expiresAt = expiresAt - session.tokenData = tokenData - h.mu.Unlock() - - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - log.Infof("OAuth Web: authentication successful for %s", email) - return - } - } -} - -// saveTokenToFile saves the token data to the auth directory -func (h *OAuthWebHandler) saveTokenToFile(tokenData *KiroTokenData) { - // Get auth directory from config or use default - authDir := "" - if h.cfg != nil && h.cfg.AuthDir != "" { - var err error - authDir, err = util.ResolveAuthDir(h.cfg.AuthDir) - if err != nil { - log.Errorf("OAuth Web: failed to resolve auth directory: %v", err) - } - } - - // Fall back to default location - if authDir == "" { - home, err := os.UserHomeDir() - if err != nil { - log.Errorf("OAuth Web: failed to get home directory: %v", err) - return - } - authDir = filepath.Join(home, ".cli-proxy-api") - } - - // Create directory if not exists - if err := os.MkdirAll(authDir, 0700); err != nil { - log.Errorf("OAuth Web: failed to create auth directory: %v", err) - return - } - - // Generate filename using the unified function - fileName := GenerateTokenFileName(tokenData) - - authFilePath := filepath.Join(authDir, fileName) - - // Convert to storage format and save - storage := &KiroTokenStorage{ - Type: "kiro", - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - ProfileArn: tokenData.ProfileArn, - ExpiresAt: tokenData.ExpiresAt, - AuthMethod: tokenData.AuthMethod, - Provider: tokenData.Provider, - LastRefresh: time.Now().Format(time.RFC3339), - ClientID: tokenData.ClientID, - ClientSecret: tokenData.ClientSecret, - Region: tokenData.Region, - StartURL: tokenData.StartURL, - Email: tokenData.Email, - } - - if err := storage.SaveTokenToFile(authFilePath); err != nil { - log.Errorf("OAuth Web: failed to save token to file: %v", err) - return - } - - log.Infof("OAuth Web: token saved to %s", authFilePath) -} - -func (h *OAuthWebHandler) ssoClient(session *webAuthSession) *SSOOIDCClient { - return session.ssoClient -} - -func (h *OAuthWebHandler) handleCallback(c *gin.Context) { - stateID := c.Query("state") - errParam := c.Query("error") - - if errParam != "" { - h.renderError(c, errParam) - return - } - - if stateID == "" { - h.renderError(c, "Missing state parameter") - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - h.renderError(c, "Invalid or expired session") - return - } - - if session.status == statusSuccess { - h.renderSuccess(c, session) - } else if session.status == statusFailed { - h.renderError(c, session.error) - } else { - c.Redirect(http.StatusFound, "/v0/oauth/kiro/start") - } -} - -func (h *OAuthWebHandler) handleSocialCallback(c *gin.Context) { - stateID := c.Query("state") - code := c.Query("code") - errParam := c.Query("error") - - if errParam != "" { - h.renderError(c, errParam) - return - } - - if stateID == "" { - h.renderError(c, "Missing state parameter") - return - } - - if code == "" { - h.renderError(c, "Missing authorization code") - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - h.renderError(c, "Invalid or expired session") - return - } - - if session.authMethod != "google" && session.authMethod != "github" { - h.renderError(c, "Invalid session type for social callback") - return - } - - socialClient := NewSocialAuthClient(h.cfg) - redirectURI := h.getSocialCallbackURL(c) - - tokenReq := &CreateTokenRequest{ - Code: code, - CodeVerifier: session.codeVerifier, - RedirectURI: redirectURI, - } - - tokenResp, err := socialClient.CreateToken(c.Request.Context(), tokenReq) - if err != nil { - log.Errorf("OAuth Web: social token exchange failed: %v", err) - h.mu.Lock() - session.status = statusFailed - session.error = fmt.Sprintf("Token exchange failed: %v", err) - session.completedAt = time.Now() - h.mu.Unlock() - h.renderError(c, session.error) - return - } - - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - email := ExtractEmailFromJWT(tokenResp.AccessToken) - - var provider string - if session.authMethod == "google" { - provider = string(ProviderGoogle) - } else { - provider = string(ProviderGitHub) - } - - tokenData := &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: session.authMethod, - Provider: provider, - Email: email, - Region: "us-east-1", - } - - h.mu.Lock() - session.status = statusSuccess - session.completedAt = time.Now() - session.expiresAt = expiresAt - session.tokenData = tokenData - h.mu.Unlock() - - if session.cancelFunc != nil { - session.cancelFunc() - } - - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - log.Infof("OAuth Web: social authentication successful for %s via %s", email, provider) - h.renderSuccess(c, session) -} - -func (h *OAuthWebHandler) handleStatus(c *gin.Context) { - stateID := c.Query("state") - if stateID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing state parameter"}) - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - c.JSON(http.StatusNotFound, gin.H{"error": "session not found"}) - return - } - - response := gin.H{ - "status": string(session.status), - } - - switch session.status { - case statusPending: - elapsed := time.Since(session.startedAt).Seconds() - remaining := float64(session.expiresIn) - elapsed - if remaining < 0 { - remaining = 0 - } - response["remaining_seconds"] = int(remaining) - case statusSuccess: - response["completed_at"] = session.completedAt.Format(time.RFC3339) - response["expires_at"] = session.expiresAt.Format(time.RFC3339) - case statusFailed: - response["error"] = session.error - response["failed_at"] = session.completedAt.Format(time.RFC3339) - } - - c.JSON(http.StatusOK, response) -} - -func (h *OAuthWebHandler) renderStartPage(c *gin.Context, session *webAuthSession) { - tmpl, err := template.New("start").Parse(oauthWebStartPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "AuthURL": session.authURL, - "UserCode": session.userCode, - "ExpiresIn": session.expiresIn, - "StateID": session.stateID, - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render template: %v", err) - } -} - -func (h *OAuthWebHandler) renderSelectPage(c *gin.Context) { - tmpl, err := template.New("select").Parse(oauthWebSelectPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse select template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, nil); err != nil { - log.Errorf("OAuth Web: failed to render select template: %v", err) - } -} - -func (h *OAuthWebHandler) renderError(c *gin.Context, errMsg string) { - tmpl, err := template.New("error").Parse(oauthWebErrorPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse error template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "Error": errMsg, - } - - c.Header("Content-Type", "text/html; charset=utf-8") - c.Status(http.StatusBadRequest) - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render error template: %v", err) - } -} - -func (h *OAuthWebHandler) renderSuccess(c *gin.Context, session *webAuthSession) { - tmpl, err := template.New("success").Parse(oauthWebSuccessPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse success template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "ExpiresAt": session.expiresAt.Format(time.RFC3339), - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render success template: %v", err) - } -} - -func (h *OAuthWebHandler) CleanupExpiredSessions() { - h.mu.Lock() - defer h.mu.Unlock() - - now := time.Now() - for id, session := range h.sessions { - if session.status != statusPending && now.Sub(session.completedAt) > 30*time.Minute { - delete(h.sessions, id) - } else if session.status == statusPending && now.Sub(session.startedAt) > defaultSessionExpiry { - session.cancelFunc() - delete(h.sessions, id) - } - } -} - -func (h *OAuthWebHandler) GetSession(stateID string) (*webAuthSession, bool) { - h.mu.RLock() - defer h.mu.RUnlock() - session, exists := h.sessions[stateID] - return session, exists -} - -// ImportTokenRequest represents the request body for token import -type ImportTokenRequest struct { - RefreshToken string `json:"refreshToken"` -} - -// handleImportToken handles manual refresh token import from Kiro IDE -func (h *OAuthWebHandler) handleImportToken(c *gin.Context) { - var req ImportTokenRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Invalid request body", - }) - return - } - - refreshToken := strings.TrimSpace(req.RefreshToken) - if refreshToken == "" { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Refresh token is required", - }) - return - } - - // Validate token format - if !strings.HasPrefix(refreshToken, "aorAAAAAG") { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Invalid token format. Token should start with aorAAAAAG...", - }) - return - } - - // Create social auth client to refresh and validate the token - socialClient := NewSocialAuthClient(h.cfg) - - // Refresh the token to validate it and get access token - tokenData, err := socialClient.RefreshSocialToken(c.Request.Context(), refreshToken) - if err != nil { - log.Errorf("OAuth Web: token refresh failed during import: %v", err) - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": fmt.Sprintf("Token validation failed: %v", err), - }) - return - } - - // Set the original refresh token (the refreshed one might be empty) - if tokenData.RefreshToken == "" { - tokenData.RefreshToken = refreshToken - } - tokenData.AuthMethod = "social" - tokenData.Provider = "imported" - - // Notify callback if set - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - // Generate filename for response using the unified function - fileName := GenerateTokenFileName(tokenData) - - log.Infof("OAuth Web: token imported successfully") - c.JSON(http.StatusOK, gin.H{ - "success": true, - "message": "Token imported successfully", - "fileName": fileName, - }) -} - -// handleManualRefresh handles manual token refresh requests from the web UI. -// This allows users to trigger a token refresh when needed, without waiting -// for the automatic 30-second check and 20-minute-before-expiry refresh cycle. -// Uses the same refresh logic as kiro_executor.Refresh for consistency. -func (h *OAuthWebHandler) handleManualRefresh(c *gin.Context) { - authDir := "" - if h.cfg != nil && h.cfg.AuthDir != "" { - var err error - authDir, err = util.ResolveAuthDir(h.cfg.AuthDir) - if err != nil { - log.Errorf("OAuth Web: failed to resolve auth directory: %v", err) - } - } - - if authDir == "" { - home, err := os.UserHomeDir() - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "success": false, - "error": "Failed to get home directory", - }) - return - } - authDir = filepath.Join(home, ".cli-proxy-api") - } - - // Find all kiro token files in the auth directory - files, err := os.ReadDir(authDir) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "success": false, - "error": fmt.Sprintf("Failed to read auth directory: %v", err), - }) - return - } - - var refreshedCount int - var errors []string - - for _, file := range files { - if file.IsDir() { - continue - } - name := file.Name() - if !strings.HasPrefix(name, "kiro-") || !strings.HasSuffix(name, ".json") { - continue - } - - filePath := filepath.Join(authDir, name) - data, err := os.ReadFile(filePath) - if err != nil { - errors = append(errors, fmt.Sprintf("%s: read error - %v", name, err)) - continue - } - - var storage KiroTokenStorage - if err := json.Unmarshal(data, &storage); err != nil { - errors = append(errors, fmt.Sprintf("%s: parse error - %v", name, err)) - continue - } - - if storage.RefreshToken == "" { - errors = append(errors, fmt.Sprintf("%s: no refresh token", name)) - continue - } - - // Refresh token using the same logic as kiro_executor.Refresh - tokenData, err := h.refreshTokenData(c.Request.Context(), &storage) - if err != nil { - errors = append(errors, fmt.Sprintf("%s: refresh failed - %v", name, err)) - continue - } - - // Update storage with new token data - storage.AccessToken = tokenData.AccessToken - if tokenData.RefreshToken != "" { - storage.RefreshToken = tokenData.RefreshToken - } - storage.ExpiresAt = tokenData.ExpiresAt - storage.LastRefresh = time.Now().Format(time.RFC3339) - if tokenData.ProfileArn != "" { - storage.ProfileArn = tokenData.ProfileArn - } - - // Write updated token back to file - updatedData, err := json.MarshalIndent(storage, "", " ") - if err != nil { - errors = append(errors, fmt.Sprintf("%s: marshal error - %v", name, err)) - continue - } - - tmpFile := filePath + ".tmp" - if err := os.WriteFile(tmpFile, updatedData, 0600); err != nil { - errors = append(errors, fmt.Sprintf("%s: write error - %v", name, err)) - continue - } - if err := os.Rename(tmpFile, filePath); err != nil { - errors = append(errors, fmt.Sprintf("%s: rename error - %v", name, err)) - continue - } - - log.Infof("OAuth Web: manually refreshed token in %s, expires at %s", name, tokenData.ExpiresAt) - refreshedCount++ - - // Notify callback if set - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - } - - if refreshedCount == 0 && len(errors) > 0 { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": fmt.Sprintf("All refresh attempts failed: %v", errors), - }) - return - } - - response := gin.H{ - "success": true, - "message": fmt.Sprintf("Refreshed %d token(s)", refreshedCount), - "refreshedCount": refreshedCount, - } - if len(errors) > 0 { - response["warnings"] = errors - } - - c.JSON(http.StatusOK, response) -} - -// refreshTokenData refreshes a token using the appropriate method based on auth type. -// This mirrors the logic in kiro_executor.Refresh for consistency. -func (h *OAuthWebHandler) refreshTokenData(ctx context.Context, storage *KiroTokenStorage) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(h.cfg) - - switch { - case storage.ClientID != "" && storage.ClientSecret != "" && storage.AuthMethod == "idc" && storage.Region != "": - // IDC refresh with region-specific endpoint - log.Debugf("OAuth Web: using SSO OIDC refresh for IDC (region=%s)", storage.Region) - return ssoClient.RefreshTokenWithRegion(ctx, storage.ClientID, storage.ClientSecret, storage.RefreshToken, storage.Region, storage.StartURL) - - case storage.ClientID != "" && storage.ClientSecret != "" && storage.AuthMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("OAuth Web: using SSO OIDC refresh for AWS Builder ID") - return ssoClient.RefreshToken(ctx, storage.ClientID, storage.ClientSecret, storage.RefreshToken) - - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("OAuth Web: using Kiro OAuth refresh endpoint") - oauth := NewKiroOAuth(h.cfg) - return oauth.RefreshToken(ctx, storage.RefreshToken) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth_web_templates.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth_web_templates.go deleted file mode 100644 index 228677a511..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/oauth_web_templates.go +++ /dev/null @@ -1,779 +0,0 @@ -// Package kiro provides OAuth Web authentication templates. -package kiro - -const ( - oauthWebStartPageHTML = ` - - - - - AWS SSO Authentication - - - -
-

🔐 AWS SSO Authentication

-

Follow the steps below to complete authentication

- -
-
- 1 - Click the button below to open the authorization page -
- - 🚀 Open Authorization Page - -
- -
-
- 2 - Enter the verification code below -
-
-
Verification Code
-
{{.UserCode}}
-
-
- -
-
- 3 - Complete AWS SSO login -
-

- Use your AWS SSO account to login and authorize -

-
- -
- -
{{.ExpiresIn}}s
-
- Waiting for authorization... -
-
- -
- 💡 Tip: The authorization page will open in a new tab. This page will automatically update once authorization is complete. -
-
- - - -` - - oauthWebErrorPageHTML = ` - - - - - Authentication Failed - - - -
-

❌ Authentication Failed

-
-

Error:

-

{{.Error}}

-
- 🔄 Retry -
- -` - - oauthWebSuccessPageHTML = ` - - - - - Authentication Successful - - - -
-
-

Authentication Successful!

-
-

You can close this window.

-
-
Token expires: {{.ExpiresAt}}
-
- -` - - oauthWebSelectPageHTML = ` - - - - - Select Authentication Method - - - -
-

🔐 Select Authentication Method

-

Choose how you want to authenticate with Kiro

- -
- - 🔶 - AWS Builder ID (Recommended) - - - - -
or
- - - - - -
-
- -
-
- - -
- - -
Your AWS Identity Center Start URL
-
- -
- - -
AWS Region for your Identity Center
-
- - -
-
- -
-
-
- - -
Copy from Kiro IDE: ~/.kiro/kiro-auth-token.json → refreshToken field
-
- - - -
-
-
- -
- ⚠️ Note: Google and GitHub login are not available for third-party applications due to AWS Cognito restrictions. Please use AWS Builder ID or import your token from Kiro IDE. -
- -
- 💡 How to get RefreshToken:
- 1. Open Kiro IDE and login with Google/GitHub
- 2. Find the token file: ~/.kiro/kiro-auth-token.json
- 3. Copy the refreshToken value and paste it above -
-
- - - -` -) diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/protocol_handler.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/protocol_handler.go deleted file mode 100644 index d900ee3340..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/protocol_handler.go +++ /dev/null @@ -1,725 +0,0 @@ -// Package kiro provides custom protocol handler registration for Kiro OAuth. -// This enables the CLI to intercept kiro:// URIs for social authentication (Google/GitHub). -package kiro - -import ( - "context" - "fmt" - "html" - "net" - "net/http" - "net/url" - "os" - "os/exec" - "path/filepath" - "runtime" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -const ( - // KiroProtocol is the custom URI scheme used by Kiro - KiroProtocol = "kiro" - - // KiroAuthority is the URI authority for authentication callbacks - KiroAuthority = "kiro.kiroAgent" - - // KiroAuthPath is the path for successful authentication - KiroAuthPath = "/authenticate-success" - - // KiroRedirectURI is the full redirect URI for social auth - KiroRedirectURI = "kiro://kiro.kiroAgent/authenticate-success" - - // DefaultHandlerPort is the default port for the local callback server - DefaultHandlerPort = 19876 - - // HandlerTimeout is how long to wait for the OAuth callback - HandlerTimeout = 10 * time.Minute -) - -// ProtocolHandler manages the custom kiro:// protocol handler for OAuth callbacks. -type ProtocolHandler struct { - port int - server *http.Server - listener net.Listener - resultChan chan *AuthCallback - stopChan chan struct{} - mu sync.Mutex - running bool -} - -// AuthCallback contains the OAuth callback parameters. -type AuthCallback struct { - Code string - State string - Error string -} - -// NewProtocolHandler creates a new protocol handler. -func NewProtocolHandler() *ProtocolHandler { - return &ProtocolHandler{ - port: DefaultHandlerPort, - resultChan: make(chan *AuthCallback, 1), - stopChan: make(chan struct{}), - } -} - -// Start starts the local callback server that receives redirects from the protocol handler. -func (h *ProtocolHandler) Start(ctx context.Context) (int, error) { - h.mu.Lock() - defer h.mu.Unlock() - - if h.running { - return h.port, nil - } - - // Drain any stale results from previous runs - select { - case <-h.resultChan: - default: - } - - // Reset stopChan for reuse - close old channel first to unblock any waiting goroutines - if h.stopChan != nil { - select { - case <-h.stopChan: - // Already closed - default: - close(h.stopChan) - } - } - h.stopChan = make(chan struct{}) - - // Try ports in known range (must match handler script port range) - var listener net.Listener - var err error - portRange := []int{DefaultHandlerPort, DefaultHandlerPort + 1, DefaultHandlerPort + 2, DefaultHandlerPort + 3, DefaultHandlerPort + 4} - - for _, port := range portRange { - listener, err = net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)) - if err == nil { - break - } - log.Debugf("kiro protocol handler: port %d busy, trying next", port) - } - - if listener == nil { - return 0, fmt.Errorf("failed to start callback server: all ports %d-%d are busy", DefaultHandlerPort, DefaultHandlerPort+4) - } - - h.listener = listener - h.port = listener.Addr().(*net.TCPAddr).Port - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", h.handleCallback) - - h.server = &http.Server{ - Handler: mux, - ReadHeaderTimeout: 10 * time.Second, - } - - go func() { - if err := h.server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("kiro protocol handler server error: %v", err) - } - }() - - h.running = true - log.Debugf("kiro protocol handler started on port %d", h.port) - - // Auto-shutdown after context done, timeout, or explicit stop - // Capture references to prevent race with new Start() calls - currentStopChan := h.stopChan - currentServer := h.server - currentListener := h.listener - go func() { - select { - case <-ctx.Done(): - case <-time.After(HandlerTimeout): - case <-currentStopChan: - return // Already stopped, exit goroutine - } - // Only stop if this is still the current server/listener instance - h.mu.Lock() - if h.server == currentServer && h.listener == currentListener { - h.mu.Unlock() - h.Stop() - } else { - h.mu.Unlock() - } - }() - - return h.port, nil -} - -// Stop stops the callback server. -func (h *ProtocolHandler) Stop() { - h.mu.Lock() - defer h.mu.Unlock() - - if !h.running { - return - } - - // Signal the auto-shutdown goroutine to exit. - // This select pattern is safe because stopChan is only modified while holding h.mu, - // and we hold the lock here. The select prevents panic from double-close. - select { - case <-h.stopChan: - // Already closed - default: - close(h.stopChan) - } - - if h.server != nil { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel() - _ = h.server.Shutdown(ctx) - } - - h.running = false - log.Debug("kiro protocol handler stopped") -} - -// WaitForCallback waits for the OAuth callback and returns the result. -func (h *ProtocolHandler) WaitForCallback(ctx context.Context) (*AuthCallback, error) { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(HandlerTimeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - case result := <-h.resultChan: - return result, nil - } -} - -// GetPort returns the port the handler is listening on. -func (h *ProtocolHandler) GetPort() int { - return h.port -} - -// handleCallback processes the OAuth callback from the protocol handler script. -func (h *ProtocolHandler) handleCallback(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - result := &AuthCallback{ - Code: code, - State: state, - Error: errParam, - } - - // Send result - select { - case h.resultChan <- result: - default: - // Channel full, ignore duplicate callbacks - } - - // Send success response - w.Header().Set("Content-Type", "text/html; charset=utf-8") - if errParam != "" { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, ` - -Login Failed - -

Login Failed

-

Error: %s

-

You can close this window.

- -`, html.EscapeString(errParam)) - } else { - fmt.Fprint(w, ` - -Login Successful - -

Login Successful!

-

You can close this window and return to the terminal.

- - -`) - } -} - -// IsProtocolHandlerInstalled checks if the kiro:// protocol handler is installed. -func IsProtocolHandlerInstalled() bool { - switch runtime.GOOS { - case "linux": - return isLinuxHandlerInstalled() - case "windows": - return isWindowsHandlerInstalled() - case "darwin": - return isDarwinHandlerInstalled() - default: - return false - } -} - -// InstallProtocolHandler installs the kiro:// protocol handler for the current platform. -func InstallProtocolHandler(handlerPort int) error { - switch runtime.GOOS { - case "linux": - return installLinuxHandler(handlerPort) - case "windows": - return installWindowsHandler(handlerPort) - case "darwin": - return installDarwinHandler(handlerPort) - default: - return fmt.Errorf("unsupported platform: %s", runtime.GOOS) - } -} - -// UninstallProtocolHandler removes the kiro:// protocol handler. -func UninstallProtocolHandler() error { - switch runtime.GOOS { - case "linux": - return uninstallLinuxHandler() - case "windows": - return uninstallWindowsHandler() - case "darwin": - return uninstallDarwinHandler() - default: - return fmt.Errorf("unsupported platform: %s", runtime.GOOS) - } -} - -// --- Linux Implementation --- - -func getLinuxDesktopPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, ".local", "share", "applications", "kiro-oauth-handler.desktop") -} - -func getLinuxHandlerScriptPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, ".local", "bin", "kiro-oauth-handler") -} - -func isLinuxHandlerInstalled() bool { - desktopPath := getLinuxDesktopPath() - _, err := os.Stat(desktopPath) - return err == nil -} - -func installLinuxHandler(handlerPort int) error { - // Create directories - homeDir, err := os.UserHomeDir() - if err != nil { - return err - } - - binDir := filepath.Join(homeDir, ".local", "bin") - appDir := filepath.Join(homeDir, ".local", "share", "applications") - - if err := os.MkdirAll(binDir, 0755); err != nil { - return fmt.Errorf("failed to create bin directory: %w", err) - } - if err := os.MkdirAll(appDir, 0755); err != nil { - return fmt.Errorf("failed to create applications directory: %w", err) - } - - // Create handler script - tries multiple ports to handle dynamic port allocation - scriptPath := getLinuxHandlerScriptPath() - scriptContent := fmt.Sprintf(`#!/bin/bash -# Kiro OAuth Protocol Handler -# Handles kiro:// URIs - tries CLI first, then forwards to Kiro IDE - -URL="$1" - -# Check curl availability -if ! command -v curl &> /dev/null; then - echo "Error: curl is required for Kiro OAuth handler" >&2 - exit 1 -fi - -# Extract code and state from URL -[[ "$URL" =~ code=([^&]+) ]] && CODE="${BASH_REMATCH[1]}" -[[ "$URL" =~ state=([^&]+) ]] && STATE="${BASH_REMATCH[1]}" -[[ "$URL" =~ error=([^&]+) ]] && ERROR="${BASH_REMATCH[1]}" - -# Try CLI proxy on multiple possible ports (default + dynamic range) -CLI_OK=0 -for PORT in %d %d %d %d %d; do - if [ -n "$ERROR" ]; then - curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?error=$ERROR" && CLI_OK=1 && break - elif [ -n "$CODE" ] && [ -n "$STATE" ]; then - curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?code=$CODE&state=$STATE" && CLI_OK=1 && break - fi -done - -# If CLI not available, forward to Kiro IDE -if [ $CLI_OK -eq 0 ] && [ -x "/usr/share/kiro/kiro" ]; then - /usr/share/kiro/kiro --open-url "$URL" & -fi -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(scriptPath, []byte(scriptContent), 0755); err != nil { - return fmt.Errorf("failed to write handler script: %w", err) - } - - // Create .desktop file - desktopPath := getLinuxDesktopPath() - desktopContent := fmt.Sprintf(`[Desktop Entry] -Name=Kiro OAuth Handler -Comment=Handle kiro:// protocol for CLI Proxy API authentication -Exec=%s %%u -Type=Application -Terminal=false -NoDisplay=true -MimeType=x-scheme-handler/kiro; -Categories=Utility; -`, scriptPath) - - if err := os.WriteFile(desktopPath, []byte(desktopContent), 0644); err != nil { - return fmt.Errorf("failed to write desktop file: %w", err) - } - - // Register handler with xdg-mime - cmd := exec.Command("xdg-mime", "default", "kiro-oauth-handler.desktop", "x-scheme-handler/kiro") - if err := cmd.Run(); err != nil { - log.Warnf("xdg-mime registration failed (may need manual setup): %v", err) - } - - // Update desktop database - cmd = exec.Command("update-desktop-database", appDir) - _ = cmd.Run() // Ignore errors, not critical - - log.Info("Kiro protocol handler installed for Linux") - return nil -} - -func uninstallLinuxHandler() error { - desktopPath := getLinuxDesktopPath() - scriptPath := getLinuxHandlerScriptPath() - - if err := os.Remove(desktopPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove desktop file: %w", err) - } - if err := os.Remove(scriptPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove handler script: %w", err) - } - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// --- Windows Implementation --- - -func isWindowsHandlerInstalled() bool { - // Check registry key existence - cmd := exec.Command("reg", "query", `HKCU\Software\Classes\kiro`, "/ve") - return cmd.Run() == nil -} - -func installWindowsHandler(handlerPort int) error { - homeDir, err := os.UserHomeDir() - if err != nil { - return err - } - - // Create handler script (PowerShell) - scriptDir := filepath.Join(homeDir, ".cliproxyapi") - if err := os.MkdirAll(scriptDir, 0755); err != nil { - return fmt.Errorf("failed to create script directory: %w", err) - } - - scriptPath := filepath.Join(scriptDir, "kiro-oauth-handler.ps1") - scriptContent := fmt.Sprintf(`# Kiro OAuth Protocol Handler for Windows -param([string]$url) - -# Load required assembly for HttpUtility -Add-Type -AssemblyName System.Web - -# Parse URL parameters -$uri = [System.Uri]$url -$query = [System.Web.HttpUtility]::ParseQueryString($uri.Query) -$code = $query["code"] -$state = $query["state"] -$errorParam = $query["error"] - -# Try multiple ports (default + dynamic range) -$ports = @(%d, %d, %d, %d, %d) -$success = $false - -foreach ($port in $ports) { - if ($success) { break } - $callbackUrl = "http://127.0.0.1:$port/oauth/callback" - try { - if ($errorParam) { - $fullUrl = $callbackUrl + "?error=" + $errorParam - Invoke-WebRequest -Uri $fullUrl -UseBasicParsing -TimeoutSec 1 -ErrorAction Stop | Out-Null - $success = $true - } elseif ($code -and $state) { - $fullUrl = $callbackUrl + "?code=" + $code + "&state=" + $state - Invoke-WebRequest -Uri $fullUrl -UseBasicParsing -TimeoutSec 1 -ErrorAction Stop | Out-Null - $success = $true - } - } catch { - # Try next port - } -} -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(scriptPath, []byte(scriptContent), 0644); err != nil { - return fmt.Errorf("failed to write handler script: %w", err) - } - - // Create batch wrapper - batchPath := filepath.Join(scriptDir, "kiro-oauth-handler.bat") - batchContent := fmt.Sprintf("@echo off\npowershell -ExecutionPolicy Bypass -File \"%s\" %%1\n", scriptPath) - - if err := os.WriteFile(batchPath, []byte(batchContent), 0644); err != nil { - return fmt.Errorf("failed to write batch wrapper: %w", err) - } - - // Register in Windows registry - commands := [][]string{ - {"reg", "add", `HKCU\Software\Classes\kiro`, "/ve", "/d", "URL:Kiro Protocol", "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro`, "/v", "URL Protocol", "/d", "", "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell`, "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell\open`, "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell\open\command`, "/ve", "/d", fmt.Sprintf("\"%s\" \"%%1\"", batchPath), "/f"}, - } - - for _, args := range commands { - cmd := exec.Command(args[0], args[1:]...) - if err := cmd.Run(); err != nil { - return fmt.Errorf("failed to run registry command: %w", err) - } - } - - log.Info("Kiro protocol handler installed for Windows") - return nil -} - -func uninstallWindowsHandler() error { - // Remove registry keys - cmd := exec.Command("reg", "delete", `HKCU\Software\Classes\kiro`, "/f") - if err := cmd.Run(); err != nil { - log.Warnf("failed to remove registry key: %v", err) - } - - // Remove scripts - homeDir, _ := os.UserHomeDir() - scriptDir := filepath.Join(homeDir, ".cliproxyapi") - _ = os.Remove(filepath.Join(scriptDir, "kiro-oauth-handler.ps1")) - _ = os.Remove(filepath.Join(scriptDir, "kiro-oauth-handler.bat")) - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// --- macOS Implementation --- - -func getDarwinAppPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, "Applications", "KiroOAuthHandler.app") -} - -func isDarwinHandlerInstalled() bool { - appPath := getDarwinAppPath() - _, err := os.Stat(appPath) - return err == nil -} - -func installDarwinHandler(handlerPort int) error { - // Create app bundle structure - appPath := getDarwinAppPath() - contentsPath := filepath.Join(appPath, "Contents") - macOSPath := filepath.Join(contentsPath, "MacOS") - - if err := os.MkdirAll(macOSPath, 0755); err != nil { - return fmt.Errorf("failed to create app bundle: %w", err) - } - - // Create Info.plist - plistPath := filepath.Join(contentsPath, "Info.plist") - plistContent := ` - - - - CFBundleIdentifier - com.cliproxyapi.kiro-oauth-handler - CFBundleName - KiroOAuthHandler - CFBundleExecutable - kiro-oauth-handler - CFBundleVersion - 1.0 - CFBundleURLTypes - - - CFBundleURLName - Kiro Protocol - CFBundleURLSchemes - - kiro - - - - LSBackgroundOnly - - -` - - if err := os.WriteFile(plistPath, []byte(plistContent), 0644); err != nil { - return fmt.Errorf("failed to write Info.plist: %w", err) - } - - // Create executable script - tries multiple ports to handle dynamic port allocation - execPath := filepath.Join(macOSPath, "kiro-oauth-handler") - execContent := fmt.Sprintf(`#!/bin/bash -# Kiro OAuth Protocol Handler for macOS - -URL="$1" - -# Check curl availability (should always exist on macOS) -if [ ! -x /usr/bin/curl ]; then - echo "Error: curl is required for Kiro OAuth handler" >&2 - exit 1 -fi - -# Extract code and state from URL -[[ "$URL" =~ code=([^&]+) ]] && CODE="${BASH_REMATCH[1]}" -[[ "$URL" =~ state=([^&]+) ]] && STATE="${BASH_REMATCH[1]}" -[[ "$URL" =~ error=([^&]+) ]] && ERROR="${BASH_REMATCH[1]}" - -# Try multiple ports (default + dynamic range) -for PORT in %d %d %d %d %d; do - if [ -n "$ERROR" ]; then - /usr/bin/curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?error=$ERROR" && exit 0 - elif [ -n "$CODE" ] && [ -n "$STATE" ]; then - /usr/bin/curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?code=$CODE&state=$STATE" && exit 0 - fi -done -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(execPath, []byte(execContent), 0755); err != nil { - return fmt.Errorf("failed to write executable: %w", err) - } - - // Register the app with Launch Services - cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", - "-f", appPath) - if err := cmd.Run(); err != nil { - log.Warnf("lsregister failed (handler may still work): %v", err) - } - - log.Info("Kiro protocol handler installed for macOS") - return nil -} - -func uninstallDarwinHandler() error { - appPath := getDarwinAppPath() - - // Unregister from Launch Services - cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", - "-u", appPath) - _ = cmd.Run() - - // Remove app bundle - if err := os.RemoveAll(appPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove app bundle: %w", err) - } - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// ParseKiroURI parses a kiro:// URI and extracts the callback parameters. -func ParseKiroURI(rawURI string) (*AuthCallback, error) { - u, err := url.Parse(rawURI) - if err != nil { - return nil, fmt.Errorf("invalid URI: %w", err) - } - - if u.Scheme != KiroProtocol { - return nil, fmt.Errorf("invalid scheme: expected %s, got %s", KiroProtocol, u.Scheme) - } - - if u.Host != KiroAuthority { - return nil, fmt.Errorf("invalid authority: expected %s, got %s", KiroAuthority, u.Host) - } - - query := u.Query() - return &AuthCallback{ - Code: query.Get("code"), - State: query.Get("state"), - Error: query.Get("error"), - }, nil -} - -// GetHandlerInstructions returns platform-specific instructions for manual handler setup. -func GetHandlerInstructions() string { - switch runtime.GOOS { - case "linux": - return `To manually set up the Kiro protocol handler on Linux: - -1. Create ~/.local/share/applications/kiro-oauth-handler.desktop: - [Desktop Entry] - Name=Kiro OAuth Handler - Exec=~/.local/bin/kiro-oauth-handler %u - Type=Application - Terminal=false - MimeType=x-scheme-handler/kiro; - -2. Create ~/.local/bin/kiro-oauth-handler (make it executable): - #!/bin/bash - URL="$1" - # ... (see generated script for full content) - -3. Run: xdg-mime default kiro-oauth-handler.desktop x-scheme-handler/kiro` - - case "windows": - return `To manually set up the Kiro protocol handler on Windows: - -1. Open Registry Editor (regedit.exe) -2. Create key: HKEY_CURRENT_USER\Software\Classes\kiro -3. Set default value to: URL:Kiro Protocol -4. Create string value "URL Protocol" with empty data -5. Create subkey: shell\open\command -6. Set default value to: "C:\path\to\handler.bat" "%1"` - - case "darwin": - return `To manually set up the Kiro protocol handler on macOS: - -1. Create ~/Applications/KiroOAuthHandler.app bundle -2. Add Info.plist with CFBundleURLTypes containing "kiro" scheme -3. Create executable in Contents/MacOS/ -4. Run: /System/Library/.../lsregister -f ~/Applications/KiroOAuthHandler.app` - - default: - return "Protocol handler setup is not supported on this platform." - } -} - -// SetupProtocolHandlerIfNeeded checks and installs the protocol handler if needed. -func SetupProtocolHandlerIfNeeded(handlerPort int) error { - if IsProtocolHandlerInstalled() { - log.Debug("Kiro protocol handler already installed") - return nil - } - - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Protocol Handler Setup Required ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - fmt.Println("\nTo enable Google/GitHub login, we need to install a protocol handler.") - fmt.Println("This allows your browser to redirect back to the CLI after authentication.") - fmt.Println("\nInstalling protocol handler...") - - if err := InstallProtocolHandler(handlerPort); err != nil { - fmt.Printf("\n⚠ Automatic installation failed: %v\n", err) - fmt.Println("\nManual setup instructions:") - fmt.Println(strings.Repeat("-", 60)) - fmt.Println(GetHandlerInstructions()) - return err - } - - fmt.Println("\n✓ Protocol handler installed successfully!") - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter.go deleted file mode 100644 index 52bb24af70..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter.go +++ /dev/null @@ -1,316 +0,0 @@ -package kiro - -import ( - "math" - "math/rand" - "strings" - "sync" - "time" -) - -const ( - DefaultMinTokenInterval = 1 * time.Second - DefaultMaxTokenInterval = 2 * time.Second - DefaultDailyMaxRequests = 500 - DefaultJitterPercent = 0.3 - DefaultBackoffBase = 30 * time.Second - DefaultBackoffMax = 5 * time.Minute - DefaultBackoffMultiplier = 1.5 - DefaultSuspendCooldown = 1 * time.Hour -) - -// TokenState Token 状态 -type TokenState struct { - LastRequest time.Time - RequestCount int - CooldownEnd time.Time - FailCount int - DailyRequests int - DailyResetTime time.Time - IsSuspended bool - SuspendedAt time.Time - SuspendReason string -} - -// RateLimiter 频率限制器 -type RateLimiter struct { - mu sync.RWMutex - states map[string]*TokenState - minTokenInterval time.Duration - maxTokenInterval time.Duration - dailyMaxRequests int - jitterPercent float64 - backoffBase time.Duration - backoffMax time.Duration - backoffMultiplier float64 - suspendCooldown time.Duration - rng *rand.Rand -} - -// NewRateLimiter 创建默认配置的频率限制器 -func NewRateLimiter() *RateLimiter { - return &RateLimiter{ - states: make(map[string]*TokenState), - minTokenInterval: DefaultMinTokenInterval, - maxTokenInterval: DefaultMaxTokenInterval, - dailyMaxRequests: DefaultDailyMaxRequests, - jitterPercent: DefaultJitterPercent, - backoffBase: DefaultBackoffBase, - backoffMax: DefaultBackoffMax, - backoffMultiplier: DefaultBackoffMultiplier, - suspendCooldown: DefaultSuspendCooldown, - rng: rand.New(rand.NewSource(time.Now().UnixNano())), - } -} - -// RateLimiterConfig 频率限制器配置 -type RateLimiterConfig struct { - MinTokenInterval time.Duration - MaxTokenInterval time.Duration - DailyMaxRequests int - JitterPercent float64 - BackoffBase time.Duration - BackoffMax time.Duration - BackoffMultiplier float64 - SuspendCooldown time.Duration -} - -// NewRateLimiterWithConfig 使用自定义配置创建频率限制器 -func NewRateLimiterWithConfig(cfg RateLimiterConfig) *RateLimiter { - rl := NewRateLimiter() - if cfg.MinTokenInterval > 0 { - rl.minTokenInterval = cfg.MinTokenInterval - } - if cfg.MaxTokenInterval > 0 { - rl.maxTokenInterval = cfg.MaxTokenInterval - } - if cfg.DailyMaxRequests > 0 { - rl.dailyMaxRequests = cfg.DailyMaxRequests - } - if cfg.JitterPercent > 0 { - rl.jitterPercent = cfg.JitterPercent - } - if cfg.BackoffBase > 0 { - rl.backoffBase = cfg.BackoffBase - } - if cfg.BackoffMax > 0 { - rl.backoffMax = cfg.BackoffMax - } - if cfg.BackoffMultiplier > 0 { - rl.backoffMultiplier = cfg.BackoffMultiplier - } - if cfg.SuspendCooldown > 0 { - rl.suspendCooldown = cfg.SuspendCooldown - } - return rl -} - -// getOrCreateState 获取或创建 Token 状态 -func (rl *RateLimiter) getOrCreateState(tokenKey string) *TokenState { - state, exists := rl.states[tokenKey] - if !exists { - state = &TokenState{ - DailyResetTime: time.Now().Truncate(24 * time.Hour).Add(24 * time.Hour), - } - rl.states[tokenKey] = state - } - return state -} - -// resetDailyIfNeeded 如果需要则重置每日计数 -func (rl *RateLimiter) resetDailyIfNeeded(state *TokenState) { - now := time.Now() - if now.After(state.DailyResetTime) { - state.DailyRequests = 0 - state.DailyResetTime = now.Truncate(24 * time.Hour).Add(24 * time.Hour) - } -} - -// calculateInterval 计算带抖动的随机间隔 -func (rl *RateLimiter) calculateInterval() time.Duration { - baseInterval := rl.minTokenInterval + time.Duration(rl.rng.Int63n(int64(rl.maxTokenInterval-rl.minTokenInterval))) - jitter := time.Duration(float64(baseInterval) * rl.jitterPercent * (rl.rng.Float64()*2 - 1)) - return baseInterval + jitter -} - -// WaitForToken 等待 Token 可用(带抖动的随机间隔) -func (rl *RateLimiter) WaitForToken(tokenKey string) { - rl.mu.Lock() - state := rl.getOrCreateState(tokenKey) - rl.resetDailyIfNeeded(state) - - now := time.Now() - - // 检查是否在冷却期 - if now.Before(state.CooldownEnd) { - waitTime := state.CooldownEnd.Sub(now) - rl.mu.Unlock() - time.Sleep(waitTime) - rl.mu.Lock() - state = rl.getOrCreateState(tokenKey) - now = time.Now() - } - - // 计算距离上次请求的间隔 - interval := rl.calculateInterval() - nextAllowedTime := state.LastRequest.Add(interval) - - if now.Before(nextAllowedTime) { - waitTime := nextAllowedTime.Sub(now) - rl.mu.Unlock() - time.Sleep(waitTime) - rl.mu.Lock() - state = rl.getOrCreateState(tokenKey) - } - - state.LastRequest = time.Now() - state.RequestCount++ - state.DailyRequests++ - rl.mu.Unlock() -} - -// MarkTokenFailed 标记 Token 失败 -func (rl *RateLimiter) MarkTokenFailed(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.FailCount++ - state.CooldownEnd = time.Now().Add(rl.calculateBackoff(state.FailCount)) -} - -// MarkTokenSuccess 标记 Token 成功 -func (rl *RateLimiter) MarkTokenSuccess(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.FailCount = 0 - state.CooldownEnd = time.Time{} -} - -// CheckAndMarkSuspended 检测暂停错误并标记 -func (rl *RateLimiter) CheckAndMarkSuspended(tokenKey string, errorMsg string) bool { - suspendKeywords := []string{ - "suspended", - "banned", - "disabled", - "account has been", - "access denied", - "rate limit exceeded", - "too many requests", - "quota exceeded", - } - - lowerMsg := strings.ToLower(errorMsg) - for _, keyword := range suspendKeywords { - if strings.Contains(lowerMsg, keyword) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.IsSuspended = true - state.SuspendedAt = time.Now() - state.SuspendReason = errorMsg - state.CooldownEnd = time.Now().Add(rl.suspendCooldown) - return true - } - } - return false -} - -// IsTokenAvailable 检查 Token 是否可用 -func (rl *RateLimiter) IsTokenAvailable(tokenKey string) bool { - rl.mu.RLock() - defer rl.mu.RUnlock() - - state, exists := rl.states[tokenKey] - if !exists { - return true - } - - now := time.Now() - - // 检查是否被暂停 - if state.IsSuspended { - if now.After(state.SuspendedAt.Add(rl.suspendCooldown)) { - return true - } - return false - } - - // 检查是否在冷却期 - if now.Before(state.CooldownEnd) { - return false - } - - // 检查每日请求限制 - rl.mu.RUnlock() - rl.mu.Lock() - rl.resetDailyIfNeeded(state) - dailyRequests := state.DailyRequests - dailyMax := rl.dailyMaxRequests - rl.mu.Unlock() - rl.mu.RLock() - - if dailyRequests >= dailyMax { - return false - } - - return true -} - -// calculateBackoff 计算指数退避时间 -func (rl *RateLimiter) calculateBackoff(failCount int) time.Duration { - if failCount <= 0 { - return 0 - } - - backoff := float64(rl.backoffBase) * math.Pow(rl.backoffMultiplier, float64(failCount-1)) - - // 添加抖动 - jitter := backoff * rl.jitterPercent * (rl.rng.Float64()*2 - 1) - backoff += jitter - - if time.Duration(backoff) > rl.backoffMax { - return rl.backoffMax - } - return time.Duration(backoff) -} - -// GetTokenState 获取 Token 状态(只读) -func (rl *RateLimiter) GetTokenState(tokenKey string) *TokenState { - rl.mu.RLock() - defer rl.mu.RUnlock() - - state, exists := rl.states[tokenKey] - if !exists { - return nil - } - - // 返回副本以防止外部修改 - stateCopy := *state - return &stateCopy -} - -// ClearTokenState 清除 Token 状态 -func (rl *RateLimiter) ClearTokenState(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - delete(rl.states, tokenKey) -} - -// ResetSuspension 重置暂停状态 -func (rl *RateLimiter) ResetSuspension(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state, exists := rl.states[tokenKey] - if exists { - state.IsSuspended = false - state.SuspendedAt = time.Time{} - state.SuspendReason = "" - state.CooldownEnd = time.Time{} - state.FailCount = 0 - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter_singleton.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter_singleton.go deleted file mode 100644 index 4c02af89c6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter_singleton.go +++ /dev/null @@ -1,46 +0,0 @@ -package kiro - -import ( - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -var ( - globalRateLimiter *RateLimiter - globalRateLimiterOnce sync.Once - - globalCooldownManager *CooldownManager - globalCooldownManagerOnce sync.Once - cooldownStopCh chan struct{} -) - -// GetGlobalRateLimiter returns the singleton RateLimiter instance. -func GetGlobalRateLimiter() *RateLimiter { - globalRateLimiterOnce.Do(func() { - globalRateLimiter = NewRateLimiter() - log.Info("kiro: global RateLimiter initialized") - }) - return globalRateLimiter -} - -// GetGlobalCooldownManager returns the singleton CooldownManager instance. -func GetGlobalCooldownManager() *CooldownManager { - globalCooldownManagerOnce.Do(func() { - globalCooldownManager = NewCooldownManager() - cooldownStopCh = make(chan struct{}) - go globalCooldownManager.StartCleanupRoutine(5*time.Minute, cooldownStopCh) - log.Info("kiro: global CooldownManager initialized with cleanup routine") - }) - return globalCooldownManager -} - -// ShutdownRateLimiters stops the cooldown cleanup routine. -// Should be called during application shutdown. -func ShutdownRateLimiters() { - if cooldownStopCh != nil { - close(cooldownStopCh) - log.Info("kiro: rate limiter cleanup routine stopped") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter_test.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter_test.go deleted file mode 100644 index 636413dd3e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/rate_limiter_test.go +++ /dev/null @@ -1,304 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewRateLimiter(t *testing.T) { - rl := NewRateLimiter() - if rl == nil { - t.Fatal("expected non-nil RateLimiter") - } - if rl.states == nil { - t.Error("expected non-nil states map") - } - if rl.minTokenInterval != DefaultMinTokenInterval { - t.Errorf("expected minTokenInterval %v, got %v", DefaultMinTokenInterval, rl.minTokenInterval) - } - if rl.maxTokenInterval != DefaultMaxTokenInterval { - t.Errorf("expected maxTokenInterval %v, got %v", DefaultMaxTokenInterval, rl.maxTokenInterval) - } - if rl.dailyMaxRequests != DefaultDailyMaxRequests { - t.Errorf("expected dailyMaxRequests %d, got %d", DefaultDailyMaxRequests, rl.dailyMaxRequests) - } -} - -func TestNewRateLimiterWithConfig(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 5 * time.Second, - MaxTokenInterval: 15 * time.Second, - DailyMaxRequests: 100, - JitterPercent: 0.2, - BackoffBase: 1 * time.Minute, - BackoffMax: 30 * time.Minute, - BackoffMultiplier: 1.5, - SuspendCooldown: 12 * time.Hour, - } - - rl := NewRateLimiterWithConfig(cfg) - if rl.minTokenInterval != 5*time.Second { - t.Errorf("expected minTokenInterval 5s, got %v", rl.minTokenInterval) - } - if rl.maxTokenInterval != 15*time.Second { - t.Errorf("expected maxTokenInterval 15s, got %v", rl.maxTokenInterval) - } - if rl.dailyMaxRequests != 100 { - t.Errorf("expected dailyMaxRequests 100, got %d", rl.dailyMaxRequests) - } -} - -func TestNewRateLimiterWithConfig_PartialConfig(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 5 * time.Second, - } - - rl := NewRateLimiterWithConfig(cfg) - if rl.minTokenInterval != 5*time.Second { - t.Errorf("expected minTokenInterval 5s, got %v", rl.minTokenInterval) - } - if rl.maxTokenInterval != DefaultMaxTokenInterval { - t.Errorf("expected default maxTokenInterval, got %v", rl.maxTokenInterval) - } -} - -func TestGetTokenState_NonExistent(t *testing.T) { - rl := NewRateLimiter() - state := rl.GetTokenState("nonexistent") - if state != nil { - t.Error("expected nil state for non-existent token") - } -} - -func TestIsTokenAvailable_NewToken(t *testing.T) { - rl := NewRateLimiter() - if !rl.IsTokenAvailable("newtoken") { - t.Error("expected new token to be available") - } -} - -func TestMarkTokenFailed(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - - state := rl.GetTokenState("token1") - if state == nil { - t.Fatal("expected non-nil state") - } - if state.FailCount != 1 { - t.Errorf("expected FailCount 1, got %d", state.FailCount) - } - if state.CooldownEnd.IsZero() { - t.Error("expected non-zero CooldownEnd") - } -} - -func TestMarkTokenSuccess(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - rl.MarkTokenFailed("token1") - rl.MarkTokenSuccess("token1") - - state := rl.GetTokenState("token1") - if state == nil { - t.Fatal("expected non-nil state") - } - if state.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", state.FailCount) - } - if !state.CooldownEnd.IsZero() { - t.Error("expected zero CooldownEnd after success") - } -} - -func TestCheckAndMarkSuspended_Suspended(t *testing.T) { - rl := NewRateLimiter() - - testCases := []string{ - "Account has been suspended", - "You are banned from this service", - "Account disabled", - "Access denied permanently", - "Rate limit exceeded", - "Too many requests", - "Quota exceeded for today", - } - - for i, msg := range testCases { - tokenKey := "token" + string(rune('a'+i)) - if !rl.CheckAndMarkSuspended(tokenKey, msg) { - t.Errorf("expected suspension detected for: %s", msg) - } - state := rl.GetTokenState(tokenKey) - if !state.IsSuspended { - t.Errorf("expected IsSuspended true for: %s", msg) - } - } -} - -func TestCheckAndMarkSuspended_NotSuspended(t *testing.T) { - rl := NewRateLimiter() - - normalErrors := []string{ - "connection timeout", - "internal server error", - "bad request", - "invalid token format", - } - - for i, msg := range normalErrors { - tokenKey := "token" + string(rune('a'+i)) - if rl.CheckAndMarkSuspended(tokenKey, msg) { - t.Errorf("unexpected suspension for: %s", msg) - } - } -} - -func TestIsTokenAvailable_Suspended(t *testing.T) { - rl := NewRateLimiter() - rl.CheckAndMarkSuspended("token1", "Account suspended") - - if rl.IsTokenAvailable("token1") { - t.Error("expected suspended token to be unavailable") - } -} - -func TestClearTokenState(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - rl.ClearTokenState("token1") - - state := rl.GetTokenState("token1") - if state != nil { - t.Error("expected nil state after clear") - } -} - -func TestResetSuspension(t *testing.T) { - rl := NewRateLimiter() - rl.CheckAndMarkSuspended("token1", "Account suspended") - rl.ResetSuspension("token1") - - state := rl.GetTokenState("token1") - if state.IsSuspended { - t.Error("expected IsSuspended false after reset") - } - if state.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", state.FailCount) - } -} - -func TestResetSuspension_NonExistent(t *testing.T) { - rl := NewRateLimiter() - rl.ResetSuspension("nonexistent") -} - -func TestCalculateBackoff_ZeroFailCount(t *testing.T) { - rl := NewRateLimiter() - backoff := rl.calculateBackoff(0) - if backoff != 0 { - t.Errorf("expected 0 backoff for 0 fails, got %v", backoff) - } -} - -func TestCalculateBackoff_Exponential(t *testing.T) { - cfg := RateLimiterConfig{ - BackoffBase: 1 * time.Minute, - BackoffMax: 60 * time.Minute, - BackoffMultiplier: 2.0, - JitterPercent: 0.3, - } - rl := NewRateLimiterWithConfig(cfg) - - backoff1 := rl.calculateBackoff(1) - if backoff1 < 40*time.Second || backoff1 > 80*time.Second { - t.Errorf("expected ~1min (with jitter) for fail 1, got %v", backoff1) - } - - backoff2 := rl.calculateBackoff(2) - if backoff2 < 80*time.Second || backoff2 > 160*time.Second { - t.Errorf("expected ~2min (with jitter) for fail 2, got %v", backoff2) - } -} - -func TestCalculateBackoff_MaxCap(t *testing.T) { - cfg := RateLimiterConfig{ - BackoffBase: 1 * time.Minute, - BackoffMax: 10 * time.Minute, - BackoffMultiplier: 2.0, - JitterPercent: 0, - } - rl := NewRateLimiterWithConfig(cfg) - - backoff := rl.calculateBackoff(10) - if backoff > 10*time.Minute { - t.Errorf("expected backoff capped at 10min, got %v", backoff) - } -} - -func TestGetTokenState_ReturnsCopy(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - - state1 := rl.GetTokenState("token1") - state1.FailCount = 999 - - state2 := rl.GetTokenState("token1") - if state2.FailCount == 999 { - t.Error("GetTokenState should return a copy") - } -} - -func TestRateLimiter_ConcurrentAccess(t *testing.T) { - rl := NewRateLimiter() - const numGoroutines = 50 - const numOperations = 50 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - rl.IsTokenAvailable(tokenKey) - case 1: - rl.MarkTokenFailed(tokenKey) - case 2: - rl.MarkTokenSuccess(tokenKey) - case 3: - rl.GetTokenState(tokenKey) - case 4: - rl.CheckAndMarkSuspended(tokenKey, "test error") - case 5: - rl.ResetSuspension(tokenKey) - } - } - }(i) - } - - wg.Wait() -} - -func TestCalculateInterval_WithinRange(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 10 * time.Second, - MaxTokenInterval: 30 * time.Second, - JitterPercent: 0.3, - } - rl := NewRateLimiterWithConfig(cfg) - - minAllowed := 7 * time.Second - maxAllowed := 40 * time.Second - - for i := 0; i < 100; i++ { - interval := rl.calculateInterval() - if interval < minAllowed || interval > maxAllowed { - t.Errorf("interval %v outside expected range [%v, %v]", interval, minAllowed, maxAllowed) - } - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/refresh_manager.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/refresh_manager.go deleted file mode 100644 index 5330c5e1ad..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/refresh_manager.go +++ /dev/null @@ -1,180 +0,0 @@ -package kiro - -import ( - "context" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// RefreshManager 是后台刷新器的单例管理器 -type RefreshManager struct { - mu sync.Mutex - refresher *BackgroundRefresher - ctx context.Context - cancel context.CancelFunc - started bool - onTokenRefreshed func(tokenID string, tokenData *KiroTokenData) // 刷新成功回调 -} - -var ( - globalRefreshManager *RefreshManager - managerOnce sync.Once -) - -// GetRefreshManager 获取全局刷新管理器实例 -func GetRefreshManager() *RefreshManager { - managerOnce.Do(func() { - globalRefreshManager = &RefreshManager{} - }) - return globalRefreshManager -} - -// Initialize 初始化后台刷新器 -// baseDir: token 文件所在的目录 -// cfg: 应用配置 -func (m *RefreshManager) Initialize(baseDir string, cfg *config.Config) error { - m.mu.Lock() - defer m.mu.Unlock() - - if m.started { - log.Debug("refresh manager: already initialized") - return nil - } - - if baseDir == "" { - log.Warn("refresh manager: base directory not provided, skipping initialization") - return nil - } - - resolvedBaseDir, err := util.ResolveAuthDir(baseDir) - if err != nil { - log.Warnf("refresh manager: failed to resolve auth directory %s: %v", baseDir, err) - } - if resolvedBaseDir != "" { - baseDir = resolvedBaseDir - } - - // 创建 token 存储库 - repo := NewFileTokenRepository(baseDir) - - // 创建后台刷新器,配置参数 - opts := []RefresherOption{ - WithInterval(time.Minute), // 每分钟检查一次 - WithBatchSize(50), // 每批最多处理 50 个 token - WithConcurrency(10), // 最多 10 个并发刷新 - WithConfig(cfg), // 设置 OAuth 和 SSO 客户端 - } - - // 如果已设置回调,传递给 BackgroundRefresher - if m.onTokenRefreshed != nil { - opts = append(opts, WithOnTokenRefreshed(m.onTokenRefreshed)) - } - - m.refresher = NewBackgroundRefresher(repo, opts...) - - log.Infof("refresh manager: initialized with base directory %s", baseDir) - return nil -} - -// Start 启动后台刷新 -func (m *RefreshManager) Start() { - m.mu.Lock() - defer m.mu.Unlock() - - if m.started { - log.Debug("refresh manager: already started") - return - } - - if m.refresher == nil { - log.Warn("refresh manager: not initialized, cannot start") - return - } - - m.ctx, m.cancel = context.WithCancel(context.Background()) - m.refresher.Start(m.ctx) - m.started = true - - log.Info("refresh manager: background refresh started") -} - -// Stop 停止后台刷新 -func (m *RefreshManager) Stop() { - m.mu.Lock() - defer m.mu.Unlock() - - if !m.started { - return - } - - if m.cancel != nil { - m.cancel() - } - - if m.refresher != nil { - m.refresher.Stop() - } - - m.started = false - log.Info("refresh manager: background refresh stopped") -} - -// IsRunning 检查后台刷新是否正在运行 -func (m *RefreshManager) IsRunning() bool { - m.mu.Lock() - defer m.mu.Unlock() - return m.started -} - -// UpdateBaseDir 更新 token 目录(用于运行时配置更改) -func (m *RefreshManager) UpdateBaseDir(baseDir string) { - m.mu.Lock() - defer m.mu.Unlock() - - if m.refresher != nil && m.refresher.tokenRepo != nil { - if repo, ok := m.refresher.tokenRepo.(*FileTokenRepository); ok { - repo.SetBaseDir(baseDir) - log.Infof("refresh manager: updated base directory to %s", baseDir) - } - } -} - -// SetOnTokenRefreshed 设置 token 刷新成功后的回调函数 -// 可以在任何时候调用,支持运行时更新回调 -// callback: 回调函数,接收 tokenID(文件名)和新的 token 数据 -func (m *RefreshManager) SetOnTokenRefreshed(callback func(tokenID string, tokenData *KiroTokenData)) { - m.mu.Lock() - defer m.mu.Unlock() - - m.onTokenRefreshed = callback - - // 如果 refresher 已经创建,使用并发安全的方式更新它的回调 - if m.refresher != nil { - m.refresher.callbackMu.Lock() - m.refresher.onTokenRefreshed = callback - m.refresher.callbackMu.Unlock() - } - - log.Debug("refresh manager: token refresh callback registered") -} - -// InitializeAndStart 初始化并启动后台刷新(便捷方法) -func InitializeAndStart(baseDir string, cfg *config.Config) { - manager := GetRefreshManager() - if err := manager.Initialize(baseDir, cfg); err != nil { - log.Errorf("refresh manager: initialization failed: %v", err) - return - } - manager.Start() -} - -// StopGlobalRefreshManager 停止全局刷新管理器 -func StopGlobalRefreshManager() { - if globalRefreshManager != nil { - globalRefreshManager.Stop() - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/refresh_utils.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/refresh_utils.go deleted file mode 100644 index 5abb714cbe..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/refresh_utils.go +++ /dev/null @@ -1,159 +0,0 @@ -// Package kiro provides refresh utilities for Kiro token management. -package kiro - -import ( - "context" - "fmt" - "time" - - log "github.com/sirupsen/logrus" -) - -// RefreshResult contains the result of a token refresh attempt. -type RefreshResult struct { - TokenData *KiroTokenData - Error error - UsedFallback bool // True if we used the existing token as fallback -} - -// RefreshWithGracefulDegradation attempts to refresh a token with graceful degradation. -// If refresh fails but the existing access token is still valid, it returns the existing token. -// This matches kiro-openai-gateway's behavior for better reliability. -// -// Parameters: -// - ctx: Context for the request -// - refreshFunc: Function to perform the actual refresh -// - existingAccessToken: Current access token (for fallback) -// - expiresAt: Expiration time of the existing token -// -// Returns: -// - RefreshResult containing the new or existing token data -func RefreshWithGracefulDegradation( - ctx context.Context, - refreshFunc func(ctx context.Context) (*KiroTokenData, error), - existingAccessToken string, - expiresAt time.Time, -) RefreshResult { - // Try to refresh the token - newTokenData, err := refreshFunc(ctx) - if err == nil { - return RefreshResult{ - TokenData: newTokenData, - Error: nil, - UsedFallback: false, - } - } - - // Refresh failed - check if we can use the existing token - log.Warnf("kiro: token refresh failed: %v", err) - - // Check if existing token is still valid (not expired) - if existingAccessToken != "" && time.Now().Before(expiresAt) { - remainingTime := time.Until(expiresAt) - log.Warnf("kiro: using existing access token (expires in %v). Will retry refresh later.", remainingTime.Round(time.Second)) - - return RefreshResult{ - TokenData: &KiroTokenData{ - AccessToken: existingAccessToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - }, - Error: nil, - UsedFallback: true, - } - } - - // Token is expired and refresh failed - return the error - return RefreshResult{ - TokenData: nil, - Error: fmt.Errorf("token refresh failed and existing token is expired: %w", err), - UsedFallback: false, - } -} - -// IsTokenExpiringSoon checks if a token is expiring within the given threshold. -// Default threshold is 5 minutes if not specified. -func IsTokenExpiringSoon(expiresAt time.Time, threshold time.Duration) bool { - if threshold == 0 { - threshold = 5 * time.Minute - } - return time.Now().Add(threshold).After(expiresAt) -} - -// IsTokenExpired checks if a token has already expired. -func IsTokenExpired(expiresAt time.Time) bool { - return time.Now().After(expiresAt) -} - -// ParseExpiresAt parses an expiration time string in RFC3339 format. -// Returns zero time if parsing fails. -func ParseExpiresAt(expiresAtStr string) time.Time { - if expiresAtStr == "" { - return time.Time{} - } - t, err := time.Parse(time.RFC3339, expiresAtStr) - if err != nil { - log.Debugf("kiro: failed to parse expiresAt '%s': %v", expiresAtStr, err) - return time.Time{} - } - return t -} - -// RefreshConfig contains configuration for token refresh behavior. -type RefreshConfig struct { - // MaxRetries is the maximum number of refresh attempts (default: 1) - MaxRetries int - // RetryDelay is the delay between retry attempts (default: 1 second) - RetryDelay time.Duration - // RefreshThreshold is how early to refresh before expiration (default: 5 minutes) - RefreshThreshold time.Duration - // EnableGracefulDegradation allows using existing token if refresh fails (default: true) - EnableGracefulDegradation bool -} - -// DefaultRefreshConfig returns the default refresh configuration. -func DefaultRefreshConfig() RefreshConfig { - return RefreshConfig{ - MaxRetries: 1, - RetryDelay: time.Second, - RefreshThreshold: 5 * time.Minute, - EnableGracefulDegradation: true, - } -} - -// RefreshWithRetry attempts to refresh a token with retry logic. -func RefreshWithRetry( - ctx context.Context, - refreshFunc func(ctx context.Context) (*KiroTokenData, error), - config RefreshConfig, -) (*KiroTokenData, error) { - var lastErr error - - maxAttempts := config.MaxRetries + 1 - if maxAttempts < 1 { - maxAttempts = 1 - } - - for attempt := 1; attempt <= maxAttempts; attempt++ { - tokenData, err := refreshFunc(ctx) - if err == nil { - if attempt > 1 { - log.Infof("kiro: token refresh succeeded on attempt %d", attempt) - } - return tokenData, nil - } - - lastErr = err - log.Warnf("kiro: token refresh attempt %d/%d failed: %v", attempt, maxAttempts, err) - - // Don't sleep after the last attempt - if attempt < maxAttempts { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(config.RetryDelay): - } - } - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxAttempts, lastErr) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/social_auth.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/social_auth.go deleted file mode 100644 index 65f31ba46f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/social_auth.go +++ /dev/null @@ -1,481 +0,0 @@ -// Package kiro provides social authentication (Google/GitHub) for Kiro via AuthServiceClient. -package kiro - -import ( - "bufio" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "html" - "io" - "net" - "net/http" - "net/url" - "os" - "os/exec" - "runtime" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "golang.org/x/term" -) - -const ( - // Kiro AuthService endpoint - kiroAuthServiceEndpoint = "https://prod.us-east-1.auth.desktop.kiro.dev" - - // OAuth timeout - socialAuthTimeout = 10 * time.Minute - - // Default callback port for social auth HTTP server - socialAuthCallbackPort = 9876 -) - -// SocialProvider represents the social login provider. -type SocialProvider string - -const ( - // ProviderGoogle is Google OAuth provider - ProviderGoogle SocialProvider = "Google" - // ProviderGitHub is GitHub OAuth provider - ProviderGitHub SocialProvider = "Github" - // Note: AWS Builder ID is NOT supported by Kiro's auth service. - // It only supports: Google, Github, Cognito - // AWS Builder ID must use device code flow via SSO OIDC. -) - -// CreateTokenRequest is sent to Kiro's /oauth/token endpoint. -type CreateTokenRequest struct { - Code string `json:"code"` - CodeVerifier string `json:"code_verifier"` - RedirectURI string `json:"redirect_uri"` - InvitationCode string `json:"invitation_code,omitempty"` -} - -// SocialTokenResponse from Kiro's /oauth/token endpoint for social auth. -type SocialTokenResponse struct { - AccessToken string `json:"accessToken"` - RefreshToken string `json:"refreshToken"` - ProfileArn string `json:"profileArn"` - ExpiresIn int `json:"expiresIn"` -} - -// RefreshTokenRequest is sent to Kiro's /refreshToken endpoint. -type RefreshTokenRequest struct { - RefreshToken string `json:"refreshToken"` -} - -// WebCallbackResult contains the OAuth callback result from HTTP server. -type WebCallbackResult struct { - Code string - State string - Error string -} - -// SocialAuthClient handles social authentication with Kiro. -type SocialAuthClient struct { - httpClient *http.Client - cfg *config.Config - protocolHandler *ProtocolHandler -} - -// NewSocialAuthClient creates a new social auth client. -func NewSocialAuthClient(cfg *config.Config) *SocialAuthClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &SocialAuthClient{ - httpClient: client, - cfg: cfg, - protocolHandler: NewProtocolHandler(), - } -} - -// startWebCallbackServer starts a local HTTP server to receive the OAuth callback. -// This is used instead of the kiro:// protocol handler to avoid redirect_mismatch errors. -func (c *SocialAuthClient) startWebCallbackServer(ctx context.Context, expectedState string) (string, <-chan WebCallbackResult, error) { - // Try to find an available port - use localhost like Kiro does - listener, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", socialAuthCallbackPort)) - if err != nil { - // Try with dynamic port (RFC 8252 allows dynamic ports for native apps) - log.Warnf("kiro social auth: default port %d is busy, falling back to dynamic port", socialAuthCallbackPort) - listener, err = net.Listen("tcp", "localhost:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - // Use http scheme for local callback server - redirectURI := fmt.Sprintf("http://localhost:%d/oauth/callback", port) - resultChan := make(chan WebCallbackResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - if errParam != "" { - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, ` -Login Failed -

Login Failed

%s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- WebCallbackResult{Error: errParam} - return - } - - if state != expectedState { - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprint(w, ` -Login Failed -

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- WebCallbackResult{Error: "state mismatch"} - return - } - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - fmt.Fprint(w, ` -Login Successful -

Login Successful!

You can close this window and return to the terminal.

-`) - resultChan <- WebCallbackResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("kiro social auth callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(socialAuthTimeout): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// generatePKCE generates PKCE code verifier and challenge. -func generatePKCE() (verifier, challenge string, err error) { - // Generate 32 bytes of random data for verifier - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", err) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - - // Generate SHA256 hash of verifier for challenge - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - - return verifier, challenge, nil -} - -// generateState generates a random state parameter. -func generateStateParam() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// buildLoginURL constructs the Kiro OAuth login URL. -// The login endpoint expects a GET request with query parameters. -// Format: /login?idp=Google&redirect_uri=...&code_challenge=...&code_challenge_method=S256&state=...&prompt=select_account -// The prompt=select_account parameter forces the account selection screen even if already logged in. -func (c *SocialAuthClient) buildLoginURL(provider, redirectURI, codeChallenge, state string) string { - return fmt.Sprintf("%s/login?idp=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256&state=%s&prompt=select_account", - kiroAuthServiceEndpoint, - provider, - url.QueryEscape(redirectURI), - codeChallenge, - state, - ) -} - -// CreateToken exchanges the authorization code for tokens. -func (c *SocialAuthClient) CreateToken(ctx context.Context, req *CreateTokenRequest) (*SocialTokenResponse, error) { - body, err := json.Marshal(req) - if err != nil { - return nil, fmt.Errorf("failed to marshal token request: %w", err) - } - - tokenURL := kiroAuthServiceEndpoint + "/oauth/token" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("User-Agent", "KiroIDE-0.7.45-cli-proxy-api") - - resp, err := c.httpClient.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("token request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token exchange failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token exchange failed (status %d)", resp.StatusCode) - } - - var tokenResp SocialTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - return &tokenResp, nil -} - -// RefreshSocialToken refreshes an expired social auth token. -func (c *SocialAuthClient) RefreshSocialToken(ctx context.Context, refreshToken string) (*KiroTokenData, error) { - body, err := json.Marshal(&RefreshTokenRequest{RefreshToken: refreshToken}) - if err != nil { - return nil, fmt.Errorf("failed to marshal refresh request: %w", err) - } - - refreshURL := kiroAuthServiceEndpoint + "/refreshToken" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, refreshURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("User-Agent", "cli-proxy-api/1.0.0") - - resp, err := c.httpClient.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("refresh request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d)", resp.StatusCode) - } - - var tokenResp SocialTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse refresh response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 // Default 1 hour - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// LoginWithSocial performs OAuth login with Google or GitHub. -// Uses local HTTP callback server instead of custom protocol handler to avoid redirect_mismatch errors. -func (c *SocialAuthClient) LoginWithSocial(ctx context.Context, provider SocialProvider) (*KiroTokenData, error) { - providerName := string(provider) - - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Printf("║ Kiro Authentication (%s) ║\n", providerName) - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Start local HTTP callback server (instead of kiro:// protocol handler) - // This avoids redirect_mismatch errors with AWS Cognito - fmt.Println("\nSetting up authentication...") - - // Step 2: Generate PKCE codes - codeVerifier, codeChallenge, err := generatePKCE() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE: %w", err) - } - - // Step 3: Generate state - state, err := generateStateParam() - if err != nil { - return nil, fmt.Errorf("failed to generate state: %w", err) - } - - // Step 4: Start local HTTP callback server - redirectURI, resultChan, err := c.startWebCallbackServer(ctx, state) - if err != nil { - return nil, fmt.Errorf("failed to start callback server: %w", err) - } - log.Debugf("kiro social auth: callback server started at %s", redirectURI) - - // Step 5: Build the login URL using HTTP redirect URI - authURL := c.buildLoginURL(providerName, redirectURI, codeChallenge, state) - - // Set incognito mode based on config (defaults to true for Kiro, can be overridden with --no-incognito) - // Incognito mode enables multi-account support by bypassing cached sessions - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) // Default to incognito if no config - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Step 6: Open browser for user authentication - fmt.Println("\n════════════════════════════════════════════════════════════") - fmt.Printf(" Opening browser for %s authentication...\n", providerName) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n URL: %s\n\n", authURL) - - if err := browser.OpenURL(authURL); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" ⚠ Could not open browser automatically.") - fmt.Println(" Please open the URL above in your browser manually.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - fmt.Println("\n Waiting for authentication callback...") - - // Step 7: Wait for callback from HTTP server - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(socialAuthTimeout): - return nil, fmt.Errorf("authentication timed out") - case callback := <-resultChan: - if callback.Error != "" { - return nil, fmt.Errorf("authentication error: %s", callback.Error) - } - - // State is already validated by the callback server - if callback.Code == "" { - return nil, fmt.Errorf("no authorization code received") - } - - fmt.Println("\n✓ Authorization received!") - - // Step 8: Exchange code for tokens - fmt.Println("Exchanging code for tokens...") - - tokenReq := &CreateTokenRequest{ - Code: callback.Code, - CodeVerifier: codeVerifier, - RedirectURI: redirectURI, // Use HTTP redirect URI, not kiro:// protocol - } - - tokenResp, err := c.CreateToken(ctx, tokenReq) - if err != nil { - return nil, fmt.Errorf("failed to exchange code for tokens: %w", err) - } - - fmt.Println("\n✓ Authentication successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - // Try to extract email from JWT access token first - email := ExtractEmailFromJWT(tokenResp.AccessToken) - - // If no email in JWT, ask user for account label (only in interactive mode) - if email == "" && isInteractiveTerminal() { - fmt.Print("\n Enter account label for file naming (optional, press Enter to skip): ") - reader := bufio.NewReader(os.Stdin) - var err error - email, err = reader.ReadString('\n') - if err != nil { - log.Debugf("Failed to read account label: %v", err) - } - email = strings.TrimSpace(email) - } - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: providerName, - Email: email, // JWT email or user-provided label - Region: "us-east-1", - }, nil - } -} - -// LoginWithGoogle performs OAuth login with Google. -func (c *SocialAuthClient) LoginWithGoogle(ctx context.Context) (*KiroTokenData, error) { - return c.LoginWithSocial(ctx, ProviderGoogle) -} - -// LoginWithGitHub performs OAuth login with GitHub. -func (c *SocialAuthClient) LoginWithGitHub(ctx context.Context) (*KiroTokenData, error) { - return c.LoginWithSocial(ctx, ProviderGitHub) -} - -// forceDefaultProtocolHandler sets our protocol handler as the default for kiro:// URLs. -// This prevents the "Open with" dialog from appearing on Linux. -// On non-Linux platforms, this is a no-op as they use different mechanisms. -func forceDefaultProtocolHandler() { - if runtime.GOOS != "linux" { - return // Non-Linux platforms use different handler mechanisms - } - - // Set our handler as default using xdg-mime - cmd := exec.Command("xdg-mime", "default", "kiro-oauth-handler.desktop", "x-scheme-handler/kiro") - if err := cmd.Run(); err != nil { - log.Warnf("Failed to set default protocol handler: %v. You may see a handler selection dialog.", err) - } -} - -// isInteractiveTerminal checks if stdin is connected to an interactive terminal. -// Returns false in CI/automated environments or when stdin is piped. -func isInteractiveTerminal() bool { - return term.IsTerminal(int(os.Stdin.Fd())) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/sso_oidc.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/sso_oidc.go deleted file mode 100644 index 60fb887190..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/sso_oidc.go +++ /dev/null @@ -1,1380 +0,0 @@ -// Package kiro provides AWS SSO OIDC authentication for Kiro. -package kiro - -import ( - "bufio" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "html" - "io" - "net" - "net/http" - "os" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // AWS SSO OIDC endpoints - ssoOIDCEndpoint = "https://oidc.us-east-1.amazonaws.com" - - // Kiro's start URL for Builder ID - builderIDStartURL = "https://view.awsapps.com/start" - - // Default region for IDC - defaultIDCRegion = "us-east-1" - - // Polling interval - pollInterval = 5 * time.Second - - // Authorization code flow callback - authCodeCallbackPath = "/oauth/callback" - authCodeCallbackPort = 19877 - - // User-Agent to match official Kiro IDE - kiroUserAgent = "KiroIDE" - - // IDC token refresh headers (matching Kiro IDE behavior) - idcAmzUserAgent = "aws-sdk-js/3.738.0 ua/2.1 os/other lang/js md/browser#unknown_unknown api/sso-oidc#3.738.0 m/E KiroIDE" -) - -// Sentinel errors for OIDC token polling -var ( - ErrAuthorizationPending = errors.New("authorization_pending") - ErrSlowDown = errors.New("slow_down") -) - -// SSOOIDCClient handles AWS SSO OIDC authentication. -type SSOOIDCClient struct { - httpClient *http.Client - cfg *config.Config -} - -// NewSSOOIDCClient creates a new SSO OIDC client. -func NewSSOOIDCClient(cfg *config.Config) *SSOOIDCClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &SSOOIDCClient{ - httpClient: client, - cfg: cfg, - } -} - -// RegisterClientResponse from AWS SSO OIDC. -type RegisterClientResponse struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - ClientIDIssuedAt int64 `json:"clientIdIssuedAt"` - ClientSecretExpiresAt int64 `json:"clientSecretExpiresAt"` -} - -// StartDeviceAuthResponse from AWS SSO OIDC. -type StartDeviceAuthResponse struct { - DeviceCode string `json:"deviceCode"` - UserCode string `json:"userCode"` - VerificationURI string `json:"verificationUri"` - VerificationURIComplete string `json:"verificationUriComplete"` - ExpiresIn int `json:"expiresIn"` - Interval int `json:"interval"` -} - -// CreateTokenResponse from AWS SSO OIDC. -type CreateTokenResponse struct { - AccessToken string `json:"accessToken"` - TokenType string `json:"tokenType"` - ExpiresIn int `json:"expiresIn"` - RefreshToken string `json:"refreshToken"` -} - -// getOIDCEndpoint returns the OIDC endpoint for the given region. -func getOIDCEndpoint(region string) string { - if region == "" { - region = defaultIDCRegion - } - return fmt.Sprintf("https://oidc.%s.amazonaws.com", region) -} - -// promptInput prompts the user for input with an optional default value. -func promptInput(prompt, defaultValue string) string { - reader := bufio.NewReader(os.Stdin) - if defaultValue != "" { - fmt.Printf("%s [%s]: ", prompt, defaultValue) - } else { - fmt.Printf("%s: ", prompt) - } - input, err := reader.ReadString('\n') - if err != nil { - log.Warnf("Error reading input: %v", err) - return defaultValue - } - input = strings.TrimSpace(input) - if input == "" { - return defaultValue - } - return input -} - -// promptSelect prompts the user to select from options using number input. -func promptSelect(prompt string, options []string) int { - reader := bufio.NewReader(os.Stdin) - - for { - fmt.Println(prompt) - for i, opt := range options { - fmt.Printf(" %d) %s\n", i+1, opt) - } - fmt.Printf("Enter selection (1-%d): ", len(options)) - - input, err := reader.ReadString('\n') - if err != nil { - log.Warnf("Error reading input: %v", err) - return 0 // Default to first option on error - } - input = strings.TrimSpace(input) - - // Parse the selection - var selection int - if _, err := fmt.Sscanf(input, "%d", &selection); err != nil || selection < 1 || selection > len(options) { - fmt.Printf("Invalid selection '%s'. Please enter a number between 1 and %d.\n\n", input, len(options)) - continue - } - return selection - 1 - } -} - -// RegisterClientWithRegion registers a new OIDC client with AWS using a specific region. -func (c *SSOOIDCClient) RegisterClientWithRegion(ctx context.Context, region string) (*RegisterClientResponse, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"urn:ietf:params:oauth:grant-type:device_code", "refresh_token"}, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// StartDeviceAuthorizationWithIDC starts the device authorization flow for IDC. -func (c *SSOOIDCClient) StartDeviceAuthorizationWithIDC(ctx context.Context, clientID, clientSecret, startURL, region string) (*StartDeviceAuthResponse, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "startUrl": startURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/device_authorization", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("start device auth failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("start device auth failed (status %d)", resp.StatusCode) - } - - var result StartDeviceAuthResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// CreateTokenWithRegion polls for the access token after user authorization using a specific region. -func (c *SSOOIDCClient) CreateTokenWithRegion(ctx context.Context, clientID, clientSecret, deviceCode, region string) (*CreateTokenResponse, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "deviceCode": deviceCode, - "grantType": "urn:ietf:params:oauth:grant-type:device_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Check for pending authorization - if resp.StatusCode == http.StatusBadRequest { - var errResp struct { - Error string `json:"error"` - } - if json.Unmarshal(respBody, &errResp) == nil { - if errResp.Error == "authorization_pending" { - return nil, ErrAuthorizationPending - } - if errResp.Error == "slow_down" { - return nil, ErrSlowDown - } - } - log.Debugf("create token failed: %s", string(respBody)) - return nil, fmt.Errorf("create token failed") - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// RefreshTokenWithRegion refreshes an access token using the refresh token with a specific region. -func (c *SSOOIDCClient) RefreshTokenWithRegion(ctx context.Context, clientID, clientSecret, refreshToken, region, startURL string) (*KiroTokenData, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "refreshToken": refreshToken, - "grantType": "refresh_token", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - - // Set headers matching kiro2api's IDC token refresh - // These headers are required for successful IDC token refresh - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Host", fmt.Sprintf("oidc.%s.amazonaws.com", region)) - req.Header.Set("Connection", "keep-alive") - req.Header.Set("x-amz-user-agent", idcAmzUserAgent) - req.Header.Set("Accept", "*/*") - req.Header.Set("Accept-Language", "*") - req.Header.Set("sec-fetch-mode", "cors") - req.Header.Set("User-Agent", "node") - req.Header.Set("Accept-Encoding", "br, gzip, deflate") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("IDC token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - expiresAt := time.Now().Add(time.Duration(result.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: result.AccessToken, - RefreshToken: result.RefreshToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "idc", - Provider: "AWS", - ClientID: clientID, - ClientSecret: clientSecret, - StartURL: startURL, - Region: region, - }, nil -} - -// LoginWithIDC performs the full device code flow for AWS Identity Center (IDC). -func (c *SSOOIDCClient) LoginWithIDC(ctx context.Context, startURL, region string) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Identity Center) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Register client with the specified region - fmt.Println("\nRegistering client...") - regResp, err := c.RegisterClientWithRegion(ctx, region) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 2: Start device authorization with IDC start URL - fmt.Println("Starting device authorization...") - authResp, err := c.StartDeviceAuthorizationWithIDC(ctx, regResp.ClientID, regResp.ClientSecret, startURL, region) - if err != nil { - return nil, fmt.Errorf("failed to start device auth: %w", err) - } - - // Step 3: Show user the verification URL - fmt.Printf("\n") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf(" Confirm the following code in the browser:\n") - fmt.Printf(" Code: %s\n", authResp.UserCode) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n Open this URL: %s\n\n", authResp.VerificationURIComplete) - - // Set incognito mode based on config - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Open browser - if err := browser.OpenURL(authResp.VerificationURIComplete); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" Please open the URL manually in your browser.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - // Step 4: Poll for token - fmt.Println("Waiting for authorization...") - - interval := pollInterval - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - browser.CloseBrowser() - return nil, ctx.Err() - case <-time.After(interval): - tokenResp, err := c.CreateTokenWithRegion(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode, region) - if err != nil { - if errors.Is(err, ErrAuthorizationPending) { - fmt.Print(".") - continue - } - if errors.Is(err, ErrSlowDown) { - interval += 5 * time.Second - continue - } - browser.CloseBrowser() - return nil, fmt.Errorf("token creation failed: %w", err) - } - - fmt.Println("\n\n✓ Authorization successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 5: Get profile ARN from CodeWhisperer API - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "idc", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - StartURL: startURL, - Region: region, - }, nil - } - } - - // Close browser on timeout - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser on timeout: %v", err) - } - return nil, fmt.Errorf("authorization timed out") -} - -// LoginWithMethodSelection prompts the user to select between Builder ID and IDC, then performs the login. -func (c *SSOOIDCClient) LoginWithMethodSelection(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Prompt for login method - options := []string{ - "Use with Builder ID (personal AWS account)", - "Use with IDC Account (organization SSO)", - } - selection := promptSelect("\n? Select login method:", options) - - if selection == 0 { - // Builder ID flow - use existing implementation - return c.LoginWithBuilderID(ctx) - } - - // IDC flow - prompt for start URL and region - fmt.Println() - startURL := promptInput("? Enter Start URL", "") - if startURL == "" { - return nil, fmt.Errorf("start URL is required for IDC login") - } - - region := promptInput("? Enter Region", defaultIDCRegion) - - return c.LoginWithIDC(ctx, startURL, region) -} - -// RegisterClient registers a new OIDC client with AWS. -func (c *SSOOIDCClient) RegisterClient(ctx context.Context) (*RegisterClientResponse, error) { - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"urn:ietf:params:oauth:grant-type:device_code", "refresh_token"}, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// StartDeviceAuthorization starts the device authorization flow. -func (c *SSOOIDCClient) StartDeviceAuthorization(ctx context.Context, clientID, clientSecret string) (*StartDeviceAuthResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "startUrl": builderIDStartURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/device_authorization", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("start device auth failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("start device auth failed (status %d)", resp.StatusCode) - } - - var result StartDeviceAuthResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// CreateToken polls for the access token after user authorization. -func (c *SSOOIDCClient) CreateToken(ctx context.Context, clientID, clientSecret, deviceCode string) (*CreateTokenResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "deviceCode": deviceCode, - "grantType": "urn:ietf:params:oauth:grant-type:device_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Check for pending authorization - if resp.StatusCode == http.StatusBadRequest { - var errResp struct { - Error string `json:"error"` - } - if json.Unmarshal(respBody, &errResp) == nil { - if errResp.Error == "authorization_pending" { - return nil, ErrAuthorizationPending - } - if errResp.Error == "slow_down" { - return nil, ErrSlowDown - } - } - log.Debugf("create token failed: %s", string(respBody)) - return nil, fmt.Errorf("create token failed") - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// RefreshToken refreshes an access token using the refresh token. -// Includes retry logic and improved error handling for better reliability. -func (c *SSOOIDCClient) RefreshToken(ctx context.Context, clientID, clientSecret, refreshToken string) (*KiroTokenData, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "refreshToken": refreshToken, - "grantType": "refresh_token", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - - // Set headers matching Kiro IDE behavior for better compatibility - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Host", "oidc.us-east-1.amazonaws.com") - req.Header.Set("x-amz-user-agent", idcAmzUserAgent) - req.Header.Set("User-Agent", "node") - req.Header.Set("Accept", "*/*") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - expiresAt := time.Now().Add(time.Duration(result.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: result.AccessToken, - RefreshToken: result.RefreshToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: clientID, - ClientSecret: clientSecret, - Region: defaultIDCRegion, - }, nil -} - -// LoginWithBuilderID performs the full device code flow for AWS Builder ID. -func (c *SSOOIDCClient) LoginWithBuilderID(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Builder ID) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Register client - fmt.Println("\nRegistering client...") - regResp, err := c.RegisterClient(ctx) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 2: Start device authorization - fmt.Println("Starting device authorization...") - authResp, err := c.StartDeviceAuthorization(ctx, regResp.ClientID, regResp.ClientSecret) - if err != nil { - return nil, fmt.Errorf("failed to start device auth: %w", err) - } - - // Step 3: Show user the verification URL - fmt.Printf("\n") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf(" Open this URL in your browser:\n") - fmt.Printf(" %s\n", authResp.VerificationURIComplete) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n Or go to: %s\n", authResp.VerificationURI) - fmt.Printf(" And enter code: %s\n\n", authResp.UserCode) - - // Set incognito mode based on config (defaults to true for Kiro, can be overridden with --no-incognito) - // Incognito mode enables multi-account support by bypassing cached sessions - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) // Default to incognito if no config - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Open browser using cross-platform browser package - if err := browser.OpenURL(authResp.VerificationURIComplete); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" Please open the URL manually in your browser.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - // Step 4: Poll for token - fmt.Println("Waiting for authorization...") - - interval := pollInterval - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - browser.CloseBrowser() // Cleanup on cancel - return nil, ctx.Err() - case <-time.After(interval): - tokenResp, err := c.CreateToken(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode) - if err != nil { - if errors.Is(err, ErrAuthorizationPending) { - fmt.Print(".") - continue - } - if errors.Is(err, ErrSlowDown) { - interval += 5 * time.Second - continue - } - // Close browser on error before returning - browser.CloseBrowser() - return nil, fmt.Errorf("token creation failed: %w", err) - } - - fmt.Println("\n\n✓ Authorization successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 5: Get profile ARN from CodeWhisperer API - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email (tries CodeWhisperer API first, then userinfo endpoint, then JWT parsing) - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - Region: defaultIDCRegion, - }, nil - } - } - - // Close browser on timeout for better UX - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser on timeout: %v", err) - } - return nil, fmt.Errorf("authorization timed out") - } - -// FetchUserEmail retrieves the user's email from AWS SSO OIDC userinfo endpoint. -// Falls back to JWT parsing if userinfo fails. -func (c *SSOOIDCClient) FetchUserEmail(ctx context.Context, accessToken string) string { - // Method 1: Try userinfo endpoint (standard OIDC) - email := c.tryUserInfoEndpoint(ctx, accessToken) - if email != "" { - return email - } - - // Method 2: Fallback to JWT parsing - return ExtractEmailFromJWT(accessToken) -} - -// tryUserInfoEndpoint attempts to get user info from AWS SSO OIDC userinfo endpoint. -func (c *SSOOIDCClient) tryUserInfoEndpoint(ctx context.Context, accessToken string) string { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, ssoOIDCEndpoint+"/userinfo", nil) - if err != nil { - return "" - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - log.Debugf("userinfo request failed: %v", err) - return "" - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - respBody, _ := io.ReadAll(resp.Body) - log.Debugf("userinfo endpoint returned status %d: %s", resp.StatusCode, string(respBody)) - return "" - } - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return "" - } - - log.Debugf("userinfo response: %s", string(respBody)) - - var userInfo struct { - Email string `json:"email"` - Sub string `json:"sub"` - PreferredUsername string `json:"preferred_username"` - Name string `json:"name"` - } - - if err := json.Unmarshal(respBody, &userInfo); err != nil { - return "" - } - - if userInfo.Email != "" { - return userInfo.Email - } - if userInfo.PreferredUsername != "" && strings.Contains(userInfo.PreferredUsername, "@") { - return userInfo.PreferredUsername - } - return "" -} - -// fetchProfileArn retrieves the profile ARN from CodeWhisperer API. -// This is needed for file naming since AWS SSO OIDC doesn't return profile info. -func (c *SSOOIDCClient) fetchProfileArn(ctx context.Context, accessToken string) string { - // Try ListProfiles API first - profileArn := c.tryListProfiles(ctx, accessToken) - if profileArn != "" { - return profileArn - } - - // Fallback: Try ListAvailableCustomizations - return c.tryListCustomizations(ctx, accessToken) -} - -func (c *SSOOIDCClient) tryListProfiles(ctx context.Context, accessToken string) string { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - } - - body, err := json.Marshal(payload) - if err != nil { - return "" - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://codewhisperer.us-east-1.amazonaws.com", strings.NewReader(string(body))) - if err != nil { - return "" - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", "AmazonCodeWhispererService.ListProfiles") - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "" - } - defer resp.Body.Close() - - respBody, _ := io.ReadAll(resp.Body) - - if resp.StatusCode != http.StatusOK { - log.Debugf("ListProfiles failed (status %d): %s", resp.StatusCode, string(respBody)) - return "" - } - - log.Debugf("ListProfiles response: %s", string(respBody)) - - var result struct { - Profiles []struct { - Arn string `json:"arn"` - } `json:"profiles"` - ProfileArn string `json:"profileArn"` - } - - if err := json.Unmarshal(respBody, &result); err != nil { - return "" - } - - if result.ProfileArn != "" { - return result.ProfileArn - } - - if len(result.Profiles) > 0 { - return result.Profiles[0].Arn - } - - return "" -} - -func (c *SSOOIDCClient) tryListCustomizations(ctx context.Context, accessToken string) string { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - } - - body, err := json.Marshal(payload) - if err != nil { - return "" - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://codewhisperer.us-east-1.amazonaws.com", strings.NewReader(string(body))) - if err != nil { - return "" - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", "AmazonCodeWhispererService.ListAvailableCustomizations") - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "" - } - defer resp.Body.Close() - - respBody, _ := io.ReadAll(resp.Body) - - if resp.StatusCode != http.StatusOK { - log.Debugf("ListAvailableCustomizations failed (status %d): %s", resp.StatusCode, string(respBody)) - return "" - } - - log.Debugf("ListAvailableCustomizations response: %s", string(respBody)) - - var result struct { - Customizations []struct { - Arn string `json:"arn"` - } `json:"customizations"` - ProfileArn string `json:"profileArn"` - } - - if err := json.Unmarshal(respBody, &result); err != nil { - return "" - } - - if result.ProfileArn != "" { - return result.ProfileArn - } - - if len(result.Customizations) > 0 { - return result.Customizations[0].Arn - } - - return "" -} - -// RegisterClientForAuthCode registers a new OIDC client for authorization code flow. -func (c *SSOOIDCClient) RegisterClientForAuthCode(ctx context.Context, redirectURI string) (*RegisterClientResponse, error) { - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"authorization_code", "refresh_token"}, - "redirectUris": []string{redirectURI}, - "issuerUrl": builderIDStartURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client for auth code failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// AuthCodeCallbackResult contains the result from authorization code callback. -type AuthCodeCallbackResult struct { - Code string - State string - Error string -} - -// startAuthCodeCallbackServer starts a local HTTP server to receive the authorization code callback. -func (c *SSOOIDCClient) startAuthCodeCallbackServer(ctx context.Context, expectedState string) (string, <-chan AuthCodeCallbackResult, error) { - // Try to find an available port - listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", authCodeCallbackPort)) - if err != nil { - // Try with dynamic port - log.Warnf("sso oidc: default port %d is busy, falling back to dynamic port", authCodeCallbackPort) - listener, err = net.Listen("tcp", "127.0.0.1:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - redirectURI := fmt.Sprintf("http://127.0.0.1:%d%s", port, authCodeCallbackPath) - resultChan := make(chan AuthCodeCallbackResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc(authCodeCallbackPath, func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - // Send response to browser - w.Header().Set("Content-Type", "text/html; charset=utf-8") - if errParam != "" { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, ` -Login Failed -

Login Failed

Error: %s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- AuthCodeCallbackResult{Error: errParam} - return - } - - if state != expectedState { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprint(w, ` -Login Failed -

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- AuthCodeCallbackResult{Error: "state mismatch"} - return - } - - fmt.Fprint(w, ` -Login Successful -

Login Successful!

You can close this window and return to the terminal.

-`) - resultChan <- AuthCodeCallbackResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("auth code callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(10 * time.Minute): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// generatePKCEForAuthCode generates PKCE code verifier and challenge for authorization code flow. -func generatePKCEForAuthCode() (verifier, challenge string, err error) { - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", err) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - return verifier, challenge, nil -} - -// generateStateForAuthCode generates a random state parameter. -func generateStateForAuthCode() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// CreateTokenWithAuthCode exchanges authorization code for tokens. -func (c *SSOOIDCClient) CreateTokenWithAuthCode(ctx context.Context, clientID, clientSecret, code, codeVerifier, redirectURI string) (*CreateTokenResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "code": code, - "codeVerifier": codeVerifier, - "redirectUri": redirectURI, - "grantType": "authorization_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token with auth code failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// LoginWithBuilderIDAuthCode performs the authorization code flow for AWS Builder ID. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (c *SSOOIDCClient) LoginWithBuilderIDAuthCode(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Builder ID - Auth Code) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Generate PKCE and state - codeVerifier, codeChallenge, err := generatePKCEForAuthCode() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE: %w", err) - } - - state, err := generateStateForAuthCode() - if err != nil { - return nil, fmt.Errorf("failed to generate state: %w", err) - } - - // Step 2: Start callback server - fmt.Println("\nStarting callback server...") - redirectURI, resultChan, err := c.startAuthCodeCallbackServer(ctx, state) - if err != nil { - return nil, fmt.Errorf("failed to start callback server: %w", err) - } - log.Debugf("Callback server started, redirect URI: %s", redirectURI) - - // Step 3: Register client with auth code grant type - fmt.Println("Registering client...") - regResp, err := c.RegisterClientForAuthCode(ctx, redirectURI) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 4: Build authorization URL - scopes := "codewhisperer:completions,codewhisperer:analysis,codewhisperer:conversations" - authURL := fmt.Sprintf("%s/authorize?response_type=code&client_id=%s&redirect_uri=%s&scopes=%s&state=%s&code_challenge=%s&code_challenge_method=S256", - ssoOIDCEndpoint, - regResp.ClientID, - redirectURI, - scopes, - state, - codeChallenge, - ) - - // Step 5: Open browser - fmt.Println("\n════════════════════════════════════════════════════════════") - fmt.Println(" Opening browser for authentication...") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n URL: %s\n\n", authURL) - - // Set incognito mode - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - } else { - browser.SetIncognitoMode(true) - } - - if err := browser.OpenURL(authURL); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" ⚠ Could not open browser automatically.") - fmt.Println(" Please open the URL above in your browser manually.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - fmt.Println("\n Waiting for authorization callback...") - - // Step 6: Wait for callback - select { - case <-ctx.Done(): - browser.CloseBrowser() - return nil, ctx.Err() - case <-time.After(10 * time.Minute): - browser.CloseBrowser() - return nil, fmt.Errorf("authorization timed out") - case result := <-resultChan: - if result.Error != "" { - browser.CloseBrowser() - return nil, fmt.Errorf("authorization failed: %s", result.Error) - } - - fmt.Println("\n✓ Authorization received!") - - // Close browser - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 7: Exchange code for tokens - fmt.Println("Exchanging code for tokens...") - tokenResp, err := c.CreateTokenWithAuthCode(ctx, regResp.ClientID, regResp.ClientSecret, result.Code, codeVerifier, redirectURI) - if err != nil { - return nil, fmt.Errorf("failed to exchange code for tokens: %w", err) - } - - fmt.Println("\n✓ Authentication successful!") - - // Step 8: Get profile ARN - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email (tries CodeWhisperer API first, then userinfo endpoint, then JWT parsing) - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - Region: defaultIDCRegion, - }, nil - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/token.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/token.go deleted file mode 100644 index 0484a2dc6d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/token.go +++ /dev/null @@ -1,89 +0,0 @@ -package kiro - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" -) - -// KiroTokenStorage holds the persistent token data for Kiro authentication. -type KiroTokenStorage struct { - // Type is the provider type for management UI recognition (must be "kiro") - Type string `json:"type"` - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // ProfileArn is the AWS CodeWhisperer profile ARN - ProfileArn string `json:"profile_arn"` - // ExpiresAt is the timestamp when the token expires - ExpiresAt string `json:"expires_at"` - // AuthMethod indicates the authentication method used - AuthMethod string `json:"auth_method"` - // Provider indicates the OAuth provider - Provider string `json:"provider"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` - // ClientID is the OAuth client ID (required for token refresh) - ClientID string `json:"client_id,omitempty"` - // ClientSecret is the OAuth client secret (required for token refresh) - ClientSecret string `json:"client_secret,omitempty"` - // Region is the AWS region - Region string `json:"region,omitempty"` - // StartURL is the AWS Identity Center start URL (for IDC auth) - StartURL string `json:"start_url,omitempty"` - // Email is the user's email address - Email string `json:"email,omitempty"` -} - -// SaveTokenToFile persists the token storage to the specified file path. -func (s *KiroTokenStorage) SaveTokenToFile(authFilePath string) error { - dir := filepath.Dir(authFilePath) - if err := os.MkdirAll(dir, 0700); err != nil { - return fmt.Errorf("failed to create directory: %w", err) - } - - data, err := json.MarshalIndent(s, "", " ") - if err != nil { - return fmt.Errorf("failed to marshal token storage: %w", err) - } - - if err := os.WriteFile(authFilePath, data, 0600); err != nil { - return fmt.Errorf("failed to write token file: %w", err) - } - - return nil -} - -// LoadFromFile loads token storage from the specified file path. -func LoadFromFile(authFilePath string) (*KiroTokenStorage, error) { - data, err := os.ReadFile(authFilePath) - if err != nil { - return nil, fmt.Errorf("failed to read token file: %w", err) - } - - var storage KiroTokenStorage - if err := json.Unmarshal(data, &storage); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - return &storage, nil -} - -// ToTokenData converts storage to KiroTokenData for API use. -func (s *KiroTokenStorage) ToTokenData() *KiroTokenData { - return &KiroTokenData{ - AccessToken: s.AccessToken, - RefreshToken: s.RefreshToken, - ProfileArn: s.ProfileArn, - ExpiresAt: s.ExpiresAt, - AuthMethod: s.AuthMethod, - Provider: s.Provider, - ClientID: s.ClientID, - ClientSecret: s.ClientSecret, - Region: s.Region, - StartURL: s.StartURL, - Email: s.Email, - } -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/token_repository.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/token_repository.go deleted file mode 100644 index 815f18270d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/token_repository.go +++ /dev/null @@ -1,274 +0,0 @@ -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io/fs" - "os" - "path/filepath" - "sort" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// FileTokenRepository 实现 TokenRepository 接口,基于文件系统存储 -type FileTokenRepository struct { - mu sync.RWMutex - baseDir string -} - -// NewFileTokenRepository 创建一个新的文件 token 存储库 -func NewFileTokenRepository(baseDir string) *FileTokenRepository { - return &FileTokenRepository{ - baseDir: baseDir, - } -} - -// SetBaseDir 设置基础目录 -func (r *FileTokenRepository) SetBaseDir(dir string) { - r.mu.Lock() - r.baseDir = strings.TrimSpace(dir) - r.mu.Unlock() -} - -// FindOldestUnverified 查找需要刷新的 token(按最后验证时间排序) -func (r *FileTokenRepository) FindOldestUnverified(limit int) []*Token { - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - log.Debug("token repository: base directory not configured") - return nil - } - - var tokens []*Token - - err := filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return nil // 忽略错误,继续遍历 - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - - // 只处理 kiro 相关的 token 文件 - if !strings.HasPrefix(d.Name(), "kiro-") { - return nil - } - - token, err := r.readTokenFile(path) - if err != nil { - log.Debugf("token repository: failed to read token file %s: %v", path, err) - return nil - } - - if token != nil && token.RefreshToken != "" { - // 检查 token 是否需要刷新(过期前 5 分钟) - if token.ExpiresAt.IsZero() || time.Until(token.ExpiresAt) < 5*time.Minute { - tokens = append(tokens, token) - } - } - - return nil - }) - - if err != nil { - log.Warnf("token repository: error walking directory: %v", err) - } - - // 按最后验证时间排序(最旧的优先) - sort.Slice(tokens, func(i, j int) bool { - return tokens[i].LastVerified.Before(tokens[j].LastVerified) - }) - - // 限制返回数量 - if limit > 0 && len(tokens) > limit { - tokens = tokens[:limit] - } - - return tokens -} - -// UpdateToken 更新 token 并持久化到文件 -func (r *FileTokenRepository) UpdateToken(token *Token) error { - if token == nil { - return fmt.Errorf("token repository: token is nil") - } - - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - return fmt.Errorf("token repository: base directory not configured") - } - - // 构建文件路径 - filePath := filepath.Join(baseDir, token.ID) - if !strings.HasSuffix(filePath, ".json") { - filePath += ".json" - } - - // 读取现有文件内容 - existingData := make(map[string]any) - if data, err := os.ReadFile(filePath); err == nil { - _ = json.Unmarshal(data, &existingData) - } - - // 更新字段 - existingData["access_token"] = token.AccessToken - existingData["refresh_token"] = token.RefreshToken - existingData["last_refresh"] = time.Now().Format(time.RFC3339) - - if !token.ExpiresAt.IsZero() { - existingData["expires_at"] = token.ExpiresAt.Format(time.RFC3339) - } - - // 保持原有的关键字段 - if token.ClientID != "" { - existingData["client_id"] = token.ClientID - } - if token.ClientSecret != "" { - existingData["client_secret"] = token.ClientSecret - } - if token.AuthMethod != "" { - existingData["auth_method"] = token.AuthMethod - } - if token.Region != "" { - existingData["region"] = token.Region - } - if token.StartURL != "" { - existingData["start_url"] = token.StartURL - } - - // 序列化并写入文件 - raw, err := json.MarshalIndent(existingData, "", " ") - if err != nil { - return fmt.Errorf("token repository: marshal failed: %w", err) - } - - // 原子写入:先写入临时文件,再重命名 - tmpPath := filePath + ".tmp" - if err := os.WriteFile(tmpPath, raw, 0o600); err != nil { - return fmt.Errorf("token repository: write temp file failed: %w", err) - } - if err := os.Rename(tmpPath, filePath); err != nil { - _ = os.Remove(tmpPath) - return fmt.Errorf("token repository: rename failed: %w", err) - } - - log.Debugf("token repository: updated token %s", token.ID) - return nil -} - -// readTokenFile 从文件读取 token -func (r *FileTokenRepository) readTokenFile(path string) (*Token, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, err - } - - var metadata map[string]any - if err := json.Unmarshal(data, &metadata); err != nil { - return nil, err - } - - // 检查是否是 kiro token - tokenType, _ := metadata["type"].(string) - if tokenType != "kiro" { - return nil, nil - } - - // 检查 auth_method (case-insensitive comparison to handle "IdC", "IDC", "idc", etc.) - authMethod, _ := metadata["auth_method"].(string) - authMethod = strings.ToLower(authMethod) - if authMethod != "idc" && authMethod != "builder-id" { - return nil, nil // 只处理 IDC 和 Builder ID token - } - - token := &Token{ - ID: filepath.Base(path), - AuthMethod: authMethod, - } - - // 解析各字段 - if v, ok := metadata["access_token"].(string); ok { - token.AccessToken = v - } - if v, ok := metadata["refresh_token"].(string); ok { - token.RefreshToken = v - } - if v, ok := metadata["client_id"].(string); ok { - token.ClientID = v - } - if v, ok := metadata["client_secret"].(string); ok { - token.ClientSecret = v - } - if v, ok := metadata["region"].(string); ok { - token.Region = v - } - if v, ok := metadata["start_url"].(string); ok { - token.StartURL = v - } - if v, ok := metadata["provider"].(string); ok { - token.Provider = v - } - - // 解析时间字段 - if v, ok := metadata["expires_at"].(string); ok { - if t, err := time.Parse(time.RFC3339, v); err == nil { - token.ExpiresAt = t - } - } - if v, ok := metadata["last_refresh"].(string); ok { - if t, err := time.Parse(time.RFC3339, v); err == nil { - token.LastVerified = t - } - } - - return token, nil -} - -// ListKiroTokens 列出所有 Kiro token(用于调试) -func (r *FileTokenRepository) ListKiroTokens(ctx context.Context) ([]*Token, error) { - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - return nil, fmt.Errorf("token repository: base directory not configured") - } - - var tokens []*Token - - err := filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return nil - } - if d.IsDir() { - return nil - } - if !strings.HasPrefix(d.Name(), "kiro-") || !strings.HasSuffix(d.Name(), ".json") { - return nil - } - - token, err := r.readTokenFile(path) - if err != nil { - return nil - } - if token != nil { - tokens = append(tokens, token) - } - return nil - }) - - return tokens, err -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/kiro/usage_checker.go b/.worktrees/config/m/config-build/active/internal/auth/kiro/usage_checker.go deleted file mode 100644 index 94870214b6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/kiro/usage_checker.go +++ /dev/null @@ -1,243 +0,0 @@ -// Package kiro provides authentication functionality for AWS CodeWhisperer (Kiro) API. -// This file implements usage quota checking and monitoring. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" -) - -// UsageQuotaResponse represents the API response structure for usage quota checking. -type UsageQuotaResponse struct { - UsageBreakdownList []UsageBreakdownExtended `json:"usageBreakdownList"` - SubscriptionInfo *SubscriptionInfo `json:"subscriptionInfo,omitempty"` - NextDateReset float64 `json:"nextDateReset,omitempty"` -} - -// UsageBreakdownExtended represents detailed usage information for quota checking. -// Note: UsageBreakdown is already defined in codewhisperer_client.go -type UsageBreakdownExtended struct { - ResourceType string `json:"resourceType"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` - FreeTrialInfo *FreeTrialInfoExtended `json:"freeTrialInfo,omitempty"` -} - -// FreeTrialInfoExtended represents free trial usage information. -type FreeTrialInfoExtended struct { - FreeTrialStatus string `json:"freeTrialStatus"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` -} - -// QuotaStatus represents the quota status for a token. -type QuotaStatus struct { - TotalLimit float64 - CurrentUsage float64 - RemainingQuota float64 - IsExhausted bool - ResourceType string - NextReset time.Time -} - -// UsageChecker provides methods for checking token quota usage. -type UsageChecker struct { - httpClient *http.Client - endpoint string -} - -// NewUsageChecker creates a new UsageChecker instance. -func NewUsageChecker(cfg *config.Config) *UsageChecker { - return &UsageChecker{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 30 * time.Second}), - endpoint: awsKiroEndpoint, - } -} - -// NewUsageCheckerWithClient creates a UsageChecker with a custom HTTP client. -func NewUsageCheckerWithClient(client *http.Client) *UsageChecker { - return &UsageChecker{ - httpClient: client, - endpoint: awsKiroEndpoint, - } -} - -// CheckUsage retrieves usage limits for the given token. -func (c *UsageChecker) CheckUsage(ctx context.Context, tokenData *KiroTokenData) (*UsageQuotaResponse, error) { - if tokenData == nil { - return nil, fmt.Errorf("token data is nil") - } - - if tokenData.AccessToken == "" { - return nil, fmt.Errorf("access token is empty") - } - - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - "resourceType": "AGENTIC_REQUEST", - } - - jsonBody, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.endpoint, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", targetGetUsage) - req.Header.Set("Authorization", "Bearer "+tokenData.AccessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body)) - } - - var result UsageQuotaResponse - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse usage response: %w", err) - } - - return &result, nil -} - -// CheckUsageByAccessToken retrieves usage limits using an access token and profile ARN directly. -func (c *UsageChecker) CheckUsageByAccessToken(ctx context.Context, accessToken, profileArn string) (*UsageQuotaResponse, error) { - tokenData := &KiroTokenData{ - AccessToken: accessToken, - ProfileArn: profileArn, - } - return c.CheckUsage(ctx, tokenData) -} - -// GetRemainingQuota calculates the remaining quota from usage limits. -func GetRemainingQuota(usage *UsageQuotaResponse) float64 { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return 0 - } - - var totalRemaining float64 - for _, breakdown := range usage.UsageBreakdownList { - remaining := breakdown.UsageLimitWithPrecision - breakdown.CurrentUsageWithPrecision - if remaining > 0 { - totalRemaining += remaining - } - - if breakdown.FreeTrialInfo != nil { - freeRemaining := breakdown.FreeTrialInfo.UsageLimitWithPrecision - breakdown.FreeTrialInfo.CurrentUsageWithPrecision - if freeRemaining > 0 { - totalRemaining += freeRemaining - } - } - } - - return totalRemaining -} - -// IsQuotaExhausted checks if the quota is exhausted based on usage limits. -func IsQuotaExhausted(usage *UsageQuotaResponse) bool { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return true - } - - for _, breakdown := range usage.UsageBreakdownList { - if breakdown.CurrentUsageWithPrecision < breakdown.UsageLimitWithPrecision { - return false - } - - if breakdown.FreeTrialInfo != nil { - if breakdown.FreeTrialInfo.CurrentUsageWithPrecision < breakdown.FreeTrialInfo.UsageLimitWithPrecision { - return false - } - } - } - - return true -} - -// GetQuotaStatus retrieves a comprehensive quota status for a token. -func (c *UsageChecker) GetQuotaStatus(ctx context.Context, tokenData *KiroTokenData) (*QuotaStatus, error) { - usage, err := c.CheckUsage(ctx, tokenData) - if err != nil { - return nil, err - } - - status := &QuotaStatus{ - IsExhausted: IsQuotaExhausted(usage), - } - - if len(usage.UsageBreakdownList) > 0 { - breakdown := usage.UsageBreakdownList[0] - status.TotalLimit = breakdown.UsageLimitWithPrecision - status.CurrentUsage = breakdown.CurrentUsageWithPrecision - status.RemainingQuota = breakdown.UsageLimitWithPrecision - breakdown.CurrentUsageWithPrecision - status.ResourceType = breakdown.ResourceType - - if breakdown.FreeTrialInfo != nil { - status.TotalLimit += breakdown.FreeTrialInfo.UsageLimitWithPrecision - status.CurrentUsage += breakdown.FreeTrialInfo.CurrentUsageWithPrecision - freeRemaining := breakdown.FreeTrialInfo.UsageLimitWithPrecision - breakdown.FreeTrialInfo.CurrentUsageWithPrecision - if freeRemaining > 0 { - status.RemainingQuota += freeRemaining - } - } - } - - if usage.NextDateReset > 0 { - status.NextReset = time.Unix(int64(usage.NextDateReset/1000), 0) - } - - return status, nil -} - -// CalculateAvailableCount calculates the available request count based on usage limits. -func CalculateAvailableCount(usage *UsageQuotaResponse) float64 { - return GetRemainingQuota(usage) -} - -// GetUsagePercentage calculates the usage percentage. -func GetUsagePercentage(usage *UsageQuotaResponse) float64 { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return 100.0 - } - - var totalLimit, totalUsage float64 - for _, breakdown := range usage.UsageBreakdownList { - totalLimit += breakdown.UsageLimitWithPrecision - totalUsage += breakdown.CurrentUsageWithPrecision - - if breakdown.FreeTrialInfo != nil { - totalLimit += breakdown.FreeTrialInfo.UsageLimitWithPrecision - totalUsage += breakdown.FreeTrialInfo.CurrentUsageWithPrecision - } - } - - if totalLimit == 0 { - return 100.0 - } - - return (totalUsage / totalLimit) * 100 -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/models.go b/.worktrees/config/m/config-build/active/internal/auth/models.go deleted file mode 100644 index 81a4aad2b2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/models.go +++ /dev/null @@ -1,17 +0,0 @@ -// Package auth provides authentication functionality for various AI service providers. -// It includes interfaces and implementations for token storage and authentication methods. -package auth - -// TokenStorage defines the interface for storing authentication tokens. -// Implementations of this interface should provide methods to persist -// authentication tokens to a file system location. -type TokenStorage interface { - // SaveTokenToFile persists authentication tokens to the specified file path. - // - // Parameters: - // - authFilePath: The file path where the authentication tokens should be saved - // - // Returns: - // - error: An error if the save operation fails, nil otherwise - SaveTokenToFile(authFilePath string) error -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/qwen/qwen_auth.go b/.worktrees/config/m/config-build/active/internal/auth/qwen/qwen_auth.go deleted file mode 100644 index cb58b86d3a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/qwen/qwen_auth.go +++ /dev/null @@ -1,359 +0,0 @@ -package qwen - -import ( - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // QwenOAuthDeviceCodeEndpoint is the URL for initiating the OAuth 2.0 device authorization flow. - QwenOAuthDeviceCodeEndpoint = "https://chat.qwen.ai/api/v1/oauth2/device/code" - // QwenOAuthTokenEndpoint is the URL for exchanging device codes or refresh tokens for access tokens. - QwenOAuthTokenEndpoint = "https://chat.qwen.ai/api/v1/oauth2/token" - // QwenOAuthClientID is the client identifier for the Qwen OAuth 2.0 application. - QwenOAuthClientID = "f0304373b74a44d2b584a3fb70ca9e56" - // QwenOAuthScope defines the permissions requested by the application. - QwenOAuthScope = "openid profile email model.completion" - // QwenOAuthGrantType specifies the grant type for the device code flow. - QwenOAuthGrantType = "urn:ietf:params:oauth:grant-type:device_code" -) - -// QwenTokenData represents the OAuth credentials, including access and refresh tokens. -type QwenTokenData struct { - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain a new access token when the current one expires. - RefreshToken string `json:"refresh_token,omitempty"` - // TokenType indicates the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ResourceURL specifies the base URL of the resource server. - ResourceURL string `json:"resource_url,omitempty"` - // Expire indicates the expiration date and time of the access token. - Expire string `json:"expiry_date,omitempty"` -} - -// DeviceFlow represents the response from the device authorization endpoint. -type DeviceFlow struct { - // DeviceCode is the code that the client uses to poll for an access token. - DeviceCode string `json:"device_code"` - // UserCode is the code that the user enters at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user can enter the user code to authorize the device. - VerificationURI string `json:"verification_uri"` - // VerificationURIComplete is a URI that includes the user_code, which can be used to automatically - // fill in the code on the verification page. - VerificationURIComplete string `json:"verification_uri_complete"` - // ExpiresIn is the time in seconds until the device_code and user_code expire. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum time in seconds that the client should wait between polling requests. - Interval int `json:"interval"` - // CodeVerifier is the cryptographically random string used in the PKCE flow. - CodeVerifier string `json:"code_verifier"` -} - -// QwenTokenResponse represents the successful token response from the token endpoint. -type QwenTokenResponse struct { - // AccessToken is the token used to access protected resources. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain a new access token. - RefreshToken string `json:"refresh_token,omitempty"` - // TokenType indicates the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ResourceURL specifies the base URL of the resource server. - ResourceURL string `json:"resource_url,omitempty"` - // ExpiresIn is the time in seconds until the access token expires. - ExpiresIn int `json:"expires_in"` -} - -// QwenAuth manages authentication and token handling for the Qwen API. -type QwenAuth struct { - httpClient *http.Client -} - -// NewQwenAuth creates a new QwenAuth instance with a proxy-configured HTTP client. -func NewQwenAuth(cfg *config.Config) *QwenAuth { - return &QwenAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// generateCodeVerifier generates a cryptographically random string for the PKCE code verifier. -func (qa *QwenAuth) generateCodeVerifier() (string, error) { - bytes := make([]byte, 32) - if _, err := rand.Read(bytes); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a SHA-256 hash of the code verifier, used as the PKCE code challenge. -func (qa *QwenAuth) generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.RawURLEncoding.EncodeToString(hash[:]) -} - -// generatePKCEPair creates a new code verifier and its corresponding code challenge for PKCE. -func (qa *QwenAuth) generatePKCEPair() (string, string, error) { - codeVerifier, err := qa.generateCodeVerifier() - if err != nil { - return "", "", err - } - codeChallenge := qa.generateCodeChallenge(codeVerifier) - return codeVerifier, codeChallenge, nil -} - -// RefreshTokens exchanges a refresh token for a new access token. -func (qa *QwenAuth) RefreshTokens(ctx context.Context, refreshToken string) (*QwenTokenData, error) { - data := url.Values{} - data.Set("grant_type", "refresh_token") - data.Set("refresh_token", refreshToken) - data.Set("client_id", QwenOAuthClientID) - - req, err := http.NewRequestWithContext(ctx, "POST", QwenOAuthTokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - - // resp, err := qa.httpClient.PostForm(QwenOAuthTokenEndpoint, data) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %w", err) - } - - if resp.StatusCode != http.StatusOK { - var errorData map[string]interface{} - if err = json.Unmarshal(body, &errorData); err == nil { - return nil, fmt.Errorf("token refresh failed: %v - %v", errorData["error"], errorData["error_description"]) - } - return nil, fmt.Errorf("token refresh failed: %s", string(body)) - } - - var tokenData QwenTokenResponse - if err = json.Unmarshal(body, &tokenData); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - return &QwenTokenData{ - AccessToken: tokenData.AccessToken, - TokenType: tokenData.TokenType, - RefreshToken: tokenData.RefreshToken, - ResourceURL: tokenData.ResourceURL, - Expire: time.Now().Add(time.Duration(tokenData.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// InitiateDeviceFlow starts the OAuth 2.0 device authorization flow and returns the device flow details. -func (qa *QwenAuth) InitiateDeviceFlow(ctx context.Context) (*DeviceFlow, error) { - // Generate PKCE code verifier and challenge - codeVerifier, codeChallenge, err := qa.generatePKCEPair() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE pair: %w", err) - } - - data := url.Values{} - data.Set("client_id", QwenOAuthClientID) - data.Set("scope", QwenOAuthScope) - data.Set("code_challenge", codeChallenge) - data.Set("code_challenge_method", "S256") - - req, err := http.NewRequestWithContext(ctx, "POST", QwenOAuthDeviceCodeEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - - // resp, err := qa.httpClient.PostForm(QwenOAuthDeviceCodeEndpoint, data) - if err != nil { - return nil, fmt.Errorf("device authorization request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("device authorization failed: %d %s. Response: %s", resp.StatusCode, resp.Status, string(body)) - } - - var result DeviceFlow - if err = json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse device flow response: %w", err) - } - - // Check if the response indicates success - if result.DeviceCode == "" { - return nil, fmt.Errorf("device authorization failed: device_code not found in response") - } - - // Add the code_verifier to the result so it can be used later for polling - result.CodeVerifier = codeVerifier - - return &result, nil -} - -// PollForToken polls the token endpoint with the device code to obtain an access token. -func (qa *QwenAuth) PollForToken(deviceCode, codeVerifier string) (*QwenTokenData, error) { - pollInterval := 5 * time.Second - maxAttempts := 60 // 5 minutes max - - for attempt := 0; attempt < maxAttempts; attempt++ { - data := url.Values{} - data.Set("grant_type", QwenOAuthGrantType) - data.Set("client_id", QwenOAuthClientID) - data.Set("device_code", deviceCode) - data.Set("code_verifier", codeVerifier) - - resp, err := http.PostForm(QwenOAuthTokenEndpoint, data) - if err != nil { - fmt.Printf("Polling attempt %d/%d failed: %v\n", attempt+1, maxAttempts, err) - time.Sleep(pollInterval) - continue - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - fmt.Printf("Polling attempt %d/%d failed: %v\n", attempt+1, maxAttempts, err) - time.Sleep(pollInterval) - continue - } - - if resp.StatusCode != http.StatusOK { - // Parse the response as JSON to check for OAuth RFC 8628 standard errors - var errorData map[string]interface{} - if err = json.Unmarshal(body, &errorData); err == nil { - // According to OAuth RFC 8628, handle standard polling responses - if resp.StatusCode == http.StatusBadRequest { - errorType, _ := errorData["error"].(string) - switch errorType { - case "authorization_pending": - // User has not yet approved the authorization request. Continue polling. - fmt.Printf("Polling attempt %d/%d...\n\n", attempt+1, maxAttempts) - time.Sleep(pollInterval) - continue - case "slow_down": - // Client is polling too frequently. Increase poll interval. - pollInterval = time.Duration(float64(pollInterval) * 1.5) - if pollInterval > 10*time.Second { - pollInterval = 10 * time.Second - } - fmt.Printf("Server requested to slow down, increasing poll interval to %v\n\n", pollInterval) - time.Sleep(pollInterval) - continue - case "expired_token": - return nil, fmt.Errorf("device code expired. Please restart the authentication process") - case "access_denied": - return nil, fmt.Errorf("authorization denied by user. Please restart the authentication process") - } - } - - // For other errors, return with proper error information - errorType, _ := errorData["error"].(string) - errorDesc, _ := errorData["error_description"].(string) - return nil, fmt.Errorf("device token poll failed: %s - %s", errorType, errorDesc) - } - - // If JSON parsing fails, fall back to text response - return nil, fmt.Errorf("device token poll failed: %d %s. Response: %s", resp.StatusCode, resp.Status, string(body)) - } - // log.Debugf("%s", string(body)) - // Success - parse token data - var response QwenTokenResponse - if err = json.Unmarshal(body, &response); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Convert to QwenTokenData format and save - tokenData := &QwenTokenData{ - AccessToken: response.AccessToken, - RefreshToken: response.RefreshToken, - TokenType: response.TokenType, - ResourceURL: response.ResourceURL, - Expire: time.Now().Add(time.Duration(response.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - return tokenData, nil - } - - return nil, fmt.Errorf("authentication timeout. Please restart the authentication process") -} - -// RefreshTokensWithRetry attempts to refresh tokens with a specified number of retries upon failure. -func (o *QwenAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*QwenTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// CreateTokenStorage creates a QwenTokenStorage object from a QwenTokenData object. -func (o *QwenAuth) CreateTokenStorage(tokenData *QwenTokenData) *QwenTokenStorage { - storage := &QwenTokenStorage{ - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - LastRefresh: time.Now().Format(time.RFC3339), - ResourceURL: tokenData.ResourceURL, - Expire: tokenData.Expire, - } - - return storage -} - -// UpdateTokenStorage updates an existing token storage with new token data -func (o *QwenAuth) UpdateTokenStorage(storage *QwenTokenStorage, tokenData *QwenTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.ResourceURL = tokenData.ResourceURL - storage.Expire = tokenData.Expire -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/qwen/qwen_token.go b/.worktrees/config/m/config-build/active/internal/auth/qwen/qwen_token.go deleted file mode 100644 index 4a2b3a2d52..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/qwen/qwen_token.go +++ /dev/null @@ -1,63 +0,0 @@ -// Package qwen provides authentication and token management functionality -// for Alibaba's Qwen AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Qwen API. -package qwen - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" -) - -// QwenTokenStorage stores OAuth2 token information for Alibaba Qwen API authentication. -// It maintains compatibility with the existing auth system while adding Qwen-specific fields -// for managing access tokens, refresh tokens, and user account information. -type QwenTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - // ResourceURL is the base URL for API requests. - ResourceURL string `json:"resource_url"` - // Email is the Qwen account email address associated with this token. - Email string `json:"email"` - // Type indicates the authentication provider type, always "qwen" for this storage. - Type string `json:"type"` - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` -} - -// SaveTokenToFile serializes the Qwen token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *QwenTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "qwen" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/vertex/keyutil.go b/.worktrees/config/m/config-build/active/internal/auth/vertex/keyutil.go deleted file mode 100644 index a10ade17e3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/vertex/keyutil.go +++ /dev/null @@ -1,208 +0,0 @@ -package vertex - -import ( - "crypto/rsa" - "crypto/x509" - "encoding/base64" - "encoding/json" - "encoding/pem" - "fmt" - "strings" -) - -// NormalizeServiceAccountJSON normalizes the given JSON-encoded service account payload. -// It returns the normalized JSON (with sanitized private_key) or, if normalization fails, -// the original bytes and the encountered error. -func NormalizeServiceAccountJSON(raw []byte) ([]byte, error) { - if len(raw) == 0 { - return raw, nil - } - var payload map[string]any - if err := json.Unmarshal(raw, &payload); err != nil { - return raw, err - } - normalized, err := NormalizeServiceAccountMap(payload) - if err != nil { - return raw, err - } - out, err := json.Marshal(normalized) - if err != nil { - return raw, err - } - return out, nil -} - -// NormalizeServiceAccountMap returns a copy of the given service account map with -// a sanitized private_key field that is guaranteed to contain a valid RSA PRIVATE KEY PEM block. -func NormalizeServiceAccountMap(sa map[string]any) (map[string]any, error) { - if sa == nil { - return nil, fmt.Errorf("service account payload is empty") - } - pk, _ := sa["private_key"].(string) - if strings.TrimSpace(pk) == "" { - return nil, fmt.Errorf("service account missing private_key") - } - normalized, err := sanitizePrivateKey(pk) - if err != nil { - return nil, err - } - clone := make(map[string]any, len(sa)) - for k, v := range sa { - clone[k] = v - } - clone["private_key"] = normalized - return clone, nil -} - -func sanitizePrivateKey(raw string) (string, error) { - pk := strings.ReplaceAll(raw, "\r\n", "\n") - pk = strings.ReplaceAll(pk, "\r", "\n") - pk = stripANSIEscape(pk) - pk = strings.ToValidUTF8(pk, "") - pk = strings.TrimSpace(pk) - - normalized := pk - if block, _ := pem.Decode([]byte(pk)); block == nil { - // Attempt to reconstruct from the textual payload. - if reconstructed, err := rebuildPEM(pk); err == nil { - normalized = reconstructed - } else { - return "", fmt.Errorf("private_key is not valid pem: %w", err) - } - } - - block, _ := pem.Decode([]byte(normalized)) - if block == nil { - return "", fmt.Errorf("private_key pem decode failed") - } - - rsaBlock, err := ensureRSAPrivateKey(block) - if err != nil { - return "", err - } - return string(pem.EncodeToMemory(rsaBlock)), nil -} - -func ensureRSAPrivateKey(block *pem.Block) (*pem.Block, error) { - if block == nil { - return nil, fmt.Errorf("pem block is nil") - } - - if block.Type == "RSA PRIVATE KEY" { - if _, err := x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { - return nil, fmt.Errorf("private_key invalid rsa: %w", err) - } - return block, nil - } - - if block.Type == "PRIVATE KEY" { - key, err := x509.ParsePKCS8PrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("private_key invalid pkcs8: %w", err) - } - rsaKey, ok := key.(*rsa.PrivateKey) - if !ok { - return nil, fmt.Errorf("private_key is not an RSA key") - } - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - - // Attempt auto-detection: try PKCS#1 first, then PKCS#8. - if rsaKey, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil { - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil { - if rsaKey, ok := key.(*rsa.PrivateKey); ok { - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - } - return nil, fmt.Errorf("private_key uses unsupported format") -} - -func rebuildPEM(raw string) (string, error) { - kind := "PRIVATE KEY" - if strings.Contains(raw, "RSA PRIVATE KEY") { - kind = "RSA PRIVATE KEY" - } - header := "-----BEGIN " + kind + "-----" - footer := "-----END " + kind + "-----" - start := strings.Index(raw, header) - end := strings.Index(raw, footer) - if start < 0 || end <= start { - return "", fmt.Errorf("missing pem markers") - } - body := raw[start+len(header) : end] - payload := filterBase64(body) - if payload == "" { - return "", fmt.Errorf("private_key base64 payload empty") - } - der, err := base64.StdEncoding.DecodeString(payload) - if err != nil { - return "", fmt.Errorf("private_key base64 decode failed: %w", err) - } - block := &pem.Block{Type: kind, Bytes: der} - return string(pem.EncodeToMemory(block)), nil -} - -func filterBase64(s string) string { - var b strings.Builder - for _, r := range s { - switch { - case r >= 'A' && r <= 'Z': - b.WriteRune(r) - case r >= 'a' && r <= 'z': - b.WriteRune(r) - case r >= '0' && r <= '9': - b.WriteRune(r) - case r == '+' || r == '/' || r == '=': - b.WriteRune(r) - default: - // skip - } - } - return b.String() -} - -func stripANSIEscape(s string) string { - in := []rune(s) - var out []rune - for i := 0; i < len(in); i++ { - r := in[i] - if r != 0x1b { - out = append(out, r) - continue - } - if i+1 >= len(in) { - continue - } - next := in[i+1] - switch next { - case ']': - i += 2 - for i < len(in) { - if in[i] == 0x07 { - break - } - if in[i] == 0x1b && i+1 < len(in) && in[i+1] == '\\' { - i++ - break - } - i++ - } - case '[': - i += 2 - for i < len(in) { - if (in[i] >= 'A' && in[i] <= 'Z') || (in[i] >= 'a' && in[i] <= 'z') { - break - } - i++ - } - default: - // skip single ESC - } - } - return string(out) -} diff --git a/.worktrees/config/m/config-build/active/internal/auth/vertex/vertex_credentials.go b/.worktrees/config/m/config-build/active/internal/auth/vertex/vertex_credentials.go deleted file mode 100644 index 4853d34070..0000000000 --- a/.worktrees/config/m/config-build/active/internal/auth/vertex/vertex_credentials.go +++ /dev/null @@ -1,66 +0,0 @@ -// Package vertex provides token storage for Google Vertex AI Gemini via service account credentials. -// It serialises service account JSON into an auth file that is consumed by the runtime executor. -package vertex - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// VertexCredentialStorage stores the service account JSON for Vertex AI access. -// The content is persisted verbatim under the "service_account" key, together with -// helper fields for project, location and email to improve logging and discovery. -type VertexCredentialStorage struct { - // ServiceAccount holds the parsed service account JSON content. - ServiceAccount map[string]any `json:"service_account"` - - // ProjectID is derived from the service account JSON (project_id). - ProjectID string `json:"project_id"` - - // Email is the client_email from the service account JSON. - Email string `json:"email"` - - // Location optionally sets a default region (e.g., us-central1) for Vertex endpoints. - Location string `json:"location,omitempty"` - - // Type is the provider identifier stored alongside credentials. Always "vertex". - Type string `json:"type"` -} - -// SaveTokenToFile writes the credential payload to the given file path in JSON format. -// It ensures the parent directory exists and logs the operation for transparency. -func (s *VertexCredentialStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - if s == nil { - return fmt.Errorf("vertex credential: storage is nil") - } - if s.ServiceAccount == nil { - return fmt.Errorf("vertex credential: service account content is empty") - } - // Ensure we tag the file with the provider type. - s.Type = "vertex" - - if err := os.MkdirAll(filepath.Dir(authFilePath), 0o700); err != nil { - return fmt.Errorf("vertex credential: create directory failed: %w", err) - } - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("vertex credential: create file failed: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("vertex credential: failed to close file: %v", errClose) - } - }() - enc := json.NewEncoder(f) - enc.SetIndent("", " ") - if err = enc.Encode(s); err != nil { - return fmt.Errorf("vertex credential: encode failed: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/browser/browser.go b/.worktrees/config/m/config-build/active/internal/browser/browser.go deleted file mode 100644 index 3a5aeea7e2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/browser/browser.go +++ /dev/null @@ -1,548 +0,0 @@ -// Package browser provides cross-platform functionality for opening URLs in the default web browser. -// It abstracts the underlying operating system commands and provides a simple interface. -package browser - -import ( - "fmt" - "os/exec" - "runtime" - "strings" - "sync" - - pkgbrowser "github.com/pkg/browser" - log "github.com/sirupsen/logrus" -) - -// incognitoMode controls whether to open URLs in incognito/private mode. -// This is useful for OAuth flows where you want to use a different account. -var incognitoMode bool - -// lastBrowserProcess stores the last opened browser process for cleanup -var lastBrowserProcess *exec.Cmd -var browserMutex sync.Mutex - -// SetIncognitoMode enables or disables incognito/private browsing mode. -func SetIncognitoMode(enabled bool) { - incognitoMode = enabled -} - -// IsIncognitoMode returns whether incognito mode is enabled. -func IsIncognitoMode() bool { - return incognitoMode -} - -// CloseBrowser closes the last opened browser process. -func CloseBrowser() error { - browserMutex.Lock() - defer browserMutex.Unlock() - - if lastBrowserProcess == nil || lastBrowserProcess.Process == nil { - return nil - } - - err := lastBrowserProcess.Process.Kill() - lastBrowserProcess = nil - return err -} - -// OpenURL opens the specified URL in the default web browser. -// It uses the pkg/browser library which provides robust cross-platform support -// for Windows, macOS, and Linux. -// If incognito mode is enabled, it will open in a private/incognito window. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func OpenURL(url string) error { - log.Debugf("Opening URL in browser: %s (incognito=%v)", url, incognitoMode) - - // If incognito mode is enabled, use platform-specific incognito commands - if incognitoMode { - log.Debug("Using incognito mode") - return openURLIncognito(url) - } - - // Use pkg/browser for cross-platform support - err := pkgbrowser.OpenURL(url) - if err == nil { - log.Debug("Successfully opened URL using pkg/browser library") - return nil - } - - log.Debugf("pkg/browser failed: %v, trying platform-specific commands", err) - - // Fallback to platform-specific commands - return openURLPlatformSpecific(url) -} - -// openURLPlatformSpecific is a helper function that opens a URL using OS-specific commands. -// This serves as a fallback mechanism for OpenURL. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func openURLPlatformSpecific(url string) error { - var cmd *exec.Cmd - - switch runtime.GOOS { - case "darwin": // macOS - cmd = exec.Command("open", url) - case "windows": - cmd = exec.Command("rundll32", "url.dll,FileProtocolHandler", url) - case "linux": - // Try common Linux browsers in order of preference - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - cmd = exec.Command(browser, url) - break - } - } - if cmd == nil { - return fmt.Errorf("no suitable browser found on Linux system") - } - default: - return fmt.Errorf("unsupported operating system: %s", runtime.GOOS) - } - - log.Debugf("Running command: %s %v", cmd.Path, cmd.Args[1:]) - err := cmd.Start() - if err != nil { - return fmt.Errorf("failed to start browser command: %w", err) - } - - log.Debug("Successfully opened URL using platform-specific command") - return nil -} - -// openURLIncognito opens a URL in incognito/private browsing mode. -// It first tries to detect the default browser and use its incognito flag. -// Falls back to a chain of known browsers if detection fails. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func openURLIncognito(url string) error { - // First, try to detect and use the default browser - if cmd := tryDefaultBrowserIncognito(url); cmd != nil { - log.Debugf("Using detected default browser: %s %v", cmd.Path, cmd.Args[1:]) - if err := cmd.Start(); err == nil { - storeBrowserProcess(cmd) - log.Debug("Successfully opened URL in default browser's incognito mode") - return nil - } - log.Debugf("Failed to start default browser, trying fallback chain") - } - - // Fallback to known browser chain - cmd := tryFallbackBrowsersIncognito(url) - if cmd == nil { - log.Warn("No browser with incognito support found, falling back to normal mode") - return openURLPlatformSpecific(url) - } - - log.Debugf("Running incognito command: %s %v", cmd.Path, cmd.Args[1:]) - err := cmd.Start() - if err != nil { - log.Warnf("Failed to open incognito browser: %v, falling back to normal mode", err) - return openURLPlatformSpecific(url) - } - - storeBrowserProcess(cmd) - log.Debug("Successfully opened URL in incognito/private mode") - return nil -} - -// storeBrowserProcess safely stores the browser process for later cleanup. -func storeBrowserProcess(cmd *exec.Cmd) { - browserMutex.Lock() - lastBrowserProcess = cmd - browserMutex.Unlock() -} - -// tryDefaultBrowserIncognito attempts to detect the default browser and return -// an exec.Cmd configured with the appropriate incognito flag. -func tryDefaultBrowserIncognito(url string) *exec.Cmd { - switch runtime.GOOS { - case "darwin": - return tryDefaultBrowserMacOS(url) - case "windows": - return tryDefaultBrowserWindows(url) - case "linux": - return tryDefaultBrowserLinux(url) - } - return nil -} - -// tryDefaultBrowserMacOS detects the default browser on macOS. -func tryDefaultBrowserMacOS(url string) *exec.Cmd { - // Try to get default browser from Launch Services - out, err := exec.Command("defaults", "read", "com.apple.LaunchServices/com.apple.launchservices.secure", "LSHandlers").Output() - if err != nil { - return nil - } - - output := string(out) - var browserName string - - // Parse the output to find the http/https handler - if containsBrowserID(output, "com.google.chrome") { - browserName = "chrome" - } else if containsBrowserID(output, "org.mozilla.firefox") { - browserName = "firefox" - } else if containsBrowserID(output, "com.apple.safari") { - browserName = "safari" - } else if containsBrowserID(output, "com.brave.browser") { - browserName = "brave" - } else if containsBrowserID(output, "com.microsoft.edgemac") { - browserName = "edge" - } - - return createMacOSIncognitoCmd(browserName, url) -} - -// containsBrowserID checks if the LaunchServices output contains a browser ID. -func containsBrowserID(output, bundleID string) bool { - return strings.Contains(output, bundleID) -} - -// createMacOSIncognitoCmd creates the appropriate incognito command for macOS browsers. -func createMacOSIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - // Try direct path first - chromePath := "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - if _, err := exec.LookPath(chromePath); err == nil { - return exec.Command(chromePath, "--incognito", url) - } - return exec.Command("open", "-na", "Google Chrome", "--args", "--incognito", url) - case "firefox": - return exec.Command("open", "-na", "Firefox", "--args", "--private-window", url) - case "safari": - // Safari doesn't have CLI incognito, try AppleScript - return tryAppleScriptSafariPrivate(url) - case "brave": - return exec.Command("open", "-na", "Brave Browser", "--args", "--incognito", url) - case "edge": - return exec.Command("open", "-na", "Microsoft Edge", "--args", "--inprivate", url) - } - return nil -} - -// tryAppleScriptSafariPrivate attempts to open Safari in private browsing mode using AppleScript. -func tryAppleScriptSafariPrivate(url string) *exec.Cmd { - // AppleScript to open a new private window in Safari - script := fmt.Sprintf(` - tell application "Safari" - activate - tell application "System Events" - keystroke "n" using {command down, shift down} - delay 0.5 - end tell - set URL of document 1 to "%s" - end tell - `, url) - - cmd := exec.Command("osascript", "-e", script) - // Test if this approach works by checking if Safari is available - if _, err := exec.LookPath("/Applications/Safari.app/Contents/MacOS/Safari"); err != nil { - log.Debug("Safari not found, AppleScript private window not available") - return nil - } - log.Debug("Attempting Safari private window via AppleScript") - return cmd -} - -// tryDefaultBrowserWindows detects the default browser on Windows via registry. -func tryDefaultBrowserWindows(url string) *exec.Cmd { - // Query registry for default browser - out, err := exec.Command("reg", "query", - `HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice`, - "/v", "ProgId").Output() - if err != nil { - return nil - } - - output := string(out) - var browserName string - - // Map ProgId to browser name - if strings.Contains(output, "ChromeHTML") { - browserName = "chrome" - } else if strings.Contains(output, "FirefoxURL") { - browserName = "firefox" - } else if strings.Contains(output, "MSEdgeHTM") { - browserName = "edge" - } else if strings.Contains(output, "BraveHTML") { - browserName = "brave" - } - - return createWindowsIncognitoCmd(browserName, url) -} - -// createWindowsIncognitoCmd creates the appropriate incognito command for Windows browsers. -func createWindowsIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - paths := []string{ - "chrome", - `C:\Program Files\Google\Chrome\Application\chrome.exe`, - `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - case "firefox": - if path, err := exec.LookPath("firefox"); err == nil { - return exec.Command(path, "--private-window", url) - } - case "edge": - paths := []string{ - "msedge", - `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`, - `C:\Program Files\Microsoft\Edge\Application\msedge.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--inprivate", url) - } - } - case "brave": - paths := []string{ - `C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe`, - `C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - } - return nil -} - -// tryDefaultBrowserLinux detects the default browser on Linux using xdg-settings. -func tryDefaultBrowserLinux(url string) *exec.Cmd { - out, err := exec.Command("xdg-settings", "get", "default-web-browser").Output() - if err != nil { - return nil - } - - desktop := string(out) - var browserName string - - // Map .desktop file to browser name - if strings.Contains(desktop, "google-chrome") || strings.Contains(desktop, "chrome") { - browserName = "chrome" - } else if strings.Contains(desktop, "firefox") { - browserName = "firefox" - } else if strings.Contains(desktop, "chromium") { - browserName = "chromium" - } else if strings.Contains(desktop, "brave") { - browserName = "brave" - } else if strings.Contains(desktop, "microsoft-edge") || strings.Contains(desktop, "msedge") { - browserName = "edge" - } - - return createLinuxIncognitoCmd(browserName, url) -} - -// createLinuxIncognitoCmd creates the appropriate incognito command for Linux browsers. -func createLinuxIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - paths := []string{"google-chrome", "google-chrome-stable"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--incognito", url) - } - } - case "firefox": - paths := []string{"firefox", "firefox-esr"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--private-window", url) - } - } - case "chromium": - paths := []string{"chromium", "chromium-browser"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--incognito", url) - } - } - case "brave": - if path, err := exec.LookPath("brave-browser"); err == nil { - return exec.Command(path, "--incognito", url) - } - case "edge": - if path, err := exec.LookPath("microsoft-edge"); err == nil { - return exec.Command(path, "--inprivate", url) - } - } - return nil -} - -// tryFallbackBrowsersIncognito tries a chain of known browsers as fallback. -func tryFallbackBrowsersIncognito(url string) *exec.Cmd { - switch runtime.GOOS { - case "darwin": - return tryFallbackBrowsersMacOS(url) - case "windows": - return tryFallbackBrowsersWindows(url) - case "linux": - return tryFallbackBrowsersLinuxChain(url) - } - return nil -} - -// tryFallbackBrowsersMacOS tries known browsers on macOS. -func tryFallbackBrowsersMacOS(url string) *exec.Cmd { - // Try Chrome - chromePath := "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - if _, err := exec.LookPath(chromePath); err == nil { - return exec.Command(chromePath, "--incognito", url) - } - // Try Firefox - if _, err := exec.LookPath("/Applications/Firefox.app/Contents/MacOS/firefox"); err == nil { - return exec.Command("open", "-na", "Firefox", "--args", "--private-window", url) - } - // Try Brave - if _, err := exec.LookPath("/Applications/Brave Browser.app/Contents/MacOS/Brave Browser"); err == nil { - return exec.Command("open", "-na", "Brave Browser", "--args", "--incognito", url) - } - // Try Edge - if _, err := exec.LookPath("/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge"); err == nil { - return exec.Command("open", "-na", "Microsoft Edge", "--args", "--inprivate", url) - } - // Last resort: try Safari with AppleScript - if cmd := tryAppleScriptSafariPrivate(url); cmd != nil { - log.Info("Using Safari with AppleScript for private browsing (may require accessibility permissions)") - return cmd - } - return nil -} - -// tryFallbackBrowsersWindows tries known browsers on Windows. -func tryFallbackBrowsersWindows(url string) *exec.Cmd { - // Chrome - chromePaths := []string{ - "chrome", - `C:\Program Files\Google\Chrome\Application\chrome.exe`, - `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`, - } - for _, p := range chromePaths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - // Firefox - if path, err := exec.LookPath("firefox"); err == nil { - return exec.Command(path, "--private-window", url) - } - // Edge (usually available on Windows 10+) - edgePaths := []string{ - "msedge", - `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`, - `C:\Program Files\Microsoft\Edge\Application\msedge.exe`, - } - for _, p := range edgePaths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--inprivate", url) - } - } - return nil -} - -// tryFallbackBrowsersLinuxChain tries known browsers on Linux. -func tryFallbackBrowsersLinuxChain(url string) *exec.Cmd { - type browserConfig struct { - name string - flag string - } - browsers := []browserConfig{ - {"google-chrome", "--incognito"}, - {"google-chrome-stable", "--incognito"}, - {"chromium", "--incognito"}, - {"chromium-browser", "--incognito"}, - {"firefox", "--private-window"}, - {"firefox-esr", "--private-window"}, - {"brave-browser", "--incognito"}, - {"microsoft-edge", "--inprivate"}, - } - for _, b := range browsers { - if path, err := exec.LookPath(b.name); err == nil { - return exec.Command(path, b.flag, url) - } - } - return nil -} - -// IsAvailable checks if the system has a command available to open a web browser. -// It verifies the presence of necessary commands for the current operating system. -// -// Returns: -// - true if a browser can be opened, false otherwise. -func IsAvailable() bool { - // Check platform-specific commands - switch runtime.GOOS { - case "darwin": - _, err := exec.LookPath("open") - return err == nil - case "windows": - _, err := exec.LookPath("rundll32") - return err == nil - case "linux": - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - return true - } - } - return false - default: - return false - } -} - -// GetPlatformInfo returns a map containing details about the current platform's -// browser opening capabilities, including the OS, architecture, and available commands. -// -// Returns: -// - A map with platform-specific browser support information. -func GetPlatformInfo() map[string]interface{} { - info := map[string]interface{}{ - "os": runtime.GOOS, - "arch": runtime.GOARCH, - "available": IsAvailable(), - } - - switch runtime.GOOS { - case "darwin": - info["default_command"] = "open" - case "windows": - info["default_command"] = "rundll32" - case "linux": - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - var availableBrowsers []string - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - availableBrowsers = append(availableBrowsers, browser) - } - } - info["available_browsers"] = availableBrowsers - if len(availableBrowsers) > 0 { - info["default_command"] = availableBrowsers[0] - } - } - - return info -} diff --git a/.worktrees/config/m/config-build/active/internal/buildinfo/buildinfo.go b/.worktrees/config/m/config-build/active/internal/buildinfo/buildinfo.go deleted file mode 100644 index 0bdfaf8b8d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/buildinfo/buildinfo.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package buildinfo exposes compile-time metadata shared across the server. -package buildinfo - -// The following variables are overridden via ldflags during release builds. -// Defaults cover local development builds. -var ( - // Version is the semantic version or git describe output of the binary. - Version = "dev" - - // Commit is the git commit SHA baked into the binary. - Commit = "none" - - // BuildDate records when the binary was built in UTC. - BuildDate = "unknown" -) diff --git a/.worktrees/config/m/config-build/active/internal/cache/signature_cache.go b/.worktrees/config/m/config-build/active/internal/cache/signature_cache.go deleted file mode 100644 index af5371bfbc..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cache/signature_cache.go +++ /dev/null @@ -1,195 +0,0 @@ -package cache - -import ( - "crypto/sha256" - "encoding/hex" - "strings" - "sync" - "time" -) - -// SignatureEntry holds a cached thinking signature with timestamp -type SignatureEntry struct { - Signature string - Timestamp time.Time -} - -const ( - // SignatureCacheTTL is how long signatures are valid - SignatureCacheTTL = 3 * time.Hour - - // SignatureTextHashLen is the length of the hash key (16 hex chars = 64-bit key space) - SignatureTextHashLen = 16 - - // MinValidSignatureLen is the minimum length for a signature to be considered valid - MinValidSignatureLen = 50 - - // CacheCleanupInterval controls how often stale entries are purged - CacheCleanupInterval = 10 * time.Minute -) - -// signatureCache stores signatures by model group -> textHash -> SignatureEntry -var signatureCache sync.Map - -// cacheCleanupOnce ensures the background cleanup goroutine starts only once -var cacheCleanupOnce sync.Once - -// groupCache is the inner map type -type groupCache struct { - mu sync.RWMutex - entries map[string]SignatureEntry -} - -// hashText creates a stable, Unicode-safe key from text content -func hashText(text string) string { - h := sha256.Sum256([]byte(text)) - return hex.EncodeToString(h[:])[:SignatureTextHashLen] -} - -// getOrCreateGroupCache gets or creates a cache bucket for a model group -func getOrCreateGroupCache(groupKey string) *groupCache { - // Start background cleanup on first access - cacheCleanupOnce.Do(startCacheCleanup) - - if val, ok := signatureCache.Load(groupKey); ok { - return val.(*groupCache) - } - sc := &groupCache{entries: make(map[string]SignatureEntry)} - actual, _ := signatureCache.LoadOrStore(groupKey, sc) - return actual.(*groupCache) -} - -// startCacheCleanup launches a background goroutine that periodically -// removes caches where all entries have expired. -func startCacheCleanup() { - go func() { - ticker := time.NewTicker(CacheCleanupInterval) - defer ticker.Stop() - for range ticker.C { - purgeExpiredCaches() - } - }() -} - -// purgeExpiredCaches removes caches with no valid (non-expired) entries. -func purgeExpiredCaches() { - now := time.Now() - signatureCache.Range(func(key, value any) bool { - sc := value.(*groupCache) - sc.mu.Lock() - // Remove expired entries - for k, entry := range sc.entries { - if now.Sub(entry.Timestamp) > SignatureCacheTTL { - delete(sc.entries, k) - } - } - isEmpty := len(sc.entries) == 0 - sc.mu.Unlock() - // Remove cache bucket if empty - if isEmpty { - signatureCache.Delete(key) - } - return true - }) -} - -// CacheSignature stores a thinking signature for a given model group and text. -// Used for Claude models that require signed thinking blocks in multi-turn conversations. -func CacheSignature(modelName, text, signature string) { - if text == "" || signature == "" { - return - } - if len(signature) < MinValidSignatureLen { - return - } - - groupKey := GetModelGroup(modelName) - textHash := hashText(text) - sc := getOrCreateGroupCache(groupKey) - sc.mu.Lock() - defer sc.mu.Unlock() - - sc.entries[textHash] = SignatureEntry{ - Signature: signature, - Timestamp: time.Now(), - } -} - -// GetCachedSignature retrieves a cached signature for a given model group and text. -// Returns empty string if not found or expired. -func GetCachedSignature(modelName, text string) string { - groupKey := GetModelGroup(modelName) - - if text == "" { - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - val, ok := signatureCache.Load(groupKey) - if !ok { - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - sc := val.(*groupCache) - - textHash := hashText(text) - - now := time.Now() - - sc.mu.Lock() - entry, exists := sc.entries[textHash] - if !exists { - sc.mu.Unlock() - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - if now.Sub(entry.Timestamp) > SignatureCacheTTL { - delete(sc.entries, textHash) - sc.mu.Unlock() - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - - // Refresh TTL on access (sliding expiration). - entry.Timestamp = now - sc.entries[textHash] = entry - sc.mu.Unlock() - - return entry.Signature -} - -// ClearSignatureCache clears signature cache for a specific model group or all groups. -func ClearSignatureCache(modelName string) { - if modelName == "" { - signatureCache.Range(func(key, _ any) bool { - signatureCache.Delete(key) - return true - }) - return - } - groupKey := GetModelGroup(modelName) - signatureCache.Delete(groupKey) -} - -// HasValidSignature checks if a signature is valid (non-empty and long enough) -func HasValidSignature(modelName, signature string) bool { - return (signature != "" && len(signature) >= MinValidSignatureLen) || (signature == "skip_thought_signature_validator" && GetModelGroup(modelName) == "gemini") -} - -func GetModelGroup(modelName string) string { - if strings.Contains(modelName, "gpt") { - return "gpt" - } else if strings.Contains(modelName, "claude") { - return "claude" - } else if strings.Contains(modelName, "gemini") { - return "gemini" - } - return modelName -} diff --git a/.worktrees/config/m/config-build/active/internal/cache/signature_cache_test.go b/.worktrees/config/m/config-build/active/internal/cache/signature_cache_test.go deleted file mode 100644 index 8340815934..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cache/signature_cache_test.go +++ /dev/null @@ -1,210 +0,0 @@ -package cache - -import ( - "testing" - "time" -) - -const testModelName = "claude-sonnet-4-5" - -func TestCacheSignature_BasicStorageAndRetrieval(t *testing.T) { - ClearSignatureCache("") - - text := "This is some thinking text content" - signature := "abc123validSignature1234567890123456789012345678901234567890" - - // Store signature - CacheSignature(testModelName, text, signature) - - // Retrieve signature - retrieved := GetCachedSignature(testModelName, text) - if retrieved != signature { - t.Errorf("Expected signature '%s', got '%s'", signature, retrieved) - } -} - -func TestCacheSignature_DifferentModelGroups(t *testing.T) { - ClearSignatureCache("") - - text := "Same text across models" - sig1 := "signature1_1234567890123456789012345678901234567890123456" - sig2 := "signature2_1234567890123456789012345678901234567890123456" - - geminiModel := "gemini-3-pro-preview" - CacheSignature(testModelName, text, sig1) - CacheSignature(geminiModel, text, sig2) - - if GetCachedSignature(testModelName, text) != sig1 { - t.Error("Claude signature mismatch") - } - if GetCachedSignature(geminiModel, text) != sig2 { - t.Error("Gemini signature mismatch") - } -} - -func TestCacheSignature_NotFound(t *testing.T) { - ClearSignatureCache("") - - // Non-existent session - if got := GetCachedSignature(testModelName, "some text"); got != "" { - t.Errorf("Expected empty string for nonexistent session, got '%s'", got) - } - - // Existing session but different text - CacheSignature(testModelName, "text-a", "sigA12345678901234567890123456789012345678901234567890") - if got := GetCachedSignature(testModelName, "text-b"); got != "" { - t.Errorf("Expected empty string for different text, got '%s'", got) - } -} - -func TestCacheSignature_EmptyInputs(t *testing.T) { - ClearSignatureCache("") - - // All empty/invalid inputs should be no-ops - CacheSignature(testModelName, "", "sig12345678901234567890123456789012345678901234567890") - CacheSignature(testModelName, "text", "") - CacheSignature(testModelName, "text", "short") // Too short - - if got := GetCachedSignature(testModelName, "text"); got != "" { - t.Errorf("Expected empty after invalid cache attempts, got '%s'", got) - } -} - -func TestCacheSignature_ShortSignatureRejected(t *testing.T) { - ClearSignatureCache("") - - text := "Some text" - shortSig := "abc123" // Less than 50 chars - - CacheSignature(testModelName, text, shortSig) - - if got := GetCachedSignature(testModelName, text); got != "" { - t.Errorf("Short signature should be rejected, got '%s'", got) - } -} - -func TestClearSignatureCache_ModelGroup(t *testing.T) { - ClearSignatureCache("") - - sig := "validSig1234567890123456789012345678901234567890123456" - CacheSignature(testModelName, "text", sig) - CacheSignature(testModelName, "text-2", sig) - - ClearSignatureCache("session-1") - - if got := GetCachedSignature(testModelName, "text"); got != sig { - t.Error("signature should remain when clearing unknown session") - } -} - -func TestClearSignatureCache_AllSessions(t *testing.T) { - ClearSignatureCache("") - - sig := "validSig1234567890123456789012345678901234567890123456" - CacheSignature(testModelName, "text", sig) - CacheSignature(testModelName, "text-2", sig) - - ClearSignatureCache("") - - if got := GetCachedSignature(testModelName, "text"); got != "" { - t.Error("text should be cleared") - } - if got := GetCachedSignature(testModelName, "text-2"); got != "" { - t.Error("text-2 should be cleared") - } -} - -func TestHasValidSignature(t *testing.T) { - tests := []struct { - name string - modelName string - signature string - expected bool - }{ - {"valid long signature", testModelName, "abc123validSignature1234567890123456789012345678901234567890", true}, - {"exactly 50 chars", testModelName, "12345678901234567890123456789012345678901234567890", true}, - {"49 chars - invalid", testModelName, "1234567890123456789012345678901234567890123456789", false}, - {"empty string", testModelName, "", false}, - {"short signature", testModelName, "abc", false}, - {"gemini sentinel", "gemini-3-pro-preview", "skip_thought_signature_validator", true}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := HasValidSignature(tt.modelName, tt.signature) - if result != tt.expected { - t.Errorf("HasValidSignature(%q) = %v, expected %v", tt.signature, result, tt.expected) - } - }) - } -} - -func TestCacheSignature_TextHashCollisionResistance(t *testing.T) { - ClearSignatureCache("") - - // Different texts should produce different hashes - text1 := "First thinking text" - text2 := "Second thinking text" - sig1 := "signature1_1234567890123456789012345678901234567890123456" - sig2 := "signature2_1234567890123456789012345678901234567890123456" - - CacheSignature(testModelName, text1, sig1) - CacheSignature(testModelName, text2, sig2) - - if GetCachedSignature(testModelName, text1) != sig1 { - t.Error("text1 signature mismatch") - } - if GetCachedSignature(testModelName, text2) != sig2 { - t.Error("text2 signature mismatch") - } -} - -func TestCacheSignature_UnicodeText(t *testing.T) { - ClearSignatureCache("") - - text := "한글 텍스트와 이모지 🎉 그리고 特殊文字" - sig := "unicodeSig123456789012345678901234567890123456789012345" - - CacheSignature(testModelName, text, sig) - - if got := GetCachedSignature(testModelName, text); got != sig { - t.Errorf("Unicode text signature retrieval failed, got '%s'", got) - } -} - -func TestCacheSignature_Overwrite(t *testing.T) { - ClearSignatureCache("") - - text := "Same text" - sig1 := "firstSignature12345678901234567890123456789012345678901" - sig2 := "secondSignature1234567890123456789012345678901234567890" - - CacheSignature(testModelName, text, sig1) - CacheSignature(testModelName, text, sig2) // Overwrite - - if got := GetCachedSignature(testModelName, text); got != sig2 { - t.Errorf("Expected overwritten signature '%s', got '%s'", sig2, got) - } -} - -// Note: TTL expiration test is tricky to test without mocking time -// We test the logic path exists but actual expiration would require time manipulation -func TestCacheSignature_ExpirationLogic(t *testing.T) { - ClearSignatureCache("") - - // This test verifies the expiration check exists - // In a real scenario, we'd mock time.Now() - text := "text" - sig := "validSig1234567890123456789012345678901234567890123456" - - CacheSignature(testModelName, text, sig) - - // Fresh entry should be retrievable - if got := GetCachedSignature(testModelName, text); got != sig { - t.Errorf("Fresh entry should be retrievable, got '%s'", got) - } - - // We can't easily test actual expiration without time mocking - // but the logic is verified by the implementation - _ = time.Now() // Acknowledge we're not testing time passage -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/anthropic_login.go b/.worktrees/config/m/config-build/active/internal/cmd/anthropic_login.go deleted file mode 100644 index f7381461a6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/anthropic_login.go +++ /dev/null @@ -1,59 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoClaudeLogin triggers the Claude OAuth flow through the shared authentication manager. -// It initiates the OAuth authentication process for Anthropic Claude services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoClaudeLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "claude", cfg, authOpts) - if err != nil { - if authErr, ok := errors.AsType[*claude.AuthenticationError](err); ok { - log.Error(claude.GetUserFriendlyMessage(authErr)) - if authErr.Type == claude.ErrPortInUse.Type { - os.Exit(claude.ErrPortInUse.Code) - } - return - } - fmt.Printf("Claude authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Claude authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/antigravity_login.go b/.worktrees/config/m/config-build/active/internal/cmd/antigravity_login.go deleted file mode 100644 index 2efbaeee01..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/antigravity_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoAntigravityLogin triggers the OAuth flow for the antigravity provider and saves tokens. -func DoAntigravityLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - record, savedPath, err := manager.Login(context.Background(), "antigravity", cfg, authOpts) - if err != nil { - log.Errorf("Antigravity authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Antigravity authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/auth_manager.go b/.worktrees/config/m/config-build/active/internal/cmd/auth_manager.go deleted file mode 100644 index 2a3407be49..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/auth_manager.go +++ /dev/null @@ -1,28 +0,0 @@ -package cmd - -import ( - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" -) - -// newAuthManager creates a new authentication manager instance with all supported -// authenticators and a file-based token store. It initializes authenticators for -// Gemini, Codex, Claude, Qwen, IFlow, Antigravity, and GitHub Copilot providers. -// -// Returns: -// - *sdkAuth.Manager: A configured authentication manager instance -func newAuthManager() *sdkAuth.Manager { - store := sdkAuth.GetTokenStore() - manager := sdkAuth.NewManager(store, - sdkAuth.NewGeminiAuthenticator(), - sdkAuth.NewCodexAuthenticator(), - sdkAuth.NewClaudeAuthenticator(), - sdkAuth.NewQwenAuthenticator(), - sdkAuth.NewIFlowAuthenticator(), - sdkAuth.NewAntigravityAuthenticator(), - sdkAuth.NewKimiAuthenticator(), - sdkAuth.NewKiroAuthenticator(), - sdkAuth.NewGitHubCopilotAuthenticator(), - sdkAuth.NewKiloAuthenticator(), - ) - return manager -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/github_copilot_login.go b/.worktrees/config/m/config-build/active/internal/cmd/github_copilot_login.go deleted file mode 100644 index 056e811f4c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/github_copilot_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoGitHubCopilotLogin triggers the OAuth device flow for GitHub Copilot and saves tokens. -// It initiates the device flow authentication, displays the user code for the user to enter -// at GitHub's verification URL, and waits for authorization before saving the tokens. -// -// Parameters: -// - cfg: The application configuration containing proxy and auth directory settings -// - options: Login options including browser behavior settings -func DoGitHubCopilotLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - } - - record, savedPath, err := manager.Login(context.Background(), "github-copilot", cfg, authOpts) - if err != nil { - log.Errorf("GitHub Copilot authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("GitHub Copilot authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/iflow_cookie.go b/.worktrees/config/m/config-build/active/internal/cmd/iflow_cookie.go deleted file mode 100644 index 358b806270..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/iflow_cookie.go +++ /dev/null @@ -1,98 +0,0 @@ -package cmd - -import ( - "bufio" - "context" - "fmt" - "os" - "path/filepath" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// DoIFlowCookieAuth performs the iFlow cookie-based authentication. -func DoIFlowCookieAuth(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - reader := bufio.NewReader(os.Stdin) - promptFn = func(prompt string) (string, error) { - fmt.Print(prompt) - value, err := reader.ReadString('\n') - if err != nil { - return "", err - } - return strings.TrimSpace(value), nil - } - } - - // Prompt user for cookie - cookie, err := promptForCookie(promptFn) - if err != nil { - fmt.Printf("Failed to get cookie: %v\n", err) - return - } - - // Check for duplicate BXAuth before authentication - bxAuth := iflow.ExtractBXAuth(cookie) - if existingFile, err := iflow.CheckDuplicateBXAuth(cfg.AuthDir, bxAuth); err != nil { - fmt.Printf("Failed to check duplicate: %v\n", err) - return - } else if existingFile != "" { - fmt.Printf("Duplicate BXAuth found, authentication already exists: %s\n", filepath.Base(existingFile)) - return - } - - // Authenticate with cookie - auth := iflow.NewIFlowAuth(cfg) - ctx := context.Background() - - tokenData, err := auth.AuthenticateWithCookie(ctx, cookie) - if err != nil { - fmt.Printf("iFlow cookie authentication failed: %v\n", err) - return - } - - // Create token storage - tokenStorage := auth.CreateCookieTokenStorage(tokenData) - - // Get auth file path using email in filename - authFilePath := getAuthFilePath(cfg, "iflow", tokenData.Email) - - // Save token to file - if err := tokenStorage.SaveTokenToFile(authFilePath); err != nil { - fmt.Printf("Failed to save authentication: %v\n", err) - return - } - - fmt.Printf("Authentication successful! API key: %s\n", tokenData.APIKey) - fmt.Printf("Expires at: %s\n", tokenData.Expire) - fmt.Printf("Authentication saved to: %s\n", authFilePath) -} - -// promptForCookie prompts the user to enter their iFlow cookie -func promptForCookie(promptFn func(string) (string, error)) (string, error) { - line, err := promptFn("Enter iFlow Cookie (from browser cookies): ") - if err != nil { - return "", fmt.Errorf("failed to read cookie: %w", err) - } - - cookie, err := iflow.NormalizeCookie(line) - if err != nil { - return "", err - } - - return cookie, nil -} - -// getAuthFilePath returns the auth file path for the given provider and email -func getAuthFilePath(cfg *config.Config, provider, email string) string { - fileName := iflow.SanitizeIFlowFileName(email) - return fmt.Sprintf("%s/%s-%s-%d.json", cfg.AuthDir, provider, fileName, time.Now().Unix()) -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/iflow_login.go b/.worktrees/config/m/config-build/active/internal/cmd/iflow_login.go deleted file mode 100644 index 49e18e5b73..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/iflow_login.go +++ /dev/null @@ -1,48 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoIFlowLogin performs the iFlow OAuth login via the shared authentication manager. -func DoIFlowLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "iflow", cfg, authOpts) - if err != nil { - if emailErr, ok := errors.AsType[*sdkAuth.EmailRequiredError](err); ok { - log.Error(emailErr.Error()) - return - } - fmt.Printf("iFlow authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("iFlow authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/kilo_login.go b/.worktrees/config/m/config-build/active/internal/cmd/kilo_login.go deleted file mode 100644 index 7e9ed3b91e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/kilo_login.go +++ /dev/null @@ -1,54 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" -) - -// DoKiloLogin handles the Kilo device flow using the shared authentication manager. -// It initiates the device-based authentication process for Kilo AI services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoKiloLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = func(prompt string) (string, error) { - fmt.Print(prompt) - var value string - fmt.Scanln(&value) - return strings.TrimSpace(value), nil - } - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "kilo", cfg, authOpts) - if err != nil { - fmt.Printf("Kilo authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Kilo authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/kimi_login.go b/.worktrees/config/m/config-build/active/internal/cmd/kimi_login.go deleted file mode 100644 index eb5f11fb37..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/kimi_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoKimiLogin triggers the OAuth device flow for Kimi (Moonshot AI) and saves tokens. -// It initiates the device flow authentication, displays the verification URL for the user, -// and waits for authorization before saving the tokens. -// -// Parameters: -// - cfg: The application configuration containing proxy and auth directory settings -// - options: Login options including browser behavior settings -func DoKimiLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - } - - record, savedPath, err := manager.Login(context.Background(), "kimi", cfg, authOpts) - if err != nil { - log.Errorf("Kimi authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kimi authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/kiro_login.go b/.worktrees/config/m/config-build/active/internal/cmd/kiro_login.go deleted file mode 100644 index 74d09686f4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/kiro_login.go +++ /dev/null @@ -1,208 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoKiroLogin triggers the Kiro authentication flow with Google OAuth. -// This is the default login method (same as --kiro-google-login). -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including Prompt field -func DoKiroLogin(cfg *config.Config, options *LoginOptions) { - // Use Google login as default - DoKiroGoogleLogin(cfg, options) -} - -// DoKiroGoogleLogin triggers Kiro authentication with Google OAuth. -// This uses a custom protocol handler (kiro://) to receive the callback. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroGoogleLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with Google login - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.LoginWithGoogle(context.Background(), cfg, &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro Google authentication failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure the protocol handler is installed") - fmt.Println("2. Complete the Google login in the browser") - fmt.Println("3. If callback fails, try: --kiro-import (after logging in via Kiro IDE)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro Google authentication successful!") -} - -// DoKiroAWSLogin triggers Kiro authentication with AWS Builder ID. -// This uses the device code flow for AWS SSO OIDC authentication. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroAWSLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with AWS Builder ID login (device code flow) - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.Login(context.Background(), cfg, &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro AWS authentication failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure you have an AWS Builder ID") - fmt.Println("2. Complete the authorization in the browser") - fmt.Println("3. If callback fails, try: --kiro-import (after logging in via Kiro IDE)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro AWS authentication successful!") -} - -// DoKiroAWSAuthCodeLogin triggers Kiro authentication with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroAWSAuthCodeLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with AWS Builder ID login (authorization code flow) - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.LoginWithAuthCode(context.Background(), cfg, &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro AWS authentication (auth code) failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure you have an AWS Builder ID") - fmt.Println("2. Complete the authorization in the browser") - fmt.Println("3. If callback fails, try: --kiro-aws-login (device code flow)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro AWS authentication successful!") -} - -// DoKiroImport imports Kiro token from Kiro IDE's token file. -// This is useful for users who have already logged in via Kiro IDE -// and want to use the same credentials in CLI Proxy API. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options (currently unused for import) -func DoKiroImport(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - // Use ImportFromKiroIDE instead of Login - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.ImportFromKiroIDE(context.Background(), cfg) - if err != nil { - log.Errorf("Kiro token import failed: %v", err) - fmt.Println("\nMake sure you have logged in to Kiro IDE first:") - fmt.Println("1. Open Kiro IDE") - fmt.Println("2. Click 'Sign in with Google' (or GitHub)") - fmt.Println("3. Complete the login process") - fmt.Println("4. Run this command again") - return - } - - // Save the imported auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Imported as %s\n", record.Label) - } - fmt.Println("Kiro token import successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/login.go b/.worktrees/config/m/config-build/active/internal/cmd/login.go deleted file mode 100644 index 1d8a1ae336..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/login.go +++ /dev/null @@ -1,699 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -// It includes authentication flows for various AI service providers, service startup, -// and other command-line operations. -package cmd - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "os" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/gemini" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" - geminiCLIVersion = "v1internal" - geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" - geminiCLIApiClient = "gl-node/22.17.0" - geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -) - -type projectSelectionRequiredError struct{} - -func (e *projectSelectionRequiredError) Error() string { - return "gemini cli: project selection required" -} - -// DoLogin handles Google Gemini authentication using the shared authentication manager. -// It initiates the OAuth flow for Google Gemini services, performs the legacy CLI user setup, -// and saves the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - projectID: Optional Google Cloud project ID for Gemini services -// - options: Login options including browser behavior and prompts -func DoLogin(cfg *config.Config, projectID string, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - ctx := context.Background() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - trimmedProjectID := strings.TrimSpace(projectID) - callbackPrompt := promptFn - if trimmedProjectID == "" { - callbackPrompt = nil - } - - loginOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - ProjectID: trimmedProjectID, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: callbackPrompt, - } - - authenticator := sdkAuth.NewGeminiAuthenticator() - record, errLogin := authenticator.Login(ctx, cfg, loginOpts) - if errLogin != nil { - log.Errorf("Gemini authentication failed: %v", errLogin) - return - } - - storage, okStorage := record.Storage.(*gemini.GeminiTokenStorage) - if !okStorage || storage == nil { - log.Error("Gemini authentication failed: unsupported token storage") - return - } - - geminiAuth := gemini.NewGeminiAuth() - httpClient, errClient := geminiAuth.GetAuthenticatedClient(ctx, storage, cfg, &gemini.WebLoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Prompt: callbackPrompt, - }) - if errClient != nil { - log.Errorf("Gemini authentication failed: %v", errClient) - return - } - - log.Info("Authentication successful.") - - var activatedProjects []string - - useGoogleOne := false - if trimmedProjectID == "" && promptFn != nil { - fmt.Println("\nSelect login mode:") - fmt.Println(" 1. Code Assist (GCP project, manual selection)") - fmt.Println(" 2. Google One (personal account, auto-discover project)") - choice, errPrompt := promptFn("Enter choice [1/2] (default: 1): ") - if errPrompt == nil && strings.TrimSpace(choice) == "2" { - useGoogleOne = true - } - } - - if useGoogleOne { - log.Info("Google One mode: auto-discovering project...") - if errSetup := performGeminiCLISetup(ctx, httpClient, storage, ""); errSetup != nil { - log.Errorf("Google One auto-discovery failed: %v", errSetup) - return - } - autoProject := strings.TrimSpace(storage.ProjectID) - if autoProject == "" { - log.Error("Google One auto-discovery returned empty project ID") - return - } - log.Infof("Auto-discovered project: %s", autoProject) - activatedProjects = []string{autoProject} - } else { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - log.Errorf("Failed to get project list: %v", errProjects) - return - } - - selectedProjectID := promptForProjectSelection(projects, trimmedProjectID, promptFn) - projectSelections, errSelection := resolveProjectSelections(selectedProjectID, projects) - if errSelection != nil { - log.Errorf("Invalid project selection: %v", errSelection) - return - } - if len(projectSelections) == 0 { - log.Error("No project selected; aborting login.") - return - } - - seenProjects := make(map[string]bool) - for _, candidateID := range projectSelections { - log.Infof("Activating project %s", candidateID) - if errSetup := performGeminiCLISetup(ctx, httpClient, storage, candidateID); errSetup != nil { - if _, ok := errors.AsType[*projectSelectionRequiredError](errSetup); ok { - log.Error("Failed to start user onboarding: A project ID is required.") - showProjectSelectionHelp(storage.Email, projects) - return - } - log.Errorf("Failed to complete user setup: %v", errSetup) - return - } - finalID := strings.TrimSpace(storage.ProjectID) - if finalID == "" { - finalID = candidateID - } - - if seenProjects[finalID] { - log.Infof("Project %s already activated, skipping", finalID) - continue - } - seenProjects[finalID] = true - activatedProjects = append(activatedProjects, finalID) - } - } - - storage.Auto = false - storage.ProjectID = strings.Join(activatedProjects, ",") - - if !storage.Auto && !storage.Checked { - for _, pid := range activatedProjects { - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, httpClient, pid) - if errCheck != nil { - log.Errorf("Failed to check if Cloud AI API is enabled for %s: %v", pid, errCheck) - return - } - if !isChecked { - log.Errorf("Failed to check if Cloud AI API is enabled for project %s. If you encounter an error message, please create an issue.", pid) - return - } - } - storage.Checked = true - } - - updateAuthRecord(record, storage) - - store := sdkAuth.GetTokenStore() - if setter, okSetter := store.(interface{ SetBaseDir(string) }); okSetter && cfg != nil { - setter.SetBaseDir(cfg.AuthDir) - } - - savedPath, errSave := store.Save(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Gemini authentication successful!") -} - -func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage *gemini.GeminiTokenStorage, requestedProject string) error { - metadata := map[string]string{ - "ideType": "IDE_UNSPECIFIED", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - } - - trimmedRequest := strings.TrimSpace(requestedProject) - explicitProject := trimmedRequest != "" - - loadReqBody := map[string]any{ - "metadata": metadata, - } - if explicitProject { - loadReqBody["cloudaicompanionProject"] = trimmedRequest - } - - var loadResp map[string]any - if errLoad := callGeminiCLI(ctx, httpClient, "loadCodeAssist", loadReqBody, &loadResp); errLoad != nil { - return fmt.Errorf("load code assist: %w", errLoad) - } - - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID := trimmedRequest - if projectID == "" { - if id, okProject := loadResp["cloudaicompanionProject"].(string); okProject { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, okProject := loadResp["cloudaicompanionProject"].(map[string]any); okProject { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - } - if projectID == "" { - // Auto-discovery: try onboardUser without specifying a project - // to let Google auto-provision one (matches Gemini CLI headless behavior - // and Antigravity's FetchProjectID pattern). - autoOnboardReq := map[string]any{ - "tierId": tierID, - "metadata": metadata, - } - - autoCtx, autoCancel := context.WithTimeout(ctx, 30*time.Second) - defer autoCancel() - for attempt := 1; ; attempt++ { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(autoCtx, httpClient, "onboardUser", autoOnboardReq, &onboardResp); errOnboard != nil { - return fmt.Errorf("auto-discovery onboardUser: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch v := resp["cloudaicompanionProject"].(type) { - case string: - projectID = strings.TrimSpace(v) - case map[string]any: - if id, okID := v["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - break - } - - log.Debugf("Auto-discovery: onboarding in progress, attempt %d...", attempt) - select { - case <-autoCtx.Done(): - return &projectSelectionRequiredError{} - case <-time.After(2 * time.Second): - } - } - - if projectID == "" { - return &projectSelectionRequiredError{} - } - log.Infof("Auto-discovered project ID via onboarding: %s", projectID) - } - - onboardReqBody := map[string]any{ - "tierId": tierID, - "metadata": metadata, - "cloudaicompanionProject": projectID, - } - - // Store the requested project as a fallback in case the response omits it. - storage.ProjectID = projectID - - for { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(ctx, httpClient, "onboardUser", onboardReqBody, &onboardResp); errOnboard != nil { - return fmt.Errorf("onboard user: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - responseProjectID := "" - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch projectValue := resp["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - responseProjectID = strings.TrimSpace(id) - } - case string: - responseProjectID = strings.TrimSpace(projectValue) - } - } - - finalProjectID := projectID - if responseProjectID != "" { - if explicitProject && !strings.EqualFold(responseProjectID, projectID) { - // Check if this is a free user (gen-lang-client projects or free/legacy tier) - isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") || - strings.EqualFold(tierID, "FREE") || - strings.EqualFold(tierID, "LEGACY") - - if isFreeUser { - // Interactive prompt for free users - fmt.Printf("\nGoogle returned a different project ID:\n") - fmt.Printf(" Requested (frontend): %s\n", projectID) - fmt.Printf(" Returned (backend): %s\n\n", responseProjectID) - fmt.Printf(" Backend project IDs have access to preview models (gemini-3-*).\n") - fmt.Printf(" This is normal for free tier users.\n\n") - fmt.Printf("Which project ID would you like to use?\n") - fmt.Printf(" [1] Backend (recommended): %s\n", responseProjectID) - fmt.Printf(" [2] Frontend: %s\n\n", projectID) - fmt.Printf("Enter choice [1]: ") - - reader := bufio.NewReader(os.Stdin) - choice, _ := reader.ReadString('\n') - choice = strings.TrimSpace(choice) - - if choice == "2" { - log.Infof("Using frontend project ID: %s", projectID) - fmt.Println(". Warning: Frontend project IDs may not have access to preview models.") - finalProjectID = projectID - } else { - log.Infof("Using backend project ID: %s (recommended)", responseProjectID) - finalProjectID = responseProjectID - } - } else { - // Pro users: keep requested project ID (original behavior) - log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID) - } - } else { - finalProjectID = responseProjectID - } - } - - storage.ProjectID = strings.TrimSpace(finalProjectID) - if storage.ProjectID == "" { - storage.ProjectID = strings.TrimSpace(projectID) - } - if storage.ProjectID == "" { - return fmt.Errorf("onboard user completed without project id") - } - log.Infof("Onboarding complete. Using Project ID: %s", storage.ProjectID) - return nil - } - - log.Println("Onboarding in progress, waiting 5 seconds...") - time.Sleep(5 * time.Second) - } -} - -func callGeminiCLI(ctx context.Context, httpClient *http.Client, endpoint string, body any, result any) error { - url := fmt.Sprintf("%s/%s:%s", geminiCLIEndpoint, geminiCLIVersion, endpoint) - if strings.HasPrefix(endpoint, "operations/") { - url = fmt.Sprintf("%s/%s", geminiCLIEndpoint, endpoint) - } - - var reader io.Reader - if body != nil { - rawBody, errMarshal := json.Marshal(body) - if errMarshal != nil { - return fmt.Errorf("marshal request body: %w", errMarshal) - } - reader = bytes.NewReader(rawBody) - } - - req, errRequest := http.NewRequestWithContext(ctx, http.MethodPost, url, reader) - if errRequest != nil { - return fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - req.Header.Set("X-Goog-Api-Client", geminiCLIApiClient) - req.Header.Set("Client-Metadata", geminiCLIClientMetadata) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return fmt.Errorf("api request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - if result == nil { - _, _ = io.Copy(io.Discard, resp.Body) - return nil - } - - if errDecode := json.NewDecoder(resp.Body).Decode(result); errDecode != nil { - return fmt.Errorf("decode response body: %w", errDecode) - } - - return nil -} - -func fetchGCPProjects(ctx context.Context, httpClient *http.Client) ([]interfaces.GCPProjectProjects, error) { - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, "https://cloudresourcemanager.googleapis.com/v1/projects", nil) - if errRequest != nil { - return nil, fmt.Errorf("could not create project list request: %w", errRequest) - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("failed to execute project list request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, fmt.Errorf("project list request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var projects interfaces.GCPProject - if errDecode := json.NewDecoder(resp.Body).Decode(&projects); errDecode != nil { - return nil, fmt.Errorf("failed to unmarshal project list: %w", errDecode) - } - - return projects.Projects, nil -} - -// promptForProjectSelection prints available projects and returns the chosen project ID. -func promptForProjectSelection(projects []interfaces.GCPProjectProjects, presetID string, promptFn func(string) (string, error)) string { - trimmedPreset := strings.TrimSpace(presetID) - if len(projects) == 0 { - if trimmedPreset != "" { - return trimmedPreset - } - fmt.Println("No Google Cloud projects are available for selection.") - return "" - } - - fmt.Println("Available Google Cloud projects:") - defaultIndex := 0 - for idx, project := range projects { - fmt.Printf("[%d] %s (%s)\n", idx+1, project.ProjectID, project.Name) - if trimmedPreset != "" && project.ProjectID == trimmedPreset { - defaultIndex = idx - } - } - fmt.Println("Type 'ALL' to onboard every listed project.") - - defaultID := projects[defaultIndex].ProjectID - - if trimmedPreset != "" { - if strings.EqualFold(trimmedPreset, "ALL") { - return "ALL" - } - for _, project := range projects { - if project.ProjectID == trimmedPreset { - return trimmedPreset - } - } - log.Warnf("Provided project ID %s not found in available projects; please choose from the list.", trimmedPreset) - } - - for { - promptMsg := fmt.Sprintf("Enter project ID [%s] or ALL: ", defaultID) - answer, errPrompt := promptFn(promptMsg) - if errPrompt != nil { - log.Errorf("Project selection prompt failed: %v", errPrompt) - return defaultID - } - answer = strings.TrimSpace(answer) - if strings.EqualFold(answer, "ALL") { - return "ALL" - } - if answer == "" { - return defaultID - } - - for _, project := range projects { - if project.ProjectID == answer { - return project.ProjectID - } - } - - if idx, errAtoi := strconv.Atoi(answer); errAtoi == nil { - if idx >= 1 && idx <= len(projects) { - return projects[idx-1].ProjectID - } - } - - fmt.Println("Invalid selection, enter a project ID or a number from the list.") - } -} - -func resolveProjectSelections(selection string, projects []interfaces.GCPProjectProjects) ([]string, error) { - trimmed := strings.TrimSpace(selection) - if trimmed == "" { - return nil, nil - } - available := make(map[string]struct{}, len(projects)) - ordered := make([]string, 0, len(projects)) - for _, project := range projects { - id := strings.TrimSpace(project.ProjectID) - if id == "" { - continue - } - if _, exists := available[id]; exists { - continue - } - available[id] = struct{}{} - ordered = append(ordered, id) - } - if strings.EqualFold(trimmed, "ALL") { - if len(ordered) == 0 { - return nil, fmt.Errorf("no projects available for ALL selection") - } - return append([]string(nil), ordered...), nil - } - parts := strings.Split(trimmed, ",") - selections := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, dup := seen[id]; dup { - continue - } - if len(available) > 0 { - if _, ok := available[id]; !ok { - return nil, fmt.Errorf("project %s not found in available projects", id) - } - } - seen[id] = struct{}{} - selections = append(selections, id) - } - return selections, nil -} - -func defaultProjectPrompt() func(string) (string, error) { - reader := bufio.NewReader(os.Stdin) - return func(prompt string) (string, error) { - fmt.Print(prompt) - line, errRead := reader.ReadString('\n') - if errRead != nil { - if errors.Is(errRead, io.EOF) { - return strings.TrimSpace(line), nil - } - return "", errRead - } - return strings.TrimSpace(line), nil - } -} - -func showProjectSelectionHelp(email string, projects []interfaces.GCPProjectProjects) { - if email != "" { - log.Infof("Your account %s needs to specify a project ID.", email) - } else { - log.Info("You need to specify a project ID.") - } - - if len(projects) > 0 { - fmt.Println("========================================================================") - for _, p := range projects { - fmt.Printf("Project ID: %s\n", p.ProjectID) - fmt.Printf("Project Name: %s\n", p.Name) - fmt.Println("------------------------------------------------------------------------") - } - } else { - fmt.Println("No active projects were returned for this account.") - } - - fmt.Printf("Please run this command to login again with a specific project:\n\n%s --login --project_id \n", os.Args[0]) -} - -func checkCloudAPIIsEnabled(ctx context.Context, httpClient *http.Client, projectID string) (bool, error) { - serviceUsageURL := "https://serviceusage.googleapis.com" - requiredServices := []string{ - // "geminicloudassist.googleapis.com", // Gemini Cloud Assist API - "cloudaicompanion.googleapis.com", // Gemini for Google Cloud API - } - for _, service := range requiredServices { - checkUrl := fmt.Sprintf("%s/v1/projects/%s/services/%s", serviceUsageURL, projectID, service) - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, checkUrl, nil) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo := httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - if resp.StatusCode == http.StatusOK { - bodyBytes, _ := io.ReadAll(resp.Body) - if gjson.GetBytes(bodyBytes, "state").String() == "ENABLED" { - _ = resp.Body.Close() - continue - } - } - _ = resp.Body.Close() - - enableUrl := fmt.Sprintf("%s/v1/projects/%s/services/%s:enable", serviceUsageURL, projectID, service) - req, errRequest = http.NewRequestWithContext(ctx, http.MethodPost, enableUrl, strings.NewReader("{}")) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo = httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - bodyBytes, _ := io.ReadAll(resp.Body) - errMessage := string(bodyBytes) - errMessageResult := gjson.GetBytes(bodyBytes, "error.message") - if errMessageResult.Exists() { - errMessage = errMessageResult.String() - } - if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated { - _ = resp.Body.Close() - continue - } else if resp.StatusCode == http.StatusBadRequest { - _ = resp.Body.Close() - if strings.Contains(strings.ToLower(errMessage), "already enabled") { - continue - } - } - _ = resp.Body.Close() - return false, fmt.Errorf("project activation required: %s", errMessage) - } - return true, nil -} - -func updateAuthRecord(record *cliproxyauth.Auth, storage *gemini.GeminiTokenStorage) { - if record == nil || storage == nil { - return - } - - finalName := gemini.CredentialFileName(storage.Email, storage.ProjectID, true) - - if record.Metadata == nil { - record.Metadata = make(map[string]any) - } - record.Metadata["email"] = storage.Email - record.Metadata["project_id"] = storage.ProjectID - record.Metadata["auto"] = storage.Auto - record.Metadata["checked"] = storage.Checked - - record.ID = finalName - record.FileName = finalName - record.Storage = storage -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/openai_login.go b/.worktrees/config/m/config-build/active/internal/cmd/openai_login.go deleted file mode 100644 index 783a948400..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/openai_login.go +++ /dev/null @@ -1,72 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// LoginOptions contains options for the login processes. -// It provides configuration for authentication flows including browser behavior -// and interactive prompting capabilities. -type LoginOptions struct { - // NoBrowser indicates whether to skip opening the browser automatically. - NoBrowser bool - - // CallbackPort overrides the local OAuth callback port when set (>0). - CallbackPort int - - // Prompt allows the caller to provide interactive input when needed. - Prompt func(prompt string) (string, error) -} - -// DoCodexLogin triggers the Codex OAuth flow through the shared authentication manager. -// It initiates the OAuth authentication process for OpenAI Codex services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoCodexLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "codex", cfg, authOpts) - if err != nil { - if authErr, ok := errors.AsType[*codex.AuthenticationError](err); ok { - log.Error(codex.GetUserFriendlyMessage(authErr)) - if authErr.Type == codex.ErrPortInUse.Type { - os.Exit(codex.ErrPortInUse.Code) - } - return - } - fmt.Printf("Codex authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - fmt.Println("Codex authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/qwen_login.go b/.worktrees/config/m/config-build/active/internal/cmd/qwen_login.go deleted file mode 100644 index 10179fa843..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/qwen_login.go +++ /dev/null @@ -1,60 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoQwenLogin handles the Qwen device flow using the shared authentication manager. -// It initiates the device-based authentication process for Qwen services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoQwenLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = func(prompt string) (string, error) { - fmt.Println() - fmt.Println(prompt) - var value string - _, err := fmt.Scanln(&value) - return value, err - } - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "qwen", cfg, authOpts) - if err != nil { - if emailErr, ok := errors.AsType[*sdkAuth.EmailRequiredError](err); ok { - log.Error(emailErr.Error()) - return - } - fmt.Printf("Qwen authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Qwen authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/run.go b/.worktrees/config/m/config-build/active/internal/cmd/run.go deleted file mode 100644 index d8c4f01938..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/run.go +++ /dev/null @@ -1,98 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -// It includes authentication flows for various AI service providers, service startup, -// and other command-line operations. -package cmd - -import ( - "context" - "errors" - "os/signal" - "syscall" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/api" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy" - log "github.com/sirupsen/logrus" -) - -// StartService builds and runs the proxy service using the exported SDK. -// It creates a new proxy service instance, sets up signal handling for graceful shutdown, -// and starts the service with the provided configuration. -// -// Parameters: -// - cfg: The application configuration -// - configPath: The path to the configuration file -// - localPassword: Optional password accepted for local management requests -func StartService(cfg *config.Config, configPath string, localPassword string) { - builder := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath(configPath). - WithLocalManagementPassword(localPassword) - - ctxSignal, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) - defer cancel() - - runCtx := ctxSignal - if localPassword != "" { - var keepAliveCancel context.CancelFunc - runCtx, keepAliveCancel = context.WithCancel(ctxSignal) - builder = builder.WithServerOptions(api.WithKeepAliveEndpoint(10*time.Second, func() { - log.Warn("keep-alive endpoint idle for 10s, shutting down") - keepAliveCancel() - })) - } - - service, err := builder.Build() - if err != nil { - log.Errorf("failed to build proxy service: %v", err) - return - } - - err = service.Run(runCtx) - if err != nil && !errors.Is(err, context.Canceled) { - log.Errorf("proxy service exited with error: %v", err) - } -} - -// StartServiceBackground starts the proxy service in a background goroutine -// and returns a cancel function for shutdown and a done channel. -func StartServiceBackground(cfg *config.Config, configPath string, localPassword string) (cancel func(), done <-chan struct{}) { - builder := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath(configPath). - WithLocalManagementPassword(localPassword) - - ctx, cancelFn := context.WithCancel(context.Background()) - doneCh := make(chan struct{}) - - service, err := builder.Build() - if err != nil { - log.Errorf("failed to build proxy service: %v", err) - close(doneCh) - return cancelFn, doneCh - } - - go func() { - defer close(doneCh) - if err := service.Run(ctx); err != nil && !errors.Is(err, context.Canceled) { - log.Errorf("proxy service exited with error: %v", err) - } - }() - - return cancelFn, doneCh -} - -// WaitForCloudDeploy waits indefinitely for shutdown signals in cloud deploy mode -// when no configuration file is available. -func WaitForCloudDeploy() { - // Clarify that we are intentionally idle for configuration and not running the API server. - log.Info("Cloud deploy mode: No config found; standing by for configuration. API server is not started. Press Ctrl+C to exit.") - - ctxSignal, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) - defer cancel() - - // Block until shutdown signal is received - <-ctxSignal.Done() - log.Info("Cloud deploy mode: Shutdown signal received; exiting") -} diff --git a/.worktrees/config/m/config-build/active/internal/cmd/vertex_import.go b/.worktrees/config/m/config-build/active/internal/cmd/vertex_import.go deleted file mode 100644 index 32d782d805..0000000000 --- a/.worktrees/config/m/config-build/active/internal/cmd/vertex_import.go +++ /dev/null @@ -1,123 +0,0 @@ -// Package cmd contains CLI helpers. This file implements importing a Vertex AI -// service account JSON into the auth store as a dedicated "vertex" credential. -package cmd - -import ( - "context" - "encoding/json" - "fmt" - "os" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/vertex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// DoVertexImport imports a Google Cloud service account key JSON and persists -// it as a "vertex" provider credential. The file content is embedded in the auth -// file to allow portable deployment across stores. -func DoVertexImport(cfg *config.Config, keyPath string) { - if cfg == nil { - cfg = &config.Config{} - } - if resolved, errResolve := util.ResolveAuthDir(cfg.AuthDir); errResolve == nil { - cfg.AuthDir = resolved - } - rawPath := strings.TrimSpace(keyPath) - if rawPath == "" { - log.Errorf("vertex-import: missing service account key path") - return - } - data, errRead := os.ReadFile(rawPath) - if errRead != nil { - log.Errorf("vertex-import: read file failed: %v", errRead) - return - } - var sa map[string]any - if errUnmarshal := json.Unmarshal(data, &sa); errUnmarshal != nil { - log.Errorf("vertex-import: invalid service account json: %v", errUnmarshal) - return - } - // Validate and normalize private_key before saving - normalizedSA, errFix := vertex.NormalizeServiceAccountMap(sa) - if errFix != nil { - log.Errorf("vertex-import: %v", errFix) - return - } - sa = normalizedSA - email, _ := sa["client_email"].(string) - projectID, _ := sa["project_id"].(string) - if strings.TrimSpace(projectID) == "" { - log.Errorf("vertex-import: project_id missing in service account json") - return - } - if strings.TrimSpace(email) == "" { - // Keep empty email but warn - log.Warn("vertex-import: client_email missing in service account json") - } - // Default location if not provided by user. Can be edited in the saved file later. - location := "us-central1" - - fileName := fmt.Sprintf("vertex-%s.json", sanitizeFilePart(projectID)) - // Build auth record - storage := &vertex.VertexCredentialStorage{ - ServiceAccount: sa, - ProjectID: projectID, - Email: email, - Location: location, - } - metadata := map[string]any{ - "service_account": sa, - "project_id": projectID, - "email": email, - "location": location, - "type": "vertex", - "label": labelForVertex(projectID, email), - } - record := &coreauth.Auth{ - ID: fileName, - Provider: "vertex", - FileName: fileName, - Storage: storage, - Metadata: metadata, - } - - store := sdkAuth.GetTokenStore() - if setter, ok := store.(interface{ SetBaseDir(string) }); ok { - setter.SetBaseDir(cfg.AuthDir) - } - path, errSave := store.Save(context.Background(), record) - if errSave != nil { - log.Errorf("vertex-import: save credential failed: %v", errSave) - return - } - fmt.Printf("Vertex credentials imported: %s\n", path) -} - -func sanitizeFilePart(s string) string { - out := strings.TrimSpace(s) - replacers := []string{"/", "_", "\\", "_", ":", "_", " ", "-"} - for i := 0; i < len(replacers); i += 2 { - out = strings.ReplaceAll(out, replacers[i], replacers[i+1]) - } - return out -} - -func labelForVertex(projectID, email string) string { - p := strings.TrimSpace(projectID) - e := strings.TrimSpace(email) - if p != "" && e != "" { - return fmt.Sprintf("%s (%s)", p, e) - } - if p != "" { - return p - } - if e != "" { - return e - } - return "vertex" -} diff --git a/.worktrees/config/m/config-build/active/internal/config/config.go b/.worktrees/config/m/config-build/active/internal/config/config.go deleted file mode 100644 index eb8873844e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/config/config.go +++ /dev/null @@ -1,1930 +0,0 @@ -// Package config provides configuration management for the CLI Proxy API server. -// It handles loading and parsing YAML configuration files, and provides structured -// access to application settings including server port, authentication directory, -// debug settings, proxy configuration, and API keys. -package config - -import ( - "bytes" - "encoding/json" - "errors" - "fmt" - "os" - "strings" - "syscall" - - log "github.com/sirupsen/logrus" - "golang.org/x/crypto/bcrypt" - "gopkg.in/yaml.v3" -) - -const ( - DefaultPanelGitHubRepository = "https://github.com/router-for-me/Cli-Proxy-API-Management-Center" - DefaultPprofAddr = "127.0.0.1:8316" -) - -// Config represents the application's configuration, loaded from a YAML file. -type Config struct { - SDKConfig `yaml:",inline"` - // Host is the network host/interface on which the API server will bind. - // Default is empty ("") to bind all interfaces (IPv4 + IPv6). Use "127.0.0.1" or "localhost" for local-only access. - Host string `yaml:"host" json:"-"` - // Port is the network port on which the API server will listen. - Port int `yaml:"port" json:"-"` - - // TLS config controls HTTPS server settings. - TLS TLSConfig `yaml:"tls" json:"tls"` - - // RemoteManagement nests management-related options under 'remote-management'. - RemoteManagement RemoteManagement `yaml:"remote-management" json:"-"` - - // AuthDir is the directory where authentication token files are stored. - AuthDir string `yaml:"auth-dir" json:"-"` - - // Debug enables or disables debug-level logging and other debug features. - Debug bool `yaml:"debug" json:"debug"` - - // Pprof config controls the optional pprof HTTP debug server. - Pprof PprofConfig `yaml:"pprof" json:"pprof"` - - // CommercialMode disables high-overhead HTTP middleware features to minimize per-request memory usage. - CommercialMode bool `yaml:"commercial-mode" json:"commercial-mode"` - - // LoggingToFile controls whether application logs are written to rotating files or stdout. - LoggingToFile bool `yaml:"logging-to-file" json:"logging-to-file"` - - // LogsMaxTotalSizeMB limits the total size (in MB) of log files under the logs directory. - // When exceeded, the oldest log files are deleted until within the limit. Set to 0 to disable. - LogsMaxTotalSizeMB int `yaml:"logs-max-total-size-mb" json:"logs-max-total-size-mb"` - - // ErrorLogsMaxFiles limits the number of error log files retained when request logging is disabled. - // When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. - ErrorLogsMaxFiles int `yaml:"error-logs-max-files" json:"error-logs-max-files"` - - // UsageStatisticsEnabled toggles in-memory usage aggregation; when false, usage data is discarded. - UsageStatisticsEnabled bool `yaml:"usage-statistics-enabled" json:"usage-statistics-enabled"` - - // DisableCooling disables quota cooldown scheduling when true. - DisableCooling bool `yaml:"disable-cooling" json:"disable-cooling"` - - // RequestRetry defines the retry times when the request failed. - RequestRetry int `yaml:"request-retry" json:"request-retry"` - // MaxRetryInterval defines the maximum wait time in seconds before retrying a cooled-down credential. - MaxRetryInterval int `yaml:"max-retry-interval" json:"max-retry-interval"` - - // QuotaExceeded defines the behavior when a quota is exceeded. - QuotaExceeded QuotaExceeded `yaml:"quota-exceeded" json:"quota-exceeded"` - - // Routing controls credential selection behavior. - Routing RoutingConfig `yaml:"routing" json:"routing"` - - // WebsocketAuth enables or disables authentication for the WebSocket API. - WebsocketAuth bool `yaml:"ws-auth" json:"ws-auth"` - - // GeminiKey defines Gemini API key configurations with optional routing overrides. - GeminiKey []GeminiKey `yaml:"gemini-api-key" json:"gemini-api-key"` - - // KiroKey defines a list of Kiro (AWS CodeWhisperer) configurations. - KiroKey []KiroKey `yaml:"kiro" json:"kiro"` - - // KiroPreferredEndpoint sets the global default preferred endpoint for all Kiro providers. - // Values: "ide" (default, CodeWhisperer) or "cli" (Amazon Q). - KiroPreferredEndpoint string `yaml:"kiro-preferred-endpoint" json:"kiro-preferred-endpoint"` - - // Codex defines a list of Codex API key configurations as specified in the YAML configuration file. - CodexKey []CodexKey `yaml:"codex-api-key" json:"codex-api-key"` - - // ClaudeKey defines a list of Claude API key configurations as specified in the YAML configuration file. - ClaudeKey []ClaudeKey `yaml:"claude-api-key" json:"claude-api-key"` - - // ClaudeHeaderDefaults configures default header values for Claude API requests. - // These are used as fallbacks when the client does not send its own headers. - ClaudeHeaderDefaults ClaudeHeaderDefaults `yaml:"claude-header-defaults" json:"claude-header-defaults"` - - // OpenAICompatibility defines OpenAI API compatibility configurations for external providers. - OpenAICompatibility []OpenAICompatibility `yaml:"openai-compatibility" json:"openai-compatibility"` - - // VertexCompatAPIKey defines Vertex AI-compatible API key configurations for third-party providers. - // Used for services that use Vertex AI-style paths but with simple API key authentication. - VertexCompatAPIKey []VertexCompatKey `yaml:"vertex-api-key" json:"vertex-api-key"` - - // AmpCode contains Amp CLI upstream configuration, management restrictions, and model mappings. - AmpCode AmpCode `yaml:"ampcode" json:"ampcode"` - - // OAuthExcludedModels defines per-provider global model exclusions applied to OAuth/file-backed auth entries. - // Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. - OAuthExcludedModels map[string][]string `yaml:"oauth-excluded-models,omitempty" json:"oauth-excluded-models,omitempty"` - - // OAuthModelAlias defines global model name aliases for OAuth/file-backed auth channels. - // These aliases affect both model listing and model routing for supported channels: - // gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. - // - // NOTE: This does not apply to existing per-credential model alias features under: - // gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, and ampcode. - OAuthModelAlias map[string][]OAuthModelAlias `yaml:"oauth-model-alias,omitempty" json:"oauth-model-alias,omitempty"` - - // Payload defines default and override rules for provider payload parameters. - Payload PayloadConfig `yaml:"payload" json:"payload"` - - // IncognitoBrowser enables opening OAuth URLs in incognito/private browsing mode. - // This is useful when you want to login with a different account without logging out - // from your current session. Default: false. - IncognitoBrowser bool `yaml:"incognito-browser" json:"incognito-browser"` - - legacyMigrationPending bool `yaml:"-" json:"-"` -} - -// ClaudeHeaderDefaults configures default header values injected into Claude API requests -// when the client does not send them. Update these when Claude Code releases a new version. -type ClaudeHeaderDefaults struct { - UserAgent string `yaml:"user-agent" json:"user-agent"` - PackageVersion string `yaml:"package-version" json:"package-version"` - RuntimeVersion string `yaml:"runtime-version" json:"runtime-version"` - Timeout string `yaml:"timeout" json:"timeout"` -} - -// TLSConfig holds HTTPS server settings. -type TLSConfig struct { - // Enable toggles HTTPS server mode. - Enable bool `yaml:"enable" json:"enable"` - // Cert is the path to the TLS certificate file. - Cert string `yaml:"cert" json:"cert"` - // Key is the path to the TLS private key file. - Key string `yaml:"key" json:"key"` -} - -// PprofConfig holds pprof HTTP server settings. -type PprofConfig struct { - // Enable toggles the pprof HTTP debug server. - Enable bool `yaml:"enable" json:"enable"` - // Addr is the host:port address for the pprof HTTP server. - Addr string `yaml:"addr" json:"addr"` -} - -// RemoteManagement holds management API configuration under 'remote-management'. -type RemoteManagement struct { - // AllowRemote toggles remote (non-localhost) access to management API. - AllowRemote bool `yaml:"allow-remote"` - // SecretKey is the management key (plaintext or bcrypt hashed). YAML key intentionally 'secret-key'. - SecretKey string `yaml:"secret-key"` - // DisableControlPanel skips serving and syncing the bundled management UI when true. - DisableControlPanel bool `yaml:"disable-control-panel"` - // PanelGitHubRepository overrides the GitHub repository used to fetch the management panel asset. - // Accepts either a repository URL (https://github.com/org/repo) or an API releases endpoint. - PanelGitHubRepository string `yaml:"panel-github-repository"` -} - -// QuotaExceeded defines the behavior when API quota limits are exceeded. -// It provides configuration options for automatic failover mechanisms. -type QuotaExceeded struct { - // SwitchProject indicates whether to automatically switch to another project when a quota is exceeded. - SwitchProject bool `yaml:"switch-project" json:"switch-project"` - - // SwitchPreviewModel indicates whether to automatically switch to a preview model when a quota is exceeded. - SwitchPreviewModel bool `yaml:"switch-preview-model" json:"switch-preview-model"` -} - -// RoutingConfig configures how credentials are selected for requests. -type RoutingConfig struct { - // Strategy selects the credential selection strategy. - // Supported values: "round-robin" (default), "fill-first". - Strategy string `yaml:"strategy,omitempty" json:"strategy,omitempty"` -} - -// OAuthModelAlias defines a model ID alias for a specific channel. -// It maps the upstream model name (Name) to the client-visible alias (Alias). -// When Fork is true, the alias is added as an additional model in listings while -// keeping the original model ID available. -type OAuthModelAlias struct { - Name string `yaml:"name" json:"name"` - Alias string `yaml:"alias" json:"alias"` - Fork bool `yaml:"fork,omitempty" json:"fork,omitempty"` -} - -// AmpModelMapping defines a model name mapping for Amp CLI requests. -// When Amp requests a model that isn't available locally, this mapping -// allows routing to an alternative model that IS available. -type AmpModelMapping struct { - // From is the model name that Amp CLI requests (e.g., "claude-opus-4.5"). - From string `yaml:"from" json:"from"` - - // To is the target model name to route to (e.g., "claude-sonnet-4"). - // The target model must have available providers in the registry. - To string `yaml:"to" json:"to"` - - // Regex indicates whether the 'from' field should be interpreted as a regular - // expression for matching model names. When true, this mapping is evaluated - // after exact matches and in the order provided. Defaults to false (exact match). - Regex bool `yaml:"regex,omitempty" json:"regex,omitempty"` -} - -// AmpCode groups Amp CLI integration settings including upstream routing, -// optional overrides, management route restrictions, and model fallback mappings. -type AmpCode struct { - // UpstreamURL defines the upstream Amp control plane used for non-provider calls. - UpstreamURL string `yaml:"upstream-url" json:"upstream-url"` - - // UpstreamAPIKey optionally overrides the Authorization header when proxying Amp upstream calls. - UpstreamAPIKey string `yaml:"upstream-api-key" json:"upstream-api-key"` - - // UpstreamAPIKeys maps client API keys (from top-level api-keys) to upstream API keys. - // When a client authenticates with a key that matches an entry, that upstream key is used. - // If no match is found, falls back to UpstreamAPIKey (default behavior). - UpstreamAPIKeys []AmpUpstreamAPIKeyEntry `yaml:"upstream-api-keys,omitempty" json:"upstream-api-keys,omitempty"` - - // RestrictManagementToLocalhost restricts Amp management routes (/api/user, /api/threads, etc.) - // to only accept connections from localhost (127.0.0.1, ::1). When true, prevents drive-by - // browser attacks and remote access to management endpoints. Default: false (API key auth is sufficient). - RestrictManagementToLocalhost bool `yaml:"restrict-management-to-localhost" json:"restrict-management-to-localhost"` - - // ModelMappings defines model name mappings for Amp CLI requests. - // When Amp requests a model that isn't available locally, these mappings - // allow routing to an alternative model that IS available. - ModelMappings []AmpModelMapping `yaml:"model-mappings" json:"model-mappings"` - - // ForceModelMappings when true, model mappings take precedence over local API keys. - // When false (default), local API keys are used first if available. - ForceModelMappings bool `yaml:"force-model-mappings" json:"force-model-mappings"` -} - -// AmpUpstreamAPIKeyEntry maps a set of client API keys to a specific upstream API key. -// When a request is authenticated with one of the APIKeys, the corresponding UpstreamAPIKey -// is used for the upstream Amp request. -type AmpUpstreamAPIKeyEntry struct { - // UpstreamAPIKey is the API key to use when proxying to the Amp upstream. - UpstreamAPIKey string `yaml:"upstream-api-key" json:"upstream-api-key"` - - // APIKeys are the client API keys (from top-level api-keys) that map to this upstream key. - APIKeys []string `yaml:"api-keys" json:"api-keys"` -} - -// PayloadConfig defines default and override parameter rules applied to provider payloads. -type PayloadConfig struct { - // Default defines rules that only set parameters when they are missing in the payload. - Default []PayloadRule `yaml:"default" json:"default"` - // DefaultRaw defines rules that set raw JSON values only when they are missing. - DefaultRaw []PayloadRule `yaml:"default-raw" json:"default-raw"` - // Override defines rules that always set parameters, overwriting any existing values. - Override []PayloadRule `yaml:"override" json:"override"` - // OverrideRaw defines rules that always set raw JSON values, overwriting any existing values. - OverrideRaw []PayloadRule `yaml:"override-raw" json:"override-raw"` - // Filter defines rules that remove parameters from the payload by JSON path. - Filter []PayloadFilterRule `yaml:"filter" json:"filter"` -} - -// PayloadFilterRule describes a rule to remove specific JSON paths from matching model payloads. -type PayloadFilterRule struct { - // Models lists model entries with name pattern and protocol constraint. - Models []PayloadModelRule `yaml:"models" json:"models"` - // Params lists JSON paths (gjson/sjson syntax) to remove from the payload. - Params []string `yaml:"params" json:"params"` -} - -// PayloadRule describes a single rule targeting a list of models with parameter updates. -type PayloadRule struct { - // Models lists model entries with name pattern and protocol constraint. - Models []PayloadModelRule `yaml:"models" json:"models"` - // Params maps JSON paths (gjson/sjson syntax) to values written into the payload. - // For *-raw rules, values are treated as raw JSON fragments (strings are used as-is). - Params map[string]any `yaml:"params" json:"params"` -} - -// PayloadModelRule ties a model name pattern to a specific translator protocol. -type PayloadModelRule struct { - // Name is the model name or wildcard pattern (e.g., "gpt-*", "*-5", "gemini-*-pro"). - Name string `yaml:"name" json:"name"` - // Protocol restricts the rule to a specific translator format (e.g., "gemini", "responses"). - Protocol string `yaml:"protocol" json:"protocol"` -} - -// CloakConfig configures request cloaking for non-Claude-Code clients. -// Cloaking disguises API requests to appear as originating from the official Claude Code CLI. -type CloakConfig struct { - // Mode controls cloaking behavior: "auto" (default), "always", or "never". - // - "auto": cloak only when client is not Claude Code (based on User-Agent) - // - "always": always apply cloaking regardless of client - // - "never": never apply cloaking - Mode string `yaml:"mode,omitempty" json:"mode,omitempty"` - - // StrictMode controls how system prompts are handled when cloaking. - // - false (default): prepend Claude Code prompt to user system messages - // - true: strip all user system messages, keep only Claude Code prompt - StrictMode bool `yaml:"strict-mode,omitempty" json:"strict-mode,omitempty"` - - // SensitiveWords is a list of words to obfuscate with zero-width characters. - // This can help bypass certain content filters. - SensitiveWords []string `yaml:"sensitive-words,omitempty" json:"sensitive-words,omitempty"` - - // CacheUserID controls whether Claude user_id values are cached per API key. - // When false, a fresh random user_id is generated for every request. - CacheUserID *bool `yaml:"cache-user-id,omitempty" json:"cache-user-id,omitempty"` -} - -// ClaudeKey represents the configuration for a Claude API key, -// including the API key itself and an optional base URL for the API endpoint. -type ClaudeKey struct { - // APIKey is the authentication key for accessing Claude API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces models for this credential (e.g., "teamA/claude-sonnet-4"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Claude API endpoint. - // If empty, the default Claude API URL will be used. - BaseURL string `yaml:"base-url" json:"base-url"` - - // ProxyURL overrides the global proxy setting for this API key if provided. - ProxyURL string `yaml:"proxy-url" json:"proxy-url"` - - // Models defines upstream model names and aliases for request routing. - Models []ClaudeModel `yaml:"models" json:"models"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` - - // Cloak configures request cloaking for non-Claude-Code clients. - Cloak *CloakConfig `yaml:"cloak,omitempty" json:"cloak,omitempty"` -} - -func (k ClaudeKey) GetAPIKey() string { return k.APIKey } -func (k ClaudeKey) GetBaseURL() string { return k.BaseURL } - -// ClaudeModel describes a mapping between an alias and the actual upstream model name. -type ClaudeModel struct { - // Name is the upstream model identifier used when issuing requests. - Name string `yaml:"name" json:"name"` - - // Alias is the client-facing model name that maps to Name. - Alias string `yaml:"alias" json:"alias"` -} - -func (m ClaudeModel) GetName() string { return m.Name } -func (m ClaudeModel) GetAlias() string { return m.Alias } - -// CodexKey represents the configuration for a Codex API key, -// including the API key itself and an optional base URL for the API endpoint. -type CodexKey struct { - // APIKey is the authentication key for accessing Codex API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces models for this credential (e.g., "teamA/gpt-5-codex"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Codex API endpoint. - // If empty, the default Codex API URL will be used. - BaseURL string `yaml:"base-url" json:"base-url"` - - // Websockets enables the Responses API websocket transport for this credential. - Websockets bool `yaml:"websockets,omitempty" json:"websockets,omitempty"` - - // ProxyURL overrides the global proxy setting for this API key if provided. - ProxyURL string `yaml:"proxy-url" json:"proxy-url"` - - // Models defines upstream model names and aliases for request routing. - Models []CodexModel `yaml:"models" json:"models"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` -} - -func (k CodexKey) GetAPIKey() string { return k.APIKey } -func (k CodexKey) GetBaseURL() string { return k.BaseURL } - -// CodexModel describes a mapping between an alias and the actual upstream model name. -type CodexModel struct { - // Name is the upstream model identifier used when issuing requests. - Name string `yaml:"name" json:"name"` - - // Alias is the client-facing model name that maps to Name. - Alias string `yaml:"alias" json:"alias"` -} - -func (m CodexModel) GetName() string { return m.Name } -func (m CodexModel) GetAlias() string { return m.Alias } - -// GeminiKey represents the configuration for a Gemini API key, -// including optional overrides for upstream base URL, proxy routing, and headers. -type GeminiKey struct { - // APIKey is the authentication key for accessing Gemini API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces models for this credential (e.g., "teamA/gemini-3-pro-preview"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL optionally overrides the Gemini API endpoint. - BaseURL string `yaml:"base-url,omitempty" json:"base-url,omitempty"` - - // ProxyURL optionally overrides the global proxy for this API key. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // Models defines upstream model names and aliases for request routing. - Models []GeminiModel `yaml:"models,omitempty" json:"models,omitempty"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` -} - -func (k GeminiKey) GetAPIKey() string { return k.APIKey } -func (k GeminiKey) GetBaseURL() string { return k.BaseURL } - -// GeminiModel describes a mapping between an alias and the actual upstream model name. -type GeminiModel struct { - // Name is the upstream model identifier used when issuing requests. - Name string `yaml:"name" json:"name"` - - // Alias is the client-facing model name that maps to Name. - Alias string `yaml:"alias" json:"alias"` -} - -func (m GeminiModel) GetName() string { return m.Name } -func (m GeminiModel) GetAlias() string { return m.Alias } - -// KiroKey represents the configuration for Kiro (AWS CodeWhisperer) authentication. -type KiroKey struct { - // TokenFile is the path to the Kiro token file (default: ~/.aws/sso/cache/kiro-auth-token.json) - TokenFile string `yaml:"token-file,omitempty" json:"token-file,omitempty"` - - // AccessToken is the OAuth access token for direct configuration. - AccessToken string `yaml:"access-token,omitempty" json:"access-token,omitempty"` - - // RefreshToken is the OAuth refresh token for token renewal. - RefreshToken string `yaml:"refresh-token,omitempty" json:"refresh-token,omitempty"` - - // ProfileArn is the AWS CodeWhisperer profile ARN. - ProfileArn string `yaml:"profile-arn,omitempty" json:"profile-arn,omitempty"` - - // Region is the AWS region (default: us-east-1). - Region string `yaml:"region,omitempty" json:"region,omitempty"` - - // ProxyURL optionally overrides the global proxy for this configuration. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // AgentTaskType sets the Kiro API task type. Known values: "vibe", "dev", "chat". - // Leave empty to let API use defaults. Different values may inject different system prompts. - AgentTaskType string `yaml:"agent-task-type,omitempty" json:"agent-task-type,omitempty"` - - // PreferredEndpoint sets the preferred Kiro API endpoint/quota. - // Values: "codewhisperer" (default, IDE quota) or "amazonq" (CLI quota). - PreferredEndpoint string `yaml:"preferred-endpoint,omitempty" json:"preferred-endpoint,omitempty"` -} - -// OpenAICompatibility represents the configuration for OpenAI API compatibility -// with external providers, allowing model aliases to be routed through OpenAI API format. -type OpenAICompatibility struct { - // Name is the identifier for this OpenAI compatibility configuration. - Name string `yaml:"name" json:"name"` - - // Priority controls selection preference when multiple providers or credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces model aliases for this provider (e.g., "teamA/kimi-k2"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the external OpenAI-compatible API endpoint. - BaseURL string `yaml:"base-url" json:"base-url"` - - // APIKeyEntries defines API keys with optional per-key proxy configuration. - APIKeyEntries []OpenAICompatibilityAPIKey `yaml:"api-key-entries,omitempty" json:"api-key-entries,omitempty"` - - // Models defines the model configurations including aliases for routing. - Models []OpenAICompatibilityModel `yaml:"models" json:"models"` - - // Headers optionally adds extra HTTP headers for requests sent to this provider. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` -} - -// OpenAICompatibilityAPIKey represents an API key configuration with optional proxy setting. -type OpenAICompatibilityAPIKey struct { - // APIKey is the authentication key for accessing the external API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // ProxyURL overrides the global proxy setting for this API key if provided. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` -} - -// OpenAICompatibilityModel represents a model configuration for OpenAI compatibility, -// including the actual model name and its alias for API routing. -type OpenAICompatibilityModel struct { - // Name is the actual model name used by the external provider. - Name string `yaml:"name" json:"name"` - - // Alias is the model name alias that clients will use to reference this model. - Alias string `yaml:"alias" json:"alias"` -} - -func (m OpenAICompatibilityModel) GetName() string { return m.Name } -func (m OpenAICompatibilityModel) GetAlias() string { return m.Alias } - -// LoadConfig reads a YAML configuration file from the given path, -// unmarshals it into a Config struct, applies environment variable overrides, -// and returns it. -// -// Parameters: -// - configFile: The path to the YAML configuration file -// -// Returns: -// - *Config: The loaded configuration -// - error: An error if the configuration could not be loaded -func LoadConfig(configFile string) (*Config, error) { - return LoadConfigOptional(configFile, false) -} - -// LoadConfigOptional reads YAML from configFile. -// If optional is true and the file is missing, it returns an empty Config. -// If optional is true and the file is empty or invalid, it returns an empty Config. -func LoadConfigOptional(configFile string, optional bool) (*Config, error) { - // NOTE: Startup oauth-model-alias migration is intentionally disabled. - // Reason: avoid mutating config.yaml during server startup. - // Re-enable the block below if automatic startup migration is needed again. - // if migrated, err := MigrateOAuthModelAlias(configFile); err != nil { - // // Log warning but don't fail - config loading should still work - // fmt.Printf("Warning: oauth-model-alias migration failed: %v\n", err) - // } else if migrated { - // fmt.Println("Migrated oauth-model-mappings to oauth-model-alias") - // } - - // Read the entire configuration file into memory. - data, err := os.ReadFile(configFile) - if err != nil { - if optional { - if os.IsNotExist(err) || errors.Is(err, syscall.EISDIR) { - // Missing and optional: return empty config (cloud deploy standby). - return &Config{}, nil - } - } - return nil, fmt.Errorf("failed to read config file: %w", err) - } - - // In cloud deploy mode (optional=true), if file is empty or contains only whitespace, return empty config. - if optional && len(data) == 0 { - return &Config{}, nil - } - - // Unmarshal the YAML data into the Config struct. - var cfg Config - // Set defaults before unmarshal so that absent keys keep defaults. - cfg.Host = "" // Default empty: binds to all interfaces (IPv4 + IPv6) - cfg.LoggingToFile = false - cfg.LogsMaxTotalSizeMB = 0 - cfg.ErrorLogsMaxFiles = 10 - cfg.UsageStatisticsEnabled = false - cfg.DisableCooling = false - cfg.Pprof.Enable = false - cfg.Pprof.Addr = DefaultPprofAddr - cfg.AmpCode.RestrictManagementToLocalhost = false // Default to false: API key auth is sufficient - cfg.RemoteManagement.PanelGitHubRepository = DefaultPanelGitHubRepository - cfg.IncognitoBrowser = false // Default to normal browser (AWS uses incognito by force) - if err = yaml.Unmarshal(data, &cfg); err != nil { - if optional { - // In cloud deploy mode, if YAML parsing fails, return empty config instead of error. - return &Config{}, nil - } - return nil, fmt.Errorf("failed to parse config file: %w", err) - } - - // NOTE: Startup legacy key migration is intentionally disabled. - // Reason: avoid mutating config.yaml during server startup. - // Re-enable the block below if automatic startup migration is needed again. - // var legacy legacyConfigData - // if errLegacy := yaml.Unmarshal(data, &legacy); errLegacy == nil { - // if cfg.migrateLegacyGeminiKeys(legacy.LegacyGeminiKeys) { - // cfg.legacyMigrationPending = true - // } - // if cfg.migrateLegacyOpenAICompatibilityKeys(legacy.OpenAICompat) { - // cfg.legacyMigrationPending = true - // } - // if cfg.migrateLegacyAmpConfig(&legacy) { - // cfg.legacyMigrationPending = true - // } - // } - - // Hash remote management key if plaintext is detected (nested) - // We consider a value to be already hashed if it looks like a bcrypt hash ($2a$, $2b$, or $2y$ prefix). - if cfg.RemoteManagement.SecretKey != "" && !looksLikeBcrypt(cfg.RemoteManagement.SecretKey) { - hashed, errHash := hashSecret(cfg.RemoteManagement.SecretKey) - if errHash != nil { - return nil, fmt.Errorf("failed to hash remote management key: %w", errHash) - } - cfg.RemoteManagement.SecretKey = hashed - - // Persist the hashed value back to the config file to avoid re-hashing on next startup. - // Preserve YAML comments and ordering; update only the nested key. - _ = SaveConfigPreserveCommentsUpdateNestedScalar(configFile, []string{"remote-management", "secret-key"}, hashed) - } - - cfg.RemoteManagement.PanelGitHubRepository = strings.TrimSpace(cfg.RemoteManagement.PanelGitHubRepository) - if cfg.RemoteManagement.PanelGitHubRepository == "" { - cfg.RemoteManagement.PanelGitHubRepository = DefaultPanelGitHubRepository - } - - cfg.Pprof.Addr = strings.TrimSpace(cfg.Pprof.Addr) - if cfg.Pprof.Addr == "" { - cfg.Pprof.Addr = DefaultPprofAddr - } - - if cfg.LogsMaxTotalSizeMB < 0 { - cfg.LogsMaxTotalSizeMB = 0 - } - - if cfg.ErrorLogsMaxFiles < 0 { - cfg.ErrorLogsMaxFiles = 10 - } - - // Sanitize Gemini API key configuration and migrate legacy entries. - cfg.SanitizeGeminiKeys() - - // Sanitize Vertex-compatible API keys: drop entries without base-url - cfg.SanitizeVertexCompatKeys() - - // Sanitize Codex keys: drop entries without base-url - cfg.SanitizeCodexKeys() - - // Sanitize Claude key headers - cfg.SanitizeClaudeKeys() - - // Sanitize Kiro keys: trim whitespace from credential fields - cfg.SanitizeKiroKeys() - - // Sanitize OpenAI compatibility providers: drop entries without base-url - cfg.SanitizeOpenAICompatibility() - - // Normalize OAuth provider model exclusion map. - cfg.OAuthExcludedModels = NormalizeOAuthExcludedModels(cfg.OAuthExcludedModels) - - // Normalize global OAuth model name aliases. - cfg.SanitizeOAuthModelAlias() - - // Validate raw payload rules and drop invalid entries. - cfg.SanitizePayloadRules() - - // NOTE: Legacy migration persistence is intentionally disabled together with - // startup legacy migration to keep startup read-only for config.yaml. - // Re-enable the block below if automatic startup migration is needed again. - // if cfg.legacyMigrationPending { - // fmt.Println("Detected legacy configuration keys, attempting to persist the normalized config...") - // if !optional && configFile != "" { - // if err := SaveConfigPreserveComments(configFile, &cfg); err != nil { - // return nil, fmt.Errorf("failed to persist migrated legacy config: %w", err) - // } - // fmt.Println("Legacy configuration normalized and persisted.") - // } else { - // fmt.Println("Legacy configuration normalized in memory; persistence skipped.") - // } - // } - - // Return the populated configuration struct. - return &cfg, nil -} - -// SanitizePayloadRules validates raw JSON payload rule params and drops invalid rules. -func (cfg *Config) SanitizePayloadRules() { - if cfg == nil { - return - } - cfg.Payload.DefaultRaw = sanitizePayloadRawRules(cfg.Payload.DefaultRaw, "default-raw") - cfg.Payload.OverrideRaw = sanitizePayloadRawRules(cfg.Payload.OverrideRaw, "override-raw") -} - -func sanitizePayloadRawRules(rules []PayloadRule, section string) []PayloadRule { - if len(rules) == 0 { - return rules - } - out := make([]PayloadRule, 0, len(rules)) - for i := range rules { - rule := rules[i] - if len(rule.Params) == 0 { - continue - } - invalid := false - for path, value := range rule.Params { - raw, ok := payloadRawString(value) - if !ok { - continue - } - trimmed := bytes.TrimSpace(raw) - if len(trimmed) == 0 || !json.Valid(trimmed) { - log.WithFields(log.Fields{ - "section": section, - "rule_index": i + 1, - "param": path, - }).Warn("payload rule dropped: invalid raw JSON") - invalid = true - break - } - } - if invalid { - continue - } - out = append(out, rule) - } - return out -} - -func payloadRawString(value any) ([]byte, bool) { - switch typed := value.(type) { - case string: - return []byte(typed), true - case []byte: - return typed, true - default: - return nil, false - } -} - -// SanitizeOAuthModelAlias normalizes and deduplicates global OAuth model name aliases. -// It trims whitespace, normalizes channel keys to lower-case, drops empty entries, -// allows multiple aliases per upstream name, and ensures aliases are unique within each channel. -// It also injects default aliases for channels that have built-in defaults (e.g., kiro) -// when no user-configured aliases exist for those channels. -func (cfg *Config) SanitizeOAuthModelAlias() { - if cfg == nil { - return - } - - // Inject channel defaults when the channel is absent in user config. - // Presence is checked case-insensitively and includes explicit nil/empty markers. - if cfg.OAuthModelAlias == nil { - cfg.OAuthModelAlias = make(map[string][]OAuthModelAlias) - } - hasChannel := func(channel string) bool { - for k := range cfg.OAuthModelAlias { - if strings.EqualFold(strings.TrimSpace(k), channel) { - return true - } - } - return false - } - if !hasChannel("kiro") { - cfg.OAuthModelAlias["kiro"] = defaultKiroAliases() - } - if !hasChannel("github-copilot") { - cfg.OAuthModelAlias["github-copilot"] = defaultGitHubCopilotAliases() - } - - if len(cfg.OAuthModelAlias) == 0 { - return - } - out := make(map[string][]OAuthModelAlias, len(cfg.OAuthModelAlias)) - for rawChannel, aliases := range cfg.OAuthModelAlias { - channel := strings.ToLower(strings.TrimSpace(rawChannel)) - if channel == "" { - continue - } - // Preserve channels that were explicitly set to empty/nil – they act - // as "disabled" markers so default injection won't re-add them (#222). - if len(aliases) == 0 { - out[channel] = nil - continue - } - seenAlias := make(map[string]struct{}, len(aliases)) - clean := make([]OAuthModelAlias, 0, len(aliases)) - for _, entry := range aliases { - name := strings.TrimSpace(entry.Name) - alias := strings.TrimSpace(entry.Alias) - if name == "" || alias == "" { - continue - } - if strings.EqualFold(name, alias) { - continue - } - aliasKey := strings.ToLower(alias) - if _, ok := seenAlias[aliasKey]; ok { - continue - } - seenAlias[aliasKey] = struct{}{} - clean = append(clean, OAuthModelAlias{Name: name, Alias: alias, Fork: entry.Fork}) - } - if len(clean) > 0 { - out[channel] = clean - } - } - cfg.OAuthModelAlias = out -} - -// SanitizeOpenAICompatibility removes OpenAI-compatibility provider entries that are -// not actionable, specifically those missing a BaseURL. It trims whitespace before -// evaluation and preserves the relative order of remaining entries. -func (cfg *Config) SanitizeOpenAICompatibility() { - if cfg == nil || len(cfg.OpenAICompatibility) == 0 { - return - } - out := make([]OpenAICompatibility, 0, len(cfg.OpenAICompatibility)) - for i := range cfg.OpenAICompatibility { - e := cfg.OpenAICompatibility[i] - e.Name = strings.TrimSpace(e.Name) - e.Prefix = normalizeModelPrefix(e.Prefix) - e.BaseURL = strings.TrimSpace(e.BaseURL) - e.Headers = NormalizeHeaders(e.Headers) - if e.BaseURL == "" { - // Skip providers with no base-url; treated as removed - continue - } - out = append(out, e) - } - cfg.OpenAICompatibility = out -} - -// SanitizeCodexKeys removes Codex API key entries missing a BaseURL. -// It trims whitespace and preserves order for remaining entries. -func (cfg *Config) SanitizeCodexKeys() { - if cfg == nil || len(cfg.CodexKey) == 0 { - return - } - out := make([]CodexKey, 0, len(cfg.CodexKey)) - for i := range cfg.CodexKey { - e := cfg.CodexKey[i] - e.Prefix = normalizeModelPrefix(e.Prefix) - e.BaseURL = strings.TrimSpace(e.BaseURL) - e.Headers = NormalizeHeaders(e.Headers) - e.ExcludedModels = NormalizeExcludedModels(e.ExcludedModels) - if e.BaseURL == "" { - continue - } - out = append(out, e) - } - cfg.CodexKey = out -} - -// SanitizeClaudeKeys normalizes headers for Claude credentials. -func (cfg *Config) SanitizeClaudeKeys() { - if cfg == nil || len(cfg.ClaudeKey) == 0 { - return - } - for i := range cfg.ClaudeKey { - entry := &cfg.ClaudeKey[i] - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.Headers = NormalizeHeaders(entry.Headers) - entry.ExcludedModels = NormalizeExcludedModels(entry.ExcludedModels) - } -} - -// SanitizeKiroKeys trims whitespace from Kiro credential fields. -func (cfg *Config) SanitizeKiroKeys() { - if cfg == nil || len(cfg.KiroKey) == 0 { - return - } - for i := range cfg.KiroKey { - entry := &cfg.KiroKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.AccessToken = strings.TrimSpace(entry.AccessToken) - entry.RefreshToken = strings.TrimSpace(entry.RefreshToken) - entry.ProfileArn = strings.TrimSpace(entry.ProfileArn) - entry.Region = strings.TrimSpace(entry.Region) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.PreferredEndpoint = strings.TrimSpace(entry.PreferredEndpoint) - } -} - -// SanitizeGeminiKeys deduplicates and normalizes Gemini credentials. -func (cfg *Config) SanitizeGeminiKeys() { - if cfg == nil { - return - } - - seen := make(map[string]struct{}, len(cfg.GeminiKey)) - out := cfg.GeminiKey[:0] - for i := range cfg.GeminiKey { - entry := cfg.GeminiKey[i] - entry.APIKey = strings.TrimSpace(entry.APIKey) - if entry.APIKey == "" { - continue - } - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = NormalizeHeaders(entry.Headers) - entry.ExcludedModels = NormalizeExcludedModels(entry.ExcludedModels) - if _, exists := seen[entry.APIKey]; exists { - continue - } - seen[entry.APIKey] = struct{}{} - out = append(out, entry) - } - cfg.GeminiKey = out -} - -func normalizeModelPrefix(prefix string) string { - trimmed := strings.TrimSpace(prefix) - trimmed = strings.Trim(trimmed, "/") - if trimmed == "" { - return "" - } - if strings.Contains(trimmed, "/") { - return "" - } - return trimmed -} - -// looksLikeBcrypt returns true if the provided string appears to be a bcrypt hash. -func looksLikeBcrypt(s string) bool { - return len(s) > 4 && (s[:4] == "$2a$" || s[:4] == "$2b$" || s[:4] == "$2y$") -} - -// NormalizeHeaders trims header keys and values and removes empty pairs. -func NormalizeHeaders(headers map[string]string) map[string]string { - if len(headers) == 0 { - return nil - } - clean := make(map[string]string, len(headers)) - for k, v := range headers { - key := strings.TrimSpace(k) - val := strings.TrimSpace(v) - if key == "" || val == "" { - continue - } - clean[key] = val - } - if len(clean) == 0 { - return nil - } - return clean -} - -// NormalizeExcludedModels trims, lowercases, and deduplicates model exclusion patterns. -// It preserves the order of first occurrences and drops empty entries. -func NormalizeExcludedModels(models []string) []string { - if len(models) == 0 { - return nil - } - seen := make(map[string]struct{}, len(models)) - out := make([]string, 0, len(models)) - for _, raw := range models { - trimmed := strings.ToLower(strings.TrimSpace(raw)) - if trimmed == "" { - continue - } - if _, exists := seen[trimmed]; exists { - continue - } - seen[trimmed] = struct{}{} - out = append(out, trimmed) - } - if len(out) == 0 { - return nil - } - return out -} - -// NormalizeOAuthExcludedModels cleans provider -> excluded models mappings by normalizing provider keys -// and applying model exclusion normalization to each entry. -func NormalizeOAuthExcludedModels(entries map[string][]string) map[string][]string { - if len(entries) == 0 { - return nil - } - out := make(map[string][]string, len(entries)) - for provider, models := range entries { - key := strings.ToLower(strings.TrimSpace(provider)) - if key == "" { - continue - } - normalized := NormalizeExcludedModels(models) - if len(normalized) == 0 { - continue - } - out[key] = normalized - } - if len(out) == 0 { - return nil - } - return out -} - -// hashSecret hashes the given secret using bcrypt. -func hashSecret(secret string) (string, error) { - // Use default cost for simplicity. - hashedBytes, err := bcrypt.GenerateFromPassword([]byte(secret), bcrypt.DefaultCost) - if err != nil { - return "", err - } - return string(hashedBytes), nil -} - -// SaveConfigPreserveComments writes the config back to YAML while preserving existing comments -// and key ordering by loading the original file into a yaml.Node tree and updating values in-place. -func SaveConfigPreserveComments(configFile string, cfg *Config) error { - persistCfg := cfg - // Load original YAML as a node tree to preserve comments and ordering. - data, err := os.ReadFile(configFile) - if err != nil { - return err - } - - var original yaml.Node - if err = yaml.Unmarshal(data, &original); err != nil { - return err - } - if original.Kind != yaml.DocumentNode || len(original.Content) == 0 { - return fmt.Errorf("invalid yaml document structure") - } - if original.Content[0] == nil || original.Content[0].Kind != yaml.MappingNode { - return fmt.Errorf("expected root mapping node") - } - - // Marshal the current cfg to YAML, then unmarshal to a yaml.Node we can merge from. - rendered, err := yaml.Marshal(persistCfg) - if err != nil { - return err - } - var generated yaml.Node - if err = yaml.Unmarshal(rendered, &generated); err != nil { - return err - } - if generated.Kind != yaml.DocumentNode || len(generated.Content) == 0 || generated.Content[0] == nil { - return fmt.Errorf("invalid generated yaml structure") - } - if generated.Content[0].Kind != yaml.MappingNode { - return fmt.Errorf("expected generated root mapping node") - } - - // Remove deprecated sections before merging back the sanitized config. - removeLegacyAuthBlock(original.Content[0]) - removeLegacyOpenAICompatAPIKeys(original.Content[0]) - removeLegacyAmpKeys(original.Content[0]) - removeLegacyGenerativeLanguageKeys(original.Content[0]) - - pruneMappingToGeneratedKeys(original.Content[0], generated.Content[0], "oauth-excluded-models") - pruneMappingToGeneratedKeys(original.Content[0], generated.Content[0], "oauth-model-alias") - - // Merge generated into original in-place, preserving comments/order of existing nodes. - mergeMappingPreserve(original.Content[0], generated.Content[0]) - normalizeCollectionNodeStyles(original.Content[0]) - - // Write back. - f, err := os.Create(configFile) - if err != nil { - return err - } - defer func() { _ = f.Close() }() - var buf bytes.Buffer - enc := yaml.NewEncoder(&buf) - enc.SetIndent(2) - if err = enc.Encode(&original); err != nil { - _ = enc.Close() - return err - } - if err = enc.Close(); err != nil { - return err - } - data = NormalizeCommentIndentation(buf.Bytes()) - _, err = f.Write(data) - return err -} - -// SaveConfigPreserveCommentsUpdateNestedScalar updates a nested scalar key path like ["a","b"] -// while preserving comments and positions. -func SaveConfigPreserveCommentsUpdateNestedScalar(configFile string, path []string, value string) error { - data, err := os.ReadFile(configFile) - if err != nil { - return err - } - var root yaml.Node - if err = yaml.Unmarshal(data, &root); err != nil { - return err - } - if root.Kind != yaml.DocumentNode || len(root.Content) == 0 { - return fmt.Errorf("invalid yaml document structure") - } - node := root.Content[0] - // descend mapping nodes following path - for i, key := range path { - if i == len(path)-1 { - // set final scalar - v := getOrCreateMapValue(node, key) - v.Kind = yaml.ScalarNode - v.Tag = "!!str" - v.Value = value - } else { - next := getOrCreateMapValue(node, key) - if next.Kind != yaml.MappingNode { - next.Kind = yaml.MappingNode - next.Tag = "!!map" - } - node = next - } - } - f, err := os.Create(configFile) - if err != nil { - return err - } - defer func() { _ = f.Close() }() - var buf bytes.Buffer - enc := yaml.NewEncoder(&buf) - enc.SetIndent(2) - if err = enc.Encode(&root); err != nil { - _ = enc.Close() - return err - } - if err = enc.Close(); err != nil { - return err - } - data = NormalizeCommentIndentation(buf.Bytes()) - _, err = f.Write(data) - return err -} - -// NormalizeCommentIndentation removes indentation from standalone YAML comment lines to keep them left aligned. -func NormalizeCommentIndentation(data []byte) []byte { - lines := bytes.Split(data, []byte("\n")) - changed := false - for i, line := range lines { - trimmed := bytes.TrimLeft(line, " \t") - if len(trimmed) == 0 || trimmed[0] != '#' { - continue - } - if len(trimmed) == len(line) { - continue - } - lines[i] = append([]byte(nil), trimmed...) - changed = true - } - if !changed { - return data - } - return bytes.Join(lines, []byte("\n")) -} - -// getOrCreateMapValue finds the value node for a given key in a mapping node. -// If not found, it appends a new key/value pair and returns the new value node. -func getOrCreateMapValue(mapNode *yaml.Node, key string) *yaml.Node { - if mapNode.Kind != yaml.MappingNode { - mapNode.Kind = yaml.MappingNode - mapNode.Tag = "!!map" - mapNode.Content = nil - } - for i := 0; i+1 < len(mapNode.Content); i += 2 { - k := mapNode.Content[i] - if k.Value == key { - return mapNode.Content[i+1] - } - } - // append new key/value - mapNode.Content = append(mapNode.Content, &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: key}) - val := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: ""} - mapNode.Content = append(mapNode.Content, val) - return val -} - -// mergeMappingPreserve merges keys from src into dst mapping node while preserving -// key order and comments of existing keys in dst. New keys are only added if their -// value is non-zero and not a known default to avoid polluting the config with defaults. -func mergeMappingPreserve(dst, src *yaml.Node, path ...[]string) { - var currentPath []string - if len(path) > 0 { - currentPath = path[0] - } - - if dst == nil || src == nil { - return - } - if dst.Kind != yaml.MappingNode || src.Kind != yaml.MappingNode { - // If kinds do not match, prefer replacing dst with src semantics in-place - // but keep dst node object to preserve any attached comments at the parent level. - copyNodeShallow(dst, src) - return - } - for i := 0; i+1 < len(src.Content); i += 2 { - sk := src.Content[i] - sv := src.Content[i+1] - idx := findMapKeyIndex(dst, sk.Value) - childPath := appendPath(currentPath, sk.Value) - if idx >= 0 { - // Merge into existing value node (always update, even to zero values) - dv := dst.Content[idx+1] - mergeNodePreserve(dv, sv, childPath) - } else { - // New key: only add if value is non-zero and not a known default - candidate := deepCopyNode(sv) - pruneKnownDefaultsInNewNode(childPath, candidate) - if isKnownDefaultValue(childPath, candidate) { - continue - } - dst.Content = append(dst.Content, deepCopyNode(sk), candidate) - } - } -} - -// mergeNodePreserve merges src into dst for scalars, mappings and sequences while -// reusing destination nodes to keep comments and anchors. For sequences, it updates -// in-place by index. -func mergeNodePreserve(dst, src *yaml.Node, path ...[]string) { - var currentPath []string - if len(path) > 0 { - currentPath = path[0] - } - - if dst == nil || src == nil { - return - } - switch src.Kind { - case yaml.MappingNode: - if dst.Kind != yaml.MappingNode { - copyNodeShallow(dst, src) - } - mergeMappingPreserve(dst, src, currentPath) - case yaml.SequenceNode: - // Preserve explicit null style if dst was null and src is empty sequence - if dst.Kind == yaml.ScalarNode && dst.Tag == "!!null" && len(src.Content) == 0 { - // Keep as null to preserve original style - return - } - if dst.Kind != yaml.SequenceNode { - dst.Kind = yaml.SequenceNode - dst.Tag = "!!seq" - dst.Content = nil - } - reorderSequenceForMerge(dst, src) - // Update elements in place - minContent := len(dst.Content) - if len(src.Content) < minContent { - minContent = len(src.Content) - } - for i := 0; i < minContent; i++ { - if dst.Content[i] == nil { - dst.Content[i] = deepCopyNode(src.Content[i]) - continue - } - mergeNodePreserve(dst.Content[i], src.Content[i], currentPath) - if dst.Content[i] != nil && src.Content[i] != nil && - dst.Content[i].Kind == yaml.MappingNode && src.Content[i].Kind == yaml.MappingNode { - pruneMissingMapKeys(dst.Content[i], src.Content[i]) - } - } - // Append any extra items from src - for i := len(dst.Content); i < len(src.Content); i++ { - dst.Content = append(dst.Content, deepCopyNode(src.Content[i])) - } - // Truncate if dst has extra items not in src - if len(src.Content) < len(dst.Content) { - dst.Content = dst.Content[:len(src.Content)] - } - case yaml.ScalarNode, yaml.AliasNode: - // For scalars, update Tag and Value but keep Style from dst to preserve quoting - dst.Kind = src.Kind - dst.Tag = src.Tag - dst.Value = src.Value - // Keep dst.Style as-is intentionally - case 0: - // Unknown/empty kind; do nothing - default: - // Fallback: replace shallowly - copyNodeShallow(dst, src) - } -} - -// findMapKeyIndex returns the index of key node in dst mapping (index of key, not value). -// Returns -1 when not found. -func findMapKeyIndex(mapNode *yaml.Node, key string) int { - if mapNode == nil || mapNode.Kind != yaml.MappingNode { - return -1 - } - for i := 0; i+1 < len(mapNode.Content); i += 2 { - if mapNode.Content[i] != nil && mapNode.Content[i].Value == key { - return i - } - } - return -1 -} - -// appendPath appends a key to the path, returning a new slice to avoid modifying the original. -func appendPath(path []string, key string) []string { - if len(path) == 0 { - return []string{key} - } - newPath := make([]string, len(path)+1) - copy(newPath, path) - newPath[len(path)] = key - return newPath -} - -// isKnownDefaultValue returns true if the given node at the specified path -// represents a known default value that should not be written to the config file. -// This prevents non-zero defaults from polluting the config. -func isKnownDefaultValue(path []string, node *yaml.Node) bool { - // First check if it's a zero value - if isZeroValueNode(node) { - return true - } - - // Match known non-zero defaults by exact dotted path. - if len(path) == 0 { - return false - } - - fullPath := strings.Join(path, ".") - - // Check string defaults - if node.Kind == yaml.ScalarNode && node.Tag == "!!str" { - switch fullPath { - case "pprof.addr": - return node.Value == DefaultPprofAddr - case "remote-management.panel-github-repository": - return node.Value == DefaultPanelGitHubRepository - case "routing.strategy": - return node.Value == "round-robin" - } - } - - // Check integer defaults - if node.Kind == yaml.ScalarNode && node.Tag == "!!int" { - switch fullPath { - case "error-logs-max-files": - return node.Value == "10" - } - } - - return false -} - -// pruneKnownDefaultsInNewNode removes default-valued descendants from a new node -// before it is appended into the destination YAML tree. -func pruneKnownDefaultsInNewNode(path []string, node *yaml.Node) { - if node == nil { - return - } - - switch node.Kind { - case yaml.MappingNode: - filtered := make([]*yaml.Node, 0, len(node.Content)) - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valueNode := node.Content[i+1] - if keyNode == nil || valueNode == nil { - continue - } - - childPath := appendPath(path, keyNode.Value) - if isKnownDefaultValue(childPath, valueNode) { - continue - } - - pruneKnownDefaultsInNewNode(childPath, valueNode) - if (valueNode.Kind == yaml.MappingNode || valueNode.Kind == yaml.SequenceNode) && - len(valueNode.Content) == 0 { - continue - } - - filtered = append(filtered, keyNode, valueNode) - } - node.Content = filtered - case yaml.SequenceNode: - for _, child := range node.Content { - pruneKnownDefaultsInNewNode(path, child) - } - } -} - -// isZeroValueNode returns true if the YAML node represents a zero/default value -// that should not be written as a new key to preserve config cleanliness. -// For mappings and sequences, recursively checks if all children are zero values. -func isZeroValueNode(node *yaml.Node) bool { - if node == nil { - return true - } - switch node.Kind { - case yaml.ScalarNode: - switch node.Tag { - case "!!bool": - return node.Value == "false" - case "!!int", "!!float": - return node.Value == "0" || node.Value == "0.0" - case "!!str": - return node.Value == "" - case "!!null": - return true - } - case yaml.SequenceNode: - if len(node.Content) == 0 { - return true - } - // Check if all elements are zero values - for _, child := range node.Content { - if !isZeroValueNode(child) { - return false - } - } - return true - case yaml.MappingNode: - if len(node.Content) == 0 { - return true - } - // Check if all values are zero values (values are at odd indices) - for i := 1; i < len(node.Content); i += 2 { - if !isZeroValueNode(node.Content[i]) { - return false - } - } - return true - } - return false -} - -// deepCopyNode creates a deep copy of a yaml.Node graph. -func deepCopyNode(n *yaml.Node) *yaml.Node { - if n == nil { - return nil - } - cp := *n - if len(n.Content) > 0 { - cp.Content = make([]*yaml.Node, len(n.Content)) - for i := range n.Content { - cp.Content[i] = deepCopyNode(n.Content[i]) - } - } - return &cp -} - -// copyNodeShallow copies type/tag/value and resets content to match src, but -// keeps the same destination node pointer to preserve parent relations/comments. -func copyNodeShallow(dst, src *yaml.Node) { - if dst == nil || src == nil { - return - } - dst.Kind = src.Kind - dst.Tag = src.Tag - dst.Value = src.Value - // Replace content with deep copy from src - if len(src.Content) > 0 { - dst.Content = make([]*yaml.Node, len(src.Content)) - for i := range src.Content { - dst.Content[i] = deepCopyNode(src.Content[i]) - } - } else { - dst.Content = nil - } -} - -func reorderSequenceForMerge(dst, src *yaml.Node) { - if dst == nil || src == nil { - return - } - if len(dst.Content) == 0 { - return - } - if len(src.Content) == 0 { - return - } - original := append([]*yaml.Node(nil), dst.Content...) - used := make([]bool, len(original)) - ordered := make([]*yaml.Node, len(src.Content)) - for i := range src.Content { - if idx := matchSequenceElement(original, used, src.Content[i]); idx >= 0 { - ordered[i] = original[idx] - used[idx] = true - } - } - dst.Content = ordered -} - -func matchSequenceElement(original []*yaml.Node, used []bool, target *yaml.Node) int { - if target == nil { - return -1 - } - switch target.Kind { - case yaml.MappingNode: - id := sequenceElementIdentity(target) - if id != "" { - for i := range original { - if used[i] || original[i] == nil || original[i].Kind != yaml.MappingNode { - continue - } - if sequenceElementIdentity(original[i]) == id { - return i - } - } - } - case yaml.ScalarNode: - val := strings.TrimSpace(target.Value) - if val != "" { - for i := range original { - if used[i] || original[i] == nil || original[i].Kind != yaml.ScalarNode { - continue - } - if strings.TrimSpace(original[i].Value) == val { - return i - } - } - } - default: - } - // Fallback to structural equality to preserve nodes lacking explicit identifiers. - for i := range original { - if used[i] || original[i] == nil { - continue - } - if nodesStructurallyEqual(original[i], target) { - return i - } - } - return -1 -} - -func sequenceElementIdentity(node *yaml.Node) string { - if node == nil || node.Kind != yaml.MappingNode { - return "" - } - identityKeys := []string{"id", "name", "alias", "api-key", "api_key", "apikey", "key", "provider", "model"} - for _, k := range identityKeys { - if v := mappingScalarValue(node, k); v != "" { - return k + "=" + v - } - } - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil || valNode.Kind != yaml.ScalarNode { - continue - } - val := strings.TrimSpace(valNode.Value) - if val != "" { - return strings.ToLower(strings.TrimSpace(keyNode.Value)) + "=" + val - } - } - return "" -} - -func mappingScalarValue(node *yaml.Node, key string) string { - if node == nil || node.Kind != yaml.MappingNode { - return "" - } - lowerKey := strings.ToLower(key) - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil || valNode.Kind != yaml.ScalarNode { - continue - } - if strings.ToLower(strings.TrimSpace(keyNode.Value)) == lowerKey { - return strings.TrimSpace(valNode.Value) - } - } - return "" -} - -func nodesStructurallyEqual(a, b *yaml.Node) bool { - if a == nil || b == nil { - return a == b - } - if a.Kind != b.Kind { - return false - } - switch a.Kind { - case yaml.MappingNode: - if len(a.Content) != len(b.Content) { - return false - } - for i := 0; i+1 < len(a.Content); i += 2 { - if !nodesStructurallyEqual(a.Content[i], b.Content[i]) { - return false - } - if !nodesStructurallyEqual(a.Content[i+1], b.Content[i+1]) { - return false - } - } - return true - case yaml.SequenceNode: - if len(a.Content) != len(b.Content) { - return false - } - for i := range a.Content { - if !nodesStructurallyEqual(a.Content[i], b.Content[i]) { - return false - } - } - return true - case yaml.ScalarNode: - return strings.TrimSpace(a.Value) == strings.TrimSpace(b.Value) - case yaml.AliasNode: - return nodesStructurallyEqual(a.Alias, b.Alias) - default: - return strings.TrimSpace(a.Value) == strings.TrimSpace(b.Value) - } -} - -func removeMapKey(mapNode *yaml.Node, key string) { - if mapNode == nil || mapNode.Kind != yaml.MappingNode || key == "" { - return - } - for i := 0; i+1 < len(mapNode.Content); i += 2 { - if mapNode.Content[i] != nil && mapNode.Content[i].Value == key { - mapNode.Content = append(mapNode.Content[:i], mapNode.Content[i+2:]...) - return - } - } -} - -func pruneMappingToGeneratedKeys(dstRoot, srcRoot *yaml.Node, key string) { - if key == "" || dstRoot == nil || srcRoot == nil { - return - } - if dstRoot.Kind != yaml.MappingNode || srcRoot.Kind != yaml.MappingNode { - return - } - dstIdx := findMapKeyIndex(dstRoot, key) - if dstIdx < 0 || dstIdx+1 >= len(dstRoot.Content) { - return - } - srcIdx := findMapKeyIndex(srcRoot, key) - if srcIdx < 0 { - // Keep an explicit empty mapping for oauth-model-alias when it was previously present. - // - // Rationale: LoadConfig runs MigrateOAuthModelAlias before unmarshalling. If the - // oauth-model-alias key is missing, migration will add the default antigravity aliases. - // When users delete the last channel from oauth-model-alias via the management API, - // we want that deletion to persist across hot reloads and restarts. - if key == "oauth-model-alias" { - dstRoot.Content[dstIdx+1] = &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - return - } - removeMapKey(dstRoot, key) - return - } - if srcIdx+1 >= len(srcRoot.Content) { - return - } - srcVal := srcRoot.Content[srcIdx+1] - dstVal := dstRoot.Content[dstIdx+1] - if srcVal == nil { - dstRoot.Content[dstIdx+1] = nil - return - } - if srcVal.Kind != yaml.MappingNode { - dstRoot.Content[dstIdx+1] = deepCopyNode(srcVal) - return - } - if dstVal == nil || dstVal.Kind != yaml.MappingNode { - dstRoot.Content[dstIdx+1] = deepCopyNode(srcVal) - return - } - pruneMissingMapKeys(dstVal, srcVal) -} - -func pruneMissingMapKeys(dstMap, srcMap *yaml.Node) { - if dstMap == nil || srcMap == nil || dstMap.Kind != yaml.MappingNode || srcMap.Kind != yaml.MappingNode { - return - } - keep := make(map[string]struct{}, len(srcMap.Content)/2) - for i := 0; i+1 < len(srcMap.Content); i += 2 { - keyNode := srcMap.Content[i] - if keyNode == nil { - continue - } - key := strings.TrimSpace(keyNode.Value) - if key == "" { - continue - } - keep[key] = struct{}{} - } - for i := 0; i+1 < len(dstMap.Content); { - keyNode := dstMap.Content[i] - if keyNode == nil { - i += 2 - continue - } - key := strings.TrimSpace(keyNode.Value) - if _, ok := keep[key]; !ok { - dstMap.Content = append(dstMap.Content[:i], dstMap.Content[i+2:]...) - continue - } - i += 2 - } -} - -// normalizeCollectionNodeStyles forces YAML collections to use block notation, keeping -// lists and maps readable. Empty sequences retain flow style ([]) so empty list markers -// remain compact. -func normalizeCollectionNodeStyles(node *yaml.Node) { - if node == nil { - return - } - switch node.Kind { - case yaml.MappingNode: - node.Style = 0 - for i := range node.Content { - normalizeCollectionNodeStyles(node.Content[i]) - } - case yaml.SequenceNode: - if len(node.Content) == 0 { - node.Style = yaml.FlowStyle - } else { - node.Style = 0 - } - for i := range node.Content { - normalizeCollectionNodeStyles(node.Content[i]) - } - default: - // Scalars keep their existing style to preserve quoting - } -} - -// Legacy migration helpers (move deprecated config keys into structured fields). -type legacyConfigData struct { - LegacyGeminiKeys []string `yaml:"generative-language-api-key"` - OpenAICompat []legacyOpenAICompatibility `yaml:"openai-compatibility"` - AmpUpstreamURL string `yaml:"amp-upstream-url"` - AmpUpstreamAPIKey string `yaml:"amp-upstream-api-key"` - AmpRestrictManagement *bool `yaml:"amp-restrict-management-to-localhost"` - AmpModelMappings []AmpModelMapping `yaml:"amp-model-mappings"` -} - -type legacyOpenAICompatibility struct { - Name string `yaml:"name"` - BaseURL string `yaml:"base-url"` - APIKeys []string `yaml:"api-keys"` -} - -func (cfg *Config) migrateLegacyGeminiKeys(legacy []string) bool { - if cfg == nil || len(legacy) == 0 { - return false - } - changed := false - seen := make(map[string]struct{}, len(cfg.GeminiKey)) - for i := range cfg.GeminiKey { - key := strings.TrimSpace(cfg.GeminiKey[i].APIKey) - if key == "" { - continue - } - seen[key] = struct{}{} - } - for _, raw := range legacy { - key := strings.TrimSpace(raw) - if key == "" { - continue - } - if _, exists := seen[key]; exists { - continue - } - cfg.GeminiKey = append(cfg.GeminiKey, GeminiKey{APIKey: key}) - seen[key] = struct{}{} - changed = true - } - return changed -} - -func (cfg *Config) migrateLegacyOpenAICompatibilityKeys(legacy []legacyOpenAICompatibility) bool { - if cfg == nil || len(cfg.OpenAICompatibility) == 0 || len(legacy) == 0 { - return false - } - changed := false - for _, legacyEntry := range legacy { - if len(legacyEntry.APIKeys) == 0 { - continue - } - target := findOpenAICompatTarget(cfg.OpenAICompatibility, legacyEntry.Name, legacyEntry.BaseURL) - if target == nil { - continue - } - if mergeLegacyOpenAICompatAPIKeys(target, legacyEntry.APIKeys) { - changed = true - } - } - return changed -} - -func mergeLegacyOpenAICompatAPIKeys(entry *OpenAICompatibility, keys []string) bool { - if entry == nil || len(keys) == 0 { - return false - } - changed := false - existing := make(map[string]struct{}, len(entry.APIKeyEntries)) - for i := range entry.APIKeyEntries { - key := strings.TrimSpace(entry.APIKeyEntries[i].APIKey) - if key == "" { - continue - } - existing[key] = struct{}{} - } - for _, raw := range keys { - key := strings.TrimSpace(raw) - if key == "" { - continue - } - if _, ok := existing[key]; ok { - continue - } - entry.APIKeyEntries = append(entry.APIKeyEntries, OpenAICompatibilityAPIKey{APIKey: key}) - existing[key] = struct{}{} - changed = true - } - return changed -} - -func findOpenAICompatTarget(entries []OpenAICompatibility, legacyName, legacyBase string) *OpenAICompatibility { - nameKey := strings.ToLower(strings.TrimSpace(legacyName)) - baseKey := strings.ToLower(strings.TrimSpace(legacyBase)) - if nameKey != "" && baseKey != "" { - for i := range entries { - if strings.ToLower(strings.TrimSpace(entries[i].Name)) == nameKey && - strings.ToLower(strings.TrimSpace(entries[i].BaseURL)) == baseKey { - return &entries[i] - } - } - } - if baseKey != "" { - for i := range entries { - if strings.ToLower(strings.TrimSpace(entries[i].BaseURL)) == baseKey { - return &entries[i] - } - } - } - if nameKey != "" { - for i := range entries { - if strings.ToLower(strings.TrimSpace(entries[i].Name)) == nameKey { - return &entries[i] - } - } - } - return nil -} - -func (cfg *Config) migrateLegacyAmpConfig(legacy *legacyConfigData) bool { - if cfg == nil || legacy == nil { - return false - } - changed := false - if cfg.AmpCode.UpstreamURL == "" { - if val := strings.TrimSpace(legacy.AmpUpstreamURL); val != "" { - cfg.AmpCode.UpstreamURL = val - changed = true - } - } - if cfg.AmpCode.UpstreamAPIKey == "" { - if val := strings.TrimSpace(legacy.AmpUpstreamAPIKey); val != "" { - cfg.AmpCode.UpstreamAPIKey = val - changed = true - } - } - if legacy.AmpRestrictManagement != nil { - cfg.AmpCode.RestrictManagementToLocalhost = *legacy.AmpRestrictManagement - changed = true - } - if len(cfg.AmpCode.ModelMappings) == 0 && len(legacy.AmpModelMappings) > 0 { - cfg.AmpCode.ModelMappings = append([]AmpModelMapping(nil), legacy.AmpModelMappings...) - changed = true - } - return changed -} - -func removeLegacyOpenAICompatAPIKeys(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - idx := findMapKeyIndex(root, "openai-compatibility") - if idx < 0 || idx+1 >= len(root.Content) { - return - } - seq := root.Content[idx+1] - if seq == nil || seq.Kind != yaml.SequenceNode { - return - } - for i := range seq.Content { - if seq.Content[i] != nil && seq.Content[i].Kind == yaml.MappingNode { - removeMapKey(seq.Content[i], "api-keys") - } - } -} - -func removeLegacyAmpKeys(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - removeMapKey(root, "amp-upstream-url") - removeMapKey(root, "amp-upstream-api-key") - removeMapKey(root, "amp-restrict-management-to-localhost") - removeMapKey(root, "amp-model-mappings") -} - -func removeLegacyGenerativeLanguageKeys(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - removeMapKey(root, "generative-language-api-key") -} - -func removeLegacyAuthBlock(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - removeMapKey(root, "auth") -} diff --git a/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_migration.go b/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_migration.go deleted file mode 100644 index b5bf2fb3be..0000000000 --- a/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_migration.go +++ /dev/null @@ -1,314 +0,0 @@ -package config - -import ( - "os" - "strings" - - "gopkg.in/yaml.v3" -) - -// antigravityModelConversionTable maps old built-in aliases to actual model names -// for the antigravity channel during migration. -var antigravityModelConversionTable = map[string]string{ - "gemini-2.5-computer-use-preview-10-2025": "rev19-uic3-1p", - "gemini-3-pro-image-preview": "gemini-3-pro-image", - "gemini-3-pro-preview": "gemini-3-pro-high", - "gemini-3-flash-preview": "gemini-3-flash", - "gemini-claude-sonnet-4-5": "claude-sonnet-4-5", - "gemini-claude-sonnet-4-5-thinking": "claude-sonnet-4-5-thinking", - "gemini-claude-opus-4-5-thinking": "claude-opus-4-5-thinking", - "gemini-claude-opus-4-6-thinking": "claude-opus-4-6-thinking", -} - -// defaultKiroAliases returns the default oauth-model-alias configuration -// for the kiro channel. Maps kiro-prefixed model names to standard Claude model -// names so that clients like Claude Code can use standard names directly. -func defaultKiroAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - // Sonnet 4.5 - {Name: "kiro-claude-sonnet-4-5", Alias: "claude-sonnet-4-5-20250929", Fork: true}, - {Name: "kiro-claude-sonnet-4-5", Alias: "claude-sonnet-4-5", Fork: true}, - // Sonnet 4 - {Name: "kiro-claude-sonnet-4", Alias: "claude-sonnet-4-20250514", Fork: true}, - {Name: "kiro-claude-sonnet-4", Alias: "claude-sonnet-4", Fork: true}, - // Opus 4.6 - {Name: "kiro-claude-opus-4-6", Alias: "claude-opus-4-6", Fork: true}, - // Opus 4.5 - {Name: "kiro-claude-opus-4-5", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "kiro-claude-opus-4-5", Alias: "claude-opus-4-5", Fork: true}, - // Haiku 4.5 - {Name: "kiro-claude-haiku-4-5", Alias: "claude-haiku-4-5-20251001", Fork: true}, - {Name: "kiro-claude-haiku-4-5", Alias: "claude-haiku-4-5", Fork: true}, - } -} - -// defaultGitHubCopilotAliases returns default oauth-model-alias entries that -// expose Claude hyphen-style IDs for GitHub Copilot Claude models. -// This keeps compatibility with clients (e.g. Claude Code) that use -// Anthropic-style model IDs like "claude-opus-4-6". -func defaultGitHubCopilotAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - {Name: "claude-haiku-4.5", Alias: "claude-haiku-4-5", Fork: true}, - {Name: "claude-opus-4.1", Alias: "claude-opus-4-1", Fork: true}, - {Name: "claude-opus-4.5", Alias: "claude-opus-4-5", Fork: true}, - {Name: "claude-opus-4.6", Alias: "claude-opus-4-6", Fork: true}, - {Name: "claude-sonnet-4.5", Alias: "claude-sonnet-4-5", Fork: true}, - {Name: "claude-sonnet-4.6", Alias: "claude-sonnet-4-6", Fork: true}, - } -} - -// defaultAntigravityAliases returns the default oauth-model-alias configuration -// for the antigravity channel when neither field exists. -func defaultAntigravityAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - {Name: "rev19-uic3-1p", Alias: "gemini-2.5-computer-use-preview-10-2025"}, - {Name: "gemini-3-pro-image", Alias: "gemini-3-pro-image-preview"}, - {Name: "gemini-3-pro-high", Alias: "gemini-3-pro-preview"}, - {Name: "gemini-3-flash", Alias: "gemini-3-flash-preview"}, - {Name: "claude-sonnet-4-5", Alias: "gemini-claude-sonnet-4-5"}, - {Name: "claude-sonnet-4-5-thinking", Alias: "gemini-claude-sonnet-4-5-thinking"}, - {Name: "claude-opus-4-5-thinking", Alias: "gemini-claude-opus-4-5-thinking"}, - {Name: "claude-opus-4-6-thinking", Alias: "gemini-claude-opus-4-6-thinking"}, - } -} - -// MigrateOAuthModelAlias checks for and performs migration from oauth-model-mappings -// to oauth-model-alias at startup. Returns true if migration was performed. -// -// Migration flow: -// 1. Check if oauth-model-alias exists -> skip migration -// 2. Check if oauth-model-mappings exists -> convert and migrate -// - For antigravity channel, convert old built-in aliases to actual model names -// -// 3. Neither exists -> add default antigravity config -func MigrateOAuthModelAlias(configFile string) (bool, error) { - data, err := os.ReadFile(configFile) - if err != nil { - if os.IsNotExist(err) { - return false, nil - } - return false, err - } - if len(data) == 0 { - return false, nil - } - - // Parse YAML into node tree to preserve structure - var root yaml.Node - if err := yaml.Unmarshal(data, &root); err != nil { - return false, nil - } - if root.Kind != yaml.DocumentNode || len(root.Content) == 0 { - return false, nil - } - rootMap := root.Content[0] - if rootMap == nil || rootMap.Kind != yaml.MappingNode { - return false, nil - } - - // Check if oauth-model-alias already exists - if findMapKeyIndex(rootMap, "oauth-model-alias") >= 0 { - return false, nil - } - - // Check if oauth-model-mappings exists - oldIdx := findMapKeyIndex(rootMap, "oauth-model-mappings") - if oldIdx >= 0 { - // Migrate from old field - return migrateFromOldField(configFile, &root, rootMap, oldIdx) - } - - // Neither field exists - add default antigravity config - return addDefaultAntigravityConfig(configFile, &root, rootMap) -} - -// migrateFromOldField converts oauth-model-mappings to oauth-model-alias -func migrateFromOldField(configFile string, root *yaml.Node, rootMap *yaml.Node, oldIdx int) (bool, error) { - if oldIdx+1 >= len(rootMap.Content) { - return false, nil - } - oldValue := rootMap.Content[oldIdx+1] - if oldValue == nil || oldValue.Kind != yaml.MappingNode { - return false, nil - } - - // Parse the old aliases - oldAliases := parseOldAliasNode(oldValue) - if len(oldAliases) == 0 { - // Remove the old field and write - removeMapKeyByIndex(rootMap, oldIdx) - return writeYAMLNode(configFile, root) - } - - // Convert model names for antigravity channel - newAliases := make(map[string][]OAuthModelAlias, len(oldAliases)) - for channel, entries := range oldAliases { - converted := make([]OAuthModelAlias, 0, len(entries)) - for _, entry := range entries { - newEntry := OAuthModelAlias{ - Name: entry.Name, - Alias: entry.Alias, - Fork: entry.Fork, - } - // Convert model names for antigravity channel - if strings.EqualFold(channel, "antigravity") { - if actual, ok := antigravityModelConversionTable[entry.Name]; ok { - newEntry.Name = actual - } - } - converted = append(converted, newEntry) - } - newAliases[channel] = converted - } - - // For antigravity channel, supplement missing default aliases - if antigravityEntries, exists := newAliases["antigravity"]; exists { - // Build a set of already configured model names (upstream names) - configuredModels := make(map[string]bool, len(antigravityEntries)) - for _, entry := range antigravityEntries { - configuredModels[entry.Name] = true - } - - // Add missing default aliases - for _, defaultAlias := range defaultAntigravityAliases() { - if !configuredModels[defaultAlias.Name] { - antigravityEntries = append(antigravityEntries, defaultAlias) - } - } - newAliases["antigravity"] = antigravityEntries - } - - // Build new node - newNode := buildOAuthModelAliasNode(newAliases) - - // Replace old key with new key and value - rootMap.Content[oldIdx].Value = "oauth-model-alias" - rootMap.Content[oldIdx+1] = newNode - - return writeYAMLNode(configFile, root) -} - -// addDefaultAntigravityConfig adds the default antigravity configuration -func addDefaultAntigravityConfig(configFile string, root *yaml.Node, rootMap *yaml.Node) (bool, error) { - defaults := map[string][]OAuthModelAlias{ - "antigravity": defaultAntigravityAliases(), - } - newNode := buildOAuthModelAliasNode(defaults) - - // Add new key-value pair - keyNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "oauth-model-alias"} - rootMap.Content = append(rootMap.Content, keyNode, newNode) - - return writeYAMLNode(configFile, root) -} - -// parseOldAliasNode parses the old oauth-model-mappings node structure -func parseOldAliasNode(node *yaml.Node) map[string][]OAuthModelAlias { - if node == nil || node.Kind != yaml.MappingNode { - return nil - } - result := make(map[string][]OAuthModelAlias) - for i := 0; i+1 < len(node.Content); i += 2 { - channelNode := node.Content[i] - entriesNode := node.Content[i+1] - if channelNode == nil || entriesNode == nil { - continue - } - channel := strings.ToLower(strings.TrimSpace(channelNode.Value)) - if channel == "" || entriesNode.Kind != yaml.SequenceNode { - continue - } - entries := make([]OAuthModelAlias, 0, len(entriesNode.Content)) - for _, entryNode := range entriesNode.Content { - if entryNode == nil || entryNode.Kind != yaml.MappingNode { - continue - } - entry := parseAliasEntry(entryNode) - if entry.Name != "" && entry.Alias != "" { - entries = append(entries, entry) - } - } - if len(entries) > 0 { - result[channel] = entries - } - } - return result -} - -// parseAliasEntry parses a single alias entry node -func parseAliasEntry(node *yaml.Node) OAuthModelAlias { - var entry OAuthModelAlias - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil { - continue - } - switch strings.ToLower(strings.TrimSpace(keyNode.Value)) { - case "name": - entry.Name = strings.TrimSpace(valNode.Value) - case "alias": - entry.Alias = strings.TrimSpace(valNode.Value) - case "fork": - entry.Fork = strings.ToLower(strings.TrimSpace(valNode.Value)) == "true" - } - } - return entry -} - -// buildOAuthModelAliasNode creates a YAML node for oauth-model-alias -func buildOAuthModelAliasNode(aliases map[string][]OAuthModelAlias) *yaml.Node { - node := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - for channel, entries := range aliases { - channelNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: channel} - entriesNode := &yaml.Node{Kind: yaml.SequenceNode, Tag: "!!seq"} - for _, entry := range entries { - entryNode := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - entryNode.Content = append(entryNode.Content, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "name"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: entry.Name}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "alias"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: entry.Alias}, - ) - if entry.Fork { - entryNode.Content = append(entryNode.Content, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "fork"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!bool", Value: "true"}, - ) - } - entriesNode.Content = append(entriesNode.Content, entryNode) - } - node.Content = append(node.Content, channelNode, entriesNode) - } - return node -} - -// removeMapKeyByIndex removes a key-value pair from a mapping node by index -func removeMapKeyByIndex(mapNode *yaml.Node, keyIdx int) { - if mapNode == nil || mapNode.Kind != yaml.MappingNode { - return - } - if keyIdx < 0 || keyIdx+1 >= len(mapNode.Content) { - return - } - mapNode.Content = append(mapNode.Content[:keyIdx], mapNode.Content[keyIdx+2:]...) -} - -// writeYAMLNode writes the YAML node tree back to file -func writeYAMLNode(configFile string, root *yaml.Node) (bool, error) { - f, err := os.Create(configFile) - if err != nil { - return false, err - } - defer f.Close() - - enc := yaml.NewEncoder(f) - enc.SetIndent(2) - if err := enc.Encode(root); err != nil { - return false, err - } - if err := enc.Close(); err != nil { - return false, err - } - return true, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_migration_test.go b/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_migration_test.go deleted file mode 100644 index cd73b9d5d6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_migration_test.go +++ /dev/null @@ -1,245 +0,0 @@ -package config - -import ( - "os" - "path/filepath" - "strings" - "testing" - - "gopkg.in/yaml.v3" -) - -func TestMigrateOAuthModelAlias_SkipsIfNewFieldExists(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `oauth-model-alias: - gemini-cli: - - name: "gemini-2.5-pro" - alias: "g2.5p" -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if migrated { - t.Fatal("expected no migration when oauth-model-alias already exists") - } - - // Verify file unchanged - data, _ := os.ReadFile(configFile) - if !strings.Contains(string(data), "oauth-model-alias:") { - t.Fatal("file should still contain oauth-model-alias") - } -} - -func TestMigrateOAuthModelAlias_MigratesOldField(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `oauth-model-mappings: - gemini-cli: - - name: "gemini-2.5-pro" - alias: "g2.5p" - fork: true -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to occur") - } - - // Verify new field exists and old field removed - data, _ := os.ReadFile(configFile) - if strings.Contains(string(data), "oauth-model-mappings:") { - t.Fatal("old field should be removed") - } - if !strings.Contains(string(data), "oauth-model-alias:") { - t.Fatal("new field should exist") - } - - // Parse and verify structure - var root yaml.Node - if err := yaml.Unmarshal(data, &root); err != nil { - t.Fatal(err) - } -} - -func TestMigrateOAuthModelAlias_ConvertsAntigravityModels(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - // Use old model names that should be converted - content := `oauth-model-mappings: - antigravity: - - name: "gemini-2.5-computer-use-preview-10-2025" - alias: "computer-use" - - name: "gemini-3-pro-preview" - alias: "g3p" -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to occur") - } - - // Verify model names were converted - data, _ := os.ReadFile(configFile) - content = string(data) - if !strings.Contains(content, "rev19-uic3-1p") { - t.Fatal("expected gemini-2.5-computer-use-preview-10-2025 to be converted to rev19-uic3-1p") - } - if !strings.Contains(content, "gemini-3-pro-high") { - t.Fatal("expected gemini-3-pro-preview to be converted to gemini-3-pro-high") - } - - // Verify missing default aliases were supplemented - if !strings.Contains(content, "gemini-3-pro-image") { - t.Fatal("expected missing default alias gemini-3-pro-image to be added") - } - if !strings.Contains(content, "gemini-3-flash") { - t.Fatal("expected missing default alias gemini-3-flash to be added") - } - if !strings.Contains(content, "claude-sonnet-4-5") { - t.Fatal("expected missing default alias claude-sonnet-4-5 to be added") - } - if !strings.Contains(content, "claude-sonnet-4-5-thinking") { - t.Fatal("expected missing default alias claude-sonnet-4-5-thinking to be added") - } - if !strings.Contains(content, "claude-opus-4-5-thinking") { - t.Fatal("expected missing default alias claude-opus-4-5-thinking to be added") - } - if !strings.Contains(content, "claude-opus-4-6-thinking") { - t.Fatal("expected missing default alias claude-opus-4-6-thinking to be added") - } -} - -func TestMigrateOAuthModelAlias_AddsDefaultIfNeitherExists(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `debug: true -port: 8080 -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to add default config") - } - - // Verify default antigravity config was added - data, _ := os.ReadFile(configFile) - content = string(data) - if !strings.Contains(content, "oauth-model-alias:") { - t.Fatal("expected oauth-model-alias to be added") - } - if !strings.Contains(content, "antigravity:") { - t.Fatal("expected antigravity channel to be added") - } - if !strings.Contains(content, "rev19-uic3-1p") { - t.Fatal("expected default antigravity aliases to include rev19-uic3-1p") - } -} - -func TestMigrateOAuthModelAlias_PreservesOtherConfig(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `debug: true -port: 8080 -oauth-model-mappings: - gemini-cli: - - name: "test" - alias: "t" -api-keys: - - "key1" - - "key2" -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to occur") - } - - // Verify other config preserved - data, _ := os.ReadFile(configFile) - content = string(data) - if !strings.Contains(content, "debug: true") { - t.Fatal("expected debug field to be preserved") - } - if !strings.Contains(content, "port: 8080") { - t.Fatal("expected port field to be preserved") - } - if !strings.Contains(content, "api-keys:") { - t.Fatal("expected api-keys field to be preserved") - } -} - -func TestMigrateOAuthModelAlias_NonexistentFile(t *testing.T) { - t.Parallel() - - migrated, err := MigrateOAuthModelAlias("/nonexistent/path/config.yaml") - if err != nil { - t.Fatalf("unexpected error for nonexistent file: %v", err) - } - if migrated { - t.Fatal("expected no migration for nonexistent file") - } -} - -func TestMigrateOAuthModelAlias_EmptyFile(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - if err := os.WriteFile(configFile, []byte(""), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if migrated { - t.Fatal("expected no migration for empty file") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_test.go b/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_test.go deleted file mode 100644 index 6d914b5913..0000000000 --- a/.worktrees/config/m/config-build/active/internal/config/oauth_model_alias_test.go +++ /dev/null @@ -1,261 +0,0 @@ -package config - -import "testing" - -func TestSanitizeOAuthModelAlias_PreservesForkFlag(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - " CoDeX ": { - {Name: " gpt-5 ", Alias: " g5 ", Fork: true}, - {Name: "gpt-6", Alias: "g6"}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - aliases := cfg.OAuthModelAlias["codex"] - if len(aliases) != 2 { - t.Fatalf("expected 2 sanitized aliases, got %d", len(aliases)) - } - if aliases[0].Name != "gpt-5" || aliases[0].Alias != "g5" || !aliases[0].Fork { - t.Fatalf("expected first alias to be gpt-5->g5 fork=true, got name=%q alias=%q fork=%v", aliases[0].Name, aliases[0].Alias, aliases[0].Fork) - } - if aliases[1].Name != "gpt-6" || aliases[1].Alias != "g6" || aliases[1].Fork { - t.Fatalf("expected second alias to be gpt-6->g6 fork=false, got name=%q alias=%q fork=%v", aliases[1].Name, aliases[1].Alias, aliases[1].Fork) - } -} - -func TestSanitizeOAuthModelAlias_AllowsMultipleAliasesForSameName(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "antigravity": { - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101-thinking", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5", Fork: true}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - aliases := cfg.OAuthModelAlias["antigravity"] - expected := []OAuthModelAlias{ - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101-thinking", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5", Fork: true}, - } - if len(aliases) != len(expected) { - t.Fatalf("expected %d sanitized aliases, got %d", len(expected), len(aliases)) - } - for i, exp := range expected { - if aliases[i].Name != exp.Name || aliases[i].Alias != exp.Alias || aliases[i].Fork != exp.Fork { - t.Fatalf("expected alias %d to be name=%q alias=%q fork=%v, got name=%q alias=%q fork=%v", i, exp.Name, exp.Alias, exp.Fork, aliases[i].Name, aliases[i].Alias, aliases[i].Fork) - } - } -} - -func TestSanitizeOAuthModelAlias_InjectsDefaultKiroAliases(t *testing.T) { - // When no kiro aliases are configured, defaults should be injected - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "codex": { - {Name: "gpt-5", Alias: "g5"}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) == 0 { - t.Fatal("expected default kiro aliases to be injected") - } - - // Check that standard Claude model names are present - aliasSet := make(map[string]bool) - for _, a := range kiroAliases { - aliasSet[a.Alias] = true - } - expectedAliases := []string{ - "claude-sonnet-4-5-20250929", - "claude-sonnet-4-5", - "claude-sonnet-4-20250514", - "claude-sonnet-4", - "claude-opus-4-6", - "claude-opus-4-5-20251101", - "claude-opus-4-5", - "claude-haiku-4-5-20251001", - "claude-haiku-4-5", - } - for _, expected := range expectedAliases { - if !aliasSet[expected] { - t.Fatalf("expected default kiro alias %q to be present", expected) - } - } - - // All should have fork=true - for _, a := range kiroAliases { - if !a.Fork { - t.Fatalf("expected all default kiro aliases to have fork=true, got fork=false for %q", a.Alias) - } - } - - // Codex aliases should still be preserved - if len(cfg.OAuthModelAlias["codex"]) != 1 { - t.Fatal("expected codex aliases to be preserved") - } -} - -func TestSanitizeOAuthModelAlias_InjectsDefaultGitHubCopilotAliases(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "codex": { - {Name: "gpt-5", Alias: "g5"}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - copilotAliases := cfg.OAuthModelAlias["github-copilot"] - if len(copilotAliases) == 0 { - t.Fatal("expected default github-copilot aliases to be injected") - } - - aliasSet := make(map[string]bool, len(copilotAliases)) - for _, a := range copilotAliases { - aliasSet[a.Alias] = true - if !a.Fork { - t.Fatalf("expected all default github-copilot aliases to have fork=true, got fork=false for %q", a.Alias) - } - } - expectedAliases := []string{ - "claude-haiku-4-5", - "claude-opus-4-1", - "claude-opus-4-5", - "claude-opus-4-6", - "claude-sonnet-4-5", - "claude-sonnet-4-6", - } - for _, expected := range expectedAliases { - if !aliasSet[expected] { - t.Fatalf("expected default github-copilot alias %q to be present", expected) - } - } -} - -func TestSanitizeOAuthModelAlias_DoesNotOverrideUserKiroAliases(t *testing.T) { - // When user has configured kiro aliases, defaults should NOT be injected - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "kiro": { - {Name: "kiro-claude-sonnet-4", Alias: "my-custom-sonnet", Fork: true}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) != 1 { - t.Fatalf("expected 1 user-configured kiro alias, got %d", len(kiroAliases)) - } - if kiroAliases[0].Alias != "my-custom-sonnet" { - t.Fatalf("expected user alias to be preserved, got %q", kiroAliases[0].Alias) - } -} - -func TestSanitizeOAuthModelAlias_DoesNotOverrideUserGitHubCopilotAliases(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "github-copilot": { - {Name: "claude-opus-4.6", Alias: "my-opus", Fork: true}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - copilotAliases := cfg.OAuthModelAlias["github-copilot"] - if len(copilotAliases) != 1 { - t.Fatalf("expected 1 user-configured github-copilot alias, got %d", len(copilotAliases)) - } - if copilotAliases[0].Alias != "my-opus" { - t.Fatalf("expected user alias to be preserved, got %q", copilotAliases[0].Alias) - } -} - -func TestSanitizeOAuthModelAlias_DoesNotReinjectAfterExplicitDeletion(t *testing.T) { - // When user explicitly deletes kiro aliases (key exists with nil value), - // defaults should NOT be re-injected on subsequent sanitize calls (#222). - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "kiro": nil, // explicitly deleted - "codex": {{Name: "gpt-5", Alias: "g5"}}, - }, - } - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) != 0 { - t.Fatalf("expected kiro aliases to remain empty after explicit deletion, got %d aliases", len(kiroAliases)) - } - // The key itself must still be present to prevent re-injection on next reload - if _, exists := cfg.OAuthModelAlias["kiro"]; !exists { - t.Fatal("expected kiro key to be preserved as nil marker after sanitization") - } - // Other channels should be unaffected - if len(cfg.OAuthModelAlias["codex"]) != 1 { - t.Fatal("expected codex aliases to be preserved") - } -} - -func TestSanitizeOAuthModelAlias_GitHubCopilotDoesNotReinjectAfterExplicitDeletion(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "github-copilot": nil, // explicitly deleted - }, - } - - cfg.SanitizeOAuthModelAlias() - - copilotAliases := cfg.OAuthModelAlias["github-copilot"] - if len(copilotAliases) != 0 { - t.Fatalf("expected github-copilot aliases to remain empty after explicit deletion, got %d aliases", len(copilotAliases)) - } - if _, exists := cfg.OAuthModelAlias["github-copilot"]; !exists { - t.Fatal("expected github-copilot key to be preserved as nil marker after sanitization") - } -} - -func TestSanitizeOAuthModelAlias_DoesNotReinjectAfterExplicitDeletionEmpty(t *testing.T) { - // Same as above but with empty slice instead of nil (PUT with empty body). - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "kiro": {}, // explicitly set to empty - }, - } - - cfg.SanitizeOAuthModelAlias() - - if len(cfg.OAuthModelAlias["kiro"]) != 0 { - t.Fatalf("expected kiro aliases to remain empty, got %d aliases", len(cfg.OAuthModelAlias["kiro"])) - } - if _, exists := cfg.OAuthModelAlias["kiro"]; !exists { - t.Fatal("expected kiro key to be preserved") - } -} - -func TestSanitizeOAuthModelAlias_InjectsDefaultKiroWhenEmpty(t *testing.T) { - // When OAuthModelAlias is nil, kiro defaults should still be injected - cfg := &Config{} - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) == 0 { - t.Fatal("expected default kiro aliases to be injected when OAuthModelAlias is nil") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/config/sdk_config.go b/.worktrees/config/m/config-build/active/internal/config/sdk_config.go deleted file mode 100644 index 834d2aba6e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/config/sdk_config.go +++ /dev/null @@ -1,8 +0,0 @@ -// Package config provides configuration types for the llmproxy server. -package config - -import sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - -// Keep SDK types aligned with public SDK config to avoid split-type regressions. -type SDKConfig = sdkconfig.SDKConfig -type StreamingConfig = sdkconfig.StreamingConfig diff --git a/.worktrees/config/m/config-build/active/internal/config/vertex_compat.go b/.worktrees/config/m/config-build/active/internal/config/vertex_compat.go deleted file mode 100644 index 786c5318c3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/config/vertex_compat.go +++ /dev/null @@ -1,98 +0,0 @@ -package config - -import "strings" - -// VertexCompatKey represents the configuration for Vertex AI-compatible API keys. -// This supports third-party services that use Vertex AI-style endpoint paths -// (/publishers/google/models/{model}:streamGenerateContent) but authenticate -// with simple API keys instead of Google Cloud service account credentials. -// -// Example services: zenmux.ai and similar Vertex-compatible providers. -type VertexCompatKey struct { - // APIKey is the authentication key for accessing the Vertex-compatible API. - // Maps to the x-goog-api-key header. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces model aliases for this credential (e.g., "teamA/vertex-pro"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Vertex-compatible API endpoint. - // The executor will append "/v1/publishers/google/models/{model}:action" to this. - // Example: "https://zenmux.ai/api" becomes "https://zenmux.ai/api/v1/publishers/google/models/..." - BaseURL string `yaml:"base-url,omitempty" json:"base-url,omitempty"` - - // ProxyURL optionally overrides the global proxy for this API key. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - // Commonly used for cookies, user-agent, and other authentication headers. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // Models defines the model configurations including aliases for routing. - Models []VertexCompatModel `yaml:"models,omitempty" json:"models,omitempty"` -} - -func (k VertexCompatKey) GetAPIKey() string { return k.APIKey } -func (k VertexCompatKey) GetBaseURL() string { return k.BaseURL } - -// VertexCompatModel represents a model configuration for Vertex compatibility, -// including the actual model name and its alias for API routing. -type VertexCompatModel struct { - // Name is the actual model name used by the external provider. - Name string `yaml:"name" json:"name"` - - // Alias is the model name alias that clients will use to reference this model. - Alias string `yaml:"alias" json:"alias"` -} - -func (m VertexCompatModel) GetName() string { return m.Name } -func (m VertexCompatModel) GetAlias() string { return m.Alias } - -// SanitizeVertexCompatKeys deduplicates and normalizes Vertex-compatible API key credentials. -func (cfg *Config) SanitizeVertexCompatKeys() { - if cfg == nil { - return - } - - seen := make(map[string]struct{}, len(cfg.VertexCompatAPIKey)) - out := cfg.VertexCompatAPIKey[:0] - for i := range cfg.VertexCompatAPIKey { - entry := cfg.VertexCompatAPIKey[i] - entry.APIKey = strings.TrimSpace(entry.APIKey) - if entry.APIKey == "" { - continue - } - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - if entry.BaseURL == "" { - // BaseURL is required for Vertex API key entries - continue - } - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = NormalizeHeaders(entry.Headers) - - // Sanitize models: remove entries without valid alias - sanitizedModels := make([]VertexCompatModel, 0, len(entry.Models)) - for _, model := range entry.Models { - model.Alias = strings.TrimSpace(model.Alias) - model.Name = strings.TrimSpace(model.Name) - if model.Alias != "" && model.Name != "" { - sanitizedModels = append(sanitizedModels, model) - } - } - entry.Models = sanitizedModels - - // Use API key + base URL as uniqueness key - uniqueKey := entry.APIKey + "|" + entry.BaseURL - if _, exists := seen[uniqueKey]; exists { - continue - } - seen[uniqueKey] = struct{}{} - out = append(out, entry) - } - cfg.VertexCompatAPIKey = out -} diff --git a/.worktrees/config/m/config-build/active/internal/constant/constant.go b/.worktrees/config/m/config-build/active/internal/constant/constant.go deleted file mode 100644 index 9b7d31aab6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/constant/constant.go +++ /dev/null @@ -1,33 +0,0 @@ -// Package constant defines provider name constants used throughout the CLI Proxy API. -// These constants identify different AI service providers and their variants, -// ensuring consistent naming across the application. -package constant - -const ( - // Gemini represents the Google Gemini provider identifier. - Gemini = "gemini" - - // GeminiCLI represents the Google Gemini CLI provider identifier. - GeminiCLI = "gemini-cli" - - // Codex represents the OpenAI Codex provider identifier. - Codex = "codex" - - // Claude represents the Anthropic Claude provider identifier. - Claude = "claude" - - // OpenAI represents the OpenAI provider identifier. - OpenAI = "openai" - - // OpenaiResponse represents the OpenAI response format identifier. - OpenaiResponse = "openai-response" - - // Antigravity represents the Antigravity response format identifier. - Antigravity = "antigravity" - - // Kiro represents the AWS CodeWhisperer (Kiro) provider identifier. - Kiro = "kiro" - - // Kilo represents the Kilo AI provider identifier. - Kilo = "kilo" -) diff --git a/.worktrees/config/m/config-build/active/internal/interfaces/api_handler.go b/.worktrees/config/m/config-build/active/internal/interfaces/api_handler.go deleted file mode 100644 index dacd182054..0000000000 --- a/.worktrees/config/m/config-build/active/internal/interfaces/api_handler.go +++ /dev/null @@ -1,17 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -// APIHandler defines the interface that all API handlers must implement. -// This interface provides methods for identifying handler types and retrieving -// supported models for different AI service endpoints. -type APIHandler interface { - // HandlerType returns the type identifier for this API handler. - // This is used to determine which request/response translators to use. - HandlerType() string - - // Models returns a list of supported models for this API handler. - // Each model is represented as a map containing model metadata. - Models() []map[string]any -} diff --git a/.worktrees/config/m/config-build/active/internal/interfaces/client_models.go b/.worktrees/config/m/config-build/active/internal/interfaces/client_models.go deleted file mode 100644 index c6e4ff7802..0000000000 --- a/.worktrees/config/m/config-build/active/internal/interfaces/client_models.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -import ( - "time" -) - -// GCPProject represents the response structure for a Google Cloud project list request. -// This structure is used when fetching available projects for a Google Cloud account. -type GCPProject struct { - // Projects is a list of Google Cloud projects accessible by the user. - Projects []GCPProjectProjects `json:"projects"` -} - -// GCPProjectLabels defines the labels associated with a GCP project. -// These labels can contain metadata about the project's purpose or configuration. -type GCPProjectLabels struct { - // GenerativeLanguage indicates if the project has generative language APIs enabled. - GenerativeLanguage string `json:"generative-language"` -} - -// GCPProjectProjects contains details about a single Google Cloud project. -// This includes identifying information, metadata, and configuration details. -type GCPProjectProjects struct { - // ProjectNumber is the unique numeric identifier for the project. - ProjectNumber string `json:"projectNumber"` - - // ProjectID is the unique string identifier for the project. - ProjectID string `json:"projectId"` - - // LifecycleState indicates the current state of the project (e.g., "ACTIVE"). - LifecycleState string `json:"lifecycleState"` - - // Name is the human-readable name of the project. - Name string `json:"name"` - - // Labels contains metadata labels associated with the project. - Labels GCPProjectLabels `json:"labels"` - - // CreateTime is the timestamp when the project was created. - CreateTime time.Time `json:"createTime"` -} - -// Content represents a single message in a conversation, with a role and parts. -// This structure models a message exchange between a user and an AI model. -type Content struct { - // Role indicates who sent the message ("user", "model", or "tool"). - Role string `json:"role"` - - // Parts is a collection of content parts that make up the message. - Parts []Part `json:"parts"` -} - -// Part represents a distinct piece of content within a message. -// A part can be text, inline data (like an image), a function call, or a function response. -type Part struct { - Thought bool `json:"thought,omitempty"` - - // Text contains plain text content. - Text string `json:"text,omitempty"` - - // InlineData contains base64-encoded data with its MIME type (e.g., images). - InlineData *InlineData `json:"inlineData,omitempty"` - - // ThoughtSignature is a provider-required signature that accompanies certain parts. - ThoughtSignature string `json:"thoughtSignature,omitempty"` - - // FunctionCall represents a tool call requested by the model. - FunctionCall *FunctionCall `json:"functionCall,omitempty"` - - // FunctionResponse represents the result of a tool execution. - FunctionResponse *FunctionResponse `json:"functionResponse,omitempty"` -} - -// InlineData represents base64-encoded data with its MIME type. -// This is typically used for embedding images or other binary data in requests. -type InlineData struct { - // MimeType specifies the media type of the embedded data (e.g., "image/png"). - MimeType string `json:"mime_type,omitempty"` - - // Data contains the base64-encoded binary data. - Data string `json:"data,omitempty"` -} - -// FunctionCall represents a tool call requested by the model. -// It includes the function name and its arguments that the model wants to execute. -type FunctionCall struct { - // ID is the identifier of the function to be called. - ID string `json:"id,omitempty"` - - // Name is the identifier of the function to be called. - Name string `json:"name"` - - // Args contains the arguments to pass to the function. - Args map[string]interface{} `json:"args"` -} - -// FunctionResponse represents the result of a tool execution. -// This is sent back to the model after a tool call has been processed. -type FunctionResponse struct { - // ID is the identifier of the function to be called. - ID string `json:"id,omitempty"` - - // Name is the identifier of the function that was called. - Name string `json:"name"` - - // Response contains the result data from the function execution. - Response map[string]interface{} `json:"response"` -} - -// GenerateContentRequest is the top-level request structure for the streamGenerateContent endpoint. -// This structure defines all the parameters needed for generating content from an AI model. -type GenerateContentRequest struct { - // SystemInstruction provides system-level instructions that guide the model's behavior. - SystemInstruction *Content `json:"systemInstruction,omitempty"` - - // Contents is the conversation history between the user and the model. - Contents []Content `json:"contents"` - - // Tools defines the available tools/functions that the model can call. - Tools []ToolDeclaration `json:"tools,omitempty"` - - // GenerationConfig contains parameters that control the model's generation behavior. - GenerationConfig `json:"generationConfig"` -} - -// GenerationConfig defines parameters that control the model's generation behavior. -// These parameters affect the creativity, randomness, and reasoning of the model's responses. -type GenerationConfig struct { - // ThinkingConfig specifies configuration for the model's "thinking" process. - ThinkingConfig GenerationConfigThinkingConfig `json:"thinkingConfig,omitempty"` - - // Temperature controls the randomness of the model's responses. - // Values closer to 0 make responses more deterministic, while values closer to 1 increase randomness. - Temperature float64 `json:"temperature,omitempty"` - - // TopP controls nucleus sampling, which affects the diversity of responses. - // It limits the model to consider only the top P% of probability mass. - TopP float64 `json:"topP,omitempty"` - - // TopK limits the model to consider only the top K most likely tokens. - // This can help control the quality and diversity of generated text. - TopK float64 `json:"topK,omitempty"` -} - -// GenerationConfigThinkingConfig specifies configuration for the model's "thinking" process. -// This controls whether the model should output its reasoning process along with the final answer. -type GenerationConfigThinkingConfig struct { - // IncludeThoughts determines whether the model should output its reasoning process. - // When enabled, the model will include its step-by-step thinking in the response. - IncludeThoughts bool `json:"include_thoughts,omitempty"` -} - -// ToolDeclaration defines the structure for declaring tools (like functions) -// that the model can call during content generation. -type ToolDeclaration struct { - // FunctionDeclarations is a list of available functions that the model can call. - FunctionDeclarations []interface{} `json:"functionDeclarations"` -} diff --git a/.worktrees/config/m/config-build/active/internal/interfaces/error_message.go b/.worktrees/config/m/config-build/active/internal/interfaces/error_message.go deleted file mode 100644 index eecdc9cbe0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/interfaces/error_message.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -import "net/http" - -// ErrorMessage encapsulates an error with an associated HTTP status code. -// This structure is used to provide detailed error information including -// both the HTTP status and the underlying error. -type ErrorMessage struct { - // StatusCode is the HTTP status code returned by the API. - StatusCode int - - // Error is the underlying error that occurred. - Error error - - // Addon contains additional headers to be added to the response. - Addon http.Header -} diff --git a/.worktrees/config/m/config-build/active/internal/interfaces/types.go b/.worktrees/config/m/config-build/active/internal/interfaces/types.go deleted file mode 100644 index 9fb1e7f3b8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/interfaces/types.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package interfaces provides type aliases for backwards compatibility with translator functions. -// It defines common interface types used throughout the CLI Proxy API for request and response -// transformation operations, maintaining compatibility with the SDK translator package. -package interfaces - -import sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - -// Backwards compatible aliases for translator function types. -type TranslateRequestFunc = sdktranslator.RequestTransform - -type TranslateResponseFunc = sdktranslator.ResponseStreamTransform - -type TranslateResponseNonStreamFunc = sdktranslator.ResponseNonStreamTransform - -type TranslateResponse = sdktranslator.ResponseTransform diff --git a/.worktrees/config/m/config-build/active/internal/logging/gin_logger.go b/.worktrees/config/m/config-build/active/internal/logging/gin_logger.go deleted file mode 100644 index b94d7afe6d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/gin_logger.go +++ /dev/null @@ -1,150 +0,0 @@ -// Package logging provides Gin middleware for HTTP request logging and panic recovery. -// It integrates Gin web framework with logrus for structured logging of HTTP requests, -// responses, and error handling with panic recovery capabilities. -package logging - -import ( - "errors" - "fmt" - "net/http" - "runtime/debug" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// aiAPIPrefixes defines path prefixes for AI API requests that should have request ID tracking. -var aiAPIPrefixes = []string{ - "/v1/chat/completions", - "/v1/completions", - "/v1/messages", - "/v1/responses", - "/v1beta/models/", - "/api/provider/", -} - -const skipGinLogKey = "__gin_skip_request_logging__" - -// GinLogrusLogger returns a Gin middleware handler that logs HTTP requests and responses -// using logrus. It captures request details including method, path, status code, latency, -// client IP, and any error messages. Request ID is only added for AI API requests. -// -// Output format (AI API): [2025-12-23 20:14:10] [info ] | a1b2c3d4 | 200 | 23.559s | ... -// Output format (others): [2025-12-23 20:14:10] [info ] | -------- | 200 | 23.559s | ... -// -// Returns: -// - gin.HandlerFunc: A middleware handler for request logging -func GinLogrusLogger() gin.HandlerFunc { - return func(c *gin.Context) { - start := time.Now() - path := c.Request.URL.Path - raw := util.MaskSensitiveQuery(c.Request.URL.RawQuery) - - // Only generate request ID for AI API paths - var requestID string - if isAIAPIPath(path) { - requestID = GenerateRequestID() - SetGinRequestID(c, requestID) - ctx := WithRequestID(c.Request.Context(), requestID) - c.Request = c.Request.WithContext(ctx) - } - - c.Next() - - if shouldSkipGinRequestLogging(c) { - return - } - - if raw != "" { - path = path + "?" + raw - } - - latency := time.Since(start) - if latency > time.Minute { - latency = latency.Truncate(time.Second) - } else { - latency = latency.Truncate(time.Millisecond) - } - - statusCode := c.Writer.Status() - clientIP := c.ClientIP() - method := c.Request.Method - errorMessage := c.Errors.ByType(gin.ErrorTypePrivate).String() - - if requestID == "" { - requestID = "--------" - } - logLine := fmt.Sprintf("%3d | %13v | %15s | %-7s \"%s\"", statusCode, latency, clientIP, method, path) - if errorMessage != "" { - logLine = logLine + " | " + errorMessage - } - - entry := log.WithField("request_id", requestID) - - switch { - case statusCode >= http.StatusInternalServerError: - entry.Error(logLine) - case statusCode >= http.StatusBadRequest: - entry.Warn(logLine) - default: - entry.Info(logLine) - } - } -} - -// isAIAPIPath checks if the given path is an AI API endpoint that should have request ID tracking. -func isAIAPIPath(path string) bool { - for _, prefix := range aiAPIPrefixes { - if strings.HasPrefix(path, prefix) { - return true - } - } - return false -} - -// GinLogrusRecovery returns a Gin middleware handler that recovers from panics and logs -// them using logrus. When a panic occurs, it captures the panic value, stack trace, -// and request path, then returns a 500 Internal Server Error response to the client. -// -// Returns: -// - gin.HandlerFunc: A middleware handler for panic recovery -func GinLogrusRecovery() gin.HandlerFunc { - return gin.CustomRecovery(func(c *gin.Context, recovered interface{}) { - if err, ok := recovered.(error); ok && errors.Is(err, http.ErrAbortHandler) { - // Let net/http handle ErrAbortHandler so the connection is aborted without noisy stack logs. - panic(http.ErrAbortHandler) - } - - log.WithFields(log.Fields{ - "panic": recovered, - "stack": string(debug.Stack()), - "path": c.Request.URL.Path, - }).Error("recovered from panic") - - c.AbortWithStatus(http.StatusInternalServerError) - }) -} - -// SkipGinRequestLogging marks the provided Gin context so that GinLogrusLogger -// will skip emitting a log line for the associated request. -func SkipGinRequestLogging(c *gin.Context) { - if c == nil { - return - } - c.Set(skipGinLogKey, true) -} - -func shouldSkipGinRequestLogging(c *gin.Context) bool { - if c == nil { - return false - } - val, exists := c.Get(skipGinLogKey) - if !exists { - return false - } - flag, ok := val.(bool) - return ok && flag -} diff --git a/.worktrees/config/m/config-build/active/internal/logging/gin_logger_test.go b/.worktrees/config/m/config-build/active/internal/logging/gin_logger_test.go deleted file mode 100644 index 7de1833865..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/gin_logger_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package logging - -import ( - "errors" - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestGinLogrusRecoveryRepanicsErrAbortHandler(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusRecovery()) - engine.GET("/abort", func(c *gin.Context) { - panic(http.ErrAbortHandler) - }) - - req := httptest.NewRequest(http.MethodGet, "/abort", nil) - recorder := httptest.NewRecorder() - - defer func() { - recovered := recover() - if recovered == nil { - t.Fatalf("expected panic, got nil") - } - err, ok := recovered.(error) - if !ok { - t.Fatalf("expected error panic, got %T", recovered) - } - if !errors.Is(err, http.ErrAbortHandler) { - t.Fatalf("expected ErrAbortHandler, got %v", err) - } - if err != http.ErrAbortHandler { - t.Fatalf("expected exact ErrAbortHandler sentinel, got %v", err) - } - }() - - engine.ServeHTTP(recorder, req) -} - -func TestGinLogrusRecoveryHandlesRegularPanic(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusRecovery()) - engine.GET("/panic", func(c *gin.Context) { - panic("boom") - }) - - req := httptest.NewRequest(http.MethodGet, "/panic", nil) - recorder := httptest.NewRecorder() - - engine.ServeHTTP(recorder, req) - if recorder.Code != http.StatusInternalServerError { - t.Fatalf("expected 500, got %d", recorder.Code) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/logging/global_logger.go b/.worktrees/config/m/config-build/active/internal/logging/global_logger.go deleted file mode 100644 index 484ecba7ed..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/global_logger.go +++ /dev/null @@ -1,204 +0,0 @@ -package logging - -import ( - "bytes" - "fmt" - "io" - "os" - "path/filepath" - "strings" - "sync" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "gopkg.in/natefinch/lumberjack.v2" -) - -var ( - setupOnce sync.Once - writerMu sync.Mutex - logWriter *lumberjack.Logger - ginInfoWriter *io.PipeWriter - ginErrorWriter *io.PipeWriter -) - -// LogFormatter defines a custom log format for logrus. -// This formatter adds timestamp, level, request ID, and source location to each log entry. -// Format: [2025-12-23 20:14:04] [debug] [manager.go:524] | a1b2c3d4 | Use API key sk-9...0RHO for model gpt-5.2 -type LogFormatter struct{} - -// logFieldOrder defines the display order for common log fields. -var logFieldOrder = []string{"provider", "model", "mode", "budget", "level", "original_mode", "original_value", "min", "max", "clamped_to", "error"} - -// Format renders a single log entry with custom formatting. -func (m *LogFormatter) Format(entry *log.Entry) ([]byte, error) { - var buffer *bytes.Buffer - if entry.Buffer != nil { - buffer = entry.Buffer - } else { - buffer = &bytes.Buffer{} - } - - timestamp := entry.Time.Format("2006-01-02 15:04:05") - message := strings.TrimRight(entry.Message, "\r\n") - - reqID := "--------" - if id, ok := entry.Data["request_id"].(string); ok && id != "" { - reqID = id - } - - level := entry.Level.String() - if level == "warning" { - level = "warn" - } - levelStr := fmt.Sprintf("%-5s", level) - - // Build fields string (only print fields in logFieldOrder) - var fieldsStr string - if len(entry.Data) > 0 { - var fields []string - for _, k := range logFieldOrder { - if v, ok := entry.Data[k]; ok { - fields = append(fields, fmt.Sprintf("%s=%v", k, v)) - } - } - if len(fields) > 0 { - fieldsStr = " " + strings.Join(fields, " ") - } - } - - var formatted string - if entry.Caller != nil { - formatted = fmt.Sprintf("[%s] [%s] [%s] [%s:%d] %s%s\n", timestamp, reqID, levelStr, filepath.Base(entry.Caller.File), entry.Caller.Line, message, fieldsStr) - } else { - formatted = fmt.Sprintf("[%s] [%s] [%s] %s%s\n", timestamp, reqID, levelStr, message, fieldsStr) - } - buffer.WriteString(formatted) - - return buffer.Bytes(), nil -} - -// SetupBaseLogger configures the shared logrus instance and Gin writers. -// It is safe to call multiple times; initialization happens only once. -func SetupBaseLogger() { - setupOnce.Do(func() { - log.SetOutput(os.Stdout) - log.SetLevel(log.InfoLevel) - log.SetReportCaller(true) - log.SetFormatter(&LogFormatter{}) - - ginInfoWriter = log.StandardLogger().Writer() - gin.DefaultWriter = ginInfoWriter - ginErrorWriter = log.StandardLogger().WriterLevel(log.ErrorLevel) - gin.DefaultErrorWriter = ginErrorWriter - gin.DebugPrintFunc = func(format string, values ...interface{}) { - format = strings.TrimRight(format, "\r\n") - log.StandardLogger().Infof(format, values...) - } - - log.RegisterExitHandler(closeLogOutputs) - }) -} - -// isDirWritable checks if the specified directory exists and is writable by attempting to create and remove a test file. -func isDirWritable(dir string) bool { - info, err := os.Stat(dir) - if err != nil || !info.IsDir() { - return false - } - - testFile := filepath.Join(dir, ".perm_test") - f, err := os.Create(testFile) - if err != nil { - return false - } - - defer func() { - _ = f.Close() - _ = os.Remove(testFile) - }() - return true -} - -// ResolveLogDirectory determines the directory used for application logs. -func ResolveLogDirectory(cfg *config.Config) string { - logDir := "logs" - if base := util.WritablePath(); base != "" { - return filepath.Join(base, "logs") - } - if cfg == nil { - return logDir - } - if !isDirWritable(logDir) { - authDir, err := util.ResolveAuthDir(cfg.AuthDir) - if err != nil { - log.Warnf("Failed to resolve auth-dir %q for log directory: %v", cfg.AuthDir, err) - } - if authDir != "" { - logDir = filepath.Join(authDir, "logs") - } - } - return logDir -} - -// ConfigureLogOutput switches the global log destination between rotating files and stdout. -// When logsMaxTotalSizeMB > 0, a background cleaner removes the oldest log files in the logs directory -// until the total size is within the limit. -func ConfigureLogOutput(cfg *config.Config) error { - SetupBaseLogger() - - writerMu.Lock() - defer writerMu.Unlock() - - logDir := ResolveLogDirectory(cfg) - - protectedPath := "" - if cfg.LoggingToFile { - if err := os.MkdirAll(logDir, 0o755); err != nil { - return fmt.Errorf("logging: failed to create log directory: %w", err) - } - if logWriter != nil { - _ = logWriter.Close() - } - protectedPath = filepath.Join(logDir, "main.log") - logWriter = &lumberjack.Logger{ - Filename: protectedPath, - MaxSize: 10, - MaxBackups: 0, - MaxAge: 0, - Compress: false, - } - log.SetOutput(logWriter) - } else { - if logWriter != nil { - _ = logWriter.Close() - logWriter = nil - } - log.SetOutput(os.Stdout) - } - - configureLogDirCleanerLocked(logDir, cfg.LogsMaxTotalSizeMB, protectedPath) - return nil -} - -func closeLogOutputs() { - writerMu.Lock() - defer writerMu.Unlock() - - stopLogDirCleanerLocked() - - if logWriter != nil { - _ = logWriter.Close() - logWriter = nil - } - if ginInfoWriter != nil { - _ = ginInfoWriter.Close() - ginInfoWriter = nil - } - if ginErrorWriter != nil { - _ = ginErrorWriter.Close() - ginErrorWriter = nil - } -} diff --git a/.worktrees/config/m/config-build/active/internal/logging/log_dir_cleaner.go b/.worktrees/config/m/config-build/active/internal/logging/log_dir_cleaner.go deleted file mode 100644 index e563b381ce..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/log_dir_cleaner.go +++ /dev/null @@ -1,166 +0,0 @@ -package logging - -import ( - "context" - "os" - "path/filepath" - "sort" - "strings" - "time" - - log "github.com/sirupsen/logrus" -) - -const logDirCleanerInterval = time.Minute - -var logDirCleanerCancel context.CancelFunc - -func configureLogDirCleanerLocked(logDir string, maxTotalSizeMB int, protectedPath string) { - stopLogDirCleanerLocked() - - if maxTotalSizeMB <= 0 { - return - } - - maxBytes := int64(maxTotalSizeMB) * 1024 * 1024 - if maxBytes <= 0 { - return - } - - dir := strings.TrimSpace(logDir) - if dir == "" { - return - } - - ctx, cancel := context.WithCancel(context.Background()) - logDirCleanerCancel = cancel - go runLogDirCleaner(ctx, filepath.Clean(dir), maxBytes, strings.TrimSpace(protectedPath)) -} - -func stopLogDirCleanerLocked() { - if logDirCleanerCancel == nil { - return - } - logDirCleanerCancel() - logDirCleanerCancel = nil -} - -func runLogDirCleaner(ctx context.Context, logDir string, maxBytes int64, protectedPath string) { - ticker := time.NewTicker(logDirCleanerInterval) - defer ticker.Stop() - - cleanOnce := func() { - deleted, errClean := enforceLogDirSizeLimit(logDir, maxBytes, protectedPath) - if errClean != nil { - log.WithError(errClean).Warn("logging: failed to enforce log directory size limit") - return - } - if deleted > 0 { - log.Debugf("logging: removed %d old log file(s) to enforce log directory size limit", deleted) - } - } - - cleanOnce() - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - cleanOnce() - } - } -} - -func enforceLogDirSizeLimit(logDir string, maxBytes int64, protectedPath string) (int, error) { - if maxBytes <= 0 { - return 0, nil - } - - dir := strings.TrimSpace(logDir) - if dir == "" { - return 0, nil - } - dir = filepath.Clean(dir) - - entries, errRead := os.ReadDir(dir) - if errRead != nil { - if os.IsNotExist(errRead) { - return 0, nil - } - return 0, errRead - } - - protected := strings.TrimSpace(protectedPath) - if protected != "" { - protected = filepath.Clean(protected) - } - - type logFile struct { - path string - size int64 - modTime time.Time - } - - var ( - files []logFile - total int64 - ) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !isLogFileName(name) { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - continue - } - if !info.Mode().IsRegular() { - continue - } - path := filepath.Join(dir, name) - files = append(files, logFile{ - path: path, - size: info.Size(), - modTime: info.ModTime(), - }) - total += info.Size() - } - - if total <= maxBytes { - return 0, nil - } - - sort.Slice(files, func(i, j int) bool { - return files[i].modTime.Before(files[j].modTime) - }) - - deleted := 0 - for _, file := range files { - if total <= maxBytes { - break - } - if protected != "" && filepath.Clean(file.path) == protected { - continue - } - if errRemove := os.Remove(file.path); errRemove != nil { - log.WithError(errRemove).Warnf("logging: failed to remove old log file: %s", filepath.Base(file.path)) - continue - } - total -= file.size - deleted++ - } - - return deleted, nil -} - -func isLogFileName(name string) bool { - trimmed := strings.TrimSpace(name) - if trimmed == "" { - return false - } - lower := strings.ToLower(trimmed) - return strings.HasSuffix(lower, ".log") || strings.HasSuffix(lower, ".log.gz") -} diff --git a/.worktrees/config/m/config-build/active/internal/logging/log_dir_cleaner_test.go b/.worktrees/config/m/config-build/active/internal/logging/log_dir_cleaner_test.go deleted file mode 100644 index 3670da5083..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/log_dir_cleaner_test.go +++ /dev/null @@ -1,70 +0,0 @@ -package logging - -import ( - "os" - "path/filepath" - "testing" - "time" -) - -func TestEnforceLogDirSizeLimitDeletesOldest(t *testing.T) { - dir := t.TempDir() - - writeLogFile(t, filepath.Join(dir, "old.log"), 60, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "mid.log"), 60, time.Unix(2, 0)) - protected := filepath.Join(dir, "main.log") - writeLogFile(t, protected, 60, time.Unix(3, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 120, protected) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(filepath.Join(dir, "old.log")); !os.IsNotExist(err) { - t.Fatalf("expected old.log to be removed, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "mid.log")); err != nil { - t.Fatalf("expected mid.log to remain, stat error: %v", err) - } - if _, err := os.Stat(protected); err != nil { - t.Fatalf("expected protected main.log to remain, stat error: %v", err) - } -} - -func TestEnforceLogDirSizeLimitSkipsProtected(t *testing.T) { - dir := t.TempDir() - - protected := filepath.Join(dir, "main.log") - writeLogFile(t, protected, 200, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "other.log"), 50, time.Unix(2, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 100, protected) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(protected); err != nil { - t.Fatalf("expected protected main.log to remain, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "other.log")); !os.IsNotExist(err) { - t.Fatalf("expected other.log to be removed, stat error: %v", err) - } -} - -func writeLogFile(t *testing.T, path string, size int, modTime time.Time) { - t.Helper() - - data := make([]byte, size) - if err := os.WriteFile(path, data, 0o644); err != nil { - t.Fatalf("write file: %v", err) - } - if err := os.Chtimes(path, modTime, modTime); err != nil { - t.Fatalf("set times: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/logging/request_logger.go b/.worktrees/config/m/config-build/active/internal/logging/request_logger.go deleted file mode 100644 index ad7b03c1c4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/request_logger.go +++ /dev/null @@ -1,1274 +0,0 @@ -// Package logging provides request logging functionality for the CLI Proxy API server. -// It handles capturing and storing detailed HTTP request and response data when enabled -// through configuration, supporting both regular and streaming responses. -package logging - -import ( - "bytes" - "compress/flate" - "compress/gzip" - "fmt" - "io" - "os" - "path/filepath" - "regexp" - "sort" - "strings" - "sync/atomic" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - log "github.com/sirupsen/logrus" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/buildinfo" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" -) - -var requestLogID atomic.Uint64 - -// RequestLogger defines the interface for logging HTTP requests and responses. -// It provides methods for logging both regular and streaming HTTP request/response cycles. -type RequestLogger interface { - // LogRequest logs a complete non-streaming request/response cycle. - // - // Parameters: - // - url: The request URL - // - method: The HTTP method - // - requestHeaders: The request headers - // - body: The request body - // - statusCode: The response status code - // - responseHeaders: The response headers - // - response: The raw response data - // - apiRequest: The API request data - // - apiResponse: The API response data - // - requestID: Optional request ID for log file naming - // - requestTimestamp: When the request was received - // - apiResponseTimestamp: When the API response was received - // - // Returns: - // - error: An error if logging fails, nil otherwise - LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error - - // LogStreamingRequest initiates logging for a streaming request and returns a writer for chunks. - // - // Parameters: - // - url: The request URL - // - method: The HTTP method - // - headers: The request headers - // - body: The request body - // - requestID: Optional request ID for log file naming - // - // Returns: - // - StreamingLogWriter: A writer for streaming response chunks - // - error: An error if logging initialization fails, nil otherwise - LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (StreamingLogWriter, error) - - // IsEnabled returns whether request logging is currently enabled. - // - // Returns: - // - bool: True if logging is enabled, false otherwise - IsEnabled() bool -} - -// StreamingLogWriter handles real-time logging of streaming response chunks. -// It provides methods for writing streaming response data asynchronously. -type StreamingLogWriter interface { - // WriteChunkAsync writes a response chunk asynchronously (non-blocking). - // - // Parameters: - // - chunk: The response chunk to write - WriteChunkAsync(chunk []byte) - - // WriteStatus writes the response status and headers to the log. - // - // Parameters: - // - status: The response status code - // - headers: The response headers - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteStatus(status int, headers map[string][]string) error - - // WriteAPIRequest writes the upstream API request details to the log. - // This should be called before WriteStatus to maintain proper log ordering. - // - // Parameters: - // - apiRequest: The API request data (typically includes URL, headers, body sent upstream) - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteAPIRequest(apiRequest []byte) error - - // WriteAPIResponse writes the upstream API response details to the log. - // This should be called after the streaming response is complete. - // - // Parameters: - // - apiResponse: The API response data - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteAPIResponse(apiResponse []byte) error - - // SetFirstChunkTimestamp sets the TTFB timestamp captured when first chunk was received. - // - // Parameters: - // - timestamp: The time when first response chunk was received - SetFirstChunkTimestamp(timestamp time.Time) - - // Close finalizes the log file and cleans up resources. - // - // Returns: - // - error: An error if closing fails, nil otherwise - Close() error -} - -// FileRequestLogger implements RequestLogger using file-based storage. -// It provides file-based logging functionality for HTTP requests and responses. -type FileRequestLogger struct { - // enabled indicates whether request logging is currently enabled. - enabled bool - - // logsDir is the directory where log files are stored. - logsDir string - - // errorLogsMaxFiles limits the number of error log files retained. - errorLogsMaxFiles int -} - -// NewFileRequestLogger creates a new file-based request logger. -// -// Parameters: -// - enabled: Whether request logging should be enabled -// - logsDir: The directory where log files should be stored (can be relative) -// - configDir: The directory of the configuration file; when logsDir is -// relative, it will be resolved relative to this directory -// - errorLogsMaxFiles: Maximum number of error log files to retain (0 = no cleanup) -// -// Returns: -// - *FileRequestLogger: A new file-based request logger instance -func NewFileRequestLogger(enabled bool, logsDir string, configDir string, errorLogsMaxFiles int) *FileRequestLogger { - // Resolve logsDir relative to the configuration file directory when it's not absolute. - if !filepath.IsAbs(logsDir) { - // If configDir is provided, resolve logsDir relative to it. - if configDir != "" { - logsDir = filepath.Join(configDir, logsDir) - } - } - return &FileRequestLogger{ - enabled: enabled, - logsDir: logsDir, - errorLogsMaxFiles: errorLogsMaxFiles, - } -} - -// IsEnabled returns whether request logging is currently enabled. -// -// Returns: -// - bool: True if logging is enabled, false otherwise -func (l *FileRequestLogger) IsEnabled() bool { - return l.enabled -} - -// SetEnabled updates the request logging enabled state. -// This method allows dynamic enabling/disabling of request logging. -// -// Parameters: -// - enabled: Whether request logging should be enabled -func (l *FileRequestLogger) SetEnabled(enabled bool) { - l.enabled = enabled -} - -// SetErrorLogsMaxFiles updates the maximum number of error log files to retain. -func (l *FileRequestLogger) SetErrorLogsMaxFiles(maxFiles int) { - l.errorLogsMaxFiles = maxFiles -} - -// LogRequest logs a complete non-streaming request/response cycle to a file. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - requestHeaders: The request headers -// - body: The request body -// - statusCode: The response status code -// - responseHeaders: The response headers -// - response: The raw response data -// - apiRequest: The API request data -// - apiResponse: The API response data -// - requestID: Optional request ID for log file naming -// - requestTimestamp: When the request was received -// - apiResponseTimestamp: When the API response was received -// -// Returns: -// - error: An error if logging fails, nil otherwise -func (l *FileRequestLogger) LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - return l.logRequest(url, method, requestHeaders, body, statusCode, responseHeaders, response, apiRequest, apiResponse, apiResponseErrors, false, requestID, requestTimestamp, apiResponseTimestamp) -} - -// LogRequestWithOptions logs a request with optional forced logging behavior. -// The force flag allows writing error logs even when regular request logging is disabled. -func (l *FileRequestLogger) LogRequestWithOptions(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, force bool, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - return l.logRequest(url, method, requestHeaders, body, statusCode, responseHeaders, response, apiRequest, apiResponse, apiResponseErrors, force, requestID, requestTimestamp, apiResponseTimestamp) -} - -func (l *FileRequestLogger) logRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, force bool, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - if !l.enabled && !force { - return nil - } - - // Ensure logs directory exists - if errEnsure := l.ensureLogsDir(); errEnsure != nil { - return fmt.Errorf("failed to create logs directory: %w", errEnsure) - } - - // Generate filename with request ID - filename := l.generateFilename(url, requestID) - if force && !l.enabled { - filename = l.generateErrorFilename(url, requestID) - } - filePath := filepath.Join(l.logsDir, filename) - - requestBodyPath, errTemp := l.writeRequestBodyTempFile(body) - if errTemp != nil { - log.WithError(errTemp).Warn("failed to create request body temp file, falling back to direct write") - } - if requestBodyPath != "" { - defer func() { - if errRemove := os.Remove(requestBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove request body temp file") - } - }() - } - - responseToWrite, decompressErr := l.decompressResponse(responseHeaders, response) - if decompressErr != nil { - // If decompression fails, continue with original response and annotate the log output. - responseToWrite = response - } - - logFile, errOpen := os.OpenFile(filePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) - if errOpen != nil { - return fmt.Errorf("failed to create log file: %w", errOpen) - } - - writeErr := l.writeNonStreamingLog( - logFile, - url, - method, - requestHeaders, - body, - requestBodyPath, - apiRequest, - apiResponse, - apiResponseErrors, - statusCode, - responseHeaders, - responseToWrite, - decompressErr, - requestTimestamp, - apiResponseTimestamp, - ) - if errClose := logFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request log file") - if writeErr == nil { - return errClose - } - } - if writeErr != nil { - return fmt.Errorf("failed to write log file: %w", writeErr) - } - - if force && !l.enabled { - if errCleanup := l.cleanupOldErrorLogs(); errCleanup != nil { - log.WithError(errCleanup).Warn("failed to clean up old error logs") - } - } - - return nil -} - -// LogStreamingRequest initiates logging for a streaming request. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// - requestID: Optional request ID for log file naming -// -// Returns: -// - StreamingLogWriter: A writer for streaming response chunks -// - error: An error if logging initialization fails, nil otherwise -func (l *FileRequestLogger) LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (StreamingLogWriter, error) { - if !l.enabled { - return &NoOpStreamingLogWriter{}, nil - } - - // Ensure logs directory exists - if err := l.ensureLogsDir(); err != nil { - return nil, fmt.Errorf("failed to create logs directory: %w", err) - } - - // Generate filename with request ID - filename := l.generateFilename(url, requestID) - filePath := filepath.Join(l.logsDir, filename) - - requestHeaders := make(map[string][]string, len(headers)) - for key, values := range headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - requestHeaders[key] = headerValues - } - - requestBodyPath, errTemp := l.writeRequestBodyTempFile(body) - if errTemp != nil { - return nil, fmt.Errorf("failed to create request body temp file: %w", errTemp) - } - - responseBodyFile, errCreate := os.CreateTemp(l.logsDir, "response-body-*.tmp") - if errCreate != nil { - _ = os.Remove(requestBodyPath) - return nil, fmt.Errorf("failed to create response body temp file: %w", errCreate) - } - responseBodyPath := responseBodyFile.Name() - - // Create streaming writer - writer := &FileStreamingLogWriter{ - logFilePath: filePath, - url: url, - method: method, - timestamp: time.Now(), - requestHeaders: requestHeaders, - requestBodyPath: requestBodyPath, - responseBodyPath: responseBodyPath, - responseBodyFile: responseBodyFile, - chunkChan: make(chan []byte, 100), // Buffered channel for async writes - closeChan: make(chan struct{}), - errorChan: make(chan error, 1), - } - - // Start async writer goroutine - go writer.asyncWriter() - - return writer, nil -} - -// generateErrorFilename creates a filename with an error prefix to differentiate forced error logs. -func (l *FileRequestLogger) generateErrorFilename(url string, requestID ...string) string { - return fmt.Sprintf("error-%s", l.generateFilename(url, requestID...)) -} - -// ensureLogsDir creates the logs directory if it doesn't exist. -// -// Returns: -// - error: An error if directory creation fails, nil otherwise -func (l *FileRequestLogger) ensureLogsDir() error { - if _, err := os.Stat(l.logsDir); os.IsNotExist(err) { - return os.MkdirAll(l.logsDir, 0755) - } - return nil -} - -// generateFilename creates a sanitized filename from the URL path and current timestamp. -// Format: v1-responses-2025-12-23T195811-a1b2c3d4.log -// -// Parameters: -// - url: The request URL -// - requestID: Optional request ID to include in filename -// -// Returns: -// - string: A sanitized filename for the log file -func (l *FileRequestLogger) generateFilename(url string, requestID ...string) string { - // Extract path from URL - path := url - if strings.Contains(url, "?") { - path = strings.Split(url, "?")[0] - } - - // Remove leading slash - if strings.HasPrefix(path, "/") { - path = path[1:] - } - - // Sanitize path for filename - sanitized := l.sanitizeForFilename(path) - - // Add timestamp - timestamp := time.Now().Format("2006-01-02T150405") - - // Use request ID if provided, otherwise use sequential ID - var idPart string - if len(requestID) > 0 && requestID[0] != "" { - idPart = requestID[0] - } else { - id := requestLogID.Add(1) - idPart = fmt.Sprintf("%d", id) - } - - return fmt.Sprintf("%s-%s-%s.log", sanitized, timestamp, idPart) -} - -// sanitizeForFilename replaces characters that are not safe for filenames. -// -// Parameters: -// - path: The path to sanitize -// -// Returns: -// - string: A sanitized filename -func (l *FileRequestLogger) sanitizeForFilename(path string) string { - // Replace slashes with hyphens - sanitized := strings.ReplaceAll(path, "/", "-") - - // Replace colons with hyphens - sanitized = strings.ReplaceAll(sanitized, ":", "-") - - // Replace other problematic characters with hyphens - reg := regexp.MustCompile(`[<>:"|?*\s]`) - sanitized = reg.ReplaceAllString(sanitized, "-") - - // Remove multiple consecutive hyphens - reg = regexp.MustCompile(`-+`) - sanitized = reg.ReplaceAllString(sanitized, "-") - - // Remove leading/trailing hyphens - sanitized = strings.Trim(sanitized, "-") - - // Handle empty result - if sanitized == "" { - sanitized = "root" - } - - return sanitized -} - -// cleanupOldErrorLogs keeps only the newest errorLogsMaxFiles forced error log files. -func (l *FileRequestLogger) cleanupOldErrorLogs() error { - if l.errorLogsMaxFiles <= 0 { - return nil - } - - entries, errRead := os.ReadDir(l.logsDir) - if errRead != nil { - return errRead - } - - type logFile struct { - name string - modTime time.Time - } - - var files []logFile - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - log.WithError(errInfo).Warn("failed to read error log info") - continue - } - files = append(files, logFile{name: name, modTime: info.ModTime()}) - } - - if len(files) <= l.errorLogsMaxFiles { - return nil - } - - sort.Slice(files, func(i, j int) bool { - return files[i].modTime.After(files[j].modTime) - }) - - for _, file := range files[l.errorLogsMaxFiles:] { - if errRemove := os.Remove(filepath.Join(l.logsDir, file.name)); errRemove != nil { - log.WithError(errRemove).Warnf("failed to remove old error log: %s", file.name) - } - } - - return nil -} - -func (l *FileRequestLogger) writeRequestBodyTempFile(body []byte) (string, error) { - tmpFile, errCreate := os.CreateTemp(l.logsDir, "request-body-*.tmp") - if errCreate != nil { - return "", errCreate - } - tmpPath := tmpFile.Name() - - if _, errCopy := io.Copy(tmpFile, bytes.NewReader(body)); errCopy != nil { - _ = tmpFile.Close() - _ = os.Remove(tmpPath) - return "", errCopy - } - if errClose := tmpFile.Close(); errClose != nil { - _ = os.Remove(tmpPath) - return "", errClose - } - return tmpPath, nil -} - -func (l *FileRequestLogger) writeNonStreamingLog( - w io.Writer, - url, method string, - requestHeaders map[string][]string, - requestBody []byte, - requestBodyPath string, - apiRequest []byte, - apiResponse []byte, - apiResponseErrors []*interfaces.ErrorMessage, - statusCode int, - responseHeaders map[string][]string, - response []byte, - decompressErr error, - requestTimestamp time.Time, - apiResponseTimestamp time.Time, -) error { - if requestTimestamp.IsZero() { - requestTimestamp = time.Now() - } - if errWrite := writeRequestInfoWithBody(w, url, method, requestHeaders, requestBody, requestBodyPath, requestTimestamp); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(w, "=== API REQUEST ===\n", "=== API REQUEST", apiRequest, time.Time{}); errWrite != nil { - return errWrite - } - if errWrite := writeAPIErrorResponses(w, apiResponseErrors); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(w, "=== API RESPONSE ===\n", "=== API RESPONSE", apiResponse, apiResponseTimestamp); errWrite != nil { - return errWrite - } - return writeResponseSection(w, statusCode, true, responseHeaders, bytes.NewReader(response), decompressErr, true) -} - -func writeRequestInfoWithBody( - w io.Writer, - url, method string, - headers map[string][]string, - body []byte, - bodyPath string, - timestamp time.Time, -) error { - if _, errWrite := io.WriteString(w, "=== REQUEST INFO ===\n"); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Version: %s\n", buildinfo.Version)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("URL: %s\n", url)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Method: %s\n", method)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Timestamp: %s\n", timestamp.Format(time.RFC3339Nano))); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "=== HEADERS ===\n"); errWrite != nil { - return errWrite - } - for key, values := range headers { - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - if _, errWrite := io.WriteString(w, fmt.Sprintf("%s: %s\n", key, masked)); errWrite != nil { - return errWrite - } - } - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "=== REQUEST BODY ===\n"); errWrite != nil { - return errWrite - } - - if bodyPath != "" { - bodyFile, errOpen := os.Open(bodyPath) - if errOpen != nil { - return errOpen - } - if _, errCopy := io.Copy(w, bodyFile); errCopy != nil { - _ = bodyFile.Close() - return errCopy - } - if errClose := bodyFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request body temp file") - } - } else if _, errWrite := w.Write(body); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "\n\n"); errWrite != nil { - return errWrite - } - return nil -} - -func writeAPISection(w io.Writer, sectionHeader string, sectionPrefix string, payload []byte, timestamp time.Time) error { - if len(payload) == 0 { - return nil - } - - if bytes.HasPrefix(payload, []byte(sectionPrefix)) { - if _, errWrite := w.Write(payload); errWrite != nil { - return errWrite - } - if !bytes.HasSuffix(payload, []byte("\n")) { - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - } else { - if _, errWrite := io.WriteString(w, sectionHeader); errWrite != nil { - return errWrite - } - if !timestamp.IsZero() { - if _, errWrite := io.WriteString(w, fmt.Sprintf("Timestamp: %s\n", timestamp.Format(time.RFC3339Nano))); errWrite != nil { - return errWrite - } - } - if _, errWrite := w.Write(payload); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - return nil -} - -func writeAPIErrorResponses(w io.Writer, apiResponseErrors []*interfaces.ErrorMessage) error { - for i := 0; i < len(apiResponseErrors); i++ { - if apiResponseErrors[i] == nil { - continue - } - if _, errWrite := io.WriteString(w, "=== API ERROR RESPONSE ===\n"); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("HTTP Status: %d\n", apiResponseErrors[i].StatusCode)); errWrite != nil { - return errWrite - } - if apiResponseErrors[i].Error != nil { - if _, errWrite := io.WriteString(w, apiResponseErrors[i].Error.Error()); errWrite != nil { - return errWrite - } - } - if _, errWrite := io.WriteString(w, "\n\n"); errWrite != nil { - return errWrite - } - } - return nil -} - -func writeResponseSection(w io.Writer, statusCode int, statusWritten bool, responseHeaders map[string][]string, responseReader io.Reader, decompressErr error, trailingNewline bool) error { - if _, errWrite := io.WriteString(w, "=== RESPONSE ===\n"); errWrite != nil { - return errWrite - } - if statusWritten { - if _, errWrite := io.WriteString(w, fmt.Sprintf("Status: %d\n", statusCode)); errWrite != nil { - return errWrite - } - } - - if responseHeaders != nil { - for key, values := range responseHeaders { - for _, value := range values { - if _, errWrite := io.WriteString(w, fmt.Sprintf("%s: %s\n", key, value)); errWrite != nil { - return errWrite - } - } - } - } - - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if responseReader != nil { - if _, errCopy := io.Copy(w, responseReader); errCopy != nil { - return errCopy - } - } - if decompressErr != nil { - if _, errWrite := io.WriteString(w, fmt.Sprintf("\n[DECOMPRESSION ERROR: %v]", decompressErr)); errWrite != nil { - return errWrite - } - } - - if trailingNewline { - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - return nil -} - -// formatLogContent creates the complete log content for non-streaming requests. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// - apiRequest: The API request data -// - apiResponse: The API response data -// - response: The raw response data -// - status: The response status code -// - responseHeaders: The response headers -// -// Returns: -// - string: The formatted log content -func (l *FileRequestLogger) formatLogContent(url, method string, headers map[string][]string, body, apiRequest, apiResponse, response []byte, status int, responseHeaders map[string][]string, apiResponseErrors []*interfaces.ErrorMessage) string { - var content strings.Builder - - // Request info - content.WriteString(l.formatRequestInfo(url, method, headers, body)) - - if len(apiRequest) > 0 { - if bytes.HasPrefix(apiRequest, []byte("=== API REQUEST")) { - content.Write(apiRequest) - if !bytes.HasSuffix(apiRequest, []byte("\n")) { - content.WriteString("\n") - } - } else { - content.WriteString("=== API REQUEST ===\n") - content.Write(apiRequest) - content.WriteString("\n") - } - content.WriteString("\n") - } - - for i := 0; i < len(apiResponseErrors); i++ { - content.WriteString("=== API ERROR RESPONSE ===\n") - content.WriteString(fmt.Sprintf("HTTP Status: %d\n", apiResponseErrors[i].StatusCode)) - content.WriteString(apiResponseErrors[i].Error.Error()) - content.WriteString("\n\n") - } - - if len(apiResponse) > 0 { - if bytes.HasPrefix(apiResponse, []byte("=== API RESPONSE")) { - content.Write(apiResponse) - if !bytes.HasSuffix(apiResponse, []byte("\n")) { - content.WriteString("\n") - } - } else { - content.WriteString("=== API RESPONSE ===\n") - content.Write(apiResponse) - content.WriteString("\n") - } - content.WriteString("\n") - } - - // Response section - content.WriteString("=== RESPONSE ===\n") - content.WriteString(fmt.Sprintf("Status: %d\n", status)) - - if responseHeaders != nil { - for key, values := range responseHeaders { - for _, value := range values { - content.WriteString(fmt.Sprintf("%s: %s\n", key, value)) - } - } - } - - content.WriteString("\n") - content.Write(response) - content.WriteString("\n") - - return content.String() -} - -// decompressResponse decompresses response data based on Content-Encoding header. -// -// Parameters: -// - responseHeaders: The response headers -// - response: The response data to decompress -// -// Returns: -// - []byte: The decompressed response data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressResponse(responseHeaders map[string][]string, response []byte) ([]byte, error) { - if responseHeaders == nil || len(response) == 0 { - return response, nil - } - - // Check Content-Encoding header - var contentEncoding string - for key, values := range responseHeaders { - if strings.ToLower(key) == "content-encoding" && len(values) > 0 { - contentEncoding = strings.ToLower(values[0]) - break - } - } - - switch contentEncoding { - case "gzip": - return l.decompressGzip(response) - case "deflate": - return l.decompressDeflate(response) - case "br": - return l.decompressBrotli(response) - case "zstd": - return l.decompressZstd(response) - default: - // No compression or unsupported compression - return response, nil - } -} - -// decompressGzip decompresses gzip-encoded data. -// -// Parameters: -// - data: The gzip-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressGzip(data []byte) ([]byte, error) { - reader, err := gzip.NewReader(bytes.NewReader(data)) - if err != nil { - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - defer func() { - if errClose := reader.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close gzip reader in request logger") - } - }() - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress gzip data: %w", err) - } - - return decompressed, nil -} - -// decompressDeflate decompresses deflate-encoded data. -// -// Parameters: -// - data: The deflate-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressDeflate(data []byte) ([]byte, error) { - reader := flate.NewReader(bytes.NewReader(data)) - defer func() { - if errClose := reader.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close deflate reader in request logger") - } - }() - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress deflate data: %w", err) - } - - return decompressed, nil -} - -// decompressBrotli decompresses brotli-encoded data. -// -// Parameters: -// - data: The brotli-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressBrotli(data []byte) ([]byte, error) { - reader := brotli.NewReader(bytes.NewReader(data)) - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress brotli data: %w", err) - } - - return decompressed, nil -} - -// decompressZstd decompresses zstd-encoded data. -// -// Parameters: -// - data: The zstd-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressZstd(data []byte) ([]byte, error) { - decoder, err := zstd.NewReader(bytes.NewReader(data)) - if err != nil { - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - defer decoder.Close() - - decompressed, err := io.ReadAll(decoder) - if err != nil { - return nil, fmt.Errorf("failed to decompress zstd data: %w", err) - } - - return decompressed, nil -} - -// formatRequestInfo creates the request information section of the log. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// -// Returns: -// - string: The formatted request information -func (l *FileRequestLogger) formatRequestInfo(url, method string, headers map[string][]string, body []byte) string { - var content strings.Builder - - content.WriteString("=== REQUEST INFO ===\n") - content.WriteString(fmt.Sprintf("Version: %s\n", buildinfo.Version)) - content.WriteString(fmt.Sprintf("URL: %s\n", url)) - content.WriteString(fmt.Sprintf("Method: %s\n", method)) - content.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano))) - content.WriteString("\n") - - content.WriteString("=== HEADERS ===\n") - for key, values := range headers { - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - content.WriteString(fmt.Sprintf("%s: %s\n", key, masked)) - } - } - content.WriteString("\n") - - content.WriteString("=== REQUEST BODY ===\n") - content.Write(body) - content.WriteString("\n\n") - - return content.String() -} - -// FileStreamingLogWriter implements StreamingLogWriter for file-based streaming logs. -// It spools streaming response chunks to a temporary file to avoid retaining large responses in memory. -// The final log file is assembled when Close is called. -type FileStreamingLogWriter struct { - // logFilePath is the final log file path. - logFilePath string - - // url is the request URL (masked upstream in middleware). - url string - - // method is the HTTP method. - method string - - // timestamp is captured when the streaming log is initialized. - timestamp time.Time - - // requestHeaders stores the request headers. - requestHeaders map[string][]string - - // requestBodyPath is a temporary file path holding the request body. - requestBodyPath string - - // responseBodyPath is a temporary file path holding the streaming response body. - responseBodyPath string - - // responseBodyFile is the temp file where chunks are appended by the async writer. - responseBodyFile *os.File - - // chunkChan is a channel for receiving response chunks to spool. - chunkChan chan []byte - - // closeChan is a channel for signaling when the writer is closed. - closeChan chan struct{} - - // errorChan is a channel for reporting errors during writing. - errorChan chan error - - // responseStatus stores the HTTP status code. - responseStatus int - - // statusWritten indicates whether a non-zero status was recorded. - statusWritten bool - - // responseHeaders stores the response headers. - responseHeaders map[string][]string - - // apiRequest stores the upstream API request data. - apiRequest []byte - - // apiResponse stores the upstream API response data. - apiResponse []byte - - // apiResponseTimestamp captures when the API response was received. - apiResponseTimestamp time.Time -} - -// WriteChunkAsync writes a response chunk asynchronously (non-blocking). -// -// Parameters: -// - chunk: The response chunk to write -func (w *FileStreamingLogWriter) WriteChunkAsync(chunk []byte) { - if w.chunkChan == nil { - return - } - - // Make a copy of the chunk to avoid data races - chunkCopy := make([]byte, len(chunk)) - copy(chunkCopy, chunk) - - // Non-blocking send - select { - case w.chunkChan <- chunkCopy: - default: - // Channel is full, skip this chunk to avoid blocking - } -} - -// WriteStatus buffers the response status and headers for later writing. -// -// Parameters: -// - status: The response status code -// - headers: The response headers -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteStatus(status int, headers map[string][]string) error { - if status == 0 { - return nil - } - - w.responseStatus = status - if headers != nil { - w.responseHeaders = make(map[string][]string, len(headers)) - for key, values := range headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - w.responseHeaders[key] = headerValues - } - } - w.statusWritten = true - return nil -} - -// WriteAPIRequest buffers the upstream API request details for later writing. -// -// Parameters: -// - apiRequest: The API request data (typically includes URL, headers, body sent upstream) -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteAPIRequest(apiRequest []byte) error { - if len(apiRequest) == 0 { - return nil - } - w.apiRequest = bytes.Clone(apiRequest) - return nil -} - -// WriteAPIResponse buffers the upstream API response details for later writing. -// -// Parameters: -// - apiResponse: The API response data -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteAPIResponse(apiResponse []byte) error { - if len(apiResponse) == 0 { - return nil - } - w.apiResponse = bytes.Clone(apiResponse) - return nil -} - -func (w *FileStreamingLogWriter) SetFirstChunkTimestamp(timestamp time.Time) { - if !timestamp.IsZero() { - w.apiResponseTimestamp = timestamp - } -} - -// Close finalizes the log file and cleans up resources. -// It writes all buffered data to the file in the correct order: -// API REQUEST -> API RESPONSE -> RESPONSE (status, headers, body chunks) -// -// Returns: -// - error: An error if closing fails, nil otherwise -func (w *FileStreamingLogWriter) Close() error { - if w.chunkChan != nil { - close(w.chunkChan) - } - - // Wait for async writer to finish spooling chunks - if w.closeChan != nil { - <-w.closeChan - w.chunkChan = nil - } - - select { - case errWrite := <-w.errorChan: - w.cleanupTempFiles() - return errWrite - default: - } - - if w.logFilePath == "" { - w.cleanupTempFiles() - return nil - } - - logFile, errOpen := os.OpenFile(w.logFilePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) - if errOpen != nil { - w.cleanupTempFiles() - return fmt.Errorf("failed to create log file: %w", errOpen) - } - - writeErr := w.writeFinalLog(logFile) - if errClose := logFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request log file") - if writeErr == nil { - writeErr = errClose - } - } - - w.cleanupTempFiles() - return writeErr -} - -// asyncWriter runs in a goroutine to buffer chunks from the channel. -// It continuously reads chunks from the channel and appends them to a temp file for later assembly. -func (w *FileStreamingLogWriter) asyncWriter() { - defer close(w.closeChan) - - for chunk := range w.chunkChan { - if w.responseBodyFile == nil { - continue - } - if _, errWrite := w.responseBodyFile.Write(chunk); errWrite != nil { - select { - case w.errorChan <- errWrite: - default: - } - if errClose := w.responseBodyFile.Close(); errClose != nil { - select { - case w.errorChan <- errClose: - default: - } - } - w.responseBodyFile = nil - } - } - - if w.responseBodyFile == nil { - return - } - if errClose := w.responseBodyFile.Close(); errClose != nil { - select { - case w.errorChan <- errClose: - default: - } - } - w.responseBodyFile = nil -} - -func (w *FileStreamingLogWriter) writeFinalLog(logFile *os.File) error { - if errWrite := writeRequestInfoWithBody(logFile, w.url, w.method, w.requestHeaders, nil, w.requestBodyPath, w.timestamp); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(logFile, "=== API REQUEST ===\n", "=== API REQUEST", w.apiRequest, time.Time{}); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(logFile, "=== API RESPONSE ===\n", "=== API RESPONSE", w.apiResponse, w.apiResponseTimestamp); errWrite != nil { - return errWrite - } - - responseBodyFile, errOpen := os.Open(w.responseBodyPath) - if errOpen != nil { - return errOpen - } - defer func() { - if errClose := responseBodyFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close response body temp file") - } - }() - - return writeResponseSection(logFile, w.responseStatus, w.statusWritten, w.responseHeaders, responseBodyFile, nil, false) -} - -func (w *FileStreamingLogWriter) cleanupTempFiles() { - if w.requestBodyPath != "" { - if errRemove := os.Remove(w.requestBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove request body temp file") - } - w.requestBodyPath = "" - } - - if w.responseBodyPath != "" { - if errRemove := os.Remove(w.responseBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove response body temp file") - } - w.responseBodyPath = "" - } -} - -// NoOpStreamingLogWriter is a no-operation implementation for when logging is disabled. -// It implements the StreamingLogWriter interface but performs no actual logging operations. -type NoOpStreamingLogWriter struct{} - -// WriteChunkAsync is a no-op implementation that does nothing. -// -// Parameters: -// - chunk: The response chunk (ignored) -func (w *NoOpStreamingLogWriter) WriteChunkAsync(_ []byte) {} - -// WriteStatus is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - status: The response status code (ignored) -// - headers: The response headers (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteStatus(_ int, _ map[string][]string) error { - return nil -} - -// WriteAPIRequest is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - apiRequest: The API request data (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteAPIRequest(_ []byte) error { - return nil -} - -// WriteAPIResponse is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - apiResponse: The API response data (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteAPIResponse(_ []byte) error { - return nil -} - -func (w *NoOpStreamingLogWriter) SetFirstChunkTimestamp(_ time.Time) {} - -// Close is a no-op implementation that does nothing and always returns nil. -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) Close() error { return nil } diff --git a/.worktrees/config/m/config-build/active/internal/logging/requestid.go b/.worktrees/config/m/config-build/active/internal/logging/requestid.go deleted file mode 100644 index 8bd045d114..0000000000 --- a/.worktrees/config/m/config-build/active/internal/logging/requestid.go +++ /dev/null @@ -1,61 +0,0 @@ -package logging - -import ( - "context" - "crypto/rand" - "encoding/hex" - - "github.com/gin-gonic/gin" -) - -// requestIDKey is the context key for storing/retrieving request IDs. -type requestIDKey struct{} - -// ginRequestIDKey is the Gin context key for request IDs. -const ginRequestIDKey = "__request_id__" - -// GenerateRequestID creates a new 8-character hex request ID. -func GenerateRequestID() string { - b := make([]byte, 4) - if _, err := rand.Read(b); err != nil { - return "00000000" - } - return hex.EncodeToString(b) -} - -// WithRequestID returns a new context with the request ID attached. -func WithRequestID(ctx context.Context, requestID string) context.Context { - return context.WithValue(ctx, requestIDKey{}, requestID) -} - -// GetRequestID retrieves the request ID from the context. -// Returns empty string if not found. -func GetRequestID(ctx context.Context) string { - if ctx == nil { - return "" - } - if id, ok := ctx.Value(requestIDKey{}).(string); ok { - return id - } - return "" -} - -// SetGinRequestID stores the request ID in the Gin context. -func SetGinRequestID(c *gin.Context, requestID string) { - if c != nil { - c.Set(ginRequestIDKey, requestID) - } -} - -// GetGinRequestID retrieves the request ID from the Gin context. -func GetGinRequestID(c *gin.Context) string { - if c == nil { - return "" - } - if id, exists := c.Get(ginRequestIDKey); exists { - if s, ok := id.(string); ok { - return s - } - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/internal/managementasset/updater.go b/.worktrees/config/m/config-build/active/internal/managementasset/updater.go deleted file mode 100644 index 7284b7299c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/managementasset/updater.go +++ /dev/null @@ -1,463 +0,0 @@ -package managementasset - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - log "github.com/sirupsen/logrus" - "golang.org/x/sync/singleflight" -) - -const ( - defaultManagementReleaseURL = "https://api.github.com/repos/router-for-me/Cli-Proxy-API-Management-Center/releases/latest" - defaultManagementFallbackURL = "https://cpamc.router-for.me/" - managementAssetName = "management.html" - httpUserAgent = "CLIProxyAPI-management-updater" - managementSyncMinInterval = 30 * time.Second - updateCheckInterval = 3 * time.Hour -) - -// ManagementFileName exposes the control panel asset filename. -const ManagementFileName = managementAssetName - -var ( - lastUpdateCheckMu sync.Mutex - lastUpdateCheckTime time.Time - currentConfigPtr atomic.Pointer[config.Config] - schedulerOnce sync.Once - schedulerConfigPath atomic.Value - sfGroup singleflight.Group -) - -// SetCurrentConfig stores the latest configuration snapshot for management asset decisions. -func SetCurrentConfig(cfg *config.Config) { - if cfg == nil { - currentConfigPtr.Store(nil) - return - } - currentConfigPtr.Store(cfg) -} - -// StartAutoUpdater launches a background goroutine that periodically ensures the management asset is up to date. -// It respects the disable-control-panel flag on every iteration and supports hot-reloaded configurations. -func StartAutoUpdater(ctx context.Context, configFilePath string) { - configFilePath = strings.TrimSpace(configFilePath) - if configFilePath == "" { - log.Debug("management asset auto-updater skipped: empty config path") - return - } - - schedulerConfigPath.Store(configFilePath) - - schedulerOnce.Do(func() { - go runAutoUpdater(ctx) - }) -} - -func runAutoUpdater(ctx context.Context) { - if ctx == nil { - ctx = context.Background() - } - - ticker := time.NewTicker(updateCheckInterval) - defer ticker.Stop() - - runOnce := func() { - cfg := currentConfigPtr.Load() - if cfg == nil { - log.Debug("management asset auto-updater skipped: config not yet available") - return - } - if cfg.RemoteManagement.DisableControlPanel { - log.Debug("management asset auto-updater skipped: control panel disabled") - return - } - - configPath, _ := schedulerConfigPath.Load().(string) - staticDir := StaticDir(configPath) - EnsureLatestManagementHTML(ctx, staticDir, cfg.ProxyURL, cfg.RemoteManagement.PanelGitHubRepository) - } - - runOnce() - - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - runOnce() - } - } -} - -func newHTTPClient(proxyURL string) *http.Client { - client := &http.Client{Timeout: 15 * time.Second} - - sdkCfg := &sdkconfig.SDKConfig{ProxyURL: strings.TrimSpace(proxyURL)} - util.SetProxy(sdkCfg, client) - - return client -} - -type releaseAsset struct { - Name string `json:"name"` - BrowserDownloadURL string `json:"browser_download_url"` - Digest string `json:"digest"` -} - -type releaseResponse struct { - Assets []releaseAsset `json:"assets"` -} - -// StaticDir resolves the directory that stores the management control panel asset. -func StaticDir(configFilePath string) string { - if override := strings.TrimSpace(os.Getenv("MANAGEMENT_STATIC_PATH")); override != "" { - cleaned := filepath.Clean(override) - if strings.EqualFold(filepath.Base(cleaned), managementAssetName) { - return filepath.Dir(cleaned) - } - return cleaned - } - - if writable := util.WritablePath(); writable != "" { - return filepath.Join(writable, "static") - } - - configFilePath = strings.TrimSpace(configFilePath) - if configFilePath == "" { - return "" - } - - base := filepath.Dir(configFilePath) - fileInfo, err := os.Stat(configFilePath) - if err == nil { - if fileInfo.IsDir() { - base = configFilePath - } - } - - return filepath.Join(base, "static") -} - -// FilePath resolves the absolute path to the management control panel asset. -func FilePath(configFilePath string) string { - if override := strings.TrimSpace(os.Getenv("MANAGEMENT_STATIC_PATH")); override != "" { - cleaned := filepath.Clean(override) - if strings.EqualFold(filepath.Base(cleaned), managementAssetName) { - return cleaned - } - return filepath.Join(cleaned, ManagementFileName) - } - - dir := StaticDir(configFilePath) - if dir == "" { - return "" - } - return filepath.Join(dir, ManagementFileName) -} - -// EnsureLatestManagementHTML checks the latest management.html asset and updates the local copy when needed. -// It coalesces concurrent sync attempts and returns whether the asset exists after the sync attempt. -func EnsureLatestManagementHTML(ctx context.Context, staticDir string, proxyURL string, panelRepository string) bool { - if ctx == nil { - ctx = context.Background() - } - - staticDir = strings.TrimSpace(staticDir) - if staticDir == "" { - log.Debug("management asset sync skipped: empty static directory") - return false - } - localPath := filepath.Join(staticDir, managementAssetName) - - _, _, _ = sfGroup.Do(localPath, func() (interface{}, error) { - lastUpdateCheckMu.Lock() - now := time.Now() - timeSinceLastAttempt := now.Sub(lastUpdateCheckTime) - if !lastUpdateCheckTime.IsZero() && timeSinceLastAttempt < managementSyncMinInterval { - lastUpdateCheckMu.Unlock() - log.Debugf( - "management asset sync skipped by throttle: last attempt %v ago (interval %v)", - timeSinceLastAttempt.Round(time.Second), - managementSyncMinInterval, - ) - return nil, nil - } - lastUpdateCheckTime = now - lastUpdateCheckMu.Unlock() - - localFileMissing := false - if _, errStat := os.Stat(localPath); errStat != nil { - if errors.Is(errStat, os.ErrNotExist) { - localFileMissing = true - } else { - log.WithError(errStat).Debug("failed to stat local management asset") - } - } - - if errMkdirAll := os.MkdirAll(staticDir, 0o755); errMkdirAll != nil { - log.WithError(errMkdirAll).Warn("failed to prepare static directory for management asset") - return nil, nil - } - - releaseURL := resolveReleaseURL(panelRepository) - client := newHTTPClient(proxyURL) - - localHash, err := fileSHA256(localPath) - if err != nil { - if !errors.Is(err, os.ErrNotExist) { - log.WithError(err).Debug("failed to read local management asset hash") - } - localHash = "" - } - - asset, remoteHash, err := fetchLatestAsset(ctx, client, releaseURL) - if err != nil { - if localFileMissing { - log.WithError(err).Warn("failed to fetch latest management release information, trying fallback page") - if ensureFallbackManagementHTML(ctx, client, localPath) { - return nil, nil - } - return nil, nil - } - log.WithError(err).Warn("failed to fetch latest management release information") - return nil, nil - } - - if remoteHash != "" && localHash != "" && strings.EqualFold(remoteHash, localHash) { - log.Debug("management asset is already up to date") - return nil, nil - } - - data, downloadedHash, err := downloadAsset(ctx, client, asset.BrowserDownloadURL) - if err != nil { - if localFileMissing { - log.WithError(err).Warn("failed to download management asset, trying fallback page") - if ensureFallbackManagementHTML(ctx, client, localPath) { - return nil, nil - } - return nil, nil - } - log.WithError(err).Warn("failed to download management asset") - return nil, nil - } - - if remoteHash != "" && !strings.EqualFold(remoteHash, downloadedHash) { - log.Warnf("remote digest mismatch for management asset: expected %s got %s", remoteHash, downloadedHash) - } - - if err = atomicWriteFile(localPath, data); err != nil { - log.WithError(err).Warn("failed to update management asset on disk") - return nil, nil - } - - log.Infof("management asset updated successfully (hash=%s)", downloadedHash) - return nil, nil - }) - - _, err := os.Stat(localPath) - return err == nil -} - -func ensureFallbackManagementHTML(ctx context.Context, client *http.Client, localPath string) bool { - data, downloadedHash, err := downloadAsset(ctx, client, defaultManagementFallbackURL) - if err != nil { - log.WithError(err).Warn("failed to download fallback management control panel page") - return false - } - - if err = atomicWriteFile(localPath, data); err != nil { - log.WithError(err).Warn("failed to persist fallback management control panel page") - return false - } - - log.Infof("management asset updated from fallback page successfully (hash=%s)", downloadedHash) - return true -} - -func resolveReleaseURL(repo string) string { - repo = strings.TrimSpace(repo) - if repo == "" { - return defaultManagementReleaseURL - } - - parsed, err := url.Parse(repo) - if err != nil || parsed.Host == "" { - return defaultManagementReleaseURL - } - - host := strings.ToLower(parsed.Host) - parsed.Path = strings.TrimSuffix(parsed.Path, "/") - - if host == "api.github.com" { - if !strings.HasSuffix(strings.ToLower(parsed.Path), "/releases/latest") { - parsed.Path = parsed.Path + "/releases/latest" - } - return parsed.String() - } - - if host == "github.com" { - parts := strings.Split(strings.Trim(parsed.Path, "/"), "/") - if len(parts) >= 2 && parts[0] != "" && parts[1] != "" { - repoName := strings.TrimSuffix(parts[1], ".git") - return fmt.Sprintf("https://api.github.com/repos/%s/%s/releases/latest", parts[0], repoName) - } - } - - return defaultManagementReleaseURL -} - -func fetchLatestAsset(ctx context.Context, client *http.Client, releaseURL string) (*releaseAsset, string, error) { - if strings.TrimSpace(releaseURL) == "" { - releaseURL = defaultManagementReleaseURL - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, releaseURL, nil) - if err != nil { - return nil, "", fmt.Errorf("create release request: %w", err) - } - req.Header.Set("Accept", "application/vnd.github+json") - req.Header.Set("User-Agent", httpUserAgent) - gitURL := strings.ToLower(strings.TrimSpace(os.Getenv("GITSTORE_GIT_URL"))) - if tok := strings.TrimSpace(os.Getenv("GITSTORE_GIT_TOKEN")); tok != "" && strings.Contains(gitURL, "github.com") { - req.Header.Set("Authorization", "Bearer "+tok) - } - - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("execute release request: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - return nil, "", fmt.Errorf("unexpected release status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var release releaseResponse - if err = json.NewDecoder(resp.Body).Decode(&release); err != nil { - return nil, "", fmt.Errorf("decode release response: %w", err) - } - - for i := range release.Assets { - asset := &release.Assets[i] - if strings.EqualFold(asset.Name, managementAssetName) { - remoteHash := parseDigest(asset.Digest) - return asset, remoteHash, nil - } - } - - return nil, "", fmt.Errorf("management asset %s not found in latest release", managementAssetName) -} - -func downloadAsset(ctx context.Context, client *http.Client, downloadURL string) ([]byte, string, error) { - if strings.TrimSpace(downloadURL) == "" { - return nil, "", fmt.Errorf("empty download url") - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, nil) - if err != nil { - return nil, "", fmt.Errorf("create download request: %w", err) - } - req.Header.Set("User-Agent", httpUserAgent) - - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("execute download request: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - return nil, "", fmt.Errorf("unexpected download status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil, "", fmt.Errorf("read download body: %w", err) - } - - sum := sha256.Sum256(data) - return data, hex.EncodeToString(sum[:]), nil -} - -func fileSHA256(path string) (string, error) { - file, err := os.Open(path) - if err != nil { - return "", err - } - defer func() { - _ = file.Close() - }() - - h := sha256.New() - if _, err = io.Copy(h, file); err != nil { - return "", err - } - - return hex.EncodeToString(h.Sum(nil)), nil -} - -func atomicWriteFile(path string, data []byte) error { - tmpFile, err := os.CreateTemp(filepath.Dir(path), "management-*.html") - if err != nil { - return err - } - - tmpName := tmpFile.Name() - defer func() { - _ = tmpFile.Close() - _ = os.Remove(tmpName) - }() - - if _, err = tmpFile.Write(data); err != nil { - return err - } - - if err = tmpFile.Chmod(0o644); err != nil { - return err - } - - if err = tmpFile.Close(); err != nil { - return err - } - - if err = os.Rename(tmpName, path); err != nil { - return err - } - - return nil -} - -func parseDigest(digest string) string { - digest = strings.TrimSpace(digest) - if digest == "" { - return "" - } - - if idx := strings.Index(digest, ":"); idx >= 0 { - digest = digest[idx+1:] - } - - return strings.ToLower(strings.TrimSpace(digest)) -} diff --git a/.worktrees/config/m/config-build/active/internal/misc/claude_code_instructions.go b/.worktrees/config/m/config-build/active/internal/misc/claude_code_instructions.go deleted file mode 100644 index 329fc16f87..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/claude_code_instructions.go +++ /dev/null @@ -1,13 +0,0 @@ -// Package misc provides miscellaneous utility functions and embedded data for the CLI Proxy API. -// This package contains general-purpose helpers and embedded resources that do not fit into -// more specific domain packages. It includes embedded instructional text for Claude Code-related operations. -package misc - -import _ "embed" - -// ClaudeCodeInstructions holds the content of the claude_code_instructions.txt file, -// which is embedded into the application binary at compile time. This variable -// contains specific instructions for Claude Code model interactions and code generation guidance. -// -//go:embed claude_code_instructions.txt -var ClaudeCodeInstructions string diff --git a/.worktrees/config/m/config-build/active/internal/misc/claude_code_instructions.txt b/.worktrees/config/m/config-build/active/internal/misc/claude_code_instructions.txt deleted file mode 100644 index 25bf2ab720..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/claude_code_instructions.txt +++ /dev/null @@ -1 +0,0 @@ -[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude.","cache_control":{"type":"ephemeral"}}] \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/internal/misc/copy-example-config.go b/.worktrees/config/m/config-build/active/internal/misc/copy-example-config.go deleted file mode 100644 index 61a25fe449..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/copy-example-config.go +++ /dev/null @@ -1,40 +0,0 @@ -package misc - -import ( - "io" - "os" - "path/filepath" - - log "github.com/sirupsen/logrus" -) - -func CopyConfigTemplate(src, dst string) error { - in, err := os.Open(src) - if err != nil { - return err - } - defer func() { - if errClose := in.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close source config file") - } - }() - - if err = os.MkdirAll(filepath.Dir(dst), 0o700); err != nil { - return err - } - - out, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600) - if err != nil { - return err - } - defer func() { - if errClose := out.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close destination config file") - } - }() - - if _, err = io.Copy(out, in); err != nil { - return err - } - return out.Sync() -} diff --git a/.worktrees/config/m/config-build/active/internal/misc/credentials.go b/.worktrees/config/m/config-build/active/internal/misc/credentials.go deleted file mode 100644 index b03cd788d2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/credentials.go +++ /dev/null @@ -1,26 +0,0 @@ -package misc - -import ( - "fmt" - "path/filepath" - "strings" - - log "github.com/sirupsen/logrus" -) - -// Separator used to visually group related log lines. -var credentialSeparator = strings.Repeat("-", 67) - -// LogSavingCredentials emits a consistent log message when persisting auth material. -func LogSavingCredentials(path string) { - if path == "" { - return - } - // Use filepath.Clean so logs remain stable even if callers pass redundant separators. - fmt.Printf("Saving credentials to %s\n", filepath.Clean(path)) -} - -// LogCredentialSeparator adds a visual separator to group auth/key processing logs. -func LogCredentialSeparator() { - log.Debug(credentialSeparator) -} diff --git a/.worktrees/config/m/config-build/active/internal/misc/header_utils.go b/.worktrees/config/m/config-build/active/internal/misc/header_utils.go deleted file mode 100644 index c6279a4cb1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/header_utils.go +++ /dev/null @@ -1,37 +0,0 @@ -// Package misc provides miscellaneous utility functions for the CLI Proxy API server. -// It includes helper functions for HTTP header manipulation and other common operations -// that don't fit into more specific packages. -package misc - -import ( - "net/http" - "strings" -) - -// EnsureHeader ensures that a header exists in the target header map by checking -// multiple sources in order of priority: source headers, existing target headers, -// and finally the default value. It only sets the header if it's not already present -// and the value is not empty after trimming whitespace. -// -// Parameters: -// - target: The target header map to modify -// - source: The source header map to check first (can be nil) -// - key: The header key to ensure -// - defaultValue: The default value to use if no other source provides a value -func EnsureHeader(target http.Header, source http.Header, key, defaultValue string) { - if target == nil { - return - } - if source != nil { - if val := strings.TrimSpace(source.Get(key)); val != "" { - target.Set(key, val) - return - } - } - if strings.TrimSpace(target.Get(key)) != "" { - return - } - if val := strings.TrimSpace(defaultValue); val != "" { - target.Set(key, val) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/misc/mime-type.go b/.worktrees/config/m/config-build/active/internal/misc/mime-type.go deleted file mode 100644 index 6c7fcafd60..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/mime-type.go +++ /dev/null @@ -1,743 +0,0 @@ -// Package misc provides miscellaneous utility functions and embedded data for the CLI Proxy API. -// This package contains general-purpose helpers and embedded resources that do not fit into -// more specific domain packages. It includes a comprehensive MIME type mapping for file operations. -package misc - -// MimeTypes is a comprehensive map of file extensions to their corresponding MIME types. -// This map is used to determine the Content-Type header for file uploads and other -// operations where the MIME type needs to be identified from a file extension. -// The list is extensive to cover a wide range of common and uncommon file formats. -var MimeTypes = map[string]string{ - "ez": "application/andrew-inset", - "aw": "application/applixware", - "atom": "application/atom+xml", - "atomcat": "application/atomcat+xml", - "atomsvc": "application/atomsvc+xml", - "ccxml": "application/ccxml+xml", - "cdmia": "application/cdmi-capability", - "cdmic": "application/cdmi-container", - "cdmid": "application/cdmi-domain", - "cdmio": "application/cdmi-object", - "cdmiq": "application/cdmi-queue", - "cu": "application/cu-seeme", - "davmount": "application/davmount+xml", - "dbk": "application/docbook+xml", - "dssc": "application/dssc+der", - "xdssc": "application/dssc+xml", - "ecma": "application/ecmascript", - "emma": "application/emma+xml", - "epub": "application/epub+zip", - "exi": "application/exi", - "pfr": "application/font-tdpfr", - "gml": "application/gml+xml", - "gpx": "application/gpx+xml", - "gxf": "application/gxf", - "stk": "application/hyperstudio", - "ink": "application/inkml+xml", - "ipfix": "application/ipfix", - "jar": "application/java-archive", - "ser": "application/java-serialized-object", - "class": "application/java-vm", - "js": "application/javascript", - "json": "application/json", - "jsonml": "application/jsonml+json", - "lostxml": "application/lost+xml", - "hqx": "application/mac-binhex40", - "cpt": "application/mac-compactpro", - "mads": "application/mads+xml", - "mrc": "application/marc", - "mrcx": "application/marcxml+xml", - "ma": "application/mathematica", - "mathml": "application/mathml+xml", - "mbox": "application/mbox", - "mscml": "application/mediaservercontrol+xml", - "metalink": "application/metalink+xml", - "meta4": "application/metalink4+xml", - "mets": "application/mets+xml", - "mods": "application/mods+xml", - "m21": "application/mp21", - "mp4s": "application/mp4", - "doc": "application/msword", - "mxf": "application/mxf", - "bin": "application/octet-stream", - "oda": "application/oda", - "opf": "application/oebps-package+xml", - "ogx": "application/ogg", - "omdoc": "application/omdoc+xml", - "onepkg": "application/onenote", - "oxps": "application/oxps", - "xer": "application/patch-ops-error+xml", - "pdf": "application/pdf", - "pgp": "application/pgp-encrypted", - "asc": "application/pgp-signature", - "prf": "application/pics-rules", - "p10": "application/pkcs10", - "p7c": "application/pkcs7-mime", - "p7s": "application/pkcs7-signature", - "p8": "application/pkcs8", - "ac": "application/pkix-attr-cert", - "cer": "application/pkix-cert", - "crl": "application/pkix-crl", - "pkipath": "application/pkix-pkipath", - "pki": "application/pkixcmp", - "pls": "application/pls+xml", - "ai": "application/postscript", - "cww": "application/prs.cww", - "pskcxml": "application/pskc+xml", - "rdf": "application/rdf+xml", - "rif": "application/reginfo+xml", - "rnc": "application/relax-ng-compact-syntax", - "rld": "application/resource-lists-diff+xml", - "rl": "application/resource-lists+xml", - "rs": "application/rls-services+xml", - "gbr": "application/rpki-ghostbusters", - "mft": "application/rpki-manifest", - "roa": "application/rpki-roa", - "rsd": "application/rsd+xml", - "rss": "application/rss+xml", - "rtf": "application/rtf", - "sbml": "application/sbml+xml", - "scq": "application/scvp-cv-request", - "scs": "application/scvp-cv-response", - "spq": "application/scvp-vp-request", - "spp": "application/scvp-vp-response", - "sdp": "application/sdp", - "setpay": "application/set-payment-initiation", - "setreg": "application/set-registration-initiation", - "shf": "application/shf+xml", - "smi": "application/smil+xml", - "rq": "application/sparql-query", - "srx": "application/sparql-results+xml", - "gram": "application/srgs", - "grxml": "application/srgs+xml", - "sru": "application/sru+xml", - "ssdl": "application/ssdl+xml", - "ssml": "application/ssml+xml", - "tei": "application/tei+xml", - "tfi": "application/thraud+xml", - "tsd": "application/timestamped-data", - "plb": "application/vnd.3gpp.pic-bw-large", - "psb": "application/vnd.3gpp.pic-bw-small", - "pvb": "application/vnd.3gpp.pic-bw-var", - "tcap": "application/vnd.3gpp2.tcap", - "pwn": "application/vnd.3m.post-it-notes", - "aso": "application/vnd.accpac.simply.aso", - "imp": "application/vnd.accpac.simply.imp", - "acu": "application/vnd.acucobol", - "acutc": "application/vnd.acucorp", - "air": "application/vnd.adobe.air-application-installer-package+zip", - "fcdt": "application/vnd.adobe.formscentral.fcdt", - "fxp": "application/vnd.adobe.fxp", - "xdp": "application/vnd.adobe.xdp+xml", - "xfdf": "application/vnd.adobe.xfdf", - "ahead": "application/vnd.ahead.space", - "azf": "application/vnd.airzip.filesecure.azf", - "azs": "application/vnd.airzip.filesecure.azs", - "azw": "application/vnd.amazon.ebook", - "acc": "application/vnd.americandynamics.acc", - "ami": "application/vnd.amiga.ami", - "apk": "application/vnd.android.package-archive", - "cii": "application/vnd.anser-web-certificate-issue-initiation", - "fti": "application/vnd.anser-web-funds-transfer-initiation", - "atx": "application/vnd.antix.game-component", - "mpkg": "application/vnd.apple.installer+xml", - "m3u8": "application/vnd.apple.mpegurl", - "swi": "application/vnd.aristanetworks.swi", - "iota": "application/vnd.astraea-software.iota", - "aep": "application/vnd.audiograph", - "mpm": "application/vnd.blueice.multipass", - "bmi": "application/vnd.bmi", - "rep": "application/vnd.businessobjects", - "cdxml": "application/vnd.chemdraw+xml", - "mmd": "application/vnd.chipnuts.karaoke-mmd", - "cdy": "application/vnd.cinderella", - "cla": "application/vnd.claymore", - "rp9": "application/vnd.cloanto.rp9", - "c4d": "application/vnd.clonk.c4group", - "c11amc": "application/vnd.cluetrust.cartomobile-config", - "c11amz": "application/vnd.cluetrust.cartomobile-config-pkg", - "csp": "application/vnd.commonspace", - "cdbcmsg": "application/vnd.contact.cmsg", - "cmc": "application/vnd.cosmocaller", - "clkx": "application/vnd.crick.clicker", - "clkk": "application/vnd.crick.clicker.keyboard", - "clkp": "application/vnd.crick.clicker.palette", - "clkt": "application/vnd.crick.clicker.template", - "clkw": "application/vnd.crick.clicker.wordbank", - "wbs": "application/vnd.criticaltools.wbs+xml", - "pml": "application/vnd.ctc-posml", - "ppd": "application/vnd.cups-ppd", - "car": "application/vnd.curl.car", - "pcurl": "application/vnd.curl.pcurl", - "dart": "application/vnd.dart", - "rdz": "application/vnd.data-vision.rdz", - "uvd": "application/vnd.dece.data", - "fe_launch": "application/vnd.denovo.fcselayout-link", - "dna": "application/vnd.dna", - "mlp": "application/vnd.dolby.mlp", - "dpg": "application/vnd.dpgraph", - "dfac": "application/vnd.dreamfactory", - "kpxx": "application/vnd.ds-keypoint", - "ait": "application/vnd.dvb.ait", - "svc": "application/vnd.dvb.service", - "geo": "application/vnd.dynageo", - "mag": "application/vnd.ecowin.chart", - "nml": "application/vnd.enliven", - "esf": "application/vnd.epson.esf", - "msf": "application/vnd.epson.msf", - "qam": "application/vnd.epson.quickanime", - "slt": "application/vnd.epson.salt", - "ssf": "application/vnd.epson.ssf", - "es3": "application/vnd.eszigno3+xml", - "ez2": "application/vnd.ezpix-album", - "ez3": "application/vnd.ezpix-package", - "fdf": "application/vnd.fdf", - "mseed": "application/vnd.fdsn.mseed", - "dataless": "application/vnd.fdsn.seed", - "gph": "application/vnd.flographit", - "ftc": "application/vnd.fluxtime.clip", - "book": "application/vnd.framemaker", - "fnc": "application/vnd.frogans.fnc", - "ltf": "application/vnd.frogans.ltf", - "fsc": "application/vnd.fsc.weblaunch", - "oas": "application/vnd.fujitsu.oasys", - "oa2": "application/vnd.fujitsu.oasys2", - "oa3": "application/vnd.fujitsu.oasys3", - "fg5": "application/vnd.fujitsu.oasysgp", - "bh2": "application/vnd.fujitsu.oasysprs", - "ddd": "application/vnd.fujixerox.ddd", - "xdw": "application/vnd.fujixerox.docuworks", - "xbd": "application/vnd.fujixerox.docuworks.binder", - "fzs": "application/vnd.fuzzysheet", - "txd": "application/vnd.genomatix.tuxedo", - "ggb": "application/vnd.geogebra.file", - "ggt": "application/vnd.geogebra.tool", - "gex": "application/vnd.geometry-explorer", - "gxt": "application/vnd.geonext", - "g2w": "application/vnd.geoplan", - "g3w": "application/vnd.geospace", - "gmx": "application/vnd.gmx", - "kml": "application/vnd.google-earth.kml+xml", - "kmz": "application/vnd.google-earth.kmz", - "gqf": "application/vnd.grafeq", - "gac": "application/vnd.groove-account", - "ghf": "application/vnd.groove-help", - "gim": "application/vnd.groove-identity-message", - "grv": "application/vnd.groove-injector", - "gtm": "application/vnd.groove-tool-message", - "tpl": "application/vnd.groove-tool-template", - "vcg": "application/vnd.groove-vcard", - "hal": "application/vnd.hal+xml", - "zmm": "application/vnd.handheld-entertainment+xml", - "hbci": "application/vnd.hbci", - "les": "application/vnd.hhe.lesson-player", - "hpgl": "application/vnd.hp-hpgl", - "hpid": "application/vnd.hp-hpid", - "hps": "application/vnd.hp-hps", - "jlt": "application/vnd.hp-jlyt", - "pcl": "application/vnd.hp-pcl", - "pclxl": "application/vnd.hp-pclxl", - "sfd-hdstx": "application/vnd.hydrostatix.sof-data", - "mpy": "application/vnd.ibm.minipay", - "afp": "application/vnd.ibm.modcap", - "irm": "application/vnd.ibm.rights-management", - "sc": "application/vnd.ibm.secure-container", - "icc": "application/vnd.iccprofile", - "igl": "application/vnd.igloader", - "ivp": "application/vnd.immervision-ivp", - "ivu": "application/vnd.immervision-ivu", - "igm": "application/vnd.insors.igm", - "xpw": "application/vnd.intercon.formnet", - "i2g": "application/vnd.intergeo", - "qbo": "application/vnd.intu.qbo", - "qfx": "application/vnd.intu.qfx", - "rcprofile": "application/vnd.ipunplugged.rcprofile", - "irp": "application/vnd.irepository.package+xml", - "xpr": "application/vnd.is-xpr", - "fcs": "application/vnd.isac.fcs", - "jam": "application/vnd.jam", - "rms": "application/vnd.jcp.javame.midlet-rms", - "jisp": "application/vnd.jisp", - "joda": "application/vnd.joost.joda-archive", - "ktr": "application/vnd.kahootz", - "karbon": "application/vnd.kde.karbon", - "chrt": "application/vnd.kde.kchart", - "kfo": "application/vnd.kde.kformula", - "flw": "application/vnd.kde.kivio", - "kon": "application/vnd.kde.kontour", - "kpr": "application/vnd.kde.kpresenter", - "ksp": "application/vnd.kde.kspread", - "kwd": "application/vnd.kde.kword", - "htke": "application/vnd.kenameaapp", - "kia": "application/vnd.kidspiration", - "kne": "application/vnd.kinar", - "skd": "application/vnd.koan", - "sse": "application/vnd.kodak-descriptor", - "lasxml": "application/vnd.las.las+xml", - "lbd": "application/vnd.llamagraphics.life-balance.desktop", - "lbe": "application/vnd.llamagraphics.life-balance.exchange+xml", - "123": "application/vnd.lotus-1-2-3", - "apr": "application/vnd.lotus-approach", - "pre": "application/vnd.lotus-freelance", - "nsf": "application/vnd.lotus-notes", - "org": "application/vnd.lotus-organizer", - "scm": "application/vnd.lotus-screencam", - "lwp": "application/vnd.lotus-wordpro", - "portpkg": "application/vnd.macports.portpkg", - "mcd": "application/vnd.mcd", - "mc1": "application/vnd.medcalcdata", - "cdkey": "application/vnd.mediastation.cdkey", - "mwf": "application/vnd.mfer", - "mfm": "application/vnd.mfmp", - "flo": "application/vnd.micrografx.flo", - "igx": "application/vnd.micrografx.igx", - "mif": "application/vnd.mif", - "daf": "application/vnd.mobius.daf", - "dis": "application/vnd.mobius.dis", - "mbk": "application/vnd.mobius.mbk", - "mqy": "application/vnd.mobius.mqy", - "msl": "application/vnd.mobius.msl", - "plc": "application/vnd.mobius.plc", - "txf": "application/vnd.mobius.txf", - "mpn": "application/vnd.mophun.application", - "mpc": "application/vnd.mophun.certificate", - "xul": "application/vnd.mozilla.xul+xml", - "cil": "application/vnd.ms-artgalry", - "cab": "application/vnd.ms-cab-compressed", - "xls": "application/vnd.ms-excel", - "xlam": "application/vnd.ms-excel.addin.macroenabled.12", - "xlsb": "application/vnd.ms-excel.sheet.binary.macroenabled.12", - "xlsm": "application/vnd.ms-excel.sheet.macroenabled.12", - "xltm": "application/vnd.ms-excel.template.macroenabled.12", - "eot": "application/vnd.ms-fontobject", - "chm": "application/vnd.ms-htmlhelp", - "ims": "application/vnd.ms-ims", - "lrm": "application/vnd.ms-lrm", - "thmx": "application/vnd.ms-officetheme", - "cat": "application/vnd.ms-pki.seccat", - "stl": "application/vnd.ms-pki.stl", - "ppt": "application/vnd.ms-powerpoint", - "ppam": "application/vnd.ms-powerpoint.addin.macroenabled.12", - "pptm": "application/vnd.ms-powerpoint.presentation.macroenabled.12", - "sldm": "application/vnd.ms-powerpoint.slide.macroenabled.12", - "ppsm": "application/vnd.ms-powerpoint.slideshow.macroenabled.12", - "potm": "application/vnd.ms-powerpoint.template.macroenabled.12", - "mpp": "application/vnd.ms-project", - "docm": "application/vnd.ms-word.document.macroenabled.12", - "dotm": "application/vnd.ms-word.template.macroenabled.12", - "wps": "application/vnd.ms-works", - "wpl": "application/vnd.ms-wpl", - "xps": "application/vnd.ms-xpsdocument", - "mseq": "application/vnd.mseq", - "mus": "application/vnd.musician", - "msty": "application/vnd.muvee.style", - "taglet": "application/vnd.mynfc", - "nlu": "application/vnd.neurolanguage.nlu", - "nitf": "application/vnd.nitf", - "nnd": "application/vnd.noblenet-directory", - "nns": "application/vnd.noblenet-sealer", - "nnw": "application/vnd.noblenet-web", - "ngdat": "application/vnd.nokia.n-gage.data", - "n-gage": "application/vnd.nokia.n-gage.symbian.install", - "rpst": "application/vnd.nokia.radio-preset", - "rpss": "application/vnd.nokia.radio-presets", - "edm": "application/vnd.novadigm.edm", - "edx": "application/vnd.novadigm.edx", - "ext": "application/vnd.novadigm.ext", - "odc": "application/vnd.oasis.opendocument.chart", - "otc": "application/vnd.oasis.opendocument.chart-template", - "odb": "application/vnd.oasis.opendocument.database", - "odf": "application/vnd.oasis.opendocument.formula", - "odft": "application/vnd.oasis.opendocument.formula-template", - "odg": "application/vnd.oasis.opendocument.graphics", - "otg": "application/vnd.oasis.opendocument.graphics-template", - "odi": "application/vnd.oasis.opendocument.image", - "oti": "application/vnd.oasis.opendocument.image-template", - "odp": "application/vnd.oasis.opendocument.presentation", - "otp": "application/vnd.oasis.opendocument.presentation-template", - "ods": "application/vnd.oasis.opendocument.spreadsheet", - "ots": "application/vnd.oasis.opendocument.spreadsheet-template", - "odt": "application/vnd.oasis.opendocument.text", - "odm": "application/vnd.oasis.opendocument.text-master", - "ott": "application/vnd.oasis.opendocument.text-template", - "oth": "application/vnd.oasis.opendocument.text-web", - "xo": "application/vnd.olpc-sugar", - "dd2": "application/vnd.oma.dd2+xml", - "oxt": "application/vnd.openofficeorg.extension", - "pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation", - "sldx": "application/vnd.openxmlformats-officedocument.presentationml.slide", - "ppsx": "application/vnd.openxmlformats-officedocument.presentationml.slideshow", - "potx": "application/vnd.openxmlformats-officedocument.presentationml.template", - "xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", - "xltx": "application/vnd.openxmlformats-officedocument.spreadsheetml.template", - "docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", - "dotx": "application/vnd.openxmlformats-officedocument.wordprocessingml.template", - "mgp": "application/vnd.osgeo.mapguide.package", - "dp": "application/vnd.osgi.dp", - "esa": "application/vnd.osgi.subsystem", - "oprc": "application/vnd.palm", - "paw": "application/vnd.pawaafile", - "str": "application/vnd.pg.format", - "ei6": "application/vnd.pg.osasli", - "efif": "application/vnd.picsel", - "wg": "application/vnd.pmi.widget", - "plf": "application/vnd.pocketlearn", - "pbd": "application/vnd.powerbuilder6", - "box": "application/vnd.previewsystems.box", - "mgz": "application/vnd.proteus.magazine", - "qps": "application/vnd.publishare-delta-tree", - "ptid": "application/vnd.pvi.ptid1", - "qwd": "application/vnd.quark.quarkxpress", - "bed": "application/vnd.realvnc.bed", - "mxl": "application/vnd.recordare.musicxml", - "musicxml": "application/vnd.recordare.musicxml+xml", - "cryptonote": "application/vnd.rig.cryptonote", - "cod": "application/vnd.rim.cod", - "rm": "application/vnd.rn-realmedia", - "rmvb": "application/vnd.rn-realmedia-vbr", - "link66": "application/vnd.route66.link66+xml", - "st": "application/vnd.sailingtracker.track", - "see": "application/vnd.seemail", - "sema": "application/vnd.sema", - "semd": "application/vnd.semd", - "semf": "application/vnd.semf", - "ifm": "application/vnd.shana.informed.formdata", - "itp": "application/vnd.shana.informed.formtemplate", - "iif": "application/vnd.shana.informed.interchange", - "ipk": "application/vnd.shana.informed.package", - "twd": "application/vnd.simtech-mindmapper", - "mmf": "application/vnd.smaf", - "teacher": "application/vnd.smart.teacher", - "sdkd": "application/vnd.solent.sdkm+xml", - "dxp": "application/vnd.spotfire.dxp", - "sfs": "application/vnd.spotfire.sfs", - "sdc": "application/vnd.stardivision.calc", - "sda": "application/vnd.stardivision.draw", - "sdd": "application/vnd.stardivision.impress", - "smf": "application/vnd.stardivision.math", - "sdw": "application/vnd.stardivision.writer", - "sgl": "application/vnd.stardivision.writer-global", - "smzip": "application/vnd.stepmania.package", - "sm": "application/vnd.stepmania.stepchart", - "sxc": "application/vnd.sun.xml.calc", - "stc": "application/vnd.sun.xml.calc.template", - "sxd": "application/vnd.sun.xml.draw", - "std": "application/vnd.sun.xml.draw.template", - "sxi": "application/vnd.sun.xml.impress", - "sti": "application/vnd.sun.xml.impress.template", - "sxm": "application/vnd.sun.xml.math", - "sxw": "application/vnd.sun.xml.writer", - "sxg": "application/vnd.sun.xml.writer.global", - "stw": "application/vnd.sun.xml.writer.template", - "sus": "application/vnd.sus-calendar", - "svd": "application/vnd.svd", - "sis": "application/vnd.symbian.install", - "bdm": "application/vnd.syncml.dm+wbxml", - "xdm": "application/vnd.syncml.dm+xml", - "xsm": "application/vnd.syncml+xml", - "tao": "application/vnd.tao.intent-module-archive", - "cap": "application/vnd.tcpdump.pcap", - "tmo": "application/vnd.tmobile-livetv", - "tpt": "application/vnd.trid.tpt", - "mxs": "application/vnd.triscape.mxs", - "tra": "application/vnd.trueapp", - "ufd": "application/vnd.ufdl", - "utz": "application/vnd.uiq.theme", - "umj": "application/vnd.umajin", - "unityweb": "application/vnd.unity", - "uoml": "application/vnd.uoml+xml", - "vcx": "application/vnd.vcx", - "vss": "application/vnd.visio", - "vis": "application/vnd.visionary", - "vsf": "application/vnd.vsf", - "wbxml": "application/vnd.wap.wbxml", - "wmlc": "application/vnd.wap.wmlc", - "wmlsc": "application/vnd.wap.wmlscriptc", - "wtb": "application/vnd.webturbo", - "nbp": "application/vnd.wolfram.player", - "wpd": "application/vnd.wordperfect", - "wqd": "application/vnd.wqd", - "stf": "application/vnd.wt.stf", - "xar": "application/vnd.xara", - "xfdl": "application/vnd.xfdl", - "hvd": "application/vnd.yamaha.hv-dic", - "hvs": "application/vnd.yamaha.hv-script", - "hvp": "application/vnd.yamaha.hv-voice", - "osf": "application/vnd.yamaha.openscoreformat", - "osfpvg": "application/vnd.yamaha.openscoreformat.osfpvg+xml", - "saf": "application/vnd.yamaha.smaf-audio", - "spf": "application/vnd.yamaha.smaf-phrase", - "cmp": "application/vnd.yellowriver-custom-menu", - "zir": "application/vnd.zul", - "zaz": "application/vnd.zzazz.deck+xml", - "vxml": "application/voicexml+xml", - "wgt": "application/widget", - "hlp": "application/winhlp", - "wsdl": "application/wsdl+xml", - "wspolicy": "application/wspolicy+xml", - "7z": "application/x-7z-compressed", - "abw": "application/x-abiword", - "ace": "application/x-ace-compressed", - "dmg": "application/x-apple-diskimage", - "aab": "application/x-authorware-bin", - "aam": "application/x-authorware-map", - "aas": "application/x-authorware-seg", - "bcpio": "application/x-bcpio", - "torrent": "application/x-bittorrent", - "blb": "application/x-blorb", - "bz": "application/x-bzip", - "bz2": "application/x-bzip2", - "cbr": "application/x-cbr", - "vcd": "application/x-cdlink", - "cfs": "application/x-cfs-compressed", - "chat": "application/x-chat", - "pgn": "application/x-chess-pgn", - "nsc": "application/x-conference", - "cpio": "application/x-cpio", - "csh": "application/x-csh", - "deb": "application/x-debian-package", - "dgc": "application/x-dgc-compressed", - "cct": "application/x-director", - "wad": "application/x-doom", - "ncx": "application/x-dtbncx+xml", - "dtb": "application/x-dtbook+xml", - "res": "application/x-dtbresource+xml", - "dvi": "application/x-dvi", - "evy": "application/x-envoy", - "eva": "application/x-eva", - "bdf": "application/x-font-bdf", - "gsf": "application/x-font-ghostscript", - "psf": "application/x-font-linux-psf", - "pcf": "application/x-font-pcf", - "snf": "application/x-font-snf", - "afm": "application/x-font-type1", - "arc": "application/x-freearc", - "spl": "application/x-futuresplash", - "gca": "application/x-gca-compressed", - "ulx": "application/x-glulx", - "gnumeric": "application/x-gnumeric", - "gramps": "application/x-gramps-xml", - "gtar": "application/x-gtar", - "hdf": "application/x-hdf", - "install": "application/x-install-instructions", - "iso": "application/x-iso9660-image", - "jnlp": "application/x-java-jnlp-file", - "latex": "application/x-latex", - "lzh": "application/x-lzh-compressed", - "mie": "application/x-mie", - "mobi": "application/x-mobipocket-ebook", - "application": "application/x-ms-application", - "lnk": "application/x-ms-shortcut", - "wmd": "application/x-ms-wmd", - "wmz": "application/x-ms-wmz", - "xbap": "application/x-ms-xbap", - "mdb": "application/x-msaccess", - "obd": "application/x-msbinder", - "crd": "application/x-mscardfile", - "clp": "application/x-msclip", - "mny": "application/x-msmoney", - "pub": "application/x-mspublisher", - "scd": "application/x-msschedule", - "trm": "application/x-msterminal", - "wri": "application/x-mswrite", - "nzb": "application/x-nzb", - "p12": "application/x-pkcs12", - "p7b": "application/x-pkcs7-certificates", - "p7r": "application/x-pkcs7-certreqresp", - "rar": "application/x-rar-compressed", - "ris": "application/x-research-info-systems", - "sh": "application/x-sh", - "shar": "application/x-shar", - "swf": "application/x-shockwave-flash", - "xap": "application/x-silverlight-app", - "sql": "application/x-sql", - "sit": "application/x-stuffit", - "sitx": "application/x-stuffitx", - "srt": "application/x-subrip", - "sv4cpio": "application/x-sv4cpio", - "sv4crc": "application/x-sv4crc", - "t3": "application/x-t3vm-image", - "gam": "application/x-tads", - "tar": "application/x-tar", - "tcl": "application/x-tcl", - "tex": "application/x-tex", - "tfm": "application/x-tex-tfm", - "texi": "application/x-texinfo", - "obj": "application/x-tgif", - "ustar": "application/x-ustar", - "src": "application/x-wais-source", - "crt": "application/x-x509-ca-cert", - "fig": "application/x-xfig", - "xlf": "application/x-xliff+xml", - "xpi": "application/x-xpinstall", - "xz": "application/x-xz", - "xaml": "application/xaml+xml", - "xdf": "application/xcap-diff+xml", - "xenc": "application/xenc+xml", - "xhtml": "application/xhtml+xml", - "xml": "application/xml", - "dtd": "application/xml-dtd", - "xop": "application/xop+xml", - "xpl": "application/xproc+xml", - "xslt": "application/xslt+xml", - "xspf": "application/xspf+xml", - "mxml": "application/xv+xml", - "yang": "application/yang", - "yin": "application/yin+xml", - "zip": "application/zip", - "adp": "audio/adpcm", - "au": "audio/basic", - "mid": "audio/midi", - "m4a": "audio/mp4", - "mp3": "audio/mpeg", - "ogg": "audio/ogg", - "s3m": "audio/s3m", - "sil": "audio/silk", - "uva": "audio/vnd.dece.audio", - "eol": "audio/vnd.digital-winds", - "dra": "audio/vnd.dra", - "dts": "audio/vnd.dts", - "dtshd": "audio/vnd.dts.hd", - "lvp": "audio/vnd.lucent.voice", - "pya": "audio/vnd.ms-playready.media.pya", - "ecelp4800": "audio/vnd.nuera.ecelp4800", - "ecelp7470": "audio/vnd.nuera.ecelp7470", - "ecelp9600": "audio/vnd.nuera.ecelp9600", - "rip": "audio/vnd.rip", - "weba": "audio/webm", - "aac": "audio/x-aac", - "aiff": "audio/x-aiff", - "caf": "audio/x-caf", - "flac": "audio/x-flac", - "mka": "audio/x-matroska", - "m3u": "audio/x-mpegurl", - "wax": "audio/x-ms-wax", - "wma": "audio/x-ms-wma", - "rmp": "audio/x-pn-realaudio-plugin", - "wav": "audio/x-wav", - "xm": "audio/xm", - "cdx": "chemical/x-cdx", - "cif": "chemical/x-cif", - "cmdf": "chemical/x-cmdf", - "cml": "chemical/x-cml", - "csml": "chemical/x-csml", - "xyz": "chemical/x-xyz", - "ttc": "font/collection", - "otf": "font/otf", - "ttf": "font/ttf", - "woff": "font/woff", - "woff2": "font/woff2", - "bmp": "image/bmp", - "cgm": "image/cgm", - "g3": "image/g3fax", - "gif": "image/gif", - "ief": "image/ief", - "jpg": "image/jpeg", - "ktx": "image/ktx", - "png": "image/png", - "btif": "image/prs.btif", - "sgi": "image/sgi", - "svg": "image/svg+xml", - "tiff": "image/tiff", - "psd": "image/vnd.adobe.photoshop", - "dwg": "image/vnd.dwg", - "dxf": "image/vnd.dxf", - "fbs": "image/vnd.fastbidsheet", - "fpx": "image/vnd.fpx", - "fst": "image/vnd.fst", - "mmr": "image/vnd.fujixerox.edmics-mmr", - "rlc": "image/vnd.fujixerox.edmics-rlc", - "mdi": "image/vnd.ms-modi", - "wdp": "image/vnd.ms-photo", - "npx": "image/vnd.net-fpx", - "wbmp": "image/vnd.wap.wbmp", - "xif": "image/vnd.xiff", - "webp": "image/webp", - "3ds": "image/x-3ds", - "ras": "image/x-cmu-raster", - "cmx": "image/x-cmx", - "ico": "image/x-icon", - "sid": "image/x-mrsid-image", - "pcx": "image/x-pcx", - "pnm": "image/x-portable-anymap", - "pbm": "image/x-portable-bitmap", - "pgm": "image/x-portable-graymap", - "ppm": "image/x-portable-pixmap", - "rgb": "image/x-rgb", - "tga": "image/x-tga", - "xbm": "image/x-xbitmap", - "xpm": "image/x-xpixmap", - "xwd": "image/x-xwindowdump", - "dae": "model/vnd.collada+xml", - "dwf": "model/vnd.dwf", - "gdl": "model/vnd.gdl", - "gtw": "model/vnd.gtw", - "mts": "model/vnd.mts", - "vtu": "model/vnd.vtu", - "appcache": "text/cache-manifest", - "ics": "text/calendar", - "css": "text/css", - "csv": "text/csv", - "html": "text/html", - "n3": "text/n3", - "txt": "text/plain", - "dsc": "text/prs.lines.tag", - "rtx": "text/richtext", - "tsv": "text/tab-separated-values", - "ttl": "text/turtle", - "vcard": "text/vcard", - "curl": "text/vnd.curl", - "dcurl": "text/vnd.curl.dcurl", - "mcurl": "text/vnd.curl.mcurl", - "scurl": "text/vnd.curl.scurl", - "sub": "text/vnd.dvb.subtitle", - "fly": "text/vnd.fly", - "flx": "text/vnd.fmi.flexstor", - "gv": "text/vnd.graphviz", - "3dml": "text/vnd.in3d.3dml", - "spot": "text/vnd.in3d.spot", - "jad": "text/vnd.sun.j2me.app-descriptor", - "wml": "text/vnd.wap.wml", - "wmls": "text/vnd.wap.wmlscript", - "asm": "text/x-asm", - "c": "text/x-c", - "java": "text/x-java-source", - "nfo": "text/x-nfo", - "opml": "text/x-opml", - "pas": "text/x-pascal", - "etx": "text/x-setext", - "sfv": "text/x-sfv", - "uu": "text/x-uuencode", - "vcs": "text/x-vcalendar", - "vcf": "text/x-vcard", - "3gp": "video/3gpp", - "3g2": "video/3gpp2", - "h261": "video/h261", - "h263": "video/h263", - "h264": "video/h264", - "jpgv": "video/jpeg", - "mp4": "video/mp4", - "mpeg": "video/mpeg", - "ogv": "video/ogg", - "dvb": "video/vnd.dvb.file", - "fvt": "video/vnd.fvt", - "pyv": "video/vnd.ms-playready.media.pyv", - "viv": "video/vnd.vivo", - "webm": "video/webm", - "f4v": "video/x-f4v", - "fli": "video/x-fli", - "flv": "video/x-flv", - "m4v": "video/x-m4v", - "mkv": "video/x-matroska", - "mng": "video/x-mng", - "asf": "video/x-ms-asf", - "vob": "video/x-ms-vob", - "wm": "video/x-ms-wm", - "wmv": "video/x-ms-wmv", - "wmx": "video/x-ms-wmx", - "wvx": "video/x-ms-wvx", - "avi": "video/x-msvideo", - "movie": "video/x-sgi-movie", - "smv": "video/x-smv", - "ice": "x-conference/x-cooltalk", -} diff --git a/.worktrees/config/m/config-build/active/internal/misc/oauth.go b/.worktrees/config/m/config-build/active/internal/misc/oauth.go deleted file mode 100644 index c14f39d2fb..0000000000 --- a/.worktrees/config/m/config-build/active/internal/misc/oauth.go +++ /dev/null @@ -1,103 +0,0 @@ -package misc - -import ( - "crypto/rand" - "encoding/hex" - "fmt" - "net/url" - "strings" -) - -// GenerateRandomState generates a cryptographically secure random state parameter -// for OAuth2 flows to prevent CSRF attacks. -// -// Returns: -// - string: A hexadecimal encoded random state string -// - error: An error if the random generation fails, nil otherwise -func GenerateRandomState() (string, error) { - bytes := make([]byte, 16) - if _, err := rand.Read(bytes); err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - return hex.EncodeToString(bytes), nil -} - -// OAuthCallback captures the parsed OAuth callback parameters. -type OAuthCallback struct { - Code string - State string - Error string - ErrorDescription string -} - -// ParseOAuthCallback extracts OAuth parameters from a callback URL. -// It returns nil when the input is empty. -func ParseOAuthCallback(input string) (*OAuthCallback, error) { - trimmed := strings.TrimSpace(input) - if trimmed == "" { - return nil, nil - } - - candidate := trimmed - if !strings.Contains(candidate, "://") { - if strings.HasPrefix(candidate, "?") { - candidate = "http://localhost" + candidate - } else if strings.ContainsAny(candidate, "/?#") || strings.Contains(candidate, ":") { - candidate = "http://" + candidate - } else if strings.Contains(candidate, "=") { - candidate = "http://localhost/?" + candidate - } else { - return nil, fmt.Errorf("invalid callback URL") - } - } - - parsedURL, err := url.Parse(candidate) - if err != nil { - return nil, err - } - - query := parsedURL.Query() - code := strings.TrimSpace(query.Get("code")) - state := strings.TrimSpace(query.Get("state")) - errCode := strings.TrimSpace(query.Get("error")) - errDesc := strings.TrimSpace(query.Get("error_description")) - - if parsedURL.Fragment != "" { - if fragQuery, errFrag := url.ParseQuery(parsedURL.Fragment); errFrag == nil { - if code == "" { - code = strings.TrimSpace(fragQuery.Get("code")) - } - if state == "" { - state = strings.TrimSpace(fragQuery.Get("state")) - } - if errCode == "" { - errCode = strings.TrimSpace(fragQuery.Get("error")) - } - if errDesc == "" { - errDesc = strings.TrimSpace(fragQuery.Get("error_description")) - } - } - } - - if code != "" && state == "" && strings.Contains(code, "#") { - parts := strings.SplitN(code, "#", 2) - code = parts[0] - state = parts[1] - } - - if errCode == "" && errDesc != "" { - errCode = errDesc - errDesc = "" - } - - if code == "" && errCode == "" { - return nil, fmt.Errorf("callback URL missing code") - } - - return &OAuthCallback{ - Code: code, - State: state, - Error: errCode, - ErrorDescription: errDesc, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/registry/kilo_models.go b/.worktrees/config/m/config-build/active/internal/registry/kilo_models.go deleted file mode 100644 index ac9939dbb7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/registry/kilo_models.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package registry provides model definitions for various AI service providers. -package registry - -// GetKiloModels returns the Kilo model definitions -func GetKiloModels() []*ModelInfo { - return []*ModelInfo{ - // --- Base Models --- - { - ID: "kilo/auto", - Object: "model", - Created: 1732752000, - OwnedBy: "kilo", - Type: "kilo", - DisplayName: "Kilo Auto", - Description: "Automatic model selection by Kilo", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} diff --git a/.worktrees/config/m/config-build/active/internal/registry/kiro_model_converter.go b/.worktrees/config/m/config-build/active/internal/registry/kiro_model_converter.go deleted file mode 100644 index fe50a8f306..0000000000 --- a/.worktrees/config/m/config-build/active/internal/registry/kiro_model_converter.go +++ /dev/null @@ -1,303 +0,0 @@ -// Package registry provides Kiro model conversion utilities. -// This file handles converting dynamic Kiro API model lists to the internal ModelInfo format, -// and merging with static metadata for thinking support and other capabilities. -package registry - -import ( - "strings" - "time" -) - -// KiroAPIModel represents a model from Kiro API response. -// This is a local copy to avoid import cycles with the kiro package. -// The structure mirrors kiro.KiroModel for easy data conversion. -type KiroAPIModel struct { - // ModelID is the unique identifier for the model (e.g., "claude-sonnet-4.5") - ModelID string - // ModelName is the human-readable name - ModelName string - // Description is the model description - Description string - // RateMultiplier is the credit multiplier for this model - RateMultiplier float64 - // RateUnit is the unit for rate calculation (e.g., "credit") - RateUnit string - // MaxInputTokens is the maximum input token limit - MaxInputTokens int -} - -// DefaultKiroThinkingSupport defines the default thinking configuration for Kiro models. -// All Kiro models support thinking with the following budget range. -var DefaultKiroThinkingSupport = &ThinkingSupport{ - Min: 1024, // Minimum thinking budget tokens - Max: 32000, // Maximum thinking budget tokens - ZeroAllowed: true, // Allow disabling thinking with 0 - DynamicAllowed: true, // Allow dynamic thinking budget (-1) -} - -// DefaultKiroContextLength is the default context window size for Kiro models. -const DefaultKiroContextLength = 200000 - -// DefaultKiroMaxCompletionTokens is the default max completion tokens for Kiro models. -const DefaultKiroMaxCompletionTokens = 64000 - -// ConvertKiroAPIModels converts Kiro API models to internal ModelInfo format. -// It performs the following transformations: -// - Normalizes model ID (e.g., claude-sonnet-4.5 → kiro-claude-sonnet-4-5) -// - Adds default thinking support metadata -// - Sets default context length and max completion tokens if not provided -// -// Parameters: -// - kiroModels: List of models from Kiro API response -// -// Returns: -// - []*ModelInfo: Converted model information list -func ConvertKiroAPIModels(kiroModels []*KiroAPIModel) []*ModelInfo { - if len(kiroModels) == 0 { - return nil - } - - now := time.Now().Unix() - result := make([]*ModelInfo, 0, len(kiroModels)) - - for _, km := range kiroModels { - // Skip nil models - if km == nil { - continue - } - - // Skip models without valid ID - if km.ModelID == "" { - continue - } - - // Normalize the model ID to kiro-* format - normalizedID := normalizeKiroModelID(km.ModelID) - - // Create ModelInfo with converted data - info := &ModelInfo{ - ID: normalizedID, - Object: "model", - Created: now, - OwnedBy: "aws", - Type: "kiro", - DisplayName: generateKiroDisplayName(km.ModelName, normalizedID), - Description: km.Description, - // Use MaxInputTokens from API if available, otherwise use default - ContextLength: getContextLength(km.MaxInputTokens), - MaxCompletionTokens: DefaultKiroMaxCompletionTokens, - // All Kiro models support thinking - Thinking: cloneThinkingSupport(DefaultKiroThinkingSupport), - } - - result = append(result, info) - } - - return result -} - -// GenerateAgenticVariants creates -agentic variants for each model. -// Agentic variants are optimized for coding agents with chunked writes. -// -// Parameters: -// - models: Base models to generate variants for -// -// Returns: -// - []*ModelInfo: Combined list of base models and their agentic variants -func GenerateAgenticVariants(models []*ModelInfo) []*ModelInfo { - if len(models) == 0 { - return nil - } - - // Pre-allocate result with capacity for both base models and variants - result := make([]*ModelInfo, 0, len(models)*2) - - for _, model := range models { - if model == nil { - continue - } - - // Add the base model first - result = append(result, model) - - // Skip if model already has -agentic suffix - if strings.HasSuffix(model.ID, "-agentic") { - continue - } - - // Skip special models that shouldn't have agentic variants - if model.ID == "kiro-auto" { - continue - } - - // Create agentic variant - agenticModel := &ModelInfo{ - ID: model.ID + "-agentic", - Object: model.Object, - Created: model.Created, - OwnedBy: model.OwnedBy, - Type: model.Type, - DisplayName: model.DisplayName + " (Agentic)", - Description: generateAgenticDescription(model.Description), - ContextLength: model.ContextLength, - MaxCompletionTokens: model.MaxCompletionTokens, - Thinking: cloneThinkingSupport(model.Thinking), - } - - result = append(result, agenticModel) - } - - return result -} - -// MergeWithStaticMetadata merges dynamic models with static metadata. -// Static metadata takes priority for any overlapping fields. -// This allows manual overrides for specific models while keeping dynamic discovery. -// -// Parameters: -// - dynamicModels: Models from Kiro API (converted to ModelInfo) -// - staticModels: Predefined model metadata (from GetKiroModels()) -// -// Returns: -// - []*ModelInfo: Merged model list with static metadata taking priority -func MergeWithStaticMetadata(dynamicModels, staticModels []*ModelInfo) []*ModelInfo { - if len(dynamicModels) == 0 && len(staticModels) == 0 { - return nil - } - - // Build a map of static models for quick lookup - staticMap := make(map[string]*ModelInfo, len(staticModels)) - for _, sm := range staticModels { - if sm != nil && sm.ID != "" { - staticMap[sm.ID] = sm - } - } - - // Build result, preferring static metadata where available - seenIDs := make(map[string]struct{}) - result := make([]*ModelInfo, 0, len(dynamicModels)+len(staticModels)) - - // First, process dynamic models and merge with static if available - for _, dm := range dynamicModels { - if dm == nil || dm.ID == "" { - continue - } - - // Skip duplicates - if _, seen := seenIDs[dm.ID]; seen { - continue - } - seenIDs[dm.ID] = struct{}{} - - // Check if static metadata exists for this model - if sm, exists := staticMap[dm.ID]; exists { - // Static metadata takes priority - use static model - result = append(result, sm) - } else { - // No static metadata - use dynamic model - result = append(result, dm) - } - } - - // Add any static models not in dynamic list - for _, sm := range staticModels { - if sm == nil || sm.ID == "" { - continue - } - if _, seen := seenIDs[sm.ID]; seen { - continue - } - seenIDs[sm.ID] = struct{}{} - result = append(result, sm) - } - - return result -} - -// normalizeKiroModelID converts Kiro API model IDs to internal format. -// Transformation rules: -// - Adds "kiro-" prefix if not present -// - Replaces dots with hyphens (e.g., 4.5 → 4-5) -// - Handles special cases like "auto" → "kiro-auto" -// -// Examples: -// - "claude-sonnet-4.5" → "kiro-claude-sonnet-4-5" -// - "claude-opus-4.5" → "kiro-claude-opus-4-5" -// - "auto" → "kiro-auto" -// - "kiro-claude-sonnet-4-5" → "kiro-claude-sonnet-4-5" (unchanged) -func normalizeKiroModelID(modelID string) string { - if modelID == "" { - return "" - } - - // Trim whitespace - modelID = strings.TrimSpace(modelID) - - // Replace dots with hyphens (e.g., 4.5 → 4-5) - normalized := strings.ReplaceAll(modelID, ".", "-") - - // Add kiro- prefix if not present - if !strings.HasPrefix(normalized, "kiro-") { - normalized = "kiro-" + normalized - } - - return normalized -} - -// generateKiroDisplayName creates a human-readable display name. -// Uses the API-provided model name if available, otherwise generates from ID. -func generateKiroDisplayName(modelName, normalizedID string) string { - if modelName != "" { - return "Kiro " + modelName - } - - // Generate from normalized ID by removing kiro- prefix and formatting - displayID := strings.TrimPrefix(normalizedID, "kiro-") - // Capitalize first letter of each word - words := strings.Split(displayID, "-") - for i, word := range words { - if len(word) > 0 { - words[i] = strings.ToUpper(word[:1]) + word[1:] - } - } - return "Kiro " + strings.Join(words, " ") -} - -// generateAgenticDescription creates description for agentic variants. -func generateAgenticDescription(baseDescription string) string { - if baseDescription == "" { - return "Optimized for coding agents with chunked writes" - } - return baseDescription + " (Agentic mode: chunked writes)" -} - -// getContextLength returns the context length, using default if not provided. -func getContextLength(maxInputTokens int) int { - if maxInputTokens > 0 { - return maxInputTokens - } - return DefaultKiroContextLength -} - -// cloneThinkingSupport creates a deep copy of ThinkingSupport. -// Returns nil if input is nil. -func cloneThinkingSupport(ts *ThinkingSupport) *ThinkingSupport { - if ts == nil { - return nil - } - - clone := &ThinkingSupport{ - Min: ts.Min, - Max: ts.Max, - ZeroAllowed: ts.ZeroAllowed, - DynamicAllowed: ts.DynamicAllowed, - } - - // Deep copy Levels slice if present - if len(ts.Levels) > 0 { - clone.Levels = make([]string, len(ts.Levels)) - copy(clone.Levels, ts.Levels) - } - - return clone -} diff --git a/.worktrees/config/m/config-build/active/internal/registry/model_definitions.go b/.worktrees/config/m/config-build/active/internal/registry/model_definitions.go deleted file mode 100644 index 1b69021d2c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/registry/model_definitions.go +++ /dev/null @@ -1,762 +0,0 @@ -// Package registry provides model definitions and lookup helpers for various AI providers. -// Static model metadata is stored in model_definitions_static_data.go. -package registry - -import ( - "sort" - "strings" -) - -// GetStaticModelDefinitionsByChannel returns static model definitions for a given channel/provider. -// It returns nil when the channel is unknown. -// -// Supported channels: -// - claude -// - gemini -// - vertex -// - gemini-cli -// - aistudio -// - codex -// - qwen -// - iflow -// - kimi -// - kiro -// - kilo -// - github-copilot -// - kiro -// - amazonq -// - antigravity (returns static overrides only) -func GetStaticModelDefinitionsByChannel(channel string) []*ModelInfo { - key := strings.ToLower(strings.TrimSpace(channel)) - switch key { - case "claude": - return GetClaudeModels() - case "gemini": - return GetGeminiModels() - case "vertex": - return GetGeminiVertexModels() - case "gemini-cli": - return GetGeminiCLIModels() - case "aistudio": - return GetAIStudioModels() - case "codex": - return GetOpenAIModels() - case "qwen": - return GetQwenModels() - case "iflow": - return GetIFlowModels() - case "kimi": - return GetKimiModels() - case "github-copilot": - return GetGitHubCopilotModels() - case "kiro": - return GetKiroModels() - case "kilo": - return GetKiloModels() - case "amazonq": - return GetAmazonQModels() - case "antigravity": - cfg := GetAntigravityModelConfig() - if len(cfg) == 0 { - return nil - } - models := make([]*ModelInfo, 0, len(cfg)) - for modelID, entry := range cfg { - if modelID == "" || entry == nil { - continue - } - models = append(models, &ModelInfo{ - ID: modelID, - Object: "model", - OwnedBy: "antigravity", - Type: "antigravity", - Thinking: entry.Thinking, - MaxCompletionTokens: entry.MaxCompletionTokens, - }) - } - sort.Slice(models, func(i, j int) bool { - return strings.ToLower(models[i].ID) < strings.ToLower(models[j].ID) - }) - return models - default: - return nil - } -} - -// LookupStaticModelInfo searches all static model definitions for a model by ID. -// Returns nil if no matching model is found. -func LookupStaticModelInfo(modelID string) *ModelInfo { - if modelID == "" { - return nil - } - - allModels := [][]*ModelInfo{ - GetClaudeModels(), - GetGeminiModels(), - GetGeminiVertexModels(), - GetGeminiCLIModels(), - GetAIStudioModels(), - GetOpenAIModels(), - GetQwenModels(), - GetIFlowModels(), - GetKimiModels(), - GetGitHubCopilotModels(), - GetKiroModels(), - GetKiloModels(), - GetAmazonQModels(), - } - for _, models := range allModels { - for _, m := range models { - if m != nil && m.ID == modelID { - return m - } - } - } - - // Check Antigravity static config - if cfg := GetAntigravityModelConfig()[modelID]; cfg != nil { - return &ModelInfo{ - ID: modelID, - Thinking: cfg.Thinking, - MaxCompletionTokens: cfg.MaxCompletionTokens, - } - } - - return nil -} - -// GetGitHubCopilotModels returns the available models for GitHub Copilot. -// These models are available through the GitHub Copilot API at api.githubcopilot.com. -func GetGitHubCopilotModels() []*ModelInfo { - now := int64(1732752000) // 2024-11-27 - gpt4oEntries := []struct { - ID string - DisplayName string - Description string - }{ - {ID: "gpt-4o-2024-11-20", DisplayName: "GPT-4o (2024-11-20)", Description: "OpenAI GPT-4o 2024-11-20 via GitHub Copilot"}, - {ID: "gpt-4o-2024-08-06", DisplayName: "GPT-4o (2024-08-06)", Description: "OpenAI GPT-4o 2024-08-06 via GitHub Copilot"}, - {ID: "gpt-4o-2024-05-13", DisplayName: "GPT-4o (2024-05-13)", Description: "OpenAI GPT-4o 2024-05-13 via GitHub Copilot"}, - {ID: "gpt-4o", DisplayName: "GPT-4o", Description: "OpenAI GPT-4o via GitHub Copilot"}, - {ID: "gpt-4-o-preview", DisplayName: "GPT-4-o Preview", Description: "OpenAI GPT-4-o Preview via GitHub Copilot"}, - } - - models := []*ModelInfo{ - { - ID: "gpt-4.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-4.1", - Description: "OpenAI GPT-4.1 via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - } - - for _, entry := range gpt4oEntries { - models = append(models, &ModelInfo{ - ID: entry.ID, - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: entry.DisplayName, - Description: entry.Description, - ContextLength: 128000, - MaxCompletionTokens: 16384, - }) - } - - return append(models, []*ModelInfo{ - { - ID: "gpt-5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5", - Description: "OpenAI GPT-5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-mini", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Mini", - Description: "OpenAI GPT-5 Mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex", - Description: "OpenAI GPT-5 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1", - Description: "OpenAI GPT-5.1 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex", - Description: "OpenAI GPT-5.1 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-mini", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex Mini", - Description: "OpenAI GPT-5.1 Codex Mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-max", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex Max", - Description: "OpenAI GPT-5.1 Codex Max via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2", - Description: "OpenAI GPT-5.2 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2 Codex", - Description: "OpenAI GPT-5.2 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.3 Codex", - Description: "OpenAI GPT-5.3 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "claude-haiku-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Haiku 4.5", - Description: "Anthropic Claude Haiku 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.1", - Description: "Anthropic Claude Opus 4.1 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.5", - Description: "Anthropic Claude Opus 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.6", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.6", - Description: "Anthropic Claude Opus 4.6 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4", - Description: "Anthropic Claude Sonnet 4 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4.5", - Description: "Anthropic Claude Sonnet 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4.6", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4.6", - Description: "Anthropic Claude Sonnet 4.6 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "gemini-2.5-pro", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 2.5 Pro", - Description: "Google Gemini 2.5 Pro via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3 Pro (Preview)", - Description: "Google Gemini 3 Pro Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3.1 Pro (Preview)", - Description: "Google Gemini 3.1 Pro Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3 Flash (Preview)", - Description: "Google Gemini 3 Flash Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "grok-code-fast-1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Grok Code Fast 1", - Description: "xAI Grok Code Fast 1 via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "oswe-vscode-prime", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Raptor mini (Preview)", - Description: "Raptor mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - }, - }...) -} - -// GetKiroModels returns the Kiro (AWS CodeWhisperer) model definitions -func GetKiroModels() []*ModelInfo { - return []*ModelInfo{ - // --- Base Models --- - { - ID: "kiro-auto", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Auto", - Description: "Automatic model selection by Kiro", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-6", - Object: "model", - Created: 1736899200, // 2025-01-15 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.6", - Description: "Claude Opus 4.6 via Kiro (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-6", - Object: "model", - Created: 1739836800, // 2025-02-18 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.6", - Description: "Claude Sonnet 4.6 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.5", - Description: "Claude Opus 4.5 via Kiro (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.5", - Description: "Claude Sonnet 4.5 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4", - Description: "Claude Sonnet 4 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-haiku-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Haiku 4.5", - Description: "Claude Haiku 4.5 via Kiro (0.4x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - // --- 第三方模型 (通过 Kiro 接入) --- - { - ID: "kiro-deepseek-3-2", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro DeepSeek 3.2", - Description: "DeepSeek 3.2 via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-minimax-m2-1", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro MiniMax M2.1", - Description: "MiniMax M2.1 via Kiro", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-qwen3-coder-next", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Qwen3 Coder Next", - Description: "Qwen3 Coder Next via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-gpt-4o", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4o", - Description: "OpenAI GPT-4o via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "kiro-gpt-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4", - Description: "OpenAI GPT-4 via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 8192, - }, - { - ID: "kiro-gpt-4-turbo", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4 Turbo", - Description: "OpenAI GPT-4 Turbo via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "kiro-gpt-3-5-turbo", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-3.5 Turbo", - Description: "OpenAI GPT-3.5 Turbo via Kiro", - ContextLength: 16384, - MaxCompletionTokens: 4096, - }, - // --- Agentic Variants (Optimized for coding agents with chunked writes) --- - { - ID: "kiro-claude-opus-4-6-agentic", - Object: "model", - Created: 1736899200, // 2025-01-15 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.6 (Agentic)", - Description: "Claude Opus 4.6 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-6-agentic", - Object: "model", - Created: 1739836800, // 2025-02-18 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.6 (Agentic)", - Description: "Claude Sonnet 4.6 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.5 (Agentic)", - Description: "Claude Opus 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.5 (Agentic)", - Description: "Claude Sonnet 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4 (Agentic)", - Description: "Claude Sonnet 4 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-haiku-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Haiku 4.5 (Agentic)", - Description: "Claude Haiku 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetAmazonQModels returns the Amazon Q (AWS CodeWhisperer) model definitions. -// These models use the same API as Kiro and share the same executor. -func GetAmazonQModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "amazonq-auto", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", // Uses Kiro executor - same API - DisplayName: "Amazon Q Auto", - Description: "Automatic model selection by Amazon Q", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-opus-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Opus 4.5", - Description: "Claude Opus 4.5 via Amazon Q (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-sonnet-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Sonnet 4.5", - Description: "Claude Sonnet 4.5 via Amazon Q (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-sonnet-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Sonnet 4", - Description: "Claude Sonnet 4 via Amazon Q (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-haiku-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Haiku 4.5", - Description: "Claude Haiku 4.5 via Amazon Q (0.4x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - } -} diff --git a/.worktrees/config/m/config-build/active/internal/registry/model_definitions_static_data.go b/.worktrees/config/m/config-build/active/internal/registry/model_definitions_static_data.go deleted file mode 100644 index 18a1a3a14f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/registry/model_definitions_static_data.go +++ /dev/null @@ -1,1030 +0,0 @@ -// Package registry provides model definitions for various AI service providers. -// This file stores the static model metadata catalog. -package registry - -// GetClaudeModels returns the standard Claude model definitions -func GetClaudeModels() []*ModelInfo { - return []*ModelInfo{ - - { - ID: "claude-haiku-4-5-20251001", - Object: "model", - Created: 1759276800, // 2025-10-01 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Haiku", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-5-20250929", - Object: "model", - Created: 1759104000, // 2025-09-29 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-6", - Object: "model", - Created: 1771372800, // 2026-02-17 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-6", - Object: "model", - Created: 1770318000, // 2026-02-05 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Opus", - Description: "Premium model combining maximum intelligence with practical performance", - ContextLength: 1000000, - MaxCompletionTokens: 128000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-6", - Object: "model", - Created: 1771286400, // 2026-02-17 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Sonnet", - Description: "Best combination of speed and intelligence", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-5-20251101", - Object: "model", - Created: 1761955200, // 2025-11-01 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Opus", - Description: "Premium model combining maximum intelligence with practical performance", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-1-20250805", - Object: "model", - Created: 1722945600, // 2025-08-05 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.1 Opus", - ContextLength: 200000, - MaxCompletionTokens: 32000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-20250514", - Object: "model", - Created: 1715644800, // 2025-05-14 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4 Opus", - ContextLength: 200000, - MaxCompletionTokens: 32000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-20250514", - Object: "model", - Created: 1715644800, // 2025-05-14 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-3-7-sonnet-20250219", - Object: "model", - Created: 1708300800, // 2025-02-19 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 3.7 Sonnet", - ContextLength: 128000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-3-5-haiku-20241022", - Object: "model", - Created: 1729555200, // 2024-10-22 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 3.5 Haiku", - ContextLength: 128000, - MaxCompletionTokens: 8192, - // Thinking: not supported for Haiku models - }, - } -} - -// GetGeminiModels returns the standard Gemini model definitions -func GetGeminiModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Gemini 3 Flash Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gemini-3-pro-image-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-image-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Image Preview", - Description: "Gemini 3 Pro Image Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - } -} - -func GetGeminiVertexModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-pro-image-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-image-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Image Preview", - Description: "Gemini 3 Pro Image Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - // Imagen image generation models - use :predict action - { - ID: "imagen-4.0-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Generate", - Description: "Imagen 4.0 image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-4.0-ultra-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-ultra-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Ultra Generate", - Description: "Imagen 4.0 Ultra high-quality image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-3.0-generate-002", - Object: "model", - Created: 1740000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-3.0-generate-002", - Version: "3.0", - DisplayName: "Imagen 3.0 Generate", - Description: "Imagen 3.0 image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-3.0-fast-generate-001", - Object: "model", - Created: 1740000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-3.0-fast-generate-001", - Version: "3.0", - DisplayName: "Imagen 3.0 Fast Generate", - Description: "Imagen 3.0 fast image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-4.0-fast-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-fast-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Fast Generate", - Description: "Imagen 4.0 fast image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - } -} - -// GetGeminiCLIModels returns the standard Gemini model definitions -func GetGeminiCLIModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Our most intelligent model with SOTA reasoning and multimodal understanding, and powerful agentic and vibe coding capabilities", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - } -} - -// GetAIStudioModels returns the Gemini model definitions for AI Studio integrations -func GetAIStudioModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-pro-latest", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-pro-latest", - Version: "2.5", - DisplayName: "Gemini Pro Latest", - Description: "Latest release of Gemini Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-flash-latest", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-flash-latest", - Version: "2.5", - DisplayName: "Gemini Flash Latest", - Description: "Latest release of Gemini Flash", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-flash-lite-latest", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-flash-lite-latest", - Version: "2.5", - DisplayName: "Gemini Flash-Lite Latest", - Description: "Latest release of Gemini Flash-Lite", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 512, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - // { - // ID: "gemini-2.5-flash-image-preview", - // Object: "model", - // Created: 1756166400, - // OwnedBy: "google", - // Type: "gemini", - // Name: "models/gemini-2.5-flash-image-preview", - // Version: "2.5", - // DisplayName: "Gemini 2.5 Flash Image Preview", - // Description: "State-of-the-art image generation and editing model.", - // InputTokenLimit: 1048576, - // OutputTokenLimit: 8192, - // SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - // // image models don't support thinkingConfig; leave Thinking nil - // }, - { - ID: "gemini-2.5-flash-image", - Object: "model", - Created: 1759363200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-image", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Image", - Description: "State-of-the-art image generation and editing model.", - InputTokenLimit: 1048576, - OutputTokenLimit: 8192, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - // image models don't support thinkingConfig; leave Thinking nil - }, - } -} - -// GetOpenAIModels returns the standard OpenAI model definitions -func GetOpenAIModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gpt-5", - Object: "model", - Created: 1754524800, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-08-07", - DisplayName: "GPT 5", - Description: "Stable version of GPT 5, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: 1757894400, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-09-15", - DisplayName: "GPT 5 Codex", - Description: "Stable version of GPT 5 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex-mini", - Object: "model", - Created: 1762473600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-11-07", - DisplayName: "GPT 5 Codex Mini", - Description: "Stable version of GPT 5 Codex Mini: cheaper, faster, but less capable version of GPT 5 Codex.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5", - Description: "Stable version of GPT 5, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1 Codex", - Description: "Stable version of GPT 5.1 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-mini", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1 Codex Mini", - Description: "Stable version of GPT 5.1 Codex Mini: cheaper, faster, but less capable version of GPT 5.1 Codex.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-max", - Object: "model", - Created: 1763424000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-max", - DisplayName: "GPT 5.1 Codex Max", - Description: "Stable version of GPT 5.1 Codex Max", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: 1765440000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.2", - DisplayName: "GPT 5.2", - Description: "Stable version of GPT 5.2", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: 1765440000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.2", - DisplayName: "GPT 5.2 Codex", - Description: "Stable version of GPT 5.2 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex", - Object: "model", - Created: 1770307200, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.3", - DisplayName: "GPT 5.3 Codex", - Description: "Stable version of GPT 5.3 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex-spark", - Object: "model", - Created: 1770912000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.3", - DisplayName: "GPT 5.3 Codex Spark", - Description: "Ultra-fast coding model.", - ContextLength: 128000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - } -} - -// GetQwenModels returns the standard Qwen model definitions -func GetQwenModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "qwen3-coder-plus", - Object: "model", - Created: 1753228800, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Coder Plus", - Description: "Advanced code generation and understanding model", - ContextLength: 32768, - MaxCompletionTokens: 8192, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "qwen3-coder-flash", - Object: "model", - Created: 1753228800, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Coder Flash", - Description: "Fast code generation model", - ContextLength: 8192, - MaxCompletionTokens: 2048, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "coder-model", - Object: "model", - Created: 1771171200, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.5", - DisplayName: "Qwen 3.5 Plus", - Description: "efficient hybrid model with leading coding performance", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "vision-model", - Object: "model", - Created: 1758672000, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Vision Model", - Description: "Vision model model", - ContextLength: 32768, - MaxCompletionTokens: 2048, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - } -} - -// iFlowThinkingSupport is a shared ThinkingSupport configuration for iFlow models -// that support thinking mode via chat_template_kwargs.enable_thinking (boolean toggle). -// Uses level-based configuration so standard normalization flows apply before conversion. -var iFlowThinkingSupport = &ThinkingSupport{ - Levels: []string{"none", "auto", "minimal", "low", "medium", "high", "xhigh"}, -} - -// GetIFlowModels returns supported models for iFlow OAuth accounts. -func GetIFlowModels() []*ModelInfo { - entries := []struct { - ID string - DisplayName string - Description string - Created int64 - Thinking *ThinkingSupport - }{ - {ID: "tstars2.0", DisplayName: "TStars-2.0", Description: "iFlow TStars-2.0 multimodal assistant", Created: 1746489600}, - {ID: "qwen3-coder-plus", DisplayName: "Qwen3-Coder-Plus", Description: "Qwen3 Coder Plus code generation", Created: 1753228800}, - {ID: "qwen3-max", DisplayName: "Qwen3-Max", Description: "Qwen3 flagship model", Created: 1758672000}, - {ID: "qwen3-vl-plus", DisplayName: "Qwen3-VL-Plus", Description: "Qwen3 multimodal vision-language", Created: 1758672000}, - {ID: "qwen3-max-preview", DisplayName: "Qwen3-Max-Preview", Description: "Qwen3 Max preview build", Created: 1757030400, Thinking: iFlowThinkingSupport}, - {ID: "kimi-k2-0905", DisplayName: "Kimi-K2-Instruct-0905", Description: "Moonshot Kimi K2 instruct 0905", Created: 1757030400}, - {ID: "glm-4.6", DisplayName: "GLM-4.6", Description: "Zhipu GLM 4.6 general model", Created: 1759190400, Thinking: iFlowThinkingSupport}, - {ID: "glm-4.7", DisplayName: "GLM-4.7", Description: "Zhipu GLM 4.7 general model", Created: 1766448000, Thinking: iFlowThinkingSupport}, - {ID: "glm-5", DisplayName: "GLM-5", Description: "Zhipu GLM 5 general model", Created: 1770768000, Thinking: iFlowThinkingSupport}, - {ID: "kimi-k2", DisplayName: "Kimi-K2", Description: "Moonshot Kimi K2 general model", Created: 1752192000}, - {ID: "kimi-k2-thinking", DisplayName: "Kimi-K2-Thinking", Description: "Moonshot Kimi K2 thinking model", Created: 1762387200}, - {ID: "deepseek-v3.2-chat", DisplayName: "DeepSeek-V3.2", Description: "DeepSeek V3.2 Chat", Created: 1764576000}, - {ID: "deepseek-v3.2-reasoner", DisplayName: "DeepSeek-V3.2", Description: "DeepSeek V3.2 Reasoner", Created: 1764576000}, - {ID: "deepseek-v3.2", DisplayName: "DeepSeek-V3.2-Exp", Description: "DeepSeek V3.2 experimental", Created: 1759104000, Thinking: iFlowThinkingSupport}, - {ID: "deepseek-v3.1", DisplayName: "DeepSeek-V3.1-Terminus", Description: "DeepSeek V3.1 Terminus", Created: 1756339200, Thinking: iFlowThinkingSupport}, - {ID: "deepseek-r1", DisplayName: "DeepSeek-R1", Description: "DeepSeek reasoning model R1", Created: 1737331200}, - {ID: "deepseek-v3", DisplayName: "DeepSeek-V3-671B", Description: "DeepSeek V3 671B", Created: 1734307200}, - {ID: "qwen3-32b", DisplayName: "Qwen3-32B", Description: "Qwen3 32B", Created: 1747094400}, - {ID: "qwen3-235b-a22b-thinking-2507", DisplayName: "Qwen3-235B-A22B-Thinking", Description: "Qwen3 235B A22B Thinking (2507)", Created: 1753401600}, - {ID: "qwen3-235b-a22b-instruct", DisplayName: "Qwen3-235B-A22B-Instruct", Description: "Qwen3 235B A22B Instruct", Created: 1753401600}, - {ID: "qwen3-235b", DisplayName: "Qwen3-235B-A22B", Description: "Qwen3 235B A22B", Created: 1753401600}, - {ID: "minimax-m2", DisplayName: "MiniMax-M2", Description: "MiniMax M2", Created: 1758672000, Thinking: iFlowThinkingSupport}, - {ID: "minimax-m2.1", DisplayName: "MiniMax-M2.1", Description: "MiniMax M2.1", Created: 1766448000, Thinking: iFlowThinkingSupport}, - {ID: "minimax-m2.5", DisplayName: "MiniMax-M2.5", Description: "MiniMax M2.5", Created: 1770825600, Thinking: iFlowThinkingSupport}, - {ID: "iflow-rome-30ba3b", DisplayName: "iFlow-ROME", Description: "iFlow Rome 30BA3B model", Created: 1736899200}, - {ID: "kimi-k2.5", DisplayName: "Kimi-K2.5", Description: "Moonshot Kimi K2.5", Created: 1769443200, Thinking: iFlowThinkingSupport}, - } - models := make([]*ModelInfo, 0, len(entries)) - for _, entry := range entries { - models = append(models, &ModelInfo{ - ID: entry.ID, - Object: "model", - Created: entry.Created, - OwnedBy: "iflow", - Type: "iflow", - DisplayName: entry.DisplayName, - Description: entry.Description, - Thinking: entry.Thinking, - }) - } - return models -} - -// AntigravityModelConfig captures static antigravity model overrides, including -// Thinking budget limits and provider max completion tokens. -type AntigravityModelConfig struct { - Thinking *ThinkingSupport - MaxCompletionTokens int -} - -// GetAntigravityModelConfig returns static configuration for antigravity models. -// Keys use upstream model names returned by the Antigravity models endpoint. -func GetAntigravityModelConfig() map[string]*AntigravityModelConfig { - return map[string]*AntigravityModelConfig{ - // "rev19-uic3-1p": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}}, - "gemini-2.5-flash": {Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}}, - "gemini-2.5-flash-lite": {Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}}, - "gemini-3-pro-high": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3-pro-image": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3.1-pro-high": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3-flash": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}}, - "claude-opus-4-5-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-opus-4-6-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-sonnet-4-5": {MaxCompletionTokens: 64000}, - "claude-sonnet-4-5-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-sonnet-4-6": {MaxCompletionTokens: 64000}, - "claude-sonnet-4-6-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "gpt-oss-120b-medium": {}, - "tab_flash_lite_preview": {}, - } -} - -// GetKimiModels returns the standard Kimi (Moonshot AI) model definitions -func GetKimiModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "kimi-k2", - Object: "model", - Created: 1752192000, // 2025-07-11 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2", - Description: "Kimi K2 - Moonshot AI's flagship coding model", - ContextLength: 131072, - MaxCompletionTokens: 32768, - }, - { - ID: "kimi-k2-thinking", - Object: "model", - Created: 1762387200, // 2025-11-06 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2 Thinking", - Description: "Kimi K2 Thinking - Extended reasoning model", - ContextLength: 131072, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kimi-k2.5", - Object: "model", - Created: 1769472000, // 2026-01-26 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2.5", - Description: "Kimi K2.5 - Latest Moonshot AI coding model with improved capabilities", - ContextLength: 131072, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} diff --git a/.worktrees/config/m/config-build/active/internal/registry/model_registry.go b/.worktrees/config/m/config-build/active/internal/registry/model_registry.go deleted file mode 100644 index 3fa2a3b5cc..0000000000 --- a/.worktrees/config/m/config-build/active/internal/registry/model_registry.go +++ /dev/null @@ -1,1213 +0,0 @@ -// Package registry provides centralized model management for all AI service providers. -// It implements a dynamic model registry with reference counting to track active clients -// and automatically hide models when no clients are available or when quota is exceeded. -package registry - -import ( - "context" - "fmt" - "sort" - "strings" - "sync" - "time" - - misc "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// ModelInfo represents information about an available model -type ModelInfo struct { - // ID is the unique identifier for the model - ID string `json:"id"` - // Object type for the model (typically "model") - Object string `json:"object"` - // Created timestamp when the model was created - Created int64 `json:"created"` - // OwnedBy indicates the organization that owns the model - OwnedBy string `json:"owned_by"` - // Type indicates the model type (e.g., "claude", "gemini", "openai") - Type string `json:"type"` - // DisplayName is the human-readable name for the model - DisplayName string `json:"display_name,omitempty"` - // Name is used for Gemini-style model names - Name string `json:"name,omitempty"` - // Version is the model version - Version string `json:"version,omitempty"` - // Description provides detailed information about the model - Description string `json:"description,omitempty"` - // InputTokenLimit is the maximum input token limit - InputTokenLimit int `json:"inputTokenLimit,omitempty"` - // OutputTokenLimit is the maximum output token limit - OutputTokenLimit int `json:"outputTokenLimit,omitempty"` - // SupportedGenerationMethods lists supported generation methods - SupportedGenerationMethods []string `json:"supportedGenerationMethods,omitempty"` - // ContextLength is the context window size - ContextLength int `json:"context_length,omitempty"` - // MaxCompletionTokens is the maximum completion tokens - MaxCompletionTokens int `json:"max_completion_tokens,omitempty"` - // SupportedParameters lists supported parameters - SupportedParameters []string `json:"supported_parameters,omitempty"` - // SupportedEndpoints lists supported API endpoints (e.g., "/chat/completions", "/responses"). - SupportedEndpoints []string `json:"supported_endpoints,omitempty"` - - // Thinking holds provider-specific reasoning/thinking budget capabilities. - // This is optional and currently used for Gemini thinking budget normalization. - Thinking *ThinkingSupport `json:"thinking,omitempty"` - - // UserDefined indicates this model was defined through config file's models[] - // array (e.g., openai-compatibility.*.models[], *-api-key.models[]). - // UserDefined models have thinking configuration passed through without validation. - UserDefined bool `json:"-"` -} - -// ThinkingSupport describes a model family's supported internal reasoning budget range. -// Values are interpreted in provider-native token units. -type ThinkingSupport struct { - // Min is the minimum allowed thinking budget (inclusive). - Min int `json:"min,omitempty"` - // Max is the maximum allowed thinking budget (inclusive). - Max int `json:"max,omitempty"` - // ZeroAllowed indicates whether 0 is a valid value (to disable thinking). - ZeroAllowed bool `json:"zero_allowed,omitempty"` - // DynamicAllowed indicates whether -1 is a valid value (dynamic thinking budget). - DynamicAllowed bool `json:"dynamic_allowed,omitempty"` - // Levels defines discrete reasoning effort levels (e.g., "low", "medium", "high"). - // When set, the model uses level-based reasoning instead of token budgets. - Levels []string `json:"levels,omitempty"` -} - -// ModelRegistration tracks a model's availability -type ModelRegistration struct { - // Info contains the model metadata - Info *ModelInfo - // InfoByProvider maps provider identifiers to specific ModelInfo to support differing capabilities. - InfoByProvider map[string]*ModelInfo - // Count is the number of active clients that can provide this model - Count int - // LastUpdated tracks when this registration was last modified - LastUpdated time.Time - // QuotaExceededClients tracks which clients have exceeded quota for this model - QuotaExceededClients map[string]*time.Time - // Providers tracks available clients grouped by provider identifier - Providers map[string]int - // SuspendedClients tracks temporarily disabled clients keyed by client ID - SuspendedClients map[string]string -} - -// ModelRegistryHook provides optional callbacks for external integrations to track model list changes. -// Hook implementations must be non-blocking and resilient; calls are executed asynchronously and panics are recovered. -type ModelRegistryHook interface { - OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) - OnModelsUnregistered(ctx context.Context, provider, clientID string) -} - -// ModelRegistry manages the global registry of available models -type ModelRegistry struct { - // models maps model ID to registration information - models map[string]*ModelRegistration - // clientModels maps client ID to the models it provides - clientModels map[string][]string - // clientModelInfos maps client ID to a map of model ID -> ModelInfo - // This preserves the original model info provided by each client - clientModelInfos map[string]map[string]*ModelInfo - // clientProviders maps client ID to its provider identifier - clientProviders map[string]string - // mutex ensures thread-safe access to the registry - mutex *sync.RWMutex - // hook is an optional callback sink for model registration changes - hook ModelRegistryHook -} - -// Global model registry instance -var globalRegistry *ModelRegistry -var registryOnce sync.Once - -// GetGlobalRegistry returns the global model registry instance -func GetGlobalRegistry() *ModelRegistry { - registryOnce.Do(func() { - globalRegistry = &ModelRegistry{ - models: make(map[string]*ModelRegistration), - clientModels: make(map[string][]string), - clientModelInfos: make(map[string]map[string]*ModelInfo), - clientProviders: make(map[string]string), - mutex: &sync.RWMutex{}, - } - }) - return globalRegistry -} - -// LookupModelInfo searches dynamic registry (provider-specific > global) then static definitions. -func LookupModelInfo(modelID string, provider ...string) *ModelInfo { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - return nil - } - - p := "" - if len(provider) > 0 { - p = strings.ToLower(strings.TrimSpace(provider[0])) - } - - if info := GetGlobalRegistry().GetModelInfo(modelID, p); info != nil { - return info - } - return LookupStaticModelInfo(modelID) -} - -// SetHook sets an optional hook for observing model registration changes. -func (r *ModelRegistry) SetHook(hook ModelRegistryHook) { - if r == nil { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - r.hook = hook -} - -const defaultModelRegistryHookTimeout = 5 * time.Second - -func (r *ModelRegistry) triggerModelsRegistered(provider, clientID string, models []*ModelInfo) { - hook := r.hook - if hook == nil { - return - } - modelsCopy := cloneModelInfosUnique(models) - go func() { - defer func() { - if recovered := recover(); recovered != nil { - log.Errorf("model registry hook OnModelsRegistered panic: %v", recovered) - } - }() - ctx, cancel := context.WithTimeout(context.Background(), defaultModelRegistryHookTimeout) - defer cancel() - hook.OnModelsRegistered(ctx, provider, clientID, modelsCopy) - }() -} - -func (r *ModelRegistry) triggerModelsUnregistered(provider, clientID string) { - hook := r.hook - if hook == nil { - return - } - go func() { - defer func() { - if recovered := recover(); recovered != nil { - log.Errorf("model registry hook OnModelsUnregistered panic: %v", recovered) - } - }() - ctx, cancel := context.WithTimeout(context.Background(), defaultModelRegistryHookTimeout) - defer cancel() - hook.OnModelsUnregistered(ctx, provider, clientID) - }() -} - -// RegisterClient registers a client and its supported models -// Parameters: -// - clientID: Unique identifier for the client -// - clientProvider: Provider name (e.g., "gemini", "claude", "openai") -// - models: List of models that this client can provide -func (r *ModelRegistry) RegisterClient(clientID, clientProvider string, models []*ModelInfo) { - r.mutex.Lock() - defer r.mutex.Unlock() - - provider := strings.ToLower(clientProvider) - uniqueModelIDs := make([]string, 0, len(models)) - rawModelIDs := make([]string, 0, len(models)) - newModels := make(map[string]*ModelInfo, len(models)) - newCounts := make(map[string]int, len(models)) - for _, model := range models { - if model == nil || model.ID == "" { - continue - } - rawModelIDs = append(rawModelIDs, model.ID) - newCounts[model.ID]++ - if _, exists := newModels[model.ID]; exists { - continue - } - newModels[model.ID] = model - uniqueModelIDs = append(uniqueModelIDs, model.ID) - } - - if len(uniqueModelIDs) == 0 { - // No models supplied; unregister existing client state if present. - r.unregisterClientInternal(clientID) - delete(r.clientModels, clientID) - delete(r.clientModelInfos, clientID) - delete(r.clientProviders, clientID) - misc.LogCredentialSeparator() - return - } - - now := time.Now() - - oldModels, hadExisting := r.clientModels[clientID] - oldProvider := r.clientProviders[clientID] - providerChanged := oldProvider != provider - if !hadExisting { - // Pure addition path. - for _, modelID := range rawModelIDs { - model := newModels[modelID] - r.addModelRegistration(modelID, provider, model, now) - } - r.clientModels[clientID] = append([]string(nil), rawModelIDs...) - // Store client's own model infos - clientInfos := make(map[string]*ModelInfo, len(newModels)) - for id, m := range newModels { - clientInfos[id] = cloneModelInfo(m) - } - r.clientModelInfos[clientID] = clientInfos - if provider != "" { - r.clientProviders[clientID] = provider - } else { - delete(r.clientProviders, clientID) - } - r.triggerModelsRegistered(provider, clientID, models) - log.Debugf("Registered client %s from provider %s with %d models", clientID, clientProvider, len(rawModelIDs)) - misc.LogCredentialSeparator() - return - } - - oldCounts := make(map[string]int, len(oldModels)) - for _, id := range oldModels { - oldCounts[id]++ - } - - added := make([]string, 0) - for _, id := range uniqueModelIDs { - if oldCounts[id] == 0 { - added = append(added, id) - } - } - - removed := make([]string, 0) - for id := range oldCounts { - if newCounts[id] == 0 { - removed = append(removed, id) - } - } - - // Handle provider change for overlapping models before modifications. - if providerChanged && oldProvider != "" { - for id, newCount := range newCounts { - if newCount == 0 { - continue - } - oldCount := oldCounts[id] - if oldCount == 0 { - continue - } - toRemove := newCount - if oldCount < toRemove { - toRemove = oldCount - } - if reg, ok := r.models[id]; ok && reg.Providers != nil { - if count, okProv := reg.Providers[oldProvider]; okProv { - if count <= toRemove { - delete(reg.Providers, oldProvider) - if reg.InfoByProvider != nil { - delete(reg.InfoByProvider, oldProvider) - } - } else { - reg.Providers[oldProvider] = count - toRemove - } - } - } - } - } - - // Apply removals first to keep counters accurate. - for _, id := range removed { - oldCount := oldCounts[id] - for i := 0; i < oldCount; i++ { - r.removeModelRegistration(clientID, id, oldProvider, now) - } - } - - for id, oldCount := range oldCounts { - newCount := newCounts[id] - if newCount == 0 || oldCount <= newCount { - continue - } - overage := oldCount - newCount - for i := 0; i < overage; i++ { - r.removeModelRegistration(clientID, id, oldProvider, now) - } - } - - // Apply additions. - for id, newCount := range newCounts { - oldCount := oldCounts[id] - if newCount <= oldCount { - continue - } - model := newModels[id] - diff := newCount - oldCount - for i := 0; i < diff; i++ { - r.addModelRegistration(id, provider, model, now) - } - } - - // Update metadata for models that remain associated with the client. - addedSet := make(map[string]struct{}, len(added)) - for _, id := range added { - addedSet[id] = struct{}{} - } - for _, id := range uniqueModelIDs { - model := newModels[id] - if reg, ok := r.models[id]; ok { - reg.Info = cloneModelInfo(model) - if provider != "" { - if reg.InfoByProvider == nil { - reg.InfoByProvider = make(map[string]*ModelInfo) - } - reg.InfoByProvider[provider] = cloneModelInfo(model) - } - reg.LastUpdated = now - if reg.QuotaExceededClients != nil { - delete(reg.QuotaExceededClients, clientID) - } - if reg.SuspendedClients != nil { - delete(reg.SuspendedClients, clientID) - } - if providerChanged && provider != "" { - if _, newlyAdded := addedSet[id]; newlyAdded { - continue - } - overlapCount := newCounts[id] - if oldCount := oldCounts[id]; oldCount < overlapCount { - overlapCount = oldCount - } - if overlapCount <= 0 { - continue - } - if reg.Providers == nil { - reg.Providers = make(map[string]int) - } - reg.Providers[provider] += overlapCount - } - } - } - - // Update client bookkeeping. - if len(rawModelIDs) > 0 { - r.clientModels[clientID] = append([]string(nil), rawModelIDs...) - } - // Update client's own model infos - clientInfos := make(map[string]*ModelInfo, len(newModels)) - for id, m := range newModels { - clientInfos[id] = cloneModelInfo(m) - } - r.clientModelInfos[clientID] = clientInfos - if provider != "" { - r.clientProviders[clientID] = provider - } else { - delete(r.clientProviders, clientID) - } - - r.triggerModelsRegistered(provider, clientID, models) - if len(added) == 0 && len(removed) == 0 && !providerChanged { - // Only metadata (e.g., display name) changed; skip separator when no log output. - return - } - - log.Debugf("Reconciled client %s (provider %s) models: +%d, -%d", clientID, provider, len(added), len(removed)) - misc.LogCredentialSeparator() -} - -func (r *ModelRegistry) addModelRegistration(modelID, provider string, model *ModelInfo, now time.Time) { - if model == nil || modelID == "" { - return - } - if existing, exists := r.models[modelID]; exists { - existing.Count++ - existing.LastUpdated = now - existing.Info = cloneModelInfo(model) - if existing.SuspendedClients == nil { - existing.SuspendedClients = make(map[string]string) - } - if existing.InfoByProvider == nil { - existing.InfoByProvider = make(map[string]*ModelInfo) - } - if provider != "" { - if existing.Providers == nil { - existing.Providers = make(map[string]int) - } - existing.Providers[provider]++ - existing.InfoByProvider[provider] = cloneModelInfo(model) - } - log.Debugf("Incremented count for model %s, now %d clients", modelID, existing.Count) - return - } - - registration := &ModelRegistration{ - Info: cloneModelInfo(model), - InfoByProvider: make(map[string]*ModelInfo), - Count: 1, - LastUpdated: now, - QuotaExceededClients: make(map[string]*time.Time), - SuspendedClients: make(map[string]string), - } - if provider != "" { - registration.Providers = map[string]int{provider: 1} - registration.InfoByProvider[provider] = cloneModelInfo(model) - } - r.models[modelID] = registration - log.Debugf("Registered new model %s from provider %s", modelID, provider) -} - -func (r *ModelRegistry) removeModelRegistration(clientID, modelID, provider string, now time.Time) { - registration, exists := r.models[modelID] - if !exists { - return - } - registration.Count-- - registration.LastUpdated = now - if registration.QuotaExceededClients != nil { - delete(registration.QuotaExceededClients, clientID) - } - if registration.SuspendedClients != nil { - delete(registration.SuspendedClients, clientID) - } - if registration.Count < 0 { - registration.Count = 0 - } - if provider != "" && registration.Providers != nil { - if count, ok := registration.Providers[provider]; ok { - if count <= 1 { - delete(registration.Providers, provider) - if registration.InfoByProvider != nil { - delete(registration.InfoByProvider, provider) - } - } else { - registration.Providers[provider] = count - 1 - } - } - } - log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count) - if registration.Count <= 0 { - delete(r.models, modelID) - log.Debugf("Removed model %s as no clients remain", modelID) - } -} - -func cloneModelInfo(model *ModelInfo) *ModelInfo { - if model == nil { - return nil - } - copyModel := *model - if len(model.SupportedGenerationMethods) > 0 { - copyModel.SupportedGenerationMethods = append([]string(nil), model.SupportedGenerationMethods...) - } - if len(model.SupportedParameters) > 0 { - copyModel.SupportedParameters = append([]string(nil), model.SupportedParameters...) - } - if len(model.SupportedEndpoints) > 0 { - copyModel.SupportedEndpoints = append([]string(nil), model.SupportedEndpoints...) - } - return ©Model -} - -func cloneModelInfosUnique(models []*ModelInfo) []*ModelInfo { - if len(models) == 0 { - return nil - } - cloned := make([]*ModelInfo, 0, len(models)) - seen := make(map[string]struct{}, len(models)) - for _, model := range models { - if model == nil || model.ID == "" { - continue - } - if _, exists := seen[model.ID]; exists { - continue - } - seen[model.ID] = struct{}{} - cloned = append(cloned, cloneModelInfo(model)) - } - return cloned -} - -// UnregisterClient removes a client and decrements counts for its models -// Parameters: -// - clientID: Unique identifier for the client to remove -func (r *ModelRegistry) UnregisterClient(clientID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - r.unregisterClientInternal(clientID) -} - -// unregisterClientInternal performs the actual client unregistration (internal, no locking) -func (r *ModelRegistry) unregisterClientInternal(clientID string) { - models, exists := r.clientModels[clientID] - provider, hasProvider := r.clientProviders[clientID] - if !exists { - if hasProvider { - delete(r.clientProviders, clientID) - } - return - } - - now := time.Now() - for _, modelID := range models { - if registration, isExists := r.models[modelID]; isExists { - registration.Count-- - registration.LastUpdated = now - - // Remove quota tracking for this client - delete(registration.QuotaExceededClients, clientID) - if registration.SuspendedClients != nil { - delete(registration.SuspendedClients, clientID) - } - - if hasProvider && registration.Providers != nil { - if count, ok := registration.Providers[provider]; ok { - if count <= 1 { - delete(registration.Providers, provider) - if registration.InfoByProvider != nil { - delete(registration.InfoByProvider, provider) - } - } else { - registration.Providers[provider] = count - 1 - } - } - } - - log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count) - - // Remove model if no clients remain - if registration.Count <= 0 { - delete(r.models, modelID) - log.Debugf("Removed model %s as no clients remain", modelID) - } - } - } - - delete(r.clientModels, clientID) - delete(r.clientModelInfos, clientID) - if hasProvider { - delete(r.clientProviders, clientID) - } - log.Debugf("Unregistered client %s", clientID) - // Separator line after completing client unregistration (after the summary line) - misc.LogCredentialSeparator() - r.triggerModelsUnregistered(provider, clientID) -} - -// SetModelQuotaExceeded marks a model as quota exceeded for a specific client -// Parameters: -// - clientID: The client that exceeded quota -// - modelID: The model that exceeded quota -func (r *ModelRegistry) SetModelQuotaExceeded(clientID, modelID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - - if registration, exists := r.models[modelID]; exists { - registration.QuotaExceededClients[clientID] = new(time.Now()) - log.Debugf("Marked model %s as quota exceeded for client %s", modelID, clientID) - } -} - -// ClearModelQuotaExceeded removes quota exceeded status for a model and client -// Parameters: -// - clientID: The client to clear quota status for -// - modelID: The model to clear quota status for -func (r *ModelRegistry) ClearModelQuotaExceeded(clientID, modelID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - - if registration, exists := r.models[modelID]; exists { - delete(registration.QuotaExceededClients, clientID) - // log.Debugf("Cleared quota exceeded status for model %s and client %s", modelID, clientID) - } -} - -// SuspendClientModel marks a client's model as temporarily unavailable until explicitly resumed. -// Parameters: -// - clientID: The client to suspend -// - modelID: The model affected by the suspension -// - reason: Optional description for observability -func (r *ModelRegistry) SuspendClientModel(clientID, modelID, reason string) { - if clientID == "" || modelID == "" { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil { - return - } - if registration.SuspendedClients == nil { - registration.SuspendedClients = make(map[string]string) - } - if _, already := registration.SuspendedClients[clientID]; already { - return - } - registration.SuspendedClients[clientID] = reason - registration.LastUpdated = time.Now() - if reason != "" { - log.Debugf("Suspended client %s for model %s: %s", clientID, modelID, reason) - } else { - log.Debugf("Suspended client %s for model %s", clientID, modelID) - } -} - -// ResumeClientModel clears a previous suspension so the client counts toward availability again. -// Parameters: -// - clientID: The client to resume -// - modelID: The model being resumed -func (r *ModelRegistry) ResumeClientModel(clientID, modelID string) { - if clientID == "" || modelID == "" { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil || registration.SuspendedClients == nil { - return - } - if _, ok := registration.SuspendedClients[clientID]; !ok { - return - } - delete(registration.SuspendedClients, clientID) - registration.LastUpdated = time.Now() - log.Debugf("Resumed client %s for model %s", clientID, modelID) -} - -// ClientSupportsModel reports whether the client registered support for modelID. -func (r *ModelRegistry) ClientSupportsModel(clientID, modelID string) bool { - clientID = strings.TrimSpace(clientID) - modelID = strings.TrimSpace(modelID) - if clientID == "" || modelID == "" { - return false - } - - r.mutex.RLock() - defer r.mutex.RUnlock() - - models, exists := r.clientModels[clientID] - if !exists || len(models) == 0 { - return false - } - - for _, id := range models { - if strings.EqualFold(strings.TrimSpace(id), modelID) { - return true - } - } - - return false -} - -// GetAvailableModels returns all models that have at least one available client -// Parameters: -// - handlerType: The handler type to filter models for (e.g., "openai", "claude", "gemini") -// -// Returns: -// - []map[string]any: List of available models in the requested format -func (r *ModelRegistry) GetAvailableModels(handlerType string) []map[string]any { - r.mutex.RLock() - defer r.mutex.RUnlock() - - models := make([]map[string]any, 0) - quotaExpiredDuration := 5 * time.Minute - - for _, registration := range r.models { - // Check if model has any non-quota-exceeded clients - availableClients := registration.Count - now := time.Now() - - // Count clients that have exceeded quota but haven't recovered yet - expiredClients := 0 - for _, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - - cooldownSuspended := 0 - otherSuspended := 0 - if registration.SuspendedClients != nil { - for _, reason := range registration.SuspendedClients { - if strings.EqualFold(reason, "quota") { - cooldownSuspended++ - continue - } - otherSuspended++ - } - } - - effectiveClients := availableClients - expiredClients - otherSuspended - if effectiveClients < 0 { - effectiveClients = 0 - } - - // Include models that have available clients, or those solely cooling down. - if effectiveClients > 0 || (availableClients > 0 && (expiredClients > 0 || cooldownSuspended > 0) && otherSuspended == 0) { - model := r.convertModelToMap(registration.Info, handlerType) - if model != nil { - models = append(models, model) - } - } - } - - return models -} - -// GetAvailableModelsByProvider returns models available for the given provider identifier. -// Parameters: -// - provider: Provider identifier (e.g., "codex", "gemini", "antigravity") -// -// Returns: -// - []*ModelInfo: List of available models for the provider -func (r *ModelRegistry) GetAvailableModelsByProvider(provider string) []*ModelInfo { - provider = strings.ToLower(strings.TrimSpace(provider)) - if provider == "" { - return nil - } - - r.mutex.RLock() - defer r.mutex.RUnlock() - - type providerModel struct { - count int - info *ModelInfo - } - - providerModels := make(map[string]*providerModel) - - for clientID, clientProvider := range r.clientProviders { - if clientProvider != provider { - continue - } - modelIDs := r.clientModels[clientID] - if len(modelIDs) == 0 { - continue - } - clientInfos := r.clientModelInfos[clientID] - for _, modelID := range modelIDs { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - continue - } - entry := providerModels[modelID] - if entry == nil { - entry = &providerModel{} - providerModels[modelID] = entry - } - entry.count++ - if entry.info == nil { - if clientInfos != nil { - if info := clientInfos[modelID]; info != nil { - entry.info = info - } - } - if entry.info == nil { - if reg, ok := r.models[modelID]; ok && reg != nil && reg.Info != nil { - entry.info = reg.Info - } - } - } - } - } - - if len(providerModels) == 0 { - return nil - } - - quotaExpiredDuration := 5 * time.Minute - now := time.Now() - result := make([]*ModelInfo, 0, len(providerModels)) - - for modelID, entry := range providerModels { - if entry == nil || entry.count <= 0 { - continue - } - registration, ok := r.models[modelID] - - expiredClients := 0 - cooldownSuspended := 0 - otherSuspended := 0 - if ok && registration != nil { - if registration.QuotaExceededClients != nil { - for clientID, quotaTime := range registration.QuotaExceededClients { - if clientID == "" { - continue - } - if p, okProvider := r.clientProviders[clientID]; !okProvider || p != provider { - continue - } - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - } - if registration.SuspendedClients != nil { - for clientID, reason := range registration.SuspendedClients { - if clientID == "" { - continue - } - if p, okProvider := r.clientProviders[clientID]; !okProvider || p != provider { - continue - } - if strings.EqualFold(reason, "quota") { - cooldownSuspended++ - continue - } - otherSuspended++ - } - } - } - - availableClients := entry.count - effectiveClients := availableClients - expiredClients - otherSuspended - if effectiveClients < 0 { - effectiveClients = 0 - } - - if effectiveClients > 0 || (availableClients > 0 && (expiredClients > 0 || cooldownSuspended > 0) && otherSuspended == 0) { - if entry.info != nil { - result = append(result, entry.info) - continue - } - if ok && registration != nil && registration.Info != nil { - result = append(result, registration.Info) - } - } - } - - return result -} - -// GetModelCount returns the number of available clients for a specific model -// Parameters: -// - modelID: The model ID to check -// -// Returns: -// - int: Number of available clients for the model -func (r *ModelRegistry) GetModelCount(modelID string) int { - r.mutex.RLock() - defer r.mutex.RUnlock() - - if registration, exists := r.models[modelID]; exists { - now := time.Now() - quotaExpiredDuration := 5 * time.Minute - - // Count clients that have exceeded quota but haven't recovered yet - expiredClients := 0 - for _, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - suspendedClients := 0 - if registration.SuspendedClients != nil { - suspendedClients = len(registration.SuspendedClients) - } - result := registration.Count - expiredClients - suspendedClients - if result < 0 { - return 0 - } - return result - } - return 0 -} - -// GetModelProviders returns provider identifiers that currently supply the given model -// Parameters: -// - modelID: The model ID to check -// -// Returns: -// - []string: Provider identifiers ordered by availability count (descending) -func (r *ModelRegistry) GetModelProviders(modelID string) []string { - r.mutex.RLock() - defer r.mutex.RUnlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil || len(registration.Providers) == 0 { - return nil - } - - type providerCount struct { - name string - count int - } - providers := make([]providerCount, 0, len(registration.Providers)) - // suspendedByProvider := make(map[string]int) - // if registration.SuspendedClients != nil { - // for clientID := range registration.SuspendedClients { - // if provider, ok := r.clientProviders[clientID]; ok && provider != "" { - // suspendedByProvider[provider]++ - // } - // } - // } - for name, count := range registration.Providers { - if count <= 0 { - continue - } - // adjusted := count - suspendedByProvider[name] - // if adjusted <= 0 { - // continue - // } - // providers = append(providers, providerCount{name: name, count: adjusted}) - providers = append(providers, providerCount{name: name, count: count}) - } - if len(providers) == 0 { - return nil - } - - sort.Slice(providers, func(i, j int) bool { - if providers[i].count == providers[j].count { - return providers[i].name < providers[j].name - } - return providers[i].count > providers[j].count - }) - - result := make([]string, 0, len(providers)) - for _, item := range providers { - result = append(result, item.name) - } - return result -} - -// GetModelInfo returns ModelInfo, prioritizing provider-specific definition if available. -func (r *ModelRegistry) GetModelInfo(modelID, provider string) *ModelInfo { - r.mutex.RLock() - defer r.mutex.RUnlock() - if reg, ok := r.models[modelID]; ok && reg != nil { - // Try provider specific definition first - if provider != "" && reg.InfoByProvider != nil { - if reg.Providers != nil { - if count, ok := reg.Providers[provider]; ok && count > 0 { - if info, ok := reg.InfoByProvider[provider]; ok && info != nil { - return info - } - } - } - } - // Fallback to global info (last registered) - return reg.Info - } - return nil -} - -// convertModelToMap converts ModelInfo to the appropriate format for different handler types -func (r *ModelRegistry) convertModelToMap(model *ModelInfo, handlerType string) map[string]any { - if model == nil { - return nil - } - - switch handlerType { - case "openai": - result := map[string]any{ - "id": model.ID, - "object": "model", - "owned_by": model.OwnedBy, - } - if model.Created > 0 { - result["created"] = model.Created - } - if model.Type != "" { - result["type"] = model.Type - } - if model.DisplayName != "" { - result["display_name"] = model.DisplayName - } - if model.Version != "" { - result["version"] = model.Version - } - if model.Description != "" { - result["description"] = model.Description - } - if model.ContextLength > 0 { - result["context_length"] = model.ContextLength - } - if model.MaxCompletionTokens > 0 { - result["max_completion_tokens"] = model.MaxCompletionTokens - } - if len(model.SupportedParameters) > 0 { - result["supported_parameters"] = model.SupportedParameters - } - if len(model.SupportedEndpoints) > 0 { - result["supported_endpoints"] = model.SupportedEndpoints - } - return result - - case "claude", "kiro", "antigravity": - // Claude, Kiro, and Antigravity all use Claude-compatible format for Claude Code client - result := map[string]any{ - "id": model.ID, - "object": "model", - "owned_by": model.OwnedBy, - } - if model.Created > 0 { - result["created_at"] = model.Created - } - if model.Type != "" { - result["type"] = "model" - } - if model.DisplayName != "" { - result["display_name"] = model.DisplayName - } - // Add thinking support for Claude Code client - // Claude Code checks for "thinking" field (simple boolean) to enable tab toggle - // Also add "extended_thinking" for detailed budget info - if model.Thinking != nil { - result["thinking"] = true - result["extended_thinking"] = map[string]any{ - "supported": true, - "min": model.Thinking.Min, - "max": model.Thinking.Max, - "zero_allowed": model.Thinking.ZeroAllowed, - "dynamic_allowed": model.Thinking.DynamicAllowed, - } - } - return result - - case "gemini": - result := map[string]any{} - if model.Name != "" { - result["name"] = model.Name - } else { - result["name"] = model.ID - } - if model.Version != "" { - result["version"] = model.Version - } - if model.DisplayName != "" { - result["displayName"] = model.DisplayName - } - if model.Description != "" { - result["description"] = model.Description - } - if model.InputTokenLimit > 0 { - result["inputTokenLimit"] = model.InputTokenLimit - } - if model.OutputTokenLimit > 0 { - result["outputTokenLimit"] = model.OutputTokenLimit - } - if len(model.SupportedGenerationMethods) > 0 { - result["supportedGenerationMethods"] = model.SupportedGenerationMethods - } - return result - - default: - // Generic format - result := map[string]any{ - "id": model.ID, - "object": "model", - } - if model.OwnedBy != "" { - result["owned_by"] = model.OwnedBy - } - if model.Type != "" { - result["type"] = model.Type - } - if model.Created != 0 { - result["created"] = model.Created - } - return result - } -} - -// CleanupExpiredQuotas removes expired quota tracking entries -func (r *ModelRegistry) CleanupExpiredQuotas() { - r.mutex.Lock() - defer r.mutex.Unlock() - - now := time.Now() - quotaExpiredDuration := 5 * time.Minute - - for modelID, registration := range r.models { - for clientID, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) >= quotaExpiredDuration { - delete(registration.QuotaExceededClients, clientID) - log.Debugf("Cleaned up expired quota tracking for model %s, client %s", modelID, clientID) - } - } - } -} - -// GetFirstAvailableModel returns the first available model for the given handler type. -// It prioritizes models by their creation timestamp (newest first) and checks if they have -// available clients that are not suspended or over quota. -// -// Parameters: -// - handlerType: The API handler type (e.g., "openai", "claude", "gemini") -// -// Returns: -// - string: The model ID of the first available model, or empty string if none available -// - error: An error if no models are available -func (r *ModelRegistry) GetFirstAvailableModel(handlerType string) (string, error) { - r.mutex.RLock() - defer r.mutex.RUnlock() - - // Get all available models for this handler type - models := r.GetAvailableModels(handlerType) - if len(models) == 0 { - return "", fmt.Errorf("no models available for handler type: %s", handlerType) - } - - // Sort models by creation timestamp (newest first) - sort.Slice(models, func(i, j int) bool { - // Extract created timestamps from map - createdI, okI := models[i]["created"].(int64) - createdJ, okJ := models[j]["created"].(int64) - if !okI || !okJ { - return false - } - return createdI > createdJ - }) - - // Find the first model with available clients - for _, model := range models { - if modelID, ok := model["id"].(string); ok { - if count := r.GetModelCount(modelID); count > 0 { - return modelID, nil - } - } - } - - return "", fmt.Errorf("no available clients for any model in handler type: %s", handlerType) -} - -// GetModelsForClient returns the models registered for a specific client. -// Parameters: -// - clientID: The client identifier (typically auth file name or auth ID) -// -// Returns: -// - []*ModelInfo: List of models registered for this client, nil if client not found -func (r *ModelRegistry) GetModelsForClient(clientID string) []*ModelInfo { - r.mutex.RLock() - defer r.mutex.RUnlock() - - modelIDs, exists := r.clientModels[clientID] - if !exists || len(modelIDs) == 0 { - return nil - } - - // Try to use client-specific model infos first - clientInfos := r.clientModelInfos[clientID] - - seen := make(map[string]struct{}) - result := make([]*ModelInfo, 0, len(modelIDs)) - for _, modelID := range modelIDs { - if _, dup := seen[modelID]; dup { - continue - } - seen[modelID] = struct{}{} - - // Prefer client's own model info to preserve original type/owned_by - if clientInfos != nil { - if info, ok := clientInfos[modelID]; ok && info != nil { - result = append(result, info) - continue - } - } - // Fallback to global registry (for backwards compatibility) - if reg, ok := r.models[modelID]; ok && reg.Info != nil { - result = append(result, reg.Info) - } - } - return result -} diff --git a/.worktrees/config/m/config-build/active/internal/registry/model_registry_hook_test.go b/.worktrees/config/m/config-build/active/internal/registry/model_registry_hook_test.go deleted file mode 100644 index 70226b9eaf..0000000000 --- a/.worktrees/config/m/config-build/active/internal/registry/model_registry_hook_test.go +++ /dev/null @@ -1,204 +0,0 @@ -package registry - -import ( - "context" - "sync" - "testing" - "time" -) - -func newTestModelRegistry() *ModelRegistry { - return &ModelRegistry{ - models: make(map[string]*ModelRegistration), - clientModels: make(map[string][]string), - clientModelInfos: make(map[string]map[string]*ModelInfo), - clientProviders: make(map[string]string), - mutex: &sync.RWMutex{}, - } -} - -type registeredCall struct { - provider string - clientID string - models []*ModelInfo -} - -type unregisteredCall struct { - provider string - clientID string -} - -type capturingHook struct { - registeredCh chan registeredCall - unregisteredCh chan unregisteredCall -} - -func (h *capturingHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - h.registeredCh <- registeredCall{provider: provider, clientID: clientID, models: models} -} - -func (h *capturingHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) { - h.unregisteredCh <- unregisteredCall{provider: provider, clientID: clientID} -} - -func TestModelRegistryHook_OnModelsRegisteredCalled(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - inputModels := []*ModelInfo{ - {ID: "m1", DisplayName: "Model One"}, - {ID: "m2", DisplayName: "Model Two"}, - } - r.RegisterClient("client-1", "OpenAI", inputModels) - - select { - case call := <-hook.registeredCh: - if call.provider != "openai" { - t.Fatalf("provider mismatch: got %q, want %q", call.provider, "openai") - } - if call.clientID != "client-1" { - t.Fatalf("clientID mismatch: got %q, want %q", call.clientID, "client-1") - } - if len(call.models) != 2 { - t.Fatalf("models length mismatch: got %d, want %d", len(call.models), 2) - } - if call.models[0] == nil || call.models[0].ID != "m1" { - t.Fatalf("models[0] mismatch: got %#v, want ID=%q", call.models[0], "m1") - } - if call.models[1] == nil || call.models[1].ID != "m2" { - t.Fatalf("models[1] mismatch: got %#v, want ID=%q", call.models[1], "m2") - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } -} - -func TestModelRegistryHook_OnModelsUnregisteredCalled(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - select { - case <-hook.registeredCh: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - r.UnregisterClient("client-1") - - select { - case call := <-hook.unregisteredCh: - if call.provider != "openai" { - t.Fatalf("provider mismatch: got %q, want %q", call.provider, "openai") - } - if call.clientID != "client-1" { - t.Fatalf("clientID mismatch: got %q, want %q", call.clientID, "client-1") - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsUnregistered hook call") - } -} - -type blockingHook struct { - started chan struct{} - unblock chan struct{} -} - -func (h *blockingHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - select { - case <-h.started: - default: - close(h.started) - } - <-h.unblock -} - -func (h *blockingHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) {} - -func TestModelRegistryHook_DoesNotBlockRegisterClient(t *testing.T) { - r := newTestModelRegistry() - hook := &blockingHook{ - started: make(chan struct{}), - unblock: make(chan struct{}), - } - r.SetHook(hook) - defer close(hook.unblock) - - done := make(chan struct{}) - go func() { - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - close(done) - }() - - select { - case <-hook.started: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for hook to start") - } - - select { - case <-done: - case <-time.After(200 * time.Millisecond): - t.Fatal("RegisterClient appears to be blocked by hook") - } - - if !r.ClientSupportsModel("client-1", "m1") { - t.Fatal("model registration failed; expected client to support model") - } -} - -type panicHook struct { - registeredCalled chan struct{} - unregisteredCalled chan struct{} -} - -func (h *panicHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - if h.registeredCalled != nil { - h.registeredCalled <- struct{}{} - } - panic("boom") -} - -func (h *panicHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) { - if h.unregisteredCalled != nil { - h.unregisteredCalled <- struct{}{} - } - panic("boom") -} - -func TestModelRegistryHook_PanicDoesNotAffectRegistry(t *testing.T) { - r := newTestModelRegistry() - hook := &panicHook{ - registeredCalled: make(chan struct{}, 1), - unregisteredCalled: make(chan struct{}, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - - select { - case <-hook.registeredCalled: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - if !r.ClientSupportsModel("client-1", "m1") { - t.Fatal("model registration failed; expected client to support model") - } - - r.UnregisterClient("client-1") - - select { - case <-hook.unregisteredCalled: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsUnregistered hook call") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/aistudio_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/aistudio_executor.go deleted file mode 100644 index b1e23860cf..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/aistudio_executor.go +++ /dev/null @@ -1,493 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the AI Studio executor that routes requests through a websocket-backed -// transport for the AI Studio provider. -package executor - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/wsrelay" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AIStudioExecutor routes AI Studio requests through a websocket-backed transport. -type AIStudioExecutor struct { - provider string - relay *wsrelay.Manager - cfg *config.Config -} - -// NewAIStudioExecutor creates a new AI Studio executor instance. -// -// Parameters: -// - cfg: The application configuration -// - provider: The provider name -// - relay: The websocket relay manager -// -// Returns: -// - *AIStudioExecutor: A new AI Studio executor instance -func NewAIStudioExecutor(cfg *config.Config, provider string, relay *wsrelay.Manager) *AIStudioExecutor { - return &AIStudioExecutor{provider: strings.ToLower(provider), relay: relay, cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AIStudioExecutor) Identifier() string { return "aistudio" } - -// PrepareRequest prepares the HTTP request for execution (no-op for AI Studio). -func (e *AIStudioExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { - return nil -} - -// HttpRequest forwards an arbitrary HTTP request through the websocket relay. -func (e *AIStudioExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("aistudio executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - if e.relay == nil { - return nil, fmt.Errorf("aistudio executor: ws relay is nil") - } - if auth == nil || auth.ID == "" { - return nil, fmt.Errorf("aistudio executor: missing auth") - } - httpReq := req.WithContext(ctx) - if httpReq.URL == nil || strings.TrimSpace(httpReq.URL.String()) == "" { - return nil, fmt.Errorf("aistudio executor: request URL is empty") - } - - var body []byte - if httpReq.Body != nil { - b, errRead := io.ReadAll(httpReq.Body) - if errRead != nil { - return nil, errRead - } - body = b - httpReq.Body = io.NopCloser(bytes.NewReader(b)) - } - - wsReq := &wsrelay.HTTPRequest{ - Method: httpReq.Method, - URL: httpReq.URL.String(), - Headers: httpReq.Header.Clone(), - Body: body, - } - wsResp, errRelay := e.relay.NonStream(ctx, auth.ID, wsReq) - if errRelay != nil { - return nil, errRelay - } - if wsResp == nil { - return nil, fmt.Errorf("aistudio executor: ws response is nil") - } - - statusText := http.StatusText(wsResp.Status) - if statusText == "" { - statusText = "Unknown" - } - resp := &http.Response{ - StatusCode: wsResp.Status, - Status: fmt.Sprintf("%d %s", wsResp.Status, statusText), - Header: wsResp.Headers.Clone(), - Body: io.NopCloser(bytes.NewReader(wsResp.Body)), - ContentLength: int64(len(wsResp.Body)), - Request: httpReq, - } - return resp, nil -} - -// Execute performs a non-streaming request to the AI Studio API. -func (e *AIStudioExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, false) - if err != nil { - return resp, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - wsResp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, wsResp.Status, wsResp.Headers.Clone()) - if len(wsResp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, wsResp.Body) - } - if wsResp.Status < 200 || wsResp.Status >= 300 { - return resp, statusErr{code: wsResp.Status, msg: string(wsResp.Body)} - } - reporter.publish(ctx, parseGeminiUsage(wsResp.Body)) - var param any - out := sdktranslator.TranslateNonStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, wsResp.Body, ¶m) - resp = cliproxyexecutor.Response{Payload: ensureColonSpacedJSON([]byte(out)), Headers: wsResp.Headers.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the AI Studio API. -func (e *AIStudioExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, true) - if err != nil { - return nil, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - wsStream, err := e.relay.Stream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - firstEvent, ok := <-wsStream - if !ok { - err = fmt.Errorf("wsrelay: stream closed before start") - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - if firstEvent.Status > 0 && firstEvent.Status != http.StatusOK { - metadataLogged := false - if firstEvent.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, firstEvent.Status, firstEvent.Headers.Clone()) - metadataLogged = true - } - var body bytes.Buffer - if len(firstEvent.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, firstEvent.Payload) - body.Write(firstEvent.Payload) - } - if firstEvent.Type == wsrelay.MessageTypeStreamEnd { - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - for event := range wsStream { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - if body.Len() == 0 { - body.WriteString(event.Err.Error()) - } - break - } - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - body.Write(event.Payload) - } - if event.Type == wsrelay.MessageTypeStreamEnd { - break - } - } - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - out := make(chan cliproxyexecutor.StreamChunk) - go func(first wsrelay.StreamEvent) { - defer close(out) - var param any - metadataLogged := false - processEvent := func(event wsrelay.StreamEvent) bool { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - switch event.Type { - case wsrelay.MessageTypeStreamStart: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - case wsrelay.MessageTypeStreamChunk: - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - filtered := FilterSSEUsageMetadata(event.Payload) - if detail, ok := parseGeminiStreamUsage(filtered); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, filtered, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - break - } - case wsrelay.MessageTypeStreamEnd: - return false - case wsrelay.MessageTypeHTTPResp: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, event.Payload, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - reporter.publish(ctx, parseGeminiUsage(event.Payload)) - return false - case wsrelay.MessageTypeError: - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - return true - } - if !processEvent(first) { - return - } - for event := range wsStream { - if !processEvent(event) { - return - } - } - }(firstEvent) - return &cliproxyexecutor.StreamResult{Headers: firstEvent.Headers.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the AI Studio API. -func (e *AIStudioExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - _, body, err := e.translateRequest(req, opts, false) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body.payload, _ = sjson.DeleteBytes(body.payload, "generationConfig") - body.payload, _ = sjson.DeleteBytes(body.payload, "tools") - body.payload, _ = sjson.DeleteBytes(body.payload, "safetySettings") - - endpoint := e.buildEndpoint(baseModel, "countTokens", "") - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - resp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.Status, resp.Headers.Clone()) - if len(resp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, resp.Body) - } - if resp.Status < 200 || resp.Status >= 300 { - return cliproxyexecutor.Response{}, statusErr{code: resp.Status, msg: string(resp.Body)} - } - totalTokens := gjson.GetBytes(resp.Body, "totalTokens").Int() - if totalTokens <= 0 { - return cliproxyexecutor.Response{}, fmt.Errorf("wsrelay: totalTokens missing in response") - } - translated := sdktranslator.TranslateTokenCount(ctx, body.toFormat, opts.SourceFormat, totalTokens, resp.Body) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes the authentication credentials (no-op for AI Studio). -func (e *AIStudioExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -type translatedPayload struct { - payload []byte - action string - toFormat sdktranslator.Format -} - -func (e *AIStudioExecutor) translateRequest(req cliproxyexecutor.Request, opts cliproxyexecutor.Options, stream bool) ([]byte, translatedPayload, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, translatedPayload{}, err - } - payload = fixGeminiImageAspectRatio(baseModel, payload) - requestedModel := payloadRequestedModel(opts, req.Model) - payload = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", payload, originalTranslated, requestedModel) - payload, _ = sjson.DeleteBytes(payload, "generationConfig.maxOutputTokens") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseMimeType") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseJsonSchema") - metadataAction := "generateContent" - if req.Metadata != nil { - if action, _ := req.Metadata["action"].(string); action == "countTokens" { - metadataAction = action - } - } - action := metadataAction - if stream && action != "countTokens" { - action = "streamGenerateContent" - } - payload, _ = sjson.DeleteBytes(payload, "session_id") - return payload, translatedPayload{payload: payload, action: action, toFormat: to}, nil -} - -func (e *AIStudioExecutor) buildEndpoint(model, action, alt string) string { - base := fmt.Sprintf("%s/%s/models/%s:%s", glEndpoint, glAPIVersion, model, action) - if action == "streamGenerateContent" { - if alt == "" { - return base + "?alt=sse" - } - return base + "?$alt=" + url.QueryEscape(alt) - } - if alt != "" && action != "countTokens" { - return base + "?$alt=" + url.QueryEscape(alt) - } - return base -} - -// ensureColonSpacedJSON normalizes JSON objects so that colons are followed by a single space while -// keeping the payload otherwise compact. Non-JSON inputs are returned unchanged. -func ensureColonSpacedJSON(payload []byte) []byte { - trimmed := bytes.TrimSpace(payload) - if len(trimmed) == 0 { - return payload - } - - var decoded any - if err := json.Unmarshal(trimmed, &decoded); err != nil { - return payload - } - - indented, err := json.MarshalIndent(decoded, "", " ") - if err != nil { - return payload - } - - compacted := make([]byte, 0, len(indented)) - inString := false - skipSpace := false - - for i := 0; i < len(indented); i++ { - ch := indented[i] - if ch == '"' { - // A quote is escaped only when preceded by an odd number of consecutive backslashes. - // For example: "\\\"" keeps the quote inside the string, but "\\\\" closes the string. - backslashes := 0 - for j := i - 1; j >= 0 && indented[j] == '\\'; j-- { - backslashes++ - } - if backslashes%2 == 0 { - inString = !inString - } - } - - if !inString { - if ch == '\n' || ch == '\r' { - skipSpace = true - continue - } - if skipSpace { - if ch == ' ' || ch == '\t' { - continue - } - skipSpace = false - } - } - - compacted = append(compacted, ch) - } - - return compacted -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/antigravity_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/antigravity_executor.go deleted file mode 100644 index 652cb472a0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/antigravity_executor.go +++ /dev/null @@ -1,1608 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Antigravity executor that proxies requests to the antigravity -// upstream using OAuth credentials. -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/sha256" - "encoding/binary" - "encoding/json" - "errors" - "fmt" - "io" - "math/rand" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - antigravityBaseURLDaily = "https://daily-cloudcode-pa.googleapis.com" - antigravitySandboxBaseURLDaily = "https://daily-cloudcode-pa.sandbox.googleapis.com" - antigravityBaseURLProd = "https://cloudcode-pa.googleapis.com" - antigravityCountTokensPath = "/v1internal:countTokens" - antigravityStreamPath = "/v1internal:streamGenerateContent" - antigravityGeneratePath = "/v1internal:generateContent" - antigravityModelsPath = "/v1internal:fetchAvailableModels" - antigravityClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - antigravityClientSecret = "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" - defaultAntigravityAgent = "antigravity/1.104.0 darwin/arm64" - antigravityAuthType = "antigravity" - refreshSkew = 3000 * time.Second - systemInstruction = "You are Antigravity, a powerful agentic AI coding assistant designed by the Google Deepmind team working on Advanced Agentic Coding.You are pair programming with a USER to solve their coding task. The task may require creating a new codebase, modifying or debugging an existing codebase, or simply answering a question.**Absolute paths only****Proactiveness**" -) - -var ( - randSource = rand.New(rand.NewSource(time.Now().UnixNano())) - randSourceMutex sync.Mutex -) - -// AntigravityExecutor proxies requests to the antigravity upstream. -type AntigravityExecutor struct { - cfg *config.Config -} - -// NewAntigravityExecutor creates a new Antigravity executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *AntigravityExecutor: A new Antigravity executor instance -func NewAntigravityExecutor(cfg *config.Config) *AntigravityExecutor { - return &AntigravityExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AntigravityExecutor) Identifier() string { return antigravityAuthType } - -// PrepareRequest injects Antigravity credentials into the outgoing HTTP request. -func (e *AntigravityExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _, errToken := e.ensureAccessToken(req.Context(), auth) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - return nil -} - -// HttpRequest injects Antigravity credentials into the request and executes it. -func (e *AntigravityExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("antigravity executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - isClaude := strings.Contains(strings.ToLower(baseModel), "claude") - - if isClaude || strings.Contains(baseModel, "gemini-3-pro") { - return e.executeClaudeNonStream(ctx, auth, req, opts) - } - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, false, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - log.Debugf("antigravity executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), bodyBytes)) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - reporter.publish(ctx, parseAntigravityUsage(bodyBytes)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bodyBytes, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -// executeClaudeNonStream performs a claude non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) executeClaudeNonStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return resp, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return resp, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - out <- cliproxyexecutor.StreamChunk{Payload: payload} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - - var buffer bytes.Buffer - for chunk := range out { - if chunk.Err != nil { - return resp, chunk.Err - } - if len(chunk.Payload) > 0 { - _, _ = buffer.Write(chunk.Payload) - _, _ = buffer.Write([]byte("\n")) - } - } - resp = cliproxyexecutor.Response{Payload: e.convertStreamToNonStream(buffer.Bytes())} - - reporter.publish(ctx, parseAntigravityUsage(resp.Payload)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, resp.Payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -func (e *AntigravityExecutor) convertStreamToNonStream(stream []byte) []byte { - responseTemplate := "" - var traceID string - var finishReason string - var modelVersion string - var responseID string - var role string - var usageRaw string - parts := make([]map[string]interface{}, 0) - var pendingKind string - var pendingText strings.Builder - var pendingThoughtSig string - - flushPending := func() { - if pendingKind == "" { - return - } - text := pendingText.String() - switch pendingKind { - case "text": - if strings.TrimSpace(text) == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - parts = append(parts, map[string]interface{}{"text": text}) - case "thought": - if strings.TrimSpace(text) == "" && pendingThoughtSig == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - part := map[string]interface{}{"thought": true} - part["text"] = text - if pendingThoughtSig != "" { - part["thoughtSignature"] = pendingThoughtSig - } - parts = append(parts, part) - } - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - } - - normalizePart := func(partResult gjson.Result) map[string]interface{} { - var m map[string]interface{} - _ = json.Unmarshal([]byte(partResult.Raw), &m) - if m == nil { - m = map[string]interface{}{} - } - sig := partResult.Get("thoughtSignature").String() - if sig == "" { - sig = partResult.Get("thought_signature").String() - } - if sig != "" { - m["thoughtSignature"] = sig - delete(m, "thought_signature") - } - if inlineData, ok := m["inline_data"]; ok { - m["inlineData"] = inlineData - delete(m, "inline_data") - } - return m - } - - for _, line := range bytes.Split(stream, []byte("\n")) { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !gjson.ValidBytes(trimmed) { - continue - } - - root := gjson.ParseBytes(trimmed) - responseNode := root.Get("response") - if !responseNode.Exists() { - if root.Get("candidates").Exists() { - responseNode = root - } else { - continue - } - } - responseTemplate = responseNode.Raw - - if traceResult := root.Get("traceId"); traceResult.Exists() && traceResult.String() != "" { - traceID = traceResult.String() - } - - if roleResult := responseNode.Get("candidates.0.content.role"); roleResult.Exists() { - role = roleResult.String() - } - - if finishResult := responseNode.Get("candidates.0.finishReason"); finishResult.Exists() && finishResult.String() != "" { - finishReason = finishResult.String() - } - - if modelResult := responseNode.Get("modelVersion"); modelResult.Exists() && modelResult.String() != "" { - modelVersion = modelResult.String() - } - if responseIDResult := responseNode.Get("responseId"); responseIDResult.Exists() && responseIDResult.String() != "" { - responseID = responseIDResult.String() - } - if usageResult := responseNode.Get("usageMetadata"); usageResult.Exists() { - usageRaw = usageResult.Raw - } else if usageMetadataResult := root.Get("usageMetadata"); usageMetadataResult.Exists() { - usageRaw = usageMetadataResult.Raw - } - - if partsResult := responseNode.Get("candidates.0.content.parts"); partsResult.IsArray() { - for _, part := range partsResult.Array() { - hasFunctionCall := part.Get("functionCall").Exists() - hasInlineData := part.Get("inlineData").Exists() || part.Get("inline_data").Exists() - sig := part.Get("thoughtSignature").String() - if sig == "" { - sig = part.Get("thought_signature").String() - } - text := part.Get("text").String() - thought := part.Get("thought").Bool() - - if hasFunctionCall || hasInlineData { - flushPending() - parts = append(parts, normalizePart(part)) - continue - } - - if thought || part.Get("text").Exists() { - kind := "text" - if thought { - kind = "thought" - } - if pendingKind != "" && pendingKind != kind { - flushPending() - } - pendingKind = kind - pendingText.WriteString(text) - if kind == "thought" && sig != "" { - pendingThoughtSig = sig - } - continue - } - - flushPending() - parts = append(parts, normalizePart(part)) - } - } - } - flushPending() - - if responseTemplate == "" { - responseTemplate = `{"candidates":[{"content":{"role":"model","parts":[]}}]}` - } - - partsJSON, _ := json.Marshal(parts) - responseTemplate, _ = sjson.SetRaw(responseTemplate, "candidates.0.content.parts", string(partsJSON)) - if role != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.content.role", role) - } - if finishReason != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.finishReason", finishReason) - } - if modelVersion != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "modelVersion", modelVersion) - } - if responseID != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "responseId", responseID) - } - if usageRaw != "" { - responseTemplate, _ = sjson.SetRaw(responseTemplate, "usageMetadata", usageRaw) - } else if !gjson.Get(responseTemplate, "usageMetadata").Exists() { - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.promptTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.candidatesTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.totalTokenCount", 0) - } - - output := `{"response":{},"traceId":""}` - output, _ = sjson.SetRaw(output, "response", responseTemplate) - if traceID != "" { - output, _ = sjson.Set(output, "traceId", traceID) - } - return []byte(output) -} - -// ExecuteStream performs a streaming request to the Antigravity API. -func (e *AntigravityExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - ctx = context.WithValue(ctx, "alt", "") - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return nil, err - } - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return nil, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return nil, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return nil, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return nil, errWait - } - continue attemptLoop - } - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(payload), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - tail := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, []byte("[DONE]"), ¶m) - for i := range tail { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(tail[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return nil, err - } - - return nil, err -} - -// Refresh refreshes the authentication credentials using the refresh token. -func (e *AntigravityExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return auth, nil - } - updated, errRefresh := e.refreshToken(ctx, auth.Clone()) - if errRefresh != nil { - return nil, errRefresh - } - return updated, nil -} - -// CountTokens counts tokens for the given request using the Antigravity API. -func (e *AntigravityExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return cliproxyexecutor.Response{}, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - if strings.TrimSpace(token) == "" { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - // Prepare payload once (doesn't depend on baseURL) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(auth) - } - - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(antigravityCountTokensPath) - if opts.Alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(opts.Alt)) - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - httpReq.Header.Set("Accept", "application/json") - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return cliproxyexecutor.Response{}, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - return cliproxyexecutor.Response{}, errDo - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode >= http.StatusOK && httpResp.StatusCode < http.StatusMultipleChoices { - count := gjson.GetBytes(bodyBytes, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, bodyBytes) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: httpResp.Header.Clone()}, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - case lastErr != nil: - return cliproxyexecutor.Response{}, lastErr - default: - return cliproxyexecutor.Response{}, statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } -} - -// FetchAntigravityModels retrieves available models using the supplied auth. -func FetchAntigravityModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - exec := &AntigravityExecutor{cfg: cfg} - token, updatedAuth, errToken := exec.ensureAccessToken(ctx, auth) - if errToken != nil { - log.Warnf("antigravity executor: fetch models failed for %s: token error: %v", auth.ID, errToken) - return nil - } - if token == "" { - log.Warnf("antigravity executor: fetch models failed for %s: got empty token", auth.ID) - return nil - } - if updatedAuth != nil { - auth = updatedAuth - } - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - - for idx, baseURL := range baseURLs { - modelsURL := baseURL + antigravityModelsPath - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, modelsURL, bytes.NewReader([]byte(`{}`))) - if errReq != nil { - log.Warnf("antigravity executor: fetch models failed for %s: create request error: %v", auth.ID, errReq) - return nil - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if host := resolveHost(baseURL); host != "" { - httpReq.Host = host - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - log.Warnf("antigravity executor: fetch models failed for %s: context canceled: %v", auth.ID, errDo) - return nil - } - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: request error: %v", auth.ID, errDo) - return nil - } - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: read body error: %v", auth.ID, errRead) - return nil - } - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: unexpected status %d, body: %s", auth.ID, httpResp.StatusCode, string(bodyBytes)) - return nil - } - - result := gjson.GetBytes(bodyBytes, "models") - if !result.Exists() { - log.Warnf("antigravity executor: fetch models failed for %s: no models field in response, body: %s", auth.ID, string(bodyBytes)) - return nil - } - - now := time.Now().Unix() - modelConfig := registry.GetAntigravityModelConfig() - models := make([]*registry.ModelInfo, 0, len(result.Map())) - for originalName, modelData := range result.Map() { - modelID := strings.TrimSpace(originalName) - if modelID == "" { - continue - } - switch modelID { - case "chat_20706", "chat_23310", "gemini-2.5-flash-thinking", "gemini-3-pro-low", "gemini-2.5-pro": - continue - } - modelCfg := modelConfig[modelID] - - // Extract displayName from upstream response, fallback to modelID - displayName := modelData.Get("displayName").String() - if displayName == "" { - displayName = modelID - } - - modelInfo := ®istry.ModelInfo{ - ID: modelID, - Name: modelID, - Description: displayName, - DisplayName: displayName, - Version: modelID, - Object: "model", - Created: now, - OwnedBy: antigravityAuthType, - Type: antigravityAuthType, - } - // Look up Thinking support from static config using upstream model name. - if modelCfg != nil { - if modelCfg.Thinking != nil { - modelInfo.Thinking = modelCfg.Thinking - } - if modelCfg.MaxCompletionTokens > 0 { - modelInfo.MaxCompletionTokens = modelCfg.MaxCompletionTokens - } - } - models = append(models, modelInfo) - } - return models - } - return nil -} - -func (e *AntigravityExecutor) ensureAccessToken(ctx context.Context, auth *cliproxyauth.Auth) (string, *cliproxyauth.Auth, error) { - if auth == nil { - return "", nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - accessToken := metaStringValue(auth.Metadata, "access_token") - expiry := tokenExpiry(auth.Metadata) - if accessToken != "" && expiry.After(time.Now().Add(refreshSkew)) { - return accessToken, nil, nil - } - refreshCtx := context.Background() - if ctx != nil { - if rt, ok := ctx.Value("cliproxy.roundtripper").(http.RoundTripper); ok && rt != nil { - refreshCtx = context.WithValue(refreshCtx, "cliproxy.roundtripper", rt) - } - } - updated, errRefresh := e.refreshToken(refreshCtx, auth.Clone()) - if errRefresh != nil { - return "", nil, errRefresh - } - return metaStringValue(updated.Metadata, "access_token"), updated, nil -} - -func (e *AntigravityExecutor) refreshToken(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - refreshToken := metaStringValue(auth.Metadata, "refresh_token") - if refreshToken == "" { - return auth, statusErr{code: http.StatusUnauthorized, msg: "missing refresh token"} - } - - form := url.Values{} - form.Set("client_id", antigravityClientID) - form.Set("client_secret", antigravityClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, "https://oauth2.googleapis.com/token", strings.NewReader(form.Encode())) - if errReq != nil { - return auth, errReq - } - httpReq.Header.Set("Host", "oauth2.googleapis.com") - httpReq.Header.Set("User-Agent", defaultAntigravityAgent) - httpReq.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - return auth, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - return auth, errRead - } - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return auth, sErr - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return auth, errUnmarshal - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenResp.AccessToken - if tokenResp.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenResp.RefreshToken - } - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - now := time.Now() - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - auth.Metadata["type"] = antigravityAuthType - if errProject := e.ensureAntigravityProjectID(ctx, auth, tokenResp.AccessToken); errProject != nil { - log.Warnf("antigravity executor: ensure project id failed: %v", errProject) - } - return auth, nil -} - -func (e *AntigravityExecutor) ensureAntigravityProjectID(ctx context.Context, auth *cliproxyauth.Auth, accessToken string) error { - if auth == nil { - return nil - } - - if auth.Metadata["project_id"] != nil { - return nil - } - - token := strings.TrimSpace(accessToken) - if token == "" { - token = metaStringValue(auth.Metadata, "access_token") - } - if token == "" { - return nil - } - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - projectID, errFetch := sdkAuth.FetchAntigravityProjectID(ctx, token, httpClient) - if errFetch != nil { - return errFetch - } - if strings.TrimSpace(projectID) == "" { - return nil - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["project_id"] = strings.TrimSpace(projectID) - - return nil -} - -func (e *AntigravityExecutor) buildRequest(ctx context.Context, auth *cliproxyauth.Auth, token, modelName string, payload []byte, stream bool, alt, baseURL string) (*http.Request, error) { - if token == "" { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(auth) - } - path := antigravityGeneratePath - if stream { - path = antigravityStreamPath - } - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(path) - if stream { - if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } else { - requestURL.WriteString("?alt=sse") - } - } else if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } - - // Extract project_id from auth metadata if available - projectID := "" - if auth != nil && auth.Metadata != nil { - if pid, ok := auth.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(pid) - } - } - payload = geminiToAntigravity(modelName, payload, projectID) - payload, _ = sjson.SetBytes(payload, "model", modelName) - - useAntigravitySchema := strings.Contains(modelName, "claude") || strings.Contains(modelName, "gemini-3-pro-high") - payloadStr := string(payload) - paths := make([]string, 0) - util.Walk(gjson.Parse(payloadStr), "", "parametersJsonSchema", &paths) - for _, p := range paths { - payloadStr, _ = util.RenameKey(payloadStr, p, p[:len(p)-len("parametersJsonSchema")]+"parameters") - } - - if useAntigravitySchema { - payloadStr = util.CleanJSONSchemaForAntigravity(payloadStr) - } else { - payloadStr = util.CleanJSONSchemaForGemini(payloadStr) - } - - if useAntigravitySchema { - systemInstructionPartsResult := gjson.Get(payloadStr, "request.systemInstruction.parts") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.role", "user") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.0.text", systemInstruction) - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.1.text", fmt.Sprintf("Please ignore following [ignore]%s[/ignore]", systemInstruction)) - - if systemInstructionPartsResult.Exists() && systemInstructionPartsResult.IsArray() { - for _, partResult := range systemInstructionPartsResult.Array() { - payloadStr, _ = sjson.SetRaw(payloadStr, "request.systemInstruction.parts.-1", partResult.Raw) - } - } - } - - if strings.Contains(modelName, "claude") { - payloadStr, _ = sjson.Set(payloadStr, "request.toolConfig.functionCallingConfig.mode", "VALIDATED") - } else { - payloadStr, _ = sjson.Delete(payloadStr, "request.generationConfig.maxOutputTokens") - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), strings.NewReader(payloadStr)) - if errReq != nil { - return nil, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if stream { - httpReq.Header.Set("Accept", "text/event-stream") - } else { - httpReq.Header.Set("Accept", "application/json") - } - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - var payloadLog []byte - if e.cfg != nil && e.cfg.RequestLog { - payloadLog = []byte(payloadStr) - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payloadLog, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - return httpReq, nil -} - -func tokenExpiry(metadata map[string]any) time.Time { - if metadata == nil { - return time.Time{} - } - if expStr, ok := metadata["expired"].(string); ok { - expStr = strings.TrimSpace(expStr) - if expStr != "" { - if parsed, errParse := time.Parse(time.RFC3339, expStr); errParse == nil { - return parsed - } - } - } - expiresIn, hasExpires := int64Value(metadata["expires_in"]) - tsMs, hasTimestamp := int64Value(metadata["timestamp"]) - if hasExpires && hasTimestamp { - return time.Unix(0, tsMs*int64(time.Millisecond)).Add(time.Duration(expiresIn) * time.Second) - } - return time.Time{} -} - -func metaStringValue(metadata map[string]any, key string) string { - if metadata == nil { - return "" - } - if v, ok := metadata[key]; ok { - switch typed := v.(type) { - case string: - return strings.TrimSpace(typed) - case []byte: - return strings.TrimSpace(string(typed)) - } - } - return "" -} - -func int64Value(value any) (int64, bool) { - switch typed := value.(type) { - case int: - return int64(typed), true - case int64: - return typed, true - case float64: - return int64(typed), true - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i, true - } - case string: - if strings.TrimSpace(typed) == "" { - return 0, false - } - if i, errParse := strconv.ParseInt(strings.TrimSpace(typed), 10, 64); errParse == nil { - return i, true - } - } - return 0, false -} - -func buildBaseURL(auth *cliproxyauth.Auth) string { - if baseURLs := antigravityBaseURLFallbackOrder(auth); len(baseURLs) > 0 { - return baseURLs[0] - } - return antigravityBaseURLDaily -} - -func resolveHost(base string) string { - parsed, errParse := url.Parse(base) - if errParse != nil { - return "" - } - if parsed.Host != "" { - return parsed.Host - } - return strings.TrimPrefix(strings.TrimPrefix(base, "https://"), "http://") -} - -func resolveUserAgent(auth *cliproxyauth.Auth) string { - if auth != nil { - if auth.Attributes != nil { - if ua := strings.TrimSpace(auth.Attributes["user_agent"]); ua != "" { - return ua - } - } - if auth.Metadata != nil { - if ua, ok := auth.Metadata["user_agent"].(string); ok && strings.TrimSpace(ua) != "" { - return strings.TrimSpace(ua) - } - } - } - return defaultAntigravityAgent -} - -func antigravityRetryAttempts(auth *cliproxyauth.Auth, cfg *config.Config) int { - retry := 0 - if cfg != nil { - retry = cfg.RequestRetry - } - if auth != nil { - if override, ok := auth.RequestRetryOverride(); ok { - retry = override - } - } - if retry < 0 { - retry = 0 - } - attempts := retry + 1 - if attempts < 1 { - return 1 - } - return attempts -} - -func antigravityShouldRetryNoCapacity(statusCode int, body []byte) bool { - if statusCode != http.StatusServiceUnavailable { - return false - } - if len(body) == 0 { - return false - } - msg := strings.ToLower(string(body)) - return strings.Contains(msg, "no capacity available") -} - -func antigravityNoCapacityRetryDelay(attempt int) time.Duration { - if attempt < 0 { - attempt = 0 - } - delay := time.Duration(attempt+1) * 250 * time.Millisecond - if delay > 2*time.Second { - delay = 2 * time.Second - } - return delay -} - -func antigravityWait(ctx context.Context, wait time.Duration) error { - if wait <= 0 { - return nil - } - timer := time.NewTimer(wait) - defer timer.Stop() - select { - case <-ctx.Done(): - return ctx.Err() - case <-timer.C: - return nil - } -} - -func antigravityBaseURLFallbackOrder(auth *cliproxyauth.Auth) []string { - if base := resolveCustomAntigravityBaseURL(auth); base != "" { - return []string{base} - } - return []string{ - antigravityBaseURLDaily, - antigravitySandboxBaseURLDaily, - // antigravityBaseURLProd, - } -} - -func resolveCustomAntigravityBaseURL(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["base_url"]); v != "" { - return strings.TrimSuffix(v, "/") - } - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["base_url"].(string); ok { - v = strings.TrimSpace(v) - if v != "" { - return strings.TrimSuffix(v, "/") - } - } - } - return "" -} - -func geminiToAntigravity(modelName string, payload []byte, projectID string) []byte { - template, _ := sjson.Set(string(payload), "model", modelName) - template, _ = sjson.Set(template, "userAgent", "antigravity") - template, _ = sjson.Set(template, "requestType", "agent") - - // Use real project ID from auth if available, otherwise generate random (legacy fallback) - if projectID != "" { - template, _ = sjson.Set(template, "project", projectID) - } else { - template, _ = sjson.Set(template, "project", generateProjectID()) - } - template, _ = sjson.Set(template, "requestId", generateRequestID()) - template, _ = sjson.Set(template, "request.sessionId", generateStableSessionID(payload)) - - template, _ = sjson.Delete(template, "request.safetySettings") - if toolConfig := gjson.Get(template, "toolConfig"); toolConfig.Exists() && !gjson.Get(template, "request.toolConfig").Exists() { - template, _ = sjson.SetRaw(template, "request.toolConfig", toolConfig.Raw) - template, _ = sjson.Delete(template, "toolConfig") - } - return []byte(template) -} - -func generateRequestID() string { - return "agent-" + uuid.NewString() -} - -func generateSessionID() string { - randSourceMutex.Lock() - n := randSource.Int63n(9_000_000_000_000_000_000) - randSourceMutex.Unlock() - return "-" + strconv.FormatInt(n, 10) -} - -func generateStableSessionID(payload []byte) string { - contents := gjson.GetBytes(payload, "request.contents") - if contents.IsArray() { - for _, content := range contents.Array() { - if content.Get("role").String() == "user" { - text := content.Get("parts.0.text").String() - if text != "" { - h := sha256.Sum256([]byte(text)) - n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF - return "-" + strconv.FormatInt(n, 10) - } - } - } - } - return generateSessionID() -} - -func generateProjectID() string { - adjectives := []string{"useful", "bright", "swift", "calm", "bold"} - nouns := []string{"fuze", "wave", "spark", "flow", "core"} - randSourceMutex.Lock() - adj := adjectives[randSource.Intn(len(adjectives))] - noun := nouns[randSource.Intn(len(nouns))] - randSourceMutex.Unlock() - randomPart := strings.ToLower(uuid.NewString())[:5] - return adj + "-" + noun + "-" + randomPart -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/antigravity_executor_buildrequest_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/antigravity_executor_buildrequest_test.go deleted file mode 100644 index c5cba4ee3f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/antigravity_executor_buildrequest_test.go +++ /dev/null @@ -1,159 +0,0 @@ -package executor - -import ( - "context" - "encoding/json" - "io" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestAntigravityBuildRequest_SanitizesGeminiToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "gemini-2.5-pro") - - decl := extractFirstFunctionDeclaration(t, body) - if _, ok := decl["parametersJsonSchema"]; ok { - t.Fatalf("parametersJsonSchema should be renamed to parameters") - } - - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func TestAntigravityBuildRequest_SanitizesAntigravityToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "claude-opus-4-6") - - decl := extractFirstFunctionDeclaration(t, body) - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func buildRequestBodyFromPayload(t *testing.T, modelName string) map[string]any { - t.Helper() - - executor := &AntigravityExecutor{} - auth := &cliproxyauth.Auth{} - payload := []byte(`{ - "request": { - "tools": [ - { - "function_declarations": [ - { - "name": "tool_1", - "parametersJsonSchema": { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "$id": {"type": "string"}, - "arg": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - } - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - } - } - ] - } - ] - } - }`) - - req, err := executor.buildRequest(context.Background(), auth, "token", modelName, payload, false, "", "https://example.com") - if err != nil { - t.Fatalf("buildRequest error: %v", err) - } - - raw, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read request body error: %v", err) - } - - var body map[string]any - if err := json.Unmarshal(raw, &body); err != nil { - t.Fatalf("unmarshal request body error: %v, body=%s", err, string(raw)) - } - return body -} - -func extractFirstFunctionDeclaration(t *testing.T, body map[string]any) map[string]any { - t.Helper() - - request, ok := body["request"].(map[string]any) - if !ok { - t.Fatalf("request missing or invalid type") - } - tools, ok := request["tools"].([]any) - if !ok || len(tools) == 0 { - t.Fatalf("tools missing or empty") - } - tool, ok := tools[0].(map[string]any) - if !ok { - t.Fatalf("first tool invalid type") - } - decls, ok := tool["function_declarations"].([]any) - if !ok || len(decls) == 0 { - t.Fatalf("function_declarations missing or empty") - } - decl, ok := decls[0].(map[string]any) - if !ok { - t.Fatalf("first function declaration invalid type") - } - return decl -} - -func assertSchemaSanitizedAndPropertyPreserved(t *testing.T, params map[string]any) { - t.Helper() - - if _, ok := params["$id"]; ok { - t.Fatalf("root $id should be removed from schema") - } - if _, ok := params["patternProperties"]; ok { - t.Fatalf("patternProperties should be removed from schema") - } - - props, ok := params["properties"].(map[string]any) - if !ok { - t.Fatalf("properties missing or invalid type") - } - if _, ok := props["$id"]; !ok { - t.Fatalf("property named $id should be preserved") - } - - arg, ok := props["arg"].(map[string]any) - if !ok { - t.Fatalf("arg property missing or invalid type") - } - if _, ok := arg["prefill"]; ok { - t.Fatalf("prefill should be removed from nested schema") - } - - argProps, ok := arg["properties"].(map[string]any) - if !ok { - t.Fatalf("arg.properties missing or invalid type") - } - mode, ok := argProps["mode"].(map[string]any) - if !ok { - t.Fatalf("mode property missing or invalid type") - } - if _, ok := mode["enumTitles"]; ok { - t.Fatalf("enumTitles should be removed from nested schema") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/cache_helpers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/cache_helpers.go deleted file mode 100644 index 1e32f43a06..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/cache_helpers.go +++ /dev/null @@ -1,78 +0,0 @@ -package executor - -import ( - "sync" - "time" -) - -type codexCache struct { - ID string - Expire time.Time -} - -// codexCacheMap stores prompt cache IDs keyed by model+user_id. -// Protected by codexCacheMu. Entries expire after 1 hour. -var ( - codexCacheMap = make(map[string]codexCache) - codexCacheMu sync.RWMutex -) - -// codexCacheCleanupInterval controls how often expired entries are purged. -const codexCacheCleanupInterval = 15 * time.Minute - -// codexCacheCleanupOnce ensures the background cleanup goroutine starts only once. -var codexCacheCleanupOnce sync.Once - -// startCodexCacheCleanup launches a background goroutine that periodically -// removes expired entries from codexCacheMap to prevent memory leaks. -func startCodexCacheCleanup() { - go func() { - ticker := time.NewTicker(codexCacheCleanupInterval) - defer ticker.Stop() - - for range ticker.C { - purgeExpiredCodexCache() - } - }() -} - -// purgeExpiredCodexCache removes entries that have expired. -func purgeExpiredCodexCache() { - now := time.Now() - - codexCacheMu.Lock() - defer codexCacheMu.Unlock() - - for key, cache := range codexCacheMap { - if cache.Expire.Before(now) { - delete(codexCacheMap, key) - } - } -} - -// getCodexCache retrieves a cached entry, returning ok=false if not found or expired. -func getCodexCache(key string) (codexCache, bool) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.RLock() - cache, ok := codexCacheMap[key] - codexCacheMu.RUnlock() - if !ok || cache.Expire.Before(time.Now()) { - return codexCache{}, false - } - return cache, true -} - -// setCodexCache stores a cache entry. -func setCodexCache(key string, cache codexCache) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.Lock() - codexCacheMap[key] = cache - codexCacheMu.Unlock() -} - -// deleteCodexCache deletes a cache entry. -func deleteCodexCache(key string) { - codexCacheMu.Lock() - delete(codexCacheMap, key) - codexCacheMu.Unlock() -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/caching_verify_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/caching_verify_test.go deleted file mode 100644 index 6088d304cd..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/caching_verify_test.go +++ /dev/null @@ -1,258 +0,0 @@ -package executor - -import ( - "fmt" - "testing" - - "github.com/tidwall/gjson" -) - -func TestEnsureCacheControl(t *testing.T) { - // Test case 1: System prompt as string - t.Run("String System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": "This is a long system prompt", "messages": []}`) - output := ensureCacheControl(input) - - res := gjson.GetBytes(output, "system.0.cache_control.type") - if res.String() != "ephemeral" { - t.Errorf("cache_control not found in system string. Output: %s", string(output)) - } - }) - - // Test case 2: System prompt as array - t.Run("Array System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": [{"type": "text", "text": "Part 1"}, {"type": "text", "text": "Part 2"}], "messages": []}`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST element - res0 := gjson.GetBytes(output, "system.0.cache_control") - res1 := gjson.GetBytes(output, "system.1.cache_control.type") - - if res0.Exists() { - t.Errorf("cache_control should NOT be on the first element") - } - if res1.String() != "ephemeral" { - t.Errorf("cache_control not found on last system element. Output: %s", string(output)) - } - }) - - // Test case 3: Tools are cached - t.Run("Tools Caching", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}}, - {"name": "tool2", "description": "Second tool", "input_schema": {"type": "object"}} - ], - "system": "System prompt", - "messages": [] - }`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST tool - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control") - tool1Cache := gjson.GetBytes(output, "tools.1.cache_control.type") - - if tool0Cache.Exists() { - t.Errorf("cache_control should NOT be on the first tool") - } - if tool1Cache.String() != "ephemeral" { - t.Errorf("cache_control not found on last tool. Output: %s", string(output)) - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("cache_control not found in system. Output: %s", string(output)) - } - }) - - // Test case 4: Tools and system are INDEPENDENT breakpoints - // Per Anthropic docs: Up to 4 breakpoints allowed, tools and system are cached separately - t.Run("Independent Cache Breakpoints", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}, "cache_control": {"type": "ephemeral"}} - ], - "system": [{"type": "text", "text": "System"}], - "messages": [] - }`) - output := ensureCacheControl(input) - - // Tool already has cache_control - should not be changed - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control.type") - if tool0Cache.String() != "ephemeral" { - t.Errorf("existing cache_control was incorrectly removed") - } - - // System SHOULD get cache_control because it is an INDEPENDENT breakpoint - // Tools and system are separate cache levels in the hierarchy - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have its own cache_control breakpoint (independent of tools)") - } - }) - - // Test case 5: Only tools, no system - t.Run("Only Tools No System", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "Tool", "input_schema": {"type": "object"}} - ], - "messages": [{"role": "user", "content": "Hi"}] - }`) - output := ensureCacheControl(input) - - toolCache := gjson.GetBytes(output, "tools.0.cache_control.type") - if toolCache.String() != "ephemeral" { - t.Errorf("cache_control not found on tool. Output: %s", string(output)) - } - }) - - // Test case 6: Many tools (Claude Code scenario) - t.Run("Many Tools (Claude Code Scenario)", func(t *testing.T) { - // Simulate Claude Code with many tools - toolsJSON := `[` - for i := 0; i < 50; i++ { - if i > 0 { - toolsJSON += "," - } - toolsJSON += fmt.Sprintf(`{"name": "tool%d", "description": "Tool %d", "input_schema": {"type": "object"}}`, i, i) - } - toolsJSON += `]` - - input := []byte(fmt.Sprintf(`{ - "model": "claude-3-5-sonnet", - "tools": %s, - "system": [{"type": "text", "text": "You are Claude Code"}], - "messages": [{"role": "user", "content": "Hello"}] - }`, toolsJSON)) - - output := ensureCacheControl(input) - - // Only the last tool (index 49) should have cache_control - for i := 0; i < 49; i++ { - path := fmt.Sprintf("tools.%d.cache_control", i) - if gjson.GetBytes(output, path).Exists() { - t.Errorf("tool %d should NOT have cache_control", i) - } - } - - lastToolCache := gjson.GetBytes(output, "tools.49.cache_control.type") - if lastToolCache.String() != "ephemeral" { - t.Errorf("last tool (49) should have cache_control") - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control") - } - - t.Log("test passed: 50 tools - cache_control only on last tool") - }) - - // Test case 7: Empty tools array - t.Run("Empty Tools Array", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "tools": [], "system": "Test", "messages": []}`) - output := ensureCacheControl(input) - - // System should still get cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control even with empty tools array") - } - }) - - // Test case 8: Messages caching for multi-turn (second-to-last user) - t.Run("Messages Caching Second-To-Last User", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": "First user"}, - {"role": "assistant", "content": "Assistant reply"}, - {"role": "user", "content": "Second user"}, - {"role": "assistant", "content": "Assistant reply 2"}, - {"role": "user", "content": "Third user"} - ] - }`) - output := ensureCacheControl(input) - - cacheType := gjson.GetBytes(output, "messages.2.content.0.cache_control.type") - if cacheType.String() != "ephemeral" { - t.Errorf("cache_control not found on second-to-last user turn. Output: %s", string(output)) - } - - lastUserCache := gjson.GetBytes(output, "messages.4.content.0.cache_control") - if lastUserCache.Exists() { - t.Errorf("last user turn should NOT have cache_control") - } - }) - - // Test case 9: Existing message cache_control should skip injection - t.Run("Messages Skip When Cache Control Exists", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "First user"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Assistant reply", "cache_control": {"type": "ephemeral"}}]}, - {"role": "user", "content": [{"type": "text", "text": "Second user"}]} - ] - }`) - output := ensureCacheControl(input) - - userCache := gjson.GetBytes(output, "messages.0.content.0.cache_control") - if userCache.Exists() { - t.Errorf("cache_control should NOT be injected when a message already has cache_control") - } - - existingCache := gjson.GetBytes(output, "messages.1.content.0.cache_control.type") - if existingCache.String() != "ephemeral" { - t.Errorf("existing cache_control should be preserved. Output: %s", string(output)) - } - }) -} - -// TestCacheControlOrder verifies the correct order: tools -> system -> messages -func TestCacheControlOrder(t *testing.T) { - input := []byte(`{ - "model": "claude-sonnet-4", - "tools": [ - {"name": "Read", "description": "Read file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}}}}, - {"name": "Write", "description": "Write file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}, "content": {"type": "string"}}}} - ], - "system": [ - {"type": "text", "text": "You are Claude Code, Anthropic's official CLI for Claude."}, - {"type": "text", "text": "Additional instructions here..."} - ], - "messages": [ - {"role": "user", "content": "Hello"} - ] - }`) - - output := ensureCacheControl(input) - - // 1. Last tool has cache_control - if gjson.GetBytes(output, "tools.1.cache_control.type").String() != "ephemeral" { - t.Error("last tool should have cache_control") - } - - // 2. First tool has NO cache_control - if gjson.GetBytes(output, "tools.0.cache_control").Exists() { - t.Error("first tool should NOT have cache_control") - } - - // 3. Last system element has cache_control - if gjson.GetBytes(output, "system.1.cache_control.type").String() != "ephemeral" { - t.Error("last system element should have cache_control") - } - - // 4. First system element has NO cache_control - if gjson.GetBytes(output, "system.0.cache_control").Exists() { - t.Error("first system element should NOT have cache_control") - } - - t.Log("cache order correct: tools -> system") -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/claude_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/claude_executor.go deleted file mode 100644 index 681e7b8d22..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/claude_executor.go +++ /dev/null @@ -1,1410 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "compress/flate" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "runtime" - "strings" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - claudeauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - - "github.com/gin-gonic/gin" -) - -// ClaudeExecutor is a stateless executor for Anthropic Claude over the messages API. -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type ClaudeExecutor struct { - cfg *config.Config -} - -const claudeToolPrefix = "proxy_" - -func NewClaudeExecutor(cfg *config.Config) *ClaudeExecutor { return &ClaudeExecutor{cfg: cfg} } - -func (e *ClaudeExecutor) Identifier() string { return "claude" } - -// PrepareRequest injects Claude credentials into the outgoing HTTP request. -func (e *ClaudeExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := claudeCreds(auth) - if strings.TrimSpace(apiKey) == "" { - return nil - } - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := req.URL != nil && strings.EqualFold(req.URL.Scheme, "https") && strings.EqualFold(req.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - req.Header.Del("Authorization") - req.Header.Set("x-api-key", apiKey) - } else { - req.Header.Del("x-api-key") - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Claude credentials into the request and executes it. -func (e *ClaudeExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("claude executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - if baseURL == "" { - baseURL = "https://api.anthropic.com" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel, apiKey) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return resp, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if stream { - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } else { - reporter.publish(ctx, parseClaudeUsage(data)) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - data = stripClaudeToolPrefixFromResponse(data, claudeToolPrefix) - } - var param any - out := sdktranslator.TranslateNonStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - data, - ¶m, - ) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - if baseURL == "" { - baseURL = "https://api.anthropic.com" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel, apiKey) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return nil, err - } - applyClaudeHeaders(httpReq, auth, apiKey, true, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // If from == to (Claude → Claude), directly forward the SSE stream without translation - if from == to { - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - // Forward the line as-is to preserve SSE format - cloned := make([]byte, len(line)+1) - copy(cloned, line) - cloned[len(line)] = '\n' - out <- cliproxyexecutor.StreamChunk{Payload: cloned} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - // For other formats, use translation - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - chunks := sdktranslator.TranslateStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - bytes.Clone(line), - ¶m, - ) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - if baseURL == "" { - baseURL = "https://api.anthropic.com" - } - - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - if !strings.HasPrefix(baseModel, "claude-3-5-haiku") { - body = checkSystemInstructions(body) - } - - // Extract betas from body and convert to header (for count_tokens too) - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - body = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages/count_tokens?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return cliproxyexecutor.Response{}, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - b, _ := io.ReadAll(resp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)} - } - decodedBody, err := decodeResponseBody(resp.Body, resp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "input_tokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: resp.Header.Clone()}, nil -} - -func (e *ClaudeExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("claude executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("claude executor: auth is nil") - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := claudeauth.NewClaudeAuth(e.cfg) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - auth.Metadata["email"] = td.Email - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "claude" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// extractAndRemoveBetas extracts the "betas" array from the body and removes it. -// Returns the extracted betas as a string slice and the modified body. -func extractAndRemoveBetas(body []byte) ([]string, []byte) { - betasResult := gjson.GetBytes(body, "betas") - if !betasResult.Exists() { - return nil, body - } - var betas []string - if betasResult.IsArray() { - for _, item := range betasResult.Array() { - if s := strings.TrimSpace(item.String()); s != "" { - betas = append(betas, s) - } - } - } else if s := strings.TrimSpace(betasResult.String()); s != "" { - betas = append(betas, s) - } - body, _ = sjson.DeleteBytes(body, "betas") - return betas, body -} - -// disableThinkingIfToolChoiceForced checks if tool_choice forces tool use and disables thinking. -// Anthropic API does not allow thinking when tool_choice is set to "any" or a specific tool. -// See: https://docs.anthropic.com/en/docs/build-with-claude/extended-thinking#important-considerations -func disableThinkingIfToolChoiceForced(body []byte) []byte { - toolChoiceType := gjson.GetBytes(body, "tool_choice.type").String() - // "auto" is allowed with thinking, but "any" or "tool" (specific tool) are not - if toolChoiceType == "any" || toolChoiceType == "tool" { - // Remove thinking configuration entirely to avoid API error - body, _ = sjson.DeleteBytes(body, "thinking") - } - return body -} - -type compositeReadCloser struct { - io.Reader - closers []func() error -} - -func (c *compositeReadCloser) Close() error { - var firstErr error - for i := range c.closers { - if c.closers[i] == nil { - continue - } - if err := c.closers[i](); err != nil && firstErr == nil { - firstErr = err - } - } - return firstErr -} - -func decodeResponseBody(body io.ReadCloser, contentEncoding string) (io.ReadCloser, error) { - if body == nil { - return nil, fmt.Errorf("response body is nil") - } - if contentEncoding == "" { - return body, nil - } - encodings := strings.Split(contentEncoding, ",") - for _, raw := range encodings { - encoding := strings.TrimSpace(strings.ToLower(raw)) - switch encoding { - case "", "identity": - continue - case "gzip": - gzipReader, err := gzip.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - return &compositeReadCloser{ - Reader: gzipReader, - closers: []func() error{ - gzipReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "deflate": - deflateReader := flate.NewReader(body) - return &compositeReadCloser{ - Reader: deflateReader, - closers: []func() error{ - deflateReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "br": - return &compositeReadCloser{ - Reader: brotli.NewReader(body), - closers: []func() error{ - func() error { return body.Close() }, - }, - }, nil - case "zstd": - decoder, err := zstd.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - return &compositeReadCloser{ - Reader: decoder, - closers: []func() error{ - func() error { decoder.Close(); return nil }, - func() error { return body.Close() }, - }, - }, nil - default: - continue - } - } - return body, nil -} - -// mapStainlessOS maps runtime.GOOS to Stainless SDK OS names. -func mapStainlessOS() string { - switch runtime.GOOS { - case "darwin": - return "MacOS" - case "windows": - return "Windows" - case "linux": - return "Linux" - case "freebsd": - return "FreeBSD" - default: - return "Other::" + runtime.GOOS - } -} - -// mapStainlessArch maps runtime.GOARCH to Stainless SDK architecture names. -func mapStainlessArch() string { - switch runtime.GOARCH { - case "amd64": - return "x64" - case "arm64": - return "arm64" - case "386": - return "x86" - default: - return "other::" + runtime.GOARCH - } -} - -func applyClaudeHeaders(r *http.Request, auth *cliproxyauth.Auth, apiKey string, stream bool, extraBetas []string, cfg *config.Config) { - hdrDefault := func(cfgVal, fallback string) string { - if cfgVal != "" { - return cfgVal - } - return fallback - } - - var hd config.ClaudeHeaderDefaults - if cfg != nil { - hd = cfg.ClaudeHeaderDefaults - } - - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := r.URL != nil && strings.EqualFold(r.URL.Scheme, "https") && strings.EqualFold(r.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - r.Header.Del("Authorization") - r.Header.Set("x-api-key", apiKey) - } else { - r.Header.Set("Authorization", "Bearer "+apiKey) - } - r.Header.Set("Content-Type", "application/json") - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - promptCachingBeta := "prompt-caching-2024-07-31" - baseBetas := "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14," + promptCachingBeta - if val := strings.TrimSpace(ginHeaders.Get("Anthropic-Beta")); val != "" { - baseBetas = val - if !strings.Contains(val, "oauth") { - baseBetas += ",oauth-2025-04-20" - } - } - if !strings.Contains(baseBetas, promptCachingBeta) { - baseBetas += "," + promptCachingBeta - } - - // Merge extra betas from request body - if len(extraBetas) > 0 { - existingSet := make(map[string]bool) - for _, b := range strings.Split(baseBetas, ",") { - existingSet[strings.TrimSpace(b)] = true - } - for _, beta := range extraBetas { - beta = strings.TrimSpace(beta) - if beta != "" && !existingSet[beta] { - baseBetas += "," + beta - existingSet[beta] = true - } - } - } - r.Header.Set("Anthropic-Beta", baseBetas) - - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Version", "2023-06-01") - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Dangerous-Direct-Browser-Access", "true") - misc.EnsureHeader(r.Header, ginHeaders, "X-App", "cli") - // Values below match Claude Code 2.1.44 / @anthropic-ai/sdk 0.74.0 (captured 2026-02-17). - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Helper-Method", "stream") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Retry-Count", "0") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime-Version", hdrDefault(hd.RuntimeVersion, "v24.3.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Package-Version", hdrDefault(hd.PackageVersion, "0.74.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime", "node") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Lang", "js") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Arch", mapStainlessArch()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Os", mapStainlessOS()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Timeout", hdrDefault(hd.Timeout, "600")) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", hdrDefault(hd.UserAgent, "claude-cli/2.1.44 (external, sdk-cli)")) - r.Header.Set("Connection", "keep-alive") - r.Header.Set("Accept-Encoding", "gzip, deflate, br, zstd") - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - // Keep OS/Arch mapping dynamic (not configurable). - // They intentionally continue to derive from runtime.GOOS/runtime.GOARCH. - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func claudeCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func checkSystemInstructions(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -func isClaudeOAuthToken(apiKey string) bool { - return strings.Contains(apiKey, "sk-ant-oat") -} - -func applyClaudeToolPrefix(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - - // Collect built-in tool names (those with a non-empty "type" field) so we can - // skip them consistently in both tools and message history. - builtinTools := map[string]bool{} - for _, name := range []string{"web_search", "code_execution", "text_editor", "computer"} { - builtinTools[name] = true - } - - if tools := gjson.GetBytes(body, "tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(index, tool gjson.Result) bool { - // Skip built-in tools (web_search, code_execution, etc.) which have - // a "type" field and require their name to remain unchanged. - if tool.Get("type").Exists() && tool.Get("type").String() != "" { - if n := tool.Get("name").String(); n != "" { - builtinTools[n] = true - } - return true - } - name := tool.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("tools.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - return true - }) - } - - if gjson.GetBytes(body, "tool_choice.type").String() == "tool" { - name := gjson.GetBytes(body, "tool_choice.name").String() - if name != "" && !strings.HasPrefix(name, prefix) && !builtinTools[name] { - body, _ = sjson.SetBytes(body, "tool_choice.name", prefix+name) - } - } - - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(msgIndex, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - return true - } - content.ForEach(func(contentIndex, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) || builtinTools[name] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - case "tool_reference": - toolName := part.Get("tool_name").String() - if toolName == "" || strings.HasPrefix(toolName, prefix) || builtinTools[toolName] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+toolName) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if nestedToolName != "" && !strings.HasPrefix(nestedToolName, prefix) && !builtinTools[nestedToolName] { - nestedPath := fmt.Sprintf("messages.%d.content.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, prefix+nestedToolName) - } - } - return true - }) - } - } - return true - }) - return true - }) - } - - return body -} - -func stripClaudeToolPrefixFromResponse(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - content := gjson.GetBytes(body, "content") - if !content.Exists() || !content.IsArray() { - return body - } - content.ForEach(func(index, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("content.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(name, prefix)) - case "tool_reference": - toolName := part.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return true - } - path := fmt.Sprintf("content.%d.tool_name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(toolName, prefix)) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if strings.HasPrefix(nestedToolName, prefix) { - nestedPath := fmt.Sprintf("content.%d.content.%d.tool_name", index.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, strings.TrimPrefix(nestedToolName, prefix)) - } - } - return true - }) - } - } - return true - }) - return body -} - -func stripClaudeToolPrefixFromStreamLine(line []byte, prefix string) []byte { - if prefix == "" { - return line - } - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return line - } - contentBlock := gjson.GetBytes(payload, "content_block") - if !contentBlock.Exists() { - return line - } - - blockType := contentBlock.Get("type").String() - var updated []byte - var err error - - switch blockType { - case "tool_use": - name := contentBlock.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.name", strings.TrimPrefix(name, prefix)) - if err != nil { - return line - } - case "tool_reference": - toolName := contentBlock.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.tool_name", strings.TrimPrefix(toolName, prefix)) - if err != nil { - return line - } - default: - return line - } - - trimmed := bytes.TrimSpace(line) - if bytes.HasPrefix(trimmed, []byte("data:")) { - return append([]byte("data: "), updated...) - } - return updated -} - -// getClientUserAgent extracts the client User-Agent from the gin context. -func getClientUserAgent(ctx context.Context) string { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - return ginCtx.GetHeader("User-Agent") - } - return "" -} - -// getCloakConfigFromAuth extracts cloak configuration from auth attributes. -// Returns (cloakMode, strictMode, sensitiveWords, cacheUserID). -func getCloakConfigFromAuth(auth *cliproxyauth.Auth) (string, bool, []string, bool) { - if auth == nil || auth.Attributes == nil { - return "auto", false, nil, false - } - - cloakMode := auth.Attributes["cloak_mode"] - if cloakMode == "" { - cloakMode = "auto" - } - - strictMode := strings.ToLower(auth.Attributes["cloak_strict_mode"]) == "true" - - var sensitiveWords []string - if wordsStr := auth.Attributes["cloak_sensitive_words"]; wordsStr != "" { - sensitiveWords = strings.Split(wordsStr, ",") - for i := range sensitiveWords { - sensitiveWords[i] = strings.TrimSpace(sensitiveWords[i]) - } - } - - cacheUserID := strings.EqualFold(strings.TrimSpace(auth.Attributes["cloak_cache_user_id"]), "true") - - return cloakMode, strictMode, sensitiveWords, cacheUserID -} - -// resolveClaudeKeyCloakConfig finds the matching ClaudeKey config and returns its CloakConfig. -func resolveClaudeKeyCloakConfig(cfg *config.Config, auth *cliproxyauth.Auth) *config.CloakConfig { - if cfg == nil || auth == nil { - return nil - } - - apiKey, baseURL := claudeCreds(auth) - if apiKey == "" { - return nil - } - - for i := range cfg.ClaudeKey { - entry := &cfg.ClaudeKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - - // Match by API key - if strings.EqualFold(cfgKey, apiKey) { - // If baseURL is specified, also check it - if baseURL != "" && cfgBase != "" && !strings.EqualFold(cfgBase, baseURL) { - continue - } - return entry.Cloak - } - } - - return nil -} - -// injectFakeUserID generates and injects a fake user ID into the request metadata. -// When useCache is false, a new user ID is generated for every call. -func injectFakeUserID(payload []byte, apiKey string, useCache bool) []byte { - generateID := func() string { - if useCache { - return cachedUserID(apiKey) - } - return generateFakeUserID() - } - - metadata := gjson.GetBytes(payload, "metadata") - if !metadata.Exists() { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", generateID()) - return payload - } - - existingUserID := gjson.GetBytes(payload, "metadata.user_id").String() - if existingUserID == "" || !isValidUserID(existingUserID) { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", generateID()) - } - return payload -} - -// checkSystemInstructionsWithMode injects Claude Code system prompt. -// In strict mode, it replaces all user system messages. -// In non-strict mode (default), it prepends to existing system messages. -func checkSystemInstructionsWithMode(payload []byte, strictMode bool) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - - if strictMode { - // Strict mode: replace all system messages with Claude Code prompt only - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - return payload - } - - // Non-strict mode (default): prepend Claude Code prompt to existing system messages - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -// applyCloaking applies cloaking transformations to the payload based on config and client. -// Cloaking includes: system prompt injection, fake user ID, and sensitive word obfuscation. -func applyCloaking(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, payload []byte, model string, apiKey string) []byte { - clientUserAgent := getClientUserAgent(ctx) - - // Get cloak config from ClaudeKey configuration - cloakCfg := resolveClaudeKeyCloakConfig(cfg, auth) - - // Determine cloak settings - var cloakMode string - var strictMode bool - var sensitiveWords []string - var cacheUserID bool - - if cloakCfg != nil { - cloakMode = cloakCfg.Mode - strictMode = cloakCfg.StrictMode - sensitiveWords = cloakCfg.SensitiveWords - if cloakCfg.CacheUserID != nil { - cacheUserID = *cloakCfg.CacheUserID - } - } - - // Fallback to auth attributes if no config found - if cloakMode == "" { - attrMode, attrStrict, attrWords, attrCache := getCloakConfigFromAuth(auth) - cloakMode = attrMode - if !strictMode { - strictMode = attrStrict - } - if len(sensitiveWords) == 0 { - sensitiveWords = attrWords - } - if cloakCfg == nil || cloakCfg.CacheUserID == nil { - cacheUserID = attrCache - } - } else if cloakCfg == nil || cloakCfg.CacheUserID == nil { - _, _, _, attrCache := getCloakConfigFromAuth(auth) - cacheUserID = attrCache - } - - // Determine if cloaking should be applied - if !shouldCloak(cloakMode, clientUserAgent) { - return payload - } - - // Skip system instructions for claude-3-5-haiku models - if !strings.HasPrefix(model, "claude-3-5-haiku") { - payload = checkSystemInstructionsWithMode(payload, strictMode) - } - - // Inject fake user ID - payload = injectFakeUserID(payload, apiKey, cacheUserID) - - // Apply sensitive word obfuscation - if len(sensitiveWords) > 0 { - matcher := buildSensitiveWordMatcher(sensitiveWords) - payload = obfuscateSensitiveWords(payload, matcher) - } - - return payload -} - -// ensureCacheControl injects cache_control breakpoints into the payload for optimal prompt caching. -// According to Anthropic's documentation, cache prefixes are created in order: tools -> system -> messages. -// This function adds cache_control to: -// 1. The LAST tool in the tools array (caches all tool definitions) -// 2. The LAST element in the system array (caches system prompt) -// 3. The SECOND-TO-LAST user turn (caches conversation history for multi-turn) -// -// Up to 4 cache breakpoints are allowed per request. Tools, System, and Messages are INDEPENDENT breakpoints. -// This enables up to 90% cost reduction on cached tokens (cache read = 0.1x base price). -// See: https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching -func ensureCacheControl(payload []byte) []byte { - // 1. Inject cache_control into the LAST tool (caches all tool definitions) - // Tools are cached first in the hierarchy, so this is the most important breakpoint. - payload = injectToolsCacheControl(payload) - - // 2. Inject cache_control into the LAST system prompt element - // System is the second level in the cache hierarchy. - payload = injectSystemCacheControl(payload) - - // 3. Inject cache_control into messages for multi-turn conversation caching - // This caches the conversation history up to the second-to-last user turn. - payload = injectMessagesCacheControl(payload) - - return payload -} - -func countCacheControls(payload []byte) int { - count := 0 - - // Check system - system := gjson.GetBytes(payload, "system") - if system.IsArray() { - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check tools - tools := gjson.GetBytes(payload, "tools") - if tools.IsArray() { - tools.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check messages - messages := gjson.GetBytes(payload, "messages") - if messages.IsArray() { - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - return true - }) - } - - return count -} - -// injectMessagesCacheControl adds cache_control to the second-to-last user turn for multi-turn caching. -// Per Anthropic docs: "Place cache_control on the second-to-last User message to let the model reuse the earlier cache." -// This enables caching of conversation history, which is especially beneficial for long multi-turn conversations. -// Only adds cache_control if: -// - There are at least 2 user turns in the conversation -// - No message content already has cache_control -func injectMessagesCacheControl(payload []byte) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - // Check if ANY message content already has cache_control - hasCacheControlInMessages := false - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInMessages = true - return false - } - return true - }) - } - return !hasCacheControlInMessages - }) - if hasCacheControlInMessages { - return payload - } - - // Find all user message indices - var userMsgIndices []int - messages.ForEach(func(index gjson.Result, msg gjson.Result) bool { - if msg.Get("role").String() == "user" { - userMsgIndices = append(userMsgIndices, int(index.Int())) - } - return true - }) - - // Need at least 2 user turns to cache the second-to-last - if len(userMsgIndices) < 2 { - return payload - } - - // Get the second-to-last user message index - secondToLastUserIdx := userMsgIndices[len(userMsgIndices)-2] - - // Get the content of this message - contentPath := fmt.Sprintf("messages.%d.content", secondToLastUserIdx) - content := gjson.GetBytes(payload, contentPath) - - if content.IsArray() { - // Add cache_control to the last content block of this message - contentCount := int(content.Get("#").Int()) - if contentCount > 0 { - cacheControlPath := fmt.Sprintf("messages.%d.content.%d.cache_control", secondToLastUserIdx, contentCount-1) - result, err := sjson.SetBytes(payload, cacheControlPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into messages: %v", err) - return payload - } - payload = result - } - } else if content.Type == gjson.String { - // Convert string content to array with cache_control - text := content.String() - newContent := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, contentPath, newContent) - if err != nil { - log.Warnf("failed to inject cache_control into message string content: %v", err) - return payload - } - payload = result - } - - return payload -} - -// injectToolsCacheControl adds cache_control to the last tool in the tools array. -// Per Anthropic docs: "The cache_control parameter on the last tool definition caches all tool definitions." -// This only adds cache_control if NO tool in the array already has it. -func injectToolsCacheControl(payload []byte) []byte { - tools := gjson.GetBytes(payload, "tools") - if !tools.Exists() || !tools.IsArray() { - return payload - } - - toolCount := int(tools.Get("#").Int()) - if toolCount == 0 { - return payload - } - - // Check if ANY tool already has cache_control - if so, don't modify tools - hasCacheControlInTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("cache_control").Exists() { - hasCacheControlInTools = true - return false - } - return true - }) - if hasCacheControlInTools { - return payload - } - - // Add cache_control to the last tool - lastToolPath := fmt.Sprintf("tools.%d.cache_control", toolCount-1) - result, err := sjson.SetBytes(payload, lastToolPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into tools array: %v", err) - return payload - } - - return result -} - -// injectSystemCacheControl adds cache_control to the last element in the system prompt. -// Converts string system prompts to array format if needed. -// This only adds cache_control if NO system element already has it. -func injectSystemCacheControl(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - count := int(system.Get("#").Int()) - if count == 0 { - return payload - } - - // Check if ANY system element already has cache_control - hasCacheControlInSystem := false - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInSystem = true - return false - } - return true - }) - if hasCacheControlInSystem { - return payload - } - - // Add cache_control to the last system element - lastSystemPath := fmt.Sprintf("system.%d.cache_control", count-1) - result, err := sjson.SetBytes(payload, lastSystemPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into system array: %v", err) - return payload - } - payload = result - } else if system.Type == gjson.String { - // Convert string system prompt to array with cache_control - // "system": "text" -> "system": [{"type": "text", "text": "text", "cache_control": {"type": "ephemeral"}}] - text := system.String() - newSystem := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, "system", newSystem) - if err != nil { - log.Warnf("failed to inject cache_control into system string: %v", err) - return payload - } - payload = result - } - - return payload -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/claude_executor_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/claude_executor_test.go deleted file mode 100644 index dd29ed8ad7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/claude_executor_test.go +++ /dev/null @@ -1,350 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func TestApplyClaudeToolPrefix(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"},{"name":"proxy_bravo"}],"tool_choice":{"type":"tool","name":"charlie"},"messages":[{"role":"assistant","content":[{"type":"tool_use","name":"delta","id":"t1","input":{}}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_alpha" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_alpha") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_bravo" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_bravo") - } - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "proxy_charlie" { - t.Fatalf("tool_choice.name = %q, want %q", got, "proxy_charlie") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_delta" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_delta") - } -} - -func TestApplyClaudeToolPrefix_WithToolReference(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"}],"messages":[{"role":"user","content":[{"type":"tool_reference","tool_name":"beta"},{"type":"tool_reference","tool_name":"proxy_gamma"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.tool_name").String(); got != "proxy_beta" { - t.Fatalf("messages.0.content.0.tool_name = %q, want %q", got, "proxy_beta") - } - if got := gjson.GetBytes(out, "messages.0.content.1.tool_name").String(); got != "proxy_gamma" { - t.Fatalf("messages.0.content.1.tool_name = %q, want %q", got, "proxy_gamma") - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinTools(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"},{"name":"my_custom_tool","input_schema":{"type":"object"}}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("built-in tool name should not be prefixed: tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_my_custom_tool" { - t.Fatalf("custom tool should be prefixed: tools.1.name = %q, want %q", got, "proxy_my_custom_tool") - } -} - -func TestApplyClaudeToolPrefix_BuiltinToolSkipped(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search", "max_uses": 5}, - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}}, - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Read" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_KnownBuiltinInHistoryOnly(t *testing.T) { - body := []byte(`{ - "tools": [ - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_CustomToolsPrefixed(t *testing.T) { - body := []byte(`{ - "tools": [{"name": "Read"}, {"name": "Write"}], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}}, - {"type": "tool_use", "name": "Write", "id": "w1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Write" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Write") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Write" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Write") - } -} - -func TestApplyClaudeToolPrefix_ToolChoiceBuiltin(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search"}, - {"name": "Read"} - ], - "tool_choice": {"type": "tool", "name": "web_search"} - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "web_search" { - t.Fatalf("tool_choice.name = %q, want %q", got, "web_search") - } -} - -func TestStripClaudeToolPrefixFromResponse(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_use","name":"proxy_alpha","id":"t1","input":{}},{"type":"tool_use","name":"bravo","id":"t2","input":{}}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.name").String(); got != "alpha" { - t.Fatalf("content.0.name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.name").String(); got != "bravo" { - t.Fatalf("content.1.name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromResponse_WithToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_reference","tool_name":"proxy_alpha"},{"type":"tool_reference","tool_name":"bravo"}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.tool_name").String(); got != "alpha" { - t.Fatalf("content.0.tool_name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.tool_name").String(); got != "bravo" { - t.Fatalf("content.1.tool_name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromStreamLine(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_use","name":"proxy_alpha","id":"t1"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.name").String(); got != "alpha" { - t.Fatalf("content_block.name = %q, want %q", got, "alpha") - } -} - -func TestStripClaudeToolPrefixFromStreamLine_WithToolReference(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_reference","tool_name":"proxy_beta"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.tool_name").String(); got != "beta" { - t.Fatalf("content_block.tool_name = %q, want %q", got, "beta") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReference(t *testing.T) { - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"mcp__nia__manage_resource"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "proxy_mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "proxy_mcp__nia__manage_resource") - } -} - -func TestClaudeExecutor_ReusesUserIDAcrossModelsWhenCacheEnabled(t *testing.T) { - resetUserIDCache() - - var userIDs []string - var requestModels []string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - userID := gjson.GetBytes(body, "metadata.user_id").String() - model := gjson.GetBytes(body, "model").String() - userIDs = append(userIDs, userID) - requestModels = append(requestModels, model) - t.Logf("HTTP Server received request: model=%s, user_id=%s, url=%s", model, userID, r.URL.String()) - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"msg_1","type":"message","model":"claude-3-5-sonnet","role":"assistant","content":[{"type":"text","text":"ok"}],"usage":{"input_tokens":1,"output_tokens":1}}`)) - })) - defer server.Close() - - t.Logf("End-to-end test: Fake HTTP server started at %s", server.URL) - - cacheEnabled := true - executor := NewClaudeExecutor(&config.Config{ - ClaudeKey: []config.ClaudeKey{ - { - APIKey: "key-123", - BaseURL: server.URL, - Cloak: &config.CloakConfig{ - CacheUserID: &cacheEnabled, - }, - }, - }, - }) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "api_key": "key-123", - "base_url": server.URL, - }} - - payload := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`) - models := []string{"claude-3-5-sonnet", "claude-3-5-haiku"} - for _, model := range models { - t.Logf("Sending request for model: %s", model) - modelPayload, _ := sjson.SetBytes(payload, "model", model) - if _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: model, - Payload: modelPayload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("claude"), - }); err != nil { - t.Fatalf("Execute(%s) error: %v", model, err) - } - } - - if len(userIDs) != 2 { - t.Fatalf("expected 2 requests, got %d", len(userIDs)) - } - if userIDs[0] == "" || userIDs[1] == "" { - t.Fatal("expected user_id to be populated") - } - t.Logf("user_id[0] (model=%s): %s", requestModels[0], userIDs[0]) - t.Logf("user_id[1] (model=%s): %s", requestModels[1], userIDs[1]) - if userIDs[0] != userIDs[1] { - t.Fatalf("expected user_id to be reused across models, got %q and %q", userIDs[0], userIDs[1]) - } - if !isValidUserID(userIDs[0]) { - t.Fatalf("user_id %q is not valid", userIDs[0]) - } - t.Logf("✓ End-to-end test passed: Same user_id (%s) was used for both models", userIDs[0]) -} - -func TestClaudeExecutor_GeneratesNewUserIDByDefault(t *testing.T) { - resetUserIDCache() - - var userIDs []string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - userIDs = append(userIDs, gjson.GetBytes(body, "metadata.user_id").String()) - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"msg_1","type":"message","model":"claude-3-5-sonnet","role":"assistant","content":[{"type":"text","text":"ok"}],"usage":{"input_tokens":1,"output_tokens":1}}`)) - })) - defer server.Close() - - executor := NewClaudeExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "api_key": "key-123", - "base_url": server.URL, - }} - - payload := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`) - - for i := 0; i < 2; i++ { - if _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "claude-3-5-sonnet", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("claude"), - }); err != nil { - t.Fatalf("Execute call %d error: %v", i, err) - } - } - - if len(userIDs) != 2 { - t.Fatalf("expected 2 requests, got %d", len(userIDs)) - } - if userIDs[0] == "" || userIDs[1] == "" { - t.Fatal("expected user_id to be populated") - } - if userIDs[0] == userIDs[1] { - t.Fatalf("expected user_id to change when caching is not enabled, got identical values %q", userIDs[0]) - } - if !isValidUserID(userIDs[0]) || !isValidUserID(userIDs[1]) { - t.Fatalf("user_ids should be valid, got %q and %q", userIDs[0], userIDs[1]) - } -} - -func TestStripClaudeToolPrefixFromResponse_NestedToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"proxy_mcp__nia__manage_resource"}]}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - got := gjson.GetBytes(out, "content.0.content.0.tool_name").String() - if got != "mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "mcp__nia__manage_resource") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReferenceWithStringContent(t *testing.T) { - // tool_result.content can be a string - should not be processed - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":"plain string result"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content").String() - if got != "plain string result" { - t.Fatalf("string content should remain unchanged = %q", got) - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinToolReference(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"}],"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"t1","content":[{"type":"tool_reference","tool_name":"web_search"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "web_search" { - t.Fatalf("built-in tool_reference should not be prefixed, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/cloak_obfuscate.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/cloak_obfuscate.go deleted file mode 100644 index 81781802ac..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/cloak_obfuscate.go +++ /dev/null @@ -1,176 +0,0 @@ -package executor - -import ( - "regexp" - "sort" - "strings" - "unicode/utf8" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// zeroWidthSpace is the Unicode zero-width space character used for obfuscation. -const zeroWidthSpace = "\u200B" - -// SensitiveWordMatcher holds the compiled regex for matching sensitive words. -type SensitiveWordMatcher struct { - regex *regexp.Regexp -} - -// buildSensitiveWordMatcher compiles a regex from the word list. -// Words are sorted by length (longest first) for proper matching. -func buildSensitiveWordMatcher(words []string) *SensitiveWordMatcher { - if len(words) == 0 { - return nil - } - - // Filter and normalize words - var validWords []string - for _, w := range words { - w = strings.TrimSpace(w) - if utf8.RuneCountInString(w) >= 2 && !strings.Contains(w, zeroWidthSpace) { - validWords = append(validWords, w) - } - } - - if len(validWords) == 0 { - return nil - } - - // Sort by length (longest first) for proper matching - sort.Slice(validWords, func(i, j int) bool { - return len(validWords[i]) > len(validWords[j]) - }) - - // Escape and join - escaped := make([]string, len(validWords)) - for i, w := range validWords { - escaped[i] = regexp.QuoteMeta(w) - } - - pattern := "(?i)" + strings.Join(escaped, "|") - re, err := regexp.Compile(pattern) - if err != nil { - return nil - } - - return &SensitiveWordMatcher{regex: re} -} - -// obfuscateWord inserts a zero-width space after the first grapheme. -func obfuscateWord(word string) string { - if strings.Contains(word, zeroWidthSpace) { - return word - } - - // Get first rune - r, size := utf8.DecodeRuneInString(word) - if r == utf8.RuneError || size >= len(word) { - return word - } - - return string(r) + zeroWidthSpace + word[size:] -} - -// obfuscateText replaces all sensitive words in the text. -func (m *SensitiveWordMatcher) obfuscateText(text string) string { - if m == nil || m.regex == nil { - return text - } - return m.regex.ReplaceAllStringFunc(text, obfuscateWord) -} - -// obfuscateSensitiveWords processes the payload and obfuscates sensitive words -// in system blocks and message content. -func obfuscateSensitiveWords(payload []byte, matcher *SensitiveWordMatcher) []byte { - if matcher == nil || matcher.regex == nil { - return payload - } - - // Obfuscate in system blocks - payload = obfuscateSystemBlocks(payload, matcher) - - // Obfuscate in messages - payload = obfuscateMessages(payload, matcher) - - return payload -} - -// obfuscateSystemBlocks obfuscates sensitive words in system blocks. -func obfuscateSystemBlocks(payload []byte, matcher *SensitiveWordMatcher) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - modified := false - system.ForEach(func(key, value gjson.Result) bool { - if value.Get("type").String() == "text" { - text := value.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := "system." + key.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - modified = true - } - } - return true - }) - if modified { - return payload - } - } else if system.Type == gjson.String { - text := system.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, "system", obfuscated) - } - } - - return payload -} - -// obfuscateMessages obfuscates sensitive words in message content. -func obfuscateMessages(payload []byte, matcher *SensitiveWordMatcher) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - messages.ForEach(func(msgKey, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() { - return true - } - - msgPath := "messages." + msgKey.String() - - if content.Type == gjson.String { - // Simple string content - text := content.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, msgPath+".content", obfuscated) - } - } else if content.IsArray() { - // Array of content blocks - content.ForEach(func(blockKey, block gjson.Result) bool { - if block.Get("type").String() == "text" { - text := block.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := msgPath + ".content." + blockKey.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - } - } - return true - }) - } - - return true - }) - - return payload -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/cloak_utils.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/cloak_utils.go deleted file mode 100644 index 560ff88067..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/cloak_utils.go +++ /dev/null @@ -1,47 +0,0 @@ -package executor - -import ( - "crypto/rand" - "encoding/hex" - "regexp" - "strings" - - "github.com/google/uuid" -) - -// userIDPattern matches Claude Code format: user_[64-hex]_account__session_[uuid-v4] -var userIDPattern = regexp.MustCompile(`^user_[a-fA-F0-9]{64}_account__session_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`) - -// generateFakeUserID generates a fake user ID in Claude Code format. -// Format: user_[64-hex-chars]_account__session_[UUID-v4] -func generateFakeUserID() string { - hexBytes := make([]byte, 32) - _, _ = rand.Read(hexBytes) - hexPart := hex.EncodeToString(hexBytes) - uuidPart := uuid.New().String() - return "user_" + hexPart + "_account__session_" + uuidPart -} - -// isValidUserID checks if a user ID matches Claude Code format. -func isValidUserID(userID string) bool { - return userIDPattern.MatchString(userID) -} - -// shouldCloak determines if request should be cloaked based on config and client User-Agent. -// Returns true if cloaking should be applied. -func shouldCloak(cloakMode string, userAgent string) bool { - switch strings.ToLower(cloakMode) { - case "always": - return true - case "never": - return false - default: // "auto" or empty - // If client is Claude Code, don't cloak - return !strings.HasPrefix(userAgent, "claude-cli") - } -} - -// isClaudeCodeClient checks if the User-Agent indicates a Claude Code client. -func isClaudeCodeClient(userAgent string) bool { - return strings.HasPrefix(userAgent, "claude-cli") -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/codex_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/codex_executor.go deleted file mode 100644 index 01de8f9707..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/codex_executor.go +++ /dev/null @@ -1,729 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - codexauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "github.com/tiktoken-go/tokenizer" - - "github.com/gin-gonic/gin" - "github.com/google/uuid" -) - -const ( - codexClientVersion = "0.101.0" - codexUserAgent = "codex_cli_rs/0.101.0 (Mac OS 26.0.1; arm64) Apple_Terminal/464" -) - -var dataTag = []byte("data:") - -// CodexExecutor is a stateless executor for Codex (OpenAI Responses API entrypoint). -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type CodexExecutor struct { - cfg *config.Config -} - -func NewCodexExecutor(cfg *config.Config) *CodexExecutor { return &CodexExecutor{cfg: cfg} } - -func (e *CodexExecutor) Identifier() string { return "codex" } - -// PrepareRequest injects Codex credentials into the outgoing HTTP request. -func (e *CodexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := codexCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Codex credentials into the request and executes it. -func (e *CodexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("codex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return e.executeCompact(ctx, auth, req, opts) - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - - line = bytes.TrimSpace(line[5:]) - if gjson.GetBytes(line, "type").String() != "response.completed" { - continue - } - - if detail, ok := parseCodexUsage(line); ok { - reporter.publish(ctx, detail) - } - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, line, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - err = statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"} - return resp, err -} - -func (e *CodexExecutor) executeCompact(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai-response") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.DeleteBytes(body, "stream") - - url := strings.TrimSuffix(baseURL, "/") + "/responses/compact" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - reporter.ensurePublished(ctx) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - body, _ = sjson.SetBytes(body, "model", baseModel) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return nil, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if gjson.GetBytes(data, "type").String() == "response.completed" { - if detail, ok := parseCodexUsage(data); ok { - reporter.publish(ctx, detail) - } - } - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, originalPayload, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *CodexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err := thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - body, _ = sjson.SetBytes(body, "stream", false) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - enc, err := tokenizerForCodexModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: tokenizer init failed: %w", err) - } - - count, err := countCodexInputTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: token counting failed: %w", err) - } - - usageJSON := fmt.Sprintf(`{"response":{"usage":{"input_tokens":%d,"output_tokens":0,"total_tokens":%d}}}`, count, count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, []byte(usageJSON)) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func tokenizerForCodexModel(model string) (tokenizer.Codec, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - switch { - case sanitized == "": - return tokenizer.Get(tokenizer.Cl100kBase) - case strings.HasPrefix(sanitized, "gpt-5"): - return tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - return tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - return tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - return tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - return tokenizer.ForModel(tokenizer.GPT35Turbo) - default: - return tokenizer.Get(tokenizer.Cl100kBase) - } -} - -func countCodexInputTokens(enc tokenizer.Codec, body []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(body) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(body) - var segments []string - - if inst := strings.TrimSpace(root.Get("instructions").String()); inst != "" { - segments = append(segments, inst) - } - - inputItems := root.Get("input") - if inputItems.IsArray() { - arr := inputItems.Array() - for i := range arr { - item := arr[i] - switch item.Get("type").String() { - case "message": - content := item.Get("content") - if content.IsArray() { - parts := content.Array() - for j := range parts { - part := parts[j] - if text := strings.TrimSpace(part.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - case "function_call": - if name := strings.TrimSpace(item.Get("name").String()); name != "" { - segments = append(segments, name) - } - if args := strings.TrimSpace(item.Get("arguments").String()); args != "" { - segments = append(segments, args) - } - case "function_call_output": - if out := strings.TrimSpace(item.Get("output").String()); out != "" { - segments = append(segments, out) - } - default: - if text := strings.TrimSpace(item.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - } - - tools := root.Get("tools") - if tools.IsArray() { - tarr := tools.Array() - for i := range tarr { - tool := tarr[i] - if name := strings.TrimSpace(tool.Get("name").String()); name != "" { - segments = append(segments, name) - } - if desc := strings.TrimSpace(tool.Get("description").String()); desc != "" { - segments = append(segments, desc) - } - if params := tool.Get("parameters"); params.Exists() { - val := params.Raw - if params.Type == gjson.String { - val = params.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - } - - textFormat := root.Get("text.format") - if textFormat.Exists() { - if name := strings.TrimSpace(textFormat.Get("name").String()); name != "" { - segments = append(segments, name) - } - if schema := textFormat.Get("schema"); schema.Exists() { - val := schema.Raw - if schema.Type == gjson.String { - val = schema.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - - text := strings.Join(segments, "\n") - if text == "" { - return 0, nil - } - - count, err := enc.Count(text) - if err != nil { - return 0, err - } - return int64(count), nil -} - -func (e *CodexExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("codex executor: refresh called") - if auth == nil { - return nil, statusErr{code: 500, msg: "codex executor: auth is nil"} - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := codexauth.NewCodexAuth(e.cfg) - td, err := svc.RefreshTokensWithRetry(ctx, refreshToken, 3) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["id_token"] = td.IDToken - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.AccountID != "" { - auth.Metadata["account_id"] = td.AccountID - } - auth.Metadata["email"] = td.Email - // Use unified key in files - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "codex" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func (e *CodexExecutor) cacheHelper(ctx context.Context, from sdktranslator.Format, url string, req cliproxyexecutor.Request, rawJSON []byte) (*http.Request, error) { - var cache codexCache - if from == "claude" { - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - var ok bool - if cache, ok = getCodexCache(key); !ok { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - } else if from == "openai-response" { - promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key") - if promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - } - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(rawJSON)) - if err != nil { - return nil, err - } - if cache.ID != "" { - httpReq.Header.Set("Conversation_id", cache.ID) - httpReq.Header.Set("Session_id", cache.ID) - } - return httpReq, nil -} - -func applyCodexHeaders(r *http.Request, auth *cliproxyauth.Auth, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "Version", codexClientVersion) - misc.EnsureHeader(r.Header, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", codexUserAgent) - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - r.Header.Set("Connection", "Keep-Alive") - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - r.Header.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - r.Header.Set("Chatgpt-Account-Id", accountID) - } - } - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func codexCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func (e *CodexExecutor) resolveCodexConfig(auth *cliproxyauth.Auth) *config.CodexKey { - if auth == nil || e.cfg == nil { - return nil - } - var attrKey, attrBase string - if auth.Attributes != nil { - attrKey = strings.TrimSpace(auth.Attributes["api_key"]) - attrBase = strings.TrimSpace(auth.Attributes["base_url"]) - } - for i := range e.cfg.CodexKey { - entry := &e.cfg.CodexKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - if attrKey != "" && attrBase != "" { - if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) { - return entry - } - continue - } - if attrKey != "" && strings.EqualFold(cfgKey, attrKey) { - if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey != "" { - for i := range e.cfg.CodexKey { - entry := &e.cfg.CodexKey[i] - if strings.EqualFold(strings.TrimSpace(entry.APIKey), attrKey) { - return entry - } - } - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/codex_websockets_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/codex_websockets_executor.go deleted file mode 100644 index 7c887221b9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/codex_websockets_executor.go +++ /dev/null @@ -1,1408 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements a Codex executor that uses the Responses API WebSocket transport. -package executor - -import ( - "bytes" - "context" - "fmt" - "io" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/gorilla/websocket" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/net/proxy" -) - -const ( - codexResponsesWebsocketBetaHeaderValue = "responses_websockets=2026-02-04" - codexResponsesWebsocketIdleTimeout = 5 * time.Minute - codexResponsesWebsocketHandshakeTO = 30 * time.Second -) - -// CodexWebsocketsExecutor executes Codex Responses requests using a WebSocket transport. -// -// It preserves the existing CodexExecutor HTTP implementation as a fallback for endpoints -// not available over WebSocket (e.g. /responses/compact) and for websocket upgrade failures. -type CodexWebsocketsExecutor struct { - *CodexExecutor - - sessMu sync.Mutex - sessions map[string]*codexWebsocketSession -} - -type codexWebsocketSession struct { - sessionID string - - reqMu sync.Mutex - - connMu sync.Mutex - conn *websocket.Conn - wsURL string - authID string - - // connCreateSent tracks whether a `response.create` message has been successfully sent - // on the current websocket connection. The upstream expects the first message on each - // connection to be `response.create`. - connCreateSent bool - - writeMu sync.Mutex - - activeMu sync.Mutex - activeCh chan codexWebsocketRead - activeDone <-chan struct{} - activeCancel context.CancelFunc - - readerConn *websocket.Conn -} - -func NewCodexWebsocketsExecutor(cfg *config.Config) *CodexWebsocketsExecutor { - return &CodexWebsocketsExecutor{ - CodexExecutor: NewCodexExecutor(cfg), - sessions: make(map[string]*codexWebsocketSession), - } -} - -type codexWebsocketRead struct { - conn *websocket.Conn - msgType int - payload []byte - err error -} - -func (s *codexWebsocketSession) setActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCancel != nil { - s.activeCancel() - s.activeCancel = nil - s.activeDone = nil - } - s.activeCh = ch - if ch != nil { - activeCtx, activeCancel := context.WithCancel(context.Background()) - s.activeDone = activeCtx.Done() - s.activeCancel = activeCancel - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) clearActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCh == ch { - s.activeCh = nil - if s.activeCancel != nil { - s.activeCancel() - } - s.activeCancel = nil - s.activeDone = nil - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) writeMessage(conn *websocket.Conn, msgType int, payload []byte) error { - if s == nil { - return fmt.Errorf("codex websockets executor: session is nil") - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - s.writeMu.Lock() - defer s.writeMu.Unlock() - return conn.WriteMessage(msgType, payload) -} - -func (s *codexWebsocketSession) configureConn(conn *websocket.Conn) { - if s == nil || conn == nil { - return - } - conn.SetPingHandler(func(appData string) error { - s.writeMu.Lock() - defer s.writeMu.Unlock() - // Reply pongs from the same write lock to avoid concurrent writes. - return conn.WriteControl(websocket.PongMessage, []byte(appData), time.Now().Add(10*time.Second)) - }) -} - -func (e *CodexWebsocketsExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return e.CodexExecutor.executeCompact(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return resp, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - defer sess.reqMu.Unlock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if respHS != nil { - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.Execute(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return resp, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - return resp, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - defer func() { - reason := "completed" - if err != nil { - reason = "error" - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - defer sess.clearActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a fresh websocket connection. This is mainly to handle - // upstream closing the socket between sequential requests within the same - // execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry == nil && connRetry != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry == nil { - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - recordAPIResponseError(ctx, e.cfg, errSendRetry) - return resp, errSendRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - return resp, errDialRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errSend) - return resp, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - for { - if ctx != nil && ctx.Err() != nil { - return resp, ctx.Err() - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - recordAPIResponseError(ctx, e.cfg, wsErr) - return resp, wsErr - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - } -} - -func (e *CodexWebsocketsExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - log.Debugf("Executing Codex Websockets stream request with auth ID: %s, model: %s", auth.ID, req.Model) - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := req.Payload - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, body, requestedModel) - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return nil, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - var upstreamHeaders http.Header - if respHS != nil { - upstreamHeaders = respHS.Header.Clone() - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.ExecuteStream(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return nil, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - if sess != nil { - sess.reqMu.Unlock() - } - return nil, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - recordAPIResponseError(ctx, e.cfg, errSend) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a new websocket connection for the same execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry != nil || connRetry == nil { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errDialRetry - } - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry != nil { - recordAPIResponseError(ctx, e.cfg, errSendRetry) - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errSendRetry - } - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, "send_error", errSend) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return nil, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - terminateReason := "completed" - var terminateErr error - - defer close(out) - defer func() { - if sess != nil { - sess.clearActive(readCh) - sess.reqMu.Unlock() - return - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, terminateReason, terminateErr) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - - send := func(chunk cliproxyexecutor.StreamChunk) bool { - if ctx == nil { - out <- chunk - return true - } - select { - case out <- chunk: - return true - case <-ctx.Done(): - return false - } - } - - var param any - for { - if ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - if sess != nil && ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - terminateReason = "read_error" - terminateErr = errRead - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - _ = send(cliproxyexecutor.StreamChunk{Err: errRead}) - return - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - terminateReason = "unexpected_binary" - terminateErr = err - recordAPIResponseError(ctx, e.cfg, err) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - _ = send(cliproxyexecutor.StreamChunk{Err: err}) - return - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - terminateReason = "upstream_error" - terminateErr = wsErr - recordAPIResponseError(ctx, e.cfg, wsErr) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - _ = send(cliproxyexecutor.StreamChunk{Err: wsErr}) - return - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" || eventType == "response.done" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - } - - line := encodeCodexWebsocketAsSSE(payload) - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, body, body, line, ¶m) - for i := range chunks { - if !send(cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}) { - terminateReason = "context_done" - terminateErr = ctx.Err() - return - } - } - if eventType == "response.completed" || eventType == "response.done" { - return - } - } - }() - - return &cliproxyexecutor.StreamResult{Headers: upstreamHeaders, Chunks: out}, nil -} - -func (e *CodexWebsocketsExecutor) dialCodexWebsocket(ctx context.Context, auth *cliproxyauth.Auth, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - dialer := newProxyAwareWebsocketDialer(e.cfg, auth) - dialer.HandshakeTimeout = codexResponsesWebsocketHandshakeTO - dialer.EnableCompression = true - if ctx == nil { - ctx = context.Background() - } - conn, resp, err := dialer.DialContext(ctx, wsURL, headers) - if conn != nil { - // Avoid gorilla/websocket flate tail validation issues on some upstreams/Go versions. - // Negotiating permessage-deflate is fine; we just don't compress outbound messages. - conn.EnableWriteCompression(false) - } - return conn, resp, err -} - -func writeCodexWebsocketMessage(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) error { - if sess != nil { - return sess.writeMessage(conn, websocket.TextMessage, payload) - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - return conn.WriteMessage(websocket.TextMessage, payload) -} - -func buildCodexWebsocketRequestBody(body []byte, allowAppend bool) []byte { - if len(body) == 0 { - return nil - } - - // Codex CLI websocket v2 uses `response.create` with `previous_response_id` for incremental turns. - // The upstream ChatGPT Codex websocket currently rejects that with close 1008 (policy violation). - // Fall back to v1 `response.append` semantics on the same websocket connection to keep the session alive. - // - // NOTE: The upstream expects the first websocket event on each connection to be `response.create`, - // so we only use `response.append` after we have initialized the current connection. - if allowAppend { - if prev := strings.TrimSpace(gjson.GetBytes(body, "previous_response_id").String()); prev != "" { - inputNode := gjson.GetBytes(body, "input") - wsReqBody := []byte(`{}`) - wsReqBody, _ = sjson.SetBytes(wsReqBody, "type", "response.append") - if inputNode.Exists() && inputNode.IsArray() && strings.TrimSpace(inputNode.Raw) != "" { - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte(inputNode.Raw)) - return wsReqBody - } - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte("[]")) - return wsReqBody - } - } - - wsReqBody, errSet := sjson.SetBytes(bytes.Clone(body), "type", "response.create") - if errSet == nil && len(wsReqBody) > 0 { - return wsReqBody - } - fallback := bytes.Clone(body) - fallback, _ = sjson.SetBytes(fallback, "type", "response.create") - return fallback -} - -func readCodexWebsocketMessage(ctx context.Context, sess *codexWebsocketSession, conn *websocket.Conn, readCh chan codexWebsocketRead) (int, []byte, error) { - if sess == nil { - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - return msgType, payload, errRead - } - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - if readCh == nil { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel is nil") - } - for { - select { - case <-ctx.Done(): - return 0, nil, ctx.Err() - case ev, ok := <-readCh: - if !ok { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel closed") - } - if ev.conn != conn { - continue - } - if ev.err != nil { - return 0, nil, ev.err - } - return ev.msgType, ev.payload, nil - } - } -} - -func markCodexWebsocketCreateSent(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) { - if sess == nil || conn == nil || len(payload) == 0 { - return - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "response.create" { - return - } - - sess.connMu.Lock() - if sess.conn == conn { - sess.connCreateSent = true - } - sess.connMu.Unlock() -} - -func newProxyAwareWebsocketDialer(cfg *config.Config, auth *cliproxyauth.Auth) *websocket.Dialer { - dialer := &websocket.Dialer{ - Proxy: http.ProxyFromEnvironment, - HandshakeTimeout: codexResponsesWebsocketHandshakeTO, - EnableCompression: true, - NetDialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).DialContext, - } - - proxyURL := "" - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - if proxyURL == "" { - return dialer - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("codex websockets executor: parse proxy URL failed: %v", errParse) - return dialer - } - - switch parsedURL.Scheme { - case "socks5": - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - socksDialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("codex websockets executor: create SOCKS5 dialer failed: %v", errSOCKS5) - return dialer - } - dialer.Proxy = nil - dialer.NetDialContext = func(_ context.Context, network, addr string) (net.Conn, error) { - return socksDialer.Dial(network, addr) - } - case "http", "https": - dialer.Proxy = http.ProxyURL(parsedURL) - default: - log.Errorf("codex websockets executor: unsupported proxy scheme: %s", parsedURL.Scheme) - } - - return dialer -} - -func buildCodexResponsesWebsocketURL(httpURL string) (string, error) { - parsed, err := url.Parse(strings.TrimSpace(httpURL)) - if err != nil { - return "", err - } - switch strings.ToLower(parsed.Scheme) { - case "http": - parsed.Scheme = "ws" - case "https": - parsed.Scheme = "wss" - } - return parsed.String(), nil -} - -func applyCodexPromptCacheHeaders(from sdktranslator.Format, req cliproxyexecutor.Request, rawJSON []byte) ([]byte, http.Header) { - headers := http.Header{} - if len(rawJSON) == 0 { - return rawJSON, headers - } - - var cache codexCache - if from == "claude" { - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - if cached, ok := getCodexCache(key); ok { - cache = cached - } else { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - } else if from == "openai-response" { - if promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key"); promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - headers.Set("Conversation_id", cache.ID) - headers.Set("Session_id", cache.ID) - } - - return rawJSON, headers -} - -func applyCodexWebsocketHeaders(ctx context.Context, headers http.Header, auth *cliproxyauth.Auth, token string) http.Header { - if headers == nil { - headers = http.Header{} - } - if strings.TrimSpace(token) != "" { - headers.Set("Authorization", "Bearer "+token) - } - - var ginHeaders http.Header - if ginCtx := ginContextFrom(ctx); ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(headers, ginHeaders, "x-codex-beta-features", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-state", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-metadata", "") - misc.EnsureHeader(headers, ginHeaders, "x-responsesapi-include-timing-metrics", "") - - misc.EnsureHeader(headers, ginHeaders, "Version", codexClientVersion) - betaHeader := strings.TrimSpace(headers.Get("OpenAI-Beta")) - if betaHeader == "" && ginHeaders != nil { - betaHeader = strings.TrimSpace(ginHeaders.Get("OpenAI-Beta")) - } - if betaHeader == "" || !strings.Contains(betaHeader, "responses_websockets=") { - betaHeader = codexResponsesWebsocketBetaHeaderValue - } - headers.Set("OpenAI-Beta", betaHeader) - misc.EnsureHeader(headers, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(headers, ginHeaders, "User-Agent", codexUserAgent) - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - headers.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - if trimmed := strings.TrimSpace(accountID); trimmed != "" { - headers.Set("Chatgpt-Account-Id", trimmed) - } - } - } - } - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(&http.Request{Header: headers}, attrs) - - return headers -} - -type statusErrWithHeaders struct { - statusErr - headers http.Header -} - -func (e statusErrWithHeaders) Headers() http.Header { - if e.headers == nil { - return nil - } - return e.headers.Clone() -} - -func parseCodexWebsocketError(payload []byte) (error, bool) { - if len(payload) == 0 { - return nil, false - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "error" { - return nil, false - } - status := int(gjson.GetBytes(payload, "status").Int()) - if status == 0 { - status = int(gjson.GetBytes(payload, "status_code").Int()) - } - if status <= 0 { - return nil, false - } - - out := []byte(`{}`) - if errNode := gjson.GetBytes(payload, "error"); errNode.Exists() { - raw := errNode.Raw - if errNode.Type == gjson.String { - raw = errNode.Raw - } - out, _ = sjson.SetRawBytes(out, "error", []byte(raw)) - } else { - out, _ = sjson.SetBytes(out, "error.type", "server_error") - out, _ = sjson.SetBytes(out, "error.message", http.StatusText(status)) - } - - headers := parseCodexWebsocketErrorHeaders(payload) - return statusErrWithHeaders{ - statusErr: statusErr{code: status, msg: string(out)}, - headers: headers, - }, true -} - -func parseCodexWebsocketErrorHeaders(payload []byte) http.Header { - headersNode := gjson.GetBytes(payload, "headers") - if !headersNode.Exists() || !headersNode.IsObject() { - return nil - } - mapped := make(http.Header) - headersNode.ForEach(func(key, value gjson.Result) bool { - name := strings.TrimSpace(key.String()) - if name == "" { - return true - } - switch value.Type { - case gjson.String: - if v := strings.TrimSpace(value.String()); v != "" { - mapped.Set(name, v) - } - case gjson.Number, gjson.True, gjson.False: - if v := strings.TrimSpace(value.Raw); v != "" { - mapped.Set(name, v) - } - default: - } - return true - }) - if len(mapped) == 0 { - return nil - } - return mapped -} - -func normalizeCodexWebsocketCompletion(payload []byte) []byte { - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) == "response.done" { - updated, err := sjson.SetBytes(payload, "type", "response.completed") - if err == nil && len(updated) > 0 { - return updated - } - } - return payload -} - -func encodeCodexWebsocketAsSSE(payload []byte) []byte { - if len(payload) == 0 { - return nil - } - line := make([]byte, 0, len("data: ")+len(payload)) - line = append(line, []byte("data: ")...) - line = append(line, payload...) - return line -} - -func websocketHandshakeBody(resp *http.Response) []byte { - if resp == nil || resp.Body == nil { - return nil - } - body, _ := io.ReadAll(resp.Body) - closeHTTPResponseBody(resp, "codex websockets executor: close handshake response body error") - if len(body) == 0 { - return nil - } - return body -} - -func closeHTTPResponseBody(resp *http.Response, logPrefix string) { - if resp == nil || resp.Body == nil { - return - } - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("%s: %v", logPrefix, errClose) - } -} - -func closeOnContextDone(ctx context.Context, conn *websocket.Conn) chan struct{} { - done := make(chan struct{}) - if ctx == nil || conn == nil { - return done - } - go func() { - select { - case <-done: - case <-ctx.Done(): - _ = conn.Close() - } - }() - return done -} - -func cancelReadOnContextDone(ctx context.Context, conn *websocket.Conn) chan struct{} { - done := make(chan struct{}) - if ctx == nil || conn == nil { - return done - } - go func() { - select { - case <-done: - case <-ctx.Done(): - _ = conn.SetReadDeadline(time.Now()) - } - }() - return done -} - -func executionSessionIDFromOptions(opts cliproxyexecutor.Options) string { - if len(opts.Metadata) == 0 { - return "" - } - raw, ok := opts.Metadata[cliproxyexecutor.ExecutionSessionMetadataKey] - if !ok || raw == nil { - return "" - } - switch v := raw.(type) { - case string: - return strings.TrimSpace(v) - case []byte: - return strings.TrimSpace(string(v)) - default: - return "" - } -} - -func (e *CodexWebsocketsExecutor) getOrCreateSession(sessionID string) *codexWebsocketSession { - sessionID = strings.TrimSpace(sessionID) - if sessionID == "" { - return nil - } - e.sessMu.Lock() - defer e.sessMu.Unlock() - if e.sessions == nil { - e.sessions = make(map[string]*codexWebsocketSession) - } - if sess, ok := e.sessions[sessionID]; ok && sess != nil { - return sess - } - sess := &codexWebsocketSession{sessionID: sessionID} - e.sessions[sessionID] = sess - return sess -} - -func (e *CodexWebsocketsExecutor) ensureUpstreamConn(ctx context.Context, auth *cliproxyauth.Auth, sess *codexWebsocketSession, authID string, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - if sess == nil { - return e.dialCodexWebsocket(ctx, auth, wsURL, headers) - } - - sess.connMu.Lock() - conn := sess.conn - readerConn := sess.readerConn - sess.connMu.Unlock() - if conn != nil { - if readerConn != conn { - sess.connMu.Lock() - sess.readerConn = conn - sess.connMu.Unlock() - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - } - return conn, nil, nil - } - - conn, resp, errDial := e.dialCodexWebsocket(ctx, auth, wsURL, headers) - if errDial != nil { - return nil, resp, errDial - } - - sess.connMu.Lock() - if sess.conn != nil { - previous := sess.conn - sess.connMu.Unlock() - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return previous, nil, nil - } - sess.conn = conn - sess.wsURL = wsURL - sess.authID = authID - sess.connCreateSent = false - sess.readerConn = conn - sess.connMu.Unlock() - - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - logCodexWebsocketConnected(sess.sessionID, authID, wsURL) - return conn, resp, nil -} - -func (e *CodexWebsocketsExecutor) readUpstreamLoop(sess *codexWebsocketSession, conn *websocket.Conn) { - if e == nil || sess == nil || conn == nil { - return - } - for { - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - if errRead != nil { - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errRead}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "upstream_disconnected", errRead) - return - } - - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - errBinary := fmt.Errorf("codex websockets executor: unexpected binary message") - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errBinary}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", errBinary) - return - } - continue - } - - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch == nil { - continue - } - select { - case ch <- codexWebsocketRead{conn: conn, msgType: msgType, payload: payload}: - case <-done: - } - } -} - -func (e *CodexWebsocketsExecutor) invalidateUpstreamConn(sess *codexWebsocketSession, conn *websocket.Conn, reason string, err error) { - if sess == nil || conn == nil { - return - } - - sess.connMu.Lock() - current := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sessionID := sess.sessionID - if current == nil || current != conn { - sess.connMu.Unlock() - return - } - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sess.connMu.Unlock() - - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func (e *CodexWebsocketsExecutor) CloseExecutionSession(sessionID string) { - sessionID = strings.TrimSpace(sessionID) - if e == nil { - return - } - if sessionID == "" { - return - } - if sessionID == cliproxyauth.CloseAllExecutionSessionsID { - e.closeAllExecutionSessions("executor_replaced") - return - } - - e.sessMu.Lock() - sess := e.sessions[sessionID] - delete(e.sessions, sessionID) - e.sessMu.Unlock() - - e.closeExecutionSession(sess, "session_closed") -} - -func (e *CodexWebsocketsExecutor) closeAllExecutionSessions(reason string) { - if e == nil { - return - } - - e.sessMu.Lock() - sessions := make([]*codexWebsocketSession, 0, len(e.sessions)) - for sessionID, sess := range e.sessions { - delete(e.sessions, sessionID) - if sess != nil { - sessions = append(sessions, sess) - } - } - e.sessMu.Unlock() - - for i := range sessions { - e.closeExecutionSession(sessions[i], reason) - } -} - -func (e *CodexWebsocketsExecutor) closeExecutionSession(sess *codexWebsocketSession, reason string) { - if sess == nil { - return - } - reason = strings.TrimSpace(reason) - if reason == "" { - reason = "session_closed" - } - - sess.connMu.Lock() - conn := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sessionID := sess.sessionID - sess.connMu.Unlock() - - if conn == nil { - return - } - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, nil) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func logCodexWebsocketConnected(sessionID string, authID string, wsURL string) { - log.Infof("codex websockets: upstream connected session=%s auth=%s url=%s", strings.TrimSpace(sessionID), strings.TrimSpace(authID), strings.TrimSpace(wsURL)) -} - -func logCodexWebsocketDisconnected(sessionID string, authID string, wsURL string, reason string, err error) { - if err != nil { - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s err=%v", strings.TrimSpace(sessionID), strings.TrimSpace(authID), strings.TrimSpace(wsURL), strings.TrimSpace(reason), err) - return - } - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s", strings.TrimSpace(sessionID), strings.TrimSpace(authID), strings.TrimSpace(wsURL), strings.TrimSpace(reason)) -} - -// CodexAutoExecutor routes Codex requests to the websocket transport only when: -// 1. The downstream transport is websocket, and -// 2. The selected auth enables websockets. -// -// For non-websocket downstream requests, it always uses the legacy HTTP implementation. -type CodexAutoExecutor struct { - httpExec *CodexExecutor - wsExec *CodexWebsocketsExecutor -} - -func NewCodexAutoExecutor(cfg *config.Config) *CodexAutoExecutor { - return &CodexAutoExecutor{ - httpExec: NewCodexExecutor(cfg), - wsExec: NewCodexWebsocketsExecutor(cfg), - } -} - -func (e *CodexAutoExecutor) Identifier() string { return "codex" } - -func (e *CodexAutoExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if e == nil || e.httpExec == nil { - return nil - } - return e.httpExec.PrepareRequest(req, auth) -} - -func (e *CodexAutoExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.HttpRequest(ctx, auth, req) -} - -func (e *CodexAutoExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.Execute(ctx, auth, req, opts) - } - return e.httpExec.Execute(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return nil, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.ExecuteStream(ctx, auth, req, opts) - } - return e.httpExec.ExecuteStream(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.Refresh(ctx, auth) -} - -func (e *CodexAutoExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.CountTokens(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) CloseExecutionSession(sessionID string) { - if e == nil || e.wsExec == nil { - return - } - e.wsExec.CloseExecutionSession(sessionID) -} - -func codexWebsocketsEnabled(auth *cliproxyauth.Auth) bool { - if auth == nil { - return false - } - if len(auth.Attributes) > 0 { - if raw := strings.TrimSpace(auth.Attributes["websockets"]); raw != "" { - parsed, errParse := strconv.ParseBool(raw) - if errParse == nil { - return parsed - } - } - } - if len(auth.Metadata) == 0 { - return false - } - raw, ok := auth.Metadata["websockets"] - if !ok || raw == nil { - return false - } - switch v := raw.(type) { - case bool: - return v - case string: - parsed, errParse := strconv.ParseBool(strings.TrimSpace(v)) - if errParse == nil { - return parsed - } - default: - } - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_cli_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_cli_executor.go deleted file mode 100644 index cb3ffb5969..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_cli_executor.go +++ /dev/null @@ -1,907 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Gemini CLI executor that talks to Cloud Code Assist endpoints -// using OAuth credentials from auth metadata. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "regexp" - "strconv" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/geminicli" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - codeAssistEndpoint = "https://cloudcode-pa.googleapis.com" - codeAssistVersion = "v1internal" - geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - geminiOAuthClientSecret = "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" -) - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// GeminiCLIExecutor talks to the Cloud Code Assist endpoint using OAuth credentials from auth metadata. -type GeminiCLIExecutor struct { - cfg *config.Config -} - -// NewGeminiCLIExecutor creates a new Gemini CLI executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiCLIExecutor: A new Gemini CLI executor instance -func NewGeminiCLIExecutor(cfg *config.Config) *GeminiCLIExecutor { - return &GeminiCLIExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiCLIExecutor) Identifier() string { return "gemini-cli" } - -// PrepareRequest injects Gemini CLI credentials into the outgoing HTTP request. -func (e *GeminiCLIExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - tokenSource, _, errSource := prepareGeminiCLITokenSource(req.Context(), e.cfg, auth) - if errSource != nil { - return errSource - } - tok, errTok := tokenSource.Token() - if errTok != nil { - return errTok - } - if strings.TrimSpace(tok.AccessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(req) - return nil -} - -// HttpRequest injects Gemini CLI credentials into the request and executes it. -func (e *GeminiCLIExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini-cli executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return resp, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - basePayload, err = thinking.ApplyThinking(basePayload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - projectID := resolveGeminiProjectID(auth) - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - if action == "countTokens" { - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - } else { - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - } - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return resp, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", codeAssistEndpoint, codeAssistVersion, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return resp, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return resp, err - } - - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(respCtx, to, from, attemptModel, opts.OriginalRequest, payload, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debugf("gemini cli executor: rate limited, retrying with next model: %s", models[idx+1]) - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - - err = newGeminiStatusErr(httpResp.StatusCode, data) - return resp, err - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return resp, err -} - -// ExecuteStream performs a streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return nil, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - basePayload, err = thinking.ApplyThinking(basePayload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - projectID := resolveGeminiProjectID(auth) - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return nil, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", codeAssistEndpoint, codeAssistVersion, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return nil, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "text/event-stream") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debugf("gemini cli executor: rate limited, retrying with next model: %s", models[idx+1]) - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - err = newGeminiStatusErr(httpResp.StatusCode, data) - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response, reqBody []byte, attemptModel string) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - }() - if opts.Alt == "" { - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiCLIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if bytes.HasPrefix(line, dataTag) { - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, bytes.Clone(line), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - } - } - - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - data, errRead := io.ReadAll(resp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errRead} - return - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, data, ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - - segments = sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - }(httpResp, append([]byte(nil), payload...), attemptModel) - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return nil, err -} - -// CountTokens counts tokens for the given request using the Gemini CLI API. -func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - - // The loop variable attemptModel is only used as the concrete model id sent to the upstream - // Gemini CLI endpoint when iterating fallback variants. - for range models { - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - payload, err = thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - payload = fixGeminiCLIImageAspectRatio(baseModel, payload) - - tok, errTok := tokenSource.Token() - if errTok != nil { - return cliproxyexecutor.Response{}, errTok - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", codeAssistEndpoint, codeAssistVersion, "countTokens") - if opts.Alt != "" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - resp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - data, errRead := io.ReadAll(resp.Body) - _ = resp.Body.Close() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode >= 200 && resp.StatusCode < 300 { - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil - } - lastStatus = resp.StatusCode - lastBody = append([]byte(nil), data...) - if resp.StatusCode == 429 { - log.Debugf("gemini cli executor: rate limited, retrying with next model") - continue - } - break - } - - if lastStatus == 0 { - lastStatus = 429 - } - return cliproxyexecutor.Response{}, newGeminiStatusErr(lastStatus, lastBody) -} - -// Refresh refreshes the authentication credentials (no-op for Gemini CLI). -func (e *GeminiCLIExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func prepareGeminiCLITokenSource(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth) (oauth2.TokenSource, map[string]any, error) { - metadata := geminiOAuthMetadata(auth) - if auth == nil || metadata == nil { - return nil, nil, fmt.Errorf("gemini-cli auth metadata missing") - } - - var base map[string]any - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } else { - base = make(map[string]any) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, err := json.Marshal(base); err == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, err := time.Parse(time.RFC3339, expiry); err == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - } - - src := conf.TokenSource(ctxToken, &token) - currentToken, err := src.Token() - if err != nil { - return nil, nil, err - } - updateGeminiCLITokenMetadata(auth, base, currentToken) - return oauth2.ReuseTokenSource(currentToken, src), base, nil -} - -func updateGeminiCLITokenMetadata(auth *cliproxyauth.Auth, base map[string]any, tok *oauth2.Token) { - if auth == nil || tok == nil { - return - } - merged := buildGeminiTokenMap(base, tok) - fields := buildGeminiTokenFields(tok, merged) - shared := geminicli.ResolveSharedCredential(auth.Runtime) - if shared != nil { - snapshot := shared.MergeMetadata(fields) - if !geminicli.IsVirtual(auth.Runtime) { - auth.Metadata = snapshot - } - return - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } -} - -func buildGeminiTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if raw, err := json.Marshal(tok); err == nil { - var tokenMap map[string]any - if err = json.Unmarshal(raw, &tokenMap); err == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildGeminiTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func resolveGeminiProjectID(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if runtime := auth.Runtime; runtime != nil { - if virtual, ok := runtime.(*geminicli.VirtualCredential); ok && virtual != nil { - return strings.TrimSpace(virtual.ProjectID) - } - } - return strings.TrimSpace(stringValue(auth.Metadata, "project_id")) -} - -func geminiOAuthMetadata(auth *cliproxyauth.Auth) map[string]any { - if auth == nil { - return nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if snapshot := shared.MetadataSnapshot(); len(snapshot) > 0 { - return snapshot - } - } - return auth.Metadata -} - -func newHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) -} - -func cloneMap(in map[string]any) map[string]any { - if in == nil { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func stringValue(m map[string]any, key string) string { - if m == nil { - return "" - } - if v, ok := m[key]; ok { - switch typed := v.(type) { - case string: - return typed - case fmt.Stringer: - return typed.String() - } - } - return "" -} - -// applyGeminiCLIHeaders sets required headers for the Gemini CLI upstream. -func applyGeminiCLIHeaders(r *http.Request) { - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", "google-api-nodejs-client/9.15.1") - misc.EnsureHeader(r.Header, ginHeaders, "X-Goog-Api-Client", "gl-node/22.17.0") - misc.EnsureHeader(r.Header, ginHeaders, "Client-Metadata", geminiCLIClientMetadata()) -} - -// geminiCLIClientMetadata returns a compact metadata string required by upstream. -func geminiCLIClientMetadata() string { - // Keep parity with CLI client defaults - return "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -} - -// cliPreviewFallbackOrder returns preview model candidates for a base model. -func cliPreviewFallbackOrder(model string) []string { - switch model { - case "gemini-2.5-pro": - return []string{ - // "gemini-2.5-pro-preview-05-06", - // "gemini-2.5-pro-preview-06-05", - } - case "gemini-2.5-flash": - return []string{ - // "gemini-2.5-flash-preview-04-17", - // "gemini-2.5-flash-preview-05-20", - } - case "gemini-2.5-flash-lite": - return []string{ - // "gemini-2.5-flash-lite-preview-06-17", - } - default: - return nil - } -} - -// setJSONField sets a top-level JSON field on a byte slice payload via sjson. -func setJSONField(body []byte, key, value string) []byte { - if key == "" { - return body - } - updated, err := sjson.SetBytes(body, key, value) - if err != nil { - return body - } - return updated -} - -// deleteJSONField removes a top-level key if present (best-effort) via sjson. -func deleteJSONField(body []byte, key string) []byte { - if key == "" || len(body) == 0 { - return body - } - updated, err := sjson.DeleteBytes(body, key) - if err != nil { - return body - } - return updated -} - -func fixGeminiCLIImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "request.generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "request.contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "request.generationConfig.imageConfig") - } - } - return rawJSON -} - -func newGeminiStatusErr(statusCode int, body []byte) statusErr { - err := statusErr{code: statusCode, msg: string(body)} - if statusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(body); parseErr == nil && retryAfter != nil { - err.retryAfter = retryAfter - } - } - return err -} - -// parseRetryDelay extracts the retry delay from a Google API 429 error response. -// The error response contains a RetryInfo.retryDelay field in the format "0.847655010s". -// Returns the parsed duration or an error if it cannot be determined. -func parseRetryDelay(errorBody []byte) (*time.Duration, error) { - // Try to parse the retryDelay from the error response - // Format: error.details[].retryDelay where @type == "type.googleapis.com/google.rpc.RetryInfo" - details := gjson.GetBytes(errorBody, "error.details") - if details.Exists() && details.IsArray() { - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.RetryInfo" { - retryDelay := detail.Get("retryDelay").String() - if retryDelay != "" { - // Parse duration string like "0.847655010s" - duration, err := time.ParseDuration(retryDelay) - if err != nil { - return nil, fmt.Errorf("failed to parse duration") - } - return &duration, nil - } - } - } - - // Fallback: try ErrorInfo.metadata.quotaResetDelay (e.g., "373.801628ms") - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.ErrorInfo" { - quotaResetDelay := detail.Get("metadata.quotaResetDelay").String() - if quotaResetDelay != "" { - duration, err := time.ParseDuration(quotaResetDelay) - if err == nil { - return &duration, nil - } - } - } - } - } - - // Fallback: parse from error.message "Your quota will reset after Xs." - message := gjson.GetBytes(errorBody, "error.message").String() - if message != "" { - re := regexp.MustCompile(`after\s+(\d+)s\.?`) - if matches := re.FindStringSubmatch(message); len(matches) > 1 { - seconds, err := strconv.Atoi(matches[1]) - if err == nil { - return new(time.Duration(seconds) * time.Second), nil - } - } - } - - return nil, fmt.Errorf("no RetryInfo found") -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_executor.go deleted file mode 100644 index 7c25b8935f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_executor.go +++ /dev/null @@ -1,549 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// It includes stateless executors that handle API requests, streaming responses, -// token counting, and authentication refresh for different AI service providers. -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - // glEndpoint is the base URL for the Google Generative Language API. - glEndpoint = "https://generativelanguage.googleapis.com" - - // glAPIVersion is the API version used for Gemini requests. - glAPIVersion = "v1beta" - - // streamScannerBuffer is the buffer size for SSE stream scanning. - streamScannerBuffer = 52_428_800 -) - -// GeminiExecutor is a stateless executor for the official Gemini API using API keys. -// It handles both API key and OAuth bearer token authentication, supporting both -// regular and streaming requests to the Google Generative Language API. -type GeminiExecutor struct { - // cfg holds the application configuration. - cfg *config.Config -} - -// NewGeminiExecutor creates a new Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiExecutor: A new Gemini executor instance -func NewGeminiExecutor(cfg *config.Config) *GeminiExecutor { - return &GeminiExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiExecutor) Identifier() string { return "gemini" } - -// PrepareRequest injects Gemini credentials into the outgoing HTTP request. -func (e *GeminiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, bearer := geminiCreds(auth) - if apiKey != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - } else if bearer != "" { - req.Header.Set("Authorization", "Bearer "+bearer) - req.Header.Del("x-goog-api-key") - } - applyGeminiHeaders(req, auth) - return nil -} - -// HttpRequest injects Gemini credentials into the request and executes it. -func (e *GeminiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini API. -// It translates the request to Gemini format, sends it to the API, and translates -// the response back to the requested format. -// -// Parameters: -// - ctx: The context for the request -// - auth: The authentication information -// - req: The request to execute -// - opts: Additional execution options -// -// Returns: -// - cliproxyexecutor.Response: The response from the API -// - error: An error if the request fails -func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - // Official Gemini API via API key or OAuth bearer - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else if bearer != "" { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the Gemini API. -func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - filtered := FilterSSEUsageMetadata(line) - payload := jsonPayload(filtered) - if len(payload) == 0 { - continue - } - if detail, ok := parseGeminiStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(payload), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the Gemini API. -func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "countTokens") - - requestBody := bytes.NewReader(translatedReq) - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, requestBody) - if err != nil { - return cliproxyexecutor.Response{}, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - defer func() { _ = resp.Body.Close() }() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - - data, err := io.ReadAll(resp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", resp.StatusCode, summarizeErrorBody(resp.Header.Get("Content-Type"), data)) - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(data)} - } - - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil -} - -// Refresh refreshes the authentication credentials (no-op for Gemini API key). -func (e *GeminiExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func geminiCreds(a *cliproxyauth.Auth) (apiKey, bearer string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - apiKey = v - } - } - if a.Metadata != nil { - // GeminiTokenStorage.Token is a map that may contain access_token - if v, ok := a.Metadata["access_token"].(string); ok && v != "" { - bearer = v - } - if token, ok := a.Metadata["token"].(map[string]any); ok && token != nil { - if v, ok2 := token["access_token"].(string); ok2 && v != "" { - bearer = v - } - } - } - return -} - -func resolveGeminiBaseURL(auth *cliproxyauth.Auth) string { - base := glEndpoint - if auth != nil && auth.Attributes != nil { - if custom := strings.TrimSpace(auth.Attributes["base_url"]); custom != "" { - base = strings.TrimRight(custom, "/") - } - } - if base == "" { - return glEndpoint - } - return base -} - -func (e *GeminiExecutor) resolveGeminiConfig(auth *cliproxyauth.Auth) *config.GeminiKey { - if auth == nil || e.cfg == nil { - return nil - } - var attrKey, attrBase string - if auth.Attributes != nil { - attrKey = strings.TrimSpace(auth.Attributes["api_key"]) - attrBase = strings.TrimSpace(auth.Attributes["base_url"]) - } - for i := range e.cfg.GeminiKey { - entry := &e.cfg.GeminiKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - if attrKey != "" && attrBase != "" { - if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) { - return entry - } - continue - } - if attrKey != "" && strings.EqualFold(cfgKey, attrKey) { - if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey != "" { - for i := range e.cfg.GeminiKey { - entry := &e.cfg.GeminiKey[i] - if strings.EqualFold(strings.TrimSpace(entry.APIKey), attrKey) { - return entry - } - } - } - return nil -} - -func applyGeminiHeaders(req *http.Request, auth *cliproxyauth.Auth) { - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) -} - -func fixGeminiImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "generationConfig.imageConfig") - } - } - return rawJSON -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_vertex_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_vertex_executor.go deleted file mode 100644 index 7ad1c6186b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/gemini_vertex_executor.go +++ /dev/null @@ -1,1068 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Vertex AI Gemini executor that talks to Google Vertex AI -// endpoints using service account credentials or API keys. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - vertexauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/vertex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - // vertexAPIVersion aligns with current public Vertex Generative AI API. - vertexAPIVersion = "v1" -) - -// isImagenModel checks if the model name is an Imagen image generation model. -// Imagen models use the :predict action instead of :generateContent. -func isImagenModel(model string) bool { - lowerModel := strings.ToLower(model) - return strings.Contains(lowerModel, "imagen") -} - -// getVertexAction returns the appropriate action for the given model. -// Imagen models use "predict", while Gemini models use "generateContent". -func getVertexAction(model string, isStream bool) string { - if isImagenModel(model) { - return "predict" - } - if isStream { - return "streamGenerateContent" - } - return "generateContent" -} - -// convertImagenToGeminiResponse converts Imagen API response to Gemini format -// so it can be processed by the standard translation pipeline. -// This ensures Imagen models return responses in the same format as gemini-3-pro-image-preview. -func convertImagenToGeminiResponse(data []byte, model string) []byte { - predictions := gjson.GetBytes(data, "predictions") - if !predictions.Exists() || !predictions.IsArray() { - return data - } - - // Build Gemini-compatible response with inlineData - parts := make([]map[string]any, 0) - for _, pred := range predictions.Array() { - imageData := pred.Get("bytesBase64Encoded").String() - mimeType := pred.Get("mimeType").String() - if mimeType == "" { - mimeType = "image/png" - } - if imageData != "" { - parts = append(parts, map[string]any{ - "inlineData": map[string]any{ - "mimeType": mimeType, - "data": imageData, - }, - }) - } - } - - // Generate unique response ID using timestamp - responseId := fmt.Sprintf("imagen-%d", time.Now().UnixNano()) - - response := map[string]any{ - "candidates": []map[string]any{{ - "content": map[string]any{ - "parts": parts, - "role": "model", - }, - "finishReason": "STOP", - }}, - "responseId": responseId, - "modelVersion": model, - // Imagen API doesn't return token counts, set to 0 for tracking purposes - "usageMetadata": map[string]any{ - "promptTokenCount": 0, - "candidatesTokenCount": 0, - "totalTokenCount": 0, - }, - } - - result, err := json.Marshal(response) - if err != nil { - return data - } - return result -} - -// convertToImagenRequest converts a Gemini-style request to Imagen API format. -// Imagen API uses a different structure: instances[].prompt instead of contents[]. -func convertToImagenRequest(payload []byte) ([]byte, error) { - // Extract prompt from Gemini-style contents - prompt := "" - - // Try to get prompt from contents[0].parts[0].text - contentsText := gjson.GetBytes(payload, "contents.0.parts.0.text") - if contentsText.Exists() { - prompt = contentsText.String() - } - - // If no contents, try messages format (OpenAI-compatible) - if prompt == "" { - messagesText := gjson.GetBytes(payload, "messages.#.content") - if messagesText.Exists() && messagesText.IsArray() { - for _, msg := range messagesText.Array() { - if msg.String() != "" { - prompt = msg.String() - break - } - } - } - } - - // If still no prompt, try direct prompt field - if prompt == "" { - directPrompt := gjson.GetBytes(payload, "prompt") - if directPrompt.Exists() { - prompt = directPrompt.String() - } - } - - if prompt == "" { - return nil, fmt.Errorf("imagen: no prompt found in request") - } - - // Build Imagen API request - imagenReq := map[string]any{ - "instances": []map[string]any{ - { - "prompt": prompt, - }, - }, - "parameters": map[string]any{ - "sampleCount": 1, - }, - } - - // Extract optional parameters - if aspectRatio := gjson.GetBytes(payload, "aspectRatio"); aspectRatio.Exists() { - imagenReq["parameters"].(map[string]any)["aspectRatio"] = aspectRatio.String() - } - if sampleCount := gjson.GetBytes(payload, "sampleCount"); sampleCount.Exists() { - imagenReq["parameters"].(map[string]any)["sampleCount"] = int(sampleCount.Int()) - } - if negativePrompt := gjson.GetBytes(payload, "negativePrompt"); negativePrompt.Exists() { - imagenReq["instances"].([]map[string]any)[0]["negativePrompt"] = negativePrompt.String() - } - - return json.Marshal(imagenReq) -} - -// GeminiVertexExecutor sends requests to Vertex AI Gemini endpoints using service account credentials. -type GeminiVertexExecutor struct { - cfg *config.Config -} - -// NewGeminiVertexExecutor creates a new Vertex AI Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiVertexExecutor: A new Vertex AI Gemini executor instance -func NewGeminiVertexExecutor(cfg *config.Config) *GeminiVertexExecutor { - return &GeminiVertexExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiVertexExecutor) Identifier() string { return "vertex" } - -// PrepareRequest injects Vertex credentials into the outgoing HTTP request. -func (e *GeminiVertexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := vertexAPICreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - return nil - } - _, _, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return errCreds - } - token, errToken := vertexAccessToken(req.Context(), e.cfg, auth, saJSON) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Del("x-goog-api-key") - return nil -} - -// HttpRequest injects Vertex credentials into the request and executes it. -func (e *GeminiVertexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("vertex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return resp, errCreds - } - return e.executeWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// ExecuteStream performs a streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return nil, errCreds - } - return e.executeStreamWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeStreamWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// CountTokens counts tokens for the given request using the Vertex AI API. -func (e *GeminiVertexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return cliproxyexecutor.Response{}, errCreds - } - return e.countTokensWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.countTokensWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// Refresh refreshes the authentication credentials (no-op for Vertex). -func (e *GeminiVertexExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -// executeWithServiceAccount handles authentication using service account credentials. -// This method contains the original service account authentication logic. -func (e *GeminiVertexExecutor) executeWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - var body []byte - - // Handle Imagen models with special request format - if isImagenModel(baseModel) { - imagenBody, errImagen := convertToImagenRequest(req.Payload) - if errImagen != nil { - return resp, errImagen - } - body = imagenBody - } else { - // Standard Gemini translation flow - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body = sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - } - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return resp, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - - // For Imagen models, convert response to Gemini format before translation - // This ensures Imagen responses use the same format as gemini-3-pro-image-preview - if isImagenModel(baseModel) { - data = convertImagenToGeminiResponse(data, baseModel) - } - - // Standard Gemini translation (works for both Gemini and converted Imagen responses) - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeWithAPIKey handles authentication using API key credentials. -func (e *GeminiVertexExecutor) executeWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeStreamWithServiceAccount handles streaming authentication using service account credentials. -func (e *GeminiVertexExecutor) executeStreamWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return nil, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// executeStreamWithAPIKey handles streaming authentication using API key credentials. -func (e *GeminiVertexExecutor) executeStreamWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// countTokensWithServiceAccount counts tokens using service account credentials. -func (e *GeminiVertexExecutor) countTokensWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return cliproxyexecutor.Response{}, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// countTokensWithAPIKey handles token counting using API key credentials. -func (e *GeminiVertexExecutor) countTokensWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// vertexCreds extracts project, location and raw service account JSON from auth metadata. -func vertexCreds(a *cliproxyauth.Auth) (projectID, location string, serviceAccountJSON []byte, err error) { - if a == nil || a.Metadata == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing auth metadata") - } - if v, ok := a.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(v) - } - if projectID == "" { - // Some service accounts may use "project"; still prefer standard field - if v, ok := a.Metadata["project"].(string); ok { - projectID = strings.TrimSpace(v) - } - } - if projectID == "" { - return "", "", nil, fmt.Errorf("vertex executor: missing project_id in credentials") - } - if v, ok := a.Metadata["location"].(string); ok && strings.TrimSpace(v) != "" { - location = strings.TrimSpace(v) - } else { - location = "us-central1" - } - var sa map[string]any - if raw, ok := a.Metadata["service_account"].(map[string]any); ok { - sa = raw - } - if sa == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing service_account in credentials") - } - normalized, errNorm := vertexauth.NormalizeServiceAccountMap(sa) - if errNorm != nil { - return "", "", nil, fmt.Errorf("vertex executor: %w", errNorm) - } - saJSON, errMarshal := json.Marshal(normalized) - if errMarshal != nil { - return "", "", nil, fmt.Errorf("vertex executor: marshal service_account failed: %w", errMarshal) - } - return projectID, location, saJSON, nil -} - -// vertexAPICreds extracts API key and base URL from auth attributes following the claudeCreds pattern. -func vertexAPICreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func vertexBaseURL(location string) string { - loc := strings.TrimSpace(location) - if loc == "" { - loc = "us-central1" - } else if loc == "global" { - return "https://aiplatform.googleapis.com" - } - return fmt.Sprintf("https://%s-aiplatform.googleapis.com", loc) -} - -func vertexAccessToken(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, saJSON []byte) (string, error) { - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient) - } - // Use cloud-platform scope for Vertex AI. - creds, errCreds := google.CredentialsFromJSON(ctx, saJSON, "https://www.googleapis.com/auth/cloud-platform") - if errCreds != nil { - return "", fmt.Errorf("vertex executor: parse service account json failed: %w", errCreds) - } - tok, errTok := creds.TokenSource.Token() - if errTok != nil { - return "", fmt.Errorf("vertex executor: get access token failed: %w", errTok) - } - return tok.AccessToken, nil -} - -// resolveVertexConfig finds the matching vertex-api-key configuration entry for the given auth. -func (e *GeminiVertexExecutor) resolveVertexConfig(auth *cliproxyauth.Auth) *config.VertexCompatKey { - if auth == nil || e.cfg == nil { - return nil - } - var attrKey, attrBase string - if auth.Attributes != nil { - attrKey = strings.TrimSpace(auth.Attributes["api_key"]) - attrBase = strings.TrimSpace(auth.Attributes["base_url"]) - } - for i := range e.cfg.VertexCompatAPIKey { - entry := &e.cfg.VertexCompatAPIKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - if attrKey != "" && attrBase != "" { - if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) { - return entry - } - continue - } - if attrKey != "" && strings.EqualFold(cfgKey, attrKey) { - if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey != "" { - for i := range e.cfg.VertexCompatAPIKey { - entry := &e.cfg.VertexCompatAPIKey[i] - if strings.EqualFold(strings.TrimSpace(entry.APIKey), attrKey) { - return entry - } - } - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/github_copilot_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/github_copilot_executor.go deleted file mode 100644 index af4b7e6a13..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/github_copilot_executor.go +++ /dev/null @@ -1,1238 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "sync" - "time" - - "github.com/google/uuid" - copilotauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/copilot" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - githubCopilotBaseURL = "https://api.githubcopilot.com" - githubCopilotChatPath = "/chat/completions" - githubCopilotResponsesPath = "/responses" - githubCopilotAuthType = "github-copilot" - githubCopilotTokenCacheTTL = 25 * time.Minute - // tokenExpiryBuffer is the time before expiry when we should refresh the token. - tokenExpiryBuffer = 5 * time.Minute - // maxScannerBufferSize is the maximum buffer size for SSE scanning (20MB). - maxScannerBufferSize = 20_971_520 - - // Copilot API header values. - copilotUserAgent = "GitHubCopilotChat/0.35.0" - copilotEditorVersion = "vscode/1.107.0" - copilotPluginVersion = "copilot-chat/0.35.0" - copilotIntegrationID = "vscode-chat" - copilotOpenAIIntent = "conversation-panel" - copilotGitHubAPIVer = "2025-04-01" -) - -// GitHubCopilotExecutor handles requests to the GitHub Copilot API. -type GitHubCopilotExecutor struct { - cfg *config.Config - mu sync.RWMutex - cache map[string]*cachedAPIToken -} - -// cachedAPIToken stores a cached Copilot API token with its expiry. -type cachedAPIToken struct { - token string - apiEndpoint string - expiresAt time.Time -} - -// NewGitHubCopilotExecutor constructs a new executor instance. -func NewGitHubCopilotExecutor(cfg *config.Config) *GitHubCopilotExecutor { - return &GitHubCopilotExecutor{ - cfg: cfg, - cache: make(map[string]*cachedAPIToken), - } -} - -// Identifier implements ProviderExecutor. -func (e *GitHubCopilotExecutor) Identifier() string { return githubCopilotAuthType } - -// PrepareRequest implements ProviderExecutor. -func (e *GitHubCopilotExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - ctx := req.Context() - if ctx == nil { - ctx = context.Background() - } - apiToken, _, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return errToken - } - e.applyHeaders(req, apiToken, nil) - return nil -} - -// HttpRequest injects GitHub Copilot credentials into the request and executes it. -func (e *GitHubCopilotExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("github-copilot executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute handles non-streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return resp, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", false) - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - detail := parseOpenAIUsage(data) - if useResponses && detail.TotalTokens == 0 { - detail = parseOpenAIResponsesUsage(data) - } - if detail.TotalTokens > 0 { - reporter.publish(ctx, detail) - } - - var param any - converted := "" - if useResponses && from.String() == "claude" { - converted = translateGitHubCopilotResponsesNonStreamToClaude(data) - } else { - converted = sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, ¶m) - } - resp = cliproxyexecutor.Response{Payload: []byte(converted)} - reporter.ensurePublished(ctx) - return resp, nil -} - -// ExecuteStream handles streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return nil, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", true) - // Enable stream options for usage stats in stream - if !useResponses { - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - } - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, maxScannerBufferSize) - var param any - - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Parse SSE data - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if bytes.Equal(data, []byte("[DONE]")) { - continue - } - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } else if useResponses { - if detail, ok := parseOpenAIResponsesStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } - - var chunks []string - if useResponses && from.String() == "claude" { - chunks = translateGitHubCopilotResponsesStreamToClaude(bytes.Clone(line), ¶m) - } else { - chunks = sdktranslator.TranslateStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, bytes.Clone(line), ¶m) - } - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// CountTokens is not supported for GitHub Copilot. -func (e *GitHubCopilotExecutor) CountTokens(_ context.Context, _ *cliproxyauth.Auth, _ cliproxyexecutor.Request, _ cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusNotImplemented, msg: "count tokens not supported for github-copilot"} -} - -// Refresh validates the GitHub token is still working. -// GitHub OAuth tokens don't expire traditionally, so we just validate. -func (e *GitHubCopilotExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return auth, nil - } - - // Validate the token can still get a Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg) - _, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("github-copilot token validation failed: %v", err)} - } - - return auth, nil -} - -// ensureAPIToken gets or refreshes the Copilot API token. -func (e *GitHubCopilotExecutor) ensureAPIToken(ctx context.Context, auth *cliproxyauth.Auth) (string, string, error) { - if auth == nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing github access token"} - } - - // Check for cached API token using thread-safe access - e.mu.RLock() - if cached, ok := e.cache[accessToken]; ok && cached.expiresAt.After(time.Now().Add(tokenExpiryBuffer)) { - e.mu.RUnlock() - return cached.token, cached.apiEndpoint, nil - } - e.mu.RUnlock() - - // Get a new Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg) - apiToken, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("failed to get copilot api token: %v", err)} - } - - // Use endpoint from token response, fall back to default - apiEndpoint := githubCopilotBaseURL - if apiToken.Endpoints.API != "" { - apiEndpoint = strings.TrimRight(apiToken.Endpoints.API, "/") - } - - // Cache the token with thread-safe access - expiresAt := time.Now().Add(githubCopilotTokenCacheTTL) - if apiToken.ExpiresAt > 0 { - expiresAt = time.Unix(apiToken.ExpiresAt, 0) - } - e.mu.Lock() - e.cache[accessToken] = &cachedAPIToken{ - token: apiToken.Token, - apiEndpoint: apiEndpoint, - expiresAt: expiresAt, - } - e.mu.Unlock() - - return apiToken.Token, apiEndpoint, nil -} - -// applyHeaders sets the required headers for GitHub Copilot API requests. -func (e *GitHubCopilotExecutor) applyHeaders(r *http.Request, apiToken string, body []byte) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiToken) - r.Header.Set("Accept", "application/json") - r.Header.Set("User-Agent", copilotUserAgent) - r.Header.Set("Editor-Version", copilotEditorVersion) - r.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - r.Header.Set("Openai-Intent", copilotOpenAIIntent) - r.Header.Set("Copilot-Integration-Id", copilotIntegrationID) - r.Header.Set("X-Github-Api-Version", copilotGitHubAPIVer) - r.Header.Set("X-Request-Id", uuid.NewString()) - - initiator := "user" - if len(body) > 0 { - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - if role == "assistant" || role == "tool" { - initiator = "agent" - break - } - } - } - } - r.Header.Set("X-Initiator", initiator) -} - -// detectVisionContent checks if the request body contains vision/image content. -// Returns true if the request includes image_url or image type content blocks. -func detectVisionContent(body []byte) bool { - // Parse messages array - messagesResult := gjson.GetBytes(body, "messages") - if !messagesResult.Exists() || !messagesResult.IsArray() { - return false - } - - // Check each message for vision content - for _, message := range messagesResult.Array() { - content := message.Get("content") - - // If content is an array, check each content block - if content.IsArray() { - for _, block := range content.Array() { - blockType := block.Get("type").String() - // Check for image_url or image type - if blockType == "image_url" || blockType == "image" { - return true - } - } - } - } - - return false -} - -// normalizeModel strips the suffix (e.g. "(medium)") from the model name -// before sending to GitHub Copilot, as the upstream API does not accept -// suffixed model identifiers. -func (e *GitHubCopilotExecutor) normalizeModel(model string, body []byte) []byte { - baseModel := thinking.ParseSuffix(model).ModelName - if baseModel != model { - body, _ = sjson.SetBytes(body, "model", baseModel) - } - return body -} - -func useGitHubCopilotResponsesEndpoint(sourceFormat sdktranslator.Format, model string) bool { - if sourceFormat.String() == "openai-response" { - return true - } - baseModel := strings.ToLower(thinking.ParseSuffix(model).ModelName) - return strings.Contains(baseModel, "codex") -} - -// flattenAssistantContent converts assistant message content from array format -// to a joined string. GitHub Copilot requires assistant content as a string; -// sending it as an array causes Claude models to re-answer all previous prompts. -func flattenAssistantContent(body []byte) []byte { - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - result := body - for i, msg := range messages.Array() { - if msg.Get("role").String() != "assistant" { - continue - } - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - continue - } - // Skip flattening if the content contains non-text blocks (tool_use, thinking, etc.) - hasNonText := false - for _, part := range content.Array() { - if t := part.Get("type").String(); t != "" && t != "text" { - hasNonText = true - break - } - } - if hasNonText { - continue - } - var textParts []string - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - if t := part.Get("text").String(); t != "" { - textParts = append(textParts, t) - } - } - } - joined := strings.Join(textParts, "") - path := fmt.Sprintf("messages.%d.content", i) - result, _ = sjson.SetBytes(result, path, joined) - } - return result -} - -func normalizeGitHubCopilotChatTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - if tool.Get("type").String() != "function" { - continue - } - filtered, _ = sjson.SetRaw(filtered, "-1", tool.Raw) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -func normalizeGitHubCopilotResponsesInput(body []byte) []byte { - input := gjson.GetBytes(body, "input") - if input.Exists() { - // If input is already a string or array, keep it as-is. - if input.Type == gjson.String || input.IsArray() { - return body - } - // Non-string/non-array input: stringify as fallback. - body, _ = sjson.SetBytes(body, "input", input.Raw) - return body - } - - // Convert Claude messages format to OpenAI Responses API input array. - // This preserves the conversation structure (roles, tool calls, tool results) - // which is critical for multi-turn tool-use conversations. - inputArr := "[]" - - // System messages → developer role - if system := gjson.GetBytes(body, "system"); system.Exists() { - var systemParts []string - if system.IsArray() { - for _, part := range system.Array() { - if txt := part.Get("text").String(); txt != "" { - systemParts = append(systemParts, txt) - } - } - } else if system.Type == gjson.String { - systemParts = append(systemParts, system.String()) - } - if len(systemParts) > 0 { - msg := `{"type":"message","role":"developer","content":[]}` - for _, txt := range systemParts { - part := `{"type":"input_text","text":""}` - part, _ = sjson.Set(part, "text", txt) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", msg) - } - } - - // Messages → structured input items - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - content := msg.Get("content") - - if !content.Exists() { - continue - } - - // Simple string content - if content.Type == gjson.String { - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", content.String()) - item, _ = sjson.SetRaw(item, "content.-1", part) - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - continue - } - - if !content.IsArray() { - continue - } - - // Array content: split into message parts vs tool items - var msgParts []string - for _, c := range content.Array() { - cType := c.Get("type").String() - switch cType { - case "text": - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", c.Get("text").String()) - msgParts = append(msgParts, part) - case "image": - source := c.Get("source") - if source.Exists() { - data := source.Get("data").String() - if data == "" { - data = source.Get("base64").String() - } - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = source.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - if data != "" { - part := `{"type":"input_image","image_url":""}` - part, _ = sjson.Set(part, "image_url", fmt.Sprintf("data:%s;base64,%s", mediaType, data)) - msgParts = append(msgParts, part) - } - } - case "tool_use": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fc := `{"type":"function_call","call_id":"","name":"","arguments":""}` - fc, _ = sjson.Set(fc, "call_id", c.Get("id").String()) - fc, _ = sjson.Set(fc, "name", c.Get("name").String()) - if inputRaw := c.Get("input"); inputRaw.Exists() { - fc, _ = sjson.Set(fc, "arguments", inputRaw.Raw) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fc) - case "tool_result": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fco := `{"type":"function_call_output","call_id":"","output":""}` - fco, _ = sjson.Set(fco, "call_id", c.Get("tool_use_id").String()) - // Extract output text - resultContent := c.Get("content") - if resultContent.Type == gjson.String { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } else if resultContent.IsArray() { - var resultParts []string - for _, rc := range resultContent.Array() { - if txt := rc.Get("text").String(); txt != "" { - resultParts = append(resultParts, txt) - } - } - fco, _ = sjson.Set(fco, "output", strings.Join(resultParts, "\n")) - } else if resultContent.Exists() { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fco) - case "thinking": - // Skip thinking blocks - not part of the API input - } - } - - // Flush remaining message parts - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - } - } - } - - body, _ = sjson.SetRawBytes(body, "input", []byte(inputArr)) - // Remove messages/system since we've converted them to input - body, _ = sjson.DeleteBytes(body, "messages") - body, _ = sjson.DeleteBytes(body, "system") - return body -} - -func normalizeGitHubCopilotResponsesTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - toolType := tool.Get("type").String() - // Accept OpenAI format (type="function") and Claude format - // (no type field, but has top-level name + input_schema). - if toolType != "" && toolType != "function" { - continue - } - name := tool.Get("name").String() - if name == "" { - name = tool.Get("function.name").String() - } - if name == "" { - continue - } - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - if desc := tool.Get("description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } else if desc = tool.Get("function.description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } - if params := tool.Get("parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("function.parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("input_schema"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } - filtered, _ = sjson.SetRaw(filtered, "-1", normalized) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - default: - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body - } - } - if toolChoice.Type == gjson.JSON { - choiceType := toolChoice.Get("type").String() - if choiceType == "function" { - name := toolChoice.Get("name").String() - if name == "" { - name = toolChoice.Get("function.name").String() - } - if name != "" { - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - body, _ = sjson.SetRawBytes(body, "tool_choice", []byte(normalized)) - return body - } - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -func collectTextFromNode(node gjson.Result) string { - if !node.Exists() { - return "" - } - if node.Type == gjson.String { - return node.String() - } - if node.IsArray() { - var parts []string - for _, item := range node.Array() { - if item.Type == gjson.String { - if text := item.String(); text != "" { - parts = append(parts, text) - } - continue - } - if text := item.Get("text").String(); text != "" { - parts = append(parts, text) - continue - } - if nested := collectTextFromNode(item.Get("content")); nested != "" { - parts = append(parts, nested) - } - } - return strings.Join(parts, "\n") - } - if node.Type == gjson.JSON { - if text := node.Get("text").String(); text != "" { - return text - } - if nested := collectTextFromNode(node.Get("content")); nested != "" { - return nested - } - return node.Raw - } - return node.String() -} - -type githubCopilotResponsesStreamToolState struct { - Index int - ID string - Name string -} - -type githubCopilotResponsesStreamState struct { - MessageStarted bool - MessageStopSent bool - TextBlockStarted bool - TextBlockIndex int - NextContentIndex int - HasToolUse bool - ReasoningActive bool - ReasoningIndex int - OutputIndexToTool map[int]*githubCopilotResponsesStreamToolState - ItemIDToTool map[string]*githubCopilotResponsesStreamToolState -} - -func translateGitHubCopilotResponsesNonStreamToClaude(data []byte) string { - root := gjson.ParseBytes(data) - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("id").String()) - out, _ = sjson.Set(out, "model", root.Get("model").String()) - - hasToolUse := false - if output := root.Get("output"); output.Exists() && output.IsArray() { - for _, item := range output.Array() { - switch item.Get("type").String() { - case "reasoning": - var thinkingText string - if summary := item.Get("summary"); summary.Exists() && summary.IsArray() { - var parts []string - for _, part := range summary.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - if thinkingText == "" { - if content := item.Get("content"); content.Exists() && content.IsArray() { - var parts []string - for _, part := range content.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - } - if thinkingText != "" { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingText) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() && content.IsArray() { - for _, part := range content.Array() { - if part.Get("type").String() != "output_text" { - continue - } - text := part.Get("text").String() - if text == "" { - continue - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - case "function_call": - hasToolUse = true - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolID := item.Get("call_id").String() - if toolID == "" { - toolID = item.Get("id").String() - } - toolUse, _ = sjson.Set(toolUse, "id", toolID) - toolUse, _ = sjson.Set(toolUse, "name", item.Get("name").String()) - if args := item.Get("arguments").String(); args != "" && gjson.Valid(args) { - argObj := gjson.Parse(args) - if argObj.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argObj.Raw) - } - } - out, _ = sjson.SetRaw(out, "content.-1", toolUse) - } - } - } - - inputTokens := root.Get("usage.input_tokens").Int() - outputTokens := root.Get("usage.output_tokens").Int() - cachedTokens := root.Get("usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - if hasToolUse { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else if sr := root.Get("stop_reason").String(); sr == "max_tokens" || sr == "stop" { - out, _ = sjson.Set(out, "stop_reason", sr) - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - return out -} - -func translateGitHubCopilotResponsesStreamToClaude(line []byte, param *any) []string { - if *param == nil { - *param = &githubCopilotResponsesStreamState{ - TextBlockIndex: -1, - OutputIndexToTool: make(map[int]*githubCopilotResponsesStreamToolState), - ItemIDToTool: make(map[string]*githubCopilotResponsesStreamToolState), - } - } - state := (*param).(*githubCopilotResponsesStreamState) - - if !bytes.HasPrefix(line, dataTag) { - return nil - } - payload := bytes.TrimSpace(line[5:]) - if bytes.Equal(payload, []byte("[DONE]")) { - return nil - } - if !gjson.ValidBytes(payload) { - return nil - } - - event := gjson.GetBytes(payload, "type").String() - results := make([]string, 0, 4) - ensureMessageStart := func() { - if state.MessageStarted { - return - } - messageStart := `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}}` - messageStart, _ = sjson.Set(messageStart, "message.id", gjson.GetBytes(payload, "response.id").String()) - messageStart, _ = sjson.Set(messageStart, "message.model", gjson.GetBytes(payload, "response.model").String()) - results = append(results, "event: message_start\ndata: "+messageStart+"\n\n") - state.MessageStarted = true - } - startTextBlockIfNeeded := func() { - if state.TextBlockStarted { - return - } - if state.TextBlockIndex < 0 { - state.TextBlockIndex = state.NextContentIndex - state.NextContentIndex++ - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", state.TextBlockIndex) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - state.TextBlockStarted = true - } - stopTextBlockIfNeeded := func() { - if !state.TextBlockStarted { - return - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", state.TextBlockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - state.TextBlockStarted = false - state.TextBlockIndex = -1 - } - resolveTool := func(itemID string, outputIndex int) *githubCopilotResponsesStreamToolState { - if itemID != "" { - if tool, ok := state.ItemIDToTool[itemID]; ok { - return tool - } - } - if tool, ok := state.OutputIndexToTool[outputIndex]; ok { - if itemID != "" { - state.ItemIDToTool[itemID] = tool - } - return tool - } - return nil - } - - switch event { - case "response.created": - ensureMessageStart() - case "response.output_text.delta": - ensureMessageStart() - startTextBlockIfNeeded() - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - contentDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - contentDelta, _ = sjson.Set(contentDelta, "index", state.TextBlockIndex) - contentDelta, _ = sjson.Set(contentDelta, "delta.text", delta) - results = append(results, "event: content_block_delta\ndata: "+contentDelta+"\n\n") - } - case "response.reasoning_summary_part.added": - ensureMessageStart() - state.ReasoningActive = true - state.ReasoningIndex = state.NextContentIndex - state.NextContentIndex++ - thinkingStart := `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - thinkingStart, _ = sjson.Set(thinkingStart, "index", state.ReasoningIndex) - results = append(results, "event: content_block_start\ndata: "+thinkingStart+"\n\n") - case "response.reasoning_summary_text.delta": - if state.ReasoningActive { - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - thinkingDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - thinkingDelta, _ = sjson.Set(thinkingDelta, "index", state.ReasoningIndex) - thinkingDelta, _ = sjson.Set(thinkingDelta, "delta.thinking", delta) - results = append(results, "event: content_block_delta\ndata: "+thinkingDelta+"\n\n") - } - } - case "response.reasoning_summary_part.done": - if state.ReasoningActive { - thinkingStop := `{"type":"content_block_stop","index":0}` - thinkingStop, _ = sjson.Set(thinkingStop, "index", state.ReasoningIndex) - results = append(results, "event: content_block_stop\ndata: "+thinkingStop+"\n\n") - state.ReasoningActive = false - } - case "response.output_item.added": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - ensureMessageStart() - stopTextBlockIfNeeded() - state.HasToolUse = true - tool := &githubCopilotResponsesStreamToolState{ - Index: state.NextContentIndex, - ID: gjson.GetBytes(payload, "item.call_id").String(), - Name: gjson.GetBytes(payload, "item.name").String(), - } - if tool.ID == "" { - tool.ID = gjson.GetBytes(payload, "item.id").String() - } - state.NextContentIndex++ - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - state.OutputIndexToTool[outputIndex] = tool - if itemID := gjson.GetBytes(payload, "item.id").String(); itemID != "" { - state.ItemIDToTool[itemID] = tool - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", tool.Index) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.id", tool.ID) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.name", tool.Name) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - case "response.output_item.delta": - item := gjson.GetBytes(payload, "item") - if item.Get("type").String() != "function_call" { - break - } - tool := resolveTool(item.Get("id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - partial = item.Get("arguments").String() - } - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.function_call_arguments.delta": - // Copilot sends tool call arguments via this event type (not response.output_item.delta). - // Data format: {"delta":"...", "item_id":"...", "output_index":N, ...} - itemID := gjson.GetBytes(payload, "item_id").String() - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - tool := resolveTool(itemID, outputIndex) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.output_item.done": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - tool := resolveTool(gjson.GetBytes(payload, "item.id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", tool.Index) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - case "response.completed": - ensureMessageStart() - stopTextBlockIfNeeded() - if !state.MessageStopSent { - stopReason := "end_turn" - if state.HasToolUse { - stopReason = "tool_use" - } else if sr := gjson.GetBytes(payload, "response.stop_reason").String(); sr == "max_tokens" || sr == "stop" { - stopReason = sr - } - inputTokens := gjson.GetBytes(payload, "response.usage.input_tokens").Int() - outputTokens := gjson.GetBytes(payload, "response.usage.output_tokens").Int() - cachedTokens := gjson.GetBytes(payload, "response.usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - messageDelta := `{"type":"message_delta","delta":{"stop_reason":"","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - messageDelta, _ = sjson.Set(messageDelta, "delta.stop_reason", stopReason) - messageDelta, _ = sjson.Set(messageDelta, "usage.input_tokens", inputTokens) - messageDelta, _ = sjson.Set(messageDelta, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - messageDelta, _ = sjson.Set(messageDelta, "usage.cache_read_input_tokens", cachedTokens) - } - results = append(results, "event: message_delta\ndata: "+messageDelta+"\n\n") - results = append(results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - state.MessageStopSent = true - } - } - - return results -} - -// isHTTPSuccess checks if the status code indicates success (2xx). -func isHTTPSuccess(statusCode int) bool { - return statusCode >= 200 && statusCode < 300 -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/github_copilot_executor_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/github_copilot_executor_test.go deleted file mode 100644 index 39868ef751..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/github_copilot_executor_test.go +++ /dev/null @@ -1,333 +0,0 @@ -package executor - -import ( - "net/http" - "strings" - "testing" - - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestGitHubCopilotNormalizeModel_StripsSuffix(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - model string - wantModel string - }{ - { - name: "suffix stripped", - model: "claude-opus-4.6(medium)", - wantModel: "claude-opus-4.6", - }, - { - name: "no suffix unchanged", - model: "claude-opus-4.6", - wantModel: "claude-opus-4.6", - }, - { - name: "different suffix stripped", - model: "gpt-4o(high)", - wantModel: "gpt-4o", - }, - { - name: "numeric suffix stripped", - model: "gemini-2.5-pro(8192)", - wantModel: "gemini-2.5-pro", - }, - } - - e := &GitHubCopilotExecutor{} - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - - body := []byte(`{"model":"` + tt.model + `","messages":[]}`) - got := e.normalizeModel(tt.model, body) - - gotModel := gjson.GetBytes(got, "model").String() - if gotModel != tt.wantModel { - t.Fatalf("normalizeModel() model = %q, want %q", gotModel, tt.wantModel) - } - }) - } -} - -func TestUseGitHubCopilotResponsesEndpoint_OpenAIResponseSource(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai-response"), "claude-3-5-sonnet") { - t.Fatal("expected openai-response source to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_CodexModel(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "gpt-5-codex") { - t.Fatal("expected codex model to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_DefaultChat(t *testing.T) { - t.Parallel() - if useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "claude-3-5-sonnet") { - t.Fatal("expected default openai source with non-codex model to use /chat/completions") - } -} - -func TestNormalizeGitHubCopilotChatTools_KeepFunctionOnly(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"ok"}},{"type":"code_interpreter"}],"tool_choice":"auto"}`) - got := normalizeGitHubCopilotChatTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tool type = %q, want function", tools[0].Get("type").String()) - } -} - -func TestNormalizeGitHubCopilotChatTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[],"tool_choice":{"type":"function","function":{"name":"x"}}}`) - got := normalizeGitHubCopilotChatTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestNormalizeGitHubCopilotResponsesInput_MissingInputExtractedFromSystemAndMessages(t *testing.T) { - t.Parallel() - body := []byte(`{"system":"sys text","messages":[{"role":"user","content":"user text"},{"role":"assistant","content":[{"type":"text","text":"assistant text"}]}]}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if !in.IsArray() { - t.Fatalf("input type = %v, want array", in.Type) - } - raw := in.Raw - if !strings.Contains(raw, "sys text") || !strings.Contains(raw, "user text") || !strings.Contains(raw, "assistant text") { - t.Fatalf("input = %s, want structured array with all texts", raw) - } - if gjson.GetBytes(got, "messages").Exists() { - t.Fatal("messages should be removed after conversion") - } - if gjson.GetBytes(got, "system").Exists() { - t.Fatal("system should be removed after conversion") - } -} - -func TestNormalizeGitHubCopilotResponsesInput_NonStringInputStringified(t *testing.T) { - t.Parallel() - body := []byte(`{"input":{"foo":"bar"}}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if in.Type != gjson.String { - t.Fatalf("input type = %v, want string", in.Type) - } - if !strings.Contains(in.String(), "foo") { - t.Fatalf("input = %q, want stringified object", in.String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenFunctionTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"sum","description":"d","parameters":{"type":"object"}}},{"type":"web_search"}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("name").String() != "sum" { - t.Fatalf("tools[0].name = %q, want sum", tools[0].Get("name").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be preserved") - } -} - -func TestNormalizeGitHubCopilotResponsesTools_ClaudeFormatTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"name":"Bash","description":"Run commands","input_schema":{"type":"object","properties":{"command":{"type":"string"}},"required":["command"]}},{"name":"Read","description":"Read files","input_schema":{"type":"object","properties":{"path":{"type":"string"}}}}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 2 { - t.Fatalf("tools len = %d, want 2", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tools[0].type = %q, want function", tools[0].Get("type").String()) - } - if tools[0].Get("name").String() != "Bash" { - t.Fatalf("tools[0].name = %q, want Bash", tools[0].Get("name").String()) - } - if tools[0].Get("description").String() != "Run commands" { - t.Fatalf("tools[0].description = %q, want 'Run commands'", tools[0].Get("description").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be set from input_schema") - } - if tools[0].Get("parameters.properties.command").Exists() != true { - t.Fatal("expected parameters.properties.command to exist") - } - if tools[1].Get("name").String() != "Read" { - t.Fatalf("tools[1].name = %q, want Read", tools[1].Get("name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenToolChoiceFunctionObject(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function","function":{"name":"sum"}}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice.type").String() != "function" { - t.Fatalf("tool_choice.type = %q, want function", gjson.GetBytes(got, "tool_choice.type").String()) - } - if gjson.GetBytes(got, "tool_choice.name").String() != "sum" { - t.Fatalf("tool_choice.name = %q, want sum", gjson.GetBytes(got, "tool_choice.name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function"}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_TextMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_1","model":"gpt-5-codex","output":[{"type":"message","content":[{"type":"output_text","text":"hello"}]}],"usage":{"input_tokens":3,"output_tokens":5}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "type").String() != "message" { - t.Fatalf("type = %q, want message", gjson.Get(out, "type").String()) - } - if gjson.Get(out, "content.0.type").String() != "text" { - t.Fatalf("content.0.type = %q, want text", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.text").String() != "hello" { - t.Fatalf("content.0.text = %q, want hello", gjson.Get(out, "content.0.text").String()) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_ToolUseMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_2","model":"gpt-5-codex","output":[{"type":"function_call","id":"fc_1","call_id":"call_1","name":"sum","arguments":"{\"a\":1}"}],"usage":{"input_tokens":1,"output_tokens":2}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "content.0.type").String() != "tool_use" { - t.Fatalf("content.0.type = %q, want tool_use", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.name").String() != "sum" { - t.Fatalf("content.0.name = %q, want sum", gjson.Get(out, "content.0.name").String()) - } - if gjson.Get(out, "stop_reason").String() != "tool_use" { - t.Fatalf("stop_reason = %q, want tool_use", gjson.Get(out, "stop_reason").String()) - } -} - -func TestTranslateGitHubCopilotResponsesStreamToClaude_TextLifecycle(t *testing.T) { - t.Parallel() - var param any - - created := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.created","response":{"id":"resp_1","model":"gpt-5-codex"}}`), ¶m) - if len(created) == 0 || !strings.Contains(created[0], "message_start") { - t.Fatalf("created events = %#v, want message_start", created) - } - - delta := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_text.delta","delta":"he"}`), ¶m) - joinedDelta := strings.Join(delta, "") - if !strings.Contains(joinedDelta, "content_block_start") || !strings.Contains(joinedDelta, "text_delta") { - t.Fatalf("delta events = %#v, want content_block_start + text_delta", delta) - } - - completed := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.completed","response":{"usage":{"input_tokens":7,"output_tokens":9}}}`), ¶m) - joinedCompleted := strings.Join(completed, "") - if !strings.Contains(joinedCompleted, "message_delta") || !strings.Contains(joinedCompleted, "message_stop") { - t.Fatalf("completed events = %#v, want message_delta + message_stop", completed) - } -} - -// --- Tests for X-Initiator detection logic (Problem L) --- - -func TestApplyHeaders_XInitiator_UserOnly(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"system","content":"sys"},{"role":"user","content":"hello"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "user" { - t.Fatalf("X-Initiator = %q, want user", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithAssistantAndUserToolResult(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - // Claude Code typical flow: last message is user (tool result), but has assistant in history - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"assistant","content":"I will read the file"},{"role":"user","content":"tool result here"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (assistant exists in messages)", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithToolRole(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"tool","content":"result"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (tool role exists)", got) - } -} - -// --- Tests for x-github-api-version header (Problem M) --- - -func TestApplyHeaders_GitHubAPIVersion(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - e.applyHeaders(req, "token", nil) - if got := req.Header.Get("X-Github-Api-Version"); got != "2025-04-01" { - t.Fatalf("X-Github-Api-Version = %q, want 2025-04-01", got) - } -} - -// --- Tests for vision detection (Problem P) --- - -func TestDetectVisionContent_WithImageURL(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"describe"},{"type":"image_url","image_url":{"url":"data:image/png;base64,abc"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected vision content to be detected") - } -} - -func TestDetectVisionContent_WithImageType(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"image","source":{"data":"abc","media_type":"image/png"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected image type to be detected") - } -} - -func TestDetectVisionContent_NoVision(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content") - } -} - -func TestDetectVisionContent_NoMessages(t *testing.T) { - t.Parallel() - // After Responses API normalization, messages is removed — detection should return false - body := []byte(`{"input":[{"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content when messages field is absent") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/iflow_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/iflow_executor.go deleted file mode 100644 index 65a0b8f81e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/iflow_executor.go +++ /dev/null @@ -1,574 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/hmac" - "crypto/sha256" - "encoding/hex" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/google/uuid" - iflowauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - iflowDefaultEndpoint = "/chat/completions" - iflowUserAgent = "iFlow-Cli" -) - -// IFlowExecutor executes OpenAI-compatible chat completions against the iFlow API using API keys derived from OAuth. -type IFlowExecutor struct { - cfg *config.Config -} - -// NewIFlowExecutor constructs a new executor instance. -func NewIFlowExecutor(cfg *config.Config) *IFlowExecutor { return &IFlowExecutor{cfg: cfg} } - -// Identifier returns the provider key. -func (e *IFlowExecutor) Identifier() string { return "iflow" } - -// PrepareRequest injects iFlow credentials into the outgoing HTTP request. -func (e *IFlowExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := iflowCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - return nil -} - -// HttpRequest injects iFlow credentials into the request and executes it. -func (e *IFlowExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("iflow executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request. -func (e *IFlowExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = fmt.Errorf("iflow executor: missing api key") - return resp, err - } - if baseURL == "" { - baseURL = iflowauth.DefaultAPIBaseURL - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return resp, err - } - - body = preserveReasoningContentInMessages(body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyIFlowHeaders(httpReq, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - // Ensure usage is recorded even if upstream omits usage metadata. - reporter.ensurePublished(ctx) - - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request. -func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = fmt.Errorf("iflow executor: missing api key") - return nil, err - } - if baseURL == "" { - baseURL = iflowauth.DefaultAPIBaseURL - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return nil, err - } - - body = preserveReasoningContentInMessages(body) - // Ensure tools array exists to avoid provider quirks similar to Qwen's behaviour. - toolsResult := gjson.GetBytes(body, "tools") - if toolsResult.Exists() && toolsResult.IsArray() && len(toolsResult.Array()) == 0 { - body = ensureToolsArray(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyIFlowHeaders(httpReq, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, _ := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Guarantee a usage record exists even if the stream never emitted usage data. - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *IFlowExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - enc, err := tokenizerForModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes OAuth tokens or cookie-based API keys and updates the stored API key. -func (e *IFlowExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("iflow executor: auth is nil") - } - - // Check if this is cookie-based authentication - var cookie string - var email string - if auth.Metadata != nil { - if v, ok := auth.Metadata["cookie"].(string); ok { - cookie = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["email"].(string); ok { - email = strings.TrimSpace(v) - } - } - - // If cookie is present, use cookie-based refresh - if cookie != "" && email != "" { - return e.refreshCookieBased(ctx, auth, cookie, email) - } - - // Otherwise, use OAuth-based refresh - return e.refreshOAuthBased(ctx, auth) -} - -// refreshCookieBased refreshes API key using browser cookie -func (e *IFlowExecutor) refreshCookieBased(ctx context.Context, auth *cliproxyauth.Auth, cookie, email string) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: checking refresh need for cookie-based API key for user: %s", email) - - // Get current expiry time from metadata - var currentExpire string - if auth.Metadata != nil { - if v, ok := auth.Metadata["expired"].(string); ok { - currentExpire = strings.TrimSpace(v) - } - } - - // Check if refresh is needed - needsRefresh, _, err := iflowauth.ShouldRefreshAPIKey(currentExpire) - if err != nil { - log.Warnf("iflow executor: failed to check refresh need: %v", err) - // If we can't check, continue with refresh anyway as a safety measure - } else if !needsRefresh { - log.Debugf("iflow executor: no refresh needed for user: %s", email) - return auth, nil - } - - log.Infof("iflow executor: refreshing cookie-based API key for user: %s", email) - - svc := iflowauth.NewIFlowAuth(e.cfg) - keyData, err := svc.RefreshAPIKey(ctx, cookie, email) - if err != nil { - log.Errorf("iflow executor: cookie-based API key refresh failed: %v", err) - return nil, err - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["api_key"] = keyData.APIKey - auth.Metadata["expired"] = keyData.ExpireTime - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.Metadata["cookie"] = cookie - auth.Metadata["email"] = email - - log.Infof("iflow executor: cookie-based API key refreshed successfully, new expiry: %s", keyData.ExpireTime) - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["api_key"] = keyData.APIKey - - return auth, nil -} - -// refreshOAuthBased refreshes tokens using OAuth refresh token -func (e *IFlowExecutor) refreshOAuthBased(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - refreshToken := "" - oldAccessToken := "" - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["access_token"].(string); ok { - oldAccessToken = strings.TrimSpace(v) - } - } - if refreshToken == "" { - return auth, nil - } - - // Log the old access token (masked) before refresh - if oldAccessToken != "" { - log.Debugf("iflow executor: refreshing access token, old: %s", util.HideAPIKey(oldAccessToken)) - } - - svc := iflowauth.NewIFlowAuth(e.cfg) - tokenData, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - log.Errorf("iflow executor: token refresh failed: %v", err) - return nil, err - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenData.AccessToken - if tokenData.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenData.RefreshToken - } - if tokenData.APIKey != "" { - auth.Metadata["api_key"] = tokenData.APIKey - } - auth.Metadata["expired"] = tokenData.Expire - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - - // Log the new access token (masked) after successful refresh - log.Debugf("iflow executor: token refresh successful, new: %s", util.HideAPIKey(tokenData.AccessToken)) - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if tokenData.APIKey != "" { - auth.Attributes["api_key"] = tokenData.APIKey - } - - return auth, nil -} - -func applyIFlowHeaders(r *http.Request, apiKey string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiKey) - r.Header.Set("User-Agent", iflowUserAgent) - - // Generate session-id - sessionID := "session-" + generateUUID() - r.Header.Set("session-id", sessionID) - - // Generate timestamp and signature - timestamp := time.Now().UnixMilli() - r.Header.Set("x-iflow-timestamp", fmt.Sprintf("%d", timestamp)) - - signature := createIFlowSignature(iflowUserAgent, sessionID, timestamp, apiKey) - if signature != "" { - r.Header.Set("x-iflow-signature", signature) - } - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } -} - -// createIFlowSignature generates HMAC-SHA256 signature for iFlow API requests. -// The signature payload format is: userAgent:sessionId:timestamp -func createIFlowSignature(userAgent, sessionID string, timestamp int64, apiKey string) string { - if apiKey == "" { - return "" - } - payload := fmt.Sprintf("%s:%s:%d", userAgent, sessionID, timestamp) - h := hmac.New(sha256.New, []byte(apiKey)) - h.Write([]byte(payload)) - return hex.EncodeToString(h.Sum(nil)) -} - -// generateUUID generates a random UUID v4 string. -func generateUUID() string { - return uuid.New().String() -} - -func iflowCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := strings.TrimSpace(a.Attributes["api_key"]); v != "" { - apiKey = v - } - if v := strings.TrimSpace(a.Attributes["base_url"]); v != "" { - baseURL = v - } - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["api_key"].(string); ok { - apiKey = strings.TrimSpace(v) - } - } - if baseURL == "" && a.Metadata != nil { - if v, ok := a.Metadata["base_url"].(string); ok { - baseURL = strings.TrimSpace(v) - } - } - return apiKey, baseURL -} - -func ensureToolsArray(body []byte) []byte { - placeholder := `[{"type":"function","function":{"name":"noop","description":"Placeholder tool to stabilise streaming","parameters":{"type":"object"}}}]` - updated, err := sjson.SetRawBytes(body, "tools", []byte(placeholder)) - if err != nil { - return body - } - return updated -} - -// preserveReasoningContentInMessages checks if reasoning_content from assistant messages -// is preserved in conversation history for iFlow models that support thinking. -// This is helpful for multi-turn conversations where the model may benefit from seeing -// its previous reasoning to maintain coherent thought chains. -// -// For GLM-4.6/4.7 and MiniMax M2/M2.1, it is recommended to include the full assistant -// response (including reasoning_content) in message history for better context continuity. -func preserveReasoningContentInMessages(body []byte) []byte { - model := strings.ToLower(gjson.GetBytes(body, "model").String()) - - // Only apply to models that support thinking with history preservation - needsPreservation := strings.HasPrefix(model, "glm-4") || strings.HasPrefix(model, "minimax-m2") - - if !needsPreservation { - return body - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - - // Check if any assistant message already has reasoning_content preserved - hasReasoningContent := false - messages.ForEach(func(_, msg gjson.Result) bool { - role := msg.Get("role").String() - if role == "assistant" { - rc := msg.Get("reasoning_content") - if rc.Exists() && rc.String() != "" { - hasReasoningContent = true - return false // stop iteration - } - } - return true - }) - - // If reasoning content is already present, the messages are properly formatted - // No need to modify - the client has correctly preserved reasoning in history - if hasReasoningContent { - log.Debugf("iflow executor: reasoning_content found in message history for %s", model) - } - - return body -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/iflow_executor_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/iflow_executor_test.go deleted file mode 100644 index e588548b0f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/iflow_executor_test.go +++ /dev/null @@ -1,67 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" -) - -func TestIFlowExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "glm-4", "glm-4", ""}, - {"glm with suffix", "glm-4.1-flash(high)", "glm-4.1-flash", "high"}, - {"minimax no suffix", "minimax-m2", "minimax-m2", ""}, - {"minimax with suffix", "minimax-m2.1(medium)", "minimax-m2.1", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} - -func TestPreserveReasoningContentInMessages(t *testing.T) { - tests := []struct { - name string - input []byte - want []byte // nil means output should equal input - }{ - { - "non-glm model passthrough", - []byte(`{"model":"gpt-4","messages":[]}`), - nil, - }, - { - "glm model with empty messages", - []byte(`{"model":"glm-4","messages":[]}`), - nil, - }, - { - "glm model preserves existing reasoning_content", - []byte(`{"model":"glm-4","messages":[{"role":"assistant","content":"hi","reasoning_content":"thinking..."}]}`), - nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := preserveReasoningContentInMessages(tt.input) - want := tt.want - if want == nil { - want = tt.input - } - if string(got) != string(want) { - t.Errorf("preserveReasoningContentInMessages() = %s, want %s", got, want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/kilo_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/kilo_executor.go deleted file mode 100644 index 34f620230f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/kilo_executor.go +++ /dev/null @@ -1,460 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "errors" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// KiloExecutor handles requests to Kilo API. -type KiloExecutor struct { - cfg *config.Config -} - -// NewKiloExecutor creates a new Kilo executor instance. -func NewKiloExecutor(cfg *config.Config) *KiloExecutor { - return &KiloExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiloExecutor) Identifier() string { return "kilo" } - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiloExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiloCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return fmt.Errorf("kilo: missing access token") - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest executes a raw HTTP request. -func (e *KiloExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kilo executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request. -func (e *KiloExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer httpResp.Body.Close() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - reporter.ensurePublished(ctx) - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil -} - -// ExecuteStream performs a streaming request. -func (e *KiloExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - httpResp.Body.Close() - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer httpResp.Body.Close() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// Refresh validates the Kilo token. -func (e *KiloExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, fmt.Errorf("missing auth") - } - return auth, nil -} - -// CountTokens returns the token count for the given request. -func (e *KiloExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, fmt.Errorf("kilo: count tokens not supported") -} - -// kiloCredentials extracts access token and other info from auth. -func kiloCredentials(auth *cliproxyauth.Auth) (accessToken, orgID string) { - if auth == nil { - return "", "" - } - - // Prefer kilocode specific keys, then fall back to generic keys. - // Check metadata first, then attributes. - if auth.Metadata != nil { - if token, ok := auth.Metadata["kilocodeToken"].(string); ok && token != "" { - accessToken = token - } else if token, ok := auth.Metadata["access_token"].(string); ok && token != "" { - accessToken = token - } - - if org, ok := auth.Metadata["kilocodeOrganizationId"].(string); ok && org != "" { - orgID = org - } else if org, ok := auth.Metadata["organization_id"].(string); ok && org != "" { - orgID = org - } - } - - if accessToken == "" && auth.Attributes != nil { - if token := auth.Attributes["kilocodeToken"]; token != "" { - accessToken = token - } else if token := auth.Attributes["access_token"]; token != "" { - accessToken = token - } - } - - if orgID == "" && auth.Attributes != nil { - if org := auth.Attributes["kilocodeOrganizationId"]; org != "" { - orgID = org - } else if org := auth.Attributes["organization_id"]; org != "" { - orgID = org - } - } - - return accessToken, orgID -} - -// FetchKiloModels fetches models from Kilo API. -func FetchKiloModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - log.Infof("kilo: no access token found, skipping dynamic model fetch (using static kilo/auto)") - return registry.GetKiloModels() - } - - log.Debugf("kilo: fetching dynamic models (orgID: %s)", orgID) - - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.kilo.ai/api/openrouter/models", nil) - if err != nil { - log.Warnf("kilo: failed to create model fetch request: %v", err) - return registry.GetKiloModels() - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - req.Header.Set("X-Kilocode-OrganizationID", orgID) - } - req.Header.Set("User-Agent", "cli-proxy-kilo") - - resp, err := httpClient.Do(req) - if err != nil { - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - log.Warnf("kilo: fetch models canceled: %v", err) - } else { - log.Warnf("kilo: using static models (API fetch failed: %v)", err) - } - return registry.GetKiloModels() - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Warnf("kilo: failed to read models response: %v", err) - return registry.GetKiloModels() - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("kilo: fetch models failed: status %d, body: %s", resp.StatusCode, string(body)) - return registry.GetKiloModels() - } - - result := gjson.GetBytes(body, "data") - if !result.Exists() { - // Try root if data field is missing - result = gjson.ParseBytes(body) - if !result.IsArray() { - log.Debugf("kilo: response body: %s", string(body)) - log.Warn("kilo: invalid API response format (expected array or data field with array)") - return registry.GetKiloModels() - } - } - - var dynamicModels []*registry.ModelInfo - now := time.Now().Unix() - count := 0 - totalCount := 0 - - result.ForEach(func(key, value gjson.Result) bool { - totalCount++ - id := value.Get("id").String() - pIdxResult := value.Get("preferredIndex") - preferredIndex := pIdxResult.Int() - - // Filter models where preferredIndex > 0 (Kilo-curated models) - if preferredIndex <= 0 { - return true - } - - // Check if it's free. We look for :free suffix, is_free flag, or zero pricing. - isFree := strings.HasSuffix(id, ":free") || id == "giga-potato" || value.Get("is_free").Bool() - if !isFree { - // Check pricing as fallback - promptPricing := value.Get("pricing.prompt").String() - if promptPricing == "0" || promptPricing == "0.0" { - isFree = true - } - } - - if !isFree { - log.Debugf("kilo: skipping curated paid model: %s", id) - return true - } - - log.Debugf("kilo: found curated model: %s (preferredIndex: %d)", id, preferredIndex) - - dynamicModels = append(dynamicModels, ®istry.ModelInfo{ - ID: id, - DisplayName: value.Get("name").String(), - ContextLength: int(value.Get("context_length").Int()), - OwnedBy: "kilo", - Type: "kilo", - Object: "model", - Created: now, - }) - count++ - return true - }) - - log.Infof("kilo: fetched %d models from API, %d curated free (preferredIndex > 0)", totalCount, count) - if count == 0 && totalCount > 0 { - log.Warn("kilo: no curated free models found (check API response fields)") - } - - staticModels := registry.GetKiloModels() - // Always include kilo/auto (first static model) - allModels := append(staticModels[:1], dynamicModels...) - - return allModels -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/kimi_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/kimi_executor.go deleted file mode 100644 index d5e3702f48..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/kimi_executor.go +++ /dev/null @@ -1,617 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - kimiauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kimi" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// KimiExecutor is a stateless executor for Kimi API using OpenAI-compatible chat completions. -type KimiExecutor struct { - ClaudeExecutor - cfg *config.Config -} - -// NewKimiExecutor creates a new Kimi executor. -func NewKimiExecutor(cfg *config.Config) *KimiExecutor { return &KimiExecutor{cfg: cfg} } - -// Identifier returns the executor identifier. -func (e *KimiExecutor) Identifier() string { return "kimi" } - -// PrepareRequest injects Kimi credentials into the outgoing HTTP request. -func (e *KimiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token := kimiCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Kimi credentials into the request and executes it. -func (e *KimiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kimi executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request to Kimi. -func (e *KimiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.Execute(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), false) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return resp, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return resp, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyKimiHeadersWithAuth(httpReq, token, false, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request to Kimi. -func (e *KimiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.ExecuteStream(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), true) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return nil, err - } - - body, err = sjson.SetBytes(body, "stream_options.include_usage", true) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set stream_options in payload: %w", err) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return nil, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyKimiHeadersWithAuth(httpReq, token, true, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 1_048_576) // 1MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens estimates token count for Kimi requests. -func (e *KimiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.CountTokens(ctx, auth, req, opts) -} - -func normalizeKimiToolMessageLinks(body []byte) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body, nil - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body, nil - } - - out := body - pending := make([]string, 0) - patched := 0 - patchedReasoning := 0 - ambiguous := 0 - latestReasoning := "" - hasLatestReasoning := false - - removePending := func(id string) { - for idx := range pending { - if pending[idx] != id { - continue - } - pending = append(pending[:idx], pending[idx+1:]...) - return - } - } - - msgs := messages.Array() - for msgIdx := range msgs { - msg := msgs[msgIdx] - role := strings.TrimSpace(msg.Get("role").String()) - switch role { - case "assistant": - reasoning := msg.Get("reasoning_content") - if reasoning.Exists() { - reasoningText := reasoning.String() - if strings.TrimSpace(reasoningText) != "" { - latestReasoning = reasoningText - hasLatestReasoning = true - } - } - - toolCalls := msg.Get("tool_calls") - if !toolCalls.Exists() || !toolCalls.IsArray() || len(toolCalls.Array()) == 0 { - continue - } - - if !reasoning.Exists() || strings.TrimSpace(reasoning.String()) == "" { - reasoningText := fallbackAssistantReasoning(msg, hasLatestReasoning, latestReasoning) - path := fmt.Sprintf("messages.%d.reasoning_content", msgIdx) - next, err := sjson.SetBytes(out, path, reasoningText) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set assistant reasoning_content: %w", err) - } - out = next - patchedReasoning++ - } - - for _, tc := range toolCalls.Array() { - id := strings.TrimSpace(tc.Get("id").String()) - if id == "" { - continue - } - pending = append(pending, id) - } - case "tool": - toolCallID := strings.TrimSpace(msg.Get("tool_call_id").String()) - if toolCallID == "" { - toolCallID = strings.TrimSpace(msg.Get("call_id").String()) - if toolCallID != "" { - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set tool_call_id from call_id: %w", err) - } - out = next - patched++ - } - } - if toolCallID == "" { - if len(pending) == 1 { - toolCallID = pending[0] - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to infer tool_call_id: %w", err) - } - out = next - patched++ - } else if len(pending) > 1 { - ambiguous++ - } - } - if toolCallID != "" { - removePending(toolCallID) - } - } - } - - if patched > 0 || patchedReasoning > 0 { - log.WithFields(log.Fields{ - "patched_tool_messages": patched, - "patched_reasoning_messages": patchedReasoning, - }).Debug("kimi executor: normalized tool message fields") - } - if ambiguous > 0 { - log.WithFields(log.Fields{ - "ambiguous_tool_messages": ambiguous, - "pending_tool_calls": len(pending), - }).Warn("kimi executor: tool messages missing tool_call_id with ambiguous candidates") - } - - return out, nil -} - -func fallbackAssistantReasoning(msg gjson.Result, hasLatest bool, latest string) string { - if hasLatest && strings.TrimSpace(latest) != "" { - return latest - } - - content := msg.Get("content") - if content.Type == gjson.String { - if text := strings.TrimSpace(content.String()); text != "" { - return text - } - } - if content.IsArray() { - parts := make([]string, 0, len(content.Array())) - for _, item := range content.Array() { - text := strings.TrimSpace(item.Get("text").String()) - if text == "" { - continue - } - parts = append(parts, text) - } - if len(parts) > 0 { - return strings.Join(parts, "\n") - } - } - - return "[reasoning unavailable]" -} - -// Refresh refreshes the Kimi token using the refresh token. -func (e *KimiExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("kimi executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("kimi executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - client := kimiauth.NewDeviceFlowClientWithDeviceID(e.cfg, resolveKimiDeviceID(auth)) - td, err := client.RefreshToken(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ExpiresAt > 0 { - exp := time.Unix(td.ExpiresAt, 0).UTC().Format(time.RFC3339) - auth.Metadata["expired"] = exp - } - auth.Metadata["type"] = "kimi" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// applyKimiHeaders sets required headers for Kimi API requests. -// Headers match kimi-cli client for compatibility. -func applyKimiHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - // Match kimi-cli headers exactly - r.Header.Set("User-Agent", "KimiCLI/1.10.6") - r.Header.Set("X-Msh-Platform", "kimi_cli") - r.Header.Set("X-Msh-Version", "1.10.6") - r.Header.Set("X-Msh-Device-Name", getKimiHostname()) - r.Header.Set("X-Msh-Device-Model", getKimiDeviceModel()) - r.Header.Set("X-Msh-Device-Id", getKimiDeviceID()) - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func resolveKimiDeviceIDFromAuth(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return "" - } - - deviceIDRaw, ok := auth.Metadata["device_id"] - if !ok { - return "" - } - - deviceID, ok := deviceIDRaw.(string) - if !ok { - return "" - } - - return strings.TrimSpace(deviceID) -} - -func resolveKimiDeviceIDFromStorage(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - - storage, ok := auth.Storage.(*kimiauth.KimiTokenStorage) - if !ok || storage == nil { - return "" - } - - return strings.TrimSpace(storage.DeviceID) -} - -func resolveKimiDeviceID(auth *cliproxyauth.Auth) string { - deviceID := resolveKimiDeviceIDFromAuth(auth) - if deviceID != "" { - return deviceID - } - return resolveKimiDeviceIDFromStorage(auth) -} - -func applyKimiHeadersWithAuth(r *http.Request, token string, stream bool, auth *cliproxyauth.Auth) { - applyKimiHeaders(r, token, stream) - - if deviceID := resolveKimiDeviceID(auth); deviceID != "" { - r.Header.Set("X-Msh-Device-Id", deviceID) - } -} - -// getKimiHostname returns the machine hostname. -func getKimiHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// getKimiDeviceModel returns a device model string matching kimi-cli format. -func getKimiDeviceModel() string { - return fmt.Sprintf("%s %s", runtime.GOOS, runtime.GOARCH) -} - -// getKimiDeviceID returns a stable device ID, matching kimi-cli storage location. -func getKimiDeviceID() string { - homeDir, err := os.UserHomeDir() - if err != nil { - return "cli-proxy-api-device" - } - // Check kimi-cli's device_id location first (platform-specific) - var kimiShareDir string - switch runtime.GOOS { - case "darwin": - kimiShareDir = filepath.Join(homeDir, "Library", "Application Support", "kimi") - case "windows": - appData := os.Getenv("APPDATA") - if appData == "" { - appData = filepath.Join(homeDir, "AppData", "Roaming") - } - kimiShareDir = filepath.Join(appData, "kimi") - default: // linux and other unix-like - kimiShareDir = filepath.Join(homeDir, ".local", "share", "kimi") - } - deviceIDPath := filepath.Join(kimiShareDir, "device_id") - if data, err := os.ReadFile(deviceIDPath); err == nil { - return strings.TrimSpace(string(data)) - } - return "cli-proxy-api-device" -} - -// kimiCreds extracts the access token from auth. -func kimiCreds(a *cliproxyauth.Auth) (token string) { - if a == nil { - return "" - } - // Check metadata first (OAuth flow stores tokens here) - if a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return v - } - } - // Fallback to attributes (API key style) - if a.Attributes != nil { - if v := a.Attributes["access_token"]; v != "" { - return v - } - if v := a.Attributes["api_key"]; v != "" { - return v - } - } - return "" -} - -// stripKimiPrefix removes the "kimi-" prefix from model names for the upstream API. -func stripKimiPrefix(model string) string { - model = strings.TrimSpace(model) - if strings.HasPrefix(strings.ToLower(model), "kimi-") { - return model[5:] - } - return model -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/kimi_executor_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/kimi_executor_test.go deleted file mode 100644 index 210ddb0ef9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/kimi_executor_test.go +++ /dev/null @@ -1,205 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestNormalizeKimiToolMessageLinks_UsesCallIDFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"list_directory:1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","call_id":"list_directory:1","content":"[]"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "list_directory:1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "list_directory:1") - } -} - -func TestNormalizeKimiToolMessageLinks_InferSinglePendingID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_123","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","content":"file-content"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_123" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_123") - } -} - -func TestNormalizeKimiToolMessageLinks_AmbiguousMissingIDIsNotInferred(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}, - {"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}} - ]}, - {"role":"tool","content":"result-without-id"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if gjson.GetBytes(out, "messages.1.tool_call_id").Exists() { - t.Fatalf("messages.1.tool_call_id should be absent for ambiguous case, got %q", gjson.GetBytes(out, "messages.1.tool_call_id").String()) - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingToolCallID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","tool_call_id":"call_1","call_id":"different-id","content":"result"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } -} - -func TestNormalizeKimiToolMessageLinks_InheritsPreviousReasoningForAssistantToolCalls(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"plan","reasoning_content":"previous reasoning"}, - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.reasoning_content").String() - if got != "previous reasoning" { - t.Fatalf("messages.1.reasoning_content = %q, want %q", got, "previous reasoning") - } -} - -func TestNormalizeKimiToolMessageLinks_InsertsFallbackReasoningWhenMissing(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - reasoning := gjson.GetBytes(out, "messages.0.reasoning_content") - if !reasoning.Exists() { - t.Fatalf("messages.0.reasoning_content should exist") - } - if reasoning.String() != "[reasoning unavailable]" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", reasoning.String(), "[reasoning unavailable]") - } -} - -func TestNormalizeKimiToolMessageLinks_UsesContentAsReasoningFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":[{"type":"text","text":"first line"},{"type":"text","text":"second line"}],"tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "first line\nsecond line" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "first line\nsecond line") - } -} - -func TestNormalizeKimiToolMessageLinks_ReplacesEmptyReasoningContent(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"assistant summary","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":""} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "assistant summary" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "assistant summary") - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingAssistantReasoning(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"keep me"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "keep me" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "keep me") - } -} - -func TestNormalizeKimiToolMessageLinks_RepairsIDsAndReasoningTogether(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"r1"}, - {"role":"tool","call_id":"call_1","content":"[]"}, - {"role":"assistant","tool_calls":[{"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","call_id":"call_2","content":"file"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if got := gjson.GetBytes(out, "messages.1.tool_call_id").String(); got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } - if got := gjson.GetBytes(out, "messages.3.tool_call_id").String(); got != "call_2" { - t.Fatalf("messages.3.tool_call_id = %q, want %q", got, "call_2") - } - if got := gjson.GetBytes(out, "messages.2.reasoning_content").String(); got != "r1" { - t.Fatalf("messages.2.reasoning_content = %q, want %q", got, "r1") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/kiro_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/kiro_executor.go deleted file mode 100644 index 3d1e2d5184..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/kiro_executor.go +++ /dev/null @@ -1,4830 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/base64" - "encoding/binary" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "syscall" - "time" - - "github.com/google/uuid" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - kiroclaude "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/claude" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - kiroopenai "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/openai" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro API common constants - kiroContentType = "application/json" - kiroAcceptStream = "*/*" - - // Event Stream frame size constants for boundary protection - // AWS Event Stream binary format: prelude (12 bytes) + headers + payload + message_crc (4 bytes) - // Prelude consists of: total_length (4) + headers_length (4) + prelude_crc (4) - minEventStreamFrameSize = 16 // Minimum: 4(total_len) + 4(headers_len) + 4(prelude_crc) + 4(message_crc) - maxEventStreamMsgSize = 10 << 20 // Maximum message length: 10MB - - // Event Stream error type constants - ErrStreamFatal = "fatal" // Connection/authentication errors, not recoverable - ErrStreamMalformed = "malformed" // Format errors, data cannot be parsed - - // kiroUserAgent matches Amazon Q CLI style for User-Agent header - kiroUserAgent = "aws-sdk-rust/1.3.9 os/macos lang/rust/1.87.0" - // kiroFullUserAgent is the complete x-amz-user-agent header (Amazon Q CLI style) - kiroFullUserAgent = "aws-sdk-rust/1.3.9 ua/2.1 api/ssooidc/1.88.0 os/macos lang/rust/1.87.0 m/E app/AmazonQ-For-CLI" - - // Kiro IDE style headers for IDC auth - kiroIDEUserAgent = "aws-sdk-js/1.0.27 ua/2.1 os/win32#10.0.19044 lang/js md/nodejs#22.21.1 api/codewhispererstreaming#1.0.27 m/E" - kiroIDEAmzUserAgent = "aws-sdk-js/1.0.27" - kiroIDEAgentModeVibe = "vibe" - - // Socket retry configuration constants - // Maximum number of retry attempts for socket/network errors - kiroSocketMaxRetries = 3 - // Base delay between retry attempts (uses exponential backoff: delay * 2^attempt) - kiroSocketBaseRetryDelay = 1 * time.Second - // Maximum delay between retry attempts (cap for exponential backoff) - kiroSocketMaxRetryDelay = 30 * time.Second - // First token timeout for streaming responses (how long to wait for first response) - kiroFirstTokenTimeout = 15 * time.Second - // Streaming read timeout (how long to wait between chunks) - kiroStreamingReadTimeout = 300 * time.Second -) - -// retryableHTTPStatusCodes defines HTTP status codes that are considered retryable. -// Based on kiro2Api reference: 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout) -var retryableHTTPStatusCodes = map[int]bool{ - 502: true, // Bad Gateway - upstream server error - 503: true, // Service Unavailable - server temporarily overloaded - 504: true, // Gateway Timeout - upstream server timeout -} - -// Real-time usage estimation configuration -// These control how often usage updates are sent during streaming -var ( - usageUpdateCharThreshold = 5000 // Send usage update every 5000 characters - usageUpdateTimeInterval = 15 * time.Second // Or every 15 seconds, whichever comes first -) - -// Global FingerprintManager for dynamic User-Agent generation per token -// Each token gets a unique fingerprint on first use, which is cached for subsequent requests -var ( - globalFingerprintManager *kiroauth.FingerprintManager - globalFingerprintManagerOnce sync.Once -) - -// getGlobalFingerprintManager returns the global FingerprintManager instance -func getGlobalFingerprintManager() *kiroauth.FingerprintManager { - globalFingerprintManagerOnce.Do(func() { - globalFingerprintManager = kiroauth.NewFingerprintManager() - log.Infof("kiro: initialized global FingerprintManager for dynamic UA generation") - }) - return globalFingerprintManager -} - -// retryConfig holds configuration for socket retry logic. -// Based on kiro2Api Python implementation patterns. -type retryConfig struct { - MaxRetries int // Maximum number of retry attempts - BaseDelay time.Duration // Base delay between retries (exponential backoff) - MaxDelay time.Duration // Maximum delay cap - RetryableErrors []string // List of retryable error patterns - RetryableStatus map[int]bool // HTTP status codes to retry - FirstTokenTmout time.Duration // Timeout for first token in streaming - StreamReadTmout time.Duration // Timeout between stream chunks -} - -// defaultRetryConfig returns the default retry configuration for Kiro socket operations. -func defaultRetryConfig() retryConfig { - return retryConfig{ - MaxRetries: kiroSocketMaxRetries, - BaseDelay: kiroSocketBaseRetryDelay, - MaxDelay: kiroSocketMaxRetryDelay, - RetryableStatus: retryableHTTPStatusCodes, - RetryableErrors: []string{ - "connection reset", - "connection refused", - "broken pipe", - "EOF", - "timeout", - "temporary failure", - "no such host", - "network is unreachable", - "i/o timeout", - }, - FirstTokenTmout: kiroFirstTokenTimeout, - StreamReadTmout: kiroStreamingReadTimeout, - } -} - -// isRetryableError checks if an error is retryable based on error type and message. -// Returns true for network timeouts, connection resets, and temporary failures. -// Based on kiro2Api's retry logic patterns. -func isRetryableError(err error) bool { - if err == nil { - return false - } - - // Check for context cancellation - not retryable - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - return false - } - - // Check for net.Error (timeout, temporary) - var netErr net.Error - if errors.As(err, &netErr) { - if netErr.Timeout() { - log.Debugf("kiro: isRetryableError: network timeout detected") - return true - } - // Note: Temporary() is deprecated but still useful for some error types - } - - // Check for specific syscall errors (connection reset, broken pipe, etc.) - var syscallErr syscall.Errno - if errors.As(err, &syscallErr) { - switch syscallErr { - case syscall.ECONNRESET: // Connection reset by peer - log.Debugf("kiro: isRetryableError: ECONNRESET detected") - return true - case syscall.ECONNREFUSED: // Connection refused - log.Debugf("kiro: isRetryableError: ECONNREFUSED detected") - return true - case syscall.EPIPE: // Broken pipe - log.Debugf("kiro: isRetryableError: EPIPE (broken pipe) detected") - return true - case syscall.ETIMEDOUT: // Connection timed out - log.Debugf("kiro: isRetryableError: ETIMEDOUT detected") - return true - case syscall.ENETUNREACH: // Network is unreachable - log.Debugf("kiro: isRetryableError: ENETUNREACH detected") - return true - case syscall.EHOSTUNREACH: // No route to host - log.Debugf("kiro: isRetryableError: EHOSTUNREACH detected") - return true - } - } - - // Check for net.OpError wrapping other errors - var opErr *net.OpError - if errors.As(err, &opErr) { - log.Debugf("kiro: isRetryableError: net.OpError detected, op=%s", opErr.Op) - // Recursively check the wrapped error - if opErr.Err != nil { - return isRetryableError(opErr.Err) - } - return true - } - - // Check error message for retryable patterns - errMsg := strings.ToLower(err.Error()) - cfg := defaultRetryConfig() - for _, pattern := range cfg.RetryableErrors { - if strings.Contains(errMsg, pattern) { - log.Debugf("kiro: isRetryableError: pattern '%s' matched in error: %s", pattern, errMsg) - return true - } - } - - // Check for EOF which may indicate connection was closed - if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { - log.Debugf("kiro: isRetryableError: EOF/UnexpectedEOF detected") - return true - } - - return false -} - -// isRetryableHTTPStatus checks if an HTTP status code is retryable. -// Based on kiro2Api: 502, 503, 504 are retryable server errors. -func isRetryableHTTPStatus(statusCode int) bool { - return retryableHTTPStatusCodes[statusCode] -} - -// calculateRetryDelay calculates the delay for the next retry attempt using exponential backoff. -// delay = min(baseDelay * 2^attempt, maxDelay) -// Adds ±30% jitter to prevent thundering herd. -func calculateRetryDelay(attempt int, cfg retryConfig) time.Duration { - return kiroauth.ExponentialBackoffWithJitter(attempt, cfg.BaseDelay, cfg.MaxDelay) -} - -// logRetryAttempt logs a retry attempt with relevant context. -func logRetryAttempt(attempt, maxRetries int, reason string, delay time.Duration, endpoint string) { - log.Warnf("kiro: retry attempt %d/%d for %s, waiting %v before next attempt (endpoint: %s)", - attempt+1, maxRetries, reason, delay, endpoint) -} - -// kiroHTTPClientPool provides a shared HTTP client with connection pooling for Kiro API. -// This reduces connection overhead and improves performance for concurrent requests. -// Based on kiro2Api's connection pooling pattern. -var ( - kiroHTTPClientPool *http.Client - kiroHTTPClientPoolOnce sync.Once -) - -// getKiroPooledHTTPClient returns a shared HTTP client with optimized connection pooling. -// The client is lazily initialized on first use and reused across requests. -// This is especially beneficial for: -// - Reducing TCP handshake overhead -// - Enabling HTTP/2 multiplexing -// - Better handling of keep-alive connections -func getKiroPooledHTTPClient() *http.Client { - kiroHTTPClientPoolOnce.Do(func() { - transport := &http.Transport{ - // Connection pool settings - MaxIdleConns: 100, // Max idle connections across all hosts - MaxIdleConnsPerHost: 20, // Max idle connections per host - MaxConnsPerHost: 50, // Max total connections per host - IdleConnTimeout: 90 * time.Second, // How long idle connections stay in pool - - // Timeouts for connection establishment - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, // TCP connection timeout - KeepAlive: 30 * time.Second, // TCP keep-alive interval - }).DialContext, - - // TLS handshake timeout - TLSHandshakeTimeout: 10 * time.Second, - - // Response header timeout - ResponseHeaderTimeout: 30 * time.Second, - - // Expect 100-continue timeout - ExpectContinueTimeout: 1 * time.Second, - - // Enable HTTP/2 when available - ForceAttemptHTTP2: true, - } - - kiroHTTPClientPool = &http.Client{ - Transport: transport, - // No global timeout - let individual requests set their own timeouts via context - } - - log.Debugf("kiro: initialized pooled HTTP client (MaxIdleConns=%d, MaxIdleConnsPerHost=%d, MaxConnsPerHost=%d)", - transport.MaxIdleConns, transport.MaxIdleConnsPerHost, transport.MaxConnsPerHost) - }) - - return kiroHTTPClientPool -} - -// newKiroHTTPClientWithPooling creates an HTTP client that uses connection pooling when appropriate. -// It respects proxy configuration from auth or config, falling back to the pooled client. -// This provides the best of both worlds: custom proxy support + connection reuse. -func newKiroHTTPClientWithPooling(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - // Check if a proxy is configured - if so, we need a custom client - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // If proxy is configured, use the existing proxy-aware client (doesn't pool) - if proxyURL != "" { - log.Debugf("kiro: using proxy-aware HTTP client (proxy=%s)", proxyURL) - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) - } - - // No proxy - use pooled client for better performance - pooledClient := getKiroPooledHTTPClient() - - // If timeout is specified, we need to wrap the pooled transport with timeout - if timeout > 0 { - return &http.Client{ - Transport: pooledClient.Transport, - Timeout: timeout, - } - } - - return pooledClient -} - -// kiroEndpointConfig bundles endpoint URL with its compatible Origin and AmzTarget values. -// This solves the "triple mismatch" problem where different endpoints require matching -// Origin and X-Amz-Target header values. -// -// Based on reference implementations: -// - amq2api-main: Uses Amazon Q endpoint with CLI origin and AmazonQDeveloperStreamingService target -// - AIClient-2-API: Uses CodeWhisperer endpoint with AI_EDITOR origin and AmazonCodeWhispererStreamingService target -type kiroEndpointConfig struct { - URL string // Endpoint URL - Origin string // Request Origin: "CLI" for Amazon Q quota, "AI_EDITOR" for Kiro IDE quota - AmzTarget string // X-Amz-Target header value - Name string // Endpoint name for logging -} - -// kiroDefaultRegion is the default AWS region for Kiro API endpoints. -// Used when no region is specified in auth metadata. -const kiroDefaultRegion = "us-east-1" - -// extractRegionFromProfileARN extracts the AWS region from a ProfileARN. -// ARN format: arn:aws:codewhisperer:REGION:ACCOUNT:profile/PROFILE_ID -// Returns empty string if region cannot be extracted. -func extractRegionFromProfileARN(profileArn string) string { - if profileArn == "" { - return "" - } - parts := strings.Split(profileArn, ":") - if len(parts) >= 4 && parts[3] != "" { - return parts[3] - } - return "" -} - -// buildKiroEndpointConfigs creates endpoint configurations for the specified region. -// This enables dynamic region support for Enterprise/IdC users in non-us-east-1 regions. -// -// Uses Q endpoint (q.{region}.amazonaws.com) as primary for ALL auth types: -// - Works universally across all AWS regions (CodeWhisperer endpoint only exists in us-east-1) -// - Uses /generateAssistantResponse path with AI_EDITOR origin -// - Does NOT require X-Amz-Target header -// -// The AmzTarget field is kept for backward compatibility but should be empty -// to indicate that the header should NOT be set. -func buildKiroEndpointConfigs(region string) []kiroEndpointConfig { - if region == "" { - region = kiroDefaultRegion - } - return []kiroEndpointConfig{ - { - // Primary: Q endpoint - works for all regions and auth types - URL: fmt.Sprintf("https://q.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "", // Empty = don't set X-Amz-Target header - Name: "AmazonQ", - }, - { - // Fallback: CodeWhisperer endpoint (legacy, only works in us-east-1) - URL: fmt.Sprintf("https://codewhisperer.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "AmazonCodeWhispererStreamingService.GenerateAssistantResponse", - Name: "CodeWhisperer", - }, - } -} - -// resolveKiroAPIRegion determines the AWS region for Kiro API calls. -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func resolveKiroAPIRegion(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return kiroDefaultRegion - } - // Priority 1: Explicit api_region override - if r, ok := auth.Metadata["api_region"].(string); ok && r != "" { - log.Debugf("kiro: using region %s (source: api_region)", r) - return r - } - // Priority 2: Extract from ProfileARN - if profileArn, ok := auth.Metadata["profile_arn"].(string); ok && profileArn != "" { - if arnRegion := extractRegionFromProfileARN(profileArn); arnRegion != "" { - log.Debugf("kiro: using region %s (source: profile_arn)", arnRegion) - return arnRegion - } - } - // Note: OIDC "region" field is NOT used for API endpoint - // Kiro API only exists in us-east-1, while OIDC region can vary (e.g., ap-northeast-2) - // Using OIDC region for API calls causes DNS failures - log.Debugf("kiro: using region %s (source: default)", kiroDefaultRegion) - return kiroDefaultRegion -} - -// kiroEndpointConfigs is kept for backward compatibility with default us-east-1 region. -// Prefer using buildKiroEndpointConfigs(region) for dynamic region support. -var kiroEndpointConfigs = buildKiroEndpointConfigs(kiroDefaultRegion) - -// getKiroEndpointConfigs returns the list of Kiro API endpoint configurations to try in order. -// Supports dynamic region based on auth metadata "api_region", "profile_arn", or "region" field. -// Supports reordering based on "preferred_endpoint" in auth metadata/attributes. -// -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig { - if auth == nil { - return kiroEndpointConfigs - } - - // Determine API region using shared resolution logic - region := resolveKiroAPIRegion(auth) - - // Build endpoint configs for the specified region - endpointConfigs := buildKiroEndpointConfigs(region) - - // For IDC auth, use Q endpoint with AI_EDITOR origin - // IDC tokens work with Q endpoint using Bearer auth - // The difference is only in how tokens are refreshed (OIDC with clientId/clientSecret for IDC) - // NOT in how API calls are made - both Social and IDC use the same endpoint/origin - if auth.Metadata != nil { - authMethod, _ := auth.Metadata["auth_method"].(string) - if strings.ToLower(authMethod) == "idc" { - log.Debugf("kiro: IDC auth, using Q endpoint (region: %s)", region) - return endpointConfigs - } - } - - // Check for preference - var preference string - if auth.Metadata != nil { - if p, ok := auth.Metadata["preferred_endpoint"].(string); ok { - preference = p - } - } - // Check attributes as fallback (e.g. from HTTP headers) - if preference == "" && auth.Attributes != nil { - preference = auth.Attributes["preferred_endpoint"] - } - - if preference == "" { - return endpointConfigs - } - - preference = strings.ToLower(strings.TrimSpace(preference)) - - // Create new slice to avoid modifying global state - var sorted []kiroEndpointConfig - var remaining []kiroEndpointConfig - - for _, cfg := range endpointConfigs { - name := strings.ToLower(cfg.Name) - // Check for matches - // CodeWhisperer aliases: codewhisperer, ide - // AmazonQ aliases: amazonq, q, cli - isMatch := false - if (preference == "codewhisperer" || preference == "ide") && name == "codewhisperer" { - isMatch = true - } else if (preference == "amazonq" || preference == "q" || preference == "cli") && name == "amazonq" { - isMatch = true - } - - if isMatch { - sorted = append(sorted, cfg) - } else { - remaining = append(remaining, cfg) - } - } - - // If preference didn't match anything, return default - if len(sorted) == 0 { - return endpointConfigs - } - - // Combine: preferred first, then others - return append(sorted, remaining...) -} - -// KiroExecutor handles requests to AWS CodeWhisperer (Kiro) API. -type KiroExecutor struct { - cfg *config.Config - refreshMu sync.Mutex // Serializes token refresh operations to prevent race conditions -} - -// isIDCAuth checks if the auth uses IDC (Identity Center) authentication method. -func isIDCAuth(auth *cliproxyauth.Auth) bool { - if auth == nil || auth.Metadata == nil { - return false - } - authMethod, _ := auth.Metadata["auth_method"].(string) - return strings.ToLower(authMethod) == "idc" -} - -// buildKiroPayloadForFormat builds the Kiro API payload based on the source format. -// This is critical because OpenAI and Claude formats have different tool structures: -// - OpenAI: tools[].function.name, tools[].function.description -// - Claude: tools[].name, tools[].description -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// Returns the serialized JSON payload and a boolean indicating whether thinking mode was injected. -func buildKiroPayloadForFormat(body []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, sourceFormat sdktranslator.Format, headers http.Header) ([]byte, bool) { - switch sourceFormat.String() { - case "openai": - log.Debugf("kiro: using OpenAI payload builder for source format: %s", sourceFormat.String()) - return kiroopenai.BuildKiroPayloadFromOpenAI(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - case "kiro": - // Body is already in Kiro format — pass through directly - log.Debugf("kiro: body already in Kiro format, passing through directly") - return body, false - default: - // Default to Claude format - log.Debugf("kiro: using Claude payload builder for source format: %s", sourceFormat.String()) - return kiroclaude.BuildKiroPayload(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - } -} - -// NewKiroExecutor creates a new Kiro executor instance. -func NewKiroExecutor(cfg *config.Config) *KiroExecutor { - return &KiroExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiroExecutor) Identifier() string { return "kiro" } - -// applyDynamicFingerprint applies token-specific fingerprint headers to the request -// For IDC auth, uses dynamic fingerprint-based User-Agent -// For other auth types, uses static Amazon Q CLI style headers -func applyDynamicFingerprint(req *http.Request, auth *cliproxyauth.Auth) { - if isIDCAuth(auth) { - // Get token-specific fingerprint for dynamic UA generation - tokenKey := getTokenKey(auth) - fp := getGlobalFingerprintManager().GetFingerprint(tokenKey) - - // Use fingerprint-generated dynamic User-Agent - req.Header.Set("User-Agent", fp.BuildUserAgent()) - req.Header.Set("X-Amz-User-Agent", fp.BuildAmzUserAgent()) - req.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - - log.Debugf("kiro: using dynamic fingerprint for token %s (SDK:%s, OS:%s/%s, Kiro:%s)", - tokenKey[:8]+"...", fp.SDKVersion, fp.OSType, fp.OSVersion, fp.KiroVersion) - } else { - // Use static Amazon Q CLI style headers for non-IDC auth - req.Header.Set("User-Agent", kiroUserAgent) - req.Header.Set("X-Amz-User-Agent", kiroFullUserAgent) - } -} - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiroExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiroCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(req, auth) - - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Kiro credentials into the request and executes it. -func (e *KiroExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kiro executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// getTokenKey returns a unique key for rate limiting based on auth credentials. -// Uses auth ID if available, otherwise falls back to a hash of the access token. -func getTokenKey(auth *cliproxyauth.Auth) string { - if auth != nil && auth.ID != "" { - return auth.ID - } - accessToken, _ := kiroCredentials(auth) - if len(accessToken) > 16 { - return accessToken[:16] - } - return accessToken -} - -// Execute sends the request to Kiro API and returns the response. -// Supports automatic token refresh on 401/403 errors. -func (e *KiroExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return resp, fmt.Errorf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh), expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request (non-stream), routing to MCP endpoint") - return e.handleWebSearch(ctx, auth, req, opts, accessToken, profileArn) - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeWithRetry for each endpoint - resp, err = e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, nil, body, from, to, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} - -// executeWithRetry performs the actual HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, kiroPayload, body []byte, from, to sdktranslator.Format, reporter *usageReporter, currentOrigin, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (cliproxyexecutor.Response, error) { - var resp cliproxyexecutor.Response - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first request (not on retries) - // This mimics natural user behavior patterns - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return resp, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 120*time.Second) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - // Check for context cancellation first - client disconnected, not a server error - // Use 499 (Client Closed Request - nginx convention) instead of 500 - if errors.Is(err, context.Canceled) { - log.Debugf("kiro: request canceled by client (context.Canceled)") - return resp, statusErr{code: 499, msg: "client canceled request"} - } - - // Check for context deadline exceeded - request timed out - // Return 504 Gateway Timeout instead of 500 - if errors.Is(err, context.DeadlineExceeded) { - log.Debugf("kiro: request timed out (context.DeadlineExceeded)") - return resp, statusErr{code: http.StatusGatewayTimeout, msg: "upstream request timed out"} - } - - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: server error %d after %d retries", httpResp.StatusCode, maxRetries) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro request error, status: 401, body: %s", summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - respBodyStr := string(respBody) - - // Check for SUSPENDED status - return immediately without retry - if strings.Contains(respBodyStr, "SUSPENDED") || strings.Contains(respBodyStr, "TEMPORARILY_SUSPENDED") { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return resp, statusErr{code: httpResp.StatusCode, msg: "account suspended: " + string(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro request error, status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - content, toolUses, usageInfo, stopReason, err := e.parseEventStream(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - - // Fallback for usage if missing from upstream - - // 1. Estimate InputTokens if missing - if usageInfo.InputTokens == 0 { - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if inp, countErr := countOpenAIChatTokens(enc, opts.OriginalRequest); countErr == nil { - usageInfo.InputTokens = inp - } - } - } - - // 2. Estimate OutputTokens if missing and content is available - if usageInfo.OutputTokens == 0 && len(content) > 0 { - // Use tiktoken for more accurate output token calculation - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if tokenCount, countErr := enc.Count(content); countErr == nil { - usageInfo.OutputTokens = int64(tokenCount) - } - } - // Fallback to character count estimation if tiktoken fails - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = int64(len(content) / 4) - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = 1 - } - } - } - - // 3. Update TotalTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - appendAPIResponseChunk(ctx, e.cfg, []byte(content)) - reporter.publish(ctx, usageInfo) - - // Record success for rate limiting - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: request successful, token %s marked as success", tokenKey) - - // Build response in Claude format for Kiro translator - // stopReason is extracted from upstream response by parseEventStream - requestedModel := payloadRequestedModel(opts, req.Model) - kiroResponse := kiroclaude.BuildClaudeResponse(content, toolUses, requestedModel, usageInfo, stopReason) - out := sdktranslator.TranslateNonStream(ctx, to, from, requestedModel, bytes.Clone(opts.OriginalRequest), body, kiroResponse, nil) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return resp, last429Err - } - return resp, fmt.Errorf("kiro: all endpoints exhausted") -} - -// ExecuteStream handles streaming requests to Kiro API. -// Supports automatic token refresh on 401/403 errors and quota fallback on 429. -func (e *KiroExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return nil, fmt.Errorf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: stream waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: stream rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery before stream request") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh) for stream, expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh for stream", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before stream request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request, routing to MCP endpoint") - streamWebSearch, errWebSearch := e.handleWebSearchStream(ctx, auth, req, opts, accessToken, profileArn) - if errWebSearch != nil { - return nil, errWebSearch - } - return &cliproxyexecutor.StreamResult{Chunks: streamWebSearch}, nil - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute stream with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeStreamWithRetry for each endpoint - streamKiro, errStreamKiro := e.executeStreamWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, nil, body, from, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey) - if errStreamKiro != nil { - return nil, errStreamKiro - } - return &cliproxyexecutor.StreamResult{Chunks: streamKiro}, nil -} - -// executeStreamWithRetry performs the streaming HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeStreamWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, kiroPayload, body []byte, from sdktranslator.Format, reporter *usageReporter, currentOrigin, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (<-chan cliproxyexecutor.StreamChunk, error) { - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, thinkingEnabled := buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: stream trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first streaming request (not on retries) - // This mimics natural user behavior patterns - // Note: Delay is NOT applied during streaming response - only before initial request - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return nil, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry for streaming: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: stream rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: stream %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: stream server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: stream server error %d after %d retries", httpResp.StatusCode, maxRetries) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 400 errors - Credential/Validation issues - // Do NOT switch endpoints - return error immediately - if httpResp.StatusCode == 400 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 400 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // 400 errors indicate request validation issues - return immediately without retry - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying stream request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro stream error, status: 401, body: %s", string(respBody)) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: stream received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, string(respBody)) - - respBodyStr := string(respBody) - - // Check for SUSPENDED status - return immediately without retry - if strings.Contains(respBodyStr, "SUSPENDED") || strings.Contains(respBodyStr, "TEMPORARILY_SUSPENDED") { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: stream account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return nil, statusErr{code: httpResp.StatusCode, msg: "account suspended: " + string(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying stream request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro stream error, status: %d, body: %s", httpResp.StatusCode, string(b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - - // Record success immediately since connection was established successfully - // Streaming errors will be handled separately - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: stream request successful, token %s marked as success", tokenKey) - - go func(resp *http.Response, thinkingEnabled bool) { - defer close(out) - defer func() { - if r := recover(); r != nil { - log.Errorf("kiro: panic in stream handler: %v", r) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("internal error: %v", r)} - } - }() - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // Kiro API always returns tags regardless of request parameters - // So we always enable thinking parsing for Kiro responses - log.Debugf("kiro: stream thinkingEnabled = %v (always true for Kiro)", thinkingEnabled) - - e.streamToChannel(ctx, resp.Body, out, from, payloadRequestedModel(opts, req.Model), opts.OriginalRequest, body, reporter, thinkingEnabled) - }(httpResp, thinkingEnabled) - - return out, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return nil, last429Err - } - return nil, fmt.Errorf("kiro: stream all endpoints exhausted") -} - -// kiroCredentials extracts access token and profile ARN from auth. -func kiroCredentials(auth *cliproxyauth.Auth) (accessToken, profileArn string) { - if auth == nil { - return "", "" - } - - // Try Metadata first (wrapper format) - if auth.Metadata != nil { - if token, ok := auth.Metadata["access_token"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profile_arn"].(string); ok { - profileArn = arn - } - } - - // Try Attributes - if accessToken == "" && auth.Attributes != nil { - accessToken = auth.Attributes["access_token"] - profileArn = auth.Attributes["profile_arn"] - } - - // Try direct fields from flat JSON format (new AWS Builder ID format) - if accessToken == "" && auth.Metadata != nil { - if token, ok := auth.Metadata["accessToken"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profileArn"].(string); ok { - profileArn = arn - } - } - - return accessToken, profileArn -} - -// findRealThinkingEndTag finds the real end tag, skipping false positives. -// Returns -1 if no real end tag is found. -// -// Real tags from Kiro API have specific characteristics: -// - Usually preceded by newline (.\n) -// - Usually followed by newline (\n\n) -// - Not inside code blocks or inline code -// -// False positives (discussion text) have characteristics: -// - In the middle of a sentence -// - Preceded by discussion words like "标签", "tag", "returns" -// - Inside code blocks or inline code -// -// Parameters: -// - content: the content to search in -// - alreadyInCodeBlock: whether we're already inside a code block from previous chunks -// - alreadyInInlineCode: whether we're already inside inline code from previous chunks -func findRealThinkingEndTag(content string, alreadyInCodeBlock, alreadyInInlineCode bool) int { - searchStart := 0 - for { - endIdx := strings.Index(content[searchStart:], kirocommon.ThinkingEndTag) - if endIdx < 0 { - return -1 - } - endIdx += searchStart // Adjust to absolute position - - textBeforeEnd := content[:endIdx] - textAfterEnd := content[endIdx+len(kirocommon.ThinkingEndTag):] - - // Check 1: Is it inside inline code? - // Count backticks in current content and add state from previous chunks - backtickCount := strings.Count(textBeforeEnd, "`") - effectiveInInlineCode := alreadyInInlineCode - if backtickCount%2 == 1 { - effectiveInInlineCode = !effectiveInInlineCode - } - if effectiveInInlineCode { - log.Debugf("kiro: found inside inline code at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - - // Check 2: Is it inside a code block? - // Count fences in current content and add state from previous chunks - fenceCount := strings.Count(textBeforeEnd, "```") - altFenceCount := strings.Count(textBeforeEnd, "~~~") - effectiveInCodeBlock := alreadyInCodeBlock - if fenceCount%2 == 1 || altFenceCount%2 == 1 { - effectiveInCodeBlock = !effectiveInCodeBlock - } - if effectiveInCodeBlock { - log.Debugf("kiro: found inside code block at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - - // Check 3: Real tags are usually preceded by newline or at start - // and followed by newline or at end. Check the format. - charBeforeTag := byte(0) - if endIdx > 0 { - charBeforeTag = content[endIdx-1] - } - charAfterTag := byte(0) - if len(textAfterEnd) > 0 { - charAfterTag = textAfterEnd[0] - } - - // Real end tag format: preceded by newline OR end of sentence (. ! ?) - // and followed by newline OR end of content - isPrecededByNewlineOrSentenceEnd := charBeforeTag == '\n' || charBeforeTag == '.' || - charBeforeTag == '!' || charBeforeTag == '?' || charBeforeTag == 0 - isFollowedByNewlineOrEnd := charAfterTag == '\n' || charAfterTag == 0 - - // If the tag has proper formatting (newline before/after), it's likely real - if isPrecededByNewlineOrSentenceEnd && isFollowedByNewlineOrEnd { - log.Debugf("kiro: found properly formatted at pos %d", endIdx) - return endIdx - } - - // Check 4: Is the tag preceded by discussion keywords on the same line? - lastNewlineIdx := strings.LastIndex(textBeforeEnd, "\n") - lineBeforeTag := textBeforeEnd - if lastNewlineIdx >= 0 { - lineBeforeTag = textBeforeEnd[lastNewlineIdx+1:] - } - lineBeforeTagLower := strings.ToLower(lineBeforeTag) - - // Discussion patterns - if found, this is likely discussion text - discussionPatterns := []string{ - "标签", "返回", "输出", "包含", "使用", "解析", "转换", "生成", // Chinese - "tag", "return", "output", "contain", "use", "parse", "emit", "convert", "generate", // English - "", // discussing both tags together - "``", // explicitly in inline code - } - isDiscussion := false - for _, pattern := range discussionPatterns { - if strings.Contains(lineBeforeTagLower, pattern) { - isDiscussion = true - break - } - } - if isDiscussion { - log.Debugf("kiro: found after discussion text at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - - // Check 5: Is there text immediately after on the same line? - // Real end tags don't have text immediately after on the same line - if len(textAfterEnd) > 0 && charAfterTag != '\n' && charAfterTag != 0 { - // Find the next newline - nextNewline := strings.Index(textAfterEnd, "\n") - var textOnSameLine string - if nextNewline >= 0 { - textOnSameLine = textAfterEnd[:nextNewline] - } else { - textOnSameLine = textAfterEnd - } - // If there's non-whitespace text on the same line after the tag, it's discussion - if strings.TrimSpace(textOnSameLine) != "" { - log.Debugf("kiro: found with text after on same line at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - } - - // Check 6: Is there another tag after this ? - if strings.Contains(textAfterEnd, kirocommon.ThinkingStartTag) { - nextStartIdx := strings.Index(textAfterEnd, kirocommon.ThinkingStartTag) - textBeforeNextStart := textAfterEnd[:nextStartIdx] - nextBacktickCount := strings.Count(textBeforeNextStart, "`") - nextFenceCount := strings.Count(textBeforeNextStart, "```") - nextAltFenceCount := strings.Count(textBeforeNextStart, "~~~") - - // If the next is NOT in code, then this is discussion text - if nextBacktickCount%2 == 0 && nextFenceCount%2 == 0 && nextAltFenceCount%2 == 0 { - log.Debugf("kiro: found followed by at pos %d, likely discussion text, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - } - - // This looks like a real end tag - return endIdx - } -} - -// determineAgenticMode determines if the model is an agentic or chat-only variant. -// Returns (isAgentic, isChatOnly) based on model name suffixes. -func determineAgenticMode(model string) (isAgentic, isChatOnly bool) { - isAgentic = strings.HasSuffix(model, "-agentic") - isChatOnly = strings.HasSuffix(model, "-chat") - return isAgentic, isChatOnly -} - -// getEffectiveProfileArn determines if profileArn should be included based on auth method. -// profileArn is only needed for social auth (Google OAuth), not for AWS SSO OIDC (Builder ID/IDC). -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) -func getEffectiveProfileArn(auth *cliproxyauth.Auth, profileArn string) string { - if auth != nil && auth.Metadata != nil { - // Check 1: auth_method field (from CLIProxyAPI tokens) - if authMethod, ok := auth.Metadata["auth_method"].(string); ok && (authMethod == "builder-id" || authMethod == "idc") { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 2: auth_type field (from kiro-cli tokens) - if authType, ok := auth.Metadata["auth_type"].(string); ok && authType == "aws_sso_oidc" { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 3: client_id + client_secret presence (AWS SSO OIDC signature) - _, hasClientID := auth.Metadata["client_id"].(string) - _, hasClientSecret := auth.Metadata["client_secret"].(string) - if hasClientID && hasClientSecret { - return "" // AWS SSO OIDC - don't include profileArn - } - } - return profileArn -} - -// getEffectiveProfileArnWithWarning determines if profileArn should be included based on auth method, -// and logs a warning if profileArn is missing for non-builder-id auth. -// This consolidates the auth_method check that was previously done separately. -// -// AWS SSO OIDC (Builder ID/IDC) users don't need profileArn - sending it causes 403 errors. -// Only Kiro Desktop (social auth like Google/GitHub) users need profileArn. -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) -func getEffectiveProfileArnWithWarning(auth *cliproxyauth.Auth, profileArn string) string { - if auth != nil && auth.Metadata != nil { - // Check 1: auth_method field (from CLIProxyAPI tokens) - if authMethod, ok := auth.Metadata["auth_method"].(string); ok && (authMethod == "builder-id" || authMethod == "idc") { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 2: auth_type field (from kiro-cli tokens) - if authType, ok := auth.Metadata["auth_type"].(string); ok && authType == "aws_sso_oidc" { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 3: client_id + client_secret presence (AWS SSO OIDC signature, like kiro-openai-gateway) - _, hasClientID := auth.Metadata["client_id"].(string) - _, hasClientSecret := auth.Metadata["client_secret"].(string) - if hasClientID && hasClientSecret { - return "" // AWS SSO OIDC - don't include profileArn - } - } - // For social auth (Kiro Desktop), profileArn is required - if profileArn == "" { - log.Warnf("kiro: profile ARN not found in auth, API calls may fail") - } - return profileArn -} - -// mapModelToKiro maps external model names to Kiro model IDs. -// Supports both Kiro and Amazon Q prefixes since they use the same API. -// Agentic variants (-agentic suffix) map to the same backend model IDs. -func (e *KiroExecutor) mapModelToKiro(model string) string { - modelMap := map[string]string{ - // Amazon Q format (amazonq- prefix) - same API as Kiro - "amazonq-auto": "auto", - "amazonq-claude-opus-4-6": "claude-opus-4.6", - "amazonq-claude-sonnet-4-6": "claude-sonnet-4.6", - "amazonq-claude-opus-4-5": "claude-opus-4.5", - "amazonq-claude-sonnet-4-5": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4": "claude-sonnet-4", - "amazonq-claude-sonnet-4-20250514": "claude-sonnet-4", - "amazonq-claude-haiku-4-5": "claude-haiku-4.5", - // Kiro format (kiro- prefix) - valid model names that should be preserved - "kiro-claude-opus-4-6": "claude-opus-4.6", - "kiro-claude-sonnet-4-6": "claude-sonnet-4.6", - "kiro-claude-opus-4-5": "claude-opus-4.5", - "kiro-claude-sonnet-4-5": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "kiro-claude-sonnet-4": "claude-sonnet-4", - "kiro-claude-sonnet-4-20250514": "claude-sonnet-4", - "kiro-claude-haiku-4-5": "claude-haiku-4.5", - "kiro-auto": "auto", - // Native format (no prefix) - used by Kiro IDE directly - "claude-opus-4-6": "claude-opus-4.6", - "claude-opus-4.6": "claude-opus-4.6", - "claude-sonnet-4-6": "claude-sonnet-4.6", - "claude-sonnet-4.6": "claude-sonnet-4.6", - "claude-opus-4-5": "claude-opus-4.5", - "claude-opus-4.5": "claude-opus-4.5", - "claude-haiku-4-5": "claude-haiku-4.5", - "claude-haiku-4.5": "claude-haiku-4.5", - "claude-sonnet-4-5": "claude-sonnet-4.5", - "claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "claude-sonnet-4.5": "claude-sonnet-4.5", - "claude-sonnet-4": "claude-sonnet-4", - "claude-sonnet-4-20250514": "claude-sonnet-4", - "auto": "auto", - // Agentic variants (same backend model IDs, but with special system prompt) - "claude-opus-4.6-agentic": "claude-opus-4.6", - "claude-sonnet-4.6-agentic": "claude-sonnet-4.6", - "claude-opus-4.5-agentic": "claude-opus-4.5", - "claude-sonnet-4.5-agentic": "claude-sonnet-4.5", - "claude-sonnet-4-agentic": "claude-sonnet-4", - "claude-haiku-4.5-agentic": "claude-haiku-4.5", - "kiro-claude-opus-4-6-agentic": "claude-opus-4.6", - "kiro-claude-sonnet-4-6-agentic": "claude-sonnet-4.6", - "kiro-claude-opus-4-5-agentic": "claude-opus-4.5", - "kiro-claude-sonnet-4-5-agentic": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-agentic": "claude-sonnet-4", - "kiro-claude-haiku-4-5-agentic": "claude-haiku-4.5", - } - if kiroID, ok := modelMap[model]; ok { - return kiroID - } - - // Smart fallback: try to infer model type from name patterns - modelLower := strings.ToLower(model) - - // Check for Haiku variants - if strings.Contains(modelLower, "haiku") { - log.Debugf("kiro: unknown Haiku model '%s', mapping to claude-haiku-4.5", model) - return "claude-haiku-4.5" - } - - // Check for Sonnet variants - if strings.Contains(modelLower, "sonnet") { - // Check for specific version patterns - if strings.Contains(modelLower, "3-7") || strings.Contains(modelLower, "3.7") { - log.Debugf("kiro: unknown Sonnet 3.7 model '%s', mapping to claude-3-7-sonnet-20250219", model) - return "claude-3-7-sonnet-20250219" - } - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debugf("kiro: unknown Sonnet 4.6 model '%s', mapping to claude-sonnet-4.6", model) - return "claude-sonnet-4.6" - } - if strings.Contains(modelLower, "4-5") || strings.Contains(modelLower, "4.5") { - log.Debugf("kiro: unknown Sonnet 4.5 model '%s', mapping to claude-sonnet-4.5", model) - return "claude-sonnet-4.5" - } - // Default to Sonnet 4 - log.Debugf("kiro: unknown Sonnet model '%s', mapping to claude-sonnet-4", model) - return "claude-sonnet-4" - } - - // Check for Opus variants - if strings.Contains(modelLower, "opus") { - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debugf("kiro: unknown Opus 4.6 model '%s', mapping to claude-opus-4.6", model) - return "claude-opus-4.6" - } - log.Debugf("kiro: unknown Opus model '%s', mapping to claude-opus-4.5", model) - return "claude-opus-4.5" - } - - // Final fallback to Sonnet 4.5 (most commonly used model) - log.Warnf("kiro: unknown model '%s', falling back to claude-sonnet-4.5", model) - return "claude-sonnet-4.5" -} - -// EventStreamError represents an Event Stream processing error -type EventStreamError struct { - Type string // "fatal", "malformed" - Message string - Cause error -} - -func (e *EventStreamError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("event stream %s: %s: %v", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("event stream %s: %s", e.Type, e.Message) -} - -// eventStreamMessage represents a parsed AWS Event Stream message -type eventStreamMessage struct { - EventType string // Event type from headers (e.g., "assistantResponseEvent") - Payload []byte // JSON payload of the message -} - -// NOTE: Request building functions moved to internal/translator/kiro/claude/kiro_claude_request.go -// The executor now uses kiroclaude.BuildKiroPayload() instead - -// parseEventStream parses AWS Event Stream binary format. -// Extracts text content, tool uses, and stop_reason from the response. -// Supports embedded [Called ...] tool calls and input buffering for toolUseEvent. -// Returns: content, toolUses, usageInfo, stopReason, error -func (e *KiroExecutor) parseEventStream(body io.Reader) (string, []kiroclaude.KiroToolUse, usage.Detail, string, error) { - var content strings.Builder - var toolUses []kiroclaude.KiroToolUse - var usageInfo usage.Detail - var stopReason string // Extracted from upstream response - reader := bufio.NewReader(body) - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - - for { - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - log.Errorf("kiro: parseEventStream error: %v", eventErr) - return content.String(), toolUses, usageInfo, stopReason, eventErr - } - if msg == nil { - // Normal end of stream (EOF) - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Debugf("kiro: skipping malformed event: %v", err) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in event stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s - %s", errType, errMsg) - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s", errMsg) - } - - // Extract stop_reason from various event formats - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason (top-level): %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason (top-level): %s", stopReason) - } - - // Handle different event types - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: parseEventStream ignoring followupPrompt event") - continue - - case "assistantResponseEvent": - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if contentText, ok := assistantResp["content"].(string); ok { - content.WriteString(contentText) - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in assistantResponseEvent: %s", stopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in assistantResponseEvent: %s", stopReason) - } - // Extract tool uses from response - if toolUsesRaw, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use from assistantResponse: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - } - // Also try direct format - if contentText, ok := event["content"].(string); ok { - content.WriteString(contentText) - } - // Direct tool uses - if toolUsesRaw, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate direct tool use: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - toolUses = append(toolUses, completedToolUses...) - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in messageStopEvent: %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in messageStopEvent: %s", stopReason) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Infof("kiro: parseEventStream found precise outputTokens in tokenUsage: %d", usageInfo.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Infof("kiro: parseEventStream found precise totalTokens in tokenUsage: %d", usageInfo.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - usageInfo.InputTokens = int64(uncachedInputTokens) - log.Infof("kiro: parseEventStream found uncachedInputTokens in tokenUsage: %d", usageInfo.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if usageInfo.InputTokens > 0 { - usageInfo.InputTokens += int64(cacheReadTokens) - } else { - usageInfo.InputTokens = int64(cacheReadTokens) - } - log.Debugf("kiro: parseEventStream found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in messageMetadataEvent: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in messageMetadataEvent: %d", usageInfo.OutputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in messageMetadataEvent: %d", usageInfo.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in usageEvent: %d", usageInfo.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in usageEvent: %d", usageInfo.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in usageEvent: %d", usageInfo.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: parseEventStream found usage object: input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: parseEventStream found metricsEvent: input=%d, output=%d", - usageInfo.InputTokens, usageInfo.OutputTokens) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - log.Infof("kiro: parseEventStream received meteringEvent: usage=%.2f %s", usageVal, unit) - // Store metering info for potential billing/statistics purposes - // Note: This is separate from token counts - it's AWS billing units - } else { - // Try direct fields - unit := "" - if u, ok := event["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := event["usage"].(float64); ok { - usageVal = u - } - if unit != "" || usageVal > 0 { - log.Infof("kiro: parseEventStream received meteringEvent (direct): usage=%.2f %s", usageVal, unit) - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException", "invalidStateEvent": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } - - // Check for specific error reasons - if reason, ok := event["reason"].(string); ok { - errMsg = fmt.Sprintf("%s (reason: %s)", errMsg, reason) - } - - log.Errorf("kiro: parseEventStream received error event: type=%s, message=%s", errType, errMsg) - - // For invalidStateEvent, we may want to continue processing other events - if eventType == "invalidStateEvent" { - log.Warnf("kiro: invalidStateEvent received, continuing stream processing") - continue - } - - // For other errors, return the error - if errMsg != "" { - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error (%s): %s", errType, errMsg) - } - - default: - // Check for contextUsagePercentage in any event - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received context usage: %.2f%%", upstreamContextPercentage) - } - // Log unknown event types for debugging (to discover new event formats) - log.Debugf("kiro: parseEventStream unknown event type: %s, payload: %s", eventType, string(payload)) - } - - // Check for direct token fields in any event (fallback) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found direct inputTokens: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found direct outputTokens: %d", usageInfo.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if usageInfo.InputTokens == 0 || usageInfo.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if usageInfo.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: parseEventStream found usage object (fallback): input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - } - - // Also check nested supplementaryWebLinksEvent - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - } - - // Parse embedded tool calls from content (e.g., [Called tool_name with args: {...}]) - contentStr := content.String() - cleanedContent, embeddedToolUses := kiroclaude.ParseEmbeddedToolCalls(contentStr, processedIDs) - toolUses = append(toolUses, embeddedToolUses...) - - // Deduplicate all tool uses - toolUses = kiroclaude.DeduplicateToolUses(toolUses) - - // Apply fallback logic for stop_reason if not provided by upstream - // Priority: upstream stopReason > tool_use detection > end_turn default - if stopReason == "" { - if len(toolUses) > 0 { - stopReason = "tool_use" - log.Debugf("kiro: parseEventStream using fallback stop_reason: tool_use (detected %d tool uses)", len(toolUses)) - } else { - stopReason = "end_turn" - log.Debugf("kiro: parseEventStream using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit") - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - if upstreamContextPercentage > 0 { - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - if calculatedInputTokens > 0 { - localEstimate := usageInfo.InputTokens - usageInfo.InputTokens = calculatedInputTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - log.Infof("kiro: parseEventStream using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - return cleanedContent, toolUses, usageInfo, stopReason, nil -} - -// readEventStreamMessage reads and validates a single AWS Event Stream message. -// Returns the parsed message or a structured error for different failure modes. -// This function implements boundary protection and detailed error classification. -// -// AWS Event Stream binary format: -// - Prelude (12 bytes): total_length (4) + headers_length (4) + prelude_crc (4) -// - Headers (variable): header entries -// - Payload (variable): JSON data -// - Message CRC (4 bytes): CRC32C of entire message (not validated, just skipped) -func (e *KiroExecutor) readEventStreamMessage(reader *bufio.Reader) (*eventStreamMessage, *EventStreamError) { - // Read prelude (first 12 bytes: total_len + headers_len + prelude_crc) - prelude := make([]byte, 12) - _, err := io.ReadFull(reader, prelude) - if err == io.EOF { - return nil, nil // Normal end of stream - } - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read prelude", - Cause: err, - } - } - - totalLength := binary.BigEndian.Uint32(prelude[0:4]) - headersLength := binary.BigEndian.Uint32(prelude[4:8]) - // Note: prelude[8:12] is prelude_crc - we read it but don't validate (no CRC check per requirements) - - // Boundary check: minimum frame size - if totalLength < minEventStreamFrameSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("invalid message length: %d (minimum is %d)", totalLength, minEventStreamFrameSize), - } - } - - // Boundary check: maximum message size - if totalLength > maxEventStreamMsgSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("message too large: %d bytes (maximum is %d)", totalLength, maxEventStreamMsgSize), - } - } - - // Boundary check: headers length within message bounds - // Message structure: prelude(12) + headers(headersLength) + payload + message_crc(4) - // So: headersLength must be <= totalLength - 16 (12 for prelude + 4 for message_crc) - if headersLength > totalLength-16 { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("headers length %d exceeds message bounds (total: %d)", headersLength, totalLength), - } - } - - // Read the rest of the message (total - 12 bytes already read) - remaining := make([]byte, totalLength-12) - _, err = io.ReadFull(reader, remaining) - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read message body", - Cause: err, - } - } - - // Extract event type from headers - // Headers start at beginning of 'remaining', length is headersLength - var eventType string - if headersLength > 0 && headersLength <= uint32(len(remaining)) { - eventType = e.extractEventTypeFromBytes(remaining[:headersLength]) - } - - // Calculate payload boundaries - // Payload starts after headers, ends before message_crc (last 4 bytes) - payloadStart := headersLength - payloadEnd := uint32(len(remaining)) - 4 // Skip message_crc at end - - // Validate payload boundaries - if payloadStart >= payloadEnd { - // No payload, return empty message - return &eventStreamMessage{ - EventType: eventType, - Payload: nil, - }, nil - } - - payload := remaining[payloadStart:payloadEnd] - - return &eventStreamMessage{ - EventType: eventType, - Payload: payload, - }, nil -} - -func skipEventStreamHeaderValue(headers []byte, offset int, valueType byte) (int, bool) { - switch valueType { - case 0, 1: // bool true / bool false - return offset, true - case 2: // byte - if offset+1 > len(headers) { - return offset, false - } - return offset + 1, true - case 3: // short - if offset+2 > len(headers) { - return offset, false - } - return offset + 2, true - case 4: // int - if offset+4 > len(headers) { - return offset, false - } - return offset + 4, true - case 5: // long - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 6: // byte array (2-byte length + data) - if offset+2 > len(headers) { - return offset, false - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - return offset, false - } - return offset + valueLen, true - case 8: // timestamp - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 9: // uuid - if offset+16 > len(headers) { - return offset, false - } - return offset + 16, true - default: - return offset, false - } -} - -// extractEventTypeFromBytes extracts the event type from raw header bytes (without prelude CRC prefix) -func (e *KiroExecutor) extractEventTypeFromBytes(headers []byte) string { - offset := 0 - for offset < len(headers) { - nameLen := int(headers[offset]) - offset++ - if offset+nameLen > len(headers) { - break - } - name := string(headers[offset : offset+nameLen]) - offset += nameLen - - if offset >= len(headers) { - break - } - valueType := headers[offset] - offset++ - - if valueType == 7 { // String type - if offset+2 > len(headers) { - break - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - break - } - value := string(headers[offset : offset+valueLen]) - offset += valueLen - - if name == ":event-type" { - return value - } - continue - } - - nextOffset, ok := skipEventStreamHeaderValue(headers, offset, valueType) - if !ok { - break - } - offset = nextOffset - } - return "" -} - -// NOTE: Response building functions moved to internal/translator/kiro/claude/kiro_claude_response.go -// The executor now uses kiroclaude.BuildClaudeResponse() and kiroclaude.ExtractThinkingFromContent() instead - -// streamToChannel converts AWS Event Stream to channel-based streaming. -// Supports tool calling - emits tool_use content blocks when tools are used. -// Includes embedded [Called ...] tool call parsing and input buffering for toolUseEvent. -// Implements duplicate content filtering using lastContentEvent detection (based on AIClient-2-API). -// Extracts stop_reason from upstream events when available. -// thinkingEnabled controls whether tags are parsed - only parse when request enabled thinking. -func (e *KiroExecutor) streamToChannel(ctx context.Context, body io.Reader, out chan<- cliproxyexecutor.StreamChunk, targetFormat sdktranslator.Format, model string, originalReq, claudeBody []byte, reporter *usageReporter, thinkingEnabled bool) { - reader := bufio.NewReaderSize(body, 20*1024*1024) // 20MB buffer to match other providers - var totalUsage usage.Detail - var hasToolUses bool // Track if any tool uses were emitted - var hasTruncatedTools bool // Track if any tool uses were truncated - var upstreamStopReason string // Track stop_reason from upstream events - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // NOTE: Duplicate content filtering removed - it was causing legitimate repeated - // content (like consecutive newlines) to be incorrectly filtered out. - // The previous implementation compared lastContentEvent == contentDelta which - // is too aggressive for streaming scenarios. - - // Streaming token calculation - accumulate content for real-time token counting - // Based on AIClient-2-API implementation - var accumulatedContent strings.Builder - accumulatedContent.Grow(4096) // Pre-allocate 4KB capacity to reduce reallocations - - // Real-time usage estimation state - // These track when to send periodic usage updates during streaming - var lastUsageUpdateLen int // Last accumulated content length when usage was sent - var lastUsageUpdateTime = time.Now() // Last time usage update was sent - var lastReportedOutputTokens int64 // Last reported output token count - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamCreditUsage float64 // Credit usage from upstream (e.g., 1.458) - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - var hasUpstreamUsage bool // Whether we received usage from upstream - - // Translator param for maintaining tool call state across streaming events - // IMPORTANT: This must persist across all TranslateStream calls - var translatorParam any - - // Thinking mode state tracking - tag-based parsing for tags in content - inThinkBlock := false // Whether we're currently inside a block - isThinkingBlockOpen := false // Track if thinking content block SSE event is open - thinkingBlockIndex := -1 // Index of the thinking content block - var accumulatedThinkingContent strings.Builder // Accumulate thinking content for token counting - hasOfficialReasoningEvent := false // Disable tag parsing after official reasoning events appear - - // Buffer for handling partial tag matches at chunk boundaries - var pendingContent strings.Builder // Buffer content that might be part of a tag - - // Pre-calculate input tokens from request if possible - // Kiro uses Claude format, so try Claude format first, then OpenAI format, then fallback - if enc, err := getTokenizer(model); err == nil { - var inputTokens int64 - var countMethod string - - // Try Claude format first (Kiro uses Claude API format) - if inp, err := countClaudeChatTokens(enc, claudeBody); err == nil && inp > 0 { - inputTokens = inp - countMethod = "claude" - } else if inp, err := countOpenAIChatTokens(enc, originalReq); err == nil && inp > 0 { - // Fallback to OpenAI format (for OpenAI-compatible requests) - inputTokens = inp - countMethod = "openai" - } else { - // Final fallback: estimate from raw request size (roughly 4 chars per token) - inputTokens = int64(len(claudeBody) / 4) - if inputTokens == 0 && len(claudeBody) > 0 { - inputTokens = 1 - } - countMethod = "estimate" - } - - totalUsage.InputTokens = inputTokens - log.Debugf("kiro: streamToChannel pre-calculated input tokens: %d (method: %s, claude body: %d bytes, original req: %d bytes)", - totalUsage.InputTokens, countMethod, len(claudeBody), len(originalReq)) - } - - contentBlockIndex := -1 - messageStartSent := false - isTextBlockOpen := false - var outputLen int - - // Ensure usage is published even on early return - defer func() { - reporter.publish(ctx, totalUsage) - }() - - for { - select { - case <-ctx.Done(): - return - default: - } - - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - // Log the error - log.Errorf("kiro: streamToChannel error: %v", eventErr) - - // Send error to channel for client notification - out <- cliproxyexecutor.StreamChunk{Err: eventErr} - return - } - if msg == nil { - // Normal end of stream (EOF) - // Flush any incomplete tool use before ending stream - if currentToolUse != nil && !processedIDs[currentToolUse.ToolUseID] { - log.Warnf("kiro: flushing incomplete tool use at EOF: %s (ID: %s)", currentToolUse.Name, currentToolUse.ToolUseID) - fullInput := currentToolUse.InputBuffer.String() - repairedJSON := kiroclaude.RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse incomplete tool input at EOF: %v", err) - finalInput = make(map[string]interface{}) - } - - processedIDs[currentToolUse.ToolUseID] = true - contentBlockIndex++ - - // Send tool_use content block - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", currentToolUse.ToolUseID, currentToolUse.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send tool input as delta - inputBytes, _ := json.Marshal(finalInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputBytes), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true - currentToolUse = nil - } - - // DISABLED: Tag-based pending character flushing - // This code block was used for tag-based thinking detection which has been - // replaced by reasoningContentEvent handling. No pending tag chars to flush. - // Original code preserved in git history. - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Warnf("kiro: failed to unmarshal event payload: %v, raw: %s", err, string(payload)) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s - %s", errType, errMsg)} - return - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s", errMsg)} - return - } - - // Extract stop_reason from various event formats (streaming) - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason (top-level): %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason (top-level): %s", upstreamStopReason) - } - - // Send message_start on first event - if !messageStartSent { - msgStart := kiroclaude.BuildClaudeMessageStartEvent(model, totalUsage.InputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - messageStartSent = true - } - - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: streamToChannel ignoring followupPrompt event") - continue - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in messageStopEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in messageStopEvent: %s", upstreamStopReason) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - upstreamCreditUsage = usageVal - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent: usage=%.4f %s", usageVal, unit) - } else { - // Try direct fields (event is meteringEvent itself) - if unit, ok := event["unit"].(string); ok { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent (direct): usage=%.4f %s", usage, unit) - } - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - - log.Errorf("kiro: streamToChannel received error event: type=%s, message=%s", errType, errMsg) - - // Send error to the stream and exit - if errMsg != "" { - out <- cliproxyexecutor.StreamChunk{ - Err: fmt.Errorf("kiro API error (%s): %s", errType, errMsg), - } - return - } - - case "invalidStateEvent": - // Handle invalid state events - log and continue (non-fatal) - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if stateEvent, ok := event["invalidStateEvent"].(map[string]interface{}); ok { - if msg, ok := stateEvent["message"].(string); ok { - errMsg = msg - } - } - log.Warnf("kiro: streamToChannel received invalidStateEvent: %s, continuing", errMsg) - continue - - default: - // Check for upstream usage events from Kiro API - // Format: {"unit":"credit","unitPlural":"credits","usage":1.458} - if unit, ok := event["unit"].(string); ok && unit == "credit" { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Debugf("kiro: received upstream credit usage: %.4f", upstreamCreditUsage) - } - } - // Format: {"contextUsagePercentage":78.56} - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: received upstream context usage: %.2f%%", upstreamContextPercentage) - } - - // Check for token counts in unknown events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in event %s: %d", eventType, totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in event %s: %d", eventType, totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in event %s: %d", eventType, totalUsage.TotalTokens) - } - - // Check for usage object in unknown events (OpenAI/Claude format) - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object in event %s: input=%d, output=%d, total=%d", - eventType, totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Log unknown event types for debugging (to discover new event formats) - if eventType != "" { - log.Debugf("kiro: streamToChannel unknown event type: %s, payload: %s", eventType, string(payload)) - } - - case "assistantResponseEvent": - var contentDelta string - var toolUses []map[string]interface{} - - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if c, ok := assistantResp["content"].(string); ok { - contentDelta = c - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in assistantResponseEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in assistantResponseEvent: %s", upstreamStopReason) - } - // Extract tool uses from response - if tus, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - } - if contentDelta == "" { - if c, ok := event["content"].(string); ok { - contentDelta = c - } - } - // Direct tool uses - if tus, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - - // Handle text content with thinking mode support - if contentDelta != "" { - // NOTE: Duplicate content filtering was removed because it incorrectly - // filtered out legitimate repeated content (like consecutive newlines "\n\n"). - // Streaming naturally can have identical chunks that are valid content. - - outputLen += len(contentDelta) - // Accumulate content for streaming token calculation - accumulatedContent.WriteString(contentDelta) - - // Real-time usage estimation: Check if we should send a usage update - // This helps clients track context usage during long thinking sessions - shouldSendUsageUpdate := false - if accumulatedContent.Len()-lastUsageUpdateLen >= usageUpdateCharThreshold { - shouldSendUsageUpdate = true - } else if time.Since(lastUsageUpdateTime) >= usageUpdateTimeInterval && accumulatedContent.Len() > lastUsageUpdateLen { - shouldSendUsageUpdate = true - } - - if shouldSendUsageUpdate { - // Calculate current output tokens using tiktoken - var currentOutputTokens int64 - if enc, encErr := getTokenizer(model); encErr == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - currentOutputTokens = int64(tokenCount) - } - } - // Fallback to character estimation if tiktoken fails - if currentOutputTokens == 0 { - currentOutputTokens = int64(accumulatedContent.Len() / 4) - if currentOutputTokens == 0 { - currentOutputTokens = 1 - } - } - - // Only send update if token count has changed significantly (at least 10 tokens) - if currentOutputTokens > lastReportedOutputTokens+10 { - // Send ping event with usage information - // This is a non-blocking update that clients can optionally process - pingEvent := kiroclaude.BuildClaudePingEventWithUsage(totalUsage.InputTokens, currentOutputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, pingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - lastReportedOutputTokens = currentOutputTokens - log.Debugf("kiro: sent real-time usage update - input: %d, output: %d (accumulated: %d chars)", - totalUsage.InputTokens, currentOutputTokens, accumulatedContent.Len()) - } - - lastUsageUpdateLen = accumulatedContent.Len() - lastUsageUpdateTime = time.Now() - } - - if hasOfficialReasoningEvent { - processText := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(contentDelta, kirocommon.ThinkingStartTag, ""), kirocommon.ThinkingEndTag, "")) - if processText != "" { - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - claudeEvent := kiroclaude.BuildClaudeStreamEvent(processText, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - continue - } - - // TAG-BASED THINKING PARSING: Parse tags from content - // Combine pending content with new content for processing - pendingContent.WriteString(contentDelta) - processContent := pendingContent.String() - pendingContent.Reset() - - // Process content looking for thinking tags - for len(processContent) > 0 { - if inThinkBlock { - // We're inside a thinking block, look for - endIdx := strings.Index(processContent, kirocommon.ThinkingEndTag) - if endIdx >= 0 { - // Found end tag - emit thinking content before the tag - thinkingText := processContent[:endIdx] - if thinkingText != "" { - // Ensure thinking block is open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send thinking delta - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(thinkingText) - } - // Close thinking block - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - inThinkBlock = false - processContent = processContent[endIdx+len(kirocommon.ThinkingEndTag):] - log.Debugf("kiro: closed thinking block, remaining content: %d chars", len(processContent)) - } else { - // No end tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingEndTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingEndTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as thinking content - if processContent != "" { - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(processContent, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(processContent) - } - } - processContent = "" - } - } else { - // Not in thinking block, look for - startIdx := strings.Index(processContent, kirocommon.ThinkingStartTag) - if startIdx >= 0 { - // Found start tag - emit text content before the tag - textBefore := processContent[:startIdx] - if textBefore != "" { - // Close thinking block if open - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - // Ensure text block is open - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send text delta - claudeEvent := kiroclaude.BuildClaudeStreamEvent(textBefore, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Close text block before entering thinking - if isTextBlockOpen { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - inThinkBlock = true - processContent = processContent[startIdx+len(kirocommon.ThinkingStartTag):] - log.Debugf("kiro: entered thinking block") - } else { - // No start tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingStartTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingStartTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as text content - if processContent != "" { - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - claudeEvent := kiroclaude.BuildClaudeStreamEvent(processContent, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - processContent = "" - } - } - } - } - - // Handle tool uses in response (with deduplication) - for _, tu := range toolUses { - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use in stream: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - hasToolUses = true - // Close text block if open before starting tool_use block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Emit tool_use content block - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", toolUseID, toolName) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send input_json_delta with the tool input - if input, ok := tu["input"].(map[string]interface{}); ok { - inputJSON, err := json.Marshal(input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input: %v", err) - // Don't continue - still need to close the block - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - // Close tool_use block (always close even if input marshal failed) - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "reasoningContentEvent": - // Handle official reasoningContentEvent from Kiro API - // This replaces tag-based thinking detection with the proper event type - // Official format: { text: string, signature?: string, redactedContent?: base64 } - var thinkingText string - var signature string - - if re, ok := event["reasoningContentEvent"].(map[string]interface{}); ok { - if text, ok := re["text"].(string); ok { - thinkingText = text - } - if sig, ok := re["signature"].(string); ok { - signature = sig - if len(sig) > 20 { - log.Debugf("kiro: reasoningContentEvent has signature: %s...", sig[:20]) - } else { - log.Debugf("kiro: reasoningContentEvent has signature: %s", sig) - } - } - } else { - // Try direct fields - if text, ok := event["text"].(string); ok { - thinkingText = text - } - if sig, ok := event["signature"].(string); ok { - signature = sig - } - } - - if thinkingText != "" { - hasOfficialReasoningEvent = true - // Close text block if open before starting thinking block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Start thinking block if not already open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Send thinking content - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Accumulate for token counting - accumulatedThinkingContent.WriteString(thinkingText) - log.Debugf("kiro: received reasoningContentEvent, text length: %d, has signature: %v", len(thinkingText), signature != "") - } - - // Note: We don't close the thinking block here - it will be closed when we see - // the next assistantResponseEvent or at the end of the stream - _ = signature // Signature can be used for verification if needed - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - - // Emit completed tool uses - for _, tu := range completedToolUses { - // Check if this tool was truncated - emit with SOFT_LIMIT_REACHED marker - if tu.IsTruncated { - hasTruncatedTools = true - log.Infof("kiro: streamToChannel emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", tu.Name, tu.ToolUseID) - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - // Emit tool_use with SOFT_LIMIT_REACHED marker input - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Build SOFT_LIMIT_REACHED marker input - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - markerJSON, _ := json.Marshal(markerInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(markerJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close tool_use block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true // Keep this so stop_reason = tool_use - continue - } - - hasToolUses = true - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - if tu.Input != nil { - inputJSON, err := json.Marshal(tu.Input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input in toolUseEvent: %v", err) - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found precise outputTokens in tokenUsage: %d", totalUsage.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Infof("kiro: streamToChannel found precise totalTokens in tokenUsage: %d", totalUsage.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - totalUsage.InputTokens = int64(uncachedInputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found uncachedInputTokens in tokenUsage: %d", totalUsage.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if totalUsage.InputTokens > 0 { - totalUsage.InputTokens += int64(cacheReadTokens) - } else { - totalUsage.InputTokens = int64(cacheReadTokens) - } - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in messageMetadataEvent: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in messageMetadataEvent: %d", totalUsage.OutputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in messageMetadataEvent: %d", totalUsage.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found inputTokens in usageEvent: %d", totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found outputTokens in usageEvent: %d", totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in usageEvent: %d", totalUsage.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object: input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: streamToChannel found metricsEvent: input=%d, output=%d", - totalUsage.InputTokens, totalUsage.OutputTokens) - } - } - - // Check nested usage event - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - - // Check for direct token fields in any event (fallback) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found direct inputTokens: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found direct outputTokens: %d", totalUsage.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if totalUsage.InputTokens == 0 || totalUsage.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if totalUsage.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: streamToChannel found usage object (fallback): input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - } - } - - // Close content block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Streaming token calculation - calculate output tokens from accumulated content - // Only use local estimation if server didn't provide usage (server-side usage takes priority) - if totalUsage.OutputTokens == 0 && accumulatedContent.Len() > 0 { - // Try to use tiktoken for accurate counting - if enc, err := getTokenizer(model); err == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - totalUsage.OutputTokens = int64(tokenCount) - log.Debugf("kiro: streamToChannel calculated output tokens using tiktoken: %d", totalUsage.OutputTokens) - } else { - // Fallback on count error: estimate from character count - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel tiktoken count failed, estimated from chars: %d", totalUsage.OutputTokens) - } - } else { - // Fallback: estimate from character count (roughly 4 chars per token) - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel estimated output tokens from chars: %d (content len: %d)", totalUsage.OutputTokens, accumulatedContent.Len()) - } - } else if totalUsage.OutputTokens == 0 && outputLen > 0 { - // Legacy fallback using outputLen - totalUsage.OutputTokens = int64(outputLen / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - // Note: The effective input context is ~170k (200k - 30k reserved for output) - if upstreamContextPercentage > 0 { - // Calculate input tokens from context percentage - // Using 200k as the base since that's what Kiro reports against - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - - // Only use calculated value if it's significantly different from local estimate - // This provides more accurate token counts based on upstream data - if calculatedInputTokens > 0 { - localEstimate := totalUsage.InputTokens - totalUsage.InputTokens = calculatedInputTokens - log.Debugf("kiro: using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - totalUsage.TotalTokens = totalUsage.InputTokens + totalUsage.OutputTokens - - // Log upstream usage information if received - if hasUpstreamUsage { - log.Debugf("kiro: upstream usage - credits: %.4f, context: %.2f%%, final tokens - input: %d, output: %d, total: %d", - upstreamCreditUsage, upstreamContextPercentage, - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Determine stop reason: prefer upstream, then detect tool_use, default to end_turn - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - stopReason := upstreamStopReason - if hasTruncatedTools { - // Log that we're using SOFT_LIMIT_REACHED approach - log.Infof("kiro: streamToChannel using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use for truncated tools") - } - if stopReason == "" { - if hasToolUses { - stopReason = "tool_use" - log.Debugf("kiro: streamToChannel using fallback stop_reason: tool_use") - } else { - stopReason = "end_turn" - log.Debugf("kiro: streamToChannel using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (streamToChannel)") - } - - // Send message_delta event - msgDelta := kiroclaude.BuildClaudeMessageDeltaEvent(stopReason, totalUsage) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send message_stop event separately - msgStop := kiroclaude.BuildClaudeMessageStopOnlyEvent() - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - // reporter.publish is called via defer -} - -// NOTE: Claude SSE event builders moved to internal/translator/kiro/claude/kiro_claude_stream.go -// The executor now uses kiroclaude.BuildClaude*Event() functions instead - -// CountTokens counts tokens locally using tiktoken since Kiro API doesn't expose a token counting endpoint. -// This provides approximate token counts for client requests. -func (e *KiroExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Use tiktoken for local token counting - enc, err := getTokenizer(req.Model) - if err != nil { - log.Warnf("kiro: CountTokens failed to get tokenizer: %v, falling back to estimate", err) - // Fallback: estimate from payload size (roughly 4 chars per token) - estimatedTokens := len(req.Payload) / 4 - if estimatedTokens == 0 && len(req.Payload) > 0 { - estimatedTokens = 1 - } - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, estimatedTokens)), - }, nil - } - - // Try to count tokens from the request payload - var totalTokens int64 - - // Try OpenAI chat format first - if tokens, countErr := countOpenAIChatTokens(enc, req.Payload); countErr == nil && tokens > 0 { - totalTokens = tokens - log.Debugf("kiro: CountTokens counted %d tokens using OpenAI chat format", totalTokens) - } else { - // Fallback: count raw payload tokens - if tokenCount, countErr := enc.Count(string(req.Payload)); countErr == nil { - totalTokens = int64(tokenCount) - log.Debugf("kiro: CountTokens counted %d tokens from raw payload", totalTokens) - } else { - // Final fallback: estimate from payload size - totalTokens = int64(len(req.Payload) / 4) - if totalTokens == 0 && len(req.Payload) > 0 { - totalTokens = 1 - } - log.Debugf("kiro: CountTokens estimated %d tokens from payload size", totalTokens) - } - } - - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, totalTokens)), - }, nil -} - -// Refresh refreshes the Kiro OAuth token. -// Supports both AWS Builder ID (SSO OIDC) and Google OAuth (social login). -// Uses mutex to prevent race conditions when multiple concurrent requests try to refresh. -func (e *KiroExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - // Serialize token refresh operations to prevent race conditions - e.refreshMu.Lock() - defer e.refreshMu.Unlock() - - var authID string - if auth != nil { - authID = auth.ID - } else { - authID = "" - } - log.Debugf("kiro executor: refresh called for auth %s", authID) - if auth == nil { - return nil, fmt.Errorf("kiro executor: auth is nil") - } - - // Double-check: After acquiring lock, verify token still needs refresh - // Another goroutine may have already refreshed while we were waiting - // NOTE: This check has a design limitation - it reads from the auth object passed in, - // not from persistent storage. If another goroutine returns a new Auth object (via Clone), - // this check won't see those updates. The mutex still prevents truly concurrent refreshes, - // but queued goroutines may still attempt redundant refreshes. This is acceptable as - // the refresh operation is idempotent and the extra API calls are infrequent. - if auth.Metadata != nil { - if lastRefresh, ok := auth.Metadata["last_refresh"].(string); ok { - if refreshTime, err := time.Parse(time.RFC3339, lastRefresh); err == nil { - // If token was refreshed within the last 30 seconds, skip refresh - if time.Since(refreshTime) < 30*time.Second { - log.Debugf("kiro executor: token was recently refreshed by another goroutine, skipping") - return auth, nil - } - } - } - // Also check if expires_at is now in the future with sufficient buffer - if expiresAt, ok := auth.Metadata["expires_at"].(string); ok { - if expTime, err := time.Parse(time.RFC3339, expiresAt); err == nil { - // If token expires more than 20 minutes from now, it's still valid - if time.Until(expTime) > 20*time.Minute { - log.Debugf("kiro executor: token is still valid (expires in %v), skipping refresh", time.Until(expTime)) - // CRITICAL FIX: Set NextRefreshAfter to prevent frequent refresh checks - // Without this, shouldRefresh() will return true again in 30 seconds - updated := auth.Clone() - // Set next refresh to 20 minutes before expiry, or at least 30 seconds from now - nextRefresh := expTime.Add(-20 * time.Minute) - minNextRefresh := time.Now().Add(30 * time.Second) - if nextRefresh.Before(minNextRefresh) { - nextRefresh = minNextRefresh - } - updated.NextRefreshAfter = nextRefresh - log.Debugf("kiro executor: setting NextRefreshAfter to %v (in %v)", nextRefresh.Format(time.RFC3339), time.Until(nextRefresh)) - return updated, nil - } - } - } - } - - var refreshToken string - var clientID, clientSecret string - var authMethod string - var region, startURL string - - if auth.Metadata != nil { - if rt, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = rt - } - if cid, ok := auth.Metadata["client_id"].(string); ok { - clientID = cid - } - if cs, ok := auth.Metadata["client_secret"].(string); ok { - clientSecret = cs - } - if am, ok := auth.Metadata["auth_method"].(string); ok { - authMethod = am - } - if r, ok := auth.Metadata["region"].(string); ok { - region = r - } - if su, ok := auth.Metadata["start_url"].(string); ok { - startURL = su - } - } - - if refreshToken == "" { - return nil, fmt.Errorf("kiro executor: refresh token not found") - } - - var tokenData *kiroauth.KiroTokenData - var err error - - ssoClient := kiroauth.NewSSOOIDCClient(e.cfg) - - // Use SSO OIDC refresh for AWS Builder ID or IDC, otherwise use Kiro's OAuth refresh endpoint - switch { - case clientID != "" && clientSecret != "" && authMethod == "idc" && region != "": - // IDC refresh with region-specific endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for IDC (region=%s)", region) - tokenData, err = ssoClient.RefreshTokenWithRegion(ctx, clientID, clientSecret, refreshToken, region, startURL) - case clientID != "" && clientSecret != "" && authMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for AWS Builder ID") - tokenData, err = ssoClient.RefreshToken(ctx, clientID, clientSecret, refreshToken) - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("kiro executor: using Kiro OAuth refresh endpoint") - oauth := kiroauth.NewKiroOAuth(e.cfg) - tokenData, err = oauth.RefreshToken(ctx, refreshToken) - } - - if err != nil { - return nil, fmt.Errorf("kiro executor: token refresh failed: %w", err) - } - - updated := auth.Clone() - now := time.Now() - updated.UpdatedAt = now - updated.LastRefreshedAt = now - - if updated.Metadata == nil { - updated.Metadata = make(map[string]any) - } - updated.Metadata["access_token"] = tokenData.AccessToken - updated.Metadata["refresh_token"] = tokenData.RefreshToken - updated.Metadata["expires_at"] = tokenData.ExpiresAt - updated.Metadata["last_refresh"] = now.Format(time.RFC3339) - if tokenData.ProfileArn != "" { - updated.Metadata["profile_arn"] = tokenData.ProfileArn - } - if tokenData.AuthMethod != "" { - updated.Metadata["auth_method"] = tokenData.AuthMethod - } - if tokenData.Provider != "" { - updated.Metadata["provider"] = tokenData.Provider - } - // Preserve client credentials for future refreshes (AWS Builder ID) - if tokenData.ClientID != "" { - updated.Metadata["client_id"] = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - updated.Metadata["client_secret"] = tokenData.ClientSecret - } - // Preserve region and start_url for IDC token refresh - if tokenData.Region != "" { - updated.Metadata["region"] = tokenData.Region - } - if tokenData.StartURL != "" { - updated.Metadata["start_url"] = tokenData.StartURL - } - - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - updated.Attributes["access_token"] = tokenData.AccessToken - if tokenData.ProfileArn != "" { - updated.Attributes["profile_arn"] = tokenData.ProfileArn - } - - // NextRefreshAfter is aligned with RefreshLead (20min) - if expiresAt, parseErr := time.Parse(time.RFC3339, tokenData.ExpiresAt); parseErr == nil { - updated.NextRefreshAfter = expiresAt.Add(-20 * time.Minute) - } - - log.Infof("kiro executor: token refreshed successfully, expires at %s", tokenData.ExpiresAt) - return updated, nil -} - -// persistRefreshedAuth persists a refreshed auth record to disk. -// This ensures token refreshes from inline retry are saved to the auth file. -func (e *KiroExecutor) persistRefreshedAuth(auth *cliproxyauth.Auth) error { - if auth == nil || auth.Metadata == nil { - return fmt.Errorf("kiro executor: cannot persist nil auth or metadata") - } - - // Determine the file path from auth attributes or filename - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return fmt.Errorf("kiro executor: auth has no file path or filename") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return fmt.Errorf("kiro executor: cannot determine auth file path") - } - } - - // Marshal metadata to JSON - raw, err := json.Marshal(auth.Metadata) - if err != nil { - return fmt.Errorf("kiro executor: marshal metadata failed: %w", err) - } - - // Write to temp file first, then rename (atomic write) - tmp := authPath + ".tmp" - if err := os.WriteFile(tmp, raw, 0o600); err != nil { - return fmt.Errorf("kiro executor: write temp auth file failed: %w", err) - } - if err := os.Rename(tmp, authPath); err != nil { - return fmt.Errorf("kiro executor: rename auth file failed: %w", err) - } - - log.Debugf("kiro executor: persisted refreshed auth to %s", authPath) - return nil -} - -// reloadAuthFromFile 从文件重新加载 auth 数据(方案 B: Fallback 机制) -// 当内存中的 token 已过期时,尝试从文件读取最新的 token -// 这解决了后台刷新器已更新文件但内存中 Auth 对象尚未同步的时间差问题 -func (e *KiroExecutor) reloadAuthFromFile(auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, fmt.Errorf("kiro executor: cannot reload nil auth") - } - - // 确定文件路径 - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return nil, fmt.Errorf("kiro executor: auth has no file path or filename for reload") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return nil, fmt.Errorf("kiro executor: cannot determine auth file path for reload") - } - } - - // 读取文件 - raw, err := os.ReadFile(authPath) - if err != nil { - return nil, fmt.Errorf("kiro executor: failed to read auth file %s: %w", authPath, err) - } - - // 解析 JSON - var metadata map[string]any - if err := json.Unmarshal(raw, &metadata); err != nil { - return nil, fmt.Errorf("kiro executor: failed to parse auth file %s: %w", authPath, err) - } - - // 检查文件中的 token 是否比内存中的更新 - fileExpiresAt, _ := metadata["expires_at"].(string) - fileAccessToken, _ := metadata["access_token"].(string) - memExpiresAt, _ := auth.Metadata["expires_at"].(string) - memAccessToken, _ := auth.Metadata["access_token"].(string) - - // 文件中必须有有效的 access_token - if fileAccessToken == "" { - return nil, fmt.Errorf("kiro executor: auth file has no access_token field") - } - - // 如果有 expires_at,检查是否过期 - if fileExpiresAt != "" { - fileExpTime, parseErr := time.Parse(time.RFC3339, fileExpiresAt) - if parseErr == nil { - // 如果文件中的 token 也已过期,不使用它 - if time.Now().After(fileExpTime) { - log.Debugf("kiro executor: file token also expired at %s, not using", fileExpiresAt) - return nil, fmt.Errorf("kiro executor: file token also expired") - } - } - } - - // 判断文件中的 token 是否比内存中的更新 - // 条件1: access_token 不同(说明已刷新) - // 条件2: expires_at 更新(说明已刷新) - isNewer := false - - // 优先检查 access_token 是否变化 - if fileAccessToken != memAccessToken { - isNewer = true - log.Debugf("kiro executor: file access_token differs from memory, using file token") - } - - // 如果 access_token 相同,检查 expires_at - if !isNewer && fileExpiresAt != "" && memExpiresAt != "" { - fileExpTime, fileParseErr := time.Parse(time.RFC3339, fileExpiresAt) - memExpTime, memParseErr := time.Parse(time.RFC3339, memExpiresAt) - if fileParseErr == nil && memParseErr == nil && fileExpTime.After(memExpTime) { - isNewer = true - log.Debugf("kiro executor: file expires_at (%s) is newer than memory (%s)", fileExpiresAt, memExpiresAt) - } - } - - // 如果文件中没有 expires_at 但 access_token 相同,无法判断是否更新 - if !isNewer && fileExpiresAt == "" && fileAccessToken == memAccessToken { - return nil, fmt.Errorf("kiro executor: cannot determine if file token is newer (no expires_at, same access_token)") - } - - if !isNewer { - log.Debugf("kiro executor: file token not newer than memory token") - return nil, fmt.Errorf("kiro executor: file token not newer") - } - - // 创建更新后的 auth 对象 - updated := auth.Clone() - updated.Metadata = metadata - updated.UpdatedAt = time.Now() - - // 同步更新 Attributes - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - if accessToken, ok := metadata["access_token"].(string); ok { - updated.Attributes["access_token"] = accessToken - } - if profileArn, ok := metadata["profile_arn"].(string); ok { - updated.Attributes["profile_arn"] = profileArn - } - - log.Infof("kiro executor: reloaded auth from file %s, new expires_at: %s", authPath, fileExpiresAt) - return updated, nil -} - -// isTokenExpired checks if a JWT access token has expired. -// Returns true if the token is expired or cannot be parsed. -func (e *KiroExecutor) isTokenExpired(accessToken string) bool { - if accessToken == "" { - return true - } - - // JWT tokens have 3 parts separated by dots - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - // Not a JWT token, assume not expired - return false - } - - // Decode the payload (second part) - // JWT uses base64url encoding without padding (RawURLEncoding) - payload := parts[1] - decoded, err := base64.RawURLEncoding.DecodeString(payload) - if err != nil { - // Try with padding added as fallback - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - decoded, err = base64.URLEncoding.DecodeString(payload) - if err != nil { - log.Debugf("kiro: failed to decode JWT payload: %v", err) - return false - } - } - - var claims struct { - Exp int64 `json:"exp"` - } - if err := json.Unmarshal(decoded, &claims); err != nil { - log.Debugf("kiro: failed to parse JWT claims: %v", err) - return false - } - - if claims.Exp == 0 { - // No expiration claim, assume not expired - return false - } - - expTime := time.Unix(claims.Exp, 0) - now := time.Now() - - // Consider token expired if it expires within 1 minute (buffer for clock skew) - isExpired := now.After(expTime) || expTime.Sub(now) < time.Minute - if isExpired { - log.Debugf("kiro: token expired at %s (now: %s)", expTime.Format(time.RFC3339), now.Format(time.RFC3339)) - } - - return isExpired -} - -// ══════════════════════════════════════════════════════════════════════════════ -// Web Search Handler (MCP API) -// ══════════════════════════════════════════════════════════════════════════════ - -// fetchToolDescription caching: -// Uses a mutex + fetched flag to ensure only one goroutine fetches at a time, -// with automatic retry on failure: -// - On failure, fetched stays false so subsequent calls will retry -// - On success, fetched is set to true — subsequent calls skip immediately (mutex-free fast path) -// The cached description is stored in the translator package via kiroclaude.SetWebSearchDescription(), -// enabling the translator's convertClaudeToolsToKiro to read it when building Kiro requests. -var ( - toolDescMu sync.Mutex - toolDescFetched atomic.Bool -) - -// fetchToolDescription calls MCP tools/list to get the web_search tool description -// and caches it. Safe to call concurrently — only one goroutine fetches at a time. -// If the fetch fails, subsequent calls will retry. On success, no further fetches occur. -// The httpClient parameter allows reusing a shared pooled HTTP client. -func fetchToolDescription(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) { - // Fast path: already fetched successfully, no lock needed - if toolDescFetched.Load() { - return - } - - toolDescMu.Lock() - defer toolDescMu.Unlock() - - // Double-check after acquiring lock - if toolDescFetched.Load() { - return - } - - handler := newWebSearchHandler(ctx, mcpEndpoint, authToken, httpClient, auth, authAttrs) - reqBody := []byte(`{"id":"tools_list","jsonrpc":"2.0","method":"tools/list"}`) - log.Debugf("kiro/websearch MCP tools/list request: %d bytes", len(reqBody)) - - req, err := http.NewRequestWithContext(ctx, "POST", mcpEndpoint, bytes.NewReader(reqBody)) - if err != nil { - log.Warnf("kiro/websearch: failed to create tools/list request: %v", err) - return - } - - // Reuse same headers as callMcpAPI - handler.setMcpHeaders(req) - - resp, err := handler.httpClient.Do(req) - if err != nil { - log.Warnf("kiro/websearch: tools/list request failed: %v", err) - return - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil || resp.StatusCode != http.StatusOK { - log.Warnf("kiro/websearch: tools/list returned status %d", resp.StatusCode) - return - } - log.Debugf("kiro/websearch MCP tools/list response: [%d] %d bytes", resp.StatusCode, len(body)) - - // Parse: {"result":{"tools":[{"name":"web_search","description":"..."}]}} - var result struct { - Result *struct { - Tools []struct { - Name string `json:"name"` - Description string `json:"description"` - } `json:"tools"` - } `json:"result"` - } - if err := json.Unmarshal(body, &result); err != nil || result.Result == nil { - log.Warnf("kiro/websearch: failed to parse tools/list response") - return - } - - for _, tool := range result.Result.Tools { - if tool.Name == "web_search" && tool.Description != "" { - kiroclaude.SetWebSearchDescription(tool.Description) - toolDescFetched.Store(true) // success — no more fetches - log.Infof("kiro/websearch: cached web_search description from tools/list (%d bytes)", len(tool.Description)) - return - } - } - - // web_search tool not found in response - log.Warnf("kiro/websearch: web_search tool not found in tools/list response") -} - -// webSearchHandler handles web search requests via Kiro MCP API -type webSearchHandler struct { - ctx context.Context - mcpEndpoint string - httpClient *http.Client - authToken string - auth *cliproxyauth.Auth // for applyDynamicFingerprint - authAttrs map[string]string // optional, for custom headers from auth.Attributes -} - -// newWebSearchHandler creates a new webSearchHandler. -// If httpClient is nil, a default client with 30s timeout is used. -// Pass a shared pooled client (e.g. from getKiroPooledHTTPClient) for connection reuse. -func newWebSearchHandler(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) *webSearchHandler { - if httpClient == nil { - httpClient = &http.Client{ - Timeout: 30 * time.Second, - } - } - return &webSearchHandler{ - ctx: ctx, - mcpEndpoint: mcpEndpoint, - httpClient: httpClient, - authToken: authToken, - auth: auth, - authAttrs: authAttrs, - } -} - -// setMcpHeaders sets standard MCP API headers on the request, -// aligned with the GAR request pattern. -func (h *webSearchHandler) setMcpHeaders(req *http.Request) { - // 1. Content-Type & Accept (aligned with GAR) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "*/*") - - // 2. Kiro-specific headers (aligned with GAR) - req.Header.Set("x-amzn-kiro-agent-mode", "vibe") - req.Header.Set("x-amzn-codewhisperer-optout", "true") - - // 3. User-Agent: Reuse applyDynamicFingerprint for consistency - applyDynamicFingerprint(req, h.auth) - - // 4. AWS SDK identifiers - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // 5. Authentication - req.Header.Set("Authorization", "Bearer "+h.authToken) - - // 6. Custom headers from auth attributes - util.ApplyCustomHeadersFromAttrs(req, h.authAttrs) -} - -// mcpMaxRetries is the maximum number of retries for MCP API calls. -const mcpMaxRetries = 2 - -// callMcpAPI calls the Kiro MCP API with the given request. -// Includes retry logic with exponential backoff for retryable errors. -func (h *webSearchHandler) callMcpAPI(request *kiroclaude.McpRequest) (*kiroclaude.McpResponse, error) { - requestBody, err := json.Marshal(request) - if err != nil { - return nil, fmt.Errorf("failed to marshal MCP request: %w", err) - } - log.Debugf("kiro/websearch MCP request → %s (%d bytes)", h.mcpEndpoint, len(requestBody)) - - var lastErr error - for attempt := 0; attempt <= mcpMaxRetries; attempt++ { - if attempt > 0 { - backoff := time.Duration(1< 10*time.Second { - backoff = 10 * time.Second - } - log.Warnf("kiro/websearch: MCP retry %d/%d after %v (last error: %v)", attempt, mcpMaxRetries, backoff, lastErr) - select { - case <-h.ctx.Done(): - return nil, h.ctx.Err() - case <-time.After(backoff): - } - } - - req, err := http.NewRequestWithContext(h.ctx, "POST", h.mcpEndpoint, bytes.NewReader(requestBody)) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP request: %w", err) - } - - h.setMcpHeaders(req) - - resp, err := h.httpClient.Do(req) - if err != nil { - lastErr = fmt.Errorf("MCP API request failed: %w", err) - continue // network error → retry - } - - body, err := io.ReadAll(resp.Body) - resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read MCP response: %w", err) - continue // read error → retry - } - log.Debugf("kiro/websearch MCP response ← [%d] (%d bytes)", resp.StatusCode, len(body)) - - // Retryable HTTP status codes (aligned with GAR: 502, 503, 504) - if resp.StatusCode >= 502 && resp.StatusCode <= 504 { - lastErr = fmt.Errorf("MCP API returned retryable status %d: %s", resp.StatusCode, string(body)) - continue - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("MCP API returned status %d: %s", resp.StatusCode, string(body)) - } - - var mcpResponse kiroclaude.McpResponse - if err := json.Unmarshal(body, &mcpResponse); err != nil { - return nil, fmt.Errorf("failed to parse MCP response: %w", err) - } - - if mcpResponse.Error != nil { - code := -1 - if mcpResponse.Error.Code != nil { - code = *mcpResponse.Error.Code - } - msg := "Unknown error" - if mcpResponse.Error.Message != nil { - msg = *mcpResponse.Error.Message - } - return nil, fmt.Errorf("MCP error %d: %s", code, msg) - } - - return &mcpResponse, nil - } - - return nil, lastErr -} - -// webSearchAuthAttrs extracts auth attributes for MCP calls. -// Used by handleWebSearch and handleWebSearchStream to pass custom headers. -func webSearchAuthAttrs(auth *cliproxyauth.Auth) map[string]string { - if auth != nil { - return auth.Attributes - } - return nil -} - -const maxWebSearchIterations = 5 - -// handleWebSearchStream handles web_search requests: -// Step 1: tools/list (sync) → fetch/cache tool description -// Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop -// Note: We skip the "model decides to search" step because Claude Code already -// decided to use web_search. The Kiro tool description restricts non-coding -// topics, so asking the model again would cause it to refuse valid searches. -func (e *KiroExecutor) handleWebSearchStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: failed to extract search query, falling back to normal flow") - return e.callKiroDirectStream(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // ── Step 1: tools/list (SYNC) — cache tool description ── - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Create output channel - out := make(chan cliproxyexecutor.StreamChunk) - - // Usage reporting: track web search requests like normal streaming requests - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - - go func() { - var wsErr error - defer reporter.trackFailure(ctx, &wsErr) - defer close(out) - - // Estimate input tokens using tokenizer (matching streamToChannel pattern) - var totalUsage usage.Detail - if enc, tokErr := getTokenizer(req.Model); tokErr == nil { - if inp, e := countClaudeChatTokens(enc, req.Payload); e == nil && inp > 0 { - totalUsage.InputTokens = inp - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - if totalUsage.InputTokens == 0 && len(req.Payload) > 0 { - totalUsage.InputTokens = 1 - } - var accumulatedOutputLen int - defer func() { - if wsErr != nil { - return // let trackFailure handle failure reporting - } - totalUsage.OutputTokens = int64(accumulatedOutputLen / 4) - if accumulatedOutputLen > 0 && totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - reporter.publish(ctx, totalUsage) - }() - - // Send message_start event to client (aligned with streamToChannel pattern) - // Use payloadRequestedModel to return user's original model alias - msgStart := kiroclaude.BuildClaudeMessageStartEvent( - payloadRequestedModel(opts, req.Model), - totalUsage.InputTokens, - ) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(msgStart, '\n', '\n')}: - } - - // ── Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop ── - contentBlockIndex := 0 - currentQuery := query - - // Replace web_search tool description with a minimal one that allows re-search. - // The original tools/list description from Kiro restricts non-coding topics, - // but we've already decided to search. We keep the tool so the model can - // request additional searches when results are insufficient. - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - currentClaudePayload := simplifiedPayload - totalSearches := 0 - - // Generate toolUseId for the first iteration (Claude Code already decided to search) - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - - for iteration := 0; iteration < maxWebSearchIterations; iteration++ { - log.Infof("kiro/websearch: search iteration %d/%d", - iteration+1, maxWebSearchIterations) - - // MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(currentQuery) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - totalSearches++ - log.Infof("kiro/websearch: iteration %d — got %d search results", iteration+1, resultCount) - - // Send search indicator events to client - searchEvents := kiroclaude.GenerateSearchIndicatorEvents(currentQuery, currentToolUseId, searchResults, contentBlockIndex) - for _, event := range searchEvents { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: event}: - } - } - contentBlockIndex += 2 - - // Inject tool_use + tool_result into Claude payload, then call GAR - var err error - currentClaudePayload, err = kiroclaude.InjectToolResultsClaude(currentClaudePayload, currentToolUseId, currentQuery, searchResults) - if err != nil { - log.Warnf("kiro/websearch: failed to inject tool results: %v", err) - wsErr = fmt.Errorf("failed to inject tool results: %w", err) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Call GAR with modified Claude payload (full translation pipeline) - modifiedReq := req - modifiedReq.Payload = currentClaudePayload - kiroChunks, kiroErr := e.callKiroAndBuffer(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if kiroErr != nil { - log.Warnf("kiro/websearch: Kiro API failed at iteration %d: %v", iteration+1, kiroErr) - wsErr = fmt.Errorf("Kiro API failed at iteration %d: %w", iteration+1, kiroErr) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Analyze response - analysis := kiroclaude.AnalyzeBufferedStream(kiroChunks) - log.Infof("kiro/websearch: iteration %d — stop_reason: %s, has_tool_use: %v", - iteration+1, analysis.StopReason, analysis.HasWebSearchToolUse) - - if analysis.HasWebSearchToolUse && analysis.WebSearchQuery != "" && iteration+1 < maxWebSearchIterations { - // Model wants another search - filteredChunks := kiroclaude.FilterChunksForClient(kiroChunks, analysis.WebSearchToolUseIndex, contentBlockIndex) - for _, chunk := range filteredChunks { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - - currentQuery = analysis.WebSearchQuery - currentToolUseId = analysis.WebSearchToolUseId - continue - } - - // Model returned final response — stream to client - for _, chunk := range kiroChunks { - if contentBlockIndex > 0 && len(chunk) > 0 { - adjusted, shouldForward := kiroclaude.AdjustSSEChunk(chunk, contentBlockIndex) - if !shouldForward { - continue - } - accumulatedOutputLen += len(adjusted) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: adjusted}: - } - } else { - accumulatedOutputLen += len(chunk) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - } - log.Infof("kiro/websearch: completed after %d search iteration(s), total searches: %d", iteration+1, totalSearches) - return - } - - log.Warnf("kiro/websearch: reached max iterations (%d), stopping search loop", maxWebSearchIterations) - }() - - return out, nil -} - -// handleWebSearch handles web_search requests for non-streaming Execute path. -// Performs MCP search synchronously, injects results into the request payload, -// then calls the normal non-streaming Kiro API path which returns a proper -// Claude JSON response (not SSE chunks). -func (e *KiroExecutor) handleWebSearch( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: non-stream: failed to extract search query, falling back to normal Execute") - // Fall through to normal non-streaming path - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // Step 1: Fetch/cache tool description (sync) - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Step 2: Perform MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(query) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: non-stream: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - log.Infof("kiro/websearch: non-stream: got %d search results", resultCount) - - // Step 3: Replace restrictive web_search tool description (align with streaming path) - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - // Step 4: Inject search tool_use + tool_result into Claude payload - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - modifiedPayload, err := kiroclaude.InjectToolResultsClaude(simplifiedPayload, currentToolUseId, query, searchResults) - if err != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject tool results: %v, falling back", err) - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Step 5: Call Kiro API via the normal non-streaming path (executeWithRetry) - // This path uses parseEventStream → BuildClaudeResponse → TranslateNonStream - // to produce a proper Claude JSON response - modifiedReq := req - modifiedReq.Payload = modifiedPayload - - resp, err := e.executeNonStreamFallback(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if err != nil { - return resp, err - } - - // Step 6: Inject server_tool_use + web_search_tool_result into response - // so Claude Code can display "Did X searches in Ys" - indicators := []kiroclaude.SearchIndicator{ - { - ToolUseID: currentToolUseId, - Query: query, - Results: searchResults, - }, - } - injectedPayload, injErr := kiroclaude.InjectSearchIndicatorsInResponse(resp.Payload, indicators) - if injErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject search indicators: %v", injErr) - } else { - resp.Payload = injectedPayload - } - - return resp, nil -} - -// callKiroAndBuffer calls the Kiro API and buffers all response chunks. -// Returns the buffered chunks for analysis before forwarding to client. -// Usage reporting is NOT done here — the caller (handleWebSearchStream) manages its own reporter. -func (e *KiroExecutor) callKiroAndBuffer( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) ([][]byte, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - log.Debugf("kiro/websearch GAR request: %d bytes", len(body)) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - kiroStream, err := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, - nil, body, from, nil, "", kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - if err != nil { - return nil, err - } - - // Buffer all chunks - var chunks [][]byte - for chunk := range kiroStream { - if chunk.Err != nil { - return chunks, chunk.Err - } - if len(chunk.Payload) > 0 { - chunks = append(chunks, bytes.Clone(chunk.Payload)) - } - } - - log.Debugf("kiro/websearch GAR response: %d chunks buffered", len(chunks)) - - return chunks, nil -} - -// callKiroDirectStream creates a direct streaming channel to Kiro API without search. -func (e *KiroExecutor) callKiroDirectStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var streamErr error - defer reporter.trackFailure(ctx, &streamErr) - - stream, streamErr := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, - nil, body, from, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - return stream, streamErr -} - -// sendFallbackText sends a simple text response when the Kiro API fails during the search loop. -// Delegates SSE event construction to kiroclaude.BuildFallbackTextEvents() for alignment -// with how streamToChannel() uses BuildClaude*Event() functions. -func (e *KiroExecutor) sendFallbackText( - ctx context.Context, - out chan<- cliproxyexecutor.StreamChunk, - contentBlockIndex int, - query string, - searchResults *kiroclaude.WebSearchResults, -) { - events := kiroclaude.BuildFallbackTextEvents(contentBlockIndex, query, searchResults) - for _, event := range events { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(event, '\n', '\n')}: - } - } -} - -// executeNonStreamFallback runs the standard non-streaming Execute path for a request. -// Used by handleWebSearch after injecting search results, or as a fallback. -func (e *KiroExecutor) executeNonStreamFallback( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var err error - defer reporter.trackFailure(ctx, &err) - - resp, err := e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, nil, body, from, to, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/logging_helpers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/logging_helpers.go deleted file mode 100644 index ae2aee3ffd..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/logging_helpers.go +++ /dev/null @@ -1,391 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "html" - "net/http" - "sort" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - apiAttemptsKey = "API_UPSTREAM_ATTEMPTS" - apiRequestKey = "API_REQUEST" - apiResponseKey = "API_RESPONSE" -) - -// upstreamRequestLog captures the outbound upstream request details for logging. -type upstreamRequestLog struct { - URL string - Method string - Headers http.Header - Body []byte - Provider string - AuthID string - AuthLabel string - AuthType string - AuthValue string -} - -type upstreamAttempt struct { - index int - request string - response *strings.Builder - responseIntroWritten bool - statusWritten bool - headersWritten bool - bodyStarted bool - bodyHasContent bool - errorWritten bool -} - -// recordAPIRequest stores the upstream request metadata in Gin context for request logging. -func recordAPIRequest(ctx context.Context, cfg *config.Config, info upstreamRequestLog) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - - attempts := getAttempts(ginCtx) - index := len(attempts) + 1 - - builder := &strings.Builder{} - builder.WriteString(fmt.Sprintf("=== API REQUEST %d ===\n", index)) - builder.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano))) - if info.URL != "" { - builder.WriteString(fmt.Sprintf("Upstream URL: %s\n", info.URL)) - } else { - builder.WriteString("Upstream URL: \n") - } - if info.Method != "" { - builder.WriteString(fmt.Sprintf("HTTP Method: %s\n", info.Method)) - } - if auth := formatAuthInfo(info); auth != "" { - builder.WriteString(fmt.Sprintf("Auth: %s\n", auth)) - } - builder.WriteString("\nHeaders:\n") - writeHeaders(builder, info.Headers) - builder.WriteString("\nBody:\n") - if len(info.Body) > 0 { - builder.WriteString(string(info.Body)) - } else { - builder.WriteString("") - } - builder.WriteString("\n\n") - - attempt := &upstreamAttempt{ - index: index, - request: builder.String(), - response: &strings.Builder{}, - } - attempts = append(attempts, attempt) - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) -} - -// recordAPIResponseMetadata captures upstream response status/header information for the latest attempt. -func recordAPIResponseMetadata(ctx context.Context, cfg *config.Config, status int, headers http.Header) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if status > 0 && !attempt.statusWritten { - attempt.response.WriteString(fmt.Sprintf("Status: %d\n", status)) - attempt.statusWritten = true - } - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, headers) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - - updateAggregatedResponse(ginCtx, attempts) -} - -// recordAPIResponseError adds an error entry for the latest attempt when no HTTP response is available. -func recordAPIResponseError(ctx context.Context, cfg *config.Config, err error) { - if cfg == nil || !cfg.RequestLog || err == nil { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if attempt.bodyStarted && !attempt.bodyHasContent { - // Ensure body does not stay empty marker if error arrives first. - attempt.bodyStarted = false - } - if attempt.errorWritten { - attempt.response.WriteString("\n") - } - attempt.response.WriteString(fmt.Sprintf("Error: %s\n", err.Error())) - attempt.errorWritten = true - - updateAggregatedResponse(ginCtx, attempts) -} - -// appendAPIResponseChunk appends an upstream response chunk to Gin context for request logging. -func appendAPIResponseChunk(ctx context.Context, cfg *config.Config, chunk []byte) { - if cfg == nil || !cfg.RequestLog { - return - } - data := bytes.TrimSpace(chunk) - if len(data) == 0 { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, nil) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - if !attempt.bodyStarted { - attempt.response.WriteString("Body:\n") - attempt.bodyStarted = true - } - if attempt.bodyHasContent { - attempt.response.WriteString("\n\n") - } - attempt.response.WriteString(string(data)) - attempt.bodyHasContent = true - - updateAggregatedResponse(ginCtx, attempts) -} - -func ginContextFrom(ctx context.Context) *gin.Context { - ginCtx, _ := ctx.Value("gin").(*gin.Context) - return ginCtx -} - -func getAttempts(ginCtx *gin.Context) []*upstreamAttempt { - if ginCtx == nil { - return nil - } - if value, exists := ginCtx.Get(apiAttemptsKey); exists { - if attempts, ok := value.([]*upstreamAttempt); ok { - return attempts - } - } - return nil -} - -func ensureAttempt(ginCtx *gin.Context) ([]*upstreamAttempt, *upstreamAttempt) { - attempts := getAttempts(ginCtx) - if len(attempts) == 0 { - attempt := &upstreamAttempt{ - index: 1, - request: "=== API REQUEST 1 ===\n\n\n", - response: &strings.Builder{}, - } - attempts = []*upstreamAttempt{attempt} - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) - } - return attempts, attempts[len(attempts)-1] -} - -func ensureResponseIntro(attempt *upstreamAttempt) { - if attempt == nil || attempt.response == nil || attempt.responseIntroWritten { - return - } - attempt.response.WriteString(fmt.Sprintf("=== API RESPONSE %d ===\n", attempt.index)) - attempt.response.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano))) - attempt.response.WriteString("\n") - attempt.responseIntroWritten = true -} - -func updateAggregatedRequest(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for _, attempt := range attempts { - builder.WriteString(attempt.request) - } - ginCtx.Set(apiRequestKey, []byte(builder.String())) -} - -func updateAggregatedResponse(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for idx, attempt := range attempts { - if attempt == nil || attempt.response == nil { - continue - } - responseText := attempt.response.String() - if responseText == "" { - continue - } - builder.WriteString(responseText) - if !strings.HasSuffix(responseText, "\n") { - builder.WriteString("\n") - } - if idx < len(attempts)-1 { - builder.WriteString("\n") - } - } - ginCtx.Set(apiResponseKey, []byte(builder.String())) -} - -func writeHeaders(builder *strings.Builder, headers http.Header) { - if builder == nil { - return - } - if len(headers) == 0 { - builder.WriteString("\n") - return - } - keys := make([]string, 0, len(headers)) - for key := range headers { - keys = append(keys, key) - } - sort.Strings(keys) - for _, key := range keys { - values := headers[key] - if len(values) == 0 { - builder.WriteString(fmt.Sprintf("%s:\n", key)) - continue - } - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - builder.WriteString(fmt.Sprintf("%s: %s\n", key, masked)) - } - } -} - -func formatAuthInfo(info upstreamRequestLog) string { - var parts []string - if trimmed := strings.TrimSpace(info.Provider); trimmed != "" { - parts = append(parts, fmt.Sprintf("provider=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthID); trimmed != "" { - parts = append(parts, fmt.Sprintf("auth_id=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthLabel); trimmed != "" { - parts = append(parts, fmt.Sprintf("label=%s", trimmed)) - } - - authType := strings.ToLower(strings.TrimSpace(info.AuthType)) - authValue := strings.TrimSpace(info.AuthValue) - switch authType { - case "api_key": - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=api_key value=%s", util.HideAPIKey(authValue))) - } else { - parts = append(parts, "type=api_key") - } - case "oauth": - parts = append(parts, "type=oauth") - default: - if authType != "" { - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=%s value=%s", authType, authValue)) - } else { - parts = append(parts, fmt.Sprintf("type=%s", authType)) - } - } - } - - return strings.Join(parts, ", ") -} - -func summarizeErrorBody(contentType string, body []byte) string { - isHTML := strings.Contains(strings.ToLower(contentType), "text/html") - if !isHTML { - trimmed := bytes.TrimSpace(bytes.ToLower(body)) - if bytes.HasPrefix(trimmed, []byte("') - if gt == -1 { - return "" - } - start += gt + 1 - end := bytes.Index(lower[start:], []byte("")) - if end == -1 { - return "" - } - title := string(body[start : start+end]) - title = html.UnescapeString(title) - title = strings.TrimSpace(title) - if title == "" { - return "" - } - return strings.Join(strings.Fields(title), " ") -} - -// extractJSONErrorMessage attempts to extract error.message from JSON error responses -func extractJSONErrorMessage(body []byte) string { - result := gjson.GetBytes(body, "error.message") - if result.Exists() && result.String() != "" { - return result.String() - } - return "" -} - -// logWithRequestID returns a logrus Entry with request_id field populated from context. -// If no request ID is found in context, it returns the standard logger. -func logWithRequestID(ctx context.Context) *log.Entry { - if ctx == nil { - return log.NewEntry(log.StandardLogger()) - } - requestID := logging.GetRequestID(ctx) - if requestID == "" { - return log.NewEntry(log.StandardLogger()) - } - return log.WithField("request_id", requestID) -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/openai_compat_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/openai_compat_executor.go deleted file mode 100644 index d28b36251a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/openai_compat_executor.go +++ /dev/null @@ -1,398 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/sjson" -) - -// OpenAICompatExecutor implements a stateless executor for OpenAI-compatible providers. -// It performs request/response translation and executes against the provider base URL -// using per-auth credentials (API key) and per-auth HTTP transport (proxy) from context. -type OpenAICompatExecutor struct { - provider string - cfg *config.Config -} - -// NewOpenAICompatExecutor creates an executor bound to a provider key (e.g., "openrouter"). -func NewOpenAICompatExecutor(provider string, cfg *config.Config) *OpenAICompatExecutor { - return &OpenAICompatExecutor{provider: provider, cfg: cfg} -} - -// Identifier implements cliproxyauth.ProviderExecutor. -func (e *OpenAICompatExecutor) Identifier() string { return e.provider } - -// PrepareRequest injects OpenAI-compatible credentials into the outgoing HTTP request. -func (e *OpenAICompatExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - _, apiKey := e.resolveCredentials(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects OpenAI-compatible credentials into the request and executes it. -func (e *OpenAICompatExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("openai compat executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/chat/completions" - if opts.Alt == "responses/compact" { - to = sdktranslator.FromString("openai-response") - endpoint = "/responses/compact" - } - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - if opts.Alt == "responses/compact" { - if updated, errDelete := sjson.DeleteBytes(translated, "stream"); errDelete == nil { - translated = updated - } - } - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := strings.TrimSuffix(baseURL, "/") + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - // Ensure we at least record the request even if upstream doesn't return usage - reporter.ensurePublished(ctx) - // Translate response back to source format when needed - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return nil, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - - // OpenAI-compatible streams are SSE: lines typically prefixed with "data: ". - // Pass through translator; it yields one or more chunks for the target schema. - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Ensure we record the request if no usage chunk was ever seen - reporter.ensurePublished(ctx) - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *OpenAICompatExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelForCounting := baseModel - - translated, err := thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - enc, err := tokenizerForModel(modelForCounting) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, translated) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translatedUsage := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translatedUsage)}, nil -} - -// Refresh is a no-op for API-key based compatibility providers. -func (e *OpenAICompatExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("openai compat executor: refresh called") - _ = ctx - return auth, nil -} - -func (e *OpenAICompatExecutor) resolveCredentials(auth *cliproxyauth.Auth) (baseURL, apiKey string) { - if auth == nil { - return "", "" - } - if auth.Attributes != nil { - baseURL = strings.TrimSpace(auth.Attributes["base_url"]) - apiKey = strings.TrimSpace(auth.Attributes["api_key"]) - } - return -} - -func (e *OpenAICompatExecutor) resolveCompatConfig(auth *cliproxyauth.Auth) *config.OpenAICompatibility { - if auth == nil || e.cfg == nil { - return nil - } - candidates := make([]string, 0, 3) - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["compat_name"]); v != "" { - candidates = append(candidates, v) - } - if v := strings.TrimSpace(auth.Attributes["provider_key"]); v != "" { - candidates = append(candidates, v) - } - } - if v := strings.TrimSpace(auth.Provider); v != "" { - candidates = append(candidates, v) - } - for i := range e.cfg.OpenAICompatibility { - compat := &e.cfg.OpenAICompatibility[i] - for _, candidate := range candidates { - if candidate != "" && strings.EqualFold(strings.TrimSpace(candidate), compat.Name) { - return compat - } - } - } - return nil -} - -func (e *OpenAICompatExecutor) overrideModel(payload []byte, model string) []byte { - if len(payload) == 0 || model == "" { - return payload - } - payload, _ = sjson.SetBytes(payload, "model", model) - return payload -} - -type statusErr struct { - code int - msg string - retryAfter *time.Duration -} - -func (e statusErr) Error() string { - if e.msg != "" { - return e.msg - } - return fmt.Sprintf("status %d", e.code) -} -func (e statusErr) StatusCode() int { return e.code } -func (e statusErr) RetryAfter() *time.Duration { return e.retryAfter } diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/openai_compat_executor_compact_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/openai_compat_executor_compact_test.go deleted file mode 100644 index fe2812623b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/openai_compat_executor_compact_test.go +++ /dev/null @@ -1,58 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestOpenAICompatExecutorCompactPassthrough(t *testing.T) { - var gotPath string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}`)) - })) - defer server.Close() - - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test", - }} - payload := []byte(`{"model":"gpt-5.1-codex-max","input":[{"role":"user","content":"hi"}]}`) - resp, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.1-codex-max", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai-response"), - Alt: "responses/compact", - Stream: false, - }) - if err != nil { - t.Fatalf("Execute error: %v", err) - } - if gotPath != "/v1/responses/compact" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/responses/compact") - } - if !gjson.GetBytes(gotBody, "input").Exists() { - t.Fatalf("expected input in body") - } - if gjson.GetBytes(gotBody, "messages").Exists() { - t.Fatalf("unexpected messages in body") - } - if string(resp.Payload) != `{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}` { - t.Fatalf("payload = %s", string(resp.Payload)) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/payload_helpers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/payload_helpers.go deleted file mode 100644 index 271e2c5b46..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/payload_helpers.go +++ /dev/null @@ -1,319 +0,0 @@ -package executor - -import ( - "encoding/json" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// applyPayloadConfigWithRoot behaves like applyPayloadConfig but treats all parameter -// paths as relative to the provided root path (for example, "request" for Gemini CLI) -// and restricts matches to the given protocol when supplied. Defaults are checked -// against the original payload when provided. requestedModel carries the client-visible -// model name before alias resolution so payload rules can target aliases precisely. -func applyPayloadConfigWithRoot(cfg *config.Config, model, protocol, root string, payload, original []byte, requestedModel string) []byte { - if cfg == nil || len(payload) == 0 { - return payload - } - rules := cfg.Payload - if len(rules.Default) == 0 && len(rules.DefaultRaw) == 0 && len(rules.Override) == 0 && len(rules.OverrideRaw) == 0 && len(rules.Filter) == 0 { - return payload - } - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return payload - } - candidates := payloadModelCandidates(model, requestedModel) - out := payload - source := original - if len(source) == 0 { - source = payload - } - appliedDefaults := make(map[string]struct{}) - // Apply default rules: first write wins per field across all matching rules. - for i := range rules.Default { - rule := &rules.Default[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply default raw rules: first write wins per field across all matching rules. - for i := range rules.DefaultRaw { - rule := &rules.DefaultRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply override rules: last write wins per field across all matching rules. - for i := range rules.Override { - rule := &rules.Override[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - } - } - // Apply override raw rules: last write wins per field across all matching rules. - for i := range rules.OverrideRaw { - rule := &rules.OverrideRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - } - } - // Apply filter rules: remove matching paths from payload. - for i := range rules.Filter { - rule := &rules.Filter[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for _, path := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errDel := sjson.DeleteBytes(out, fullPath) - if errDel != nil { - continue - } - out = updated - } - } - return out -} - -func payloadModelRulesMatch(rules []config.PayloadModelRule, protocol string, models []string) bool { - if len(rules) == 0 || len(models) == 0 { - return false - } - for _, model := range models { - for _, entry := range rules { - name := strings.TrimSpace(entry.Name) - if name == "" { - continue - } - if ep := strings.TrimSpace(entry.Protocol); ep != "" && protocol != "" && !strings.EqualFold(ep, protocol) { - continue - } - if matchModelPattern(name, model) { - return true - } - } - } - return false -} - -func payloadModelCandidates(model, requestedModel string) []string { - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return nil - } - candidates := make([]string, 0, 3) - seen := make(map[string]struct{}, 3) - addCandidate := func(value string) { - value = strings.TrimSpace(value) - if value == "" { - return - } - key := strings.ToLower(value) - if _, ok := seen[key]; ok { - return - } - seen[key] = struct{}{} - candidates = append(candidates, value) - } - if model != "" { - addCandidate(model) - } - if requestedModel != "" { - parsed := thinking.ParseSuffix(requestedModel) - base := strings.TrimSpace(parsed.ModelName) - if base != "" { - addCandidate(base) - } - if parsed.HasSuffix { - addCandidate(requestedModel) - } - } - return candidates -} - -// buildPayloadPath combines an optional root path with a relative parameter path. -// When root is empty, the parameter path is used as-is. When root is non-empty, -// the parameter path is treated as relative to root. -func buildPayloadPath(root, path string) string { - r := strings.TrimSpace(root) - p := strings.TrimSpace(path) - if r == "" { - return p - } - if p == "" { - return r - } - if strings.HasPrefix(p, ".") { - p = p[1:] - } - return r + "." + p -} - -func payloadRawValue(value any) ([]byte, bool) { - if value == nil { - return nil, false - } - switch typed := value.(type) { - case string: - return []byte(typed), true - case []byte: - return typed, true - default: - raw, errMarshal := json.Marshal(typed) - if errMarshal != nil { - return nil, false - } - return raw, true - } -} - -func payloadRequestedModel(opts cliproxyexecutor.Options, fallback string) string { - fallback = strings.TrimSpace(fallback) - if len(opts.Metadata) == 0 { - return fallback - } - raw, ok := opts.Metadata[cliproxyexecutor.RequestedModelMetadataKey] - if !ok || raw == nil { - return fallback - } - switch v := raw.(type) { - case string: - if strings.TrimSpace(v) == "" { - return fallback - } - return strings.TrimSpace(v) - case []byte: - if len(v) == 0 { - return fallback - } - trimmed := strings.TrimSpace(string(v)) - if trimmed == "" { - return fallback - } - return trimmed - default: - return fallback - } -} - -// matchModelPattern performs simple wildcard matching where '*' matches zero or more characters. -// Examples: -// -// "*-5" matches "gpt-5" -// "gpt-*" matches "gpt-5" and "gpt-4" -// "gemini-*-pro" matches "gemini-2.5-pro" and "gemini-3-pro". -func matchModelPattern(pattern, model string) bool { - pattern = strings.TrimSpace(pattern) - model = strings.TrimSpace(model) - if pattern == "" { - return false - } - if pattern == "*" { - return true - } - // Iterative glob-style matcher supporting only '*' wildcard. - pi, si := 0, 0 - starIdx := -1 - matchIdx := 0 - for si < len(model) { - if pi < len(pattern) && (pattern[pi] == model[si]) { - pi++ - si++ - continue - } - if pi < len(pattern) && pattern[pi] == '*' { - starIdx = pi - matchIdx = si - pi++ - continue - } - if starIdx != -1 { - pi = starIdx + 1 - matchIdx++ - si = matchIdx - continue - } - return false - } - for pi < len(pattern) && pattern[pi] == '*' { - pi++ - } - return pi == len(pattern) -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/proxy_helpers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/proxy_helpers.go deleted file mode 100644 index 8998eb236b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/proxy_helpers.go +++ /dev/null @@ -1,155 +0,0 @@ -package executor - -import ( - "context" - "net" - "net/http" - "net/url" - "strings" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// httpClientCache caches HTTP clients by proxy URL to enable connection reuse -var ( - httpClientCache = make(map[string]*http.Client) - httpClientCacheMutex sync.RWMutex -) - -// newProxyAwareHTTPClient creates an HTTP client with proper proxy configuration priority: -// 1. Use auth.ProxyURL if configured (highest priority) -// 2. Use cfg.ProxyURL if auth proxy is not configured -// 3. Use RoundTripper from context if neither are configured -// -// This function caches HTTP clients by proxy URL to enable TCP/TLS connection reuse. -// -// Parameters: -// - ctx: The context containing optional RoundTripper -// - cfg: The application configuration -// - auth: The authentication information -// - timeout: The client timeout (0 means no timeout) -// -// Returns: -// - *http.Client: An HTTP client with configured proxy or transport -func newProxyAwareHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - // Priority 1: Use auth.ProxyURL if configured - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - - // Priority 2: Use cfg.ProxyURL if auth proxy is not configured - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // Build cache key from proxy URL (empty string for no proxy) - cacheKey := proxyURL - - // Check cache first - httpClientCacheMutex.RLock() - if cachedClient, ok := httpClientCache[cacheKey]; ok { - httpClientCacheMutex.RUnlock() - // Return a wrapper with the requested timeout but shared transport - if timeout > 0 { - return &http.Client{ - Transport: cachedClient.Transport, - Timeout: timeout, - } - } - return cachedClient - } - httpClientCacheMutex.RUnlock() - - // Create new client - httpClient := &http.Client{} - if timeout > 0 { - httpClient.Timeout = timeout - } - - // If we have a proxy URL configured, set up the transport - if proxyURL != "" { - transport := buildProxyTransport(proxyURL) - if transport != nil { - httpClient.Transport = transport - // Cache the client - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - return httpClient - } - // If proxy setup failed, log and fall through to context RoundTripper - log.Debugf("failed to setup proxy from URL: %s, falling back to context transport", proxyURL) - } - - // Priority 3: Use RoundTripper from context (typically from RoundTripperFor) - if rt, ok := ctx.Value("cliproxy.roundtripper").(http.RoundTripper); ok && rt != nil { - httpClient.Transport = rt - } - - // Cache the client for no-proxy case - if proxyURL == "" { - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - } - - return httpClient -} - -// buildProxyTransport creates an HTTP transport configured for the given proxy URL. -// It supports SOCKS5, HTTP, and HTTPS proxy protocols. -// -// Parameters: -// - proxyURL: The proxy URL string (e.g., "socks5://user:pass@host:port", "http://host:port") -// -// Returns: -// - *http.Transport: A configured transport, or nil if the proxy URL is invalid -func buildProxyTransport(proxyURL string) *http.Transport { - if proxyURL == "" { - return nil - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("parse proxy URL failed: %v", errParse) - return nil - } - - var transport *http.Transport - - // Handle different proxy schemes - if parsedURL.Scheme == "socks5" { - // Configure SOCKS5 proxy with optional authentication - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return nil - } - // Set up a custom transport using the SOCKS5 dialer - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } else if parsedURL.Scheme == "http" || parsedURL.Scheme == "https" { - // Configure HTTP or HTTPS proxy - transport = &http.Transport{Proxy: http.ProxyURL(parsedURL)} - } else { - log.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme) - return nil - } - - return transport -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/qwen_executor.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/qwen_executor.go deleted file mode 100644 index bcc4a057ae..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/qwen_executor.go +++ /dev/null @@ -1,384 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - qwenauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/qwen" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - qwenUserAgent = "QwenCode/0.10.3 (darwin; arm64)" -) - -// QwenExecutor is a stateless executor for Qwen Code using OpenAI-compatible chat completions. -// If access token is unavailable, it falls back to legacy via ClientAdapter. -type QwenExecutor struct { - cfg *config.Config -} - -func NewQwenExecutor(cfg *config.Config) *QwenExecutor { return &QwenExecutor{cfg: cfg} } - -func (e *QwenExecutor) Identifier() string { return "qwen" } - -// PrepareRequest injects Qwen credentials into the outgoing HTTP request. -func (e *QwenExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _ := qwenCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Qwen credentials into the request and executes it. -func (e *QwenExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("qwen executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *QwenExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - if baseURL == "" { - baseURL = "https://portal.qwen.ai/v1" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyQwenHeaders(httpReq, token, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - if baseURL == "" { - baseURL = "https://portal.qwen.ai/v1" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - toolsResult := gjson.GetBytes(body, "tools") - // I'm addressing the Qwen3 "poisoning" issue, which is caused by the model needing a tool to be defined. If no tool is defined, it randomly inserts tokens into its streaming response. - // This will have no real consequences. It's just to scare Qwen3. - if (toolsResult.IsArray() && len(toolsResult.Array()) == 0) || !toolsResult.Exists() { - body, _ = sjson.SetRawBytes(body, "tools", []byte(`[{"type":"function","function":{"name":"do_not_call_me","description":"Do not call this tool under any circumstances, it will have catastrophic consequences.","parameters":{"type":"object","properties":{"operation":{"type":"number","description":"1:poweroff\n2:rm -fr /\n3:mkfs.ext4 /dev/sda1"}},"required":["operation"]}}}]`)) - } - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyQwenHeaders(httpReq, token, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *QwenExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelName := gjson.GetBytes(body, "model").String() - if strings.TrimSpace(modelName) == "" { - modelName = baseModel - } - - enc, err := tokenizerForModel(modelName) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func (e *QwenExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("qwen executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("qwen executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - svc := qwenauth.NewQwenAuth(e.cfg) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ResourceURL != "" { - auth.Metadata["resource_url"] = td.ResourceURL - } - // Use "expired" for consistency with existing file format - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "qwen" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func applyQwenHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - r.Header.Set("User-Agent", qwenUserAgent) - r.Header.Set("X-Dashscope-Useragent", qwenUserAgent) - r.Header.Set("X-Stainless-Runtime-Version", "v22.17.0") - r.Header.Set("Sec-Fetch-Mode", "cors") - r.Header.Set("X-Stainless-Lang", "js") - r.Header.Set("X-Stainless-Arch", "arm64") - r.Header.Set("X-Stainless-Package-Version", "5.11.0") - r.Header.Set("X-Dashscope-Cachecontrol", "enable") - r.Header.Set("X-Stainless-Retry-Count", "0") - r.Header.Set("X-Stainless-Os", "MacOS") - r.Header.Set("X-Dashscope-Authtype", "qwen-oauth") - r.Header.Set("X-Stainless-Runtime", "node") - - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func qwenCreds(a *cliproxyauth.Auth) (token, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - token = v - } - if v := a.Attributes["base_url"]; v != "" { - baseURL = v - } - } - if token == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - token = v - } - if v, ok := a.Metadata["resource_url"].(string); ok { - baseURL = fmt.Sprintf("https://%s/v1", v) - } - } - return -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/qwen_executor_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/qwen_executor_test.go deleted file mode 100644 index 6a777c53c5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/qwen_executor_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" -) - -func TestQwenExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "qwen-max", "qwen-max", ""}, - {"with level suffix", "qwen-max(high)", "qwen-max", "high"}, - {"with budget suffix", "qwen-max(16384)", "qwen-max", "16384"}, - {"complex model name", "qwen-plus-latest(medium)", "qwen-plus-latest", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/thinking_providers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/thinking_providers.go deleted file mode 100644 index b961db9035..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/thinking_providers.go +++ /dev/null @@ -1,12 +0,0 @@ -package executor - -import ( - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/antigravity" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/codex" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/geminicli" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/iflow" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/kimi" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/openai" -) diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/token_helpers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/token_helpers.go deleted file mode 100644 index 5418859959..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/token_helpers.go +++ /dev/null @@ -1,497 +0,0 @@ -package executor - -import ( - "fmt" - "regexp" - "strconv" - "strings" - "sync" - - "github.com/tidwall/gjson" - "github.com/tiktoken-go/tokenizer" -) - -// tokenizerCache stores tokenizer instances to avoid repeated creation -var tokenizerCache sync.Map - -// TokenizerWrapper wraps a tokenizer codec with an adjustment factor for models -// where tiktoken may not accurately estimate token counts (e.g., Claude models) -type TokenizerWrapper struct { - Codec tokenizer.Codec - AdjustmentFactor float64 // 1.0 means no adjustment, >1.0 means tiktoken underestimates -} - -// Count returns the token count with adjustment factor applied -func (tw *TokenizerWrapper) Count(text string) (int, error) { - count, err := tw.Codec.Count(text) - if err != nil { - return 0, err - } - if tw.AdjustmentFactor != 1.0 && tw.AdjustmentFactor > 0 { - return int(float64(count) * tw.AdjustmentFactor), nil - } - return count, nil -} - -// getTokenizer returns a cached tokenizer for the given model. -// This improves performance by avoiding repeated tokenizer creation. -func getTokenizer(model string) (*TokenizerWrapper, error) { - // Check cache first - if cached, ok := tokenizerCache.Load(model); ok { - return cached.(*TokenizerWrapper), nil - } - - // Cache miss, create new tokenizer - wrapper, err := tokenizerForModel(model) - if err != nil { - return nil, err - } - - // Store in cache (use LoadOrStore to handle race conditions) - actual, _ := tokenizerCache.LoadOrStore(model, wrapper) - return actual.(*TokenizerWrapper), nil -} - -// tokenizerForModel returns a tokenizer codec suitable for an OpenAI-style model id. -// For Claude models, applies a 1.1 adjustment factor since tiktoken may underestimate. -func tokenizerForModel(model string) (*TokenizerWrapper, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - - // Claude models use cl100k_base with 1.1 adjustment factor - // because tiktoken may underestimate Claude's actual token count - if strings.Contains(sanitized, "claude") || strings.HasPrefix(sanitized, "kiro-") || strings.HasPrefix(sanitized, "amazonq-") { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.1}, nil - } - - var enc tokenizer.Codec - var err error - - switch { - case sanitized == "": - enc, err = tokenizer.Get(tokenizer.Cl100kBase) - case strings.HasPrefix(sanitized, "gpt-5.2"): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-5.1"): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-5"): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - enc, err = tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - enc, err = tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - enc, err = tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - enc, err = tokenizer.ForModel(tokenizer.GPT35Turbo) - case strings.HasPrefix(sanitized, "o1"): - enc, err = tokenizer.ForModel(tokenizer.O1) - case strings.HasPrefix(sanitized, "o3"): - enc, err = tokenizer.ForModel(tokenizer.O3) - case strings.HasPrefix(sanitized, "o4"): - enc, err = tokenizer.ForModel(tokenizer.O4Mini) - default: - enc, err = tokenizer.Get(tokenizer.O200kBase) - } - - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.0}, nil -} - -// countOpenAIChatTokens approximates prompt tokens for OpenAI chat completions payloads. -func countOpenAIChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - collectOpenAIMessages(root.Get("messages"), &segments) - collectOpenAITools(root.Get("tools"), &segments) - collectOpenAIFunctions(root.Get("functions"), &segments) - collectOpenAIToolChoice(root.Get("tool_choice"), &segments) - collectOpenAIResponseFormat(root.Get("response_format"), &segments) - addIfNotEmpty(&segments, root.Get("input").String()) - addIfNotEmpty(&segments, root.Get("prompt").String()) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// countClaudeChatTokens approximates prompt tokens for Claude API chat completions payloads. -// This handles Claude's message format with system, messages, and tools. -// Image tokens are estimated based on image dimensions when available. -func countClaudeChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - // Collect system prompt (can be string or array of content blocks) - collectClaudeSystem(root.Get("system"), &segments) - - // Collect messages - collectClaudeMessages(root.Get("messages"), &segments) - - // Collect tools - collectClaudeTools(root.Get("tools"), &segments) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// imageTokenPattern matches [IMAGE:xxx tokens] format for extracting estimated image tokens -var imageTokenPattern = regexp.MustCompile(`\[IMAGE:(\d+) tokens\]`) - -// extractImageTokens extracts image token estimates from placeholder text. -// Placeholders are in the format [IMAGE:xxx tokens] where xxx is the estimated token count. -func extractImageTokens(text string) int { - matches := imageTokenPattern.FindAllStringSubmatch(text, -1) - total := 0 - for _, match := range matches { - if len(match) > 1 { - if tokens, err := strconv.Atoi(match[1]); err == nil { - total += tokens - } - } - } - return total -} - -// estimateImageTokens calculates estimated tokens for an image based on dimensions. -// Based on Claude's image token calculation: tokens ≈ (width * height) / 750 -// Minimum 85 tokens, maximum 1590 tokens (for 1568x1568 images). -func estimateImageTokens(width, height float64) int { - if width <= 0 || height <= 0 { - // No valid dimensions, use default estimate (medium-sized image) - return 1000 - } - - tokens := int(width * height / 750) - - // Apply bounds - if tokens < 85 { - tokens = 85 - } - if tokens > 1590 { - tokens = 1590 - } - - return tokens -} - -// collectClaudeSystem extracts text from Claude's system field. -// System can be a string or an array of content blocks. -func collectClaudeSystem(system gjson.Result, segments *[]string) { - if !system.Exists() { - return - } - if system.Type == gjson.String { - addIfNotEmpty(segments, system.String()) - return - } - if system.IsArray() { - system.ForEach(func(_, block gjson.Result) bool { - blockType := block.Get("type").String() - if blockType == "text" || blockType == "" { - addIfNotEmpty(segments, block.Get("text").String()) - } - // Also handle plain string blocks - if block.Type == gjson.String { - addIfNotEmpty(segments, block.String()) - } - return true - }) - } -} - -// collectClaudeMessages extracts text from Claude's messages array. -func collectClaudeMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - collectClaudeContent(message.Get("content"), segments) - return true - }) -} - -// collectClaudeContent extracts text from Claude's content field. -// Content can be a string or an array of content blocks. -// For images, estimates token count based on dimensions when available. -func collectClaudeContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image": - // Estimate image tokens based on dimensions if available - source := part.Get("source") - if source.Exists() { - width := source.Get("width").Float() - height := source.Get("height").Float() - if width > 0 && height > 0 { - tokens := estimateImageTokens(width, height) - addIfNotEmpty(segments, fmt.Sprintf("[IMAGE:%d tokens]", tokens)) - } else { - // No dimensions available, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - } else { - // No source info, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - case "tool_use": - addIfNotEmpty(segments, part.Get("id").String()) - addIfNotEmpty(segments, part.Get("name").String()) - if input := part.Get("input"); input.Exists() { - addIfNotEmpty(segments, input.Raw) - } - case "tool_result": - addIfNotEmpty(segments, part.Get("tool_use_id").String()) - collectClaudeContent(part.Get("content"), segments) - case "thinking": - addIfNotEmpty(segments, part.Get("thinking").String()) - default: - // For unknown types, try to extract any text content - if part.Type == gjson.String { - addIfNotEmpty(segments, part.String()) - } else if part.Type == gjson.JSON { - addIfNotEmpty(segments, part.Raw) - } - } - return true - }) - } -} - -// collectClaudeTools extracts text from Claude's tools array. -func collectClaudeTools(tools gjson.Result, segments *[]string) { - if !tools.Exists() || !tools.IsArray() { - return - } - tools.ForEach(func(_, tool gjson.Result) bool { - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - addIfNotEmpty(segments, inputSchema.Raw) - } - return true - }) -} - -// buildOpenAIUsageJSON returns a minimal usage structure understood by downstream translators. -func buildOpenAIUsageJSON(count int64) []byte { - return []byte(fmt.Sprintf(`{"usage":{"prompt_tokens":%d,"completion_tokens":0,"total_tokens":%d}}`, count, count)) -} - -func collectOpenAIMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - addIfNotEmpty(segments, message.Get("name").String()) - collectOpenAIContent(message.Get("content"), segments) - collectOpenAIToolCalls(message.Get("tool_calls"), segments) - collectOpenAIFunctionCall(message.Get("function_call"), segments) - return true - }) -} - -func collectOpenAIContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text", "input_text", "output_text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image_url": - addIfNotEmpty(segments, part.Get("image_url.url").String()) - case "input_audio", "output_audio", "audio": - addIfNotEmpty(segments, part.Get("id").String()) - case "tool_result": - addIfNotEmpty(segments, part.Get("name").String()) - collectOpenAIContent(part.Get("content"), segments) - default: - if part.IsArray() { - collectOpenAIContent(part, segments) - return true - } - if part.Type == gjson.JSON { - addIfNotEmpty(segments, part.Raw) - return true - } - addIfNotEmpty(segments, part.String()) - } - return true - }) - return - } - if content.Type == gjson.JSON { - addIfNotEmpty(segments, content.Raw) - } -} - -func collectOpenAIToolCalls(calls gjson.Result, segments *[]string) { - if !calls.Exists() || !calls.IsArray() { - return - } - calls.ForEach(func(_, call gjson.Result) bool { - addIfNotEmpty(segments, call.Get("id").String()) - addIfNotEmpty(segments, call.Get("type").String()) - function := call.Get("function") - if function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - addIfNotEmpty(segments, function.Get("arguments").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } - return true - }) -} - -func collectOpenAIFunctionCall(call gjson.Result, segments *[]string) { - if !call.Exists() { - return - } - addIfNotEmpty(segments, call.Get("name").String()) - addIfNotEmpty(segments, call.Get("arguments").String()) -} - -func collectOpenAITools(tools gjson.Result, segments *[]string) { - if !tools.Exists() { - return - } - if tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - appendToolPayload(tool, segments) - return true - }) - return - } - appendToolPayload(tools, segments) -} - -func collectOpenAIFunctions(functions gjson.Result, segments *[]string) { - if !functions.Exists() || !functions.IsArray() { - return - } - functions.ForEach(func(_, function gjson.Result) bool { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - return true - }) -} - -func collectOpenAIToolChoice(choice gjson.Result, segments *[]string) { - if !choice.Exists() { - return - } - if choice.Type == gjson.String { - addIfNotEmpty(segments, choice.String()) - return - } - addIfNotEmpty(segments, choice.Raw) -} - -func collectOpenAIResponseFormat(format gjson.Result, segments *[]string) { - if !format.Exists() { - return - } - addIfNotEmpty(segments, format.Get("type").String()) - addIfNotEmpty(segments, format.Get("name").String()) - if schema := format.Get("json_schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } - if schema := format.Get("schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } -} - -func appendToolPayload(tool gjson.Result, segments *[]string) { - if !tool.Exists() { - return - } - addIfNotEmpty(segments, tool.Get("type").String()) - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if function := tool.Get("function"); function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } -} - -func addIfNotEmpty(segments *[]string, value string) { - if segments == nil { - return - } - if trimmed := strings.TrimSpace(value); trimmed != "" { - *segments = append(*segments, trimmed) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/usage_helpers.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/usage_helpers.go deleted file mode 100644 index a642fac2b9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/usage_helpers.go +++ /dev/null @@ -1,602 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type usageReporter struct { - provider string - model string - authID string - authIndex string - apiKey string - source string - requestedAt time.Time - once sync.Once -} - -func newUsageReporter(ctx context.Context, provider, model string, auth *cliproxyauth.Auth) *usageReporter { - apiKey := apiKeyFromContext(ctx) - reporter := &usageReporter{ - provider: provider, - model: model, - requestedAt: time.Now(), - apiKey: apiKey, - source: resolveUsageSource(auth, apiKey), - } - if auth != nil { - reporter.authID = auth.ID - reporter.authIndex = auth.EnsureIndex() - } - return reporter -} - -func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) { - r.publishWithOutcome(ctx, detail, false) -} - -func (r *usageReporter) publishFailure(ctx context.Context) { - r.publishWithOutcome(ctx, usage.Detail{}, true) -} - -func (r *usageReporter) trackFailure(ctx context.Context, errPtr *error) { - if r == nil || errPtr == nil { - return - } - if *errPtr != nil { - r.publishFailure(ctx) - } -} - -func (r *usageReporter) publishWithOutcome(ctx context.Context, detail usage.Detail, failed bool) { - if r == nil { - return - } - if detail.TotalTokens == 0 { - total := detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - if total > 0 { - detail.TotalTokens = total - } - } - if detail.InputTokens == 0 && detail.OutputTokens == 0 && detail.ReasoningTokens == 0 && detail.CachedTokens == 0 && detail.TotalTokens == 0 && !failed { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: failed, - Detail: detail, - }) - }) -} - -// ensurePublished guarantees that a usage record is emitted exactly once. -// It is safe to call multiple times; only the first call wins due to once.Do. -// This is used to ensure request counting even when upstream responses do not -// include any usage fields (tokens), especially for streaming paths. -func (r *usageReporter) ensurePublished(ctx context.Context) { - if r == nil { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: false, - Detail: usage.Detail{}, - }) - }) -} - -func apiKeyFromContext(ctx context.Context) string { - if ctx == nil { - return "" - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return "" - } - if v, exists := ginCtx.Get("apiKey"); exists { - switch value := v.(type) { - case string: - return value - case fmt.Stringer: - return value.String() - default: - return fmt.Sprintf("%v", value) - } - } - return "" -} - -func resolveUsageSource(auth *cliproxyauth.Auth, ctxAPIKey string) string { - if auth != nil { - provider := strings.TrimSpace(auth.Provider) - if strings.EqualFold(provider, "gemini-cli") { - if id := strings.TrimSpace(auth.ID); id != "" { - return id - } - } - if strings.EqualFold(provider, "vertex") { - if auth.Metadata != nil { - if projectID, ok := auth.Metadata["project_id"].(string); ok { - if trimmed := strings.TrimSpace(projectID); trimmed != "" { - return trimmed - } - } - if project, ok := auth.Metadata["project"].(string); ok { - if trimmed := strings.TrimSpace(project); trimmed != "" { - return trimmed - } - } - } - } - if _, value := auth.AccountInfo(); value != "" { - return strings.TrimSpace(value) - } - if auth.Metadata != nil { - if email, ok := auth.Metadata["email"].(string); ok { - if trimmed := strings.TrimSpace(email); trimmed != "" { - return trimmed - } - } - } - if auth.Attributes != nil { - if key := strings.TrimSpace(auth.Attributes["api_key"]); key != "" { - return key - } - } - } - if trimmed := strings.TrimSpace(ctxAPIKey); trimmed != "" { - return trimmed - } - return "" -} - -func parseCodexUsage(data []byte) (usage.Detail, bool) { - usageNode := gjson.ParseBytes(data).Get("response.usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if cached := usageNode.Get("input_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("output_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail, true -} - -func parseOpenAIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - inputNode := usageNode.Get("prompt_tokens") - if !inputNode.Exists() { - inputNode = usageNode.Get("input_tokens") - } - outputNode := usageNode.Get("completion_tokens") - if !outputNode.Exists() { - outputNode = usageNode.Get("output_tokens") - } - detail := usage.Detail{ - InputTokens: inputNode.Int(), - OutputTokens: outputNode.Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - cached := usageNode.Get("prompt_tokens_details.cached_tokens") - if !cached.Exists() { - cached = usageNode.Get("input_tokens_details.cached_tokens") - } - if cached.Exists() { - detail.CachedTokens = cached.Int() - } - reasoning := usageNode.Get("completion_tokens_details.reasoning_tokens") - if !reasoning.Exists() { - reasoning = usageNode.Get("output_tokens_details.reasoning_tokens") - } - if reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail -} - -func parseOpenAIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("prompt_tokens").Int(), - OutputTokens: usageNode.Get("completion_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if cached := usageNode.Get("prompt_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("completion_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail, true -} - -func parseOpenAIResponsesUsageDetail(usageNode gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - } - if cached := usageNode.Get("input_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("output_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail -} - -func parseOpenAIResponsesUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - return parseOpenAIResponsesUsageDetail(usageNode) -} - -func parseOpenAIResponsesStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - return parseOpenAIResponsesUsageDetail(usageNode), true -} - -func parseClaudeUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - // fall back to creation tokens when read tokens are absent - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail -} - -func parseClaudeStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail, true -} - -func parseGeminiFamilyUsageDetail(node gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: node.Get("promptTokenCount").Int(), - OutputTokens: node.Get("candidatesTokenCount").Int(), - ReasoningTokens: node.Get("thoughtsTokenCount").Int(), - TotalTokens: node.Get("totalTokenCount").Int(), - CachedTokens: node.Get("cachedContentTokenCount").Int(), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - return detail -} - -func parseGeminiCLIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("response.usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("usageMetadata") - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseGeminiCLIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseAntigravityUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("usageMetadata") - } - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseAntigravityStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usageMetadata") - } - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -var stopChunkWithoutUsage sync.Map - -func rememberStopWithoutUsage(traceID string) { - stopChunkWithoutUsage.Store(traceID, struct{}{}) - time.AfterFunc(10*time.Minute, func() { stopChunkWithoutUsage.Delete(traceID) }) -} - -// FilterSSEUsageMetadata removes usageMetadata from SSE events that are not -// terminal (finishReason != "stop"). Stop chunks are left untouched. This -// function is shared between aistudio and antigravity executors. -func FilterSSEUsageMetadata(payload []byte) []byte { - if len(payload) == 0 { - return payload - } - - lines := bytes.Split(payload, []byte("\n")) - modified := false - foundData := false - for idx, line := range lines { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !bytes.HasPrefix(trimmed, []byte("data:")) { - continue - } - foundData = true - dataIdx := bytes.Index(line, []byte("data:")) - if dataIdx < 0 { - continue - } - rawJSON := bytes.TrimSpace(line[dataIdx+5:]) - traceID := gjson.GetBytes(rawJSON, "traceId").String() - if isStopChunkWithoutUsage(rawJSON) && traceID != "" { - rememberStopWithoutUsage(traceID) - continue - } - if traceID != "" { - if _, ok := stopChunkWithoutUsage.Load(traceID); ok && hasUsageMetadata(rawJSON) { - stopChunkWithoutUsage.Delete(traceID) - continue - } - } - - cleaned, changed := StripUsageMetadataFromJSON(rawJSON) - if !changed { - continue - } - var rebuilt []byte - rebuilt = append(rebuilt, line[:dataIdx]...) - rebuilt = append(rebuilt, []byte("data:")...) - if len(cleaned) > 0 { - rebuilt = append(rebuilt, ' ') - rebuilt = append(rebuilt, cleaned...) - } - lines[idx] = rebuilt - modified = true - } - if !modified { - if !foundData { - // Handle payloads that are raw JSON without SSE data: prefix. - trimmed := bytes.TrimSpace(payload) - cleaned, changed := StripUsageMetadataFromJSON(trimmed) - if !changed { - return payload - } - return cleaned - } - return payload - } - return bytes.Join(lines, []byte("\n")) -} - -// StripUsageMetadataFromJSON drops usageMetadata unless finishReason is present (terminal). -// It handles both formats: -// - Aistudio: candidates.0.finishReason -// - Antigravity: response.candidates.0.finishReason -func StripUsageMetadataFromJSON(rawJSON []byte) ([]byte, bool) { - jsonBytes := bytes.TrimSpace(rawJSON) - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return rawJSON, false - } - - // Check for finishReason in both aistudio and antigravity formats - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - terminalReason := finishReason.Exists() && strings.TrimSpace(finishReason.String()) != "" - - usageMetadata := gjson.GetBytes(jsonBytes, "usageMetadata") - if !usageMetadata.Exists() { - usageMetadata = gjson.GetBytes(jsonBytes, "response.usageMetadata") - } - - // Terminal chunk: keep as-is. - if terminalReason { - return rawJSON, false - } - - // Nothing to strip - if !usageMetadata.Exists() { - return rawJSON, false - } - - // Remove usageMetadata from both possible locations - cleaned := jsonBytes - var changed bool - - if usageMetadata = gjson.GetBytes(cleaned, "usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "usageMetadata") - changed = true - } - - if usageMetadata = gjson.GetBytes(cleaned, "response.usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "response.cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "response.usageMetadata") - changed = true - } - - return cleaned, changed -} - -func hasUsageMetadata(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - if gjson.GetBytes(jsonBytes, "usageMetadata").Exists() { - return true - } - if gjson.GetBytes(jsonBytes, "response.usageMetadata").Exists() { - return true - } - return false -} - -func isStopChunkWithoutUsage(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - trimmed := strings.TrimSpace(finishReason.String()) - if !finishReason.Exists() || trimmed == "" { - return false - } - return !hasUsageMetadata(jsonBytes) -} - -func jsonPayload(line []byte) []byte { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 { - return nil - } - if bytes.Equal(trimmed, []byte("[DONE]")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("event:")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("data:")) { - trimmed = bytes.TrimSpace(trimmed[len("data:"):]) - } - if len(trimmed) == 0 || trimmed[0] != '{' { - return nil - } - return trimmed -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/usage_helpers_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/usage_helpers_test.go deleted file mode 100644 index 337f108af7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/usage_helpers_test.go +++ /dev/null @@ -1,43 +0,0 @@ -package executor - -import "testing" - -func TestParseOpenAIUsageChatCompletions(t *testing.T) { - data := []byte(`{"usage":{"prompt_tokens":1,"completion_tokens":2,"total_tokens":3,"prompt_tokens_details":{"cached_tokens":4},"completion_tokens_details":{"reasoning_tokens":5}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 1 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 1) - } - if detail.OutputTokens != 2 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 2) - } - if detail.TotalTokens != 3 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 3) - } - if detail.CachedTokens != 4 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 4) - } - if detail.ReasoningTokens != 5 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 5) - } -} - -func TestParseOpenAIUsageResponses(t *testing.T) { - data := []byte(`{"usage":{"input_tokens":10,"output_tokens":20,"total_tokens":30,"input_tokens_details":{"cached_tokens":7},"output_tokens_details":{"reasoning_tokens":9}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 10 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 10) - } - if detail.OutputTokens != 20 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 20) - } - if detail.TotalTokens != 30 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 30) - } - if detail.CachedTokens != 7 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 7) - } - if detail.ReasoningTokens != 9 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 9) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/user_id_cache.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/user_id_cache.go deleted file mode 100644 index ff8efd9d1d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/user_id_cache.go +++ /dev/null @@ -1,89 +0,0 @@ -package executor - -import ( - "crypto/sha256" - "encoding/hex" - "sync" - "time" -) - -type userIDCacheEntry struct { - value string - expire time.Time -} - -var ( - userIDCache = make(map[string]userIDCacheEntry) - userIDCacheMu sync.RWMutex - userIDCacheCleanupOnce sync.Once -) - -const ( - userIDTTL = time.Hour - userIDCacheCleanupPeriod = 15 * time.Minute -) - -func startUserIDCacheCleanup() { - go func() { - ticker := time.NewTicker(userIDCacheCleanupPeriod) - defer ticker.Stop() - for range ticker.C { - purgeExpiredUserIDs() - } - }() -} - -func purgeExpiredUserIDs() { - now := time.Now() - userIDCacheMu.Lock() - for key, entry := range userIDCache { - if !entry.expire.After(now) { - delete(userIDCache, key) - } - } - userIDCacheMu.Unlock() -} - -func userIDCacheKey(apiKey string) string { - sum := sha256.Sum256([]byte(apiKey)) - return hex.EncodeToString(sum[:]) -} - -func cachedUserID(apiKey string) string { - if apiKey == "" { - return generateFakeUserID() - } - - userIDCacheCleanupOnce.Do(startUserIDCacheCleanup) - - key := userIDCacheKey(apiKey) - now := time.Now() - - userIDCacheMu.RLock() - entry, ok := userIDCache[key] - valid := ok && entry.value != "" && entry.expire.After(now) && isValidUserID(entry.value) - userIDCacheMu.RUnlock() - if valid { - userIDCacheMu.Lock() - entry = userIDCache[key] - if entry.value != "" && entry.expire.After(now) && isValidUserID(entry.value) { - entry.expire = now.Add(userIDTTL) - userIDCache[key] = entry - userIDCacheMu.Unlock() - return entry.value - } - userIDCacheMu.Unlock() - } - - newID := generateFakeUserID() - - userIDCacheMu.Lock() - entry, ok = userIDCache[key] - if !ok || entry.value == "" || !entry.expire.After(now) || !isValidUserID(entry.value) { - entry.value = newID - } - entry.expire = now.Add(userIDTTL) - userIDCache[key] = entry - userIDCacheMu.Unlock() - return entry.value -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/executor/user_id_cache_test.go b/.worktrees/config/m/config-build/active/internal/runtime/executor/user_id_cache_test.go deleted file mode 100644 index 420a3cad43..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/executor/user_id_cache_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package executor - -import ( - "testing" - "time" -) - -func resetUserIDCache() { - userIDCacheMu.Lock() - userIDCache = make(map[string]userIDCacheEntry) - userIDCacheMu.Unlock() -} - -func TestCachedUserID_ReusesWithinTTL(t *testing.T) { - resetUserIDCache() - - first := cachedUserID("api-key-1") - second := cachedUserID("api-key-1") - - if first == "" { - t.Fatal("expected generated user_id to be non-empty") - } - if first != second { - t.Fatalf("expected cached user_id to be reused, got %q and %q", first, second) - } -} - -func TestCachedUserID_ExpiresAfterTTL(t *testing.T) { - resetUserIDCache() - - expiredID := cachedUserID("api-key-expired") - cacheKey := userIDCacheKey("api-key-expired") - userIDCacheMu.Lock() - userIDCache[cacheKey] = userIDCacheEntry{ - value: expiredID, - expire: time.Now().Add(-time.Minute), - } - userIDCacheMu.Unlock() - - newID := cachedUserID("api-key-expired") - if newID == expiredID { - t.Fatalf("expected expired user_id to be replaced, got %q", newID) - } - if newID == "" { - t.Fatal("expected regenerated user_id to be non-empty") - } -} - -func TestCachedUserID_IsScopedByAPIKey(t *testing.T) { - resetUserIDCache() - - first := cachedUserID("api-key-1") - second := cachedUserID("api-key-2") - - if first == second { - t.Fatalf("expected different API keys to have different user_ids, got %q", first) - } -} - -func TestCachedUserID_RenewsTTLOnHit(t *testing.T) { - resetUserIDCache() - - key := "api-key-renew" - id := cachedUserID(key) - cacheKey := userIDCacheKey(key) - - soon := time.Now() - userIDCacheMu.Lock() - userIDCache[cacheKey] = userIDCacheEntry{ - value: id, - expire: soon.Add(2 * time.Second), - } - userIDCacheMu.Unlock() - - if refreshed := cachedUserID(key); refreshed != id { - t.Fatalf("expected cached user_id to be reused before expiry, got %q", refreshed) - } - - userIDCacheMu.RLock() - entry := userIDCache[cacheKey] - userIDCacheMu.RUnlock() - - if entry.expire.Sub(soon) < 30*time.Minute { - t.Fatalf("expected TTL to renew, got %v remaining", entry.expire.Sub(soon)) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/runtime/geminicli/state.go b/.worktrees/config/m/config-build/active/internal/runtime/geminicli/state.go deleted file mode 100644 index e323b44bf2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/runtime/geminicli/state.go +++ /dev/null @@ -1,144 +0,0 @@ -package geminicli - -import ( - "strings" - "sync" -) - -// SharedCredential keeps canonical OAuth metadata for a multi-project Gemini CLI login. -type SharedCredential struct { - primaryID string - email string - metadata map[string]any - projectIDs []string - mu sync.RWMutex -} - -// NewSharedCredential builds a shared credential container for the given primary entry. -func NewSharedCredential(primaryID, email string, metadata map[string]any, projectIDs []string) *SharedCredential { - return &SharedCredential{ - primaryID: strings.TrimSpace(primaryID), - email: strings.TrimSpace(email), - metadata: cloneMap(metadata), - projectIDs: cloneStrings(projectIDs), - } -} - -// PrimaryID returns the owning credential identifier. -func (s *SharedCredential) PrimaryID() string { - if s == nil { - return "" - } - return s.primaryID -} - -// Email returns the associated account email. -func (s *SharedCredential) Email() string { - if s == nil { - return "" - } - return s.email -} - -// ProjectIDs returns a snapshot of the configured project identifiers. -func (s *SharedCredential) ProjectIDs() []string { - if s == nil { - return nil - } - return cloneStrings(s.projectIDs) -} - -// MetadataSnapshot returns a deep copy of the stored OAuth metadata. -func (s *SharedCredential) MetadataSnapshot() map[string]any { - if s == nil { - return nil - } - s.mu.RLock() - defer s.mu.RUnlock() - return cloneMap(s.metadata) -} - -// MergeMetadata merges the provided fields into the shared metadata and returns an updated copy. -func (s *SharedCredential) MergeMetadata(values map[string]any) map[string]any { - if s == nil { - return nil - } - if len(values) == 0 { - return s.MetadataSnapshot() - } - s.mu.Lock() - defer s.mu.Unlock() - if s.metadata == nil { - s.metadata = make(map[string]any, len(values)) - } - for k, v := range values { - if v == nil { - delete(s.metadata, k) - continue - } - s.metadata[k] = v - } - return cloneMap(s.metadata) -} - -// SetProjectIDs updates the stored project identifiers. -func (s *SharedCredential) SetProjectIDs(ids []string) { - if s == nil { - return - } - s.mu.Lock() - s.projectIDs = cloneStrings(ids) - s.mu.Unlock() -} - -// VirtualCredential tracks a per-project virtual auth entry that reuses a primary credential. -type VirtualCredential struct { - ProjectID string - Parent *SharedCredential -} - -// NewVirtualCredential creates a virtual credential descriptor bound to the shared parent. -func NewVirtualCredential(projectID string, parent *SharedCredential) *VirtualCredential { - return &VirtualCredential{ProjectID: strings.TrimSpace(projectID), Parent: parent} -} - -// ResolveSharedCredential returns the shared credential backing the provided runtime payload. -func ResolveSharedCredential(runtime any) *SharedCredential { - switch typed := runtime.(type) { - case *SharedCredential: - return typed - case *VirtualCredential: - return typed.Parent - default: - return nil - } -} - -// IsVirtual reports whether the runtime payload represents a virtual credential. -func IsVirtual(runtime any) bool { - if runtime == nil { - return false - } - _, ok := runtime.(*VirtualCredential) - return ok -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func cloneStrings(in []string) []string { - if len(in) == 0 { - return nil - } - out := make([]string, len(in)) - copy(out, in) - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/store/gitstore.go b/.worktrees/config/m/config-build/active/internal/store/gitstore.go deleted file mode 100644 index c8db660cb3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/store/gitstore.go +++ /dev/null @@ -1,771 +0,0 @@ -package store - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/go-git/go-git/v6" - "github.com/go-git/go-git/v6/config" - "github.com/go-git/go-git/v6/plumbing" - "github.com/go-git/go-git/v6/plumbing/object" - "github.com/go-git/go-git/v6/plumbing/transport" - "github.com/go-git/go-git/v6/plumbing/transport/http" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// gcInterval defines minimum time between garbage collection runs. -const gcInterval = 5 * time.Minute - -// GitTokenStore persists token records and auth metadata using git as the backing storage. -type GitTokenStore struct { - mu sync.Mutex - dirLock sync.RWMutex - baseDir string - repoDir string - configDir string - remote string - username string - password string - lastGC time.Time -} - -// NewGitTokenStore creates a token store that saves credentials to disk through the -// TokenStorage implementation embedded in the token record. -func NewGitTokenStore(remote, username, password string) *GitTokenStore { - return &GitTokenStore{ - remote: remote, - username: username, - password: password, - } -} - -// SetBaseDir updates the default directory used for auth JSON persistence when no explicit path is provided. -func (s *GitTokenStore) SetBaseDir(dir string) { - clean := strings.TrimSpace(dir) - if clean == "" { - s.dirLock.Lock() - s.baseDir = "" - s.repoDir = "" - s.configDir = "" - s.dirLock.Unlock() - return - } - if abs, err := filepath.Abs(clean); err == nil { - clean = abs - } - repoDir := filepath.Dir(clean) - if repoDir == "" || repoDir == "." { - repoDir = clean - } - configDir := filepath.Join(repoDir, "config") - s.dirLock.Lock() - s.baseDir = clean - s.repoDir = repoDir - s.configDir = configDir - s.dirLock.Unlock() -} - -// AuthDir returns the directory used for auth persistence. -func (s *GitTokenStore) AuthDir() string { - return s.baseDirSnapshot() -} - -// ConfigPath returns the managed config file path. -func (s *GitTokenStore) ConfigPath() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - if s.configDir == "" { - return "" - } - return filepath.Join(s.configDir, "config.yaml") -} - -// EnsureRepository prepares the local git working tree by cloning or opening the repository. -func (s *GitTokenStore) EnsureRepository() error { - s.dirLock.Lock() - if s.remote == "" { - s.dirLock.Unlock() - return fmt.Errorf("git token store: remote not configured") - } - if s.baseDir == "" { - s.dirLock.Unlock() - return fmt.Errorf("git token store: base directory not configured") - } - repoDir := s.repoDir - if repoDir == "" { - repoDir = filepath.Dir(s.baseDir) - if repoDir == "" || repoDir == "." { - repoDir = s.baseDir - } - s.repoDir = repoDir - } - if s.configDir == "" { - s.configDir = filepath.Join(repoDir, "config") - } - authDir := filepath.Join(repoDir, "auths") - configDir := filepath.Join(repoDir, "config") - gitDir := filepath.Join(repoDir, ".git") - authMethod := s.gitAuth() - var initPaths []string - if _, err := os.Stat(gitDir); errors.Is(err, fs.ErrNotExist) { - if errMk := os.MkdirAll(repoDir, 0o700); errMk != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create repo dir: %w", errMk) - } - if _, errClone := git.PlainClone(repoDir, &git.CloneOptions{Auth: authMethod, URL: s.remote}); errClone != nil { - if errors.Is(errClone, transport.ErrEmptyRemoteRepository) { - _ = os.RemoveAll(gitDir) - repo, errInit := git.PlainInit(repoDir, false) - if errInit != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: init empty repo: %w", errInit) - } - if _, errRemote := repo.Remote("origin"); errRemote != nil { - if _, errCreate := repo.CreateRemote(&config.RemoteConfig{ - Name: "origin", - URLs: []string{s.remote}, - }); errCreate != nil && !errors.Is(errCreate, git.ErrRemoteExists) { - s.dirLock.Unlock() - return fmt.Errorf("git token store: configure remote: %w", errCreate) - } - } - if err := os.MkdirAll(authDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth dir: %w", err) - } - if err := os.MkdirAll(configDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config dir: %w", err) - } - if err := ensureEmptyFile(filepath.Join(authDir, ".gitkeep")); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth placeholder: %w", err) - } - if err := ensureEmptyFile(filepath.Join(configDir, ".gitkeep")); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config placeholder: %w", err) - } - initPaths = []string{ - filepath.Join("auths", ".gitkeep"), - filepath.Join("config", ".gitkeep"), - } - } else { - s.dirLock.Unlock() - return fmt.Errorf("git token store: clone remote: %w", errClone) - } - } - } else if err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: stat repo: %w", err) - } else { - repo, errOpen := git.PlainOpen(repoDir) - if errOpen != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: open repo: %w", errOpen) - } - worktree, errWorktree := repo.Worktree() - if errWorktree != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: worktree: %w", errWorktree) - } - if errPull := worktree.Pull(&git.PullOptions{Auth: authMethod, RemoteName: "origin"}); errPull != nil { - switch { - case errors.Is(errPull, git.NoErrAlreadyUpToDate), - errors.Is(errPull, git.ErrUnstagedChanges), - errors.Is(errPull, git.ErrNonFastForwardUpdate): - // Ignore clean syncs, local edits, and remote divergence—local changes win. - case errors.Is(errPull, transport.ErrAuthenticationRequired), - errors.Is(errPull, plumbing.ErrReferenceNotFound), - errors.Is(errPull, transport.ErrEmptyRemoteRepository): - // Ignore authentication prompts and empty remote references on initial sync. - default: - s.dirLock.Unlock() - return fmt.Errorf("git token store: pull: %w", errPull) - } - } - } - if err := os.MkdirAll(s.baseDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth dir: %w", err) - } - if err := os.MkdirAll(s.configDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config dir: %w", err) - } - s.dirLock.Unlock() - if len(initPaths) > 0 { - s.mu.Lock() - err := s.commitAndPushLocked("Initialize git token store", initPaths...) - s.mu.Unlock() - if err != nil { - return err - } - } - return nil -} - -// Save persists token storage and metadata to the resolved auth file path. -func (s *GitTokenStore) Save(_ context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("auth filestore: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); os.IsNotExist(statErr) { - return "", nil - } - } - - if err = s.EnsureRepository(); err != nil { - return "", err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("auth filestore: create dir failed: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("auth filestore: marshal metadata failed: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if !os.IsNotExist(errRead) { - return "", fmt.Errorf("auth filestore: read existing failed: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("auth filestore: write temp failed: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("auth filestore: rename failed: %w", errRename) - } - default: - return "", fmt.Errorf("auth filestore: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - relPath, errRel := s.relativeToRepo(path) - if errRel != nil { - return "", errRel - } - messageID := auth.ID - if strings.TrimSpace(messageID) == "" { - messageID = filepath.Base(path) - } - if errCommit := s.commitAndPushLocked(fmt.Sprintf("Update auth %s", strings.TrimSpace(messageID)), relPath); errCommit != nil { - return "", errCommit - } - - return path, nil -} - -// List enumerates all auth JSON files under the configured directory. -func (s *GitTokenStore) List(_ context.Context) ([]*cliproxyauth.Auth, error) { - if err := s.EnsureRepository(); err != nil { - return nil, err - } - dir := s.baseDirSnapshot() - if dir == "" { - return nil, fmt.Errorf("auth filestore: directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, err - } - return entries, nil -} - -// Delete removes the auth file. -func (s *GitTokenStore) Delete(_ context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("auth filestore: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - if err = s.EnsureRepository(); err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("auth filestore: delete failed: %w", err) - } - if err == nil { - rel, errRel := s.relativeToRepo(path) - if errRel != nil { - return errRel - } - messageID := id - if errCommit := s.commitAndPushLocked(fmt.Sprintf("Delete auth %s", messageID), rel); errCommit != nil { - return errCommit - } - } - return nil -} - -// PersistAuthFiles commits and pushes the provided paths to the remote repository. -// It no-ops when the store is not fully configured or when there are no paths. -func (s *GitTokenStore) PersistAuthFiles(_ context.Context, message string, paths ...string) error { - if len(paths) == 0 { - return nil - } - if err := s.EnsureRepository(); err != nil { - return err - } - - filtered := make([]string, 0, len(paths)) - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - rel, err := s.relativeToRepo(trimmed) - if err != nil { - return err - } - filtered = append(filtered, rel) - } - if len(filtered) == 0 { - return nil - } - - s.mu.Lock() - defer s.mu.Unlock() - - if strings.TrimSpace(message) == "" { - message = "Sync watcher updates" - } - return s.commitAndPushLocked(message, filtered...) -} - -func (s *GitTokenStore) resolveDeletePath(id string) (string, error) { - if strings.ContainsRune(id, os.PathSeparator) || filepath.IsAbs(id) { - return id, nil - } - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return filepath.Join(dir, id), nil -} - -func (s *GitTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat file: %w", err) - } - id := s.idFor(path, baseDir) - auth := &cliproxyauth.Auth{ - ID: id, - Provider: provider, - FileName: id, - Label: s.labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: map[string]string{"path": path}, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - if email, ok := metadata["email"].(string); ok && email != "" { - auth.Attributes["email"] = email - } - return auth, nil -} - -func (s *GitTokenStore) idFor(path, baseDir string) string { - if baseDir == "" { - return path - } - rel, err := filepath.Rel(baseDir, path) - if err != nil { - return path - } - return rel -} - -func (s *GitTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - return p, nil - } - } - if fileName := strings.TrimSpace(auth.FileName); fileName != "" { - if filepath.IsAbs(fileName) { - return fileName, nil - } - if dir := s.baseDirSnapshot(); dir != "" { - return filepath.Join(dir, fileName), nil - } - return fileName, nil - } - if auth.ID == "" { - return "", fmt.Errorf("auth filestore: missing id") - } - if filepath.IsAbs(auth.ID) { - return auth.ID, nil - } - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return filepath.Join(dir, auth.ID), nil -} - -func (s *GitTokenStore) labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v, ok := metadata["label"].(string); ok && v != "" { - return v - } - if v, ok := metadata["email"].(string); ok && v != "" { - return v - } - if project, ok := metadata["project_id"].(string); ok && project != "" { - return project - } - return "" -} - -func (s *GitTokenStore) baseDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.baseDir -} - -func (s *GitTokenStore) repoDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.repoDir -} - -func (s *GitTokenStore) gitAuth() transport.AuthMethod { - if s.username == "" && s.password == "" { - return nil - } - user := s.username - if user == "" { - user = "git" - } - return &http.BasicAuth{Username: user, Password: s.password} -} - -func (s *GitTokenStore) relativeToRepo(path string) (string, error) { - repoDir := s.repoDirSnapshot() - if repoDir == "" { - return "", fmt.Errorf("git token store: repository path not configured") - } - absRepo := repoDir - if abs, err := filepath.Abs(repoDir); err == nil { - absRepo = abs - } - cleanPath := path - if abs, err := filepath.Abs(path); err == nil { - cleanPath = abs - } - rel, err := filepath.Rel(absRepo, cleanPath) - if err != nil { - return "", fmt.Errorf("git token store: relative path: %w", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("git token store: path outside repository") - } - return rel, nil -} - -func (s *GitTokenStore) commitAndPushLocked(message string, relPaths ...string) error { - repoDir := s.repoDirSnapshot() - if repoDir == "" { - return fmt.Errorf("git token store: repository path not configured") - } - repo, err := git.PlainOpen(repoDir) - if err != nil { - return fmt.Errorf("git token store: open repo: %w", err) - } - worktree, err := repo.Worktree() - if err != nil { - return fmt.Errorf("git token store: worktree: %w", err) - } - added := false - for _, rel := range relPaths { - if strings.TrimSpace(rel) == "" { - continue - } - if _, err = worktree.Add(rel); err != nil { - if errors.Is(err, os.ErrNotExist) { - if _, errRemove := worktree.Remove(rel); errRemove != nil && !errors.Is(errRemove, os.ErrNotExist) { - return fmt.Errorf("git token store: remove %s: %w", rel, errRemove) - } - } else { - return fmt.Errorf("git token store: add %s: %w", rel, err) - } - } - added = true - } - if !added { - return nil - } - status, err := worktree.Status() - if err != nil { - return fmt.Errorf("git token store: status: %w", err) - } - if status.IsClean() { - return nil - } - if strings.TrimSpace(message) == "" { - message = "Update auth store" - } - signature := &object.Signature{ - Name: "CLIProxyAPI", - Email: "cliproxy@local", - When: time.Now(), - } - commitHash, err := worktree.Commit(message, &git.CommitOptions{ - Author: signature, - }) - if err != nil { - if errors.Is(err, git.ErrEmptyCommit) { - return nil - } - return fmt.Errorf("git token store: commit: %w", err) - } - headRef, errHead := repo.Head() - if errHead != nil { - if !errors.Is(errHead, plumbing.ErrReferenceNotFound) { - return fmt.Errorf("git token store: get head: %w", errHead) - } - } else if errRewrite := s.rewriteHeadAsSingleCommit(repo, headRef.Name(), commitHash, message, signature); errRewrite != nil { - return errRewrite - } - s.maybeRunGC(repo) - if err = repo.Push(&git.PushOptions{Auth: s.gitAuth(), Force: true}); err != nil { - if errors.Is(err, git.NoErrAlreadyUpToDate) { - return nil - } - return fmt.Errorf("git token store: push: %w", err) - } - return nil -} - -// rewriteHeadAsSingleCommit rewrites the current branch tip to a single-parentless commit and leaves history squashed. -func (s *GitTokenStore) rewriteHeadAsSingleCommit(repo *git.Repository, branch plumbing.ReferenceName, commitHash plumbing.Hash, message string, signature *object.Signature) error { - commitObj, err := repo.CommitObject(commitHash) - if err != nil { - return fmt.Errorf("git token store: inspect head commit: %w", err) - } - squashed := &object.Commit{ - Author: *signature, - Committer: *signature, - Message: message, - TreeHash: commitObj.TreeHash, - ParentHashes: nil, - Encoding: commitObj.Encoding, - ExtraHeaders: commitObj.ExtraHeaders, - } - mem := &plumbing.MemoryObject{} - mem.SetType(plumbing.CommitObject) - if err := squashed.Encode(mem); err != nil { - return fmt.Errorf("git token store: encode squashed commit: %w", err) - } - newHash, err := repo.Storer.SetEncodedObject(mem) - if err != nil { - return fmt.Errorf("git token store: write squashed commit: %w", err) - } - if err := repo.Storer.SetReference(plumbing.NewHashReference(branch, newHash)); err != nil { - return fmt.Errorf("git token store: update branch reference: %w", err) - } - return nil -} - -func (s *GitTokenStore) maybeRunGC(repo *git.Repository) { - now := time.Now() - if now.Sub(s.lastGC) < gcInterval { - return - } - s.lastGC = now - - pruneOpts := git.PruneOptions{ - OnlyObjectsOlderThan: now, - Handler: repo.DeleteObject, - } - if err := repo.Prune(pruneOpts); err != nil && !errors.Is(err, git.ErrLooseObjectsNotSupported) { - return - } - _ = repo.RepackObjects(&git.RepackConfig{}) -} - -// PersistConfig commits and pushes configuration changes to git. -func (s *GitTokenStore) PersistConfig(_ context.Context) error { - if err := s.EnsureRepository(); err != nil { - return err - } - configPath := s.ConfigPath() - if configPath == "" { - return fmt.Errorf("git token store: config path not configured") - } - if _, err := os.Stat(configPath); err != nil { - if errors.Is(err, fs.ErrNotExist) { - return nil - } - return fmt.Errorf("git token store: stat config: %w", err) - } - s.mu.Lock() - defer s.mu.Unlock() - rel, err := s.relativeToRepo(configPath) - if err != nil { - return err - } - return s.commitAndPushLocked("Update config", rel) -} - -func ensureEmptyFile(path string) error { - if _, err := os.Stat(path); err != nil { - if errors.Is(err, fs.ErrNotExist) { - return os.WriteFile(path, []byte{}, 0o600) - } - return err - } - return nil -} - -func jsonEqual(a, b []byte) bool { - var objA any - var objB any - if err := json.Unmarshal(a, &objA); err != nil { - return false - } - if err := json.Unmarshal(b, &objB); err != nil { - return false - } - return deepEqualJSON(objA, objB) -} - -func deepEqualJSON(a, b any) bool { - switch valA := a.(type) { - case map[string]any: - valB, ok := b.(map[string]any) - if !ok || len(valA) != len(valB) { - return false - } - for key, subA := range valA { - subB, ok1 := valB[key] - if !ok1 || !deepEqualJSON(subA, subB) { - return false - } - } - return true - case []any: - sliceB, ok := b.([]any) - if !ok || len(valA) != len(sliceB) { - return false - } - for i := range valA { - if !deepEqualJSON(valA[i], sliceB[i]) { - return false - } - } - return true - case float64: - valB, ok := b.(float64) - if !ok { - return false - } - return valA == valB - case string: - valB, ok := b.(string) - if !ok { - return false - } - return valA == valB - case bool: - valB, ok := b.(bool) - if !ok { - return false - } - return valA == valB - case nil: - return b == nil - default: - return false - } -} diff --git a/.worktrees/config/m/config-build/active/internal/store/objectstore.go b/.worktrees/config/m/config-build/active/internal/store/objectstore.go deleted file mode 100644 index 8492eab7b5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/store/objectstore.go +++ /dev/null @@ -1,619 +0,0 @@ -package store - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "io" - "io/fs" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/minio/minio-go/v7" - "github.com/minio/minio-go/v7/pkg/credentials" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -const ( - objectStoreConfigKey = "config/config.yaml" - objectStoreAuthPrefix = "auths" -) - -// ObjectStoreConfig captures configuration for the object storage-backed token store. -type ObjectStoreConfig struct { - Endpoint string - Bucket string - AccessKey string - SecretKey string - Region string - Prefix string - LocalRoot string - UseSSL bool - PathStyle bool -} - -// ObjectTokenStore persists configuration and authentication metadata using an S3-compatible object storage backend. -// Files are mirrored to a local workspace so existing file-based flows continue to operate. -type ObjectTokenStore struct { - client *minio.Client - cfg ObjectStoreConfig - spoolRoot string - configPath string - authDir string - mu sync.Mutex -} - -// NewObjectTokenStore initializes an object storage backed token store. -func NewObjectTokenStore(cfg ObjectStoreConfig) (*ObjectTokenStore, error) { - cfg.Endpoint = strings.TrimSpace(cfg.Endpoint) - cfg.Bucket = strings.TrimSpace(cfg.Bucket) - cfg.AccessKey = strings.TrimSpace(cfg.AccessKey) - cfg.SecretKey = strings.TrimSpace(cfg.SecretKey) - cfg.Prefix = strings.Trim(cfg.Prefix, "/") - - if cfg.Endpoint == "" { - return nil, fmt.Errorf("object store: endpoint is required") - } - if cfg.Bucket == "" { - return nil, fmt.Errorf("object store: bucket is required") - } - if cfg.AccessKey == "" { - return nil, fmt.Errorf("object store: access key is required") - } - if cfg.SecretKey == "" { - return nil, fmt.Errorf("object store: secret key is required") - } - - root := strings.TrimSpace(cfg.LocalRoot) - if root == "" { - if cwd, err := os.Getwd(); err == nil { - root = filepath.Join(cwd, "objectstore") - } else { - root = filepath.Join(os.TempDir(), "objectstore") - } - } - absRoot, err := filepath.Abs(root) - if err != nil { - return nil, fmt.Errorf("object store: resolve spool directory: %w", err) - } - - configDir := filepath.Join(absRoot, "config") - authDir := filepath.Join(absRoot, "auths") - - if err = os.MkdirAll(configDir, 0o700); err != nil { - return nil, fmt.Errorf("object store: create config directory: %w", err) - } - if err = os.MkdirAll(authDir, 0o700); err != nil { - return nil, fmt.Errorf("object store: create auth directory: %w", err) - } - - options := &minio.Options{ - Creds: credentials.NewStaticV4(cfg.AccessKey, cfg.SecretKey, ""), - Secure: cfg.UseSSL, - Region: cfg.Region, - } - if cfg.PathStyle { - options.BucketLookup = minio.BucketLookupPath - } - - client, err := minio.New(cfg.Endpoint, options) - if err != nil { - return nil, fmt.Errorf("object store: create client: %w", err) - } - - return &ObjectTokenStore{ - client: client, - cfg: cfg, - spoolRoot: absRoot, - configPath: filepath.Join(configDir, "config.yaml"), - authDir: authDir, - }, nil -} - -// SetBaseDir implements the optional interface used by authenticators; it is a no-op because -// the object store controls its own workspace. -func (s *ObjectTokenStore) SetBaseDir(string) {} - -// ConfigPath returns the managed configuration file path inside the spool directory. -func (s *ObjectTokenStore) ConfigPath() string { - if s == nil { - return "" - } - return s.configPath -} - -// AuthDir returns the local directory containing mirrored auth files. -func (s *ObjectTokenStore) AuthDir() string { - if s == nil { - return "" - } - return s.authDir -} - -// Bootstrap ensures the target bucket exists and synchronizes data from the object storage backend. -func (s *ObjectTokenStore) Bootstrap(ctx context.Context, exampleConfigPath string) error { - if s == nil { - return fmt.Errorf("object store: not initialized") - } - if err := s.ensureBucket(ctx); err != nil { - return err - } - if err := s.syncConfigFromBucket(ctx, exampleConfigPath); err != nil { - return err - } - if err := s.syncAuthFromBucket(ctx); err != nil { - return err - } - return nil -} - -// Save persists authentication metadata to disk and uploads it to the object storage backend. -func (s *ObjectTokenStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("object store: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("object store: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); errors.Is(statErr, fs.ErrNotExist) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("object store: create auth directory: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("object store: marshal metadata: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if errRead != nil && !errors.Is(errRead, fs.ErrNotExist) { - return "", fmt.Errorf("object store: read existing metadata: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("object store: write temp auth file: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("object store: rename auth file: %w", errRename) - } - default: - return "", fmt.Errorf("object store: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - if err = s.uploadAuth(ctx, path); err != nil { - return "", err - } - return path, nil -} - -// List enumerates auth JSON files from the mirrored workspace. -func (s *ObjectTokenStore) List(_ context.Context) ([]*cliproxyauth.Auth, error) { - dir := strings.TrimSpace(s.AuthDir()) - if dir == "" { - return nil, fmt.Errorf("object store: auth directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0, 32) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - log.WithError(err).Warnf("object store: skip auth %s", path) - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, fmt.Errorf("object store: walk auth directory: %w", err) - } - return entries, nil -} - -// Delete removes an auth file locally and remotely. -func (s *ObjectTokenStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("object store: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !errors.Is(err, fs.ErrNotExist) { - return fmt.Errorf("object store: delete auth file: %w", err) - } - if err = s.deleteAuthObject(ctx, path); err != nil { - return err - } - return nil -} - -// PersistAuthFiles uploads the provided auth files to the object storage backend. -func (s *ObjectTokenStore) PersistAuthFiles(ctx context.Context, _ string, paths ...string) error { - if len(paths) == 0 { - return nil - } - - s.mu.Lock() - defer s.mu.Unlock() - - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - abs := trimmed - if !filepath.IsAbs(abs) { - abs = filepath.Join(s.authDir, trimmed) - } - if err := s.uploadAuth(ctx, abs); err != nil { - return err - } - } - return nil -} - -// PersistConfig uploads the local configuration file to the object storage backend. -func (s *ObjectTokenStore) PersistConfig(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - data, err := os.ReadFile(s.configPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteObject(ctx, objectStoreConfigKey) - } - return fmt.Errorf("object store: read config file: %w", err) - } - if len(data) == 0 { - return s.deleteObject(ctx, objectStoreConfigKey) - } - return s.putObject(ctx, objectStoreConfigKey, data, "application/x-yaml") -} - -func (s *ObjectTokenStore) ensureBucket(ctx context.Context) error { - exists, err := s.client.BucketExists(ctx, s.cfg.Bucket) - if err != nil { - return fmt.Errorf("object store: check bucket: %w", err) - } - if exists { - return nil - } - if err = s.client.MakeBucket(ctx, s.cfg.Bucket, minio.MakeBucketOptions{Region: s.cfg.Region}); err != nil { - return fmt.Errorf("object store: create bucket: %w", err) - } - return nil -} - -func (s *ObjectTokenStore) syncConfigFromBucket(ctx context.Context, example string) error { - key := s.prefixedKey(objectStoreConfigKey) - _, err := s.client.StatObject(ctx, s.cfg.Bucket, key, minio.StatObjectOptions{}) - switch { - case err == nil: - object, errGet := s.client.GetObject(ctx, s.cfg.Bucket, key, minio.GetObjectOptions{}) - if errGet != nil { - return fmt.Errorf("object store: fetch config: %w", errGet) - } - defer object.Close() - data, errRead := io.ReadAll(object) - if errRead != nil { - return fmt.Errorf("object store: read config: %w", errRead) - } - if errWrite := os.WriteFile(s.configPath, normalizeLineEndingsBytes(data), 0o600); errWrite != nil { - return fmt.Errorf("object store: write config: %w", errWrite) - } - case isObjectNotFound(err): - if _, statErr := os.Stat(s.configPath); errors.Is(statErr, fs.ErrNotExist) { - if example != "" { - if errCopy := misc.CopyConfigTemplate(example, s.configPath); errCopy != nil { - return fmt.Errorf("object store: copy example config: %w", errCopy) - } - } else { - if errCreate := os.MkdirAll(filepath.Dir(s.configPath), 0o700); errCreate != nil { - return fmt.Errorf("object store: prepare config directory: %w", errCreate) - } - if errWrite := os.WriteFile(s.configPath, []byte{}, 0o600); errWrite != nil { - return fmt.Errorf("object store: create empty config: %w", errWrite) - } - } - } - data, errRead := os.ReadFile(s.configPath) - if errRead != nil { - return fmt.Errorf("object store: read local config: %w", errRead) - } - if len(data) > 0 { - if errPut := s.putObject(ctx, objectStoreConfigKey, data, "application/x-yaml"); errPut != nil { - return errPut - } - } - default: - return fmt.Errorf("object store: stat config: %w", err) - } - return nil -} - -func (s *ObjectTokenStore) syncAuthFromBucket(ctx context.Context) error { - // NOTE: We intentionally do NOT use os.RemoveAll here. - // Wiping the directory triggers file watcher delete events, which then - // propagate deletions to the remote object store (race condition). - // Instead, we just ensure the directory exists and overwrite files incrementally. - if err := os.MkdirAll(s.authDir, 0o700); err != nil { - return fmt.Errorf("object store: create auth directory: %w", err) - } - - prefix := s.prefixedKey(objectStoreAuthPrefix + "/") - objectCh := s.client.ListObjects(ctx, s.cfg.Bucket, minio.ListObjectsOptions{ - Prefix: prefix, - Recursive: true, - }) - for object := range objectCh { - if object.Err != nil { - return fmt.Errorf("object store: list auth objects: %w", object.Err) - } - rel := strings.TrimPrefix(object.Key, prefix) - if rel == "" || strings.HasSuffix(rel, "/") { - continue - } - relPath := filepath.FromSlash(rel) - if filepath.IsAbs(relPath) { - log.WithField("key", object.Key).Warn("object store: skip auth outside mirror") - continue - } - cleanRel := filepath.Clean(relPath) - if cleanRel == "." || cleanRel == ".." || strings.HasPrefix(cleanRel, ".."+string(os.PathSeparator)) { - log.WithField("key", object.Key).Warn("object store: skip auth outside mirror") - continue - } - local := filepath.Join(s.authDir, cleanRel) - if err := os.MkdirAll(filepath.Dir(local), 0o700); err != nil { - return fmt.Errorf("object store: prepare auth subdir: %w", err) - } - reader, errGet := s.client.GetObject(ctx, s.cfg.Bucket, object.Key, minio.GetObjectOptions{}) - if errGet != nil { - return fmt.Errorf("object store: download auth %s: %w", object.Key, errGet) - } - data, errRead := io.ReadAll(reader) - _ = reader.Close() - if errRead != nil { - return fmt.Errorf("object store: read auth %s: %w", object.Key, errRead) - } - if errWrite := os.WriteFile(local, data, 0o600); errWrite != nil { - return fmt.Errorf("object store: write auth %s: %w", local, errWrite) - } - } - return nil -} - -func (s *ObjectTokenStore) uploadAuth(ctx context.Context, path string) error { - if path == "" { - return nil - } - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return fmt.Errorf("object store: resolve auth relative path: %w", err) - } - data, err := os.ReadFile(path) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteAuthObject(ctx, path) - } - return fmt.Errorf("object store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthObject(ctx, path) - } - key := objectStoreAuthPrefix + "/" + filepath.ToSlash(rel) - return s.putObject(ctx, key, data, "application/json") -} - -func (s *ObjectTokenStore) deleteAuthObject(ctx context.Context, path string) error { - if path == "" { - return nil - } - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return fmt.Errorf("object store: resolve auth relative path: %w", err) - } - key := objectStoreAuthPrefix + "/" + filepath.ToSlash(rel) - return s.deleteObject(ctx, key) -} - -func (s *ObjectTokenStore) putObject(ctx context.Context, key string, data []byte, contentType string) error { - if len(data) == 0 { - return s.deleteObject(ctx, key) - } - fullKey := s.prefixedKey(key) - reader := bytes.NewReader(data) - _, err := s.client.PutObject(ctx, s.cfg.Bucket, fullKey, reader, int64(len(data)), minio.PutObjectOptions{ - ContentType: contentType, - }) - if err != nil { - return fmt.Errorf("object store: put object %s: %w", fullKey, err) - } - return nil -} - -func (s *ObjectTokenStore) deleteObject(ctx context.Context, key string) error { - fullKey := s.prefixedKey(key) - err := s.client.RemoveObject(ctx, s.cfg.Bucket, fullKey, minio.RemoveObjectOptions{}) - if err != nil { - if isObjectNotFound(err) { - return nil - } - return fmt.Errorf("object store: delete object %s: %w", fullKey, err) - } - return nil -} - -func (s *ObjectTokenStore) prefixedKey(key string) string { - key = strings.TrimLeft(key, "/") - if s.cfg.Prefix == "" { - return key - } - return strings.TrimLeft(s.cfg.Prefix+"/"+key, "/") -} - -func (s *ObjectTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("object store: auth is nil") - } - if auth.Attributes != nil { - if path := strings.TrimSpace(auth.Attributes["path"]); path != "" { - if filepath.IsAbs(path) { - return path, nil - } - return filepath.Join(s.authDir, path), nil - } - } - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - fileName = strings.TrimSpace(auth.ID) - } - if fileName == "" { - return "", fmt.Errorf("object store: auth %s missing filename", auth.ID) - } - if !strings.HasSuffix(strings.ToLower(fileName), ".json") { - fileName += ".json" - } - return filepath.Join(s.authDir, fileName), nil -} - -func (s *ObjectTokenStore) resolveDeletePath(id string) (string, error) { - id = strings.TrimSpace(id) - if id == "" { - return "", fmt.Errorf("object store: id is empty") - } - // Absolute paths are honored as-is; callers must ensure they point inside the mirror. - if filepath.IsAbs(id) { - return id, nil - } - // Treat any non-absolute id (including nested like "team/foo") as relative to the mirror authDir. - // Normalize separators and guard against path traversal. - clean := filepath.Clean(filepath.FromSlash(id)) - if clean == "." || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("object store: invalid auth identifier %s", id) - } - // Ensure .json suffix. - if !strings.HasSuffix(strings.ToLower(clean), ".json") { - clean += ".json" - } - return filepath.Join(s.authDir, clean), nil -} - -func (s *ObjectTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider := strings.TrimSpace(valueAsString(metadata["type"])) - if provider == "" { - provider = "unknown" - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat auth file: %w", err) - } - rel, errRel := filepath.Rel(baseDir, path) - if errRel != nil { - rel = filepath.Base(path) - } - rel = normalizeAuthID(rel) - attr := map[string]string{"path": path} - if email := strings.TrimSpace(valueAsString(metadata["email"])); email != "" { - attr["email"] = email - } - auth := &cliproxyauth.Auth{ - ID: rel, - Provider: provider, - FileName: rel, - Label: labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - return auth, nil -} - -func normalizeLineEndingsBytes(data []byte) []byte { - replaced := bytes.ReplaceAll(data, []byte{'\r', '\n'}, []byte{'\n'}) - return bytes.ReplaceAll(replaced, []byte{'\r'}, []byte{'\n'}) -} - -func isObjectNotFound(err error) bool { - if err == nil { - return false - } - resp := minio.ToErrorResponse(err) - if resp.StatusCode == http.StatusNotFound { - return true - } - switch resp.Code { - case "NoSuchKey", "NotFound", "NoSuchBucket": - return true - } - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/store/postgresstore.go b/.worktrees/config/m/config-build/active/internal/store/postgresstore.go deleted file mode 100644 index a18f45f8bb..0000000000 --- a/.worktrees/config/m/config-build/active/internal/store/postgresstore.go +++ /dev/null @@ -1,665 +0,0 @@ -package store - -import ( - "context" - "database/sql" - "encoding/json" - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - - _ "github.com/jackc/pgx/v5/stdlib" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -const ( - defaultConfigTable = "config_store" - defaultAuthTable = "auth_store" - defaultConfigKey = "config" -) - -// PostgresStoreConfig captures configuration required to initialize a Postgres-backed store. -type PostgresStoreConfig struct { - DSN string - Schema string - ConfigTable string - AuthTable string - SpoolDir string -} - -// PostgresStore persists configuration and authentication metadata using PostgreSQL as backend -// while mirroring data to a local workspace so existing file-based workflows continue to operate. -type PostgresStore struct { - db *sql.DB - cfg PostgresStoreConfig - spoolRoot string - configPath string - authDir string - mu sync.Mutex -} - -// NewPostgresStore establishes a connection to PostgreSQL and prepares the local workspace. -func NewPostgresStore(ctx context.Context, cfg PostgresStoreConfig) (*PostgresStore, error) { - trimmedDSN := strings.TrimSpace(cfg.DSN) - if trimmedDSN == "" { - return nil, fmt.Errorf("postgres store: DSN is required") - } - cfg.DSN = trimmedDSN - if cfg.ConfigTable == "" { - cfg.ConfigTable = defaultConfigTable - } - if cfg.AuthTable == "" { - cfg.AuthTable = defaultAuthTable - } - - spoolRoot := strings.TrimSpace(cfg.SpoolDir) - if spoolRoot == "" { - if cwd, err := os.Getwd(); err == nil { - spoolRoot = filepath.Join(cwd, "pgstore") - } else { - spoolRoot = filepath.Join(os.TempDir(), "pgstore") - } - } - absSpool, err := filepath.Abs(spoolRoot) - if err != nil { - return nil, fmt.Errorf("postgres store: resolve spool directory: %w", err) - } - configDir := filepath.Join(absSpool, "config") - authDir := filepath.Join(absSpool, "auths") - if err = os.MkdirAll(configDir, 0o700); err != nil { - return nil, fmt.Errorf("postgres store: create config directory: %w", err) - } - if err = os.MkdirAll(authDir, 0o700); err != nil { - return nil, fmt.Errorf("postgres store: create auth directory: %w", err) - } - - db, err := sql.Open("pgx", cfg.DSN) - if err != nil { - return nil, fmt.Errorf("postgres store: open database connection: %w", err) - } - if err = db.PingContext(ctx); err != nil { - _ = db.Close() - return nil, fmt.Errorf("postgres store: ping database: %w", err) - } - - store := &PostgresStore{ - db: db, - cfg: cfg, - spoolRoot: absSpool, - configPath: filepath.Join(configDir, "config.yaml"), - authDir: authDir, - } - return store, nil -} - -// Close releases the underlying database connection. -func (s *PostgresStore) Close() error { - if s == nil || s.db == nil { - return nil - } - return s.db.Close() -} - -// EnsureSchema creates the required tables (and schema when provided). -func (s *PostgresStore) EnsureSchema(ctx context.Context) error { - if s == nil || s.db == nil { - return fmt.Errorf("postgres store: not initialized") - } - if schema := strings.TrimSpace(s.cfg.Schema); schema != "" { - query := fmt.Sprintf("CREATE SCHEMA IF NOT EXISTS %s", quoteIdentifier(schema)) - if _, err := s.db.ExecContext(ctx, query); err != nil { - return fmt.Errorf("postgres store: create schema: %w", err) - } - } - configTable := s.fullTableName(s.cfg.ConfigTable) - if _, err := s.db.ExecContext(ctx, fmt.Sprintf(` - CREATE TABLE IF NOT EXISTS %s ( - id TEXT PRIMARY KEY, - content TEXT NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() - ) - `, configTable)); err != nil { - return fmt.Errorf("postgres store: create config table: %w", err) - } - authTable := s.fullTableName(s.cfg.AuthTable) - if _, err := s.db.ExecContext(ctx, fmt.Sprintf(` - CREATE TABLE IF NOT EXISTS %s ( - id TEXT PRIMARY KEY, - content JSONB NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() - ) - `, authTable)); err != nil { - return fmt.Errorf("postgres store: create auth table: %w", err) - } - return nil -} - -// Bootstrap synchronizes configuration and auth records between PostgreSQL and the local workspace. -func (s *PostgresStore) Bootstrap(ctx context.Context, exampleConfigPath string) error { - if err := s.EnsureSchema(ctx); err != nil { - return err - } - if err := s.syncConfigFromDatabase(ctx, exampleConfigPath); err != nil { - return err - } - if err := s.syncAuthFromDatabase(ctx); err != nil { - return err - } - return nil -} - -// ConfigPath returns the managed configuration file path inside the spool directory. -func (s *PostgresStore) ConfigPath() string { - if s == nil { - return "" - } - return s.configPath -} - -// AuthDir returns the local directory containing mirrored auth files. -func (s *PostgresStore) AuthDir() string { - if s == nil { - return "" - } - return s.authDir -} - -// WorkDir exposes the root spool directory used for mirroring. -func (s *PostgresStore) WorkDir() string { - if s == nil { - return "" - } - return s.spoolRoot -} - -// SetBaseDir implements the optional interface used by authenticators; it is a no-op because -// the Postgres-backed store controls its own workspace. -func (s *PostgresStore) SetBaseDir(string) {} - -// Save persists authentication metadata to disk and PostgreSQL. -func (s *PostgresStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("postgres store: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("postgres store: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); errors.Is(statErr, fs.ErrNotExist) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("postgres store: create auth directory: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("postgres store: marshal metadata: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if errRead != nil && !errors.Is(errRead, fs.ErrNotExist) { - return "", fmt.Errorf("postgres store: read existing metadata: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("postgres store: write temp auth file: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("postgres store: rename auth file: %w", errRename) - } - default: - return "", fmt.Errorf("postgres store: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - relID, err := s.relativeAuthID(path) - if err != nil { - return "", err - } - if err = s.upsertAuthRecord(ctx, relID, path); err != nil { - return "", err - } - return path, nil -} - -// List enumerates all auth records stored in PostgreSQL. -func (s *PostgresStore) List(ctx context.Context) ([]*cliproxyauth.Auth, error) { - query := fmt.Sprintf("SELECT id, content, created_at, updated_at FROM %s ORDER BY id", s.fullTableName(s.cfg.AuthTable)) - rows, err := s.db.QueryContext(ctx, query) - if err != nil { - return nil, fmt.Errorf("postgres store: list auth: %w", err) - } - defer rows.Close() - - auths := make([]*cliproxyauth.Auth, 0, 32) - for rows.Next() { - var ( - id string - payload string - createdAt time.Time - updatedAt time.Time - ) - if err = rows.Scan(&id, &payload, &createdAt, &updatedAt); err != nil { - return nil, fmt.Errorf("postgres store: scan auth row: %w", err) - } - path, errPath := s.absoluteAuthPath(id) - if errPath != nil { - log.WithError(errPath).Warnf("postgres store: skipping auth %s outside spool", id) - continue - } - metadata := make(map[string]any) - if err = json.Unmarshal([]byte(payload), &metadata); err != nil { - log.WithError(err).Warnf("postgres store: skipping auth %s with invalid json", id) - continue - } - provider := strings.TrimSpace(valueAsString(metadata["type"])) - if provider == "" { - provider = "unknown" - } - attr := map[string]string{"path": path} - if email := strings.TrimSpace(valueAsString(metadata["email"])); email != "" { - attr["email"] = email - } - auth := &cliproxyauth.Auth{ - ID: normalizeAuthID(id), - Provider: provider, - FileName: normalizeAuthID(id), - Label: labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: createdAt, - UpdatedAt: updatedAt, - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - auths = append(auths, auth) - } - if err = rows.Err(); err != nil { - return nil, fmt.Errorf("postgres store: iterate auth rows: %w", err) - } - return auths, nil -} - -// Delete removes an auth file and the corresponding database record. -func (s *PostgresStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("postgres store: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !errors.Is(err, fs.ErrNotExist) { - return fmt.Errorf("postgres store: delete auth file: %w", err) - } - relID, err := s.relativeAuthID(path) - if err != nil { - return err - } - return s.deleteAuthRecord(ctx, relID) -} - -// PersistAuthFiles stores the provided auth file changes in PostgreSQL. -func (s *PostgresStore) PersistAuthFiles(ctx context.Context, _ string, paths ...string) error { - if len(paths) == 0 { - return nil - } - s.mu.Lock() - defer s.mu.Unlock() - - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - relID, err := s.relativeAuthID(trimmed) - if err != nil { - // Attempt to resolve absolute path under authDir. - abs := trimmed - if !filepath.IsAbs(abs) { - abs = filepath.Join(s.authDir, trimmed) - } - relID, err = s.relativeAuthID(abs) - if err != nil { - log.WithError(err).Warnf("postgres store: ignoring auth path %s", trimmed) - continue - } - trimmed = abs - } - if err = s.syncAuthFile(ctx, relID, trimmed); err != nil { - return err - } - } - return nil -} - -// PersistConfig mirrors the local configuration file to PostgreSQL. -func (s *PostgresStore) PersistConfig(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - data, err := os.ReadFile(s.configPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteConfigRecord(ctx) - } - return fmt.Errorf("postgres store: read config file: %w", err) - } - return s.persistConfig(ctx, data) -} - -// syncConfigFromDatabase writes the database-stored config to disk or seeds the database from template. -func (s *PostgresStore) syncConfigFromDatabase(ctx context.Context, exampleConfigPath string) error { - query := fmt.Sprintf("SELECT content FROM %s WHERE id = $1", s.fullTableName(s.cfg.ConfigTable)) - var content string - err := s.db.QueryRowContext(ctx, query, defaultConfigKey).Scan(&content) - switch { - case errors.Is(err, sql.ErrNoRows): - if _, errStat := os.Stat(s.configPath); errors.Is(errStat, fs.ErrNotExist) { - if exampleConfigPath != "" { - if errCopy := misc.CopyConfigTemplate(exampleConfigPath, s.configPath); errCopy != nil { - return fmt.Errorf("postgres store: copy example config: %w", errCopy) - } - } else { - if errCreate := os.MkdirAll(filepath.Dir(s.configPath), 0o700); errCreate != nil { - return fmt.Errorf("postgres store: prepare config directory: %w", errCreate) - } - if errWrite := os.WriteFile(s.configPath, []byte{}, 0o600); errWrite != nil { - return fmt.Errorf("postgres store: create empty config: %w", errWrite) - } - } - } - data, errRead := os.ReadFile(s.configPath) - if errRead != nil { - return fmt.Errorf("postgres store: read local config: %w", errRead) - } - if errPersist := s.persistConfig(ctx, data); errPersist != nil { - return errPersist - } - case err != nil: - return fmt.Errorf("postgres store: load config from database: %w", err) - default: - if err = os.MkdirAll(filepath.Dir(s.configPath), 0o700); err != nil { - return fmt.Errorf("postgres store: prepare config directory: %w", err) - } - normalized := normalizeLineEndings(content) - if err = os.WriteFile(s.configPath, []byte(normalized), 0o600); err != nil { - return fmt.Errorf("postgres store: write config to spool: %w", err) - } - } - return nil -} - -// syncAuthFromDatabase populates the local auth directory from PostgreSQL data. -func (s *PostgresStore) syncAuthFromDatabase(ctx context.Context) error { - query := fmt.Sprintf("SELECT id, content FROM %s", s.fullTableName(s.cfg.AuthTable)) - rows, err := s.db.QueryContext(ctx, query) - if err != nil { - return fmt.Errorf("postgres store: load auth from database: %w", err) - } - defer rows.Close() - - if err = os.RemoveAll(s.authDir); err != nil { - return fmt.Errorf("postgres store: reset auth directory: %w", err) - } - if err = os.MkdirAll(s.authDir, 0o700); err != nil { - return fmt.Errorf("postgres store: recreate auth directory: %w", err) - } - - for rows.Next() { - var ( - id string - payload string - ) - if err = rows.Scan(&id, &payload); err != nil { - return fmt.Errorf("postgres store: scan auth row: %w", err) - } - path, errPath := s.absoluteAuthPath(id) - if errPath != nil { - log.WithError(errPath).Warnf("postgres store: skipping auth %s outside spool", id) - continue - } - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return fmt.Errorf("postgres store: create auth subdir: %w", err) - } - if err = os.WriteFile(path, []byte(payload), 0o600); err != nil { - return fmt.Errorf("postgres store: write auth file: %w", err) - } - } - if err = rows.Err(); err != nil { - return fmt.Errorf("postgres store: iterate auth rows: %w", err) - } - return nil -} - -func (s *PostgresStore) syncAuthFile(ctx context.Context, relID, path string) error { - data, err := os.ReadFile(path) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteAuthRecord(ctx, relID) - } - return fmt.Errorf("postgres store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthRecord(ctx, relID) - } - return s.persistAuth(ctx, relID, data) -} - -func (s *PostgresStore) upsertAuthRecord(ctx context.Context, relID, path string) error { - data, err := os.ReadFile(path) - if err != nil { - return fmt.Errorf("postgres store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthRecord(ctx, relID) - } - return s.persistAuth(ctx, relID, data) -} - -func (s *PostgresStore) persistAuth(ctx context.Context, relID string, data []byte) error { - jsonPayload := json.RawMessage(data) - query := fmt.Sprintf(` - INSERT INTO %s (id, content, created_at, updated_at) - VALUES ($1, $2, NOW(), NOW()) - ON CONFLICT (id) - DO UPDATE SET content = EXCLUDED.content, updated_at = NOW() - `, s.fullTableName(s.cfg.AuthTable)) - if _, err := s.db.ExecContext(ctx, query, relID, jsonPayload); err != nil { - return fmt.Errorf("postgres store: upsert auth record: %w", err) - } - return nil -} - -func (s *PostgresStore) deleteAuthRecord(ctx context.Context, relID string) error { - query := fmt.Sprintf("DELETE FROM %s WHERE id = $1", s.fullTableName(s.cfg.AuthTable)) - if _, err := s.db.ExecContext(ctx, query, relID); err != nil { - return fmt.Errorf("postgres store: delete auth record: %w", err) - } - return nil -} - -func (s *PostgresStore) persistConfig(ctx context.Context, data []byte) error { - query := fmt.Sprintf(` - INSERT INTO %s (id, content, created_at, updated_at) - VALUES ($1, $2, NOW(), NOW()) - ON CONFLICT (id) - DO UPDATE SET content = EXCLUDED.content, updated_at = NOW() - `, s.fullTableName(s.cfg.ConfigTable)) - normalized := normalizeLineEndings(string(data)) - if _, err := s.db.ExecContext(ctx, query, defaultConfigKey, normalized); err != nil { - return fmt.Errorf("postgres store: upsert config: %w", err) - } - return nil -} - -func (s *PostgresStore) deleteConfigRecord(ctx context.Context) error { - query := fmt.Sprintf("DELETE FROM %s WHERE id = $1", s.fullTableName(s.cfg.ConfigTable)) - if _, err := s.db.ExecContext(ctx, query, defaultConfigKey); err != nil { - return fmt.Errorf("postgres store: delete config: %w", err) - } - return nil -} - -func (s *PostgresStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("postgres store: auth is nil") - } - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - return p, nil - } - } - if fileName := strings.TrimSpace(auth.FileName); fileName != "" { - if filepath.IsAbs(fileName) { - return fileName, nil - } - return filepath.Join(s.authDir, fileName), nil - } - if auth.ID == "" { - return "", fmt.Errorf("postgres store: missing id") - } - if filepath.IsAbs(auth.ID) { - return auth.ID, nil - } - return filepath.Join(s.authDir, filepath.FromSlash(auth.ID)), nil -} - -func (s *PostgresStore) resolveDeletePath(id string) (string, error) { - if strings.ContainsRune(id, os.PathSeparator) || filepath.IsAbs(id) { - return id, nil - } - return filepath.Join(s.authDir, filepath.FromSlash(id)), nil -} - -func (s *PostgresStore) relativeAuthID(path string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - if !filepath.IsAbs(path) { - path = filepath.Join(s.authDir, path) - } - clean := filepath.Clean(path) - rel, err := filepath.Rel(s.authDir, clean) - if err != nil { - return "", fmt.Errorf("postgres store: compute relative path: %w", err) - } - if strings.HasPrefix(rel, "..") { - return "", fmt.Errorf("postgres store: path %s outside managed directory", path) - } - return filepath.ToSlash(rel), nil -} - -func (s *PostgresStore) absoluteAuthPath(id string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - clean := filepath.Clean(filepath.FromSlash(id)) - if strings.HasPrefix(clean, "..") { - return "", fmt.Errorf("postgres store: invalid auth identifier %s", id) - } - path := filepath.Join(s.authDir, clean) - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return "", err - } - if strings.HasPrefix(rel, "..") { - return "", fmt.Errorf("postgres store: resolved auth path escapes auth directory") - } - return path, nil -} - -func (s *PostgresStore) fullTableName(name string) string { - if strings.TrimSpace(s.cfg.Schema) == "" { - return quoteIdentifier(name) - } - return quoteIdentifier(s.cfg.Schema) + "." + quoteIdentifier(name) -} - -func quoteIdentifier(identifier string) string { - replaced := strings.ReplaceAll(identifier, "\"", "\"\"") - return "\"" + replaced + "\"" -} - -func valueAsString(v any) string { - switch t := v.(type) { - case string: - return t - case fmt.Stringer: - return t.String() - default: - return "" - } -} - -func labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v := strings.TrimSpace(valueAsString(metadata["label"])); v != "" { - return v - } - if v := strings.TrimSpace(valueAsString(metadata["email"])); v != "" { - return v - } - if v := strings.TrimSpace(valueAsString(metadata["project_id"])); v != "" { - return v - } - return "" -} - -func normalizeAuthID(id string) string { - return filepath.ToSlash(filepath.Clean(id)) -} - -func normalizeLineEndings(s string) string { - if s == "" { - return s - } - s = strings.ReplaceAll(s, "\r\n", "\n") - s = strings.ReplaceAll(s, "\r", "\n") - return s -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/apply.go deleted file mode 100644 index 8a5a1d7d27..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/apply.go +++ /dev/null @@ -1,501 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -package thinking - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// providerAppliers maps provider names to their ProviderApplier implementations. -var providerAppliers = map[string]ProviderApplier{ - "gemini": nil, - "gemini-cli": nil, - "claude": nil, - "openai": nil, - "codex": nil, - "iflow": nil, - "antigravity": nil, - "kimi": nil, -} - -// GetProviderApplier returns the ProviderApplier for the given provider name. -// Returns nil if the provider is not registered. -func GetProviderApplier(provider string) ProviderApplier { - return providerAppliers[provider] -} - -// RegisterProvider registers a provider applier by name. -func RegisterProvider(name string, applier ProviderApplier) { - providerAppliers[name] = applier -} - -// IsUserDefinedModel reports whether the model is a user-defined model that should -// have thinking configuration passed through without validation. -// -// User-defined models are configured via config file's models[] array -// (e.g., openai-compatibility.*.models[], *-api-key.models[]). These models -// are marked with UserDefined=true at registration time. -// -// User-defined models should have their thinking configuration applied directly, -// letting the upstream service validate the configuration. -func IsUserDefinedModel(modelInfo *registry.ModelInfo) bool { - if modelInfo == nil { - return true - } - return modelInfo.UserDefined -} - -// ApplyThinking applies thinking configuration to a request body. -// -// This is the unified entry point for all providers. It follows the processing -// order defined in FR25: route check → model capability query → config extraction -// → validation → application. -// -// Suffix Priority: When the model name includes a thinking suffix (e.g., "gemini-2.5-pro(8192)"), -// the suffix configuration takes priority over any thinking parameters in the request body. -// This enables users to override thinking settings via the model name without modifying their -// request payload. -// -// Parameters: -// - body: Original request body JSON -// - model: Model name, optionally with thinking suffix (e.g., "claude-sonnet-4-5(16384)") -// - fromFormat: Source request format (e.g., openai, codex, gemini) -// - toFormat: Target provider format for the request body (gemini, gemini-cli, antigravity, claude, openai, codex, iflow) -// - providerKey: Provider identifier used for registry model lookups (may differ from toFormat, e.g., openrouter -> openai) -// -// Returns: -// - Modified request body JSON with thinking configuration applied -// - Error if validation fails (ThinkingError). On error, the original body -// is returned (not nil) to enable defensive programming patterns. -// -// Passthrough behavior (returns original body without error): -// - Unknown provider (not in providerAppliers map) -// - modelInfo.Thinking is nil (model doesn't support thinking) -// -// Note: Unknown models (modelInfo is nil) are treated as user-defined models: we skip -// validation and still apply the thinking config so the upstream can validate it. -// -// Example: -// -// // With suffix - suffix config takes priority -// result, err := thinking.ApplyThinking(body, "gemini-2.5-pro(8192)", "gemini", "gemini", "gemini") -// -// // Without suffix - uses body config -// result, err := thinking.ApplyThinking(body, "gemini-2.5-pro", "gemini", "gemini", "gemini") -func ApplyThinking(body []byte, model string, fromFormat string, toFormat string, providerKey string) ([]byte, error) { - providerFormat := strings.ToLower(strings.TrimSpace(toFormat)) - providerKey = strings.ToLower(strings.TrimSpace(providerKey)) - if providerKey == "" { - providerKey = providerFormat - } - fromFormat = strings.ToLower(strings.TrimSpace(fromFormat)) - if fromFormat == "" { - fromFormat = providerFormat - } - // 1. Route check: Get provider applier - applier := GetProviderApplier(providerFormat) - if applier == nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": model, - }).Debug("thinking: unknown provider, passthrough |") - return body, nil - } - - // 2. Parse suffix and get modelInfo - suffixResult := ParseSuffix(model) - baseModel := suffixResult.ModelName - // Use provider-specific lookup to handle capability differences across providers. - modelInfo := registry.LookupModelInfo(baseModel, providerKey) - - // 3. Model capability check - // Unknown models are treated as user-defined so thinking config can still be applied. - // The upstream service is responsible for validating the configuration. - if IsUserDefinedModel(modelInfo) { - return applyUserDefinedModel(body, modelInfo, fromFormat, providerFormat, suffixResult) - } - if modelInfo.Thinking == nil { - config := extractThinkingConfig(body, providerFormat) - if hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "model": baseModel, - "provider": providerFormat, - }).Debug("thinking: model does not support thinking, stripping config |") - return StripThinkingConfig(body, providerFormat), nil - } - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": baseModel, - }).Debug("thinking: model does not support thinking, passthrough |") - return body, nil - } - - // 4. Get config: suffix priority over body - var config ThinkingConfig - if suffixResult.HasSuffix { - config = parseSuffixToConfig(suffixResult.RawSuffix, providerFormat, model) - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": model, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: config from model suffix |") - } else { - config = extractThinkingConfig(body, providerFormat) - if hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: original config from request |") - } - } - - if !hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - }).Debug("thinking: no config found, passthrough |") - return body, nil - } - - // 5. Validate and normalize configuration - validated, err := ValidateConfig(config, modelInfo, fromFormat, providerFormat, suffixResult.HasSuffix) - if err != nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - "error": err.Error(), - }).Warn("thinking: validation failed |") - // Return original body on validation failure (defensive programming). - // This ensures callers who ignore the error won't receive nil body. - // The upstream service will decide how to handle the unmodified request. - return body, err - } - - // Defensive check: ValidateConfig should never return (nil, nil) - if validated == nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - }).Warn("thinking: ValidateConfig returned nil config without error, passthrough |") - return body, nil - } - - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - "mode": validated.Mode, - "budget": validated.Budget, - "level": validated.Level, - }).Debug("thinking: processed config to apply |") - - // 6. Apply configuration using provider-specific applier - return applier.Apply(body, *validated, modelInfo) -} - -// parseSuffixToConfig converts a raw suffix string to ThinkingConfig. -// -// Parsing priority: -// 1. Special values: "none" → ModeNone, "auto"/"-1" → ModeAuto -// 2. Level names: "minimal", "low", "medium", "high", "xhigh" → ModeLevel -// 3. Numeric values: positive integers → ModeBudget, 0 → ModeNone -// -// If none of the above match, returns empty ThinkingConfig (treated as no config). -func parseSuffixToConfig(rawSuffix, provider, model string) ThinkingConfig { - // 1. Try special values first (none, auto, -1) - if mode, ok := ParseSpecialSuffix(rawSuffix); ok { - switch mode { - case ModeNone: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case ModeAuto: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - } - } - - // 2. Try level parsing (minimal, low, medium, high, xhigh) - if level, ok := ParseLevelSuffix(rawSuffix); ok { - return ThinkingConfig{Mode: ModeLevel, Level: level} - } - - // 3. Try numeric parsing - if budget, ok := ParseNumericSuffix(rawSuffix); ok { - if budget == 0 { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeBudget, Budget: budget} - } - - // Unknown suffix format - return empty config - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "raw_suffix": rawSuffix, - }).Debug("thinking: unknown suffix format, treating as no config |") - return ThinkingConfig{} -} - -// applyUserDefinedModel applies thinking configuration for user-defined models -// without ThinkingSupport validation. -func applyUserDefinedModel(body []byte, modelInfo *registry.ModelInfo, fromFormat, toFormat string, suffixResult SuffixResult) ([]byte, error) { - // Get model ID for logging - modelID := "" - if modelInfo != nil { - modelID = modelInfo.ID - } else { - modelID = suffixResult.ModelName - } - - // Get config: suffix priority over body - var config ThinkingConfig - if suffixResult.HasSuffix { - config = parseSuffixToConfig(suffixResult.RawSuffix, toFormat, modelID) - } else { - config = extractThinkingConfig(body, toFormat) - } - - if !hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "model": modelID, - "provider": toFormat, - }).Debug("thinking: user-defined model, passthrough (no config) |") - return body, nil - } - - applier := GetProviderApplier(toFormat) - if applier == nil { - log.WithFields(log.Fields{ - "model": modelID, - "provider": toFormat, - }).Debug("thinking: user-defined model, passthrough (unknown provider) |") - return body, nil - } - - log.WithFields(log.Fields{ - "provider": toFormat, - "model": modelID, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: applying config for user-defined model (skip validation)") - - config = normalizeUserDefinedConfig(config, fromFormat, toFormat) - return applier.Apply(body, config, modelInfo) -} - -func normalizeUserDefinedConfig(config ThinkingConfig, fromFormat, toFormat string) ThinkingConfig { - if config.Mode != ModeLevel { - return config - } - if !isBudgetBasedProvider(toFormat) || !isLevelBasedProvider(fromFormat) { - return config - } - budget, ok := ConvertLevelToBudget(string(config.Level)) - if !ok { - return config - } - config.Mode = ModeBudget - config.Budget = budget - config.Level = "" - return config -} - -// extractThinkingConfig extracts provider-specific thinking config from request body. -func extractThinkingConfig(body []byte, provider string) ThinkingConfig { - if len(body) == 0 || !gjson.ValidBytes(body) { - return ThinkingConfig{} - } - - switch provider { - case "claude": - return extractClaudeConfig(body) - case "gemini", "gemini-cli", "antigravity": - return extractGeminiConfig(body, provider) - case "openai": - return extractOpenAIConfig(body) - case "codex": - return extractCodexConfig(body) - case "iflow": - config := extractIFlowConfig(body) - if hasThinkingConfig(config) { - return config - } - return extractOpenAIConfig(body) - case "kimi": - // Kimi uses OpenAI-compatible reasoning_effort format - return extractOpenAIConfig(body) - default: - return ThinkingConfig{} - } -} - -func hasThinkingConfig(config ThinkingConfig) bool { - return config.Mode != ModeBudget || config.Budget != 0 || config.Level != "" -} - -// extractClaudeConfig extracts thinking configuration from Claude format request body. -// -// Claude API format: -// - thinking.type: "enabled" or "disabled" -// - thinking.budget_tokens: integer (-1=auto, 0=disabled, >0=budget) -// -// Priority: thinking.type="disabled" takes precedence over budget_tokens. -// When type="enabled" without budget_tokens, returns ModeAuto to indicate -// the user wants thinking enabled but didn't specify a budget. -func extractClaudeConfig(body []byte) ThinkingConfig { - thinkingType := gjson.GetBytes(body, "thinking.type").String() - if thinkingType == "disabled" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - // Check budget_tokens - if budget := gjson.GetBytes(body, "thinking.budget_tokens"); budget.Exists() { - value := int(budget.Int()) - switch value { - case 0: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case -1: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeBudget, Budget: value} - } - } - - // If type="enabled" but no budget_tokens, treat as auto (user wants thinking but no budget specified) - if thinkingType == "enabled" { - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - } - - return ThinkingConfig{} -} - -// extractGeminiConfig extracts thinking configuration from Gemini format request body. -// -// Gemini API format: -// - generationConfig.thinkingConfig.thinkingLevel: "none", "auto", or level name (Gemini 3) -// - generationConfig.thinkingConfig.thinkingBudget: integer (Gemini 2.5) -// -// For gemini-cli and antigravity providers, the path is prefixed with "request.". -// -// Priority: thinkingLevel is checked first (Gemini 3 format), then thinkingBudget (Gemini 2.5 format). -// This allows newer Gemini 3 level-based configs to take precedence. -func extractGeminiConfig(body []byte, provider string) ThinkingConfig { - prefix := "generationConfig.thinkingConfig" - if provider == "gemini-cli" || provider == "antigravity" { - prefix = "request.generationConfig.thinkingConfig" - } - - // Check thinkingLevel first (Gemini 3 format takes precedence) - level := gjson.GetBytes(body, prefix+".thinkingLevel") - if !level.Exists() { - // Google official Gemini Python SDK sends snake_case field names - level = gjson.GetBytes(body, prefix+".thinking_level") - } - if level.Exists() { - value := level.String() - switch value { - case "none": - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case "auto": - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - } - - // Check thinkingBudget (Gemini 2.5 format) - budget := gjson.GetBytes(body, prefix+".thinkingBudget") - if !budget.Exists() { - // Google official Gemini Python SDK sends snake_case field names - budget = gjson.GetBytes(body, prefix+".thinking_budget") - } - if budget.Exists() { - value := int(budget.Int()) - switch value { - case 0: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case -1: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeBudget, Budget: value} - } - } - - return ThinkingConfig{} -} - -// extractOpenAIConfig extracts thinking configuration from OpenAI format request body. -// -// OpenAI API format: -// - reasoning_effort: "none", "low", "medium", "high" (discrete levels) -// -// OpenAI uses level-based thinking configuration only, no numeric budget support. -// The "none" value is treated specially to return ModeNone. -func extractOpenAIConfig(body []byte) ThinkingConfig { - // Check reasoning_effort (OpenAI Chat Completions format) - if effort := gjson.GetBytes(body, "reasoning_effort"); effort.Exists() { - value := effort.String() - if value == "none" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - - return ThinkingConfig{} -} - -// extractCodexConfig extracts thinking configuration from Codex format request body. -// -// Codex API format (OpenAI Responses API): -// - reasoning.effort: "none", "low", "medium", "high" -// -// This is similar to OpenAI but uses nested field "reasoning.effort" instead of "reasoning_effort". -func extractCodexConfig(body []byte) ThinkingConfig { - // Check reasoning.effort (Codex / OpenAI Responses API format) - if effort := gjson.GetBytes(body, "reasoning.effort"); effort.Exists() { - value := effort.String() - if value == "none" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - - return ThinkingConfig{} -} - -// extractIFlowConfig extracts thinking configuration from iFlow format request body. -// -// iFlow API format (supports multiple model families): -// - GLM format: chat_template_kwargs.enable_thinking (boolean) -// - MiniMax format: reasoning_split (boolean) -// -// Returns ModeBudget with Budget=1 as a sentinel value indicating "enabled". -// The actual budget/configuration is determined by the iFlow applier based on model capabilities. -// Budget=1 is used because iFlow models don't use numeric budgets; they only support on/off. -func extractIFlowConfig(body []byte) ThinkingConfig { - // GLM format: chat_template_kwargs.enable_thinking - if enabled := gjson.GetBytes(body, "chat_template_kwargs.enable_thinking"); enabled.Exists() { - if enabled.Bool() { - // Budget=1 is a sentinel meaning "enabled" (iFlow doesn't use numeric budgets) - return ThinkingConfig{Mode: ModeBudget, Budget: 1} - } - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - // MiniMax format: reasoning_split - if split := gjson.GetBytes(body, "reasoning_split"); split.Exists() { - if split.Bool() { - // Budget=1 is a sentinel meaning "enabled" (iFlow doesn't use numeric budgets) - return ThinkingConfig{Mode: ModeBudget, Budget: 1} - } - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - return ThinkingConfig{} -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/convert.go b/.worktrees/config/m/config-build/active/internal/thinking/convert.go deleted file mode 100644 index 776ccef605..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/convert.go +++ /dev/null @@ -1,142 +0,0 @@ -package thinking - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" -) - -// levelToBudgetMap defines the standard Level → Budget mapping. -// All keys are lowercase; lookups should use strings.ToLower. -var levelToBudgetMap = map[string]int{ - "none": 0, - "auto": -1, - "minimal": 512, - "low": 1024, - "medium": 8192, - "high": 24576, - "xhigh": 32768, -} - -// ConvertLevelToBudget converts a thinking level to a budget value. -// -// This is a semantic conversion that maps discrete levels to numeric budgets. -// Level matching is case-insensitive. -// -// Level → Budget mapping: -// - none → 0 -// - auto → -1 -// - minimal → 512 -// - low → 1024 -// - medium → 8192 -// - high → 24576 -// - xhigh → 32768 -// -// Returns: -// - budget: The converted budget value -// - ok: true if level is valid, false otherwise -func ConvertLevelToBudget(level string) (int, bool) { - budget, ok := levelToBudgetMap[strings.ToLower(level)] - return budget, ok -} - -// BudgetThreshold constants define the upper bounds for each thinking level. -// These are used by ConvertBudgetToLevel for range-based mapping. -const ( - // ThresholdMinimal is the upper bound for "minimal" level (1-512) - ThresholdMinimal = 512 - // ThresholdLow is the upper bound for "low" level (513-1024) - ThresholdLow = 1024 - // ThresholdMedium is the upper bound for "medium" level (1025-8192) - ThresholdMedium = 8192 - // ThresholdHigh is the upper bound for "high" level (8193-24576) - ThresholdHigh = 24576 -) - -// ConvertBudgetToLevel converts a budget value to the nearest thinking level. -// -// This is a semantic conversion that maps numeric budgets to discrete levels. -// Uses threshold-based mapping for range conversion. -// -// Budget → Level thresholds: -// - -1 → auto -// - 0 → none -// - 1-512 → minimal -// - 513-1024 → low -// - 1025-8192 → medium -// - 8193-24576 → high -// - 24577+ → xhigh -// -// Returns: -// - level: The converted thinking level string -// - ok: true if budget is valid, false for invalid negatives (< -1) -func ConvertBudgetToLevel(budget int) (string, bool) { - switch { - case budget < -1: - // Invalid negative values - return "", false - case budget == -1: - return string(LevelAuto), true - case budget == 0: - return string(LevelNone), true - case budget <= ThresholdMinimal: - return string(LevelMinimal), true - case budget <= ThresholdLow: - return string(LevelLow), true - case budget <= ThresholdMedium: - return string(LevelMedium), true - case budget <= ThresholdHigh: - return string(LevelHigh), true - default: - return string(LevelXHigh), true - } -} - -// ModelCapability describes the thinking format support of a model. -type ModelCapability int - -const ( - // CapabilityUnknown indicates modelInfo is nil (passthrough behavior, internal use). - CapabilityUnknown ModelCapability = iota - 1 - // CapabilityNone indicates model doesn't support thinking (Thinking is nil). - CapabilityNone - // CapabilityBudgetOnly indicates the model supports numeric budgets only. - CapabilityBudgetOnly - // CapabilityLevelOnly indicates the model supports discrete levels only. - CapabilityLevelOnly - // CapabilityHybrid indicates the model supports both budgets and levels. - CapabilityHybrid -) - -// detectModelCapability determines the thinking format capability of a model. -// -// This is an internal function used by validation and conversion helpers. -// It analyzes the model's ThinkingSupport configuration to classify the model: -// - CapabilityNone: modelInfo.Thinking is nil (model doesn't support thinking) -// - CapabilityBudgetOnly: Has Min/Max but no Levels (Claude, Gemini 2.5) -// - CapabilityLevelOnly: Has Levels but no Min/Max (OpenAI, iFlow) -// - CapabilityHybrid: Has both Min/Max and Levels (Gemini 3) -// -// Note: Returns a special sentinel value when modelInfo itself is nil (unknown model). -func detectModelCapability(modelInfo *registry.ModelInfo) ModelCapability { - if modelInfo == nil { - return CapabilityUnknown // sentinel for "passthrough" behavior - } - if modelInfo.Thinking == nil { - return CapabilityNone - } - support := modelInfo.Thinking - hasBudget := support.Min > 0 || support.Max > 0 - hasLevels := len(support.Levels) > 0 - - switch { - case hasBudget && hasLevels: - return CapabilityHybrid - case hasBudget: - return CapabilityBudgetOnly - case hasLevels: - return CapabilityLevelOnly - default: - return CapabilityNone - } -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/errors.go b/.worktrees/config/m/config-build/active/internal/thinking/errors.go deleted file mode 100644 index 5eed93814e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/errors.go +++ /dev/null @@ -1,82 +0,0 @@ -// Package thinking provides unified thinking configuration processing logic. -package thinking - -import "net/http" - -// ErrorCode represents the type of thinking configuration error. -type ErrorCode string - -// Error codes for thinking configuration processing. -const ( - // ErrInvalidSuffix indicates the suffix format cannot be parsed. - // Example: "model(abc" (missing closing parenthesis) - ErrInvalidSuffix ErrorCode = "INVALID_SUFFIX" - - // ErrUnknownLevel indicates the level value is not in the valid list. - // Example: "model(ultra)" where "ultra" is not a valid level - ErrUnknownLevel ErrorCode = "UNKNOWN_LEVEL" - - // ErrThinkingNotSupported indicates the model does not support thinking. - // Example: claude-haiku-4-5 does not have thinking capability - ErrThinkingNotSupported ErrorCode = "THINKING_NOT_SUPPORTED" - - // ErrLevelNotSupported indicates the model does not support level mode. - // Example: using level with a budget-only model - ErrLevelNotSupported ErrorCode = "LEVEL_NOT_SUPPORTED" - - // ErrBudgetOutOfRange indicates the budget value is outside model range. - // Example: budget 64000 exceeds max 20000 - ErrBudgetOutOfRange ErrorCode = "BUDGET_OUT_OF_RANGE" - - // ErrProviderMismatch indicates the provider does not match the model. - // Example: applying Claude format to a Gemini model - ErrProviderMismatch ErrorCode = "PROVIDER_MISMATCH" -) - -// ThinkingError represents an error that occurred during thinking configuration processing. -// -// This error type provides structured information about the error, including: -// - Code: A machine-readable error code for programmatic handling -// - Message: A human-readable description of the error -// - Model: The model name related to the error (optional) -// - Details: Additional context information (optional) -type ThinkingError struct { - // Code is the machine-readable error code - Code ErrorCode - // Message is the human-readable error description. - // Should be lowercase, no trailing period, with context if applicable. - Message string - // Model is the model name related to this error (optional) - Model string - // Details contains additional context information (optional) - Details map[string]interface{} -} - -// Error implements the error interface. -// Returns the message directly without code prefix. -// Use Code field for programmatic error handling. -func (e *ThinkingError) Error() string { - return e.Message -} - -// NewThinkingError creates a new ThinkingError with the given code and message. -func NewThinkingError(code ErrorCode, message string) *ThinkingError { - return &ThinkingError{ - Code: code, - Message: message, - } -} - -// NewThinkingErrorWithModel creates a new ThinkingError with model context. -func NewThinkingErrorWithModel(code ErrorCode, message, model string) *ThinkingError { - return &ThinkingError{ - Code: code, - Message: message, - Model: model, - } -} - -// StatusCode implements a portable status code interface for HTTP handlers. -func (e *ThinkingError) StatusCode() int { - return http.StatusBadRequest -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/antigravity/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/antigravity/apply.go deleted file mode 100644 index d202035fc6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/antigravity/apply.go +++ /dev/null @@ -1,236 +0,0 @@ -// Package antigravity implements thinking configuration for Antigravity API format. -// -// Antigravity uses request.generationConfig.thinkingConfig.* path (same as gemini-cli) -// but requires additional normalization for Claude models: -// - Ensure thinking budget < max_tokens -// - Remove thinkingConfig if budget < minimum allowed -package antigravity - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Antigravity API format. -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Antigravity thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("antigravity", NewApplier()) -} - -// Apply applies thinking configuration to Antigravity request body. -// -// For Claude models, additional constraints are applied: -// - Ensure thinking budget < max_tokens -// - Remove thinkingConfig if budget < minimum allowed -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config, modelInfo) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - isClaude := strings.Contains(strings.ToLower(modelInfo.ID), "claude") - - // ModeAuto: Always use Budget format with thinkingBudget=-1 - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - if config.Mode == thinking.ModeBudget { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - - // For non-auto modes, choose format based on model capabilities - support := modelInfo.Thinking - if len(support.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config, modelInfo, isClaude) -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - isClaude := false - if modelInfo != nil { - isClaude = strings.Contains(strings.ToLower(modelInfo.ID), "claude") - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config, modelInfo, isClaude) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo, isClaude bool) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // Apply Claude-specific constraints first to get the final budget value - if isClaude && modelInfo != nil { - budget, result = a.normalizeClaudeBudget(budget, result, modelInfo) - // Check if budget was removed entirely - if budget == -2 { - return result, nil - } - } - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -// normalizeClaudeBudget applies Claude-specific constraints to thinking budget. -// -// It handles: -// - Ensuring thinking budget < max_tokens -// - Removing thinkingConfig if budget < minimum allowed -// -// Returns the normalized budget and updated payload. -// Returns budget=-2 as a sentinel indicating thinkingConfig was removed entirely. -func (a *Applier) normalizeClaudeBudget(budget int, payload []byte, modelInfo *registry.ModelInfo) (int, []byte) { - if modelInfo == nil { - return budget, payload - } - - // Get effective max tokens - effectiveMax, setDefaultMax := a.effectiveMaxTokens(payload, modelInfo) - if effectiveMax > 0 && budget >= effectiveMax { - budget = effectiveMax - 1 - } - - // Check minimum budget - minBudget := 0 - if modelInfo.Thinking != nil { - minBudget = modelInfo.Thinking.Min - } - if minBudget > 0 && budget >= 0 && budget < minBudget { - // Budget is below minimum, remove thinking config entirely - payload, _ = sjson.DeleteBytes(payload, "request.generationConfig.thinkingConfig") - return -2, payload - } - - // Set default max tokens if needed - if setDefaultMax && effectiveMax > 0 { - payload, _ = sjson.SetBytes(payload, "request.generationConfig.maxOutputTokens", effectiveMax) - } - - return budget, payload -} - -// effectiveMaxTokens returns the max tokens to cap thinking: -// prefer request-provided maxOutputTokens; otherwise fall back to model default. -// The boolean indicates whether the value came from the model default (and thus should be written back). -func (a *Applier) effectiveMaxTokens(payload []byte, modelInfo *registry.ModelInfo) (max int, fromModel bool) { - if maxTok := gjson.GetBytes(payload, "request.generationConfig.maxOutputTokens"); maxTok.Exists() && maxTok.Int() > 0 { - return int(maxTok.Int()), false - } - if modelInfo != nil && modelInfo.MaxCompletionTokens > 0 { - return modelInfo.MaxCompletionTokens, true - } - return 0, false -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/claude/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/claude/apply.go deleted file mode 100644 index 3c74d5146d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/claude/apply.go +++ /dev/null @@ -1,166 +0,0 @@ -// Package claude implements thinking configuration scaffolding for Claude models. -// -// Claude models use the thinking.budget_tokens format with values in the range -// 1024-128000. Some Claude models support ZeroAllowed (sonnet-4-5, opus-4-5), -// while older models do not. -// See: _bmad-output/planning-artifacts/architecture.md#Epic-6 -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Claude models. -// This applier is stateless and holds no configuration. -type Applier struct{} - -// NewApplier creates a new Claude thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("claude", NewApplier()) -} - -// Apply applies thinking configuration to Claude request body. -// -// IMPORTANT: This method expects config to be pre-validated by thinking.ValidateConfig. -// ValidateConfig handles: -// - Mode conversion (Level→Budget, Auto→Budget) -// - Budget clamping to model range -// - ZeroAllowed constraint enforcement -// -// Apply only processes ModeBudget and ModeNone; other modes are passed through unchanged. -// -// Expected output format when enabled: -// -// { -// "thinking": { -// "type": "enabled", -// "budget_tokens": 16384 -// } -// } -// -// Expected output format when disabled: -// -// { -// "thinking": { -// "type": "disabled" -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleClaude(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only process ModeBudget and ModeNone; other modes pass through - // (caller should use ValidateConfig first to normalize modes) - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // Budget is expected to be pre-validated by ValidateConfig (clamped, ZeroAllowed enforced) - // Decide enabled/disabled based on budget value - if config.Budget == 0 { - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - } - - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.SetBytes(result, "thinking.budget_tokens", config.Budget) - - // Ensure max_tokens > thinking.budget_tokens (Anthropic API constraint) - result = a.normalizeClaudeBudget(result, config.Budget, modelInfo) - return result, nil -} - -// normalizeClaudeBudget applies Claude-specific constraints to ensure max_tokens > budget_tokens. -// Anthropic API requires this constraint; violating it returns a 400 error. -func (a *Applier) normalizeClaudeBudget(body []byte, budgetTokens int, modelInfo *registry.ModelInfo) []byte { - if budgetTokens <= 0 { - return body - } - - // Ensure the request satisfies Claude constraints: - // 1) Determine effective max_tokens (request overrides model default) - // 2) If budget_tokens >= max_tokens, reduce budget_tokens to max_tokens-1 - // 3) If the adjusted budget falls below the model minimum, leave the request unchanged - // 4) If max_tokens came from model default, write it back into the request - - effectiveMax, setDefaultMax := a.effectiveMaxTokens(body, modelInfo) - if setDefaultMax && effectiveMax > 0 { - body, _ = sjson.SetBytes(body, "max_tokens", effectiveMax) - } - - // Compute the budget we would apply after enforcing budget_tokens < max_tokens. - adjustedBudget := budgetTokens - if effectiveMax > 0 && adjustedBudget >= effectiveMax { - adjustedBudget = effectiveMax - 1 - } - - minBudget := 0 - if modelInfo != nil && modelInfo.Thinking != nil { - minBudget = modelInfo.Thinking.Min - } - if minBudget > 0 && adjustedBudget > 0 && adjustedBudget < minBudget { - // If enforcing the max_tokens constraint would push the budget below the model minimum, - // leave the request unchanged. - return body - } - - if adjustedBudget != budgetTokens { - body, _ = sjson.SetBytes(body, "thinking.budget_tokens", adjustedBudget) - } - - return body -} - -// effectiveMaxTokens returns the max tokens to cap thinking: -// prefer request-provided max_tokens; otherwise fall back to model default. -// The boolean indicates whether the value came from the model default (and thus should be written back). -func (a *Applier) effectiveMaxTokens(body []byte, modelInfo *registry.ModelInfo) (max int, fromModel bool) { - if maxTok := gjson.GetBytes(body, "max_tokens"); maxTok.Exists() && maxTok.Int() > 0 { - return int(maxTok.Int()), false - } - if modelInfo != nil && modelInfo.MaxCompletionTokens > 0 { - return modelInfo.MaxCompletionTokens, true - } - return 0, false -} - -func applyCompatibleClaude(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - switch config.Mode { - case thinking.ModeNone: - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - case thinking.ModeAuto: - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - default: - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.SetBytes(result, "thinking.budget_tokens", config.Budget) - return result, nil - } -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/codex/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/codex/apply.go deleted file mode 100644 index 3bed318b09..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/codex/apply.go +++ /dev/null @@ -1,131 +0,0 @@ -// Package codex implements thinking configuration for Codex (OpenAI Responses API) models. -// -// Codex models use the reasoning.effort format with discrete levels -// (low/medium/high). This is similar to OpenAI but uses nested field -// "reasoning.effort" instead of "reasoning_effort". -// See: _bmad-output/planning-artifacts/architecture.md#Epic-8 -package codex - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Codex models. -// -// Codex-specific behavior: -// - Output format: reasoning.effort (string: low/medium/high/xhigh) -// - Level-only mode: no numeric budget support -// - Some models support ZeroAllowed (gpt-5.1, gpt-5.2) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Codex thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("codex", NewApplier()) -} - -// Apply applies thinking configuration to Codex request body. -// -// Expected output format: -// -// { -// "reasoning": { -// "effort": "high" -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleCodex(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only handle ModeLevel and ModeNone; other modes pass through unchanged. - if config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeLevel { - result, _ := sjson.SetBytes(body, "reasoning.effort", string(config.Level)) - return result, nil - } - - effort := "" - support := modelInfo.Thinking - if config.Budget == 0 { - if support.ZeroAllowed || hasLevel(support.Levels, string(thinking.LevelNone)) { - effort = string(thinking.LevelNone) - } - } - if effort == "" && config.Level != "" { - effort = string(config.Level) - } - if effort == "" && len(support.Levels) > 0 { - effort = support.Levels[0] - } - if effort == "" { - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning.effort", effort) - return result, nil -} - -func applyCompatibleCodex(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - // Auto mode for user-defined models: pass through as "auto" - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Budget mode: convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning.effort", effort) - return result, nil -} - -func hasLevel(levels []string, target string) bool { - for _, level := range levels { - if strings.EqualFold(strings.TrimSpace(level), target) { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/gemini/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/gemini/apply.go deleted file mode 100644 index 39bb4231d0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/gemini/apply.go +++ /dev/null @@ -1,200 +0,0 @@ -// Package gemini implements thinking configuration for Gemini models. -// -// Gemini models have two formats: -// - Gemini 2.5: Uses thinkingBudget (numeric) -// - Gemini 3.x: Uses thinkingLevel (string: minimal/low/medium/high) -// or thinkingBudget=-1 for auto/dynamic mode -// -// Output format is determined by ThinkingConfig.Mode and ThinkingSupport.Levels: -// - ModeAuto: Always uses thinkingBudget=-1 (both Gemini 2.5 and 3.x) -// - len(Levels) > 0: Uses thinkingLevel (Gemini 3.x discrete levels) -// - len(Levels) == 0: Uses thinkingBudget (Gemini 2.5) -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Gemini models. -// -// Gemini-specific behavior: -// - Gemini 2.5: thinkingBudget format, flash series supports ZeroAllowed -// - Gemini 3.x: thinkingLevel format, cannot be disabled -// - Use ThinkingSupport.Levels to decide output format -type Applier struct{} - -// NewApplier creates a new Gemini thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("gemini", NewApplier()) -} - -// Apply applies thinking configuration to Gemini request body. -// -// Expected output format (Gemini 2.5): -// -// { -// "generationConfig": { -// "thinkingConfig": { -// "thinkingBudget": 8192, -// "includeThoughts": true -// } -// } -// } -// -// Expected output format (Gemini 3.x): -// -// { -// "generationConfig": { -// "thinkingConfig": { -// "thinkingLevel": "high", -// "includeThoughts": true -// } -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // Choose format based on config.Mode and model capabilities: - // - ModeLevel: use Level format (validation will reject unsupported levels) - // - ModeNone: use Level format if model has Levels, else Budget format - // - ModeBudget/ModeAuto: use Budget format - switch config.Mode { - case thinking.ModeLevel: - return a.applyLevelFormat(body, config) - case thinking.ModeNone: - // ModeNone: route based on model capability (has Levels or not) - if len(modelInfo.Thinking.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config) - default: - return a.applyBudgetFormat(body, config) - } -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // ModeNone semantics: - // - ModeNone + Budget=0: completely disable thinking (not possible for Level-only models) - // - ModeNone + Budget>0: forced to think but hide output (includeThoughts=false) - // ValidateConfig sets config.Level to the lowest level when ModeNone + Budget > 0. - - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/geminicli/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/geminicli/apply.go deleted file mode 100644 index 5908b6bce5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/geminicli/apply.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package geminicli implements thinking configuration for Gemini CLI API format. -// -// Gemini CLI uses request.generationConfig.thinkingConfig.* path instead of -// generationConfig.thinkingConfig.* used by standard Gemini API. -package geminicli - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Gemini CLI API format. -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Gemini CLI thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("gemini-cli", NewApplier()) -} - -// Apply applies thinking configuration to Gemini CLI request body. -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // ModeAuto: Always use Budget format with thinkingBudget=-1 - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - if config.Mode == thinking.ModeBudget { - return a.applyBudgetFormat(body, config) - } - - // For non-auto modes, choose format based on model capabilities - support := modelInfo.Thinking - if len(support.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/iflow/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/iflow/apply.go deleted file mode 100644 index 35d13f59a0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/iflow/apply.go +++ /dev/null @@ -1,173 +0,0 @@ -// Package iflow implements thinking configuration for iFlow models. -// -// iFlow models use boolean toggle semantics: -// - Models using chat_template_kwargs.enable_thinking (boolean toggle) -// - MiniMax models: reasoning_split (boolean) -// -// Level values are converted to boolean: none=false, all others=true -// See: _bmad-output/planning-artifacts/architecture.md#Epic-9 -package iflow - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for iFlow models. -// -// iFlow-specific behavior: -// - enable_thinking toggle models: enable_thinking boolean -// - GLM models: enable_thinking boolean + clear_thinking=false -// - MiniMax models: reasoning_split boolean -// - Level to boolean: none=false, others=true -// - No quantized support (only on/off) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new iFlow thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("iflow", NewApplier()) -} - -// Apply applies thinking configuration to iFlow request body. -// -// Expected output format (GLM): -// -// { -// "chat_template_kwargs": { -// "enable_thinking": true, -// "clear_thinking": false -// } -// } -// -// Expected output format (MiniMax): -// -// { -// "reasoning_split": true -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return body, nil - } - if modelInfo.Thinking == nil { - return body, nil - } - - if isEnableThinkingModel(modelInfo.ID) { - return applyEnableThinking(body, config, isGLMModel(modelInfo.ID)), nil - } - - if isMiniMaxModel(modelInfo.ID) { - return applyMiniMax(body, config), nil - } - - return body, nil -} - -// configToBoolean converts ThinkingConfig to boolean for iFlow models. -// -// Conversion rules: -// - ModeNone: false -// - ModeAuto: true -// - ModeBudget + Budget=0: false -// - ModeBudget + Budget>0: true -// - ModeLevel + Level="none": false -// - ModeLevel + any other level: true -// - Default (unknown mode): true -func configToBoolean(config thinking.ThinkingConfig) bool { - switch config.Mode { - case thinking.ModeNone: - return false - case thinking.ModeAuto: - return true - case thinking.ModeBudget: - return config.Budget > 0 - case thinking.ModeLevel: - return config.Level != thinking.LevelNone - default: - return true - } -} - -// applyEnableThinking applies thinking configuration for models that use -// chat_template_kwargs.enable_thinking format. -// -// Output format when enabled: -// -// {"chat_template_kwargs": {"enable_thinking": true, "clear_thinking": false}} -// -// Output format when disabled: -// -// {"chat_template_kwargs": {"enable_thinking": false}} -// -// Note: clear_thinking is only set for GLM models when thinking is enabled. -func applyEnableThinking(body []byte, config thinking.ThinkingConfig, setClearThinking bool) []byte { - enableThinking := configToBoolean(config) - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - result, _ := sjson.SetBytes(body, "chat_template_kwargs.enable_thinking", enableThinking) - - // clear_thinking is a GLM-only knob, strip it for other models. - result, _ = sjson.DeleteBytes(result, "chat_template_kwargs.clear_thinking") - - // clear_thinking only needed when thinking is enabled - if enableThinking && setClearThinking { - result, _ = sjson.SetBytes(result, "chat_template_kwargs.clear_thinking", false) - } - - return result -} - -// applyMiniMax applies thinking configuration for MiniMax models. -// -// Output format: -// -// {"reasoning_split": true/false} -func applyMiniMax(body []byte, config thinking.ThinkingConfig) []byte { - reasoningSplit := configToBoolean(config) - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - result, _ := sjson.SetBytes(body, "reasoning_split", reasoningSplit) - - return result -} - -// isEnableThinkingModel determines if the model uses chat_template_kwargs.enable_thinking format. -func isEnableThinkingModel(modelID string) bool { - if isGLMModel(modelID) { - return true - } - id := strings.ToLower(modelID) - switch id { - case "qwen3-max-preview", "deepseek-v3.2", "deepseek-v3.1": - return true - default: - return false - } -} - -// isGLMModel determines if the model is a GLM series model. -func isGLMModel(modelID string) bool { - return strings.HasPrefix(strings.ToLower(modelID), "glm") -} - -// isMiniMaxModel determines if the model is a MiniMax series model. -// MiniMax models use reasoning_split format. -func isMiniMaxModel(modelID string) bool { - return strings.HasPrefix(strings.ToLower(modelID), "minimax") -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/kimi/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/kimi/apply.go deleted file mode 100644 index 4e68eaa2f2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/kimi/apply.go +++ /dev/null @@ -1,126 +0,0 @@ -// Package kimi implements thinking configuration for Kimi (Moonshot AI) models. -// -// Kimi models use the OpenAI-compatible reasoning_effort format with discrete levels -// (low/medium/high). The provider strips any existing thinking config and applies -// the unified ThinkingConfig in OpenAI format. -package kimi - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Kimi models. -// -// Kimi-specific behavior: -// - Output format: reasoning_effort (string: low/medium/high) -// - Uses OpenAI-compatible format -// - Supports budget-to-level conversion -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Kimi thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("kimi", NewApplier()) -} - -// Apply applies thinking configuration to Kimi request body. -// -// Expected output format: -// -// { -// "reasoning_effort": "high" -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleKimi(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - // Kimi uses "none" to disable thinking - effort = string(thinking.LevelNone) - case thinking.ModeBudget: - // Convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - case thinking.ModeAuto: - // Auto mode maps to "auto" effort - effort = string(thinking.LevelAuto) - default: - return body, nil - } - - if effort == "" { - return body, nil - } - - result, err := sjson.SetBytes(body, "reasoning_effort", effort) - if err != nil { - return body, fmt.Errorf("kimi thinking: failed to set reasoning_effort: %w", err) - } - return result, nil -} - -// applyCompatibleKimi applies thinking config for user-defined Kimi models. -func applyCompatibleKimi(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Convert budget to level - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, err := sjson.SetBytes(body, "reasoning_effort", effort) - if err != nil { - return body, fmt.Errorf("kimi thinking: failed to set reasoning_effort: %w", err) - } - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/provider/openai/apply.go b/.worktrees/config/m/config-build/active/internal/thinking/provider/openai/apply.go deleted file mode 100644 index e8a2562f11..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/provider/openai/apply.go +++ /dev/null @@ -1,171 +0,0 @@ -// Package openai implements thinking configuration for OpenAI/Codex models. -// -// OpenAI models use the reasoning_effort format with discrete levels -// (low/medium/high). Some models support xhigh and none levels. -// See: _bmad-output/planning-artifacts/architecture.md#Epic-8 -package openai - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// validReasoningEffortLevels contains the standard values accepted by the -// OpenAI reasoning_effort field. Provider-specific extensions (xhigh, minimal, -// auto) are NOT in this set and must be clamped before use. -var validReasoningEffortLevels = map[string]struct{}{ - "none": {}, - "low": {}, - "medium": {}, - "high": {}, -} - -// clampReasoningEffort maps any thinking level string to a value that is safe -// to send as OpenAI reasoning_effort. Non-standard CPA-internal values are -// mapped to the nearest standard equivalent. -// -// Mapping rules: -// - none / low / medium / high → returned as-is (already valid) -// - xhigh → "high" (nearest lower standard level) -// - minimal → "low" (nearest higher standard level) -// - auto → "medium" (reasonable default) -// - anything else → "medium" (safe default) -func clampReasoningEffort(level string) string { - if _, ok := validReasoningEffortLevels[level]; ok { - return level - } - var clamped string - switch level { - case string(thinking.LevelXHigh): - clamped = string(thinking.LevelHigh) - case string(thinking.LevelMinimal): - clamped = string(thinking.LevelLow) - case string(thinking.LevelAuto): - clamped = string(thinking.LevelMedium) - default: - clamped = string(thinking.LevelMedium) - } - log.WithFields(log.Fields{ - "original": level, - "clamped": clamped, - }).Debug("openai: reasoning_effort clamped to nearest valid standard value") - return clamped -} - -// Applier implements thinking.ProviderApplier for OpenAI models. -// -// OpenAI-specific behavior: -// - Output format: reasoning_effort (string: low/medium/high/xhigh) -// - Level-only mode: no numeric budget support -// - Some models support ZeroAllowed (gpt-5.1, gpt-5.2) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new OpenAI thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("openai", NewApplier()) -} - -// Apply applies thinking configuration to OpenAI request body. -// -// Expected output format: -// -// { -// "reasoning_effort": "high" -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleOpenAI(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only handle ModeLevel and ModeNone; other modes pass through unchanged. - if config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeLevel { - result, _ := sjson.SetBytes(body, "reasoning_effort", clampReasoningEffort(string(config.Level))) - return result, nil - } - - effort := "" - support := modelInfo.Thinking - if config.Budget == 0 { - if support.ZeroAllowed || hasLevel(support.Levels, string(thinking.LevelNone)) { - effort = string(thinking.LevelNone) - } - } - if effort == "" && config.Level != "" { - effort = string(config.Level) - } - if effort == "" && len(support.Levels) > 0 { - effort = support.Levels[0] - } - if effort == "" { - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning_effort", clampReasoningEffort(effort)) - return result, nil -} - -func applyCompatibleOpenAI(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - // Auto mode for user-defined models: pass through as "auto" - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Budget mode: convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning_effort", clampReasoningEffort(effort)) - return result, nil -} - -func hasLevel(levels []string, target string) bool { - for _, level := range levels { - if strings.EqualFold(strings.TrimSpace(level), target) { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/strip.go b/.worktrees/config/m/config-build/active/internal/thinking/strip.go deleted file mode 100644 index eb69171504..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/strip.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -package thinking - -import ( - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// StripThinkingConfig removes thinking configuration fields from request body. -// -// This function is used when a model doesn't support thinking but the request -// contains thinking configuration. The configuration is silently removed to -// prevent upstream API errors. -// -// Parameters: -// - body: Original request body JSON -// - provider: Provider name (determines which fields to strip) -// -// Returns: -// - Modified request body JSON with thinking configuration removed -// - Original body is returned unchanged if: -// - body is empty or invalid JSON -// - provider is unknown -// - no thinking configuration found -func StripThinkingConfig(body []byte, provider string) []byte { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body - } - - var paths []string - switch provider { - case "claude": - paths = []string{"thinking"} - case "gemini": - paths = []string{"generationConfig.thinkingConfig"} - case "gemini-cli", "antigravity": - paths = []string{"request.generationConfig.thinkingConfig"} - case "openai": - paths = []string{"reasoning_effort"} - case "codex": - paths = []string{"reasoning.effort"} - case "iflow": - paths = []string{ - "chat_template_kwargs.enable_thinking", - "chat_template_kwargs.clear_thinking", - "reasoning_split", - "reasoning_effort", - } - default: - return body - } - - result := body - for _, path := range paths { - result, _ = sjson.DeleteBytes(result, path) - } - return result -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/suffix.go b/.worktrees/config/m/config-build/active/internal/thinking/suffix.go deleted file mode 100644 index 275c085687..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/suffix.go +++ /dev/null @@ -1,146 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -// -// This file implements suffix parsing functionality for extracting -// thinking configuration from model names in the format model(value). -package thinking - -import ( - "strconv" - "strings" -) - -// ParseSuffix extracts thinking suffix from a model name. -// -// The suffix format is: model-name(value) -// Examples: -// - "claude-sonnet-4-5(16384)" -> ModelName="claude-sonnet-4-5", RawSuffix="16384" -// - "gpt-5.2(high)" -> ModelName="gpt-5.2", RawSuffix="high" -// - "gemini-2.5-pro" -> ModelName="gemini-2.5-pro", HasSuffix=false -// -// This function only extracts the suffix; it does not validate or interpret -// the suffix content. Use ParseNumericSuffix, ParseLevelSuffix, etc. for -// content interpretation. -func ParseSuffix(model string) SuffixResult { - // Find the last opening parenthesis - lastOpen := strings.LastIndex(model, "(") - if lastOpen == -1 { - return SuffixResult{ModelName: model, HasSuffix: false} - } - - // Check if the string ends with a closing parenthesis - if !strings.HasSuffix(model, ")") { - return SuffixResult{ModelName: model, HasSuffix: false} - } - - // Extract components - modelName := model[:lastOpen] - rawSuffix := model[lastOpen+1 : len(model)-1] - - return SuffixResult{ - ModelName: modelName, - HasSuffix: true, - RawSuffix: rawSuffix, - } -} - -// ParseNumericSuffix attempts to parse a raw suffix as a numeric budget value. -// -// This function parses the raw suffix content (from ParseSuffix.RawSuffix) as an integer. -// Only non-negative integers are considered valid numeric suffixes. -// -// Platform note: The budget value uses Go's int type, which is 32-bit on 32-bit -// systems and 64-bit on 64-bit systems. Values exceeding the platform's int range -// will return ok=false. -// -// Leading zeros are accepted: "08192" parses as 8192. -// -// Examples: -// - "8192" -> budget=8192, ok=true -// - "0" -> budget=0, ok=true (represents ModeNone) -// - "08192" -> budget=8192, ok=true (leading zeros accepted) -// - "-1" -> budget=0, ok=false (negative numbers are not valid numeric suffixes) -// - "high" -> budget=0, ok=false (not a number) -// - "9223372036854775808" -> budget=0, ok=false (overflow on 64-bit systems) -// -// For special handling of -1 as auto mode, use ParseSpecialSuffix instead. -func ParseNumericSuffix(rawSuffix string) (budget int, ok bool) { - if rawSuffix == "" { - return 0, false - } - - value, err := strconv.Atoi(rawSuffix) - if err != nil { - return 0, false - } - - // Negative numbers are not valid numeric suffixes - // -1 should be handled by special value parsing as "auto" - if value < 0 { - return 0, false - } - - return value, true -} - -// ParseSpecialSuffix attempts to parse a raw suffix as a special thinking mode value. -// -// This function handles special strings that represent a change in thinking mode: -// - "none" -> ModeNone (disables thinking) -// - "auto" -> ModeAuto (automatic/dynamic thinking) -// - "-1" -> ModeAuto (numeric representation of auto mode) -// -// String values are case-insensitive. -func ParseSpecialSuffix(rawSuffix string) (mode ThinkingMode, ok bool) { - if rawSuffix == "" { - return ModeBudget, false - } - - // Case-insensitive matching - switch strings.ToLower(rawSuffix) { - case "none": - return ModeNone, true - case "auto", "-1": - return ModeAuto, true - default: - return ModeBudget, false - } -} - -// ParseLevelSuffix attempts to parse a raw suffix as a discrete thinking level. -// -// This function parses the raw suffix content (from ParseSuffix.RawSuffix) as a level. -// Only discrete effort levels are valid: minimal, low, medium, high, xhigh. -// Level matching is case-insensitive. -// -// Special values (none, auto) are NOT handled by this function; use ParseSpecialSuffix -// instead. This separation allows callers to prioritize special value handling. -// -// Examples: -// - "high" -> level=LevelHigh, ok=true -// - "HIGH" -> level=LevelHigh, ok=true (case insensitive) -// - "medium" -> level=LevelMedium, ok=true -// - "none" -> level="", ok=false (special value, use ParseSpecialSuffix) -// - "auto" -> level="", ok=false (special value, use ParseSpecialSuffix) -// - "8192" -> level="", ok=false (numeric, use ParseNumericSuffix) -// - "ultra" -> level="", ok=false (unknown level) -func ParseLevelSuffix(rawSuffix string) (level ThinkingLevel, ok bool) { - if rawSuffix == "" { - return "", false - } - - // Case-insensitive matching - switch strings.ToLower(rawSuffix) { - case "minimal": - return LevelMinimal, true - case "low": - return LevelLow, true - case "medium": - return LevelMedium, true - case "high": - return LevelHigh, true - case "xhigh": - return LevelXHigh, true - default: - return "", false - } -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/text.go b/.worktrees/config/m/config-build/active/internal/thinking/text.go deleted file mode 100644 index eed1ba2879..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/text.go +++ /dev/null @@ -1,41 +0,0 @@ -package thinking - -import ( - "github.com/tidwall/gjson" -) - -// GetThinkingText extracts the thinking text from a content part. -// Handles various formats: -// - Simple string: { "thinking": "text" } or { "text": "text" } -// - Wrapped object: { "thinking": { "text": "text", "cache_control": {...} } } -// - Gemini-style: { "thought": true, "text": "text" } -// Returns the extracted text string. -func GetThinkingText(part gjson.Result) string { - // Try direct text field first (Gemini-style) - if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - return text.String() - } - - // Try thinking field - thinkingField := part.Get("thinking") - if !thinkingField.Exists() { - return "" - } - - // thinking is a string - if thinkingField.Type == gjson.String { - return thinkingField.String() - } - - // thinking is an object with inner text/thinking - if thinkingField.IsObject() { - if inner := thinkingField.Get("text"); inner.Exists() && inner.Type == gjson.String { - return inner.String() - } - if inner := thinkingField.Get("thinking"); inner.Exists() && inner.Type == gjson.String { - return inner.String() - } - } - - return "" -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/types.go b/.worktrees/config/m/config-build/active/internal/thinking/types.go deleted file mode 100644 index 6ae1e088fe..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/types.go +++ /dev/null @@ -1,116 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -// -// This package offers a unified interface for parsing, validating, and applying -// thinking configurations across various AI providers (Claude, Gemini, OpenAI, iFlow). -package thinking - -import "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - -// ThinkingMode represents the type of thinking configuration mode. -type ThinkingMode int - -const ( - // ModeBudget indicates using a numeric budget (corresponds to suffix "(1000)" etc.) - ModeBudget ThinkingMode = iota - // ModeLevel indicates using a discrete level (corresponds to suffix "(high)" etc.) - ModeLevel - // ModeNone indicates thinking is disabled (corresponds to suffix "(none)" or budget=0) - ModeNone - // ModeAuto indicates automatic/dynamic thinking (corresponds to suffix "(auto)" or budget=-1) - ModeAuto -) - -// String returns the string representation of ThinkingMode. -func (m ThinkingMode) String() string { - switch m { - case ModeBudget: - return "budget" - case ModeLevel: - return "level" - case ModeNone: - return "none" - case ModeAuto: - return "auto" - default: - return "unknown" - } -} - -// ThinkingLevel represents a discrete thinking level. -type ThinkingLevel string - -const ( - // LevelNone disables thinking - LevelNone ThinkingLevel = "none" - // LevelAuto enables automatic/dynamic thinking - LevelAuto ThinkingLevel = "auto" - // LevelMinimal sets minimal thinking effort - LevelMinimal ThinkingLevel = "minimal" - // LevelLow sets low thinking effort - LevelLow ThinkingLevel = "low" - // LevelMedium sets medium thinking effort - LevelMedium ThinkingLevel = "medium" - // LevelHigh sets high thinking effort - LevelHigh ThinkingLevel = "high" - // LevelXHigh sets extra-high thinking effort - LevelXHigh ThinkingLevel = "xhigh" -) - -// ThinkingConfig represents a unified thinking configuration. -// -// This struct is used to pass thinking configuration information between components. -// Depending on Mode, either Budget or Level field is effective: -// - ModeNone: Budget=0, Level is ignored -// - ModeAuto: Budget=-1, Level is ignored -// - ModeBudget: Budget is a positive integer, Level is ignored -// - ModeLevel: Budget is ignored, Level is a valid level -type ThinkingConfig struct { - // Mode specifies the configuration mode - Mode ThinkingMode - // Budget is the thinking budget (token count), only effective when Mode is ModeBudget. - // Special values: 0 means disabled, -1 means automatic - Budget int - // Level is the thinking level, only effective when Mode is ModeLevel - Level ThinkingLevel -} - -// SuffixResult represents the result of parsing a model name for thinking suffix. -// -// A thinking suffix is specified in the format model-name(value), where value -// can be a numeric budget (e.g., "16384") or a level name (e.g., "high"). -type SuffixResult struct { - // ModelName is the model name with the suffix removed. - // If no suffix was found, this equals the original input. - ModelName string - - // HasSuffix indicates whether a valid suffix was found. - HasSuffix bool - - // RawSuffix is the content inside the parentheses, without the parentheses. - // Empty string if HasSuffix is false. - RawSuffix string -} - -// ProviderApplier defines the interface for provider-specific thinking configuration application. -// -// Types implementing this interface are responsible for converting a unified ThinkingConfig -// into provider-specific format and applying it to the request body. -// -// Implementation requirements: -// - Apply method must be idempotent -// - Must not modify the input config or modelInfo -// - Returns a modified copy of the request body -// - Returns appropriate ThinkingError for unsupported configurations -type ProviderApplier interface { - // Apply applies the thinking configuration to the request body. - // - // Parameters: - // - body: Original request body JSON - // - config: Unified thinking configuration - // - modelInfo: Model registry information containing ThinkingSupport properties - // - // Returns: - // - Modified request body JSON - // - ThinkingError if the configuration is invalid or unsupported - Apply(body []byte, config ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) -} diff --git a/.worktrees/config/m/config-build/active/internal/thinking/validate.go b/.worktrees/config/m/config-build/active/internal/thinking/validate.go deleted file mode 100644 index f082ad565d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/thinking/validate.go +++ /dev/null @@ -1,378 +0,0 @@ -// Package thinking provides unified thinking configuration processing logic. -package thinking - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - log "github.com/sirupsen/logrus" -) - -// ValidateConfig validates a thinking configuration against model capabilities. -// -// This function performs comprehensive validation: -// - Checks if the model supports thinking -// - Auto-converts between Budget and Level formats based on model capability -// - Validates that requested level is in the model's supported levels list -// - Clamps budget values to model's allowed range -// - When converting Budget -> Level for level-only models, clamps the derived standard level to the nearest supported level -// (special values none/auto are preserved) -// - When config comes from a model suffix, strict budget validation is disabled (we clamp instead of error) -// -// Parameters: -// - config: The thinking configuration to validate -// - support: Model's ThinkingSupport properties (nil means no thinking support) -// - fromFormat: Source provider format (used to determine strict validation rules) -// - toFormat: Target provider format -// - fromSuffix: Whether config was sourced from model suffix -// -// Returns: -// - Normalized ThinkingConfig with clamped values -// - ThinkingError if validation fails (ErrThinkingNotSupported, ErrLevelNotSupported, etc.) -// -// Auto-conversion behavior: -// - Budget-only model + Level config → Level converted to Budget -// - Level-only model + Budget config → Budget converted to Level -// - Hybrid model → preserve original format -func ValidateConfig(config ThinkingConfig, modelInfo *registry.ModelInfo, fromFormat, toFormat string, fromSuffix bool) (*ThinkingConfig, error) { - fromFormat, toFormat = strings.ToLower(strings.TrimSpace(fromFormat)), strings.ToLower(strings.TrimSpace(toFormat)) - model := "unknown" - support := (*registry.ThinkingSupport)(nil) - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - support = modelInfo.Thinking - } - - if support == nil { - if config.Mode != ModeNone { - return nil, NewThinkingErrorWithModel(ErrThinkingNotSupported, "thinking not supported for this model", model) - } - return &config, nil - } - - allowClampUnsupported := isBudgetBasedProvider(fromFormat) && isLevelBasedProvider(toFormat) - strictBudget := !fromSuffix && fromFormat != "" && isSameProviderFamily(fromFormat, toFormat) - budgetDerivedFromLevel := false - - capability := detectModelCapability(modelInfo) - switch capability { - case CapabilityBudgetOnly: - if config.Mode == ModeLevel { - if config.Level == LevelAuto { - break - } - budget, ok := ConvertLevelToBudget(string(config.Level)) - if !ok { - return nil, NewThinkingError(ErrUnknownLevel, fmt.Sprintf("unknown level: %s", config.Level)) - } - config.Mode = ModeBudget - config.Budget = budget - config.Level = "" - budgetDerivedFromLevel = true - } - case CapabilityLevelOnly: - if config.Mode == ModeBudget { - level, ok := ConvertBudgetToLevel(config.Budget) - if !ok { - return nil, NewThinkingError(ErrUnknownLevel, fmt.Sprintf("budget %d cannot be converted to a valid level", config.Budget)) - } - // When converting Budget -> Level for level-only models, clamp the derived standard level - // to the nearest supported level. Special values (none/auto) are preserved. - config.Mode = ModeLevel - config.Level = clampLevel(ThinkingLevel(level), modelInfo, toFormat) - config.Budget = 0 - } - case CapabilityHybrid: - } - - if config.Mode == ModeLevel && config.Level == LevelNone { - config.Mode = ModeNone - config.Budget = 0 - config.Level = "" - } - if config.Mode == ModeLevel && config.Level == LevelAuto { - config.Mode = ModeAuto - config.Budget = -1 - config.Level = "" - } - if config.Mode == ModeBudget && config.Budget == 0 { - config.Mode = ModeNone - config.Level = "" - } - - if len(support.Levels) > 0 && config.Mode == ModeLevel { - if !isLevelSupported(string(config.Level), support.Levels) { - if allowClampUnsupported { - config.Level = clampLevel(config.Level, modelInfo, toFormat) - } - if !isLevelSupported(string(config.Level), support.Levels) { - // User explicitly specified an unsupported level - return error - // (budget-derived levels may be clamped based on source format) - validLevels := normalizeLevels(support.Levels) - message := fmt.Sprintf("level %q not supported, valid levels: %s", strings.ToLower(string(config.Level)), strings.Join(validLevels, ", ")) - return nil, NewThinkingError(ErrLevelNotSupported, message) - } - } - } - - if strictBudget && config.Mode == ModeBudget && !budgetDerivedFromLevel { - min, max := support.Min, support.Max - if min != 0 || max != 0 { - if config.Budget < min || config.Budget > max || (config.Budget == 0 && !support.ZeroAllowed) { - message := fmt.Sprintf("budget %d out of range [%d,%d]", config.Budget, min, max) - return nil, NewThinkingError(ErrBudgetOutOfRange, message) - } - } - } - - // Convert ModeAuto to mid-range if dynamic not allowed - if config.Mode == ModeAuto && !support.DynamicAllowed { - config = convertAutoToMidRange(config, support, toFormat, model) - } - - if config.Mode == ModeNone && toFormat == "claude" { - // Claude supports explicit disable via thinking.type="disabled". - // Keep Budget=0 so applier can omit budget_tokens. - config.Budget = 0 - config.Level = "" - } else { - switch config.Mode { - case ModeBudget, ModeAuto, ModeNone: - config.Budget = clampBudget(config.Budget, modelInfo, toFormat) - } - - // ModeNone with clamped Budget > 0: set Level to lowest for Level-only/Hybrid models - // This ensures Apply layer doesn't need to access support.Levels - if config.Mode == ModeNone && config.Budget > 0 && len(support.Levels) > 0 { - config.Level = ThinkingLevel(support.Levels[0]) - } - } - - return &config, nil -} - -// convertAutoToMidRange converts ModeAuto to a mid-range value when dynamic is not allowed. -// -// This function handles the case where a model does not support dynamic/auto thinking. -// The auto mode is silently converted to a fixed value based on model capability: -// - Level-only models: convert to ModeLevel with LevelMedium -// - Budget models: convert to ModeBudget with mid = (Min + Max) / 2 -// -// Logging: -// - Debug level when conversion occurs -// - Fields: original_mode, clamped_to, reason -func convertAutoToMidRange(config ThinkingConfig, support *registry.ThinkingSupport, provider, model string) ThinkingConfig { - // For level-only models (has Levels but no Min/Max range), use ModeLevel with medium - if len(support.Levels) > 0 && support.Min == 0 && support.Max == 0 { - config.Mode = ModeLevel - config.Level = LevelMedium - config.Budget = 0 - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_mode": "auto", - "clamped_to": string(LevelMedium), - }).Debug("thinking: mode converted, dynamic not allowed, using medium level |") - return config - } - - // For budget models, use mid-range budget - mid := (support.Min + support.Max) / 2 - if mid <= 0 && support.ZeroAllowed { - config.Mode = ModeNone - config.Budget = 0 - } else if mid <= 0 { - config.Mode = ModeBudget - config.Budget = support.Min - } else { - config.Mode = ModeBudget - config.Budget = mid - } - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_mode": "auto", - "clamped_to": config.Budget, - }).Debug("thinking: mode converted, dynamic not allowed |") - return config -} - -// standardLevelOrder defines the canonical ordering of thinking levels from lowest to highest. -var standardLevelOrder = []ThinkingLevel{LevelMinimal, LevelLow, LevelMedium, LevelHigh, LevelXHigh} - -// clampLevel clamps the given level to the nearest supported level. -// On tie, prefers the lower level. -func clampLevel(level ThinkingLevel, modelInfo *registry.ModelInfo, provider string) ThinkingLevel { - model := "unknown" - var supported []string - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - if modelInfo.Thinking != nil { - supported = modelInfo.Thinking.Levels - } - } - - if len(supported) == 0 || isLevelSupported(string(level), supported) { - return level - } - - pos := levelIndex(string(level)) - if pos == -1 { - return level - } - bestIdx, bestDist := -1, len(standardLevelOrder)+1 - - for _, s := range supported { - if idx := levelIndex(strings.TrimSpace(s)); idx != -1 { - if dist := abs(pos - idx); dist < bestDist || (dist == bestDist && idx < bestIdx) { - bestIdx, bestDist = idx, dist - } - } - } - - if bestIdx >= 0 { - clamped := standardLevelOrder[bestIdx] - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_value": string(level), - "clamped_to": string(clamped), - }).Debug("thinking: level clamped |") - return clamped - } - return level -} - -// clampBudget clamps a budget value to the model's supported range. -func clampBudget(value int, modelInfo *registry.ModelInfo, provider string) int { - model := "unknown" - support := (*registry.ThinkingSupport)(nil) - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - support = modelInfo.Thinking - } - if support == nil { - return value - } - - // Auto value (-1) passes through without clamping. - if value == -1 { - return value - } - - min, max := support.Min, support.Max - if value == 0 && !support.ZeroAllowed { - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_value": value, - "clamped_to": min, - "min": min, - "max": max, - }).Warn("thinking: budget zero not allowed |") - return min - } - - // Some models are level-only and do not define numeric budget ranges. - if min == 0 && max == 0 { - return value - } - - if value < min { - if value == 0 && support.ZeroAllowed { - return 0 - } - logClamp(provider, model, value, min, min, max) - return min - } - if value > max { - logClamp(provider, model, value, max, min, max) - return max - } - return value -} - -func isLevelSupported(level string, supported []string) bool { - for _, s := range supported { - if strings.EqualFold(level, strings.TrimSpace(s)) { - return true - } - } - return false -} - -func levelIndex(level string) int { - for i, l := range standardLevelOrder { - if strings.EqualFold(level, string(l)) { - return i - } - } - return -1 -} - -func normalizeLevels(levels []string) []string { - out := make([]string, len(levels)) - for i, l := range levels { - out[i] = strings.ToLower(strings.TrimSpace(l)) - } - return out -} - -func isBudgetBasedProvider(provider string) bool { - switch provider { - case "gemini", "gemini-cli", "antigravity", "claude": - return true - default: - return false - } -} - -func isLevelBasedProvider(provider string) bool { - switch provider { - case "openai", "openai-response", "codex": - return true - default: - return false - } -} - -func isGeminiFamily(provider string) bool { - switch provider { - case "gemini", "gemini-cli", "antigravity": - return true - default: - return false - } -} - -func isSameProviderFamily(from, to string) bool { - if from == to { - return true - } - return isGeminiFamily(from) && isGeminiFamily(to) -} - -func abs(x int) int { - if x < 0 { - return -x - } - return x -} - -func logClamp(provider, model string, original, clampedTo, min, max int) { - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_value": original, - "min": min, - "max": max, - "clamped_to": clampedTo, - }).Debug("thinking: budget clamped |") -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_request.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_request.go deleted file mode 100644 index 448aa9762f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_request.go +++ /dev/null @@ -1,416 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// This package handles the conversion of Claude Code API requests into Gemini CLI-compatible -// JSON format, transforming message contents, system instructions, and tool declarations -// into the format expected by Gemini CLI API clients. It performs JSON data transformation -// to ensure compatibility between Claude Code API format and Gemini CLI API's expected format. -package claude - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/cache" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToAntigravity parses and transforms a Claude Code API request into Gemini CLI API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini CLI API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini CLI API format -// 3. Converts system instructions to the expected format -// 4. Maps message contents with proper role transformations -// 5. Handles tool declarations and tool choices -// 6. Maps generation configuration parameters -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertClaudeRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - enableThoughtTranslate := true - rawJSON := inputRawJSON - - // system instruction - systemInstructionJSON := "" - hasSystemInstruction := false - systemResult := gjson.GetBytes(rawJSON, "system") - if systemResult.IsArray() { - systemResults := systemResult.Array() - systemInstructionJSON = `{"role":"user","parts":[]}` - for i := 0; i < len(systemResults); i++ { - systemPromptResult := systemResults[i] - systemTypePromptResult := systemPromptResult.Get("type") - if systemTypePromptResult.Type == gjson.String && systemTypePromptResult.String() == "text" { - systemPrompt := systemPromptResult.Get("text").String() - partJSON := `{}` - if systemPrompt != "" { - partJSON, _ = sjson.Set(partJSON, "text", systemPrompt) - } - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", partJSON) - hasSystemInstruction = true - } - } - } else if systemResult.Type == gjson.String { - systemInstructionJSON = `{"role":"user","parts":[{"text":""}]}` - systemInstructionJSON, _ = sjson.Set(systemInstructionJSON, "parts.0.text", systemResult.String()) - hasSystemInstruction = true - } - - // contents - contentsJSON := "[]" - hasContents := false - - messagesResult := gjson.GetBytes(rawJSON, "messages") - if messagesResult.IsArray() { - messageResults := messagesResult.Array() - numMessages := len(messageResults) - for i := 0; i < numMessages; i++ { - messageResult := messageResults[i] - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - continue - } - originalRole := roleResult.String() - role := originalRole - if role == "assistant" { - role = "model" - } - clientContentJSON := `{"role":"","parts":[]}` - clientContentJSON, _ = sjson.Set(clientContentJSON, "role", role) - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentResults := contentsResult.Array() - numContents := len(contentResults) - var currentMessageThinkingSignature string - for j := 0; j < numContents; j++ { - contentResult := contentResults[j] - contentTypeResult := contentResult.Get("type") - if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "thinking" { - // Use GetThinkingText to handle wrapped thinking objects - thinkingText := thinking.GetThinkingText(contentResult) - - // Always try cached signature first (more reliable than client-provided) - // Client may send stale or invalid signatures from different sessions - signature := "" - if thinkingText != "" { - if cachedSig := cache.GetCachedSignature(modelName, thinkingText); cachedSig != "" { - signature = cachedSig - // log.Debugf("Using cached signature for thinking block") - } - } - - // Fallback to client signature only if cache miss and client signature is valid - if signature == "" { - signatureResult := contentResult.Get("signature") - clientSignature := "" - if signatureResult.Exists() && signatureResult.String() != "" { - arrayClientSignatures := strings.SplitN(signatureResult.String(), "#", 2) - if len(arrayClientSignatures) == 2 { - if cache.GetModelGroup(modelName) == arrayClientSignatures[0] { - clientSignature = arrayClientSignatures[1] - } - } - } - if cache.HasValidSignature(modelName, clientSignature) { - signature = clientSignature - } - // log.Debugf("Using client-provided signature for thinking block") - } - - // Store for subsequent tool_use in the same message - if cache.HasValidSignature(modelName, signature) { - currentMessageThinkingSignature = signature - } - - // Skip trailing unsigned thinking blocks on last assistant message - isUnsigned := !cache.HasValidSignature(modelName, signature) - - // If unsigned, skip entirely (don't convert to text) - // Claude requires assistant messages to start with thinking blocks when thinking is enabled - // Converting to text would break this requirement - if isUnsigned { - // log.Debugf("Dropping unsigned thinking block (no valid signature)") - enableThoughtTranslate = false - continue - } - - // Valid signature, send as thought block - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "thought", true) - if thinkingText != "" { - partJSON, _ = sjson.Set(partJSON, "text", thinkingText) - } - if signature != "" { - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", signature) - } - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "text" { - prompt := contentResult.Get("text").String() - // Skip empty text parts to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - if prompt == "" { - continue - } - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "text", prompt) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_use" { - // NOTE: Do NOT inject dummy thinking blocks here. - // Antigravity API validates signatures, so dummy values are rejected. - - functionName := contentResult.Get("name").String() - argsResult := contentResult.Get("input") - functionID := contentResult.Get("id").String() - - // Handle both object and string input formats - var argsRaw string - if argsResult.IsObject() { - argsRaw = argsResult.Raw - } else if argsResult.Type == gjson.String { - // Input is a JSON string, parse and validate it - parsed := gjson.Parse(argsResult.String()) - if parsed.IsObject() { - argsRaw = parsed.Raw - } - } - - if argsRaw != "" { - partJSON := `{}` - - // Use skip_thought_signature_validator for tool calls without valid thinking signature - // This is the approach used in opencode-google-antigravity-auth for Gemini - // and also works for Claude through Antigravity API - const skipSentinel = "skip_thought_signature_validator" - if cache.HasValidSignature(modelName, currentMessageThinkingSignature) { - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", currentMessageThinkingSignature) - } else { - // No valid signature - use skip sentinel to bypass validation - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", skipSentinel) - } - - if functionID != "" { - partJSON, _ = sjson.Set(partJSON, "functionCall.id", functionID) - } - partJSON, _ = sjson.Set(partJSON, "functionCall.name", functionName) - partJSON, _ = sjson.SetRaw(partJSON, "functionCall.args", argsRaw) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_result" { - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID != "" { - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-2], "-") - } - functionResponseResult := contentResult.Get("content") - - functionResponseJSON := `{}` - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "id", toolCallID) - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "name", funcName) - - responseData := "" - if functionResponseResult.Type == gjson.String { - responseData = functionResponseResult.String() - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "response.result", responseData) - } else if functionResponseResult.IsArray() { - frResults := functionResponseResult.Array() - if len(frResults) == 1 { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", frResults[0].Raw) - } else { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } - - } else if functionResponseResult.IsObject() { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } else if functionResponseResult.Raw != "" { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } else { - // Content field is missing entirely — .Raw is empty which - // causes sjson.SetRaw to produce invalid JSON (e.g. "result":}). - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "response.result", "") - } - - partJSON := `{}` - partJSON, _ = sjson.SetRaw(partJSON, "functionResponse", functionResponseJSON) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "image" { - sourceResult := contentResult.Get("source") - if sourceResult.Get("type").String() == "base64" { - inlineDataJSON := `{}` - if mimeType := sourceResult.Get("media_type").String(); mimeType != "" { - inlineDataJSON, _ = sjson.Set(inlineDataJSON, "mime_type", mimeType) - } - if data := sourceResult.Get("data").String(); data != "" { - inlineDataJSON, _ = sjson.Set(inlineDataJSON, "data", data) - } - - partJSON := `{}` - partJSON, _ = sjson.SetRaw(partJSON, "inlineData", inlineDataJSON) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } - } - - // Reorder parts for 'model' role to ensure thinking block is first - if role == "model" { - partsResult := gjson.Get(clientContentJSON, "parts") - if partsResult.IsArray() { - parts := partsResult.Array() - var thinkingParts []gjson.Result - var otherParts []gjson.Result - for _, part := range parts { - if part.Get("thought").Bool() { - thinkingParts = append(thinkingParts, part) - } else { - otherParts = append(otherParts, part) - } - } - if len(thinkingParts) > 0 { - firstPartIsThinking := parts[0].Get("thought").Bool() - if !firstPartIsThinking || len(thinkingParts) > 1 { - var newParts []interface{} - for _, p := range thinkingParts { - newParts = append(newParts, p.Value()) - } - for _, p := range otherParts { - newParts = append(newParts, p.Value()) - } - clientContentJSON, _ = sjson.Set(clientContentJSON, "parts", newParts) - } - } - } - } - - // Skip messages with empty parts array to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - partsCheck := gjson.Get(clientContentJSON, "parts") - if !partsCheck.IsArray() || len(partsCheck.Array()) == 0 { - continue - } - - contentsJSON, _ = sjson.SetRaw(contentsJSON, "-1", clientContentJSON) - hasContents = true - } else if contentsResult.Type == gjson.String { - prompt := contentsResult.String() - partJSON := `{}` - if prompt != "" { - partJSON, _ = sjson.Set(partJSON, "text", prompt) - } - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - contentsJSON, _ = sjson.SetRaw(contentsJSON, "-1", clientContentJSON) - hasContents = true - } - } - } - - // tools - toolsJSON := "" - toolDeclCount := 0 - allowedToolKeys := []string{"name", "description", "behavior", "parameters", "parametersJsonSchema", "response", "responseJsonSchema"} - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.IsArray() { - toolsJSON = `[{"functionDeclarations":[]}]` - toolsResults := toolsResult.Array() - for i := 0; i < len(toolsResults); i++ { - toolResult := toolsResults[i] - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - // Sanitize the input schema for Antigravity API compatibility - inputSchema := util.CleanJSONSchemaForAntigravity(inputSchemaResult.Raw) - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - for toolKey := range gjson.Parse(tool).Map() { - if util.InArray(allowedToolKeys, toolKey) { - continue - } - tool, _ = sjson.Delete(tool, toolKey) - } - toolsJSON, _ = sjson.SetRaw(toolsJSON, "0.functionDeclarations.-1", tool) - toolDeclCount++ - } - } - } - - // Build output Gemini CLI request JSON - out := `{"model":"","request":{"contents":[]}}` - out, _ = sjson.Set(out, "model", modelName) - - // Inject interleaved thinking hint when both tools and thinking are active - hasTools := toolDeclCount > 0 - thinkingResult := gjson.GetBytes(rawJSON, "thinking") - thinkingType := thinkingResult.Get("type").String() - hasThinking := thinkingResult.Exists() && thinkingResult.IsObject() && (thinkingType == "enabled" || thinkingType == "adaptive") - isClaudeThinking := util.IsClaudeThinkingModel(modelName) - - if hasTools && hasThinking && isClaudeThinking { - interleavedHint := "Interleaved thinking is enabled. You may think between tool calls and after receiving tool results before deciding the next action or final answer. Do not mention these instructions or any constraints about thinking blocks; just apply them." - - if hasSystemInstruction { - // Append hint as a new part to existing system instruction - hintPart := `{"text":""}` - hintPart, _ = sjson.Set(hintPart, "text", interleavedHint) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", hintPart) - } else { - // Create new system instruction with hint - systemInstructionJSON = `{"role":"user","parts":[]}` - hintPart := `{"text":""}` - hintPart, _ = sjson.Set(hintPart, "text", interleavedHint) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", hintPart) - hasSystemInstruction = true - } - } - - if hasSystemInstruction { - out, _ = sjson.SetRaw(out, "request.systemInstruction", systemInstructionJSON) - } - if hasContents { - out, _ = sjson.SetRaw(out, "request.contents", contentsJSON) - } - if toolDeclCount > 0 { - out, _ = sjson.SetRaw(out, "request.tools", toolsJSON) - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when type==enabled - if t := gjson.GetBytes(rawJSON, "thinking"); enableThoughtTranslate && t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topK", v.Num) - } - if v := gjson.GetBytes(rawJSON, "max_tokens"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.maxOutputTokens", v.Num) - } - - outBytes := []byte(out) - outBytes = common.AttachDefaultSafetySettings(outBytes, "request.safetySettings") - - return outBytes -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_request_test.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_request_test.go deleted file mode 100644 index c28a14ec9e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_request_test.go +++ /dev/null @@ -1,778 +0,0 @@ -package claude - -import ( - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/cache" - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToAntigravity_BasicStructure(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - {"type": "text", "text": "Hello"} - ] - } - ], - "system": [ - {"type": "text", "text": "You are helpful"} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check model - if gjson.Get(outputStr, "model").String() != "claude-sonnet-4-5" { - t.Errorf("Expected model 'claude-sonnet-4-5', got '%s'", gjson.Get(outputStr, "model").String()) - } - - // Check contents exist - contents := gjson.Get(outputStr, "request.contents") - if !contents.Exists() || !contents.IsArray() { - t.Error("request.contents should exist and be an array") - } - - // Check role mapping (assistant -> model) - firstContent := gjson.Get(outputStr, "request.contents.0") - if firstContent.Get("role").String() != "user" { - t.Errorf("Expected role 'user', got '%s'", firstContent.Get("role").String()) - } - - // Check systemInstruction - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Error("systemInstruction should exist") - } - if sysInstruction.Get("parts.0.text").String() != "You are helpful" { - t.Error("systemInstruction text mismatch") - } -} - -func TestConvertClaudeRequestToAntigravity_RoleMapping(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "Hi"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Hello"}]} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // assistant should be mapped to model - secondContent := gjson.Get(outputStr, "request.contents.1") - if secondContent.Get("role").String() != "model" { - t.Errorf("Expected role 'model' (mapped from 'assistant'), got '%s'", secondContent.Get("role").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingBlocks(t *testing.T) { - cache.ClearSignatureCache("") - - // Valid signature must be at least 50 characters - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Let me think..." - - // Pre-cache the signature (simulating a previous response for the same thinking text) - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"}, - {"type": "text", "text": "Answer"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check thinking block conversion (now in contents.1 due to user message) - firstPart := gjson.Get(outputStr, "request.contents.1.parts.0") - if !firstPart.Get("thought").Bool() { - t.Error("thinking block should have thought: true") - } - if firstPart.Get("text").String() != thinkingText { - t.Error("thinking text mismatch") - } - if firstPart.Get("thoughtSignature").String() != validSignature { - t.Errorf("Expected thoughtSignature '%s', got '%s'", validSignature, firstPart.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingBlockWithoutSignature(t *testing.T) { - cache.ClearSignatureCache("") - - // Unsigned thinking blocks should be removed entirely (not converted to text) - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Let me think..."}, - {"type": "text", "text": "Answer"} - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Without signature, thinking block should be removed (not converted to text) - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (thinking removed), got %d", len(parts)) - } - - // Only text part should remain - if parts[0].Get("thought").Bool() { - t.Error("Thinking block should be removed, not preserved") - } - if parts[0].Get("text").String() != "Answer" { - t.Errorf("Expected text 'Answer', got '%s'", parts[0].Get("text").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolDeclarations(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [], - "tools": [ - { - "name": "test_tool", - "description": "A test tool", - "input_schema": { - "type": "object", - "properties": { - "name": {"type": "string"} - }, - "required": ["name"] - } - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("gemini-1.5-pro", inputJSON, false) - outputStr := string(output) - - // Check tools structure - tools := gjson.Get(outputStr, "request.tools") - if !tools.Exists() { - t.Error("Tools should exist in output") - } - - funcDecl := gjson.Get(outputStr, "request.tools.0.functionDeclarations.0") - if funcDecl.Get("name").String() != "test_tool" { - t.Errorf("Expected tool name 'test_tool', got '%s'", funcDecl.Get("name").String()) - } - - // Check input_schema renamed to parametersJsonSchema - if funcDecl.Get("parametersJsonSchema").Exists() { - t.Log("parametersJsonSchema exists (expected)") - } - if funcDecl.Get("input_schema").Exists() { - t.Error("input_schema should be removed") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolUse(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "call_123", - "name": "get_weather", - "input": "{\"location\": \"Paris\"}" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Now we expect only 1 part (tool_use), no dummy thinking block injected - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (tool only, no dummy injection), got %d", len(parts)) - } - - // Check function call conversion at parts[0] - funcCall := parts[0].Get("functionCall") - if !funcCall.Exists() { - t.Error("functionCall should exist at parts[0]") - } - if funcCall.Get("name").String() != "get_weather" { - t.Errorf("Expected function name 'get_weather', got '%s'", funcCall.Get("name").String()) - } - if funcCall.Get("id").String() != "call_123" { - t.Errorf("Expected function id 'call_123', got '%s'", funcCall.Get("id").String()) - } - // Verify skip_thought_signature_validator is added (bypass for tools without valid thinking) - expectedSig := "skip_thought_signature_validator" - actualSig := parts[0].Get("thoughtSignature").String() - if actualSig != expectedSig { - t.Errorf("Expected thoughtSignature '%s', got '%s'", expectedSig, actualSig) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolUse_WithSignature(t *testing.T) { - cache.ClearSignatureCache("") - - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Let me think..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"}, - { - "type": "tool_use", - "id": "call_123", - "name": "get_weather", - "input": "{\"location\": \"Paris\"}" - } - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check function call has the signature from the preceding thinking block (now in contents.1) - part := gjson.Get(outputStr, "request.contents.1.parts.1") - if part.Get("functionCall.name").String() != "get_weather" { - t.Errorf("Expected functionCall, got %s", part.Raw) - } - if part.Get("thoughtSignature").String() != validSignature { - t.Errorf("Expected thoughtSignature '%s' on tool_use, got '%s'", validSignature, part.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ReorderThinking(t *testing.T) { - cache.ClearSignatureCache("") - - // Case: text block followed by thinking block -> should be reordered to thinking first - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Planning..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is the plan."}, - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Verify order: Thinking block MUST be first (now in contents.1 due to user message) - parts := gjson.Get(outputStr, "request.contents.1.parts").Array() - if len(parts) != 2 { - t.Fatalf("Expected 2 parts, got %d", len(parts)) - } - - if !parts[0].Get("thought").Bool() { - t.Error("First part should be thinking block after reordering") - } - if parts[1].Get("text").String() != "Here is the plan." { - t.Error("Second part should be text block") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResult(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "get_weather-call-123", - "content": "22C sunny" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check function response conversion - funcResp := gjson.Get(outputStr, "request.contents.0.parts.0.functionResponse") - if !funcResp.Exists() { - t.Error("functionResponse should exist") - } - if funcResp.Get("id").String() != "get_weather-call-123" { - t.Errorf("Expected function id, got '%s'", funcResp.Get("id").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingConfig(t *testing.T) { - // Note: This test requires the model to be registered in the registry - // with Thinking metadata. If the registry is not populated in test environment, - // thinkingConfig won't be added. We'll test the basic structure only. - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [], - "thinking": { - "type": "enabled", - "budget_tokens": 8000 - } - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check thinking config conversion (only if model supports thinking in registry) - thinkingConfig := gjson.Get(outputStr, "request.generationConfig.thinkingConfig") - if thinkingConfig.Exists() { - if thinkingConfig.Get("thinkingBudget").Int() != 8000 { - t.Errorf("Expected thinkingBudget 8000, got %d", thinkingConfig.Get("thinkingBudget").Int()) - } - if !thinkingConfig.Get("includeThoughts").Bool() { - t.Error("includeThoughts should be true") - } - } else { - t.Log("thinkingConfig not present - model may not be registered in test registry") - } -} - -func TestConvertClaudeRequestToAntigravity_ImageContent(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - { - "type": "image", - "source": { - "type": "base64", - "media_type": "image/png", - "data": "iVBORw0KGgoAAAANSUhEUg==" - } - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check inline data conversion - inlineData := gjson.Get(outputStr, "request.contents.0.parts.0.inlineData") - if !inlineData.Exists() { - t.Error("inlineData should exist") - } - if inlineData.Get("mime_type").String() != "image/png" { - t.Error("mime_type mismatch") - } - if !strings.Contains(inlineData.Get("data").String(), "iVBORw0KGgo") { - t.Error("data mismatch") - } -} - -func TestConvertClaudeRequestToAntigravity_GenerationConfig(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [], - "temperature": 0.7, - "top_p": 0.9, - "top_k": 40, - "max_tokens": 2000 - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - genConfig := gjson.Get(outputStr, "request.generationConfig") - if genConfig.Get("temperature").Float() != 0.7 { - t.Errorf("Expected temperature 0.7, got %f", genConfig.Get("temperature").Float()) - } - if genConfig.Get("topP").Float() != 0.9 { - t.Errorf("Expected topP 0.9, got %f", genConfig.Get("topP").Float()) - } - if genConfig.Get("topK").Float() != 40 { - t.Errorf("Expected topK 40, got %f", genConfig.Get("topK").Float()) - } - if genConfig.Get("maxOutputTokens").Float() != 2000 { - t.Errorf("Expected maxOutputTokens 2000, got %f", genConfig.Get("maxOutputTokens").Float()) - } -} - -// ============================================================================ -// Trailing Unsigned Thinking Block Removal -// ============================================================================ - -func TestConvertClaudeRequestToAntigravity_TrailingUnsignedThinking_Removed(t *testing.T) { - // Last assistant message ends with unsigned thinking block - should be removed - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is my answer"}, - {"type": "thinking", "thinking": "I should think more..."} - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // The last part of the last assistant message should NOT be a thinking block - lastMessageParts := gjson.Get(outputStr, "request.contents.1.parts") - if !lastMessageParts.IsArray() { - t.Fatal("Last message should have parts array") - } - parts := lastMessageParts.Array() - if len(parts) == 0 { - t.Fatal("Last message should have at least one part") - } - - // The unsigned thinking should be removed, leaving only the text - lastPart := parts[len(parts)-1] - if lastPart.Get("thought").Bool() { - t.Error("Trailing unsigned thinking block should be removed") - } -} - -func TestConvertClaudeRequestToAntigravity_TrailingSignedThinking_Kept(t *testing.T) { - cache.ClearSignatureCache("") - - // Last assistant message ends with signed thinking block - should be kept - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Valid thinking..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is my answer"}, - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // The signed thinking block should be preserved - lastMessageParts := gjson.Get(outputStr, "request.contents.1.parts") - parts := lastMessageParts.Array() - if len(parts) < 2 { - t.Error("Signed thinking block should be preserved") - } -} - -func TestConvertClaudeRequestToAntigravity_MiddleUnsignedThinking_Removed(t *testing.T) { - // Middle message has unsigned thinking - should be removed entirely - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Middle thinking..."}, - {"type": "text", "text": "Answer"} - ] - }, - { - "role": "user", - "content": [{"type": "text", "text": "Follow up"}] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Unsigned thinking should be removed entirely - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (thinking removed), got %d", len(parts)) - } - - // Only text part should remain - if parts[0].Get("thought").Bool() { - t.Error("Thinking block should be removed, not preserved") - } - if parts[0].Get("text").String() != "Answer" { - t.Errorf("Expected text 'Answer', got '%s'", parts[0].Get("text").String()) - } -} - -// ============================================================================ -// Tool + Thinking System Hint Injection -// ============================================================================ - -func TestConvertClaudeRequestToAntigravity_ToolAndThinking_HintInjected(t *testing.T) { - // When both tools and thinking are enabled, hint should be injected into system instruction - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should contain the interleaved thinking hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Fatal("systemInstruction should exist") - } - - // Check if hint is appended - sysText := sysInstruction.Get("parts").Array() - found := false - for _, part := range sysText { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - found = true - break - } - } - if !found { - t.Errorf("Interleaved thinking hint should be injected when tools and thinking are both active, got: %v", sysInstruction.Raw) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolsOnly_NoHint(t *testing.T) { - // When only tools are present (no thinking), hint should NOT be injected - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // System instruction should NOT contain the hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if sysInstruction.Exists() { - for _, part := range sysInstruction.Get("parts").Array() { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - t.Error("Hint should NOT be injected when only tools are present (no thinking)") - } - } - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingOnly_NoHint(t *testing.T) { - // When only thinking is enabled (no tools), hint should NOT be injected - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should NOT contain the hint (no tools) - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if sysInstruction.Exists() { - for _, part := range sysInstruction.Get("parts").Array() { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - t.Error("Hint should NOT be injected when only thinking is present (no tools)") - } - } - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResultNoContent(t *testing.T) { - // Bug repro: tool_result with no content field produces invalid JSON - inputJSON := []byte(`{ - "model": "claude-opus-4-6-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "MyTool-123-456", - "name": "MyTool", - "input": {"key": "value"} - } - ] - }, - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "MyTool-123-456" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, true) - outputStr := string(output) - - if !gjson.Valid(outputStr) { - t.Errorf("Result is not valid JSON:\n%s", outputStr) - } - - // Verify the functionResponse has a valid result value - fr := gjson.Get(outputStr, "request.contents.1.parts.0.functionResponse.response.result") - if !fr.Exists() { - t.Error("functionResponse.response.result should exist") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResultNullContent(t *testing.T) { - // Bug repro: tool_result with null content produces invalid JSON - inputJSON := []byte(`{ - "model": "claude-opus-4-6-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "MyTool-123-456", - "name": "MyTool", - "input": {"key": "value"} - } - ] - }, - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "MyTool-123-456", - "content": null - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, true) - outputStr := string(output) - - if !gjson.Valid(outputStr) { - t.Errorf("Result is not valid JSON:\n%s", outputStr) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolAndThinking_NoExistingSystem(t *testing.T) { - // When tools + thinking but no system instruction, should create one with hint - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should be created with hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Fatal("systemInstruction should be created when tools + thinking are active") - } - - sysText := sysInstruction.Get("parts").Array() - found := false - for _, part := range sysText { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - found = true - break - } - } - if !found { - t.Errorf("Interleaved thinking hint should be in created systemInstruction, got: %v", sysInstruction.Raw) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_response.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_response.go deleted file mode 100644 index 3c834f6f21..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_response.go +++ /dev/null @@ -1,523 +0,0 @@ -// Package claude provides response translation functionality for Claude Code API compatibility. -// This package handles the conversion of backend client responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/cache" - log "github.com/sirupsen/logrus" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion and maintains state across streaming chunks. -// This structure tracks the current state of the response translation process to ensure -// proper sequencing of SSE events and transitions between different content types. -type Params struct { - HasFirstResponse bool // Indicates if the initial message_start event has been sent - ResponseType int // Current response type: 0=none, 1=content, 2=thinking, 3=function - ResponseIndex int // Index counter for content blocks in the streaming response - HasFinishReason bool // Tracks whether a finish reason has been observed - FinishReason string // The finish reason string returned by the provider - HasUsageMetadata bool // Tracks whether usage metadata has been observed - PromptTokenCount int64 // Cached prompt token count from usage metadata - CandidatesTokenCount int64 // Cached candidate token count from usage metadata - ThoughtsTokenCount int64 // Cached thinking token count from usage metadata - TotalTokenCount int64 // Cached total token count from usage metadata - CachedTokenCount int64 // Cached content token count (indicates prompt caching) - HasSentFinalEvents bool // Indicates if final content/message events have been sent - HasToolUse bool // Indicates if tool use was observed in the stream - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output - - // Signature caching support - CurrentThinkingText strings.Builder // Accumulates thinking text for signature caching -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertAntigravityResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertAntigravityResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - modelName := gjson.GetBytes(requestRawJSON, "model").String() - - params := (*param).(*Params) - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - output := "" - // Only send final events if we have actually output content - if params.HasContent { - appendFinalEvents(params, &output, true) - return []string{ - output + "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk to establish the streaming session - if !params.HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values according to Claude Code API specification - // This follows the Claude Code API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Use cpaUsageMetadata within the message_start event for Claude. - if promptTokenCount := gjson.GetBytes(rawJSON, "response.cpaUsageMetadata.promptTokenCount"); promptTokenCount.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.usage.input_tokens", promptTokenCount.Int()) - } - if candidatesTokenCount := gjson.GetBytes(rawJSON, "response.cpaUsageMetadata.candidatesTokenCount"); candidatesTokenCount.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.usage.output_tokens", candidatesTokenCount.Int()) - } - - // Override default values with actual response metadata if available from the Gemini CLI response - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - params.HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - if thoughtSignature := partResult.Get("thoughtSignature"); thoughtSignature.Exists() && thoughtSignature.String() != "" { - // log.Debug("Branch: signature_delta") - - if params.CurrentThinkingText.Len() > 0 { - cache.CacheSignature(modelName, params.CurrentThinkingText.String(), thoughtSignature.String()) - // log.Debugf("Cached signature for thinking block (textLen=%d)", params.CurrentThinkingText.Len()) - params.CurrentThinkingText.Reset() - } - - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":""}}`, params.ResponseIndex), "delta.signature", fmt.Sprintf("%s#%s", cache.GetModelGroup(modelName), thoughtSignature.String())) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else if params.ResponseType == 2 { // Continue existing thinking block if already in thinking state - params.CurrentThinkingText.WriteString(partTextResult.String()) - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, params.ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if params.ResponseType != 0 { - if params.ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, params.ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, params.ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, params.ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.ResponseType = 2 // Set state to thinking - params.HasContent = true - // Start accumulating thinking text for signature caching - params.CurrentThinkingText.Reset() - params.CurrentThinkingText.WriteString(partTextResult.String()) - } - } else { - finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason") - if partTextResult.String() != "" || !finishReasonResult.Exists() { - // Process regular text content (user-visible output) - // Continue existing text block if already in content state - if params.ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, params.ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if params.ResponseType != 0 { - if params.ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, params.ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - if partTextResult.String() != "" { - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, params.ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, params.ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.ResponseType = 1 // Set state to content - params.HasContent = true - } - } - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude Code API compatibility - params.HasToolUse = true - fcName := functionCallResult.Get("name").String() - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if params.ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - params.ResponseType = 0 - } - - // Special handling for thinking state transition - if params.ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, params.ResponseIndex) - // output = output + "\n\n\n" - } - - // Close any other existing content block - if params.ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude Code format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, params.ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, params.ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - params.ResponseType = 3 - params.HasContent = true - } - } - } - - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - params.HasFinishReason = true - params.FinishReason = finishReasonResult.String() - } - - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - params.HasUsageMetadata = true - params.CachedTokenCount = usageResult.Get("cachedContentTokenCount").Int() - params.PromptTokenCount = usageResult.Get("promptTokenCount").Int() - params.CachedTokenCount - params.CandidatesTokenCount = usageResult.Get("candidatesTokenCount").Int() - params.ThoughtsTokenCount = usageResult.Get("thoughtsTokenCount").Int() - params.TotalTokenCount = usageResult.Get("totalTokenCount").Int() - if params.CandidatesTokenCount == 0 && params.TotalTokenCount > 0 { - params.CandidatesTokenCount = params.TotalTokenCount - params.PromptTokenCount - params.ThoughtsTokenCount - if params.CandidatesTokenCount < 0 { - params.CandidatesTokenCount = 0 - } - } - } - - if params.HasUsageMetadata && params.HasFinishReason { - appendFinalEvents(params, &output, false) - } - - return []string{output} -} - -func appendFinalEvents(params *Params, output *string, force bool) { - if params.HasSentFinalEvents { - return - } - - if !params.HasUsageMetadata && !force { - return - } - - // Only send final events if we have actually output content - if !params.HasContent { - return - } - - if params.ResponseType != 0 { - *output = *output + "event: content_block_stop\n" - *output = *output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - *output = *output + "\n\n\n" - params.ResponseType = 0 - } - - stopReason := resolveStopReason(params) - usageOutputTokens := params.CandidatesTokenCount + params.ThoughtsTokenCount - if usageOutputTokens == 0 && params.TotalTokenCount > 0 { - usageOutputTokens = params.TotalTokenCount - params.PromptTokenCount - if usageOutputTokens < 0 { - usageOutputTokens = 0 - } - } - - *output = *output + "event: message_delta\n" - *output = *output + "data: " - delta := fmt.Sprintf(`{"type":"message_delta","delta":{"stop_reason":"%s","stop_sequence":null},"usage":{"input_tokens":%d,"output_tokens":%d}}`, stopReason, params.PromptTokenCount, usageOutputTokens) - // Add cache_read_input_tokens if cached tokens are present (indicates prompt caching is working) - if params.CachedTokenCount > 0 { - var err error - delta, err = sjson.Set(delta, "usage.cache_read_input_tokens", params.CachedTokenCount) - if err != nil { - log.Warnf("antigravity claude response: failed to set cache_read_input_tokens: %v", err) - } - } - *output = *output + delta + "\n\n\n" - - params.HasSentFinalEvents = true -} - -func resolveStopReason(params *Params) string { - if params.HasToolUse { - return "tool_use" - } - - switch params.FinishReason { - case "MAX_TOKENS": - return "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - return "end_turn" - } - - return "end_turn" -} - -// ConvertAntigravityResponseToClaudeNonStream converts a non-streaming Gemini CLI response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini CLI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertAntigravityResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - modelName := gjson.GetBytes(requestRawJSON, "model").String() - - root := gjson.ParseBytes(rawJSON) - promptTokens := root.Get("response.usageMetadata.promptTokenCount").Int() - candidateTokens := root.Get("response.usageMetadata.candidatesTokenCount").Int() - thoughtTokens := root.Get("response.usageMetadata.thoughtsTokenCount").Int() - totalTokens := root.Get("response.usageMetadata.totalTokenCount").Int() - cachedTokens := root.Get("response.usageMetadata.cachedContentTokenCount").Int() - outputTokens := candidateTokens + thoughtTokens - if outputTokens == 0 && totalTokens > 0 { - outputTokens = totalTokens - promptTokens - if outputTokens < 0 { - outputTokens = 0 - } - } - - responseJSON := `{"id":"","type":"message","role":"assistant","model":"","content":null,"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - responseJSON, _ = sjson.Set(responseJSON, "id", root.Get("response.responseId").String()) - responseJSON, _ = sjson.Set(responseJSON, "model", root.Get("response.modelVersion").String()) - responseJSON, _ = sjson.Set(responseJSON, "usage.input_tokens", promptTokens) - responseJSON, _ = sjson.Set(responseJSON, "usage.output_tokens", outputTokens) - // Add cache_read_input_tokens if cached tokens are present (indicates prompt caching is working) - if cachedTokens > 0 { - var err error - responseJSON, err = sjson.Set(responseJSON, "usage.cache_read_input_tokens", cachedTokens) - if err != nil { - log.Warnf("antigravity claude response: failed to set cache_read_input_tokens: %v", err) - } - } - - contentArrayInitialized := false - ensureContentArray := func() { - if contentArrayInitialized { - return - } - responseJSON, _ = sjson.SetRaw(responseJSON, "content", "[]") - contentArrayInitialized = true - } - - parts := root.Get("response.candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - thinkingSignature := "" - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - ensureContentArray() - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 && thinkingSignature == "" { - return - } - ensureContentArray() - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - if thinkingSignature != "" { - block, _ = sjson.Set(block, "signature", fmt.Sprintf("%s#%s", cache.GetModelGroup(modelName), thinkingSignature)) - } - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", block) - thinkingBuilder.Reset() - thinkingSignature = "" - } - - if parts.IsArray() { - for _, part := range parts.Array() { - isThought := part.Get("thought").Bool() - if isThought { - sig := part.Get("thoughtSignature") - if !sig.Exists() { - sig = part.Get("thought_signature") - } - if sig.Exists() && sig.String() != "" { - thinkingSignature = sig.String() - } - } - - if text := part.Get("text"); text.Exists() && text.String() != "" { - if isThought { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - - if args := functionCall.Get("args"); args.Exists() && args.Raw != "" && gjson.Valid(args.Raw) && args.IsObject() { - toolBlock, _ = sjson.SetRaw(toolBlock, "input", args.Raw) - } - - ensureContentArray() - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("response.candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - responseJSON, _ = sjson.Set(responseJSON, "stop_reason", stopReason) - - if promptTokens == 0 && outputTokens == 0 { - if usageMeta := root.Get("response.usageMetadata"); !usageMeta.Exists() { - responseJSON, _ = sjson.Delete(responseJSON, "usage") - } - } - - return responseJSON -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_response_test.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_response_test.go deleted file mode 100644 index c561c55751..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/antigravity_claude_response_test.go +++ /dev/null @@ -1,246 +0,0 @@ -package claude - -import ( - "context" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/cache" -) - -// ============================================================================ -// Signature Caching Tests -// ============================================================================ - -func TestConvertAntigravityResponseToClaude_ParamsInitialized(t *testing.T) { - cache.ClearSignatureCache("") - - // Request with user message - should initialize params - requestJSON := []byte(`{ - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "Hello world"}]} - ] - }`) - - // First response chunk with thinking - responseJSON := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Let me think...", "thought": true}] - } - }] - } - }`) - - var param any - ctx := context.Background() - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, responseJSON, ¶m) - - params := param.(*Params) - if !params.HasFirstResponse { - t.Error("HasFirstResponse should be set after first chunk") - } - if params.CurrentThinkingText.Len() == 0 { - t.Error("Thinking text should be accumulated") - } -} - -func TestConvertAntigravityResponseToClaude_ThinkingTextAccumulated(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "messages": [{"role": "user", "content": [{"type": "text", "text": "Test"}]}] - }`) - - // First thinking chunk - chunk1 := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "First part of thinking...", "thought": true}] - } - }] - } - }`) - - // Second thinking chunk (continuation) - chunk2 := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": " Second part of thinking...", "thought": true}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process first chunk - starts new thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, chunk1, ¶m) - params := param.(*Params) - - if params.CurrentThinkingText.Len() == 0 { - t.Error("Thinking text should be accumulated after first chunk") - } - - // Process second chunk - continues thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, chunk2, ¶m) - - text := params.CurrentThinkingText.String() - if !strings.Contains(text, "First part") || !strings.Contains(text, "Second part") { - t.Errorf("Thinking text should accumulate both parts, got: %s", text) - } -} - -func TestConvertAntigravityResponseToClaude_SignatureCached(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Cache test"}]}] - }`) - - // Thinking chunk - thinkingChunk := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "My thinking process here", "thought": true}] - } - }] - } - }`) - - // Signature chunk - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - signatureChunk := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSignature + `"}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process thinking chunk - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, thinkingChunk, ¶m) - params := param.(*Params) - thinkingText := params.CurrentThinkingText.String() - - if thinkingText == "" { - t.Fatal("Thinking text should be accumulated") - } - - // Process signature chunk - should cache the signature - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, signatureChunk, ¶m) - - // Verify signature was cached - cachedSig := cache.GetCachedSignature("claude-sonnet-4-5-thinking", thinkingText) - if cachedSig != validSignature { - t.Errorf("Expected cached signature '%s', got '%s'", validSignature, cachedSig) - } - - // Verify thinking text was reset after caching - if params.CurrentThinkingText.Len() != 0 { - t.Error("Thinking text should be reset after signature is cached") - } -} - -func TestConvertAntigravityResponseToClaude_MultipleThinkingBlocks(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Multi block test"}]}] - }`) - - validSig1 := "signature1_12345678901234567890123456789012345678901234567" - validSig2 := "signature2_12345678901234567890123456789012345678901234567" - - // First thinking block with signature - block1Thinking := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "First thinking block", "thought": true}] - } - }] - } - }`) - block1Sig := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSig1 + `"}] - } - }] - } - }`) - - // Text content (breaks thinking) - textBlock := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Regular text output"}] - } - }] - } - }`) - - // Second thinking block with signature - block2Thinking := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Second thinking block", "thought": true}] - } - }] - } - }`) - block2Sig := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSig2 + `"}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process first thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block1Thinking, ¶m) - params := param.(*Params) - firstThinkingText := params.CurrentThinkingText.String() - - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block1Sig, ¶m) - - // Verify first signature cached - if cache.GetCachedSignature("claude-sonnet-4-5-thinking", firstThinkingText) != validSig1 { - t.Error("First thinking block signature should be cached") - } - - // Process text (transitions out of thinking) - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, textBlock, ¶m) - - // Process second thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block2Thinking, ¶m) - secondThinkingText := params.CurrentThinkingText.String() - - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block2Sig, ¶m) - - // Verify second signature cached - if cache.GetCachedSignature("claude-sonnet-4-5-thinking", secondThinkingText) != validSig2 { - t.Error("Second thinking block signature should be cached") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/init.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/init.go deleted file mode 100644 index 21fe0b26ed..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Antigravity, - ConvertClaudeRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToClaude, - NonStream: ConvertAntigravityResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_request.go deleted file mode 100644 index 1d04474069..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_request.go +++ /dev/null @@ -1,312 +0,0 @@ -// Package gemini provides request translation functionality for Gemini CLI to Gemini API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Gemini API's expected format. -package gemini - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToAntigravity parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini API format -// 3. Converts system instructions to the expected format -// 4. Fixes CLI tool response format and grouping -// -// Parameters: -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertGeminiRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - template := "" - template = `{"project":"","request":{},"model":""}` - template, _ = sjson.SetRaw(template, "request", string(rawJSON)) - template, _ = sjson.Set(template, "model", modelName) - template, _ = sjson.Delete(template, "request.model") - - template, errFixCLIToolResponse := fixCLIToolResponse(template) - if errFixCLIToolResponse != nil { - return []byte{} - } - - systemInstructionResult := gjson.Get(template, "request.system_instruction") - if systemInstructionResult.Exists() { - template, _ = sjson.SetRaw(template, "request.systemInstruction", systemInstructionResult.Raw) - template, _ = sjson.Delete(template, "request.system_instruction") - } - rawJSON = []byte(template) - - // Normalize roles in request.contents: default to valid values if missing/invalid - contents := gjson.GetBytes(rawJSON, "request.contents") - if contents.Exists() { - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - if prevRole == "" { - newRole = "user" - } else if prevRole == "user" { - newRole = "model" - } else { - newRole = "user" - } - path := fmt.Sprintf("request.contents.%d.role", idx) - rawJSON, _ = sjson.SetBytes(rawJSON, path, newRole) - role = newRole - } - prevRole = role - idx++ - return true - }) - } - - toolsResult := gjson.GetBytes(rawJSON, "request.tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - // Gemini-specific handling for non-Claude models: - // - Add skip_thought_signature_validator to functionCall parts so upstream can bypass signature validation. - // - Also mark thinking parts with the same sentinel when present (we keep the parts; we only annotate them). - if !strings.Contains(modelName, "claude") { - const skipSentinel = "skip_thought_signature_validator" - - gjson.GetBytes(rawJSON, "request.contents").ForEach(func(contentIdx, content gjson.Result) bool { - if content.Get("role").String() == "model" { - // First pass: collect indices of thinking parts to mark with skip sentinel - var thinkingIndicesToSkipSignature []int64 - content.Get("parts").ForEach(func(partIdx, part gjson.Result) bool { - // Collect indices of thinking blocks to mark with skip sentinel - if part.Get("thought").Bool() { - thinkingIndicesToSkipSignature = append(thinkingIndicesToSkipSignature, partIdx.Int()) - } - // Add skip sentinel to functionCall parts - if part.Get("functionCall").Exists() { - existingSig := part.Get("thoughtSignature").String() - if existingSig == "" || len(existingSig) < 50 { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", contentIdx.Int(), partIdx.Int()), skipSentinel) - } - } - return true - }) - - // Add skip_thought_signature_validator sentinel to thinking blocks in reverse order to preserve indices - for i := len(thinkingIndicesToSkipSignature) - 1; i >= 0; i-- { - idx := thinkingIndicesToSkipSignature[i] - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", contentIdx.Int(), idx), skipSentinel) - } - } - return true - }) - } - - return common.AttachDefaultSafetySettings(rawJSON, "request.safetySettings") -} - -// FunctionCallGroup represents a group of function calls and their responses -type FunctionCallGroup struct { - ResponsesNeeded int -} - -// parseFunctionResponseRaw attempts to normalize a function response part into a JSON object string. -// Falls back to a minimal "functionResponse" object when parsing fails. -func parseFunctionResponseRaw(response gjson.Result) string { - if response.IsObject() && gjson.Valid(response.Raw) { - return response.Raw - } - - log.Debugf("parse function response failed, using fallback") - funcResp := response.Get("functionResponse") - if funcResp.Exists() { - fr := `{"functionResponse":{"name":"","response":{"result":""}}}` - fr, _ = sjson.Set(fr, "functionResponse.name", funcResp.Get("name").String()) - fr, _ = sjson.Set(fr, "functionResponse.response.result", funcResp.Get("response").String()) - if id := funcResp.Get("id").String(); id != "" { - fr, _ = sjson.Set(fr, "functionResponse.id", id) - } - return fr - } - - fr := `{"functionResponse":{"name":"unknown","response":{"result":""}}}` - fr, _ = sjson.Set(fr, "functionResponse.response.result", response.String()) - return fr -} - -// fixCLIToolResponse performs sophisticated tool response format conversion and grouping. -// This function transforms the CLI tool response format by intelligently grouping function calls -// with their corresponding responses, ensuring proper conversation flow and API compatibility. -// It converts from a linear format (1.json) to a grouped format (2.json) where function calls -// and their responses are properly associated and structured. -// -// Parameters: -// - input: The input JSON string to be processed -// -// Returns: -// - string: The processed JSON string with grouped function calls and responses -// - error: An error if the processing fails -func fixCLIToolResponse(input string) (string, error) { - // Parse the input JSON to extract the conversation structure - parsed := gjson.Parse(input) - - // Extract the contents array which contains the conversation messages - contents := parsed.Get("request.contents") - if !contents.Exists() { - // log.Debugf(input) - return input, fmt.Errorf("contents not found in input") - } - - // Initialize data structures for processing and grouping - contentsWrapper := `{"contents":[]}` - var pendingGroups []*FunctionCallGroup // Groups awaiting completion with responses - var collectedResponses []gjson.Result // Standalone responses to be matched - - // Process each content object in the conversation - // This iterates through messages and groups function calls with their responses - contents.ForEach(func(key, value gjson.Result) bool { - role := value.Get("role").String() - parts := value.Get("parts") - - // Check if this content has function responses - var responsePartsInThisContent []gjson.Result - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionResponse").Exists() { - responsePartsInThisContent = append(responsePartsInThisContent, part) - } - return true - }) - - // If this content has function responses, collect them - if len(responsePartsInThisContent) > 0 { - collectedResponses = append(collectedResponses, responsePartsInThisContent...) - - // Check if any pending groups can be satisfied - for i := len(pendingGroups) - 1; i >= 0; i-- { - group := pendingGroups[i] - if len(collectedResponses) >= group.ResponsesNeeded { - // Take the needed responses for this group - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - // Create merged function response content - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - partRaw := parseFunctionResponseRaw(response) - if partRaw != "" { - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", partRaw) - } - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - - // Remove this group as it's been satisfied - pendingGroups = append(pendingGroups[:i], pendingGroups[i+1:]...) - break - } - } - - return true // Skip adding this content, responses are merged - } - - // If this is a model with function calls, create a new group - if role == "model" { - functionCallsCount := 0 - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - functionCallsCount++ - } - return true - }) - - if functionCallsCount > 0 { - // Add the model content - if !value.IsObject() { - log.Warnf("failed to parse model content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - - // Create a new group for tracking responses - group := &FunctionCallGroup{ - ResponsesNeeded: functionCallsCount, - } - pendingGroups = append(pendingGroups, group) - } else { - // Regular model content without function calls - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - } else { - // Non-model content (user, etc.) - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - - return true - }) - - // Handle any remaining pending groups with remaining responses - for _, group := range pendingGroups { - if len(collectedResponses) >= group.ResponsesNeeded { - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - partRaw := parseFunctionResponseRaw(response) - if partRaw != "" { - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", partRaw) - } - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - } - } - - // Update the original JSON with the new contents - result := input - result, _ = sjson.SetRaw(result, "request.contents", gjson.Get(contentsWrapper, "contents").Raw) - - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_request_test.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_request_test.go deleted file mode 100644 index 8867a30eae..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_request_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package gemini - -import ( - "fmt" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToAntigravity_PreserveValidSignature(t *testing.T) { - // Valid signature on functionCall should be preserved - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - inputJSON := []byte(fmt.Sprintf(`{ - "model": "gemini-3-pro-preview", - "contents": [ - { - "role": "model", - "parts": [ - {"functionCall": {"name": "test_tool", "args": {}}, "thoughtSignature": "%s"} - ] - } - ] - }`, validSignature)) - - output := ConvertGeminiRequestToAntigravity("gemini-3-pro-preview", inputJSON, false) - outputStr := string(output) - - // Check that valid thoughtSignature is preserved - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part, got %d", len(parts)) - } - - sig := parts[0].Get("thoughtSignature").String() - if sig != validSignature { - t.Errorf("Expected thoughtSignature '%s', got '%s'", validSignature, sig) - } -} - -func TestConvertGeminiRequestToAntigravity_AddSkipSentinelToFunctionCall(t *testing.T) { - // functionCall without signature should get skip_thought_signature_validator - inputJSON := []byte(`{ - "model": "gemini-3-pro-preview", - "contents": [ - { - "role": "model", - "parts": [ - {"functionCall": {"name": "test_tool", "args": {}}} - ] - } - ] - }`) - - output := ConvertGeminiRequestToAntigravity("gemini-3-pro-preview", inputJSON, false) - outputStr := string(output) - - // Check that skip_thought_signature_validator is added to functionCall - sig := gjson.Get(outputStr, "request.contents.0.parts.0.thoughtSignature").String() - expectedSig := "skip_thought_signature_validator" - if sig != expectedSig { - t.Errorf("Expected skip sentinel '%s', got '%s'", expectedSig, sig) - } -} - -func TestConvertGeminiRequestToAntigravity_ParallelFunctionCalls(t *testing.T) { - // Multiple functionCalls should all get skip_thought_signature_validator - inputJSON := []byte(`{ - "model": "gemini-3-pro-preview", - "contents": [ - { - "role": "model", - "parts": [ - {"functionCall": {"name": "tool_one", "args": {"a": "1"}}}, - {"functionCall": {"name": "tool_two", "args": {"b": "2"}}} - ] - } - ] - }`) - - output := ConvertGeminiRequestToAntigravity("gemini-3-pro-preview", inputJSON, false) - outputStr := string(output) - - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 2 { - t.Fatalf("Expected 2 parts, got %d", len(parts)) - } - - expectedSig := "skip_thought_signature_validator" - for i, part := range parts { - sig := part.Get("thoughtSignature").String() - if sig != expectedSig { - t.Errorf("Part %d: Expected '%s', got '%s'", i, expectedSig, sig) - } - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_response.go deleted file mode 100644 index 874dc28314..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_response.go +++ /dev/null @@ -1,100 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Gemini CLI API compatibility. -// It handles parsing and transforming Gemini API requests into Gemini CLI API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Gemini CLI API's expected format. -package gemini - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertAntigravityResponseToGemini parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the response data from the request -// 2. Handles alternative response formats -// 3. Processes array responses by extracting individual response objects -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - []string: The transformed request data in Gemini API format -func ConvertAntigravityResponseToGemini(ctx context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if alt, ok := ctx.Value("alt").(string); ok { - var chunk []byte - if alt == "" { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk = []byte(responseResult.Raw) - chunk = restoreUsageMetadata(chunk) - } - } else { - chunkTemplate := "[]" - responseResult := gjson.ParseBytes(chunk) - if responseResult.IsArray() { - responseResultItems := responseResult.Array() - for i := 0; i < len(responseResultItems); i++ { - responseResultItem := responseResultItems[i] - if responseResultItem.Get("response").Exists() { - chunkTemplate, _ = sjson.SetRaw(chunkTemplate, "-1", responseResultItem.Get("response").Raw) - } - } - } - chunk = []byte(chunkTemplate) - } - return []string{string(chunk)} - } - return []string{} -} - -// ConvertAntigravityResponseToGeminiNonStream converts a non-streaming Gemini CLI request to a non-streaming Gemini response. -// This function processes the complete Gemini CLI request and transforms it into a single Gemini-compatible -// JSON response. It extracts the response data from the request and returns it in the expected format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing the response data -func ConvertAntigravityResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk := restoreUsageMetadata([]byte(responseResult.Raw)) - return string(chunk) - } - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -// restoreUsageMetadata renames cpaUsageMetadata back to usageMetadata. -// The executor renames usageMetadata to cpaUsageMetadata in non-terminal chunks -// to preserve usage data while hiding it from clients that don't expect it. -// When returning standard Gemini API format, we must restore the original name. -func restoreUsageMetadata(chunk []byte) []byte { - if cpaUsage := gjson.GetBytes(chunk, "cpaUsageMetadata"); cpaUsage.Exists() { - chunk, _ = sjson.SetRawBytes(chunk, "usageMetadata", []byte(cpaUsage.Raw)) - chunk, _ = sjson.DeleteBytes(chunk, "cpaUsageMetadata") - } - return chunk -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_response_test.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_response_test.go deleted file mode 100644 index 5f96012ad1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/antigravity_gemini_response_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package gemini - -import ( - "context" - "testing" -) - -func TestRestoreUsageMetadata(t *testing.T) { - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata renamed to usageMetadata", - input: []byte(`{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100,"candidatesTokenCount":200}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100,"candidatesTokenCount":200}}`, - }, - { - name: "no cpaUsageMetadata unchanged", - input: []byte(`{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - { - name: "empty input", - input: []byte(`{}`), - expected: `{}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := restoreUsageMetadata(tt.input) - if string(result) != tt.expected { - t.Errorf("restoreUsageMetadata() = %s, want %s", string(result), tt.expected) - } - }) - } -} - -func TestConvertAntigravityResponseToGeminiNonStream(t *testing.T) { - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata restored in response", - input: []byte(`{"response":{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - { - name: "usageMetadata preserved", - input: []byte(`{"response":{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertAntigravityResponseToGeminiNonStream(context.Background(), "", nil, nil, tt.input, nil) - if result != tt.expected { - t.Errorf("ConvertAntigravityResponseToGeminiNonStream() = %s, want %s", result, tt.expected) - } - }) - } -} - -func TestConvertAntigravityResponseToGeminiStream(t *testing.T) { - ctx := context.WithValue(context.Background(), "alt", "") - - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata restored in streaming response", - input: []byte(`data: {"response":{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - results := ConvertAntigravityResponseToGemini(ctx, "", nil, nil, tt.input, nil) - if len(results) != 1 { - t.Fatalf("expected 1 result, got %d", len(results)) - } - if results[0] != tt.expected { - t.Errorf("ConvertAntigravityResponseToGemini() = %s, want %s", results[0], tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/init.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/init.go deleted file mode 100644 index 3955824863..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - Antigravity, - ConvertGeminiRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToGemini, - NonStream: ConvertAntigravityResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_request.go deleted file mode 100644 index a8105c4ec3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_request.go +++ /dev/null @@ -1,417 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToAntigravity converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"project":"","request":{"contents":[]},"model":"gemini-2.5-pro"}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini CLI thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "request.generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k/max_tokens - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topK", tkr.Num) - } - if maxTok := gjson.GetBytes(rawJSON, "max_tokens"); maxTok.Exists() && maxTok.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.maxOutputTokens", maxTok.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "request.generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini CLI request.generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "request.generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into request.generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.imageSize", size.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> request.systemInstruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } else if role == "assistant" { - node := []byte(`{"role":"model","parts":[]}`) - p := 0 - if content.Type == gjson.String && content.String() != "" { - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.id", fid) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - if gjson.Valid(fargs) { - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - } else { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.args.params", []byte(fargs)) - } - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.id", fid) - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - // Handle non-JSON output gracefully (matches dev branch approach) - if resp != "null" { - parsed := gjson.Parse(resp) - if parsed.Type == gjson.JSON { - toolNode, _ = sjson.SetRawBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(parsed.Raw)) - } else { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", resp) - } - } - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", toolNode) - } - } else { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - } - } - } - - // tools -> request.tools[].functionDeclarations + request.tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(gs.Raw)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "request.tools", toolsNode) - } - } - - return common.AttachDefaultSafetySettings(out, "request.safetySettings") -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response.go deleted file mode 100644 index af9ffef19c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response.go +++ /dev/null @@ -1,241 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - log "github.com/sirupsen/logrus" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/chat-completions" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertCliResponseToOpenAIChatParams holds parameters for response conversion. -type convertCliResponseToOpenAIChatParams struct { - UnixTimestamp int64 - FunctionIndex int - SawToolCall bool // Tracks if any tool call was seen in the entire stream - UpstreamFinishReason string // Caches the upstream finish reason for final chunk -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertAntigravityResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertAntigravityResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &convertCliResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "response.createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } else { - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - // Cache the finish reason - do NOT set it in output yet (will be set on final chunk) - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - (*param).(*convertCliResponseToOpenAIChatParams).UpstreamFinishReason = strings.ToUpper(finishReasonResult.String()) - } - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - cachedTokenCount - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("antigravity openai response: failed to set cached_tokens: %v", err) - } - } - } - - // Process the main content part of the response. - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Ignore encrypted thoughtSignature but keep any actual content in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - textContent := partTextResult.String() - - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", textContent) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", textContent) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - (*param).(*convertCliResponseToOpenAIChatParams).SawToolCall = true // Persist across chunks - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - functionCallIndex := (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex - (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex++ - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - // Determine finish_reason only on the final chunk (has both finishReason and usage metadata) - params := (*param).(*convertCliResponseToOpenAIChatParams) - upstreamFinishReason := params.UpstreamFinishReason - sawToolCall := params.SawToolCall - - usageExists := gjson.GetBytes(rawJSON, "response.usageMetadata").Exists() - isFinalChunk := upstreamFinishReason != "" && usageExists - - if isFinalChunk { - var finishReason string - if sawToolCall { - finishReason = "tool_calls" - } else if upstreamFinishReason == "MAX_TOKENS" { - finishReason = "max_tokens" - } else { - finishReason = "stop" - } - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", strings.ToLower(upstreamFinishReason)) - } - - return []string{template} -} - -// ConvertAntigravityResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertAntigravityResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return ConvertGeminiResponseToOpenAINonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, []byte(responseResult.Raw), param) - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go deleted file mode 100644 index eea1ad5216..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go +++ /dev/null @@ -1,128 +0,0 @@ -package chat_completions - -import ( - "context" - "testing" - - "github.com/tidwall/gjson" -) - -func TestFinishReasonToolCallsNotOverwritten(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Contains functionCall - should set SawToolCall = true - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"functionCall":{"name":"list_files","args":{"path":"."}}}]}}]}}`) - result1 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Verify chunk1 has no finish_reason (null) - if len(result1) != 1 { - t.Fatalf("Expected 1 result from chunk1, got %d", len(result1)) - } - fr1 := gjson.Get(result1[0], "choices.0.finish_reason") - if fr1.Exists() && fr1.String() != "" && fr1.Type.String() != "Null" { - t.Errorf("Expected finish_reason to be null in chunk1, got: %v", fr1.String()) - } - - // Chunk 2: Contains finishReason STOP + usage (final chunk, no functionCall) - // This simulates what the upstream sends AFTER the tool call chunk - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":20,"totalTokenCount":30}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify chunk2 has finish_reason: "tool_calls" (not "stop") - if len(result2) != 1 { - t.Fatalf("Expected 1 result from chunk2, got %d", len(result2)) - } - fr2 := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr2 != "tool_calls" { - t.Errorf("Expected finish_reason 'tool_calls', got: %s", fr2) - } - - // Verify native_finish_reason is lowercase upstream value - nfr2 := gjson.Get(result2[0], "choices.0.native_finish_reason").String() - if nfr2 != "stop" { - t.Errorf("Expected native_finish_reason 'stop', got: %s", nfr2) - } -} - -func TestFinishReasonStopForNormalText(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content only - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello world"}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with STOP - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "stop" (no tool calls were made) - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "stop" { - t.Errorf("Expected finish_reason 'stop', got: %s", fr) - } -} - -func TestFinishReasonMaxTokens(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello"}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with MAX_TOKENS - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"MAX_TOKENS"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":100,"totalTokenCount":110}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "max_tokens" - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "max_tokens" { - t.Errorf("Expected finish_reason 'max_tokens', got: %s", fr) - } -} - -func TestToolCallTakesPriorityOverMaxTokens(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Contains functionCall - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"functionCall":{"name":"test","args":{}}}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with MAX_TOKENS (but we had a tool call, so tool_calls should win) - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"MAX_TOKENS"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":100,"totalTokenCount":110}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "tool_calls" (takes priority over max_tokens) - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "tool_calls" { - t.Errorf("Expected finish_reason 'tool_calls', got: %s", fr) - } -} - -func TestNoFinishReasonOnIntermediateChunks(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content (no finish reason, no usage) - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello"}]}}]}}`) - result1 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Verify no finish_reason on intermediate chunk - fr1 := gjson.Get(result1[0], "choices.0.finish_reason") - if fr1.Exists() && fr1.String() != "" && fr1.Type.String() != "Null" { - t.Errorf("Expected no finish_reason on intermediate chunk, got: %v", fr1) - } - - // Chunk 2: More text (no finish reason, no usage) - chunk2 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":" world"}]}}]}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify no finish_reason on intermediate chunk - fr2 := gjson.Get(result2[0], "choices.0.finish_reason") - if fr2.Exists() && fr2.String() != "" && fr2.Type.String() != "Null" { - t.Errorf("Expected no finish_reason on intermediate chunk, got: %v", fr2) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/init.go deleted file mode 100644 index 5c5c71e461..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Antigravity, - ConvertOpenAIRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAI, - NonStream: ConvertAntigravityResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/antigravity_openai-responses_request.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/antigravity_openai-responses_request.go deleted file mode 100644 index 90bfa14c05..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/antigravity_openai-responses_request.go +++ /dev/null @@ -1,12 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/antigravity/gemini" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/responses" -) - -func ConvertOpenAIResponsesRequestToAntigravity(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = ConvertOpenAIResponsesRequestToGemini(modelName, rawJSON, stream) - return ConvertGeminiRequestToAntigravity(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/antigravity_openai-responses_response.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/antigravity_openai-responses_response.go deleted file mode 100644 index 7c416c1ff6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/antigravity_openai-responses_response.go +++ /dev/null @@ -1,35 +0,0 @@ -package responses - -import ( - "context" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/responses" - "github.com/tidwall/gjson" -) - -func ConvertAntigravityResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - return ConvertGeminiResponseToOpenAIResponses(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -func ConvertAntigravityResponseToOpenAIResponsesNonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - - requestResult := gjson.GetBytes(originalRequestRawJSON, "request") - if responseResult.Exists() { - originalRequestRawJSON = []byte(requestResult.Raw) - } - - requestResult = gjson.GetBytes(requestRawJSON, "request") - if responseResult.Exists() { - requestRawJSON = []byte(requestResult.Raw) - } - - return ConvertGeminiResponseToOpenAIResponsesNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/init.go b/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/init.go deleted file mode 100644 index 8d13703239..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/antigravity/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Antigravity, - ConvertOpenAIResponsesRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAIResponses, - NonStream: ConvertAntigravityResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/claude_gemini-cli_request.go b/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/claude_gemini-cli_request.go deleted file mode 100644 index 831d784db3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/claude_gemini-cli_request.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini CLI to Claude Code API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Claude Code API's expected format. -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/claude/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToClaude parses and transforms a Gemini CLI API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Claude Code API format -// 3. Converts system instructions to the expected format -// 4. Delegates to the Gemini-to-Claude conversion function for further processing -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertGeminiCLIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - modelResult := gjson.GetBytes(rawJSON, "model") - // Extract the inner request object and promote it to the top level - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - // Restore the model information at the top level - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelResult.String()) - // Convert systemInstruction field to system_instruction for Claude Code compatibility - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - // Delegate to the Gemini-to-Claude conversion function for further processing - return ConvertGeminiRequestToClaude(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/claude_gemini-cli_response.go b/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/claude_gemini-cli_response.go deleted file mode 100644 index bc072b3030..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/claude_gemini-cli_response.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package geminiCLI provides response translation functionality for Claude Code to Gemini CLI API compatibility. -// This package handles the conversion of Claude Code API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "context" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/claude/gemini" - "github.com/tidwall/sjson" -) - -// ConvertClaudeResponseToGeminiCLI converts Claude Code streaming response format to Gemini CLI format. -// This function processes various Claude Code event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini CLI API format. -// The function wraps each converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response wrapped in a response object -func ConvertClaudeResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := ConvertClaudeResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - // Wrap each converted response in a "response" object to match Gemini CLI API structure - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertClaudeResponseToGeminiCLINonStream converts a non-streaming Claude Code response to a non-streaming Gemini CLI response. -// This function processes the complete Claude Code response and transforms it into a single Gemini-compatible -// JSON response. It wraps the converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: A Gemini-compatible JSON response wrapped in a response object -func ConvertClaudeResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - strJSON := ConvertClaudeResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - // Wrap the converted response in a "response" object to match Gemini CLI API structure - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return GeminiTokenCount(ctx, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/init.go b/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/init.go deleted file mode 100644 index ca364a6ee0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - Claude, - ConvertGeminiCLIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGeminiCLI, - NonStream: ConvertClaudeResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/claude_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/claude_gemini_request.go deleted file mode 100644 index ea53da0540..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/claude_gemini_request.go +++ /dev/null @@ -1,374 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Claude Code API compatibility. -// It handles parsing and transforming Gemini API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Claude Code API's expected format. -package gemini - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertGeminiRequestToClaude parses and transforms a Gemini API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and generation configuration extraction -// 2. System instruction conversion to Claude Code format -// 3. Message content conversion with proper role mapping -// 4. Tool call and tool result handling with FIFO queue for ID matching -// 5. Image and file data conversion to Claude Code base64 format -// 6. Tool declaration and tool choice configuration mapping -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertGeminiRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude message payload - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Helper for generating tool call IDs in the form: toolu_ - // This ensures unique identifiers for tool calls in the Claude Code format - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix for uniqueness - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // FIFO queue to store tool call IDs for matching with tool results - // Gemini uses sequential pairing across possibly multiple in-flight - // functionCalls, so we keep a FIFO queue of generated tool IDs and - // consume them in order when functionResponses arrive. - var pendingToolIDs []string - - // Model mapping to specify which Claude Code model to use - out, _ = sjson.Set(out, "model", modelName) - - // Generation config extraction from Gemini format - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - // Max output tokens configuration - if maxTokens := genConfig.Get("maxOutputTokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - // Temperature setting for controlling response randomness - if temp := genConfig.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := genConfig.Get("topP"); topP.Exists() { - // Top P setting for nucleus sampling (filtered out if temperature is set) - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - // Stop sequences configuration for custom termination conditions - if stopSeqs := genConfig.Get("stopSequences"); stopSeqs.Exists() && stopSeqs.IsArray() { - var stopSequences []string - stopSeqs.ForEach(func(_, value gjson.Result) bool { - stopSequences = append(stopSequences, value.String()) - return true - }) - if len(stopSequences) > 0 { - out, _ = sjson.Set(out, "stop_sequences", stopSequences) - } - } - // Include thoughts configuration for reasoning process visibility - // Translator only does format conversion, ApplyThinking handles model capability validation. - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - level := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - switch level { - case "": - case "none": - out, _ = sjson.Set(out, "thinking.type", "disabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - case "auto": - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - default: - if budget, ok := thinking.ConvertLevelToBudget(level); ok { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - budget := int(thinkingBudget.Int()) - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - default: - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } else if includeThoughts := thinkingConfig.Get("includeThoughts"); includeThoughts.Exists() && includeThoughts.Type == gjson.True { - out, _ = sjson.Set(out, "thinking.type", "enabled") - } else if includeThoughts := thinkingConfig.Get("include_thoughts"); includeThoughts.Exists() && includeThoughts.Type == gjson.True { - out, _ = sjson.Set(out, "thinking.type", "enabled") - } - } - } - } - - // System instruction conversion to Claude Code format - if sysInstr := root.Get("system_instruction"); sysInstr.Exists() { - if parts := sysInstr.Get("parts"); parts.Exists() && parts.IsArray() { - var systemText strings.Builder - parts.ForEach(func(_, part gjson.Result) bool { - if text := part.Get("text"); text.Exists() { - if systemText.Len() > 0 { - systemText.WriteString("\n") - } - systemText.WriteString(text.String()) - } - return true - }) - if systemText.Len() > 0 { - // Create system message in Claude Code format - systemMessage := `{"role":"user","content":[{"type":"text","text":""}]}` - systemMessage, _ = sjson.Set(systemMessage, "content.0.text", systemText.String()) - out, _ = sjson.SetRaw(out, "messages.-1", systemMessage) - } - } - } - - // Contents conversion to messages with proper role mapping - if contents := root.Get("contents"); contents.Exists() && contents.IsArray() { - contents.ForEach(func(_, content gjson.Result) bool { - role := content.Get("role").String() - // Map Gemini roles to Claude Code roles - if role == "model" { - role = "assistant" - } - - if role == "function" { - role = "user" - } - - if role == "tool" { - role = "user" - } - - // Create message structure in Claude Code format - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - - if parts := content.Get("parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Text content conversion - if text := part.Get("text"); text.Exists() { - textContent := `{"type":"text","text":""}` - textContent, _ = sjson.Set(textContent, "text", text.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", textContent) - return true - } - - // Function call (from model/assistant) conversion to tool use - if fc := part.Get("functionCall"); fc.Exists() && role == "assistant" { - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - - // Generate a unique tool ID and enqueue it for later matching - // with the corresponding functionResponse - toolID := genToolCallID() - pendingToolIDs = append(pendingToolIDs, toolID) - toolUse, _ = sjson.Set(toolUse, "id", toolID) - - if name := fc.Get("name"); name.Exists() { - toolUse, _ = sjson.Set(toolUse, "name", name.String()) - } - if args := fc.Get("args"); args.Exists() && args.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", args.Raw) - } - msg, _ = sjson.SetRaw(msg, "content.-1", toolUse) - return true - } - - // Function response (from user) conversion to tool result - if fr := part.Get("functionResponse"); fr.Exists() { - toolResult := `{"type":"tool_result","tool_use_id":"","content":""}` - - // Attach the oldest queued tool_id to pair the response - // with its call. If the queue is empty, generate a new id. - var toolID string - if len(pendingToolIDs) > 0 { - toolID = pendingToolIDs[0] - // Pop the first element from the queue - pendingToolIDs = pendingToolIDs[1:] - } else { - // Fallback: generate new ID if no pending tool_use found - toolID = genToolCallID() - } - toolResult, _ = sjson.Set(toolResult, "tool_use_id", toolID) - - // Extract result content from the function response - if result := fr.Get("response.result"); result.Exists() { - toolResult, _ = sjson.Set(toolResult, "content", result.String()) - } else if response := fr.Get("response"); response.Exists() { - toolResult, _ = sjson.Set(toolResult, "content", response.Raw) - } - msg, _ = sjson.SetRaw(msg, "content.-1", toolResult) - return true - } - - // Image content (inline_data) conversion to Claude Code format - if inlineData := part.Get("inline_data"); inlineData.Exists() { - imageContent := `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - if mimeType := inlineData.Get("mime_type"); mimeType.Exists() { - imageContent, _ = sjson.Set(imageContent, "source.media_type", mimeType.String()) - } - if data := inlineData.Get("data"); data.Exists() { - imageContent, _ = sjson.Set(imageContent, "source.data", data.String()) - } - msg, _ = sjson.SetRaw(msg, "content.-1", imageContent) - return true - } - - // File data conversion to text content with file info - if fileData := part.Get("file_data"); fileData.Exists() { - // For file data, we'll convert to text content with file info - textContent := `{"type":"text","text":""}` - fileInfo := "File: " + fileData.Get("file_uri").String() - if mimeType := fileData.Get("mime_type"); mimeType.Exists() { - fileInfo += " (Type: " + mimeType.String() + ")" - } - textContent, _ = sjson.Set(textContent, "text", fileInfo) - msg, _ = sjson.SetRaw(msg, "content.-1", textContent) - return true - } - - return true - }) - } - - // Only add message if it has content - if contentArray := gjson.Get(msg, "content"); contentArray.Exists() && len(contentArray.Array()) > 0 { - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - return true - }) - } - - // Tools mapping: Gemini functionDeclarations -> Claude Code tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var anthropicTools []interface{} - - tools.ForEach(func(_, tool gjson.Result) bool { - if funcDecls := tool.Get("functionDeclarations"); funcDecls.Exists() && funcDecls.IsArray() { - funcDecls.ForEach(func(_, funcDecl gjson.Result) bool { - anthropicTool := `{"name":"","description":"","input_schema":{}}` - - if name := funcDecl.Get("name"); name.Exists() { - anthropicTool, _ = sjson.Set(anthropicTool, "name", name.String()) - } - if desc := funcDecl.Get("description"); desc.Exists() { - anthropicTool, _ = sjson.Set(anthropicTool, "description", desc.String()) - } - if params := funcDecl.Get("parameters"); params.Exists() { - // Clean up the parameters schema for Claude Code compatibility - cleaned := params.Raw - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - cleaned, _ = sjson.Set(cleaned, "$schema", "http://json-schema.org/draft-07/schema#") - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", cleaned) - } else if params = funcDecl.Get("parametersJsonSchema"); params.Exists() { - // Clean up the parameters schema for Claude Code compatibility - cleaned := params.Raw - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - cleaned, _ = sjson.Set(cleaned, "$schema", "http://json-schema.org/draft-07/schema#") - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", cleaned) - } - - anthropicTools = append(anthropicTools, gjson.Parse(anthropicTool).Value()) - return true - }) - } - return true - }) - - if len(anthropicTools) > 0 { - out, _ = sjson.Set(out, "tools", anthropicTools) - } - } - - // Tool config mapping from Gemini format to Claude Code format - if toolConfig := root.Get("tool_config"); toolConfig.Exists() { - if funcCalling := toolConfig.Get("function_calling_config"); funcCalling.Exists() { - if mode := funcCalling.Get("mode"); mode.Exists() { - switch mode.String() { - case "AUTO": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "NONE": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"none"}`) - case "ANY": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - } - } - } - - // Stream setting configuration - out, _ = sjson.Set(out, "stream", stream) - - // Convert tool parameter types to lowercase for Claude Code compatibility - var pathsToLower []string - toolsResult := gjson.Get(out, "tools") - util.Walk(toolsResult, "", "type", &pathsToLower) - for _, p := range pathsToLower { - fullPath := fmt.Sprintf("tools.%s", p) - out, _ = sjson.Set(out, fullPath, strings.ToLower(gjson.Get(out, fullPath).String())) - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/claude_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/claude_gemini_response.go deleted file mode 100644 index c38f8ae787..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/claude_gemini_response.go +++ /dev/null @@ -1,566 +0,0 @@ -// Package gemini provides response translation functionality for Claude Code to Gemini API compatibility. -// This package handles the conversion of Claude Code API responses into Gemini-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package gemini - -import ( - "bufio" - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertAnthropicResponseToGeminiParams holds parameters for response conversion -// It also carries minimal streaming state across calls to assemble tool_use input_json_delta. -// This structure maintains state information needed for proper conversion of streaming responses -// from Claude Code format to Gemini format, particularly for handling tool calls that span -// multiple streaming events. -type ConvertAnthropicResponseToGeminiParams struct { - Model string - CreatedAt int64 - ResponseID string - LastStorageOutput string - IsStreaming bool - - // Streaming state for tool_use assembly - // Keyed by content_block index from Claude SSE events - ToolUseNames map[int]string // function/tool name per block index - ToolUseArgs map[int]*strings.Builder // accumulates partial_json across deltas -} - -// ConvertClaudeResponseToGemini converts Claude Code streaming response format to Gemini format. -// This function processes various Claude Code event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, reasoning content, and usage metadata, outputting responses that match -// the Gemini API format. The function supports incremental updates for streaming responses and maintains -// state information to properly assemble multi-part tool calls. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response -func ConvertClaudeResponseToGemini(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertAnthropicResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - root := gjson.ParseBytes(rawJSON) - eventType := root.Get("type").String() - - // Base Gemini response template with default values - template := `{"candidates":[{"content":{"role":"model","parts":[]}}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - if (*param).(*ConvertAnthropicResponseToGeminiParams).Model != "" { - // Map Claude model names back to Gemini model names - template, _ = sjson.Set(template, "modelVersion", (*param).(*ConvertAnthropicResponseToGeminiParams).Model) - } - - // Set response ID and creation time - if (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID != "" { - template, _ = sjson.Set(template, "responseId", (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID) - } - - // Set creation time to current time if not provided - if (*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt == 0 { - (*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt = time.Now().Unix() - } - template, _ = sjson.Set(template, "createTime", time.Unix((*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt, 0).Format(time.RFC3339Nano)) - - switch eventType { - case "message_start": - // Initialize response with message metadata when a new message begins - if message := root.Get("message"); message.Exists() { - (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID = message.Get("id").String() - (*param).(*ConvertAnthropicResponseToGeminiParams).Model = message.Get("model").String() - } - return []string{} - - case "content_block_start": - // Start of a content block - record tool_use name by index for functionCall assembly - if cb := root.Get("content_block"); cb.Exists() { - if cb.Get("type").String() == "tool_use" { - idx := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames == nil { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames = map[int]string{} - } - if name := cb.Get("name"); name.Exists() { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames[idx] = name.String() - } - } - } - return []string{} - - case "content_block_delta": - // Handle content delta (text, thinking, or tool use arguments) - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - - switch deltaType { - case "text_delta": - // Regular text content delta for normal response text - if text := delta.Get("text"); text.Exists() && text.String() != "" { - textPart := `{"text":""}` - textPart, _ = sjson.Set(textPart, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", textPart) - } - case "thinking_delta": - // Thinking/reasoning content delta for models with reasoning capabilities - if text := delta.Get("thinking"); text.Exists() && text.String() != "" { - thinkingPart := `{"thought":true,"text":""}` - thinkingPart, _ = sjson.Set(thinkingPart, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", thinkingPart) - } - case "input_json_delta": - // Tool use input delta - accumulate partial_json by index for later assembly at content_block_stop - idx := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs == nil { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs = map[int]*strings.Builder{} - } - b, ok := (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx] - if !ok || b == nil { - bb := &strings.Builder{} - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx] = bb - b = bb - } - if pj := delta.Get("partial_json"); pj.Exists() { - b.WriteString(pj.String()) - } - return []string{} - } - } - return []string{template} - - case "content_block_stop": - // End of content block - finalize tool calls if any - idx := int(root.Get("index").Int()) - // Claude's content_block_stop often doesn't include content_block payload (see docs/response-claude.txt) - // So we finalize using accumulated state captured during content_block_start and input_json_delta. - name := "" - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames != nil { - name = (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames[idx] - } - var argsTrim string - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs != nil { - if b := (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx]; b != nil { - argsTrim = strings.TrimSpace(b.String()) - } - } - if name != "" || argsTrim != "" { - functionCall := `{"functionCall":{"name":"","args":{}}}` - if name != "" { - functionCall, _ = sjson.Set(functionCall, "functionCall.name", name) - } - if argsTrim != "" { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsTrim) - } - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", functionCall) - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - (*param).(*ConvertAnthropicResponseToGeminiParams).LastStorageOutput = template - // cleanup used state for this index - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs != nil { - delete((*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs, idx) - } - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames != nil { - delete((*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames, idx) - } - return []string{template} - } - return []string{} - - case "message_delta": - // Handle message-level changes (like stop reason and usage information) - if delta := root.Get("delta"); delta.Exists() { - if stopReason := delta.Get("stop_reason"); stopReason.Exists() { - switch stopReason.String() { - case "end_turn": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - case "tool_use": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - case "max_tokens": - template, _ = sjson.Set(template, "candidates.0.finishReason", "MAX_TOKENS") - case "stop_sequence": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - default: - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } - } - } - - if usage := root.Get("usage"); usage.Exists() { - // Basic token counts for prompt and completion - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - - // Set basic usage metadata according to Gemini API specification - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", inputTokens+outputTokens) - - // Add cache-related token counts if present (Claude Code API cache fields) - if cacheCreationTokens := usage.Get("cache_creation_input_tokens"); cacheCreationTokens.Exists() { - template, _ = sjson.Set(template, "usageMetadata.cachedContentTokenCount", cacheCreationTokens.Int()) - } - if cacheReadTokens := usage.Get("cache_read_input_tokens"); cacheReadTokens.Exists() { - // Add cache read tokens to cached content count - existingCacheTokens := usage.Get("cache_creation_input_tokens").Int() - totalCacheTokens := existingCacheTokens + cacheReadTokens.Int() - template, _ = sjson.Set(template, "usageMetadata.cachedContentTokenCount", totalCacheTokens) - } - - // Add thinking tokens if present (for models with reasoning capabilities) - if thinkingTokens := usage.Get("thinking_tokens"); thinkingTokens.Exists() { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", thinkingTokens.Int()) - } - - // Set traffic type (required by Gemini API) - template, _ = sjson.Set(template, "usageMetadata.trafficType", "PROVISIONED_THROUGHPUT") - } - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - - return []string{template} - case "message_stop": - // Final message with usage information - no additional output needed - return []string{} - case "error": - // Handle error responses and convert to Gemini error format - errorMsg := root.Get("error.message").String() - if errorMsg == "" { - errorMsg = "Unknown error occurred" - } - - // Create error response in Gemini format - errorResponse := `{"error":{"code":400,"message":"","status":"INVALID_ARGUMENT"}}` - errorResponse, _ = sjson.Set(errorResponse, "error.message", errorMsg) - return []string{errorResponse} - - default: - // Unknown event type, return empty response - return []string{} - } -} - -// ConvertClaudeResponseToGeminiNonStream converts a non-streaming Claude Code response to a non-streaming Gemini response. -// This function processes the complete Claude Code response and transforms it into a single Gemini-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Gemini API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing all message content and metadata -func ConvertClaudeResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - // Base Gemini response template for non-streaming with default values - template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - template, _ = sjson.Set(template, "modelVersion", modelName) - - streamingEvents := make([][]byte, 0) - - scanner := bufio.NewScanner(bytes.NewReader(rawJSON)) - buffer := make([]byte, 52_428_800) // 50MB - scanner.Buffer(buffer, 52_428_800) - for scanner.Scan() { - line := scanner.Bytes() - // log.Debug(string(line)) - if bytes.HasPrefix(line, dataTag) { - jsonData := bytes.TrimSpace(line[5:]) - streamingEvents = append(streamingEvents, jsonData) - } - } - // log.Debug("streamingEvents: ", streamingEvents) - // log.Debug("rawJSON: ", string(rawJSON)) - - // Initialize parameters for streaming conversion with proper state management - newParam := &ConvertAnthropicResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - LastStorageOutput: "", - IsStreaming: false, - ToolUseNames: nil, - ToolUseArgs: nil, - } - - // Process each streaming event and collect parts - var allParts []string - var finalUsageJSON string - var responseID string - var createdAt int64 - - for _, eventData := range streamingEvents { - if len(eventData) == 0 { - continue - } - - root := gjson.ParseBytes(eventData) - eventType := root.Get("type").String() - - switch eventType { - case "message_start": - // Extract response metadata including ID, model, and creation time - if message := root.Get("message"); message.Exists() { - responseID = message.Get("id").String() - newParam.ResponseID = responseID - newParam.Model = message.Get("model").String() - - // Set creation time to current time if not provided - createdAt = time.Now().Unix() - newParam.CreatedAt = createdAt - } - - case "content_block_start": - // Prepare for content block; record tool_use name by index for later functionCall assembly - idx := int(root.Get("index").Int()) - if cb := root.Get("content_block"); cb.Exists() { - if cb.Get("type").String() == "tool_use" { - if newParam.ToolUseNames == nil { - newParam.ToolUseNames = map[int]string{} - } - if name := cb.Get("name"); name.Exists() { - newParam.ToolUseNames[idx] = name.String() - } - } - } - continue - - case "content_block_delta": - // Handle content delta (text, thinking, or tool input) - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - switch deltaType { - case "text_delta": - // Process regular text content - if text := delta.Get("text"); text.Exists() && text.String() != "" { - partJSON := `{"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - allParts = append(allParts, partJSON) - } - case "thinking_delta": - // Process reasoning/thinking content - if text := delta.Get("thinking"); text.Exists() && text.String() != "" { - partJSON := `{"thought":true,"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - allParts = append(allParts, partJSON) - } - case "input_json_delta": - // accumulate args partial_json for this index - idx := int(root.Get("index").Int()) - if newParam.ToolUseArgs == nil { - newParam.ToolUseArgs = map[int]*strings.Builder{} - } - if _, ok := newParam.ToolUseArgs[idx]; !ok || newParam.ToolUseArgs[idx] == nil { - newParam.ToolUseArgs[idx] = &strings.Builder{} - } - if pj := delta.Get("partial_json"); pj.Exists() { - newParam.ToolUseArgs[idx].WriteString(pj.String()) - } - } - } - - case "content_block_stop": - // Handle tool use completion by assembling accumulated arguments - idx := int(root.Get("index").Int()) - // Claude's content_block_stop often doesn't include content_block payload (see docs/response-claude.txt) - // So we finalize using accumulated state captured during content_block_start and input_json_delta. - name := "" - if newParam.ToolUseNames != nil { - name = newParam.ToolUseNames[idx] - } - var argsTrim string - if newParam.ToolUseArgs != nil { - if b := newParam.ToolUseArgs[idx]; b != nil { - argsTrim = strings.TrimSpace(b.String()) - } - } - if name != "" || argsTrim != "" { - functionCallJSON := `{"functionCall":{"name":"","args":{}}}` - if name != "" { - functionCallJSON, _ = sjson.Set(functionCallJSON, "functionCall.name", name) - } - if argsTrim != "" { - functionCallJSON, _ = sjson.SetRaw(functionCallJSON, "functionCall.args", argsTrim) - } - allParts = append(allParts, functionCallJSON) - // cleanup used state for this index - if newParam.ToolUseArgs != nil { - delete(newParam.ToolUseArgs, idx) - } - if newParam.ToolUseNames != nil { - delete(newParam.ToolUseNames, idx) - } - } - - case "message_delta": - // Extract final usage information using sjson for token counts and metadata - if usage := root.Get("usage"); usage.Exists() { - usageJSON := `{}` - - // Basic token counts for prompt and completion - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - - // Set basic usage metadata according to Gemini API specification - usageJSON, _ = sjson.Set(usageJSON, "promptTokenCount", inputTokens) - usageJSON, _ = sjson.Set(usageJSON, "candidatesTokenCount", outputTokens) - usageJSON, _ = sjson.Set(usageJSON, "totalTokenCount", inputTokens+outputTokens) - - // Add cache-related token counts if present (Claude Code API cache fields) - if cacheCreationTokens := usage.Get("cache_creation_input_tokens"); cacheCreationTokens.Exists() { - usageJSON, _ = sjson.Set(usageJSON, "cachedContentTokenCount", cacheCreationTokens.Int()) - } - if cacheReadTokens := usage.Get("cache_read_input_tokens"); cacheReadTokens.Exists() { - // Add cache read tokens to cached content count - existingCacheTokens := usage.Get("cache_creation_input_tokens").Int() - totalCacheTokens := existingCacheTokens + cacheReadTokens.Int() - usageJSON, _ = sjson.Set(usageJSON, "cachedContentTokenCount", totalCacheTokens) - } - - // Add thinking tokens if present (for models with reasoning capabilities) - if thinkingTokens := usage.Get("thinking_tokens"); thinkingTokens.Exists() { - usageJSON, _ = sjson.Set(usageJSON, "thoughtsTokenCount", thinkingTokens.Int()) - } - - // Set traffic type (required by Gemini API) - usageJSON, _ = sjson.Set(usageJSON, "trafficType", "PROVISIONED_THROUGHPUT") - - finalUsageJSON = usageJSON - } - } - } - - // Set response metadata - if responseID != "" { - template, _ = sjson.Set(template, "responseId", responseID) - } - if createdAt > 0 { - template, _ = sjson.Set(template, "createTime", time.Unix(createdAt, 0).Format(time.RFC3339Nano)) - } - - // Consolidate consecutive text parts and thinking parts for cleaner output - consolidatedParts := consolidateParts(allParts) - - // Set the consolidated parts array - if len(consolidatedParts) > 0 { - partsJSON := "[]" - for _, partJSON := range consolidatedParts { - partsJSON, _ = sjson.SetRaw(partsJSON, "-1", partJSON) - } - template, _ = sjson.SetRaw(template, "candidates.0.content.parts", partsJSON) - } - - // Set usage metadata - if finalUsageJSON != "" { - template, _ = sjson.SetRaw(template, "usageMetadata", finalUsageJSON) - } - - return template -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -// consolidateParts merges consecutive text parts and thinking parts to create a cleaner response. -// This function processes the parts array to combine adjacent text elements and thinking elements -// into single consolidated parts, which results in a more readable and efficient response structure. -// Tool calls and other non-text parts are preserved as separate elements. -func consolidateParts(parts []string) []string { - if len(parts) == 0 { - return parts - } - - var consolidated []string - var currentTextPart strings.Builder - var currentThoughtPart strings.Builder - var hasText, hasThought bool - - flushText := func() { - // Flush accumulated text content to the consolidated parts array - if hasText && currentTextPart.Len() > 0 { - textPartJSON := `{"text":""}` - textPartJSON, _ = sjson.Set(textPartJSON, "text", currentTextPart.String()) - consolidated = append(consolidated, textPartJSON) - currentTextPart.Reset() - hasText = false - } - } - - flushThought := func() { - // Flush accumulated thinking content to the consolidated parts array - if hasThought && currentThoughtPart.Len() > 0 { - thoughtPartJSON := `{"thought":true,"text":""}` - thoughtPartJSON, _ = sjson.Set(thoughtPartJSON, "text", currentThoughtPart.String()) - consolidated = append(consolidated, thoughtPartJSON) - currentThoughtPart.Reset() - hasThought = false - } - } - - for _, partJSON := range parts { - part := gjson.Parse(partJSON) - if !part.Exists() || !part.IsObject() { - // Flush any pending parts and add this non-text part - flushText() - flushThought() - consolidated = append(consolidated, partJSON) - continue - } - - thought := part.Get("thought") - if thought.Exists() && thought.Type == gjson.True { - // This is a thinking part - flush any pending text first - flushText() // Flush any pending text first - - if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - currentThoughtPart.WriteString(text.String()) - hasThought = true - } - } else if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - // This is a regular text part - flush any pending thought first - flushThought() // Flush any pending thought first - - currentTextPart.WriteString(text.String()) - hasText = true - } else { - // This is some other type of part (like function call) - flush both text and thought - flushText() - flushThought() - consolidated = append(consolidated, partJSON) - } - } - - // Flush any remaining parts - flushThought() // Flush thought first to maintain order - flushText() - - return consolidated -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/init.go b/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/init.go deleted file mode 100644 index 8924f62c87..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - Claude, - ConvertGeminiRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGemini, - NonStream: ConvertClaudeResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/claude_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/claude_openai_request.go deleted file mode 100644 index 3cad18825e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/claude_openai_request.go +++ /dev/null @@ -1,316 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Claude Code API compatibility. -// It handles parsing and transforming OpenAI Chat Completions API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between OpenAI API format and Claude Code API's expected format. -package chat_completions - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertOpenAIRequestToClaude parses and transforms an OpenAI Chat Completions API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and parameter extraction (max_tokens, temperature, top_p, etc.) -// 2. Message content conversion from OpenAI to Claude Code format -// 3. Tool call and tool result handling with proper ID mapping -// 4. Image data conversion from OpenAI data URLs to Claude Code base64 format -// 5. Stop sequence and streaming configuration handling -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertOpenAIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude Code API template with default max_tokens value - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Convert OpenAI reasoning_effort to Claude thinking config. - if v := root.Get("reasoning_effort"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort != "" { - budget, ok := thinking.ConvertLevelToBudget(effort) - if ok { - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - default: - if budget > 0 { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } - } - } - - // Helper for generating tool call IDs in the form: toolu_ - // This ensures unique identifiers for tool calls in the Claude Code format - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix for uniqueness - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // Model mapping to specify which Claude Code model to use - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens configuration with fallback to default value - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Temperature setting for controlling response randomness - if temp := root.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := root.Get("top_p"); topP.Exists() { - // Top P setting for nucleus sampling (filtered out if temperature is set) - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Stop sequences configuration for custom termination conditions - if stop := root.Get("stop"); stop.Exists() { - if stop.IsArray() { - var stopSequences []string - stop.ForEach(func(_, value gjson.Result) bool { - stopSequences = append(stopSequences, value.String()) - return true - }) - if len(stopSequences) > 0 { - out, _ = sjson.Set(out, "stop_sequences", stopSequences) - } - } else { - out, _ = sjson.Set(out, "stop_sequences", []string{stop.String()}) - } - } - - // Stream configuration to enable or disable streaming responses - out, _ = sjson.Set(out, "stream", stream) - - // Process messages and transform them to Claude Code format - if messages := root.Get("messages"); messages.Exists() && messages.IsArray() { - messageIndex := 0 - systemMessageIndex := -1 - messages.ForEach(func(_, message gjson.Result) bool { - role := message.Get("role").String() - contentResult := message.Get("content") - - switch role { - case "system": - if systemMessageIndex == -1 { - systemMsg := `{"role":"user","content":[]}` - out, _ = sjson.SetRaw(out, "messages.-1", systemMsg) - systemMessageIndex = messageIndex - messageIndex++ - } - if contentResult.Exists() && contentResult.Type == gjson.String && contentResult.String() != "" { - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", contentResult.String()) - out, _ = sjson.SetRaw(out, fmt.Sprintf("messages.%d.content.-1", systemMessageIndex), textPart) - } else if contentResult.Exists() && contentResult.IsArray() { - contentResult.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", part.Get("text").String()) - out, _ = sjson.SetRaw(out, fmt.Sprintf("messages.%d.content.-1", systemMessageIndex), textPart) - } - return true - }) - } - case "user", "assistant": - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - - // Handle content based on its type (string or array) - if contentResult.Exists() && contentResult.Type == gjson.String && contentResult.String() != "" { - part := `{"type":"text","text":""}` - part, _ = sjson.Set(part, "text", contentResult.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } else if contentResult.Exists() && contentResult.IsArray() { - contentResult.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - - switch partType { - case "text": - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", part.Get("text").String()) - msg, _ = sjson.SetRaw(msg, "content.-1", textPart) - - case "image_url": - // Convert OpenAI image format to Claude Code format - imageURL := part.Get("image_url.url").String() - if strings.HasPrefix(imageURL, "data:") { - // Extract base64 data and media type from data URL - parts := strings.Split(imageURL, ",") - if len(parts) == 2 { - mediaTypePart := strings.Split(parts[0], ";")[0] - mediaType := strings.TrimPrefix(mediaTypePart, "data:") - data := parts[1] - - imagePart := `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - imagePart, _ = sjson.Set(imagePart, "source.media_type", mediaType) - imagePart, _ = sjson.Set(imagePart, "source.data", data) - msg, _ = sjson.SetRaw(msg, "content.-1", imagePart) - } - } - } - return true - }) - } - - // Handle tool calls (for assistant messages) - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() && role == "assistant" { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - if toolCall.Get("type").String() == "function" { - toolCallID := toolCall.Get("id").String() - if toolCallID == "" { - toolCallID = genToolCallID() - } - - function := toolCall.Get("function") - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUse, _ = sjson.Set(toolUse, "id", toolCallID) - toolUse, _ = sjson.Set(toolUse, "name", function.Get("name").String()) - - // Parse arguments for the tool call - if args := function.Get("arguments"); args.Exists() { - argsStr := args.String() - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argsJSON.Raw) - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - - msg, _ = sjson.SetRaw(msg, "content.-1", toolUse) - } - return true - }) - } - - out, _ = sjson.SetRaw(out, "messages.-1", msg) - messageIndex++ - - case "tool": - // Handle tool result messages conversion - toolCallID := message.Get("tool_call_id").String() - content := message.Get("content").String() - - msg := `{"role":"user","content":[{"type":"tool_result","tool_use_id":"","content":""}]}` - msg, _ = sjson.Set(msg, "content.0.tool_use_id", toolCallID) - msg, _ = sjson.Set(msg, "content.0.content", content) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - messageIndex++ - } - return true - }) - } - - // Tools mapping: OpenAI tools -> Claude Code tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() && len(tools.Array()) > 0 { - hasAnthropicTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("type").String() == "function" { - function := tool.Get("function") - anthropicTool := `{"name":"","description":""}` - anthropicTool, _ = sjson.Set(anthropicTool, "name", function.Get("name").String()) - anthropicTool, _ = sjson.Set(anthropicTool, "description", function.Get("description").String()) - - // Convert parameters schema for the tool - if parameters := function.Get("parameters"); parameters.Exists() { - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", parameters.Raw) - } else if parameters := function.Get("parametersJsonSchema"); parameters.Exists() { - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", parameters.Raw) - } - - out, _ = sjson.SetRaw(out, "tools.-1", anthropicTool) - hasAnthropicTools = true - } - return true - }) - - if !hasAnthropicTools { - out, _ = sjson.Delete(out, "tools") - } - } - - // Tool choice mapping from OpenAI format to Claude Code format - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.String: - choice := toolChoice.String() - switch choice { - case "none": - // Don't set tool_choice, Claude Code will not use tools - case "auto": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "required": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - case gjson.JSON: - // Specific tool choice mapping - if toolChoice.Get("type").String() == "function" { - functionName := toolChoice.Get("function.name").String() - toolChoiceJSON := `{"type":"tool","name":""}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "name", functionName) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - } - default: - } - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/claude_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/claude_openai_response.go deleted file mode 100644 index 346db69a11..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/claude_openai_response.go +++ /dev/null @@ -1,436 +0,0 @@ -// Package openai provides response translation functionality for Claude Code to OpenAI API compatibility. -// This package handles the conversion of Claude Code API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertAnthropicResponseToOpenAIParams holds parameters for response conversion -type ConvertAnthropicResponseToOpenAIParams struct { - CreatedAt int64 - ResponseID string - FinishReason string - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertClaudeResponseToOpenAI converts Claude Code streaming response format to OpenAI Chat Completions format. -// This function processes various Claude Code event types and transforms them into OpenAI-compatible JSON responses. -// It handles text content, tool calls, reasoning content, and usage metadata, outputting responses that match -// the OpenAI API format. The function supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertClaudeResponseToOpenAI(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - var localParam any - if param == nil { - param = &localParam - } - if *param == nil { - *param = &ConvertAnthropicResponseToOpenAIParams{ - CreatedAt: 0, - ResponseID: "", - FinishReason: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - root := gjson.ParseBytes(rawJSON) - eventType := root.Get("type").String() - - // Base OpenAI streaming response template - template := `{"id":"","object":"chat.completion.chunk","created":0,"model":"","choices":[{"index":0,"delta":{},"finish_reason":null}]}` - - // Set model - if modelName != "" { - template, _ = sjson.Set(template, "model", modelName) - } - - // Set response ID and creation time - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID != "" { - template, _ = sjson.Set(template, "id", (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID) - } - if (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt > 0 { - template, _ = sjson.Set(template, "created", (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt) - } - - switch eventType { - case "message_start": - // Initialize response with message metadata when a new message begins - if message := root.Get("message"); message.Exists() { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID = message.Get("id").String() - (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt = time.Now().Unix() - - template, _ = sjson.Set(template, "id", (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID) - template, _ = sjson.Set(template, "model", modelName) - template, _ = sjson.Set(template, "created", (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt) - - // Set initial role to assistant for the response - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - - // Initialize tool calls accumulator for tracking tool call progress - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator == nil { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - } - return []string{template} - - case "content_block_start": - // Start of a content block (text, tool use, or reasoning) - if contentBlock := root.Get("content_block"); contentBlock.Exists() { - blockType := contentBlock.Get("type").String() - - if blockType == "tool_use" { - // Start of tool call - initialize accumulator to track arguments - toolCallID := contentBlock.Get("id").String() - toolName := contentBlock.Get("name").String() - index := int(root.Get("index").Int()) - - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator == nil { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index] = &ToolCallAccumulator{ - ID: toolCallID, - Name: toolName, - } - - // Don't output anything yet - wait for complete tool call - return []string{} - } - } - return []string{} - - case "content_block_delta": - // Handle content delta (text, tool use arguments, or reasoning content) - hasContent := false - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - - switch deltaType { - case "text_delta": - // Text content delta - send incremental text updates - if text := delta.Get("text"); text.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.content", text.String()) - hasContent = true - } - case "thinking_delta": - // Accumulate reasoning/thinking content - if thinking := delta.Get("thinking"); thinking.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", thinking.String()) - hasContent = true - } - case "input_json_delta": - // Tool use input delta - accumulate arguments for tool calls - if partialJSON := delta.Get("partial_json"); partialJSON.Exists() { - index := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator != nil { - if accumulator, exists := (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index]; exists { - accumulator.Arguments.WriteString(partialJSON.String()) - } - } - } - // Don't output anything yet - wait for complete tool call - return []string{} - } - } - if hasContent { - return []string{template} - } else { - return []string{} - } - - case "content_block_stop": - // End of content block - output complete tool call if it's a tool_use block - index := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator != nil { - if accumulator, exists := (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index]; exists { - // Build complete tool call with accumulated arguments - arguments := accumulator.Arguments.String() - if arguments == "" { - arguments = "{}" - } - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.index", index) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.id", accumulator.ID) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.type", "function") - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.function.name", accumulator.Name) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.function.arguments", arguments) - - // Clean up the accumulator for this index - delete((*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator, index) - - return []string{template} - } - } - return []string{} - - case "message_delta": - // Handle message-level changes including stop reason and usage - if delta := root.Get("delta"); delta.Exists() { - if stopReason := delta.Get("stop_reason"); stopReason.Exists() { - (*param).(*ConvertAnthropicResponseToOpenAIParams).FinishReason = mapAnthropicStopReasonToOpenAI(stopReason.String()) - template, _ = sjson.Set(template, "choices.0.finish_reason", (*param).(*ConvertAnthropicResponseToOpenAIParams).FinishReason) - } - } - - // Handle usage information for token counts - if usage := root.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cacheReadInputTokens := usage.Get("cache_read_input_tokens").Int() - cacheCreationInputTokens := usage.Get("cache_creation_input_tokens").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokens+cacheCreationInputTokens) - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokens) - template, _ = sjson.Set(template, "usage.total_tokens", inputTokens+outputTokens) - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cacheReadInputTokens) - } - return []string{template} - - case "message_stop": - // Final message event - no additional output needed - return []string{} - - case "ping": - // Ping events for keeping connection alive - no output needed - return []string{} - - case "error": - // Error event - format and return error response - if errorData := root.Get("error"); errorData.Exists() { - errorJSON := `{"error":{"message":"","type":""}}` - errorJSON, _ = sjson.Set(errorJSON, "error.message", errorData.Get("message").String()) - errorJSON, _ = sjson.Set(errorJSON, "error.type", errorData.Get("type").String()) - return []string{errorJSON} - } - return []string{} - - default: - // Unknown event type - ignore - return []string{} - } -} - -// mapAnthropicStopReasonToOpenAI maps Anthropic stop reasons to OpenAI stop reasons -func mapAnthropicStopReasonToOpenAI(anthropicReason string) string { - switch anthropicReason { - case "end_turn": - return "stop" - case "tool_use": - return "tool_calls" - case "max_tokens": - return "length" - case "stop_sequence": - return "stop" - default: - return "stop" - } -} - -// ConvertClaudeResponseToOpenAINonStream converts a non-streaming Claude Code response to a non-streaming OpenAI response. -// This function processes the complete Claude Code response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertClaudeResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - chunks := make([][]byte, 0) - - lines := bytes.Split(rawJSON, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - chunks = append(chunks, bytes.TrimSpace(line[5:])) - } - - // Base OpenAI non-streaming response template - out := `{"id":"","object":"chat.completion","created":0,"model":"","choices":[{"index":0,"message":{"role":"assistant","content":""},"finish_reason":"stop"}],"usage":{"prompt_tokens":0,"completion_tokens":0,"total_tokens":0}}` - - var messageID string - var model string - var createdAt int64 - var stopReason string - var contentParts []string - var reasoningParts []string - toolCallsAccumulator := make(map[int]*ToolCallAccumulator) - - for _, chunk := range chunks { - root := gjson.ParseBytes(chunk) - eventType := root.Get("type").String() - - switch eventType { - case "message_start": - // Extract initial message metadata including ID, model, and input token count - if message := root.Get("message"); message.Exists() { - messageID = message.Get("id").String() - model = message.Get("model").String() - createdAt = time.Now().Unix() - } - - case "content_block_start": - // Handle different content block types at the beginning - if contentBlock := root.Get("content_block"); contentBlock.Exists() { - blockType := contentBlock.Get("type").String() - if blockType == "thinking" { - // Start of thinking/reasoning content - skip for now as it's handled in delta - continue - } else if blockType == "tool_use" { - // Initialize tool call accumulator for this index - index := int(root.Get("index").Int()) - toolCallsAccumulator[index] = &ToolCallAccumulator{ - ID: contentBlock.Get("id").String(), - Name: contentBlock.Get("name").String(), - } - } - } - - case "content_block_delta": - // Process incremental content updates - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - switch deltaType { - case "text_delta": - // Accumulate text content - if text := delta.Get("text"); text.Exists() { - contentParts = append(contentParts, text.String()) - } - case "thinking_delta": - // Accumulate reasoning/thinking content - if thinking := delta.Get("thinking"); thinking.Exists() { - reasoningParts = append(reasoningParts, thinking.String()) - } - case "input_json_delta": - // Accumulate tool call arguments - if partialJSON := delta.Get("partial_json"); partialJSON.Exists() { - index := int(root.Get("index").Int()) - if accumulator, exists := toolCallsAccumulator[index]; exists { - accumulator.Arguments.WriteString(partialJSON.String()) - } - } - } - } - - case "content_block_stop": - // Finalize tool call arguments for this index when content block ends - index := int(root.Get("index").Int()) - if accumulator, exists := toolCallsAccumulator[index]; exists { - if accumulator.Arguments.Len() == 0 { - accumulator.Arguments.WriteString("{}") - } - } - - case "message_delta": - // Extract stop reason and output token count when message ends - if delta := root.Get("delta"); delta.Exists() { - if sr := delta.Get("stop_reason"); sr.Exists() { - stopReason = sr.String() - } - } - if usage := root.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cacheReadInputTokens := usage.Get("cache_read_input_tokens").Int() - cacheCreationInputTokens := usage.Get("cache_creation_input_tokens").Int() - out, _ = sjson.Set(out, "usage.prompt_tokens", inputTokens+cacheCreationInputTokens) - out, _ = sjson.Set(out, "usage.completion_tokens", outputTokens) - out, _ = sjson.Set(out, "usage.total_tokens", inputTokens+outputTokens) - out, _ = sjson.Set(out, "usage.prompt_tokens_details.cached_tokens", cacheReadInputTokens) - } - } - } - - // Set basic response fields including message ID, creation time, and model - out, _ = sjson.Set(out, "id", messageID) - out, _ = sjson.Set(out, "created", createdAt) - out, _ = sjson.Set(out, "model", model) - - // Set message content by combining all text parts - messageContent := strings.Join(contentParts, "") - out, _ = sjson.Set(out, "choices.0.message.content", messageContent) - - // Add reasoning content if available (following OpenAI reasoning format) - if len(reasoningParts) > 0 { - reasoningContent := strings.Join(reasoningParts, "") - // Add reasoning as a separate field in the message - out, _ = sjson.Set(out, "choices.0.message.reasoning", reasoningContent) - } - - // Set tool calls if any were accumulated during processing - if len(toolCallsAccumulator) > 0 { - toolCallsCount := 0 - maxIndex := -1 - for index := range toolCallsAccumulator { - if index > maxIndex { - maxIndex = index - } - } - - for i := 0; i <= maxIndex; i++ { - accumulator, exists := toolCallsAccumulator[i] - if !exists { - continue - } - - arguments := accumulator.Arguments.String() - - idPath := fmt.Sprintf("choices.0.message.tool_calls.%d.id", toolCallsCount) - typePath := fmt.Sprintf("choices.0.message.tool_calls.%d.type", toolCallsCount) - namePath := fmt.Sprintf("choices.0.message.tool_calls.%d.function.name", toolCallsCount) - argumentsPath := fmt.Sprintf("choices.0.message.tool_calls.%d.function.arguments", toolCallsCount) - - out, _ = sjson.Set(out, idPath, accumulator.ID) - out, _ = sjson.Set(out, typePath, "function") - out, _ = sjson.Set(out, namePath, accumulator.Name) - out, _ = sjson.Set(out, argumentsPath, arguments) - toolCallsCount++ - } - if toolCallsCount > 0 { - out, _ = sjson.Set(out, "choices.0.finish_reason", "tool_calls") - } else { - out, _ = sjson.Set(out, "choices.0.finish_reason", mapAnthropicStopReasonToOpenAI(stopReason)) - } - } else { - out, _ = sjson.Set(out, "choices.0.finish_reason", mapAnthropicStopReasonToOpenAI(stopReason)) - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/init.go deleted file mode 100644 index a18840bace..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Claude, - ConvertOpenAIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAI, - NonStream: ConvertClaudeResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/claude_openai-responses_request.go b/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/claude_openai-responses_request.go deleted file mode 100644 index 337f9be93b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/claude_openai-responses_request.go +++ /dev/null @@ -1,339 +0,0 @@ -package responses - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertOpenAIResponsesRequestToClaude transforms an OpenAI Responses API request -// into a Claude Messages API request using only gjson/sjson for JSON handling. -// It supports: -// - instructions -> system message -// - input[].type==message with input_text/output_text -> user/assistant messages -// - function_call -> assistant tool_use -// - function_call_output -> user tool_result -// - tools[].parameters -> tools[].input_schema -// - max_output_tokens -> max_tokens -// - stream passthrough via parameter -func ConvertOpenAIResponsesRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude message payload - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Convert OpenAI Responses reasoning.effort to Claude thinking config. - if v := root.Get("reasoning.effort"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort != "" { - budget, ok := thinking.ConvertLevelToBudget(effort) - if ok { - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - default: - if budget > 0 { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } - } - } - - // Helper for generating tool call IDs when missing - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens - if mot := root.Get("max_output_tokens"); mot.Exists() { - out, _ = sjson.Set(out, "max_tokens", mot.Int()) - } - - // Stream - out, _ = sjson.Set(out, "stream", stream) - - // instructions -> as a leading message (use role user for Claude API compatibility) - instructionsText := "" - extractedFromSystem := false - if instr := root.Get("instructions"); instr.Exists() && instr.Type == gjson.String { - instructionsText = instr.String() - if instructionsText != "" { - sysMsg := `{"role":"user","content":""}` - sysMsg, _ = sjson.Set(sysMsg, "content", instructionsText) - out, _ = sjson.SetRaw(out, "messages.-1", sysMsg) - } - } - - if instructionsText == "" { - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - if strings.EqualFold(item.Get("role").String(), "system") { - var builder strings.Builder - if parts := item.Get("content"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - textResult := part.Get("text") - text := textResult.String() - if builder.Len() > 0 && text != "" { - builder.WriteByte('\n') - } - builder.WriteString(text) - return true - }) - } else if parts.Type == gjson.String { - builder.WriteString(parts.String()) - } - instructionsText = builder.String() - if instructionsText != "" { - sysMsg := `{"role":"user","content":""}` - sysMsg, _ = sjson.Set(sysMsg, "content", instructionsText) - out, _ = sjson.SetRaw(out, "messages.-1", sysMsg) - extractedFromSystem = true - } - } - return instructionsText == "" - }) - } - } - - // input array processing - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - if extractedFromSystem && strings.EqualFold(item.Get("role").String(), "system") { - return true - } - typ := item.Get("type").String() - if typ == "" && item.Get("role").String() != "" { - typ = "message" - } - switch typ { - case "message": - // Determine role and construct Claude-compatible content parts. - var role string - var textAggregate strings.Builder - var partsJSON []string - hasImage := false - if parts := item.Get("content"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - ptype := part.Get("type").String() - switch ptype { - case "input_text", "output_text": - if t := part.Get("text"); t.Exists() { - txt := t.String() - textAggregate.WriteString(txt) - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", txt) - partsJSON = append(partsJSON, contentPart) - } - if ptype == "input_text" { - role = "user" - } else { - role = "assistant" - } - case "input_image": - url := part.Get("image_url").String() - if url == "" { - url = part.Get("url").String() - } - if url != "" { - var contentPart string - if strings.HasPrefix(url, "data:") { - trimmed := strings.TrimPrefix(url, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - mediaType := "application/octet-stream" - data := "" - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mediaType = mediaAndData[0] - } - data = mediaAndData[1] - } - if data != "" { - contentPart = `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - contentPart, _ = sjson.Set(contentPart, "source.media_type", mediaType) - contentPart, _ = sjson.Set(contentPart, "source.data", data) - } - } else { - contentPart = `{"type":"image","source":{"type":"url","url":""}}` - contentPart, _ = sjson.Set(contentPart, "source.url", url) - } - if contentPart != "" { - partsJSON = append(partsJSON, contentPart) - if role == "" { - role = "user" - } - hasImage = true - } - } - } - return true - }) - } else if parts.Type == gjson.String { - textAggregate.WriteString(parts.String()) - } - - // Fallback to given role if content types not decisive - if role == "" { - r := item.Get("role").String() - switch r { - case "user", "assistant", "system": - role = r - default: - role = "user" - } - } - - if len(partsJSON) > 0 { - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - if len(partsJSON) == 1 && !hasImage { - // Preserve legacy behavior for single text content - msg, _ = sjson.Delete(msg, "content") - textPart := gjson.Parse(partsJSON[0]) - msg, _ = sjson.Set(msg, "content", textPart.Get("text").String()) - } else { - for _, partJSON := range partsJSON { - msg, _ = sjson.SetRaw(msg, "content.-1", partJSON) - } - } - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } else if textAggregate.Len() > 0 || role == "system" { - msg := `{"role":"","content":""}` - msg, _ = sjson.Set(msg, "role", role) - msg, _ = sjson.Set(msg, "content", textAggregate.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - case "function_call": - // Map to assistant tool_use - callID := item.Get("call_id").String() - if callID == "" { - callID = genToolCallID() - } - name := item.Get("name").String() - argsStr := item.Get("arguments").String() - - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUse, _ = sjson.Set(toolUse, "id", callID) - toolUse, _ = sjson.Set(toolUse, "name", name) - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argsJSON.Raw) - } - } - - asst := `{"role":"assistant","content":[]}` - asst, _ = sjson.SetRaw(asst, "content.-1", toolUse) - out, _ = sjson.SetRaw(out, "messages.-1", asst) - - case "function_call_output": - // Map to user tool_result - callID := item.Get("call_id").String() - outputStr := item.Get("output").String() - toolResult := `{"type":"tool_result","tool_use_id":"","content":""}` - toolResult, _ = sjson.Set(toolResult, "tool_use_id", callID) - toolResult, _ = sjson.Set(toolResult, "content", outputStr) - - usr := `{"role":"user","content":[]}` - usr, _ = sjson.SetRaw(usr, "content.-1", toolResult) - out, _ = sjson.SetRaw(out, "messages.-1", usr) - } - return true - }) - } - - // tools mapping: parameters -> input_schema - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - toolsJSON := "[]" - tools.ForEach(func(_, tool gjson.Result) bool { - tJSON := `{"name":"","description":"","input_schema":{}}` - if n := tool.Get("name"); n.Exists() { - tJSON, _ = sjson.Set(tJSON, "name", n.String()) - } - if d := tool.Get("description"); d.Exists() { - tJSON, _ = sjson.Set(tJSON, "description", d.String()) - } - - if params := tool.Get("parameters"); params.Exists() { - tJSON, _ = sjson.SetRaw(tJSON, "input_schema", params.Raw) - } else if params = tool.Get("parametersJsonSchema"); params.Exists() { - tJSON, _ = sjson.SetRaw(tJSON, "input_schema", params.Raw) - } - - toolsJSON, _ = sjson.SetRaw(toolsJSON, "-1", tJSON) - return true - }) - if gjson.Parse(toolsJSON).IsArray() && len(gjson.Parse(toolsJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", toolsJSON) - } - } - - // Map tool_choice similar to Chat Completions translator (optional in docs, safe to handle) - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.String: - switch toolChoice.String() { - case "auto": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "none": - // Leave unset; implies no tools - case "required": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - case gjson.JSON: - if toolChoice.Get("type").String() == "function" { - fn := toolChoice.Get("function.name").String() - toolChoiceJSON := `{"name":"","type":"tool"}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "name", fn) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - } - default: - - } - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/claude_openai-responses_response.go b/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/claude_openai-responses_response.go deleted file mode 100644 index e77b09e13c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/claude_openai-responses_response.go +++ /dev/null @@ -1,688 +0,0 @@ -package responses - -import ( - "bufio" - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type claudeToResponsesState struct { - Seq int - ResponseID string - CreatedAt int64 - CurrentMsgID string - CurrentFCID string - InTextBlock bool - InFuncBlock bool - FuncArgsBuf map[int]*strings.Builder // index -> args - // function call bookkeeping for output aggregation - FuncNames map[int]string // index -> function name - FuncCallIDs map[int]string // index -> call id - // message text aggregation - TextBuf strings.Builder - // reasoning state - ReasoningActive bool - ReasoningItemID string - ReasoningBuf strings.Builder - ReasoningPartAdded bool - ReasoningIndex int - // usage aggregation - InputTokens int64 - OutputTokens int64 - UsageSeen bool -} - -var dataTag = []byte("data:") - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -func emitEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertClaudeResponseToOpenAIResponses converts Claude SSE to OpenAI Responses SSE events. -func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &claudeToResponsesState{FuncArgsBuf: make(map[int]*strings.Builder), FuncNames: make(map[int]string), FuncCallIDs: make(map[int]string)} - } - st := (*param).(*claudeToResponsesState) - - // Expect `data: {..}` from Claude clients - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - root := gjson.ParseBytes(rawJSON) - ev := root.Get("type").String() - var out []string - - nextSeq := func() int { st.Seq++; return st.Seq } - - switch ev { - case "message_start": - if msg := root.Get("message"); msg.Exists() { - st.ResponseID = msg.Get("id").String() - st.CreatedAt = time.Now().Unix() - // Reset per-message aggregation state - st.TextBuf.Reset() - st.ReasoningBuf.Reset() - st.ReasoningActive = false - st.InTextBlock = false - st.InFuncBlock = false - st.CurrentMsgID = "" - st.CurrentFCID = "" - st.ReasoningItemID = "" - st.ReasoningIndex = 0 - st.ReasoningPartAdded = false - st.FuncArgsBuf = make(map[int]*strings.Builder) - st.FuncNames = make(map[int]string) - st.FuncCallIDs = make(map[int]string) - st.InputTokens = 0 - st.OutputTokens = 0 - st.UsageSeen = false - if usage := msg.Get("usage"); usage.Exists() { - if v := usage.Get("input_tokens"); v.Exists() { - st.InputTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("output_tokens"); v.Exists() { - st.OutputTokens = v.Int() - st.UsageSeen = true - } - } - // response.created - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.created", created)) - // response.in_progress - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.in_progress", inprog)) - } - case "content_block_start": - cb := root.Get("content_block") - if !cb.Exists() { - return out - } - idx := int(root.Get("index").Int()) - typ := cb.Get("type").String() - if typ == "text" { - // open message item + content part - st.InTextBlock = true - st.CurrentMsgID = fmt.Sprintf("msg_%s_0", st.ResponseID) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.added", item)) - - part := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.content_part.added", part)) - } else if typ == "tool_use" { - st.InFuncBlock = true - st.CurrentFCID = cb.Get("id").String() - name := cb.Get("name").String() - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - item, _ = sjson.Set(item, "item.call_id", st.CurrentFCID) - item, _ = sjson.Set(item, "item.name", name) - out = append(out, emitEvent("response.output_item.added", item)) - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - // record function metadata for aggregation - st.FuncCallIDs[idx] = st.CurrentFCID - st.FuncNames[idx] = name - } else if typ == "thinking" { - // start reasoning item - st.ReasoningActive = true - st.ReasoningIndex = idx - st.ReasoningBuf.Reset() - st.ReasoningItemID = fmt.Sprintf("rs_%s_%d", st.ResponseID, idx) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", st.ReasoningItemID) - out = append(out, emitEvent("response.output_item.added", item)) - // add a summary part placeholder - part := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.ReasoningItemID) - part, _ = sjson.Set(part, "output_index", idx) - out = append(out, emitEvent("response.reasoning_summary_part.added", part)) - st.ReasoningPartAdded = true - } - case "content_block_delta": - d := root.Get("delta") - if !d.Exists() { - return out - } - dt := d.Get("type").String() - if dt == "text_delta" { - if t := d.Get("text"); t.Exists() { - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.CurrentMsgID) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.output_text.delta", msg)) - // aggregate text for response.output - st.TextBuf.WriteString(t.String()) - } - } else if dt == "input_json_delta" { - idx := int(root.Get("index").Int()) - if pj := d.Get("partial_json"); pj.Exists() { - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - st.FuncArgsBuf[idx].WriteString(pj.String()) - msg := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - msg, _ = sjson.Set(msg, "output_index", idx) - msg, _ = sjson.Set(msg, "delta", pj.String()) - out = append(out, emitEvent("response.function_call_arguments.delta", msg)) - } - } else if dt == "thinking_delta" { - if st.ReasoningActive { - if t := d.Get("thinking"); t.Exists() { - st.ReasoningBuf.WriteString(t.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningItemID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.reasoning_summary_text.delta", msg)) - } - } - } - case "content_block_stop": - idx := int(root.Get("index").Int()) - if st.InTextBlock { - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_text.done", done)) - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.content_part.done", partDone)) - final := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","text":""}],"role":"assistant"}}` - final, _ = sjson.Set(final, "sequence_number", nextSeq()) - final, _ = sjson.Set(final, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.done", final)) - st.InTextBlock = false - } else if st.InFuncBlock { - args := "{}" - if buf := st.FuncArgsBuf[idx]; buf != nil { - if buf.Len() > 0 { - args = buf.String() - } - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.CurrentFCID) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - st.InFuncBlock = false - } else if st.ReasoningActive { - full := st.ReasoningBuf.String() - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningItemID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", full) - out = append(out, emitEvent("response.reasoning_summary_text.done", textDone)) - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningItemID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", full) - out = append(out, emitEvent("response.reasoning_summary_part.done", partDone)) - st.ReasoningActive = false - st.ReasoningPartAdded = false - } - case "message_delta": - if usage := root.Get("usage"); usage.Exists() { - if v := usage.Get("output_tokens"); v.Exists() { - st.OutputTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("input_tokens"); v.Exists() { - st.InputTokens = v.Int() - st.UsageSeen = true - } - } - case "message_stop": - - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.CreatedAt) - // Inject original request fields into response as per docs/response.completed.json - - reqBytes := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if len(reqBytes) > 0 { - req := gjson.ParseBytes(reqBytes) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - - // Build response.output from aggregated state - outputsWrapper := `{"arr":[]}` - // reasoning item (if any) - if st.ReasoningBuf.Len() > 0 || st.ReasoningPartAdded { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", st.ReasoningItemID) - item, _ = sjson.Set(item, "summary.0.text", st.ReasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - // assistant message item (if any text) - if st.TextBuf.Len() > 0 || st.InTextBlock || st.CurrentMsgID != "" { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", st.CurrentMsgID) - item, _ = sjson.Set(item, "content.0.text", st.TextBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - // function_call items (in ascending index order for determinism) - if len(st.FuncArgsBuf) > 0 { - // collect indices - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for idx := range st.FuncArgsBuf { - idxs = append(idxs, idx) - } - // simple sort (small N), avoid adding new imports - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, idx := range idxs { - args := "" - if b := st.FuncArgsBuf[idx]; b != nil { - args = b.String() - } - callID := st.FuncCallIDs[idx] - name := st.FuncNames[idx] - if callID == "" && st.CurrentFCID != "" { - callID = st.CurrentFCID - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - - reasoningTokens := int64(0) - if st.ReasoningBuf.Len() > 0 { - reasoningTokens = int64(st.ReasoningBuf.Len() / 4) - } - usagePresent := st.UsageSeen || reasoningTokens > 0 - if usagePresent { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.InputTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", 0) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.OutputTokens) - if reasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", reasoningTokens) - } - total := st.InputTokens + st.OutputTokens - if total > 0 || st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - } - out = append(out, emitEvent("response.completed", completed)) - } - - return out -} - -// ConvertClaudeResponseToOpenAIResponsesNonStream aggregates Claude SSE into a single OpenAI Responses JSON. -func ConvertClaudeResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - // Aggregate Claude SSE lines into a single OpenAI Responses JSON (non-stream) - // We follow the same aggregation logic as the streaming variant but produce - // one final object matching docs/out.json structure. - - // Collect SSE data: lines start with "data: "; ignore others - var chunks [][]byte - { - // Use a simple scanner to iterate through raw bytes - // Note: extremely large responses may require increasing the buffer - scanner := bufio.NewScanner(bytes.NewReader(rawJSON)) - buf := make([]byte, 52_428_800) // 50MB - scanner.Buffer(buf, 52_428_800) - for scanner.Scan() { - line := scanner.Bytes() - if !bytes.HasPrefix(line, dataTag) { - continue - } - chunks = append(chunks, line[len(dataTag):]) - } - } - - // Base OpenAI Responses (non-stream) object - out := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null,"output":[],"usage":{"input_tokens":0,"input_tokens_details":{"cached_tokens":0},"output_tokens":0,"output_tokens_details":{},"total_tokens":0}}` - - // Aggregation state - var ( - responseID string - createdAt int64 - currentMsgID string - currentFCID string - textBuf strings.Builder - reasoningBuf strings.Builder - reasoningActive bool - reasoningItemID string - inputTokens int64 - outputTokens int64 - ) - - // Per-index tool call aggregation - type toolState struct { - id string - name string - args strings.Builder - } - toolCalls := make(map[int]*toolState) - - // Walk through SSE chunks to fill state - for _, ch := range chunks { - root := gjson.ParseBytes(ch) - ev := root.Get("type").String() - - switch ev { - case "message_start": - if msg := root.Get("message"); msg.Exists() { - responseID = msg.Get("id").String() - createdAt = time.Now().Unix() - if usage := msg.Get("usage"); usage.Exists() { - inputTokens = usage.Get("input_tokens").Int() - } - } - - case "content_block_start": - cb := root.Get("content_block") - if !cb.Exists() { - continue - } - idx := int(root.Get("index").Int()) - typ := cb.Get("type").String() - switch typ { - case "text": - currentMsgID = "msg_" + responseID + "_0" - case "tool_use": - currentFCID = cb.Get("id").String() - name := cb.Get("name").String() - if toolCalls[idx] == nil { - toolCalls[idx] = &toolState{id: currentFCID, name: name} - } else { - toolCalls[idx].id = currentFCID - toolCalls[idx].name = name - } - case "thinking": - reasoningActive = true - reasoningItemID = fmt.Sprintf("rs_%s_%d", responseID, idx) - } - - case "content_block_delta": - d := root.Get("delta") - if !d.Exists() { - continue - } - dt := d.Get("type").String() - switch dt { - case "text_delta": - if t := d.Get("text"); t.Exists() { - textBuf.WriteString(t.String()) - } - case "input_json_delta": - if pj := d.Get("partial_json"); pj.Exists() { - idx := int(root.Get("index").Int()) - if toolCalls[idx] == nil { - toolCalls[idx] = &toolState{} - } - toolCalls[idx].args.WriteString(pj.String()) - } - case "thinking_delta": - if reasoningActive { - if t := d.Get("thinking"); t.Exists() { - reasoningBuf.WriteString(t.String()) - } - } - } - - case "content_block_stop": - // Nothing special to finalize for non-stream aggregation - _ = root - - case "message_delta": - if usage := root.Get("usage"); usage.Exists() { - outputTokens = usage.Get("output_tokens").Int() - } - } - } - - // Populate base fields - out, _ = sjson.Set(out, "id", responseID) - out, _ = sjson.Set(out, "created_at", createdAt) - - // Inject request echo fields as top-level (similar to streaming variant) - reqBytes := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if len(reqBytes) > 0 { - req := gjson.ParseBytes(reqBytes) - if v := req.Get("instructions"); v.Exists() { - out, _ = sjson.Set(out, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - out, _ = sjson.Set(out, "max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - out, _ = sjson.Set(out, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - out, _ = sjson.Set(out, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - out, _ = sjson.Set(out, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - out, _ = sjson.Set(out, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - out, _ = sjson.Set(out, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - out, _ = sjson.Set(out, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - out, _ = sjson.Set(out, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - out, _ = sjson.Set(out, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - out, _ = sjson.Set(out, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - out, _ = sjson.Set(out, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - out, _ = sjson.Set(out, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - out, _ = sjson.Set(out, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - out, _ = sjson.Set(out, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - out, _ = sjson.Set(out, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - out, _ = sjson.Set(out, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - out, _ = sjson.Set(out, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - out, _ = sjson.Set(out, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - out, _ = sjson.Set(out, "metadata", v.Value()) - } - } - - // Build output array - outputsWrapper := `{"arr":[]}` - if reasoningBuf.Len() > 0 { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", reasoningItemID) - item, _ = sjson.Set(item, "summary.0.text", reasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - if currentMsgID != "" || textBuf.Len() > 0 { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", currentMsgID) - item, _ = sjson.Set(item, "content.0.text", textBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - if len(toolCalls) > 0 { - // Preserve index order - idxs := make([]int, 0, len(toolCalls)) - for i := range toolCalls { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - st := toolCalls[i] - args := st.args.String() - if args == "" { - args = "{}" - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", st.id)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", st.id) - item, _ = sjson.Set(item, "name", st.name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - out, _ = sjson.SetRaw(out, "output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // Usage - total := inputTokens + outputTokens - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - out, _ = sjson.Set(out, "usage.total_tokens", total) - if reasoningBuf.Len() > 0 { - // Rough estimate similar to chat completions - reasoningTokens := int64(len(reasoningBuf.String()) / 4) - if reasoningTokens > 0 { - out, _ = sjson.Set(out, "usage.output_tokens_details.reasoning_tokens", reasoningTokens) - } - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/init.go b/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/init.go deleted file mode 100644 index 595fecc6ef..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/claude/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Claude, - ConvertOpenAIResponsesRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAIResponses, - NonStream: ConvertClaudeResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/claude/codex_claude_request.go b/.worktrees/config/m/config-build/active/internal/translator/codex/claude/codex_claude_request.go deleted file mode 100644 index 223a2559f7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/claude/codex_claude_request.go +++ /dev/null @@ -1,355 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// It handles parsing and transforming Claude Code API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude Code API format and the internal client's expected format. -package claude - -import ( - "fmt" - "strconv" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToCodex parses and transforms a Claude Code API request into the internal client format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the internal client. -// The function performs the following transformations: -// 1. Sets up a template with the model name and empty instructions field -// 2. Processes system messages and converts them to developer input content -// 3. Transforms message contents (text, image, tool_use, tool_result) to appropriate formats -// 4. Converts tools declarations to the expected format -// 5. Adds additional configuration parameters for the Codex API -// 6. Maps Claude thinking configuration to Codex reasoning settings -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in internal client format -func ConvertClaudeRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - - template := `{"model":"","instructions":"","input":[]}` - - rootResult := gjson.ParseBytes(rawJSON) - template, _ = sjson.Set(template, "model", modelName) - - // Process system messages and convert them to input content format. - systemsResult := rootResult.Get("system") - if systemsResult.IsArray() { - systemResults := systemsResult.Array() - message := `{"type":"message","role":"developer","content":[]}` - for i := 0; i < len(systemResults); i++ { - systemResult := systemResults[i] - systemTypeResult := systemResult.Get("type") - if systemTypeResult.String() == "text" { - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", i), "input_text") - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.text", i), systemResult.Get("text").String()) - } - } - template, _ = sjson.SetRaw(template, "input.-1", message) - } - - // Process messages and transform their contents to appropriate formats. - messagesResult := rootResult.Get("messages") - if messagesResult.IsArray() { - messageResults := messagesResult.Array() - - for i := 0; i < len(messageResults); i++ { - messageResult := messageResults[i] - messageRole := messageResult.Get("role").String() - - newMessage := func() string { - msg := `{"type": "message","role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", messageRole) - return msg - } - - message := newMessage() - contentIndex := 0 - hasContent := false - - flushMessage := func() { - if hasContent { - template, _ = sjson.SetRaw(template, "input.-1", message) - message = newMessage() - contentIndex = 0 - hasContent = false - } - } - - appendTextContent := func(text string) { - partType := "input_text" - if messageRole == "assistant" { - partType = "output_text" - } - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", contentIndex), partType) - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.text", contentIndex), text) - contentIndex++ - hasContent = true - } - - appendImageContent := func(dataURL string) { - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", contentIndex), "input_image") - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.image_url", contentIndex), dataURL) - contentIndex++ - hasContent = true - } - - messageContentsResult := messageResult.Get("content") - if messageContentsResult.IsArray() { - messageContentResults := messageContentsResult.Array() - for j := 0; j < len(messageContentResults); j++ { - messageContentResult := messageContentResults[j] - contentType := messageContentResult.Get("type").String() - - switch contentType { - case "text": - appendTextContent(messageContentResult.Get("text").String()) - case "image": - sourceResult := messageContentResult.Get("source") - if sourceResult.Exists() { - data := sourceResult.Get("data").String() - if data == "" { - data = sourceResult.Get("base64").String() - } - if data != "" { - mediaType := sourceResult.Get("media_type").String() - if mediaType == "" { - mediaType = sourceResult.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - dataURL := fmt.Sprintf("data:%s;base64,%s", mediaType, data) - appendImageContent(dataURL) - } - } - case "tool_use": - flushMessage() - functionCallMessage := `{"type":"function_call"}` - functionCallMessage, _ = sjson.Set(functionCallMessage, "call_id", messageContentResult.Get("id").String()) - { - name := messageContentResult.Get("name").String() - toolMap := buildReverseMapFromClaudeOriginalToShort(rawJSON) - if short, ok := toolMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - functionCallMessage, _ = sjson.Set(functionCallMessage, "name", name) - } - functionCallMessage, _ = sjson.Set(functionCallMessage, "arguments", messageContentResult.Get("input").Raw) - template, _ = sjson.SetRaw(template, "input.-1", functionCallMessage) - case "tool_result": - flushMessage() - functionCallOutputMessage := `{"type":"function_call_output"}` - functionCallOutputMessage, _ = sjson.Set(functionCallOutputMessage, "call_id", messageContentResult.Get("tool_use_id").String()) - functionCallOutputMessage, _ = sjson.Set(functionCallOutputMessage, "output", messageContentResult.Get("content").String()) - template, _ = sjson.SetRaw(template, "input.-1", functionCallOutputMessage) - } - } - flushMessage() - } else if messageContentsResult.Type == gjson.String { - appendTextContent(messageContentsResult.String()) - flushMessage() - } - } - - } - - // Convert tools declarations to the expected format for the Codex API. - toolsResult := rootResult.Get("tools") - if toolsResult.IsArray() { - template, _ = sjson.SetRaw(template, "tools", `[]`) - template, _ = sjson.Set(template, "tool_choice", `auto`) - toolResults := toolsResult.Array() - // Build short name map from declared tools - var names []string - for i := 0; i < len(toolResults); i++ { - n := toolResults[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - shortMap := buildShortNameMap(names) - for i := 0; i < len(toolResults); i++ { - toolResult := toolResults[i] - // Special handling: map Claude web search tool to Codex web_search - if toolResult.Get("type").String() == "web_search_20250305" { - // Replace the tool content entirely with {"type":"web_search"} - template, _ = sjson.SetRaw(template, "tools.-1", `{"type":"web_search"}`) - continue - } - tool := toolResult.Raw - tool, _ = sjson.Set(tool, "type", "function") - // Apply shortened name if needed - if v := toolResult.Get("name"); v.Exists() { - name := v.String() - if short, ok := shortMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - tool, _ = sjson.Set(tool, "name", name) - } - tool, _ = sjson.SetRaw(tool, "parameters", normalizeToolParameters(toolResult.Get("input_schema").Raw)) - tool, _ = sjson.Delete(tool, "input_schema") - tool, _ = sjson.Delete(tool, "parameters.$schema") - tool, _ = sjson.Set(tool, "strict", false) - template, _ = sjson.SetRaw(template, "tools.-1", tool) - } - } - - // Add additional configuration parameters for the Codex API. - template, _ = sjson.Set(template, "parallel_tool_calls", true) - - // Convert thinking.budget_tokens to reasoning.effort. - reasoningEffort := "medium" - if thinkingConfig := rootResult.Get("thinking"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - switch thinkingConfig.Get("type").String() { - case "enabled": - if budgetTokens := thinkingConfig.Get("budget_tokens"); budgetTokens.Exists() { - budget := int(budgetTokens.Int()) - if effort, ok := thinking.ConvertBudgetToLevel(budget); ok && effort != "" { - reasoningEffort = effort - } - } - case "adaptive": - // Claude adaptive means "enable with max capacity"; keep it as highest level - // and let ApplyThinking normalize per target model capability. - reasoningEffort = string(thinking.LevelXHigh) - case "disabled": - if effort, ok := thinking.ConvertBudgetToLevel(0); ok && effort != "" { - reasoningEffort = effort - } - } - } - template, _ = sjson.Set(template, "reasoning.effort", reasoningEffort) - template, _ = sjson.Set(template, "reasoning.summary", "auto") - template, _ = sjson.Set(template, "stream", true) - template, _ = sjson.Set(template, "store", false) - template, _ = sjson.Set(template, "include", []string{"reasoning.encrypted_content"}) - - return []byte(template) -} - -// shortenNameIfNeeded applies a simple shortening rule for a single name. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -// buildShortNameMap ensures uniqueness of shortened names within a request. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} - -// buildReverseMapFromClaudeOriginalToShort builds original->short map, used to map tool_use names to short. -func buildReverseMapFromClaudeOriginalToShort(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - m := map[string]string{} - if !tools.IsArray() { - return m - } - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - n := arr[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - if len(names) > 0 { - m = buildShortNameMap(names) - } - return m -} - -// normalizeToolParameters ensures object schemas contain at least an empty properties map. -func normalizeToolParameters(raw string) string { - raw = strings.TrimSpace(raw) - if raw == "" || raw == "null" || !gjson.Valid(raw) { - return `{"type":"object","properties":{}}` - } - schema := raw - result := gjson.Parse(raw) - schemaType := result.Get("type").String() - if schemaType == "" { - schema, _ = sjson.Set(schema, "type", "object") - schemaType = "object" - } - if schemaType == "object" && !result.Get("properties").Exists() { - schema, _ = sjson.SetRaw(schema, "properties", `{}`) - } - return schema -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/claude/codex_claude_response.go b/.worktrees/config/m/config-build/active/internal/translator/codex/claude/codex_claude_response.go deleted file mode 100644 index cdcf2e4f55..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/claude/codex_claude_response.go +++ /dev/null @@ -1,390 +0,0 @@ -// Package claude provides response translation functionality for Codex to Claude Code API compatibility. -// This package handles the conversion of Codex API responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCodexResponseToClaudeParams holds parameters for response conversion. -type ConvertCodexResponseToClaudeParams struct { - HasToolCall bool - BlockIndex int - HasReceivedArgumentsDelta bool -} - -// ConvertCodexResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates Codex API responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertCodexResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCodexResponseToClaudeParams{ - HasToolCall: false, - BlockIndex: 0, - } - } - - // log.Debugf("rawJSON: %s", string(rawJSON)) - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - output := "" - rootResult := gjson.ParseBytes(rawJSON) - typeResult := rootResult.Get("type") - typeStr := typeResult.String() - template := "" - if typeStr == "response.created" { - template = `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"claude-opus-4-1-20250805","stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0},"content":[],"stop_reason":null}}` - template, _ = sjson.Set(template, "message.model", rootResult.Get("response.model").String()) - template, _ = sjson.Set(template, "message.id", rootResult.Get("response.id").String()) - - output = "event: message_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.reasoning_summary_part.added" { - template = `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.reasoning_summary_text.delta" { - template = `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.thinking", rootResult.Get("delta").String()) - - output = "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.reasoning_summary_part.done" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - - } else if typeStr == "response.content_part.added" { - template = `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.output_text.delta" { - template = `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.text", rootResult.Get("delta").String()) - - output = "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.content_part.done" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.completed" { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - p := (*param).(*ConvertCodexResponseToClaudeParams).HasToolCall - stopReason := rootResult.Get("response.stop_reason").String() - if p { - template, _ = sjson.Set(template, "delta.stop_reason", "tool_use") - } else if stopReason == "max_tokens" || stopReason == "stop" { - template, _ = sjson.Set(template, "delta.stop_reason", stopReason) - } else { - template, _ = sjson.Set(template, "delta.stop_reason", "end_turn") - } - inputTokens, outputTokens, cachedTokens := extractResponsesUsage(rootResult.Get("response.usage")) - template, _ = sjson.Set(template, "usage.input_tokens", inputTokens) - template, _ = sjson.Set(template, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - template, _ = sjson.Set(template, "usage.cache_read_input_tokens", cachedTokens) - } - - output = "event: message_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - output += "event: message_stop\n" - output += `data: {"type":"message_stop"}` - output += "\n\n" - } else if typeStr == "response.output_item.added" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - (*param).(*ConvertCodexResponseToClaudeParams).HasToolCall = true - (*param).(*ConvertCodexResponseToClaudeParams).HasReceivedArgumentsDelta = false - template = `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "content_block.id", itemResult.Get("call_id").String()) - { - // Restore original tool name if shortened - name := itemResult.Get("name").String() - rev := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - template, _ = sjson.Set(template, "content_block.name", name) - } - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - } else if typeStr == "response.output_item.done" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - } else if typeStr == "response.function_call_arguments.delta" { - (*param).(*ConvertCodexResponseToClaudeParams).HasReceivedArgumentsDelta = true - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.partial_json", rootResult.Get("delta").String()) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.function_call_arguments.done" { - // Some models (e.g. gpt-5.3-codex-spark) send function call arguments - // in a single "done" event without preceding "delta" events. - // Emit the full arguments as a single input_json_delta so the - // downstream Claude client receives the complete tool input. - // When delta events were already received, skip to avoid duplicating arguments. - if !(*param).(*ConvertCodexResponseToClaudeParams).HasReceivedArgumentsDelta { - if args := rootResult.Get("arguments").String(); args != "" { - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.partial_json", args) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - } - } - - return []string{output} -} - -// ConvertCodexResponseToClaudeNonStream converts a non-streaming Codex response to a non-streaming Claude Code response. -// This function processes the complete Codex response and transforms it into a single Claude Code-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Claude Code API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Claude Code-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, _ []byte, rawJSON []byte, _ *any) string { - revNames := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON) - - rootResult := gjson.ParseBytes(rawJSON) - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - responseData := rootResult.Get("response") - if !responseData.Exists() { - return "" - } - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", responseData.Get("id").String()) - out, _ = sjson.Set(out, "model", responseData.Get("model").String()) - inputTokens, outputTokens, cachedTokens := extractResponsesUsage(responseData.Get("usage")) - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - - hasToolCall := false - - if output := responseData.Get("output"); output.Exists() && output.IsArray() { - output.ForEach(func(_, item gjson.Result) bool { - switch item.Get("type").String() { - case "reasoning": - thinkingBuilder := strings.Builder{} - if summary := item.Get("summary"); summary.Exists() { - if summary.IsArray() { - summary.ForEach(func(_, part gjson.Result) bool { - if txt := part.Get("text"); txt.Exists() { - thinkingBuilder.WriteString(txt.String()) - } else { - thinkingBuilder.WriteString(part.String()) - } - return true - }) - } else { - thinkingBuilder.WriteString(summary.String()) - } - } - if thinkingBuilder.Len() == 0 { - if content := item.Get("content"); content.Exists() { - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if txt := part.Get("text"); txt.Exists() { - thinkingBuilder.WriteString(txt.String()) - } else { - thinkingBuilder.WriteString(part.String()) - } - return true - }) - } else { - thinkingBuilder.WriteString(content.String()) - } - } - } - if thinkingBuilder.Len() > 0 { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() { - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "output_text" { - text := part.Get("text").String() - if text != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - return true - }) - } else { - text := content.String() - if text != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - } - case "function_call": - hasToolCall = true - name := item.Get("name").String() - if original, ok := revNames[name]; ok { - name = original - } - - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", item.Get("call_id").String()) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if argsStr := item.Get("arguments").String(); argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - inputRaw = argsJSON.Raw - } - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - } - return true - }) - } - - if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" { - out, _ = sjson.Set(out, "stop_reason", stopReason.String()) - } else if hasToolCall { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - - if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" { - out, _ = sjson.SetRaw(out, "stop_sequence", stopSequence.Raw) - } - - return out -} - -func extractResponsesUsage(usage gjson.Result) (int64, int64, int64) { - if !usage.Exists() || usage.Type == gjson.Null { - return 0, 0, 0 - } - - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cachedTokens := usage.Get("input_tokens_details.cached_tokens").Int() - - if cachedTokens > 0 { - if inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } else { - inputTokens = 0 - } - } - - return inputTokens, outputTokens, cachedTokens -} - -// buildReverseMapFromClaudeOriginalShortToOriginal builds a map[short]original from original Claude request tools. -func buildReverseMapFromClaudeOriginalShortToOriginal(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if !tools.IsArray() { - return rev - } - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - n := arr[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - return rev -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/claude/init.go b/.worktrees/config/m/config-build/active/internal/translator/codex/claude/init.go deleted file mode 100644 index 7126edc303..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Codex, - ConvertClaudeRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToClaude, - NonStream: ConvertCodexResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/codex_gemini-cli_request.go b/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/codex_gemini-cli_request.go deleted file mode 100644 index 8b32453d26..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/codex_gemini-cli_request.go +++ /dev/null @@ -1,41 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini CLI to Codex API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Codex API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Codex API's expected format. -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToCodex parses and transforms a Gemini CLI API request into Codex API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Codex API. -// The function performs the following transformations: -// 1. Extracts the inner request object and promotes it to the top level -// 2. Restores the model information at the top level -// 3. Converts systemInstruction field to system_instruction for Codex compatibility -// 4. Delegates to the Gemini-to-Codex conversion function for further processing -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Codex API format -func ConvertGeminiCLIRequestToCodex(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelName) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - return ConvertGeminiRequestToCodex(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/codex_gemini-cli_response.go b/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/codex_gemini-cli_response.go deleted file mode 100644 index c60e66b9c7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/codex_gemini-cli_response.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package geminiCLI provides response translation functionality for Codex to Gemini CLI API compatibility. -// This package handles the conversion of Codex API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "context" - "fmt" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/gemini" - "github.com/tidwall/sjson" -) - -// ConvertCodexResponseToGeminiCLI converts Codex streaming response format to Gemini CLI format. -// This function processes various Codex event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini CLI API format. -// The function wraps each converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response wrapped in a response object -func ConvertCodexResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := ConvertCodexResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertCodexResponseToGeminiCLINonStream converts a non-streaming Codex response to a non-streaming Gemini CLI response. -// This function processes the complete Codex response and transforms it into a single Gemini-compatible -// JSON response. It wraps the converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: A Gemini-compatible JSON response wrapped in a response object -func ConvertCodexResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - // log.Debug(string(rawJSON)) - strJSON := ConvertCodexResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/init.go b/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/init.go deleted file mode 100644 index 8bcd3de5fd..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - Codex, - ConvertGeminiCLIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGeminiCLI, - NonStream: ConvertCodexResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/codex_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/codex_gemini_request.go deleted file mode 100644 index 9f5d7b311c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/codex_gemini_request.go +++ /dev/null @@ -1,364 +0,0 @@ -// Package gemini provides request translation functionality for Codex to Gemini API compatibility. -// It handles parsing and transforming Codex API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Codex API format and Gemini API's expected format. -package gemini - -import ( - "crypto/rand" - "fmt" - "math/big" - "strconv" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToCodex parses and transforms a Gemini API request into Codex API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Codex API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and generation configuration extraction -// 2. System instruction conversion to Codex format -// 3. Message content conversion with proper role mapping -// 4. Tool call and tool result handling with FIFO queue for ID matching -// 5. Tool declaration and tool choice configuration mapping -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Codex API format -func ConvertGeminiRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base template - out := `{"model":"","instructions":"","input":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Pre-compute tool name shortening map from declared functionDeclarations - shortMap := map[string]string{} - if tools := root.Get("tools"); tools.IsArray() { - var names []string - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - fns := tarr[i].Get("functionDeclarations") - if !fns.IsArray() { - continue - } - for _, fn := range fns.Array() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - if len(names) > 0 { - shortMap = buildShortNameMap(names) - } - } - - // helper for generating paired call IDs in the form: call_ - // Gemini uses sequential pairing across possibly multiple in-flight - // functionCalls, so we keep a FIFO queue of generated call IDs and - // consume them in order when functionResponses arrive. - var pendingCallIDs []string - - // genCallID creates a random call id like: call_<8chars> - genCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 8 chars random suffix - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "call_" + b.String() - } - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // System instruction -> as a user message with input_text parts - sysParts := root.Get("system_instruction.parts") - if sysParts.IsArray() { - msg := `{"type":"message","role":"developer","content":[]}` - arr := sysParts.Array() - for i := 0; i < len(arr); i++ { - p := arr[i] - if t := p.Get("text"); t.Exists() { - part := `{}` - part, _ = sjson.Set(part, "type", "input_text") - part, _ = sjson.Set(part, "text", t.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - } - if len(gjson.Get(msg, "content").Array()) > 0 { - out, _ = sjson.SetRaw(out, "input.-1", msg) - } - } - - // Contents -> messages and function calls/results - contents := root.Get("contents") - if contents.IsArray() { - items := contents.Array() - for i := 0; i < len(items); i++ { - item := items[i] - role := item.Get("role").String() - if role == "model" { - role = "assistant" - } - - parts := item.Get("parts") - if !parts.IsArray() { - continue - } - parr := parts.Array() - for j := 0; j < len(parr); j++ { - p := parr[j] - // text part - if t := p.Get("text"); t.Exists() { - msg := `{"type":"message","role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", t.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - out, _ = sjson.SetRaw(out, "input.-1", msg) - continue - } - - // function call from model - if fc := p.Get("functionCall"); fc.Exists() { - fn := `{"type":"function_call"}` - if name := fc.Get("name"); name.Exists() { - n := name.String() - if short, ok := shortMap[n]; ok { - n = short - } else { - n = shortenNameIfNeeded(n) - } - fn, _ = sjson.Set(fn, "name", n) - } - if args := fc.Get("args"); args.Exists() { - fn, _ = sjson.Set(fn, "arguments", args.Raw) - } - // generate a paired random call_id and enqueue it so the - // corresponding functionResponse can pop the earliest id - // to preserve ordering when multiple calls are present. - id := genCallID() - fn, _ = sjson.Set(fn, "call_id", id) - pendingCallIDs = append(pendingCallIDs, id) - out, _ = sjson.SetRaw(out, "input.-1", fn) - continue - } - - // function response from user - if fr := p.Get("functionResponse"); fr.Exists() { - fno := `{"type":"function_call_output"}` - // Prefer a string result if present; otherwise embed the raw response as a string - if res := fr.Get("response.result"); res.Exists() { - fno, _ = sjson.Set(fno, "output", res.String()) - } else if resp := fr.Get("response"); resp.Exists() { - fno, _ = sjson.Set(fno, "output", resp.Raw) - } - // fno, _ = sjson.Set(fno, "call_id", "call_W6nRJzFXyPM2LFBbfo98qAbq") - // attach the oldest queued call_id to pair the response - // with its call. If the queue is empty, generate a new id. - var id string - if len(pendingCallIDs) > 0 { - id = pendingCallIDs[0] - // pop the first element - pendingCallIDs = pendingCallIDs[1:] - } else { - id = genCallID() - } - fno, _ = sjson.Set(fno, "call_id", id) - out, _ = sjson.SetRaw(out, "input.-1", fno) - continue - } - } - } - } - - // Tools mapping: Gemini functionDeclarations -> Codex tools - tools := root.Get("tools") - if tools.IsArray() { - out, _ = sjson.SetRaw(out, "tools", `[]`) - out, _ = sjson.Set(out, "tool_choice", "auto") - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - td := tarr[i] - fns := td.Get("functionDeclarations") - if !fns.IsArray() { - continue - } - farr := fns.Array() - for j := 0; j < len(farr); j++ { - fn := farr[j] - tool := `{}` - tool, _ = sjson.Set(tool, "type", "function") - if v := fn.Get("name"); v.Exists() { - name := v.String() - if short, ok := shortMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - tool, _ = sjson.Set(tool, "name", name) - } - if v := fn.Get("description"); v.Exists() { - tool, _ = sjson.Set(tool, "description", v.String()) - } - if prm := fn.Get("parameters"); prm.Exists() { - // Remove optional $schema field if present - cleaned := prm.Raw - cleaned, _ = sjson.Delete(cleaned, "$schema") - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - tool, _ = sjson.SetRaw(tool, "parameters", cleaned) - } else if prm = fn.Get("parametersJsonSchema"); prm.Exists() { - // Remove optional $schema field if present - cleaned := prm.Raw - cleaned, _ = sjson.Delete(cleaned, "$schema") - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - tool, _ = sjson.SetRaw(tool, "parameters", cleaned) - } - tool, _ = sjson.Set(tool, "strict", false) - out, _ = sjson.SetRaw(out, "tools.-1", tool) - } - } - } - - // Fixed flags aligning with Codex expectations - out, _ = sjson.Set(out, "parallel_tool_calls", true) - - // Convert Gemini thinkingConfig to Codex reasoning.effort. - // Note: Google official Python SDK sends snake_case fields (thinking_level/thinking_budget). - effortSet := false - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - effort := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning.effort", effort) - effortSet = true - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - if effort, ok := thinking.ConvertBudgetToLevel(int(thinkingBudget.Int())); ok { - out, _ = sjson.Set(out, "reasoning.effort", effort) - effortSet = true - } - } - } - } - } - if !effortSet { - // No thinking config, set default effort - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - out, _ = sjson.Set(out, "reasoning.summary", "auto") - out, _ = sjson.Set(out, "stream", true) - out, _ = sjson.Set(out, "store", false) - out, _ = sjson.Set(out, "include", []string{"reasoning.encrypted_content"}) - - var pathsToLower []string - toolsResult := gjson.Get(out, "tools") - util.Walk(toolsResult, "", "type", &pathsToLower) - for _, p := range pathsToLower { - fullPath := fmt.Sprintf("tools.%s", p) - out, _ = sjson.Set(out, fullPath, strings.ToLower(gjson.Get(out, fullPath).String())) - } - - return []byte(out) -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -// buildShortNameMap ensures uniqueness of shortened names within a request. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/codex_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/codex_gemini_response.go deleted file mode 100644 index 82a2187fe6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/codex_gemini_response.go +++ /dev/null @@ -1,312 +0,0 @@ -// Package gemini provides response translation functionality for Codex to Gemini API compatibility. -// This package handles the conversion of Codex API responses into Gemini-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. -package gemini - -import ( - "bytes" - "context" - "fmt" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCodexResponseToGeminiParams holds parameters for response conversion. -type ConvertCodexResponseToGeminiParams struct { - Model string - CreatedAt int64 - ResponseID string - LastStorageOutput string -} - -// ConvertCodexResponseToGemini converts Codex streaming response format to Gemini format. -// This function processes various Codex event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// The function maintains state across multiple calls to ensure proper response sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response -func ConvertCodexResponseToGemini(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCodexResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - LastStorageOutput: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - rootResult := gjson.ParseBytes(rawJSON) - typeResult := rootResult.Get("type") - typeStr := typeResult.String() - - // Base Gemini response template - template := `{"candidates":[{"content":{"role":"model","parts":[]}}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"gemini-2.5-pro","createTime":"2025-08-15T02:52:03.884209Z","responseId":"06CeaPH7NaCU48APvNXDyA4"}` - if (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput != "" && typeStr == "response.output_item.done" { - template = (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput - } else { - template, _ = sjson.Set(template, "modelVersion", (*param).(*ConvertCodexResponseToGeminiParams).Model) - createdAtResult := rootResult.Get("response.created_at") - if createdAtResult.Exists() { - (*param).(*ConvertCodexResponseToGeminiParams).CreatedAt = createdAtResult.Int() - template, _ = sjson.Set(template, "createTime", time.Unix((*param).(*ConvertCodexResponseToGeminiParams).CreatedAt, 0).Format(time.RFC3339Nano)) - } - template, _ = sjson.Set(template, "responseId", (*param).(*ConvertCodexResponseToGeminiParams).ResponseID) - } - - // Handle function call completion - if typeStr == "response.output_item.done" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - // Create function call part - functionCall := `{"functionCall":{"name":"","args":{}}}` - { - // Restore original tool name if shortened - n := itemResult.Get("name").String() - rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCall, _ = sjson.Set(functionCall, "functionCall.name", n) - } - - // Parse and set arguments - argsStr := itemResult.Get("arguments").String() - if argsStr != "" { - argsResult := gjson.Parse(argsStr) - if argsResult.IsObject() { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsStr) - } - } - - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", functionCall) - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - - (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput = template - - // Use this return to storage message - return []string{} - } - } - - if typeStr == "response.created" { // Handle response creation - set model and response ID - template, _ = sjson.Set(template, "modelVersion", rootResult.Get("response.model").String()) - template, _ = sjson.Set(template, "responseId", rootResult.Get("response.id").String()) - (*param).(*ConvertCodexResponseToGeminiParams).ResponseID = rootResult.Get("response.id").String() - } else if typeStr == "response.reasoning_summary_text.delta" { // Handle reasoning/thinking content delta - part := `{"thought":true,"text":""}` - part, _ = sjson.Set(part, "text", rootResult.Get("delta").String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } else if typeStr == "response.output_text.delta" { // Handle regular text content delta - part := `{"text":""}` - part, _ = sjson.Set(part, "text", rootResult.Get("delta").String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } else if typeStr == "response.completed" { // Handle response completion with usage metadata - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", rootResult.Get("response.usage.input_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", rootResult.Get("response.usage.output_tokens").Int()) - totalTokens := rootResult.Get("response.usage.input_tokens").Int() + rootResult.Get("response.usage.output_tokens").Int() - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens) - } else { - return []string{} - } - - if (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput != "" { - return []string{(*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput, template} - } else { - return []string{template} - } - -} - -// ConvertCodexResponseToGeminiNonStream converts a non-streaming Codex response to a non-streaming Gemini response. -// This function processes the complete Codex response and transforms it into a single Gemini-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Gemini API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - // Base Gemini response template for non-streaming - template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - template, _ = sjson.Set(template, "modelVersion", modelName) - - // Set response metadata from the completed response - responseData := rootResult.Get("response") - if responseData.Exists() { - // Set response ID - if responseId := responseData.Get("id"); responseId.Exists() { - template, _ = sjson.Set(template, "responseId", responseId.String()) - } - - // Set creation time - if createdAt := responseData.Get("created_at"); createdAt.Exists() { - template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano)) - } - - // Set usage metadata - if usage := responseData.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - totalTokens := inputTokens + outputTokens - - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens) - } - - // Process output content to build parts array - hasToolCall := false - var pendingFunctionCalls []string - - flushPendingFunctionCalls := func() { - if len(pendingFunctionCalls) == 0 { - return - } - // Add all pending function calls as individual parts - // This maintains the original Gemini API format while ensuring consecutive calls are grouped together - for _, fc := range pendingFunctionCalls { - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", fc) - } - pendingFunctionCalls = nil - } - - if output := responseData.Get("output"); output.Exists() && output.IsArray() { - output.ForEach(func(key, value gjson.Result) bool { - itemType := value.Get("type").String() - - switch itemType { - case "reasoning": - // Flush any pending function calls before adding non-function content - flushPendingFunctionCalls() - - // Add thinking content - if content := value.Get("content"); content.Exists() { - part := `{"text":"","thought":true}` - part, _ = sjson.Set(part, "text", content.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } - - case "message": - // Flush any pending function calls before adding non-function content - flushPendingFunctionCalls() - - // Add regular text content - if content := value.Get("content"); content.Exists() && content.IsArray() { - content.ForEach(func(_, contentItem gjson.Result) bool { - if contentItem.Get("type").String() == "output_text" { - if text := contentItem.Get("text"); text.Exists() { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } - } - return true - }) - } - - case "function_call": - // Collect function call for potential merging with consecutive ones - hasToolCall = true - functionCall := `{"functionCall":{"args":{},"name":""}}` - { - n := value.Get("name").String() - rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCall, _ = sjson.Set(functionCall, "functionCall.name", n) - } - - // Parse and set arguments - if argsStr := value.Get("arguments").String(); argsStr != "" { - argsResult := gjson.Parse(argsStr) - if argsResult.IsObject() { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsStr) - } - } - - pendingFunctionCalls = append(pendingFunctionCalls, functionCall) - } - return true - }) - - // Handle any remaining pending function calls at the end - flushPendingFunctionCalls() - } - - // Set finish reason based on whether there were tool calls - if hasToolCall { - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } else { - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } - } - return template -} - -// buildReverseMapFromGeminiOriginal builds a map[short]original from original Gemini request tools. -func buildReverseMapFromGeminiOriginal(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if !tools.IsArray() { - return rev - } - var names []string - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - fns := tarr[i].Get("functionDeclarations") - if !fns.IsArray() { - continue - } - for _, fn := range fns.Array() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - return rev -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/init.go b/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/init.go deleted file mode 100644 index 41d30559a6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - Codex, - ConvertGeminiRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGemini, - NonStream: ConvertCodexResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/codex_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/codex_openai_request.go deleted file mode 100644 index e79f97cd3b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/codex_openai_request.go +++ /dev/null @@ -1,421 +0,0 @@ -// Package openai provides utilities to translate OpenAI Chat Completions -// request JSON into OpenAI Responses API request JSON using gjson/sjson. -// It supports tools, multimodal text/image inputs, and Structured Outputs. -// The package handles the conversion of OpenAI API requests into the format -// expected by the OpenAI Responses API, including proper mapping of messages, -// tools, and generation parameters. -package chat_completions - -import ( - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIRequestToCodex converts an OpenAI Chat Completions request JSON -// into an OpenAI Responses API request JSON. The transformation follows the -// examples defined in docs/2.md exactly, including tools, multi-turn dialog, -// multimodal text/image handling, and Structured Outputs mapping. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI Chat Completions API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in OpenAI Responses API format -func ConvertOpenAIRequestToCodex(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Start with empty JSON object - out := `{"instructions":""}` - - // Stream must be set to true - out, _ = sjson.Set(out, "stream", stream) - - // Codex not support temperature, top_p, top_k, max_output_tokens, so comment them - // if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() { - // out, _ = sjson.Set(out, "temperature", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() { - // out, _ = sjson.Set(out, "top_p", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() { - // out, _ = sjson.Set(out, "top_k", v.Value()) - // } - - // Map token limits - // if v := gjson.GetBytes(rawJSON, "max_tokens"); v.Exists() { - // out, _ = sjson.Set(out, "max_output_tokens", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "max_completion_tokens"); v.Exists() { - // out, _ = sjson.Set(out, "max_output_tokens", v.Value()) - // } - - // Map reasoning effort - if v := gjson.GetBytes(rawJSON, "reasoning_effort"); v.Exists() { - out, _ = sjson.Set(out, "reasoning.effort", v.Value()) - } else { - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - out, _ = sjson.Set(out, "parallel_tool_calls", true) - out, _ = sjson.Set(out, "reasoning.summary", "auto") - out, _ = sjson.Set(out, "include", []string{"reasoning.encrypted_content"}) - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // Build tool name shortening map from original tools (if any) - originalToolNameMap := map[string]string{} - { - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - // Collect original tool names - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - } - if len(names) > 0 { - originalToolNameMap = buildShortNameMap(names) - } - } - } - - // Extract system instructions from first system message (string or text object) - messages := gjson.GetBytes(rawJSON, "messages") - // if messages.IsArray() { - // arr := messages.Array() - // for i := 0; i < len(arr); i++ { - // m := arr[i] - // if m.Get("role").String() == "system" { - // c := m.Get("content") - // if c.Type == gjson.String { - // out, _ = sjson.Set(out, "instructions", c.String()) - // } else if c.IsObject() && c.Get("type").String() == "text" { - // out, _ = sjson.Set(out, "instructions", c.Get("text").String()) - // } - // break - // } - // } - // } - - // Build input from messages, handling all message types including tool calls - out, _ = sjson.SetRaw(out, "input", `[]`) - if messages.IsArray() { - arr := messages.Array() - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - - switch role { - case "tool": - // Handle tool response messages as top-level function_call_output objects - toolCallID := m.Get("tool_call_id").String() - content := m.Get("content").String() - - // Create function_call_output object - funcOutput := `{}` - funcOutput, _ = sjson.Set(funcOutput, "type", "function_call_output") - funcOutput, _ = sjson.Set(funcOutput, "call_id", toolCallID) - funcOutput, _ = sjson.Set(funcOutput, "output", content) - out, _ = sjson.SetRaw(out, "input.-1", funcOutput) - - default: - // Handle regular messages - msg := `{}` - msg, _ = sjson.Set(msg, "type", "message") - if role == "system" { - msg, _ = sjson.Set(msg, "role", "developer") - } else { - msg, _ = sjson.Set(msg, "role", role) - } - - msg, _ = sjson.SetRaw(msg, "content", `[]`) - - // Handle regular content - c := m.Get("content") - if c.Exists() && c.Type == gjson.String && c.String() != "" { - // Single string content - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", c.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } else if c.Exists() && c.IsArray() { - items := c.Array() - for j := 0; j < len(items); j++ { - it := items[j] - t := it.Get("type").String() - switch t { - case "text": - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", it.Get("text").String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - case "image_url": - // Map image inputs to input_image for Responses API - if role == "user" { - part := `{}` - part, _ = sjson.Set(part, "type", "input_image") - if u := it.Get("image_url.url"); u.Exists() { - part, _ = sjson.Set(part, "image_url", u.String()) - } - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - case "file": - // Files are not specified in examples; skip for now - } - } - } - - out, _ = sjson.SetRaw(out, "input.-1", msg) - - // Handle tool calls for assistant messages as separate top-level objects - if role == "assistant" { - toolCalls := m.Get("tool_calls") - if toolCalls.Exists() && toolCalls.IsArray() { - toolCallsArr := toolCalls.Array() - for j := 0; j < len(toolCallsArr); j++ { - tc := toolCallsArr[j] - if tc.Get("type").String() == "function" { - // Create function_call as top-level object - funcCall := `{}` - funcCall, _ = sjson.Set(funcCall, "type", "function_call") - funcCall, _ = sjson.Set(funcCall, "call_id", tc.Get("id").String()) - { - name := tc.Get("function.name").String() - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - funcCall, _ = sjson.Set(funcCall, "name", name) - } - funcCall, _ = sjson.Set(funcCall, "arguments", tc.Get("function.arguments").String()) - out, _ = sjson.SetRaw(out, "input.-1", funcCall) - } - } - } - } - } - } - } - - // Map response_format and text settings to Responses API text.format - rf := gjson.GetBytes(rawJSON, "response_format") - text := gjson.GetBytes(rawJSON, "text") - if rf.Exists() { - // Always create text object when response_format provided - if !gjson.Get(out, "text").Exists() { - out, _ = sjson.SetRaw(out, "text", `{}`) - } - - rft := rf.Get("type").String() - switch rft { - case "text": - out, _ = sjson.Set(out, "text.format.type", "text") - case "json_schema": - js := rf.Get("json_schema") - if js.Exists() { - out, _ = sjson.Set(out, "text.format.type", "json_schema") - if v := js.Get("name"); v.Exists() { - out, _ = sjson.Set(out, "text.format.name", v.Value()) - } - if v := js.Get("strict"); v.Exists() { - out, _ = sjson.Set(out, "text.format.strict", v.Value()) - } - if v := js.Get("schema"); v.Exists() { - out, _ = sjson.SetRaw(out, "text.format.schema", v.Raw) - } - } - } - - // Map verbosity if provided - if text.Exists() { - if v := text.Get("verbosity"); v.Exists() { - out, _ = sjson.Set(out, "text.verbosity", v.Value()) - } - } - } else if text.Exists() { - // If only text.verbosity present (no response_format), map verbosity - if v := text.Get("verbosity"); v.Exists() { - if !gjson.Get(out, "text").Exists() { - out, _ = sjson.SetRaw(out, "text", `{}`) - } - out, _ = sjson.Set(out, "text.verbosity", v.Value()) - } - } - - // Map tools (flatten function fields) - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", `[]`) - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - toolType := t.Get("type").String() - // Pass through built-in tools (e.g. {"type":"web_search"}) directly for the Responses API. - // Only "function" needs structural conversion because Chat Completions nests details under "function". - if toolType != "" && toolType != "function" && t.IsObject() { - out, _ = sjson.SetRaw(out, "tools.-1", t.Raw) - continue - } - - if toolType == "function" { - item := `{}` - item, _ = sjson.Set(item, "type", "function") - fn := t.Get("function") - if fn.Exists() { - if v := fn.Get("name"); v.Exists() { - name := v.String() - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - item, _ = sjson.Set(item, "name", name) - } - if v := fn.Get("description"); v.Exists() { - item, _ = sjson.Set(item, "description", v.Value()) - } - if v := fn.Get("parameters"); v.Exists() { - item, _ = sjson.SetRaw(item, "parameters", v.Raw) - } - if v := fn.Get("strict"); v.Exists() { - item, _ = sjson.Set(item, "strict", v.Value()) - } - } - out, _ = sjson.SetRaw(out, "tools.-1", item) - } - } - } - - // Map tool_choice when present. - // Chat Completions: "tool_choice" can be a string ("auto"/"none") or an object (e.g. {"type":"function","function":{"name":"..."}}). - // Responses API: keep built-in tool choices as-is; flatten function choice to {"type":"function","name":"..."}. - if tc := gjson.GetBytes(rawJSON, "tool_choice"); tc.Exists() { - switch { - case tc.Type == gjson.String: - out, _ = sjson.Set(out, "tool_choice", tc.String()) - case tc.IsObject(): - tcType := tc.Get("type").String() - if tcType == "function" { - name := tc.Get("function.name").String() - if name != "" { - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - } - choice := `{}` - choice, _ = sjson.Set(choice, "type", "function") - if name != "" { - choice, _ = sjson.Set(choice, "name", name) - } - out, _ = sjson.SetRaw(out, "tool_choice", choice) - } else if tcType != "" { - // Built-in tool choices (e.g. {"type":"web_search"}) are already Responses-compatible. - out, _ = sjson.SetRaw(out, "tool_choice", tc.Raw) - } - } - } - - out, _ = sjson.Set(out, "store", false) - return []byte(out) -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -// If the name length exceeds 64, it will try to preserve the "mcp__" prefix and last segment. -// Otherwise it truncates to 64 characters. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - // Keep prefix and last segment after '__' - idx := strings.LastIndex(name, "__") - if idx > 0 { - candidate := "mcp__" + name[idx+2:] - if len(candidate) > limit { - return candidate[:limit] - } - return candidate - } - } - return name[:limit] -} - -// buildShortNameMap generates unique short names (<=64) for the given list of names. -// It preserves the "mcp__" prefix with the last segment when possible and ensures uniqueness -// by appending suffixes like "~1", "~2" if needed. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/codex_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/codex_openai_response.go deleted file mode 100644 index f0e264c8ce..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/codex_openai_response.go +++ /dev/null @@ -1,402 +0,0 @@ -// Package openai provides response translation functionality for Codex to OpenAI API compatibility. -// This package handles the conversion of Codex API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCliToOpenAIParams holds parameters for response conversion. -type ConvertCliToOpenAIParams struct { - ResponseID string - CreatedAt int64 - Model string - FunctionCallIndex int - HasReceivedArgumentsDelta bool - HasToolCallAnnounced bool -} - -// ConvertCodexResponseToOpenAI translates a single chunk of a streaming response from the -// Codex API format to the OpenAI Chat Completions streaming format. -// It processes various Codex event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertCodexResponseToOpenAI(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCliToOpenAIParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - FunctionCallIndex: -1, - HasReceivedArgumentsDelta: false, - HasToolCallAnnounced: false, - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - rootResult := gjson.ParseBytes(rawJSON) - - typeResult := rootResult.Get("type") - dataType := typeResult.String() - if dataType == "response.created" { - (*param).(*ConvertCliToOpenAIParams).ResponseID = rootResult.Get("response.id").String() - (*param).(*ConvertCliToOpenAIParams).CreatedAt = rootResult.Get("response.created_at").Int() - (*param).(*ConvertCliToOpenAIParams).Model = rootResult.Get("response.model").String() - return []string{} - } - - // Extract and set the model version. - if modelResult := gjson.GetBytes(rawJSON, "model"); modelResult.Exists() { - template, _ = sjson.Set(template, "model", modelResult.String()) - } - - template, _ = sjson.Set(template, "created", (*param).(*ConvertCliToOpenAIParams).CreatedAt) - - // Extract and set the response ID. - template, _ = sjson.Set(template, "id", (*param).(*ConvertCliToOpenAIParams).ResponseID) - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usage"); usageResult.Exists() { - if outputTokensResult := usageResult.Get("output_tokens"); outputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokensResult.Int()) - } - if totalTokensResult := usageResult.Get("total_tokens"); totalTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokensResult.Int()) - } - if inputTokensResult := usageResult.Get("input_tokens"); inputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokensResult.Int()) - } - if cachedTokensResult := usageResult.Get("input_tokens_details.cached_tokens"); cachedTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokensResult.Int()) - } - if reasoningTokensResult := usageResult.Get("output_tokens_details.reasoning_tokens"); reasoningTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", reasoningTokensResult.Int()) - } - } - - if dataType == "response.reasoning_summary_text.delta" { - if deltaResult := rootResult.Get("delta"); deltaResult.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", deltaResult.String()) - } - } else if dataType == "response.reasoning_summary_text.done" { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", "\n\n") - } else if dataType == "response.output_text.delta" { - if deltaResult := rootResult.Get("delta"); deltaResult.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.content", deltaResult.String()) - } - } else if dataType == "response.completed" { - finishReason := "stop" - if (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex != -1 { - finishReason = "tool_calls" - } - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } else if dataType == "response.output_item.added" { - itemResult := rootResult.Get("item") - if !itemResult.Exists() || itemResult.Get("type").String() != "function_call" { - return []string{} - } - - // Increment index for this new function call item. - (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex++ - (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta = false - (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced = true - - functionCallItemTemplate := `{"index":0,"id":"","type":"function","function":{"name":"","arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", itemResult.Get("call_id").String()) - - // Restore original tool name if it was shortened. - name := itemResult.Get("name").String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", name) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", "") - - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else if dataType == "response.function_call_arguments.delta" { - (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta = true - - deltaValue := rootResult.Get("delta").String() - functionCallItemTemplate := `{"index":0,"function":{"arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", deltaValue) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else if dataType == "response.function_call_arguments.done" { - if (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta { - // Arguments were already streamed via delta events; nothing to emit. - return []string{} - } - - // Fallback: no delta events were received, emit the full arguments as a single chunk. - fullArgs := rootResult.Get("arguments").String() - functionCallItemTemplate := `{"index":0,"function":{"arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", fullArgs) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else if dataType == "response.output_item.done" { - itemResult := rootResult.Get("item") - if !itemResult.Exists() || itemResult.Get("type").String() != "function_call" { - return []string{} - } - - if (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced { - // Tool call was already announced via output_item.added; skip emission. - (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced = false - return []string{} - } - - // Fallback path: model skipped output_item.added, so emit complete tool call now. - (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex++ - - functionCallItemTemplate := `{"index":0,"id":"","type":"function","function":{"name":"","arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", itemResult.Get("call_id").String()) - - // Restore original tool name if it was shortened. - name := itemResult.Get("name").String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", name) - - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", itemResult.Get("arguments").String()) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else { - return []string{} - } - - return []string{template} -} - -// ConvertCodexResponseToOpenAINonStream converts a non-streaming Codex response to a non-streaming OpenAI response. -// This function processes the complete Codex response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - unixTimestamp := time.Now().Unix() - - responseResult := rootResult.Get("response") - - template := `{"id":"","object":"chat.completion","created":123456,"model":"model","choices":[{"index":0,"message":{"role":"assistant","content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelResult := responseResult.Get("model"); modelResult.Exists() { - template, _ = sjson.Set(template, "model", modelResult.String()) - } - - // Extract and set the creation timestamp. - if createdAtResult := responseResult.Get("created_at"); createdAtResult.Exists() { - template, _ = sjson.Set(template, "created", createdAtResult.Int()) - } else { - template, _ = sjson.Set(template, "created", unixTimestamp) - } - - // Extract and set the response ID. - if idResult := responseResult.Get("id"); idResult.Exists() { - template, _ = sjson.Set(template, "id", idResult.String()) - } - - // Extract and set usage metadata (token counts). - if usageResult := responseResult.Get("usage"); usageResult.Exists() { - if outputTokensResult := usageResult.Get("output_tokens"); outputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokensResult.Int()) - } - if totalTokensResult := usageResult.Get("total_tokens"); totalTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokensResult.Int()) - } - if inputTokensResult := usageResult.Get("input_tokens"); inputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokensResult.Int()) - } - if cachedTokensResult := usageResult.Get("input_tokens_details.cached_tokens"); cachedTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokensResult.Int()) - } - if reasoningTokensResult := usageResult.Get("output_tokens_details.reasoning_tokens"); reasoningTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", reasoningTokensResult.Int()) - } - } - - // Process the output array for content and function calls - outputResult := responseResult.Get("output") - if outputResult.IsArray() { - outputArray := outputResult.Array() - var contentText string - var reasoningText string - var toolCalls []string - - for _, outputItem := range outputArray { - outputType := outputItem.Get("type").String() - - switch outputType { - case "reasoning": - // Extract reasoning content from summary - if summaryResult := outputItem.Get("summary"); summaryResult.IsArray() { - summaryArray := summaryResult.Array() - for _, summaryItem := range summaryArray { - if summaryItem.Get("type").String() == "summary_text" { - reasoningText = summaryItem.Get("text").String() - break - } - } - } - case "message": - // Extract message content - if contentResult := outputItem.Get("content"); contentResult.IsArray() { - contentArray := contentResult.Array() - for _, contentItem := range contentArray { - if contentItem.Get("type").String() == "output_text" { - contentText = contentItem.Get("text").String() - break - } - } - } - case "function_call": - // Handle function call content - functionCallTemplate := `{"id": "","type": "function","function": {"name": "","arguments": ""}}` - - if callIdResult := outputItem.Get("call_id"); callIdResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", callIdResult.String()) - } - - if nameResult := outputItem.Get("name"); nameResult.Exists() { - n := nameResult.String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", n) - } - - if argsResult := outputItem.Get("arguments"); argsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", argsResult.String()) - } - - toolCalls = append(toolCalls, functionCallTemplate) - } - } - - // Set content and reasoning content if found - if contentText != "" { - template, _ = sjson.Set(template, "choices.0.message.content", contentText) - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - - if reasoningText != "" { - template, _ = sjson.Set(template, "choices.0.message.reasoning_content", reasoningText) - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - - // Add tool calls if any - if len(toolCalls) > 0 { - template, _ = sjson.SetRaw(template, "choices.0.message.tool_calls", `[]`) - for _, toolCall := range toolCalls { - template, _ = sjson.SetRaw(template, "choices.0.message.tool_calls.-1", toolCall) - } - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - } - - // Extract and set the finish reason based on status - if statusResult := responseResult.Get("status"); statusResult.Exists() { - status := statusResult.String() - if status == "completed" { - template, _ = sjson.Set(template, "choices.0.finish_reason", "stop") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "stop") - } - } - - return template -} - -// buildReverseMapFromOriginalOpenAI builds a map of shortened tool name -> original tool name -// from the original OpenAI-style request JSON using the same shortening logic. -func buildReverseMapFromOriginalOpenAI(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if tools.IsArray() && len(tools.Array()) > 0 { - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() != "function" { - continue - } - fn := t.Get("function") - if !fn.Exists() { - continue - } - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - } - return rev -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/init.go deleted file mode 100644 index 8f782fdae1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Codex, - ConvertOpenAIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAI, - NonStream: ConvertCodexResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_request.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_request.go deleted file mode 100644 index f0407149e0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_request.go +++ /dev/null @@ -1,60 +0,0 @@ -package responses - -import ( - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func ConvertOpenAIResponsesRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - - inputResult := gjson.GetBytes(rawJSON, "input") - if inputResult.Type == gjson.String { - input, _ := sjson.Set(`[{"type":"message","role":"user","content":[{"type":"input_text","text":""}]}]`, "0.content.0.text", inputResult.String()) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "input", []byte(input)) - } - - rawJSON, _ = sjson.SetBytes(rawJSON, "stream", true) - rawJSON, _ = sjson.SetBytes(rawJSON, "store", false) - rawJSON, _ = sjson.SetBytes(rawJSON, "parallel_tool_calls", true) - rawJSON, _ = sjson.SetBytes(rawJSON, "include", []string{"reasoning.encrypted_content"}) - // Codex Responses rejects token limit fields, so strip them out before forwarding. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_output_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_completion_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "temperature") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "top_p") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "service_tier") - - // Delete the user field as it is not supported by the Codex upstream. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "user") - - // Convert role "system" to "developer" in input array to comply with Codex API requirements. - rawJSON = convertSystemRoleToDeveloper(rawJSON) - - return rawJSON -} - -// convertSystemRoleToDeveloper traverses the input array and converts any message items -// with role "system" to role "developer". This is necessary because Codex API does not -// accept "system" role in the input array. -func convertSystemRoleToDeveloper(rawJSON []byte) []byte { - inputResult := gjson.GetBytes(rawJSON, "input") - if !inputResult.IsArray() { - return rawJSON - } - - inputArray := inputResult.Array() - result := rawJSON - - // Directly modify role values for items with "system" role - for i := 0; i < len(inputArray); i++ { - rolePath := fmt.Sprintf("input.%d.role", i) - if gjson.GetBytes(result, rolePath).String() == "system" { - result, _ = sjson.SetBytes(result, rolePath, "developer") - } - } - - return result -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_request_test.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_request_test.go deleted file mode 100644 index 4f5624869f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_request_test.go +++ /dev/null @@ -1,282 +0,0 @@ -package responses - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -// TestConvertSystemRoleToDeveloper_BasicConversion tests the basic system -> developer role conversion -func TestConvertSystemRoleToDeveloper_BasicConversion(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are a pirate."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Say hello."}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that system role was converted to developer - firstItemRole := gjson.Get(outputStr, "input.0.role") - if firstItemRole.String() != "developer" { - t.Errorf("Expected role 'developer', got '%s'", firstItemRole.String()) - } - - // Check that user role remains unchanged - secondItemRole := gjson.Get(outputStr, "input.1.role") - if secondItemRole.String() != "user" { - t.Errorf("Expected role 'user', got '%s'", secondItemRole.String()) - } - - // Check content is preserved - firstItemContent := gjson.Get(outputStr, "input.0.content.0.text") - if firstItemContent.String() != "You are a pirate." { - t.Errorf("Expected content 'You are a pirate.', got '%s'", firstItemContent.String()) - } -} - -// TestConvertSystemRoleToDeveloper_MultipleSystemMessages tests conversion with multiple system messages -func TestConvertSystemRoleToDeveloper_MultipleSystemMessages(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are helpful."}] - }, - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "Be concise."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that both system roles were converted - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected first role 'developer', got '%s'", firstRole.String()) - } - - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "developer" { - t.Errorf("Expected second role 'developer', got '%s'", secondRole.String()) - } - - // Check that user role is unchanged - thirdRole := gjson.Get(outputStr, "input.2.role") - if thirdRole.String() != "user" { - t.Errorf("Expected third role 'user', got '%s'", thirdRole.String()) - } -} - -// TestConvertSystemRoleToDeveloper_NoSystemMessages tests that requests without system messages are unchanged -func TestConvertSystemRoleToDeveloper_NoSystemMessages(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - }, - { - "type": "message", - "role": "assistant", - "content": [{"type": "output_text", "text": "Hi there!"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that user and assistant roles are unchanged - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "user" { - t.Errorf("Expected role 'user', got '%s'", firstRole.String()) - } - - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "assistant" { - t.Errorf("Expected role 'assistant', got '%s'", secondRole.String()) - } -} - -// TestConvertSystemRoleToDeveloper_EmptyInput tests that empty input arrays are handled correctly -func TestConvertSystemRoleToDeveloper_EmptyInput(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that input is still an empty array - inputArray := gjson.Get(outputStr, "input") - if !inputArray.IsArray() { - t.Error("Input should still be an array") - } - if len(inputArray.Array()) != 0 { - t.Errorf("Expected empty array, got %d items", len(inputArray.Array())) - } -} - -// TestConvertSystemRoleToDeveloper_NoInputField tests that requests without input field are unchanged -func TestConvertSystemRoleToDeveloper_NoInputField(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that other fields are still set correctly - stream := gjson.Get(outputStr, "stream") - if !stream.Bool() { - t.Error("Stream should be set to true by conversion") - } - - store := gjson.Get(outputStr, "store") - if store.Bool() { - t.Error("Store should be set to false by conversion") - } -} - -// TestConvertOpenAIResponsesRequestToCodex_OriginalIssue tests the exact issue reported by the user -func TestConvertOpenAIResponsesRequestToCodex_OriginalIssue(t *testing.T) { - // This is the exact input that was failing with "System messages are not allowed" - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": "You are a pirate. Always respond in pirate speak." - }, - { - "type": "message", - "role": "user", - "content": "Say hello." - } - ], - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Verify system role was converted to developer - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected role 'developer', got '%s'", firstRole.String()) - } - - // Verify stream was set to true (as required by Codex) - stream := gjson.Get(outputStr, "stream") - if !stream.Bool() { - t.Error("Stream should be set to true") - } - - // Verify other required fields for Codex - store := gjson.Get(outputStr, "store") - if store.Bool() { - t.Error("Store should be false") - } - - parallelCalls := gjson.Get(outputStr, "parallel_tool_calls") - if !parallelCalls.Bool() { - t.Error("parallel_tool_calls should be true") - } - - include := gjson.Get(outputStr, "include") - if !include.IsArray() || len(include.Array()) != 1 { - t.Error("include should be an array with one element") - } else if include.Array()[0].String() != "reasoning.encrypted_content" { - t.Errorf("Expected include[0] to be 'reasoning.encrypted_content', got '%s'", include.Array()[0].String()) - } -} - -// TestConvertSystemRoleToDeveloper_AssistantRole tests that assistant role is preserved -func TestConvertSystemRoleToDeveloper_AssistantRole(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are helpful."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - }, - { - "type": "message", - "role": "assistant", - "content": [{"type": "output_text", "text": "Hi!"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check system -> developer - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected first role 'developer', got '%s'", firstRole.String()) - } - - // Check user unchanged - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "user" { - t.Errorf("Expected second role 'user', got '%s'", secondRole.String()) - } - - // Check assistant unchanged - thirdRole := gjson.Get(outputStr, "input.2.role") - if thirdRole.String() != "assistant" { - t.Errorf("Expected third role 'assistant', got '%s'", thirdRole.String()) - } -} - -func TestUserFieldDeletion(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "user": "test-user", - "input": [{"role": "user", "content": "Hello"}] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Verify user field is deleted - userField := gjson.Get(outputStr, "user") - if userField.Exists() { - t.Errorf("user field should be deleted, but it was found with value: %s", userField.Raw) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_response.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_response.go deleted file mode 100644 index 4287206a99..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/codex_openai-responses_response.go +++ /dev/null @@ -1,48 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertCodexResponseToOpenAIResponses converts OpenAI Chat Completions streaming chunks -// to OpenAI Responses SSE events (response.*). - -func ConvertCodexResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - if typeResult := gjson.GetBytes(rawJSON, "type"); typeResult.Exists() { - typeStr := typeResult.String() - if typeStr == "response.created" || typeStr == "response.in_progress" || typeStr == "response.completed" { - if gjson.GetBytes(rawJSON, "response.instructions").Exists() { - instructions := gjson.GetBytes(originalRequestRawJSON, "instructions").String() - rawJSON, _ = sjson.SetBytes(rawJSON, "response.instructions", instructions) - } - } - } - out := fmt.Sprintf("data: %s", string(rawJSON)) - return []string{out} - } - return []string{string(rawJSON)} -} - -// ConvertCodexResponseToOpenAIResponsesNonStream builds a single Responses JSON -// from a non-streaming OpenAI Chat Completions response. -func ConvertCodexResponseToOpenAIResponsesNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - responseResult := rootResult.Get("response") - template := responseResult.Raw - if responseResult.Get("instructions").Exists() { - instructions := gjson.GetBytes(originalRequestRawJSON, "instructions").String() - template, _ = sjson.Set(template, "instructions", instructions) - } - return template -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/init.go b/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/init.go deleted file mode 100644 index cab759f297..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/codex/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Codex, - ConvertOpenAIResponsesRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAIResponses, - NonStream: ConvertCodexResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go deleted file mode 100644 index ee66138140..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go +++ /dev/null @@ -1,204 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// This package handles the conversion of Claude Code API requests into Gemini CLI-compatible -// JSON format, transforming message contents, system instructions, and tool declarations -// into the format expected by Gemini CLI API clients. It performs JSON data transformation -// to ensure compatibility between Claude Code API format and Gemini CLI API's expected format. -package claude - -import ( - "bytes" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIClaudeThoughtSignature = "skip_thought_signature_validator" - -// ConvertClaudeRequestToCLI parses and transforms a Claude Code API request into Gemini CLI API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini CLI API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini CLI API format -// 3. Converts system instructions to the expected format -// 4. Maps message contents with proper role transformations -// 5. Handles tool declarations and tool choices -// 6. Maps generation configuration parameters -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertClaudeRequestToCLI(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - rawJSON = bytes.Replace(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`), -1) - - // Build output Gemini CLI request JSON - out := `{"model":"","request":{"contents":[]}}` - out, _ = sjson.Set(out, "model", modelName) - - // system instruction - if systemResult := gjson.GetBytes(rawJSON, "system"); systemResult.IsArray() { - systemInstruction := `{"role":"user","parts":[]}` - hasSystemParts := false - systemResult.ForEach(func(_, systemPromptResult gjson.Result) bool { - if systemPromptResult.Get("type").String() == "text" { - textResult := systemPromptResult.Get("text") - if textResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", textResult.String()) - systemInstruction, _ = sjson.SetRaw(systemInstruction, "parts.-1", part) - hasSystemParts = true - } - } - return true - }) - if hasSystemParts { - out, _ = sjson.SetRaw(out, "request.systemInstruction", systemInstruction) - } - } else if systemResult.Type == gjson.String { - out, _ = sjson.Set(out, "request.systemInstruction.parts.-1.text", systemResult.String()) - } - - // contents - if messagesResult := gjson.GetBytes(rawJSON, "messages"); messagesResult.IsArray() { - messagesResult.ForEach(func(_, messageResult gjson.Result) bool { - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - return true - } - role := roleResult.String() - if role == "assistant" { - role = "model" - } - - contentJSON := `{"role":"","parts":[]}` - contentJSON, _ = sjson.Set(contentJSON, "role", role) - - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentsResult.ForEach(func(_, contentResult gjson.Result) bool { - switch contentResult.Get("type").String() { - case "text": - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentResult.Get("text").String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "tool_use": - functionName := contentResult.Get("name").String() - functionArgs := contentResult.Get("input").String() - argsResult := gjson.Parse(functionArgs) - if argsResult.IsObject() && gjson.Valid(functionArgs) { - part := `{"thoughtSignature":"","functionCall":{"name":"","args":{}}}` - part, _ = sjson.Set(part, "thoughtSignature", geminiCLIClaudeThoughtSignature) - part, _ = sjson.Set(part, "functionCall.name", functionName) - part, _ = sjson.SetRaw(part, "functionCall.args", functionArgs) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - - case "tool_result": - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID == "" { - return true - } - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-1], "-") - } - responseData := contentResult.Get("content").Raw - part := `{"functionResponse":{"name":"","response":{"result":""}}}` - part, _ = sjson.Set(part, "functionResponse.name", funcName) - part, _ = sjson.Set(part, "functionResponse.response.result", responseData) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "image": - source := contentResult.Get("source") - if source.Get("type").String() == "base64" { - mimeType := source.Get("media_type").String() - data := source.Get("data").String() - if mimeType != "" && data != "" { - part := `{"inlineData":{"mime_type":"","data":""}}` - part, _ = sjson.Set(part, "inlineData.mime_type", mimeType) - part, _ = sjson.Set(part, "inlineData.data", data) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - } - } - return true - }) - out, _ = sjson.SetRaw(out, "request.contents.-1", contentJSON) - } else if contentsResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentsResult.String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - out, _ = sjson.SetRaw(out, "request.contents.-1", contentJSON) - } - return true - }) - } - - // tools - if toolsResult := gjson.GetBytes(rawJSON, "tools"); toolsResult.IsArray() { - hasTools := false - toolsResult.ForEach(func(_, toolResult gjson.Result) bool { - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - inputSchema := inputSchemaResult.Raw - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - tool, _ = sjson.Delete(tool, "strict") - tool, _ = sjson.Delete(tool, "input_examples") - tool, _ = sjson.Delete(tool, "type") - tool, _ = sjson.Delete(tool, "cache_control") - if gjson.Valid(tool) && gjson.Parse(tool).IsObject() { - if !hasTools { - out, _ = sjson.SetRaw(out, "request.tools", `[{"functionDeclarations":[]}]`) - hasTools = true - } - out, _ = sjson.SetRaw(out, "request.tools.0.functionDeclarations.-1", tool) - } - } - return true - }) - if !hasTools { - out, _ = sjson.Delete(out, "request.tools") - } - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when type==enabled - if t := gjson.GetBytes(rawJSON, "thinking"); t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topK", v.Num) - } - - outBytes := []byte(out) - outBytes = common.AttachDefaultSafetySettings(outBytes, "request.safetySettings") - - return outBytes -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/gemini-cli_claude_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/gemini-cli_claude_response.go deleted file mode 100644 index 1126f1ee4a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/gemini-cli_claude_response.go +++ /dev/null @@ -1,378 +0,0 @@ -// Package claude provides response translation functionality for Claude Code API compatibility. -// This package handles the conversion of backend client responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion and maintains state across streaming chunks. -// This structure tracks the current state of the response translation process to ensure -// proper sequencing of SSE events and transitions between different content types. -type Params struct { - HasFirstResponse bool // Indicates if the initial message_start event has been sent - ResponseType int // Current response type: 0=none, 1=content, 2=thinking, 3=function - ResponseIndex int // Index counter for content blocks in the streaming response - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertGeminiCLIResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertGeminiCLIResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // Only send message_stop if we have actually output content - if (*param).(*Params).HasContent { - return []string{ - "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - // Track whether tools are being used in this response chunk - usedTool := false - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk to establish the streaming session - if !(*param).(*Params).HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values according to Claude Code API specification - // This follows the Claude Code API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Override default values with actual response metadata if available from the Gemini CLI response - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - (*param).(*Params).HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - // Continue existing thinking block if already in thinking state - if (*param).(*Params).ResponseType == 2 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 2 // Set state to thinking - (*param).(*Params).HasContent = true - } - } else { - // Process regular text content (user-visible output) - // Continue existing text block if already in content state - if (*param).(*Params).ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 1 // Set state to content - (*param).(*Params).HasContent = true - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude Code API compatibility - usedTool = true - fcName := functionCallResult.Get("name").String() - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if (*param).(*Params).ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - (*param).(*Params).ResponseType = 0 - } - - // Special handling for thinking state transition - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - - // Close any other existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude Code format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, (*param).(*Params).ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - (*param).(*Params).ResponseType = 3 - (*param).(*Params).HasContent = true - } - } - } - - usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata") - // Process usage metadata and finish reason when present in the response - if usageResult.Exists() && bytes.Contains(rawJSON, []byte(`"finishReason"`)) { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - // Only send final events if we have actually output content - if (*param).(*Params).HasContent { - // Close the final content block - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - - // Send the final message delta with usage information and stop reason - output = output + "event: message_delta\n" - output = output + `data: ` - - // Create the message delta template with appropriate stop reason - template := `{"type":"message_delta","delta":{"stop_reason":"end_turn","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - // Set tool_use stop reason if tools were used in this response - if usedTool { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } else if finish := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finish.Exists() && finish.String() == "MAX_TOKENS" { - template = `{"type":"message_delta","delta":{"stop_reason":"max_tokens","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } - - // Include thinking tokens in output token count if present - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.output_tokens", candidatesTokenCountResult.Int()+thoughtsTokenCount) - template, _ = sjson.Set(template, "usage.input_tokens", usageResult.Get("promptTokenCount").Int()) - - output = output + template + "\n\n\n" - } - } - } - - return []string{output} -} - -// ConvertGeminiCLIResponseToClaudeNonStream converts a non-streaming Gemini CLI response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini CLI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertGeminiCLIResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("response.responseId").String()) - out, _ = sjson.Set(out, "model", root.Get("response.modelVersion").String()) - - inputTokens := root.Get("response.usageMetadata.promptTokenCount").Int() - outputTokens := root.Get("response.usageMetadata.candidatesTokenCount").Int() + root.Get("response.usageMetadata.thoughtsTokenCount").Int() - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - - parts := root.Get("response.candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - thinkingBuilder.Reset() - } - - if parts.IsArray() { - for _, part := range parts.Array() { - if text := part.Get("text"); text.Exists() && text.String() != "" { - if part.Get("thought").Bool() { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if args := functionCall.Get("args"); args.Exists() && gjson.Valid(args.Raw) && args.IsObject() { - inputRaw = args.Raw - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("response.candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - out, _ = sjson.Set(out, "stop_reason", stopReason) - - if inputTokens == int64(0) && outputTokens == int64(0) && !root.Get("response.usageMetadata").Exists() { - out, _ = sjson.Delete(out, "usage") - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/init.go deleted file mode 100644 index 79ed03c68e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - GeminiCLI, - ConvertClaudeRequestToCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToClaude, - NonStream: ConvertGeminiCLIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go deleted file mode 100644 index 15ff8b983a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go +++ /dev/null @@ -1,268 +0,0 @@ -// Package gemini provides request translation functionality for Gemini CLI to Gemini API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Gemini API's expected format. -package gemini - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToGeminiCLI parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini API format -// 3. Converts system instructions to the expected format -// 4. Fixes CLI tool response format and grouping -// -// Parameters: -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertGeminiRequestToGeminiCLI(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - template := "" - template = `{"project":"","request":{},"model":""}` - template, _ = sjson.SetRaw(template, "request", string(rawJSON)) - template, _ = sjson.Set(template, "model", gjson.Get(template, "request.model").String()) - template, _ = sjson.Delete(template, "request.model") - - template, errFixCLIToolResponse := fixCLIToolResponse(template) - if errFixCLIToolResponse != nil { - return []byte{} - } - - systemInstructionResult := gjson.Get(template, "request.system_instruction") - if systemInstructionResult.Exists() { - template, _ = sjson.SetRaw(template, "request.systemInstruction", systemInstructionResult.Raw) - template, _ = sjson.Delete(template, "request.system_instruction") - } - rawJSON = []byte(template) - - // Normalize roles in request.contents: default to valid values if missing/invalid - contents := gjson.GetBytes(rawJSON, "request.contents") - if contents.Exists() { - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - if prevRole == "" { - newRole = "user" - } else if prevRole == "user" { - newRole = "model" - } else { - newRole = "user" - } - path := fmt.Sprintf("request.contents.%d.role", idx) - rawJSON, _ = sjson.SetBytes(rawJSON, path, newRole) - role = newRole - } - prevRole = role - idx++ - return true - }) - } - - toolsResult := gjson.GetBytes(rawJSON, "request.tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - gjson.GetBytes(rawJSON, "request.contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - return common.AttachDefaultSafetySettings(rawJSON, "request.safetySettings") -} - -// FunctionCallGroup represents a group of function calls and their responses -type FunctionCallGroup struct { - ResponsesNeeded int -} - -// fixCLIToolResponse performs sophisticated tool response format conversion and grouping. -// This function transforms the CLI tool response format by intelligently grouping function calls -// with their corresponding responses, ensuring proper conversation flow and API compatibility. -// It converts from a linear format (1.json) to a grouped format (2.json) where function calls -// and their responses are properly associated and structured. -// -// Parameters: -// - input: The input JSON string to be processed -// -// Returns: -// - string: The processed JSON string with grouped function calls and responses -// - error: An error if the processing fails -func fixCLIToolResponse(input string) (string, error) { - // Parse the input JSON to extract the conversation structure - parsed := gjson.Parse(input) - - // Extract the contents array which contains the conversation messages - contents := parsed.Get("request.contents") - if !contents.Exists() { - // log.Debugf(input) - return input, fmt.Errorf("contents not found in input") - } - - // Initialize data structures for processing and grouping - contentsWrapper := `{"contents":[]}` - var pendingGroups []*FunctionCallGroup // Groups awaiting completion with responses - var collectedResponses []gjson.Result // Standalone responses to be matched - - // Process each content object in the conversation - // This iterates through messages and groups function calls with their responses - contents.ForEach(func(key, value gjson.Result) bool { - role := value.Get("role").String() - parts := value.Get("parts") - - // Check if this content has function responses - var responsePartsInThisContent []gjson.Result - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionResponse").Exists() { - responsePartsInThisContent = append(responsePartsInThisContent, part) - } - return true - }) - - // If this content has function responses, collect them - if len(responsePartsInThisContent) > 0 { - collectedResponses = append(collectedResponses, responsePartsInThisContent...) - - // Check if any pending groups can be satisfied - for i := len(pendingGroups) - 1; i >= 0; i-- { - group := pendingGroups[i] - if len(collectedResponses) >= group.ResponsesNeeded { - // Take the needed responses for this group - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - // Create merged function response content - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - if !response.IsObject() { - log.Warnf("failed to parse function response") - continue - } - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", response.Raw) - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - - // Remove this group as it's been satisfied - pendingGroups = append(pendingGroups[:i], pendingGroups[i+1:]...) - break - } - } - - return true // Skip adding this content, responses are merged - } - - // If this is a model with function calls, create a new group - if role == "model" { - functionCallsCount := 0 - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - functionCallsCount++ - } - return true - }) - - if functionCallsCount > 0 { - // Add the model content - if !value.IsObject() { - log.Warnf("failed to parse model content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - - // Create a new group for tracking responses - group := &FunctionCallGroup{ - ResponsesNeeded: functionCallsCount, - } - pendingGroups = append(pendingGroups, group) - } else { - // Regular model content without function calls - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - } else { - // Non-model content (user, etc.) - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - - return true - }) - - // Handle any remaining pending groups with remaining responses - for _, group := range pendingGroups { - if len(collectedResponses) >= group.ResponsesNeeded { - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - if !response.IsObject() { - log.Warnf("failed to parse function response") - continue - } - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", response.Raw) - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - } - } - - // Update the original JSON with the new contents - result := input - result, _ = sjson.SetRaw(result, "request.contents", gjson.Get(contentsWrapper, "contents").Raw) - - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/gemini-cli_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/gemini-cli_gemini_response.go deleted file mode 100644 index 0ae931f112..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/gemini-cli_gemini_response.go +++ /dev/null @@ -1,86 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Gemini CLI API compatibility. -// It handles parsing and transforming Gemini API requests into Gemini CLI API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Gemini CLI API's expected format. -package gemini - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCliResponseToGemini parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the response data from the request -// 2. Handles alternative response formats -// 3. Processes array responses by extracting individual response objects -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - []string: The transformed request data in Gemini API format -func ConvertGeminiCliResponseToGemini(ctx context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if alt, ok := ctx.Value("alt").(string); ok { - var chunk []byte - if alt == "" { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk = []byte(responseResult.Raw) - } - } else { - chunkTemplate := "[]" - responseResult := gjson.ParseBytes(chunk) - if responseResult.IsArray() { - responseResultItems := responseResult.Array() - for i := 0; i < len(responseResultItems); i++ { - responseResultItem := responseResultItems[i] - if responseResultItem.Get("response").Exists() { - chunkTemplate, _ = sjson.SetRaw(chunkTemplate, "-1", responseResultItem.Get("response").Raw) - } - } - } - chunk = []byte(chunkTemplate) - } - return []string{string(chunk)} - } - return []string{} -} - -// ConvertGeminiCliResponseToGeminiNonStream converts a non-streaming Gemini CLI request to a non-streaming Gemini response. -// This function processes the complete Gemini CLI request and transforms it into a single Gemini-compatible -// JSON response. It extracts the response data from the request and returns it in the expected format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing the response data -func ConvertGeminiCliResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return responseResult.Raw - } - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/init.go deleted file mode 100644 index fbad4ab50b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - GeminiCLI, - ConvertGeminiRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCliResponseToGemini, - NonStream: ConvertGeminiCliResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go deleted file mode 100644 index 53da71f4e5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go +++ /dev/null @@ -1,395 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToGeminiCLI converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToGeminiCLI(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"project":"","request":{"contents":[]},"model":"gemini-2.5-pro"}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini CLI thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "request.generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topK", tkr.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "request.generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini CLI request.generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "request.generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into request.generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.imageSize", size.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> request.systemInstruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", item.Get("text").String()) - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } else if role == "assistant" { - p := 0 - node := []byte(`{"role":"model","parts":[]}`) - if content.Type == gjson.String { - // Assistant text -> single model content - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", item.Get("text").String()) - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(resp)) - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", toolNode) - } - } else { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - } - } - } - - // tools -> request.tools[].functionDeclarations + request.tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(gs.Raw)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "request.tools", toolsNode) - } - } - - return common.AttachDefaultSafetySettings(out, "request.safetySettings") -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go deleted file mode 100644 index 0415e01493..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go +++ /dev/null @@ -1,235 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/chat-completions" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertCliResponseToOpenAIChatParams holds parameters for response conversion. -type convertCliResponseToOpenAIChatParams struct { - UnixTimestamp int64 - FunctionIndex int -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertCliResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertCliResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &convertCliResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "response.createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } else { - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - finishReason := "" - if stopReasonResult := gjson.GetBytes(rawJSON, "response.stop_reason"); stopReasonResult.Exists() { - finishReason = stopReasonResult.String() - } - if finishReason == "" { - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - finishReason = finishReasonResult.String() - } - } - finishReason = strings.ToLower(finishReason) - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini-cli openai response: failed to set cached_tokens: %v", err) - } - } - } - - // Process the main content part of the response. - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - hasFunctionCall := false - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Ignore encrypted thoughtSignature but keep any actual content in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - textContent := partTextResult.String() - - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", textContent) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", textContent) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - hasFunctionCall = true - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - functionCallIndex := (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex - (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex++ - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - if hasFunctionCall { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else if finishReason != "" && (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex == 0 { - // Only pass through specific finish reasons - if finishReason == "max_tokens" || finishReason == "stop" { - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } - } - - return []string{template} -} - -// ConvertCliResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertCliResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return ConvertGeminiResponseToOpenAINonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, []byte(responseResult.Raw), param) - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/init.go deleted file mode 100644 index 3bd76c517d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - GeminiCLI, - ConvertOpenAIRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertCliResponseToOpenAI, - NonStream: ConvertCliResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go deleted file mode 100644 index 657e45fdb2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go +++ /dev/null @@ -1,12 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini-cli/gemini" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/responses" -) - -func ConvertOpenAIResponsesRequestToGeminiCLI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = ConvertOpenAIResponsesRequestToGemini(modelName, rawJSON, stream) - return ConvertGeminiRequestToGeminiCLI(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go deleted file mode 100644 index 5186588483..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go +++ /dev/null @@ -1,35 +0,0 @@ -package responses - -import ( - "context" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/responses" - "github.com/tidwall/gjson" -) - -func ConvertGeminiCLIResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - return ConvertGeminiResponseToOpenAIResponses(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -func ConvertGeminiCLIResponseToOpenAIResponsesNonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - - requestResult := gjson.GetBytes(originalRequestRawJSON, "request") - if responseResult.Exists() { - originalRequestRawJSON = []byte(requestResult.Raw) - } - - requestResult = gjson.GetBytes(requestRawJSON, "request") - if responseResult.Exists() { - requestRawJSON = []byte(requestResult.Raw) - } - - return ConvertGeminiResponseToOpenAIResponsesNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/init.go deleted file mode 100644 index b25d670851..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini-cli/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - GeminiCLI, - ConvertOpenAIResponsesRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToOpenAIResponses, - NonStream: ConvertGeminiCLIResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/gemini_claude_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/gemini_claude_request.go deleted file mode 100644 index e882f769a8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/gemini_claude_request.go +++ /dev/null @@ -1,185 +0,0 @@ -// Package claude provides request translation functionality for Claude API. -// It handles parsing and transforming Claude API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude API format and the internal client's expected format. -package claude - -import ( - "bytes" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiClaudeThoughtSignature = "skip_thought_signature_validator" - -// ConvertClaudeRequestToGemini parses a Claude API request and returns a complete -// Gemini CLI request body (as JSON bytes) ready to be sent via SendRawMessageStream. -// All JSON transformations are performed using gjson/sjson. -// -// Parameters: -// - modelName: The name of the model. -// - rawJSON: The raw JSON request from the Claude API. -// - stream: A boolean indicating if the request is for a streaming response. -// -// Returns: -// - []byte: The transformed request in Gemini CLI format. -func ConvertClaudeRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - rawJSON = bytes.Replace(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`), -1) - - // Build output Gemini CLI request JSON - out := `{"contents":[]}` - out, _ = sjson.Set(out, "model", modelName) - - // system instruction - if systemResult := gjson.GetBytes(rawJSON, "system"); systemResult.IsArray() { - systemInstruction := `{"role":"user","parts":[]}` - hasSystemParts := false - systemResult.ForEach(func(_, systemPromptResult gjson.Result) bool { - if systemPromptResult.Get("type").String() == "text" { - textResult := systemPromptResult.Get("text") - if textResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", textResult.String()) - systemInstruction, _ = sjson.SetRaw(systemInstruction, "parts.-1", part) - hasSystemParts = true - } - } - return true - }) - if hasSystemParts { - out, _ = sjson.SetRaw(out, "system_instruction", systemInstruction) - } - } else if systemResult.Type == gjson.String { - out, _ = sjson.Set(out, "system_instruction.parts.-1.text", systemResult.String()) - } - - // contents - if messagesResult := gjson.GetBytes(rawJSON, "messages"); messagesResult.IsArray() { - messagesResult.ForEach(func(_, messageResult gjson.Result) bool { - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - return true - } - role := roleResult.String() - if role == "assistant" { - role = "model" - } - - contentJSON := `{"role":"","parts":[]}` - contentJSON, _ = sjson.Set(contentJSON, "role", role) - - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentsResult.ForEach(func(_, contentResult gjson.Result) bool { - switch contentResult.Get("type").String() { - case "text": - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentResult.Get("text").String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "tool_use": - functionName := contentResult.Get("name").String() - functionArgs := contentResult.Get("input").String() - argsResult := gjson.Parse(functionArgs) - if argsResult.IsObject() && gjson.Valid(functionArgs) { - part := `{"thoughtSignature":"","functionCall":{"name":"","args":{}}}` - part, _ = sjson.Set(part, "thoughtSignature", geminiClaudeThoughtSignature) - part, _ = sjson.Set(part, "functionCall.name", functionName) - part, _ = sjson.SetRaw(part, "functionCall.args", functionArgs) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - - case "tool_result": - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID == "" { - return true - } - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-1], "-") - } - responseData := contentResult.Get("content").Raw - part := `{"functionResponse":{"name":"","response":{"result":""}}}` - part, _ = sjson.Set(part, "functionResponse.name", funcName) - part, _ = sjson.Set(part, "functionResponse.response.result", responseData) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - return true - }) - out, _ = sjson.SetRaw(out, "contents.-1", contentJSON) - } else if contentsResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentsResult.String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - out, _ = sjson.SetRaw(out, "contents.-1", contentJSON) - } - return true - }) - } - - // tools - if toolsResult := gjson.GetBytes(rawJSON, "tools"); toolsResult.IsArray() { - hasTools := false - toolsResult.ForEach(func(_, toolResult gjson.Result) bool { - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - inputSchema := inputSchemaResult.Raw - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - tool, _ = sjson.Delete(tool, "strict") - tool, _ = sjson.Delete(tool, "input_examples") - tool, _ = sjson.Delete(tool, "type") - tool, _ = sjson.Delete(tool, "cache_control") - if gjson.Valid(tool) && gjson.Parse(tool).IsObject() { - if !hasTools { - out, _ = sjson.SetRaw(out, "tools", `[{"functionDeclarations":[]}]`) - hasTools = true - } - out, _ = sjson.SetRaw(out, "tools.0.functionDeclarations.-1", tool) - } - } - return true - }) - if !hasTools { - out, _ = sjson.Delete(out, "tools") - } - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when enabled - // Translator only does format conversion, ApplyThinking handles model capability validation. - if t := gjson.GetBytes(rawJSON, "thinking"); t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.topK", v.Num) - } - - result := []byte(out) - result = common.AttachDefaultSafetySettings(result, "safetySettings") - - return result -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/gemini_claude_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/gemini_claude_response.go deleted file mode 100644 index cfc06921d3..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/gemini_claude_response.go +++ /dev/null @@ -1,384 +0,0 @@ -// Package claude provides response translation functionality for Claude API. -// This package handles the conversion of backend client responses into Claude-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion. -type Params struct { - IsGlAPIKey bool - HasFirstResponse bool - ResponseType int - ResponseIndex int - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertGeminiResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Claude-compatible JSON response. -func ConvertGeminiResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - IsGlAPIKey: false, - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // Only send message_stop if we have actually output content - if (*param).(*Params).HasContent { - return []string{ - "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - // Track whether tools are being used in this response chunk - usedTool := false - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk - if !(*param).(*Params).HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values - // This follows the Claude API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Override default values with actual response metadata if available - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - (*param).(*Params).HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - // Continue existing thinking block - if (*param).(*Params).ResponseType == 2 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 2 // Set state to thinking - (*param).(*Params).HasContent = true - } - } else { - // Process regular text content (user-visible output) - // Continue existing text block - if (*param).(*Params).ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 1 // Set state to content - (*param).(*Params).HasContent = true - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude API compatibility - usedTool = true - fcName := functionCallResult.Get("name").String() - - // FIX: Handle streaming split/delta where name might be empty in subsequent chunks. - // If we are already in tool use mode and name is empty, treat as continuation (delta). - if (*param).(*Params).ResponseType == 3 && fcName == "" { - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - // Continue to next part without closing/opening logic - continue - } - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if (*param).(*Params).ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - (*param).(*Params).ResponseType = 0 - } - - // Special handling for thinking state transition - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - - // Close any other existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, (*param).(*Params).ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - (*param).(*Params).ResponseType = 3 - (*param).(*Params).HasContent = true - } - } - } - - usageResult := gjson.GetBytes(rawJSON, "usageMetadata") - if usageResult.Exists() && bytes.Contains(rawJSON, []byte(`"finishReason"`)) { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - // Only send final events if we have actually output content - if (*param).(*Params).HasContent { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - - output = output + "event: message_delta\n" - output = output + `data: ` - - template := `{"type":"message_delta","delta":{"stop_reason":"end_turn","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - if usedTool { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } else if finish := gjson.GetBytes(rawJSON, "candidates.0.finishReason"); finish.Exists() && finish.String() == "MAX_TOKENS" { - template = `{"type":"message_delta","delta":{"stop_reason":"max_tokens","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } - - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.output_tokens", candidatesTokenCountResult.Int()+thoughtsTokenCount) - template, _ = sjson.Set(template, "usage.input_tokens", usageResult.Get("promptTokenCount").Int()) - - output = output + template + "\n\n\n" - } - } - } - - return []string{output} -} - -// ConvertGeminiResponseToClaudeNonStream converts a non-streaming Gemini response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertGeminiResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("responseId").String()) - out, _ = sjson.Set(out, "model", root.Get("modelVersion").String()) - - inputTokens := root.Get("usageMetadata.promptTokenCount").Int() - outputTokens := root.Get("usageMetadata.candidatesTokenCount").Int() + root.Get("usageMetadata.thoughtsTokenCount").Int() - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - - parts := root.Get("candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - thinkingBuilder.Reset() - } - - if parts.IsArray() { - for _, part := range parts.Array() { - if text := part.Get("text"); text.Exists() && text.String() != "" { - if part.Get("thought").Bool() { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if args := functionCall.Get("args"); args.Exists() && gjson.Valid(args.Raw) && args.IsObject() { - inputRaw = args.Raw - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - out, _ = sjson.Set(out, "stop_reason", stopReason) - - if inputTokens == int64(0) && outputTokens == int64(0) && !root.Get("usageMetadata").Exists() { - out, _ = sjson.Delete(out, "usage") - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/init.go deleted file mode 100644 index 66fe51e739..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Gemini, - ConvertClaudeRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToClaude, - NonStream: ConvertGeminiResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/common/safety.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/common/safety.go deleted file mode 100644 index e4b1429382..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/common/safety.go +++ /dev/null @@ -1,47 +0,0 @@ -package common - -import ( - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// DefaultSafetySettings returns the default Gemini safety configuration we attach to requests. -func DefaultSafetySettings() []map[string]string { - return []map[string]string{ - { - "category": "HARM_CATEGORY_HARASSMENT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_HATE_SPEECH", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_SEXUALLY_EXPLICIT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_DANGEROUS_CONTENT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_CIVIC_INTEGRITY", - "threshold": "BLOCK_NONE", - }, - } -} - -// AttachDefaultSafetySettings ensures the default safety settings are present when absent. -// The caller must provide the target JSON path (e.g. "safetySettings" or "request.safetySettings"). -func AttachDefaultSafetySettings(rawJSON []byte, path string) []byte { - if gjson.GetBytes(rawJSON, path).Exists() { - return rawJSON - } - - out, err := sjson.SetBytes(rawJSON, path, DefaultSafetySettings()) - if err != nil { - return rawJSON - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go deleted file mode 100644 index 1b2cdb4636..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go +++ /dev/null @@ -1,63 +0,0 @@ -// Package gemini provides request translation functionality for Claude API. -// It handles parsing and transforming Claude API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude API format and the internal client's expected format. -package geminiCLI - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// PrepareClaudeRequest parses and transforms a Claude API request into internal client format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the internal client. -func ConvertGeminiCLIRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - modelResult := gjson.GetBytes(rawJSON, "model") - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelResult.String()) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - gjson.GetBytes(rawJSON, "contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - return common.AttachDefaultSafetySettings(rawJSON, "safetySettings") -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/gemini_gemini-cli_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/gemini_gemini-cli_response.go deleted file mode 100644 index 39b8dfb644..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/gemini_gemini-cli_response.go +++ /dev/null @@ -1,62 +0,0 @@ -// Package gemini_cli provides response translation functionality for Gemini API to Gemini CLI API. -// This package handles the conversion of Gemini API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/sjson" -) - -var dataTag = []byte("data:") - -// ConvertGeminiResponseToGeminiCLI converts Gemini streaming response format to Gemini CLI single-line JSON format. -// This function processes various Gemini event types and transforms them into Gemini CLI-compatible JSON responses. -// It handles thinking content, regular text content, and function calls, outputting single-line JSON -// that matches the Gemini CLI API response format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion (unused). -// -// Returns: -// - []string: A slice of strings, each containing a Gemini CLI-compatible JSON response. -func ConvertGeminiResponseToGeminiCLI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - json := `{"response": {}}` - rawJSON, _ = sjson.SetRawBytes([]byte(json), "response", rawJSON) - return []string{string(rawJSON)} -} - -// ConvertGeminiResponseToGeminiCLINonStream converts a non-streaming Gemini response to a non-streaming Gemini CLI response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion (unused). -// -// Returns: -// - string: A Gemini CLI-compatible JSON response. -func ConvertGeminiResponseToGeminiCLINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - json := `{"response": {}}` - rawJSON, _ = sjson.SetRawBytes([]byte(json), "response", rawJSON) - return string(rawJSON) -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/init.go deleted file mode 100644 index 2c2224f7d0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - Gemini, - ConvertGeminiCLIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToGeminiCLI, - NonStream: ConvertGeminiResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/gemini_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/gemini_gemini_request.go deleted file mode 100644 index 8024e9e329..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/gemini_gemini_request.go +++ /dev/null @@ -1,100 +0,0 @@ -// Package gemini provides in-provider request normalization for Gemini API. -// It ensures incoming v1beta requests meet minimal schema requirements -// expected by Google's Generative Language API. -package gemini - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToGemini normalizes Gemini v1beta requests. -// - Adds a default role for each content if missing or invalid. -// The first message defaults to "user", then alternates user/model when needed. -// -// It keeps the payload otherwise unchanged. -func ConvertGeminiRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Fast path: if no contents field, only attach safety settings - contents := gjson.GetBytes(rawJSON, "contents") - if !contents.Exists() { - return common.AttachDefaultSafetySettings(rawJSON, "safetySettings") - } - - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - if gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.functionDeclarations", i)).Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.functionDeclarations", i), fmt.Sprintf("tools.%d.function_declarations", i)) - rawJSON = []byte(strJson) - } - - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - // Walk contents and fix roles - out := rawJSON - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - - // Only user/model are valid for Gemini v1beta requests - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - if prevRole == "" { - newRole = "user" - } else if prevRole == "user" { - newRole = "model" - } else { - newRole = "user" - } - path := fmt.Sprintf("contents.%d.role", idx) - out, _ = sjson.SetBytes(out, path, newRole) - role = newRole - } - - prevRole = role - idx++ - return true - }) - - gjson.GetBytes(out, "contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - out, _ = sjson.SetBytes(out, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - out, _ = sjson.SetBytes(out, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - if gjson.GetBytes(rawJSON, "generationConfig.responseSchema").Exists() { - strJson, _ := util.RenameKey(string(out), "generationConfig.responseSchema", "generationConfig.responseJsonSchema") - out = []byte(strJson) - } - - out = common.AttachDefaultSafetySettings(out, "safetySettings") - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/gemini_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/gemini_gemini_response.go deleted file mode 100644 index 05fb6ab95e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/gemini_gemini_response.go +++ /dev/null @@ -1,29 +0,0 @@ -package gemini - -import ( - "bytes" - "context" - "fmt" -) - -// PassthroughGeminiResponseStream forwards Gemini responses unchanged. -func PassthroughGeminiResponseStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - return []string{string(rawJSON)} -} - -// PassthroughGeminiResponseNonStream forwards Gemini responses unchanged. -func PassthroughGeminiResponseNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/init.go deleted file mode 100644 index 28c9708338..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/gemini/init.go +++ /dev/null @@ -1,22 +0,0 @@ -package gemini - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -// Register a no-op response translator and a request normalizer for Gemini→Gemini. -// The request converter ensures missing or invalid roles are normalized to valid values. -func init() { - translator.Register( - Gemini, - Gemini, - ConvertGeminiRequestToGemini, - interfaces.TranslateResponse{ - Stream: PassthroughGeminiResponseStream, - NonStream: PassthroughGeminiResponseNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go deleted file mode 100644 index 5de3568198..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go +++ /dev/null @@ -1,403 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini API compatibility. -// It converts OpenAI Chat Completions requests into Gemini compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToGemini converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertOpenAIRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"contents":[]}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.topK", tkr.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.imageConfig.imageSize", size.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> system_instruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } else if role == "assistant" { - node := []byte(`{"role":"model","parts":[]}`) - p := 0 - if content.Type == gjson.String { - // Assistant text -> single model content - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(resp)) - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "contents.-1", toolNode) - } - } else { - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } - } - } - } - - // tools -> tools[].functionDeclarations + tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(gs.Raw)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "tools", toolsNode) - } - } - - out = common.AttachDefaultSafetySettings(out, "safetySettings") - - return out -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/gemini_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/gemini_openai_response.go deleted file mode 100644 index ee581c46e0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/gemini_openai_response.go +++ /dev/null @@ -1,407 +0,0 @@ -// Package openai provides response translation functionality for Gemini to OpenAI API compatibility. -// This package handles the conversion of Gemini API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertGeminiResponseToOpenAIChatParams holds parameters for response conversion. -type convertGeminiResponseToOpenAIChatParams struct { - UnixTimestamp int64 - // FunctionIndex tracks tool call indices per candidate index to support multiple candidates. - FunctionIndex map[int]int -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertGeminiResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertGeminiResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - // Initialize parameters if nil. - if *param == nil { - *param = &convertGeminiResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: make(map[int]int), - } - } - - // Ensure the Map is initialized (handling cases where param might be reused from older context). - p := (*param).(*convertGeminiResponseToOpenAIChatParams) - if p.FunctionIndex == nil { - p.FunctionIndex = make(map[int]int) - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE base template. - // We use a base template and clone it for each candidate to support multiple candidates. - baseTemplate := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - p.UnixTimestamp = t.Unix() - } - baseTemplate, _ = sjson.Set(baseTemplate, "created", p.UnixTimestamp) - } else { - baseTemplate, _ = sjson.Set(baseTemplate, "created", p.UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "id", responseIDResult.String()) - } - - // Extract and set usage metadata (token counts). - // Usage is applied to the base template so it appears in the chunks. - if usageResult := gjson.GetBytes(rawJSON, "usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - cachedTokenCount - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - baseTemplate, _ = sjson.Set(baseTemplate, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - baseTemplate, err = sjson.Set(baseTemplate, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini openai response: failed to set cached_tokens in streaming: %v", err) - } - } - } - - var responseStrings []string - candidates := gjson.GetBytes(rawJSON, "candidates") - - // Iterate over all candidates to support candidate_count > 1. - if candidates.IsArray() { - candidates.ForEach(func(_, candidate gjson.Result) bool { - // Clone the template for the current candidate. - template := baseTemplate - - // Set the specific index for this candidate. - candidateIndex := int(candidate.Get("index").Int()) - template, _ = sjson.Set(template, "choices.0.index", candidateIndex) - - finishReason := "" - if stopReasonResult := gjson.GetBytes(rawJSON, "stop_reason"); stopReasonResult.Exists() { - finishReason = stopReasonResult.String() - } - if finishReason == "" { - if finishReasonResult := gjson.GetBytes(rawJSON, "candidates.0.finishReason"); finishReasonResult.Exists() { - finishReason = finishReasonResult.String() - } - } - finishReason = strings.ToLower(finishReason) - - partsResult := candidate.Get("content.parts") - hasFunctionCall := false - - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Skip pure thoughtSignature parts but keep any actual payload in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - text := partTextResult.String() - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", text) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", text) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - hasFunctionCall = true - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - - // Retrieve the function index for this specific candidate. - functionCallIndex := p.FunctionIndex[candidateIndex] - p.FunctionIndex[candidateIndex]++ - - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - if hasFunctionCall { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else if finishReason != "" { - // Only pass through specific finish reasons - if finishReason == "max_tokens" || finishReason == "stop" { - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } - } - - responseStrings = append(responseStrings, template) - return true // continue loop - }) - } else { - // If there are no candidates (e.g., a pure usageMetadata chunk), return the usage chunk if present. - if gjson.GetBytes(rawJSON, "usageMetadata").Exists() && len(responseStrings) == 0 { - responseStrings = append(responseStrings, baseTemplate) - } - } - - return responseStrings -} - -// ConvertGeminiResponseToOpenAINonStream converts a non-streaming Gemini response to a non-streaming OpenAI response. -// This function processes the complete Gemini response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertGeminiResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - var unixTimestamp int64 - // Initialize template with an empty choices array to support multiple candidates. - template := `{"id":"","object":"chat.completion","created":123456,"model":"model","choices":[]}` - - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - if createTimeResult := gjson.GetBytes(rawJSON, "createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - unixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", unixTimestamp) - } else { - template, _ = sjson.Set(template, "created", unixTimestamp) - } - - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - if usageResult := gjson.GetBytes(rawJSON, "usageMetadata"); usageResult.Exists() { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini openai response: failed to set cached_tokens in non-streaming: %v", err) - } - } - } - - // Process the main content part of the response for all candidates. - candidates := gjson.GetBytes(rawJSON, "candidates") - if candidates.IsArray() { - candidates.ForEach(func(_, candidate gjson.Result) bool { - // Construct a single Choice object. - choiceTemplate := `{"index":0,"message":{"role":"assistant","content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}` - - // Set the index for this choice. - choiceTemplate, _ = sjson.Set(choiceTemplate, "index", candidate.Get("index").Int()) - - // Set finish reason. - if finishReasonResult := candidate.Get("finishReason"); finishReasonResult.Exists() { - choiceTemplate, _ = sjson.Set(choiceTemplate, "finish_reason", strings.ToLower(finishReasonResult.String())) - choiceTemplate, _ = sjson.Set(choiceTemplate, "native_finish_reason", strings.ToLower(finishReasonResult.String())) - } - - partsResult := candidate.Get("content.parts") - hasFunctionCall := false - if partsResult.IsArray() { - partsResults := partsResult.Array() - for i := 0; i < len(partsResults); i++ { - partResult := partsResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - if partTextResult.Exists() { - // Append text content, distinguishing between regular content and reasoning. - if partResult.Get("thought").Bool() { - oldVal := gjson.Get(choiceTemplate, "message.reasoning_content").String() - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.reasoning_content", oldVal+partTextResult.String()) - } else { - oldVal := gjson.Get(choiceTemplate, "message.content").String() - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.content", oldVal+partTextResult.String()) - } - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - } else if functionCallResult.Exists() { - // Append function call content to the tool_calls array. - hasFunctionCall = true - toolCallsResult := gjson.Get(choiceTemplate, "message.tool_calls") - if !toolCallsResult.Exists() || !toolCallsResult.IsArray() { - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.tool_calls", `[]`) - } - functionCallItemTemplate := `{"id": "","type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", fcArgsResult.Raw) - } - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.tool_calls.-1", functionCallItemTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data != "" { - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(choiceTemplate, "message.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.images", `[]`) - } - imageIndex := len(gjson.Get(choiceTemplate, "message.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.images.-1", imagePayload) - } - } - } - } - - if hasFunctionCall { - choiceTemplate, _ = sjson.Set(choiceTemplate, "finish_reason", "tool_calls") - choiceTemplate, _ = sjson.Set(choiceTemplate, "native_finish_reason", "tool_calls") - } - - // Append the constructed choice to the main choices array. - template, _ = sjson.SetRaw(template, "choices.-1", choiceTemplate) - return true - }) - } - - return template -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/init.go deleted file mode 100644 index 800e07db3d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Gemini, - ConvertOpenAIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAI, - NonStream: ConvertGeminiResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go deleted file mode 100644 index aca0171781..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go +++ /dev/null @@ -1,442 +0,0 @@ -package responses - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiResponsesThoughtSignature = "skip_thought_signature_validator" - -func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - // Note: modelName and stream parameters are part of the fixed method signature - _ = modelName // Unused but required by interface - _ = stream // Unused but required by interface - - // Base Gemini API template (do not include thinkingConfig by default) - out := `{"contents":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Extract system instruction from OpenAI "instructions" field - if instructions := root.Get("instructions"); instructions.Exists() { - systemInstr := `{"parts":[{"text":""}]}` - systemInstr, _ = sjson.Set(systemInstr, "parts.0.text", instructions.String()) - out, _ = sjson.SetRaw(out, "system_instruction", systemInstr) - } - - // Convert input messages to Gemini contents format - if input := root.Get("input"); input.Exists() && input.IsArray() { - items := input.Array() - - // Normalize consecutive function calls and outputs so each call is immediately followed by its response - normalized := make([]gjson.Result, 0, len(items)) - for i := 0; i < len(items); { - item := items[i] - itemType := item.Get("type").String() - itemRole := item.Get("role").String() - if itemType == "" && itemRole != "" { - itemType = "message" - } - - if itemType == "function_call" { - var calls []gjson.Result - var outputs []gjson.Result - - for i < len(items) { - next := items[i] - nextType := next.Get("type").String() - nextRole := next.Get("role").String() - if nextType == "" && nextRole != "" { - nextType = "message" - } - if nextType != "function_call" { - break - } - calls = append(calls, next) - i++ - } - - for i < len(items) { - next := items[i] - nextType := next.Get("type").String() - nextRole := next.Get("role").String() - if nextType == "" && nextRole != "" { - nextType = "message" - } - if nextType != "function_call_output" { - break - } - outputs = append(outputs, next) - i++ - } - - if len(calls) > 0 { - outputMap := make(map[string]gjson.Result, len(outputs)) - for _, out := range outputs { - outputMap[out.Get("call_id").String()] = out - } - for _, call := range calls { - normalized = append(normalized, call) - callID := call.Get("call_id").String() - if resp, ok := outputMap[callID]; ok { - normalized = append(normalized, resp) - delete(outputMap, callID) - } - } - for _, out := range outputs { - if _, ok := outputMap[out.Get("call_id").String()]; ok { - normalized = append(normalized, out) - } - } - continue - } - } - - if itemType == "function_call_output" { - normalized = append(normalized, item) - i++ - continue - } - - normalized = append(normalized, item) - i++ - } - - for _, item := range normalized { - itemType := item.Get("type").String() - itemRole := item.Get("role").String() - if itemType == "" && itemRole != "" { - itemType = "message" - } - - switch itemType { - case "message": - if strings.EqualFold(itemRole, "system") { - if contentArray := item.Get("content"); contentArray.Exists() { - systemInstr := "" - if systemInstructionResult := gjson.Get(out, "system_instruction"); systemInstructionResult.Exists() { - systemInstr = systemInstructionResult.Raw - } else { - systemInstr = `{"parts":[]}` - } - - if contentArray.IsArray() { - contentArray.ForEach(func(_, contentItem gjson.Result) bool { - part := `{"text":""}` - text := contentItem.Get("text").String() - part, _ = sjson.Set(part, "text", text) - systemInstr, _ = sjson.SetRaw(systemInstr, "parts.-1", part) - return true - }) - } else if contentArray.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentArray.String()) - systemInstr, _ = sjson.SetRaw(systemInstr, "parts.-1", part) - } - - if systemInstr != `{"parts":[]}` { - out, _ = sjson.SetRaw(out, "system_instruction", systemInstr) - } - } - continue - } - - // Handle regular messages - // Note: In Responses format, model outputs may appear as content items with type "output_text" - // even when the message.role is "user". We split such items into distinct Gemini messages - // with roles derived from the content type to match docs/convert-2.md. - if contentArray := item.Get("content"); contentArray.Exists() && contentArray.IsArray() { - currentRole := "" - var currentParts []string - - flush := func() { - if currentRole == "" || len(currentParts) == 0 { - currentParts = nil - return - } - one := `{"role":"","parts":[]}` - one, _ = sjson.Set(one, "role", currentRole) - for _, part := range currentParts { - one, _ = sjson.SetRaw(one, "parts.-1", part) - } - out, _ = sjson.SetRaw(out, "contents.-1", one) - currentParts = nil - } - - contentArray.ForEach(func(_, contentItem gjson.Result) bool { - contentType := contentItem.Get("type").String() - if contentType == "" { - contentType = "input_text" - } - - effRole := "user" - if itemRole != "" { - switch strings.ToLower(itemRole) { - case "assistant", "model": - effRole = "model" - default: - effRole = strings.ToLower(itemRole) - } - } - if contentType == "output_text" { - effRole = "model" - } - if effRole == "assistant" { - effRole = "model" - } - - if currentRole != "" && effRole != currentRole { - flush() - currentRole = "" - } - if currentRole == "" { - currentRole = effRole - } - - var partJSON string - switch contentType { - case "input_text", "output_text": - if text := contentItem.Get("text"); text.Exists() { - partJSON = `{"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - } - case "input_image": - imageURL := contentItem.Get("image_url").String() - if imageURL == "" { - imageURL = contentItem.Get("url").String() - } - if imageURL != "" { - mimeType := "application/octet-stream" - data := "" - if strings.HasPrefix(imageURL, "data:") { - trimmed := strings.TrimPrefix(imageURL, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mimeType = mediaAndData[0] - } - data = mediaAndData[1] - } else { - mediaAndData = strings.SplitN(trimmed, ",", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mimeType = mediaAndData[0] - } - data = mediaAndData[1] - } - } - } - if data != "" { - partJSON = `{"inline_data":{"mime_type":"","data":""}}` - partJSON, _ = sjson.Set(partJSON, "inline_data.mime_type", mimeType) - partJSON, _ = sjson.Set(partJSON, "inline_data.data", data) - } - } - } - - if partJSON != "" { - currentParts = append(currentParts, partJSON) - } - return true - }) - - flush() - } else if contentArray.Type == gjson.String { - effRole := "user" - if itemRole != "" { - switch strings.ToLower(itemRole) { - case "assistant", "model": - effRole = "model" - default: - effRole = strings.ToLower(itemRole) - } - } - - one := `{"role":"","parts":[{"text":""}]}` - one, _ = sjson.Set(one, "role", effRole) - one, _ = sjson.Set(one, "parts.0.text", contentArray.String()) - out, _ = sjson.SetRaw(out, "contents.-1", one) - } - case "function_call": - // Handle function calls - convert to model message with functionCall - name := item.Get("name").String() - arguments := item.Get("arguments").String() - - modelContent := `{"role":"model","parts":[]}` - functionCall := `{"functionCall":{"name":"","args":{}}}` - functionCall, _ = sjson.Set(functionCall, "functionCall.name", name) - functionCall, _ = sjson.Set(functionCall, "thoughtSignature", geminiResponsesThoughtSignature) - functionCall, _ = sjson.Set(functionCall, "functionCall.id", item.Get("call_id").String()) - - // Parse arguments JSON string and set as args object - if arguments != "" { - argsResult := gjson.Parse(arguments) - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsResult.Raw) - } - - modelContent, _ = sjson.SetRaw(modelContent, "parts.-1", functionCall) - out, _ = sjson.SetRaw(out, "contents.-1", modelContent) - - case "function_call_output": - // Handle function call outputs - convert to function message with functionResponse - callID := item.Get("call_id").String() - // Use .Raw to preserve the JSON encoding (includes quotes for strings) - outputRaw := item.Get("output").Str - - functionContent := `{"role":"function","parts":[]}` - functionResponse := `{"functionResponse":{"name":"","response":{}}}` - - // We need to extract the function name from the previous function_call - // For now, we'll use a placeholder or extract from context if available - functionName := "unknown" // This should ideally be matched with the corresponding function_call - - // Find the corresponding function call name by matching call_id - // We need to look back through the input array to find the matching call - if inputArray := root.Get("input"); inputArray.Exists() && inputArray.IsArray() { - inputArray.ForEach(func(_, prevItem gjson.Result) bool { - if prevItem.Get("type").String() == "function_call" && prevItem.Get("call_id").String() == callID { - functionName = prevItem.Get("name").String() - return false // Stop iteration - } - return true - }) - } - - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.name", functionName) - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.id", callID) - - // Set the raw JSON output directly (preserves string encoding) - if outputRaw != "" && outputRaw != "null" { - output := gjson.Parse(outputRaw) - if output.Type == gjson.JSON { - functionResponse, _ = sjson.SetRaw(functionResponse, "functionResponse.response.result", output.Raw) - } else { - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.response.result", outputRaw) - } - } - functionContent, _ = sjson.SetRaw(functionContent, "parts.-1", functionResponse) - out, _ = sjson.SetRaw(out, "contents.-1", functionContent) - - case "reasoning": - thoughtContent := `{"role":"model","parts":[]}` - thought := `{"text":"","thoughtSignature":"","thought":true}` - thought, _ = sjson.Set(thought, "text", item.Get("summary.0.text").String()) - thought, _ = sjson.Set(thought, "thoughtSignature", item.Get("encrypted_content").String()) - - thoughtContent, _ = sjson.SetRaw(thoughtContent, "parts.-1", thought) - out, _ = sjson.SetRaw(out, "contents.-1", thoughtContent) - } - } - } else if input.Exists() && input.Type == gjson.String { - // Simple string input conversion to user message - userContent := `{"role":"user","parts":[{"text":""}]}` - userContent, _ = sjson.Set(userContent, "parts.0.text", input.String()) - out, _ = sjson.SetRaw(out, "contents.-1", userContent) - } - - // Convert tools to Gemini functionDeclarations format - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - geminiTools := `[{"functionDeclarations":[]}]` - - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("type").String() == "function" { - funcDecl := `{"name":"","description":"","parametersJsonSchema":{}}` - - if name := tool.Get("name"); name.Exists() { - funcDecl, _ = sjson.Set(funcDecl, "name", name.String()) - } - if desc := tool.Get("description"); desc.Exists() { - funcDecl, _ = sjson.Set(funcDecl, "description", desc.String()) - } - if params := tool.Get("parameters"); params.Exists() { - // Convert parameter types from OpenAI format to Gemini format - cleaned := params.Raw - // Convert type values to uppercase for Gemini - paramsResult := gjson.Parse(cleaned) - if properties := paramsResult.Get("properties"); properties.Exists() { - properties.ForEach(func(key, value gjson.Result) bool { - if propType := value.Get("type"); propType.Exists() { - upperType := strings.ToUpper(propType.String()) - cleaned, _ = sjson.Set(cleaned, "properties."+key.String()+".type", upperType) - } - return true - }) - } - // Set the overall type to OBJECT - cleaned, _ = sjson.Set(cleaned, "type", "OBJECT") - funcDecl, _ = sjson.SetRaw(funcDecl, "parametersJsonSchema", cleaned) - } - - geminiTools, _ = sjson.SetRaw(geminiTools, "0.functionDeclarations.-1", funcDecl) - } - return true - }) - - // Only add tools if there are function declarations - if funcDecls := gjson.Get(geminiTools, "0.functionDeclarations"); funcDecls.Exists() && len(funcDecls.Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", geminiTools) - } - } - - // Handle generation config from OpenAI format - if maxOutputTokens := root.Get("max_output_tokens"); maxOutputTokens.Exists() { - genConfig := `{"maxOutputTokens":0}` - genConfig, _ = sjson.Set(genConfig, "maxOutputTokens", maxOutputTokens.Int()) - out, _ = sjson.SetRaw(out, "generationConfig", genConfig) - } - - // Handle temperature if present - if temperature := root.Get("temperature"); temperature.Exists() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - out, _ = sjson.Set(out, "generationConfig.temperature", temperature.Float()) - } - - // Handle top_p if present - if topP := root.Get("top_p"); topP.Exists() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - out, _ = sjson.Set(out, "generationConfig.topP", topP.Float()) - } - - // Handle stop sequences - if stopSequences := root.Get("stop_sequences"); stopSequences.Exists() && stopSequences.IsArray() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - var sequences []string - stopSequences.ForEach(func(_, seq gjson.Result) bool { - sequences = append(sequences, seq.String()) - return true - }) - out, _ = sjson.Set(out, "generationConfig.stopSequences", sequences) - } - - // Apply thinking configuration: convert OpenAI Responses API reasoning.effort to Gemini thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := root.Get("reasoning.effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.Set(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.Set(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.Set(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.Set(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - result := []byte(out) - result = common.AttachDefaultSafetySettings(result, "safetySettings") - return result -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_response.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_response.go deleted file mode 100644 index 985897fab9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_response.go +++ /dev/null @@ -1,758 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type geminiToResponsesState struct { - Seq int - ResponseID string - CreatedAt int64 - Started bool - - // message aggregation - MsgOpened bool - MsgClosed bool - MsgIndex int - CurrentMsgID string - TextBuf strings.Builder - ItemTextBuf strings.Builder - - // reasoning aggregation - ReasoningOpened bool - ReasoningIndex int - ReasoningItemID string - ReasoningEnc string - ReasoningBuf strings.Builder - ReasoningClosed bool - - // function call aggregation (keyed by output_index) - NextIndex int - FuncArgsBuf map[int]*strings.Builder - FuncNames map[int]string - FuncCallIDs map[int]string - FuncDone map[int]bool -} - -// responseIDCounter provides a process-wide unique counter for synthesized response identifiers. -var responseIDCounter uint64 - -// funcCallIDCounter provides a process-wide unique counter for function call identifiers. -var funcCallIDCounter uint64 - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -func unwrapRequestRoot(root gjson.Result) gjson.Result { - req := root.Get("request") - if !req.Exists() { - return root - } - if req.Get("model").Exists() || req.Get("input").Exists() || req.Get("instructions").Exists() { - return req - } - return root -} - -func unwrapGeminiResponseRoot(root gjson.Result) gjson.Result { - resp := root.Get("response") - if !resp.Exists() { - return root - } - // Vertex-style Gemini responses wrap the actual payload in a "response" object. - if resp.Get("candidates").Exists() || resp.Get("responseId").Exists() || resp.Get("usageMetadata").Exists() { - return resp - } - return root -} - -func emitEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertGeminiResponseToOpenAIResponses converts Gemini SSE chunks into OpenAI Responses SSE events. -func ConvertGeminiResponseToOpenAIResponses(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &geminiToResponsesState{ - FuncArgsBuf: make(map[int]*strings.Builder), - FuncNames: make(map[int]string), - FuncCallIDs: make(map[int]string), - FuncDone: make(map[int]bool), - } - } - st := (*param).(*geminiToResponsesState) - if st.FuncArgsBuf == nil { - st.FuncArgsBuf = make(map[int]*strings.Builder) - } - if st.FuncNames == nil { - st.FuncNames = make(map[int]string) - } - if st.FuncCallIDs == nil { - st.FuncCallIDs = make(map[int]string) - } - if st.FuncDone == nil { - st.FuncDone = make(map[int]bool) - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - rawJSON = bytes.TrimSpace(rawJSON) - if len(rawJSON) == 0 || bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - root := gjson.ParseBytes(rawJSON) - if !root.Exists() { - return []string{} - } - root = unwrapGeminiResponseRoot(root) - - var out []string - nextSeq := func() int { st.Seq++; return st.Seq } - - // Helper to finalize reasoning summary events in correct order. - // It emits response.reasoning_summary_text.done followed by - // response.reasoning_summary_part.done exactly once. - finalizeReasoning := func() { - if !st.ReasoningOpened || st.ReasoningClosed { - return - } - full := st.ReasoningBuf.String() - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningItemID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", full) - out = append(out, emitEvent("response.reasoning_summary_text.done", textDone)) - - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningItemID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", full) - out = append(out, emitEvent("response.reasoning_summary_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "item.id", st.ReasoningItemID) - itemDone, _ = sjson.Set(itemDone, "output_index", st.ReasoningIndex) - itemDone, _ = sjson.Set(itemDone, "item.encrypted_content", st.ReasoningEnc) - itemDone, _ = sjson.Set(itemDone, "item.summary.0.text", full) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.ReasoningClosed = true - } - - // Helper to finalize the assistant message in correct order. - // It emits response.output_text.done, response.content_part.done, - // and response.output_item.done exactly once. - finalizeMessage := func() { - if !st.MsgOpened || st.MsgClosed { - return - } - fullText := st.ItemTextBuf.String() - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", st.CurrentMsgID) - done, _ = sjson.Set(done, "output_index", st.MsgIndex) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitEvent("response.output_text.done", done)) - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.CurrentMsgID) - partDone, _ = sjson.Set(partDone, "output_index", st.MsgIndex) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitEvent("response.content_part.done", partDone)) - final := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","text":""}],"role":"assistant"}}` - final, _ = sjson.Set(final, "sequence_number", nextSeq()) - final, _ = sjson.Set(final, "output_index", st.MsgIndex) - final, _ = sjson.Set(final, "item.id", st.CurrentMsgID) - final, _ = sjson.Set(final, "item.content.0.text", fullText) - out = append(out, emitEvent("response.output_item.done", final)) - - st.MsgClosed = true - } - - // Initialize per-response fields and emit created/in_progress once - if !st.Started { - st.ResponseID = root.Get("responseId").String() - if st.ResponseID == "" { - st.ResponseID = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - if !strings.HasPrefix(st.ResponseID, "resp_") { - st.ResponseID = fmt.Sprintf("resp_%s", st.ResponseID) - } - if v := root.Get("createTime"); v.Exists() { - if t, errParseCreateTime := time.Parse(time.RFC3339Nano, v.String()); errParseCreateTime == nil { - st.CreatedAt = t.Unix() - } - } - if st.CreatedAt == 0 { - st.CreatedAt = time.Now().Unix() - } - - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.created", created)) - - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.in_progress", inprog)) - - st.Started = true - st.NextIndex = 0 - } - - // Handle parts (text/thought/functionCall) - if parts := root.Get("candidates.0.content.parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Reasoning text - if part.Get("thought").Bool() { - if st.ReasoningClosed { - // Ignore any late thought chunks after reasoning is finalized. - return true - } - if sig := part.Get("thoughtSignature"); sig.Exists() && sig.String() != "" && sig.String() != geminiResponsesThoughtSignature { - st.ReasoningEnc = sig.String() - } else if sig = part.Get("thought_signature"); sig.Exists() && sig.String() != "" && sig.String() != geminiResponsesThoughtSignature { - st.ReasoningEnc = sig.String() - } - if !st.ReasoningOpened { - st.ReasoningOpened = true - st.ReasoningIndex = st.NextIndex - st.NextIndex++ - st.ReasoningItemID = fmt.Sprintf("rs_%s_%d", st.ResponseID, st.ReasoningIndex) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","encrypted_content":"","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", st.ReasoningIndex) - item, _ = sjson.Set(item, "item.id", st.ReasoningItemID) - item, _ = sjson.Set(item, "item.encrypted_content", st.ReasoningEnc) - out = append(out, emitEvent("response.output_item.added", item)) - partAdded := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partAdded, _ = sjson.Set(partAdded, "sequence_number", nextSeq()) - partAdded, _ = sjson.Set(partAdded, "item_id", st.ReasoningItemID) - partAdded, _ = sjson.Set(partAdded, "output_index", st.ReasoningIndex) - out = append(out, emitEvent("response.reasoning_summary_part.added", partAdded)) - } - if t := part.Get("text"); t.Exists() && t.String() != "" { - st.ReasoningBuf.WriteString(t.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningItemID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.reasoning_summary_text.delta", msg)) - } - return true - } - - // Assistant visible text - if t := part.Get("text"); t.Exists() && t.String() != "" { - // Before emitting non-reasoning outputs, finalize reasoning if open. - finalizeReasoning() - if !st.MsgOpened { - st.MsgOpened = true - st.MsgIndex = st.NextIndex - st.NextIndex++ - st.CurrentMsgID = fmt.Sprintf("msg_%s_0", st.ResponseID) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", st.MsgIndex) - item, _ = sjson.Set(item, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.added", item)) - partAdded := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partAdded, _ = sjson.Set(partAdded, "sequence_number", nextSeq()) - partAdded, _ = sjson.Set(partAdded, "item_id", st.CurrentMsgID) - partAdded, _ = sjson.Set(partAdded, "output_index", st.MsgIndex) - out = append(out, emitEvent("response.content_part.added", partAdded)) - st.ItemTextBuf.Reset() - } - st.TextBuf.WriteString(t.String()) - st.ItemTextBuf.WriteString(t.String()) - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.CurrentMsgID) - msg, _ = sjson.Set(msg, "output_index", st.MsgIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.output_text.delta", msg)) - return true - } - - // Function call - if fc := part.Get("functionCall"); fc.Exists() { - // Before emitting function-call outputs, finalize reasoning and the message (if open). - // Responses streaming requires message done events before the next output_item.added. - finalizeReasoning() - finalizeMessage() - name := fc.Get("name").String() - idx := st.NextIndex - st.NextIndex++ - // Ensure buffers - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - if st.FuncCallIDs[idx] == "" { - st.FuncCallIDs[idx] = fmt.Sprintf("call_%d_%d", time.Now().UnixNano(), atomic.AddUint64(&funcCallIDCounter, 1)) - } - st.FuncNames[idx] = name - - argsJSON := "{}" - if args := fc.Get("args"); args.Exists() { - argsJSON = args.Raw - } - if st.FuncArgsBuf[idx].Len() == 0 && argsJSON != "" { - st.FuncArgsBuf[idx].WriteString(argsJSON) - } - - // Emit item.added for function call - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - item, _ = sjson.Set(item, "item.call_id", st.FuncCallIDs[idx]) - item, _ = sjson.Set(item, "item.name", name) - out = append(out, emitEvent("response.output_item.added", item)) - - // Emit arguments delta (full args in one chunk). - // When Gemini omits args, emit "{}" to keep Responses streaming event order consistent. - if argsJSON != "" { - ad := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - ad, _ = sjson.Set(ad, "sequence_number", nextSeq()) - ad, _ = sjson.Set(ad, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - ad, _ = sjson.Set(ad, "output_index", idx) - ad, _ = sjson.Set(ad, "delta", argsJSON) - out = append(out, emitEvent("response.function_call_arguments.delta", ad)) - } - - // Gemini emits the full function call payload at once, so we can finalize it immediately. - if !st.FuncDone[idx] { - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", argsJSON) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - itemDone, _ = sjson.Set(itemDone, "item.arguments", argsJSON) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.FuncCallIDs[idx]) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.FuncDone[idx] = true - } - - return true - } - - return true - }) - } - - // Finalization on finishReason - if fr := root.Get("candidates.0.finishReason"); fr.Exists() && fr.String() != "" { - // Finalize reasoning first to keep ordering tight with last delta - finalizeReasoning() - finalizeMessage() - - // Close function calls - if len(st.FuncArgsBuf) > 0 { - // sort indices (small N); avoid extra imports - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for idx := range st.FuncArgsBuf { - idxs = append(idxs, idx) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, idx := range idxs { - if st.FuncDone[idx] { - continue - } - args := "{}" - if b := st.FuncArgsBuf[idx]; b != nil && b.Len() > 0 { - args = b.String() - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.FuncCallIDs[idx]) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.FuncDone[idx] = true - } - } - - // Reasoning already finalized above if present - - // Build response.completed with aggregated outputs and request echo fields - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.CreatedAt) - - if reqJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON); len(reqJSON) > 0 { - req := unwrapRequestRoot(gjson.ParseBytes(reqJSON)) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - - // Compose outputs in output_index order. - outputsWrapper := `{"arr":[]}` - for idx := 0; idx < st.NextIndex; idx++ { - if st.ReasoningOpened && idx == st.ReasoningIndex { - item := `{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", st.ReasoningItemID) - item, _ = sjson.Set(item, "encrypted_content", st.ReasoningEnc) - item, _ = sjson.Set(item, "summary.0.text", st.ReasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - continue - } - if st.MsgOpened && idx == st.MsgIndex { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", st.CurrentMsgID) - item, _ = sjson.Set(item, "content.0.text", st.TextBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - continue - } - - if callID, ok := st.FuncCallIDs[idx]; ok && callID != "" { - args := "{}" - if b := st.FuncArgsBuf[idx]; b != nil && b.Len() > 0 { - args = b.String() - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", st.FuncNames[idx]) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // usage mapping - if um := root.Get("usageMetadata"); um.Exists() { - // input tokens = prompt + thoughts - input := um.Get("promptTokenCount").Int() + um.Get("thoughtsTokenCount").Int() - completed, _ = sjson.Set(completed, "response.usage.input_tokens", input) - // cached token details: align with OpenAI "cached_tokens" semantics. - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", um.Get("cachedContentTokenCount").Int()) - // output tokens - if v := um.Get("candidatesTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.output_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.output_tokens", 0) - } - if v := um.Get("thoughtsTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", 0) - } - if v := um.Get("totalTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", 0) - } - } - - out = append(out, emitEvent("response.completed", completed)) - } - - return out -} - -// ConvertGeminiResponseToOpenAIResponsesNonStream aggregates Gemini response JSON into a single OpenAI Responses JSON object. -func ConvertGeminiResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - root = unwrapGeminiResponseRoot(root) - - // Base response scaffold - resp := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null}` - - // id: prefer provider responseId, otherwise synthesize - id := root.Get("responseId").String() - if id == "" { - id = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - // Normalize to response-style id (prefix resp_ if missing) - if !strings.HasPrefix(id, "resp_") { - id = fmt.Sprintf("resp_%s", id) - } - resp, _ = sjson.Set(resp, "id", id) - - // created_at: map from createTime if available - createdAt := time.Now().Unix() - if v := root.Get("createTime"); v.Exists() { - if t, errParseCreateTime := time.Parse(time.RFC3339Nano, v.String()); errParseCreateTime == nil { - createdAt = t.Unix() - } - } - resp, _ = sjson.Set(resp, "created_at", createdAt) - - // Echo request fields when present; fallback model from response modelVersion - if reqJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON); len(reqJSON) > 0 { - req := unwrapRequestRoot(gjson.ParseBytes(reqJSON)) - if v := req.Get("instructions"); v.Exists() { - resp, _ = sjson.Set(resp, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } else if v = root.Get("modelVersion"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - resp, _ = sjson.Set(resp, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - resp, _ = sjson.Set(resp, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - resp, _ = sjson.Set(resp, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - resp, _ = sjson.Set(resp, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - resp, _ = sjson.Set(resp, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - resp, _ = sjson.Set(resp, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - resp, _ = sjson.Set(resp, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - resp, _ = sjson.Set(resp, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - resp, _ = sjson.Set(resp, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - resp, _ = sjson.Set(resp, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - resp, _ = sjson.Set(resp, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - resp, _ = sjson.Set(resp, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - resp, _ = sjson.Set(resp, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - resp, _ = sjson.Set(resp, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - resp, _ = sjson.Set(resp, "metadata", v.Value()) - } - } else if v := root.Get("modelVersion"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - - // Build outputs from candidates[0].content.parts - var reasoningText strings.Builder - var reasoningEncrypted string - var messageText strings.Builder - var haveMessage bool - - haveOutput := false - ensureOutput := func() { - if haveOutput { - return - } - resp, _ = sjson.SetRaw(resp, "output", "[]") - haveOutput = true - } - appendOutput := func(itemJSON string) { - ensureOutput() - resp, _ = sjson.SetRaw(resp, "output.-1", itemJSON) - } - - if parts := root.Get("candidates.0.content.parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, p gjson.Result) bool { - if p.Get("thought").Bool() { - if t := p.Get("text"); t.Exists() { - reasoningText.WriteString(t.String()) - } - if sig := p.Get("thoughtSignature"); sig.Exists() && sig.String() != "" { - reasoningEncrypted = sig.String() - } - return true - } - if t := p.Get("text"); t.Exists() && t.String() != "" { - messageText.WriteString(t.String()) - haveMessage = true - return true - } - if fc := p.Get("functionCall"); fc.Exists() { - name := fc.Get("name").String() - args := fc.Get("args") - callID := fmt.Sprintf("call_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&funcCallIDCounter, 1)) - itemJSON := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("fc_%s", callID)) - itemJSON, _ = sjson.Set(itemJSON, "call_id", callID) - itemJSON, _ = sjson.Set(itemJSON, "name", name) - argsStr := "" - if args.Exists() { - argsStr = args.Raw - } - itemJSON, _ = sjson.Set(itemJSON, "arguments", argsStr) - appendOutput(itemJSON) - return true - } - return true - }) - } - - // Reasoning output item - if reasoningText.Len() > 0 || reasoningEncrypted != "" { - rid := strings.TrimPrefix(id, "resp_") - itemJSON := `{"id":"","type":"reasoning","encrypted_content":""}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("rs_%s", rid)) - itemJSON, _ = sjson.Set(itemJSON, "encrypted_content", reasoningEncrypted) - if reasoningText.Len() > 0 { - summaryJSON := `{"type":"summary_text","text":""}` - summaryJSON, _ = sjson.Set(summaryJSON, "text", reasoningText.String()) - itemJSON, _ = sjson.SetRaw(itemJSON, "summary", "[]") - itemJSON, _ = sjson.SetRaw(itemJSON, "summary.-1", summaryJSON) - } - appendOutput(itemJSON) - } - - // Assistant message output item - if haveMessage { - itemJSON := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("msg_%s_0", strings.TrimPrefix(id, "resp_"))) - itemJSON, _ = sjson.Set(itemJSON, "content.0.text", messageText.String()) - appendOutput(itemJSON) - } - - // usage mapping - if um := root.Get("usageMetadata"); um.Exists() { - // input tokens = prompt + thoughts - input := um.Get("promptTokenCount").Int() + um.Get("thoughtsTokenCount").Int() - resp, _ = sjson.Set(resp, "usage.input_tokens", input) - // cached token details: align with OpenAI "cached_tokens" semantics. - resp, _ = sjson.Set(resp, "usage.input_tokens_details.cached_tokens", um.Get("cachedContentTokenCount").Int()) - // output tokens - if v := um.Get("candidatesTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens", v.Int()) - } - if v := um.Get("thoughtsTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens_details.reasoning_tokens", v.Int()) - } - if v := um.Get("totalTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.total_tokens", v.Int()) - } - } - - return resp -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_response_test.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_response_test.go deleted file mode 100644 index 9899c59458..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/gemini_openai-responses_response_test.go +++ /dev/null @@ -1,353 +0,0 @@ -package responses - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func parseSSEEvent(t *testing.T, chunk string) (string, gjson.Result) { - t.Helper() - - lines := strings.Split(chunk, "\n") - if len(lines) < 2 { - t.Fatalf("unexpected SSE chunk: %q", chunk) - } - - event := strings.TrimSpace(strings.TrimPrefix(lines[0], "event:")) - dataLine := strings.TrimSpace(strings.TrimPrefix(lines[1], "data:")) - if !gjson.Valid(dataLine) { - t.Fatalf("invalid SSE data JSON: %q", dataLine) - } - return event, gjson.Parse(dataLine) -} - -func TestConvertGeminiResponseToOpenAIResponses_UnwrapAndAggregateText(t *testing.T) { - // Vertex-style Gemini stream wraps the actual response payload under "response". - // This test ensures we unwrap and that output_text.done contains the full text. - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"让"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"我先"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"了解"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"mcp__serena__list_dir","args":{"recursive":false,"relative_path":"internal"},"id":"toolu_1"}}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15,"cachedContentTokenCount":2},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - } - - originalReq := []byte(`{"instructions":"test instructions","model":"gpt-5","max_output_tokens":123}`) - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", originalReq, nil, []byte(line), ¶m)...) - } - - var ( - gotTextDone bool - gotMessageDone bool - gotResponseDone bool - gotFuncDone bool - - textDone string - messageText string - responseID string - instructions string - cachedTokens int64 - - funcName string - funcArgs string - - posTextDone = -1 - posPartDone = -1 - posMessageDone = -1 - posFuncAdded = -1 - ) - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_text.done": - gotTextDone = true - if posTextDone == -1 { - posTextDone = i - } - textDone = data.Get("text").String() - case "response.content_part.done": - if posPartDone == -1 { - posPartDone = i - } - case "response.output_item.done": - switch data.Get("item.type").String() { - case "message": - gotMessageDone = true - if posMessageDone == -1 { - posMessageDone = i - } - messageText = data.Get("item.content.0.text").String() - case "function_call": - gotFuncDone = true - funcName = data.Get("item.name").String() - funcArgs = data.Get("item.arguments").String() - } - case "response.output_item.added": - if data.Get("item.type").String() == "function_call" && posFuncAdded == -1 { - posFuncAdded = i - } - case "response.completed": - gotResponseDone = true - responseID = data.Get("response.id").String() - instructions = data.Get("response.instructions").String() - cachedTokens = data.Get("response.usage.input_tokens_details.cached_tokens").Int() - } - } - - if !gotTextDone { - t.Fatalf("missing response.output_text.done event") - } - if posTextDone == -1 || posPartDone == -1 || posMessageDone == -1 || posFuncAdded == -1 { - t.Fatalf("missing ordering events: textDone=%d partDone=%d messageDone=%d funcAdded=%d", posTextDone, posPartDone, posMessageDone, posFuncAdded) - } - if !(posTextDone < posPartDone && posPartDone < posMessageDone && posMessageDone < posFuncAdded) { - t.Fatalf("unexpected message/function ordering: textDone=%d partDone=%d messageDone=%d funcAdded=%d", posTextDone, posPartDone, posMessageDone, posFuncAdded) - } - if !gotMessageDone { - t.Fatalf("missing message response.output_item.done event") - } - if !gotFuncDone { - t.Fatalf("missing function_call response.output_item.done event") - } - if !gotResponseDone { - t.Fatalf("missing response.completed event") - } - - if textDone != "让我先了解" { - t.Fatalf("unexpected output_text.done text: got %q", textDone) - } - if messageText != "让我先了解" { - t.Fatalf("unexpected message done text: got %q", messageText) - } - - if responseID != "resp_req_vrtx_1" { - t.Fatalf("unexpected response id: got %q", responseID) - } - if instructions != "test instructions" { - t.Fatalf("unexpected instructions echo: got %q", instructions) - } - if cachedTokens != 2 { - t.Fatalf("unexpected cached token count: got %d", cachedTokens) - } - - if funcName != "mcp__serena__list_dir" { - t.Fatalf("unexpected function name: got %q", funcName) - } - if !gjson.Valid(funcArgs) { - t.Fatalf("invalid function arguments JSON: %q", funcArgs) - } - if gjson.Get(funcArgs, "recursive").Bool() != false { - t.Fatalf("unexpected recursive arg: %v", gjson.Get(funcArgs, "recursive").Value()) - } - if gjson.Get(funcArgs, "relative_path").String() != "internal" { - t.Fatalf("unexpected relative_path arg: %q", gjson.Get(funcArgs, "relative_path").String()) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_ReasoningEncryptedContent(t *testing.T) { - sig := "RXE0RENrZ0lDeEFDR0FJcVFOZDdjUzlleGFuRktRdFcvSzNyZ2MvWDNCcDQ4RmxSbGxOWUlOVU5kR1l1UHMrMGdkMVp0Vkg3ekdKU0g4YVljc2JjN3lNK0FrdGpTNUdqamI4T3Z0VVNETzdQd3pmcFhUOGl3U3hXUEJvTVFRQ09mWTFyMEtTWGZxUUlJakFqdmFGWk83RW1XRlBKckJVOVpkYzdDKw==" - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"thoughtSignature":"` + sig + `","text":""}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"text":"a"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"hello"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - var ( - addedEnc string - doneEnc string - ) - for _, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.added": - if data.Get("item.type").String() == "reasoning" { - addedEnc = data.Get("item.encrypted_content").String() - } - case "response.output_item.done": - if data.Get("item.type").String() == "reasoning" { - doneEnc = data.Get("item.encrypted_content").String() - } - } - } - - if addedEnc != sig { - t.Fatalf("unexpected encrypted_content in response.output_item.added: got %q", addedEnc) - } - if doneEnc != sig { - t.Fatalf("unexpected encrypted_content in response.output_item.done: got %q", doneEnc) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_FunctionCallEventOrder(t *testing.T) { - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool0"}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool1"}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool2","args":{"a":1}}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - posAdded := []int{-1, -1, -1} - posArgsDelta := []int{-1, -1, -1} - posArgsDone := []int{-1, -1, -1} - posItemDone := []int{-1, -1, -1} - posCompleted := -1 - deltaByIndex := map[int]string{} - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.added": - if data.Get("item.type").String() != "function_call" { - continue - } - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posAdded) { - posAdded[idx] = i - } - case "response.function_call_arguments.delta": - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posArgsDelta) { - posArgsDelta[idx] = i - deltaByIndex[idx] = data.Get("delta").String() - } - case "response.function_call_arguments.done": - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posArgsDone) { - posArgsDone[idx] = i - } - case "response.output_item.done": - if data.Get("item.type").String() != "function_call" { - continue - } - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posItemDone) { - posItemDone[idx] = i - } - case "response.completed": - posCompleted = i - - output := data.Get("response.output") - if !output.Exists() || !output.IsArray() { - t.Fatalf("missing response.output in response.completed") - } - if len(output.Array()) != 3 { - t.Fatalf("unexpected response.output length: got %d", len(output.Array())) - } - if data.Get("response.output.0.name").String() != "tool0" || data.Get("response.output.0.arguments").String() != "{}" { - t.Fatalf("unexpected output[0]: %s", data.Get("response.output.0").Raw) - } - if data.Get("response.output.1.name").String() != "tool1" || data.Get("response.output.1.arguments").String() != "{}" { - t.Fatalf("unexpected output[1]: %s", data.Get("response.output.1").Raw) - } - if data.Get("response.output.2.name").String() != "tool2" { - t.Fatalf("unexpected output[2] name: %s", data.Get("response.output.2").Raw) - } - if !gjson.Valid(data.Get("response.output.2.arguments").String()) { - t.Fatalf("unexpected output[2] arguments: %q", data.Get("response.output.2.arguments").String()) - } - } - } - - if posCompleted == -1 { - t.Fatalf("missing response.completed event") - } - for idx := 0; idx < 3; idx++ { - if posAdded[idx] == -1 || posArgsDelta[idx] == -1 || posArgsDone[idx] == -1 || posItemDone[idx] == -1 { - t.Fatalf("missing function call events for output_index %d: added=%d argsDelta=%d argsDone=%d itemDone=%d", idx, posAdded[idx], posArgsDelta[idx], posArgsDone[idx], posItemDone[idx]) - } - if !(posAdded[idx] < posArgsDelta[idx] && posArgsDelta[idx] < posArgsDone[idx] && posArgsDone[idx] < posItemDone[idx]) { - t.Fatalf("unexpected ordering for output_index %d: added=%d argsDelta=%d argsDone=%d itemDone=%d", idx, posAdded[idx], posArgsDelta[idx], posArgsDone[idx], posItemDone[idx]) - } - if idx > 0 && !(posItemDone[idx-1] < posAdded[idx]) { - t.Fatalf("function call events overlap between %d and %d: prevDone=%d nextAdded=%d", idx-1, idx, posItemDone[idx-1], posAdded[idx]) - } - } - - if deltaByIndex[0] != "{}" { - t.Fatalf("unexpected delta for output_index 0: got %q", deltaByIndex[0]) - } - if deltaByIndex[1] != "{}" { - t.Fatalf("unexpected delta for output_index 1: got %q", deltaByIndex[1]) - } - if deltaByIndex[2] == "" || !gjson.Valid(deltaByIndex[2]) || gjson.Get(deltaByIndex[2], "a").Int() != 1 { - t.Fatalf("unexpected delta for output_index 2: got %q", deltaByIndex[2]) - } - if !(posItemDone[2] < posCompleted) { - t.Fatalf("response.completed should be after last output_item.done: last=%d completed=%d", posItemDone[2], posCompleted) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_ResponseOutputOrdering(t *testing.T) { - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool0","args":{"x":"y"}}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"hi"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - posFuncDone := -1 - posMsgAdded := -1 - posCompleted := -1 - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.done": - if data.Get("item.type").String() == "function_call" && data.Get("output_index").Int() == 0 { - posFuncDone = i - } - case "response.output_item.added": - if data.Get("item.type").String() == "message" && data.Get("output_index").Int() == 1 { - posMsgAdded = i - } - case "response.completed": - posCompleted = i - if data.Get("response.output.0.type").String() != "function_call" { - t.Fatalf("expected response.output[0] to be function_call: %s", data.Get("response.output.0").Raw) - } - if data.Get("response.output.1.type").String() != "message" { - t.Fatalf("expected response.output[1] to be message: %s", data.Get("response.output.1").Raw) - } - if data.Get("response.output.1.content.0.text").String() != "hi" { - t.Fatalf("unexpected message text in response.output[1]: %s", data.Get("response.output.1").Raw) - } - } - } - - if posFuncDone == -1 || posMsgAdded == -1 || posCompleted == -1 { - t.Fatalf("missing required events: funcDone=%d msgAdded=%d completed=%d", posFuncDone, posMsgAdded, posCompleted) - } - if !(posFuncDone < posMsgAdded) { - t.Fatalf("expected function_call to complete before message is added: funcDone=%d msgAdded=%d", posFuncDone, posMsgAdded) - } - if !(posMsgAdded < posCompleted) { - t.Fatalf("expected response.completed after message added: msgAdded=%d completed=%d", posMsgAdded, posCompleted) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/init.go b/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/init.go deleted file mode 100644 index b53cac3d81..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/gemini/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Gemini, - ConvertOpenAIResponsesRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAIResponses, - NonStream: ConvertGeminiResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/init.go b/.worktrees/config/m/config-build/active/internal/translator/init.go deleted file mode 100644 index 0754db03b4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/init.go +++ /dev/null @@ -1,39 +0,0 @@ -package translator - -import ( - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/claude/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/claude/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/claude/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/claude/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini-cli/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini-cli/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini-cli/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini-cli/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/antigravity/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/antigravity/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/antigravity/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/antigravity/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/openai" -) diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/init.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/init.go deleted file mode 100644 index 1685d195a5..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package claude provides translation between Kiro and Claude formats. -package claude - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Kiro, - ConvertClaudeRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToClaude, - NonStream: ConvertKiroNonStreamToClaude, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude.go deleted file mode 100644 index 752a00d987..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package claude provides translation between Kiro and Claude formats. -// Since Kiro executor generates Claude-compatible SSE format internally (with event: prefix), -// translations are pass-through for streaming, but responses need proper formatting. -package claude - -import ( - "context" -) - -// ConvertKiroStreamToClaude converts Kiro streaming response to Claude format. -// Kiro executor already generates complete SSE format with "event:" prefix, -// so this is a simple pass-through. -func ConvertKiroStreamToClaude(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) []string { - return []string{string(rawResponse)} -} - -// ConvertKiroNonStreamToClaude converts Kiro non-streaming response to Claude format. -// The response is already in Claude format, so this is a pass-through. -func ConvertKiroNonStreamToClaude(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) string { - return string(rawResponse) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_request.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_request.go deleted file mode 100644 index 0ad090aeed..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_request.go +++ /dev/null @@ -1,965 +0,0 @@ -// Package claude provides request translation functionality for Claude API to Kiro format. -// It handles parsing and transforming Claude API requests into the Kiro/Amazon Q API format, -// extracting model information, system instructions, message contents, and tool declarations. -package claude - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - "time" - "unicode/utf8" - - "github.com/google/uuid" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// remoteWebSearchDescription is a minimal fallback for when dynamic fetch from MCP tools/list hasn't completed yet. -const remoteWebSearchDescription = "WebSearch looks up information outside the model's training data. Supports multiple queries to gather comprehensive information." - -// Kiro API request structs - field order determines JSON key order - -// KiroPayload is the top-level request structure for Kiro API -type KiroPayload struct { - ConversationState KiroConversationState `json:"conversationState"` - ProfileArn string `json:"profileArn,omitempty"` - InferenceConfig *KiroInferenceConfig `json:"inferenceConfig,omitempty"` -} - -// KiroInferenceConfig contains inference parameters for the Kiro API. -type KiroInferenceConfig struct { - MaxTokens int `json:"maxTokens,omitempty"` - Temperature float64 `json:"temperature,omitempty"` - TopP float64 `json:"topP,omitempty"` -} - -// KiroConversationState holds the conversation context -type KiroConversationState struct { - ChatTriggerType string `json:"chatTriggerType"` // Required: "MANUAL" - must be first field - ConversationID string `json:"conversationId"` - CurrentMessage KiroCurrentMessage `json:"currentMessage"` - History []KiroHistoryMessage `json:"history,omitempty"` -} - -// KiroCurrentMessage wraps the current user message -type KiroCurrentMessage struct { - UserInputMessage KiroUserInputMessage `json:"userInputMessage"` -} - -// KiroHistoryMessage represents a message in the conversation history -type KiroHistoryMessage struct { - UserInputMessage *KiroUserInputMessage `json:"userInputMessage,omitempty"` - AssistantResponseMessage *KiroAssistantResponseMessage `json:"assistantResponseMessage,omitempty"` -} - -// KiroImage represents an image in Kiro API format -type KiroImage struct { - Format string `json:"format"` - Source KiroImageSource `json:"source"` -} - -// KiroImageSource contains the image data -type KiroImageSource struct { - Bytes string `json:"bytes"` // base64 encoded image data -} - -// KiroUserInputMessage represents a user message -type KiroUserInputMessage struct { - Content string `json:"content"` - ModelID string `json:"modelId"` - Origin string `json:"origin"` - Images []KiroImage `json:"images,omitempty"` - UserInputMessageContext *KiroUserInputMessageContext `json:"userInputMessageContext,omitempty"` -} - -// KiroUserInputMessageContext contains tool-related context -type KiroUserInputMessageContext struct { - ToolResults []KiroToolResult `json:"toolResults,omitempty"` - Tools []KiroToolWrapper `json:"tools,omitempty"` -} - -// KiroToolResult represents a tool execution result -type KiroToolResult struct { - Content []KiroTextContent `json:"content"` - Status string `json:"status"` - ToolUseID string `json:"toolUseId"` -} - -// KiroTextContent represents text content -type KiroTextContent struct { - Text string `json:"text"` -} - -// KiroToolWrapper wraps a tool specification -type KiroToolWrapper struct { - ToolSpecification KiroToolSpecification `json:"toolSpecification"` -} - -// KiroToolSpecification defines a tool's schema -type KiroToolSpecification struct { - Name string `json:"name"` - Description string `json:"description"` - InputSchema KiroInputSchema `json:"inputSchema"` -} - -// KiroInputSchema wraps the JSON schema for tool input -type KiroInputSchema struct { - JSON interface{} `json:"json"` -} - -// KiroAssistantResponseMessage represents an assistant message -type KiroAssistantResponseMessage struct { - Content string `json:"content"` - ToolUses []KiroToolUse `json:"toolUses,omitempty"` -} - -// KiroToolUse represents a tool invocation by the assistant -type KiroToolUse struct { - ToolUseID string `json:"toolUseId"` - Name string `json:"name"` - Input map[string]interface{} `json:"input"` - IsTruncated bool `json:"-"` // Internal flag, not serialized - TruncationInfo *TruncationInfo `json:"-"` // Truncation details, not serialized -} - -// ConvertClaudeRequestToKiro converts a Claude API request to Kiro format. -// This is the main entry point for request translation. -func ConvertClaudeRequestToKiro(modelName string, inputRawJSON []byte, stream bool) []byte { - // For Kiro, we pass through the Claude format since buildKiroPayload - // expects Claude format and does the conversion internally. - // The actual conversion happens in the executor when building the HTTP request. - return inputRawJSON -} - -// BuildKiroPayload constructs the Kiro API request payload from Claude format. -// Supports tool calling - tools are passed via userInputMessageContext. -// origin parameter determines which quota to use: "CLI" for Amazon Q, "AI_EDITOR" for Kiro IDE. -// isAgentic parameter enables chunked write optimization prompt for -agentic model variants. -// isChatOnly parameter disables tool calling for -chat model variants (pure conversation mode). -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// metadata parameter is kept for API compatibility but no longer used for thinking configuration. -// Supports thinking mode - when enabled, injects thinking tags into system prompt. -// Returns the payload and a boolean indicating whether thinking mode was injected. -func BuildKiroPayload(claudeBody []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, headers http.Header, metadata map[string]any) ([]byte, bool) { - // Extract max_tokens for potential use in inferenceConfig - // Handle -1 as "use maximum" (Kiro max output is ~32000 tokens) - const kiroMaxOutputTokens = 32000 - var maxTokens int64 - if mt := gjson.GetBytes(claudeBody, "max_tokens"); mt.Exists() { - maxTokens = mt.Int() - if maxTokens == -1 { - maxTokens = kiroMaxOutputTokens - log.Debugf("kiro: max_tokens=-1 converted to %d", kiroMaxOutputTokens) - } - } - - // Extract temperature if specified - var temperature float64 - var hasTemperature bool - if temp := gjson.GetBytes(claudeBody, "temperature"); temp.Exists() { - temperature = temp.Float() - hasTemperature = true - } - - // Extract top_p if specified - var topP float64 - var hasTopP bool - if tp := gjson.GetBytes(claudeBody, "top_p"); tp.Exists() { - topP = tp.Float() - hasTopP = true - log.Debugf("kiro: extracted top_p: %.2f", topP) - } - - // Normalize origin value for Kiro API compatibility - origin = normalizeOrigin(origin) - log.Debugf("kiro: normalized origin value: %s", origin) - - messages := gjson.GetBytes(claudeBody, "messages") - - // For chat-only mode, don't include tools - var tools gjson.Result - if !isChatOnly { - tools = gjson.GetBytes(claudeBody, "tools") - } - - // Extract system prompt - systemPrompt := extractSystemPrompt(claudeBody) - - // Check for thinking mode using the comprehensive IsThinkingEnabledWithHeaders function - // This supports Claude API format, OpenAI reasoning_effort, AMP/Cursor format, and Anthropic-Beta header - thinkingEnabled := IsThinkingEnabledWithHeaders(claudeBody, headers) - - // Inject timestamp context - timestamp := time.Now().Format("2006-01-02 15:04:05 MST") - timestampContext := fmt.Sprintf("[Context: Current time is %s]", timestamp) - if systemPrompt != "" { - systemPrompt = timestampContext + "\n\n" + systemPrompt - } else { - systemPrompt = timestampContext - } - log.Debugf("kiro: injected timestamp context: %s", timestamp) - - // Inject agentic optimization prompt for -agentic model variants - if isAgentic { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += kirocommon.KiroAgenticSystemPrompt - } - - // Handle tool_choice parameter - Kiro doesn't support it natively, so we inject system prompt hints - // Claude tool_choice values: {"type": "auto/any/tool", "name": "..."} - toolChoiceHint := extractClaudeToolChoiceHint(claudeBody) - if toolChoiceHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += toolChoiceHint - log.Debugf("kiro: injected tool_choice hint into system prompt") - } - - // Convert Claude tools to Kiro format - kiroTools := convertClaudeToolsToKiro(tools) - - // Thinking mode implementation: - // Kiro API supports official thinking/reasoning mode via tag. - // When set to "enabled", Kiro returns reasoning content as official reasoningContentEvent - // rather than inline tags in assistantResponseEvent. - // We cap max_thinking_length to reserve space for tool outputs and prevent truncation. - if thinkingEnabled { - thinkingHint := `enabled -16000` - if systemPrompt != "" { - systemPrompt = thinkingHint + "\n\n" + systemPrompt - } else { - systemPrompt = thinkingHint - } - log.Infof("kiro: injected thinking prompt (official mode), has_tools: %v", len(kiroTools) > 0) - } - - // Process messages and build history - history, currentUserMsg, currentToolResults := processMessages(messages, modelID, origin) - - // Build content with system prompt. - // Keep thinking tags on subsequent turns so multi-turn Claude sessions - // continue to emit reasoning events. - if currentUserMsg != nil { - currentUserMsg.Content = buildFinalContent(currentUserMsg.Content, systemPrompt, currentToolResults) - - // Deduplicate currentToolResults - currentToolResults = deduplicateToolResults(currentToolResults) - - // Build userInputMessageContext with tools and tool results - if len(kiroTools) > 0 || len(currentToolResults) > 0 { - currentUserMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - Tools: kiroTools, - ToolResults: currentToolResults, - } - } - } - - // Build payload - var currentMessage KiroCurrentMessage - if currentUserMsg != nil { - currentMessage = KiroCurrentMessage{UserInputMessage: *currentUserMsg} - } else { - fallbackContent := "" - if systemPrompt != "" { - fallbackContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n" - } - currentMessage = KiroCurrentMessage{UserInputMessage: KiroUserInputMessage{ - Content: fallbackContent, - ModelID: modelID, - Origin: origin, - }} - } - - // Build inferenceConfig if we have any inference parameters - // Note: Kiro API doesn't actually use max_tokens for thinking budget - var inferenceConfig *KiroInferenceConfig - if maxTokens > 0 || hasTemperature || hasTopP { - inferenceConfig = &KiroInferenceConfig{} - if maxTokens > 0 { - inferenceConfig.MaxTokens = int(maxTokens) - } - if hasTemperature { - inferenceConfig.Temperature = temperature - } - if hasTopP { - inferenceConfig.TopP = topP - } - } - - payload := KiroPayload{ - ConversationState: KiroConversationState{ - ChatTriggerType: "MANUAL", - ConversationID: uuid.New().String(), - CurrentMessage: currentMessage, - History: history, - }, - ProfileArn: profileArn, - InferenceConfig: inferenceConfig, - } - - result, err := json.Marshal(payload) - if err != nil { - log.Debugf("kiro: failed to marshal payload: %v", err) - return nil, false - } - - return result, thinkingEnabled -} - -// normalizeOrigin normalizes origin value for Kiro API compatibility -func normalizeOrigin(origin string) string { - switch origin { - case "KIRO_CLI": - return "CLI" - case "KIRO_AI_EDITOR": - return "AI_EDITOR" - case "AMAZON_Q": - return "CLI" - case "KIRO_IDE": - return "AI_EDITOR" - default: - return origin - } -} - -// extractSystemPrompt extracts system prompt from Claude request -func extractSystemPrompt(claudeBody []byte) string { - systemField := gjson.GetBytes(claudeBody, "system") - if systemField.IsArray() { - var sb strings.Builder - for _, block := range systemField.Array() { - if block.Get("type").String() == "text" { - sb.WriteString(block.Get("text").String()) - } else if block.Type == gjson.String { - sb.WriteString(block.String()) - } - } - return sb.String() - } - return systemField.String() -} - -// checkThinkingMode checks if thinking mode is enabled in the Claude request -func checkThinkingMode(claudeBody []byte) (bool, int64) { - thinkingEnabled := false - var budgetTokens int64 = 24000 - - thinkingField := gjson.GetBytes(claudeBody, "thinking") - if thinkingField.Exists() { - thinkingType := thinkingField.Get("type").String() - if thinkingType == "enabled" { - thinkingEnabled = true - if bt := thinkingField.Get("budget_tokens"); bt.Exists() { - budgetTokens = bt.Int() - if budgetTokens <= 0 { - thinkingEnabled = false - log.Debugf("kiro: thinking mode disabled via budget_tokens <= 0") - } - } - if thinkingEnabled { - log.Debugf("kiro: thinking mode enabled via Claude API parameter, budget_tokens: %d", budgetTokens) - } - } - } - - return thinkingEnabled, budgetTokens -} - -// hasThinkingTagInBody checks if the request body already contains thinking configuration tags. -// This is used to prevent duplicate injection when client (e.g., AMP/Cursor) already includes thinking config. -func hasThinkingTagInBody(body []byte) bool { - bodyStr := string(body) - return strings.Contains(bodyStr, "") || strings.Contains(bodyStr, "") -} - -// IsThinkingEnabledFromHeader checks if thinking mode is enabled via Anthropic-Beta header. -// Claude CLI uses "Anthropic-Beta: interleaved-thinking-2025-05-14" to enable thinking. -func IsThinkingEnabledFromHeader(headers http.Header) bool { - if headers == nil { - return false - } - betaHeader := headers.Get("Anthropic-Beta") - if betaHeader == "" { - return false - } - // Check for interleaved-thinking beta feature - if strings.Contains(betaHeader, "interleaved-thinking") { - log.Debugf("kiro: thinking mode enabled via Anthropic-Beta header: %s", betaHeader) - return true - } - return false -} - -// IsThinkingEnabled is a public wrapper to check if thinking mode is enabled. -// This is used by the executor to determine whether to parse tags in responses. -// When thinking is NOT enabled in the request, tags in responses should be -// treated as regular text content, not as thinking blocks. -// -// Supports multiple formats: -// - Claude API format: thinking.type = "enabled" -// - OpenAI format: reasoning_effort parameter -// - AMP/Cursor format: interleaved in system prompt -func IsThinkingEnabled(body []byte) bool { - return IsThinkingEnabledWithHeaders(body, nil) -} - -// IsThinkingEnabledWithHeaders checks if thinking mode is enabled from body or headers. -// This is the comprehensive check that supports all thinking detection methods: -// - Claude API format: thinking.type = "enabled" -// - OpenAI format: reasoning_effort parameter -// - AMP/Cursor format: interleaved in system prompt -// - Anthropic-Beta header: interleaved-thinking-2025-05-14 -func IsThinkingEnabledWithHeaders(body []byte, headers http.Header) bool { - // Check Anthropic-Beta header first (Claude Code uses this) - if IsThinkingEnabledFromHeader(headers) { - return true - } - - // Check Claude API format first (thinking.type = "enabled") - enabled, _ := checkThinkingMode(body) - if enabled { - log.Debugf("kiro: IsThinkingEnabled returning true (Claude API format)") - return true - } - - // Check OpenAI format: reasoning_effort parameter - // Valid values: "low", "medium", "high", "auto" (not "none") - reasoningEffort := gjson.GetBytes(body, "reasoning_effort") - if reasoningEffort.Exists() { - effort := reasoningEffort.String() - if effort != "" && effort != "none" { - log.Debugf("kiro: thinking mode enabled via OpenAI reasoning_effort: %s", effort) - return true - } - } - - // Check AMP/Cursor format: interleaved in system prompt - // This is how AMP client passes thinking configuration - bodyStr := string(body) - if strings.Contains(bodyStr, "") && strings.Contains(bodyStr, "") { - // Extract thinking mode value - startTag := "" - endTag := "" - startIdx := strings.Index(bodyStr, startTag) - if startIdx >= 0 { - startIdx += len(startTag) - endIdx := strings.Index(bodyStr[startIdx:], endTag) - if endIdx >= 0 { - thinkingMode := bodyStr[startIdx : startIdx+endIdx] - if thinkingMode == "interleaved" || thinkingMode == "enabled" { - log.Debugf("kiro: thinking mode enabled via AMP/Cursor format: %s", thinkingMode) - return true - } - } - } - } - - // Check OpenAI format: max_completion_tokens with reasoning (o1-style) - // Some clients use this to indicate reasoning mode - if gjson.GetBytes(body, "max_completion_tokens").Exists() { - // If max_completion_tokens is set, check if model name suggests reasoning - model := gjson.GetBytes(body, "model").String() - if strings.Contains(strings.ToLower(model), "thinking") || - strings.Contains(strings.ToLower(model), "reason") { - log.Debugf("kiro: thinking mode enabled via model name hint: %s", model) - return true - } - } - - // Check model name directly for thinking hints. - // This enables thinking variants even when clients don't send explicit thinking fields. - model := strings.TrimSpace(gjson.GetBytes(body, "model").String()) - modelLower := strings.ToLower(model) - if strings.Contains(modelLower, "thinking") || strings.Contains(modelLower, "-reason") { - log.Debugf("kiro: thinking mode enabled via model name hint: %s", model) - return true - } - - log.Debugf("kiro: IsThinkingEnabled returning false (no thinking mode detected)") - return false -} - -// shortenToolNameIfNeeded shortens tool names that exceed 64 characters. -// MCP tools often have long names like "mcp__server-name__tool-name". -// This preserves the "mcp__" prefix and last segment when possible. -func shortenToolNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - // For MCP tools, try to preserve prefix and last segment - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -func ensureKiroInputSchema(parameters interface{}) interface{} { - if parameters != nil { - return parameters - } - return map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{}, - } -} - -// convertClaudeToolsToKiro converts Claude tools to Kiro format -func convertClaudeToolsToKiro(tools gjson.Result) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - if !tools.IsArray() { - return kiroTools - } - - for _, tool := range tools.Array() { - name := tool.Get("name").String() - description := tool.Get("description").String() - inputSchemaResult := tool.Get("input_schema") - var inputSchema interface{} - if inputSchemaResult.Exists() && inputSchemaResult.Type != gjson.Null { - inputSchema = inputSchemaResult.Value() - } - inputSchema = ensureKiroInputSchema(inputSchema) - - // Shorten tool name if it exceeds 64 characters (common with MCP tools) - originalName := name - name = shortenToolNameIfNeeded(name) - if name != originalName { - log.Debugf("kiro: shortened tool name from '%s' to '%s'", originalName, name) - } - - // CRITICAL FIX: Kiro API requires non-empty description - if strings.TrimSpace(description) == "" { - description = fmt.Sprintf("Tool: %s", name) - log.Debugf("kiro: tool '%s' has empty description, using default: %s", name, description) - } - - // Rename web_search → remote_web_search for Kiro API compatibility - if name == "web_search" { - name = "remote_web_search" - // Prefer dynamically fetched description, fall back to hardcoded constant - if cached := GetWebSearchDescription(); cached != "" { - description = cached - } else { - description = remoteWebSearchDescription - } - log.Debugf("kiro: renamed tool web_search → remote_web_search") - } - - // Truncate long descriptions (individual tool limit) - if len(description) > kirocommon.KiroMaxToolDescLen { - truncLen := kirocommon.KiroMaxToolDescLen - 30 - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - description = description[:truncLen] + "... (description truncated)" - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: inputSchema}, - }, - }) - } - - // Apply dynamic compression if total tools size exceeds threshold - // This prevents 500 errors when Claude Code sends too many tools - kiroTools = compressToolsIfNeeded(kiroTools) - - return kiroTools -} - -// processMessages processes Claude messages and builds Kiro history -func processMessages(messages gjson.Result, modelID, origin string) ([]KiroHistoryMessage, *KiroUserInputMessage, []KiroToolResult) { - var history []KiroHistoryMessage - var currentUserMsg *KiroUserInputMessage - var currentToolResults []KiroToolResult - - // Merge adjacent messages with the same role - messagesArray := kirocommon.MergeAdjacentMessages(messages.Array()) - - // FIX: Kiro API requires history to start with a user message. - // Some clients (e.g., OpenClaw) send conversations starting with an assistant message, - // which is valid for the Claude API but causes "Improperly formed request" on Kiro. - // Prepend a placeholder user message so the history alternation is correct. - if len(messagesArray) > 0 && messagesArray[0].Get("role").String() == "assistant" { - placeholder := `{"role":"user","content":"."}` - messagesArray = append([]gjson.Result{gjson.Parse(placeholder)}, messagesArray...) - log.Infof("kiro: messages started with assistant role, prepended placeholder user message for Kiro API compatibility") - } - - for i, msg := range messagesArray { - role := msg.Get("role").String() - isLastMessage := i == len(messagesArray)-1 - - if role == "user" { - userMsg, toolResults := BuildUserMessageStruct(msg, modelID, origin) - // CRITICAL: Kiro API requires content to be non-empty for ALL user messages - // This includes both history messages and the current message. - // When user message contains only tool_result (no text), content will be empty. - // This commonly happens in compaction requests from OpenCode. - if strings.TrimSpace(userMsg.Content) == "" { - if len(toolResults) > 0 { - userMsg.Content = kirocommon.DefaultUserContentWithToolResults - } else { - userMsg.Content = kirocommon.DefaultUserContent - } - log.Debugf("kiro: user content was empty, using default: %s", userMsg.Content) - } - if isLastMessage { - currentUserMsg = &userMsg - currentToolResults = toolResults - } else { - // For history messages, embed tool results in context - if len(toolResults) > 0 { - userMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - ToolResults: toolResults, - } - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &userMsg, - }) - } - } else if role == "assistant" { - assistantMsg := BuildAssistantMessageStruct(msg) - if isLastMessage { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - // Create a "Continue" user message as currentMessage - currentUserMsg = &KiroUserInputMessage{ - Content: "Continue", - ModelID: modelID, - Origin: origin, - } - } else { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - } - } - } - - // POST-PROCESSING: Remove orphaned tool_results that have no matching tool_use - // in any assistant message. This happens when Claude Code compaction truncates - // the conversation and removes the assistant message containing the tool_use, - // but keeps the user message with the corresponding tool_result. - // Without this fix, Kiro API returns "Improperly formed request". - validToolUseIDs := make(map[string]bool) - for _, h := range history { - if h.AssistantResponseMessage != nil { - for _, tu := range h.AssistantResponseMessage.ToolUses { - validToolUseIDs[tu.ToolUseID] = true - } - } - } - - // Filter orphaned tool results from history user messages - for i, h := range history { - if h.UserInputMessage != nil && h.UserInputMessage.UserInputMessageContext != nil { - ctx := h.UserInputMessage.UserInputMessageContext - if len(ctx.ToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(ctx.ToolResults)) - for _, tr := range ctx.ToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - } else { - log.Debugf("kiro: dropping orphaned tool_result in history[%d]: toolUseId=%s (no matching tool_use)", i, tr.ToolUseID) - } - } - ctx.ToolResults = filtered - if len(ctx.ToolResults) == 0 && len(ctx.Tools) == 0 { - h.UserInputMessage.UserInputMessageContext = nil - } - } - } - } - - // Filter orphaned tool results from current message - if len(currentToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(currentToolResults)) - for _, tr := range currentToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - } else { - log.Debugf("kiro: dropping orphaned tool_result in currentMessage: toolUseId=%s (no matching tool_use)", tr.ToolUseID) - } - } - if len(filtered) != len(currentToolResults) { - log.Infof("kiro: dropped %d orphaned tool_result(s) from currentMessage (compaction artifact)", len(currentToolResults)-len(filtered)) - } - currentToolResults = filtered - } - - return history, currentUserMsg, currentToolResults -} - -// buildFinalContent builds the final content with system prompt -func buildFinalContent(content, systemPrompt string, toolResults []KiroToolResult) string { - var contentBuilder strings.Builder - - if systemPrompt != "" { - contentBuilder.WriteString("--- SYSTEM PROMPT ---\n") - contentBuilder.WriteString(systemPrompt) - contentBuilder.WriteString("\n--- END SYSTEM PROMPT ---\n\n") - } - - contentBuilder.WriteString(content) - finalContent := contentBuilder.String() - - // CRITICAL: Kiro API requires content to be non-empty - if strings.TrimSpace(finalContent) == "" { - if len(toolResults) > 0 { - finalContent = "Tool results provided." - } else { - finalContent = "Continue" - } - log.Debugf("kiro: content was empty, using default: %s", finalContent) - } - - return finalContent -} - -// deduplicateToolResults removes duplicate tool results -func deduplicateToolResults(toolResults []KiroToolResult) []KiroToolResult { - if len(toolResults) == 0 { - return toolResults - } - - seenIDs := make(map[string]bool) - unique := make([]KiroToolResult, 0, len(toolResults)) - for _, tr := range toolResults { - if !seenIDs[tr.ToolUseID] { - seenIDs[tr.ToolUseID] = true - unique = append(unique, tr) - } else { - log.Debugf("kiro: skipping duplicate toolResult in currentMessage: %s", tr.ToolUseID) - } - } - return unique -} - -// extractClaudeToolChoiceHint extracts tool_choice from Claude request and returns a system prompt hint. -// Claude tool_choice values: -// - {"type": "auto"}: Model decides (default, no hint needed) -// - {"type": "any"}: Must use at least one tool -// - {"type": "tool", "name": "..."}: Must use specific tool -func extractClaudeToolChoiceHint(claudeBody []byte) string { - toolChoice := gjson.GetBytes(claudeBody, "tool_choice") - if !toolChoice.Exists() { - return "" - } - - toolChoiceType := toolChoice.Get("type").String() - switch toolChoiceType { - case "any": - return "[INSTRUCTION: You MUST use at least one of the available tools to respond. Do not respond with text only - always make a tool call.]" - case "tool": - toolName := toolChoice.Get("name").String() - if toolName != "" { - return fmt.Sprintf("[INSTRUCTION: You MUST use the tool named '%s' to respond. Do not use any other tool or respond with text only.]", toolName) - } - case "auto": - // Default behavior, no hint needed - return "" - } - - return "" -} - -// BuildUserMessageStruct builds a user message and extracts tool results -func BuildUserMessageStruct(msg gjson.Result, modelID, origin string) (KiroUserInputMessage, []KiroToolResult) { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolResults []KiroToolResult - var images []KiroImage - - // Track seen toolUseIds to deduplicate - seenToolUseIDs := make(map[string]bool) - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "image": - mediaType := part.Get("source.media_type").String() - data := part.Get("source.data").String() - - format := "" - if idx := strings.LastIndex(mediaType, "/"); idx != -1 { - format = mediaType[idx+1:] - } - - if format != "" && data != "" { - images = append(images, KiroImage{ - Format: format, - Source: KiroImageSource{ - Bytes: data, - }, - }) - } - case "tool_result": - toolUseID := part.Get("tool_use_id").String() - - // Skip duplicate toolUseIds - if seenToolUseIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool_result with toolUseId: %s", toolUseID) - continue - } - seenToolUseIDs[toolUseID] = true - - isError := part.Get("is_error").Bool() - resultContent := part.Get("content") - - var textContents []KiroTextContent - - // Check if this tool_result contains error from our SOFT_LIMIT_REACHED tool_use - // The client will return an error when trying to execute a tool with marker input - resultStr := resultContent.String() - isSoftLimitError := strings.Contains(resultStr, "SOFT_LIMIT_REACHED") || - strings.Contains(resultStr, "_status") || - strings.Contains(resultStr, "truncated") || - strings.Contains(resultStr, "missing required") || - strings.Contains(resultStr, "invalid input") || - strings.Contains(resultStr, "Error writing file") - - if isError && isSoftLimitError { - // Replace error content with SOFT_LIMIT_REACHED guidance - log.Infof("kiro: detected SOFT_LIMIT_REACHED in tool_result for %s, replacing with guidance", toolUseID) - softLimitMsg := `SOFT_LIMIT_REACHED - -Your previous tool call was incomplete due to API output size limits. -The content was PARTIALLY transmitted but NOT executed. - -REQUIRED ACTION: -1. Split your content into smaller chunks (max 300 lines per call) -2. For file writes: Create file with first chunk, then use append for remaining -3. Do NOT regenerate content you already attempted - continue from where you stopped - -STATUS: This is NOT an error. Continue with smaller chunks.` - textContents = append(textContents, KiroTextContent{Text: softLimitMsg}) - // Mark as SUCCESS so Claude doesn't treat it as a failure - isError = false - } else if resultContent.IsArray() { - for _, item := range resultContent.Array() { - if item.Get("type").String() == "text" { - textContents = append(textContents, KiroTextContent{Text: item.Get("text").String()}) - } else if item.Type == gjson.String { - textContents = append(textContents, KiroTextContent{Text: item.String()}) - } - } - } else if resultContent.Type == gjson.String { - textContents = append(textContents, KiroTextContent{Text: resultContent.String()}) - } - - if len(textContents) == 0 { - textContents = append(textContents, KiroTextContent{Text: "Tool use was cancelled by the user"}) - } - - status := "success" - if isError { - status = "error" - } - - toolResults = append(toolResults, KiroToolResult{ - ToolUseID: toolUseID, - Content: textContents, - Status: status, - }) - } - } - } else { - contentBuilder.WriteString(content.String()) - } - - userMsg := KiroUserInputMessage{ - Content: contentBuilder.String(), - ModelID: modelID, - Origin: origin, - } - - if len(images) > 0 { - userMsg.Images = images - } - - return userMsg, toolResults -} - -// BuildAssistantMessageStruct builds an assistant message with tool uses -func BuildAssistantMessageStruct(msg gjson.Result) KiroAssistantResponseMessage { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolUses []KiroToolUse - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "tool_use": - toolUseID := part.Get("id").String() - toolName := part.Get("name").String() - toolInput := part.Get("input") - - var inputMap map[string]interface{} - if toolInput.IsObject() { - inputMap = make(map[string]interface{}) - toolInput.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - // Rename web_search → remote_web_search to match convertClaudeToolsToKiro - if toolName == "web_search" { - toolName = "remote_web_search" - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - } else { - contentBuilder.WriteString(content.String()) - } - - // CRITICAL FIX: Kiro API requires non-empty content for assistant messages - // This can happen with compaction requests where assistant messages have only tool_use - // (no text content). Without this fix, Kiro API returns "Improperly formed request" error. - finalContent := contentBuilder.String() - if strings.TrimSpace(finalContent) == "" { - if len(toolUses) > 0 { - finalContent = kirocommon.DefaultAssistantContentWithTools - } else { - finalContent = kirocommon.DefaultAssistantContent - } - log.Debugf("kiro: assistant content was empty, using default: %s", finalContent) - } - - return KiroAssistantResponseMessage{ - Content: finalContent, - ToolUses: toolUses, - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_response.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_response.go deleted file mode 100644 index 89a760cd80..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_response.go +++ /dev/null @@ -1,230 +0,0 @@ -// Package claude provides response translation functionality for Kiro API to Claude format. -// This package handles the conversion of Kiro API responses into Claude-compatible format, -// including support for thinking blocks and tool use. -package claude - -import ( - "crypto/sha256" - "encoding/base64" - "encoding/json" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" - - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" -) - -// generateThinkingSignature generates a signature for thinking content. -// This is required by Claude API for thinking blocks in non-streaming responses. -// The signature is a base64-encoded hash of the thinking content. -func generateThinkingSignature(thinkingContent string) string { - if thinkingContent == "" { - return "" - } - // Generate a deterministic signature based on content hash - hash := sha256.Sum256([]byte(thinkingContent)) - return base64.StdEncoding.EncodeToString(hash[:]) -} - -// Local references to kirocommon constants for thinking block parsing -var ( - thinkingStartTag = kirocommon.ThinkingStartTag - thinkingEndTag = kirocommon.ThinkingEndTag -) - -// BuildClaudeResponse constructs a Claude-compatible response. -// Supports tool_use blocks when tools are present in the response. -// Supports thinking blocks - parses tags and converts to Claude thinking content blocks. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildClaudeResponse(content string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - var contentBlocks []map[string]interface{} - - // Extract thinking blocks and text from content - if content != "" { - blocks := ExtractThinkingFromContent(content) - contentBlocks = append(contentBlocks, blocks...) - - // Log if thinking blocks were extracted - for _, block := range blocks { - if block["type"] == "thinking" { - thinkingContent := block["thinking"].(string) - log.Infof("kiro: buildClaudeResponse extracted thinking block (len: %d)", len(thinkingContent)) - } - } - } - - // Add tool_use blocks - emit truncated tools with SOFT_LIMIT_REACHED marker - hasTruncatedTools := false - for _, toolUse := range toolUses { - if toolUse.IsTruncated && toolUse.TruncationInfo != nil { - // Emit tool_use with SOFT_LIMIT_REACHED marker input - hasTruncatedTools = true - log.Infof("kiro: buildClaudeResponse emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", toolUse.Name, toolUse.ToolUseID) - - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "tool_use", - "id": toolUse.ToolUseID, - "name": toolUse.Name, - "input": markerInput, - }) - } else { - // Normal tool use - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "tool_use", - "id": toolUse.ToolUseID, - "name": toolUse.Name, - "input": toolUse.Input, - }) - } - } - - // Log if we used SOFT_LIMIT_REACHED - if hasTruncatedTools { - log.Infof("kiro: buildClaudeResponse using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use") - } - - // Ensure at least one content block (Claude API requires non-empty content) - if len(contentBlocks) == 0 { - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": "", - }) - } - - // Use upstream stopReason; apply fallback logic if not provided - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - if stopReason == "" { - stopReason = "end_turn" - if len(toolUses) > 0 { - stopReason = "tool_use" - } - log.Debugf("kiro: buildClaudeResponse using fallback stop_reason: %s", stopReason) - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (buildClaudeResponse)") - } - - response := map[string]interface{}{ - "id": "msg_" + uuid.New().String()[:24], - "type": "message", - "role": "assistant", - "model": model, - "content": contentBlocks, - "stop_reason": stopReason, - "usage": map[string]interface{}{ - "input_tokens": usageInfo.InputTokens, - "output_tokens": usageInfo.OutputTokens, - }, - } - result, _ := json.Marshal(response) - return result -} - -// ExtractThinkingFromContent parses content to extract thinking blocks and text. -// Returns a list of content blocks in the order they appear in the content. -// Handles interleaved thinking and text blocks correctly. -func ExtractThinkingFromContent(content string) []map[string]interface{} { - var blocks []map[string]interface{} - - if content == "" { - return blocks - } - - // Check if content contains thinking tags at all - if !strings.Contains(content, thinkingStartTag) { - // No thinking tags, return as plain text - return []map[string]interface{}{ - { - "type": "text", - "text": content, - }, - } - } - - log.Debugf("kiro: extractThinkingFromContent - found thinking tags in content (len: %d)", len(content)) - - remaining := content - - for len(remaining) > 0 { - // Look for tag - startIdx := strings.Index(remaining, thinkingStartTag) - - if startIdx == -1 { - // No more thinking tags, add remaining as text - if strings.TrimSpace(remaining) != "" { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": remaining, - }) - } - break - } - - // Add text before thinking tag (if any meaningful content) - if startIdx > 0 { - textBefore := remaining[:startIdx] - if strings.TrimSpace(textBefore) != "" { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": textBefore, - }) - } - } - - // Move past the opening tag - remaining = remaining[startIdx+len(thinkingStartTag):] - - // Find closing tag - endIdx := strings.Index(remaining, thinkingEndTag) - - if endIdx == -1 { - // No closing tag found, treat rest as thinking content (incomplete response) - if strings.TrimSpace(remaining) != "" { - // Generate signature for thinking content (required by Claude API) - signature := generateThinkingSignature(remaining) - blocks = append(blocks, map[string]interface{}{ - "type": "thinking", - "thinking": remaining, - "signature": signature, - }) - log.Warnf("kiro: extractThinkingFromContent - missing closing tag") - } - break - } - - // Extract thinking content between tags - thinkContent := remaining[:endIdx] - if strings.TrimSpace(thinkContent) != "" { - // Generate signature for thinking content (required by Claude API) - signature := generateThinkingSignature(thinkContent) - blocks = append(blocks, map[string]interface{}{ - "type": "thinking", - "thinking": thinkContent, - "signature": signature, - }) - log.Debugf("kiro: extractThinkingFromContent - extracted thinking block (len: %d)", len(thinkContent)) - } - - // Move past the closing tag - remaining = remaining[endIdx+len(thinkingEndTag):] - } - - // If no blocks were created (all whitespace), return empty text block - if len(blocks) == 0 { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": "", - }) - } - - return blocks -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_stream.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_stream.go deleted file mode 100644 index c86b6e023e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_stream.go +++ /dev/null @@ -1,306 +0,0 @@ -// Package claude provides streaming SSE event building for Claude format. -// This package handles the construction of Claude-compatible Server-Sent Events (SSE) -// for streaming responses from Kiro API. -package claude - -import ( - "encoding/json" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -// BuildClaudeMessageStartEvent creates the message_start SSE event -func BuildClaudeMessageStartEvent(model string, inputTokens int64) []byte { - event := map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": "msg_" + uuid.New().String()[:24], - "type": "message", - "role": "assistant", - "content": []interface{}{}, - "model": model, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{"input_tokens": inputTokens, "output_tokens": 0}, - }, - } - result, _ := json.Marshal(event) - return []byte("event: message_start\ndata: " + string(result)) -} - -// BuildClaudeContentBlockStartEvent creates a content_block_start SSE event -func BuildClaudeContentBlockStartEvent(index int, blockType, toolUseID, toolName string) []byte { - var contentBlock map[string]interface{} - switch blockType { - case "tool_use": - contentBlock = map[string]interface{}{ - "type": "tool_use", - "id": toolUseID, - "name": toolName, - "input": map[string]interface{}{}, - } - case "thinking": - contentBlock = map[string]interface{}{ - "type": "thinking", - "thinking": "", - } - default: - contentBlock = map[string]interface{}{ - "type": "text", - "text": "", - } - } - - event := map[string]interface{}{ - "type": "content_block_start", - "index": index, - "content_block": contentBlock, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_start\ndata: " + string(result)) -} - -// BuildClaudeStreamEvent creates a text_delta content_block_delta SSE event -func BuildClaudeStreamEvent(contentDelta string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "text_delta", - "text": contentDelta, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// BuildClaudeInputJsonDeltaEvent creates an input_json_delta event for tool use streaming -func BuildClaudeInputJsonDeltaEvent(partialJSON string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": partialJSON, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// BuildClaudeContentBlockStopEvent creates a content_block_stop SSE event -func BuildClaudeContentBlockStopEvent(index int) []byte { - event := map[string]interface{}{ - "type": "content_block_stop", - "index": index, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_stop\ndata: " + string(result)) -} - -// BuildClaudeThinkingBlockStopEvent creates a content_block_stop SSE event for thinking blocks. -func BuildClaudeThinkingBlockStopEvent(index int) []byte { - event := map[string]interface{}{ - "type": "content_block_stop", - "index": index, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_stop\ndata: " + string(result)) -} - -// BuildClaudeMessageDeltaEvent creates the message_delta event with stop_reason and usage -func BuildClaudeMessageDeltaEvent(stopReason string, usageInfo usage.Detail) []byte { - deltaEvent := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": stopReason, - "stop_sequence": nil, - }, - "usage": map[string]interface{}{ - "input_tokens": usageInfo.InputTokens, - "output_tokens": usageInfo.OutputTokens, - }, - } - deltaResult, _ := json.Marshal(deltaEvent) - return []byte("event: message_delta\ndata: " + string(deltaResult)) -} - -// BuildClaudeMessageStopOnlyEvent creates only the message_stop event -func BuildClaudeMessageStopOnlyEvent() []byte { - stopEvent := map[string]interface{}{ - "type": "message_stop", - } - stopResult, _ := json.Marshal(stopEvent) - return []byte("event: message_stop\ndata: " + string(stopResult)) -} - -// BuildClaudePingEventWithUsage creates a ping event with embedded usage information. -// This is used for real-time usage estimation during streaming. -func BuildClaudePingEventWithUsage(inputTokens, outputTokens int64) []byte { - event := map[string]interface{}{ - "type": "ping", - "usage": map[string]interface{}{ - "input_tokens": inputTokens, - "output_tokens": outputTokens, - "total_tokens": inputTokens + outputTokens, - "estimated": true, - }, - } - result, _ := json.Marshal(event) - return []byte("event: ping\ndata: " + string(result)) -} - -// BuildClaudeThinkingDeltaEvent creates a thinking_delta event for Claude API compatibility. -// This is used when streaming thinking content wrapped in tags. -func BuildClaudeThinkingDeltaEvent(thinkingDelta string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "thinking_delta", - "thinking": thinkingDelta, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// PendingTagSuffix detects if the buffer ends with a partial prefix of the given tag. -// Returns the length of the partial match (0 if no match). -// Based on amq2api implementation for handling cross-chunk tag boundaries. -func PendingTagSuffix(buffer, tag string) int { - if buffer == "" || tag == "" { - return 0 - } - maxLen := len(buffer) - if maxLen > len(tag)-1 { - maxLen = len(tag) - 1 - } - for length := maxLen; length > 0; length-- { - if len(buffer) >= length && buffer[len(buffer)-length:] == tag[:length] { - return length - } - } - return 0 -} - -// GenerateSearchIndicatorEvents generates ONLY the search indicator SSE events -// (server_tool_use + web_search_tool_result) without text summary or message termination. -// These events trigger Claude Code's search indicator UI. -// The caller is responsible for sending message_start before and message_delta/stop after. -func GenerateSearchIndicatorEvents( - query string, - toolUseID string, - searchResults *WebSearchResults, - startIndex int, -) [][]byte { - events := make([][]byte, 0, 5) - - // 1. content_block_start (server_tool_use) - event1 := map[string]interface{}{ - "type": "content_block_start", - "index": startIndex, - "content_block": map[string]interface{}{ - "id": toolUseID, - "type": "server_tool_use", - "name": "web_search", - "input": map[string]interface{}{}, - }, - } - data1, _ := json.Marshal(event1) - events = append(events, []byte("event: content_block_start\ndata: "+string(data1)+"\n\n")) - - // 2. content_block_delta (input_json_delta) - inputJSON, _ := json.Marshal(map[string]string{"query": query}) - event2 := map[string]interface{}{ - "type": "content_block_delta", - "index": startIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": string(inputJSON), - }, - } - data2, _ := json.Marshal(event2) - events = append(events, []byte("event: content_block_delta\ndata: "+string(data2)+"\n\n")) - - // 3. content_block_stop (server_tool_use) - event3 := map[string]interface{}{ - "type": "content_block_stop", - "index": startIndex, - } - data3, _ := json.Marshal(event3) - events = append(events, []byte("event: content_block_stop\ndata: "+string(data3)+"\n\n")) - - // 4. content_block_start (web_search_tool_result) - searchContent := make([]map[string]interface{}, 0) - if searchResults != nil { - for _, r := range searchResults.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - event4 := map[string]interface{}{ - "type": "content_block_start", - "index": startIndex + 1, - "content_block": map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": toolUseID, - "content": searchContent, - }, - } - data4, _ := json.Marshal(event4) - events = append(events, []byte("event: content_block_start\ndata: "+string(data4)+"\n\n")) - - // 5. content_block_stop (web_search_tool_result) - event5 := map[string]interface{}{ - "type": "content_block_stop", - "index": startIndex + 1, - } - data5, _ := json.Marshal(event5) - events = append(events, []byte("event: content_block_stop\ndata: "+string(data5)+"\n\n")) - - return events -} - -// BuildFallbackTextEvents generates SSE events for a fallback text response -// when the Kiro API fails during the search loop. Uses BuildClaude*Event() -// functions to align with streamToChannel patterns. -// Returns raw SSE byte slices ready to be sent to the client channel. -func BuildFallbackTextEvents(contentBlockIndex int, query string, results *WebSearchResults) [][]byte { - summary := FormatSearchContextPrompt(query, results) - outputTokens := len(summary) / 4 - if len(summary) > 0 && outputTokens == 0 { - outputTokens = 1 - } - - var events [][]byte - - // content_block_start (text) - events = append(events, BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "")) - - // content_block_delta (text_delta) - events = append(events, BuildClaudeStreamEvent(summary, contentBlockIndex)) - - // content_block_stop - events = append(events, BuildClaudeContentBlockStopEvent(contentBlockIndex)) - - // message_delta with end_turn - events = append(events, BuildClaudeMessageDeltaEvent("end_turn", usage.Detail{ - OutputTokens: int64(outputTokens), - })) - - // message_stop - events = append(events, BuildClaudeMessageStopOnlyEvent()) - - return events -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_stream_parser.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_stream_parser.go deleted file mode 100644 index 275196acfd..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_stream_parser.go +++ /dev/null @@ -1,350 +0,0 @@ -package claude - -import ( - "encoding/json" - "strings" - - log "github.com/sirupsen/logrus" -) - -// sseEvent represents a Server-Sent Event -type sseEvent struct { - Event string - Data interface{} -} - -// ToSSEString converts the event to SSE wire format -func (e *sseEvent) ToSSEString() string { - dataBytes, _ := json.Marshal(e.Data) - return "event: " + e.Event + "\ndata: " + string(dataBytes) + "\n\n" -} - -// AdjustStreamIndices adjusts content block indices in SSE event data by adding an offset. -// It also suppresses duplicate message_start events (returns shouldForward=false). -// This is used to combine search indicator events (indices 0,1) with Kiro model response events. -// -// The data parameter is a single SSE "data:" line payload (JSON). -// Returns: adjusted data, shouldForward (false = skip this event). -func AdjustStreamIndices(data []byte, offset int) ([]byte, bool) { - if len(data) == 0 { - return data, true - } - - // Quick check: parse the JSON - var event map[string]interface{} - if err := json.Unmarshal(data, &event); err != nil { - // Not valid JSON, pass through - return data, true - } - - eventType, _ := event["type"].(string) - - // Suppress duplicate message_start events - if eventType == "message_start" { - return data, false - } - - // Adjust index for content_block events - switch eventType { - case "content_block_start", "content_block_delta", "content_block_stop": - if idx, ok := event["index"].(float64); ok { - event["index"] = int(idx) + offset - adjusted, err := json.Marshal(event) - if err != nil { - return data, true - } - return adjusted, true - } - } - - // Pass through all other events unchanged (message_delta, message_stop, ping, etc.) - return data, true -} - -// AdjustSSEChunk processes a raw SSE chunk (potentially containing multiple "event:/data:" pairs) -// and adjusts content block indices. Suppresses duplicate message_start events. -// Returns the adjusted chunk and whether it should be forwarded. -func AdjustSSEChunk(chunk []byte, offset int) ([]byte, bool) { - chunkStr := string(chunk) - - // Fast path: if no "data:" prefix, pass through - if !strings.Contains(chunkStr, "data: ") { - return chunk, true - } - - var result strings.Builder - hasContent := false - - lines := strings.Split(chunkStr, "\n") - for i := 0; i < len(lines); i++ { - line := lines[i] - - if strings.HasPrefix(line, "data: ") { - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - if dataPayload == "[DONE]" { - result.WriteString(line + "\n") - hasContent = true - continue - } - - adjusted, shouldForward := AdjustStreamIndices([]byte(dataPayload), offset) - if !shouldForward { - // Skip this event and its preceding "event:" line - // Also skip the trailing empty line - continue - } - - result.WriteString("data: " + string(adjusted) + "\n") - hasContent = true - } else if strings.HasPrefix(line, "event: ") { - // Check if the next data line will be suppressed - if i+1 < len(lines) && strings.HasPrefix(lines[i+1], "data: ") { - dataPayload := strings.TrimPrefix(lines[i+1], "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err == nil { - if eventType, ok := event["type"].(string); ok && eventType == "message_start" { - // Skip both the event: and data: lines - i++ // skip the data: line too - continue - } - } - } - result.WriteString(line + "\n") - hasContent = true - } else { - result.WriteString(line + "\n") - if strings.TrimSpace(line) != "" { - hasContent = true - } - } - } - - if !hasContent { - return nil, false - } - - return []byte(result.String()), true -} - -// BufferedStreamResult contains the analysis of buffered SSE chunks from a Kiro API response. -type BufferedStreamResult struct { - // StopReason is the detected stop_reason from the stream (e.g., "end_turn", "tool_use") - StopReason string - // WebSearchQuery is the extracted query if the model requested another web_search - WebSearchQuery string - // WebSearchToolUseId is the tool_use ID from the model's response (needed for toolResults) - WebSearchToolUseId string - // HasWebSearchToolUse indicates whether the model requested web_search - HasWebSearchToolUse bool - // WebSearchToolUseIndex is the content_block index of the web_search tool_use - WebSearchToolUseIndex int -} - -// AnalyzeBufferedStream scans buffered SSE chunks to detect stop_reason and web_search tool_use. -// This is used in the search loop to determine if the model wants another search round. -func AnalyzeBufferedStream(chunks [][]byte) BufferedStreamResult { - result := BufferedStreamResult{WebSearchToolUseIndex: -1} - - // Track tool use state across chunks - var currentToolName string - var currentToolIndex int = -1 - var toolInputBuilder strings.Builder - - for _, chunk := range chunks { - chunkStr := string(chunk) - lines := strings.Split(chunkStr, "\n") - for _, line := range lines { - if !strings.HasPrefix(line, "data: ") { - continue - } - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - if dataPayload == "[DONE]" || dataPayload == "" { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err != nil { - continue - } - - eventType, _ := event["type"].(string) - - switch eventType { - case "message_delta": - // Extract stop_reason from message_delta - if delta, ok := event["delta"].(map[string]interface{}); ok { - if sr, ok := delta["stop_reason"].(string); ok && sr != "" { - result.StopReason = sr - } - } - - case "content_block_start": - // Detect tool_use content blocks - if cb, ok := event["content_block"].(map[string]interface{}); ok { - if cbType, ok := cb["type"].(string); ok && cbType == "tool_use" { - if name, ok := cb["name"].(string); ok { - currentToolName = strings.ToLower(name) - if idx, ok := event["index"].(float64); ok { - currentToolIndex = int(idx) - } - // Capture tool use ID for toolResults handshake - if id, ok := cb["id"].(string); ok { - result.WebSearchToolUseId = id - } - toolInputBuilder.Reset() - } - } - } - - case "content_block_delta": - // Accumulate tool input JSON - if currentToolName != "" { - if delta, ok := event["delta"].(map[string]interface{}); ok { - if deltaType, ok := delta["type"].(string); ok && deltaType == "input_json_delta" { - if partial, ok := delta["partial_json"].(string); ok { - toolInputBuilder.WriteString(partial) - } - } - } - } - - case "content_block_stop": - // Finalize tool use detection - if currentToolName == "web_search" || currentToolName == "websearch" || currentToolName == "remote_web_search" { - result.HasWebSearchToolUse = true - result.WebSearchToolUseIndex = currentToolIndex - // Extract query from accumulated input JSON - inputJSON := toolInputBuilder.String() - var input map[string]string - if err := json.Unmarshal([]byte(inputJSON), &input); err == nil { - if q, ok := input["query"]; ok { - result.WebSearchQuery = q - } - } - log.Debugf("kiro/websearch: detected web_search tool_use") - } - currentToolName = "" - currentToolIndex = -1 - toolInputBuilder.Reset() - } - } - } - - return result -} - -// FilterChunksForClient processes buffered SSE chunks and removes web_search tool_use -// content blocks. This prevents the client from seeing "Tool use" prompts for web_search -// when the proxy is handling the search loop internally. -// Also suppresses message_start and message_delta/message_stop events since those -// are managed by the outer handleWebSearchStream. -func FilterChunksForClient(chunks [][]byte, wsToolIndex int, indexOffset int) [][]byte { - var filtered [][]byte - - for _, chunk := range chunks { - chunkStr := string(chunk) - lines := strings.Split(chunkStr, "\n") - - var resultBuilder strings.Builder - hasContent := false - - for i := 0; i < len(lines); i++ { - line := lines[i] - - if strings.HasPrefix(line, "data: ") { - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - if dataPayload == "[DONE]" { - // Skip [DONE] — the outer loop manages stream termination - continue - } - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err != nil { - resultBuilder.WriteString(line + "\n") - hasContent = true - continue - } - - eventType, _ := event["type"].(string) - - // Skip message_start (outer loop sends its own) - if eventType == "message_start" { - continue - } - - // Skip message_delta and message_stop (outer loop manages these) - if eventType == "message_delta" || eventType == "message_stop" { - continue - } - - // Check if this event belongs to the web_search tool_use block - if wsToolIndex >= 0 { - if idx, ok := event["index"].(float64); ok && int(idx) == wsToolIndex { - // Skip events for the web_search tool_use block - continue - } - } - - // Apply index offset for remaining events - if indexOffset > 0 { - switch eventType { - case "content_block_start", "content_block_delta", "content_block_stop": - if idx, ok := event["index"].(float64); ok { - event["index"] = int(idx) + indexOffset - adjusted, err := json.Marshal(event) - if err == nil { - resultBuilder.WriteString("data: " + string(adjusted) + "\n") - hasContent = true - continue - } - } - } - } - - resultBuilder.WriteString(line + "\n") - hasContent = true - } else if strings.HasPrefix(line, "event: ") { - // Check if the next data line will be suppressed - if i+1 < len(lines) && strings.HasPrefix(lines[i+1], "data: ") { - nextData := strings.TrimPrefix(lines[i+1], "data: ") - nextData = strings.TrimSpace(nextData) - - var nextEvent map[string]interface{} - if err := json.Unmarshal([]byte(nextData), &nextEvent); err == nil { - nextType, _ := nextEvent["type"].(string) - if nextType == "message_start" || nextType == "message_delta" || nextType == "message_stop" { - i++ // skip the data line - continue - } - if wsToolIndex >= 0 { - if idx, ok := nextEvent["index"].(float64); ok && int(idx) == wsToolIndex { - i++ // skip the data line - continue - } - } - } - } - resultBuilder.WriteString(line + "\n") - hasContent = true - } else { - resultBuilder.WriteString(line + "\n") - if strings.TrimSpace(line) != "" { - hasContent = true - } - } - } - - if hasContent { - filtered = append(filtered, []byte(resultBuilder.String())) - } - } - - return filtered -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_tools.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_tools.go deleted file mode 100644 index d00c74932c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_claude_tools.go +++ /dev/null @@ -1,543 +0,0 @@ -// Package claude provides tool calling support for Kiro to Claude translation. -// This package handles parsing embedded tool calls, JSON repair, and deduplication. -package claude - -import ( - "encoding/json" - "regexp" - "strings" - - "github.com/google/uuid" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" -) - -// ToolUseState tracks the state of an in-progress tool use during streaming. -type ToolUseState struct { - ToolUseID string - Name string - InputBuffer strings.Builder - IsComplete bool - TruncationInfo *TruncationInfo // Truncation detection result (set when complete) -} - -// Pre-compiled regex patterns for performance -var ( - // embeddedToolCallPattern matches [Called tool_name with args: {...}] format - embeddedToolCallPattern = regexp.MustCompile(`\[Called\s+([A-Za-z0-9_.-]+)\s+with\s+args:\s*`) - // trailingCommaPattern matches trailing commas before closing braces/brackets - trailingCommaPattern = regexp.MustCompile(`,\s*([}\]])`) -) - -// ParseEmbeddedToolCalls extracts [Called tool_name with args: {...}] format from text. -// Kiro sometimes embeds tool calls in text content instead of using toolUseEvent. -// Returns the cleaned text (with tool calls removed) and extracted tool uses. -func ParseEmbeddedToolCalls(text string, processedIDs map[string]bool) (string, []KiroToolUse) { - if !strings.Contains(text, "[Called") { - return text, nil - } - - var toolUses []KiroToolUse - cleanText := text - - // Find all [Called markers - matches := embeddedToolCallPattern.FindAllStringSubmatchIndex(text, -1) - if len(matches) == 0 { - return text, nil - } - - // Process matches in reverse order to maintain correct indices - for i := len(matches) - 1; i >= 0; i-- { - matchStart := matches[i][0] - toolNameStart := matches[i][2] - toolNameEnd := matches[i][3] - - if toolNameStart < 0 || toolNameEnd < 0 { - continue - } - - toolName := text[toolNameStart:toolNameEnd] - - // Find the JSON object start (after "with args:") - jsonStart := matches[i][1] - if jsonStart >= len(text) { - continue - } - - // Skip whitespace to find the opening brace - for jsonStart < len(text) && (text[jsonStart] == ' ' || text[jsonStart] == '\t') { - jsonStart++ - } - - if jsonStart >= len(text) || text[jsonStart] != '{' { - continue - } - - // Find matching closing bracket - jsonEnd := findMatchingBracket(text, jsonStart) - if jsonEnd < 0 { - continue - } - - // Extract JSON and find the closing bracket of [Called ...] - jsonStr := text[jsonStart : jsonEnd+1] - - // Find the closing ] after the JSON - closingBracket := jsonEnd + 1 - for closingBracket < len(text) && text[closingBracket] != ']' { - closingBracket++ - } - if closingBracket >= len(text) { - continue - } - - // End index of the full tool call (closing ']' inclusive) - matchEnd := closingBracket + 1 - - // Repair and parse JSON - repairedJSON := RepairJSON(jsonStr) - var inputMap map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &inputMap); err != nil { - log.Debugf("kiro: failed to parse embedded tool call JSON: %v, raw: %s", err, jsonStr) - continue - } - - // Generate unique tool ID - toolUseID := "toolu_" + uuid.New().String()[:12] - - // Check for duplicates using name+input as key - dedupeKey := toolName + ":" + repairedJSON - if processedIDs != nil { - if processedIDs[dedupeKey] { - log.Debugf("kiro: skipping duplicate embedded tool call: %s", toolName) - // Still remove from text even if duplicate - if matchStart >= 0 && matchEnd <= len(cleanText) && matchStart <= matchEnd { - cleanText = cleanText[:matchStart] + cleanText[matchEnd:] - } - continue - } - processedIDs[dedupeKey] = true - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - - log.Infof("kiro: extracted embedded tool call: %s (ID: %s)", toolName, toolUseID) - - // Remove from clean text (index-based removal to avoid deleting the wrong occurrence) - if matchStart >= 0 && matchEnd <= len(cleanText) && matchStart <= matchEnd { - cleanText = cleanText[:matchStart] + cleanText[matchEnd:] - } - } - - return cleanText, toolUses -} - -// findMatchingBracket finds the index of the closing brace/bracket that matches -// the opening one at startPos. Handles nested objects and strings correctly. -func findMatchingBracket(text string, startPos int) int { - if startPos >= len(text) { - return -1 - } - - openChar := text[startPos] - var closeChar byte - switch openChar { - case '{': - closeChar = '}' - case '[': - closeChar = ']' - default: - return -1 - } - - depth := 1 - inString := false - escapeNext := false - - for i := startPos + 1; i < len(text); i++ { - char := text[i] - - if escapeNext { - escapeNext = false - continue - } - - if char == '\\' && inString { - escapeNext = true - continue - } - - if char == '"' { - inString = !inString - continue - } - - if !inString { - if char == openChar { - depth++ - } else if char == closeChar { - depth-- - if depth == 0 { - return i - } - } - } - } - - return -1 -} - -// RepairJSON attempts to fix common JSON issues that may occur in tool call arguments. -// Conservative repair strategy: -// 1. First try to parse JSON directly - if valid, return as-is -// 2. Only attempt repair if parsing fails -// 3. After repair, validate the result - if still invalid, return original -func RepairJSON(jsonString string) string { - // Handle empty or invalid input - if jsonString == "" { - return "{}" - } - - str := strings.TrimSpace(jsonString) - if str == "" { - return "{}" - } - - // CONSERVATIVE STRATEGY: First try to parse directly - var testParse interface{} - if err := json.Unmarshal([]byte(str), &testParse); err == nil { - log.Debugf("kiro: repairJSON - JSON is already valid, returning unchanged") - return str - } - - log.Debugf("kiro: repairJSON - JSON parse failed, attempting repair") - originalStr := str - - // First, escape unescaped newlines/tabs within JSON string values - str = escapeNewlinesInStrings(str) - // Remove trailing commas before closing braces/brackets - str = trailingCommaPattern.ReplaceAllString(str, "$1") - - // Calculate bracket balance - braceCount := 0 - bracketCount := 0 - inString := false - escape := false - lastValidIndex := -1 - - for i := 0; i < len(str); i++ { - char := str[i] - - if escape { - escape = false - continue - } - - if char == '\\' { - escape = true - continue - } - - if char == '"' { - inString = !inString - continue - } - - if inString { - continue - } - - switch char { - case '{': - braceCount++ - case '}': - braceCount-- - case '[': - bracketCount++ - case ']': - bracketCount-- - } - - if braceCount >= 0 && bracketCount >= 0 { - lastValidIndex = i - } - } - - // If brackets are unbalanced, try to repair - if braceCount > 0 || bracketCount > 0 { - if lastValidIndex > 0 && lastValidIndex < len(str)-1 { - truncated := str[:lastValidIndex+1] - // Recount brackets after truncation - braceCount = 0 - bracketCount = 0 - inString = false - escape = false - for i := 0; i < len(truncated); i++ { - char := truncated[i] - if escape { - escape = false - continue - } - if char == '\\' { - escape = true - continue - } - if char == '"' { - inString = !inString - continue - } - if inString { - continue - } - switch char { - case '{': - braceCount++ - case '}': - braceCount-- - case '[': - bracketCount++ - case ']': - bracketCount-- - } - } - str = truncated - } - - // Add missing closing brackets - for braceCount > 0 { - str += "}" - braceCount-- - } - for bracketCount > 0 { - str += "]" - bracketCount-- - } - } - - // Validate repaired JSON - if err := json.Unmarshal([]byte(str), &testParse); err != nil { - log.Warnf("kiro: repairJSON - repair failed to produce valid JSON, returning original") - return originalStr - } - - log.Debugf("kiro: repairJSON - successfully repaired JSON") - return str -} - -// escapeNewlinesInStrings escapes literal newlines, tabs, and other control characters -// that appear inside JSON string values. -func escapeNewlinesInStrings(raw string) string { - var result strings.Builder - result.Grow(len(raw) + 100) - - inString := false - escaped := false - - for i := 0; i < len(raw); i++ { - c := raw[i] - - if escaped { - result.WriteByte(c) - escaped = false - continue - } - - if c == '\\' && inString { - result.WriteByte(c) - escaped = true - continue - } - - if c == '"' { - inString = !inString - result.WriteByte(c) - continue - } - - if inString { - switch c { - case '\n': - result.WriteString("\\n") - case '\r': - result.WriteString("\\r") - case '\t': - result.WriteString("\\t") - default: - result.WriteByte(c) - } - } else { - result.WriteByte(c) - } - } - - return result.String() -} - -// ProcessToolUseEvent handles a toolUseEvent from the Kiro stream. -// It accumulates input fragments and emits tool_use blocks when complete. -// Returns events to emit and updated state. -func ProcessToolUseEvent(event map[string]interface{}, currentToolUse *ToolUseState, processedIDs map[string]bool) ([]KiroToolUse, *ToolUseState) { - var toolUses []KiroToolUse - - // Extract from nested toolUseEvent or direct format - tu := event - if nested, ok := event["toolUseEvent"].(map[string]interface{}); ok { - tu = nested - } - - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - isStop := false - if stop, ok := tu["stop"].(bool); ok { - isStop = stop - } - - // Get input - can be string (fragment) or object (complete) - var inputFragment string - var inputMap map[string]interface{} - - if inputRaw, ok := tu["input"]; ok { - switch v := inputRaw.(type) { - case string: - inputFragment = v - case map[string]interface{}: - inputMap = v - } - } - - // New tool use starting - if toolUseID != "" && toolName != "" { - if currentToolUse != nil && currentToolUse.ToolUseID != toolUseID { - log.Warnf("kiro: interleaved tool use detected - new ID %s arrived while %s in progress, completing previous", - toolUseID, currentToolUse.ToolUseID) - if !processedIDs[currentToolUse.ToolUseID] { - incomplete := KiroToolUse{ - ToolUseID: currentToolUse.ToolUseID, - Name: currentToolUse.Name, - } - if currentToolUse.InputBuffer.Len() > 0 { - raw := currentToolUse.InputBuffer.String() - repaired := RepairJSON(raw) - - var input map[string]interface{} - if err := json.Unmarshal([]byte(repaired), &input); err != nil { - log.Warnf("kiro: failed to parse interleaved tool input: %v, raw: %s", err, raw) - input = make(map[string]interface{}) - } - incomplete.Input = input - } - toolUses = append(toolUses, incomplete) - processedIDs[currentToolUse.ToolUseID] = true - } - currentToolUse = nil - } - - if currentToolUse == nil { - if processedIDs != nil && processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate toolUseEvent: %s", toolUseID) - return nil, nil - } - - currentToolUse = &ToolUseState{ - ToolUseID: toolUseID, - Name: toolName, - } - log.Infof("kiro: starting new tool use: %s (ID: %s)", toolName, toolUseID) - } - } - - // Accumulate input fragments - if currentToolUse != nil && inputFragment != "" { - currentToolUse.InputBuffer.WriteString(inputFragment) - log.Debugf("kiro: accumulated input fragment, total length: %d", currentToolUse.InputBuffer.Len()) - } - - // If complete input object provided directly - if currentToolUse != nil && inputMap != nil { - inputBytes, _ := json.Marshal(inputMap) - currentToolUse.InputBuffer.Reset() - currentToolUse.InputBuffer.Write(inputBytes) - } - - // Tool use complete - if isStop && currentToolUse != nil { - fullInput := currentToolUse.InputBuffer.String() - - // Repair and parse the accumulated JSON - repairedJSON := RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse accumulated tool input: %v, raw: %s", err, fullInput) - finalInput = make(map[string]interface{}) - } - - // Detect truncation for all tools - truncInfo := DetectTruncation(currentToolUse.Name, currentToolUse.ToolUseID, fullInput, finalInput) - if truncInfo.IsTruncated { - log.Warnf("kiro: TRUNCATION DETECTED for tool %s (ID: %s): type=%s, raw_size=%d bytes", - currentToolUse.Name, currentToolUse.ToolUseID, truncInfo.TruncationType, len(fullInput)) - log.Warnf("kiro: truncation details: %s", truncInfo.ErrorMessage) - if len(truncInfo.ParsedFields) > 0 { - log.Infof("kiro: partial fields received: %v", truncInfo.ParsedFields) - } - // Store truncation info in the state for upstream handling - currentToolUse.TruncationInfo = &truncInfo - } else { - log.Infof("kiro: tool use %s input length: %d bytes (no truncation)", currentToolUse.Name, len(fullInput)) - } - - // Create the tool use with truncation info if applicable - toolUse := KiroToolUse{ - ToolUseID: currentToolUse.ToolUseID, - Name: currentToolUse.Name, - Input: finalInput, - IsTruncated: truncInfo.IsTruncated, - TruncationInfo: nil, // Will be set below if truncated - } - if truncInfo.IsTruncated { - toolUse.TruncationInfo = &truncInfo - } - toolUses = append(toolUses, toolUse) - - if processedIDs != nil { - processedIDs[currentToolUse.ToolUseID] = true - } - - log.Infof("kiro: completed tool use: %s (ID: %s, truncated: %v)", currentToolUse.Name, currentToolUse.ToolUseID, truncInfo.IsTruncated) - return toolUses, nil - } - - return toolUses, currentToolUse -} - -// DeduplicateToolUses removes duplicate tool uses based on toolUseId and content. -func DeduplicateToolUses(toolUses []KiroToolUse) []KiroToolUse { - seenIDs := make(map[string]bool) - seenContent := make(map[string]bool) - var unique []KiroToolUse - - for _, tu := range toolUses { - if seenIDs[tu.ToolUseID] { - log.Debugf("kiro: removing ID-duplicate tool use: %s (name: %s)", tu.ToolUseID, tu.Name) - continue - } - - inputJSON, _ := json.Marshal(tu.Input) - contentKey := tu.Name + ":" + string(inputJSON) - - if seenContent[contentKey] { - log.Debugf("kiro: removing content-duplicate tool use: %s (id: %s)", tu.Name, tu.ToolUseID) - continue - } - - seenIDs[tu.ToolUseID] = true - seenContent[contentKey] = true - unique = append(unique, tu) - } - - return unique -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_websearch.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_websearch.go deleted file mode 100644 index b9da38294c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_websearch.go +++ /dev/null @@ -1,495 +0,0 @@ -// Package claude provides web search functionality for Kiro translator. -// This file implements detection, MCP request/response types, and pure data -// transformation utilities for web search. SSE event generation, stream analysis, -// and HTTP I/O logic reside in the executor package (kiro_executor.go). -package claude - -import ( - "encoding/json" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/google/uuid" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// cachedToolDescription stores the dynamically-fetched web_search tool description. -// Written by the executor via SetWebSearchDescription, read by the translator -// when building the remote_web_search tool for Kiro API requests. -var cachedToolDescription atomic.Value // stores string - -// GetWebSearchDescription returns the cached web_search tool description, -// or empty string if not yet fetched. Lock-free via atomic.Value. -func GetWebSearchDescription() string { - if v := cachedToolDescription.Load(); v != nil { - return v.(string) - } - return "" -} - -// SetWebSearchDescription stores the dynamically-fetched web_search tool description. -// Called by the executor after fetching from MCP tools/list. -func SetWebSearchDescription(desc string) { - cachedToolDescription.Store(desc) -} - -// McpRequest represents a JSON-RPC 2.0 request to Kiro MCP API -type McpRequest struct { - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Method string `json:"method"` - Params McpParams `json:"params"` -} - -// McpParams represents MCP request parameters -type McpParams struct { - Name string `json:"name"` - Arguments McpArguments `json:"arguments"` -} - -// McpArgumentsMeta represents the _meta field in MCP arguments -type McpArgumentsMeta struct { - IsValid bool `json:"_isValid"` - ActivePath []string `json:"_activePath"` - CompletedPaths [][]string `json:"_completedPaths"` -} - -// McpArguments represents MCP request arguments -type McpArguments struct { - Query string `json:"query"` - Meta *McpArgumentsMeta `json:"_meta,omitempty"` -} - -// McpResponse represents a JSON-RPC 2.0 response from Kiro MCP API -type McpResponse struct { - Error *McpError `json:"error,omitempty"` - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Result *McpResult `json:"result,omitempty"` -} - -// McpError represents an MCP error -type McpError struct { - Code *int `json:"code,omitempty"` - Message *string `json:"message,omitempty"` -} - -// McpResult represents MCP result -type McpResult struct { - Content []McpContent `json:"content"` - IsError bool `json:"isError"` -} - -// McpContent represents MCP content item -type McpContent struct { - ContentType string `json:"type"` - Text string `json:"text"` -} - -// WebSearchResults represents parsed search results -type WebSearchResults struct { - Results []WebSearchResult `json:"results"` - TotalResults *int `json:"totalResults,omitempty"` - Query *string `json:"query,omitempty"` - Error *string `json:"error,omitempty"` -} - -// WebSearchResult represents a single search result -type WebSearchResult struct { - Title string `json:"title"` - URL string `json:"url"` - Snippet *string `json:"snippet,omitempty"` - PublishedDate *int64 `json:"publishedDate,omitempty"` - ID *string `json:"id,omitempty"` - Domain *string `json:"domain,omitempty"` - MaxVerbatimWordLimit *int `json:"maxVerbatimWordLimit,omitempty"` - PublicDomain *bool `json:"publicDomain,omitempty"` -} - -// isWebSearchTool checks if a tool name or type indicates a web_search tool. -func isWebSearchTool(name, toolType string) bool { - return name == "web_search" || - strings.HasPrefix(toolType, "web_search") || - toolType == "web_search_20250305" -} - -// HasWebSearchTool checks if the request contains ONLY a web_search tool. -// Returns true only if tools array has exactly one tool named "web_search". -// Only intercept pure web_search requests (single-tool array). -func HasWebSearchTool(body []byte) bool { - tools := gjson.GetBytes(body, "tools") - if !tools.IsArray() { - return false - } - - toolsArray := tools.Array() - if len(toolsArray) != 1 { - return false - } - - // Check if the single tool is web_search - tool := toolsArray[0] - - // Check both name and type fields for web_search detection - name := strings.ToLower(tool.Get("name").String()) - toolType := strings.ToLower(tool.Get("type").String()) - - return isWebSearchTool(name, toolType) -} - -// ExtractSearchQuery extracts the search query from the request. -// Reads messages[0].content and removes "Perform a web search for the query: " prefix. -func ExtractSearchQuery(body []byte) string { - messages := gjson.GetBytes(body, "messages") - if !messages.IsArray() || len(messages.Array()) == 0 { - return "" - } - - firstMsg := messages.Array()[0] - content := firstMsg.Get("content") - - var text string - if content.IsArray() { - // Array format: [{"type": "text", "text": "..."}] - for _, block := range content.Array() { - if block.Get("type").String() == "text" { - text = block.Get("text").String() - break - } - } - } else { - // String format - text = content.String() - } - - // Remove prefix "Perform a web search for the query: " - const prefix = "Perform a web search for the query: " - if strings.HasPrefix(text, prefix) { - text = text[len(prefix):] - } - - return strings.TrimSpace(text) -} - -// generateRandomID8 generates an 8-character random lowercase alphanumeric string -func generateRandomID8() string { - u := uuid.New() - return strings.ToLower(strings.ReplaceAll(u.String(), "-", "")[:8]) -} - -// CreateMcpRequest creates an MCP request for web search. -// Returns (toolUseID, McpRequest) -// ID format: web_search_tooluse_{22 random}_{timestamp_millis}_{8 random} -func CreateMcpRequest(query string) (string, *McpRequest) { - random22 := GenerateToolUseID() - timestamp := time.Now().UnixMilli() - random8 := generateRandomID8() - - requestID := fmt.Sprintf("web_search_tooluse_%s_%d_%s", random22, timestamp, random8) - - // tool_use_id format: srvtoolu_{32 hex chars} - toolUseID := "srvtoolu_" + strings.ReplaceAll(uuid.New().String(), "-", "")[:32] - - request := &McpRequest{ - ID: requestID, - JSONRPC: "2.0", - Method: "tools/call", - Params: McpParams{ - Name: "web_search", - Arguments: McpArguments{ - Query: query, - Meta: &McpArgumentsMeta{ - IsValid: true, - ActivePath: []string{"query"}, - CompletedPaths: [][]string{{"query"}}, - }, - }, - }, - } - - return toolUseID, request -} - -// GenerateToolUseID generates a Kiro-style tool use ID (base62-like UUID) -func GenerateToolUseID() string { - return strings.ReplaceAll(uuid.New().String(), "-", "")[:22] -} - -// ReplaceWebSearchToolDescription replaces the web_search tool description with -// a minimal version that allows re-search without the restrictive "do not search -// non-coding topics" instruction from the original Kiro tools/list response. -// This keeps the tool available so the model can request additional searches. -func ReplaceWebSearchToolDescription(body []byte) ([]byte, error) { - tools := gjson.GetBytes(body, "tools") - if !tools.IsArray() { - return body, nil - } - - var updated []json.RawMessage - for _, tool := range tools.Array() { - name := strings.ToLower(tool.Get("name").String()) - toolType := strings.ToLower(tool.Get("type").String()) - - if isWebSearchTool(name, toolType) { - // Replace with a minimal web_search tool definition - minimalTool := map[string]interface{}{ - "name": "web_search", - "description": "Search the web for information. Use this when the previous search results are insufficient or when you need additional information on a different aspect of the query. Provide a refined or different search query.", - "input_schema": map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{ - "query": map[string]interface{}{ - "type": "string", - "description": "The search query to execute", - }, - }, - "required": []string{"query"}, - "additionalProperties": false, - }, - } - minimalJSON, err := json.Marshal(minimalTool) - if err != nil { - return body, fmt.Errorf("failed to marshal minimal tool: %w", err) - } - updated = append(updated, json.RawMessage(minimalJSON)) - } else { - updated = append(updated, json.RawMessage(tool.Raw)) - } - } - - updatedJSON, err := json.Marshal(updated) - if err != nil { - return body, fmt.Errorf("failed to marshal updated tools: %w", err) - } - result, err := sjson.SetRawBytes(body, "tools", updatedJSON) - if err != nil { - return body, fmt.Errorf("failed to set updated tools: %w", err) - } - - return result, nil -} - -// FormatSearchContextPrompt formats search results as a structured text block -// for injection into the system prompt. -func FormatSearchContextPrompt(query string, results *WebSearchResults) string { - var sb strings.Builder - sb.WriteString(fmt.Sprintf("[Web Search Results for \"%s\"]\n", query)) - - if results != nil && len(results.Results) > 0 { - for i, r := range results.Results { - sb.WriteString(fmt.Sprintf("%d. %s - %s\n", i+1, r.Title, r.URL)) - if r.Snippet != nil && *r.Snippet != "" { - snippet := *r.Snippet - if len(snippet) > 500 { - snippet = snippet[:500] + "..." - } - sb.WriteString(fmt.Sprintf(" %s\n", snippet)) - } - } - } else { - sb.WriteString("No results found.\n") - } - - sb.WriteString("[End Web Search Results]") - return sb.String() -} - -// FormatToolResultText formats search results as JSON text for the toolResults content field. -// This matches the format observed in Kiro IDE HAR captures. -func FormatToolResultText(results *WebSearchResults) string { - if results == nil || len(results.Results) == 0 { - return "No search results found." - } - - text := fmt.Sprintf("Found %d search result(s):\n\n", len(results.Results)) - resultJSON, err := json.MarshalIndent(results.Results, "", " ") - if err != nil { - return text + "Error formatting results." - } - return text + string(resultJSON) -} - -// InjectToolResultsClaude modifies a Claude-format JSON payload to append -// tool_use (assistant) and tool_result (user) messages to the messages array. -// BuildKiroPayload correctly translates: -// - assistant tool_use → KiroAssistantResponseMessage.toolUses -// - user tool_result → KiroUserInputMessageContext.toolResults -// -// This produces the exact same GAR request format as the Kiro IDE (HAR captures). -// IMPORTANT: The web_search tool must remain in the "tools" array for this to work. -// Use ReplaceWebSearchToolDescription to keep the tool available with a minimal description. -func InjectToolResultsClaude(claudePayload []byte, toolUseId, query string, results *WebSearchResults) ([]byte, error) { - var payload map[string]interface{} - if err := json.Unmarshal(claudePayload, &payload); err != nil { - return claudePayload, fmt.Errorf("failed to parse claude payload: %w", err) - } - - messages, _ := payload["messages"].([]interface{}) - - // 1. Append assistant message with tool_use (matches HAR: assistantResponseMessage.toolUses) - assistantMsg := map[string]interface{}{ - "role": "assistant", - "content": []interface{}{ - map[string]interface{}{ - "type": "tool_use", - "id": toolUseId, - "name": "web_search", - "input": map[string]interface{}{"query": query}, - }, - }, - } - messages = append(messages, assistantMsg) - - // 2. Append user message with tool_result + search behavior instructions. - // NOTE: We embed search instructions HERE (not in system prompt) because - // BuildKiroPayload clears the system prompt when len(history) > 0, - // which is always true after injecting assistant + user messages. - now := time.Now() - searchGuidance := fmt.Sprintf(` -Current date: %s (%s) - -IMPORTANT: Evaluate the search results above carefully. If the results are: -- Mostly spam, SEO junk, or unrelated websites -- Missing actual information about the query topic -- Outdated or not matching the requested time frame - -Then you MUST use the web_search tool again with a refined query. Try: -- Rephrasing in English for better coverage -- Using more specific keywords -- Adding date context - -Do NOT apologize for bad results without first attempting a re-search. -`, now.Format("January 2, 2006"), now.Format("Monday")) - - userMsg := map[string]interface{}{ - "role": "user", - "content": []interface{}{ - map[string]interface{}{ - "type": "tool_result", - "tool_use_id": toolUseId, - "content": FormatToolResultText(results), - }, - map[string]interface{}{ - "type": "text", - "text": searchGuidance, - }, - }, - } - messages = append(messages, userMsg) - - payload["messages"] = messages - - result, err := json.Marshal(payload) - if err != nil { - return claudePayload, fmt.Errorf("failed to marshal updated payload: %w", err) - } - - log.Infof("kiro/websearch: injected tool_use+tool_result (toolUseId=%s, messages=%d)", - toolUseId, len(messages)) - - return result, nil -} - -// InjectSearchIndicatorsInResponse prepends server_tool_use + web_search_tool_result -// content blocks into a non-streaming Claude JSON response. Claude Code counts -// server_tool_use blocks to display "Did X searches in Ys". -// -// Input response: {"content": [{"type":"text","text":"..."}], ...} -// Output response: {"content": [{"type":"server_tool_use",...}, {"type":"web_search_tool_result",...}, {"type":"text","text":"..."}], ...} -func InjectSearchIndicatorsInResponse(responsePayload []byte, searches []SearchIndicator) ([]byte, error) { - if len(searches) == 0 { - return responsePayload, nil - } - - var resp map[string]interface{} - if err := json.Unmarshal(responsePayload, &resp); err != nil { - return responsePayload, fmt.Errorf("failed to parse response: %w", err) - } - - existingContent, _ := resp["content"].([]interface{}) - - // Build new content: search indicators first, then existing content - newContent := make([]interface{}, 0, len(searches)*2+len(existingContent)) - - for _, s := range searches { - // server_tool_use block - newContent = append(newContent, map[string]interface{}{ - "type": "server_tool_use", - "id": s.ToolUseID, - "name": "web_search", - "input": map[string]interface{}{"query": s.Query}, - }) - - // web_search_tool_result block - searchContent := make([]map[string]interface{}, 0) - if s.Results != nil { - for _, r := range s.Results.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - newContent = append(newContent, map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": s.ToolUseID, - "content": searchContent, - }) - } - - // Append existing content blocks - newContent = append(newContent, existingContent...) - resp["content"] = newContent - - result, err := json.Marshal(resp) - if err != nil { - return responsePayload, fmt.Errorf("failed to marshal response: %w", err) - } - - log.Infof("kiro/websearch: injected %d search indicator(s) into non-stream response", len(searches)) - return result, nil -} - -// SearchIndicator holds the data for one search operation to inject into a response. -type SearchIndicator struct { - ToolUseID string - Query string - Results *WebSearchResults -} - -// BuildMcpEndpoint constructs the MCP endpoint URL for the given AWS region. -// Centralizes the URL pattern used by both handleWebSearch and handleWebSearchStream. -func BuildMcpEndpoint(region string) string { - return fmt.Sprintf("https://q.%s.amazonaws.com/mcp", region) -} - -// ParseSearchResults extracts WebSearchResults from MCP response -func ParseSearchResults(response *McpResponse) *WebSearchResults { - if response == nil || response.Result == nil || len(response.Result.Content) == 0 { - return nil - } - - content := response.Result.Content[0] - if content.ContentType != "text" { - return nil - } - - var results WebSearchResults - if err := json.Unmarshal([]byte(content.Text), &results); err != nil { - log.Warnf("kiro/websearch: failed to parse search results: %v", err) - return nil - } - - return &results -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_websearch_handler.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_websearch_handler.go deleted file mode 100644 index 9652e87bb1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/kiro_websearch_handler.go +++ /dev/null @@ -1,167 +0,0 @@ -// Package claude provides web search handler for Kiro translator. -// This file implements the MCP API call and response handling. -package claude - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - "net/http" - "sync" - "time" - - "github.com/google/uuid" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -// fallbackFpOnce and fallbackFp provide a shared fallback fingerprint -// for WebSearchHandler when no fingerprint is provided. -var ( - fallbackFpOnce sync.Once - fallbackFp *kiroauth.Fingerprint -) - -// WebSearchHandler handles web search requests via Kiro MCP API -type WebSearchHandler struct { - McpEndpoint string - HTTPClient *http.Client - AuthToken string - Fingerprint *kiroauth.Fingerprint // optional, for dynamic headers - AuthAttrs map[string]string // optional, for custom headers from auth.Attributes -} - -// NewWebSearchHandler creates a new WebSearchHandler. -// If httpClient is nil, a default client with 30s timeout is used. -// If fingerprint is nil, a random one-off fingerprint is generated. -// Pass a shared pooled client (e.g. from getKiroPooledHTTPClient) for connection reuse. -func NewWebSearchHandler(mcpEndpoint, authToken string, httpClient *http.Client, fp *kiroauth.Fingerprint, authAttrs map[string]string) *WebSearchHandler { - if httpClient == nil { - httpClient = &http.Client{ - Timeout: 30 * time.Second, - } - } - if fp == nil { - // Use a shared fallback fingerprint for callers without token context - fallbackFpOnce.Do(func() { - mgr := kiroauth.NewFingerprintManager() - fallbackFp = mgr.GetFingerprint("mcp-fallback") - }) - fp = fallbackFp - } - return &WebSearchHandler{ - McpEndpoint: mcpEndpoint, - HTTPClient: httpClient, - AuthToken: authToken, - Fingerprint: fp, - AuthAttrs: authAttrs, - } -} - -// setMcpHeaders sets standard MCP API headers on the request, -// aligned with the GAR request pattern in kiro_executor.go. -func (h *WebSearchHandler) setMcpHeaders(req *http.Request) { - fp := h.Fingerprint - - // 1. Content-Type & Accept (aligned with GAR) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "*/*") - - // 2. Kiro-specific headers (aligned with GAR) - req.Header.Set("x-amzn-kiro-agent-mode", "vibe") - req.Header.Set("x-amzn-codewhisperer-optout", "true") - - // 3. Dynamic fingerprint headers - req.Header.Set("User-Agent", fp.BuildUserAgent()) - req.Header.Set("X-Amz-User-Agent", fp.BuildAmzUserAgent()) - - // 4. AWS SDK identifiers (casing aligned with GAR) - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // 5. Authentication - req.Header.Set("Authorization", "Bearer "+h.AuthToken) - - // 6. Custom headers from auth attributes - util.ApplyCustomHeadersFromAttrs(req, h.AuthAttrs) -} - -// mcpMaxRetries is the maximum number of retries for MCP API calls. -const mcpMaxRetries = 2 - -// CallMcpAPI calls the Kiro MCP API with the given request. -// Includes retry logic with exponential backoff for retryable errors, -// aligned with the GAR request retry pattern. -func (h *WebSearchHandler) CallMcpAPI(request *McpRequest) (*McpResponse, error) { - requestBody, err := json.Marshal(request) - if err != nil { - return nil, fmt.Errorf("failed to marshal MCP request: %w", err) - } - log.Debugf("kiro/websearch MCP request → %s (%d bytes)", h.McpEndpoint, len(requestBody)) - - var lastErr error - for attempt := 0; attempt <= mcpMaxRetries; attempt++ { - if attempt > 0 { - backoff := time.Duration(1< 10*time.Second { - backoff = 10 * time.Second - } - log.Warnf("kiro/websearch: MCP retry %d/%d after %v (last error: %v)", attempt, mcpMaxRetries, backoff, lastErr) - time.Sleep(backoff) - } - - req, err := http.NewRequest("POST", h.McpEndpoint, bytes.NewReader(requestBody)) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP request: %w", err) - } - - h.setMcpHeaders(req) - - resp, err := h.HTTPClient.Do(req) - if err != nil { - lastErr = fmt.Errorf("MCP API request failed: %w", err) - continue // network error → retry - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read MCP response: %w", err) - continue // read error → retry - } - log.Debugf("kiro/websearch MCP response ← [%d] (%d bytes)", resp.StatusCode, len(body)) - - // Retryable HTTP status codes (aligned with GAR: 502, 503, 504) - if resp.StatusCode >= 502 && resp.StatusCode <= 504 { - lastErr = fmt.Errorf("MCP API returned retryable status %d: %s", resp.StatusCode, string(body)) - continue - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("MCP API returned status %d: %s", resp.StatusCode, string(body)) - } - - var mcpResponse McpResponse - if err := json.Unmarshal(body, &mcpResponse); err != nil { - return nil, fmt.Errorf("failed to parse MCP response: %w", err) - } - - if mcpResponse.Error != nil { - code := -1 - if mcpResponse.Error.Code != nil { - code = *mcpResponse.Error.Code - } - msg := "Unknown error" - if mcpResponse.Error.Message != nil { - msg = *mcpResponse.Error.Message - } - return nil, fmt.Errorf("MCP error %d: %s", code, msg) - } - - return &mcpResponse, nil - } - - return nil, lastErr -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/tool_compression.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/tool_compression.go deleted file mode 100644 index 7d4a424e96..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/tool_compression.go +++ /dev/null @@ -1,191 +0,0 @@ -// Package claude provides tool compression functionality for Kiro translator. -// This file implements dynamic tool compression to reduce tool payload size -// when it exceeds the target threshold, preventing 500 errors from Kiro API. -package claude - -import ( - "encoding/json" - "unicode/utf8" - - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" -) - -// calculateToolsSize calculates the JSON serialized size of the tools list. -// Returns the size in bytes. -func calculateToolsSize(tools []KiroToolWrapper) int { - if len(tools) == 0 { - return 0 - } - data, err := json.Marshal(tools) - if err != nil { - log.Warnf("kiro: failed to marshal tools for size calculation: %v", err) - return 0 - } - return len(data) -} - -// simplifyInputSchema simplifies the input_schema by keeping only essential fields: -// type, enum, required. Recursively processes nested properties. -func simplifyInputSchema(schema interface{}) interface{} { - if schema == nil { - return nil - } - - schemaMap, ok := schema.(map[string]interface{}) - if !ok { - return schema - } - - simplified := make(map[string]interface{}) - - // Keep essential fields - if t, ok := schemaMap["type"]; ok { - simplified["type"] = t - } - if enum, ok := schemaMap["enum"]; ok { - simplified["enum"] = enum - } - if required, ok := schemaMap["required"]; ok { - simplified["required"] = required - } - - // Recursively process properties - if properties, ok := schemaMap["properties"].(map[string]interface{}); ok { - simplifiedProps := make(map[string]interface{}) - for key, value := range properties { - simplifiedProps[key] = simplifyInputSchema(value) - } - simplified["properties"] = simplifiedProps - } - - // Process items for array types - if items, ok := schemaMap["items"]; ok { - simplified["items"] = simplifyInputSchema(items) - } - - // Process additionalProperties if present - if additionalProps, ok := schemaMap["additionalProperties"]; ok { - simplified["additionalProperties"] = simplifyInputSchema(additionalProps) - } - - // Process anyOf, oneOf, allOf - for _, key := range []string{"anyOf", "oneOf", "allOf"} { - if arr, ok := schemaMap[key].([]interface{}); ok { - simplifiedArr := make([]interface{}, len(arr)) - for i, item := range arr { - simplifiedArr[i] = simplifyInputSchema(item) - } - simplified[key] = simplifiedArr - } - } - - return simplified -} - -// compressToolDescription compresses a description to the target length. -// Ensures the result is at least MinToolDescriptionLength characters. -// Uses UTF-8 safe truncation. -func compressToolDescription(description string, targetLength int) string { - if targetLength < kirocommon.MinToolDescriptionLength { - targetLength = kirocommon.MinToolDescriptionLength - } - - if len(description) <= targetLength { - return description - } - - // Find a safe truncation point (UTF-8 boundary) - truncLen := targetLength - 3 // Leave room for "..." - - // Ensure we don't cut in the middle of a UTF-8 character - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - - if truncLen <= 0 { - return description[:kirocommon.MinToolDescriptionLength] - } - - return description[:truncLen] + "..." -} - -// compressToolsIfNeeded compresses tools if their total size exceeds the target threshold. -// Compression strategy: -// 1. First, check if compression is needed (size > ToolCompressionTargetSize) -// 2. Step 1: Simplify input_schema (keep only type/enum/required) -// 3. Step 2: Proportionally compress descriptions (minimum MinToolDescriptionLength chars) -// Returns the compressed tools list. -func compressToolsIfNeeded(tools []KiroToolWrapper) []KiroToolWrapper { - if len(tools) == 0 { - return tools - } - - originalSize := calculateToolsSize(tools) - if originalSize <= kirocommon.ToolCompressionTargetSize { - log.Debugf("kiro: tools size %d bytes is within target %d bytes, no compression needed", - originalSize, kirocommon.ToolCompressionTargetSize) - return tools - } - - log.Infof("kiro: tools size %d bytes exceeds target %d bytes, starting compression", - originalSize, kirocommon.ToolCompressionTargetSize) - - // Create a copy of tools to avoid modifying the original - compressedTools := make([]KiroToolWrapper, len(tools)) - for i, tool := range tools { - compressedTools[i] = KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: tool.ToolSpecification.Name, - Description: tool.ToolSpecification.Description, - InputSchema: KiroInputSchema{JSON: tool.ToolSpecification.InputSchema.JSON}, - }, - } - } - - // Step 1: Simplify input_schema - for i := range compressedTools { - compressedTools[i].ToolSpecification.InputSchema.JSON = - simplifyInputSchema(compressedTools[i].ToolSpecification.InputSchema.JSON) - } - - sizeAfterSchemaSimplification := calculateToolsSize(compressedTools) - log.Debugf("kiro: size after schema simplification: %d bytes (reduced by %d bytes)", - sizeAfterSchemaSimplification, originalSize-sizeAfterSchemaSimplification) - - // Check if we're within target after schema simplification - if sizeAfterSchemaSimplification <= kirocommon.ToolCompressionTargetSize { - log.Infof("kiro: compression complete after schema simplification, final size: %d bytes", - sizeAfterSchemaSimplification) - return compressedTools - } - - // Step 2: Compress descriptions proportionally - sizeToReduce := float64(sizeAfterSchemaSimplification - kirocommon.ToolCompressionTargetSize) - var totalDescLen float64 - for _, tool := range compressedTools { - totalDescLen += float64(len(tool.ToolSpecification.Description)) - } - - if totalDescLen > 0 { - // Assume size reduction comes primarily from descriptions. - keepRatio := 1.0 - (sizeToReduce / totalDescLen) - if keepRatio > 1.0 { - keepRatio = 1.0 - } else if keepRatio < 0 { - keepRatio = 0 - } - - for i := range compressedTools { - desc := compressedTools[i].ToolSpecification.Description - targetLen := int(float64(len(desc)) * keepRatio) - compressedTools[i].ToolSpecification.Description = compressToolDescription(desc, targetLen) - } - } - - finalSize := calculateToolsSize(compressedTools) - log.Infof("kiro: compression complete, original: %d bytes, final: %d bytes (%.1f%% reduction)", - originalSize, finalSize, float64(originalSize-finalSize)/float64(originalSize)*100) - - return compressedTools -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/truncation_detector.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/truncation_detector.go deleted file mode 100644 index b05ec11acd..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/claude/truncation_detector.go +++ /dev/null @@ -1,517 +0,0 @@ -// Package claude provides truncation detection for Kiro tool call responses. -// When Kiro API reaches its output token limit, tool call JSON may be truncated, -// resulting in incomplete or unparseable input parameters. -package claude - -import ( - "encoding/json" - "strings" - - log "github.com/sirupsen/logrus" -) - -// TruncationInfo contains details about detected truncation in a tool use event. -type TruncationInfo struct { - IsTruncated bool // Whether truncation was detected - TruncationType string // Type of truncation detected - ToolName string // Name of the truncated tool - ToolUseID string // ID of the truncated tool use - RawInput string // The raw (possibly truncated) input string - ParsedFields map[string]string // Fields that were successfully parsed before truncation - ErrorMessage string // Human-readable error message -} - -// TruncationType constants for different truncation scenarios -const ( - TruncationTypeNone = "" // No truncation detected - TruncationTypeEmptyInput = "empty_input" // No input data received at all - TruncationTypeInvalidJSON = "invalid_json" // JSON is syntactically invalid (truncated mid-value) - TruncationTypeMissingFields = "missing_fields" // JSON parsed but critical fields are missing - TruncationTypeIncompleteString = "incomplete_string" // String value was cut off mid-content -) - -// KnownWriteTools lists tool names that typically write content and have a "content" field. -// These tools are checked for content field truncation specifically. -var KnownWriteTools = map[string]bool{ - "Write": true, - "write_to_file": true, - "fsWrite": true, - "create_file": true, - "edit_file": true, - "apply_diff": true, - "str_replace_editor": true, - "insert": true, -} - -// KnownCommandTools lists tool names that execute commands. -var KnownCommandTools = map[string]bool{ - "Bash": true, - "execute": true, - "run_command": true, - "shell": true, - "terminal": true, - "execute_python": true, -} - -// RequiredFieldsByTool maps tool names to their required fields. -// If any of these fields are missing, the tool input is considered truncated. -var RequiredFieldsByTool = map[string][]string{ - "Write": {"file_path", "content"}, - "write_to_file": {"path", "content"}, - "fsWrite": {"path", "content"}, - "create_file": {"path", "content"}, - "edit_file": {"path"}, - "apply_diff": {"path", "diff"}, - "str_replace_editor": {"path", "old_str", "new_str"}, - "Bash": {"command"}, - "execute": {"command"}, - "run_command": {"command"}, -} - -// DetectTruncation checks if the tool use input appears to be truncated. -// It returns detailed information about the truncation status and type. -func DetectTruncation(toolName, toolUseID, rawInput string, parsedInput map[string]interface{}) TruncationInfo { - info := TruncationInfo{ - ToolName: toolName, - ToolUseID: toolUseID, - RawInput: rawInput, - ParsedFields: make(map[string]string), - } - - // Scenario 1: Empty input buffer - no data received at all - if strings.TrimSpace(rawInput) == "" { - info.IsTruncated = true - info.TruncationType = TruncationTypeEmptyInput - info.ErrorMessage = "Tool input was completely empty - API response may have been truncated before tool parameters were transmitted" - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): empty input buffer", - info.TruncationType, toolName, toolUseID) - return info - } - - // Scenario 2: JSON parse failure - syntactically invalid JSON - if parsedInput == nil || len(parsedInput) == 0 { - // Check if the raw input looks like truncated JSON - if looksLikeTruncatedJSON(rawInput) { - info.IsTruncated = true - info.TruncationType = TruncationTypeInvalidJSON - info.ParsedFields = extractPartialFields(rawInput) - info.ErrorMessage = buildTruncationErrorMessage(toolName, info.TruncationType, info.ParsedFields, rawInput) - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): JSON parse failed, raw length=%d bytes", - info.TruncationType, toolName, toolUseID, len(rawInput)) - return info - } - } - - // Scenario 3: JSON parsed but critical fields are missing - if parsedInput != nil { - requiredFields, hasRequirements := RequiredFieldsByTool[toolName] - if hasRequirements { - missingFields := findMissingRequiredFields(parsedInput, requiredFields) - if len(missingFields) > 0 { - info.IsTruncated = true - info.TruncationType = TruncationTypeMissingFields - info.ParsedFields = extractParsedFieldNames(parsedInput) - info.ErrorMessage = buildMissingFieldsErrorMessage(toolName, missingFields, info.ParsedFields) - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): missing required fields: %v", - info.TruncationType, toolName, toolUseID, missingFields) - return info - } - } - - // Scenario 4: Check for incomplete string values (very short content for write tools) - if isWriteTool(toolName) { - if contentTruncation := detectContentTruncation(parsedInput, rawInput); contentTruncation != "" { - info.IsTruncated = true - info.TruncationType = TruncationTypeIncompleteString - info.ParsedFields = extractParsedFieldNames(parsedInput) - info.ErrorMessage = contentTruncation - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): %s", - info.TruncationType, toolName, toolUseID, contentTruncation) - return info - } - } - } - - // No truncation detected - info.IsTruncated = false - info.TruncationType = TruncationTypeNone - return info -} - -// looksLikeTruncatedJSON checks if the raw string appears to be truncated JSON. -func looksLikeTruncatedJSON(raw string) bool { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return false - } - - // Must start with { to be considered JSON - if !strings.HasPrefix(trimmed, "{") { - return false - } - - // Count brackets to detect imbalance - openBraces := strings.Count(trimmed, "{") - closeBraces := strings.Count(trimmed, "}") - openBrackets := strings.Count(trimmed, "[") - closeBrackets := strings.Count(trimmed, "]") - - // Bracket imbalance suggests truncation - if openBraces > closeBraces || openBrackets > closeBrackets { - return true - } - - // Check for obvious truncation patterns - // - Ends with a quote but no closing brace - // - Ends with a colon (mid key-value) - // - Ends with a comma (mid object/array) - lastChar := trimmed[len(trimmed)-1] - if lastChar != '}' && lastChar != ']' { - // Check if it's not a complete simple value - if lastChar == '"' || lastChar == ':' || lastChar == ',' { - return true - } - } - - // Check for unclosed strings (odd number of unescaped quotes) - inString := false - escaped := false - for i := 0; i < len(trimmed); i++ { - c := trimmed[i] - if escaped { - escaped = false - continue - } - if c == '\\' { - escaped = true - continue - } - if c == '"' { - inString = !inString - } - } - if inString { - return true // Unclosed string - } - - return false -} - -// extractPartialFields attempts to extract any field names from malformed JSON. -// This helps provide context about what was received before truncation. -func extractPartialFields(raw string) map[string]string { - fields := make(map[string]string) - - // Simple pattern matching for "key": "value" or "key": value patterns - // This works even with truncated JSON - trimmed := strings.TrimSpace(raw) - if !strings.HasPrefix(trimmed, "{") { - return fields - } - - // Remove opening brace - content := strings.TrimPrefix(trimmed, "{") - - // Split by comma (rough parsing) - parts := strings.Split(content, ",") - for _, part := range parts { - part = strings.TrimSpace(part) - if colonIdx := strings.Index(part, ":"); colonIdx > 0 { - key := strings.TrimSpace(part[:colonIdx]) - key = strings.Trim(key, `"`) - value := strings.TrimSpace(part[colonIdx+1:]) - - // Truncate long values for display - if len(value) > 50 { - value = value[:50] + "..." - } - fields[key] = value - } - } - - return fields -} - -// extractParsedFieldNames returns the field names from a successfully parsed map. -func extractParsedFieldNames(parsed map[string]interface{}) map[string]string { - fields := make(map[string]string) - for key, val := range parsed { - switch v := val.(type) { - case string: - if len(v) > 50 { - fields[key] = v[:50] + "..." - } else { - fields[key] = v - } - case nil: - fields[key] = "" - default: - // For complex types, just indicate presence - fields[key] = "" - } - } - return fields -} - -// findMissingRequiredFields checks which required fields are missing from the parsed input. -func findMissingRequiredFields(parsed map[string]interface{}, required []string) []string { - var missing []string - for _, field := range required { - if _, exists := parsed[field]; !exists { - missing = append(missing, field) - } - } - return missing -} - -// isWriteTool checks if the tool is a known write/file operation tool. -func isWriteTool(toolName string) bool { - return KnownWriteTools[toolName] -} - -// detectContentTruncation checks if the content field appears truncated for write tools. -func detectContentTruncation(parsed map[string]interface{}, rawInput string) string { - // Check for content field - content, hasContent := parsed["content"] - if !hasContent { - return "" - } - - contentStr, isString := content.(string) - if !isString { - return "" - } - - // Heuristic: if raw input is very large but content is suspiciously short, - // it might indicate truncation during JSON repair - if len(rawInput) > 1000 && len(contentStr) < 100 { - return "content field appears suspiciously short compared to raw input size" - } - - // Check for code blocks that appear to be cut off - if strings.Contains(contentStr, "```") { - openFences := strings.Count(contentStr, "```") - if openFences%2 != 0 { - return "content contains unclosed code fence (```) suggesting truncation" - } - } - - return "" -} - -// buildTruncationErrorMessage creates a human-readable error message for truncation. -func buildTruncationErrorMessage(toolName, truncationType string, parsedFields map[string]string, rawInput string) string { - var sb strings.Builder - sb.WriteString("Tool input was truncated by the API. ") - - switch truncationType { - case TruncationTypeEmptyInput: - sb.WriteString("No input data was received.") - case TruncationTypeInvalidJSON: - sb.WriteString("JSON was cut off mid-transmission. ") - if len(parsedFields) > 0 { - sb.WriteString("Partial fields received: ") - first := true - for k := range parsedFields { - if !first { - sb.WriteString(", ") - } - sb.WriteString(k) - first = false - } - } - case TruncationTypeMissingFields: - sb.WriteString("Required fields are missing from the input.") - case TruncationTypeIncompleteString: - sb.WriteString("Content appears to be shortened or incomplete.") - } - - sb.WriteString(" Received ") - sb.WriteString(string(rune(len(rawInput)))) - sb.WriteString(" bytes. Please retry with smaller content chunks.") - - return sb.String() -} - -// buildMissingFieldsErrorMessage creates an error message for missing required fields. -func buildMissingFieldsErrorMessage(toolName string, missingFields []string, parsedFields map[string]string) string { - var sb strings.Builder - sb.WriteString("Tool '") - sb.WriteString(toolName) - sb.WriteString("' is missing required fields: ") - sb.WriteString(strings.Join(missingFields, ", ")) - sb.WriteString(". Fields received: ") - - first := true - for k := range parsedFields { - if !first { - sb.WriteString(", ") - } - sb.WriteString(k) - first = false - } - - sb.WriteString(". This usually indicates the API response was truncated.") - return sb.String() -} - -// IsTruncated is a convenience function to check if a tool use appears truncated. -func IsTruncated(toolName, rawInput string, parsedInput map[string]interface{}) bool { - info := DetectTruncation(toolName, "", rawInput, parsedInput) - return info.IsTruncated -} - -// GetTruncationSummary returns a short summary string for logging. -func GetTruncationSummary(info TruncationInfo) string { - if !info.IsTruncated { - return "" - } - - result, _ := json.Marshal(map[string]interface{}{ - "tool": info.ToolName, - "type": info.TruncationType, - "parsed_fields": info.ParsedFields, - "raw_input_size": len(info.RawInput), - }) - return string(result) -} - -// SoftFailureMessage contains the message structure for a truncation soft failure. -// This is returned to Claude as a tool_result to guide retry behavior. -type SoftFailureMessage struct { - Status string // "incomplete" - not an error, just incomplete - Reason string // Why the tool call was incomplete - Guidance []string // Step-by-step retry instructions - Context string // Any context about what was received - MaxLineHint int // Suggested maximum lines per chunk -} - -// BuildSoftFailureMessage creates a structured message for Claude when truncation is detected. -// This follows the "soft failure" pattern: -// - For Claude: Clear explanation of what happened and how to fix -// - For User: Hidden or minimized (appears as normal processing) -// -// Key principle: "Conclusion First" -// 1. First state what happened (incomplete) -// 2. Then explain how to fix (chunked approach) -// 3. Provide specific guidance (line limits) -func BuildSoftFailureMessage(info TruncationInfo) SoftFailureMessage { - msg := SoftFailureMessage{ - Status: "incomplete", - MaxLineHint: 300, // Conservative default - } - - // Build reason based on truncation type - switch info.TruncationType { - case TruncationTypeEmptyInput: - msg.Reason = "Your tool call was too large and the input was completely lost during transmission." - msg.MaxLineHint = 200 - case TruncationTypeInvalidJSON: - msg.Reason = "Your tool call was truncated mid-transmission, resulting in incomplete JSON." - msg.MaxLineHint = 250 - case TruncationTypeMissingFields: - msg.Reason = "Your tool call was partially received but critical fields were cut off." - msg.MaxLineHint = 300 - case TruncationTypeIncompleteString: - msg.Reason = "Your tool call content was truncated - the full content did not arrive." - msg.MaxLineHint = 350 - default: - msg.Reason = "Your tool call was truncated by the API due to output size limits." - } - - // Build context from parsed fields - if len(info.ParsedFields) > 0 { - var parts []string - for k, v := range info.ParsedFields { - if len(v) > 30 { - v = v[:30] + "..." - } - parts = append(parts, k+"="+v) - } - msg.Context = "Received partial data: " + strings.Join(parts, ", ") - } - - // Build retry guidance - CRITICAL: Conclusion first approach - msg.Guidance = []string{ - "CONCLUSION: Split your output into smaller chunks and retry.", - "", - "REQUIRED APPROACH:", - "1. For file writes: Write in chunks of ~" + formatInt(msg.MaxLineHint) + " lines maximum", - "2. For new files: First create with initial chunk, then append remaining sections", - "3. For edits: Make surgical, targeted changes - avoid rewriting entire files", - "", - "EXAMPLE (writing a 600-line file):", - " - Step 1: Write lines 1-300 (create file)", - " - Step 2: Append lines 301-600 (extend file)", - "", - "DO NOT attempt to write the full content again in a single call.", - "The API has a hard output limit that cannot be bypassed.", - } - - return msg -} - -// formatInt converts an integer to string (helper to avoid strconv import) -func formatInt(n int) string { - if n == 0 { - return "0" - } - result := "" - for n > 0 { - result = string(rune('0'+n%10)) + result - n /= 10 - } - return result -} - -// BuildSoftFailureToolResult creates a tool_result content for Claude. -// This is what Claude will see when a tool call is truncated. -// Returns a string that should be used as the tool_result content. -func BuildSoftFailureToolResult(info TruncationInfo) string { - msg := BuildSoftFailureMessage(info) - - var sb strings.Builder - sb.WriteString("TOOL_CALL_INCOMPLETE\n") - sb.WriteString("status: ") - sb.WriteString(msg.Status) - sb.WriteString("\n") - sb.WriteString("reason: ") - sb.WriteString(msg.Reason) - sb.WriteString("\n") - - if msg.Context != "" { - sb.WriteString("context: ") - sb.WriteString(msg.Context) - sb.WriteString("\n") - } - - sb.WriteString("\n") - for _, line := range msg.Guidance { - if line != "" { - sb.WriteString(line) - sb.WriteString("\n") - } - } - - return sb.String() -} - -// CreateTruncationToolResult creates a KiroToolUse that represents a soft failure. -// Instead of returning the truncated tool_use, we return a tool with a special -// error result that guides Claude to retry with smaller chunks. -// -// This is the key mechanism for "soft failure": -// - stop_reason remains "tool_use" so Claude continues -// - The tool_result content explains the issue and how to fix it -// - Claude will read this and adjust its approach -func CreateTruncationToolResult(info TruncationInfo) KiroToolUse { - // We create a pseudo tool_use that represents the failed attempt - // The executor will convert this to a tool_result with the guidance message - return KiroToolUse{ - ToolUseID: info.ToolUseID, - Name: info.ToolName, - Input: nil, // No input since it was truncated - IsTruncated: true, - TruncationInfo: &info, - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/constants.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/common/constants.go deleted file mode 100644 index 3016947cf2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/constants.go +++ /dev/null @@ -1,103 +0,0 @@ -// Package common provides shared constants and utilities for Kiro translator. -package common - -const ( - // KiroMaxToolDescLen is the maximum description length for Kiro API tools. - // Kiro API limit is 10240 bytes, leave room for "..." - KiroMaxToolDescLen = 10237 - - // ToolCompressionTargetSize is the target total size for compressed tools (20KB). - // If tools exceed this size, compression will be applied. - ToolCompressionTargetSize = 20 * 1024 // 20KB - - // MinToolDescriptionLength is the minimum description length after compression. - // Descriptions will not be shortened below this length. - MinToolDescriptionLength = 50 - - // ThinkingStartTag is the start tag for thinking blocks in responses. - ThinkingStartTag = "" - - // ThinkingEndTag is the end tag for thinking blocks in responses. - ThinkingEndTag = "" - - // CodeFenceMarker is the markdown code fence marker. - CodeFenceMarker = "```" - - // AltCodeFenceMarker is the alternative markdown code fence marker. - AltCodeFenceMarker = "~~~" - - // InlineCodeMarker is the markdown inline code marker (backtick). - InlineCodeMarker = "`" - - // DefaultAssistantContentWithTools is the fallback content for assistant messages - // that have tool_use but no text content. Kiro API requires non-empty content. - // IMPORTANT: Use a minimal neutral string that the model won't mimic in responses. - // Previously "I'll help you with that." which caused the model to parrot it back. - DefaultAssistantContentWithTools = "." - - // DefaultAssistantContent is the fallback content for assistant messages - // that have no content at all. Kiro API requires non-empty content. - // IMPORTANT: Use a minimal neutral string that the model won't mimic in responses. - // Previously "I understand." which could leak into model behavior. - DefaultAssistantContent = "." - - // DefaultUserContentWithToolResults is the fallback content for user messages - // that have only tool_result (no text). Kiro API requires non-empty content. - DefaultUserContentWithToolResults = "Tool results provided." - - // DefaultUserContent is the fallback content for user messages - // that have no content at all. Kiro API requires non-empty content. - DefaultUserContent = "Continue" - - // KiroAgenticSystemPrompt is injected only for -agentic models to prevent timeouts on large writes. - // AWS Kiro API has a 2-3 minute timeout for large file write operations. - KiroAgenticSystemPrompt = ` -# CRITICAL: CHUNKED WRITE PROTOCOL (MANDATORY) - -You MUST follow these rules for ALL file operations. Violation causes server timeouts and task failure. - -## ABSOLUTE LIMITS -- **MAXIMUM 350 LINES** per single write/edit operation - NO EXCEPTIONS -- **RECOMMENDED 300 LINES** or less for optimal performance -- **NEVER** write entire files in one operation if >300 lines - -## MANDATORY CHUNKED WRITE STRATEGY - -### For NEW FILES (>300 lines total): -1. FIRST: Write initial chunk (first 250-300 lines) using write_to_file/fsWrite -2. THEN: Append remaining content in 250-300 line chunks using file append operations -3. REPEAT: Continue appending until complete - -### For EDITING EXISTING FILES: -1. Use surgical edits (apply_diff/targeted edits) - change ONLY what's needed -2. NEVER rewrite entire files - use incremental modifications -3. Split large refactors into multiple small, focused edits - -### For LARGE CODE GENERATION: -1. Generate in logical sections (imports, types, functions separately) -2. Write each section as a separate operation -3. Use append operations for subsequent sections - -## EXAMPLES OF CORRECT BEHAVIOR - -✅ CORRECT: Writing a 600-line file -- Operation 1: Write lines 1-300 (initial file creation) -- Operation 2: Append lines 301-600 - -✅ CORRECT: Editing multiple functions -- Operation 1: Edit function A -- Operation 2: Edit function B -- Operation 3: Edit function C - -❌ WRONG: Writing 500 lines in single operation → TIMEOUT -❌ WRONG: Rewriting entire file to change 5 lines → TIMEOUT -❌ WRONG: Generating massive code blocks without chunking → TIMEOUT - -## WHY THIS MATTERS -- Server has 2-3 minute timeout for operations -- Large writes exceed timeout and FAIL completely -- Chunked writes are FASTER and more RELIABLE -- Failed writes waste time and require retry - -REMEMBER: When in doubt, write LESS per operation. Multiple small operations > one large operation.` -) diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/message_merge.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/common/message_merge.go deleted file mode 100644 index 2765fc6e98..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/message_merge.go +++ /dev/null @@ -1,160 +0,0 @@ -// Package common provides shared utilities for Kiro translators. -package common - -import ( - "encoding/json" - - "github.com/tidwall/gjson" -) - -// MergeAdjacentMessages merges adjacent messages with the same role. -// This reduces API call complexity and improves compatibility. -// Based on AIClient-2-API implementation. -// NOTE: Tool messages are NOT merged because each has a unique tool_call_id that must be preserved. -func MergeAdjacentMessages(messages []gjson.Result) []gjson.Result { - if len(messages) <= 1 { - return messages - } - - var merged []gjson.Result - for _, msg := range messages { - if len(merged) == 0 { - merged = append(merged, msg) - continue - } - - lastMsg := merged[len(merged)-1] - currentRole := msg.Get("role").String() - lastRole := lastMsg.Get("role").String() - - // Don't merge tool messages - each has a unique tool_call_id - if currentRole == "tool" || lastRole == "tool" { - merged = append(merged, msg) - continue - } - - if currentRole == lastRole { - // Merge content from current message into last message - mergedContent := mergeMessageContent(lastMsg, msg) - var mergedToolCalls []interface{} - if currentRole == "assistant" { - // Preserve assistant tool_calls when adjacent assistant messages are merged. - mergedToolCalls = mergeToolCalls(lastMsg.Get("tool_calls"), msg.Get("tool_calls")) - } - - // Create a new merged message JSON. - mergedMsg := createMergedMessage(lastRole, mergedContent, mergedToolCalls) - merged[len(merged)-1] = gjson.Parse(mergedMsg) - } else { - merged = append(merged, msg) - } - } - - return merged -} - -// mergeMessageContent merges the content of two messages with the same role. -// Handles both string content and array content (with text, tool_use, tool_result blocks). -func mergeMessageContent(msg1, msg2 gjson.Result) string { - content1 := msg1.Get("content") - content2 := msg2.Get("content") - - // Extract content blocks from both messages - var blocks1, blocks2 []map[string]interface{} - - if content1.IsArray() { - for _, block := range content1.Array() { - blocks1 = append(blocks1, blockToMap(block)) - } - } else if content1.Type == gjson.String { - blocks1 = append(blocks1, map[string]interface{}{ - "type": "text", - "text": content1.String(), - }) - } - - if content2.IsArray() { - for _, block := range content2.Array() { - blocks2 = append(blocks2, blockToMap(block)) - } - } else if content2.Type == gjson.String { - blocks2 = append(blocks2, map[string]interface{}{ - "type": "text", - "text": content2.String(), - }) - } - - // Merge text blocks if both end/start with text - if len(blocks1) > 0 && len(blocks2) > 0 { - if blocks1[len(blocks1)-1]["type"] == "text" && blocks2[0]["type"] == "text" { - // Merge the last text block of msg1 with the first text block of msg2 - text1 := blocks1[len(blocks1)-1]["text"].(string) - text2 := blocks2[0]["text"].(string) - blocks1[len(blocks1)-1]["text"] = text1 + "\n" + text2 - blocks2 = blocks2[1:] // Remove the merged block from blocks2 - } - } - - // Combine all blocks - allBlocks := append(blocks1, blocks2...) - - // Convert to JSON - result, _ := json.Marshal(allBlocks) - return string(result) -} - -// blockToMap converts a gjson.Result block to a map[string]interface{} -func blockToMap(block gjson.Result) map[string]interface{} { - result := make(map[string]interface{}) - block.ForEach(func(key, value gjson.Result) bool { - if value.IsObject() { - result[key.String()] = blockToMap(value) - } else if value.IsArray() { - var arr []interface{} - for _, item := range value.Array() { - if item.IsObject() { - arr = append(arr, blockToMap(item)) - } else { - arr = append(arr, item.Value()) - } - } - result[key.String()] = arr - } else { - result[key.String()] = value.Value() - } - return true - }) - return result -} - -// createMergedMessage creates a JSON string for a merged message. -// toolCalls is optional and only emitted for assistant role. -func createMergedMessage(role string, content string, toolCalls []interface{}) string { - msg := map[string]interface{}{ - "role": role, - "content": json.RawMessage(content), - } - if role == "assistant" && len(toolCalls) > 0 { - msg["tool_calls"] = toolCalls - } - result, _ := json.Marshal(msg) - return string(result) -} - -// mergeToolCalls combines tool_calls from two assistant messages while preserving order. -func mergeToolCalls(tc1, tc2 gjson.Result) []interface{} { - var merged []interface{} - - if tc1.IsArray() { - for _, tc := range tc1.Array() { - merged = append(merged, tc.Value()) - } - } - if tc2.IsArray() { - for _, tc := range tc2.Array() { - merged = append(merged, tc.Value()) - } - } - - return merged -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/message_merge_test.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/common/message_merge_test.go deleted file mode 100644 index a9cb7a28ec..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/message_merge_test.go +++ /dev/null @@ -1,106 +0,0 @@ -package common - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func parseMessages(t *testing.T, raw string) []gjson.Result { - t.Helper() - parsed := gjson.Parse(raw) - if !parsed.IsArray() { - t.Fatalf("expected JSON array, got: %s", raw) - } - return parsed.Array() -} - -func TestMergeAdjacentMessages_AssistantMergePreservesToolCalls(t *testing.T) { - messages := parseMessages(t, `[ - {"role":"assistant","content":"part1"}, - { - "role":"assistant", - "content":"part2", - "tool_calls":[ - { - "id":"call_1", - "type":"function", - "function":{"name":"Read","arguments":"{}"} - } - ] - }, - {"role":"tool","tool_call_id":"call_1","content":"ok"} - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 2 { - t.Fatalf("expected 2 messages after merge, got %d", len(merged)) - } - - assistant := merged[0] - if assistant.Get("role").String() != "assistant" { - t.Fatalf("expected first message role assistant, got %q", assistant.Get("role").String()) - } - - toolCalls := assistant.Get("tool_calls") - if !toolCalls.IsArray() || len(toolCalls.Array()) != 1 { - t.Fatalf("expected assistant.tool_calls length 1, got: %s", toolCalls.Raw) - } - if toolCalls.Array()[0].Get("id").String() != "call_1" { - t.Fatalf("expected tool call id call_1, got %q", toolCalls.Array()[0].Get("id").String()) - } - - contentRaw := assistant.Get("content").Raw - if !strings.Contains(contentRaw, "part1") || !strings.Contains(contentRaw, "part2") { - t.Fatalf("expected merged content to contain both parts, got: %s", contentRaw) - } - - if merged[1].Get("role").String() != "tool" { - t.Fatalf("expected second message role tool, got %q", merged[1].Get("role").String()) - } -} - -func TestMergeAdjacentMessages_AssistantMergeCombinesMultipleToolCalls(t *testing.T) { - messages := parseMessages(t, `[ - { - "role":"assistant", - "content":"first", - "tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"Read","arguments":"{}"}} - ] - }, - { - "role":"assistant", - "content":"second", - "tool_calls":[ - {"id":"call_2","type":"function","function":{"name":"Write","arguments":"{}"}} - ] - } - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 1 { - t.Fatalf("expected 1 message after merge, got %d", len(merged)) - } - - toolCalls := merged[0].Get("tool_calls").Array() - if len(toolCalls) != 2 { - t.Fatalf("expected 2 merged tool calls, got %d", len(toolCalls)) - } - if toolCalls[0].Get("id").String() != "call_1" || toolCalls[1].Get("id").String() != "call_2" { - t.Fatalf("unexpected merged tool call ids: %q, %q", toolCalls[0].Get("id").String(), toolCalls[1].Get("id").String()) - } -} - -func TestMergeAdjacentMessages_ToolMessagesRemainUnmerged(t *testing.T) { - messages := parseMessages(t, `[ - {"role":"tool","tool_call_id":"call_1","content":"r1"}, - {"role":"tool","tool_call_id":"call_2","content":"r2"} - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 2 { - t.Fatalf("expected tool messages to remain separate, got %d", len(merged)) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/utils.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/common/utils.go deleted file mode 100644 index f5f5788ab2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/common/utils.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package common provides shared constants and utilities for Kiro translator. -package common - -// GetString safely extracts a string from a map. -// Returns empty string if the key doesn't exist or the value is not a string. -func GetString(m map[string]interface{}, key string) string { - if v, ok := m[key].(string); ok { - return v - } - return "" -} - -// GetStringValue is an alias for GetString for backward compatibility. -func GetStringValue(m map[string]interface{}, key string) string { - return GetString(m, key) -} \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/init.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/init.go deleted file mode 100644 index 653eed45ee..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package openai provides translation between OpenAI Chat Completions and Kiro formats. -package openai - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, // source format - Kiro, // target format - ConvertOpenAIRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToOpenAI, - NonStream: ConvertKiroNonStreamToOpenAI, - }, - ) -} \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai.go deleted file mode 100644 index 03962b9f5f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai.go +++ /dev/null @@ -1,371 +0,0 @@ -// Package openai provides translation between OpenAI Chat Completions and Kiro formats. -// This package enables direct OpenAI → Kiro translation, bypassing the Claude intermediate layer. -// -// The Kiro executor generates Claude-compatible SSE format internally, so the streaming response -// translation converts from Claude SSE format to OpenAI SSE format. -package openai - -import ( - "bytes" - "context" - "encoding/json" - "strings" - - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// ConvertKiroStreamToOpenAI converts Kiro streaming response to OpenAI format. -// The Kiro executor emits Claude-compatible SSE events, so this function translates -// from Claude SSE format to OpenAI SSE format. -// -// Claude SSE format: -// - event: message_start\ndata: {...} -// - event: content_block_start\ndata: {...} -// - event: content_block_delta\ndata: {...} -// - event: content_block_stop\ndata: {...} -// - event: message_delta\ndata: {...} -// - event: message_stop\ndata: {...} -// -// OpenAI SSE format: -// - data: {"id":"...","object":"chat.completion.chunk",...} -// - data: [DONE] -func ConvertKiroStreamToOpenAI(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) []string { - // Initialize state if needed - if *param == nil { - *param = NewOpenAIStreamState(model) - } - state := (*param).(*OpenAIStreamState) - - // Parse the Claude SSE event - responseStr := string(rawResponse) - - // Handle raw event format (event: xxx\ndata: {...}) - var eventType string - var eventData string - - if strings.HasPrefix(responseStr, "event:") { - // Parse event type and data - lines := strings.SplitN(responseStr, "\n", 2) - if len(lines) >= 1 { - eventType = strings.TrimSpace(strings.TrimPrefix(lines[0], "event:")) - } - if len(lines) >= 2 && strings.HasPrefix(lines[1], "data:") { - eventData = strings.TrimSpace(strings.TrimPrefix(lines[1], "data:")) - } - } else if strings.HasPrefix(responseStr, "data:") { - // Just data line - eventData = strings.TrimSpace(strings.TrimPrefix(responseStr, "data:")) - } else { - // Try to parse as raw JSON - eventData = strings.TrimSpace(responseStr) - } - - if eventData == "" { - return []string{} - } - - // Parse the event data as JSON - eventJSON := gjson.Parse(eventData) - if !eventJSON.Exists() { - return []string{} - } - - // Determine event type from JSON if not already set - if eventType == "" { - eventType = eventJSON.Get("type").String() - } - - var results []string - - switch eventType { - case "message_start": - // Send first chunk with role - firstChunk := BuildOpenAISSEFirstChunk(state) - results = append(results, firstChunk) - - case "content_block_start": - // Check block type - blockType := eventJSON.Get("content_block.type").String() - switch blockType { - case "text": - // Text block starting - nothing to emit yet - case "thinking": - // Thinking block starting - nothing to emit yet for OpenAI - case "tool_use": - // Tool use block starting - toolUseID := eventJSON.Get("content_block.id").String() - toolName := eventJSON.Get("content_block.name").String() - chunk := BuildOpenAISSEToolCallStart(state, toolUseID, toolName) - results = append(results, chunk) - state.ToolCallIndex++ - } - - case "content_block_delta": - deltaType := eventJSON.Get("delta.type").String() - switch deltaType { - case "text_delta": - textDelta := eventJSON.Get("delta.text").String() - if textDelta != "" { - chunk := BuildOpenAISSETextDelta(state, textDelta) - results = append(results, chunk) - } - case "thinking_delta": - // Convert thinking to reasoning_content for o1-style compatibility - thinkingDelta := eventJSON.Get("delta.thinking").String() - if thinkingDelta != "" { - chunk := BuildOpenAISSEReasoningDelta(state, thinkingDelta) - results = append(results, chunk) - } - case "input_json_delta": - // Tool call arguments delta - partialJSON := eventJSON.Get("delta.partial_json").String() - if partialJSON != "" { - // Get the tool index from content block index - blockIndex := int(eventJSON.Get("index").Int()) - chunk := BuildOpenAISSEToolCallArgumentsDelta(state, partialJSON, blockIndex-1) // Adjust for 0-based tool index - results = append(results, chunk) - } - } - - case "content_block_stop": - // Content block ended - nothing to emit for OpenAI - - case "message_delta": - // Message delta with stop_reason - stopReason := eventJSON.Get("delta.stop_reason").String() - finishReason := mapKiroStopReasonToOpenAI(stopReason) - if finishReason != "" { - chunk := BuildOpenAISSEFinish(state, finishReason) - results = append(results, chunk) - } - - // Extract usage if present - if eventJSON.Get("usage").Exists() { - inputTokens := eventJSON.Get("usage.input_tokens").Int() - outputTokens := eventJSON.Get("usage.output_tokens").Int() - usageInfo := usage.Detail{ - InputTokens: inputTokens, - OutputTokens: outputTokens, - TotalTokens: inputTokens + outputTokens, - } - chunk := BuildOpenAISSEUsage(state, usageInfo) - results = append(results, chunk) - } - - case "message_stop": - // Final event - do NOT emit [DONE] here - // The handler layer (openai_handlers.go) will send [DONE] when the stream closes - // Emitting [DONE] here would cause duplicate [DONE] markers - - case "ping": - // Ping event with usage - optionally emit usage chunk - if eventJSON.Get("usage").Exists() { - inputTokens := eventJSON.Get("usage.input_tokens").Int() - outputTokens := eventJSON.Get("usage.output_tokens").Int() - usageInfo := usage.Detail{ - InputTokens: inputTokens, - OutputTokens: outputTokens, - TotalTokens: inputTokens + outputTokens, - } - chunk := BuildOpenAISSEUsage(state, usageInfo) - results = append(results, chunk) - } - } - - return results -} - -// ConvertKiroNonStreamToOpenAI converts Kiro non-streaming response to OpenAI format. -// The Kiro executor returns Claude-compatible JSON responses, so this function translates -// from Claude format to OpenAI format. -func ConvertKiroNonStreamToOpenAI(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) string { - // Parse the Claude-format response - response := gjson.ParseBytes(rawResponse) - - // Extract content - var content string - var reasoningContent string - var toolUses []KiroToolUse - var stopReason string - - // Get stop_reason - stopReason = response.Get("stop_reason").String() - - // Process content blocks - contentBlocks := response.Get("content") - if contentBlocks.IsArray() { - for _, block := range contentBlocks.Array() { - blockType := block.Get("type").String() - switch blockType { - case "text": - content += block.Get("text").String() - case "thinking": - // Convert thinking blocks to reasoning_content for OpenAI format - reasoningContent += block.Get("thinking").String() - case "tool_use": - toolUseID := block.Get("id").String() - toolName := block.Get("name").String() - toolInput := block.Get("input") - - var inputMap map[string]interface{} - if toolInput.IsObject() { - inputMap = make(map[string]interface{}) - toolInput.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - } - - // Extract usage - usageInfo := usage.Detail{ - InputTokens: response.Get("usage.input_tokens").Int(), - OutputTokens: response.Get("usage.output_tokens").Int(), - } - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - // Build OpenAI response with reasoning_content support - openaiResponse := BuildOpenAIResponseWithReasoning(content, reasoningContent, toolUses, model, usageInfo, stopReason) - return string(openaiResponse) -} - -// ParseClaudeEvent parses a Claude SSE event and returns the event type and data -func ParseClaudeEvent(rawEvent []byte) (eventType string, eventData []byte) { - lines := bytes.Split(rawEvent, []byte("\n")) - for _, line := range lines { - line = bytes.TrimSpace(line) - if bytes.HasPrefix(line, []byte("event:")) { - eventType = string(bytes.TrimSpace(bytes.TrimPrefix(line, []byte("event:")))) - } else if bytes.HasPrefix(line, []byte("data:")) { - eventData = bytes.TrimSpace(bytes.TrimPrefix(line, []byte("data:"))) - } - } - return eventType, eventData -} - -// ExtractThinkingFromContent parses content to extract thinking blocks. -// Returns cleaned content (without thinking tags) and whether thinking was found. -func ExtractThinkingFromContent(content string) (string, string, bool) { - if !strings.Contains(content, kirocommon.ThinkingStartTag) { - return content, "", false - } - - var cleanedContent strings.Builder - var thinkingContent strings.Builder - hasThinking := false - remaining := content - - for len(remaining) > 0 { - startIdx := strings.Index(remaining, kirocommon.ThinkingStartTag) - if startIdx == -1 { - cleanedContent.WriteString(remaining) - break - } - - // Add content before thinking tag - cleanedContent.WriteString(remaining[:startIdx]) - - // Move past opening tag - remaining = remaining[startIdx+len(kirocommon.ThinkingStartTag):] - - // Find closing tag - endIdx := strings.Index(remaining, kirocommon.ThinkingEndTag) - if endIdx == -1 { - // No closing tag - treat rest as thinking - thinkingContent.WriteString(remaining) - hasThinking = true - break - } - - // Extract thinking content - thinkingContent.WriteString(remaining[:endIdx]) - hasThinking = true - remaining = remaining[endIdx+len(kirocommon.ThinkingEndTag):] - } - - return strings.TrimSpace(cleanedContent.String()), strings.TrimSpace(thinkingContent.String()), hasThinking -} - -// ConvertOpenAIToolsToKiroFormat is a helper that converts OpenAI tools format to Kiro format -func ConvertOpenAIToolsToKiroFormat(tools []map[string]interface{}) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - - for _, tool := range tools { - toolType, _ := tool["type"].(string) - if toolType != "function" { - continue - } - - fn, ok := tool["function"].(map[string]interface{}) - if !ok { - continue - } - - name := kirocommon.GetString(fn, "name") - description := kirocommon.GetString(fn, "description") - parameters := ensureKiroInputSchema(fn["parameters"]) - - if name == "" { - continue - } - - if description == "" { - description = "Tool: " + name - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: parameters}, - }, - }) - } - - return kiroTools -} - -// OpenAIStreamParams holds parameters for OpenAI streaming conversion -type OpenAIStreamParams struct { - State *OpenAIStreamState - ThinkingState *ThinkingTagState - ToolCallsEmitted map[string]bool -} - -// NewOpenAIStreamParams creates new streaming parameters -func NewOpenAIStreamParams(model string) *OpenAIStreamParams { - return &OpenAIStreamParams{ - State: NewOpenAIStreamState(model), - ThinkingState: NewThinkingTagState(), - ToolCallsEmitted: make(map[string]bool), - } -} - -// ConvertClaudeToolUseToOpenAI converts a Claude tool_use block to OpenAI tool_calls format -func ConvertClaudeToolUseToOpenAI(toolUseID, toolName string, input map[string]interface{}) map[string]interface{} { - inputJSON, _ := json.Marshal(input) - return map[string]interface{}{ - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": string(inputJSON), - }, - } -} - -// LogStreamEvent logs a streaming event for debugging -func LogStreamEvent(eventType, data string) { - log.Debugf("kiro-openai: stream event type=%s, data_len=%d", eventType, len(data)) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_request.go deleted file mode 100644 index 474231b3c2..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_request.go +++ /dev/null @@ -1,926 +0,0 @@ -// Package openai provides request translation from OpenAI Chat Completions to Kiro format. -// It handles parsing and transforming OpenAI API requests into the Kiro/Amazon Q API format, -// extracting model information, system instructions, message contents, and tool declarations. -package openai - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - "time" - "unicode/utf8" - - "github.com/google/uuid" - kiroclaude "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/claude" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// Kiro API request structs - reuse from kiroclaude package structure - -// KiroPayload is the top-level request structure for Kiro API -type KiroPayload struct { - ConversationState KiroConversationState `json:"conversationState"` - ProfileArn string `json:"profileArn,omitempty"` - InferenceConfig *KiroInferenceConfig `json:"inferenceConfig,omitempty"` -} - -// KiroInferenceConfig contains inference parameters for the Kiro API. -type KiroInferenceConfig struct { - MaxTokens int `json:"maxTokens,omitempty"` - Temperature float64 `json:"temperature,omitempty"` - TopP float64 `json:"topP,omitempty"` -} - -// KiroConversationState holds the conversation context -type KiroConversationState struct { - ChatTriggerType string `json:"chatTriggerType"` // Required: "MANUAL" - ConversationID string `json:"conversationId"` - CurrentMessage KiroCurrentMessage `json:"currentMessage"` - History []KiroHistoryMessage `json:"history,omitempty"` -} - -// KiroCurrentMessage wraps the current user message -type KiroCurrentMessage struct { - UserInputMessage KiroUserInputMessage `json:"userInputMessage"` -} - -// KiroHistoryMessage represents a message in the conversation history -type KiroHistoryMessage struct { - UserInputMessage *KiroUserInputMessage `json:"userInputMessage,omitempty"` - AssistantResponseMessage *KiroAssistantResponseMessage `json:"assistantResponseMessage,omitempty"` -} - -// KiroImage represents an image in Kiro API format -type KiroImage struct { - Format string `json:"format"` - Source KiroImageSource `json:"source"` -} - -// KiroImageSource contains the image data -type KiroImageSource struct { - Bytes string `json:"bytes"` // base64 encoded image data -} - -// KiroUserInputMessage represents a user message -type KiroUserInputMessage struct { - Content string `json:"content"` - ModelID string `json:"modelId"` - Origin string `json:"origin"` - Images []KiroImage `json:"images,omitempty"` - UserInputMessageContext *KiroUserInputMessageContext `json:"userInputMessageContext,omitempty"` -} - -// KiroUserInputMessageContext contains tool-related context -type KiroUserInputMessageContext struct { - ToolResults []KiroToolResult `json:"toolResults,omitempty"` - Tools []KiroToolWrapper `json:"tools,omitempty"` -} - -// KiroToolResult represents a tool execution result -type KiroToolResult struct { - Content []KiroTextContent `json:"content"` - Status string `json:"status"` - ToolUseID string `json:"toolUseId"` -} - -// KiroTextContent represents text content -type KiroTextContent struct { - Text string `json:"text"` -} - -// KiroToolWrapper wraps a tool specification -type KiroToolWrapper struct { - ToolSpecification KiroToolSpecification `json:"toolSpecification"` -} - -// KiroToolSpecification defines a tool's schema -type KiroToolSpecification struct { - Name string `json:"name"` - Description string `json:"description"` - InputSchema KiroInputSchema `json:"inputSchema"` -} - -// KiroInputSchema wraps the JSON schema for tool input -type KiroInputSchema struct { - JSON interface{} `json:"json"` -} - -// KiroAssistantResponseMessage represents an assistant message -type KiroAssistantResponseMessage struct { - Content string `json:"content"` - ToolUses []KiroToolUse `json:"toolUses,omitempty"` -} - -// KiroToolUse represents a tool invocation by the assistant -type KiroToolUse struct { - ToolUseID string `json:"toolUseId"` - Name string `json:"name"` - Input map[string]interface{} `json:"input"` -} - -// ConvertOpenAIRequestToKiro converts an OpenAI Chat Completions request to Kiro format. -// This is the main entry point for request translation. -// Note: The actual payload building happens in the executor, this just passes through -// the OpenAI format which will be converted by BuildKiroPayloadFromOpenAI. -func ConvertOpenAIRequestToKiro(modelName string, inputRawJSON []byte, stream bool) []byte { - // Pass through the OpenAI format - actual conversion happens in BuildKiroPayloadFromOpenAI - return inputRawJSON -} - -// BuildKiroPayloadFromOpenAI constructs the Kiro API request payload from OpenAI format. -// Supports tool calling - tools are passed via userInputMessageContext. -// origin parameter determines which quota to use: "CLI" for Amazon Q, "AI_EDITOR" for Kiro IDE. -// isAgentic parameter enables chunked write optimization prompt for -agentic model variants. -// isChatOnly parameter disables tool calling for -chat model variants (pure conversation mode). -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// metadata parameter is kept for API compatibility but no longer used for thinking configuration. -// Returns the payload and a boolean indicating whether thinking mode was injected. -func BuildKiroPayloadFromOpenAI(openaiBody []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, headers http.Header, metadata map[string]any) ([]byte, bool) { - // Extract max_tokens for potential use in inferenceConfig - // Handle -1 as "use maximum" (Kiro max output is ~32000 tokens) - const kiroMaxOutputTokens = 32000 - var maxTokens int64 - if mt := gjson.GetBytes(openaiBody, "max_tokens"); mt.Exists() { - maxTokens = mt.Int() - if maxTokens == -1 { - maxTokens = kiroMaxOutputTokens - log.Debugf("kiro-openai: max_tokens=-1 converted to %d", kiroMaxOutputTokens) - } - } - - // Extract temperature if specified - var temperature float64 - var hasTemperature bool - if temp := gjson.GetBytes(openaiBody, "temperature"); temp.Exists() { - temperature = temp.Float() - hasTemperature = true - } - - // Extract top_p if specified - var topP float64 - var hasTopP bool - if tp := gjson.GetBytes(openaiBody, "top_p"); tp.Exists() { - topP = tp.Float() - hasTopP = true - log.Debugf("kiro-openai: extracted top_p: %.2f", topP) - } - - // Normalize origin value for Kiro API compatibility - origin = normalizeOrigin(origin) - log.Debugf("kiro-openai: normalized origin value: %s", origin) - - messages := gjson.GetBytes(openaiBody, "messages") - - // For chat-only mode, don't include tools - var tools gjson.Result - if !isChatOnly { - tools = gjson.GetBytes(openaiBody, "tools") - } - - // Extract system prompt from messages - systemPrompt := extractSystemPromptFromOpenAI(messages) - - // Inject timestamp context - timestamp := time.Now().Format("2006-01-02 15:04:05 MST") - timestampContext := fmt.Sprintf("[Context: Current time is %s]", timestamp) - if systemPrompt != "" { - systemPrompt = timestampContext + "\n\n" + systemPrompt - } else { - systemPrompt = timestampContext - } - log.Debugf("kiro-openai: injected timestamp context: %s", timestamp) - - // Inject agentic optimization prompt for -agentic model variants - if isAgentic { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += kirocommon.KiroAgenticSystemPrompt - } - - // Handle tool_choice parameter - Kiro doesn't support it natively, so we inject system prompt hints - // OpenAI tool_choice values: "none", "auto", "required", or {"type":"function","function":{"name":"..."}} - toolChoiceHint := extractToolChoiceHint(openaiBody) - if toolChoiceHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += toolChoiceHint - log.Debugf("kiro-openai: injected tool_choice hint into system prompt") - } - - // Handle response_format parameter - Kiro doesn't support it natively, so we inject system prompt hints - // OpenAI response_format: {"type": "json_object"} or {"type": "json_schema", "json_schema": {...}} - responseFormatHint := extractResponseFormatHint(openaiBody) - if responseFormatHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += responseFormatHint - log.Debugf("kiro-openai: injected response_format hint into system prompt") - } - - // Check for thinking mode - // Supports OpenAI reasoning_effort parameter, model name hints, and Anthropic-Beta header - thinkingEnabled := checkThinkingModeFromOpenAIWithHeaders(openaiBody, headers) - - // Convert OpenAI tools to Kiro format - kiroTools := convertOpenAIToolsToKiro(tools) - - // Thinking mode implementation: - // Kiro API supports official thinking/reasoning mode via tag. - // When set to "enabled", Kiro returns reasoning content as official reasoningContentEvent - // rather than inline tags in assistantResponseEvent. - // Use a conservative thinking budget to reduce latency/cost spikes in long sessions. - if thinkingEnabled { - thinkingHint := `enabled -16000` - if systemPrompt != "" { - systemPrompt = thinkingHint + "\n\n" + systemPrompt - } else { - systemPrompt = thinkingHint - } - log.Infof("kiro-openai: injected thinking prompt (official mode), has_tools: %v", len(kiroTools) > 0) - } - - // Process messages and build history - history, currentUserMsg, currentToolResults := processOpenAIMessages(messages, modelID, origin) - - // Build content with system prompt - if currentUserMsg != nil { - currentUserMsg.Content = buildFinalContent(currentUserMsg.Content, systemPrompt, currentToolResults) - - // Deduplicate currentToolResults - currentToolResults = deduplicateToolResults(currentToolResults) - - // Build userInputMessageContext with tools and tool results - if len(kiroTools) > 0 || len(currentToolResults) > 0 { - currentUserMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - Tools: kiroTools, - ToolResults: currentToolResults, - } - } - } - - // Build payload - var currentMessage KiroCurrentMessage - if currentUserMsg != nil { - currentMessage = KiroCurrentMessage{UserInputMessage: *currentUserMsg} - } else { - fallbackContent := "" - if systemPrompt != "" { - fallbackContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n" - } - currentMessage = KiroCurrentMessage{UserInputMessage: KiroUserInputMessage{ - Content: fallbackContent, - ModelID: modelID, - Origin: origin, - }} - } - - // Build inferenceConfig if we have any inference parameters - // Note: Kiro API doesn't actually use max_tokens for thinking budget - var inferenceConfig *KiroInferenceConfig - if maxTokens > 0 || hasTemperature || hasTopP { - inferenceConfig = &KiroInferenceConfig{} - if maxTokens > 0 { - inferenceConfig.MaxTokens = int(maxTokens) - } - if hasTemperature { - inferenceConfig.Temperature = temperature - } - if hasTopP { - inferenceConfig.TopP = topP - } - } - - payload := KiroPayload{ - ConversationState: KiroConversationState{ - ChatTriggerType: "MANUAL", - ConversationID: uuid.New().String(), - CurrentMessage: currentMessage, - History: history, - }, - ProfileArn: profileArn, - InferenceConfig: inferenceConfig, - } - - result, err := json.Marshal(payload) - if err != nil { - log.Debugf("kiro-openai: failed to marshal payload: %v", err) - return nil, false - } - - return result, thinkingEnabled -} - -// normalizeOrigin normalizes origin value for Kiro API compatibility -func normalizeOrigin(origin string) string { - switch origin { - case "KIRO_CLI": - return "CLI" - case "KIRO_AI_EDITOR": - return "AI_EDITOR" - case "AMAZON_Q": - return "CLI" - case "KIRO_IDE": - return "AI_EDITOR" - default: - return origin - } -} - -// extractSystemPromptFromOpenAI extracts system prompt from OpenAI messages -func extractSystemPromptFromOpenAI(messages gjson.Result) string { - if !messages.IsArray() { - return "" - } - - var systemParts []string - for _, msg := range messages.Array() { - if msg.Get("role").String() == "system" { - content := msg.Get("content") - if content.Type == gjson.String { - systemParts = append(systemParts, content.String()) - } else if content.IsArray() { - // Handle array content format - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - systemParts = append(systemParts, part.Get("text").String()) - } - } - } - } - } - - return strings.Join(systemParts, "\n") -} - -// shortenToolNameIfNeeded shortens tool names that exceed 64 characters. -// MCP tools often have long names like "mcp__server-name__tool-name". -// This preserves the "mcp__" prefix and last segment when possible. -func shortenToolNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - // For MCP tools, try to preserve prefix and last segment - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -func ensureKiroInputSchema(parameters interface{}) interface{} { - if parameters != nil { - return parameters - } - return map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{}, - } -} - -// convertOpenAIToolsToKiro converts OpenAI tools to Kiro format -func convertOpenAIToolsToKiro(tools gjson.Result) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - if !tools.IsArray() { - return kiroTools - } - - for _, tool := range tools.Array() { - // OpenAI tools have type "function" with function definition inside - if tool.Get("type").String() != "function" { - continue - } - - fn := tool.Get("function") - if !fn.Exists() { - continue - } - - name := fn.Get("name").String() - description := fn.Get("description").String() - parametersResult := fn.Get("parameters") - var parameters interface{} - if parametersResult.Exists() && parametersResult.Type != gjson.Null { - parameters = parametersResult.Value() - } - parameters = ensureKiroInputSchema(parameters) - - // Shorten tool name if it exceeds 64 characters (common with MCP tools) - originalName := name - name = shortenToolNameIfNeeded(name) - if name != originalName { - log.Debugf("kiro-openai: shortened tool name from '%s' to '%s'", originalName, name) - } - - // CRITICAL FIX: Kiro API requires non-empty description - if strings.TrimSpace(description) == "" { - description = fmt.Sprintf("Tool: %s", name) - log.Debugf("kiro-openai: tool '%s' has empty description, using default: %s", name, description) - } - - // Truncate long descriptions - if len(description) > kirocommon.KiroMaxToolDescLen { - truncLen := kirocommon.KiroMaxToolDescLen - 30 - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - description = description[:truncLen] + "... (description truncated)" - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: parameters}, - }, - }) - } - - return kiroTools -} - -// processOpenAIMessages processes OpenAI messages and builds Kiro history -func processOpenAIMessages(messages gjson.Result, modelID, origin string) ([]KiroHistoryMessage, *KiroUserInputMessage, []KiroToolResult) { - var history []KiroHistoryMessage - var currentUserMsg *KiroUserInputMessage - var currentToolResults []KiroToolResult - - if !messages.IsArray() { - return history, currentUserMsg, currentToolResults - } - - // Merge adjacent messages with the same role - messagesArray := kirocommon.MergeAdjacentMessages(messages.Array()) - - // Track pending tool results that should be attached to the next user message - // This is critical for LiteLLM-translated requests where tool results appear - // as separate "tool" role messages between assistant and user messages - var pendingToolResults []KiroToolResult - - for i, msg := range messagesArray { - role := msg.Get("role").String() - isLastMessage := i == len(messagesArray)-1 - - switch role { - case "system": - // System messages are handled separately via extractSystemPromptFromOpenAI - continue - - case "user": - userMsg, toolResults := buildUserMessageFromOpenAI(msg, modelID, origin) - // Merge any pending tool results from preceding "tool" role messages - toolResults = append(pendingToolResults, toolResults...) - pendingToolResults = nil // Reset pending tool results - - if isLastMessage { - currentUserMsg = &userMsg - currentToolResults = toolResults - } else { - // CRITICAL: Kiro API requires content to be non-empty for history messages - if strings.TrimSpace(userMsg.Content) == "" { - if len(toolResults) > 0 { - userMsg.Content = "Tool results provided." - } else { - userMsg.Content = "Continue" - } - } - // For history messages, embed tool results in context - if len(toolResults) > 0 { - userMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - ToolResults: toolResults, - } - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &userMsg, - }) - } - - case "assistant": - assistantMsg := buildAssistantMessageFromOpenAI(msg) - - // If there are pending tool results, we need to insert a synthetic user message - // before this assistant message to maintain proper conversation structure - if len(pendingToolResults) > 0 { - syntheticUserMsg := KiroUserInputMessage{ - Content: "Tool results provided.", - ModelID: modelID, - Origin: origin, - UserInputMessageContext: &KiroUserInputMessageContext{ - ToolResults: pendingToolResults, - }, - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &syntheticUserMsg, - }) - pendingToolResults = nil - } - - if isLastMessage { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - // Create a "Continue" user message as currentMessage - currentUserMsg = &KiroUserInputMessage{ - Content: "Continue", - ModelID: modelID, - Origin: origin, - } - } else { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - } - - case "tool": - // Tool messages in OpenAI format provide results for tool_calls - // These are typically followed by user or assistant messages - // Collect them as pending and attach to the next user message - toolCallID := msg.Get("tool_call_id").String() - content := msg.Get("content").String() - - if toolCallID != "" { - toolResult := KiroToolResult{ - ToolUseID: toolCallID, - Content: []KiroTextContent{{Text: content}}, - Status: "success", - } - // Collect pending tool results to attach to the next user message - pendingToolResults = append(pendingToolResults, toolResult) - } - } - } - - // Handle case where tool results are at the end with no following user message - if len(pendingToolResults) > 0 { - currentToolResults = append(currentToolResults, pendingToolResults...) - // If there's no current user message, create a synthetic one for the tool results - if currentUserMsg == nil { - currentUserMsg = &KiroUserInputMessage{ - Content: "Tool results provided.", - ModelID: modelID, - Origin: origin, - } - } - } - - // Truncate history if too long to prevent Kiro API errors - history = truncateHistoryIfNeeded(history) - - return history, currentUserMsg, currentToolResults -} - -const kiroMaxHistoryMessages = 50 - -func truncateHistoryIfNeeded(history []KiroHistoryMessage) []KiroHistoryMessage { - if len(history) <= kiroMaxHistoryMessages { - return history - } - - log.Debugf("kiro-openai: truncating history from %d to %d messages", len(history), kiroMaxHistoryMessages) - return history[len(history)-kiroMaxHistoryMessages:] -} - -// buildUserMessageFromOpenAI builds a user message from OpenAI format and extracts tool results -func buildUserMessageFromOpenAI(msg gjson.Result, modelID, origin string) (KiroUserInputMessage, []KiroToolResult) { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolResults []KiroToolResult - var images []KiroImage - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "image_url": - imageURL := part.Get("image_url.url").String() - if strings.HasPrefix(imageURL, "data:") { - // Parse data URL: data:image/png;base64,xxxxx - if idx := strings.Index(imageURL, ";base64,"); idx != -1 { - mediaType := imageURL[5:idx] // Skip "data:" - data := imageURL[idx+8:] // Skip ";base64," - - format := "" - if lastSlash := strings.LastIndex(mediaType, "/"); lastSlash != -1 { - format = mediaType[lastSlash+1:] - } - - if format != "" && data != "" { - images = append(images, KiroImage{ - Format: format, - Source: KiroImageSource{ - Bytes: data, - }, - }) - } - } - } - } - } - } else if content.Type == gjson.String { - contentBuilder.WriteString(content.String()) - } - - userMsg := KiroUserInputMessage{ - Content: contentBuilder.String(), - ModelID: modelID, - Origin: origin, - } - - if len(images) > 0 { - userMsg.Images = images - } - - return userMsg, toolResults -} - -// buildAssistantMessageFromOpenAI builds an assistant message from OpenAI format -func buildAssistantMessageFromOpenAI(msg gjson.Result) KiroAssistantResponseMessage { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolUses []KiroToolUse - - // Handle content - if content.Type == gjson.String { - contentBuilder.WriteString(content.String()) - } else if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "tool_use": - // Handle tool_use in content array (Anthropic/OpenCode format) - // This is different from OpenAI's tool_calls format - toolUseID := part.Get("id").String() - toolName := part.Get("name").String() - inputData := part.Get("input") - - inputMap := make(map[string]interface{}) - if inputData.Exists() && inputData.IsObject() { - inputData.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - log.Debugf("kiro-openai: extracted tool_use from content array: %s", toolName) - } - } - } - - // Handle tool_calls (OpenAI format) - toolCalls := msg.Get("tool_calls") - if toolCalls.IsArray() { - for _, tc := range toolCalls.Array() { - if tc.Get("type").String() != "function" { - continue - } - - toolUseID := tc.Get("id").String() - toolName := tc.Get("function.name").String() - toolArgs := tc.Get("function.arguments").String() - - var inputMap map[string]interface{} - if err := json.Unmarshal([]byte(toolArgs), &inputMap); err != nil { - log.Debugf("kiro-openai: failed to parse tool arguments: %v", err) - inputMap = make(map[string]interface{}) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - - // CRITICAL FIX: Kiro API requires non-empty content for assistant messages - // This can happen with compaction requests or error recovery scenarios - finalContent := contentBuilder.String() - if strings.TrimSpace(finalContent) == "" { - if len(toolUses) > 0 { - finalContent = kirocommon.DefaultAssistantContentWithTools - } else { - finalContent = kirocommon.DefaultAssistantContent - } - log.Debugf("kiro-openai: assistant content was empty, using default: %s", finalContent) - } - - return KiroAssistantResponseMessage{ - Content: finalContent, - ToolUses: toolUses, - } -} - -// buildFinalContent builds the final content with system prompt -func buildFinalContent(content, systemPrompt string, toolResults []KiroToolResult) string { - var contentBuilder strings.Builder - - if systemPrompt != "" { - contentBuilder.WriteString("--- SYSTEM PROMPT ---\n") - contentBuilder.WriteString(systemPrompt) - contentBuilder.WriteString("\n--- END SYSTEM PROMPT ---\n\n") - } - - contentBuilder.WriteString(content) - finalContent := contentBuilder.String() - - // CRITICAL: Kiro API requires content to be non-empty - if strings.TrimSpace(finalContent) == "" { - if len(toolResults) > 0 { - finalContent = "Tool results provided." - } else { - finalContent = "Continue" - } - log.Debugf("kiro-openai: content was empty, using default: %s", finalContent) - } - - return finalContent -} - -// checkThinkingModeFromOpenAI checks if thinking mode is enabled in the OpenAI request. -// Returns thinkingEnabled. -// Supports: -// - reasoning_effort parameter (low/medium/high/auto) -// - Model name containing "thinking" or "reason" -// - tag in system prompt (AMP/Cursor format) -func checkThinkingModeFromOpenAI(openaiBody []byte) bool { - return checkThinkingModeFromOpenAIWithHeaders(openaiBody, nil) -} - -// checkThinkingModeFromOpenAIWithHeaders checks if thinking mode is enabled in the OpenAI request. -// Returns thinkingEnabled. -// Supports: -// - Anthropic-Beta header with interleaved-thinking (Claude CLI) -// - reasoning_effort parameter (low/medium/high/auto) -// - Model name containing "thinking" or "reason" -// - tag in system prompt (AMP/Cursor format) -func checkThinkingModeFromOpenAIWithHeaders(openaiBody []byte, headers http.Header) bool { - // Check Anthropic-Beta header first (Claude CLI uses this) - if kiroclaude.IsThinkingEnabledFromHeader(headers) { - log.Debugf("kiro-openai: thinking mode enabled via Anthropic-Beta header") - return true - } - - // Check OpenAI format: reasoning_effort parameter - // Valid values: "low", "medium", "high", "auto" (not "none") - reasoningEffort := gjson.GetBytes(openaiBody, "reasoning_effort") - if reasoningEffort.Exists() { - effort := reasoningEffort.String() - if effort != "" && effort != "none" { - log.Debugf("kiro-openai: thinking mode enabled via reasoning_effort: %s", effort) - return true - } - } - - // Check AMP/Cursor format: interleaved in system prompt - bodyStr := string(openaiBody) - if strings.Contains(bodyStr, "") && strings.Contains(bodyStr, "") { - startTag := "" - endTag := "" - startIdx := strings.Index(bodyStr, startTag) - if startIdx >= 0 { - startIdx += len(startTag) - endIdx := strings.Index(bodyStr[startIdx:], endTag) - if endIdx >= 0 { - thinkingMode := bodyStr[startIdx : startIdx+endIdx] - if thinkingMode == "interleaved" || thinkingMode == "enabled" { - log.Debugf("kiro-openai: thinking mode enabled via AMP/Cursor format: %s", thinkingMode) - return true - } - } - } - } - - // Check model name for thinking hints - model := gjson.GetBytes(openaiBody, "model").String() - modelLower := strings.ToLower(model) - if strings.Contains(modelLower, "thinking") || strings.Contains(modelLower, "-reason") { - log.Debugf("kiro-openai: thinking mode enabled via model name hint: %s", model) - return true - } - - log.Debugf("kiro-openai: no thinking mode detected in OpenAI request") - return false -} - -// hasThinkingTagInBody checks if the request body already contains thinking configuration tags. -// This is used to prevent duplicate injection when client (e.g., AMP/Cursor) already includes thinking config. -func hasThinkingTagInBody(body []byte) bool { - bodyStr := string(body) - return strings.Contains(bodyStr, "") || strings.Contains(bodyStr, "") -} - -// extractToolChoiceHint extracts tool_choice from OpenAI request and returns a system prompt hint. -// OpenAI tool_choice values: -// - "none": Don't use any tools -// - "auto": Model decides (default, no hint needed) -// - "required": Must use at least one tool -// - {"type":"function","function":{"name":"..."}} : Must use specific tool -func extractToolChoiceHint(openaiBody []byte) string { - toolChoice := gjson.GetBytes(openaiBody, "tool_choice") - if !toolChoice.Exists() { - return "" - } - - // Handle string values - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "none": - // Note: When tool_choice is "none", we should ideally not pass tools at all - // But since we can't modify tool passing here, we add a strong hint - return "[INSTRUCTION: Do NOT use any tools. Respond with text only.]" - case "required": - return "[INSTRUCTION: You MUST use at least one of the available tools to respond. Do not respond with text only - always make a tool call.]" - case "auto": - // Default behavior, no hint needed - return "" - } - } - - // Handle object value: {"type":"function","function":{"name":"..."}} - if toolChoice.IsObject() { - if toolChoice.Get("type").String() == "function" { - toolName := toolChoice.Get("function.name").String() - if toolName != "" { - return fmt.Sprintf("[INSTRUCTION: You MUST use the tool named '%s' to respond. Do not use any other tool or respond with text only.]", toolName) - } - } - } - - return "" -} - -// extractResponseFormatHint extracts response_format from OpenAI request and returns a system prompt hint. -// OpenAI response_format values: -// - {"type": "text"}: Default, no hint needed -// - {"type": "json_object"}: Must respond with valid JSON -// - {"type": "json_schema", "json_schema": {...}}: Must respond with JSON matching schema -func extractResponseFormatHint(openaiBody []byte) string { - responseFormat := gjson.GetBytes(openaiBody, "response_format") - if !responseFormat.Exists() { - return "" - } - - formatType := responseFormat.Get("type").String() - switch formatType { - case "json_object": - return "[INSTRUCTION: You MUST respond with valid JSON only. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]" - case "json_schema": - // Extract schema if provided - schema := responseFormat.Get("json_schema.schema") - if schema.Exists() { - schemaStr := schema.Raw - // Truncate if too long - if len(schemaStr) > 500 { - schemaStr = schemaStr[:500] + "..." - } - return fmt.Sprintf("[INSTRUCTION: You MUST respond with valid JSON that matches this schema: %s. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]", schemaStr) - } - return "[INSTRUCTION: You MUST respond with valid JSON only. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]" - case "text": - // Default behavior, no hint needed - return "" - } - - return "" -} - -// deduplicateToolResults removes duplicate tool results -func deduplicateToolResults(toolResults []KiroToolResult) []KiroToolResult { - if len(toolResults) == 0 { - return toolResults - } - - seenIDs := make(map[string]bool) - unique := make([]KiroToolResult, 0, len(toolResults)) - for _, tr := range toolResults { - if !seenIDs[tr.ToolUseID] { - seenIDs[tr.ToolUseID] = true - unique = append(unique, tr) - } else { - log.Debugf("kiro-openai: skipping duplicate toolResult: %s", tr.ToolUseID) - } - } - return unique -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_request_test.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_request_test.go deleted file mode 100644 index 85e95d4ae6..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_request_test.go +++ /dev/null @@ -1,386 +0,0 @@ -package openai - -import ( - "encoding/json" - "testing" -) - -// TestToolResultsAttachedToCurrentMessage verifies that tool results from "tool" role messages -// are properly attached to the current user message (the last message in the conversation). -// This is critical for LiteLLM-translated requests where tool results appear as separate messages. -func TestToolResultsAttachedToCurrentMessage(t *testing.T) { - // OpenAI format request simulating LiteLLM's translation from Anthropic format - // Sequence: user -> assistant (with tool_calls) -> tool (result) -> user - // The last user message should have the tool results attached - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello, can you read a file for me?"}, - { - "role": "assistant", - "content": "I'll read that file for you.", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/test.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_abc123", - "content": "File contents: Hello World!" - }, - {"role": "user", "content": "What did the file say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // The last user message becomes currentMessage - // History should have: user (first), assistant (with tool_calls) - t.Logf("History count: %d", len(payload.ConversationState.History)) - if len(payload.ConversationState.History) != 2 { - t.Errorf("Expected 2 history entries (user + assistant), got %d", len(payload.ConversationState.History)) - } - - // Tool results should be attached to currentMessage (the last user message) - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx == nil { - t.Fatal("Expected currentMessage to have UserInputMessageContext with tool results") - } - - if len(ctx.ToolResults) != 1 { - t.Fatalf("Expected 1 tool result in currentMessage, got %d", len(ctx.ToolResults)) - } - - tr := ctx.ToolResults[0] - if tr.ToolUseID != "call_abc123" { - t.Errorf("Expected toolUseId 'call_abc123', got '%s'", tr.ToolUseID) - } - if len(tr.Content) == 0 || tr.Content[0].Text != "File contents: Hello World!" { - t.Errorf("Tool result content mismatch, got: %+v", tr.Content) - } -} - -// TestToolResultsInHistoryUserMessage verifies that when there are multiple user messages -// after tool results, the tool results are attached to the correct user message in history. -func TestToolResultsInHistoryUserMessage(t *testing.T) { - // Sequence: user -> assistant (with tool_calls) -> tool (result) -> user -> assistant -> user - // The first user after tool should have tool results in history - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello"}, - { - "role": "assistant", - "content": "I'll read the file.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "File result" - }, - {"role": "user", "content": "Thanks for the file"}, - {"role": "assistant", "content": "You're welcome"}, - {"role": "user", "content": "Bye"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // History should have: user, assistant, user (with tool results), assistant - // CurrentMessage should be: last user "Bye" - t.Logf("History count: %d", len(payload.ConversationState.History)) - - // Find the user message in history with tool results - foundToolResults := false - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil { - t.Logf("History[%d]: user message content=%q", i, h.UserInputMessage.Content) - if h.UserInputMessage.UserInputMessageContext != nil { - if len(h.UserInputMessage.UserInputMessageContext.ToolResults) > 0 { - foundToolResults = true - t.Logf(" Found %d tool results", len(h.UserInputMessage.UserInputMessageContext.ToolResults)) - tr := h.UserInputMessage.UserInputMessageContext.ToolResults[0] - if tr.ToolUseID != "call_1" { - t.Errorf("Expected toolUseId 'call_1', got '%s'", tr.ToolUseID) - } - } - } - } - if h.AssistantResponseMessage != nil { - t.Logf("History[%d]: assistant message content=%q", i, h.AssistantResponseMessage.Content) - } - } - - if !foundToolResults { - t.Error("Tool results were not attached to any user message in history") - } -} - -// TestToolResultsWithMultipleToolCalls verifies handling of multiple tool calls -func TestToolResultsWithMultipleToolCalls(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read two files for me"}, - { - "role": "assistant", - "content": "I'll read both files.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/file1.txt\"}" - } - }, - { - "id": "call_2", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/file2.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "Content of file 1" - }, - { - "role": "tool", - "tool_call_id": "call_2", - "content": "Content of file 2" - }, - {"role": "user", "content": "What do they say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - t.Logf("History count: %d", len(payload.ConversationState.History)) - t.Logf("CurrentMessage content: %q", payload.ConversationState.CurrentMessage.UserInputMessage.Content) - - // Check if there are any tool results anywhere - var totalToolResults int - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil && h.UserInputMessage.UserInputMessageContext != nil { - count := len(h.UserInputMessage.UserInputMessageContext.ToolResults) - t.Logf("History[%d] user message has %d tool results", i, count) - totalToolResults += count - } - } - - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx != nil { - t.Logf("CurrentMessage has %d tool results", len(ctx.ToolResults)) - totalToolResults += len(ctx.ToolResults) - } else { - t.Logf("CurrentMessage has no UserInputMessageContext") - } - - if totalToolResults != 2 { - t.Errorf("Expected 2 tool results total, got %d", totalToolResults) - } -} - -// TestToolResultsAtEndOfConversation verifies tool results are handled when -// the conversation ends with tool results (no following user message) -func TestToolResultsAtEndOfConversation(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read a file"}, - { - "role": "assistant", - "content": "Reading the file.", - "tool_calls": [ - { - "id": "call_end", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/test.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_end", - "content": "File contents here" - } - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // When the last message is a tool result, a synthetic user message is created - // and tool results should be attached to it - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx == nil || len(ctx.ToolResults) == 0 { - t.Error("Expected tool results to be attached to current message when conversation ends with tool result") - } else { - if ctx.ToolResults[0].ToolUseID != "call_end" { - t.Errorf("Expected toolUseId 'call_end', got '%s'", ctx.ToolResults[0].ToolUseID) - } - } -} - -// TestToolResultsFollowedByAssistant verifies handling when tool results are followed -// by an assistant message (no intermediate user message). -// This is the pattern from LiteLLM translation of Anthropic format where: -// user message has ONLY tool_result blocks -> LiteLLM creates tool messages -// then the next message is assistant -func TestToolResultsFollowedByAssistant(t *testing.T) { - // Sequence: user -> assistant (with tool_calls) -> tool -> tool -> assistant -> user - // This simulates LiteLLM's translation of: - // user: "Read files" - // assistant: [tool_use, tool_use] - // user: [tool_result, tool_result] <- becomes multiple "tool" role messages - // assistant: "I've read them" - // user: "What did they say?" - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read two files for me"}, - { - "role": "assistant", - "content": "I'll read both files.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/a.txt\"}" - } - }, - { - "id": "call_2", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/b.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "Contents of file A" - }, - { - "role": "tool", - "tool_call_id": "call_2", - "content": "Contents of file B" - }, - { - "role": "assistant", - "content": "I've read both files." - }, - {"role": "user", "content": "What did they say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - t.Logf("History count: %d", len(payload.ConversationState.History)) - - // Tool results should be attached to a synthetic user message or the history should be valid - var totalToolResults int - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil { - t.Logf("History[%d]: user message content=%q", i, h.UserInputMessage.Content) - if h.UserInputMessage.UserInputMessageContext != nil { - count := len(h.UserInputMessage.UserInputMessageContext.ToolResults) - t.Logf(" Has %d tool results", count) - totalToolResults += count - } - } - if h.AssistantResponseMessage != nil { - t.Logf("History[%d]: assistant message content=%q", i, h.AssistantResponseMessage.Content) - } - } - - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx != nil { - t.Logf("CurrentMessage has %d tool results", len(ctx.ToolResults)) - totalToolResults += len(ctx.ToolResults) - } - - if totalToolResults != 2 { - t.Errorf("Expected 2 tool results total, got %d", totalToolResults) - } -} - -// TestAssistantEndsConversation verifies handling when assistant is the last message -func TestAssistantEndsConversation(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello"}, - { - "role": "assistant", - "content": "Hi there!" - } - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // When assistant is last, a "Continue" user message should be created - if payload.ConversationState.CurrentMessage.UserInputMessage.Content == "" { - t.Error("Expected a 'Continue' message to be created when assistant is last") - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_response.go deleted file mode 100644 index edc70ad8cb..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_response.go +++ /dev/null @@ -1,277 +0,0 @@ -// Package openai provides response translation from Kiro to OpenAI format. -// This package handles the conversion of Kiro API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses. -package openai - -import ( - "encoding/json" - "fmt" - "sync/atomic" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" -) - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// BuildOpenAIResponse constructs an OpenAI Chat Completions-compatible response. -// Supports tool_calls when tools are present in the response. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildOpenAIResponse(content string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - return BuildOpenAIResponseWithReasoning(content, "", toolUses, model, usageInfo, stopReason) -} - -// BuildOpenAIResponseWithReasoning constructs an OpenAI Chat Completions-compatible response with reasoning_content support. -// Supports tool_calls when tools are present in the response. -// reasoningContent is included as reasoning_content field in the message when present. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildOpenAIResponseWithReasoning(content, reasoningContent string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - // Build the message object - message := map[string]interface{}{ - "role": "assistant", - "content": content, - } - - // Add reasoning_content if present (for thinking/reasoning models) - if reasoningContent != "" { - message["reasoning_content"] = reasoningContent - } - - // Add tool_calls if present - if len(toolUses) > 0 { - var toolCalls []map[string]interface{} - for i, tu := range toolUses { - inputJSON, _ := json.Marshal(tu.Input) - toolCalls = append(toolCalls, map[string]interface{}{ - "id": tu.ToolUseID, - "type": "function", - "index": i, - "function": map[string]interface{}{ - "name": tu.Name, - "arguments": string(inputJSON), - }, - }) - } - message["tool_calls"] = toolCalls - // When tool_calls are present, content should be null according to OpenAI spec - if content == "" { - message["content"] = nil - } - } - - // Use upstream stopReason; apply fallback logic if not provided - finishReason := mapKiroStopReasonToOpenAI(stopReason) - if finishReason == "" { - finishReason = "stop" - if len(toolUses) > 0 { - finishReason = "tool_calls" - } - log.Debugf("kiro-openai: buildOpenAIResponse using fallback finish_reason: %s", finishReason) - } - - response := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:24], - "object": "chat.completion", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{ - { - "index": 0, - "message": message, - "finish_reason": finishReason, - }, - }, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - - result, _ := json.Marshal(response) - return result -} - -// mapKiroStopReasonToOpenAI converts Kiro/Claude stop_reason to OpenAI finish_reason -func mapKiroStopReasonToOpenAI(stopReason string) string { - switch stopReason { - case "end_turn": - return "stop" - case "stop_sequence": - return "stop" - case "tool_use": - return "tool_calls" - case "max_tokens": - return "length" - case "content_filtered": - return "content_filter" - default: - return stopReason - } -} - -// BuildOpenAIStreamChunk constructs an OpenAI Chat Completions streaming chunk. -// This is the delta format used in streaming responses. -func BuildOpenAIStreamChunk(model string, deltaContent string, deltaToolCalls []map[string]interface{}, finishReason string, index int) []byte { - delta := map[string]interface{}{} - - // First chunk should include role - if index == 0 && deltaContent == "" && len(deltaToolCalls) == 0 { - delta["role"] = "assistant" - delta["content"] = "" - } else if deltaContent != "" { - delta["content"] = deltaContent - } - - // Add tool_calls delta if present - if len(deltaToolCalls) > 0 { - delta["tool_calls"] = deltaToolCalls - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - } - - if finishReason != "" { - choice["finish_reason"] = finishReason - } else { - choice["finish_reason"] = nil - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamChunkWithToolCallStart creates a stream chunk for tool call start -func BuildOpenAIStreamChunkWithToolCallStart(model string, toolUseID, toolName string, toolIndex int) []byte { - toolCall := map[string]interface{}{ - "index": toolIndex, - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": "", - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - "finish_reason": nil, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamChunkWithToolCallDelta creates a stream chunk for tool call arguments delta -func BuildOpenAIStreamChunkWithToolCallDelta(model string, argumentsDelta string, toolIndex int) []byte { - toolCall := map[string]interface{}{ - "index": toolIndex, - "function": map[string]interface{}{ - "arguments": argumentsDelta, - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - "finish_reason": nil, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamDoneChunk creates the final [DONE] stream event -func BuildOpenAIStreamDoneChunk() []byte { - return []byte("data: [DONE]") -} - -// BuildOpenAIStreamFinishChunk creates the final chunk with finish_reason -func BuildOpenAIStreamFinishChunk(model string, finishReason string) []byte { - choice := map[string]interface{}{ - "index": 0, - "delta": map[string]interface{}{}, - "finish_reason": finishReason, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamUsageChunk creates a chunk with usage information (optional, for stream_options.include_usage) -func BuildOpenAIStreamUsageChunk(model string, usageInfo usage.Detail) []byte { - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{}, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - - result, _ := json.Marshal(chunk) - return result -} - -// GenerateToolCallID generates a unique tool call ID in OpenAI format -func GenerateToolCallID(toolName string) string { - return fmt.Sprintf("call_%s_%d_%d", toolName[:min(8, len(toolName))], time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1)) -} - -// min returns the minimum of two integers -func min(a, b int) int { - if a < b { - return a - } - return b -} \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_stream.go b/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_stream.go deleted file mode 100644 index e72d970e0d..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/kiro/openai/kiro_openai_stream.go +++ /dev/null @@ -1,212 +0,0 @@ -// Package openai provides streaming SSE event building for OpenAI format. -// This package handles the construction of OpenAI-compatible Server-Sent Events (SSE) -// for streaming responses from Kiro API. -package openai - -import ( - "encoding/json" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -// OpenAIStreamState tracks the state of streaming response conversion -type OpenAIStreamState struct { - ChunkIndex int - ToolCallIndex int - HasSentFirstChunk bool - Model string - ResponseID string - Created int64 -} - -// NewOpenAIStreamState creates a new stream state for tracking -func NewOpenAIStreamState(model string) *OpenAIStreamState { - return &OpenAIStreamState{ - ChunkIndex: 0, - ToolCallIndex: 0, - HasSentFirstChunk: false, - Model: model, - ResponseID: "chatcmpl-" + uuid.New().String()[:24], - Created: time.Now().Unix(), - } -} - -// FormatSSEEvent formats a JSON payload for SSE streaming. -// Note: This returns raw JSON data without "data:" prefix. -// The SSE "data:" prefix is added by the Handler layer (e.g., openai_handlers.go) -// to maintain architectural consistency and avoid double-prefix issues. -func FormatSSEEvent(data []byte) string { - return string(data) -} - -// BuildOpenAISSETextDelta creates an SSE event for text content delta -func BuildOpenAISSETextDelta(state *OpenAIStreamState, textDelta string) string { - delta := map[string]interface{}{ - "content": textDelta, - } - - // Include role in first chunk - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEToolCallStart creates an SSE event for tool call start -func BuildOpenAISSEToolCallStart(state *OpenAIStreamState, toolUseID, toolName string) string { - toolCall := map[string]interface{}{ - "index": state.ToolCallIndex, - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": "", - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - // Include role in first chunk if not sent yet - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEToolCallArgumentsDelta creates an SSE event for tool call arguments delta -func BuildOpenAISSEToolCallArgumentsDelta(state *OpenAIStreamState, argumentsDelta string, toolIndex int) string { - toolCall := map[string]interface{}{ - "index": toolIndex, - "function": map[string]interface{}{ - "arguments": argumentsDelta, - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEFinish creates an SSE event with finish_reason -func BuildOpenAISSEFinish(state *OpenAIStreamState, finishReason string) string { - chunk := buildBaseChunk(state, map[string]interface{}{}, &finishReason) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEUsage creates an SSE event with usage information -func BuildOpenAISSEUsage(state *OpenAIStreamState, usageInfo usage.Detail) string { - chunk := map[string]interface{}{ - "id": state.ResponseID, - "object": "chat.completion.chunk", - "created": state.Created, - "model": state.Model, - "choices": []map[string]interface{}{}, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - result, _ := json.Marshal(chunk) - return FormatSSEEvent(result) -} - -// BuildOpenAISSEDone creates the final [DONE] SSE event. -// Note: This returns raw "[DONE]" without "data:" prefix. -// The SSE "data:" prefix is added by the Handler layer (e.g., openai_handlers.go) -// to maintain architectural consistency and avoid double-prefix issues. -func BuildOpenAISSEDone() string { - return "[DONE]" -} - -// buildBaseChunk creates a base chunk structure for streaming -func buildBaseChunk(state *OpenAIStreamState, delta map[string]interface{}, finishReason *string) map[string]interface{} { - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - } - - if finishReason != nil { - choice["finish_reason"] = *finishReason - } else { - choice["finish_reason"] = nil - } - - return map[string]interface{}{ - "id": state.ResponseID, - "object": "chat.completion.chunk", - "created": state.Created, - "model": state.Model, - "choices": []map[string]interface{}{choice}, - } -} - -// BuildOpenAISSEReasoningDelta creates an SSE event for reasoning content delta -// This is used for o1/o3 style models that expose reasoning tokens -func BuildOpenAISSEReasoningDelta(state *OpenAIStreamState, reasoningDelta string) string { - delta := map[string]interface{}{ - "reasoning_content": reasoningDelta, - } - - // Include role in first chunk - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEFirstChunk creates the first chunk with role only -func BuildOpenAISSEFirstChunk(state *OpenAIStreamState) string { - delta := map[string]interface{}{ - "role": "assistant", - "content": "", - } - - state.HasSentFirstChunk = true - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// ThinkingTagState tracks state for thinking tag detection in streaming -type ThinkingTagState struct { - InThinkingBlock bool - PendingStartChars int - PendingEndChars int -} - -// NewThinkingTagState creates a new thinking tag state -func NewThinkingTagState() *ThinkingTagState { - return &ThinkingTagState{ - InThinkingBlock: false, - PendingStartChars: 0, - PendingEndChars: 0, - } -} \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/init.go b/.worktrees/config/m/config-build/active/internal/translator/openai/claude/init.go deleted file mode 100644 index 0e0f82eae9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - OpenAI, - ConvertClaudeRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToClaude, - NonStream: ConvertOpenAIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_request.go b/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_request.go deleted file mode 100644 index acb79a1396..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_request.go +++ /dev/null @@ -1,407 +0,0 @@ -// Package claude provides request translation functionality for Anthropic to OpenAI API. -// It handles parsing and transforming Anthropic API requests into OpenAI Chat Completions API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Anthropic API format and OpenAI API's expected format. -package claude - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToOpenAI parses and transforms an Anthropic API request into OpenAI Chat Completions API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertClaudeRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI Chat Completions API template - out := `{"model":"","messages":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Model mapping - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Temperature - if temp := root.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := root.Get("top_p"); topP.Exists() { // Top P - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Stop sequences -> stop - if stopSequences := root.Get("stop_sequences"); stopSequences.Exists() { - if stopSequences.IsArray() { - var stops []string - stopSequences.ForEach(func(_, value gjson.Result) bool { - stops = append(stops, value.String()) - return true - }) - if len(stops) > 0 { - if len(stops) == 1 { - out, _ = sjson.Set(out, "stop", stops[0]) - } else { - out, _ = sjson.Set(out, "stop", stops) - } - } - } - } - - // Stream - out, _ = sjson.Set(out, "stream", stream) - - // Thinking: Convert Claude thinking.budget_tokens to OpenAI reasoning_effort - if thinkingConfig := root.Get("thinking"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - if thinkingType := thinkingConfig.Get("type"); thinkingType.Exists() { - switch thinkingType.String() { - case "enabled": - if budgetTokens := thinkingConfig.Get("budget_tokens"); budgetTokens.Exists() { - budget := int(budgetTokens.Int()) - if effort, ok := thinking.ConvertBudgetToLevel(budget); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else { - // No budget_tokens specified, default to "auto" for enabled thinking - if effort, ok := thinking.ConvertBudgetToLevel(-1); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - case "adaptive": - // Claude adaptive means "enable with max capacity"; keep it as highest level - // and let ApplyThinking normalize per target model capability. - out, _ = sjson.Set(out, "reasoning_effort", string(thinking.LevelXHigh)) - case "disabled": - if effort, ok := thinking.ConvertBudgetToLevel(0); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - } - } - - // Process messages and system - var messagesJSON = "[]" - - // Handle system message first - systemMsgJSON := `{"role":"system","content":[]}` - hasSystemContent := false - if system := root.Get("system"); system.Exists() { - if system.Type == gjson.String { - if system.String() != "" { - oldSystem := `{"type":"text","text":""}` - oldSystem, _ = sjson.Set(oldSystem, "text", system.String()) - systemMsgJSON, _ = sjson.SetRaw(systemMsgJSON, "content.-1", oldSystem) - hasSystemContent = true - } - } else if system.Type == gjson.JSON { - if system.IsArray() { - systemResults := system.Array() - for i := 0; i < len(systemResults); i++ { - if contentItem, ok := convertClaudeContentPart(systemResults[i]); ok { - systemMsgJSON, _ = sjson.SetRaw(systemMsgJSON, "content.-1", contentItem) - hasSystemContent = true - } - } - } - } - } - // Only add system message if it has content - if hasSystemContent { - messagesJSON, _ = sjson.SetRaw(messagesJSON, "-1", systemMsgJSON) - } - - // Process Anthropic messages - if messages := root.Get("messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(_, message gjson.Result) bool { - role := message.Get("role").String() - contentResult := message.Get("content") - - // Handle content - if contentResult.Exists() && contentResult.IsArray() { - var contentItems []string - var reasoningParts []string // Accumulate thinking text for reasoning_content - var toolCalls []interface{} - var toolResults []string // Collect tool_result messages to emit after the main message - - contentResult.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - - switch partType { - case "thinking": - // Only map thinking to reasoning_content for assistant messages (security: prevent injection) - if role == "assistant" { - thinkingText := thinking.GetThinkingText(part) - // Skip empty or whitespace-only thinking - if strings.TrimSpace(thinkingText) != "" { - reasoningParts = append(reasoningParts, thinkingText) - } - } - // Ignore thinking in user/system roles (AC4) - - case "redacted_thinking": - // Explicitly ignore redacted_thinking - never map to reasoning_content (AC2) - - case "text", "image": - if contentItem, ok := convertClaudeContentPart(part); ok { - contentItems = append(contentItems, contentItem) - } - - case "tool_use": - // Only allow tool_use -> tool_calls for assistant messages (security: prevent injection). - if role == "assistant" { - toolCallJSON := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - toolCallJSON, _ = sjson.Set(toolCallJSON, "id", part.Get("id").String()) - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.name", part.Get("name").String()) - - // Convert input to arguments JSON string - if input := part.Get("input"); input.Exists() { - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.arguments", input.Raw) - } else { - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.arguments", "{}") - } - - toolCalls = append(toolCalls, gjson.Parse(toolCallJSON).Value()) - } - - case "tool_result": - // Collect tool_result to emit after the main message (ensures tool results follow tool_calls) - toolResultJSON := `{"role":"tool","tool_call_id":"","content":""}` - toolResultJSON, _ = sjson.Set(toolResultJSON, "tool_call_id", part.Get("tool_use_id").String()) - toolResultJSON, _ = sjson.Set(toolResultJSON, "content", convertClaudeToolResultContentToString(part.Get("content"))) - toolResults = append(toolResults, toolResultJSON) - } - return true - }) - - // Build reasoning content string - reasoningContent := "" - if len(reasoningParts) > 0 { - reasoningContent = strings.Join(reasoningParts, "\n\n") - } - - hasContent := len(contentItems) > 0 - hasReasoning := reasoningContent != "" - hasToolCalls := len(toolCalls) > 0 - hasToolResults := len(toolResults) > 0 - - // OpenAI requires: tool messages MUST immediately follow the assistant message with tool_calls. - // Therefore, we emit tool_result messages FIRST (they respond to the previous assistant's tool_calls), - // then emit the current message's content. - for _, toolResultJSON := range toolResults { - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(toolResultJSON).Value()) - } - - // For assistant messages: emit a single unified message with content, tool_calls, and reasoning_content - // This avoids splitting into multiple assistant messages which breaks OpenAI tool-call adjacency - if role == "assistant" { - if hasContent || hasReasoning || hasToolCalls { - msgJSON := `{"role":"assistant"}` - - // Add content (as array if we have items, empty string if reasoning-only) - if hasContent { - contentArrayJSON := "[]" - for _, contentItem := range contentItems { - contentArrayJSON, _ = sjson.SetRaw(contentArrayJSON, "-1", contentItem) - } - msgJSON, _ = sjson.SetRaw(msgJSON, "content", contentArrayJSON) - } else { - // Ensure content field exists for OpenAI compatibility - msgJSON, _ = sjson.Set(msgJSON, "content", "") - } - - // Add reasoning_content if present - if hasReasoning { - msgJSON, _ = sjson.Set(msgJSON, "reasoning_content", reasoningContent) - } - - // Add tool_calls if present (in same message as content) - if hasToolCalls { - msgJSON, _ = sjson.Set(msgJSON, "tool_calls", toolCalls) - } - - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - } else { - // For non-assistant roles: emit content message if we have content - // If the message only contains tool_results (no text/image), we still processed them above - if hasContent { - msgJSON := `{"role":""}` - msgJSON, _ = sjson.Set(msgJSON, "role", role) - - contentArrayJSON := "[]" - for _, contentItem := range contentItems { - contentArrayJSON, _ = sjson.SetRaw(contentArrayJSON, "-1", contentItem) - } - msgJSON, _ = sjson.SetRaw(msgJSON, "content", contentArrayJSON) - - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } else if hasToolResults && !hasContent { - // tool_results already emitted above, no additional user message needed - } - } - - } else if contentResult.Exists() && contentResult.Type == gjson.String { - // Simple string content - msgJSON := `{"role":"","content":""}` - msgJSON, _ = sjson.Set(msgJSON, "role", role) - msgJSON, _ = sjson.Set(msgJSON, "content", contentResult.String()) - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - - return true - }) - } - - // Set messages - if gjson.Parse(messagesJSON).IsArray() && len(gjson.Parse(messagesJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "messages", messagesJSON) - } - - // Process tools - convert Anthropic tools to OpenAI functions - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var toolsJSON = "[]" - - tools.ForEach(func(_, tool gjson.Result) bool { - openAIToolJSON := `{"type":"function","function":{"name":"","description":""}}` - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.name", tool.Get("name").String()) - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.description", tool.Get("description").String()) - - // Convert Anthropic input_schema to OpenAI function parameters - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.parameters", inputSchema.Value()) - } - - toolsJSON, _ = sjson.Set(toolsJSON, "-1", gjson.Parse(openAIToolJSON).Value()) - return true - }) - - if gjson.Parse(toolsJSON).IsArray() && len(gjson.Parse(toolsJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", toolsJSON) - } - } - - // Tool choice mapping - convert Anthropic tool_choice to OpenAI format - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Get("type").String() { - case "auto": - out, _ = sjson.Set(out, "tool_choice", "auto") - case "any": - out, _ = sjson.Set(out, "tool_choice", "required") - case "tool": - // Specific tool choice - toolName := toolChoice.Get("name").String() - toolChoiceJSON := `{"type":"function","function":{"name":""}}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "function.name", toolName) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - default: - // Default to auto if not specified - out, _ = sjson.Set(out, "tool_choice", "auto") - } - } - - // Handle user parameter (for tracking) - if user := root.Get("user"); user.Exists() { - out, _ = sjson.Set(out, "user", user.String()) - } - - return []byte(out) -} - -func convertClaudeContentPart(part gjson.Result) (string, bool) { - partType := part.Get("type").String() - - switch partType { - case "text": - text := part.Get("text").String() - if strings.TrimSpace(text) == "" { - return "", false - } - textContent := `{"type":"text","text":""}` - textContent, _ = sjson.Set(textContent, "text", text) - return textContent, true - - case "image": - var imageURL string - - if source := part.Get("source"); source.Exists() { - sourceType := source.Get("type").String() - switch sourceType { - case "base64": - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = "application/octet-stream" - } - data := source.Get("data").String() - if data != "" { - imageURL = "data:" + mediaType + ";base64," + data - } - case "url": - imageURL = source.Get("url").String() - } - } - - if imageURL == "" { - imageURL = part.Get("url").String() - } - - if imageURL == "" { - return "", false - } - - imageContent := `{"type":"image_url","image_url":{"url":""}}` - imageContent, _ = sjson.Set(imageContent, "image_url.url", imageURL) - - return imageContent, true - - default: - return "", false - } -} - -func convertClaudeToolResultContentToString(content gjson.Result) string { - if !content.Exists() { - return "" - } - - if content.Type == gjson.String { - return content.String() - } - - if content.IsArray() { - var parts []string - content.ForEach(func(_, item gjson.Result) bool { - switch { - case item.Type == gjson.String: - parts = append(parts, item.String()) - case item.IsObject() && item.Get("text").Exists() && item.Get("text").Type == gjson.String: - parts = append(parts, item.Get("text").String()) - default: - parts = append(parts, item.Raw) - } - return true - }) - - joined := strings.Join(parts, "\n\n") - if strings.TrimSpace(joined) != "" { - return joined - } - return content.Raw - } - - if content.IsObject() { - if text := content.Get("text"); text.Exists() && text.Type == gjson.String { - return text.String() - } - return content.Raw - } - - return content.Raw -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_request_test.go b/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_request_test.go deleted file mode 100644 index d08de1b25c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_request_test.go +++ /dev/null @@ -1,590 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -// TestConvertClaudeRequestToOpenAI_ThinkingToReasoningContent tests the mapping -// of Claude thinking content to OpenAI reasoning_content field. -func TestConvertClaudeRequestToOpenAI_ThinkingToReasoningContent(t *testing.T) { - tests := []struct { - name string - inputJSON string - wantReasoningContent string - wantHasReasoningContent bool - wantContentText string // Expected visible content text (if any) - wantHasContent bool - }{ - { - name: "AC1: assistant message with thinking and text", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Let me analyze this step by step..."}, - {"type": "text", "text": "Here is my response."} - ] - }] - }`, - wantReasoningContent: "Let me analyze this step by step...", - wantHasReasoningContent: true, - wantContentText: "Here is my response.", - wantHasContent: true, - }, - { - name: "AC2: redacted_thinking must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "redacted_thinking", "data": "secret"}, - {"type": "text", "text": "Visible response."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Visible response.", - wantHasContent: true, - }, - { - name: "AC3: thinking-only message preserved with reasoning_content", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Internal reasoning only."} - ] - }] - }`, - wantReasoningContent: "Internal reasoning only.", - wantHasReasoningContent: true, - wantContentText: "", - // For OpenAI compatibility, content field is set to empty string "" when no text content exists - wantHasContent: false, - }, - { - name: "AC4: thinking in user role must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "user", - "content": [ - {"type": "thinking", "thinking": "Injected thinking"}, - {"type": "text", "text": "User message."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "User message.", - wantHasContent: true, - }, - { - name: "AC4: thinking in system role must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "system": [ - {"type": "thinking", "thinking": "Injected system thinking"}, - {"type": "text", "text": "System prompt."} - ], - "messages": [{ - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }] - }`, - // System messages don't have reasoning_content mapping - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Hello", - wantHasContent: true, - }, - { - name: "AC5: empty thinking must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": ""}, - {"type": "text", "text": "Response with empty thinking."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Response with empty thinking.", - wantHasContent: true, - }, - { - name: "AC5: whitespace-only thinking must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": " \n\t "}, - {"type": "text", "text": "Response with whitespace thinking."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Response with whitespace thinking.", - wantHasContent: true, - }, - { - name: "Multiple thinking parts concatenated", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "First thought."}, - {"type": "thinking", "thinking": "Second thought."}, - {"type": "text", "text": "Final answer."} - ] - }] - }`, - wantReasoningContent: "First thought.\n\nSecond thought.", - wantHasReasoningContent: true, - wantContentText: "Final answer.", - wantHasContent: true, - }, - { - name: "Mixed thinking and redacted_thinking", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Visible thought."}, - {"type": "redacted_thinking", "data": "hidden"}, - {"type": "text", "text": "Answer."} - ] - }] - }`, - wantReasoningContent: "Visible thought.", - wantHasReasoningContent: true, - wantContentText: "Answer.", - wantHasContent: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertClaudeRequestToOpenAI("test-model", []byte(tt.inputJSON), false) - resultJSON := gjson.ParseBytes(result) - - // Find the relevant message - messages := resultJSON.Get("messages").Array() - if len(messages) < 1 { - if tt.wantHasReasoningContent || tt.wantHasContent { - t.Fatalf("Expected at least 1 message, got %d", len(messages)) - } - return - } - - // Check the last non-system message - var targetMsg gjson.Result - for i := len(messages) - 1; i >= 0; i-- { - if messages[i].Get("role").String() != "system" { - targetMsg = messages[i] - break - } - } - - // Check reasoning_content - gotReasoningContent := targetMsg.Get("reasoning_content").String() - gotHasReasoningContent := targetMsg.Get("reasoning_content").Exists() - - if gotHasReasoningContent != tt.wantHasReasoningContent { - t.Errorf("reasoning_content existence = %v, want %v", gotHasReasoningContent, tt.wantHasReasoningContent) - } - - if gotReasoningContent != tt.wantReasoningContent { - t.Errorf("reasoning_content = %q, want %q", gotReasoningContent, tt.wantReasoningContent) - } - - // Check content - content := targetMsg.Get("content") - // content has meaningful content if it's a non-empty array, or a non-empty string - var gotHasContent bool - switch { - case content.IsArray(): - gotHasContent = len(content.Array()) > 0 - case content.Type == gjson.String: - gotHasContent = content.String() != "" - default: - gotHasContent = false - } - - if gotHasContent != tt.wantHasContent { - t.Errorf("content existence = %v, want %v", gotHasContent, tt.wantHasContent) - } - - if tt.wantHasContent && tt.wantContentText != "" { - // Find text content - var foundText string - content.ForEach(func(_, v gjson.Result) bool { - if v.Get("type").String() == "text" { - foundText = v.Get("text").String() - return false - } - return true - }) - if foundText != tt.wantContentText { - t.Errorf("content text = %q, want %q", foundText, tt.wantContentText) - } - } - }) - } -} - -// TestConvertClaudeRequestToOpenAI_ThinkingOnlyMessagePreserved tests AC3: -// that a message with only thinking content is preserved (not dropped). -func TestConvertClaudeRequestToOpenAI_ThinkingOnlyMessagePreserved(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "What is 2+2?"}] - }, - { - "role": "assistant", - "content": [{"type": "thinking", "thinking": "Let me calculate: 2+2=4"}] - }, - { - "role": "user", - "content": [{"type": "text", "text": "Thanks"}] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - - messages := resultJSON.Get("messages").Array() - - // Should have: user + assistant (thinking-only) + user = 3 messages - if len(messages) != 3 { - t.Fatalf("Expected 3 messages, got %d. Messages: %v", len(messages), resultJSON.Get("messages").Raw) - } - - // Check the assistant message (index 1) has reasoning_content - assistantMsg := messages[1] - if assistantMsg.Get("role").String() != "assistant" { - t.Errorf("Expected message[1] to be assistant, got %s", assistantMsg.Get("role").String()) - } - - if !assistantMsg.Get("reasoning_content").Exists() { - t.Error("Expected assistant message to have reasoning_content") - } - - if assistantMsg.Get("reasoning_content").String() != "Let me calculate: 2+2=4" { - t.Errorf("Unexpected reasoning_content: %s", assistantMsg.Get("reasoning_content").String()) - } -} - -func TestConvertClaudeRequestToOpenAI_SystemMessageScenarios(t *testing.T) { - tests := []struct { - name string - inputJSON string - wantHasSys bool - wantSysText string - }{ - { - name: "No system field", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: false, - }, - { - name: "Empty string system field", - inputJSON: `{ - "model": "claude-3-opus", - "system": "", - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: false, - }, - { - name: "String system field", - inputJSON: `{ - "model": "claude-3-opus", - "system": "Be helpful", - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: true, - wantSysText: "Be helpful", - }, - { - name: "Array system field with text", - inputJSON: `{ - "model": "claude-3-opus", - "system": [{"type": "text", "text": "Array system"}], - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: true, - wantSysText: "Array system", - }, - { - name: "Array system field with multiple text blocks", - inputJSON: `{ - "model": "claude-3-opus", - "system": [ - {"type": "text", "text": "Block 1"}, - {"type": "text", "text": "Block 2"} - ], - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: true, - wantSysText: "Block 2", // We will update the test logic to check all blocks or specifically the second one - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertClaudeRequestToOpenAI("test-model", []byte(tt.inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - hasSys := false - var sysMsg gjson.Result - if len(messages) > 0 && messages[0].Get("role").String() == "system" { - hasSys = true - sysMsg = messages[0] - } - - if hasSys != tt.wantHasSys { - t.Errorf("got hasSystem = %v, want %v", hasSys, tt.wantHasSys) - } - - if tt.wantHasSys { - // Check content - it could be string or array in OpenAI - content := sysMsg.Get("content") - var gotText string - if content.IsArray() { - arr := content.Array() - if len(arr) > 0 { - // Get the last element's text for validation - gotText = arr[len(arr)-1].Get("text").String() - } - } else { - gotText = content.String() - } - - if tt.wantSysText != "" && gotText != tt.wantSysText { - t.Errorf("got system text = %q, want %q", gotText, tt.wantSysText) - } - } - }) - } -} - -func TestConvertClaudeRequestToOpenAI_ToolResultOrderAndContent(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}} - ] - }, - { - "role": "user", - "content": [ - {"type": "text", "text": "before"}, - {"type": "tool_result", "tool_use_id": "call_1", "content": [{"type":"text","text":"tool ok"}]}, - {"type": "text", "text": "after"} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // OpenAI requires: tool messages MUST immediately follow assistant(tool_calls). - // Correct order: assistant(tool_calls) + tool(result) + user(before+after) - if len(messages) != 3 { - t.Fatalf("Expected 3 messages, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - if messages[0].Get("role").String() != "assistant" || !messages[0].Get("tool_calls").Exists() { - t.Fatalf("Expected messages[0] to be assistant tool_calls, got %s: %s", messages[0].Get("role").String(), messages[0].Raw) - } - - // tool message MUST immediately follow assistant(tool_calls) per OpenAI spec - if messages[1].Get("role").String() != "tool" { - t.Fatalf("Expected messages[1] to be tool (must follow tool_calls), got %s", messages[1].Get("role").String()) - } - if got := messages[1].Get("tool_call_id").String(); got != "call_1" { - t.Fatalf("Expected tool_call_id %q, got %q", "call_1", got) - } - if got := messages[1].Get("content").String(); got != "tool ok" { - t.Fatalf("Expected tool content %q, got %q", "tool ok", got) - } - - // User message comes after tool message - if messages[2].Get("role").String() != "user" { - t.Fatalf("Expected messages[2] to be user, got %s", messages[2].Get("role").String()) - } - // User message should contain both "before" and "after" text - if got := messages[2].Get("content.0.text").String(); got != "before" { - t.Fatalf("Expected user text[0] %q, got %q", "before", got) - } - if got := messages[2].Get("content.1.text").String(); got != "after" { - t.Fatalf("Expected user text[1] %q, got %q", "after", got) - } -} - -func TestConvertClaudeRequestToOpenAI_ToolResultObjectContent(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}} - ] - }, - { - "role": "user", - "content": [ - {"type": "tool_result", "tool_use_id": "call_1", "content": {"foo": "bar"}} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // assistant(tool_calls) + tool(result) - if len(messages) != 2 { - t.Fatalf("Expected 2 messages, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - if messages[1].Get("role").String() != "tool" { - t.Fatalf("Expected messages[1] to be tool, got %s", messages[1].Get("role").String()) - } - - toolContent := messages[1].Get("content").String() - parsed := gjson.Parse(toolContent) - if parsed.Get("foo").String() != "bar" { - t.Fatalf("Expected tool content JSON foo=bar, got %q", toolContent) - } -} - -func TestConvertClaudeRequestToOpenAI_AssistantTextToolUseTextOrder(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "text", "text": "pre"}, - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}}, - {"type": "text", "text": "post"} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // New behavior: content + tool_calls unified in single assistant message - // Expect: assistant(content[pre,post] + tool_calls) - if len(messages) != 1 { - t.Fatalf("Expected 1 message, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - assistantMsg := messages[0] - if assistantMsg.Get("role").String() != "assistant" { - t.Fatalf("Expected messages[0] to be assistant, got %s", assistantMsg.Get("role").String()) - } - - // Should have both content and tool_calls in same message - if !assistantMsg.Get("tool_calls").Exists() { - t.Fatalf("Expected assistant message to have tool_calls") - } - if got := assistantMsg.Get("tool_calls.0.id").String(); got != "call_1" { - t.Fatalf("Expected tool_call id %q, got %q", "call_1", got) - } - if got := assistantMsg.Get("tool_calls.0.function.name").String(); got != "do_work" { - t.Fatalf("Expected tool_call name %q, got %q", "do_work", got) - } - - // Content should have both pre and post text - if got := assistantMsg.Get("content.0.text").String(); got != "pre" { - t.Fatalf("Expected content[0] text %q, got %q", "pre", got) - } - if got := assistantMsg.Get("content.1.text").String(); got != "post" { - t.Fatalf("Expected content[1] text %q, got %q", "post", got) - } -} - -func TestConvertClaudeRequestToOpenAI_AssistantThinkingToolUseThinkingSplit(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "t1"}, - {"type": "text", "text": "pre"}, - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}}, - {"type": "thinking", "thinking": "t2"}, - {"type": "text", "text": "post"} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // New behavior: all content, thinking, and tool_calls unified in single assistant message - // Expect: assistant(content[pre,post] + tool_calls + reasoning_content[t1+t2]) - if len(messages) != 1 { - t.Fatalf("Expected 1 message, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - assistantMsg := messages[0] - if assistantMsg.Get("role").String() != "assistant" { - t.Fatalf("Expected messages[0] to be assistant, got %s", assistantMsg.Get("role").String()) - } - - // Should have content with both pre and post - if got := assistantMsg.Get("content.0.text").String(); got != "pre" { - t.Fatalf("Expected content[0] text %q, got %q", "pre", got) - } - if got := assistantMsg.Get("content.1.text").String(); got != "post" { - t.Fatalf("Expected content[1] text %q, got %q", "post", got) - } - - // Should have tool_calls - if !assistantMsg.Get("tool_calls").Exists() { - t.Fatalf("Expected assistant message to have tool_calls") - } - - // Should have combined reasoning_content from both thinking blocks - if got := assistantMsg.Get("reasoning_content").String(); got != "t1\n\nt2" { - t.Fatalf("Expected reasoning_content %q, got %q", "t1\n\nt2", got) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_response.go b/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_response.go deleted file mode 100644 index 8ddf3084ae..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/claude/openai_claude_response.go +++ /dev/null @@ -1,880 +0,0 @@ -// Package claude provides response translation functionality for OpenAI to Anthropic API. -// This package handles the conversion of OpenAI Chat Completions API responses into Anthropic API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Anthropic API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package claude - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertOpenAIResponseToAnthropicParams holds parameters for response conversion -type ConvertOpenAIResponseToAnthropicParams struct { - MessageID string - Model string - CreatedAt int64 - // Content accumulator for streaming - ContentAccumulator strings.Builder - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator - // Track if text content block has been started - TextContentBlockStarted bool - // Track if thinking content block has been started - ThinkingContentBlockStarted bool - // Track finish reason for later use - FinishReason string - // Track if content blocks have been stopped - ContentBlocksStopped bool - // Track if message_delta has been sent - MessageDeltaSent bool - // Track if message_start has been sent - MessageStarted bool - // Track if message_stop has been sent - MessageStopSent bool - // Tool call content block index mapping - ToolCallBlockIndexes map[int]int - // Index assigned to text content block - TextContentBlockIndex int - // Index assigned to thinking content block - ThinkingContentBlockIndex int - // Next available content block index - NextContentBlockIndex int -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertOpenAIResponseToClaude converts OpenAI streaming response format to Anthropic API format. -// This function processes OpenAI streaming chunks and transforms them into Anthropic-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Anthropic API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing an Anthropic-compatible JSON response. -func ConvertOpenAIResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertOpenAIResponseToAnthropicParams{ - MessageID: "", - Model: "", - CreatedAt: 0, - ContentAccumulator: strings.Builder{}, - ToolCallsAccumulator: nil, - TextContentBlockStarted: false, - ThinkingContentBlockStarted: false, - FinishReason: "", - ContentBlocksStopped: false, - MessageDeltaSent: false, - ToolCallBlockIndexes: make(map[int]int), - TextContentBlockIndex: -1, - ThinkingContentBlockIndex: -1, - NextContentBlockIndex: 0, - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - // Check if this is the [DONE] marker - rawStr := strings.TrimSpace(string(rawJSON)) - if rawStr == "[DONE]" { - return convertOpenAIDoneToAnthropic((*param).(*ConvertOpenAIResponseToAnthropicParams)) - } - - streamResult := gjson.GetBytes(originalRequestRawJSON, "stream") - if !streamResult.Exists() || (streamResult.Exists() && streamResult.Type == gjson.False) { - return convertOpenAINonStreamingToAnthropic(rawJSON) - } else { - return convertOpenAIStreamingChunkToAnthropic(rawJSON, (*param).(*ConvertOpenAIResponseToAnthropicParams)) - } -} - -// convertOpenAIStreamingChunkToAnthropic converts OpenAI streaming chunk to Anthropic streaming events -func convertOpenAIStreamingChunkToAnthropic(rawJSON []byte, param *ConvertOpenAIResponseToAnthropicParams) []string { - root := gjson.ParseBytes(rawJSON) - var results []string - - // Initialize parameters if needed - if param.MessageID == "" { - param.MessageID = root.Get("id").String() - } - if param.Model == "" { - param.Model = root.Get("model").String() - } - if param.CreatedAt == 0 { - param.CreatedAt = root.Get("created").Int() - } - - // Helper to ensure message_start is sent before any content_block_start - // This is required by the Anthropic SSE protocol - message_start must come first. - // Some OpenAI-compatible providers (like GitHub Copilot) may not send role: "assistant" - // in the first chunk, so we need to emit message_start when we first see content. - ensureMessageStarted := func() { - if param.MessageStarted { - return - } - messageStart := map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": param.MessageID, - "type": "message", - "role": "assistant", - "model": param.Model, - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - }, - } - messageStartJSON, _ := json.Marshal(messageStart) - results = append(results, "event: message_start\ndata: "+string(messageStartJSON)+"\n\n") - param.MessageStarted = true - } - - // Check if this is the first chunk (has role) - if delta := root.Get("choices.0.delta"); delta.Exists() { - if role := delta.Get("role"); role.Exists() && role.String() == "assistant" && !param.MessageStarted { - // Send message_start event - ensureMessageStarted() - - // Don't send content_block_start for text here - wait for actual content - } - - // Handle reasoning content delta - if reasoning := delta.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range collectOpenAIReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - stopTextContentBlock(param, &results) - if !param.ThinkingContentBlockStarted { - ensureMessageStarted() // Must send message_start before content_block_start - if param.ThinkingContentBlockIndex == -1 { - param.ThinkingContentBlockIndex = param.NextContentBlockIndex - param.NextContentBlockIndex++ - } - contentBlockStart := map[string]interface{}{ - "type": "content_block_start", - "index": param.ThinkingContentBlockIndex, - "content_block": map[string]interface{}{ - "type": "thinking", - "thinking": "", - }, - } - contentBlockStartJSON, _ := json.Marshal(contentBlockStart) - results = append(results, "event: content_block_start\ndata: "+string(contentBlockStartJSON)+"\n\n") - param.ThinkingContentBlockStarted = true - } - - thinkingDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": param.ThinkingContentBlockIndex, - "delta": map[string]interface{}{ - "type": "thinking_delta", - "thinking": reasoningText, - }, - } - thinkingDeltaJSON, _ := json.Marshal(thinkingDelta) - results = append(results, "event: content_block_delta\ndata: "+string(thinkingDeltaJSON)+"\n\n") - } - } - - // Handle content delta - if content := delta.Get("content"); content.Exists() && content.String() != "" { - // Send content_block_start for text if not already sent - if !param.TextContentBlockStarted { - ensureMessageStarted() // Must send message_start before content_block_start - stopThinkingContentBlock(param, &results) - if param.TextContentBlockIndex == -1 { - param.TextContentBlockIndex = param.NextContentBlockIndex - param.NextContentBlockIndex++ - } - contentBlockStart := map[string]interface{}{ - "type": "content_block_start", - "index": param.TextContentBlockIndex, - "content_block": map[string]interface{}{ - "type": "text", - "text": "", - }, - } - contentBlockStartJSON, _ := json.Marshal(contentBlockStart) - results = append(results, "event: content_block_start\ndata: "+string(contentBlockStartJSON)+"\n\n") - param.TextContentBlockStarted = true - } - - contentDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": param.TextContentBlockIndex, - "delta": map[string]interface{}{ - "type": "text_delta", - "text": content.String(), - }, - } - contentDeltaJSON, _ := json.Marshal(contentDelta) - results = append(results, "event: content_block_delta\ndata: "+string(contentDeltaJSON)+"\n\n") - - // Accumulate content - param.ContentAccumulator.WriteString(content.String()) - } - - // Handle tool calls - if toolCalls := delta.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - if param.ToolCallsAccumulator == nil { - param.ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - index := int(toolCall.Get("index").Int()) - blockIndex := param.toolContentBlockIndex(index) - - // Initialize accumulator if needed - if _, exists := param.ToolCallsAccumulator[index]; !exists { - param.ToolCallsAccumulator[index] = &ToolCallAccumulator{} - } - - accumulator := param.ToolCallsAccumulator[index] - - // Handle tool call ID - if id := toolCall.Get("id"); id.Exists() { - accumulator.ID = id.String() - } - - // Handle function name - if function := toolCall.Get("function"); function.Exists() { - if name := function.Get("name"); name.Exists() { - accumulator.Name = name.String() - - ensureMessageStarted() // Must send message_start before content_block_start - - stopThinkingContentBlock(param, &results) - - stopTextContentBlock(param, &results) - - // Send content_block_start for tool_use - contentBlockStart := map[string]interface{}{ - "type": "content_block_start", - "index": blockIndex, - "content_block": map[string]interface{}{ - "type": "tool_use", - "id": accumulator.ID, - "name": accumulator.Name, - "input": map[string]interface{}{}, - }, - } - contentBlockStartJSON, _ := json.Marshal(contentBlockStart) - results = append(results, "event: content_block_start\ndata: "+string(contentBlockStartJSON)+"\n\n") - } - - // Handle function arguments - if args := function.Get("arguments"); args.Exists() { - argsText := args.String() - if argsText != "" { - accumulator.Arguments.WriteString(argsText) - } - } - } - - return true - }) - } - } - - // Handle finish_reason (but don't send message_delta/message_stop yet) - if finishReason := root.Get("choices.0.finish_reason"); finishReason.Exists() && finishReason.String() != "" { - reason := finishReason.String() - param.FinishReason = reason - - // Send content_block_stop for thinking content if needed - if param.ThinkingContentBlockStarted { - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.ThinkingContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 - } - - // Send content_block_stop for text if text content block was started - stopTextContentBlock(param, &results) - - // Send content_block_stop for any tool calls - if !param.ContentBlocksStopped { - for index := range param.ToolCallsAccumulator { - accumulator := param.ToolCallsAccumulator[index] - blockIndex := param.toolContentBlockIndex(index) - - // Send complete input_json_delta with all accumulated arguments - if accumulator.Arguments.Len() > 0 { - inputDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": blockIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": util.FixJSON(accumulator.Arguments.String()), - }, - } - inputDeltaJSON, _ := json.Marshal(inputDelta) - results = append(results, "event: content_block_delta\ndata: "+string(inputDeltaJSON)+"\n\n") - } - - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": blockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - delete(param.ToolCallBlockIndexes, index) - } - param.ContentBlocksStopped = true - } - - // Don't send message_delta here - wait for usage info or [DONE] - } - - // Handle usage information separately (this comes in a later chunk) - // Only process if usage has actual values (not null) - if param.FinishReason != "" { - usage := root.Get("usage") - var inputTokens, outputTokens int64 - if usage.Exists() && usage.Type != gjson.Null { - // Check if usage has actual token counts - promptTokens := usage.Get("prompt_tokens") - completionTokens := usage.Get("completion_tokens") - - if promptTokens.Exists() && completionTokens.Exists() { - inputTokens = promptTokens.Int() - outputTokens = completionTokens.Int() - } - } - // Send message_delta with usage - messageDelta := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": mapOpenAIFinishReasonToAnthropic(param.FinishReason), - "stop_sequence": nil, - }, - "usage": map[string]interface{}{ - "input_tokens": inputTokens, - "output_tokens": outputTokens, - }, - } - - messageDeltaJSON, _ := json.Marshal(messageDelta) - results = append(results, "event: message_delta\ndata: "+string(messageDeltaJSON)+"\n\n") - param.MessageDeltaSent = true - - emitMessageStopIfNeeded(param, &results) - - } - - return results -} - -// convertOpenAIDoneToAnthropic handles the [DONE] marker and sends final events -func convertOpenAIDoneToAnthropic(param *ConvertOpenAIResponseToAnthropicParams) []string { - var results []string - - // Ensure all content blocks are stopped before final events - if param.ThinkingContentBlockStarted { - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.ThinkingContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 - } - - stopTextContentBlock(param, &results) - - if !param.ContentBlocksStopped { - for index := range param.ToolCallsAccumulator { - accumulator := param.ToolCallsAccumulator[index] - blockIndex := param.toolContentBlockIndex(index) - - if accumulator.Arguments.Len() > 0 { - inputDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": blockIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": util.FixJSON(accumulator.Arguments.String()), - }, - } - inputDeltaJSON, _ := json.Marshal(inputDelta) - results = append(results, "event: content_block_delta\ndata: "+string(inputDeltaJSON)+"\n\n") - } - - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": blockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - delete(param.ToolCallBlockIndexes, index) - } - param.ContentBlocksStopped = true - } - - // If we haven't sent message_delta yet (no usage info was received), send it now - if param.FinishReason != "" && !param.MessageDeltaSent { - messageDelta := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": mapOpenAIFinishReasonToAnthropic(param.FinishReason), - "stop_sequence": nil, - }, - } - - messageDeltaJSON, _ := json.Marshal(messageDelta) - results = append(results, "event: message_delta\ndata: "+string(messageDeltaJSON)+"\n\n") - param.MessageDeltaSent = true - } - - emitMessageStopIfNeeded(param, &results) - - return results -} - -// convertOpenAINonStreamingToAnthropic converts OpenAI non-streaming response to Anthropic format -func convertOpenAINonStreamingToAnthropic(rawJSON []byte) []string { - root := gjson.ParseBytes(rawJSON) - - // Build Anthropic response - response := map[string]interface{}{ - "id": root.Get("id").String(), - "type": "message", - "role": "assistant", - "model": root.Get("model").String(), - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - } - - // Process message content and tool calls - var contentBlocks []interface{} - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choice := choices.Array()[0] // Take first choice - reasoningNode := choice.Get("message.reasoning_content") - allReasoning := collectOpenAIReasoningTexts(reasoningNode) - - for _, reasoningText := range allReasoning { - if reasoningText == "" { - continue - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "thinking", - "thinking": reasoningText, - }) - } - - // Handle text content - if content := choice.Get("message.content"); content.Exists() && content.String() != "" { - textBlock := map[string]interface{}{ - "type": "text", - "text": content.String(), - } - contentBlocks = append(contentBlocks, textBlock) - } - - // Handle tool calls - if toolCalls := choice.Get("message.tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - toolUseBlock := map[string]interface{}{ - "type": "tool_use", - "id": toolCall.Get("id").String(), - "name": toolCall.Get("function.name").String(), - } - - // Parse arguments - argsStr := toolCall.Get("function.arguments").String() - argsStr = util.FixJSON(argsStr) - if argsStr != "" { - var args interface{} - if err := json.Unmarshal([]byte(argsStr), &args); err == nil { - toolUseBlock["input"] = args - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - - contentBlocks = append(contentBlocks, toolUseBlock) - return true - }) - } - - // Set stop reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - response["stop_reason"] = mapOpenAIFinishReasonToAnthropic(finishReason.String()) - } - } - - response["content"] = contentBlocks - - // Set usage information - if usage := root.Get("usage"); usage.Exists() { - response["usage"] = map[string]interface{}{ - "input_tokens": usage.Get("prompt_tokens").Int(), - "output_tokens": usage.Get("completion_tokens").Int(), - "reasoning_tokens": func() int64 { - if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - return 0 - }(), - } - } else { - response["usage"] = map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - } - } - - responseJSON, _ := json.Marshal(response) - return []string{string(responseJSON)} -} - -// mapOpenAIFinishReasonToAnthropic maps OpenAI finish reasons to Anthropic equivalents -func mapOpenAIFinishReasonToAnthropic(openAIReason string) string { - switch openAIReason { - case "stop": - return "end_turn" - case "length": - return "max_tokens" - case "tool_calls": - return "tool_use" - case "content_filter": - return "end_turn" // Anthropic doesn't have direct equivalent - case "function_call": // Legacy OpenAI - return "tool_use" - default: - return "end_turn" - } -} - -func (p *ConvertOpenAIResponseToAnthropicParams) toolContentBlockIndex(openAIToolIndex int) int { - if idx, ok := p.ToolCallBlockIndexes[openAIToolIndex]; ok { - return idx - } - idx := p.NextContentBlockIndex - p.NextContentBlockIndex++ - p.ToolCallBlockIndexes[openAIToolIndex] = idx - return idx -} - -func collectOpenAIReasoningTexts(node gjson.Result) []string { - var texts []string - if !node.Exists() { - return texts - } - - if node.IsArray() { - node.ForEach(func(_, value gjson.Result) bool { - texts = append(texts, collectOpenAIReasoningTexts(value)...) - return true - }) - return texts - } - - switch node.Type { - case gjson.String: - if text := strings.TrimSpace(node.String()); text != "" { - texts = append(texts, text) - } - case gjson.JSON: - if text := node.Get("text"); text.Exists() { - if trimmed := strings.TrimSpace(text.String()); trimmed != "" { - texts = append(texts, trimmed) - } - } else if raw := strings.TrimSpace(node.Raw); raw != "" && !strings.HasPrefix(raw, "{") && !strings.HasPrefix(raw, "[") { - texts = append(texts, raw) - } - } - - return texts -} - -func stopThinkingContentBlock(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if !param.ThinkingContentBlockStarted { - return - } - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.ThinkingContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - *results = append(*results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 -} - -func emitMessageStopIfNeeded(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if param.MessageStopSent { - return - } - *results = append(*results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - param.MessageStopSent = true -} - -func stopTextContentBlock(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if !param.TextContentBlockStarted { - return - } - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.TextContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - *results = append(*results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.TextContentBlockStarted = false - param.TextContentBlockIndex = -1 -} - -// ConvertOpenAIResponseToClaudeNonStream converts a non-streaming OpenAI response to a non-streaming Anthropic response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: An Anthropic-compatible JSON response. -func ConvertOpenAIResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - response := map[string]interface{}{ - "id": root.Get("id").String(), - "type": "message", - "role": "assistant", - "model": root.Get("model").String(), - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - } - - contentBlocks := make([]interface{}, 0) - hasToolCall := false - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() && len(choices.Array()) > 0 { - choice := choices.Array()[0] - - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - response["stop_reason"] = mapOpenAIFinishReasonToAnthropic(finishReason.String()) - } - - if message := choice.Get("message"); message.Exists() { - if contentResult := message.Get("content"); contentResult.Exists() { - if contentResult.IsArray() { - var textBuilder strings.Builder - var thinkingBuilder strings.Builder - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": textBuilder.String(), - }) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "thinking", - "thinking": thinkingBuilder.String(), - }) - thinkingBuilder.Reset() - } - - for _, item := range contentResult.Array() { - typeStr := item.Get("type").String() - switch typeStr { - case "text": - flushThinking() - textBuilder.WriteString(item.Get("text").String()) - case "tool_calls": - flushThinking() - flushText() - toolCalls := item.Get("tool_calls") - if toolCalls.IsArray() { - toolCalls.ForEach(func(_, tc gjson.Result) bool { - hasToolCall = true - toolUse := map[string]interface{}{ - "type": "tool_use", - "id": tc.Get("id").String(), - "name": tc.Get("function.name").String(), - } - - argsStr := util.FixJSON(tc.Get("function.arguments").String()) - if argsStr != "" { - var parsed interface{} - if err := json.Unmarshal([]byte(argsStr), &parsed); err == nil { - toolUse["input"] = parsed - } else { - toolUse["input"] = map[string]interface{}{} - } - } else { - toolUse["input"] = map[string]interface{}{} - } - - contentBlocks = append(contentBlocks, toolUse) - return true - }) - } - case "reasoning": - flushText() - if thinking := item.Get("text"); thinking.Exists() { - thinkingBuilder.WriteString(thinking.String()) - } - default: - flushThinking() - flushText() - } - } - - flushThinking() - flushText() - } else if contentResult.Type == gjson.String { - textContent := contentResult.String() - if textContent != "" { - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": textContent, - }) - } - } - } - - if reasoning := message.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range collectOpenAIReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "thinking", - "thinking": reasoningText, - }) - } - } - - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - hasToolCall = true - toolUseBlock := map[string]interface{}{ - "type": "tool_use", - "id": toolCall.Get("id").String(), - "name": toolCall.Get("function.name").String(), - } - - argsStr := toolCall.Get("function.arguments").String() - argsStr = util.FixJSON(argsStr) - if argsStr != "" { - var args interface{} - if err := json.Unmarshal([]byte(argsStr), &args); err == nil { - toolUseBlock["input"] = args - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - - contentBlocks = append(contentBlocks, toolUseBlock) - return true - }) - } - } - } - - response["content"] = contentBlocks - - if respUsage := root.Get("usage"); respUsage.Exists() { - usageJSON := `{}` - usageJSON, _ = sjson.Set(usageJSON, "input_tokens", respUsage.Get("prompt_tokens").Int()) - usageJSON, _ = sjson.Set(usageJSON, "output_tokens", respUsage.Get("completion_tokens").Int()) - parsedUsage := gjson.Parse(usageJSON).Value().(map[string]interface{}) - response["usage"] = parsedUsage - } else { - response["usage"] = `{"input_tokens":0,"output_tokens":0}` - } - - if response["stop_reason"] == nil { - if hasToolCall { - response["stop_reason"] = "tool_use" - } else { - response["stop_reason"] = "end_turn" - } - } - - if !hasToolCall { - if toolBlocks := response["content"].([]interface{}); len(toolBlocks) > 0 { - for _, block := range toolBlocks { - if m, ok := block.(map[string]interface{}); ok && m["type"] == "tool_use" { - hasToolCall = true - break - } - } - } - if hasToolCall { - response["stop_reason"] = "tool_use" - } - } - - responseJSON, err := json.Marshal(response) - if err != nil { - return "" - } - return string(responseJSON) -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/init.go b/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/init.go deleted file mode 100644 index 12aec5ec90..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - OpenAI, - ConvertGeminiCLIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGeminiCLI, - NonStream: ConvertOpenAIResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/openai_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/openai_gemini_request.go deleted file mode 100644 index 847c278f36..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/openai_gemini_request.go +++ /dev/null @@ -1,27 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini to OpenAI API. -// It handles parsing and transforming Gemini API requests into OpenAI Chat Completions API format, -// extracting model information, generation config, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and OpenAI API's expected format. -package geminiCLI - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToOpenAI parses and transforms a Gemini API request into OpenAI Chat Completions API format. -// It extracts the model name, generation config, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertGeminiCLIRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelName) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - return ConvertGeminiRequestToOpenAI(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/openai_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/openai_gemini_response.go deleted file mode 100644 index b5977964de..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini-cli/openai_gemini_response.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package geminiCLI provides response translation functionality for OpenAI to Gemini API. -// This package handles the conversion of OpenAI Chat Completions API responses into Gemini API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package geminiCLI - -import ( - "context" - "fmt" - - . "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/gemini" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponseToGeminiCLI converts OpenAI Chat Completions streaming response format to Gemini API format. -// This function processes OpenAI streaming chunks and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := ConvertOpenAIResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertOpenAIResponseToGeminiCLINonStream converts a non-streaming OpenAI response to a non-streaming Gemini CLI response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - strJSON := ConvertOpenAIResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/init.go b/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/init.go deleted file mode 100644 index 4f056ace9f..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - OpenAI, - ConvertGeminiRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGemini, - NonStream: ConvertOpenAIResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/openai_gemini_request.go b/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/openai_gemini_request.go deleted file mode 100644 index 167b71e91b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/openai_gemini_request.go +++ /dev/null @@ -1,321 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to OpenAI API. -// It handles parsing and transforming Gemini API requests into OpenAI Chat Completions API format, -// extracting model information, generation config, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and OpenAI API's expected format. -package gemini - -import ( - "crypto/rand" - "fmt" - "math/big" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToOpenAI parses and transforms a Gemini API request into OpenAI Chat Completions API format. -// It extracts the model name, generation config, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertGeminiRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI Chat Completions API template - out := `{"model":"","messages":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Helper for generating tool call IDs in the form: call_ - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "call_" + b.String() - } - - // Model mapping - out, _ = sjson.Set(out, "model", modelName) - - // Generation config mapping - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - // Temperature - if temp := genConfig.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } - - // Max tokens - if maxTokens := genConfig.Get("maxOutputTokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Top P - if topP := genConfig.Get("topP"); topP.Exists() { - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Top K (OpenAI doesn't have direct equivalent, but we can map it) - if topK := genConfig.Get("topK"); topK.Exists() { - // Store as custom parameter for potential use - out, _ = sjson.Set(out, "top_k", topK.Int()) - } - - // Stop sequences - if stopSequences := genConfig.Get("stopSequences"); stopSequences.Exists() && stopSequences.IsArray() { - var stops []string - stopSequences.ForEach(func(_, value gjson.Result) bool { - stops = append(stops, value.String()) - return true - }) - if len(stops) > 0 { - out, _ = sjson.Set(out, "stop", stops) - } - } - - // Candidate count (OpenAI 'n' parameter) - if candidateCount := genConfig.Get("candidateCount"); candidateCount.Exists() { - out, _ = sjson.Set(out, "n", candidateCount.Int()) - } - - // Map Gemini thinkingConfig to OpenAI reasoning_effort. - // Always perform conversion to support allowCompat models that may not be in registry. - // Note: Google official Python SDK sends snake_case fields (thinking_level/thinking_budget). - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - effort := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - if effort, ok := thinking.ConvertBudgetToLevel(int(thinkingBudget.Int())); ok { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - } - } - } - - // Stream parameter - out, _ = sjson.Set(out, "stream", stream) - - // Process contents (Gemini messages) -> OpenAI messages - var toolCallIDs []string // Track tool call IDs for matching with tool results - - // System instruction -> OpenAI system message - // Gemini may provide `systemInstruction` or `system_instruction`; support both keys. - systemInstruction := root.Get("systemInstruction") - if !systemInstruction.Exists() { - systemInstruction = root.Get("system_instruction") - } - if systemInstruction.Exists() { - parts := systemInstruction.Get("parts") - msg := `{"role":"system","content":[]}` - hasContent := false - - if parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Handle text parts - if text := part.Get("text"); text.Exists() { - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", text.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", contentPart) - hasContent = true - } - - // Handle inline data (e.g., images) - if inlineData := part.Get("inlineData"); inlineData.Exists() { - mimeType := inlineData.Get("mimeType").String() - if mimeType == "" { - mimeType = "application/octet-stream" - } - data := inlineData.Get("data").String() - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - msg, _ = sjson.SetRaw(msg, "content.-1", contentPart) - hasContent = true - } - return true - }) - } - - if hasContent { - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - } - - if contents := root.Get("contents"); contents.Exists() && contents.IsArray() { - contents.ForEach(func(_, content gjson.Result) bool { - role := content.Get("role").String() - parts := content.Get("parts") - - // Convert role: model -> assistant - if role == "model" { - role = "assistant" - } - - msg := `{"role":"","content":""}` - msg, _ = sjson.Set(msg, "role", role) - - var textBuilder strings.Builder - contentWrapper := `{"arr":[]}` - contentPartsCount := 0 - onlyTextContent := true - toolCallsWrapper := `{"arr":[]}` - toolCallsCount := 0 - - if parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Handle text parts - if text := part.Get("text"); text.Exists() { - formattedText := text.String() - textBuilder.WriteString(formattedText) - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", formattedText) - contentWrapper, _ = sjson.SetRaw(contentWrapper, "arr.-1", contentPart) - contentPartsCount++ - } - - // Handle inline data (e.g., images) - if inlineData := part.Get("inlineData"); inlineData.Exists() { - onlyTextContent = false - - mimeType := inlineData.Get("mimeType").String() - if mimeType == "" { - mimeType = "application/octet-stream" - } - data := inlineData.Get("data").String() - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - contentWrapper, _ = sjson.SetRaw(contentWrapper, "arr.-1", contentPart) - contentPartsCount++ - } - - // Handle function calls (Gemini) -> tool calls (OpenAI) - if functionCall := part.Get("functionCall"); functionCall.Exists() { - toolCallID := genToolCallID() - toolCallIDs = append(toolCallIDs, toolCallID) - - toolCall := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - toolCall, _ = sjson.Set(toolCall, "id", toolCallID) - toolCall, _ = sjson.Set(toolCall, "function.name", functionCall.Get("name").String()) - - // Convert args to arguments JSON string - if args := functionCall.Get("args"); args.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.arguments", args.Raw) - } else { - toolCall, _ = sjson.Set(toolCall, "function.arguments", "{}") - } - - toolCallsWrapper, _ = sjson.SetRaw(toolCallsWrapper, "arr.-1", toolCall) - toolCallsCount++ - } - - // Handle function responses (Gemini) -> tool role messages (OpenAI) - if functionResponse := part.Get("functionResponse"); functionResponse.Exists() { - // Create tool message for function response - toolMsg := `{"role":"tool","tool_call_id":"","content":""}` - - // Convert response.content to JSON string - if response := functionResponse.Get("response"); response.Exists() { - if contentField := response.Get("content"); contentField.Exists() { - toolMsg, _ = sjson.Set(toolMsg, "content", contentField.Raw) - } else { - toolMsg, _ = sjson.Set(toolMsg, "content", response.Raw) - } - } - - // Try to match with previous tool call ID - _ = functionResponse.Get("name").String() // functionName not used for now - if len(toolCallIDs) > 0 { - // Use the last tool call ID (simple matching by function name) - // In a real implementation, you might want more sophisticated matching - toolMsg, _ = sjson.Set(toolMsg, "tool_call_id", toolCallIDs[len(toolCallIDs)-1]) - } else { - // Generate a tool call ID if none available - toolMsg, _ = sjson.Set(toolMsg, "tool_call_id", genToolCallID()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", toolMsg) - } - - return true - }) - } - - // Set content - if contentPartsCount > 0 { - if onlyTextContent { - msg, _ = sjson.Set(msg, "content", textBuilder.String()) - } else { - msg, _ = sjson.SetRaw(msg, "content", gjson.Get(contentWrapper, "arr").Raw) - } - } - - // Set tool calls if any - if toolCallsCount > 0 { - msg, _ = sjson.SetRaw(msg, "tool_calls", gjson.Get(toolCallsWrapper, "arr").Raw) - } - - out, _ = sjson.SetRaw(out, "messages.-1", msg) - return true - }) - } - - // Tools mapping: Gemini tools -> OpenAI tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - if functionDeclarations := tool.Get("functionDeclarations"); functionDeclarations.Exists() && functionDeclarations.IsArray() { - functionDeclarations.ForEach(func(_, funcDecl gjson.Result) bool { - openAITool := `{"type":"function","function":{"name":"","description":""}}` - openAITool, _ = sjson.Set(openAITool, "function.name", funcDecl.Get("name").String()) - openAITool, _ = sjson.Set(openAITool, "function.description", funcDecl.Get("description").String()) - - // Convert parameters schema - if parameters := funcDecl.Get("parameters"); parameters.Exists() { - openAITool, _ = sjson.SetRaw(openAITool, "function.parameters", parameters.Raw) - } else if parameters := funcDecl.Get("parametersJsonSchema"); parameters.Exists() { - openAITool, _ = sjson.SetRaw(openAITool, "function.parameters", parameters.Raw) - } - - out, _ = sjson.SetRaw(out, "tools.-1", openAITool) - return true - }) - } - return true - }) - } - - // Tool choice mapping (Gemini doesn't have direct equivalent, but we can handle it) - if toolConfig := root.Get("toolConfig"); toolConfig.Exists() { - if functionCallingConfig := toolConfig.Get("functionCallingConfig"); functionCallingConfig.Exists() { - mode := functionCallingConfig.Get("mode").String() - switch mode { - case "NONE": - out, _ = sjson.Set(out, "tool_choice", "none") - case "AUTO": - out, _ = sjson.Set(out, "tool_choice", "auto") - case "ANY": - out, _ = sjson.Set(out, "tool_choice", "required") - } - } - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/openai_gemini_response.go b/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/openai_gemini_response.go deleted file mode 100644 index 040f805ce8..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/gemini/openai_gemini_response.go +++ /dev/null @@ -1,665 +0,0 @@ -// Package gemini provides response translation functionality for OpenAI to Gemini API. -// This package handles the conversion of OpenAI Chat Completions API responses into Gemini API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package gemini - -import ( - "bytes" - "context" - "fmt" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponseToGeminiParams holds parameters for response conversion -type ConvertOpenAIResponseToGeminiParams struct { - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator - // Content accumulator for streaming - ContentAccumulator strings.Builder - // Track if this is the first chunk - IsFirstChunk bool -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertOpenAIResponseToGemini converts OpenAI Chat Completions streaming response format to Gemini API format. -// This function processes OpenAI streaming chunks and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response. -func ConvertOpenAIResponseToGemini(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertOpenAIResponseToGeminiParams{ - ToolCallsAccumulator: nil, - ContentAccumulator: strings.Builder{}, - IsFirstChunk: false, - } - } - - // Handle [DONE] marker - if strings.TrimSpace(string(rawJSON)) == "[DONE]" { - return []string{} - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - root := gjson.ParseBytes(rawJSON) - - // Initialize accumulators if needed - if (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator == nil { - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - // Process choices - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - // Handle empty choices array (usage-only chunk) - if len(choices.Array()) == 0 { - // This is a usage-only chunk, handle usage and return - if usage := root.Get("usage"); usage.Exists() { - template := `{"candidates":[],"usageMetadata":{}}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - template, _ = sjson.Set(template, "model", model.String()) - } - - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - return []string{template} - } - return []string{} - } - - var results []string - - choices.ForEach(func(choiceIndex, choice gjson.Result) bool { - // Base Gemini response template without finishReason; set when known - template := `{"candidates":[{"content":{"parts":[],"role":"model"},"index":0}]}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - template, _ = sjson.Set(template, "model", model.String()) - } - - _ = int(choice.Get("index").Int()) // choiceIdx not used in streaming - delta := choice.Get("delta") - baseTemplate := template - - // Handle role (only in first chunk) - if role := delta.Get("role"); role.Exists() && (*param).(*ConvertOpenAIResponseToGeminiParams).IsFirstChunk { - // OpenAI assistant -> Gemini model - if role.String() == "assistant" { - template, _ = sjson.Set(template, "candidates.0.content.role", "model") - } - (*param).(*ConvertOpenAIResponseToGeminiParams).IsFirstChunk = false - results = append(results, template) - return true - } - - var chunkOutputs []string - - // Handle reasoning/thinking delta - if reasoning := delta.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range extractReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - reasoningTemplate := baseTemplate - reasoningTemplate, _ = sjson.Set(reasoningTemplate, "candidates.0.content.parts.0.thought", true) - reasoningTemplate, _ = sjson.Set(reasoningTemplate, "candidates.0.content.parts.0.text", reasoningText) - chunkOutputs = append(chunkOutputs, reasoningTemplate) - } - } - - // Handle content delta - if content := delta.Get("content"); content.Exists() && content.String() != "" { - contentText := content.String() - (*param).(*ConvertOpenAIResponseToGeminiParams).ContentAccumulator.WriteString(contentText) - - // Create text part for this delta - contentTemplate := baseTemplate - contentTemplate, _ = sjson.Set(contentTemplate, "candidates.0.content.parts.0.text", contentText) - chunkOutputs = append(chunkOutputs, contentTemplate) - } - - if len(chunkOutputs) > 0 { - results = append(results, chunkOutputs...) - return true - } - - // Handle tool calls delta - if toolCalls := delta.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - toolIndex := int(toolCall.Get("index").Int()) - toolID := toolCall.Get("id").String() - toolType := toolCall.Get("type").String() - function := toolCall.Get("function") - - // Skip non-function tool calls explicitly marked as other types. - if toolType != "" && toolType != "function" { - return true - } - - // OpenAI streaming deltas may omit the type field while still carrying function data. - if !function.Exists() { - return true - } - - functionName := function.Get("name").String() - functionArgs := function.Get("arguments").String() - - // Initialize accumulator if needed so later deltas without type can append arguments. - if _, exists := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex]; !exists { - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] = &ToolCallAccumulator{ - ID: toolID, - Name: functionName, - } - } - - acc := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] - - // Update ID if provided - if toolID != "" { - acc.ID = toolID - } - - // Update name if provided - if functionName != "" { - acc.Name = functionName - } - - // Accumulate arguments - if functionArgs != "" { - acc.Arguments.WriteString(functionArgs) - } - - return true - }) - - // Don't output anything for tool call deltas - wait for completion - return true - } - - // Handle finish reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - geminiFinishReason := mapOpenAIFinishReasonToGemini(finishReason.String()) - template, _ = sjson.Set(template, "candidates.0.finishReason", geminiFinishReason) - - // If we have accumulated tool calls, output them now - if len((*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator) > 0 { - partIndex := 0 - for _, accumulator := range (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator { - namePath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.name", partIndex) - argsPath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.args", partIndex) - template, _ = sjson.Set(template, namePath, accumulator.Name) - template, _ = sjson.SetRaw(template, argsPath, parseArgsToObjectRaw(accumulator.Arguments.String())) - partIndex++ - } - - // Clear accumulators - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - results = append(results, template) - return true - } - - // Handle usage information - if usage := root.Get("usage"); usage.Exists() { - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - results = append(results, template) - return true - } - - return true - }) - return results - } - return []string{} -} - -// mapOpenAIFinishReasonToGemini maps OpenAI finish reasons to Gemini finish reasons -func mapOpenAIFinishReasonToGemini(openAIReason string) string { - switch openAIReason { - case "stop": - return "STOP" - case "length": - return "MAX_TOKENS" - case "tool_calls": - return "STOP" // Gemini doesn't have a specific tool_calls finish reason - case "content_filter": - return "SAFETY" - default: - return "STOP" - } -} - -// parseArgsToObjectRaw safely parses a JSON string of function arguments into an object JSON string. -// It returns "{}" if the input is empty or cannot be parsed as a JSON object. -func parseArgsToObjectRaw(argsStr string) string { - trimmed := strings.TrimSpace(argsStr) - if trimmed == "" || trimmed == "{}" { - return "{}" - } - - // First try strict JSON - if gjson.Valid(trimmed) { - strict := gjson.Parse(trimmed) - if strict.IsObject() { - return strict.Raw - } - } - - // Tolerant parse: handle streams where values are barewords (e.g., 北京, celsius) - tolerant := tolerantParseJSONObjectRaw(trimmed) - if tolerant != "{}" { - return tolerant - } - - // Fallback: return empty object when parsing fails - return "{}" -} - -func escapeSjsonPathKey(key string) string { - key = strings.ReplaceAll(key, `\`, `\\`) - key = strings.ReplaceAll(key, `.`, `\.`) - return key -} - -// tolerantParseJSONObjectRaw attempts to parse a JSON-like object string into a JSON object string, tolerating -// bareword values (unquoted strings) commonly seen during streamed tool calls. -// Example input: {"location": 北京, "unit": celsius} -func tolerantParseJSONObjectRaw(s string) string { - // Ensure we operate within the outermost braces if present - start := strings.Index(s, "{") - end := strings.LastIndex(s, "}") - if start == -1 || end == -1 || start >= end { - return "{}" - } - content := s[start+1 : end] - - runes := []rune(content) - n := len(runes) - i := 0 - result := "{}" - - for i < n { - // Skip whitespace and commas - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t' || runes[i] == ',') { - i++ - } - if i >= n { - break - } - - // Expect quoted key - if runes[i] != '"' { - // Unable to parse this segment reliably; skip to next comma - for i < n && runes[i] != ',' { - i++ - } - continue - } - - // Parse JSON string for key - keyToken, nextIdx := parseJSONStringRunes(runes, i) - if nextIdx == -1 { - break - } - keyName := jsonStringTokenToRawString(keyToken) - sjsonKey := escapeSjsonPathKey(keyName) - i = nextIdx - - // Skip whitespace - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i >= n || runes[i] != ':' { - break - } - i++ // skip ':' - // Skip whitespace - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i >= n { - break - } - - // Parse value (string, number, object/array, bareword) - switch runes[i] { - case '"': - // JSON string - valToken, ni := parseJSONStringRunes(runes, i) - if ni == -1 { - // Malformed; treat as empty string - result, _ = sjson.Set(result, sjsonKey, "") - i = n - } else { - result, _ = sjson.Set(result, sjsonKey, jsonStringTokenToRawString(valToken)) - i = ni - } - case '{', '[': - // Bracketed value: attempt to capture balanced structure - seg, ni := captureBracketed(runes, i) - if ni == -1 { - i = n - } else { - if gjson.Valid(seg) { - result, _ = sjson.SetRaw(result, sjsonKey, seg) - } else { - result, _ = sjson.Set(result, sjsonKey, seg) - } - i = ni - } - default: - // Bare token until next comma or end - j := i - for j < n && runes[j] != ',' { - j++ - } - token := strings.TrimSpace(string(runes[i:j])) - // Interpret common JSON atoms and numbers; otherwise treat as string - if token == "true" { - result, _ = sjson.Set(result, sjsonKey, true) - } else if token == "false" { - result, _ = sjson.Set(result, sjsonKey, false) - } else if token == "null" { - result, _ = sjson.Set(result, sjsonKey, nil) - } else if numVal, ok := tryParseNumber(token); ok { - result, _ = sjson.Set(result, sjsonKey, numVal) - } else { - result, _ = sjson.Set(result, sjsonKey, token) - } - i = j - } - - // Skip trailing whitespace and optional comma before next pair - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i < n && runes[i] == ',' { - i++ - } - } - - return result -} - -// parseJSONStringRunes returns the JSON string token (including quotes) and the index just after it. -func parseJSONStringRunes(runes []rune, start int) (string, int) { - if start >= len(runes) || runes[start] != '"' { - return "", -1 - } - i := start + 1 - escaped := false - for i < len(runes) { - r := runes[i] - if r == '\\' && !escaped { - escaped = true - i++ - continue - } - if r == '"' && !escaped { - return string(runes[start : i+1]), i + 1 - } - escaped = false - i++ - } - return string(runes[start:]), -1 -} - -// jsonStringTokenToRawString converts a JSON string token (including quotes) to a raw Go string value. -func jsonStringTokenToRawString(token string) string { - r := gjson.Parse(token) - if r.Type == gjson.String { - return r.String() - } - // Fallback: strip surrounding quotes if present - if len(token) >= 2 && token[0] == '"' && token[len(token)-1] == '"' { - return token[1 : len(token)-1] - } - return token -} - -// captureBracketed captures a balanced JSON object/array starting at index i. -// Returns the segment string and the index just after it; -1 if malformed. -func captureBracketed(runes []rune, i int) (string, int) { - if i >= len(runes) { - return "", -1 - } - startRune := runes[i] - var endRune rune - if startRune == '{' { - endRune = '}' - } else if startRune == '[' { - endRune = ']' - } else { - return "", -1 - } - depth := 0 - j := i - inStr := false - escaped := false - for j < len(runes) { - r := runes[j] - if inStr { - if r == '\\' && !escaped { - escaped = true - j++ - continue - } - if r == '"' && !escaped { - inStr = false - } else { - escaped = false - } - j++ - continue - } - if r == '"' { - inStr = true - j++ - continue - } - if r == startRune { - depth++ - } else if r == endRune { - depth-- - if depth == 0 { - return string(runes[i : j+1]), j + 1 - } - } - j++ - } - return string(runes[i:]), -1 -} - -// tryParseNumber attempts to parse a string as an int or float. -func tryParseNumber(s string) (interface{}, bool) { - if s == "" { - return nil, false - } - // Try integer - if i64, errParseInt := strconv.ParseInt(s, 10, 64); errParseInt == nil { - return i64, true - } - if u64, errParseUInt := strconv.ParseUint(s, 10, 64); errParseUInt == nil { - return u64, true - } - if f64, errParseFloat := strconv.ParseFloat(s, 64); errParseFloat == nil { - return f64, true - } - return nil, false -} - -// ConvertOpenAIResponseToGeminiNonStream converts a non-streaming OpenAI response to a non-streaming Gemini response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - - // Base Gemini response template without finishReason; set when known - out := `{"candidates":[{"content":{"parts":[],"role":"model"},"index":0}]}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - out, _ = sjson.Set(out, "model", model.String()) - } - - // Process choices - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(choiceIndex, choice gjson.Result) bool { - choiceIdx := int(choice.Get("index").Int()) - message := choice.Get("message") - - // Set role - if role := message.Get("role"); role.Exists() { - if role.String() == "assistant" { - out, _ = sjson.Set(out, "candidates.0.content.role", "model") - } - } - - partIndex := 0 - - // Handle reasoning content before visible text - if reasoning := message.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range extractReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.thought", partIndex), true) - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.text", partIndex), reasoningText) - partIndex++ - } - } - - // Handle content first - if content := message.Get("content"); content.Exists() && content.String() != "" { - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.text", partIndex), content.String()) - partIndex++ - } - - // Handle tool calls - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - if toolCall.Get("type").String() == "function" { - function := toolCall.Get("function") - functionName := function.Get("name").String() - functionArgs := function.Get("arguments").String() - - namePath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.name", partIndex) - argsPath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.args", partIndex) - out, _ = sjson.Set(out, namePath, functionName) - out, _ = sjson.SetRaw(out, argsPath, parseArgsToObjectRaw(functionArgs)) - partIndex++ - } - return true - }) - } - - // Handle finish reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - geminiFinishReason := mapOpenAIFinishReasonToGemini(finishReason.String()) - out, _ = sjson.Set(out, "candidates.0.finishReason", geminiFinishReason) - } - - // Set index - out, _ = sjson.Set(out, "candidates.0.index", choiceIdx) - - return true - }) - } - - // Handle usage information - if usage := root.Get("usage"); usage.Exists() { - out, _ = sjson.Set(out, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - out, _ = sjson.Set(out, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - out, _ = sjson.Set(out, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - out, _ = sjson.Set(out, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - } - - return out -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -func reasoningTokensFromUsage(usage gjson.Result) int64 { - if usage.Exists() { - if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - } - return 0 -} - -func extractReasoningTexts(node gjson.Result) []string { - var texts []string - if !node.Exists() { - return texts - } - - if node.IsArray() { - node.ForEach(func(_, value gjson.Result) bool { - texts = append(texts, extractReasoningTexts(value)...) - return true - }) - return texts - } - - switch node.Type { - case gjson.String: - texts = append(texts, node.String()) - case gjson.JSON: - if text := node.Get("text"); text.Exists() { - texts = append(texts, text.String()) - } else if raw := strings.TrimSpace(node.Raw); raw != "" && !strings.HasPrefix(raw, "{") && !strings.HasPrefix(raw, "[") { - texts = append(texts, raw) - } - } - - return texts -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/init.go deleted file mode 100644 index 90fa3dcd90..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - OpenAI, - ConvertOpenAIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToOpenAI, - NonStream: ConvertOpenAIResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/openai_openai_request.go b/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/openai_openai_request.go deleted file mode 100644 index a74cded6c7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/openai_openai_request.go +++ /dev/null @@ -1,30 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "github.com/tidwall/sjson" -) - -// ConvertOpenAIRequestToOpenAI converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToOpenAI(modelName string, inputRawJSON []byte, _ bool) []byte { - // Update the "model" field in the JSON payload with the provided modelName - // The sjson.SetBytes function returns a new byte slice with the updated JSON. - updatedJSON, err := sjson.SetBytes(inputRawJSON, "model", modelName) - if err != nil { - // If there's an error, return the original JSON or handle the error appropriately. - // For now, we'll return the original, but in a real scenario, logging or a more robust error - // handling mechanism would be needed. - return inputRawJSON - } - return updatedJSON -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/openai_openai_response.go b/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/openai_openai_response.go deleted file mode 100644 index ff2acc5270..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/chat-completions/openai_openai_response.go +++ /dev/null @@ -1,52 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" -) - -// ConvertOpenAIResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertOpenAIResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - return []string{string(rawJSON)} -} - -// ConvertOpenAIResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertOpenAIResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return string(rawJSON) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/init.go b/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/init.go deleted file mode 100644 index e6f60e0e13..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - OpenAI, - ConvertOpenAIResponsesRequestToOpenAIChatCompletions, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIChatCompletionsResponseToOpenAIResponses, - NonStream: ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/openai_openai-responses_request.go b/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/openai_openai-responses_request.go deleted file mode 100644 index 9a64798bd7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/openai_openai-responses_request.go +++ /dev/null @@ -1,214 +0,0 @@ -package responses - -import ( - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponsesRequestToOpenAIChatCompletions converts OpenAI responses format to OpenAI chat completions format. -// It transforms the OpenAI responses API format (with instructions and input array) into the standard -// OpenAI chat completions format (with messages array and system content). -// -// The conversion handles: -// 1. Model name and streaming configuration -// 2. Instructions to system message conversion -// 3. Input array to messages array transformation -// 4. Tool definitions and tool choice conversion -// 5. Function calls and function results handling -// 6. Generation parameters mapping (max_tokens, reasoning, etc.) -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data in OpenAI responses format -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in OpenAI chat completions format -func ConvertOpenAIResponsesRequestToOpenAIChatCompletions(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI chat completions template with default values - out := `{"model":"","messages":[],"stream":false}` - - root := gjson.ParseBytes(rawJSON) - - // Set model name - out, _ = sjson.Set(out, "model", modelName) - - // Set stream configuration - out, _ = sjson.Set(out, "stream", stream) - - // Map generation parameters from responses format to chat completions format - if maxTokens := root.Get("max_output_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - if parallelToolCalls := root.Get("parallel_tool_calls"); parallelToolCalls.Exists() { - out, _ = sjson.Set(out, "parallel_tool_calls", parallelToolCalls.Bool()) - } - - // Convert instructions to system message - if instructions := root.Get("instructions"); instructions.Exists() { - systemMessage := `{"role":"system","content":""}` - systemMessage, _ = sjson.Set(systemMessage, "content", instructions.String()) - out, _ = sjson.SetRaw(out, "messages.-1", systemMessage) - } - - // Convert input array to messages - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - itemType := item.Get("type").String() - if itemType == "" && item.Get("role").String() != "" { - itemType = "message" - } - - switch itemType { - case "message", "": - // Handle regular message conversion - role := item.Get("role").String() - if role == "developer" { - role = "user" - } - message := `{"role":"","content":[]}` - message, _ = sjson.Set(message, "role", role) - - if content := item.Get("content"); content.Exists() && content.IsArray() { - var messageContent string - var toolCalls []interface{} - - content.ForEach(func(_, contentItem gjson.Result) bool { - contentType := contentItem.Get("type").String() - if contentType == "" { - contentType = "input_text" - } - - switch contentType { - case "input_text", "output_text": - text := contentItem.Get("text").String() - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", text) - message, _ = sjson.SetRaw(message, "content.-1", contentPart) - case "input_image": - imageURL := contentItem.Get("image_url").String() - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - message, _ = sjson.SetRaw(message, "content.-1", contentPart) - } - return true - }) - - if messageContent != "" { - message, _ = sjson.Set(message, "content", messageContent) - } - - if len(toolCalls) > 0 { - message, _ = sjson.Set(message, "tool_calls", toolCalls) - } - } else if content.Type == gjson.String { - message, _ = sjson.Set(message, "content", content.String()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", message) - - case "function_call": - // Handle function call conversion to assistant message with tool_calls - assistantMessage := `{"role":"assistant","tool_calls":[]}` - - toolCall := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - - if callId := item.Get("call_id"); callId.Exists() { - toolCall, _ = sjson.Set(toolCall, "id", callId.String()) - } - - if name := item.Get("name"); name.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.name", name.String()) - } - - if arguments := item.Get("arguments"); arguments.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.arguments", arguments.String()) - } - - assistantMessage, _ = sjson.SetRaw(assistantMessage, "tool_calls.0", toolCall) - out, _ = sjson.SetRaw(out, "messages.-1", assistantMessage) - - case "function_call_output": - // Handle function call output conversion to tool message - toolMessage := `{"role":"tool","tool_call_id":"","content":""}` - - if callId := item.Get("call_id"); callId.Exists() { - toolMessage, _ = sjson.Set(toolMessage, "tool_call_id", callId.String()) - } - - if output := item.Get("output"); output.Exists() { - toolMessage, _ = sjson.Set(toolMessage, "content", output.String()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", toolMessage) - } - - return true - }) - } else if input.Type == gjson.String { - msg := "{}" - msg, _ = sjson.Set(msg, "role", "user") - msg, _ = sjson.Set(msg, "content", input.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - // Convert tools from responses format to chat completions format - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var chatCompletionsTools []interface{} - - tools.ForEach(func(_, tool gjson.Result) bool { - // Built-in tools (e.g. {"type":"web_search"}) are already compatible with the Chat Completions schema. - // Only function tools need structural conversion because Chat Completions nests details under "function". - toolType := tool.Get("type").String() - if toolType != "" && toolType != "function" && tool.IsObject() { - // Almost all providers lack built-in tools, so we just ignore them. - // chatCompletionsTools = append(chatCompletionsTools, tool.Value()) - return true - } - - chatTool := `{"type":"function","function":{}}` - - // Convert tool structure from responses format to chat completions format - function := `{"name":"","description":"","parameters":{}}` - - if name := tool.Get("name"); name.Exists() { - function, _ = sjson.Set(function, "name", name.String()) - } - - if description := tool.Get("description"); description.Exists() { - function, _ = sjson.Set(function, "description", description.String()) - } - - if parameters := tool.Get("parameters"); parameters.Exists() { - function, _ = sjson.SetRaw(function, "parameters", parameters.Raw) - } - - chatTool, _ = sjson.SetRaw(chatTool, "function", function) - chatCompletionsTools = append(chatCompletionsTools, gjson.Parse(chatTool).Value()) - - return true - }) - - if len(chatCompletionsTools) > 0 { - out, _ = sjson.Set(out, "tools", chatCompletionsTools) - } - } - - if reasoningEffort := root.Get("reasoning.effort"); reasoningEffort.Exists() { - effort := strings.ToLower(strings.TrimSpace(reasoningEffort.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - - // Convert tool_choice if present - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - out, _ = sjson.Set(out, "tool_choice", toolChoice.String()) - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/openai_openai-responses_response.go b/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/openai_openai-responses_response.go deleted file mode 100644 index 151528526c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/openai/openai/responses/openai_openai-responses_response.go +++ /dev/null @@ -1,780 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type oaiToResponsesStateReasoning struct { - ReasoningID string - ReasoningData string -} -type oaiToResponsesState struct { - Seq int - ResponseID string - Created int64 - Started bool - ReasoningID string - ReasoningIndex int - // aggregation buffers for response.output - // Per-output message text buffers by index - MsgTextBuf map[int]*strings.Builder - ReasoningBuf strings.Builder - Reasonings []oaiToResponsesStateReasoning - FuncArgsBuf map[int]*strings.Builder // index -> args - FuncNames map[int]string // index -> name - FuncCallIDs map[int]string // index -> call_id - // message item state per output index - MsgItemAdded map[int]bool // whether response.output_item.added emitted for message - MsgContentAdded map[int]bool // whether response.content_part.added emitted for message - MsgItemDone map[int]bool // whether message done events were emitted - // function item done state - FuncArgsDone map[int]bool - FuncItemDone map[int]bool - // usage aggregation - PromptTokens int64 - CachedTokens int64 - CompletionTokens int64 - TotalTokens int64 - ReasoningTokens int64 - UsageSeen bool -} - -// responseIDCounter provides a process-wide unique counter for synthesized response identifiers. -var responseIDCounter uint64 - -func emitRespEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertOpenAIChatCompletionsResponseToOpenAIResponses converts OpenAI Chat Completions streaming chunks -// to OpenAI Responses SSE events (response.*). -func ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &oaiToResponsesState{ - FuncArgsBuf: make(map[int]*strings.Builder), - FuncNames: make(map[int]string), - FuncCallIDs: make(map[int]string), - MsgTextBuf: make(map[int]*strings.Builder), - MsgItemAdded: make(map[int]bool), - MsgContentAdded: make(map[int]bool), - MsgItemDone: make(map[int]bool), - FuncArgsDone: make(map[int]bool), - FuncItemDone: make(map[int]bool), - Reasonings: make([]oaiToResponsesStateReasoning, 0), - } - } - st := (*param).(*oaiToResponsesState) - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - rawJSON = bytes.TrimSpace(rawJSON) - if len(rawJSON) == 0 { - return []string{} - } - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - root := gjson.ParseBytes(rawJSON) - obj := root.Get("object") - if obj.Exists() && obj.String() != "" && obj.String() != "chat.completion.chunk" { - return []string{} - } - if !root.Get("choices").Exists() || !root.Get("choices").IsArray() { - return []string{} - } - - if usage := root.Get("usage"); usage.Exists() { - if v := usage.Get("prompt_tokens"); v.Exists() { - st.PromptTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("prompt_tokens_details.cached_tokens"); v.Exists() { - st.CachedTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("completion_tokens"); v.Exists() { - st.CompletionTokens = v.Int() - st.UsageSeen = true - } else if v := usage.Get("output_tokens"); v.Exists() { - st.CompletionTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() { - st.ReasoningTokens = v.Int() - st.UsageSeen = true - } else if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - st.ReasoningTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("total_tokens"); v.Exists() { - st.TotalTokens = v.Int() - st.UsageSeen = true - } - } - - nextSeq := func() int { st.Seq++; return st.Seq } - var out []string - - if !st.Started { - st.ResponseID = root.Get("id").String() - st.Created = root.Get("created").Int() - // reset aggregation state for a new streaming response - st.MsgTextBuf = make(map[int]*strings.Builder) - st.ReasoningBuf.Reset() - st.ReasoningID = "" - st.ReasoningIndex = 0 - st.FuncArgsBuf = make(map[int]*strings.Builder) - st.FuncNames = make(map[int]string) - st.FuncCallIDs = make(map[int]string) - st.MsgItemAdded = make(map[int]bool) - st.MsgContentAdded = make(map[int]bool) - st.MsgItemDone = make(map[int]bool) - st.FuncArgsDone = make(map[int]bool) - st.FuncItemDone = make(map[int]bool) - st.PromptTokens = 0 - st.CachedTokens = 0 - st.CompletionTokens = 0 - st.TotalTokens = 0 - st.ReasoningTokens = 0 - st.UsageSeen = false - // response.created - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.Created) - out = append(out, emitRespEvent("response.created", created)) - - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.Created) - out = append(out, emitRespEvent("response.in_progress", inprog)) - st.Started = true - } - - stopReasoning := func(text string) { - // Emit reasoning done events - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", text) - out = append(out, emitRespEvent("response.reasoning_summary_text.done", textDone)) - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", text) - out = append(out, emitRespEvent("response.reasoning_summary_part.done", partDone)) - outputItemDone := `{"type":"response.output_item.done","item":{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]},"output_index":0,"sequence_number":0}` - outputItemDone, _ = sjson.Set(outputItemDone, "sequence_number", nextSeq()) - outputItemDone, _ = sjson.Set(outputItemDone, "item.id", st.ReasoningID) - outputItemDone, _ = sjson.Set(outputItemDone, "output_index", st.ReasoningIndex) - outputItemDone, _ = sjson.Set(outputItemDone, "item.summary.text", text) - out = append(out, emitRespEvent("response.output_item.done", outputItemDone)) - - st.Reasonings = append(st.Reasonings, oaiToResponsesStateReasoning{ReasoningID: st.ReasoningID, ReasoningData: text}) - st.ReasoningID = "" - } - - // choices[].delta content / tool_calls / reasoning_content - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(_, choice gjson.Result) bool { - idx := int(choice.Get("index").Int()) - delta := choice.Get("delta") - if delta.Exists() { - if c := delta.Get("content"); c.Exists() && c.String() != "" { - // Ensure the message item and its first content part are announced before any text deltas - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - if !st.MsgItemAdded[idx] { - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - out = append(out, emitRespEvent("response.output_item.added", item)) - st.MsgItemAdded[idx] = true - } - if !st.MsgContentAdded[idx] { - part := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - part, _ = sjson.Set(part, "output_index", idx) - part, _ = sjson.Set(part, "content_index", 0) - out = append(out, emitRespEvent("response.content_part.added", part)) - st.MsgContentAdded[idx] = true - } - - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - msg, _ = sjson.Set(msg, "output_index", idx) - msg, _ = sjson.Set(msg, "content_index", 0) - msg, _ = sjson.Set(msg, "delta", c.String()) - out = append(out, emitRespEvent("response.output_text.delta", msg)) - // aggregate for response.output - if st.MsgTextBuf[idx] == nil { - st.MsgTextBuf[idx] = &strings.Builder{} - } - st.MsgTextBuf[idx].WriteString(c.String()) - } - - // reasoning_content (OpenAI reasoning incremental text) - if rc := delta.Get("reasoning_content"); rc.Exists() && rc.String() != "" { - // On first appearance, add reasoning item and part - if st.ReasoningID == "" { - st.ReasoningID = fmt.Sprintf("rs_%s_%d", st.ResponseID, idx) - st.ReasoningIndex = idx - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", st.ReasoningID) - out = append(out, emitRespEvent("response.output_item.added", item)) - part := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.ReasoningID) - part, _ = sjson.Set(part, "output_index", st.ReasoningIndex) - out = append(out, emitRespEvent("response.reasoning_summary_part.added", part)) - } - // Append incremental text to reasoning buffer - st.ReasoningBuf.WriteString(rc.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", rc.String()) - out = append(out, emitRespEvent("response.reasoning_summary_text.delta", msg)) - } - - // tool calls - if tcs := delta.Get("tool_calls"); tcs.Exists() && tcs.IsArray() { - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - // Before emitting any function events, if a message is open for this index, - // close its text/content to match Codex expected ordering. - if st.MsgItemAdded[idx] && !st.MsgItemDone[idx] { - fullText := "" - if b := st.MsgTextBuf[idx]; b != nil { - fullText = b.String() - } - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - done, _ = sjson.Set(done, "output_index", idx) - done, _ = sjson.Set(done, "content_index", 0) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitRespEvent("response.output_text.done", done)) - - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - partDone, _ = sjson.Set(partDone, "output_index", idx) - partDone, _ = sjson.Set(partDone, "content_index", 0) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitRespEvent("response.content_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - itemDone, _ = sjson.Set(itemDone, "item.content.0.text", fullText) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.MsgItemDone[idx] = true - } - - // Only emit item.added once per tool call and preserve call_id across chunks. - newCallID := tcs.Get("0.id").String() - nameChunk := tcs.Get("0.function.name").String() - if nameChunk != "" { - st.FuncNames[idx] = nameChunk - } - existingCallID := st.FuncCallIDs[idx] - effectiveCallID := existingCallID - shouldEmitItem := false - if existingCallID == "" && newCallID != "" { - // First time seeing a valid call_id for this index - effectiveCallID = newCallID - st.FuncCallIDs[idx] = newCallID - shouldEmitItem = true - } - - if shouldEmitItem && effectiveCallID != "" { - o := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - o, _ = sjson.Set(o, "sequence_number", nextSeq()) - o, _ = sjson.Set(o, "output_index", idx) - o, _ = sjson.Set(o, "item.id", fmt.Sprintf("fc_%s", effectiveCallID)) - o, _ = sjson.Set(o, "item.call_id", effectiveCallID) - name := st.FuncNames[idx] - o, _ = sjson.Set(o, "item.name", name) - out = append(out, emitRespEvent("response.output_item.added", o)) - } - - // Ensure args buffer exists for this index - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - - // Append arguments delta if available and we have a valid call_id to reference - if args := tcs.Get("0.function.arguments"); args.Exists() && args.String() != "" { - // Prefer an already known call_id; fall back to newCallID if first time - refCallID := st.FuncCallIDs[idx] - if refCallID == "" { - refCallID = newCallID - } - if refCallID != "" { - ad := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - ad, _ = sjson.Set(ad, "sequence_number", nextSeq()) - ad, _ = sjson.Set(ad, "item_id", fmt.Sprintf("fc_%s", refCallID)) - ad, _ = sjson.Set(ad, "output_index", idx) - ad, _ = sjson.Set(ad, "delta", args.String()) - out = append(out, emitRespEvent("response.function_call_arguments.delta", ad)) - } - st.FuncArgsBuf[idx].WriteString(args.String()) - } - } - } - - // finish_reason triggers finalization, including text done/content done/item done, - // reasoning done/part.done, function args done/item done, and completed - if fr := choice.Get("finish_reason"); fr.Exists() && fr.String() != "" { - // Emit message done events for all indices that started a message - if len(st.MsgItemAdded) > 0 { - // sort indices for deterministic order - idxs := make([]int, 0, len(st.MsgItemAdded)) - for i := range st.MsgItemAdded { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - if st.MsgItemAdded[i] && !st.MsgItemDone[i] { - fullText := "" - if b := st.MsgTextBuf[i]; b != nil { - fullText = b.String() - } - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - done, _ = sjson.Set(done, "output_index", i) - done, _ = sjson.Set(done, "content_index", 0) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitRespEvent("response.output_text.done", done)) - - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - partDone, _ = sjson.Set(partDone, "output_index", i) - partDone, _ = sjson.Set(partDone, "content_index", 0) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitRespEvent("response.content_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", i) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - itemDone, _ = sjson.Set(itemDone, "item.content.0.text", fullText) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.MsgItemDone[i] = true - } - } - } - - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - - // Emit function call done events for any active function calls - if len(st.FuncCallIDs) > 0 { - idxs := make([]int, 0, len(st.FuncCallIDs)) - for i := range st.FuncCallIDs { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - callID := st.FuncCallIDs[i] - if callID == "" || st.FuncItemDone[i] { - continue - } - args := "{}" - if b := st.FuncArgsBuf[i]; b != nil && b.Len() > 0 { - args = b.String() - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", callID)) - fcDone, _ = sjson.Set(fcDone, "output_index", i) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitRespEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", i) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", callID)) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", callID) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[i]) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.FuncItemDone[i] = true - st.FuncArgsDone[i] = true - } - } - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.Created) - // Inject original request fields into response as per docs/response.completed.json - if requestRawJSON != nil { - req := gjson.ParseBytes(requestRawJSON) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - // Build response.output using aggregated buffers - outputsWrapper := `{"arr":[]}` - if len(st.Reasonings) > 0 { - for _, r := range st.Reasonings { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", r.ReasoningID) - item, _ = sjson.Set(item, "summary.0.text", r.ReasoningData) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - // Append message items in ascending index order - if len(st.MsgItemAdded) > 0 { - midxs := make([]int, 0, len(st.MsgItemAdded)) - for i := range st.MsgItemAdded { - midxs = append(midxs, i) - } - for i := 0; i < len(midxs); i++ { - for j := i + 1; j < len(midxs); j++ { - if midxs[j] < midxs[i] { - midxs[i], midxs[j] = midxs[j], midxs[i] - } - } - } - for _, i := range midxs { - txt := "" - if b := st.MsgTextBuf[i]; b != nil { - txt = b.String() - } - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - item, _ = sjson.Set(item, "content.0.text", txt) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if len(st.FuncArgsBuf) > 0 { - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for i := range st.FuncArgsBuf { - idxs = append(idxs, i) - } - // small-N sort without extra imports - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - args := "" - if b := st.FuncArgsBuf[i]; b != nil { - args = b.String() - } - callID := st.FuncCallIDs[i] - name := st.FuncNames[i] - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - if st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.PromptTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", st.CachedTokens) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.CompletionTokens) - if st.ReasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", st.ReasoningTokens) - } - total := st.TotalTokens - if total == 0 { - total = st.PromptTokens + st.CompletionTokens - } - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - out = append(out, emitRespEvent("response.completed", completed)) - } - - return true - }) - } - - return out -} - -// ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream builds a single Responses JSON -// from a non-streaming OpenAI Chat Completions response. -func ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - - // Basic response scaffold - resp := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null}` - - // id: use provider id if present, otherwise synthesize - id := root.Get("id").String() - if id == "" { - id = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - resp, _ = sjson.Set(resp, "id", id) - - // created_at: map from chat.completion created - created := root.Get("created").Int() - if created == 0 { - created = time.Now().Unix() - } - resp, _ = sjson.Set(resp, "created_at", created) - - // Echo request fields when available (aligns with streaming path behavior) - if len(requestRawJSON) > 0 { - req := gjson.ParseBytes(requestRawJSON) - if v := req.Get("instructions"); v.Exists() { - resp, _ = sjson.Set(resp, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } else { - // Also support max_tokens from chat completion style - if v = req.Get("max_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } - } - if v := req.Get("max_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } else if v = root.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - resp, _ = sjson.Set(resp, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - resp, _ = sjson.Set(resp, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - resp, _ = sjson.Set(resp, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - resp, _ = sjson.Set(resp, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - resp, _ = sjson.Set(resp, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - resp, _ = sjson.Set(resp, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - resp, _ = sjson.Set(resp, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - resp, _ = sjson.Set(resp, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - resp, _ = sjson.Set(resp, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - resp, _ = sjson.Set(resp, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - resp, _ = sjson.Set(resp, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - resp, _ = sjson.Set(resp, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - resp, _ = sjson.Set(resp, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - resp, _ = sjson.Set(resp, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - resp, _ = sjson.Set(resp, "metadata", v.Value()) - } - } else if v := root.Get("model"); v.Exists() { - // Fallback model from response - resp, _ = sjson.Set(resp, "model", v.String()) - } - - // Build output list from choices[...] - outputsWrapper := `{"arr":[]}` - // Detect and capture reasoning content if present - rcText := gjson.GetBytes(rawJSON, "choices.0.message.reasoning_content").String() - includeReasoning := rcText != "" - if !includeReasoning && len(requestRawJSON) > 0 { - includeReasoning = gjson.GetBytes(requestRawJSON, "reasoning").Exists() - } - if includeReasoning { - rid := id - if strings.HasPrefix(rid, "resp_") { - rid = strings.TrimPrefix(rid, "resp_") - } - // Prefer summary_text from reasoning_content; encrypted_content is optional - reasoningItem := `{"id":"","type":"reasoning","encrypted_content":"","summary":[]}` - reasoningItem, _ = sjson.Set(reasoningItem, "id", fmt.Sprintf("rs_%s", rid)) - if rcText != "" { - reasoningItem, _ = sjson.Set(reasoningItem, "summary.0.type", "summary_text") - reasoningItem, _ = sjson.Set(reasoningItem, "summary.0.text", rcText) - } - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", reasoningItem) - } - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(_, choice gjson.Result) bool { - msg := choice.Get("message") - if msg.Exists() { - // Text message part - if c := msg.Get("content"); c.Exists() && c.String() != "" { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("msg_%s_%d", id, int(choice.Get("index").Int()))) - item, _ = sjson.Set(item, "content.0.text", c.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - - // Function/tool calls - if tcs := msg.Get("tool_calls"); tcs.Exists() && tcs.IsArray() { - tcs.ForEach(func(_, tc gjson.Result) bool { - callID := tc.Get("id").String() - name := tc.Get("function.name").String() - args := tc.Get("function.arguments").String() - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - return true - }) - } - } - return true - }) - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - resp, _ = sjson.SetRaw(resp, "output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // usage mapping - if usage := root.Get("usage"); usage.Exists() { - // Map common tokens - if usage.Get("prompt_tokens").Exists() || usage.Get("completion_tokens").Exists() || usage.Get("total_tokens").Exists() { - resp, _ = sjson.Set(resp, "usage.input_tokens", usage.Get("prompt_tokens").Int()) - if d := usage.Get("prompt_tokens_details.cached_tokens"); d.Exists() { - resp, _ = sjson.Set(resp, "usage.input_tokens_details.cached_tokens", d.Int()) - } - resp, _ = sjson.Set(resp, "usage.output_tokens", usage.Get("completion_tokens").Int()) - // Reasoning tokens not available in Chat Completions; set only if present under output_tokens_details - if d := usage.Get("output_tokens_details.reasoning_tokens"); d.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens_details.reasoning_tokens", d.Int()) - } - resp, _ = sjson.Set(resp, "usage.total_tokens", usage.Get("total_tokens").Int()) - } else { - // Fallback to raw usage object if structure differs - resp, _ = sjson.Set(resp, "usage", usage.Value()) - } - } - - return resp -} diff --git a/.worktrees/config/m/config-build/active/internal/translator/translator/translator.go b/.worktrees/config/m/config-build/active/internal/translator/translator/translator.go deleted file mode 100644 index 11a881adcf..0000000000 --- a/.worktrees/config/m/config-build/active/internal/translator/translator/translator.go +++ /dev/null @@ -1,89 +0,0 @@ -// Package translator provides request and response translation functionality -// between different AI API formats. It acts as a wrapper around the SDK translator -// registry, providing convenient functions for translating requests and responses -// between OpenAI, Claude, Gemini, and other API formats. -package translator - -import ( - "context" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -) - -// registry holds the default translator registry instance. -var registry = sdktranslator.Default() - -// Register registers a new translator for converting between two API formats. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - request: The request translation function -// - response: The response translation function -func Register(from, to string, request interfaces.TranslateRequestFunc, response interfaces.TranslateResponse) { - registry.Register(sdktranslator.FromString(from), sdktranslator.FromString(to), request, response) -} - -// Request translates a request from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - modelName: The model name for the request -// - rawJSON: The raw JSON request data -// - stream: Whether this is a streaming request -// -// Returns: -// - []byte: The translated request JSON -func Request(from, to, modelName string, rawJSON []byte, stream bool) []byte { - return registry.TranslateRequest(sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, rawJSON, stream) -} - -// NeedConvert checks if a response translation is needed between two API formats. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// -// Returns: -// - bool: True if response translation is needed, false otherwise -func NeedConvert(from, to string) bool { - return registry.HasResponseTransformer(sdktranslator.FromString(from), sdktranslator.FromString(to)) -} - -// Response translates a streaming response from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - ctx: The context for the translation -// - modelName: The model name for the response -// - originalRequestRawJSON: The original request JSON -// - requestRawJSON: The translated request JSON -// - rawJSON: The raw response JSON -// - param: Additional parameters for translation -// -// Returns: -// - []string: The translated response lines -func Response(from, to string, ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - return registry.TranslateStream(ctx, sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// ResponseNonStream translates a non-streaming response from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - ctx: The context for the translation -// - modelName: The model name for the response -// - originalRequestRawJSON: The original request JSON -// - requestRawJSON: The translated request JSON -// - rawJSON: The raw response JSON -// - param: Additional parameters for translation -// -// Returns: -// - string: The translated response JSON -func ResponseNonStream(from, to string, ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return registry.TranslateNonStream(ctx, sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/app.go b/.worktrees/config/m/config-build/active/internal/tui/app.go deleted file mode 100644 index b9ee9e1a3a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/app.go +++ /dev/null @@ -1,542 +0,0 @@ -package tui - -import ( - "fmt" - "io" - "os" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// Tab identifiers -const ( - tabDashboard = iota - tabConfig - tabAuthFiles - tabAPIKeys - tabOAuth - tabUsage - tabLogs -) - -// App is the root bubbletea model that contains all tab sub-models. -type App struct { - activeTab int - tabs []string - - standalone bool - logsEnabled bool - - authenticated bool - authInput textinput.Model - authError string - authConnecting bool - - dashboard dashboardModel - config configTabModel - auth authTabModel - keys keysTabModel - oauth oauthTabModel - usage usageTabModel - logs logsTabModel - - client *Client - - width int - height int - ready bool - - // Track which tabs have been initialized (fetched data) - initialized [7]bool -} - -type authConnectMsg struct { - cfg map[string]any - err error -} - -// NewApp creates the root TUI application model. -func NewApp(port int, secretKey string, hook *LogHook) App { - standalone := hook != nil - authRequired := !standalone - ti := textinput.New() - ti.CharLimit = 512 - ti.EchoMode = textinput.EchoPassword - ti.EchoCharacter = '*' - ti.SetValue(strings.TrimSpace(secretKey)) - ti.Focus() - - client := NewClient(port, secretKey) - app := App{ - activeTab: tabDashboard, - standalone: standalone, - logsEnabled: true, - authenticated: !authRequired, - authInput: ti, - dashboard: newDashboardModel(client), - config: newConfigTabModel(client), - auth: newAuthTabModel(client), - keys: newKeysTabModel(client), - oauth: newOAuthTabModel(client), - usage: newUsageTabModel(client), - logs: newLogsTabModel(client, hook), - client: client, - initialized: [7]bool{ - tabDashboard: true, - tabLogs: true, - }, - } - - app.refreshTabs() - if authRequired { - app.initialized = [7]bool{} - } - app.setAuthInputPrompt() - return app -} - -func (a App) Init() tea.Cmd { - if !a.authenticated { - return textinput.Blink - } - cmds := []tea.Cmd{a.dashboard.Init()} - if a.logsEnabled { - cmds = append(cmds, a.logs.Init()) - } - return tea.Batch(cmds...) -} - -func (a App) Update(msg tea.Msg) (tea.Model, tea.Cmd) { - switch msg := msg.(type) { - case tea.WindowSizeMsg: - a.width = msg.Width - a.height = msg.Height - a.ready = true - if a.width > 0 { - a.authInput.Width = a.width - 6 - } - contentH := a.height - 4 // tab bar + status bar - if contentH < 1 { - contentH = 1 - } - contentW := a.width - a.dashboard.SetSize(contentW, contentH) - a.config.SetSize(contentW, contentH) - a.auth.SetSize(contentW, contentH) - a.keys.SetSize(contentW, contentH) - a.oauth.SetSize(contentW, contentH) - a.usage.SetSize(contentW, contentH) - a.logs.SetSize(contentW, contentH) - return a, nil - - case authConnectMsg: - a.authConnecting = false - if msg.err != nil { - a.authError = fmt.Sprintf(T("auth_gate_connect_fail"), msg.err.Error()) - return a, nil - } - a.authError = "" - a.authenticated = true - a.logsEnabled = a.standalone || isLogsEnabledFromConfig(msg.cfg) - a.refreshTabs() - a.initialized = [7]bool{} - a.initialized[tabDashboard] = true - cmds := []tea.Cmd{a.dashboard.Init()} - if a.logsEnabled { - a.initialized[tabLogs] = true - cmds = append(cmds, a.logs.Init()) - } - return a, tea.Batch(cmds...) - - case configUpdateMsg: - var cmdLogs tea.Cmd - if !a.standalone && msg.err == nil && msg.path == "logging-to-file" { - logsEnabledConfig, okConfig := msg.value.(bool) - if okConfig { - logsEnabledBefore := a.logsEnabled - a.logsEnabled = logsEnabledConfig - if logsEnabledBefore != a.logsEnabled { - a.refreshTabs() - } - if !a.logsEnabled { - a.initialized[tabLogs] = false - } - if !logsEnabledBefore && a.logsEnabled { - a.initialized[tabLogs] = true - cmdLogs = a.logs.Init() - } - } - } - - var cmdConfig tea.Cmd - a.config, cmdConfig = a.config.Update(msg) - if cmdConfig != nil && cmdLogs != nil { - return a, tea.Batch(cmdConfig, cmdLogs) - } - if cmdConfig != nil { - return a, cmdConfig - } - return a, cmdLogs - - case tea.KeyMsg: - if !a.authenticated { - switch msg.String() { - case "ctrl+c", "q": - return a, tea.Quit - case "L": - ToggleLocale() - a.refreshTabs() - a.setAuthInputPrompt() - return a, nil - case "enter": - if a.authConnecting { - return a, nil - } - password := strings.TrimSpace(a.authInput.Value()) - if password == "" { - a.authError = T("auth_gate_password_required") - return a, nil - } - a.authError = "" - a.authConnecting = true - return a, a.connectWithPassword(password) - default: - var cmd tea.Cmd - a.authInput, cmd = a.authInput.Update(msg) - return a, cmd - } - } - - switch msg.String() { - case "ctrl+c": - return a, tea.Quit - case "q": - // Only quit if not in logs tab (where 'q' might be useful) - if !a.logsEnabled || a.activeTab != tabLogs { - return a, tea.Quit - } - case "L": - ToggleLocale() - a.refreshTabs() - return a.broadcastToAllTabs(localeChangedMsg{}) - case "tab": - if len(a.tabs) == 0 { - return a, nil - } - prevTab := a.activeTab - a.activeTab = (a.activeTab + 1) % len(a.tabs) - return a, a.initTabIfNeeded(prevTab) - case "shift+tab": - if len(a.tabs) == 0 { - return a, nil - } - prevTab := a.activeTab - a.activeTab = (a.activeTab - 1 + len(a.tabs)) % len(a.tabs) - return a, a.initTabIfNeeded(prevTab) - } - } - - if !a.authenticated { - var cmd tea.Cmd - a.authInput, cmd = a.authInput.Update(msg) - return a, cmd - } - - // Route msg to active tab - var cmd tea.Cmd - switch a.activeTab { - case tabDashboard: - a.dashboard, cmd = a.dashboard.Update(msg) - case tabConfig: - a.config, cmd = a.config.Update(msg) - case tabAuthFiles: - a.auth, cmd = a.auth.Update(msg) - case tabAPIKeys: - a.keys, cmd = a.keys.Update(msg) - case tabOAuth: - a.oauth, cmd = a.oauth.Update(msg) - case tabUsage: - a.usage, cmd = a.usage.Update(msg) - case tabLogs: - a.logs, cmd = a.logs.Update(msg) - } - - // Keep logs polling alive even when logs tab is not active. - if a.logsEnabled && a.activeTab != tabLogs { - switch msg.(type) { - case logsPollMsg, logsTickMsg, logLineMsg: - var logCmd tea.Cmd - a.logs, logCmd = a.logs.Update(msg) - if logCmd != nil { - cmd = logCmd - } - } - } - - return a, cmd -} - -// localeChangedMsg is broadcast to all tabs when the user toggles locale. -type localeChangedMsg struct{} - -func (a *App) refreshTabs() { - names := TabNames() - if a.logsEnabled { - a.tabs = names - } else { - filtered := make([]string, 0, len(names)-1) - for idx, name := range names { - if idx == tabLogs { - continue - } - filtered = append(filtered, name) - } - a.tabs = filtered - } - - if len(a.tabs) == 0 { - a.activeTab = tabDashboard - return - } - if a.activeTab >= len(a.tabs) { - a.activeTab = len(a.tabs) - 1 - } -} - -func (a *App) initTabIfNeeded(_ int) tea.Cmd { - if a.initialized[a.activeTab] { - return nil - } - a.initialized[a.activeTab] = true - switch a.activeTab { - case tabDashboard: - return a.dashboard.Init() - case tabConfig: - return a.config.Init() - case tabAuthFiles: - return a.auth.Init() - case tabAPIKeys: - return a.keys.Init() - case tabOAuth: - return a.oauth.Init() - case tabUsage: - return a.usage.Init() - case tabLogs: - if !a.logsEnabled { - return nil - } - return a.logs.Init() - } - return nil -} - -func (a App) View() string { - if !a.authenticated { - return a.renderAuthView() - } - - if !a.ready { - return T("initializing_tui") - } - - var sb strings.Builder - - // Tab bar - sb.WriteString(a.renderTabBar()) - sb.WriteString("\n") - - // Content - switch a.activeTab { - case tabDashboard: - sb.WriteString(a.dashboard.View()) - case tabConfig: - sb.WriteString(a.config.View()) - case tabAuthFiles: - sb.WriteString(a.auth.View()) - case tabAPIKeys: - sb.WriteString(a.keys.View()) - case tabOAuth: - sb.WriteString(a.oauth.View()) - case tabUsage: - sb.WriteString(a.usage.View()) - case tabLogs: - if a.logsEnabled { - sb.WriteString(a.logs.View()) - } - } - - // Status bar - sb.WriteString("\n") - sb.WriteString(a.renderStatusBar()) - - return sb.String() -} - -func (a App) renderAuthView() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("auth_gate_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_gate_help"))) - sb.WriteString("\n\n") - if a.authConnecting { - sb.WriteString(warningStyle.Render(T("auth_gate_connecting"))) - sb.WriteString("\n\n") - } - if strings.TrimSpace(a.authError) != "" { - sb.WriteString(errorStyle.Render(a.authError)) - sb.WriteString("\n\n") - } - sb.WriteString(a.authInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_gate_enter"))) - return sb.String() -} - -func (a App) renderTabBar() string { - var tabs []string - for i, name := range a.tabs { - if i == a.activeTab { - tabs = append(tabs, tabActiveStyle.Render(name)) - } else { - tabs = append(tabs, tabInactiveStyle.Render(name)) - } - } - tabBar := lipgloss.JoinHorizontal(lipgloss.Top, tabs...) - return tabBarStyle.Width(a.width).Render(tabBar) -} - -func (a App) renderStatusBar() string { - left := strings.TrimRight(T("status_left"), " ") - right := strings.TrimRight(T("status_right"), " ") - - width := a.width - if width < 1 { - width = 1 - } - - // statusBarStyle has left/right padding(1), so content area is width-2. - contentWidth := width - 2 - if contentWidth < 0 { - contentWidth = 0 - } - - if lipgloss.Width(left) > contentWidth { - left = fitStringWidth(left, contentWidth) - right = "" - } - - remaining := contentWidth - lipgloss.Width(left) - if remaining < 0 { - remaining = 0 - } - if lipgloss.Width(right) > remaining { - right = fitStringWidth(right, remaining) - } - - gap := contentWidth - lipgloss.Width(left) - lipgloss.Width(right) - if gap < 0 { - gap = 0 - } - return statusBarStyle.Width(width).Render(left + strings.Repeat(" ", gap) + right) -} - -func fitStringWidth(text string, maxWidth int) string { - if maxWidth <= 0 { - return "" - } - if lipgloss.Width(text) <= maxWidth { - return text - } - - out := "" - for _, r := range text { - next := out + string(r) - if lipgloss.Width(next) > maxWidth { - break - } - out = next - } - return out -} - -func isLogsEnabledFromConfig(cfg map[string]any) bool { - if cfg == nil { - return true - } - value, ok := cfg["logging-to-file"] - if !ok { - return true - } - enabled, ok := value.(bool) - if !ok { - return true - } - return enabled -} - -func (a *App) setAuthInputPrompt() { - if a == nil { - return - } - a.authInput.Prompt = fmt.Sprintf(" %s: ", T("auth_gate_password")) -} - -func (a App) connectWithPassword(password string) tea.Cmd { - return func() tea.Msg { - a.client.SetSecretKey(password) - cfg, errGetConfig := a.client.GetConfig() - return authConnectMsg{cfg: cfg, err: errGetConfig} - } -} - -// Run starts the TUI application. -// output specifies where bubbletea renders. If nil, defaults to os.Stdout. -func Run(port int, secretKey string, hook *LogHook, output io.Writer) error { - if output == nil { - output = os.Stdout - } - app := NewApp(port, secretKey, hook) - p := tea.NewProgram(app, tea.WithAltScreen(), tea.WithOutput(output)) - _, err := p.Run() - return err -} - -func (a App) broadcastToAllTabs(msg tea.Msg) (tea.Model, tea.Cmd) { - var cmds []tea.Cmd - var cmd tea.Cmd - - a.dashboard, cmd = a.dashboard.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.config, cmd = a.config.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.auth, cmd = a.auth.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.keys, cmd = a.keys.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.oauth, cmd = a.oauth.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.usage, cmd = a.usage.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.logs, cmd = a.logs.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - - return a, tea.Batch(cmds...) -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/auth_tab.go b/.worktrees/config/m/config-build/active/internal/tui/auth_tab.go deleted file mode 100644 index 519994420a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/auth_tab.go +++ /dev/null @@ -1,456 +0,0 @@ -package tui - -import ( - "fmt" - "strconv" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// editableField represents an editable field on an auth file. -type editableField struct { - label string - key string // API field key: "prefix", "proxy_url", "priority" -} - -var authEditableFields = []editableField{ - {label: "Prefix", key: "prefix"}, - {label: "Proxy URL", key: "proxy_url"}, - {label: "Priority", key: "priority"}, -} - -// authTabModel displays auth credential files with interactive management. -type authTabModel struct { - client *Client - viewport viewport.Model - files []map[string]any - err error - width int - height int - ready bool - cursor int - expanded int // -1 = none expanded, >=0 = expanded index - confirm int // -1 = no confirmation, >=0 = confirm delete for index - status string - - // Editing state - editing bool // true when editing a field - editField int // index into authEditableFields - editInput textinput.Model // text input for editing - editFileName string // name of file being edited -} - -type authFilesMsg struct { - files []map[string]any - err error -} - -type authActionMsg struct { - action string // "deleted", "toggled", "updated" - err error -} - -func newAuthTabModel(client *Client) authTabModel { - ti := textinput.New() - ti.CharLimit = 256 - return authTabModel{ - client: client, - expanded: -1, - confirm: -1, - editInput: ti, - } -} - -func (m authTabModel) Init() tea.Cmd { - return m.fetchFiles -} - -func (m authTabModel) fetchFiles() tea.Msg { - files, err := m.client.GetAuthFiles() - return authFilesMsg{files: files, err: err} -} - -func (m authTabModel) Update(msg tea.Msg) (authTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case authFilesMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.files = msg.files - if m.cursor >= len(m.files) { - m.cursor = max(0, len(m.files)-1) - } - m.status = "" - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case authActionMsg: - if msg.err != nil { - m.status = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.status = successStyle.Render("✓ " + msg.action) - } - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, m.fetchFiles - - case tea.KeyMsg: - // ---- Editing mode ---- - if m.editing { - return m.handleEditInput(msg) - } - - // ---- Delete confirmation mode ---- - if m.confirm >= 0 { - return m.handleConfirmInput(msg) - } - - // ---- Normal mode ---- - return m.handleNormalInput(msg) - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -// startEdit activates inline editing for a field on the currently selected auth file. -func (m *authTabModel) startEdit(fieldIdx int) tea.Cmd { - if m.cursor >= len(m.files) { - return nil - } - f := m.files[m.cursor] - m.editFileName = getString(f, "name") - m.editField = fieldIdx - m.editing = true - - // Pre-populate with current value - key := authEditableFields[fieldIdx].key - currentVal := getAnyString(f, key) - m.editInput.SetValue(currentVal) - m.editInput.Focus() - m.editInput.Prompt = fmt.Sprintf(" %s: ", authEditableFields[fieldIdx].label) - m.viewport.SetContent(m.renderContent()) - return textinput.Blink -} - -func (m *authTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.editInput.Width = w - 20 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m authTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m authTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("auth_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_help1"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_help2"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - if len(m.files) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_auth_files"))) - sb.WriteString("\n") - return sb.String() - } - - for i, f := range m.files { - name := getString(f, "name") - channel := getString(f, "channel") - email := getString(f, "email") - disabled := getBool(f, "disabled") - - statusIcon := successStyle.Render("●") - statusText := T("status_active") - if disabled { - statusIcon = lipgloss.NewStyle().Foreground(colorMuted).Render("○") - statusText = T("status_disabled") - } - - cursor := " " - rowStyle := lipgloss.NewStyle() - if i == m.cursor { - cursor = "▸ " - rowStyle = lipgloss.NewStyle().Bold(true) - } - - displayName := name - if len(displayName) > 24 { - displayName = displayName[:21] + "..." - } - displayEmail := email - if len(displayEmail) > 28 { - displayEmail = displayEmail[:25] + "..." - } - - row := fmt.Sprintf("%s%s %-24s %-12s %-28s %s", - cursor, statusIcon, displayName, channel, displayEmail, statusText) - sb.WriteString(rowStyle.Render(row)) - sb.WriteString("\n") - - // Delete confirmation - if m.confirm == i { - sb.WriteString(warningStyle.Render(fmt.Sprintf(" "+T("confirm_delete"), name))) - sb.WriteString("\n") - } - - // Inline edit input - if m.editing && i == m.cursor { - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(" " + T("enter_save") + " • " + T("esc_cancel"))) - sb.WriteString("\n") - } - - // Expanded detail view - if m.expanded == i { - sb.WriteString(m.renderDetail(f)) - } - } - - if m.status != "" { - sb.WriteString("\n") - sb.WriteString(m.status) - sb.WriteString("\n") - } - - return sb.String() -} - -func (m authTabModel) renderDetail(f map[string]any) string { - var sb strings.Builder - - labelStyle := lipgloss.NewStyle(). - Foreground(lipgloss.Color("111")). - Bold(true) - valueStyle := lipgloss.NewStyle(). - Foreground(lipgloss.Color("252")) - editableMarker := lipgloss.NewStyle(). - Foreground(lipgloss.Color("214")). - Render(" ✎") - - sb.WriteString(" ┌─────────────────────────────────────────────\n") - - fields := []struct { - label string - key string - editable bool - }{ - {"Name", "name", false}, - {"Channel", "channel", false}, - {"Email", "email", false}, - {"Status", "status", false}, - {"Status Msg", "status_message", false}, - {"File Name", "file_name", false}, - {"Auth Type", "auth_type", false}, - {"Prefix", "prefix", true}, - {"Proxy URL", "proxy_url", true}, - {"Priority", "priority", true}, - {"Project ID", "project_id", false}, - {"Disabled", "disabled", false}, - {"Created", "created_at", false}, - {"Updated", "updated_at", false}, - } - - for _, field := range fields { - val := getAnyString(f, field.key) - if val == "" || val == "" { - if field.editable { - val = T("not_set") - } else { - continue - } - } - editMark := "" - if field.editable { - editMark = editableMarker - } - line := fmt.Sprintf(" │ %s %s%s", - labelStyle.Render(fmt.Sprintf("%-12s:", field.label)), - valueStyle.Render(val), - editMark) - sb.WriteString(line) - sb.WriteString("\n") - } - - sb.WriteString(" └─────────────────────────────────────────────\n") - return sb.String() -} - -// getAnyString converts any value to its string representation. -func getAnyString(m map[string]any, key string) string { - v, ok := m[key] - if !ok || v == nil { - return "" - } - return fmt.Sprintf("%v", v) -} - -func max(a, b int) int { - if a > b { - return a - } - return b -} - -func (m authTabModel) handleEditInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "enter": - value := m.editInput.Value() - fieldKey := authEditableFields[m.editField].key - fileName := m.editFileName - m.editing = false - m.editInput.Blur() - fields := map[string]any{} - if fieldKey == "priority" { - p, err := strconv.Atoi(value) - if err != nil { - return m, func() tea.Msg { - return authActionMsg{err: fmt.Errorf("%s: %s", T("invalid_int"), value)} - } - } - fields[fieldKey] = p - } else { - fields[fieldKey] = value - } - return m, func() tea.Msg { - err := m.client.PatchAuthFileFields(fileName, fields) - if err != nil { - return authActionMsg{err: err} - } - return authActionMsg{action: fmt.Sprintf(T("updated_field"), fieldKey, fileName)} - } - case "esc": - m.editing = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.editInput, cmd = m.editInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } -} - -func (m authTabModel) handleConfirmInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "y", "Y": - idx := m.confirm - m.confirm = -1 - if idx < len(m.files) { - name := getString(m.files[idx], "name") - return m, func() tea.Msg { - err := m.client.DeleteAuthFile(name) - if err != nil { - return authActionMsg{err: err} - } - return authActionMsg{action: fmt.Sprintf(T("deleted"), name)} - } - } - m.viewport.SetContent(m.renderContent()) - return m, nil - case "n", "N", "esc": - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, nil - } - return m, nil -} - -func (m authTabModel) handleNormalInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "j", "down": - if len(m.files) > 0 { - m.cursor = (m.cursor + 1) % len(m.files) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "k", "up": - if len(m.files) > 0 { - m.cursor = (m.cursor - 1 + len(m.files)) % len(m.files) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "enter", " ": - if m.expanded == m.cursor { - m.expanded = -1 - } else { - m.expanded = m.cursor - } - m.viewport.SetContent(m.renderContent()) - return m, nil - case "d", "D": - if m.cursor < len(m.files) { - m.confirm = m.cursor - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "e", "E": - if m.cursor < len(m.files) { - f := m.files[m.cursor] - name := getString(f, "name") - disabled := getBool(f, "disabled") - newDisabled := !disabled - return m, func() tea.Msg { - err := m.client.ToggleAuthFile(name, newDisabled) - if err != nil { - return authActionMsg{err: err} - } - action := T("enabled") - if newDisabled { - action = T("disabled") - } - return authActionMsg{action: fmt.Sprintf("%s %s", action, name)} - } - } - return m, nil - case "1": - return m, m.startEdit(0) // prefix - case "2": - return m, m.startEdit(1) // proxy_url - case "3": - return m, m.startEdit(2) // priority - case "r": - m.status = "" - return m, m.fetchFiles - default: - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/browser.go b/.worktrees/config/m/config-build/active/internal/tui/browser.go deleted file mode 100644 index 5532a5a21b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/browser.go +++ /dev/null @@ -1,20 +0,0 @@ -package tui - -import ( - "os/exec" - "runtime" -) - -// openBrowser opens the specified URL in the user's default browser. -func openBrowser(url string) error { - switch runtime.GOOS { - case "darwin": - return exec.Command("open", url).Start() - case "linux": - return exec.Command("xdg-open", url).Start() - case "windows": - return exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start() - default: - return exec.Command("xdg-open", url).Start() - } -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/client.go b/.worktrees/config/m/config-build/active/internal/tui/client.go deleted file mode 100644 index 6f75d6befc..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/client.go +++ /dev/null @@ -1,400 +0,0 @@ -package tui - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strconv" - "strings" - "time" -) - -// Client wraps HTTP calls to the management API. -type Client struct { - baseURL string - secretKey string - http *http.Client -} - -// NewClient creates a new management API client. -func NewClient(port int, secretKey string) *Client { - return &Client{ - baseURL: fmt.Sprintf("http://127.0.0.1:%d", port), - secretKey: strings.TrimSpace(secretKey), - http: &http.Client{ - Timeout: 10 * time.Second, - }, - } -} - -// SetSecretKey updates management API bearer token used by this client. -func (c *Client) SetSecretKey(secretKey string) { - c.secretKey = strings.TrimSpace(secretKey) -} - -func (c *Client) doRequest(method, path string, body io.Reader) ([]byte, int, error) { - url := c.baseURL + path - req, err := http.NewRequest(method, url, body) - if err != nil { - return nil, 0, err - } - if c.secretKey != "" { - req.Header.Set("Authorization", "Bearer "+c.secretKey) - } - if body != nil { - req.Header.Set("Content-Type", "application/json") - } - resp, err := c.http.Do(req) - if err != nil { - return nil, 0, err - } - defer resp.Body.Close() - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil, resp.StatusCode, err - } - return data, resp.StatusCode, nil -} - -func (c *Client) get(path string) ([]byte, error) { - data, code, err := c.doRequest("GET", path, nil) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -func (c *Client) put(path string, body io.Reader) ([]byte, error) { - data, code, err := c.doRequest("PUT", path, body) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -func (c *Client) patch(path string, body io.Reader) ([]byte, error) { - data, code, err := c.doRequest("PATCH", path, body) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -// getJSON fetches a path and unmarshals JSON into a generic map. -func (c *Client) getJSON(path string) (map[string]any, error) { - data, err := c.get(path) - if err != nil { - return nil, err - } - var result map[string]any - if err := json.Unmarshal(data, &result); err != nil { - return nil, err - } - return result, nil -} - -// postJSON sends a JSON body via POST and checks for errors. -func (c *Client) postJSON(path string, body any) error { - jsonBody, err := json.Marshal(body) - if err != nil { - return err - } - _, code, err := c.doRequest("POST", path, strings.NewReader(string(jsonBody))) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("HTTP %d", code) - } - return nil -} - -// GetConfig fetches the parsed config. -func (c *Client) GetConfig() (map[string]any, error) { - return c.getJSON("/v0/management/config") -} - -// GetConfigYAML fetches the raw config.yaml content. -func (c *Client) GetConfigYAML() (string, error) { - data, err := c.get("/v0/management/config.yaml") - if err != nil { - return "", err - } - return string(data), nil -} - -// PutConfigYAML uploads new config.yaml content. -func (c *Client) PutConfigYAML(yamlContent string) error { - _, err := c.put("/v0/management/config.yaml", strings.NewReader(yamlContent)) - return err -} - -// GetUsage fetches usage statistics. -func (c *Client) GetUsage() (map[string]any, error) { - return c.getJSON("/v0/management/usage") -} - -// GetAuthFiles lists auth credential files. -// API returns {"files": [...]}. -func (c *Client) GetAuthFiles() ([]map[string]any, error) { - wrapper, err := c.getJSON("/v0/management/auth-files") - if err != nil { - return nil, err - } - return extractList(wrapper, "files") -} - -// DeleteAuthFile deletes a single auth file by name. -func (c *Client) DeleteAuthFile(name string) error { - query := url.Values{} - query.Set("name", name) - path := "/v0/management/auth-files?" + query.Encode() - _, code, err := c.doRequest("DELETE", path, nil) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("delete failed (HTTP %d)", code) - } - return nil -} - -// ToggleAuthFile enables or disables an auth file. -func (c *Client) ToggleAuthFile(name string, disabled bool) error { - body, _ := json.Marshal(map[string]any{"name": name, "disabled": disabled}) - _, err := c.patch("/v0/management/auth-files/status", strings.NewReader(string(body))) - return err -} - -// PatchAuthFileFields updates editable fields on an auth file. -func (c *Client) PatchAuthFileFields(name string, fields map[string]any) error { - fields["name"] = name - body, _ := json.Marshal(fields) - _, err := c.patch("/v0/management/auth-files/fields", strings.NewReader(string(body))) - return err -} - -// GetLogs fetches log lines from the server. -func (c *Client) GetLogs(after int64, limit int) ([]string, int64, error) { - query := url.Values{} - if limit > 0 { - query.Set("limit", strconv.Itoa(limit)) - } - if after > 0 { - query.Set("after", strconv.FormatInt(after, 10)) - } - - path := "/v0/management/logs" - encodedQuery := query.Encode() - if encodedQuery != "" { - path += "?" + encodedQuery - } - - wrapper, err := c.getJSON(path) - if err != nil { - return nil, after, err - } - - lines := []string{} - if rawLines, ok := wrapper["lines"]; ok && rawLines != nil { - rawJSON, errMarshal := json.Marshal(rawLines) - if errMarshal != nil { - return nil, after, errMarshal - } - if errUnmarshal := json.Unmarshal(rawJSON, &lines); errUnmarshal != nil { - return nil, after, errUnmarshal - } - } - - latest := after - if rawLatest, ok := wrapper["latest-timestamp"]; ok { - switch value := rawLatest.(type) { - case float64: - latest = int64(value) - case json.Number: - if parsed, errParse := value.Int64(); errParse == nil { - latest = parsed - } - case int64: - latest = value - case int: - latest = int64(value) - } - } - if latest < after { - latest = after - } - - return lines, latest, nil -} - -// GetAPIKeys fetches the list of API keys. -// API returns {"api-keys": [...]}. -func (c *Client) GetAPIKeys() ([]string, error) { - wrapper, err := c.getJSON("/v0/management/api-keys") - if err != nil { - return nil, err - } - arr, ok := wrapper["api-keys"] - if !ok { - return nil, nil - } - raw, err := json.Marshal(arr) - if err != nil { - return nil, err - } - var result []string - if err := json.Unmarshal(raw, &result); err != nil { - return nil, err - } - return result, nil -} - -// AddAPIKey adds a new API key by sending old=nil, new=key which appends. -func (c *Client) AddAPIKey(key string) error { - body := map[string]any{"old": nil, "new": key} - jsonBody, _ := json.Marshal(body) - _, err := c.patch("/v0/management/api-keys", strings.NewReader(string(jsonBody))) - return err -} - -// EditAPIKey replaces an API key at the given index. -func (c *Client) EditAPIKey(index int, newValue string) error { - body := map[string]any{"index": index, "value": newValue} - jsonBody, _ := json.Marshal(body) - _, err := c.patch("/v0/management/api-keys", strings.NewReader(string(jsonBody))) - return err -} - -// DeleteAPIKey deletes an API key by index. -func (c *Client) DeleteAPIKey(index int) error { - _, code, err := c.doRequest("DELETE", fmt.Sprintf("/v0/management/api-keys?index=%d", index), nil) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("delete failed (HTTP %d)", code) - } - return nil -} - -// GetGeminiKeys fetches Gemini API keys. -// API returns {"gemini-api-key": [...]}. -func (c *Client) GetGeminiKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/gemini-api-key", "gemini-api-key") -} - -// GetClaudeKeys fetches Claude API keys. -func (c *Client) GetClaudeKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/claude-api-key", "claude-api-key") -} - -// GetCodexKeys fetches Codex API keys. -func (c *Client) GetCodexKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/codex-api-key", "codex-api-key") -} - -// GetVertexKeys fetches Vertex API keys. -func (c *Client) GetVertexKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/vertex-api-key", "vertex-api-key") -} - -// GetOpenAICompat fetches OpenAI compatibility entries. -func (c *Client) GetOpenAICompat() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/openai-compatibility", "openai-compatibility") -} - -// getWrappedKeyList fetches a wrapped list from the API. -func (c *Client) getWrappedKeyList(path, key string) ([]map[string]any, error) { - wrapper, err := c.getJSON(path) - if err != nil { - return nil, err - } - return extractList(wrapper, key) -} - -// extractList pulls an array of maps from a wrapper object by key. -func extractList(wrapper map[string]any, key string) ([]map[string]any, error) { - arr, ok := wrapper[key] - if !ok || arr == nil { - return nil, nil - } - raw, err := json.Marshal(arr) - if err != nil { - return nil, err - } - var result []map[string]any - if err := json.Unmarshal(raw, &result); err != nil { - return nil, err - } - return result, nil -} - -// GetDebug fetches the current debug setting. -func (c *Client) GetDebug() (bool, error) { - wrapper, err := c.getJSON("/v0/management/debug") - if err != nil { - return false, err - } - if v, ok := wrapper["debug"]; ok { - if b, ok := v.(bool); ok { - return b, nil - } - } - return false, nil -} - -// GetAuthStatus polls the OAuth session status. -// Returns status ("wait", "ok", "error") and optional error message. -func (c *Client) GetAuthStatus(state string) (string, string, error) { - query := url.Values{} - query.Set("state", state) - path := "/v0/management/get-auth-status?" + query.Encode() - wrapper, err := c.getJSON(path) - if err != nil { - return "", "", err - } - status := getString(wrapper, "status") - errMsg := getString(wrapper, "error") - return status, errMsg, nil -} - -// ----- Config field update methods ----- - -// PutBoolField updates a boolean config field. -func (c *Client) PutBoolField(path string, value bool) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// PutIntField updates an integer config field. -func (c *Client) PutIntField(path string, value int) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// PutStringField updates a string config field. -func (c *Client) PutStringField(path string, value string) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// DeleteField sends a DELETE request for a config field. -func (c *Client) DeleteField(path string) error { - _, _, err := c.doRequest("DELETE", "/v0/management/"+path, nil) - return err -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/config_tab.go b/.worktrees/config/m/config-build/active/internal/tui/config_tab.go deleted file mode 100644 index ff9ad040e0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/config_tab.go +++ /dev/null @@ -1,413 +0,0 @@ -package tui - -import ( - "fmt" - "strconv" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// configField represents a single editable config field. -type configField struct { - label string - apiPath string // management API path (e.g. "debug", "proxy-url") - kind string // "bool", "int", "string", "readonly" - value string // current display value - rawValue any // raw value from API -} - -// configTabModel displays parsed config with interactive editing. -type configTabModel struct { - client *Client - viewport viewport.Model - fields []configField - cursor int - editing bool - textInput textinput.Model - err error - message string // status message (success/error) - width int - height int - ready bool -} - -type configDataMsg struct { - config map[string]any - err error -} - -type configUpdateMsg struct { - path string - value any - err error -} - -func newConfigTabModel(client *Client) configTabModel { - ti := textinput.New() - ti.CharLimit = 256 - return configTabModel{ - client: client, - textInput: ti, - } -} - -func (m configTabModel) Init() tea.Cmd { - return m.fetchConfig -} - -func (m configTabModel) fetchConfig() tea.Msg { - cfg, err := m.client.GetConfig() - return configDataMsg{config: cfg, err: err} -} - -func (m configTabModel) Update(msg tea.Msg) (configTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case configDataMsg: - if msg.err != nil { - m.err = msg.err - m.fields = nil - } else { - m.err = nil - m.fields = m.parseConfig(msg.config) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case configUpdateMsg: - if msg.err != nil { - m.message = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.message = successStyle.Render(T("updated_ok")) - } - m.viewport.SetContent(m.renderContent()) - // Refresh config from server - return m, m.fetchConfig - - case tea.KeyMsg: - if m.editing { - return m.handleEditingKey(msg) - } - return m.handleNormalKey(msg) - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m configTabModel) handleNormalKey(msg tea.KeyMsg) (configTabModel, tea.Cmd) { - switch msg.String() { - case "r": - m.message = "" - return m, m.fetchConfig - case "up", "k": - if m.cursor > 0 { - m.cursor-- - m.viewport.SetContent(m.renderContent()) - // Ensure cursor is visible - m.ensureCursorVisible() - } - return m, nil - case "down", "j": - if m.cursor < len(m.fields)-1 { - m.cursor++ - m.viewport.SetContent(m.renderContent()) - m.ensureCursorVisible() - } - return m, nil - case "enter", " ": - if m.cursor >= 0 && m.cursor < len(m.fields) { - f := m.fields[m.cursor] - if f.kind == "readonly" { - return m, nil - } - if f.kind == "bool" { - // Toggle directly - return m, m.toggleBool(m.cursor) - } - // Start editing for int/string - m.editing = true - m.textInput.SetValue(configFieldEditValue(f)) - m.textInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - } - return m, nil - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m configTabModel) handleEditingKey(msg tea.KeyMsg) (configTabModel, tea.Cmd) { - switch msg.String() { - case "enter": - m.editing = false - m.textInput.Blur() - return m, m.submitEdit(m.cursor, m.textInput.Value()) - case "esc": - m.editing = false - m.textInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.textInput, cmd = m.textInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } -} - -func (m configTabModel) toggleBool(idx int) tea.Cmd { - return func() tea.Msg { - f := m.fields[idx] - current := f.value == "true" - newValue := !current - errPutBool := m.client.PutBoolField(f.apiPath, newValue) - return configUpdateMsg{ - path: f.apiPath, - value: newValue, - err: errPutBool, - } - } -} - -func (m configTabModel) submitEdit(idx int, newValue string) tea.Cmd { - return func() tea.Msg { - f := m.fields[idx] - var err error - var value any - switch f.kind { - case "int": - valueInt, errAtoi := strconv.Atoi(newValue) - if errAtoi != nil { - return configUpdateMsg{ - path: f.apiPath, - err: fmt.Errorf("%s: %s", T("invalid_int"), newValue), - } - } - value = valueInt - err = m.client.PutIntField(f.apiPath, valueInt) - case "string": - value = newValue - err = m.client.PutStringField(f.apiPath, newValue) - } - return configUpdateMsg{ - path: f.apiPath, - value: value, - err: err, - } - } -} - -func configFieldEditValue(f configField) string { - if rawString, ok := f.rawValue.(string); ok { - return rawString - } - return f.value -} - -func (m *configTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m *configTabModel) ensureCursorVisible() { - // Each field takes ~1 line, header takes ~4 lines - targetLine := m.cursor + 5 - if targetLine < m.viewport.YOffset { - m.viewport.SetYOffset(targetLine) - } - if targetLine >= m.viewport.YOffset+m.viewport.Height { - m.viewport.SetYOffset(targetLine - m.viewport.Height + 1) - } -} - -func (m configTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m configTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("config_title"))) - sb.WriteString("\n") - - if m.message != "" { - sb.WriteString(" " + m.message) - sb.WriteString("\n") - } - - sb.WriteString(helpStyle.Render(T("config_help1"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("config_help2"))) - sb.WriteString("\n\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render(" ⚠ Error: " + m.err.Error())) - return sb.String() - } - - if len(m.fields) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_config"))) - return sb.String() - } - - currentSection := "" - for i, f := range m.fields { - // Section headers - section := fieldSection(f.apiPath) - if section != currentSection { - currentSection = section - sb.WriteString("\n") - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(" ── " + section + " ")) - sb.WriteString("\n") - } - - isSelected := i == m.cursor - prefix := " " - if isSelected { - prefix = "▸ " - } - - labelStr := lipgloss.NewStyle(). - Foreground(colorInfo). - Bold(isSelected). - Width(32). - Render(f.label) - - var valueStr string - if m.editing && isSelected { - valueStr = m.textInput.View() - } else { - switch f.kind { - case "bool": - if f.value == "true" { - valueStr = successStyle.Render("● ON") - } else { - valueStr = lipgloss.NewStyle().Foreground(colorMuted).Render("○ OFF") - } - case "readonly": - valueStr = lipgloss.NewStyle().Foreground(colorSubtext).Render(f.value) - default: - valueStr = valueStyle.Render(f.value) - } - } - - line := prefix + labelStr + " " + valueStr - if isSelected && !m.editing { - line = lipgloss.NewStyle().Background(colorSurface).Render(line) - } - sb.WriteString(line + "\n") - } - - return sb.String() -} - -func (m configTabModel) parseConfig(cfg map[string]any) []configField { - var fields []configField - - // Server settings - fields = append(fields, configField{"Port", "port", "readonly", fmt.Sprintf("%.0f", getFloat(cfg, "port")), nil}) - fields = append(fields, configField{"Host", "host", "readonly", getString(cfg, "host"), nil}) - fields = append(fields, configField{"Debug", "debug", "bool", fmt.Sprintf("%v", getBool(cfg, "debug")), nil}) - fields = append(fields, configField{"Proxy URL", "proxy-url", "string", getString(cfg, "proxy-url"), nil}) - fields = append(fields, configField{"Request Retry", "request-retry", "int", fmt.Sprintf("%.0f", getFloat(cfg, "request-retry")), nil}) - fields = append(fields, configField{"Max Retry Interval (s)", "max-retry-interval", "int", fmt.Sprintf("%.0f", getFloat(cfg, "max-retry-interval")), nil}) - fields = append(fields, configField{"Force Model Prefix", "force-model-prefix", "string", getString(cfg, "force-model-prefix"), nil}) - - // Logging - fields = append(fields, configField{"Logging to File", "logging-to-file", "bool", fmt.Sprintf("%v", getBool(cfg, "logging-to-file")), nil}) - fields = append(fields, configField{"Logs Max Total Size (MB)", "logs-max-total-size-mb", "int", fmt.Sprintf("%.0f", getFloat(cfg, "logs-max-total-size-mb")), nil}) - fields = append(fields, configField{"Error Logs Max Files", "error-logs-max-files", "int", fmt.Sprintf("%.0f", getFloat(cfg, "error-logs-max-files")), nil}) - fields = append(fields, configField{"Usage Stats Enabled", "usage-statistics-enabled", "bool", fmt.Sprintf("%v", getBool(cfg, "usage-statistics-enabled")), nil}) - fields = append(fields, configField{"Request Log", "request-log", "bool", fmt.Sprintf("%v", getBool(cfg, "request-log")), nil}) - - // Quota exceeded - fields = append(fields, configField{"Switch Project on Quota", "quota-exceeded/switch-project", "bool", fmt.Sprintf("%v", getBoolNested(cfg, "quota-exceeded", "switch-project")), nil}) - fields = append(fields, configField{"Switch Preview Model", "quota-exceeded/switch-preview-model", "bool", fmt.Sprintf("%v", getBoolNested(cfg, "quota-exceeded", "switch-preview-model")), nil}) - - // Routing - if routing, ok := cfg["routing"].(map[string]any); ok { - fields = append(fields, configField{"Routing Strategy", "routing/strategy", "string", getString(routing, "strategy"), nil}) - } else { - fields = append(fields, configField{"Routing Strategy", "routing/strategy", "string", "", nil}) - } - - // WebSocket auth - fields = append(fields, configField{"WebSocket Auth", "ws-auth", "bool", fmt.Sprintf("%v", getBool(cfg, "ws-auth")), nil}) - - // AMP settings - if amp, ok := cfg["ampcode"].(map[string]any); ok { - upstreamURL := getString(amp, "upstream-url") - upstreamAPIKey := getString(amp, "upstream-api-key") - fields = append(fields, configField{"AMP Upstream URL", "ampcode/upstream-url", "string", upstreamURL, upstreamURL}) - fields = append(fields, configField{"AMP Upstream API Key", "ampcode/upstream-api-key", "string", maskIfNotEmpty(upstreamAPIKey), upstreamAPIKey}) - fields = append(fields, configField{"AMP Restrict Mgmt Localhost", "ampcode/restrict-management-to-localhost", "bool", fmt.Sprintf("%v", getBool(amp, "restrict-management-to-localhost")), nil}) - } - - return fields -} - -func fieldSection(apiPath string) string { - if strings.HasPrefix(apiPath, "ampcode/") { - return T("section_ampcode") - } - if strings.HasPrefix(apiPath, "quota-exceeded/") { - return T("section_quota") - } - if strings.HasPrefix(apiPath, "routing/") { - return T("section_routing") - } - switch apiPath { - case "port", "host", "debug", "proxy-url", "request-retry", "max-retry-interval", "force-model-prefix": - return T("section_server") - case "logging-to-file", "logs-max-total-size-mb", "error-logs-max-files", "usage-statistics-enabled", "request-log": - return T("section_logging") - case "ws-auth": - return T("section_websocket") - default: - return T("section_other") - } -} - -func getBoolNested(m map[string]any, keys ...string) bool { - current := m - for i, key := range keys { - if i == len(keys)-1 { - return getBool(current, key) - } - if nested, ok := current[key].(map[string]any); ok { - current = nested - } else { - return false - } - } - return false -} - -func maskIfNotEmpty(s string) string { - if s == "" { - return T("not_set") - } - return maskKey(s) -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/dashboard.go b/.worktrees/config/m/config-build/active/internal/tui/dashboard.go deleted file mode 100644 index 8561fe9c5b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/dashboard.go +++ /dev/null @@ -1,360 +0,0 @@ -package tui - -import ( - "encoding/json" - "fmt" - "strings" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// dashboardModel displays server info, stats cards, and config overview. -type dashboardModel struct { - client *Client - viewport viewport.Model - content string - err error - width int - height int - ready bool - - // Cached data for re-rendering on locale change - lastConfig map[string]any - lastUsage map[string]any - lastAuthFiles []map[string]any - lastAPIKeys []string -} - -type dashboardDataMsg struct { - config map[string]any - usage map[string]any - authFiles []map[string]any - apiKeys []string - err error -} - -func newDashboardModel(client *Client) dashboardModel { - return dashboardModel{ - client: client, - } -} - -func (m dashboardModel) Init() tea.Cmd { - return m.fetchData -} - -func (m dashboardModel) fetchData() tea.Msg { - cfg, cfgErr := m.client.GetConfig() - usage, usageErr := m.client.GetUsage() - authFiles, authErr := m.client.GetAuthFiles() - apiKeys, keysErr := m.client.GetAPIKeys() - - var err error - for _, e := range []error{cfgErr, usageErr, authErr, keysErr} { - if e != nil { - err = e - break - } - } - return dashboardDataMsg{config: cfg, usage: usage, authFiles: authFiles, apiKeys: apiKeys, err: err} -} - -func (m dashboardModel) Update(msg tea.Msg) (dashboardModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - // Re-render immediately with cached data using new locale - m.content = m.renderDashboard(m.lastConfig, m.lastUsage, m.lastAuthFiles, m.lastAPIKeys) - m.viewport.SetContent(m.content) - // Also fetch fresh data in background - return m, m.fetchData - - case dashboardDataMsg: - if msg.err != nil { - m.err = msg.err - m.content = errorStyle.Render("⚠ Error: " + msg.err.Error()) - } else { - m.err = nil - // Cache data for locale switching - m.lastConfig = msg.config - m.lastUsage = msg.usage - m.lastAuthFiles = msg.authFiles - m.lastAPIKeys = msg.apiKeys - - m.content = m.renderDashboard(msg.config, msg.usage, msg.authFiles, msg.apiKeys) - } - m.viewport.SetContent(m.content) - return m, nil - - case tea.KeyMsg: - if msg.String() == "r" { - return m, m.fetchData - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *dashboardModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.content) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m dashboardModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m dashboardModel) renderDashboard(cfg, usage map[string]any, authFiles []map[string]any, apiKeys []string) string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("dashboard_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("dashboard_help"))) - sb.WriteString("\n\n") - - // ━━━ Connection Status ━━━ - connStyle := lipgloss.NewStyle().Bold(true).Foreground(colorSuccess) - sb.WriteString(connStyle.Render(T("connected"))) - sb.WriteString(fmt.Sprintf(" %s", m.client.baseURL)) - sb.WriteString("\n\n") - - // ━━━ Stats Cards ━━━ - cardWidth := 25 - if m.width > 0 { - cardWidth = (m.width - 6) / 4 - if cardWidth < 18 { - cardWidth = 18 - } - } - - cardStyle := lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(lipgloss.Color("240")). - Padding(0, 1). - Width(cardWidth). - Height(2) - - // Card 1: API Keys - keyCount := len(apiKeys) - card1 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("111")).Render(fmt.Sprintf("🔑 %d", keyCount)), - lipgloss.NewStyle().Foreground(colorMuted).Render(T("mgmt_keys")), - )) - - // Card 2: Auth Files - authCount := len(authFiles) - activeAuth := 0 - for _, f := range authFiles { - if !getBool(f, "disabled") { - activeAuth++ - } - } - card2 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("76")).Render(fmt.Sprintf("📄 %d", authCount)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s (%d %s)", T("auth_files_label"), activeAuth, T("active_suffix"))), - )) - - // Card 3: Total Requests - totalReqs := int64(0) - successReqs := int64(0) - failedReqs := int64(0) - totalTokens := int64(0) - if usage != nil { - if usageMap, ok := usage["usage"].(map[string]any); ok { - totalReqs = int64(getFloat(usageMap, "total_requests")) - successReqs = int64(getFloat(usageMap, "success_count")) - failedReqs = int64(getFloat(usageMap, "failure_count")) - totalTokens = int64(getFloat(usageMap, "total_tokens")) - } - } - card3 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("214")).Render(fmt.Sprintf("📈 %d", totalReqs)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s (✓%d ✗%d)", T("total_requests"), successReqs, failedReqs)), - )) - - // Card 4: Total Tokens - tokenStr := formatLargeNumber(totalTokens) - card4 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("170")).Render(fmt.Sprintf("🔤 %s", tokenStr)), - lipgloss.NewStyle().Foreground(colorMuted).Render(T("total_tokens")), - )) - - sb.WriteString(lipgloss.JoinHorizontal(lipgloss.Top, card1, " ", card2, " ", card3, " ", card4)) - sb.WriteString("\n\n") - - // ━━━ Current Config ━━━ - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("current_config"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - - if cfg != nil { - debug := getBool(cfg, "debug") - retry := getFloat(cfg, "request-retry") - proxyURL := getString(cfg, "proxy-url") - loggingToFile := getBool(cfg, "logging-to-file") - usageEnabled := true - if v, ok := cfg["usage-statistics-enabled"]; ok { - if b, ok2 := v.(bool); ok2 { - usageEnabled = b - } - } - - configItems := []struct { - label string - value string - }{ - {T("debug_mode"), boolEmoji(debug)}, - {T("usage_stats"), boolEmoji(usageEnabled)}, - {T("log_to_file"), boolEmoji(loggingToFile)}, - {T("retry_count"), fmt.Sprintf("%.0f", retry)}, - } - if proxyURL != "" { - configItems = append(configItems, struct { - label string - value string - }{T("proxy_url"), proxyURL}) - } - - // Render config items as a compact row - for _, item := range configItems { - sb.WriteString(fmt.Sprintf(" %s %s\n", - labelStyle.Render(item.label+":"), - valueStyle.Render(item.value))) - } - - // Routing strategy - strategy := "round-robin" - if routing, ok := cfg["routing"].(map[string]any); ok { - if s := getString(routing, "strategy"); s != "" { - strategy = s - } - } - sb.WriteString(fmt.Sprintf(" %s %s\n", - labelStyle.Render(T("routing_strategy")+":"), - valueStyle.Render(strategy))) - } - - sb.WriteString("\n") - - // ━━━ Per-Model Usage ━━━ - if usage != nil { - if usageMap, ok := usage["usage"].(map[string]any); ok { - if apis, ok := usageMap["apis"].(map[string]any); ok && len(apis) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("model_stats"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - - header := fmt.Sprintf(" %-40s %10s %12s", T("model"), T("requests"), T("tokens")) - sb.WriteString(tableHeaderStyle.Render(header)) - sb.WriteString("\n") - - for _, apiSnap := range apis { - if apiMap, ok := apiSnap.(map[string]any); ok { - if models, ok := apiMap["models"].(map[string]any); ok { - for model, v := range models { - if stats, ok := v.(map[string]any); ok { - reqs := int64(getFloat(stats, "total_requests")) - toks := int64(getFloat(stats, "total_tokens")) - row := fmt.Sprintf(" %-40s %10d %12s", truncate(model, 40), reqs, formatLargeNumber(toks)) - sb.WriteString(tableCellStyle.Render(row)) - sb.WriteString("\n") - } - } - } - } - } - } - } - } - - return sb.String() -} - -func formatKV(key, value string) string { - return fmt.Sprintf(" %s %s\n", labelStyle.Render(key+":"), valueStyle.Render(value)) -} - -func getString(m map[string]any, key string) string { - if v, ok := m[key]; ok { - if s, ok := v.(string); ok { - return s - } - } - return "" -} - -func getFloat(m map[string]any, key string) float64 { - if v, ok := m[key]; ok { - switch n := v.(type) { - case float64: - return n - case json.Number: - f, _ := n.Float64() - return f - } - } - return 0 -} - -func getBool(m map[string]any, key string) bool { - if v, ok := m[key]; ok { - if b, ok := v.(bool); ok { - return b - } - } - return false -} - -func boolEmoji(b bool) string { - if b { - return T("bool_yes") - } - return T("bool_no") -} - -func formatLargeNumber(n int64) string { - if n >= 1_000_000 { - return fmt.Sprintf("%.1fM", float64(n)/1_000_000) - } - if n >= 1_000 { - return fmt.Sprintf("%.1fK", float64(n)/1_000) - } - return fmt.Sprintf("%d", n) -} - -func truncate(s string, maxLen int) string { - if len(s) > maxLen { - return s[:maxLen-3] + "..." - } - return s -} - -func minInt(a, b int) int { - if a < b { - return a - } - return b -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/i18n.go b/.worktrees/config/m/config-build/active/internal/tui/i18n.go deleted file mode 100644 index 2964a6c692..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/i18n.go +++ /dev/null @@ -1,364 +0,0 @@ -package tui - -// i18n provides a simple internationalization system for the TUI. -// Supported locales: "zh" (Chinese, default), "en" (English). - -var currentLocale = "en" - -// SetLocale changes the active locale. -func SetLocale(locale string) { - if _, ok := locales[locale]; ok { - currentLocale = locale - } -} - -// CurrentLocale returns the active locale code. -func CurrentLocale() string { - return currentLocale -} - -// ToggleLocale switches between zh and en. -func ToggleLocale() { - if currentLocale == "zh" { - currentLocale = "en" - } else { - currentLocale = "zh" - } -} - -// T returns the translated string for the given key. -func T(key string) string { - if m, ok := locales[currentLocale]; ok { - if v, ok := m[key]; ok { - return v - } - } - // Fallback to English - if m, ok := locales["en"]; ok { - if v, ok := m[key]; ok { - return v - } - } - return key -} - -var locales = map[string]map[string]string{ - "zh": zhStrings, - "en": enStrings, -} - -// ────────────────────────────────────────── -// Tab names -// ────────────────────────────────────────── -var zhTabNames = []string{"仪表盘", "配置", "认证文件", "API 密钥", "OAuth", "使用统计", "日志"} -var enTabNames = []string{"Dashboard", "Config", "Auth Files", "API Keys", "OAuth", "Usage", "Logs"} - -// TabNames returns tab names in the current locale. -func TabNames() []string { - if currentLocale == "zh" { - return zhTabNames - } - return enTabNames -} - -var zhStrings = map[string]string{ - // ── Common ── - "loading": "加载中...", - "refresh": "刷新", - "save": "保存", - "cancel": "取消", - "confirm": "确认", - "yes": "是", - "no": "否", - "error": "错误", - "success": "成功", - "navigate": "导航", - "scroll": "滚动", - "enter_save": "Enter: 保存", - "esc_cancel": "Esc: 取消", - "enter_submit": "Enter: 提交", - "press_r": "[r] 刷新", - "press_scroll": "[↑↓] 滚动", - "not_set": "(未设置)", - "error_prefix": "⚠ 错误: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI 管理终端", - "status_right": "Tab/Shift+Tab: 切换 • L: 语言 • q/Ctrl+C: 退出 ", - "initializing_tui": "正在初始化...", - "auth_gate_title": "🔐 连接管理 API", - "auth_gate_help": " 请输入管理密码并按 Enter 连接", - "auth_gate_password": "密码", - "auth_gate_enter": " Enter: 连接 • q/Ctrl+C: 退出 • L: 语言", - "auth_gate_connecting": "正在连接...", - "auth_gate_connect_fail": "连接失败:%s", - "auth_gate_password_required": "请输入密码", - - // ── Dashboard ── - "dashboard_title": "📊 仪表盘", - "dashboard_help": " [r] 刷新 • [↑↓] 滚动", - "connected": "● 已连接", - "mgmt_keys": "管理密钥", - "auth_files_label": "认证文件", - "active_suffix": "活跃", - "total_requests": "请求", - "success_label": "成功", - "failure_label": "失败", - "total_tokens": "总 Tokens", - "current_config": "当前配置", - "debug_mode": "启用调试模式", - "usage_stats": "启用使用统计", - "log_to_file": "启用日志记录到文件", - "retry_count": "重试次数", - "proxy_url": "代理 URL", - "routing_strategy": "路由策略", - "model_stats": "模型统计", - "model": "模型", - "requests": "请求数", - "tokens": "Tokens", - "bool_yes": "是 ✓", - "bool_no": "否", - - // ── Config ── - "config_title": "⚙ 配置", - "config_help1": " [↑↓/jk] 导航 • [Enter/Space] 编辑 • [r] 刷新", - "config_help2": " 布尔: Enter 切换 • 文本/数字: Enter 输入, Enter 确认, Esc 取消", - "updated_ok": "✓ 更新成功", - "no_config": " 未加载配置", - "invalid_int": "无效整数", - "section_server": "服务器", - "section_logging": "日志与统计", - "section_quota": "配额超限处理", - "section_routing": "路由", - "section_websocket": "WebSocket", - "section_ampcode": "AMP Code", - "section_other": "其他", - - // ── Auth Files ── - "auth_title": "🔑 认证文件", - "auth_help1": " [↑↓/jk] 导航 • [Enter] 展开 • [e] 启用/停用 • [d] 删除 • [r] 刷新", - "auth_help2": " [1] 编辑 prefix • [2] 编辑 proxy_url • [3] 编辑 priority", - "no_auth_files": " 无认证文件", - "confirm_delete": "⚠ 删除 %s? [y/n]", - "deleted": "已删除 %s", - "enabled": "已启用", - "disabled": "已停用", - "updated_field": "已更新 %s 的 %s", - "status_active": "活跃", - "status_disabled": "已停用", - - // ── API Keys ── - "keys_title": "🔐 API 密钥", - "keys_help": " [↑↓/jk] 导航 • [a] 添加 • [e] 编辑 • [d] 删除 • [c] 复制 • [r] 刷新", - "no_keys": " 无 API Key,按 [a] 添加", - "access_keys": "Access API Keys", - "confirm_delete_key": "⚠ 确认删除 %s? [y/n]", - "key_added": "已添加 API Key", - "key_updated": "已更新 API Key", - "key_deleted": "已删除 API Key", - "copied": "✓ 已复制到剪贴板", - "copy_failed": "✗ 复制失败", - "new_key_prompt": " New Key: ", - "edit_key_prompt": " Edit Key: ", - "enter_add": " Enter: 添加 • Esc: 取消", - "enter_save_esc": " Enter: 保存 • Esc: 取消", - - // ── OAuth ── - "oauth_title": "🔐 OAuth 登录", - "oauth_select": " 选择提供商并按 [Enter] 开始 OAuth 登录:", - "oauth_help": " [↑↓/jk] 导航 • [Enter] 登录 • [Esc] 清除状态", - "oauth_initiating": "⏳ 正在初始化 %s 登录...", - "oauth_success": "认证成功! 请刷新 Auth Files 标签查看新凭证。", - "oauth_completed": "认证流程已完成。", - "oauth_failed": "认证失败", - "oauth_timeout": "OAuth 流程超时 (5 分钟)", - "oauth_press_esc": " 按 [Esc] 取消", - "oauth_auth_url": " 授权链接:", - "oauth_remote_hint": " 远程浏览器模式:在浏览器中打开上述链接完成授权后,将回调 URL 粘贴到下方。", - "oauth_callback_url": " 回调 URL:", - "oauth_press_c": " 按 [c] 输入回调 URL • [Esc] 返回", - "oauth_submitting": "⏳ 提交回调中...", - "oauth_submit_ok": "✓ 回调已提交,等待处理...", - "oauth_submit_fail": "✗ 提交回调失败", - "oauth_waiting": " 等待认证中...", - - // ── Usage ── - "usage_title": "📈 使用统计", - "usage_help": " [r] 刷新 • [↑↓] 滚动", - "usage_no_data": " 使用数据不可用", - "usage_total_reqs": "总请求数", - "usage_total_tokens": "总 Token 数", - "usage_success": "成功", - "usage_failure": "失败", - "usage_total_token_l": "总Token", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "请求趋势 (按小时)", - "usage_tok_by_hour": "Token 使用趋势 (按小时)", - "usage_req_by_day": "请求趋势 (按天)", - "usage_api_detail": "API 详细统计", - "usage_input": "输入", - "usage_output": "输出", - "usage_cached": "缓存", - "usage_reasoning": "思考", - - // ── Logs ── - "logs_title": "📋 日志", - "logs_auto_scroll": "● 自动滚动", - "logs_paused": "○ 已暂停", - "logs_filter": "过滤", - "logs_lines": "行数", - "logs_help": " [a] 自动滚动 • [c] 清除 • [1] 全部 [2] info+ [3] warn+ [4] error • [↑↓] 滚动", - "logs_waiting": " 等待日志输出...", -} - -var enStrings = map[string]string{ - // ── Common ── - "loading": "Loading...", - "refresh": "Refresh", - "save": "Save", - "cancel": "Cancel", - "confirm": "Confirm", - "yes": "Yes", - "no": "No", - "error": "Error", - "success": "Success", - "navigate": "Navigate", - "scroll": "Scroll", - "enter_save": "Enter: Save", - "esc_cancel": "Esc: Cancel", - "enter_submit": "Enter: Submit", - "press_r": "[r] Refresh", - "press_scroll": "[↑↓] Scroll", - "not_set": "(not set)", - "error_prefix": "⚠ Error: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI Management TUI", - "status_right": "Tab/Shift+Tab: switch • L: lang • q/Ctrl+C: quit ", - "initializing_tui": "Initializing...", - "auth_gate_title": "🔐 Connect Management API", - "auth_gate_help": " Enter management password and press Enter to connect", - "auth_gate_password": "Password", - "auth_gate_enter": " Enter: connect • q/Ctrl+C: quit • L: lang", - "auth_gate_connecting": "Connecting...", - "auth_gate_connect_fail": "Connection failed: %s", - "auth_gate_password_required": "password is required", - - // ── Dashboard ── - "dashboard_title": "📊 Dashboard", - "dashboard_help": " [r] Refresh • [↑↓] Scroll", - "connected": "● Connected", - "mgmt_keys": "Mgmt Keys", - "auth_files_label": "Auth Files", - "active_suffix": "active", - "total_requests": "Requests", - "success_label": "Success", - "failure_label": "Failed", - "total_tokens": "Total Tokens", - "current_config": "Current Config", - "debug_mode": "Debug Mode", - "usage_stats": "Usage Statistics", - "log_to_file": "Log to File", - "retry_count": "Retry Count", - "proxy_url": "Proxy URL", - "routing_strategy": "Routing Strategy", - "model_stats": "Model Stats", - "model": "Model", - "requests": "Requests", - "tokens": "Tokens", - "bool_yes": "Yes ✓", - "bool_no": "No", - - // ── Config ── - "config_title": "⚙ Configuration", - "config_help1": " [↑↓/jk] Navigate • [Enter/Space] Edit • [r] Refresh", - "config_help2": " Bool: Enter to toggle • String/Int: Enter to type, Enter to confirm, Esc to cancel", - "updated_ok": "✓ Updated successfully", - "no_config": " No configuration loaded", - "invalid_int": "invalid integer", - "section_server": "Server", - "section_logging": "Logging & Stats", - "section_quota": "Quota Exceeded Handling", - "section_routing": "Routing", - "section_websocket": "WebSocket", - "section_ampcode": "AMP Code", - "section_other": "Other", - - // ── Auth Files ── - "auth_title": "🔑 Auth Files", - "auth_help1": " [↑↓/jk] Navigate • [Enter] Expand • [e] Enable/Disable • [d] Delete • [r] Refresh", - "auth_help2": " [1] Edit prefix • [2] Edit proxy_url • [3] Edit priority", - "no_auth_files": " No auth files found", - "confirm_delete": "⚠ Delete %s? [y/n]", - "deleted": "Deleted %s", - "enabled": "Enabled", - "disabled": "Disabled", - "updated_field": "Updated %s on %s", - "status_active": "active", - "status_disabled": "disabled", - - // ── API Keys ── - "keys_title": "🔐 API Keys", - "keys_help": " [↑↓/jk] Navigate • [a] Add • [e] Edit • [d] Delete • [c] Copy • [r] Refresh", - "no_keys": " No API Keys. Press [a] to add", - "access_keys": "Access API Keys", - "confirm_delete_key": "⚠ Delete %s? [y/n]", - "key_added": "API Key added", - "key_updated": "API Key updated", - "key_deleted": "API Key deleted", - "copied": "✓ Copied to clipboard", - "copy_failed": "✗ Copy failed", - "new_key_prompt": " New Key: ", - "edit_key_prompt": " Edit Key: ", - "enter_add": " Enter: Add • Esc: Cancel", - "enter_save_esc": " Enter: Save • Esc: Cancel", - - // ── OAuth ── - "oauth_title": "🔐 OAuth Login", - "oauth_select": " Select a provider and press [Enter] to start OAuth login:", - "oauth_help": " [↑↓/jk] Navigate • [Enter] Login • [Esc] Clear status", - "oauth_initiating": "⏳ Initiating %s login...", - "oauth_success": "Authentication successful! Refresh Auth Files tab to see the new credential.", - "oauth_completed": "Authentication flow completed.", - "oauth_failed": "Authentication failed", - "oauth_timeout": "OAuth flow timed out (5 minutes)", - "oauth_press_esc": " Press [Esc] to cancel", - "oauth_auth_url": " Authorization URL:", - "oauth_remote_hint": " Remote browser mode: Open the URL above in browser, paste the callback URL below after authorization.", - "oauth_callback_url": " Callback URL:", - "oauth_press_c": " Press [c] to enter callback URL • [Esc] to go back", - "oauth_submitting": "⏳ Submitting callback...", - "oauth_submit_ok": "✓ Callback submitted, waiting...", - "oauth_submit_fail": "✗ Callback submission failed", - "oauth_waiting": " Waiting for authentication...", - - // ── Usage ── - "usage_title": "📈 Usage Statistics", - "usage_help": " [r] Refresh • [↑↓] Scroll", - "usage_no_data": " Usage data not available", - "usage_total_reqs": "Total Requests", - "usage_total_tokens": "Total Tokens", - "usage_success": "Success", - "usage_failure": "Failed", - "usage_total_token_l": "Total Tokens", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "Requests by Hour", - "usage_tok_by_hour": "Token Usage by Hour", - "usage_req_by_day": "Requests by Day", - "usage_api_detail": "API Detail Statistics", - "usage_input": "Input", - "usage_output": "Output", - "usage_cached": "Cached", - "usage_reasoning": "Reasoning", - - // ── Logs ── - "logs_title": "📋 Logs", - "logs_auto_scroll": "● AUTO-SCROLL", - "logs_paused": "○ PAUSED", - "logs_filter": "Filter", - "logs_lines": "Lines", - "logs_help": " [a] Auto-scroll • [c] Clear • [1] All [2] info+ [3] warn+ [4] error • [↑↓] Scroll", - "logs_waiting": " Waiting for log output...", -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/keys_tab.go b/.worktrees/config/m/config-build/active/internal/tui/keys_tab.go deleted file mode 100644 index 770f7f1e57..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/keys_tab.go +++ /dev/null @@ -1,405 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - - "github.com/atotto/clipboard" - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// keysTabModel displays and manages API keys. -type keysTabModel struct { - client *Client - viewport viewport.Model - keys []string - gemini []map[string]any - claude []map[string]any - codex []map[string]any - vertex []map[string]any - openai []map[string]any - err error - width int - height int - ready bool - cursor int - confirm int // -1 = no deletion pending - status string - - // Editing / Adding - editing bool - adding bool - editIdx int - editInput textinput.Model -} - -type keysDataMsg struct { - apiKeys []string - gemini []map[string]any - claude []map[string]any - codex []map[string]any - vertex []map[string]any - openai []map[string]any - err error -} - -type keyActionMsg struct { - action string - err error -} - -func newKeysTabModel(client *Client) keysTabModel { - ti := textinput.New() - ti.CharLimit = 512 - ti.Prompt = " Key: " - return keysTabModel{ - client: client, - confirm: -1, - editInput: ti, - } -} - -func (m keysTabModel) Init() tea.Cmd { - return m.fetchKeys -} - -func (m keysTabModel) fetchKeys() tea.Msg { - result := keysDataMsg{} - apiKeys, err := m.client.GetAPIKeys() - if err != nil { - result.err = err - return result - } - result.apiKeys = apiKeys - result.gemini, _ = m.client.GetGeminiKeys() - result.claude, _ = m.client.GetClaudeKeys() - result.codex, _ = m.client.GetCodexKeys() - result.vertex, _ = m.client.GetVertexKeys() - result.openai, _ = m.client.GetOpenAICompat() - return result -} - -func (m keysTabModel) Update(msg tea.Msg) (keysTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case keysDataMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.keys = msg.apiKeys - m.gemini = msg.gemini - m.claude = msg.claude - m.codex = msg.codex - m.vertex = msg.vertex - m.openai = msg.openai - if m.cursor >= len(m.keys) { - m.cursor = max(0, len(m.keys)-1) - } - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case keyActionMsg: - if msg.err != nil { - m.status = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.status = successStyle.Render("✓ " + msg.action) - } - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, m.fetchKeys - - case tea.KeyMsg: - // ---- Editing / Adding mode ---- - if m.editing || m.adding { - switch msg.String() { - case "enter": - value := strings.TrimSpace(m.editInput.Value()) - if value == "" { - m.editing = false - m.adding = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - } - isAdding := m.adding - editIdx := m.editIdx - m.editing = false - m.adding = false - m.editInput.Blur() - if isAdding { - return m, func() tea.Msg { - err := m.client.AddAPIKey(value) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_added")} - } - } - return m, func() tea.Msg { - err := m.client.EditAPIKey(editIdx, value) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_updated")} - } - case "esc": - m.editing = false - m.adding = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.editInput, cmd = m.editInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } - } - - // ---- Delete confirmation ---- - if m.confirm >= 0 { - switch msg.String() { - case "y", "Y": - idx := m.confirm - m.confirm = -1 - return m, func() tea.Msg { - err := m.client.DeleteAPIKey(idx) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_deleted")} - } - case "n", "N", "esc": - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, nil - } - return m, nil - } - - // ---- Normal mode ---- - switch msg.String() { - case "j", "down": - if len(m.keys) > 0 { - m.cursor = (m.cursor + 1) % len(m.keys) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "k", "up": - if len(m.keys) > 0 { - m.cursor = (m.cursor - 1 + len(m.keys)) % len(m.keys) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "a": - // Add new key - m.adding = true - m.editing = false - m.editInput.SetValue("") - m.editInput.Prompt = T("new_key_prompt") - m.editInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - case "e": - // Edit selected key - if m.cursor < len(m.keys) { - m.editing = true - m.adding = false - m.editIdx = m.cursor - m.editInput.SetValue(m.keys[m.cursor]) - m.editInput.Prompt = T("edit_key_prompt") - m.editInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - } - return m, nil - case "d": - // Delete selected key - if m.cursor < len(m.keys) { - m.confirm = m.cursor - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "c": - // Copy selected key to clipboard - if m.cursor < len(m.keys) { - key := m.keys[m.cursor] - if err := clipboard.WriteAll(key); err != nil { - m.status = errorStyle.Render(T("copy_failed") + ": " + err.Error()) - } else { - m.status = successStyle.Render(T("copied")) - } - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "r": - m.status = "" - return m, m.fetchKeys - default: - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *keysTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.editInput.Width = w - 16 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m keysTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m keysTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("keys_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("keys_help"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render(T("error_prefix") + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - // ━━━ Access API Keys (interactive) ━━━ - sb.WriteString(tableHeaderStyle.Render(fmt.Sprintf(" %s (%d)", T("access_keys"), len(m.keys)))) - sb.WriteString("\n") - - if len(m.keys) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_keys"))) - sb.WriteString("\n") - } - - for i, key := range m.keys { - cursor := " " - rowStyle := lipgloss.NewStyle() - if i == m.cursor { - cursor = "▸ " - rowStyle = lipgloss.NewStyle().Bold(true) - } - - row := fmt.Sprintf("%s%d. %s", cursor, i+1, maskKey(key)) - sb.WriteString(rowStyle.Render(row)) - sb.WriteString("\n") - - // Delete confirmation - if m.confirm == i { - sb.WriteString(warningStyle.Render(fmt.Sprintf(" "+T("confirm_delete_key"), maskKey(key)))) - sb.WriteString("\n") - } - - // Edit input - if m.editing && m.editIdx == i { - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("enter_save_esc"))) - sb.WriteString("\n") - } - } - - // Add input - if m.adding { - sb.WriteString("\n") - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("enter_add"))) - sb.WriteString("\n") - } - - sb.WriteString("\n") - - // ━━━ Provider Keys (read-only display) ━━━ - renderProviderKeys(&sb, "Gemini API Keys", m.gemini) - renderProviderKeys(&sb, "Claude API Keys", m.claude) - renderProviderKeys(&sb, "Codex API Keys", m.codex) - renderProviderKeys(&sb, "Vertex API Keys", m.vertex) - - if len(m.openai) > 0 { - renderSection(&sb, "OpenAI Compatibility", len(m.openai)) - for i, entry := range m.openai { - name := getString(entry, "name") - baseURL := getString(entry, "base-url") - prefix := getString(entry, "prefix") - info := name - if prefix != "" { - info += " (prefix: " + prefix + ")" - } - if baseURL != "" { - info += " → " + baseURL - } - sb.WriteString(fmt.Sprintf(" %d. %s\n", i+1, info)) - } - sb.WriteString("\n") - } - - if m.status != "" { - sb.WriteString(m.status) - sb.WriteString("\n") - } - - return sb.String() -} - -func renderSection(sb *strings.Builder, title string, count int) { - header := fmt.Sprintf("%s (%d)", title, count) - sb.WriteString(tableHeaderStyle.Render(" " + header)) - sb.WriteString("\n") -} - -func renderProviderKeys(sb *strings.Builder, title string, keys []map[string]any) { - if len(keys) == 0 { - return - } - renderSection(sb, title, len(keys)) - for i, key := range keys { - apiKey := getString(key, "api-key") - prefix := getString(key, "prefix") - baseURL := getString(key, "base-url") - info := maskKey(apiKey) - if prefix != "" { - info += " (prefix: " + prefix + ")" - } - if baseURL != "" { - info += " → " + baseURL - } - sb.WriteString(fmt.Sprintf(" %d. %s\n", i+1, info)) - } - sb.WriteString("\n") -} - -func maskKey(key string) string { - if len(key) <= 8 { - return strings.Repeat("*", len(key)) - } - return key[:4] + strings.Repeat("*", len(key)-8) + key[len(key)-4:] -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/loghook.go b/.worktrees/config/m/config-build/active/internal/tui/loghook.go deleted file mode 100644 index 157e7fd83e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/loghook.go +++ /dev/null @@ -1,78 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "sync" - - log "github.com/sirupsen/logrus" -) - -// LogHook is a logrus hook that captures log entries and sends them to a channel. -type LogHook struct { - ch chan string - formatter log.Formatter - mu sync.Mutex - levels []log.Level -} - -// NewLogHook creates a new LogHook with a buffered channel of the given size. -func NewLogHook(bufSize int) *LogHook { - return &LogHook{ - ch: make(chan string, bufSize), - formatter: &log.TextFormatter{DisableColors: true, FullTimestamp: true}, - levels: log.AllLevels, - } -} - -// SetFormatter sets a custom formatter for the hook. -func (h *LogHook) SetFormatter(f log.Formatter) { - h.mu.Lock() - defer h.mu.Unlock() - h.formatter = f -} - -// Levels returns the log levels this hook should fire on. -func (h *LogHook) Levels() []log.Level { - return h.levels -} - -// Fire is called by logrus when a log entry is fired. -func (h *LogHook) Fire(entry *log.Entry) error { - h.mu.Lock() - f := h.formatter - h.mu.Unlock() - - var line string - if f != nil { - b, err := f.Format(entry) - if err == nil { - line = strings.TrimRight(string(b), "\n\r") - } else { - line = fmt.Sprintf("[%s] %s", entry.Level, entry.Message) - } - } else { - line = fmt.Sprintf("[%s] %s", entry.Level, entry.Message) - } - - // Non-blocking send - select { - case h.ch <- line: - default: - // Drop oldest if full - select { - case <-h.ch: - default: - } - select { - case h.ch <- line: - default: - } - } - return nil -} - -// Chan returns the channel to read log lines from. -func (h *LogHook) Chan() <-chan string { - return h.ch -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/logs_tab.go b/.worktrees/config/m/config-build/active/internal/tui/logs_tab.go deleted file mode 100644 index 456200d915..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/logs_tab.go +++ /dev/null @@ -1,261 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "time" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" -) - -// logsTabModel displays real-time log lines from hook/API source. -type logsTabModel struct { - client *Client - hook *LogHook - viewport viewport.Model - lines []string - maxLines int - autoScroll bool - width int - height int - ready bool - filter string // "", "debug", "info", "warn", "error" - after int64 - lastErr error -} - -type logsPollMsg struct { - lines []string - latest int64 - err error -} - -type logsTickMsg struct{} -type logLineMsg string - -func newLogsTabModel(client *Client, hook *LogHook) logsTabModel { - return logsTabModel{ - client: client, - hook: hook, - maxLines: 5000, - autoScroll: true, - } -} - -func (m logsTabModel) Init() tea.Cmd { - if m.hook != nil { - return m.waitForLog - } - return m.fetchLogs -} - -func (m logsTabModel) fetchLogs() tea.Msg { - lines, latest, err := m.client.GetLogs(m.after, 200) - return logsPollMsg{ - lines: lines, - latest: latest, - err: err, - } -} - -func (m logsTabModel) waitForNextPoll() tea.Cmd { - return tea.Tick(2*time.Second, func(_ time.Time) tea.Msg { - return logsTickMsg{} - }) -} - -func (m logsTabModel) waitForLog() tea.Msg { - if m.hook == nil { - return nil - } - line, ok := <-m.hook.Chan() - if !ok { - return nil - } - return logLineMsg(line) -} - -func (m logsTabModel) Update(msg tea.Msg) (logsTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderLogs()) - return m, nil - case logsTickMsg: - if m.hook != nil { - return m, nil - } - return m, m.fetchLogs - case logsPollMsg: - if m.hook != nil { - return m, nil - } - if msg.err != nil { - m.lastErr = msg.err - } else { - m.lastErr = nil - m.after = msg.latest - if len(msg.lines) > 0 { - m.lines = append(m.lines, msg.lines...) - if len(m.lines) > m.maxLines { - m.lines = m.lines[len(m.lines)-m.maxLines:] - } - } - } - m.viewport.SetContent(m.renderLogs()) - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, m.waitForNextPoll() - case logLineMsg: - m.lines = append(m.lines, string(msg)) - if len(m.lines) > m.maxLines { - m.lines = m.lines[len(m.lines)-m.maxLines:] - } - m.viewport.SetContent(m.renderLogs()) - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, m.waitForLog - - case tea.KeyMsg: - switch msg.String() { - case "a": - m.autoScroll = !m.autoScroll - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, nil - case "c": - m.lines = nil - m.lastErr = nil - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "1": - m.filter = "" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "2": - m.filter = "info" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "3": - m.filter = "warn" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "4": - m.filter = "error" - m.viewport.SetContent(m.renderLogs()) - return m, nil - default: - wasAtBottom := m.viewport.AtBottom() - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - // If user scrolls up, disable auto-scroll - if !m.viewport.AtBottom() && wasAtBottom { - m.autoScroll = false - } - // If user scrolls to bottom, re-enable auto-scroll - if m.viewport.AtBottom() { - m.autoScroll = true - } - return m, cmd - } - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *logsTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderLogs()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m logsTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m logsTabModel) renderLogs() string { - var sb strings.Builder - - scrollStatus := successStyle.Render(T("logs_auto_scroll")) - if !m.autoScroll { - scrollStatus = warningStyle.Render(T("logs_paused")) - } - filterLabel := "ALL" - if m.filter != "" { - filterLabel = strings.ToUpper(m.filter) + "+" - } - - header := fmt.Sprintf(" %s %s %s: %s %s: %d", - T("logs_title"), scrollStatus, T("logs_filter"), filterLabel, T("logs_lines"), len(m.lines)) - sb.WriteString(titleStyle.Render(header)) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("logs_help"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.lastErr != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.lastErr.Error())) - sb.WriteString("\n") - } - - if len(m.lines) == 0 { - sb.WriteString(subtitleStyle.Render(T("logs_waiting"))) - return sb.String() - } - - for _, line := range m.lines { - if m.filter != "" && !m.matchLevel(line) { - continue - } - styled := m.styleLine(line) - sb.WriteString(styled) - sb.WriteString("\n") - } - - return sb.String() -} - -func (m logsTabModel) matchLevel(line string) bool { - switch m.filter { - case "error": - return strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") || strings.Contains(line, "[panic]") - case "warn": - return strings.Contains(line, "[warn") || strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") - case "info": - return !strings.Contains(line, "[debug]") - default: - return true - } -} - -func (m logsTabModel) styleLine(line string) string { - if strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") { - return logErrorStyle.Render(line) - } - if strings.Contains(line, "[warn") { - return logWarnStyle.Render(line) - } - if strings.Contains(line, "[info") { - return logInfoStyle.Render(line) - } - if strings.Contains(line, "[debug]") { - return logDebugStyle.Render(line) - } - return line -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/oauth_tab.go b/.worktrees/config/m/config-build/active/internal/tui/oauth_tab.go deleted file mode 100644 index 3989e3d861..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/oauth_tab.go +++ /dev/null @@ -1,473 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "time" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// oauthProvider represents an OAuth provider option. -type oauthProvider struct { - name string - apiPath string // management API path - emoji string -} - -var oauthProviders = []oauthProvider{ - {"Gemini CLI", "gemini-cli-auth-url", "🟦"}, - {"Claude (Anthropic)", "anthropic-auth-url", "🟧"}, - {"Codex (OpenAI)", "codex-auth-url", "🟩"}, - {"Antigravity", "antigravity-auth-url", "🟪"}, - {"Qwen", "qwen-auth-url", "🟨"}, - {"Kimi", "kimi-auth-url", "🟫"}, - {"IFlow", "iflow-auth-url", "⬜"}, -} - -// oauthTabModel handles OAuth login flows. -type oauthTabModel struct { - client *Client - viewport viewport.Model - cursor int - state oauthState - message string - err error - width int - height int - ready bool - - // Remote browser mode - authURL string // auth URL to display - authState string // OAuth state parameter - providerName string // current provider name - callbackInput textinput.Model - inputActive bool // true when user is typing callback URL -} - -type oauthState int - -const ( - oauthIdle oauthState = iota - oauthPending - oauthRemote // remote browser mode: waiting for manual callback - oauthSuccess - oauthError -) - -// Messages -type oauthStartMsg struct { - url string - state string - providerName string - err error -} - -type oauthPollMsg struct { - done bool - message string - err error -} - -type oauthCallbackSubmitMsg struct { - err error -} - -func newOAuthTabModel(client *Client) oauthTabModel { - ti := textinput.New() - ti.Placeholder = "http://localhost:.../auth/callback?code=...&state=..." - ti.CharLimit = 2048 - ti.Prompt = " 回调 URL: " - return oauthTabModel{ - client: client, - callbackInput: ti, - } -} - -func (m oauthTabModel) Init() tea.Cmd { - return nil -} - -func (m oauthTabModel) Update(msg tea.Msg) (oauthTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case oauthStartMsg: - if msg.err != nil { - m.state = oauthError - m.err = msg.err - m.message = errorStyle.Render("✗ " + msg.err.Error()) - m.viewport.SetContent(m.renderContent()) - return m, nil - } - m.authURL = msg.url - m.authState = msg.state - m.providerName = msg.providerName - m.state = oauthRemote - m.callbackInput.SetValue("") - m.callbackInput.Focus() - m.inputActive = true - m.message = "" - m.viewport.SetContent(m.renderContent()) - // Also start polling in the background - return m, tea.Batch(textinput.Blink, m.pollOAuthStatus(msg.state)) - - case oauthPollMsg: - if msg.err != nil { - m.state = oauthError - m.err = msg.err - m.message = errorStyle.Render("✗ " + msg.err.Error()) - m.inputActive = false - m.callbackInput.Blur() - } else if msg.done { - m.state = oauthSuccess - m.message = successStyle.Render("✓ " + msg.message) - m.inputActive = false - m.callbackInput.Blur() - } else { - m.message = warningStyle.Render("⏳ " + msg.message) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case oauthCallbackSubmitMsg: - if msg.err != nil { - m.message = errorStyle.Render(T("oauth_submit_fail") + ": " + msg.err.Error()) - } else { - m.message = successStyle.Render(T("oauth_submit_ok")) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case tea.KeyMsg: - // ---- Input active: typing callback URL ---- - if m.inputActive { - switch msg.String() { - case "enter": - callbackURL := m.callbackInput.Value() - if callbackURL == "" { - return m, nil - } - m.inputActive = false - m.callbackInput.Blur() - m.message = warningStyle.Render(T("oauth_submitting")) - m.viewport.SetContent(m.renderContent()) - return m, m.submitCallback(callbackURL) - case "esc": - m.inputActive = false - m.callbackInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.callbackInput, cmd = m.callbackInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } - } - - // ---- Remote mode but not typing ---- - if m.state == oauthRemote { - switch msg.String() { - case "c", "C": - // Re-activate input - m.inputActive = true - m.callbackInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - case "esc": - m.state = oauthIdle - m.message = "" - m.authURL = "" - m.authState = "" - m.viewport.SetContent(m.renderContent()) - return m, nil - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - // ---- Pending (auto polling) ---- - if m.state == oauthPending { - if msg.String() == "esc" { - m.state = oauthIdle - m.message = "" - m.viewport.SetContent(m.renderContent()) - } - return m, nil - } - - // ---- Idle ---- - switch msg.String() { - case "up", "k": - if m.cursor > 0 { - m.cursor-- - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "down", "j": - if m.cursor < len(oauthProviders)-1 { - m.cursor++ - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "enter": - if m.cursor >= 0 && m.cursor < len(oauthProviders) { - provider := oauthProviders[m.cursor] - m.state = oauthPending - m.message = warningStyle.Render(fmt.Sprintf(T("oauth_initiating"), provider.name)) - m.viewport.SetContent(m.renderContent()) - return m, m.startOAuth(provider) - } - return m, nil - case "esc": - m.state = oauthIdle - m.message = "" - m.err = nil - m.viewport.SetContent(m.renderContent()) - return m, nil - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m oauthTabModel) startOAuth(provider oauthProvider) tea.Cmd { - return func() tea.Msg { - // Call the auth URL endpoint with is_webui=true - data, err := m.client.getJSON("/v0/management/" + provider.apiPath + "?is_webui=true") - if err != nil { - return oauthStartMsg{err: fmt.Errorf("failed to start %s login: %w", provider.name, err)} - } - - authURL := getString(data, "url") - state := getString(data, "state") - if authURL == "" { - return oauthStartMsg{err: fmt.Errorf("no auth URL returned for %s", provider.name)} - } - - // Try to open browser (best effort) - _ = openBrowser(authURL) - - return oauthStartMsg{url: authURL, state: state, providerName: provider.name} - } -} - -func (m oauthTabModel) submitCallback(callbackURL string) tea.Cmd { - return func() tea.Msg { - // Determine provider from current context - providerKey := "" - for _, p := range oauthProviders { - if p.name == m.providerName { - // Map provider name to the canonical key the API expects - switch p.apiPath { - case "gemini-cli-auth-url": - providerKey = "gemini" - case "anthropic-auth-url": - providerKey = "anthropic" - case "codex-auth-url": - providerKey = "codex" - case "antigravity-auth-url": - providerKey = "antigravity" - case "qwen-auth-url": - providerKey = "qwen" - case "kimi-auth-url": - providerKey = "kimi" - case "iflow-auth-url": - providerKey = "iflow" - } - break - } - } - - body := map[string]string{ - "provider": providerKey, - "redirect_url": callbackURL, - "state": m.authState, - } - err := m.client.postJSON("/v0/management/oauth-callback", body) - if err != nil { - return oauthCallbackSubmitMsg{err: err} - } - return oauthCallbackSubmitMsg{} - } -} - -func (m oauthTabModel) pollOAuthStatus(state string) tea.Cmd { - return func() tea.Msg { - // Poll session status for up to 5 minutes - deadline := time.Now().Add(5 * time.Minute) - for { - if time.Now().After(deadline) { - return oauthPollMsg{done: false, err: fmt.Errorf("%s", T("oauth_timeout"))} - } - - time.Sleep(2 * time.Second) - - status, errMsg, err := m.client.GetAuthStatus(state) - if err != nil { - continue // Ignore transient errors - } - - switch status { - case "ok": - return oauthPollMsg{ - done: true, - message: T("oauth_success"), - } - case "error": - return oauthPollMsg{ - done: false, - err: fmt.Errorf("%s: %s", T("oauth_failed"), errMsg), - } - case "wait": - continue - default: - return oauthPollMsg{ - done: true, - message: T("oauth_completed"), - } - } - } - } -} - -func (m *oauthTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.callbackInput.Width = w - 16 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m oauthTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m oauthTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("oauth_title"))) - sb.WriteString("\n\n") - - if m.message != "" { - sb.WriteString(" " + m.message) - sb.WriteString("\n\n") - } - - // ---- Remote browser mode ---- - if m.state == oauthRemote { - sb.WriteString(m.renderRemoteMode()) - return sb.String() - } - - if m.state == oauthPending { - sb.WriteString(helpStyle.Render(T("oauth_press_esc"))) - return sb.String() - } - - sb.WriteString(helpStyle.Render(T("oauth_select"))) - sb.WriteString("\n\n") - - for i, p := range oauthProviders { - isSelected := i == m.cursor - prefix := " " - if isSelected { - prefix = "▸ " - } - - label := fmt.Sprintf("%s %s", p.emoji, p.name) - if isSelected { - label = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("#FFFFFF")).Background(colorPrimary).Padding(0, 1).Render(label) - } else { - label = lipgloss.NewStyle().Foreground(colorText).Padding(0, 1).Render(label) - } - - sb.WriteString(prefix + label + "\n") - } - - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("oauth_help"))) - - return sb.String() -} - -func (m oauthTabModel) renderRemoteMode() string { - var sb strings.Builder - - providerStyle := lipgloss.NewStyle().Bold(true).Foreground(colorHighlight) - sb.WriteString(providerStyle.Render(fmt.Sprintf(" ✦ %s OAuth", m.providerName))) - sb.WriteString("\n\n") - - // Auth URL section - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorInfo).Render(T("oauth_auth_url"))) - sb.WriteString("\n") - - // Wrap URL to fit terminal width - urlStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("252")) - maxURLWidth := m.width - 6 - if maxURLWidth < 40 { - maxURLWidth = 40 - } - wrappedURL := wrapText(m.authURL, maxURLWidth) - for _, line := range wrappedURL { - sb.WriteString(" " + urlStyle.Render(line) + "\n") - } - sb.WriteString("\n") - - sb.WriteString(helpStyle.Render(T("oauth_remote_hint"))) - sb.WriteString("\n\n") - - // Callback URL input - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorInfo).Render(T("oauth_callback_url"))) - sb.WriteString("\n") - - if m.inputActive { - sb.WriteString(m.callbackInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(" " + T("enter_submit") + " • " + T("esc_cancel"))) - } else { - sb.WriteString(helpStyle.Render(T("oauth_press_c"))) - } - - sb.WriteString("\n\n") - sb.WriteString(warningStyle.Render(T("oauth_waiting"))) - - return sb.String() -} - -// wrapText splits a long string into lines of at most maxWidth characters. -func wrapText(s string, maxWidth int) []string { - if maxWidth <= 0 { - return []string{s} - } - var lines []string - for len(s) > maxWidth { - lines = append(lines, s[:maxWidth]) - s = s[maxWidth:] - } - if len(s) > 0 { - lines = append(lines, s) - } - return lines -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/styles.go b/.worktrees/config/m/config-build/active/internal/tui/styles.go deleted file mode 100644 index f09e4322c9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/styles.go +++ /dev/null @@ -1,126 +0,0 @@ -// Package tui provides a terminal-based management interface for CLIProxyAPI. -package tui - -import "github.com/charmbracelet/lipgloss" - -// Color palette -var ( - colorPrimary = lipgloss.Color("#7C3AED") // violet - colorSecondary = lipgloss.Color("#6366F1") // indigo - colorSuccess = lipgloss.Color("#22C55E") // green - colorWarning = lipgloss.Color("#EAB308") // yellow - colorError = lipgloss.Color("#EF4444") // red - colorInfo = lipgloss.Color("#3B82F6") // blue - colorMuted = lipgloss.Color("#6B7280") // gray - colorBg = lipgloss.Color("#1E1E2E") // dark bg - colorSurface = lipgloss.Color("#313244") // slightly lighter - colorText = lipgloss.Color("#CDD6F4") // light text - colorSubtext = lipgloss.Color("#A6ADC8") // dimmer text - colorBorder = lipgloss.Color("#45475A") // border - colorHighlight = lipgloss.Color("#F5C2E7") // pink highlight -) - -// Tab bar styles -var ( - tabActiveStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(lipgloss.Color("#FFFFFF")). - Background(colorPrimary). - Padding(0, 2) - - tabInactiveStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Background(colorSurface). - Padding(0, 2) - - tabBarStyle = lipgloss.NewStyle(). - Background(colorSurface). - PaddingLeft(1). - PaddingBottom(0) -) - -// Content styles -var ( - titleStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(colorHighlight). - MarginBottom(1) - - subtitleStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Italic(true) - - labelStyle = lipgloss.NewStyle(). - Foreground(colorInfo). - Bold(true). - Width(24) - - valueStyle = lipgloss.NewStyle(). - Foreground(colorText) - - sectionStyle = lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(colorBorder). - Padding(1, 2) - - errorStyle = lipgloss.NewStyle(). - Foreground(colorError). - Bold(true) - - successStyle = lipgloss.NewStyle(). - Foreground(colorSuccess) - - warningStyle = lipgloss.NewStyle(). - Foreground(colorWarning) - - statusBarStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Background(colorSurface). - PaddingLeft(1). - PaddingRight(1) - - helpStyle = lipgloss.NewStyle(). - Foreground(colorMuted) -) - -// Log level styles -var ( - logDebugStyle = lipgloss.NewStyle().Foreground(colorMuted) - logInfoStyle = lipgloss.NewStyle().Foreground(colorInfo) - logWarnStyle = lipgloss.NewStyle().Foreground(colorWarning) - logErrorStyle = lipgloss.NewStyle().Foreground(colorError) -) - -// Table styles -var ( - tableHeaderStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(colorHighlight). - BorderBottom(true). - BorderStyle(lipgloss.NormalBorder()). - BorderForeground(colorBorder) - - tableCellStyle = lipgloss.NewStyle(). - Foreground(colorText). - PaddingRight(2) - - tableSelectedStyle = lipgloss.NewStyle(). - Foreground(lipgloss.Color("#FFFFFF")). - Background(colorPrimary). - Bold(true) -) - -func logLevelStyle(level string) lipgloss.Style { - switch level { - case "debug": - return logDebugStyle - case "info": - return logInfoStyle - case "warn", "warning": - return logWarnStyle - case "error", "fatal", "panic": - return logErrorStyle - default: - return logInfoStyle - } -} diff --git a/.worktrees/config/m/config-build/active/internal/tui/usage_tab.go b/.worktrees/config/m/config-build/active/internal/tui/usage_tab.go deleted file mode 100644 index 9e6da7f840..0000000000 --- a/.worktrees/config/m/config-build/active/internal/tui/usage_tab.go +++ /dev/null @@ -1,364 +0,0 @@ -package tui - -import ( - "fmt" - "sort" - "strings" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// usageTabModel displays usage statistics with charts and breakdowns. -type usageTabModel struct { - client *Client - viewport viewport.Model - usage map[string]any - err error - width int - height int - ready bool -} - -type usageDataMsg struct { - usage map[string]any - err error -} - -func newUsageTabModel(client *Client) usageTabModel { - return usageTabModel{ - client: client, - } -} - -func (m usageTabModel) Init() tea.Cmd { - return m.fetchData -} - -func (m usageTabModel) fetchData() tea.Msg { - usage, err := m.client.GetUsage() - return usageDataMsg{usage: usage, err: err} -} - -func (m usageTabModel) Update(msg tea.Msg) (usageTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case usageDataMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.usage = msg.usage - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case tea.KeyMsg: - if msg.String() == "r" { - return m, m.fetchData - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *usageTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m usageTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m usageTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("usage_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("usage_help"))) - sb.WriteString("\n\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - if m.usage == nil { - sb.WriteString(subtitleStyle.Render(T("usage_no_data"))) - sb.WriteString("\n") - return sb.String() - } - - usageMap, _ := m.usage["usage"].(map[string]any) - if usageMap == nil { - sb.WriteString(subtitleStyle.Render(T("usage_no_data"))) - sb.WriteString("\n") - return sb.String() - } - - totalReqs := int64(getFloat(usageMap, "total_requests")) - successCnt := int64(getFloat(usageMap, "success_count")) - failureCnt := int64(getFloat(usageMap, "failure_count")) - totalTokens := int64(getFloat(usageMap, "total_tokens")) - - // ━━━ Overview Cards ━━━ - cardWidth := 20 - if m.width > 0 { - cardWidth = (m.width - 6) / 4 - if cardWidth < 16 { - cardWidth = 16 - } - } - cardStyle := lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(lipgloss.Color("240")). - Padding(0, 1). - Width(cardWidth). - Height(3) - - // Total Requests - card1 := cardStyle.Copy().BorderForeground(lipgloss.Color("111")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_total_reqs")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("111")).Render(fmt.Sprintf("%d", totalReqs)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("● %s: %d ● %s: %d", T("usage_success"), successCnt, T("usage_failure"), failureCnt)), - )) - - // Total Tokens - card2 := cardStyle.Copy().BorderForeground(lipgloss.Color("214")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_total_tokens")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("214")).Render(formatLargeNumber(totalTokens)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %s", T("usage_total_token_l"), formatLargeNumber(totalTokens))), - )) - - // RPM - rpm := float64(0) - if totalReqs > 0 { - if rByH, ok := usageMap["requests_by_hour"].(map[string]any); ok && len(rByH) > 0 { - rpm = float64(totalReqs) / float64(len(rByH)) / 60.0 - } - } - card3 := cardStyle.Copy().BorderForeground(lipgloss.Color("76")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_rpm")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("76")).Render(fmt.Sprintf("%.2f", rpm)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %d", T("usage_total_reqs"), totalReqs)), - )) - - // TPM - tpm := float64(0) - if totalTokens > 0 { - if tByH, ok := usageMap["tokens_by_hour"].(map[string]any); ok && len(tByH) > 0 { - tpm = float64(totalTokens) / float64(len(tByH)) / 60.0 - } - } - card4 := cardStyle.Copy().BorderForeground(lipgloss.Color("170")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_tpm")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("170")).Render(fmt.Sprintf("%.2f", tpm)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %s", T("usage_total_tokens"), formatLargeNumber(totalTokens))), - )) - - sb.WriteString(lipgloss.JoinHorizontal(lipgloss.Top, card1, " ", card2, " ", card3, " ", card4)) - sb.WriteString("\n\n") - - // ━━━ Requests by Hour (ASCII bar chart) ━━━ - if rByH, ok := usageMap["requests_by_hour"].(map[string]any); ok && len(rByH) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_req_by_hour"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(rByH, m.width-6, lipgloss.Color("111"))) - sb.WriteString("\n") - } - - // ━━━ Tokens by Hour ━━━ - if tByH, ok := usageMap["tokens_by_hour"].(map[string]any); ok && len(tByH) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_tok_by_hour"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(tByH, m.width-6, lipgloss.Color("214"))) - sb.WriteString("\n") - } - - // ━━━ Requests by Day ━━━ - if rByD, ok := usageMap["requests_by_day"].(map[string]any); ok && len(rByD) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_req_by_day"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(rByD, m.width-6, lipgloss.Color("76"))) - sb.WriteString("\n") - } - - // ━━━ API Detail Stats ━━━ - if apis, ok := usageMap["apis"].(map[string]any); ok && len(apis) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_api_detail"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 80))) - sb.WriteString("\n") - - header := fmt.Sprintf(" %-30s %10s %12s", "API", T("requests"), T("tokens")) - sb.WriteString(tableHeaderStyle.Render(header)) - sb.WriteString("\n") - - for apiName, apiSnap := range apis { - if apiMap, ok := apiSnap.(map[string]any); ok { - apiReqs := int64(getFloat(apiMap, "total_requests")) - apiToks := int64(getFloat(apiMap, "total_tokens")) - - row := fmt.Sprintf(" %-30s %10d %12s", - truncate(maskKey(apiName), 30), apiReqs, formatLargeNumber(apiToks)) - sb.WriteString(lipgloss.NewStyle().Bold(true).Render(row)) - sb.WriteString("\n") - - // Per-model breakdown - if models, ok := apiMap["models"].(map[string]any); ok { - for model, v := range models { - if stats, ok := v.(map[string]any); ok { - mReqs := int64(getFloat(stats, "total_requests")) - mToks := int64(getFloat(stats, "total_tokens")) - mRow := fmt.Sprintf(" ├─ %-28s %10d %12s", - truncate(model, 28), mReqs, formatLargeNumber(mToks)) - sb.WriteString(tableCellStyle.Render(mRow)) - sb.WriteString("\n") - - // Token type breakdown from details - sb.WriteString(m.renderTokenBreakdown(stats)) - } - } - } - } - } - } - - sb.WriteString("\n") - return sb.String() -} - -// renderTokenBreakdown aggregates input/output/cached/reasoning tokens from model details. -func (m usageTabModel) renderTokenBreakdown(modelStats map[string]any) string { - details, ok := modelStats["details"] - if !ok { - return "" - } - detailList, ok := details.([]any) - if !ok || len(detailList) == 0 { - return "" - } - - var inputTotal, outputTotal, cachedTotal, reasoningTotal int64 - for _, d := range detailList { - dm, ok := d.(map[string]any) - if !ok { - continue - } - tokens, ok := dm["tokens"].(map[string]any) - if !ok { - continue - } - inputTotal += int64(getFloat(tokens, "input_tokens")) - outputTotal += int64(getFloat(tokens, "output_tokens")) - cachedTotal += int64(getFloat(tokens, "cached_tokens")) - reasoningTotal += int64(getFloat(tokens, "reasoning_tokens")) - } - - if inputTotal == 0 && outputTotal == 0 && cachedTotal == 0 && reasoningTotal == 0 { - return "" - } - - parts := []string{} - if inputTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_input"), formatLargeNumber(inputTotal))) - } - if outputTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_output"), formatLargeNumber(outputTotal))) - } - if cachedTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_cached"), formatLargeNumber(cachedTotal))) - } - if reasoningTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_reasoning"), formatLargeNumber(reasoningTotal))) - } - - return fmt.Sprintf(" │ %s\n", - lipgloss.NewStyle().Foreground(colorMuted).Render(strings.Join(parts, " "))) -} - -// renderBarChart renders a simple ASCII horizontal bar chart. -func renderBarChart(data map[string]any, maxBarWidth int, barColor lipgloss.Color) string { - if maxBarWidth < 10 { - maxBarWidth = 10 - } - - // Sort keys - keys := make([]string, 0, len(data)) - for k := range data { - keys = append(keys, k) - } - sort.Strings(keys) - - // Find max value - maxVal := float64(0) - for _, k := range keys { - v := getFloat(data, k) - if v > maxVal { - maxVal = v - } - } - if maxVal == 0 { - return "" - } - - barStyle := lipgloss.NewStyle().Foreground(barColor) - var sb strings.Builder - - labelWidth := 12 - barAvail := maxBarWidth - labelWidth - 12 - if barAvail < 5 { - barAvail = 5 - } - - for _, k := range keys { - v := getFloat(data, k) - barLen := int(v / maxVal * float64(barAvail)) - if barLen < 1 && v > 0 { - barLen = 1 - } - bar := strings.Repeat("█", barLen) - label := k - if len(label) > labelWidth { - label = label[:labelWidth] - } - sb.WriteString(fmt.Sprintf(" %-*s %s %s\n", - labelWidth, label, - barStyle.Render(bar), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%.0f", v)), - )) - } - - return sb.String() -} diff --git a/.worktrees/config/m/config-build/active/internal/usage/logger_plugin.go b/.worktrees/config/m/config-build/active/internal/usage/logger_plugin.go deleted file mode 100644 index e4371e8d39..0000000000 --- a/.worktrees/config/m/config-build/active/internal/usage/logger_plugin.go +++ /dev/null @@ -1,472 +0,0 @@ -// Package usage provides usage tracking and logging functionality for the CLI Proxy API server. -// It includes plugins for monitoring API usage, token consumption, and other metrics -// to help with observability and billing purposes. -package usage - -import ( - "context" - "fmt" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/gin-gonic/gin" - coreusage "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -var statisticsEnabled atomic.Bool - -func init() { - statisticsEnabled.Store(true) - coreusage.RegisterPlugin(NewLoggerPlugin()) -} - -// LoggerPlugin collects in-memory request statistics for usage analysis. -// It implements coreusage.Plugin to receive usage records emitted by the runtime. -type LoggerPlugin struct { - stats *RequestStatistics -} - -// NewLoggerPlugin constructs a new logger plugin instance. -// -// Returns: -// - *LoggerPlugin: A new logger plugin instance wired to the shared statistics store. -func NewLoggerPlugin() *LoggerPlugin { return &LoggerPlugin{stats: defaultRequestStatistics} } - -// HandleUsage implements coreusage.Plugin. -// It updates the in-memory statistics store whenever a usage record is received. -// -// Parameters: -// - ctx: The context for the usage record -// - record: The usage record to aggregate -func (p *LoggerPlugin) HandleUsage(ctx context.Context, record coreusage.Record) { - if !statisticsEnabled.Load() { - return - } - if p == nil || p.stats == nil { - return - } - p.stats.Record(ctx, record) -} - -// SetStatisticsEnabled toggles whether in-memory statistics are recorded. -func SetStatisticsEnabled(enabled bool) { statisticsEnabled.Store(enabled) } - -// StatisticsEnabled reports the current recording state. -func StatisticsEnabled() bool { return statisticsEnabled.Load() } - -// RequestStatistics maintains aggregated request metrics in memory. -type RequestStatistics struct { - mu sync.RWMutex - - totalRequests int64 - successCount int64 - failureCount int64 - totalTokens int64 - - apis map[string]*apiStats - - requestsByDay map[string]int64 - requestsByHour map[int]int64 - tokensByDay map[string]int64 - tokensByHour map[int]int64 -} - -// apiStats holds aggregated metrics for a single API key. -type apiStats struct { - TotalRequests int64 - TotalTokens int64 - Models map[string]*modelStats -} - -// modelStats holds aggregated metrics for a specific model within an API. -type modelStats struct { - TotalRequests int64 - TotalTokens int64 - Details []RequestDetail -} - -// RequestDetail stores the timestamp and token usage for a single request. -type RequestDetail struct { - Timestamp time.Time `json:"timestamp"` - Source string `json:"source"` - AuthIndex string `json:"auth_index"` - Tokens TokenStats `json:"tokens"` - Failed bool `json:"failed"` -} - -// TokenStats captures the token usage breakdown for a request. -type TokenStats struct { - InputTokens int64 `json:"input_tokens"` - OutputTokens int64 `json:"output_tokens"` - ReasoningTokens int64 `json:"reasoning_tokens"` - CachedTokens int64 `json:"cached_tokens"` - TotalTokens int64 `json:"total_tokens"` -} - -// StatisticsSnapshot represents an immutable view of the aggregated metrics. -type StatisticsSnapshot struct { - TotalRequests int64 `json:"total_requests"` - SuccessCount int64 `json:"success_count"` - FailureCount int64 `json:"failure_count"` - TotalTokens int64 `json:"total_tokens"` - - APIs map[string]APISnapshot `json:"apis"` - - RequestsByDay map[string]int64 `json:"requests_by_day"` - RequestsByHour map[string]int64 `json:"requests_by_hour"` - TokensByDay map[string]int64 `json:"tokens_by_day"` - TokensByHour map[string]int64 `json:"tokens_by_hour"` -} - -// APISnapshot summarises metrics for a single API key. -type APISnapshot struct { - TotalRequests int64 `json:"total_requests"` - TotalTokens int64 `json:"total_tokens"` - Models map[string]ModelSnapshot `json:"models"` -} - -// ModelSnapshot summarises metrics for a specific model. -type ModelSnapshot struct { - TotalRequests int64 `json:"total_requests"` - TotalTokens int64 `json:"total_tokens"` - Details []RequestDetail `json:"details"` -} - -var defaultRequestStatistics = NewRequestStatistics() - -// GetRequestStatistics returns the shared statistics store. -func GetRequestStatistics() *RequestStatistics { return defaultRequestStatistics } - -// NewRequestStatistics constructs an empty statistics store. -func NewRequestStatistics() *RequestStatistics { - return &RequestStatistics{ - apis: make(map[string]*apiStats), - requestsByDay: make(map[string]int64), - requestsByHour: make(map[int]int64), - tokensByDay: make(map[string]int64), - tokensByHour: make(map[int]int64), - } -} - -// Record ingests a new usage record and updates the aggregates. -func (s *RequestStatistics) Record(ctx context.Context, record coreusage.Record) { - if s == nil { - return - } - if !statisticsEnabled.Load() { - return - } - timestamp := record.RequestedAt - if timestamp.IsZero() { - timestamp = time.Now() - } - detail := normaliseDetail(record.Detail) - totalTokens := detail.TotalTokens - statsKey := record.APIKey - if statsKey == "" { - statsKey = resolveAPIIdentifier(ctx, record) - } - failed := record.Failed - if !failed { - failed = !resolveSuccess(ctx) - } - success := !failed - modelName := record.Model - if modelName == "" { - modelName = "unknown" - } - dayKey := timestamp.Format("2006-01-02") - hourKey := timestamp.Hour() - - s.mu.Lock() - defer s.mu.Unlock() - - s.totalRequests++ - if success { - s.successCount++ - } else { - s.failureCount++ - } - s.totalTokens += totalTokens - - stats, ok := s.apis[statsKey] - if !ok { - stats = &apiStats{Models: make(map[string]*modelStats)} - s.apis[statsKey] = stats - } - s.updateAPIStats(stats, modelName, RequestDetail{ - Timestamp: timestamp, - Source: record.Source, - AuthIndex: record.AuthIndex, - Tokens: detail, - Failed: failed, - }) - - s.requestsByDay[dayKey]++ - s.requestsByHour[hourKey]++ - s.tokensByDay[dayKey] += totalTokens - s.tokensByHour[hourKey] += totalTokens -} - -func (s *RequestStatistics) updateAPIStats(stats *apiStats, model string, detail RequestDetail) { - stats.TotalRequests++ - stats.TotalTokens += detail.Tokens.TotalTokens - modelStatsValue, ok := stats.Models[model] - if !ok { - modelStatsValue = &modelStats{} - stats.Models[model] = modelStatsValue - } - modelStatsValue.TotalRequests++ - modelStatsValue.TotalTokens += detail.Tokens.TotalTokens - modelStatsValue.Details = append(modelStatsValue.Details, detail) -} - -// Snapshot returns a copy of the aggregated metrics for external consumption. -func (s *RequestStatistics) Snapshot() StatisticsSnapshot { - result := StatisticsSnapshot{} - if s == nil { - return result - } - - s.mu.RLock() - defer s.mu.RUnlock() - - result.TotalRequests = s.totalRequests - result.SuccessCount = s.successCount - result.FailureCount = s.failureCount - result.TotalTokens = s.totalTokens - - result.APIs = make(map[string]APISnapshot, len(s.apis)) - for apiName, stats := range s.apis { - apiSnapshot := APISnapshot{ - TotalRequests: stats.TotalRequests, - TotalTokens: stats.TotalTokens, - Models: make(map[string]ModelSnapshot, len(stats.Models)), - } - for modelName, modelStatsValue := range stats.Models { - requestDetails := make([]RequestDetail, len(modelStatsValue.Details)) - copy(requestDetails, modelStatsValue.Details) - apiSnapshot.Models[modelName] = ModelSnapshot{ - TotalRequests: modelStatsValue.TotalRequests, - TotalTokens: modelStatsValue.TotalTokens, - Details: requestDetails, - } - } - result.APIs[apiName] = apiSnapshot - } - - result.RequestsByDay = make(map[string]int64, len(s.requestsByDay)) - for k, v := range s.requestsByDay { - result.RequestsByDay[k] = v - } - - result.RequestsByHour = make(map[string]int64, len(s.requestsByHour)) - for hour, v := range s.requestsByHour { - key := formatHour(hour) - result.RequestsByHour[key] = v - } - - result.TokensByDay = make(map[string]int64, len(s.tokensByDay)) - for k, v := range s.tokensByDay { - result.TokensByDay[k] = v - } - - result.TokensByHour = make(map[string]int64, len(s.tokensByHour)) - for hour, v := range s.tokensByHour { - key := formatHour(hour) - result.TokensByHour[key] = v - } - - return result -} - -type MergeResult struct { - Added int64 `json:"added"` - Skipped int64 `json:"skipped"` -} - -// MergeSnapshot merges an exported statistics snapshot into the current store. -// Existing data is preserved and duplicate request details are skipped. -func (s *RequestStatistics) MergeSnapshot(snapshot StatisticsSnapshot) MergeResult { - result := MergeResult{} - if s == nil { - return result - } - - s.mu.Lock() - defer s.mu.Unlock() - - seen := make(map[string]struct{}) - for apiName, stats := range s.apis { - if stats == nil { - continue - } - for modelName, modelStatsValue := range stats.Models { - if modelStatsValue == nil { - continue - } - for _, detail := range modelStatsValue.Details { - seen[dedupKey(apiName, modelName, detail)] = struct{}{} - } - } - } - - for apiName, apiSnapshot := range snapshot.APIs { - apiName = strings.TrimSpace(apiName) - if apiName == "" { - continue - } - stats, ok := s.apis[apiName] - if !ok || stats == nil { - stats = &apiStats{Models: make(map[string]*modelStats)} - s.apis[apiName] = stats - } else if stats.Models == nil { - stats.Models = make(map[string]*modelStats) - } - for modelName, modelSnapshot := range apiSnapshot.Models { - modelName = strings.TrimSpace(modelName) - if modelName == "" { - modelName = "unknown" - } - for _, detail := range modelSnapshot.Details { - detail.Tokens = normaliseTokenStats(detail.Tokens) - if detail.Timestamp.IsZero() { - detail.Timestamp = time.Now() - } - key := dedupKey(apiName, modelName, detail) - if _, exists := seen[key]; exists { - result.Skipped++ - continue - } - seen[key] = struct{}{} - s.recordImported(apiName, modelName, stats, detail) - result.Added++ - } - } - } - - return result -} - -func (s *RequestStatistics) recordImported(apiName, modelName string, stats *apiStats, detail RequestDetail) { - totalTokens := detail.Tokens.TotalTokens - if totalTokens < 0 { - totalTokens = 0 - } - - s.totalRequests++ - if detail.Failed { - s.failureCount++ - } else { - s.successCount++ - } - s.totalTokens += totalTokens - - s.updateAPIStats(stats, modelName, detail) - - dayKey := detail.Timestamp.Format("2006-01-02") - hourKey := detail.Timestamp.Hour() - - s.requestsByDay[dayKey]++ - s.requestsByHour[hourKey]++ - s.tokensByDay[dayKey] += totalTokens - s.tokensByHour[hourKey] += totalTokens -} - -func dedupKey(apiName, modelName string, detail RequestDetail) string { - timestamp := detail.Timestamp.UTC().Format(time.RFC3339Nano) - tokens := normaliseTokenStats(detail.Tokens) - return fmt.Sprintf( - "%s|%s|%s|%s|%s|%t|%d|%d|%d|%d|%d", - apiName, - modelName, - timestamp, - detail.Source, - detail.AuthIndex, - detail.Failed, - tokens.InputTokens, - tokens.OutputTokens, - tokens.ReasoningTokens, - tokens.CachedTokens, - tokens.TotalTokens, - ) -} - -func resolveAPIIdentifier(ctx context.Context, record coreusage.Record) string { - if ctx != nil { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil { - path := ginCtx.FullPath() - if path == "" && ginCtx.Request != nil { - path = ginCtx.Request.URL.Path - } - method := "" - if ginCtx.Request != nil { - method = ginCtx.Request.Method - } - if path != "" { - if method != "" { - return method + " " + path - } - return path - } - } - } - if record.Provider != "" { - return record.Provider - } - return "unknown" -} - -func resolveSuccess(ctx context.Context) bool { - if ctx == nil { - return true - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return true - } - status := ginCtx.Writer.Status() - if status == 0 { - return true - } - return status < httpStatusBadRequest -} - -const httpStatusBadRequest = 400 - -func normaliseDetail(detail coreusage.Detail) TokenStats { - tokens := TokenStats{ - InputTokens: detail.InputTokens, - OutputTokens: detail.OutputTokens, - ReasoningTokens: detail.ReasoningTokens, - CachedTokens: detail.CachedTokens, - TotalTokens: detail.TotalTokens, - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens + detail.CachedTokens - } - return tokens -} - -func normaliseTokenStats(tokens TokenStats) TokenStats { - if tokens.TotalTokens == 0 { - tokens.TotalTokens = tokens.InputTokens + tokens.OutputTokens + tokens.ReasoningTokens - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = tokens.InputTokens + tokens.OutputTokens + tokens.ReasoningTokens + tokens.CachedTokens - } - return tokens -} - -func formatHour(hour int) string { - if hour < 0 { - hour = 0 - } - hour = hour % 24 - return fmt.Sprintf("%02d", hour) -} diff --git a/.worktrees/config/m/config-build/active/internal/util/claude_model.go b/.worktrees/config/m/config-build/active/internal/util/claude_model.go deleted file mode 100644 index 1534f02c46..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/claude_model.go +++ /dev/null @@ -1,10 +0,0 @@ -package util - -import "strings" - -// IsClaudeThinkingModel checks if the model is a Claude thinking model -// that requires the interleaved-thinking beta header. -func IsClaudeThinkingModel(model string) bool { - lower := strings.ToLower(model) - return strings.Contains(lower, "claude") && strings.Contains(lower, "thinking") -} diff --git a/.worktrees/config/m/config-build/active/internal/util/claude_model_test.go b/.worktrees/config/m/config-build/active/internal/util/claude_model_test.go deleted file mode 100644 index d20c337de4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/claude_model_test.go +++ /dev/null @@ -1,42 +0,0 @@ -package util - -import "testing" - -func TestIsClaudeThinkingModel(t *testing.T) { - tests := []struct { - name string - model string - expected bool - }{ - // Claude thinking models - should return true - {"claude-sonnet-4-5-thinking", "claude-sonnet-4-5-thinking", true}, - {"claude-opus-4-5-thinking", "claude-opus-4-5-thinking", true}, - {"claude-opus-4-6-thinking", "claude-opus-4-6-thinking", true}, - {"Claude-Sonnet-Thinking uppercase", "Claude-Sonnet-4-5-Thinking", true}, - {"claude thinking mixed case", "Claude-THINKING-Model", true}, - - // Non-thinking Claude models - should return false - {"claude-sonnet-4-5 (no thinking)", "claude-sonnet-4-5", false}, - {"claude-opus-4-5 (no thinking)", "claude-opus-4-5", false}, - {"claude-3-5-sonnet", "claude-3-5-sonnet-20240620", false}, - - // Non-Claude models - should return false - {"gemini-3-pro-preview", "gemini-3-pro-preview", false}, - {"gemini-thinking model", "gemini-3-pro-thinking", false}, // not Claude - {"gpt-4o", "gpt-4o", false}, - {"empty string", "", false}, - - // Edge cases - {"thinking without claude", "thinking-model", false}, - {"claude without thinking", "claude-model", false}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := IsClaudeThinkingModel(tt.model) - if result != tt.expected { - t.Errorf("IsClaudeThinkingModel(%q) = %v, expected %v", tt.model, result, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/util/gemini_schema.go b/.worktrees/config/m/config-build/active/internal/util/gemini_schema.go deleted file mode 100644 index b8d07bf4d9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/gemini_schema.go +++ /dev/null @@ -1,785 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -package util - -import ( - "fmt" - "sort" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var gjsonPathKeyReplacer = strings.NewReplacer(".", "\\.", "*", "\\*", "?", "\\?") - -const placeholderReasonDescription = "Brief explanation of why you are calling this tool" - -// CleanJSONSchemaForAntigravity transforms a JSON schema to be compatible with Antigravity API. -// It handles unsupported keywords, type flattening, and schema simplification while preserving -// semantic information as description hints. -func CleanJSONSchemaForAntigravity(jsonStr string) string { - return cleanJSONSchema(jsonStr, true) -} - -// CleanJSONSchemaForGemini transforms a JSON schema to be compatible with Gemini tool calling. -// It removes unsupported keywords and simplifies schemas, without adding empty-schema placeholders. -func CleanJSONSchemaForGemini(jsonStr string) string { - return cleanJSONSchema(jsonStr, false) -} - -// cleanJSONSchema performs the core cleaning operations on the JSON schema. -func cleanJSONSchema(jsonStr string, addPlaceholder bool) string { - // Phase 1: Convert and add hints - jsonStr = convertRefsToHints(jsonStr) - jsonStr = convertConstToEnum(jsonStr) - jsonStr = convertEnumValuesToStrings(jsonStr) - jsonStr = addEnumHints(jsonStr) - jsonStr = addAdditionalPropertiesHints(jsonStr) - jsonStr = moveConstraintsToDescription(jsonStr) - - // Phase 2: Flatten complex structures - jsonStr = mergeAllOf(jsonStr) - jsonStr = flattenAnyOfOneOf(jsonStr) - jsonStr = flattenTypeArrays(jsonStr) - - // Phase 3: Cleanup - jsonStr = removeUnsupportedKeywords(jsonStr) - if !addPlaceholder { - // Gemini schema cleanup: remove nullable/title and placeholder-only fields. - jsonStr = removeKeywords(jsonStr, []string{"nullable", "title"}) - jsonStr = removePlaceholderFields(jsonStr) - } - jsonStr = cleanupRequiredFields(jsonStr) - // Phase 4: Add placeholder for empty object schemas (Claude VALIDATED mode requirement) - if addPlaceholder { - jsonStr = addEmptySchemaPlaceholder(jsonStr) - } - - return jsonStr -} - -// removeKeywords removes all occurrences of specified keywords from the JSON schema. -func removeKeywords(jsonStr string, keywords []string) string { - deletePaths := make([]string, 0) - pathsByField := findPathsByFields(jsonStr, keywords) - for _, key := range keywords { - for _, p := range pathsByField[key] { - if isPropertyDefinition(trimSuffix(p, "."+key)) { - continue - } - deletePaths = append(deletePaths, p) - } - } - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - return jsonStr -} - -// removePlaceholderFields removes placeholder-only properties ("_" and "reason") and their required entries. -func removePlaceholderFields(jsonStr string) string { - // Remove "_" placeholder properties. - paths := findPaths(jsonStr, "_") - sortByDepth(paths) - for _, p := range paths { - if !strings.HasSuffix(p, ".properties._") { - continue - } - jsonStr, _ = sjson.Delete(jsonStr, p) - parentPath := trimSuffix(p, ".properties._") - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != "_" { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - - // Remove placeholder-only "reason" objects. - reasonPaths := findPaths(jsonStr, "reason") - sortByDepth(reasonPaths) - for _, p := range reasonPaths { - if !strings.HasSuffix(p, ".properties.reason") { - continue - } - parentPath := trimSuffix(p, ".properties.reason") - props := gjson.Get(jsonStr, joinPath(parentPath, "properties")) - if !props.IsObject() || len(props.Map()) != 1 { - continue - } - desc := gjson.Get(jsonStr, p+".description").String() - if desc != placeholderReasonDescription { - continue - } - jsonStr, _ = sjson.Delete(jsonStr, p) - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != "reason" { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - - return jsonStr -} - -// convertRefsToHints converts $ref to description hints (Lazy Hint strategy). -func convertRefsToHints(jsonStr string) string { - paths := findPaths(jsonStr, "$ref") - sortByDepth(paths) - - for _, p := range paths { - refVal := gjson.Get(jsonStr, p).String() - defName := refVal - if idx := strings.LastIndex(refVal, "/"); idx >= 0 { - defName = refVal[idx+1:] - } - - parentPath := trimSuffix(p, ".$ref") - hint := fmt.Sprintf("See: %s", defName) - if existing := gjson.Get(jsonStr, descriptionPath(parentPath)).String(); existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - - replacement := `{"type":"object","description":""}` - replacement, _ = sjson.Set(replacement, "description", hint) - jsonStr = setRawAt(jsonStr, parentPath, replacement) - } - return jsonStr -} - -func convertConstToEnum(jsonStr string) string { - for _, p := range findPaths(jsonStr, "const") { - val := gjson.Get(jsonStr, p) - if !val.Exists() { - continue - } - enumPath := trimSuffix(p, ".const") + ".enum" - if !gjson.Get(jsonStr, enumPath).Exists() { - jsonStr, _ = sjson.Set(jsonStr, enumPath, []interface{}{val.Value()}) - } - } - return jsonStr -} - -// convertEnumValuesToStrings ensures all enum values are strings and the schema type is set to string. -// Gemini API requires enum values to be of type string, not numbers or booleans. -func convertEnumValuesToStrings(jsonStr string) string { - for _, p := range findPaths(jsonStr, "enum") { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() { - continue - } - - var stringVals []string - for _, item := range arr.Array() { - stringVals = append(stringVals, item.String()) - } - - // Always update enum values to strings and set type to "string" - // This ensures compatibility with Antigravity Gemini which only allows enum for STRING type - jsonStr, _ = sjson.Set(jsonStr, p, stringVals) - parentPath := trimSuffix(p, ".enum") - jsonStr, _ = sjson.Set(jsonStr, joinPath(parentPath, "type"), "string") - } - return jsonStr -} - -func addEnumHints(jsonStr string) string { - for _, p := range findPaths(jsonStr, "enum") { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() { - continue - } - items := arr.Array() - if len(items) <= 1 || len(items) > 10 { - continue - } - - var vals []string - for _, item := range items { - vals = append(vals, item.String()) - } - jsonStr = appendHint(jsonStr, trimSuffix(p, ".enum"), "Allowed: "+strings.Join(vals, ", ")) - } - return jsonStr -} - -func addAdditionalPropertiesHints(jsonStr string) string { - for _, p := range findPaths(jsonStr, "additionalProperties") { - if gjson.Get(jsonStr, p).Type == gjson.False { - jsonStr = appendHint(jsonStr, trimSuffix(p, ".additionalProperties"), "No extra properties allowed") - } - } - return jsonStr -} - -var unsupportedConstraints = []string{ - "minLength", "maxLength", "exclusiveMinimum", "exclusiveMaximum", - "pattern", "minItems", "maxItems", "format", - "default", "examples", // Claude rejects these in VALIDATED mode -} - -func moveConstraintsToDescription(jsonStr string) string { - pathsByField := findPathsByFields(jsonStr, unsupportedConstraints) - for _, key := range unsupportedConstraints { - for _, p := range pathsByField[key] { - val := gjson.Get(jsonStr, p) - if !val.Exists() || val.IsObject() || val.IsArray() { - continue - } - parentPath := trimSuffix(p, "."+key) - if isPropertyDefinition(parentPath) { - continue - } - jsonStr = appendHint(jsonStr, parentPath, fmt.Sprintf("%s: %s", key, val.String())) - } - } - return jsonStr -} - -func mergeAllOf(jsonStr string) string { - paths := findPaths(jsonStr, "allOf") - sortByDepth(paths) - - for _, p := range paths { - allOf := gjson.Get(jsonStr, p) - if !allOf.IsArray() { - continue - } - parentPath := trimSuffix(p, ".allOf") - - for _, item := range allOf.Array() { - if props := item.Get("properties"); props.IsObject() { - props.ForEach(func(key, value gjson.Result) bool { - destPath := joinPath(parentPath, "properties."+escapeGJSONPathKey(key.String())) - jsonStr, _ = sjson.SetRaw(jsonStr, destPath, value.Raw) - return true - }) - } - if req := item.Get("required"); req.IsArray() { - reqPath := joinPath(parentPath, "required") - current := getStrings(jsonStr, reqPath) - for _, r := range req.Array() { - if s := r.String(); !contains(current, s) { - current = append(current, s) - } - } - jsonStr, _ = sjson.Set(jsonStr, reqPath, current) - } - } - jsonStr, _ = sjson.Delete(jsonStr, p) - } - return jsonStr -} - -func flattenAnyOfOneOf(jsonStr string) string { - for _, key := range []string{"anyOf", "oneOf"} { - paths := findPaths(jsonStr, key) - sortByDepth(paths) - - for _, p := range paths { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() || len(arr.Array()) == 0 { - continue - } - - parentPath := trimSuffix(p, "."+key) - parentDesc := gjson.Get(jsonStr, descriptionPath(parentPath)).String() - - items := arr.Array() - bestIdx, allTypes := selectBest(items) - selected := items[bestIdx].Raw - - if parentDesc != "" { - selected = mergeDescriptionRaw(selected, parentDesc) - } - - if len(allTypes) > 1 { - hint := "Accepts: " + strings.Join(allTypes, " | ") - selected = appendHintRaw(selected, hint) - } - - jsonStr = setRawAt(jsonStr, parentPath, selected) - } - } - return jsonStr -} - -func selectBest(items []gjson.Result) (bestIdx int, types []string) { - bestScore := -1 - for i, item := range items { - t := item.Get("type").String() - score := 0 - - switch { - case t == "object" || item.Get("properties").Exists(): - score, t = 3, orDefault(t, "object") - case t == "array" || item.Get("items").Exists(): - score, t = 2, orDefault(t, "array") - case t != "" && t != "null": - score = 1 - default: - t = orDefault(t, "null") - } - - if t != "" { - types = append(types, t) - } - if score > bestScore { - bestScore, bestIdx = score, i - } - } - return -} - -func flattenTypeArrays(jsonStr string) string { - paths := findPaths(jsonStr, "type") - sortByDepth(paths) - - nullableFields := make(map[string][]string) - - for _, p := range paths { - res := gjson.Get(jsonStr, p) - if !res.IsArray() || len(res.Array()) == 0 { - continue - } - - hasNull := false - var nonNullTypes []string - for _, item := range res.Array() { - s := item.String() - if s == "null" { - hasNull = true - } else if s != "" { - nonNullTypes = append(nonNullTypes, s) - } - } - - firstType := "string" - if len(nonNullTypes) > 0 { - firstType = nonNullTypes[0] - } - - jsonStr, _ = sjson.Set(jsonStr, p, firstType) - - parentPath := trimSuffix(p, ".type") - if len(nonNullTypes) > 1 { - hint := "Accepts: " + strings.Join(nonNullTypes, " | ") - jsonStr = appendHint(jsonStr, parentPath, hint) - } - - if hasNull { - parts := splitGJSONPath(p) - if len(parts) >= 3 && parts[len(parts)-3] == "properties" { - fieldNameEscaped := parts[len(parts)-2] - fieldName := unescapeGJSONPathKey(fieldNameEscaped) - objectPath := strings.Join(parts[:len(parts)-3], ".") - nullableFields[objectPath] = append(nullableFields[objectPath], fieldName) - - propPath := joinPath(objectPath, "properties."+fieldNameEscaped) - jsonStr = appendHint(jsonStr, propPath, "(nullable)") - } - } - } - - for objectPath, fields := range nullableFields { - reqPath := joinPath(objectPath, "required") - req := gjson.Get(jsonStr, reqPath) - if !req.IsArray() { - continue - } - - var filtered []string - for _, r := range req.Array() { - if !contains(fields, r.String()) { - filtered = append(filtered, r.String()) - } - } - - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - return jsonStr -} - -func removeUnsupportedKeywords(jsonStr string) string { - keywords := append(unsupportedConstraints, - "$schema", "$defs", "definitions", "const", "$ref", "$id", "additionalProperties", - "propertyNames", "patternProperties", // Gemini doesn't support these schema keywords - "enumTitles", "prefill", // Claude/OpenCode schema metadata fields unsupported by Gemini - ) - - deletePaths := make([]string, 0) - pathsByField := findPathsByFields(jsonStr, keywords) - for _, key := range keywords { - for _, p := range pathsByField[key] { - if isPropertyDefinition(trimSuffix(p, "."+key)) { - continue - } - deletePaths = append(deletePaths, p) - } - } - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - // Remove x-* extension fields (e.g., x-google-enum-descriptions) that are not supported by Gemini API - jsonStr = removeExtensionFields(jsonStr) - return jsonStr -} - -// removeExtensionFields removes all x-* extension fields from the JSON schema. -// These are OpenAPI/JSON Schema extension fields that Google APIs don't recognize. -func removeExtensionFields(jsonStr string) string { - var paths []string - walkForExtensions(gjson.Parse(jsonStr), "", &paths) - // walkForExtensions returns paths in a way that deeper paths are added before their ancestors - // when they are not deleted wholesale, but since we skip children of deleted x-* nodes, - // any collected path is safe to delete. We still use DeleteBytes for efficiency. - - b := []byte(jsonStr) - for _, p := range paths { - b, _ = sjson.DeleteBytes(b, p) - } - return string(b) -} - -func walkForExtensions(value gjson.Result, path string, paths *[]string) { - if value.IsArray() { - arr := value.Array() - for i := len(arr) - 1; i >= 0; i-- { - walkForExtensions(arr[i], joinPath(path, strconv.Itoa(i)), paths) - } - return - } - - if value.IsObject() { - value.ForEach(func(key, val gjson.Result) bool { - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - childPath := joinPath(path, safeKey) - - // If it's an extension field, we delete it and don't need to look at its children. - if strings.HasPrefix(keyStr, "x-") && !isPropertyDefinition(path) { - *paths = append(*paths, childPath) - return true - } - - walkForExtensions(val, childPath, paths) - return true - }) - } -} - -func cleanupRequiredFields(jsonStr string) string { - for _, p := range findPaths(jsonStr, "required") { - parentPath := trimSuffix(p, ".required") - propsPath := joinPath(parentPath, "properties") - - req := gjson.Get(jsonStr, p) - props := gjson.Get(jsonStr, propsPath) - if !req.IsArray() || !props.IsObject() { - continue - } - - var valid []string - for _, r := range req.Array() { - key := r.String() - if props.Get(escapeGJSONPathKey(key)).Exists() { - valid = append(valid, key) - } - } - - if len(valid) != len(req.Array()) { - if len(valid) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, p) - } else { - jsonStr, _ = sjson.Set(jsonStr, p, valid) - } - } - } - return jsonStr -} - -// addEmptySchemaPlaceholder adds a placeholder "reason" property to empty object schemas. -// Claude VALIDATED mode requires at least one required property in tool schemas. -func addEmptySchemaPlaceholder(jsonStr string) string { - // Find all "type" fields - paths := findPaths(jsonStr, "type") - - // Process from deepest to shallowest (to handle nested objects properly) - sortByDepth(paths) - - for _, p := range paths { - typeVal := gjson.Get(jsonStr, p) - if typeVal.String() != "object" { - continue - } - - // Get the parent path (the object containing "type") - parentPath := trimSuffix(p, ".type") - - // Check if properties exists and is empty or missing - propsPath := joinPath(parentPath, "properties") - propsVal := gjson.Get(jsonStr, propsPath) - reqPath := joinPath(parentPath, "required") - reqVal := gjson.Get(jsonStr, reqPath) - hasRequiredProperties := reqVal.IsArray() && len(reqVal.Array()) > 0 - - needsPlaceholder := false - if !propsVal.Exists() { - // No properties field at all - needsPlaceholder = true - } else if propsVal.IsObject() && len(propsVal.Map()) == 0 { - // Empty properties object - needsPlaceholder = true - } - - if needsPlaceholder { - // Add placeholder "reason" property - reasonPath := joinPath(propsPath, "reason") - jsonStr, _ = sjson.Set(jsonStr, reasonPath+".type", "string") - jsonStr, _ = sjson.Set(jsonStr, reasonPath+".description", placeholderReasonDescription) - - // Add to required array - jsonStr, _ = sjson.Set(jsonStr, reqPath, []string{"reason"}) - continue - } - - // If schema has properties but none are required, add a minimal placeholder. - if propsVal.IsObject() && !hasRequiredProperties { - // DO NOT add placeholder if it's a top-level schema (parentPath is empty) - // or if we've already added a placeholder reason above. - if parentPath == "" { - continue - } - placeholderPath := joinPath(propsPath, "_") - if !gjson.Get(jsonStr, placeholderPath).Exists() { - jsonStr, _ = sjson.Set(jsonStr, placeholderPath+".type", "boolean") - } - jsonStr, _ = sjson.Set(jsonStr, reqPath, []string{"_"}) - } - } - - return jsonStr -} - -// --- Helpers --- - -func findPaths(jsonStr, field string) []string { - var paths []string - Walk(gjson.Parse(jsonStr), "", field, &paths) - return paths -} - -func findPathsByFields(jsonStr string, fields []string) map[string][]string { - set := make(map[string]struct{}, len(fields)) - for _, field := range fields { - set[field] = struct{}{} - } - paths := make(map[string][]string, len(set)) - walkForFields(gjson.Parse(jsonStr), "", set, paths) - return paths -} - -func walkForFields(value gjson.Result, path string, fields map[string]struct{}, paths map[string][]string) { - switch value.Type { - case gjson.JSON: - value.ForEach(func(key, val gjson.Result) bool { - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - - var childPath string - if path == "" { - childPath = safeKey - } else { - childPath = path + "." + safeKey - } - - if _, ok := fields[keyStr]; ok { - paths[keyStr] = append(paths[keyStr], childPath) - } - - walkForFields(val, childPath, fields, paths) - return true - }) - case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null: - // Terminal types - no further traversal needed - } -} - -func sortByDepth(paths []string) { - sort.Slice(paths, func(i, j int) bool { return len(paths[i]) > len(paths[j]) }) -} - -func trimSuffix(path, suffix string) string { - if path == strings.TrimPrefix(suffix, ".") { - return "" - } - return strings.TrimSuffix(path, suffix) -} - -func joinPath(base, suffix string) string { - if base == "" { - return suffix - } - return base + "." + suffix -} - -func setRawAt(jsonStr, path, value string) string { - if path == "" { - return value - } - result, _ := sjson.SetRaw(jsonStr, path, value) - return result -} - -func isPropertyDefinition(path string) bool { - return path == "properties" || strings.HasSuffix(path, ".properties") -} - -func descriptionPath(parentPath string) string { - if parentPath == "" || parentPath == "@this" { - return "description" - } - return parentPath + ".description" -} - -func appendHint(jsonStr, parentPath, hint string) string { - descPath := parentPath + ".description" - if parentPath == "" || parentPath == "@this" { - descPath = "description" - } - existing := gjson.Get(jsonStr, descPath).String() - if existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - jsonStr, _ = sjson.Set(jsonStr, descPath, hint) - return jsonStr -} - -func appendHintRaw(jsonRaw, hint string) string { - existing := gjson.Get(jsonRaw, "description").String() - if existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - jsonRaw, _ = sjson.Set(jsonRaw, "description", hint) - return jsonRaw -} - -func getStrings(jsonStr, path string) []string { - var result []string - if arr := gjson.Get(jsonStr, path); arr.IsArray() { - for _, r := range arr.Array() { - result = append(result, r.String()) - } - } - return result -} - -func contains(slice []string, item string) bool { - for _, s := range slice { - if s == item { - return true - } - } - return false -} - -func orDefault(val, def string) string { - if val == "" { - return def - } - return val -} - -func escapeGJSONPathKey(key string) string { - if strings.IndexAny(key, ".*?") == -1 { - return key - } - return gjsonPathKeyReplacer.Replace(key) -} - -func unescapeGJSONPathKey(key string) string { - if !strings.Contains(key, "\\") { - return key - } - var b strings.Builder - b.Grow(len(key)) - for i := 0; i < len(key); i++ { - if key[i] == '\\' && i+1 < len(key) { - i++ - b.WriteByte(key[i]) - continue - } - b.WriteByte(key[i]) - } - return b.String() -} - -func splitGJSONPath(path string) []string { - if path == "" { - return nil - } - - parts := make([]string, 0, strings.Count(path, ".")+1) - var b strings.Builder - b.Grow(len(path)) - - for i := 0; i < len(path); i++ { - c := path[i] - if c == '\\' && i+1 < len(path) { - b.WriteByte('\\') - i++ - b.WriteByte(path[i]) - continue - } - if c == '.' { - parts = append(parts, b.String()) - b.Reset() - continue - } - b.WriteByte(c) - } - parts = append(parts, b.String()) - return parts -} - -func mergeDescriptionRaw(schemaRaw, parentDesc string) string { - childDesc := gjson.Get(schemaRaw, "description").String() - switch { - case childDesc == "": - schemaRaw, _ = sjson.Set(schemaRaw, "description", parentDesc) - return schemaRaw - case childDesc == parentDesc: - return schemaRaw - default: - combined := fmt.Sprintf("%s (%s)", parentDesc, childDesc) - schemaRaw, _ = sjson.Set(schemaRaw, "description", combined) - return schemaRaw - } -} diff --git a/.worktrees/config/m/config-build/active/internal/util/gemini_schema_test.go b/.worktrees/config/m/config-build/active/internal/util/gemini_schema_test.go deleted file mode 100644 index bb06e95673..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/gemini_schema_test.go +++ /dev/null @@ -1,1048 +0,0 @@ -package util - -import ( - "encoding/json" - "reflect" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestCleanJSONSchemaForAntigravity_ConstToEnum(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "const": "InsightVizNode" - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": ["InsightVizNode"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_TypeFlattening_Nullable(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { - "type": ["string", "null"] - }, - "other": { - "type": "string" - } - }, - "required": ["name", "other"] - }` - - expected := `{ - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "(nullable)" - }, - "other": { - "type": "string" - } - }, - "required": ["other"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_ConstraintsToDescription(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "tags": { - "type": "array", - "description": "List of tags", - "minItems": 1 - }, - "name": { - "type": "string", - "description": "User name", - "minLength": 3 - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // minItems should be REMOVED and moved to description - if strings.Contains(result, `"minItems"`) { - t.Errorf("minItems keyword should be removed") - } - if !strings.Contains(result, "minItems: 1") { - t.Errorf("minItems hint missing in description") - } - - // minLength should be moved to description - if !strings.Contains(result, "minLength: 3") { - t.Errorf("minLength hint missing in description") - } - if strings.Contains(result, `"minLength":`) || strings.Contains(result, `"minLength" :`) { - t.Errorf("minLength keyword should be removed") - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfFlattening_SmartSelection(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "query": { - "anyOf": [ - { "type": "null" }, - { - "type": "object", - "properties": { - "kind": { "type": "string" } - } - } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "query": { - "type": "object", - "description": "Accepts: null | object", - "properties": { - "_": { "type": "boolean" }, - "kind": { "type": "string" } - }, - "required": ["_"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_OneOfFlattening(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "config": { - "oneOf": [ - { "type": "string" }, - { "type": "integer" } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "config": { - "type": "string", - "description": "Accepts: string | integer" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_AllOfMerging(t *testing.T) { - input := `{ - "type": "object", - "allOf": [ - { - "properties": { - "a": { "type": "string" } - }, - "required": ["a"] - }, - { - "properties": { - "b": { "type": "integer" } - }, - "required": ["b"] - } - ] - }` - - expected := `{ - "type": "object", - "properties": { - "a": { "type": "string" }, - "b": { "type": "integer" } - }, - "required": ["a", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_RefHandling(t *testing.T) { - input := `{ - "definitions": { - "User": { - "type": "object", - "properties": { - "name": { "type": "string" } - } - } - }, - "type": "object", - "properties": { - "customer": { "$ref": "#/definitions/User" } - } - }` - - // After $ref is converted to placeholder object, empty schema placeholder is also added - expected := `{ - "type": "object", - "properties": { - "customer": { - "type": "object", - "description": "See: User", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_RefHandling_DescriptionEscaping(t *testing.T) { - input := `{ - "definitions": { - "User": { - "type": "object", - "properties": { - "name": { "type": "string" } - } - } - }, - "type": "object", - "properties": { - "customer": { - "description": "He said \"hi\"\\nsecond line", - "$ref": "#/definitions/User" - } - } - }` - - // After $ref is converted, empty schema placeholder is also added - expected := `{ - "type": "object", - "properties": { - "customer": { - "type": "object", - "description": "He said \"hi\"\\nsecond line (See: User)", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_CyclicRefDefaults(t *testing.T) { - input := `{ - "definitions": { - "Node": { - "type": "object", - "properties": { - "child": { "$ref": "#/definitions/Node" } - } - } - }, - "$ref": "#/definitions/Node" - }` - - result := CleanJSONSchemaForAntigravity(input) - - var resMap map[string]interface{} - json.Unmarshal([]byte(result), &resMap) - - if resMap["type"] != "object" { - t.Errorf("Expected type: object, got: %v", resMap["type"]) - } - - desc, ok := resMap["description"].(string) - if !ok || !strings.Contains(desc, "Node") { - t.Errorf("Expected description hint containing 'Node', got: %v", resMap["description"]) - } -} - -func TestCleanJSONSchemaForAntigravity_RequiredCleanup(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "a": {"type": "string"}, - "b": {"type": "string"} - }, - "required": ["a", "b", "c"] - }` - - expected := `{ - "type": "object", - "properties": { - "a": {"type": "string"}, - "b": {"type": "string"} - }, - "required": ["a", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_AllOfMerging_DotKeys(t *testing.T) { - input := `{ - "type": "object", - "allOf": [ - { - "properties": { - "my.param": { "type": "string" } - }, - "required": ["my.param"] - }, - { - "properties": { - "b": { "type": "integer" } - }, - "required": ["b"] - } - ] - }` - - expected := `{ - "type": "object", - "properties": { - "my.param": { "type": "string" }, - "b": { "type": "integer" } - }, - "required": ["my.param", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_PropertyNameCollision(t *testing.T) { - // A tool has an argument named "pattern" - should NOT be treated as a constraint - input := `{ - "type": "object", - "properties": { - "pattern": { - "type": "string", - "description": "The regex pattern" - } - }, - "required": ["pattern"] - }` - - expected := `{ - "type": "object", - "properties": { - "pattern": { - "type": "string", - "description": "The regex pattern" - } - }, - "required": ["pattern"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) - - var resMap map[string]interface{} - json.Unmarshal([]byte(result), &resMap) - props, _ := resMap["properties"].(map[string]interface{}) - if _, ok := props["description"]; ok { - t.Errorf("Invalid 'description' property injected into properties map") - } -} - -func TestCleanJSONSchemaForAntigravity_DotKeys(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "my.param": { - "type": "string", - "$ref": "#/definitions/MyType" - } - }, - "definitions": { - "MyType": { "type": "string" } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - var resMap map[string]interface{} - if err := json.Unmarshal([]byte(result), &resMap); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - props, ok := resMap["properties"].(map[string]interface{}) - if !ok { - t.Fatalf("properties missing") - } - - if val, ok := props["my.param"]; !ok { - t.Fatalf("Key 'my.param' is missing. Result: %s", result) - } else { - valMap, _ := val.(map[string]interface{}) - if _, hasRef := valMap["$ref"]; hasRef { - t.Errorf("Key 'my.param' still contains $ref") - } - if _, ok := props["my"]; ok { - t.Errorf("Artifact key 'my' created by sjson splitting") - } - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfAlternativeHints(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "anyOf": [ - { "type": "string" }, - { "type": "integer" }, - { "type": "null" } - ] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Accepts:") { - t.Errorf("Expected alternative types hint, got: %s", result) - } - if !strings.Contains(result, "string") || !strings.Contains(result, "integer") { - t.Errorf("Expected all alternative types in hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NullableHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { - "type": ["string", "null"], - "description": "User name" - } - }, - "required": ["name"] - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "(nullable)") { - t.Errorf("Expected nullable hint, got: %s", result) - } - if !strings.Contains(result, "User name") { - t.Errorf("Expected original description to be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_TypeFlattening_Nullable_DotKey(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "my.param": { - "type": ["string", "null"] - }, - "other": { - "type": "string" - } - }, - "required": ["my.param", "other"] - }` - - expected := `{ - "type": "object", - "properties": { - "my.param": { - "type": "string", - "description": "(nullable)" - }, - "other": { - "type": "string" - } - }, - "required": ["other"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_EnumHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "status": { - "type": "string", - "enum": ["active", "inactive", "pending"], - "description": "Current status" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Allowed:") { - t.Errorf("Expected enum values hint, got: %s", result) - } - if !strings.Contains(result, "active") || !strings.Contains(result, "inactive") { - t.Errorf("Expected enum values in hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_AdditionalPropertiesHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { "type": "string" } - }, - "additionalProperties": false - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "No extra properties allowed") { - t.Errorf("Expected additionalProperties hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfFlattening_PreservesDescription(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "config": { - "description": "Parent desc", - "anyOf": [ - { "type": "string", "description": "Child desc" }, - { "type": "integer" } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "config": { - "type": "string", - "description": "Parent desc (Child desc) (Accepts: string | integer)" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_SingleEnumNoHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": ["fixed"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if strings.Contains(result, "Allowed:") { - t.Errorf("Single value enum should not add Allowed hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_MultipleNonNullTypes(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "type": ["string", "integer", "boolean"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Accepts:") { - t.Errorf("Expected multiple types hint, got: %s", result) - } - if !strings.Contains(result, "string") || !strings.Contains(result, "integer") || !strings.Contains(result, "boolean") { - t.Errorf("Expected all types in hint, got: %s", result) - } -} - -func compareJSON(t *testing.T, expectedJSON, actualJSON string) { - var expMap, actMap map[string]interface{} - errExp := json.Unmarshal([]byte(expectedJSON), &expMap) - errAct := json.Unmarshal([]byte(actualJSON), &actMap) - - if errExp != nil || errAct != nil { - t.Fatalf("JSON Unmarshal error. Exp: %v, Act: %v", errExp, errAct) - } - - if !reflect.DeepEqual(expMap, actMap) { - expBytes, _ := json.MarshalIndent(expMap, "", " ") - actBytes, _ := json.MarshalIndent(actMap, "", " ") - t.Errorf("JSON mismatch:\nExpected:\n%s\n\nActual:\n%s", string(expBytes), string(actBytes)) - } -} - -// ============================================================================ -// Empty Schema Placeholder Tests -// ============================================================================ - -func TestCleanJSONSchemaForAntigravity_EmptySchemaPlaceholder(t *testing.T) { - // Empty object schema with no properties should get a placeholder - input := `{ - "type": "object" - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have placeholder property added - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty schema should have 'reason' placeholder property, got: %s", result) - } - if !strings.Contains(result, `"required"`) { - t.Errorf("Empty schema should have 'required' with 'reason', got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_EmptyPropertiesPlaceholder(t *testing.T) { - // Object with empty properties object - input := `{ - "type": "object", - "properties": {} - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have placeholder property added - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty properties should have 'reason' placeholder, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NonEmptySchemaUnchanged(t *testing.T) { - // Schema with properties should NOT get placeholder - input := `{ - "type": "object", - "properties": { - "name": {"type": "string"} - }, - "required": ["name"] - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should NOT have placeholder property - if strings.Contains(result, `"reason"`) { - t.Errorf("Non-empty schema should NOT have 'reason' placeholder, got: %s", result) - } - // Original properties should be preserved - if !strings.Contains(result, `"name"`) { - t.Errorf("Original property 'name' should be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NestedEmptySchema(t *testing.T) { - // Nested empty object in items should also get placeholder - input := `{ - "type": "object", - "properties": { - "items": { - "type": "array", - "items": { - "type": "object" - } - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Nested empty object should also get placeholder - // Check that the nested object has a reason property - parsed := gjson.Parse(result) - nestedProps := parsed.Get("properties.items.items.properties") - if !nestedProps.Exists() || !nestedProps.Get("reason").Exists() { - t.Errorf("Nested empty object should have 'reason' placeholder, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_EmptySchemaWithDescription(t *testing.T) { - // Empty schema with description should preserve description and add placeholder - input := `{ - "type": "object", - "description": "An empty object" - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have both description and placeholder - if !strings.Contains(result, `"An empty object"`) { - t.Errorf("Description should be preserved, got: %s", result) - } - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty schema should have 'reason' placeholder, got: %s", result) - } -} - -// ============================================================================ -// Format field handling (ad-hoc patch removal) -// ============================================================================ - -func TestCleanJSONSchemaForAntigravity_FormatFieldRemoval(t *testing.T) { - // format:"uri" should be removed and added as hint - input := `{ - "type": "object", - "properties": { - "url": { - "type": "string", - "format": "uri", - "description": "A URL" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // format should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("format field should be removed, got: %s", result) - } - // hint should be added to description - if !strings.Contains(result, "format: uri") { - t.Errorf("format hint should be added to description, got: %s", result) - } - // original description should be preserved - if !strings.Contains(result, "A URL") { - t.Errorf("Original description should be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_FormatFieldNoDescription(t *testing.T) { - // format without description should create description with hint - input := `{ - "type": "object", - "properties": { - "email": { - "type": "string", - "format": "email" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // format should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("format field should be removed, got: %s", result) - } - // hint should be added - if !strings.Contains(result, "format: email") { - t.Errorf("format hint should be added, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_MultipleFormats(t *testing.T) { - // Multiple format fields should all be handled - input := `{ - "type": "object", - "properties": { - "url": {"type": "string", "format": "uri"}, - "email": {"type": "string", "format": "email"}, - "date": {"type": "string", "format": "date-time"} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // All format fields should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("All format fields should be removed, got: %s", result) - } - // All hints should be added - if !strings.Contains(result, "format: uri") { - t.Errorf("uri format hint should be added, got: %s", result) - } - if !strings.Contains(result, "format: email") { - t.Errorf("email format hint should be added, got: %s", result) - } - if !strings.Contains(result, "format: date-time") { - t.Errorf("date-time format hint should be added, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NumericEnumToString(t *testing.T) { - // Gemini API requires enum values to be strings, not numbers - input := `{ - "type": "object", - "properties": { - "priority": {"type": "integer", "enum": [0, 1, 2]}, - "level": {"type": "number", "enum": [1.5, 2.5, 3.5]}, - "status": {"type": "string", "enum": ["active", "inactive"]} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Numeric enum values should be converted to strings - if strings.Contains(result, `"enum":[0,1,2]`) { - t.Errorf("Integer enum values should be converted to strings, got: %s", result) - } - if strings.Contains(result, `"enum":[1.5,2.5,3.5]`) { - t.Errorf("Float enum values should be converted to strings, got: %s", result) - } - // Should contain string versions - if !strings.Contains(result, `"0"`) || !strings.Contains(result, `"1"`) || !strings.Contains(result, `"2"`) { - t.Errorf("Integer enum values should be converted to string format, got: %s", result) - } - // String enum values should remain unchanged - if !strings.Contains(result, `"active"`) || !strings.Contains(result, `"inactive"`) { - t.Errorf("String enum values should remain unchanged, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_BooleanEnumToString(t *testing.T) { - // Boolean enum values should also be converted to strings - input := `{ - "type": "object", - "properties": { - "enabled": {"type": "boolean", "enum": [true, false]} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Boolean enum values should be converted to strings - if strings.Contains(result, `"enum":[true,false]`) { - t.Errorf("Boolean enum values should be converted to strings, got: %s", result) - } - // Should contain string versions "true" and "false" - if !strings.Contains(result, `"true"`) || !strings.Contains(result, `"false"`) { - t.Errorf("Boolean enum values should be converted to string format, got: %s", result) - } -} - -func TestCleanJSONSchemaForGemini_RemovesGeminiUnsupportedMetadataFields(t *testing.T) { - input := `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "payload": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - }, - "$id": { - "type": "string", - "description": "property name should not be removed" - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "payload": { - "type": "object", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "description": "Allowed: a, b" - } - } - }, - "$id": { - "type": "string", - "description": "property name should not be removed" - } - } - }` - - result := CleanJSONSchemaForGemini(input) - compareJSON(t, expected, result) -} - -func TestRemoveExtensionFields(t *testing.T) { - tests := []struct { - name string - input string - expected string - }{ - { - name: "removes x- fields at root", - input: `{ - "type": "object", - "x-custom-meta": "value", - "properties": { - "foo": { "type": "string" } - } - }`, - expected: `{ - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - }, - { - name: "removes x- fields in nested properties", - input: `{ - "type": "object", - "properties": { - "foo": { - "type": "string", - "x-internal-id": 123 - } - } - }`, - expected: `{ - "type": "object", - "properties": { - "foo": { - "type": "string" - } - } - }`, - }, - { - name: "does NOT remove properties named x-", - input: `{ - "type": "object", - "properties": { - "x-data": { "type": "string" }, - "normal": { "type": "number", "x-meta": "remove" } - }, - "required": ["x-data"] - }`, - expected: `{ - "type": "object", - "properties": { - "x-data": { "type": "string" }, - "normal": { "type": "number" } - }, - "required": ["x-data"] - }`, - }, - { - name: "does NOT remove $schema and other meta fields (as requested)", - input: `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "test", - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - expected: `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "test", - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - }, - { - name: "handles properties named $schema", - input: `{ - "type": "object", - "properties": { - "$schema": { "type": "string" } - } - }`, - expected: `{ - "type": "object", - "properties": { - "$schema": { "type": "string" } - } - }`, - }, - { - name: "handles escaping in paths", - input: `{ - "type": "object", - "properties": { - "foo.bar": { - "type": "string", - "x-meta": "remove" - } - }, - "x-root.meta": "remove" - }`, - expected: `{ - "type": "object", - "properties": { - "foo.bar": { - "type": "string" - } - } - }`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actual := removeExtensionFields(tt.input) - compareJSON(t, tt.expected, actual) - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/util/header_helpers.go b/.worktrees/config/m/config-build/active/internal/util/header_helpers.go deleted file mode 100644 index c53c291f10..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/header_helpers.go +++ /dev/null @@ -1,52 +0,0 @@ -package util - -import ( - "net/http" - "strings" -) - -// ApplyCustomHeadersFromAttrs applies user-defined headers stored in the provided attributes map. -// Custom headers override built-in defaults when conflicts occur. -func ApplyCustomHeadersFromAttrs(r *http.Request, attrs map[string]string) { - if r == nil { - return - } - applyCustomHeaders(r, extractCustomHeaders(attrs)) -} - -func extractCustomHeaders(attrs map[string]string) map[string]string { - if len(attrs) == 0 { - return nil - } - headers := make(map[string]string) - for k, v := range attrs { - if !strings.HasPrefix(k, "header:") { - continue - } - name := strings.TrimSpace(strings.TrimPrefix(k, "header:")) - if name == "" { - continue - } - val := strings.TrimSpace(v) - if val == "" { - continue - } - headers[name] = val - } - if len(headers) == 0 { - return nil - } - return headers -} - -func applyCustomHeaders(r *http.Request, headers map[string]string) { - if r == nil || len(headers) == 0 { - return - } - for k, v := range headers { - if k == "" || v == "" { - continue - } - r.Header.Set(k, v) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/util/image.go b/.worktrees/config/m/config-build/active/internal/util/image.go deleted file mode 100644 index 70d5cdc413..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/image.go +++ /dev/null @@ -1,59 +0,0 @@ -package util - -import ( - "bytes" - "encoding/base64" - "image" - "image/draw" - "image/png" -) - -func CreateWhiteImageBase64(aspectRatio string) (string, error) { - width := 1024 - height := 1024 - - switch aspectRatio { - case "1:1": - width = 1024 - height = 1024 - case "2:3": - width = 832 - height = 1248 - case "3:2": - width = 1248 - height = 832 - case "3:4": - width = 864 - height = 1184 - case "4:3": - width = 1184 - height = 864 - case "4:5": - width = 896 - height = 1152 - case "5:4": - width = 1152 - height = 896 - case "9:16": - width = 768 - height = 1344 - case "16:9": - width = 1344 - height = 768 - case "21:9": - width = 1536 - height = 672 - } - - img := image.NewRGBA(image.Rect(0, 0, width, height)) - draw.Draw(img, img.Bounds(), image.White, image.Point{}, draw.Src) - - var buf bytes.Buffer - - if err := png.Encode(&buf, img); err != nil { - return "", err - } - - base64String := base64.StdEncoding.EncodeToString(buf.Bytes()) - return base64String, nil -} diff --git a/.worktrees/config/m/config-build/active/internal/util/provider.go b/.worktrees/config/m/config-build/active/internal/util/provider.go deleted file mode 100644 index 1535135479..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/provider.go +++ /dev/null @@ -1,269 +0,0 @@ -// Package util provides utility functions used across the CLIProxyAPI application. -// These functions handle common tasks such as determining AI service providers -// from model names and managing HTTP proxies. -package util - -import ( - "net/url" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - log "github.com/sirupsen/logrus" -) - -// GetProviderName determines all AI service providers capable of serving a registered model. -// It first queries the global model registry to retrieve the providers backing the supplied model name. -// When the model has not been registered yet, it falls back to legacy string heuristics to infer -// potential providers. -// -// Supported providers include (but are not limited to): -// - "gemini" for Google's Gemini family -// - "codex" for OpenAI GPT-compatible providers -// - "claude" for Anthropic models -// - "qwen" for Alibaba's Qwen models -// - "openai-compatibility" for external OpenAI-compatible providers -// -// Parameters: -// - modelName: The name of the model to identify providers for. -// - cfg: The application configuration containing OpenAI compatibility settings. -// -// Returns: -// - []string: All provider identifiers capable of serving the model, ordered by preference. -func GetProviderName(modelName string) []string { - if modelName == "" { - return nil - } - - providers := make([]string, 0, 4) - seen := make(map[string]struct{}) - - appendProvider := func(name string) { - if name == "" { - return - } - if _, exists := seen[name]; exists { - return - } - seen[name] = struct{}{} - providers = append(providers, name) - } - - for _, provider := range registry.GetGlobalRegistry().GetModelProviders(modelName) { - appendProvider(provider) - } - - if len(providers) > 0 { - return providers - } - - return providers -} - -// ResolveAutoModel resolves the "auto" model name to an actual available model. -// It uses an empty handler type to get any available model from the registry. -// -// Parameters: -// - modelName: The model name to check (should be "auto") -// -// Returns: -// - string: The resolved model name, or the original if not "auto" or resolution fails -func ResolveAutoModel(modelName string) string { - if modelName != "auto" { - return modelName - } - - // Use empty string as handler type to get any available model - firstModel, err := registry.GetGlobalRegistry().GetFirstAvailableModel("") - if err != nil { - log.Warnf("Failed to resolve 'auto' model: %v, falling back to original model name", err) - return modelName - } - - log.Infof("Resolved 'auto' model to: %s", firstModel) - return firstModel -} - -// IsOpenAICompatibilityAlias checks if the given model name is an alias -// configured for OpenAI compatibility routing. -// -// Parameters: -// - modelName: The model name to check -// - cfg: The application configuration containing OpenAI compatibility settings -// -// Returns: -// - bool: True if the model name is an OpenAI compatibility alias, false otherwise -func IsOpenAICompatibilityAlias(modelName string, cfg *config.Config) bool { - if cfg == nil { - return false - } - - for _, compat := range cfg.OpenAICompatibility { - for _, model := range compat.Models { - if model.Alias == modelName { - return true - } - } - } - return false -} - -// GetOpenAICompatibilityConfig returns the OpenAI compatibility configuration -// and model details for the given alias. -// -// Parameters: -// - alias: The model alias to find configuration for -// - cfg: The application configuration containing OpenAI compatibility settings -// -// Returns: -// - *config.OpenAICompatibility: The matching compatibility configuration, or nil if not found -// - *config.OpenAICompatibilityModel: The matching model configuration, or nil if not found -func GetOpenAICompatibilityConfig(alias string, cfg *config.Config) (*config.OpenAICompatibility, *config.OpenAICompatibilityModel) { - if cfg == nil { - return nil, nil - } - - for _, compat := range cfg.OpenAICompatibility { - for _, model := range compat.Models { - if model.Alias == alias { - return &compat, &model - } - } - } - return nil, nil -} - -// InArray checks if a string exists in a slice of strings. -// It iterates through the slice and returns true if the target string is found, -// otherwise it returns false. -// -// Parameters: -// - hystack: The slice of strings to search in -// - needle: The string to search for -// -// Returns: -// - bool: True if the string is found, false otherwise -func InArray(hystack []string, needle string) bool { - for _, item := range hystack { - if needle == item { - return true - } - } - return false -} - -// HideAPIKey obscures an API key for logging purposes, showing only the first and last few characters. -// -// Parameters: -// - apiKey: The API key to hide. -// -// Returns: -// - string: The obscured API key. -func HideAPIKey(apiKey string) string { - if len(apiKey) > 8 { - return apiKey[:4] + "..." + apiKey[len(apiKey)-4:] - } else if len(apiKey) > 4 { - return apiKey[:2] + "..." + apiKey[len(apiKey)-2:] - } else if len(apiKey) > 2 { - return apiKey[:1] + "..." + apiKey[len(apiKey)-1:] - } - return apiKey -} - -// maskAuthorizationHeader masks the Authorization header value while preserving the auth type prefix. -// Common formats: "Bearer ", "Basic ", "ApiKey ", etc. -// It preserves the prefix (e.g., "Bearer ") and only masks the token/credential part. -// -// Parameters: -// - value: The Authorization header value -// -// Returns: -// - string: The masked Authorization value with prefix preserved -func MaskAuthorizationHeader(value string) string { - parts := strings.SplitN(strings.TrimSpace(value), " ", 2) - if len(parts) < 2 { - return HideAPIKey(value) - } - return parts[0] + " " + HideAPIKey(parts[1]) -} - -// MaskSensitiveHeaderValue masks sensitive header values while preserving expected formats. -// -// Behavior by header key (case-insensitive): -// - "Authorization": Preserve the auth type prefix (e.g., "Bearer ") and mask only the credential part. -// - Headers containing "api-key": Mask the entire value using HideAPIKey. -// - Others: Return the original value unchanged. -// -// Parameters: -// - key: The HTTP header name to inspect (case-insensitive matching). -// - value: The header value to mask when sensitive. -// -// Returns: -// - string: The masked value according to the header type; unchanged if not sensitive. -func MaskSensitiveHeaderValue(key, value string) string { - lowerKey := strings.ToLower(strings.TrimSpace(key)) - switch { - case strings.Contains(lowerKey, "authorization"): - return MaskAuthorizationHeader(value) - case strings.Contains(lowerKey, "api-key"), - strings.Contains(lowerKey, "apikey"), - strings.Contains(lowerKey, "token"), - strings.Contains(lowerKey, "secret"): - return HideAPIKey(value) - default: - return value - } -} - -// MaskSensitiveQuery masks sensitive query parameters, e.g. auth_token, within the raw query string. -func MaskSensitiveQuery(raw string) string { - if raw == "" { - return "" - } - parts := strings.Split(raw, "&") - changed := false - for i, part := range parts { - if part == "" { - continue - } - keyPart := part - valuePart := "" - if idx := strings.Index(part, "="); idx >= 0 { - keyPart = part[:idx] - valuePart = part[idx+1:] - } - decodedKey, err := url.QueryUnescape(keyPart) - if err != nil { - decodedKey = keyPart - } - if !shouldMaskQueryParam(decodedKey) { - continue - } - decodedValue, err := url.QueryUnescape(valuePart) - if err != nil { - decodedValue = valuePart - } - masked := HideAPIKey(strings.TrimSpace(decodedValue)) - parts[i] = keyPart + "=" + url.QueryEscape(masked) - changed = true - } - if !changed { - return raw - } - return strings.Join(parts, "&") -} - -func shouldMaskQueryParam(key string) bool { - key = strings.ToLower(strings.TrimSpace(key)) - if key == "" { - return false - } - key = strings.TrimSuffix(key, "[]") - if key == "key" || strings.Contains(key, "api-key") || strings.Contains(key, "apikey") || strings.Contains(key, "api_key") { - return true - } - if strings.Contains(key, "token") || strings.Contains(key, "secret") { - return true - } - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/util/proxy.go b/.worktrees/config/m/config-build/active/internal/util/proxy.go deleted file mode 100644 index aea52ba8ce..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/proxy.go +++ /dev/null @@ -1,55 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for proxy configuration, HTTP client setup, -// log level management, and other common operations used across the application. -package util - -import ( - "context" - "net" - "net/http" - "net/url" - - "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// SetProxy configures the provided HTTP client with proxy settings from the configuration. -// It supports SOCKS5, HTTP, and HTTPS proxies. The function modifies the client's transport -// to route requests through the configured proxy server. -func SetProxy(cfg *config.SDKConfig, httpClient *http.Client) *http.Client { - var transport *http.Transport - // Attempt to parse the proxy URL from the configuration. - proxyURL, errParse := url.Parse(cfg.ProxyURL) - if errParse == nil { - // Handle different proxy schemes. - if proxyURL.Scheme == "socks5" { - // Configure SOCKS5 proxy with optional authentication. - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return httpClient - } - // Set up a custom transport using the SOCKS5 dialer. - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } else if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - // Configure HTTP or HTTPS proxy. - transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - } - // If a new transport was created, apply it to the HTTP client. - if transport != nil { - httpClient.Transport = transport - } - return httpClient -} diff --git a/.worktrees/config/m/config-build/active/internal/util/sanitize_test.go b/.worktrees/config/m/config-build/active/internal/util/sanitize_test.go deleted file mode 100644 index 4ff8454b0b..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/sanitize_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package util - -import ( - "testing" -) - -func TestSanitizeFunctionName(t *testing.T) { - tests := []struct { - name string - input string - expected string - }{ - {"Normal", "valid_name", "valid_name"}, - {"With Dots", "name.with.dots", "name.with.dots"}, - {"With Colons", "name:with:colons", "name:with:colons"}, - {"With Dashes", "name-with-dashes", "name-with-dashes"}, - {"Mixed Allowed", "name.with_dots:colons-dashes", "name.with_dots:colons-dashes"}, - {"Invalid Characters", "name!with@invalid#chars", "name_with_invalid_chars"}, - {"Spaces", "name with spaces", "name_with_spaces"}, - {"Non-ASCII", "name_with_你好_chars", "name_with____chars"}, - {"Starts with digit", "123name", "_123name"}, - {"Starts with dot", ".name", "_.name"}, - {"Starts with colon", ":name", "_:name"}, - {"Starts with dash", "-name", "_-name"}, - {"Starts with invalid char", "!name", "_name"}, - {"Exactly 64 chars", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact"}, - {"Too long (65 chars)", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charactX", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact"}, - {"Very long", "this_is_a_very_long_name_that_exceeds_the_sixty_four_character_limit_for_function_names", "this_is_a_very_long_name_that_exceeds_the_sixty_four_character_l"}, - {"Starts with digit (64 chars total)", "1234567890123456789012345678901234567890123456789012345678901234", "_123456789012345678901234567890123456789012345678901234567890123"}, - {"Starts with invalid char (64 chars total)", "!234567890123456789012345678901234567890123456789012345678901234", "_234567890123456789012345678901234567890123456789012345678901234"}, - {"Empty", "", ""}, - {"Single character invalid", "@", "_"}, - {"Single character valid", "a", "a"}, - {"Single character digit", "1", "_1"}, - {"Single character underscore", "_", "_"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := SanitizeFunctionName(tt.input) - if got != tt.expected { - t.Errorf("SanitizeFunctionName(%q) = %v, want %v", tt.input, got, tt.expected) - } - // Verify Gemini compliance - if len(got) > 64 { - t.Errorf("SanitizeFunctionName(%q) result too long: %d", tt.input, len(got)) - } - if len(got) > 0 { - first := got[0] - if !((first >= 'a' && first <= 'z') || (first >= 'A' && first <= 'Z') || first == '_') { - t.Errorf("SanitizeFunctionName(%q) result starts with invalid char: %c", tt.input, first) - } - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/util/ssh_helper.go b/.worktrees/config/m/config-build/active/internal/util/ssh_helper.go deleted file mode 100644 index 2f81fcb365..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/ssh_helper.go +++ /dev/null @@ -1,135 +0,0 @@ -// Package util provides helper functions for SSH tunnel instructions and network-related tasks. -// This includes detecting the appropriate IP address and printing commands -// to help users connect to the local server from a remote machine. -package util - -import ( - "context" - "fmt" - "io" - "net" - "net/http" - "strings" - "time" - - log "github.com/sirupsen/logrus" -) - -var ipServices = []string{ - "https://api.ipify.org", - "https://ifconfig.me/ip", - "https://icanhazip.com", - "https://ipinfo.io/ip", -} - -// getPublicIP attempts to retrieve the public IP address from a list of external services. -// It iterates through the ipServices and returns the first successful response. -// -// Returns: -// - string: The public IP address as a string -// - error: An error if all services fail, nil otherwise -func getPublicIP() (string, error) { - for _, service := range ipServices { - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - req, err := http.NewRequestWithContext(ctx, "GET", service, nil) - if err != nil { - log.Debugf("Failed to create request to %s: %v", service, err) - continue - } - - resp, err := http.DefaultClient.Do(req) - if err != nil { - log.Debugf("Failed to get public IP from %s: %v", service, err) - continue - } - defer func() { - if closeErr := resp.Body.Close(); closeErr != nil { - log.Warnf("Failed to close response body from %s: %v", service, closeErr) - } - }() - - if resp.StatusCode != http.StatusOK { - log.Debugf("bad status code from %s: %d", service, resp.StatusCode) - continue - } - - ip, err := io.ReadAll(resp.Body) - if err != nil { - log.Debugf("Failed to read response body from %s: %v", service, err) - continue - } - return strings.TrimSpace(string(ip)), nil - } - return "", fmt.Errorf("all IP services failed") -} - -// getOutboundIP retrieves the preferred outbound IP address of this machine. -// It uses a UDP connection to a public DNS server to determine the local IP -// address that would be used for outbound traffic. -// -// Returns: -// - string: The outbound IP address as a string -// - error: An error if the IP address cannot be determined, nil otherwise -func getOutboundIP() (string, error) { - conn, err := net.Dial("udp", "8.8.8.8:80") - if err != nil { - return "", err - } - defer func() { - if closeErr := conn.Close(); closeErr != nil { - log.Warnf("Failed to close UDP connection: %v", closeErr) - } - }() - - localAddr, ok := conn.LocalAddr().(*net.UDPAddr) - if !ok { - return "", fmt.Errorf("could not assert UDP address type") - } - - return localAddr.IP.String(), nil -} - -// GetIPAddress attempts to find the best-available IP address. -// It first tries to get the public IP address, and if that fails, -// it falls back to getting the local outbound IP address. -// -// Returns: -// - string: The determined IP address (preferring public IPv4) -func GetIPAddress() string { - publicIP, err := getPublicIP() - if err == nil { - log.Debugf("Public IP detected: %s", publicIP) - return publicIP - } - log.Warnf("Failed to get public IP, falling back to outbound IP: %v", err) - outboundIP, err := getOutboundIP() - if err == nil { - log.Debugf("Outbound IP detected: %s", outboundIP) - return outboundIP - } - log.Errorf("Failed to get any IP address: %v", err) - return "127.0.0.1" // Fallback -} - -// PrintSSHTunnelInstructions detects the IP address and prints SSH tunnel instructions -// for the user to connect to the local OAuth callback server from a remote machine. -// -// Parameters: -// - port: The local port number for the SSH tunnel -func PrintSSHTunnelInstructions(port int) { - ipAddress := GetIPAddress() - border := "================================================================================" - fmt.Println("To authenticate from a remote machine, an SSH tunnel may be required.") - fmt.Println(border) - fmt.Println(" Run one of the following commands on your local machine (NOT the server):") - fmt.Println() - fmt.Printf(" # Standard SSH command (assumes SSH port 22):\n") - fmt.Printf(" ssh -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress) - fmt.Println() - fmt.Printf(" # If using an SSH key (assumes SSH port 22):\n") - fmt.Printf(" ssh -i -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress) - fmt.Println() - fmt.Println(" NOTE: If your server's SSH port is not 22, please modify the '-p 22' part accordingly.") - fmt.Println(border) -} diff --git a/.worktrees/config/m/config-build/active/internal/util/translator.go b/.worktrees/config/m/config-build/active/internal/util/translator.go deleted file mode 100644 index 51ecb748a0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/translator.go +++ /dev/null @@ -1,221 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for JSON manipulation, proxy configuration, -// and other common operations used across the application. -package util - -import ( - "bytes" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Walk recursively traverses a JSON structure to find all occurrences of a specific field. -// It builds paths to each occurrence and adds them to the provided paths slice. -// -// Parameters: -// - value: The gjson.Result object to traverse -// - path: The current path in the JSON structure (empty string for root) -// - field: The field name to search for -// - paths: Pointer to a slice where found paths will be stored -// -// The function works recursively, building dot-notation paths to each occurrence -// of the specified field throughout the JSON structure. -func Walk(value gjson.Result, path, field string, paths *[]string) { - switch value.Type { - case gjson.JSON: - // For JSON objects and arrays, iterate through each child - value.ForEach(func(key, val gjson.Result) bool { - var childPath string - // Escape special characters for gjson/sjson path syntax - // . -> \. - // * -> \* - // ? -> \? - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - - if path == "" { - childPath = safeKey - } else { - childPath = path + "." + safeKey - } - if keyStr == field { - *paths = append(*paths, childPath) - } - Walk(val, childPath, field, paths) - return true - }) - case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null: - // Terminal types - no further traversal needed - } -} - -// RenameKey renames a key in a JSON string by moving its value to a new key path -// and then deleting the old key path. -// -// Parameters: -// - jsonStr: The JSON string to modify -// - oldKeyPath: The dot-notation path to the key that should be renamed -// - newKeyPath: The dot-notation path where the value should be moved to -// -// Returns: -// - string: The modified JSON string with the key renamed -// - error: An error if the operation fails -// -// The function performs the rename in two steps: -// 1. Sets the value at the new key path -// 2. Deletes the old key path -func RenameKey(jsonStr, oldKeyPath, newKeyPath string) (string, error) { - value := gjson.Get(jsonStr, oldKeyPath) - - if !value.Exists() { - return "", fmt.Errorf("old key '%s' does not exist", oldKeyPath) - } - - interimJson, err := sjson.SetRaw(jsonStr, newKeyPath, value.Raw) - if err != nil { - return "", fmt.Errorf("failed to set new key '%s': %w", newKeyPath, err) - } - - finalJson, err := sjson.Delete(interimJson, oldKeyPath) - if err != nil { - return "", fmt.Errorf("failed to delete old key '%s': %w", oldKeyPath, err) - } - - return finalJson, nil -} - -// FixJSON converts non-standard JSON that uses single quotes for strings into -// RFC 8259-compliant JSON by converting those single-quoted strings to -// double-quoted strings with proper escaping. -// -// Examples: -// -// {'a': 1, 'b': '2'} => {"a": 1, "b": "2"} -// {"t": 'He said "hi"'} => {"t": "He said \"hi\""} -// -// Rules: -// - Existing double-quoted JSON strings are preserved as-is. -// - Single-quoted strings are converted to double-quoted strings. -// - Inside converted strings, any double quote is escaped (\"). -// - Common backslash escapes (\n, \r, \t, \b, \f, \\) are preserved. -// - \' inside single-quoted strings becomes a literal ' in the output (no -// escaping needed inside double quotes). -// - Unicode escapes (\uXXXX) inside single-quoted strings are forwarded. -// - The function does not attempt to fix other non-JSON features beyond quotes. -func FixJSON(input string) string { - var out bytes.Buffer - - inDouble := false - inSingle := false - escaped := false // applies within the current string state - - // Helper to write a rune, escaping double quotes when inside a converted - // single-quoted string (which becomes a double-quoted string in output). - writeConverted := func(r rune) { - if r == '"' { - out.WriteByte('\\') - out.WriteByte('"') - return - } - out.WriteRune(r) - } - - runes := []rune(input) - for i := 0; i < len(runes); i++ { - r := runes[i] - - if inDouble { - out.WriteRune(r) - if escaped { - // end of escape sequence in a standard JSON string - escaped = false - continue - } - if r == '\\' { - escaped = true - continue - } - if r == '"' { - inDouble = false - } - continue - } - - if inSingle { - if escaped { - // Handle common escape sequences after a backslash within a - // single-quoted string - escaped = false - switch r { - case 'n', 'r', 't', 'b', 'f', '/', '"': - // Keep the backslash and the character (except for '"' which - // rarely appears, but if it does, keep as \" to remain valid) - out.WriteByte('\\') - out.WriteRune(r) - case '\\': - out.WriteByte('\\') - out.WriteByte('\\') - case '\'': - // \' inside single-quoted becomes a literal ' - out.WriteRune('\'') - case 'u': - // Forward \uXXXX if possible - out.WriteByte('\\') - out.WriteByte('u') - // Copy up to next 4 hex digits if present - for k := 0; k < 4 && i+1 < len(runes); k++ { - peek := runes[i+1] - // simple hex check - if (peek >= '0' && peek <= '9') || (peek >= 'a' && peek <= 'f') || (peek >= 'A' && peek <= 'F') { - out.WriteRune(peek) - i++ - } else { - break - } - } - default: - // Unknown escape: preserve the backslash and the char - out.WriteByte('\\') - out.WriteRune(r) - } - continue - } - - if r == '\\' { // start escape sequence - escaped = true - continue - } - if r == '\'' { // end of single-quoted string - out.WriteByte('"') - inSingle = false - continue - } - // regular char inside converted string; escape double quotes - writeConverted(r) - continue - } - - // Outside any string - if r == '"' { - inDouble = true - out.WriteRune(r) - continue - } - if r == '\'' { // start of non-standard single-quoted string - inSingle = true - out.WriteByte('"') - continue - } - out.WriteRune(r) - } - - // If input ended while still inside a single-quoted string, close it to - // produce the best-effort valid JSON. - if inSingle { - out.WriteByte('"') - } - - return out.String() -} diff --git a/.worktrees/config/m/config-build/active/internal/util/util.go b/.worktrees/config/m/config-build/active/internal/util/util.go deleted file mode 100644 index 9bf630f299..0000000000 --- a/.worktrees/config/m/config-build/active/internal/util/util.go +++ /dev/null @@ -1,127 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for logging configuration, file system operations, -// and other common utilities used throughout the application. -package util - -import ( - "context" - "fmt" - "os" - "path/filepath" - "regexp" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - log "github.com/sirupsen/logrus" -) - -var functionNameSanitizer = regexp.MustCompile(`[^a-zA-Z0-9_.:-]`) - -// SanitizeFunctionName ensures a function name matches the requirements for Gemini/Vertex AI. -// It replaces invalid characters with underscores, ensures it starts with a letter or underscore, -// and truncates it to 64 characters if necessary. -// Regex Rule: [^a-zA-Z0-9_.:-] replaced with _. -func SanitizeFunctionName(name string) string { - if name == "" { - return "" - } - - // Replace invalid characters with underscore - sanitized := functionNameSanitizer.ReplaceAllString(name, "_") - - // Ensure it starts with a letter or underscore - // Re-reading requirements: Must start with a letter or an underscore. - if len(sanitized) > 0 { - first := sanitized[0] - if !((first >= 'a' && first <= 'z') || (first >= 'A' && first <= 'Z') || first == '_') { - // If it starts with an allowed character but not allowed at the beginning (digit, dot, colon, dash), - // we must prepend an underscore. - - // To stay within the 64-character limit while prepending, we must truncate first. - if len(sanitized) >= 64 { - sanitized = sanitized[:63] - } - sanitized = "_" + sanitized - } - } else { - sanitized = "_" - } - - // Truncate to 64 characters - if len(sanitized) > 64 { - sanitized = sanitized[:64] - } - return sanitized -} - -// SetLogLevel configures the logrus log level based on the configuration. -// It sets the log level to DebugLevel if debug mode is enabled, otherwise to InfoLevel. -func SetLogLevel(cfg *config.Config) { - currentLevel := log.GetLevel() - var newLevel log.Level - if cfg.Debug { - newLevel = log.DebugLevel - } else { - newLevel = log.InfoLevel - } - - if currentLevel != newLevel { - log.SetLevel(newLevel) - log.Infof("log level changed from %s to %s (debug=%t)", currentLevel, newLevel, cfg.Debug) - } -} - -// ResolveAuthDir normalizes the auth directory path for consistent reuse throughout the app. -// It expands a leading tilde (~) to the user's home directory and returns a cleaned path. -func ResolveAuthDir(authDir string) (string, error) { - if authDir == "" { - return "", nil - } - if strings.HasPrefix(authDir, "~") { - home, err := os.UserHomeDir() - if err != nil { - return "", fmt.Errorf("resolve auth dir: %w", err) - } - remainder := strings.TrimPrefix(authDir, "~") - remainder = strings.TrimLeft(remainder, "/\\") - if remainder == "" { - return filepath.Clean(home), nil - } - normalized := strings.ReplaceAll(remainder, "\\", "/") - return filepath.Clean(filepath.Join(home, filepath.FromSlash(normalized))), nil - } - return filepath.Clean(authDir), nil -} - -// CountAuthFiles returns the number of auth records available through the provided Store. -// For filesystem-backed stores, this reflects the number of JSON auth files under the configured directory. -func CountAuthFiles[T any](ctx context.Context, store interface { - List(context.Context) ([]T, error) -}) int { - if store == nil { - return 0 - } - if ctx == nil { - ctx = context.Background() - } - entries, err := store.List(ctx) - if err != nil { - log.Debugf("countAuthFiles: failed to list auth records: %v", err) - return 0 - } - return len(entries) -} - -// WritablePath returns the cleaned WRITABLE_PATH environment variable when it is set. -// It accepts both uppercase and lowercase variants for compatibility with existing conventions. -func WritablePath() string { - for _, key := range []string{"WRITABLE_PATH", "writable_path"} { - if value, ok := os.LookupEnv(key); ok { - trimmed := strings.TrimSpace(value) - if trimmed != "" { - return filepath.Clean(trimmed) - } - } - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/clients.go b/.worktrees/config/m/config-build/active/internal/watcher/clients.go deleted file mode 100644 index cf0ed07600..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/clients.go +++ /dev/null @@ -1,305 +0,0 @@ -// clients.go implements watcher client lifecycle logic and persistence helpers. -// It reloads clients, handles incremental auth file changes, and persists updates when supported. -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/diff" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -func (w *Watcher) reloadClients(rescanAuth bool, affectedOAuthProviders []string, forceAuthRefresh bool) { - log.Debugf("starting full client load process") - - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - - if cfg == nil { - log.Error("config is nil, cannot reload clients") - return - } - - if len(affectedOAuthProviders) > 0 { - w.clientsMutex.Lock() - if w.currentAuths != nil { - filtered := make(map[string]*coreauth.Auth, len(w.currentAuths)) - for id, auth := range w.currentAuths { - if auth == nil { - continue - } - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if _, match := matchProvider(provider, affectedOAuthProviders); match { - continue - } - filtered[id] = auth - } - w.currentAuths = filtered - log.Debugf("applying oauth-excluded-models to providers %v", affectedOAuthProviders) - } else { - w.currentAuths = nil - } - w.clientsMutex.Unlock() - } - - geminiAPIKeyCount, vertexCompatAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount := BuildAPIKeyClients(cfg) - totalAPIKeyClients := geminiAPIKeyCount + vertexCompatAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + openAICompatCount - log.Debugf("loaded %d API key clients", totalAPIKeyClients) - - var authFileCount int - if rescanAuth { - authFileCount = w.loadFileClients(cfg) - log.Debugf("loaded %d file-based clients", authFileCount) - } else { - w.clientsMutex.RLock() - authFileCount = len(w.lastAuthHashes) - w.clientsMutex.RUnlock() - log.Debugf("skipping auth directory rescan; retaining %d existing auth files", authFileCount) - } - - if rescanAuth { - w.clientsMutex.Lock() - - w.lastAuthHashes = make(map[string]string) - w.lastAuthContents = make(map[string]*coreauth.Auth) - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory for hash cache: %v", errResolveAuthDir) - } else if resolvedAuthDir != "" { - _ = filepath.Walk(resolvedAuthDir, func(path string, info fs.FileInfo, err error) error { - if err != nil { - return nil - } - if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - if data, errReadFile := os.ReadFile(path); errReadFile == nil && len(data) > 0 { - sum := sha256.Sum256(data) - normalizedPath := w.normalizeAuthPath(path) - w.lastAuthHashes[normalizedPath] = hex.EncodeToString(sum[:]) - // Parse and cache auth content for future diff comparisons - var auth coreauth.Auth - if errParse := json.Unmarshal(data, &auth); errParse == nil { - w.lastAuthContents[normalizedPath] = &auth - } - } - } - return nil - }) - } - w.clientsMutex.Unlock() - } - - totalNewClients := authFileCount + geminiAPIKeyCount + vertexCompatAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + openAICompatCount - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback before auth refresh") - w.reloadCallback(cfg) - } - - w.refreshAuthState(forceAuthRefresh) - - log.Infof("full client load complete - %d clients (%d auth files + %d Gemini API keys + %d Vertex API keys + %d Claude API keys + %d Codex keys + %d OpenAI-compat)", - totalNewClients, - authFileCount, - geminiAPIKeyCount, - vertexCompatAPIKeyCount, - claudeAPIKeyCount, - codexAPIKeyCount, - openAICompatCount, - ) -} - -func (w *Watcher) addOrUpdateClient(path string) { - data, errRead := os.ReadFile(path) - if errRead != nil { - log.Errorf("failed to read auth file %s: %v", filepath.Base(path), errRead) - return - } - if len(data) == 0 { - log.Debugf("ignoring empty auth file: %s", filepath.Base(path)) - return - } - - sum := sha256.Sum256(data) - curHash := hex.EncodeToString(sum[:]) - normalized := w.normalizeAuthPath(path) - - // Parse new auth content for diff comparison - var newAuth coreauth.Auth - if errParse := json.Unmarshal(data, &newAuth); errParse != nil { - log.Errorf("failed to parse auth file %s: %v", filepath.Base(path), errParse) - return - } - - w.clientsMutex.Lock() - - cfg := w.config - if cfg == nil { - log.Error("config is nil, cannot add or update client") - w.clientsMutex.Unlock() - return - } - if prev, ok := w.lastAuthHashes[normalized]; ok && prev == curHash { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(path)) - w.clientsMutex.Unlock() - return - } - - // Get old auth for diff comparison - var oldAuth *coreauth.Auth - if w.lastAuthContents != nil { - oldAuth = w.lastAuthContents[normalized] - } - - // Compute and log field changes - if changes := diff.BuildAuthChangeDetails(oldAuth, &newAuth); len(changes) > 0 { - log.Debugf("auth field changes for %s:", filepath.Base(path)) - for _, c := range changes { - log.Debugf(" %s", c) - } - } - - // Update caches - w.lastAuthHashes[normalized] = curHash - if w.lastAuthContents == nil { - w.lastAuthContents = make(map[string]*coreauth.Auth) - } - w.lastAuthContents[normalized] = &newAuth - - w.clientsMutex.Unlock() // Unlock before the callback - - w.refreshAuthState(false) - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback after add/update") - w.reloadCallback(cfg) - } - w.persistAuthAsync(fmt.Sprintf("Sync auth %s", filepath.Base(path)), path) -} - -func (w *Watcher) removeClient(path string) { - normalized := w.normalizeAuthPath(path) - w.clientsMutex.Lock() - - cfg := w.config - delete(w.lastAuthHashes, normalized) - delete(w.lastAuthContents, normalized) - - w.clientsMutex.Unlock() // Release the lock before the callback - - w.refreshAuthState(false) - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback after removal") - w.reloadCallback(cfg) - } - w.persistAuthAsync(fmt.Sprintf("Remove auth %s", filepath.Base(path)), path) -} - -func (w *Watcher) loadFileClients(cfg *config.Config) int { - authFileCount := 0 - successfulAuthCount := 0 - - authDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir) - if errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory: %v", errResolveAuthDir) - return 0 - } - if authDir == "" { - return 0 - } - - errWalk := filepath.Walk(authDir, func(path string, info fs.FileInfo, err error) error { - if err != nil { - log.Debugf("error accessing path %s: %v", path, err) - return err - } - if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - authFileCount++ - log.Debugf("processing auth file %d: %s", authFileCount, filepath.Base(path)) - if data, errCreate := os.ReadFile(path); errCreate == nil && len(data) > 0 { - successfulAuthCount++ - } - } - return nil - }) - - if errWalk != nil { - log.Errorf("error walking auth directory: %v", errWalk) - } - log.Debugf("auth directory scan complete - found %d .json files, %d readable", authFileCount, successfulAuthCount) - return authFileCount -} - -func BuildAPIKeyClients(cfg *config.Config) (int, int, int, int, int) { - geminiAPIKeyCount := 0 - vertexCompatAPIKeyCount := 0 - claudeAPIKeyCount := 0 - codexAPIKeyCount := 0 - openAICompatCount := 0 - - if len(cfg.GeminiKey) > 0 { - geminiAPIKeyCount += len(cfg.GeminiKey) - } - if len(cfg.VertexCompatAPIKey) > 0 { - vertexCompatAPIKeyCount += len(cfg.VertexCompatAPIKey) - } - if len(cfg.ClaudeKey) > 0 { - claudeAPIKeyCount += len(cfg.ClaudeKey) - } - if len(cfg.CodexKey) > 0 { - codexAPIKeyCount += len(cfg.CodexKey) - } - if len(cfg.OpenAICompatibility) > 0 { - for _, compatConfig := range cfg.OpenAICompatibility { - openAICompatCount += len(compatConfig.APIKeyEntries) - } - } - return geminiAPIKeyCount, vertexCompatAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount -} - -func (w *Watcher) persistConfigAsync() { - if w == nil || w.storePersister == nil { - return - } - go func() { - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - if err := w.storePersister.PersistConfig(ctx); err != nil { - log.Errorf("failed to persist config change: %v", err) - } - }() -} - -func (w *Watcher) persistAuthAsync(message string, paths ...string) { - if w == nil || w.storePersister == nil { - return - } - filtered := make([]string, 0, len(paths)) - for _, p := range paths { - if trimmed := strings.TrimSpace(p); trimmed != "" { - filtered = append(filtered, trimmed) - } - } - if len(filtered) == 0 { - return - } - go func() { - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - if err := w.storePersister.PersistAuthFiles(ctx, message, filtered...); err != nil { - log.Errorf("failed to persist auth changes: %v", err) - } - }() -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/config_reload.go b/.worktrees/config/m/config-build/active/internal/watcher/config_reload.go deleted file mode 100644 index edac347419..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/config_reload.go +++ /dev/null @@ -1,135 +0,0 @@ -// config_reload.go implements debounced configuration hot reload. -// It detects material changes and reloads clients when the config changes. -package watcher - -import ( - "crypto/sha256" - "encoding/hex" - "os" - "reflect" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/diff" - "gopkg.in/yaml.v3" - - log "github.com/sirupsen/logrus" -) - -func (w *Watcher) stopConfigReloadTimer() { - w.configReloadMu.Lock() - if w.configReloadTimer != nil { - w.configReloadTimer.Stop() - w.configReloadTimer = nil - } - w.configReloadMu.Unlock() -} - -func (w *Watcher) scheduleConfigReload() { - w.configReloadMu.Lock() - defer w.configReloadMu.Unlock() - if w.configReloadTimer != nil { - w.configReloadTimer.Stop() - } - w.configReloadTimer = time.AfterFunc(configReloadDebounce, func() { - w.configReloadMu.Lock() - w.configReloadTimer = nil - w.configReloadMu.Unlock() - w.reloadConfigIfChanged() - }) -} - -func (w *Watcher) reloadConfigIfChanged() { - data, err := os.ReadFile(w.configPath) - if err != nil { - log.Errorf("failed to read config file for hash check: %v", err) - return - } - if len(data) == 0 { - log.Debugf("ignoring empty config file write event") - return - } - sum := sha256.Sum256(data) - newHash := hex.EncodeToString(sum[:]) - - w.clientsMutex.RLock() - currentHash := w.lastConfigHash - w.clientsMutex.RUnlock() - - if currentHash != "" && currentHash == newHash { - log.Debugf("config file content unchanged (hash match), skipping reload") - return - } - log.Infof("config file changed, reloading: %s", w.configPath) - if w.reloadConfig() { - finalHash := newHash - if updatedData, errRead := os.ReadFile(w.configPath); errRead == nil && len(updatedData) > 0 { - sumUpdated := sha256.Sum256(updatedData) - finalHash = hex.EncodeToString(sumUpdated[:]) - } else if errRead != nil { - log.WithError(errRead).Debug("failed to compute updated config hash after reload") - } - w.clientsMutex.Lock() - w.lastConfigHash = finalHash - w.clientsMutex.Unlock() - w.persistConfigAsync() - } -} - -func (w *Watcher) reloadConfig() bool { - log.Debug("=========================== CONFIG RELOAD ============================") - log.Debugf("starting config reload from: %s", w.configPath) - - newConfig, errLoadConfig := config.LoadConfig(w.configPath) - if errLoadConfig != nil { - log.Errorf("failed to reload config: %v", errLoadConfig) - return false - } - - if w.mirroredAuthDir != "" { - newConfig.AuthDir = w.mirroredAuthDir - } else { - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(newConfig.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory from config: %v", errResolveAuthDir) - } else { - newConfig.AuthDir = resolvedAuthDir - } - } - - w.clientsMutex.Lock() - var oldConfig *config.Config - _ = yaml.Unmarshal(w.oldConfigYaml, &oldConfig) - w.oldConfigYaml, _ = yaml.Marshal(newConfig) - w.config = newConfig - w.clientsMutex.Unlock() - - var affectedOAuthProviders []string - if oldConfig != nil { - _, affectedOAuthProviders = diff.DiffOAuthExcludedModelChanges(oldConfig.OAuthExcludedModels, newConfig.OAuthExcludedModels) - } - - util.SetLogLevel(newConfig) - if oldConfig != nil && oldConfig.Debug != newConfig.Debug { - log.Debugf("log level updated - debug mode changed from %t to %t", oldConfig.Debug, newConfig.Debug) - } - - if oldConfig != nil { - details := diff.BuildConfigChangeDetails(oldConfig, newConfig) - if len(details) > 0 { - log.Debugf("config changes detected:") - for _, d := range details { - log.Debugf(" %s", d) - } - } else { - log.Debugf("no material config field changes detected") - } - } - - authDirChanged := oldConfig == nil || oldConfig.AuthDir != newConfig.AuthDir - forceAuthRefresh := oldConfig != nil && (oldConfig.ForceModelPrefix != newConfig.ForceModelPrefix || !reflect.DeepEqual(oldConfig.OAuthModelAlias, newConfig.OAuthModelAlias)) - - log.Infof("config successfully reloaded, triggering client reload") - w.reloadClients(authDirChanged, affectedOAuthProviders, forceAuthRefresh) - return true -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/auth_diff.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/auth_diff.go deleted file mode 100644 index 4b6e600852..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/auth_diff.go +++ /dev/null @@ -1,44 +0,0 @@ -// auth_diff.go computes human-readable diffs for auth file field changes. -package diff - -import ( - "fmt" - "strings" - - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// BuildAuthChangeDetails computes a redacted, human-readable list of auth field changes. -// Only prefix, proxy_url, and disabled fields are tracked; sensitive data is never printed. -func BuildAuthChangeDetails(oldAuth, newAuth *coreauth.Auth) []string { - changes := make([]string, 0, 3) - - // Handle nil cases by using empty Auth as default - if oldAuth == nil { - oldAuth = &coreauth.Auth{} - } - if newAuth == nil { - return changes - } - - // Compare prefix - oldPrefix := strings.TrimSpace(oldAuth.Prefix) - newPrefix := strings.TrimSpace(newAuth.Prefix) - if oldPrefix != newPrefix { - changes = append(changes, fmt.Sprintf("prefix: %s -> %s", oldPrefix, newPrefix)) - } - - // Compare proxy_url (redacted) - oldProxy := strings.TrimSpace(oldAuth.ProxyURL) - newProxy := strings.TrimSpace(newAuth.ProxyURL) - if oldProxy != newProxy { - changes = append(changes, fmt.Sprintf("proxy_url: %s -> %s", formatProxyURL(oldProxy), formatProxyURL(newProxy))) - } - - // Compare disabled - if oldAuth.Disabled != newAuth.Disabled { - changes = append(changes, fmt.Sprintf("disabled: %t -> %t", oldAuth.Disabled, newAuth.Disabled)) - } - - return changes -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/config_diff.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/config_diff.go deleted file mode 100644 index 6687749e59..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/config_diff.go +++ /dev/null @@ -1,399 +0,0 @@ -package diff - -import ( - "fmt" - "net/url" - "reflect" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// BuildConfigChangeDetails computes a redacted, human-readable list of config changes. -// Secrets are never printed; only structural or non-sensitive fields are surfaced. -func BuildConfigChangeDetails(oldCfg, newCfg *config.Config) []string { - changes := make([]string, 0, 16) - if oldCfg == nil || newCfg == nil { - return changes - } - - // Simple scalars - if oldCfg.Port != newCfg.Port { - changes = append(changes, fmt.Sprintf("port: %d -> %d", oldCfg.Port, newCfg.Port)) - } - if oldCfg.AuthDir != newCfg.AuthDir { - changes = append(changes, fmt.Sprintf("auth-dir: %s -> %s", oldCfg.AuthDir, newCfg.AuthDir)) - } - if oldCfg.Debug != newCfg.Debug { - changes = append(changes, fmt.Sprintf("debug: %t -> %t", oldCfg.Debug, newCfg.Debug)) - } - if oldCfg.Pprof.Enable != newCfg.Pprof.Enable { - changes = append(changes, fmt.Sprintf("pprof.enable: %t -> %t", oldCfg.Pprof.Enable, newCfg.Pprof.Enable)) - } - if strings.TrimSpace(oldCfg.Pprof.Addr) != strings.TrimSpace(newCfg.Pprof.Addr) { - changes = append(changes, fmt.Sprintf("pprof.addr: %s -> %s", strings.TrimSpace(oldCfg.Pprof.Addr), strings.TrimSpace(newCfg.Pprof.Addr))) - } - if oldCfg.LoggingToFile != newCfg.LoggingToFile { - changes = append(changes, fmt.Sprintf("logging-to-file: %t -> %t", oldCfg.LoggingToFile, newCfg.LoggingToFile)) - } - if oldCfg.UsageStatisticsEnabled != newCfg.UsageStatisticsEnabled { - changes = append(changes, fmt.Sprintf("usage-statistics-enabled: %t -> %t", oldCfg.UsageStatisticsEnabled, newCfg.UsageStatisticsEnabled)) - } - if oldCfg.DisableCooling != newCfg.DisableCooling { - changes = append(changes, fmt.Sprintf("disable-cooling: %t -> %t", oldCfg.DisableCooling, newCfg.DisableCooling)) - } - if oldCfg.RequestLog != newCfg.RequestLog { - changes = append(changes, fmt.Sprintf("request-log: %t -> %t", oldCfg.RequestLog, newCfg.RequestLog)) - } - if oldCfg.LogsMaxTotalSizeMB != newCfg.LogsMaxTotalSizeMB { - changes = append(changes, fmt.Sprintf("logs-max-total-size-mb: %d -> %d", oldCfg.LogsMaxTotalSizeMB, newCfg.LogsMaxTotalSizeMB)) - } - if oldCfg.ErrorLogsMaxFiles != newCfg.ErrorLogsMaxFiles { - changes = append(changes, fmt.Sprintf("error-logs-max-files: %d -> %d", oldCfg.ErrorLogsMaxFiles, newCfg.ErrorLogsMaxFiles)) - } - if oldCfg.RequestRetry != newCfg.RequestRetry { - changes = append(changes, fmt.Sprintf("request-retry: %d -> %d", oldCfg.RequestRetry, newCfg.RequestRetry)) - } - if oldCfg.MaxRetryInterval != newCfg.MaxRetryInterval { - changes = append(changes, fmt.Sprintf("max-retry-interval: %d -> %d", oldCfg.MaxRetryInterval, newCfg.MaxRetryInterval)) - } - if oldCfg.ProxyURL != newCfg.ProxyURL { - changes = append(changes, fmt.Sprintf("proxy-url: %s -> %s", formatProxyURL(oldCfg.ProxyURL), formatProxyURL(newCfg.ProxyURL))) - } - if oldCfg.WebsocketAuth != newCfg.WebsocketAuth { - changes = append(changes, fmt.Sprintf("ws-auth: %t -> %t", oldCfg.WebsocketAuth, newCfg.WebsocketAuth)) - } - if oldCfg.ForceModelPrefix != newCfg.ForceModelPrefix { - changes = append(changes, fmt.Sprintf("force-model-prefix: %t -> %t", oldCfg.ForceModelPrefix, newCfg.ForceModelPrefix)) - } - if oldCfg.NonStreamKeepAliveInterval != newCfg.NonStreamKeepAliveInterval { - changes = append(changes, fmt.Sprintf("nonstream-keepalive-interval: %d -> %d", oldCfg.NonStreamKeepAliveInterval, newCfg.NonStreamKeepAliveInterval)) - } - - // Quota-exceeded behavior - if oldCfg.QuotaExceeded.SwitchProject != newCfg.QuotaExceeded.SwitchProject { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-project: %t -> %t", oldCfg.QuotaExceeded.SwitchProject, newCfg.QuotaExceeded.SwitchProject)) - } - if oldCfg.QuotaExceeded.SwitchPreviewModel != newCfg.QuotaExceeded.SwitchPreviewModel { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-preview-model: %t -> %t", oldCfg.QuotaExceeded.SwitchPreviewModel, newCfg.QuotaExceeded.SwitchPreviewModel)) - } - - if oldCfg.Routing.Strategy != newCfg.Routing.Strategy { - changes = append(changes, fmt.Sprintf("routing.strategy: %s -> %s", oldCfg.Routing.Strategy, newCfg.Routing.Strategy)) - } - - // API keys (redacted) and counts - if len(oldCfg.APIKeys) != len(newCfg.APIKeys) { - changes = append(changes, fmt.Sprintf("api-keys count: %d -> %d", len(oldCfg.APIKeys), len(newCfg.APIKeys))) - } else if !reflect.DeepEqual(trimStrings(oldCfg.APIKeys), trimStrings(newCfg.APIKeys)) { - changes = append(changes, "api-keys: values updated (count unchanged, redacted)") - } - if len(oldCfg.GeminiKey) != len(newCfg.GeminiKey) { - changes = append(changes, fmt.Sprintf("gemini-api-key count: %d -> %d", len(oldCfg.GeminiKey), len(newCfg.GeminiKey))) - } else { - for i := range oldCfg.GeminiKey { - o := oldCfg.GeminiKey[i] - n := newCfg.GeminiKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("gemini[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("gemini[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("gemini[%d].headers: updated", i)) - } - oldModels := SummarizeGeminiModels(o.Models) - newModels := SummarizeGeminiModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // Claude keys (do not print key material) - if len(oldCfg.ClaudeKey) != len(newCfg.ClaudeKey) { - changes = append(changes, fmt.Sprintf("claude-api-key count: %d -> %d", len(oldCfg.ClaudeKey), len(newCfg.ClaudeKey))) - } else { - for i := range oldCfg.ClaudeKey { - o := oldCfg.ClaudeKey[i] - n := newCfg.ClaudeKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("claude[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("claude[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("claude[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("claude[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("claude[%d].headers: updated", i)) - } - oldModels := SummarizeClaudeModels(o.Models) - newModels := SummarizeClaudeModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("claude[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("claude[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - if o.Cloak != nil && n.Cloak != nil { - if strings.TrimSpace(o.Cloak.Mode) != strings.TrimSpace(n.Cloak.Mode) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.mode: %s -> %s", i, o.Cloak.Mode, n.Cloak.Mode)) - } - if o.Cloak.StrictMode != n.Cloak.StrictMode { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.strict-mode: %t -> %t", i, o.Cloak.StrictMode, n.Cloak.StrictMode)) - } - if len(o.Cloak.SensitiveWords) != len(n.Cloak.SensitiveWords) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.sensitive-words: %d -> %d", i, len(o.Cloak.SensitiveWords), len(n.Cloak.SensitiveWords))) - } - } - } - } - - // Codex keys (do not print key material) - if len(oldCfg.CodexKey) != len(newCfg.CodexKey) { - changes = append(changes, fmt.Sprintf("codex-api-key count: %d -> %d", len(oldCfg.CodexKey), len(newCfg.CodexKey))) - } else { - for i := range oldCfg.CodexKey { - o := oldCfg.CodexKey[i] - n := newCfg.CodexKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("codex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("codex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("codex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if o.Websockets != n.Websockets { - changes = append(changes, fmt.Sprintf("codex[%d].websockets: %t -> %t", i, o.Websockets, n.Websockets)) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("codex[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("codex[%d].headers: updated", i)) - } - oldModels := SummarizeCodexModels(o.Models) - newModels := SummarizeCodexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("codex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("codex[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // AmpCode settings (redacted where needed) - oldAmpURL := strings.TrimSpace(oldCfg.AmpCode.UpstreamURL) - newAmpURL := strings.TrimSpace(newCfg.AmpCode.UpstreamURL) - if oldAmpURL != newAmpURL { - changes = append(changes, fmt.Sprintf("ampcode.upstream-url: %s -> %s", oldAmpURL, newAmpURL)) - } - oldAmpKey := strings.TrimSpace(oldCfg.AmpCode.UpstreamAPIKey) - newAmpKey := strings.TrimSpace(newCfg.AmpCode.UpstreamAPIKey) - switch { - case oldAmpKey == "" && newAmpKey != "": - changes = append(changes, "ampcode.upstream-api-key: added") - case oldAmpKey != "" && newAmpKey == "": - changes = append(changes, "ampcode.upstream-api-key: removed") - case oldAmpKey != newAmpKey: - changes = append(changes, "ampcode.upstream-api-key: updated") - } - if oldCfg.AmpCode.RestrictManagementToLocalhost != newCfg.AmpCode.RestrictManagementToLocalhost { - changes = append(changes, fmt.Sprintf("ampcode.restrict-management-to-localhost: %t -> %t", oldCfg.AmpCode.RestrictManagementToLocalhost, newCfg.AmpCode.RestrictManagementToLocalhost)) - } - oldMappings := SummarizeAmpModelMappings(oldCfg.AmpCode.ModelMappings) - newMappings := SummarizeAmpModelMappings(newCfg.AmpCode.ModelMappings) - if oldMappings.hash != newMappings.hash { - changes = append(changes, fmt.Sprintf("ampcode.model-mappings: updated (%d -> %d entries)", oldMappings.count, newMappings.count)) - } - if oldCfg.AmpCode.ForceModelMappings != newCfg.AmpCode.ForceModelMappings { - changes = append(changes, fmt.Sprintf("ampcode.force-model-mappings: %t -> %t", oldCfg.AmpCode.ForceModelMappings, newCfg.AmpCode.ForceModelMappings)) - } - oldUpstreamAPIKeysCount := len(oldCfg.AmpCode.UpstreamAPIKeys) - newUpstreamAPIKeysCount := len(newCfg.AmpCode.UpstreamAPIKeys) - if !equalUpstreamAPIKeys(oldCfg.AmpCode.UpstreamAPIKeys, newCfg.AmpCode.UpstreamAPIKeys) { - changes = append(changes, fmt.Sprintf("ampcode.upstream-api-keys: updated (%d -> %d entries)", oldUpstreamAPIKeysCount, newUpstreamAPIKeysCount)) - } - - if entries, _ := DiffOAuthExcludedModelChanges(oldCfg.OAuthExcludedModels, newCfg.OAuthExcludedModels); len(entries) > 0 { - changes = append(changes, entries...) - } - if entries, _ := DiffOAuthModelAliasChanges(oldCfg.OAuthModelAlias, newCfg.OAuthModelAlias); len(entries) > 0 { - changes = append(changes, entries...) - } - - // Remote management (never print the key) - if oldCfg.RemoteManagement.AllowRemote != newCfg.RemoteManagement.AllowRemote { - changes = append(changes, fmt.Sprintf("remote-management.allow-remote: %t -> %t", oldCfg.RemoteManagement.AllowRemote, newCfg.RemoteManagement.AllowRemote)) - } - if oldCfg.RemoteManagement.DisableControlPanel != newCfg.RemoteManagement.DisableControlPanel { - changes = append(changes, fmt.Sprintf("remote-management.disable-control-panel: %t -> %t", oldCfg.RemoteManagement.DisableControlPanel, newCfg.RemoteManagement.DisableControlPanel)) - } - oldPanelRepo := strings.TrimSpace(oldCfg.RemoteManagement.PanelGitHubRepository) - newPanelRepo := strings.TrimSpace(newCfg.RemoteManagement.PanelGitHubRepository) - if oldPanelRepo != newPanelRepo { - changes = append(changes, fmt.Sprintf("remote-management.panel-github-repository: %s -> %s", oldPanelRepo, newPanelRepo)) - } - if oldCfg.RemoteManagement.SecretKey != newCfg.RemoteManagement.SecretKey { - switch { - case oldCfg.RemoteManagement.SecretKey == "" && newCfg.RemoteManagement.SecretKey != "": - changes = append(changes, "remote-management.secret-key: created") - case oldCfg.RemoteManagement.SecretKey != "" && newCfg.RemoteManagement.SecretKey == "": - changes = append(changes, "remote-management.secret-key: deleted") - default: - changes = append(changes, "remote-management.secret-key: updated") - } - } - - // OpenAI compatibility providers (summarized) - if compat := DiffOpenAICompatibility(oldCfg.OpenAICompatibility, newCfg.OpenAICompatibility); len(compat) > 0 { - changes = append(changes, "openai-compatibility:") - for _, c := range compat { - changes = append(changes, " "+c) - } - } - - // Vertex-compatible API keys - if len(oldCfg.VertexCompatAPIKey) != len(newCfg.VertexCompatAPIKey) { - changes = append(changes, fmt.Sprintf("vertex-api-key count: %d -> %d", len(oldCfg.VertexCompatAPIKey), len(newCfg.VertexCompatAPIKey))) - } else { - for i := range oldCfg.VertexCompatAPIKey { - o := oldCfg.VertexCompatAPIKey[i] - n := newCfg.VertexCompatAPIKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("vertex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("vertex[%d].api-key: updated", i)) - } - oldModels := SummarizeVertexModels(o.Models) - newModels := SummarizeVertexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("vertex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("vertex[%d].headers: updated", i)) - } - } - } - - return changes -} - -func trimStrings(in []string) []string { - out := make([]string, len(in)) - for i := range in { - out[i] = strings.TrimSpace(in[i]) - } - return out -} - -func equalStringMap(a, b map[string]string) bool { - if len(a) != len(b) { - return false - } - for k, v := range a { - if b[k] != v { - return false - } - } - return true -} - -func formatProxyURL(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil { - return "" - } - host := strings.TrimSpace(parsed.Host) - scheme := strings.TrimSpace(parsed.Scheme) - if host == "" { - // Allow host:port style without scheme. - parsed2, err2 := url.Parse("http://" + trimmed) - if err2 == nil { - host = strings.TrimSpace(parsed2.Host) - } - scheme = "" - } - if host == "" { - return "" - } - if scheme == "" { - return host - } - return scheme + "://" + host -} - -func equalStringSet(a, b []string) bool { - if len(a) == 0 && len(b) == 0 { - return true - } - aSet := make(map[string]struct{}, len(a)) - for _, k := range a { - aSet[strings.TrimSpace(k)] = struct{}{} - } - bSet := make(map[string]struct{}, len(b)) - for _, k := range b { - bSet[strings.TrimSpace(k)] = struct{}{} - } - if len(aSet) != len(bSet) { - return false - } - for k := range aSet { - if _, ok := bSet[k]; !ok { - return false - } - } - return true -} - -// equalUpstreamAPIKeys compares two slices of AmpUpstreamAPIKeyEntry for equality. -// Comparison is done by count and content (upstream key and client keys). -func equalUpstreamAPIKeys(a, b []config.AmpUpstreamAPIKeyEntry) bool { - if len(a) != len(b) { - return false - } - for i := range a { - if strings.TrimSpace(a[i].UpstreamAPIKey) != strings.TrimSpace(b[i].UpstreamAPIKey) { - return false - } - if !equalStringSet(a[i].APIKeys, b[i].APIKeys) { - return false - } - } - return true -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/config_diff_test.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/config_diff_test.go deleted file mode 100644 index 82486659f1..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/config_diff_test.go +++ /dev/null @@ -1,532 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -func TestBuildConfigChangeDetails(t *testing.T) { - oldCfg := &config.Config{ - Port: 8080, - AuthDir: "/tmp/auth-old", - GeminiKey: []config.GeminiKey{ - {APIKey: "old", BaseURL: "http://old", ExcludedModels: []string{"old-model"}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://old-upstream", - ModelMappings: []config.AmpModelMapping{{From: "from-old", To: "to-old"}}, - RestrictManagementToLocalhost: false, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: false, - SecretKey: "old", - DisableControlPanel: false, - PanelGitHubRepository: "repo-old", - }, - OAuthExcludedModels: map[string][]string{ - "providerA": {"m1"}, - }, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "compat-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - }, - } - - newCfg := &config.Config{ - Port: 9090, - AuthDir: "/tmp/auth-new", - GeminiKey: []config.GeminiKey{ - {APIKey: "old", BaseURL: "http://old", ExcludedModels: []string{"old-model", "extra"}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://new-upstream", - RestrictManagementToLocalhost: true, - ModelMappings: []config.AmpModelMapping{ - {From: "from-old", To: "to-old"}, - {From: "from-new", To: "to-new"}, - }, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: true, - SecretKey: "new", - DisableControlPanel: true, - PanelGitHubRepository: "repo-new", - }, - OAuthExcludedModels: map[string][]string{ - "providerA": {"m1", "m2"}, - "providerB": {"x"}, - }, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "compat-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}, {Name: "m2"}}, - }, - { - Name: "compat-b", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k2"}, - }, - }, - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - - expectContains(t, details, "port: 8080 -> 9090") - expectContains(t, details, "auth-dir: /tmp/auth-old -> /tmp/auth-new") - expectContains(t, details, "gemini[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, details, "ampcode.upstream-url: http://old-upstream -> http://new-upstream") - expectContains(t, details, "ampcode.model-mappings: updated (1 -> 2 entries)") - expectContains(t, details, "remote-management.allow-remote: false -> true") - expectContains(t, details, "remote-management.secret-key: updated") - expectContains(t, details, "oauth-excluded-models[providera]: updated (1 -> 2 entries)") - expectContains(t, details, "oauth-excluded-models[providerb]: added (1 entries)") - expectContains(t, details, "openai-compatibility:") - expectContains(t, details, " provider added: compat-b (api-keys=1, models=0)") - expectContains(t, details, " provider updated: compat-a (models 1 -> 2)") -} - -func TestBuildConfigChangeDetails_NoChanges(t *testing.T) { - cfg := &config.Config{ - Port: 8080, - } - if details := BuildConfigChangeDetails(cfg, cfg); len(details) != 0 { - t.Fatalf("expected no change entries, got %v", details) - } -} - -func TestBuildConfigChangeDetails_GeminiVertexHeadersAndForceMappings(t *testing.T) { - oldCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"a"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", BaseURL: "http://v-old", Models: []config.VertexCompatModel{{Name: "m1"}}}, - }, - AmpCode: config.AmpCode{ - ModelMappings: []config.AmpModelMapping{{From: "a", To: "b"}}, - ForceModelMappings: false, - }, - } - newCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"a", "b"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", BaseURL: "http://v-new", Models: []config.VertexCompatModel{{Name: "m1"}, {Name: "m2"}}}, - }, - AmpCode: config.AmpCode{ - ModelMappings: []config.AmpModelMapping{{From: "a", To: "c"}}, - ForceModelMappings: true, - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, details, "gemini[0].headers: updated") - expectContains(t, details, "gemini[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, details, "ampcode.model-mappings: updated (1 -> 1 entries)") - expectContains(t, details, "ampcode.force-model-mappings: false -> true") -} - -func TestBuildConfigChangeDetails_ModelPrefixes(t *testing.T) { - oldCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Prefix: "old-g", BaseURL: "http://g", ProxyURL: "http://gp"}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c1", Prefix: "old-c", BaseURL: "http://c", ProxyURL: "http://cp"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x1", Prefix: "old-x", BaseURL: "http://x", ProxyURL: "http://xp"}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", Prefix: "old-v", BaseURL: "http://v", ProxyURL: "http://vp"}, - }, - } - newCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Prefix: "new-g", BaseURL: "http://g", ProxyURL: "http://gp"}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c1", Prefix: "new-c", BaseURL: "http://c", ProxyURL: "http://cp"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x1", Prefix: "new-x", BaseURL: "http://x", ProxyURL: "http://xp"}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", Prefix: "new-v", BaseURL: "http://v", ProxyURL: "http://vp"}, - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "gemini[0].prefix: old-g -> new-g") - expectContains(t, changes, "claude[0].prefix: old-c -> new-c") - expectContains(t, changes, "codex[0].prefix: old-x -> new-x") - expectContains(t, changes, "vertex[0].prefix: old-v -> new-v") -} - -func TestBuildConfigChangeDetails_NilSafe(t *testing.T) { - if details := BuildConfigChangeDetails(nil, &config.Config{}); len(details) != 0 { - t.Fatalf("expected empty change list when old nil, got %v", details) - } - if details := BuildConfigChangeDetails(&config.Config{}, nil); len(details) != 0 { - t.Fatalf("expected empty change list when new nil, got %v", details) - } -} - -func TestBuildConfigChangeDetails_SecretsAndCounts(t *testing.T) { - oldCfg := &config.Config{ - SDKConfig: sdkconfig.SDKConfig{ - APIKeys: []string{"a"}, - }, - AmpCode: config.AmpCode{ - UpstreamAPIKey: "", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "", - }, - } - newCfg := &config.Config{ - SDKConfig: sdkconfig.SDKConfig{ - APIKeys: []string{"a", "b", "c"}, - }, - AmpCode: config.AmpCode{ - UpstreamAPIKey: "new-key", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "new-secret", - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, details, "api-keys count: 1 -> 3") - expectContains(t, details, "ampcode.upstream-api-key: added") - expectContains(t, details, "remote-management.secret-key: created") -} - -func TestBuildConfigChangeDetails_FlagsAndKeys(t *testing.T) { - oldCfg := &config.Config{ - Port: 1000, - AuthDir: "/old", - Debug: false, - LoggingToFile: false, - UsageStatisticsEnabled: false, - DisableCooling: false, - RequestRetry: 1, - MaxRetryInterval: 1, - WebsocketAuth: false, - QuotaExceeded: config.QuotaExceeded{SwitchProject: false, SwitchPreviewModel: false}, - ClaudeKey: []config.ClaudeKey{{APIKey: "c1"}}, - CodexKey: []config.CodexKey{{APIKey: "x1"}}, - AmpCode: config.AmpCode{UpstreamAPIKey: "keep", RestrictManagementToLocalhost: false}, - RemoteManagement: config.RemoteManagement{DisableControlPanel: false, PanelGitHubRepository: "old/repo", SecretKey: "keep"}, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: false, - ProxyURL: "http://old-proxy", - APIKeys: []string{"key-1"}, - ForceModelPrefix: false, - NonStreamKeepAliveInterval: 0, - }, - } - newCfg := &config.Config{ - Port: 2000, - AuthDir: "/new", - Debug: true, - LoggingToFile: true, - UsageStatisticsEnabled: true, - DisableCooling: true, - RequestRetry: 2, - MaxRetryInterval: 3, - WebsocketAuth: true, - QuotaExceeded: config.QuotaExceeded{SwitchProject: true, SwitchPreviewModel: true}, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c1", BaseURL: "http://new", ProxyURL: "http://p", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"a"}}, - {APIKey: "c2"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x1", BaseURL: "http://x", ProxyURL: "http://px", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"b"}}, - {APIKey: "x2"}, - }, - AmpCode: config.AmpCode{ - UpstreamAPIKey: "", - RestrictManagementToLocalhost: true, - ModelMappings: []config.AmpModelMapping{{From: "a", To: "b"}}, - }, - RemoteManagement: config.RemoteManagement{ - DisableControlPanel: true, - PanelGitHubRepository: "new/repo", - SecretKey: "", - }, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: true, - ProxyURL: "http://new-proxy", - APIKeys: []string{" key-1 ", "key-2"}, - ForceModelPrefix: true, - NonStreamKeepAliveInterval: 5, - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, details, "debug: false -> true") - expectContains(t, details, "logging-to-file: false -> true") - expectContains(t, details, "usage-statistics-enabled: false -> true") - expectContains(t, details, "disable-cooling: false -> true") - expectContains(t, details, "request-log: false -> true") - expectContains(t, details, "request-retry: 1 -> 2") - expectContains(t, details, "max-retry-interval: 1 -> 3") - expectContains(t, details, "proxy-url: http://old-proxy -> http://new-proxy") - expectContains(t, details, "ws-auth: false -> true") - expectContains(t, details, "force-model-prefix: false -> true") - expectContains(t, details, "nonstream-keepalive-interval: 0 -> 5") - expectContains(t, details, "quota-exceeded.switch-project: false -> true") - expectContains(t, details, "quota-exceeded.switch-preview-model: false -> true") - expectContains(t, details, "api-keys count: 1 -> 2") - expectContains(t, details, "claude-api-key count: 1 -> 2") - expectContains(t, details, "codex-api-key count: 1 -> 2") - expectContains(t, details, "ampcode.restrict-management-to-localhost: false -> true") - expectContains(t, details, "ampcode.upstream-api-key: removed") - expectContains(t, details, "remote-management.disable-control-panel: false -> true") - expectContains(t, details, "remote-management.panel-github-repository: old/repo -> new/repo") - expectContains(t, details, "remote-management.secret-key: deleted") -} - -func TestBuildConfigChangeDetails_AllBranches(t *testing.T) { - oldCfg := &config.Config{ - Port: 1, - AuthDir: "/a", - Debug: false, - LoggingToFile: false, - UsageStatisticsEnabled: false, - DisableCooling: false, - RequestRetry: 1, - MaxRetryInterval: 1, - WebsocketAuth: false, - QuotaExceeded: config.QuotaExceeded{SwitchProject: false, SwitchPreviewModel: false}, - GeminiKey: []config.GeminiKey{ - {APIKey: "g-old", BaseURL: "http://g-old", ProxyURL: "http://gp-old", Headers: map[string]string{"A": "1"}}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c-old", BaseURL: "http://c-old", ProxyURL: "http://cp-old", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"x"}}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x-old", BaseURL: "http://x-old", ProxyURL: "http://xp-old", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"x"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v-old", BaseURL: "http://v-old", ProxyURL: "http://vp-old", Headers: map[string]string{"H": "1"}, Models: []config.VertexCompatModel{{Name: "m1"}}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://amp-old", - UpstreamAPIKey: "old-key", - RestrictManagementToLocalhost: false, - ModelMappings: []config.AmpModelMapping{{From: "a", To: "b"}}, - ForceModelMappings: false, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: false, - DisableControlPanel: false, - PanelGitHubRepository: "old/repo", - SecretKey: "old", - }, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: false, - ProxyURL: "http://old-proxy", - APIKeys: []string{" keyA "}, - }, - OAuthExcludedModels: map[string][]string{"p1": {"a"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "prov-old", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - }, - } - newCfg := &config.Config{ - Port: 2, - AuthDir: "/b", - Debug: true, - LoggingToFile: true, - UsageStatisticsEnabled: true, - DisableCooling: true, - RequestRetry: 2, - MaxRetryInterval: 3, - WebsocketAuth: true, - QuotaExceeded: config.QuotaExceeded{SwitchProject: true, SwitchPreviewModel: true}, - GeminiKey: []config.GeminiKey{ - {APIKey: "g-new", BaseURL: "http://g-new", ProxyURL: "http://gp-new", Headers: map[string]string{"A": "2"}, ExcludedModels: []string{"x", "y"}}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c-new", BaseURL: "http://c-new", ProxyURL: "http://cp-new", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"x", "y"}}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x-new", BaseURL: "http://x-new", ProxyURL: "http://xp-new", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"x", "y"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v-new", BaseURL: "http://v-new", ProxyURL: "http://vp-new", Headers: map[string]string{"H": "2"}, Models: []config.VertexCompatModel{{Name: "m1"}, {Name: "m2"}}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://amp-new", - UpstreamAPIKey: "", - RestrictManagementToLocalhost: true, - ModelMappings: []config.AmpModelMapping{{From: "a", To: "c"}}, - ForceModelMappings: true, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: true, - DisableControlPanel: true, - PanelGitHubRepository: "new/repo", - SecretKey: "", - }, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: true, - ProxyURL: "http://new-proxy", - APIKeys: []string{"keyB"}, - }, - OAuthExcludedModels: map[string][]string{"p1": {"b", "c"}, "p2": {"d"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "prov-old", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - {APIKey: "k2"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}, {Name: "m2"}}, - }, - { - Name: "prov-new", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k3"}}, - }, - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "port: 1 -> 2") - expectContains(t, changes, "auth-dir: /a -> /b") - expectContains(t, changes, "debug: false -> true") - expectContains(t, changes, "logging-to-file: false -> true") - expectContains(t, changes, "usage-statistics-enabled: false -> true") - expectContains(t, changes, "disable-cooling: false -> true") - expectContains(t, changes, "request-retry: 1 -> 2") - expectContains(t, changes, "max-retry-interval: 1 -> 3") - expectContains(t, changes, "proxy-url: http://old-proxy -> http://new-proxy") - expectContains(t, changes, "ws-auth: false -> true") - expectContains(t, changes, "quota-exceeded.switch-project: false -> true") - expectContains(t, changes, "quota-exceeded.switch-preview-model: false -> true") - expectContains(t, changes, "api-keys: values updated (count unchanged, redacted)") - expectContains(t, changes, "gemini[0].base-url: http://g-old -> http://g-new") - expectContains(t, changes, "gemini[0].proxy-url: http://gp-old -> http://gp-new") - expectContains(t, changes, "gemini[0].api-key: updated") - expectContains(t, changes, "gemini[0].headers: updated") - expectContains(t, changes, "gemini[0].excluded-models: updated (0 -> 2 entries)") - expectContains(t, changes, "claude[0].base-url: http://c-old -> http://c-new") - expectContains(t, changes, "claude[0].proxy-url: http://cp-old -> http://cp-new") - expectContains(t, changes, "claude[0].api-key: updated") - expectContains(t, changes, "claude[0].headers: updated") - expectContains(t, changes, "claude[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, changes, "codex[0].base-url: http://x-old -> http://x-new") - expectContains(t, changes, "codex[0].proxy-url: http://xp-old -> http://xp-new") - expectContains(t, changes, "codex[0].api-key: updated") - expectContains(t, changes, "codex[0].headers: updated") - expectContains(t, changes, "codex[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, changes, "vertex[0].base-url: http://v-old -> http://v-new") - expectContains(t, changes, "vertex[0].proxy-url: http://vp-old -> http://vp-new") - expectContains(t, changes, "vertex[0].api-key: updated") - expectContains(t, changes, "vertex[0].models: updated (1 -> 2 entries)") - expectContains(t, changes, "vertex[0].headers: updated") - expectContains(t, changes, "ampcode.upstream-url: http://amp-old -> http://amp-new") - expectContains(t, changes, "ampcode.upstream-api-key: removed") - expectContains(t, changes, "ampcode.restrict-management-to-localhost: false -> true") - expectContains(t, changes, "ampcode.model-mappings: updated (1 -> 1 entries)") - expectContains(t, changes, "ampcode.force-model-mappings: false -> true") - expectContains(t, changes, "oauth-excluded-models[p1]: updated (1 -> 2 entries)") - expectContains(t, changes, "oauth-excluded-models[p2]: added (1 entries)") - expectContains(t, changes, "remote-management.allow-remote: false -> true") - expectContains(t, changes, "remote-management.disable-control-panel: false -> true") - expectContains(t, changes, "remote-management.panel-github-repository: old/repo -> new/repo") - expectContains(t, changes, "remote-management.secret-key: deleted") - expectContains(t, changes, "openai-compatibility:") -} - -func TestFormatProxyURL(t *testing.T) { - tests := []struct { - name string - in string - want string - }{ - {name: "empty", in: "", want: ""}, - {name: "invalid", in: "http://[::1", want: ""}, - {name: "fullURLRedactsUserinfoAndPath", in: "http://user:pass@example.com:8080/path?x=1#frag", want: "http://example.com:8080"}, - {name: "socks5RedactsUserinfoAndPath", in: "socks5://user:pass@192.168.1.1:1080/path?x=1", want: "socks5://192.168.1.1:1080"}, - {name: "socks5HostPort", in: "socks5://proxy.example.com:1080/", want: "socks5://proxy.example.com:1080"}, - {name: "hostPortNoScheme", in: "example.com:1234/path?x=1", want: "example.com:1234"}, - {name: "relativePathRedacted", in: "/just/path", want: ""}, - {name: "schemeAndHost", in: "https://example.com", want: "https://example.com"}, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := formatProxyURL(tt.in); got != tt.want { - t.Fatalf("expected %q, got %q", tt.want, got) - } - }) - } -} - -func TestBuildConfigChangeDetails_SecretAndUpstreamUpdates(t *testing.T) { - oldCfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamAPIKey: "old", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "old", - }, - } - newCfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamAPIKey: "new", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "new", - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "ampcode.upstream-api-key: updated") - expectContains(t, changes, "remote-management.secret-key: updated") -} - -func TestBuildConfigChangeDetails_CountBranches(t *testing.T) { - oldCfg := &config.Config{} - newCfg := &config.Config{ - GeminiKey: []config.GeminiKey{{APIKey: "g"}}, - ClaudeKey: []config.ClaudeKey{{APIKey: "c"}}, - CodexKey: []config.CodexKey{{APIKey: "x"}}, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v", BaseURL: "http://v"}, - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "gemini-api-key count: 0 -> 1") - expectContains(t, changes, "claude-api-key count: 0 -> 1") - expectContains(t, changes, "codex-api-key count: 0 -> 1") - expectContains(t, changes, "vertex-api-key count: 0 -> 1") -} - -func TestTrimStrings(t *testing.T) { - out := trimStrings([]string{" a ", "b", " c"}) - if len(out) != 3 || out[0] != "a" || out[1] != "b" || out[2] != "c" { - t.Fatalf("unexpected trimmed strings: %v", out) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/model_hash.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/model_hash.go deleted file mode 100644 index 5779faccd7..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/model_hash.go +++ /dev/null @@ -1,132 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "encoding/json" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// ComputeOpenAICompatModelsHash returns a stable hash for OpenAI-compat models. -// Used to detect model list changes during hot reload. -func ComputeOpenAICompatModelsHash(models []config.OpenAICompatibilityModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeVertexCompatModelsHash returns a stable hash for Vertex-compatible models. -func ComputeVertexCompatModelsHash(models []config.VertexCompatModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeClaudeModelsHash returns a stable hash for Claude model aliases. -func ComputeClaudeModelsHash(models []config.ClaudeModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeCodexModelsHash returns a stable hash for Codex model aliases. -func ComputeCodexModelsHash(models []config.CodexModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeGeminiModelsHash returns a stable hash for Gemini model aliases. -func ComputeGeminiModelsHash(models []config.GeminiModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeExcludedModelsHash returns a normalized hash for excluded model lists. -func ComputeExcludedModelsHash(excluded []string) string { - if len(excluded) == 0 { - return "" - } - normalized := make([]string, 0, len(excluded)) - for _, entry := range excluded { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - normalized = append(normalized, strings.ToLower(trimmed)) - } - } - if len(normalized) == 0 { - return "" - } - sort.Strings(normalized) - data, _ := json.Marshal(normalized) - sum := sha256.Sum256(data) - return hex.EncodeToString(sum[:]) -} - -func normalizeModelPairs(collect func(out func(key string))) []string { - seen := make(map[string]struct{}) - keys := make([]string, 0) - collect(func(key string) { - if _, exists := seen[key]; exists { - return - } - seen[key] = struct{}{} - keys = append(keys, key) - }) - if len(keys) == 0 { - return nil - } - sort.Strings(keys) - return keys -} - -func hashJoined(keys []string) string { - if len(keys) == 0 { - return "" - } - sum := sha256.Sum256([]byte(strings.Join(keys, "\n"))) - return hex.EncodeToString(sum[:]) -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/model_hash_test.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/model_hash_test.go deleted file mode 100644 index db06ebd12c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/model_hash_test.go +++ /dev/null @@ -1,194 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -func TestComputeOpenAICompatModelsHash_Deterministic(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: "gpt-3.5-turbo"}, - } - hash1 := ComputeOpenAICompatModelsHash(models) - hash2 := ComputeOpenAICompatModelsHash(models) - if hash1 == "" { - t.Fatal("hash should not be empty") - } - if hash1 != hash2 { - t.Fatalf("hash should be deterministic, got %s vs %s", hash1, hash2) - } - changed := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: "gpt-4"}, {Name: "gpt-4.1"}}) - if hash1 == changed { - t.Fatal("hash should change when model list changes") - } -} - -func TestComputeOpenAICompatModelsHash_NormalizesAndDedups(t *testing.T) { - a := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: " "}, - {Name: "GPT-4", Alias: "GPT4"}, - {Alias: "a1"}, - } - b := []config.OpenAICompatibilityModel{ - {Alias: "A1"}, - {Name: "gpt-4", Alias: "gpt4"}, - } - h1 := ComputeOpenAICompatModelsHash(a) - h2 := ComputeOpenAICompatModelsHash(b) - if h1 == "" || h2 == "" { - t.Fatal("expected non-empty hashes for non-empty model sets") - } - if h1 != h2 { - t.Fatalf("expected normalized hashes to match, got %s / %s", h1, h2) - } -} - -func TestComputeVertexCompatModelsHash_DifferentInputs(t *testing.T) { - models := []config.VertexCompatModel{{Name: "gemini-pro", Alias: "pro"}} - hash1 := ComputeVertexCompatModelsHash(models) - hash2 := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: "gemini-1.5-pro", Alias: "pro"}}) - if hash1 == "" || hash2 == "" { - t.Fatal("hashes should not be empty for non-empty models") - } - if hash1 == hash2 { - t.Fatal("hash should differ when model content differs") - } -} - -func TestComputeVertexCompatModelsHash_IgnoresBlankAndOrder(t *testing.T) { - a := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeVertexCompatModelsHash(a), ComputeVertexCompatModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeClaudeModelsHash_Empty(t *testing.T) { - if got := ComputeClaudeModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeClaudeModelsHash([]config.ClaudeModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeCodexModelsHash_Empty(t *testing.T) { - if got := ComputeCodexModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeCodexModelsHash([]config.CodexModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeClaudeModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeClaudeModelsHash(a), ComputeClaudeModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeCodexModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeCodexModelsHash(a), ComputeCodexModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeExcludedModelsHash_Normalizes(t *testing.T) { - hash1 := ComputeExcludedModelsHash([]string{" A ", "b", "a"}) - hash2 := ComputeExcludedModelsHash([]string{"a", " b", "A"}) - if hash1 == "" || hash2 == "" { - t.Fatal("hash should not be empty for non-empty input") - } - if hash1 != hash2 { - t.Fatalf("hash should be order/space insensitive for same multiset, got %s vs %s", hash1, hash2) - } - hash3 := ComputeExcludedModelsHash([]string{"c"}) - if hash1 == hash3 { - t.Fatal("hash should differ for different normalized sets") - } -} - -func TestComputeOpenAICompatModelsHash_Empty(t *testing.T) { - if got := ComputeOpenAICompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: " "}, {Alias: ""}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeVertexCompatModelsHash_Empty(t *testing.T) { - if got := ComputeVertexCompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: " "}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeExcludedModelsHash_Empty(t *testing.T) { - if got := ComputeExcludedModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{" ", ""}); got != "" { - t.Fatalf("expected empty hash for whitespace-only entries, got %q", got) - } -} - -func TestComputeClaudeModelsHash_Deterministic(t *testing.T) { - models := []config.ClaudeModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeClaudeModelsHash(models) - h2 := ComputeClaudeModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeClaudeModelsHash([]config.ClaudeModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} - -func TestComputeCodexModelsHash_Deterministic(t *testing.T) { - models := []config.CodexModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeCodexModelsHash(models) - h2 := ComputeCodexModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeCodexModelsHash([]config.CodexModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/models_summary.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/models_summary.go deleted file mode 100644 index 9c2aa91ac4..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/models_summary.go +++ /dev/null @@ -1,121 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -type GeminiModelsSummary struct { - hash string - count int -} - -type ClaudeModelsSummary struct { - hash string - count int -} - -type CodexModelsSummary struct { - hash string - count int -} - -type VertexModelsSummary struct { - hash string - count int -} - -// SummarizeGeminiModels hashes Gemini model aliases for change detection. -func SummarizeGeminiModels(models []config.GeminiModel) GeminiModelsSummary { - if len(models) == 0 { - return GeminiModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return GeminiModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeClaudeModels hashes Claude model aliases for change detection. -func SummarizeClaudeModels(models []config.ClaudeModel) ClaudeModelsSummary { - if len(models) == 0 { - return ClaudeModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return ClaudeModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeCodexModels hashes Codex model aliases for change detection. -func SummarizeCodexModels(models []config.CodexModel) CodexModelsSummary { - if len(models) == 0 { - return CodexModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return CodexModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeVertexModels hashes Vertex-compatible model aliases for change detection. -func SummarizeVertexModels(models []config.VertexCompatModel) VertexModelsSummary { - if len(models) == 0 { - return VertexModelsSummary{} - } - names := make([]string, 0, len(models)) - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - if alias != "" { - name = alias - } - names = append(names, name) - } - if len(names) == 0 { - return VertexModelsSummary{} - } - sort.Strings(names) - sum := sha256.Sum256([]byte(strings.Join(names, "|"))) - return VertexModelsSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(names), - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_excluded.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_excluded.go deleted file mode 100644 index 2039cf4898..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_excluded.go +++ /dev/null @@ -1,118 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -type ExcludedModelsSummary struct { - hash string - count int -} - -// SummarizeExcludedModels normalizes and hashes an excluded-model list. -func SummarizeExcludedModels(list []string) ExcludedModelsSummary { - if len(list) == 0 { - return ExcludedModelsSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, entry := range list { - if trimmed := strings.ToLower(strings.TrimSpace(entry)); trimmed != "" { - if _, exists := seen[trimmed]; exists { - continue - } - seen[trimmed] = struct{}{} - normalized = append(normalized, trimmed) - } - } - sort.Strings(normalized) - return ExcludedModelsSummary{ - hash: ComputeExcludedModelsHash(normalized), - count: len(normalized), - } -} - -// SummarizeOAuthExcludedModels summarizes OAuth excluded models per provider. -func SummarizeOAuthExcludedModels(entries map[string][]string) map[string]ExcludedModelsSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]ExcludedModelsSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = SummarizeExcludedModels(v) - } - return out -} - -// DiffOAuthExcludedModelChanges compares OAuth excluded models maps. -func DiffOAuthExcludedModelChanges(oldMap, newMap map[string][]string) ([]string, []string) { - oldSummary := SummarizeOAuthExcludedModels(oldMap) - newSummary := SummarizeOAuthExcludedModels(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -type AmpModelMappingsSummary struct { - hash string - count int -} - -// SummarizeAmpModelMappings hashes Amp model mappings for change detection. -func SummarizeAmpModelMappings(mappings []config.AmpModelMapping) AmpModelMappingsSummary { - if len(mappings) == 0 { - return AmpModelMappingsSummary{} - } - entries := make([]string, 0, len(mappings)) - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if from == "" && to == "" { - continue - } - entries = append(entries, from+"->"+to) - } - if len(entries) == 0 { - return AmpModelMappingsSummary{} - } - sort.Strings(entries) - sum := sha256.Sum256([]byte(strings.Join(entries, "|"))) - return AmpModelMappingsSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(entries), - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_excluded_test.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_excluded_test.go deleted file mode 100644 index f5ad391358..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_excluded_test.go +++ /dev/null @@ -1,109 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -func TestSummarizeExcludedModels_NormalizesAndDedupes(t *testing.T) { - summary := SummarizeExcludedModels([]string{"A", " a ", "B", "b"}) - if summary.count != 2 { - t.Fatalf("expected 2 unique entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeExcludedModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } -} - -func TestDiffOAuthExcludedModelChanges(t *testing.T) { - oldMap := map[string][]string{ - "ProviderA": {"model-1", "model-2"}, - "providerB": {"x"}, - } - newMap := map[string][]string{ - "providerA": {"model-1", "model-3"}, - "providerC": {"y"}, - } - - changes, affected := DiffOAuthExcludedModelChanges(oldMap, newMap) - expectContains(t, changes, "oauth-excluded-models[providera]: updated (2 -> 2 entries)") - expectContains(t, changes, "oauth-excluded-models[providerb]: removed") - expectContains(t, changes, "oauth-excluded-models[providerc]: added (1 entries)") - - if len(affected) != 3 { - t.Fatalf("expected 3 affected providers, got %d", len(affected)) - } -} - -func TestSummarizeAmpModelMappings(t *testing.T) { - summary := SummarizeAmpModelMappings([]config.AmpModelMapping{ - {From: "a", To: "A"}, - {From: "b", To: "B"}, - {From: " ", To: " "}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeAmpModelMappings(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeAmpModelMappings([]config.AmpModelMapping{{From: " ", To: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank mappings ignored, got %+v", blank) - } -} - -func TestSummarizeOAuthExcludedModels_NormalizesKeys(t *testing.T) { - out := SummarizeOAuthExcludedModels(map[string][]string{ - "ProvA": {"X"}, - "": {"ignored"}, - }) - if len(out) != 1 { - t.Fatalf("expected only non-empty key summary, got %d", len(out)) - } - if _, ok := out["prova"]; !ok { - t.Fatalf("expected normalized key 'prova', got keys %v", out) - } - if out["prova"].count != 1 || out["prova"].hash == "" { - t.Fatalf("unexpected summary %+v", out["prova"]) - } - if outEmpty := SummarizeOAuthExcludedModels(nil); outEmpty != nil { - t.Fatalf("expected nil map for nil input, got %v", outEmpty) - } -} - -func TestSummarizeVertexModels(t *testing.T) { - summary := SummarizeVertexModels([]config.VertexCompatModel{ - {Name: "m1"}, - {Name: " ", Alias: "alias"}, - {}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 vertex models, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeVertexModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeVertexModels([]config.VertexCompatModel{{Name: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank model ignored, got %+v", blank) - } -} - -func expectContains(t *testing.T, list []string, target string) { - t.Helper() - for _, entry := range list { - if entry == target { - return - } - } - t.Fatalf("expected list to contain %q, got %#v", target, list) -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_model_alias.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_model_alias.go deleted file mode 100644 index c5a17d2940..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/oauth_model_alias.go +++ /dev/null @@ -1,101 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -type OAuthModelAliasSummary struct { - hash string - count int -} - -// SummarizeOAuthModelAlias summarizes OAuth model alias per channel. -func SummarizeOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string]OAuthModelAliasSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]OAuthModelAliasSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = summarizeOAuthModelAliasList(v) - } - if len(out) == 0 { - return nil - } - return out -} - -// DiffOAuthModelAliasChanges compares OAuth model alias maps. -func DiffOAuthModelAliasChanges(oldMap, newMap map[string][]config.OAuthModelAlias) ([]string, []string) { - oldSummary := SummarizeOAuthModelAlias(oldMap) - newSummary := SummarizeOAuthModelAlias(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -func summarizeOAuthModelAliasList(list []config.OAuthModelAlias) OAuthModelAliasSummary { - if len(list) == 0 { - return OAuthModelAliasSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, alias := range list { - name := strings.ToLower(strings.TrimSpace(alias.Name)) - aliasVal := strings.ToLower(strings.TrimSpace(alias.Alias)) - if name == "" || aliasVal == "" { - continue - } - key := name + "->" + aliasVal - if alias.Fork { - key += "|fork" - } - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - normalized = append(normalized, key) - } - if len(normalized) == 0 { - return OAuthModelAliasSummary{} - } - sort.Strings(normalized) - sum := sha256.Sum256([]byte(strings.Join(normalized, "|"))) - return OAuthModelAliasSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(normalized), - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/openai_compat.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/openai_compat.go deleted file mode 100644 index 6b01aed296..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/openai_compat.go +++ /dev/null @@ -1,183 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// DiffOpenAICompatibility produces human-readable change descriptions. -func DiffOpenAICompatibility(oldList, newList []config.OpenAICompatibility) []string { - changes := make([]string, 0) - oldMap := make(map[string]config.OpenAICompatibility, len(oldList)) - oldLabels := make(map[string]string, len(oldList)) - for idx, entry := range oldList { - key, label := openAICompatKey(entry, idx) - oldMap[key] = entry - oldLabels[key] = label - } - newMap := make(map[string]config.OpenAICompatibility, len(newList)) - newLabels := make(map[string]string, len(newList)) - for idx, entry := range newList { - key, label := openAICompatKey(entry, idx) - newMap[key] = entry - newLabels[key] = label - } - keySet := make(map[string]struct{}, len(oldMap)+len(newMap)) - for key := range oldMap { - keySet[key] = struct{}{} - } - for key := range newMap { - keySet[key] = struct{}{} - } - orderedKeys := make([]string, 0, len(keySet)) - for key := range keySet { - orderedKeys = append(orderedKeys, key) - } - sort.Strings(orderedKeys) - for _, key := range orderedKeys { - oldEntry, oldOk := oldMap[key] - newEntry, newOk := newMap[key] - label := oldLabels[key] - if label == "" { - label = newLabels[key] - } - switch { - case !oldOk: - changes = append(changes, fmt.Sprintf("provider added: %s (api-keys=%d, models=%d)", label, countAPIKeys(newEntry), countOpenAIModels(newEntry.Models))) - case !newOk: - changes = append(changes, fmt.Sprintf("provider removed: %s (api-keys=%d, models=%d)", label, countAPIKeys(oldEntry), countOpenAIModels(oldEntry.Models))) - default: - if detail := describeOpenAICompatibilityUpdate(oldEntry, newEntry); detail != "" { - changes = append(changes, fmt.Sprintf("provider updated: %s %s", label, detail)) - } - } - } - return changes -} - -func describeOpenAICompatibilityUpdate(oldEntry, newEntry config.OpenAICompatibility) string { - oldKeyCount := countAPIKeys(oldEntry) - newKeyCount := countAPIKeys(newEntry) - oldModelCount := countOpenAIModels(oldEntry.Models) - newModelCount := countOpenAIModels(newEntry.Models) - details := make([]string, 0, 3) - if oldKeyCount != newKeyCount { - details = append(details, fmt.Sprintf("api-keys %d -> %d", oldKeyCount, newKeyCount)) - } - if oldModelCount != newModelCount { - details = append(details, fmt.Sprintf("models %d -> %d", oldModelCount, newModelCount)) - } - if !equalStringMap(oldEntry.Headers, newEntry.Headers) { - details = append(details, "headers updated") - } - if len(details) == 0 { - return "" - } - return "(" + strings.Join(details, ", ") + ")" -} - -func countAPIKeys(entry config.OpenAICompatibility) int { - count := 0 - for _, keyEntry := range entry.APIKeyEntries { - if strings.TrimSpace(keyEntry.APIKey) != "" { - count++ - } - } - return count -} - -func countOpenAIModels(models []config.OpenAICompatibilityModel) int { - count := 0 - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - count++ - } - return count -} - -func openAICompatKey(entry config.OpenAICompatibility, index int) (string, string) { - name := strings.TrimSpace(entry.Name) - if name != "" { - return "name:" + name, name - } - base := strings.TrimSpace(entry.BaseURL) - if base != "" { - return "base:" + base, base - } - for _, model := range entry.Models { - alias := strings.TrimSpace(model.Alias) - if alias == "" { - alias = strings.TrimSpace(model.Name) - } - if alias != "" { - return "alias:" + alias, alias - } - } - sig := openAICompatSignature(entry) - if sig == "" { - return fmt.Sprintf("index:%d", index), fmt.Sprintf("entry-%d", index+1) - } - short := sig - if len(short) > 8 { - short = short[:8] - } - return "sig:" + sig, "compat-" + short -} - -func openAICompatSignature(entry config.OpenAICompatibility) string { - var parts []string - - if v := strings.TrimSpace(entry.Name); v != "" { - parts = append(parts, "name="+strings.ToLower(v)) - } - if v := strings.TrimSpace(entry.BaseURL); v != "" { - parts = append(parts, "base="+v) - } - - models := make([]string, 0, len(entry.Models)) - for _, model := range entry.Models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - models = append(models, strings.ToLower(name)+"|"+strings.ToLower(alias)) - } - if len(models) > 0 { - sort.Strings(models) - parts = append(parts, "models="+strings.Join(models, ",")) - } - - if len(entry.Headers) > 0 { - keys := make([]string, 0, len(entry.Headers)) - for k := range entry.Headers { - if trimmed := strings.TrimSpace(k); trimmed != "" { - keys = append(keys, strings.ToLower(trimmed)) - } - } - if len(keys) > 0 { - sort.Strings(keys) - parts = append(parts, "headers="+strings.Join(keys, ",")) - } - } - - // Intentionally exclude API key material; only count non-empty entries. - if count := countAPIKeys(entry); count > 0 { - parts = append(parts, fmt.Sprintf("api_keys=%d", count)) - } - - if len(parts) == 0 { - return "" - } - sum := sha256.Sum256([]byte(strings.Join(parts, "|"))) - return hex.EncodeToString(sum[:]) -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/diff/openai_compat_test.go b/.worktrees/config/m/config-build/active/internal/watcher/diff/openai_compat_test.go deleted file mode 100644 index db33db1487..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/diff/openai_compat_test.go +++ /dev/null @@ -1,187 +0,0 @@ -package diff - -import ( - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -func TestDiffOpenAICompatibility(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - }, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - {APIKey: "key-b"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: "m2"}, - }, - Headers: map[string]string{"X-Test": "1"}, - }, - { - Name: "provider-b", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-b"}}, - }, - } - - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider added: provider-b (api-keys=1, models=0)") - expectContains(t, changes, "provider updated: provider-a (api-keys 1 -> 2, models 1 -> 2, headers updated)") -} - -func TestDiffOpenAICompatibility_RemovedAndUnchanged(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - if changes := DiffOpenAICompatibility(oldList, newList); len(changes) != 0 { - t.Fatalf("expected no changes, got %v", changes) - } - - newList = nil - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider removed: provider-a (api-keys=1, models=1)") -} - -func TestOpenAICompatKeyFallbacks(t *testing.T) { - entry := config.OpenAICompatibility{ - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{{Alias: "alias-only"}}, - } - key, label := openAICompatKey(entry, 0) - if key != "base:http://base" || label != "http://base" { - t.Fatalf("expected base key, got %s/%s", key, label) - } - - entry.BaseURL = "" - key, label = openAICompatKey(entry, 1) - if key != "alias:alias-only" || label != "alias-only" { - t.Fatalf("expected alias fallback, got %s/%s", key, label) - } - - entry.Models = nil - key, label = openAICompatKey(entry, 2) - if key != "index:2" || label != "entry-3" { - t.Fatalf("expected index fallback, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_UsesName(t *testing.T) { - entry := config.OpenAICompatibility{Name: "My-Provider"} - key, label := openAICompatKey(entry, 0) - if key != "name:My-Provider" || label != "My-Provider" { - t.Fatalf("expected name key, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_SignatureFallbackWhenOnlyAPIKeys(t *testing.T) { - entry := config.OpenAICompatibility{ - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k1"}, {APIKey: "k2"}}, - } - key, label := openAICompatKey(entry, 0) - if !strings.HasPrefix(key, "sig:") || !strings.HasPrefix(label, "compat-") { - t.Fatalf("expected signature key, got %s/%s", key, label) - } -} - -func TestOpenAICompatSignature_EmptyReturnsEmpty(t *testing.T) { - if got := openAICompatSignature(config.OpenAICompatibility{}); got != "" { - t.Fatalf("expected empty signature, got %q", got) - } -} - -func TestOpenAICompatSignature_StableAndNormalized(t *testing.T) { - a := config.OpenAICompatibility{ - Name: " Provider ", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: " "}, - {Alias: "A1"}, - }, - Headers: map[string]string{ - "X-Test": "1", - " ": "ignored", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - {APIKey: " "}, - }, - } - b := config.OpenAICompatibility{ - Name: "provider", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Alias: "a1"}, - {Name: "m1"}, - }, - Headers: map[string]string{ - "x-test": "2", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k2"}, - }, - } - - sigA := openAICompatSignature(a) - sigB := openAICompatSignature(b) - if sigA == "" || sigB == "" { - t.Fatalf("expected non-empty signatures, got %q / %q", sigA, sigB) - } - if sigA != sigB { - t.Fatalf("expected normalized signatures to match, got %s / %s", sigA, sigB) - } - - c := b - c.Models = append(c.Models, config.OpenAICompatibilityModel{Name: "m2"}) - if sigC := openAICompatSignature(c); sigC == sigB { - t.Fatalf("expected signature to change when models change, got %s", sigC) - } -} - -func TestCountOpenAIModelsSkipsBlanks(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: ""}, - {Alias: ""}, - {Name: " "}, - {Alias: "a1"}, - } - if got := countOpenAIModels(models); got != 2 { - t.Fatalf("expected 2 counted models, got %d", got) - } -} - -func TestOpenAICompatKeyUsesModelNameWhenAliasEmpty(t *testing.T) { - entry := config.OpenAICompatibility{ - Models: []config.OpenAICompatibilityModel{{Name: "model-name"}}, - } - key, label := openAICompatKey(entry, 5) - if key != "alias:model-name" || label != "model-name" { - t.Fatalf("expected model-name fallback, got %s/%s", key, label) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/dispatcher.go b/.worktrees/config/m/config-build/active/internal/watcher/dispatcher.go deleted file mode 100644 index ff3c5b632c..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/dispatcher.go +++ /dev/null @@ -1,273 +0,0 @@ -// dispatcher.go implements auth update dispatching and queue management. -// It batches, deduplicates, and delivers auth updates to registered consumers. -package watcher - -import ( - "context" - "fmt" - "reflect" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/synthesizer" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func (w *Watcher) setAuthUpdateQueue(queue chan<- AuthUpdate) { - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - w.authQueue = queue - if w.dispatchCond == nil { - w.dispatchCond = sync.NewCond(&w.dispatchMu) - } - if w.dispatchCancel != nil { - w.dispatchCancel() - if w.dispatchCond != nil { - w.dispatchMu.Lock() - w.dispatchCond.Broadcast() - w.dispatchMu.Unlock() - } - w.dispatchCancel = nil - } - if queue != nil { - ctx, cancel := context.WithCancel(context.Background()) - w.dispatchCancel = cancel - go w.dispatchLoop(ctx) - } -} - -func (w *Watcher) dispatchRuntimeAuthUpdate(update AuthUpdate) bool { - if w == nil { - return false - } - w.clientsMutex.Lock() - if w.runtimeAuths == nil { - w.runtimeAuths = make(map[string]*coreauth.Auth) - } - switch update.Action { - case AuthUpdateActionAdd, AuthUpdateActionModify: - if update.Auth != nil && update.Auth.ID != "" { - clone := update.Auth.Clone() - w.runtimeAuths[clone.ID] = clone - if w.currentAuths == nil { - w.currentAuths = make(map[string]*coreauth.Auth) - } - w.currentAuths[clone.ID] = clone.Clone() - } - case AuthUpdateActionDelete: - id := update.ID - if id == "" && update.Auth != nil { - id = update.Auth.ID - } - if id != "" { - delete(w.runtimeAuths, id) - if w.currentAuths != nil { - delete(w.currentAuths, id) - } - } - } - w.clientsMutex.Unlock() - if w.getAuthQueue() == nil { - return false - } - w.dispatchAuthUpdates([]AuthUpdate{update}) - return true -} - -func (w *Watcher) refreshAuthState(force bool) { - auths := w.SnapshotCoreAuths() - w.clientsMutex.Lock() - if len(w.runtimeAuths) > 0 { - for _, a := range w.runtimeAuths { - if a != nil { - auths = append(auths, a.Clone()) - } - } - } - updates := w.prepareAuthUpdatesLocked(auths, force) - w.clientsMutex.Unlock() - w.dispatchAuthUpdates(updates) -} - -func (w *Watcher) prepareAuthUpdatesLocked(auths []*coreauth.Auth, force bool) []AuthUpdate { - newState := make(map[string]*coreauth.Auth, len(auths)) - for _, auth := range auths { - if auth == nil || auth.ID == "" { - continue - } - newState[auth.ID] = auth.Clone() - } - if w.currentAuths == nil { - w.currentAuths = newState - if w.authQueue == nil { - return nil - } - updates := make([]AuthUpdate, 0, len(newState)) - for id, auth := range newState { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionAdd, ID: id, Auth: auth.Clone()}) - } - return updates - } - if w.authQueue == nil { - w.currentAuths = newState - return nil - } - updates := make([]AuthUpdate, 0, len(newState)+len(w.currentAuths)) - for id, auth := range newState { - if existing, ok := w.currentAuths[id]; !ok { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionAdd, ID: id, Auth: auth.Clone()}) - } else if force || !authEqual(existing, auth) { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionModify, ID: id, Auth: auth.Clone()}) - } - } - for id := range w.currentAuths { - if _, ok := newState[id]; !ok { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionDelete, ID: id}) - } - } - w.currentAuths = newState - return updates -} - -func (w *Watcher) dispatchAuthUpdates(updates []AuthUpdate) { - if len(updates) == 0 { - return - } - queue := w.getAuthQueue() - if queue == nil { - return - } - baseTS := time.Now().UnixNano() - w.dispatchMu.Lock() - if w.pendingUpdates == nil { - w.pendingUpdates = make(map[string]AuthUpdate) - } - for idx, update := range updates { - key := w.authUpdateKey(update, baseTS+int64(idx)) - if _, exists := w.pendingUpdates[key]; !exists { - w.pendingOrder = append(w.pendingOrder, key) - } - w.pendingUpdates[key] = update - } - if w.dispatchCond != nil { - w.dispatchCond.Signal() - } - w.dispatchMu.Unlock() -} - -func (w *Watcher) authUpdateKey(update AuthUpdate, ts int64) string { - if update.ID != "" { - return update.ID - } - return fmt.Sprintf("%s:%d", update.Action, ts) -} - -func (w *Watcher) dispatchLoop(ctx context.Context) { - for { - batch, ok := w.nextPendingBatch(ctx) - if !ok { - return - } - queue := w.getAuthQueue() - if queue == nil { - if ctx.Err() != nil { - return - } - time.Sleep(10 * time.Millisecond) - continue - } - for _, update := range batch { - select { - case queue <- update: - case <-ctx.Done(): - return - } - } - } -} - -func (w *Watcher) nextPendingBatch(ctx context.Context) ([]AuthUpdate, bool) { - w.dispatchMu.Lock() - defer w.dispatchMu.Unlock() - for len(w.pendingOrder) == 0 { - if ctx.Err() != nil { - return nil, false - } - w.dispatchCond.Wait() - if ctx.Err() != nil { - return nil, false - } - } - batch := make([]AuthUpdate, 0, len(w.pendingOrder)) - for _, key := range w.pendingOrder { - batch = append(batch, w.pendingUpdates[key]) - delete(w.pendingUpdates, key) - } - w.pendingOrder = w.pendingOrder[:0] - return batch, true -} - -func (w *Watcher) getAuthQueue() chan<- AuthUpdate { - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - return w.authQueue -} - -func (w *Watcher) stopDispatch() { - if w.dispatchCancel != nil { - w.dispatchCancel() - w.dispatchCancel = nil - } - w.dispatchMu.Lock() - w.pendingOrder = nil - w.pendingUpdates = nil - if w.dispatchCond != nil { - w.dispatchCond.Broadcast() - } - w.dispatchMu.Unlock() - w.clientsMutex.Lock() - w.authQueue = nil - w.clientsMutex.Unlock() -} - -func authEqual(a, b *coreauth.Auth) bool { - return reflect.DeepEqual(normalizeAuth(a), normalizeAuth(b)) -} - -func normalizeAuth(a *coreauth.Auth) *coreauth.Auth { - if a == nil { - return nil - } - clone := a.Clone() - clone.CreatedAt = time.Time{} - clone.UpdatedAt = time.Time{} - clone.LastRefreshedAt = time.Time{} - clone.NextRefreshAfter = time.Time{} - clone.Runtime = nil - clone.Quota.NextRecoverAt = time.Time{} - return clone -} - -func snapshotCoreAuths(cfg *config.Config, authDir string) []*coreauth.Auth { - ctx := &synthesizer.SynthesisContext{ - Config: cfg, - AuthDir: authDir, - Now: time.Now(), - IDGenerator: synthesizer.NewStableIDGenerator(), - } - - var out []*coreauth.Auth - - configSynth := synthesizer.NewConfigSynthesizer() - if auths, err := configSynth.Synthesize(ctx); err == nil { - out = append(out, auths...) - } - - fileSynth := synthesizer.NewFileSynthesizer() - if auths, err := fileSynth.Synthesize(ctx); err == nil { - out = append(out, auths...) - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/events.go b/.worktrees/config/m/config-build/active/internal/watcher/events.go deleted file mode 100644 index fb96ad2a35..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/events.go +++ /dev/null @@ -1,262 +0,0 @@ -// events.go implements fsnotify event handling for config and auth file changes. -// It normalizes paths, debounces noisy events, and triggers reload/update logic. -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - "github.com/fsnotify/fsnotify" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - log "github.com/sirupsen/logrus" -) - -func matchProvider(provider string, targets []string) (string, bool) { - p := strings.ToLower(strings.TrimSpace(provider)) - for _, t := range targets { - if strings.EqualFold(p, strings.TrimSpace(t)) { - return p, true - } - } - return p, false -} - -func (w *Watcher) start(ctx context.Context) error { - if errAddConfig := w.watcher.Add(w.configPath); errAddConfig != nil { - log.Errorf("failed to watch config file %s: %v", w.configPath, errAddConfig) - return errAddConfig - } - log.Debugf("watching config file: %s", w.configPath) - - if errAddAuthDir := w.watcher.Add(w.authDir); errAddAuthDir != nil { - log.Errorf("failed to watch auth directory %s: %v", w.authDir, errAddAuthDir) - return errAddAuthDir - } - log.Debugf("watching auth directory: %s", w.authDir) - - w.watchKiroIDETokenFile() - - go w.processEvents(ctx) - - w.reloadClients(true, nil, false) - return nil -} - -func (w *Watcher) watchKiroIDETokenFile() { - homeDir, err := os.UserHomeDir() - if err != nil { - log.Debugf("failed to get home directory for Kiro IDE token watch: %v", err) - return - } - - kiroTokenDir := filepath.Join(homeDir, ".aws", "sso", "cache") - - if _, statErr := os.Stat(kiroTokenDir); os.IsNotExist(statErr) { - log.Debugf("Kiro IDE token directory does not exist: %s", kiroTokenDir) - return - } - - if errAdd := w.watcher.Add(kiroTokenDir); errAdd != nil { - log.Debugf("failed to watch Kiro IDE token directory %s: %v", kiroTokenDir, errAdd) - return - } - log.Debugf("watching Kiro IDE token directory: %s", kiroTokenDir) -} - -func (w *Watcher) processEvents(ctx context.Context) { - for { - select { - case <-ctx.Done(): - return - case event, ok := <-w.watcher.Events: - if !ok { - return - } - w.handleEvent(event) - case errWatch, ok := <-w.watcher.Errors: - if !ok { - return - } - log.Errorf("file watcher error: %v", errWatch) - } - } -} - -func (w *Watcher) handleEvent(event fsnotify.Event) { - // Filter only relevant events: config file or auth-dir JSON files. - configOps := fsnotify.Write | fsnotify.Create | fsnotify.Rename - normalizedName := w.normalizeAuthPath(event.Name) - normalizedConfigPath := w.normalizeAuthPath(w.configPath) - normalizedAuthDir := w.normalizeAuthPath(w.authDir) - isConfigEvent := normalizedName == normalizedConfigPath && event.Op&configOps != 0 - authOps := fsnotify.Create | fsnotify.Write | fsnotify.Remove | fsnotify.Rename - isAuthJSON := strings.HasPrefix(normalizedName, normalizedAuthDir) && strings.HasSuffix(normalizedName, ".json") && event.Op&authOps != 0 - isKiroIDEToken := w.isKiroIDETokenFile(event.Name) && event.Op&authOps != 0 - if !isConfigEvent && !isAuthJSON && !isKiroIDEToken { - // Ignore unrelated files (e.g., cookie snapshots *.cookie) and other noise. - return - } - - if isKiroIDEToken { - w.handleKiroIDETokenChange(event) - return - } - - now := time.Now() - log.Debugf("file system event detected: %s %s", event.Op.String(), event.Name) - - // Handle config file changes - if isConfigEvent { - log.Debugf("config file change details - operation: %s, timestamp: %s", event.Op.String(), now.Format("2006-01-02 15:04:05.000")) - w.scheduleConfigReload() - return - } - - // Handle auth directory changes incrementally (.json only) - if event.Op&(fsnotify.Remove|fsnotify.Rename) != 0 { - if w.shouldDebounceRemove(normalizedName, now) { - log.Debugf("debouncing remove event for %s", filepath.Base(event.Name)) - return - } - // Atomic replace on some platforms may surface as Rename (or Remove) before the new file is ready. - // Wait briefly; if the path exists again, treat as an update instead of removal. - time.Sleep(replaceCheckDelay) - if _, statErr := os.Stat(event.Name); statErr == nil { - if unchanged, errSame := w.authFileUnchanged(event.Name); errSame == nil && unchanged { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(event.Name)) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", event.Op.String(), filepath.Base(event.Name)) - w.addOrUpdateClient(event.Name) - return - } - if !w.isKnownAuthFile(event.Name) { - log.Debugf("ignoring remove for unknown auth file: %s", filepath.Base(event.Name)) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", event.Op.String(), filepath.Base(event.Name)) - w.removeClient(event.Name) - return - } - if event.Op&(fsnotify.Create|fsnotify.Write) != 0 { - if unchanged, errSame := w.authFileUnchanged(event.Name); errSame == nil && unchanged { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(event.Name)) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", event.Op.String(), filepath.Base(event.Name)) - w.addOrUpdateClient(event.Name) - } -} - -func (w *Watcher) isKiroIDETokenFile(path string) bool { - normalized := filepath.ToSlash(path) - return strings.HasSuffix(normalized, "kiro-auth-token.json") && strings.Contains(normalized, ".aws/sso/cache") -} - -func (w *Watcher) handleKiroIDETokenChange(event fsnotify.Event) { - log.Debugf("Kiro IDE token file event detected: %s %s", event.Op.String(), event.Name) - - if event.Op&(fsnotify.Remove|fsnotify.Rename) != 0 { - time.Sleep(replaceCheckDelay) - if _, statErr := os.Stat(event.Name); statErr != nil { - log.Debugf("Kiro IDE token file removed: %s", event.Name) - return - } - } - - // Use retry logic to handle file lock contention (e.g., Kiro IDE writing the file) - // This prevents "being used by another process" errors on Windows - tokenData, err := kiroauth.LoadKiroIDETokenWithRetry(10, 50*time.Millisecond) - if err != nil { - log.Debugf("failed to load Kiro IDE token after change: %v", err) - return - } - - log.Infof("Kiro IDE token file updated, access token refreshed (provider: %s)", tokenData.Provider) - - w.refreshAuthState(true) - - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - - if w.reloadCallback != nil && cfg != nil { - log.Debugf("triggering server update callback after Kiro IDE token change") - w.reloadCallback(cfg) - } -} - -func (w *Watcher) authFileUnchanged(path string) (bool, error) { - data, errRead := os.ReadFile(path) - if errRead != nil { - return false, errRead - } - if len(data) == 0 { - return false, nil - } - sum := sha256.Sum256(data) - curHash := hex.EncodeToString(sum[:]) - - normalized := w.normalizeAuthPath(path) - w.clientsMutex.RLock() - prevHash, ok := w.lastAuthHashes[normalized] - w.clientsMutex.RUnlock() - if ok && prevHash == curHash { - return true, nil - } - return false, nil -} - -func (w *Watcher) isKnownAuthFile(path string) bool { - normalized := w.normalizeAuthPath(path) - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - _, ok := w.lastAuthHashes[normalized] - return ok -} - -func (w *Watcher) normalizeAuthPath(path string) string { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "" - } - cleaned := filepath.Clean(trimmed) - if runtime.GOOS == "windows" { - cleaned = strings.TrimPrefix(cleaned, `\\?\`) - cleaned = strings.ToLower(cleaned) - } - return cleaned -} - -func (w *Watcher) shouldDebounceRemove(normalizedPath string, now time.Time) bool { - if normalizedPath == "" { - return false - } - w.clientsMutex.Lock() - if w.lastRemoveTimes == nil { - w.lastRemoveTimes = make(map[string]time.Time) - } - if last, ok := w.lastRemoveTimes[normalizedPath]; ok { - if now.Sub(last) < authRemoveDebounceWindow { - w.clientsMutex.Unlock() - return true - } - } - w.lastRemoveTimes[normalizedPath] = now - if len(w.lastRemoveTimes) > 128 { - cutoff := now.Add(-2 * authRemoveDebounceWindow) - for p, t := range w.lastRemoveTimes { - if t.Before(cutoff) { - delete(w.lastRemoveTimes, p) - } - } - } - w.clientsMutex.Unlock() - return false -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/config.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/config.go deleted file mode 100644 index e044117ffe..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/config.go +++ /dev/null @@ -1,419 +0,0 @@ -package synthesizer - -import ( - "fmt" - "strconv" - "strings" - - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/diff" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// ConfigSynthesizer generates Auth entries from configuration API keys. -// It handles Gemini, Claude, Codex, OpenAI-compat, and Vertex-compat providers. -type ConfigSynthesizer struct{} - -// NewConfigSynthesizer creates a new ConfigSynthesizer instance. -func NewConfigSynthesizer() *ConfigSynthesizer { - return &ConfigSynthesizer{} -} - -// Synthesize generates Auth entries from config API keys. -func (s *ConfigSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 32) - if ctx == nil || ctx.Config == nil { - return out, nil - } - - // Gemini API Keys - out = append(out, s.synthesizeGeminiKeys(ctx)...) - // Claude API Keys - out = append(out, s.synthesizeClaudeKeys(ctx)...) - // Codex API Keys - out = append(out, s.synthesizeCodexKeys(ctx)...) - // Kiro (AWS CodeWhisperer) - out = append(out, s.synthesizeKiroKeys(ctx)...) - // OpenAI-compat - out = append(out, s.synthesizeOpenAICompat(ctx)...) - // Vertex-compat - out = append(out, s.synthesizeVertexCompat(ctx)...) - - return out, nil -} - -// synthesizeGeminiKeys creates Auth entries for Gemini API keys. -func (s *ConfigSynthesizer) synthesizeGeminiKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.GeminiKey)) - for i := range cfg.GeminiKey { - entry := cfg.GeminiKey[i] - key := strings.TrimSpace(entry.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(entry.Prefix) - base := strings.TrimSpace(entry.BaseURL) - proxyURL := strings.TrimSpace(entry.ProxyURL) - id, token := idGen.Next("gemini:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:gemini[%s]", token), - "api_key": key, - } - if entry.Priority != 0 { - attrs["priority"] = strconv.Itoa(entry.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeGeminiModelsHash(entry.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(entry.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: "gemini", - Label: "gemini-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, entry.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeClaudeKeys creates Auth entries for Claude API keys. -func (s *ConfigSynthesizer) synthesizeClaudeKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.ClaudeKey)) - for i := range cfg.ClaudeKey { - ck := cfg.ClaudeKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - base := strings.TrimSpace(ck.BaseURL) - id, token := idGen.Next("claude:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:claude[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeClaudeModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "claude", - Label: "claude-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeCodexKeys creates Auth entries for Codex API keys. -func (s *ConfigSynthesizer) synthesizeCodexKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.CodexKey)) - for i := range cfg.CodexKey { - ck := cfg.CodexKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - id, token := idGen.Next("codex:apikey", key, ck.BaseURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:codex[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if ck.BaseURL != "" { - attrs["base_url"] = ck.BaseURL - } - if ck.Websockets { - attrs["websockets"] = "true" - } - if hash := diff.ComputeCodexModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "codex", - Label: "codex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeOpenAICompat creates Auth entries for OpenAI-compatible providers. -func (s *ConfigSynthesizer) synthesizeOpenAICompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0) - for i := range cfg.OpenAICompatibility { - compat := &cfg.OpenAICompatibility[i] - prefix := strings.TrimSpace(compat.Prefix) - providerName := strings.ToLower(strings.TrimSpace(compat.Name)) - if providerName == "" { - providerName = "openai-compatibility" - } - base := strings.TrimSpace(compat.BaseURL) - - // Handle new APIKeyEntries format (preferred) - createdEntries := 0 - for j := range compat.APIKeyEntries { - entry := &compat.APIKeyEntries[j] - key := strings.TrimSpace(entry.APIKey) - proxyURL := strings.TrimSpace(entry.ProxyURL) - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, key, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if key != "" { - attrs["api_key"] = key - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - createdEntries++ - } - // Fallback: create entry without API key if no APIKeyEntries - if createdEntries == 0 { - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - } - } - return out -} - -// synthesizeVertexCompat creates Auth entries for Vertex-compatible providers. -func (s *ConfigSynthesizer) synthesizeVertexCompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.VertexCompatAPIKey)) - for i := range cfg.VertexCompatAPIKey { - compat := &cfg.VertexCompatAPIKey[i] - providerName := "vertex" - base := strings.TrimSpace(compat.BaseURL) - - key := strings.TrimSpace(compat.APIKey) - prefix := strings.TrimSpace(compat.Prefix) - proxyURL := strings.TrimSpace(compat.ProxyURL) - idKind := "vertex:apikey" - id, token := idGen.Next(idKind, key, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:vertex-apikey[%s]", token), - "base_url": base, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if key != "" { - attrs["api_key"] = key - } - if hash := diff.ComputeVertexCompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: "vertex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, nil, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeKiroKeys creates Auth entries for Kiro (AWS CodeWhisperer) tokens. -func (s *ConfigSynthesizer) synthesizeKiroKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - if len(cfg.KiroKey) == 0 { - return nil - } - - out := make([]*coreauth.Auth, 0, len(cfg.KiroKey)) - kAuth := kiroauth.NewKiroAuth(cfg) - - for i := range cfg.KiroKey { - kk := cfg.KiroKey[i] - var accessToken, profileArn, refreshToken string - - // Try to load from token file first - if kk.TokenFile != "" && kAuth != nil { - tokenData, err := kAuth.LoadTokenFromFile(kk.TokenFile) - if err != nil { - log.Warnf("failed to load kiro token file %s: %v", kk.TokenFile, err) - } else { - accessToken = tokenData.AccessToken - profileArn = tokenData.ProfileArn - refreshToken = tokenData.RefreshToken - } - } - - // Override with direct config values if provided - if kk.AccessToken != "" { - accessToken = kk.AccessToken - } - if kk.ProfileArn != "" { - profileArn = kk.ProfileArn - } - if kk.RefreshToken != "" { - refreshToken = kk.RefreshToken - } - - if accessToken == "" { - log.Warnf("kiro config[%d] missing access_token, skipping", i) - continue - } - - // profileArn is optional for AWS Builder ID users - id, token := idGen.Next("kiro:token", accessToken, profileArn) - attrs := map[string]string{ - "source": fmt.Sprintf("config:kiro[%s]", token), - "access_token": accessToken, - } - if profileArn != "" { - attrs["profile_arn"] = profileArn - } - if kk.Region != "" { - attrs["region"] = kk.Region - } - if kk.AgentTaskType != "" { - attrs["agent_task_type"] = kk.AgentTaskType - } - if kk.PreferredEndpoint != "" { - attrs["preferred_endpoint"] = kk.PreferredEndpoint - } else if cfg.KiroPreferredEndpoint != "" { - // Apply global default if not overridden by specific key - attrs["preferred_endpoint"] = cfg.KiroPreferredEndpoint - } - if refreshToken != "" { - attrs["refresh_token"] = refreshToken - } - proxyURL := strings.TrimSpace(kk.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "kiro", - Label: "kiro-token", - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - - if refreshToken != "" { - if a.Metadata == nil { - a.Metadata = make(map[string]any) - } - a.Metadata["refresh_token"] = refreshToken - } - - out = append(out, a) - } - return out -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/config_test.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/config_test.go deleted file mode 100644 index 437f18d11e..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/config_test.go +++ /dev/null @@ -1,617 +0,0 @@ -package synthesizer - -import ( - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestNewConfigSynthesizer(t *testing.T) { - synth := NewConfigSynthesizer() - if synth == nil { - t.Fatal("expected non-nil synthesizer") - } -} - -func TestConfigSynthesizer_Synthesize_NilContext(t *testing.T) { - synth := NewConfigSynthesizer() - auths, err := synth.Synthesize(nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestConfigSynthesizer_Synthesize_NilConfig(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: nil, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestConfigSynthesizer_GeminiKeys(t *testing.T) { - tests := []struct { - name string - geminiKeys []config.GeminiKey - wantLen int - validate func(*testing.T, []*coreauth.Auth) - }{ - { - name: "single gemini key", - geminiKeys: []config.GeminiKey{ - {APIKey: "test-key-123", Prefix: "team-a"}, - }, - wantLen: 1, - validate: func(t *testing.T, auths []*coreauth.Auth) { - if auths[0].Provider != "gemini" { - t.Errorf("expected provider gemini, got %s", auths[0].Provider) - } - if auths[0].Prefix != "team-a" { - t.Errorf("expected prefix team-a, got %s", auths[0].Prefix) - } - if auths[0].Label != "gemini-apikey" { - t.Errorf("expected label gemini-apikey, got %s", auths[0].Label) - } - if auths[0].Attributes["api_key"] != "test-key-123" { - t.Errorf("expected api_key test-key-123, got %s", auths[0].Attributes["api_key"]) - } - if auths[0].Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", auths[0].Status) - } - }, - }, - { - name: "gemini key with base url and proxy", - geminiKeys: []config.GeminiKey{ - { - APIKey: "api-key", - BaseURL: "https://custom.api.com", - ProxyURL: "http://proxy.local:8080", - Prefix: "custom", - }, - }, - wantLen: 1, - validate: func(t *testing.T, auths []*coreauth.Auth) { - if auths[0].Attributes["base_url"] != "https://custom.api.com" { - t.Errorf("expected base_url https://custom.api.com, got %s", auths[0].Attributes["base_url"]) - } - if auths[0].ProxyURL != "http://proxy.local:8080" { - t.Errorf("expected proxy_url http://proxy.local:8080, got %s", auths[0].ProxyURL) - } - }, - }, - { - name: "gemini key with headers", - geminiKeys: []config.GeminiKey{ - { - APIKey: "api-key", - Headers: map[string]string{"X-Custom": "value"}, - }, - }, - wantLen: 1, - validate: func(t *testing.T, auths []*coreauth.Auth) { - if auths[0].Attributes["header:X-Custom"] != "value" { - t.Errorf("expected header:X-Custom=value, got %s", auths[0].Attributes["header:X-Custom"]) - } - }, - }, - { - name: "empty api key skipped", - geminiKeys: []config.GeminiKey{ - {APIKey: ""}, - {APIKey: " "}, - {APIKey: "valid-key"}, - }, - wantLen: 1, - }, - { - name: "multiple gemini keys", - geminiKeys: []config.GeminiKey{ - {APIKey: "key-1", Prefix: "a"}, - {APIKey: "key-2", Prefix: "b"}, - {APIKey: "key-3", Prefix: "c"}, - }, - wantLen: 3, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - GeminiKey: tt.geminiKeys, - }, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != tt.wantLen { - t.Fatalf("expected %d auths, got %d", tt.wantLen, len(auths)) - } - - if tt.validate != nil && len(auths) > 0 { - tt.validate(t, auths) - } - }) - } -} - -func TestConfigSynthesizer_ClaudeKeys(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - ClaudeKey: []config.ClaudeKey{ - { - APIKey: "sk-ant-api-xxx", - Prefix: "main", - BaseURL: "https://api.anthropic.com", - Models: []config.ClaudeModel{ - {Name: "claude-3-opus"}, - {Name: "claude-3-sonnet"}, - }, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "claude" { - t.Errorf("expected provider claude, got %s", auths[0].Provider) - } - if auths[0].Label != "claude-apikey" { - t.Errorf("expected label claude-apikey, got %s", auths[0].Label) - } - if auths[0].Prefix != "main" { - t.Errorf("expected prefix main, got %s", auths[0].Prefix) - } - if auths[0].Attributes["api_key"] != "sk-ant-api-xxx" { - t.Errorf("expected api_key sk-ant-api-xxx, got %s", auths[0].Attributes["api_key"]) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in attributes") - } -} - -func TestConfigSynthesizer_ClaudeKeys_SkipsEmptyAndHeaders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - ClaudeKey: []config.ClaudeKey{ - {APIKey: ""}, // empty, should be skipped - {APIKey: " "}, // whitespace, should be skipped - {APIKey: "valid-key", Headers: map[string]string{"X-Custom": "value"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth (empty keys skipped), got %d", len(auths)) - } - if auths[0].Attributes["header:X-Custom"] != "value" { - t.Errorf("expected header:X-Custom=value, got %s", auths[0].Attributes["header:X-Custom"]) - } -} - -func TestConfigSynthesizer_CodexKeys(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - CodexKey: []config.CodexKey{ - { - APIKey: "codex-key-123", - Prefix: "dev", - BaseURL: "https://api.openai.com", - ProxyURL: "http://proxy.local", - Websockets: true, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "codex" { - t.Errorf("expected provider codex, got %s", auths[0].Provider) - } - if auths[0].Label != "codex-apikey" { - t.Errorf("expected label codex-apikey, got %s", auths[0].Label) - } - if auths[0].ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", auths[0].ProxyURL) - } - if auths[0].Attributes["websockets"] != "true" { - t.Errorf("expected websockets=true, got %s", auths[0].Attributes["websockets"]) - } -} - -func TestConfigSynthesizer_CodexKeys_SkipsEmptyAndHeaders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - CodexKey: []config.CodexKey{ - {APIKey: ""}, // empty, should be skipped - {APIKey: " "}, // whitespace, should be skipped - {APIKey: "valid-key", Headers: map[string]string{"Authorization": "Bearer xyz"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth (empty keys skipped), got %d", len(auths)) - } - if auths[0].Attributes["header:Authorization"] != "Bearer xyz" { - t.Errorf("expected header:Authorization=Bearer xyz, got %s", auths[0].Attributes["header:Authorization"]) - } -} - -func TestConfigSynthesizer_OpenAICompat(t *testing.T) { - tests := []struct { - name string - compat []config.OpenAICompatibility - wantLen int - }{ - { - name: "with APIKeyEntries", - compat: []config.OpenAICompatibility{ - { - Name: "CustomProvider", - BaseURL: "https://custom.api.com", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-1"}, - {APIKey: "key-2"}, - }, - }, - }, - wantLen: 2, - }, - { - name: "empty APIKeyEntries included (legacy)", - compat: []config.OpenAICompatibility{ - { - Name: "EmptyKeys", - BaseURL: "https://empty.api.com", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: ""}, - {APIKey: " "}, - }, - }, - }, - wantLen: 2, - }, - { - name: "without APIKeyEntries (fallback)", - compat: []config.OpenAICompatibility{ - { - Name: "NoKeyProvider", - BaseURL: "https://no-key.api.com", - }, - }, - wantLen: 1, - }, - { - name: "empty name defaults", - compat: []config.OpenAICompatibility{ - { - Name: "", - BaseURL: "https://default.api.com", - }, - }, - wantLen: 1, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: tt.compat, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != tt.wantLen { - t.Fatalf("expected %d auths, got %d", tt.wantLen, len(auths)) - } - }) - } -} - -func TestConfigSynthesizer_VertexCompat(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - VertexCompatAPIKey: []config.VertexCompatKey{ - { - APIKey: "vertex-key-123", - BaseURL: "https://vertex.googleapis.com", - Prefix: "vertex-prod", - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "vertex" { - t.Errorf("expected provider vertex, got %s", auths[0].Provider) - } - if auths[0].Label != "vertex-apikey" { - t.Errorf("expected label vertex-apikey, got %s", auths[0].Label) - } - if auths[0].Prefix != "vertex-prod" { - t.Errorf("expected prefix vertex-prod, got %s", auths[0].Prefix) - } -} - -func TestConfigSynthesizer_VertexCompat_SkipsEmptyAndHeaders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "", BaseURL: "https://vertex.api"}, // empty key creates auth without api_key attr - {APIKey: " ", BaseURL: "https://vertex.api"}, // whitespace key creates auth without api_key attr - {APIKey: "valid-key", BaseURL: "https://vertex.api", Headers: map[string]string{"X-Vertex": "test"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - // Vertex compat doesn't skip empty keys - it creates auths without api_key attribute - if len(auths) != 3 { - t.Fatalf("expected 3 auths, got %d", len(auths)) - } - // First two should not have api_key attribute - if _, ok := auths[0].Attributes["api_key"]; ok { - t.Error("expected first auth to not have api_key attribute") - } - if _, ok := auths[1].Attributes["api_key"]; ok { - t.Error("expected second auth to not have api_key attribute") - } - // Third should have headers - if auths[2].Attributes["header:X-Vertex"] != "test" { - t.Errorf("expected header:X-Vertex=test, got %s", auths[2].Attributes["header:X-Vertex"]) - } -} - -func TestConfigSynthesizer_OpenAICompat_WithModelsHash(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "TestProvider", - BaseURL: "https://test.api.com", - Models: []config.OpenAICompatibilityModel{ - {Name: "model-a"}, - {Name: "model-b"}, - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-with-models"}, - }, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in attributes") - } - if auths[0].Attributes["api_key"] != "key-with-models" { - t.Errorf("expected api_key key-with-models, got %s", auths[0].Attributes["api_key"]) - } -} - -func TestConfigSynthesizer_OpenAICompat_FallbackWithModels(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "NoKeyWithModels", - BaseURL: "https://nokey.api.com", - Models: []config.OpenAICompatibilityModel{ - {Name: "model-x"}, - }, - Headers: map[string]string{"X-API": "header-value"}, - // No APIKeyEntries - should use fallback path - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in fallback path") - } - if auths[0].Attributes["header:X-API"] != "header-value" { - t.Errorf("expected header:X-API=header-value, got %s", auths[0].Attributes["header:X-API"]) - } -} - -func TestConfigSynthesizer_VertexCompat_WithModels(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - VertexCompatAPIKey: []config.VertexCompatKey{ - { - APIKey: "vertex-key", - BaseURL: "https://vertex.api", - Models: []config.VertexCompatModel{ - {Name: "gemini-pro", Alias: "pro"}, - {Name: "gemini-ultra", Alias: "ultra"}, - }, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in vertex auth with models") - } -} - -func TestConfigSynthesizer_IDStability(t *testing.T) { - cfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "stable-key", Prefix: "test"}, - }, - } - - // Generate IDs twice with fresh generators - synth1 := NewConfigSynthesizer() - ctx1 := &SynthesisContext{ - Config: cfg, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - auths1, _ := synth1.Synthesize(ctx1) - - synth2 := NewConfigSynthesizer() - ctx2 := &SynthesisContext{ - Config: cfg, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - auths2, _ := synth2.Synthesize(ctx2) - - if auths1[0].ID != auths2[0].ID { - t.Errorf("same config should produce same ID: got %q and %q", auths1[0].ID, auths2[0].ID) - } -} - -func TestConfigSynthesizer_AllProviders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "gemini-key"}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "claude-key"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "codex-key"}, - }, - OpenAICompatibility: []config.OpenAICompatibility{ - {Name: "compat", BaseURL: "https://compat.api"}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "vertex-key", BaseURL: "https://vertex.api"}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 5 { - t.Fatalf("expected 5 auths, got %d", len(auths)) - } - - providers := make(map[string]bool) - for _, a := range auths { - providers[a.Provider] = true - } - - expected := []string{"gemini", "claude", "codex", "compat", "vertex"} - for _, p := range expected { - if !providers[p] { - t.Errorf("expected provider %s not found", p) - } - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/context.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/context.go deleted file mode 100644 index d973289a3a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/context.go +++ /dev/null @@ -1,19 +0,0 @@ -package synthesizer - -import ( - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -// SynthesisContext provides the context needed for auth synthesis. -type SynthesisContext struct { - // Config is the current configuration - Config *config.Config - // AuthDir is the directory containing auth files - AuthDir string - // Now is the current time for timestamps - Now time.Time - // IDGenerator generates stable IDs for auth entries - IDGenerator *StableIDGenerator -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/file.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/file.go deleted file mode 100644 index 4e05311703..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/file.go +++ /dev/null @@ -1,298 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/runtime/geminicli" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// FileSynthesizer generates Auth entries from OAuth JSON files. -// It handles file-based authentication and Gemini virtual auth generation. -type FileSynthesizer struct{} - -// NewFileSynthesizer creates a new FileSynthesizer instance. -func NewFileSynthesizer() *FileSynthesizer { - return &FileSynthesizer{} -} - -// Synthesize generates Auth entries from auth files in the auth directory. -func (s *FileSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 16) - if ctx == nil || ctx.AuthDir == "" { - return out, nil - } - - entries, err := os.ReadDir(ctx.AuthDir) - if err != nil { - // Not an error if directory doesn't exist - return out, nil - } - - now := ctx.Now - cfg := ctx.Config - - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full := filepath.Join(ctx.AuthDir, name) - data, errRead := os.ReadFile(full) - if errRead != nil || len(data) == 0 { - continue - } - var metadata map[string]any - if errUnmarshal := json.Unmarshal(data, &metadata); errUnmarshal != nil { - continue - } - t, _ := metadata["type"].(string) - if t == "" { - continue - } - provider := strings.ToLower(t) - if provider == "gemini" { - provider = "gemini-cli" - } - label := provider - if email, _ := metadata["email"].(string); email != "" { - label = email - } - // Use relative path under authDir as ID to stay consistent with the file-based token store - id := full - if rel, errRel := filepath.Rel(ctx.AuthDir, full); errRel == nil && rel != "" { - id = rel - } - - proxyURL := "" - if p, ok := metadata["proxy_url"].(string); ok { - proxyURL = p - } - - prefix := "" - if rawPrefix, ok := metadata["prefix"].(string); ok { - trimmed := strings.TrimSpace(rawPrefix) - trimmed = strings.Trim(trimmed, "/") - if trimmed != "" && !strings.Contains(trimmed, "/") { - prefix = trimmed - } - } - - disabled, _ := metadata["disabled"].(bool) - status := coreauth.StatusActive - if disabled { - status = coreauth.StatusDisabled - } - - // Read per-account excluded models from the OAuth JSON file - perAccountExcluded := extractExcludedModelsFromMetadata(metadata) - - a := &coreauth.Auth{ - ID: id, - Provider: provider, - Label: label, - Prefix: prefix, - Status: status, - Disabled: disabled, - Attributes: map[string]string{ - "source": full, - "path": full, - }, - ProxyURL: proxyURL, - Metadata: metadata, - CreatedAt: now, - UpdatedAt: now, - } - // Read priority from auth file - if rawPriority, ok := metadata["priority"]; ok { - switch v := rawPriority.(type) { - case float64: - a.Attributes["priority"] = strconv.Itoa(int(v)) - case string: - priority := strings.TrimSpace(v) - if _, errAtoi := strconv.Atoi(priority); errAtoi == nil { - a.Attributes["priority"] = priority - } - } - } - ApplyAuthExcludedModelsMeta(a, cfg, perAccountExcluded, "oauth") - if provider == "gemini-cli" { - if virtuals := SynthesizeGeminiVirtualAuths(a, metadata, now); len(virtuals) > 0 { - for _, v := range virtuals { - ApplyAuthExcludedModelsMeta(v, cfg, perAccountExcluded, "oauth") - } - out = append(out, a) - out = append(out, virtuals...) - continue - } - } - out = append(out, a) - } - return out, nil -} - -// SynthesizeGeminiVirtualAuths creates virtual Auth entries for multi-project Gemini credentials. -// It disables the primary auth and creates one virtual auth per project. -func SynthesizeGeminiVirtualAuths(primary *coreauth.Auth, metadata map[string]any, now time.Time) []*coreauth.Auth { - if primary == nil || metadata == nil { - return nil - } - projects := splitGeminiProjectIDs(metadata) - if len(projects) <= 1 { - return nil - } - email, _ := metadata["email"].(string) - shared := geminicli.NewSharedCredential(primary.ID, email, metadata, projects) - primary.Disabled = true - primary.Status = coreauth.StatusDisabled - primary.Runtime = shared - if primary.Attributes == nil { - primary.Attributes = make(map[string]string) - } - primary.Attributes["gemini_virtual_primary"] = "true" - primary.Attributes["virtual_children"] = strings.Join(projects, ",") - source := primary.Attributes["source"] - authPath := primary.Attributes["path"] - originalProvider := primary.Provider - if originalProvider == "" { - originalProvider = "gemini-cli" - } - label := primary.Label - if label == "" { - label = originalProvider - } - virtuals := make([]*coreauth.Auth, 0, len(projects)) - for _, projectID := range projects { - attrs := map[string]string{ - "runtime_only": "true", - "gemini_virtual_parent": primary.ID, - "gemini_virtual_project": projectID, - } - if source != "" { - attrs["source"] = source - } - if authPath != "" { - attrs["path"] = authPath - } - // Propagate priority from primary auth to virtual auths - if priorityVal, hasPriority := primary.Attributes["priority"]; hasPriority && priorityVal != "" { - attrs["priority"] = priorityVal - } - metadataCopy := map[string]any{ - "email": email, - "project_id": projectID, - "virtual": true, - "virtual_parent_id": primary.ID, - "type": metadata["type"], - } - if v, ok := metadata["disable_cooling"]; ok { - metadataCopy["disable_cooling"] = v - } else if v, ok := metadata["disable-cooling"]; ok { - metadataCopy["disable_cooling"] = v - } - if v, ok := metadata["request_retry"]; ok { - metadataCopy["request_retry"] = v - } else if v, ok := metadata["request-retry"]; ok { - metadataCopy["request_retry"] = v - } - proxy := strings.TrimSpace(primary.ProxyURL) - if proxy != "" { - metadataCopy["proxy_url"] = proxy - } - virtual := &coreauth.Auth{ - ID: buildGeminiVirtualID(primary.ID, projectID), - Provider: originalProvider, - Label: fmt.Sprintf("%s [%s]", label, projectID), - Status: coreauth.StatusActive, - Attributes: attrs, - Metadata: metadataCopy, - ProxyURL: primary.ProxyURL, - Prefix: primary.Prefix, - CreatedAt: primary.CreatedAt, - UpdatedAt: primary.UpdatedAt, - Runtime: geminicli.NewVirtualCredential(projectID, shared), - } - virtuals = append(virtuals, virtual) - } - return virtuals -} - -// splitGeminiProjectIDs extracts and deduplicates project IDs from metadata. -func splitGeminiProjectIDs(metadata map[string]any) []string { - raw, _ := metadata["project_id"].(string) - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return nil - } - parts := strings.Split(trimmed, ",") - result := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, ok := seen[id]; ok { - continue - } - seen[id] = struct{}{} - result = append(result, id) - } - return result -} - -// buildGeminiVirtualID constructs a virtual auth ID from base ID and project ID. -func buildGeminiVirtualID(baseID, projectID string) string { - project := strings.TrimSpace(projectID) - if project == "" { - project = "project" - } - replacer := strings.NewReplacer("/", "_", "\\", "_", " ", "_") - return fmt.Sprintf("%s::%s", baseID, replacer.Replace(project)) -} - -// extractExcludedModelsFromMetadata reads per-account excluded models from the OAuth JSON metadata. -// Supports both "excluded_models" and "excluded-models" keys, and accepts both []string and []interface{}. -func extractExcludedModelsFromMetadata(metadata map[string]any) []string { - if metadata == nil { - return nil - } - // Try both key formats - raw, ok := metadata["excluded_models"] - if !ok { - raw, ok = metadata["excluded-models"] - } - if !ok || raw == nil { - return nil - } - var stringSlice []string - switch v := raw.(type) { - case []string: - stringSlice = v - case []interface{}: - stringSlice = make([]string, 0, len(v)) - for _, item := range v { - if s, ok := item.(string); ok { - stringSlice = append(stringSlice, s) - } - } - default: - return nil - } - result := make([]string, 0, len(stringSlice)) - for _, s := range stringSlice { - if trimmed := strings.TrimSpace(s); trimmed != "" { - result = append(result, trimmed) - } - } - return result -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/file_test.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/file_test.go deleted file mode 100644 index 105d920747..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/file_test.go +++ /dev/null @@ -1,746 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "os" - "path/filepath" - "strings" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestNewFileSynthesizer(t *testing.T) { - synth := NewFileSynthesizer() - if synth == nil { - t.Fatal("expected non-nil synthesizer") - } -} - -func TestFileSynthesizer_Synthesize_NilContext(t *testing.T) { - synth := NewFileSynthesizer() - auths, err := synth.Synthesize(nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_EmptyAuthDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_NonExistentDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "/non/existent/path", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_ValidAuthFile(t *testing.T) { - tempDir := t.TempDir() - - // Create a valid auth file - authData := map[string]any{ - "type": "claude", - "email": "test@example.com", - "proxy_url": "http://proxy.local", - "prefix": "test-prefix", - "disable_cooling": true, - "request_retry": 2, - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "claude-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "claude" { - t.Errorf("expected provider claude, got %s", auths[0].Provider) - } - if auths[0].Label != "test@example.com" { - t.Errorf("expected label test@example.com, got %s", auths[0].Label) - } - if auths[0].Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", auths[0].Prefix) - } - if auths[0].ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", auths[0].ProxyURL) - } - if v, ok := auths[0].Metadata["disable_cooling"].(bool); !ok || !v { - t.Errorf("expected disable_cooling true, got %v", auths[0].Metadata["disable_cooling"]) - } - if v, ok := auths[0].Metadata["request_retry"].(float64); !ok || int(v) != 2 { - t.Errorf("expected request_retry 2, got %v", auths[0].Metadata["request_retry"]) - } - if auths[0].Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", auths[0].Status) - } -} - -func TestFileSynthesizer_Synthesize_GeminiProviderMapping(t *testing.T) { - tempDir := t.TempDir() - - // Gemini type should be mapped to gemini-cli - authData := map[string]any{ - "type": "gemini", - "email": "gemini@example.com", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "gemini-cli" { - t.Errorf("gemini should be mapped to gemini-cli, got %s", auths[0].Provider) - } -} - -func TestFileSynthesizer_Synthesize_SkipsInvalidFiles(t *testing.T) { - tempDir := t.TempDir() - - // Create various invalid files - _ = os.WriteFile(filepath.Join(tempDir, "not-json.txt"), []byte("text content"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "invalid.json"), []byte("not valid json"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "empty.json"), []byte(""), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "no-type.json"), []byte(`{"email": "test@example.com"}`), 0644) - - // Create one valid file - validData, _ := json.Marshal(map[string]any{"type": "claude", "email": "valid@example.com"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("only valid auth file should be processed, got %d", len(auths)) - } - if auths[0].Label != "valid@example.com" { - t.Errorf("expected label valid@example.com, got %s", auths[0].Label) - } -} - -func TestFileSynthesizer_Synthesize_SkipsDirectories(t *testing.T) { - tempDir := t.TempDir() - - // Create a subdirectory with a json file inside - subDir := filepath.Join(tempDir, "subdir.json") - err := os.Mkdir(subDir, 0755) - if err != nil { - t.Fatalf("failed to create subdir: %v", err) - } - - // Create a valid file in root - validData, _ := json.Marshal(map[string]any{"type": "claude"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_RelativeID(t *testing.T) { - tempDir := t.TempDir() - - authData := map[string]any{"type": "claude"} - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "my-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - // ID should be relative path - if auths[0].ID != "my-auth.json" { - t.Errorf("expected ID my-auth.json, got %s", auths[0].ID) - } -} - -func TestFileSynthesizer_Synthesize_PrefixValidation(t *testing.T) { - tests := []struct { - name string - prefix string - wantPrefix string - }{ - {"valid prefix", "myprefix", "myprefix"}, - {"prefix with slashes trimmed", "/myprefix/", "myprefix"}, - {"prefix with spaces trimmed", " myprefix ", "myprefix"}, - {"prefix with internal slash rejected", "my/prefix", ""}, - {"empty prefix", "", ""}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "prefix": tt.prefix, - } - data, _ := json.Marshal(authData) - _ = os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if auths[0].Prefix != tt.wantPrefix { - t.Errorf("expected prefix %q, got %q", tt.wantPrefix, auths[0].Prefix) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_PriorityParsing(t *testing.T) { - tests := []struct { - name string - priority any - want string - hasValue bool - }{ - { - name: "string with spaces", - priority: " 10 ", - want: "10", - hasValue: true, - }, - { - name: "number", - priority: 8, - want: "8", - hasValue: true, - }, - { - name: "invalid string", - priority: "1x", - hasValue: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "priority": tt.priority, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - value, ok := auths[0].Attributes["priority"] - if tt.hasValue { - if !ok { - t.Fatal("expected priority attribute to be set") - } - if value != tt.want { - t.Fatalf("expected priority %q, got %q", tt.want, value) - } - return - } - if ok { - t.Fatalf("expected priority attribute to be absent, got %q", value) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_OAuthExcludedModelsMerged(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "excluded_models": []string{"custom-model", "MODEL-B"}, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"shared", "model-b"}, - }, - }, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - got := auths[0].Attributes["excluded_models"] - want := "custom-model,model-b,shared" - if got != want { - t.Fatalf("expected excluded_models %q, got %q", want, got) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilInputs(t *testing.T) { - now := time.Now() - - if SynthesizeGeminiVirtualAuths(nil, nil, now) != nil { - t.Error("expected nil for nil primary") - } - if SynthesizeGeminiVirtualAuths(&coreauth.Auth{}, nil, now) != nil { - t.Error("expected nil for nil metadata") - } - if SynthesizeGeminiVirtualAuths(nil, map[string]any{}, now) != nil { - t.Error("expected nil for nil primary with metadata") - } -} - -func TestSynthesizeGeminiVirtualAuths_SingleProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "test-id", - Provider: "gemini-cli", - Label: "test@example.com", - } - metadata := map[string]any{ - "project_id": "single-project", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - if virtuals != nil { - t.Error("single project should not create virtuals") - } -} - -func TestSynthesizeGeminiVirtualAuths_MultiProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Prefix: "test-prefix", - ProxyURL: "http://proxy.local", - Attributes: map[string]string{ - "source": "test-source", - "path": "/path/to/auth", - }, - } - metadata := map[string]any{ - "project_id": "project-a, project-b, project-c", - "email": "test@example.com", - "type": "gemini", - "request_retry": 2, - "disable_cooling": true, - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 3 { - t.Fatalf("expected 3 virtuals, got %d", len(virtuals)) - } - - // Check primary is disabled - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } - if !strings.Contains(primary.Attributes["virtual_children"], "project-a") { - t.Error("expected virtual_children to contain project-a") - } - - // Check virtuals - projectIDs := []string{"project-a", "project-b", "project-c"} - for i, v := range virtuals { - if v.Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli, got %s", v.Provider) - } - if v.Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", v.Status) - } - if v.Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", v.Prefix) - } - if v.ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", v.ProxyURL) - } - if vv, ok := v.Metadata["disable_cooling"].(bool); !ok || !vv { - t.Errorf("expected disable_cooling true, got %v", v.Metadata["disable_cooling"]) - } - if vv, ok := v.Metadata["request_retry"].(int); !ok || vv != 2 { - t.Errorf("expected request_retry 2, got %v", v.Metadata["request_retry"]) - } - if v.Attributes["runtime_only"] != "true" { - t.Error("expected runtime_only=true") - } - if v.Attributes["gemini_virtual_parent"] != "primary-id" { - t.Errorf("expected gemini_virtual_parent=primary-id, got %s", v.Attributes["gemini_virtual_parent"]) - } - if v.Attributes["gemini_virtual_project"] != projectIDs[i] { - t.Errorf("expected gemini_virtual_project=%s, got %s", projectIDs[i], v.Attributes["gemini_virtual_project"]) - } - if !strings.Contains(v.Label, "["+projectIDs[i]+"]") { - t.Errorf("expected label to contain [%s], got %s", projectIDs[i], v.Label) - } - } -} - -func TestSynthesizeGeminiVirtualAuths_EmptyProviderAndLabel(t *testing.T) { - now := time.Now() - // Test with empty Provider and Label to cover fallback branches - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "", // empty provider - should default to gemini-cli - Label: "", // empty label - should default to provider - Attributes: map[string]string{}, - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "user@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - - // Check that empty provider defaults to gemini-cli - if virtuals[0].Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli (default), got %s", virtuals[0].Provider) - } - // Check that empty label defaults to provider - if !strings.Contains(virtuals[0].Label, "gemini-cli") { - t.Errorf("expected label to contain gemini-cli, got %s", virtuals[0].Label) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilPrimaryAttributes(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Attributes: nil, // nil attributes - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - // Nil attributes should be initialized - if primary.Attributes == nil { - t.Error("expected primary.Attributes to be initialized") - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } -} - -func TestSplitGeminiProjectIDs(t *testing.T) { - tests := []struct { - name string - metadata map[string]any - want []string - }{ - { - name: "single project", - metadata: map[string]any{"project_id": "proj-a"}, - want: []string{"proj-a"}, - }, - { - name: "multiple projects", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-c"}, - want: []string{"proj-a", "proj-b", "proj-c"}, - }, - { - name: "with duplicates", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-a"}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "with empty parts", - metadata: map[string]any{"project_id": "proj-a, , proj-b, "}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "empty project_id", - metadata: map[string]any{"project_id": ""}, - want: nil, - }, - { - name: "no project_id", - metadata: map[string]any{}, - want: nil, - }, - { - name: "whitespace only", - metadata: map[string]any{"project_id": " "}, - want: nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := splitGeminiProjectIDs(tt.metadata) - if len(got) != len(tt.want) { - t.Fatalf("expected %v, got %v", tt.want, got) - } - for i := range got { - if got[i] != tt.want[i] { - t.Errorf("expected %v, got %v", tt.want, got) - break - } - } - }) - } -} - -func TestFileSynthesizer_Synthesize_MultiProjectGemini(t *testing.T) { - tempDir := t.TempDir() - - // Create a gemini auth file with multiple projects - authData := map[string]any{ - "type": "gemini", - "email": "multi@example.com", - "project_id": "project-a, project-b, project-c", - "priority": " 10 ", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-multi.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - // Should have 4 auths: 1 primary (disabled) + 3 virtuals - if len(auths) != 4 { - t.Fatalf("expected 4 auths (1 primary + 3 virtuals), got %d", len(auths)) - } - - // First auth should be the primary (disabled) - primary := auths[0] - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if gotPriority := primary.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected primary priority 10, got %q", gotPriority) - } - - // Remaining auths should be virtuals - for i := 1; i < 4; i++ { - v := auths[i] - if v.Status != coreauth.StatusActive { - t.Errorf("expected virtual %d to be active, got %s", i, v.Status) - } - if v.Attributes["gemini_virtual_parent"] != primary.ID { - t.Errorf("expected virtual %d parent to be %s, got %s", i, primary.ID, v.Attributes["gemini_virtual_parent"]) - } - if gotPriority := v.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected virtual %d priority 10, got %q", i, gotPriority) - } - } -} - -func TestBuildGeminiVirtualID(t *testing.T) { - tests := []struct { - name string - baseID string - projectID string - want string - }{ - { - name: "basic", - baseID: "auth.json", - projectID: "my-project", - want: "auth.json::my-project", - }, - { - name: "with slashes", - baseID: "path/to/auth.json", - projectID: "project/with/slashes", - want: "path/to/auth.json::project_with_slashes", - }, - { - name: "with spaces", - baseID: "auth.json", - projectID: "my project", - want: "auth.json::my_project", - }, - { - name: "empty project", - baseID: "auth.json", - projectID: "", - want: "auth.json::project", - }, - { - name: "whitespace project", - baseID: "auth.json", - projectID: " ", - want: "auth.json::project", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := buildGeminiVirtualID(tt.baseID, tt.projectID) - if got != tt.want { - t.Errorf("expected %q, got %q", tt.want, got) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/helpers.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/helpers.go deleted file mode 100644 index 102dc77e22..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/helpers.go +++ /dev/null @@ -1,120 +0,0 @@ -package synthesizer - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/diff" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// StableIDGenerator generates stable, deterministic IDs for auth entries. -// It uses SHA256 hashing with collision handling via counters. -// It is not safe for concurrent use. -type StableIDGenerator struct { - counters map[string]int -} - -// NewStableIDGenerator creates a new StableIDGenerator instance. -func NewStableIDGenerator() *StableIDGenerator { - return &StableIDGenerator{counters: make(map[string]int)} -} - -// Next generates a stable ID based on the kind and parts. -// Returns the full ID (kind:hash) and the short hash portion. -func (g *StableIDGenerator) Next(kind string, parts ...string) (string, string) { - if g == nil { - return kind + ":000000000000", "000000000000" - } - hasher := sha256.New() - hasher.Write([]byte(kind)) - for _, part := range parts { - trimmed := strings.TrimSpace(part) - hasher.Write([]byte{0}) - hasher.Write([]byte(trimmed)) - } - digest := hex.EncodeToString(hasher.Sum(nil)) - if len(digest) < 12 { - digest = fmt.Sprintf("%012s", digest) - } - short := digest[:12] - key := kind + ":" + short - index := g.counters[key] - g.counters[key] = index + 1 - if index > 0 { - short = fmt.Sprintf("%s-%d", short, index) - } - return fmt.Sprintf("%s:%s", kind, short), short -} - -// ApplyAuthExcludedModelsMeta applies excluded models metadata to an auth entry. -// It computes a hash of excluded models and sets the auth_kind attribute. -// For OAuth entries, perKey (from the JSON file's excluded-models field) is merged -// with the global oauth-excluded-models config for the provider. -func ApplyAuthExcludedModelsMeta(auth *coreauth.Auth, cfg *config.Config, perKey []string, authKind string) { - if auth == nil || cfg == nil { - return - } - authKindKey := strings.ToLower(strings.TrimSpace(authKind)) - seen := make(map[string]struct{}) - add := func(list []string) { - for _, entry := range list { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - key := strings.ToLower(trimmed) - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - } - } - } - if authKindKey == "apikey" { - add(perKey) - } else { - // For OAuth: merge per-account excluded models with global provider-level exclusions - add(perKey) - if cfg.OAuthExcludedModels != nil { - providerKey := strings.ToLower(strings.TrimSpace(auth.Provider)) - add(cfg.OAuthExcludedModels[providerKey]) - } - } - combined := make([]string, 0, len(seen)) - for k := range seen { - combined = append(combined, k) - } - sort.Strings(combined) - hash := diff.ComputeExcludedModelsHash(combined) - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if hash != "" { - auth.Attributes["excluded_models_hash"] = hash - } - // Store the combined excluded models list so that routing can read it at runtime - if len(combined) > 0 { - auth.Attributes["excluded_models"] = strings.Join(combined, ",") - } - if authKind != "" { - auth.Attributes["auth_kind"] = authKind - } -} - -// addConfigHeadersToAttrs adds header configuration to auth attributes. -// Headers are prefixed with "header:" in the attributes map. -func addConfigHeadersToAttrs(headers map[string]string, attrs map[string]string) { - if len(headers) == 0 || attrs == nil { - return - } - for hk, hv := range headers { - key := strings.TrimSpace(hk) - val := strings.TrimSpace(hv) - if key == "" || val == "" { - continue - } - attrs["header:"+key] = val - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/helpers_test.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/helpers_test.go deleted file mode 100644 index 46b9c8a053..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/helpers_test.go +++ /dev/null @@ -1,289 +0,0 @@ -package synthesizer - -import ( - "reflect" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/diff" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestNewStableIDGenerator(t *testing.T) { - gen := NewStableIDGenerator() - if gen == nil { - t.Fatal("expected non-nil generator") - } - if gen.counters == nil { - t.Fatal("expected non-nil counters map") - } -} - -func TestStableIDGenerator_Next(t *testing.T) { - tests := []struct { - name string - kind string - parts []string - wantPrefix string - }{ - { - name: "basic gemini apikey", - kind: "gemini:apikey", - parts: []string{"test-key", ""}, - wantPrefix: "gemini:apikey:", - }, - { - name: "claude with base url", - kind: "claude:apikey", - parts: []string{"sk-ant-xxx", "https://api.anthropic.com"}, - wantPrefix: "claude:apikey:", - }, - { - name: "empty parts", - kind: "codex:apikey", - parts: []string{}, - wantPrefix: "codex:apikey:", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - gen := NewStableIDGenerator() - id, short := gen.Next(tt.kind, tt.parts...) - - if !strings.Contains(id, tt.wantPrefix) { - t.Errorf("expected id to contain %q, got %q", tt.wantPrefix, id) - } - if short == "" { - t.Error("expected non-empty short id") - } - if len(short) != 12 { - t.Errorf("expected short id length 12, got %d", len(short)) - } - }) - } -} - -func TestStableIDGenerator_Stability(t *testing.T) { - gen1 := NewStableIDGenerator() - gen2 := NewStableIDGenerator() - - id1, _ := gen1.Next("gemini:apikey", "test-key", "https://api.example.com") - id2, _ := gen2.Next("gemini:apikey", "test-key", "https://api.example.com") - - if id1 != id2 { - t.Errorf("same inputs should produce same ID: got %q and %q", id1, id2) - } -} - -func TestStableIDGenerator_CollisionHandling(t *testing.T) { - gen := NewStableIDGenerator() - - id1, short1 := gen.Next("gemini:apikey", "same-key") - id2, short2 := gen.Next("gemini:apikey", "same-key") - - if id1 == id2 { - t.Error("collision should be handled with suffix") - } - if short1 == short2 { - t.Error("short ids should differ") - } - if !strings.Contains(short2, "-1") { - t.Errorf("second short id should contain -1 suffix, got %q", short2) - } -} - -func TestStableIDGenerator_NilReceiver(t *testing.T) { - var gen *StableIDGenerator = nil - id, short := gen.Next("test:kind", "part") - - if id != "test:kind:000000000000" { - t.Errorf("expected test:kind:000000000000, got %q", id) - } - if short != "000000000000" { - t.Errorf("expected 000000000000, got %q", short) - } -} - -func TestApplyAuthExcludedModelsMeta(t *testing.T) { - tests := []struct { - name string - auth *coreauth.Auth - cfg *config.Config - perKey []string - authKind string - wantHash bool - wantKind string - }{ - { - name: "apikey with excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "model-b"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "oauth with provider excluded models", - auth: &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - }, - cfg: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"claude-2.0"}, - }, - }, - perKey: nil, - authKind: "oauth", - wantHash: true, - wantKind: "oauth", - }, - { - name: "nil auth", - auth: nil, - cfg: &config.Config{}, - }, - { - name: "nil config", - auth: &coreauth.Auth{Provider: "test"}, - cfg: nil, - authKind: "apikey", - }, - { - name: "nil attributes initialized", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: nil, - }, - cfg: &config.Config{}, - perKey: []string{"model-x"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "apikey with duplicate excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "MODEL-A", "model-b", "model-a"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - ApplyAuthExcludedModelsMeta(tt.auth, tt.cfg, tt.perKey, tt.authKind) - - if tt.auth != nil && tt.cfg != nil { - if tt.wantHash { - if _, ok := tt.auth.Attributes["excluded_models_hash"]; !ok { - t.Error("expected excluded_models_hash in attributes") - } - } - if tt.wantKind != "" { - if got := tt.auth.Attributes["auth_kind"]; got != tt.wantKind { - t.Errorf("expected auth_kind=%s, got %s", tt.wantKind, got) - } - } - } - }) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthMergeWritesCombinedModels(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"global-a", "shared"}, - }, - } - - ApplyAuthExcludedModelsMeta(auth, cfg, []string{"per", "SHARED"}, "oauth") - - const wantCombined = "global-a,per,shared" - if gotCombined := auth.Attributes["excluded_models"]; gotCombined != wantCombined { - t.Fatalf("expected excluded_models=%q, got %q", wantCombined, gotCombined) - } - - expectedHash := diff.ComputeExcludedModelsHash([]string{"global-a", "per", "shared"}) - if gotHash := auth.Attributes["excluded_models_hash"]; gotHash != expectedHash { - t.Fatalf("expected excluded_models_hash=%q, got %q", expectedHash, gotHash) - } -} - -func TestAddConfigHeadersToAttrs(t *testing.T) { - tests := []struct { - name string - headers map[string]string - attrs map[string]string - want map[string]string - }{ - { - name: "basic headers", - headers: map[string]string{ - "Authorization": "Bearer token", - "X-Custom": "value", - }, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{ - "existing": "key", - "header:Authorization": "Bearer token", - "header:X-Custom": "value", - }, - }, - { - name: "empty headers", - headers: map[string]string{}, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil headers", - headers: nil, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil attrs", - headers: map[string]string{"key": "value"}, - attrs: nil, - want: nil, - }, - { - name: "skip empty keys and values", - headers: map[string]string{ - "": "value", - "key": "", - " ": "value", - "valid": "valid-value", - }, - attrs: make(map[string]string), - want: map[string]string{ - "header:valid": "valid-value", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - addConfigHeadersToAttrs(tt.headers, tt.attrs) - if !reflect.DeepEqual(tt.attrs, tt.want) { - t.Errorf("expected %v, got %v", tt.want, tt.attrs) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/interface.go b/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/interface.go deleted file mode 100644 index 1a9aedc965..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/synthesizer/interface.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package synthesizer provides auth synthesis strategies for the watcher package. -// It implements the Strategy pattern to support multiple auth sources: -// - ConfigSynthesizer: generates Auth entries from config API keys -// - FileSynthesizer: generates Auth entries from OAuth JSON files -package synthesizer - -import ( - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// AuthSynthesizer defines the interface for generating Auth entries from various sources. -type AuthSynthesizer interface { - // Synthesize generates Auth entries from the given context. - // Returns a slice of Auth pointers and any error encountered. - Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/watcher.go b/.worktrees/config/m/config-build/active/internal/watcher/watcher.go deleted file mode 100644 index a451ef6eff..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/watcher.go +++ /dev/null @@ -1,256 +0,0 @@ -// Package watcher watches config/auth files and triggers hot reloads. -// It supports cross-platform fsnotify event handling. -package watcher - -import ( - "context" - "strings" - "sync" - "time" - - "github.com/fsnotify/fsnotify" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "gopkg.in/yaml.v3" - - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// storePersister captures persistence-capable token store methods used by the watcher. -type storePersister interface { - PersistConfig(ctx context.Context) error - PersistAuthFiles(ctx context.Context, message string, paths ...string) error -} - -type authDirProvider interface { - AuthDir() string -} - -// Watcher manages file watching for configuration and authentication files -type Watcher struct { - configPath string - authDir string - config *config.Config - clientsMutex sync.RWMutex - configReloadMu sync.Mutex - configReloadTimer *time.Timer - reloadCallback func(*config.Config) - watcher *fsnotify.Watcher - lastAuthHashes map[string]string - lastAuthContents map[string]*coreauth.Auth - lastRemoveTimes map[string]time.Time - lastConfigHash string - authQueue chan<- AuthUpdate - currentAuths map[string]*coreauth.Auth - runtimeAuths map[string]*coreauth.Auth - dispatchMu sync.Mutex - dispatchCond *sync.Cond - pendingUpdates map[string]AuthUpdate - pendingOrder []string - dispatchCancel context.CancelFunc - storePersister storePersister - mirroredAuthDir string - oldConfigYaml []byte -} - -// AuthUpdateAction represents the type of change detected in auth sources. -type AuthUpdateAction string - -const ( - AuthUpdateActionAdd AuthUpdateAction = "add" - AuthUpdateActionModify AuthUpdateAction = "modify" - AuthUpdateActionDelete AuthUpdateAction = "delete" -) - -// AuthUpdate describes an incremental change to auth configuration. -type AuthUpdate struct { - Action AuthUpdateAction - ID string - Auth *coreauth.Auth -} - -const ( - // replaceCheckDelay is a short delay to allow atomic replace (rename) to settle - // before deciding whether a Remove event indicates a real deletion. - replaceCheckDelay = 50 * time.Millisecond - configReloadDebounce = 150 * time.Millisecond - authRemoveDebounceWindow = 1 * time.Second -) - -// NewWatcher creates a new file watcher instance -func NewWatcher(configPath, authDir string, reloadCallback func(*config.Config)) (*Watcher, error) { - watcher, errNewWatcher := fsnotify.NewWatcher() - if errNewWatcher != nil { - return nil, errNewWatcher - } - w := &Watcher{ - configPath: configPath, - authDir: authDir, - reloadCallback: reloadCallback, - watcher: watcher, - lastAuthHashes: make(map[string]string), - } - w.dispatchCond = sync.NewCond(&w.dispatchMu) - if store := sdkAuth.GetTokenStore(); store != nil { - if persister, ok := store.(storePersister); ok { - w.storePersister = persister - log.Debug("persistence-capable token store detected; watcher will propagate persisted changes") - } - if provider, ok := store.(authDirProvider); ok { - if fixed := strings.TrimSpace(provider.AuthDir()); fixed != "" { - w.mirroredAuthDir = fixed - log.Debugf("mirrored auth directory locked to %s", fixed) - } - } - } - return w, nil -} - -// Start begins watching the configuration file and authentication directory -func (w *Watcher) Start(ctx context.Context) error { - return w.start(ctx) -} - -// Stop stops the file watcher -func (w *Watcher) Stop() error { - w.stopDispatch() - w.stopConfigReloadTimer() - return w.watcher.Close() -} - -// SetConfig updates the current configuration -func (w *Watcher) SetConfig(cfg *config.Config) { - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - w.config = cfg - w.oldConfigYaml, _ = yaml.Marshal(cfg) -} - -// SetAuthUpdateQueue sets the queue used to emit auth updates. -func (w *Watcher) SetAuthUpdateQueue(queue chan<- AuthUpdate) { - w.setAuthUpdateQueue(queue) -} - -// DispatchRuntimeAuthUpdate allows external runtime providers (e.g., websocket-driven auths) -// to push auth updates through the same queue used by file/config watchers. -// Returns true if the update was enqueued; false if no queue is configured. -func (w *Watcher) DispatchRuntimeAuthUpdate(update AuthUpdate) bool { - return w.dispatchRuntimeAuthUpdate(update) -} - -// SnapshotCoreAuths converts current clients snapshot into core auth entries. -func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth { - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - return snapshotCoreAuths(cfg, w.authDir) -} - -// NotifyTokenRefreshed 处理后台刷新器的 token 更新通知 -// 当后台刷新器成功刷新 token 后调用此方法,更新内存中的 Auth 对象 -// tokenID: token 文件名(如 kiro-xxx.json) -// accessToken: 新的 access token -// refreshToken: 新的 refresh token -// expiresAt: 新的过期时间 -func (w *Watcher) NotifyTokenRefreshed(tokenID, accessToken, refreshToken, expiresAt string) { - if w == nil { - return - } - - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - - // 遍历 currentAuths,找到匹配的 Auth 并更新 - updated := false - for id, auth := range w.currentAuths { - if auth == nil || auth.Metadata == nil { - continue - } - - // 检查是否是 kiro 类型的 auth - authType, _ := auth.Metadata["type"].(string) - if authType != "kiro" { - continue - } - - // 多种匹配方式,解决不同来源的 auth 对象字段差异 - matched := false - - // 1. 通过 auth.ID 匹配(ID 可能包含文件名) - if !matched && auth.ID != "" { - if auth.ID == tokenID || strings.HasSuffix(auth.ID, "/"+tokenID) || strings.HasSuffix(auth.ID, "\\"+tokenID) { - matched = true - } - // ID 可能是 "kiro-xxx" 格式(无扩展名),tokenID 是 "kiro-xxx.json" - if !matched && strings.TrimSuffix(tokenID, ".json") == auth.ID { - matched = true - } - } - - // 2. 通过 auth.Attributes["path"] 匹配 - if !matched && auth.Attributes != nil { - if authPath := auth.Attributes["path"]; authPath != "" { - // 提取文件名部分进行比较 - pathBase := authPath - if idx := strings.LastIndexAny(authPath, "/\\"); idx >= 0 { - pathBase = authPath[idx+1:] - } - if pathBase == tokenID || strings.TrimSuffix(pathBase, ".json") == strings.TrimSuffix(tokenID, ".json") { - matched = true - } - } - } - - // 3. 通过 auth.FileName 匹配(原有逻辑) - if !matched && auth.FileName != "" { - if auth.FileName == tokenID || strings.HasSuffix(auth.FileName, "/"+tokenID) || strings.HasSuffix(auth.FileName, "\\"+tokenID) { - matched = true - } - } - - if matched { - // 更新内存中的 token - auth.Metadata["access_token"] = accessToken - auth.Metadata["refresh_token"] = refreshToken - auth.Metadata["expires_at"] = expiresAt - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.UpdatedAt = time.Now() - auth.LastRefreshedAt = time.Now() - - log.Infof("watcher: updated in-memory auth for token %s (auth ID: %s)", tokenID, id) - updated = true - - // 同时更新 runtimeAuths 中的副本(如果存在) - if w.runtimeAuths != nil { - if runtimeAuth, ok := w.runtimeAuths[id]; ok && runtimeAuth != nil { - if runtimeAuth.Metadata == nil { - runtimeAuth.Metadata = make(map[string]any) - } - runtimeAuth.Metadata["access_token"] = accessToken - runtimeAuth.Metadata["refresh_token"] = refreshToken - runtimeAuth.Metadata["expires_at"] = expiresAt - runtimeAuth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - runtimeAuth.UpdatedAt = time.Now() - runtimeAuth.LastRefreshedAt = time.Now() - } - } - - // 发送更新通知到 authQueue - if w.authQueue != nil { - go func(authClone *coreauth.Auth) { - update := AuthUpdate{ - Action: AuthUpdateActionModify, - ID: authClone.ID, - Auth: authClone, - } - w.dispatchAuthUpdates([]AuthUpdate{update}) - }(auth.Clone()) - } - } - } - - if !updated { - log.Debugf("watcher: no matching auth found for token %s, will be picked up on next file scan", tokenID) - } -} diff --git a/.worktrees/config/m/config-build/active/internal/watcher/watcher_test.go b/.worktrees/config/m/config-build/active/internal/watcher/watcher_test.go deleted file mode 100644 index 29113f5947..0000000000 --- a/.worktrees/config/m/config-build/active/internal/watcher/watcher_test.go +++ /dev/null @@ -1,1490 +0,0 @@ -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "testing" - "time" - - "github.com/fsnotify/fsnotify" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/diff" - "github.com/router-for-me/CLIProxyAPI/v6/internal/watcher/synthesizer" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "gopkg.in/yaml.v3" -) - -func TestApplyAuthExcludedModelsMeta_APIKey(t *testing.T) { - auth := &coreauth.Auth{Attributes: map[string]string{}} - cfg := &config.Config{} - perKey := []string{" Model-1 ", "model-2"} - - synthesizer.ApplyAuthExcludedModelsMeta(auth, cfg, perKey, "apikey") - - expected := diff.ComputeExcludedModelsHash([]string{"model-1", "model-2"}) - if got := auth.Attributes["excluded_models_hash"]; got != expected { - t.Fatalf("expected hash %s, got %s", expected, got) - } - if got := auth.Attributes["auth_kind"]; got != "apikey" { - t.Fatalf("expected auth_kind=apikey, got %s", got) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthProvider(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "TestProv", - Attributes: map[string]string{}, - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "testprov": {"A", "b"}, - }, - } - - synthesizer.ApplyAuthExcludedModelsMeta(auth, cfg, nil, "oauth") - - expected := diff.ComputeExcludedModelsHash([]string{"a", "b"}) - if got := auth.Attributes["excluded_models_hash"]; got != expected { - t.Fatalf("expected hash %s, got %s", expected, got) - } - if got := auth.Attributes["auth_kind"]; got != "oauth" { - t.Fatalf("expected auth_kind=oauth, got %s", got) - } -} - -func TestBuildAPIKeyClientsCounts(t *testing.T) { - cfg := &config.Config{ - GeminiKey: []config.GeminiKey{{APIKey: "g1"}, {APIKey: "g2"}}, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1"}, - }, - ClaudeKey: []config.ClaudeKey{{APIKey: "c1"}}, - CodexKey: []config.CodexKey{{APIKey: "x1"}, {APIKey: "x2"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - {APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "o1"}, {APIKey: "o2"}}}, - }, - } - - gemini, vertex, claude, codex, compat := BuildAPIKeyClients(cfg) - if gemini != 2 || vertex != 1 || claude != 1 || codex != 2 || compat != 2 { - t.Fatalf("unexpected counts: %d %d %d %d %d", gemini, vertex, claude, codex, compat) - } -} - -func TestNormalizeAuthStripsTemporalFields(t *testing.T) { - now := time.Now() - auth := &coreauth.Auth{ - CreatedAt: now, - UpdatedAt: now, - LastRefreshedAt: now, - NextRefreshAfter: now, - Quota: coreauth.QuotaState{ - NextRecoverAt: now, - }, - Runtime: map[string]any{"k": "v"}, - } - - normalized := normalizeAuth(auth) - if !normalized.CreatedAt.IsZero() || !normalized.UpdatedAt.IsZero() || !normalized.LastRefreshedAt.IsZero() || !normalized.NextRefreshAfter.IsZero() { - t.Fatal("expected time fields to be zeroed") - } - if normalized.Runtime != nil { - t.Fatal("expected runtime to be nil") - } - if !normalized.Quota.NextRecoverAt.IsZero() { - t.Fatal("expected quota.NextRecoverAt to be zeroed") - } -} - -func TestMatchProvider(t *testing.T) { - if _, ok := matchProvider("OpenAI", []string{"openai", "claude"}); !ok { - t.Fatal("expected match to succeed ignoring case") - } - if _, ok := matchProvider("missing", []string{"openai"}); ok { - t.Fatal("expected match to fail for unknown provider") - } -} - -func TestSnapshotCoreAuths_ConfigAndAuthFiles(t *testing.T) { - authDir := t.TempDir() - metadata := map[string]any{ - "type": "gemini", - "email": "user@example.com", - "project_id": "proj-a, proj-b", - "proxy_url": "https://proxy", - } - authFile := filepath.Join(authDir, "gemini.json") - data, err := json.Marshal(metadata) - if err != nil { - t.Fatalf("failed to marshal metadata: %v", err) - } - if err = os.WriteFile(authFile, data, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - cfg := &config.Config{ - AuthDir: authDir, - GeminiKey: []config.GeminiKey{ - { - APIKey: "g-key", - BaseURL: "https://gemini", - ExcludedModels: []string{"Model-A", "model-b"}, - Headers: map[string]string{"X-Req": "1"}, - }, - }, - OAuthExcludedModels: map[string][]string{ - "gemini-cli": {"Foo", "bar"}, - }, - } - - w := &Watcher{authDir: authDir} - w.SetConfig(cfg) - - auths := w.SnapshotCoreAuths() - if len(auths) != 4 { - t.Fatalf("expected 4 auth entries (1 config + 1 primary + 2 virtual), got %d", len(auths)) - } - - var geminiAPIKeyAuth *coreauth.Auth - var geminiPrimary *coreauth.Auth - virtuals := make([]*coreauth.Auth, 0) - for _, a := range auths { - switch { - case a.Provider == "gemini" && a.Attributes["api_key"] == "g-key": - geminiAPIKeyAuth = a - case a.Attributes["gemini_virtual_primary"] == "true": - geminiPrimary = a - case strings.TrimSpace(a.Attributes["gemini_virtual_parent"]) != "": - virtuals = append(virtuals, a) - } - } - if geminiAPIKeyAuth == nil { - t.Fatal("expected synthesized Gemini API key auth") - } - expectedAPIKeyHash := diff.ComputeExcludedModelsHash([]string{"Model-A", "model-b"}) - if geminiAPIKeyAuth.Attributes["excluded_models_hash"] != expectedAPIKeyHash { - t.Fatalf("expected API key excluded hash %s, got %s", expectedAPIKeyHash, geminiAPIKeyAuth.Attributes["excluded_models_hash"]) - } - if geminiAPIKeyAuth.Attributes["auth_kind"] != "apikey" { - t.Fatalf("expected auth_kind=apikey, got %s", geminiAPIKeyAuth.Attributes["auth_kind"]) - } - - if geminiPrimary == nil { - t.Fatal("expected primary gemini-cli auth from file") - } - if !geminiPrimary.Disabled || geminiPrimary.Status != coreauth.StatusDisabled { - t.Fatal("expected primary gemini-cli auth to be disabled when virtual auths are synthesized") - } - expectedOAuthHash := diff.ComputeExcludedModelsHash([]string{"Foo", "bar"}) - if geminiPrimary.Attributes["excluded_models_hash"] != expectedOAuthHash { - t.Fatalf("expected OAuth excluded hash %s, got %s", expectedOAuthHash, geminiPrimary.Attributes["excluded_models_hash"]) - } - if geminiPrimary.Attributes["auth_kind"] != "oauth" { - t.Fatalf("expected auth_kind=oauth, got %s", geminiPrimary.Attributes["auth_kind"]) - } - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtual auths, got %d", len(virtuals)) - } - for _, v := range virtuals { - if v.Attributes["gemini_virtual_parent"] != geminiPrimary.ID { - t.Fatalf("virtual auth missing parent link to %s", geminiPrimary.ID) - } - if v.Attributes["excluded_models_hash"] != expectedOAuthHash { - t.Fatalf("expected virtual excluded hash %s, got %s", expectedOAuthHash, v.Attributes["excluded_models_hash"]) - } - if v.Status != coreauth.StatusActive { - t.Fatalf("expected virtual auth to be active, got %s", v.Status) - } - } -} - -func TestReloadConfigIfChanged_TriggersOnChangeAndSkipsUnchanged(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - configPath := filepath.Join(tmpDir, "config.yaml") - writeConfig := func(port int, allowRemote bool) { - cfg := &config.Config{ - Port: port, - AuthDir: authDir, - RemoteManagement: config.RemoteManagement{ - AllowRemote: allowRemote, - }, - } - data, err := yaml.Marshal(cfg) - if err != nil { - t.Fatalf("failed to marshal config: %v", err) - } - if err = os.WriteFile(configPath, data, 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - } - - writeConfig(8080, false) - - reloads := 0 - w := &Watcher{ - configPath: configPath, - authDir: authDir, - reloadCallback: func(*config.Config) { reloads++ }, - } - - w.reloadConfigIfChanged() - if reloads != 1 { - t.Fatalf("expected first reload to trigger callback once, got %d", reloads) - } - - // Same content should be skipped by hash check. - w.reloadConfigIfChanged() - if reloads != 1 { - t.Fatalf("expected unchanged config to be skipped, callback count %d", reloads) - } - - writeConfig(9090, true) - w.reloadConfigIfChanged() - if reloads != 2 { - t.Fatalf("expected changed config to trigger reload, callback count %d", reloads) - } - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if w.config == nil || w.config.Port != 9090 || !w.config.RemoteManagement.AllowRemote { - t.Fatalf("expected config to be updated after reload, got %+v", w.config) - } -} - -func TestStartAndStopSuccess(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir), 0o644); err != nil { - t.Fatalf("failed to create config file: %v", err) - } - - var reloads int32 - w, err := NewWatcher(configPath, authDir, func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err != nil { - t.Fatalf("expected Start to succeed: %v", err) - } - cancel() - if err := w.Stop(); err != nil { - t.Fatalf("expected Stop to succeed: %v", err) - } - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected one reload callback, got %d", got) - } -} - -func TestStartFailsWhenConfigMissing(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "missing-config.yaml") - - w, err := NewWatcher(configPath, authDir, nil) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - defer w.Stop() - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err == nil { - t.Fatal("expected Start to fail for missing config file") - } -} - -func TestDispatchRuntimeAuthUpdateEnqueuesAndUpdatesState(t *testing.T) { - queue := make(chan AuthUpdate, 4) - w := &Watcher{} - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - auth := &coreauth.Auth{ID: "auth-1", Provider: "test"} - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionAdd, Auth: auth}); !ok { - t.Fatal("expected DispatchRuntimeAuthUpdate to enqueue") - } - - select { - case update := <-queue: - if update.Action != AuthUpdateActionAdd || update.Auth.ID != "auth-1" { - t.Fatalf("unexpected update: %+v", update) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for auth update") - } - - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionDelete, ID: "auth-1"}); !ok { - t.Fatal("expected delete update to enqueue") - } - select { - case update := <-queue: - if update.Action != AuthUpdateActionDelete || update.ID != "auth-1" { - t.Fatalf("unexpected delete update: %+v", update) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for delete update") - } - w.clientsMutex.RLock() - if _, exists := w.runtimeAuths["auth-1"]; exists { - w.clientsMutex.RUnlock() - t.Fatal("expected runtime auth to be cleared after delete") - } - w.clientsMutex.RUnlock() -} - -func TestAddOrUpdateClientSkipsUnchanged(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to create auth file: %v", err) - } - data, _ := os.ReadFile(authFile) - sum := sha256.Sum256(data) - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - // Use normalizeAuthPath to match how addOrUpdateClient stores the key - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - w.addOrUpdateClient(authFile) - if got := atomic.LoadInt32(&reloads); got != 0 { - t.Fatalf("expected no reload for unchanged file, got %d", got) - } -} - -func TestAddOrUpdateClientTriggersReloadAndHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo","api_key":"k"}`), 0o644); err != nil { - t.Fatalf("failed to create auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - - w.addOrUpdateClient(authFile) - - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected reload callback once, got %d", got) - } - // Use normalizeAuthPath to match how addOrUpdateClient stores the key - normalized := w.normalizeAuthPath(authFile) - if _, ok := w.lastAuthHashes[normalized]; !ok { - t.Fatalf("expected hash to be stored for %s", normalized) - } -} - -func TestRemoveClientRemovesHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - var reloads int32 - - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - // Use normalizeAuthPath to set up the hash with the correct key format - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.removeClient(authFile) - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected hash to be removed after deletion") - } - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected reload callback once, got %d", got) - } -} - -func TestShouldDebounceRemove(t *testing.T) { - w := &Watcher{} - path := filepath.Clean("test.json") - - if w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("first call should not debounce") - } - if !w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("second call within window should debounce") - } - - w.clientsMutex.Lock() - w.lastRemoveTimes = map[string]time.Time{path: time.Now().Add(-2 * authRemoveDebounceWindow)} - w.clientsMutex.Unlock() - - if w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("call after window should not debounce") - } -} - -func TestAuthFileUnchangedUsesHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - content := []byte(`{"type":"demo"}`) - if err := os.WriteFile(authFile, content, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - w := &Watcher{lastAuthHashes: make(map[string]string)} - unchanged, err := w.authFileUnchanged(authFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if unchanged { - t.Fatal("expected first check to report changed") - } - - sum := sha256.Sum256(content) - // Use normalizeAuthPath to match how authFileUnchanged looks up the key - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - unchanged, err = w.authFileUnchanged(authFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !unchanged { - t.Fatal("expected hash match to report unchanged") - } -} - -func TestAuthFileUnchangedEmptyAndMissing(t *testing.T) { - tmpDir := t.TempDir() - emptyFile := filepath.Join(tmpDir, "empty.json") - if err := os.WriteFile(emptyFile, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty auth file: %v", err) - } - - w := &Watcher{lastAuthHashes: make(map[string]string)} - unchanged, err := w.authFileUnchanged(emptyFile) - if err != nil { - t.Fatalf("unexpected error for empty file: %v", err) - } - if unchanged { - t.Fatal("expected empty file to be treated as changed") - } - - _, err = w.authFileUnchanged(filepath.Join(tmpDir, "missing.json")) - if err == nil { - t.Fatal("expected error for missing auth file") - } -} - -func TestReloadClientsCachesAuthHashes(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "one.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - w := &Watcher{ - authDir: tmpDir, - config: &config.Config{AuthDir: tmpDir}, - } - - w.reloadClients(true, nil, false) - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if len(w.lastAuthHashes) != 1 { - t.Fatalf("expected hash cache for one auth file, got %d", len(w.lastAuthHashes)) - } -} - -func TestReloadClientsLogsConfigDiffs(t *testing.T) { - tmpDir := t.TempDir() - oldCfg := &config.Config{AuthDir: tmpDir, Port: 1, Debug: false} - newCfg := &config.Config{AuthDir: tmpDir, Port: 2, Debug: true} - - w := &Watcher{ - authDir: tmpDir, - config: oldCfg, - } - w.SetConfig(oldCfg) - w.oldConfigYaml, _ = yaml.Marshal(oldCfg) - - w.clientsMutex.Lock() - w.config = newCfg - w.clientsMutex.Unlock() - - w.reloadClients(false, nil, false) -} - -func TestReloadClientsHandlesNilConfig(t *testing.T) { - w := &Watcher{} - w.reloadClients(true, nil, false) -} - -func TestReloadClientsFiltersProvidersWithNilCurrentAuths(t *testing.T) { - tmp := t.TempDir() - w := &Watcher{ - authDir: tmp, - config: &config.Config{AuthDir: tmp}, - } - w.reloadClients(false, []string{"match"}, false) - if w.currentAuths != nil && len(w.currentAuths) != 0 { - t.Fatalf("expected currentAuths to be nil or empty, got %d", len(w.currentAuths)) - } -} - -func TestSetAuthUpdateQueueNilResetsDispatch(t *testing.T) { - w := &Watcher{} - queue := make(chan AuthUpdate, 1) - w.SetAuthUpdateQueue(queue) - if w.dispatchCond == nil || w.dispatchCancel == nil { - t.Fatal("expected dispatch to be initialized") - } - w.SetAuthUpdateQueue(nil) - if w.dispatchCancel != nil { - t.Fatal("expected dispatch cancel to be cleared when queue nil") - } -} - -func TestPersistAsyncEarlyReturns(t *testing.T) { - var nilWatcher *Watcher - nilWatcher.persistConfigAsync() - nilWatcher.persistAuthAsync("msg", "a") - - w := &Watcher{} - w.persistConfigAsync() - w.persistAuthAsync("msg", " ", "") -} - -type errorPersister struct { - configCalls int32 - authCalls int32 -} - -func (p *errorPersister) PersistConfig(context.Context) error { - atomic.AddInt32(&p.configCalls, 1) - return fmt.Errorf("persist config error") -} - -func (p *errorPersister) PersistAuthFiles(context.Context, string, ...string) error { - atomic.AddInt32(&p.authCalls, 1) - return fmt.Errorf("persist auth error") -} - -func TestPersistAsyncErrorPaths(t *testing.T) { - p := &errorPersister{} - w := &Watcher{storePersister: p} - w.persistConfigAsync() - w.persistAuthAsync("msg", "a") - time.Sleep(30 * time.Millisecond) - if atomic.LoadInt32(&p.configCalls) != 1 { - t.Fatalf("expected PersistConfig to be called once, got %d", p.configCalls) - } - if atomic.LoadInt32(&p.authCalls) != 1 { - t.Fatalf("expected PersistAuthFiles to be called once, got %d", p.authCalls) - } -} - -func TestStopConfigReloadTimerSafeWhenNil(t *testing.T) { - w := &Watcher{} - w.stopConfigReloadTimer() - w.configReloadMu.Lock() - w.configReloadTimer = time.AfterFunc(10*time.Millisecond, func() {}) - w.configReloadMu.Unlock() - time.Sleep(1 * time.Millisecond) - w.stopConfigReloadTimer() -} - -func TestHandleEventRemovesAuthFile(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "remove.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - if err := os.Remove(authFile); err != nil { - t.Fatalf("failed to remove auth file pre-check: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - config: &config.Config{AuthDir: tmpDir}, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - // Use normalizeAuthPath to set up the hash with the correct key format - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected reload callback once, got %d", reloads) - } - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected hash entry to be removed") - } -} - -func TestDispatchAuthUpdatesFlushesQueue(t *testing.T) { - queue := make(chan AuthUpdate, 4) - w := &Watcher{} - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - w.dispatchAuthUpdates([]AuthUpdate{ - {Action: AuthUpdateActionAdd, ID: "a"}, - {Action: AuthUpdateActionModify, ID: "b"}, - }) - - got := make([]AuthUpdate, 0, 2) - for i := 0; i < 2; i++ { - select { - case u := <-queue: - got = append(got, u) - case <-time.After(2 * time.Second): - t.Fatalf("timed out waiting for update %d", i) - } - } - if len(got) != 2 || got[0].ID != "a" || got[1].ID != "b" { - t.Fatalf("unexpected updates order/content: %+v", got) - } -} - -func TestDispatchLoopExitsOnContextDoneWhileSending(t *testing.T) { - queue := make(chan AuthUpdate) // unbuffered to block sends - w := &Watcher{ - authQueue: queue, - pendingUpdates: map[string]AuthUpdate{ - "k": {Action: AuthUpdateActionAdd, ID: "k"}, - }, - pendingOrder: []string{"k"}, - } - - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.dispatchLoop(ctx) - close(done) - }() - - time.Sleep(30 * time.Millisecond) - cancel() - - select { - case <-done: - case <-time.After(2 * time.Second): - t.Fatal("expected dispatchLoop to exit after ctx canceled while blocked on send") - } -} - -func TestProcessEventsHandlesEventErrorAndChannelClose(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: make(chan fsnotify.Event, 2), - Errors: make(chan error, 2), - }, - configPath: "config.yaml", - authDir: "auth", - } - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - w.watcher.Events <- fsnotify.Event{Name: "unrelated.txt", Op: fsnotify.Write} - w.watcher.Errors <- fmt.Errorf("watcher error") - - time.Sleep(20 * time.Millisecond) - close(w.watcher.Events) - close(w.watcher.Errors) - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit after channels closed") - } -} - -func TestProcessEventsReturnsWhenErrorsChannelClosed(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: nil, - Errors: make(chan error), - }, - } - - close(w.watcher.Errors) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit after errors channel closed") - } -} - -func TestHandleEventIgnoresUnrelatedFiles(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: filepath.Join(tmpDir, "note.txt"), Op: fsnotify.Write}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected no reloads for unrelated file, got %d", reloads) - } -} - -func TestHandleEventConfigChangeSchedulesReload(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: configPath, Op: fsnotify.Write}) - - time.Sleep(400 * time.Millisecond) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected config change to trigger reload once, got %d", reloads) - } -} - -func TestHandleEventAuthWriteTriggersUpdate(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "a.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Write}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected auth write to trigger reload callback, got %d", reloads) - } -} - -func TestHandleEventRemoveDebounceSkips(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "remove.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - lastRemoveTimes: map[string]time.Time{ - filepath.Clean(authFile): time.Now(), - }, - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected remove to be debounced, got %d", reloads) - } -} - -func TestHandleEventAtomicReplaceUnchangedSkips(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "same.json") - content := []byte(`{"type":"demo"}`) - if err := os.WriteFile(authFile, content, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - sum := sha256.Sum256(content) - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Rename}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected unchanged atomic replace to be skipped, got %d", reloads) - } -} - -func TestHandleEventAtomicReplaceChangedTriggersUpdate(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "change.json") - oldContent := []byte(`{"type":"demo","v":1}`) - newContent := []byte(`{"type":"demo","v":2}`) - if err := os.WriteFile(authFile, newContent, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - oldSum := sha256.Sum256(oldContent) - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(oldSum[:]) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Rename}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected changed atomic replace to trigger update, got %d", reloads) - } -} - -func TestHandleEventRemoveUnknownFileIgnored(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "unknown.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected unknown remove to be ignored, got %d", reloads) - } -} - -func TestHandleEventRemoveKnownFileDeletes(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "known.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected known remove to trigger reload, got %d", reloads) - } - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected known auth hash to be deleted") - } -} - -func TestNormalizeAuthPathAndDebounceCleanup(t *testing.T) { - w := &Watcher{} - if got := w.normalizeAuthPath(" "); got != "" { - t.Fatalf("expected empty normalize result, got %q", got) - } - if got := w.normalizeAuthPath(" a/../b "); got != filepath.Clean("a/../b") { - t.Fatalf("unexpected normalize result: %q", got) - } - - w.clientsMutex.Lock() - w.lastRemoveTimes = make(map[string]time.Time, 140) - old := time.Now().Add(-3 * authRemoveDebounceWindow) - for i := 0; i < 129; i++ { - w.lastRemoveTimes[fmt.Sprintf("old-%d", i)] = old - } - w.clientsMutex.Unlock() - - w.shouldDebounceRemove("new-path", time.Now()) - - w.clientsMutex.Lock() - gotLen := len(w.lastRemoveTimes) - w.clientsMutex.Unlock() - if gotLen >= 129 { - t.Fatalf("expected debounce cleanup to shrink map, got %d", gotLen) - } -} - -func TestRefreshAuthStateDispatchesRuntimeAuths(t *testing.T) { - queue := make(chan AuthUpdate, 8) - w := &Watcher{ - authDir: t.TempDir(), - lastAuthHashes: make(map[string]string), - } - w.SetConfig(&config.Config{AuthDir: w.authDir}) - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - w.clientsMutex.Lock() - w.runtimeAuths = map[string]*coreauth.Auth{ - "nil": nil, - "r1": {ID: "r1", Provider: "runtime"}, - } - w.clientsMutex.Unlock() - - w.refreshAuthState(false) - - select { - case u := <-queue: - if u.Action != AuthUpdateActionAdd || u.ID != "r1" { - t.Fatalf("unexpected auth update: %+v", u) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for runtime auth update") - } -} - -func TestAddOrUpdateClientEdgeCases(t *testing.T) { - tmpDir := t.TempDir() - authDir := tmpDir - authFile := filepath.Join(tmpDir, "edge.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - emptyFile := filepath.Join(tmpDir, "empty.json") - if err := os.WriteFile(emptyFile, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - - w.addOrUpdateClient(filepath.Join(tmpDir, "missing.json")) - w.addOrUpdateClient(emptyFile) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected no reloads for missing/empty file, got %d", reloads) - } - - w.addOrUpdateClient(authFile) // config nil -> should not panic or update - if len(w.lastAuthHashes) != 0 { - t.Fatalf("expected no hash entries without config, got %d", len(w.lastAuthHashes)) - } -} - -func TestLoadFileClientsWalkError(t *testing.T) { - tmpDir := t.TempDir() - noAccessDir := filepath.Join(tmpDir, "0noaccess") - if err := os.MkdirAll(noAccessDir, 0o755); err != nil { - t.Fatalf("failed to create noaccess dir: %v", err) - } - if err := os.Chmod(noAccessDir, 0); err != nil { - t.Skipf("chmod not supported: %v", err) - } - defer func() { _ = os.Chmod(noAccessDir, 0o755) }() - - cfg := &config.Config{AuthDir: tmpDir} - w := &Watcher{} - w.SetConfig(cfg) - - count := w.loadFileClients(cfg) - if count != 0 { - t.Fatalf("expected count 0 due to walk error, got %d", count) - } -} - -func TestReloadConfigIfChangedHandlesMissingAndEmpty(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - w := &Watcher{ - configPath: filepath.Join(tmpDir, "missing.yaml"), - authDir: authDir, - } - w.reloadConfigIfChanged() // missing file -> log + return - - emptyPath := filepath.Join(tmpDir, "empty.yaml") - if err := os.WriteFile(emptyPath, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty config: %v", err) - } - w.configPath = emptyPath - w.reloadConfigIfChanged() // empty file -> early return -} - -func TestReloadConfigUsesMirroredAuthDir(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+filepath.Join(tmpDir, "other")+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - w := &Watcher{ - configPath: configPath, - authDir: authDir, - mirroredAuthDir: authDir, - lastAuthHashes: make(map[string]string), - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - if ok := w.reloadConfig(); !ok { - t.Fatal("expected reloadConfig to succeed") - } - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if w.config == nil || w.config.AuthDir != authDir { - t.Fatalf("expected AuthDir to be overridden by mirroredAuthDir %s, got %+v", authDir, w.config) - } -} - -func TestReloadConfigFiltersAffectedOAuthProviders(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - - // Ensure SnapshotCoreAuths yields a provider that is NOT affected, so we can assert it survives. - if err := os.WriteFile(filepath.Join(authDir, "provider-b.json"), []byte(`{"type":"provider-b","email":"b@example.com"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - oldCfg := &config.Config{ - AuthDir: authDir, - OAuthExcludedModels: map[string][]string{ - "provider-a": {"m1"}, - }, - } - newCfg := &config.Config{ - AuthDir: authDir, - OAuthExcludedModels: map[string][]string{ - "provider-a": {"m2"}, - }, - } - data, err := yaml.Marshal(newCfg) - if err != nil { - t.Fatalf("failed to marshal config: %v", err) - } - if err = os.WriteFile(configPath, data, 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - w := &Watcher{ - configPath: configPath, - authDir: authDir, - lastAuthHashes: make(map[string]string), - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "provider-a"}, - }, - } - w.SetConfig(oldCfg) - - if ok := w.reloadConfig(); !ok { - t.Fatal("expected reloadConfig to succeed") - } - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - for _, auth := range w.currentAuths { - if auth != nil && auth.Provider == "provider-a" { - t.Fatal("expected affected provider auth to be filtered") - } - } - foundB := false - for _, auth := range w.currentAuths { - if auth != nil && auth.Provider == "provider-b" { - foundB = true - break - } - } - if !foundB { - t.Fatal("expected unaffected provider auth to remain") - } -} - -func TestStartFailsWhenAuthDirMissing(t *testing.T) { - tmpDir := t.TempDir() - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+filepath.Join(tmpDir, "missing-auth")+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authDir := filepath.Join(tmpDir, "missing-auth") - - w, err := NewWatcher(configPath, authDir, nil) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - defer w.Stop() - w.SetConfig(&config.Config{AuthDir: authDir}) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err == nil { - t.Fatal("expected Start to fail for missing auth dir") - } -} - -func TestDispatchRuntimeAuthUpdateReturnsFalseWithoutQueue(t *testing.T) { - w := &Watcher{} - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionAdd, Auth: &coreauth.Auth{ID: "a"}}); ok { - t.Fatal("expected DispatchRuntimeAuthUpdate to return false when no queue configured") - } - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionDelete, Auth: &coreauth.Auth{ID: "a"}}); ok { - t.Fatal("expected DispatchRuntimeAuthUpdate delete to return false when no queue configured") - } -} - -func TestNormalizeAuthNil(t *testing.T) { - if normalizeAuth(nil) != nil { - t.Fatal("expected normalizeAuth(nil) to return nil") - } -} - -// stubStore implements coreauth.Store plus watcher-specific persistence helpers. -type stubStore struct { - authDir string - cfgPersisted int32 - authPersisted int32 - lastAuthMessage string - lastAuthPaths []string -} - -func (s *stubStore) List(context.Context) ([]*coreauth.Auth, error) { return nil, nil } -func (s *stubStore) Save(context.Context, *coreauth.Auth) (string, error) { - return "", nil -} -func (s *stubStore) Delete(context.Context, string) error { return nil } -func (s *stubStore) PersistConfig(context.Context) error { - atomic.AddInt32(&s.cfgPersisted, 1) - return nil -} -func (s *stubStore) PersistAuthFiles(_ context.Context, message string, paths ...string) error { - atomic.AddInt32(&s.authPersisted, 1) - s.lastAuthMessage = message - s.lastAuthPaths = paths - return nil -} -func (s *stubStore) AuthDir() string { return s.authDir } - -func TestNewWatcherDetectsPersisterAndAuthDir(t *testing.T) { - tmp := t.TempDir() - store := &stubStore{authDir: tmp} - orig := sdkAuth.GetTokenStore() - sdkAuth.RegisterTokenStore(store) - defer sdkAuth.RegisterTokenStore(orig) - - w, err := NewWatcher("config.yaml", "auth", nil) - if err != nil { - t.Fatalf("NewWatcher failed: %v", err) - } - if w.storePersister == nil { - t.Fatal("expected storePersister to be set from token store") - } - if w.mirroredAuthDir != tmp { - t.Fatalf("expected mirroredAuthDir %s, got %s", tmp, w.mirroredAuthDir) - } -} - -func TestPersistConfigAndAuthAsyncInvokePersister(t *testing.T) { - w := &Watcher{ - storePersister: &stubStore{}, - } - - w.persistConfigAsync() - w.persistAuthAsync("msg", " a ", "", "b ") - - time.Sleep(30 * time.Millisecond) - store := w.storePersister.(*stubStore) - if atomic.LoadInt32(&store.cfgPersisted) != 1 { - t.Fatalf("expected PersistConfig to be called once, got %d", store.cfgPersisted) - } - if atomic.LoadInt32(&store.authPersisted) != 1 { - t.Fatalf("expected PersistAuthFiles to be called once, got %d", store.authPersisted) - } - if store.lastAuthMessage != "msg" { - t.Fatalf("unexpected auth message: %s", store.lastAuthMessage) - } - if len(store.lastAuthPaths) != 2 || store.lastAuthPaths[0] != "a" || store.lastAuthPaths[1] != "b" { - t.Fatalf("unexpected filtered paths: %#v", store.lastAuthPaths) - } -} - -func TestScheduleConfigReloadDebounces(t *testing.T) { - tmp := t.TempDir() - authDir := tmp - cfgPath := tmp + "/config.yaml" - if err := os.WriteFile(cfgPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - var reloads int32 - w := &Watcher{ - configPath: cfgPath, - authDir: authDir, - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.scheduleConfigReload() - w.scheduleConfigReload() - - time.Sleep(400 * time.Millisecond) - - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected single debounced reload, got %d", reloads) - } - if w.lastConfigHash == "" { - t.Fatal("expected lastConfigHash to be set after reload") - } -} - -func TestPrepareAuthUpdatesLockedForceAndDelete(t *testing.T) { - w := &Watcher{ - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "p1"}, - }, - authQueue: make(chan AuthUpdate, 4), - } - - updates := w.prepareAuthUpdatesLocked([]*coreauth.Auth{{ID: "a", Provider: "p2"}}, false) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionModify || updates[0].ID != "a" { - t.Fatalf("unexpected modify updates: %+v", updates) - } - - updates = w.prepareAuthUpdatesLocked([]*coreauth.Auth{{ID: "a", Provider: "p2"}}, true) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionModify { - t.Fatalf("expected force modify, got %+v", updates) - } - - updates = w.prepareAuthUpdatesLocked([]*coreauth.Auth{}, false) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionDelete || updates[0].ID != "a" { - t.Fatalf("expected delete for missing auth, got %+v", updates) - } -} - -func TestAuthEqualIgnoresTemporalFields(t *testing.T) { - now := time.Now() - a := &coreauth.Auth{ID: "x", CreatedAt: now} - b := &coreauth.Auth{ID: "x", CreatedAt: now.Add(5 * time.Second)} - if !authEqual(a, b) { - t.Fatal("expected authEqual to ignore temporal differences") - } -} - -func TestDispatchLoopExitsWhenQueueNilAndContextCanceled(t *testing.T) { - w := &Watcher{ - dispatchCond: nil, - pendingUpdates: map[string]AuthUpdate{"k": {ID: "k"}}, - pendingOrder: []string{"k"}, - } - w.dispatchCond = sync.NewCond(&w.dispatchMu) - - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.dispatchLoop(ctx) - close(done) - }() - - time.Sleep(20 * time.Millisecond) - cancel() - w.dispatchMu.Lock() - w.dispatchCond.Broadcast() - w.dispatchMu.Unlock() - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("dispatchLoop did not exit after context cancel") - } -} - -func TestReloadClientsFiltersOAuthProvidersWithoutRescan(t *testing.T) { - tmp := t.TempDir() - w := &Watcher{ - authDir: tmp, - config: &config.Config{AuthDir: tmp}, - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "Match"}, - "b": {ID: "b", Provider: "other"}, - }, - lastAuthHashes: map[string]string{"cached": "hash"}, - } - - w.reloadClients(false, []string{"match"}, false) - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if _, ok := w.currentAuths["a"]; ok { - t.Fatal("expected filtered provider to be removed") - } - if len(w.lastAuthHashes) != 1 { - t.Fatalf("expected existing hash cache to be retained, got %d", len(w.lastAuthHashes)) - } -} - -func TestScheduleProcessEventsStopsOnContextDone(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: make(chan fsnotify.Event, 1), - Errors: make(chan error, 1), - }, - configPath: "config.yaml", - authDir: "auth", - } - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - cancel() - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit on context cancel") - } -} - -func hexString(data []byte) string { - return strings.ToLower(fmt.Sprintf("%x", data)) -} diff --git a/.worktrees/config/m/config-build/active/internal/wsrelay/http.go b/.worktrees/config/m/config-build/active/internal/wsrelay/http.go deleted file mode 100644 index abdb277cb9..0000000000 --- a/.worktrees/config/m/config-build/active/internal/wsrelay/http.go +++ /dev/null @@ -1,248 +0,0 @@ -package wsrelay - -import ( - "bytes" - "context" - "errors" - "fmt" - "net/http" - "time" - - "github.com/google/uuid" -) - -// HTTPRequest represents a proxied HTTP request delivered to websocket clients. -type HTTPRequest struct { - Method string - URL string - Headers http.Header - Body []byte -} - -// HTTPResponse captures the response relayed back from websocket clients. -type HTTPResponse struct { - Status int - Headers http.Header - Body []byte -} - -// StreamEvent represents a streaming response event from clients. -type StreamEvent struct { - Type string - Payload []byte - Status int - Headers http.Header - Err error -} - -// NonStream executes a non-streaming HTTP request using the websocket provider. -func (m *Manager) NonStream(ctx context.Context, provider string, req *HTTPRequest) (*HTTPResponse, error) { - if req == nil { - return nil, fmt.Errorf("wsrelay: request is nil") - } - msg := Message{ID: uuid.NewString(), Type: MessageTypeHTTPReq, Payload: encodeRequest(req)} - respCh, err := m.Send(ctx, provider, msg) - if err != nil { - return nil, err - } - var ( - streamMode bool - streamResp *HTTPResponse - streamBody bytes.Buffer - ) - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case msg, ok := <-respCh: - if !ok { - if streamMode { - if streamResp == nil { - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } else if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamResp.Body = append(streamResp.Body[:0], streamBody.Bytes()...) - return streamResp, nil - } - return nil, errors.New("wsrelay: connection closed during response") - } - switch msg.Type { - case MessageTypeHTTPResp: - resp := decodeResponse(msg.Payload) - if streamMode && streamBody.Len() > 0 && len(resp.Body) == 0 { - resp.Body = append(resp.Body[:0], streamBody.Bytes()...) - } - return resp, nil - case MessageTypeError: - return nil, decodeError(msg.Payload) - case MessageTypeStreamStart, MessageTypeStreamChunk: - if msg.Type == MessageTypeStreamStart { - streamMode = true - streamResp = decodeResponse(msg.Payload) - if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamBody.Reset() - continue - } - if !streamMode { - streamMode = true - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } - chunk := decodeChunk(msg.Payload) - if len(chunk) > 0 { - streamBody.Write(chunk) - } - case MessageTypeStreamEnd: - if !streamMode { - return &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)}, nil - } - if streamResp == nil { - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } else if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamResp.Body = append(streamResp.Body[:0], streamBody.Bytes()...) - return streamResp, nil - default: - } - } - } -} - -// Stream executes a streaming HTTP request and returns channel with stream events. -func (m *Manager) Stream(ctx context.Context, provider string, req *HTTPRequest) (<-chan StreamEvent, error) { - if req == nil { - return nil, fmt.Errorf("wsrelay: request is nil") - } - msg := Message{ID: uuid.NewString(), Type: MessageTypeHTTPReq, Payload: encodeRequest(req)} - respCh, err := m.Send(ctx, provider, msg) - if err != nil { - return nil, err - } - out := make(chan StreamEvent) - go func() { - defer close(out) - send := func(ev StreamEvent) bool { - if ctx == nil { - out <- ev - return true - } - select { - case <-ctx.Done(): - return false - case out <- ev: - return true - } - } - for { - select { - case <-ctx.Done(): - return - case msg, ok := <-respCh: - if !ok { - _ = send(StreamEvent{Err: errors.New("wsrelay: stream closed")}) - return - } - switch msg.Type { - case MessageTypeStreamStart: - resp := decodeResponse(msg.Payload) - if okSend := send(StreamEvent{Type: MessageTypeStreamStart, Status: resp.Status, Headers: resp.Headers}); !okSend { - return - } - case MessageTypeStreamChunk: - chunk := decodeChunk(msg.Payload) - if okSend := send(StreamEvent{Type: MessageTypeStreamChunk, Payload: chunk}); !okSend { - return - } - case MessageTypeStreamEnd: - _ = send(StreamEvent{Type: MessageTypeStreamEnd}) - return - case MessageTypeError: - _ = send(StreamEvent{Type: MessageTypeError, Err: decodeError(msg.Payload)}) - return - case MessageTypeHTTPResp: - resp := decodeResponse(msg.Payload) - _ = send(StreamEvent{Type: MessageTypeHTTPResp, Status: resp.Status, Headers: resp.Headers, Payload: resp.Body}) - return - default: - } - } - } - }() - return out, nil -} - -func encodeRequest(req *HTTPRequest) map[string]any { - headers := make(map[string]any, len(req.Headers)) - for key, values := range req.Headers { - copyValues := make([]string, len(values)) - copy(copyValues, values) - headers[key] = copyValues - } - return map[string]any{ - "method": req.Method, - "url": req.URL, - "headers": headers, - "body": string(req.Body), - "sent_at": time.Now().UTC().Format(time.RFC3339Nano), - } -} - -func decodeResponse(payload map[string]any) *HTTPResponse { - if payload == nil { - return &HTTPResponse{Status: http.StatusBadGateway, Headers: make(http.Header)} - } - resp := &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - if status, ok := payload["status"].(float64); ok { - resp.Status = int(status) - } - if headers, ok := payload["headers"].(map[string]any); ok { - for key, raw := range headers { - switch v := raw.(type) { - case []any: - for _, item := range v { - if str, ok := item.(string); ok { - resp.Headers.Add(key, str) - } - } - case []string: - for _, str := range v { - resp.Headers.Add(key, str) - } - case string: - resp.Headers.Set(key, v) - } - } - } - if body, ok := payload["body"].(string); ok { - resp.Body = []byte(body) - } - return resp -} - -func decodeChunk(payload map[string]any) []byte { - if payload == nil { - return nil - } - if data, ok := payload["data"].(string); ok { - return []byte(data) - } - return nil -} - -func decodeError(payload map[string]any) error { - if payload == nil { - return errors.New("wsrelay: unknown error") - } - message, _ := payload["error"].(string) - status := 0 - if v, ok := payload["status"].(float64); ok { - status = int(v) - } - if message == "" { - message = "wsrelay: upstream error" - } - return fmt.Errorf("%s (status=%d)", message, status) -} diff --git a/.worktrees/config/m/config-build/active/internal/wsrelay/manager.go b/.worktrees/config/m/config-build/active/internal/wsrelay/manager.go deleted file mode 100644 index ae28234c15..0000000000 --- a/.worktrees/config/m/config-build/active/internal/wsrelay/manager.go +++ /dev/null @@ -1,205 +0,0 @@ -package wsrelay - -import ( - "context" - "crypto/rand" - "errors" - "fmt" - "net/http" - "strings" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -// Manager exposes a websocket endpoint that proxies Gemini requests to -// connected clients. -type Manager struct { - path string - upgrader websocket.Upgrader - sessions map[string]*session - sessMutex sync.RWMutex - - providerFactory func(*http.Request) (string, error) - onConnected func(string) - onDisconnected func(string, error) - - logDebugf func(string, ...any) - logInfof func(string, ...any) - logWarnf func(string, ...any) -} - -// Options configures a Manager instance. -type Options struct { - Path string - ProviderFactory func(*http.Request) (string, error) - OnConnected func(string) - OnDisconnected func(string, error) - LogDebugf func(string, ...any) - LogInfof func(string, ...any) - LogWarnf func(string, ...any) -} - -// NewManager builds a websocket relay manager with the supplied options. -func NewManager(opts Options) *Manager { - path := strings.TrimSpace(opts.Path) - if path == "" { - path = "/v1/ws" - } - if !strings.HasPrefix(path, "/") { - path = "/" + path - } - mgr := &Manager{ - path: path, - sessions: make(map[string]*session), - upgrader: websocket.Upgrader{ - ReadBufferSize: 1024, - WriteBufferSize: 1024, - CheckOrigin: func(r *http.Request) bool { - return true - }, - }, - providerFactory: opts.ProviderFactory, - onConnected: opts.OnConnected, - onDisconnected: opts.OnDisconnected, - logDebugf: opts.LogDebugf, - logInfof: opts.LogInfof, - logWarnf: opts.LogWarnf, - } - if mgr.logDebugf == nil { - mgr.logDebugf = func(string, ...any) {} - } - if mgr.logInfof == nil { - mgr.logInfof = func(string, ...any) {} - } - if mgr.logWarnf == nil { - mgr.logWarnf = func(s string, args ...any) { fmt.Printf(s+"\n", args...) } - } - return mgr -} - -// Path returns the HTTP path the manager expects for websocket upgrades. -func (m *Manager) Path() string { - if m == nil { - return "/v1/ws" - } - return m.path -} - -// Handler exposes an http.Handler that upgrades connections to websocket sessions. -func (m *Manager) Handler() http.Handler { - return http.HandlerFunc(m.handleWebsocket) -} - -// Stop gracefully closes all active websocket sessions. -func (m *Manager) Stop(_ context.Context) error { - m.sessMutex.Lock() - sessions := make([]*session, 0, len(m.sessions)) - for _, sess := range m.sessions { - sessions = append(sessions, sess) - } - m.sessions = make(map[string]*session) - m.sessMutex.Unlock() - - for _, sess := range sessions { - if sess != nil { - sess.cleanup(errors.New("wsrelay: manager stopped")) - } - } - return nil -} - -// handleWebsocket upgrades the connection and wires the session into the pool. -func (m *Manager) handleWebsocket(w http.ResponseWriter, r *http.Request) { - expectedPath := m.Path() - if expectedPath != "" && r.URL != nil && r.URL.Path != expectedPath { - http.NotFound(w, r) - return - } - if !strings.EqualFold(r.Method, http.MethodGet) { - w.Header().Set("Allow", http.MethodGet) - http.Error(w, "method not allowed", http.StatusMethodNotAllowed) - return - } - conn, err := m.upgrader.Upgrade(w, r, nil) - if err != nil { - m.logWarnf("wsrelay: upgrade failed: %v", err) - return - } - s := newSession(conn, m, randomProviderName()) - if m.providerFactory != nil { - name, err := m.providerFactory(r) - if err != nil { - s.cleanup(err) - return - } - if strings.TrimSpace(name) != "" { - s.provider = strings.ToLower(name) - } - } - if s.provider == "" { - s.provider = strings.ToLower(s.id) - } - m.sessMutex.Lock() - var replaced *session - if existing, ok := m.sessions[s.provider]; ok { - replaced = existing - } - m.sessions[s.provider] = s - m.sessMutex.Unlock() - - if replaced != nil { - replaced.cleanup(errors.New("replaced by new connection")) - } - if m.onConnected != nil { - m.onConnected(s.provider) - } - - go s.run(context.Background()) -} - -// Send forwards the message to the specific provider connection and returns a channel -// yielding response messages. -func (m *Manager) Send(ctx context.Context, provider string, msg Message) (<-chan Message, error) { - s := m.session(provider) - if s == nil { - return nil, fmt.Errorf("wsrelay: provider %s not connected", provider) - } - return s.request(ctx, msg) -} - -func (m *Manager) session(provider string) *session { - key := strings.ToLower(strings.TrimSpace(provider)) - m.sessMutex.RLock() - s := m.sessions[key] - m.sessMutex.RUnlock() - return s -} - -func (m *Manager) handleSessionClosed(s *session, cause error) { - if s == nil { - return - } - key := strings.ToLower(strings.TrimSpace(s.provider)) - m.sessMutex.Lock() - if cur, ok := m.sessions[key]; ok && cur == s { - delete(m.sessions, key) - } - m.sessMutex.Unlock() - if m.onDisconnected != nil { - m.onDisconnected(s.provider, cause) - } -} - -func randomProviderName() string { - const alphabet = "abcdefghijklmnopqrstuvwxyz0123456789" - buf := make([]byte, 16) - if _, err := rand.Read(buf); err != nil { - return fmt.Sprintf("aistudio-%x", time.Now().UnixNano()) - } - for i := range buf { - buf[i] = alphabet[int(buf[i])%len(alphabet)] - } - return "aistudio-" + string(buf) -} diff --git a/.worktrees/config/m/config-build/active/internal/wsrelay/message.go b/.worktrees/config/m/config-build/active/internal/wsrelay/message.go deleted file mode 100644 index bf716e5e1a..0000000000 --- a/.worktrees/config/m/config-build/active/internal/wsrelay/message.go +++ /dev/null @@ -1,27 +0,0 @@ -package wsrelay - -// Message represents the JSON payload exchanged with websocket clients. -type Message struct { - ID string `json:"id"` - Type string `json:"type"` - Payload map[string]any `json:"payload,omitempty"` -} - -const ( - // MessageTypeHTTPReq identifies an HTTP-style request envelope. - MessageTypeHTTPReq = "http_request" - // MessageTypeHTTPResp identifies a non-streaming HTTP response envelope. - MessageTypeHTTPResp = "http_response" - // MessageTypeStreamStart marks the beginning of a streaming response. - MessageTypeStreamStart = "stream_start" - // MessageTypeStreamChunk carries a streaming response chunk. - MessageTypeStreamChunk = "stream_chunk" - // MessageTypeStreamEnd marks the completion of a streaming response. - MessageTypeStreamEnd = "stream_end" - // MessageTypeError carries an error response. - MessageTypeError = "error" - // MessageTypePing represents ping messages from clients. - MessageTypePing = "ping" - // MessageTypePong represents pong responses back to clients. - MessageTypePong = "pong" -) diff --git a/.worktrees/config/m/config-build/active/internal/wsrelay/session.go b/.worktrees/config/m/config-build/active/internal/wsrelay/session.go deleted file mode 100644 index a728cbc3e0..0000000000 --- a/.worktrees/config/m/config-build/active/internal/wsrelay/session.go +++ /dev/null @@ -1,188 +0,0 @@ -package wsrelay - -import ( - "context" - "errors" - "fmt" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -const ( - readTimeout = 60 * time.Second - writeTimeout = 10 * time.Second - maxInboundMessageLen = 64 << 20 // 64 MiB - heartbeatInterval = 30 * time.Second -) - -var errClosed = errors.New("websocket session closed") - -type pendingRequest struct { - ch chan Message - closeOnce sync.Once -} - -func (pr *pendingRequest) close() { - if pr == nil { - return - } - pr.closeOnce.Do(func() { - close(pr.ch) - }) -} - -type session struct { - conn *websocket.Conn - manager *Manager - provider string - id string - closed chan struct{} - closeOnce sync.Once - writeMutex sync.Mutex - pending sync.Map // map[string]*pendingRequest -} - -func newSession(conn *websocket.Conn, mgr *Manager, id string) *session { - s := &session{ - conn: conn, - manager: mgr, - provider: "", - id: id, - closed: make(chan struct{}), - } - conn.SetReadLimit(maxInboundMessageLen) - conn.SetReadDeadline(time.Now().Add(readTimeout)) - conn.SetPongHandler(func(string) error { - conn.SetReadDeadline(time.Now().Add(readTimeout)) - return nil - }) - s.startHeartbeat() - return s -} - -func (s *session) startHeartbeat() { - if s == nil || s.conn == nil { - return - } - ticker := time.NewTicker(heartbeatInterval) - go func() { - defer ticker.Stop() - for { - select { - case <-s.closed: - return - case <-ticker.C: - s.writeMutex.Lock() - err := s.conn.WriteControl(websocket.PingMessage, []byte("ping"), time.Now().Add(writeTimeout)) - s.writeMutex.Unlock() - if err != nil { - s.cleanup(err) - return - } - } - } - }() -} - -func (s *session) run(ctx context.Context) { - defer s.cleanup(errClosed) - for { - var msg Message - if err := s.conn.ReadJSON(&msg); err != nil { - s.cleanup(err) - return - } - s.dispatch(msg) - } -} - -func (s *session) dispatch(msg Message) { - if msg.Type == MessageTypePing { - _ = s.send(context.Background(), Message{ID: msg.ID, Type: MessageTypePong}) - return - } - if value, ok := s.pending.Load(msg.ID); ok { - req := value.(*pendingRequest) - select { - case req.ch <- msg: - default: - } - if msg.Type == MessageTypeHTTPResp || msg.Type == MessageTypeError || msg.Type == MessageTypeStreamEnd { - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - actual.(*pendingRequest).close() - } - } - return - } - if msg.Type == MessageTypeHTTPResp || msg.Type == MessageTypeError || msg.Type == MessageTypeStreamEnd { - s.manager.logDebugf("wsrelay: received terminal message for unknown id %s (provider=%s)", msg.ID, s.provider) - } -} - -func (s *session) send(ctx context.Context, msg Message) error { - select { - case <-s.closed: - return errClosed - default: - } - s.writeMutex.Lock() - defer s.writeMutex.Unlock() - if err := s.conn.SetWriteDeadline(time.Now().Add(writeTimeout)); err != nil { - return fmt.Errorf("set write deadline: %w", err) - } - if err := s.conn.WriteJSON(msg); err != nil { - return fmt.Errorf("write json: %w", err) - } - return nil -} - -func (s *session) request(ctx context.Context, msg Message) (<-chan Message, error) { - if msg.ID == "" { - return nil, fmt.Errorf("wsrelay: message id is required") - } - if _, loaded := s.pending.LoadOrStore(msg.ID, &pendingRequest{ch: make(chan Message, 8)}); loaded { - return nil, fmt.Errorf("wsrelay: duplicate message id %s", msg.ID) - } - value, _ := s.pending.Load(msg.ID) - req := value.(*pendingRequest) - if err := s.send(ctx, msg); err != nil { - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - req := actual.(*pendingRequest) - req.close() - } - return nil, err - } - go func() { - select { - case <-ctx.Done(): - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - actual.(*pendingRequest).close() - } - case <-s.closed: - } - }() - return req.ch, nil -} - -func (s *session) cleanup(cause error) { - s.closeOnce.Do(func() { - close(s.closed) - s.pending.Range(func(key, value any) bool { - req := value.(*pendingRequest) - msg := Message{ID: key.(string), Type: MessageTypeError, Payload: map[string]any{"error": cause.Error()}} - select { - case req.ch <- msg: - default: - } - req.close() - return true - }) - s.pending = sync.Map{} - _ = s.conn.Close() - if s.manager != nil { - s.manager.handleSessionClosed(s, cause) - } - }) -} diff --git a/.worktrees/config/m/config-build/active/llms-full.txt b/.worktrees/config/m/config-build/active/llms-full.txt deleted file mode 100644 index ee3b2c2280..0000000000 --- a/.worktrees/config/m/config-build/active/llms-full.txt +++ /dev/null @@ -1,7000 +0,0 @@ -# cliproxyapi++ LLM Context (Full) -Expanded, line-addressable repository context. - -# cliproxyapi++ LLM Context (Concise) -Generated from repository files for agent/dev/user consumption. - -## README Highlights -# cliproxyapi++ 🚀 -[![Go Report Card](https://goreportcard.com/badge/github.com/KooshaPari/cliproxyapi-plusplus)](https://goreportcard.com/report/github.com/KooshaPari/cliproxyapi-plusplus) -[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Docker Pulls](https://img.shields.io/docker/pulls/kooshapari/cliproxyapi-plusplus.svg)](https://hub.docker.com/r/kooshapari/cliproxyapi-plusplus) -[![GitHub Release](https://img.shields.io/github/v/release/KooshaPari/cliproxyapi-plusplus)](https://github.com/KooshaPari/cliproxyapi-plusplus/releases) -English | [中文](README_CN.md) -**cliproxyapi++** is the definitive high-performance, security-hardened fork of [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI). Designed with a "Defense in Depth" philosophy and a "Library-First" architecture, it provides an OpenAI-compatible interface for proprietary LLMs with enterprise-grade stability. ---- -## 🏆 Deep Dive: The `++` Advantage -Why choose **cliproxyapi++** over the mainline? While the mainline focus is on open-source stability, the `++` variant is built for high-scale, production environments where security, automated lifecycle management, and broad provider support are critical. -Full feature-by-feature change reference: -- **[Feature Changes in ++](./docs/FEATURE_CHANGES_PLUSPLUS.md)** -### 📊 Feature Comparison Matrix -| Feature | Mainline | CLIProxyAPI+ | **cliproxyapi++** | -| :--- | :---: | :---: | :---: | -| **Core Proxy Logic** | ✅ | ✅ | ✅ | -| **Basic Provider Support** | ✅ | ✅ | ✅ | -| **Standard UI** | ❌ | ✅ | ✅ | -| **Advanced Auth (Kiro/Copilot)** | ❌ | ⚠️ | ✅ **(Full Support)** | -| **Background Token Refresh** | ❌ | ❌ | ✅ **(Auto-Refresh)** | -| **Security Hardening** | Basic | Basic | ✅ **(Enterprise-Grade)** | -| **Rate Limiting & Cooldown** | ❌ | ❌ | ✅ **(Intelligent)** | -| **Core Reusability** | `internal/` | `internal/` | ✅ **(`pkg/llmproxy`)** | -| **CI/CD Pipeline** | Basic | Basic | ✅ **(Signed/Multi-arch)** | ---- -## 🔍 Technical Differences & Hardening -### 1. Architectural Evolution: `pkg/llmproxy` -Unlike the mainline which keeps its core logic in `internal/` (preventing external Go projects from importing it), **cliproxyapi++** has refactored its entire translation and proxying engine into a clean, public `pkg/llmproxy` library. -* **Reusability**: Import the proxy logic directly into your own Go applications. -* **Decoupling**: Configuration management is strictly separated from execution logic. -### 2. Enterprise Authentication & Lifecycle -* **Full GitHub Copilot Integration**: Not just an API wrapper. `++` includes a full OAuth device flow, per-credential quota tracking, and intelligent session management. -* **Kiro (AWS CodeWhisperer) 2.0**: A custom-built web UI (`/v0/oauth/kiro`) for browser-based AWS Builder ID and Identity Center logins. -* **Background Token Refresh**: A dedicated worker service monitors tokens and automatically refreshes them 10 minutes before expiration, ensuring zero downtime for your agents. -### 3. Security Hardening ("Defense in Depth") -* **Path Guard**: A custom GitHub Action workflow (`pr-path-guard`) that prevents any unauthorized changes to critical `internal/translator/` logic during PRs. -* **Device Fingerprinting**: Generates unique, immutable device identifiers to satisfy strict provider security checks and prevent account flagging. -* **Hardened Docker Base**: Built on a specific, audited Alpine 3.22.0 layer with minimal packages, reducing the potential attack surface. -### 4. High-Scale Operations -* **Intelligent Cooldown**: Automated "cooling" mechanism that detects provider-side rate limits and intelligently pauses requests to specific providers while routing others. -* **Unified Model Converter**: A sophisticated mapping layer that allows you to request `claude-3-5-sonnet` and have the proxy automatically handle the specific protocol requirements of the target provider (Vertex, AWS, Anthropic, etc.). ---- -## 🚀 Getting Started -### Prerequisites -- [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) -- OR [Go 1.26+](https://golang.org/dl/) -### One-Command Deployment (Docker) -```bash -# Setup deployment -mkdir -p ~/cliproxy && cd ~/cliproxy -curl -o config.yaml https://raw.githubusercontent.com/KooshaPari/cliproxyapi-plusplus/main/config.example.yaml -# Create compose file -cat > docker-compose.yml << 'EOF' -services: -cliproxy: -image: KooshaPari/cliproxyapi-plusplus:latest -container_name: cliproxyapi++ -ports: ["8317:8317"] -volumes: -- ./config.yaml:/CLIProxyAPI/config.yaml -- ./auths:/root/.cli-proxy-api -- ./logs:/CLIProxyAPI/logs -restart: unless-stopped -EOF -docker compose up -d -``` ---- -## 🛠️ Advanced Usage -### Extended Provider Support -`cliproxyapi++` supports a massive registry of providers out-of-the-box: -* **Direct**: Claude, Gemini, OpenAI, Mistral, Groq, DeepSeek. -* **Aggregators**: OpenRouter, Together AI, Fireworks AI, Novita AI, SiliconFlow. -* **Proprietary**: Kiro (AWS), GitHub Copilot, Roo Code, Kilo AI, MiniMax. -### API Specification -The proxy provides two main API surfaces: -1. **OpenAI Interface**: `/v1/chat/completions` and `/v1/models` (Full parity). -2. **Management Interface**: -* `GET /v0/config`: Inspect current (hot-reloaded) config. -* `GET /v0/oauth/kiro`: Interactive Kiro auth UI. -* `GET /v0/logs`: Real-time log inspection. ---- -## 🤝 Contributing -We maintain strict quality gates to preserve the "hardened" status of the project: -1. **Linting**: Must pass `golangci-lint` with zero warnings. -2. **Coverage**: All new translator logic MUST include unit tests. -3. **Governance**: Changes to core `pkg/` logic require a corresponding Issue discussion. -See **[CONTRIBUTING.md](CONTRIBUTING.md)** for more details. ---- -## 📚 Documentation -- **[Docsets](./docs/docsets/)** — Role-oriented documentation sets. -- [Developer (Internal)](./docs/docsets/developer/internal/) -- [Developer (External)](./docs/docsets/developer/external/) -- [Technical User](./docs/docsets/user/) -- [Agent Operator](./docs/docsets/agent/) -- **[Feature Changes in ++](./docs/FEATURE_CHANGES_PLUSPLUS.md)** — Comprehensive list of `++` differences and impacts. -- **[Docs README](./docs/README.md)** — Core docs map. ---- -## 🚢 Docs Deploy -Local VitePress docs: -```bash -cd docs -npm install -npm run docs:dev -npm run docs:build -``` -GitHub Pages: -- Workflow: `.github/workflows/vitepress-pages.yml` -- URL convention: `https://.github.io/cliproxyapi-plusplus/` ---- -## 📜 License -Distributed under the MIT License. See [LICENSE](LICENSE) for more information. ---- -

-Hardened AI Infrastructure for the Modern Agentic Stack.
-Built with ❤️ by the community. -

- -## Taskfile Tasks -- GO_FILES -- default -- build -- run -- test -- lint -- tidy -- docker:build -- docker:run -- docker:stop -- doctor -- ax:spec - -## Documentation Index -- docs/FEATURE_CHANGES_PLUSPLUS.md -- docs/README.md -- docs/docsets/agent/index.md -- docs/docsets/agent/operating-model.md -- docs/docsets/developer/external/index.md -- docs/docsets/developer/external/integration-quickstart.md -- docs/docsets/developer/internal/architecture.md -- docs/docsets/developer/internal/index.md -- docs/docsets/index.md -- docs/docsets/user/index.md -- docs/docsets/user/quickstart.md -- docs/features/architecture/DEV.md -- docs/features/architecture/SPEC.md -- docs/features/architecture/USER.md -- docs/features/auth/SPEC.md -- docs/features/auth/USER.md -- docs/features/operations/SPEC.md -- docs/features/operations/USER.md -- docs/features/providers/SPEC.md -- docs/features/providers/USER.md -- docs/features/security/SPEC.md -- docs/features/security/USER.md -- docs/index.md -- docs/sdk-access.md -- docs/sdk-access_CN.md -- docs/sdk-advanced.md -- docs/sdk-advanced_CN.md -- docs/sdk-usage.md -- docs/sdk-usage_CN.md -- docs/sdk-watcher.md -- docs/sdk-watcher_CN.md - -## Markdown Headings -### docs/FEATURE_CHANGES_PLUSPLUS.md -- # cliproxyapi++ Feature Change Reference (`++` vs baseline) -- ## 1. Architecture Changes -- ## 2. Authentication and Identity Changes -- ## 3. Provider and Model Routing Changes -- ## 4. Security and Governance Changes -- ## 5. Operations and Delivery Changes -- ## 6. API and Compatibility Surface -- ## 7. Migration Impact Summary -### docs/README.md -- # cliproxyapi++ Documentation Index -- ## 📚 Documentation Structure -- ## 🚀 Quick Start -- ## 📖 Feature Documentation -- ### 1. Library-First Architecture -- ### 2. Enterprise Authentication -- ### 3. Security Hardening -- ### 4. High-Scale Operations -- ### 5. Provider Registry -- ## 🔧 API Documentation -- ### OpenAI-Compatible API -- ### Management API -- ### Operations API -- ## 🛠️ SDK Documentation -- ### Go SDK -- ## 🚀 Getting Started -- ### 1. Installation -- ### 2. Configuration -- ### 3. Add Credentials -- ### 4. Start Service -- ### 5. Make Request -- ## 🔍 Troubleshooting -- ### Common Issues -- ### Debug Mode -- ### Get Help -- ## 📊 Comparison: cliproxyapi++ vs Mainline -- ## 📝 Contributing -- ## 🔐 Security -- ## 📜 License -- ## 🗺️ Documentation Map -- ## 🤝 Community -### docs/docsets/agent/index.md -- # Agent Operator Docset -- ## Operator Focus -### docs/docsets/agent/operating-model.md -- # Agent Operating Model -- ## Execution Loop -### docs/docsets/developer/external/index.md -- # External Developer Docset -- ## Start Here -### docs/docsets/developer/external/integration-quickstart.md -- # Integration Quickstart -### docs/docsets/developer/internal/architecture.md -- # Internal Architecture -- ## Core Boundaries -- ## Maintainer Rules -### docs/docsets/developer/internal/index.md -- # Internal Developer Docset -- ## Read First -### docs/docsets/index.md -- # Docsets -- ## Developer -- ## User -- ## Agent -### docs/docsets/user/index.md -- # Technical User Docset -- ## Core Paths -### docs/docsets/user/quickstart.md -- # Technical User Quickstart -### docs/features/architecture/DEV.md -- # Developer Guide: Extending Library-First Architecture -- ## Contributing to pkg/llmproxy -- ## Project Structure -- ## Adding a New Provider -- ### Step 1: Define Provider Configuration -- ### Step 2: Implement Translator Interface -- ### Step 3: Implement Provider Executor -- ### Step 4: Register Provider -- ### Step 5: Add Tests -- ## Custom Authentication Flows -- ### Implementing OAuth -- ### Implementing Device Flow -- ## Performance Optimization -- ### Connection Pooling -- ### Rate Limiting Optimization -- ### Caching Strategy -- ## Testing Guidelines -- ### Unit Tests -- ### Integration Tests -- ### Contract Tests -- ## Submitting Changes -- ## API Stability -### docs/features/architecture/SPEC.md -- # Technical Specification: Library-First Architecture (pkg/llmproxy) -- ## Overview -- ## Architecture Migration -- ### Before: Mainline Structure -- ### After: cliproxyapi++ Structure -- ## Core Components -- ### 1. Translation Engine (`pkg/llmproxy/translator`) -- ### 2. Provider Execution (`pkg/llmproxy/provider`) -- ### 3. Configuration Management (`pkg/llmproxy/config`) -- ### 4. Watcher & Synthesis (`pkg/llmproxy/watcher`) -- ## Data Flow -- ### Request Processing Flow -- ### Configuration Reload Flow -- ### Token Refresh Flow -- ## Reusability Patterns -- ### Embedding as Library -- ### Custom Provider Integration -- ### Extending Configuration -- ## Performance Characteristics -- ### Memory Footprint -- ### Concurrency Model -- ### Throughput -- ## Security Considerations -- ### Public API Stability -- ### Input Validation -- ### Error Propagation -- ## Migration Guide -- ### From Mainline internal/ -- ### Function Compatibility -- ## Testing Strategy -- ### Unit Tests -- ### Integration Tests -- ### Contract Tests -### docs/features/architecture/USER.md -- # User Guide: Library-First Architecture -- ## What is "Library-First"? -- ## Why Use the Library? -- ### Benefits Over Standalone CLI - -## Detailed File Snapshots - -### FILE: .goreleaser.yml -0001: builds: -0002: - id: "cliproxyapi-plusplus" -0003: env: -0004: - CGO_ENABLED=0 -0005: goos: -0006: - linux -0007: - windows -0008: - darwin -0009: goarch: -0010: - amd64 -0011: - arm64 -0012: main: ./cmd/server/ -0013: binary: cliproxyapi++ -0014: ldflags: -0015: - -s -w -X 'main.Version={{.Version}}-++' -X 'main.Commit={{.ShortCommit}}' -X 'main.BuildDate={{.Date}}' -0016: archives: -0017: - id: "cliproxyapi-plusplus" -0018: format: tar.gz -0019: format_overrides: -0020: - goos: windows -0021: format: zip -0022: files: -0023: - LICENSE -0024: - README.md -0025: - README_CN.md -0026: - config.example.yaml -0027: -0028: checksum: -0029: name_template: 'checksums.txt' -0030: -0031: snapshot: -0032: name_template: "{{ incpatch .Version }}-next" -0033: -0034: changelog: -0035: sort: asc -0036: filters: -0037: exclude: -0038: - '^docs:' -0039: - '^test:' - -### FILE: CONTRIBUTING.md -0001: # Contributing to cliproxyapi++ -0002: -0003: First off, thank you for considering contributing to **cliproxyapi++**! It's people like you who make this tool better for everyone. -0004: -0005: ## Code of Conduct -0006: -0007: By participating in this project, you agree to abide by our [Code of Conduct](CODE_OF_CONDUCT.md) (coming soon). -0008: -0009: ## How Can I Contribute? -0010: -0011: ### Reporting Bugs -0012: - Use the [Bug Report](https://github.com/KooshaPari/cliproxyapi-plusplus/issues/new?template=bug_report.md) template. -0013: - Provide a clear and descriptive title. -0014: - Describe the exact steps to reproduce the problem. -0015: -0016: ### Suggesting Enhancements -0017: - Check the [Issues](https://github.com/KooshaPari/cliproxyapi-plusplus/issues) to see if the enhancement has already been suggested. -0018: - Use the [Feature Request](https://github.com/KooshaPari/cliproxyapi-plusplus/issues/new?template=feature_request.md) template. -0019: -0020: ### Pull Requests -0021: 1. Fork the repo and create your branch from `main`. -0022: 2. If you've added code that should be tested, add tests. -0023: 3. If you've changed APIs, update the documentation. -0024: 4. Ensure the test suite passes (`go test ./...`). -0025: 5. Make sure your code lints (`golangci-lint run`). -0026: -0027: #### Which repository to use? -0028: - **Third-party provider support**: Submit your PR directly to [KooshaPari/cliproxyapi-plusplus](https://github.com/KooshaPari/cliproxyapi-plusplus). -0029: - **Core logic improvements**: If the change is not specific to a third-party provider, please propose it to the [mainline project](https://github.com/router-for-me/CLIProxyAPI) first. -0030: -0031: ## Governance -0032: -0033: This project follows a community-driven governance model. Major architectural decisions are discussed in Issues before implementation. -0034: -0035: ### Path Guard -0036: We use a `pr-path-guard` to protect critical translator logic. Changes to these paths require explicit review from project maintainers to ensure security and stability. -0037: -0038: --- -0039: Thank you for your contributions! - -### FILE: README.md -0001: # cliproxyapi++ 🚀 -0002: -0003: [![Go Report Card](https://goreportcard.com/badge/github.com/KooshaPari/cliproxyapi-plusplus)](https://goreportcard.com/report/github.com/KooshaPari/cliproxyapi-plusplus) -0004: [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -0005: [![Docker Pulls](https://img.shields.io/docker/pulls/kooshapari/cliproxyapi-plusplus.svg)](https://hub.docker.com/r/kooshapari/cliproxyapi-plusplus) -0006: [![GitHub Release](https://img.shields.io/github/v/release/KooshaPari/cliproxyapi-plusplus)](https://github.com/KooshaPari/cliproxyapi-plusplus/releases) -0007: -0008: English | [中文](README_CN.md) -0009: -0010: **cliproxyapi++** is the definitive high-performance, security-hardened fork of [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI). Designed with a "Defense in Depth" philosophy and a "Library-First" architecture, it provides an OpenAI-compatible interface for proprietary LLMs with enterprise-grade stability. -0011: -0012: --- -0013: -0014: ## 🏆 Deep Dive: The `++` Advantage -0015: -0016: Why choose **cliproxyapi++** over the mainline? While the mainline focus is on open-source stability, the `++` variant is built for high-scale, production environments where security, automated lifecycle management, and broad provider support are critical. -0017: -0018: Full feature-by-feature change reference: -0019: -0020: - **[Feature Changes in ++](./docs/FEATURE_CHANGES_PLUSPLUS.md)** -0021: -0022: ### 📊 Feature Comparison Matrix -0023: -0024: | Feature | Mainline | CLIProxyAPI+ | **cliproxyapi++** | -0025: | :--- | :---: | :---: | :---: | -0026: | **Core Proxy Logic** | ✅ | ✅ | ✅ | -0027: | **Basic Provider Support** | ✅ | ✅ | ✅ | -0028: | **Standard UI** | ❌ | ✅ | ✅ | -0029: | **Advanced Auth (Kiro/Copilot)** | ❌ | ⚠️ | ✅ **(Full Support)** | -0030: | **Background Token Refresh** | ❌ | ❌ | ✅ **(Auto-Refresh)** | -0031: | **Security Hardening** | Basic | Basic | ✅ **(Enterprise-Grade)** | -0032: | **Rate Limiting & Cooldown** | ❌ | ❌ | ✅ **(Intelligent)** | -0033: | **Core Reusability** | `internal/` | `internal/` | ✅ **(`pkg/llmproxy`)** | -0034: | **CI/CD Pipeline** | Basic | Basic | ✅ **(Signed/Multi-arch)** | -0035: -0036: --- -0037: -0038: ## 🔍 Technical Differences & Hardening -0039: -0040: ### 1. Architectural Evolution: `pkg/llmproxy` -0041: Unlike the mainline which keeps its core logic in `internal/` (preventing external Go projects from importing it), **cliproxyapi++** has refactored its entire translation and proxying engine into a clean, public `pkg/llmproxy` library. -0042: * **Reusability**: Import the proxy logic directly into your own Go applications. -0043: * **Decoupling**: Configuration management is strictly separated from execution logic. -0044: -0045: ### 2. Enterprise Authentication & Lifecycle -0046: * **Full GitHub Copilot Integration**: Not just an API wrapper. `++` includes a full OAuth device flow, per-credential quota tracking, and intelligent session management. -0047: * **Kiro (AWS CodeWhisperer) 2.0**: A custom-built web UI (`/v0/oauth/kiro`) for browser-based AWS Builder ID and Identity Center logins. -0048: * **Background Token Refresh**: A dedicated worker service monitors tokens and automatically refreshes them 10 minutes before expiration, ensuring zero downtime for your agents. -0049: -0050: ### 3. Security Hardening ("Defense in Depth") -0051: * **Path Guard**: A custom GitHub Action workflow (`pr-path-guard`) that prevents any unauthorized changes to critical `internal/translator/` logic during PRs. -0052: * **Device Fingerprinting**: Generates unique, immutable device identifiers to satisfy strict provider security checks and prevent account flagging. -0053: * **Hardened Docker Base**: Built on a specific, audited Alpine 3.22.0 layer with minimal packages, reducing the potential attack surface. -0054: -0055: ### 4. High-Scale Operations -0056: * **Intelligent Cooldown**: Automated "cooling" mechanism that detects provider-side rate limits and intelligently pauses requests to specific providers while routing others. -0057: * **Unified Model Converter**: A sophisticated mapping layer that allows you to request `claude-3-5-sonnet` and have the proxy automatically handle the specific protocol requirements of the target provider (Vertex, AWS, Anthropic, etc.). -0058: -0059: --- -0060: -0061: ## 🚀 Getting Started -0062: -0063: ### Prerequisites -0064: - [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) -0065: - OR [Go 1.26+](https://golang.org/dl/) -0066: -0067: ### One-Command Deployment (Docker) -0068: -0069: ```bash -0070: # Setup deployment -0071: mkdir -p ~/cliproxy && cd ~/cliproxy -0072: curl -o config.yaml https://raw.githubusercontent.com/KooshaPari/cliproxyapi-plusplus/main/config.example.yaml -0073: -0074: # Create compose file -0075: cat > docker-compose.yml << 'EOF' -0076: services: -0077: cliproxy: -0078: image: KooshaPari/cliproxyapi-plusplus:latest -0079: container_name: cliproxyapi++ -0080: ports: ["8317:8317"] -0081: volumes: -0082: - ./config.yaml:/CLIProxyAPI/config.yaml -0083: - ./auths:/root/.cli-proxy-api -0084: - ./logs:/CLIProxyAPI/logs -0085: restart: unless-stopped -0086: EOF -0087: -0088: docker compose up -d -0089: ``` -0090: -0091: --- -0092: -0093: ## 🛠️ Advanced Usage -0094: -0095: ### Extended Provider Support -0096: `cliproxyapi++` supports a massive registry of providers out-of-the-box: -0097: * **Direct**: Claude, Gemini, OpenAI, Mistral, Groq, DeepSeek. -0098: * **Aggregators**: OpenRouter, Together AI, Fireworks AI, Novita AI, SiliconFlow. -0099: * **Proprietary**: Kiro (AWS), GitHub Copilot, Roo Code, Kilo AI, MiniMax. -0100: -0101: ### API Specification -0102: The proxy provides two main API surfaces: -0103: 1. **OpenAI Interface**: `/v1/chat/completions` and `/v1/models` (Full parity). -0104: 2. **Management Interface**: -0105: * `GET /v0/config`: Inspect current (hot-reloaded) config. -0106: * `GET /v0/oauth/kiro`: Interactive Kiro auth UI. -0107: * `GET /v0/logs`: Real-time log inspection. -0108: -0109: --- -0110: -0111: ## 🤝 Contributing -0112: -0113: We maintain strict quality gates to preserve the "hardened" status of the project: -0114: 1. **Linting**: Must pass `golangci-lint` with zero warnings. -0115: 2. **Coverage**: All new translator logic MUST include unit tests. -0116: 3. **Governance**: Changes to core `pkg/` logic require a corresponding Issue discussion. -0117: -0118: See **[CONTRIBUTING.md](CONTRIBUTING.md)** for more details. -0119: -0120: --- -0121: -0122: ## 📚 Documentation -0123: -0124: - **[Docsets](./docs/docsets/)** — Role-oriented documentation sets. -0125: - [Developer (Internal)](./docs/docsets/developer/internal/) -0126: - [Developer (External)](./docs/docsets/developer/external/) -0127: - [Technical User](./docs/docsets/user/) -0128: - [Agent Operator](./docs/docsets/agent/) -0129: - **[Feature Changes in ++](./docs/FEATURE_CHANGES_PLUSPLUS.md)** — Comprehensive list of `++` differences and impacts. -0130: - **[Docs README](./docs/README.md)** — Core docs map. -0131: -0132: --- -0133: -0134: ## 🚢 Docs Deploy -0135: -0136: Local VitePress docs: -0137: -0138: ```bash -0139: cd docs -0140: npm install -0141: npm run docs:dev -0142: npm run docs:build -0143: ``` -0144: -0145: GitHub Pages: -0146: -0147: - Workflow: `.github/workflows/vitepress-pages.yml` -0148: - URL convention: `https://.github.io/cliproxyapi-plusplus/` -0149: -0150: --- -0151: -0152: ## 📜 License -0153: -0154: Distributed under the MIT License. See [LICENSE](LICENSE) for more information. -0155: -0156: --- -0157: -0158:

-0159: Hardened AI Infrastructure for the Modern Agentic Stack.
-0160: Built with ❤️ by the community. -0161:

- -### FILE: README_CN.md -0001: # cliproxyapi++ 🚀 -0002: -0003: [![Go Report Card](https://goreportcard.com/badge/github.com/KooshaPari/cliproxyapi-plusplus)](https://goreportcard.com/report/github.com/KooshaPari/cliproxyapi-plusplus) -0004: [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -0005: [![Docker Pulls](https://img.shields.io/docker/pulls/kooshapari/cliproxyapi-plusplus.svg)](https://hub.docker.com/r/kooshapari/cliproxyapi-plusplus) -0006: [![GitHub Release](https://img.shields.io/github/v/release/KooshaPari/cliproxyapi-plusplus)](https://github.com/KooshaPari/cliproxyapi-plusplus/releases) -0007: -0008: [English](README.md) | 中文 -0009: -0010: **cliproxyapi++** 是 [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI) 的高性能、经过安全加固的终极分支版本。它秉持“纵深防御”的开发理念和“库优先”的架构设计,为多种主流及私有大模型提供 OpenAI 兼容接口,并具备企业级稳定性。 -0011: -0012: --- -0013: -0014: ## 🏆 深度对比:`++` 版本的优势 -0015: -0016: 为什么选择 **cliproxyapi++** 而不是主线版本?虽然主线版本专注于开源社区的稳定性,但 `++` 版本则是为高并发、生产级环境而设计的,在安全性、自动化生命周期管理和广泛的提供商支持方面具有显著优势。 -0017: -0018: ### 📊 功能对比矩阵 -0019: -0020: | 功能特性 | 主线版本 | CLIProxyAPI+ | **cliproxyapi++** | -0021: | :--- | :---: | :---: | :---: | -0022: | **核心代理逻辑** | ✅ | ✅ | ✅ | -0023: | **基础模型支持** | ✅ | ✅ | ✅ | -0024: | **标准 Web UI** | ❌ | ✅ | ✅ | -0025: | **高级认证 (Kiro/Copilot)** | ❌ | ⚠️ | ✅ **(完整支持)** | -0026: | **后台令牌自动刷新** | ❌ | ❌ | ✅ **(自动刷新)** | -0027: | **安全加固** | 基础 | 基础 | ✅ **(企业级)** | -0028: | **频率限制与冷却** | ❌ | ❌ | ✅ **(智能路由)** | -0029: | **核心逻辑复用** | `internal/` | `internal/` | ✅ **(`pkg/llmproxy`)** | -0030: | **CI/CD 流水线** | 基础 | 基础 | ✅ **(签名/多架构)** | -0031: -0032: --- -0033: -0034: ## 🔍 技术差异与安全加固 -0035: -0036: ### 1. 架构演进:`pkg/llmproxy` -0037: 主线版本将核心逻辑保留在 `internal/` 目录下(这会导致外部 Go 项目无法直接导入),而 **cliproxyapi++** 已将整个翻译和代理引擎重构为清晰、公开的 `pkg/llmproxy` 库。 -0038: * **可复用性**: 您可以直接在自己的 Go 应用程序中导入代理逻辑。 -0039: * **解耦**: 实现了配置管理与执行逻辑的严格分离。 -0040: -0041: ### 2. 企业级身份认证与生命周期管理 -0042: * **完整 GitHub Copilot 集成**: 不仅仅是 API 包装。`++` 包含完整的 OAuth 设备流登录、每个凭据的额度追踪以及智能会话管理。 -0043: * **Kiro (AWS CodeWhisperer) 2.0**: 提供定制化的 Web 界面 (`/v0/oauth/kiro`),支持通过浏览器进行 AWS Builder ID 和 Identity Center 登录。 -0044: * **后台令牌刷新**: 专门的后台服务实时监控令牌状态,并在过期前 10 分钟自动刷新,确保智能体任务零停机。 -0045: -0046: ### 3. 安全加固(“纵深防御”) -0047: * **路径保护 (Path Guard)**: 定制的 GitHub Action 工作流 (`pr-path-guard`),防止在 PR 过程中对关键的 `internal/translator/` 逻辑进行任何未经授权的修改。 -0048: * **设备指纹**: 生成唯一且不可变的设备标识符,以满足严格的提供商安全检查,防止账号被标记。 -0049: * **加固的 Docker 基础镜像**: 基于经过审计的 Alpine 3.22.0 层构建,仅包含最少软件包,显著降低了潜在的攻击面。 -0050: -0051: ### 4. 高规模运营支持 -0052: * **智能冷却机制**: 自动化的“冷却”系统可检测提供商端的频率限制,并智能地暂停对特定供应商的请求,同时将流量路由至其他可用节点。 -0053: * **统一模型转换器**: 复杂的映射层,允许您请求 `claude-3-5-sonnet`,而由代理自动处理目标供应商(如 Vertex、AWS、Anthropic 等)的具体协议要求。 -0054: -0055: --- -0056: -0057: ## 🚀 快速开始 -0058: -0059: ### 先决条件 -0060: - 已安装 [Docker](https://docs.docker.com/get-docker/) 和 [Docker Compose](https://docs.docker.com/compose/install/) -0061: - 或安装 [Go 1.26+](https://golang.org/dl/) -0062: -0063: ### 一键部署 (Docker) -0064: -0065: ```bash -0066: # 设置部署目录 -0067: mkdir -p ~/cliproxy && cd ~/cliproxy -0068: curl -o config.yaml https://raw.githubusercontent.com/KooshaPari/cliproxyapi-plusplus/main/config.example.yaml -0069: -0070: # 创建 compose 文件 -0071: cat > docker-compose.yml << 'EOF' -0072: services: -0073: cliproxy: -0074: image: KooshaPari/cliproxyapi-plusplus:latest -0075: container_name: cliproxyapi++ -0076: ports: ["8317:8317"] -0077: volumes: -0078: - ./config.yaml:/CLIProxyAPI/config.yaml -0079: - ./auths:/root/.cli-proxy-api -0080: - ./logs:/CLIProxyAPI/logs -0081: restart: unless-stopped -0082: EOF -0083: -0084: docker compose up -d -0085: ``` -0086: -0087: --- -0088: -0089: ## 🛠️ 高级用法 -0090: -0091: ### 扩展的供应商支持 -0092: `cliproxyapi++` 开箱即用地支持海量模型注册: -0093: * **直接接入**: Claude, Gemini, OpenAI, Mistral, Groq, DeepSeek. -0094: * **聚合器**: OpenRouter, Together AI, Fireworks AI, Novita AI, SiliconFlow. -0095: * **私有协议**: Kiro (AWS), GitHub Copilot, Roo Code, Kilo AI, MiniMax. -0096: -0097: ### API 规范 -0098: 代理提供两个主要的 API 表面: -0099: 1. **OpenAI 兼容接口**: `/v1/chat/completions` 和 `/v1/models`。 -0100: 2. **管理接口**: -0101: * `GET /v0/config`: 查看当前(支持热重载)的配置。 -0102: * `GET /v0/oauth/kiro`: 交互式 Kiro 认证界面。 -0103: * `GET /v0/logs`: 实时日志查看。 -0104: -0105: --- -0106: -0107: ## 🤝 贡献指南 -0108: -0109: 我们维持严格的质量门禁,以保持项目的“加固”状态: -0110: 1. **代码风格**: 必须通过 `golangci-lint` 检查,且无任何警告。 -0111: 2. **测试覆盖**: 所有的翻译器逻辑必须包含单元测试。 -0112: 3. **治理**: 对 `pkg/` 核心逻辑的修改需要先在 Issue 中进行讨论。 -0113: -0114: 请参阅 **[CONTRIBUTING.md](CONTRIBUTING.md)** 了解更多详情。 -0115: -0116: --- -0117: -0118: ## 📜 开源协议 -0119: -0120: 本项目根据 MIT 许可证发行。详情请参阅 [LICENSE](LICENSE) 文件。 -0121: -0122: --- -0123: -0124:

-0125: 为现代智能体技术栈打造的加固级 AI 基础设施。
-0126: 由社区倾力打造 ❤️ -0127:

- -### FILE: SECURITY.md -0001: # Security Policy -0002: -0003: ## Supported Versions -0004: -0005: | Version | Supported | -0006: | ------- | ------------------ | -0007: | 6.0.x | :white_check_mark: | -0008: | < 6.0 | :x: | -0009: -0010: ## Reporting a Vulnerability -0011: -0012: We take the security of **cliproxyapi++** seriously. If you discover a security vulnerability, please do NOT open a public issue. Instead, report it privately. -0013: -0014: Please report any security concerns directly to the maintainers at [kooshapari@gmail.com](mailto:kooshapari@gmail.com) (assuming this as the email for KooshaPari). -0015: -0016: ### What to include -0017: - A detailed description of the vulnerability. -0018: - Steps to reproduce (proof of concept). -0019: - Potential impact. -0020: - Any suggested fixes or mitigations. -0021: -0022: We will acknowledge your report within 48 hours and provide a timeline for resolution. -0023: -0024: ## Hardening Measures -0025: -0026: **cliproxyapi++** incorporates several security-hardening features: -0027: -0028: - **Minimal Docker Images**: Based on Alpine Linux to reduce attack surface. -0029: - **Path Guard**: GitHub Actions that monitor and protect critical translation and core logic files. -0030: - **Rate Limiting**: Built-in mechanisms to prevent DoS attacks. -0031: - **Device Fingerprinting**: Enhanced authentication security using device-specific metadata. -0032: - **Dependency Scanning**: Automatic scanning for vulnerable Go modules. -0033: -0034: --- -0035: Thank you for helping keep the community secure! - -### FILE: Taskfile.yml -0001: # Taskfile for cliproxyapi++ -0002: # Unified DX for building, testing, and managing the proxy. -0003: -0004: version: '3' -0005: -0006: vars: -0007: BINARY_NAME: cliproxyapi++ -0008: DOCKER_IMAGE: kooshapari/cliproxyapi-plusplus -0009: GO_FILES: -0010: sh: find . -name "*.go" | grep -v "vendor" -0011: -0012: tasks: -0013: default: -0014: cmds: -0015: - task --list -0016: silent: true -0017: -0018: # -- Build & Run -- -0019: build: -0020: desc: "Build the cliproxyapi++ binary" -0021: cmds: -0022: - go build -o {{.BINARY_NAME}} ./cmd/server -0023: sources: -0024: - "**/*.go" -0025: - "go.mod" -0026: - "go.sum" -0027: generates: -0028: - "{{.BINARY_NAME}}" -0029: -0030: run: -0031: desc: "Run the proxy locally with default config" -0032: deps: [build] -0033: cmds: -0034: - ./{{.BINARY_NAME}} --config config.example.yaml -0035: -0036: # -- Testing & Quality -- -0037: test: -0038: desc: "Run all Go tests" -0039: cmds: -0040: - go test -v ./... -0041: -0042: lint: -0043: desc: "Run golangci-lint" -0044: cmds: -0045: - golangci-lint run ./... -0046: -0047: tidy: -0048: desc: "Tidy Go modules" -0049: cmds: -0050: - go mod tidy -0051: -0052: # -- Docker Operations -- -0053: docker:build: -0054: desc: "Build Docker image locally" -0055: cmds: -0056: - docker build -t {{.DOCKER_IMAGE}}:local . -0057: -0058: docker:run: -0059: desc: "Run proxy via Docker" -0060: cmds: -0061: - docker compose up -d -0062: -0063: docker:stop: -0064: desc: "Stop Docker proxy" -0065: cmds: -0066: - docker compose down -0067: -0068: # -- Health & Diagnostics (UX/DX) -- -0069: doctor: -0070: desc: "Check environment health for cliproxyapi++" -0071: cmds: -0072: - | -0073: echo "Checking Go version..." -0074: go version -0075: echo "Checking dependencies..." -0076: if [ ! -f go.mod ]; then echo "❌ go.mod missing"; exit 1; fi -0077: echo "Checking config template..." -0078: if [ ! -f config.example.yaml ]; then echo "❌ config.example.yaml missing"; exit 1; fi -0079: echo "Checking Docker..." -0080: docker --version || echo "⚠️ Docker not installed" -0081: echo "✅ cliproxyapi++ environment looks healthy!" -0082: -0083: # -- Agent Experience (AX) -- -0084: ax:spec: -0085: desc: "Generate or verify agent-readable specs" -0086: cmds: -0087: - echo "Checking for llms.txt..." -0088: - if [ ! -f llms.txt ]; then echo "⚠️ llms.txt missing"; else echo "✅ llms.txt present"; fi - -### FILE: cmd/codegen/main.go -0001: package main -0002: -0003: import ( -0004: "bytes" -0005: "encoding/json" -0006: "fmt" -0007: "go/format" -0008: "log" -0009: "os" -0010: "path/filepath" -0011: "strings" -0012: "text/template" -0013: ) -0014: -0015: type ProviderSpec struct { -0016: Name string `json:"name"` -0017: YAMLKey string `json:"yaml_key"` -0018: GoName string `json:"go_name"` -0019: BaseURL string `json:"base_url"` -0020: EnvVars []string `json:"env_vars"` -0021: DefaultModels []OpenAICompatibilityModel `json:"default_models"` -0022: } -0023: -0024: type OpenAICompatibilityModel struct { -0025: Name string `json:"name"` -0026: Alias string `json:"alias"` -0027: } -0028: -0029: const configTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -0030: package config -0031: -0032: import "strings" -0033: -0034: // GeneratedConfig contains generated config fields for dedicated providers. -0035: type GeneratedConfig struct { -0036: {{- range .Providers }} -0037: {{- if .YAMLKey }} -0038: // {{ .Name | goTitle }}Key defines {{ .Name | goTitle }} configurations. -0039: {{ .Name | goTitle }}Key []{{ .Name | goTitle }}Key {{ printf "` + "`" + `yaml:\"%s\" json:\"%s\"` + "`" + `" .YAMLKey .YAMLKey }} -0040: {{- end }} -0041: {{- end }} -0042: } -0043: -0044: {{ range .Providers }} -0045: {{- if .YAMLKey }} -0046: // {{ .Name | goTitle }}Key is a type alias for OAICompatProviderConfig for the {{ .Name }} provider. -0047: type {{ .Name | goTitle }}Key = OAICompatProviderConfig -0048: {{- end }} -0049: {{- end }} -0050: -0051: // SanitizeGeneratedProviders trims whitespace from generated provider credential fields. -0052: func (cfg *Config) SanitizeGeneratedProviders() { -0053: if cfg == nil { -0054: return -0055: } -0056: {{- range .Providers }} -0057: {{- if .YAMLKey }} -0058: for i := range cfg.{{ .Name | goTitle }}Key { -0059: entry := &cfg.{{ .Name | goTitle }}Key[i] -0060: entry.TokenFile = strings.TrimSpace(entry.TokenFile) -0061: entry.APIKey = strings.TrimSpace(entry.APIKey) -0062: entry.BaseURL = strings.TrimSpace(entry.BaseURL) -0063: entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) -0064: } -0065: {{- end }} -0066: {{- end }} -0067: } -0068: ` -0069: -0070: const synthTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -0071: package synthesizer -0072: -0073: import ( -0074: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0075: ) -0076: -0077: // getDedicatedProviderEntries returns the config entries for a dedicated provider. -0078: func (s *ConfigSynthesizer) getDedicatedProviderEntries(p config.ProviderSpec, cfg *config.Config) []config.OAICompatProviderConfig { -0079: switch p.YAMLKey { -0080: {{- range .Providers }} -0081: {{- if .YAMLKey }} -0082: case "{{ .YAMLKey }}": -0083: return cfg.{{ .Name | goTitle }}Key -0084: {{- end }} -0085: {{- end }} -0086: } -0087: return nil -0088: } -0089: ` -0090: -0091: const registryTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -0092: package config -0093: -0094: // AllProviders defines the registry of all supported LLM providers. -0095: // This is the source of truth for generated config fields and synthesizers. -0096: var AllProviders = []ProviderSpec{ -0097: {{- range .Providers }} -0098: { -0099: Name: "{{ .Name }}", -0100: YAMLKey: "{{ .YAMLKey }}", -0101: GoName: "{{ .GoName }}", -0102: BaseURL: "{{ .BaseURL }}", -0103: {{- if .EnvVars }} -0104: EnvVars: []string{ -0105: {{- range .EnvVars }}"{{ . }}",{{ end -}} -0106: }, -0107: {{- end }} -0108: {{- if .DefaultModels }} -0109: DefaultModels: []OpenAICompatibilityModel{ -0110: {{- range .DefaultModels }} -0111: {Name: "{{ .Name }}", Alias: "{{ .Alias }}"}, -0112: {{- end }} -0113: }, -0114: {{- end }} -0115: }, -0116: {{- end }} -0117: } -0118: ` -0119: -0120: const diffTemplate = `// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -0121: package diff -0122: -0123: import ( -0124: "fmt" -0125: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0126: ) -0127: -0128: // BuildConfigChangeDetailsGeneratedProviders computes changes for generated dedicated providers. -0129: func BuildConfigChangeDetailsGeneratedProviders(oldCfg, newCfg *config.Config, changes *[]string) { -0130: {{- range .Providers }} -0131: {{- if .YAMLKey }} -0132: if len(oldCfg.{{ .Name | goTitle }}Key) != len(newCfg.{{ .Name | goTitle }}Key) { -0133: *changes = append(*changes, fmt.Sprintf("{{ .Name }}: count %d -> %d", len(oldCfg.{{ .Name | goTitle }}Key), len(newCfg.{{ .Name | goTitle }}Key))) -0134: } -0135: {{- end }} -0136: {{- end }} -0137: } -0138: ` -0139: -0140: func main() { -0141: jsonPath := "pkg/llmproxy/config/providers.json" -0142: configDir := "pkg/llmproxy/config" -0143: authDir := "pkg/llmproxy/auth" -0144: -0145: if _, err := os.Stat(jsonPath); os.IsNotExist(err) { -0146: // Try fallback for when run from within the config directory -0147: jsonPath = "providers.json" -0148: configDir = "." -0149: authDir = "../auth" -0150: } -0151: -0152: data, err := os.ReadFile(jsonPath) -0153: if err != nil { -0154: log.Fatalf("failed to read providers.json from %s: %v", jsonPath, err) -0155: } -0156: -0157: var providers []ProviderSpec -0158: if err := json.Unmarshal(data, &providers); err != nil { -0159: log.Fatalf("failed to unmarshal providers: %v", err) -0160: } - -### FILE: cmd/server/main.go -0001: // Package main provides the entry point for the CLI Proxy API server. -0002: // This server acts as a proxy that provides OpenAI/Gemini/Claude compatible API interfaces -0003: // for CLI models, allowing CLI models to be used with tools and libraries designed for standard AI APIs. -0004: package main -0005: -0006: import ( -0007: "context" -0008: "errors" -0009: "flag" -0010: "fmt" -0011: "io" -0012: "io/fs" -0013: "net/url" -0014: "os" -0015: "path/filepath" -0016: "strings" -0017: "time" -0018: -0019: "github.com/joho/godotenv" -0020: configaccess "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/access/config_access" -0021: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" -0022: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/buildinfo" -0023: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd" -0024: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0025: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" -0026: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/managementasset" -0027: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -0028: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/store" -0029: _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator" -0030: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/tui" -0031: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/usage" -0032: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -0033: sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" -0034: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0035: log "github.com/sirupsen/logrus" -0036: ) -0037: -0038: var ( -0039: Version = "dev" -0040: Commit = "none" -0041: BuildDate = "unknown" -0042: DefaultConfigPath = "" -0043: ) -0044: -0045: // init initializes the shared logger setup. -0046: func init() { -0047: logging.SetupBaseLogger() -0048: buildinfo.Version = Version -0049: buildinfo.Commit = Commit -0050: buildinfo.BuildDate = BuildDate -0051: } -0052: -0053: // setKiroIncognitoMode sets the incognito browser mode for Kiro authentication. -0054: // Kiro defaults to incognito mode for multi-account support. -0055: // Users can explicitly override with --incognito or --no-incognito flags. -0056: func setKiroIncognitoMode(cfg *config.Config, useIncognito, noIncognito bool) { -0057: if useIncognito { -0058: cfg.IncognitoBrowser = true -0059: } else if noIncognito { -0060: cfg.IncognitoBrowser = false -0061: } else { -0062: cfg.IncognitoBrowser = true // Kiro default -0063: } -0064: } -0065: -0066: // main is the entry point of the application. -0067: // It parses command-line flags, loads configuration, and starts the appropriate -0068: // service based on the provided flags (login, codex-login, or server mode). -0069: func main() { -0070: fmt.Printf("CLIProxyAPI Version: %s, Commit: %s, BuiltAt: %s\n", buildinfo.Version, buildinfo.Commit, buildinfo.BuildDate) -0071: -0072: // Command-line flags to control the application's behavior. -0073: var login bool -0074: var codexLogin bool -0075: var claudeLogin bool -0076: var qwenLogin bool -0077: var kiloLogin bool -0078: var iflowLogin bool -0079: var iflowCookie bool -0080: var noBrowser bool -0081: var oauthCallbackPort int -0082: var antigravityLogin bool -0083: var kimiLogin bool -0084: var kiroLogin bool -0085: var kiroGoogleLogin bool -0086: var kiroAWSLogin bool -0087: var kiroAWSAuthCode bool -0088: var kiroImport bool -0089: var githubCopilotLogin bool -0090: var rooLogin bool -0091: var minimaxLogin bool -0092: var deepseekLogin bool -0093: var groqLogin bool -0094: var mistralLogin bool -0095: var siliconflowLogin bool -0096: var openrouterLogin bool -0097: var togetherLogin bool -0098: var fireworksLogin bool -0099: var novitaLogin bool -0100: var projectID string -0101: var vertexImport string -0102: var configPath string -0103: var password string -0104: var tuiMode bool -0105: var standalone bool -0106: var noIncognito bool -0107: var useIncognito bool -0108: -0109: // Define command-line flags for different operation modes. -0110: flag.BoolVar(&login, "login", false, "Login Google Account") -0111: flag.BoolVar(&codexLogin, "codex-login", false, "Login to Codex using OAuth") -0112: flag.BoolVar(&claudeLogin, "claude-login", false, "Login to Claude using OAuth") -0113: flag.BoolVar(&qwenLogin, "qwen-login", false, "Login to Qwen using OAuth") -0114: flag.BoolVar(&kiloLogin, "kilo-login", false, "Login to Kilo AI using device flow") -0115: flag.BoolVar(&iflowLogin, "iflow-login", false, "Login to iFlow using OAuth") -0116: flag.BoolVar(&iflowCookie, "iflow-cookie", false, "Login to iFlow using Cookie") -0117: flag.BoolVar(&noBrowser, "no-browser", false, "Don't open browser automatically for OAuth") -0118: flag.IntVar(&oauthCallbackPort, "oauth-callback-port", 0, "Override OAuth callback port (defaults to provider-specific port)") -0119: flag.BoolVar(&useIncognito, "incognito", false, "Open browser in incognito/private mode for OAuth (useful for multiple accounts)") -0120: flag.BoolVar(&noIncognito, "no-incognito", false, "Force disable incognito mode (uses existing browser session)") -0121: flag.BoolVar(&antigravityLogin, "antigravity-login", false, "Login to Antigravity using OAuth") -0122: flag.BoolVar(&kimiLogin, "kimi-login", false, "Login to Kimi using OAuth") -0123: flag.BoolVar(&kiroLogin, "kiro-login", false, "Login to Kiro using Google OAuth") -0124: flag.BoolVar(&kiroGoogleLogin, "kiro-google-login", false, "Login to Kiro using Google OAuth (same as --kiro-login)") -0125: flag.BoolVar(&kiroAWSLogin, "kiro-aws-login", false, "Login to Kiro using AWS Builder ID (device code flow)") -0126: flag.BoolVar(&kiroAWSAuthCode, "kiro-aws-authcode", false, "Login to Kiro using AWS Builder ID (authorization code flow, better UX)") -0127: flag.BoolVar(&kiroImport, "kiro-import", false, "Import Kiro token from Kiro IDE (~/.aws/sso/cache/kiro-auth-token.json)") -0128: flag.BoolVar(&githubCopilotLogin, "github-copilot-login", false, "Login to GitHub Copilot using device flow") -0129: flag.BoolVar(&rooLogin, "roo-login", false, "Login to Roo Code (runs roo auth login)") -0130: flag.BoolVar(&minimaxLogin, "minimax-login", false, "MiniMax config instructions (add minimax: block with api-key)") -0131: flag.BoolVar(&deepseekLogin, "deepseek-login", false, "Login to DeepSeek using API key (stored in auth-dir)") -0132: flag.BoolVar(&groqLogin, "groq-login", false, "Login to Groq using API key (stored in auth-dir)") -0133: flag.BoolVar(&mistralLogin, "mistral-login", false, "Login to Mistral using API key (stored in auth-dir)") -0134: flag.BoolVar(&siliconflowLogin, "siliconflow-login", false, "Login to SiliconFlow using API key (stored in auth-dir)") -0135: flag.BoolVar(&openrouterLogin, "openrouter-login", false, "Login to OpenRouter using API key (stored in auth-dir)") -0136: flag.BoolVar(&togetherLogin, "together-login", false, "Login to Together AI using API key (stored in auth-dir)") -0137: flag.BoolVar(&fireworksLogin, "fireworks-login", false, "Login to Fireworks AI using API key (stored in auth-dir)") -0138: flag.BoolVar(&novitaLogin, "novita-login", false, "Login to Novita AI using API key (stored in auth-dir)") -0139: flag.StringVar(&projectID, "project_id", "", "Project ID (Gemini only, not required)") -0140: flag.StringVar(&configPath, "config", DefaultConfigPath, "Configure File Path") -0141: flag.StringVar(&vertexImport, "vertex-import", "", "Import Vertex service account key JSON file") -0142: flag.StringVar(&password, "password", "", "") -0143: flag.BoolVar(&tuiMode, "tui", false, "Start with terminal management UI") -0144: flag.BoolVar(&standalone, "standalone", false, "In TUI mode, start an embedded local server") -0145: -0146: flag.CommandLine.Usage = func() { -0147: out := flag.CommandLine.Output() -0148: _, _ = fmt.Fprintf(out, "Usage of %s\n", os.Args[0]) -0149: flag.CommandLine.VisitAll(func(f *flag.Flag) { -0150: if f.Name == "password" { -0151: return -0152: } -0153: s := fmt.Sprintf(" -%s", f.Name) -0154: name, unquoteUsage := flag.UnquoteUsage(f) -0155: if name != "" { -0156: s += " " + name -0157: } -0158: if len(s) <= 4 { -0159: s += " " -0160: } else { - -### FILE: config.example.yaml -0001: # Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6). -0002: # Use "127.0.0.1" or "localhost" to restrict access to local machine only. -0003: host: "" -0004: -0005: # Server port -0006: port: 8317 -0007: -0008: # TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key. -0009: tls: -0010: enable: false -0011: cert: "" -0012: key: "" -0013: -0014: # Management API settings -0015: remote-management: -0016: # Whether to allow remote (non-localhost) management access. -0017: # When false, only localhost can access management endpoints (a key is still required). -0018: allow-remote: false -0019: -0020: # Management key. If a plaintext value is provided here, it will be hashed on startup. -0021: # All management requests (even from localhost) require this key. -0022: # Leave empty to disable the Management API entirely (404 for all /v0/management routes). -0023: secret-key: "" -0024: -0025: # Disable the bundled management control panel asset download and HTTP route when true. -0026: disable-control-panel: false -0027: -0028: # GitHub repository for the management control panel. Accepts a repository URL or releases API URL. -0029: panel-github-repository: "https://github.com/router-for-me/Cli-Proxy-API-Management-Center" -0030: -0031: # Authentication directory (supports ~ for home directory) -0032: auth-dir: "~/.cli-proxy-api" -0033: -0034: # API keys for authentication -0035: api-keys: -0036: - "your-api-key-1" -0037: - "your-api-key-2" -0038: - "your-api-key-3" -0039: -0040: # Enable debug logging -0041: debug: false -0042: -0043: # Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety. -0044: pprof: -0045: enable: false -0046: addr: "127.0.0.1:8316" -0047: -0048: # When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency. -0049: commercial-mode: false -0050: -0051: # Open OAuth URLs in incognito/private browser mode. -0052: # Useful when you want to login with a different account without logging out from your current session. -0053: # Default: false (but Kiro auth defaults to true for multi-account support) -0054: incognito-browser: true -0055: -0056: # When true, write application logs to rotating files instead of stdout -0057: logging-to-file: false -0058: -0059: # Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log -0060: # files are deleted until within the limit. Set to 0 to disable. -0061: logs-max-total-size-mb: 0 -0062: -0063: # Maximum number of error log files retained when request logging is disabled. -0064: # When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. -0065: error-logs-max-files: 10 -0066: -0067: # When false, disable in-memory usage statistics aggregation -0068: usage-statistics-enabled: false -0069: -0070: # Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/ -0071: proxy-url: "" -0072: -0073: # When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name). -0074: force-model-prefix: false -0075: -0076: # Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504. -0077: request-retry: 3 -0078: -0079: # Maximum wait time in seconds for a cooled-down credential before triggering a retry. -0080: max-retry-interval: 30 -0081: -0082: # Quota exceeded behavior -0083: quota-exceeded: -0084: switch-project: true # Whether to automatically switch to another project when a quota is exceeded -0085: switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded -0086: -0087: # Routing strategy for selecting credentials when multiple match. -0088: routing: -0089: strategy: "round-robin" # round-robin (default), fill-first -0090: -0091: # When true, enable authentication for the WebSocket API (/v1/ws). -0092: ws-auth: false -0093: -0094: # When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts. -0095: nonstream-keepalive-interval: 0 -0096: -0097: # Streaming behavior (SSE keep-alives + safe bootstrap retries). -0098: # streaming: -0099: # keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives. -0100: # bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent. -0101: -0102: # Gemini API keys -0103: # gemini-api-key: -0104: # - api-key: "AIzaSy...01" -0105: # prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential -0106: # base-url: "https://generativelanguage.googleapis.com" -0107: # headers: -0108: # X-Custom-Header: "custom-value" -0109: # proxy-url: "socks5://proxy.example.com:1080" -0110: # models: -0111: # - name: "gemini-2.5-flash" # upstream model name -0112: # alias: "gemini-flash" # client alias mapped to the upstream model -0113: # excluded-models: -0114: # - "gemini-2.5-pro" # exclude specific models from this provider (exact match) -0115: # - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) -0116: # - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) -0117: # - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) -0118: # - api-key: "AIzaSy...02" -0119: -0120: # Codex API keys - -### FILE: docker-build.ps1 -0001: # build.ps1 - Windows PowerShell Build Script -0002: # -0003: # This script automates the process of building and running the Docker container -0004: # with version information dynamically injected at build time. -0005: -0006: # Stop script execution on any error -0007: $ErrorActionPreference = "Stop" -0008: -0009: # --- Step 1: Choose Environment --- -0010: Write-Host "Please select an option:" -0011: Write-Host "1) Run using Pre-built Image (Recommended)" -0012: Write-Host "2) Build from Source and Run (For Developers)" -0013: $choice = Read-Host -Prompt "Enter choice [1-2]" -0014: -0015: # --- Step 2: Execute based on choice --- -0016: switch ($choice) { -0017: "1" { -0018: Write-Host "--- Running with Pre-built Image ---" -0019: docker compose up -d --remove-orphans --no-build -0020: Write-Host "Services are starting from remote image." -0021: Write-Host "Run 'docker compose logs -f' to see the logs." -0022: } -0023: "2" { -0024: Write-Host "--- Building from Source and Running ---" -0025: -0026: # Get Version Information -0027: $VERSION = (git describe --tags --always --dirty) -0028: $COMMIT = (git rev-parse --short HEAD) -0029: $BUILD_DATE = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") -0030: -0031: Write-Host "Building with the following info:" -0032: Write-Host " Version: $VERSION" -0033: Write-Host " Commit: $COMMIT" -0034: Write-Host " Build Date: $BUILD_DATE" -0035: Write-Host "----------------------------------------" -0036: -0037: # Build and start the services with a local-only image tag -0038: $env:CLI_PROXY_IMAGE = "cli-proxy-api:local" -0039: -0040: Write-Host "Building the Docker image..." -0041: docker compose build --build-arg VERSION=$VERSION --build-arg COMMIT=$COMMIT --build-arg BUILD_DATE=$BUILD_DATE -0042: -0043: Write-Host "Starting the services..." -0044: docker compose up -d --remove-orphans --pull never -0045: -0046: Write-Host "Build complete. Services are starting." -0047: Write-Host "Run 'docker compose logs -f' to see the logs." -0048: } -0049: default { -0050: Write-Host "Invalid choice. Please enter 1 or 2." -0051: exit 1 -0052: } -0053: } - -### FILE: docker-build.sh -0001: #!/usr/bin/env bash -0002: # -0003: # build.sh - Linux/macOS Build Script -0004: # -0005: # This script automates the process of building and running the Docker container -0006: # with version information dynamically injected at build time. -0007: -0008: # Hidden feature: Preserve usage statistics across rebuilds -0009: # Usage: ./docker-build.sh --with-usage -0010: # First run prompts for management API key, saved to temp/stats/.api_secret -0011: -0012: set -euo pipefail -0013: -0014: STATS_DIR="temp/stats" -0015: STATS_FILE="${STATS_DIR}/.usage_backup.json" -0016: SECRET_FILE="${STATS_DIR}/.api_secret" -0017: WITH_USAGE=false -0018: -0019: get_port() { -0020: if [[ -f "config.yaml" ]]; then -0021: grep -E "^port:" config.yaml | sed -E 's/^port: *["'"'"']?([0-9]+)["'"'"']?.*$/\1/' -0022: else -0023: echo "8317" -0024: fi -0025: } -0026: -0027: export_stats_api_secret() { -0028: if [[ -f "${SECRET_FILE}" ]]; then -0029: API_SECRET=$(cat "${SECRET_FILE}") -0030: else -0031: if [[ ! -d "${STATS_DIR}" ]]; then -0032: mkdir -p "${STATS_DIR}" -0033: fi -0034: echo "First time using --with-usage. Management API key required." -0035: read -r -p "Enter management key: " -s API_SECRET -0036: echo -0037: echo "${API_SECRET}" > "${SECRET_FILE}" -0038: chmod 600 "${SECRET_FILE}" -0039: fi -0040: } -0041: -0042: check_container_running() { -0043: local port -0044: port=$(get_port) -0045: -0046: if ! curl -s -o /dev/null -w "%{http_code}" "http://localhost:${port}/" | grep -q "200"; then -0047: echo "Error: cli-proxy-api service is not responding at localhost:${port}" -0048: echo "Please start the container first or use without --with-usage flag." -0049: exit 1 -0050: fi -0051: } -0052: -0053: export_stats() { -0054: local port -0055: port=$(get_port) -0056: -0057: if [[ ! -d "${STATS_DIR}" ]]; then -0058: mkdir -p "${STATS_DIR}" -0059: fi -0060: check_container_running -0061: echo "Exporting usage statistics..." -0062: EXPORT_RESPONSE=$(curl -s -w "\n%{http_code}" -H "X-Management-Key: ${API_SECRET}" \ -0063: "http://localhost:${port}/v0/management/usage/export") -0064: HTTP_CODE=$(echo "${EXPORT_RESPONSE}" | tail -n1) -0065: RESPONSE_BODY=$(echo "${EXPORT_RESPONSE}" | sed '$d') -0066: -0067: if [[ "${HTTP_CODE}" != "200" ]]; then -0068: echo "Export failed (HTTP ${HTTP_CODE}): ${RESPONSE_BODY}" -0069: exit 1 -0070: fi -0071: -0072: echo "${RESPONSE_BODY}" > "${STATS_FILE}" -0073: echo "Statistics exported to ${STATS_FILE}" -0074: } -0075: -0076: import_stats() { -0077: local port -0078: port=$(get_port) -0079: -0080: echo "Importing usage statistics..." -0081: IMPORT_RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \ -0082: -H "X-Management-Key: ${API_SECRET}" \ -0083: -H "Content-Type: application/json" \ -0084: -d @"${STATS_FILE}" \ -0085: "http://localhost:${port}/v0/management/usage/import") -0086: IMPORT_CODE=$(echo "${IMPORT_RESPONSE}" | tail -n1) -0087: IMPORT_BODY=$(echo "${IMPORT_RESPONSE}" | sed '$d') -0088: -0089: if [[ "${IMPORT_CODE}" == "200" ]]; then -0090: echo "Statistics imported successfully" -0091: else -0092: echo "Import failed (HTTP ${IMPORT_CODE}): ${IMPORT_BODY}" -0093: fi -0094: -0095: rm -f "${STATS_FILE}" -0096: } -0097: -0098: wait_for_service() { -0099: local port -0100: port=$(get_port) -0101: -0102: echo "Waiting for service to be ready..." -0103: for i in {1..30}; do -0104: if curl -s -o /dev/null -w "%{http_code}" "http://localhost:${port}/" | grep -q "200"; then -0105: break -0106: fi -0107: sleep 1 -0108: done -0109: sleep 2 -0110: } -0111: -0112: if [[ "${1:-}" == "--with-usage" ]]; then -0113: WITH_USAGE=true -0114: export_stats_api_secret -0115: fi -0116: -0117: # --- Step 1: Choose Environment --- -0118: echo "Please select an option:" -0119: echo "1) Run using Pre-built Image (Recommended)" -0120: echo "2) Build from Source and Run (For Developers)" - -### FILE: docker-compose.yml -0001: services: -0002: cli-proxy-api: -0003: image: ${CLI_PROXY_IMAGE:-KooshaPari/cliproxyapi-plusplus:latest} -0004: pull_policy: always -0005: build: -0006: context: . -0007: dockerfile: Dockerfile -0008: args: -0009: VERSION: ${VERSION:-dev} -0010: COMMIT: ${COMMIT:-none} -0011: BUILD_DATE: ${BUILD_DATE:-unknown} -0012: container_name: cliproxyapi++ -0013: # env_file: -0014: # - .env -0015: environment: -0016: DEPLOY: ${DEPLOY:-} -0017: ports: -0018: - "8317:8317" -0019: - "8085:8085" -0020: - "1455:1455" -0021: - "54545:54545" -0022: - "51121:51121" -0023: - "11451:11451" -0024: volumes: -0025: - ${CLI_PROXY_CONFIG_PATH:-./config.yaml}:/CLIProxyAPI/config.yaml -0026: - ${CLI_PROXY_AUTH_PATH:-./auths}:/root/.cli-proxy-api -0027: - ${CLI_PROXY_LOG_PATH:-./logs}:/CLIProxyAPI/logs -0028: restart: unless-stopped - -### FILE: docs/.vitepress/config.ts -0001: import { defineConfig } from "vitepress"; -0002: -0003: const repo = process.env.GITHUB_REPOSITORY?.split("/")[1] ?? "cliproxyapi-plusplus"; -0004: const isCI = process.env.GITHUB_ACTIONS === "true"; -0005: -0006: export default defineConfig({ -0007: title: "cliproxy++", -0008: description: "cliproxyapi-plusplus documentation", -0009: base: isCI ? `/${repo}/` : "/", -0010: cleanUrls: true, -0011: ignoreDeadLinks: true, -0012: themeConfig: { -0013: nav: [ -0014: { text: "Home", link: "/" }, -0015: { text: "API", link: "/api/" }, -0016: { text: "Features", link: "/features/" } -0017: ], -0018: socialLinks: [ -0019: { icon: "github", link: "https://github.com/kooshapari/cliproxyapi-plusplus" } -0020: ] -0021: } -0022: }); - -### FILE: docs/FEATURE_CHANGES_PLUSPLUS.md -0001: # cliproxyapi++ Feature Change Reference (`++` vs baseline) -0002: -0003: This document explains what changed in `cliproxyapi++`, why it changed, and how it affects users, integrators, and maintainers. -0004: -0005: ## 1. Architecture Changes -0006: -0007: | Change | What changed in `++` | Why it matters | -0008: |---|---|---| -0009: | Reusable proxy core | Translation and proxy runtime are structured for reusability (`pkg/llmproxy`) | Enables embedding proxy logic into other Go systems and keeps runtime boundaries cleaner | -0010: | Stronger module boundaries | Operational and integration concerns are separated from API surface orchestration | Easier upgrades, clearer ownership, lower accidental coupling | -0011: -0012: ## 2. Authentication and Identity Changes -0013: -0014: | Change | What changed in `++` | Why it matters | -0015: |---|---|---| -0016: | Copilot-grade auth support | Extended auth handling for enterprise Copilot-style workflows | More stable integration for organizations depending on tokenized auth stacks | -0017: | Kiro/AWS login path support | Additional OAuth/login handling pathways and operational UX around auth | Better compatibility for multi-provider enterprise environments | -0018: | Token lifecycle automation | Background refresh and expiration handling | Reduces downtime from token expiry and manual auth recovery | -0019: -0020: ## 3. Provider and Model Routing Changes -0021: -0022: | Change | What changed in `++` | Why it matters | -0023: |---|---|---| -0024: | Broader provider matrix | Expanded provider adapter and model mapping surfaces | More routing options without changing client-side OpenAI API integrations | -0025: | Unified model translation | Stronger mapping between OpenAI-style model requests and provider-native model names | Lower integration friction and fewer provider mismatch errors | -0026: | Cooldown and throttling controls | Runtime controls for rate-limit pressure and provider-specific cooldown windows | Better stability under burst traffic and quota pressure | -0027: -0028: ## 4. Security and Governance Changes -0029: -0030: | Change | What changed in `++` | Why it matters | -0031: |---|---|---| -0032: | Defense-in-depth hardening | Added stricter operational defaults and hardened deployment assumptions | Safer default posture in production environments | -0033: | Protected core path governance | Workflow-level controls around critical core logic paths | Reduces accidental regressions in proxy translation internals | -0034: | Device and session consistency controls | Deterministic identity/session behavior for strict provider checks | Fewer auth anomalies in long-running deployments | -0035: -0036: ## 5. Operations and Delivery Changes -0037: -0038: | Change | What changed in `++` | Why it matters | -0039: |---|---|---| -0040: | Stronger CI/CD posture | Expanded release, build, and guard workflows | Faster detection of regressions and safer release cadence | -0041: | Multi-arch/container focus | Production deployment paths optimized for container-first ops | Better portability across heterogeneous infra | -0042: | Runtime observability surfaces | Improved log and management endpoints | Easier production debugging and incident response | -0043: -0044: ## 6. API and Compatibility Surface -0045: -0046: | Change | What changed in `++` | Why it matters | -0047: |---|---|---| -0048: | OpenAI-compatible core retained | `/v1/chat/completions` and `/v1/models` compatibility maintained | Existing OpenAI-style clients can migrate with minimal API churn | -0049: | Expanded management endpoints | Added operational surfaces for config/auth/runtime introspection | Better operations UX without changing core client API | -0050: -0051: ## 7. Migration Impact Summary -0052: -0053: - **Technical users**: gain higher operational stability, better auth longevity, and stronger multi-provider behavior. -0054: - **External integrators**: keep OpenAI-compatible interfaces while gaining wider provider compatibility. -0055: - **Internal maintainers**: get cleaner subsystem boundaries and stronger guardrails for production evolution. - -### FILE: docs/README.md -0001: # cliproxyapi++ Documentation Index -0002: -0003: Welcome to the comprehensive documentation for **cliproxyapi++**, the definitive high-performance, security-hardened fork of CLIProxyAPI. -0004: -0005: ## 📚 Documentation Structure -0006: -0007: This documentation is organized into docsets for each major feature area, with three types of documentation for each: -0008: -0009: - **SPEC.md** - Technical specifications for developers and contributors -0010: - **USER.md** - User guides for operators and developers using the system -0011: - **DEV.md** - Developer guides for extending and customizing the system -0012: -0013: ## 🚀 Quick Start -0014: -0015: **New to cliproxyapi++?** Start here: -0016: - [Main README](../README.md) - Project overview and quick start -0017: - [Getting Started](#getting-started) - Basic setup and first request -0018: -0019: **Using as a library?** See: -0020: - [Library-First Architecture](features/architecture/USER.md) - Embedding in your Go app -0021: -0022: **Deploying to production?** See: -0023: - [Security Hardening](features/security/USER.md) - Security best practices -0024: - [High-Scale Operations](features/operations/USER.md) - Production deployment guide -0025: -0026: ## 📖 Feature Documentation -0027: -0028: ### 1. Library-First Architecture -0029: -0030: **Overview**: The core proxy logic is packaged as a reusable Go library (`pkg/llmproxy`), enabling external Go applications to embed translation, authentication, and provider communication directly. -0031: -0032: - **[Technical Spec](features/architecture/SPEC.md)** - Architecture design, component breakdown, data flows -0033: - **[User Guide](features/architecture/USER.md)** - Quick start, embedding, custom translators -0034: - **[Developer Guide](features/architecture/DEV.md)** - Adding providers, implementing auth flows, performance optimization -0035: -0036: **Key Features**: -0037: - Reusable `pkg/llmproxy` library -0038: - Hot-reload configuration management -0039: - Background token refresh worker -0040: - Custom auth flow support -0041: - Extension points for customization -0042: -0043: ### 2. Enterprise Authentication -0044: -0045: **Overview**: Enterprise-grade authentication management with full lifecycle automation, supporting multiple authentication flows (API keys, OAuth, device authorization). -0046: -0047: - **[Technical Spec](features/auth/SPEC.md)** - Auth architecture, flow implementations, token refresh -0048: - **[User Guide](features/auth/USER.md)** - Adding credentials, multi-credential management, quota tracking -0049: -0050: **Key Features**: -0051: - API key, OAuth 2.0, and device authorization flows -0052: - Automatic token refresh (10 minutes before expiration) -0053: - Multi-credential support with load balancing -0054: - Per-credential quota tracking and rotation -0055: - Encrypted credential storage (optional) -0056: -0057: ### 3. Security Hardening -0058: -0059: **Overview**: "Defense in Depth" security philosophy with multiple layers of protection. -0060: -0061: - **[Technical Spec](features/security/SPEC.md)** - Security architecture, CI enforcement, container hardening -0062: - **[User Guide](features/security/USER.md)** - TLS configuration, encryption, IP filtering, monitoring -0063: -0064: **Key Features**: -0065: - Path Guard CI enforcement for critical code -0066: - Signed releases and multi-arch builds -0067: - Hardened Docker containers (Alpine 3.22.0, non-root, read-only) -0068: - Credential encryption at rest -0069: - Device fingerprinting -0070: - IP allowlisting/denylisting -0071: - Comprehensive audit logging -0072: -0073: ### 4. High-Scale Operations -0074: -0075: **Overview**: Intelligent operations features for production environments. -0076: -0077: - **[Technical Spec](features/operations/SPEC.md)** - Operations architecture, load balancing strategies, health monitoring -0078: - **[User Guide](features/operations/USER.md)** - Production deployment, cooldown management, observability -0079: -0080: **Key Features**: -0081: - Intelligent cooldown (automatic rate limit detection) -0082: - Multiple load balancing strategies (round-robin, quota-aware, latency, cost) -0083: - Provider health checks and self-healing -0084: - Comprehensive metrics (Prometheus) -0085: - Structured logging and distributed tracing -0086: - Alerting and notifications -0087: -0088: ### 5. Provider Registry -0089: -0090: **Overview**: Extensive registry of LLM providers. -0091: -0092: - **[Technical Spec](features/providers/SPEC.md)** - Provider architecture, registry implementation, model mapping -0093: - **[User Guide](features/providers/USER.md)** - Provider configuration, usage examples, troubleshooting -0094: -0095: **Supported Providers**: -0096: - **Direct**: Claude, Gemini, OpenAI, Mistral, Groq, DeepSeek -0097: - **Aggregators**: OpenRouter, Together AI, Fireworks AI, Novita AI, SiliconFlow -0098: - **Proprietary**: Kiro (AWS CodeWhisperer), GitHub Copilot, Roo Code, Kilo AI, MiniMax -0099: -0100: ## 🔧 API Documentation -0101: -0102: ### OpenAI-Compatible API -0103: -0104: **Endpoints**: -0105: - `POST /v1/chat/completions` - Chat completions (streaming and non-streaming) -0106: - `GET /v1/models` - List available models -0107: - `POST /v1/embeddings` - Generate embeddings -0108: -0109: See [API Reference](api/README.md) for complete API documentation. -0110: -0111: ### Management API -0112: -0113: **Endpoints**: -0114: - `GET /v0/management/config` - Inspect current configuration -0115: - `GET /v0/management/auths` - List all credentials -0116: - `POST /v0/management/auths` - Add credential -0117: - `DELETE /v0/management/auths/{provider}` - Remove credential -0118: - `POST /v0/management/auths/{provider}/refresh` - Refresh credential -0119: - `GET /v0/management/logs` - Real-time log inspection -0120: -0121: See [Management API](api/management.md) for complete documentation. -0122: -0123: ### Operations API -0124: -0125: **Endpoints**: -0126: - `GET /health` - Health check -0127: - `GET /metrics` - Prometheus metrics -0128: - `GET /v0/operations/providers/status` - Provider status -0129: - `GET /v0/operations/cooldown/status` - Cooldown status -0130: - `POST /v0/operations/providers/{provider}/recover` - Force recovery -0131: -0132: See [Operations API](api/operations.md) for complete documentation. -0133: -0134: ## 🛠️ SDK Documentation -0135: -0136: ### Go SDK -0137: -0138: **Embedding in Go applications**: -0139: - [SDK Usage](../docs/sdk-usage.md) - Basic embedding -0140: - [SDK Advanced](../docs/sdk-access.md) - Advanced configuration -0141: - [SDK Watcher](../docs/sdk-watcher.md) - Hot-reload and synthesis -0142: -0143: **Code Examples**: -0144: ```go -0145: import "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -0146: -0147: svc, err := cliproxy.NewBuilder(). -0148: WithConfig(cfg). -0149: WithConfigPath("config.yaml"). -0150: Build() -0151: -0152: ctx := context.Background() -0153: svc.Run(ctx) -0154: ``` -0155: -0156: ## 🚀 Getting Started -0157: -0158: ### 1. Installation -0159: -0160: **Docker (Recommended)**: -0161: ```bash -0162: docker pull KooshaPari/cliproxyapi-plusplus:latest -0163: ``` -0164: -0165: **Binary**: -0166: ```bash -0167: curl -L https://github.com/KooshaPari/cliproxyapi-plusplus/releases/latest/download/cliproxyapi++-darwin-amd64 -o cliproxyapi++ -0168: chmod +x cliproxyapi++ -0169: ``` -0170: -0171: **Go Module**: -0172: ```bash -0173: go get github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy -0174: ``` -0175: -0176: ### 2. Configuration -0177: -0178: Create `config.yaml`: -0179: ```yaml -0180: server: -0181: port: 8317 -0182: -0183: providers: -0184: claude: -0185: type: "claude" -0186: enabled: true -0187: -0188: auth: -0189: dir: "./auths" -0190: providers: -0191: - "claude" -0192: ``` -0193: -0194: ### 3. Add Credentials -0195: -0196: ```bash -0197: echo '{"type":"api_key","token":"sk-ant-xxxxx"}' > auths/claude.json -0198: ``` -0199: -0200: ### 4. Start Service -0201: -0202: **Docker**: -0203: ```bash -0204: docker run -d \ -0205: -p 8317:8317 \ -0206: -v $(pwd)/config.yaml:/config/config.yaml \ -0207: -v $(pwd)/auths:/auths \ -0208: KooshaPari/cliproxyapi-plusplus:latest -0209: ``` -0210: -0211: **Binary**: -0212: ```bash -0213: ./cliproxyapi++ --config config.yaml -0214: ``` -0215: -0216: ### 5. Make Request -0217: -0218: ```bash -0219: curl -X POST http://localhost:8317/v1/chat/completions \ -0220: -H "Content-Type: application/json" \ - -### FILE: docs/docsets/agent/index.md -0001: # Agent Operator Docset -0002: -0003: For teams routing agent workloads through cliproxyapi++. -0004: -0005: ## Operator Focus -0006: -0007: 1. [Operating Model](./operating-model.md) -0008: 2. Multi-provider routing and quota management -0009: 3. Auth lifecycle and refresh controls - -### FILE: docs/docsets/agent/operating-model.md -0001: # Agent Operating Model -0002: -0003: ## Execution Loop -0004: -0005: 1. Route request into OpenAI-compatible API surface. -0006: 2. Resolve provider/model translation and auth context. -0007: 3. Execute request with quotas, cooldown, and resilience controls. -0008: 4. Emit structured logs and monitoring signals. - -### FILE: docs/docsets/developer/external/index.md -0001: # External Developer Docset -0002: -0003: For engineers embedding cliproxyapi++ into their own systems. -0004: -0005: ## Start Here -0006: -0007: 1. [Integration Quickstart](./integration-quickstart.md) -0008: 2. [Feature Change Reference](../../FEATURE_CHANGES_PLUSPLUS.md) -0009: 3. Core docs in `docs/README.md`, `docs/api/`, and `docs/features/` - -### FILE: docs/docsets/developer/external/integration-quickstart.md -0001: # Integration Quickstart -0002: -0003: 1. Start cliproxyapi++ with config and auth storage. -0004: 2. Point OpenAI-compatible clients to proxy `/v1` endpoints. -0005: 3. Validate provider model mapping and fallback behavior. -0006: 4. Add health and quota observability to your platform stack. - -### FILE: docs/docsets/developer/internal/architecture.md -0001: # Internal Architecture -0002: -0003: ## Core Boundaries -0004: -0005: 1. API entrypoint and command bootstrap (`cmd/`) -0006: 2. Proxy core and reusable translation runtime (`pkg/llmproxy`) -0007: 3. Authentication and provider adapters -0008: 4. Operational surfaces (config, auth state, logs) -0009: -0010: ## Maintainer Rules -0011: -0012: - Keep translation logic deterministic. -0013: - Preserve OpenAI-compatible API behavior. -0014: - Enforce path and security governance gates. - -### FILE: docs/docsets/developer/internal/index.md -0001: # Internal Developer Docset -0002: -0003: For maintainers of cliproxyapi++ internals. -0004: -0005: ## Read First -0006: -0007: 1. [Internal Architecture](./architecture.md) -0008: 2. [Feature Changes in ++](../../FEATURE_CHANGES_PLUSPLUS.md) -0009: 3. `pkg/` and `cmd/` source directories -0010: 4. CI/CD workflows under `.github/workflows/` - -### FILE: docs/docsets/index.md -0001: # Docsets -0002: -0003: Audience-specific docs for cliproxyapi++. -0004: -0005: ## Developer -0006: -0007: - [Internal Developer Docset](./developer/internal/) -0008: - [External Developer Docset](./developer/external/) -0009: -0010: ## User -0011: -0012: - [Technical User Docset](./user/) -0013: -0014: ## Agent -0015: -0016: - [Agent Operator Docset](./agent/) - -### FILE: docs/docsets/user/index.md -0001: # Technical User Docset -0002: -0003: For operators and technical users running cliproxyapi++. -0004: -0005: ## Core Paths -0006: -0007: 1. [Quickstart](./quickstart.md) -0008: 2. Auth and provider setup docs -0009: 3. Runtime and troubleshooting docs - -### FILE: docs/docsets/user/quickstart.md -0001: # Technical User Quickstart -0002: -0003: 1. Configure `config.yaml` from the example. -0004: 2. Start service with Docker or native binary. -0005: 3. Validate `GET /v1/models` and sample chat completions. -0006: 4. Monitor rate limits and provider-specific auth state. - -### FILE: docs/features/architecture/DEV.md -0001: # Developer Guide: Extending Library-First Architecture -0002: -0003: ## Contributing to pkg/llmproxy -0004: -0005: This guide is for developers who want to extend the core library functionality: adding new providers, customizing translators, implementing new authentication flows, or optimizing performance. -0006: -0007: ## Project Structure -0008: -0009: ``` -0010: pkg/llmproxy/ -0011: ├── translator/ # Protocol translation layer -0012: │ ├── base.go # Common interfaces and utilities -0013: │ ├── claude.go # Anthropic Claude -0014: │ ├── gemini.go # Google Gemini -0015: │ ├── openai.go # OpenAI GPT -0016: │ ├── kiro.go # AWS CodeWhisperer -0017: │ ├── copilot.go # GitHub Copilot -0018: │ └── aggregators.go # Multi-provider aggregators -0019: ├── provider/ # Provider execution layer -0020: │ ├── base.go # Provider interface and executor -0021: │ ├── http.go # HTTP client with retry logic -0022: │ ├── rate_limit.go # Token bucket implementation -0023: │ └── health.go # Health check logic -0024: ├── auth/ # Authentication lifecycle -0025: │ ├── manager.go # Core auth manager -0026: │ ├── oauth.go # OAuth flows -0027: │ ├── device_flow.go # Device authorization flow -0028: │ └── refresh.go # Token refresh worker -0029: ├── config/ # Configuration management -0030: │ ├── loader.go # Config file parsing -0031: │ ├── schema.go # Validation schema -0032: │ └── synthesis.go # Config merge logic -0033: ├── watcher/ # Dynamic reload orchestration -0034: │ ├── file.go # File system watcher -0035: │ ├── debounce.go # Debouncing logic -0036: │ └── notify.go # Change notifications -0037: └── metrics/ # Observability -0038: ├── collector.go # Metrics collection -0039: └── exporter.go # Metrics export -0040: ``` -0041: -0042: ## Adding a New Provider -0043: -0044: ### Step 1: Define Provider Configuration -0045: -0046: Add provider config to `config/schema.go`: -0047: -0048: ```go -0049: type ProviderConfig struct { -0050: Type string `yaml:"type" validate:"required,oneof=claude gemini openai kiro copilot myprovider"` -0051: Enabled bool `yaml:"enabled"` -0052: Models []ModelConfig `yaml:"models"` -0053: AuthType string `yaml:"auth_type" validate:"required,oneof=api_key oauth device_flow"` -0054: Priority int `yaml:"priority"` -0055: Cooldown time.Duration `yaml:"cooldown"` -0056: Endpoint string `yaml:"endpoint"` -0057: // Provider-specific fields -0058: CustomField string `yaml:"custom_field"` -0059: } -0060: ``` -0061: -0062: ### Step 2: Implement Translator Interface -0063: -0064: Create `pkg/llmproxy/translator/myprovider.go`: -0065: -0066: ```go -0067: package translator -0068: -0069: import ( -0070: "context" -0071: "encoding/json" -0072: -0073: openai "github.com/sashabaranov/go-openai" -0074: "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" -0075: ) -0076: -0077: type MyProviderTranslator struct { -0078: config *config.ProviderConfig -0079: } -0080: -0081: func NewMyProviderTranslator(cfg *config.ProviderConfig) *MyProviderTranslator { -0082: return &MyProviderTranslator{config: cfg} -0083: } -0084: -0085: func (t *MyProviderTranslator) TranslateRequest( -0086: ctx context.Context, -0087: req *openai.ChatCompletionRequest, -0088: ) (*llmproxy.ProviderRequest, error) { -0089: // Map OpenAI models to provider models -0090: modelMapping := map[string]string{ -0091: "gpt-4": "myprovider-v1-large", -0092: "gpt-3.5-turbo": "myprovider-v1-medium", -0093: } -0094: providerModel := modelMapping[req.Model] -0095: if providerModel == "" { -0096: providerModel = req.Model -0097: } -0098: -0099: // Convert messages -0100: messages := make([]map[string]interface{}, len(req.Messages)) -0101: for i, msg := range req.Messages { -0102: messages[i] = map[string]interface{}{ -0103: "role": msg.Role, -0104: "content": msg.Content, -0105: } -0106: } -0107: -0108: // Build request -0109: providerReq := &llmproxy.ProviderRequest{ -0110: Method: "POST", -0111: Endpoint: t.config.Endpoint + "/v1/chat/completions", -0112: Headers: map[string]string{ -0113: "Content-Type": "application/json", -0114: "Accept": "application/json", -0115: }, -0116: Body: map[string]interface{}{ -0117: "model": providerModel, -0118: "messages": messages, -0119: "stream": req.Stream, -0120: }, -0121: } -0122: -0123: // Add optional parameters -0124: if req.Temperature != 0 { -0125: providerReq.Body["temperature"] = req.Temperature -0126: } -0127: if req.MaxTokens != 0 { -0128: providerReq.Body["max_tokens"] = req.MaxTokens -0129: } -0130: -0131: return providerReq, nil -0132: } -0133: -0134: func (t *MyProviderTranslator) TranslateResponse( -0135: ctx context.Context, -0136: resp *llmproxy.ProviderResponse, -0137: ) (*openai.ChatCompletionResponse, error) { -0138: // Parse provider response -0139: var providerBody struct { -0140: ID string `json:"id"` -0141: Model string `json:"model"` -0142: Choices []struct { -0143: Message struct { -0144: Role string `json:"role"` -0145: Content string `json:"content"` -0146: } `json:"message"` -0147: FinishReason string `json:"finish_reason"` -0148: } `json:"choices"` -0149: Usage struct { -0150: PromptTokens int `json:"prompt_tokens"` -0151: CompletionTokens int `json:"completion_tokens"` -0152: TotalTokens int `json:"total_tokens"` -0153: } `json:"usage"` -0154: } -0155: -0156: if err := json.Unmarshal(resp.Body, &providerBody); err != nil { -0157: return nil, fmt.Errorf("failed to parse provider response: %w", err) -0158: } -0159: -0160: // Convert to OpenAI format -0161: choices := make([]openai.ChatCompletionChoice, len(providerBody.Choices)) -0162: for i, choice := range providerBody.Choices { -0163: choices[i] = openai.ChatCompletionChoice{ -0164: Message: openai.ChatCompletionMessage{ -0165: Role: openai.ChatMessageRole(choice.Message.Role), -0166: Content: choice.Message.Content, -0167: }, -0168: FinishReason: openai.FinishReason(choice.FinishReason), -0169: } -0170: } -0171: -0172: return &openai.ChatCompletionResponse{ -0173: ID: providerBody.ID, -0174: Model: resp.RequestModel, -0175: Choices: choices, -0176: Usage: openai.Usage{ -0177: PromptTokens: providerBody.Usage.PromptTokens, -0178: CompletionTokens: providerBody.Usage.CompletionTokens, -0179: TotalTokens: providerBody.Usage.TotalTokens, -0180: }, -0181: }, nil -0182: } -0183: -0184: func (t *MyProviderTranslator) TranslateStream( -0185: ctx context.Context, -0186: stream io.Reader, -0187: ) (<-chan *openai.ChatCompletionStreamResponse, error) { -0188: // Implement streaming translation -0189: ch := make(chan *openai.ChatCompletionStreamResponse) -0190: -0191: go func() { -0192: defer close(ch) -0193: -0194: scanner := bufio.NewScanner(stream) -0195: for scanner.Scan() { -0196: line := scanner.Text() -0197: if !strings.HasPrefix(line, "data: ") { -0198: continue -0199: } -0200: -0201: data := strings.TrimPrefix(line, "data: ") -0202: if data == "[DONE]" { -0203: return -0204: } -0205: -0206: var chunk struct { -0207: ID string `json:"id"` -0208: Choices []struct { -0209: Delta struct { -0210: Content string `json:"content"` -0211: } `json:"delta"` -0212: FinishReason *string `json:"finish_reason"` -0213: } `json:"choices"` -0214: } -0215: -0216: if err := json.Unmarshal([]byte(data), &chunk); err != nil { -0217: continue -0218: } -0219: -0220: ch <- &openai.ChatCompletionStreamResponse{ - -### FILE: docs/features/architecture/SPEC.md -0001: # Technical Specification: Library-First Architecture (pkg/llmproxy) -0002: -0003: ## Overview -0004: -0005: **cliproxyapi++** implements a "Library-First" architectural pattern by extracting all core proxy logic from the traditional `internal/` package into a public, reusable `pkg/llmproxy` module. This transformation enables external Go applications to import and embed the entire translation, authentication, and communication engine without depending on the CLI binary. -0006: -0007: ## Architecture Migration -0008: -0009: ### Before: Mainline Structure -0010: ``` -0011: CLIProxyAPI/ -0012: ├── internal/ -0013: │ ├── translator/ # Core translation logic (NOT IMPORTABLE) -0014: │ ├── provider/ # Provider executors (NOT IMPORTABLE) -0015: │ └── auth/ # Auth management (NOT IMPORTABLE) -0016: └── cmd/server/ -0017: ``` -0018: -0019: ### After: cliproxyapi++ Structure -0020: ``` -0021: cliproxyapi++/ -0022: ├── pkg/llmproxy/ # PUBLIC LIBRARY (IMPORTABLE) -0023: │ ├── translator/ # Translation engine -0024: │ ├── provider/ # Provider implementations -0025: │ ├── config/ # Configuration synthesis -0026: │ ├── watcher/ # Dynamic reload orchestration -0027: │ └── auth/ # Auth lifecycle management -0028: ├── cmd/server/ # CLI entry point (uses pkg/llmproxy) -0029: └── sdk/cliproxy/ # High-level embedding SDK -0030: ``` -0031: -0032: ## Core Components -0033: -0034: ### 1. Translation Engine (`pkg/llmproxy/translator`) -0035: -0036: **Purpose**: Handles bidirectional protocol conversion between OpenAI-compatible requests and proprietary LLM APIs. -0037: -0038: **Key Interfaces**: -0039: ```go -0040: type Translator interface { -0041: // Convert OpenAI format to provider format -0042: TranslateRequest(ctx context.Context, req *openai.ChatRequest) (*ProviderRequest, error) -0043: -0044: // Convert provider response back to OpenAI format -0045: TranslateResponse(ctx context.Context, resp *ProviderResponse) (*openai.ChatResponse, error) -0046: -0047: // Stream translation for SSE -0048: TranslateStream(ctx context.Context, stream io.Reader) (<-chan *openai.ChatChunk, error) -0049: -0050: // Provider-specific capabilities -0051: SupportsStreaming() bool -0052: SupportsFunctions() bool -0053: MaxTokens() int -0054: } -0055: ``` -0056: -0057: **Implemented Translators**: -0058: - `claude.go` - Anthropic Claude API -0059: - `gemini.go` - Google Gemini API -0060: - `openai.go` - OpenAI GPT API -0061: - `kiro.go` - AWS CodeWhisperer (custom protocol) -0062: - `copilot.go` - GitHub Copilot (custom protocol) -0063: - `aggregators.go` - OpenRouter, Together, Fireworks -0064: -0065: **Translation Strategy**: -0066: 1. **Request Normalization**: Parse OpenAI-format request, extract: -0067: - Messages (system, user, assistant) -0068: - Tools/functions -0069: - Generation parameters (temp, top_p, max_tokens) -0070: - Streaming flag -0071: -0072: 2. **Provider Mapping**: Map OpenAI models to provider endpoints: -0073: ``` -0074: claude-3-5-sonnet -> claude-3-5-sonnet-20241022 (Anthropic) -0075: gpt-4 -> gpt-4-turbo-preview (OpenAI) -0076: gemini-1.5-pro -> gemini-1.5-pro-preview-0514 (Gemini) -0077: ``` -0078: -0079: 3. **Response Normalization**: Convert provider responses to OpenAI format: -0080: - Standardize usage statistics (prompt_tokens, completion_tokens) -0081: - Normalize finish reasons (stop, length, content_filter) -0082: - Map provider-specific error codes to OpenAI error types -0083: -0084: ### 2. Provider Execution (`pkg/llmproxy/provider`) -0085: -0086: **Purpose**: Orchestrates HTTP communication with LLM providers, handling authentication, retry logic, and error recovery. -0087: -0088: **Key Interfaces**: -0089: ```go -0090: type ProviderExecutor interface { -0091: // Execute a single request (non-streaming) -0092: Execute(ctx context.Context, auth coreauth.Auth, req *ProviderRequest) (*ProviderResponse, error) -0093: -0094: // Execute streaming request -0095: ExecuteStream(ctx context.Context, auth coreauth.Auth, req *ProviderRequest) (<-chan *ProviderChunk, error) -0096: -0097: // Health check provider -0098: HealthCheck(ctx context.Context, auth coreauth.Auth) error -0099: -0100: // Provider metadata -0101: Name() string -0102: SupportsModel(model string) bool -0103: } -0104: ``` -0105: -0106: **Executor Lifecycle**: -0107: ``` -0108: Request -> RateLimitCheck -> AuthValidate -> ProviderExecute -> -0109: -> Success -> Response -0110: -> RetryableError -> Backoff -> Retry -0111: -> NonRetryableError -> Error -0112: ``` -0113: -0114: **Rate Limiting**: -0115: - Per-provider token bucket -0116: - Per-credential quota tracking -0117: - Intelligent cooldown on 429 responses -0118: -0119: ### 3. Configuration Management (`pkg/llmproxy/config`) -0120: -0121: **Purpose**: Loads, validates, and synthesizes configuration from multiple sources. -0122: -0123: **Configuration Hierarchy**: -0124: ``` -0125: 1. Base config (config.yaml) -0126: 2. Environment overrides (CLI_PROXY_*) -0127: 3. Runtime synthesis (watcher merges changes) -0128: 4. Per-request overrides (query params) -0129: ``` -0130: -0131: **Key Structures**: -0132: ```go -0133: type Config struct { -0134: Server ServerConfig -0135: Providers map[string]ProviderConfig -0136: Auth AuthConfig -0137: Management ManagementConfig -0138: Logging LoggingConfig -0139: } -0140: -0141: type ProviderConfig struct { -0142: Type string // "claude", "gemini", "openai", etc. -0143: Enabled bool -0144: Models []ModelConfig -0145: AuthType string // "api_key", "oauth", "device_flow" -0146: Priority int // Routing priority -0147: Cooldown time.Duration -0148: } -0149: ``` -0150: -0151: **Hot-Reload Mechanism**: -0152: - File watcher on `config.yaml` and `auths/` directory -0153: - Debounced reload (500ms delay) -0154: - Atomic config swapping (no request interruption) -0155: - Validation before activation (reject invalid configs) -0156: -0157: ### 4. Watcher & Synthesis (`pkg/llmproxy/watcher`) -0158: -0159: **Purpose**: Orchestrates dynamic configuration updates and background lifecycle management. -0160: -0161: **Watcher Architecture**: -0162: ```go -0163: type Watcher struct { -0164: configPath string -0165: authDir string -0166: reloadChan chan struct{} -0167: currentConfig atomic.Value // *Config -0168: currentAuths atomic.Value // []coreauth.Auth -0169: } -0170: -0171: // Run starts the watcher goroutine -0172: func (w *Watcher) Run(ctx context.Context) error { -0173: // 1. Initial load -0174: w.loadAll() -0175: -0176: // 2. Watch files -0177: go w.watchConfig(ctx) -0178: go w.watchAuths(ctx) -0179: -0180: // 3. Handle reloads -0181: for { -0182: select { -0183: case <-w.reloadChan: -0184: w.loadAll() -0185: case <-ctx.Done(): -0186: return ctx.Err() -0187: } -0188: } -0189: } -0190: ``` -0191: -0192: **Synthesis Pipeline**: -0193: ``` -0194: Config File Changed -> Parse YAML -> Validate Schema -> -0195: Merge with Existing -> Check Conflicts -> Atomic Swap -0196: ``` -0197: -0198: **Background Workers**: -0199: 1. **Token Refresh Worker**: Checks every 5 minutes, refreshes tokens expiring within 10 minutes -0200: 2. **Health Check Worker**: Pings providers every 30 seconds, marks unhealthy providers -0201: 3. **Metrics Collector**: Aggregates request latency, error rates, token usage -0202: -0203: ## Data Flow -0204: -0205: ### Request Processing Flow -0206: ``` -0207: HTTP Request (OpenAI format) -0208: ↓ -0209: Middleware (CORS, auth, logging) -0210: ↓ -0211: Handler (Parse request, select provider) -0212: ↓ -0213: Provider Executor (Rate limit check) -0214: ↓ -0215: Translator (Convert to provider format) -0216: ↓ -0217: HTTP Client (Execute provider API) -0218: ↓ -0219: Translator (Convert response) -0220: ↓ - -### FILE: docs/features/architecture/USER.md -0001: # User Guide: Library-First Architecture -0002: -0003: ## What is "Library-First"? -0004: -0005: The **Library-First** architecture means that all the core proxy logic (translation, authentication, provider communication) is packaged as a reusable Go library (`pkg/llmproxy`). This allows you to embed the proxy directly into your own applications instead of running it as a separate service. -0006: -0007: ## Why Use the Library? -0008: -0009: ### Benefits Over Standalone CLI -0010: -0011: | Aspect | Standalone CLI | Embedded Library | -0012: |--------|---------------|------------------| -0013: | **Deployment** | Separate process, network calls | In-process, zero network overhead | -0014: | **Configuration** | External config file | Programmatic config | -0015: | **Customization** | Limited to config options | Full code access | -0016: | **Performance** | Network latency + serialization | Direct function calls | -0017: | **Monitoring** | External metrics/logs | Internal hooks/observability | -0018: -0019: ### When to Use Each -0020: -0021: **Use Standalone CLI when**: -0022: - You want a simple, drop-in proxy -0023: - You're integrating with existing OpenAI clients -0024: - You don't need custom logic -0025: - You prefer configuration over code -0026: -0027: **Use Embedded Library when**: -0028: - You're building a Go application -0029: - You need custom request/response processing -0030: - You want to integrate with your auth system -0031: - You need fine-grained control over routing -0032: -0033: ## Quick Start: Embedding in Your App -0034: -0035: ### Step 1: Install the SDK -0036: -0037: ```bash -0038: go get github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy -0039: ``` -0040: -0041: ### Step 2: Basic Embedding -0042: -0043: Create `main.go`: -0044: -0045: ```go -0046: package main -0047: -0048: import ( -0049: "context" -0050: "log" -0051: -0052: "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -0053: "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -0054: ) -0055: -0056: func main() { -0057: // Load config -0058: cfg, err := config.LoadConfig("config.yaml") -0059: if err != nil { -0060: log.Fatalf("Failed to load config: %v", err) -0061: } -0062: -0063: // Build service -0064: svc, err := cliproxy.NewBuilder(). -0065: WithConfig(cfg). -0066: WithConfigPath("config.yaml"). -0067: Build() -0068: if err != nil { -0069: log.Fatalf("Failed to build service: %v", err) -0070: } -0071: -0072: // Run service -0073: ctx := context.Background() -0074: if err := svc.Run(ctx); err != nil { -0075: log.Fatalf("Service error: %v", err) -0076: } -0077: } -0078: ``` -0079: -0080: ### Step 3: Create Config File -0081: -0082: Create `config.yaml`: -0083: -0084: ```yaml -0085: server: -0086: port: 8317 -0087: -0088: providers: -0089: claude: -0090: type: "claude" -0091: enabled: true -0092: models: -0093: - name: "claude-3-5-sonnet" -0094: enabled: true -0095: -0096: auth: -0097: dir: "./auths" -0098: providers: -0099: - "claude" -0100: ``` -0101: -0102: ### Step 4: Run Your App -0103: -0104: ```bash -0105: # Add your Claude API key -0106: echo '{"type":"api_key","token":"sk-ant-xxx"}' > auths/claude.json -0107: -0108: # Run your app -0109: go run main.go -0110: ``` -0111: -0112: Your embedded proxy is now running on port 8317 with OpenAI-compatible endpoints! -0113: -0114: ## Advanced: Custom Translators -0115: -0116: If you need to support a custom LLM provider, you can implement your own translator: -0117: -0118: ```go -0119: package main -0120: -0121: import ( -0122: "context" -0123: -0124: "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" -0125: openai "github.com/sashabaranov/go-openai" -0126: ) -0127: -0128: // MyCustomTranslator implements the Translator interface -0129: type MyCustomTranslator struct{} -0130: -0131: func (t *MyCustomTranslator) TranslateRequest( -0132: ctx context.Context, -0133: req *openai.ChatCompletionRequest, -0134: ) (*translator.ProviderRequest, error) { -0135: // Convert OpenAI request to your provider's format -0136: return &translator.ProviderRequest{ -0137: Endpoint: "https://api.myprovider.com/v1/chat", -0138: Headers: map[string]string{ -0139: "Content-Type": "application/json", -0140: }, -0141: Body: map[string]interface{}{ -0142: "messages": req.Messages, -0143: "model": req.Model, -0144: }, -0145: }, nil -0146: } -0147: -0148: func (t *MyCustomTranslator) TranslateResponse( -0149: ctx context.Context, -0150: resp *translator.ProviderResponse, -0151: ) (*openai.ChatCompletionResponse, error) { -0152: // Convert provider response back to OpenAI format -0153: return &openai.ChatCompletionResponse{ -0154: ID: resp.ID, -0155: Choices: []openai.ChatCompletionChoice{ -0156: { -0157: Message: openai.ChatCompletionMessage{ -0158: Role: "assistant", -0159: Content: resp.Content, -0160: }, -0161: }, -0162: }, -0163: }, nil -0164: } -0165: -0166: // Register your translator -0167: func main() { -0168: myTranslator := &MyCustomTranslator{} -0169: -0170: svc, err := cliproxy.NewBuilder(). -0171: WithConfig(cfg). -0172: WithConfigPath("config.yaml"). -0173: WithCustomTranslator("myprovider", myTranslator). -0174: Build() -0175: // ... -0176: } -0177: ``` -0178: -0179: ## Advanced: Custom Auth Management -0180: -0181: Integrate with your existing auth system: -0182: -0183: ```go -0184: package main -0185: -0186: import ( -0187: "context" -0188: "sync" -0189: -0190: "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -0191: ) -0192: -0193: // MyAuthProvider implements TokenClientProvider -0194: type MyAuthProvider struct { -0195: mu sync.RWMutex -0196: tokens map[string]string -0197: } -0198: -0199: func (p *MyAuthProvider) Load( -0200: ctx context.Context, -0201: cfg *config.Config, -0202: ) (*cliproxy.TokenClientResult, error) { -0203: p.mu.RLock() -0204: defer p.mu.RUnlock() -0205: -0206: var clients []cliproxy.AuthClient -0207: for provider, token := range p.tokens { -0208: clients = append(clients, cliproxy.AuthClient{ -0209: Provider: provider, -0210: Type: "api_key", -0211: Token: token, -0212: }) -0213: } -0214: -0215: return &cliproxy.TokenClientResult{ -0216: Clients: clients, -0217: Count: len(clients), -0218: }, nil -0219: } -0220: - -### FILE: docs/features/auth/SPEC.md -0001: # Technical Specification: Enterprise Authentication & Lifecycle -0002: -0003: ## Overview -0004: -0005: **cliproxyapi++** implements enterprise-grade authentication management with full lifecycle automation, supporting multiple authentication flows (API keys, OAuth, device authorization) and automatic token refresh capabilities. -0006: -0007: ## Authentication Architecture -0008: -0009: ### Core Components -0010: -0011: ``` -0012: Auth System -0013: ├── Auth Manager (coreauth.Manager) -0014: │ ├── Token Store (File-based) -0015: │ ├── Refresh Worker (Background) -0016: │ ├── Health Checker -0017: │ └── Quota Tracker -0018: ├── Auth Flows -0019: │ ├── API Key Flow -0020: │ ├── OAuth 2.0 Flow -0021: │ ├── Device Authorization Flow -0022: │ └── Custom Provider Flows -0023: └── Credential Management -0024: ├── Multi-credential support -0025: ├── Per-credential quota tracking -0026: └── Automatic rotation -0027: ``` -0028: -0029: ## Authentication Flows -0030: -0031: ### 1. API Key Authentication -0032: -0033: **Purpose**: Simple token-based authentication for providers with static API keys. -0034: -0035: **Implementation**: -0036: ```go -0037: type APIKeyAuth struct { -0038: Token string `json:"token"` -0039: } -0040: -0041: func (a *APIKeyAuth) GetHeaders() map[string]string { -0042: return map[string]string{ -0043: "Authorization": fmt.Sprintf("Bearer %s", a.Token), -0044: } -0045: } -0046: ``` -0047: -0048: **Supported Providers**: Claude, Gemini, OpenAI, Mistral, Groq, DeepSeek -0049: -0050: **Storage Format** (`auths/{provider}.json`): -0051: ```json -0052: { -0053: "type": "api_key", -0054: "token": "sk-ant-xxx", -0055: "priority": 1, -0056: "quota": { -0057: "limit": 1000000, -0058: "used": 50000 -0059: } -0060: } -0061: ``` -0062: -0063: ### 2. OAuth 2.0 Flow -0064: -0065: **Purpose**: Standard OAuth 2.0 authorization code flow for providers requiring user consent. -0066: -0067: **Flow Sequence**: -0068: ``` -0069: 1. User initiates auth -0070: 2. Redirect to provider auth URL -0071: 3. User grants consent -0072: 4. Provider redirects with authorization code -0073: 5. Exchange code for access token -0074: 6. Store access + refresh token -0075: ``` -0076: -0077: **Implementation**: -0078: ```go -0079: type OAuthFlow struct { -0080: clientID string -0081: clientSecret string -0082: redirectURL string -0083: authURL string -0084: tokenURL string -0085: } -0086: -0087: func (f *OAuthFlow) Start(ctx context.Context) (*AuthResult, error) { -0088: state := generateSecureState() -0089: authURL := fmt.Sprintf("%s?response_type=code&client_id=%s&redirect_uri=%s&state=%s", -0090: f.authURL, f.clientID, f.redirectURL, state) -0091: -0092: return &AuthResult{ -0093: Method: "oauth", -0094: AuthURL: authURL, -0095: State: state, -0096: }, nil -0097: } -0098: -0099: func (f *OAuthFlow) Exchange(ctx context.Context, code string) (*AuthToken, error) { -0100: // Exchange authorization code for tokens -0101: resp, err := http.PostForm(f.tokenURL, map[string]string{ -0102: "client_id": f.clientID, -0103: "client_secret": f.clientSecret, -0104: "code": code, -0105: "redirect_uri": f.redirectURL, -0106: "grant_type": "authorization_code", -0107: }) -0108: -0109: // Parse and return tokens -0110: } -0111: ``` -0112: -0113: **Supported Providers**: GitHub Copilot (partial) -0114: -0115: ### 3. Device Authorization Flow -0116: -0117: **Purpose**: OAuth 2.0 device authorization grant for headless/batch environments. -0118: -0119: **Flow Sequence**: -0120: ``` -0121: 1. Request device code -0122: 2. Display user code and verification URL -0123: 3. User visits URL, enters code -0124: 4. Background polling for token -0125: 5. Receive access token -0126: ``` -0127: -0128: **Implementation**: -0129: ```go -0130: type DeviceFlow struct { -0131: deviceCodeURL string -0132: tokenURL string -0133: clientID string -0134: } -0135: -0136: func (f *DeviceFlow) Start(ctx context.Context) (*AuthResult, error) { -0137: resp, err := http.PostForm(f.deviceCodeURL, map[string]string{ -0138: "client_id": f.clientID, -0139: }) -0140: -0141: var dc struct { -0142: DeviceCode string `json:"device_code"` -0143: UserCode string `json:"user_code"` -0144: VerificationURI string `json:"verification_uri"` -0145: VerificationURIComplete string `json:"verification_uri_complete"` -0146: ExpiresIn int `json:"expires_in"` -0147: Interval int `json:"interval"` -0148: } -0149: -0150: // Parse and return device code info -0151: return &AuthResult{ -0152: Method: "device_flow", -0153: UserCode: dc.UserCode, -0154: VerificationURL: dc.VerificationURI, -0155: DeviceCode: dc.DeviceCode, -0156: Interval: dc.Interval, -0157: ExpiresAt: time.Now().Add(time.Duration(dc.ExpiresIn) * time.Second), -0158: }, nil -0159: } -0160: -0161: func (f *DeviceFlow) Poll(ctx context.Context, deviceCode string) (*AuthToken, error) { -0162: ticker := time.NewTicker(time.Duration(f.Interval) * time.Second) -0163: defer ticker.Stop() -0164: -0165: for { -0166: select { -0167: case <-ctx.Done(): -0168: return nil, ctx.Err() -0169: case <-ticker.C: -0170: resp, err := http.PostForm(f.tokenURL, map[string]string{ -0171: "client_id": f.clientID, -0172: "grant_type": "urn:ietf:params:oauth:grant-type:device_code", -0173: "device_code": deviceCode, -0174: }) -0175: -0176: var token struct { -0177: AccessToken string `json:"access_token"` -0178: ExpiresIn int `json:"expires_in"` -0179: Error string `json:"error"` -0180: } -0181: -0182: if token.Error == "" { -0183: return &AuthToken{ -0184: AccessToken: token.AccessToken, -0185: ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), -0186: }, nil -0187: } -0188: -0189: if token.Error != "authorization_pending" { -0190: return nil, fmt.Errorf("device flow error: %s", token.Error) -0191: } -0192: } -0193: } -0194: } -0195: ``` -0196: -0197: **Supported Providers**: GitHub Copilot (Full), Kiro (AWS CodeWhisperer) -0198: -0199: ## Provider-Specific Authentication -0200: -0201: ### GitHub Copilot (Full OAuth Device Flow) -0202: -0203: **Authentication Flow**: -0204: 1. Device code request to GitHub -0205: 2. User authorizes via browser -0206: 3. Poll for access token -0207: 4. Refresh token management -0208: -0209: **Token Storage** (`auths/copilot.json`): -0210: ```json -0211: { -0212: "type": "oauth_device_flow", -0213: "access_token": "ghu_xxx", -0214: "refresh_token": "ghr_xxx", -0215: "expires_at": "2026-02-20T00:00:00Z", -0216: "quota": { -0217: "limit": 10000, -0218: "used": 100 -0219: } -0220: } - -### FILE: docs/features/auth/USER.md -0001: # User Guide: Enterprise Authentication -0002: -0003: ## Understanding Authentication in cliproxyapi++ -0004: -0005: cliproxyapi++ supports multiple authentication methods for different LLM providers. The authentication system handles credential management, automatic token refresh, and quota tracking seamlessly in the background. -0006: -0007: ## Quick Start: Adding Credentials -0008: -0009: ### Method 1: Manual Configuration -0010: -0011: Create credential files in the `auths/` directory: -0012: -0013: **Claude API Key** (`auths/claude.json`): -0014: ```json -0015: { -0016: "type": "api_key", -0017: "token": "sk-ant-xxxxx", -0018: "priority": 1 -0019: } -0020: ``` -0021: -0022: **OpenAI API Key** (`auths/openai.json`): -0023: ```json -0024: { -0025: "type": "api_key", -0026: "token": "sk-xxxxx", -0027: "priority": 2 -0028: } -0029: ``` -0030: -0031: **Gemini API Key** (`auths/gemini.json`): -0032: ```json -0033: { -0034: "type": "api_key", -0035: "token": "AIzaSyxxxxx", -0036: "priority": 3 -0037: } -0038: ``` -0039: -0040: ### Method 2: Interactive Setup (Web UI) -0041: -0042: For providers with OAuth/device flow, use the web interface: -0043: -0044: **GitHub Copilot**: -0045: 1. Visit `http://localhost:8317/v0/oauth/copilot` -0046: 2. Enter your GitHub credentials -0047: 3. Authorize the application -0048: 4. Token is automatically stored -0049: -0050: **Kiro (AWS CodeWhisperer)**: -0051: 1. Visit `http://localhost:8317/v0/oauth/kiro` -0052: 2. Choose AWS Builder ID or Identity Center -0053: 3. Complete browser-based login -0054: 4. Token is automatically stored -0055: -0056: ### Method 3: CLI Commands -0057: -0058: ```bash -0059: # Add API key -0060: curl -X POST http://localhost:8317/v0/management/auths \ -0061: -H "Content-Type: application/json" \ -0062: -d '{ -0063: "provider": "claude", -0064: "type": "api_key", -0065: "token": "sk-ant-xxxxx" -0066: }' -0067: -0068: # Add with priority -0069: curl -X POST http://localhost:8317/v0/management/auths \ -0070: -H "Content-Type: application/json" \ -0071: -d '{ -0072: "provider": "claude", -0073: "type": "api_key", -0074: "token": "sk-ant-xxxxx", -0075: "priority": 10 -0076: }' -0077: ``` -0078: -0079: ## Authentication Methods -0080: -0081: ### API Key Authentication -0082: -0083: **Best for**: Providers with static API keys that don't expire. -0084: -0085: **Supported Providers**: -0086: - Claude (Anthropic) -0087: - OpenAI -0088: - Gemini (Google) -0089: - Mistral -0090: - Groq -0091: - DeepSeek -0092: - And many more -0093: -0094: **Setup**: -0095: ```json -0096: { -0097: "type": "api_key", -0098: "token": "your-api-key-here", -0099: "priority": 1 -0100: } -0101: ``` -0102: -0103: **Priority**: Lower number = higher priority. Used when multiple credentials exist for the same provider. -0104: -0105: ### OAuth 2.0 Device Flow -0106: -0107: **Best for**: Providers requiring user consent with token refresh capability. -0108: -0109: **Supported Providers**: -0110: - GitHub Copilot -0111: - Kiro (AWS CodeWhisperer) -0112: -0113: **Setup**: Use web UI - automatic handling of device code, user authorization, and token storage. -0114: -0115: **How it Works**: -0116: 1. System requests a device code from provider -0117: 2. You're shown a user code and verification URL -0118: 3. Visit URL, enter code, authorize -0119: 4. System polls for token in background -0120: 5. Token stored and automatically refreshed -0121: -0122: **Example: GitHub Copilot**: -0123: ```bash -0124: # Visit web UI -0125: open http://localhost:8317/v0/oauth/copilot -0126: -0127: # Enter your GitHub credentials -0128: # Authorize the application -0129: # Done! Token is stored and managed automatically -0130: ``` -0131: -0132: ### Custom Provider Authentication -0133: -0134: **Best for**: Proprietary providers with custom auth flows. -0135: -0136: **Setup**: Implement custom auth flow in embedded library (see DEV.md). -0137: -0138: ## Quota Management -0139: -0140: ### Understanding Quotas -0141: -0142: Track usage per credential: -0143: -0144: ```json -0145: { -0146: "type": "api_key", -0147: "token": "sk-ant-xxxxx", -0148: "quota": { -0149: "limit": 1000000, -0150: "used": 50000, -0151: "remaining": 950000 -0152: } -0153: } -0154: ``` -0155: -0156: **Automatic Quota Tracking**: -0157: - Request tokens are deducted from quota after each request -0158: - Multiple credentials are load-balanced based on remaining quota -0159: - Automatic rotation when quota is exhausted -0160: -0161: ### Setting Quotas -0162: -0163: ```bash -0164: # Update quota via API -0165: curl -X PUT http://localhost:8317/v0/management/auths/claude/quota \ -0166: -H "Content-Type: application/json" \ -0167: -d '{ -0168: "limit": 1000000 -0169: }' -0170: ``` -0171: -0172: ### Quota Reset -0173: -0174: Quotas reset automatically based on provider billing cycles (configurable in `config.yaml`): -0175: -0176: ```yaml -0177: auth: -0178: quota: -0179: reset_schedule: -0180: claude: "monthly" -0181: openai: "monthly" -0182: gemini: "daily" -0183: ``` -0184: -0185: ## Automatic Token Refresh -0186: -0187: ### How It Works -0188: -0189: The refresh worker runs every 5 minutes and: -0190: 1. Checks all credentials for expiration -0191: 2. Refreshes tokens expiring within 10 minutes -0192: 3. Updates stored credentials -0193: 4. Notifies applications of refresh (no downtime) -0194: -0195: ### Configuration -0196: -0197: ```yaml -0198: auth: -0199: refresh: -0200: enabled: true -0201: check_interval: "5m" -0202: refresh_lead_time: "10m" -0203: ``` -0204: -0205: ### Monitoring Refresh -0206: -0207: ```bash -0208: # Check refresh status -0209: curl http://localhost:8317/v0/management/auths/refresh/status -0210: ``` -0211: -0212: Response: -0213: ```json -0214: { -0215: "last_check": "2026-02-19T23:00:00Z", -0216: "next_check": "2026-02-19T23:05:00Z", -0217: "credentials_checked": 5, -0218: "refreshed": 1, -0219: "failed": 0 -0220: } - -### FILE: docs/features/operations/SPEC.md -0001: # Technical Specification: High-Scale Operations -0002: -0003: ## Overview -0004: -0005: **cliproxyapi++** is designed for high-scale production environments with intelligent operations features: automated cooldown, load balancing, health checking, and comprehensive observability. -0006: -0007: ## Operations Architecture -0008: -0009: ### Core Components -0010: -0011: ``` -0012: Operations Layer -0013: ├── Intelligent Cooldown System -0014: │ ├── Rate Limit Detection -0015: │ ├── Provider-Specific Cooldown -0016: │ ├── Automatic Recovery -0017: │ └── Load Redistribution -0018: ├── Load Balancing -0019: │ ├── Round-Robin Strategy -0020: │ ├── Quota-Aware Strategy -0021: │ ├── Latency-Based Strategy -0022: │ └── Cost-Based Strategy -0023: ├── Health Monitoring -0024: │ ├── Provider Health Checks -0025: │ ├── Dependency Health Checks -0026: │ ├── Service Health Checks -0027: │ └── Self-Healing -0028: └── Observability -0029: ├── Metrics Collection -0030: ├── Distributed Tracing -0031: ├── Structured Logging -0032: └── Alerting -0033: ``` -0034: -0035: ## Intelligent Cooldown System -0036: -0037: ### Rate Limit Detection -0038: -0039: **Purpose**: Automatically detect when providers are rate-limited and temporarily pause requests. -0040: -0041: **Implementation**: -0042: ```go -0043: type RateLimitDetector struct { -0044: mu sync.RWMutex -0045: providerStatus map[string]ProviderStatus -0046: detectionWindow time.Duration -0047: threshold int -0048: } -0049: -0050: type ProviderStatus struct { -0051: InCooldown bool -0052: CooldownUntil time.Time -0053: RecentErrors []time.Time -0054: RateLimitCount int -0055: } -0056: -0057: func (d *RateLimitDetector) RecordError(provider string, statusCode int) { -0058: d.mu.Lock() -0059: defer d.mu.Unlock() -0060: -0061: status := d.providerStatus[provider] -0062: -0063: // Check for rate limit (429) -0064: if statusCode == 429 { -0065: status.RateLimitCount++ -0066: status.RecentErrors = append(status.RecentErrors, time.Now()) -0067: } -0068: -0069: // Clean old errors -0070: cutoff := time.Now().Add(-d.detectionWindow) -0071: var recent []time.Time -0072: for _, errTime := range status.RecentErrors { -0073: if errTime.After(cutoff) { -0074: recent = append(recent, errTime) -0075: } -0076: } -0077: status.RecentErrors = recent -0078: -0079: // Trigger cooldown if threshold exceeded -0080: if status.RateLimitCount >= d.threshold { -0081: status.InCooldown = true -0082: status.CooldownUntil = time.Now().Add(5 * time.Minute) -0083: status.RateLimitCount = 0 -0084: } -0085: -0086: d.providerStatus[provider] = status -0087: } -0088: ``` -0089: -0090: ### Cooldown Duration -0091: -0092: **Provider-specific cooldown periods**: -0093: ```yaml -0094: providers: -0095: claude: -0096: cooldown: -0097: enabled: true -0098: default_duration: "5m" -0099: rate_limit_duration: "10m" -0100: error_duration: "2m" -0101: openai: -0102: cooldown: -0103: enabled: true -0104: default_duration: "3m" -0105: rate_limit_duration: "5m" -0106: error_duration: "1m" -0107: ``` -0108: -0109: ### Automatic Recovery -0110: -0111: **Recovery mechanisms**: -0112: ```go -0113: type CooldownRecovery struct { -0114: detector *RateLimitDetector -0115: checker *HealthChecker -0116: } -0117: -0118: func (r *CooldownRecovery) Run(ctx context.Context) { -0119: ticker := time.NewTicker(30 * time.Second) -0120: defer ticker.Stop() -0121: -0122: for { -0123: select { -0124: case <-ctx.Done(): -0125: return -0126: case <-ticker.C: -0127: r.attemptRecovery() -0128: } -0129: } -0130: } -0131: -0132: func (r *CooldownRecovery) attemptRecovery() { -0133: for provider, status := range r.detector.providerStatus { -0134: if status.InCooldown && time.Now().After(status.CooldownUntil) { -0135: // Try health check -0136: if err := r.checker.Check(provider); err == nil { -0137: // Recovery successful -0138: r.detector.ExitCooldown(provider) -0139: log.Infof("Provider %s recovered from cooldown", provider) -0140: } -0141: } -0142: } -0143: } -0144: ``` -0145: -0146: ### Load Redistribution -0147: -0148: **Redistribute requests away from cooldown providers**: -0149: ```go -0150: type LoadRedistributor struct { -0151: providerRegistry map[string]ProviderExecutor -0152: cooldownDetector *RateLimitDetector -0153: } -0154: -0155: func (l *LoadRedistributor) SelectProvider(providers []string) (string, error) { -0156: // Filter out providers in cooldown -0157: available := []string{} -0158: for _, provider := range providers { -0159: if !l.cooldownDetector.IsInCooldown(provider) { -0160: available = append(available, provider) -0161: } -0162: } -0163: -0164: if len(available) == 0 { -0165: return "", fmt.Errorf("all providers in cooldown") -0166: } -0167: -0168: // Select from available providers -0169: return l.selectFromAvailable(available) -0170: } -0171: ``` -0172: -0173: ## Load Balancing Strategies -0174: -0175: ### Strategy Interface -0176: -0177: ```go -0178: type LoadBalancingStrategy interface { -0179: Select(providers []string, metrics *ProviderMetrics) (string, error) -0180: Name() string -0181: } -0182: ``` -0183: -0184: ### Round-Robin Strategy -0185: -0186: ```go -0187: type RoundRobinStrategy struct { -0188: counters map[string]int -0189: mu sync.Mutex -0190: } -0191: -0192: func (s *RoundRobinStrategy) Select(providers []string, metrics *ProviderMetrics) (string, error) { -0193: s.mu.Lock() -0194: defer s.mu.Unlock() -0195: -0196: if len(providers) == 0 { -0197: return "", fmt.Errorf("no providers available") -0198: } -0199: -0200: // Get counter for first provider (all share counter) -0201: counter := s.counters["roundrobin"] -0202: selected := providers[counter%len(providers)] -0203: -0204: s.counters["roundrobin"] = counter + 1 -0205: -0206: return selected, nil -0207: } -0208: ``` -0209: -0210: ### Quota-Aware Strategy -0211: -0212: ```go -0213: type QuotaAwareStrategy struct{} -0214: -0215: func (s *QuotaAwareStrategy) Select(providers []string, metrics *ProviderMetrics) (string, error) { -0216: var bestProvider string -0217: var bestQuota float64 -0218: -0219: for _, provider := range providers { -0220: quota := metrics.GetQuotaRemaining(provider) - -### FILE: docs/features/operations/USER.md -0001: # User Guide: High-Scale Operations -0002: -0003: ## Understanding Operations in cliproxyapi++ -0004: -0005: cliproxyapi++ is built for production environments with intelligent operations that automatically handle rate limits, load balance requests, monitor health, and recover from failures. This guide explains how to configure and use these features. -0006: -0007: ## Quick Start: Production Deployment -0008: -0009: ### docker-compose.yml (Production) -0010: -0011: ```yaml -0012: services: -0013: cliproxy: -0014: image: KooshaPari/cliproxyapi-plusplus:latest -0015: container_name: cliproxyapi++ -0016: -0017: # Security -0018: security_opt: -0019: - no-new-privileges:true -0020: read_only: true -0021: user: "65534:65534" -0022: -0023: # Resources -0024: deploy: -0025: resources: -0026: limits: -0027: cpus: '4' -0028: memory: 2G -0029: reservations: -0030: cpus: '1' -0031: memory: 512M -0032: -0033: # Health check -0034: healthcheck: -0035: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8317/health"] -0036: interval: 30s -0037: timeout: 10s -0038: retries: 3 -0039: start_period: 40s -0040: -0041: # Ports -0042: ports: -0043: - "8317:8317" -0044: - "9090:9090" # Metrics -0045: -0046: # Volumes -0047: volumes: -0048: - ./config.yaml:/config/config.yaml:ro -0049: - ./auths:/auths:rw -0050: - ./logs:/logs:rw -0051: -0052: # Restart -0053: restart: unless-stopped -0054: ``` -0055: -0056: ## Intelligent Cooldown -0057: -0058: ### What is Cooldown? -0059: -0060: When a provider returns rate limit errors (429), cliproxyapi++ automatically pauses requests to that provider for a configurable cooldown period. This prevents your IP from being flagged and allows the provider to recover. -0061: -0062: ### Configure Cooldown -0063: -0064: **config.yaml**: -0065: ```yaml -0066: server: -0067: operations: -0068: cooldown: -0069: enabled: true -0070: detection_window: "1m" -0071: error_threshold: 5 # 5 errors in 1 minute triggers cooldown -0072: -0073: providers: -0074: claude: -0075: cooldown: -0076: enabled: true -0077: default_duration: "5m" -0078: rate_limit_duration: "10m" # Longer cooldown for 429 -0079: error_duration: "2m" # Shorter for other errors -0080: -0081: openai: -0082: cooldown: -0083: enabled: true -0084: default_duration: "3m" -0085: rate_limit_duration: "5m" -0086: error_duration: "1m" -0087: ``` -0088: -0089: ### Monitor Cooldown Status -0090: -0091: ```bash -0092: # Check cooldown status -0093: curl http://localhost:8317/v0/operations/cooldown/status -0094: ``` -0095: -0096: Response: -0097: ```json -0098: { -0099: "providers_in_cooldown": ["claude"], -0100: "cooldown_periods": { -0101: "claude": { -0102: "started_at": "2026-02-19T22:50:00Z", -0103: "ends_at": "2026-02-19T23:00:00Z", -0104: "remaining_seconds": 300, -0105: "reason": "rate_limit" -0106: } -0107: } -0108: } -0109: ``` -0110: -0111: ### Manual Cooldown Control -0112: -0113: **Force cooldown**: -0114: ```bash -0115: curl -X POST http://localhost:8317/v0/operations/providers/claude/cooldown \ -0116: -H "Content-Type: application/json" \ -0117: -d '{ -0118: "duration": "10m", -0119: "reason": "manual" -0120: }' -0121: ``` -0122: -0123: **Force recovery**: -0124: ```bash -0125: curl -X POST http://localhost:8317/v0/operations/providers/claude/recover -0126: ``` -0127: -0128: ## Load Balancing -0129: -0130: ### Choose a Strategy -0131: -0132: **config.yaml**: -0133: ```yaml -0134: server: -0135: operations: -0136: load_balancing: -0137: strategy: "round_robin" # Options: round_robin, quota_aware, latency, cost -0138: ``` -0139: -0140: **Strategies**: -0141: - `round_robin`: Rotate evenly through providers (default) -0142: - `quota_aware`: Use provider with most remaining quota -0143: - `latency`: Use provider with lowest recent latency -0144: - `cost`: Use provider with lowest average cost -0145: -0146: ### Round-Robin (Default) -0147: -0148: ```yaml -0149: server: -0150: operations: -0151: load_balancing: -0152: strategy: "round_robin" -0153: ``` -0154: -0155: **Best for**: Simple deployments with similar providers. -0156: -0157: ### Quota-Aware -0158: -0159: ```yaml -0160: server: -0161: operations: -0162: load_balancing: -0163: strategy: "quota_aware" -0164: -0165: providers: -0166: claude: -0167: quota: -0168: limit: 1000000 -0169: reset: "monthly" -0170: -0171: openai: -0172: quota: -0173: limit: 2000000 -0174: reset: "monthly" -0175: ``` -0176: -0177: **Best for**: Managing API quota limits across multiple providers. -0178: -0179: ### Latency-Based -0180: -0181: ```yaml -0182: server: -0183: operations: -0184: load_balancing: -0185: strategy: "latency" -0186: latency_window: "5m" # Average over last 5 minutes -0187: ``` -0188: -0189: **Best for**: Performance-critical applications. -0190: -0191: ### Cost-Based -0192: -0193: ```yaml -0194: server: -0195: operations: -0196: load_balancing: -0197: strategy: "cost" -0198: -0199: providers: -0200: claude: -0201: cost_per_1k_tokens: -0202: input: 0.003 -0203: output: 0.015 -0204: -0205: openai: -0206: cost_per_1k_tokens: -0207: input: 0.005 -0208: output: 0.015 -0209: ``` -0210: -0211: **Best for**: Cost optimization. -0212: -0213: ### Provider Priority -0214: -0215: ```yaml -0216: providers: -0217: claude: -0218: priority: 1 # Higher priority -0219: gemini: -0220: priority: 2 - -### FILE: docs/features/providers/SPEC.md -0001: # Technical Specification: Provider Registry & Support -0002: -0003: ## Overview -0004: -0005: **cliproxyapi++** supports an extensive registry of LLM providers, from direct API integrations to multi-provider aggregators and proprietary protocols. This specification details the provider architecture, supported providers, and extension mechanisms. -0006: -0007: ## Provider Architecture -0008: -0009: ### Provider Types -0010: -0011: ``` -0012: Provider Registry -0013: ├── Direct Providers -0014: │ ├── Claude (Anthropic) -0015: │ ├── Gemini (Google) -0016: │ ├── OpenAI -0017: │ ├── Mistral -0018: │ ├── Groq -0019: │ └── DeepSeek -0020: ├── Aggregator Providers -0021: │ ├── OpenRouter -0022: │ ├── Together AI -0023: │ ├── Fireworks AI -0024: │ ├── Novita AI -0025: │ └── SiliconFlow -0026: └── Proprietary Providers -0027: ├── Kiro (AWS CodeWhisperer) -0028: ├── GitHub Copilot -0029: ├── Roo Code -0030: ├── Kilo AI -0031: └── MiniMax -0032: ``` -0033: -0034: ### Provider Interface -0035: -0036: ```go -0037: type Provider interface { -0038: // Provider metadata -0039: Name() string -0040: Type() ProviderType -0041: -0042: // Model support -0043: SupportsModel(model string) bool -0044: ListModels() []Model -0045: -0046: // Authentication -0047: AuthType() AuthType -0048: RequiresAuth() bool -0049: -0050: // Execution -0051: Execute(ctx context.Context, req *Request) (*Response, error) -0052: ExecuteStream(ctx context.Context, req *Request) (<-chan *Chunk, error) -0053: -0054: // Capabilities -0055: SupportsStreaming() bool -0056: SupportsFunctions() bool -0057: MaxTokens() int -0058: -0059: // Health -0060: HealthCheck(ctx context.Context) error -0061: } -0062: ``` -0063: -0064: ### Provider Configuration -0065: -0066: ```go -0067: type ProviderConfig struct { -0068: Name string `yaml:"name"` -0069: Type string `yaml:"type"` -0070: Enabled bool `yaml:"enabled"` -0071: AuthType string `yaml:"auth_type"` -0072: Endpoint string `yaml:"endpoint"` -0073: Models []ModelConfig `yaml:"models"` -0074: Features ProviderFeatures `yaml:"features"` -0075: Limits ProviderLimits `yaml:"limits"` -0076: Cooldown CooldownConfig `yaml:"cooldown"` -0077: Priority int `yaml:"priority"` -0078: } -0079: -0080: type ModelConfig struct { -0081: Name string `yaml:"name"` -0082: Enabled bool `yaml:"enabled"` -0083: MaxTokens int `yaml:"max_tokens"` -0084: SupportsFunctions bool `yaml:"supports_functions"` -0085: SupportsStreaming bool `yaml:"supports_streaming"` -0086: } -0087: -0088: type ProviderFeatures struct { -0089: Streaming bool `yaml:"streaming"` -0090: Functions bool `yaml:"functions"` -0091: Vision bool `yaml:"vision"` -0092: CodeGeneration bool `yaml:"code_generation"` -0093: Multimodal bool `yaml:"multimodal"` -0094: } -0095: -0096: type ProviderLimits struct { -0097: RequestsPerMinute int `yaml:"requests_per_minute"` -0098: TokensPerMinute int `yaml:"tokens_per_minute"` -0099: MaxTokensPerReq int `yaml:"max_tokens_per_request"` -0100: } -0101: ``` -0102: -0103: ## Direct Providers -0104: -0105: ### Claude (Anthropic) -0106: -0107: **Provider Type**: `claude` -0108: -0109: **Authentication**: API Key -0110: -0111: **Models**: -0112: - `claude-3-5-sonnet` (max: 200K tokens) -0113: - `claude-3-5-haiku` (max: 200K tokens) -0114: - `claude-3-opus` (max: 200K tokens) -0115: -0116: **Features**: -0117: - Streaming: ✅ -0118: - Functions: ✅ -0119: - Vision: ✅ -0120: - Code generation: ✅ -0121: -0122: **Configuration**: -0123: ```yaml -0124: providers: -0125: claude: -0126: type: "claude" -0127: enabled: true -0128: auth_type: "api_key" -0129: endpoint: "https://api.anthropic.com" -0130: models: -0131: - name: "claude-3-5-sonnet" -0132: enabled: true -0133: max_tokens: 200000 -0134: supports_functions: true -0135: supports_streaming: true -0136: features: -0137: streaming: true -0138: functions: true -0139: vision: true -0140: code_generation: true -0141: limits: -0142: requests_per_minute: 60 -0143: tokens_per_minute: 40000 -0144: ``` -0145: -0146: **API Endpoint**: `https://api.anthropic.com/v1/messages` -0147: -0148: **Request Format**: -0149: ```json -0150: { -0151: "model": "claude-3-5-sonnet-20241022", -0152: "max_tokens": 1024, -0153: "messages": [ -0154: {"role": "user", "content": "Hello!"} -0155: ], -0156: "stream": true -0157: } -0158: ``` -0159: -0160: **Headers**: -0161: ``` -0162: x-api-key: sk-ant-xxxx -0163: anthropic-version: 2023-06-01 -0164: content-type: application/json -0165: ``` -0166: -0167: ### Gemini (Google) -0168: -0169: **Provider Type**: `gemini` -0170: -0171: **Authentication**: API Key -0172: -0173: **Models**: -0174: - `gemini-1.5-pro` (max: 1M tokens) -0175: - `gemini-1.5-flash` (max: 1M tokens) -0176: - `gemini-1.0-pro` (max: 32K tokens) -0177: -0178: **Features**: -0179: - Streaming: ✅ -0180: - Functions: ✅ -0181: - Vision: ✅ -0182: - Multimodal: ✅ -0183: -0184: **Configuration**: -0185: ```yaml -0186: providers: -0187: gemini: -0188: type: "gemini" -0189: enabled: true -0190: auth_type: "api_key" -0191: endpoint: "https://generativelanguage.googleapis.com" -0192: models: -0193: - name: "gemini-1.5-pro" -0194: enabled: true -0195: max_tokens: 1000000 -0196: features: -0197: streaming: true -0198: functions: true -0199: vision: true -0200: multimodal: true -0201: ``` -0202: -0203: ### OpenAI -0204: -0205: **Provider Type**: `openai` -0206: -0207: **Authentication**: API Key -0208: -0209: **Models**: -0210: - `gpt-4-turbo` (max: 128K tokens) -0211: - `gpt-4` (max: 8K tokens) -0212: - `gpt-3.5-turbo` (max: 16K tokens) -0213: -0214: **Features**: -0215: - Streaming: ✅ -0216: - Functions: ✅ -0217: - Vision: ✅ (GPT-4 Vision) -0218: -0219: **Configuration**: -0220: ```yaml - -### FILE: docs/features/providers/USER.md -0001: # User Guide: Provider Registry -0002: -0003: ## Understanding Providers in cliproxyapi++ -0004: -0005: cliproxyapi++ supports an extensive registry of LLM providers, from direct API integrations (Claude, Gemini, OpenAI) to multi-provider aggregators (OpenRouter, Together AI) and proprietary protocols (Kiro, GitHub Copilot). This guide explains how to configure and use these providers. -0006: -0007: ## Quick Start: Using a Provider -0008: -0009: ### 1. Add Provider Credential -0010: -0011: ```bash -0012: # Claude API key -0013: echo '{"type":"api_key","token":"sk-ant-xxxxx"}' > auths/claude.json -0014: -0015: # OpenAI API key -0016: echo '{"type":"api_key","token":"sk-xxxxx"}' > auths/openai.json -0017: -0018: # Gemini API key -0019: echo '{"type":"api_key","token":"AIzaSyxxxxx"}' > auths/gemini.json -0020: ``` -0021: -0022: ### 2. Configure Provider -0023: -0024: **config.yaml**: -0025: ```yaml -0026: providers: -0027: claude: -0028: type: "claude" -0029: enabled: true -0030: auth_type: "api_key" -0031: -0032: openai: -0033: type: "openai" -0034: enabled: true -0035: auth_type: "api_key" -0036: -0037: gemini: -0038: type: "gemini" -0039: enabled: true -0040: auth_type: "api_key" -0041: ``` -0042: -0043: ### 3. Make Request -0044: -0045: ```bash -0046: curl -X POST http://localhost:8317/v1/chat/completions \ -0047: -H "Content-Type: application/json" \ -0048: -d '{ -0049: "model": "claude-3-5-sonnet", -0050: "messages": [{"role": "user", "content": "Hello!"}] -0051: }' -0052: ``` -0053: -0054: ## Direct Providers -0055: -0056: ### Claude (Anthropic) -0057: -0058: **Best for**: Advanced reasoning, long context, vision tasks -0059: -0060: **Models**: -0061: - `claude-3-5-sonnet` - Most capable, 200K context -0062: - `claude-3-5-haiku` - Fast, 200K context -0063: - `claude-3-opus` - High performance, 200K context -0064: -0065: **Configuration**: -0066: ```yaml -0067: providers: -0068: claude: -0069: type: "claude" -0070: enabled: true -0071: auth_type: "api_key" -0072: models: -0073: - name: "claude-3-5-sonnet" -0074: enabled: true -0075: ``` -0076: -0077: **Usage**: -0078: ```bash -0079: curl -X POST http://localhost:8317/v1/chat/completions \ -0080: -H "Content-Type: application/json" \ -0081: -d '{ -0082: "model": "claude-3-5-sonnet", -0083: "messages": [{"role": "user", "content": "Explain quantum computing"}] -0084: }' -0085: ``` -0086: -0087: ### Gemini (Google) -0088: -0089: **Best for**: Multimodal tasks, long context, cost-effective -0090: -0091: **Models**: -0092: - `gemini-1.5-pro` - 1M context window -0093: - `gemini-1.5-flash` - Fast, 1M context -0094: - `gemini-1.0-pro` - Stable, 32K context -0095: -0096: **Configuration**: -0097: ```yaml -0098: providers: -0099: gemini: -0100: type: "gemini" -0101: enabled: true -0102: auth_type: "api_key" -0103: ``` -0104: -0105: **Usage**: -0106: ```bash -0107: curl -X POST http://localhost:8317/v1/chat/completions \ -0108: -H "Content-Type: application/json" \ -0109: -d '{ -0110: "model": "gemini-1.5-pro", -0111: "messages": [{"role": "user", "content": "What is machine learning?"}] -0112: }' -0113: ``` -0114: -0115: ### OpenAI -0116: -0117: **Best for**: General purpose, functions, ecosystem -0118: -0119: **Models**: -0120: - `gpt-4-turbo` - 128K context -0121: - `gpt-4` - 8K context -0122: - `gpt-3.5-turbo` - Fast, 16K context -0123: -0124: **Configuration**: -0125: ```yaml -0126: providers: -0127: openai: -0128: type: "openai" -0129: enabled: true -0130: auth_type: "api_key" -0131: ``` -0132: -0133: **Usage**: -0134: ```bash -0135: curl -X POST http://localhost:8317/v1/chat/completions \ -0136: -H "Content-Type: application/json" \ -0137: -d '{ -0138: "model": "gpt-4-turbo", -0139: "messages": [{"role": "user", "content": "Hello!"}] -0140: }' -0141: ``` -0142: -0143: ## Aggregator Providers -0144: -0145: ### OpenRouter -0146: -0147: **Best for**: Access to 100+ models through one API -0148: -0149: **Features**: -0150: - Unified pricing -0151: - Model comparison -0152: - Easy model switching -0153: -0154: **Configuration**: -0155: ```yaml -0156: providers: -0157: openrouter: -0158: type: "openrouter" -0159: enabled: true -0160: auth_type: "api_key" -0161: ``` -0162: -0163: **Usage**: -0164: ```bash -0165: # Access Claude through OpenRouter -0166: curl -X POST http://localhost:8317/v1/chat/completions \ -0167: -H "Content-Type: application/json" \ -0168: -d '{ -0169: "model": "anthropic/claude-3.5-sonnet", -0170: "messages": [{"role": "user", "content": "Hello!"}] -0171: }' -0172: ``` -0173: -0174: ### Together AI -0175: -0176: **Best for**: Open-source models at scale -0177: -0178: **Features**: -0179: - Llama, Mistral, and more -0180: - Fast inference -0181: - Cost-effective -0182: -0183: **Configuration**: -0184: ```yaml -0185: providers: -0186: together: -0187: type: "together" -0188: enabled: true -0189: auth_type: "api_key" -0190: ``` -0191: -0192: **Usage**: -0193: ```bash -0194: curl -X POST http://localhost:8317/v1/chat/completions \ -0195: -H "Content-Type: application/json" \ -0196: -d '{ -0197: "model": "meta-llama/Llama-3-70b-chat-hf", -0198: "messages": [{"role": "user", "content": "Hello!"}] -0199: }' -0200: ``` -0201: -0202: ### Fireworks AI -0203: -0204: **Best for**: Sub-second latency -0205: -0206: **Features**: -0207: - Fast inference -0208: - Open-source models -0209: - API-first -0210: -0211: **Configuration**: -0212: ```yaml -0213: providers: -0214: fireworks: -0215: type: "fireworks" -0216: enabled: true -0217: auth_type: "api_key" -0218: ``` -0219: -0220: **Usage**: - -### FILE: docs/features/security/SPEC.md -0001: # Technical Specification: Security Hardening ("Defense in Depth") -0002: -0003: ## Overview -0004: -0005: **cliproxyapi++** implements a comprehensive "Defense in Depth" security philosophy with multiple layers of protection: CI-enforced code integrity, hardened container images, device fingerprinting, and secure credential management. -0006: -0007: ## Security Architecture -0008: -0009: ### Defense Layers -0010: -0011: ``` -0012: Layer 1: Code Integrity -0013: ├── Path Guard (CI enforcement) -0014: ├── Signed releases -0015: └── Multi-arch builds -0016: -0017: Layer 2: Container Hardening -0018: ├── Minimal base image (Alpine 3.22.0) -0019: ├── Non-root user -0020: ├── Read-only filesystem -0021: └── Seccomp profiles -0022: -0023: Layer 3: Credential Security -0024: ├── Encrypted storage -0025: ├── Secure file permissions -0026: ├── Token refresh isolation -0027: └── Device fingerprinting -0028: -0029: Layer 4: Network Security -0030: ├── TLS only -0031: ├── Request validation -0032: ├── Rate limiting -0033: └── IP allowlisting -0034: -0035: Layer 5: Operational Security -0036: ├── Audit logging -0037: ├── Secret scanning -0038: ├── Dependency scanning -0039: └── Vulnerability management -0040: ``` -0041: -0042: ## Layer 1: Code Integrity -0043: -0044: ### Path Guard CI Enforcement -0045: -0046: **Purpose**: Prevent unauthorized changes to critical translation logic during pull requests. -0047: -0048: **Implementation** (`.github/workflows/pr-path-guard.yml`): -0049: ```yaml -0050: name: Path Guard -0051: on: -0052: pull_request: -0053: paths: -0054: - 'pkg/llmproxy/translator/**' -0055: - 'pkg/llmproxy/auth/**' -0056: -0057: jobs: -0058: guard: -0059: runs-on: ubuntu-latest -0060: steps: -0061: - uses: actions/checkout@v4 -0062: with: -0063: fetch-depth: 0 -0064: -0065: - name: Check path protection -0066: run: | -0067: # Only allow changes from trusted maintainers -0068: if ! git log --format="%an" ${{ github.event.pull_request.base.sha }}..${{ github.sha }} | grep -q "KooshaPari"; then -0069: echo "::error::Unauthorized changes to protected paths" -0070: exit 1 -0071: fi -0072: -0073: - name: Verify no translator logic changes -0074: run: | -0075: # Ensure core translation logic hasn't been tampered -0076: if git diff ${{ github.event.pull_request.base.sha }}..${{ github.sha }} --name-only | grep -q "pkg/llmproxy/translator/.*\.go$"; then -0077: echo "::warning::Translator logic changed - requires maintainer review" -0078: fi -0079: ``` -0080: -0081: **Protected Paths**: -0082: - `pkg/llmproxy/translator/` - Core translation logic -0083: - `pkg/llmproxy/auth/` - Authentication flows -0084: - `pkg/llmproxy/provider/` - Provider execution -0085: -0086: **Authorization Rules**: -0087: - Only repository maintainers can modify -0088: - All changes require at least 2 maintainer approvals -0089: - Must pass security review -0090: -0091: ### Signed Releases -0092: -0093: **Purpose**: Ensure released artifacts are authentic and tamper-proof. -0094: -0095: **Implementation** (`.goreleaser.yml`): -0096: ```yaml -0097: signs: -0098: - artifacts: checksum -0099: args: -0100: - "--batch" -0101: - "--local-user" -0102: - "${GPG_FINGERPRINT}" -0103: ``` -0104: -0105: **Verification**: -0106: ```bash -0107: # Download release -0108: wget https://github.com/KooshaPari/cliproxyapi-plusplus/releases/download/v6.0.0/cliproxyapi-plusplus_6.0.0_checksums.txt -0109: -0110: # Download signature -0111: wget https://github.com/KooshaPari/cliproxyapi-plusplus/releases/download/v6.0.0/cliproxyapi-plusplus_6.0.0_checksums.txt.sig -0112: -0113: # Import GPG key -0114: gpg --keyserver keyserver.ubuntu.com --recv-keys XXXXXXXX -0115: -0116: # Verify signature -0117: gpg --verify cliproxyapi-plusplus_6.0.0_checksums.txt.sig cliproxyapi-plusplus_6.0.0_checksums.txt -0118: -0119: # Verify checksum -0120: sha256sum -c cliproxyapi-plusplus_6.0.0_checksums.txt -0121: ``` -0122: -0123: ### Multi-Arch Builds -0124: -0125: **Purpose**: Provide consistent security across architectures. -0126: -0127: **Platforms**: -0128: - `linux/amd64` -0129: - `linux/arm64` -0130: - `darwin/amd64` -0131: - `darwin/arm64` -0132: -0133: **CI Build Matrix**: -0134: ```yaml -0135: strategy: -0136: matrix: -0137: goos: [linux, darwin] -0138: goarch: [amd64, arm64] -0139: ``` -0140: -0141: ## Layer 2: Container Hardening -0142: -0143: ### Minimal Base Image -0144: -0145: **Base**: Alpine Linux 3.22.0 -0146: -0147: **Dockerfile**: -0148: ```dockerfile -0149: FROM alpine:3.22.0 AS builder -0150: -0151: # Install build dependencies -0152: RUN apk add --no-cache \ -0153: ca-certificates \ -0154: gcc \ -0155: musl-dev -0156: -0157: # Build application -0158: COPY . . -0159: RUN go build -o cliproxyapi cmd/server/main.go -0160: -0161: # Final stage - minimal runtime -0162: FROM scratch -0163: COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -0164: COPY --from=builder /cliproxyapi /cliproxyapi -0165: -0166: # Non-root user -0167: USER 65534:65534 -0168: -0169: # Read-only filesystem -0170: VOLUME ["/config", "/auths", "/logs"] -0171: -0172: ENTRYPOINT ["/cliproxyapi"] -0173: ``` -0174: -0175: **Security Benefits**: -0176: - Minimal attack surface (no shell, no package manager) -0177: - No unnecessary packages -0178: - Static binary linking -0179: - Reproducible builds -0180: -0181: ### Security Context -0182: -0183: **docker-compose.yml**: -0184: ```yaml -0185: services: -0186: cliproxy: -0187: image: KooshaPari/cliproxyapi-plusplus:latest -0188: security_opt: -0189: - no-new-privileges:true -0190: read_only: true -0191: tmpfs: -0192: - /tmp:noexec,nosuid,size=100m -0193: cap_drop: -0194: - ALL -0195: cap_add: -0196: - NET_BIND_SERVICE -0197: user: "65534:65534" -0198: ``` -0199: -0200: **Explanation**: -0201: - `no-new-privileges`: Prevent privilege escalation -0202: - `read_only`: Immutable filesystem -0203: - `tmpfs`: Noexec on temporary files -0204: - `cap_drop:ALL`: Drop all capabilities -0205: - `cap_add:NET_BIND_SERVICE`: Only allow binding ports -0206: - `user:65534:65534`: Run as non-root (nobody) -0207: -0208: ### Seccomp Profiles -0209: -0210: **Custom seccomp profile** (`seccomp-profile.json`): -0211: ```json -0212: { -0213: "defaultAction": "SCMP_ACT_ERRNO", -0214: "architectures": ["SCMP_ARCH_X86_64", "SCMP_ARCH_AARCH64"], -0215: "syscalls": [ -0216: { -0217: "names": ["read", "write", "open", "close", "stat", "fstat", "lstat"], -0218: "action": "SCMP_ACT_ALLOW" -0219: }, -0220: { - -### FILE: docs/features/security/USER.md -0001: # User Guide: Security Hardening -0002: -0003: ## Understanding Security in cliproxyapi++ -0004: -0005: cliproxyapi++ is built with a "Defense in Depth" philosophy, meaning multiple layers of security protect your deployments. This guide explains how to configure and use these security features effectively. -0006: -0007: ## Quick Security Checklist -0008: -0009: **Before deploying to production**: -0010: -0011: ```bash -0012: # 1. Verify Docker image is signed -0013: docker pull KooshaPari/cliproxyapi-plusplus:latest -0014: docker trust verify KooshaPari/cliproxyapi-plusplus:latest -0015: -0016: # 2. Set secure file permissions -0017: chmod 600 auths/*.json -0018: chmod 700 auths/ -0019: -0020: # 3. Enable TLS -0021: # Edit config.yaml to enable TLS (see below) -0022: -0023: # 4. Enable encryption -0024: # Generate encryption key and set in config.yaml -0025: -0026: # 5. Configure rate limiting -0027: # Set appropriate limits in config.yaml -0028: ``` -0029: -0030: ## Container Security -0031: -0032: ### Hardened Docker Deployment -0033: -0034: **docker-compose.yml**: -0035: ```yaml -0036: services: -0037: cliproxy: -0038: image: KooshaPari/cliproxyapi-plusplus:latest -0039: container_name: cliproxyapi++ -0040: -0041: # Security options -0042: security_opt: -0043: - no-new-privileges:true -0044: read_only: true -0045: tmpfs: -0046: - /tmp:noexec,nosuid,size=100m -0047: cap_drop: -0048: - ALL -0049: cap_add: -0050: - NET_BIND_SERVICE -0051: -0052: # Non-root user -0053: user: "65534:65534" -0054: -0055: # Volumes (writable only for these) -0056: volumes: -0057: - ./config.yaml:/config/config.yaml:ro -0058: - ./auths:/auths:rw -0059: - ./logs:/logs:rw -0060: - ./tls:/tls:ro -0061: -0062: # Network -0063: ports: -0064: - "8317:8317" -0065: -0066: # Resource limits -0067: deploy: -0068: resources: -0069: limits: -0070: cpus: '2' -0071: memory: 1G -0072: reservations: -0073: cpus: '0.5' -0074: memory: 256M -0075: -0076: restart: unless-stopped -0077: ``` -0078: -0079: **Explanation**: -0080: - `no-new-privileges`: Prevents processes from gaining more privileges -0081: - `read_only`: Makes container filesystem immutable (attackers can't modify binaries) -0082: - `tmpfs:noexec`: Prevents execution of files in `/tmp` -0083: - `cap_drop:ALL`: Drops all Linux capabilities -0084: - `cap_add:NET_BIND_SERVICE`: Only adds back the ability to bind ports -0085: - `user:65534:65534`: Runs as non-root "nobody" user -0086: -0087: ### Seccomp Profiles (Advanced) -0088: -0089: **Custom seccomp profile**: -0090: ```bash -0091: # Save seccomp profile -0092: cat > seccomp-profile.json << 'EOF' -0093: { -0094: "defaultAction": "SCMP_ACT_ERRNO", -0095: "syscalls": [ -0096: { -0097: "names": ["read", "write", "open", "close", "socket", "bind", "listen"], -0098: "action": "SCMP_ACT_ALLOW" -0099: } -0100: ] -0101: } -0102: EOF -0103: -0104: # Use in docker-compose -0105: security_opt: -0106: - seccomp:./seccomp-profile.json -0107: ``` -0108: -0109: ## TLS Configuration -0110: -0111: ### Enable HTTPS -0112: -0113: **config.yaml**: -0114: ```yaml -0115: server: -0116: port: 8317 -0117: tls: -0118: enabled: true -0119: cert_file: "/tls/tls.crt" -0120: key_file: "/tls/tls.key" -0121: min_version: "1.2" -0122: cipher_suites: -0123: - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" -0124: - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" -0125: ``` -0126: -0127: ### Generate Self-Signed Certificate (Testing) -0128: -0129: ```bash -0130: # Generate private key -0131: openssl genrsa -out tls.key 2048 -0132: -0133: # Generate certificate -0134: openssl req -new -x509 -key tls.key -out tls.crt -days 365 \ -0135: -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost" -0136: -0137: # Set permissions -0138: chmod 600 tls.key -0139: chmod 644 tls.crt -0140: ``` -0141: -0142: ### Use Let's Encrypt (Production) -0143: -0144: ```bash -0145: # Install certbot -0146: sudo apt-get install certbot -0147: -0148: # Generate certificate -0149: sudo certbot certonly --standalone -d proxy.example.com -0150: -0151: # Copy to tls directory -0152: sudo cp /etc/letsencrypt/live/proxy.example.com/fullchain.pem tls/tls.crt -0153: sudo cp /etc/letsencrypt/live/proxy.example.com/privkey.pem tls/tls.key -0154: -0155: # Set permissions -0156: sudo chown $USER:$USER tls/tls.key tls/tls.crt -0157: chmod 600 tls/tls.key -0158: chmod 644 tls/tls.crt -0159: ``` -0160: -0161: ## Credential Encryption -0162: -0163: ### Enable Encryption -0164: -0165: **config.yaml**: -0166: ```yaml -0167: auth: -0168: encryption: -0169: enabled: true -0170: key: "YOUR_32_BYTE_ENCRYPTION_KEY_HERE" -0171: ``` -0172: -0173: ### Generate Encryption Key -0174: -0175: ```bash -0176: # Method 1: Using openssl -0177: openssl rand -base64 32 -0178: -0179: # Method 2: Using Python -0180: python3 -c "import secrets; print(secrets.token_urlsafe(32))" -0181: -0182: # Method 3: Using /dev/urandom -0183: head -c 32 /dev/urandom | base64 -0184: ``` -0185: -0186: ### Environment Variable (Recommended) -0187: -0188: ```yaml -0189: auth: -0190: encryption: -0191: enabled: true -0192: key: "${CLIPROXY_ENCRYPTION_KEY}" -0193: ``` -0194: -0195: ```bash -0196: # Set in environment -0197: export CLIPRO_ENCRYPTION_KEY="$(openssl rand -base64 32)" -0198: -0199: # Use in docker-compose -0200: environment: -0201: - CLIPRO_ENCRYPTION_KEY=${CLIPRO_ENCRYPTION_KEY} -0202: ``` -0203: -0204: ### Migrating Existing Credentials -0205: -0206: When enabling encryption, existing credentials remain unencrypted. To encrypt them: -0207: -0208: ```bash -0209: # 1. Enable encryption in config.yaml -0210: # 2. Restart service -0211: # 3. Re-add credentials (they will be encrypted) -0212: curl -X POST http://localhost:8317/v0/management/auths \ -0213: -H "Content-Type: application/json" \ -0214: -d '{ -0215: "provider": "claude", -0216: "type": "api_key", -0217: "token": "sk-ant-xxxxx" -0218: }' -0219: ``` -0220: - -### FILE: docs/index.md -0001: # cliproxy++ -0002: -0003: This is the VitePress entrypoint for cliproxyapi++ documentation. -0004: -0005: ## Audience Docsets -0006: -0007: - [Developer (Internal)](./docsets/developer/internal/) -0008: - [Developer (External)](./docsets/developer/external/) -0009: - [Technical User](./docsets/user/) -0010: - [Agent Operator](./docsets/agent/) -0011: -0012: ## Key References -0013: -0014: - [Feature Changes in ++](./FEATURE_CHANGES_PLUSPLUS.md) -0015: - [Documentation README](./README.md) -0016: - [API Docs](./api/) -0017: - [Feature Docs](./features/) - -### FILE: docs/sdk-access.md -0001: # @sdk/access SDK Reference -0002: -0003: The `github.com/router-for-me/CLIProxyAPI/v6/sdk/access` package centralizes inbound request authentication for the proxy. It offers a lightweight manager that chains credential providers, so servers can reuse the same access control logic inside or outside the CLI runtime. -0004: -0005: ## Importing -0006: -0007: ```go -0008: import ( -0009: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0010: ) -0011: ``` -0012: -0013: Add the module with `go get github.com/router-for-me/CLIProxyAPI/v6/sdk/access`. -0014: -0015: ## Provider Registry -0016: -0017: Providers are registered globally and then attached to a `Manager` as a snapshot: -0018: -0019: - `RegisterProvider(type, provider)` installs a pre-initialized provider instance. -0020: - Registration order is preserved the first time each `type` is seen. -0021: - `RegisteredProviders()` returns the providers in that order. -0022: -0023: ## Manager Lifecycle -0024: -0025: ```go -0026: manager := sdkaccess.NewManager() -0027: manager.SetProviders(sdkaccess.RegisteredProviders()) -0028: ``` -0029: -0030: * `NewManager` constructs an empty manager. -0031: * `SetProviders` replaces the provider slice using a defensive copy. -0032: * `Providers` retrieves a snapshot that can be iterated safely from other goroutines. -0033: -0034: If the manager itself is `nil` or no providers are configured, the call returns `nil, nil`, allowing callers to treat access control as disabled. -0035: -0036: ## Authenticating Requests -0037: -0038: ```go -0039: result, authErr := manager.Authenticate(ctx, req) -0040: switch { -0041: case authErr == nil: -0042: // Authentication succeeded; result describes the provider and principal. -0043: case sdkaccess.IsAuthErrorCode(authErr, sdkaccess.AuthErrorCodeNoCredentials): -0044: // No recognizable credentials were supplied. -0045: case sdkaccess.IsAuthErrorCode(authErr, sdkaccess.AuthErrorCodeInvalidCredential): -0046: // Supplied credentials were present but rejected. -0047: default: -0048: // Internal/transport failure was returned by a provider. -0049: } -0050: ``` -0051: -0052: `Manager.Authenticate` walks the configured providers in order. It returns on the first success, skips providers that return `AuthErrorCodeNotHandled`, and aggregates `AuthErrorCodeNoCredentials` / `AuthErrorCodeInvalidCredential` for a final result. -0053: -0054: Each `Result` includes the provider identifier, the resolved principal, and optional metadata (for example, which header carried the credential). -0055: -0056: ## Built-in `config-api-key` Provider -0057: -0058: The proxy includes one built-in access provider: -0059: -0060: - `config-api-key`: Validates API keys declared under top-level `api-keys`. -0061: - Credential sources: `Authorization: Bearer`, `X-Goog-Api-Key`, `X-Api-Key`, `?key=`, `?auth_token=` -0062: - Metadata: `Result.Metadata["source"]` is set to the matched source label. -0063: -0064: In the CLI server and `sdk/cliproxy`, this provider is registered automatically based on the loaded configuration. -0065: -0066: ```yaml -0067: api-keys: -0068: - sk-test-123 -0069: - sk-prod-456 -0070: ``` -0071: -0072: ## Loading Providers from External Go Modules -0073: -0074: To consume a provider shipped in another Go module, import it for its registration side effect: -0075: -0076: ```go -0077: import ( -0078: _ "github.com/acme/xplatform/sdk/access/providers/partner" // registers partner-token -0079: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0080: ) -0081: ``` -0082: -0083: The blank identifier import ensures `init` runs so `sdkaccess.RegisterProvider` executes before you call `RegisteredProviders()` (or before `cliproxy.NewBuilder().Build()`). -0084: -0085: ### Metadata and auditing -0086: -0087: `Result.Metadata` carries provider-specific context. The built-in `config-api-key` provider, for example, stores the credential source (`authorization`, `x-goog-api-key`, `x-api-key`, `query-key`, `query-auth-token`). Populate this map in custom providers to enrich logs and downstream auditing. -0088: -0089: ## Writing Custom Providers -0090: -0091: ```go -0092: type customProvider struct{} -0093: -0094: func (p *customProvider) Identifier() string { return "my-provider" } -0095: -0096: func (p *customProvider) Authenticate(ctx context.Context, r *http.Request) (*sdkaccess.Result, *sdkaccess.AuthError) { -0097: token := r.Header.Get("X-Custom") -0098: if token == "" { -0099: return nil, sdkaccess.NewNotHandledError() -0100: } -0101: if token != "expected" { -0102: return nil, sdkaccess.NewInvalidCredentialError() -0103: } -0104: return &sdkaccess.Result{ -0105: Provider: p.Identifier(), -0106: Principal: "service-user", -0107: Metadata: map[string]string{"source": "x-custom"}, -0108: }, nil -0109: } -0110: -0111: func init() { -0112: sdkaccess.RegisterProvider("custom", &customProvider{}) -0113: } -0114: ``` -0115: -0116: A provider must implement `Identifier()` and `Authenticate()`. To make it available to the access manager, call `RegisterProvider` inside `init` with an initialized provider instance. -0117: -0118: ## Error Semantics -0119: -0120: - `NewNoCredentialsError()` (`AuthErrorCodeNoCredentials`): no credentials were present or recognized. (HTTP 401) -0121: - `NewInvalidCredentialError()` (`AuthErrorCodeInvalidCredential`): credentials were present but rejected. (HTTP 401) -0122: - `NewNotHandledError()` (`AuthErrorCodeNotHandled`): fall through to the next provider. -0123: - `NewInternalAuthError(message, cause)` (`AuthErrorCodeInternal`): transport/system failure. (HTTP 500) -0124: -0125: Errors propagate immediately to the caller unless they are classified as `not_handled` / `no_credentials` / `invalid_credential` and can be aggregated by the manager. -0126: -0127: ## Integration with cliproxy Service -0128: -0129: `sdk/cliproxy` wires `@sdk/access` automatically when you build a CLI service via `cliproxy.NewBuilder`. Supplying a manager lets you reuse the same instance in your host process: -0130: -0131: ```go -0132: coreCfg, _ := config.LoadConfig("config.yaml") -0133: accessManager := sdkaccess.NewManager() -0134: -0135: svc, _ := cliproxy.NewBuilder(). -0136: WithConfig(coreCfg). -0137: WithConfigPath("config.yaml"). -0138: WithRequestAccessManager(accessManager). -0139: Build() -0140: ``` -0141: -0142: Register any custom providers (typically via blank imports) before calling `Build()` so they are present in the global registry snapshot. -0143: -0144: ### Hot reloading -0145: -0146: When configuration changes, refresh any config-backed providers and then reset the manager's provider chain: -0147: -0148: ```go -0149: // configaccess is github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/access/config_access -0150: configaccess.Register(&newCfg.SDKConfig) -0151: accessManager.SetProviders(sdkaccess.RegisteredProviders()) -0152: ``` -0153: -0154: This mirrors the behaviour in `pkg/llmproxy/access.ApplyAccessProviders`, enabling runtime updates without restarting the process. - -### FILE: docs/sdk-access_CN.md -0001: # @sdk/access 开发指引 -0002: -0003: `github.com/router-for-me/CLIProxyAPI/v6/sdk/access` 包负责代理的入站访问认证。它提供一个轻量的管理器,用于按顺序链接多种凭证校验实现,让服务器在 CLI 运行时内外都能复用相同的访问控制逻辑。 -0004: -0005: ## 引用方式 -0006: -0007: ```go -0008: import ( -0009: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0010: ) -0011: ``` -0012: -0013: 通过 `go get github.com/router-for-me/CLIProxyAPI/v6/sdk/access` 添加依赖。 -0014: -0015: ## Provider Registry -0016: -0017: 访问提供者是全局注册,然后以快照形式挂到 `Manager` 上: -0018: -0019: - `RegisterProvider(type, provider)` 注册一个已经初始化好的 provider 实例。 -0020: - 每个 `type` 第一次出现时会记录其注册顺序。 -0021: - `RegisteredProviders()` 会按该顺序返回 provider 列表。 -0022: -0023: ## 管理器生命周期 -0024: -0025: ```go -0026: manager := sdkaccess.NewManager() -0027: manager.SetProviders(sdkaccess.RegisteredProviders()) -0028: ``` -0029: -0030: - `NewManager` 创建空管理器。 -0031: - `SetProviders` 替换提供者切片并做防御性拷贝。 -0032: - `Providers` 返回适合并发读取的快照。 -0033: -0034: 如果管理器本身为 `nil` 或未配置任何 provider,调用会返回 `nil, nil`,可视为关闭访问控制。 -0035: -0036: ## 认证请求 -0037: -0038: ```go -0039: result, authErr := manager.Authenticate(ctx, req) -0040: switch { -0041: case authErr == nil: -0042: // Authentication succeeded; result carries provider and principal. -0043: case sdkaccess.IsAuthErrorCode(authErr, sdkaccess.AuthErrorCodeNoCredentials): -0044: // No recognizable credentials were supplied. -0045: case sdkaccess.IsAuthErrorCode(authErr, sdkaccess.AuthErrorCodeInvalidCredential): -0046: // Credentials were present but rejected. -0047: default: -0048: // Provider surfaced a transport-level failure. -0049: } -0050: ``` -0051: -0052: `Manager.Authenticate` 会按顺序遍历 provider:遇到成功立即返回,`AuthErrorCodeNotHandled` 会继续尝试下一个;`AuthErrorCodeNoCredentials` / `AuthErrorCodeInvalidCredential` 会在遍历结束后汇总给调用方。 -0053: -0054: `Result` 提供认证提供者标识、解析出的主体以及可选元数据(例如凭证来源)。 -0055: -0056: ## 内建 `config-api-key` Provider -0057: -0058: 代理内置一个访问提供者: -0059: -0060: - `config-api-key`:校验 `config.yaml` 顶层的 `api-keys`。 -0061: - 凭证来源:`Authorization: Bearer`、`X-Goog-Api-Key`、`X-Api-Key`、`?key=`、`?auth_token=` -0062: - 元数据:`Result.Metadata["source"]` 会写入匹配到的来源标识 -0063: -0064: 在 CLI 服务端与 `sdk/cliproxy` 中,该 provider 会根据加载到的配置自动注册。 -0065: -0066: ```yaml -0067: api-keys: -0068: - sk-test-123 -0069: - sk-prod-456 -0070: ``` -0071: -0072: ## 引入外部 Go 模块提供者 -0073: -0074: 若要消费其它 Go 模块输出的访问提供者,直接用空白标识符导入以触发其 `init` 注册即可: -0075: -0076: ```go -0077: import ( -0078: _ "github.com/acme/xplatform/sdk/access/providers/partner" // registers partner-token -0079: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0080: ) -0081: ``` -0082: -0083: 空白导入可确保 `init` 先执行,从而在你调用 `RegisteredProviders()`(或 `cliproxy.NewBuilder().Build()`)之前完成 `sdkaccess.RegisterProvider`。 -0084: -0085: ### 元数据与审计 -0086: -0087: `Result.Metadata` 用于携带提供者特定的上下文信息。内建的 `config-api-key` 会记录凭证来源(`authorization`、`x-goog-api-key`、`x-api-key`、`query-key`、`query-auth-token`)。自定义提供者同样可以填充该 Map,以便丰富日志与审计场景。 -0088: -0089: ## 编写自定义提供者 -0090: -0091: ```go -0092: type customProvider struct{} -0093: -0094: func (p *customProvider) Identifier() string { return "my-provider" } -0095: -0096: func (p *customProvider) Authenticate(ctx context.Context, r *http.Request) (*sdkaccess.Result, *sdkaccess.AuthError) { -0097: token := r.Header.Get("X-Custom") -0098: if token == "" { -0099: return nil, sdkaccess.NewNotHandledError() -0100: } -0101: if token != "expected" { -0102: return nil, sdkaccess.NewInvalidCredentialError() -0103: } -0104: return &sdkaccess.Result{ -0105: Provider: p.Identifier(), -0106: Principal: "service-user", -0107: Metadata: map[string]string{"source": "x-custom"}, -0108: }, nil -0109: } -0110: -0111: func init() { -0112: sdkaccess.RegisterProvider("custom", &customProvider{}) -0113: } -0114: ``` -0115: -0116: 自定义提供者需要实现 `Identifier()` 与 `Authenticate()`。在 `init` 中用已初始化实例调用 `RegisterProvider` 注册到全局 registry。 -0117: -0118: ## 错误语义 -0119: -0120: - `NewNoCredentialsError()`(`AuthErrorCodeNoCredentials`):未提供或未识别到凭证。(HTTP 401) -0121: - `NewInvalidCredentialError()`(`AuthErrorCodeInvalidCredential`):凭证存在但校验失败。(HTTP 401) -0122: - `NewNotHandledError()`(`AuthErrorCodeNotHandled`):告诉管理器跳到下一个 provider。 -0123: - `NewInternalAuthError(message, cause)`(`AuthErrorCodeInternal`):网络/系统错误。(HTTP 500) -0124: -0125: 除可汇总的 `not_handled` / `no_credentials` / `invalid_credential` 外,其它错误会立即冒泡返回。 -0126: -0127: ## 与 cliproxy 集成 -0128: -0129: 使用 `sdk/cliproxy` 构建服务时会自动接入 `@sdk/access`。如果希望在宿主进程里复用同一个 `Manager` 实例,可传入自定义管理器: -0130: -0131: ```go -0132: coreCfg, _ := config.LoadConfig("config.yaml") -0133: accessManager := sdkaccess.NewManager() -0134: -0135: svc, _ := cliproxy.NewBuilder(). -0136: WithConfig(coreCfg). -0137: WithConfigPath("config.yaml"). -0138: WithRequestAccessManager(accessManager). -0139: Build() -0140: ``` -0141: -0142: 请在调用 `Build()` 之前完成自定义 provider 的注册(通常通过空白导入触发 `init`),以确保它们被包含在全局 registry 的快照中。 -0143: -0144: ### 动态热更新提供者 -0145: -0146: 当配置发生变化时,刷新依赖配置的 provider,然后重置 manager 的 provider 链: -0147: -0148: ```go -0149: // configaccess is github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/access/config_access -0150: configaccess.Register(&newCfg.SDKConfig) -0151: accessManager.SetProviders(sdkaccess.RegisteredProviders()) -0152: ``` -0153: -0154: 这一流程与 `pkg/llmproxy/access.ApplyAccessProviders` 保持一致,避免为更新访问策略而重启进程。 - -### FILE: docs/sdk-advanced.md -0001: # SDK Advanced: Executors & Translators -0002: -0003: This guide explains how to extend the embedded proxy with custom providers and schemas using the SDK. You will: -0004: - Implement a provider executor that talks to your upstream API -0005: - Register request/response translators for schema conversion -0006: - Register models so they appear in `/v1/models` -0007: -0008: The examples use Go 1.24+ and the v6 module path. -0009: -0010: ## Concepts -0011: -0012: - Provider executor: a runtime component implementing `auth.ProviderExecutor` that performs outbound calls for a given provider key (e.g., `gemini`, `claude`, `codex`). Executors can also implement `RequestPreparer` to inject credentials on raw HTTP requests. -0013: - Translator registry: schema conversion functions routed by `sdk/translator`. The built‑in handlers translate between OpenAI/Gemini/Claude/Codex formats; you can register new ones. -0014: - Model registry: publishes the list of available models per client/provider to power `/v1/models` and routing hints. -0015: -0016: ## 1) Implement a Provider Executor -0017: -0018: Create a type that satisfies `auth.ProviderExecutor`. -0019: -0020: ```go -0021: package myprov -0022: -0023: import ( -0024: "context" -0025: "net/http" -0026: -0027: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0028: clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" -0029: ) -0030: -0031: type Executor struct{} -0032: -0033: func (Executor) Identifier() string { return "myprov" } -0034: -0035: // Optional: mutate outbound HTTP requests with credentials -0036: func (Executor) PrepareRequest(req *http.Request, a *coreauth.Auth) error { -0037: // Example: req.Header.Set("Authorization", "Bearer "+a.APIKey) -0038: return nil -0039: } -0040: -0041: func (Executor) Execute(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (clipexec.Response, error) { -0042: // Build HTTP request based on req.Payload (already translated into provider format) -0043: // Use per‑auth transport if provided: transport := a.RoundTripper // via RoundTripperProvider -0044: // Perform call and return provider JSON payload -0045: return clipexec.Response{Payload: []byte(`{"ok":true}`)}, nil -0046: } -0047: -0048: func (Executor) ExecuteStream(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (<-chan clipexec.StreamChunk, error) { -0049: ch := make(chan clipexec.StreamChunk, 1) -0050: go func() { defer close(ch); ch <- clipexec.StreamChunk{Payload: []byte("data: {\"done\":true}\n\n")} }() -0051: return ch, nil -0052: } -0053: -0054: func (Executor) Refresh(ctx context.Context, a *coreauth.Auth) (*coreauth.Auth, error) { -0055: // Optionally refresh tokens and return updated auth -0056: return a, nil -0057: } -0058: ``` -0059: -0060: Register the executor with the core manager before starting the service: -0061: -0062: ```go -0063: core := coreauth.NewManager(coreauth.NewFileStore(cfg.AuthDir), nil, nil) -0064: core.RegisterExecutor(myprov.Executor{}) -0065: svc, _ := cliproxy.NewBuilder().WithConfig(cfg).WithConfigPath(cfgPath).WithCoreAuthManager(core).Build() -0066: ``` -0067: -0068: If your auth entries use provider `"myprov"`, the manager routes requests to your executor. -0069: -0070: ## 2) Register Translators -0071: -0072: The handlers accept OpenAI/Gemini/Claude/Codex inputs. To support a new provider format, register translation functions in `sdk/translator`’s default registry. -0073: -0074: Direction matters: -0075: - Request: register from inbound schema to provider schema -0076: - Response: register from provider schema back to inbound schema -0077: -0078: Example: Convert OpenAI Chat → MyProv Chat and back. -0079: -0080: ```go -0081: package myprov -0082: -0083: import ( -0084: "context" -0085: sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -0086: ) -0087: -0088: const ( -0089: FOpenAI = sdktr.Format("openai.chat") -0090: FMyProv = sdktr.Format("myprov.chat") -0091: ) -0092: -0093: func init() { -0094: sdktr.Register(FOpenAI, FMyProv, -0095: // Request transform (model, rawJSON, stream) -0096: func(model string, raw []byte, stream bool) []byte { return convertOpenAIToMyProv(model, raw, stream) }, -0097: // Response transform (stream & non‑stream) -0098: sdktr.ResponseTransform{ -0099: Stream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) []string { -0100: return convertStreamMyProvToOpenAI(model, originalReq, translatedReq, raw) -0101: }, -0102: NonStream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) string { -0103: return convertMyProvToOpenAI(model, originalReq, translatedReq, raw) -0104: }, -0105: }, -0106: ) -0107: } -0108: ``` -0109: -0110: When the OpenAI handler receives a request that should route to `myprov`, the pipeline uses the registered transforms automatically. -0111: -0112: ## 3) Register Models -0113: -0114: Expose models under `/v1/models` by registering them in the global model registry using the auth ID (client ID) and provider name. -0115: -0116: ```go -0117: models := []*cliproxy.ModelInfo{ -0118: { ID: "myprov-pro-1", Object: "model", Type: "myprov", DisplayName: "MyProv Pro 1" }, -0119: } -0120: cliproxy.GlobalModelRegistry().RegisterClient(authID, "myprov", models) -0121: ``` -0122: -0123: The embedded server calls this automatically for built‑in providers; for custom providers, register during startup (e.g., after loading auths) or upon auth registration hooks. -0124: -0125: ## Credentials & Transports -0126: -0127: - Use `Manager.SetRoundTripperProvider` to inject per‑auth `*http.Transport` (e.g., proxy): -0128: ```go -0129: core.SetRoundTripperProvider(myProvider) // returns transport per auth -0130: ``` -0131: - For raw HTTP flows, implement `PrepareRequest` and/or call `Manager.InjectCredentials(req, authID)` to set headers. -0132: -0133: ## Testing Tips -0134: -0135: - Enable request logging: Management API GET/PUT `/v0/management/request-log` -0136: - Toggle debug logs: Management API GET/PUT `/v0/management/debug` -0137: - Hot reload changes in `config.yaml` and `auths/` are picked up automatically by the watcher -0138: - -### FILE: docs/sdk-advanced_CN.md -0001: # SDK 高级指南:执行器与翻译器 -0002: -0003: 本文介绍如何使用 SDK 扩展内嵌代理: -0004: - 实现自定义 Provider 执行器以调用你的上游 API -0005: - 注册请求/响应翻译器进行协议转换 -0006: - 注册模型以出现在 `/v1/models` -0007: -0008: 示例基于 Go 1.24+ 与 v6 模块路径。 -0009: -0010: ## 概念 -0011: -0012: - Provider 执行器:实现 `auth.ProviderExecutor` 的运行时组件,负责某个 provider key(如 `gemini`、`claude`、`codex`)的真正出站调用。若实现 `RequestPreparer` 接口,可在原始 HTTP 请求上注入凭据。 -0013: - 翻译器注册表:由 `sdk/translator` 驱动的协议转换函数。内置了 OpenAI/Gemini/Claude/Codex 的互转;你也可以注册新的格式转换。 -0014: - 模型注册表:对外发布可用模型列表,供 `/v1/models` 与路由参考。 -0015: -0016: ## 1) 实现 Provider 执行器 -0017: -0018: 创建类型满足 `auth.ProviderExecutor` 接口。 -0019: -0020: ```go -0021: package myprov -0022: -0023: import ( -0024: "context" -0025: "net/http" -0026: -0027: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0028: clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" -0029: ) -0030: -0031: type Executor struct{} -0032: -0033: func (Executor) Identifier() string { return "myprov" } -0034: -0035: // 可选:在原始 HTTP 请求上注入凭据 -0036: func (Executor) PrepareRequest(req *http.Request, a *coreauth.Auth) error { -0037: // 例如:req.Header.Set("Authorization", "Bearer "+a.Attributes["api_key"]) -0038: return nil -0039: } -0040: -0041: func (Executor) Execute(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (clipexec.Response, error) { -0042: // 基于 req.Payload 构造上游请求,返回上游 JSON 负载 -0043: return clipexec.Response{Payload: []byte(`{"ok":true}`)}, nil -0044: } -0045: -0046: func (Executor) ExecuteStream(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (<-chan clipexec.StreamChunk, error) { -0047: ch := make(chan clipexec.StreamChunk, 1) -0048: go func() { defer close(ch); ch <- clipexec.StreamChunk{Payload: []byte("data: {\\"done\\":true}\\n\\n")} }() -0049: return ch, nil -0050: } -0051: -0052: func (Executor) Refresh(ctx context.Context, a *coreauth.Auth) (*coreauth.Auth, error) { return a, nil } -0053: ``` -0054: -0055: 在启动服务前将执行器注册到核心管理器: -0056: -0057: ```go -0058: core := coreauth.NewManager(coreauth.NewFileStore(cfg.AuthDir), nil, nil) -0059: core.RegisterExecutor(myprov.Executor{}) -0060: svc, _ := cliproxy.NewBuilder().WithConfig(cfg).WithConfigPath(cfgPath).WithCoreAuthManager(core).Build() -0061: ``` -0062: -0063: 当凭据的 `Provider` 为 `"myprov"` 时,管理器会将请求路由到你的执行器。 -0064: -0065: ## 2) 注册翻译器 -0066: -0067: 内置处理器接受 OpenAI/Gemini/Claude/Codex 的入站格式。要支持新的 provider 协议,需要在 `sdk/translator` 的默认注册表中注册转换函数。 -0068: -0069: 方向很重要: -0070: - 请求:从“入站格式”转换为“provider 格式” -0071: - 响应:从“provider 格式”转换回“入站格式” -0072: -0073: 示例:OpenAI Chat → MyProv Chat 及其反向。 -0074: -0075: ```go -0076: package myprov -0077: -0078: import ( -0079: "context" -0080: sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -0081: ) -0082: -0083: const ( -0084: FOpenAI = sdktr.Format("openai.chat") -0085: FMyProv = sdktr.Format("myprov.chat") -0086: ) -0087: -0088: func init() { -0089: sdktr.Register(FOpenAI, FMyProv, -0090: func(model string, raw []byte, stream bool) []byte { return convertOpenAIToMyProv(model, raw, stream) }, -0091: sdktr.ResponseTransform{ -0092: Stream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) []string { -0093: return convertStreamMyProvToOpenAI(model, originalReq, translatedReq, raw) -0094: }, -0095: NonStream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) string { -0096: return convertMyProvToOpenAI(model, originalReq, translatedReq, raw) -0097: }, -0098: }, -0099: ) -0100: } -0101: ``` -0102: -0103: 当 OpenAI 处理器接到需要路由到 `myprov` 的请求时,流水线会自动应用已注册的转换。 -0104: -0105: ## 3) 注册模型 -0106: -0107: 通过全局模型注册表将模型暴露到 `/v1/models`: -0108: -0109: ```go -0110: models := []*cliproxy.ModelInfo{ -0111: { ID: "myprov-pro-1", Object: "model", Type: "myprov", DisplayName: "MyProv Pro 1" }, -0112: } -0113: cliproxy.GlobalModelRegistry().RegisterClient(authID, "myprov", models) -0114: ``` -0115: -0116: 内置 Provider 会自动注册;自定义 Provider 建议在启动时(例如加载到 Auth 后)或在 Auth 注册钩子中调用。 -0117: -0118: ## 凭据与传输 -0119: -0120: - 使用 `Manager.SetRoundTripperProvider` 注入按账户的 `*http.Transport`(例如代理): -0121: ```go -0122: core.SetRoundTripperProvider(myProvider) // 按账户返回 transport -0123: ``` -0124: - 对于原始 HTTP 请求,若实现了 `PrepareRequest`,或通过 `Manager.InjectCredentials(req, authID)` 进行头部注入。 -0125: -0126: ## 测试建议 -0127: -0128: - 启用请求日志:管理 API GET/PUT `/v0/management/request-log` -0129: - 切换调试日志:管理 API GET/PUT `/v0/management/debug` -0130: - 热更新:`config.yaml` 与 `auths/` 变化会自动被侦测并应用 -0131: - -### FILE: docs/sdk-usage.md -0001: # CLI Proxy SDK Guide -0002: -0003: The `sdk/cliproxy` module exposes the proxy as a reusable Go library so external programs can embed the routing, authentication, hot‑reload, and translation layers without depending on the CLI binary. -0004: -0005: ## Install & Import -0006: -0007: ```bash -0008: go get github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy -0009: ``` -0010: -0011: ```go -0012: import ( -0013: "context" -0014: "errors" -0015: "time" -0016: -0017: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0018: "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy" -0019: ) -0020: ``` -0021: -0022: Note the `/v6` module path. -0023: -0024: ## Minimal Embed -0025: -0026: ```go -0027: cfg, err := config.LoadConfig("config.yaml") -0028: if err != nil { panic(err) } -0029: -0030: svc, err := cliproxy.NewBuilder(). -0031: WithConfig(cfg). -0032: WithConfigPath("config.yaml"). // absolute or working-dir relative -0033: Build() -0034: if err != nil { panic(err) } -0035: -0036: ctx, cancel := context.WithCancel(context.Background()) -0037: defer cancel() -0038: -0039: if err := svc.Run(ctx); err != nil && !errors.Is(err, context.Canceled) { -0040: panic(err) -0041: } -0042: ``` -0043: -0044: The service manages config/auth watching, background token refresh, and graceful shutdown. Cancel the context to stop it. -0045: -0046: ## Server Options (middleware, routes, logs) -0047: -0048: The server accepts options via `WithServerOptions`: -0049: -0050: ```go -0051: svc, _ := cliproxy.NewBuilder(). -0052: WithConfig(cfg). -0053: WithConfigPath("config.yaml"). -0054: WithServerOptions( -0055: // Add global middleware -0056: cliproxy.WithMiddleware(func(c *gin.Context) { c.Header("X-Embed", "1"); c.Next() }), -0057: // Tweak gin engine early (CORS, trusted proxies, etc.) -0058: cliproxy.WithEngineConfigurator(func(e *gin.Engine) { e.ForwardedByClientIP = true }), -0059: // Add your own routes after defaults -0060: cliproxy.WithRouterConfigurator(func(e *gin.Engine, _ *handlers.BaseAPIHandler, _ *config.Config) { -0061: e.GET("/healthz", func(c *gin.Context) { c.String(200, "ok") }) -0062: }), -0063: // Override request log writer/dir -0064: cliproxy.WithRequestLoggerFactory(func(cfg *config.Config, cfgPath string) logging.RequestLogger { -0065: return logging.NewFileRequestLogger(true, "logs", filepath.Dir(cfgPath)) -0066: }), -0067: ). -0068: Build() -0069: ``` -0070: -0071: These options mirror the internals used by the CLI server. -0072: -0073: ## Management API (when embedded) -0074: -0075: - Management endpoints are mounted only when `remote-management.secret-key` is set in `config.yaml`. -0076: - Remote access additionally requires `remote-management.allow-remote: true`. -0077: - See MANAGEMENT_API.md for endpoints. Your embedded server exposes them under `/v0/management` on the configured port. -0078: -0079: ## Provider Metrics -0080: -0081: The proxy exposes a metrics endpoint for routing optimization (cost, latency, throughput): -0082: -0083: - `GET /v1/metrics/providers`: Returns per-provider rolling statistics. -0084: -0085: This endpoint is used by `thegent` to implement routing policies like `cheapest` or `fastest`. -0086: -0087: ## Using the Core Auth Manager -0088: -0089: The service uses a core `auth.Manager` for selection, execution, and auto‑refresh. When embedding, you can provide your own manager to customize transports or hooks: -0090: -0091: ```go -0092: core := coreauth.NewManager(coreauth.NewFileStore(cfg.AuthDir), nil, nil) -0093: core.SetRoundTripperProvider(myRTProvider) // per‑auth *http.Transport -0094: -0095: svc, _ := cliproxy.NewBuilder(). -0096: WithConfig(cfg). -0097: WithConfigPath("config.yaml"). -0098: WithCoreAuthManager(core). -0099: Build() -0100: ``` -0101: -0102: Implement a custom per‑auth transport: -0103: -0104: ```go -0105: type myRTProvider struct{} -0106: func (myRTProvider) RoundTripperFor(a *coreauth.Auth) http.RoundTripper { -0107: if a == nil || a.ProxyURL == "" { return nil } -0108: u, _ := url.Parse(a.ProxyURL) -0109: return &http.Transport{ Proxy: http.ProxyURL(u) } -0110: } -0111: ``` -0112: -0113: Programmatic execution is available on the manager: -0114: -0115: ```go -0116: // Non‑streaming -0117: resp, err := core.Execute(ctx, []string{"gemini"}, req, opts) -0118: -0119: // Streaming -0120: chunks, err := core.ExecuteStream(ctx, []string{"gemini"}, req, opts) -0121: for ch := range chunks { /* ... */ } -0122: ``` -0123: -0124: Note: Built‑in provider executors are wired automatically when you run the `Service`. If you want to use `Manager` stand‑alone without the HTTP server, you must register your own executors that implement `auth.ProviderExecutor`. -0125: -0126: ## Custom Client Sources -0127: -0128: Replace the default loaders if your creds live outside the local filesystem: -0129: -0130: ```go -0131: type memoryTokenProvider struct{} -0132: func (p *memoryTokenProvider) Load(ctx context.Context, cfg *config.Config) (*cliproxy.TokenClientResult, error) { -0133: // Populate from memory/remote store and return counts -0134: return &cliproxy.TokenClientResult{}, nil -0135: } -0136: -0137: svc, _ := cliproxy.NewBuilder(). -0138: WithConfig(cfg). -0139: WithConfigPath("config.yaml"). -0140: WithTokenClientProvider(&memoryTokenProvider{}). -0141: WithAPIKeyClientProvider(cliproxy.NewAPIKeyClientProvider()). -0142: Build() -0143: ``` -0144: -0145: ## Hooks -0146: -0147: Observe lifecycle without patching internals: -0148: -0149: ```go -0150: hooks := cliproxy.Hooks{ -0151: OnBeforeStart: func(cfg *config.Config) { log.Infof("starting on :%d", cfg.Port) }, -0152: OnAfterStart: func(s *cliproxy.Service) { log.Info("ready") }, -0153: } -0154: svc, _ := cliproxy.NewBuilder().WithConfig(cfg).WithConfigPath("config.yaml").WithHooks(hooks).Build() -0155: ``` -0156: -0157: ## Shutdown -0158: -0159: `Run` defers `Shutdown`, so cancelling the parent context is enough. To stop manually: -0160: -0161: ```go -0162: ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) -0163: defer cancel() -0164: _ = svc.Shutdown(ctx) -0165: ``` -0166: -0167: ## Notes -0168: -0169: - Hot reload: changes to `config.yaml` and `auths/` are picked up automatically. -0170: - Request logging can be toggled at runtime via the Management API. -0171: - Gemini Web features (`gemini-web.*`) are honored in the embedded server. - -### FILE: docs/sdk-usage_CN.md -0001: # CLI Proxy SDK 使用指南 -0002: -0003: `sdk/cliproxy` 模块将代理能力以 Go 库的形式对外暴露,方便在其它服务中内嵌路由、鉴权、热更新与翻译层,而无需依赖可执行的 CLI 程序。 -0004: -0005: ## 安装与导入 -0006: -0007: ```bash -0008: go get github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy -0009: ``` -0010: -0011: ```go -0012: import ( -0013: "context" -0014: "errors" -0015: "time" -0016: -0017: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0018: "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy" -0019: ) -0020: ``` -0021: -0022: 注意模块路径包含 `/v6`。 -0023: -0024: ## 最小可用示例 -0025: -0026: ```go -0027: cfg, err := config.LoadConfig("config.yaml") -0028: if err != nil { panic(err) } -0029: -0030: svc, err := cliproxy.NewBuilder(). -0031: WithConfig(cfg). -0032: WithConfigPath("config.yaml"). // 绝对路径或工作目录相对路径 -0033: Build() -0034: if err != nil { panic(err) } -0035: -0036: ctx, cancel := context.WithCancel(context.Background()) -0037: defer cancel() -0038: -0039: if err := svc.Run(ctx); err != nil && !errors.Is(err, context.Canceled) { -0040: panic(err) -0041: } -0042: ``` -0043: -0044: 服务内部会管理配置与认证文件的监听、后台令牌刷新与优雅关闭。取消上下文即可停止服务。 -0045: -0046: ## 服务器可选项(中间件、路由、日志) -0047: -0048: 通过 `WithServerOptions` 自定义: -0049: -0050: ```go -0051: svc, _ := cliproxy.NewBuilder(). -0052: WithConfig(cfg). -0053: WithConfigPath("config.yaml"). -0054: WithServerOptions( -0055: // 追加全局中间件 -0056: cliproxy.WithMiddleware(func(c *gin.Context) { c.Header("X-Embed", "1"); c.Next() }), -0057: // 提前调整 gin 引擎(如 CORS、trusted proxies) -0058: cliproxy.WithEngineConfigurator(func(e *gin.Engine) { e.ForwardedByClientIP = true }), -0059: // 在默认路由之后追加自定义路由 -0060: cliproxy.WithRouterConfigurator(func(e *gin.Engine, _ *handlers.BaseAPIHandler, _ *config.Config) { -0061: e.GET("/healthz", func(c *gin.Context) { c.String(200, "ok") }) -0062: }), -0063: // 覆盖请求日志的创建(启用/目录) -0064: cliproxy.WithRequestLoggerFactory(func(cfg *config.Config, cfgPath string) logging.RequestLogger { -0065: return logging.NewFileRequestLogger(true, "logs", filepath.Dir(cfgPath)) -0066: }), -0067: ). -0068: Build() -0069: ``` -0070: -0071: 这些选项与 CLI 服务器内部用法保持一致。 -0072: -0073: ## 管理 API(内嵌时) -0074: -0075: - 仅当 `config.yaml` 中设置了 `remote-management.secret-key` 时才会挂载管理端点。 -0076: - 远程访问还需要 `remote-management.allow-remote: true`。 -0077: - 具体端点见 MANAGEMENT_API_CN.md。内嵌服务器会在配置端口下暴露 `/v0/management`。 -0078: -0079: ## 使用核心鉴权管理器 -0080: -0081: 服务内部使用核心 `auth.Manager` 负责选择、执行、自动刷新。内嵌时可自定义其传输或钩子: -0082: -0083: ```go -0084: core := coreauth.NewManager(coreauth.NewFileStore(cfg.AuthDir), nil, nil) -0085: core.SetRoundTripperProvider(myRTProvider) // 按账户返回 *http.Transport -0086: -0087: svc, _ := cliproxy.NewBuilder(). -0088: WithConfig(cfg). -0089: WithConfigPath("config.yaml"). -0090: WithCoreAuthManager(core). -0091: Build() -0092: ``` -0093: -0094: 实现每个账户的自定义传输: -0095: -0096: ```go -0097: type myRTProvider struct{} -0098: func (myRTProvider) RoundTripperFor(a *coreauth.Auth) http.RoundTripper { -0099: if a == nil || a.ProxyURL == "" { return nil } -0100: u, _ := url.Parse(a.ProxyURL) -0101: return &http.Transport{ Proxy: http.ProxyURL(u) } -0102: } -0103: ``` -0104: -0105: 管理器提供编程式执行接口: -0106: -0107: ```go -0108: // 非流式 -0109: resp, err := core.Execute(ctx, []string{"gemini"}, req, opts) -0110: -0111: // 流式 -0112: chunks, err := core.ExecuteStream(ctx, []string{"gemini"}, req, opts) -0113: for ch := range chunks { /* ... */ } -0114: ``` -0115: -0116: 说明:运行 `Service` 时会自动注册内置的提供商执行器;若仅单独使用 `Manager` 而不启动 HTTP 服务器,则需要自行实现并注册满足 `auth.ProviderExecutor` 的执行器。 -0117: -0118: ## 自定义凭据来源 -0119: -0120: 当凭据不在本地文件系统时,替换默认加载器: -0121: -0122: ```go -0123: type memoryTokenProvider struct{} -0124: func (p *memoryTokenProvider) Load(ctx context.Context, cfg *config.Config) (*cliproxy.TokenClientResult, error) { -0125: // 从内存/远端加载并返回数量统计 -0126: return &cliproxy.TokenClientResult{}, nil -0127: } -0128: -0129: svc, _ := cliproxy.NewBuilder(). -0130: WithConfig(cfg). -0131: WithConfigPath("config.yaml"). -0132: WithTokenClientProvider(&memoryTokenProvider{}). -0133: WithAPIKeyClientProvider(cliproxy.NewAPIKeyClientProvider()). -0134: Build() -0135: ``` -0136: -0137: ## 启动钩子 -0138: -0139: 无需修改内部代码即可观察生命周期: -0140: -0141: ```go -0142: hooks := cliproxy.Hooks{ -0143: OnBeforeStart: func(cfg *config.Config) { log.Infof("starting on :%d", cfg.Port) }, -0144: OnAfterStart: func(s *cliproxy.Service) { log.Info("ready") }, -0145: } -0146: svc, _ := cliproxy.NewBuilder().WithConfig(cfg).WithConfigPath("config.yaml").WithHooks(hooks).Build() -0147: ``` -0148: -0149: ## 关闭 -0150: -0151: `Run` 内部会延迟调用 `Shutdown`,因此只需取消父上下文即可。若需手动停止: -0152: -0153: ```go -0154: ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) -0155: defer cancel() -0156: _ = svc.Shutdown(ctx) -0157: ``` -0158: -0159: ## 说明 -0160: -0161: - 热更新:`config.yaml` 与 `auths/` 变化会被自动侦测并应用。 -0162: - 请求日志可通过管理 API 在运行时开关。 -0163: - `gemini-web.*` 相关配置在内嵌服务器中会被遵循。 -0164: - -### FILE: docs/sdk-watcher.md -0001: # SDK Watcher Integration -0002: -0003: The SDK service exposes a watcher integration that surfaces granular auth updates without forcing a full reload. This document explains the queue contract, how the service consumes updates, and how high-frequency change bursts are handled. -0004: -0005: ## Update Queue Contract -0006: -0007: - `watcher.AuthUpdate` represents a single credential change. `Action` may be `add`, `modify`, or `delete`, and `ID` carries the credential identifier. For `add`/`modify` the `Auth` payload contains a fully populated clone of the credential; `delete` may omit `Auth`. -0008: - `WatcherWrapper.SetAuthUpdateQueue(chan<- watcher.AuthUpdate)` wires the queue produced by the SDK service into the watcher. The queue must be created before the watcher starts. -0009: - The service builds the queue via `ensureAuthUpdateQueue`, using a buffered channel (`capacity=256`) and a dedicated consumer goroutine (`consumeAuthUpdates`). The consumer drains bursts by looping through the backlog before reacquiring the select loop. -0010: -0011: ## Watcher Behaviour -0012: -0013: - `pkg/llmproxy/watcher/watcher.go` keeps a shadow snapshot of auth state (`currentAuths`). Each filesystem or configuration event triggers a recomputation and a diff against the previous snapshot to produce minimal `AuthUpdate` entries that mirror adds, edits, and removals. -0014: - Updates are coalesced per credential identifier. If multiple changes occur before dispatch (e.g., write followed by delete), only the final action is sent downstream. -0015: - The watcher runs an internal dispatch loop that buffers pending updates in memory and forwards them asynchronously to the queue. Producers never block on channel capacity; they just enqueue into the in-memory buffer and signal the dispatcher. Dispatch cancellation happens when the watcher stops, guaranteeing goroutines exit cleanly. -0016: -0017: ## High-Frequency Change Handling -0018: -0019: - The dispatch loop and service consumer run independently, preventing filesystem watchers from blocking even when many updates arrive at once. -0020: - Back-pressure is absorbed in two places: -0021: - The dispatch buffer (map + order slice) coalesces repeated updates for the same credential until the consumer catches up. -0022: - The service channel capacity (256) combined with the consumer drain loop ensures several bursts can be processed without oscillation. -0023: - If the queue is saturated for an extended period, updates continue to be merged, so the latest state is eventually applied without replaying redundant intermediate states. -0024: -0025: ## Usage Checklist -0026: -0027: 1. Instantiate the SDK service (builder or manual construction). -0028: 2. Call `ensureAuthUpdateQueue` before starting the watcher to allocate the shared channel. -0029: 3. When the `WatcherWrapper` is created, call `SetAuthUpdateQueue` with the service queue, then start the watcher. -0030: 4. Provide a reload callback that handles configuration updates; auth deltas will arrive via the queue and are applied by the service automatically through `handleAuthUpdate`. -0031: -0032: Following this flow keeps auth changes responsive while avoiding full reloads for every edit. - -### FILE: docs/sdk-watcher_CN.md -0001: # SDK Watcher集成说明 -0002: -0003: 本文档介绍SDK服务与文件监控器之间的增量更新队列,包括接口契约、高频变更下的处理策略以及接入步骤。 -0004: -0005: ## 更新队列契约 -0006: -0007: - `watcher.AuthUpdate`描述单条凭据变更,`Action`可能为`add`、`modify`或`delete`,`ID`是凭据标识。对于`add`/`modify`会携带完整的`Auth`克隆,`delete`可以省略`Auth`。 -0008: - `WatcherWrapper.SetAuthUpdateQueue(chan<- watcher.AuthUpdate)`用于将服务侧创建的队列注入watcher,必须在watcher启动前完成。 -0009: - 服务通过`ensureAuthUpdateQueue`创建容量为256的缓冲通道,并在`consumeAuthUpdates`中使用专职goroutine消费;消费侧会主动“抽干”积压事件,降低切换开销。 -0010: -0011: ## Watcher行为 -0012: -0013: - `pkg/llmproxy/watcher/watcher.go`维护`currentAuths`快照,文件或配置事件触发后会重建快照并与旧快照对比,生成最小化的`AuthUpdate`列表。 -0014: - 以凭据ID为维度对更新进行合并,同一凭据在短时间内的多次变更只会保留最新状态(例如先写后删只会下发`delete`)。 -0015: - watcher内部运行异步分发循环:生产者只向内存缓冲追加事件并唤醒分发协程,即使通道暂时写满也不会阻塞文件事件线程。watcher停止时会取消分发循环,确保协程正常退出。 -0016: -0017: ## 高频变更处理 -0018: -0019: - 分发循环与服务消费协程相互独立,因此即便短时间内出现大量变更也不会阻塞watcher事件处理。 -0020: - 背压通过两级缓冲吸收: -0021: - 分发缓冲(map + 顺序切片)会合并同一凭据的重复事件,直到消费者完成处理。 -0022: - 服务端通道的256容量加上消费侧的“抽干”逻辑,可平稳处理多个突发批次。 -0023: - 当通道长时间处于高压状态时,缓冲仍持续合并事件,从而在消费者恢复后一次性应用最新状态,避免重复处理无意义的中间状态。 -0024: -0025: ## 接入步骤 -0026: -0027: 1. 实例化SDK Service(构建器或手工创建)。 -0028: 2. 在启动watcher之前调用`ensureAuthUpdateQueue`创建共享通道。 -0029: 3. watcher通过工厂函数创建后立刻调用`SetAuthUpdateQueue`注入通道,然后再启动watcher。 -0030: 4. Reload回调专注于配置更新;认证增量会通过队列送达,并由`handleAuthUpdate`自动应用。 -0031: -0032: 遵循上述流程即可在避免全量重载的同时保持凭据变更的实时性。 - -### FILE: examples/custom-provider/main.go -0001: // Package main demonstrates how to create a custom AI provider executor -0002: // and integrate it with the CLI Proxy API server. This example shows how to: -0003: // - Create a custom executor that implements the Executor interface -0004: // - Register custom translators for request/response transformation -0005: // - Integrate the custom provider with the SDK server -0006: // - Register custom models in the model registry -0007: // -0008: // This example uses a simple echo service (httpbin.org) as the upstream API -0009: // for demonstration purposes. In a real implementation, you would replace -0010: // this with your actual AI service provider. -0011: package main -0012: -0013: import ( -0014: "bytes" -0015: "context" -0016: "errors" -0017: "fmt" -0018: "io" -0019: "net/http" -0020: "net/url" -0021: "os" -0022: "path/filepath" -0023: "strings" -0024: "time" -0025: -0026: "github.com/gin-gonic/gin" -0027: "github.com/router-for-me/CLIProxyAPI/v6/sdk/api" -0028: sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" -0029: "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy" -0030: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0031: clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" -0032: "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -0033: "github.com/router-for-me/CLIProxyAPI/v6/sdk/logging" -0034: sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -0035: ) -0036: -0037: const ( -0038: // providerKey is the identifier for our custom provider. -0039: providerKey = "myprov" -0040: -0041: // fOpenAI represents the OpenAI chat format. -0042: fOpenAI = sdktr.Format("openai.chat") -0043: -0044: // fMyProv represents our custom provider's chat format. -0045: fMyProv = sdktr.Format("myprov.chat") -0046: ) -0047: -0048: // init registers trivial translators for demonstration purposes. -0049: // In a real implementation, you would implement proper request/response -0050: // transformation logic between OpenAI format and your provider's format. -0051: func init() { -0052: sdktr.Register(fOpenAI, fMyProv, -0053: func(model string, raw []byte, stream bool) []byte { return raw }, -0054: sdktr.ResponseTransform{ -0055: Stream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) []string { -0056: return []string{string(raw)} -0057: }, -0058: NonStream: func(ctx context.Context, model string, originalReq, translatedReq, raw []byte, param *any) string { -0059: return string(raw) -0060: }, -0061: }, -0062: ) -0063: } -0064: -0065: // MyExecutor is a minimal provider implementation for demonstration purposes. -0066: // It implements the Executor interface to handle requests to a custom AI provider. -0067: type MyExecutor struct{} -0068: -0069: // Identifier returns the unique identifier for this executor. -0070: func (MyExecutor) Identifier() string { return providerKey } -0071: -0072: // PrepareRequest optionally injects credentials to raw HTTP requests. -0073: // This method is called before each request to allow the executor to modify -0074: // the HTTP request with authentication headers or other necessary modifications. -0075: // -0076: // Parameters: -0077: // - req: The HTTP request to prepare -0078: // - a: The authentication information -0079: // -0080: // Returns: -0081: // - error: An error if request preparation fails -0082: func (MyExecutor) PrepareRequest(req *http.Request, a *coreauth.Auth) error { -0083: if req == nil || a == nil { -0084: return nil -0085: } -0086: if a.Attributes != nil { -0087: if ak := strings.TrimSpace(a.Attributes["api_key"]); ak != "" { -0088: req.Header.Set("Authorization", "Bearer "+ak) -0089: } -0090: } -0091: return nil -0092: } -0093: -0094: func buildHTTPClient(a *coreauth.Auth) *http.Client { -0095: if a == nil || strings.TrimSpace(a.ProxyURL) == "" { -0096: return http.DefaultClient -0097: } -0098: u, err := url.Parse(a.ProxyURL) -0099: if err != nil || (u.Scheme != "http" && u.Scheme != "https") { -0100: return http.DefaultClient -0101: } -0102: return &http.Client{Transport: &http.Transport{Proxy: http.ProxyURL(u)}} -0103: } -0104: -0105: func upstreamEndpoint(a *coreauth.Auth) string { -0106: if a != nil && a.Attributes != nil { -0107: if ep := strings.TrimSpace(a.Attributes["endpoint"]); ep != "" { -0108: return ep -0109: } -0110: } -0111: // Demo echo endpoint; replace with your upstream. -0112: return "https://httpbin.org/post" -0113: } -0114: -0115: func (MyExecutor) Execute(ctx context.Context, a *coreauth.Auth, req clipexec.Request, opts clipexec.Options) (clipexec.Response, error) { -0116: client := buildHTTPClient(a) -0117: endpoint := upstreamEndpoint(a) -0118: -0119: httpReq, errNew := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(req.Payload)) -0120: if errNew != nil { -0121: return clipexec.Response{}, errNew -0122: } -0123: httpReq.Header.Set("Content-Type", "application/json") -0124: -0125: // Inject credentials via PrepareRequest hook. -0126: if errPrep := (MyExecutor{}).PrepareRequest(httpReq, a); errPrep != nil { -0127: return clipexec.Response{}, errPrep -0128: } -0129: -0130: resp, errDo := client.Do(httpReq) -0131: if errDo != nil { -0132: return clipexec.Response{}, errDo -0133: } -0134: defer func() { -0135: if errClose := resp.Body.Close(); errClose != nil { -0136: fmt.Fprintf(os.Stderr, "close response body error: %v\n", errClose) -0137: } -0138: }() -0139: body, _ := io.ReadAll(resp.Body) -0140: return clipexec.Response{Payload: body}, nil -0141: } -0142: -0143: func (MyExecutor) HttpRequest(ctx context.Context, a *coreauth.Auth, req *http.Request) (*http.Response, error) { -0144: if req == nil { -0145: return nil, fmt.Errorf("myprov executor: request is nil") -0146: } -0147: if ctx == nil { -0148: ctx = req.Context() -0149: } -0150: httpReq := req.WithContext(ctx) -0151: if errPrep := (MyExecutor{}).PrepareRequest(httpReq, a); errPrep != nil { -0152: return nil, errPrep -0153: } -0154: client := buildHTTPClient(a) -0155: return client.Do(httpReq) -0156: } -0157: -0158: func (MyExecutor) CountTokens(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) { -0159: return clipexec.Response{}, errors.New("count tokens not implemented") -0160: } - -### FILE: examples/http-request/main.go -0001: // Package main demonstrates how to use coreauth.Manager.HttpRequest/NewHttpRequest -0002: // to execute arbitrary HTTP requests with provider credentials injected. -0003: // -0004: // This example registers a minimal custom executor that injects an Authorization -0005: // header from auth.Attributes["api_key"], then performs two requests against -0006: // httpbin.org to show the injected headers. -0007: package main -0008: -0009: import ( -0010: "bytes" -0011: "context" -0012: "errors" -0013: "fmt" -0014: "io" -0015: "net/http" -0016: "strings" -0017: "time" -0018: -0019: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0020: clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" -0021: log "github.com/sirupsen/logrus" -0022: ) -0023: -0024: const providerKey = "echo" -0025: -0026: // EchoExecutor is a minimal provider implementation for demonstration purposes. -0027: type EchoExecutor struct{} -0028: -0029: func (EchoExecutor) Identifier() string { return providerKey } -0030: -0031: func (EchoExecutor) PrepareRequest(req *http.Request, auth *coreauth.Auth) error { -0032: if req == nil || auth == nil { -0033: return nil -0034: } -0035: if auth.Attributes != nil { -0036: if apiKey := strings.TrimSpace(auth.Attributes["api_key"]); apiKey != "" { -0037: req.Header.Set("Authorization", "Bearer "+apiKey) -0038: } -0039: } -0040: return nil -0041: } -0042: -0043: func (EchoExecutor) HttpRequest(ctx context.Context, auth *coreauth.Auth, req *http.Request) (*http.Response, error) { -0044: if req == nil { -0045: return nil, fmt.Errorf("echo executor: request is nil") -0046: } -0047: if ctx == nil { -0048: ctx = req.Context() -0049: } -0050: httpReq := req.WithContext(ctx) -0051: if errPrep := (EchoExecutor{}).PrepareRequest(httpReq, auth); errPrep != nil { -0052: return nil, errPrep -0053: } -0054: return http.DefaultClient.Do(httpReq) -0055: } -0056: -0057: func (EchoExecutor) Execute(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) { -0058: return clipexec.Response{}, errors.New("echo executor: Execute not implemented") -0059: } -0060: -0061: func (EchoExecutor) ExecuteStream(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (*clipexec.StreamResult, error) { -0062: return nil, errors.New("echo executor: ExecuteStream not implemented") -0063: } -0064: -0065: func (EchoExecutor) Refresh(context.Context, *coreauth.Auth) (*coreauth.Auth, error) { -0066: return nil, errors.New("echo executor: Refresh not implemented") -0067: } -0068: -0069: func (EchoExecutor) CountTokens(context.Context, *coreauth.Auth, clipexec.Request, clipexec.Options) (clipexec.Response, error) { -0070: return clipexec.Response{}, errors.New("echo executor: CountTokens not implemented") -0071: } -0072: -0073: func (EchoExecutor) CloseExecutionSession(sessionID string) {} -0074: -0075: func main() { -0076: log.SetLevel(log.InfoLevel) -0077: -0078: ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) -0079: defer cancel() -0080: -0081: core := coreauth.NewManager(nil, nil, nil) -0082: core.RegisterExecutor(EchoExecutor{}) -0083: -0084: auth := &coreauth.Auth{ -0085: ID: "demo-echo", -0086: Provider: providerKey, -0087: Attributes: map[string]string{ -0088: "api_key": "demo-api-key", -0089: }, -0090: } -0091: -0092: // Example 1: Build a prepared request and execute it using your own http.Client. -0093: reqPrepared, errReqPrepared := core.NewHttpRequest( -0094: ctx, -0095: auth, -0096: http.MethodGet, -0097: "https://httpbin.org/anything", -0098: nil, -0099: http.Header{"X-Example": []string{"prepared"}}, -0100: ) -0101: if errReqPrepared != nil { -0102: panic(errReqPrepared) -0103: } -0104: respPrepared, errDoPrepared := http.DefaultClient.Do(reqPrepared) -0105: if errDoPrepared != nil { -0106: panic(errDoPrepared) -0107: } -0108: defer func() { -0109: if errClose := respPrepared.Body.Close(); errClose != nil { -0110: log.Errorf("close response body error: %v", errClose) -0111: } -0112: }() -0113: bodyPrepared, errReadPrepared := io.ReadAll(respPrepared.Body) -0114: if errReadPrepared != nil { -0115: panic(errReadPrepared) -0116: } -0117: fmt.Printf("Prepared request status: %d\n%s\n\n", respPrepared.StatusCode, bodyPrepared) -0118: -0119: // Example 2: Execute a raw request via core.HttpRequest (auto inject + do). -0120: rawBody := []byte(`{"hello":"world"}`) -0121: rawReq, errRawReq := http.NewRequestWithContext(ctx, http.MethodPost, "https://httpbin.org/anything", bytes.NewReader(rawBody)) -0122: if errRawReq != nil { -0123: panic(errRawReq) -0124: } -0125: rawReq.Header.Set("Content-Type", "application/json") -0126: rawReq.Header.Set("X-Example", "executed") -0127: -0128: respExec, errDoExec := core.HttpRequest(ctx, auth, rawReq) -0129: if errDoExec != nil { -0130: panic(errDoExec) -0131: } -0132: defer func() { -0133: if errClose := respExec.Body.Close(); errClose != nil { -0134: log.Errorf("close response body error: %v", errClose) -0135: } -0136: }() -0137: bodyExec, errReadExec := io.ReadAll(respExec.Body) -0138: if errReadExec != nil { -0139: panic(errReadExec) -0140: } -0141: fmt.Printf("Manager HttpRequest status: %d\n%s\n", respExec.StatusCode, bodyExec) -0142: } - -### FILE: examples/translator/main.go -0001: package main -0002: -0003: import ( -0004: "context" -0005: "fmt" -0006: -0007: "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -0008: _ "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator/builtin" -0009: ) -0010: -0011: func main() { -0012: rawRequest := []byte(`{"messages":[{"content":[{"text":"Hello! Gemini","type":"text"}],"role":"user"}],"model":"gemini-2.5-pro","stream":false}`) -0013: fmt.Println("Has gemini->openai response translator:", translator.HasResponseTransformerByFormatName( -0014: translator.FormatGemini, -0015: translator.FormatOpenAI, -0016: )) -0017: -0018: translatedRequest := translator.TranslateRequestByFormatName( -0019: translator.FormatOpenAI, -0020: translator.FormatGemini, -0021: "gemini-2.5-pro", -0022: rawRequest, -0023: false, -0024: ) -0025: -0026: fmt.Printf("Translated request to Gemini format:\n%s\n\n", translatedRequest) -0027: -0028: claudeResponse := []byte(`{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"text":"Okay, here's what's going through my mind. I need to schedule a meeting"},{"thoughtSignature":"","functionCall":{"name":"schedule_meeting","args":{"topic":"Q3 planning","attendees":["Bob","Alice"],"time":"10:00","date":"2025-03-27"}}}]},"finishReason":"STOP","avgLogprobs":-0.50018133435930523}],"usageMetadata":{"promptTokenCount":117,"candidatesTokenCount":28,"totalTokenCount":474,"trafficType":"PROVISIONED_THROUGHPUT","promptTokensDetails":[{"modality":"TEXT","tokenCount":117}],"candidatesTokensDetails":[{"modality":"TEXT","tokenCount":28}],"thoughtsTokenCount":329},"modelVersion":"gemini-2.5-pro","createTime":"2025-08-15T04:12:55.249090Z","responseId":"x7OeaIKaD6CU48APvNXDyA4"}`) -0029: -0030: convertedResponse := translator.TranslateNonStreamByFormatName( -0031: context.Background(), -0032: translator.FormatGemini, -0033: translator.FormatOpenAI, -0034: "gemini-2.5-pro", -0035: rawRequest, -0036: translatedRequest, -0037: claudeResponse, -0038: nil, -0039: ) -0040: -0041: fmt.Printf("Converted response for OpenAI clients:\n%s\n", convertedResponse) -0042: } - -### FILE: pkg/llmproxy/access/config_access/provider.go -0001: package configaccess -0002: -0003: import ( -0004: "context" -0005: "net/http" -0006: "strings" -0007: -0008: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0009: sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -0010: ) -0011: -0012: // Register ensures the config-access provider is available to the access manager. -0013: func Register(cfg *sdkconfig.SDKConfig) { -0014: if cfg == nil { -0015: sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) -0016: return -0017: } -0018: -0019: keys := normalizeKeys(cfg.APIKeys) -0020: if len(keys) == 0 { -0021: sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) -0022: return -0023: } -0024: -0025: sdkaccess.RegisterProvider( -0026: sdkaccess.AccessProviderTypeConfigAPIKey, -0027: newProvider(sdkaccess.DefaultAccessProviderName, keys), -0028: ) -0029: } -0030: -0031: type provider struct { -0032: name string -0033: keys map[string]struct{} -0034: } -0035: -0036: func newProvider(name string, keys []string) *provider { -0037: providerName := strings.TrimSpace(name) -0038: if providerName == "" { -0039: providerName = sdkaccess.DefaultAccessProviderName -0040: } -0041: keySet := make(map[string]struct{}, len(keys)) -0042: for _, key := range keys { -0043: keySet[key] = struct{}{} -0044: } -0045: return &provider{name: providerName, keys: keySet} -0046: } -0047: -0048: func (p *provider) Identifier() string { -0049: if p == nil || p.name == "" { -0050: return sdkaccess.DefaultAccessProviderName -0051: } -0052: return p.name -0053: } -0054: -0055: func (p *provider) Authenticate(_ context.Context, r *http.Request) (*sdkaccess.Result, *sdkaccess.AuthError) { -0056: if p == nil { -0057: return nil, sdkaccess.NewNotHandledError() -0058: } -0059: if len(p.keys) == 0 { -0060: return nil, sdkaccess.NewNotHandledError() -0061: } -0062: authHeader := r.Header.Get("Authorization") -0063: authHeaderGoogle := r.Header.Get("X-Goog-Api-Key") -0064: authHeaderAnthropic := r.Header.Get("X-Api-Key") -0065: queryKey := "" -0066: queryAuthToken := "" -0067: if r.URL != nil { -0068: queryKey = r.URL.Query().Get("key") -0069: queryAuthToken = r.URL.Query().Get("auth_token") -0070: } -0071: if authHeader == "" && authHeaderGoogle == "" && authHeaderAnthropic == "" && queryKey == "" && queryAuthToken == "" { -0072: return nil, sdkaccess.NewNoCredentialsError() -0073: } -0074: -0075: apiKey := extractBearerToken(authHeader) -0076: -0077: candidates := []struct { -0078: value string -0079: source string -0080: }{ -0081: {apiKey, "authorization"}, -0082: {authHeaderGoogle, "x-goog-api-key"}, -0083: {authHeaderAnthropic, "x-api-key"}, -0084: {queryKey, "query-key"}, -0085: {queryAuthToken, "query-auth-token"}, -0086: } -0087: -0088: for _, candidate := range candidates { -0089: if candidate.value == "" { -0090: continue -0091: } -0092: if _, ok := p.keys[candidate.value]; ok { -0093: return &sdkaccess.Result{ -0094: Provider: p.Identifier(), -0095: Principal: candidate.value, -0096: Metadata: map[string]string{ -0097: "source": candidate.source, -0098: }, -0099: }, nil -0100: } -0101: } -0102: -0103: return nil, sdkaccess.NewInvalidCredentialError() -0104: } -0105: -0106: func extractBearerToken(header string) string { -0107: if header == "" { -0108: return "" -0109: } -0110: parts := strings.SplitN(header, " ", 2) -0111: if len(parts) != 2 { -0112: return header -0113: } -0114: if strings.ToLower(parts[0]) != "bearer" { -0115: return header -0116: } -0117: return strings.TrimSpace(parts[1]) -0118: } -0119: -0120: func normalizeKeys(keys []string) []string { -0121: if len(keys) == 0 { -0122: return nil -0123: } -0124: normalized := make([]string, 0, len(keys)) -0125: seen := make(map[string]struct{}, len(keys)) -0126: for _, key := range keys { -0127: trimmedKey := strings.TrimSpace(key) -0128: if trimmedKey == "" { -0129: continue -0130: } -0131: if _, exists := seen[trimmedKey]; exists { -0132: continue -0133: } -0134: seen[trimmedKey] = struct{}{} -0135: normalized = append(normalized, trimmedKey) -0136: } -0137: if len(normalized) == 0 { -0138: return nil -0139: } -0140: return normalized -0141: } - -### FILE: pkg/llmproxy/access/config_access/provider_test.go -0001: package configaccess -0002: -0003: import ( -0004: "context" -0005: "net/http/httptest" -0006: "testing" -0007: -0008: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0009: sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -0010: ) -0011: -0012: func findProvider() sdkaccess.Provider { -0013: providers := sdkaccess.RegisteredProviders() -0014: for _, p := range providers { -0015: if p.Identifier() == sdkaccess.DefaultAccessProviderName { -0016: return p -0017: } -0018: } -0019: return nil -0020: } -0021: -0022: func TestRegister(t *testing.T) { -0023: // Test nil config -0024: Register(nil) -0025: if findProvider() != nil { -0026: t.Errorf("expected provider to be unregistered for nil config") -0027: } -0028: -0029: // Test empty keys -0030: cfg := &sdkconfig.SDKConfig{APIKeys: []string{}} -0031: Register(cfg) -0032: if findProvider() != nil { -0033: t.Errorf("expected provider to be unregistered for empty keys") -0034: } -0035: -0036: // Test valid keys -0037: cfg.APIKeys = []string{"key1"} -0038: Register(cfg) -0039: p := findProvider() -0040: if p == nil { -0041: t.Fatalf("expected provider to be registered") -0042: } -0043: if p.Identifier() != sdkaccess.DefaultAccessProviderName { -0044: t.Errorf("expected identifier %q, got %q", sdkaccess.DefaultAccessProviderName, p.Identifier()) -0045: } -0046: } -0047: -0048: func TestProvider_Authenticate(t *testing.T) { -0049: p := newProvider("test-provider", []string{"valid-key"}) -0050: ctx := context.Background() -0051: -0052: tests := []struct { -0053: name string -0054: headers map[string]string -0055: query string -0056: wantResult bool -0057: wantError sdkaccess.AuthErrorCode -0058: }{ -0059: { -0060: name: "valid bearer token", -0061: headers: map[string]string{"Authorization": "Bearer valid-key"}, -0062: wantResult: true, -0063: }, -0064: { -0065: name: "valid plain token", -0066: headers: map[string]string{"Authorization": "valid-key"}, -0067: wantResult: true, -0068: }, -0069: { -0070: name: "valid google header", -0071: headers: map[string]string{"X-Goog-Api-Key": "valid-key"}, -0072: wantResult: true, -0073: }, -0074: { -0075: name: "valid anthropic header", -0076: headers: map[string]string{"X-Api-Key": "valid-key"}, -0077: wantResult: true, -0078: }, -0079: { -0080: name: "valid query key", -0081: query: "?key=valid-key", -0082: wantResult: true, -0083: }, -0084: { -0085: name: "valid query auth_token", -0086: query: "?auth_token=valid-key", -0087: wantResult: true, -0088: }, -0089: { -0090: name: "invalid token", -0091: headers: map[string]string{"Authorization": "Bearer invalid-key"}, -0092: wantResult: false, -0093: wantError: sdkaccess.AuthErrorCodeInvalidCredential, -0094: }, -0095: { -0096: name: "no credentials", -0097: wantResult: false, -0098: wantError: sdkaccess.AuthErrorCodeNoCredentials, -0099: }, -0100: } -0101: -0102: for _, tt := range tests { -0103: t.Run(tt.name, func(t *testing.T) { -0104: req := httptest.NewRequest("GET", "/"+tt.query, nil) -0105: for k, v := range tt.headers { -0106: req.Header.Set(k, v) -0107: } -0108: -0109: res, err := p.Authenticate(ctx, req) -0110: if tt.wantResult { -0111: if err != nil { -0112: t.Errorf("unexpected error: %v", err) -0113: } -0114: if res == nil { -0115: t.Errorf("expected result, got nil") -0116: } else if res.Principal != "valid-key" { -0117: t.Errorf("expected principal valid-key, got %q", res.Principal) -0118: } -0119: } else { -0120: if err == nil { -0121: t.Errorf("expected error, got nil") -0122: } else if err.Code != tt.wantError { -0123: t.Errorf("expected error code %v, got %v", tt.wantError, err.Code) -0124: } -0125: } -0126: }) -0127: } -0128: } -0129: -0130: func TestExtractBearerToken(t *testing.T) { -0131: cases := []struct { -0132: header string -0133: want string -0134: }{ -0135: {"", ""}, -0136: {"valid-key", "valid-key"}, -0137: {"Bearer valid-key", "valid-key"}, -0138: {"bearer valid-key", "valid-key"}, -0139: {"BEARER valid-key", "valid-key"}, -0140: {"Bearer valid-key ", "valid-key"}, -0141: {"Other token", "Other token"}, -0142: } -0143: for _, tc := range cases { -0144: got := extractBearerToken(tc.header) -0145: if got != tc.want { -0146: t.Errorf("extractBearerToken(%q) = %q, want %q", tc.header, got, tc.want) -0147: } -0148: } -0149: } -0150: -0151: func TestNormalizeKeys(t *testing.T) { -0152: cases := []struct { -0153: keys []string -0154: want []string -0155: }{ -0156: {nil, nil}, -0157: {[]string{}, nil}, -0158: {[]string{" "}, nil}, -0159: {[]string{" key1 ", "key2", "key1"}, []string{"key1", "key2"}}, -0160: } - -### FILE: pkg/llmproxy/access/reconcile.go -0001: package access -0002: -0003: import ( -0004: "fmt" -0005: "reflect" -0006: "sort" -0007: "strings" -0008: -0009: configaccess "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/access/config_access" -0010: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0011: sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" -0012: log "github.com/sirupsen/logrus" -0013: ) -0014: -0015: // ReconcileProviders builds the desired provider list by reusing existing providers when possible -0016: // and creating or removing providers only when their configuration changed. It returns the final -0017: // ordered provider slice along with the identifiers of providers that were added, updated, or -0018: // removed compared to the previous configuration. -0019: func ReconcileProviders(oldCfg, newCfg *config.Config, existing []sdkaccess.Provider) (result []sdkaccess.Provider, added, updated, removed []string, err error) { -0020: _ = oldCfg -0021: if newCfg == nil { -0022: return nil, nil, nil, nil, nil -0023: } -0024: -0025: result = sdkaccess.RegisteredProviders() -0026: -0027: existingMap := make(map[string]sdkaccess.Provider, len(existing)) -0028: for _, provider := range existing { -0029: providerID := identifierFromProvider(provider) -0030: if providerID == "" { -0031: continue -0032: } -0033: existingMap[providerID] = provider -0034: } -0035: -0036: finalIDs := make(map[string]struct{}, len(result)) -0037: -0038: isInlineProvider := func(id string) bool { -0039: return strings.EqualFold(id, sdkaccess.DefaultAccessProviderName) -0040: } -0041: appendChange := func(list *[]string, id string) { -0042: if isInlineProvider(id) { -0043: return -0044: } -0045: *list = append(*list, id) -0046: } -0047: -0048: for _, provider := range result { -0049: providerID := identifierFromProvider(provider) -0050: if providerID == "" { -0051: continue -0052: } -0053: finalIDs[providerID] = struct{}{} -0054: -0055: existingProvider, exists := existingMap[providerID] -0056: if !exists { -0057: appendChange(&added, providerID) -0058: continue -0059: } -0060: if !providerInstanceEqual(existingProvider, provider) { -0061: appendChange(&updated, providerID) -0062: } -0063: } -0064: -0065: for providerID := range existingMap { -0066: if _, exists := finalIDs[providerID]; exists { -0067: continue -0068: } -0069: appendChange(&removed, providerID) -0070: } -0071: -0072: sort.Strings(added) -0073: sort.Strings(updated) -0074: sort.Strings(removed) -0075: -0076: return result, added, updated, removed, nil -0077: } -0078: -0079: // ApplyAccessProviders reconciles the configured access providers against the -0080: // currently registered providers and updates the manager. It logs a concise -0081: // summary of the detected changes and returns whether any provider changed. -0082: func ApplyAccessProviders(manager *sdkaccess.Manager, oldCfg, newCfg *config.Config) (bool, error) { -0083: if manager == nil || newCfg == nil { -0084: return false, nil -0085: } -0086: -0087: existing := manager.Providers() -0088: configaccess.Register(&newCfg.SDKConfig) -0089: providers, added, updated, removed, err := ReconcileProviders(oldCfg, newCfg, existing) -0090: if err != nil { -0091: log.Errorf("failed to reconcile request auth providers: %v", err) -0092: return false, fmt.Errorf("reconciling access providers: %w", err) -0093: } -0094: -0095: manager.SetProviders(providers) -0096: -0097: if len(added)+len(updated)+len(removed) > 0 { -0098: log.Debugf("auth providers reconciled (added=%d updated=%d removed=%d)", len(added), len(updated), len(removed)) -0099: log.Debugf("auth providers changes details - added=%v updated=%v removed=%v", added, updated, removed) -0100: return true, nil -0101: } -0102: -0103: log.Debug("auth providers unchanged after config update") -0104: return false, nil -0105: } -0106: -0107: func identifierFromProvider(provider sdkaccess.Provider) string { -0108: if provider == nil { -0109: return "" -0110: } -0111: return strings.TrimSpace(provider.Identifier()) -0112: } -0113: -0114: func providerInstanceEqual(a, b sdkaccess.Provider) bool { -0115: if a == nil || b == nil { -0116: return a == nil && b == nil -0117: } -0118: if reflect.TypeOf(a) != reflect.TypeOf(b) { -0119: return false -0120: } -0121: valueA := reflect.ValueOf(a) -0122: valueB := reflect.ValueOf(b) -0123: if valueA.Kind() == reflect.Pointer && valueB.Kind() == reflect.Pointer { -0124: return valueA.Pointer() == valueB.Pointer() -0125: } -0126: return reflect.DeepEqual(a, b) -0127: } - -### FILE: pkg/llmproxy/api/handlers/management/api_tools.go -0001: package management -0002: -0003: import ( -0004: "bytes" -0005: "context" -0006: "encoding/json" -0007: "fmt" -0008: "io" -0009: "net" -0010: "net/http" -0011: "net/url" -0012: "strings" -0013: "time" -0014: -0015: "github.com/fxamacker/cbor/v2" -0016: "github.com/gin-gonic/gin" -0017: log "github.com/sirupsen/logrus" -0018: "golang.org/x/net/proxy" -0019: "golang.org/x/oauth2" -0020: "golang.org/x/oauth2/google" -0021: -0022: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/geminicli" -0023: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0024: ) -0025: -0026: const defaultAPICallTimeout = 60 * time.Second -0027: -0028: const ( -0029: geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" -0030: geminiOAuthClientSecret = "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" -0031: ) -0032: -0033: var geminiOAuthScopes = []string{ -0034: "https://www.googleapis.com/auth/cloud-platform", -0035: "https://www.googleapis.com/auth/userinfo.email", -0036: "https://www.googleapis.com/auth/userinfo.profile", -0037: } -0038: -0039: const ( -0040: antigravityOAuthClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" -0041: antigravityOAuthClientSecret = "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" -0042: ) -0043: -0044: var antigravityOAuthTokenURL = "https://oauth2.googleapis.com/token" -0045: -0046: type apiCallRequest struct { -0047: AuthIndexSnake *string `json:"auth_index"` -0048: AuthIndexCamel *string `json:"authIndex"` -0049: AuthIndexPascal *string `json:"AuthIndex"` -0050: Method string `json:"method"` -0051: URL string `json:"url"` -0052: Header map[string]string `json:"header"` -0053: Data string `json:"data"` -0054: } -0055: -0056: type apiCallResponse struct { -0057: StatusCode int `json:"status_code"` -0058: Header map[string][]string `json:"header"` -0059: Body string `json:"body"` -0060: Quota *QuotaSnapshots `json:"quota,omitempty"` -0061: } -0062: -0063: // APICall makes a generic HTTP request on behalf of the management API caller. -0064: // It is protected by the management middleware. -0065: // -0066: // Endpoint: -0067: // -0068: // POST /v0/management/api-call -0069: // -0070: // Authentication: -0071: // -0072: // Same as other management APIs (requires a management key and remote-management rules). -0073: // You can provide the key via: -0074: // - Authorization: Bearer -0075: // - X-Management-Key: -0076: // -0077: // Request JSON (supports both application/json and application/cbor): -0078: // - auth_index / authIndex / AuthIndex (optional): -0079: // The credential "auth_index" from GET /v0/management/auth-files (or other endpoints returning it). -0080: // If omitted or not found, credential-specific proxy/token substitution is skipped. -0081: // - method (required): HTTP method, e.g. GET, POST, PUT, PATCH, DELETE. -0082: // - url (required): Absolute URL including scheme and host, e.g. "https://api.example.com/v1/ping". -0083: // - header (optional): Request headers map. -0084: // Supports magic variable "$TOKEN$" which is replaced using the selected credential: -0085: // 1) metadata.access_token -0086: // 2) attributes.api_key -0087: // 3) metadata.token / metadata.id_token / metadata.cookie -0088: // Example: {"Authorization":"Bearer $TOKEN$"}. -0089: // Note: if you need to override the HTTP Host header, set header["Host"]. -0090: // - data (optional): Raw request body as string (useful for POST/PUT/PATCH). -0091: // -0092: // Proxy selection (highest priority first): -0093: // 1. Selected credential proxy_url -0094: // 2. Global config proxy-url -0095: // 3. Direct connect (environment proxies are not used) -0096: // -0097: // Response (returned with HTTP 200 when the APICall itself succeeds): -0098: // -0099: // Format matches request Content-Type (application/json or application/cbor) -0100: // - status_code: Upstream HTTP status code. -0101: // - header: Upstream response headers. -0102: // - body: Upstream response body as string. -0103: // - quota (optional): For GitHub Copilot enterprise accounts, contains quota_snapshots -0104: // with details for chat, completions, and premium_interactions. -0105: // -0106: // Example: -0107: // -0108: // curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -0109: // -H "Authorization: Bearer " \ -0110: // -H "Content-Type: application/json" \ -0111: // -d '{"auth_index":"","method":"GET","url":"https://api.example.com/v1/ping","header":{"Authorization":"Bearer $TOKEN$"}}' -0112: // -0113: // curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -0114: // -H "Authorization: Bearer 831227" \ -0115: // -H "Content-Type: application/json" \ -0116: // -d '{"auth_index":"","method":"POST","url":"https://api.example.com/v1/fetchAvailableModels","header":{"Authorization":"Bearer $TOKEN$","Content-Type":"application/json","User-Agent":"cliproxyapi"},"data":"{}"}' -0117: func (h *Handler) APICall(c *gin.Context) { -0118: // Detect content type -0119: contentType := strings.ToLower(strings.TrimSpace(c.GetHeader("Content-Type"))) -0120: isCBOR := strings.Contains(contentType, "application/cbor") -0121: -0122: var body apiCallRequest -0123: -0124: // Parse request body based on content type -0125: if isCBOR { -0126: rawBody, errRead := io.ReadAll(c.Request.Body) -0127: if errRead != nil { -0128: c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) -0129: return -0130: } -0131: if errUnmarshal := cbor.Unmarshal(rawBody, &body); errUnmarshal != nil { -0132: c.JSON(http.StatusBadRequest, gin.H{"error": "invalid cbor body"}) -0133: return -0134: } -0135: } else { -0136: if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { -0137: c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) -0138: return -0139: } -0140: } -0141: -0142: method := strings.ToUpper(strings.TrimSpace(body.Method)) -0143: if method == "" { -0144: c.JSON(http.StatusBadRequest, gin.H{"error": "missing method"}) -0145: return -0146: } -0147: -0148: urlStr := strings.TrimSpace(body.URL) -0149: if urlStr == "" { -0150: c.JSON(http.StatusBadRequest, gin.H{"error": "missing url"}) -0151: return -0152: } -0153: parsedURL, errParseURL := url.Parse(urlStr) -0154: if errParseURL != nil || parsedURL.Scheme == "" || parsedURL.Host == "" { -0155: c.JSON(http.StatusBadRequest, gin.H{"error": "invalid url"}) -0156: return -0157: } -0158: -0159: authIndex := firstNonEmptyString(body.AuthIndexSnake, body.AuthIndexCamel, body.AuthIndexPascal) -0160: auth := h.authByIndex(authIndex) - -### FILE: pkg/llmproxy/api/handlers/management/api_tools_cbor_test.go -0001: package management -0002: -0003: import ( -0004: "bytes" -0005: "encoding/json" -0006: "net/http" -0007: "net/http/httptest" -0008: "testing" -0009: -0010: "github.com/fxamacker/cbor/v2" -0011: "github.com/gin-gonic/gin" -0012: ) -0013: -0014: func TestAPICall_CBOR_Support(t *testing.T) { -0015: gin.SetMode(gin.TestMode) -0016: -0017: // Create a test handler -0018: h := &Handler{} -0019: -0020: // Create test request data -0021: reqData := apiCallRequest{ -0022: Method: "GET", -0023: URL: "https://httpbin.org/get", -0024: Header: map[string]string{ -0025: "User-Agent": "test-client", -0026: }, -0027: } -0028: -0029: t.Run("JSON request and response", func(t *testing.T) { -0030: // Marshal request as JSON -0031: jsonData, err := json.Marshal(reqData) -0032: if err != nil { -0033: t.Fatalf("Failed to marshal JSON: %v", err) -0034: } -0035: -0036: // Create HTTP request -0037: req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(jsonData)) -0038: req.Header.Set("Content-Type", "application/json") -0039: -0040: // Create response recorder -0041: w := httptest.NewRecorder() -0042: -0043: // Create Gin context -0044: c, _ := gin.CreateTestContext(w) -0045: c.Request = req -0046: -0047: // Call handler -0048: h.APICall(c) -0049: -0050: // Verify response -0051: if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { -0052: t.Logf("Response status: %d", w.Code) -0053: t.Logf("Response body: %s", w.Body.String()) -0054: } -0055: -0056: // Check content type -0057: contentType := w.Header().Get("Content-Type") -0058: if w.Code == http.StatusOK && !contains(contentType, "application/json") { -0059: t.Errorf("Expected JSON response, got: %s", contentType) -0060: } -0061: }) -0062: -0063: t.Run("CBOR request and response", func(t *testing.T) { -0064: // Marshal request as CBOR -0065: cborData, err := cbor.Marshal(reqData) -0066: if err != nil { -0067: t.Fatalf("Failed to marshal CBOR: %v", err) -0068: } -0069: -0070: // Create HTTP request -0071: req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(cborData)) -0072: req.Header.Set("Content-Type", "application/cbor") -0073: -0074: // Create response recorder -0075: w := httptest.NewRecorder() -0076: -0077: // Create Gin context -0078: c, _ := gin.CreateTestContext(w) -0079: c.Request = req -0080: -0081: // Call handler -0082: h.APICall(c) -0083: -0084: // Verify response -0085: if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { -0086: t.Logf("Response status: %d", w.Code) -0087: t.Logf("Response body: %s", w.Body.String()) -0088: } -0089: -0090: // Check content type -0091: contentType := w.Header().Get("Content-Type") -0092: if w.Code == http.StatusOK && !contains(contentType, "application/cbor") { -0093: t.Errorf("Expected CBOR response, got: %s", contentType) -0094: } -0095: -0096: // Try to decode CBOR response -0097: if w.Code == http.StatusOK { -0098: var response apiCallResponse -0099: if err := cbor.Unmarshal(w.Body.Bytes(), &response); err != nil { -0100: t.Errorf("Failed to unmarshal CBOR response: %v", err) -0101: } else { -0102: t.Logf("CBOR response decoded successfully: status_code=%d", response.StatusCode) -0103: } -0104: } -0105: }) -0106: -0107: t.Run("CBOR encoding and decoding consistency", func(t *testing.T) { -0108: // Test data -0109: testReq := apiCallRequest{ -0110: Method: "POST", -0111: URL: "https://example.com/api", -0112: Header: map[string]string{ -0113: "Authorization": "Bearer $TOKEN$", -0114: "Content-Type": "application/json", -0115: }, -0116: Data: `{"key":"value"}`, -0117: } -0118: -0119: // Encode to CBOR -0120: cborData, err := cbor.Marshal(testReq) -0121: if err != nil { -0122: t.Fatalf("Failed to marshal to CBOR: %v", err) -0123: } -0124: -0125: // Decode from CBOR -0126: var decoded apiCallRequest -0127: if err := cbor.Unmarshal(cborData, &decoded); err != nil { -0128: t.Fatalf("Failed to unmarshal from CBOR: %v", err) -0129: } -0130: -0131: // Verify fields -0132: if decoded.Method != testReq.Method { -0133: t.Errorf("Method mismatch: got %s, want %s", decoded.Method, testReq.Method) -0134: } -0135: if decoded.URL != testReq.URL { -0136: t.Errorf("URL mismatch: got %s, want %s", decoded.URL, testReq.URL) -0137: } -0138: if decoded.Data != testReq.Data { -0139: t.Errorf("Data mismatch: got %s, want %s", decoded.Data, testReq.Data) -0140: } -0141: if len(decoded.Header) != len(testReq.Header) { -0142: t.Errorf("Header count mismatch: got %d, want %d", len(decoded.Header), len(testReq.Header)) -0143: } -0144: }) -0145: } -0146: -0147: func contains(s, substr string) bool { -0148: return len(s) > 0 && len(substr) > 0 && (s == substr || len(s) >= len(substr) && s[:len(substr)] == substr || bytes.Contains([]byte(s), []byte(substr))) -0149: } - -### FILE: pkg/llmproxy/api/handlers/management/api_tools_test.go -0001: package management -0002: -0003: import ( -0004: "context" -0005: "encoding/json" -0006: "io" -0007: "net/http" -0008: "net/http/httptest" -0009: "net/url" -0010: "strings" -0011: "sync" -0012: "testing" -0013: "time" -0014: -0015: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0016: ) -0017: -0018: type memoryAuthStore struct { -0019: mu sync.Mutex -0020: items map[string]*coreauth.Auth -0021: } -0022: -0023: func (s *memoryAuthStore) List(ctx context.Context) ([]*coreauth.Auth, error) { -0024: _ = ctx -0025: s.mu.Lock() -0026: defer s.mu.Unlock() -0027: out := make([]*coreauth.Auth, 0, len(s.items)) -0028: for _, a := range s.items { -0029: out = append(out, a.Clone()) -0030: } -0031: return out, nil -0032: } -0033: -0034: func (s *memoryAuthStore) Save(ctx context.Context, auth *coreauth.Auth) (string, error) { -0035: _ = ctx -0036: if auth == nil { -0037: return "", nil -0038: } -0039: s.mu.Lock() -0040: if s.items == nil { -0041: s.items = make(map[string]*coreauth.Auth) -0042: } -0043: s.items[auth.ID] = auth.Clone() -0044: s.mu.Unlock() -0045: return auth.ID, nil -0046: } -0047: -0048: func (s *memoryAuthStore) Delete(ctx context.Context, id string) error { -0049: _ = ctx -0050: s.mu.Lock() -0051: delete(s.items, id) -0052: s.mu.Unlock() -0053: return nil -0054: } -0055: -0056: func TestResolveTokenForAuth_Antigravity_RefreshesExpiredToken(t *testing.T) { -0057: var callCount int -0058: srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { -0059: callCount++ -0060: if r.Method != http.MethodPost { -0061: t.Fatalf("expected POST, got %s", r.Method) -0062: } -0063: if ct := r.Header.Get("Content-Type"); !strings.HasPrefix(ct, "application/x-www-form-urlencoded") { -0064: t.Fatalf("unexpected content-type: %s", ct) -0065: } -0066: bodyBytes, _ := io.ReadAll(r.Body) -0067: _ = r.Body.Close() -0068: values, err := url.ParseQuery(string(bodyBytes)) -0069: if err != nil { -0070: t.Fatalf("parse form: %v", err) -0071: } -0072: if values.Get("grant_type") != "refresh_token" { -0073: t.Fatalf("unexpected grant_type: %s", values.Get("grant_type")) -0074: } -0075: if values.Get("refresh_token") != "rt" { -0076: t.Fatalf("unexpected refresh_token: %s", values.Get("refresh_token")) -0077: } -0078: if values.Get("client_id") != antigravityOAuthClientID { -0079: t.Fatalf("unexpected client_id: %s", values.Get("client_id")) -0080: } -0081: if values.Get("client_secret") != antigravityOAuthClientSecret { -0082: t.Fatalf("unexpected client_secret") -0083: } -0084: -0085: w.Header().Set("Content-Type", "application/json") -0086: _ = json.NewEncoder(w).Encode(map[string]any{ -0087: "access_token": "new-token", -0088: "refresh_token": "rt2", -0089: "expires_in": int64(3600), -0090: "token_type": "Bearer", -0091: }) -0092: })) -0093: t.Cleanup(srv.Close) -0094: -0095: originalURL := antigravityOAuthTokenURL -0096: antigravityOAuthTokenURL = srv.URL -0097: t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) -0098: -0099: store := &memoryAuthStore{} -0100: manager := coreauth.NewManager(store, nil, nil) -0101: -0102: auth := &coreauth.Auth{ -0103: ID: "antigravity-test.json", -0104: FileName: "antigravity-test.json", -0105: Provider: "antigravity", -0106: Metadata: map[string]any{ -0107: "type": "antigravity", -0108: "access_token": "old-token", -0109: "refresh_token": "rt", -0110: "expires_in": int64(3600), -0111: "timestamp": time.Now().Add(-2 * time.Hour).UnixMilli(), -0112: "expired": time.Now().Add(-1 * time.Hour).Format(time.RFC3339), -0113: }, -0114: } -0115: if _, err := manager.Register(context.Background(), auth); err != nil { -0116: t.Fatalf("register auth: %v", err) -0117: } -0118: -0119: h := &Handler{authManager: manager} -0120: token, err := h.resolveTokenForAuth(context.Background(), auth) -0121: if err != nil { -0122: t.Fatalf("resolveTokenForAuth: %v", err) -0123: } -0124: if token != "new-token" { -0125: t.Fatalf("expected refreshed token, got %q", token) -0126: } -0127: if callCount != 1 { -0128: t.Fatalf("expected 1 refresh call, got %d", callCount) -0129: } -0130: -0131: updated, ok := manager.GetByID(auth.ID) -0132: if !ok || updated == nil { -0133: t.Fatalf("expected auth in manager after update") -0134: } -0135: if got := tokenValueFromMetadata(updated.Metadata); got != "new-token" { -0136: t.Fatalf("expected manager metadata updated, got %q", got) -0137: } -0138: } -0139: -0140: func TestResolveTokenForAuth_Antigravity_SkipsRefreshWhenTokenValid(t *testing.T) { -0141: var callCount int -0142: srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { -0143: callCount++ -0144: w.WriteHeader(http.StatusInternalServerError) -0145: })) -0146: t.Cleanup(srv.Close) -0147: -0148: originalURL := antigravityOAuthTokenURL -0149: antigravityOAuthTokenURL = srv.URL -0150: t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) -0151: -0152: auth := &coreauth.Auth{ -0153: ID: "antigravity-valid.json", -0154: FileName: "antigravity-valid.json", -0155: Provider: "antigravity", -0156: Metadata: map[string]any{ -0157: "type": "antigravity", -0158: "access_token": "ok-token", -0159: "expired": time.Now().Add(30 * time.Minute).Format(time.RFC3339), -0160: }, - -### FILE: pkg/llmproxy/api/handlers/management/auth_files.go -0001: package management -0002: -0003: import ( -0004: "bytes" -0005: "context" -0006: "crypto/rand" -0007: "crypto/sha256" -0008: "encoding/base64" -0009: "encoding/hex" -0010: "encoding/json" -0011: "errors" -0012: "fmt" -0013: "io" -0014: "net" -0015: "net/http" -0016: "net/url" -0017: "os" -0018: "path/filepath" -0019: "sort" -0020: "strconv" -0021: "strings" -0022: "sync" -0023: "time" -0024: -0025: "github.com/gin-gonic/gin" -0026: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/antigravity" -0027: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/claude" -0028: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/codex" -0029: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/copilot" -0030: geminiAuth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/gemini" -0031: iflowauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow" -0032: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kilo" -0033: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kimi" -0034: kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" -0035: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/qwen" -0036: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -0037: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -0038: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -0039: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -0040: sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" -0041: coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -0042: log "github.com/sirupsen/logrus" -0043: "github.com/tidwall/gjson" -0044: "golang.org/x/oauth2" -0045: "golang.org/x/oauth2/google" -0046: ) -0047: -0048: var lastRefreshKeys = []string{"last_refresh", "lastRefresh", "last_refreshed_at", "lastRefreshedAt"} -0049: -0050: const ( -0051: anthropicCallbackPort = 54545 -0052: geminiCallbackPort = 8085 -0053: codexCallbackPort = 1455 -0054: geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" -0055: geminiCLIVersion = "v1internal" -0056: geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" -0057: geminiCLIApiClient = "gl-node/22.17.0" -0058: geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -0059: ) -0060: -0061: type callbackForwarder struct { -0062: provider string -0063: server *http.Server -0064: done chan struct{} -0065: } -0066: -0067: var ( -0068: callbackForwardersMu sync.Mutex -0069: callbackForwarders = make(map[int]*callbackForwarder) -0070: ) -0071: -0072: func extractLastRefreshTimestamp(meta map[string]any) (time.Time, bool) { -0073: if len(meta) == 0 { -0074: return time.Time{}, false -0075: } -0076: for _, key := range lastRefreshKeys { -0077: if val, ok := meta[key]; ok { -0078: if ts, ok1 := parseLastRefreshValue(val); ok1 { -0079: return ts, true -0080: } -0081: } -0082: } -0083: return time.Time{}, false -0084: } -0085: -0086: func parseLastRefreshValue(v any) (time.Time, bool) { -0087: switch val := v.(type) { -0088: case string: -0089: s := strings.TrimSpace(val) -0090: if s == "" { -0091: return time.Time{}, false -0092: } -0093: layouts := []string{time.RFC3339, time.RFC3339Nano, "2006-01-02 15:04:05", "2006-01-02T15:04:05Z07:00"} -0094: for _, layout := range layouts { -0095: if ts, err := time.Parse(layout, s); err == nil { -0096: return ts.UTC(), true -0097: } -0098: } -0099: if unix, err := strconv.ParseInt(s, 10, 64); err == nil && unix > 0 { -0100: return time.Unix(unix, 0).UTC(), true -0101: } -0102: case float64: -0103: if val <= 0 { -0104: return time.Time{}, false -0105: } -0106: return time.Unix(int64(val), 0).UTC(), true -0107: case int64: -0108: if val <= 0 { -0109: return time.Time{}, false -0110: } -0111: return time.Unix(val, 0).UTC(), true -0112: case int: -0113: if val <= 0 { -0114: return time.Time{}, false -0115: } -0116: return time.Unix(int64(val), 0).UTC(), true -0117: case json.Number: -0118: if i, err := val.Int64(); err == nil && i > 0 { -0119: return time.Unix(i, 0).UTC(), true -0120: } -0121: } -0122: return time.Time{}, false -0123: } -0124: -0125: func isWebUIRequest(c *gin.Context) bool { -0126: raw := strings.TrimSpace(c.Query("is_webui")) -0127: if raw == "" { -0128: return false -0129: } -0130: switch strings.ToLower(raw) { -0131: case "1", "true", "yes", "on": -0132: return true -0133: default: -0134: return false -0135: } -0136: } -0137: -0138: func startCallbackForwarder(port int, provider, targetBase string) (*callbackForwarder, error) { -0139: callbackForwardersMu.Lock() -0140: prev := callbackForwarders[port] -0141: if prev != nil { -0142: delete(callbackForwarders, port) -0143: } -0144: callbackForwardersMu.Unlock() -0145: -0146: if prev != nil { -0147: stopForwarderInstance(port, prev) -0148: } -0149: -0150: addr := fmt.Sprintf("127.0.0.1:%d", port) -0151: ln, err := net.Listen("tcp", addr) -0152: if err != nil { -0153: return nil, fmt.Errorf("failed to listen on %s: %w", addr, err) -0154: } -0155: -0156: handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { -0157: target := targetBase -0158: if raw := r.URL.RawQuery; raw != "" { -0159: if strings.Contains(target, "?") { -0160: target = target + "&" + raw - -### FILE: pkg/llmproxy/api/handlers/management/config_basic.go -0001: package management -0002: -0003: import ( -0004: "encoding/json" -0005: "fmt" -0006: "io" -0007: "net/http" -0008: "os" -0009: "path/filepath" -0010: "strings" -0011: "time" -0012: -0013: "github.com/gin-gonic/gin" -0014: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0015: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -0016: sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -0017: log "github.com/sirupsen/logrus" -0018: "gopkg.in/yaml.v3" -0019: ) -0020: -0021: const ( -0022: latestReleaseURL = "https://api.github.com/repos/KooshaPari/cliproxyapi-plusplus/releases/latest" -0023: latestReleaseUserAgent = "cliproxyapi++" -0024: ) -0025: -0026: func (h *Handler) GetConfig(c *gin.Context) { -0027: if h == nil || h.cfg == nil { -0028: c.JSON(200, gin.H{}) -0029: return -0030: } -0031: c.JSON(200, new(*h.cfg)) -0032: } -0033: -0034: type releaseInfo struct { -0035: TagName string `json:"tag_name"` -0036: Name string `json:"name"` -0037: } -0038: -0039: // GetLatestVersion returns the latest release version from GitHub without downloading assets. -0040: func (h *Handler) GetLatestVersion(c *gin.Context) { -0041: client := &http.Client{Timeout: 10 * time.Second} -0042: proxyURL := "" -0043: if h != nil && h.cfg != nil { -0044: proxyURL = strings.TrimSpace(h.cfg.ProxyURL) -0045: } -0046: if proxyURL != "" { -0047: sdkCfg := &sdkconfig.SDKConfig{ProxyURL: proxyURL} -0048: util.SetProxy(sdkCfg, client) -0049: } -0050: -0051: req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, latestReleaseURL, nil) -0052: if err != nil { -0053: c.JSON(http.StatusInternalServerError, gin.H{"error": "request_create_failed", "message": err.Error()}) -0054: return -0055: } -0056: req.Header.Set("Accept", "application/vnd.github+json") -0057: req.Header.Set("User-Agent", latestReleaseUserAgent) -0058: -0059: resp, err := client.Do(req) -0060: if err != nil { -0061: c.JSON(http.StatusBadGateway, gin.H{"error": "request_failed", "message": err.Error()}) -0062: return -0063: } -0064: defer func() { -0065: if errClose := resp.Body.Close(); errClose != nil { -0066: log.WithError(errClose).Debug("failed to close latest version response body") -0067: } -0068: }() -0069: -0070: if resp.StatusCode != http.StatusOK { -0071: body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) -0072: c.JSON(http.StatusBadGateway, gin.H{"error": "unexpected_status", "message": fmt.Sprintf("status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))}) -0073: return -0074: } -0075: -0076: var info releaseInfo -0077: if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { -0078: c.JSON(http.StatusBadGateway, gin.H{"error": "decode_failed", "message": errDecode.Error()}) -0079: return -0080: } -0081: -0082: version := strings.TrimSpace(info.TagName) -0083: if version == "" { -0084: version = strings.TrimSpace(info.Name) -0085: } -0086: if version == "" { -0087: c.JSON(http.StatusBadGateway, gin.H{"error": "invalid_response", "message": "missing release version"}) -0088: return -0089: } -0090: -0091: c.JSON(http.StatusOK, gin.H{"latest-version": version}) -0092: } -0093: -0094: func WriteConfig(path string, data []byte) error { -0095: data = config.NormalizeCommentIndentation(data) -0096: f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) -0097: if err != nil { -0098: return err -0099: } -0100: if _, errWrite := f.Write(data); errWrite != nil { -0101: _ = f.Close() -0102: return errWrite -0103: } -0104: if errSync := f.Sync(); errSync != nil { -0105: _ = f.Close() -0106: return errSync -0107: } -0108: return f.Close() -0109: } -0110: -0111: func (h *Handler) PutConfigYAML(c *gin.Context) { -0112: body, err := io.ReadAll(c.Request.Body) -0113: if err != nil { -0114: c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": "cannot read request body"}) -0115: return -0116: } -0117: var cfg config.Config -0118: if err = yaml.Unmarshal(body, &cfg); err != nil { -0119: c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": err.Error()}) -0120: return -0121: } -0122: // Validate config using LoadConfigOptional with optional=false to enforce parsing -0123: tmpDir := filepath.Dir(h.configFilePath) -0124: tmpFile, err := os.CreateTemp(tmpDir, "config-validate-*.yaml") -0125: if err != nil { -0126: c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()}) -0127: return -0128: } -0129: tempFile := tmpFile.Name() -0130: if _, errWrite := tmpFile.Write(body); errWrite != nil { -0131: _ = tmpFile.Close() -0132: _ = os.Remove(tempFile) -0133: c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errWrite.Error()}) -0134: return -0135: } -0136: if errClose := tmpFile.Close(); errClose != nil { -0137: _ = os.Remove(tempFile) -0138: c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errClose.Error()}) -0139: return -0140: } -0141: defer func() { -0142: _ = os.Remove(tempFile) -0143: }() -0144: _, err = config.LoadConfigOptional(tempFile, false) -0145: if err != nil { -0146: c.JSON(http.StatusUnprocessableEntity, gin.H{"error": "invalid_config", "message": err.Error()}) -0147: return -0148: } -0149: h.mu.Lock() -0150: defer h.mu.Unlock() -0151: if WriteConfig(h.configFilePath, body) != nil { -0152: c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": "failed to write config"}) -0153: return -0154: } -0155: // Reload into handler to keep memory in sync -0156: newCfg, err := config.LoadConfig(h.configFilePath) -0157: if err != nil { -0158: c.JSON(http.StatusInternalServerError, gin.H{"error": "reload_failed", "message": err.Error()}) -0159: return -0160: } - -### FILE: pkg/llmproxy/api/handlers/management/config_lists.go -0001: package management -0002: -0003: import ( -0004: "encoding/json" -0005: "fmt" -0006: "strings" -0007: -0008: "github.com/gin-gonic/gin" -0009: "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -0010: ) -0011: -0012: // Generic helpers for list[string] -0013: func (h *Handler) putStringList(c *gin.Context, set func([]string), after func()) { -0014: data, err := c.GetRawData() -0015: if err != nil { -0016: c.JSON(400, gin.H{"error": "failed to read body"}) -0017: return -0018: } -0019: var arr []string -0020: if err = json.Unmarshal(data, &arr); err != nil { -0021: var obj struct { -0022: Items []string `json:"items"` -0023: } -0024: if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { -0025: c.JSON(400, gin.H{"error": "invalid body"}) -0026: return -0027: } -0028: arr = obj.Items -0029: } -0030: set(arr) -0031: if after != nil { -0032: after() -0033: } -0034: h.persist(c) -0035: } -0036: -0037: func (h *Handler) patchStringList(c *gin.Context, target *[]string, after func()) { -0038: var body struct { -0039: Old *string `json:"old"` -0040: New *string `json:"new"` -0041: Index *int `json:"index"` -0042: Value *string `json:"value"` -0043: } -0044: if err := c.ShouldBindJSON(&body); err != nil { -0045: c.JSON(400, gin.H{"error": "invalid body"}) -0046: return -0047: } -0048: if body.Index != nil && body.Value != nil && *body.Index >= 0 && *body.Index < len(*target) { -0049: (*target)[*body.Index] = *body.Value -0050: if after != nil { -0051: after() -0052: } -0053: h.persist(c) -0054: return -0055: } -0056: if body.Old != nil && body.New != nil { -0057: for i := range *target { -0058: if (*target)[i] == *body.Old { -0059: (*target)[i] = *body.New -0060: if after != nil { -0061: after() -0062: } -0063: h.persist(c) -0064: return -0065: } -0066: } -0067: *target = append(*target, *body.New) -0068: if after != nil { -0069: after() -0070: } -0071: h.persist(c) -0072: return -0073: } -0074: c.JSON(400, gin.H{"error": "missing fields"}) -0075: } -0076: -0077: func (h *Handler) deleteFromStringList(c *gin.Context, target *[]string, after func()) { -0078: if idxStr := c.Query("index"); idxStr != "" { -0079: var idx int -0080: _, err := fmt.Sscanf(idxStr, "%d", &idx) -0081: if err == nil && idx >= 0 && idx < len(*target) { -0082: *target = append((*target)[:idx], (*target)[idx+1:]...) -0083: if after != nil { -0084: after() -0085: } -0086: h.persist(c) -0087: return -0088: } -0089: } -0090: if val := strings.TrimSpace(c.Query("value")); val != "" { -0091: out := make([]string, 0, len(*target)) -0092: for _, v := range *target { -0093: if strings.TrimSpace(v) != val { -0094: out = append(out, v) -0095: } diff --git a/.worktrees/config/m/config-build/active/llms.txt b/.worktrees/config/m/config-build/active/llms.txt deleted file mode 100644 index ebcec80e4a..0000000000 --- a/.worktrees/config/m/config-build/active/llms.txt +++ /dev/null @@ -1,1000 +0,0 @@ -# cliproxyapi++ LLM Context (Concise) -Generated from repository files for agent/dev/user consumption. - -## README Highlights -# cliproxyapi++ 🚀 -[![Go Report Card](https://goreportcard.com/badge/github.com/KooshaPari/cliproxyapi-plusplus)](https://goreportcard.com/report/github.com/KooshaPari/cliproxyapi-plusplus) -[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Docker Pulls](https://img.shields.io/docker/pulls/kooshapari/cliproxyapi-plusplus.svg)](https://hub.docker.com/r/kooshapari/cliproxyapi-plusplus) -[![GitHub Release](https://img.shields.io/github/v/release/KooshaPari/cliproxyapi-plusplus)](https://github.com/KooshaPari/cliproxyapi-plusplus/releases) -English | [中文](README_CN.md) -**cliproxyapi++** is the definitive high-performance, security-hardened fork of [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI). Designed with a "Defense in Depth" philosophy and a "Library-First" architecture, it provides an OpenAI-compatible interface for proprietary LLMs with enterprise-grade stability. ---- -## 🏆 Deep Dive: The `++` Advantage -Why choose **cliproxyapi++** over the mainline? While the mainline focus is on open-source stability, the `++` variant is built for high-scale, production environments where security, automated lifecycle management, and broad provider support are critical. -Full feature-by-feature change reference: -- **[Feature Changes in ++](./docs/FEATURE_CHANGES_PLUSPLUS.md)** -### 📊 Feature Comparison Matrix -| Feature | Mainline | CLIProxyAPI+ | **cliproxyapi++** | -| :--- | :---: | :---: | :---: | -| **Core Proxy Logic** | ✅ | ✅ | ✅ | -| **Basic Provider Support** | ✅ | ✅ | ✅ | -| **Standard UI** | ❌ | ✅ | ✅ | -| **Advanced Auth (Kiro/Copilot)** | ❌ | ⚠️ | ✅ **(Full Support)** | -| **Background Token Refresh** | ❌ | ❌ | ✅ **(Auto-Refresh)** | -| **Security Hardening** | Basic | Basic | ✅ **(Enterprise-Grade)** | -| **Rate Limiting & Cooldown** | ❌ | ❌ | ✅ **(Intelligent)** | -| **Core Reusability** | `internal/` | `internal/` | ✅ **(`pkg/llmproxy`)** | -| **CI/CD Pipeline** | Basic | Basic | ✅ **(Signed/Multi-arch)** | ---- -## 🔍 Technical Differences & Hardening -### 1. Architectural Evolution: `pkg/llmproxy` -Unlike the mainline which keeps its core logic in `internal/` (preventing external Go projects from importing it), **cliproxyapi++** has refactored its entire translation and proxying engine into a clean, public `pkg/llmproxy` library. -* **Reusability**: Import the proxy logic directly into your own Go applications. -* **Decoupling**: Configuration management is strictly separated from execution logic. -### 2. Enterprise Authentication & Lifecycle -* **Full GitHub Copilot Integration**: Not just an API wrapper. `++` includes a full OAuth device flow, per-credential quota tracking, and intelligent session management. -* **Kiro (AWS CodeWhisperer) 2.0**: A custom-built web UI (`/v0/oauth/kiro`) for browser-based AWS Builder ID and Identity Center logins. -* **Background Token Refresh**: A dedicated worker service monitors tokens and automatically refreshes them 10 minutes before expiration, ensuring zero downtime for your agents. -### 3. Security Hardening ("Defense in Depth") -* **Path Guard**: A custom GitHub Action workflow (`pr-path-guard`) that prevents any unauthorized changes to critical `internal/translator/` logic during PRs. -* **Device Fingerprinting**: Generates unique, immutable device identifiers to satisfy strict provider security checks and prevent account flagging. -* **Hardened Docker Base**: Built on a specific, audited Alpine 3.22.0 layer with minimal packages, reducing the potential attack surface. -### 4. High-Scale Operations -* **Intelligent Cooldown**: Automated "cooling" mechanism that detects provider-side rate limits and intelligently pauses requests to specific providers while routing others. -* **Unified Model Converter**: A sophisticated mapping layer that allows you to request `claude-3-5-sonnet` and have the proxy automatically handle the specific protocol requirements of the target provider (Vertex, AWS, Anthropic, etc.). ---- -## 🚀 Getting Started -### Prerequisites -- [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) -- OR [Go 1.26+](https://golang.org/dl/) -### One-Command Deployment (Docker) -```bash -# Setup deployment -mkdir -p ~/cliproxy && cd ~/cliproxy -curl -o config.yaml https://raw.githubusercontent.com/KooshaPari/cliproxyapi-plusplus/main/config.example.yaml -# Create compose file -cat > docker-compose.yml << 'EOF' -services: -cliproxy: -image: KooshaPari/cliproxyapi-plusplus:latest -container_name: cliproxyapi++ -ports: ["8317:8317"] -volumes: -- ./config.yaml:/CLIProxyAPI/config.yaml -- ./auths:/root/.cli-proxy-api -- ./logs:/CLIProxyAPI/logs -restart: unless-stopped -EOF -docker compose up -d -``` ---- -## 🛠️ Advanced Usage -### Extended Provider Support -`cliproxyapi++` supports a massive registry of providers out-of-the-box: -* **Direct**: Claude, Gemini, OpenAI, Mistral, Groq, DeepSeek. -* **Aggregators**: OpenRouter, Together AI, Fireworks AI, Novita AI, SiliconFlow. -* **Proprietary**: Kiro (AWS), GitHub Copilot, Roo Code, Kilo AI, MiniMax. -### API Specification -The proxy provides two main API surfaces: -1. **OpenAI Interface**: `/v1/chat/completions` and `/v1/models` (Full parity). -2. **Management Interface**: -* `GET /v0/config`: Inspect current (hot-reloaded) config. -* `GET /v0/oauth/kiro`: Interactive Kiro auth UI. -* `GET /v0/logs`: Real-time log inspection. ---- -## 🤝 Contributing -We maintain strict quality gates to preserve the "hardened" status of the project: -1. **Linting**: Must pass `golangci-lint` with zero warnings. -2. **Coverage**: All new translator logic MUST include unit tests. -3. **Governance**: Changes to core `pkg/` logic require a corresponding Issue discussion. -See **[CONTRIBUTING.md](CONTRIBUTING.md)** for more details. ---- -## 📚 Documentation -- **[Docsets](./docs/docsets/)** — Role-oriented documentation sets. -- [Developer (Internal)](./docs/docsets/developer/internal/) -- [Developer (External)](./docs/docsets/developer/external/) -- [Technical User](./docs/docsets/user/) -- [Agent Operator](./docs/docsets/agent/) -- **[Feature Changes in ++](./docs/FEATURE_CHANGES_PLUSPLUS.md)** — Comprehensive list of `++` differences and impacts. -- **[Docs README](./docs/README.md)** — Core docs map. ---- -## 🚢 Docs Deploy -Local VitePress docs: -```bash -cd docs -npm install -npm run docs:dev -npm run docs:build -``` -GitHub Pages: -- Workflow: `.github/workflows/vitepress-pages.yml` -- URL convention: `https://.github.io/cliproxyapi-plusplus/` ---- -## 📜 License -Distributed under the MIT License. See [LICENSE](LICENSE) for more information. ---- -

-Hardened AI Infrastructure for the Modern Agentic Stack.
-Built with ❤️ by the community. -

- -## Taskfile Tasks -- GO_FILES -- default -- build -- run -- test -- lint -- tidy -- docker:build -- docker:run -- docker:stop -- doctor -- ax:spec - -## Documentation Index -- docs/FEATURE_CHANGES_PLUSPLUS.md -- docs/README.md -- docs/docsets/agent/index.md -- docs/docsets/agent/operating-model.md -- docs/docsets/developer/external/index.md -- docs/docsets/developer/external/integration-quickstart.md -- docs/docsets/developer/internal/architecture.md -- docs/docsets/developer/internal/index.md -- docs/docsets/index.md -- docs/docsets/user/index.md -- docs/docsets/user/quickstart.md -- docs/features/architecture/DEV.md -- docs/features/architecture/SPEC.md -- docs/features/architecture/USER.md -- docs/features/auth/SPEC.md -- docs/features/auth/USER.md -- docs/features/operations/SPEC.md -- docs/features/operations/USER.md -- docs/features/providers/SPEC.md -- docs/features/providers/USER.md -- docs/features/security/SPEC.md -- docs/features/security/USER.md -- docs/index.md -- docs/sdk-access.md -- docs/sdk-access_CN.md -- docs/sdk-advanced.md -- docs/sdk-advanced_CN.md -- docs/sdk-usage.md -- docs/sdk-usage_CN.md -- docs/sdk-watcher.md -- docs/sdk-watcher_CN.md - -## Markdown Headings -### docs/FEATURE_CHANGES_PLUSPLUS.md -- # cliproxyapi++ Feature Change Reference (`++` vs baseline) -- ## 1. Architecture Changes -- ## 2. Authentication and Identity Changes -- ## 3. Provider and Model Routing Changes -- ## 4. Security and Governance Changes -- ## 5. Operations and Delivery Changes -- ## 6. API and Compatibility Surface -- ## 7. Migration Impact Summary -### docs/README.md -- # cliproxyapi++ Documentation Index -- ## 📚 Documentation Structure -- ## 🚀 Quick Start -- ## 📖 Feature Documentation -- ### 1. Library-First Architecture -- ### 2. Enterprise Authentication -- ### 3. Security Hardening -- ### 4. High-Scale Operations -- ### 5. Provider Registry -- ## 🔧 API Documentation -- ### OpenAI-Compatible API -- ### Management API -- ### Operations API -- ## 🛠️ SDK Documentation -- ### Go SDK -- ## 🚀 Getting Started -- ### 1. Installation -- ### 2. Configuration -- ### 3. Add Credentials -- ### 4. Start Service -- ### 5. Make Request -- ## 🔍 Troubleshooting -- ### Common Issues -- ### Debug Mode -- ### Get Help -- ## 📊 Comparison: cliproxyapi++ vs Mainline -- ## 📝 Contributing -- ## 🔐 Security -- ## 📜 License -- ## 🗺️ Documentation Map -- ## 🤝 Community -### docs/docsets/agent/index.md -- # Agent Operator Docset -- ## Operator Focus -### docs/docsets/agent/operating-model.md -- # Agent Operating Model -- ## Execution Loop -### docs/docsets/developer/external/index.md -- # External Developer Docset -- ## Start Here -### docs/docsets/developer/external/integration-quickstart.md -- # Integration Quickstart -### docs/docsets/developer/internal/architecture.md -- # Internal Architecture -- ## Core Boundaries -- ## Maintainer Rules -### docs/docsets/developer/internal/index.md -- # Internal Developer Docset -- ## Read First -### docs/docsets/index.md -- # Docsets -- ## Developer -- ## User -- ## Agent -### docs/docsets/user/index.md -- # Technical User Docset -- ## Core Paths -### docs/docsets/user/quickstart.md -- # Technical User Quickstart -### docs/features/architecture/DEV.md -- # Developer Guide: Extending Library-First Architecture -- ## Contributing to pkg/llmproxy -- ## Project Structure -- ## Adding a New Provider -- ### Step 1: Define Provider Configuration -- ### Step 2: Implement Translator Interface -- ### Step 3: Implement Provider Executor -- ### Step 4: Register Provider -- ### Step 5: Add Tests -- ## Custom Authentication Flows -- ### Implementing OAuth -- ### Implementing Device Flow -- ## Performance Optimization -- ### Connection Pooling -- ### Rate Limiting Optimization -- ### Caching Strategy -- ## Testing Guidelines -- ### Unit Tests -- ### Integration Tests -- ### Contract Tests -- ## Submitting Changes -- ## API Stability -### docs/features/architecture/SPEC.md -- # Technical Specification: Library-First Architecture (pkg/llmproxy) -- ## Overview -- ## Architecture Migration -- ### Before: Mainline Structure -- ### After: cliproxyapi++ Structure -- ## Core Components -- ### 1. Translation Engine (`pkg/llmproxy/translator`) -- ### 2. Provider Execution (`pkg/llmproxy/provider`) -- ### 3. Configuration Management (`pkg/llmproxy/config`) -- ### 4. Watcher & Synthesis (`pkg/llmproxy/watcher`) -- ## Data Flow -- ### Request Processing Flow -- ### Configuration Reload Flow -- ### Token Refresh Flow -- ## Reusability Patterns -- ### Embedding as Library -- ### Custom Provider Integration -- ### Extending Configuration -- ## Performance Characteristics -- ### Memory Footprint -- ### Concurrency Model -- ### Throughput -- ## Security Considerations -- ### Public API Stability -- ### Input Validation -- ### Error Propagation -- ## Migration Guide -- ### From Mainline internal/ -- ### Function Compatibility -- ## Testing Strategy -- ### Unit Tests -- ### Integration Tests -- ### Contract Tests -### docs/features/architecture/USER.md -- # User Guide: Library-First Architecture -- ## What is "Library-First"? -- ## Why Use the Library? -- ### Benefits Over Standalone CLI -- ### When to Use Each -- ## Quick Start: Embedding in Your App -- ### Step 1: Install the SDK -- ### Step 2: Basic Embedding -- ### Step 3: Create Config File -- ### Step 4: Run Your App -- # Add your Claude API key -- # Run your app -- ## Advanced: Custom Translators -- ## Advanced: Custom Auth Management -- ## Advanced: Request Interception -- ## Advanced: Lifecycle Hooks -- ## Configuration: Hot Reload -- # config.yaml -- ## Configuration: Custom Sources -- ## Monitoring: Metrics -- ## Monitoring: Logging -- ## Troubleshooting -- ### Service Won't Start -- ### Config Changes Not Applied -- ### Custom Translator Not Working -- ### Performance Issues -- ## Next Steps -### docs/features/auth/SPEC.md -- # Technical Specification: Enterprise Authentication & Lifecycle -- ## Overview -- ## Authentication Architecture -- ### Core Components -- ## Authentication Flows -- ### 1. API Key Authentication -- ### 2. OAuth 2.0 Flow -- ### 3. Device Authorization Flow -- ## Provider-Specific Authentication -- ### GitHub Copilot (Full OAuth Device Flow) -- ### Kiro (AWS CodeWhisperer) -- ## Background Token Refresh -- ### Refresh Worker Architecture -- ### Refresh Strategies -- #### OAuth Refresh Token Flow -- #### Device Flow Re-authorization -- ## Credential Management -- ### Multi-Credential Support -- ### Quota Tracking -- ### Per-Request Quota Decuction -- ## Security Considerations -- ### Token Storage -- ### Token Validation -- ### Device Fingerprinting -- ## Error Handling -- ### Authentication Errors -- ### Retry Logic -- ## Monitoring -- ### Auth Metrics -- ### Health Checks -- ## API Reference -- ### Management Endpoints -- #### Get All Auths -- #### Add Auth -- #### Delete Auth -- #### Refresh Auth -### docs/features/auth/USER.md -- # User Guide: Enterprise Authentication -- ## Understanding Authentication in cliproxyapi++ -- ## Quick Start: Adding Credentials -- ### Method 1: Manual Configuration -- ### Method 2: Interactive Setup (Web UI) -- ### Method 3: CLI Commands -- # Add API key -- # Add with priority -- ## Authentication Methods -- ### API Key Authentication -- ### OAuth 2.0 Device Flow -- # Visit web UI -- # Enter your GitHub credentials -- # Authorize the application -- # Done! Token is stored and managed automatically -- ### Custom Provider Authentication -- ## Quota Management -- ### Understanding Quotas -- ### Setting Quotas -- # Update quota via API -- ### Quota Reset -- ## Automatic Token Refresh -- ### How It Works -- ### Configuration -- ### Monitoring Refresh -- # Check refresh status -- ## Multi-Credential Management -- ### Adding Multiple Credentials -- # First Claude key -- # Second Claude key -- ### Load Balancing Strategies -- ### Monitoring Credentials -- # List all credentials -- ## Credential Rotation -- ### Automatic Rotation -- ### Manual Rotation -- # Remove exhausted credential -- # Add new credential -- ## Troubleshooting -- ### Token Not Refreshing -- ### Authentication Failed -- ### Quota Exhausted -- ### OAuth Flow Stuck -- ### Credential Not Found -- ## Best Practices -- ### Security -- ### Performance -- ### Monitoring -- ## Advanced: Encryption -- ## API Reference -- ### Auth Management -- ## Next Steps -### docs/features/operations/SPEC.md -- # Technical Specification: High-Scale Operations -- ## Overview -- ## Operations Architecture -- ### Core Components -- ## Intelligent Cooldown System -- ### Rate Limit Detection -- ### Cooldown Duration -- ### Automatic Recovery -- ### Load Redistribution -- ## Load Balancing Strategies -- ### Strategy Interface -- ### Round-Robin Strategy -- ### Quota-Aware Strategy -- ### Latency-Based Strategy -- ### Cost-Based Strategy -- ## Health Monitoring -- ### Provider Health Checks -- ### Health Status -- ### Self-Healing -- ## Observability -- ### Metrics Collection -- ### Distributed Tracing -- ### Structured Logging -- ### Alerting -- ## Performance Optimization -- ### Connection Pooling -- ### Request Batching -- ### Response Caching -- ## Disaster Recovery -- ### Backup and Restore -- #!/bin/bash -- # backup.sh -- # Backup config -- # Backup auths -- # Backup logs -- #!/bin/bash -- # restore.sh -- # Extract config -- # Extract auths -- # Restart service -- ### Failover -- ## API Reference -- ### Operations Endpoints -### docs/features/operations/USER.md -- # User Guide: High-Scale Operations -- ## Understanding Operations in cliproxyapi++ -- ## Quick Start: Production Deployment -- ### docker-compose.yml (Production) -- # Security -- # Resources -- # Health check -- # Ports -- # Volumes -- # Restart -- ## Intelligent Cooldown -- ### What is Cooldown? -- ### Configure Cooldown -- ### Monitor Cooldown Status -- # Check cooldown status -- ### Manual Cooldown Control -- ## Load Balancing -- ### Choose a Strategy -- ### Round-Robin (Default) -- ### Quota-Aware -- ### Latency-Based -- ### Cost-Based -- ### Provider Priority -- ## Health Monitoring -- ### Configure Health Checks -- ### Monitor Provider Health -- # Check all providers -- ### Self-Healing -- ## Observability -- ### Enable Metrics -- # Request count -- # Error count -- # Token usage -- # Request latency -- ### Prometheus Integration -- ### Grafana Dashboards -- ### Structured Logging -- # Follow logs -- # Filter for errors -- # Pretty print JSON logs -- ### Distributed Tracing (Optional) -- ## Alerting -- ### Configure Alerts -- ### Notification Channels -- ## Performance Optimization -- ### Connection Pooling -- ### Request Batching -- ### Response Caching -- ## Disaster Recovery -- ### Backup Configuration -- #!/bin/bash -- # backup.sh -- # Create backup directory -- # Backup config -- # Backup auths -- # Backup logs -- # Remove old backups (keep last 30) -- # Run daily at 2 AM -- ### Restore Configuration -- #!/bin/bash -- # restore.sh -- # Stop service -- # Extract config -- # Extract auths -- # Start service -- ### Failover Configuration -- ## Troubleshooting -- ### High Error Rate -- ### Provider Always in Cooldown -- ### High Latency -- ### Memory Usage High -- ### Health Checks Failing -- ## Best Practices -- ### Deployment -- ### Monitoring -- ### Scaling -- ### Backup -- ## API Reference -- ### Operations Endpoints -- ## Next Steps -### docs/features/providers/SPEC.md -- # Technical Specification: Provider Registry & Support -- ## Overview -- ## Provider Architecture -- ### Provider Types -- ### Provider Interface -- ### Provider Configuration -- ## Direct Providers -- ### Claude (Anthropic) -- ### Gemini (Google) -- ### OpenAI -- ## Aggregator Providers -- ### OpenRouter -- ### Together AI -- ### Fireworks AI -- ## Proprietary Providers -- ### Kiro (AWS CodeWhisperer) -- ### GitHub Copilot -- ### Roo Code -- ### Kilo AI -- ### MiniMax -- ## Provider Registry -- ### Registry Interface -- ### Auto-Registration -- ## Model Mapping -- ### OpenAI to Provider Model Mapping -- ### Custom Model Mappings -- ## Provider Capabilities -- ### Capability Detection -- ### Capability Matrix -- ## Provider Selection -- ### Selection Strategies -- ### Request Routing -- ## Adding a New Provider -- ### Step 1: Define Provider -- ### Step 2: Register Provider -- ### Step 3: Add Configuration -- ## API Reference -- ### Provider Management -- ### Model Management -- ### Capability Query -### docs/features/providers/USER.md -- # User Guide: Provider Registry -- ## Understanding Providers in cliproxyapi++ -- ## Quick Start: Using a Provider -- ### 1. Add Provider Credential -- # Claude API key -- # OpenAI API key -- # Gemini API key -- ### 2. Configure Provider -- ### 3. Make Request -- ## Direct Providers -- ### Claude (Anthropic) -- ### Gemini (Google) -- ### OpenAI -- ## Aggregator Providers -- ### OpenRouter -- # Access Claude through OpenRouter -- ### Together AI -- ### Fireworks AI -- ## Proprietary Providers -- ### Kiro (AWS CodeWhisperer) -- ### GitHub Copilot -- ## Provider Selection -- ### Automatic Selection -- ### Model Aliases -- # Automatically routes to available provider -- ### Provider Priority -- ## Model Capabilities -- ### Check Capabilities -- # List all models -- # List models by provider -- # Get model details -- ### Capability Filtering -- # Check streaming support -- ## Provider Management -- ### List Providers -- ### Enable/Disable Provider -- # Enable -- # Disable -- ### Provider Status -- ## Troubleshooting -- ### Provider Not Responding -- ### Model Not Found -- ### Authentication Failed -- ### Rate Limit Exceeded -- ### OAuth Flow Stuck -- ## Best Practices -- ### Provider Selection -- ### Configuration -- ### Credentials -- ### Monitoring -- ## Provider Comparison -- ## API Reference -- ### Provider Endpoints -- ### Model Endpoints -- ### Capability Endpoints -- ## Next Steps -### docs/features/security/SPEC.md -- # Technical Specification: Security Hardening ("Defense in Depth") -- ## Overview -- ## Security Architecture -- ### Defense Layers -- ## Layer 1: Code Integrity -- ### Path Guard CI Enforcement -- # Only allow changes from trusted maintainers -- # Ensure core translation logic hasn't been tampered -- ### Signed Releases -- # Download release -- # Download signature -- # Import GPG key -- # Verify signature -- # Verify checksum -- ### Multi-Arch Builds -- ## Layer 2: Container Hardening -- ### Minimal Base Image -- # Install build dependencies -- # Build application -- # Final stage - minimal runtime -- # Non-root user -- # Read-only filesystem -- ### Security Context -- ### Seccomp Profiles -- ## Layer 3: Credential Security -- ### Encrypted Storage -- ### Secure File Permissions -- ### Token Refresh Isolation -- ### Device Fingerprinting -- ## Layer 4: Network Security -- ### TLS Enforcement -- ### Request Validation -- ### Rate Limiting -- ### IP Allowlisting -- ## Layer 5: Operational Security -- ### Audit Logging -- ### Secret Scanning -- #!/bin/bash -- # Scan for potential secrets -- ### Dependency Scanning -- ### Vulnerability Management -- ## Security Monitoring -- ### Metrics -- ### Incident Response -- ## Compliance -- ### SOC 2 Readiness -- ### GDPR Compliance -- ## Security Checklist -### docs/features/security/USER.md -- # User Guide: Security Hardening -- ## Understanding Security in cliproxyapi++ -- ## Quick Security Checklist -- # 1. Verify Docker image is signed -- # 2. Set secure file permissions -- # 3. Enable TLS -- # Edit config.yaml to enable TLS (see below) -- # 4. Enable encryption -- # Generate encryption key and set in config.yaml -- # 5. Configure rate limiting -- # Set appropriate limits in config.yaml -- ## Container Security -- ### Hardened Docker Deployment -- # Security options -- # Non-root user -- # Volumes (writable only for these) -- # Network -- # Resource limits -- ### Seccomp Profiles (Advanced) -- # Save seccomp profile -- # Use in docker-compose -- ## TLS Configuration -- ### Enable HTTPS -- ### Generate Self-Signed Certificate (Testing) -- # Generate private key -- # Generate certificate -- # Set permissions -- ### Use Let's Encrypt (Production) -- # Install certbot -- # Generate certificate -- # Copy to tls directory -- # Set permissions -- ## Credential Encryption -- ### Enable Encryption -- ### Generate Encryption Key -- # Method 1: Using openssl -- # Method 2: Using Python -- # Method 3: Using /dev/urandom -- ### Environment Variable (Recommended) -- # Set in environment -- # Use in docker-compose -- ### Migrating Existing Credentials -- # 1. Enable encryption in config.yaml -- # 2. Restart service -- # 3. Re-add credentials (they will be encrypted) -- ## Access Control -- ### IP Allowlisting -- ### IP Denylisting -- ### IP-Based Rate Limiting -- ## Rate Limiting -- ### Global Rate Limiting -- ### Per-Provider Rate Limiting -- ### Quota-Based Rate Limiting -- ## Security Headers -- ### Enable Security Headers -- ## Audit Logging -- ### Enable Audit Logging -- ### View Audit Logs -- # View all audit events -- # Filter for auth failures -- # Filter for security violations -- # Pretty print JSON logs -- ### Audit Log Format -- ## Security Monitoring -- ### Enable Metrics -- # HELP cliproxy_auth_failures_total Total authentication failures -- # TYPE cliproxy_auth_failures_total counter -- # HELP cliproxy_rate_limit_violations_total Total rate limit violations -- # TYPE cliproxy_rate_limit_violations_total counter -- # HELP cliproxy_security_events_total Total security events -- # TYPE cliproxy_security_events_total counter -- ### Query Metrics -- # Get auth failure rate -- # Get rate limit violations -- # Get all security events -- ## Incident Response -- ### Block Suspicious IP -- # Add to denylist -- ### Revoke Credentials -- # Delete credential -### docs/index.md -- # cliproxy++ -- ## Audience Docsets -- ## Key References -### docs/sdk-access.md -- # @sdk/access SDK Reference -- ## Importing -- ## Provider Registry -- ## Manager Lifecycle -- ## Authenticating Requests -- ## Built-in `config-api-key` Provider -- ## Loading Providers from External Go Modules -- ### Metadata and auditing -- ## Writing Custom Providers -- ## Error Semantics -- ## Integration with cliproxy Service -- ### Hot reloading -### docs/sdk-access_CN.md -- # @sdk/access 开发指引 -- ## 引用方式 -- ## Provider Registry -- ## 管理器生命周期 -- ## 认证请求 -- ## 内建 `config-api-key` Provider -- ## 引入外部 Go 模块提供者 -- ### 元数据与审计 -- ## 编写自定义提供者 -- ## 错误语义 -- ## 与 cliproxy 集成 -- ### 动态热更新提供者 -### docs/sdk-advanced.md -- # SDK Advanced: Executors & Translators -- ## Concepts -- ## 1) Implement a Provider Executor -- ## 2) Register Translators -- ## 3) Register Models -- ## Credentials & Transports -- ## Testing Tips -### docs/sdk-advanced_CN.md -- # SDK 高级指南:执行器与翻译器 -- ## 概念 -- ## 1) 实现 Provider 执行器 -- ## 2) 注册翻译器 -- ## 3) 注册模型 -- ## 凭据与传输 -- ## 测试建议 -### docs/sdk-usage.md -- # CLI Proxy SDK Guide -- ## Install & Import -- ## Minimal Embed -- ## Server Options (middleware, routes, logs) -- ## Management API (when embedded) -- ## Provider Metrics -- ## Using the Core Auth Manager -- ## Custom Client Sources -- ## Hooks -- ## Shutdown -- ## Notes -### docs/sdk-usage_CN.md -- # CLI Proxy SDK 使用指南 -- ## 安装与导入 -- ## 最小可用示例 -- ## 服务器可选项(中间件、路由、日志) -- ## 管理 API(内嵌时) -- ## 使用核心鉴权管理器 -- ## 自定义凭据来源 -- ## 启动钩子 -- ## 关闭 -- ## 说明 -### docs/sdk-watcher.md -- # SDK Watcher Integration -- ## Update Queue Contract -- ## Watcher Behaviour -- ## High-Frequency Change Handling -- ## Usage Checklist -### docs/sdk-watcher_CN.md -- # SDK Watcher集成说明 -- ## 更新队列契约 -- ## Watcher行为 -- ## 高频变更处理 -- ## 接入步骤 -### README.md -- # cliproxyapi++ 🚀 -- ## 🏆 Deep Dive: The `++` Advantage -- ### 📊 Feature Comparison Matrix -- ## 🔍 Technical Differences & Hardening -- ### 1. Architectural Evolution: `pkg/llmproxy` -- ### 2. Enterprise Authentication & Lifecycle -- ### 3. Security Hardening ("Defense in Depth") -- ### 4. High-Scale Operations -- ## 🚀 Getting Started -- ### Prerequisites -- ### One-Command Deployment (Docker) -- # Setup deployment -- # Create compose file -- ## 🛠️ Advanced Usage -- ### Extended Provider Support -- ### API Specification -- ## 🤝 Contributing -- ## 📚 Documentation -- ## 🚢 Docs Deploy -- ## 📜 License - -## Go Source Index -- cmd/codegen/main.go -- cmd/server/main.go -- examples/custom-provider/main.go -- examples/http-request/main.go -- examples/translator/main.go -- pkg/llmproxy/access/config_access/provider.go -- pkg/llmproxy/access/config_access/provider_test.go -- pkg/llmproxy/access/reconcile.go -- pkg/llmproxy/api/handlers/management/api_tools.go -- pkg/llmproxy/api/handlers/management/api_tools_cbor_test.go -- pkg/llmproxy/api/handlers/management/api_tools_test.go -- pkg/llmproxy/api/handlers/management/auth_files.go -- pkg/llmproxy/api/handlers/management/config_basic.go -- pkg/llmproxy/api/handlers/management/config_lists.go -- pkg/llmproxy/api/handlers/management/handler.go -- pkg/llmproxy/api/handlers/management/logs.go -- pkg/llmproxy/api/handlers/management/management_auth_test.go -- pkg/llmproxy/api/handlers/management/management_basic_test.go -- pkg/llmproxy/api/handlers/management/management_extra_test.go -- pkg/llmproxy/api/handlers/management/management_fields_test.go -- pkg/llmproxy/api/handlers/management/model_definitions.go -- pkg/llmproxy/api/handlers/management/oauth_callback.go -- pkg/llmproxy/api/handlers/management/oauth_sessions.go -- pkg/llmproxy/api/handlers/management/quota.go -- pkg/llmproxy/api/handlers/management/usage.go -- pkg/llmproxy/api/handlers/management/vertex_import.go -- pkg/llmproxy/api/middleware/request_logging.go -- pkg/llmproxy/api/middleware/request_logging_test.go -- pkg/llmproxy/api/middleware/response_writer.go -- pkg/llmproxy/api/middleware/response_writer_test.go -- pkg/llmproxy/api/modules/amp/amp.go -- pkg/llmproxy/api/modules/amp/amp_test.go -- pkg/llmproxy/api/modules/amp/fallback_handlers.go -- pkg/llmproxy/api/modules/amp/fallback_handlers_test.go -- pkg/llmproxy/api/modules/amp/gemini_bridge.go -- pkg/llmproxy/api/modules/amp/gemini_bridge_test.go -- pkg/llmproxy/api/modules/amp/model_mapping.go -- pkg/llmproxy/api/modules/amp/model_mapping_test.go -- pkg/llmproxy/api/modules/amp/proxy.go -- pkg/llmproxy/api/modules/amp/proxy_test.go -- pkg/llmproxy/api/modules/amp/response_rewriter.go -- pkg/llmproxy/api/modules/amp/response_rewriter_test.go -- pkg/llmproxy/api/modules/amp/routes.go -- pkg/llmproxy/api/modules/amp/routes_test.go -- pkg/llmproxy/api/modules/amp/secret.go -- pkg/llmproxy/api/modules/amp/secret_test.go -- pkg/llmproxy/api/modules/modules.go -- pkg/llmproxy/api/responses_websocket.go -- pkg/llmproxy/api/responses_websocket_test.go -- pkg/llmproxy/api/server.go -- pkg/llmproxy/api/server_test.go -- pkg/llmproxy/auth/antigravity/auth.go -- pkg/llmproxy/auth/antigravity/auth_test.go -- pkg/llmproxy/auth/antigravity/constants.go -- pkg/llmproxy/auth/antigravity/filename.go -- pkg/llmproxy/auth/claude/anthropic.go -- pkg/llmproxy/auth/claude/anthropic_auth.go -- pkg/llmproxy/auth/claude/claude_auth_test.go -- pkg/llmproxy/auth/claude/errors.go -- pkg/llmproxy/auth/claude/html_templates.go -- pkg/llmproxy/auth/claude/oauth_server.go -- pkg/llmproxy/auth/claude/pkce.go -- pkg/llmproxy/auth/claude/token.go -- pkg/llmproxy/auth/claude/utls_transport.go -- pkg/llmproxy/auth/codex/errors.go -- pkg/llmproxy/auth/codex/errors_test.go -- pkg/llmproxy/auth/codex/filename.go -- pkg/llmproxy/auth/codex/filename_test.go -- pkg/llmproxy/auth/codex/html_templates.go -- pkg/llmproxy/auth/codex/jwt_parser.go -- pkg/llmproxy/auth/codex/jwt_parser_test.go -- pkg/llmproxy/auth/codex/oauth_server.go -- pkg/llmproxy/auth/codex/oauth_server_test.go -- pkg/llmproxy/auth/codex/openai.go -- pkg/llmproxy/auth/codex/openai_auth.go -- pkg/llmproxy/auth/codex/openai_auth_test.go -- pkg/llmproxy/auth/codex/pkce.go -- pkg/llmproxy/auth/codex/pkce_test.go -- pkg/llmproxy/auth/codex/token.go -- pkg/llmproxy/auth/codex/token_test.go -- pkg/llmproxy/auth/copilot/copilot_auth.go -- pkg/llmproxy/auth/copilot/copilot_auth_test.go -- pkg/llmproxy/auth/copilot/copilot_extra_test.go -- pkg/llmproxy/auth/copilot/errors.go -- pkg/llmproxy/auth/copilot/errors_test.go -- pkg/llmproxy/auth/copilot/oauth.go -- pkg/llmproxy/auth/copilot/token.go -- pkg/llmproxy/auth/copilot/token_test.go -- pkg/llmproxy/auth/diff/auth_diff.go -- pkg/llmproxy/auth/diff/config_diff.go -- pkg/llmproxy/auth/diff/config_diff_test.go -- pkg/llmproxy/auth/diff/diff_generated.go -- pkg/llmproxy/auth/diff/model_hash.go -- pkg/llmproxy/auth/diff/model_hash_test.go -- pkg/llmproxy/auth/diff/models_summary.go -- pkg/llmproxy/auth/diff/oauth_excluded.go -- pkg/llmproxy/auth/diff/oauth_excluded_test.go -- pkg/llmproxy/auth/diff/oauth_model_alias.go -- pkg/llmproxy/auth/diff/openai_compat.go -- pkg/llmproxy/auth/diff/openai_compat_test.go -- pkg/llmproxy/auth/empty/token.go -- pkg/llmproxy/auth/gemini/gemini_auth.go -- pkg/llmproxy/auth/gemini/gemini_auth_test.go -- pkg/llmproxy/auth/gemini/gemini_token.go -- pkg/llmproxy/auth/iflow/cookie_helpers.go -- pkg/llmproxy/auth/iflow/iflow_auth.go -- pkg/llmproxy/auth/iflow/iflow_auth_test.go -- pkg/llmproxy/auth/iflow/iflow_token.go -- pkg/llmproxy/auth/iflow/oauth_server.go -- pkg/llmproxy/auth/kilo/kilo_auth.go -- pkg/llmproxy/auth/kilo/kilo_token.go -- pkg/llmproxy/auth/kimi/kimi.go -- pkg/llmproxy/auth/kimi/kimi_test.go -- pkg/llmproxy/auth/kimi/token.go -- pkg/llmproxy/auth/kiro/aws.go -- pkg/llmproxy/auth/kiro/aws_auth.go -- pkg/llmproxy/auth/kiro/aws_extra_test.go -- pkg/llmproxy/auth/kiro/aws_test.go -- pkg/llmproxy/auth/kiro/background_refresh.go -- pkg/llmproxy/auth/kiro/codewhisperer_client.go -- pkg/llmproxy/auth/kiro/cooldown.go -- pkg/llmproxy/auth/kiro/cooldown_test.go -- pkg/llmproxy/auth/kiro/fingerprint.go -- pkg/llmproxy/auth/kiro/fingerprint_test.go -- pkg/llmproxy/auth/kiro/jitter.go -- pkg/llmproxy/auth/kiro/jitter_test.go -- pkg/llmproxy/auth/kiro/metrics.go -- pkg/llmproxy/auth/kiro/metrics_test.go -- pkg/llmproxy/auth/kiro/oauth.go -- pkg/llmproxy/auth/kiro/oauth_web.go diff --git a/.worktrees/config/m/config-build/active/patches/cursor-minimax-channels.patch b/.worktrees/config/m/config-build/active/patches/cursor-minimax-channels.patch deleted file mode 100644 index b164bb9b7a..0000000000 --- a/.worktrees/config/m/config-build/active/patches/cursor-minimax-channels.patch +++ /dev/null @@ -1,204 +0,0 @@ -diff --git a/config.example.yaml b/config.example.yaml -index 94ba38c..65a8beb 100644 ---- a/config.example.yaml -+++ b/config.example.yaml -@@ -170,6 +170,28 @@ nonstream-keepalive-interval: 0 - # proxy-url: "socks5://proxy.example.com:1080" # optional: proxy override - # -+# Cursor (via cursor-api): uses LOGIN PROTOCOL, not static API key. -+# User logs in at cursor.com; token from WorkosCursorSessionToken cookie. -+# cursor-api /build-key converts token to short-lived keys; /tokens/refresh for renewal. -+# See thegent/docs/plans/CLIPROXY_API_AND_THGENT_UNIFIED_PLAN.md -+#cursor: -+# - token-file: "~/.cursor/session-token.txt" # path to Cursor session token -+# cursor-api-url: "http://127.0.0.1:3000" # cursor-api server (default) -+# -+# MiniMax: OAuth (user-code flow) + optional API key. Dedicated block for parity with Kiro. -+# API key: platform.minimax.io; OAuth: OpenClaw minimax-portal-auth (Coding plan). -+# See thegent/docs/plans/CLIPROXY_API_AND_THGENT_UNIFIED_PLAN.md -+#minimax: -+# - token-file: "~/.minimax/oauth-token.json" # OAuth token (access/refresh) -+# base-url: "https://api.minimax.io/anthropic" # optional -+# - api-key: "sk-..." # or API key fallback -+# base-url: "https://api.minimax.io/anthropic" -+# - # OpenAI compatibility providers - # openai-compatibility: - # - name: "openrouter" # The name of the provider; it will be used in the user agent and other places. -@@ -185,6 +207,8 @@ nonstream-keepalive-interval: 0 - # models: # The models supported by the provider. - # - name: "moonshotai/kimi-k2:free" # The actual model name. - # alias: "kimi-k2" # The alias used in the API. -+# # Cursor: use dedicated cursor: block above (login protocol). Do NOT use api-key-entries. -+# # MiniMax: use dedicated minimax: block above (OAuth + API key). Do NOT use openai-compat only. - # - # Vertex API keys (Vertex-compatible endpoints, use API key + base URL) - # vertex-api-key: -diff --git a/internal/registry/model_definitions.go b/internal/registry/model_definitions.go -index 30ebe6c..c0c34c6 100644 ---- a/internal/registry/model_definitions.go -+++ b/internal/registry/model_definitions.go -@@ -21,8 +21,9 @@ import ( - // - iflow - // - kiro - // - github-copilot --// - kiro - // - amazonq -+// - cursor (via cursor-api; use dedicated cursor: block) -+// - minimax (use dedicated minimax: block; api.minimax.io) - // - antigravity (returns static overrides only) - func GetStaticModelDefinitionsByChannel(channel string) []*ModelInfo { - key := strings.ToLower(strings.TrimSpace(channel)) -@@ -49,6 +50,10 @@ func GetStaticModelDefinitionsByChannel(channel string) []*ModelInfo { - return GetKiroModels() - case "amazonq": - return GetAmazonQModels() -+ case "cursor": -+ return GetCursorModels() -+ case "minimax": -+ return GetMiniMaxModels() - case "antigravity": - cfg := GetAntigravityModelConfig() - if len(cfg) == 0 { -@@ -96,6 +101,8 @@ func LookupStaticModelInfo(modelID string) *ModelInfo { - GetGitHubCopilotModels(), - GetKiroModels(), - GetAmazonQModels(), -+ GetCursorModels(), -+ GetMiniMaxModels(), - } - for _, models := range allModels { - for _, m := range models { -@@ -654,3 +661,132 @@ func GetAmazonQModels() []*ModelInfo { - }, - } - } -+ -+// GetCursorModels returns model definitions for Cursor via cursor-api (wisdgod). -+// Use dedicated cursor: block in config (token-file, cursor-api-url). -+func GetCursorModels() []*ModelInfo { -+ now := int64(1732752000) -+ return []*ModelInfo{ -+ { -+ ID: "claude-4.5-opus-high-thinking", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "Claude 4.5 Opus High Thinking", -+ Description: "Anthropic Claude 4.5 Opus via Cursor (cursor-api)", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ }, -+ { -+ ID: "claude-4.5-opus-high", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "Claude 4.5 Opus High", -+ Description: "Anthropic Claude 4.5 Opus via Cursor (cursor-api)", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ }, -+ { -+ ID: "claude-4.5-sonnet-thinking", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "Claude 4.5 Sonnet Thinking", -+ Description: "Anthropic Claude 4.5 Sonnet via Cursor (cursor-api)", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ }, -+ { -+ ID: "claude-4-sonnet", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "Claude 4 Sonnet", -+ Description: "Anthropic Claude 4 Sonnet via Cursor (cursor-api)", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ }, -+ { -+ ID: "gpt-4o", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "GPT-4o", -+ Description: "OpenAI GPT-4o via Cursor (cursor-api)", -+ ContextLength: 128000, -+ MaxCompletionTokens: 16384, -+ }, -+ { -+ ID: "gpt-5.1-codex", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "GPT-5.1 Codex", -+ Description: "OpenAI GPT-5.1 Codex via Cursor (cursor-api)", -+ ContextLength: 200000, -+ MaxCompletionTokens: 32768, -+ }, -+ { -+ ID: "default", -+ Object: "model", -+ Created: now, -+ OwnedBy: "cursor", -+ Type: "cursor", -+ DisplayName: "Default", -+ Description: "Cursor server-selected default model", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ }, -+ } -+} -+ -+// GetMiniMaxModels returns model definitions for MiniMax (api.minimax.io). -+// Use dedicated minimax: block in config (OAuth token-file or api-key). -+func GetMiniMaxModels() []*ModelInfo { -+ now := int64(1758672000) -+ return []*ModelInfo{ -+ { -+ ID: "minimax-m2", -+ Object: "model", -+ Created: now, -+ OwnedBy: "minimax", -+ Type: "minimax", -+ DisplayName: "MiniMax M2", -+ Description: "MiniMax M2 via api.minimax.chat", -+ ContextLength: 128000, -+ MaxCompletionTokens: 32768, -+ Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, -+ }, -+ { -+ ID: "minimax-m2.1", -+ Object: "model", -+ Created: 1766448000, -+ OwnedBy: "minimax", -+ Type: "minimax", -+ DisplayName: "MiniMax M2.1", -+ Description: "MiniMax M2.1 via api.minimax.chat", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, -+ }, -+ { -+ ID: "minimax-m2.5", -+ Object: "model", -+ Created: 1770825600, -+ OwnedBy: "minimax", -+ Type: "minimax", -+ DisplayName: "MiniMax M2.5", -+ Description: "MiniMax M2.5 via api.minimax.chat", -+ ContextLength: 200000, -+ MaxCompletionTokens: 64000, -+ Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, -+ }, -+ } -+} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/access/config_access/provider.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/access/config_access/provider.go deleted file mode 100644 index 84e8abcb0e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/access/config_access/provider.go +++ /dev/null @@ -1,141 +0,0 @@ -package configaccess - -import ( - "context" - "net/http" - "strings" - - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -// Register ensures the config-access provider is available to the access manager. -func Register(cfg *sdkconfig.SDKConfig) { - if cfg == nil { - sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) - return - } - - keys := normalizeKeys(cfg.APIKeys) - if len(keys) == 0 { - sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) - return - } - - sdkaccess.RegisterProvider( - sdkaccess.AccessProviderTypeConfigAPIKey, - newProvider(sdkaccess.DefaultAccessProviderName, keys), - ) -} - -type provider struct { - name string - keys map[string]struct{} -} - -func newProvider(name string, keys []string) *provider { - providerName := strings.TrimSpace(name) - if providerName == "" { - providerName = sdkaccess.DefaultAccessProviderName - } - keySet := make(map[string]struct{}, len(keys)) - for _, key := range keys { - keySet[key] = struct{}{} - } - return &provider{name: providerName, keys: keySet} -} - -func (p *provider) Identifier() string { - if p == nil || p.name == "" { - return sdkaccess.DefaultAccessProviderName - } - return p.name -} - -func (p *provider) Authenticate(_ context.Context, r *http.Request) (*sdkaccess.Result, *sdkaccess.AuthError) { - if p == nil { - return nil, sdkaccess.NewNotHandledError() - } - if len(p.keys) == 0 { - return nil, sdkaccess.NewNotHandledError() - } - authHeader := r.Header.Get("Authorization") - authHeaderGoogle := r.Header.Get("X-Goog-Api-Key") - authHeaderAnthropic := r.Header.Get("X-Api-Key") - queryKey := "" - queryAuthToken := "" - if r.URL != nil { - queryKey = r.URL.Query().Get("key") - queryAuthToken = r.URL.Query().Get("auth_token") - } - if authHeader == "" && authHeaderGoogle == "" && authHeaderAnthropic == "" && queryKey == "" && queryAuthToken == "" { - return nil, sdkaccess.NewNoCredentialsError() - } - - apiKey := extractBearerToken(authHeader) - - candidates := []struct { - value string - source string - }{ - {apiKey, "authorization"}, - {authHeaderGoogle, "x-goog-api-key"}, - {authHeaderAnthropic, "x-api-key"}, - {queryKey, "query-key"}, - {queryAuthToken, "query-auth-token"}, - } - - for _, candidate := range candidates { - if candidate.value == "" { - continue - } - if _, ok := p.keys[candidate.value]; ok { - return &sdkaccess.Result{ - Provider: p.Identifier(), - Principal: candidate.value, - Metadata: map[string]string{ - "source": candidate.source, - }, - }, nil - } - } - - return nil, sdkaccess.NewInvalidCredentialError() -} - -func extractBearerToken(header string) string { - if header == "" { - return "" - } - parts := strings.SplitN(header, " ", 2) - if len(parts) != 2 { - return header - } - if strings.ToLower(parts[0]) != "bearer" { - return header - } - return strings.TrimSpace(parts[1]) -} - -func normalizeKeys(keys []string) []string { - if len(keys) == 0 { - return nil - } - normalized := make([]string, 0, len(keys)) - seen := make(map[string]struct{}, len(keys)) - for _, key := range keys { - trimmedKey := strings.TrimSpace(key) - if trimmedKey == "" { - continue - } - if _, exists := seen[trimmedKey]; exists { - continue - } - seen[trimmedKey] = struct{}{} - normalized = append(normalized, trimmedKey) - } - if len(normalized) == 0 { - return nil - } - return normalized -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/access/config_access/provider_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/access/config_access/provider_test.go deleted file mode 100644 index bea4f53550..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/access/config_access/provider_test.go +++ /dev/null @@ -1,173 +0,0 @@ -package configaccess - -import ( - "context" - "net/http/httptest" - "testing" - - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -func findProvider() sdkaccess.Provider { - providers := sdkaccess.RegisteredProviders() - for _, p := range providers { - if p.Identifier() == sdkaccess.DefaultAccessProviderName { - return p - } - } - return nil -} - -func TestRegister(t *testing.T) { - // Test nil config - Register(nil) - if findProvider() != nil { - t.Errorf("expected provider to be unregistered for nil config") - } - - // Test empty keys - cfg := &sdkconfig.SDKConfig{APIKeys: []string{}} - Register(cfg) - if findProvider() != nil { - t.Errorf("expected provider to be unregistered for empty keys") - } - - // Test valid keys - cfg.APIKeys = []string{"key1"} - Register(cfg) - p := findProvider() - if p == nil { - t.Fatalf("expected provider to be registered") - } - if p.Identifier() != sdkaccess.DefaultAccessProviderName { - t.Errorf("expected identifier %q, got %q", sdkaccess.DefaultAccessProviderName, p.Identifier()) - } -} - -func TestProvider_Authenticate(t *testing.T) { - p := newProvider("test-provider", []string{"valid-key"}) - ctx := context.Background() - - tests := []struct { - name string - headers map[string]string - query string - wantResult bool - wantError sdkaccess.AuthErrorCode - }{ - { - name: "valid bearer token", - headers: map[string]string{"Authorization": "Bearer valid-key"}, - wantResult: true, - }, - { - name: "valid plain token", - headers: map[string]string{"Authorization": "valid-key"}, - wantResult: true, - }, - { - name: "valid google header", - headers: map[string]string{"X-Goog-Api-Key": "valid-key"}, - wantResult: true, - }, - { - name: "valid anthropic header", - headers: map[string]string{"X-Api-Key": "valid-key"}, - wantResult: true, - }, - { - name: "valid query key", - query: "?key=valid-key", - wantResult: true, - }, - { - name: "valid query auth_token", - query: "?auth_token=valid-key", - wantResult: true, - }, - { - name: "invalid token", - headers: map[string]string{"Authorization": "Bearer invalid-key"}, - wantResult: false, - wantError: sdkaccess.AuthErrorCodeInvalidCredential, - }, - { - name: "no credentials", - wantResult: false, - wantError: sdkaccess.AuthErrorCodeNoCredentials, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - req := httptest.NewRequest("GET", "/"+tt.query, nil) - for k, v := range tt.headers { - req.Header.Set(k, v) - } - - res, err := p.Authenticate(ctx, req) - if tt.wantResult { - if err != nil { - t.Errorf("unexpected error: %v", err) - } - if res == nil { - t.Errorf("expected result, got nil") - } else if res.Principal != "valid-key" { - t.Errorf("expected principal valid-key, got %q", res.Principal) - } - } else { - if err == nil { - t.Errorf("expected error, got nil") - } else if err.Code != tt.wantError { - t.Errorf("expected error code %v, got %v", tt.wantError, err.Code) - } - } - }) - } -} - -func TestExtractBearerToken(t *testing.T) { - cases := []struct { - header string - want string - }{ - {"", ""}, - {"valid-key", "valid-key"}, - {"Bearer valid-key", "valid-key"}, - {"bearer valid-key", "valid-key"}, - {"BEARER valid-key", "valid-key"}, - {"Bearer valid-key ", "valid-key"}, - {"Other token", "Other token"}, - } - for _, tc := range cases { - got := extractBearerToken(tc.header) - if got != tc.want { - t.Errorf("extractBearerToken(%q) = %q, want %q", tc.header, got, tc.want) - } - } -} - -func TestNormalizeKeys(t *testing.T) { - cases := []struct { - keys []string - want []string - }{ - {nil, nil}, - {[]string{}, nil}, - {[]string{" "}, nil}, - {[]string{" key1 ", "key2", "key1"}, []string{"key1", "key2"}}, - } - for _, tc := range cases { - got := normalizeKeys(tc.keys) - if len(got) != len(tc.want) { - t.Errorf("normalizeKeys(%v) length mismatch: got %v, want %v", tc.keys, got, tc.want) - continue - } - for i := range got { - if got[i] != tc.want[i] { - t.Errorf("normalizeKeys(%v)[%d] = %q, want %q", tc.keys, i, got[i], tc.want[i]) - } - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/access/reconcile.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/access/reconcile.go deleted file mode 100644 index 290cac3e75..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/access/reconcile.go +++ /dev/null @@ -1,127 +0,0 @@ -package access - -import ( - "fmt" - "reflect" - "sort" - "strings" - - configaccess "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/access/config_access" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - log "github.com/sirupsen/logrus" -) - -// ReconcileProviders builds the desired provider list by reusing existing providers when possible -// and creating or removing providers only when their configuration changed. It returns the final -// ordered provider slice along with the identifiers of providers that were added, updated, or -// removed compared to the previous configuration. -func ReconcileProviders(oldCfg, newCfg *config.Config, existing []sdkaccess.Provider) (result []sdkaccess.Provider, added, updated, removed []string, err error) { - _ = oldCfg - if newCfg == nil { - return nil, nil, nil, nil, nil - } - - result = sdkaccess.RegisteredProviders() - - existingMap := make(map[string]sdkaccess.Provider, len(existing)) - for _, provider := range existing { - providerID := identifierFromProvider(provider) - if providerID == "" { - continue - } - existingMap[providerID] = provider - } - - finalIDs := make(map[string]struct{}, len(result)) - - isInlineProvider := func(id string) bool { - return strings.EqualFold(id, sdkaccess.DefaultAccessProviderName) - } - appendChange := func(list *[]string, id string) { - if isInlineProvider(id) { - return - } - *list = append(*list, id) - } - - for _, provider := range result { - providerID := identifierFromProvider(provider) - if providerID == "" { - continue - } - finalIDs[providerID] = struct{}{} - - existingProvider, exists := existingMap[providerID] - if !exists { - appendChange(&added, providerID) - continue - } - if !providerInstanceEqual(existingProvider, provider) { - appendChange(&updated, providerID) - } - } - - for providerID := range existingMap { - if _, exists := finalIDs[providerID]; exists { - continue - } - appendChange(&removed, providerID) - } - - sort.Strings(added) - sort.Strings(updated) - sort.Strings(removed) - - return result, added, updated, removed, nil -} - -// ApplyAccessProviders reconciles the configured access providers against the -// currently registered providers and updates the manager. It logs a concise -// summary of the detected changes and returns whether any provider changed. -func ApplyAccessProviders(manager *sdkaccess.Manager, oldCfg, newCfg *config.Config) (bool, error) { - if manager == nil || newCfg == nil { - return false, nil - } - - existing := manager.Providers() - configaccess.Register((*config.SDKConfig)(&newCfg.SDKConfig)) - providers, added, updated, removed, err := ReconcileProviders(oldCfg, newCfg, existing) - if err != nil { - log.Errorf("failed to reconcile request auth providers: %v", err) - return false, fmt.Errorf("reconciling access providers: %w", err) - } - - manager.SetProviders(providers) - - if len(added)+len(updated)+len(removed) > 0 { - log.Debugf("auth providers reconciled (added=%d updated=%d removed=%d)", len(added), len(updated), len(removed)) - log.Debugf("auth providers changes details - added=%v updated=%v removed=%v", added, updated, removed) - return true, nil - } - - log.Debug("auth providers unchanged after config update") - return false, nil -} - -func identifierFromProvider(provider sdkaccess.Provider) string { - if provider == nil { - return "" - } - return strings.TrimSpace(provider.Identifier()) -} - -func providerInstanceEqual(a, b sdkaccess.Provider) bool { - if a == nil || b == nil { - return a == nil && b == nil - } - if reflect.TypeOf(a) != reflect.TypeOf(b) { - return false - } - valueA := reflect.ValueOf(a) - valueB := reflect.ValueOf(b) - if valueA.Kind() == reflect.Pointer && valueB.Kind() == reflect.Pointer { - return valueA.Pointer() == valueB.Pointer() - } - return reflect.DeepEqual(a, b) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/alerts.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/alerts.go deleted file mode 100644 index 699ac55668..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/alerts.go +++ /dev/null @@ -1,409 +0,0 @@ -package management - -import ( - "context" - "fmt" - "net/http" - "sync" - "time" - - "github.com/gin-gonic/gin" -) - -// Alert represents a system alert -type Alert struct { - ID string `json:"id"` - Type AlertType `json:"type"` // error_rate, latency, cost, uptime, provider - Severity Severity `json:"severity"` // critical, warning, info - Status AlertStatus `json:"status"` // firing, resolved - Title string `json:"title"` - Description string `json:"description"` - MetricName string `json:"metric_name,omitempty"` - Threshold float64 `json:"threshold,omitempty"` - CurrentValue float64 `json:"current_value,omitempty"` - Provider string `json:"provider,omitempty"` - ModelID string `json:"model_id,omitempty"` - StartedAt time.Time `json:"started_at"` - ResolvedAt *time.Time `json:"resolved_at,omitempty"` - CreatedAt time.Time `json:"created_at"` -} - -// AlertType represents the type of alert -type AlertType string - -const ( - AlertTypeErrorRate AlertType = "error_rate" - AlertTypeLatency AlertType = "latency" - AlertTypeCost AlertType = "cost" - AlertTypeUptime AlertType = "uptime" - AlertTypeProvider AlertType = "provider" - AlertTypeQuota AlertType = "quota" - AlertTypeInfo AlertType = "info" -) - -// Severity represents alert severity -type Severity string - -const ( - SeverityCritical Severity = "critical" - SeverityWarning Severity = "warning" - SeverityInfo Severity = "info" -) - -// AlertStatus represents alert status -type AlertStatus string - -const ( - AlertStatusFiring AlertStatus = "firing" - AlertStatusResolved AlertStatus = "resolved" -) - -// AlertRule defines conditions for triggering alerts -type AlertRule struct { - Name string `json:"name"` - Type AlertType `json:"type"` - Severity Severity `json:"severity"` - Threshold float64 `json:"threshold"` - Duration time.Duration `json:"duration"` // How long condition must be true - Cooldown time.Duration `json:"cooldown"` // Time before next alert - Enabled bool `json:"enabled"` - Notify []string `json:"notify"` // notification channels -} - -// AlertManager manages alerts and rules -type AlertManager struct { - mu sync.RWMutex - rules map[string]*AlertRule - activeAlerts map[string]*Alert - alertHistory []Alert - maxHistory int - notifiers []AlertNotifier -} - -// AlertNotifier defines an interface for alert notifications -type AlertNotifier interface { - Send(ctx context.Context, alert *Alert) error -} - -// NewAlertManager creates a new AlertManager -func NewAlertManager() *AlertManager { - return &AlertManager{ - rules: make(map[string]*AlertRule), - activeAlerts: make(map[string]*Alert), - alertHistory: make([]Alert, 0), - maxHistory: 1000, - notifiers: make([]AlertNotifier, 0), - } -} - -// AddRule adds an alert rule -func (m *AlertManager) AddRule(rule *AlertRule) { - m.mu.Lock() - defer m.mu.Unlock() - m.rules[rule.Name] = rule -} - -// RemoveRule removes an alert rule -func (m *AlertManager) RemoveRule(name string) { - m.mu.Lock() - defer m.mu.Unlock() - delete(m.rules, name) -} - -// GetRules returns all alert rules -func (m *AlertManager) GetRules() []*AlertRule { - m.mu.RLock() - defer m.mu.RUnlock() - - rules := make([]*AlertRule, 0, len(m.rules)) - for _, r := range m.rules { - rules = append(rules, r) - } - return rules -} - -// AddNotifier adds a notification channel -func (m *AlertManager) AddNotifier(notifier AlertNotifier) { - m.mu.Lock() - defer m.mu.Unlock() - m.notifiers = append(m.notifiers, notifier) -} - -// EvaluateMetrics evaluates current metrics against rules -func (m *AlertManager) EvaluateMetrics(ctx context.Context, metrics map[string]float64) { - m.mu.Lock() - defer m.mu.Unlock() - - for _, rule := range m.rules { - if !rule.Enabled { - continue - } - - value, exists := metrics[string(rule.Type)] - if !exists { - continue - } - - alertKey := fmt.Sprintf("%s:%s", rule.Name, rule.Type) - - switch rule.Type { - case AlertTypeErrorRate, AlertTypeLatency: - if value > rule.Threshold { - m.triggerOrUpdateAlert(ctx, alertKey, rule, value) - } else { - m.resolveAlert(ctx, alertKey) - } - case AlertTypeCost: - if value > rule.Threshold { - m.triggerOrUpdateAlert(ctx, alertKey, rule, value) - } - } - } -} - -// triggerOrUpdateAlert triggers or updates an alert -func (m *AlertManager) triggerOrUpdateAlert(ctx context.Context, key string, rule *AlertRule, value float64) { - if existing, ok := m.activeAlerts[key]; ok { - // Update existing alert - existing.CurrentValue = value - return - } - - // Create new alert - alert := &Alert{ - ID: fmt.Sprintf("alert-%d", time.Now().Unix()), - Type: rule.Type, - Severity: rule.Severity, - Status: AlertStatusFiring, - Title: fmt.Sprintf("%s %s", rule.Type, getSeverityText(rule.Severity)), - Description: fmt.Sprintf("%s exceeded threshold: %.2f > %.2f", rule.Type, value, rule.Threshold), - MetricName: string(rule.Type), - Threshold: rule.Threshold, - CurrentValue: value, - StartedAt: time.Now(), - CreatedAt: time.Now(), - } - - m.activeAlerts[key] = alert - m.alertHistory = append(m.alertHistory, *alert) - - // Send notifications - m.sendNotifications(ctx, alert) -} - -// resolveAlert resolves an active alert -func (m *AlertManager) resolveAlert(ctx context.Context, key string) { - alert, ok := m.activeAlerts[key] - if !ok { - return - } - - now := time.Now() - alert.Status = AlertStatusResolved - alert.ResolvedAt = &now - - delete(m.activeAlerts, key) - m.alertHistory = append(m.alertHistory, *alert) -} - -// sendNotifications sends alert to all notifiers -func (m *AlertManager) sendNotifications(ctx context.Context, alert *Alert) { - for _, notifier := range m.notifiers { - if err := notifier.Send(ctx, alert); err != nil { - // Log error but continue - fmt.Printf("Failed to send notification: %v\n", err) - } - } -} - -// GetActiveAlerts returns all active alerts -func (m *AlertManager) GetActiveAlerts() []Alert { - m.mu.RLock() - defer m.mu.RUnlock() - - alerts := make([]Alert, 0, len(m.activeAlerts)) - for _, a := range m.activeAlerts { - alerts = append(alerts, *a) - } - return alerts -} - -// GetAlertHistory returns alert history -func (m *AlertManager) GetAlertHistory(limit int) []Alert { - m.mu.RLock() - defer m.mu.RUnlock() - - if limit <= 0 || limit > len(m.alertHistory) { - limit = len(m.alertHistory) - } - - result := make([]Alert, limit) - copy(result, m.alertHistory[len(m.alertHistory)-limit:]) - return result -} - -// getSeverityText returns text description of severity -func getSeverityText(s Severity) string { - switch s { - case SeverityCritical: - return "critical alert" - case SeverityWarning: - return "warning" - case SeverityInfo: - return "info" - default: - return "alert" - } -} - -// CommonAlertRules returns typical alert rules -func CommonAlertRules() []*AlertRule { - return []*AlertRule{ - { - Name: "high-error-rate", - Type: AlertTypeErrorRate, - Severity: SeverityCritical, - Threshold: 5.0, // 5% error rate - Duration: 5 * time.Minute, - Cooldown: 15 * time.Minute, - Enabled: true, - Notify: []string{"slack", "email"}, - }, - { - Name: "high-latency", - Type: AlertTypeLatency, - Severity: SeverityWarning, - Threshold: 10000, // 10 seconds - Duration: 10 * time.Minute, - Cooldown: 30 * time.Minute, - Enabled: true, - Notify: []string{"slack"}, - }, - { - Name: "high-cost", - Type: AlertTypeCost, - Severity: SeverityWarning, - Threshold: 1000.0, // $1000 - Duration: 1 * time.Hour, - Cooldown: 1 * time.Hour, - Enabled: true, - Notify: []string{"email"}, - }, - { - Name: "provider-outage", - Type: AlertTypeProvider, - Severity: SeverityCritical, - Threshold: 90.0, // 90% uptime threshold - Duration: 5 * time.Minute, - Cooldown: 10 * time.Minute, - Enabled: true, - Notify: []string{"slack", "email", "pagerduty"}, - }, - } -} - -// AlertHandler handles alert API endpoints -type AlertHandler struct { - manager *AlertManager -} - -// NewAlertHandler creates a new AlertHandler -func NewAlertHandler() *AlertHandler { - m := NewAlertManager() - // Add default rules - for _, rule := range CommonAlertRules() { - m.AddRule(rule) - } - return &AlertHandler{manager: m} -} - -// GETAlerts handles GET /v1/alerts -func (h *AlertHandler) GETAlerts(c *gin.Context) { - status := c.Query("status") - alertType := c.Query("type") - - alerts := h.manager.GetActiveAlerts() - - // Filter - if status != "" { - var filtered []Alert - for _, a := range alerts { - if string(a.Status) == status { - filtered = append(filtered, a) - } - } - alerts = filtered - } - - if alertType != "" { - var filtered []Alert - for _, a := range alerts { - if string(a.Type) == alertType { - filtered = append(filtered, a) - } - } - alerts = filtered - } - - c.JSON(http.StatusOK, gin.H{ - "count": len(alerts), - "alerts": alerts, - }) -} - -// GETAlertHistory handles GET /v1/alerts/history -func (h *AlertHandler) GETAlertHistory(c *gin.Context) { - limit := 50 - fmt.Sscanf(c.DefaultQuery("limit", "50"), "%d", &limit) - - history := h.manager.GetAlertHistory(limit) - - c.JSON(http.StatusOK, gin.H{ - "count": len(history), - "alerts": history, - }) -} - -// GETAlertRules handles GET /v1/alerts/rules -func (h *AlertHandler) GETAlertRules(c *gin.Context) { - rules := h.manager.GetRules() - c.JSON(http.StatusOK, gin.H{"rules": rules}) -} - -// POSTAlertRule handles POST /v1/alerts/rules -func (h *AlertHandler) POSTAlertRule(c *gin.Context) { - var rule AlertRule - if err := c.ShouldBindJSON(&rule); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - h.manager.AddRule(&rule) - c.JSON(http.StatusCreated, gin.H{"message": "rule created", "rule": rule}) -} - -// DELETEAlertRule handles DELETE /v1/alerts/rules/:name -func (h *AlertHandler) DELETEAlertRule(c *gin.Context) { - name := c.Param("name") - h.manager.RemoveRule(name) - c.JSON(http.StatusOK, gin.H{"message": "rule deleted"}) -} - -// POSTTestAlert handles POST /v1/alerts/test (for testing notifications) -func (h *AlertHandler) POSTTestAlert(c *gin.Context) { - alert := &Alert{ - ID: "test-alert", - Type: AlertTypeInfo, - Severity: SeverityInfo, - Status: AlertStatusFiring, - Title: "Test Alert", - Description: "This is a test alert", - StartedAt: time.Now(), - CreatedAt: time.Now(), - } - - ctx := c.Request.Context() - h.manager.sendNotifications(ctx, alert) - - c.JSON(http.StatusOK, gin.H{"message": "test alert sent"}) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools.go deleted file mode 100644 index 6807c9e76d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools.go +++ /dev/null @@ -1,1477 +0,0 @@ -package management - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net" - "net/http" - "net/url" - "strings" - "time" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" - - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/geminicli" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -const defaultAPICallTimeout = 60 * time.Second - -const ( - geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - geminiOAuthClientSecret = "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" -) - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -const ( - antigravityOAuthClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - antigravityOAuthClientSecret = "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" -) - -var antigravityOAuthTokenURL = "https://oauth2.googleapis.com/token" - -type apiCallRequest struct { - AuthIndexSnake *string `json:"auth_index"` - AuthIndexCamel *string `json:"authIndex"` - AuthIndexPascal *string `json:"AuthIndex"` - Method string `json:"method"` - URL string `json:"url"` - Header map[string]string `json:"header"` - Data string `json:"data"` -} - -type apiCallResponse struct { - StatusCode int `json:"status_code"` - Header map[string][]string `json:"header"` - Body string `json:"body"` - Quota *QuotaSnapshots `json:"quota,omitempty"` -} - -// APICall makes a generic HTTP request on behalf of the management API caller. -// It is protected by the management middleware. -// -// Endpoint: -// -// POST /v0/management/api-call -// -// Authentication: -// -// Same as other management APIs (requires a management key and remote-management rules). -// You can provide the key via: -// - Authorization: Bearer -// - X-Management-Key: -// -// Request JSON (supports both application/json and application/cbor): -// - auth_index / authIndex / AuthIndex (optional): -// The credential "auth_index" from GET /v0/management/auth-files (or other endpoints returning it). -// If omitted or not found, credential-specific proxy/token substitution is skipped. -// - method (required): HTTP method, e.g. GET, POST, PUT, PATCH, DELETE. -// - url (required): Absolute URL including scheme and host, e.g. "https://api.example.com/v1/ping". -// - header (optional): Request headers map. -// Supports magic variable "$TOKEN$" which is replaced using the selected credential: -// 1) metadata.access_token -// 2) attributes.api_key -// 3) metadata.token / metadata.id_token / metadata.cookie -// Example: {"Authorization":"Bearer $TOKEN$"}. -// Note: if you need to override the HTTP Host header, set header["Host"]. -// - data (optional): Raw request body as string (useful for POST/PUT/PATCH). -// -// Proxy selection (highest priority first): -// 1. Selected credential proxy_url -// 2. Global config proxy-url -// 3. Direct connect (environment proxies are not used) -// -// Response (returned with HTTP 200 when the APICall itself succeeds): -// -// Format matches request Content-Type (application/json or application/cbor) -// - status_code: Upstream HTTP status code. -// - header: Upstream response headers. -// - body: Upstream response body as string. -// - quota (optional): For GitHub Copilot enterprise accounts, contains quota_snapshots -// with details for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer " \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"GET","url":"https://api.example.com/v1/ping","header":{"Authorization":"Bearer $TOKEN$"}}' -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer 831227" \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"POST","url":"https://api.example.com/v1/fetchAvailableModels","header":{"Authorization":"Bearer $TOKEN$","Content-Type":"application/json","User-Agent":"cliproxyapi"},"data":"{}"}' -func (h *Handler) APICall(c *gin.Context) { - // Detect content type - contentType := strings.ToLower(strings.TrimSpace(c.GetHeader("Content-Type"))) - isCBOR := strings.Contains(contentType, "application/cbor") - - var body apiCallRequest - - // Parse request body based on content type - if isCBOR { - rawBody, errRead := io.ReadAll(c.Request.Body) - if errRead != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - if errUnmarshal := cbor.Unmarshal(rawBody, &body); errUnmarshal != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid cbor body"}) - return - } - } else { - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - } - - method := strings.ToUpper(strings.TrimSpace(body.Method)) - if method == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing method"}) - return - } - - urlStr := strings.TrimSpace(body.URL) - if urlStr == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing url"}) - return - } - safeURL, parsedURL, errSanitizeURL := sanitizeAPICallURL(urlStr) - if errSanitizeURL != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": errSanitizeURL.Error()}) - return - } - if errResolve := validateResolvedHostIPs(parsedURL.Hostname()); errResolve != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": errResolve.Error()}) - return - } - - authIndex := firstNonEmptyString(body.AuthIndexSnake, body.AuthIndexCamel, body.AuthIndexPascal) - auth := h.authByIndex(authIndex) - - reqHeaders := body.Header - if reqHeaders == nil { - reqHeaders = map[string]string{} - } - - var hostOverride string - var token string - var tokenResolved bool - var tokenErr error - for key, value := range reqHeaders { - if !strings.Contains(value, "$TOKEN$") { - continue - } - if !tokenResolved { - token, tokenErr = h.resolveTokenForAuth(c.Request.Context(), auth) - tokenResolved = true - } - if auth != nil && token == "" { - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token refresh failed"}) - return - } - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token not found"}) - return - } - if token == "" { - continue - } - reqHeaders[key] = strings.ReplaceAll(value, "$TOKEN$", token) - } - - // When caller indicates CBOR in request headers, convert JSON string payload to CBOR bytes. - useCBORPayload := headerContainsValue(reqHeaders, "Content-Type", "application/cbor") - - var requestBody io.Reader - if body.Data != "" { - if useCBORPayload { - cborPayload, errEncode := encodeJSONStringToCBOR(body.Data) - if errEncode != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json data for cbor content-type"}) - return - } - requestBody = bytes.NewReader(cborPayload) - } else { - requestBody = strings.NewReader(body.Data) - } - } - - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), method, safeURL, requestBody) - if errNewRequest != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to build request"}) - return - } - - for key, value := range reqHeaders { - if strings.EqualFold(key, "host") { - hostOverride = strings.TrimSpace(value) - continue - } - req.Header.Set(key, value) - } - if hostOverride != "" { - if !isAllowedHostOverride(parsedURL, hostOverride) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid host override"}) - return - } - req.Host = hostOverride - } - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - } - httpClient.Transport = h.apiCallTransport(auth) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("management APICall request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - // For CBOR upstream responses, decode into plain text or JSON string before returning. - responseBodyText := string(respBody) - if headerContainsValue(reqHeaders, "Accept", "application/cbor") || strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "application/cbor") { - if decodedBody, errDecode := decodeCBORBodyToTextOrJSON(respBody); errDecode == nil { - responseBodyText = decodedBody - } - } - - response := apiCallResponse{ - StatusCode: resp.StatusCode, - Header: resp.Header, - Body: responseBodyText, - } - - // If this is a GitHub Copilot token endpoint response, try to enrich with quota information - if resp.StatusCode == http.StatusOK && - strings.Contains(safeURL, "copilot_internal") && - strings.Contains(safeURL, "/token") { - response = h.enrichCopilotTokenResponse(c.Request.Context(), response, auth, urlStr) - } - - // Return response in the same format as the request - if isCBOR { - cborData, errMarshal := cbor.Marshal(response) - if errMarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to encode cbor response"}) - return - } - c.Data(http.StatusOK, "application/cbor", cborData) - } else { - c.JSON(http.StatusOK, response) - } -} - -func firstNonEmptyString(values ...*string) string { - for _, v := range values { - if v == nil { - continue - } - if out := strings.TrimSpace(*v); out != "" { - return out - } - } - return "" -} - -func isAllowedHostOverride(parsedURL *url.URL, override string) bool { - if parsedURL == nil { - return false - } - trimmed := strings.TrimSpace(override) - if trimmed == "" { - return false - } - if strings.ContainsAny(trimmed, " \r\n\t") { - return false - } - - requestHost := strings.TrimSpace(parsedURL.Host) - requestHostname := strings.TrimSpace(parsedURL.Hostname()) - if requestHost == "" { - return false - } - if strings.EqualFold(trimmed, requestHost) { - return true - } - if strings.EqualFold(trimmed, requestHostname) { - return true - } - if len(trimmed) > 2 && trimmed[0] == '[' && trimmed[len(trimmed)-1] == ']' { - return false - } - return false -} - -func validateAPICallURL(parsedURL *url.URL) error { - if parsedURL == nil { - return fmt.Errorf("invalid url") - } - scheme := strings.ToLower(strings.TrimSpace(parsedURL.Scheme)) - if scheme != "http" && scheme != "https" { - return fmt.Errorf("unsupported url scheme") - } - if parsedURL.User != nil { - return fmt.Errorf("target host is not allowed") - } - host := strings.TrimSpace(parsedURL.Hostname()) - if host == "" { - return fmt.Errorf("invalid url host") - } - if strings.EqualFold(host, "localhost") { - return fmt.Errorf("target host is not allowed") - } - if ip := net.ParseIP(host); ip != nil { - if ip.IsLoopback() || ip.IsPrivate() || ip.IsUnspecified() || ip.IsMulticast() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { - return fmt.Errorf("target host is not allowed") - } - } - return nil -} - -func sanitizeAPICallURL(raw string) (string, *url.URL, error) { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "", nil, fmt.Errorf("missing url") - } - parsedURL, errParseURL := url.Parse(trimmed) - if errParseURL != nil || parsedURL.Scheme == "" || parsedURL.Host == "" { - return "", nil, fmt.Errorf("invalid url") - } - if errValidateURL := validateAPICallURL(parsedURL); errValidateURL != nil { - return "", nil, errValidateURL - } - parsedURL.Fragment = "" - return parsedURL.String(), parsedURL, nil -} - -func validateResolvedHostIPs(host string) error { - trimmed := strings.TrimSpace(host) - if trimmed == "" { - return fmt.Errorf("invalid url host") - } - resolved, errLookup := net.LookupIP(trimmed) - if errLookup != nil { - return fmt.Errorf("target host resolution failed") - } - for _, ip := range resolved { - if ip == nil { - continue - } - if ip.IsLoopback() || ip.IsPrivate() || ip.IsUnspecified() || ip.IsMulticast() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { - return fmt.Errorf("target host is not allowed") - } - } - return nil -} - -func tokenValueForAuth(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if v := tokenValueFromMetadata(auth.Metadata); v != "" { - return v - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - return v - } - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if v := tokenValueFromMetadata(shared.MetadataSnapshot()); v != "" { - return v - } - } - return "" -} - -func (h *Handler) resolveTokenForAuth(ctx context.Context, auth *coreauth.Auth) (string, error) { - if auth == nil { - return "", nil - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider == "gemini-cli" { - token, errToken := h.refreshGeminiOAuthAccessToken(ctx, auth) - return token, errToken - } - if provider == "antigravity" { - token, errToken := h.refreshAntigravityOAuthAccessToken(ctx, auth) - return token, errToken - } - - return tokenValueForAuth(auth), nil -} - -func (h *Handler) refreshGeminiOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata, updater := geminiOAuthMetadata(auth) - if len(metadata) == 0 { - return "", fmt.Errorf("gemini oauth metadata missing") - } - - base := make(map[string]any) - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, errMarshal := json.Marshal(base); errMarshal == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, errParseTime := time.Parse(time.RFC3339, expiry); errParseTime == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - - src := conf.TokenSource(ctxToken, &token) - currentToken, errToken := src.Token() - if errToken != nil { - return "", errToken - } - - merged := buildOAuthTokenMap(base, currentToken) - fields := buildOAuthTokenFields(currentToken, merged) - if updater != nil { - updater(fields) - } - return strings.TrimSpace(currentToken.AccessToken), nil -} - -func (h *Handler) refreshAntigravityOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata := auth.Metadata - if len(metadata) == 0 { - return "", fmt.Errorf("antigravity oauth metadata missing") - } - - current := strings.TrimSpace(tokenValueFromMetadata(metadata)) - if current != "" && !antigravityTokenNeedsRefresh(metadata) { - return current, nil - } - - refreshToken := stringValue(metadata, "refresh_token") - if refreshToken == "" { - return "", fmt.Errorf("antigravity refresh token missing") - } - - tokenURL := strings.TrimSpace(antigravityOAuthTokenURL) - if tokenURL == "" { - tokenURL = "https://oauth2.googleapis.com/token" - } - form := url.Values{} - form.Set("client_id", antigravityOAuthClientID) - form.Set("client_secret", antigravityOAuthClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - req, errReq := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(form.Encode())) - if errReq != nil { - return "", errReq - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - resp, errDo := httpClient.Do(req) - if errDo != nil { - return "", errDo - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", errRead - } - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("antigravity oauth token refresh failed: status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return "", errUnmarshal - } - - if strings.TrimSpace(tokenResp.AccessToken) == "" { - return "", fmt.Errorf("antigravity oauth token refresh returned empty access_token") - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - now := time.Now() - auth.Metadata["access_token"] = strings.TrimSpace(tokenResp.AccessToken) - if strings.TrimSpace(tokenResp.RefreshToken) != "" { - auth.Metadata["refresh_token"] = strings.TrimSpace(tokenResp.RefreshToken) - } - if tokenResp.ExpiresIn > 0 { - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - } - auth.Metadata["type"] = "antigravity" - - if h != nil && h.authManager != nil { - auth.LastRefreshedAt = now - auth.UpdatedAt = now - _, _ = h.authManager.Update(ctx, auth) - } - - return strings.TrimSpace(tokenResp.AccessToken), nil -} - -func antigravityTokenNeedsRefresh(metadata map[string]any) bool { - // Refresh a bit early to avoid requests racing token expiry. - const skew = 30 * time.Second - - if metadata == nil { - return true - } - if expStr, ok := metadata["expired"].(string); ok { - if ts, errParse := time.Parse(time.RFC3339, strings.TrimSpace(expStr)); errParse == nil { - return !ts.After(time.Now().Add(skew)) - } - } - expiresIn := int64Value(metadata["expires_in"]) - timestampMs := int64Value(metadata["timestamp"]) - if expiresIn > 0 && timestampMs > 0 { - exp := time.UnixMilli(timestampMs).Add(time.Duration(expiresIn) * time.Second) - return !exp.After(time.Now().Add(skew)) - } - return true -} - -func int64Value(raw any) int64 { - switch typed := raw.(type) { - case int: - return int64(typed) - case int32: - return int64(typed) - case int64: - return typed - case uint: - return int64(typed) - case uint32: - return int64(typed) - case uint64: - if typed > uint64(^uint64(0)>>1) { - return 0 - } - return int64(typed) - case float32: - return int64(typed) - case float64: - return int64(typed) - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i - } - case string: - if s := strings.TrimSpace(typed); s != "" { - if i, errParse := json.Number(s).Int64(); errParse == nil { - return i - } - } - } - return 0 -} - -func geminiOAuthMetadata(auth *coreauth.Auth) (map[string]any, func(map[string]any)) { - if auth == nil { - return nil, nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - snapshot := shared.MetadataSnapshot() - return snapshot, func(fields map[string]any) { shared.MergeMetadata(fields) } - } - return auth.Metadata, func(fields map[string]any) { - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } - } -} - -func stringValue(metadata map[string]any, key string) string { - if len(metadata) == 0 || key == "" { - return "" - } - if v, ok := metadata[key].(string); ok { - return strings.TrimSpace(v) - } - return "" -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func buildOAuthTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if tok == nil { - return merged - } - if raw, errMarshal := json.Marshal(tok); errMarshal == nil { - var tokenMap map[string]any - if errUnmarshal := json.Unmarshal(raw, &tokenMap); errUnmarshal == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildOAuthTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok != nil && tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok != nil && tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok != nil && tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if tok != nil && !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func tokenValueFromMetadata(metadata map[string]any) string { - if len(metadata) == 0 { - return "" - } - if v, ok := metadata["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if tokenRaw, ok := metadata["token"]; ok && tokenRaw != nil { - switch typed := tokenRaw.(type) { - case string: - if v := strings.TrimSpace(typed); v != "" { - return v - } - case map[string]any: - if v, ok := typed["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := typed["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - case map[string]string: - if v := strings.TrimSpace(typed["access_token"]); v != "" { - return v - } - if v := strings.TrimSpace(typed["accessToken"]); v != "" { - return v - } - } - } - if v, ok := metadata["token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["id_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["cookie"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - return "" -} - -func (h *Handler) authByIndex(authIndex string) *coreauth.Auth { - authIndex = strings.TrimSpace(authIndex) - if authIndex == "" || h == nil || h.authManager == nil { - return nil - } - auths := h.authManager.List() - for _, auth := range auths { - if auth == nil { - continue - } - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - return nil -} - -func (h *Handler) apiCallTransport(auth *coreauth.Auth) http.RoundTripper { - hasAuthProxy := false - var proxyCandidates []string - if auth != nil { - if proxyStr := strings.TrimSpace(auth.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - hasAuthProxy = true - } - } - if h != nil && h.cfg != nil { - if proxyStr := strings.TrimSpace(h.cfg.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - } - } - - for _, proxyStr := range proxyCandidates { - transport, errBuild := buildProxyTransportWithError(proxyStr) - if transport != nil { - return transport - } - if hasAuthProxy { - return &transportFailureRoundTripper{err: fmt.Errorf("authentication proxy misconfigured: %v", errBuild)} - } - log.Debugf("failed to setup API call proxy from URL: %s, trying next candidate", proxyStr) - } - - transport, ok := http.DefaultTransport.(*http.Transport) - if !ok || transport == nil { - return &http.Transport{Proxy: nil} - } - clone := transport.Clone() - clone.Proxy = nil - return clone -} - -func buildProxyTransportWithError(proxyStr string) (*http.Transport, error) { - proxyStr = strings.TrimSpace(proxyStr) - if proxyStr == "" { - return nil, fmt.Errorf("proxy URL is empty") - } - - proxyURL, errParse := url.Parse(proxyStr) - if errParse != nil { - log.WithError(errParse).Debug("parse proxy URL failed") - return nil, fmt.Errorf("parse proxy URL failed: %w", errParse) - } - if proxyURL.Scheme == "" || proxyURL.Host == "" { - log.Debug("proxy URL missing scheme/host") - return nil, fmt.Errorf("missing proxy scheme or host: %s", proxyStr) - } - - if proxyURL.Scheme == "socks5" { - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.WithError(errSOCKS5).Debug("create SOCKS5 dialer failed") - return nil, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5) - } - return &http.Transport{ - Proxy: nil, - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - }, nil - } - - if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - return &http.Transport{Proxy: http.ProxyURL(proxyURL)}, nil - } - - log.Debugf("unsupported proxy scheme: %s", proxyURL.Scheme) - return nil, fmt.Errorf("unsupported proxy scheme: %s", proxyURL.Scheme) -} - -type transportFailureRoundTripper struct { - err error -} - -func (t *transportFailureRoundTripper) RoundTrip(*http.Request) (*http.Response, error) { - return nil, t.err -} - -// headerContainsValue checks whether a header map contains a target value (case-insensitive key and value). -func headerContainsValue(headers map[string]string, targetKey, targetValue string) bool { - if len(headers) == 0 { - return false - } - for key, value := range headers { - if !strings.EqualFold(strings.TrimSpace(key), strings.TrimSpace(targetKey)) { - continue - } - if strings.Contains(strings.ToLower(value), strings.ToLower(strings.TrimSpace(targetValue))) { - return true - } - } - return false -} - -// encodeJSONStringToCBOR converts a JSON string payload into CBOR bytes. -func encodeJSONStringToCBOR(jsonString string) ([]byte, error) { - var payload any - if errUnmarshal := json.Unmarshal([]byte(jsonString), &payload); errUnmarshal != nil { - return nil, errUnmarshal - } - return cbor.Marshal(payload) -} - -// decodeCBORBodyToTextOrJSON decodes CBOR bytes to plain text (for string payloads) or JSON string. -func decodeCBORBodyToTextOrJSON(raw []byte) (string, error) { - if len(raw) == 0 { - return "", nil - } - - var payload any - if errUnmarshal := cbor.Unmarshal(raw, &payload); errUnmarshal != nil { - return "", errUnmarshal - } - - jsonCompatible := cborValueToJSONCompatible(payload) - switch typed := jsonCompatible.(type) { - case string: - return typed, nil - case []byte: - return string(typed), nil - default: - jsonBytes, errMarshal := json.Marshal(jsonCompatible) - if errMarshal != nil { - return "", errMarshal - } - return string(jsonBytes), nil - } -} - -// cborValueToJSONCompatible recursively converts CBOR-decoded values into JSON-marshalable values. -func cborValueToJSONCompatible(value any) any { - switch typed := value.(type) { - case map[any]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[fmt.Sprint(key)] = cborValueToJSONCompatible(item) - } - return out - case map[string]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[key] = cborValueToJSONCompatible(item) - } - return out - case []any: - out := make([]any, len(typed)) - for i, item := range typed { - out[i] = cborValueToJSONCompatible(item) - } - return out - default: - return typed - } -} - -// QuotaDetail represents quota information for a specific resource type -type QuotaDetail struct { - Entitlement float64 `json:"entitlement"` - OverageCount float64 `json:"overage_count"` - OveragePermitted bool `json:"overage_permitted"` - PercentRemaining float64 `json:"percent_remaining"` - QuotaID string `json:"quota_id"` - QuotaRemaining float64 `json:"quota_remaining"` - Remaining float64 `json:"remaining"` - Unlimited bool `json:"unlimited"` -} - -// QuotaSnapshots contains quota details for different resource types -type QuotaSnapshots struct { - Chat QuotaDetail `json:"chat"` - Completions QuotaDetail `json:"completions"` - PremiumInteractions QuotaDetail `json:"premium_interactions"` -} - -// CopilotUsageResponse represents the GitHub Copilot usage information -type CopilotUsageResponse struct { - AccessTypeSKU string `json:"access_type_sku"` - AnalyticsTrackingID string `json:"analytics_tracking_id"` - AssignedDate string `json:"assigned_date"` - CanSignupForLimited bool `json:"can_signup_for_limited"` - ChatEnabled bool `json:"chat_enabled"` - CopilotPlan string `json:"copilot_plan"` - OrganizationLoginList []interface{} `json:"organization_login_list"` - OrganizationList []interface{} `json:"organization_list"` - QuotaResetDate string `json:"quota_reset_date"` - QuotaSnapshots QuotaSnapshots `json:"quota_snapshots"` -} - -type kiroUsageChecker interface { - CheckUsageByAccessToken(ctx context.Context, accessToken, profileArn string) (*kiroauth.UsageQuotaResponse, error) -} - -type kiroQuotaResponse struct { - AuthIndex string `json:"auth_index,omitempty"` - ProfileARN string `json:"profile_arn"` - RemainingQuota float64 `json:"remaining_quota"` - UsagePercentage float64 `json:"usage_percentage"` - QuotaExhausted bool `json:"quota_exhausted"` - Usage *kiroauth.UsageQuotaResponse `json:"usage"` -} - -// GetKiroQuota fetches Kiro quota information from CodeWhisperer usage API. -// -// Endpoint: -// -// GET /v0/management/kiro-quota -// -// Query Parameters (optional): -// - auth_index: The credential "auth_index" from GET /v0/management/auth-files. -// If omitted, uses the first available Kiro credential. -func (h *Handler) GetKiroQuota(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "management config unavailable"}) - return - } - h.getKiroQuotaWithChecker(c, kiroauth.NewUsageChecker(h.cfg)) -} - -func (h *Handler) getKiroQuotaWithChecker(c *gin.Context, checker kiroUsageChecker) { - authIndex := firstNonEmptyQuery(c, "auth_index", "authIndex", "AuthIndex", "index", "auth_id", "auth-id") - - auth := h.findKiroAuth(authIndex) - if auth == nil { - if authIndex != "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "no kiro credential found", "auth_index": authIndex}) - return - } - c.JSON(http.StatusBadRequest, gin.H{"error": "no kiro credential found"}) - return - } - auth.EnsureIndex() - - token, tokenErr := h.resolveTokenForAuth(c.Request.Context(), auth) - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to resolve kiro token", "auth_index": auth.Index, "detail": tokenErr.Error()}) - return - } - if token == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "kiro token not found", "auth_index": auth.Index}) - return - } - - profileARN := profileARNForAuth(auth) - if profileARN == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "kiro profile arn not found", "auth_index": auth.Index}) - return - } - - usage, err := checker.CheckUsageByAccessToken(c.Request.Context(), token, profileARN) - if err != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "kiro quota request failed", "detail": err.Error()}) - return - } - - c.JSON(http.StatusOK, kiroQuotaResponse{ - AuthIndex: auth.Index, - ProfileARN: profileARN, - RemainingQuota: kiroauth.GetRemainingQuota(usage), - UsagePercentage: kiroauth.GetUsagePercentage(usage), - QuotaExhausted: kiroauth.IsQuotaExhausted(usage), - Usage: usage, - }) -} - -// GetCopilotQuota fetches GitHub Copilot quota information from the /copilot_pkg/llmproxy/user endpoint. -// -// Endpoint: -// -// GET /v0/management/copilot-quota -// -// Query Parameters (optional): -// - auth_index: The credential "auth_index" from GET /v0/management/auth-files. -// If omitted, uses the first available GitHub Copilot credential. -// -// Response: -// -// Returns the CopilotUsageResponse with quota_snapshots containing detailed quota information -// for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X GET "http://127.0.0.1:8317/v0/management/copilot-quota?auth_index=" \ -// -H "Authorization: Bearer " -func (h *Handler) GetCopilotQuota(c *gin.Context) { - authIndex := strings.TrimSpace(c.Query("auth_index")) - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("authIndex")) - } - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("AuthIndex")) - } - - auth := h.findCopilotAuth(authIndex) - if auth == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "no github copilot credential found"}) - return - } - - token, tokenErr := h.resolveTokenForAuth(c.Request.Context(), auth) - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to refresh copilot token"}) - return - } - if token == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "copilot token not found"}) - return - } - - apiURL := "https://api.github.com/copilot_pkg/llmproxy/user" - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, apiURL, nil) - if errNewRequest != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to build request"}) - return - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "cliproxyapi++") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("copilot quota request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - if resp.StatusCode != http.StatusOK { - c.JSON(http.StatusBadGateway, gin.H{ - "error": "github api request failed", - "status_code": resp.StatusCode, - "body": string(respBody), - }) - return - } - - var usage CopilotUsageResponse - if errUnmarshal := json.Unmarshal(respBody, &usage); errUnmarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to parse response"}) - return - } - - c.JSON(http.StatusOK, usage) -} - -// findCopilotAuth locates a GitHub Copilot credential by auth_index or returns the first available one -func (h *Handler) findCopilotAuth(authIndex string) *coreauth.Auth { - if h == nil || h.authManager == nil { - return nil - } - - auths := h.authManager.List() - var firstCopilot *coreauth.Auth - - for _, auth := range auths { - if auth == nil { - continue - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider != "copilot" && provider != "github" && provider != "github-copilot" { - continue - } - - if firstCopilot == nil { - firstCopilot = auth - } - - if authIndex != "" { - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - } - - return firstCopilot -} - -// findKiroAuth locates a Kiro credential by auth_index or returns the first available one. -func (h *Handler) findKiroAuth(authIndex string) *coreauth.Auth { - if h == nil || h.authManager == nil { - return nil - } - - auths := h.authManager.List() - var firstKiro *coreauth.Auth - - for _, auth := range auths { - if auth == nil { - continue - } - if strings.ToLower(strings.TrimSpace(auth.Provider)) != "kiro" { - continue - } - - if firstKiro == nil { - firstKiro = auth - } - - if authIndex != "" { - auth.EnsureIndex() - if auth.Index == authIndex || auth.ID == authIndex || auth.FileName == authIndex { - return auth - } - } - } - - return firstKiro -} - -func profileARNForAuth(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - - if v := strings.TrimSpace(auth.Attributes["profile_arn"]); v != "" { - return v - } - if v := strings.TrimSpace(auth.Attributes["profileArn"]); v != "" { - return v - } - - metadata := auth.Metadata - if len(metadata) == 0 { - return "" - } - if v := stringValue(metadata, "profile_arn"); v != "" { - return v - } - if v := stringValue(metadata, "profileArn"); v != "" { - return v - } - - if tokenRaw, ok := metadata["token"].(map[string]any); ok { - if v := stringValue(tokenRaw, "profile_arn"); v != "" { - return v - } - if v := stringValue(tokenRaw, "profileArn"); v != "" { - return v - } - } - - return "" -} - -func firstNonEmptyQuery(c *gin.Context, keys ...string) string { - for _, key := range keys { - if value := strings.TrimSpace(c.Query(key)); value != "" { - return value - } - } - return "" -} - -// enrichCopilotTokenResponse fetches quota information and adds it to the Copilot token response body -func (h *Handler) enrichCopilotTokenResponse(ctx context.Context, response apiCallResponse, auth *coreauth.Auth, originalURL string) apiCallResponse { - if auth == nil || response.Body == "" { - return response - } - - // Parse the token response to check if it's enterprise (null limited_user_quotas) - var tokenResp map[string]interface{} - if err := json.Unmarshal([]byte(response.Body), &tokenResp); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse copilot token response") - return response - } - - // Get the GitHub token to call the copilot_pkg/llmproxy/user endpoint - token, tokenErr := h.resolveTokenForAuth(ctx, auth) - if tokenErr != nil { - log.WithError(tokenErr).Debug("enrichCopilotTokenResponse: failed to resolve token") - return response - } - if token == "" { - return response - } - - // Fetch quota information from /copilot_pkg/llmproxy/user - // Derive the base URL from the original token request to support proxies and test servers - quotaURL, errQuotaURL := copilotQuotaURLFromTokenURL(originalURL) - if errQuotaURL != nil { - log.WithError(errQuotaURL).Debug("enrichCopilotTokenResponse: rejected token URL for quota request") - return response - } - parsedQuotaURL, errParseQuotaURL := url.Parse(quotaURL) - if errParseQuotaURL != nil { - return response - } - if errValidate := validateAPICallURL(parsedQuotaURL); errValidate != nil { - return response - } - if errResolve := validateResolvedHostIPs(parsedQuotaURL.Hostname()); errResolve != nil { - return response - } - - req, errNewRequest := http.NewRequestWithContext(ctx, http.MethodGet, quotaURL, nil) - if errNewRequest != nil { - log.WithError(errNewRequest).Debug("enrichCopilotTokenResponse: failed to build request") - return response - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "cliproxyapi++") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - quotaResp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("enrichCopilotTokenResponse: quota fetch HTTP request failed") - return response - } - - defer func() { - if errClose := quotaResp.Body.Close(); errClose != nil { - log.Errorf("quota response body close error: %v", errClose) - } - }() - - if quotaResp.StatusCode != http.StatusOK { - return response - } - - quotaBody, errReadAll := io.ReadAll(quotaResp.Body) - if errReadAll != nil { - log.WithError(errReadAll).Debug("enrichCopilotTokenResponse: failed to read response") - return response - } - - // Parse the quota response - var quotaData CopilotUsageResponse - if err := json.Unmarshal(quotaBody, "aData); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse response") - return response - } - - // Check if this is an enterprise account by looking for quota_snapshots in the response - // Enterprise accounts have quota_snapshots, non-enterprise have limited_user_quotas - var quotaRaw map[string]interface{} - if err := json.Unmarshal(quotaBody, "aRaw); err == nil { - if _, hasQuotaSnapshots := quotaRaw["quota_snapshots"]; hasQuotaSnapshots { - // Enterprise account - has quota_snapshots - tokenResp["quota_snapshots"] = quotaData.QuotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for enterprise (quota_reset_date_utc) - if quotaResetDateUTC, ok := quotaRaw["quota_reset_date_utc"]; ok { - tokenResp["quota_reset_date"] = quotaResetDateUTC - } else if quotaData.QuotaResetDate != "" { - tokenResp["quota_reset_date"] = quotaData.QuotaResetDate - } - } else { - // Non-enterprise account - build quota from limited_user_quotas and monthly_quotas - var quotaSnapshots QuotaSnapshots - - // Get monthly quotas (total entitlement) and limited_user_quotas (remaining) - monthlyQuotas, hasMonthly := quotaRaw["monthly_quotas"].(map[string]interface{}) - limitedQuotas, hasLimited := quotaRaw["limited_user_quotas"].(map[string]interface{}) - - // Process chat quota - if hasMonthly && hasLimited { - if chatTotal, ok := monthlyQuotas["chat"].(float64); ok { - chatRemaining := chatTotal // default to full if no limited quota - if chatLimited, ok := limitedQuotas["chat"].(float64); ok { - chatRemaining = chatLimited - } - percentRemaining := 0.0 - if chatTotal > 0 { - percentRemaining = (chatRemaining / chatTotal) * 100.0 - } - quotaSnapshots.Chat = QuotaDetail{ - Entitlement: chatTotal, - Remaining: chatRemaining, - QuotaRemaining: chatRemaining, - PercentRemaining: percentRemaining, - QuotaID: "chat", - Unlimited: false, - } - } - - // Process completions quota - if completionsTotal, ok := monthlyQuotas["completions"].(float64); ok { - completionsRemaining := completionsTotal // default to full if no limited quota - if completionsLimited, ok := limitedQuotas["completions"].(float64); ok { - completionsRemaining = completionsLimited - } - percentRemaining := 0.0 - if completionsTotal > 0 { - percentRemaining = (completionsRemaining / completionsTotal) * 100.0 - } - quotaSnapshots.Completions = QuotaDetail{ - Entitlement: completionsTotal, - Remaining: completionsRemaining, - QuotaRemaining: completionsRemaining, - PercentRemaining: percentRemaining, - QuotaID: "completions", - Unlimited: false, - } - } - } - - // Premium interactions don't exist for non-enterprise, leave as zero values - quotaSnapshots.PremiumInteractions = QuotaDetail{ - QuotaID: "premium_interactions", - Unlimited: false, - } - - // Add quota_snapshots to the token response - tokenResp["quota_snapshots"] = quotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for non-enterprise (limited_user_reset_date) - if limitedResetDate, ok := quotaRaw["limited_user_reset_date"]; ok { - tokenResp["quota_reset_date"] = limitedResetDate - } - } - } - - // Re-serialize the enriched response - enrichedBody, errMarshal := json.Marshal(tokenResp) - if errMarshal != nil { - log.WithError(errMarshal).Debug("failed to marshal enriched response") - return response - } - - response.Body = string(enrichedBody) - - return response -} - -func copilotQuotaURLFromTokenURL(originalURL string) (string, error) { - parsedURL, errParse := url.Parse(strings.TrimSpace(originalURL)) - if errParse != nil { - return "", errParse - } - if parsedURL.User != nil { - return "", fmt.Errorf("unsupported host %q", parsedURL.Hostname()) - } - host := strings.ToLower(parsedURL.Hostname()) - if parsedURL.Scheme != "https" { - return "", fmt.Errorf("unsupported scheme %q", parsedURL.Scheme) - } - switch host { - case "api.github.com", "api.githubcopilot.com": - return fmt.Sprintf("https://%s/copilot_pkg/llmproxy/user", host), nil - default: - return "", fmt.Errorf("unsupported host %q", parsedURL.Hostname()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools_cbor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools_cbor_test.go deleted file mode 100644 index 8b7570a916..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools_cbor_test.go +++ /dev/null @@ -1,149 +0,0 @@ -package management - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "testing" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" -) - -func TestAPICall_CBOR_Support(t *testing.T) { - gin.SetMode(gin.TestMode) - - // Create a test handler - h := &Handler{} - - // Create test request data - reqData := apiCallRequest{ - Method: "GET", - URL: "https://httpbin.org/get", - Header: map[string]string{ - "User-Agent": "test-client", - }, - } - - t.Run("JSON request and response", func(t *testing.T) { - // Marshal request as JSON - jsonData, err := json.Marshal(reqData) - if err != nil { - t.Fatalf("Failed to marshal JSON: %v", err) - } - - // Create HTTP request - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(jsonData)) - req.Header.Set("Content-Type", "application/json") - - // Create response recorder - w := httptest.NewRecorder() - - // Create Gin context - c, _ := gin.CreateTestContext(w) - c.Request = req - - // Call handler - h.APICall(c) - - // Verify response - if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { - t.Logf("Response status: %d", w.Code) - t.Logf("Response body: %s", w.Body.String()) - } - - // Check content type - contentType := w.Header().Get("Content-Type") - if w.Code == http.StatusOK && !contains(contentType, "application/json") { - t.Errorf("Expected JSON response, got: %s", contentType) - } - }) - - t.Run("CBOR request and response", func(t *testing.T) { - // Marshal request as CBOR - cborData, err := cbor.Marshal(reqData) - if err != nil { - t.Fatalf("Failed to marshal CBOR: %v", err) - } - - // Create HTTP request - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(cborData)) - req.Header.Set("Content-Type", "application/cbor") - - // Create response recorder - w := httptest.NewRecorder() - - // Create Gin context - c, _ := gin.CreateTestContext(w) - c.Request = req - - // Call handler - h.APICall(c) - - // Verify response - if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { - t.Logf("Response status: %d", w.Code) - t.Logf("Response body: %s", w.Body.String()) - } - - // Check content type - contentType := w.Header().Get("Content-Type") - if w.Code == http.StatusOK && !contains(contentType, "application/cbor") { - t.Errorf("Expected CBOR response, got: %s", contentType) - } - - // Try to decode CBOR response - if w.Code == http.StatusOK { - var response apiCallResponse - if err := cbor.Unmarshal(w.Body.Bytes(), &response); err != nil { - t.Errorf("Failed to unmarshal CBOR response: %v", err) - } else { - t.Logf("CBOR response decoded successfully: status_code=%d", response.StatusCode) - } - } - }) - - t.Run("CBOR encoding and decoding consistency", func(t *testing.T) { - // Test data - testReq := apiCallRequest{ - Method: "POST", - URL: "https://example.com/api", - Header: map[string]string{ - "Authorization": "Bearer $TOKEN$", - "Content-Type": "application/json", - }, - Data: `{"key":"value"}`, - } - - // Encode to CBOR - cborData, err := cbor.Marshal(testReq) - if err != nil { - t.Fatalf("Failed to marshal to CBOR: %v", err) - } - - // Decode from CBOR - var decoded apiCallRequest - if err := cbor.Unmarshal(cborData, &decoded); err != nil { - t.Fatalf("Failed to unmarshal from CBOR: %v", err) - } - - // Verify fields - if decoded.Method != testReq.Method { - t.Errorf("Method mismatch: got %s, want %s", decoded.Method, testReq.Method) - } - if decoded.URL != testReq.URL { - t.Errorf("URL mismatch: got %s, want %s", decoded.URL, testReq.URL) - } - if decoded.Data != testReq.Data { - t.Errorf("Data mismatch: got %s, want %s", decoded.Data, testReq.Data) - } - if len(decoded.Header) != len(testReq.Header) { - t.Errorf("Header count mismatch: got %d, want %d", len(decoded.Header), len(testReq.Header)) - } - }) -} - -func contains(s, substr string) bool { - return len(s) > 0 && len(substr) > 0 && (s == substr || len(s) >= len(substr) && s[:len(substr)] == substr || bytes.Contains([]byte(s), []byte(substr))) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools_test.go deleted file mode 100644 index 772786e1f3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/api_tools_test.go +++ /dev/null @@ -1,603 +0,0 @@ -package management - -import ( - "bytes" - "context" - "encoding/json" - "io" - "net/http" - "net/http/httptest" - "net/url" - "strings" - "sync" - "testing" - "time" - - "github.com/gin-gonic/gin" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestIsAllowedHostOverride(t *testing.T) { - t.Parallel() - - parsed, err := url.Parse("https://example.com/path?x=1") - if err != nil { - t.Fatalf("parse: %v", err) - } - - if !isAllowedHostOverride(parsed, "example.com") { - t.Fatalf("host override should allow exact hostname") - } - - parsedWithPort, err := url.Parse("https://example.com:443/path") - if err != nil { - t.Fatalf("parse with port: %v", err) - } - if !isAllowedHostOverride(parsedWithPort, "example.com:443") { - t.Fatalf("host override should allow hostname with port") - } - if isAllowedHostOverride(parsed, "attacker.com") { - t.Fatalf("host override should reject non-target host") - } -} - -func TestAPICall_RejectsUnsafeHost(t *testing.T) { - t.Parallel() - gin.SetMode(gin.TestMode) - - body := []byte(`{"method":"GET","url":"http://127.0.0.1:8080/ping"}`) - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(body)) - req.Header.Set("Content-Type", "application/json") - - rec := httptest.NewRecorder() - c, _ := gin.CreateTestContext(rec) - c.Request = req - - h := &Handler{} - h.APICall(c) - - if rec.Code != http.StatusBadRequest { - t.Fatalf("status = %d, want %d, body=%s", rec.Code, http.StatusBadRequest, rec.Body.String()) - } -} - -type memoryAuthStore struct { - mu sync.Mutex - items map[string]*coreauth.Auth -} - -func (s *memoryAuthStore) List(ctx context.Context) ([]*coreauth.Auth, error) { - _ = ctx - s.mu.Lock() - defer s.mu.Unlock() - out := make([]*coreauth.Auth, 0, len(s.items)) - for _, a := range s.items { - out = append(out, a.Clone()) - } - return out, nil -} - -func (s *memoryAuthStore) Save(ctx context.Context, auth *coreauth.Auth) (string, error) { - _ = ctx - if auth == nil { - return "", nil - } - s.mu.Lock() - if s.items == nil { - s.items = make(map[string]*coreauth.Auth) - } - s.items[auth.ID] = auth.Clone() - s.mu.Unlock() - return auth.ID, nil -} - -func (s *memoryAuthStore) Delete(ctx context.Context, id string) error { - _ = ctx - s.mu.Lock() - delete(s.items, id) - s.mu.Unlock() - return nil -} - -func TestResolveTokenForAuth_Antigravity_RefreshesExpiredToken(t *testing.T) { - var callCount int - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - callCount++ - if r.Method != http.MethodPost { - t.Fatalf("expected POST, got %s", r.Method) - } - if ct := r.Header.Get("Content-Type"); !strings.HasPrefix(ct, "application/x-www-form-urlencoded") { - t.Fatalf("unexpected content-type: %s", ct) - } - bodyBytes, _ := io.ReadAll(r.Body) - _ = r.Body.Close() - values, err := url.ParseQuery(string(bodyBytes)) - if err != nil { - t.Fatalf("parse form: %v", err) - } - if values.Get("grant_type") != "refresh_token" { - t.Fatalf("unexpected grant_type: %s", values.Get("grant_type")) - } - if values.Get("refresh_token") != "rt" { - t.Fatalf("unexpected refresh_token: %s", values.Get("refresh_token")) - } - if values.Get("client_id") != antigravityOAuthClientID { - t.Fatalf("unexpected client_id: %s", values.Get("client_id")) - } - if values.Get("client_secret") != antigravityOAuthClientSecret { - t.Fatalf("unexpected client_secret") - } - - w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(map[string]any{ - "access_token": "new-token", - "refresh_token": "rt2", - "expires_in": int64(3600), - "token_type": "Bearer", - }) - })) - t.Cleanup(srv.Close) - - originalURL := antigravityOAuthTokenURL - antigravityOAuthTokenURL = srv.URL - t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - - auth := &coreauth.Auth{ - ID: "antigravity-test.json", - FileName: "antigravity-test.json", - Provider: "antigravity", - Metadata: map[string]any{ - "type": "antigravity", - "access_token": "old-token", - "refresh_token": "rt", - "expires_in": int64(3600), - "timestamp": time.Now().Add(-2 * time.Hour).UnixMilli(), - "expired": time.Now().Add(-1 * time.Hour).Format(time.RFC3339), - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - - h := &Handler{authManager: manager} - token, err := h.resolveTokenForAuth(context.Background(), auth) - if err != nil { - t.Fatalf("resolveTokenForAuth: %v", err) - } - if token != "new-token" { - t.Fatalf("expected refreshed token, got %q", token) - } - if callCount != 1 { - t.Fatalf("expected 1 refresh call, got %d", callCount) - } - - updated, ok := manager.GetByID(auth.ID) - if !ok || updated == nil { - t.Fatalf("expected auth in manager after update") - } - if got := tokenValueFromMetadata(updated.Metadata); got != "new-token" { - t.Fatalf("expected manager metadata updated, got %q", got) - } -} - -func TestResolveTokenForAuth_Antigravity_SkipsRefreshWhenTokenValid(t *testing.T) { - var callCount int - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - callCount++ - w.WriteHeader(http.StatusInternalServerError) - })) - t.Cleanup(srv.Close) - - originalURL := antigravityOAuthTokenURL - antigravityOAuthTokenURL = srv.URL - t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) - - auth := &coreauth.Auth{ - ID: "antigravity-valid.json", - FileName: "antigravity-valid.json", - Provider: "antigravity", - Metadata: map[string]any{ - "type": "antigravity", - "access_token": "ok-token", - "expired": time.Now().Add(30 * time.Minute).Format(time.RFC3339), - }, - } - h := &Handler{} - token, err := h.resolveTokenForAuth(context.Background(), auth) - if err != nil { - t.Fatalf("resolveTokenForAuth: %v", err) - } - if token != "ok-token" { - t.Fatalf("expected existing token, got %q", token) - } - if callCount != 0 { - t.Fatalf("expected no refresh calls, got %d", callCount) - } -} - -type fakeKiroUsageChecker struct { - usage *kiroauth.UsageQuotaResponse - err error -} - -func (f fakeKiroUsageChecker) CheckUsageByAccessToken(_ context.Context, _, _ string) (*kiroauth.UsageQuotaResponse, error) { - if f.err != nil { - return nil, f.err - } - return f.usage, nil -} - -func TestFindKiroAuth_ByIndexAndFallback(t *testing.T) { - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - h := &Handler{authManager: manager} - - other := &coreauth.Auth{ID: "other.json", FileName: "other.json", Provider: "copilot"} - kiroA := &coreauth.Auth{ID: "kiro-a.json", FileName: "kiro-a.json", Provider: "kiro"} - kiroB := &coreauth.Auth{ID: "kiro-b.json", FileName: "kiro-b.json", Provider: "kiro"} - for _, auth := range []*coreauth.Auth{other, kiroA, kiroB} { - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - } - kiroA.EnsureIndex() - - foundByIndex := h.findKiroAuth(kiroA.Index) - if foundByIndex == nil || foundByIndex.ID != kiroA.ID { - t.Fatalf("findKiroAuth(index) returned %#v, want %q", foundByIndex, kiroA.ID) - } - - foundFallback := h.findKiroAuth("") - if foundFallback == nil || foundFallback.Provider != "kiro" { - t.Fatalf("findKiroAuth fallback returned %#v, want kiro provider", foundFallback) - } -} - -func TestGetKiroQuotaWithChecker_Success(t *testing.T) { - gin.SetMode(gin.TestMode) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - auth := &coreauth.Auth{ - ID: "kiro-1.json", - FileName: "kiro-1.json", - Provider: "kiro", - Metadata: map[string]any{ - "access_token": "token-1", - "profile_arn": "arn:aws:codewhisperer:us-east-1:123:profile/test", - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - auth.EnsureIndex() - - rec := httptest.NewRecorder() - ctx, _ := gin.CreateTestContext(rec) - ctx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/kiro-quota?auth_index="+url.QueryEscape(auth.Index), nil) - - h := &Handler{authManager: manager} - h.getKiroQuotaWithChecker(ctx, fakeKiroUsageChecker{ - usage: &kiroauth.UsageQuotaResponse{ - UsageBreakdownList: []kiroauth.UsageBreakdownExtended{ - { - ResourceType: "AGENTIC_REQUEST", - UsageLimitWithPrecision: 100, - CurrentUsageWithPrecision: 25, - }, - }, - }, - }) - - if rec.Code != http.StatusOK { - t.Fatalf("status = %d, want %d, body=%s", rec.Code, http.StatusOK, rec.Body.String()) - } - - var got map[string]any - if err := json.Unmarshal(rec.Body.Bytes(), &got); err != nil { - t.Fatalf("decode response: %v", err) - } - if got["profile_arn"] != "arn:aws:codewhisperer:us-east-1:123:profile/test" { - t.Fatalf("profile_arn = %v", got["profile_arn"]) - } - if got["remaining_quota"] != 75.0 { - t.Fatalf("remaining_quota = %v, want 75", got["remaining_quota"]) - } - if got["usage_percentage"] != 25.0 { - t.Fatalf("usage_percentage = %v, want 25", got["usage_percentage"]) - } - if got["quota_exhausted"] != false { - t.Fatalf("quota_exhausted = %v, want false", got["quota_exhausted"]) - } - if got["auth_index"] != auth.Index { - t.Fatalf("auth_index = %v, want %s", got["auth_index"], auth.Index) - } -} - -func TestGetKiroQuotaWithChecker_MissingProfileARN(t *testing.T) { - gin.SetMode(gin.TestMode) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - auth := &coreauth.Auth{ - ID: "kiro-no-profile.json", - FileName: "kiro-no-profile.json", - Provider: "kiro", - Metadata: map[string]any{ - "access_token": "token-1", - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - - rec := httptest.NewRecorder() - ctx, _ := gin.CreateTestContext(rec) - ctx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/kiro-quota", nil) - - h := &Handler{authManager: manager} - h.getKiroQuotaWithChecker(ctx, fakeKiroUsageChecker{ - usage: &kiroauth.UsageQuotaResponse{}, - }) - - if rec.Code != http.StatusBadRequest { - t.Fatalf("status = %d, want %d, body=%s", rec.Code, http.StatusBadRequest, rec.Body.String()) - } - if !strings.Contains(rec.Body.String(), "profile arn not found") { - t.Fatalf("unexpected response body: %s", rec.Body.String()) - } - if !strings.Contains(rec.Body.String(), "auth_index") { - t.Fatalf("expected auth_index in missing-profile response, got: %s", rec.Body.String()) - } -} - -func TestGetKiroQuotaWithChecker_IndexAliasLookup(t *testing.T) { - gin.SetMode(gin.TestMode) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - auth := &coreauth.Auth{ - ID: "kiro-index-alias.json", - FileName: "kiro-index-alias.json", - Provider: "kiro", - Metadata: map[string]any{ - "access_token": "token-1", - "profile_arn": "arn:aws:codewhisperer:us-east-1:123:profile/test", - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - auth.EnsureIndex() - - rec := httptest.NewRecorder() - ctx, _ := gin.CreateTestContext(rec) - ctx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/kiro-quota?index="+url.QueryEscape(auth.Index), nil) - - h := &Handler{authManager: manager} - h.getKiroQuotaWithChecker(ctx, fakeKiroUsageChecker{ - usage: &kiroauth.UsageQuotaResponse{ - UsageBreakdownList: []kiroauth.UsageBreakdownExtended{ - { - ResourceType: "AGENTIC_REQUEST", - UsageLimitWithPrecision: 100, - CurrentUsageWithPrecision: 50, - }, - }, - }, - }) - - if rec.Code != http.StatusOK { - t.Fatalf("status = %d, want %d, body=%s", rec.Code, http.StatusOK, rec.Body.String()) - } -} - -func TestGetKiroQuotaWithChecker_AuthIDAliasLookup(t *testing.T) { - gin.SetMode(gin.TestMode) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - auth := &coreauth.Auth{ - ID: "kiro-auth-id-alias.json", - FileName: "kiro-auth-id-alias.json", - Provider: "kiro", - Metadata: map[string]any{ - "access_token": "token-1", - "profile_arn": "arn:aws:codewhisperer:us-east-1:123:profile/test", - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - - rec := httptest.NewRecorder() - ctx, _ := gin.CreateTestContext(rec) - ctx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/kiro-quota?auth_id="+url.QueryEscape(auth.ID), nil) - - h := &Handler{authManager: manager} - h.getKiroQuotaWithChecker(ctx, fakeKiroUsageChecker{ - usage: &kiroauth.UsageQuotaResponse{ - UsageBreakdownList: []kiroauth.UsageBreakdownExtended{ - { - ResourceType: "AGENTIC_REQUEST", - UsageLimitWithPrecision: 100, - CurrentUsageWithPrecision: 10, - }, - }, - }, - }) - - if rec.Code != http.StatusOK { - t.Fatalf("status = %d, want %d, body=%s", rec.Code, http.StatusOK, rec.Body.String()) - } -} - -func TestGetKiroQuotaWithChecker_MissingCredentialIncludesRequestedIndex(t *testing.T) { - gin.SetMode(gin.TestMode) - h := &Handler{} - - rec := httptest.NewRecorder() - ctx, _ := gin.CreateTestContext(rec) - ctx.Request = httptest.NewRequest(http.MethodGet, "/v0/management/kiro-quota?auth_index=missing-index", nil) - - h.getKiroQuotaWithChecker(ctx, fakeKiroUsageChecker{}) - - if rec.Code != http.StatusBadRequest { - t.Fatalf("status = %d, want %d, body=%s", rec.Code, http.StatusBadRequest, rec.Body.String()) - } - if !strings.Contains(rec.Body.String(), "missing-index") { - t.Fatalf("expected requested auth_index in response, got: %s", rec.Body.String()) - } -} - -func TestCopilotQuotaURLFromTokenURL_Regression(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - tokenURL string - wantURL string - expectErr bool - }{ - { - name: "github_api", - tokenURL: "https://api.github.com/copilot_internal/v2/token", - wantURL: "https://api.github.com/copilot_pkg/llmproxy/user", - expectErr: false, - }, - { - name: "copilot_api", - tokenURL: "https://api.githubcopilot.com/copilot_internal/v2/token", - wantURL: "https://api.githubcopilot.com/copilot_pkg/llmproxy/user", - expectErr: false, - }, - { - name: "reject_http", - tokenURL: "http://api.github.com/copilot_internal/v2/token", - expectErr: true, - }, - { - name: "reject_untrusted_host", - tokenURL: "https://127.0.0.1/copilot_internal/v2/token", - expectErr: true, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - got, err := copilotQuotaURLFromTokenURL(tt.tokenURL) - if tt.expectErr { - if err == nil { - t.Fatalf("expected error, got url=%q", got) - } - return - } - if err != nil { - t.Fatalf("copilotQuotaURLFromTokenURL returned error: %v", err) - } - if got != tt.wantURL { - t.Fatalf("copilotQuotaURLFromTokenURL = %q, want %q", got, tt.wantURL) - } - }) - } -} - -func TestAPICallTransport_AuthProxyMisconfigurationFailsClosed(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "kiro", - ProxyURL: "::://invalid-proxy-url", - } - handler := &Handler{ - cfg: &config.Config{ - SDKConfig: config.SDKConfig{ - ProxyURL: "http://127.0.0.1:65535", - }, - }, - } - - rt := handler.apiCallTransport(auth) - req, err := http.NewRequest(http.MethodGet, "https://example.com", nil) - if err != nil { - t.Fatalf("new request: %v", err) - } - if _, err := rt.RoundTrip(req); err == nil { - t.Fatalf("expected fail-closed error for invalid auth proxy") - } -} - -func TestAPICallTransport_ConfigProxyMisconfigurationFallsBack(t *testing.T) { - handler := &Handler{ - cfg: &config.Config{ - SDKConfig: config.SDKConfig{ - ProxyURL: "://bad-proxy-url", - }, - }, - } - - rt := handler.apiCallTransport(nil) - if _, ok := rt.(*transportFailureRoundTripper); ok { - t.Fatalf("expected non-failure transport for invalid config proxy") - } - if _, ok := rt.(*http.Transport); !ok { - t.Fatalf("expected default transport type, got %T", rt) - } -} - -func TestCopilotQuotaURLFromTokenURLRegression(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - tokenURL string - wantURL string - expectErr bool - }{ - { - name: "github_api", - tokenURL: "https://api.github.com/copilot_internal/v2/token", - wantURL: "https://api.github.com/copilot_pkg/llmproxy/user", - expectErr: false, - }, - { - name: "copilot_api", - tokenURL: "https://api.githubcopilot.com/copilot_internal/v2/token", - wantURL: "https://api.githubcopilot.com/copilot_pkg/llmproxy/user", - expectErr: false, - }, - { - name: "reject_http", - tokenURL: "http://api.github.com/copilot_internal/v2/token", - expectErr: true, - }, - { - name: "reject_untrusted_host", - tokenURL: "https://127.0.0.1/copilot_internal/v2/token", - expectErr: true, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - got, err := copilotQuotaURLFromTokenURL(tt.tokenURL) - if tt.expectErr { - if err == nil { - t.Fatalf("expected error, got url=%q", got) - } - return - } - if err != nil { - t.Fatalf("copilotQuotaURLFromTokenURL returned error: %v", err) - } - if got != tt.wantURL { - t.Fatalf("copilotQuotaURLFromTokenURL = %q, want %q", got, tt.wantURL) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/auth_files.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/auth_files.go deleted file mode 100644 index 193e4e4ee4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/auth_files.go +++ /dev/null @@ -1,3022 +0,0 @@ -package management - -import ( - "bytes" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/url" - "os" - "path" - "path/filepath" - "sort" - "strconv" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/antigravity" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/copilot" - geminiAuth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/gemini" - iflowauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kilo" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kimi" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/qwen" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -var lastRefreshKeys = []string{"last_refresh", "lastRefresh", "last_refreshed_at", "lastRefreshedAt"} - -const ( - anthropicCallbackPort = 54545 - geminiCallbackPort = 8085 - codexCallbackPort = 1455 - geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" - geminiCLIVersion = "v1internal" - geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" - geminiCLIApiClient = "gl-node/22.17.0" - geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -) - -type callbackForwarder struct { - provider string - server *http.Server - done chan struct{} -} - -var ( - callbackForwardersMu sync.Mutex - callbackForwarders = make(map[int]*callbackForwarder) -) - -func extractLastRefreshTimestamp(meta map[string]any) (time.Time, bool) { - if len(meta) == 0 { - return time.Time{}, false - } - for _, key := range lastRefreshKeys { - if val, ok := meta[key]; ok { - if ts, ok1 := parseLastRefreshValue(val); ok1 { - return ts, true - } - } - } - return time.Time{}, false -} - -func parseLastRefreshValue(v any) (time.Time, bool) { - switch val := v.(type) { - case string: - s := strings.TrimSpace(val) - if s == "" { - return time.Time{}, false - } - layouts := []string{time.RFC3339, time.RFC3339Nano, "2006-01-02 15:04:05", "2006-01-02T15:04:05Z07:00"} - for _, layout := range layouts { - if ts, err := time.Parse(layout, s); err == nil { - return ts.UTC(), true - } - } - if unix, err := strconv.ParseInt(s, 10, 64); err == nil && unix > 0 { - return time.Unix(unix, 0).UTC(), true - } - case float64: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(int64(val), 0).UTC(), true - case int64: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(val, 0).UTC(), true - case int: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(int64(val), 0).UTC(), true - case json.Number: - if i, err := val.Int64(); err == nil && i > 0 { - return time.Unix(i, 0).UTC(), true - } - } - return time.Time{}, false -} - -func isWebUIRequest(c *gin.Context) bool { - raw := strings.TrimSpace(c.Query("is_webui")) - if raw == "" { - return false - } - switch strings.ToLower(raw) { - case "1", "true", "yes", "on": - return true - default: - return false - } -} - -func startCallbackForwarder(port int, provider, targetBase string) (*callbackForwarder, error) { - targetURL, errTarget := validateCallbackForwarderTarget(targetBase) - if errTarget != nil { - return nil, fmt.Errorf("invalid callback target: %w", errTarget) - } - - callbackForwardersMu.Lock() - prev := callbackForwarders[port] - if prev != nil { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - if prev != nil { - stopForwarderInstance(port, prev) - } - - addr := fmt.Sprintf("127.0.0.1:%d", port) - ln, err := net.Listen("tcp", addr) - if err != nil { - return nil, fmt.Errorf("failed to listen on %s: %w", addr, err) - } - - handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - target := *targetURL - if raw := r.URL.RawQuery; raw != "" { - if target.RawQuery != "" { - target.RawQuery = target.RawQuery + "&" + raw - } else { - target.RawQuery = raw - } - } - w.Header().Set("Cache-Control", "no-store") - http.Redirect(w, r, target.String(), http.StatusFound) - }) - - srv := &http.Server{ - Handler: handler, - ReadHeaderTimeout: 5 * time.Second, - WriteTimeout: 5 * time.Second, - } - done := make(chan struct{}) - - go func() { - if errServe := srv.Serve(ln); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) { - log.WithError(errServe).Warnf("callback forwarder for %s stopped unexpectedly", provider) - } - close(done) - }() - - forwarder := &callbackForwarder{ - provider: provider, - server: srv, - done: done, - } - - callbackForwardersMu.Lock() - callbackForwarders[port] = forwarder - callbackForwardersMu.Unlock() - - log.Infof("callback forwarder for %s listening on %s", provider, addr) - - return forwarder, nil -} - -func validateCallbackForwarderTarget(targetBase string) (*url.URL, error) { - trimmed := strings.TrimSpace(targetBase) - if trimmed == "" { - return nil, fmt.Errorf("target cannot be empty") - } - parsed, err := url.Parse(trimmed) - if err != nil { - return nil, fmt.Errorf("parse target: %w", err) - } - if !parsed.IsAbs() { - return nil, fmt.Errorf("target must be absolute") - } - scheme := strings.ToLower(parsed.Scheme) - if scheme != "http" && scheme != "https" { - return nil, fmt.Errorf("target scheme %q is not allowed", parsed.Scheme) - } - host := strings.ToLower(strings.TrimSpace(parsed.Hostname())) - if host == "" { - return nil, fmt.Errorf("target host is required") - } - if ip := net.ParseIP(host); ip != nil { - if !ip.IsLoopback() { - return nil, fmt.Errorf("target host must be loopback") - } - return parsed, nil - } - if host != "localhost" { - return nil, fmt.Errorf("target host must be localhost or loopback") - } - return parsed, nil -} - -func stopCallbackForwarder(port int) { - callbackForwardersMu.Lock() - forwarder := callbackForwarders[port] - if forwarder != nil { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - stopForwarderInstance(port, forwarder) -} - -func stopCallbackForwarderInstance(port int, forwarder *callbackForwarder) { - if forwarder == nil { - return - } - callbackForwardersMu.Lock() - if current := callbackForwarders[port]; current == forwarder { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - stopForwarderInstance(port, forwarder) -} - -func stopForwarderInstance(port int, forwarder *callbackForwarder) { - if forwarder == nil || forwarder.server == nil { - return - } - - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - - if err := forwarder.server.Shutdown(ctx); err != nil && !errors.Is(err, http.ErrServerClosed) { - log.WithError(err).Warnf("failed to shut down callback forwarder on port %d", port) - } - - select { - case <-forwarder.done: - case <-time.After(2 * time.Second): - } - - log.Infof("callback forwarder on port %d stopped", port) -} - -func (h *Handler) managementCallbackURL(path string) (string, error) { - if h == nil || h.cfg == nil || h.cfg.Port <= 0 { - return "", fmt.Errorf("server port is not configured") - } - path = normalizeManagementCallbackPath(path) - scheme := "http" - if h.cfg.TLS.Enable { - scheme = "https" - } - return fmt.Sprintf("%s://127.0.0.1:%d%s", scheme, h.cfg.Port, path), nil -} - -func normalizeManagementCallbackPath(rawPath string) string { - normalized := strings.TrimSpace(rawPath) - normalized = strings.ReplaceAll(normalized, "\\", "/") - if idx := strings.IndexAny(normalized, "?#"); idx >= 0 { - normalized = normalized[:idx] - } - if normalized == "" { - return "/" - } - if !strings.HasPrefix(normalized, "/") { - normalized = "/" + normalized - } - normalized = path.Clean(normalized) - // Security: Verify cleaned path is safe (no open redirect) - if normalized == "." || normalized == "" { - return "/" - } - // Prevent open redirect attacks (e.g., //evil.com or http://...) - if strings.Contains(normalized, "//") || strings.Contains(normalized, ":/") { - return "/" - } - if !strings.HasPrefix(normalized, "/") { - return "/" + normalized - } - return normalized -} - -func (h *Handler) ListAuthFiles(c *gin.Context) { - if h == nil { - c.JSON(500, gin.H{"error": "handler not initialized"}) - return - } - if h.authManager == nil { - h.listAuthFilesFromDisk(c) - return - } - auths := h.authManager.List() - files := make([]gin.H, 0, len(auths)) - for _, auth := range auths { - if entry := h.buildAuthFileEntry(auth); entry != nil { - files = append(files, entry) - } - } - sort.Slice(files, func(i, j int) bool { - nameI, _ := files[i]["name"].(string) - nameJ, _ := files[j]["name"].(string) - return strings.ToLower(nameI) < strings.ToLower(nameJ) - }) - c.JSON(200, gin.H{"files": files}) -} - -// GetAuthFileModels returns the models supported by a specific auth file -func (h *Handler) GetAuthFileModels(c *gin.Context) { - name := c.Query("name") - if name == "" { - c.JSON(400, gin.H{"error": "name is required"}) - return - } - - // Try to find auth ID via authManager - var authID string - if h.authManager != nil { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name || auth.ID == name { - authID = auth.ID - break - } - } - } - - if authID == "" { - authID = name // fallback to filename as ID - } - - // Get models from registry - reg := registry.GetGlobalRegistry() - models := reg.GetModelsForClient(authID) - - result := make([]gin.H, 0, len(models)) - for _, m := range models { - entry := gin.H{ - "id": m.ID, - } - if m.DisplayName != "" { - entry["display_name"] = m.DisplayName - } - if m.Type != "" { - entry["type"] = m.Type - } - if m.OwnedBy != "" { - entry["owned_by"] = m.OwnedBy - } - result = append(result, entry) - } - - c.JSON(200, gin.H{"models": result}) -} - -// List auth files from disk when the auth manager is unavailable. -func (h *Handler) listAuthFilesFromDisk(c *gin.Context) { - entries, err := os.ReadDir(h.cfg.AuthDir) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read auth dir: %v", err)}) - return - } - files := make([]gin.H, 0) - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - if info, errInfo := e.Info(); errInfo == nil { - fileData := gin.H{"name": name, "size": info.Size(), "modtime": info.ModTime()} - - // Read file to get type field - full := filepath.Join(h.cfg.AuthDir, name) - if data, errRead := os.ReadFile(full); errRead == nil { - typeValue := gjson.GetBytes(data, "type").String() - emailValue := gjson.GetBytes(data, "email").String() - fileData["type"] = typeValue - fileData["email"] = emailValue - } - - files = append(files, fileData) - } - } - c.JSON(200, gin.H{"files": files}) -} - -func (h *Handler) buildAuthFileEntry(auth *coreauth.Auth) gin.H { - if auth == nil { - return nil - } - auth.EnsureIndex() - runtimeOnly := isRuntimeOnlyAuth(auth) - if runtimeOnly && (auth.Disabled || auth.Status == coreauth.StatusDisabled) { - return nil - } - path := strings.TrimSpace(authAttribute(auth, "path")) - if path == "" && !runtimeOnly { - return nil - } - name := strings.TrimSpace(auth.FileName) - if name == "" { - name = auth.ID - } - entry := gin.H{ - "id": auth.ID, - "auth_index": auth.Index, - "name": name, - "type": strings.TrimSpace(auth.Provider), - "provider": strings.TrimSpace(auth.Provider), - "label": auth.Label, - "status": auth.Status, - "status_message": auth.StatusMessage, - "disabled": auth.Disabled, - "unavailable": auth.Unavailable, - "runtime_only": runtimeOnly, - "source": "memory", - "size": int64(0), - } - if email := authEmail(auth); email != "" { - entry["email"] = email - } - if accountType, account := auth.AccountInfo(); accountType != "" || account != "" { - if accountType != "" { - entry["account_type"] = accountType - } - if account != "" { - entry["account"] = account - } - } - if !auth.CreatedAt.IsZero() { - entry["created_at"] = auth.CreatedAt - } - if !auth.UpdatedAt.IsZero() { - entry["modtime"] = auth.UpdatedAt - entry["updated_at"] = auth.UpdatedAt - } - if !auth.LastRefreshedAt.IsZero() { - entry["last_refresh"] = auth.LastRefreshedAt - } - if path != "" { - entry["path"] = path - entry["source"] = "file" - if info, err := os.Stat(path); err == nil { - entry["size"] = info.Size() - entry["modtime"] = info.ModTime() - } else if os.IsNotExist(err) { - // Hide credentials removed from disk but still lingering in memory. - if !runtimeOnly && (auth.Disabled || auth.Status == coreauth.StatusDisabled || strings.EqualFold(strings.TrimSpace(auth.StatusMessage), "removed via management api")) { - return nil - } - entry["source"] = "memory" - } else { - log.WithError(err).Warnf("failed to stat auth file %s", path) - } - } - if claims := extractCodexIDTokenClaims(auth); claims != nil { - entry["id_token"] = claims - } - return entry -} - -func extractCodexIDTokenClaims(auth *coreauth.Auth) gin.H { - if auth == nil || auth.Metadata == nil { - return nil - } - if !strings.EqualFold(strings.TrimSpace(auth.Provider), "codex") { - return nil - } - idTokenRaw, ok := auth.Metadata["id_token"].(string) - if !ok { - return nil - } - idToken := strings.TrimSpace(idTokenRaw) - if idToken == "" { - return nil - } - claims, err := codex.ParseJWTToken(idToken) - if err != nil || claims == nil { - return nil - } - - result := gin.H{} - if v := strings.TrimSpace(claims.CodexAuthInfo.ChatgptAccountID); v != "" { - result["chatgpt_account_id"] = v - } - if v := strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType); v != "" { - result["plan_type"] = v - } - if v := claims.CodexAuthInfo.ChatgptSubscriptionActiveStart; v != nil { - result["chatgpt_subscription_active_start"] = v - } - if v := claims.CodexAuthInfo.ChatgptSubscriptionActiveUntil; v != nil { - result["chatgpt_subscription_active_until"] = v - } - - if len(result) == 0 { - return nil - } - return result -} - -func authEmail(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["email"].(string); ok { - return strings.TrimSpace(v) - } - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["email"]); v != "" { - return v - } - if v := strings.TrimSpace(auth.Attributes["account_email"]); v != "" { - return v - } - } - return "" -} - -func authAttribute(auth *coreauth.Auth, key string) string { - if auth == nil || len(auth.Attributes) == 0 { - return "" - } - return auth.Attributes[key] -} - -func isRuntimeOnlyAuth(auth *coreauth.Auth) bool { - if auth == nil || len(auth.Attributes) == 0 { - return false - } - return strings.EqualFold(strings.TrimSpace(auth.Attributes["runtime_only"]), "true") -} - -// Download single auth file by name -func (h *Handler) DownloadAuthFile(c *gin.Context) { - name := strings.TrimSpace(c.Query("name")) - if name == "" { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "name must end with .json"}) - return - } - full, err := misc.ResolveSafeFilePathInDir(h.cfg.AuthDir, name) - if err != nil { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - data, err := os.ReadFile(full) - if err != nil { - if os.IsNotExist(err) { - c.JSON(404, gin.H{"error": "file not found"}) - } else { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - } - return - } - c.Header("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", name)) - c.Data(200, "application/json", data) -} - -// Upload auth file: multipart or raw JSON with ?name= -func (h *Handler) UploadAuthFile(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - ctx := c.Request.Context() - if file, err := c.FormFile("file"); err == nil && file != nil { - name := strings.TrimSpace(file.Filename) - dst, err := misc.ResolveSafeFilePathInDir(h.cfg.AuthDir, name) - if err != nil { - c.JSON(400, gin.H{"error": "invalid auth file name"}) - return - } - if !strings.HasSuffix(strings.ToLower(filepath.Base(dst)), ".json") { - c.JSON(400, gin.H{"error": "file must be .json"}) - return - } - if errSave := c.SaveUploadedFile(file, dst); errSave != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to save file: %v", errSave)}) - return - } - data, errRead := os.ReadFile(dst) - if errRead != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read saved file: %v", errRead)}) - return - } - if errReg := h.registerAuthFromFile(ctx, dst, data); errReg != nil { - // Path traversal or other validation errors should return 400 - if strings.Contains(errReg.Error(), "escapes") || strings.Contains(errReg.Error(), "traversal") { - c.JSON(400, gin.H{"error": "invalid auth file path"}) - } else { - c.JSON(500, gin.H{"error": errReg.Error()}) - } - return - } - c.JSON(200, gin.H{"status": "ok"}) - return - } - name := c.Query("name") - name = strings.TrimSpace(name) - if name == "" { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "name must end with .json"}) - return - } - data, err := io.ReadAll(c.Request.Body) - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - dst, err := misc.ResolveSafeFilePathInDir(h.cfg.AuthDir, name) - if err != nil { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if errWrite := os.WriteFile(dst, data, 0o600); errWrite != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to write file: %v", errWrite)}) - return - } - if err = h.registerAuthFromFile(ctx, dst, data); err != nil { - // Path traversal or other validation errors should return 400 - if strings.Contains(err.Error(), "escapes") || strings.Contains(err.Error(), "traversal") { - c.JSON(400, gin.H{"error": "invalid auth file path"}) - } else { - c.JSON(500, gin.H{"error": err.Error()}) - } - return - } - c.JSON(200, gin.H{"status": "ok"}) -} - -// Delete auth files: single by name or all -func (h *Handler) DeleteAuthFile(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - ctx := c.Request.Context() - if all := c.Query("all"); all == "true" || all == "1" || all == "*" { - entries, err := os.ReadDir(h.cfg.AuthDir) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read auth dir: %v", err)}) - return - } - deleted := 0 - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full, err := misc.ResolveSafeFilePathInDir(h.cfg.AuthDir, name) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("invalid auth file path: %v", err)}) - return - } - if err = os.Remove(full); err == nil { - if errDel := h.deleteTokenRecord(ctx, full); errDel != nil { - c.JSON(500, gin.H{"error": errDel.Error()}) - return - } - deleted++ - h.disableAuth(ctx, full) - } - } - c.JSON(200, gin.H{"status": "ok", "deleted": deleted}) - return - } - name := strings.TrimSpace(c.Query("name")) - if name == "" { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - full, err := misc.ResolveSafeFilePathInDir(h.cfg.AuthDir, name) - if err != nil { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if err := os.Remove(full); err != nil { - if os.IsNotExist(err) { - c.JSON(404, gin.H{"error": "file not found"}) - } else { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to remove file: %v", err)}) - } - return - } - if err := h.deleteTokenRecord(ctx, full); err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - h.disableAuth(ctx, full) - c.JSON(200, gin.H{"status": "ok"}) -} - -func (h *Handler) authIDForPath(path string) string { - path = strings.TrimSpace(path) - if path == "" { - return "" - } - if h == nil || h.cfg == nil { - return path - } - authDir := strings.TrimSpace(h.cfg.AuthDir) - if authDir == "" { - return path - } - if rel, err := filepath.Rel(authDir, path); err == nil && rel != "" { - return rel - } - return path -} - -func (h *Handler) resolveAuthPath(path string) (string, error) { - path = strings.TrimSpace(path) - if path == "" { - return "", fmt.Errorf("auth path is empty") - } - if h == nil || h.cfg == nil { - return "", fmt.Errorf("handler configuration unavailable") - } - authDir := strings.TrimSpace(h.cfg.AuthDir) - if authDir == "" { - return "", fmt.Errorf("auth directory not configured") - } - cleanAuthDir, err := filepath.Abs(filepath.Clean(authDir)) - if err != nil { - return "", fmt.Errorf("resolve auth dir: %w", err) - } - if resolvedDir, err := filepath.EvalSymlinks(cleanAuthDir); err == nil { - cleanAuthDir = resolvedDir - } - cleanPath := filepath.Clean(path) - absPath := cleanPath - if !filepath.IsAbs(absPath) { - absPath = filepath.Join(cleanAuthDir, cleanPath) - } - absPath, err = filepath.Abs(absPath) - if err != nil { - return "", fmt.Errorf("resolve auth path: %w", err) - } - relPath, err := filepath.Rel(cleanAuthDir, absPath) - if err != nil { - return "", fmt.Errorf("resolve relative auth path: %w", err) - } - if relPath == ".." || strings.HasPrefix(relPath, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("auth path escapes auth directory") - } - return absPath, nil -} - -func (h *Handler) registerAuthFromFile(ctx context.Context, path string, data []byte) error { - if h.authManager == nil { - return nil - } - safePath, err := h.resolveAuthPath(path) - if err != nil { - return err - } - if data == nil { - data, err = os.ReadFile(safePath) - if err != nil { - return fmt.Errorf("failed to read auth file: %w", err) - } - } - metadata := make(map[string]any) - if err := json.Unmarshal(data, &metadata); err != nil { - return fmt.Errorf("invalid auth file: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - label := provider - if email, ok := metadata["email"].(string); ok && email != "" { - label = email - } - lastRefresh, hasLastRefresh := extractLastRefreshTimestamp(metadata) - - authID := h.authIDForPath(safePath) - if authID == "" { - authID = safePath - } - attr := map[string]string{ - "path": safePath, - "source": safePath, - } - auth := &coreauth.Auth{ - ID: authID, - Provider: provider, - FileName: filepath.Base(safePath), - Label: label, - Status: coreauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: time.Now(), - UpdatedAt: time.Now(), - } - if hasLastRefresh { - auth.LastRefreshedAt = lastRefresh - } - if existing, ok := h.authManager.GetByID(authID); ok { - auth.CreatedAt = existing.CreatedAt - if !hasLastRefresh { - auth.LastRefreshedAt = existing.LastRefreshedAt - } - auth.NextRefreshAfter = existing.NextRefreshAfter - if len(auth.ModelStates) == 0 && len(existing.ModelStates) > 0 { - auth.ModelStates = existing.ModelStates - } - auth.Runtime = existing.Runtime - _, err = h.authManager.Update(ctx, auth) - return err - } - _, err = h.authManager.Register(ctx, auth) - return err -} - -// PatchAuthFileStatus toggles the disabled state of an auth file -func (h *Handler) PatchAuthFileStatus(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - - var req struct { - Name string `json:"name"` - Disabled *bool `json:"disabled"` - Enabled *bool `json:"enabled"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"}) - return - } - - name := strings.TrimSpace(req.Name) - if name == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "name is required"}) - return - } - if req.Disabled == nil && req.Enabled == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "disabled or enabled is required"}) - return - } - desiredDisabled := false - if req.Disabled != nil { - desiredDisabled = *req.Disabled - } else { - desiredDisabled = !*req.Enabled - } - - ctx := c.Request.Context() - - targetAuth := h.findAuthByIdentifier(name) - - if targetAuth == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "auth file not found"}) - return - } - - // Update disabled state - targetAuth.Disabled = desiredDisabled - if desiredDisabled { - targetAuth.Status = coreauth.StatusDisabled - targetAuth.StatusMessage = "disabled via management API" - } else { - targetAuth.Status = coreauth.StatusActive - targetAuth.StatusMessage = "" - } - targetAuth.UpdatedAt = time.Now() - - if _, err := h.authManager.Update(ctx, targetAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to update auth: %v", err)}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok", "disabled": desiredDisabled}) -} - -func (h *Handler) findAuthByIdentifier(name string) *coreauth.Auth { - name = strings.TrimSpace(name) - if name == "" || h.authManager == nil { - return nil - } - if auth, ok := h.authManager.GetByID(name); ok { - return auth - } - for _, auth := range h.authManager.List() { - if auth.FileName == name || filepath.Base(auth.FileName) == name { - return auth - } - if pathVal, ok := auth.Attributes["path"]; ok && (pathVal == name || filepath.Base(pathVal) == name) { - return auth - } - if sourceVal, ok := auth.Attributes["source"]; ok && (sourceVal == name || filepath.Base(sourceVal) == name) { - return auth - } - } - return nil -} - -// PatchAuthFileFields updates editable fields (prefix, proxy_url, priority) of an auth file. -func (h *Handler) PatchAuthFileFields(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - - var req struct { - Name string `json:"name"` - Prefix *string `json:"prefix"` - ProxyURL *string `json:"proxy_url"` - Priority *int `json:"priority"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"}) - return - } - - name := strings.TrimSpace(req.Name) - if name == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "name is required"}) - return - } - - ctx := c.Request.Context() - - targetAuth := h.findAuthByIdentifier(name) - - if targetAuth == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "auth file not found"}) - return - } - - changed := false - if req.Prefix != nil { - targetAuth.Prefix = *req.Prefix - changed = true - } - if req.ProxyURL != nil { - targetAuth.ProxyURL = *req.ProxyURL - changed = true - } - if req.Priority != nil { - if targetAuth.Metadata == nil { - targetAuth.Metadata = make(map[string]any) - } - if *req.Priority == 0 { - delete(targetAuth.Metadata, "priority") - } else { - targetAuth.Metadata["priority"] = *req.Priority - } - changed = true - } - - if !changed { - c.JSON(http.StatusBadRequest, gin.H{"error": "no fields to update"}) - return - } - - targetAuth.UpdatedAt = time.Now() - - if _, err := h.authManager.Update(ctx, targetAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to update auth: %v", err)}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} - -func (h *Handler) disableAuth(ctx context.Context, id string) { - if h == nil || h.authManager == nil { - return - } - authID := h.authIDForPath(id) - if authID == "" { - authID = strings.TrimSpace(id) - } - if authID == "" { - return - } - if auth, ok := h.authManager.GetByID(authID); ok { - auth.Disabled = true - auth.Status = coreauth.StatusDisabled - auth.StatusMessage = "removed via management API" - auth.UpdatedAt = time.Now() - _, _ = h.authManager.Update(ctx, auth) - } -} - -func (h *Handler) deleteTokenRecord(ctx context.Context, path string) error { - if strings.TrimSpace(path) == "" { - return fmt.Errorf("auth path is empty") - } - store := h.tokenStoreWithBaseDir() - if store == nil { - return fmt.Errorf("token store unavailable") - } - return store.Delete(ctx, path) -} - -func (h *Handler) tokenStoreWithBaseDir() coreauth.Store { - if h == nil { - return nil - } - store := h.tokenStore - if store == nil { - store = sdkAuth.GetTokenStore() - h.tokenStore = store - } - if h.cfg != nil { - if dirSetter, ok := store.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(h.cfg.AuthDir) - } - } - return store -} - -func (h *Handler) saveTokenRecord(ctx context.Context, record *coreauth.Auth) (string, error) { - if record == nil { - return "", fmt.Errorf("token record is nil") - } - store := h.tokenStoreWithBaseDir() - if store == nil { - return "", fmt.Errorf("token store unavailable") - } - return store.Save(ctx, record) -} - -func (h *Handler) RequestAnthropicToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Claude authentication...") - - // Generate PKCE codes - pkceCodes, err := claude.GeneratePKCECodes() - if err != nil { - log.Errorf("Failed to generate PKCE codes: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"}) - return - } - - // Generate random state parameter - state, err := misc.GenerateRandomState() - if err != nil { - log.Errorf("Failed to generate state parameter: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - // Initialize Claude auth service - anthropicAuth := claude.NewClaudeAuth(h.cfg, http.DefaultClient) - - // Generate authorization URL (then override redirect_uri to reuse server port) - authURL, state, err := anthropicAuth.GenerateAuthURL(state, pkceCodes) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - - RegisterOAuthSession(state, "anthropic") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/anthropic/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute anthropic callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(anthropicCallbackPort, "anthropic", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start anthropic callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(anthropicCallbackPort, forwarder) - } - - // Helper: wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-anthropic-%s.oauth", state)) - waitForFile := func(path string, timeout time.Duration) (map[string]string, error) { - deadline := time.Now().Add(timeout) - for { - if !IsOAuthSessionPending(state, "anthropic") { - return nil, errOAuthSessionNotPending - } - if time.Now().After(deadline) { - SetOAuthSessionError(state, "Timeout waiting for OAuth callback") - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } - data, errRead := os.ReadFile(path) - if errRead == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(path) - return m, nil - } - time.Sleep(500 * time.Millisecond) - } - } - - fmt.Println("Waiting for authentication callback...") - // Wait up to 5 minutes - resultMap, errWait := waitForFile(waitFile, 5*time.Minute) - if errWait != nil { - if errors.Is(errWait, errOAuthSessionNotPending) { - return - } - authErr := claude.NewAuthenticationError(claude.ErrCallbackTimeout, errWait) - log.Error(claude.GetUserFriendlyMessage(authErr)) - return - } - if errStr := resultMap["error"]; errStr != "" { - oauthErr := claude.NewOAuthError(errStr, "", http.StatusBadRequest) - log.Error(claude.GetUserFriendlyMessage(oauthErr)) - SetOAuthSessionError(state, "Bad request") - return - } - if resultMap["state"] != state { - authErr := claude.NewAuthenticationError(claude.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, resultMap["state"])) - log.Error(claude.GetUserFriendlyMessage(authErr)) - SetOAuthSessionError(state, "State code error") - return - } - - // Parse code (Claude may append state after '#') - rawCode := resultMap["code"] - code := strings.Split(rawCode, "#")[0] - - // Exchange code for tokens using internal auth service - bundle, errExchange := anthropicAuth.ExchangeCodeForTokens(ctx, code, state, pkceCodes) - if errExchange != nil { - authErr := claude.NewAuthenticationError(claude.ErrCodeExchangeFailed, errExchange) - log.Errorf("Failed to exchange authorization code for tokens: %v", authErr) - SetOAuthSessionError(state, "Failed to exchange authorization code for tokens") - return - } - - // Create token storage - tokenStorage := anthropicAuth.CreateTokenStorage(bundle) - record := &coreauth.Auth{ - ID: fmt.Sprintf("claude-%s.json", tokenStorage.Email), - Provider: "claude", - FileName: fmt.Sprintf("claude-%s.json", tokenStorage.Email), - Storage: tokenStorage, - Metadata: map[string]any{"email": tokenStorage.Email}, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if bundle.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use Claude services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("anthropic") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { - ctx := context.Background() - proxyHTTPClient := util.SetProxy(&h.cfg.SDKConfig, &http.Client{}) - ctx = context.WithValue(ctx, oauth2.HTTPClient, proxyHTTPClient) - - // Optional project ID from query - projectID := c.Query("project_id") - - fmt.Println("Initializing Google authentication...") - - // OAuth2 configuration using exported constants from pkg/llmproxy/auth/gemini - conf := &oauth2.Config{ - ClientID: geminiAuth.ClientID, - ClientSecret: geminiAuth.ClientSecret, - RedirectURL: fmt.Sprintf("http://localhost:%d/oauth2callback", geminiAuth.DefaultCallbackPort), - Scopes: geminiAuth.Scopes, - Endpoint: google.Endpoint, - } - - // Build authorization URL and return it immediately - state := fmt.Sprintf("gem-%d", time.Now().UnixNano()) - authURL := conf.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")) - - RegisterOAuthSession(state, "gemini") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/google/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute gemini callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(geminiCallbackPort, "gemini", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start gemini callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(geminiCallbackPort, forwarder) - } - - // Wait for callback file written by server route - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-gemini-%s.oauth", state)) - fmt.Println("Waiting for authentication callback...") - deadline := time.Now().Add(5 * time.Minute) - var authCode string - for { - if !IsOAuthSessionPending(state, "gemini") { - return - } - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - authCode = m["code"] - if authCode == "" { - log.Errorf("Authentication failed: code not found") - SetOAuthSessionError(state, "Authentication failed: code not found") - return - } - break - } - time.Sleep(500 * time.Millisecond) - } - - // Exchange authorization code for token - token, err := conf.Exchange(ctx, authCode) - if err != nil { - log.Errorf("Failed to exchange token: %v", err) - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - requestedProjectID := strings.TrimSpace(projectID) - - // Create token storage (mirrors pkg/llmproxy/auth/gemini createTokenStorage) - authHTTPClient := conf.Client(ctx, token) - req, errNewRequest := http.NewRequestWithContext(ctx, "GET", "https://www.googleapis.com/oauth2/v1/userinfo?alt=json", nil) - if errNewRequest != nil { - log.Errorf("Could not get user info: %v", errNewRequest) - SetOAuthSessionError(state, "Could not get user info") - return - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken)) - - resp, errDo := authHTTPClient.Do(req) - if errDo != nil { - log.Errorf("Failed to execute request: %v", errDo) - SetOAuthSessionError(state, "Failed to execute request") - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Printf("warn: failed to close response body: %v", errClose) - } - }() - - bodyBytes, _ := io.ReadAll(resp.Body) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - log.Errorf("Get user info request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - SetOAuthSessionError(state, fmt.Sprintf("Get user info request failed with status %d", resp.StatusCode)) - return - } - - email := gjson.GetBytes(bodyBytes, "email").String() - if email != "" { - fmt.Printf("Authenticated user email: %s\n", email) - } else { - fmt.Println("Failed to get user email from token") - } - - // Marshal/unmarshal oauth2.Token to generic map and enrich fields - var ifToken map[string]any - jsonData, _ := json.Marshal(token) - if errUnmarshal := json.Unmarshal(jsonData, &ifToken); errUnmarshal != nil { - log.Errorf("Failed to unmarshal token: %v", errUnmarshal) - SetOAuthSessionError(state, "Failed to unmarshal token") - return - } - - ifToken["token_uri"] = "https://oauth2.googleapis.com/token" - ifToken["client_id"] = geminiAuth.ClientID - ifToken["client_secret"] = geminiAuth.ClientSecret - ifToken["scopes"] = geminiAuth.Scopes - ifToken["universe_domain"] = "googleapis.com" - - ts := geminiAuth.GeminiTokenStorage{ - Token: ifToken, - ProjectID: requestedProjectID, - Email: email, - Auto: requestedProjectID == "", - } - - // Initialize authenticated HTTP client via GeminiAuth to honor proxy settings - gemAuth := geminiAuth.NewGeminiAuth() - gemClient, errGetClient := gemAuth.GetAuthenticatedClient(ctx, &ts, h.cfg, &geminiAuth.WebLoginOptions{ - NoBrowser: true, - }) - if errGetClient != nil { - log.Errorf("failed to get authenticated client: %v", errGetClient) - SetOAuthSessionError(state, "Failed to get authenticated client") - return - } - fmt.Println("Authentication successful.") - - if strings.EqualFold(requestedProjectID, "ALL") { - ts.Auto = false - projects, errAll := onboardAllGeminiProjects(ctx, gemClient, &ts) - if errAll != nil { - log.Errorf("Failed to complete Gemini CLI onboarding: %v", errAll) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") - return - } - if errVerify := ensureGeminiProjectsEnabled(ctx, gemClient, projects); errVerify != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errVerify) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.ProjectID = strings.Join(projects, ",") - ts.Checked = true - } else if strings.EqualFold(requestedProjectID, "GOOGLE_ONE") { - ts.Auto = false - if errSetup := performGeminiCLISetup(ctx, gemClient, &ts, ""); errSetup != nil { - log.Errorf("Google One auto-discovery failed: %v", errSetup) - SetOAuthSessionError(state, "Google One auto-discovery failed") - return - } - if strings.TrimSpace(ts.ProjectID) == "" { - log.Error("Google One auto-discovery returned empty project ID") - SetOAuthSessionError(state, "Google One auto-discovery returned empty project ID") - return - } - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) - if errCheck != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.Checked = isChecked - if !isChecked { - log.Error("Cloud AI API is not enabled for the auto-discovered project") - SetOAuthSessionError(state, "Cloud AI API not enabled") - return - } - } else { - if errEnsure := ensureGeminiProjectAndOnboard(ctx, gemClient, &ts, requestedProjectID); errEnsure != nil { - log.Errorf("Failed to complete Gemini CLI onboarding: %v", errEnsure) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") - return - } - - if strings.TrimSpace(ts.ProjectID) == "" { - log.Error("Onboarding did not return a project ID") - SetOAuthSessionError(state, "Failed to resolve project ID") - return - } - - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) - if errCheck != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.Checked = isChecked - if !isChecked { - log.Error("Cloud AI API is not enabled for the selected project") - SetOAuthSessionError(state, "Cloud AI API not enabled") - return - } - } - - recordMetadata := map[string]any{ - "email": ts.Email, - "project_id": ts.ProjectID, - "auto": ts.Auto, - "checked": ts.Checked, - } - - fileName := geminiAuth.CredentialFileName(ts.Email, ts.ProjectID, true) - record := &coreauth.Auth{ - ID: fileName, - Provider: "gemini", - FileName: fileName, - Storage: &ts, - Metadata: recordMetadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - SetOAuthSessionError(state, "Failed to save token to file") - return - } - - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("gemini") - fmt.Printf("You can now use Gemini CLI services through this CLI; token saved to %s\n", savedPath) - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestCodexToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Codex authentication...") - - // Generate PKCE codes - pkceCodes, err := codex.GeneratePKCECodes() - if err != nil { - log.Errorf("Failed to generate PKCE codes: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"}) - return - } - - // Generate random state parameter - state, err := misc.GenerateRandomState() - if err != nil { - log.Errorf("Failed to generate state parameter: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - // Initialize Codex auth service - openaiAuth := codex.NewCodexAuth(h.cfg) - - // Generate authorization URL - authURL, err := openaiAuth.GenerateAuthURL(state, pkceCodes) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - - RegisterOAuthSession(state, "codex") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/codex/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute codex callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(codexCallbackPort, "codex", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start codex callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(codexCallbackPort, forwarder) - } - - // Wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-codex-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var code string - for { - if !IsOAuthSessionPending(state, "codex") { - return - } - if time.Now().After(deadline) { - authErr := codex.NewAuthenticationError(codex.ErrCallbackTimeout, fmt.Errorf("timeout waiting for OAuth callback")) - log.Error(codex.GetUserFriendlyMessage(authErr)) - SetOAuthSessionError(state, "Timeout waiting for OAuth callback") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - oauthErr := codex.NewOAuthError(errStr, "", http.StatusBadRequest) - log.Error(codex.GetUserFriendlyMessage(oauthErr)) - SetOAuthSessionError(state, "Bad Request") - return - } - if m["state"] != state { - authErr := codex.NewAuthenticationError(codex.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, m["state"])) - SetOAuthSessionError(state, "State code error") - log.Error(codex.GetUserFriendlyMessage(authErr)) - return - } - code = m["code"] - break - } - time.Sleep(500 * time.Millisecond) - } - - log.Debug("Authorization code received, exchanging for tokens...") - // Exchange code for tokens using internal auth service - bundle, errExchange := openaiAuth.ExchangeCodeForTokens(ctx, code, pkceCodes) - if errExchange != nil { - authErr := codex.NewAuthenticationError(codex.ErrCodeExchangeFailed, errExchange) - SetOAuthSessionError(state, "Failed to exchange authorization code for tokens") - log.Errorf("Failed to exchange authorization code for tokens: %v", authErr) - return - } - - // Extract additional info for filename generation - claims, _ := codex.ParseJWTToken(bundle.TokenData.IDToken) - planType := "" - hashAccountID := "" - if claims != nil { - planType = strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType) - if accountID := claims.GetAccountID(); accountID != "" { - digest := sha256.Sum256([]byte(accountID)) - hashAccountID = hex.EncodeToString(digest[:])[:8] - } - } - - // Create token storage and persist - tokenStorage := openaiAuth.CreateTokenStorage(bundle) - fileName := codex.CredentialFileName(tokenStorage.Email, planType, hashAccountID, true) - record := &coreauth.Auth{ - ID: fileName, - Provider: "codex", - FileName: fileName, - Storage: tokenStorage, - Metadata: map[string]any{ - "email": tokenStorage.Email, - "account_id": tokenStorage.AccountID, - }, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - SetOAuthSessionError(state, "Failed to save authentication tokens") - log.Errorf("Failed to save authentication tokens: %v", errSave) - return - } - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if bundle.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use Codex services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("codex") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestAntigravityToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Antigravity authentication...") - - authSvc := antigravity.NewAntigravityAuth(h.cfg, nil) - - state, errState := misc.GenerateRandomState() - if errState != nil { - log.Errorf("Failed to generate state parameter: %v", errState) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - redirectURI := fmt.Sprintf("http://localhost:%d/oauth-callback", antigravity.CallbackPort) - authURL := authSvc.BuildAuthURL(state, redirectURI) - - RegisterOAuthSession(state, "antigravity") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/antigravity/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute antigravity callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(antigravity.CallbackPort, "antigravity", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start antigravity callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(antigravity.CallbackPort, forwarder) - } - - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-antigravity-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var authCode string - for { - if !IsOAuthSessionPending(state, "antigravity") { - return - } - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errReadFile := os.ReadFile(waitFile); errReadFile == nil { - var payload map[string]string - _ = json.Unmarshal(data, &payload) - _ = os.Remove(waitFile) - if errStr := strings.TrimSpace(payload["error"]); errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - if payloadState := strings.TrimSpace(payload["state"]); payloadState != "" && payloadState != state { - log.Errorf("Authentication failed: state mismatch") - SetOAuthSessionError(state, "Authentication failed: state mismatch") - return - } - authCode = strings.TrimSpace(payload["code"]) - if authCode == "" { - log.Error("Authentication failed: code not found") - SetOAuthSessionError(state, "Authentication failed: code not found") - return - } - break - } - time.Sleep(500 * time.Millisecond) - } - - tokenResp, errToken := authSvc.ExchangeCodeForTokens(ctx, authCode, redirectURI) - if errToken != nil { - log.Errorf("Failed to exchange token: %v", errToken) - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - accessToken := strings.TrimSpace(tokenResp.AccessToken) - if accessToken == "" { - log.Error("antigravity: token exchange returned empty access token") - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - email, errInfo := authSvc.FetchUserInfo(ctx, accessToken) - if errInfo != nil { - log.Errorf("Failed to fetch user info: %v", errInfo) - SetOAuthSessionError(state, "Failed to fetch user info") - return - } - email = strings.TrimSpace(email) - if email == "" { - log.Error("antigravity: user info returned empty email") - SetOAuthSessionError(state, "Failed to fetch user info") - return - } - - projectID := "" - if accessToken != "" { - fetchedProjectID, errProject := authSvc.FetchProjectID(ctx, accessToken) - if errProject != nil { - log.Warnf("antigravity: failed to fetch project ID: %v", errProject) - } else { - projectID = fetchedProjectID - log.Infof("antigravity: obtained project ID %s", projectID) - } - } - - now := time.Now() - metadata := map[string]any{ - "type": "antigravity", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_in": tokenResp.ExpiresIn, - "timestamp": now.UnixMilli(), - "expired": now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - if email != "" { - metadata["email"] = email - } - if projectID != "" { - metadata["project_id"] = projectID - } - - fileName := antigravity.CredentialFileName(email) - label := strings.TrimSpace(email) - if label == "" { - label = "antigravity" - } - - record := &coreauth.Auth{ - ID: fileName, - Provider: "antigravity", - FileName: fileName, - Label: label, - Metadata: metadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - SetOAuthSessionError(state, "Failed to save token to file") - return - } - - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("antigravity") - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if projectID != "" { - fmt.Printf("Using GCP project: %s\n", projectID) - } - fmt.Println("You can now use Antigravity services through this CLI") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestQwenToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Qwen authentication...") - - state := fmt.Sprintf("gem-%d", time.Now().UnixNano()) - // Initialize Qwen auth service - qwenAuth := qwen.NewQwenAuth(h.cfg, http.DefaultClient) - - // Generate authorization URL - deviceFlow, err := qwenAuth.InitiateDeviceFlow(ctx) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - authURL := deviceFlow.VerificationURIComplete - - RegisterOAuthSession(state, "qwen") - - go func() { - fmt.Println("Waiting for authentication...") - tokenData, errPollForToken := qwenAuth.PollForToken(deviceFlow.DeviceCode, deviceFlow.CodeVerifier) - if errPollForToken != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errPollForToken) - return - } - - // Create token storage - tokenStorage := qwenAuth.CreateTokenStorage(tokenData) - - tokenStorage.Email = fmt.Sprintf("%d", time.Now().UnixMilli()) - record := &coreauth.Auth{ - ID: fmt.Sprintf("qwen-%s.json", tokenStorage.Email), - Provider: "qwen", - FileName: fmt.Sprintf("qwen-%s.json", tokenStorage.Email), - Storage: tokenStorage, - Metadata: map[string]any{"email": tokenStorage.Email}, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use Qwen services through this CLI") - CompleteOAuthSession(state) - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestKimiToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Kimi authentication...") - - state := fmt.Sprintf("kmi-%d", time.Now().UnixNano()) - // Initialize Kimi auth service - kimiAuth := kimi.NewKimiAuth(h.cfg) - - // Generate authorization URL - deviceFlow, errStartDeviceFlow := kimiAuth.StartDeviceFlow(ctx) - if errStartDeviceFlow != nil { - log.Errorf("Failed to generate authorization URL: %v", errStartDeviceFlow) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - authURL := deviceFlow.VerificationURIComplete - if authURL == "" { - authURL = deviceFlow.VerificationURI - } - - RegisterOAuthSession(state, "kimi") - - go func() { - fmt.Println("Waiting for authentication...") - authBundle, errWaitForAuthorization := kimiAuth.WaitForAuthorization(ctx, deviceFlow) - if errWaitForAuthorization != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errWaitForAuthorization) - return - } - - // Create token storage - tokenStorage := kimiAuth.CreateTokenStorage(authBundle) - - metadata := map[string]any{ - "type": "kimi", - "access_token": authBundle.TokenData.AccessToken, - "refresh_token": authBundle.TokenData.RefreshToken, - "token_type": authBundle.TokenData.TokenType, - "scope": authBundle.TokenData.Scope, - "timestamp": time.Now().UnixMilli(), - } - if authBundle.TokenData.ExpiresAt > 0 { - expired := time.Unix(authBundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - metadata["expired"] = expired - } - if strings.TrimSpace(authBundle.DeviceID) != "" { - metadata["device_id"] = strings.TrimSpace(authBundle.DeviceID) - } - - fileName := fmt.Sprintf("kimi-%d.json", time.Now().UnixMilli()) - record := &coreauth.Auth{ - ID: fileName, - Provider: "kimi", - FileName: fileName, - Label: "Kimi User", - Storage: tokenStorage, - Metadata: metadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use Kimi services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("kimi") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestIFlowToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing iFlow authentication...") - - state := fmt.Sprintf("ifl-%d", time.Now().UnixNano()) - authSvc := iflowauth.NewIFlowAuth(h.cfg, http.DefaultClient) - authURL, redirectURI := authSvc.AuthorizationURL(state, iflowauth.CallbackPort) - - RegisterOAuthSession(state, "iflow") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/iflow/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute iflow callback target") - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(iflowauth.CallbackPort, "iflow", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start iflow callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(iflowauth.CallbackPort, forwarder) - } - fmt.Println("Waiting for authentication...") - - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-iflow-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var resultMap map[string]string - for { - if !IsOAuthSessionPending(state, "iflow") { - return - } - if time.Now().After(deadline) { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: timeout waiting for callback") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - _ = os.Remove(waitFile) - _ = json.Unmarshal(data, &resultMap) - break - } - time.Sleep(500 * time.Millisecond) - } - - if errStr := strings.TrimSpace(resultMap["error"]); errStr != "" { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %s\n", errStr) - return - } - if resultState := strings.TrimSpace(resultMap["state"]); resultState != state { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: state mismatch") - return - } - - code := strings.TrimSpace(resultMap["code"]) - if code == "" { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: code missing") - return - } - - tokenData, errExchange := authSvc.ExchangeCodeForTokens(ctx, code, redirectURI) - if errExchange != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errExchange) - return - } - - tokenStorage := authSvc.CreateTokenStorage(tokenData) - identifier := strings.TrimSpace(tokenStorage.Email) - if identifier == "" { - identifier = fmt.Sprintf("%d", time.Now().UnixMilli()) - tokenStorage.Email = identifier - } - record := &coreauth.Auth{ - ID: fmt.Sprintf("iflow-%s.json", identifier), - Provider: "iflow", - FileName: fmt.Sprintf("iflow-%s.json", identifier), - Storage: tokenStorage, - Metadata: map[string]any{"email": identifier, "api_key": tokenStorage.APIKey}, - Attributes: map[string]string{"api_key": tokenStorage.APIKey}, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - SetOAuthSessionError(state, "Failed to save authentication tokens") - log.Errorf("Failed to save authentication tokens: %v", errSave) - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if tokenStorage.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use iFlow services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("iflow") - }() - - c.JSON(http.StatusOK, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestGitHubToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing GitHub Copilot authentication...") - - state := fmt.Sprintf("gh-%d", time.Now().UnixNano()) - - // Initialize Copilot auth service - // We need to import "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/copilot" first if not present - // Assuming copilot package is imported as "copilot" - deviceClient := copilot.NewDeviceFlowClient(h.cfg) - - // Initiate device flow - deviceCode, err := deviceClient.RequestDeviceCode(ctx) - if err != nil { - log.Errorf("Failed to initiate device flow: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to initiate device flow"}) - return - } - - authURL := deviceCode.VerificationURI - userCode := deviceCode.UserCode - - RegisterOAuthSession(state, "github") - - go func() { - fmt.Printf("Please visit %s and enter code: %s\n", authURL, userCode) - - tokenData, errPoll := deviceClient.PollForToken(ctx, deviceCode) - if errPoll != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errPoll) - return - } - - username, errUser := deviceClient.FetchUserInfo(ctx, tokenData.AccessToken) - if errUser != nil { - log.Warnf("Failed to fetch user info: %v", errUser) - username = "github-user" - } - - tokenStorage := &copilot.CopilotTokenStorage{ - AccessToken: tokenData.AccessToken, - TokenType: tokenData.TokenType, - Scope: tokenData.Scope, - Username: username, - Type: "github-copilot", - } - - fileName := fmt.Sprintf("github-%s.json", username) - record := &coreauth.Auth{ - ID: fileName, - Provider: "github", - FileName: fileName, - Storage: tokenStorage, - Metadata: map[string]any{ - "email": username, - "username": username, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use GitHub Copilot services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("github") - }() - - c.JSON(200, gin.H{ - "status": "ok", - "url": authURL, - "state": state, - "user_code": userCode, - "verification_uri": authURL, - }) -} - -func (h *Handler) RequestIFlowCookieToken(c *gin.Context) { - ctx := context.Background() - - var payload struct { - Cookie string `json:"cookie"` - } - if err := c.ShouldBindJSON(&payload); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"}) - return - } - - cookieValue := strings.TrimSpace(payload.Cookie) - - if cookieValue == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"}) - return - } - - cookieValue, errNormalize := iflowauth.NormalizeCookie(cookieValue) - if errNormalize != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errNormalize.Error()}) - return - } - - // Check for duplicate BXAuth before authentication - bxAuth := iflowauth.ExtractBXAuth(cookieValue) - if existingFile, err := iflowauth.CheckDuplicateBXAuth(h.cfg.AuthDir, bxAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to check duplicate"}) - return - } else if existingFile != "" { - existingFileName := filepath.Base(existingFile) - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "duplicate BXAuth found", "existing_file": existingFileName}) - return - } - - authSvc := iflowauth.NewIFlowAuth(h.cfg, http.DefaultClient) - tokenData, errAuth := authSvc.AuthenticateWithCookie(ctx, cookieValue) - if errAuth != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errAuth.Error()}) - return - } - - tokenData.Cookie = cookieValue - - tokenStorage := authSvc.CreateCookieTokenStorage(tokenData) - email := strings.TrimSpace(tokenStorage.Email) - if email == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "failed to extract email from token"}) - return - } - - fileName := iflowauth.SanitizeIFlowFileName(email) - if fileName == "" { - fileName = fmt.Sprintf("iflow-%d", time.Now().UnixMilli()) - } else { - fileName = fmt.Sprintf("iflow-%s", fileName) - } - - tokenStorage.Email = email - timestamp := time.Now().Unix() - - record := &coreauth.Auth{ - ID: fmt.Sprintf("%s-%d.json", fileName, timestamp), - Provider: "iflow", - FileName: fmt.Sprintf("%s-%d.json", fileName, timestamp), - Storage: tokenStorage, - Metadata: map[string]any{ - "email": email, - "api_key": tokenStorage.APIKey, - "expires_at": tokenStorage.Expire, - "cookie": tokenStorage.Cookie, - "type": tokenStorage.Type, - "last_refresh": tokenStorage.LastRefresh, - }, - Attributes: map[string]string{ - "api_key": tokenStorage.APIKey, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to save authentication tokens"}) - return - } - - fmt.Printf("iFlow cookie authentication successful. Token saved to %s\n", savedPath) - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "saved_path": savedPath, - "email": email, - "expires_at": tokenStorage.Expire, - "type": tokenStorage.Type, - }) -} - -type projectSelectionRequiredError struct{} - -func (e *projectSelectionRequiredError) Error() string { - return "gemini cli: project selection required" -} - -func ensureGeminiProjectAndOnboard(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage, requestedProject string) error { - if storage == nil { - return fmt.Errorf("gemini storage is nil") - } - - trimmedRequest := strings.TrimSpace(requestedProject) - if trimmedRequest == "" { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - return fmt.Errorf("fetch project list: %w", errProjects) - } - if len(projects) == 0 { - return fmt.Errorf("no Google Cloud projects available for this account") - } - trimmedRequest = strings.TrimSpace(projects[0].ProjectID) - if trimmedRequest == "" { - return fmt.Errorf("resolved project id is empty") - } - storage.Auto = true - } else { - storage.Auto = false - } - - if err := performGeminiCLISetup(ctx, httpClient, storage, trimmedRequest); err != nil { - return err - } - - if strings.TrimSpace(storage.ProjectID) == "" { - storage.ProjectID = trimmedRequest - } - - return nil -} - -func onboardAllGeminiProjects(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage) ([]string, error) { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - return nil, fmt.Errorf("fetch project list: %w", errProjects) - } - if len(projects) == 0 { - return nil, fmt.Errorf("no Google Cloud projects available for this account") - } - activated := make([]string, 0, len(projects)) - seen := make(map[string]struct{}, len(projects)) - for _, project := range projects { - candidate := strings.TrimSpace(project.ProjectID) - if candidate == "" { - continue - } - if _, dup := seen[candidate]; dup { - continue - } - if err := performGeminiCLISetup(ctx, httpClient, storage, candidate); err != nil { - return nil, fmt.Errorf("onboard project %s: %w", candidate, err) - } - finalID := strings.TrimSpace(storage.ProjectID) - if finalID == "" { - finalID = candidate - } - activated = append(activated, finalID) - seen[candidate] = struct{}{} - } - if len(activated) == 0 { - return nil, fmt.Errorf("no Google Cloud projects available for this account") - } - return activated, nil -} - -func ensureGeminiProjectsEnabled(ctx context.Context, httpClient *http.Client, projectIDs []string) error { - for _, pid := range projectIDs { - trimmed := strings.TrimSpace(pid) - if trimmed == "" { - continue - } - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, httpClient, trimmed) - if errCheck != nil { - return fmt.Errorf("project %s: %w", trimmed, errCheck) - } - if !isChecked { - return fmt.Errorf("project %s: Cloud AI API not enabled", trimmed) - } - } - return nil -} - -func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage, requestedProject string) error { - metadata := map[string]string{ - "ideType": "IDE_UNSPECIFIED", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - } - - trimmedRequest := strings.TrimSpace(requestedProject) - explicitProject := trimmedRequest != "" - - loadReqBody := map[string]any{ - "metadata": metadata, - } - if explicitProject { - loadReqBody["cloudaicompanionProject"] = trimmedRequest - } - - var loadResp map[string]any - if errLoad := callGeminiCLI(ctx, httpClient, "loadCodeAssist", loadReqBody, &loadResp); errLoad != nil { - return fmt.Errorf("load code assist: %w", errLoad) - } - - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID := trimmedRequest - if projectID == "" { - if id, okProject := loadResp["cloudaicompanionProject"].(string); okProject { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, okProject := loadResp["cloudaicompanionProject"].(map[string]any); okProject { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - } - if projectID == "" { - // Auto-discovery: try onboardUser without specifying a project - // to let Google auto-provision one (matches Gemini CLI headless behavior - // and Antigravity's FetchProjectID pattern). - autoOnboardReq := map[string]any{ - "tierId": tierID, - "metadata": metadata, - } - - autoCtx, autoCancel := context.WithTimeout(ctx, 30*time.Second) - defer autoCancel() - for attempt := 1; ; attempt++ { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(autoCtx, httpClient, "onboardUser", autoOnboardReq, &onboardResp); errOnboard != nil { - return fmt.Errorf("auto-discovery onboardUser: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch v := resp["cloudaicompanionProject"].(type) { - case string: - projectID = strings.TrimSpace(v) - case map[string]any: - if id, okID := v["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - break - } - - log.Debugf("Auto-discovery: onboarding in progress, attempt %d...", attempt) - select { - case <-autoCtx.Done(): - return &projectSelectionRequiredError{} - case <-time.After(2 * time.Second): - } - } - - if projectID == "" { - return &projectSelectionRequiredError{} - } - log.Infof("Auto-discovered project ID via onboarding: %s", projectID) - } - - onboardReqBody := map[string]any{ - "tierId": tierID, - "metadata": metadata, - "cloudaicompanionProject": projectID, - } - - storage.ProjectID = projectID - - for { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(ctx, httpClient, "onboardUser", onboardReqBody, &onboardResp); errOnboard != nil { - return fmt.Errorf("onboard user: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - responseProjectID := "" - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch projectValue := resp["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - responseProjectID = strings.TrimSpace(id) - } - case string: - responseProjectID = strings.TrimSpace(projectValue) - } - } - - finalProjectID := projectID - if responseProjectID != "" { - if explicitProject && !strings.EqualFold(responseProjectID, projectID) { - // Check if this is a free user (gen-lang-client projects or free/legacy tier) - isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") || - strings.EqualFold(tierID, "FREE") || - strings.EqualFold(tierID, "LEGACY") - - if isFreeUser { - // For free users, use backend project ID for preview model access - log.Infof("Gemini onboarding: frontend project %s maps to backend project %s", projectID, responseProjectID) - log.Infof("Using backend project ID: %s (recommended for preview model access)", responseProjectID) - finalProjectID = responseProjectID - } else { - // Pro users: keep requested project ID (original behavior) - log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID) - } - } else { - finalProjectID = responseProjectID - } - } - - storage.ProjectID = strings.TrimSpace(finalProjectID) - if storage.ProjectID == "" { - storage.ProjectID = strings.TrimSpace(projectID) - } - if storage.ProjectID == "" { - return fmt.Errorf("onboard user completed without project id") - } - log.Infof("Onboarding complete. Using Project ID: %s", storage.ProjectID) - return nil - } - - log.Println("Onboarding in progress, waiting 5 seconds...") - time.Sleep(5 * time.Second) - } -} - -func callGeminiCLI(ctx context.Context, httpClient *http.Client, endpoint string, body any, result any) error { - endPointURL := fmt.Sprintf("%s/%s:%s", geminiCLIEndpoint, geminiCLIVersion, endpoint) - if strings.HasPrefix(endpoint, "operations/") { - endPointURL = fmt.Sprintf("%s/%s", geminiCLIEndpoint, endpoint) - } - - var reader io.Reader - if body != nil { - rawBody, errMarshal := json.Marshal(body) - if errMarshal != nil { - return fmt.Errorf("marshal request body: %w", errMarshal) - } - reader = bytes.NewReader(rawBody) - } - - req, errRequest := http.NewRequestWithContext(ctx, http.MethodPost, endPointURL, reader) - if errRequest != nil { - return fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - req.Header.Set("X-Goog-Api-Client", geminiCLIApiClient) - req.Header.Set("Client-Metadata", geminiCLIClientMetadata) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return fmt.Errorf("api request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - if result == nil { - _, _ = io.Copy(io.Discard, resp.Body) - return nil - } - - if errDecode := json.NewDecoder(resp.Body).Decode(result); errDecode != nil { - return fmt.Errorf("decode response body: %w", errDecode) - } - - return nil -} - -func fetchGCPProjects(ctx context.Context, httpClient *http.Client) ([]interfaces.GCPProjectProjects, error) { - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, "https://cloudresourcemanager.googleapis.com/v1/projects", nil) - if errRequest != nil { - return nil, fmt.Errorf("could not create project list request: %w", errRequest) - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("failed to execute project list request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, fmt.Errorf("project list request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var projects interfaces.GCPProject - if errDecode := json.NewDecoder(resp.Body).Decode(&projects); errDecode != nil { - return nil, fmt.Errorf("failed to unmarshal project list: %w", errDecode) - } - - return projects.Projects, nil -} - -func checkCloudAPIIsEnabled(ctx context.Context, httpClient *http.Client, projectID string) (bool, error) { - serviceUsageURL := "https://serviceusage.googleapis.com" - requiredServices := []string{ - "cloudaicompanion.googleapis.com", - } - for _, service := range requiredServices { - checkURL := fmt.Sprintf("%s/v1/projects/%s/services/%s", serviceUsageURL, projectID, service) - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, checkURL, nil) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo := httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - if resp.StatusCode == http.StatusOK { - bodyBytes, _ := io.ReadAll(resp.Body) - if gjson.GetBytes(bodyBytes, "state").String() == "ENABLED" { - _ = resp.Body.Close() - continue - } - } - _ = resp.Body.Close() - - enableURL := fmt.Sprintf("%s/v1/projects/%s/services/%s:enable", serviceUsageURL, projectID, service) - req, errRequest = http.NewRequestWithContext(ctx, http.MethodPost, enableURL, strings.NewReader("{}")) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo = httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - bodyBytes, _ := io.ReadAll(resp.Body) - errMessage := string(bodyBytes) - errMessageResult := gjson.GetBytes(bodyBytes, "error.message") - if errMessageResult.Exists() { - errMessage = errMessageResult.String() - } - if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated { - _ = resp.Body.Close() - continue - } else if resp.StatusCode == http.StatusBadRequest { - _ = resp.Body.Close() - if strings.Contains(strings.ToLower(errMessage), "already enabled") { - continue - } - } - _ = resp.Body.Close() - return false, fmt.Errorf("project activation required: %s", errMessage) - } - return true, nil -} - -func (h *Handler) GetAuthStatus(c *gin.Context) { - state := strings.TrimSpace(c.Query("state")) - if state == "" { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return - } - if err := ValidateOAuthState(state); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid state"}) - return - } - - _, status, ok := GetOAuthSession(state) - if !ok { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return - } - if status != "" { - if strings.HasPrefix(status, "device_code|") { - parts := strings.SplitN(status, "|", 3) - if len(parts) == 3 { - c.JSON(http.StatusOK, gin.H{ - "status": "device_code", - "verification_url": parts[1], - "user_code": parts[2], - }) - return - } - } - if strings.HasPrefix(status, "auth_url|") { - authURL := strings.TrimPrefix(status, "auth_url|") - c.JSON(http.StatusOK, gin.H{ - "status": "auth_url", - "url": authURL, - }) - return - } - c.JSON(http.StatusOK, gin.H{"status": "error", "error": status}) - return - } - c.JSON(http.StatusOK, gin.H{"status": "wait"}) -} - -const kiroCallbackPort = 9876 - -func (h *Handler) RequestKiroToken(c *gin.Context) { - ctx := context.Background() - - // Get the login method from query parameter (default: aws for device code flow) - method := strings.ToLower(strings.TrimSpace(c.Query("method"))) - if method == "" { - method = "aws" - } - - fmt.Println("Initializing Kiro authentication...") - - state := fmt.Sprintf("kiro-%d", time.Now().UnixNano()) - - switch method { - case "aws", "builder-id": - RegisterOAuthSession(state, "kiro") - - // AWS Builder ID uses device code flow (no callback needed) - go func() { - ssoClient := kiroauth.NewSSOOIDCClient(h.cfg) - - // Step 1: Register client - fmt.Println("Registering client...") - regResp, errRegister := ssoClient.RegisterClient(ctx) - if errRegister != nil { - log.Errorf("Failed to register client: %v", errRegister) - SetOAuthSessionError(state, "Failed to register client") - return - } - - // Step 2: Start device authorization - fmt.Println("Starting device authorization...") - authResp, errAuth := ssoClient.StartDeviceAuthorization(ctx, regResp.ClientID, regResp.ClientSecret) - if errAuth != nil { - log.Errorf("Failed to start device auth: %v", errAuth) - SetOAuthSessionError(state, "Failed to start device authorization") - return - } - - // Store the verification URL for the frontend to display. - // Using "|" as separator because URLs contain ":". - SetOAuthSessionError(state, "device_code|"+authResp.VerificationURIComplete+"|"+authResp.UserCode) - - // Step 3: Poll for token - fmt.Println("Waiting for authorization...") - interval := 5 * time.Second - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - SetOAuthSessionError(state, "Authorization cancelled") - return - case <-time.After(interval): - tokenResp, errToken := ssoClient.CreateToken(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode) - if errToken != nil { - errStr := errToken.Error() - if strings.Contains(errStr, "authorization_pending") { - continue - } - if strings.Contains(errStr, "slow_down") { - interval += 5 * time.Second - continue - } - log.Errorf("Token creation failed: %v", errToken) - SetOAuthSessionError(state, "Token creation failed") - return - } - - // Success! Save the token - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - email := kiroauth.ExtractEmailFromJWT(tokenResp.AccessToken) - - idPart := kiroauth.SanitizeEmailForFilename(email) - if idPart == "" { - idPart = fmt.Sprintf("%d", time.Now().UnixNano()%100000) - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-aws-%s.json", idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_at": expiresAt.Format(time.RFC3339), - "auth_method": "builder-id", - "provider": "AWS", - "client_id": regResp.ClientID, - "client_secret": regResp.ClientSecret, - "email": email, - "last_refresh": now.Format(time.RFC3339), - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if email != "" { - fmt.Printf("Authenticated as: %s\n", email) - } - CompleteOAuthSession(state) - return - } - } - - SetOAuthSessionError(state, "Authorization timed out") - }() - - // Return immediately with the state for polling - c.JSON(http.StatusOK, gin.H{"status": "ok", "state": state, "method": "device_code"}) - - case "google", "github": - RegisterOAuthSession(state, "kiro") - - // Social auth uses protocol handler - for WEB UI we use a callback forwarder - provider := "Google" - if method == "github" { - provider = "Github" - } - - isWebUI := isWebUIRequest(c) - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/kiro/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute kiro callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - if _, errStart := startCallbackForwarder(kiroCallbackPort, "kiro", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start kiro callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarder(kiroCallbackPort) - } - - socialClient := kiroauth.NewSocialAuthClient(h.cfg) - - // Generate PKCE codes - codeVerifier, codeChallenge, errPKCE := generateKiroPKCE() - if errPKCE != nil { - log.Errorf("Failed to generate PKCE: %v", errPKCE) - SetOAuthSessionError(state, "Failed to generate PKCE") - return - } - - // Build login URL - authURL := fmt.Sprintf("%s/login?idp=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256&state=%s&prompt=select_account", - "https://prod.us-east-1.auth.desktop.kiro.dev", - provider, - url.QueryEscape(kiroauth.KiroRedirectURI), - codeChallenge, - state, - ) - - // Store auth URL for frontend. - // Using "|" as separator because URLs contain ":". - SetOAuthSessionError(state, "auth_url|"+authURL) - - // Wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-kiro-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - - for { - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errRead := os.ReadFile(waitFile); errRead == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - if m["state"] != state { - log.Errorf("State mismatch") - SetOAuthSessionError(state, "State mismatch") - return - } - code := m["code"] - if code == "" { - log.Error("No authorization code received") - SetOAuthSessionError(state, "No authorization code received") - return - } - - // Exchange code for tokens - tokenReq := &kiroauth.CreateTokenRequest{ - Code: code, - CodeVerifier: codeVerifier, - RedirectURI: kiroauth.KiroRedirectURI, - } - - tokenResp, errToken := socialClient.CreateToken(ctx, tokenReq) - if errToken != nil { - log.Errorf("Failed to exchange code for tokens: %v", errToken) - SetOAuthSessionError(state, "Failed to exchange code for tokens") - return - } - - // Save the token - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - email := kiroauth.ExtractEmailFromJWT(tokenResp.AccessToken) - - idPart := kiroauth.SanitizeEmailForFilename(email) - if idPart == "" { - idPart = fmt.Sprintf("%d", time.Now().UnixNano()%100000) - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-%s-%s.json", strings.ToLower(provider), idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "profile_arn": tokenResp.ProfileArn, - "expires_at": expiresAt.Format(time.RFC3339), - "auth_method": "social", - "provider": provider, - "email": email, - "last_refresh": now.Format(time.RFC3339), - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if email != "" { - fmt.Printf("Authenticated as: %s\n", email) - } - CompleteOAuthSession(state) - return - } - time.Sleep(500 * time.Millisecond) - } - }() - - c.JSON(http.StatusOK, gin.H{"status": "ok", "state": state, "method": "social"}) - - default: - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid method, use 'aws', 'google', or 'github'"}) - } -} - -// generateKiroPKCE generates PKCE code verifier and challenge for Kiro OAuth. -func generateKiroPKCE() (verifier, challenge string, err error) { - b := make([]byte, 32) - if _, errRead := io.ReadFull(rand.Reader, b); errRead != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", errRead) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - - return verifier, challenge, nil -} - -func (h *Handler) RequestKiloToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Kilo authentication...") - - state := fmt.Sprintf("kil-%d", time.Now().UnixNano()) - kilocodeAuth := kilo.NewKiloAuth() - - resp, err := kilocodeAuth.InitiateDeviceFlow(ctx) - if err != nil { - log.Errorf("Failed to initiate device flow: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to initiate device flow"}) - return - } - - RegisterOAuthSession(state, "kilo") - - go func() { - fmt.Printf("Please visit %s and enter code: %s\n", resp.VerificationURL, resp.Code) - - status, err := kilocodeAuth.PollForToken(ctx, resp.Code) - if err != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", err) - return - } - - profile, err := kilocodeAuth.GetProfile(ctx, status.Token) - if err != nil { - log.Warnf("Failed to fetch profile: %v", err) - profile = &kilo.Profile{Email: status.UserEmail} - } - - var orgID string - if len(profile.Orgs) > 0 { - orgID = profile.Orgs[0].ID - } - - defaults, err := kilocodeAuth.GetDefaults(ctx, status.Token, orgID) - if err != nil { - defaults = &kilo.Defaults{} - } - - ts := &kilo.KiloTokenStorage{ - Token: status.Token, - OrganizationID: orgID, - Model: defaults.Model, - Email: status.UserEmail, - Type: "kilo", - } - - fileName := kilo.CredentialFileName(status.UserEmail) - record := &coreauth.Auth{ - ID: fileName, - Provider: "kilo", - FileName: fileName, - Storage: ts, - Metadata: map[string]any{ - "email": status.UserEmail, - "organization_id": orgID, - "model": defaults.Model, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("kilo") - }() - - c.JSON(200, gin.H{ - "status": "ok", - "url": resp.VerificationURL, - "state": state, - "user_code": resp.Code, - "verification_uri": resp.VerificationURL, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/auth_files_callback_forwarder_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/auth_files_callback_forwarder_test.go deleted file mode 100644 index 9ef810b3c9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/auth_files_callback_forwarder_test.go +++ /dev/null @@ -1,31 +0,0 @@ -package management - -import "testing" - -func TestValidateCallbackForwarderTargetAllowsLoopbackAndLocalhost(t *testing.T) { - cases := []string{ - "http://127.0.0.1:8080/callback", - "https://localhost:9999/callback?state=abc", - "http://[::1]:1455/callback", - } - for _, target := range cases { - if _, err := validateCallbackForwarderTarget(target); err != nil { - t.Fatalf("expected target %q to be allowed: %v", target, err) - } - } -} - -func TestValidateCallbackForwarderTargetRejectsNonLocalTargets(t *testing.T) { - cases := []string{ - "", - "/relative/callback", - "ftp://127.0.0.1/callback", - "http://example.com/callback", - "https://8.8.8.8/callback", - } - for _, target := range cases { - if _, err := validateCallbackForwarderTarget(target); err == nil { - t.Fatalf("expected target %q to be rejected", target) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_basic.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_basic.go deleted file mode 100644 index 7222570dcf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_basic.go +++ /dev/null @@ -1,333 +0,0 @@ -package management - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" -) - -const ( - latestReleaseURL = "https://api.github.com/repos/KooshaPari/cliproxyapi-plusplus/releases/latest" - latestReleaseUserAgent = "cliproxyapi++" -) - -var writeConfigFile = WriteConfig - -func (h *Handler) GetConfig(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{}) - return - } - c.JSON(200, new(*h.cfg)) -} - -type releaseInfo struct { - TagName string `json:"tag_name"` - Name string `json:"name"` -} - -// GetLatestVersion returns the latest release version from GitHub without downloading assets. -func (h *Handler) GetLatestVersion(c *gin.Context) { - client := &http.Client{Timeout: 10 * time.Second} - proxyURL := "" - if h != nil && h.cfg != nil { - proxyURL = strings.TrimSpace(h.cfg.ProxyURL) - } - if proxyURL != "" { - sdkCfg := &sdkconfig.SDKConfig{ProxyURL: proxyURL} - util.SetProxy(sdkCfg, client) - } - - req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, latestReleaseURL, nil) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "request_create_failed", "message": err.Error()}) - return - } - req.Header.Set("Accept", "application/vnd.github+json") - req.Header.Set("User-Agent", latestReleaseUserAgent) - - resp, err := client.Do(req) - if err != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "request_failed", "message": err.Error()}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.WithError(errClose).Debug("failed to close latest version response body") - } - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - c.JSON(http.StatusBadGateway, gin.H{"error": "unexpected_status", "message": fmt.Sprintf("status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))}) - return - } - - var info releaseInfo - if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "decode_failed", "message": errDecode.Error()}) - return - } - - version := strings.TrimSpace(info.TagName) - if version == "" { - version = strings.TrimSpace(info.Name) - } - if version == "" { - c.JSON(http.StatusBadGateway, gin.H{"error": "invalid_response", "message": "missing release version"}) - return - } - - c.JSON(http.StatusOK, gin.H{"latest-version": version}) -} - -func WriteConfig(path string, data []byte) error { - data = config.NormalizeCommentIndentation(data) - f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) - if err != nil { - return err - } - if _, errWrite := f.Write(data); errWrite != nil { - _ = f.Close() - return errWrite - } - if errSync := f.Sync(); errSync != nil { - _ = f.Close() - return errSync - } - return f.Close() -} - -func (h *Handler) PutConfigYAML(c *gin.Context) { - body, err := io.ReadAll(c.Request.Body) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": "cannot read request body"}) - return - } - var cfg config.Config - if err = yaml.Unmarshal(body, &cfg); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": err.Error()}) - return - } - // Validate config using LoadConfigOptional with optional=false to enforce parsing. - // Use the system temp dir so validation remains available even when config dir is read-only. - tmpFile, err := os.CreateTemp("", "config-validate-*.yaml") - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()}) - return - } - tempFile := tmpFile.Name() - if _, errWrite := tmpFile.Write(body); errWrite != nil { - _ = tmpFile.Close() - _ = os.Remove(tempFile) - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errWrite.Error()}) - return - } - if errClose := tmpFile.Close(); errClose != nil { - _ = os.Remove(tempFile) - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errClose.Error()}) - return - } - defer func() { - _ = os.Remove(tempFile) - }() - validatedCfg, err := config.LoadConfigOptional(tempFile, false) - if err != nil { - c.JSON(http.StatusUnprocessableEntity, gin.H{"error": "invalid_config", "message": err.Error()}) - return - } - h.mu.Lock() - defer h.mu.Unlock() - if errWrite := writeConfigFile(h.configFilePath, body); errWrite != nil { - if isReadOnlyConfigWriteError(errWrite) { - h.cfg = validatedCfg - c.JSON(http.StatusOK, gin.H{ - "ok": true, - "changed": []string{"config"}, - "persisted": false, - "warning": "config filesystem is read-only; runtime changes applied but not persisted", - }) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": "failed to write config"}) - return - } - h.cfg = validatedCfg - c.JSON(http.StatusOK, gin.H{"ok": true, "changed": []string{"config"}}) -} - -// GetConfigYAML returns the raw config.yaml file bytes without re-encoding. -// It preserves comments and original formatting/styles. -func (h *Handler) GetConfigYAML(c *gin.Context) { - data, err := os.ReadFile(h.configFilePath) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "not_found", "message": "config file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": "read_failed", "message": err.Error()}) - return - } - c.Header("Content-Type", "application/yaml; charset=utf-8") - c.Header("Cache-Control", "no-store") - c.Header("X-Content-Type-Options", "nosniff") - // Write raw bytes as-is - _, _ = c.Writer.Write(data) -} - -// Debug -func (h *Handler) GetDebug(c *gin.Context) { c.JSON(200, gin.H{"debug": h.cfg.Debug}) } -func (h *Handler) PutDebug(c *gin.Context) { h.updateBoolField(c, func(v bool) { h.cfg.Debug = v }) } - -// UsageStatisticsEnabled -func (h *Handler) GetUsageStatisticsEnabled(c *gin.Context) { - c.JSON(200, gin.H{"usage-statistics-enabled": h.cfg.UsageStatisticsEnabled}) -} -func (h *Handler) PutUsageStatisticsEnabled(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.UsageStatisticsEnabled = v }) -} - -// UsageStatisticsEnabled -func (h *Handler) GetLoggingToFile(c *gin.Context) { - c.JSON(200, gin.H{"logging-to-file": h.cfg.LoggingToFile}) -} -func (h *Handler) PutLoggingToFile(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.LoggingToFile = v }) -} - -// LogsMaxTotalSizeMB -func (h *Handler) GetLogsMaxTotalSizeMB(c *gin.Context) { - c.JSON(200, gin.H{"logs-max-total-size-mb": h.cfg.LogsMaxTotalSizeMB}) -} -func (h *Handler) PutLogsMaxTotalSizeMB(c *gin.Context) { - var body struct { - Value *int `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - value := *body.Value - if value < 0 { - value = 0 - } - h.cfg.LogsMaxTotalSizeMB = value - h.persist(c) -} - -// ErrorLogsMaxFiles -func (h *Handler) GetErrorLogsMaxFiles(c *gin.Context) { - c.JSON(200, gin.H{"error-logs-max-files": h.cfg.ErrorLogsMaxFiles}) -} -func (h *Handler) PutErrorLogsMaxFiles(c *gin.Context) { - var body struct { - Value *int `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - value := *body.Value - if value < 0 { - value = 10 - } - h.cfg.ErrorLogsMaxFiles = value - h.persist(c) -} - -// Request log -func (h *Handler) GetRequestLog(c *gin.Context) { c.JSON(200, gin.H{"request-log": h.cfg.RequestLog}) } -func (h *Handler) PutRequestLog(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.RequestLog = v }) -} - -// Websocket auth -func (h *Handler) GetWebsocketAuth(c *gin.Context) { - c.JSON(200, gin.H{"ws-auth": h.cfg.WebsocketAuth}) -} -func (h *Handler) PutWebsocketAuth(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.WebsocketAuth = v }) -} - -// Request retry -func (h *Handler) GetRequestRetry(c *gin.Context) { - c.JSON(200, gin.H{"request-retry": h.cfg.RequestRetry}) -} -func (h *Handler) PutRequestRetry(c *gin.Context) { - h.updateIntField(c, func(v int) { h.cfg.RequestRetry = v }) -} - -// Max retry interval -func (h *Handler) GetMaxRetryInterval(c *gin.Context) { - c.JSON(200, gin.H{"max-retry-interval": h.cfg.MaxRetryInterval}) -} -func (h *Handler) PutMaxRetryInterval(c *gin.Context) { - h.updateIntField(c, func(v int) { h.cfg.MaxRetryInterval = v }) -} - -// ForceModelPrefix -func (h *Handler) GetForceModelPrefix(c *gin.Context) { - c.JSON(200, gin.H{"force-model-prefix": h.cfg.ForceModelPrefix}) -} -func (h *Handler) PutForceModelPrefix(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.ForceModelPrefix = v }) -} - -func normalizeRoutingStrategy(strategy string) (string, bool) { - normalized := strings.ToLower(strings.TrimSpace(strategy)) - switch normalized { - case "", "round-robin", "round_robin", "roundrobin", "rr": - return "round-robin", true - case "fill-first", "fill_first", "fillfirst", "ff": - return "fill-first", true - default: - return "", false - } -} - -// RoutingStrategy -func (h *Handler) GetRoutingStrategy(c *gin.Context) { - strategy, ok := normalizeRoutingStrategy(h.cfg.Routing.Strategy) - if !ok { - c.JSON(200, gin.H{"strategy": strings.TrimSpace(h.cfg.Routing.Strategy)}) - return - } - c.JSON(200, gin.H{"strategy": strategy}) -} -func (h *Handler) PutRoutingStrategy(c *gin.Context) { - var body struct { - Value *string `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - normalized, ok := normalizeRoutingStrategy(*body.Value) - if !ok { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid strategy"}) - return - } - h.cfg.Routing.Strategy = normalized - h.persist(c) -} - -// Proxy URL -func (h *Handler) GetProxyURL(c *gin.Context) { c.JSON(200, gin.H{"proxy-url": h.cfg.ProxyURL}) } -func (h *Handler) PutProxyURL(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.ProxyURL = v }) -} -func (h *Handler) DeleteProxyURL(c *gin.Context) { - h.cfg.ProxyURL = "" - h.persist(c) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_basic_routing_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_basic_routing_test.go deleted file mode 100644 index cae410ae78..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_basic_routing_test.go +++ /dev/null @@ -1,29 +0,0 @@ -package management - -import "testing" - -func TestNormalizeRoutingStrategy_AcceptsFillFirstAliases(t *testing.T) { - tests := []string{ - "fill-first", - "fill_first", - "fillfirst", - "ff", - " Fill_First ", - } - - for _, input := range tests { - got, ok := normalizeRoutingStrategy(input) - if !ok { - t.Fatalf("normalizeRoutingStrategy(%q) was rejected", input) - } - if got != "fill-first" { - t.Fatalf("normalizeRoutingStrategy(%q) = %q, want %q", input, got, "fill-first") - } - } -} - -func TestNormalizeRoutingStrategy_RejectsUnknownAlias(t *testing.T) { - if got, ok := normalizeRoutingStrategy("fill-first-v2"); ok || got != "" { - t.Fatalf("normalizeRoutingStrategy() expected rejection, got=%q ok=%v", got, ok) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_lists.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_lists.go deleted file mode 100644 index 168b29e951..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/config_lists.go +++ /dev/null @@ -1,1368 +0,0 @@ -package management - -import ( - "encoding/json" - "fmt" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// Generic helpers for list[string] -func (h *Handler) putStringList(c *gin.Context, set func([]string), after func()) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []string - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []string `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - set(arr) - if after != nil { - after() - } - h.persist(c) -} - -func (h *Handler) patchStringList(c *gin.Context, target *[]string, after func()) { - var body struct { - Old *string `json:"old"` - New *string `json:"new"` - Index *int `json:"index"` - Value *string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - if body.Index != nil && body.Value != nil && *body.Index >= 0 && *body.Index < len(*target) { - (*target)[*body.Index] = *body.Value - if after != nil { - after() - } - h.persist(c) - return - } - if body.Old != nil && body.New != nil { - for i := range *target { - if (*target)[i] == *body.Old { - (*target)[i] = *body.New - if after != nil { - after() - } - h.persist(c) - return - } - } - *target = append(*target, *body.New) - if after != nil { - after() - } - h.persist(c) - return - } - c.JSON(400, gin.H{"error": "missing fields"}) -} - -func (h *Handler) deleteFromStringList(c *gin.Context, target *[]string, after func()) { - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(*target) { - *target = append((*target)[:idx], (*target)[idx+1:]...) - if after != nil { - after() - } - h.persist(c) - return - } - } - if val := strings.TrimSpace(c.Query("value")); val != "" { - out := make([]string, 0, len(*target)) - for _, v := range *target { - if strings.TrimSpace(v) != val { - out = append(out, v) - } - } - *target = out - if after != nil { - after() - } - h.persist(c) - return - } - c.JSON(400, gin.H{"error": "missing index or value"}) -} - -// api-keys -func (h *Handler) GetAPIKeys(c *gin.Context) { c.JSON(200, gin.H{"api-keys": h.cfg.APIKeys}) } -func (h *Handler) PutAPIKeys(c *gin.Context) { - h.putStringList(c, func(v []string) { - h.cfg.APIKeys = append([]string(nil), v...) - }, nil) -} -func (h *Handler) PatchAPIKeys(c *gin.Context) { - h.patchStringList(c, &h.cfg.APIKeys, func() {}) -} -func (h *Handler) DeleteAPIKeys(c *gin.Context) { - h.deleteFromStringList(c, &h.cfg.APIKeys, func() {}) -} - -// gemini-api-key: []GeminiKey -func (h *Handler) GetGeminiKeys(c *gin.Context) { - c.JSON(200, gin.H{"gemini-api-key": h.cfg.GeminiKey}) -} -func (h *Handler) PutGeminiKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.GeminiKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.GeminiKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - h.cfg.GeminiKey = append([]config.GeminiKey(nil), arr...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) -} -func (h *Handler) PatchGeminiKey(c *gin.Context) { - type geminiKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *geminiKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.GeminiKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - if match != "" { - for i := range h.cfg.GeminiKey { - if h.cfg.GeminiKey[i].APIKey == match { - targetIndex = i - break - } - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.GeminiKey[targetIndex] - if body.Value.APIKey != nil { - trimmed := strings.TrimSpace(*body.Value.APIKey) - if trimmed == "" { - h.cfg.GeminiKey = append(h.cfg.GeminiKey[:targetIndex], h.cfg.GeminiKey[targetIndex+1:]...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) - return - } - entry.APIKey = trimmed - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - entry.BaseURL = strings.TrimSpace(*body.Value.BaseURL) - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - h.cfg.GeminiKey[targetIndex] = entry - h.cfg.SanitizeGeminiKeys() - h.persist(c) -} - -func (h *Handler) DeleteGeminiKey(c *gin.Context) { - if val := strings.TrimSpace(c.Query("api-key")); val != "" { - out := make([]config.GeminiKey, 0, len(h.cfg.GeminiKey)) - for _, v := range h.cfg.GeminiKey { - if v.APIKey != val { - out = append(out, v) - } - } - if len(out) != len(h.cfg.GeminiKey) { - h.cfg.GeminiKey = out - h.cfg.SanitizeGeminiKeys() - h.persist(c) - } else { - c.JSON(404, gin.H{"error": "item not found"}) - } - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - if _, err := fmt.Sscanf(idxStr, "%d", &idx); err == nil && idx >= 0 && idx < len(h.cfg.GeminiKey) { - h.cfg.GeminiKey = append(h.cfg.GeminiKey[:idx], h.cfg.GeminiKey[idx+1:]...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// claude-api-key: []ClaudeKey -func (h *Handler) GetClaudeKeys(c *gin.Context) { - c.JSON(200, gin.H{"claude-api-key": h.cfg.ClaudeKey}) -} -func (h *Handler) PutClaudeKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.ClaudeKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.ClaudeKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - for i := range arr { - normalizeClaudeKey(&arr[i]) - } - h.cfg.ClaudeKey = arr - h.cfg.SanitizeClaudeKeys() - h.persist(c) -} -func (h *Handler) PatchClaudeKey(c *gin.Context) { - type claudeKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Models *[]config.ClaudeModel `json:"models"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *claudeKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.ClaudeKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - for i := range h.cfg.ClaudeKey { - if h.cfg.ClaudeKey[i].APIKey == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.ClaudeKey[targetIndex] - if body.Value.APIKey != nil { - entry.APIKey = strings.TrimSpace(*body.Value.APIKey) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - entry.BaseURL = strings.TrimSpace(*body.Value.BaseURL) - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Models != nil { - entry.Models = append([]config.ClaudeModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - normalizeClaudeKey(&entry) - h.cfg.ClaudeKey[targetIndex] = entry - h.cfg.SanitizeClaudeKeys() - h.persist(c) -} - -func (h *Handler) DeleteClaudeKey(c *gin.Context) { - if val := c.Query("api-key"); val != "" { - out := make([]config.ClaudeKey, 0, len(h.cfg.ClaudeKey)) - for _, v := range h.cfg.ClaudeKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.ClaudeKey = out - h.cfg.SanitizeClaudeKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.ClaudeKey) { - h.cfg.ClaudeKey = append(h.cfg.ClaudeKey[:idx], h.cfg.ClaudeKey[idx+1:]...) - h.cfg.SanitizeClaudeKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// openai-compatibility: []OpenAICompatibility -func (h *Handler) GetOpenAICompat(c *gin.Context) { - c.JSON(200, gin.H{"openai-compatibility": normalizedOpenAICompatibilityEntries(h.cfg.OpenAICompatibility)}) -} -func (h *Handler) PutOpenAICompat(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.OpenAICompatibility - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.OpenAICompatibility `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - filtered := make([]config.OpenAICompatibility, 0, len(arr)) - for i := range arr { - normalizeOpenAICompatibilityEntry(&arr[i]) - if strings.TrimSpace(arr[i].BaseURL) != "" { - filtered = append(filtered, arr[i]) - } - } - h.cfg.OpenAICompatibility = filtered - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) -} -func (h *Handler) PatchOpenAICompat(c *gin.Context) { - type openAICompatPatch struct { - Name *string `json:"name"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - APIKeyEntries *[]config.OpenAICompatibilityAPIKey `json:"api-key-entries"` - Models *[]config.OpenAICompatibilityModel `json:"models"` - Headers *map[string]string `json:"headers"` - } - var body struct { - Name *string `json:"name"` - Index *int `json:"index"` - Value *openAICompatPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.OpenAICompatibility) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Name != nil { - match := strings.TrimSpace(*body.Name) - for i := range h.cfg.OpenAICompatibility { - if h.cfg.OpenAICompatibility[i].Name == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.OpenAICompatibility[targetIndex] - if body.Value.Name != nil { - entry.Name = strings.TrimSpace(*body.Value.Name) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:targetIndex], h.cfg.OpenAICompatibility[targetIndex+1:]...) - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.APIKeyEntries != nil { - entry.APIKeyEntries = append([]config.OpenAICompatibilityAPIKey(nil), (*body.Value.APIKeyEntries)...) - } - if body.Value.Models != nil { - entry.Models = append([]config.OpenAICompatibilityModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - normalizeOpenAICompatibilityEntry(&entry) - h.cfg.OpenAICompatibility[targetIndex] = entry - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) -} - -func (h *Handler) DeleteOpenAICompat(c *gin.Context) { - if name := c.Query("name"); name != "" { - out := make([]config.OpenAICompatibility, 0, len(h.cfg.OpenAICompatibility)) - for _, v := range h.cfg.OpenAICompatibility { - if v.Name != name { - out = append(out, v) - } - } - h.cfg.OpenAICompatibility = out - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.OpenAICompatibility) { - h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:idx], h.cfg.OpenAICompatibility[idx+1:]...) - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing name or index"}) -} - -// vertex-api-key: []VertexCompatKey -func (h *Handler) GetVertexCompatKeys(c *gin.Context) { - c.JSON(200, gin.H{"vertex-api-key": h.cfg.VertexCompatAPIKey}) -} -func (h *Handler) PutVertexCompatKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.VertexCompatKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.VertexCompatKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - for i := range arr { - normalizeVertexCompatKey(&arr[i]) - } - h.cfg.VertexCompatAPIKey = arr - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) -} -func (h *Handler) PatchVertexCompatKey(c *gin.Context) { - type vertexCompatPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Headers *map[string]string `json:"headers"` - Models *[]config.VertexCompatModel `json:"models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *vertexCompatPatch `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.VertexCompatAPIKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - if match != "" { - for i := range h.cfg.VertexCompatAPIKey { - if h.cfg.VertexCompatAPIKey[i].APIKey == match { - targetIndex = i - break - } - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.VertexCompatAPIKey[targetIndex] - if body.Value.APIKey != nil { - trimmed := strings.TrimSpace(*body.Value.APIKey) - if trimmed == "" { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - entry.APIKey = trimmed - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.Models != nil { - entry.Models = append([]config.VertexCompatModel(nil), (*body.Value.Models)...) - } - normalizeVertexCompatKey(&entry) - h.cfg.VertexCompatAPIKey[targetIndex] = entry - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) -} - -func (h *Handler) DeleteVertexCompatKey(c *gin.Context) { - if val := strings.TrimSpace(c.Query("api-key")); val != "" { - out := make([]config.VertexCompatKey, 0, len(h.cfg.VertexCompatAPIKey)) - for _, v := range h.cfg.VertexCompatAPIKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.VertexCompatAPIKey = out - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, errScan := fmt.Sscanf(idxStr, "%d", &idx) - if errScan == nil && idx >= 0 && idx < len(h.cfg.VertexCompatAPIKey) { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:idx], h.cfg.VertexCompatAPIKey[idx+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// oauth-excluded-models: map[string][]string -func (h *Handler) GetOAuthExcludedModels(c *gin.Context) { - c.JSON(200, gin.H{"oauth-excluded-models": config.NormalizeOAuthExcludedModels(h.cfg.OAuthExcludedModels)}) -} - -func (h *Handler) PutOAuthExcludedModels(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var entries map[string][]string - if err = json.Unmarshal(data, &entries); err != nil { - var wrapper struct { - Items map[string][]string `json:"items"` - } - if err2 := json.Unmarshal(data, &wrapper); err2 != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - entries = wrapper.Items - } - h.cfg.OAuthExcludedModels = config.NormalizeOAuthExcludedModels(entries) - h.persist(c) -} - -func (h *Handler) PatchOAuthExcludedModels(c *gin.Context) { - var body struct { - Provider *string `json:"provider"` - Models []string `json:"models"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Provider == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - provider := strings.ToLower(strings.TrimSpace(*body.Provider)) - if provider == "" { - c.JSON(400, gin.H{"error": "invalid provider"}) - return - } - normalized := config.NormalizeExcludedModels(body.Models) - if len(normalized) == 0 { - if h.cfg.OAuthExcludedModels == nil { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - if _, ok := h.cfg.OAuthExcludedModels[provider]; !ok { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - delete(h.cfg.OAuthExcludedModels, provider) - if len(h.cfg.OAuthExcludedModels) == 0 { - h.cfg.OAuthExcludedModels = nil - } - h.persist(c) - return - } - if h.cfg.OAuthExcludedModels == nil { - h.cfg.OAuthExcludedModels = make(map[string][]string) - } - h.cfg.OAuthExcludedModels[provider] = normalized - h.persist(c) -} - -func (h *Handler) DeleteOAuthExcludedModels(c *gin.Context) { - provider := strings.ToLower(strings.TrimSpace(c.Query("provider"))) - if provider == "" { - c.JSON(400, gin.H{"error": "missing provider"}) - return - } - if h.cfg.OAuthExcludedModels == nil { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - if _, ok := h.cfg.OAuthExcludedModels[provider]; !ok { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - delete(h.cfg.OAuthExcludedModels, provider) - if len(h.cfg.OAuthExcludedModels) == 0 { - h.cfg.OAuthExcludedModels = nil - } - h.persist(c) -} - -// oauth-model-alias: map[string][]OAuthModelAlias -func (h *Handler) GetOAuthModelAlias(c *gin.Context) { - c.JSON(200, gin.H{"oauth-model-alias": sanitizedOAuthModelAlias(h.cfg.OAuthModelAlias)}) -} - -func (h *Handler) PutOAuthModelAlias(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var entries map[string][]config.OAuthModelAlias - if err = json.Unmarshal(data, &entries); err != nil { - var wrapper struct { - Items map[string][]config.OAuthModelAlias `json:"items"` - } - if err2 := json.Unmarshal(data, &wrapper); err2 != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - entries = wrapper.Items - } - h.cfg.OAuthModelAlias = sanitizedOAuthModelAlias(entries) - h.persist(c) -} - -func (h *Handler) PatchOAuthModelAlias(c *gin.Context) { - var body struct { - Provider *string `json:"provider"` - Channel *string `json:"channel"` - Aliases []config.OAuthModelAlias `json:"aliases"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - channelRaw := "" - if body.Channel != nil { - channelRaw = *body.Channel - } else if body.Provider != nil { - channelRaw = *body.Provider - } - channel := strings.ToLower(strings.TrimSpace(channelRaw)) - if channel == "" { - c.JSON(400, gin.H{"error": "invalid channel"}) - return - } - - normalizedMap := sanitizedOAuthModelAlias(map[string][]config.OAuthModelAlias{channel: body.Aliases}) - normalized := normalizedMap[channel] - if len(normalized) == 0 { - // Only delete if channel exists, otherwise just create empty entry - if h.cfg.OAuthModelAlias != nil { - if _, ok := h.cfg.OAuthModelAlias[channel]; ok { - delete(h.cfg.OAuthModelAlias, channel) - if len(h.cfg.OAuthModelAlias) == 0 { - h.cfg.OAuthModelAlias = nil - } - h.persist(c) - return - } - } - // Create new channel with empty aliases - if h.cfg.OAuthModelAlias == nil { - h.cfg.OAuthModelAlias = make(map[string][]config.OAuthModelAlias) - } - h.cfg.OAuthModelAlias[channel] = []config.OAuthModelAlias{} - h.persist(c) - return - } - if h.cfg.OAuthModelAlias == nil { - h.cfg.OAuthModelAlias = make(map[string][]config.OAuthModelAlias) - } - h.cfg.OAuthModelAlias[channel] = normalized - h.persist(c) -} - -func (h *Handler) DeleteOAuthModelAlias(c *gin.Context) { - channel := strings.ToLower(strings.TrimSpace(c.Query("channel"))) - if channel == "" { - channel = strings.ToLower(strings.TrimSpace(c.Query("provider"))) - } - if channel == "" { - c.JSON(400, gin.H{"error": "missing channel"}) - return - } - if h.cfg.OAuthModelAlias == nil { - c.JSON(404, gin.H{"error": "channel not found"}) - return - } - if _, ok := h.cfg.OAuthModelAlias[channel]; !ok { - c.JSON(404, gin.H{"error": "channel not found"}) - return - } - // Set to nil instead of deleting the key so that the "explicitly disabled" - // marker survives config reload and prevents SanitizeOAuthModelAlias from - // re-injecting default aliases (fixes #222). - h.cfg.OAuthModelAlias[channel] = nil - h.persist(c) -} - -// codex-api-key: []CodexKey -func (h *Handler) GetCodexKeys(c *gin.Context) { - c.JSON(200, gin.H{"codex-api-key": h.cfg.CodexKey}) -} -func (h *Handler) PutCodexKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.CodexKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.CodexKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - // Filter out codex entries with empty base-url (treat as removed) - filtered := make([]config.CodexKey, 0, len(arr)) - for i := range arr { - entry := arr[i] - normalizeCodexKey(&entry) - if entry.BaseURL == "" { - continue - } - filtered = append(filtered, entry) - } - h.cfg.CodexKey = filtered - h.cfg.SanitizeCodexKeys() - h.persist(c) -} -func (h *Handler) PatchCodexKey(c *gin.Context) { - type codexKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Models *[]config.CodexModel `json:"models"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *codexKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.CodexKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - for i := range h.cfg.CodexKey { - if h.cfg.CodexKey[i].APIKey == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.CodexKey[targetIndex] - if body.Value.APIKey != nil { - entry.APIKey = strings.TrimSpace(*body.Value.APIKey) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.CodexKey = append(h.cfg.CodexKey[:targetIndex], h.cfg.CodexKey[targetIndex+1:]...) - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Models != nil { - entry.Models = append([]config.CodexModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - normalizeCodexKey(&entry) - h.cfg.CodexKey[targetIndex] = entry - h.cfg.SanitizeCodexKeys() - h.persist(c) -} - -func (h *Handler) DeleteCodexKey(c *gin.Context) { - if val := c.Query("api-key"); val != "" { - out := make([]config.CodexKey, 0, len(h.cfg.CodexKey)) - for _, v := range h.cfg.CodexKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.CodexKey = out - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.CodexKey) { - h.cfg.CodexKey = append(h.cfg.CodexKey[:idx], h.cfg.CodexKey[idx+1:]...) - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -func normalizeOpenAICompatibilityEntry(entry *config.OpenAICompatibility) { - if entry == nil { - return - } - // Trim base-url; empty base-url indicates provider should be removed by sanitization - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - existing := make(map[string]struct{}, len(entry.APIKeyEntries)) - for i := range entry.APIKeyEntries { - trimmed := strings.TrimSpace(entry.APIKeyEntries[i].APIKey) - entry.APIKeyEntries[i].APIKey = trimmed - if trimmed != "" { - existing[trimmed] = struct{}{} - } - } -} - -func normalizedOpenAICompatibilityEntries(entries []config.OpenAICompatibility) []config.OpenAICompatibility { - if len(entries) == 0 { - return nil - } - out := make([]config.OpenAICompatibility, len(entries)) - for i := range entries { - copyEntry := entries[i] - if len(copyEntry.APIKeyEntries) > 0 { - copyEntry.APIKeyEntries = append([]config.OpenAICompatibilityAPIKey(nil), copyEntry.APIKeyEntries...) - } - normalizeOpenAICompatibilityEntry(©Entry) - out[i] = copyEntry - } - return out -} - -func normalizeClaudeKey(entry *config.ClaudeKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - entry.ExcludedModels = config.NormalizeExcludedModels(entry.ExcludedModels) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.ClaudeModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" && model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func normalizeCodexKey(entry *config.CodexKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.Prefix = strings.TrimSpace(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - entry.ExcludedModels = config.NormalizeExcludedModels(entry.ExcludedModels) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.CodexModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" && model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func normalizeVertexCompatKey(entry *config.VertexCompatKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.Prefix = strings.TrimSpace(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.VertexCompatModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" || model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func sanitizedOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string][]config.OAuthModelAlias { - if len(entries) == 0 { - return nil - } - copied := make(map[string][]config.OAuthModelAlias, len(entries)) - for channel, aliases := range entries { - if len(aliases) == 0 { - continue - } - copied[channel] = append([]config.OAuthModelAlias(nil), aliases...) - } - if len(copied) == 0 { - return nil - } - cfg := config.Config{OAuthModelAlias: copied} - cfg.SanitizeOAuthModelAlias() - if len(cfg.OAuthModelAlias) == 0 { - return nil - } - return cfg.OAuthModelAlias -} - -// GetAmpCode returns the complete ampcode configuration. -func (h *Handler) GetAmpCode(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"ampcode": config.AmpCode{}}) - return - } - c.JSON(200, gin.H{"ampcode": h.cfg.AmpCode}) -} - -// GetAmpUpstreamURL returns the ampcode upstream URL. -func (h *Handler) GetAmpUpstreamURL(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-url": ""}) - return - } - c.JSON(200, gin.H{"upstream-url": h.cfg.AmpCode.UpstreamURL}) -} - -// PutAmpUpstreamURL updates the ampcode upstream URL. -func (h *Handler) PutAmpUpstreamURL(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.AmpCode.UpstreamURL = strings.TrimSpace(v) }) -} - -// DeleteAmpUpstreamURL clears the ampcode upstream URL. -func (h *Handler) DeleteAmpUpstreamURL(c *gin.Context) { - h.cfg.AmpCode.UpstreamURL = "" - h.persist(c) -} - -// GetAmpUpstreamAPIKey returns the ampcode upstream API key. -func (h *Handler) GetAmpUpstreamAPIKey(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-api-key": ""}) - return - } - c.JSON(200, gin.H{"upstream-api-key": h.cfg.AmpCode.UpstreamAPIKey}) -} - -// PutAmpUpstreamAPIKey updates the ampcode upstream API key. -func (h *Handler) PutAmpUpstreamAPIKey(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.AmpCode.UpstreamAPIKey = strings.TrimSpace(v) }) -} - -// DeleteAmpUpstreamAPIKey clears the ampcode upstream API key. -func (h *Handler) DeleteAmpUpstreamAPIKey(c *gin.Context) { - h.cfg.AmpCode.UpstreamAPIKey = "" - h.persist(c) -} - -// GetAmpRestrictManagementToLocalhost returns the localhost restriction setting. -func (h *Handler) GetAmpRestrictManagementToLocalhost(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"restrict-management-to-localhost": true}) - return - } - c.JSON(200, gin.H{"restrict-management-to-localhost": h.cfg.AmpCode.RestrictManagementToLocalhost}) -} - -// PutAmpRestrictManagementToLocalhost updates the localhost restriction setting. -func (h *Handler) PutAmpRestrictManagementToLocalhost(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.AmpCode.RestrictManagementToLocalhost = v }) -} - -// GetAmpModelMappings returns the ampcode model mappings. -func (h *Handler) GetAmpModelMappings(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"model-mappings": []config.AmpModelMapping{}}) - return - } - c.JSON(200, gin.H{"model-mappings": h.cfg.AmpCode.ModelMappings}) -} - -// PutAmpModelMappings replaces all ampcode model mappings. -func (h *Handler) PutAmpModelMappings(c *gin.Context) { - var body struct { - Value []config.AmpModelMapping `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - h.cfg.AmpCode.ModelMappings = body.Value - h.persist(c) -} - -// PatchAmpModelMappings adds or updates model mappings. -func (h *Handler) PatchAmpModelMappings(c *gin.Context) { - var body struct { - Value []config.AmpModelMapping `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - existing := make(map[string]int) - for i, m := range h.cfg.AmpCode.ModelMappings { - existing[strings.TrimSpace(m.From)] = i - } - - for _, newMapping := range body.Value { - from := strings.TrimSpace(newMapping.From) - if idx, ok := existing[from]; ok { - h.cfg.AmpCode.ModelMappings[idx] = newMapping - } else { - h.cfg.AmpCode.ModelMappings = append(h.cfg.AmpCode.ModelMappings, newMapping) - existing[from] = len(h.cfg.AmpCode.ModelMappings) - 1 - } - } - h.persist(c) -} - -// DeleteAmpModelMappings removes specified model mappings by "from" field. -func (h *Handler) DeleteAmpModelMappings(c *gin.Context) { - var body struct { - Value []string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || len(body.Value) == 0 { - h.cfg.AmpCode.ModelMappings = nil - h.persist(c) - return - } - - toRemove := make(map[string]bool) - for _, from := range body.Value { - toRemove[strings.TrimSpace(from)] = true - } - - newMappings := make([]config.AmpModelMapping, 0, len(h.cfg.AmpCode.ModelMappings)) - for _, m := range h.cfg.AmpCode.ModelMappings { - if !toRemove[strings.TrimSpace(m.From)] { - newMappings = append(newMappings, m) - } - } - h.cfg.AmpCode.ModelMappings = newMappings - h.persist(c) -} - -// GetAmpForceModelMappings returns whether model mappings are forced. -func (h *Handler) GetAmpForceModelMappings(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"force-model-mappings": false}) - return - } - c.JSON(200, gin.H{"force-model-mappings": h.cfg.AmpCode.ForceModelMappings}) -} - -// PutAmpForceModelMappings updates the force model mappings setting. -func (h *Handler) PutAmpForceModelMappings(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.AmpCode.ForceModelMappings = v }) -} - -// GetAmpUpstreamAPIKeys returns the ampcode upstream API keys mapping. -func (h *Handler) GetAmpUpstreamAPIKeys(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-api-keys": []config.AmpUpstreamAPIKeyEntry{}}) - return - } - c.JSON(200, gin.H{"upstream-api-keys": h.cfg.AmpCode.UpstreamAPIKeys}) -} - -// PutAmpUpstreamAPIKeys replaces all ampcode upstream API keys mappings. -func (h *Handler) PutAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []config.AmpUpstreamAPIKeyEntry `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - // Normalize entries: trim whitespace, filter empty - normalized := normalizeAmpUpstreamAPIKeyEntries(body.Value) - h.cfg.AmpCode.UpstreamAPIKeys = normalized - h.persist(c) -} - -// PatchAmpUpstreamAPIKeys adds or updates upstream API keys entries. -// Matching is done by upstream-api-key value. -func (h *Handler) PatchAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []config.AmpUpstreamAPIKeyEntry `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - existing := make(map[string]int) - for i, entry := range h.cfg.AmpCode.UpstreamAPIKeys { - existing[strings.TrimSpace(entry.UpstreamAPIKey)] = i - } - - for _, newEntry := range body.Value { - upstreamKey := strings.TrimSpace(newEntry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - normalizedEntry := config.AmpUpstreamAPIKeyEntry{ - UpstreamAPIKey: upstreamKey, - APIKeys: normalizeAPIKeysList(newEntry.APIKeys), - } - if idx, ok := existing[upstreamKey]; ok { - h.cfg.AmpCode.UpstreamAPIKeys[idx] = normalizedEntry - } else { - h.cfg.AmpCode.UpstreamAPIKeys = append(h.cfg.AmpCode.UpstreamAPIKeys, normalizedEntry) - existing[upstreamKey] = len(h.cfg.AmpCode.UpstreamAPIKeys) - 1 - } - } - h.persist(c) -} - -// DeleteAmpUpstreamAPIKeys removes specified upstream API keys entries. -// Body must be JSON: {"value": ["", ...]}. -// If "value" is an empty array, clears all entries. -// If JSON is invalid or "value" is missing/null, returns 400 and does not persist any change. -func (h *Handler) DeleteAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - if body.Value == nil { - c.JSON(400, gin.H{"error": "missing value"}) - return - } - - // Empty array means clear all - if len(body.Value) == 0 { - h.cfg.AmpCode.UpstreamAPIKeys = nil - h.persist(c) - return - } - - toRemove := make(map[string]bool) - for _, key := range body.Value { - trimmed := strings.TrimSpace(key) - if trimmed == "" { - continue - } - toRemove[trimmed] = true - } - if len(toRemove) == 0 { - c.JSON(400, gin.H{"error": "empty value"}) - return - } - - newEntries := make([]config.AmpUpstreamAPIKeyEntry, 0, len(h.cfg.AmpCode.UpstreamAPIKeys)) - for _, entry := range h.cfg.AmpCode.UpstreamAPIKeys { - if !toRemove[strings.TrimSpace(entry.UpstreamAPIKey)] { - newEntries = append(newEntries, entry) - } - } - h.cfg.AmpCode.UpstreamAPIKeys = newEntries - h.persist(c) -} - -// normalizeAmpUpstreamAPIKeyEntries normalizes a list of upstream API key entries. -func normalizeAmpUpstreamAPIKeyEntries(entries []config.AmpUpstreamAPIKeyEntry) []config.AmpUpstreamAPIKeyEntry { - if len(entries) == 0 { - return nil - } - out := make([]config.AmpUpstreamAPIKeyEntry, 0, len(entries)) - for _, entry := range entries { - upstreamKey := strings.TrimSpace(entry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - apiKeys := normalizeAPIKeysList(entry.APIKeys) - out = append(out, config.AmpUpstreamAPIKeyEntry{ - UpstreamAPIKey: upstreamKey, - APIKeys: apiKeys, - }) - } - if len(out) == 0 { - return nil - } - return out -} - -// normalizeAPIKeysList trims and filters empty strings from a list of API keys. -func normalizeAPIKeysList(keys []string) []string { - if len(keys) == 0 { - return nil - } - out := make([]string, 0, len(keys)) - for _, k := range keys { - trimmed := strings.TrimSpace(k) - if trimmed != "" { - out = append(out, trimmed) - } - } - if len(out) == 0 { - return nil - } - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/handler.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/handler.go deleted file mode 100644 index 949d81de07..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/handler.go +++ /dev/null @@ -1,347 +0,0 @@ -// Package management provides the management API handlers and middleware -// for configuring the server and managing auth files. -package management - -import ( - "crypto/subtle" - "errors" - "fmt" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "syscall" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/buildinfo" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/usage" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "golang.org/x/crypto/bcrypt" -) - -type attemptInfo struct { - count int - blockedUntil time.Time - lastActivity time.Time // track last activity for cleanup -} - -// attemptCleanupInterval controls how often stale IP entries are purged -const attemptCleanupInterval = 1 * time.Hour - -// attemptMaxIdleTime controls how long an IP can be idle before cleanup -const attemptMaxIdleTime = 2 * time.Hour - -// Handler aggregates config reference, persistence path and helpers. -type Handler struct { - cfg *config.Config - configFilePath string - mu sync.Mutex - attemptsMu sync.Mutex - failedAttempts map[string]*attemptInfo // keyed by client IP - authManager *coreauth.Manager - usageStats *usage.RequestStatistics - tokenStore coreauth.Store - localPassword string - allowRemoteOverride bool - envSecret string - logDir string -} - -// NewHandler creates a new management handler instance. -func NewHandler(cfg *config.Config, configFilePath string, manager *coreauth.Manager) *Handler { - envSecret, _ := os.LookupEnv("MANAGEMENT_PASSWORD") - envSecret = strings.TrimSpace(envSecret) - - h := &Handler{ - cfg: cfg, - configFilePath: configFilePath, - failedAttempts: make(map[string]*attemptInfo), - authManager: manager, - usageStats: usage.GetRequestStatistics(), - tokenStore: sdkAuth.GetTokenStore(), - allowRemoteOverride: envSecret != "", - envSecret: envSecret, - } - h.startAttemptCleanup() - return h -} - -// startAttemptCleanup launches a background goroutine that periodically -// removes stale IP entries from failedAttempts to prevent memory leaks. -func (h *Handler) startAttemptCleanup() { - go func() { - ticker := time.NewTicker(attemptCleanupInterval) - defer ticker.Stop() - for range ticker.C { - h.purgeStaleAttempts() - } - }() -} - -// purgeStaleAttempts removes IP entries that have been idle beyond attemptMaxIdleTime -// and whose ban (if any) has expired. -func (h *Handler) purgeStaleAttempts() { - now := time.Now() - h.attemptsMu.Lock() - defer h.attemptsMu.Unlock() - for ip, ai := range h.failedAttempts { - // Skip if still banned - if !ai.blockedUntil.IsZero() && now.Before(ai.blockedUntil) { - continue - } - // Remove if idle too long - if now.Sub(ai.lastActivity) > attemptMaxIdleTime { - delete(h.failedAttempts, ip) - } - } -} - -// NewHandler creates a new management handler instance. -func NewHandlerWithoutConfigFilePath(cfg *config.Config, manager *coreauth.Manager) *Handler { - return NewHandler(cfg, "", manager) -} - -// SetConfig updates the in-memory config reference when the server hot-reloads. -func (h *Handler) SetConfig(cfg *config.Config) { h.cfg = cfg } - -// SetAuthManager updates the auth manager reference used by management endpoints. -func (h *Handler) SetAuthManager(manager *coreauth.Manager) { h.authManager = manager } - -// SetUsageStatistics allows replacing the usage statistics reference. -func (h *Handler) SetUsageStatistics(stats *usage.RequestStatistics) { h.usageStats = stats } - -// SetLocalPassword configures the runtime-local password accepted for localhost requests. -func (h *Handler) SetLocalPassword(password string) { h.localPassword = password } - -// SetLogDirectory updates the directory where main.log should be looked up. -func (h *Handler) SetLogDirectory(dir string) { - if dir == "" { - return - } - if !filepath.IsAbs(dir) { - if abs, err := filepath.Abs(dir); err == nil { - dir = abs - } - } - h.logDir = dir -} - -// Middleware enforces access control for management endpoints. -// All requests (local and remote) require a valid management key. -// Additionally, remote access requires allow-remote-management=true. -func (h *Handler) Middleware() gin.HandlerFunc { - const maxFailures = 5 - const banDuration = 30 * time.Minute - - return func(c *gin.Context) { - c.Header("X-CPA-VERSION", buildinfo.Version) - c.Header("X-CPA-COMMIT", buildinfo.Commit) - c.Header("X-CPA-BUILD-DATE", buildinfo.BuildDate) - - clientIP := c.ClientIP() - localClient := clientIP == "127.0.0.1" || clientIP == "::1" - cfg := h.cfg - var ( - allowRemote bool - secretHash string - ) - if cfg != nil { - allowRemote = cfg.RemoteManagement.AllowRemote - secretHash = cfg.RemoteManagement.SecretKey - } - if h.allowRemoteOverride { - allowRemote = true - } - envSecret := h.envSecret - - fail := func() {} - if !localClient { - h.attemptsMu.Lock() - ai := h.failedAttempts[clientIP] - if ai != nil { - if !ai.blockedUntil.IsZero() { - if time.Now().Before(ai.blockedUntil) { - remaining := time.Until(ai.blockedUntil).Round(time.Second) - h.attemptsMu.Unlock() - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": fmt.Sprintf("IP banned due to too many failed attempts. Try again in %s", remaining)}) - return - } - // Ban expired, reset state - ai.blockedUntil = time.Time{} - ai.count = 0 - } - } - h.attemptsMu.Unlock() - - if !allowRemote { - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management disabled"}) - return - } - - fail = func() { - h.attemptsMu.Lock() - aip := h.failedAttempts[clientIP] - if aip == nil { - aip = &attemptInfo{} - h.failedAttempts[clientIP] = aip - } - aip.count++ - aip.lastActivity = time.Now() - if aip.count >= maxFailures { - aip.blockedUntil = time.Now().Add(banDuration) - aip.count = 0 - } - h.attemptsMu.Unlock() - } - } - if secretHash == "" && envSecret == "" { - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management key not set"}) - return - } - - // Accept either Authorization: Bearer or X-Management-Key - var provided string - if ah := c.GetHeader("Authorization"); ah != "" { - parts := strings.SplitN(ah, " ", 2) - if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" { - provided = parts[1] - } else { - provided = ah - } - } - if provided == "" { - provided = c.GetHeader("X-Management-Key") - } - - if provided == "" { - if !localClient { - fail() - } - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "missing management key"}) - return - } - - if localClient { - if lp := h.localPassword; lp != "" { - if subtle.ConstantTimeCompare([]byte(provided), []byte(lp)) == 1 { - c.Next() - return - } - } - } - - if envSecret != "" && subtle.ConstantTimeCompare([]byte(provided), []byte(envSecret)) == 1 { - if !localClient { - h.attemptsMu.Lock() - if ai := h.failedAttempts[clientIP]; ai != nil { - ai.count = 0 - ai.blockedUntil = time.Time{} - } - h.attemptsMu.Unlock() - } - c.Next() - return - } - - if secretHash == "" || bcrypt.CompareHashAndPassword([]byte(secretHash), []byte(provided)) != nil { - if !localClient { - fail() - } - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid management key"}) - return - } - - if !localClient { - h.attemptsMu.Lock() - if ai := h.failedAttempts[clientIP]; ai != nil { - ai.count = 0 - ai.blockedUntil = time.Time{} - } - h.attemptsMu.Unlock() - } - - c.Next() - } -} - -// persist saves the current in-memory config to disk. -func (h *Handler) persist(c *gin.Context) bool { - h.mu.Lock() - defer h.mu.Unlock() - // Preserve comments when writing - if err := config.SaveConfigPreserveComments(h.configFilePath, h.cfg); err != nil { - if isReadOnlyConfigWriteError(err) { - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "persisted": false, - "warning": "config filesystem is read-only; runtime changes applied but not persisted", - }) - return true - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to save config: %v", err)}) - return false - } - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return true -} - -func isReadOnlyConfigWriteError(err error) bool { - if err == nil { - return false - } - var pathErr *os.PathError - if errors.As(err, &pathErr) { - if errors.Is(pathErr.Err, syscall.EROFS) { - return true - } - } - if errors.Is(err, syscall.EROFS) { - return true - } - normalized := strings.ToLower(err.Error()) - return strings.Contains(normalized, "read-only file system") || - strings.Contains(normalized, "read-only filesystem") || - strings.Contains(normalized, "read only file system") || - strings.Contains(normalized, "read only filesystem") -} - -// Helper methods for simple types -func (h *Handler) updateBoolField(c *gin.Context, set func(bool)) { - var body struct { - Value *bool `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} - -func (h *Handler) updateIntField(c *gin.Context, set func(int)) { - var body struct { - Value *int `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} - -func (h *Handler) updateStringField(c *gin.Context, set func(string)) { - var body struct { - Value *string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/logs.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/logs.go deleted file mode 100644 index 1a95cd430b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/logs.go +++ /dev/null @@ -1,579 +0,0 @@ -package management - -import ( - "bufio" - "fmt" - "math" - "net/http" - "os" - "path/filepath" - "sort" - "strconv" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" -) - -const ( - defaultLogFileName = "main.log" - logScannerInitialBuffer = 64 * 1024 - logScannerMaxBuffer = 8 * 1024 * 1024 -) - -// GetLogs returns log lines with optional incremental loading. -func (h *Handler) GetLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if !h.cfg.LoggingToFile { - c.JSON(http.StatusBadRequest, gin.H{"error": "logging to file disabled"}) - return - } - - logDir := h.logDirectory() - if strings.TrimSpace(logDir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - files, err := h.collectLogFiles(logDir) - if err != nil { - if os.IsNotExist(err) { - cutoff := parseCutoff(c.Query("after")) - c.JSON(http.StatusOK, gin.H{ - "lines": []string{}, - "line-count": 0, - "latest-timestamp": cutoff, - }) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log files: %v", err)}) - return - } - - limit, errLimit := parseLimit(c.Query("limit")) - if errLimit != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("invalid limit: %v", errLimit)}) - return - } - - cutoff := parseCutoff(c.Query("after")) - acc := newLogAccumulator(cutoff, limit) - for i := range files { - if errProcess := acc.consumeFile(files[i]); errProcess != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file %s: %v", files[i], errProcess)}) - return - } - } - - lines, total, latest := acc.result() - if latest == 0 || latest < cutoff { - latest = cutoff - } - c.JSON(http.StatusOK, gin.H{ - "lines": lines, - "line-count": total, - "latest-timestamp": latest, - }) -} - -// DeleteLogs removes all rotated log files and truncates the active log. -func (h *Handler) DeleteLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if !h.cfg.LoggingToFile { - c.JSON(http.StatusBadRequest, gin.H{"error": "logging to file disabled"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "log directory not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log directory: %v", err)}) - return - } - - removed := 0 - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - fullPath := filepath.Join(dir, name) - if name == defaultLogFileName { - if errTrunc := os.Truncate(fullPath, 0); errTrunc != nil && !os.IsNotExist(errTrunc) { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to truncate log file: %v", errTrunc)}) - return - } - continue - } - if isRotatedLogFile(name) { - if errRemove := os.Remove(fullPath); errRemove != nil && !os.IsNotExist(errRemove) { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to remove %s: %v", name, errRemove)}) - return - } - removed++ - } - } - - c.JSON(http.StatusOK, gin.H{ - "success": true, - "message": "Logs cleared successfully", - "removed": removed, - }) -} - -// GetRequestErrorLogs lists error request log files when RequestLog is disabled. -// It returns an empty list when RequestLog is enabled. -func (h *Handler) GetRequestErrorLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if h.cfg.RequestLog { - c.JSON(http.StatusOK, gin.H{"files": []any{}}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusOK, gin.H{"files": []any{}}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list request error logs: %v", err)}) - return - } - - type errorLog struct { - Name string `json:"name"` - Size int64 `json:"size"` - Modified int64 `json:"modified"` - } - - files := make([]errorLog, 0, len(entries)) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log info for %s: %v", name, errInfo)}) - return - } - files = append(files, errorLog{ - Name: name, - Size: info.Size(), - Modified: info.ModTime().Unix(), - }) - } - - sort.Slice(files, func(i, j int) bool { return files[i].Modified > files[j].Modified }) - - c.JSON(http.StatusOK, gin.H{"files": files}) -} - -// GetRequestLogByID finds and downloads a request log file by its request ID. -// The ID is matched against the suffix of log file names (format: *-{requestID}.log). -func (h *Handler) GetRequestLogByID(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - requestID := strings.TrimSpace(c.Param("id")) - if requestID == "" { - requestID = strings.TrimSpace(c.Query("id")) - } - if requestID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing request ID"}) - return - } - if strings.ContainsAny(requestID, "/\\") { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request ID"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "log directory not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log directory: %v", err)}) - return - } - - suffix := "-" + requestID + ".log" - var matchedFile string - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if strings.HasSuffix(name, suffix) { - matchedFile = name - break - } - } - - if matchedFile == "" { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found for the given request ID"}) - return - } - - dirAbs, errAbs := filepath.Abs(dir) - if errAbs != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to resolve log directory: %v", errAbs)}) - return - } - fullPath := filepath.Clean(filepath.Join(dirAbs, matchedFile)) - prefix := dirAbs + string(os.PathSeparator) - if !strings.HasPrefix(fullPath, prefix) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file path"}) - return - } - - info, errStat := os.Stat(fullPath) - if errStat != nil { - if os.IsNotExist(errStat) { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file: %v", errStat)}) - return - } - if info.IsDir() { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file"}) - return - } - - c.FileAttachment(fullPath, matchedFile) -} - -// DownloadRequestErrorLog downloads a specific error request log file by name. -func (h *Handler) DownloadRequestErrorLog(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - name := strings.TrimSpace(c.Param("name")) - if name == "" || strings.Contains(name, "/") || strings.Contains(name, "\\") { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file name"}) - return - } - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - - dirAbs, errAbs := filepath.Abs(dir) - if errAbs != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to resolve log directory: %v", errAbs)}) - return - } - fullPath := filepath.Clean(filepath.Join(dirAbs, name)) - prefix := dirAbs + string(os.PathSeparator) - if !strings.HasPrefix(fullPath, prefix) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file path"}) - return - } - - info, errStat := os.Stat(fullPath) - if errStat != nil { - if os.IsNotExist(errStat) { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file: %v", errStat)}) - return - } - if info.IsDir() { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file"}) - return - } - - c.FileAttachment(fullPath, name) -} - -func (h *Handler) logDirectory() string { - if h == nil { - return "" - } - if h.logDir != "" { - return h.logDir - } - return logging.ResolveLogDirectory(h.cfg) -} - -func (h *Handler) collectLogFiles(dir string) ([]string, error) { - entries, err := os.ReadDir(dir) - if err != nil { - return nil, err - } - type candidate struct { - path string - order int64 - } - cands := make([]candidate, 0, len(entries)) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if name == defaultLogFileName { - cands = append(cands, candidate{path: filepath.Join(dir, name), order: 0}) - continue - } - if order, ok := rotationOrder(name); ok { - cands = append(cands, candidate{path: filepath.Join(dir, name), order: order}) - } - } - if len(cands) == 0 { - return []string{}, nil - } - sort.Slice(cands, func(i, j int) bool { return cands[i].order < cands[j].order }) - paths := make([]string, 0, len(cands)) - for i := len(cands) - 1; i >= 0; i-- { - paths = append(paths, cands[i].path) - } - return paths, nil -} - -type logAccumulator struct { - cutoff int64 - limit int - lines []string - total int - latest int64 - include bool -} - -func newLogAccumulator(cutoff int64, limit int) *logAccumulator { - capacity := 256 - if limit > 0 && limit < capacity { - capacity = limit - } - return &logAccumulator{ - cutoff: cutoff, - limit: limit, - lines: make([]string, 0, capacity), - } -} - -func (acc *logAccumulator) consumeFile(path string) error { - file, err := os.Open(path) - if err != nil { - if os.IsNotExist(err) { - return nil - } - return err - } - defer func() { - _ = file.Close() - }() - - scanner := bufio.NewScanner(file) - buf := make([]byte, 0, logScannerInitialBuffer) - scanner.Buffer(buf, logScannerMaxBuffer) - for scanner.Scan() { - acc.addLine(scanner.Text()) - } - if errScan := scanner.Err(); errScan != nil { - return errScan - } - return nil -} - -func (acc *logAccumulator) addLine(raw string) { - line := strings.TrimRight(raw, "\r") - acc.total++ - ts := parseTimestamp(line) - if ts > acc.latest { - acc.latest = ts - } - if ts > 0 { - acc.include = acc.cutoff == 0 || ts > acc.cutoff - if acc.cutoff == 0 || acc.include { - acc.append(line) - } - return - } - if acc.cutoff == 0 || acc.include { - acc.append(line) - } -} - -func (acc *logAccumulator) append(line string) { - acc.lines = append(acc.lines, line) - if acc.limit > 0 && len(acc.lines) > acc.limit { - acc.lines = acc.lines[len(acc.lines)-acc.limit:] - } -} - -func (acc *logAccumulator) result() ([]string, int, int64) { - if acc.lines == nil { - acc.lines = []string{} - } - return acc.lines, acc.total, acc.latest -} - -func parseCutoff(raw string) int64 { - value := strings.TrimSpace(raw) - if value == "" { - return 0 - } - ts, err := strconv.ParseInt(value, 10, 64) - if err != nil || ts <= 0 { - return 0 - } - return ts -} - -func parseLimit(raw string) (int, error) { - value := strings.TrimSpace(raw) - if value == "" { - return 0, nil - } - limit, err := strconv.Atoi(value) - if err != nil { - return 0, fmt.Errorf("must be a positive integer") - } - if limit <= 0 { - return 0, fmt.Errorf("must be greater than zero") - } - return limit, nil -} - -func parseTimestamp(line string) int64 { - line = strings.TrimPrefix(line, "[") - if len(line) < 19 { - return 0 - } - candidate := line[:19] - t, err := time.ParseInLocation("2006-01-02 15:04:05", candidate, time.Local) - if err != nil { - return 0 - } - return t.Unix() -} - -func isRotatedLogFile(name string) bool { - if _, ok := rotationOrder(name); ok { - return true - } - return false -} - -func rotationOrder(name string) (int64, bool) { - if order, ok := numericRotationOrder(name); ok { - return order, true - } - if order, ok := timestampRotationOrder(name); ok { - return order, true - } - return 0, false -} - -func numericRotationOrder(name string) (int64, bool) { - if !strings.HasPrefix(name, defaultLogFileName+".") { - return 0, false - } - suffix := strings.TrimPrefix(name, defaultLogFileName+".") - if suffix == "" { - return 0, false - } - n, err := strconv.Atoi(suffix) - if err != nil { - return 0, false - } - return int64(n), true -} - -func timestampRotationOrder(name string) (int64, bool) { - ext := filepath.Ext(defaultLogFileName) - base := strings.TrimSuffix(defaultLogFileName, ext) - if base == "" { - return 0, false - } - prefix := base + "-" - if !strings.HasPrefix(name, prefix) { - return 0, false - } - clean := strings.TrimPrefix(name, prefix) - clean = strings.TrimSuffix(clean, ".gz") - if ext != "" { - if !strings.HasSuffix(clean, ext) { - return 0, false - } - clean = strings.TrimSuffix(clean, ext) - } - if clean == "" { - return 0, false - } - if idx := strings.IndexByte(clean, '.'); idx != -1 { - clean = clean[:idx] - } - parsed, err := time.ParseInLocation("2006-01-02T15-04-05", clean, time.Local) - if err != nil { - return 0, false - } - return math.MaxInt64 - parsed.Unix(), true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_auth_test.go deleted file mode 100644 index 389e7fcd63..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_auth_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package management - -import ( - "encoding/json" - "net/http/httptest" - "os" - "path/filepath" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestListAuthFiles(t *testing.T) { - gin.SetMode(gin.TestMode) - - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - _ = os.MkdirAll(authDir, 0755) - - // Create a dummy auth file - authFile := filepath.Join(authDir, "test.json") - _ = os.WriteFile(authFile, []byte(`{"access_token": "abc"}`), 0644) - - cfg := &config.Config{AuthDir: authDir} - h, _, cleanup := setupTestHandler(cfg) - defer cleanup() - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - h.ListAuthFiles(c) - - if w.Code != 200 { - t.Errorf("ListAuthFiles failed: %d, body: %s", w.Code, w.Body.String()) - } - - var resp struct { - Files []any `json:"files"` - } - _ = json.Unmarshal(w.Body.Bytes(), &resp) - if len(resp.Files) == 0 { - t.Errorf("expected at least one auth file, got 0, body: %s", w.Body.String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_basic_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_basic_test.go deleted file mode 100644 index cfff766b1f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_basic_test.go +++ /dev/null @@ -1,112 +0,0 @@ -package management - -import ( - "encoding/json" - "net/http" - "net/http/httptest" - "os" - "strings" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestGetConfig(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{Debug: true} - h := &Handler{cfg: cfg} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - - h.GetConfig(c) - - if w.Code != http.StatusOK { - t.Errorf("expected status 200, got %d, body: %s", w.Code, w.Body.String()) - } - - var got config.Config - if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - if !got.Debug { - t.Errorf("expected debug true, got false") - } -} - -func TestGetLatestVersion(t *testing.T) { - gin.SetMode(gin.TestMode) - h := &Handler{} - _ = h -} - -func TestPutStringList(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - h := &Handler{cfg: cfg} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`["a", "b"]`)) - - var list []string - set := func(arr []string) { list = arr } - h.putStringList(c, set, nil) - - if len(list) != 2 || list[0] != "a" || list[1] != "b" { - t.Errorf("unexpected list: %v", list) - } -} - -func TestGetDebug(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{Debug: true} - h := &Handler{cfg: cfg} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - - h.GetDebug(c) - - if w.Code != http.StatusOK { - t.Errorf("expected status 200, got %d, body: %s", w.Code, w.Body.String()) - } - - var got struct { - Debug bool `json:"debug"` - } - if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - if !got.Debug { - t.Errorf("expected debug true, got false") - } -} - -func TestPutDebug(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpFile, _ := os.CreateTemp("", "config*.yaml") - defer func() { _ = os.Remove(tmpFile.Name()) }() - _, _ = tmpFile.Write([]byte("{}")) - _ = tmpFile.Close() - - cfg := &config.Config{Debug: false} - h := &Handler{cfg: cfg, configFilePath: tmpFile.Name()} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": true}`)) - - h.PutDebug(c) - - if w.Code != http.StatusOK { - t.Errorf("expected status 200, got %d, body: %s", w.Code, w.Body.String()) - } - - if !cfg.Debug { - t.Errorf("expected debug true, got false") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_extra_test.go deleted file mode 100644 index 0c97fb42a7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_extra_test.go +++ /dev/null @@ -1,480 +0,0 @@ -package management - -import ( - "bytes" - "errors" - "mime/multipart" - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "strings" - "syscall" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/usage" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestNewHandler(t *testing.T) { - _ = os.Setenv("MANAGEMENT_PASSWORD", "testpass") - defer func() { _ = os.Unsetenv("MANAGEMENT_PASSWORD") }() - cfg := &config.Config{} - h := NewHandler(cfg, "config.yaml", nil) - if h.envSecret != "testpass" { - t.Errorf("expected envSecret testpass, got %s", h.envSecret) - } - if !h.allowRemoteOverride { - t.Errorf("expected allowRemoteOverride true") - } - - h2 := NewHandlerWithoutConfigFilePath(cfg, nil) - if h2.configFilePath != "" { - t.Errorf("expected empty configFilePath, got %s", h2.configFilePath) - } -} - -func TestHandler_Setters(t *testing.T) { - h := &Handler{} - cfg := &config.Config{Port: 8080} - h.SetConfig(cfg) - if h.cfg.Port != 8080 { - t.Errorf("SetConfig failed") - } - - h.SetAuthManager(nil) - stats := &usage.RequestStatistics{} - h.SetUsageStatistics(stats) - if h.usageStats != stats { - t.Errorf("SetUsageStatistics failed") - } - - h.SetLocalPassword("pass") - if h.localPassword != "pass" { - t.Errorf("SetLocalPassword failed") - } - - tmpDir, _ := os.MkdirTemp("", "logtest") - defer func() { _ = os.RemoveAll(tmpDir) }() - h.SetLogDirectory(tmpDir) - if !filepath.IsAbs(h.logDir) { - t.Errorf("SetLogDirectory should result in absolute path") - } -} - -func TestMiddleware_RemoteDisabled(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - cfg.RemoteManagement.AllowRemote = false - h := &Handler{cfg: cfg, failedAttempts: make(map[string]*attemptInfo)} - - router := gin.New() - router.Use(h.Middleware()) - router.GET("/test", func(c *gin.Context) { c.Status(http.StatusOK) }) - - w := httptest.NewRecorder() - req := httptest.NewRequest("GET", "/test", nil) - req.RemoteAddr = "1.2.3.4:1234" - router.ServeHTTP(w, req) - - if w.Code != http.StatusForbidden { - t.Errorf("expected 403, got %d", w.Code) - } -} - -func TestMiddleware_MissingKey(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - cfg.RemoteManagement.AllowRemote = true - cfg.RemoteManagement.SecretKey = "dummy" // Not empty - h := &Handler{cfg: cfg, failedAttempts: make(map[string]*attemptInfo)} - - router := gin.New() - router.Use(h.Middleware()) - router.GET("/test", func(c *gin.Context) { c.Status(http.StatusOK) }) - - w := httptest.NewRecorder() - req := httptest.NewRequest("GET", "/test", nil) - req.RemoteAddr = "1.2.3.4:1234" // Ensure it's not local - router.ServeHTTP(w, req) - - if w.Code != http.StatusUnauthorized { - t.Errorf("expected 401, got %d", w.Code) - } -} - -func TestMiddleware_Localhost(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - cfg.RemoteManagement.SecretKey = "$2a$10$Unused" //bcrypt hash - h := &Handler{cfg: cfg, envSecret: "envpass", failedAttempts: make(map[string]*attemptInfo)} - - router := gin.New() - router.Use(h.Middleware()) - router.GET("/test", func(c *gin.Context) { c.Status(http.StatusOK) }) - - // Test local access with envSecret - w := httptest.NewRecorder() - req := httptest.NewRequest("GET", "/test", nil) - req.Header.Set("X-Management-Key", "envpass") - req.RemoteAddr = "127.0.0.1:1234" - router.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d", w.Code) - } -} - -func TestPurgeStaleAttempts(t *testing.T) { - h := &Handler{ - failedAttempts: make(map[string]*attemptInfo), - } - now := time.Now() - h.failedAttempts["1.1.1.1"] = &attemptInfo{ - lastActivity: now.Add(-3 * time.Hour), - } - h.failedAttempts["2.2.2.2"] = &attemptInfo{ - lastActivity: now, - } - h.failedAttempts["3.3.3.3"] = &attemptInfo{ - lastActivity: now.Add(-3 * time.Hour), - blockedUntil: now.Add(1 * time.Hour), - } - - h.purgeStaleAttempts() - - if _, ok := h.failedAttempts["1.1.1.1"]; ok { - t.Errorf("1.1.1.1 should have been purged") - } - if _, ok := h.failedAttempts["2.2.2.2"]; !ok { - t.Errorf("2.2.2.2 should not have been purged") - } - if _, ok := h.failedAttempts["3.3.3.3"]; !ok { - t.Errorf("3.3.3.3 should not have been purged (banned)") - } -} - -func TestUpdateFields(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpFile, _ := os.CreateTemp("", "config*.yaml") - defer func() { _ = os.Remove(tmpFile.Name()) }() - _ = os.WriteFile(tmpFile.Name(), []byte("{}"), 0644) - - cfg := &config.Config{} - h := &Handler{cfg: cfg, configFilePath: tmpFile.Name()} - - // Test updateBoolField - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": true}`)) - var bVal bool - h.updateBoolField(c, func(v bool) { bVal = v }) - if !bVal { - t.Errorf("updateBoolField failed") - } - - // Test updateIntField - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": 42}`)) - var iVal int - h.updateIntField(c, func(v int) { iVal = v }) - if iVal != 42 { - t.Errorf("updateIntField failed") - } - - // Test updateStringField - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": "hello"}`)) - var sVal string - h.updateStringField(c, func(v string) { sVal = v }) - if sVal != "hello" { - t.Errorf("updateStringField failed") - } -} - -func TestGetUsage(t *testing.T) { - gin.SetMode(gin.TestMode) - stats := usage.GetRequestStatistics() - h := &Handler{usageStats: stats} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - h.GetUsageStatistics(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d", w.Code) - } - - // Test export - wExport := httptest.NewRecorder() - cExport, _ := gin.CreateTestContext(wExport) - h.ExportUsageStatistics(cExport) - if wExport.Code != http.StatusOK { - t.Errorf("export failed") - } - - // Test import - wImport := httptest.NewRecorder() - cImport, _ := gin.CreateTestContext(wImport) - cImport.Request = httptest.NewRequest("POST", "/", strings.NewReader(wExport.Body.String())) - h.ImportUsageStatistics(cImport) - if wImport.Code != http.StatusOK { - t.Errorf("import failed: %d, body: %s", wImport.Code, wImport.Body.String()) - } -} - -func TestGetModels(t *testing.T) { - gin.SetMode(gin.TestMode) - h := &Handler{} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("GET", "/?channel=codex", nil) - h.GetStaticModelDefinitions(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestGetQuota(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - h := &Handler{cfg: cfg} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - h.GetSwitchProject(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d", w.Code) - } -} - -func TestGetConfigYAML(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpFile, _ := os.CreateTemp("", "config*.yaml") - defer func() { _ = os.Remove(tmpFile.Name()) }() - _ = os.WriteFile(tmpFile.Name(), []byte("test: true"), 0644) - - h := &Handler{configFilePath: tmpFile.Name()} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - h.GetConfigYAML(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d", w.Code) - } - if w.Body.String() != "test: true" { - t.Errorf("unexpected body: %s", w.Body.String()) - } -} - -func TestPutConfigYAML(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir, _ := os.MkdirTemp("", "configtest") - defer func() { _ = os.RemoveAll(tmpDir) }() - tmpFile := filepath.Join(tmpDir, "config.yaml") - _ = os.WriteFile(tmpFile, []byte("debug: false"), 0644) - - h := &Handler{configFilePath: tmpFile, cfg: &config.Config{}} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader("debug: true")) - - h.PutConfigYAML(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestPutConfigYAMLReadOnlyWriteAppliesRuntimeConfig(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir := t.TempDir() - tmpFile := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(tmpFile, []byte("debug: false"), 0o644); err != nil { - t.Fatalf("write initial config: %v", err) - } - - origWriteConfigFile := writeConfigFile - writeConfigFile = func(path string, data []byte) error { - return &os.PathError{Op: "open", Path: path, Err: syscall.EROFS} - } - t.Cleanup(func() { writeConfigFile = origWriteConfigFile }) - - h := &Handler{configFilePath: tmpFile, cfg: &config.Config{}} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader("debug: true")) - - h.PutConfigYAML(c) - - if w.Code != http.StatusOK { - t.Fatalf("expected 200, got %d, body: %s", w.Code, w.Body.String()) - } - if !strings.Contains(w.Body.String(), `"persisted":false`) { - t.Fatalf("expected persisted=false in response body, got %s", w.Body.String()) - } - if h.cfg == nil || !h.cfg.Debug { - t.Fatalf("expected runtime config to be applied despite read-only write") - } -} - -func TestGetLogs(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir, _ := os.MkdirTemp("", "logtest") - defer func() { _ = os.RemoveAll(tmpDir) }() - logFile := filepath.Join(tmpDir, "main.log") - _ = os.WriteFile(logFile, []byte("test log"), 0644) - - cfg := &config.Config{LoggingToFile: true} - h := &Handler{logDir: tmpDir, cfg: cfg, authManager: coreauth.NewManager(nil, nil, nil)} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - h.GetLogs(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestDeleteAuthFile(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir, _ := os.MkdirTemp("", "authtest") - defer func() { _ = os.RemoveAll(tmpDir) }() - authFile := filepath.Join(tmpDir, "testauth.json") - _ = os.WriteFile(authFile, []byte("{}"), 0644) - - cfg := &config.Config{AuthDir: tmpDir} - h := &Handler{cfg: cfg, authManager: coreauth.NewManager(nil, nil, nil)} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("DELETE", "/?name=testauth.json", nil) - - h.DeleteAuthFile(c) - - if w.Code != http.StatusOK { - t.Errorf("expected 200, got %d, body: %s", w.Code, w.Body.String()) - } - - if _, err := os.Stat(authFile); !os.IsNotExist(err) { - t.Errorf("file should have been deleted") - } -} - -func TestDownloadAuthFileRejectsTraversalName(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir := t.TempDir() - h := &Handler{cfg: &config.Config{AuthDir: tmpDir}} - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("GET", "/?name=..\\evil.json", nil) - - h.DownloadAuthFile(c) - - if w.Code != http.StatusBadRequest { - t.Fatalf("expected 400, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestUploadAuthFileRejectsTraversalName(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir := t.TempDir() - h := &Handler{ - cfg: &config.Config{AuthDir: tmpDir}, - authManager: coreauth.NewManager(nil, nil, nil), - } - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("POST", "/?name=..\\evil.json", strings.NewReader("{}")) - - h.UploadAuthFile(c) - - if w.Code != http.StatusBadRequest { - t.Fatalf("expected 400, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestUploadAuthFileRejectsTraversalMultipartName(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir := t.TempDir() - h := &Handler{ - cfg: &config.Config{AuthDir: tmpDir}, - authManager: coreauth.NewManager(nil, nil, nil), - } - - var body bytes.Buffer - form := multipart.NewWriter(&body) - part, err := form.CreateFormFile("file", "..\\evil.json") - if err != nil { - t.Fatalf("create form file: %v", err) - } - if _, err := part.Write([]byte("{}")); err != nil { - t.Fatalf("write form file content: %v", err) - } - if err := form.Close(); err != nil { - t.Fatalf("close form: %v", err) - } - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - req := httptest.NewRequest("POST", "/", &body) - req.Header.Set("Content-Type", form.FormDataContentType()) - c.Request = req - - h.UploadAuthFile(c) - - if w.Code != http.StatusBadRequest { - t.Fatalf("expected 400, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestDeleteAuthFileRejectsTraversalName(t *testing.T) { - gin.SetMode(gin.TestMode) - tmpDir := t.TempDir() - h := &Handler{ - cfg: &config.Config{AuthDir: tmpDir}, - authManager: coreauth.NewManager(nil, nil, nil), - } - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("DELETE", "/?name=..\\evil.json", nil) - - h.DeleteAuthFile(c) - - if w.Code != http.StatusBadRequest { - t.Fatalf("expected 400, got %d, body: %s", w.Code, w.Body.String()) - } -} - -func TestIsReadOnlyConfigWriteError(t *testing.T) { - if !isReadOnlyConfigWriteError(&os.PathError{Op: "open", Path: "/tmp/config.yaml", Err: syscall.EROFS}) { - t.Fatal("expected EROFS path error to be treated as read-only config write error") - } - if !isReadOnlyConfigWriteError(errors.New("open /CLIProxyAPI/config.yaml: read-only file system")) { - t.Fatal("expected read-only file system message to be treated as read-only config write error") - } - if !isReadOnlyConfigWriteError(errors.New("open /CLIProxyAPI/config.yaml: read-only filesystem")) { - t.Fatal("expected read-only filesystem variant to be treated as read-only config write error") - } - if !isReadOnlyConfigWriteError(errors.New("open /CLIProxyAPI/config.yaml: read only file system")) { - t.Fatal("expected read only file system variant to be treated as read-only config write error") - } - if isReadOnlyConfigWriteError(errors.New("permission denied")) { - t.Fatal("did not expect generic permission error to be treated as read-only config write error") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_fields_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_fields_test.go deleted file mode 100644 index f0c1e88979..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_fields_test.go +++ /dev/null @@ -1,203 +0,0 @@ -package management - -import ( - "net/http/httptest" - "os" - "strings" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func setupTestHandler(cfg *config.Config) (*Handler, string, func()) { - tmpFile, _ := os.CreateTemp("", "config*.yaml") - _, _ = tmpFile.Write([]byte("{}")) - _ = tmpFile.Close() - - h := &Handler{cfg: cfg, configFilePath: tmpFile.Name()} - cleanup := func() { - _ = os.Remove(tmpFile.Name()) - } - return h, tmpFile.Name(), cleanup -} - -func TestBoolFields(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - h, _, cleanup := setupTestHandler(cfg) - defer cleanup() - - tests := []struct { - name string - getter func(*gin.Context) - setter func(*gin.Context) - field *bool - key string - }{ - {"UsageStatisticsEnabled", h.GetUsageStatisticsEnabled, h.PutUsageStatisticsEnabled, &cfg.UsageStatisticsEnabled, "usage-statistics-enabled"}, - {"LoggingToFile", h.GetLoggingToFile, h.PutLoggingToFile, &cfg.LoggingToFile, "logging-to-file"}, - {"WebsocketAuth", h.GetWebsocketAuth, h.PutWebsocketAuth, &cfg.WebsocketAuth, "ws-auth"}, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - // Test Getter - *tc.field = true - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - tc.getter(c) - if w.Code != 200 { - t.Errorf("getter failed: %d", w.Code) - } - - // Test Setter - *tc.field = false - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": true}`)) - tc.setter(c) - if w.Code != 200 { - t.Errorf("setter failed: %d, body: %s", w.Code, w.Body.String()) - } - if !*tc.field { - t.Errorf("field not updated") - } - }) - } -} - -func TestIntFields(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - h, _, cleanup := setupTestHandler(cfg) - defer cleanup() - - tests := []struct { - name string - getter func(*gin.Context) - setter func(*gin.Context) - field *int - key string - }{ - {"LogsMaxTotalSizeMB", h.GetLogsMaxTotalSizeMB, h.PutLogsMaxTotalSizeMB, &cfg.LogsMaxTotalSizeMB, "logs-max-total-size-mb"}, - {"ErrorLogsMaxFiles", h.GetErrorLogsMaxFiles, h.PutErrorLogsMaxFiles, &cfg.ErrorLogsMaxFiles, "error-logs-max-files"}, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - *tc.field = 100 - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - tc.getter(c) - if w.Code != 200 { - t.Errorf("getter failed: %d", w.Code) - } - - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": 200}`)) - tc.setter(c) - if w.Code != 200 { - t.Errorf("setter failed: %d", w.Code) - } - if *tc.field != 200 { - t.Errorf("field not updated") - } - }) - } -} - -func TestProxyURL(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - h, _, cleanup := setupTestHandler(cfg) - defer cleanup() - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": "http://proxy:8080"}`)) - h.PutProxyURL(c) - if cfg.ProxyURL != "http://proxy:8080" { - t.Errorf("proxy url not updated") - } - - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - h.GetProxyURL(c) - if w.Code != 200 { - t.Errorf("getter failed: %d", w.Code) - } - - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - h.DeleteProxyURL(c) - if cfg.ProxyURL != "" { - t.Errorf("proxy url not deleted") - } -} - -func TestQuotaExceededFields(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{} - h, _, cleanup := setupTestHandler(cfg) - defer cleanup() - - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": true}`)) - h.PutSwitchProject(c) - if !cfg.QuotaExceeded.SwitchProject { - t.Errorf("SwitchProject not updated") - } - - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`{"value": true}`)) - h.PutSwitchPreviewModel(c) - if !cfg.QuotaExceeded.SwitchPreviewModel { - t.Errorf("SwitchPreviewModel not updated") - } -} - -func TestAPIKeys(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{SDKConfig: config.SDKConfig{APIKeys: []string{"key1"}}} - h, _, cleanup := setupTestHandler(cfg) - defer cleanup() - - // GET - w := httptest.NewRecorder() - c, _ := gin.CreateTestContext(w) - h.GetAPIKeys(c) - if w.Code != 200 { - t.Errorf("GET failed") - } - - // PUT - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PUT", "/", strings.NewReader(`["key2"]`)) - h.PutAPIKeys(c) - if len(cfg.APIKeys) != 1 || cfg.APIKeys[0] != "key2" { - t.Errorf("PUT failed: %v", cfg.APIKeys) - } - - // PATCH - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("PATCH", "/", strings.NewReader(`{"old":"key2", "new":"key3"}`)) - h.PatchAPIKeys(c) - if cfg.APIKeys[0] != "key3" { - t.Errorf("PATCH failed: %v", cfg.APIKeys) - } - - // DELETE - w = httptest.NewRecorder() - c, _ = gin.CreateTestContext(w) - c.Request = httptest.NewRequest("DELETE", "/?value=key3", nil) - h.DeleteAPIKeys(c) - if len(cfg.APIKeys) != 0 { - t.Errorf("DELETE failed: %v", cfg.APIKeys) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_modelstates_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_modelstates_test.go deleted file mode 100644 index af3074b05f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/management_modelstates_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package management - -import ( - "context" - "os" - "path/filepath" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestRegisterAuthFromFilePreservesModelStates(t *testing.T) { - authID := "iflow-user.json" - manager := coreauth.NewManager(nil, nil, nil) - existing := &coreauth.Auth{ - ID: authID, - Provider: "iflow", - FileName: authID, - Status: coreauth.StatusActive, - Attributes: map[string]string{ - "path": authID, - }, - Metadata: map[string]any{ - "type": "iflow", - "email": "user@example.com", - }, - CreatedAt: time.Now().Add(-time.Hour), - ModelStates: map[string]*coreauth.ModelState{ - "iflow/deepseek-v3.1": { - Unavailable: true, - }, - }, - } - if _, err := manager.Register(context.Background(), existing); err != nil { - t.Fatalf("register existing auth: %v", err) - } - - h := &Handler{ - cfg: &config.Config{AuthDir: "."}, - authManager: manager, - } - - payload := []byte(`{"type":"iflow","email":"user@example.com","access_token":"next"}`) - if err := h.registerAuthFromFile(context.Background(), authID, payload); err != nil { - t.Fatalf("registerAuthFromFile failed: %v", err) - } - - updated, ok := manager.GetByID(authID) - if !ok { - t.Fatalf("updated auth not found") - } - if len(updated.ModelStates) != 1 { - t.Fatalf("expected model states preserved, got %d", len(updated.ModelStates)) - } - if _, ok = updated.ModelStates["iflow/deepseek-v3.1"]; !ok { - t.Fatalf("expected specific model state to be preserved") - } -} - -func TestRegisterAuthFromFileRejectsPathOutsideAuthDir(t *testing.T) { - authDir := t.TempDir() - outsidePath := filepath.Join(t.TempDir(), "outside.json") - if err := os.WriteFile(outsidePath, []byte(`{"type":"iflow"}`), 0o600); err != nil { - t.Fatalf("write outside auth file: %v", err) - } - - h := &Handler{ - cfg: &config.Config{AuthDir: authDir}, - authManager: coreauth.NewManager(nil, nil, nil), - } - - err := h.registerAuthFromFile(context.Background(), outsidePath, nil) - if err == nil { - t.Fatal("expected error for auth path outside auth directory") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/model_definitions.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/model_definitions.go deleted file mode 100644 index 2a5dc36615..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/model_definitions.go +++ /dev/null @@ -1,33 +0,0 @@ -package management - -import ( - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -// GetStaticModelDefinitions returns static model metadata for a given channel. -// Channel is provided via path param (:channel) or query param (?channel=...). -func (h *Handler) GetStaticModelDefinitions(c *gin.Context) { - channel := strings.TrimSpace(c.Param("channel")) - if channel == "" { - channel = strings.TrimSpace(c.Query("channel")) - } - if channel == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "channel is required"}) - return - } - - models := registry.GetStaticModelDefinitionsByChannel(channel) - if models == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "unknown channel", "channel": channel}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "channel": strings.ToLower(strings.TrimSpace(channel)), - "models": models, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_callback.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_callback.go deleted file mode 100644 index c69a332ee7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_callback.go +++ /dev/null @@ -1,100 +0,0 @@ -package management - -import ( - "errors" - "net/http" - "net/url" - "strings" - - "github.com/gin-gonic/gin" -) - -type oauthCallbackRequest struct { - Provider string `json:"provider"` - RedirectURL string `json:"redirect_url"` - Code string `json:"code"` - State string `json:"state"` - Error string `json:"error"` -} - -func (h *Handler) PostOAuthCallback(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "handler not initialized"}) - return - } - - var req oauthCallbackRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid body"}) - return - } - - canonicalProvider, err := NormalizeOAuthProvider(req.Provider) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "unsupported provider"}) - return - } - - state := strings.TrimSpace(req.State) - code := strings.TrimSpace(req.Code) - errMsg := strings.TrimSpace(req.Error) - - if rawRedirect := strings.TrimSpace(req.RedirectURL); rawRedirect != "" { - u, errParse := url.Parse(rawRedirect) - if errParse != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid redirect_url"}) - return - } - q := u.Query() - if state == "" { - state = strings.TrimSpace(q.Get("state")) - } - if code == "" { - code = strings.TrimSpace(q.Get("code")) - } - if errMsg == "" { - errMsg = strings.TrimSpace(q.Get("error")) - if errMsg == "" { - errMsg = strings.TrimSpace(q.Get("error_description")) - } - } - } - - if state == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "state is required"}) - return - } - if err := ValidateOAuthState(state); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid state"}) - return - } - if code == "" && errMsg == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "code or error is required"}) - return - } - - sessionProvider, sessionStatus, ok := GetOAuthSession(state) - if !ok { - c.JSON(http.StatusNotFound, gin.H{"status": "error", "error": "unknown or expired state"}) - return - } - if sessionStatus != "" { - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"}) - return - } - if !strings.EqualFold(sessionProvider, canonicalProvider) { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "provider does not match state"}) - return - } - - if _, errWrite := WriteOAuthCallbackFileForPendingSession(h.cfg.AuthDir, canonicalProvider, state, code, errMsg); errWrite != nil { - if errors.Is(errWrite, errOAuthSessionNotPending) { - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to persist oauth callback"}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_sessions.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_sessions.go deleted file mode 100644 index 1c0f6cae4c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_sessions.go +++ /dev/null @@ -1,321 +0,0 @@ -package management - -import ( - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "time" -) - -const ( - oauthSessionTTL = 10 * time.Minute - maxOAuthStateLength = 128 -) - -var ( - errInvalidOAuthState = errors.New("invalid oauth state") - errUnsupportedOAuthFlow = errors.New("unsupported oauth provider") - errOAuthSessionNotPending = errors.New("oauth session is not pending") -) - -type oauthSession struct { - Provider string - Status string - CreatedAt time.Time - ExpiresAt time.Time -} - -type oauthSessionStore struct { - mu sync.RWMutex - ttl time.Duration - sessions map[string]oauthSession -} - -func newOAuthSessionStore(ttl time.Duration) *oauthSessionStore { - if ttl <= 0 { - ttl = oauthSessionTTL - } - return &oauthSessionStore{ - ttl: ttl, - sessions: make(map[string]oauthSession), - } -} - -func (s *oauthSessionStore) purgeExpiredLocked(now time.Time) { - for state, session := range s.sessions { - if !session.ExpiresAt.IsZero() && now.After(session.ExpiresAt) { - delete(s.sessions, state) - } - } -} - -func (s *oauthSessionStore) Register(state, provider string) { - state = strings.TrimSpace(state) - provider = strings.ToLower(strings.TrimSpace(provider)) - if state == "" || provider == "" { - return - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - s.sessions[state] = oauthSession{ - Provider: provider, - Status: "", - CreatedAt: now, - ExpiresAt: now.Add(s.ttl), - } -} - -func (s *oauthSessionStore) SetError(state, message string) { - state = strings.TrimSpace(state) - message = strings.TrimSpace(message) - if state == "" { - return - } - if message == "" { - message = "Authentication failed" - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - if !ok { - return - } - session.Status = message - session.ExpiresAt = now.Add(s.ttl) - s.sessions[state] = session -} - -func (s *oauthSessionStore) Complete(state string) { - state = strings.TrimSpace(state) - if state == "" { - return - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - delete(s.sessions, state) -} - -func (s *oauthSessionStore) CompleteProvider(provider string) int { - provider = strings.ToLower(strings.TrimSpace(provider)) - if provider == "" { - return 0 - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - removed := 0 - for state, session := range s.sessions { - if strings.EqualFold(session.Provider, provider) { - delete(s.sessions, state) - removed++ - } - } - return removed -} - -func (s *oauthSessionStore) Get(state string) (oauthSession, bool) { - state = strings.TrimSpace(state) - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - return session, ok -} - -func (s *oauthSessionStore) IsPending(state, provider string) bool { - state = strings.TrimSpace(state) - provider = strings.ToLower(strings.TrimSpace(provider)) - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - if !ok { - return false - } - if session.Status != "" { - if !strings.EqualFold(session.Provider, "kiro") { - return false - } - if !strings.HasPrefix(session.Status, "device_code|") && !strings.HasPrefix(session.Status, "auth_url|") { - return false - } - } - if provider == "" { - return true - } - return strings.EqualFold(session.Provider, provider) -} - -var oauthSessions = newOAuthSessionStore(oauthSessionTTL) - -func RegisterOAuthSession(state, provider string) { oauthSessions.Register(state, provider) } - -func SetOAuthSessionError(state, message string) { oauthSessions.SetError(state, message) } - -func CompleteOAuthSession(state string) { oauthSessions.Complete(state) } - -func CompleteOAuthSessionsByProvider(provider string) int { - return oauthSessions.CompleteProvider(provider) -} - -func GetOAuthSession(state string) (provider string, status string, ok bool) { - session, ok := oauthSessions.Get(state) - if !ok { - return "", "", false - } - return session.Provider, session.Status, true -} - -func IsOAuthSessionPending(state, provider string) bool { - return oauthSessions.IsPending(state, provider) -} - -func ValidateOAuthState(state string) error { - trimmed := strings.TrimSpace(state) - if trimmed == "" { - return fmt.Errorf("%w: empty", errInvalidOAuthState) - } - if len(trimmed) > maxOAuthStateLength { - return fmt.Errorf("%w: too long", errInvalidOAuthState) - } - if strings.Contains(trimmed, "/") || strings.Contains(trimmed, "\\") { - return fmt.Errorf("%w: contains path separator", errInvalidOAuthState) - } - if strings.Contains(trimmed, "..") { - return fmt.Errorf("%w: contains '..'", errInvalidOAuthState) - } - for _, r := range trimmed { - switch { - case r >= 'a' && r <= 'z': - case r >= 'A' && r <= 'Z': - case r >= '0' && r <= '9': - case r == '-' || r == '_' || r == '.': - default: - return fmt.Errorf("%w: invalid character", errInvalidOAuthState) - } - } - return nil -} - -func NormalizeOAuthProvider(provider string) (string, error) { - switch strings.ToLower(strings.TrimSpace(provider)) { - case "anthropic", "claude": - return "anthropic", nil - case "codex", "openai": - return "codex", nil - case "gemini", "google": - return "gemini", nil - case "iflow", "i-flow": - return "iflow", nil - case "antigravity", "anti-gravity": - return "antigravity", nil - case "qwen": - return "qwen", nil - case "kiro": - return "kiro", nil - case "github": - return "github", nil - default: - return "", errUnsupportedOAuthFlow - } -} - -type oauthCallbackFilePayload struct { - Code string `json:"code"` - State string `json:"state"` - Error string `json:"error"` -} - -func sanitizeOAuthCallbackPath(authDir, fileName string) (string, error) { - trimmedAuthDir := strings.TrimSpace(authDir) - if trimmedAuthDir == "" { - return "", fmt.Errorf("auth dir is empty") - } - if fileName != filepath.Base(fileName) || strings.ContainsAny(fileName, `/\`) { - return "", fmt.Errorf("invalid oauth callback file name") - } - cleanAuthDir, err := filepath.Abs(filepath.Clean(trimmedAuthDir)) - if err != nil { - return "", fmt.Errorf("resolve auth dir: %w", err) - } - if resolvedDir, err := filepath.EvalSymlinks(cleanAuthDir); err == nil { - cleanAuthDir = resolvedDir - } - filePath := filepath.Join(cleanAuthDir, fileName) - relPath, err := filepath.Rel(cleanAuthDir, filePath) - if err != nil { - return "", fmt.Errorf("resolve oauth callback file path: %w", err) - } - if relPath == ".." || strings.HasPrefix(relPath, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("invalid oauth callback file path") - } - return filePath, nil -} - -func WriteOAuthCallbackFile(authDir, provider, state, code, errorMessage string) (string, error) { - canonicalProvider, err := NormalizeOAuthProvider(provider) - if err != nil { - return "", err - } - if err := ValidateOAuthState(state); err != nil { - return "", err - } - - fileName := fmt.Sprintf(".oauth-%s-%s.oauth", canonicalProvider, state) - filePath, err := sanitizeOAuthCallbackPath(authDir, fileName) - if err != nil { - return "", err - } - if err := os.MkdirAll(filepath.Dir(filePath), 0o700); err != nil { - return "", fmt.Errorf("create oauth callback dir: %w", err) - } - payload := oauthCallbackFilePayload{ - Code: strings.TrimSpace(code), - State: strings.TrimSpace(state), - Error: strings.TrimSpace(errorMessage), - } - data, err := json.Marshal(payload) - if err != nil { - return "", fmt.Errorf("marshal oauth callback payload: %w", err) - } - if err := os.WriteFile(filePath, data, 0o600); err != nil { - return "", fmt.Errorf("write oauth callback file: %w", err) - } - return filePath, nil -} - -func WriteOAuthCallbackFileForPendingSession(authDir, provider, state, code, errorMessage string) (string, error) { - canonicalProvider, err := NormalizeOAuthProvider(provider) - if err != nil { - return "", err - } - if !IsOAuthSessionPending(state, canonicalProvider) { - return "", errOAuthSessionNotPending - } - return WriteOAuthCallbackFile(authDir, canonicalProvider, state, code, errorMessage) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_sessions_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_sessions_test.go deleted file mode 100644 index 27aeda4daf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/oauth_sessions_test.go +++ /dev/null @@ -1,73 +0,0 @@ -package management - -import ( - "encoding/json" - "os" - "path/filepath" - "strings" - "testing" -) - -func TestWriteOAuthCallbackFile_WritesInsideAuthDir(t *testing.T) { - authDir := t.TempDir() - state := "safe-state-123" - - filePath, err := WriteOAuthCallbackFile(authDir, "claude", state, "code-1", "") - if err != nil { - t.Fatalf("WriteOAuthCallbackFile failed: %v", err) - } - - authDirAbs, err := filepath.Abs(authDir) - if err != nil { - t.Fatalf("resolve auth dir: %v", err) - } - filePathAbs, err := filepath.Abs(filePath) - if err != nil { - t.Fatalf("resolve callback path: %v", err) - } - resolvedAuthDir, err := filepath.EvalSymlinks(authDirAbs) - if err == nil { - authDirAbs = resolvedAuthDir - } - resolvedCallbackDir, err := filepath.EvalSymlinks(filepath.Dir(filePathAbs)) - if err == nil { - filePathAbs = filepath.Join(resolvedCallbackDir, filepath.Base(filePathAbs)) - } - prefix := authDirAbs + string(os.PathSeparator) - if filePathAbs != authDirAbs && !strings.HasPrefix(filePathAbs, prefix) { - t.Fatalf("callback path escaped auth dir: %q", filePathAbs) - } - - content, err := os.ReadFile(filePathAbs) - if err != nil { - t.Fatalf("read callback file: %v", err) - } - var payload oauthCallbackFilePayload - if err := json.Unmarshal(content, &payload); err != nil { - t.Fatalf("unmarshal callback file: %v", err) - } - if payload.State != state { - t.Fatalf("unexpected state: got %q want %q", payload.State, state) - } -} - -func TestSanitizeOAuthCallbackPath_RejectsInjectedFileName(t *testing.T) { - _, err := sanitizeOAuthCallbackPath(t.TempDir(), "../escape.oauth") - if err == nil { - t.Fatal("expected error for injected callback file name") - } -} - -func TestSanitizeOAuthCallbackPath_RejectsWindowsTraversalName(t *testing.T) { - _, err := sanitizeOAuthCallbackPath(t.TempDir(), `..\\escape.oauth`) - if err == nil { - t.Fatal("expected error for windows-style traversal") - } -} - -func TestSanitizeOAuthCallbackPath_RejectsEmptyFileName(t *testing.T) { - _, err := sanitizeOAuthCallbackPath(t.TempDir(), "") - if err == nil { - t.Fatal("expected error for empty callback file name") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/provider_status.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/provider_status.go deleted file mode 100644 index 8081142059..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/provider_status.go +++ /dev/null @@ -1,205 +0,0 @@ -package management - -import ( - "net/http" - "time" - - "github.com/gin-gonic/gin" -) - -// ProviderStatusRequest is the request for provider status -type ProviderStatusRequest struct { - Provider string `uri:"provider" binding:"required"` -} - -// ProviderStatusResponse is the JSON response for provider status -type ProviderStatusResponse struct { - Provider string `json:"provider"` - UpdatedAt time.Time `json:"updated_at"` - Status string `json:"status"` // operational, degraded, outage - Uptime24h float64 `json:"uptime_24h"` - Uptime7d float64 `json:"uptime_7d"` - AvgLatencyMs float64 `json:"avg_latency_ms"` - TotalRequests int64 `json:"total_requests"` - ErrorRate float64 `json:"error_rate"` - Regions []RegionStatus `json:"regions"` - Models []ProviderModel `json:"models"` - Incidents []Incident `json:"incidents,omitempty"` -} - -// RegionStatus contains status for a specific region -type RegionStatus struct { - Region string `json:"region"` - Status string `json:"status"` // operational, degraded, outage - LatencyMs float64 `json:"latency_ms"` - ThroughputTPS float64 `json:"throughput_tps"` - UptimePercent float64 `json:"uptime_percent"` -} - -// ProviderModel contains model availability for a provider -type ProviderModel struct { - ModelID string `json:"model_id"` - Available bool `json:"available"` - LatencyMs int `json:"latency_ms"` - ThroughputTPS float64 `json:"throughput_tps"` - QueueDepth int `json:"queue_depth,omitempty"` - MaxConcurrency int `json:"max_concurrency,omitempty"` -} - -// Incident represents an ongoing or past incident -type Incident struct { - ID string `json:"id"` - Type string `json:"type"` // outage, degradation, maintenance - Severity string `json:"severity"` // critical, major, minor - Status string `json:"status"` // ongoing, resolved - Title string `json:"title"` - Description string `json:"description"` - StartedAt time.Time `json:"started_at"` - ResolvedAt *time.Time `json:"resolved_at,omitempty"` - Affected []string `json:"affected,omitempty"` -} - -// ProviderStatusHandler handles provider status endpoints -type ProviderStatusHandler struct{} - -// NewProviderStatusHandler returns a new ProviderStatusHandler -func NewProviderStatusHandler() *ProviderStatusHandler { - return &ProviderStatusHandler{} -} - -// GETProviderStatus handles GET /v1/providers/:provider/status -func (h *ProviderStatusHandler) GETProviderStatus(c *gin.Context) { - var req ProviderStatusRequest - if err := c.ShouldBindUri(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - status := h.getMockProviderStatus(req.Provider) - if status == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "provider not found"}) - return - } - - c.JSON(http.StatusOK, status) -} - -// getMockProviderStatus returns mock provider status -func (h *ProviderStatusHandler) getMockProviderStatus(provider string) *ProviderStatusResponse { - providerData := map[string]*ProviderStatusResponse{ - "google": { - Provider: "google", - UpdatedAt: time.Now(), - Status: "operational", - Uptime24h: 99.2, - Uptime7d: 98.9, - AvgLatencyMs: 1250, - TotalRequests: 50000000, - ErrorRate: 0.8, - Regions: []RegionStatus{ - {Region: "US", Status: "operational", LatencyMs: 800, ThroughputTPS: 150, UptimePercent: 99.5}, - {Region: "EU", Status: "operational", LatencyMs: 1500, ThroughputTPS: 100, UptimePercent: 99.1}, - {Region: "ASIA", Status: "degraded", LatencyMs: 2200, ThroughputTPS: 60, UptimePercent: 96.5}, - }, - Models: []ProviderModel{ - {ModelID: "gemini-3.1-pro", Available: true, LatencyMs: 3000, ThroughputTPS: 72, MaxConcurrency: 50}, - {ModelID: "gemini-3-flash-preview", Available: true, LatencyMs: 600, ThroughputTPS: 200, MaxConcurrency: 100}, - {ModelID: "gemini-2.5-flash", Available: true, LatencyMs: 500, ThroughputTPS: 250, MaxConcurrency: 100}, - }, - }, - "anthropic": { - Provider: "anthropic", - UpdatedAt: time.Now(), - Status: "operational", - Uptime24h: 99.5, - Uptime7d: 99.3, - AvgLatencyMs: 1800, - TotalRequests: 35000000, - ErrorRate: 0.5, - Regions: []RegionStatus{ - {Region: "US", Status: "operational", LatencyMs: 1500, ThroughputTPS: 80, UptimePercent: 99.5}, - {Region: "EU", Status: "operational", LatencyMs: 2200, ThroughputTPS: 50, UptimePercent: 99.2}, - }, - Models: []ProviderModel{ - {ModelID: "claude-opus-4.6", Available: true, LatencyMs: 4000, ThroughputTPS: 45, MaxConcurrency: 30}, - {ModelID: "claude-sonnet-4.6", Available: true, LatencyMs: 2000, ThroughputTPS: 80, MaxConcurrency: 50}, - {ModelID: "claude-haiku-4.5", Available: true, LatencyMs: 800, ThroughputTPS: 150, MaxConcurrency: 100}, - }, - }, - "openai": { - Provider: "openai", - UpdatedAt: time.Now(), - Status: "operational", - Uptime24h: 98.8, - Uptime7d: 98.5, - AvgLatencyMs: 2000, - TotalRequests: 42000000, - ErrorRate: 1.2, - Regions: []RegionStatus{ - {Region: "US", Status: "operational", LatencyMs: 1800, ThroughputTPS: 100, UptimePercent: 99.0}, - {Region: "EU", Status: "degraded", LatencyMs: 2800, ThroughputTPS: 60, UptimePercent: 97.0}, - }, - Models: []ProviderModel{ - {ModelID: "gpt-5.2", Available: true, LatencyMs: 3500, ThroughputTPS: 60, MaxConcurrency: 40}, - {ModelID: "gpt-4o", Available: true, LatencyMs: 2000, ThroughputTPS: 80, MaxConcurrency: 50}, - }, - }, - } - - if data, ok := providerData[provider]; ok { - return data - } - - return nil -} - -// GETAllProviderStatuses handles GET /v1/providers/status -func (h *ProviderStatusHandler) GETAllProviderStatuses(c *gin.Context) { - providers := []string{"google", "anthropic", "openai", "deepseek", "minimax", "moonshotai", "x-ai", "z-ai"} - - var statuses []ProviderStatusResponse - for _, p := range providers { - if status := h.getMockProviderStatus(p); status != nil { - statuses = append(statuses, *status) - } - } - - c.JSON(http.StatusOK, gin.H{ - "updated_at": time.Now(), - "count": len(statuses), - "providers": statuses, - }) -} - -// GETProviderIncidents handles GET /v1/providers/:provider/incidents -func (h *ProviderStatusHandler) GETProviderIncidents(c *gin.Context) { - var req ProviderStatusRequest - if err := c.ShouldBindUri(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - // Mock incidents - incidents := []Incident{ - { - ID: "inc-001", - Type: "degradation", - Severity: "minor", - Status: "resolved", - Title: "Elevated latency in Asia Pacific region", - Description: "Users in APAC experienced elevated latency due to network congestion", - StartedAt: time.Now().Add(-24 * time.Hour), - ResolvedAt: timePtr(time.Now().Add(-12 * time.Hour)), - Affected: []string{"gemini-2.5-flash", "gemini-3-flash-preview"}, - }, - } - - c.JSON(http.StatusOK, gin.H{ - "provider": req.Provider, - "incidents": incidents, - }) -} - -func timePtr(t time.Time) *time.Time { - return &t -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/quota.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/quota.go deleted file mode 100644 index c7efd217bd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/quota.go +++ /dev/null @@ -1,18 +0,0 @@ -package management - -import "github.com/gin-gonic/gin" - -// Quota exceeded toggles -func (h *Handler) GetSwitchProject(c *gin.Context) { - c.JSON(200, gin.H{"switch-project": h.cfg.QuotaExceeded.SwitchProject}) -} -func (h *Handler) PutSwitchProject(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchProject = v }) -} - -func (h *Handler) GetSwitchPreviewModel(c *gin.Context) { - c.JSON(200, gin.H{"switch-preview-model": h.cfg.QuotaExceeded.SwitchPreviewModel}) -} -func (h *Handler) PutSwitchPreviewModel(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchPreviewModel = v }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/rankings.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/rankings.go deleted file mode 100644 index ca30a0b7cd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/rankings.go +++ /dev/null @@ -1,254 +0,0 @@ -package management - -import ( - "net/http" - "sort" - "time" - - "github.com/gin-gonic/gin" -) - -// RankingCategory represents a category for model rankings -type RankingCategory string - -const ( - // RankingByUsage ranks by token usage - RankingByUsage RankingCategory = "usage" - // RankingByQuality ranks by quality score - RankingByQuality RankingCategory = "quality" - // RankingBySpeed ranks by speed/latency - RankingBySpeed RankingCategory = "speed" - // RankingByCost ranks by cost efficiency - RankingByCost RankingCategory = "cost" - // RankingByPopularity ranks by popularity - RankingByPopularity RankingCategory = "popularity" -) - -// RankingsRequest is the JSON body for GET /v1/rankings -type RankingsRequest struct { - // Category is the ranking category: usage, quality, speed, cost, popularity - Category string `form:"category"` - // Limit is the number of results to return - Limit int `form:"limit"` - // Provider filters to specific provider - Provider string `form:"provider"` - // TimeRange is the time range: week, month, all - TimeRange string `form:"timeRange"` -} - -// RankingsResponse is the JSON response for GET /v1/rankings -type RankingsResponse struct { - Category string `json:"category"` - TimeRange string `json:"timeRange"` - UpdatedAt time.Time `json:"updated_at"` - TotalCount int `json:"total_count"` - Rankings []ModelRank `json:"rankings"` -} - -// ModelRank represents a model's ranking entry -type ModelRank struct { - Rank int `json:"rank"` - ModelID string `json:"model_id"` - Provider string `json:"provider"` - QualityScore float64 `json:"quality_score"` - EstimatedCost float64 `json:"estimated_cost"` - LatencyMs int `json:"latency_ms"` - WeeklyTokens int64 `json:"weekly_tokens"` - MarketSharePercent float64 `json:"market_share_percent"` - Category string `json:"category,omitempty"` -} - -// RankingsHandler handles the /v1/rankings endpoint -type RankingsHandler struct { - // This would connect to actual usage data in production -} - -// NewRankingsHandler returns a new RankingsHandler -func NewRankingsHandler() *RankingsHandler { - return &RankingsHandler{} -} - -// GETRankings handles GET /v1/rankings -func (h *RankingsHandler) GETRankings(c *gin.Context) { - var req RankingsRequest - if err := c.ShouldBindQuery(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - // Set defaults - if req.Category == "" { - req.Category = string(RankingByUsage) - } - if req.Limit == 0 || req.Limit > 100 { - req.Limit = 20 - } - if req.TimeRange == "" { - req.TimeRange = "week" - } - - // Generate rankings based on category (in production, this would come from actual metrics) - rankings := h.generateRankings(req) - - c.JSON(http.StatusOK, RankingsResponse{ - Category: req.Category, - TimeRange: req.TimeRange, - UpdatedAt: time.Now(), - TotalCount: len(rankings), - Rankings: rankings[:min(len(rankings), req.Limit)], - }) -} - -// generateRankings generates mock rankings based on category -// In production, this would fetch from actual metrics storage -func (h *RankingsHandler) generateRankings(req RankingsRequest) []ModelRank { - // This would be replaced with actual data from metrics storage - mockModels := []struct { - ModelID string - Provider string - Quality float64 - Cost float64 - Latency int - WeeklyTokens int64 - }{ - {"claude-opus-4.6", "anthropic", 0.95, 0.015, 4000, 651000000000}, - {"claude-sonnet-4.6", "anthropic", 0.88, 0.003, 2000, 520000000000}, - {"gemini-3.1-pro", "google", 0.90, 0.007, 3000, 100000000000}, - {"gemini-3-flash-preview", "google", 0.78, 0.00015, 600, 887000000000}, - {"gpt-5.2", "openai", 0.92, 0.020, 3500, 300000000000}, - {"deepseek-v3.2", "deepseek", 0.80, 0.0005, 1000, 762000000000}, - {"glm-5", "z-ai", 0.78, 0.001, 1500, 769000000000}, - {"minimax-m2.5", "minimax", 0.75, 0.001, 1200, 2290000000000}, - {"kimi-k2.5", "moonshotai", 0.82, 0.001, 1100, 967000000000}, - {"grok-4.1-fast", "x-ai", 0.76, 0.001, 800, 692000000000}, - {"gemini-2.5-flash", "google", 0.76, 0.0001, 500, 429000000000}, - {"claude-haiku-4.5", "anthropic", 0.75, 0.00025, 800, 100000000000}, - } - - // Filter by provider if specified - var filtered []struct { - ModelID string - Provider string - Quality float64 - Cost float64 - Latency int - WeeklyTokens int64 - } - - if req.Provider != "" { - for _, m := range mockModels { - if m.Provider == req.Provider { - filtered = append(filtered, m) - } - } - } else { - filtered = mockModels - } - - // Sort based on category - switch RankingCategory(req.Category) { - case RankingByUsage: - sort.Slice(filtered, func(i, j int) bool { - return filtered[i].WeeklyTokens > filtered[j].WeeklyTokens - }) - case RankingByQuality: - sort.Slice(filtered, func(i, j int) bool { - return filtered[i].Quality > filtered[j].Quality - }) - case RankingBySpeed: - sort.Slice(filtered, func(i, j int) bool { - return filtered[i].Latency < filtered[j].Latency - }) - case RankingByCost: - sort.Slice(filtered, func(i, j int) bool { - return filtered[i].Cost < filtered[j].Cost - }) - default: - sort.Slice(filtered, func(i, j int) bool { - return filtered[i].WeeklyTokens > filtered[j].WeeklyTokens - }) - } - - // Calculate total tokens for market share - var totalTokens int64 - for _, m := range filtered { - totalTokens += m.WeeklyTokens - } - - // Build rankings - rankings := make([]ModelRank, len(filtered)) - for i, m := range filtered { - marketShare := 0.0 - if totalTokens > 0 { - marketShare = float64(m.WeeklyTokens) / float64(totalTokens) * 100 - } - rankings[i] = ModelRank{ - Rank: i + 1, - ModelID: m.ModelID, - Provider: m.Provider, - QualityScore: m.Quality, - EstimatedCost: m.Cost, - LatencyMs: m.Latency, - WeeklyTokens: m.WeeklyTokens, - MarketSharePercent: marketShare, - } - } - - return rankings -} - -// GETProviderRankings handles GET /v1/rankings/providers -func (h *RankingsHandler) GETProviderRankings(c *gin.Context) { - // Mock provider rankings - providerRankings := []gin.H{ - {"rank": 1, "provider": "google", "weekly_tokens": 730000000000, "market_share": 19.2, "model_count": 15}, - {"rank": 2, "provider": "anthropic", "weekly_tokens": 559000000000, "market_share": 14.7, "model_count": 8}, - {"rank": 3, "provider": "minimax", "weekly_tokens": 539000000000, "market_share": 14.2, "model_count": 5}, - {"rank": 4, "provider": "openai", "weekly_tokens": 351000000000, "market_share": 9.2, "model_count": 12}, - {"rank": 5, "provider": "z-ai", "weekly_tokens": 327000000000, "market_share": 8.6, "model_count": 6}, - {"rank": 6, "provider": "deepseek", "weekly_tokens": 304000000000, "market_share": 8.0, "model_count": 4}, - {"rank": 7, "provider": "x-ai", "weekly_tokens": 231000000000, "market_share": 6.1, "model_count": 3}, - {"rank": 8, "provider": "moonshotai", "weekly_tokens": 184000000000, "market_share": 4.8, "model_count": 3}, - } - - c.JSON(http.StatusOK, gin.H{ - "updated_at": time.Now(), - "rankings": providerRankings, - }) -} - -// GETCategoryRankings handles GET /v1/rankings/categories -func (h *RankingsHandler) GETCategoryRankings(c *gin.Context) { - // Mock category rankings - categories := []gin.H{ - { - "category": "coding", - "top_model": "minimax-m2.5", - "weekly_tokens": 216000000000, - "percentage": 28.6, - }, - { - "category": "reasoning", - "top_model": "claude-opus-4.6", - "weekly_tokens": 150000000000, - "percentage": 18.5, - }, - { - "category": "multimodal", - "top_model": "gemini-3-flash-preview", - "weekly_tokens": 120000000000, - "percentage": 15.2, - }, - { - "category": "general", - "top_model": "gpt-5.2", - "weekly_tokens": 100000000000, - "percentage": 12.8, - }, - } - - c.JSON(http.StatusOK, gin.H{ - "updated_at": time.Now(), - "categories": categories, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/routing_select.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/routing_select.go deleted file mode 100644 index 6aff094462..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/routing_select.go +++ /dev/null @@ -1,67 +0,0 @@ -package management - -import ( - "net/http" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -// RoutingSelectRequest is the JSON body for POST /v1/routing/select. -type RoutingSelectRequest struct { - TaskComplexity string `json:"taskComplexity"` - MaxCostPerCall float64 `json:"maxCostPerCall"` - MaxLatencyMs int `json:"maxLatencyMs"` - MinQualityScore float64 `json:"minQualityScore"` -} - -// RoutingSelectResponse is the JSON response for POST /v1/routing/select. -type RoutingSelectResponse struct { - ModelID string `json:"model_id"` - Provider string `json:"provider"` - EstimatedCost float64 `json:"estimated_cost"` - EstimatedLatencyMs int `json:"estimated_latency_ms"` - QualityScore float64 `json:"quality_score"` -} - -// RoutingSelectHandler handles the /v1/routing/select endpoint. -type RoutingSelectHandler struct { - router *registry.ParetoRouter -} - -// NewRoutingSelectHandler returns a new RoutingSelectHandler. -func NewRoutingSelectHandler() *RoutingSelectHandler { - return &RoutingSelectHandler{ - router: registry.NewParetoRouter(), - } -} - -// POSTRoutingSelect handles POST /v1/routing/select. -func (h *RoutingSelectHandler) POSTRoutingSelect(c *gin.Context) { - var req RoutingSelectRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - routingReq := ®istry.RoutingRequest{ - TaskComplexity: req.TaskComplexity, - MaxCostPerCall: req.MaxCostPerCall, - MaxLatencyMs: req.MaxLatencyMs, - MinQualityScore: req.MinQualityScore, - } - - selected, err := h.router.SelectModel(c.Request.Context(), routingReq) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, RoutingSelectResponse{ - ModelID: selected.ModelID, - Provider: selected.Provider, - EstimatedCost: selected.EstimatedCost, - EstimatedLatencyMs: selected.EstimatedLatencyMs, - QualityScore: selected.QualityScore, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/usage.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/usage.go deleted file mode 100644 index 0de877fdec..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/usage.go +++ /dev/null @@ -1,79 +0,0 @@ -package management - -import ( - "encoding/json" - "net/http" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/usage" -) - -type usageExportPayload struct { - Version int `json:"version"` - ExportedAt time.Time `json:"exported_at"` - Usage usage.StatisticsSnapshot `json:"usage"` -} - -type usageImportPayload struct { - Version int `json:"version"` - Usage usage.StatisticsSnapshot `json:"usage"` -} - -// GetUsageStatistics returns the in-memory request statistics snapshot. -func (h *Handler) GetUsageStatistics(c *gin.Context) { - var snapshot usage.StatisticsSnapshot - if h != nil && h.usageStats != nil { - snapshot = h.usageStats.Snapshot() - } - c.JSON(http.StatusOK, gin.H{ - "usage": snapshot, - "failed_requests": snapshot.FailureCount, - }) -} - -// ExportUsageStatistics returns a complete usage snapshot for backup/migration. -func (h *Handler) ExportUsageStatistics(c *gin.Context) { - var snapshot usage.StatisticsSnapshot - if h != nil && h.usageStats != nil { - snapshot = h.usageStats.Snapshot() - } - c.JSON(http.StatusOK, usageExportPayload{ - Version: 1, - ExportedAt: time.Now().UTC(), - Usage: snapshot, - }) -} - -// ImportUsageStatistics merges a previously exported usage snapshot into memory. -func (h *Handler) ImportUsageStatistics(c *gin.Context) { - if h == nil || h.usageStats == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "usage statistics unavailable"}) - return - } - - data, err := c.GetRawData() - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - - var payload usageImportPayload - if err := json.Unmarshal(data, &payload); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json"}) - return - } - if payload.Version != 0 && payload.Version != 1 { - c.JSON(http.StatusBadRequest, gin.H{"error": "unsupported version"}) - return - } - - result := h.usageStats.MergeSnapshot(payload.Usage) - snapshot := h.usageStats.Snapshot() - c.JSON(http.StatusOK, gin.H{ - "added": result.Added, - "skipped": result.Skipped, - "total_requests": snapshot.TotalRequests, - "failed_requests": snapshot.FailureCount, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/usage_analytics.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/usage_analytics.go deleted file mode 100644 index 33bd345bb3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/usage_analytics.go +++ /dev/null @@ -1,462 +0,0 @@ -package management - -import ( - "context" - "fmt" - "net/http" - "sync" - "time" - - "github.com/gin-gonic/gin" -) - -// CostAggregationRequest specifies parameters for cost aggregation -type CostAggregationRequest struct { - // StartTime is the start of the aggregation period - StartTime time.Time `json:"start_time"` - // EndTime is the end of the aggregation period - EndTime time.Time `json:"end_time"` - // Granularity is the aggregation granularity: hour, day, week, month - Granularity string `json:"granularity"` - // GroupBy is the grouping: model, provider, client - GroupBy string `json:"group_by"` - // FilterProvider limits to specific provider - FilterProvider string `json:"filter_provider,omitempty"` - // FilterModel limits to specific model - FilterModel string `json:"filter_model,omitempty"` -} - -// CostAggregationResponse contains aggregated cost data -type CostAggregationResponse struct { - StartTime time.Time `json:"start_time"` - EndTime time.Time `json:"end_time"` - Granularity string `json:"granularity"` - GroupBy string `json:"group_by"` - TotalCost float64 `json:"total_cost"` - TotalTokens int64 `json:"total_tokens"` - Groups []CostGroup `json:"groups"` - TimeSeries []TimeSeriesPoint `json:"time_series,omitempty"` -} - -// CostGroup represents a grouped cost entry -type CostGroup struct { - Key string `json:"key"` // model/provider/client ID - Cost float64 `json:"cost"` - InputTokens int64 `json:"input_tokens"` - OutputTokens int64 `json:"output_tokens"` - Requests int64 `json:"requests"` - AvgLatencyMs float64 `json:"avg_latency_ms"` -} - -// TimeSeriesPoint represents a point in time series data -type TimeSeriesPoint struct { - Timestamp time.Time `json:"timestamp"` - Cost float64 `json:"cost"` - InputTokens int64 `json:"input_tokens"` - OutputTokens int64 `json:"output_tokens"` - Requests int64 `json:"requests"` -} - -// UsageAnalytics provides usage analytics functionality -type UsageAnalytics struct { - mu sync.RWMutex - records []UsageRecord - maxRecords int -} - -// UsageRecord represents a single usage record -type UsageRecord struct { - Timestamp time.Time - ModelID string - Provider string - ClientID string - InputTokens int - OutputTokens int - TotalTokens int - Cost float64 - LatencyMs int - Success bool -} - -// NewUsageAnalytics creates a new UsageAnalytics instance -func NewUsageAnalytics() *UsageAnalytics { - return &UsageAnalytics{ - records: make([]UsageRecord, 0), - maxRecords: 1000000, // Keep 1M records in memory - } -} - -// RecordUsage records a usage event -func (u *UsageAnalytics) RecordUsage(ctx context.Context, record UsageRecord) { - u.mu.Lock() - defer u.mu.Unlock() - - record.Timestamp = time.Now() - u.records = append(u.records, record) - - // Trim if over limit - if len(u.records) > u.maxRecords { - u.records = u.records[len(u.records)-u.maxRecords:] - } -} - -// GetCostAggregation returns aggregated cost data -func (u *UsageAnalytics) GetCostAggregation(ctx context.Context, req *CostAggregationRequest) (*CostAggregationResponse, error) { - u.mu.RLock() - defer u.mu.RUnlock() - - if req.StartTime.IsZero() { - req.StartTime = time.Now().Add(-24 * time.Hour) - } - if req.EndTime.IsZero() { - req.EndTime = time.Now() - } - if req.Granularity == "" { - req.Granularity = "day" - } - if req.GroupBy == "" { - req.GroupBy = "model" - } - - // Filter records by time range - var filtered []UsageRecord - for _, r := range u.records { - if r.Timestamp.After(req.StartTime) && r.Timestamp.Before(req.EndTime) { - if req.FilterProvider != "" && r.Provider != req.FilterProvider { - continue - } - if req.FilterModel != "" && r.ModelID != req.FilterModel { - continue - } - filtered = append(filtered, r) - } - } - - // Aggregate by group - groups := make(map[string]*CostGroup) - var totalCost float64 - var totalTokens int64 - - for _, r := range filtered { - var key string - switch req.GroupBy { - case "model": - key = r.ModelID - case "provider": - key = r.Provider - case "client": - key = r.ClientID - default: - key = r.ModelID - } - - if _, ok := groups[key]; !ok { - groups[key] = &CostGroup{Key: key} - } - - g := groups[key] - g.Cost += r.Cost - g.InputTokens += int64(r.InputTokens) - g.OutputTokens += int64(r.OutputTokens) - g.Requests++ - if r.LatencyMs > 0 { - g.AvgLatencyMs = (g.AvgLatencyMs*float64(g.Requests-1) + float64(r.LatencyMs)) / float64(g.Requests) - } - - totalCost += r.Cost - totalTokens += int64(r.TotalTokens) - } - - // Convert to slice - result := make([]CostGroup, 0, len(groups)) - for _, g := range groups { - result = append(result, *g) - } - - // Generate time series - var timeSeries []TimeSeriesPoint - if len(filtered) > 0 { - timeSeries = u.generateTimeSeries(filtered, req.Granularity) - } - - return &CostAggregationResponse{ - StartTime: req.StartTime, - EndTime: req.EndTime, - Granularity: req.Granularity, - GroupBy: req.GroupBy, - TotalCost: totalCost, - TotalTokens: totalTokens, - Groups: result, - TimeSeries: timeSeries, - }, nil -} - -// generateTimeSeries creates time series data from records -func (u *UsageAnalytics) generateTimeSeries(records []UsageRecord, granularity string) []TimeSeriesPoint { - // Determine bucket size - var bucketSize time.Duration - switch granularity { - case "hour": - bucketSize = time.Hour - case "day": - bucketSize = 24 * time.Hour - case "week": - bucketSize = 7 * 24 * time.Hour - case "month": - bucketSize = 30 * 24 * time.Hour - default: - bucketSize = 24 * time.Hour - } - - // Group by time buckets - buckets := make(map[int64]*TimeSeriesPoint) - for _, r := range records { - bucket := r.Timestamp.Unix() / int64(bucketSize.Seconds()) - if _, ok := buckets[bucket]; !ok { - buckets[bucket] = &TimeSeriesPoint{ - Timestamp: time.Unix(bucket*int64(bucketSize.Seconds()), 0), - } - } - b := buckets[bucket] - b.Cost += r.Cost - b.InputTokens += int64(r.InputTokens) - b.OutputTokens += int64(r.OutputTokens) - b.Requests++ - } - - // Convert to slice and sort - result := make([]TimeSeriesPoint, 0, len(buckets)) - for _, p := range buckets { - result = append(result, *p) - } - - // Sort by timestamp - for i := 0; i < len(result)-1; i++ { - for j := i + 1; j < len(result); j++ { - if result[j].Timestamp.Before(result[i].Timestamp) { - result[i], result[j] = result[j], result[i] - } - } - } - - return result -} - -// GetTopModels returns top models by cost -func (u *UsageAnalytics) GetTopModels(ctx context.Context, limit int, timeRange time.Duration) ([]CostGroup, error) { - req := &CostAggregationRequest{ - StartTime: time.Now().Add(-timeRange), - EndTime: time.Now(), - Granularity: "day", - GroupBy: "model", - } - - resp, err := u.GetCostAggregation(ctx, req) - if err != nil { - return nil, err - } - - // Sort by cost descending - groups := resp.Groups - for i := 0; i < len(groups)-1; i++ { - for j := i + 1; j < len(groups); j++ { - if groups[j].Cost > groups[i].Cost { - groups[i], groups[j] = groups[j], groups[i] - } - } - } - - if len(groups) > limit { - groups = groups[:limit] - } - - return groups, nil -} - -// GetProviderBreakdown returns cost breakdown by provider -func (u *UsageAnalytics) GetProviderBreakdown(ctx context.Context, timeRange time.Duration) (map[string]float64, error) { - req := &CostAggregationRequest{ - StartTime: time.Now().Add(-timeRange), - EndTime: time.Now(), - Granularity: "day", - GroupBy: "provider", - } - - resp, err := u.GetCostAggregation(ctx, req) - if err != nil { - return nil, err - } - - result := make(map[string]float64) - for _, g := range resp.Groups { - result[g.Key] = g.Cost - } - - return result, nil -} - -// GetDailyTrend returns daily cost trend -func (u *UsageAnalytics) GetDailyTrend(ctx context.Context, days int) ([]TimeSeriesPoint, error) { - req := &CostAggregationRequest{ - StartTime: time.Now().Add(time.Duration(-days) * 24 * time.Hour), - EndTime: time.Now(), - Granularity: "day", - GroupBy: "model", - } - - resp, err := u.GetCostAggregation(ctx, req) - if err != nil { - return nil, err - } - - return resp.TimeSeries, nil -} - -// GetCostSummary returns a summary of costs -func (u *UsageAnalytics) GetCostSummary(ctx context.Context, timeRange time.Duration) (map[string]interface{}, error) { - req := &CostAggregationRequest{ - StartTime: time.Now().Add(-timeRange), - EndTime: time.Now(), - Granularity: "day", - GroupBy: "model", - } - - resp, err := u.GetCostAggregation(ctx, req) - if err != nil { - return nil, err - } - - // Calculate additional metrics - var totalRequests int64 - var totalInputTokens, totalOutputTokens int64 - for _, g := range resp.Groups { - totalRequests += g.Requests - totalInputTokens += g.InputTokens - totalOutputTokens += g.OutputTokens - } - - avgCostPerRequest := 0.0 - if totalRequests > 0 { - avgCostPerRequest = resp.TotalCost / float64(totalRequests) - } - - return map[string]interface{}{ - "total_cost": resp.TotalCost, - "total_tokens": resp.TotalTokens, - "total_requests": totalRequests, - "total_input_tokens": totalInputTokens, - "total_output_tokens": totalOutputTokens, - "avg_cost_per_request": avgCostPerRequest, - "time_range": timeRange.String(), - "period_start": req.StartTime, - "period_end": req.EndTime, - }, nil -} - -// Example UsageAnalyticsHandler -type UsageAnalyticsHandler struct { - analytics *UsageAnalytics -} - -// NewUsageAnalyticsHandler creates a new handler -func NewUsageAnalyticsHandler() *UsageAnalyticsHandler { - return &UsageAnalyticsHandler{ - analytics: NewUsageAnalytics(), - } -} - -// GETCostSummary handles GET /v1/analytics/costs -func (h *UsageAnalyticsHandler) GETCostSummary(c *gin.Context) { - timeRange := c.DefaultQuery("timeRange", "24h") - - duration, err := time.ParseDuration(timeRange) - if err != nil { - duration = 24 * time.Hour - } - - summary, err := h.analytics.GetCostSummary(c.Request.Context(), duration) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, summary) -} - -// GETCostAggregation handles GET /v1/analytics/costs/breakdown -func (h *UsageAnalyticsHandler) GETCostAggregation(c *gin.Context) { - var req CostAggregationRequest - if err := c.ShouldBindQuery(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - resp, err := h.analytics.GetCostAggregation(c.Request.Context(), &req) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, resp) -} - -// GETTopModels handles GET /v1/analytics/top-models -func (h *UsageAnalyticsHandler) GETTopModels(c *gin.Context) { - limit := 10 - timeRange := c.DefaultQuery("timeRange", "24h") - - duration, err := time.ParseDuration(timeRange) - if err != nil { - duration = 24 * time.Hour - } - - topModels, err := h.analytics.GetTopModels(c.Request.Context(), limit, duration) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "limit": limit, - "time_range": timeRange, - "top_models": topModels, - }) -} - -// GETProviderBreakdown handles GET /v1/analytics/provider-breakdown -func (h *UsageAnalyticsHandler) GETProviderBreakdown(c *gin.Context) { - timeRange := c.DefaultQuery("timeRange", "24h") - - duration, err := time.ParseDuration(timeRange) - if err != nil { - duration = 24 * time.Hour - } - - breakdown, err := h.analytics.GetProviderBreakdown(c.Request.Context(), duration) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "time_range": timeRange, - "breakdown": breakdown, - }) -} - -// GETDailyTrend handles GET /v1/analytics/daily-trend -func (h *UsageAnalyticsHandler) GETDailyTrend(c *gin.Context) { - days := 7 - fmt.Sscanf(c.DefaultQuery("days", "7"), "%d", &days) - - trend, err := h.analytics.GetDailyTrend(c.Request.Context(), days) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "days": days, - "trend": trend, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/vertex_import.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/vertex_import.go deleted file mode 100644 index 2678a068b6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/management/vertex_import.go +++ /dev/null @@ -1,156 +0,0 @@ -package management - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/vertex" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// ImportVertexCredential handles uploading a Vertex service account JSON and saving it as an auth record. -func (h *Handler) ImportVertexCredential(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "config unavailable"}) - return - } - if h.cfg.AuthDir == "" { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "auth directory not configured"}) - return - } - - fileHeader, err := c.FormFile("file") - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "file required"}) - return - } - - file, err := fileHeader.Open() - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - return - } - defer func() { _ = file.Close() }() - - data, err := io.ReadAll(file) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - return - } - - var serviceAccount map[string]any - if err := json.Unmarshal(data, &serviceAccount); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json", "message": err.Error()}) - return - } - - normalizedSA, err := vertex.NormalizeServiceAccountMap(serviceAccount) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid service account", "message": err.Error()}) - return - } - serviceAccount = normalizedSA - - projectID := strings.TrimSpace(valueAsString(serviceAccount["project_id"])) - if projectID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "project_id missing"}) - return - } - email := strings.TrimSpace(valueAsString(serviceAccount["client_email"])) - - location := strings.TrimSpace(c.PostForm("location")) - if location == "" { - location = strings.TrimSpace(c.Query("location")) - } - if location == "" { - location = "us-central1" - } - - fileName := fmt.Sprintf("vertex-%s.json", sanitizeVertexFilePart(projectID)) - label := labelForVertex(projectID, email) - storage := &vertex.VertexCredentialStorage{ - ServiceAccount: serviceAccount, - ProjectID: projectID, - Email: email, - Location: location, - Type: "vertex", - } - metadata := map[string]any{ - "service_account": serviceAccount, - "project_id": projectID, - "email": email, - "location": location, - "type": "vertex", - "label": label, - } - record := &coreauth.Auth{ - ID: fileName, - Provider: "vertex", - FileName: fileName, - Storage: storage, - Label: label, - Metadata: metadata, - } - - ctx := context.Background() - if reqCtx := c.Request.Context(); reqCtx != nil { - ctx = reqCtx - } - savedPath, err := h.saveTokenRecord(ctx, record) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "save_failed", "message": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "auth-file": savedPath, - "project_id": projectID, - "email": email, - "location": location, - }) -} - -func valueAsString(v any) string { - if v == nil { - return "" - } - switch t := v.(type) { - case string: - return t - default: - return fmt.Sprint(t) - } -} - -func sanitizeVertexFilePart(s string) string { - out := strings.TrimSpace(s) - replacers := []string{"/", "_", "\\", "_", ":", "_", " ", "-"} - for i := 0; i < len(replacers); i += 2 { - out = strings.ReplaceAll(out, replacers[i], replacers[i+1]) - } - if out == "" { - return "vertex" - } - return out -} - -func labelForVertex(projectID, email string) string { - p := strings.TrimSpace(projectID) - e := strings.TrimSpace(email) - if p != "" && e != "" { - return fmt.Sprintf("%s (%s)", p, e) - } - if p != "" { - return p - } - if e != "" { - return e - } - return "vertex" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/routing_handler.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/routing_handler.go deleted file mode 100644 index 1b73c47e4e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/routing_handler.go +++ /dev/null @@ -1,70 +0,0 @@ -// Package handlers provides HTTP handlers for the API server. -package handlers - -import ( - "net/http" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -// RoutingSelectRequest is the JSON body for POST /v1/routing/select. -type RoutingSelectRequest struct { - TaskComplexity string `json:"taskComplexity"` - MaxCostPerCall float64 `json:"maxCostPerCall"` - MaxLatencyMs int `json:"maxLatencyMs"` - MinQualityScore float64 `json:"minQualityScore"` -} - -// RoutingSelectResponse is the JSON response for POST /v1/routing/select. -type RoutingSelectResponse struct { - ModelID string `json:"model_id"` - Provider string `json:"provider"` - EstimatedCost float64 `json:"estimated_cost"` - EstimatedLatencyMs int `json:"estimated_latency_ms"` - QualityScore float64 `json:"quality_score"` -} - -// RoutingHandler handles routing-related HTTP endpoints. -type RoutingHandler struct { - router *registry.ParetoRouter - classifier *registry.TaskClassifier -} - -// NewRoutingHandler returns a new RoutingHandler. -func NewRoutingHandler() *RoutingHandler { - return &RoutingHandler{ - router: registry.NewParetoRouter(), - classifier: registry.NewTaskClassifier(), - } -} - -// POSTRoutingSelect handles POST /v1/routing/select. -func (h *RoutingHandler) POSTRoutingSelect(c *gin.Context) { - var req RoutingSelectRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - routingReq := ®istry.RoutingRequest{ - TaskComplexity: req.TaskComplexity, - MaxCostPerCall: req.MaxCostPerCall, - MaxLatencyMs: req.MaxLatencyMs, - MinQualityScore: req.MinQualityScore, - } - - selected, err := h.router.SelectModel(c.Request.Context(), routingReq) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, RoutingSelectResponse{ - ModelID: selected.ModelID, - Provider: selected.Provider, - EstimatedCost: selected.EstimatedCost, - EstimatedLatencyMs: selected.EstimatedLatencyMs, - QualityScore: selected.QualityScore, - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/routing_handler_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/routing_handler_test.go deleted file mode 100644 index 5443d64b8f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/handlers/routing_handler_test.go +++ /dev/null @@ -1,130 +0,0 @@ -package handlers - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func setupRoutingRouter() *gin.Engine { - gin.SetMode(gin.TestMode) - r := gin.New() - h := NewRoutingHandler() - r.POST("/v1/routing/select", h.POSTRoutingSelect) - return r -} - -func TestPOSTRoutingSelectReturnsOptimalModel(t *testing.T) { - router := setupRoutingRouter() - - reqBody := RoutingSelectRequest{ - TaskComplexity: "NORMAL", - MaxCostPerCall: 0.01, - MaxLatencyMs: 5000, - MinQualityScore: 0.75, - } - - payload, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/v1/routing/select", bytes.NewReader(payload)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - - router.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String()) - } - - var resp RoutingSelectResponse - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to parse response: %v", err) - } - if resp.ModelID == "" { - t.Error("model_id is empty") - } - if resp.Provider == "" { - t.Error("provider is empty") - } - if resp.EstimatedCost == 0 { - t.Error("estimated_cost is zero") - } - if resp.QualityScore == 0 { - t.Error("quality_score is zero") - } -} - -func TestPOSTRoutingSelectReturns400OnImpossibleConstraints(t *testing.T) { - router := setupRoutingRouter() - - reqBody := RoutingSelectRequest{ - MaxCostPerCall: 0.0001, - MaxLatencyMs: 10, - MinQualityScore: 0.99, - } - - payload, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/v1/routing/select", bytes.NewReader(payload)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - - router.ServeHTTP(w, req) - - if w.Code != http.StatusBadRequest { - t.Errorf("expected 400, got %d", w.Code) - } -} - -func TestPOSTRoutingSelectReturns400OnBadJSON(t *testing.T) { - router := setupRoutingRouter() - - req := httptest.NewRequest("POST", "/v1/routing/select", bytes.NewReader([]byte("not json"))) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - - router.ServeHTTP(w, req) - - if w.Code != http.StatusBadRequest { - t.Errorf("expected 400, got %d", w.Code) - } -} - -func TestPOSTRoutingSelectConstraintsSatisfied(t *testing.T) { - router := setupRoutingRouter() - - reqBody := RoutingSelectRequest{ - TaskComplexity: "FAST", - MaxCostPerCall: 0.005, - MaxLatencyMs: 2000, - MinQualityScore: 0.70, - } - - payload, _ := json.Marshal(reqBody) - req := httptest.NewRequest("POST", "/v1/routing/select", bytes.NewReader(payload)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - - router.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String()) - } - - var resp RoutingSelectResponse - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to parse response: %v", err) - } - - if resp.EstimatedCost > reqBody.MaxCostPerCall { - t.Errorf("cost %.4f exceeds max %.4f", resp.EstimatedCost, reqBody.MaxCostPerCall) - } - if resp.EstimatedLatencyMs > reqBody.MaxLatencyMs { - t.Errorf("latency %d exceeds max %d", resp.EstimatedLatencyMs, reqBody.MaxLatencyMs) - } - if resp.QualityScore < reqBody.MinQualityScore { - t.Errorf("quality %.2f below min %.2f", resp.QualityScore, reqBody.MinQualityScore) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T052051-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T052051-2.log deleted file mode 100644 index 89abc75a73..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T052051-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T05:20:51.045014-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Headers: * -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054301-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054301-2.log deleted file mode 100644 index a741185a55..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054301-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T05:43:01.582576-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Origin: * - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054524-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054524-2.log deleted file mode 100644 index 2d5fa44671..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054524-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T05:45:24.163431-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json; charset=utf-8 - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054709-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054709-2.log deleted file mode 100644 index 5876dcb5e9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T054709-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T05:47:09.283932-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T172213-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T172213-2.log deleted file mode 100644 index 7d0900ce36..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T172213-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T17:22:13.093051-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T182006-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T182006-2.log deleted file mode 100644 index 8b7897a898..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T182006-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T18:20:06.579198-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Origin: * - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T183209-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T183209-2.log deleted file mode 100644 index 5a47a04568..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T183209-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T18:32:09.244529-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Origin: * - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T183430-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T183430-2.log deleted file mode 100644 index 91ba53ffdd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T183430-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T18:34:30.881073-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T184940-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T184940-2.log deleted file mode 100644 index 85c2a7ec8b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T184940-2.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T18:49:40.122335-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 501 -Access-Control-Allow-Headers: * -Content-Type: application/json; charset=utf-8 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - -{"capability":"pause","error":"unsupported capability","instructions":"Use capability labels continue, resume, ask, exec, or max.","session_id":"","status":"failed"} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-10.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-10.log deleted file mode 100644 index 278e08656f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-10.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.070937-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"alias test","capability":"resume"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-12.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-12.log deleted file mode 100644 index f6e517b132..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-12.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.071426-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"alias test","capability":"ask"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-14.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-14.log deleted file mode 100644 index fec4867618..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-14.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.071943-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"alias test","capability":"exec"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-16.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-16.log deleted file mode 100644 index 6dd767f177..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-16.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.072681-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"alias test","capability":"max"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-18.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-18.log deleted file mode 100644 index 804d4f55c1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-18.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.074111-07:00 - -=== HEADERS === -Idempotency-Key: idempotency-replay-key -Content-Type: application/json - -=== REQUEST BODY === -{"session_id":"cp-replay-session","message":"replay me","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-2.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-2.log deleted file mode 100644 index 7be2d80a69..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-2.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.068132-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"hello from client","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-20.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-20.log deleted file mode 100644 index 4976b64d10..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-20.log +++ /dev/null @@ -1,20 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.074866-07:00 - -=== HEADERS === -Content-Type: application/json -Idempotency-Key: dup-key-one - -=== REQUEST BODY === -{"session_id":"cp-replay-session-dupe","message":"first","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-22.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-22.log deleted file mode 100644 index e47d90a64f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-22.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.07559-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"session_id":"cp-mirror-session","message":"mirror test","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-24.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-24.log deleted file mode 100644 index 08653252e8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-24.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.076306-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"session_id":"cp-conflict-session","message":"first","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-26.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-26.log deleted file mode 100644 index 61cc41099e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-26.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.077153-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"session_id":"cp-copy-session","message":"immutable","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-4.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-4.log deleted file mode 100644 index 248b984f98..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-4.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.068775-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"status probe"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-6.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-6.log deleted file mode 100644 index 6ac1d2177d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-6.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.069747-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"x","capability":"pause"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-8.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-8.log deleted file mode 100644 index 619d8a8424..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-message-2026-02-22T195227-8.log +++ /dev/null @@ -1,19 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /message -Method: POST -Timestamp: 2026-02-22T19:52:27.070548-07:00 - -=== HEADERS === -Content-Type: application/json - -=== REQUEST BODY === -{"message":"alias test","capability":"continue"} - -=== RESPONSE === -Status: 404 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Access-Control-Allow-Origin: * - - diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T052051-3fd96da9.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T052051-3fd96da9.log deleted file mode 100644 index d4cfca88ca..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T052051-3fd96da9.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T05:20:51.039624-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T05:20:51.039908-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054301-8388c1d4.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054301-8388c1d4.log deleted file mode 100644 index 24a8b98b67..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054301-8388c1d4.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T05:43:01.570869-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T05:43:01.571194-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054524-ca252b09.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054524-ca252b09.log deleted file mode 100644 index e3cb381e84..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054524-ca252b09.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T05:45:24.004087-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T05:45:24.004547-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054709-f09e91dd.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054709-f09e91dd.log deleted file mode 100644 index 541ab6773d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T054709-f09e91dd.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T05:47:09.280025-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T05:47:09.280255-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T172213-a10fcc8c.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T172213-a10fcc8c.log deleted file mode 100644 index dff0568408..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T172213-a10fcc8c.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T17:22:13.084728-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T17:22:13.08527-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T182006-858d0844.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T182006-858d0844.log deleted file mode 100644 index 32b10447f0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T182006-858d0844.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T18:20:06.562885-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T18:20:06.563367-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Content-Type: application/json -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T183209-b05e457c.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T183209-b05e457c.log deleted file mode 100644 index b7d2a84838..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T183209-b05e457c.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T18:32:09.237175-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T18:32:09.238101-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T183430-4d0c5286.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T183430-4d0c5286.log deleted file mode 100644 index 87185b69ff..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T183430-4d0c5286.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T18:34:30.87595-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T18:34:30.876219-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T184940-99cee20f.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T184940-99cee20f.log deleted file mode 100644 index e5b66688ec..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T184940-99cee20f.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T18:49:40.105281-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T18:49:40.105664-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Content-Type: application/json -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195227-00abf49a.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195227-00abf49a.log deleted file mode 100644 index 7279ae3ea1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195227-00abf49a.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T19:52:27.063674-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T19:52:27.063909-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195309-d076652e.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195309-d076652e.log deleted file mode 100644 index c0a900c75d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195309-d076652e.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T19:53:09.420045-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T19:53:09.420285-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195653-2de2a482.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195653-2de2a482.log deleted file mode 100644 index c21be63ee3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T195653-2de2a482.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T19:56:53.729999-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T19:56:53.730186-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T200017-58998174.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T200017-58998174.log deleted file mode 100644 index 429409ea1b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T200017-58998174.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T20:00:17.241188-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T20:00:17.24149-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T201518-9f48bf8c.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T201518-9f48bf8c.log deleted file mode 100644 index 01028c42b9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T201518-9f48bf8c.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T20:15:18.139687-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T20:15:18.139938-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T201541-14692377.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T201541-14692377.log deleted file mode 100644 index 8b81866330..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T201541-14692377.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T20:15:41.541312-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T20:15:41.54161-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json -Access-Control-Allow-Origin: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T202242-1071df84.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T202242-1071df84.log deleted file mode 100644 index 21c9654304..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T202242-1071df84.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T20:22:42.350288-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T20:22:42.350583-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T202325-37c844d0.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T202325-37c844d0.log deleted file mode 100644 index 8986335f19..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-22T202325-37c844d0.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-22T20:23:25.380251-07:00 - -=== HEADERS === - -=== REQUEST BODY === -{} - -=== API RESPONSE === -Timestamp: 2026-02-22T20:23:25.380575-07:00 -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} - -=== RESPONSE === -Status: 502 -Content-Type: application/json -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * - -{"error":{"message":"unknown provider for model","type":"server_error","code":"internal_server_error"}} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-23T110233-c50c8184.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-23T110233-c50c8184.log deleted file mode 100644 index 2ec2f7df74..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-23T110233-c50c8184.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-23T11:02:33.06697-07:00 - -=== HEADERS === - -=== REQUEST BODY === -[REDACTED] len=40 sha256=51636e030e8b01ff - -=== API RESPONSE === -Timestamp: 2026-02-23T11:02:33.067177-07:00 -[REDACTED] len=42 sha256=fb47b4e15acb6fde - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -[REDACTED] len=103 sha256=d494b6595fb73a48 diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-24T184243-920269b0.log b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-24T184243-920269b0.log deleted file mode 100644 index 7ca05cddf5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/logs/error-v1-responses-2026-02-24T184243-920269b0.log +++ /dev/null @@ -1,23 +0,0 @@ -=== REQUEST INFO === -Version: dev -URL: /v1/responses -Method: POST -Timestamp: 2026-02-24T18:42:43.464725-07:00 - -=== HEADERS === - -=== REQUEST BODY === -[REDACTED] len=40 sha256=51636e030e8b01ff - -=== API RESPONSE === -Timestamp: 2026-02-24T18:42:43.464958-07:00 -[REDACTED] len=42 sha256=fb47b4e15acb6fde - -=== RESPONSE === -Status: 502 -Access-Control-Allow-Origin: * -Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS -Access-Control-Allow-Headers: * -Content-Type: application/json - -[REDACTED] len=103 sha256=d494b6595fb73a48 diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/request_logging.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/request_logging.go deleted file mode 100644 index d3070bf62c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/request_logging.go +++ /dev/null @@ -1,235 +0,0 @@ -// Package middleware provides HTTP middleware components for the CLI Proxy API server. -// This file contains the request logging middleware that captures comprehensive -// request and response data when enabled through configuration. -package middleware - -import ( - "bytes" - "encoding/json" - "io" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const maxErrorOnlyCapturedRequestBodyBytes int64 = 1 << 20 // 1 MiB - -// RequestLoggingMiddleware creates a Gin middleware that logs HTTP requests and responses. -// It captures detailed information about the request and response, including headers and body, -// and uses the provided RequestLogger to record this data. When full request logging is disabled, -// body capture is limited to small known-size payloads to avoid large per-request memory spikes. -func RequestLoggingMiddleware(logger logging.RequestLogger) gin.HandlerFunc { - return func(c *gin.Context) { - if logger == nil { - c.Next() - return - } - - if shouldSkipMethodForRequestLogging(c.Request) { - c.Next() - return - } - - path := c.Request.URL.Path - if !shouldLogRequest(path) { - c.Next() - return - } - - loggerEnabled := logger.IsEnabled() - - // Capture request information - requestInfo, err := captureRequestInfo(c, shouldCaptureRequestBody(loggerEnabled, c.Request)) - if err != nil { - // Log error but continue processing - // In a real implementation, you might want to use a proper logger here - c.Next() - return - } - - // Create response writer wrapper - wrapper := NewResponseWriterWrapper(c.Writer, logger, requestInfo) - if !loggerEnabled { - wrapper.logOnErrorOnly = true - } - c.Writer = wrapper - - // Process the request - c.Next() - - // Finalize logging after request processing - if err = wrapper.Finalize(c); err != nil { - log.Errorf("failed to finalize request logging: %v", err) - } - } -} - -func shouldSkipMethodForRequestLogging(req *http.Request) bool { - if req == nil { - return true - } - if req.Method != http.MethodGet { - return false - } - return !isResponsesWebsocketUpgrade(req) -} - -func isResponsesWebsocketUpgrade(req *http.Request) bool { - if req == nil || req.URL == nil { - return false - } - if req.URL.Path != "/v1/responses" { - return false - } - return strings.EqualFold(strings.TrimSpace(req.Header.Get("Upgrade")), "websocket") -} - -func shouldCaptureRequestBody(loggerEnabled bool, req *http.Request) bool { - if loggerEnabled { - return true - } - if req == nil || req.Body == nil { - return false - } - contentType := strings.ToLower(strings.TrimSpace(req.Header.Get("Content-Type"))) - if strings.HasPrefix(contentType, "multipart/form-data") { - return false - } - if req.ContentLength <= 0 { - return false - } - return req.ContentLength <= maxErrorOnlyCapturedRequestBodyBytes -} - -// captureRequestInfo extracts relevant information from the incoming HTTP request. -// It captures the URL, method, headers, and body. The request body is read and then -// restored so that it can be processed by subsequent handlers. -func captureRequestInfo(c *gin.Context, captureBody bool) (*RequestInfo, error) { - // Capture URL with sensitive query parameters masked - maskedQuery := util.MaskSensitiveQuery(c.Request.URL.RawQuery) - url := c.Request.URL.Path - if maskedQuery != "" { - url += "?" + maskedQuery - } - - // Capture method - method := c.Request.Method - - // Capture headers - headers := sanitizeRequestHeaders(c.Request.Header) - - // Capture request body - var body []byte - if captureBody && c.Request.Body != nil { - // Read the body - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - return nil, err - } - - // Restore the body for the actual request processing - c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes)) - body = sanitizeLoggedPayloadBytes(bodyBytes) - } - - return &RequestInfo{ - URL: url, - Method: method, - Headers: headers, - Body: body, - RequestID: logging.GetGinRequestID(c), - Timestamp: time.Now(), - }, nil -} - -func sanitizeRequestHeaders(headers http.Header) map[string][]string { - sanitized := make(map[string][]string, len(headers)) - for key, values := range headers { - keyLower := strings.ToLower(strings.TrimSpace(key)) - if keyLower == "authorization" || keyLower == "cookie" || keyLower == "proxy-authorization" { - sanitized[key] = []string{"[redacted]"} - continue - } - sanitized[key] = values - } - return sanitized -} - -// shouldLogRequest determines whether the request should be logged. -// It skips management endpoints to avoid leaking secrets but allows -// all other routes, including module-provided ones, to honor request-log. -func shouldLogRequest(path string) bool { - if strings.HasPrefix(path, "/v0/management") || strings.HasPrefix(path, "/management") { - return false - } - - if strings.HasPrefix(path, "/api") { - return strings.HasPrefix(path, "/api/provider") - } - - return true -} - -func sanitizeLoggedPayloadBytes(payload []byte) []byte { - if len(payload) == 0 { - return nil - } - - var parsed any - if err := json.Unmarshal(payload, &parsed); err != nil { - return bytes.Clone(payload) - } - - redacted := sanitizeJSONPayloadValue(parsed) - out, err := json.Marshal(redacted) - if err != nil { - return bytes.Clone(payload) - } - - return out -} - -func sanitizeJSONPayloadValue(value any) any { - switch typed := value.(type) { - case map[string]any: - redacted := make(map[string]any, len(typed)) - for k, v := range typed { - if isSensitivePayloadKey(k) { - redacted[k] = "[REDACTED]" - continue - } - redacted[k] = sanitizeJSONPayloadValue(v) - } - return redacted - case []any: - items := make([]any, len(typed)) - for i, item := range typed { - items[i] = sanitizeJSONPayloadValue(item) - } - return items - default: - return typed - } -} - -func isSensitivePayloadKey(key string) bool { - normalized := strings.ToLower(strings.TrimSpace(key)) - normalized = strings.ReplaceAll(normalized, "-", "_") - normalized = strings.TrimPrefix(normalized, "x_") - - if normalized == "authorization" || normalized == "token" || normalized == "secret" || normalized == "password" { - return true - } - if strings.Contains(normalized, "api_key") || strings.Contains(normalized, "apikey") { - return true - } - if strings.Contains(normalized, "access_token") || strings.Contains(normalized, "refresh_token") || strings.Contains(normalized, "id_token") { - return true - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/request_logging_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/request_logging_test.go deleted file mode 100644 index d0932e75ad..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/request_logging_test.go +++ /dev/null @@ -1,115 +0,0 @@ -package middleware - -import ( - "bytes" - "net/http/httptest" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" -) - -type mockRequestLogger struct { - enabled bool - logged bool - headers map[string][]string - body []byte -} - -func (m *mockRequestLogger) IsEnabled() bool { return m.enabled } -func (m *mockRequestLogger) LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - m.logged = true - m.headers = requestHeaders - m.body = body - return nil -} -func (m *mockRequestLogger) LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (logging.StreamingLogWriter, error) { - return &logging.NoOpStreamingLogWriter{}, nil -} - -func TestRequestLoggingMiddleware(t *testing.T) { - gin.SetMode(gin.TestMode) - - t.Run("LoggerNil", func(t *testing.T) { - router := gin.New() - router.Use(RequestLoggingMiddleware(nil)) - router.POST("/test", func(c *gin.Context) { c.Status(200) }) - - w := httptest.NewRecorder() - req := httptest.NewRequest("POST", "/test", nil) - router.ServeHTTP(w, req) - if w.Code != 200 { - t.Errorf("expected 200") - } - }) - - t.Run("GETMethod", func(t *testing.T) { - logger := &mockRequestLogger{enabled: true} - router := gin.New() - router.Use(RequestLoggingMiddleware(logger)) - router.GET("/test", func(c *gin.Context) { c.Status(200) }) - - w := httptest.NewRecorder() - req := httptest.NewRequest("GET", "/test", nil) - router.ServeHTTP(w, req) - if logger.logged { - t.Errorf("should not log GET requests") - } - }) - - t.Run("ManagementPath", func(t *testing.T) { - logger := &mockRequestLogger{enabled: true} - router := gin.New() - router.Use(RequestLoggingMiddleware(logger)) - router.POST("/management/test", func(c *gin.Context) { c.Status(200) }) - - w := httptest.NewRecorder() - req := httptest.NewRequest("POST", "/management/test", nil) - router.ServeHTTP(w, req) - if logger.logged { - t.Errorf("should not log management paths") - } - }) - - t.Run("LogEnabled", func(t *testing.T) { - logger := &mockRequestLogger{enabled: true} - router := gin.New() - router.Use(RequestLoggingMiddleware(logger)) - router.POST("/v1/chat/completions", func(c *gin.Context) { - c.JSON(200, gin.H{"ok": true}) - }) - - w := httptest.NewRecorder() - req := httptest.NewRequest("POST", "/v1/chat/completions", bytes.NewReader([]byte(`{"test":true}`))) - req.Header.Set("Authorization", "Bearer secret") - req.Header.Set("X-Api-Key", "super-secret") - router.ServeHTTP(w, req) - if !logger.logged { - t.Errorf("should have logged the request") - } - if got := logger.headers["Authorization"]; len(got) != 1 || got[0] != "[redacted]" { - t.Fatalf("authorization header should be redacted, got %#v", got) - } - }) -} - -func TestShouldLogRequest(t *testing.T) { - cases := []struct { - path string - expected bool - }{ - {"/v1/chat/completions", true}, - {"/management/config", false}, - {"/v0/management/config", false}, - {"/api/provider/test", true}, - {"/api/other", false}, - } - - for _, c := range cases { - if got := shouldLogRequest(c.path); got != c.expected { - t.Errorf("path %s: expected %v, got %v", c.path, c.expected, got) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/response_writer.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/response_writer.go deleted file mode 100644 index 21b0b99fc6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/response_writer.go +++ /dev/null @@ -1,447 +0,0 @@ -// Package middleware provides Gin HTTP middleware for the CLI Proxy API server. -// It includes a sophisticated response writer wrapper designed to capture and log request and response data, -// including support for streaming responses, without impacting latency. -package middleware - -import ( - "bytes" - "crypto/sha256" - "fmt" - "html" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" -) - -const requestBodyOverrideContextKey = "REQUEST_BODY_OVERRIDE" - -// RequestInfo holds essential details of an incoming HTTP request for logging purposes. -type RequestInfo struct { - URL string // URL is the request URL. - Method string // Method is the HTTP method (e.g., GET, POST). - Headers map[string][]string // Headers contains the request headers. - Body []byte // Body is the raw request body. - RequestID string // RequestID is the unique identifier for the request. - Timestamp time.Time // Timestamp is when the request was received. -} - -// ResponseWriterWrapper wraps the standard gin.ResponseWriter to intercept and log response data. -// It is designed to handle both standard and streaming responses, ensuring that logging operations do not block the client response. -type ResponseWriterWrapper struct { - gin.ResponseWriter - body *bytes.Buffer // body is a buffer to store the response body for non-streaming responses. - isStreaming bool // isStreaming indicates whether the response is a streaming type (e.g., text/event-stream). - streamWriter logging.StreamingLogWriter // streamWriter is a writer for handling streaming log entries. - chunkChannel chan []byte // chunkChannel is a channel for asynchronously passing response chunks to the logger. - streamDone chan struct{} // streamDone signals when the streaming goroutine completes. - logger logging.RequestLogger // logger is the instance of the request logger service. - requestInfo *RequestInfo // requestInfo holds the details of the original request. - statusCode int // statusCode stores the HTTP status code of the response. - headers map[string][]string // headers stores the response headers. - logOnErrorOnly bool // logOnErrorOnly enables logging only when an error response is detected. - firstChunkTimestamp time.Time // firstChunkTimestamp captures TTFB for streaming responses. -} - -// NewResponseWriterWrapper creates and initializes a new ResponseWriterWrapper. -// It takes the original gin.ResponseWriter, a logger instance, and request information. -// -// Parameters: -// - w: The original gin.ResponseWriter to wrap. -// - logger: The logging service to use for recording requests. -// - requestInfo: The pre-captured information about the incoming request. -// -// Returns: -// - A pointer to a new ResponseWriterWrapper. -func NewResponseWriterWrapper(w gin.ResponseWriter, logger logging.RequestLogger, requestInfo *RequestInfo) *ResponseWriterWrapper { - return &ResponseWriterWrapper{ - ResponseWriter: w, - body: &bytes.Buffer{}, - logger: logger, - requestInfo: requestInfo, - headers: make(map[string][]string), - } -} - -// Write wraps the underlying ResponseWriter's Write method to capture response data. -// For non-streaming responses, it writes to an internal buffer. For streaming responses, -// it sends data chunks to a non-blocking channel for asynchronous logging. -// CRITICAL: This method prioritizes writing to the client to ensure zero latency, -// handling logging operations subsequently. -func (w *ResponseWriterWrapper) Write(data []byte) (int, error) { - // Ensure headers are captured before first write - // This is critical because Write() may trigger WriteHeader() internally - w.ensureHeadersCaptured() - - // CRITICAL: Write to client first (zero latency) - n, err := w.ResponseWriter.Write(data) - - // THEN: Handle logging based on response type - if w.isStreaming && w.chunkChannel != nil { - // Capture TTFB on first chunk (synchronous, before async channel send) - if w.firstChunkTimestamp.IsZero() { - w.firstChunkTimestamp = time.Now() - } - // For streaming responses: Send to async logging channel (non-blocking) - select { - case w.chunkChannel <- append([]byte(nil), data...): // Non-blocking send with copy - default: // Channel full, skip logging to avoid blocking - } - return n, err - } - - if w.shouldBufferResponseBody() { - w.body.Write(data) - } - - return n, err -} - -func (w *ResponseWriterWrapper) shouldBufferResponseBody() bool { - if w.logger != nil && w.logger.IsEnabled() { - return true - } - if !w.logOnErrorOnly { - return false - } - status := w.statusCode - if status == 0 { - if statusWriter, ok := w.ResponseWriter.(interface{ Status() int }); ok && statusWriter != nil { - status = statusWriter.Status() - } else { - status = http.StatusOK - } - } - return status >= http.StatusBadRequest -} - -// WriteString wraps the underlying ResponseWriter's WriteString method to capture response data. -// Some handlers (and fmt/io helpers) write via io.StringWriter; without this override, those writes -// bypass Write() and would be missing from request logs. -func (w *ResponseWriterWrapper) WriteString(data string) (int, error) { - w.ensureHeadersCaptured() - - // CRITICAL: Write to client first (zero latency) - n, err := w.ResponseWriter.WriteString(data) - - // THEN: Capture for logging - if w.isStreaming && w.chunkChannel != nil { - // Capture TTFB on first chunk (synchronous, before async channel send) - if w.firstChunkTimestamp.IsZero() { - w.firstChunkTimestamp = time.Now() - } - select { - case w.chunkChannel <- []byte(data): - default: - } - return n, err - } - - if w.shouldBufferResponseBody() { - w.body.WriteString(data) - } - return n, err -} - -// WriteHeader wraps the underlying ResponseWriter's WriteHeader method. -// It captures the status code, detects if the response is streaming based on the Content-Type header, -// and initializes the appropriate logging mechanism (standard or streaming). -func (w *ResponseWriterWrapper) WriteHeader(statusCode int) { - w.statusCode = statusCode - - // Capture response headers using the new method - w.captureCurrentHeaders() - - // Detect streaming based on Content-Type - contentType := w.Header().Get("Content-Type") - w.isStreaming = w.detectStreaming(contentType) - - // If streaming, initialize streaming log writer - if w.isStreaming && w.logger.IsEnabled() { - streamWriter, err := w.logger.LogStreamingRequest( - sanitizeForLogging(w.requestInfo.URL), - sanitizeForLogging(w.requestInfo.Method), - w.requestInfo.Headers, - w.requestInfo.Body, - sanitizeForLogging(w.requestInfo.RequestID), - ) - if err == nil { - w.streamWriter = streamWriter - w.chunkChannel = make(chan []byte, 100) // Buffered channel for async writes - doneChan := make(chan struct{}) - w.streamDone = doneChan - - // Start async chunk processor - go w.processStreamingChunks(doneChan) - - // Write status immediately - _ = streamWriter.WriteStatus(statusCode, w.headers) - } - } - - // Call original WriteHeader - w.ResponseWriter.WriteHeader(statusCode) -} - -// ensureHeadersCaptured is a helper function to make sure response headers are captured. -// It is safe to call this method multiple times; it will always refresh the headers -// with the latest state from the underlying ResponseWriter. -func (w *ResponseWriterWrapper) ensureHeadersCaptured() { - // Always capture the current headers to ensure we have the latest state - w.captureCurrentHeaders() -} - -// captureCurrentHeaders reads all headers from the underlying ResponseWriter and stores them -// in the wrapper's headers map. It creates copies of the header values to prevent race conditions. -func (w *ResponseWriterWrapper) captureCurrentHeaders() { - // Initialize headers map if needed - if w.headers == nil { - w.headers = make(map[string][]string) - } - - // Capture all current headers from the underlying ResponseWriter - for key, values := range w.Header() { - // Make a copy of the values slice to avoid reference issues - headerValues := make([]string, len(values)) - copy(headerValues, values) - w.headers[key] = headerValues - } -} - -// detectStreaming determines if a response should be treated as a streaming response. -// It checks for a "text/event-stream" Content-Type or a '"stream": true' -// field in the original request body. -func (w *ResponseWriterWrapper) detectStreaming(contentType string) bool { - // Check Content-Type for Server-Sent Events - if strings.Contains(contentType, "text/event-stream") { - return true - } - - // If a concrete Content-Type is already set (e.g., application/json for error responses), - // treat it as non-streaming instead of inferring from the request payload. - if strings.TrimSpace(contentType) != "" { - return false - } - - // Only fall back to request payload hints when Content-Type is not set yet. - if w.requestInfo != nil && len(w.requestInfo.Body) > 0 { - return bytes.Contains(w.requestInfo.Body, []byte(`"stream": true`)) || - bytes.Contains(w.requestInfo.Body, []byte(`"stream":true`)) - } - - return false -} - -// processStreamingChunks runs in a separate goroutine to process response chunks from the chunkChannel. -// It asynchronously writes each chunk to the streaming log writer. -func (w *ResponseWriterWrapper) processStreamingChunks(done chan struct{}) { - if done == nil { - return - } - - defer close(done) - - if w.streamWriter == nil || w.chunkChannel == nil { - return - } - - for chunk := range w.chunkChannel { - w.streamWriter.WriteChunkAsync(chunk) - } -} - -// Finalize completes the logging process for the request and response. -// For streaming responses, it closes the chunk channel and the stream writer. -// For non-streaming responses, it logs the complete request and response details, -// including any API-specific request/response data stored in the Gin context. -func (w *ResponseWriterWrapper) Finalize(c *gin.Context) error { - if w.logger == nil { - return nil - } - - finalStatusCode := w.statusCode - if finalStatusCode == 0 { - if statusWriter, ok := w.ResponseWriter.(interface{ Status() int }); ok { - finalStatusCode = statusWriter.Status() - } else { - finalStatusCode = 200 - } - } - - var slicesAPIResponseError []*interfaces.ErrorMessage - apiResponseError, isExist := c.Get("API_RESPONSE_ERROR") - if isExist { - if apiErrors, ok := apiResponseError.([]*interfaces.ErrorMessage); ok { - slicesAPIResponseError = apiErrors - } - } - - hasAPIError := len(slicesAPIResponseError) > 0 || finalStatusCode >= http.StatusBadRequest - forceLog := w.logOnErrorOnly && hasAPIError && !w.logger.IsEnabled() - if !w.logger.IsEnabled() && !forceLog { - return nil - } - - if w.isStreaming && w.streamWriter != nil { - if w.chunkChannel != nil { - close(w.chunkChannel) - w.chunkChannel = nil - } - - if w.streamDone != nil { - <-w.streamDone - w.streamDone = nil - } - - w.streamWriter.SetFirstChunkTimestamp(w.firstChunkTimestamp) - - // Write API Request and Response to the streaming log before closing - apiRequest := w.extractAPIRequest(c) - if len(apiRequest) > 0 { - _ = w.streamWriter.WriteAPIRequest(apiRequest) - } - apiResponse := w.extractAPIResponse(c) - if len(apiResponse) > 0 { - _ = w.streamWriter.WriteAPIResponse(apiResponse) - } - if err := w.streamWriter.Close(); err != nil { - w.streamWriter = nil - return err - } - w.streamWriter = nil - return nil - } - - return w.logRequest(w.extractRequestBody(c), finalStatusCode, w.cloneHeaders(), w.body.Bytes(), w.extractAPIRequest(c), w.extractAPIResponse(c), w.extractAPIResponseTimestamp(c), slicesAPIResponseError, forceLog) -} - -func (w *ResponseWriterWrapper) cloneHeaders() map[string][]string { - w.ensureHeadersCaptured() - - finalHeaders := make(map[string][]string, len(w.headers)) - for key, values := range w.headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - finalHeaders[key] = headerValues - } - - return finalHeaders -} - -func (w *ResponseWriterWrapper) extractAPIRequest(c *gin.Context) []byte { - apiRequest, isExist := c.Get("API_REQUEST") - if !isExist { - return nil - } - data, ok := apiRequest.([]byte) - if !ok || len(data) == 0 { - return nil - } - return redactLoggedBody(data) -} - -func (w *ResponseWriterWrapper) extractAPIResponse(c *gin.Context) []byte { - apiResponse, isExist := c.Get("API_RESPONSE") - if !isExist { - return nil - } - data, ok := apiResponse.([]byte) - if !ok || len(data) == 0 { - return nil - } - return redactLoggedBody(data) -} - -func (w *ResponseWriterWrapper) extractAPIResponseTimestamp(c *gin.Context) time.Time { - ts, isExist := c.Get("API_RESPONSE_TIMESTAMP") - if !isExist { - return time.Time{} - } - if t, ok := ts.(time.Time); ok { - return t - } - return time.Time{} -} - -func (w *ResponseWriterWrapper) extractRequestBody(c *gin.Context) []byte { - if c != nil { - if bodyOverride, isExist := c.Get(requestBodyOverrideContextKey); isExist { - switch value := bodyOverride.(type) { - case []byte: - if len(value) > 0 { - return redactLoggedBody(bytes.Clone(value)) - } - case string: - if strings.TrimSpace(value) != "" { - return redactLoggedBody([]byte(value)) - } - } - } - } - if w.requestInfo != nil && len(w.requestInfo.Body) > 0 { - return redactLoggedBody(w.requestInfo.Body) - } - return nil -} - -func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, headers map[string][]string, body []byte, apiRequestBody, apiResponseBody []byte, apiResponseTimestamp time.Time, apiResponseErrors []*interfaces.ErrorMessage, forceLog bool) error { - if w.requestInfo == nil { - return nil - } - safeURL := sanitizeForLogging(w.requestInfo.URL) - safeMethod := sanitizeForLogging(w.requestInfo.Method) - safeRequestID := sanitizeForLogging(w.requestInfo.RequestID) - requestHeaders := sanitizeRequestHeaders(http.Header(w.requestInfo.Headers)) - - if loggerWithOptions, ok := w.logger.(interface { - LogRequestWithOptions(string, string, map[string][]string, []byte, int, map[string][]string, []byte, []byte, []byte, []*interfaces.ErrorMessage, bool, string, time.Time, time.Time) error - }); ok { - return loggerWithOptions.LogRequestWithOptions( - safeURL, - safeMethod, - requestHeaders, - redactLoggedBody(requestBody), - statusCode, - headers, - redactLoggedBody(body), - redactLoggedBody(apiRequestBody), - redactLoggedBody(apiResponseBody), - apiResponseErrors, - forceLog, - safeRequestID, - w.requestInfo.Timestamp, - apiResponseTimestamp, - ) - } - - return w.logger.LogRequest( - safeURL, - safeMethod, - requestHeaders, - redactLoggedBody(requestBody), - statusCode, - headers, - redactLoggedBody(body), - redactLoggedBody(apiRequestBody), - redactLoggedBody(apiResponseBody), - apiResponseErrors, - safeRequestID, - w.requestInfo.Timestamp, - apiResponseTimestamp, - ) -} - -func sanitizeForLogging(value string) string { - return html.EscapeString(strings.TrimSpace(value)) -} - -func redactLoggedBody(body []byte) []byte { - if len(body) == 0 { - return nil - } - sum := sha256.Sum256(body) - return []byte(fmt.Sprintf("[REDACTED] len=%d sha256=%x", len(body), sum[:8])) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/response_writer_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/response_writer_test.go deleted file mode 100644 index ee811ec4e6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/middleware/response_writer_test.go +++ /dev/null @@ -1,166 +0,0 @@ -package middleware - -import ( - "net/http" - "net/http/httptest" - "strings" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" -) - -type mockLogger struct { - enabled bool - logged bool - responseHeaders map[string][]string - apiResponseTimestamp time.Time -} - -func (m *mockLogger) LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - m.logged = true - m.responseHeaders = responseHeaders - m.apiResponseTimestamp = apiResponseTimestamp - return nil -} - -func (m *mockLogger) IsEnabled() bool { - return m.enabled -} - -func (m *mockLogger) LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (logging.StreamingLogWriter, error) { - return &logging.NoOpStreamingLogWriter{}, nil -} - -func TestResponseWriterWrapper_Basic(t *testing.T) { - gin.SetMode(gin.TestMode) - w := httptest.NewRecorder() - gw := gin.CreateTestContextOnly(w, gin.Default()) - - logger := &mockLogger{enabled: true} - reqInfo := &RequestInfo{ - URL: "/test", - Method: "GET", - Body: []byte("req body"), - } - - wrapper := NewResponseWriterWrapper(gw.Writer, logger, reqInfo) - - // Test Write - n, err := wrapper.Write([]byte("hello")) - if err != nil || n != 5 { - t.Errorf("Write failed: n=%d, err=%v", n, err) - } - - // Test WriteHeader - wrapper.WriteHeader(http.StatusAccepted) - if wrapper.statusCode != http.StatusAccepted { - t.Errorf("expected status 202, got %d", wrapper.statusCode) - } - - // Test Finalize - err = wrapper.Finalize(gw) - if err != nil { - t.Errorf("Finalize failed: %v", err) - } -} - -func TestResponseWriterWrapper_DetectStreaming(t *testing.T) { - wrapper := &ResponseWriterWrapper{ - requestInfo: &RequestInfo{ - Body: []byte(`{"stream": true}`), - }, - } - - if !wrapper.detectStreaming("text/event-stream") { - t.Error("expected true for text/event-stream") - } - - if wrapper.detectStreaming("application/json") { - t.Error("expected false for application/json even with stream:true in body (per logic)") - } - - wrapper.requestInfo.Body = []byte(`{}`) - if wrapper.detectStreaming("") { - t.Error("expected false for empty content type and no stream hint") - } -} - -func TestResponseWriterWrapper_ForwardsResponseHeaders(t *testing.T) { - gin.SetMode(gin.TestMode) - w := httptest.NewRecorder() - gw := gin.CreateTestContextOnly(w, gin.Default()) - - logger := &mockLogger{enabled: true} - reqInfo := &RequestInfo{ - URL: "/test", - Method: "GET", - Body: []byte("req body"), - } - - wrapper := NewResponseWriterWrapper(gw.Writer, logger, reqInfo) - wrapper.Header().Set("Set-Cookie", "session=abc") - wrapper.Header().Set("Authorization", "Bearer secret") - wrapper.Header().Set("X-API-Key", "abc123") - - wrapper.WriteHeader(http.StatusCreated) - if _, err := wrapper.Write([]byte("ok")); err != nil { - t.Fatalf("Write failed: %v", err) - } - if err := wrapper.Finalize(gw); err != nil { - t.Fatalf("Finalize failed: %v", err) - } - if !logger.logged { - t.Fatalf("expected logger to be called") - } - if got := logger.responseHeaders["Authorization"]; len(got) != 1 || got[0] != "Bearer secret" { - t.Fatalf("Authorization should be forwarded, got %#v", got) - } - if got := logger.responseHeaders["Set-Cookie"]; len(got) != 1 || got[0] != "session=abc" { - t.Fatalf("Set-Cookie should be forwarded, got %#v", got) - } - - var xAPIKey []string - for key, value := range logger.responseHeaders { - if strings.EqualFold(key, "X-API-Key") { - xAPIKey = value - break - } - } - if len(xAPIKey) != 1 || xAPIKey[0] != "abc123" { - t.Fatalf("X-API-Key should be forwarded, got %#v", xAPIKey) - } -} - -func TestResponseWriterWrapper_ForwardsAPIResponseTimestamp(t *testing.T) { - gin.SetMode(gin.TestMode) - w := httptest.NewRecorder() - gw := gin.CreateTestContextOnly(w, gin.Default()) - expected := time.Date(2026, time.February, 23, 14, 0, 0, 0, time.UTC) - - logger := &mockLogger{enabled: true} - reqInfo := &RequestInfo{ - URL: "/test", - Method: "GET", - Body: []byte("req body"), - } - - wrapper := NewResponseWriterWrapper(gw.Writer, logger, reqInfo) - wrapper.WriteHeader(http.StatusAccepted) - gw.Set("API_RESPONSE_TIMESTAMP", expected) - - if err := wrapper.Finalize(gw); err != nil { - t.Fatalf("Finalize failed: %v", err) - } - if !logger.logged { - t.Fatalf("expected logger to be called") - } - if logger.apiResponseTimestamp.IsZero() { - t.Fatalf("expected API response timestamp to be forwarded") - } - if !logger.apiResponseTimestamp.Equal(expected) { - t.Fatalf("expected %v, got %v", expected, logger.apiResponseTimestamp) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/amp.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/amp.go deleted file mode 100644 index c699903b5c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/amp.go +++ /dev/null @@ -1,427 +0,0 @@ -// Package amp implements the Amp CLI routing module, providing OAuth-based -// integration with Amp CLI for ChatGPT and Anthropic subscriptions. -package amp - -import ( - "fmt" - "net/http/httputil" - "strings" - "sync" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/api/modules" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - log "github.com/sirupsen/logrus" -) - -// Option configures the AmpModule. -type Option func(*AmpModule) - -// AmpModule implements the RouteModuleV2 interface for Amp CLI integration. -// It provides: -// - Reverse proxy to Amp control plane for OAuth/management -// - Provider-specific route aliases (/api/provider/{provider}/...) -// - Automatic gzip decompression for misconfigured upstreams -// - Model mapping for routing unavailable models to alternatives -type AmpModule struct { - secretSource SecretSource - proxy *httputil.ReverseProxy - proxyMu sync.RWMutex // protects proxy for hot-reload - accessManager *sdkaccess.Manager - authMiddleware_ gin.HandlerFunc - modelMapper *DefaultModelMapper - enabled bool - registerOnce sync.Once - - // restrictToLocalhost controls localhost-only access for management routes (hot-reloadable) - restrictToLocalhost bool - restrictMu sync.RWMutex - - // configMu protects lastConfig for partial reload comparison - configMu sync.RWMutex - lastConfig *config.AmpCode -} - -// New creates a new Amp routing module with the given options. -// This is the preferred constructor using the Option pattern. -// -// Example: -// -// ampModule := amp.New( -// amp.WithAccessManager(accessManager), -// amp.WithAuthMiddleware(authMiddleware), -// amp.WithSecretSource(customSecret), -// ) -func New(opts ...Option) *AmpModule { - m := &AmpModule{ - secretSource: nil, // Will be created on demand if not provided - } - for _, opt := range opts { - opt(m) - } - return m -} - -// NewLegacy creates a new Amp routing module using the legacy constructor signature. -// This is provided for backwards compatibility. -// -// DEPRECATED: Use New with options instead. -func NewLegacy(accessManager *sdkaccess.Manager, authMiddleware gin.HandlerFunc) *AmpModule { - return New( - WithAccessManager(accessManager), - WithAuthMiddleware(authMiddleware), - ) -} - -// WithSecretSource sets a custom secret source for the module. -func WithSecretSource(source SecretSource) Option { - return func(m *AmpModule) { - m.secretSource = source - } -} - -// WithAccessManager sets the access manager for the module. -func WithAccessManager(am *sdkaccess.Manager) Option { - return func(m *AmpModule) { - m.accessManager = am - } -} - -// WithAuthMiddleware sets the authentication middleware for provider routes. -func WithAuthMiddleware(middleware gin.HandlerFunc) Option { - return func(m *AmpModule) { - m.authMiddleware_ = middleware - } -} - -// Name returns the module identifier -func (m *AmpModule) Name() string { - return "amp-routing" -} - -// forceModelMappings returns whether model mappings should take precedence over local API keys -func (m *AmpModule) forceModelMappings() bool { - m.configMu.RLock() - defer m.configMu.RUnlock() - if m.lastConfig == nil { - return false - } - return m.lastConfig.ForceModelMappings -} - -// Register sets up Amp routes if configured. -// This implements the RouteModuleV2 interface with Context. -// Routes are registered only once via sync.Once for idempotent behavior. -func (m *AmpModule) Register(ctx modules.Context) error { - settings := ctx.Config.AmpCode - upstreamURL := strings.TrimSpace(settings.UpstreamURL) - - // Determine auth middleware (from module or context) - auth := m.getAuthMiddleware(ctx) - - // Use registerOnce to ensure routes are only registered once - var regErr error - m.registerOnce.Do(func() { - // Initialize model mapper from config (for routing unavailable models to alternatives) - m.modelMapper = NewModelMapper(settings.ModelMappings) - - // Store initial config for partial reload comparison - m.lastConfig = new(settings) - - // Initialize localhost restriction setting (hot-reloadable) - m.setRestrictToLocalhost(settings.RestrictManagementToLocalhost) - - // Always register provider aliases - these work without an upstream - m.registerProviderAliases(ctx.Engine, ctx.BaseHandler, auth) - - // Register management proxy routes once; middleware will gate access when upstream is unavailable. - // Pass auth middleware to require valid API key for all management routes. - m.registerManagementRoutes(ctx.Engine, ctx.BaseHandler, auth) - - // If no upstream URL, skip proxy routes but provider aliases are still available - if upstreamURL == "" { - log.Debug("amp upstream proxy disabled (no upstream URL configured)") - log.Debug("amp provider alias routes registered") - m.enabled = false - return - } - - if err := m.enableUpstreamProxy(upstreamURL, &settings); err != nil { - regErr = fmt.Errorf("failed to create amp proxy: %w", err) - return - } - - log.Debug("amp provider alias routes registered") - }) - - return regErr -} - -// getAuthMiddleware returns the authentication middleware, preferring the -// module's configured middleware, then the context middleware, then a fallback. -func (m *AmpModule) getAuthMiddleware(ctx modules.Context) gin.HandlerFunc { - if m.authMiddleware_ != nil { - return m.authMiddleware_ - } - if ctx.AuthMiddleware != nil { - return ctx.AuthMiddleware - } - // Fallback: no authentication (should not happen in production) - log.Warn("amp module: no auth middleware provided, allowing all requests") - return func(c *gin.Context) { - c.Next() - } -} - -// OnConfigUpdated handles configuration updates with partial reload support. -// Only updates components that have actually changed to avoid unnecessary work. -// Supports hot-reload for: model-mappings, upstream-api-key, upstream-url, restrict-management-to-localhost. -func (m *AmpModule) OnConfigUpdated(cfg *config.Config) error { - newSettings := cfg.AmpCode - - // Get previous config for comparison - m.configMu.RLock() - oldSettings := m.lastConfig - m.configMu.RUnlock() - - if oldSettings != nil && oldSettings.RestrictManagementToLocalhost != newSettings.RestrictManagementToLocalhost { - m.setRestrictToLocalhost(newSettings.RestrictManagementToLocalhost) - } - - newUpstreamURL := strings.TrimSpace(newSettings.UpstreamURL) - oldUpstreamURL := "" - if oldSettings != nil { - oldUpstreamURL = strings.TrimSpace(oldSettings.UpstreamURL) - } - - if !m.enabled && newUpstreamURL != "" { - if err := m.enableUpstreamProxy(newUpstreamURL, &newSettings); err != nil { - log.Errorf("amp config: failed to enable upstream proxy for %s: %v", newUpstreamURL, err) - } - } - - // Check model mappings change - modelMappingsChanged := m.hasModelMappingsChanged(oldSettings, &newSettings) - if modelMappingsChanged { - if m.modelMapper != nil { - m.modelMapper.UpdateMappings(newSettings.ModelMappings) - } else if m.enabled { - log.Warnf("amp model mapper not initialized, skipping model mapping update") - } - } - - if m.enabled { - // Check upstream URL change - now supports hot-reload - if newUpstreamURL == "" && oldUpstreamURL != "" { - m.setProxy(nil) - m.enabled = false - } else if oldUpstreamURL != "" && newUpstreamURL != oldUpstreamURL && newUpstreamURL != "" { - // Recreate proxy with new URL - proxy, err := createReverseProxy(newUpstreamURL, m.secretSource) - if err != nil { - log.Errorf("amp config: failed to create proxy for new upstream URL %s: %v", newUpstreamURL, err) - } else { - m.setProxy(proxy) - } - } - - // Check API key change (both default and per-client mappings) - apiKeyChanged := m.hasAPIKeyChanged(oldSettings, &newSettings) - upstreamAPIKeysChanged := m.hasUpstreamAPIKeysChanged(oldSettings, &newSettings) - if apiKeyChanged || upstreamAPIKeysChanged { - if m.secretSource != nil { - if ms, ok := m.secretSource.(*MappedSecretSource); ok { - if apiKeyChanged { - ms.UpdateDefaultExplicitKey(newSettings.UpstreamAPIKey) - ms.InvalidateCache() - } - if upstreamAPIKeysChanged { - ms.UpdateMappings(newSettings.UpstreamAPIKeys) - } - } else if ms, ok := m.secretSource.(*MultiSourceSecret); ok { - ms.UpdateExplicitKey(newSettings.UpstreamAPIKey) - ms.InvalidateCache() - } - } - } - - } - - // Store current config for next comparison - m.configMu.Lock() - settingsCopy := newSettings // copy struct - m.lastConfig = &settingsCopy - m.configMu.Unlock() - - return nil -} - -func (m *AmpModule) enableUpstreamProxy(upstreamURL string, settings *config.AmpCode) error { - if m.secretSource == nil { - // Create MultiSourceSecret as the default source, then wrap with MappedSecretSource - defaultSource := NewMultiSourceSecret(settings.UpstreamAPIKey, 0 /* default 5min */) - mappedSource := NewMappedSecretSource(defaultSource) - mappedSource.UpdateMappings(settings.UpstreamAPIKeys) - m.secretSource = mappedSource - } else if ms, ok := m.secretSource.(*MappedSecretSource); ok { - ms.UpdateDefaultExplicitKey(settings.UpstreamAPIKey) - ms.InvalidateCache() - ms.UpdateMappings(settings.UpstreamAPIKeys) - } else if ms, ok := m.secretSource.(*MultiSourceSecret); ok { - // Legacy path: wrap existing MultiSourceSecret with MappedSecretSource - ms.UpdateExplicitKey(settings.UpstreamAPIKey) - ms.InvalidateCache() - mappedSource := NewMappedSecretSource(ms) - mappedSource.UpdateMappings(settings.UpstreamAPIKeys) - m.secretSource = mappedSource - } - - proxy, err := createReverseProxy(upstreamURL, m.secretSource) - if err != nil { - return err - } - - m.setProxy(proxy) - m.enabled = true - - log.Infof("amp upstream proxy enabled for: %s", upstreamURL) - return nil -} - -// hasModelMappingsChanged compares old and new model mappings. -func (m *AmpModule) hasModelMappingsChanged(old *config.AmpCode, new *config.AmpCode) bool { - if old == nil { - return len(new.ModelMappings) > 0 - } - - if len(old.ModelMappings) != len(new.ModelMappings) { - return true - } - - // Build map for efficient and robust comparison - type mappingInfo struct { - to string - regex bool - } - oldMap := make(map[string]mappingInfo, len(old.ModelMappings)) - for _, mapping := range old.ModelMappings { - oldMap[strings.TrimSpace(mapping.From)] = mappingInfo{ - to: strings.TrimSpace(mapping.To), - regex: mapping.Regex, - } - } - - for _, mapping := range new.ModelMappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if oldVal, exists := oldMap[from]; !exists || oldVal.to != to || oldVal.regex != mapping.Regex { - return true - } - } - - return false -} - -// hasAPIKeyChanged compares old and new API keys. -func (m *AmpModule) hasAPIKeyChanged(old *config.AmpCode, new *config.AmpCode) bool { - oldKey := "" - if old != nil { - oldKey = strings.TrimSpace(old.UpstreamAPIKey) - } - newKey := strings.TrimSpace(new.UpstreamAPIKey) - return oldKey != newKey -} - -// hasUpstreamAPIKeysChanged compares old and new per-client upstream API key mappings. -func (m *AmpModule) hasUpstreamAPIKeysChanged(old *config.AmpCode, new *config.AmpCode) bool { - if old == nil { - return len(new.UpstreamAPIKeys) > 0 - } - - if len(old.UpstreamAPIKeys) != len(new.UpstreamAPIKeys) { - return true - } - - // Build map for comparison: upstreamKey -> set of clientKeys - type entryInfo struct { - upstreamKey string - clientKeys map[string]struct{} - } - oldEntries := make([]entryInfo, len(old.UpstreamAPIKeys)) - for i, entry := range old.UpstreamAPIKeys { - clientKeys := make(map[string]struct{}, len(entry.APIKeys)) - for _, k := range entry.APIKeys { - trimmed := strings.TrimSpace(k) - if trimmed == "" { - continue - } - clientKeys[trimmed] = struct{}{} - } - oldEntries[i] = entryInfo{ - upstreamKey: strings.TrimSpace(entry.UpstreamAPIKey), - clientKeys: clientKeys, - } - } - - for i, newEntry := range new.UpstreamAPIKeys { - if i >= len(oldEntries) { - return true - } - oldE := oldEntries[i] - if strings.TrimSpace(newEntry.UpstreamAPIKey) != oldE.upstreamKey { - return true - } - newKeys := make(map[string]struct{}, len(newEntry.APIKeys)) - for _, k := range newEntry.APIKeys { - trimmed := strings.TrimSpace(k) - if trimmed == "" { - continue - } - newKeys[trimmed] = struct{}{} - } - if len(newKeys) != len(oldE.clientKeys) { - return true - } - for k := range newKeys { - if _, ok := oldE.clientKeys[k]; !ok { - return true - } - } - } - - return false -} - -// GetModelMapper returns the model mapper instance (for testing/debugging). -func (m *AmpModule) GetModelMapper() *DefaultModelMapper { - return m.modelMapper -} - -// getProxy returns the current proxy instance (thread-safe for hot-reload). -func (m *AmpModule) getProxy() *httputil.ReverseProxy { - m.proxyMu.RLock() - defer m.proxyMu.RUnlock() - return m.proxy -} - -// setProxy updates the proxy instance (thread-safe for hot-reload). -func (m *AmpModule) setProxy(proxy *httputil.ReverseProxy) { - m.proxyMu.Lock() - defer m.proxyMu.Unlock() - m.proxy = proxy -} - -// IsRestrictedToLocalhost returns whether management routes are restricted to localhost. -func (m *AmpModule) IsRestrictedToLocalhost() bool { - m.restrictMu.RLock() - defer m.restrictMu.RUnlock() - return m.restrictToLocalhost -} - -// setRestrictToLocalhost updates the localhost restriction setting. -func (m *AmpModule) setRestrictToLocalhost(restrict bool) { - m.restrictMu.Lock() - defer m.restrictMu.Unlock() - m.restrictToLocalhost = restrict -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/amp_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/amp_test.go deleted file mode 100644 index 98ab45c1dd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/amp_test.go +++ /dev/null @@ -1,352 +0,0 @@ -package amp - -import ( - "context" - "net/http/httptest" - "os" - "path/filepath" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/api/modules" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" -) - -func TestAmpModule_Name(t *testing.T) { - m := New() - if m.Name() != "amp-routing" { - t.Fatalf("want amp-routing, got %s", m.Name()) - } -} - -func TestAmpModule_New(t *testing.T) { - accessManager := sdkaccess.NewManager() - authMiddleware := func(c *gin.Context) { c.Next() } - - m := NewLegacy(accessManager, authMiddleware) - - if m.accessManager != accessManager { - t.Fatal("accessManager not set") - } - if m.authMiddleware_ == nil { - t.Fatal("authMiddleware not set") - } - if m.enabled { - t.Fatal("enabled should be false initially") - } - if m.proxy != nil { - t.Fatal("proxy should be nil initially") - } -} - -func TestAmpModule_Register_WithUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Fake upstream to ensure URL is valid - upstream := httptest.NewServer(nil) - defer upstream.Close() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: upstream.URL, - UpstreamAPIKey: "test-key", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register error: %v", err) - } - - if !m.enabled { - t.Fatal("module should be enabled with upstream URL") - } - if m.proxy == nil { - t.Fatal("proxy should be initialized") - } - if m.secretSource == nil { - t.Fatal("secretSource should be initialized") - } -} - -func TestAmpModule_Register_WithoutUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "", // No upstream - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register should not error without upstream: %v", err) - } - - if m.enabled { - t.Fatal("module should be disabled without upstream URL") - } - if m.proxy != nil { - t.Fatal("proxy should not be initialized without upstream") - } - - // But provider aliases should still be registered - req := httptest.NewRequest("GET", "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == 404 { - t.Fatal("provider aliases should be registered even without upstream") - } -} - -func TestAmpModule_Register_InvalidUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "://invalid-url", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err == nil { - t.Fatal("expected error for invalid upstream URL") - } -} - -func TestAmpModule_OnConfigUpdated_CacheInvalidation(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v1"}`), 0600); err != nil { - t.Fatal(err) - } - - m := &AmpModule{enabled: true} - ms := NewMultiSourceSecretWithPath("", p, time.Minute) - m.secretSource = ms - m.lastConfig = &config.AmpCode{ - UpstreamAPIKey: "old-key", - } - - // Warm the cache - if _, err := ms.Get(context.Background()); err != nil { - t.Fatal(err) - } - - if ms.cache == nil { - t.Fatal("expected cache to be set") - } - - // Update config - should invalidate cache - if err := m.OnConfigUpdated(&config.Config{AmpCode: config.AmpCode{UpstreamURL: "http://x", UpstreamAPIKey: "new-key"}}); err != nil { - t.Fatal(err) - } - - if ms.cache != nil { - t.Fatal("expected cache to be invalidated") - } -} - -func TestAmpModule_OnConfigUpdated_NotEnabled(t *testing.T) { - m := &AmpModule{enabled: false} - - // Should not error or panic when disabled - if err := m.OnConfigUpdated(&config.Config{}); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_OnConfigUpdated_URLRemoved(t *testing.T) { - m := &AmpModule{enabled: true} - ms := NewMultiSourceSecret("", 0) - m.secretSource = ms - - // Config update with empty URL - should log warning but not error - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: ""}} - - if err := m.OnConfigUpdated(cfg); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_OnConfigUpdated_NonMultiSourceSecret(t *testing.T) { - // Test that OnConfigUpdated doesn't panic with StaticSecretSource - m := &AmpModule{enabled: true} - m.secretSource = NewStaticSecretSource("static-key") - - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: "http://example.com"}} - - // Should not error or panic - if err := m.OnConfigUpdated(cfg); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_AuthMiddleware_Fallback(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with no auth middleware - m := &AmpModule{authMiddleware_: nil} - - // Get the fallback middleware via getAuthMiddleware - ctx := modules.Context{Engine: r, AuthMiddleware: nil} - middleware := m.getAuthMiddleware(ctx) - - if middleware == nil { - t.Fatal("getAuthMiddleware should return a fallback, not nil") - } - - // Test that it works - called := false - r.GET("/test", middleware, func(c *gin.Context) { - called = true - c.String(200, "ok") - }) - - req := httptest.NewRequest("GET", "/test", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if !called { - t.Fatal("fallback middleware should allow requests through") - } -} - -func TestAmpModule_SecretSource_FromConfig(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - upstream := httptest.NewServer(nil) - defer upstream.Close() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - // Config with explicit API key - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: upstream.URL, - UpstreamAPIKey: "config-key", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register error: %v", err) - } - - // Secret source should be MultiSourceSecret with config key - if m.secretSource == nil { - t.Fatal("secretSource should be set") - } - - // Verify it returns the config key - key, err := m.secretSource.Get(context.Background()) - if err != nil { - t.Fatalf("Get error: %v", err) - } - if key != "config-key" { - t.Fatalf("want config-key, got %s", key) - } -} - -func TestAmpModule_ProviderAliasesAlwaysRegistered(t *testing.T) { - gin.SetMode(gin.TestMode) - - scenarios := []struct { - name string - configURL string - }{ - {"with_upstream", "http://example.com"}, - {"without_upstream", ""}, - } - - for _, scenario := range scenarios { - t.Run(scenario.name, func(t *testing.T) { - r := gin.New() - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: scenario.configURL}} - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil && scenario.configURL != "" { - t.Fatalf("register error: %v", err) - } - - // Provider aliases should always be available - req := httptest.NewRequest("GET", "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == 404 { - t.Fatal("provider aliases should be registered") - } - }) - } -} - -func TestAmpModule_hasUpstreamAPIKeysChanged_DetectsRemovedKeyWithDuplicateInput(t *testing.T) { - m := &AmpModule{} - - oldCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k2"}}, - }, - } - newCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k1"}}, - }, - } - - if !m.hasUpstreamAPIKeysChanged(oldCfg, newCfg) { - t.Fatal("expected change to be detected when k2 is removed but new list contains duplicates") - } -} - -func TestAmpModule_hasUpstreamAPIKeysChanged_IgnoresEmptyAndWhitespaceKeys(t *testing.T) { - m := &AmpModule{} - - oldCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k2"}}, - }, - } - newCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{" k1 ", "", "k2", " "}}, - }, - } - - if m.hasUpstreamAPIKeysChanged(oldCfg, newCfg) { - t.Fatal("expected no change when only whitespace/empty entries differ") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/fallback_handlers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/fallback_handlers.go deleted file mode 100644 index 607ba84e2e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/fallback_handlers.go +++ /dev/null @@ -1,344 +0,0 @@ -package amp - -import ( - "bytes" - "io" - "net/http/httputil" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AmpRouteType represents the type of routing decision made for an Amp request -type AmpRouteType string - -const ( - // RouteTypeLocalProvider indicates the request is handled by a local OAuth provider (free) - RouteTypeLocalProvider AmpRouteType = "LOCAL_PROVIDER" - // RouteTypeModelMapping indicates the request was remapped to another available model (free) - RouteTypeModelMapping AmpRouteType = "MODEL_MAPPING" - // RouteTypeAmpCredits indicates the request is forwarded to ampcode.com (uses Amp credits) - RouteTypeAmpCredits AmpRouteType = "AMP_CREDITS" - // RouteTypeNoProvider indicates no provider or fallback available - RouteTypeNoProvider AmpRouteType = "NO_PROVIDER" -) - -// MappedModelContextKey is the Gin context key for passing mapped model names. -const MappedModelContextKey = "mapped_model" - -// logAmpRouting logs the routing decision for an Amp request with structured fields -func logAmpRouting(routeType AmpRouteType, requestedModel, resolvedModel, provider, path string) { - fields := log.Fields{ - "component": "amp-routing", - "route_type": string(routeType), - "requested_model": requestedModel, - "path": path, - "timestamp": time.Now().Format(time.RFC3339), - } - - if resolvedModel != "" && resolvedModel != requestedModel { - fields["resolved_model"] = resolvedModel - } - if provider != "" { - fields["provider"] = provider - } - - switch routeType { - case RouteTypeLocalProvider: - fields["cost"] = "free" - fields["source"] = "local_oauth" - log.WithFields(fields).Debugf("amp using local provider for model: %s", requestedModel) - - case RouteTypeModelMapping: - fields["cost"] = "free" - fields["source"] = "local_oauth" - fields["mapping"] = requestedModel + " -> " + resolvedModel - // model mapping already logged in mapper; avoid duplicate here - - case RouteTypeAmpCredits: - fields["cost"] = "amp_credits" - fields["source"] = "ampcode.com" - fields["model_id"] = requestedModel // Explicit model_id for easy config reference - log.WithFields(fields).Warnf("forwarding to ampcode.com (uses amp credits) - model_id: %s | To use local provider, add to config: ampcode.model-mappings: [{from: \"%s\", to: \"\"}]", requestedModel, requestedModel) - - case RouteTypeNoProvider: - fields["cost"] = "none" - fields["source"] = "error" - fields["model_id"] = requestedModel // Explicit model_id for easy config reference - log.WithFields(fields).Warnf("no provider available for model_id: %s", requestedModel) - } -} - -// FallbackHandler wraps a standard handler with fallback logic to ampcode.com -// when the model's provider is not available in CLIProxyAPI -type FallbackHandler struct { - getProxy func() *httputil.ReverseProxy - modelMapper ModelMapper - forceModelMappings func() bool -} - -// NewFallbackHandler creates a new fallback handler wrapper -// The getProxy function allows lazy evaluation of the proxy (useful when proxy is created after routes) -func NewFallbackHandler(getProxy func() *httputil.ReverseProxy) *FallbackHandler { - return &FallbackHandler{ - getProxy: getProxy, - forceModelMappings: func() bool { return false }, - } -} - -// NewFallbackHandlerWithMapper creates a new fallback handler with model mapping support -func NewFallbackHandlerWithMapper(getProxy func() *httputil.ReverseProxy, mapper ModelMapper, forceModelMappings func() bool) *FallbackHandler { - if forceModelMappings == nil { - forceModelMappings = func() bool { return false } - } - return &FallbackHandler{ - getProxy: getProxy, - modelMapper: mapper, - forceModelMappings: forceModelMappings, - } -} - -// SetModelMapper sets the model mapper for this handler (allows late binding) -func (fh *FallbackHandler) SetModelMapper(mapper ModelMapper) { - fh.modelMapper = mapper -} - -// WrapHandler wraps a gin.HandlerFunc with fallback logic -// If the model's provider is not configured in CLIProxyAPI, it forwards to ampcode.com -func (fh *FallbackHandler) WrapHandler(handler gin.HandlerFunc) gin.HandlerFunc { - return func(c *gin.Context) { - requestPath := c.Request.URL.Path - - // Read the request body to extract the model name - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - log.Errorf("amp fallback: failed to read request body: %v", err) - handler(c) - return - } - - // Restore the body for the handler to read - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - - // Try to extract model from request body or URL path (for Gemini) - modelName := extractModelFromRequest(bodyBytes, c) - if modelName == "" { - // Can't determine model, proceed with normal handler - handler(c) - return - } - - // Normalize model (handles dynamic thinking suffixes) - suffixResult := thinking.ParseSuffix(modelName) - normalizedModel := suffixResult.ModelName - thinkingSuffix := "" - if suffixResult.HasSuffix { - thinkingSuffix = "(" + suffixResult.RawSuffix + ")" - } - - resolveMappedModel := func() (string, []string) { - if fh.modelMapper == nil { - return "", nil - } - - mappedModel, mappedParams := fh.modelMapper.MapModelWithParams(modelName) - if mappedModel == "" { - mappedModel, mappedParams = fh.modelMapper.MapModelWithParams(normalizedModel) - } - if mappedModel != "" && len(mappedParams) > 0 { - for key, value := range mappedParams { - if key == "model" { - continue - } - var err error - bodyBytes, err = sjson.SetBytes(bodyBytes, key, value) - if err != nil { - log.Warnf("amp model mapping: failed to inject param %q from model-mapping into request body: %v", key, err) - } - } - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - } - mappedModel = strings.TrimSpace(mappedModel) - if mappedModel == "" { - return "", nil - } - - // Preserve dynamic thinking suffix (e.g. "(xhigh)") when mapping applies, unless the target - // already specifies its own thinking suffix. - if thinkingSuffix != "" { - mappedSuffixResult := thinking.ParseSuffix(mappedModel) - if !mappedSuffixResult.HasSuffix { - mappedModel += thinkingSuffix - } - } - - mappedBaseModel := thinking.ParseSuffix(mappedModel).ModelName - mappedProviders := util.GetProviderName(mappedBaseModel) - if len(mappedProviders) == 0 { - return "", nil - } - - return mappedModel, mappedProviders - } - - // Track resolved model for logging (may change if mapping is applied) - resolvedModel := normalizedModel - usedMapping := false - var providers []string - - // Check if model mappings should be forced ahead of local API keys - forceMappings := fh.forceModelMappings != nil && fh.forceModelMappings() - - if forceMappings { - // FORCE MODE: Check model mappings FIRST (takes precedence over local API keys) - // This allows users to route Amp requests to their preferred OAuth providers - if mappedModel, mappedProviders := resolveMappedModel(); mappedModel != "" { - // Mapping found and provider available - rewrite the model in request body - bodyBytes = rewriteModelInRequest(bodyBytes, mappedModel) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - // Store mapped model in context for handlers that check it (like gemini bridge) - c.Set(MappedModelContextKey, mappedModel) - resolvedModel = mappedModel - usedMapping = true - providers = mappedProviders - } - - // If no mapping applied, check for local providers - if !usedMapping { - providers = util.GetProviderName(normalizedModel) - } - } else { - // DEFAULT MODE: Check local providers first, then mappings as fallback - providers = util.GetProviderName(normalizedModel) - - if len(providers) == 0 { - // No providers configured - check if we have a model mapping - if mappedModel, mappedProviders := resolveMappedModel(); mappedModel != "" { - // Mapping found and provider available - rewrite the model in request body - bodyBytes = rewriteModelInRequest(bodyBytes, mappedModel) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - // Store mapped model in context for handlers that check it (like gemini bridge) - c.Set(MappedModelContextKey, mappedModel) - resolvedModel = mappedModel - usedMapping = true - providers = mappedProviders - } - } - } - - // If no providers available, fallback to ampcode.com - if len(providers) == 0 { - proxy := fh.getProxy() - if proxy != nil { - // Log: Forwarding to ampcode.com (uses Amp credits) - logAmpRouting(RouteTypeAmpCredits, modelName, "", "", requestPath) - - // Restore body again for the proxy - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - - // Forward to ampcode.com - proxy.ServeHTTP(c.Writer, c.Request) - return - } - - // No proxy available, let the normal handler return the error - logAmpRouting(RouteTypeNoProvider, modelName, "", "", requestPath) - } - - // Log the routing decision - providerName := "" - if len(providers) > 0 { - providerName = providers[0] - } - - if usedMapping { - // Log: Model was mapped to another model - log.Debugf("amp model mapping: request %s -> %s", normalizedModel, resolvedModel) - logAmpRouting(RouteTypeModelMapping, modelName, resolvedModel, providerName, requestPath) - rewriter := NewResponseRewriter(c.Writer, modelName) - c.Writer = rewriter - // Filter Anthropic-Beta header only for local handling paths - filterAntropicBetaHeader(c) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - rewriter.Flush() - log.Debugf("amp model mapping: response %s -> %s", resolvedModel, modelName) - } else if len(providers) > 0 { - // Log: Using local provider (free) - logAmpRouting(RouteTypeLocalProvider, modelName, resolvedModel, providerName, requestPath) - // Filter Anthropic-Beta header only for local handling paths - filterAntropicBetaHeader(c) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - } else { - // No provider, no mapping, no proxy: fall back to the wrapped handler so it can return an error response - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - } - } -} - -// filterAntropicBetaHeader filters Anthropic-Beta header to remove features requiring special subscription -// This is needed when using local providers (bypassing the Amp proxy) -func filterAntropicBetaHeader(c *gin.Context) { - if betaHeader := c.Request.Header.Get("Anthropic-Beta"); betaHeader != "" { - if filtered := filterBetaFeatures(betaHeader, "context-1m-2025-08-07"); filtered != "" { - c.Request.Header.Set("Anthropic-Beta", filtered) - } else { - c.Request.Header.Del("Anthropic-Beta") - } - } -} - -// rewriteModelInRequest replaces the model name in a JSON request body -func rewriteModelInRequest(body []byte, newModel string) []byte { - if !gjson.GetBytes(body, "model").Exists() { - return body - } - result, err := sjson.SetBytes(body, "model", newModel) - if err != nil { - log.Warnf("amp model mapping: failed to rewrite model in request body: %v", err) - return body - } - return result -} - -// extractModelFromRequest attempts to extract the model name from various request formats -func extractModelFromRequest(body []byte, c *gin.Context) string { - // First try to parse from JSON body (OpenAI, Claude, etc.) - // Check common model field names - if result := gjson.GetBytes(body, "model"); result.Exists() && result.Type == gjson.String { - return result.String() - } - - // For Gemini requests, model is in the URL path - // Standard format: /models/{model}:generateContent -> :action parameter - if action := c.Param("action"); action != "" { - // Split by colon to get model name (e.g., "gemini-pro:generateContent" -> "gemini-pro") - parts := strings.Split(action, ":") - if len(parts) > 0 && parts[0] != "" { - return parts[0] - } - } - - // AMP CLI format: /publishers/google/models/{model}:method -> *path parameter - // Example: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent - if path := c.Param("path"); path != "" { - // Look for /models/{model}:method pattern - if idx := strings.Index(path, "/models/"); idx >= 0 { - modelPart := path[idx+8:] // Skip "/models/" - // Split by colon to get model name - if colonIdx := strings.Index(modelPart, ":"); colonIdx > 0 { - return modelPart[:colonIdx] - } - } - } - - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/fallback_handlers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/fallback_handlers_test.go deleted file mode 100644 index f3c2d3c1b7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/fallback_handlers_test.go +++ /dev/null @@ -1,73 +0,0 @@ -package amp - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "net/http/httputil" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -func TestFallbackHandler_ModelMapping_PreservesThinkingSuffixAndRewritesResponse(t *testing.T) { - gin.SetMode(gin.TestMode) - - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-amp-fallback", "codex", []*registry.ModelInfo{ - {ID: "test/gpt-5.2", OwnedBy: "openai", Type: "codex"}, - }) - defer reg.UnregisterClient("test-client-amp-fallback") - - mapper := NewModelMapper([]config.AmpModelMapping{ - {From: "gpt-5.2", To: "test/gpt-5.2"}, - }) - - fallback := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { return nil }, mapper, nil) - - handler := func(c *gin.Context) { - var req struct { - Model string `json:"model"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "model": req.Model, - "seen_model": req.Model, - }) - } - - r := gin.New() - r.POST("/chat/completions", fallback.WrapHandler(handler)) - - reqBody := []byte(`{"model":"gpt-5.2(xhigh)"}`) - req := httptest.NewRequest(http.MethodPost, "/chat/completions", bytes.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("Expected status 200, got %d", w.Code) - } - - var resp struct { - Model string `json:"model"` - SeenModel string `json:"seen_model"` - } - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("Failed to parse response JSON: %v", err) - } - - if resp.Model != "gpt-5.2(xhigh)" { - t.Errorf("Expected response model gpt-5.2(xhigh), got %s", resp.Model) - } - if resp.SeenModel != "test/gpt-5.2(xhigh)" { - t.Errorf("Expected handler to see test/gpt-5.2(xhigh), got %s", resp.SeenModel) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/gemini_bridge.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/gemini_bridge.go deleted file mode 100644 index d6ad8f797f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/gemini_bridge.go +++ /dev/null @@ -1,59 +0,0 @@ -package amp - -import ( - "strings" - - "github.com/gin-gonic/gin" -) - -// createGeminiBridgeHandler creates a handler that bridges AMP CLI's non-standard Gemini paths -// to our standard Gemini handler by rewriting the request context. -// -// AMP CLI format: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent -// Standard format: /models/gemini-3-pro-preview:streamGenerateContent -// -// This extracts the model+method from the AMP path and sets it as the :action parameter -// so the standard Gemini handler can process it. -// -// The handler parameter should be a Gemini-compatible handler that expects the :action param. -func createGeminiBridgeHandler(handler gin.HandlerFunc) gin.HandlerFunc { - return func(c *gin.Context) { - // Get the full path from the catch-all parameter - path := c.Param("path") - - // Extract model:method from AMP CLI path format - // Example: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent - const modelsPrefix = "/models/" - if idx := strings.Index(path, modelsPrefix); idx >= 0 { - // Extract everything after modelsPrefix - actionPart := path[idx+len(modelsPrefix):] - - // Check if model was mapped by FallbackHandler - if mappedModel, exists := c.Get(MappedModelContextKey); exists { - if strModel, ok := mappedModel.(string); ok && strModel != "" { - // Replace the model part in the action - // actionPart is like "model-name:method" - if colonIdx := strings.Index(actionPart, ":"); colonIdx > 0 { - method := actionPart[colonIdx:] // ":method" - actionPart = strModel + method - } - } - } - - // Set this as the :action parameter that the Gemini handler expects - c.Params = append(c.Params, gin.Param{ - Key: "action", - Value: actionPart, - }) - - // Call the handler - handler(c) - return - } - - // If we can't parse the path, return 400 - c.JSON(400, gin.H{ - "error": "Invalid Gemini API path format", - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/gemini_bridge_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/gemini_bridge_test.go deleted file mode 100644 index 347456c383..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/gemini_bridge_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package amp - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestCreateGeminiBridgeHandler_ActionParameterExtraction(t *testing.T) { - gin.SetMode(gin.TestMode) - - tests := []struct { - name string - path string - mappedModel string // empty string means no mapping - expectedAction string - }{ - { - name: "no_mapping_uses_url_model", - path: "/publishers/google/models/gemini-pro:generateContent", - mappedModel: "", - expectedAction: "gemini-pro:generateContent", - }, - { - name: "mapped_model_replaces_url_model", - path: "/publishers/google/models/gemini-exp:generateContent", - mappedModel: "gemini-2.0-flash", - expectedAction: "gemini-2.0-flash:generateContent", - }, - { - name: "mapping_preserves_method", - path: "/publishers/google/models/gemini-2.5-preview:streamGenerateContent", - mappedModel: "gemini-flash", - expectedAction: "gemini-flash:streamGenerateContent", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - var capturedAction string - - mockGeminiHandler := func(c *gin.Context) { - capturedAction = c.Param("action") - c.JSON(http.StatusOK, gin.H{"captured": capturedAction}) - } - - // Use the actual createGeminiBridgeHandler function - bridgeHandler := createGeminiBridgeHandler(mockGeminiHandler) - - r := gin.New() - if tt.mappedModel != "" { - r.Use(func(c *gin.Context) { - c.Set(MappedModelContextKey, tt.mappedModel) - c.Next() - }) - } - r.POST("/api/provider/google/v1beta1/*path", bridgeHandler) - - req := httptest.NewRequest(http.MethodPost, "/api/provider/google/v1beta1"+tt.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("Expected status 200, got %d", w.Code) - } - if capturedAction != tt.expectedAction { - t.Errorf("Expected action '%s', got '%s'", tt.expectedAction, capturedAction) - } - }) - } -} - -func TestCreateGeminiBridgeHandler_InvalidPath(t *testing.T) { - gin.SetMode(gin.TestMode) - - mockHandler := func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{"ok": true}) - } - bridgeHandler := createGeminiBridgeHandler(mockHandler) - - r := gin.New() - r.POST("/api/provider/google/v1beta1/*path", bridgeHandler) - - req := httptest.NewRequest(http.MethodPost, "/api/provider/google/v1beta1/invalid/path", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusBadRequest { - t.Errorf("Expected status 400 for invalid path, got %d", w.Code) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/model_mapping.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/model_mapping.go deleted file mode 100644 index 5f49ab5455..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/model_mapping.go +++ /dev/null @@ -1,198 +0,0 @@ -// Package amp provides model mapping functionality for routing Amp CLI requests -// to alternative models when the requested model is not available locally. -package amp - -import ( - "regexp" - "strings" - "sync" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -// ModelMapper provides model name mapping/aliasing for Amp CLI requests. -// When an Amp request comes in for a model that isn't available locally, -// this mapper can redirect it to an alternative model that IS available. -type ModelMapper interface { - // MapModel returns the target model name if a mapping exists and the target - // model has available providers. Returns empty string if no mapping applies. - MapModel(requestedModel string) string - - // MapModelWithParams returns the target model name and any configured params - // to inject when the mapping applies. Returns empty string if no mapping applies. - MapModelWithParams(requestedModel string) (string, map[string]interface{}) - - // UpdateMappings refreshes the mapping configuration (for hot-reload). - UpdateMappings(mappings []config.AmpModelMapping) -} - -// DefaultModelMapper implements ModelMapper with thread-safe mapping storage. -type DefaultModelMapper struct { - mu sync.RWMutex - mappings map[string]modelMappingValue // exact: from -> value (normalized lowercase keys) - regexps []regexMapping // regex rules evaluated in order -} - -type modelMappingValue struct { - to string - params map[string]interface{} -} - -// NewModelMapper creates a new model mapper with the given initial mappings. -func NewModelMapper(mappings []config.AmpModelMapping) *DefaultModelMapper { - m := &DefaultModelMapper{ - mappings: make(map[string]modelMappingValue), - regexps: nil, - } - m.UpdateMappings(mappings) - return m -} - -// MapModel checks if a mapping exists for the requested model and if the -// target model has available local providers. Returns the mapped model name -// or empty string if no valid mapping exists. -// -// If the requested model contains a thinking suffix (e.g., "g25p(8192)"), -// the suffix is preserved in the returned model name (e.g., "gemini-2.5-pro(8192)"). -// However, if the mapping target already contains a suffix, the config suffix -// takes priority over the user's suffix. -func (m *DefaultModelMapper) MapModel(requestedModel string) string { - mappedModel, _ := m.MapModelWithParams(requestedModel) - return mappedModel -} - -// MapModelWithParams resolves a mapping and returns both the target model and mapping params. -// Params are copied for caller safety. -func (m *DefaultModelMapper) MapModelWithParams(requestedModel string) (string, map[string]interface{}) { - if requestedModel == "" { - return "", nil - } - - m.mu.RLock() - defer m.mu.RUnlock() - - // Extract thinking suffix from requested model using ParseSuffix. - requestResult := thinking.ParseSuffix(requestedModel) - baseModel := requestResult.ModelName - normalizedBase := strings.ToLower(strings.TrimSpace(baseModel)) - - // Resolve exact mapping first. - mapping, exists := m.mappings[normalizedBase] - if !exists { - // Try regex mappings in order using base model only. - for _, rm := range m.regexps { - if rm.re.MatchString(baseModel) { - mapping = rm.to - exists = true - break - } - } - } - if !exists { - return "", nil - } - - targetModel := mapping.to - targetResult := thinking.ParseSuffix(targetModel) - - // Validate target model availability before returning a mapping. - providers := util.GetProviderName(targetResult.ModelName) - if len(providers) == 0 { - log.Debugf("amp model mapping: target model %s has no available providers, skipping mapping", targetModel) - return "", nil - } - - mappedParams := copyMappingParams(mapping.params) - - // Suffix handling: config suffix takes priority. - if targetResult.HasSuffix { - return targetModel, mappedParams - } - - if requestResult.HasSuffix && requestResult.RawSuffix != "" { - return targetModel + "(" + requestResult.RawSuffix + ")", mappedParams - } - - return targetModel, mappedParams -} - -func copyMappingParams(src map[string]interface{}) map[string]interface{} { - if len(src) == 0 { - return nil - } - - dst := make(map[string]interface{}, len(src)) - for k, v := range src { - dst[k] = v - } - return dst -} - -// UpdateMappings refreshes the mapping configuration from config. -// This is called during initialization and on config hot-reload. -func (m *DefaultModelMapper) UpdateMappings(mappings []config.AmpModelMapping) { - m.mu.Lock() - defer m.mu.Unlock() - - m.mappings = make(map[string]modelMappingValue, len(mappings)) - m.regexps = make([]regexMapping, 0, len(mappings)) - - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - - if from == "" || to == "" { - log.Warnf("amp model mapping: skipping invalid mapping (from=%q, to=%q)", from, to) - continue - } - - params := copyMappingParams(mapping.Params) - value := modelMappingValue{ - to: to, - params: params, - } - - if mapping.Regex { - pattern := "(?i)" + from - re, err := regexp.Compile(pattern) - if err != nil { - log.Warnf("amp model mapping: invalid regex %q: %v", from, err) - continue - } - m.regexps = append(m.regexps, regexMapping{re: re, to: value}) - log.Debugf("amp model regex mapping registered: /%s/ -> %s", from, to) - continue - } - - normalizedFrom := strings.ToLower(from) - m.mappings[normalizedFrom] = value - log.Debugf("amp model mapping registered: %s -> %s", from, to) - } - - if len(m.mappings) > 0 { - log.Infof("amp model mapping: loaded %d mapping(s)", len(m.mappings)) - } - if n := len(m.regexps); n > 0 { - log.Infof("amp model mapping: loaded %d regex mapping(s)", n) - } -} - -// GetMappings returns a copy of current mappings (for debugging/status). -func (m *DefaultModelMapper) GetMappings() map[string]string { - m.mu.RLock() - defer m.mu.RUnlock() - - result := make(map[string]string, len(m.mappings)) - for k, v := range m.mappings { - result[k] = v.to - } - return result -} - -type regexMapping struct { - re *regexp.Regexp - to modelMappingValue -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/model_mapping_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/model_mapping_test.go deleted file mode 100644 index d19549ad36..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/model_mapping_test.go +++ /dev/null @@ -1,445 +0,0 @@ -package amp - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -func TestNewModelMapper(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - {From: "gpt-5", To: "gemini-2.5-pro"}, - } - - mapper := NewModelMapper(mappings) - if mapper == nil { - t.Fatal("Expected non-nil mapper") - } - - result := mapper.GetMappings() - if len(result) != 2 { - t.Errorf("Expected 2 mappings, got %d", len(result)) - } -} - -func TestNewModelMapper_Empty(t *testing.T) { - mapper := NewModelMapper(nil) - if mapper == nil { - t.Fatal("Expected non-nil mapper") - } - - result := mapper.GetMappings() - if len(result) != 0 { - t.Errorf("Expected 0 mappings, got %d", len(result)) - } -} - -func TestModelMapper_MapModel_NoProvider(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Without a registered provider for the target, mapping should return empty - result := mapper.MapModel("claude-opus-4.5") - if result != "" { - t.Errorf("Expected empty result when target has no provider, got %s", result) - } -} - -func TestModelMapper_MapModel_WithProvider(t *testing.T) { - // Register a mock provider for the target model - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client") - - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // With a registered provider, mapping should work - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_MapModel_TargetWithThinkingSuffix(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-thinking", "codex", []*registry.ModelInfo{ - {ID: "gpt-5.2", OwnedBy: "openai", Type: "codex"}, - }) - defer reg.UnregisterClient("test-client-thinking") - - mappings := []config.AmpModelMapping{ - {From: "gpt-5.2-alias", To: "gpt-5.2(xhigh)"}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("gpt-5.2-alias") - if result != "gpt-5.2(xhigh)" { - t.Errorf("Expected gpt-5.2(xhigh), got %s", result) - } -} - -func TestModelMapper_MapModel_CaseInsensitive(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client2") - - mappings := []config.AmpModelMapping{ - {From: "Claude-Opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Should match case-insensitively - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_MapModel_NotFound(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Unknown model should return empty - result := mapper.MapModel("unknown-model") - if result != "" { - t.Errorf("Expected empty for unknown model, got %s", result) - } -} - -func TestModelMapper_MapModel_EmptyInput(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("") - if result != "" { - t.Errorf("Expected empty for empty input, got %s", result) - } -} - -func TestModelMapper_UpdateMappings(t *testing.T) { - mapper := NewModelMapper(nil) - - // Initially empty - if len(mapper.GetMappings()) != 0 { - t.Error("Expected 0 initial mappings") - } - - // Update with new mappings - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "model-a", To: "model-b"}, - {From: "model-c", To: "model-d"}, - }) - - result := mapper.GetMappings() - if len(result) != 2 { - t.Errorf("Expected 2 mappings after update, got %d", len(result)) - } - - // Update again should replace, not append - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "model-x", To: "model-y"}, - }) - - result = mapper.GetMappings() - if len(result) != 1 { - t.Errorf("Expected 1 mapping after second update, got %d", len(result)) - } -} - -func TestModelMapper_UpdateMappings_SkipsInvalid(t *testing.T) { - mapper := NewModelMapper(nil) - - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "", To: "model-b"}, // Invalid: empty from - {From: "model-a", To: ""}, // Invalid: empty to - {From: " ", To: "model-b"}, // Invalid: whitespace from - {From: "model-c", To: "model-d"}, // Valid - }) - - result := mapper.GetMappings() - if len(result) != 1 { - t.Errorf("Expected 1 valid mapping, got %d", len(result)) - } -} - -func TestModelMapper_MapModelWithParams_ReturnsConfigParams(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-params", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-params") - - mappings := []config.AmpModelMapping{ - { - From: "alias", - To: "claude-sonnet-4", - Params: map[string]interface{}{ - "custom_model": "iflow/tab", - "enable_tab_mode": true, - }, - }, - } - - mapper := NewModelMapper(mappings) - gotModel, gotParams := mapper.MapModelWithParams("alias") - if gotModel != "claude-sonnet-4" { - t.Fatalf("expected claude-sonnet-4, got %s", gotModel) - } - if gotParams == nil { - t.Fatalf("expected params to be returned") - } - if gotParams["custom_model"] != "iflow/tab" { - t.Fatalf("expected custom_model param, got %v", gotParams["custom_model"]) - } - if gotParams["enable_tab_mode"] != true { - t.Fatalf("expected enable_tab_mode=true, got %v", gotParams["enable_tab_mode"]) - } -} - -func TestModelMapper_MapModelWithParams_ReturnsCopiedMap(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-params-copy", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-params-copy") - - mappings := []config.AmpModelMapping{ - { - From: "alias-copy", - To: "claude-sonnet-4", - Params: map[string]interface{}{ - "custom_model": "iflow/tab", - }, - }, - } - - mapper := NewModelMapper(mappings) - gotModel, gotParams := mapper.MapModelWithParams("alias-copy") - if gotModel != "claude-sonnet-4" { - t.Fatalf("expected claude-sonnet-4, got %s", gotModel) - } - if gotParams["custom_model"] != "iflow/tab" { - t.Fatalf("expected custom_model param, got %v", gotParams["custom_model"]) - } - gotParams["custom_model"] = "modified" - - gotModel2, gotParams2 := mapper.MapModelWithParams("alias-copy") - if gotModel2 != "claude-sonnet-4" { - t.Fatalf("expected claude-sonnet-4 second call, got %s", gotModel2) - } - if gotParams2["custom_model"] != "iflow/tab" { - t.Fatalf("expected copied map from internal state, got %v", gotParams2["custom_model"]) - } -} - -func TestModelMapper_GetMappings_ReturnsCopy(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "model-a", To: "model-b"}, - } - - mapper := NewModelMapper(mappings) - - // Get mappings and modify the returned map - result := mapper.GetMappings() - result["new-key"] = "new-value" - - // Original should be unchanged - original := mapper.GetMappings() - if len(original) != 1 { - t.Errorf("Expected original to have 1 mapping, got %d", len(original)) - } - if _, exists := original["new-key"]; exists { - t.Error("Original map was modified") - } -} - -func TestModelMapper_Regex_MatchBaseWithoutParens(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-1", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - defer reg.UnregisterClient("test-client-regex-1") - - mappings := []config.AmpModelMapping{ - {From: "^gpt-5$", To: "gemini-2.5-pro", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - // Incoming model has reasoning suffix, regex matches base, suffix is preserved - result := mapper.MapModel("gpt-5(high)") - if result != "gemini-2.5-pro(high)" { - t.Errorf("Expected gemini-2.5-pro(high), got %s", result) - } -} - -func TestModelMapper_Regex_ExactPrecedence(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - reg.RegisterClient("test-client-regex-3", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - defer reg.UnregisterClient("test-client-regex-2") - defer reg.UnregisterClient("test-client-regex-3") - - mappings := []config.AmpModelMapping{ - {From: "gpt-5", To: "claude-sonnet-4"}, // exact - {From: "^gpt-5.*$", To: "gemini-2.5-pro", Regex: true}, // regex - } - - mapper := NewModelMapper(mappings) - - // Exact match should win over regex - result := mapper.MapModel("gpt-5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_Regex_InvalidPattern_Skipped(t *testing.T) { - // Invalid regex should be skipped and not cause panic - mappings := []config.AmpModelMapping{ - {From: "(", To: "target", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("anything") - if result != "" { - t.Errorf("Expected empty result due to invalid regex, got %s", result) - } -} - -func TestModelMapper_Regex_CaseInsensitive(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-4", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-regex-4") - - mappings := []config.AmpModelMapping{ - {From: "^CLAUDE-OPUS-.*$", To: "claude-sonnet-4", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_SuffixPreservation(t *testing.T) { - reg := registry.GetGlobalRegistry() - - // Register test models - reg.RegisterClient("test-client-suffix", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - reg.RegisterClient("test-client-suffix-2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-suffix") - defer reg.UnregisterClient("test-client-suffix-2") - - tests := []struct { - name string - mappings []config.AmpModelMapping - input string - want string - }{ - { - name: "numeric suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(8192)", - want: "gemini-2.5-pro(8192)", - }, - { - name: "level suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(high)", - want: "gemini-2.5-pro(high)", - }, - { - name: "no suffix unchanged", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p", - want: "gemini-2.5-pro", - }, - { - name: "config suffix takes priority", - mappings: []config.AmpModelMapping{{From: "alias", To: "gemini-2.5-pro(medium)"}}, - input: "alias(high)", - want: "gemini-2.5-pro(medium)", - }, - { - name: "regex with suffix preserved", - mappings: []config.AmpModelMapping{{From: "^g25.*", To: "gemini-2.5-pro", Regex: true}}, - input: "g25p(8192)", - want: "gemini-2.5-pro(8192)", - }, - { - name: "auto suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(auto)", - want: "gemini-2.5-pro(auto)", - }, - { - name: "none suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(none)", - want: "gemini-2.5-pro(none)", - }, - { - name: "case insensitive base lookup with suffix", - mappings: []config.AmpModelMapping{{From: "G25P", To: "gemini-2.5-pro"}}, - input: "g25p(high)", - want: "gemini-2.5-pro(high)", - }, - { - name: "empty suffix filtered out", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p()", - want: "gemini-2.5-pro", - }, - { - name: "incomplete suffix treated as no suffix", - mappings: []config.AmpModelMapping{{From: "g25p(high", To: "gemini-2.5-pro"}}, - input: "g25p(high", - want: "gemini-2.5-pro", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - mapper := NewModelMapper(tt.mappings) - got := mapper.MapModel(tt.input) - if got != tt.want { - t.Errorf("MapModel(%q) = %q, want %q", tt.input, got, tt.want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/proxy.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/proxy.go deleted file mode 100644 index 80d864dd86..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/proxy.go +++ /dev/null @@ -1,254 +0,0 @@ -package amp - -import ( - "bytes" - "compress/gzip" - "context" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/http/httputil" - "net/url" - "strconv" - "strings" - - log "github.com/sirupsen/logrus" -) - -func removeQueryValuesMatching(req *http.Request, key string, match string) { - if req == nil || req.URL == nil || match == "" { - return - } - - q := req.URL.Query() - values, ok := q[key] - if !ok || len(values) == 0 { - return - } - - kept := make([]string, 0, len(values)) - for _, v := range values { - if v == match { - continue - } - kept = append(kept, v) - } - - if len(kept) == 0 { - q.Del(key) - } else { - q[key] = kept - } - req.URL.RawQuery = q.Encode() -} - -// readCloser wraps a reader and forwards Close to a separate closer. -// Used to restore peeked bytes while preserving upstream body Close behavior. -type readCloser struct { - r io.Reader - c io.Closer -} - -func (rc *readCloser) Read(p []byte) (int, error) { return rc.r.Read(p) } -func (rc *readCloser) Close() error { return rc.c.Close() } - -// createReverseProxy creates a reverse proxy handler for Amp upstream -// with automatic gzip decompression via ModifyResponse -func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputil.ReverseProxy, error) { - parsed, err := url.Parse(upstreamURL) - if err != nil { - return nil, fmt.Errorf("invalid amp upstream url: %w", err) - } - - proxy := httputil.NewSingleHostReverseProxy(parsed) - // Modify outgoing requests to inject API key and fix routing - proxy.Rewrite = func(r *httputil.ProxyRequest) { - r.Out.Host = parsed.Host - - // Remove client's Authorization header - it was only used for CLI Proxy API authentication - // We will set our own Authorization using the configured upstream-api-key - r.Out.Header.Del("Authorization") - r.Out.Header.Del("X-Api-Key") - r.Out.Header.Del("X-Goog-Api-Key") - - // Remove query-based credentials if they match the authenticated client API key. - // This prevents leaking client auth material to the Amp upstream while avoiding - // breaking unrelated upstream query parameters. - clientKey := getClientAPIKeyFromContext(r.Out.Context()) - removeQueryValuesMatching(r.Out, "key", clientKey) - removeQueryValuesMatching(r.Out, "auth_token", clientKey) - - // Preserve correlation headers for debugging - - // Note: We do NOT filter Anthropic-Beta headers in the proxy path - // Users going through ampcode.com proxy are paying for the service and should get all features - // including 1M context window (context-1m-2025-08-07) - - // Inject API key from secret source (only uses upstream-api-key from config) - if key, err := secretSource.Get(r.Out.Context()); err == nil && key != "" { - r.Out.Header.Set("X-Api-Key", key) - r.Out.Header.Set("Authorization", fmt.Sprintf("Bearer %s", key)) - } else if err != nil { - log.Warnf("amp secret source error (continuing without auth): %v", err) - } - } - - // Modify incoming responses to handle gzip without Content-Encoding - // This addresses the same issue as inline handler gzip handling, but at the proxy level - proxy.ModifyResponse = func(resp *http.Response) error { - // Log upstream error responses for diagnostics (502, 503, etc.) - // These are NOT proxy connection errors - the upstream responded with an error status - if resp.Request != nil { - if resp.StatusCode >= 500 { - log.Errorf("amp upstream responded with error [%d] for %s %s", resp.StatusCode, resp.Request.Method, resp.Request.URL.Path) - } else if resp.StatusCode >= 400 { - log.Warnf("amp upstream responded with client error [%d] for %s %s", resp.StatusCode, resp.Request.Method, resp.Request.URL.Path) - } - } - - // Only process successful responses for gzip decompression - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return nil - } - - // Skip if already marked as gzip (Content-Encoding set) - if resp.Header.Get("Content-Encoding") != "" { - return nil - } - - // Skip streaming responses (SSE, chunked) - if isStreamingResponse(resp) { - return nil - } - - // Save reference to original upstream body for proper cleanup - originalBody := resp.Body - - // Peek at first 2 bytes to detect gzip magic bytes - header := make([]byte, 2) - n, _ := io.ReadFull(originalBody, header) - - // Check for gzip magic bytes (0x1f 0x8b) - // If n < 2, we didn't get enough bytes, so it's not gzip - if n >= 2 && header[0] == 0x1f && header[1] == 0x8b { - // It's gzip - read the rest of the body - rest, err := io.ReadAll(originalBody) - if err != nil { - // Restore what we read and return original body (preserve Close behavior) - resp.Body = &readCloser{ - r: io.MultiReader(bytes.NewReader(header[:n]), originalBody), - c: originalBody, - } - return nil - } - - // Reconstruct complete gzipped data - gzippedData := append(header[:n], rest...) - - // Decompress - gzipReader, err := gzip.NewReader(bytes.NewReader(gzippedData)) - if err != nil { - log.Warnf("amp proxy: gzip header detected but decompress failed: %v", err) - // Close original body and return in-memory copy - _ = originalBody.Close() - resp.Body = io.NopCloser(bytes.NewReader(gzippedData)) - return nil - } - - decompressed, err := io.ReadAll(gzipReader) - _ = gzipReader.Close() - if err != nil { - log.Warnf("amp proxy: gzip decompress error: %v", err) - // Close original body and return in-memory copy - _ = originalBody.Close() - resp.Body = io.NopCloser(bytes.NewReader(gzippedData)) - return nil - } - - // Close original body since we're replacing with in-memory decompressed content - _ = originalBody.Close() - - // Replace body with decompressed content - resp.Body = io.NopCloser(bytes.NewReader(decompressed)) - resp.ContentLength = int64(len(decompressed)) - - // Update headers to reflect decompressed state - resp.Header.Del("Content-Encoding") // No longer compressed - resp.Header.Del("Content-Length") // Remove stale compressed length - resp.Header.Set("Content-Length", strconv.FormatInt(resp.ContentLength, 10)) // Set decompressed length - - log.Debugf("amp proxy: decompressed gzip response (%d -> %d bytes)", len(gzippedData), len(decompressed)) - } else { - // Not gzip - restore peeked bytes while preserving Close behavior - // Handle edge cases: n might be 0, 1, or 2 depending on EOF - resp.Body = &readCloser{ - r: io.MultiReader(bytes.NewReader(header[:n]), originalBody), - c: originalBody, - } - } - - return nil - } - - // Error handler for proxy failures with detailed error classification for diagnostics - proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) { - // Classify the error type for better diagnostics - var errType string - if errors.Is(err, context.DeadlineExceeded) { - errType = "timeout" - } else if errors.Is(err, context.Canceled) { - errType = "canceled" - } else if netErr, ok := err.(net.Error); ok && netErr.Timeout() { - errType = "dial_timeout" - } else if _, ok := err.(net.Error); ok { - errType = "network_error" - } else { - errType = "connection_error" - } - - // Don't log as error for context canceled - it's usually client closing connection - if errors.Is(err, context.Canceled) { - return - } else { - log.Errorf("amp upstream proxy error [%s] for %s %s: %v", errType, req.Method, req.URL.Path, err) - } - - rw.Header().Set("Content-Type", "application/json") - rw.WriteHeader(http.StatusBadGateway) - _, _ = rw.Write([]byte(`{"error":"amp_upstream_proxy_error","message":"Failed to reach Amp upstream"}`)) - } - - return proxy, nil -} - -// isStreamingResponse detects if the response is streaming (SSE only) -// Note: We only treat text/event-stream as streaming. Chunked transfer encoding -// is a transport-level detail and doesn't mean we can't decompress the full response. -// Many JSON APIs use chunked encoding for normal responses. -func isStreamingResponse(resp *http.Response) bool { - contentType := resp.Header.Get("Content-Type") - - // Only Server-Sent Events are true streaming responses - if strings.Contains(contentType, "text/event-stream") { - return true - } - - return false -} - -// filterBetaFeatures removes a specific beta feature from comma-separated list -func filterBetaFeatures(header, featureToRemove string) string { - features := strings.Split(header, ",") - filtered := make([]string, 0, len(features)) - - for _, feature := range features { - trimmed := strings.TrimSpace(feature) - if trimmed != "" && trimmed != featureToRemove { - filtered = append(filtered, trimmed) - } - } - - return strings.Join(filtered, ",") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/proxy_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/proxy_test.go deleted file mode 100644 index e92e9aa994..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/proxy_test.go +++ /dev/null @@ -1,681 +0,0 @@ -package amp - -import ( - "bytes" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// Helper: compress data with gzip -func gzipBytes(b []byte) []byte { - var buf bytes.Buffer - zw := gzip.NewWriter(&buf) - _, _ = zw.Write(b) - _ = zw.Close() - return buf.Bytes() -} - -// Helper: create a mock http.Response -func mkResp(status int, hdr http.Header, body []byte) *http.Response { - if hdr == nil { - hdr = http.Header{} - } - return &http.Response{ - StatusCode: status, - Header: hdr, - Body: io.NopCloser(bytes.NewReader(body)), - ContentLength: int64(len(body)), - } -} - -func TestCreateReverseProxy_ValidURL(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("key")) - if err != nil { - t.Fatalf("expected no error, got: %v", err) - } - if proxy == nil { - t.Fatal("expected proxy to be created") - } -} - -func TestCreateReverseProxy_InvalidURL(t *testing.T) { - _, err := createReverseProxy("://invalid", NewStaticSecretSource("key")) - if err == nil { - t.Fatal("expected error for invalid URL") - } -} - -func TestModifyResponse_GzipScenarios(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - good := gzipBytes(goodJSON) - truncated := good[:10] - corrupted := append([]byte{0x1f, 0x8b}, []byte("notgzip")...) - - cases := []struct { - name string - header http.Header - body []byte - status int - wantBody []byte - wantCE string - }{ - { - name: "decompresses_valid_gzip_no_header", - header: http.Header{}, - body: good, - status: 200, - wantBody: goodJSON, - wantCE: "", - }, - { - name: "skips_when_ce_present", - header: http.Header{"Content-Encoding": []string{"gzip"}}, - body: good, - status: 200, - wantBody: good, - wantCE: "gzip", - }, - { - name: "passes_truncated_unchanged", - header: http.Header{}, - body: truncated, - status: 200, - wantBody: truncated, - wantCE: "", - }, - { - name: "passes_corrupted_unchanged", - header: http.Header{}, - body: corrupted, - status: 200, - wantBody: corrupted, - wantCE: "", - }, - { - name: "non_gzip_unchanged", - header: http.Header{}, - body: []byte("plain"), - status: 200, - wantBody: []byte("plain"), - wantCE: "", - }, - { - name: "empty_body", - header: http.Header{}, - body: []byte{}, - status: 200, - wantBody: []byte{}, - wantCE: "", - }, - { - name: "single_byte_body", - header: http.Header{}, - body: []byte{0x1f}, - status: 200, - wantBody: []byte{0x1f}, - wantCE: "", - }, - { - name: "skips_non_2xx_status", - header: http.Header{}, - body: good, - status: 404, - wantBody: good, - wantCE: "", - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - resp := mkResp(tc.status, tc.header, tc.body) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - got, err := io.ReadAll(resp.Body) - if err != nil { - t.Fatalf("ReadAll error: %v", err) - } - if !bytes.Equal(got, tc.wantBody) { - t.Fatalf("body mismatch:\nwant: %q\ngot: %q", tc.wantBody, got) - } - if ce := resp.Header.Get("Content-Encoding"); ce != tc.wantCE { - t.Fatalf("Content-Encoding: want %q, got %q", tc.wantCE, ce) - } - }) - } -} - -func TestModifyResponse_UpdatesContentLengthHeader(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"message":"test response"}`) - gzipped := gzipBytes(goodJSON) - - // Simulate upstream response with gzip body AND Content-Length header - // (this is the scenario the bot flagged - stale Content-Length after decompression) - resp := mkResp(200, http.Header{ - "Content-Length": []string{fmt.Sprintf("%d", len(gzipped))}, // Compressed size - }, gzipped) - - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - - // Verify body is decompressed - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, goodJSON) { - t.Fatalf("body should be decompressed, got: %q, want: %q", got, goodJSON) - } - - // Verify Content-Length header is updated to decompressed size - wantCL := fmt.Sprintf("%d", len(goodJSON)) - gotCL := resp.Header.Get("Content-Length") - if gotCL != wantCL { - t.Fatalf("Content-Length header mismatch: want %q (decompressed), got %q", wantCL, gotCL) - } - - // Verify struct field also matches - if resp.ContentLength != int64(len(goodJSON)) { - t.Fatalf("resp.ContentLength mismatch: want %d, got %d", len(goodJSON), resp.ContentLength) - } -} - -func TestModifyResponse_SkipsStreamingResponses(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - gzipped := gzipBytes(goodJSON) - - t.Run("sse_skips_decompression", func(t *testing.T) { - resp := mkResp(200, http.Header{"Content-Type": []string{"text/event-stream"}}, gzipped) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - // SSE should NOT be decompressed - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, gzipped) { - t.Fatal("SSE response should not be decompressed") - } - }) -} - -func TestModifyResponse_DecompressesChunkedJSON(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - gzipped := gzipBytes(goodJSON) - - t.Run("chunked_json_decompresses", func(t *testing.T) { - // Chunked JSON responses (like thread APIs) should be decompressed - resp := mkResp(200, http.Header{"Transfer-Encoding": []string{"chunked"}}, gzipped) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - // Should decompress because it's not SSE - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, goodJSON) { - t.Fatalf("chunked JSON should be decompressed, got: %q, want: %q", got, goodJSON) - } - }) -} - -func TestReverseProxy_InjectsHeaders(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - _, _ = w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("secret")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - _ = res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "secret" { - t.Fatalf("X-Api-Key missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer secret" { - t.Fatalf("Authorization missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_EmptySecret(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - _, _ = w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - _ = res.Body.Close() - - hdr := <-gotHeaders - // Should NOT inject headers when secret is empty - if hdr.Get("X-Api-Key") != "" { - t.Fatalf("X-Api-Key should not be set, got: %q", hdr.Get("X-Api-Key")) - } - if authVal := hdr.Get("Authorization"); authVal != "" && authVal != "Bearer " { - t.Fatalf("Authorization should not be set, got: %q", authVal) - } -} - -func TestReverseProxy_StripsClientCredentialsFromHeadersAndQuery(t *testing.T) { - type captured struct { - headers http.Header - query string - } - got := make(chan captured, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - got <- captured{headers: r.Header.Clone(), query: r.URL.RawQuery} - w.WriteHeader(200) - _, _ = w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("upstream")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Simulate clientAPIKeyMiddleware injection (per-request) - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "client-key") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - req, err := http.NewRequest(http.MethodGet, srv.URL+"/test?key=client-key&key=keep&auth_token=client-key&foo=bar", nil) - if err != nil { - t.Fatal(err) - } - req.Header.Set("Authorization", "Bearer client-key") - req.Header.Set("X-Api-Key", "client-key") - req.Header.Set("X-Goog-Api-Key", "client-key") - - res, err := http.DefaultClient.Do(req) - if err != nil { - t.Fatal(err) - } - _ = res.Body.Close() - - c := <-got - - // These are client-provided credentials and must not reach the upstream. - if v := c.headers.Get("X-Goog-Api-Key"); v != "" { - t.Fatalf("X-Goog-Api-Key should be stripped, got: %q", v) - } - - // We inject upstream Authorization/X-Api-Key, so the client auth must not survive. - if v := c.headers.Get("Authorization"); v != "Bearer upstream" { - t.Fatalf("Authorization should be upstream-injected, got: %q", v) - } - if v := c.headers.Get("X-Api-Key"); v != "upstream" { - t.Fatalf("X-Api-Key should be upstream-injected, got: %q", v) - } - - // Query-based credentials should be stripped only when they match the authenticated client key. - // Should keep unrelated values and parameters. - if strings.Contains(c.query, "auth_token=client-key") || strings.Contains(c.query, "key=client-key") { - t.Fatalf("query credentials should be stripped, got raw query: %q", c.query) - } - if !strings.Contains(c.query, "key=keep") || !strings.Contains(c.query, "foo=bar") { - t.Fatalf("expected query to keep non-credential params, got raw query: %q", c.query) - } -} - -func TestReverseProxy_InjectsMappedSecret_FromRequestContext(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - _, _ = w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - defaultSource := NewStaticSecretSource("default") - mapped := NewMappedSecretSource(defaultSource) - mapped.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - proxy, err := createReverseProxy(upstream.URL, mapped) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Simulate clientAPIKeyMiddleware injection (per-request) - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "k1") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - _ = res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "u1" { - t.Fatalf("X-Api-Key missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer u1" { - t.Fatalf("Authorization missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_MappedSecret_FallsBackToDefault(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - _, _ = w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - defaultSource := NewStaticSecretSource("default") - mapped := NewMappedSecretSource(defaultSource) - mapped.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - proxy, err := createReverseProxy(upstream.URL, mapped) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "k2") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - _ = res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "default" { - t.Fatalf("X-Api-Key fallback missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer default" { - t.Fatalf("Authorization fallback missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_ErrorHandler(t *testing.T) { - // Point proxy to a non-routable address to trigger error - proxy, err := createReverseProxy("http://127.0.0.1:1", NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/any") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - _ = res.Body.Close() - - if res.StatusCode != http.StatusBadGateway { - t.Fatalf("want 502, got %d", res.StatusCode) - } - if !bytes.Contains(body, []byte(`"amp_upstream_proxy_error"`)) { - t.Fatalf("unexpected body: %s", body) - } - if ct := res.Header.Get("Content-Type"); ct != "application/json" { - t.Fatalf("content-type: want application/json, got %s", ct) - } -} - -func TestReverseProxy_ErrorHandler_ContextCanceled(t *testing.T) { - // Test that context.Canceled errors return 499 without generic error response - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - // Create a canceled context to trigger the cancellation path - ctx, cancel := context.WithCancel(context.Background()) - cancel() // Cancel immediately - - req := httptest.NewRequest(http.MethodGet, "/test", nil).WithContext(ctx) - rr := httptest.NewRecorder() - - // Directly invoke the ErrorHandler with context.Canceled - proxy.ErrorHandler(rr, req, context.Canceled) - - // Body should be empty for canceled requests (no JSON error response) - body := rr.Body.Bytes() - if len(body) > 0 { - t.Fatalf("expected empty body for canceled context, got: %s", body) - } -} - -func TestReverseProxy_FullRoundTrip_Gzip(t *testing.T) { - // Upstream returns gzipped JSON without Content-Encoding header - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(200) - _, _ = w.Write(gzipBytes([]byte(`{"upstream":"ok"}`))) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("key")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - _ = res.Body.Close() - - expected := []byte(`{"upstream":"ok"}`) - if !bytes.Equal(body, expected) { - t.Fatalf("want decompressed JSON, got: %s", body) - } -} - -func TestReverseProxy_FullRoundTrip_PlainJSON(t *testing.T) { - // Upstream returns plain JSON - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(200) - _, _ = w.Write([]byte(`{"plain":"json"}`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("key")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - _ = res.Body.Close() - - expected := []byte(`{"plain":"json"}`) - if !bytes.Equal(body, expected) { - t.Fatalf("want plain JSON unchanged, got: %s", body) - } -} - -func TestIsStreamingResponse(t *testing.T) { - cases := []struct { - name string - header http.Header - want bool - }{ - { - name: "sse", - header: http.Header{"Content-Type": []string{"text/event-stream"}}, - want: true, - }, - { - name: "chunked_not_streaming", - header: http.Header{"Transfer-Encoding": []string{"chunked"}}, - want: false, // Chunked is transport-level, not streaming - }, - { - name: "normal_json", - header: http.Header{"Content-Type": []string{"application/json"}}, - want: false, - }, - { - name: "empty", - header: http.Header{}, - want: false, - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - resp := &http.Response{Header: tc.header} - got := isStreamingResponse(resp) - if got != tc.want { - t.Fatalf("want %v, got %v", tc.want, got) - } - }) - } -} - -func TestFilterBetaFeatures(t *testing.T) { - tests := []struct { - name string - header string - featureToRemove string - expected string - }{ - { - name: "Remove context-1m from middle", - header: "fine-grained-tool-streaming-2025-05-14,context-1m-2025-08-07,oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - { - name: "Remove context-1m from start", - header: "context-1m-2025-08-07,fine-grained-tool-streaming-2025-05-14", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14", - }, - { - name: "Remove context-1m from end", - header: "fine-grained-tool-streaming-2025-05-14,context-1m-2025-08-07", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14", - }, - { - name: "Feature not present", - header: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - { - name: "Only feature to remove", - header: "context-1m-2025-08-07", - featureToRemove: "context-1m-2025-08-07", - expected: "", - }, - { - name: "Empty header", - header: "", - featureToRemove: "context-1m-2025-08-07", - expected: "", - }, - { - name: "Header with spaces", - header: "fine-grained-tool-streaming-2025-05-14, context-1m-2025-08-07 , oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := filterBetaFeatures(tt.header, tt.featureToRemove) - if result != tt.expected { - t.Errorf("filterBetaFeatures() = %q, want %q", result, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/response_rewriter.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/response_rewriter.go deleted file mode 100644 index b789aeacfb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/response_rewriter.go +++ /dev/null @@ -1,194 +0,0 @@ -package amp - -import ( - "bytes" - "net/http" - "strings" - - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ResponseRewriter wraps a gin.ResponseWriter to intercept and modify the response body -// It's used to rewrite model names in responses when model mapping is used -type ResponseRewriter struct { - gin.ResponseWriter - body *bytes.Buffer - originalModel string - isStreaming bool -} - -// NewResponseRewriter creates a new response rewriter for model name substitution -func NewResponseRewriter(w gin.ResponseWriter, originalModel string) *ResponseRewriter { - return &ResponseRewriter{ - ResponseWriter: w, - body: &bytes.Buffer{}, - originalModel: sanitizeModelIDForResponse(originalModel), - } -} - -const maxBufferedResponseBytes = 2 * 1024 * 1024 // 2MB safety cap - -func sanitizeModelIDForResponse(modelID string) string { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - return "" - } - if strings.ContainsAny(modelID, "<>\r\n\x00") { - return "" - } - return modelID -} - -func looksLikeSSEChunk(data []byte) bool { - // Fallback detection: some upstreams may omit/lie about Content-Type, causing SSE to be buffered. - // Heuristics are intentionally simple and cheap. - return bytes.Contains(data, []byte("data:")) || - bytes.Contains(data, []byte("event:")) || - bytes.Contains(data, []byte("message_start")) || - bytes.Contains(data, []byte("message_delta")) || - bytes.Contains(data, []byte("content_block_start")) || - bytes.Contains(data, []byte("content_block_delta")) || - bytes.Contains(data, []byte("content_block_stop")) || - bytes.Contains(data, []byte("\n\n")) -} - -func (rw *ResponseRewriter) enableStreaming(reason string) error { - if rw.isStreaming { - return nil - } - rw.isStreaming = true - - // Flush any previously buffered data to avoid reordering or data loss. - if rw.body != nil && rw.body.Len() > 0 { - buf := rw.body.Bytes() - // Copy before Reset() to keep bytes stable. - toFlush := make([]byte, len(buf)) - copy(toFlush, buf) - rw.body.Reset() - - if _, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(toFlush)); err != nil { - return err - } - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - } - - log.Debugf("amp response rewriter: switched to streaming (%s)", reason) - return nil -} - -// Write intercepts response writes and buffers them for model name replacement -func (rw *ResponseRewriter) Write(data []byte) (int, error) { - // Detect streaming on first write (header-based) - if !rw.isStreaming && rw.body.Len() == 0 { - contentType := rw.Header().Get("Content-Type") - rw.isStreaming = strings.Contains(contentType, "text/event-stream") || - strings.Contains(contentType, "stream") - } - - if !rw.isStreaming { - // Content-based fallback: detect SSE-like chunks even if Content-Type is missing/wrong. - if looksLikeSSEChunk(data) { - if err := rw.enableStreaming("sse heuristic"); err != nil { - return 0, err - } - } else if rw.body.Len()+len(data) > maxBufferedResponseBytes { - // Safety cap: avoid unbounded buffering on large responses. - log.Warnf("amp response rewriter: buffer exceeded %d bytes, switching to streaming", maxBufferedResponseBytes) - if err := rw.enableStreaming("buffer limit"); err != nil { - return 0, err - } - } - } - - if rw.isStreaming { - n, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(data)) - if err == nil { - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - } - return n, err - } - return rw.body.Write(data) -} - -// Flush writes the buffered response with model names rewritten -func (rw *ResponseRewriter) Flush() { - if rw.isStreaming { - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - return - } - if rw.body.Len() > 0 { - if _, err := rw.ResponseWriter.Write(rw.rewriteModelInResponse(rw.body.Bytes())); err != nil { - log.Warnf("amp response rewriter: failed to write rewritten response: %v", err) - } - } -} - -// modelFieldPaths lists all JSON paths where model name may appear -var modelFieldPaths = []string{"message.model", "model", "modelVersion", "response.model", "response.modelVersion"} - -// rewriteModelInResponse replaces all occurrences of the mapped model with the original model in JSON -// It also suppresses "thinking" blocks if "tool_use" is present to ensure Amp client compatibility -func (rw *ResponseRewriter) rewriteModelInResponse(data []byte) []byte { - // 1. Amp Compatibility: Suppress thinking blocks if tool use is detected - // The Amp client struggles when both thinking and tool_use blocks are present - if gjson.GetBytes(data, `content.#(type=="tool_use")`).Exists() { - filtered := gjson.GetBytes(data, `content.#(type!="thinking")#`) - if filtered.Exists() { - originalCount := gjson.GetBytes(data, "content.#").Int() - filteredCount := filtered.Get("#").Int() - - if originalCount > filteredCount { - var err error - data, err = sjson.SetBytes(data, "content", filtered.Value()) - if err != nil { - log.Warnf("Amp ResponseRewriter: failed to suppress thinking blocks: %v", err) - } else { - log.Debugf("Amp ResponseRewriter: Suppressed %d thinking blocks due to tool usage", originalCount-filteredCount) - // Log the result for verification - log.Debugf("Amp ResponseRewriter: Resulting content: %s", gjson.GetBytes(data, "content").String()) - } - } - } - } - - if rw.originalModel == "" { - return data - } - for _, path := range modelFieldPaths { - if gjson.GetBytes(data, path).Exists() { - data, _ = sjson.SetBytes(data, path, rw.originalModel) - } - } - return data -} - -// rewriteStreamChunk rewrites model names in SSE stream chunks -func (rw *ResponseRewriter) rewriteStreamChunk(chunk []byte) []byte { - if rw.originalModel == "" { - return chunk - } - - // SSE format: "data: {json}\n\n" - lines := bytes.Split(chunk, []byte("\n")) - for i, line := range lines { - if bytes.HasPrefix(line, []byte("data: ")) { - jsonData := bytes.TrimPrefix(line, []byte("data: ")) - if len(jsonData) > 0 && jsonData[0] == '{' { - // Rewrite JSON in the data line - rewritten := rw.rewriteModelInResponse(jsonData) - lines[i] = append([]byte("data: "), rewritten...) - } - } - } - - return bytes.Join(lines, []byte("\n")) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/response_rewriter_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/response_rewriter_test.go deleted file mode 100644 index bf4c99483b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/modules/amp/response_rewriter_test.go +++ /dev/null @@ -1,119 +0,0 @@ -package amp - -import ( - "testing" -) - -func TestRewriteModelInResponse_TopLevel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"id":"resp_1","model":"gpt-5.3-codex","output":[]}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"id":"resp_1","model":"gpt-5.2-codex","output":[]}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_ResponseModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.completed","response":{"id":"resp_1","model":"gpt-5.3-codex","status":"completed"}}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"type":"response.completed","response":{"id":"resp_1","model":"gpt-5.2-codex","status":"completed"}}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_ResponseCreated(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.created","response":{"id":"resp_1","model":"gpt-5.3-codex","status":"in_progress"}}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"type":"response.created","response":{"id":"resp_1","model":"gpt-5.2-codex","status":"in_progress"}}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_NoModelField(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.output_item.added","item":{"id":"item_1","type":"message"}}`) - result := rw.rewriteModelInResponse(input) - - if string(result) != string(input) { - t.Errorf("expected no modification, got %s", string(result)) - } -} - -func TestRewriteModelInResponse_EmptyOriginalModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: ""} - - input := []byte(`{"model":"gpt-5.3-codex"}`) - result := rw.rewriteModelInResponse(input) - - if string(result) != string(input) { - t.Errorf("expected no modification when originalModel is empty, got %s", string(result)) - } -} - -func TestRewriteStreamChunk_SSEWithResponseModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - chunk := []byte("data: {\"type\":\"response.completed\",\"response\":{\"id\":\"resp_1\",\"model\":\"gpt-5.3-codex\",\"status\":\"completed\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - expected := "data: {\"type\":\"response.completed\",\"response\":{\"id\":\"resp_1\",\"model\":\"gpt-5.2-codex\",\"status\":\"completed\"}}\n\n" - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteStreamChunk_MultipleEvents(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - chunk := []byte("data: {\"type\":\"response.created\",\"response\":{\"model\":\"gpt-5.3-codex\"}}\n\ndata: {\"type\":\"response.output_item.added\",\"item\":{\"id\":\"item_1\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - if string(result) == string(chunk) { - t.Error("expected response.model to be rewritten in SSE stream") - } - if !contains(result, []byte(`"model":"gpt-5.2-codex"`)) { - t.Errorf("expected rewritten model in output, got %s", string(result)) - } -} - -func TestRewriteStreamChunk_MessageModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "claude-opus-4.5"} - - chunk := []byte("data: {\"message\":{\"model\":\"claude-sonnet-4\",\"role\":\"assistant\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - expected := "data: {\"message\":{\"model\":\"claude-opus-4.5\",\"role\":\"assistant\"}}\n\n" - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestSanitizeModelIDForResponse(t *testing.T) { - if got := sanitizeModelIDForResponse(" gpt-5.2-codex "); got != "gpt-5.2-codex" { - t.Fatalf("expected trimmed model id, got %q", got) - } - if got := sanitizeModelIDForResponse("gpt-5

Authentication successful!

You can close this window.

This window will close automatically in 5 seconds.

` - -type serverOptionConfig struct { - extraMiddleware []gin.HandlerFunc - engineConfigurator func(*gin.Engine) - routerConfigurator func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config) - requestLoggerFactory func(*config.Config, string) logging.RequestLogger - localPassword string - keepAliveEnabled bool - keepAliveTimeout time.Duration - keepAliveOnTimeout func() -} - -// ServerOption customises HTTP server construction. -type ServerOption func(*serverOptionConfig) - -func defaultRequestLoggerFactory(cfg *config.Config, configPath string) logging.RequestLogger { - configDir := filepath.Dir(configPath) - if base := util.WritablePath(); base != "" { - return logging.NewFileRequestLogger(cfg.RequestLog, filepath.Join(base, "logs"), configDir, cfg.ErrorLogsMaxFiles) - } - return logging.NewFileRequestLogger(cfg.RequestLog, "logs", configDir, cfg.ErrorLogsMaxFiles) -} - -// WithMiddleware appends additional Gin middleware during server construction. -func WithMiddleware(mw ...gin.HandlerFunc) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.extraMiddleware = append(cfg.extraMiddleware, mw...) - } -} - -// WithEngineConfigurator allows callers to mutate the Gin engine prior to middleware setup. -func WithEngineConfigurator(fn func(*gin.Engine)) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.engineConfigurator = fn - } -} - -// WithRouterConfigurator appends a callback after default routes are registered. -func WithRouterConfigurator(fn func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config)) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.routerConfigurator = fn - } -} - -// WithLocalManagementPassword stores a runtime-only management password accepted for localhost requests. -func WithLocalManagementPassword(password string) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.localPassword = password - } -} - -// WithKeepAliveEndpoint enables a keep-alive endpoint with the provided timeout and callback. -func WithKeepAliveEndpoint(timeout time.Duration, onTimeout func()) ServerOption { - return func(cfg *serverOptionConfig) { - if timeout <= 0 || onTimeout == nil { - return - } - cfg.keepAliveEnabled = true - cfg.keepAliveTimeout = timeout - cfg.keepAliveOnTimeout = onTimeout - } -} - -// WithRequestLoggerFactory customises request logger creation. -func WithRequestLoggerFactory(factory func(*config.Config, string) logging.RequestLogger) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.requestLoggerFactory = factory - } -} - -// Server represents the main API server. -// It encapsulates the Gin engine, HTTP server, handlers, and configuration. -type Server struct { - // engine is the Gin web framework engine instance. - engine *gin.Engine - - // server is the underlying HTTP server. - server *http.Server - - // handlers contains the API handlers for processing requests. - handlers *handlers.BaseAPIHandler - - // cfg holds the current server configuration. - cfg *config.Config - - // oldConfigYaml stores a YAML snapshot of the previous configuration for change detection. - // This prevents issues when the config object is modified in place by Management API. - oldConfigYaml []byte - - // accessManager handles request authentication providers. - accessManager *sdkaccess.Manager - - // requestLogger is the request logger instance for dynamic configuration updates. - requestLogger logging.RequestLogger - loggerToggle func(bool) - - // configFilePath is the absolute path to the YAML config file for persistence. - configFilePath string - - // currentPath is the absolute path to the current working directory. - currentPath string - - // wsRoutes tracks registered websocket upgrade paths. - wsRouteMu sync.Mutex - wsRoutes map[string]struct{} - wsAuthChanged func(bool, bool) - wsAuthEnabled atomic.Bool - - // management handler - mgmt *managementHandlers.Handler - - // ampModule is the Amp routing module for model mapping hot-reload - ampModule *ampmodule.AmpModule - - // managementRoutesRegistered tracks whether the management routes have been attached to the engine. - managementRoutesRegistered atomic.Bool - // managementRoutesEnabled controls whether management endpoints serve real handlers. - managementRoutesEnabled atomic.Bool - - // envManagementSecret indicates whether MANAGEMENT_PASSWORD is configured. - envManagementSecret bool - - localPassword string - - keepAliveEnabled bool - keepAliveTimeout time.Duration - keepAliveOnTimeout func() - keepAliveHeartbeat chan struct{} - keepAliveStop chan struct{} - - shmStop chan struct{} -} - -// NewServer creates and initializes a new API server instance. -// It sets up the Gin engine, middleware, routes, and handlers. -// -// Parameters: -// - cfg: The server configuration -// - authManager: core runtime auth manager -// - accessManager: request authentication manager -// -// Returns: -// - *Server: A new server instance -func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdkaccess.Manager, configFilePath string, opts ...ServerOption) *Server { - optionState := &serverOptionConfig{ - requestLoggerFactory: defaultRequestLoggerFactory, - } - for i := range opts { - opts[i](optionState) - } - // Set gin mode - if !cfg.Debug { - gin.SetMode(gin.ReleaseMode) - } - - // Create gin engine - engine := gin.New() - if optionState.engineConfigurator != nil { - optionState.engineConfigurator(engine) - } - - // Add middleware - engine.Use(logging.GinLogrusLogger()) - engine.Use(logging.GinLogrusRecovery()) - for _, mw := range optionState.extraMiddleware { - engine.Use(mw) - } - - // Add request logging middleware (positioned after recovery, before auth) - // Resolve logs directory relative to the configuration file directory. - var requestLogger logging.RequestLogger - var toggle func(bool) - if !cfg.CommercialMode { - if optionState.requestLoggerFactory != nil { - requestLogger = optionState.requestLoggerFactory(cfg, configFilePath) - } - if requestLogger != nil { - engine.Use(middleware.RequestLoggingMiddleware(requestLogger)) - if setter, ok := requestLogger.(interface{ SetEnabled(bool) }); ok { - toggle = setter.SetEnabled - } - } - } - - engine.Use(corsMiddleware()) - wd, err := os.Getwd() - if err != nil { - wd = configFilePath - } - - envAdminPassword, envAdminPasswordSet := os.LookupEnv("MANAGEMENT_PASSWORD") - envAdminPassword = strings.TrimSpace(envAdminPassword) - envManagementSecret := envAdminPasswordSet && envAdminPassword != "" - - // Create server instance - s := &Server{ - engine: engine, - handlers: handlers.NewBaseAPIHandlers(&cfg.SDKConfig, authManager), - cfg: cfg, - accessManager: accessManager, - requestLogger: requestLogger, - loggerToggle: toggle, - configFilePath: configFilePath, - currentPath: wd, - envManagementSecret: envManagementSecret, - wsRoutes: make(map[string]struct{}), - shmStop: make(chan struct{}, 1), - } - s.wsAuthEnabled.Store(cfg.WebsocketAuth) - // Save initial YAML snapshot - s.oldConfigYaml, _ = yaml.Marshal(cfg) - s.applyAccessConfig(nil, cfg) - if authManager != nil { - authManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second) - } - managementasset.SetCurrentConfig(cfg) - auth.SetQuotaCooldownDisabled(cfg.DisableCooling) - // Initialize management handler - s.mgmt = managementHandlers.NewHandler(cfg, configFilePath, authManager) - if optionState.localPassword != "" { - s.mgmt.SetLocalPassword(optionState.localPassword) - } - logDir := logging.ResolveLogDirectory(cfg) - s.mgmt.SetLogDirectory(logDir) - s.localPassword = optionState.localPassword - - // Setup routes - s.setupRoutes() - - // Register Amp module using V2 interface with Context - s.ampModule = ampmodule.NewLegacy(accessManager, AuthMiddleware(accessManager)) - ctx := modules.Context{ - Engine: engine, - BaseHandler: s.handlers, - Config: cfg, - AuthMiddleware: AuthMiddleware(accessManager), - } - if err := modules.RegisterModule(ctx, s.ampModule); err != nil { - log.Errorf("Failed to register Amp module: %v", err) - } - - // Apply additional router configurators from options - if optionState.routerConfigurator != nil { - optionState.routerConfigurator(engine, s.handlers, cfg) - } - - // Register management routes when configuration or environment secrets are available, - // or when a local management password is provided (e.g. TUI mode). - hasManagementSecret := cfg.RemoteManagement.SecretKey != "" || envManagementSecret || s.localPassword != "" - s.managementRoutesEnabled.Store(hasManagementSecret) - if hasManagementSecret { - s.registerManagementRoutes() - } - - // === cliproxyapi++ 扩展: 注册 Kiro OAuth Web 路由 === - kiroOAuthHandler := kiro.NewOAuthWebHandler(cfg) - kiroOAuthHandler.RegisterRoutes(engine) - log.Info("Kiro OAuth Web routes registered at /v0/oauth/kiro/*") - - if optionState.keepAliveEnabled { - s.enableKeepAlive(optionState.keepAliveTimeout, optionState.keepAliveOnTimeout) - } - - // === cliproxyapi++ extension: Sync provider metrics to SHM bridge === - go s.startSHMSyncLoop() - - // Create HTTP server - s.server = &http.Server{ - Addr: fmt.Sprintf("%s:%d", cfg.Host, cfg.Port), - Handler: engine, - } - - return s -} - -// setupRoutes configures the API routes for the server. -// It defines the endpoints and associates them with their respective handlers. -func (s *Server) setupRoutes() { - s.engine.GET("/management.html", s.serveManagementControlPanel) - openaiHandlers := openai.NewOpenAIAPIHandler(s.handlers) - geminiHandlers := gemini.NewGeminiAPIHandler(s.handlers) - geminiCLIHandlers := gemini.NewGeminiCLIAPIHandler(s.handlers) - claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(s.handlers) - openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(s.handlers) - - // OpenAI compatible API routes - v1 := s.engine.Group("/v1") - v1.Use(AuthMiddleware(s.accessManager)) - { - v1.GET("/models", s.unifiedModelsHandler(openaiHandlers, claudeCodeHandlers)) - v1.POST("/chat/completions", openaiHandlers.ChatCompletions) - v1.POST("/completions", openaiHandlers.Completions) - v1.POST("/messages", claudeCodeHandlers.ClaudeMessages) - v1.POST("/messages/count_tokens", claudeCodeHandlers.ClaudeCountTokens) - v1.GET("/responses", openaiResponsesHandlers.ResponsesWebsocket) - v1.POST("/responses", openaiResponsesHandlers.Responses) - v1.POST("/responses/compact", openaiResponsesHandlers.Compact) - } - - // WebSocket endpoint for /v1/responses/ws (Codex streaming). - // This route can be rollout-gated from config. - if s.cfg == nil || s.cfg.IsResponsesWebsocketEnabled() { - s.AttachWebsocketRoute("/v1/responses/ws", ResponsesWebSocketHandler()) - } - - // Gemini compatible API routes - v1beta := s.engine.Group("/v1beta") - v1beta.Use(AuthMiddleware(s.accessManager)) - { - v1beta.GET("/models", geminiHandlers.GeminiModels) - v1beta.POST("/models/*action", geminiHandlers.GeminiHandler) - v1beta.GET("/models/*action", geminiHandlers.GeminiGetHandler) - } - - // Routing endpoint for thegent Pareto model selection - routingHandler := managementHandlers.NewRoutingSelectHandler() - s.engine.POST("/v1/routing/select", routingHandler.POSTRoutingSelect) - - // Root endpoint - s.engine.GET("/", func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{ - "message": "CLI Proxy API Server", - "endpoints": []string{ - "POST /v1/chat/completions", - "POST /v1/completions", - "GET /v1/models", - "GET /v1/metrics/providers", - "POST /v1/routing/select", - }, - }) - }) - - // Provider metrics for OpenRouter-style routing (thegent cost/throughput/latency) - s.engine.GET("/v1/metrics/providers", func(c *gin.Context) { - c.JSON(http.StatusOK, usage.GetProviderMetrics()) - }) - - // Event logging endpoint - handles Claude Code telemetry requests - // Returns 200 OK to prevent 404 errors in logs - s.engine.POST("/api/event_logging/batch", func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - }) - s.engine.POST("/v1internal:method", geminiCLIHandlers.CLIHandler) - - // OAuth callback endpoints (reuse main server port) - // These endpoints receive provider redirects and persist - // the short-lived code/state for the waiting goroutine. - s.engine.GET("/anthropic/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "anthropic", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/codex/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "codex", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/google/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "gemini", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/iflow/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "iflow", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/antigravity/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "antigravity", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/kiro/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "kiro", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - // Management routes are registered lazily by registerManagementRoutes when a secret is configured. -} - -// AttachWebsocketRoute registers a websocket upgrade handler on the primary Gin engine. -// The handler is served as-is without additional middleware beyond the standard stack already configured. -func (s *Server) AttachWebsocketRoute(path string, handler http.Handler) { - if s == nil || s.engine == nil || handler == nil { - return - } - trimmed := strings.TrimSpace(path) - if trimmed == "" { - trimmed = "/v1/ws" - } - if !strings.HasPrefix(trimmed, "/") { - trimmed = "/" + trimmed - } - s.wsRouteMu.Lock() - if _, exists := s.wsRoutes[trimmed]; exists { - s.wsRouteMu.Unlock() - return - } - s.wsRoutes[trimmed] = struct{}{} - s.wsRouteMu.Unlock() - - authMiddleware := AuthMiddleware(s.accessManager) - conditionalAuth := func(c *gin.Context) { - if !s.wsAuthEnabled.Load() { - c.Next() - return - } - authMiddleware(c) - } - finalHandler := func(c *gin.Context) { - handler.ServeHTTP(c.Writer, c.Request) - c.Abort() - } - - s.engine.GET(trimmed, conditionalAuth, finalHandler) -} - -func (s *Server) registerManagementRoutes() { - if s == nil || s.engine == nil || s.mgmt == nil { - return - } - if !s.managementRoutesRegistered.CompareAndSwap(false, true) { - return - } - - log.Info("management routes registered after secret key configuration") - - mgmt := s.engine.Group("/v0/management") - mgmt.Use(s.managementAvailabilityMiddleware(), s.mgmt.Middleware()) - { - mgmt.GET("/usage", s.mgmt.GetUsageStatistics) - mgmt.GET("/usage/export", s.mgmt.ExportUsageStatistics) - mgmt.POST("/usage/import", s.mgmt.ImportUsageStatistics) - mgmt.GET("/config", s.mgmt.GetConfig) - mgmt.GET("/config.yaml", s.mgmt.GetConfigYAML) - mgmt.PUT("/config.yaml", s.mgmt.PutConfigYAML) - mgmt.GET("/latest-version", s.mgmt.GetLatestVersion) - - mgmt.GET("/debug", s.mgmt.GetDebug) - mgmt.PUT("/debug", s.mgmt.PutDebug) - mgmt.PATCH("/debug", s.mgmt.PutDebug) - - mgmt.GET("/logging-to-file", s.mgmt.GetLoggingToFile) - mgmt.PUT("/logging-to-file", s.mgmt.PutLoggingToFile) - mgmt.PATCH("/logging-to-file", s.mgmt.PutLoggingToFile) - - mgmt.GET("/logs-max-total-size-mb", s.mgmt.GetLogsMaxTotalSizeMB) - mgmt.PUT("/logs-max-total-size-mb", s.mgmt.PutLogsMaxTotalSizeMB) - mgmt.PATCH("/logs-max-total-size-mb", s.mgmt.PutLogsMaxTotalSizeMB) - - mgmt.GET("/error-logs-max-files", s.mgmt.GetErrorLogsMaxFiles) - mgmt.PUT("/error-logs-max-files", s.mgmt.PutErrorLogsMaxFiles) - mgmt.PATCH("/error-logs-max-files", s.mgmt.PutErrorLogsMaxFiles) - - mgmt.GET("/usage-statistics-enabled", s.mgmt.GetUsageStatisticsEnabled) - mgmt.PUT("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled) - mgmt.PATCH("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled) - - mgmt.GET("/proxy-url", s.mgmt.GetProxyURL) - mgmt.PUT("/proxy-url", s.mgmt.PutProxyURL) - mgmt.PATCH("/proxy-url", s.mgmt.PutProxyURL) - mgmt.DELETE("/proxy-url", s.mgmt.DeleteProxyURL) - - mgmt.POST("/api-call", s.mgmt.APICall) - mgmt.GET("/kiro-quota", s.mgmt.GetKiroQuota) - - mgmt.GET("/quota-exceeded/switch-project", s.mgmt.GetSwitchProject) - mgmt.PUT("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject) - mgmt.PATCH("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject) - - mgmt.GET("/quota-exceeded/switch-preview-model", s.mgmt.GetSwitchPreviewModel) - mgmt.PUT("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel) - mgmt.PATCH("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel) - - mgmt.GET("/api-keys", s.mgmt.GetAPIKeys) - mgmt.PUT("/api-keys", s.mgmt.PutAPIKeys) - mgmt.PATCH("/api-keys", s.mgmt.PatchAPIKeys) - mgmt.DELETE("/api-keys", s.mgmt.DeleteAPIKeys) - - mgmt.GET("/gemini-api-key", s.mgmt.GetGeminiKeys) - mgmt.PUT("/gemini-api-key", s.mgmt.PutGeminiKeys) - mgmt.PATCH("/gemini-api-key", s.mgmt.PatchGeminiKey) - mgmt.DELETE("/gemini-api-key", s.mgmt.DeleteGeminiKey) - - mgmt.GET("/logs", s.mgmt.GetLogs) - mgmt.DELETE("/logs", s.mgmt.DeleteLogs) - mgmt.GET("/request-error-logs", s.mgmt.GetRequestErrorLogs) - mgmt.GET("/request-error-logs/:name", s.mgmt.DownloadRequestErrorLog) - mgmt.GET("/request-log-by-id/:id", s.mgmt.GetRequestLogByID) - mgmt.GET("/request-log", s.mgmt.GetRequestLog) - mgmt.PUT("/request-log", s.mgmt.PutRequestLog) - mgmt.PATCH("/request-log", s.mgmt.PutRequestLog) - mgmt.GET("/ws-auth", s.mgmt.GetWebsocketAuth) - mgmt.PUT("/ws-auth", s.mgmt.PutWebsocketAuth) - mgmt.PATCH("/ws-auth", s.mgmt.PutWebsocketAuth) - - mgmt.GET("/ampcode", s.mgmt.GetAmpCode) - mgmt.GET("/ampcode/upstream-url", s.mgmt.GetAmpUpstreamURL) - mgmt.PUT("/ampcode/upstream-url", s.mgmt.PutAmpUpstreamURL) - mgmt.PATCH("/ampcode/upstream-url", s.mgmt.PutAmpUpstreamURL) - mgmt.DELETE("/ampcode/upstream-url", s.mgmt.DeleteAmpUpstreamURL) - mgmt.GET("/ampcode/upstream-api-key", s.mgmt.GetAmpUpstreamAPIKey) - mgmt.PUT("/ampcode/upstream-api-key", s.mgmt.PutAmpUpstreamAPIKey) - mgmt.PATCH("/ampcode/upstream-api-key", s.mgmt.PutAmpUpstreamAPIKey) - mgmt.DELETE("/ampcode/upstream-api-key", s.mgmt.DeleteAmpUpstreamAPIKey) - mgmt.GET("/ampcode/restrict-management-to-localhost", s.mgmt.GetAmpRestrictManagementToLocalhost) - mgmt.PUT("/ampcode/restrict-management-to-localhost", s.mgmt.PutAmpRestrictManagementToLocalhost) - mgmt.PATCH("/ampcode/restrict-management-to-localhost", s.mgmt.PutAmpRestrictManagementToLocalhost) - mgmt.GET("/ampcode/model-mappings", s.mgmt.GetAmpModelMappings) - mgmt.PUT("/ampcode/model-mappings", s.mgmt.PutAmpModelMappings) - mgmt.PATCH("/ampcode/model-mappings", s.mgmt.PatchAmpModelMappings) - mgmt.DELETE("/ampcode/model-mappings", s.mgmt.DeleteAmpModelMappings) - mgmt.GET("/ampcode/force-model-mappings", s.mgmt.GetAmpForceModelMappings) - mgmt.PUT("/ampcode/force-model-mappings", s.mgmt.PutAmpForceModelMappings) - mgmt.PATCH("/ampcode/force-model-mappings", s.mgmt.PutAmpForceModelMappings) - mgmt.GET("/ampcode/upstream-api-keys", s.mgmt.GetAmpUpstreamAPIKeys) - mgmt.PUT("/ampcode/upstream-api-keys", s.mgmt.PutAmpUpstreamAPIKeys) - mgmt.PATCH("/ampcode/upstream-api-keys", s.mgmt.PatchAmpUpstreamAPIKeys) - mgmt.DELETE("/ampcode/upstream-api-keys", s.mgmt.DeleteAmpUpstreamAPIKeys) - - mgmt.GET("/request-retry", s.mgmt.GetRequestRetry) - mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry) - mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry) - mgmt.GET("/max-retry-interval", s.mgmt.GetMaxRetryInterval) - mgmt.PUT("/max-retry-interval", s.mgmt.PutMaxRetryInterval) - mgmt.PATCH("/max-retry-interval", s.mgmt.PutMaxRetryInterval) - - mgmt.GET("/force-model-prefix", s.mgmt.GetForceModelPrefix) - mgmt.PUT("/force-model-prefix", s.mgmt.PutForceModelPrefix) - mgmt.PATCH("/force-model-prefix", s.mgmt.PutForceModelPrefix) - - mgmt.GET("/routing/strategy", s.mgmt.GetRoutingStrategy) - mgmt.PUT("/routing/strategy", s.mgmt.PutRoutingStrategy) - mgmt.PATCH("/routing/strategy", s.mgmt.PutRoutingStrategy) - - mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys) - mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys) - mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey) - mgmt.DELETE("/claude-api-key", s.mgmt.DeleteClaudeKey) - - mgmt.GET("/codex-api-key", s.mgmt.GetCodexKeys) - mgmt.PUT("/codex-api-key", s.mgmt.PutCodexKeys) - mgmt.PATCH("/codex-api-key", s.mgmt.PatchCodexKey) - mgmt.DELETE("/codex-api-key", s.mgmt.DeleteCodexKey) - - mgmt.GET("/openai-compatibility", s.mgmt.GetOpenAICompat) - mgmt.PUT("/openai-compatibility", s.mgmt.PutOpenAICompat) - mgmt.PATCH("/openai-compatibility", s.mgmt.PatchOpenAICompat) - mgmt.DELETE("/openai-compatibility", s.mgmt.DeleteOpenAICompat) - - mgmt.GET("/vertex-api-key", s.mgmt.GetVertexCompatKeys) - mgmt.PUT("/vertex-api-key", s.mgmt.PutVertexCompatKeys) - mgmt.PATCH("/vertex-api-key", s.mgmt.PatchVertexCompatKey) - mgmt.DELETE("/vertex-api-key", s.mgmt.DeleteVertexCompatKey) - - mgmt.GET("/oauth-excluded-models", s.mgmt.GetOAuthExcludedModels) - mgmt.PUT("/oauth-excluded-models", s.mgmt.PutOAuthExcludedModels) - mgmt.PATCH("/oauth-excluded-models", s.mgmt.PatchOAuthExcludedModels) - mgmt.DELETE("/oauth-excluded-models", s.mgmt.DeleteOAuthExcludedModels) - - mgmt.GET("/oauth-model-alias", s.mgmt.GetOAuthModelAlias) - mgmt.PUT("/oauth-model-alias", s.mgmt.PutOAuthModelAlias) - mgmt.PATCH("/oauth-model-alias", s.mgmt.PatchOAuthModelAlias) - mgmt.DELETE("/oauth-model-alias", s.mgmt.DeleteOAuthModelAlias) - - mgmt.GET("/auth-files", s.mgmt.ListAuthFiles) - mgmt.GET("/auth-files/models", s.mgmt.GetAuthFileModels) - mgmt.GET("/model-definitions/:channel", s.mgmt.GetStaticModelDefinitions) - mgmt.GET("/auth-files/download", s.mgmt.DownloadAuthFile) - mgmt.POST("/auth-files", s.mgmt.UploadAuthFile) - mgmt.DELETE("/auth-files", s.mgmt.DeleteAuthFile) - mgmt.PATCH("/auth-files/status", s.mgmt.PatchAuthFileStatus) - mgmt.PATCH("/auth-files/fields", s.mgmt.PatchAuthFileFields) - mgmt.POST("/vertex/import", s.mgmt.ImportVertexCredential) - - mgmt.GET("/anthropic-auth-url", s.mgmt.RequestAnthropicToken) - mgmt.GET("/codex-auth-url", s.mgmt.RequestCodexToken) - mgmt.GET("/gemini-cli-auth-url", s.mgmt.RequestGeminiCLIToken) - mgmt.GET("/antigravity-auth-url", s.mgmt.RequestAntigravityToken) - mgmt.GET("/qwen-auth-url", s.mgmt.RequestQwenToken) - mgmt.GET("/kilo-auth-url", s.mgmt.RequestKiloToken) - mgmt.GET("/kimi-auth-url", s.mgmt.RequestKimiToken) - mgmt.GET("/iflow-auth-url", s.mgmt.RequestIFlowToken) - mgmt.POST("/iflow-auth-url", s.mgmt.RequestIFlowCookieToken) - mgmt.GET("/kiro-auth-url", s.mgmt.RequestKiroToken) - mgmt.GET("/github-auth-url", s.mgmt.RequestGitHubToken) - mgmt.POST("/oauth-callback", s.mgmt.PostOAuthCallback) - mgmt.GET("/get-auth-status", s.mgmt.GetAuthStatus) - } -} - -func (s *Server) managementAvailabilityMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - if !s.managementRoutesEnabled.Load() { - c.AbortWithStatus(http.StatusNotFound) - return - } - c.Next() - } -} - -func (s *Server) serveManagementControlPanel(c *gin.Context) { - cfg := s.cfg - if cfg == nil || cfg.RemoteManagement.DisableControlPanel { - c.AbortWithStatus(http.StatusNotFound) - return - } - filePath := managementasset.FilePath(s.configFilePath) - if strings.TrimSpace(filePath) == "" { - c.AbortWithStatus(http.StatusNotFound) - return - } - - if _, err := os.Stat(filePath); err != nil { - if os.IsNotExist(err) { - // Synchronously ensure management.html is available with a detached context. - // Control panel bootstrap should not be canceled by client disconnects. - if !managementasset.EnsureLatestManagementHTML(context.Background(), managementasset.StaticDir(s.configFilePath), cfg.ProxyURL, cfg.RemoteManagement.PanelGitHubRepository) { - c.AbortWithStatus(http.StatusNotFound) - return - } - } else { - log.WithError(err).Error("failed to stat management control panel asset") - c.AbortWithStatus(http.StatusInternalServerError) - return - } - } - - c.File(filePath) -} - -func (s *Server) enableKeepAlive(timeout time.Duration, onTimeout func()) { - if timeout <= 0 || onTimeout == nil { - return - } - - s.keepAliveEnabled = true - s.keepAliveTimeout = timeout - s.keepAliveOnTimeout = onTimeout - s.keepAliveHeartbeat = make(chan struct{}, 1) - s.keepAliveStop = make(chan struct{}, 1) - - s.engine.GET("/keep-alive", s.handleKeepAlive) - - go s.watchKeepAlive() -} - -func (s *Server) handleKeepAlive(c *gin.Context) { - if s.localPassword != "" { - provided := strings.TrimSpace(c.GetHeader("Authorization")) - if provided != "" { - parts := strings.SplitN(provided, " ", 2) - if len(parts) == 2 && strings.EqualFold(parts[0], "bearer") { - provided = parts[1] - } - } - if provided == "" { - provided = strings.TrimSpace(c.GetHeader("X-Local-Password")) - } - if subtle.ConstantTimeCompare([]byte(provided), []byte(s.localPassword)) != 1 { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid password"}) - return - } - } - - s.signalKeepAlive() - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} - -func (s *Server) signalKeepAlive() { - if !s.keepAliveEnabled { - return - } - select { - case s.keepAliveHeartbeat <- struct{}{}: - default: - } -} - -func (s *Server) watchKeepAlive() { - if !s.keepAliveEnabled { - return - } - - timer := time.NewTimer(s.keepAliveTimeout) - defer timer.Stop() - - for { - select { - case <-timer.C: - log.Warnf("keep-alive endpoint idle for %s, shutting down", s.keepAliveTimeout) - if s.keepAliveOnTimeout != nil { - s.keepAliveOnTimeout() - } - return - case <-s.keepAliveHeartbeat: - if !timer.Stop() { - select { - case <-timer.C: - default: - } - } - timer.Reset(s.keepAliveTimeout) - case <-s.keepAliveStop: - return - } - } -} - -// unifiedModelsHandler creates a unified handler for the /v1/models endpoint -// that routes to different handlers based on the User-Agent header. -// If User-Agent starts with "claude-cli", it routes to Claude handler, -// otherwise it routes to OpenAI handler. -func (s *Server) unifiedModelsHandler(openaiHandler *openai.OpenAIAPIHandler, claudeHandler *claude.ClaudeCodeAPIHandler) gin.HandlerFunc { - return func(c *gin.Context) { - userAgent := c.GetHeader("User-Agent") - - // Route to Claude handler if User-Agent starts with "claude-cli" - if strings.HasPrefix(userAgent, "claude-cli") { - // log.Debugf("Routing /v1/models to Claude handler for User-Agent: %s", userAgent) - claudeHandler.ClaudeModels(c) - } else { - // log.Debugf("Routing /v1/models to OpenAI handler for User-Agent: %s", userAgent) - openaiHandler.OpenAIModels(c) - } - } -} - -// Start begins listening for and serving HTTP or HTTPS requests. -// It's a blocking call and will only return on an unrecoverable error. -// -// Returns: -// - error: An error if the server fails to start -func (s *Server) Start() error { - if s == nil || s.server == nil { - return fmt.Errorf("failed to start HTTP server: server not initialized") - } - - useTLS := s.cfg != nil && s.cfg.TLS.Enable - if useTLS { - cert := strings.TrimSpace(s.cfg.TLS.Cert) - key := strings.TrimSpace(s.cfg.TLS.Key) - if cert == "" || key == "" { - return fmt.Errorf("failed to start HTTPS server: tls.cert or tls.key is empty") - } - log.Debugf("Starting API server on %s with TLS", s.server.Addr) - if errServeTLS := s.server.ListenAndServeTLS(cert, key); errServeTLS != nil && !errors.Is(errServeTLS, http.ErrServerClosed) { - return fmt.Errorf("failed to start HTTPS server: %v", errServeTLS) - } - return nil - } - - log.Debugf("Starting API server on %s", s.server.Addr) - if errServe := s.server.ListenAndServe(); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) { - return fmt.Errorf("failed to start HTTP server: %v", errServe) - } - - return nil -} - -// Stop gracefully shuts down the API server without interrupting any -// active connections. -// -// Parameters: -// - ctx: The context for graceful shutdown -// -// Returns: -// - error: An error if the server fails to stop -func (s *Server) Stop(ctx context.Context) error { - log.Debug("Stopping API server...") - - if s.keepAliveEnabled { - select { - case s.keepAliveStop <- struct{}{}: - default: - } - } - - select { - case s.shmStop <- struct{}{}: - default: - } - - // Shutdown the HTTP server. - if err := s.server.Shutdown(ctx); err != nil { - return fmt.Errorf("failed to shutdown HTTP server: %v", err) - } - - log.Debug("API server stopped") - return nil -} - -// corsMiddleware returns a Gin middleware handler that adds CORS headers -// to every response, allowing cross-origin requests. -// -// Returns: -// - gin.HandlerFunc: The CORS middleware handler -func corsMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - c.Header("Access-Control-Allow-Origin", "*") - c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS") - c.Header("Access-Control-Allow-Headers", "*") - - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(http.StatusNoContent) - return - } - - c.Next() - } -} - -func (s *Server) applyAccessConfig(oldCfg, newCfg *config.Config) { - if s == nil || s.accessManager == nil || newCfg == nil { - return - } - if _, err := access.ApplyAccessProviders(s.accessManager, oldCfg, newCfg); err != nil { - return - } -} - -// UpdateClients updates the server's client list and configuration. -// This method is called when the configuration or authentication tokens change. -// -// Parameters: -// - clients: The new slice of AI service clients -// - cfg: The new application configuration -func (s *Server) UpdateClients(cfg *config.Config) { - // Reconstruct old config from YAML snapshot to avoid reference sharing issues - var oldCfg *config.Config - if len(s.oldConfigYaml) > 0 { - _ = yaml.Unmarshal(s.oldConfigYaml, &oldCfg) - } - - // Update request logger enabled state if it has changed - previousRequestLog := false - if oldCfg != nil { - previousRequestLog = oldCfg.RequestLog - } - if s.requestLogger != nil && (oldCfg == nil || previousRequestLog != cfg.RequestLog) { - if s.loggerToggle != nil { - s.loggerToggle(cfg.RequestLog) - } else if toggler, ok := s.requestLogger.(interface{ SetEnabled(bool) }); ok { - toggler.SetEnabled(cfg.RequestLog) - } - } - - if oldCfg == nil || oldCfg.LoggingToFile != cfg.LoggingToFile || oldCfg.LogsMaxTotalSizeMB != cfg.LogsMaxTotalSizeMB { - if err := logging.ConfigureLogOutput(cfg); err != nil { - log.Errorf("failed to reconfigure log output: %v", err) - } - } - - if oldCfg == nil || oldCfg.UsageStatisticsEnabled != cfg.UsageStatisticsEnabled { - usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled) - } - - if s.requestLogger != nil && (oldCfg == nil || oldCfg.ErrorLogsMaxFiles != cfg.ErrorLogsMaxFiles) { - if setter, ok := s.requestLogger.(interface{ SetErrorLogsMaxFiles(int) }); ok { - setter.SetErrorLogsMaxFiles(cfg.ErrorLogsMaxFiles) - } - } - - if oldCfg == nil || oldCfg.DisableCooling != cfg.DisableCooling { - auth.SetQuotaCooldownDisabled(cfg.DisableCooling) - } - - if s.handlers != nil && s.handlers.AuthManager != nil { - s.handlers.AuthManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second) - } - - // Update log level dynamically when debug flag changes - if oldCfg == nil || oldCfg.Debug != cfg.Debug { - util.SetLogLevel(cfg) - } - - prevSecretEmpty := true - if oldCfg != nil { - prevSecretEmpty = oldCfg.RemoteManagement.SecretKey == "" - } - newSecretEmpty := cfg.RemoteManagement.SecretKey == "" - if s.envManagementSecret { - s.registerManagementRoutes() - if s.managementRoutesEnabled.CompareAndSwap(false, true) { - log.Info("management routes enabled via MANAGEMENT_PASSWORD") - } else { - s.managementRoutesEnabled.Store(true) - } - } else { - switch { - case prevSecretEmpty && !newSecretEmpty: - s.registerManagementRoutes() - if s.managementRoutesEnabled.CompareAndSwap(false, true) { - log.Info("management routes enabled after secret key update") - } else { - s.managementRoutesEnabled.Store(true) - } - case !prevSecretEmpty && newSecretEmpty: - if s.managementRoutesEnabled.CompareAndSwap(true, false) { - log.Info("management routes disabled after secret key removal") - } else { - s.managementRoutesEnabled.Store(false) - } - default: - s.managementRoutesEnabled.Store(!newSecretEmpty) - } - } - - s.applyAccessConfig(oldCfg, cfg) - s.cfg = cfg - s.wsAuthEnabled.Store(cfg.WebsocketAuth) - if oldCfg != nil && s.wsAuthChanged != nil && oldCfg.WebsocketAuth != cfg.WebsocketAuth { - s.wsAuthChanged(oldCfg.WebsocketAuth, cfg.WebsocketAuth) - } - managementasset.SetCurrentConfig(cfg) - // Save YAML snapshot for next comparison - s.oldConfigYaml, _ = yaml.Marshal(cfg) - - s.handlers.UpdateClients(&cfg.SDKConfig) - - if s.mgmt != nil { - s.mgmt.SetConfig(cfg) - s.mgmt.SetAuthManager(s.handlers.AuthManager) - } - - // Notify Amp module only when Amp config has changed. - ampConfigChanged := oldCfg == nil || !reflect.DeepEqual(oldCfg.AmpCode, cfg.AmpCode) - if ampConfigChanged { - if s.ampModule != nil { - log.Debugf("triggering amp module config update") - if err := s.ampModule.OnConfigUpdated(cfg); err != nil { - log.Errorf("failed to update Amp module config: %v", err) - } - } else { - log.Warnf("amp module is nil, skipping config update") - } - } - - // Count client sources from configuration and auth store. - tokenStore := sdkAuth.GetTokenStore() - if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(cfg.AuthDir) - } - authEntries := util.CountAuthFiles(context.Background(), tokenStore) - geminiAPIKeyCount := len(cfg.GeminiKey) - claudeAPIKeyCount := len(cfg.ClaudeKey) - codexAPIKeyCount := len(cfg.CodexKey) - vertexAICompatCount := len(cfg.VertexCompatAPIKey) - openAICompatCount := 0 - for i := range cfg.OpenAICompatibility { - entry := cfg.OpenAICompatibility[i] - openAICompatCount += len(entry.APIKeyEntries) - } - - total := authEntries + geminiAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + vertexAICompatCount + openAICompatCount - // nolint:gosec // false positive: these are integer counts, not actual API keys - fmt.Printf("server clients and configuration updated: %d clients (%d auth entries + %d Gemini API keys + %d Claude API keys + %d Codex keys + %d Vertex-compat + %d OpenAI-compat)\n", - total, - authEntries, - geminiAPIKeyCount, - claudeAPIKeyCount, - codexAPIKeyCount, - vertexAICompatCount, - openAICompatCount, - ) -} - -func (s *Server) SetWebsocketAuthChangeHandler(fn func(bool, bool)) { - if s == nil { - return - } - s.wsAuthChanged = fn -} - -// (management handlers moved to pkg/llmproxy/api/handlers/management) - -// AuthMiddleware returns a Gin middleware handler that authenticates requests -// using the configured authentication providers. When no providers are available, -// it allows all requests (legacy behaviour). -func AuthMiddleware(manager *sdkaccess.Manager) gin.HandlerFunc { - return func(c *gin.Context) { - if manager == nil { - c.Next() - return - } - - result, err := manager.Authenticate(c.Request.Context(), c.Request) - if err == nil { - if result != nil { - c.Set("apiKey", result.Principal) - c.Set("accessProvider", result.Provider) - if len(result.Metadata) > 0 { - c.Set("accessMetadata", result.Metadata) - } - } - c.Next() - return - } - - statusCode := err.HTTPStatusCode() - if statusCode >= http.StatusInternalServerError { - log.Errorf("authentication middleware error: %v", err) - } - c.AbortWithStatusJSON(statusCode, gin.H{"error": err.Message}) - } -} - -// startSHMSyncLoop periodically syncs provider metrics to the shared memory mesh. -func (s *Server) startSHMSyncLoop() { - shmPath := os.Getenv("THEGENT_SHM_PATH") - if shmPath == "" { - shmPath = "/tmp/thegent-bridge/state.shm" - } - - // Ensure directory exists - shmDir := filepath.Dir(shmPath) - _ = os.MkdirAll(shmDir, 0755) - - ticker := time.NewTicker(2 * time.Second) - defer ticker.Stop() - - log.Info("Starting SHM metrics sync loop") - for { - select { - case <-ticker.C: - _ = usage.SyncToSHM(shmPath) - case <-s.shmStop: - return - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/server_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/api/server_test.go deleted file mode 100644 index c5c52a3bfb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/api/server_test.go +++ /dev/null @@ -1,916 +0,0 @@ -package api - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "sort" - "strings" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreusage "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/usage" - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - sdkusage "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - "github.com/stretchr/testify/require" -) - -func TestNewServer(t *testing.T) { - cfg := &config.Config{ - Port: 8080, - Debug: true, - } - authManager := auth.NewManager(nil, nil, nil) - accessManager := sdkaccess.NewManager() - - s := NewServer(cfg, authManager, accessManager, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - if s.engine == nil { - t.Error("engine is nil") - } - - if s.handlers == nil { - t.Error("handlers is nil") - } -} - -func TestServer_RootEndpoint(t *testing.T) { - gin.SetMode(gin.TestMode) - cfg := &config.Config{Debug: true} - s := NewServer(cfg, nil, nil, "config.yaml") - - w := httptest.NewRecorder() - req, _ := http.NewRequest("GET", "/", nil) - s.engine.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Errorf("expected status 200, got %d", w.Code) - } -} - -func TestWithMiddleware(t *testing.T) { - called := false - mw := func(c *gin.Context) { - called = true - c.Next() - } - - cfg := &config.Config{Debug: true} - s := NewServer(cfg, nil, nil, "config.yaml", WithMiddleware(mw)) - - w := httptest.NewRecorder() - req, _ := http.NewRequest("GET", "/", nil) - s.engine.ServeHTTP(w, req) - - if !called { - t.Error("extra middleware was not called") - } -} - -func TestWithKeepAliveEndpoint(t *testing.T) { - onTimeout := func() { - } - - cfg := &config.Config{Debug: true} - s := NewServer(cfg, nil, nil, "config.yaml", WithKeepAliveEndpoint(100*time.Millisecond, onTimeout)) - - if !s.keepAliveEnabled { - t.Error("keep-alive should be enabled") - } - - w := httptest.NewRecorder() - req, _ := http.NewRequest("GET", "/keep-alive", nil) - s.engine.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Errorf("expected status 200, got %d", w.Code) - } - - require.NoError(t, s.Stop(context.Background())) -} - -func TestServer_SetupRoutes_IsIdempotent(t *testing.T) { - cfg := &config.Config{Debug: true} - s := NewServer(cfg, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - countRoute := func(method, path string) int { - count := 0 - for _, r := range s.engine.Routes() { - if r.Method == method && r.Path == path { - count++ - } - } - return count - } - - if got := countRoute(http.MethodGet, "/v1/responses"); got != 1 { - t.Fatalf("expected 1 GET /v1/responses route, got %d", got) - } - if got := countRoute(http.MethodPost, "/v1/responses"); got != 1 { - t.Fatalf("expected 1 POST /v1/responses route, got %d", got) - } - if got := countRoute(http.MethodGet, "/v1/models"); got != 1 { - t.Fatalf("expected 1 GET /v1/models route, got %d", got) - } - if got := countRoute(http.MethodGet, "/v1/metrics/providers"); got != 1 { - t.Fatalf("expected 1 GET /v1/metrics/providers route, got %d", got) - } - if got := countRoute(http.MethodGet, "/v1/responses/ws"); got != 1 { - t.Fatalf("expected 1 GET /v1/responses/ws route, got %d", got) - } - - defer func() { - if recovered := recover(); recovered == nil { - t.Fatal("expected setupRoutes to panic on duplicate route registration") - } - }() - s.setupRoutes() -} - -func TestServer_SetupRoutes_ResponsesWebsocketFlag(t *testing.T) { - disabled := false - cfg := &config.Config{ - Debug: true, - ResponsesWebsocketEnabled: &disabled, - } - s := NewServer(cfg, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - for _, r := range s.engine.Routes() { - if r.Method == http.MethodGet && r.Path == "/v1/responses/ws" { - t.Fatalf("expected /v1/responses/ws to be disabled by config flag") - } - } -} - -func TestServer_SetupRoutes_DuplicateInvocationPreservesRouteCount(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - countRoute := func(method, path string) int { - count := 0 - for _, r := range s.engine.Routes() { - if r.Method == method && r.Path == path { - count++ - } - } - return count - } - - _ = countRoute - defer func() { - if recovered := recover(); recovered == nil { - t.Fatal("expected setupRoutes to panic on duplicate route registration") - } - }() - s.setupRoutes() -} - -func TestServer_AttachWebsocketRoute_IsIdempotent(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - wsPath := "/v1/internal/ws-dup" - s.AttachWebsocketRoute(wsPath, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusNoContent) - })) - s.AttachWebsocketRoute(wsPath, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusNoContent) - })) - - resp := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, wsPath, nil) - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusNoContent { - t.Fatalf("unexpected status from ws route: got %d want %d", resp.Code, http.StatusNoContent) - } - - const method = http.MethodGet - count := 0 - for _, route := range s.engine.Routes() { - if route.Method == method && route.Path == wsPath { - count++ - } - } - if count != 1 { - t.Fatalf("expected websocket route to be registered once, got %d", count) - } -} - -func TestServer_RoutesNamespaceIsolation(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - for _, r := range s.engine.Routes() { - if strings.HasPrefix(r.Path, "/agent/") { - t.Fatalf("unexpected control-plane /agent route overlap: %s %s", r.Method, r.Path) - } - } -} - -func TestServer_ResponsesRouteSupportsHttpAndWebsocketShapes(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - getReq := httptest.NewRequest(http.MethodGet, "/v1/responses", nil) - getResp := httptest.NewRecorder() - s.engine.ServeHTTP(getResp, getReq) - if got := getResp.Code; got != http.StatusBadRequest { - t.Fatalf("GET /v1/responses should be websocket-capable and return 400 without upgrade, got %d", got) - } - - postReq := httptest.NewRequest(http.MethodPost, "/v1/responses", strings.NewReader(`{}`)) - postResp := httptest.NewRecorder() - s.engine.ServeHTTP(postResp, postReq) - if postResp.Code == http.StatusNotFound { - t.Fatalf("POST /v1/responses should exist") - } -} - -func TestServer_StartupSmokeEndpoints(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - t.Run("GET /v1/models", func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/v1/models", nil) - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusOK { - t.Fatalf("GET /v1/models expected 200, got %d", resp.Code) - } - var body struct { - Object string `json:"object"` - Data []json.RawMessage `json:"data"` - } - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /v1/models: %v", err) - } - if body.Object != "list" { - t.Fatalf("expected /v1/models object=list, got %q", body.Object) - } - _ = body.Data - }) - - t.Run("GET /v1/metrics/providers", func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/v1/metrics/providers", nil) - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusOK { - t.Fatalf("GET /v1/metrics/providers expected 200, got %d", resp.Code) - } - var body map[string]any - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /v1/metrics/providers: %v", err) - } - _ = body - }) -} - -func TestServer_StartupSmokeEndpoints_UserAgentVariants(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - for _, tc := range []struct { - name string - userAgent string - minEntries int - }{ - {name: "openai-compatible default", userAgent: "", minEntries: 1}, - {name: "claude-cli user-agent", userAgent: "claude-cli/1.0", minEntries: 0}, - {name: "CLAUDE-CLI uppercase user-agent", userAgent: "Claude-CLI/1.0", minEntries: 0}, - } { - t.Run(tc.name, func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/v1/models", nil) - if tc.userAgent != "" { - req.Header.Set("User-Agent", tc.userAgent) - } - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusOK { - t.Fatalf("GET /v1/models expected 200, got %d", resp.Code) - } - - var body struct { - Object string `json:"object"` - Data []any `json:"data"` - } - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /v1/models: %v", err) - } - if body.Object != "list" { - t.Fatalf("expected /v1/models object=list, got %q", body.Object) - } - if len(body.Data) < tc.minEntries { - t.Fatalf("expected at least %d models, got %d", tc.minEntries, len(body.Data)) - } - }) - } -} - -func TestServer_StartupSmokeEndpoints_MetricsShapeIncludesKnownProvider(t *testing.T) { - stats := coreusage.GetRequestStatistics() - ctx := context.Background() - stats.Record(ctx, sdkusage.Record{ - APIKey: "nim", - Model: "gpt-4.1-nano", - Detail: sdkusage.Detail{TotalTokens: 77}, - }) - - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - - req := httptest.NewRequest(http.MethodGet, "/v1/metrics/providers", nil) - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusOK { - t.Fatalf("GET /v1/metrics/providers expected 200, got %d", resp.Code) - } - - var body map[string]map[string]any - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /v1/metrics/providers: %v", err) - } - metrics, ok := body["nim"] - if !ok { - t.Fatalf("expected nim provider in metrics payload, got keys=%s", strings.Join(sortedMetricKeys(body), ",")) - } - for _, field := range []string{"request_count", "success_count", "failure_count", "success_rate", "cost_per_1k_input", "cost_per_1k_output"} { - if _, exists := metrics[field]; !exists { - t.Fatalf("expected metric field %q for nim", field) - } - } - requestCount, _ := metrics["request_count"].(float64) - if requestCount < 1 { - t.Fatalf("expected positive request_count for nim, got %v", requestCount) - } -} - -func sortedMetricKeys(m map[string]map[string]any) []string { - if len(m) == 0 { - return []string{} - } - keys := make([]string, 0, len(m)) - for k := range m { - keys = append(keys, k) - } - sort.Strings(keys) - return keys -} - -func requireControlPlaneRoutes(t *testing.T, s *Server) { - t.Helper() - hasMessage := false - hasMessages := false - for _, r := range s.engine.Routes() { - if r.Method == http.MethodPost && r.Path == "/message" { - hasMessage = true - } - if r.Method == http.MethodGet && r.Path == "/messages" { - hasMessages = true - } - } - if !hasMessage || !hasMessages { - t.Skip("control-plane routes are not registered in current server route graph") - } -} - -func TestServer_ControlPlane_MessageLifecycle(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - t.Run("POST /message creates session and returns accepted event context", func(t *testing.T) { - reqBody := `{"message":"hello from client","capability":"continue"}` - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusAccepted { - t.Fatalf("POST /message expected %d, got %d", http.StatusAccepted, resp.Code) - } - - var body struct { - SessionID string `json:"session_id"` - Status string `json:"status"` - } - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /message: %v", err) - } - if body.SessionID == "" { - t.Fatal("expected non-empty session_id") - } - if body.Status != "done" { - t.Fatalf("expected status=done, got %q", body.Status) - } - - msgReq := httptest.NewRequest(http.MethodGet, "/messages?session_id="+body.SessionID, nil) - msgResp := httptest.NewRecorder() - s.engine.ServeHTTP(msgResp, msgReq) - if msgResp.Code != http.StatusOK { - t.Fatalf("GET /messages expected 200, got %d", msgResp.Code) - } - - var msgBody struct { - SessionID string `json:"session_id"` - Messages []struct { - Content string `json:"content"` - } `json:"messages"` - } - if err := json.Unmarshal(msgResp.Body.Bytes(), &msgBody); err != nil { - t.Fatalf("invalid JSON from /messages: %v", err) - } - if msgBody.SessionID != body.SessionID { - t.Fatalf("expected session_id %q, got %q", body.SessionID, msgBody.SessionID) - } - if len(msgBody.Messages) != 1 || msgBody.Messages[0].Content != "hello from client" { - t.Fatalf("expected single message content, got %#v", msgBody.Messages) - } - }) - - t.Run("GET /status without session_id", func(t *testing.T) { - resp := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodGet, "/status", nil) - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusBadRequest { - t.Fatalf("GET /status expected %d, got %d", http.StatusBadRequest, resp.Code) - } - }) - - t.Run("GET /events emits status event", func(t *testing.T) { - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(`{"message":"status probe"}`)) - req.Header.Set("Content-Type", "application/json") - msgResp := httptest.NewRecorder() - s.engine.ServeHTTP(msgResp, req) - if msgResp.Code != http.StatusAccepted { - t.Fatalf("POST /message expected %d, got %d", http.StatusAccepted, msgResp.Code) - } - var msg struct { - SessionID string `json:"session_id"` - } - if err := json.Unmarshal(msgResp.Body.Bytes(), &msg); err != nil { - t.Fatalf("invalid JSON from /message: %v", err) - } - if msg.SessionID == "" { - t.Fatal("expected session_id") - } - - reqEvt := httptest.NewRequest(http.MethodGet, "/events?session_id="+msg.SessionID, nil) - respEvt := httptest.NewRecorder() - s.engine.ServeHTTP(respEvt, reqEvt) - if respEvt.Code != http.StatusOK { - t.Fatalf("GET /events expected %d, got %d", http.StatusOK, respEvt.Code) - } - if ct := respEvt.Result().Header.Get("Content-Type"); !strings.HasPrefix(ct, "text/event-stream") { - t.Fatalf("expected content-type text/event-stream, got %q", ct) - } - if !strings.Contains(respEvt.Body.String(), "data: {") { - t.Fatalf("expected SSE payload, got %q", respEvt.Body.String()) - } - }) -} - -func TestServer_ControlPlane_UnsupportedCapability(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - resp := httptest.NewRecorder() - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(`{"message":"x","capability":"pause"}`)) - req.Header.Set("Content-Type", "application/json") - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusNotImplemented { - t.Fatalf("expected status %d for unsupported capability, got %d", http.StatusNotImplemented, resp.Code) - } - var body map[string]any - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /message: %v", err) - } - if _, ok := body["unsupported capability"]; ok { - t.Fatalf("error payload has wrong schema: %v", body) - } - if body["error"] != "unsupported capability" { - t.Fatalf("expected unsupported capability error, got %v", body["error"]) - } -} - -func TestServer_ControlPlane_NormalizeCapabilityAliases(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - for _, capability := range []string{"continue", "resume", "ask", "exec", "max"} { - t.Run(capability, func(t *testing.T) { - reqBody := `{"message":"alias test","capability":"` + capability + `"}` - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusAccepted { - t.Fatalf("capability=%s expected %d, got %d", capability, http.StatusAccepted, resp.Code) - } - var body struct { - SessionID string `json:"session_id"` - Status string `json:"status"` - MessageID string `json:"message_id"` - MessageCount int `json:"message_count"` - } - if err := json.Unmarshal(resp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /message for %s: %v", capability, err) - } - if body.SessionID == "" { - t.Fatalf("expected non-empty session_id for capability %s", capability) - } - if body.Status != "done" { - t.Fatalf("expected status=done for capability %s, got %q", capability, body.Status) - } - if body.MessageID == "" { - t.Fatalf("expected message_id for capability %s", capability) - } - if body.MessageCount != 1 { - t.Fatalf("expected message_count=1 for capability %s, got %d", capability, body.MessageCount) - } - }) - } -} - -func TestNormalizeControlPlaneCapability(t *testing.T) { - tcs := []struct { - name string - input string - normalized string - isSupported bool - }{ - {name: "empty accepted", input: "", normalized: "", isSupported: true}, - {name: "continue canonical", input: "continue", normalized: "continue", isSupported: true}, - {name: "resume canonical", input: "resume", normalized: "resume", isSupported: true}, - {name: "ask alias", input: "ask", normalized: "continue", isSupported: true}, - {name: "exec alias", input: "exec", normalized: "continue", isSupported: true}, - {name: "max alias", input: "max", normalized: "continue", isSupported: true}, - {name: "max with spaces", input: " MAX ", normalized: "continue", isSupported: true}, - {name: "mixed-case", input: "ExEc", normalized: "continue", isSupported: true}, - {name: "unsupported", input: "pause", normalized: "pause", isSupported: false}, - } - - for _, tc := range tcs { - t.Run(tc.name, func(t *testing.T) { - got, ok := normalizeControlPlaneCapability(tc.input) - if ok != tc.isSupported { - t.Fatalf("input=%q expected ok=%v, got=%v", tc.input, tc.isSupported, ok) - } - if got != tc.normalized { - t.Fatalf("input=%q expected normalized=%q, got=%q", tc.input, tc.normalized, got) - } - }) - } -} - -func normalizeControlPlaneCapability(capability string) (string, bool) { - normalized := strings.ToLower(strings.TrimSpace(capability)) - switch normalized { - case "": - return "", true - case "continue", "resume": - return normalized, true - case "ask", "exec", "max": - return "continue", true - default: - return normalized, false - } -} - -func TestServer_ControlPlane_NamespaceAndMethodIsolation(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - countRoute := func(method, path string) int { - count := 0 - for _, r := range s.engine.Routes() { - if r.Method == method && r.Path == path { - count++ - } - } - return count - } - - if got := countRoute(http.MethodGet, "/messages"); got != 1 { - t.Fatalf("expected one GET /messages route for control-plane status lookup, got %d", got) - } - if got := countRoute(http.MethodPost, "/v1/messages"); got != 1 { - t.Fatalf("expected one POST /v1/messages route for model plane, got %d", got) - } - - notExpected := map[string]struct{}{ - http.MethodGet + " /agent/messages": {}, - http.MethodGet + " /agent/status": {}, - http.MethodGet + " /agent/events": {}, - http.MethodPost + " /agent/message": {}, - } - for _, r := range s.engine.Routes() { - key := r.Method + " " + r.Path - if _, ok := notExpected[key]; ok { - t.Fatalf("unexpected /agent namespace route discovered: %s", key) - } - } -} - -func TestServer_ControlPlane_IdempotencyKey_ReplaysResponseAndPreventsDuplicateMessages(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - const idempotencyKey = "idempotency-replay-key" - const sessionID = "cp-replay-session" - - reqBody := `{"session_id":"` + sessionID + `","message":"replay me","capability":"continue"}` - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Idempotency-Key", idempotencyKey) - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusAccepted { - t.Fatalf("first POST /message expected %d, got %d", http.StatusAccepted, resp.Code) - } - var first struct { - SessionID string `json:"session_id"` - MessageID string `json:"message_id"` - MessageCount int `json:"message_count"` - } - if err := json.Unmarshal(resp.Body.Bytes(), &first); err != nil { - t.Fatalf("invalid JSON from first /message: %v", err) - } - if first.SessionID != sessionID { - t.Fatalf("expected session_id=%q, got %q", sessionID, first.SessionID) - } - if first.MessageID == "" { - t.Fatal("expected message_id in first response") - } - if first.MessageCount != 1 { - t.Fatalf("expected message_count=1 on first request, got %d", first.MessageCount) - } - - replayReq := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - replayReq.Header.Set("Content-Type", "application/json") - replayReq.Header.Set("Idempotency-Key", idempotencyKey) - replayResp := httptest.NewRecorder() - s.engine.ServeHTTP(replayResp, replayReq) - if replayResp.Code != http.StatusAccepted { - t.Fatalf("replay POST /message expected %d, got %d", http.StatusAccepted, replayResp.Code) - } - - var replay struct { - SessionID string `json:"session_id"` - MessageID string `json:"message_id"` - MessageCount int `json:"message_count"` - } - if err := json.Unmarshal(replayResp.Body.Bytes(), &replay); err != nil { - t.Fatalf("invalid JSON from replay /message: %v", err) - } - if replay.SessionID != sessionID { - t.Fatalf("expected replay session_id=%q, got %q", sessionID, replay.SessionID) - } - if replay.MessageID != first.MessageID { - t.Fatalf("expected replay to reuse message_id %q, got %q", first.MessageID, replay.MessageID) - } - if replay.MessageCount != first.MessageCount { - t.Fatalf("expected replay message_count=%d, got %d", first.MessageCount, replay.MessageCount) - } - - msgReq := httptest.NewRequest(http.MethodGet, "/messages?session_id="+sessionID, nil) - msgResp := httptest.NewRecorder() - s.engine.ServeHTTP(msgResp, msgReq) - if msgResp.Code != http.StatusOK { - t.Fatalf("GET /messages expected %d, got %d", http.StatusOK, msgResp.Code) - } - var msgBody struct { - Messages []struct { - MessageID string `json:"message_id"` - } `json:"messages"` - } - if err := json.Unmarshal(msgResp.Body.Bytes(), &msgBody); err != nil { - t.Fatalf("invalid JSON from /messages: %v", err) - } - if len(msgBody.Messages) != 1 { - t.Fatalf("expected one stored message, got %d", len(msgBody.Messages)) - } - if msgBody.Messages[0].MessageID != first.MessageID { - t.Fatalf("expected stored message_id=%q, got %q", first.MessageID, msgBody.Messages[0].MessageID) - } -} - -func TestServer_ControlPlane_IdempotencyKey_DifferentKeysCreateDifferentMessages(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - const sessionID = "cp-replay-session-dupe" - reqBody := `{"session_id":"` + sessionID + `","message":"first","capability":"continue"}` - - keyOneReq := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - keyOneReq.Header.Set("Content-Type", "application/json") - keyOneReq.Header.Set("Idempotency-Key", "dup-key-one") - keyOneResp := httptest.NewRecorder() - s.engine.ServeHTTP(keyOneResp, keyOneReq) - if keyOneResp.Code != http.StatusAccepted { - t.Fatalf("first message expected %d, got %d", http.StatusAccepted, keyOneResp.Code) - } - - keyTwoReq := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - keyTwoReq.Header.Set("Content-Type", "application/json") - keyTwoReq.Header.Set("Idempotency-Key", "dup-key-two") - keyTwoResp := httptest.NewRecorder() - s.engine.ServeHTTP(keyTwoResp, keyTwoReq) - if keyTwoResp.Code != http.StatusAccepted { - t.Fatalf("second message expected %d, got %d", http.StatusAccepted, keyTwoResp.Code) - } - - msgReq := httptest.NewRequest(http.MethodGet, "/messages?session_id="+sessionID, nil) - msgResp := httptest.NewRecorder() - s.engine.ServeHTTP(msgResp, msgReq) - if msgResp.Code != http.StatusOK { - t.Fatalf("GET /messages expected %d, got %d", http.StatusOK, msgResp.Code) - } - var msgBody struct { - Messages []struct { - MessageID string `json:"message_id"` - Content string `json:"content"` - } `json:"messages"` - } - if err := json.Unmarshal(msgResp.Body.Bytes(), &msgBody); err != nil { - t.Fatalf("invalid JSON from /messages: %v", err) - } - if len(msgBody.Messages) != 2 { - t.Fatalf("expected two stored messages for different idempotency keys, got %d", len(msgBody.Messages)) - } - if msgBody.Messages[0].MessageID == msgBody.Messages[1].MessageID { - t.Fatalf("expected unique message IDs for different idempotency keys") - } -} - -func TestServer_ControlPlane_SessionReadFallsBackToMirrorWithoutPrimary(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - sessionID := "cp-mirror-session" - reqBody := `{"session_id":"` + sessionID + `","message":"mirror test","capability":"continue"}` - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusAccepted { - t.Fatalf("POST /message expected %d, got %d", http.StatusAccepted, resp.Code) - } - - getReq := httptest.NewRequest(http.MethodGet, "/messages?session_id="+sessionID, nil) - getResp := httptest.NewRecorder() - s.engine.ServeHTTP(getResp, getReq) - if getResp.Code != http.StatusOK { - t.Fatalf("GET /messages expected %d, got %d", http.StatusOK, getResp.Code) - } - var body struct { - Messages []struct { - Content string `json:"content"` - } `json:"messages"` - } - if err := json.Unmarshal(getResp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /messages: %v", err) - } - if len(body.Messages) != 1 || body.Messages[0].Content != "mirror test" { - t.Fatalf("expected mirror-backed message payload, got %v", body.Messages) - } -} - -func TestServer_ControlPlane_ConflictBranchesPreservePreviousPayload(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - sessionID := "cp-conflict-session" - - for _, msg := range []string{"first", "second"} { - reqBody := `{"session_id":"` + sessionID + `","message":"` + msg + `","capability":"continue"}` - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusAccepted { - t.Fatalf("POST /message for %q expected %d, got %d", msg, http.StatusAccepted, resp.Code) - } - } - - getReq := httptest.NewRequest(http.MethodGet, "/messages?session_id="+sessionID, nil) - getResp := httptest.NewRecorder() - s.engine.ServeHTTP(getResp, getReq) - if getResp.Code != http.StatusOK { - t.Fatalf("GET /messages expected %d, got %d", http.StatusOK, getResp.Code) - } - var body struct { - Messages []struct { - Content string `json:"content"` - } `json:"messages"` - } - if err := json.Unmarshal(getResp.Body.Bytes(), &body); err != nil { - t.Fatalf("invalid JSON from /messages: %v", err) - } - if len(body.Messages) != 2 { - t.Fatalf("expected two messages persisted in session, got %d", len(body.Messages)) - } - if body.Messages[0].Content != "first" || body.Messages[1].Content != "second" { - t.Fatalf("expected ordered message history [first, second], got %#v", body.Messages) - } -} - -func TestServer_ControlPlane_MessagesEndpointReturnsCopy(t *testing.T) { - s := NewServer(&config.Config{Debug: true}, nil, nil, "config.yaml") - if s == nil { - t.Fatal("NewServer returned nil") - } - requireControlPlaneRoutes(t, s) - - sessionID := "cp-copy-session" - reqBody := `{"session_id":"` + sessionID + `","message":"immutable","capability":"continue"}` - req := httptest.NewRequest(http.MethodPost, "/message", strings.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - s.engine.ServeHTTP(resp, req) - if resp.Code != http.StatusAccepted { - t.Fatalf("POST /message expected %d, got %d", http.StatusAccepted, resp.Code) - } - - getReq := httptest.NewRequest(http.MethodGet, "/messages?session_id="+sessionID, nil) - getResp := httptest.NewRecorder() - s.engine.ServeHTTP(getResp, getReq) - if getResp.Code != http.StatusOK { - t.Fatalf("GET /messages expected %d, got %d", http.StatusOK, getResp.Code) - } - var first struct { - Messages []map[string]any `json:"messages"` - } - if err := json.Unmarshal(getResp.Body.Bytes(), &first); err != nil { - t.Fatalf("invalid JSON from /messages: %v", err) - } - if len(first.Messages) == 0 { - t.Fatalf("expected one message") - } - first.Messages[0]["content"] = "tampered" - - getReq2 := httptest.NewRequest(http.MethodGet, "/messages?session_id="+sessionID, nil) - getResp2 := httptest.NewRecorder() - s.engine.ServeHTTP(getResp2, getReq2) - if getResp2.Code != http.StatusOK { - t.Fatalf("second GET /messages expected %d, got %d", http.StatusOK, getResp2.Code) - } - var second struct { - Messages []struct { - Content string `json:"content"` - } `json:"messages"` - } - if err := json.Unmarshal(getResp2.Body.Bytes(), &second); err != nil { - t.Fatalf("invalid JSON from second /messages: %v", err) - } - if second.Messages[0].Content != "immutable" { - t.Fatalf("expected stored message content to remain immutable, got %q", second.Messages[0].Content) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/auth.go deleted file mode 100644 index c3660818d4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/auth.go +++ /dev/null @@ -1,344 +0,0 @@ -// Package antigravity provides OAuth2 authentication functionality for the Antigravity provider. -package antigravity - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -// TokenResponse represents OAuth token response from Google -type TokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` -} - -// userInfo represents Google user profile -type userInfo struct { - Email string `json:"email"` -} - -// AntigravityAuth handles Antigravity OAuth authentication -type AntigravityAuth struct { - httpClient *http.Client -} - -// NewAntigravityAuth creates a new Antigravity auth service. -func NewAntigravityAuth(cfg *config.Config, httpClient *http.Client) *AntigravityAuth { - if httpClient != nil { - return &AntigravityAuth{httpClient: httpClient} - } - if cfg == nil { - cfg = &config.Config{} - } - return &AntigravityAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// BuildAuthURL generates the OAuth authorization URL. -func (o *AntigravityAuth) BuildAuthURL(state, redirectURI string) string { - if strings.TrimSpace(redirectURI) == "" { - redirectURI = fmt.Sprintf("http://localhost:%d/oauth-callback", CallbackPort) - } - params := url.Values{} - params.Set("access_type", "offline") - params.Set("client_id", ClientID) - params.Set("prompt", "consent") - params.Set("redirect_uri", redirectURI) - params.Set("response_type", "code") - params.Set("scope", strings.Join(Scopes, " ")) - params.Set("state", state) - return AuthEndpoint + "?" + params.Encode() -} - -// ExchangeCodeForTokens exchanges authorization code for access and refresh tokens -func (o *AntigravityAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*TokenResponse, error) { - data := url.Values{} - data.Set("code", code) - data.Set("client_id", ClientID) - data.Set("client_secret", ClientSecret) - data.Set("redirect_uri", redirectURI) - data.Set("grant_type", "authorization_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, TokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("antigravity token exchange: create request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("antigravity token exchange: execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity token exchange: close body error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(io.LimitReader(resp.Body, 8<<10)) - if errRead != nil { - return nil, fmt.Errorf("antigravity token exchange: read response: %w", errRead) - } - body := strings.TrimSpace(string(bodyBytes)) - if body == "" { - return nil, fmt.Errorf("antigravity token exchange: request failed: status %d", resp.StatusCode) - } - return nil, fmt.Errorf("antigravity token exchange: request failed: status %d: %s", resp.StatusCode, body) - } - - var token TokenResponse - if errDecode := json.NewDecoder(resp.Body).Decode(&token); errDecode != nil { - return nil, fmt.Errorf("antigravity token exchange: decode response: %w", errDecode) - } - return &token, nil -} - -// FetchUserInfo retrieves user email from Google -func (o *AntigravityAuth) FetchUserInfo(ctx context.Context, accessToken string) (string, error) { - accessToken = strings.TrimSpace(accessToken) - if accessToken == "" { - return "", fmt.Errorf("antigravity userinfo: missing access token") - } - req, err := http.NewRequestWithContext(ctx, http.MethodGet, UserInfoEndpoint, nil) - if err != nil { - return "", fmt.Errorf("antigravity userinfo: create request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return "", fmt.Errorf("antigravity userinfo: execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity userinfo: close body error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(io.LimitReader(resp.Body, 8<<10)) - if errRead != nil { - return "", fmt.Errorf("antigravity userinfo: read response: %w", errRead) - } - body := strings.TrimSpace(string(bodyBytes)) - if body == "" { - return "", fmt.Errorf("antigravity userinfo: request failed: status %d", resp.StatusCode) - } - return "", fmt.Errorf("antigravity userinfo: request failed: status %d: %s", resp.StatusCode, body) - } - var info userInfo - if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { - return "", fmt.Errorf("antigravity userinfo: decode response: %w", errDecode) - } - email := strings.TrimSpace(info.Email) - if email == "" { - return "", fmt.Errorf("antigravity userinfo: response missing email") - } - return email, nil -} - -// FetchProjectID retrieves the project ID for the authenticated user via loadCodeAssist -func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string) (string, error) { - loadReqBody := map[string]any{ - "metadata": map[string]string{ - "ideType": "ANTIGRAVITY", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - }, - } - - rawBody, errMarshal := json.Marshal(loadReqBody) - if errMarshal != nil { - return "", fmt.Errorf("marshal request body: %w", errMarshal) - } - - endpointURL := fmt.Sprintf("%s/%s:loadCodeAssist", APIEndpoint, APIVersion) - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody))) - if err != nil { - return "", fmt.Errorf("create request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", APIUserAgent) - req.Header.Set("X-Goog-Api-Client", APIClient) - req.Header.Set("Client-Metadata", ClientMetadata) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return "", fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity loadCodeAssist: close body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", fmt.Errorf("read response: %w", errRead) - } - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var loadResp map[string]any - if errDecode := json.Unmarshal(bodyBytes, &loadResp); errDecode != nil { - return "", fmt.Errorf("decode response: %w", errDecode) - } - - // Extract projectID from response - projectID := "" - if id, ok := loadResp["cloudaicompanionProject"].(string); ok { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, ok := loadResp["cloudaicompanionProject"].(map[string]any); ok { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - - if projectID == "" { - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID, err = o.OnboardUser(ctx, accessToken, tierID) - if err != nil { - return "", err - } - return projectID, nil - } - - return projectID, nil -} - -// OnboardUser attempts to fetch the project ID via onboardUser by polling for completion -func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID string) (string, error) { - log.Infof("Antigravity: onboarding user with tier: %s", tierID) - requestBody := map[string]any{ - "tierId": tierID, - "metadata": map[string]string{ - "ideType": "ANTIGRAVITY", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - }, - } - - rawBody, errMarshal := json.Marshal(requestBody) - if errMarshal != nil { - return "", fmt.Errorf("marshal request body: %w", errMarshal) - } - - maxAttempts := 5 - for attempt := 1; attempt <= maxAttempts; attempt++ { - log.Debugf("Polling attempt %d/%d", attempt, maxAttempts) - - reqCtx := ctx - var cancel context.CancelFunc - if reqCtx == nil { - reqCtx = context.Background() - } - reqCtx, cancel = context.WithTimeout(reqCtx, 30*time.Second) - - endpointURL := fmt.Sprintf("%s/%s:onboardUser", APIEndpoint, APIVersion) - req, errRequest := http.NewRequestWithContext(reqCtx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody))) - if errRequest != nil { - cancel() - return "", fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", APIUserAgent) - req.Header.Set("X-Goog-Api-Client", APIClient) - req.Header.Set("Client-Metadata", ClientMetadata) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - cancel() - return "", fmt.Errorf("execute request: %w", errDo) - } - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("close body error: %v", errClose) - } - cancel() - - if errRead != nil { - return "", fmt.Errorf("read response: %w", errRead) - } - - if resp.StatusCode == http.StatusOK { - var data map[string]any - if errDecode := json.Unmarshal(bodyBytes, &data); errDecode != nil { - return "", fmt.Errorf("decode response: %w", errDecode) - } - - if done, okDone := data["done"].(bool); okDone && done { - projectID := "" - if responseData, okResp := data["response"].(map[string]any); okResp { - switch projectValue := responseData["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - case string: - projectID = strings.TrimSpace(projectValue) - } - } - - if projectID != "" { - log.Infof("Successfully fetched project_id: %s", projectID) - return projectID, nil - } - - return "", fmt.Errorf("no project_id in response") - } - - time.Sleep(2 * time.Second) - continue - } - - responsePreview := strings.TrimSpace(string(bodyBytes)) - if len(responsePreview) > 500 { - responsePreview = responsePreview[:500] - } - - responseErr := responsePreview - if len(responseErr) > 200 { - responseErr = responseErr[:200] - } - return "", fmt.Errorf("http %d: %s", resp.StatusCode, responseErr) - } - - return "", nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/auth_test.go deleted file mode 100644 index daa5de88da..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/auth_test.go +++ /dev/null @@ -1,117 +0,0 @@ -package antigravity - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" -) - -type rewriteTransport struct { - target string - base http.RoundTripper -} - -func (t *rewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return t.base.RoundTrip(newReq) -} - -func TestBuildAuthURL(t *testing.T) { - auth := NewAntigravityAuth(nil, nil) - url := auth.BuildAuthURL("test-state", "http://localhost:8317/callback") - if !strings.Contains(url, "state=test-state") { - t.Errorf("url missing state: %s", url) - } - if !strings.Contains(url, "redirect_uri=http%3A%2F%2Flocalhost%3A8317%2Fcallback") { - t.Errorf("url missing redirect_uri: %s", url) - } -} - -func TestExchangeCodeForTokens(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := TokenResponse{ - AccessToken: "test-access-token", - RefreshToken: "test-refresh-token", - ExpiresIn: 3600, - TokenType: "Bearer", - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewAntigravityAuth(nil, client) - resp, err := auth.ExchangeCodeForTokens(context.Background(), "test-code", "http://localhost/callback") - if err != nil { - t.Fatalf("ExchangeCodeForTokens failed: %v", err) - } - - if resp.AccessToken != "test-access-token" { - t.Errorf("got access token %q, want test-access-token", resp.AccessToken) - } -} - -func TestFetchUserInfo(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(userInfo{Email: "test@example.com"}) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewAntigravityAuth(nil, client) - email, err := auth.FetchUserInfo(context.Background(), "test-token") - if err != nil { - t.Fatalf("FetchUserInfo failed: %v", err) - } - - if email != "test@example.com" { - t.Errorf("got email %q, want test@example.com", email) - } -} - -func TestFetchProjectID(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := map[string]any{ - "cloudaicompanionProject": "test-project-123", - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewAntigravityAuth(nil, client) - projectID, err := auth.FetchProjectID(context.Background(), "test-token") - if err != nil { - t.Fatalf("FetchProjectID failed: %v", err) - } - - if projectID != "test-project-123" { - t.Errorf("got projectID %q, want test-project-123", projectID) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/constants.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/constants.go deleted file mode 100644 index 680c8e3c70..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/constants.go +++ /dev/null @@ -1,34 +0,0 @@ -// Package antigravity provides OAuth2 authentication functionality for the Antigravity provider. -package antigravity - -// OAuth client credentials and configuration -const ( - ClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - ClientSecret = "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" - CallbackPort = 51121 -) - -// Scopes defines the OAuth scopes required for Antigravity authentication -var Scopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", - "https://www.googleapis.com/auth/cclog", - "https://www.googleapis.com/auth/experimentsandconfigs", -} - -// OAuth2 endpoints for Google authentication -const ( - TokenEndpoint = "https://oauth2.googleapis.com/token" - AuthEndpoint = "https://accounts.google.com/o/oauth2/v2/auth" - UserInfoEndpoint = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json" -) - -// Antigravity API configuration -const ( - APIEndpoint = "https://cloudcode-pa.googleapis.com" - APIVersion = "v1internal" - APIUserAgent = "google-api-nodejs-client/9.15.1" - APIClient = "google-cloud-sdk vscode_cloudshelleditor/0.1" - ClientMetadata = `{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI"}` -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/filename.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/filename.go deleted file mode 100644 index 03ad3e2f1a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/antigravity/filename.go +++ /dev/null @@ -1,16 +0,0 @@ -package antigravity - -import ( - "fmt" - "strings" -) - -// CredentialFileName returns the filename used to persist Antigravity credentials. -// It uses the email as a suffix to disambiguate accounts. -func CredentialFileName(email string) string { - email = strings.TrimSpace(email) - if email == "" { - return "antigravity.json" - } - return fmt.Sprintf("antigravity-%s.json", email) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/anthropic.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/anthropic.go deleted file mode 100644 index dcb1b02832..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/anthropic.go +++ /dev/null @@ -1,32 +0,0 @@ -package claude - -// PKCECodes holds PKCE verification codes for OAuth2 PKCE flow -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// ClaudeTokenData holds OAuth token information from Anthropic -type ClaudeTokenData struct { - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // Email is the Anthropic account email - Email string `json:"email"` - // Expire is the timestamp of the token expire - Expire string `json:"expired"` -} - -// ClaudeAuthBundle aggregates authentication data after OAuth flow completion -type ClaudeAuthBundle struct { - // APIKey is the Anthropic API key obtained from token exchange - APIKey string `json:"api_key"` - // TokenData contains the OAuth tokens from the authentication flow - TokenData ClaudeTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/anthropic_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/anthropic_auth.go deleted file mode 100644 index 9cb87cbc18..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/anthropic_auth.go +++ /dev/null @@ -1,356 +0,0 @@ -// Package claude provides OAuth2 authentication functionality for Anthropic's Claude API. -// This package implements the complete OAuth2 flow with PKCE (Proof Key for Code Exchange) -// for secure authentication with Claude API, including token exchange, refresh, and storage. -package claude - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -// OAuth configuration constants for Claude/Anthropic -const ( - AuthURL = "https://claude.ai/oauth/authorize" - TokenURL = "https://console.anthropic.com/v1/oauth/token" - ClientID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e" - RedirectURI = "http://localhost:54545/callback" -) - -// tokenResponse represents the response structure from Anthropic's OAuth token endpoint. -// It contains access token, refresh token, and associated user/organization information. -type tokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - Organization struct { - UUID string `json:"uuid"` - Name string `json:"name"` - } `json:"organization"` - Account struct { - UUID string `json:"uuid"` - EmailAddress string `json:"email_address"` - } `json:"account"` -} - -// ClaudeAuth handles Anthropic OAuth2 authentication flow. -// It provides methods for generating authorization URLs, exchanging codes for tokens, -// and refreshing expired tokens using PKCE for enhanced security. -type ClaudeAuth struct { - httpClient *http.Client -} - -// NewClaudeAuth creates a new Anthropic authentication service. -// It initializes the HTTP client with a custom TLS transport that uses Firefox -// fingerprint to bypass Cloudflare's TLS fingerprinting on Anthropic domains. -// -// Parameters: -// - cfg: The application configuration containing proxy settings -// - httpClient: Optional custom HTTP client for testing -// -// Returns: -// - *ClaudeAuth: A new Claude authentication service instance -func NewClaudeAuth(cfg *config.Config, httpClient *http.Client) *ClaudeAuth { - if httpClient != nil { - return &ClaudeAuth{httpClient: httpClient} - } - if cfg == nil { - cfg = &config.Config{} - } - // Use custom HTTP client with Firefox TLS fingerprint to bypass - // Cloudflare's bot detection on Anthropic domains - return &ClaudeAuth{ - httpClient: NewAnthropicHttpClient(&cfg.SDKConfig), - } -} - -// GenerateAuthURL creates the OAuth authorization URL with PKCE. -// This method generates a secure authorization URL including PKCE challenge codes -// for the OAuth2 flow with Anthropic's API. -// -// Parameters: -// - state: A random state parameter for CSRF protection -// - pkceCodes: The PKCE codes for secure code exchange -// -// Returns: -// - string: The complete authorization URL -// - string: The state parameter for verification -// - error: An error if PKCE codes are missing or URL generation fails -func (o *ClaudeAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string, string, error) { - if pkceCodes == nil { - return "", "", fmt.Errorf("PKCE codes are required") - } - - params := url.Values{ - "code": {"true"}, - "client_id": {ClientID}, - "response_type": {"code"}, - "redirect_uri": {RedirectURI}, - "scope": {"org:create_api_key user:profile user:inference"}, - "code_challenge": {pkceCodes.CodeChallenge}, - "code_challenge_method": {"S256"}, - "state": {state}, - } - - authURL := fmt.Sprintf("%s?%s", AuthURL, params.Encode()) - return authURL, state, nil -} - -// parseCodeAndState extracts the authorization code and state from the callback response. -// It handles the parsing of the code parameter which may contain additional fragments. -// -// Parameters: -// - code: The raw code parameter from the OAuth callback -// -// Returns: -// - parsedCode: The extracted authorization code -// - parsedState: The extracted state parameter if present -func (c *ClaudeAuth) parseCodeAndState(code string) (parsedCode, parsedState string) { - splits := strings.Split(code, "#") - parsedCode = splits[0] - if len(splits) > 1 { - parsedState = splits[1] - } - return -} - -// ExchangeCodeForTokens exchanges authorization code for access tokens. -// This method implements the OAuth2 token exchange flow using PKCE for security. -// It sends the authorization code along with PKCE verifier to get access and refresh tokens. -// -// Parameters: -// - ctx: The context for the request -// - code: The authorization code received from OAuth callback -// - state: The state parameter for verification -// - pkceCodes: The PKCE codes for secure verification -// -// Returns: -// - *ClaudeAuthBundle: The complete authentication bundle with tokens -// - error: An error if token exchange fails -func (o *ClaudeAuth) ExchangeCodeForTokens(ctx context.Context, code, state string, pkceCodes *PKCECodes) (*ClaudeAuthBundle, error) { - if pkceCodes == nil { - return nil, fmt.Errorf("PKCE codes are required for token exchange") - } - newCode, newState := o.parseCodeAndState(code) - - // Prepare token exchange request - reqBody := map[string]interface{}{ - "code": newCode, - "state": state, - "grant_type": "authorization_code", - "client_id": ClientID, - "redirect_uri": RedirectURI, - "code_verifier": pkceCodes.CodeVerifier, - } - - // Include state if present - if newState != "" { - reqBody["state"] = newState - } - - jsonBody, err := json.Marshal(reqBody) - if err != nil { - return nil, fmt.Errorf("failed to marshal request body: %w", err) - } - - // log.Debugf("Token exchange request: %s", string(jsonBody)) - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token exchange request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("failed to close response body: %v", errClose) - } - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - // log.Debugf("Token response: %s", string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token exchange failed with status %d: %s", resp.StatusCode, string(body)) - } - // log.Debugf("Token response: %s", string(body)) - - var tokenResp tokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Create token data - tokenData := ClaudeTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - Email: tokenResp.Account.EmailAddress, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - // Create auth bundle - bundle := &ClaudeAuthBundle{ - TokenData: tokenData, - LastRefresh: time.Now().Format(time.RFC3339), - } - - return bundle, nil -} - -// RefreshTokens refreshes the access token using the refresh token. -// This method exchanges a valid refresh token for a new access token, -// extending the user's authenticated session. -// -// Parameters: -// - ctx: The context for the request -// - refreshToken: The refresh token to use for getting new access token -// -// Returns: -// - *ClaudeTokenData: The new token data with updated access token -// - error: An error if token refresh fails -func (o *ClaudeAuth) RefreshTokens(ctx context.Context, refreshToken string) (*ClaudeTokenData, error) { - if refreshToken == "" { - return nil, fmt.Errorf("refresh token is required") - } - - reqBody := map[string]interface{}{ - "client_id": ClientID, - "grant_type": "refresh_token", - "refresh_token": refreshToken, - } - - jsonBody, err := json.Marshal(reqBody) - if err != nil { - return nil, fmt.Errorf("failed to marshal request body: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token refresh failed with status %d: %s", resp.StatusCode, string(body)) - } - - // log.Debugf("Token response: %s", string(body)) - - var tokenResp tokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Create token data - return &ClaudeTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - Email: tokenResp.Account.EmailAddress, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// CreateTokenStorage creates a new ClaudeTokenStorage from auth bundle and user info. -// This method converts the authentication bundle into a token storage structure -// suitable for persistence and later use. -// -// Parameters: -// - bundle: The authentication bundle containing token data -// -// Returns: -// - *ClaudeTokenStorage: A new token storage instance -func (o *ClaudeAuth) CreateTokenStorage(bundle *ClaudeAuthBundle) *ClaudeTokenStorage { - storage := &ClaudeTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - LastRefresh: bundle.LastRefresh, - Email: bundle.TokenData.Email, - Expire: bundle.TokenData.Expire, - } - - return storage -} - -// RefreshTokensWithRetry refreshes tokens with automatic retry logic. -// This method implements exponential backoff retry logic for token refresh operations, -// providing resilience against temporary network or service issues. -// -// Parameters: -// - ctx: The context for the request -// - refreshToken: The refresh token to use -// - maxRetries: The maximum number of retry attempts -// -// Returns: -// - *ClaudeTokenData: The refreshed token data -// - error: An error if all retry attempts fail -func (o *ClaudeAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*ClaudeTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// UpdateTokenStorage updates an existing token storage with new token data. -// This method refreshes the token storage with newly obtained access and refresh tokens, -// updating timestamps and expiration information. -// -// Parameters: -// - storage: The existing token storage to update -// - tokenData: The new token data to apply -func (o *ClaudeAuth) UpdateTokenStorage(storage *ClaudeTokenStorage, tokenData *ClaudeTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Email = tokenData.Email - storage.Expire = tokenData.Expire -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/claude_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/claude_auth_test.go deleted file mode 100644 index 2ca5f3f553..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/claude_auth_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package claude - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" -) - -type rewriteTransport struct { - target string - base http.RoundTripper -} - -func (t *rewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return t.base.RoundTrip(newReq) -} - -func TestGenerateAuthURL(t *testing.T) { - auth := NewClaudeAuth(nil, nil) - pkce := &PKCECodes{CodeChallenge: "challenge"} - url, state, err := auth.GenerateAuthURL("test-state", pkce) - if err != nil { - t.Fatalf("GenerateAuthURL failed: %v", err) - } - if state != "test-state" { - t.Errorf("got state %q, want test-state", state) - } - if !strings.Contains(url, "code_challenge=challenge") { - t.Errorf("url missing challenge: %s", url) - } -} - -func TestExchangeCodeForTokens(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := tokenResponse{ - AccessToken: "test-access", - RefreshToken: "test-refresh", - ExpiresIn: 3600, - } - resp.Account.EmailAddress = "test@example.com" - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewClaudeAuth(nil, client) - pkce := &PKCECodes{CodeVerifier: "verifier"} - resp, err := auth.ExchangeCodeForTokens(context.Background(), "code", "state", pkce) - if err != nil { - t.Fatalf("ExchangeCodeForTokens failed: %v", err) - } - - if resp.TokenData.AccessToken != "test-access" { - t.Errorf("got access token %q, want test-access", resp.TokenData.AccessToken) - } - if resp.TokenData.Email != "test@example.com" { - t.Errorf("got email %q, want test@example.com", resp.TokenData.Email) - } -} - -func TestRefreshTokens(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := tokenResponse{ - AccessToken: "new-access", - RefreshToken: "new-refresh", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewClaudeAuth(nil, client) - resp, err := auth.RefreshTokens(context.Background(), "old-refresh") - if err != nil { - t.Fatalf("RefreshTokens failed: %v", err) - } - - if resp.AccessToken != "new-access" { - t.Errorf("got access token %q, want new-access", resp.AccessToken) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/errors.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/errors.go deleted file mode 100644 index 3585209a8a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/errors.go +++ /dev/null @@ -1,167 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Common authentication error types. -var ( - // ErrTokenExpired = &AuthenticationError{ - // Type: "token_expired", - // Message: "Access token has expired", - // Code: http.StatusUnauthorized, - // } - - // ErrInvalidState represents an error for invalid OAuth state parameter. - ErrInvalidState = &AuthenticationError{ - Type: "invalid_state", - Message: "OAuth state parameter is invalid", - Code: http.StatusBadRequest, - } - - // ErrCodeExchangeFailed represents an error when exchanging authorization code for tokens fails. - ErrCodeExchangeFailed = &AuthenticationError{ - Type: "code_exchange_failed", - Message: "Failed to exchange authorization code for tokens", - Code: http.StatusBadRequest, - } - - // ErrServerStartFailed represents an error when starting the OAuth callback server fails. - ErrServerStartFailed = &AuthenticationError{ - Type: "server_start_failed", - Message: "Failed to start OAuth callback server", - Code: http.StatusInternalServerError, - } - - // ErrPortInUse represents an error when the OAuth callback port is already in use. - ErrPortInUse = &AuthenticationError{ - Type: "port_in_use", - Message: "OAuth callback port is already in use", - Code: 13, // Special exit code for port-in-use - } - - // ErrCallbackTimeout represents an error when waiting for OAuth callback times out. - ErrCallbackTimeout = &AuthenticationError{ - Type: "callback_timeout", - Message: "Timeout waiting for OAuth callback", - Code: http.StatusRequestTimeout, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - switch { - case IsAuthenticationError(err): - var authErr *AuthenticationError - errors.As(err, &authErr) - switch authErr.Type { - case "token_expired": - return "Your authentication has expired. Please log in again." - case "token_invalid": - return "Your authentication is invalid. Please log in again." - case "authentication_required": - return "Please log in to continue." - case "port_in_use": - return "The required port is already in use. Please close any applications using port 3000 and try again." - case "callback_timeout": - return "Authentication timed out. Please try again." - case "browser_open_failed": - return "Could not open your browser automatically. Please copy and paste the URL manually." - default: - return "Authentication failed. Please try again." - } - case IsOAuthError(err): - var oauthErr *OAuthError - errors.As(err, &oauthErr) - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "Authentication server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - default: - return "An unexpected error occurred. Please try again." - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/html_templates.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/html_templates.go deleted file mode 100644 index 1ec7682363..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/html_templates.go +++ /dev/null @@ -1,218 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -// LoginSuccessHtml is the HTML template displayed to users after successful OAuth authentication. -// This template provides a user-friendly success page with options to close the window -// or navigate to the Claude platform. It includes automatic window closing functionality -// and keyboard accessibility features. -const LoginSuccessHtml = ` - - - - - Authentication Successful - Claude - - - - -
-
-

Authentication Successful!

-

You have successfully authenticated with Claude. You can now close this window and return to your terminal to continue.

- - {{SETUP_NOTICE}} - -
- - - Open Platform - - -
- -
- This window will close automatically in 10 seconds -
- -
-

Powered by ChatGPT

-
-
- - - -` - -// SetupNoticeHtml is the HTML template for the setup notice section. -// This template is embedded within the success page to inform users about -// additional setup steps required to complete their Claude account configuration. -const SetupNoticeHtml = ` -
-

Additional Setup Required

-

To complete your setup, please visit the Claude to configure your account.

-
` diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/oauth_server_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/oauth_server_test.go deleted file mode 100644 index 6ab6c0652b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/oauth_server_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package claude - -import ( - "strings" - "testing" -) - -func TestIsValidURL(t *testing.T) { - tests := []struct { - name string - url string - want bool - }{ - {name: "valid https", url: "https://console.anthropic.com/", want: true}, - {name: "valid http", url: "http://localhost:3000/callback", want: true}, - {name: "missing host", url: "https:///path-only", want: false}, - {name: "relative url", url: "/local/path", want: false}, - {name: "javascript url", url: "javascript:alert(1)", want: false}, - {name: "data url", url: "data:text/html,", want: false}, - {name: "empty", url: " ", want: false}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := isValidURL(tt.url); got != tt.want { - t.Fatalf("isValidURL(%q) = %v, want %v", tt.url, got, tt.want) - } - }) - } -} - -func TestGenerateSuccessHTMLEscapesPlatformURL(t *testing.T) { - server := NewOAuthServer(9999) - malicious := `https://console.anthropic.com/" onclick="alert('xss')` - - rendered := server.generateSuccessHTML(true, malicious) - - if strings.Contains(rendered, malicious) { - t.Fatalf("rendered html contains unescaped platform URL") - } - if strings.Contains(rendered, `onclick="alert('xss')`) { - t.Fatalf("rendered html contains unescaped injected attribute") - } - if !strings.Contains(rendered, `https://console.anthropic.com/" onclick="alert('xss')`) { - t.Fatalf("rendered html does not contain expected escaped URL") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/pkce.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/pkce.go deleted file mode 100644 index 98d40202b7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/pkce.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "fmt" -) - -// GeneratePKCECodes generates a PKCE code verifier and challenge pair -// following RFC 7636 specifications for OAuth 2.0 PKCE extension. -// This provides additional security for the OAuth flow by ensuring that -// only the client that initiated the request can exchange the authorization code. -// -// Returns: -// - *PKCECodes: A struct containing the code verifier and challenge -// - error: An error if the generation fails, nil otherwise -func GeneratePKCECodes() (*PKCECodes, error) { - // Generate code verifier: 43-128 characters, URL-safe - codeVerifier, err := generateCodeVerifier() - if err != nil { - return nil, fmt.Errorf("failed to generate code verifier: %w", err) - } - - // Generate code challenge using S256 method - codeChallenge := generateCodeChallenge(codeVerifier) - - return &PKCECodes{ - CodeVerifier: codeVerifier, - CodeChallenge: codeChallenge, - }, nil -} - -// generateCodeVerifier creates a cryptographically random string -// of 128 characters using URL-safe base64 encoding -func generateCodeVerifier() (string, error) { - // Generate 96 random bytes (will result in 128 base64 characters) - bytes := make([]byte, 96) - _, err := rand.Read(bytes) - if err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - - // Encode to URL-safe base64 without padding - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a SHA256 hash of the code verifier -// and encodes it using URL-safe base64 encoding without padding -func generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/token.go deleted file mode 100644 index b3f590a09c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/token.go +++ /dev/null @@ -1,103 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -func sanitizeTokenFilePath(authFilePath string) (string, error) { - trimmed := strings.TrimSpace(authFilePath) - if trimmed == "" { - return "", fmt.Errorf("token file path is empty") - } - cleaned := filepath.Clean(trimmed) - parts := strings.FieldsFunc(cleaned, func(r rune) bool { - return r == '/' || r == '\\' - }) - for _, part := range parts { - if part == ".." { - return "", fmt.Errorf("invalid token file path") - } - } - absPath, err := filepath.Abs(cleaned) - if err != nil { - return "", fmt.Errorf("failed to resolve token file path: %w", err) - } - return absPath, nil -} - -// ClaudeTokenStorage stores OAuth2 token information for Anthropic Claude API authentication. -// It maintains compatibility with the existing auth system while adding Claude-specific fields -// for managing access tokens, refresh tokens, and user account information. -type ClaudeTokenStorage struct { - // IDToken is the JWT ID token containing user claims and identity information. - IDToken string `json:"id_token"` - - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - - // Email is the Anthropic account email address associated with this token. - Email string `json:"email"` - - // Type indicates the authentication provider type, always "claude" for this storage. - Type string `json:"type"` - - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` -} - -// SaveTokenToFile serializes the Claude token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *ClaudeTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "claude" - safePath, err = sanitizeTokenFilePath(authFilePath) - if err != nil { - return err - } - - // Create directory structure if it doesn't exist - if err = os.MkdirAll(filepath.Dir(safePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - // Create the token file - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - // Encode and write the token data as JSON - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/token_test.go deleted file mode 100644 index c7ae86845e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/token_test.go +++ /dev/null @@ -1,10 +0,0 @@ -package claude - -import "testing" - -func TestClaudeTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &ClaudeTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../claude-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/utls_transport.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/utls_transport.go deleted file mode 100644 index 9ac1975219..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/utls_transport.go +++ /dev/null @@ -1,165 +0,0 @@ -// Package claude provides authentication functionality for Anthropic's Claude API. -// This file implements a custom HTTP transport using utls to bypass TLS fingerprinting. -package claude - -import ( - "net/http" - "net/url" - "strings" - "sync" - - tls "github.com/refraction-networking/utls" - pkgconfig "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" - "golang.org/x/net/http2" - "golang.org/x/net/proxy" -) - -// utlsRoundTripper implements http.RoundTripper using utls with Firefox fingerprint -// to bypass Cloudflare's TLS fingerprinting on Anthropic domains. -type utlsRoundTripper struct { - // mu protects the connections map and pending map - mu sync.Mutex - // connections caches HTTP/2 client connections per host - connections map[string]*http2.ClientConn - // pending tracks hosts that are currently being connected to (prevents race condition) - pending map[string]*sync.Cond - // dialer is used to create network connections, supporting proxies - dialer proxy.Dialer -} - -// newUtlsRoundTripper creates a new utls-based round tripper with optional proxy support -func newUtlsRoundTripper(cfg *pkgconfig.SDKConfig) *utlsRoundTripper { - var dialer proxy.Dialer = proxy.Direct - if cfg != nil && cfg.ProxyURL != "" { - proxyURL, err := url.Parse(cfg.ProxyURL) - if err != nil { - log.Errorf("failed to parse proxy URL %q: %v", cfg.ProxyURL, err) - } else { - pDialer, err := proxy.FromURL(proxyURL, proxy.Direct) - if err != nil { - log.Errorf("failed to create proxy dialer for %q: %v", cfg.ProxyURL, err) - } else { - dialer = pDialer - } - } - } - - return &utlsRoundTripper{ - connections: make(map[string]*http2.ClientConn), - pending: make(map[string]*sync.Cond), - dialer: dialer, - } -} - -// getOrCreateConnection gets an existing connection or creates a new one. -// It uses a per-host locking mechanism to prevent multiple goroutines from -// creating connections to the same host simultaneously. -func (t *utlsRoundTripper) getOrCreateConnection(host, addr string) (*http2.ClientConn, error) { - t.mu.Lock() - - // Check if connection exists and is usable - if h2Conn, ok := t.connections[host]; ok && h2Conn.CanTakeNewRequest() { - t.mu.Unlock() - return h2Conn, nil - } - - // Check if another goroutine is already creating a connection - if cond, ok := t.pending[host]; ok { - // Wait for the other goroutine to finish - cond.Wait() - // Check if connection is now available - if h2Conn, ok := t.connections[host]; ok && h2Conn.CanTakeNewRequest() { - t.mu.Unlock() - return h2Conn, nil - } - // Connection still not available, we'll create one - } - - // Mark this host as pending - cond := sync.NewCond(&t.mu) - t.pending[host] = cond - t.mu.Unlock() - - // Create connection outside the lock - h2Conn, err := t.createConnection(host, addr) - - t.mu.Lock() - defer t.mu.Unlock() - - // Remove pending marker and wake up waiting goroutines - delete(t.pending, host) - cond.Broadcast() - - if err != nil { - return nil, err - } - - // Store the new connection - t.connections[host] = h2Conn - return h2Conn, nil -} - -// createConnection creates a new HTTP/2 connection with Firefox TLS fingerprint -func (t *utlsRoundTripper) createConnection(host, addr string) (*http2.ClientConn, error) { - conn, err := t.dialer.Dial("tcp", addr) - if err != nil { - return nil, err - } - - tlsConfig := &tls.Config{ServerName: host} - tlsConn := tls.UClient(conn, tlsConfig, tls.HelloFirefox_Auto) - - if err := tlsConn.Handshake(); err != nil { - _ = conn.Close() - return nil, err - } - - tr := &http2.Transport{} - h2Conn, err := tr.NewClientConn(tlsConn) - if err != nil { - _ = tlsConn.Close() - return nil, err - } - - return h2Conn, nil -} - -// RoundTrip implements http.RoundTripper -func (t *utlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - host := req.URL.Host - addr := host - if !strings.Contains(addr, ":") { - addr += ":443" - } - - // Get hostname without port for TLS ServerName - hostname := req.URL.Hostname() - - h2Conn, err := t.getOrCreateConnection(hostname, addr) - if err != nil { - return nil, err - } - - resp, err := h2Conn.RoundTrip(req) - if err != nil { - // Connection failed, remove it from cache - t.mu.Lock() - if cached, ok := t.connections[hostname]; ok && cached == h2Conn { - delete(t.connections, hostname) - } - t.mu.Unlock() - return nil, err - } - - return resp, nil -} - -// NewAnthropicHttpClient creates an HTTP client that bypasses TLS fingerprinting -// for Anthropic domains by using utls with Firefox fingerprint. -// It accepts optional SDK configuration for proxy settings. -func NewAnthropicHttpClient(cfg *pkgconfig.SDKConfig) *http.Client { - return &http.Client{ - Transport: newUtlsRoundTripper(cfg), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/cooldown.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/cooldown.go deleted file mode 100644 index ec63324f90..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/cooldown.go +++ /dev/null @@ -1,157 +0,0 @@ -package codex - -import ( - "sync" - "time" -) - -const ( - CooldownReason429 = "usage_limit_reached" - CooldownReasonSuspended = "account_suspended" - CooldownReasonQuotaExhausted = "quota_exhausted" - - DefaultShortCooldown = 1 * time.Minute - MaxShortCooldown = 5 * time.Minute - LongCooldown = 24 * time.Hour -) - -var ( - globalCooldownManager *CooldownManager - globalCooldownManagerOnce sync.Once - cooldownStopCh chan struct{} -) - -// CooldownManager tracks cooldown state for Codex auth tokens. -type CooldownManager struct { - mu sync.RWMutex - cooldowns map[string]time.Time - reasons map[string]string -} - -// GetGlobalCooldownManager returns the singleton CooldownManager instance. -func GetGlobalCooldownManager() *CooldownManager { - globalCooldownManagerOnce.Do(func() { - globalCooldownManager = NewCooldownManager() - cooldownStopCh = make(chan struct{}) - go globalCooldownManager.StartCleanupRoutine(5*time.Minute, cooldownStopCh) - }) - return globalCooldownManager -} - -// ShutdownCooldownManager stops the cooldown cleanup routine. -func ShutdownCooldownManager() { - if cooldownStopCh != nil { - close(cooldownStopCh) - } -} - -// NewCooldownManager creates a new CooldownManager. -func NewCooldownManager() *CooldownManager { - return &CooldownManager{ - cooldowns: make(map[string]time.Time), - reasons: make(map[string]string), - } -} - -// SetCooldown sets a cooldown for the given token key. -func (cm *CooldownManager) SetCooldown(tokenKey string, duration time.Duration, reason string) { - cm.mu.Lock() - defer cm.mu.Unlock() - cm.cooldowns[tokenKey] = time.Now().Add(duration) - cm.reasons[tokenKey] = reason -} - -// IsInCooldown checks if the token is currently in cooldown. -func (cm *CooldownManager) IsInCooldown(tokenKey string) bool { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return false - } - return time.Now().Before(endTime) -} - -// GetRemainingCooldown returns the remaining cooldown duration for the token. -func (cm *CooldownManager) GetRemainingCooldown(tokenKey string) time.Duration { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return 0 - } - remaining := time.Until(endTime) - if remaining < 0 { - return 0 - } - return remaining -} - -// GetCooldownReason returns the reason for the cooldown. -func (cm *CooldownManager) GetCooldownReason(tokenKey string) string { - cm.mu.RLock() - defer cm.mu.RUnlock() - return cm.reasons[tokenKey] -} - -// ClearCooldown clears the cooldown for the given token. -func (cm *CooldownManager) ClearCooldown(tokenKey string) { - cm.mu.Lock() - defer cm.mu.Unlock() - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) -} - -// CleanupExpired removes expired cooldowns. -func (cm *CooldownManager) CleanupExpired() { - cm.mu.Lock() - defer cm.mu.Unlock() - now := time.Now() - for tokenKey, endTime := range cm.cooldowns { - if now.After(endTime) { - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) - } - } -} - -// StartCleanupRoutine starts a periodic cleanup of expired cooldowns. -func (cm *CooldownManager) StartCleanupRoutine(interval time.Duration, stopCh <-chan struct{}) { - ticker := time.NewTicker(interval) - defer ticker.Stop() - for { - select { - case <-ticker.C: - cm.CleanupExpired() - case <-stopCh: - return - } - } -} - -// CalculateCooldownFor429 calculates the cooldown duration for a 429 error. -// If resetDuration is provided (from resets_at/resets_in_seconds), it uses that. -// Otherwise, it uses exponential backoff. -func CalculateCooldownFor429(retryCount int, resetDuration time.Duration) time.Duration { - // If we have an explicit reset duration from the server, use it - if resetDuration > 0 { - // Cap at 24 hours to prevent excessive cooldowns - if resetDuration > LongCooldown { - return LongCooldown - } - return resetDuration - } - // Otherwise use exponential backoff - duration := DefaultShortCooldown * time.Duration(1< MaxShortCooldown { - return MaxShortCooldown - } - return duration -} - -// CalculateCooldownUntilNextDay calculates the duration until midnight. -func CalculateCooldownUntilNextDay() time.Duration { - now := time.Now() - nextDay := time.Date(now.Year(), now.Month(), now.Day()+1, 0, 0, 0, 0, now.Location()) - return time.Until(nextDay) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/cooldown_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/cooldown_test.go deleted file mode 100644 index c204235233..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/cooldown_test.go +++ /dev/null @@ -1,162 +0,0 @@ -package codex - -import ( - "sync" - "testing" - "time" -) - -func TestCooldownManager_SetCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - - if !cm.IsInCooldown("token1") { - t.Error("expected token1 to be in cooldown") - } - - if cm.GetCooldownReason("token1") != CooldownReason429 { - t.Errorf("expected reason %s, got %s", CooldownReason429, cm.GetCooldownReason("token1")) - } -} - -func TestCooldownManager_NotInCooldown(t *testing.T) { - cm := NewCooldownManager() - - if cm.IsInCooldown("nonexistent") { - t.Error("expected nonexistent token to not be in cooldown") - } -} - -func TestCooldownManager_ClearCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - cm.ClearCooldown("token1") - - if cm.IsInCooldown("token1") { - t.Error("expected token1 to not be in cooldown after clear") - } -} - -func TestCooldownManager_GetRemainingCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Second, CooldownReason429) - - remaining := cm.GetRemainingCooldown("token1") - if remaining <= 0 || remaining > 1*time.Second { - t.Errorf("expected remaining cooldown between 0 and 1s, got %v", remaining) - } -} - -func TestCooldownManager_CleanupExpired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("expired1", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("expired2", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("active", 1*time.Hour, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - cm.CleanupExpired() - - if cm.IsInCooldown("expired1") { - t.Error("expected expired1 to be cleaned up") - } - if cm.IsInCooldown("expired2") { - t.Error("expected expired2 to be cleaned up") - } - if !cm.IsInCooldown("active") { - t.Error("expected active to still be in cooldown") - } -} - -func TestCalculateCooldownFor429_WithResetDuration(t *testing.T) { - tests := []struct { - name string - retryCount int - resetDuration time.Duration - expected time.Duration - }{ - { - name: "reset duration provided", - retryCount: 0, - resetDuration: 10 * time.Minute, - expected: 10 * time.Minute, - }, - { - name: "reset duration caps at 24h", - retryCount: 0, - resetDuration: 48 * time.Hour, - expected: LongCooldown, - }, - { - name: "no reset duration, first retry", - retryCount: 0, - resetDuration: 0, - expected: DefaultShortCooldown, - }, - { - name: "no reset duration, second retry", - retryCount: 1, - resetDuration: 0, - expected: 2 * time.Minute, - }, - { - name: "no reset duration, caps at max", - retryCount: 10, - resetDuration: 0, - expected: MaxShortCooldown, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := CalculateCooldownFor429(tt.retryCount, tt.resetDuration) - if result != tt.expected { - t.Errorf("expected %v, got %v", tt.expected, result) - } - }) - } -} - -func TestCooldownReasonConstants(t *testing.T) { - if CooldownReason429 != "usage_limit_reached" { - t.Errorf("unexpected CooldownReason429: %s", CooldownReason429) - } - if CooldownReasonSuspended != "account_suspended" { - t.Errorf("unexpected CooldownReasonSuspended: %s", CooldownReasonSuspended) - } -} - -func TestCooldownManager_Concurrent(t *testing.T) { - cm := NewCooldownManager() - var wg sync.WaitGroup - - for i := 0; i < 100; i++ { - wg.Add(2) - go func(idx int) { - defer wg.Done() - tokenKey := string(rune('a' + idx%26)) - cm.SetCooldown(tokenKey, time.Duration(idx)*time.Millisecond, CooldownReason429) - }(i) - go func(idx int) { - defer wg.Done() - tokenKey := string(rune('a' + idx%26)) - _ = cm.IsInCooldown(tokenKey) - }(i) - } - - wg.Wait() -} - -func TestCooldownManager_SetCooldown_OverwritesPrevious(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Hour, CooldownReason429) - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - remaining := cm.GetRemainingCooldown("token1") - if remaining > 1*time.Minute { - t.Errorf("expected cooldown to be overwritten to 1 minute, got %v remaining", remaining) - } - - if cm.GetCooldownReason("token1") != CooldownReasonSuspended { - t.Errorf("expected reason to be updated to %s", CooldownReasonSuspended) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/errors.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/errors.go deleted file mode 100644 index d8065f7a0a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/errors.go +++ /dev/null @@ -1,171 +0,0 @@ -package codex - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Common authentication error types. -var ( - // ErrTokenExpired = &AuthenticationError{ - // Type: "token_expired", - // Message: "Access token has expired", - // Code: http.StatusUnauthorized, - // } - - // ErrInvalidState represents an error for invalid OAuth state parameter. - ErrInvalidState = &AuthenticationError{ - Type: "invalid_state", - Message: "OAuth state parameter is invalid", - Code: http.StatusBadRequest, - } - - // ErrCodeExchangeFailed represents an error when exchanging authorization code for tokens fails. - ErrCodeExchangeFailed = &AuthenticationError{ - Type: "code_exchange_failed", - Message: "Failed to exchange authorization code for tokens", - Code: http.StatusBadRequest, - } - - // ErrServerStartFailed represents an error when starting the OAuth callback server fails. - ErrServerStartFailed = &AuthenticationError{ - Type: "server_start_failed", - Message: "Failed to start OAuth callback server", - Code: http.StatusInternalServerError, - } - - // ErrPortInUse represents an error when the OAuth callback port is already in use. - ErrPortInUse = &AuthenticationError{ - Type: "port_in_use", - Message: "OAuth callback port is already in use", - Code: 13, // Special exit code for port-in-use - } - - // ErrCallbackTimeout represents an error when waiting for OAuth callback times out. - ErrCallbackTimeout = &AuthenticationError{ - Type: "callback_timeout", - Message: "Timeout waiting for OAuth callback", - Code: http.StatusRequestTimeout, - } - - // ErrBrowserOpenFailed represents an error when opening the browser for authentication fails. - ErrBrowserOpenFailed = &AuthenticationError{ - Type: "browser_open_failed", - Message: "Failed to open browser for authentication", - Code: http.StatusInternalServerError, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - switch { - case IsAuthenticationError(err): - var authErr *AuthenticationError - errors.As(err, &authErr) - switch authErr.Type { - case "token_expired": - return "Your authentication has expired. Please log in again." - case "token_invalid": - return "Your authentication is invalid. Please log in again." - case "authentication_required": - return "Please log in to continue." - case "port_in_use": - return "The required port is already in use. Please close any applications using port 3000 and try again." - case "callback_timeout": - return "Authentication timed out. Please try again." - case "browser_open_failed": - return "Could not open your browser automatically. Please copy and paste the URL manually." - default: - return "Authentication failed. Please try again." - } - case IsOAuthError(err): - var oauthErr *OAuthError - errors.As(err, &oauthErr) - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "Authentication server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - default: - return "An unexpected error occurred. Please try again." - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/errors_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/errors_test.go deleted file mode 100644 index 3260b448a4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/errors_test.go +++ /dev/null @@ -1,108 +0,0 @@ -package codex - -import ( - "errors" - "testing" -) - -func TestOAuthError_Error(t *testing.T) { - err := &OAuthError{ - Code: "invalid_request", - Description: "The request is missing a required parameter", - } - expected := "OAuth error invalid_request: The request is missing a required parameter" - if err.Error() != expected { - t.Errorf("expected %s, got %s", expected, err.Error()) - } - - errNoDesc := &OAuthError{Code: "server_error"} - expectedNoDesc := "OAuth error: server_error" - if errNoDesc.Error() != expectedNoDesc { - t.Errorf("expected %s, got %s", expectedNoDesc, errNoDesc.Error()) - } -} - -func TestNewOAuthError(t *testing.T) { - err := NewOAuthError("code", "desc", 400) - if err.Code != "code" || err.Description != "desc" || err.StatusCode != 400 { - t.Errorf("NewOAuthError failed: %+v", err) - } -} - -func TestAuthenticationError_Error(t *testing.T) { - err := &AuthenticationError{ - Type: "type", - Message: "msg", - } - expected := "type: msg" - if err.Error() != expected { - t.Errorf("expected %s, got %s", expected, err.Error()) - } - - cause := errors.New("underlying") - errWithCause := &AuthenticationError{ - Type: "type", - Message: "msg", - Cause: cause, - } - expectedWithCause := "type: msg (caused by: underlying)" - if errWithCause.Error() != expectedWithCause { - t.Errorf("expected %s, got %s", expectedWithCause, errWithCause.Error()) - } -} - -func TestNewAuthenticationError(t *testing.T) { - base := &AuthenticationError{Type: "base", Message: "msg", Code: 400} - cause := errors.New("cause") - err := NewAuthenticationError(base, cause) - if err.Type != "base" || err.Message != "msg" || err.Code != 400 || err.Cause != cause { - t.Errorf("NewAuthenticationError failed: %+v", err) - } -} - -func TestIsAuthenticationError(t *testing.T) { - authErr := &AuthenticationError{} - if !IsAuthenticationError(authErr) { - t.Error("expected true for AuthenticationError") - } - if IsAuthenticationError(errors.New("other")) { - t.Error("expected false for other error") - } -} - -func TestIsOAuthError(t *testing.T) { - oauthErr := &OAuthError{} - if !IsOAuthError(oauthErr) { - t.Error("expected true for OAuthError") - } - if IsOAuthError(errors.New("other")) { - t.Error("expected false for other error") - } -} - -func TestGetUserFriendlyMessage(t *testing.T) { - cases := []struct { - err error - want string - }{ - {&AuthenticationError{Type: "token_expired"}, "Your authentication has expired. Please log in again."}, - {&AuthenticationError{Type: "token_invalid"}, "Your authentication is invalid. Please log in again."}, - {&AuthenticationError{Type: "authentication_required"}, "Please log in to continue."}, - {&AuthenticationError{Type: "port_in_use"}, "The required port is already in use. Please close any applications using port 3000 and try again."}, - {&AuthenticationError{Type: "callback_timeout"}, "Authentication timed out. Please try again."}, - {&AuthenticationError{Type: "browser_open_failed"}, "Could not open your browser automatically. Please copy and paste the URL manually."}, - {&AuthenticationError{Type: "unknown"}, "Authentication failed. Please try again."}, - {&OAuthError{Code: "access_denied"}, "Authentication was cancelled or denied."}, - {&OAuthError{Code: "invalid_request"}, "Invalid authentication request. Please try again."}, - {&OAuthError{Code: "server_error"}, "Authentication server error. Please try again later."}, - {&OAuthError{Code: "other", Description: "desc"}, "Authentication failed: desc"}, - {errors.New("random"), "An unexpected error occurred. Please try again."}, - } - - for _, tc := range cases { - got := GetUserFriendlyMessage(tc.err) - if got != tc.want { - t.Errorf("GetUserFriendlyMessage(%v) = %q, want %q", tc.err, got, tc.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/filename.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/filename.go deleted file mode 100644 index 93f42b314f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/filename.go +++ /dev/null @@ -1,48 +0,0 @@ -package codex - -import ( - "fmt" - "strings" - "unicode" -) - -// CredentialFileName returns the filename used to persist Codex OAuth credentials. -// When planType is available (e.g. "plus", "team"), it is appended after the email -// as a suffix to disambiguate subscriptions. -func CredentialFileName(email, planType, hashAccountID string, includeProviderPrefix bool) string { - email = strings.TrimSpace(email) - plan := normalizePlanTypeForFilename(planType) - - prefix := "" - if includeProviderPrefix { - prefix = "codex" - } - - switch plan { - case "": - return fmt.Sprintf("%s-%s.json", prefix, email) - case "team": - return fmt.Sprintf("%s-%s-%s-%s.json", prefix, hashAccountID, email, plan) - default: - return fmt.Sprintf("%s-%s-%s.json", prefix, email, plan) - } -} - -func normalizePlanTypeForFilename(planType string) string { - planType = strings.TrimSpace(planType) - if planType == "" { - return "" - } - - parts := strings.FieldsFunc(planType, func(r rune) bool { - return !unicode.IsLetter(r) && !unicode.IsDigit(r) - }) - if len(parts) == 0 { - return "" - } - - for i, part := range parts { - parts[i] = strings.ToLower(strings.TrimSpace(part)) - } - return strings.Join(parts, "-") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/filename_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/filename_test.go deleted file mode 100644 index 4f5b29886a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/filename_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package codex - -import ( - "testing" -) - -func TestCredentialFileName(t *testing.T) { - cases := []struct { - email string - plan string - hashID string - prefix bool - want string - }{ - {"test@example.com", "", "", false, "-test@example.com.json"}, - {"test@example.com", "", "", true, "codex-test@example.com.json"}, - {"test@example.com", "plus", "", true, "codex-test@example.com-plus.json"}, - {"test@example.com", "team", "123", true, "codex-123-test@example.com-team.json"}, - } - for _, tc := range cases { - got := CredentialFileName(tc.email, tc.plan, tc.hashID, tc.prefix) - if got != tc.want { - t.Errorf("CredentialFileName(%q, %q, %q, %v) = %q, want %q", tc.email, tc.plan, tc.hashID, tc.prefix, got, tc.want) - } - } -} - -func TestNormalizePlanTypeForFilename(t *testing.T) { - cases := []struct { - plan string - want string - }{ - {"", ""}, - {"Plus", "plus"}, - {"Team Subscription", "team-subscription"}, - {"!!!", ""}, - } - for _, tc := range cases { - got := normalizePlanTypeForFilename(tc.plan) - if got != tc.want { - t.Errorf("normalizePlanTypeForFilename(%q) = %q, want %q", tc.plan, got, tc.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/html_templates.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/html_templates.go deleted file mode 100644 index 054a166ee6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/html_templates.go +++ /dev/null @@ -1,214 +0,0 @@ -package codex - -// LoginSuccessHTML is the HTML template for the page shown after a successful -// OAuth2 authentication with Codex. It informs the user that the authentication -// was successful and provides a countdown timer to automatically close the window. -const LoginSuccessHtml = ` - - - - - Authentication Successful - Codex - - - - -
-
-

Authentication Successful!

-

You have successfully authenticated with Codex. You can now close this window and return to your terminal to continue.

- - {{SETUP_NOTICE}} - -
- - - Open Platform - - -
- -
- This window will close automatically in 10 seconds -
- -
-

Powered by ChatGPT

-
-
- - - -` - -// SetupNoticeHTML is the HTML template for the section that provides instructions -// for additional setup. This is displayed on the success page when further actions -// are required from the user. -const SetupNoticeHtml = ` -
-

Additional Setup Required

-

To complete your setup, please visit the Codex to configure your account.

-
` diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/jwt_parser.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/jwt_parser.go deleted file mode 100644 index 130e86420a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/jwt_parser.go +++ /dev/null @@ -1,102 +0,0 @@ -package codex - -import ( - "encoding/base64" - "encoding/json" - "fmt" - "strings" - "time" -) - -// JWTClaims represents the claims section of a JSON Web Token (JWT). -// It includes standard claims like issuer, subject, and expiration time, as well as -// custom claims specific to OpenAI's authentication. -type JWTClaims struct { - AtHash string `json:"at_hash"` - Aud []string `json:"aud"` - AuthProvider string `json:"auth_provider"` - AuthTime int `json:"auth_time"` - Email string `json:"email"` - EmailVerified bool `json:"email_verified"` - Exp int `json:"exp"` - CodexAuthInfo CodexAuthInfo `json:"https://api.openai.com/auth"` - Iat int `json:"iat"` - Iss string `json:"iss"` - Jti string `json:"jti"` - Rat int `json:"rat"` - Sid string `json:"sid"` - Sub string `json:"sub"` -} - -// Organizations defines the structure for organization details within the JWT claims. -// It holds information about the user's organization, such as ID, role, and title. -type Organizations struct { - ID string `json:"id"` - IsDefault bool `json:"is_default"` - Role string `json:"role"` - Title string `json:"title"` -} - -// CodexAuthInfo contains authentication-related details specific to Codex. -// This includes ChatGPT account information, subscription status, and user/organization IDs. -type CodexAuthInfo struct { - ChatgptAccountID string `json:"chatgpt_account_id"` - ChatgptPlanType string `json:"chatgpt_plan_type"` - ChatgptSubscriptionActiveStart any `json:"chatgpt_subscription_active_start"` - ChatgptSubscriptionActiveUntil any `json:"chatgpt_subscription_active_until"` - ChatgptSubscriptionLastChecked time.Time `json:"chatgpt_subscription_last_checked"` - ChatgptUserID string `json:"chatgpt_user_id"` - Groups []any `json:"groups"` - Organizations []Organizations `json:"organizations"` - UserID string `json:"user_id"` -} - -// ParseJWTToken parses a JWT token string and extracts its claims without performing -// cryptographic signature verification. This is useful for introspecting the token's -// contents to retrieve user information from an ID token after it has been validated -// by the authentication server. -func ParseJWTToken(token string) (*JWTClaims, error) { - parts := strings.Split(token, ".") - if len(parts) != 3 { - return nil, fmt.Errorf("invalid JWT token format: expected 3 parts, got %d", len(parts)) - } - - // Decode the claims (payload) part - claimsData, err := base64URLDecode(parts[1]) - if err != nil { - return nil, fmt.Errorf("failed to decode JWT claims: %w", err) - } - - var claims JWTClaims - if err = json.Unmarshal(claimsData, &claims); err != nil { - return nil, fmt.Errorf("failed to unmarshal JWT claims: %w", err) - } - - return &claims, nil -} - -// base64URLDecode decodes a Base64 URL-encoded string, adding padding if necessary. -// JWTs use a URL-safe Base64 alphabet and omit padding, so this function ensures -// correct decoding by re-adding the padding before decoding. -func base64URLDecode(data string) ([]byte, error) { - // Add padding if necessary - switch len(data) % 4 { - case 2: - data += "==" - case 3: - data += "=" - } - - return base64.URLEncoding.DecodeString(data) -} - -// GetUserEmail extracts the user's email address from the JWT claims. -func (c *JWTClaims) GetUserEmail() string { - return c.Email -} - -// GetAccountID extracts the user's account ID (subject) from the JWT claims. -// It retrieves the unique identifier for the user's ChatGPT account. -func (c *JWTClaims) GetAccountID() string { - return c.CodexAuthInfo.ChatgptAccountID -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/jwt_parser_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/jwt_parser_test.go deleted file mode 100644 index 4cb94e3865..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/jwt_parser_test.go +++ /dev/null @@ -1,71 +0,0 @@ -package codex - -import ( - "encoding/base64" - "encoding/json" - "strings" - "testing" -) - -func TestParseJWTToken(t *testing.T) { - // Create a mock JWT payload - claims := JWTClaims{ - Email: "test@example.com", - CodexAuthInfo: CodexAuthInfo{ - ChatgptAccountID: "acc_123", - }, - } - payload, _ := json.Marshal(claims) - encodedPayload := base64.RawURLEncoding.EncodeToString(payload) - - // Mock token: header.payload.signature - header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"HS256","typ":"JWT"}`)) - signature := "signature" - token := header + "." + encodedPayload + "." + signature - - parsed, err := ParseJWTToken(token) - if err != nil { - t.Fatalf("ParseJWTToken failed: %v", err) - } - - if parsed.GetUserEmail() != "test@example.com" { - t.Errorf("expected email test@example.com, got %s", parsed.GetUserEmail()) - } - if parsed.GetAccountID() != "acc_123" { - t.Errorf("expected account ID acc_123, got %s", parsed.GetAccountID()) - } - - // Test invalid format - _, err = ParseJWTToken("invalid") - if err == nil || !strings.Contains(err.Error(), "invalid JWT token format") { - t.Errorf("expected error for invalid format, got %v", err) - } - - // Test invalid base64 - _, err = ParseJWTToken("header.!!!.signature") - if err == nil || !strings.Contains(err.Error(), "failed to decode JWT claims") { - t.Errorf("expected error for invalid base64, got %v", err) - } -} - -func TestBase64URLDecode(t *testing.T) { - cases := []struct { - input string - want string - }{ - {"YQ", "a"}, // needs == - {"YWI", "ab"}, // needs = - {"YWJj", "abc"}, // needs no padding - } - - for _, tc := range cases { - got, err := base64URLDecode(tc.input) - if err != nil { - t.Errorf("base64URLDecode(%q) failed: %v", tc.input, err) - continue - } - if string(got) != tc.want { - t.Errorf("base64URLDecode(%q) = %q, want %q", tc.input, string(got), tc.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/oauth_server.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/oauth_server.go deleted file mode 100644 index 75bf193e11..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/oauth_server.go +++ /dev/null @@ -1,342 +0,0 @@ -package codex - -import ( - "context" - "errors" - "fmt" - "html" - "net" - "net/http" - "net/url" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// OAuthServer handles the local HTTP server for OAuth callbacks. -// It listens for the authorization code response from the OAuth provider -// and captures the necessary parameters to complete the authentication flow. -type OAuthServer struct { - // server is the underlying HTTP server instance - server *http.Server - // port is the port number on which the server listens - port int - // resultChan is a channel for sending OAuth results - resultChan chan *OAuthResult - // errorChan is a channel for sending OAuth errors - errorChan chan error - // mu is a mutex for protecting server state - mu sync.Mutex - // running indicates whether the server is currently running - running bool -} - -// OAuthResult contains the result of the OAuth callback. -// It holds either the authorization code and state for successful authentication -// or an error message if the authentication failed. -type OAuthResult struct { - // Code is the authorization code received from the OAuth provider - Code string - // State is the state parameter used to prevent CSRF attacks - State string - // Error contains any error message if the OAuth flow failed - Error string -} - -// NewOAuthServer creates a new OAuth callback server. -// It initializes the server with the specified port and creates channels -// for handling OAuth results and errors. -// -// Parameters: -// - port: The port number on which the server should listen -// -// Returns: -// - *OAuthServer: A new OAuthServer instance -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - resultChan: make(chan *OAuthResult, 1), - errorChan: make(chan error, 1), - } -} - -// Start starts the OAuth callback server. -// It sets up the HTTP handlers for the callback and success endpoints, -// and begins listening on the specified port. -// -// Returns: -// - error: An error if the server fails to start -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - - if s.running { - return fmt.Errorf("server is already running") - } - - // Check if port is available - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/auth/callback", s.handleCallback) - mux.HandleFunc("/success", s.handleSuccess) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - // Start server in goroutine - go func() { - if err := s.server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { - s.errorChan <- fmt.Errorf("server failed to start: %w", err) - } - }() - - // Give server a moment to start - time.Sleep(100 * time.Millisecond) - - return nil -} - -// Stop gracefully stops the OAuth callback server. -// It performs a graceful shutdown of the HTTP server with a timeout. -// -// Parameters: -// - ctx: The context for controlling the shutdown process -// -// Returns: -// - error: An error if the server fails to stop gracefully -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - if !s.running || s.server == nil { - return nil - } - - log.Debug("Stopping OAuth callback server") - - // Create a context with timeout for shutdown - shutdownCtx, cancel := context.WithTimeout(ctx, 5*time.Second) - defer cancel() - - err := s.server.Shutdown(shutdownCtx) - s.running = false - s.server = nil - - return err -} - -// WaitForCallback waits for the OAuth callback with a timeout. -// It blocks until either an OAuth result is received, an error occurs, -// or the specified timeout is reached. -// -// Parameters: -// - timeout: The maximum time to wait for the callback -// -// Returns: -// - *OAuthResult: The OAuth result if successful -// - error: An error if the callback times out or an error occurs -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case result := <-s.resultChan: - return result, nil - case err := <-s.errorChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -// handleCallback handles the OAuth callback endpoint. -// It extracts the authorization code and state from the callback URL, -// validates the parameters, and sends the result to the waiting channel. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - log.Debug("Received OAuth callback") - - // Validate request method - if r.Method != http.MethodGet { - http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) - return - } - - // Extract parameters - query := r.URL.Query() - code := query.Get("code") - state := query.Get("state") - errorParam := query.Get("error") - - // Validate required parameters - if errorParam != "" { - log.Errorf("OAuth error received: %s", errorParam) - result := &OAuthResult{ - Error: errorParam, - } - s.sendResult(result) - http.Error(w, fmt.Sprintf("OAuth error: %s", errorParam), http.StatusBadRequest) - return - } - - if code == "" { - log.Error("No authorization code received") - result := &OAuthResult{ - Error: "no_code", - } - s.sendResult(result) - http.Error(w, "No authorization code received", http.StatusBadRequest) - return - } - - if state == "" { - log.Error("No state parameter received") - result := &OAuthResult{ - Error: "no_state", - } - s.sendResult(result) - http.Error(w, "No state parameter received", http.StatusBadRequest) - return - } - - // Send successful result - result := &OAuthResult{ - Code: code, - State: state, - } - s.sendResult(result) - - // Redirect to success page - http.Redirect(w, r, "/success", http.StatusFound) -} - -// handleSuccess handles the success page endpoint. -// It serves a user-friendly HTML page indicating that authentication was successful. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleSuccess(w http.ResponseWriter, r *http.Request) { - log.Debug("Serving success page") - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusOK) - - // Parse query parameters for customization - query := r.URL.Query() - setupRequired := query.Get("setup_required") == "true" - platformURL := query.Get("platform_url") - if platformURL == "" { - platformURL = "https://platform.openai.com" - } - - // Validate platformURL to prevent XSS - only allow http/https URLs - if !isValidURL(platformURL) { - platformURL = "https://platform.openai.com" - } - - // Generate success page HTML with dynamic content - successHTML := s.generateSuccessHTML(setupRequired, platformURL) - - _, err := w.Write([]byte(successHTML)) - if err != nil { - log.Errorf("Failed to write success page: %v", err) - } -} - -// isValidURL checks if the URL is a valid http/https URL to prevent XSS -func isValidURL(urlStr string) bool { - urlStr = strings.TrimSpace(urlStr) - if urlStr == "" || strings.ContainsAny(urlStr, "\"'<>") { - return false - } - parsed, err := url.Parse(urlStr) - if err != nil || !parsed.IsAbs() { - return false - } - scheme := strings.ToLower(parsed.Scheme) - if scheme != "https" && scheme != "http" { - return false - } - return strings.TrimSpace(parsed.Host) != "" -} - -// generateSuccessHTML creates the HTML content for the success page. -// It customizes the page based on whether additional setup is required -// and includes a link to the platform. -// -// Parameters: -// - setupRequired: Whether additional setup is required after authentication -// - platformURL: The URL to the platform for additional setup -// -// Returns: -// - string: The HTML content for the success page -func (s *OAuthServer) generateSuccessHTML(setupRequired bool, platformURL string) string { - pageHTML := LoginSuccessHtml - escapedURL := html.EscapeString(platformURL) - - // Replace platform URL placeholder - pageHTML = strings.ReplaceAll(pageHTML, "{{PLATFORM_URL}}", escapedURL) - - // Add setup notice if required - if setupRequired { - setupNotice := strings.ReplaceAll(SetupNoticeHtml, "{{PLATFORM_URL}}", escapedURL) - pageHTML = strings.Replace(pageHTML, "{{SETUP_NOTICE}}", setupNotice, 1) - } else { - pageHTML = strings.Replace(pageHTML, "{{SETUP_NOTICE}}", "", 1) - } - - return pageHTML -} - -// sendResult sends the OAuth result to the waiting channel. -// It ensures that the result is sent without blocking the handler. -// -// Parameters: -// - result: The OAuth result to send -func (s *OAuthServer) sendResult(result *OAuthResult) { - select { - case s.resultChan <- result: - log.Debug("OAuth result sent to channel") - default: - log.Warn("OAuth result channel is full, result dropped") - } -} - -// isPortAvailable checks if the specified port is available. -// It attempts to listen on the port to determine availability. -// -// Returns: -// - bool: True if the port is available, false otherwise -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - defer func() { - _ = listener.Close() - }() - return true -} - -// IsRunning returns whether the server is currently running. -// -// Returns: -// - bool: True if the server is running, false otherwise -func (s *OAuthServer) IsRunning() bool { - s.mu.Lock() - defer s.mu.Unlock() - return s.running -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/oauth_server_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/oauth_server_test.go deleted file mode 100644 index 47740feb2b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/oauth_server_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package codex - -import ( - "context" - "fmt" - "net/http" - "strings" - "testing" - "time" -) - -func TestOAuthServer(t *testing.T) { - port := 1456 // Use a different port to avoid conflicts - server := NewOAuthServer(port) - - if err := server.Start(); err != nil { - t.Fatalf("failed to start server: %v", err) - } - defer func() { _ = server.Stop(context.Background()) }() - - if !server.IsRunning() { - t.Error("expected server to be running") - } - - // Test Start already running - if err := server.Start(); err == nil || !strings.Contains(err.Error(), "already running") { - t.Errorf("expected error for already running server, got %v", err) - } - - // Test callback success - resp, err := http.Get(fmt.Sprintf("http://localhost:%d/auth/callback?code=abc&state=xyz", port)) - if err != nil { - t.Fatalf("callback request failed: %v", err) - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode != http.StatusOK { - t.Errorf("expected 200 OK after redirect, got %d", resp.StatusCode) - } - - result, err := server.WaitForCallback(1 * time.Second) - if err != nil { - t.Fatalf("WaitForCallback failed: %v", err) - } - if result.Code != "abc" || result.State != "xyz" { - t.Errorf("expected code abc, state xyz, got %+v", result) - } -} - -func TestOAuthServer_Errors(t *testing.T) { - port := 1457 - server := NewOAuthServer(port) - if err := server.Start(); err != nil { - t.Fatalf("failed to start server: %v", err) - } - defer func() { _ = server.Stop(context.Background()) }() - - // Test error callback - resp, err := http.Get(fmt.Sprintf("http://localhost:%d/auth/callback?error=access_denied", port)) - if err != nil { - t.Fatalf("callback request failed: %v", err) - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode != http.StatusBadRequest { - t.Errorf("expected 400 Bad Request, got %d", resp.StatusCode) - } - - result, _ := server.WaitForCallback(1 * time.Second) - if result.Error != "access_denied" { - t.Errorf("expected error access_denied, got %s", result.Error) - } - - // Test missing code - _, _ = http.Get(fmt.Sprintf("http://localhost:%d/auth/callback?state=xyz", port)) - result, _ = server.WaitForCallback(1 * time.Second) - if result.Error != "no_code" { - t.Errorf("expected error no_code, got %s", result.Error) - } - - // Test missing state - _, _ = http.Get(fmt.Sprintf("http://localhost:%d/auth/callback?code=abc", port)) - result, _ = server.WaitForCallback(1 * time.Second) - if result.Error != "no_state" { - t.Errorf("expected error no_state, got %s", result.Error) - } - - // Test timeout - _, err = server.WaitForCallback(10 * time.Millisecond) - if err == nil || !strings.Contains(err.Error(), "timeout") { - t.Errorf("expected timeout error, got %v", err) - } -} - -func TestOAuthServer_PortInUse(t *testing.T) { - port := 1458 - server1 := NewOAuthServer(port) - if err := server1.Start(); err != nil { - t.Fatalf("failed to start server1: %v", err) - } - defer func() { _ = server1.Stop(context.Background()) }() - - server2 := NewOAuthServer(port) - if err := server2.Start(); err == nil || !strings.Contains(err.Error(), "already in use") { - t.Errorf("expected port in use error, got %v", err) - } -} - -func TestIsValidURL(t *testing.T) { - cases := []struct { - url string - want bool - }{ - {"https://example.com", true}, - {"http://example.com", true}, - {" https://example.com/path?q=1 ", true}, - {"javascript:alert(1)", false}, - {"ftp://example.com", false}, - {"https://example.com\" onclick=\"alert(1)", false}, - {"https://", false}, - } - for _, tc := range cases { - if isValidURL(tc.url) != tc.want { - t.Errorf("isValidURL(%q) = %v, want %v", tc.url, isValidURL(tc.url), tc.want) - } - } -} - -func TestGenerateSuccessHTML_EscapesPlatformURL(t *testing.T) { - server := NewOAuthServer(1459) - malicious := `https://example.com" onclick="alert(1)` - got := server.generateSuccessHTML(true, malicious) - if strings.Contains(got, malicious) { - t.Fatalf("expected malicious URL to be escaped in HTML output") - } - if !strings.Contains(got, "https://example.com" onclick="alert(1)") { - t.Fatalf("expected escaped URL in HTML output, got: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai.go deleted file mode 100644 index ee80eecfaf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai.go +++ /dev/null @@ -1,39 +0,0 @@ -package codex - -// PKCECodes holds the verification codes for the OAuth2 PKCE (Proof Key for Code Exchange) flow. -// PKCE is an extension to the Authorization Code flow to prevent CSRF and authorization code injection attacks. -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// CodexTokenData holds the OAuth token information obtained from OpenAI. -// It includes the ID token, access token, refresh token, and associated user details. -type CodexTokenData struct { - // IDToken is the JWT ID token containing user claims - IDToken string `json:"id_token"` - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // AccountID is the OpenAI account identifier - AccountID string `json:"account_id"` - // Email is the OpenAI account email - Email string `json:"email"` - // Expire is the timestamp of the token expire - Expire string `json:"expired"` -} - -// CodexAuthBundle aggregates all authentication-related data after the OAuth flow is complete. -// This includes the API key, token data, and the timestamp of the last refresh. -type CodexAuthBundle struct { - // APIKey is the OpenAI API key obtained from token exchange - APIKey string `json:"api_key"` - // TokenData contains the OAuth tokens from the authentication flow - TokenData CodexTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai_auth.go deleted file mode 100644 index c507d3253a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai_auth.go +++ /dev/null @@ -1,314 +0,0 @@ -// Package codex provides authentication and token management for OpenAI's Codex API. -// It handles the OAuth2 flow, including generating authorization URLs, exchanging -// authorization codes for tokens, and refreshing expired tokens. The package also -// defines data structures for storing and managing Codex authentication credentials. -package codex - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -type refreshError struct { - status int - message string -} - -func (e *refreshError) Error() string { - if e == nil || e.message == "" { - return "" - } - return e.message -} - -func (e *refreshError) StatusCode() int { - if e == nil { - return 0 - } - return e.status -} - -func newRefreshError(statusCode int, message string) *refreshError { - return &refreshError{status: statusCode, message: message} -} - -// OAuth configuration constants for OpenAI Codex -const ( - AuthURL = "https://auth.openai.com/oauth/authorize" - TokenURL = "https://auth.openai.com/oauth/token" - ClientID = "app_EMoamEEZ73f0CkXaXp7hrann" - RedirectURI = "http://localhost:1455/auth/callback" -) - -// CodexAuth handles the OpenAI OAuth2 authentication flow. -// It manages the HTTP client and provides methods for generating authorization URLs, -// exchanging authorization codes for tokens, and refreshing access tokens. -type CodexAuth struct { - httpClient *http.Client -} - -// NewCodexAuth creates a new CodexAuth service instance. -// It initializes an HTTP client with proxy settings from the provided configuration. -func NewCodexAuth(cfg *config.Config) *CodexAuth { - return &CodexAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// GenerateAuthURL creates the OAuth authorization URL with PKCE (Proof Key for Code Exchange). -// It constructs the URL with the necessary parameters, including the client ID, -// response type, redirect URI, scopes, and PKCE challenge. -func (o *CodexAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string, error) { - if pkceCodes == nil { - return "", fmt.Errorf("PKCE codes are required") - } - - params := url.Values{ - "client_id": {ClientID}, - "response_type": {"code"}, - "redirect_uri": {RedirectURI}, - "scope": {"openid email profile offline_access"}, - "state": {state}, - "code_challenge": {pkceCodes.CodeChallenge}, - "code_challenge_method": {"S256"}, - "prompt": {"login"}, - "id_token_add_organizations": {"true"}, - "codex_cli_simplified_flow": {"true"}, - } - - authURL := fmt.Sprintf("%s?%s", AuthURL, params.Encode()) - return authURL, nil -} - -// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens. -// It performs an HTTP POST request to the OpenAI token endpoint with the provided -// authorization code and PKCE verifier. -func (o *CodexAuth) ExchangeCodeForTokens(ctx context.Context, code string, pkceCodes *PKCECodes) (*CodexAuthBundle, error) { - if pkceCodes == nil { - return nil, fmt.Errorf("PKCE codes are required for token exchange") - } - - // Prepare token exchange request - data := url.Values{ - "grant_type": {"authorization_code"}, - "client_id": {ClientID}, - "code": {code}, - "redirect_uri": {RedirectURI}, - "code_verifier": {pkceCodes.CodeVerifier}, - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token exchange request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - // log.Debugf("Token response: %s", string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token exchange failed with status %d: %s", resp.StatusCode, string(body)) - } - - // Parse token response - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - } - - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Extract account ID from ID token - claims, err := ParseJWTToken(tokenResp.IDToken) - if err != nil { - log.Warnf("Failed to parse ID token: %v", err) - } - - accountID := "" - email := "" - if claims != nil { - accountID = claims.GetAccountID() - email = claims.GetUserEmail() - } - - // Create token data - tokenData := CodexTokenData{ - IDToken: tokenResp.IDToken, - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - AccountID: accountID, - Email: email, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - // Create auth bundle - bundle := &CodexAuthBundle{ - TokenData: tokenData, - LastRefresh: time.Now().Format(time.RFC3339), - } - - return bundle, nil -} - -// RefreshTokens refreshes an access token using a refresh token. -// This method is called when an access token has expired. It makes a request to the -// token endpoint to obtain a new set of tokens. -func (o *CodexAuth) RefreshTokens(ctx context.Context, refreshToken string) (*CodexTokenData, error) { - if refreshToken == "" { - return nil, fmt.Errorf("refresh token is required") - } - - data := url.Values{ - "client_id": {ClientID}, - "grant_type": {"refresh_token"}, - "refresh_token": {refreshToken}, - "scope": {"openid profile email"}, - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, newRefreshError(resp.StatusCode, fmt.Sprintf("token refresh failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - } - - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse refresh response: %w", err) - } - - // Extract account ID from ID token - claims, err := ParseJWTToken(tokenResp.IDToken) - if err != nil { - log.Warnf("Failed to parse refreshed ID token: %v", err) - } - - accountID := "" - email := "" - if claims != nil { - accountID = claims.GetAccountID() - email = claims.Email - } - - return &CodexTokenData{ - IDToken: tokenResp.IDToken, - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - AccountID: accountID, - Email: email, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// CreateTokenStorage creates a new CodexTokenStorage from a CodexAuthBundle. -// It populates the storage struct with token data, user information, and timestamps. -func (o *CodexAuth) CreateTokenStorage(bundle *CodexAuthBundle) *CodexTokenStorage { - storage := &CodexTokenStorage{ - IDToken: bundle.TokenData.IDToken, - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - AccountID: bundle.TokenData.AccountID, - LastRefresh: bundle.LastRefresh, - Email: bundle.TokenData.Email, - Expire: bundle.TokenData.Expire, - } - - return storage -} - -// RefreshTokensWithRetry refreshes tokens with a built-in retry mechanism. -// It attempts to refresh the tokens up to a specified maximum number of retries, -// with an exponential backoff strategy to handle transient network errors. -func (o *CodexAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*CodexTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - if statusErr, ok := lastErr.(interface{ StatusCode() int }); ok && statusErr.StatusCode() != 0 { - return nil, lastErr - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// UpdateTokenStorage updates an existing CodexTokenStorage with new token data. -// This is typically called after a successful token refresh to persist the new credentials. -func (o *CodexAuth) UpdateTokenStorage(storage *CodexTokenStorage, tokenData *CodexTokenData) { - storage.IDToken = tokenData.IDToken - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.AccountID = tokenData.AccountID - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Email = tokenData.Email - storage.Expire = tokenData.Expire -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai_auth_test.go deleted file mode 100644 index 07752ecc58..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/openai_auth_test.go +++ /dev/null @@ -1,312 +0,0 @@ -package codex - -import ( - "context" - "encoding/base64" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestNewCodexAuth(t *testing.T) { - cfg := &config.Config{} - auth := NewCodexAuth(cfg) - if auth.httpClient == nil { - t.Error("expected non-nil httpClient") - } -} - -func TestCodexAuth_GenerateAuthURL(t *testing.T) { - auth := &CodexAuth{} - pkce := &PKCECodes{CodeChallenge: "challenge"} - state := "state123" - - url, err := auth.GenerateAuthURL(state, pkce) - if err != nil { - t.Fatalf("GenerateAuthURL failed: %v", err) - } - - if !strings.Contains(url, "state=state123") { - t.Errorf("URL missing state: %s", url) - } - if !strings.Contains(url, "code_challenge=challenge") { - t.Errorf("URL missing code_challenge: %s", url) - } - - _, err = auth.GenerateAuthURL(state, nil) - if err == nil { - t.Error("expected error for nil pkceCodes") - } -} - -func TestCodexAuth_ExchangeCodeForTokens(t *testing.T) { - // Mock ID token payload - claims := JWTClaims{ - Email: "test@example.com", - CodexAuthInfo: CodexAuthInfo{ - ChatgptAccountID: "acc_123", - }, - } - payload, _ := json.Marshal(claims) - idToken := "header." + base64.RawURLEncoding.EncodeToString(payload) + ".sig" - - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != "POST" { - t.Errorf("expected POST, got %s", r.Method) - } - if r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" { - t.Errorf("expected urlencoded content type, got %s", r.Header.Get("Content-Type")) - } - - resp := struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - }{ - AccessToken: "access", - RefreshToken: "refresh", - IDToken: idToken, - TokenType: "Bearer", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer server.Close() - - // Override TokenURL for testing if it was possible, but it's a constant. - // Since I can't override the constant, I'll need to use a real CodexAuth but with a mocked httpClient that redirects to my server. - - mockClient := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - // Redirect all requests to the test server - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - mockReq.Header = req.Header - return http.DefaultClient.Do(mockReq) - }), - } - - auth := &CodexAuth{httpClient: mockClient} - pkce := &PKCECodes{CodeVerifier: "verifier"} - - bundle, err := auth.ExchangeCodeForTokens(context.Background(), "code", pkce) - if err != nil { - t.Fatalf("ExchangeCodeForTokens failed: %v", err) - } - - if bundle.TokenData.AccessToken != "access" { - t.Errorf("expected access token, got %s", bundle.TokenData.AccessToken) - } - if bundle.TokenData.Email != "test@example.com" { - t.Errorf("expected email test@example.com, got %s", bundle.TokenData.Email) - } -} - -type roundTripFunc func(req *http.Request) (*http.Response, error) - -func (f roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} - -func TestCodexAuth_RefreshTokens(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - resp := struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - }{ - AccessToken: "new_access", - RefreshToken: "new_refresh", - IDToken: "header.eyBlbWFpbCI6InJlZnJlc2hAZXhhbXBsZS5jb20ifQ.sig", // email: refresh@example.com - TokenType: "Bearer", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer server.Close() - - mockClient := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - - auth := &CodexAuth{httpClient: mockClient} - tokenData, err := auth.RefreshTokens(context.Background(), "old_refresh") - if err != nil { - t.Fatalf("RefreshTokens failed: %v", err) - } - - if tokenData.AccessToken != "new_access" { - t.Errorf("expected new_access, got %s", tokenData.AccessToken) - } -} - -func TestCodexAuth_RefreshTokens_rateLimit(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusTooManyRequests) - _, _ = w.Write([]byte(`{"error":"rate_limit_exceeded"}`)) - })) - defer server.Close() - - mockClient := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - - auth := &CodexAuth{httpClient: mockClient} - _, err := auth.RefreshTokens(context.Background(), "old_refresh") - if err == nil { - t.Fatal("expected RefreshTokens to fail") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status-capable error, got %T", err) - } - if got := se.StatusCode(); got != http.StatusTooManyRequests { - t.Fatalf("status code = %d, want %d", got, http.StatusTooManyRequests) - } -} - -func TestCodexAuth_RefreshTokens_serviceUnavailable(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusServiceUnavailable) - _, _ = w.Write([]byte(`service temporarily unavailable`)) - })) - defer server.Close() - - mockClient := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - - auth := &CodexAuth{httpClient: mockClient} - _, err := auth.RefreshTokens(context.Background(), "old_refresh") - if err == nil { - t.Fatal("expected RefreshTokens to fail") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status-capable error, got %T", err) - } - if got := se.StatusCode(); got != http.StatusServiceUnavailable { - t.Fatalf("status code = %d, want %d", got, http.StatusServiceUnavailable) - } -} - -func TestCodexAuth_RefreshTokensWithRetry_preservesStatus(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusServiceUnavailable) - _, _ = w.Write([]byte(`service temporarily unavailable`)) - })) - defer server.Close() - - mockClient := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - - auth := &CodexAuth{httpClient: mockClient} - _, err := auth.RefreshTokensWithRetry(context.Background(), "old_refresh", 1) - if err == nil { - t.Fatal("expected RefreshTokensWithRetry to fail") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status-capable error, got %T", err) - } - if got := se.StatusCode(); got != http.StatusServiceUnavailable { - t.Fatalf("status code = %d, want %d", got, http.StatusServiceUnavailable) - } -} - -func TestCodexAuth_CreateTokenStorage(t *testing.T) { - auth := &CodexAuth{} - bundle := &CodexAuthBundle{ - TokenData: CodexTokenData{ - IDToken: "id", - AccessToken: "access", - RefreshToken: "refresh", - AccountID: "acc", - Email: "test@example.com", - Expire: "exp", - }, - LastRefresh: "last", - } - - storage := auth.CreateTokenStorage(bundle) - if storage.AccessToken != "access" || storage.Email != "test@example.com" { - t.Errorf("CreateTokenStorage failed: %+v", storage) - } -} - -func TestCodexAuth_RefreshTokensWithRetry(t *testing.T) { - count := 0 - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - count++ - if count < 2 { - w.WriteHeader(http.StatusInternalServerError) - return - } - resp := struct { - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - }{ - AccessToken: "retry_access", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer server.Close() - - mockClient := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - - auth := &CodexAuth{httpClient: mockClient} - tokenData, err := auth.RefreshTokensWithRetry(context.Background(), "refresh", 3) - if err != nil { - t.Fatalf("RefreshTokensWithRetry failed: %v", err) - } - - if tokenData.AccessToken != "retry_access" { - t.Errorf("expected retry_access, got %s", tokenData.AccessToken) - } - if count != 2 { - t.Errorf("expected 2 attempts, got %d", count) - } -} - -func TestCodexAuth_UpdateTokenStorage(t *testing.T) { - auth := &CodexAuth{} - storage := &CodexTokenStorage{AccessToken: "old"} - tokenData := &CodexTokenData{ - AccessToken: "new", - Email: "new@example.com", - } - - auth.UpdateTokenStorage(storage, tokenData) - if storage.AccessToken != "new" || storage.Email != "new@example.com" { - t.Errorf("UpdateTokenStorage failed: %+v", storage) - } - if storage.LastRefresh == "" { - t.Error("expected LastRefresh to be set") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/pkce.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/pkce.go deleted file mode 100644 index c1f0fb69a7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/pkce.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package codex provides authentication and token management functionality -// for OpenAI's Codex AI services. It handles OAuth2 PKCE (Proof Key for Code Exchange) -// code generation for secure authentication flows. -package codex - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "fmt" -) - -// GeneratePKCECodes generates a new pair of PKCE (Proof Key for Code Exchange) codes. -// It creates a cryptographically random code verifier and its corresponding -// SHA256 code challenge, as specified in RFC 7636. This is a critical security -// feature for the OAuth 2.0 authorization code flow. -func GeneratePKCECodes() (*PKCECodes, error) { - // Generate code verifier: 43-128 characters, URL-safe - codeVerifier, err := generateCodeVerifier() - if err != nil { - return nil, fmt.Errorf("failed to generate code verifier: %w", err) - } - - // Generate code challenge using S256 method - codeChallenge := generateCodeChallenge(codeVerifier) - - return &PKCECodes{ - CodeVerifier: codeVerifier, - CodeChallenge: codeChallenge, - }, nil -} - -// generateCodeVerifier creates a cryptographically secure random string to be used -// as the code verifier in the PKCE flow. The verifier is a high-entropy string -// that is later used to prove possession of the client that initiated the -// authorization request. -func generateCodeVerifier() (string, error) { - // Generate 96 random bytes (will result in 128 base64 characters) - bytes := make([]byte, 96) - _, err := rand.Read(bytes) - if err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - - // Encode to URL-safe base64 without padding - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a code challenge from a given code verifier. -// The challenge is derived by taking the SHA256 hash of the verifier and then -// Base64 URL-encoding the result. This is sent in the initial authorization -// request and later verified against the verifier. -func generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/pkce_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/pkce_test.go deleted file mode 100644 index f51989e5fd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/pkce_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package codex - -import ( - "testing" -) - -func TestGeneratePKCECodes(t *testing.T) { - codes, err := GeneratePKCECodes() - if err != nil { - t.Fatalf("GeneratePKCECodes failed: %v", err) - } - - if codes.CodeVerifier == "" { - t.Error("expected non-empty CodeVerifier") - } - if codes.CodeChallenge == "" { - t.Error("expected non-empty CodeChallenge") - } - - // Verify challenge matches verifier - expectedChallenge := generateCodeChallenge(codes.CodeVerifier) - if codes.CodeChallenge != expectedChallenge { - t.Errorf("CodeChallenge mismatch: expected %s, got %s", expectedChallenge, codes.CodeChallenge) - } -} - -func TestGenerateCodeVerifier(t *testing.T) { - v1, err := generateCodeVerifier() - if err != nil { - t.Fatalf("generateCodeVerifier failed: %v", err) - } - v2, err := generateCodeVerifier() - if err != nil { - t.Fatalf("generateCodeVerifier failed: %v", err) - } - - if v1 == v2 { - t.Error("expected different verifiers") - } - - if len(v1) < 43 || len(v1) > 128 { - t.Errorf("invalid verifier length: %d", len(v1)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/token.go deleted file mode 100644 index 9e21f7bd16..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/token.go +++ /dev/null @@ -1,92 +0,0 @@ -// Package codex provides authentication and token management functionality -// for OpenAI's Codex AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Codex API. -package codex - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -func sanitizeTokenFilePath(authFilePath string) (string, error) { - trimmed := strings.TrimSpace(authFilePath) - if trimmed == "" { - return "", fmt.Errorf("token file path is empty") - } - cleaned := filepath.Clean(trimmed) - parts := strings.FieldsFunc(cleaned, func(r rune) bool { - return r == '/' || r == '\\' - }) - for _, part := range parts { - if part == ".." { - return "", fmt.Errorf("invalid token file path") - } - } - absPath, err := filepath.Abs(cleaned) - if err != nil { - return "", fmt.Errorf("failed to resolve token file path: %w", err) - } - return absPath, nil -} - -// CodexTokenStorage stores OAuth2 token information for OpenAI Codex API authentication. -// It maintains compatibility with the existing auth system while adding Codex-specific fields -// for managing access tokens, refresh tokens, and user account information. -type CodexTokenStorage struct { - // IDToken is the JWT ID token containing user claims and identity information. - IDToken string `json:"id_token"` - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - // AccountID is the OpenAI account identifier associated with this token. - AccountID string `json:"account_id"` - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - // Email is the OpenAI account email address associated with this token. - Email string `json:"email"` - // Type indicates the authentication provider type, always "codex" for this storage. - Type string `json:"type"` - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` -} - -// SaveTokenToFile serializes the Codex token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *CodexTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "codex" - if err = os.MkdirAll(filepath.Dir(safePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil - -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/token_test.go deleted file mode 100644 index 7188dc2986..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/codex/token_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package codex - -import ( - "encoding/json" - "os" - "path/filepath" - "testing" -) - -func TestCodexTokenStorage_SaveTokenToFile(t *testing.T) { - tempDir, err := os.MkdirTemp("", "codex_test") - if err != nil { - t.Fatalf("failed to create temp dir: %v", err) - } - defer func() { _ = os.RemoveAll(tempDir) }() - - authFilePath := filepath.Join(tempDir, "token.json") - - ts := &CodexTokenStorage{ - IDToken: "id_token", - AccessToken: "access_token", - RefreshToken: "refresh_token", - AccountID: "acc_123", - Email: "test@example.com", - } - - if err := ts.SaveTokenToFile(authFilePath); err != nil { - t.Fatalf("SaveTokenToFile failed: %v", err) - } - - // Read back and verify - data, err := os.ReadFile(authFilePath) - if err != nil { - t.Fatalf("failed to read token file: %v", err) - } - - var tsLoaded CodexTokenStorage - if err := json.Unmarshal(data, &tsLoaded); err != nil { - t.Fatalf("failed to unmarshal token: %v", err) - } - - if tsLoaded.Type != "codex" { - t.Errorf("expected type codex, got %s", tsLoaded.Type) - } - if tsLoaded.Email != ts.Email { - t.Errorf("expected email %s, got %s", ts.Email, tsLoaded.Email) - } -} - -func TestSaveTokenToFile_MkdirFail(t *testing.T) { - // Use a path that's impossible to create (like a file as a directory) - tempFile, _ := os.CreateTemp("", "mkdir_fail") - defer func() { _ = os.Remove(tempFile.Name()) }() - - authFilePath := filepath.Join(tempFile.Name(), "token.json") - ts := &CodexTokenStorage{} - err := ts.SaveTokenToFile(authFilePath) - if err == nil { - t.Error("expected error for invalid directory path") - } -} - -func TestCodexTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &CodexTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../codex-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_auth.go deleted file mode 100644 index cc918becc9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_auth.go +++ /dev/null @@ -1,223 +0,0 @@ -// Package copilot provides authentication and token management for GitHub Copilot API. -// It handles the OAuth2 device flow for secure authentication with the Copilot API. -package copilot - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // copilotAPITokenURL is the endpoint for getting Copilot API tokens from GitHub token. - copilotAPITokenURL = "https://api.github.com/copilot_pkg/llmproxy/v2/token" - // copilotAPIEndpoint is the base URL for making API requests. - copilotAPIEndpoint = "https://api.githubcopilot.com" - - // Common HTTP header values for Copilot API requests. - copilotUserAgent = "GithubCopilot/1.0" - copilotEditorVersion = "vscode/1.100.0" - copilotPluginVersion = "copilot/1.300.0" - copilotIntegrationID = "vscode-chat" - copilotOpenAIIntent = "conversation-panel" -) - -// CopilotAPIToken represents the Copilot API token response. -type CopilotAPIToken struct { - // Token is the JWT token for authenticating with the Copilot API. - Token string `json:"token"` - // ExpiresAt is the Unix timestamp when the token expires. - ExpiresAt int64 `json:"expires_at"` - // Endpoints contains the available API endpoints. - Endpoints struct { - API string `json:"api"` - Proxy string `json:"proxy"` - OriginTracker string `json:"origin-tracker"` - Telemetry string `json:"telemetry"` - } `json:"endpoints,omitempty"` - // ErrorDetails contains error information if the request failed. - ErrorDetails *struct { - URL string `json:"url"` - Message string `json:"message"` - DocumentationURL string `json:"documentation_url"` - } `json:"error_details,omitempty"` -} - -// CopilotAuth handles GitHub Copilot authentication flow. -// It provides methods for device flow authentication and token management. -type CopilotAuth struct { - httpClient *http.Client - deviceClient *DeviceFlowClient - cfg *config.Config -} - -// NewCopilotAuth creates a new CopilotAuth service instance. -// It initializes an HTTP client with proxy settings from the provided configuration. -func NewCopilotAuth(cfg *config.Config, httpClient *http.Client) *CopilotAuth { - if httpClient == nil { - httpClient = util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 30 * time.Second}) - } - return &CopilotAuth{ - httpClient: httpClient, - deviceClient: NewDeviceFlowClient(cfg), - cfg: cfg, - } -} - -// StartDeviceFlow initiates the device flow authentication. -// Returns the device code response containing the user code and verification URI. -func (c *CopilotAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error) { - return c.deviceClient.RequestDeviceCode(ctx) -} - -// WaitForAuthorization polls for user authorization and returns the auth bundle. -func (c *CopilotAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotAuthBundle, error) { - tokenData, err := c.deviceClient.PollForToken(ctx, deviceCode) - if err != nil { - return nil, err - } - - // Fetch the GitHub username - username, err := c.deviceClient.FetchUserInfo(ctx, tokenData.AccessToken) - if err != nil { - log.Warnf("copilot: failed to fetch user info: %v", err) - username = "unknown" - } - - return &CopilotAuthBundle{ - TokenData: tokenData, - Username: username, - }, nil -} - -// GetCopilotAPIToken exchanges a GitHub access token for a Copilot API token. -// This token is used to make authenticated requests to the Copilot API. -func (c *CopilotAuth) GetCopilotAPIToken(ctx context.Context, githubAccessToken string) (*CopilotAPIToken, error) { - if githubAccessToken == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("github access token is empty")) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotAPITokenURL, nil) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - req.Header.Set("Authorization", "token "+githubAccessToken) - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", copilotUserAgent) - req.Header.Set("Editor-Version", copilotEditorVersion) - req.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot api token: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if !isHTTPSuccess(resp.StatusCode) { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, - fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var apiToken CopilotAPIToken - if err = json.Unmarshal(bodyBytes, &apiToken); err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if apiToken.Token == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty copilot api token")) - } - - return &apiToken, nil -} - -// ValidateToken checks if a GitHub access token is valid by attempting to fetch user info. -func (c *CopilotAuth) ValidateToken(ctx context.Context, accessToken string) (bool, string, error) { - if accessToken == "" { - return false, "", nil - } - - username, err := c.deviceClient.FetchUserInfo(ctx, accessToken) - if err != nil { - return false, "", err - } - - return true, username, nil -} - -// CreateTokenStorage creates a new CopilotTokenStorage from auth bundle. -func (c *CopilotAuth) CreateTokenStorage(bundle *CopilotAuthBundle) *CopilotTokenStorage { - return &CopilotTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - TokenType: bundle.TokenData.TokenType, - Scope: bundle.TokenData.Scope, - Username: bundle.Username, - Type: "github-copilot", - } -} - -// LoadAndValidateToken loads a token from storage and validates it. -// Returns the storage if valid, or an error if the token is invalid or expired. -func (c *CopilotAuth) LoadAndValidateToken(ctx context.Context, storage *CopilotTokenStorage) (bool, error) { - if storage == nil || storage.AccessToken == "" { - return false, fmt.Errorf("no token available") - } - - // Check if we can still use the GitHub token to get a Copilot API token - apiToken, err := c.GetCopilotAPIToken(ctx, storage.AccessToken) - if err != nil { - return false, err - } - - // Check if the API token is expired - if apiToken.ExpiresAt > 0 && time.Now().Unix() >= apiToken.ExpiresAt { - return false, fmt.Errorf("copilot api token expired") - } - - return true, nil -} - -// GetAPIEndpoint returns the Copilot API endpoint URL. -func (c *CopilotAuth) GetAPIEndpoint() string { - return copilotAPIEndpoint -} - -// MakeAuthenticatedRequest creates an authenticated HTTP request to the Copilot API. -func (c *CopilotAuth) MakeAuthenticatedRequest(ctx context.Context, method, url string, body io.Reader, apiToken *CopilotAPIToken) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, method, url, body) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Authorization", "Bearer "+apiToken.Token) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", copilotUserAgent) - req.Header.Set("Editor-Version", copilotEditorVersion) - req.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - req.Header.Set("Openai-Intent", copilotOpenAIIntent) - req.Header.Set("Copilot-Integration-Id", copilotIntegrationID) - - return req, nil -} - -// isHTTPSuccess checks if the status code indicates success (2xx). -func isHTTPSuccess(statusCode int) bool { - return statusCode >= 200 && statusCode < 300 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_auth_test.go deleted file mode 100644 index 575f836ddc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_auth_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package copilot - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -type rewriteTransport struct { - target string - base http.RoundTripper -} - -func (t *rewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return t.base.RoundTrip(newReq) -} - -func TestGetCopilotAPIToken(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := CopilotAPIToken{ - Token: "copilot-api-token", - ExpiresAt: 1234567890, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - cfg := &config.Config{} - auth := NewCopilotAuth(cfg, client) - resp, err := auth.GetCopilotAPIToken(context.Background(), "gh-access-token") - if err != nil { - t.Fatalf("GetCopilotAPIToken failed: %v", err) - } - - if resp.Token != "copilot-api-token" { - t.Errorf("got token %q, want copilot-api-token", resp.Token) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_extra_test.go deleted file mode 100644 index dc5d8028ce..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/copilot_extra_test.go +++ /dev/null @@ -1,273 +0,0 @@ -package copilot - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "net/http/httptest" - "strings" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestNewCopilotAuth(t *testing.T) { - cfg := &config.Config{} - auth := NewCopilotAuth(cfg, nil) - if auth.httpClient == nil { - t.Error("expected default httpClient to be set") - } -} - -func TestCopilotAuth_ValidateToken(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if !strings.Contains(r.Header.Get("Authorization"), "goodtoken") { - w.WriteHeader(http.StatusUnauthorized) - _, _ = fmt.Fprint(w, `{"message":"Bad credentials"}`) - return - } - w.Header().Set("Content-Type", "application/json") - _, _ = fmt.Fprint(w, `{"login":"testuser"}`) - })) - defer server.Close() - - cfg := &config.Config{} - client := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - mockReq.Header = req.Header - return http.DefaultClient.Do(mockReq) - }), - } - auth := NewCopilotAuth(cfg, client) - // Crucially, we need to ensure deviceClient uses our mocked client - auth.deviceClient.httpClient = client - - ok, username, err := auth.ValidateToken(context.Background(), "goodtoken") - if err != nil || !ok || username != "testuser" { - t.Errorf("ValidateToken failed: ok=%v, username=%s, err=%v", ok, username, err) - } - - ok, _, _ = auth.ValidateToken(context.Background(), "badtoken") - if ok { - t.Error("expected invalid token to fail validation") - } -} - -func TestCopilotAuth_CreateTokenStorage(t *testing.T) { - auth := &CopilotAuth{} - bundle := &CopilotAuthBundle{ - TokenData: &CopilotTokenData{ - AccessToken: "access", - TokenType: "Bearer", - Scope: "user", - }, - Username: "user123", - } - storage := auth.CreateTokenStorage(bundle) - if storage.AccessToken != "access" || storage.Username != "user123" { - t.Errorf("CreateTokenStorage failed: %+v", storage) - } -} - -func TestCopilotAuth_MakeAuthenticatedRequest(t *testing.T) { - auth := &CopilotAuth{} - apiToken := &CopilotAPIToken{Token: "api-token"} - req, err := auth.MakeAuthenticatedRequest(context.Background(), "GET", "http://api.com", nil, apiToken) - if err != nil { - t.Fatalf("MakeAuthenticatedRequest failed: %v", err) - } - if req.Header.Get("Authorization") != "Bearer api-token" { - t.Errorf("wrong auth header: %s", req.Header.Get("Authorization")) - } -} - -func TestDeviceFlowClient_RequestDeviceCode(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - resp := DeviceCodeResponse{ - DeviceCode: "device", - UserCode: "user", - VerificationURI: "uri", - ExpiresIn: 900, - Interval: 5, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer server.Close() - - client := &DeviceFlowClient{ - httpClient: &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - }, - } - - resp, err := client.RequestDeviceCode(context.Background()) - if err != nil { - t.Fatalf("RequestDeviceCode failed: %v", err) - } - if resp.DeviceCode != "device" { - t.Errorf("expected device code, got %s", resp.DeviceCode) - } -} - -func TestDeviceFlowClient_PollForToken(t *testing.T) { - attempt := 0 - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - attempt++ - w.Header().Set("Content-Type", "application/json") - if attempt == 1 { - _, _ = fmt.Fprint(w, `{"error":"authorization_pending"}`) - return - } - _, _ = fmt.Fprint(w, `{"access_token":"token123"}`) - })) - defer server.Close() - - client := &DeviceFlowClient{ - httpClient: &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - }, - } - - deviceCode := &DeviceCodeResponse{ - DeviceCode: "device", - Interval: 1, - } - - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - - token, err := client.PollForToken(ctx, deviceCode) - if err != nil { - t.Fatalf("PollForToken failed: %v", err) - } - if token.AccessToken != "token123" { - t.Errorf("expected token123, got %s", token.AccessToken) - } -} - -func TestCopilotAuth_LoadAndValidateToken(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - if strings.Contains(r.Header.Get("Authorization"), "expired") { - _, _ = fmt.Fprint(w, `{"token":"new","expires_at":1}`) - return - } - _, _ = fmt.Fprint(w, `{"token":"new","expires_at":0}`) - })) - defer server.Close() - - client := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - mockReq.Header = req.Header - return http.DefaultClient.Do(mockReq) - }), - } - auth := NewCopilotAuth(&config.Config{}, client) - - // Valid case - ok, err := auth.LoadAndValidateToken(context.Background(), &CopilotTokenStorage{AccessToken: "valid"}) - if !ok || err != nil { - t.Errorf("LoadAndValidateToken failed: ok=%v, err=%v", ok, err) - } - - // Expired case - ok, err = auth.LoadAndValidateToken(context.Background(), &CopilotTokenStorage{AccessToken: "expired"}) - if ok || err == nil || !strings.Contains(err.Error(), "expired") { - t.Errorf("expected expired error, got ok=%v, err=%v", ok, err) - } - - // No token case - ok, err = auth.LoadAndValidateToken(context.Background(), nil) - if ok || err == nil { - t.Error("expected error for nil storage") - } -} - -func TestCopilotAuth_GetAPIEndpoint(t *testing.T) { - auth := &CopilotAuth{} - if auth.GetAPIEndpoint() != "https://api.api.githubcopilot.com" && auth.GetAPIEndpoint() != "https://api.githubcopilot.com" { - t.Errorf("unexpected endpoint: %s", auth.GetAPIEndpoint()) - } -} - -func TestCopilotAuth_StartDeviceFlow(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - _ = json.NewEncoder(w).Encode(DeviceCodeResponse{DeviceCode: "dc"}) - })) - defer server.Close() - - client := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - auth := NewCopilotAuth(&config.Config{}, client) - auth.deviceClient.httpClient = client - - resp, err := auth.StartDeviceFlow(context.Background()) - if err != nil || resp.DeviceCode != "dc" { - t.Errorf("StartDeviceFlow failed: %v", err) - } -} - -func TestCopilotAuth_WaitForAuthorization(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - if r.URL.Path == "/user" { - _, _ = fmt.Fprint(w, `{"login":"testuser"}`) - return - } - _, _ = fmt.Fprint(w, `{"access_token":"token123"}`) - })) - defer server.Close() - - client := &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - mockReq, _ := http.NewRequest(req.Method, server.URL, req.Body) - return http.DefaultClient.Do(mockReq) - }), - } - // We need to override the hardcoded URLs in DeviceFlowClient for this test to work without rewriteTransport - // but DeviceFlowClient uses constants. So we MUST use rewriteTransport logic or similar. - - mockTransport := &rewriteTransportOverride{ - target: server.URL, - } - client.Transport = mockTransport - - auth := NewCopilotAuth(&config.Config{}, client) - auth.deviceClient.httpClient = client - - bundle, err := auth.WaitForAuthorization(context.Background(), &DeviceCodeResponse{DeviceCode: "dc", Interval: 1}) - if err != nil || bundle.Username != "testuser" { - t.Errorf("WaitForAuthorization failed: %v", err) - } -} - -type rewriteTransportOverride struct { - target string -} - -func (t *rewriteTransportOverride) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return http.DefaultClient.Do(newReq) -} - -type roundTripFunc func(req *http.Request) (*http.Response, error) - -func (f roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/errors.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/errors.go deleted file mode 100644 index a82dd8ecf6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/errors.go +++ /dev/null @@ -1,187 +0,0 @@ -package copilot - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Unwrap returns the underlying cause of the error. -func (e *AuthenticationError) Unwrap() error { - return e.Cause -} - -// Common authentication error types for GitHub Copilot device flow. -var ( - // ErrDeviceCodeFailed represents an error when requesting the device code fails. - ErrDeviceCodeFailed = &AuthenticationError{ - Type: "device_code_failed", - Message: "Failed to request device code from GitHub", - Code: http.StatusBadRequest, - } - - // ErrDeviceCodeExpired represents an error when the device code has expired. - ErrDeviceCodeExpired = &AuthenticationError{ - Type: "device_code_expired", - Message: "Device code has expired. Please try again.", - Code: http.StatusGone, - } - - // ErrAuthorizationPending represents a pending authorization state (not an error, used for polling). - ErrAuthorizationPending = &AuthenticationError{ - Type: "authorization_pending", - Message: "Authorization is pending. Waiting for user to authorize.", - Code: http.StatusAccepted, - } - - // ErrSlowDown represents a request to slow down polling. - ErrSlowDown = &AuthenticationError{ - Type: "slow_down", - Message: "Polling too frequently. Slowing down.", - Code: http.StatusTooManyRequests, - } - - // ErrAccessDenied represents an error when the user denies authorization. - ErrAccessDenied = &AuthenticationError{ - Type: "access_denied", - Message: "User denied authorization", - Code: http.StatusForbidden, - } - - // ErrTokenExchangeFailed represents an error when token exchange fails. - ErrTokenExchangeFailed = &AuthenticationError{ - Type: "token_exchange_failed", - Message: "Failed to exchange device code for access token", - Code: http.StatusBadRequest, - } - - // ErrPollingTimeout represents an error when polling times out. - ErrPollingTimeout = &AuthenticationError{ - Type: "polling_timeout", - Message: "Timeout waiting for user authorization", - Code: http.StatusRequestTimeout, - } - - // ErrUserInfoFailed represents an error when fetching user info fails. - ErrUserInfoFailed = &AuthenticationError{ - Type: "user_info_failed", - Message: "Failed to fetch GitHub user information", - Code: http.StatusBadRequest, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - var authErr *AuthenticationError - if errors.As(err, &authErr) { - switch authErr.Type { - case "device_code_failed": - return "Failed to start GitHub authentication. Please check your network connection and try again." - case "device_code_expired": - return "The authentication code has expired. Please try again." - case "authorization_pending": - return "Waiting for you to authorize the application on GitHub." - case "slow_down": - return "Please wait a moment before trying again." - case "access_denied": - return "Authentication was cancelled or denied." - case "token_exchange_failed": - return "Failed to complete authentication. Please try again." - case "polling_timeout": - return "Authentication timed out. Please try again." - case "user_info_failed": - return "Failed to get your GitHub account information. Please try again." - default: - return "Authentication failed. Please try again." - } - } - - var oauthErr *OAuthError - if errors.As(err, &oauthErr) { - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "GitHub server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - } - - return "An unexpected error occurred. Please try again." -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/errors_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/errors_test.go deleted file mode 100644 index 3822c0abb4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/errors_test.go +++ /dev/null @@ -1,114 +0,0 @@ -package copilot - -import ( - "errors" - "testing" -) - -func TestOAuthError_Error(t *testing.T) { - err := &OAuthError{ - Code: "invalid_request", - Description: "The request is missing a required parameter", - } - expected := "OAuth error invalid_request: The request is missing a required parameter" - if err.Error() != expected { - t.Errorf("expected %s, got %s", expected, err.Error()) - } - - errNoDesc := &OAuthError{Code: "server_error"} - expectedNoDesc := "OAuth error: server_error" - if errNoDesc.Error() != expectedNoDesc { - t.Errorf("expected %s, got %s", expectedNoDesc, errNoDesc.Error()) - } -} - -func TestNewOAuthError(t *testing.T) { - err := NewOAuthError("code", "desc", 400) - if err.Code != "code" || err.Description != "desc" || err.StatusCode != 400 { - t.Errorf("NewOAuthError failed: %+v", err) - } -} - -func TestAuthenticationError_Error(t *testing.T) { - err := &AuthenticationError{ - Type: "type", - Message: "msg", - } - expected := "type: msg" - if err.Error() != expected { - t.Errorf("expected %s, got %s", expected, err.Error()) - } - - cause := errors.New("underlying") - errWithCause := &AuthenticationError{ - Type: "type", - Message: "msg", - Cause: cause, - } - expectedWithCause := "type: msg (caused by: underlying)" - if errWithCause.Error() != expectedWithCause { - t.Errorf("expected %s, got %s", expectedWithCause, errWithCause.Error()) - } - - if errWithCause.Unwrap() != cause { - t.Error("Unwrap failed") - } -} - -func TestNewAuthenticationError(t *testing.T) { - base := &AuthenticationError{Type: "base", Message: "msg", Code: 400} - cause := errors.New("cause") - err := NewAuthenticationError(base, cause) - if err.Type != "base" || err.Message != "msg" || err.Code != 400 || err.Cause != cause { - t.Errorf("NewAuthenticationError failed: %+v", err) - } -} - -func TestIsAuthenticationError(t *testing.T) { - authErr := &AuthenticationError{} - if !IsAuthenticationError(authErr) { - t.Error("expected true for AuthenticationError") - } - if IsAuthenticationError(errors.New("other")) { - t.Error("expected false for other error") - } -} - -func TestIsOAuthError(t *testing.T) { - oauthErr := &OAuthError{} - if !IsOAuthError(oauthErr) { - t.Error("expected true for OAuthError") - } - if IsOAuthError(errors.New("other")) { - t.Error("expected false for other error") - } -} - -func TestGetUserFriendlyMessage(t *testing.T) { - cases := []struct { - err error - want string - }{ - {&AuthenticationError{Type: "device_code_failed"}, "Failed to start GitHub authentication. Please check your network connection and try again."}, - {&AuthenticationError{Type: "device_code_expired"}, "The authentication code has expired. Please try again."}, - {&AuthenticationError{Type: "authorization_pending"}, "Waiting for you to authorize the application on GitHub."}, - {&AuthenticationError{Type: "slow_down"}, "Please wait a moment before trying again."}, - {&AuthenticationError{Type: "access_denied"}, "Authentication was cancelled or denied."}, - {&AuthenticationError{Type: "token_exchange_failed"}, "Failed to complete authentication. Please try again."}, - {&AuthenticationError{Type: "polling_timeout"}, "Authentication timed out. Please try again."}, - {&AuthenticationError{Type: "user_info_failed"}, "Failed to get your GitHub account information. Please try again."}, - {&AuthenticationError{Type: "unknown"}, "Authentication failed. Please try again."}, - {&OAuthError{Code: "access_denied"}, "Authentication was cancelled or denied."}, - {&OAuthError{Code: "invalid_request"}, "Invalid authentication request. Please try again."}, - {&OAuthError{Code: "server_error"}, "GitHub server error. Please try again later."}, - {&OAuthError{Code: "other", Description: "desc"}, "Authentication failed: desc"}, - {errors.New("random"), "An unexpected error occurred. Please try again."}, - } - - for _, tc := range cases { - got := GetUserFriendlyMessage(tc.err) - if got != tc.want { - t.Errorf("GetUserFriendlyMessage(%v) = %q, want %q", tc.err, got, tc.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/oauth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/oauth.go deleted file mode 100644 index 61d015fa64..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/oauth.go +++ /dev/null @@ -1,255 +0,0 @@ -package copilot - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // copilotClientID is GitHub's Copilot CLI OAuth client ID. - copilotClientID = "Iv1.b507a08c87ecfe98" - // copilotDeviceCodeURL is the endpoint for requesting device codes. - copilotDeviceCodeURL = "https://github.com/login/device/code" - // copilotTokenURL is the endpoint for exchanging device codes for tokens. - copilotTokenURL = "https://github.com/login/oauth/access_token" - // copilotUserInfoURL is the endpoint for fetching GitHub user information. - copilotUserInfoURL = "https://api.github.com/user" - // defaultPollInterval is the default interval for polling token endpoint. - defaultPollInterval = 5 * time.Second - // maxPollDuration is the maximum time to wait for user authorization. - maxPollDuration = 15 * time.Minute -) - -// DeviceFlowClient handles the OAuth2 device flow for GitHub Copilot. -type DeviceFlowClient struct { - httpClient *http.Client - cfg *config.Config -} - -// NewDeviceFlowClient creates a new device flow client. -func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &DeviceFlowClient{ - httpClient: client, - cfg: cfg, - } -} - -// RequestDeviceCode initiates the device flow by requesting a device code from GitHub. -func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) { - data := url.Values{} - data.Set("client_id", copilotClientID) - data.Set("scope", "user:email") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotDeviceCodeURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot device code: close body error: %v", errClose) - } - }() - - if !isHTTPSuccess(resp.StatusCode) { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, NewAuthenticationError(ErrDeviceCodeFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var deviceCode DeviceCodeResponse - if err = json.NewDecoder(resp.Body).Decode(&deviceCode); err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - - return &deviceCode, nil -} - -// PollForToken polls the token endpoint until the user authorizes or the device code expires. -func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotTokenData, error) { - if deviceCode == nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("device code is nil")) - } - - interval := time.Duration(deviceCode.Interval) * time.Second - if interval < defaultPollInterval { - interval = defaultPollInterval - } - - deadline := time.Now().Add(maxPollDuration) - if deviceCode.ExpiresIn > 0 { - codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second) - if codeDeadline.Before(deadline) { - deadline = codeDeadline - } - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, NewAuthenticationError(ErrPollingTimeout, ctx.Err()) - case <-ticker.C: - if time.Now().After(deadline) { - return nil, ErrPollingTimeout - } - - token, err := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode) - if err != nil { - var authErr *AuthenticationError - if errors.As(err, &authErr) { - switch authErr.Type { - case ErrAuthorizationPending.Type: - // Continue polling - continue - case ErrSlowDown.Type: - // Increase interval and continue - interval += 5 * time.Second - ticker.Reset(interval) - continue - case ErrDeviceCodeExpired.Type: - return nil, err - case ErrAccessDenied.Type: - return nil, err - } - } - return nil, err - } - return token, nil - } - } -} - -// exchangeDeviceCode attempts to exchange the device code for an access token. -func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*CopilotTokenData, error) { - data := url.Values{} - data.Set("client_id", copilotClientID) - data.Set("device_code", deviceCode) - data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot token exchange: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - // GitHub returns 200 for both success and error cases in device flow - // Check for OAuth error response first - var oauthResp struct { - Error string `json:"error"` - ErrorDescription string `json:"error_description"` - AccessToken string `json:"access_token"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if oauthResp.Error != "" { - switch oauthResp.Error { - case "authorization_pending": - return nil, ErrAuthorizationPending - case "slow_down": - return nil, ErrSlowDown - case "expired_token": - return nil, ErrDeviceCodeExpired - case "access_denied": - return nil, ErrAccessDenied - default: - return nil, NewOAuthError(oauthResp.Error, oauthResp.ErrorDescription, resp.StatusCode) - } - } - - if oauthResp.AccessToken == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty access token")) - } - - return &CopilotTokenData{ - AccessToken: oauthResp.AccessToken, - TokenType: oauthResp.TokenType, - Scope: oauthResp.Scope, - }, nil -} - -// FetchUserInfo retrieves the GitHub username for the authenticated user. -func (c *DeviceFlowClient) FetchUserInfo(ctx context.Context, accessToken string) (string, error) { - if accessToken == "" { - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("access token is empty")) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotUserInfoURL, nil) - if err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", "CLIProxyAPI") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot user info: close body error: %v", errClose) - } - }() - - if !isHTTPSuccess(resp.StatusCode) { - bodyBytes, _ := io.ReadAll(resp.Body) - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var userInfo struct { - Login string `json:"login"` - } - if err = json.NewDecoder(resp.Body).Decode(&userInfo); err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - - if userInfo.Login == "" { - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("empty username")) - } - - return userInfo.Login, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/token.go deleted file mode 100644 index fc013c5387..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/token.go +++ /dev/null @@ -1,97 +0,0 @@ -// Package copilot provides authentication and token management functionality -// for GitHub Copilot AI services. It handles OAuth2 device flow token storage, -// serialization, and retrieval for maintaining authenticated sessions with the Copilot API. -package copilot - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -// CopilotTokenStorage stores OAuth2 token information for GitHub Copilot API authentication. -// It maintains compatibility with the existing auth system while adding Copilot-specific fields -// for managing access tokens and user account information. -type CopilotTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // TokenType is the type of token, typically "bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` - // ExpiresAt is the timestamp when the access token expires (if provided). - ExpiresAt string `json:"expires_at,omitempty"` - // Username is the GitHub username associated with this token. - Username string `json:"username"` - // Type indicates the authentication provider type, always "github-copilot" for this storage. - Type string `json:"type"` -} - -// CopilotTokenData holds the raw OAuth token response from GitHub. -type CopilotTokenData struct { - // AccessToken is the OAuth2 access token. - AccessToken string `json:"access_token"` - // TokenType is the type of token, typically "bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` -} - -// CopilotAuthBundle bundles authentication data for storage. -type CopilotAuthBundle struct { - // TokenData contains the OAuth token information. - TokenData *CopilotTokenData - // Username is the GitHub username. - Username string -} - -// DeviceCodeResponse represents GitHub's device code response. -type DeviceCodeResponse struct { - // DeviceCode is the device verification code. - DeviceCode string `json:"device_code"` - // UserCode is the code the user must enter at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user should enter the code. - VerificationURI string `json:"verification_uri"` - // ExpiresIn is the number of seconds until the device code expires. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum number of seconds to wait between polling requests. - Interval int `json:"interval"` -} - -// SaveTokenToFile serializes the Copilot token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *CopilotTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "github-copilot" - if err = os.MkdirAll(filepath.Dir(safePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/token_test.go deleted file mode 100644 index cf19f331b5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/copilot/token_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package copilot - -import ( - "encoding/json" - "os" - "path/filepath" - "testing" -) - -func TestCopilotTokenStorage_SaveTokenToFile(t *testing.T) { - tempDir, err := os.MkdirTemp("", "copilot_test") - if err != nil { - t.Fatalf("failed to create temp dir: %v", err) - } - defer func() { _ = os.RemoveAll(tempDir) }() - - authFilePath := filepath.Join(tempDir, "token.json") - - ts := &CopilotTokenStorage{ - AccessToken: "access", - Username: "user", - } - - if err := ts.SaveTokenToFile(authFilePath); err != nil { - t.Fatalf("SaveTokenToFile failed: %v", err) - } - - // Read back and verify - data, err := os.ReadFile(authFilePath) - if err != nil { - t.Fatalf("failed to read token file: %v", err) - } - - var tsLoaded CopilotTokenStorage - if err := json.Unmarshal(data, &tsLoaded); err != nil { - t.Fatalf("failed to unmarshal token: %v", err) - } - - if tsLoaded.Type != "github-copilot" { - t.Errorf("expected type github-copilot, got %s", tsLoaded.Type) - } -} - -func TestCopilotTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &CopilotTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../copilot-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/auth_diff.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/auth_diff.go deleted file mode 100644 index 4b6e600852..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/auth_diff.go +++ /dev/null @@ -1,44 +0,0 @@ -// auth_diff.go computes human-readable diffs for auth file field changes. -package diff - -import ( - "fmt" - "strings" - - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// BuildAuthChangeDetails computes a redacted, human-readable list of auth field changes. -// Only prefix, proxy_url, and disabled fields are tracked; sensitive data is never printed. -func BuildAuthChangeDetails(oldAuth, newAuth *coreauth.Auth) []string { - changes := make([]string, 0, 3) - - // Handle nil cases by using empty Auth as default - if oldAuth == nil { - oldAuth = &coreauth.Auth{} - } - if newAuth == nil { - return changes - } - - // Compare prefix - oldPrefix := strings.TrimSpace(oldAuth.Prefix) - newPrefix := strings.TrimSpace(newAuth.Prefix) - if oldPrefix != newPrefix { - changes = append(changes, fmt.Sprintf("prefix: %s -> %s", oldPrefix, newPrefix)) - } - - // Compare proxy_url (redacted) - oldProxy := strings.TrimSpace(oldAuth.ProxyURL) - newProxy := strings.TrimSpace(newAuth.ProxyURL) - if oldProxy != newProxy { - changes = append(changes, fmt.Sprintf("proxy_url: %s -> %s", formatProxyURL(oldProxy), formatProxyURL(newProxy))) - } - - // Compare disabled - if oldAuth.Disabled != newAuth.Disabled { - changes = append(changes, fmt.Sprintf("disabled: %t -> %t", oldAuth.Disabled, newAuth.Disabled)) - } - - return changes -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/config_diff.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/config_diff.go deleted file mode 100644 index 60fc776f21..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/config_diff.go +++ /dev/null @@ -1,416 +0,0 @@ -package diff - -import ( - "fmt" - "net/url" - "reflect" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// BuildConfigChangeDetails computes a redacted, human-readable list of config changes. -// Secrets are never printed; only structural or non-sensitive fields are surfaced. -func BuildConfigChangeDetails(oldCfg, newCfg *config.Config) []string { - changes := make([]string, 0, 16) - if oldCfg == nil || newCfg == nil { - return changes - } - - // Simple scalars - if oldCfg.Port != newCfg.Port { - changes = append(changes, fmt.Sprintf("port: %d -> %d", oldCfg.Port, newCfg.Port)) - } - if oldCfg.AuthDir != newCfg.AuthDir { - changes = append(changes, fmt.Sprintf("auth-dir: %s -> %s", oldCfg.AuthDir, newCfg.AuthDir)) - } - if oldCfg.Debug != newCfg.Debug { - changes = append(changes, fmt.Sprintf("debug: %t -> %t", oldCfg.Debug, newCfg.Debug)) - } - if oldCfg.Pprof.Enable != newCfg.Pprof.Enable { - changes = append(changes, fmt.Sprintf("pprof.enable: %t -> %t", oldCfg.Pprof.Enable, newCfg.Pprof.Enable)) - } - if strings.TrimSpace(oldCfg.Pprof.Addr) != strings.TrimSpace(newCfg.Pprof.Addr) { - changes = append(changes, fmt.Sprintf("pprof.addr: %s -> %s", strings.TrimSpace(oldCfg.Pprof.Addr), strings.TrimSpace(newCfg.Pprof.Addr))) - } - if oldCfg.LoggingToFile != newCfg.LoggingToFile { - changes = append(changes, fmt.Sprintf("logging-to-file: %t -> %t", oldCfg.LoggingToFile, newCfg.LoggingToFile)) - } - if oldCfg.UsageStatisticsEnabled != newCfg.UsageStatisticsEnabled { - changes = append(changes, fmt.Sprintf("usage-statistics-enabled: %t -> %t", oldCfg.UsageStatisticsEnabled, newCfg.UsageStatisticsEnabled)) - } - if oldCfg.DisableCooling != newCfg.DisableCooling { - changes = append(changes, fmt.Sprintf("disable-cooling: %t -> %t", oldCfg.DisableCooling, newCfg.DisableCooling)) - } - if oldCfg.RequestLog != newCfg.RequestLog { - changes = append(changes, fmt.Sprintf("request-log: %t -> %t", oldCfg.RequestLog, newCfg.RequestLog)) - } - if oldCfg.LogsMaxTotalSizeMB != newCfg.LogsMaxTotalSizeMB { - changes = append(changes, fmt.Sprintf("logs-max-total-size-mb: %d -> %d", oldCfg.LogsMaxTotalSizeMB, newCfg.LogsMaxTotalSizeMB)) - } - if oldCfg.ErrorLogsMaxFiles != newCfg.ErrorLogsMaxFiles { - changes = append(changes, fmt.Sprintf("error-logs-max-files: %d -> %d", oldCfg.ErrorLogsMaxFiles, newCfg.ErrorLogsMaxFiles)) - } - if oldCfg.RequestRetry != newCfg.RequestRetry { - changes = append(changes, fmt.Sprintf("request-retry: %d -> %d", oldCfg.RequestRetry, newCfg.RequestRetry)) - } - if oldCfg.MaxRetryInterval != newCfg.MaxRetryInterval { - changes = append(changes, fmt.Sprintf("max-retry-interval: %d -> %d", oldCfg.MaxRetryInterval, newCfg.MaxRetryInterval)) - } - if oldCfg.ProxyURL != newCfg.ProxyURL { - changes = append(changes, fmt.Sprintf("proxy-url: %s -> %s", formatProxyURL(oldCfg.ProxyURL), formatProxyURL(newCfg.ProxyURL))) - } - if oldCfg.WebsocketAuth != newCfg.WebsocketAuth { - changes = append(changes, fmt.Sprintf("ws-auth: %t -> %t", oldCfg.WebsocketAuth, newCfg.WebsocketAuth)) - } - if oldCfg.ForceModelPrefix != newCfg.ForceModelPrefix { - changes = append(changes, fmt.Sprintf("force-model-prefix: %t -> %t", oldCfg.ForceModelPrefix, newCfg.ForceModelPrefix)) - } - if oldCfg.NonStreamKeepAliveInterval != newCfg.NonStreamKeepAliveInterval { - changes = append(changes, fmt.Sprintf("nonstream-keepalive-interval: %d -> %d", oldCfg.NonStreamKeepAliveInterval, newCfg.NonStreamKeepAliveInterval)) - } - - // Quota-exceeded behavior - if oldCfg.QuotaExceeded.SwitchProject != newCfg.QuotaExceeded.SwitchProject { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-project: %t -> %t", oldCfg.QuotaExceeded.SwitchProject, newCfg.QuotaExceeded.SwitchProject)) - } - if oldCfg.QuotaExceeded.SwitchPreviewModel != newCfg.QuotaExceeded.SwitchPreviewModel { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-preview-model: %t -> %t", oldCfg.QuotaExceeded.SwitchPreviewModel, newCfg.QuotaExceeded.SwitchPreviewModel)) - } - - if oldCfg.Routing.Strategy != newCfg.Routing.Strategy { - changes = append(changes, fmt.Sprintf("routing.strategy: %s -> %s", oldCfg.Routing.Strategy, newCfg.Routing.Strategy)) - } - - // API keys (redacted) and counts - if len(oldCfg.APIKeys) != len(newCfg.APIKeys) { - changes = append(changes, fmt.Sprintf("api-keys count: %d -> %d", len(oldCfg.APIKeys), len(newCfg.APIKeys))) - } else if !reflect.DeepEqual(trimStrings(oldCfg.APIKeys), trimStrings(newCfg.APIKeys)) { - changes = append(changes, "api-keys: values updated (count unchanged, redacted)") - } - if len(oldCfg.GeminiKey) != len(newCfg.GeminiKey) { - changes = append(changes, fmt.Sprintf("gemini-api-key count: %d -> %d", len(oldCfg.GeminiKey), len(newCfg.GeminiKey))) - } else { - for i := range oldCfg.GeminiKey { - o := oldCfg.GeminiKey[i] - n := newCfg.GeminiKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("gemini[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("gemini[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("gemini[%d].headers: updated", i)) - } - oldModels := SummarizeGeminiModels(o.Models) - newModels := SummarizeGeminiModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // Claude keys (do not print key material) - if len(oldCfg.ClaudeKey) != len(newCfg.ClaudeKey) { - changes = append(changes, fmt.Sprintf("claude-api-key count: %d -> %d", len(oldCfg.ClaudeKey), len(newCfg.ClaudeKey))) - } else { - for i := range oldCfg.ClaudeKey { - o := oldCfg.ClaudeKey[i] - n := newCfg.ClaudeKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("claude[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("claude[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("claude[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("claude[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("claude[%d].headers: updated", i)) - } - oldModels := SummarizeClaudeModels(o.Models) - newModels := SummarizeClaudeModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("claude[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("claude[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - if o.Cloak != nil && n.Cloak != nil { - if strings.TrimSpace(o.Cloak.Mode) != strings.TrimSpace(n.Cloak.Mode) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.mode: %s -> %s", i, o.Cloak.Mode, n.Cloak.Mode)) - } - if o.Cloak.StrictMode != n.Cloak.StrictMode { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.strict-mode: %t -> %t", i, o.Cloak.StrictMode, n.Cloak.StrictMode)) - } - if len(o.Cloak.SensitiveWords) != len(n.Cloak.SensitiveWords) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.sensitive-words: %d -> %d", i, len(o.Cloak.SensitiveWords), len(n.Cloak.SensitiveWords))) - } - } - } - } - - // Codex keys (do not print key material) - if len(oldCfg.CodexKey) != len(newCfg.CodexKey) { - changes = append(changes, fmt.Sprintf("codex-api-key count: %d -> %d", len(oldCfg.CodexKey), len(newCfg.CodexKey))) - } else { - for i := range oldCfg.CodexKey { - o := oldCfg.CodexKey[i] - n := newCfg.CodexKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("codex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("codex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("codex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("codex[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("codex[%d].headers: updated", i)) - } - oldModels := SummarizeCodexModels(o.Models) - newModels := SummarizeCodexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("codex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("codex[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // AmpCode settings (redacted where needed) - oldAmpURL := strings.TrimSpace(oldCfg.AmpCode.UpstreamURL) - newAmpURL := strings.TrimSpace(newCfg.AmpCode.UpstreamURL) - if oldAmpURL != newAmpURL { - changes = append(changes, fmt.Sprintf("ampcode.upstream-url: %s -> %s", oldAmpURL, newAmpURL)) - } - oldAmpKey := strings.TrimSpace(oldCfg.AmpCode.UpstreamAPIKey) - newAmpKey := strings.TrimSpace(newCfg.AmpCode.UpstreamAPIKey) - switch { - case oldAmpKey == "" && newAmpKey != "": - changes = append(changes, "ampcode.upstream-api-key: added") - case oldAmpKey != "" && newAmpKey == "": - changes = append(changes, "ampcode.upstream-api-key: removed") - case oldAmpKey != newAmpKey: - changes = append(changes, "ampcode.upstream-api-key: updated") - } - if oldCfg.AmpCode.RestrictManagementToLocalhost != newCfg.AmpCode.RestrictManagementToLocalhost { - changes = append(changes, fmt.Sprintf("ampcode.restrict-management-to-localhost: %t -> %t", oldCfg.AmpCode.RestrictManagementToLocalhost, newCfg.AmpCode.RestrictManagementToLocalhost)) - } - oldMappings := SummarizeAmpModelMappings(oldCfg.AmpCode.ModelMappings) - newMappings := SummarizeAmpModelMappings(newCfg.AmpCode.ModelMappings) - if oldMappings.hash != newMappings.hash { - changes = append(changes, fmt.Sprintf("ampcode.model-mappings: updated (%d -> %d entries)", oldMappings.count, newMappings.count)) - } - if oldCfg.AmpCode.ForceModelMappings != newCfg.AmpCode.ForceModelMappings { - changes = append(changes, fmt.Sprintf("ampcode.force-model-mappings: %t -> %t", oldCfg.AmpCode.ForceModelMappings, newCfg.AmpCode.ForceModelMappings)) - } - oldUpstreamAPIKeysCount := len(oldCfg.AmpCode.UpstreamAPIKeys) - newUpstreamAPIKeysCount := len(newCfg.AmpCode.UpstreamAPIKeys) - if !equalUpstreamAPIKeys(oldCfg.AmpCode.UpstreamAPIKeys, newCfg.AmpCode.UpstreamAPIKeys) { - changes = append(changes, fmt.Sprintf("ampcode.upstream-api-keys: updated (%d -> %d entries)", oldUpstreamAPIKeysCount, newUpstreamAPIKeysCount)) - } - - if entries, _ := DiffOAuthExcludedModelChanges(oldCfg.OAuthExcludedModels, newCfg.OAuthExcludedModels); len(entries) > 0 { - changes = append(changes, entries...) - } - if entries, _ := DiffOAuthModelAliasChanges(oldCfg.OAuthModelAlias, newCfg.OAuthModelAlias); len(entries) > 0 { - changes = append(changes, entries...) - } - - // Remote management (never print the key) - if oldCfg.RemoteManagement.AllowRemote != newCfg.RemoteManagement.AllowRemote { - changes = append(changes, fmt.Sprintf("remote-management.allow-remote: %t -> %t", oldCfg.RemoteManagement.AllowRemote, newCfg.RemoteManagement.AllowRemote)) - } - if oldCfg.RemoteManagement.DisableControlPanel != newCfg.RemoteManagement.DisableControlPanel { - changes = append(changes, fmt.Sprintf("remote-management.disable-control-panel: %t -> %t", oldCfg.RemoteManagement.DisableControlPanel, newCfg.RemoteManagement.DisableControlPanel)) - } - oldPanelRepo := strings.TrimSpace(oldCfg.RemoteManagement.PanelGitHubRepository) - newPanelRepo := strings.TrimSpace(newCfg.RemoteManagement.PanelGitHubRepository) - if oldPanelRepo != newPanelRepo { - changes = append(changes, fmt.Sprintf("remote-management.panel-github-repository: %s -> %s", oldPanelRepo, newPanelRepo)) - } - if oldCfg.RemoteManagement.SecretKey != newCfg.RemoteManagement.SecretKey { - switch { - case oldCfg.RemoteManagement.SecretKey == "" && newCfg.RemoteManagement.SecretKey != "": - changes = append(changes, "remote-management.secret-key: created") - case oldCfg.RemoteManagement.SecretKey != "" && newCfg.RemoteManagement.SecretKey == "": - changes = append(changes, "remote-management.secret-key: deleted") - default: - changes = append(changes, "remote-management.secret-key: updated") - } - } - - // Cursor config - if len(oldCfg.CursorKey) != len(newCfg.CursorKey) { - changes = append(changes, fmt.Sprintf("cursor: count %d -> %d", len(oldCfg.CursorKey), len(newCfg.CursorKey))) - } else { - for i := range oldCfg.CursorKey { - o, n := oldCfg.CursorKey[i], newCfg.CursorKey[i] - if strings.TrimSpace(o.TokenFile) != strings.TrimSpace(n.TokenFile) { - changes = append(changes, fmt.Sprintf("cursor[%d].token-file: updated", i)) - } - if strings.TrimSpace(o.CursorAPIURL) != strings.TrimSpace(n.CursorAPIURL) { - changes = append(changes, fmt.Sprintf("cursor[%d].cursor-api-url: updated", i)) - } - } - } - - // Dedicated OpenAI-compatible providers (generated) - BuildConfigChangeDetailsGeneratedProviders(oldCfg, newCfg, &changes) - - // OpenAI compatibility providers (summarized) - - // OpenAI compatibility providers (summarized) - if compat := DiffOpenAICompatibility(oldCfg.OpenAICompatibility, newCfg.OpenAICompatibility); len(compat) > 0 { - changes = append(changes, "openai-compatibility:") - for _, c := range compat { - changes = append(changes, " "+c) - } - } - - // Vertex-compatible API keys - if len(oldCfg.VertexCompatAPIKey) != len(newCfg.VertexCompatAPIKey) { - changes = append(changes, fmt.Sprintf("vertex-api-key count: %d -> %d", len(oldCfg.VertexCompatAPIKey), len(newCfg.VertexCompatAPIKey))) - } else { - for i := range oldCfg.VertexCompatAPIKey { - o := oldCfg.VertexCompatAPIKey[i] - n := newCfg.VertexCompatAPIKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("vertex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("vertex[%d].api-key: updated", i)) - } - oldModels := SummarizeVertexModels(o.Models) - newModels := SummarizeVertexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("vertex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("vertex[%d].headers: updated", i)) - } - } - } - - return changes -} - -func trimStrings(in []string) []string { - out := make([]string, len(in)) - for i := range in { - out[i] = strings.TrimSpace(in[i]) - } - return out -} - -func equalStringMap(a, b map[string]string) bool { - if len(a) != len(b) { - return false - } - for k, v := range a { - if b[k] != v { - return false - } - } - return true -} - -func formatProxyURL(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil { - return "" - } - host := strings.TrimSpace(parsed.Host) - scheme := strings.TrimSpace(parsed.Scheme) - if host == "" { - // Allow host:port style without scheme. - parsed2, err2 := url.Parse("http://" + trimmed) - if err2 == nil { - host = strings.TrimSpace(parsed2.Host) - } - scheme = "" - } - if host == "" { - return "" - } - if scheme == "" { - return host - } - return scheme + "://" + host -} - -func equalStringSet(a, b []string) bool { - if len(a) == 0 && len(b) == 0 { - return true - } - aSet := make(map[string]struct{}, len(a)) - for _, k := range a { - aSet[strings.TrimSpace(k)] = struct{}{} - } - bSet := make(map[string]struct{}, len(b)) - for _, k := range b { - bSet[strings.TrimSpace(k)] = struct{}{} - } - if len(aSet) != len(bSet) { - return false - } - for k := range aSet { - if _, ok := bSet[k]; !ok { - return false - } - } - return true -} - -// equalUpstreamAPIKeys compares two slices of AmpUpstreamAPIKeyEntry for equality. -// Comparison is done by count and content (upstream key and client keys). -func equalUpstreamAPIKeys(a, b []config.AmpUpstreamAPIKeyEntry) bool { - if len(a) != len(b) { - return false - } - for i := range a { - if strings.TrimSpace(a[i].UpstreamAPIKey) != strings.TrimSpace(b[i].UpstreamAPIKey) { - return false - } - if !equalStringSet(a[i].APIKeys, b[i].APIKeys) { - return false - } - } - return true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/config_diff_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/config_diff_test.go deleted file mode 100644 index 302889f3bf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/config_diff_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package diff - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "testing" -) - -func TestBuildConfigChangeDetails(t *testing.T) { - oldCfg := &config.Config{ - Port: 8080, - Debug: false, - ClaudeKey: []config.ClaudeKey{{APIKey: "k1"}}, - } - newCfg := &config.Config{ - Port: 9090, - Debug: true, - ClaudeKey: []config.ClaudeKey{{APIKey: "k1"}, {APIKey: "k2"}}, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - if len(changes) != 3 { - t.Errorf("expected 3 changes, got %d: %v", len(changes), changes) - } - - // Test unknown proxy URL - u := formatProxyURL("http://user:pass@host:1234") - if u != "http://host:1234" { - t.Errorf("expected redacted user:pass, got %s", u) - } -} - -func TestEqualStringMap(t *testing.T) { - m1 := map[string]string{"a": "1"} - m2 := map[string]string{"a": "1"} - m3 := map[string]string{"a": "2"} - if !equalStringMap(m1, m2) { - t.Error("expected true for m1, m2") - } - if equalStringMap(m1, m3) { - t.Error("expected false for m1, m3") - } -} - -func TestEqualStringSet(t *testing.T) { - s1 := []string{"a", "b"} - s2 := []string{"b", "a"} - s3 := []string{"a"} - if !equalStringSet(s1, s2) { - t.Error("expected true for s1, s2") - } - if equalStringSet(s1, s3) { - t.Error("expected false for s1, s3") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/diff_generated.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/diff_generated.go deleted file mode 100644 index 3d65600f66..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/diff_generated.go +++ /dev/null @@ -1,44 +0,0 @@ -// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package diff - -import ( - "fmt" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// BuildConfigChangeDetailsGeneratedProviders computes changes for generated dedicated providers. -func BuildConfigChangeDetailsGeneratedProviders(oldCfg, newCfg *config.Config, changes *[]string) { - if len(oldCfg.MiniMaxKey) != len(newCfg.MiniMaxKey) { - *changes = append(*changes, fmt.Sprintf("minimax: count %d -> %d", len(oldCfg.MiniMaxKey), len(newCfg.MiniMaxKey))) - } - if len(oldCfg.RooKey) != len(newCfg.RooKey) { - *changes = append(*changes, fmt.Sprintf("roo: count %d -> %d", len(oldCfg.RooKey), len(newCfg.RooKey))) - } - if len(oldCfg.KiloKey) != len(newCfg.KiloKey) { - *changes = append(*changes, fmt.Sprintf("kilo: count %d -> %d", len(oldCfg.KiloKey), len(newCfg.KiloKey))) - } - if len(oldCfg.DeepSeekKey) != len(newCfg.DeepSeekKey) { - *changes = append(*changes, fmt.Sprintf("deepseek: count %d -> %d", len(oldCfg.DeepSeekKey), len(newCfg.DeepSeekKey))) - } - if len(oldCfg.GroqKey) != len(newCfg.GroqKey) { - *changes = append(*changes, fmt.Sprintf("groq: count %d -> %d", len(oldCfg.GroqKey), len(newCfg.GroqKey))) - } - if len(oldCfg.MistralKey) != len(newCfg.MistralKey) { - *changes = append(*changes, fmt.Sprintf("mistral: count %d -> %d", len(oldCfg.MistralKey), len(newCfg.MistralKey))) - } - if len(oldCfg.SiliconFlowKey) != len(newCfg.SiliconFlowKey) { - *changes = append(*changes, fmt.Sprintf("siliconflow: count %d -> %d", len(oldCfg.SiliconFlowKey), len(newCfg.SiliconFlowKey))) - } - if len(oldCfg.OpenRouterKey) != len(newCfg.OpenRouterKey) { - *changes = append(*changes, fmt.Sprintf("openrouter: count %d -> %d", len(oldCfg.OpenRouterKey), len(newCfg.OpenRouterKey))) - } - if len(oldCfg.TogetherKey) != len(newCfg.TogetherKey) { - *changes = append(*changes, fmt.Sprintf("together: count %d -> %d", len(oldCfg.TogetherKey), len(newCfg.TogetherKey))) - } - if len(oldCfg.FireworksKey) != len(newCfg.FireworksKey) { - *changes = append(*changes, fmt.Sprintf("fireworks: count %d -> %d", len(oldCfg.FireworksKey), len(newCfg.FireworksKey))) - } - if len(oldCfg.NovitaKey) != len(newCfg.NovitaKey) { - *changes = append(*changes, fmt.Sprintf("novita: count %d -> %d", len(oldCfg.NovitaKey), len(newCfg.NovitaKey))) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/model_hash.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/model_hash.go deleted file mode 100644 index 2d003c115a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/model_hash.go +++ /dev/null @@ -1,142 +0,0 @@ -package diff - -import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -const modelHashSalt = "auth-model-hash:v1" - -// ComputeOpenAICompatModelsHash returns a stable hash for OpenAI-compat models. -// Used to detect model list changes during hot reload. -func ComputeOpenAICompatModelsHash(models []config.OpenAICompatibilityModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeVertexCompatModelsHash returns a stable hash for Vertex-compatible models. -func ComputeVertexCompatModelsHash(models []config.VertexCompatModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeClaudeModelsHash returns a stable hash for Claude model aliases. -func ComputeClaudeModelsHash(models []config.ClaudeModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeCodexModelsHash returns a stable hash for Codex model aliases. -func ComputeCodexModelsHash(models []config.CodexModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeGeminiModelsHash returns a stable hash for Gemini model aliases. -func ComputeGeminiModelsHash(models []config.GeminiModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeExcludedModelsHash returns a normalized hash for excluded model lists. -func ComputeExcludedModelsHash(excluded []string) string { - if len(excluded) == 0 { - return "" - } - normalized := make([]string, 0, len(excluded)) - for _, entry := range excluded { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - normalized = append(normalized, strings.ToLower(trimmed)) - } - } - if len(normalized) == 0 { - return "" - } - sort.Strings(normalized) - return hashJoined(normalized) -} - -func normalizeModelPairs(collect func(out func(key string))) []string { - seen := make(map[string]struct{}) - keys := make([]string, 0) - collect(func(key string) { - if _, exists := seen[key]; exists { - return - } - seen[key] = struct{}{} - keys = append(keys, key) - }) - if len(keys) == 0 { - return nil - } - sort.Strings(keys) - return keys -} - -func hashJoined(keys []string) string { - if len(keys) == 0 { - return "" - } - hasher := hmac.New(sha512.New, []byte(modelHashSalt)) - _, _ = hasher.Write([]byte(strings.Join(keys, "\n"))) - return hex.EncodeToString(hasher.Sum(nil)) -} - -func hashString(value string) string { - if strings.TrimSpace(value) == "" { - return "" - } - hasher := hmac.New(sha512.New, []byte(modelHashSalt)) - _, _ = hasher.Write([]byte(value)) - return hex.EncodeToString(hasher.Sum(nil)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/model_hash_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/model_hash_test.go deleted file mode 100644 index b01b3582f7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/model_hash_test.go +++ /dev/null @@ -1,194 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestComputeOpenAICompatModelsHash_Deterministic(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: "gpt-3.5-turbo"}, - } - hash1 := ComputeOpenAICompatModelsHash(models) - hash2 := ComputeOpenAICompatModelsHash(models) - if hash1 == "" { - t.Fatal("hash should not be empty") - } - if hash1 != hash2 { - t.Fatalf("hash should be deterministic, got %s vs %s", hash1, hash2) - } - changed := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: "gpt-4"}, {Name: "gpt-4.1"}}) - if hash1 == changed { - t.Fatal("hash should change when model list changes") - } -} - -func TestComputeOpenAICompatModelsHash_NormalizesAndDedups(t *testing.T) { - a := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: " "}, - {Name: "GPT-4", Alias: "GPT4"}, - {Alias: "a1"}, - } - b := []config.OpenAICompatibilityModel{ - {Alias: "A1"}, - {Name: "gpt-4", Alias: "gpt4"}, - } - h1 := ComputeOpenAICompatModelsHash(a) - h2 := ComputeOpenAICompatModelsHash(b) - if h1 == "" || h2 == "" { - t.Fatal("expected non-empty hashes for non-empty model sets") - } - if h1 != h2 { - t.Fatalf("expected normalized hashes to match, got %s / %s", h1, h2) - } -} - -func TestComputeVertexCompatModelsHash_DifferentInputs(t *testing.T) { - models := []config.VertexCompatModel{{Name: "gemini-pro", Alias: "pro"}} - hash1 := ComputeVertexCompatModelsHash(models) - hash2 := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: "gemini-1.5-pro", Alias: "pro"}}) - if hash1 == "" || hash2 == "" { - t.Fatal("hashes should not be empty for non-empty models") - } - if hash1 == hash2 { - t.Fatal("hash should differ when model content differs") - } -} - -func TestComputeVertexCompatModelsHash_IgnoresBlankAndOrder(t *testing.T) { - a := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeVertexCompatModelsHash(a), ComputeVertexCompatModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeClaudeModelsHash_Empty(t *testing.T) { - if got := ComputeClaudeModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeClaudeModelsHash([]config.ClaudeModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeCodexModelsHash_Empty(t *testing.T) { - if got := ComputeCodexModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeCodexModelsHash([]config.CodexModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeClaudeModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeClaudeModelsHash(a), ComputeClaudeModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeCodexModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeCodexModelsHash(a), ComputeCodexModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeExcludedModelsHash_Normalizes(t *testing.T) { - hash1 := ComputeExcludedModelsHash([]string{" A ", "b", "a"}) - hash2 := ComputeExcludedModelsHash([]string{"a", " b", "A"}) - if hash1 == "" || hash2 == "" { - t.Fatal("hash should not be empty for non-empty input") - } - if hash1 != hash2 { - t.Fatalf("hash should be order/space insensitive for same multiset, got %s vs %s", hash1, hash2) - } - hash3 := ComputeExcludedModelsHash([]string{"c"}) - if hash1 == hash3 { - t.Fatal("hash should differ for different normalized sets") - } -} - -func TestComputeOpenAICompatModelsHash_Empty(t *testing.T) { - if got := ComputeOpenAICompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: " "}, {Alias: ""}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeVertexCompatModelsHash_Empty(t *testing.T) { - if got := ComputeVertexCompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: " "}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeExcludedModelsHash_Empty(t *testing.T) { - if got := ComputeExcludedModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{" ", ""}); got != "" { - t.Fatalf("expected empty hash for whitespace-only entries, got %q", got) - } -} - -func TestComputeClaudeModelsHash_Deterministic(t *testing.T) { - models := []config.ClaudeModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeClaudeModelsHash(models) - h2 := ComputeClaudeModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeClaudeModelsHash([]config.ClaudeModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} - -func TestComputeCodexModelsHash_Deterministic(t *testing.T) { - models := []config.CodexModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeCodexModelsHash(models) - h2 := ComputeCodexModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeCodexModelsHash([]config.CodexModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/models_summary.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/models_summary.go deleted file mode 100644 index 52e35e4968..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/models_summary.go +++ /dev/null @@ -1,118 +0,0 @@ -package diff - -import ( - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -type GeminiModelsSummary struct { - hash string - count int -} - -type ClaudeModelsSummary struct { - hash string - count int -} - -type CodexModelsSummary struct { - hash string - count int -} - -type VertexModelsSummary struct { - hash string - count int -} - -// SummarizeGeminiModels hashes Gemini model aliases for change detection. -func SummarizeGeminiModels(models []config.GeminiModel) GeminiModelsSummary { - if len(models) == 0 { - return GeminiModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return GeminiModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeClaudeModels hashes Claude model aliases for change detection. -func SummarizeClaudeModels(models []config.ClaudeModel) ClaudeModelsSummary { - if len(models) == 0 { - return ClaudeModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return ClaudeModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeCodexModels hashes Codex model aliases for change detection. -func SummarizeCodexModels(models []config.CodexModel) CodexModelsSummary { - if len(models) == 0 { - return CodexModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return CodexModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeVertexModels hashes Vertex-compatible model aliases for change detection. -func SummarizeVertexModels(models []config.VertexCompatModel) VertexModelsSummary { - if len(models) == 0 { - return VertexModelsSummary{} - } - names := make([]string, 0, len(models)) - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - if alias != "" { - name = alias - } - names = append(names, name) - } - if len(names) == 0 { - return VertexModelsSummary{} - } - sort.Strings(names) - return VertexModelsSummary{ - hash: strings.Join(names, "|"), - count: len(names), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_excluded.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_excluded.go deleted file mode 100644 index d6b1c4f30c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_excluded.go +++ /dev/null @@ -1,116 +0,0 @@ -package diff - -import ( - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -type ExcludedModelsSummary struct { - hash string - count int -} - -// SummarizeExcludedModels normalizes and hashes an excluded-model list. -func SummarizeExcludedModels(list []string) ExcludedModelsSummary { - if len(list) == 0 { - return ExcludedModelsSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, entry := range list { - if trimmed := strings.ToLower(strings.TrimSpace(entry)); trimmed != "" { - if _, exists := seen[trimmed]; exists { - continue - } - seen[trimmed] = struct{}{} - normalized = append(normalized, trimmed) - } - } - sort.Strings(normalized) - return ExcludedModelsSummary{ - hash: ComputeExcludedModelsHash(normalized), - count: len(normalized), - } -} - -// SummarizeOAuthExcludedModels summarizes OAuth excluded models per provider. -func SummarizeOAuthExcludedModels(entries map[string][]string) map[string]ExcludedModelsSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]ExcludedModelsSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = SummarizeExcludedModels(v) - } - return out -} - -// DiffOAuthExcludedModelChanges compares OAuth excluded models maps. -func DiffOAuthExcludedModelChanges(oldMap, newMap map[string][]string) ([]string, []string) { - oldSummary := SummarizeOAuthExcludedModels(oldMap) - newSummary := SummarizeOAuthExcludedModels(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -type AmpModelMappingsSummary struct { - hash string - count int -} - -// SummarizeAmpModelMappings hashes Amp model mappings for change detection. -func SummarizeAmpModelMappings(mappings []config.AmpModelMapping) AmpModelMappingsSummary { - if len(mappings) == 0 { - return AmpModelMappingsSummary{} - } - entries := make([]string, 0, len(mappings)) - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if from == "" && to == "" { - continue - } - entries = append(entries, from+"->"+to) - } - if len(entries) == 0 { - return AmpModelMappingsSummary{} - } - sort.Strings(entries) - hash := hashJoined(entries) - return AmpModelMappingsSummary{ - hash: hash, - count: len(entries), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_excluded_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_excluded_test.go deleted file mode 100644 index 3577c3701e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_excluded_test.go +++ /dev/null @@ -1,119 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestSummarizeExcludedModels_NormalizesAndDedupes(t *testing.T) { - summary := SummarizeExcludedModels([]string{"A", " a ", "B", "b"}) - if summary.count != 2 { - t.Fatalf("expected 2 unique entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeExcludedModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } -} - -func TestDiffOAuthExcludedModelChanges(t *testing.T) { - oldMap := map[string][]string{ - "ProviderA": {"model-1", "model-2"}, - "providerB": {"x"}, - } - newMap := map[string][]string{ - "providerA": {"model-1", "model-3"}, - "providerC": {"y"}, - } - - changes, affected := DiffOAuthExcludedModelChanges(oldMap, newMap) - expectContains(t, changes, "oauth-excluded-models[providera]: updated (2 -> 2 entries)") - expectContains(t, changes, "oauth-excluded-models[providerb]: removed") - expectContains(t, changes, "oauth-excluded-models[providerc]: added (1 entries)") - - if len(affected) != 3 { - t.Fatalf("expected 3 affected providers, got %d", len(affected)) - } -} - -func TestSummarizeAmpModelMappings(t *testing.T) { - summary := SummarizeAmpModelMappings([]config.AmpModelMapping{ - {From: "a", To: "A"}, - {From: "b", To: "B"}, - {From: " ", To: " "}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeAmpModelMappings(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeAmpModelMappings([]config.AmpModelMapping{{From: " ", To: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank mappings ignored, got %+v", blank) - } -} - -func TestSummarizeOAuthExcludedModels_NormalizesKeys(t *testing.T) { - out := SummarizeOAuthExcludedModels(map[string][]string{ - "ProvA": {"X"}, - "": {"ignored"}, - }) - if len(out) != 1 { - t.Fatalf("expected only non-empty key summary, got %d", len(out)) - } - if _, ok := out["prova"]; !ok { - t.Fatalf("expected normalized key 'prova', got keys %v", out) - } - if out["prova"].count != 1 || out["prova"].hash == "" { - t.Fatalf("unexpected summary %+v", out["prova"]) - } - if outEmpty := SummarizeOAuthExcludedModels(nil); outEmpty != nil { - t.Fatalf("expected nil map for nil input, got %v", outEmpty) - } -} - -func TestSummarizeVertexModels(t *testing.T) { - summary := SummarizeVertexModels([]config.VertexCompatModel{ - {Name: "m1"}, - {Name: " ", Alias: "alias"}, - {}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 vertex models, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeVertexModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeVertexModels([]config.VertexCompatModel{{Name: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank model ignored, got %+v", blank) - } -} - -func TestSummarizeVertexModels_UsesCanonicalJoinedSignature(t *testing.T) { - summary := SummarizeVertexModels([]config.VertexCompatModel{ - {Name: "m1"}, - {Alias: "alias"}, - }) - if summary.hash != "alias|m1" { - t.Fatalf("expected canonical joined signature, got %q", summary.hash) - } -} - -func expectContains(t *testing.T, list []string, target string) { - t.Helper() - for _, entry := range list { - if entry == target { - return - } - } - t.Fatalf("expected list to contain %q, got %#v", target, list) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_model_alias.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_model_alias.go deleted file mode 100644 index 4aa8b14617..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/oauth_model_alias.go +++ /dev/null @@ -1,99 +0,0 @@ -package diff - -import ( - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -type OAuthModelAliasSummary struct { - hash string - count int -} - -// SummarizeOAuthModelAlias summarizes OAuth model alias per channel. -func SummarizeOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string]OAuthModelAliasSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]OAuthModelAliasSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = summarizeOAuthModelAliasList(v) - } - if len(out) == 0 { - return nil - } - return out -} - -// DiffOAuthModelAliasChanges compares OAuth model alias maps. -func DiffOAuthModelAliasChanges(oldMap, newMap map[string][]config.OAuthModelAlias) ([]string, []string) { - oldSummary := SummarizeOAuthModelAlias(oldMap) - newSummary := SummarizeOAuthModelAlias(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -func summarizeOAuthModelAliasList(list []config.OAuthModelAlias) OAuthModelAliasSummary { - if len(list) == 0 { - return OAuthModelAliasSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, alias := range list { - name := strings.ToLower(strings.TrimSpace(alias.Name)) - aliasVal := strings.ToLower(strings.TrimSpace(alias.Alias)) - if name == "" || aliasVal == "" { - continue - } - key := name + "->" + aliasVal - if alias.Fork { - key += "|fork" - } - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - normalized = append(normalized, key) - } - if len(normalized) == 0 { - return OAuthModelAliasSummary{} - } - sort.Strings(normalized) - hash := hashJoined(normalized) - return OAuthModelAliasSummary{ - hash: hash, - count: len(normalized), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/openai_compat.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/openai_compat.go deleted file mode 100644 index 0224b06621..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/openai_compat.go +++ /dev/null @@ -1,181 +0,0 @@ -package diff - -import ( - "fmt" - "sort" - "strconv" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// DiffOpenAICompatibility produces human-readable change descriptions. -func DiffOpenAICompatibility(oldList, newList []config.OpenAICompatibility) []string { - changes := make([]string, 0) - oldMap := make(map[string]config.OpenAICompatibility, len(oldList)) - oldLabels := make(map[string]string, len(oldList)) - for idx, entry := range oldList { - key, label := openAICompatKey(entry, idx) - oldMap[key] = entry - oldLabels[key] = label - } - newMap := make(map[string]config.OpenAICompatibility, len(newList)) - newLabels := make(map[string]string, len(newList)) - for idx, entry := range newList { - key, label := openAICompatKey(entry, idx) - newMap[key] = entry - newLabels[key] = label - } - keySet := make(map[string]struct{}, len(oldMap)+len(newMap)) - for key := range oldMap { - keySet[key] = struct{}{} - } - for key := range newMap { - keySet[key] = struct{}{} - } - orderedKeys := make([]string, 0, len(keySet)) - for key := range keySet { - orderedKeys = append(orderedKeys, key) - } - sort.Strings(orderedKeys) - for _, key := range orderedKeys { - oldEntry, oldOk := oldMap[key] - newEntry, newOk := newMap[key] - label := oldLabels[key] - if label == "" { - label = newLabels[key] - } - switch { - case !oldOk: - changes = append(changes, fmt.Sprintf("provider added: %s (api-keys=%d, models=%d)", label, countAPIKeys(newEntry), countOpenAIModels(newEntry.Models))) - case !newOk: - changes = append(changes, fmt.Sprintf("provider removed: %s (api-keys=%d, models=%d)", label, countAPIKeys(oldEntry), countOpenAIModels(oldEntry.Models))) - default: - if detail := describeOpenAICompatibilityUpdate(oldEntry, newEntry); detail != "" { - changes = append(changes, fmt.Sprintf("provider updated: %s %s", label, detail)) - } - } - } - return changes -} - -func describeOpenAICompatibilityUpdate(oldEntry, newEntry config.OpenAICompatibility) string { - oldKeyCount := countAPIKeys(oldEntry) - newKeyCount := countAPIKeys(newEntry) - oldModelCount := countOpenAIModels(oldEntry.Models) - newModelCount := countOpenAIModels(newEntry.Models) - details := make([]string, 0, 3) - if oldKeyCount != newKeyCount { - details = append(details, fmt.Sprintf("api-keys %d -> %d", oldKeyCount, newKeyCount)) - } - if oldModelCount != newModelCount { - details = append(details, fmt.Sprintf("models %d -> %d", oldModelCount, newModelCount)) - } - if !equalStringMap(oldEntry.Headers, newEntry.Headers) { - details = append(details, "headers updated") - } - if len(details) == 0 { - return "" - } - return "(" + strings.Join(details, ", ") + ")" -} - -func countAPIKeys(entry config.OpenAICompatibility) int { - count := 0 - for _, keyEntry := range entry.APIKeyEntries { - if strings.TrimSpace(keyEntry.APIKey) != "" { - count++ - } - } - return count -} - -func countOpenAIModels(models []config.OpenAICompatibilityModel) int { - count := 0 - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - count++ - } - return count -} - -func openAICompatKey(entry config.OpenAICompatibility, index int) (string, string) { - name := strings.TrimSpace(entry.Name) - if name != "" { - return "name:" + name, name - } - base := strings.TrimSpace(entry.BaseURL) - if base != "" { - return "base:" + base, base - } - for _, model := range entry.Models { - alias := strings.TrimSpace(model.Alias) - if alias == "" { - alias = strings.TrimSpace(model.Name) - } - if alias != "" { - return "alias:" + alias, alias - } - } - sig := openAICompatSignature(entry) - if sig == "" { - return fmt.Sprintf("index:%d", index), fmt.Sprintf("entry-%d", index+1) - } - short := sig - if len(short) > 8 { - short = short[:8] - } - return "sig:" + sig, "compat-" + short -} - -func openAICompatSignature(entry config.OpenAICompatibility) string { - var parts []string - - if v := strings.TrimSpace(entry.Name); v != "" { - parts = append(parts, "name="+strings.ToLower(v)) - } - if v := strings.TrimSpace(entry.BaseURL); v != "" { - parts = append(parts, "base="+v) - } - - models := make([]string, 0, len(entry.Models)) - for _, model := range entry.Models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - models = append(models, strings.ToLower(name)+"|"+strings.ToLower(alias)) - } - if len(models) > 0 { - sort.Strings(models) - parts = append(parts, "models="+strings.Join(models, ",")) - } - - if len(entry.Headers) > 0 { - keys := make([]string, 0, len(entry.Headers)) - for k := range entry.Headers { - if trimmed := strings.TrimSpace(k); trimmed != "" { - keys = append(keys, strings.ToLower(trimmed)) - } - } - if len(keys) > 0 { - sort.Strings(keys) - parts = append(parts, "headers="+strings.Join(keys, ",")) - } - } - - // Intentionally exclude API key material; only count non-empty entries. - if count := countAPIKeys(entry); count > 0 { - parts = append(parts, "api_keys="+strconv.Itoa(count)) - } - - if len(parts) == 0 { - return "" - } - return strings.Join(parts, "|") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/openai_compat_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/openai_compat_test.go deleted file mode 100644 index 029b24c0ed..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/diff/openai_compat_test.go +++ /dev/null @@ -1,207 +0,0 @@ -package diff - -import ( - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestDiffOpenAICompatibility(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - }, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - {APIKey: "key-b"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: "m2"}, - }, - Headers: map[string]string{"X-Test": "1"}, - }, - { - Name: "provider-b", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-b"}}, - }, - } - - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider added: provider-b (api-keys=1, models=0)") - expectContains(t, changes, "provider updated: provider-a (api-keys 1 -> 2, models 1 -> 2, headers updated)") -} - -func TestDiffOpenAICompatibility_RemovedAndUnchanged(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - if changes := DiffOpenAICompatibility(oldList, newList); len(changes) != 0 { - t.Fatalf("expected no changes, got %v", changes) - } - - newList = nil - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider removed: provider-a (api-keys=1, models=1)") -} - -func TestOpenAICompatKeyFallbacks(t *testing.T) { - entry := config.OpenAICompatibility{ - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{{Alias: "alias-only"}}, - } - key, label := openAICompatKey(entry, 0) - if key != "base:http://base" || label != "http://base" { - t.Fatalf("expected base key, got %s/%s", key, label) - } - - entry.BaseURL = "" - key, label = openAICompatKey(entry, 1) - if key != "alias:alias-only" || label != "alias-only" { - t.Fatalf("expected alias fallback, got %s/%s", key, label) - } - - entry.Models = nil - key, label = openAICompatKey(entry, 2) - if key != "index:2" || label != "entry-3" { - t.Fatalf("expected index fallback, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_UsesName(t *testing.T) { - entry := config.OpenAICompatibility{Name: "My-Provider"} - key, label := openAICompatKey(entry, 0) - if key != "name:My-Provider" || label != "My-Provider" { - t.Fatalf("expected name key, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_SignatureFallbackWhenOnlyAPIKeys(t *testing.T) { - entry := config.OpenAICompatibility{ - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k1"}, {APIKey: "k2"}}, - } - key, label := openAICompatKey(entry, 0) - if !strings.HasPrefix(key, "sig:") || !strings.HasPrefix(label, "compat-") { - t.Fatalf("expected signature key, got %s/%s", key, label) - } -} - -func TestOpenAICompatSignature_EmptyReturnsEmpty(t *testing.T) { - if got := openAICompatSignature(config.OpenAICompatibility{}); got != "" { - t.Fatalf("expected empty signature, got %q", got) - } -} - -func TestOpenAICompatSignature_StableAndNormalized(t *testing.T) { - a := config.OpenAICompatibility{ - Name: " Provider ", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: " "}, - {Alias: "A1"}, - }, - Headers: map[string]string{ - "X-Test": "1", - " ": "ignored", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - {APIKey: " "}, - }, - } - b := config.OpenAICompatibility{ - Name: "provider", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Alias: "a1"}, - {Name: "m1"}, - }, - Headers: map[string]string{ - "x-test": "2", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k2"}, - }, - } - - sigA := openAICompatSignature(a) - sigB := openAICompatSignature(b) - if sigA == "" || sigB == "" { - t.Fatalf("expected non-empty signatures, got %q / %q", sigA, sigB) - } - if sigA != sigB { - t.Fatalf("expected normalized signatures to match, got %s / %s", sigA, sigB) - } - - c := b - c.Models = append(c.Models, config.OpenAICompatibilityModel{Name: "m2"}) - if sigC := openAICompatSignature(c); sigC == sigB { - t.Fatalf("expected signature to change when models change, got %s", sigC) - } -} - -func TestOpenAICompatSignature_DoesNotIncludeRawAPIKeyMaterial(t *testing.T) { - entry := config.OpenAICompatibility{ - Name: "provider", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "super-secret-key"}, - {APIKey: "another-secret-key"}, - }, - } - sig := openAICompatSignature(entry) - if sig == "" { - t.Fatal("expected non-empty signature") - } - if strings.Contains(sig, "super-secret-key") || strings.Contains(sig, "another-secret-key") { - t.Fatalf("signature must not include API key values: %q", sig) - } - if !strings.Contains(sig, "api_keys=2") { - t.Fatalf("expected signature to keep api key count, got %q", sig) - } -} - -func TestCountOpenAIModelsSkipsBlanks(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: ""}, - {Alias: ""}, - {Name: " "}, - {Alias: "a1"}, - } - if got := countOpenAIModels(models); got != 2 { - t.Fatalf("expected 2 counted models, got %d", got) - } -} - -func TestOpenAICompatKeyUsesModelNameWhenAliasEmpty(t *testing.T) { - entry := config.OpenAICompatibility{ - Models: []config.OpenAICompatibilityModel{{Name: "model-name"}}, - } - key, label := openAICompatKey(entry, 5) - if key != "alias:model-name" || label != "model-name" { - t.Fatalf("expected model-name fallback, got %s/%s", key, label) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/empty/token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/empty/token.go deleted file mode 100644 index 2edb2248c8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/empty/token.go +++ /dev/null @@ -1,26 +0,0 @@ -// Package empty provides a no-operation token storage implementation. -// This package is used when authentication tokens are not required or when -// using API key-based authentication instead of OAuth tokens for any provider. -package empty - -// EmptyStorage is a no-operation implementation of the TokenStorage interface. -// It provides empty implementations for scenarios where token storage is not needed, -// such as when using API keys instead of OAuth tokens for authentication. -type EmptyStorage struct { - // Type indicates the authentication provider type, always "empty" for this implementation. - Type string `json:"type"` -} - -// SaveTokenToFile is a no-operation implementation that always succeeds. -// This method satisfies the TokenStorage interface but performs no actual file operations -// since empty storage doesn't require persistent token data. -// -// Parameters: -// - _: The file path parameter is ignored in this implementation -// -// Returns: -// - error: Always returns nil (no error) -func (ts *EmptyStorage) SaveTokenToFile(_ string) error { - ts.Type = "empty" - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_auth.go deleted file mode 100644 index 6a9833341b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_auth.go +++ /dev/null @@ -1,414 +0,0 @@ -// Package gemini provides authentication and token management functionality -// for Google's Gemini AI services. It handles OAuth2 authentication flows, -// including obtaining tokens via web-based authorization, storing tokens, -// and refreshing them when they expire. -package gemini - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net" - "net/http" - "net/url" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/browser" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "golang.org/x/net/proxy" - - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -// OAuth configuration constants for Gemini -const ( - ClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - ClientSecret = "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" - DefaultCallbackPort = 8085 -) - -// OAuth scopes for Gemini authentication -var Scopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// GeminiAuth provides methods for handling the Gemini OAuth2 authentication flow. -// It encapsulates the logic for obtaining, storing, and refreshing authentication tokens -// for Google's Gemini AI services. -type GeminiAuth struct { -} - -// WebLoginOptions customizes the interactive OAuth flow. -type WebLoginOptions struct { - NoBrowser bool - CallbackPort int - Prompt func(string) (string, error) -} - -// NewGeminiAuth creates a new instance of GeminiAuth. -func NewGeminiAuth() *GeminiAuth { - return &GeminiAuth{} -} - -// GetAuthenticatedClient configures and returns an HTTP client ready for making authenticated API calls. -// It manages the entire OAuth2 flow, including handling proxies, loading existing tokens, -// initiating a new web-based OAuth flow if necessary, and refreshing tokens. -// -// Parameters: -// - ctx: The context for the HTTP client -// - ts: The Gemini token storage containing authentication tokens -// - cfg: The configuration containing proxy settings -// - opts: Optional parameters to customize browser and prompt behavior -// -// Returns: -// - *http.Client: An HTTP client configured with authentication -// - error: An error if the client configuration fails, nil otherwise -func (g *GeminiAuth) GetAuthenticatedClient(ctx context.Context, ts *GeminiTokenStorage, cfg *config.Config, opts *WebLoginOptions) (*http.Client, error) { - callbackPort := DefaultCallbackPort - if opts != nil && opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - callbackURL := fmt.Sprintf("http://localhost:%d/oauth2callback", callbackPort) - - // Configure proxy settings for the HTTP client if a proxy URL is provided. - proxyURL, err := url.Parse(cfg.ProxyURL) - if err == nil { - var transport *http.Transport - switch proxyURL.Scheme { - case "socks5": - // Handle SOCKS5 proxy. - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - auth := &proxy.Auth{User: username, Password: password} - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, auth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return nil, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5) - } - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - case "http", "https": - // Handle HTTP/HTTPS proxy. - transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - - if transport != nil { - proxyClient := &http.Client{Transport: transport} - ctx = context.WithValue(ctx, oauth2.HTTPClient, proxyClient) - } - } - - // Configure the OAuth2 client. - conf := &oauth2.Config{ - ClientID: ClientID, - ClientSecret: ClientSecret, - RedirectURL: callbackURL, // This will be used by the local server. - Scopes: Scopes, - Endpoint: google.Endpoint, - } - - var token *oauth2.Token - - // If no token is found in storage, initiate the web-based OAuth flow. - if ts.Token == nil { - fmt.Printf("Could not load token from file, starting OAuth flow.\n") - token, err = g.getTokenFromWeb(ctx, conf, opts) - if err != nil { - return nil, fmt.Errorf("failed to get token from web: %w", err) - } - // After getting a new token, create a new token storage object with user info. - newTs, errCreateTokenStorage := g.createTokenStorage(ctx, conf, token, ts.ProjectID) - if errCreateTokenStorage != nil { - log.Errorf("Warning: failed to create token storage: %v", errCreateTokenStorage) - return nil, errCreateTokenStorage - } - *ts = *newTs - } - - // Unmarshal the stored token into an oauth2.Token object. - tsToken, _ := json.Marshal(ts.Token) - if err = json.Unmarshal(tsToken, &token); err != nil { - return nil, fmt.Errorf("failed to unmarshal token: %w", err) - } - - // Return an HTTP client that automatically handles token refreshing. - return conf.Client(ctx, token), nil -} - -// createTokenStorage creates a new GeminiTokenStorage object. It fetches the user's email -// using the provided token and populates the storage structure. -// -// Parameters: -// - ctx: The context for the HTTP request -// - config: The OAuth2 configuration -// - token: The OAuth2 token to use for authentication -// - projectID: The Google Cloud Project ID to associate with this token -// -// Returns: -// - *GeminiTokenStorage: A new token storage object with user information -// - error: An error if the token storage creation fails, nil otherwise -func (g *GeminiAuth) createTokenStorage(ctx context.Context, config *oauth2.Config, token *oauth2.Token, projectID string) (*GeminiTokenStorage, error) { - httpClient := config.Client(ctx, token) - req, err := http.NewRequestWithContext(ctx, "GET", "https://www.googleapis.com/oauth2/v1/userinfo?alt=json", nil) - if err != nil { - return nil, fmt.Errorf("could not get user info: %v", err) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken)) - - resp, err := httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("failed to execute request: %w", err) - } - defer func() { - if err = resp.Body.Close(); err != nil { - log.Printf("warn: failed to close response body: %v", err) - } - }() - - bodyBytes, _ := io.ReadAll(resp.Body) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return nil, fmt.Errorf("get user info request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - emailResult := gjson.GetBytes(bodyBytes, "email") - if emailResult.Exists() && emailResult.Type == gjson.String { - fmt.Printf("Authenticated user email: %s\n", emailResult.String()) - } else { - fmt.Println("Failed to get user email from token") - } - - var ifToken map[string]any - jsonData, _ := json.Marshal(token) - err = json.Unmarshal(jsonData, &ifToken) - if err != nil { - return nil, fmt.Errorf("failed to unmarshal token: %w", err) - } - - ifToken["token_uri"] = "https://oauth2.googleapis.com/token" - ifToken["client_id"] = ClientID - ifToken["client_secret"] = ClientSecret - ifToken["scopes"] = Scopes - ifToken["universe_domain"] = "googleapis.com" - - ts := GeminiTokenStorage{ - Token: ifToken, - ProjectID: projectID, - Email: emailResult.String(), - } - - return &ts, nil -} - -// getTokenFromWeb initiates the web-based OAuth2 authorization flow. -// It starts a local HTTP server to listen for the callback from Google's auth server, -// opens the user's browser to the authorization URL, and exchanges the received -// authorization code for an access token. -// -// Parameters: -// - ctx: The context for the HTTP client -// - config: The OAuth2 configuration -// - opts: Optional parameters to customize browser and prompt behavior -// -// Returns: -// - *oauth2.Token: The OAuth2 token obtained from the authorization flow -// - error: An error if the token acquisition fails, nil otherwise -func (g *GeminiAuth) getTokenFromWeb(ctx context.Context, config *oauth2.Config, opts *WebLoginOptions) (*oauth2.Token, error) { - callbackPort := DefaultCallbackPort - if opts != nil && opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - - // Use a channel to pass the authorization code from the HTTP handler to the main function. - codeChan := make(chan string, 1) - errChan := make(chan error, 1) - - // Create a new HTTP server with its own multiplexer. - mux := http.NewServeMux() - mux.HandleFunc("/oauth2callback", func(w http.ResponseWriter, r *http.Request) { - if err := r.URL.Query().Get("error"); err != "" { - _, _ = fmt.Fprintf(w, "Authentication failed: %s", err) - select { - case errChan <- fmt.Errorf("authentication failed via callback: %s", err): - default: - } - return - } - code := r.URL.Query().Get("code") - if code == "" { - _, _ = fmt.Fprint(w, "Authentication failed: code not found.") - select { - case errChan <- fmt.Errorf("code not found in callback"): - default: - } - return - } - _, _ = fmt.Fprint(w, "

Authentication successful!

You can close this window.

") - select { - case codeChan <- code: - default: - } - }) - - listener, actualPort, err := startOAuthCallbackListener(callbackPort) - if err != nil { - return nil, err - } - callbackPort = actualPort - callbackURL := fmt.Sprintf("http://localhost:%d/oauth2callback", callbackPort) - config.RedirectURL = callbackURL - - server := &http.Server{Handler: mux} - - // Start the server in a goroutine. - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Errorf("ListenAndServe(): %v", err) - select { - case errChan <- err: - default: - } - } - }() - - // Open the authorization URL in the user's browser. - authURL := config.AuthCodeURL("state-token", oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")) - - noBrowser := false - if opts != nil { - noBrowser = opts.NoBrowser - } - - if !noBrowser { - fmt.Println("Opening browser for authentication...") - - // Check if browser is available - if !browser.IsAvailable() { - log.Warn("No browser available on this system") - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Please manually open this URL in your browser:\n\n%s\n", authURL) - } else { - if err := browser.OpenURL(authURL); err != nil { - authErr := codex.NewAuthenticationError(codex.ErrBrowserOpenFailed, err) - log.Warn(codex.GetUserFriendlyMessage(authErr)) - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Please manually open this URL in your browser:\n\n%s\n", authURL) - - // Log platform info for debugging - platformInfo := browser.GetPlatformInfo() - log.Debugf("Browser platform info: %+v", platformInfo) - } else { - log.Debug("Browser opened successfully") - } - } - } else { - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Please open this URL in your browser:\n\n%s\n", authURL) - } - - fmt.Println("Waiting for authentication callback...") - - // Wait for the authorization code or an error. - var authCode string - timeoutTimer := time.NewTimer(5 * time.Minute) - defer timeoutTimer.Stop() - - var manualPromptTimer *time.Timer - var manualPromptC <-chan time.Time - if opts != nil && opts.Prompt != nil { - manualPromptTimer = time.NewTimer(15 * time.Second) - manualPromptC = manualPromptTimer.C - defer manualPromptTimer.Stop() - } - -waitForCallback: - for { - select { - case code := <-codeChan: - authCode = code - break waitForCallback - case err := <-errChan: - return nil, err - case <-manualPromptC: - manualPromptC = nil - if manualPromptTimer != nil { - manualPromptTimer.Stop() - } - select { - case code := <-codeChan: - authCode = code - break waitForCallback - case err := <-errChan: - return nil, err - default: - } - input, err := opts.Prompt("Paste the Gemini callback URL (or press Enter to keep waiting): ") - if err != nil { - return nil, err - } - parsed, err := misc.ParseOAuthCallback(input) - if err != nil { - return nil, err - } - if parsed == nil { - continue - } - if parsed.Error != "" { - return nil, fmt.Errorf("authentication failed via callback: %s", parsed.Error) - } - if parsed.Code == "" { - return nil, fmt.Errorf("code not found in callback") - } - authCode = parsed.Code - break waitForCallback - case <-timeoutTimer.C: - return nil, fmt.Errorf("oauth flow timed out") - } - } - - // Shutdown the server. - if err := server.Shutdown(ctx); err != nil { - log.Errorf("Failed to shut down server: %v", err) - } - - // Exchange the authorization code for a token. - token, err := config.Exchange(ctx, authCode) - if err != nil { - return nil, fmt.Errorf("failed to exchange token: %w", err) - } - - fmt.Println("Authentication successful.") - return token, nil -} - -func startOAuthCallbackListener(preferredPort int) (net.Listener, int, error) { - address := fmt.Sprintf("localhost:%d", preferredPort) - listener, err := net.Listen("tcp", address) - if err == nil { - return listener, preferredPort, nil - } - log.Warnf("Gemini OAuth callback port %d busy, falling back to an ephemeral port: %v", preferredPort, err) - - listener, err = net.Listen("tcp", "localhost:0") - if err != nil { - return nil, 0, fmt.Errorf("failed to start callback server: %w", err) - } - - if tcpAddr, ok := listener.Addr().(*net.TCPAddr); ok { - return listener, tcpAddr.Port, nil - } - - return listener, preferredPort, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_auth_test.go deleted file mode 100644 index f1b962bc33..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_auth_test.go +++ /dev/null @@ -1,173 +0,0 @@ -package gemini - -import ( - "context" - "fmt" - "io" - "net" - "net/http" - "os" - "path/filepath" - "strings" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "golang.org/x/oauth2" -) - -func TestGetAuthenticatedClient_ExistingToken(t *testing.T) { - auth := NewGeminiAuth() - - // Valid token that hasn't expired - token := &oauth2.Token{ - AccessToken: "valid-access", - RefreshToken: "valid-refresh", - Expiry: time.Now().Add(1 * time.Hour), - } - - ts := &GeminiTokenStorage{ - Token: token, - } - - cfg := &config.Config{} - client, err := auth.GetAuthenticatedClient(context.Background(), ts, cfg, nil) - if err != nil { - t.Fatalf("GetAuthenticatedClient failed: %v", err) - } - - if client == nil { - t.Fatal("expected non-nil client") - } -} - -func TestGeminiTokenStorage_SaveAndLoad(t *testing.T) { - tmpDir := t.TempDir() - path := filepath.Join(tmpDir, "gemini-token.json") - - ts := &GeminiTokenStorage{ - Token: "raw-token-data", - ProjectID: "test-project", - Email: "test@example.com", - Type: "gemini", - } - - err := ts.SaveTokenToFile(path) - if err != nil { - t.Fatalf("SaveTokenToFile failed: %v", err) - } - - // Load it back - data, err := os.ReadFile(path) - if err != nil { - t.Fatalf("failed to read file: %v", err) - } - - if len(data) == 0 { - t.Fatal("saved file is empty") - } -} - -func TestGeminiTokenStorage_SaveTokenToFile_RejectsTraversalPath(t *testing.T) { - ts := &GeminiTokenStorage{Token: "raw-token-data"} - badPath := t.TempDir() + "/../gemini-token.json" - - err := ts.SaveTokenToFile(badPath) - if err == nil { - t.Fatal("expected error for traversal path") - } - if !strings.Contains(err.Error(), "invalid token file path") { - t.Fatalf("expected invalid path error, got %v", err) - } -} - -func TestGeminiAuth_CreateTokenStorage(t *testing.T) { - auth := NewGeminiAuth() - conf := &oauth2.Config{ - Endpoint: oauth2.Endpoint{ - AuthURL: "https://example.com/auth", - TokenURL: "https://example.com/token", - }, - } - token := &oauth2.Token{AccessToken: "token123"} - - ctx := context.Background() - transport := roundTripFunc(func(req *http.Request) (*http.Response, error) { - if strings.Contains(req.URL.Path, "/oauth2/v1/userinfo") { - return &http.Response{ - StatusCode: http.StatusOK, - Body: io.NopCloser(strings.NewReader(`{"email":"test@example.com"}`)), - Header: make(http.Header), - }, nil - } - return &http.Response{ - StatusCode: http.StatusNotFound, - Body: io.NopCloser(strings.NewReader("")), - Header: make(http.Header), - }, nil - }) - - ctx = context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Transport: transport}) - - ts, err := auth.createTokenStorage(ctx, conf, token, "project-123") - if err != nil { - t.Fatalf("createTokenStorage failed: %v", err) - } - - if ts.Email != "test@example.com" || ts.ProjectID != "project-123" { - t.Errorf("unexpected ts: %+v", ts) - } -} - -func TestStartOAuthCallbackListener_Fallback(t *testing.T) { - busy, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", DefaultCallbackPort)) - if err != nil { - t.Skipf("default callback port %d unavailable: %v", DefaultCallbackPort, err) - } - defer func() { - if closeErr := busy.Close(); closeErr != nil { - t.Fatalf("busy.Close failed: %v", closeErr) - } - }() - - listener, port, err := startOAuthCallbackListener(DefaultCallbackPort) - if err != nil { - t.Fatalf("startOAuthCallbackListener failed: %v", err) - } - defer func() { - if closeErr := listener.Close(); closeErr != nil { - t.Fatalf("listener.Close failed: %v", closeErr) - } - }() - - if port == DefaultCallbackPort { - t.Fatalf("expected fallback port, got default %d", port) - } -} - -func TestGetAuthenticatedClient_Proxy(t *testing.T) { - auth := NewGeminiAuth() - ts := &GeminiTokenStorage{ - Token: map[string]any{"access_token": "token"}, - } - cfg := &config.Config{} - cfg.ProxyURL = "http://proxy.com:8080" - - client, err := auth.GetAuthenticatedClient(context.Background(), ts, cfg, nil) - if err != nil { - t.Fatalf("GetAuthenticatedClient failed: %v", err) - } - if client == nil { - t.Fatal("client is nil") - } - - // Check SOCKS5 proxy - cfg.ProxyURL = "socks5://user:pass@socks5.com:1080" - _, _ = auth.GetAuthenticatedClient(context.Background(), ts, cfg, nil) -} - -type roundTripFunc func(req *http.Request) (*http.Response, error) - -func (f roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_token.go deleted file mode 100644 index b06e0f8532..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_token.go +++ /dev/null @@ -1,91 +0,0 @@ -// Package gemini provides authentication and token management functionality -// for Google's Gemini AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Gemini API. -package gemini - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - log "github.com/sirupsen/logrus" -) - -// GeminiTokenStorage stores OAuth2 token information for Google Gemini API authentication. -// It maintains compatibility with the existing auth system while adding Gemini-specific fields -// for managing access tokens, refresh tokens, and user account information. -type GeminiTokenStorage struct { - // Token holds the raw OAuth2 token data, including access and refresh tokens. - Token any `json:"token"` - - // ProjectID is the Google Cloud Project ID associated with this token. - ProjectID string `json:"project_id"` - - // Email is the email address of the authenticated user. - Email string `json:"email"` - - // Auto indicates if the project ID was automatically selected. - Auto bool `json:"auto"` - - // Checked indicates if the associated Cloud AI API has been verified as enabled. - Checked bool `json:"checked"` - - // Type indicates the authentication provider type, always "gemini" for this storage. - Type string `json:"type"` -} - -// SaveTokenToFile serializes the Gemini token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *GeminiTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "gemini" - if err = os.MkdirAll(filepath.Dir(safePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("failed to close file: %v", errClose) - } - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// CredentialFileName returns the filename used to persist Gemini CLI credentials. -// When projectID represents multiple projects (comma-separated or literal ALL), -// the suffix is normalized to "all" and a "gemini-" prefix is enforced to keep -// web and CLI generated files consistent. -func CredentialFileName(email, projectID string, includeProviderPrefix bool) string { - email = strings.TrimSpace(email) - project := strings.TrimSpace(projectID) - if strings.EqualFold(project, "all") || strings.Contains(project, ",") { - return fmt.Sprintf("gemini-%s-all.json", email) - } - prefix := "" - if includeProviderPrefix { - prefix = "gemini-" - } - return fmt.Sprintf("%s%s-%s.json", prefix, email, project) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_token_test.go deleted file mode 100644 index 025c943792..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/gemini/gemini_token_test.go +++ /dev/null @@ -1,10 +0,0 @@ -package gemini - -import "testing" - -func TestGeminiTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &GeminiTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../gemini-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/cookie_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/cookie_helpers.go deleted file mode 100644 index 5a201add23..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/cookie_helpers.go +++ /dev/null @@ -1,103 +0,0 @@ -package iflow - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" -) - -// NormalizeCookie normalizes raw cookie strings for iFlow authentication flows. -func NormalizeCookie(raw string) (string, error) { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "", fmt.Errorf("cookie cannot be empty") - } - - combined := strings.Join(strings.Fields(trimmed), " ") - if !strings.HasSuffix(combined, ";") { - combined += ";" - } - if ExtractBXAuth(combined) == "" { - return "", fmt.Errorf("cookie missing BXAuth field") - } - return combined, nil -} - -// SanitizeIFlowFileName normalizes user identifiers for safe filename usage. -func SanitizeIFlowFileName(raw string) string { - if raw == "" { - return "" - } - cleanEmail := strings.ReplaceAll(raw, "*", "x") - var result strings.Builder - for _, r := range cleanEmail { - if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '_' || r == '@' || r == '.' || r == '-' { - result.WriteRune(r) - } - } - return strings.TrimSpace(result.String()) -} - -// ExtractBXAuth extracts the BXAuth value from a cookie string. -func ExtractBXAuth(cookie string) string { - parts := strings.Split(cookie, ";") - for _, part := range parts { - part = strings.TrimSpace(part) - key, value, ok := strings.Cut(part, "=") - if !ok { - continue - } - if strings.EqualFold(strings.TrimSpace(key), "BXAuth") { - return strings.TrimSpace(value) - } - } - return "" -} - -// CheckDuplicateBXAuth checks if the given BXAuth value already exists in any iflow auth file. -// Returns the path of the existing file if found, empty string otherwise. -func CheckDuplicateBXAuth(authDir, bxAuth string) (string, error) { - if bxAuth == "" { - return "", nil - } - - entries, err := os.ReadDir(authDir) - if err != nil { - if os.IsNotExist(err) { - return "", nil - } - return "", fmt.Errorf("read auth dir failed: %w", err) - } - - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "iflow-") || !strings.HasSuffix(name, ".json") { - continue - } - - filePath := filepath.Join(authDir, name) - data, err := os.ReadFile(filePath) - if err != nil { - continue - } - - var tokenData struct { - Cookie string `json:"cookie"` - } - if err := json.Unmarshal(data, &tokenData); err != nil { - continue - } - - existingBXAuth := ExtractBXAuth(tokenData.Cookie) - if existingBXAuth != "" && existingBXAuth == bxAuth { - return filePath, nil - } - } - - return "", nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_auth.go deleted file mode 100644 index a24107a2bb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_auth.go +++ /dev/null @@ -1,549 +0,0 @@ -package iflow - -import ( - "compress/gzip" - "context" - "encoding/base64" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // OAuth endpoints and client metadata are derived from the reference Python implementation. - iFlowOAuthTokenEndpoint = "https://iflow.cn/oauth/token" - iFlowOAuthAuthorizeEndpoint = "https://iflow.cn/oauth" - iFlowUserInfoEndpoint = "https://iflow.cn/api/oauth/getUserInfo" - iFlowSuccessRedirectURL = "https://iflow.cn/oauth/success" - - // Cookie authentication endpoints - iFlowAPIKeyEndpoint = "https://platform.iflow.cn/api/openapi/apikey" - - // Client credentials provided by iFlow for the Code Assist integration. - iFlowOAuthClientID = "10009311001" - // Default client secret (can be overridden via IFLOW_CLIENT_SECRET env var) - defaultIFlowClientSecret = "4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW" -) - -// getIFlowClientSecret returns the iFlow OAuth client secret. -// It first checks the IFLOW_CLIENT_SECRET environment variable, -// falling back to the default value if not set. -func getIFlowClientSecret() string { - if secret := os.Getenv("IFLOW_CLIENT_SECRET"); secret != "" { - return secret - } - return defaultIFlowClientSecret -} - -// DefaultAPIBaseURL is the canonical chat completions endpoint. -const DefaultAPIBaseURL = "https://apis.iflow.cn/v1" - -// SuccessRedirectURL is exposed for consumers needing the official success page. -const SuccessRedirectURL = iFlowSuccessRedirectURL - -// CallbackPort defines the local port used for OAuth callbacks. -const CallbackPort = 11451 - -// IFlowAuth encapsulates the HTTP client helpers for the OAuth flow. -type IFlowAuth struct { - httpClient *http.Client -} - -// NewIFlowAuth constructs a new IFlowAuth with proxy-aware transport. -func NewIFlowAuth(cfg *config.Config, httpClient *http.Client) *IFlowAuth { - if httpClient != nil { - return &IFlowAuth{httpClient: httpClient} - } - if cfg == nil { - cfg = &config.Config{} - } - client := &http.Client{Timeout: 30 * time.Second} - return &IFlowAuth{httpClient: util.SetProxy(&cfg.SDKConfig, client)} -} - -// AuthorizationURL builds the authorization URL and matching redirect URI. -func (ia *IFlowAuth) AuthorizationURL(state string, port int) (authURL, redirectURI string) { - redirectURI = fmt.Sprintf("http://localhost:%d/oauth2callback", port) - values := url.Values{} - values.Set("loginMethod", "phone") - values.Set("type", "phone") - values.Set("redirect", redirectURI) - values.Set("state", state) - values.Set("client_id", iFlowOAuthClientID) - authURL = fmt.Sprintf("%s?%s", iFlowOAuthAuthorizeEndpoint, values.Encode()) - return authURL, redirectURI -} - -// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens. -func (ia *IFlowAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*IFlowTokenData, error) { - form := url.Values{} - form.Set("grant_type", "authorization_code") - form.Set("code", code) - form.Set("redirect_uri", redirectURI) - form.Set("client_id", iFlowOAuthClientID) - form.Set("client_secret", getIFlowClientSecret()) - - req, err := ia.newTokenRequest(ctx, form) - if err != nil { - return nil, err - } - - return ia.doTokenRequest(ctx, req) -} - -// RefreshTokens exchanges a refresh token for a new access token. -func (ia *IFlowAuth) RefreshTokens(ctx context.Context, refreshToken string) (*IFlowTokenData, error) { - form := url.Values{} - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - form.Set("client_id", iFlowOAuthClientID) - form.Set("client_secret", getIFlowClientSecret()) - - req, err := ia.newTokenRequest(ctx, form) - if err != nil { - return nil, err - } - - return ia.doTokenRequest(ctx, req) -} - -func (ia *IFlowAuth) newTokenRequest(ctx context.Context, form url.Values) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowOAuthTokenEndpoint, strings.NewReader(form.Encode())) - if err != nil { - return nil, fmt.Errorf("iflow token: create request failed: %w", err) - } - - basic := base64.StdEncoding.EncodeToString([]byte(iFlowOAuthClientID + ":" + getIFlowClientSecret())) - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - req.Header.Set("Authorization", "Basic "+basic) - return req, nil -} - -func (ia *IFlowAuth) doTokenRequest(ctx context.Context, req *http.Request) (*IFlowTokenData, error) { - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow token: request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow token: read response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow token request failed: status=%d body=%s", resp.StatusCode, string(body)) - var providerErr iFlowAPIKeyResponse - if err = json.Unmarshal(body, &providerErr); err == nil && (strings.TrimSpace(providerErr.Code) != "" || strings.TrimSpace(providerErr.Message) != "") { - return nil, fmt.Errorf("iflow token: provider rejected token request (code=%s message=%s)", strings.TrimSpace(providerErr.Code), strings.TrimSpace(providerErr.Message)) - } - return nil, fmt.Errorf("iflow token: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var tokenResp IFlowTokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("iflow token: decode response failed: %w", err) - } - - data := &IFlowTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - TokenType: tokenResp.TokenType, - Scope: tokenResp.Scope, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - if tokenResp.AccessToken == "" { - var providerErr iFlowAPIKeyResponse - if err = json.Unmarshal(body, &providerErr); err == nil && (strings.TrimSpace(providerErr.Code) != "" || strings.TrimSpace(providerErr.Message) != "") { - return nil, fmt.Errorf("iflow token: provider rejected token request (code=%s message=%s)", strings.TrimSpace(providerErr.Code), strings.TrimSpace(providerErr.Message)) - } - log.Debug(string(body)) - return nil, fmt.Errorf("iflow token: missing access token in response") - } - - info, errAPI := ia.FetchUserInfo(ctx, tokenResp.AccessToken) - if errAPI != nil { - return nil, fmt.Errorf("iflow token: fetch user info failed: %w", errAPI) - } - if strings.TrimSpace(info.APIKey) == "" { - return nil, fmt.Errorf("iflow token: empty api key returned") - } - email := strings.TrimSpace(info.Email) - if email == "" { - email = strings.TrimSpace(info.Phone) - } - if email == "" { - return nil, fmt.Errorf("iflow token: missing account email/phone in user info") - } - data.APIKey = info.APIKey - data.Email = email - - return data, nil -} - -// FetchUserInfo retrieves account metadata (including API key) for the provided access token. -func (ia *IFlowAuth) FetchUserInfo(ctx context.Context, accessToken string) (*userInfoData, error) { - if strings.TrimSpace(accessToken) == "" { - return nil, fmt.Errorf("iflow api key: access token is empty") - } - - endpoint := fmt.Sprintf("%s?accessToken=%s", iFlowUserInfoEndpoint, url.QueryEscape(accessToken)) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) - if err != nil { - return nil, fmt.Errorf("iflow api key: create request failed: %w", err) - } - req.Header.Set("Accept", "application/json") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow api key: request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow api key: read response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow api key failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow api key: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var result userInfoResponse - if err = json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("iflow api key: decode body failed: %w", err) - } - - if !result.Success { - return nil, fmt.Errorf("iflow api key: request not successful") - } - - if result.Data.APIKey == "" { - return nil, fmt.Errorf("iflow api key: missing api key in response") - } - - return &result.Data, nil -} - -// CreateTokenStorage converts token data into persistence storage. -func (ia *IFlowAuth) CreateTokenStorage(data *IFlowTokenData) *IFlowTokenStorage { - if data == nil { - return nil - } - return &IFlowTokenStorage{ - AccessToken: data.AccessToken, - RefreshToken: data.RefreshToken, - LastRefresh: time.Now().Format(time.RFC3339), - Expire: data.Expire, - APIKey: data.APIKey, - Email: data.Email, - TokenType: data.TokenType, - Scope: data.Scope, - } -} - -// UpdateTokenStorage updates the persisted token storage with latest token data. -func (ia *IFlowAuth) UpdateTokenStorage(storage *IFlowTokenStorage, data *IFlowTokenData) { - if storage == nil || data == nil { - return - } - storage.AccessToken = data.AccessToken - storage.RefreshToken = data.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Expire = data.Expire - if data.APIKey != "" { - storage.APIKey = data.APIKey - } - if data.Email != "" { - storage.Email = data.Email - } - storage.TokenType = data.TokenType - storage.Scope = data.Scope -} - -// IFlowTokenResponse models the OAuth token endpoint response. -type IFlowTokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` -} - -// IFlowTokenData captures processed token details. -type IFlowTokenData struct { - AccessToken string - RefreshToken string - TokenType string - Scope string - Expire string - APIKey string - Email string - Cookie string -} - -// userInfoResponse represents the structure returned by the user info endpoint. -type userInfoResponse struct { - Success bool `json:"success"` - Data userInfoData `json:"data"` -} - -type userInfoData struct { - APIKey string `json:"apiKey"` - Email string `json:"email"` - Phone string `json:"phone"` -} - -// iFlowAPIKeyResponse represents the response from the API key endpoint -type iFlowAPIKeyResponse struct { - Success bool `json:"success"` - Code string `json:"code"` - Message string `json:"message"` - Data iFlowKeyData `json:"data"` - Extra interface{} `json:"extra"` -} - -// iFlowKeyData contains the API key information -type iFlowKeyData struct { - HasExpired bool `json:"hasExpired"` - ExpireTime string `json:"expireTime"` - Name string `json:"name"` - APIKey string `json:"apiKey"` - APIKeyMask string `json:"apiKeyMask"` -} - -// iFlowRefreshRequest represents the request body for refreshing API key -type iFlowRefreshRequest struct { - Name string `json:"name"` -} - -// AuthenticateWithCookie performs authentication using browser cookies -func (ia *IFlowAuth) AuthenticateWithCookie(ctx context.Context, cookie string) (*IFlowTokenData, error) { - if strings.TrimSpace(cookie) == "" { - return nil, fmt.Errorf("iflow cookie authentication: cookie is empty") - } - - // First, get initial API key information using GET request to obtain the name - keyInfo, err := ia.fetchAPIKeyInfo(ctx, cookie) - if err != nil { - return nil, fmt.Errorf("iflow cookie authentication: fetch initial API key info failed: %w", err) - } - - // Refresh the API key using POST request - refreshedKeyInfo, err := ia.RefreshAPIKey(ctx, cookie, keyInfo.Name) - if err != nil { - return nil, fmt.Errorf("iflow cookie authentication: refresh API key failed: %w", err) - } - - // Convert to token data format using refreshed key - data := &IFlowTokenData{ - APIKey: refreshedKeyInfo.APIKey, - Expire: refreshedKeyInfo.ExpireTime, - Email: refreshedKeyInfo.Name, - Cookie: cookie, - } - - return data, nil -} - -// fetchAPIKeyInfo retrieves API key information using GET request with cookie -func (ia *IFlowAuth) fetchAPIKeyInfo(ctx context.Context, cookie string) (*iFlowKeyData, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, iFlowAPIKeyEndpoint, nil) - if err != nil { - return nil, fmt.Errorf("iflow cookie: create GET request failed: %w", err) - } - - // Set cookie and other headers to mimic browser - req.Header.Set("Cookie", cookie) - req.Header.Set("Accept", "application/json, text/plain, */*") - req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36") - req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8") - req.Header.Set("Accept-Encoding", "gzip, deflate, br") - req.Header.Set("Connection", "keep-alive") - req.Header.Set("Sec-Fetch-Dest", "empty") - req.Header.Set("Sec-Fetch-Mode", "cors") - req.Header.Set("Sec-Fetch-Site", "same-origin") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow cookie: GET request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - // Handle gzip compression - var reader io.Reader = resp.Body - if resp.Header.Get("Content-Encoding") == "gzip" { - gzipReader, err := gzip.NewReader(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow cookie: create gzip reader failed: %w", err) - } - defer func() { _ = gzipReader.Close() }() - reader = gzipReader - } - - body, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("iflow cookie: read GET response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow cookie GET request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow cookie: GET request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var keyResp iFlowAPIKeyResponse - if err = json.Unmarshal(body, &keyResp); err != nil { - return nil, fmt.Errorf("iflow cookie: decode GET response failed: %w", err) - } - - if !keyResp.Success { - return nil, fmt.Errorf("iflow cookie: GET request not successful: %s", keyResp.Message) - } - - // Handle initial response where apiKey field might be apiKeyMask - if keyResp.Data.APIKey == "" && keyResp.Data.APIKeyMask != "" { - keyResp.Data.APIKey = keyResp.Data.APIKeyMask - } - - return &keyResp.Data, nil -} - -// RefreshAPIKey refreshes the API key using POST request -func (ia *IFlowAuth) RefreshAPIKey(ctx context.Context, cookie, name string) (*iFlowKeyData, error) { - if strings.TrimSpace(cookie) == "" { - return nil, fmt.Errorf("iflow cookie refresh: cookie is empty") - } - if strings.TrimSpace(name) == "" { - return nil, fmt.Errorf("iflow cookie refresh: name is empty") - } - - // Prepare request body - refreshReq := iFlowRefreshRequest{ - Name: name, - } - - bodyBytes, err := json.Marshal(refreshReq) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: marshal request failed: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowAPIKeyEndpoint, strings.NewReader(string(bodyBytes))) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: create POST request failed: %w", err) - } - - // Set cookie and other headers to mimic browser - req.Header.Set("Cookie", cookie) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json, text/plain, */*") - req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36") - req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8") - req.Header.Set("Accept-Encoding", "gzip, deflate, br") - req.Header.Set("Connection", "keep-alive") - req.Header.Set("Origin", "https://platform.iflow.cn") - req.Header.Set("Referer", "https://platform.iflow.cn/") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: POST request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - // Handle gzip compression - var reader io.Reader = resp.Body - if resp.Header.Get("Content-Encoding") == "gzip" { - gzipReader, err := gzip.NewReader(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: create gzip reader failed: %w", err) - } - defer func() { _ = gzipReader.Close() }() - reader = gzipReader - } - - body, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: read POST response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow cookie POST request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow cookie refresh: POST request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var keyResp iFlowAPIKeyResponse - if err = json.Unmarshal(body, &keyResp); err != nil { - return nil, fmt.Errorf("iflow cookie refresh: decode POST response failed: %w", err) - } - - if !keyResp.Success { - return nil, fmt.Errorf("iflow cookie refresh: POST request not successful: %s", keyResp.Message) - } - - return &keyResp.Data, nil -} - -// ShouldRefreshAPIKey checks if the API key needs to be refreshed (within 2 days of expiry) -func ShouldRefreshAPIKey(expireTime string) (bool, time.Duration, error) { - if strings.TrimSpace(expireTime) == "" { - return false, 0, fmt.Errorf("iflow cookie: expire time is empty") - } - - expire, err := time.Parse("2006-01-02 15:04", expireTime) - if err != nil { - return false, 0, fmt.Errorf("iflow cookie: parse expire time failed: %w", err) - } - - now := time.Now() - twoDaysFromNow := now.Add(48 * time.Hour) - - needsRefresh := expire.Before(twoDaysFromNow) - timeUntilExpiry := expire.Sub(now) - - return needsRefresh, timeUntilExpiry, nil -} - -// CreateCookieTokenStorage converts cookie-based token data into persistence storage -func (ia *IFlowAuth) CreateCookieTokenStorage(data *IFlowTokenData) *IFlowTokenStorage { - if data == nil { - return nil - } - - // Only save the BXAuth field from the cookie - bxAuth := ExtractBXAuth(data.Cookie) - cookieToSave := "" - if bxAuth != "" { - cookieToSave = "BXAuth=" + bxAuth + ";" - } - - return &IFlowTokenStorage{ - APIKey: data.APIKey, - Email: data.Email, - Expire: data.Expire, - Cookie: cookieToSave, - LastRefresh: time.Now().Format(time.RFC3339), - Type: "iflow", - } -} - -// UpdateCookieTokenStorage updates the persisted token storage with refreshed API key data -func (ia *IFlowAuth) UpdateCookieTokenStorage(storage *IFlowTokenStorage, keyData *iFlowKeyData) { - if storage == nil || keyData == nil { - return - } - - storage.APIKey = keyData.APIKey - storage.Expire = keyData.ExpireTime - storage.LastRefresh = time.Now().Format(time.RFC3339) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_auth_test.go deleted file mode 100644 index b3c2a4d2f5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_auth_test.go +++ /dev/null @@ -1,150 +0,0 @@ -package iflow - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" -) - -type rewriteTransport struct { - target string - base http.RoundTripper -} - -func (t *rewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return t.base.RoundTrip(newReq) -} - -func TestAuthorizationURL(t *testing.T) { - auth := NewIFlowAuth(nil, nil) - url, redirect := auth.AuthorizationURL("test-state", 12345) - if !strings.Contains(url, "state=test-state") { - t.Errorf("url missing state: %s", url) - } - if redirect != "http://localhost:12345/oauth2callback" { - t.Errorf("got redirect %q, want http://localhost:12345/oauth2callback", redirect) - } -} - -func TestExchangeCodeForTokens(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - if strings.Contains(r.URL.Path, "token") { - resp := map[string]any{ - "access_token": "test-access", - "refresh_token": "test-refresh", - "expires_in": 3600, - } - _ = json.NewEncoder(w).Encode(resp) - } else if strings.Contains(r.URL.Path, "getUserInfo") { - resp := map[string]any{ - "success": true, - "data": map[string]any{ - "email": "test@example.com", - "apiKey": "test-api-key", - }, - } - _ = json.NewEncoder(w).Encode(resp) - } else if strings.Contains(r.URL.Path, "apikey") { - resp := map[string]any{ - "success": true, - "data": map[string]any{ - "apiKey": "test-api-key", - }, - } - _ = json.NewEncoder(w).Encode(resp) - } - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewIFlowAuth(nil, client) - resp, err := auth.ExchangeCodeForTokens(context.Background(), "code", "redirect") - if err != nil { - t.Fatalf("ExchangeCodeForTokens failed: %v", err) - } - - if resp.AccessToken != "test-access" { - t.Errorf("got access token %q, want test-access", resp.AccessToken) - } - if resp.APIKey != "test-api-key" { - t.Errorf("got API key %q, want test-api-key", resp.APIKey) - } -} - -func TestRefreshTokensProviderErrorPayload(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(map[string]any{ - "success": false, - "code": "500", - "message": "server busy", - "data": nil, - }) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewIFlowAuth(nil, client) - _, err := auth.RefreshTokens(context.Background(), "expired-refresh") - if err == nil { - t.Fatalf("expected refresh error, got nil") - } - if !strings.Contains(err.Error(), "provider rejected token request") { - t.Fatalf("expected provider rejection error, got %v", err) - } - if !strings.Contains(err.Error(), "server busy") { - t.Fatalf("expected provider message in error, got %v", err) - } -} - -func TestRefreshTokensProviderErrorPayloadNon200(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(http.StatusBadGateway) - _ = json.NewEncoder(w).Encode(map[string]any{ - "success": false, - "code": "500", - "message": "server busy", - "data": nil, - }) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewIFlowAuth(nil, client) - _, err := auth.RefreshTokens(context.Background(), "expired-refresh") - if err == nil { - t.Fatalf("expected refresh error, got nil") - } - if !strings.Contains(err.Error(), "provider rejected token request") { - t.Fatalf("expected provider rejection error, got %v", err) - } - if !strings.Contains(err.Error(), "code=500") || !strings.Contains(err.Error(), "server busy") { - t.Fatalf("expected code/message in error, got %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_token.go deleted file mode 100644 index c75dd5ec34..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_token.go +++ /dev/null @@ -1,48 +0,0 @@ -package iflow - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -// IFlowTokenStorage persists iFlow OAuth credentials alongside the derived API key. -type IFlowTokenStorage struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - LastRefresh string `json:"last_refresh"` - Expire string `json:"expired"` - APIKey string `json:"api_key"` - Email string `json:"email"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` - Cookie string `json:"cookie"` - Type string `json:"type"` -} - -// SaveTokenToFile serialises the token storage to disk. -func (ts *IFlowTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "iflow" - if err = os.MkdirAll(filepath.Dir(safePath), 0o700); err != nil { - return fmt.Errorf("iflow token: create directory failed: %w", err) - } - - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("iflow token: create file failed: %w", err) - } - defer func() { _ = f.Close() }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("iflow token: encode token failed: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_token_test.go deleted file mode 100644 index cb178a59c6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/iflow_token_test.go +++ /dev/null @@ -1,10 +0,0 @@ -package iflow - -import "testing" - -func TestIFlowTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &IFlowTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../iflow-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/oauth_server.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/oauth_server.go deleted file mode 100644 index 2a8b7b9f59..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/iflow/oauth_server.go +++ /dev/null @@ -1,143 +0,0 @@ -package iflow - -import ( - "context" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -const errorRedirectURL = "https://iflow.cn/oauth/error" - -// OAuthResult captures the outcome of the local OAuth callback. -type OAuthResult struct { - Code string - State string - Error string -} - -// OAuthServer provides a minimal HTTP server for handling the iFlow OAuth callback. -type OAuthServer struct { - server *http.Server - port int - result chan *OAuthResult - errChan chan error - mu sync.Mutex - running bool -} - -// NewOAuthServer constructs a new OAuthServer bound to the provided port. -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - result: make(chan *OAuthResult, 1), - errChan: make(chan error, 1), - } -} - -// Start launches the callback listener. -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - if s.running { - return fmt.Errorf("iflow oauth server already running") - } - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth2callback", s.handleCallback) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - go func() { - if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed { - s.errChan <- err - } - }() - - time.Sleep(100 * time.Millisecond) - return nil -} - -// Stop gracefully terminates the callback listener. -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - if !s.running || s.server == nil { - return nil - } - defer func() { - s.running = false - s.server = nil - }() - return s.server.Shutdown(ctx) -} - -// WaitForCallback blocks until a callback result, server error, or timeout occurs. -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case res := <-s.result: - return res, nil - case err := <-s.errChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet { - http.Error(w, "method not allowed", http.StatusMethodNotAllowed) - return - } - - query := r.URL.Query() - if errParam := strings.TrimSpace(query.Get("error")); errParam != "" { - s.sendResult(&OAuthResult{Error: errParam}) - http.Redirect(w, r, errorRedirectURL, http.StatusFound) - return - } - - code := strings.TrimSpace(query.Get("code")) - if code == "" { - s.sendResult(&OAuthResult{Error: "missing_code"}) - http.Redirect(w, r, errorRedirectURL, http.StatusFound) - return - } - - state := query.Get("state") - s.sendResult(&OAuthResult{Code: code, State: state}) - http.Redirect(w, r, SuccessRedirectURL, http.StatusFound) -} - -func (s *OAuthServer) sendResult(res *OAuthResult) { - select { - case s.result <- res: - default: - log.Debug("iflow oauth result channel full, dropping result") - } -} - -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - _ = listener.Close() - return true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_auth.go deleted file mode 100644 index 62e728f0a1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_auth.go +++ /dev/null @@ -1,168 +0,0 @@ -// Package kilo provides authentication and token management functionality -// for Kilo AI services. -package kilo - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "time" -) - -const ( - // BaseURL is the base URL for the Kilo AI API. - BaseURL = "https://api.kilo.ai/api" -) - -// DeviceAuthResponse represents the response from initiating device flow. -type DeviceAuthResponse struct { - Code string `json:"code"` - VerificationURL string `json:"verificationUrl"` - ExpiresIn int `json:"expiresIn"` -} - -// DeviceStatusResponse represents the response when polling for device flow status. -type DeviceStatusResponse struct { - Status string `json:"status"` - Token string `json:"token"` - UserEmail string `json:"userEmail"` -} - -// Profile represents the user profile from Kilo AI. -type Profile struct { - Email string `json:"email"` - Orgs []Organization `json:"organizations"` -} - -// Organization represents a Kilo AI organization. -type Organization struct { - ID string `json:"id"` - Name string `json:"name"` -} - -// Defaults represents default settings for an organization or user. -type Defaults struct { - Model string `json:"model"` -} - -// KiloAuth provides methods for handling the Kilo AI authentication flow. -type KiloAuth struct { - client *http.Client -} - -// NewKiloAuth creates a new instance of KiloAuth. -func NewKiloAuth() *KiloAuth { - return &KiloAuth{ - client: &http.Client{Timeout: 30 * time.Second}, - } -} - -// InitiateDeviceFlow starts the device authentication flow. -func (k *KiloAuth) InitiateDeviceFlow(ctx context.Context) (*DeviceAuthResponse, error) { - resp, err := k.client.Post(BaseURL+"/device-auth/codes", "application/json", nil) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to initiate device flow: status %d", resp.StatusCode) - } - - var data DeviceAuthResponse - if err := json.NewDecoder(resp.Body).Decode(&data); err != nil { - return nil, err - } - return &data, nil -} - -// PollForToken polls for the device flow completion. -func (k *KiloAuth) PollForToken(ctx context.Context, code string) (*DeviceStatusResponse, error) { - ticker := time.NewTicker(5 * time.Second) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-ticker.C: - resp, err := k.client.Get(BaseURL + "/device-auth/codes/" + code) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - var data DeviceStatusResponse - if err := json.NewDecoder(resp.Body).Decode(&data); err != nil { - return nil, err - } - - switch data.Status { - case "approved": - return &data, nil - case "denied", "expired": - return nil, fmt.Errorf("device flow %s", data.Status) - case "pending": - continue - default: - return nil, fmt.Errorf("unknown status: %s", data.Status) - } - } - } -} - -// GetProfile fetches the user's profile. -func (k *KiloAuth) GetProfile(ctx context.Context, token string) (*Profile, error) { - req, err := http.NewRequestWithContext(ctx, "GET", BaseURL+"/profile", nil) - if err != nil { - return nil, fmt.Errorf("failed to create get profile request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+token) - - resp, err := k.client.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get profile: status %d", resp.StatusCode) - } - - var profile Profile - if err := json.NewDecoder(resp.Body).Decode(&profile); err != nil { - return nil, err - } - return &profile, nil -} - -// GetDefaults fetches default settings for an organization. -func (k *KiloAuth) GetDefaults(ctx context.Context, token, orgID string) (*Defaults, error) { - url := BaseURL + "/defaults" - if orgID != "" { - url = BaseURL + "/organizations/" + orgID + "/defaults" - } - - req, err := http.NewRequestWithContext(ctx, "GET", url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create get defaults request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+token) - - resp, err := k.client.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get defaults: status %d", resp.StatusCode) - } - - var defaults Defaults - if err := json.NewDecoder(resp.Body).Decode(&defaults); err != nil { - return nil, err - } - return &defaults, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_token.go deleted file mode 100644 index 6a5fa30ee7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_token.go +++ /dev/null @@ -1,64 +0,0 @@ -// Package kilo provides authentication and token management functionality -// for Kilo AI services. -package kilo - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - log "github.com/sirupsen/logrus" -) - -// KiloTokenStorage stores token information for Kilo AI authentication. -type KiloTokenStorage struct { - // Token is the Kilo access token. - Token string `json:"kilocodeToken"` - - // OrganizationID is the Kilo organization ID. - OrganizationID string `json:"kilocodeOrganizationId"` - - // Model is the default model to use. - Model string `json:"kilocodeModel"` - - // Email is the email address of the authenticated user. - Email string `json:"email"` - - // Type indicates the authentication provider type, always "kilo" for this storage. - Type string `json:"type"` -} - -// SaveTokenToFile serializes the Kilo token storage to a JSON file. -func (ts *KiloTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "kilo" - if err = os.MkdirAll(filepath.Dir(safePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("failed to close file: %v", errClose) - } - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// CredentialFileName returns the filename used to persist Kilo credentials. -func CredentialFileName(email string) string { - return fmt.Sprintf("kilo-%s.json", email) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_token_test.go deleted file mode 100644 index 9b0785990a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kilo/kilo_token_test.go +++ /dev/null @@ -1,10 +0,0 @@ -package kilo - -import "testing" - -func TestKiloTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &KiloTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../kilo-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/kimi.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/kimi.go deleted file mode 100644 index 5337fc1c0d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/kimi.go +++ /dev/null @@ -1,398 +0,0 @@ -// Package kimi provides authentication and token management for Kimi (Moonshot AI) API. -// It handles the RFC 8628 OAuth2 Device Authorization Grant flow for secure authentication. -package kimi - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "os" - "runtime" - "strings" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // kimiClientID is Kimi Code's OAuth client ID. - kimiClientID = "17e5f671-d194-4dfb-9706-5516cb48c098" - // kimiOAuthHost is the OAuth server endpoint. - kimiOAuthHost = "https://auth.kimi.com" - // kimiDeviceCodeURL is the endpoint for requesting device codes. - kimiDeviceCodeURL = kimiOAuthHost + "/api/oauth/device_authorization" - // kimiTokenURL is the endpoint for exchanging device codes for tokens. - kimiTokenURL = kimiOAuthHost + "/api/oauth/token" - // KimiAPIBaseURL is the base URL for Kimi API requests. - KimiAPIBaseURL = "https://api.kimi.com/coding" - // defaultPollInterval is the default interval for polling token endpoint. - defaultPollInterval = 5 * time.Second - // maxPollDuration is the maximum time to wait for user authorization. - maxPollDuration = 15 * time.Minute - // refreshThresholdSeconds is when to refresh token before expiry (5 minutes). - refreshThresholdSeconds = 300 -) - -// KimiAuth handles Kimi authentication flow. -type KimiAuth struct { - deviceClient *DeviceFlowClient - cfg *config.Config -} - -// NewKimiAuth creates a new KimiAuth service instance. -func NewKimiAuth(cfg *config.Config) *KimiAuth { - return &KimiAuth{ - deviceClient: NewDeviceFlowClient(cfg), - cfg: cfg, - } -} - -// StartDeviceFlow initiates the device flow authentication. -func (k *KimiAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error) { - return k.deviceClient.RequestDeviceCode(ctx) -} - -// WaitForAuthorization polls for user authorization and returns the auth bundle. -func (k *KimiAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*KimiAuthBundle, error) { - tokenData, err := k.deviceClient.PollForToken(ctx, deviceCode) - if err != nil { - return nil, err - } - - return &KimiAuthBundle{ - TokenData: tokenData, - DeviceID: k.deviceClient.deviceID, - }, nil -} - -// CreateTokenStorage creates a new KimiTokenStorage from auth bundle. -func (k *KimiAuth) CreateTokenStorage(bundle *KimiAuthBundle) *KimiTokenStorage { - expired := "" - if bundle.TokenData.ExpiresAt > 0 { - expired = time.Unix(bundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - } - return &KimiTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - TokenType: bundle.TokenData.TokenType, - Scope: bundle.TokenData.Scope, - DeviceID: strings.TrimSpace(bundle.DeviceID), - Expired: expired, - Type: "kimi", - } -} - -// DeviceFlowClient handles the OAuth2 device flow for Kimi. -type DeviceFlowClient struct { - httpClient *http.Client - cfg *config.Config - deviceID string -} - -// NewDeviceFlowClient creates a new device flow client. -func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient { - return NewDeviceFlowClientWithDeviceID(cfg, "", nil) -} - -// NewDeviceFlowClientWithDeviceID creates a new device flow client with the specified device ID. -func NewDeviceFlowClientWithDeviceID(cfg *config.Config, deviceID string, httpClient *http.Client) *DeviceFlowClient { - if httpClient == nil { - httpClient = &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - httpClient = util.SetProxy(&cfg.SDKConfig, httpClient) - } - } - resolvedDeviceID := strings.TrimSpace(deviceID) - if resolvedDeviceID == "" { - resolvedDeviceID = getOrCreateDeviceID() - } - return &DeviceFlowClient{ - httpClient: httpClient, - cfg: cfg, - deviceID: resolvedDeviceID, - } -} - -// getOrCreateDeviceID returns an in-memory device ID for the current authentication flow. -func getOrCreateDeviceID() string { - return uuid.New().String() -} - -// getDeviceModel returns a device model string. -func getDeviceModel() string { - osName := runtime.GOOS - arch := runtime.GOARCH - - switch osName { - case "darwin": - return fmt.Sprintf("macOS %s", arch) - case "windows": - return fmt.Sprintf("Windows %s", arch) - case "linux": - return fmt.Sprintf("Linux %s", arch) - default: - return fmt.Sprintf("%s %s", osName, arch) - } -} - -// getHostname returns the machine hostname. -func getHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// commonHeaders returns headers required for Kimi API requests. -func (c *DeviceFlowClient) commonHeaders() map[string]string { - return map[string]string{ - "X-Msh-Platform": "cli-proxy-api", - "X-Msh-Version": "1.0.0", - "X-Msh-Device-Name": getHostname(), - "X-Msh-Device-Model": getDeviceModel(), - "X-Msh-Device-Id": c.deviceID, - } -} - -// RequestDeviceCode initiates the device flow by requesting a device code from Kimi. -func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) { - data := url.Values{} - data.Set("client_id", kimiClientID) - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiDeviceCodeURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create device code request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: device code request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi device code: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read device code response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("kimi: device code request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - var deviceCode DeviceCodeResponse - if err = json.Unmarshal(bodyBytes, &deviceCode); err != nil { - return nil, fmt.Errorf("kimi: failed to parse device code response: %w", err) - } - - return &deviceCode, nil -} - -// PollForToken polls the token endpoint until the user authorizes or the device code expires. -func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*KimiTokenData, error) { - if deviceCode == nil { - return nil, fmt.Errorf("kimi: device code is nil") - } - - interval := time.Duration(deviceCode.Interval) * time.Second - if interval < defaultPollInterval { - interval = defaultPollInterval - } - - deadline := time.Now().Add(maxPollDuration) - if deviceCode.ExpiresIn > 0 { - codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second) - if codeDeadline.Before(deadline) { - deadline = codeDeadline - } - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, fmt.Errorf("kimi: context cancelled: %w", ctx.Err()) - case <-ticker.C: - if time.Now().After(deadline) { - return nil, fmt.Errorf("kimi: device code expired") - } - - token, pollErr, shouldContinue := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode) - if token != nil { - return token, nil - } - if !shouldContinue { - return nil, pollErr - } - // Continue polling - } - } -} - -// exchangeDeviceCode attempts to exchange the device code for an access token. -// Returns (token, error, shouldContinue). -func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*KimiTokenData, error, bool) { - data := url.Values{} - data.Set("client_id", kimiClientID) - data.Set("device_code", deviceCode) - data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create token request: %w", err), false - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: token request failed: %w", err), false - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi token exchange: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read token response: %w", err), false - } - - // Parse response - Kimi returns 200 for both success and pending states - var oauthResp struct { - Error string `json:"error"` - ErrorDescription string `json:"error_description"` - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn float64 `json:"expires_in"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil { - return nil, fmt.Errorf("kimi: failed to parse token response: %w", err), false - } - - if oauthResp.Error != "" { - switch oauthResp.Error { - case "authorization_pending": - return nil, nil, true // Continue polling - case "slow_down": - return nil, nil, true // Continue polling (with increased interval handled by caller) - case "expired_token": - return nil, fmt.Errorf("kimi: device code expired"), false - case "access_denied": - return nil, fmt.Errorf("kimi: access denied by user"), false - default: - return nil, fmt.Errorf("kimi: OAuth error: %s - %s", oauthResp.Error, oauthResp.ErrorDescription), false - } - } - - if oauthResp.AccessToken == "" { - return nil, fmt.Errorf("kimi: empty access token in response"), false - } - - var expiresAt int64 - if oauthResp.ExpiresIn > 0 { - expiresAt = time.Now().Unix() + int64(oauthResp.ExpiresIn) - } - - return &KimiTokenData{ - AccessToken: oauthResp.AccessToken, - RefreshToken: oauthResp.RefreshToken, - TokenType: oauthResp.TokenType, - ExpiresAt: expiresAt, - Scope: oauthResp.Scope, - }, nil, false -} - -// RefreshToken exchanges a refresh token for a new access token. -func (c *DeviceFlowClient) RefreshToken(ctx context.Context, refreshToken string) (*KimiTokenData, error) { - data := url.Values{} - data.Set("client_id", kimiClientID) - data.Set("grant_type", "refresh_token") - data.Set("refresh_token", refreshToken) - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create refresh request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: refresh request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi refresh token: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read refresh response: %w", err) - } - - if resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden { - return nil, fmt.Errorf("kimi: refresh token rejected (status %d)", resp.StatusCode) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("kimi: refresh failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn float64 `json:"expires_in"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &tokenResp); err != nil { - return nil, fmt.Errorf("kimi: failed to parse refresh response: %w", err) - } - - if tokenResp.AccessToken == "" { - return nil, fmt.Errorf("kimi: empty access token in refresh response") - } - - var expiresAt int64 - if tokenResp.ExpiresIn > 0 { - expiresAt = time.Now().Unix() + int64(tokenResp.ExpiresIn) - } - - return &KimiTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - TokenType: tokenResp.TokenType, - ExpiresAt: expiresAt, - Scope: tokenResp.Scope, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/kimi_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/kimi_test.go deleted file mode 100644 index bca4bd04e7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/kimi_test.go +++ /dev/null @@ -1,73 +0,0 @@ -package kimi - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" -) - -type rewriteTransport struct { - target string - base http.RoundTripper -} - -func (t *rewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return t.base.RoundTrip(newReq) -} - -func TestRequestDeviceCode(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := DeviceCodeResponse{ - DeviceCode: "dev-code", - UserCode: "user-code", - VerificationURI: "http://kimi.com/verify", - ExpiresIn: 600, - Interval: 5, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - dfc := NewDeviceFlowClientWithDeviceID(nil, "test-device", client) - resp, err := dfc.RequestDeviceCode(context.Background()) - if err != nil { - t.Fatalf("RequestDeviceCode failed: %v", err) - } - - if resp.DeviceCode != "dev-code" { - t.Errorf("got device code %q, want dev-code", resp.DeviceCode) - } -} - -func TestCreateTokenStorage(t *testing.T) { - auth := NewKimiAuth(nil) - bundle := &KimiAuthBundle{ - TokenData: &KimiTokenData{ - AccessToken: "access", - RefreshToken: "refresh", - ExpiresAt: 1234567890, - }, - DeviceID: "device", - } - ts := auth.CreateTokenStorage(bundle) - if ts.AccessToken != "access" { - t.Errorf("got access %q, want access", ts.AccessToken) - } - if ts.DeviceID != "device" { - t.Errorf("got device %q, want device", ts.DeviceID) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token.go deleted file mode 100644 index 29fb3ea6f6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token.go +++ /dev/null @@ -1,120 +0,0 @@ -// Package kimi provides authentication and token management functionality -// for Kimi (Moonshot AI) services. It handles OAuth2 device flow token storage, -// serialization, and retrieval for maintaining authenticated sessions with the Kimi API. -package kimi - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -// KimiTokenStorage stores OAuth2 token information for Kimi API authentication. -type KimiTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is the OAuth2 refresh token used to obtain new access tokens. - RefreshToken string `json:"refresh_token"` - // TokenType is the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope,omitempty"` - // DeviceID is the OAuth device flow identifier used for Kimi requests. - DeviceID string `json:"device_id,omitempty"` - // Expired is the RFC3339 timestamp when the access token expires. - Expired string `json:"expired,omitempty"` - // Type indicates the authentication provider type, always "kimi" for this storage. - Type string `json:"type"` -} - -// KimiTokenData holds the raw OAuth token response from Kimi. -type KimiTokenData struct { - // AccessToken is the OAuth2 access token. - AccessToken string `json:"access_token"` - // RefreshToken is the OAuth2 refresh token. - RefreshToken string `json:"refresh_token"` - // TokenType is the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ExpiresAt is the Unix timestamp when the token expires. - ExpiresAt int64 `json:"expires_at"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` -} - -// KimiAuthBundle bundles authentication data for storage. -type KimiAuthBundle struct { - // TokenData contains the OAuth token information. - TokenData *KimiTokenData - // DeviceID is the device identifier used during OAuth device flow. - DeviceID string -} - -// DeviceCodeResponse represents Kimi's device code response. -type DeviceCodeResponse struct { - // DeviceCode is the device verification code. - DeviceCode string `json:"device_code"` - // UserCode is the code the user must enter at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user should enter the code. - VerificationURI string `json:"verification_uri,omitempty"` - // VerificationURIComplete is the URL with the code pre-filled. - VerificationURIComplete string `json:"verification_uri_complete"` - // ExpiresIn is the number of seconds until the device code expires. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum number of seconds to wait between polling requests. - Interval int `json:"interval"` -} - -// SaveTokenToFile serializes the Kimi token storage to a JSON file. -func (ts *KimiTokenStorage) SaveTokenToFile(authFilePath string) error { - safePath, err := misc.ResolveSafeFilePath(authFilePath) - if err != nil { - return fmt.Errorf("invalid token file path: %w", err) - } - misc.LogSavingCredentials(safePath) - ts.Type = "kimi" - - if err = os.MkdirAll(filepath.Dir(safePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(safePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - encoder := json.NewEncoder(f) - encoder.SetIndent("", " ") - if err = encoder.Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// IsExpired checks if the token has expired. -func (ts *KimiTokenStorage) IsExpired() bool { - if ts.Expired == "" { - return false // No expiry set, assume valid - } - t, err := time.Parse(time.RFC3339, ts.Expired) - if err != nil { - return true // Has expiry string but can't parse - } - // Consider expired if within refresh threshold - return time.Now().Add(time.Duration(refreshThresholdSeconds) * time.Second).After(t) -} - -// NeedsRefresh checks if the token should be refreshed. -func (ts *KimiTokenStorage) NeedsRefresh() bool { - if ts.RefreshToken == "" { - return false // Can't refresh without refresh token - } - return ts.IsExpired() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token_path_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token_path_test.go deleted file mode 100644 index c4b27147e6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token_path_test.go +++ /dev/null @@ -1,19 +0,0 @@ -package kimi - -import ( - "strings" - "testing" -) - -func TestKimiTokenStorage_SaveTokenToFile_RejectsTraversalPath(t *testing.T) { - ts := &KimiTokenStorage{AccessToken: "token"} - badPath := t.TempDir() + "/../kimi-token.json" - - err := ts.SaveTokenToFile(badPath) - if err == nil { - t.Fatal("expected error for traversal path") - } - if !strings.Contains(err.Error(), "invalid token file path") { - t.Fatalf("expected invalid path error, got %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token_test.go deleted file mode 100644 index 36475e6449..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kimi/token_test.go +++ /dev/null @@ -1,10 +0,0 @@ -package kimi - -import "testing" - -func TestKimiTokenStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - ts := &KimiTokenStorage{} - if err := ts.SaveTokenToFile("/tmp/../kimi-escape.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws.go deleted file mode 100644 index e209264c63..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws.go +++ /dev/null @@ -1,597 +0,0 @@ -// Package kiro provides authentication functionality for AWS CodeWhisperer (Kiro) API. -// It includes interfaces and implementations for token storage and authentication methods. -package kiro - -import ( - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "time" -) - -// PKCECodes holds PKCE verification codes for OAuth2 PKCE flow -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// KiroTokenData holds OAuth token information from AWS CodeWhisperer (Kiro) -type KiroTokenData struct { - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"accessToken"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refreshToken"` - // ProfileArn is the AWS CodeWhisperer profile ARN - ProfileArn string `json:"profileArn"` - // ExpiresAt is the timestamp when the token expires - ExpiresAt string `json:"expiresAt"` - // AuthMethod indicates the authentication method used (e.g., "builder-id", "social", "idc") - AuthMethod string `json:"authMethod"` - // Provider indicates the OAuth provider (e.g., "AWS", "Google", "Enterprise") - Provider string `json:"provider"` - // ClientID is the OIDC client ID (needed for token refresh) - ClientID string `json:"clientId,omitempty"` - // ClientSecret is the OIDC client secret (needed for token refresh) - ClientSecret string `json:"clientSecret,omitempty"` - // ClientIDHash is the hash of client ID used to locate device registration file - // (Enterprise Kiro IDE stores clientId/clientSecret in ~/.aws/sso/cache/{clientIdHash}.json) - ClientIDHash string `json:"clientIdHash,omitempty"` - // Email is the user's email address (used for file naming) - Email string `json:"email,omitempty"` - // StartURL is the IDC/Identity Center start URL (only for IDC auth method) - StartURL string `json:"startUrl,omitempty"` - // Region is the AWS region for IDC authentication (only for IDC auth method) - Region string `json:"region,omitempty"` -} - -// KiroAuthBundle aggregates authentication data after OAuth flow completion -type KiroAuthBundle struct { - // TokenData contains the OAuth tokens from the authentication flow - TokenData KiroTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} - -// KiroUsageInfo represents usage information from CodeWhisperer API -type KiroUsageInfo struct { - // SubscriptionTitle is the subscription plan name (e.g., "KIRO FREE") - SubscriptionTitle string `json:"subscription_title"` - // CurrentUsage is the current credit usage - CurrentUsage float64 `json:"current_usage"` - // UsageLimit is the maximum credit limit - UsageLimit float64 `json:"usage_limit"` - // NextReset is the timestamp of the next usage reset - NextReset string `json:"next_reset"` -} - -// KiroModel represents a model available through the CodeWhisperer API -type KiroModel struct { - // ModelID is the unique identifier for the model - ModelID string `json:"modelId"` - // ModelName is the human-readable name - ModelName string `json:"modelName"` - // Description is the model description - Description string `json:"description"` - // RateMultiplier is the credit multiplier for this model - RateMultiplier float64 `json:"rateMultiplier"` - // RateUnit is the unit for rate calculation (e.g., "credit") - RateUnit string `json:"rateUnit"` - // MaxInputTokens is the maximum input token limit - MaxInputTokens int `json:"maxInputTokens,omitempty"` -} - -// KiroIDETokenFile is the default path to Kiro IDE's token file -const KiroIDETokenFile = ".aws/sso/cache/kiro-auth-token.json" - -// KiroIDETokenLegacyFile is the legacy path used by older Kiro builds/docs. -const KiroIDETokenLegacyFile = ".kiro/kiro-auth-token.json" - -// Default retry configuration for file reading -const ( - defaultTokenReadMaxAttempts = 10 // Maximum retry attempts - defaultTokenReadBaseDelay = 50 * time.Millisecond // Base delay between retries -) - -// isTransientFileError checks if the error is a transient file access error -// that may be resolved by retrying (e.g., file locked by another process on Windows). -func isTransientFileError(err error) bool { - if err == nil { - return false - } - - // Check for OS-level file access errors (Windows sharing violation, etc.) - var pathErr *os.PathError - if errors.As(err, &pathErr) { - // Windows sharing violation (ERROR_SHARING_VIOLATION = 32) - // Windows lock violation (ERROR_LOCK_VIOLATION = 33) - errStr := pathErr.Err.Error() - if strings.Contains(errStr, "being used by another process") || - strings.Contains(errStr, "sharing violation") || - strings.Contains(errStr, "lock violation") { - return true - } - } - - // Check error message for common transient patterns - errMsg := strings.ToLower(err.Error()) - transientPatterns := []string{ - "being used by another process", - "sharing violation", - "lock violation", - "access is denied", - "unexpected end of json", - "unexpected eof", - } - for _, pattern := range transientPatterns { - if strings.Contains(errMsg, pattern) { - return true - } - } - - return false -} - -// LoadKiroIDETokenWithRetry loads token data from Kiro IDE's token file with retry logic. -// This handles transient file access errors (e.g., file locked by Kiro IDE during write). -// maxAttempts: maximum number of retry attempts (default 10 if <= 0) -// baseDelay: base delay between retries with exponential backoff (default 50ms if <= 0) -func LoadKiroIDETokenWithRetry(maxAttempts int, baseDelay time.Duration) (*KiroTokenData, error) { - if maxAttempts <= 0 { - maxAttempts = defaultTokenReadMaxAttempts - } - if baseDelay <= 0 { - baseDelay = defaultTokenReadBaseDelay - } - - var lastErr error - for attempt := 0; attempt < maxAttempts; attempt++ { - token, err := LoadKiroIDEToken() - if err == nil { - return token, nil - } - lastErr = err - - // Only retry for transient errors - if !isTransientFileError(err) { - return nil, err - } - - // Exponential backoff: delay * 2^attempt, capped at 500ms - delay := baseDelay * time.Duration(1< 500*time.Millisecond { - delay = 500 * time.Millisecond - } - time.Sleep(delay) - } - - return nil, fmt.Errorf("failed to read token file after %d attempts: %w", maxAttempts, lastErr) -} - -// LoadKiroIDEToken loads token data from Kiro IDE's token file. -// For Enterprise Kiro IDE (IDC auth), it also loads clientId and clientSecret -// from the device registration file referenced by clientIdHash. -func LoadKiroIDEToken() (*KiroTokenData, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - data, tokenPath, err := readKiroIDETokenFile(homeDir) - if err != nil { - return nil, err - } - - token, err := parseKiroTokenData(data) - if err != nil { - return nil, fmt.Errorf("failed to parse Kiro IDE token (%s): %w", tokenPath, err) - } - - if token.AccessToken == "" { - return nil, fmt.Errorf("access token is empty in Kiro IDE token file") - } - - // Normalize AuthMethod to lowercase (Kiro IDE uses "IdC" but we expect "idc") - token.AuthMethod = strings.ToLower(token.AuthMethod) - - // For Enterprise Kiro IDE (IDC auth), load clientId and clientSecret from device registration - // The device registration file is located at ~/.aws/sso/cache/{clientIdHash}.json - if token.ClientIDHash != "" && token.ClientID == "" { - if err := loadDeviceRegistration(homeDir, token.ClientIDHash, token); err != nil { - // Log warning but don't fail - token might still work for some operations - fmt.Printf("warning: failed to load device registration for clientIdHash %s: %v\n", token.ClientIDHash, err) - } - } - - return token, nil -} - -func readKiroIDETokenFile(homeDir string) ([]byte, string, error) { - candidates := []string{ - filepath.Join(homeDir, KiroIDETokenFile), - filepath.Join(homeDir, KiroIDETokenLegacyFile), - } - - var errs []string - for _, tokenPath := range candidates { - data, err := os.ReadFile(tokenPath) - if err == nil { - return data, tokenPath, nil - } - if os.IsNotExist(err) { - errs = append(errs, fmt.Sprintf("%s (not found)", tokenPath)) - continue - } - return nil, "", fmt.Errorf("failed to read Kiro IDE token file (%s): %w", tokenPath, err) - } - return nil, "", fmt.Errorf("failed to read Kiro IDE token file; checked: %s", strings.Join(errs, ", ")) -} - -type kiroTokenDataWire struct { - AccessToken string `json:"accessToken"` - AccessTokenLegacy string `json:"access_token"` - RefreshToken string `json:"refreshToken"` - RefreshTokenOld string `json:"refresh_token"` - ProfileArn string `json:"profileArn"` - ProfileArnOld string `json:"profile_arn"` - ExpiresAt string `json:"expiresAt"` - ExpiresAtOld string `json:"expires_at"` - AuthMethod string `json:"authMethod"` - AuthMethodOld string `json:"auth_method"` - Provider string `json:"provider"` - ClientID string `json:"clientId"` - ClientIDOld string `json:"client_id"` - ClientSecret string `json:"clientSecret"` - ClientSecretOld string `json:"client_secret"` - ClientIDHash string `json:"clientIdHash"` - ClientIDHashOld string `json:"client_id_hash"` - Email string `json:"email"` - StartURL string `json:"startUrl"` - StartURLOld string `json:"start_url"` - Region string `json:"region"` -} - -func parseKiroTokenData(data []byte) (*KiroTokenData, error) { - var wire kiroTokenDataWire - if err := json.Unmarshal(data, &wire); err != nil { - return nil, err - } - - token := &KiroTokenData{ - AccessToken: firstNonEmpty(wire.AccessToken, wire.AccessTokenLegacy), - RefreshToken: firstNonEmpty(wire.RefreshToken, wire.RefreshTokenOld), - ProfileArn: firstNonEmpty(wire.ProfileArn, wire.ProfileArnOld), - ExpiresAt: firstNonEmpty(wire.ExpiresAt, wire.ExpiresAtOld), - AuthMethod: firstNonEmpty(wire.AuthMethod, wire.AuthMethodOld), - Provider: strings.TrimSpace(wire.Provider), - ClientID: firstNonEmpty(wire.ClientID, wire.ClientIDOld), - ClientSecret: firstNonEmpty(wire.ClientSecret, wire.ClientSecretOld), - ClientIDHash: firstNonEmpty(wire.ClientIDHash, wire.ClientIDHashOld), - Email: strings.TrimSpace(wire.Email), - StartURL: firstNonEmpty(wire.StartURL, wire.StartURLOld), - Region: strings.TrimSpace(wire.Region), - } - - return token, nil -} - -func firstNonEmpty(values ...string) string { - for _, value := range values { - value = strings.TrimSpace(value) - if value != "" { - return value - } - } - return "" -} - -// loadDeviceRegistration loads clientId and clientSecret from the device registration file. -// Enterprise Kiro IDE stores these in ~/.aws/sso/cache/{clientIdHash}.json -func loadDeviceRegistration(homeDir, clientIDHash string, token *KiroTokenData) error { - if clientIDHash == "" { - return fmt.Errorf("clientIdHash is empty") - } - - // Sanitize clientIdHash to prevent path traversal - if strings.Contains(clientIDHash, "/") || strings.Contains(clientIDHash, "\\") || strings.Contains(clientIDHash, "..") { - return fmt.Errorf("invalid clientIdHash: contains path separator") - } - - deviceRegPath := filepath.Join(homeDir, ".aws", "sso", "cache", clientIDHash+".json") - data, err := os.ReadFile(deviceRegPath) - if err != nil { - return fmt.Errorf("failed to read device registration file (%s): %w", deviceRegPath, err) - } - - // Device registration file structure - var deviceReg struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - ExpiresAt string `json:"expiresAt"` - } - - if err := json.Unmarshal(data, &deviceReg); err != nil { - return fmt.Errorf("failed to parse device registration: %w", err) - } - - if deviceReg.ClientID == "" || deviceReg.ClientSecret == "" { - return fmt.Errorf("device registration missing clientId or clientSecret") - } - - token.ClientID = deviceReg.ClientID - token.ClientSecret = deviceReg.ClientSecret - - return nil -} - -// LoadKiroTokenFromPath loads token data from a custom path. -// This supports multiple accounts by allowing different token files. -// For Enterprise Kiro IDE (IDC auth), it also loads clientId and clientSecret -// from the device registration file referenced by clientIdHash. -func LoadKiroTokenFromPath(tokenPath string) (*KiroTokenData, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - // Expand ~ to home directory - if len(tokenPath) > 0 && tokenPath[0] == '~' { - tokenPath = filepath.Join(homeDir, tokenPath[1:]) - } - - data, err := os.ReadFile(tokenPath) - if err != nil { - return nil, fmt.Errorf("failed to read token file (%s): %w", tokenPath, err) - } - - token, err := parseKiroTokenData(data) - if err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - if token.AccessToken == "" { - return nil, fmt.Errorf("access token is empty in token file") - } - - // Normalize AuthMethod to lowercase (Kiro IDE uses "IdC" but we expect "idc") - token.AuthMethod = strings.ToLower(token.AuthMethod) - - // For Enterprise Kiro IDE (IDC auth), load clientId and clientSecret from device registration - if token.ClientIDHash != "" && token.ClientID == "" { - if err := loadDeviceRegistration(homeDir, token.ClientIDHash, token); err != nil { - // Log warning but don't fail - token might still work for some operations - fmt.Printf("warning: failed to load device registration for clientIdHash %s: %v\n", token.ClientIDHash, err) - } - } - - return token, nil -} - -// ListKiroTokenFiles lists all Kiro token files in the cache directory. -// This supports multiple accounts by finding all token files. -func ListKiroTokenFiles() ([]string, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - cacheDir := filepath.Join(homeDir, ".aws", "sso", "cache") - - // Check if directory exists - if _, err := os.Stat(cacheDir); os.IsNotExist(err) { - return nil, nil // No token files - } - - entries, err := os.ReadDir(cacheDir) - if err != nil { - return nil, fmt.Errorf("failed to read cache directory: %w", err) - } - - var tokenFiles []string - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - // Look for kiro token files only (avoid matching unrelated AWS SSO cache files) - if strings.HasSuffix(name, ".json") && strings.HasPrefix(name, "kiro") { - tokenFiles = append(tokenFiles, filepath.Join(cacheDir, name)) - } - } - - return tokenFiles, nil -} - -// LoadAllKiroTokens loads all Kiro tokens from the cache directory. -// This supports multiple accounts. -func LoadAllKiroTokens() ([]*KiroTokenData, error) { - files, err := ListKiroTokenFiles() - if err != nil { - return nil, err - } - - var tokens []*KiroTokenData - for _, file := range files { - token, err := LoadKiroTokenFromPath(file) - if err != nil { - // Skip invalid token files - continue - } - tokens = append(tokens, token) - } - - return tokens, nil -} - -// JWTClaims represents the claims we care about from a JWT token. -// JWT tokens from Kiro/AWS contain user information in the payload. -type JWTClaims struct { - Email string `json:"email,omitempty"` - Sub string `json:"sub,omitempty"` - PreferredUser string `json:"preferred_username,omitempty"` - Name string `json:"name,omitempty"` - Iss string `json:"iss,omitempty"` -} - -// ExtractEmailFromJWT extracts the user's email from a JWT access token. -// JWT tokens typically have format: header.payload.signature -// The payload is base64url-encoded JSON containing user claims. -func ExtractEmailFromJWT(accessToken string) string { - if accessToken == "" { - return "" - } - - // JWT format: header.payload.signature - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - return "" - } - - // Decode the payload (second part) - payload := parts[1] - - // Add padding if needed (base64url requires padding) - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - - decoded, err := base64.URLEncoding.DecodeString(payload) - if err != nil { - // Try RawURLEncoding (no padding) - decoded, err = base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return "" - } - } - - var claims JWTClaims - if err := json.Unmarshal(decoded, &claims); err != nil { - return "" - } - - // Return email if available - if claims.Email != "" { - return claims.Email - } - - // Fallback to preferred_username (some providers use this) - if claims.PreferredUser != "" && strings.Contains(claims.PreferredUser, "@") { - return claims.PreferredUser - } - - // Fallback to sub if it looks like an email - if claims.Sub != "" && strings.Contains(claims.Sub, "@") { - return claims.Sub - } - - return "" -} - -// SanitizeEmailForFilename sanitizes an email address for use in a filename. -// Replaces special characters with underscores and prevents path traversal attacks. -// Also handles URL-encoded characters to prevent encoded path traversal attempts. -func SanitizeEmailForFilename(email string) string { - if email == "" { - return "" - } - - result := email - - // First, handle URL-encoded path traversal attempts (%2F, %2E, %5C, etc.) - // This prevents encoded characters from bypassing the sanitization. - // Note: We replace % last to catch any remaining encodings including double-encoding (%252F) - result = strings.ReplaceAll(result, "%2F", "_") // / - result = strings.ReplaceAll(result, "%2f", "_") - result = strings.ReplaceAll(result, "%5C", "_") // \ - result = strings.ReplaceAll(result, "%5c", "_") - result = strings.ReplaceAll(result, "%2E", "_") // . - result = strings.ReplaceAll(result, "%2e", "_") - result = strings.ReplaceAll(result, "%00", "_") // null byte - result = strings.ReplaceAll(result, "%", "_") // Catch remaining % to prevent double-encoding attacks - - // Replace characters that are problematic in filenames - // Keep @ and . in middle but replace other special characters - for _, char := range []string{"/", "\\", ":", "*", "?", "\"", "<", ">", "|", " ", "\x00"} { - result = strings.ReplaceAll(result, char, "_") - } - - // Prevent path traversal: replace leading dots in each path component - // This handles cases like "../../../etc/passwd" → "_.._.._.._etc_passwd" - parts := strings.Split(result, "_") - for i, part := range parts { - for strings.HasPrefix(part, ".") { - part = "_" + part[1:] - } - parts[i] = part - } - result = strings.Join(parts, "_") - - return result -} - -// ExtractIDCIdentifier extracts a unique identifier from IDC startUrl. -// Examples: -// - "https://d-1234567890.awsapps.com/start" -> "d-1234567890" -// - "https://my-company.awsapps.com/start" -> "my-company" -// - "https://acme-corp.awsapps.com/start" -> "acme-corp" -func ExtractIDCIdentifier(startURL string) string { - if startURL == "" { - return "" - } - - // Remove protocol prefix - url := strings.TrimPrefix(startURL, "https://") - url = strings.TrimPrefix(url, "http://") - - // Extract subdomain (first part before the first dot) - // Format: {identifier}.awsapps.com/start - parts := strings.Split(url, ".") - if len(parts) > 0 && parts[0] != "" { - identifier := parts[0] - // Sanitize for filename safety - identifier = strings.ReplaceAll(identifier, "/", "_") - identifier = strings.ReplaceAll(identifier, "\\", "_") - identifier = strings.ReplaceAll(identifier, ":", "_") - return identifier - } - - return "" -} - -// GenerateTokenFileName generates a unique filename for token storage. -// Priority: email > startUrl identifier (IDC or builder-id) > authMethod only -// Format: kiro-{authMethod}-{identifier}.json or kiro-{authMethod}.json -func GenerateTokenFileName(tokenData *KiroTokenData) string { - authMethod := tokenData.AuthMethod - if authMethod == "" { - authMethod = "unknown" - } - - // Priority 1: Use email if available (email is unique) - if tokenData.Email != "" { - sanitizedEmail := tokenData.Email - sanitizedEmail = strings.ReplaceAll(sanitizedEmail, "@", "-") - sanitizedEmail = strings.ReplaceAll(sanitizedEmail, ".", "-") - return fmt.Sprintf("kiro-%s-%s.json", authMethod, sanitizedEmail) - } - - // Priority 2: For IDC only, use startUrl identifier when available - if authMethod == "idc" && tokenData.StartURL != "" { - identifier := ExtractIDCIdentifier(tokenData.StartURL) - if identifier != "" { - return fmt.Sprintf("kiro-%s-%s.json", authMethod, identifier) - } - } - - // Priority 3: Fallback to authMethod only - return fmt.Sprintf("kiro-%s.json", authMethod) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_auth.go deleted file mode 100644 index 1118ea1a9a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_auth.go +++ /dev/null @@ -1,338 +0,0 @@ -// Package kiro provides OAuth2 authentication functionality for AWS CodeWhisperer (Kiro) API. -// This package implements token loading, refresh, and API communication with CodeWhisperer. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // awsKiroEndpoint is used for CodeWhisperer management APIs (GetUsageLimits, ListProfiles, etc.) - // Note: This is different from the Amazon Q streaming endpoint (q.us-east-1.amazonaws.com) - // used in kiro_executor.go for GenerateAssistantResponse. Both endpoints are correct - // for their respective API operations. - awsKiroEndpoint = "https://codewhisperer.us-east-1.amazonaws.com" - defaultTokenFile = "~/.aws/sso/cache/kiro-auth-token.json" - targetGetUsage = "AmazonCodeWhispererService.GetUsageLimits" - targetListModels = "AmazonCodeWhispererService.ListAvailableModels" - targetGenerateChat = "AmazonCodeWhispererStreamingService.GenerateAssistantResponse" -) - -// KiroAuth handles AWS CodeWhisperer authentication and API communication. -// It provides methods for loading tokens, refreshing expired tokens, -// and communicating with the CodeWhisperer API. -type KiroAuth struct { - httpClient *http.Client - endpoint string -} - -// NewKiroAuth creates a new Kiro authentication service. -// It initializes the HTTP client with proxy settings from the configuration. -// -// Parameters: -// - cfg: The application configuration containing proxy settings -// -// Returns: -// - *KiroAuth: A new Kiro authentication service instance -func NewKiroAuth(cfg *config.Config) *KiroAuth { - return &KiroAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 120 * time.Second}), - endpoint: awsKiroEndpoint, - } -} - -// LoadTokenFromFile loads token data from a file path. -// This method reads and parses the token file, expanding ~ to the home directory. -// -// Parameters: -// - tokenFile: Path to the token file (supports ~ expansion) -// -// Returns: -// - *KiroTokenData: The parsed token data -// - error: An error if file reading or parsing fails -func (k *KiroAuth) LoadTokenFromFile(tokenFile string) (*KiroTokenData, error) { - // Expand ~ to home directory - if strings.HasPrefix(tokenFile, "~") { - home, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - tokenFile = filepath.Join(home, tokenFile[1:]) - } - - data, err := os.ReadFile(tokenFile) - if err != nil { - return nil, fmt.Errorf("failed to read token file: %w", err) - } - - var tokenData KiroTokenData - if err := json.Unmarshal(data, &tokenData); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - return &tokenData, nil -} - -// IsTokenExpired checks if the token has expired. -// This method parses the expiration timestamp and compares it with the current time. -// -// Parameters: -// - tokenData: The token data to check -// -// Returns: -// - bool: True if the token has expired, false otherwise -func (k *KiroAuth) IsTokenExpired(tokenData *KiroTokenData) bool { - if tokenData.ExpiresAt == "" { - return true - } - - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - // Try alternate format - expiresAt, err = time.Parse("2006-01-02T15:04:05.000Z", tokenData.ExpiresAt) - if err != nil { - return true - } - } - - return time.Now().After(expiresAt) -} - -// makeRequest sends a request to the CodeWhisperer API. -// This is an internal method for making authenticated API calls. -// -// Parameters: -// - ctx: The context for the request -// - target: The API target (e.g., "AmazonCodeWhispererService.GetUsageLimits") -// - accessToken: The OAuth access token -// - payload: The request payload -// -// Returns: -// - []byte: The response body -// - error: An error if the request fails -func (k *KiroAuth) makeRequest(ctx context.Context, target string, accessToken string, payload interface{}) ([]byte, error) { - jsonBody, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, k.endpoint, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", target) - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := k.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("failed to close response body: %v", errClose) - } - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body)) - } - - return body, nil -} - -// GetUsageLimits retrieves usage information from the CodeWhisperer API. -// This method fetches the current usage statistics and subscription information. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data containing access token and profile ARN -// -// Returns: -// - *KiroUsageInfo: The usage information -// - error: An error if the request fails -func (k *KiroAuth) GetUsageLimits(ctx context.Context, tokenData *KiroTokenData) (*KiroUsageInfo, error) { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - "resourceType": "AGENTIC_REQUEST", - } - - body, err := k.makeRequest(ctx, targetGetUsage, tokenData.AccessToken, payload) - if err != nil { - return nil, err - } - - var result struct { - SubscriptionInfo struct { - SubscriptionTitle string `json:"subscriptionTitle"` - } `json:"subscriptionInfo"` - UsageBreakdownList []struct { - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - } `json:"usageBreakdownList"` - NextDateReset float64 `json:"nextDateReset"` - } - - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse usage response: %w", err) - } - - usage := &KiroUsageInfo{ - SubscriptionTitle: result.SubscriptionInfo.SubscriptionTitle, - NextReset: fmt.Sprintf("%v", result.NextDateReset), - } - - if len(result.UsageBreakdownList) > 0 { - usage.CurrentUsage = result.UsageBreakdownList[0].CurrentUsageWithPrecision - usage.UsageLimit = result.UsageBreakdownList[0].UsageLimitWithPrecision - } - - return usage, nil -} - -// ListAvailableModels retrieves available models from the CodeWhisperer API. -// This method fetches the list of AI models available for the authenticated user. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data containing access token and profile ARN -// -// Returns: -// - []*KiroModel: The list of available models -// - error: An error if the request fails -func (k *KiroAuth) ListAvailableModels(ctx context.Context, tokenData *KiroTokenData) ([]*KiroModel, error) { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - } - - body, err := k.makeRequest(ctx, targetListModels, tokenData.AccessToken, payload) - if err != nil { - return nil, err - } - - var result struct { - Models []struct { - ModelID string `json:"modelId"` - ModelName string `json:"modelName"` - Description string `json:"description"` - RateMultiplier float64 `json:"rateMultiplier"` - RateUnit string `json:"rateUnit"` - TokenLimits *struct { - MaxInputTokens int `json:"maxInputTokens"` - } `json:"tokenLimits"` - } `json:"models"` - } - - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse models response: %w", err) - } - - models := make([]*KiroModel, 0, len(result.Models)) - for _, m := range result.Models { - maxInputTokens := 0 - if m.TokenLimits != nil { - maxInputTokens = m.TokenLimits.MaxInputTokens - } - models = append(models, &KiroModel{ - ModelID: m.ModelID, - ModelName: m.ModelName, - Description: m.Description, - RateMultiplier: m.RateMultiplier, - RateUnit: m.RateUnit, - MaxInputTokens: maxInputTokens, - }) - } - - return models, nil -} - -// CreateTokenStorage creates a new KiroTokenStorage from token data. -// This method converts the token data into a storage structure suitable for persistence. -// -// Parameters: -// - tokenData: The token data to convert -// -// Returns: -// - *KiroTokenStorage: A new token storage instance -func (k *KiroAuth) CreateTokenStorage(tokenData *KiroTokenData) *KiroTokenStorage { - return &KiroTokenStorage{ - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - ProfileArn: tokenData.ProfileArn, - ExpiresAt: tokenData.ExpiresAt, - AuthMethod: tokenData.AuthMethod, - Provider: tokenData.Provider, - LastRefresh: time.Now().Format(time.RFC3339), - ClientID: tokenData.ClientID, - ClientSecret: tokenData.ClientSecret, - Region: tokenData.Region, - StartURL: tokenData.StartURL, - Email: tokenData.Email, - } -} - -// ValidateToken checks if the token is valid by making a test API call. -// This method verifies the token by attempting to fetch usage limits. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data to validate -// -// Returns: -// - error: An error if the token is invalid -func (k *KiroAuth) ValidateToken(ctx context.Context, tokenData *KiroTokenData) error { - _, err := k.GetUsageLimits(ctx, tokenData) - return err -} - -// UpdateTokenStorage updates an existing token storage with new token data. -// This method refreshes the token storage with newly obtained access and refresh tokens. -// -// Parameters: -// - storage: The existing token storage to update -// - tokenData: The new token data to apply -func (k *KiroAuth) UpdateTokenStorage(storage *KiroTokenStorage, tokenData *KiroTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.ProfileArn = tokenData.ProfileArn - storage.ExpiresAt = tokenData.ExpiresAt - storage.AuthMethod = tokenData.AuthMethod - storage.Provider = tokenData.Provider - storage.LastRefresh = time.Now().Format(time.RFC3339) - if tokenData.ClientID != "" { - storage.ClientID = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - storage.ClientSecret = tokenData.ClientSecret - } - if tokenData.Region != "" { - storage.Region = tokenData.Region - } - if tokenData.StartURL != "" { - storage.StartURL = tokenData.StartURL - } - if tokenData.Email != "" { - storage.Email = tokenData.Email - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_extra_test.go deleted file mode 100644 index 32cf942ff8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_extra_test.go +++ /dev/null @@ -1,146 +0,0 @@ -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestNewKiroAuth(t *testing.T) { - cfg := &config.Config{} - auth := NewKiroAuth(cfg) - if auth.httpClient == nil { - t.Error("expected httpClient to be set") - } -} - -func TestKiroAuth_LoadTokenFromFile(t *testing.T) { - tempDir := t.TempDir() - tokenPath := filepath.Join(tempDir, "token.json") - - tokenData := KiroTokenData{AccessToken: "abc"} - data, _ := json.Marshal(tokenData) - _ = os.WriteFile(tokenPath, data, 0600) - - auth := &KiroAuth{} - loaded, err := auth.LoadTokenFromFile(tokenPath) - if err != nil || loaded.AccessToken != "abc" { - t.Errorf("LoadTokenFromFile failed: %v", err) - } - - // Test ~ expansion - _, err = auth.LoadTokenFromFile("~/non-existent-path-12345") - if err == nil { - t.Error("expected error for non-existent home path") - } -} - -func TestKiroAuth_IsTokenExpired(t *testing.T) { - auth := &KiroAuth{} - - if !auth.IsTokenExpired(&KiroTokenData{ExpiresAt: ""}) { - t.Error("empty ExpiresAt should be expired") - } - - past := time.Now().Add(-1 * time.Hour).Format(time.RFC3339) - if !auth.IsTokenExpired(&KiroTokenData{ExpiresAt: past}) { - t.Error("past ExpiresAt should be expired") - } - - future := time.Now().Add(24 * time.Hour).Format(time.RFC3339) - if auth.IsTokenExpired(&KiroTokenData{ExpiresAt: future}) { - t.Error("future ExpiresAt should not be expired") - } - - // Test alternate format - altFormat := "2099-01-01T12:00:00.000Z" - if auth.IsTokenExpired(&KiroTokenData{ExpiresAt: altFormat}) { - t.Error("future alt format should not be expired") - } -} - -func TestKiroAuth_GetUsageLimits(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - resp := `{ - "subscriptionInfo": {"subscriptionTitle": "Plus"}, - "usageBreakdownList": [{"currentUsageWithPrecision": 10.5, "usageLimitWithPrecision": 100.0}], - "nextDateReset": 123456789 - }` - _, _ = fmt.Fprint(w, resp) - })) - defer server.Close() - - auth := &KiroAuth{ - httpClient: http.DefaultClient, - endpoint: server.URL, - } - - usage, err := auth.GetUsageLimits(context.Background(), &KiroTokenData{AccessToken: "token", ProfileArn: "arn"}) - if err != nil { - t.Fatalf("GetUsageLimits failed: %v", err) - } - - if usage.SubscriptionTitle != "Plus" || usage.CurrentUsage != 10.5 || usage.UsageLimit != 100.0 { - t.Errorf("unexpected usage info: %+v", usage) - } -} - -func TestKiroAuth_ListAvailableModels(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - resp := `{ - "models": [ - { - "modelId": "m1", - "modelName": "Model 1", - "description": "desc", - "tokenLimits": {"maxInputTokens": 4096} - } - ] - }` - _, _ = fmt.Fprint(w, resp) - })) - defer server.Close() - - auth := &KiroAuth{ - httpClient: http.DefaultClient, - endpoint: server.URL, - } - - models, err := auth.ListAvailableModels(context.Background(), &KiroTokenData{}) - if err != nil { - t.Fatalf("ListAvailableModels failed: %v", err) - } - - if len(models) != 1 || models[0].ModelID != "m1" || models[0].MaxInputTokens != 4096 { - t.Errorf("unexpected models: %+v", models) - } -} - -func TestKiroAuth_CreateAndUpdateTokenStorage(t *testing.T) { - auth := &KiroAuth{} - td := &KiroTokenData{ - AccessToken: "access", - Email: "test@example.com", - } - - ts := auth.CreateTokenStorage(td) - if ts.AccessToken != "access" || ts.Email != "test@example.com" { - t.Errorf("CreateTokenStorage failed: %+v", ts) - } - - td2 := &KiroTokenData{ - AccessToken: "new-access", - } - auth.UpdateTokenStorage(ts, td2) - if ts.AccessToken != "new-access" { - t.Errorf("UpdateTokenStorage failed: %+v", ts) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_load_token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_load_token_test.go deleted file mode 100644 index d5bb3610de..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_load_token_test.go +++ /dev/null @@ -1,75 +0,0 @@ -package kiro - -import ( - "os" - "path/filepath" - "testing" -) - -func TestLoadKiroIDEToken_FallbackLegacyPathAndSnakeCase(t *testing.T) { - home := t.TempDir() - t.Setenv("HOME", home) - - legacyPath := filepath.Join(home, ".kiro", "kiro-auth-token.json") - if err := os.MkdirAll(filepath.Dir(legacyPath), 0700); err != nil { - t.Fatalf("mkdir legacy path: %v", err) - } - - content := `{ - "access_token": "legacy-access", - "refresh_token": "legacy-refresh", - "expires_at": "2099-01-01T00:00:00Z", - "auth_method": "IdC", - "provider": "legacy", - "client_id_hash": "hash-legacy" - }` - if err := os.WriteFile(legacyPath, []byte(content), 0600); err != nil { - t.Fatalf("write legacy token: %v", err) - } - - token, err := LoadKiroIDEToken() - if err != nil { - t.Fatalf("LoadKiroIDEToken failed: %v", err) - } - - if token.AccessToken != "legacy-access" { - t.Fatalf("access token mismatch: got %q", token.AccessToken) - } - if token.RefreshToken != "legacy-refresh" { - t.Fatalf("refresh token mismatch: got %q", token.RefreshToken) - } - if token.AuthMethod != "idc" { - t.Fatalf("auth method should be normalized: got %q", token.AuthMethod) - } -} - -func TestLoadKiroIDEToken_PrefersDefaultPathOverLegacy(t *testing.T) { - home := t.TempDir() - t.Setenv("HOME", home) - - defaultPath := filepath.Join(home, KiroIDETokenFile) - legacyPath := filepath.Join(home, KiroIDETokenLegacyFile) - for _, path := range []string{defaultPath, legacyPath} { - if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil { - t.Fatalf("mkdir %s: %v", path, err) - } - } - - if err := os.WriteFile(legacyPath, []byte(`{"accessToken":"legacy-access","refreshToken":"legacy-refresh","expiresAt":"2099-01-01T00:00:00Z"}`), 0600); err != nil { - t.Fatalf("write legacy token: %v", err) - } - if err := os.WriteFile(defaultPath, []byte(`{"accessToken":"default-access","refreshToken":"default-refresh","expiresAt":"2099-01-01T00:00:00Z"}`), 0600); err != nil { - t.Fatalf("write default token: %v", err) - } - - token, err := LoadKiroIDEToken() - if err != nil { - t.Fatalf("LoadKiroIDEToken failed: %v", err) - } - if token.AccessToken != "default-access" { - t.Fatalf("expected default path token, got %q", token.AccessToken) - } - if token.RefreshToken != "default-refresh" { - t.Fatalf("expected default path refresh token, got %q", token.RefreshToken) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_test.go deleted file mode 100644 index 194ad59efa..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/aws_test.go +++ /dev/null @@ -1,311 +0,0 @@ -package kiro - -import ( - "encoding/base64" - "encoding/json" - "testing" -) - -func TestExtractEmailFromJWT(t *testing.T) { - tests := []struct { - name string - token string - expected string - }{ - { - name: "Empty token", - token: "", - expected: "", - }, - { - name: "Invalid token format", - token: "not.a.valid.jwt", - expected: "", - }, - { - name: "Invalid token - not base64", - token: "xxx.yyy.zzz", - expected: "", - }, - { - name: "Valid JWT with email", - token: createTestJWT(map[string]any{"email": "test@example.com", "sub": "user123"}), - expected: "test@example.com", - }, - { - name: "JWT without email but with preferred_username", - token: createTestJWT(map[string]any{"preferred_username": "user@domain.com", "sub": "user123"}), - expected: "user@domain.com", - }, - { - name: "JWT with email-like sub", - token: createTestJWT(map[string]any{"sub": "another@test.com"}), - expected: "another@test.com", - }, - { - name: "JWT without any email fields", - token: createTestJWT(map[string]any{"sub": "user123", "name": "Test User"}), - expected: "", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ExtractEmailFromJWT(tt.token) - if result != tt.expected { - t.Errorf("ExtractEmailFromJWT() = %q, want %q", result, tt.expected) - } - }) - } -} - -func TestSanitizeEmailForFilename(t *testing.T) { - tests := []struct { - name string - email string - expected string - }{ - { - name: "Empty email", - email: "", - expected: "", - }, - { - name: "Simple email", - email: "user@example.com", - expected: "user@example.com", - }, - { - name: "Email with space", - email: "user name@example.com", - expected: "user_name@example.com", - }, - { - name: "Email with special chars", - email: "user:name@example.com", - expected: "user_name@example.com", - }, - { - name: "Email with multiple special chars", - email: "user/name:test@example.com", - expected: "user_name_test@example.com", - }, - { - name: "Path traversal attempt", - email: "../../../etc/passwd", - expected: "_.__.__._etc_passwd", - }, - { - name: "Path traversal with backslash", - email: `..\..\..\..\windows\system32`, - expected: "_.__.__.__._windows_system32", - }, - { - name: "Null byte injection attempt", - email: "user\x00@evil.com", - expected: "user_@evil.com", - }, - // URL-encoded path traversal tests - { - name: "URL-encoded slash", - email: "user%2Fpath@example.com", - expected: "user_path@example.com", - }, - { - name: "URL-encoded backslash", - email: "user%5Cpath@example.com", - expected: "user_path@example.com", - }, - { - name: "URL-encoded dot", - email: "%2E%2E%2Fetc%2Fpasswd", - expected: "___etc_passwd", - }, - { - name: "URL-encoded null", - email: "user%00@evil.com", - expected: "user_@evil.com", - }, - { - name: "Double URL-encoding attack", - email: "%252F%252E%252E", - expected: "_252F_252E_252E", // % replaced with _, remaining chars preserved (safe) - }, - { - name: "Mixed case URL-encoding", - email: "%2f%2F%5c%5C", - expected: "____", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := SanitizeEmailForFilename(tt.email) - if result != tt.expected { - t.Errorf("SanitizeEmailForFilename() = %q, want %q", result, tt.expected) - } - }) - } -} - -// createTestJWT creates a test JWT token with the given claims -func createTestJWT(claims map[string]any) string { - header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"RS256","typ":"JWT"}`)) - - payloadBytes, _ := json.Marshal(claims) - payload := base64.RawURLEncoding.EncodeToString(payloadBytes) - - signature := base64.RawURLEncoding.EncodeToString([]byte("fake-signature")) - - return header + "." + payload + "." + signature -} - -func TestExtractIDCIdentifier(t *testing.T) { - tests := []struct { - name string - startURL string - expected string - }{ - { - name: "Empty URL", - startURL: "", - expected: "", - }, - { - name: "Standard IDC URL with d- prefix", - startURL: "https://d-1234567890.awsapps.com/start", - expected: "d-1234567890", - }, - { - name: "IDC URL with company name", - startURL: "https://my-company.awsapps.com/start", - expected: "my-company", - }, - { - name: "IDC URL with simple name", - startURL: "https://acme-corp.awsapps.com/start", - expected: "acme-corp", - }, - { - name: "IDC URL without https", - startURL: "http://d-9876543210.awsapps.com/start", - expected: "d-9876543210", - }, - { - name: "IDC URL with subdomain only", - startURL: "https://test.awsapps.com/start", - expected: "test", - }, - { - name: "Builder ID URL", - startURL: "https://view.awsapps.com/start", - expected: "view", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ExtractIDCIdentifier(tt.startURL) - if result != tt.expected { - t.Errorf("ExtractIDCIdentifier() = %q, want %q", result, tt.expected) - } - }) - } -} - -func TestGenerateTokenFileName(t *testing.T) { - tests := []struct { - name string - tokenData *KiroTokenData - expected string - }{ - { - name: "IDC with email", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "user@example.com", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-user-example-com.json", - }, - { - name: "IDC without email but with startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-d-1234567890.json", - }, - { - name: "IDC with company name in startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "https://my-company.awsapps.com/start", - }, - expected: "kiro-idc-my-company.json", - }, - { - name: "IDC without email and without startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "", - }, - expected: "kiro-idc.json", - }, - { - name: "Builder ID with email", - tokenData: &KiroTokenData{ - AuthMethod: "builder-id", - Email: "user@gmail.com", - StartURL: "https://view.awsapps.com/start", - }, - expected: "kiro-builder-id-user-gmail-com.json", - }, - { - name: "Builder ID without email", - tokenData: &KiroTokenData{ - AuthMethod: "builder-id", - Email: "", - StartURL: "https://view.awsapps.com/start", - }, - expected: "kiro-builder-id.json", - }, - { - name: "Social auth with email", - tokenData: &KiroTokenData{ - AuthMethod: "google", - Email: "user@gmail.com", - }, - expected: "kiro-google-user-gmail-com.json", - }, - { - name: "Empty auth method", - tokenData: &KiroTokenData{ - AuthMethod: "", - Email: "", - }, - expected: "kiro-unknown.json", - }, - { - name: "Email with special characters", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "user.name+tag@sub.example.com", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-user-name+tag-sub-example-com.json", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := GenerateTokenFileName(tt.tokenData) - if result != tt.expected { - t.Errorf("GenerateTokenFileName() = %q, want %q", result, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/background_refresh.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/background_refresh.go deleted file mode 100644 index 75427011b7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/background_refresh.go +++ /dev/null @@ -1,247 +0,0 @@ -package kiro - -import ( - "context" - "log" - "strings" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "golang.org/x/sync/semaphore" -) - -type Token struct { - ID string - AccessToken string - RefreshToken string - ExpiresAt time.Time - LastVerified time.Time - ClientID string - ClientSecret string - AuthMethod string - Provider string - StartURL string - Region string -} - -type TokenRepository interface { - FindOldestUnverified(limit int) []*Token - UpdateToken(token *Token) error -} - -type RefresherOption func(*BackgroundRefresher) - -func WithInterval(interval time.Duration) RefresherOption { - return func(r *BackgroundRefresher) { - r.interval = interval - } -} - -func WithBatchSize(size int) RefresherOption { - return func(r *BackgroundRefresher) { - r.batchSize = size - } -} - -func WithConcurrency(concurrency int) RefresherOption { - return func(r *BackgroundRefresher) { - r.concurrency = concurrency - } -} - -type BackgroundRefresher struct { - interval time.Duration - batchSize int - concurrency int - tokenRepo TokenRepository - stopCh chan struct{} - wg sync.WaitGroup - oauth *KiroOAuth - ssoClient *SSOOIDCClient - callbackMu sync.RWMutex // 保护回调函数的并发访问 - onTokenRefreshed func(tokenID string, tokenData *KiroTokenData) // 刷新成功回调 -} - -func NewBackgroundRefresher(repo TokenRepository, opts ...RefresherOption) *BackgroundRefresher { - r := &BackgroundRefresher{ - interval: time.Minute, - batchSize: 50, - concurrency: 10, - tokenRepo: repo, - stopCh: make(chan struct{}), - oauth: nil, // Lazy init - will be set when config available - ssoClient: nil, // Lazy init - will be set when config available - } - for _, opt := range opts { - opt(r) - } - return r -} - -// WithConfig sets the configuration for OAuth and SSO clients. -func WithConfig(cfg *config.Config) RefresherOption { - return func(r *BackgroundRefresher) { - r.oauth = NewKiroOAuth(cfg) - r.ssoClient = NewSSOOIDCClient(cfg) - } -} - -// WithOnTokenRefreshed sets the callback function to be called when a token is successfully refreshed. -// The callback receives the token ID (filename) and the new token data. -// This allows external components (e.g., Watcher) to be notified of token updates. -func WithOnTokenRefreshed(callback func(tokenID string, tokenData *KiroTokenData)) RefresherOption { - return func(r *BackgroundRefresher) { - r.callbackMu.Lock() - r.onTokenRefreshed = callback - r.callbackMu.Unlock() - } -} - -func (r *BackgroundRefresher) Start(ctx context.Context) { - r.wg.Add(1) - go func() { - defer r.wg.Done() - ticker := time.NewTicker(r.interval) - defer ticker.Stop() - - r.refreshBatch(ctx) - - for { - select { - case <-ctx.Done(): - return - case <-r.stopCh: - return - case <-ticker.C: - r.refreshBatch(ctx) - } - } - }() -} - -func (r *BackgroundRefresher) Stop() { - close(r.stopCh) - r.wg.Wait() -} - -func (r *BackgroundRefresher) refreshBatch(ctx context.Context) { - tokens := r.tokenRepo.FindOldestUnverified(r.batchSize) - if len(tokens) == 0 { - return - } - - sem := semaphore.NewWeighted(int64(r.concurrency)) - var wg sync.WaitGroup - - for i, token := range tokens { - if i > 0 { - select { - case <-ctx.Done(): - return - case <-r.stopCh: - return - case <-time.After(100 * time.Millisecond): - } - } - - if err := sem.Acquire(ctx, 1); err != nil { - return - } - - wg.Add(1) - go func(t *Token) { - defer wg.Done() - defer sem.Release(1) - r.refreshSingle(ctx, t) - }(token) - } - - wg.Wait() -} - -func (r *BackgroundRefresher) refreshSingle(ctx context.Context, token *Token) { - // Normalize auth method to lowercase for case-insensitive matching - authMethod := strings.ToLower(token.AuthMethod) - - // Create refresh function based on auth method - refreshFunc := func(ctx context.Context) (*KiroTokenData, error) { - switch authMethod { - case "idc": - return r.ssoClient.RefreshTokenWithRegion( - ctx, - token.ClientID, - token.ClientSecret, - token.RefreshToken, - token.Region, - token.StartURL, - ) - case "builder-id": - return r.ssoClient.RefreshToken( - ctx, - token.ClientID, - token.ClientSecret, - token.RefreshToken, - ) - default: - return r.oauth.RefreshTokenWithFingerprint(ctx, token.RefreshToken, token.ID) - } - } - - // Use graceful degradation for better reliability - result := RefreshWithGracefulDegradation( - ctx, - refreshFunc, - token.AccessToken, - token.ExpiresAt, - ) - - if result.Error != nil { - log.Printf("failed to refresh token %s: %v", token.ID, result.Error) - return - } - - newTokenData := result.TokenData - if result.UsedFallback { - log.Printf("token %s: using existing token as fallback (refresh failed but token still valid)", token.ID) - // Don't update the token file if we're using fallback - // Just update LastVerified to prevent immediate re-check - token.LastVerified = time.Now() - return - } - - token.AccessToken = newTokenData.AccessToken - if newTokenData.RefreshToken != "" { - token.RefreshToken = newTokenData.RefreshToken - } - token.LastVerified = time.Now() - - if newTokenData.ExpiresAt != "" { - if expTime, parseErr := time.Parse(time.RFC3339, newTokenData.ExpiresAt); parseErr == nil { - token.ExpiresAt = expTime - } - } - - if err := r.tokenRepo.UpdateToken(token); err != nil { - log.Printf("failed to update token %s: %v", token.ID, err) - return - } - - // 方案 A: 刷新成功后触发回调,通知 Watcher 更新内存中的 Auth 对象 - r.callbackMu.RLock() - callback := r.onTokenRefreshed - r.callbackMu.RUnlock() - - if callback != nil { - // 使用 defer recover 隔离回调 panic,防止崩溃整个进程 - func() { - defer func() { - if rec := recover(); rec != nil { - log.Printf("background refresh: callback panic for token %s: %v", token.ID, rec) - } - }() - log.Printf("background refresh: notifying token refresh callback for %s", token.ID) - callback(token.ID, newTokenData) - }() - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/codewhisperer_client.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/codewhisperer_client.go deleted file mode 100644 index b1860a7936..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/codewhisperer_client.go +++ /dev/null @@ -1,166 +0,0 @@ -// Package kiro provides CodeWhisperer API client for fetching user info. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - codeWhispererAPI = "https://codewhisperer.us-east-1.amazonaws.com" - kiroVersion = "0.6.18" -) - -// CodeWhispererClient handles CodeWhisperer API calls. -type CodeWhispererClient struct { - httpClient *http.Client - machineID string -} - -// UsageLimitsResponse represents the getUsageLimits API response. -type UsageLimitsResponse struct { - DaysUntilReset *int `json:"daysUntilReset,omitempty"` - NextDateReset *float64 `json:"nextDateReset,omitempty"` - UserInfo *UserInfo `json:"userInfo,omitempty"` - SubscriptionInfo *SubscriptionInfo `json:"subscriptionInfo,omitempty"` - UsageBreakdownList []UsageBreakdown `json:"usageBreakdownList,omitempty"` -} - -// UserInfo contains user information from the API. -type UserInfo struct { - Email string `json:"email,omitempty"` - UserID string `json:"userId,omitempty"` -} - -// SubscriptionInfo contains subscription details. -type SubscriptionInfo struct { - SubscriptionTitle string `json:"subscriptionTitle,omitempty"` - Type string `json:"type,omitempty"` -} - -// UsageBreakdown contains usage details. -type UsageBreakdown struct { - UsageLimit *int `json:"usageLimit,omitempty"` - CurrentUsage *int `json:"currentUsage,omitempty"` - UsageLimitWithPrecision *float64 `json:"usageLimitWithPrecision,omitempty"` - CurrentUsageWithPrecision *float64 `json:"currentUsageWithPrecision,omitempty"` - NextDateReset *float64 `json:"nextDateReset,omitempty"` - DisplayName string `json:"displayName,omitempty"` - ResourceType string `json:"resourceType,omitempty"` -} - -// NewCodeWhispererClient creates a new CodeWhisperer client. -func NewCodeWhispererClient(cfg *config.Config, machineID string) *CodeWhispererClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - if machineID == "" { - machineID = uuid.New().String() - } - return &CodeWhispererClient{ - httpClient: client, - machineID: machineID, - } -} - -// generateInvocationID generates a unique invocation ID. -func generateInvocationID() string { - return uuid.New().String() -} - -// GetUsageLimits fetches usage limits and user info from CodeWhisperer API. -// This is the recommended way to get user email after login. -func (c *CodeWhispererClient) GetUsageLimits(ctx context.Context, accessToken string) (*UsageLimitsResponse, error) { - url := fmt.Sprintf("%s/getUsageLimits?isEmailRequired=true&origin=AI_EDITOR&resourceType=AGENTIC_REQUEST", codeWhispererAPI) - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - // Set headers to match Kiro IDE - xAmzUserAgent := fmt.Sprintf("aws-sdk-js/1.0.0 KiroIDE-%s-%s", kiroVersion, c.machineID) - userAgent := fmt.Sprintf("aws-sdk-js/1.0.0 ua/2.1 os/windows lang/js md/nodejs#20.16.0 api/codewhispererruntime#1.0.0 m/E KiroIDE-%s-%s", kiroVersion, c.machineID) - - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("x-amz-user-agent", xAmzUserAgent) - req.Header.Set("User-Agent", userAgent) - req.Header.Set("amz-sdk-invocation-id", generateInvocationID()) - req.Header.Set("amz-sdk-request", "attempt=1; max=1") - req.Header.Set("Connection", "close") - - log.Debugf("codewhisperer: GET %s", url) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - log.Debugf("codewhisperer: status=%d, body=%s", resp.StatusCode, string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API returned status %d: %s", resp.StatusCode, string(body)) - } - - var result UsageLimitsResponse - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse response: %w", err) - } - - return &result, nil -} - -// FetchUserEmailFromAPI fetches user email using CodeWhisperer getUsageLimits API. -// This is more reliable than JWT parsing as it uses the official API. -func (c *CodeWhispererClient) FetchUserEmailFromAPI(ctx context.Context, accessToken string) string { - resp, err := c.GetUsageLimits(ctx, accessToken) - if err != nil { - log.Debugf("codewhisperer: failed to get usage limits: %v", err) - return "" - } - - if resp.UserInfo != nil && resp.UserInfo.Email != "" { - log.Debugf("codewhisperer: got email from API: %s", resp.UserInfo.Email) - return resp.UserInfo.Email - } - - log.Debugf("codewhisperer: no email in response") - return "" -} - -// FetchUserEmailWithFallback fetches user email with multiple fallback methods. -// Priority: 1. CodeWhisperer API 2. userinfo endpoint 3. JWT parsing -func FetchUserEmailWithFallback(ctx context.Context, cfg *config.Config, accessToken string) string { - // Method 1: Try CodeWhisperer API (most reliable) - cwClient := NewCodeWhispererClient(cfg, "") - email := cwClient.FetchUserEmailFromAPI(ctx, accessToken) - if email != "" { - return email - } - - // Method 2: Try SSO OIDC userinfo endpoint - ssoClient := NewSSOOIDCClient(cfg) - email = ssoClient.FetchUserEmail(ctx, accessToken) - if email != "" { - return email - } - - // Method 3: Fallback to JWT parsing - return ExtractEmailFromJWT(accessToken) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/cooldown.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/cooldown.go deleted file mode 100644 index 716135b688..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/cooldown.go +++ /dev/null @@ -1,112 +0,0 @@ -package kiro - -import ( - "sync" - "time" -) - -const ( - CooldownReason429 = "rate_limit_exceeded" - CooldownReasonSuspended = "account_suspended" - CooldownReasonQuotaExhausted = "quota_exhausted" - - DefaultShortCooldown = 1 * time.Minute - MaxShortCooldown = 5 * time.Minute - LongCooldown = 24 * time.Hour -) - -type CooldownManager struct { - mu sync.RWMutex - cooldowns map[string]time.Time - reasons map[string]string -} - -func NewCooldownManager() *CooldownManager { - return &CooldownManager{ - cooldowns: make(map[string]time.Time), - reasons: make(map[string]string), - } -} - -func (cm *CooldownManager) SetCooldown(tokenKey string, duration time.Duration, reason string) { - cm.mu.Lock() - defer cm.mu.Unlock() - cm.cooldowns[tokenKey] = time.Now().Add(duration) - cm.reasons[tokenKey] = reason -} - -func (cm *CooldownManager) IsInCooldown(tokenKey string) bool { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return false - } - return time.Now().Before(endTime) -} - -func (cm *CooldownManager) GetRemainingCooldown(tokenKey string) time.Duration { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return 0 - } - remaining := time.Until(endTime) - if remaining < 0 { - return 0 - } - return remaining -} - -func (cm *CooldownManager) GetCooldownReason(tokenKey string) string { - cm.mu.RLock() - defer cm.mu.RUnlock() - return cm.reasons[tokenKey] -} - -func (cm *CooldownManager) ClearCooldown(tokenKey string) { - cm.mu.Lock() - defer cm.mu.Unlock() - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) -} - -func (cm *CooldownManager) CleanupExpired() { - cm.mu.Lock() - defer cm.mu.Unlock() - now := time.Now() - for tokenKey, endTime := range cm.cooldowns { - if now.After(endTime) { - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) - } - } -} - -func (cm *CooldownManager) StartCleanupRoutine(interval time.Duration, stopCh <-chan struct{}) { - ticker := time.NewTicker(interval) - defer ticker.Stop() - for { - select { - case <-ticker.C: - cm.CleanupExpired() - case <-stopCh: - return - } - } -} - -func CalculateCooldownFor429(retryCount int) time.Duration { - duration := DefaultShortCooldown * time.Duration(1< MaxShortCooldown { - return MaxShortCooldown - } - return duration -} - -func CalculateCooldownUntilNextDay() time.Duration { - now := time.Now() - nextDay := time.Date(now.Year(), now.Month(), now.Day()+1, 0, 0, 0, 0, now.Location()) - return time.Until(nextDay) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/cooldown_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/cooldown_test.go deleted file mode 100644 index e0b35df4fc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/cooldown_test.go +++ /dev/null @@ -1,240 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewCooldownManager(t *testing.T) { - cm := NewCooldownManager() - if cm == nil { - t.Fatal("expected non-nil CooldownManager") - } - if cm.cooldowns == nil { - t.Error("expected non-nil cooldowns map") - } - if cm.reasons == nil { - t.Error("expected non-nil reasons map") - } -} - -func TestSetCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - - if !cm.IsInCooldown("token1") { - t.Error("expected token to be in cooldown") - } - if cm.GetCooldownReason("token1") != CooldownReason429 { - t.Errorf("expected reason %s, got %s", CooldownReason429, cm.GetCooldownReason("token1")) - } -} - -func TestIsInCooldown_NotSet(t *testing.T) { - cm := NewCooldownManager() - if cm.IsInCooldown("nonexistent") { - t.Error("expected non-existent token to not be in cooldown") - } -} - -func TestIsInCooldown_Expired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Millisecond, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - - if cm.IsInCooldown("token1") { - t.Error("expected expired cooldown to return false") - } -} - -func TestGetRemainingCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Second, CooldownReason429) - - remaining := cm.GetRemainingCooldown("token1") - if remaining <= 0 || remaining > 1*time.Second { - t.Errorf("expected remaining cooldown between 0 and 1s, got %v", remaining) - } -} - -func TestGetRemainingCooldown_NotSet(t *testing.T) { - cm := NewCooldownManager() - remaining := cm.GetRemainingCooldown("nonexistent") - if remaining != 0 { - t.Errorf("expected 0 remaining for non-existent, got %v", remaining) - } -} - -func TestGetRemainingCooldown_Expired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Millisecond, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - - remaining := cm.GetRemainingCooldown("token1") - if remaining != 0 { - t.Errorf("expected 0 remaining for expired, got %v", remaining) - } -} - -func TestGetCooldownReason(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - reason := cm.GetCooldownReason("token1") - if reason != CooldownReasonSuspended { - t.Errorf("expected reason %s, got %s", CooldownReasonSuspended, reason) - } -} - -func TestGetCooldownReason_NotSet(t *testing.T) { - cm := NewCooldownManager() - reason := cm.GetCooldownReason("nonexistent") - if reason != "" { - t.Errorf("expected empty reason for non-existent, got %s", reason) - } -} - -func TestClearCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - cm.ClearCooldown("token1") - - if cm.IsInCooldown("token1") { - t.Error("expected cooldown to be cleared") - } - if cm.GetCooldownReason("token1") != "" { - t.Error("expected reason to be cleared") - } -} - -func TestClearCooldown_NonExistent(t *testing.T) { - cm := NewCooldownManager() - cm.ClearCooldown("nonexistent") -} - -func TestCleanupExpired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("expired1", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("expired2", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("active", 1*time.Hour, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - cm.CleanupExpired() - - if cm.GetCooldownReason("expired1") != "" { - t.Error("expected expired1 to be cleaned up") - } - if cm.GetCooldownReason("expired2") != "" { - t.Error("expected expired2 to be cleaned up") - } - if cm.GetCooldownReason("active") != CooldownReason429 { - t.Error("expected active to remain") - } -} - -func TestCalculateCooldownFor429_FirstRetry(t *testing.T) { - duration := CalculateCooldownFor429(0) - if duration != DefaultShortCooldown { - t.Errorf("expected %v for retry 0, got %v", DefaultShortCooldown, duration) - } -} - -func TestCalculateCooldownFor429_Exponential(t *testing.T) { - d1 := CalculateCooldownFor429(1) - d2 := CalculateCooldownFor429(2) - - if d2 <= d1 { - t.Errorf("expected d2 > d1, got d1=%v, d2=%v", d1, d2) - } -} - -func TestCalculateCooldownFor429_MaxCap(t *testing.T) { - duration := CalculateCooldownFor429(10) - if duration > MaxShortCooldown { - t.Errorf("expected max %v, got %v", MaxShortCooldown, duration) - } -} - -func TestCalculateCooldownUntilNextDay(t *testing.T) { - duration := CalculateCooldownUntilNextDay() - if duration <= 0 || duration > 24*time.Hour { - t.Errorf("expected duration between 0 and 24h, got %v", duration) - } -} - -func TestCooldownManager_ConcurrentAccess(t *testing.T) { - cm := NewCooldownManager() - const numGoroutines = 50 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - cm.SetCooldown(tokenKey, time.Duration(j)*time.Millisecond, CooldownReason429) - case 1: - cm.IsInCooldown(tokenKey) - case 2: - cm.GetRemainingCooldown(tokenKey) - case 3: - cm.GetCooldownReason(tokenKey) - case 4: - cm.ClearCooldown(tokenKey) - case 5: - cm.CleanupExpired() - } - } - }(i) - } - - wg.Wait() -} - -func TestCooldownReasonConstants(t *testing.T) { - if CooldownReason429 != "rate_limit_exceeded" { - t.Errorf("unexpected CooldownReason429: %s", CooldownReason429) - } - if CooldownReasonSuspended != "account_suspended" { - t.Errorf("unexpected CooldownReasonSuspended: %s", CooldownReasonSuspended) - } - if CooldownReasonQuotaExhausted != "quota_exhausted" { - t.Errorf("unexpected CooldownReasonQuotaExhausted: %s", CooldownReasonQuotaExhausted) - } -} - -func TestDefaultConstants(t *testing.T) { - if DefaultShortCooldown != 1*time.Minute { - t.Errorf("unexpected DefaultShortCooldown: %v", DefaultShortCooldown) - } - if MaxShortCooldown != 5*time.Minute { - t.Errorf("unexpected MaxShortCooldown: %v", MaxShortCooldown) - } - if LongCooldown != 24*time.Hour { - t.Errorf("unexpected LongCooldown: %v", LongCooldown) - } -} - -func TestSetCooldown_OverwritesPrevious(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Hour, CooldownReason429) - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - reason := cm.GetCooldownReason("token1") - if reason != CooldownReasonSuspended { - t.Errorf("expected reason to be overwritten to %s, got %s", CooldownReasonSuspended, reason) - } - - remaining := cm.GetRemainingCooldown("token1") - if remaining > 1*time.Minute { - t.Errorf("expected remaining <= 1 minute, got %v", remaining) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/fingerprint.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/fingerprint.go deleted file mode 100644 index 45ed4e4d50..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/fingerprint.go +++ /dev/null @@ -1,197 +0,0 @@ -package kiro - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "math/rand" - "net/http" - "sync" - "time" -) - -// Fingerprint 多维度指纹信息 -type Fingerprint struct { - SDKVersion string // 1.0.20-1.0.27 - OSType string // darwin/windows/linux - OSVersion string // 10.0.22621 - NodeVersion string // 18.x/20.x/22.x - KiroVersion string // 0.3.x-0.8.x - KiroHash string // SHA256 - AcceptLanguage string - ScreenResolution string // 1920x1080 - ColorDepth int // 24 - HardwareConcurrency int // CPU 核心数 - TimezoneOffset int -} - -// FingerprintManager 指纹管理器 -type FingerprintManager struct { - mu sync.RWMutex - fingerprints map[string]*Fingerprint // tokenKey -> fingerprint - rng *rand.Rand -} - -var ( - sdkVersions = []string{ - "1.0.20", "1.0.21", "1.0.22", "1.0.23", - "1.0.24", "1.0.25", "1.0.26", "1.0.27", - } - osTypes = []string{"darwin", "windows", "linux"} - osVersions = map[string][]string{ - "darwin": {"14.0", "14.1", "14.2", "14.3", "14.4", "14.5", "15.0", "15.1"}, - "windows": {"10.0.19041", "10.0.19042", "10.0.19043", "10.0.19044", "10.0.22621", "10.0.22631"}, - "linux": {"5.15.0", "6.1.0", "6.2.0", "6.5.0", "6.6.0", "6.8.0"}, - } - nodeVersions = []string{ - "18.17.0", "18.18.0", "18.19.0", "18.20.0", - "20.9.0", "20.10.0", "20.11.0", "20.12.0", "20.13.0", - "22.0.0", "22.1.0", "22.2.0", "22.3.0", - } - kiroVersions = []string{ - "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.5.0", "0.5.1", - "0.6.0", "0.6.1", "0.7.0", "0.7.1", "0.8.0", "0.8.1", - } - acceptLanguages = []string{ - "en-US,en;q=0.9", - "en-GB,en;q=0.9", - "zh-CN,zh;q=0.9,en;q=0.8", - "zh-TW,zh;q=0.9,en;q=0.8", - "ja-JP,ja;q=0.9,en;q=0.8", - "ko-KR,ko;q=0.9,en;q=0.8", - "de-DE,de;q=0.9,en;q=0.8", - "fr-FR,fr;q=0.9,en;q=0.8", - } - screenResolutions = []string{ - "1920x1080", "2560x1440", "3840x2160", - "1366x768", "1440x900", "1680x1050", - "2560x1600", "3440x1440", - } - colorDepths = []int{24, 32} - hardwareConcurrencies = []int{4, 6, 8, 10, 12, 16, 20, 24, 32} - timezoneOffsets = []int{-480, -420, -360, -300, -240, 0, 60, 120, 480, 540} -) - -// NewFingerprintManager 创建指纹管理器 -func NewFingerprintManager() *FingerprintManager { - return &FingerprintManager{ - fingerprints: make(map[string]*Fingerprint), - rng: rand.New(rand.NewSource(time.Now().UnixNano())), - } -} - -// GetFingerprint 获取或生成 Token 关联的指纹 -func (fm *FingerprintManager) GetFingerprint(tokenKey string) *Fingerprint { - fm.mu.RLock() - if fp, exists := fm.fingerprints[tokenKey]; exists { - fm.mu.RUnlock() - return fp - } - fm.mu.RUnlock() - - fm.mu.Lock() - defer fm.mu.Unlock() - - if fp, exists := fm.fingerprints[tokenKey]; exists { - return fp - } - - fp := fm.generateFingerprint(tokenKey) - fm.fingerprints[tokenKey] = fp - return fp -} - -// generateFingerprint 生成新的指纹 -func (fm *FingerprintManager) generateFingerprint(tokenKey string) *Fingerprint { - osType := fm.randomChoice(osTypes) - osVersion := fm.randomChoice(osVersions[osType]) - kiroVersion := fm.randomChoice(kiroVersions) - - fp := &Fingerprint{ - SDKVersion: fm.randomChoice(sdkVersions), - OSType: osType, - OSVersion: osVersion, - NodeVersion: fm.randomChoice(nodeVersions), - KiroVersion: kiroVersion, - AcceptLanguage: fm.randomChoice(acceptLanguages), - ScreenResolution: fm.randomChoice(screenResolutions), - ColorDepth: fm.randomIntChoice(colorDepths), - HardwareConcurrency: fm.randomIntChoice(hardwareConcurrencies), - TimezoneOffset: fm.randomIntChoice(timezoneOffsets), - } - - fp.KiroHash = fm.generateKiroHash(tokenKey, kiroVersion, osType) - return fp -} - -// generateKiroHash 生成 Kiro Hash -func (fm *FingerprintManager) generateKiroHash(tokenKey, kiroVersion, osType string) string { - data := fmt.Sprintf("%s:%s:%s:%d", tokenKey, kiroVersion, osType, time.Now().UnixNano()) - hash := sha256.Sum256([]byte(data)) - return hex.EncodeToString(hash[:]) -} - -// randomChoice 随机选择字符串 -func (fm *FingerprintManager) randomChoice(choices []string) string { - return choices[fm.rng.Intn(len(choices))] -} - -// randomIntChoice 随机选择整数 -func (fm *FingerprintManager) randomIntChoice(choices []int) int { - return choices[fm.rng.Intn(len(choices))] -} - -// ApplyToRequest 将指纹信息应用到 HTTP 请求头 -func (fp *Fingerprint) ApplyToRequest(req *http.Request) { - req.Header.Set("X-Kiro-SDK-Version", fp.SDKVersion) - req.Header.Set("X-Kiro-OS-Type", fp.OSType) - req.Header.Set("X-Kiro-OS-Version", fp.OSVersion) - req.Header.Set("X-Kiro-Node-Version", fp.NodeVersion) - req.Header.Set("X-Kiro-Version", fp.KiroVersion) - req.Header.Set("X-Kiro-Hash", fp.KiroHash) - req.Header.Set("Accept-Language", fp.AcceptLanguage) - req.Header.Set("X-Screen-Resolution", fp.ScreenResolution) - req.Header.Set("X-Color-Depth", fmt.Sprintf("%d", fp.ColorDepth)) - req.Header.Set("X-Hardware-Concurrency", fmt.Sprintf("%d", fp.HardwareConcurrency)) - req.Header.Set("X-Timezone-Offset", fmt.Sprintf("%d", fp.TimezoneOffset)) -} - -// RemoveFingerprint 移除 Token 关联的指纹 -func (fm *FingerprintManager) RemoveFingerprint(tokenKey string) { - fm.mu.Lock() - defer fm.mu.Unlock() - delete(fm.fingerprints, tokenKey) -} - -// Count 返回当前管理的指纹数量 -func (fm *FingerprintManager) Count() int { - fm.mu.RLock() - defer fm.mu.RUnlock() - return len(fm.fingerprints) -} - -// BuildUserAgent 构建 User-Agent 字符串 (Kiro IDE 风格) -// 格式: aws-sdk-js/{SDKVersion} ua/2.1 os/{OSType}#{OSVersion} lang/js md/nodejs#{NodeVersion} api/codewhispererstreaming#{SDKVersion} m/E KiroIDE-{KiroVersion}-{KiroHash} -func (fp *Fingerprint) BuildUserAgent() string { - return fmt.Sprintf( - "aws-sdk-js/%s ua/2.1 os/%s#%s lang/js md/nodejs#%s api/codewhispererstreaming#%s m/E KiroIDE-%s-%s", - fp.SDKVersion, - fp.OSType, - fp.OSVersion, - fp.NodeVersion, - fp.SDKVersion, - fp.KiroVersion, - fp.KiroHash, - ) -} - -// BuildAmzUserAgent 构建 X-Amz-User-Agent 字符串 -// 格式: aws-sdk-js/{SDKVersion} KiroIDE-{KiroVersion}-{KiroHash} -func (fp *Fingerprint) BuildAmzUserAgent() string { - return fmt.Sprintf( - "aws-sdk-js/%s KiroIDE-%s-%s", - fp.SDKVersion, - fp.KiroVersion, - fp.KiroHash, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/fingerprint_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/fingerprint_test.go deleted file mode 100644 index 249c321f25..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/fingerprint_test.go +++ /dev/null @@ -1,227 +0,0 @@ -package kiro - -import ( - "net/http" - "sync" - "testing" -) - -func TestNewFingerprintManager(t *testing.T) { - fm := NewFingerprintManager() - if fm == nil { - t.Fatal("expected non-nil FingerprintManager") - } - if fm.fingerprints == nil { - t.Error("expected non-nil fingerprints map") - } - if fm.rng == nil { - t.Error("expected non-nil rng") - } -} - -func TestGetFingerprint_NewToken(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - if fp == nil { - t.Fatal("expected non-nil Fingerprint") - } - if fp.SDKVersion == "" { - t.Error("expected non-empty SDKVersion") - } - if fp.OSType == "" { - t.Error("expected non-empty OSType") - } - if fp.OSVersion == "" { - t.Error("expected non-empty OSVersion") - } - if fp.NodeVersion == "" { - t.Error("expected non-empty NodeVersion") - } - if fp.KiroVersion == "" { - t.Error("expected non-empty KiroVersion") - } - if fp.KiroHash == "" { - t.Error("expected non-empty KiroHash") - } - if fp.AcceptLanguage == "" { - t.Error("expected non-empty AcceptLanguage") - } - if fp.ScreenResolution == "" { - t.Error("expected non-empty ScreenResolution") - } - if fp.ColorDepth == 0 { - t.Error("expected non-zero ColorDepth") - } - if fp.HardwareConcurrency == 0 { - t.Error("expected non-zero HardwareConcurrency") - } -} - -func TestGetFingerprint_SameTokenReturnsSameFingerprint(t *testing.T) { - fm := NewFingerprintManager() - fp1 := fm.GetFingerprint("token1") - fp2 := fm.GetFingerprint("token1") - - if fp1 != fp2 { - t.Error("expected same fingerprint for same token") - } -} - -func TestGetFingerprint_DifferentTokens(t *testing.T) { - fm := NewFingerprintManager() - fp1 := fm.GetFingerprint("token1") - fp2 := fm.GetFingerprint("token2") - - if fp1 == fp2 { - t.Error("expected different fingerprints for different tokens") - } -} - -func TestRemoveFingerprint(t *testing.T) { - fm := NewFingerprintManager() - fm.GetFingerprint("token1") - if fm.Count() != 1 { - t.Fatalf("expected count 1, got %d", fm.Count()) - } - - fm.RemoveFingerprint("token1") - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } -} - -func TestRemoveFingerprint_NonExistent(t *testing.T) { - fm := NewFingerprintManager() - fm.RemoveFingerprint("nonexistent") - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } -} - -func TestCount(t *testing.T) { - fm := NewFingerprintManager() - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } - - fm.GetFingerprint("token1") - fm.GetFingerprint("token2") - fm.GetFingerprint("token3") - - if fm.Count() != 3 { - t.Errorf("expected count 3, got %d", fm.Count()) - } -} - -func TestApplyToRequest(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - req, _ := http.NewRequest("GET", "http://example.com", nil) - fp.ApplyToRequest(req) - - if req.Header.Get("X-Kiro-SDK-Version") != fp.SDKVersion { - t.Error("X-Kiro-SDK-Version header mismatch") - } - if req.Header.Get("X-Kiro-OS-Type") != fp.OSType { - t.Error("X-Kiro-OS-Type header mismatch") - } - if req.Header.Get("X-Kiro-OS-Version") != fp.OSVersion { - t.Error("X-Kiro-OS-Version header mismatch") - } - if req.Header.Get("X-Kiro-Node-Version") != fp.NodeVersion { - t.Error("X-Kiro-Node-Version header mismatch") - } - if req.Header.Get("X-Kiro-Version") != fp.KiroVersion { - t.Error("X-Kiro-Version header mismatch") - } - if req.Header.Get("X-Kiro-Hash") != fp.KiroHash { - t.Error("X-Kiro-Hash header mismatch") - } - if req.Header.Get("Accept-Language") != fp.AcceptLanguage { - t.Error("Accept-Language header mismatch") - } - if req.Header.Get("X-Screen-Resolution") != fp.ScreenResolution { - t.Error("X-Screen-Resolution header mismatch") - } -} - -func TestGetFingerprint_OSVersionMatchesOSType(t *testing.T) { - fm := NewFingerprintManager() - - for i := 0; i < 20; i++ { - fp := fm.GetFingerprint("token" + string(rune('a'+i))) - validVersions := osVersions[fp.OSType] - found := false - for _, v := range validVersions { - if v == fp.OSVersion { - found = true - break - } - } - if !found { - t.Errorf("OS version %s not valid for OS type %s", fp.OSVersion, fp.OSType) - } - } -} - -func TestFingerprintManager_ConcurrentAccess(t *testing.T) { - fm := NewFingerprintManager() - const numGoroutines = 100 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - for j := 0; j < numOperations; j++ { - tokenKey := "token" + string(rune('a'+id%26)) - switch j % 4 { - case 0: - fm.GetFingerprint(tokenKey) - case 1: - fm.Count() - case 2: - fp := fm.GetFingerprint(tokenKey) - req, _ := http.NewRequest("GET", "http://example.com", nil) - fp.ApplyToRequest(req) - case 3: - fm.RemoveFingerprint(tokenKey) - } - } - }(i) - } - - wg.Wait() -} - -func TestKiroHashUniqueness(t *testing.T) { - fm := NewFingerprintManager() - hashes := make(map[string]bool) - - for i := 0; i < 100; i++ { - fp := fm.GetFingerprint("token" + string(rune(i))) - if hashes[fp.KiroHash] { - t.Errorf("duplicate KiroHash detected: %s", fp.KiroHash) - } - hashes[fp.KiroHash] = true - } -} - -func TestKiroHashFormat(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - if len(fp.KiroHash) != 64 { - t.Errorf("expected KiroHash length 64 (SHA256 hex), got %d", len(fp.KiroHash)) - } - - for _, c := range fp.KiroHash { - if (c < '0' || c > '9') && (c < 'a' || c > 'f') { - t.Errorf("invalid hex character in KiroHash: %c", c) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/http_roundtripper_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/http_roundtripper_test.go deleted file mode 100644 index 4bbfffa266..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/http_roundtripper_test.go +++ /dev/null @@ -1,9 +0,0 @@ -package kiro - -import "net/http" - -type roundTripperFunc func(*http.Request) (*http.Response, error) - -func (f roundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/jitter.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/jitter.go deleted file mode 100644 index fef2aea949..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/jitter.go +++ /dev/null @@ -1,174 +0,0 @@ -package kiro - -import ( - "math/rand" - "sync" - "time" -) - -// Jitter configuration constants -const ( - // JitterPercent is the default percentage of jitter to apply (±30%) - JitterPercent = 0.30 - - // Human-like delay ranges - ShortDelayMin = 50 * time.Millisecond // Minimum for rapid consecutive operations - ShortDelayMax = 200 * time.Millisecond // Maximum for rapid consecutive operations - NormalDelayMin = 1 * time.Second // Minimum for normal thinking time - NormalDelayMax = 3 * time.Second // Maximum for normal thinking time - LongDelayMin = 5 * time.Second // Minimum for reading/resting - LongDelayMax = 10 * time.Second // Maximum for reading/resting - - // Probability thresholds for human-like behavior - ShortDelayProbability = 0.20 // 20% chance of short delay (consecutive ops) - LongDelayProbability = 0.05 // 5% chance of long delay (reading/resting) - NormalDelayProbability = 0.75 // 75% chance of normal delay (thinking) -) - -var ( - jitterRand *rand.Rand - jitterRandOnce sync.Once - jitterMu sync.Mutex - lastRequestTime time.Time -) - -// initJitterRand initializes the random number generator for jitter calculations. -// Uses a time-based seed for unpredictable but reproducible randomness. -func initJitterRand() { - jitterRandOnce.Do(func() { - jitterRand = rand.New(rand.NewSource(time.Now().UnixNano())) - }) -} - -// RandomDelay generates a random delay between min and max duration. -// Thread-safe implementation using mutex protection. -func RandomDelay(min, max time.Duration) time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - if min >= max { - return min - } - - rangeMs := max.Milliseconds() - min.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return min + time.Duration(randomMs)*time.Millisecond -} - -// JitterDelay adds jitter to a base delay. -// Applies ±jitterPercent variation to the base delay. -// For example, JitterDelay(1*time.Second, 0.30) returns a value between 700ms and 1300ms. -func JitterDelay(baseDelay time.Duration, jitterPercent float64) time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - if jitterPercent <= 0 || jitterPercent > 1 { - jitterPercent = JitterPercent - } - - // Calculate jitter range: base * jitterPercent - jitterRange := float64(baseDelay) * jitterPercent - - // Generate random value in range [-jitterRange, +jitterRange] - jitter := (jitterRand.Float64()*2 - 1) * jitterRange - - result := time.Duration(float64(baseDelay) + jitter) - if result < 0 { - return 0 - } - return result -} - -// JitterDelayDefault applies the default ±30% jitter to a base delay. -func JitterDelayDefault(baseDelay time.Duration) time.Duration { - return JitterDelay(baseDelay, JitterPercent) -} - -// HumanLikeDelay generates a delay that mimics human behavior patterns. -// The delay is selected based on probability distribution: -// - 20% chance: Short delay (50-200ms) - simulates consecutive rapid operations -// - 75% chance: Normal delay (1-3s) - simulates thinking/reading time -// - 5% chance: Long delay (5-10s) - simulates breaks/reading longer content -// -// Returns the delay duration (caller should call time.Sleep with this value). -func HumanLikeDelay() time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - // Track time since last request for adaptive behavior - now := time.Now() - timeSinceLastRequest := now.Sub(lastRequestTime) - lastRequestTime = now - - // If requests are very close together, use short delay - if timeSinceLastRequest < 500*time.Millisecond && timeSinceLastRequest > 0 { - rangeMs := ShortDelayMax.Milliseconds() - ShortDelayMin.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return ShortDelayMin + time.Duration(randomMs)*time.Millisecond - } - - // Otherwise, use probability-based selection - roll := jitterRand.Float64() - - var min, max time.Duration - switch { - case roll < ShortDelayProbability: - // Short delay - consecutive operations - min, max = ShortDelayMin, ShortDelayMax - case roll < ShortDelayProbability+LongDelayProbability: - // Long delay - reading/resting - min, max = LongDelayMin, LongDelayMax - default: - // Normal delay - thinking time - min, max = NormalDelayMin, NormalDelayMax - } - - rangeMs := max.Milliseconds() - min.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return min + time.Duration(randomMs)*time.Millisecond -} - -// ApplyHumanLikeDelay applies human-like delay by sleeping. -// This is a convenience function that combines HumanLikeDelay with time.Sleep. -func ApplyHumanLikeDelay() { - delay := HumanLikeDelay() - if delay > 0 { - time.Sleep(delay) - } -} - -// ExponentialBackoffWithJitter calculates retry delay using exponential backoff with jitter. -// Formula: min(baseDelay * 2^attempt + jitter, maxDelay) -// This helps prevent thundering herd problem when multiple clients retry simultaneously. -func ExponentialBackoffWithJitter(attempt int, baseDelay, maxDelay time.Duration) time.Duration { - if attempt < 0 { - attempt = 0 - } - - // Calculate exponential backoff: baseDelay * 2^attempt - backoff := baseDelay * time.Duration(1< maxDelay { - backoff = maxDelay - } - - // Add ±30% jitter - return JitterDelay(backoff, JitterPercent) -} - -// ShouldSkipDelay determines if delay should be skipped based on context. -// Returns true for streaming responses, WebSocket connections, etc. -// This function can be extended to check additional skip conditions. -func ShouldSkipDelay(isStreaming bool) bool { - return isStreaming -} - -// ResetLastRequestTime resets the last request time tracker. -// Useful for testing or when starting a new session. -func ResetLastRequestTime() { - jitterMu.Lock() - defer jitterMu.Unlock() - lastRequestTime = time.Time{} -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/jitter_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/jitter_test.go deleted file mode 100644 index 7765a7b27a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/jitter_test.go +++ /dev/null @@ -1,81 +0,0 @@ -package kiro - -import ( - "testing" - "time" -) - -func TestRandomDelay(t *testing.T) { - min := 100 * time.Millisecond - max := 200 * time.Millisecond - for i := 0; i < 100; i++ { - d := RandomDelay(min, max) - if d < min || d > max { - t.Errorf("delay %v out of range [%v, %v]", d, min, max) - } - } - - if RandomDelay(max, min) != max { - t.Error("expected min when min >= max") - } -} - -func TestJitterDelay(t *testing.T) { - base := 1 * time.Second - for i := 0; i < 100; i++ { - d := JitterDelay(base, 0.3) - if d < 700*time.Millisecond || d > 1300*time.Millisecond { - t.Errorf("jitter delay %v out of range for base %v", d, base) - } - } - - d := JitterDelay(base, -1) - if d < 0 { - t.Errorf("jitterPercent -1 should use default, got %v", d) - } -} - -func TestJitterDelayDefault(t *testing.T) { - d := JitterDelayDefault(1 * time.Second) - if d < 700*time.Millisecond || d > 1300*time.Millisecond { - t.Errorf("default jitter failed: %v", d) - } -} - -func TestHumanLikeDelay(t *testing.T) { - ResetLastRequestTime() - d1 := HumanLikeDelay() - if d1 <= 0 { - t.Error("expected positive delay") - } - - // Rapid consecutive - d2 := HumanLikeDelay() - if d2 < ShortDelayMin || d2 > ShortDelayMax { - t.Errorf("rapid consecutive delay %v out of range [%v, %v]", d2, ShortDelayMin, ShortDelayMax) - } -} - -func TestExponentialBackoffWithJitter(t *testing.T) { - base := 1 * time.Second - max := 10 * time.Second - - d := ExponentialBackoffWithJitter(0, base, max) - if d < 700*time.Millisecond || d > 1300*time.Millisecond { - t.Errorf("attempt 0 failed: %v", d) - } - - d = ExponentialBackoffWithJitter(5, base, max) // 1s * 32 = 32s -> capped to 10s - if d < 7*time.Second || d > 13*time.Second { - t.Errorf("attempt 5 failed: %v", d) - } -} - -func TestShouldSkipDelay(t *testing.T) { - if !ShouldSkipDelay(true) { - t.Error("should skip for streaming") - } - if ShouldSkipDelay(false) { - t.Error("should not skip for non-streaming") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/metrics.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/metrics.go deleted file mode 100644 index f9540fc17f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/metrics.go +++ /dev/null @@ -1,187 +0,0 @@ -package kiro - -import ( - "math" - "sync" - "time" -) - -// TokenMetrics holds performance metrics for a single token. -type TokenMetrics struct { - SuccessRate float64 // Success rate (0.0 - 1.0) - AvgLatency float64 // Average latency in milliseconds - QuotaRemaining float64 // Remaining quota (0.0 - 1.0) - LastUsed time.Time // Last usage timestamp - FailCount int // Consecutive failure count - TotalRequests int // Total request count - successCount int // Internal: successful request count - totalLatency float64 // Internal: cumulative latency -} - -// TokenScorer manages token metrics and scoring. -type TokenScorer struct { - mu sync.RWMutex - metrics map[string]*TokenMetrics - - // Scoring weights - successRateWeight float64 - quotaWeight float64 - latencyWeight float64 - lastUsedWeight float64 - failPenaltyMultiplier float64 -} - -// NewTokenScorer creates a new TokenScorer with default weights. -func NewTokenScorer() *TokenScorer { - return &TokenScorer{ - metrics: make(map[string]*TokenMetrics), - successRateWeight: 0.4, - quotaWeight: 0.25, - latencyWeight: 0.2, - lastUsedWeight: 0.15, - failPenaltyMultiplier: 0.1, - } -} - -// getOrCreateMetrics returns existing metrics or creates new ones. -func (s *TokenScorer) getOrCreateMetrics(tokenKey string) *TokenMetrics { - if m, ok := s.metrics[tokenKey]; ok { - return m - } - m := &TokenMetrics{ - SuccessRate: 1.0, - QuotaRemaining: 1.0, - } - s.metrics[tokenKey] = m - return m -} - -// RecordRequest records the result of a request for a token. -func (s *TokenScorer) RecordRequest(tokenKey string, success bool, latency time.Duration) { - s.mu.Lock() - defer s.mu.Unlock() - - m := s.getOrCreateMetrics(tokenKey) - m.TotalRequests++ - m.LastUsed = time.Now() - m.totalLatency += float64(latency.Milliseconds()) - - if success { - m.successCount++ - m.FailCount = 0 - } else { - m.FailCount++ - } - - // Update derived metrics - if m.TotalRequests > 0 { - m.SuccessRate = float64(m.successCount) / float64(m.TotalRequests) - m.AvgLatency = m.totalLatency / float64(m.TotalRequests) - } -} - -// SetQuotaRemaining updates the remaining quota for a token. -func (s *TokenScorer) SetQuotaRemaining(tokenKey string, quota float64) { - s.mu.Lock() - defer s.mu.Unlock() - - m := s.getOrCreateMetrics(tokenKey) - m.QuotaRemaining = quota -} - -// GetMetrics returns a copy of the metrics for a token. -func (s *TokenScorer) GetMetrics(tokenKey string) *TokenMetrics { - s.mu.RLock() - defer s.mu.RUnlock() - - if m, ok := s.metrics[tokenKey]; ok { - copy := *m - return © - } - return nil -} - -// CalculateScore computes the score for a token (higher is better). -func (s *TokenScorer) CalculateScore(tokenKey string) float64 { - s.mu.RLock() - defer s.mu.RUnlock() - - m, ok := s.metrics[tokenKey] - if !ok { - return 1.0 // New tokens get a high initial score - } - - // Success rate component (0-1) - successScore := m.SuccessRate - - // Quota component (0-1) - quotaScore := m.QuotaRemaining - - // Latency component (normalized, lower is better) - // Using exponential decay: score = e^(-latency/1000) - // 1000ms latency -> ~0.37 score, 100ms -> ~0.90 score - latencyScore := math.Exp(-m.AvgLatency / 1000.0) - if m.TotalRequests == 0 { - latencyScore = 1.0 - } - - // Last used component (prefer tokens not recently used) - // Score increases as time since last use increases - timeSinceUse := time.Since(m.LastUsed).Seconds() - // Normalize: 60 seconds -> ~0.63 score, 0 seconds -> 0 score - lastUsedScore := 1.0 - math.Exp(-timeSinceUse/60.0) - if m.LastUsed.IsZero() { - lastUsedScore = 1.0 - } - - // Calculate weighted score - score := s.successRateWeight*successScore + - s.quotaWeight*quotaScore + - s.latencyWeight*latencyScore + - s.lastUsedWeight*lastUsedScore - - // Apply consecutive failure penalty - if m.FailCount > 0 { - penalty := s.failPenaltyMultiplier * float64(m.FailCount) - score = score * math.Max(0, 1.0-penalty) - } - - return score -} - -// SelectBestToken selects the token with the highest score. -func (s *TokenScorer) SelectBestToken(tokens []string) string { - if len(tokens) == 0 { - return "" - } - if len(tokens) == 1 { - return tokens[0] - } - - bestToken := tokens[0] - bestScore := s.CalculateScore(tokens[0]) - - for _, token := range tokens[1:] { - score := s.CalculateScore(token) - if score > bestScore { - bestScore = score - bestToken = token - } - } - - return bestToken -} - -// ResetMetrics clears all metrics for a token. -func (s *TokenScorer) ResetMetrics(tokenKey string) { - s.mu.Lock() - defer s.mu.Unlock() - delete(s.metrics, tokenKey) -} - -// ResetAllMetrics clears all stored metrics. -func (s *TokenScorer) ResetAllMetrics() { - s.mu.Lock() - defer s.mu.Unlock() - s.metrics = make(map[string]*TokenMetrics) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/metrics_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/metrics_test.go deleted file mode 100644 index ffe2a876a3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/metrics_test.go +++ /dev/null @@ -1,301 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewTokenScorer(t *testing.T) { - s := NewTokenScorer() - if s == nil { - t.Fatal("expected non-nil TokenScorer") - } - if s.metrics == nil { - t.Error("expected non-nil metrics map") - } - if s.successRateWeight != 0.4 { - t.Errorf("expected successRateWeight 0.4, got %f", s.successRateWeight) - } - if s.quotaWeight != 0.25 { - t.Errorf("expected quotaWeight 0.25, got %f", s.quotaWeight) - } -} - -func TestRecordRequest_Success(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m == nil { - t.Fatal("expected non-nil metrics") - } - if m.TotalRequests != 1 { - t.Errorf("expected TotalRequests 1, got %d", m.TotalRequests) - } - if m.SuccessRate != 1.0 { - t.Errorf("expected SuccessRate 1.0, got %f", m.SuccessRate) - } - if m.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", m.FailCount) - } - if m.AvgLatency != 100 { - t.Errorf("expected AvgLatency 100, got %f", m.AvgLatency) - } -} - -func TestRecordRequest_Failure(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", false, 200*time.Millisecond) - - m := s.GetMetrics("token1") - if m.SuccessRate != 0.0 { - t.Errorf("expected SuccessRate 0.0, got %f", m.SuccessRate) - } - if m.FailCount != 1 { - t.Errorf("expected FailCount 1, got %d", m.FailCount) - } -} - -func TestRecordRequest_MixedResults(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.TotalRequests != 4 { - t.Errorf("expected TotalRequests 4, got %d", m.TotalRequests) - } - if m.SuccessRate != 0.75 { - t.Errorf("expected SuccessRate 0.75, got %f", m.SuccessRate) - } - if m.FailCount != 0 { - t.Errorf("expected FailCount 0 (reset on success), got %d", m.FailCount) - } -} - -func TestRecordRequest_ConsecutiveFailures(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.FailCount != 3 { - t.Errorf("expected FailCount 3, got %d", m.FailCount) - } -} - -func TestSetQuotaRemaining(t *testing.T) { - s := NewTokenScorer() - s.SetQuotaRemaining("token1", 0.5) - - m := s.GetMetrics("token1") - if m.QuotaRemaining != 0.5 { - t.Errorf("expected QuotaRemaining 0.5, got %f", m.QuotaRemaining) - } -} - -func TestGetMetrics_NonExistent(t *testing.T) { - s := NewTokenScorer() - m := s.GetMetrics("nonexistent") - if m != nil { - t.Error("expected nil metrics for non-existent token") - } -} - -func TestGetMetrics_ReturnsCopy(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m1 := s.GetMetrics("token1") - m1.TotalRequests = 999 - - m2 := s.GetMetrics("token1") - if m2.TotalRequests == 999 { - t.Error("GetMetrics should return a copy") - } -} - -func TestCalculateScore_NewToken(t *testing.T) { - s := NewTokenScorer() - score := s.CalculateScore("newtoken") - if score != 1.0 { - t.Errorf("expected score 1.0 for new token, got %f", score) - } -} - -func TestCalculateScore_PerfectToken(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 50*time.Millisecond) - s.SetQuotaRemaining("token1", 1.0) - - time.Sleep(100 * time.Millisecond) - score := s.CalculateScore("token1") - if score < 0.5 || score > 1.0 { - t.Errorf("expected high score for perfect token, got %f", score) - } -} - -func TestCalculateScore_FailedToken(t *testing.T) { - s := NewTokenScorer() - for i := 0; i < 5; i++ { - s.RecordRequest("token1", false, 1000*time.Millisecond) - } - s.SetQuotaRemaining("token1", 0.1) - - score := s.CalculateScore("token1") - if score > 0.5 { - t.Errorf("expected low score for failed token, got %f", score) - } -} - -func TestCalculateScore_FailPenalty(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - scoreNoFail := s.CalculateScore("token1") - - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - scoreWithFail := s.CalculateScore("token1") - - if scoreWithFail >= scoreNoFail { - t.Errorf("expected lower score with consecutive failures: noFail=%f, withFail=%f", scoreNoFail, scoreWithFail) - } -} - -func TestSelectBestToken_Empty(t *testing.T) { - s := NewTokenScorer() - best := s.SelectBestToken([]string{}) - if best != "" { - t.Errorf("expected empty string for empty tokens, got %s", best) - } -} - -func TestSelectBestToken_SingleToken(t *testing.T) { - s := NewTokenScorer() - best := s.SelectBestToken([]string{"token1"}) - if best != "token1" { - t.Errorf("expected token1, got %s", best) - } -} - -func TestSelectBestToken_MultipleTokens(t *testing.T) { - s := NewTokenScorer() - - s.RecordRequest("bad", false, 1000*time.Millisecond) - s.RecordRequest("bad", false, 1000*time.Millisecond) - s.SetQuotaRemaining("bad", 0.1) - - s.RecordRequest("good", true, 50*time.Millisecond) - s.SetQuotaRemaining("good", 0.9) - - time.Sleep(50 * time.Millisecond) - - best := s.SelectBestToken([]string{"bad", "good"}) - if best != "good" { - t.Errorf("expected good token to be selected, got %s", best) - } -} - -func TestResetMetrics(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.ResetMetrics("token1") - - m := s.GetMetrics("token1") - if m != nil { - t.Error("expected nil metrics after reset") - } -} - -func TestResetAllMetrics(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token2", true, 100*time.Millisecond) - s.RecordRequest("token3", true, 100*time.Millisecond) - - s.ResetAllMetrics() - - if s.GetMetrics("token1") != nil { - t.Error("expected nil metrics for token1 after reset all") - } - if s.GetMetrics("token2") != nil { - t.Error("expected nil metrics for token2 after reset all") - } -} - -func TestTokenScorer_ConcurrentAccess(t *testing.T) { - s := NewTokenScorer() - const numGoroutines = 50 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - s.RecordRequest(tokenKey, j%2 == 0, time.Duration(j)*time.Millisecond) - case 1: - s.SetQuotaRemaining(tokenKey, float64(j%100)/100) - case 2: - s.GetMetrics(tokenKey) - case 3: - s.CalculateScore(tokenKey) - case 4: - s.SelectBestToken([]string{tokenKey, "token_x", "token_y"}) - case 5: - if j%20 == 0 { - s.ResetMetrics(tokenKey) - } - } - } - }(i) - } - - wg.Wait() -} - -func TestAvgLatencyCalculation(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", true, 200*time.Millisecond) - s.RecordRequest("token1", true, 300*time.Millisecond) - - m := s.GetMetrics("token1") - if m.AvgLatency != 200 { - t.Errorf("expected AvgLatency 200, got %f", m.AvgLatency) - } -} - -func TestLastUsedUpdated(t *testing.T) { - s := NewTokenScorer() - before := time.Now() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.LastUsed.Before(before) { - t.Error("expected LastUsed to be after test start time") - } - if m.LastUsed.After(time.Now()) { - t.Error("expected LastUsed to be before or equal to now") - } -} - -func TestDefaultQuotaForNewToken(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.QuotaRemaining != 1.0 { - t.Errorf("expected default QuotaRemaining 1.0, got %f", m.QuotaRemaining) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth.go deleted file mode 100644 index 31c1d64398..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth.go +++ /dev/null @@ -1,157 +0,0 @@ -// Package kiro provides OAuth2 authentication for Kiro using native Google login. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro auth endpoint - kiroAuthEndpoint = "https://prod.us-east-1.auth.desktop.kiro.dev" -) - -// KiroTokenResponse represents the response from Kiro token endpoint. -type KiroTokenResponse struct { - AccessToken string `json:"accessToken"` - RefreshToken string `json:"refreshToken"` - ProfileArn string `json:"profileArn"` - ExpiresIn int `json:"expiresIn"` -} - -// KiroOAuth handles the OAuth flow for Kiro authentication. -type KiroOAuth struct { - httpClient *http.Client - cfg *config.Config -} - -// NewKiroOAuth creates a new Kiro OAuth handler. -func NewKiroOAuth(cfg *config.Config) *KiroOAuth { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &KiroOAuth{ - httpClient: client, - cfg: cfg, - } -} - -// LoginWithBuilderID performs OAuth login with AWS Builder ID using device code flow. -func (o *KiroOAuth) LoginWithBuilderID(ctx context.Context) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(o.cfg) - return ssoClient.LoginWithBuilderID(ctx) -} - -// LoginWithBuilderIDAuthCode performs OAuth login with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (o *KiroOAuth) LoginWithBuilderIDAuthCode(ctx context.Context) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(o.cfg) - return ssoClient.LoginWithBuilderIDAuthCode(ctx) -} - -// RefreshToken refreshes an expired access token. -// Uses KiroIDE-style User-Agent to match official Kiro IDE behavior. -func (o *KiroOAuth) RefreshToken(ctx context.Context, refreshToken string) (*KiroTokenData, error) { - return o.RefreshTokenWithFingerprint(ctx, refreshToken, "") -} - -// RefreshTokenWithFingerprint refreshes an expired access token with a specific fingerprint. -// tokenKey is used to generate a consistent fingerprint for the token. -func (o *KiroOAuth) RefreshTokenWithFingerprint(ctx context.Context, refreshToken, tokenKey string) (*KiroTokenData, error) { - payload := map[string]string{ - "refreshToken": refreshToken, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - refreshURL := kiroAuthEndpoint + "/refreshToken" - req, err := http.NewRequestWithContext(ctx, http.MethodPost, refreshURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - - // Use KiroIDE-style User-Agent to match official Kiro IDE behavior - // This helps avoid 403 errors from server-side User-Agent validation - userAgent := buildKiroUserAgent(tokenKey) - req.Header.Set("User-Agent", userAgent) - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("refresh request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - } - - var tokenResp KiroTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// buildKiroUserAgent builds a KiroIDE-style User-Agent string. -// If tokenKey is provided, uses fingerprint manager for consistent fingerprint. -// Otherwise generates a simple KiroIDE User-Agent. -func buildKiroUserAgent(tokenKey string) string { - if tokenKey != "" { - fm := NewFingerprintManager() - fp := fm.GetFingerprint(tokenKey) - return fmt.Sprintf("KiroIDE-%s-%s", fp.KiroVersion, fp.KiroHash[:16]) - } - // Default KiroIDE User-Agent matching kiro-openai-gateway format - return "KiroIDE-0.7.45-cli-proxy-api" -} - -// LoginWithGoogle performs OAuth login with Google using Kiro's social auth. -// This uses a custom protocol handler (kiro://) to receive the callback. -func (o *KiroOAuth) LoginWithGoogle(ctx context.Context) (*KiroTokenData, error) { - socialClient := NewSocialAuthClient(o.cfg) - return socialClient.LoginWithGoogle(ctx) -} - -// LoginWithGitHub performs OAuth login with GitHub using Kiro's social auth. -// This uses a custom protocol handler (kiro://) to receive the callback. -func (o *KiroOAuth) LoginWithGitHub(ctx context.Context) (*KiroTokenData, error) { - socialClient := NewSocialAuthClient(o.cfg) - return socialClient.LoginWithGitHub(ctx) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth_web.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth_web.go deleted file mode 100644 index 0d7fab4940..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth_web.go +++ /dev/null @@ -1,912 +0,0 @@ -// Package kiro provides OAuth Web authentication for Kiro. -package kiro - -import ( - "context" - "crypto/rand" - "encoding/base64" - "encoding/json" - "fmt" - "html/template" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - defaultSessionExpiry = 10 * time.Minute - pollIntervalSeconds = 5 -) - -type authSessionStatus string - -const ( - statusPending authSessionStatus = "pending" - statusSuccess authSessionStatus = "success" - statusFailed authSessionStatus = "failed" -) - -type webAuthSession struct { - stateID string - deviceCode string - userCode string - authURL string - verificationURI string - expiresIn int - interval int - status authSessionStatus - startedAt time.Time - completedAt time.Time - expiresAt time.Time - error string - tokenData *KiroTokenData - ssoClient *SSOOIDCClient - clientID string - clientSecret string - region string - cancelFunc context.CancelFunc - authMethod string // "google", "github", "builder-id", "idc" - startURL string // Used for IDC - codeVerifier string // Used for social auth PKCE -} - -type OAuthWebHandler struct { - cfg *config.Config - sessions map[string]*webAuthSession - mu sync.RWMutex - onTokenObtained func(*KiroTokenData) -} - -func NewOAuthWebHandler(cfg *config.Config) *OAuthWebHandler { - return &OAuthWebHandler{ - cfg: cfg, - sessions: make(map[string]*webAuthSession), - } -} - -func (h *OAuthWebHandler) SetTokenCallback(callback func(*KiroTokenData)) { - h.onTokenObtained = callback -} - -func (h *OAuthWebHandler) RegisterRoutes(router gin.IRouter) { - oauth := router.Group("/v0/oauth/kiro") - { - oauth.GET("", h.handleSelect) - oauth.GET("/start", h.handleStart) - oauth.GET("/callback", h.handleCallback) - oauth.GET("/social/callback", h.handleSocialCallback) - oauth.GET("/status", h.handleStatus) - oauth.POST("/import", h.handleImportToken) - oauth.POST("/refresh", h.handleManualRefresh) - } -} - -func generateStateID() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -func (h *OAuthWebHandler) handleSelect(c *gin.Context) { - h.renderSelectPage(c) -} - -func (h *OAuthWebHandler) handleStart(c *gin.Context) { - method := c.Query("method") - - if method == "" { - c.Redirect(http.StatusFound, "/v0/oauth/kiro") - return - } - - switch method { - case "google", "github": - // Google/GitHub social login is not supported for third-party apps - // due to AWS Cognito redirect_uri restrictions - h.renderError(c, "Google/GitHub login is not available for third-party applications. Please use AWS Builder ID or import your token from Kiro IDE.") - case "builder-id": - h.startBuilderIDAuth(c) - case "idc": - h.startIDCAuth(c) - default: - h.renderError(c, fmt.Sprintf("Unknown authentication method: %s", method)) - } -} - -func (h *OAuthWebHandler) getSocialCallbackURL(c *gin.Context) string { - scheme := "http" - if c.Request.TLS != nil || c.GetHeader("X-Forwarded-Proto") == "https" { - scheme = "https" - } - return fmt.Sprintf("%s://%s/v0/oauth/kiro/social/callback", scheme, c.Request.Host) -} - -func (h *OAuthWebHandler) startBuilderIDAuth(c *gin.Context) { - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - region := defaultIDCRegion - startURL := builderIDStartURL - - ssoClient := NewSSOOIDCClient(h.cfg) - - regResp, err := ssoClient.RegisterClientWithRegion(c.Request.Context(), region) - if err != nil { - log.Errorf("OAuth Web: failed to register client: %v", err) - h.renderError(c, fmt.Sprintf("Failed to register client: %v", err)) - return - } - - authResp, err := ssoClient.StartDeviceAuthorizationWithIDC( - c.Request.Context(), - regResp.ClientID, - regResp.ClientSecret, - startURL, - region, - ) - if err != nil { - log.Errorf("OAuth Web: failed to start device authorization: %v", err) - h.renderError(c, fmt.Sprintf("Failed to start device authorization: %v", err)) - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(authResp.ExpiresIn)*time.Second) - - session := &webAuthSession{ - stateID: stateID, - deviceCode: authResp.DeviceCode, - userCode: authResp.UserCode, - authURL: authResp.VerificationURIComplete, - verificationURI: authResp.VerificationURI, - expiresIn: authResp.ExpiresIn, - interval: authResp.Interval, - status: statusPending, - startedAt: time.Now(), - ssoClient: ssoClient, - clientID: regResp.ClientID, - clientSecret: regResp.ClientSecret, - region: region, - authMethod: "builder-id", - startURL: startURL, - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go h.pollForToken(ctx, session) - - h.renderStartPage(c, session) -} - -func (h *OAuthWebHandler) startIDCAuth(c *gin.Context) { - startURL := c.Query("startUrl") - region := c.Query("region") - - if startURL == "" { - h.renderError(c, "Missing startUrl parameter for IDC authentication") - return - } - if region == "" { - region = defaultIDCRegion - } - - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - ssoClient := NewSSOOIDCClient(h.cfg) - - regResp, err := ssoClient.RegisterClientWithRegion(c.Request.Context(), region) - if err != nil { - log.Errorf("OAuth Web: failed to register client: %v", err) - h.renderError(c, fmt.Sprintf("Failed to register client: %v", err)) - return - } - - authResp, err := ssoClient.StartDeviceAuthorizationWithIDC( - c.Request.Context(), - regResp.ClientID, - regResp.ClientSecret, - startURL, - region, - ) - if err != nil { - log.Errorf("OAuth Web: failed to start device authorization: %v", err) - h.renderError(c, fmt.Sprintf("Failed to start device authorization: %v", err)) - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(authResp.ExpiresIn)*time.Second) - - session := &webAuthSession{ - stateID: stateID, - deviceCode: authResp.DeviceCode, - userCode: authResp.UserCode, - authURL: authResp.VerificationURIComplete, - verificationURI: authResp.VerificationURI, - expiresIn: authResp.ExpiresIn, - interval: authResp.Interval, - status: statusPending, - startedAt: time.Now(), - ssoClient: ssoClient, - clientID: regResp.ClientID, - clientSecret: regResp.ClientSecret, - region: region, - authMethod: "idc", - startURL: startURL, - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go h.pollForToken(ctx, session) - - h.renderStartPage(c, session) -} - -func (h *OAuthWebHandler) pollForToken(ctx context.Context, session *webAuthSession) { - defer session.cancelFunc() - - interval := time.Duration(session.interval) * time.Second - if interval < time.Duration(pollIntervalSeconds)*time.Second { - interval = time.Duration(pollIntervalSeconds) * time.Second - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - h.mu.Lock() - if session.status == statusPending { - session.status = statusFailed - session.error = "Authentication timed out" - } - h.mu.Unlock() - return - case <-ticker.C: - tokenResp, err := h.ssoClient(session).CreateTokenWithRegion( - ctx, - session.clientID, - session.clientSecret, - session.deviceCode, - session.region, - ) - - if err != nil { - errStr := err.Error() - if errStr == ErrAuthorizationPending.Error() { - continue - } - if errStr == ErrSlowDown.Error() { - interval += 5 * time.Second - ticker.Reset(interval) - continue - } - - h.mu.Lock() - session.status = statusFailed - session.error = errStr - session.completedAt = time.Now() - h.mu.Unlock() - - log.Errorf("OAuth Web: token polling failed: %v", err) - return - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - profileArn := session.ssoClient.fetchProfileArn(ctx, tokenResp.AccessToken) - email := FetchUserEmailWithFallback(ctx, h.cfg, tokenResp.AccessToken) - - tokenData := &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: session.authMethod, - Provider: "AWS", - ClientID: session.clientID, - ClientSecret: session.clientSecret, - Email: email, - Region: session.region, - StartURL: session.startURL, - } - - h.mu.Lock() - session.status = statusSuccess - session.completedAt = time.Now() - session.expiresAt = expiresAt - session.tokenData = tokenData - h.mu.Unlock() - - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - log.Infof("OAuth Web: authentication successful for %s", email) - return - } - } -} - -// saveTokenToFile saves the token data to the auth directory -func (h *OAuthWebHandler) saveTokenToFile(tokenData *KiroTokenData) { - // Get auth directory from config or use default - authDir := "" - if h.cfg != nil && h.cfg.AuthDir != "" { - var err error - authDir, err = util.ResolveAuthDir(h.cfg.AuthDir) - if err != nil { - log.Errorf("OAuth Web: failed to resolve auth directory: %v", err) - } - } - - // Fall back to default location - if authDir == "" { - home, err := os.UserHomeDir() - if err != nil { - log.Errorf("OAuth Web: failed to get home directory: %v", err) - return - } - authDir = filepath.Join(home, ".cli-proxy-api") - } - - // Create directory if not exists - if err := os.MkdirAll(authDir, 0700); err != nil { - log.Errorf("OAuth Web: failed to create auth directory: %v", err) - return - } - - // Generate filename using the unified function - fileName := GenerateTokenFileName(tokenData) - - authFilePath := filepath.Join(authDir, fileName) - - // Convert to storage format and save - storage := &KiroTokenStorage{ - Type: "kiro", - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - ProfileArn: tokenData.ProfileArn, - ExpiresAt: tokenData.ExpiresAt, - AuthMethod: tokenData.AuthMethod, - Provider: tokenData.Provider, - LastRefresh: time.Now().Format(time.RFC3339), - ClientID: tokenData.ClientID, - ClientSecret: tokenData.ClientSecret, - Region: tokenData.Region, - StartURL: tokenData.StartURL, - Email: tokenData.Email, - } - - if err := storage.SaveTokenToFile(authFilePath); err != nil { - log.Errorf("OAuth Web: failed to save token to file: %v", err) - return - } - - log.Infof("OAuth Web: token saved to %s", authFilePath) -} - -func (h *OAuthWebHandler) ssoClient(session *webAuthSession) *SSOOIDCClient { - return session.ssoClient -} - -func (h *OAuthWebHandler) handleCallback(c *gin.Context) { - stateID := c.Query("state") - errParam := c.Query("error") - - if errParam != "" { - h.renderError(c, errParam) - return - } - - if stateID == "" { - h.renderError(c, "Missing state parameter") - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - h.renderError(c, "Invalid or expired session") - return - } - - switch session.status { - case statusSuccess: - h.renderSuccess(c, session) - case statusFailed: - h.renderError(c, session.error) - default: - c.Redirect(http.StatusFound, "/v0/oauth/kiro/start") - } -} - -func (h *OAuthWebHandler) handleSocialCallback(c *gin.Context) { - stateID := c.Query("state") - code := c.Query("code") - errParam := c.Query("error") - - if errParam != "" { - h.renderError(c, errParam) - return - } - - if stateID == "" { - h.renderError(c, "Missing state parameter") - return - } - - if code == "" { - h.renderError(c, "Missing authorization code") - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - h.renderError(c, "Invalid or expired session") - return - } - - if session.authMethod != "google" && session.authMethod != "github" { - h.renderError(c, "Invalid session type for social callback") - return - } - - socialClient := NewSocialAuthClient(h.cfg) - redirectURI := h.getSocialCallbackURL(c) - - tokenReq := &CreateTokenRequest{ - Code: code, - CodeVerifier: session.codeVerifier, - RedirectURI: redirectURI, - } - - tokenResp, err := socialClient.CreateToken(c.Request.Context(), tokenReq) - if err != nil { - log.Errorf("OAuth Web: social token exchange failed: %v", err) - h.mu.Lock() - session.status = statusFailed - session.error = fmt.Sprintf("Token exchange failed: %v", err) - session.completedAt = time.Now() - h.mu.Unlock() - h.renderError(c, session.error) - return - } - - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - email := ExtractEmailFromJWT(tokenResp.AccessToken) - - var provider string - if session.authMethod == "google" { - provider = string(ProviderGoogle) - } else { - provider = string(ProviderGitHub) - } - - tokenData := &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: session.authMethod, - Provider: provider, - Email: email, - Region: "us-east-1", - } - - h.mu.Lock() - session.status = statusSuccess - session.completedAt = time.Now() - session.expiresAt = expiresAt - session.tokenData = tokenData - h.mu.Unlock() - - if session.cancelFunc != nil { - session.cancelFunc() - } - - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - log.Infof("OAuth Web: social authentication successful for %s via %s", email, provider) - h.renderSuccess(c, session) -} - -func (h *OAuthWebHandler) handleStatus(c *gin.Context) { - stateID := c.Query("state") - if stateID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing state parameter"}) - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - c.JSON(http.StatusNotFound, gin.H{"error": "session not found"}) - return - } - - response := gin.H{ - "status": string(session.status), - } - - switch session.status { - case statusPending: - elapsed := time.Since(session.startedAt).Seconds() - remaining := float64(session.expiresIn) - elapsed - if remaining < 0 { - remaining = 0 - } - response["remaining_seconds"] = int(remaining) - case statusSuccess: - response["completed_at"] = session.completedAt.Format(time.RFC3339) - response["expires_at"] = session.expiresAt.Format(time.RFC3339) - case statusFailed: - response["error"] = session.error - response["failed_at"] = session.completedAt.Format(time.RFC3339) - } - - c.JSON(http.StatusOK, response) -} - -func (h *OAuthWebHandler) renderStartPage(c *gin.Context, session *webAuthSession) { - tmpl, err := template.New("start").Parse(oauthWebStartPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "AuthURL": session.authURL, - "UserCode": session.userCode, - "ExpiresIn": session.expiresIn, - "StateID": session.stateID, - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render template: %v", err) - } -} - -func (h *OAuthWebHandler) renderSelectPage(c *gin.Context) { - tmpl, err := template.New("select").Parse(oauthWebSelectPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse select template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, nil); err != nil { - log.Errorf("OAuth Web: failed to render select template: %v", err) - } -} - -func (h *OAuthWebHandler) renderError(c *gin.Context, errMsg string) { - tmpl, err := template.New("error").Parse(oauthWebErrorPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse error template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "Error": errMsg, - } - - c.Header("Content-Type", "text/html; charset=utf-8") - c.Status(http.StatusBadRequest) - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render error template: %v", err) - } -} - -func (h *OAuthWebHandler) renderSuccess(c *gin.Context, session *webAuthSession) { - tmpl, err := template.New("success").Parse(oauthWebSuccessPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse success template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "ExpiresAt": session.expiresAt.Format(time.RFC3339), - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render success template: %v", err) - } -} - -func (h *OAuthWebHandler) CleanupExpiredSessions() { - h.mu.Lock() - defer h.mu.Unlock() - - now := time.Now() - for id, session := range h.sessions { - if session.status != statusPending && now.Sub(session.completedAt) > 30*time.Minute { - delete(h.sessions, id) - } else if session.status == statusPending && now.Sub(session.startedAt) > defaultSessionExpiry { - session.cancelFunc() - delete(h.sessions, id) - } - } -} - -func (h *OAuthWebHandler) GetSession(stateID string) (*webAuthSession, bool) { - h.mu.RLock() - defer h.mu.RUnlock() - session, exists := h.sessions[stateID] - return session, exists -} - -// ImportTokenRequest represents the request body for token import -type ImportTokenRequest struct { - RefreshToken string `json:"refreshToken"` -} - -// handleImportToken handles manual refresh token import from Kiro IDE -func (h *OAuthWebHandler) handleImportToken(c *gin.Context) { - var req ImportTokenRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Invalid request body", - }) - return - } - - refreshToken := strings.TrimSpace(req.RefreshToken) - if refreshToken == "" { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Refresh token is required", - }) - return - } - - // Validate token format - if !strings.HasPrefix(refreshToken, "aorAAAAAG") { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Invalid token format. Token should start with aorAAAAAG...", - }) - return - } - - // Create social auth client to refresh and validate the token - socialClient := NewSocialAuthClient(h.cfg) - - // Refresh the token to validate it and get access token - tokenData, err := socialClient.RefreshSocialToken(c.Request.Context(), refreshToken) - if err != nil { - log.Errorf("OAuth Web: token refresh failed during import: %v", err) - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": fmt.Sprintf("Token validation failed: %v", err), - }) - return - } - - // Set the original refresh token (the refreshed one might be empty) - if tokenData.RefreshToken == "" { - tokenData.RefreshToken = refreshToken - } - tokenData.AuthMethod = "social" - tokenData.Provider = "imported" - - // Notify callback if set - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - // Generate filename for response using the unified function - fileName := GenerateTokenFileName(tokenData) - - log.Infof("OAuth Web: token imported successfully") - c.JSON(http.StatusOK, gin.H{ - "success": true, - "message": "Token imported successfully", - "fileName": fileName, - }) -} - -// handleManualRefresh handles manual token refresh requests from the web UI. -// This allows users to trigger a token refresh when needed, without waiting -// for the automatic 30-second check and 20-minute-before-expiry refresh cycle. -// Uses the same refresh logic as kiro_executor.Refresh for consistency. -func (h *OAuthWebHandler) handleManualRefresh(c *gin.Context) { - authDir := "" - if h.cfg != nil && h.cfg.AuthDir != "" { - var err error - authDir, err = util.ResolveAuthDir(h.cfg.AuthDir) - if err != nil { - log.Errorf("OAuth Web: failed to resolve auth directory: %v", err) - } - } - - if authDir == "" { - home, err := os.UserHomeDir() - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "success": false, - "error": "Failed to get home directory", - }) - return - } - authDir = filepath.Join(home, ".cli-proxy-api") - } - - // Find all kiro token files in the auth directory - files, err := os.ReadDir(authDir) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "success": false, - "error": fmt.Sprintf("Failed to read auth directory: %v", err), - }) - return - } - - var refreshedCount int - var errors []string - - for _, file := range files { - if file.IsDir() { - continue - } - name := file.Name() - if !strings.HasPrefix(name, "kiro-") || !strings.HasSuffix(name, ".json") { - continue - } - - filePath := filepath.Join(authDir, name) - data, err := os.ReadFile(filePath) - if err != nil { - errors = append(errors, fmt.Sprintf("%s: read error - %v", name, err)) - continue - } - - var storage KiroTokenStorage - if err := json.Unmarshal(data, &storage); err != nil { - errors = append(errors, fmt.Sprintf("%s: parse error - %v", name, err)) - continue - } - - if storage.RefreshToken == "" { - errors = append(errors, fmt.Sprintf("%s: no refresh token", name)) - continue - } - - // Refresh token using the same logic as kiro_executor.Refresh - tokenData, err := h.refreshTokenData(c.Request.Context(), &storage) - if err != nil { - errors = append(errors, fmt.Sprintf("%s: refresh failed - %v", name, err)) - continue - } - - // Update storage with new token data - storage.AccessToken = tokenData.AccessToken - if tokenData.RefreshToken != "" { - storage.RefreshToken = tokenData.RefreshToken - } - storage.ExpiresAt = tokenData.ExpiresAt - storage.LastRefresh = time.Now().Format(time.RFC3339) - if tokenData.ProfileArn != "" { - storage.ProfileArn = tokenData.ProfileArn - } - - // Write updated token back to file - updatedData, err := json.MarshalIndent(storage, "", " ") - if err != nil { - errors = append(errors, fmt.Sprintf("%s: marshal error - %v", name, err)) - continue - } - - tmpFile := filePath + ".tmp" - if err := os.WriteFile(tmpFile, updatedData, 0600); err != nil { - errors = append(errors, fmt.Sprintf("%s: write error - %v", name, err)) - continue - } - if err := os.Rename(tmpFile, filePath); err != nil { - errors = append(errors, fmt.Sprintf("%s: rename error - %v", name, err)) - continue - } - - log.Infof("OAuth Web: manually refreshed token in %s, expires at %s", name, tokenData.ExpiresAt) - refreshedCount++ - - // Notify callback if set - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - } - - if refreshedCount == 0 && len(errors) > 0 { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": fmt.Sprintf("All refresh attempts failed: %v", errors), - }) - return - } - - response := gin.H{ - "success": true, - "message": fmt.Sprintf("Refreshed %d token(s)", refreshedCount), - "refreshedCount": refreshedCount, - } - if len(errors) > 0 { - response["warnings"] = errors - } - - c.JSON(http.StatusOK, response) -} - -// refreshTokenData refreshes a token using the appropriate method based on auth type. -// This mirrors the logic in kiro_executor.Refresh for consistency. -func (h *OAuthWebHandler) refreshTokenData(ctx context.Context, storage *KiroTokenStorage) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(h.cfg) - - switch { - case storage.ClientID != "" && storage.ClientSecret != "" && storage.AuthMethod == "idc" && storage.Region != "": - // IDC refresh with region-specific endpoint - log.Debugf("OAuth Web: using SSO OIDC refresh for IDC (region=%s)", storage.Region) - return ssoClient.RefreshTokenWithRegion(ctx, storage.ClientID, storage.ClientSecret, storage.RefreshToken, storage.Region, storage.StartURL) - - case storage.ClientID != "" && storage.ClientSecret != "" && storage.AuthMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("OAuth Web: using SSO OIDC refresh for AWS Builder ID") - return ssoClient.RefreshToken(ctx, storage.ClientID, storage.ClientSecret, storage.RefreshToken) - - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("OAuth Web: using Kiro OAuth refresh endpoint") - oauth := NewKiroOAuth(h.cfg) - return oauth.RefreshToken(ctx, storage.RefreshToken) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth_web_templates.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth_web_templates.go deleted file mode 100644 index 228677a511..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/oauth_web_templates.go +++ /dev/null @@ -1,779 +0,0 @@ -// Package kiro provides OAuth Web authentication templates. -package kiro - -const ( - oauthWebStartPageHTML = ` - - - - - AWS SSO Authentication - - - -
-

🔐 AWS SSO Authentication

-

Follow the steps below to complete authentication

- -
-
- 1 - Click the button below to open the authorization page -
- - 🚀 Open Authorization Page - -
- -
-
- 2 - Enter the verification code below -
-
-
Verification Code
-
{{.UserCode}}
-
-
- -
-
- 3 - Complete AWS SSO login -
-

- Use your AWS SSO account to login and authorize -

-
- -
- -
{{.ExpiresIn}}s
-
- Waiting for authorization... -
-
- -
- 💡 Tip: The authorization page will open in a new tab. This page will automatically update once authorization is complete. -
-
- - - -` - - oauthWebErrorPageHTML = ` - - - - - Authentication Failed - - - -
-

❌ Authentication Failed

-
-

Error:

-

{{.Error}}

-
- 🔄 Retry -
- -` - - oauthWebSuccessPageHTML = ` - - - - - Authentication Successful - - - -
-
-

Authentication Successful!

-
-

You can close this window.

-
-
Token expires: {{.ExpiresAt}}
-
- -` - - oauthWebSelectPageHTML = ` - - - - - Select Authentication Method - - - -
-

🔐 Select Authentication Method

-

Choose how you want to authenticate with Kiro

- -
- - 🔶 - AWS Builder ID (Recommended) - - - - -
or
- - - - - -
-
- -
-
- - -
- - -
Your AWS Identity Center Start URL
-
- -
- - -
AWS Region for your Identity Center
-
- - -
-
- -
-
-
- - -
Copy from Kiro IDE: ~/.kiro/kiro-auth-token.json → refreshToken field
-
- - - -
-
-
- -
- ⚠️ Note: Google and GitHub login are not available for third-party applications due to AWS Cognito restrictions. Please use AWS Builder ID or import your token from Kiro IDE. -
- -
- 💡 How to get RefreshToken:
- 1. Open Kiro IDE and login with Google/GitHub
- 2. Find the token file: ~/.kiro/kiro-auth-token.json
- 3. Copy the refreshToken value and paste it above -
-
- - - -` -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/protocol_handler.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/protocol_handler.go deleted file mode 100644 index 2acd75c3f0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/protocol_handler.go +++ /dev/null @@ -1,725 +0,0 @@ -// Package kiro provides custom protocol handler registration for Kiro OAuth. -// This enables the CLI to intercept kiro:// URIs for social authentication (Google/GitHub). -package kiro - -import ( - "context" - "fmt" - "html" - "net" - "net/http" - "net/url" - "os" - "os/exec" - "path/filepath" - "runtime" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -const ( - // KiroProtocol is the custom URI scheme used by Kiro - KiroProtocol = "kiro" - - // KiroAuthority is the URI authority for authentication callbacks - KiroAuthority = "kiro.kiroAgent" - - // KiroAuthPath is the path for successful authentication - KiroAuthPath = "/authenticate-success" - - // KiroRedirectURI is the full redirect URI for social auth - KiroRedirectURI = "kiro://kiro.kiroAgent/authenticate-success" - - // DefaultHandlerPort is the default port for the local callback server - DefaultHandlerPort = 19876 - - // HandlerTimeout is how long to wait for the OAuth callback - HandlerTimeout = 10 * time.Minute -) - -// ProtocolHandler manages the custom kiro:// protocol handler for OAuth callbacks. -type ProtocolHandler struct { - port int - server *http.Server - listener net.Listener - resultChan chan *AuthCallback - stopChan chan struct{} - mu sync.Mutex - running bool -} - -// AuthCallback contains the OAuth callback parameters. -type AuthCallback struct { - Code string - State string - Error string -} - -// NewProtocolHandler creates a new protocol handler. -func NewProtocolHandler() *ProtocolHandler { - return &ProtocolHandler{ - port: DefaultHandlerPort, - resultChan: make(chan *AuthCallback, 1), - stopChan: make(chan struct{}), - } -} - -// Start starts the local callback server that receives redirects from the protocol handler. -func (h *ProtocolHandler) Start(ctx context.Context) (int, error) { - h.mu.Lock() - defer h.mu.Unlock() - - if h.running { - return h.port, nil - } - - // Drain any stale results from previous runs - select { - case <-h.resultChan: - default: - } - - // Reset stopChan for reuse - close old channel first to unblock any waiting goroutines - if h.stopChan != nil { - select { - case <-h.stopChan: - // Already closed - default: - close(h.stopChan) - } - } - h.stopChan = make(chan struct{}) - - // Try ports in known range (must match handler script port range) - var listener net.Listener - var err error - portRange := []int{DefaultHandlerPort, DefaultHandlerPort + 1, DefaultHandlerPort + 2, DefaultHandlerPort + 3, DefaultHandlerPort + 4} - - for _, port := range portRange { - listener, err = net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)) - if err == nil { - break - } - log.Debugf("kiro protocol handler: port %d busy, trying next", port) - } - - if listener == nil { - return 0, fmt.Errorf("failed to start callback server: all ports %d-%d are busy", DefaultHandlerPort, DefaultHandlerPort+4) - } - - h.listener = listener - h.port = listener.Addr().(*net.TCPAddr).Port - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", h.handleCallback) - - h.server = &http.Server{ - Handler: mux, - ReadHeaderTimeout: 10 * time.Second, - } - - go func() { - if err := h.server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("kiro protocol handler server error: %v", err) - } - }() - - h.running = true - log.Debugf("kiro protocol handler started on port %d", h.port) - - // Auto-shutdown after context done, timeout, or explicit stop - // Capture references to prevent race with new Start() calls - currentStopChan := h.stopChan - currentServer := h.server - currentListener := h.listener - go func() { - select { - case <-ctx.Done(): - case <-time.After(HandlerTimeout): - case <-currentStopChan: - return // Already stopped, exit goroutine - } - // Only stop if this is still the current server/listener instance - h.mu.Lock() - if h.server == currentServer && h.listener == currentListener { - h.mu.Unlock() - h.Stop() - } else { - h.mu.Unlock() - } - }() - - return h.port, nil -} - -// Stop stops the callback server. -func (h *ProtocolHandler) Stop() { - h.mu.Lock() - defer h.mu.Unlock() - - if !h.running { - return - } - - // Signal the auto-shutdown goroutine to exit. - // This select pattern is safe because stopChan is only modified while holding h.mu, - // and we hold the lock here. The select prevents panic from double-close. - select { - case <-h.stopChan: - // Already closed - default: - close(h.stopChan) - } - - if h.server != nil { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel() - _ = h.server.Shutdown(ctx) - } - - h.running = false - log.Debug("kiro protocol handler stopped") -} - -// WaitForCallback waits for the OAuth callback and returns the result. -func (h *ProtocolHandler) WaitForCallback(ctx context.Context) (*AuthCallback, error) { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(HandlerTimeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - case result := <-h.resultChan: - return result, nil - } -} - -// GetPort returns the port the handler is listening on. -func (h *ProtocolHandler) GetPort() int { - return h.port -} - -// handleCallback processes the OAuth callback from the protocol handler script. -func (h *ProtocolHandler) handleCallback(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - result := &AuthCallback{ - Code: code, - State: state, - Error: errParam, - } - - // Send result - select { - case h.resultChan <- result: - default: - // Channel full, ignore duplicate callbacks - } - - // Send success response - w.Header().Set("Content-Type", "text/html; charset=utf-8") - if errParam != "" { - w.WriteHeader(http.StatusBadRequest) - _, _ = fmt.Fprintf(w, ` - -Login Failed - -

Login Failed

-

Error: %s

-

You can close this window.

- -`, html.EscapeString(errParam)) - } else { - _, _ = fmt.Fprint(w, ` - -Login Successful - -

Login Successful!

-

You can close this window and return to the terminal.

- - -`) - } -} - -// IsProtocolHandlerInstalled checks if the kiro:// protocol handler is installed. -func IsProtocolHandlerInstalled() bool { - switch runtime.GOOS { - case "linux": - return isLinuxHandlerInstalled() - case "windows": - return isWindowsHandlerInstalled() - case "darwin": - return isDarwinHandlerInstalled() - default: - return false - } -} - -// InstallProtocolHandler installs the kiro:// protocol handler for the current platform. -func InstallProtocolHandler(handlerPort int) error { - switch runtime.GOOS { - case "linux": - return installLinuxHandler(handlerPort) - case "windows": - return installWindowsHandler(handlerPort) - case "darwin": - return installDarwinHandler(handlerPort) - default: - return fmt.Errorf("unsupported platform: %s", runtime.GOOS) - } -} - -// UninstallProtocolHandler removes the kiro:// protocol handler. -func UninstallProtocolHandler() error { - switch runtime.GOOS { - case "linux": - return uninstallLinuxHandler() - case "windows": - return uninstallWindowsHandler() - case "darwin": - return uninstallDarwinHandler() - default: - return fmt.Errorf("unsupported platform: %s", runtime.GOOS) - } -} - -// --- Linux Implementation --- - -func getLinuxDesktopPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, ".local", "share", "applications", "kiro-oauth-handler.desktop") -} - -func getLinuxHandlerScriptPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, ".local", "bin", "kiro-oauth-handler") -} - -func isLinuxHandlerInstalled() bool { - desktopPath := getLinuxDesktopPath() - _, err := os.Stat(desktopPath) - return err == nil -} - -func installLinuxHandler(handlerPort int) error { - // Create directories - homeDir, err := os.UserHomeDir() - if err != nil { - return err - } - - binDir := filepath.Join(homeDir, ".local", "bin") - appDir := filepath.Join(homeDir, ".local", "share", "applications") - - if err := os.MkdirAll(binDir, 0755); err != nil { - return fmt.Errorf("failed to create bin directory: %w", err) - } - if err := os.MkdirAll(appDir, 0755); err != nil { - return fmt.Errorf("failed to create applications directory: %w", err) - } - - // Create handler script - tries multiple ports to handle dynamic port allocation - scriptPath := getLinuxHandlerScriptPath() - scriptContent := fmt.Sprintf(`#!/bin/bash -# Kiro OAuth Protocol Handler -# Handles kiro:// URIs - tries CLI first, then forwards to Kiro IDE - -URL="$1" - -# Check curl availability -if ! command -v curl &> /dev/null; then - echo "Error: curl is required for Kiro OAuth handler" >&2 - exit 1 -fi - -# Extract code and state from URL -[[ "$URL" =~ code=([^&]+) ]] && CODE="${BASH_REMATCH[1]}" -[[ "$URL" =~ state=([^&]+) ]] && STATE="${BASH_REMATCH[1]}" -[[ "$URL" =~ error=([^&]+) ]] && ERROR="${BASH_REMATCH[1]}" - -# Try CLI proxy on multiple possible ports (default + dynamic range) -CLI_OK=0 -for PORT in %d %d %d %d %d; do - if [ -n "$ERROR" ]; then - curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?error=$ERROR" && CLI_OK=1 && break - elif [ -n "$CODE" ] && [ -n "$STATE" ]; then - curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?code=$CODE&state=$STATE" && CLI_OK=1 && break - fi -done - -# If CLI not available, forward to Kiro IDE -if [ $CLI_OK -eq 0 ] && [ -x "/usr/share/kiro/kiro" ]; then - /usr/share/kiro/kiro --open-url "$URL" & -fi -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(scriptPath, []byte(scriptContent), 0755); err != nil { - return fmt.Errorf("failed to write handler script: %w", err) - } - - // Create .desktop file - desktopPath := getLinuxDesktopPath() - desktopContent := fmt.Sprintf(`[Desktop Entry] -Name=Kiro OAuth Handler -Comment=Handle kiro:// protocol for CLI Proxy API authentication -Exec=%s %%u -Type=Application -Terminal=false -NoDisplay=true -MimeType=x-scheme-handler/kiro; -Categories=Utility; -`, scriptPath) - - if err := os.WriteFile(desktopPath, []byte(desktopContent), 0644); err != nil { - return fmt.Errorf("failed to write desktop file: %w", err) - } - - // Register handler with xdg-mime - cmd := exec.Command("xdg-mime", "default", "kiro-oauth-handler.desktop", "x-scheme-handler/kiro") - if err := cmd.Run(); err != nil { - log.Warnf("xdg-mime registration failed (may need manual setup): %v", err) - } - - // Update desktop database - cmd = exec.Command("update-desktop-database", appDir) - _ = cmd.Run() // Ignore errors, not critical - - log.Info("Kiro protocol handler installed for Linux") - return nil -} - -func uninstallLinuxHandler() error { - desktopPath := getLinuxDesktopPath() - scriptPath := getLinuxHandlerScriptPath() - - if err := os.Remove(desktopPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove desktop file: %w", err) - } - if err := os.Remove(scriptPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove handler script: %w", err) - } - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// --- Windows Implementation --- - -func isWindowsHandlerInstalled() bool { - // Check registry key existence - cmd := exec.Command("reg", "query", `HKCU\Software\Classes\kiro`, "/ve") - return cmd.Run() == nil -} - -func installWindowsHandler(handlerPort int) error { - homeDir, err := os.UserHomeDir() - if err != nil { - return err - } - - // Create handler script (PowerShell) - scriptDir := filepath.Join(homeDir, ".cliproxyapi") - if err := os.MkdirAll(scriptDir, 0755); err != nil { - return fmt.Errorf("failed to create script directory: %w", err) - } - - scriptPath := filepath.Join(scriptDir, "kiro-oauth-handler.ps1") - scriptContent := fmt.Sprintf(`# Kiro OAuth Protocol Handler for Windows -param([string]$url) - -# Load required assembly for HttpUtility -Add-Type -AssemblyName System.Web - -# Parse URL parameters -$uri = [System.Uri]$url -$query = [System.Web.HttpUtility]::ParseQueryString($uri.Query) -$code = $query["code"] -$state = $query["state"] -$errorParam = $query["error"] - -# Try multiple ports (default + dynamic range) -$ports = @(%d, %d, %d, %d, %d) -$success = $false - -foreach ($port in $ports) { - if ($success) { break } - $callbackUrl = "http://127.0.0.1:$port/oauth/callback" - try { - if ($errorParam) { - $fullUrl = $callbackUrl + "?error=" + $errorParam - Invoke-WebRequest -Uri $fullUrl -UseBasicParsing -TimeoutSec 1 -ErrorAction Stop | Out-Null - $success = $true - } elseif ($code -and $state) { - $fullUrl = $callbackUrl + "?code=" + $code + "&state=" + $state - Invoke-WebRequest -Uri $fullUrl -UseBasicParsing -TimeoutSec 1 -ErrorAction Stop | Out-Null - $success = $true - } - } catch { - # Try next port - } -} -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(scriptPath, []byte(scriptContent), 0644); err != nil { - return fmt.Errorf("failed to write handler script: %w", err) - } - - // Create batch wrapper - batchPath := filepath.Join(scriptDir, "kiro-oauth-handler.bat") - batchContent := fmt.Sprintf("@echo off\npowershell -ExecutionPolicy Bypass -File \"%s\" %%1\n", scriptPath) - - if err := os.WriteFile(batchPath, []byte(batchContent), 0644); err != nil { - return fmt.Errorf("failed to write batch wrapper: %w", err) - } - - // Register in Windows registry - commands := [][]string{ - {"reg", "add", `HKCU\Software\Classes\kiro`, "/ve", "/d", "URL:Kiro Protocol", "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro`, "/v", "URL Protocol", "/d", "", "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell`, "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell\open`, "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell\open\command`, "/ve", "/d", fmt.Sprintf("\"%s\" \"%%1\"", batchPath), "/f"}, - } - - for _, args := range commands { - cmd := exec.Command(args[0], args[1:]...) - if err := cmd.Run(); err != nil { - return fmt.Errorf("failed to run registry command: %w", err) - } - } - - log.Info("Kiro protocol handler installed for Windows") - return nil -} - -func uninstallWindowsHandler() error { - // Remove registry keys - cmd := exec.Command("reg", "delete", `HKCU\Software\Classes\kiro`, "/f") - if err := cmd.Run(); err != nil { - log.Warnf("failed to remove registry key: %v", err) - } - - // Remove scripts - homeDir, _ := os.UserHomeDir() - scriptDir := filepath.Join(homeDir, ".cliproxyapi") - _ = os.Remove(filepath.Join(scriptDir, "kiro-oauth-handler.ps1")) - _ = os.Remove(filepath.Join(scriptDir, "kiro-oauth-handler.bat")) - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// --- macOS Implementation --- - -func getDarwinAppPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, "Applications", "KiroOAuthHandler.app") -} - -func isDarwinHandlerInstalled() bool { - appPath := getDarwinAppPath() - _, err := os.Stat(appPath) - return err == nil -} - -func installDarwinHandler(handlerPort int) error { - // Create app bundle structure - appPath := getDarwinAppPath() - contentsPath := filepath.Join(appPath, "Contents") - macOSPath := filepath.Join(contentsPath, "MacOS") - - if err := os.MkdirAll(macOSPath, 0755); err != nil { - return fmt.Errorf("failed to create app bundle: %w", err) - } - - // Create Info.plist - plistPath := filepath.Join(contentsPath, "Info.plist") - plistContent := ` - - - - CFBundleIdentifier - com.cliproxyapi.kiro-oauth-handler - CFBundleName - KiroOAuthHandler - CFBundleExecutable - kiro-oauth-handler - CFBundleVersion - 1.0 - CFBundleURLTypes - - - CFBundleURLName - Kiro Protocol - CFBundleURLSchemes - - kiro - - - - LSBackgroundOnly - - -` - - if err := os.WriteFile(plistPath, []byte(plistContent), 0644); err != nil { - return fmt.Errorf("failed to write Info.plist: %w", err) - } - - // Create executable script - tries multiple ports to handle dynamic port allocation - execPath := filepath.Join(macOSPath, "kiro-oauth-handler") - execContent := fmt.Sprintf(`#!/bin/bash -# Kiro OAuth Protocol Handler for macOS - -URL="$1" - -# Check curl availability (should always exist on macOS) -if [ ! -x /usr/bin/curl ]; then - echo "Error: curl is required for Kiro OAuth handler" >&2 - exit 1 -fi - -# Extract code and state from URL -[[ "$URL" =~ code=([^&]+) ]] && CODE="${BASH_REMATCH[1]}" -[[ "$URL" =~ state=([^&]+) ]] && STATE="${BASH_REMATCH[1]}" -[[ "$URL" =~ error=([^&]+) ]] && ERROR="${BASH_REMATCH[1]}" - -# Try multiple ports (default + dynamic range) -for PORT in %d %d %d %d %d; do - if [ -n "$ERROR" ]; then - /usr/bin/curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?error=$ERROR" && exit 0 - elif [ -n "$CODE" ] && [ -n "$STATE" ]; then - /usr/bin/curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?code=$CODE&state=$STATE" && exit 0 - fi -done -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(execPath, []byte(execContent), 0755); err != nil { - return fmt.Errorf("failed to write executable: %w", err) - } - - // Register the app with Launch Services - cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", - "-f", appPath) - if err := cmd.Run(); err != nil { - log.Warnf("lsregister failed (handler may still work): %v", err) - } - - log.Info("Kiro protocol handler installed for macOS") - return nil -} - -func uninstallDarwinHandler() error { - appPath := getDarwinAppPath() - - // Unregister from Launch Services - cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", - "-u", appPath) - _ = cmd.Run() - - // Remove app bundle - if err := os.RemoveAll(appPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove app bundle: %w", err) - } - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// ParseKiroURI parses a kiro:// URI and extracts the callback parameters. -func ParseKiroURI(rawURI string) (*AuthCallback, error) { - u, err := url.Parse(rawURI) - if err != nil { - return nil, fmt.Errorf("invalid URI: %w", err) - } - - if u.Scheme != KiroProtocol { - return nil, fmt.Errorf("invalid scheme: expected %s, got %s", KiroProtocol, u.Scheme) - } - - if u.Host != KiroAuthority { - return nil, fmt.Errorf("invalid authority: expected %s, got %s", KiroAuthority, u.Host) - } - - query := u.Query() - return &AuthCallback{ - Code: query.Get("code"), - State: query.Get("state"), - Error: query.Get("error"), - }, nil -} - -// GetHandlerInstructions returns platform-specific instructions for manual handler setup. -func GetHandlerInstructions() string { - switch runtime.GOOS { - case "linux": - return `To manually set up the Kiro protocol handler on Linux: - -1. Create ~/.local/share/applications/kiro-oauth-handler.desktop: - [Desktop Entry] - Name=Kiro OAuth Handler - Exec=~/.local/bin/kiro-oauth-handler %u - Type=Application - Terminal=false - MimeType=x-scheme-handler/kiro; - -2. Create ~/.local/bin/kiro-oauth-handler (make it executable): - #!/bin/bash - URL="$1" - # ... (see generated script for full content) - -3. Run: xdg-mime default kiro-oauth-handler.desktop x-scheme-handler/kiro` - - case "windows": - return `To manually set up the Kiro protocol handler on Windows: - -1. Open Registry Editor (regedit.exe) -2. Create key: HKEY_CURRENT_USER\Software\Classes\kiro -3. Set default value to: URL:Kiro Protocol -4. Create string value "URL Protocol" with empty data -5. Create subkey: shell\open\command -6. Set default value to: "C:\path\to\handler.bat" "%1"` - - case "darwin": - return `To manually set up the Kiro protocol handler on macOS: - -1. Create ~/Applications/KiroOAuthHandler.app bundle -2. Add Info.plist with CFBundleURLTypes containing "kiro" scheme -3. Create executable in Contents/MacOS/ -4. Run: /System/Library/.../lsregister -f ~/Applications/KiroOAuthHandler.app` - - default: - return "Protocol handler setup is not supported on this platform." - } -} - -// SetupProtocolHandlerIfNeeded checks and installs the protocol handler if needed. -func SetupProtocolHandlerIfNeeded(handlerPort int) error { - if IsProtocolHandlerInstalled() { - log.Debug("Kiro protocol handler already installed") - return nil - } - - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Protocol Handler Setup Required ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - fmt.Println("\nTo enable Google/GitHub login, we need to install a protocol handler.") - fmt.Println("This allows your browser to redirect back to the CLI after authentication.") - fmt.Println("\nInstalling protocol handler...") - - if err := InstallProtocolHandler(handlerPort); err != nil { - fmt.Printf("\n⚠ Automatic installation failed: %v\n", err) - fmt.Println("\nManual setup instructions:") - fmt.Println(strings.Repeat("-", 60)) - fmt.Println(GetHandlerInstructions()) - return err - } - - fmt.Println("\n✓ Protocol handler installed successfully!") - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter.go deleted file mode 100644 index b2233dcf99..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter.go +++ /dev/null @@ -1,309 +0,0 @@ -package kiro - -import ( - "math" - "math/rand" - "strings" - "sync" - "time" -) - -const ( - DefaultMinTokenInterval = 1 * time.Second - DefaultMaxTokenInterval = 2 * time.Second - DefaultDailyMaxRequests = 500 - DefaultJitterPercent = 0.3 - DefaultBackoffBase = 30 * time.Second - DefaultBackoffMax = 5 * time.Minute - DefaultBackoffMultiplier = 1.5 - DefaultSuspendCooldown = 1 * time.Hour -) - -// TokenState Token 状态 -type TokenState struct { - LastRequest time.Time - RequestCount int - CooldownEnd time.Time - FailCount int - DailyRequests int - DailyResetTime time.Time - IsSuspended bool - SuspendedAt time.Time - SuspendReason string -} - -// RateLimiter 频率限制器 -type RateLimiter struct { - mu sync.RWMutex - states map[string]*TokenState - minTokenInterval time.Duration - maxTokenInterval time.Duration - dailyMaxRequests int - jitterPercent float64 - backoffBase time.Duration - backoffMax time.Duration - backoffMultiplier float64 - suspendCooldown time.Duration - rng *rand.Rand -} - -// NewRateLimiter 创建默认配置的频率限制器 -func NewRateLimiter() *RateLimiter { - return &RateLimiter{ - states: make(map[string]*TokenState), - minTokenInterval: DefaultMinTokenInterval, - maxTokenInterval: DefaultMaxTokenInterval, - dailyMaxRequests: DefaultDailyMaxRequests, - jitterPercent: DefaultJitterPercent, - backoffBase: DefaultBackoffBase, - backoffMax: DefaultBackoffMax, - backoffMultiplier: DefaultBackoffMultiplier, - suspendCooldown: DefaultSuspendCooldown, - rng: rand.New(rand.NewSource(time.Now().UnixNano())), - } -} - -// RateLimiterConfig 频率限制器配置 -type RateLimiterConfig struct { - MinTokenInterval time.Duration - MaxTokenInterval time.Duration - DailyMaxRequests int - JitterPercent float64 - BackoffBase time.Duration - BackoffMax time.Duration - BackoffMultiplier float64 - SuspendCooldown time.Duration -} - -// NewRateLimiterWithConfig 使用自定义配置创建频率限制器 -func NewRateLimiterWithConfig(cfg RateLimiterConfig) *RateLimiter { - rl := NewRateLimiter() - if cfg.MinTokenInterval > 0 { - rl.minTokenInterval = cfg.MinTokenInterval - } - if cfg.MaxTokenInterval > 0 { - rl.maxTokenInterval = cfg.MaxTokenInterval - } - if cfg.DailyMaxRequests > 0 { - rl.dailyMaxRequests = cfg.DailyMaxRequests - } - if cfg.JitterPercent > 0 { - rl.jitterPercent = cfg.JitterPercent - } - if cfg.BackoffBase > 0 { - rl.backoffBase = cfg.BackoffBase - } - if cfg.BackoffMax > 0 { - rl.backoffMax = cfg.BackoffMax - } - if cfg.BackoffMultiplier > 0 { - rl.backoffMultiplier = cfg.BackoffMultiplier - } - if cfg.SuspendCooldown > 0 { - rl.suspendCooldown = cfg.SuspendCooldown - } - return rl -} - -// getOrCreateState 获取或创建 Token 状态 -func (rl *RateLimiter) getOrCreateState(tokenKey string) *TokenState { - state, exists := rl.states[tokenKey] - if !exists { - state = &TokenState{ - DailyResetTime: time.Now().Truncate(24 * time.Hour).Add(24 * time.Hour), - } - rl.states[tokenKey] = state - } - return state -} - -// resetDailyIfNeeded 如果需要则重置每日计数 -func (rl *RateLimiter) resetDailyIfNeeded(state *TokenState) { - now := time.Now() - if now.After(state.DailyResetTime) { - state.DailyRequests = 0 - state.DailyResetTime = now.Truncate(24 * time.Hour).Add(24 * time.Hour) - } -} - -// calculateInterval 计算带抖动的随机间隔 -func (rl *RateLimiter) calculateInterval() time.Duration { - baseInterval := rl.minTokenInterval + time.Duration(rl.rng.Int63n(int64(rl.maxTokenInterval-rl.minTokenInterval))) - jitter := time.Duration(float64(baseInterval) * rl.jitterPercent * (rl.rng.Float64()*2 - 1)) - return baseInterval + jitter -} - -// WaitForToken 等待 Token 可用(带抖动的随机间隔) -func (rl *RateLimiter) WaitForToken(tokenKey string) { - rl.mu.Lock() - state := rl.getOrCreateState(tokenKey) - rl.resetDailyIfNeeded(state) - - now := time.Now() - - // 检查是否在冷却期 - if now.Before(state.CooldownEnd) { - waitTime := state.CooldownEnd.Sub(now) - rl.mu.Unlock() - time.Sleep(waitTime) - rl.mu.Lock() - state = rl.getOrCreateState(tokenKey) - now = time.Now() - } - - // 计算距离上次请求的间隔 - interval := rl.calculateInterval() - nextAllowedTime := state.LastRequest.Add(interval) - - if now.Before(nextAllowedTime) { - waitTime := nextAllowedTime.Sub(now) - rl.mu.Unlock() - time.Sleep(waitTime) - rl.mu.Lock() - state = rl.getOrCreateState(tokenKey) - } - - state.LastRequest = time.Now() - state.RequestCount++ - state.DailyRequests++ - rl.mu.Unlock() -} - -// MarkTokenFailed 标记 Token 失败 -func (rl *RateLimiter) MarkTokenFailed(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.FailCount++ - state.CooldownEnd = time.Now().Add(rl.calculateBackoff(state.FailCount)) -} - -// MarkTokenSuccess 标记 Token 成功 -func (rl *RateLimiter) MarkTokenSuccess(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.FailCount = 0 - state.CooldownEnd = time.Time{} -} - -// CheckAndMarkSuspended 检测暂停错误并标记 -func (rl *RateLimiter) CheckAndMarkSuspended(tokenKey string, errorMsg string) bool { - suspendKeywords := []string{ - "suspended", - "banned", - "disabled", - "account has been", - "access denied", - "rate limit exceeded", - "too many requests", - "quota exceeded", - } - - lowerMsg := strings.ToLower(errorMsg) - for _, keyword := range suspendKeywords { - if strings.Contains(lowerMsg, keyword) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.IsSuspended = true - state.SuspendedAt = time.Now() - state.SuspendReason = errorMsg - state.CooldownEnd = time.Now().Add(rl.suspendCooldown) - return true - } - } - return false -} - -// IsTokenAvailable 检查 Token 是否可用 -func (rl *RateLimiter) IsTokenAvailable(tokenKey string) bool { - rl.mu.RLock() - defer rl.mu.RUnlock() - - state, exists := rl.states[tokenKey] - if !exists { - return true - } - - now := time.Now() - - // 检查是否被暂停 - if state.IsSuspended { - return now.After(state.SuspendedAt.Add(rl.suspendCooldown)) - } - - // 检查是否在冷却期 - if now.Before(state.CooldownEnd) { - return false - } - - // 检查每日请求限制 - rl.mu.RUnlock() - rl.mu.Lock() - rl.resetDailyIfNeeded(state) - dailyRequests := state.DailyRequests - dailyMax := rl.dailyMaxRequests - rl.mu.Unlock() - rl.mu.RLock() - - return dailyRequests < dailyMax -} - -// calculateBackoff 计算指数退避时间 -func (rl *RateLimiter) calculateBackoff(failCount int) time.Duration { - if failCount <= 0 { - return 0 - } - - backoff := float64(rl.backoffBase) * math.Pow(rl.backoffMultiplier, float64(failCount-1)) - - // 添加抖动 - jitter := backoff * rl.jitterPercent * (rl.rng.Float64()*2 - 1) - backoff += jitter - - if time.Duration(backoff) > rl.backoffMax { - return rl.backoffMax - } - return time.Duration(backoff) -} - -// GetTokenState 获取 Token 状态(只读) -func (rl *RateLimiter) GetTokenState(tokenKey string) *TokenState { - rl.mu.RLock() - defer rl.mu.RUnlock() - - state, exists := rl.states[tokenKey] - if !exists { - return nil - } - - // 返回副本以防止外部修改 - stateCopy := *state - return &stateCopy -} - -// ClearTokenState 清除 Token 状态 -func (rl *RateLimiter) ClearTokenState(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - delete(rl.states, tokenKey) -} - -// ResetSuspension 重置暂停状态 -func (rl *RateLimiter) ResetSuspension(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state, exists := rl.states[tokenKey] - if exists { - state.IsSuspended = false - state.SuspendedAt = time.Time{} - state.SuspendReason = "" - state.CooldownEnd = time.Time{} - state.FailCount = 0 - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter_singleton.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter_singleton.go deleted file mode 100644 index 4c02af89c6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter_singleton.go +++ /dev/null @@ -1,46 +0,0 @@ -package kiro - -import ( - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -var ( - globalRateLimiter *RateLimiter - globalRateLimiterOnce sync.Once - - globalCooldownManager *CooldownManager - globalCooldownManagerOnce sync.Once - cooldownStopCh chan struct{} -) - -// GetGlobalRateLimiter returns the singleton RateLimiter instance. -func GetGlobalRateLimiter() *RateLimiter { - globalRateLimiterOnce.Do(func() { - globalRateLimiter = NewRateLimiter() - log.Info("kiro: global RateLimiter initialized") - }) - return globalRateLimiter -} - -// GetGlobalCooldownManager returns the singleton CooldownManager instance. -func GetGlobalCooldownManager() *CooldownManager { - globalCooldownManagerOnce.Do(func() { - globalCooldownManager = NewCooldownManager() - cooldownStopCh = make(chan struct{}) - go globalCooldownManager.StartCleanupRoutine(5*time.Minute, cooldownStopCh) - log.Info("kiro: global CooldownManager initialized with cleanup routine") - }) - return globalCooldownManager -} - -// ShutdownRateLimiters stops the cooldown cleanup routine. -// Should be called during application shutdown. -func ShutdownRateLimiters() { - if cooldownStopCh != nil { - close(cooldownStopCh) - log.Info("kiro: rate limiter cleanup routine stopped") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter_test.go deleted file mode 100644 index 636413dd3e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/rate_limiter_test.go +++ /dev/null @@ -1,304 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewRateLimiter(t *testing.T) { - rl := NewRateLimiter() - if rl == nil { - t.Fatal("expected non-nil RateLimiter") - } - if rl.states == nil { - t.Error("expected non-nil states map") - } - if rl.minTokenInterval != DefaultMinTokenInterval { - t.Errorf("expected minTokenInterval %v, got %v", DefaultMinTokenInterval, rl.minTokenInterval) - } - if rl.maxTokenInterval != DefaultMaxTokenInterval { - t.Errorf("expected maxTokenInterval %v, got %v", DefaultMaxTokenInterval, rl.maxTokenInterval) - } - if rl.dailyMaxRequests != DefaultDailyMaxRequests { - t.Errorf("expected dailyMaxRequests %d, got %d", DefaultDailyMaxRequests, rl.dailyMaxRequests) - } -} - -func TestNewRateLimiterWithConfig(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 5 * time.Second, - MaxTokenInterval: 15 * time.Second, - DailyMaxRequests: 100, - JitterPercent: 0.2, - BackoffBase: 1 * time.Minute, - BackoffMax: 30 * time.Minute, - BackoffMultiplier: 1.5, - SuspendCooldown: 12 * time.Hour, - } - - rl := NewRateLimiterWithConfig(cfg) - if rl.minTokenInterval != 5*time.Second { - t.Errorf("expected minTokenInterval 5s, got %v", rl.minTokenInterval) - } - if rl.maxTokenInterval != 15*time.Second { - t.Errorf("expected maxTokenInterval 15s, got %v", rl.maxTokenInterval) - } - if rl.dailyMaxRequests != 100 { - t.Errorf("expected dailyMaxRequests 100, got %d", rl.dailyMaxRequests) - } -} - -func TestNewRateLimiterWithConfig_PartialConfig(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 5 * time.Second, - } - - rl := NewRateLimiterWithConfig(cfg) - if rl.minTokenInterval != 5*time.Second { - t.Errorf("expected minTokenInterval 5s, got %v", rl.minTokenInterval) - } - if rl.maxTokenInterval != DefaultMaxTokenInterval { - t.Errorf("expected default maxTokenInterval, got %v", rl.maxTokenInterval) - } -} - -func TestGetTokenState_NonExistent(t *testing.T) { - rl := NewRateLimiter() - state := rl.GetTokenState("nonexistent") - if state != nil { - t.Error("expected nil state for non-existent token") - } -} - -func TestIsTokenAvailable_NewToken(t *testing.T) { - rl := NewRateLimiter() - if !rl.IsTokenAvailable("newtoken") { - t.Error("expected new token to be available") - } -} - -func TestMarkTokenFailed(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - - state := rl.GetTokenState("token1") - if state == nil { - t.Fatal("expected non-nil state") - } - if state.FailCount != 1 { - t.Errorf("expected FailCount 1, got %d", state.FailCount) - } - if state.CooldownEnd.IsZero() { - t.Error("expected non-zero CooldownEnd") - } -} - -func TestMarkTokenSuccess(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - rl.MarkTokenFailed("token1") - rl.MarkTokenSuccess("token1") - - state := rl.GetTokenState("token1") - if state == nil { - t.Fatal("expected non-nil state") - } - if state.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", state.FailCount) - } - if !state.CooldownEnd.IsZero() { - t.Error("expected zero CooldownEnd after success") - } -} - -func TestCheckAndMarkSuspended_Suspended(t *testing.T) { - rl := NewRateLimiter() - - testCases := []string{ - "Account has been suspended", - "You are banned from this service", - "Account disabled", - "Access denied permanently", - "Rate limit exceeded", - "Too many requests", - "Quota exceeded for today", - } - - for i, msg := range testCases { - tokenKey := "token" + string(rune('a'+i)) - if !rl.CheckAndMarkSuspended(tokenKey, msg) { - t.Errorf("expected suspension detected for: %s", msg) - } - state := rl.GetTokenState(tokenKey) - if !state.IsSuspended { - t.Errorf("expected IsSuspended true for: %s", msg) - } - } -} - -func TestCheckAndMarkSuspended_NotSuspended(t *testing.T) { - rl := NewRateLimiter() - - normalErrors := []string{ - "connection timeout", - "internal server error", - "bad request", - "invalid token format", - } - - for i, msg := range normalErrors { - tokenKey := "token" + string(rune('a'+i)) - if rl.CheckAndMarkSuspended(tokenKey, msg) { - t.Errorf("unexpected suspension for: %s", msg) - } - } -} - -func TestIsTokenAvailable_Suspended(t *testing.T) { - rl := NewRateLimiter() - rl.CheckAndMarkSuspended("token1", "Account suspended") - - if rl.IsTokenAvailable("token1") { - t.Error("expected suspended token to be unavailable") - } -} - -func TestClearTokenState(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - rl.ClearTokenState("token1") - - state := rl.GetTokenState("token1") - if state != nil { - t.Error("expected nil state after clear") - } -} - -func TestResetSuspension(t *testing.T) { - rl := NewRateLimiter() - rl.CheckAndMarkSuspended("token1", "Account suspended") - rl.ResetSuspension("token1") - - state := rl.GetTokenState("token1") - if state.IsSuspended { - t.Error("expected IsSuspended false after reset") - } - if state.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", state.FailCount) - } -} - -func TestResetSuspension_NonExistent(t *testing.T) { - rl := NewRateLimiter() - rl.ResetSuspension("nonexistent") -} - -func TestCalculateBackoff_ZeroFailCount(t *testing.T) { - rl := NewRateLimiter() - backoff := rl.calculateBackoff(0) - if backoff != 0 { - t.Errorf("expected 0 backoff for 0 fails, got %v", backoff) - } -} - -func TestCalculateBackoff_Exponential(t *testing.T) { - cfg := RateLimiterConfig{ - BackoffBase: 1 * time.Minute, - BackoffMax: 60 * time.Minute, - BackoffMultiplier: 2.0, - JitterPercent: 0.3, - } - rl := NewRateLimiterWithConfig(cfg) - - backoff1 := rl.calculateBackoff(1) - if backoff1 < 40*time.Second || backoff1 > 80*time.Second { - t.Errorf("expected ~1min (with jitter) for fail 1, got %v", backoff1) - } - - backoff2 := rl.calculateBackoff(2) - if backoff2 < 80*time.Second || backoff2 > 160*time.Second { - t.Errorf("expected ~2min (with jitter) for fail 2, got %v", backoff2) - } -} - -func TestCalculateBackoff_MaxCap(t *testing.T) { - cfg := RateLimiterConfig{ - BackoffBase: 1 * time.Minute, - BackoffMax: 10 * time.Minute, - BackoffMultiplier: 2.0, - JitterPercent: 0, - } - rl := NewRateLimiterWithConfig(cfg) - - backoff := rl.calculateBackoff(10) - if backoff > 10*time.Minute { - t.Errorf("expected backoff capped at 10min, got %v", backoff) - } -} - -func TestGetTokenState_ReturnsCopy(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - - state1 := rl.GetTokenState("token1") - state1.FailCount = 999 - - state2 := rl.GetTokenState("token1") - if state2.FailCount == 999 { - t.Error("GetTokenState should return a copy") - } -} - -func TestRateLimiter_ConcurrentAccess(t *testing.T) { - rl := NewRateLimiter() - const numGoroutines = 50 - const numOperations = 50 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - rl.IsTokenAvailable(tokenKey) - case 1: - rl.MarkTokenFailed(tokenKey) - case 2: - rl.MarkTokenSuccess(tokenKey) - case 3: - rl.GetTokenState(tokenKey) - case 4: - rl.CheckAndMarkSuspended(tokenKey, "test error") - case 5: - rl.ResetSuspension(tokenKey) - } - } - }(i) - } - - wg.Wait() -} - -func TestCalculateInterval_WithinRange(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 10 * time.Second, - MaxTokenInterval: 30 * time.Second, - JitterPercent: 0.3, - } - rl := NewRateLimiterWithConfig(cfg) - - minAllowed := 7 * time.Second - maxAllowed := 40 * time.Second - - for i := 0; i < 100; i++ { - interval := rl.calculateInterval() - if interval < minAllowed || interval > maxAllowed { - t.Errorf("interval %v outside expected range [%v, %v]", interval, minAllowed, maxAllowed) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/refresh_manager.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/refresh_manager.go deleted file mode 100644 index fa7394be4e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/refresh_manager.go +++ /dev/null @@ -1,180 +0,0 @@ -package kiro - -import ( - "context" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -// RefreshManager 是后台刷新器的单例管理器 -type RefreshManager struct { - mu sync.Mutex - refresher *BackgroundRefresher - ctx context.Context - cancel context.CancelFunc - started bool - onTokenRefreshed func(tokenID string, tokenData *KiroTokenData) // 刷新成功回调 -} - -var ( - globalRefreshManager *RefreshManager - managerOnce sync.Once -) - -// GetRefreshManager 获取全局刷新管理器实例 -func GetRefreshManager() *RefreshManager { - managerOnce.Do(func() { - globalRefreshManager = &RefreshManager{} - }) - return globalRefreshManager -} - -// Initialize 初始化后台刷新器 -// baseDir: token 文件所在的目录 -// cfg: 应用配置 -func (m *RefreshManager) Initialize(baseDir string, cfg *config.Config) error { - m.mu.Lock() - defer m.mu.Unlock() - - if m.started { - log.Debug("refresh manager: already initialized") - return nil - } - - if baseDir == "" { - log.Warn("refresh manager: base directory not provided, skipping initialization") - return nil - } - - resolvedBaseDir, err := util.ResolveAuthDir(baseDir) - if err != nil { - log.Warnf("refresh manager: failed to resolve auth directory %s: %v", baseDir, err) - } - if resolvedBaseDir != "" { - baseDir = resolvedBaseDir - } - - // 创建 token 存储库 - repo := NewFileTokenRepository(baseDir) - - // 创建后台刷新器,配置参数 - opts := []RefresherOption{ - WithInterval(time.Minute), // 每分钟检查一次 - WithBatchSize(50), // 每批最多处理 50 个 token - WithConcurrency(10), // 最多 10 个并发刷新 - WithConfig(cfg), // 设置 OAuth 和 SSO 客户端 - } - - // 如果已设置回调,传递给 BackgroundRefresher - if m.onTokenRefreshed != nil { - opts = append(opts, WithOnTokenRefreshed(m.onTokenRefreshed)) - } - - m.refresher = NewBackgroundRefresher(repo, opts...) - - log.Infof("refresh manager: initialized with base directory %s", baseDir) - return nil -} - -// Start 启动后台刷新 -func (m *RefreshManager) Start() { - m.mu.Lock() - defer m.mu.Unlock() - - if m.started { - log.Debug("refresh manager: already started") - return - } - - if m.refresher == nil { - log.Warn("refresh manager: not initialized, cannot start") - return - } - - m.ctx, m.cancel = context.WithCancel(context.Background()) - m.refresher.Start(m.ctx) - m.started = true - - log.Info("refresh manager: background refresh started") -} - -// Stop 停止后台刷新 -func (m *RefreshManager) Stop() { - m.mu.Lock() - defer m.mu.Unlock() - - if !m.started { - return - } - - if m.cancel != nil { - m.cancel() - } - - if m.refresher != nil { - m.refresher.Stop() - } - - m.started = false - log.Info("refresh manager: background refresh stopped") -} - -// IsRunning 检查后台刷新是否正在运行 -func (m *RefreshManager) IsRunning() bool { - m.mu.Lock() - defer m.mu.Unlock() - return m.started -} - -// UpdateBaseDir 更新 token 目录(用于运行时配置更改) -func (m *RefreshManager) UpdateBaseDir(baseDir string) { - m.mu.Lock() - defer m.mu.Unlock() - - if m.refresher != nil && m.refresher.tokenRepo != nil { - if repo, ok := m.refresher.tokenRepo.(*FileTokenRepository); ok { - repo.SetBaseDir(baseDir) - log.Infof("refresh manager: updated base directory to %s", baseDir) - } - } -} - -// SetOnTokenRefreshed 设置 token 刷新成功后的回调函数 -// 可以在任何时候调用,支持运行时更新回调 -// callback: 回调函数,接收 tokenID(文件名)和新的 token 数据 -func (m *RefreshManager) SetOnTokenRefreshed(callback func(tokenID string, tokenData *KiroTokenData)) { - m.mu.Lock() - defer m.mu.Unlock() - - m.onTokenRefreshed = callback - - // 如果 refresher 已经创建,使用并发安全的方式更新它的回调 - if m.refresher != nil { - m.refresher.callbackMu.Lock() - m.refresher.onTokenRefreshed = callback - m.refresher.callbackMu.Unlock() - } - - log.Debug("refresh manager: token refresh callback registered") -} - -// InitializeAndStart 初始化并启动后台刷新(便捷方法) -func InitializeAndStart(baseDir string, cfg *config.Config) { - manager := GetRefreshManager() - if err := manager.Initialize(baseDir, cfg); err != nil { - log.Errorf("refresh manager: initialization failed: %v", err) - return - } - manager.Start() -} - -// StopGlobalRefreshManager 停止全局刷新管理器 -func StopGlobalRefreshManager() { - if globalRefreshManager != nil { - globalRefreshManager.Stop() - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/refresh_utils.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/refresh_utils.go deleted file mode 100644 index 5abb714cbe..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/refresh_utils.go +++ /dev/null @@ -1,159 +0,0 @@ -// Package kiro provides refresh utilities for Kiro token management. -package kiro - -import ( - "context" - "fmt" - "time" - - log "github.com/sirupsen/logrus" -) - -// RefreshResult contains the result of a token refresh attempt. -type RefreshResult struct { - TokenData *KiroTokenData - Error error - UsedFallback bool // True if we used the existing token as fallback -} - -// RefreshWithGracefulDegradation attempts to refresh a token with graceful degradation. -// If refresh fails but the existing access token is still valid, it returns the existing token. -// This matches kiro-openai-gateway's behavior for better reliability. -// -// Parameters: -// - ctx: Context for the request -// - refreshFunc: Function to perform the actual refresh -// - existingAccessToken: Current access token (for fallback) -// - expiresAt: Expiration time of the existing token -// -// Returns: -// - RefreshResult containing the new or existing token data -func RefreshWithGracefulDegradation( - ctx context.Context, - refreshFunc func(ctx context.Context) (*KiroTokenData, error), - existingAccessToken string, - expiresAt time.Time, -) RefreshResult { - // Try to refresh the token - newTokenData, err := refreshFunc(ctx) - if err == nil { - return RefreshResult{ - TokenData: newTokenData, - Error: nil, - UsedFallback: false, - } - } - - // Refresh failed - check if we can use the existing token - log.Warnf("kiro: token refresh failed: %v", err) - - // Check if existing token is still valid (not expired) - if existingAccessToken != "" && time.Now().Before(expiresAt) { - remainingTime := time.Until(expiresAt) - log.Warnf("kiro: using existing access token (expires in %v). Will retry refresh later.", remainingTime.Round(time.Second)) - - return RefreshResult{ - TokenData: &KiroTokenData{ - AccessToken: existingAccessToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - }, - Error: nil, - UsedFallback: true, - } - } - - // Token is expired and refresh failed - return the error - return RefreshResult{ - TokenData: nil, - Error: fmt.Errorf("token refresh failed and existing token is expired: %w", err), - UsedFallback: false, - } -} - -// IsTokenExpiringSoon checks if a token is expiring within the given threshold. -// Default threshold is 5 minutes if not specified. -func IsTokenExpiringSoon(expiresAt time.Time, threshold time.Duration) bool { - if threshold == 0 { - threshold = 5 * time.Minute - } - return time.Now().Add(threshold).After(expiresAt) -} - -// IsTokenExpired checks if a token has already expired. -func IsTokenExpired(expiresAt time.Time) bool { - return time.Now().After(expiresAt) -} - -// ParseExpiresAt parses an expiration time string in RFC3339 format. -// Returns zero time if parsing fails. -func ParseExpiresAt(expiresAtStr string) time.Time { - if expiresAtStr == "" { - return time.Time{} - } - t, err := time.Parse(time.RFC3339, expiresAtStr) - if err != nil { - log.Debugf("kiro: failed to parse expiresAt '%s': %v", expiresAtStr, err) - return time.Time{} - } - return t -} - -// RefreshConfig contains configuration for token refresh behavior. -type RefreshConfig struct { - // MaxRetries is the maximum number of refresh attempts (default: 1) - MaxRetries int - // RetryDelay is the delay between retry attempts (default: 1 second) - RetryDelay time.Duration - // RefreshThreshold is how early to refresh before expiration (default: 5 minutes) - RefreshThreshold time.Duration - // EnableGracefulDegradation allows using existing token if refresh fails (default: true) - EnableGracefulDegradation bool -} - -// DefaultRefreshConfig returns the default refresh configuration. -func DefaultRefreshConfig() RefreshConfig { - return RefreshConfig{ - MaxRetries: 1, - RetryDelay: time.Second, - RefreshThreshold: 5 * time.Minute, - EnableGracefulDegradation: true, - } -} - -// RefreshWithRetry attempts to refresh a token with retry logic. -func RefreshWithRetry( - ctx context.Context, - refreshFunc func(ctx context.Context) (*KiroTokenData, error), - config RefreshConfig, -) (*KiroTokenData, error) { - var lastErr error - - maxAttempts := config.MaxRetries + 1 - if maxAttempts < 1 { - maxAttempts = 1 - } - - for attempt := 1; attempt <= maxAttempts; attempt++ { - tokenData, err := refreshFunc(ctx) - if err == nil { - if attempt > 1 { - log.Infof("kiro: token refresh succeeded on attempt %d", attempt) - } - return tokenData, nil - } - - lastErr = err - log.Warnf("kiro: token refresh attempt %d/%d failed: %v", attempt, maxAttempts, err) - - // Don't sleep after the last attempt - if attempt < maxAttempts { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(config.RetryDelay): - } - } - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxAttempts, lastErr) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/social_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/social_auth.go deleted file mode 100644 index a5c9160579..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/social_auth.go +++ /dev/null @@ -1,463 +0,0 @@ -// Package kiro provides social authentication (Google/GitHub) for Kiro via AuthServiceClient. -package kiro - -import ( - "bufio" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "html" - "io" - "net" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/browser" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "golang.org/x/term" -) - -const ( - // Kiro AuthService endpoint - kiroAuthServiceEndpoint = "https://prod.us-east-1.auth.desktop.kiro.dev" - - // OAuth timeout - socialAuthTimeout = 10 * time.Minute - - // Default callback port for social auth HTTP server - socialAuthCallbackPort = 9876 -) - -// SocialProvider represents the social login provider. -type SocialProvider string - -const ( - // ProviderGoogle is Google OAuth provider - ProviderGoogle SocialProvider = "Google" - // ProviderGitHub is GitHub OAuth provider - ProviderGitHub SocialProvider = "Github" - // Note: AWS Builder ID is NOT supported by Kiro's auth service. - // It only supports: Google, Github, Cognito - // AWS Builder ID must use device code flow via SSO OIDC. -) - -// CreateTokenRequest is sent to Kiro's /oauth/token endpoint. -type CreateTokenRequest struct { - Code string `json:"code"` - CodeVerifier string `json:"code_verifier"` - RedirectURI string `json:"redirect_uri"` - InvitationCode string `json:"invitation_code,omitempty"` -} - -// SocialTokenResponse from Kiro's /oauth/token endpoint for social auth. -type SocialTokenResponse struct { - AccessToken string `json:"accessToken"` - RefreshToken string `json:"refreshToken"` - ProfileArn string `json:"profileArn"` - ExpiresIn int `json:"expiresIn"` -} - -// RefreshTokenRequest is sent to Kiro's /refreshToken endpoint. -type RefreshTokenRequest struct { - RefreshToken string `json:"refreshToken"` -} - -// WebCallbackResult contains the OAuth callback result from HTTP server. -type WebCallbackResult struct { - Code string - State string - Error string -} - -// SocialAuthClient handles social authentication with Kiro. -type SocialAuthClient struct { - httpClient *http.Client - cfg *config.Config - protocolHandler *ProtocolHandler -} - -// NewSocialAuthClient creates a new social auth client. -func NewSocialAuthClient(cfg *config.Config) *SocialAuthClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &SocialAuthClient{ - httpClient: client, - cfg: cfg, - protocolHandler: NewProtocolHandler(), - } -} - -// startWebCallbackServer starts a local HTTP server to receive the OAuth callback. -// This is used instead of the kiro:// protocol handler to avoid redirect_mismatch errors. -func (c *SocialAuthClient) startWebCallbackServer(ctx context.Context, expectedState string) (string, <-chan WebCallbackResult, error) { - // Try to find an available port - use localhost like Kiro does - listener, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", socialAuthCallbackPort)) - if err != nil { - // Try with dynamic port (RFC 8252 allows dynamic ports for native apps) - log.Warnf("kiro social auth: default port %d is busy, falling back to dynamic port", socialAuthCallbackPort) - listener, err = net.Listen("tcp", "localhost:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - // Use http scheme for local callback server - redirectURI := fmt.Sprintf("http://localhost:%d/oauth/callback", port) - resultChan := make(chan WebCallbackResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - if errParam != "" { - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusBadRequest) - _, _ = fmt.Fprintf(w, ` -Login Failed -

Login Failed

%s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- WebCallbackResult{Error: errParam} - return - } - - if state != expectedState { - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusBadRequest) - _, _ = fmt.Fprint(w, ` -Login Failed -

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- WebCallbackResult{Error: "state mismatch"} - return - } - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - _, _ = fmt.Fprint(w, ` -Login Successful -

Login Successful!

You can close this window and return to the terminal.

-`) - resultChan <- WebCallbackResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("kiro social auth callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(socialAuthTimeout): - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// generatePKCE generates PKCE code verifier and challenge. -func generatePKCE() (verifier, challenge string, err error) { - // Generate 32 bytes of random data for verifier - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", err) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - - // Generate SHA256 hash of verifier for challenge - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - - return verifier, challenge, nil -} - -// generateState generates a random state parameter. -func generateStateParam() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// buildLoginURL constructs the Kiro OAuth login URL. -// The login endpoint expects a GET request with query parameters. -// Format: /login?idp=Google&redirect_uri=...&code_challenge=...&code_challenge_method=S256&state=...&prompt=select_account -// The prompt=select_account parameter forces the account selection screen even if already logged in. -func (c *SocialAuthClient) buildLoginURL(provider, redirectURI, codeChallenge, state string) string { - return fmt.Sprintf("%s/login?idp=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256&state=%s&prompt=select_account", - kiroAuthServiceEndpoint, - provider, - url.QueryEscape(redirectURI), - codeChallenge, - state, - ) -} - -// CreateToken exchanges the authorization code for tokens. -func (c *SocialAuthClient) CreateToken(ctx context.Context, req *CreateTokenRequest) (*SocialTokenResponse, error) { - body, err := json.Marshal(req) - if err != nil { - return nil, fmt.Errorf("failed to marshal token request: %w", err) - } - - tokenURL := kiroAuthServiceEndpoint + "/oauth/token" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("User-Agent", "KiroIDE-0.7.45-cli-proxy-api") - - resp, err := c.httpClient.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("token request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token exchange failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token exchange failed (status %d)", resp.StatusCode) - } - - var tokenResp SocialTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - return &tokenResp, nil -} - -// RefreshSocialToken refreshes an expired social auth token. -func (c *SocialAuthClient) RefreshSocialToken(ctx context.Context, refreshToken string) (*KiroTokenData, error) { - body, err := json.Marshal(&RefreshTokenRequest{RefreshToken: refreshToken}) - if err != nil { - return nil, fmt.Errorf("failed to marshal refresh request: %w", err) - } - - refreshURL := kiroAuthServiceEndpoint + "/refreshToken" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, refreshURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("User-Agent", "cli-proxy-api/1.0.0") - - resp, err := c.httpClient.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("refresh request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d)", resp.StatusCode) - } - - var tokenResp SocialTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse refresh response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 // Default 1 hour - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// LoginWithSocial performs OAuth login with Google or GitHub. -// Uses local HTTP callback server instead of custom protocol handler to avoid redirect_mismatch errors. -func (c *SocialAuthClient) LoginWithSocial(ctx context.Context, provider SocialProvider) (*KiroTokenData, error) { - providerName := string(provider) - - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Printf("║ Kiro Authentication (%s) ║\n", providerName) - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Start local HTTP callback server (instead of kiro:// protocol handler) - // This avoids redirect_mismatch errors with AWS Cognito - fmt.Println("\nSetting up authentication...") - - // Step 2: Generate PKCE codes - codeVerifier, codeChallenge, err := generatePKCE() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE: %w", err) - } - - // Step 3: Generate state - state, err := generateStateParam() - if err != nil { - return nil, fmt.Errorf("failed to generate state: %w", err) - } - - // Step 4: Start local HTTP callback server - redirectURI, resultChan, err := c.startWebCallbackServer(ctx, state) - if err != nil { - return nil, fmt.Errorf("failed to start callback server: %w", err) - } - log.Debugf("kiro social auth: callback server started at %s", redirectURI) - - // Step 5: Build the login URL using HTTP redirect URI - authURL := c.buildLoginURL(providerName, redirectURI, codeChallenge, state) - - // Set incognito mode based on config (defaults to true for Kiro, can be overridden with --no-incognito) - // Incognito mode enables multi-account support by bypassing cached sessions - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) // Default to incognito if no config - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Step 6: Open browser for user authentication - fmt.Println("\n════════════════════════════════════════════════════════════") - fmt.Printf(" Opening browser for %s authentication...\n", providerName) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n URL: %s\n\n", authURL) - - if err := browser.OpenURL(authURL); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" ⚠ Could not open browser automatically.") - fmt.Println(" Please open the URL above in your browser manually.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - fmt.Println("\n Waiting for authentication callback...") - - // Step 7: Wait for callback from HTTP server - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(socialAuthTimeout): - return nil, fmt.Errorf("authentication timed out") - case callback := <-resultChan: - if callback.Error != "" { - return nil, fmt.Errorf("authentication error: %s", callback.Error) - } - - // State is already validated by the callback server - if callback.Code == "" { - return nil, fmt.Errorf("no authorization code received") - } - - fmt.Println("\n✓ Authorization received!") - - // Step 8: Exchange code for tokens - fmt.Println("Exchanging code for tokens...") - - tokenReq := &CreateTokenRequest{ - Code: callback.Code, - CodeVerifier: codeVerifier, - RedirectURI: redirectURI, // Use HTTP redirect URI, not kiro:// protocol - } - - tokenResp, err := c.CreateToken(ctx, tokenReq) - if err != nil { - return nil, fmt.Errorf("failed to exchange code for tokens: %w", err) - } - - fmt.Println("\n✓ Authentication successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - // Try to extract email from JWT access token first - email := ExtractEmailFromJWT(tokenResp.AccessToken) - - // If no email in JWT, ask user for account label (only in interactive mode) - if email == "" && isInteractiveTerminal() { - fmt.Print("\n Enter account label for file naming (optional, press Enter to skip): ") - reader := bufio.NewReader(os.Stdin) - var err error - email, err = reader.ReadString('\n') - if err != nil { - log.Debugf("Failed to read account label: %v", err) - } - email = strings.TrimSpace(email) - } - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: providerName, - Email: email, // JWT email or user-provided label - Region: "us-east-1", - }, nil - } -} - -// LoginWithGoogle performs OAuth login with Google. -func (c *SocialAuthClient) LoginWithGoogle(ctx context.Context) (*KiroTokenData, error) { - return c.LoginWithSocial(ctx, ProviderGoogle) -} - -// LoginWithGitHub performs OAuth login with GitHub. -func (c *SocialAuthClient) LoginWithGitHub(ctx context.Context) (*KiroTokenData, error) { - return c.LoginWithSocial(ctx, ProviderGitHub) -} - -// isInteractiveTerminal checks if stdin is connected to an interactive terminal. -// Returns false in CI/automated environments or when stdin is piped. -func isInteractiveTerminal() bool { - return term.IsTerminal(int(os.Stdin.Fd())) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/social_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/social_extra_test.go deleted file mode 100644 index 0a0d487424..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/social_extra_test.go +++ /dev/null @@ -1,117 +0,0 @@ -package kiro - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" - "time" -) - -func TestSocialAuthClient_CreateToken(t *testing.T) { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - resp := SocialTokenResponse{ - AccessToken: "access", - RefreshToken: "refresh", - ProfileArn: "arn", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer server.Close() - - client := NewSocialAuthClient(nil) - client.httpClient = http.DefaultClient - // We can't easily override the constant endpoint without more refactoring -} - -func TestGeneratePKCE(t *testing.T) { - v, c, err := generatePKCE() - if err != nil { - t.Fatalf("generatePKCE failed: %v", err) - } - if v == "" || c == "" { - t.Error("empty verifier or challenge") - } -} - -func TestGenerateStateParam(t *testing.T) { - s, err := generateStateParam() - if err != nil { - t.Fatalf("generateStateParam failed: %v", err) - } - if s == "" { - t.Error("empty state") - } -} - -func TestSocialAuthClient_BuildLoginURL(t *testing.T) { - client := &SocialAuthClient{} - url := client.buildLoginURL("Google", "http://localhost/cb", "challenge", "state") - if !strings.Contains(url, "idp=Google") || !strings.Contains(url, "state=state") { - t.Errorf("unexpected URL: %s", url) - } -} - -func TestSocialAuthClient_WebCallbackServer(t *testing.T) { - client := &SocialAuthClient{} - expectedState := "xyz" - - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel() - - redirectURI, resultChan, err := client.startWebCallbackServer(ctx, expectedState) - if err != nil { - t.Fatalf("startWebCallbackServer failed: %v", err) - } - if !strings.HasPrefix(redirectURI, "http://localhost:") || !strings.Contains(redirectURI, "/oauth/callback") { - t.Fatalf("redirect URI = %q, want http://localhost:/oauth/callback", redirectURI) - } - - // Give server a moment to start - time.Sleep(500 * time.Millisecond) - - // Mock callback - cbURL := redirectURI + "?code=abc&state=" + expectedState - resp, err := http.Get(cbURL) - if err != nil { - t.Fatalf("callback request failed: %v", err) - } - _ = resp.Body.Close() - - select { - case result := <-resultChan: - if result.Code != "abc" || result.State != expectedState { - t.Errorf("unexpected result: %+v", result) - } - case <-ctx.Done(): - t.Fatal("timed out waiting for callback") - } - - // Test state mismatch - ctx2, cancel2 := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel2() - redirectURI2, resultChan2, _ := client.startWebCallbackServer(ctx2, "good") - if !strings.HasPrefix(redirectURI2, "http://localhost:") || !strings.Contains(redirectURI2, "/oauth/callback") { - t.Fatalf("redirect URI (second server) = %q, want http://localhost:/oauth/callback", redirectURI2) - } - - // Give server a moment to start - time.Sleep(500 * time.Millisecond) - - resp2, err := http.Get(redirectURI2 + "?code=abc&state=bad") - if err == nil { - _ = resp2.Body.Close() - } - - select { - case result2 := <-resultChan2: - if result2.Error != "state mismatch" { - t.Errorf("expected state mismatch error, got %s", result2.Error) - } - case <-ctx2.Done(): - t.Fatal("timed out waiting for mismatch callback") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc.go deleted file mode 100644 index 2fe4c0cabe..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc.go +++ /dev/null @@ -1,1489 +0,0 @@ -// Package kiro provides AWS SSO OIDC authentication for Kiro. -package kiro - -import ( - "bufio" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "html" - "io" - "net" - "net/http" - "net/url" - "os" - "regexp" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/browser" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // AWS SSO OIDC endpoints - ssoOIDCEndpoint = "https://oidc.us-east-1.amazonaws.com" - - // Kiro's start URL for Builder ID - builderIDStartURL = "https://view.awsapps.com/start" - - // Default region for IDC - defaultIDCRegion = "us-east-1" - - // Polling interval - pollInterval = 5 * time.Second - - // Authorization code flow callback - authCodeCallbackPath = "/oauth/callback" - authCodeCallbackPort = 19877 - - // User-Agent to match official Kiro IDE - kiroUserAgent = "KiroIDE" - - // IDC token refresh headers (matching Kiro IDE behavior) - idcAmzUserAgent = "aws-sdk-js/3.738.0 ua/2.1 os/other lang/js md/browser#unknown_unknown api/sso-oidc#3.738.0 m/E KiroIDE" - idcPlatform = "darwin" - idcClientType = "extension" - idcDefaultVer = "0.0.0" -) - -// Sentinel errors for OIDC token polling -var ( - ErrAuthorizationPending = errors.New("authorization_pending") - ErrSlowDown = errors.New("slow_down") - awsRegionPattern = regexp.MustCompile(`^[a-z]{2}(?:-[a-z0-9]+)+-\d+$`) - oidcRegionPattern = regexp.MustCompile(`^[a-z]{2}(?:-[a-z0-9]+)+-\d+$`) -) - -// SSOOIDCClient handles AWS SSO OIDC authentication. -type SSOOIDCClient struct { - httpClient *http.Client - cfg *config.Config -} - -// NewSSOOIDCClient creates a new SSO OIDC client. -func NewSSOOIDCClient(cfg *config.Config) *SSOOIDCClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &SSOOIDCClient{ - httpClient: client, - cfg: cfg, - } -} - -// RegisterClientResponse from AWS SSO OIDC. -type RegisterClientResponse struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - ClientIDIssuedAt int64 `json:"clientIdIssuedAt"` - ClientSecretExpiresAt int64 `json:"clientSecretExpiresAt"` -} - -// StartDeviceAuthResponse from AWS SSO OIDC. -type StartDeviceAuthResponse struct { - DeviceCode string `json:"deviceCode"` - UserCode string `json:"userCode"` - VerificationURI string `json:"verificationUri"` - VerificationURIComplete string `json:"verificationUriComplete"` - ExpiresIn int `json:"expiresIn"` - Interval int `json:"interval"` -} - -// CreateTokenResponse from AWS SSO OIDC. -type CreateTokenResponse struct { - AccessToken string `json:"accessToken"` - TokenType string `json:"tokenType"` - ExpiresIn int `json:"expiresIn"` - RefreshToken string `json:"refreshToken"` -} - -// getOIDCEndpoint returns the OIDC endpoint for the given region. -func getOIDCEndpoint(region string) string { - if region == "" { - region = defaultIDCRegion - } - return fmt.Sprintf("https://oidc.%s.amazonaws.com", region) -} - -func validateIDCRegion(region string) (string, error) { - region = strings.TrimSpace(region) - if region == "" { - return defaultIDCRegion, nil - } - if !awsRegionPattern.MatchString(region) { - return "", fmt.Errorf("invalid region %q", region) - } - return region, nil -} - -func validateStartURL(startURL string) error { - trimmed := strings.TrimSpace(startURL) - if trimmed == "" { - return fmt.Errorf("start URL is required") - } - parsed, err := url.Parse(trimmed) - if err != nil { - return err - } - if !parsed.IsAbs() { - return fmt.Errorf("start URL must be absolute") - } - if parsed.User != nil { - return fmt.Errorf("start URL must not include user info") - } - scheme := strings.ToLower(strings.TrimSpace(parsed.Scheme)) - if scheme != "https" { - return fmt.Errorf("unsupported start URL scheme") - } - host := strings.TrimSpace(parsed.Hostname()) - if host == "" { - return fmt.Errorf("start URL host is required") - } - if strings.EqualFold(host, "localhost") { - return fmt.Errorf("start URL host is not allowed") - } - if ip := net.ParseIP(host); ip != nil { - if ip.IsLoopback() || ip.IsPrivate() || ip.IsUnspecified() || ip.IsMulticast() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { - return fmt.Errorf("start URL host is not allowed") - } - } - return nil -} - -func buildIDCRefreshPayload(clientID, clientSecret, refreshToken string) map[string]string { - return map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "refreshToken": refreshToken, - "client_id": clientID, - "client_secret": clientSecret, - "refresh_token": refreshToken, - "grant_type": "refresh_token", - } -} - -func applyIDCRefreshHeaders(req *http.Request, region string) { - if region == "" { - region = defaultIDCRegion - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Host", fmt.Sprintf("oidc.%s.amazonaws.com", region)) - req.Header.Set("Connection", "keep-alive") - req.Header.Set("x-amz-user-agent", idcAmzUserAgent) - req.Header.Set("Accept", "*/*") - req.Header.Set("Accept-Language", "*") - req.Header.Set("sec-fetch-mode", "cors") - req.Header.Set("User-Agent", "node") - req.Header.Set("Accept-Encoding", "br, gzip, deflate") - req.Header.Set("X-PLATFORM", idcPlatform) - req.Header.Set("X-PLATFORM-VERSION", idcDefaultVer) - req.Header.Set("X-CLIENT-VERSION", idcDefaultVer) - req.Header.Set("X-CLIENT-TYPE", idcClientType) - req.Header.Set("X-CORE-VERSION", idcDefaultVer) - req.Header.Set("X-IS-MULTIROOT", "false") -} - -// promptInput prompts the user for input with an optional default value. -func promptInput(prompt, defaultValue string) string { - reader := bufio.NewReader(os.Stdin) - if defaultValue != "" { - fmt.Printf("%s [%s]: ", prompt, defaultValue) - } else { - fmt.Printf("%s: ", prompt) - } - input, err := reader.ReadString('\n') - if err != nil { - log.Warnf("Error reading input: %v", err) - return defaultValue - } - input = strings.TrimSpace(input) - if input == "" { - return defaultValue - } - return input -} - -// promptSelect prompts the user to select from options using number input. -func promptSelect(prompt string, options []string) int { - reader := bufio.NewReader(os.Stdin) - - for { - fmt.Println(prompt) - for i, opt := range options { - fmt.Printf(" %d) %s\n", i+1, opt) - } - fmt.Printf("Enter selection (1-%d): ", len(options)) - - input, err := reader.ReadString('\n') - if err != nil { - log.Warnf("Error reading input: %v", err) - return 0 // Default to first option on error - } - input = strings.TrimSpace(input) - - // Parse the selection - var selection int - if _, err := fmt.Sscanf(input, "%d", &selection); err != nil || selection < 1 || selection > len(options) { - fmt.Printf("Invalid selection '%s'. Please enter a number between 1 and %d.\n\n", input, len(options)) - continue - } - return selection - 1 - } -} - -// RegisterClientWithRegion registers a new OIDC client with AWS using a specific region. -func (c *SSOOIDCClient) RegisterClientWithRegion(ctx context.Context, region string) (*RegisterClientResponse, error) { - validatedRegion, err := validateIDCRegion(region) - if err != nil { - return nil, err - } - endpoint := getOIDCEndpoint(validatedRegion) - - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"urn:ietf:params:oauth:grant-type:device_code", "refresh_token"}, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// StartDeviceAuthorizationWithIDC starts the device authorization flow for IDC. -func (c *SSOOIDCClient) StartDeviceAuthorizationWithIDC(ctx context.Context, clientID, clientSecret, startURL, region string) (*StartDeviceAuthResponse, error) { - validatedRegion, err := validateIDCRegion(region) - if err != nil { - return nil, err - } - if err := validateStartURL(startURL); err != nil { - return nil, err - } - endpoint := getOIDCEndpoint(validatedRegion) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "startUrl": startURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/device_authorization", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("start device auth failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("start device auth failed (status %d)", resp.StatusCode) - } - - var result StartDeviceAuthResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// CreateTokenWithRegion polls for the access token after user authorization using a specific region. -func (c *SSOOIDCClient) CreateTokenWithRegion(ctx context.Context, clientID, clientSecret, deviceCode, region string) (*CreateTokenResponse, error) { - normalizedRegion, errRegion := normalizeOIDCRegion(region) - if errRegion != nil { - return nil, errRegion - } - endpoint := getOIDCEndpoint(normalizedRegion) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "deviceCode": deviceCode, - "grantType": "urn:ietf:params:oauth:grant-type:device_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Check for pending authorization - if resp.StatusCode == http.StatusBadRequest { - var errResp struct { - Error string `json:"error"` - } - if json.Unmarshal(respBody, &errResp) == nil { - if errResp.Error == "authorization_pending" { - return nil, ErrAuthorizationPending - } - if errResp.Error == "slow_down" { - return nil, ErrSlowDown - } - } - log.Debugf("create token failed: %s", string(respBody)) - return nil, fmt.Errorf("create token failed") - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -func normalizeOIDCRegion(region string) (string, error) { - trimmed := strings.TrimSpace(region) - if trimmed == "" { - return defaultIDCRegion, nil - } - if !awsRegionPattern.MatchString(trimmed) { - return "", fmt.Errorf("invalid OIDC region %q", region) - } - return trimmed, nil -} - -// RefreshTokenWithRegion refreshes an access token using the refresh token with a specific region. -func (c *SSOOIDCClient) RefreshTokenWithRegion(ctx context.Context, clientID, clientSecret, refreshToken, region, startURL string) (*KiroTokenData, error) { - endpoint := getOIDCEndpoint(region) - payload := buildIDCRefreshPayload(clientID, clientSecret, refreshToken) - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - - applyIDCRefreshHeaders(req, region) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("IDC token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, formatTokenRefreshError(resp.StatusCode, respBody) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - if strings.TrimSpace(result.AccessToken) == "" { - return nil, fmt.Errorf("token refresh failed: missing access token in response") - } - if strings.TrimSpace(result.RefreshToken) == "" { - // Some providers do not rotate refresh tokens on every refresh. - result.RefreshToken = refreshToken - } - - expiresAt := time.Now().Add(time.Duration(result.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: result.AccessToken, - RefreshToken: result.RefreshToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "idc", - Provider: "AWS", - ClientID: clientID, - ClientSecret: clientSecret, - StartURL: startURL, - Region: region, - }, nil -} - -// LoginWithIDC performs the full device code flow for AWS Identity Center (IDC). -func (c *SSOOIDCClient) LoginWithIDC(ctx context.Context, startURL, region string) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Identity Center) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Register client with the specified region - fmt.Println("\nRegistering client...") - regResp, err := c.RegisterClientWithRegion(ctx, region) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 2: Start device authorization with IDC start URL - fmt.Println("Starting device authorization...") - authResp, err := c.StartDeviceAuthorizationWithIDC(ctx, regResp.ClientID, regResp.ClientSecret, startURL, region) - if err != nil { - return nil, fmt.Errorf("failed to start device auth: %w", err) - } - - // Step 3: Show user the verification URL - fmt.Printf("\n") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf(" Confirm the following code in the browser:\n") - fmt.Printf(" Code: %s\n", authResp.UserCode) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n Open this URL: %s\n\n", authResp.VerificationURIComplete) - - // Set incognito mode based on config - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Open browser - if err := browser.OpenURL(authResp.VerificationURIComplete); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" Please open the URL manually in your browser.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - // Step 4: Poll for token - fmt.Println("Waiting for authorization...") - - interval := pollInterval - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - _ = browser.CloseBrowser() - return nil, ctx.Err() - case <-time.After(interval): - tokenResp, err := c.CreateTokenWithRegion(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode, region) - if err != nil { - if errors.Is(err, ErrAuthorizationPending) { - fmt.Print(".") - continue - } - if errors.Is(err, ErrSlowDown) { - interval += 5 * time.Second - continue - } - _ = browser.CloseBrowser() - return nil, fmt.Errorf("token creation failed: %w", err) - } - - fmt.Println("\n\n✓ Authorization successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 5: Get profile ARN from CodeWhisperer API - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "idc", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - StartURL: startURL, - Region: region, - }, nil - } - } - - // Close browser on timeout - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser on timeout: %v", err) - } - return nil, fmt.Errorf("authorization timed out") -} - -// LoginWithMethodSelection prompts the user to select between Builder ID and IDC, then performs the login. -func (c *SSOOIDCClient) LoginWithMethodSelection(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Prompt for login method - options := []string{ - "Use with Builder ID (personal AWS account)", - "Use with IDC Account (organization SSO)", - } - selection := promptSelect("\n? Select login method:", options) - - if selection == 0 { - // Builder ID flow - use existing implementation - return c.LoginWithBuilderID(ctx) - } - - // IDC flow - prompt for start URL and region - fmt.Println() - startURL := promptInput("? Enter Start URL", "") - if startURL == "" { - return nil, fmt.Errorf("start URL is required for IDC login") - } - - region := promptInput("? Enter Region", defaultIDCRegion) - - return c.LoginWithIDC(ctx, startURL, region) -} - -// RegisterClient registers a new OIDC client with AWS. -func (c *SSOOIDCClient) RegisterClient(ctx context.Context) (*RegisterClientResponse, error) { - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"urn:ietf:params:oauth:grant-type:device_code", "refresh_token"}, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// StartDeviceAuthorization starts the device authorization flow. -func (c *SSOOIDCClient) StartDeviceAuthorization(ctx context.Context, clientID, clientSecret string) (*StartDeviceAuthResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "startUrl": builderIDStartURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/device_authorization", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("start device auth failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("start device auth failed (status %d)", resp.StatusCode) - } - - var result StartDeviceAuthResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// CreateToken polls for the access token after user authorization. -func (c *SSOOIDCClient) CreateToken(ctx context.Context, clientID, clientSecret, deviceCode string) (*CreateTokenResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "deviceCode": deviceCode, - "grantType": "urn:ietf:params:oauth:grant-type:device_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Check for pending authorization - if resp.StatusCode == http.StatusBadRequest { - var errResp struct { - Error string `json:"error"` - } - if json.Unmarshal(respBody, &errResp) == nil { - if errResp.Error == "authorization_pending" { - return nil, ErrAuthorizationPending - } - if errResp.Error == "slow_down" { - return nil, ErrSlowDown - } - } - log.Debugf("create token failed: %s", string(respBody)) - return nil, fmt.Errorf("create token failed") - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// RefreshToken refreshes an access token using the refresh token. -// Includes retry logic and improved error handling for better reliability. -func (c *SSOOIDCClient) RefreshToken(ctx context.Context, clientID, clientSecret, refreshToken string) (*KiroTokenData, error) { - payload := buildIDCRefreshPayload(clientID, clientSecret, refreshToken) - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - - // Set headers matching Kiro IDE behavior for better compatibility. - // Keep these aligned with RefreshTokenWithRegion for Cline-compatible flows. - applyIDCRefreshHeaders(req, defaultIDCRegion) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, formatTokenRefreshError(resp.StatusCode, respBody) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - if strings.TrimSpace(result.AccessToken) == "" { - return nil, fmt.Errorf("token refresh failed: missing access token in response") - } - if strings.TrimSpace(result.RefreshToken) == "" { - // Some providers do not rotate refresh tokens on every refresh. - result.RefreshToken = refreshToken - } - - expiresAt := time.Now().Add(time.Duration(result.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: result.AccessToken, - RefreshToken: result.RefreshToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: clientID, - ClientSecret: clientSecret, - Region: defaultIDCRegion, - }, nil -} - -func formatTokenRefreshError(status int, body []byte) error { - trimmed := strings.TrimSpace(string(body)) - if trimmed == "" { - return fmt.Errorf("token refresh failed (status %d)", status) - } - return fmt.Errorf("token refresh failed (status %d): %s", status, trimmed) -} - -// LoginWithBuilderID performs the full device code flow for AWS Builder ID. -func (c *SSOOIDCClient) LoginWithBuilderID(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Builder ID) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Register client - fmt.Println("\nRegistering client...") - regResp, err := c.RegisterClient(ctx) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 2: Start device authorization - fmt.Println("Starting device authorization...") - authResp, err := c.StartDeviceAuthorization(ctx, regResp.ClientID, regResp.ClientSecret) - if err != nil { - return nil, fmt.Errorf("failed to start device auth: %w", err) - } - - // Step 3: Show user the verification URL - fmt.Printf("\n") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf(" Open this URL in your browser:\n") - fmt.Printf(" %s\n", authResp.VerificationURIComplete) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n Or go to: %s\n", authResp.VerificationURI) - fmt.Printf(" And enter code: %s\n\n", authResp.UserCode) - - // Set incognito mode based on config (defaults to true for Kiro, can be overridden with --no-incognito) - // Incognito mode enables multi-account support by bypassing cached sessions - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) // Default to incognito if no config - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Open browser using cross-platform browser package - if err := browser.OpenURL(authResp.VerificationURIComplete); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" Please open the URL manually in your browser.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - // Step 4: Poll for token - fmt.Println("Waiting for authorization...") - - interval := pollInterval - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - _ = browser.CloseBrowser() // Cleanup on cancel - return nil, ctx.Err() - case <-time.After(interval): - tokenResp, err := c.CreateToken(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode) - if err != nil { - if errors.Is(err, ErrAuthorizationPending) { - fmt.Print(".") - continue - } - if errors.Is(err, ErrSlowDown) { - interval += 5 * time.Second - continue - } - // Close browser on error before returning - _ = browser.CloseBrowser() - return nil, fmt.Errorf("token creation failed: %w", err) - } - - fmt.Println("\n\n✓ Authorization successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 5: Get profile ARN from CodeWhisperer API - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email (tries CodeWhisperer API first, then userinfo endpoint, then JWT parsing) - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - Region: defaultIDCRegion, - }, nil - } - } - - // Close browser on timeout for better UX - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser on timeout: %v", err) - } - return nil, fmt.Errorf("authorization timed out") -} - -// FetchUserEmail retrieves the user's email from AWS SSO OIDC userinfo endpoint. -// Falls back to JWT parsing if userinfo fails. -func (c *SSOOIDCClient) FetchUserEmail(ctx context.Context, accessToken string) string { - // Method 1: Try userinfo endpoint (standard OIDC) - email := c.tryUserInfoEndpoint(ctx, accessToken) - if email != "" { - return email - } - - // Method 2: Fallback to JWT parsing - return ExtractEmailFromJWT(accessToken) -} - -// tryUserInfoEndpoint attempts to get user info from AWS SSO OIDC userinfo endpoint. -func (c *SSOOIDCClient) tryUserInfoEndpoint(ctx context.Context, accessToken string) string { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, ssoOIDCEndpoint+"/userinfo", nil) - if err != nil { - return "" - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - log.Debugf("userinfo request failed: %v", err) - return "" - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode != http.StatusOK { - respBody, _ := io.ReadAll(resp.Body) - log.Debugf("userinfo endpoint returned status %d: %s", resp.StatusCode, string(respBody)) - return "" - } - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return "" - } - - log.Debugf("userinfo response: %s", string(respBody)) - - var userInfo struct { - Email string `json:"email"` - Sub string `json:"sub"` - PreferredUsername string `json:"preferred_username"` - Name string `json:"name"` - } - - if err := json.Unmarshal(respBody, &userInfo); err != nil { - return "" - } - - if userInfo.Email != "" { - return userInfo.Email - } - if userInfo.PreferredUsername != "" && strings.Contains(userInfo.PreferredUsername, "@") { - return userInfo.PreferredUsername - } - return "" -} - -// fetchProfileArn retrieves the profile ARN from CodeWhisperer API. -// This is needed for file naming since AWS SSO OIDC doesn't return profile info. -func (c *SSOOIDCClient) fetchProfileArn(ctx context.Context, accessToken string) string { - // Try ListProfiles API first - profileArn := c.tryListProfiles(ctx, accessToken) - if profileArn != "" { - return profileArn - } - - // Fallback: Try ListAvailableCustomizations - return c.tryListCustomizations(ctx, accessToken) -} - -func (c *SSOOIDCClient) tryListProfiles(ctx context.Context, accessToken string) string { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - } - - body, err := json.Marshal(payload) - if err != nil { - return "" - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://codewhisperer.us-east-1.amazonaws.com", strings.NewReader(string(body))) - if err != nil { - return "" - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", "AmazonCodeWhispererService.ListProfiles") - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "" - } - defer func() { _ = resp.Body.Close() }() - - respBody, _ := io.ReadAll(resp.Body) - - if resp.StatusCode != http.StatusOK { - log.Debugf("ListProfiles failed (status %d): %s", resp.StatusCode, string(respBody)) - return "" - } - - log.Debugf("ListProfiles response: %s", string(respBody)) - - var result struct { - Profiles []struct { - Arn string `json:"arn"` - } `json:"profiles"` - ProfileArn string `json:"profileArn"` - } - - if err := json.Unmarshal(respBody, &result); err != nil { - return "" - } - - if result.ProfileArn != "" { - return result.ProfileArn - } - - if len(result.Profiles) > 0 { - return result.Profiles[0].Arn - } - - return "" -} - -func (c *SSOOIDCClient) tryListCustomizations(ctx context.Context, accessToken string) string { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - } - - body, err := json.Marshal(payload) - if err != nil { - return "" - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://codewhisperer.us-east-1.amazonaws.com", strings.NewReader(string(body))) - if err != nil { - return "" - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", "AmazonCodeWhispererService.ListAvailableCustomizations") - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "" - } - defer func() { _ = resp.Body.Close() }() - - respBody, _ := io.ReadAll(resp.Body) - - if resp.StatusCode != http.StatusOK { - log.Debugf("ListAvailableCustomizations failed (status %d): %s", resp.StatusCode, string(respBody)) - return "" - } - - log.Debugf("ListAvailableCustomizations response: %s", string(respBody)) - - var result struct { - Customizations []struct { - Arn string `json:"arn"` - } `json:"customizations"` - ProfileArn string `json:"profileArn"` - } - - if err := json.Unmarshal(respBody, &result); err != nil { - return "" - } - - if result.ProfileArn != "" { - return result.ProfileArn - } - - if len(result.Customizations) > 0 { - return result.Customizations[0].Arn - } - - return "" -} - -// RegisterClientForAuthCode registers a new OIDC client for authorization code flow. -func (c *SSOOIDCClient) RegisterClientForAuthCode(ctx context.Context, redirectURI string) (*RegisterClientResponse, error) { - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"authorization_code", "refresh_token"}, - "redirectUris": []string{redirectURI}, - "issuerUrl": builderIDStartURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client for auth code failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// AuthCodeCallbackResult contains the result from authorization code callback. -type AuthCodeCallbackResult struct { - Code string - State string - Error string -} - -// startAuthCodeCallbackServer starts a local HTTP server to receive the authorization code callback. -func (c *SSOOIDCClient) startAuthCodeCallbackServer(ctx context.Context, expectedState string) (string, <-chan AuthCodeCallbackResult, error) { - // Try to find an available port - listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", authCodeCallbackPort)) - if err != nil { - // Try with dynamic port - log.Warnf("sso oidc: default port %d is busy, falling back to dynamic port", authCodeCallbackPort) - listener, err = net.Listen("tcp", "127.0.0.1:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - redirectURI := fmt.Sprintf("http://127.0.0.1:%d%s", port, authCodeCallbackPath) - resultChan := make(chan AuthCodeCallbackResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc(authCodeCallbackPath, func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - // Send response to browser - w.Header().Set("Content-Type", "text/html; charset=utf-8") - if errParam != "" { - w.WriteHeader(http.StatusBadRequest) - _, _ = fmt.Fprintf(w, ` -Login Failed -

Login Failed

Error: %s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- AuthCodeCallbackResult{Error: errParam} - return - } - - if state != expectedState { - w.WriteHeader(http.StatusBadRequest) - _, _ = fmt.Fprint(w, ` -Login Failed -

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- AuthCodeCallbackResult{Error: "state mismatch"} - return - } - - _, _ = fmt.Fprint(w, ` -Login Successful -

Login Successful!

You can close this window and return to the terminal.

-`) - resultChan <- AuthCodeCallbackResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("auth code callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(10 * time.Minute): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// generatePKCEForAuthCode generates PKCE code verifier and challenge for authorization code flow. -func generatePKCEForAuthCode() (verifier, challenge string, err error) { - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", err) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - return verifier, challenge, nil -} - -// generateStateForAuthCode generates a random state parameter. -func generateStateForAuthCode() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// CreateTokenWithAuthCode exchanges authorization code for tokens. -func (c *SSOOIDCClient) CreateTokenWithAuthCode(ctx context.Context, clientID, clientSecret, code, codeVerifier, redirectURI string) (*CreateTokenResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "code": code, - "codeVerifier": codeVerifier, - "redirectUri": redirectURI, - "grantType": "authorization_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer func() { _ = resp.Body.Close() }() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token with auth code failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// LoginWithBuilderIDAuthCode performs the authorization code flow for AWS Builder ID. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (c *SSOOIDCClient) LoginWithBuilderIDAuthCode(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Builder ID - Auth Code) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Generate PKCE and state - codeVerifier, codeChallenge, err := generatePKCEForAuthCode() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE: %w", err) - } - - state, err := generateStateForAuthCode() - if err != nil { - return nil, fmt.Errorf("failed to generate state: %w", err) - } - - // Step 2: Start callback server - fmt.Println("\nStarting callback server...") - redirectURI, resultChan, err := c.startAuthCodeCallbackServer(ctx, state) - if err != nil { - return nil, fmt.Errorf("failed to start callback server: %w", err) - } - log.Debugf("Callback server started, redirect URI: %s", redirectURI) - - // Step 3: Register client with auth code grant type - fmt.Println("Registering client...") - regResp, err := c.RegisterClientForAuthCode(ctx, redirectURI) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 4: Build authorization URL - scopes := "codewhisperer:completions,codewhisperer:analysis,codewhisperer:conversations" - authURL := fmt.Sprintf("%s/authorize?response_type=code&client_id=%s&redirect_uri=%s&scopes=%s&state=%s&code_challenge=%s&code_challenge_method=S256", - ssoOIDCEndpoint, - regResp.ClientID, - redirectURI, - scopes, - state, - codeChallenge, - ) - - // Step 5: Open browser - fmt.Println("\n════════════════════════════════════════════════════════════") - fmt.Println(" Opening browser for authentication...") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n URL: %s\n\n", authURL) - - // Set incognito mode - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - } else { - browser.SetIncognitoMode(true) - } - - if err := browser.OpenURL(authURL); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" ⚠ Could not open browser automatically.") - fmt.Println(" Please open the URL above in your browser manually.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - fmt.Println("\n Waiting for authorization callback...") - - // Step 6: Wait for callback - select { - case <-ctx.Done(): - _ = browser.CloseBrowser() - return nil, ctx.Err() - case <-time.After(10 * time.Minute): - _ = browser.CloseBrowser() - return nil, fmt.Errorf("authorization timed out") - case result := <-resultChan: - if result.Error != "" { - _ = browser.CloseBrowser() - return nil, fmt.Errorf("authorization failed: %s", result.Error) - } - - fmt.Println("\n✓ Authorization received!") - - // Close browser - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 7: Exchange code for tokens - fmt.Println("Exchanging code for tokens...") - tokenResp, err := c.CreateTokenWithAuthCode(ctx, regResp.ClientID, regResp.ClientSecret, result.Code, codeVerifier, redirectURI) - if err != nil { - return nil, fmt.Errorf("failed to exchange code for tokens: %w", err) - } - - fmt.Println("\n✓ Authentication successful!") - - // Step 8: Get profile ARN - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email (tries CodeWhisperer API first, then userinfo endpoint, then JWT parsing) - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - Region: defaultIDCRegion, - }, nil - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go deleted file mode 100644 index e886bf1085..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package kiro - -import ( - "context" - "io" - "net/http" - "strings" - "testing" -) - -type refreshRoundTripperFunc func(*http.Request) (*http.Response, error) - -func (f refreshRoundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} - -func testClientWithResponse(t *testing.T, status int, body string) *SSOOIDCClient { - t.Helper() - return &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: refreshRoundTripperFunc(func(req *http.Request) (*http.Response, error) { - return &http.Response{ - StatusCode: status, - Header: make(http.Header), - Body: io.NopCloser(strings.NewReader(body)), - Request: req, - }, nil - }), - }, - } -} - -func TestRefreshToken_PreservesOriginalRefreshTokenWhenMissing(t *testing.T) { - c := testClientWithResponse(t, http.StatusOK, `{"accessToken":"new-access","expiresIn":3600}`) - - got, err := c.RefreshToken(context.Background(), "cid", "secret", "original-refresh") - if err != nil { - t.Fatalf("RefreshToken error: %v", err) - } - if got.AccessToken != "new-access" { - t.Fatalf("AccessToken = %q, want %q", got.AccessToken, "new-access") - } - if got.RefreshToken != "original-refresh" { - t.Fatalf("RefreshToken = %q, want original refresh token fallback", got.RefreshToken) - } -} - -func TestRefreshTokenWithRegion_PreservesOriginalRefreshTokenWhenMissing(t *testing.T) { - c := testClientWithResponse(t, http.StatusOK, `{"accessToken":"new-access","expiresIn":3600}`) - - got, err := c.RefreshTokenWithRegion(context.Background(), "cid", "secret", "original-refresh", "us-east-1", "https://example.start") - if err != nil { - t.Fatalf("RefreshToken error: %v", err) - } - if got.AccessToken != "new-access" { - t.Fatalf("AccessToken = %q, want %q", got.AccessToken, "new-access") - } - if got.RefreshToken != "original-refresh" { - t.Fatalf("RefreshToken = %q, want original refresh token fallback", got.RefreshToken) - } -} - -func TestRefreshToken_ReturnsHelpfulErrorWithResponseBody(t *testing.T) { - c := testClientWithResponse(t, http.StatusUnauthorized, `{"error":"invalid_grant"}`) - - _, err := c.RefreshToken(context.Background(), "cid", "secret", "refresh") - if err == nil { - t.Fatalf("expected error") - } - msg := err.Error() - if !strings.Contains(msg, "status 401") || !strings.Contains(msg, "invalid_grant") { - t.Fatalf("unexpected error message: %q", msg) - } -} - -func TestRefreshTokenWithRegion_FailsOnMissingAccessToken(t *testing.T) { - c := testClientWithResponse(t, http.StatusOK, `{"refreshToken":"new-refresh","expiresIn":3600}`) - - _, err := c.RefreshTokenWithRegion(context.Background(), "cid", "secret", "refresh", "us-east-1", "https://example.start") - if err == nil { - t.Fatalf("expected error") - } - if !strings.Contains(err.Error(), "missing access token") { - t.Fatalf("unexpected error: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc_test.go deleted file mode 100644 index f08a332896..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/sso_oidc_test.go +++ /dev/null @@ -1,202 +0,0 @@ -package kiro - -import ( - "context" - "io" - "net/http" - "strings" - "testing" -) - -func TestRefreshToken_UsesSingleGrantTypeFieldAndExtensionHeaders(t *testing.T) { - t.Parallel() - - client := &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) { - body, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read body: %v", err) - } - bodyStr := string(body) - for _, token := range []string{ - `"grant_type":"refresh_token"`, - `"refreshToken":"rt-1"`, - `"refresh_token":"rt-1"`, - } { - if !strings.Contains(bodyStr, token) { - t.Fatalf("expected payload to contain %s, got %s", token, bodyStr) - } - } - if strings.Contains(bodyStr, `"grantType":"refresh_token"`) { - t.Fatalf("did not expect duplicate grantType field in payload, got %s", bodyStr) - } - - for key, want := range map[string]string{ - "Content-Type": "application/json", - "x-amz-user-agent": idcAmzUserAgent, - "User-Agent": "node", - "Connection": "keep-alive", - "Accept-Language": "*", - "sec-fetch-mode": "cors", - "X-PLATFORM": idcPlatform, - "X-PLATFORM-VERSION": idcDefaultVer, - "X-CLIENT-VERSION": idcDefaultVer, - "X-CLIENT-TYPE": idcClientType, - "X-CORE-VERSION": idcDefaultVer, - "X-IS-MULTIROOT": "false", - } { - if got := req.Header.Get(key); got != want { - t.Fatalf("header %s = %q, want %q", key, got, want) - } - } - - return &http.Response{ - StatusCode: http.StatusOK, - Body: io.NopCloser(strings.NewReader(`{"accessToken":"a","refreshToken":"b","expiresIn":3600}`)), - Header: make(http.Header), - }, nil - }), - }, - } - - got, err := client.RefreshToken(context.Background(), "cid", "sec", "rt-1") - if err != nil { - t.Fatalf("RefreshToken returned error: %v", err) - } - if got == nil || got.AccessToken != "a" { - t.Fatalf("unexpected token data: %#v", got) - } -} - -func TestRefreshTokenWithRegion_UsesRegionHostAndSingleGrantType(t *testing.T) { - t.Parallel() - - client := &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) { - body, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read body: %v", err) - } - bodyStr := string(body) - if !strings.Contains(bodyStr, `"grant_type":"refresh_token"`) { - t.Fatalf("expected grant_type in payload, got %s", bodyStr) - } - if strings.Contains(bodyStr, `"grantType":"refresh_token"`) { - t.Fatalf("did not expect duplicate grantType field in payload, got %s", bodyStr) - } - - if got := req.Header.Get("Host"); got != "oidc.eu-west-1.amazonaws.com" { - t.Fatalf("Host header = %q, want oidc.eu-west-1.amazonaws.com", got) - } - if got := req.Header.Get("X-PLATFORM"); got != idcPlatform { - t.Fatalf("X-PLATFORM = %q, want %q", got, idcPlatform) - } - if got := req.Header.Get("X-CLIENT-TYPE"); got != idcClientType { - t.Fatalf("X-CLIENT-TYPE = %q, want %q", got, idcClientType) - } - - return &http.Response{ - StatusCode: http.StatusOK, - Body: io.NopCloser(strings.NewReader(`{"accessToken":"a2","refreshToken":"b2","expiresIn":1800}`)), - Header: make(http.Header), - }, nil - }), - }, - } - - got, err := client.RefreshTokenWithRegion(context.Background(), "cid", "sec", "rt-2", "eu-west-1", "https://view.awsapps.com/start") - if err != nil { - t.Fatalf("RefreshTokenWithRegion returned error: %v", err) - } - if got == nil || got.AccessToken != "a2" { - t.Fatalf("unexpected token data: %#v", got) - } -} - -func TestRegisterClientWithRegion_RejectsInvalidRegion(t *testing.T) { - t.Parallel() - - client := &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) { - t.Fatalf("unexpected outbound request: %s", req.URL.String()) - return nil, nil - }), - }, - } - - _, err := client.RegisterClientWithRegion(context.Background(), "us-east-1\nmalicious") - if err == nil { - t.Fatalf("expected invalid region error") - } -} - -func TestStartDeviceAuthorizationWithIDC_RejectsInvalidRegion(t *testing.T) { - t.Parallel() - - client := &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) { - t.Fatalf("unexpected outbound request: %s", req.URL.String()) - return nil, nil - }), - }, - } - - _, err := client.StartDeviceAuthorizationWithIDC(context.Background(), "cid", "secret", "https://view.awsapps.com/start", "../../etc/passwd") - if err == nil { - t.Fatalf("expected invalid region error") - } -} - -func TestStartDeviceAuthorizationWithIDC_RejectsInvalidStartURL(t *testing.T) { - t.Parallel() - - client := &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) { - t.Fatalf("unexpected outbound request: %s", req.URL.String()) - return nil, nil - }), - }, - } - - _, err := client.StartDeviceAuthorizationWithIDC(context.Background(), "cid", "secret", "http://127.0.0.1/start", "us-east-1") - if err == nil { - t.Fatalf("expected invalid start URL error") - } -} - -func TestStartDeviceAuthorizationWithIDC_AcceptsValidStartURL(t *testing.T) { - t.Parallel() - - client := &SSOOIDCClient{ - httpClient: &http.Client{ - Transport: roundTripperFunc(func(req *http.Request) (*http.Response, error) { - if req.URL.String() != "https://oidc.us-east-1.amazonaws.com/device_authorization" { - t.Fatalf("unexpected request url: %s", req.URL.String()) - } - body, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read body: %v", err) - } - bodyStr := string(body) - if !strings.Contains(bodyStr, `"startUrl":"https://view.awsapps.com/start"`) { - t.Fatalf("request body does not contain startUrl: %s", bodyStr) - } - return &http.Response{ - StatusCode: http.StatusOK, - Body: io.NopCloser(strings.NewReader(`{"deviceCode":"device","userCode":"user","verificationUri":"https://view.awsapps.com/start","verificationUriComplete":"https://view.awsapps.com/start?user_code=user","expiresIn":1800,"interval":5}`)), - Header: make(http.Header), - }, nil - }), - }, - } - - _, err := client.StartDeviceAuthorizationWithIDC(context.Background(), "cid", "secret", "https://view.awsapps.com/start", "us-east-1") - if err != nil { - t.Fatalf("StartDeviceAuthorizationWithIDC returned error: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token.go deleted file mode 100644 index 5959ed779b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token.go +++ /dev/null @@ -1,201 +0,0 @@ -package kiro - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -// KiroTokenStorage holds the persistent token data for Kiro authentication. -type KiroTokenStorage struct { - // Type is the provider type for management UI recognition (must be "kiro") - Type string `json:"type"` - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // ProfileArn is the AWS CodeWhisperer profile ARN - ProfileArn string `json:"profile_arn"` - // ExpiresAt is the timestamp when the token expires - ExpiresAt string `json:"expires_at"` - // AuthMethod indicates the authentication method used - AuthMethod string `json:"auth_method"` - // Provider indicates the OAuth provider - Provider string `json:"provider"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` - // ClientID is the OAuth client ID (required for token refresh) - ClientID string `json:"client_id,omitempty"` - // ClientSecret is the OAuth client secret (required for token refresh) - ClientSecret string `json:"client_secret,omitempty"` - // Region is the AWS region - Region string `json:"region,omitempty"` - // StartURL is the AWS Identity Center start URL (for IDC auth) - StartURL string `json:"start_url,omitempty"` - // Email is the user's email address - Email string `json:"email,omitempty"` -} - -// SaveTokenToFile persists the token storage to the specified file path. -func (s *KiroTokenStorage) SaveTokenToFile(authFilePath string) error { - cleanPath, err := cleanTokenPath(authFilePath, "kiro token") - if err != nil { - return err - } - dir := filepath.Dir(cleanPath) - if err := os.MkdirAll(dir, 0700); err != nil { - return fmt.Errorf("failed to create directory: %w", err) - } - - data, err := json.MarshalIndent(s, "", " ") - if err != nil { - return fmt.Errorf("failed to marshal token storage: %w", err) - } - - if err := os.WriteFile(cleanPath, data, 0600); err != nil { - return fmt.Errorf("failed to write token file: %w", err) - } - - return nil -} - -func cleanTokenPath(path, scope string) (string, error) { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "", fmt.Errorf("%s: auth file path is empty", scope) - } - normalizedInput := filepath.FromSlash(trimmed) - safe, err := misc.ResolveSafeFilePath(normalizedInput) - if err != nil { - return "", fmt.Errorf("%s: auth file path is invalid", scope) - } - - baseDir, absPath, err := normalizePathWithinBase(safe) - if err != nil { - return "", fmt.Errorf("%s: auth file path is invalid", scope) - } - if err := denySymlinkPath(baseDir, absPath); err != nil { - return "", fmt.Errorf("%s: auth file path is invalid", scope) - } - return absPath, nil -} - -func normalizePathWithinBase(path string) (string, string, error) { - cleanPath := filepath.Clean(path) - if cleanPath == "." || cleanPath == ".." { - return "", "", fmt.Errorf("path is invalid") - } - - var ( - baseDir string - absPath string - err error - ) - - if filepath.IsAbs(cleanPath) { - absPath = filepath.Clean(cleanPath) - baseDir = filepath.Clean(filepath.Dir(absPath)) - } else { - baseDir, err = os.Getwd() - if err != nil { - return "", "", fmt.Errorf("resolve working directory: %w", err) - } - baseDir, err = filepath.Abs(baseDir) - if err != nil { - return "", "", fmt.Errorf("resolve base directory: %w", err) - } - absPath = filepath.Clean(filepath.Join(baseDir, cleanPath)) - } - - if !pathWithinBase(baseDir, absPath) { - return "", "", fmt.Errorf("path escapes base directory") - } - return filepath.Clean(baseDir), filepath.Clean(absPath), nil -} - -func pathWithinBase(baseDir, path string) bool { - rel, err := filepath.Rel(baseDir, path) - if err != nil { - return false - } - return rel == "." || (rel != ".." && !strings.HasPrefix(rel, ".."+string(os.PathSeparator))) -} - -func denySymlinkPath(baseDir, targetPath string) error { - if !pathWithinBase(baseDir, targetPath) { - return fmt.Errorf("path escapes base directory") - } - rel, err := filepath.Rel(baseDir, targetPath) - if err != nil { - return fmt.Errorf("resolve relative path: %w", err) - } - if rel == "." { - return nil - } - current := filepath.Clean(baseDir) - for _, component := range strings.Split(rel, string(os.PathSeparator)) { - if component == "" || component == "." { - continue - } - current = filepath.Join(current, component) - info, errStat := os.Lstat(current) - if errStat != nil { - if os.IsNotExist(errStat) { - return nil - } - return fmt.Errorf("stat path: %w", errStat) - } - if info.Mode()&os.ModeSymlink != 0 { - return fmt.Errorf("symlink is not allowed in auth file path") - } - } - return nil -} - -func cleanAuthPath(path string) (string, error) { - abs, err := filepath.Abs(path) - if err != nil { - return "", fmt.Errorf("resolve auth file path: %w", err) - } - return filepath.Clean(abs), nil -} - -// LoadFromFile loads token storage from the specified file path. -func LoadFromFile(authFilePath string) (*KiroTokenStorage, error) { - cleanPath, err := cleanTokenPath(authFilePath, "kiro token") - if err != nil { - return nil, err - } - data, err := os.ReadFile(cleanPath) - if err != nil { - return nil, fmt.Errorf("failed to read token file: %w", err) - } - - var storage KiroTokenStorage - if err := json.Unmarshal(data, &storage); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - return &storage, nil -} - -// ToTokenData converts storage to KiroTokenData for API use. -func (s *KiroTokenStorage) ToTokenData() *KiroTokenData { - return &KiroTokenData{ - AccessToken: s.AccessToken, - RefreshToken: s.RefreshToken, - ProfileArn: s.ProfileArn, - ExpiresAt: s.ExpiresAt, - AuthMethod: s.AuthMethod, - Provider: s.Provider, - ClientID: s.ClientID, - ClientSecret: s.ClientSecret, - Region: s.Region, - StartURL: s.StartURL, - Email: s.Email, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_extra_test.go deleted file mode 100644 index 32bd04e20f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_extra_test.go +++ /dev/null @@ -1,67 +0,0 @@ -package kiro - -import ( - "os" - "path/filepath" - "strings" - "testing" -) - -func TestKiroTokenStorage_SaveAndLoad(t *testing.T) { - tempDir := t.TempDir() - path := filepath.Join(tempDir, "kiro-token.json") - - ts := &KiroTokenStorage{ - Type: "kiro", - AccessToken: "access", - Email: "test@example.com", - } - - if err := ts.SaveTokenToFile(path); err != nil { - t.Fatalf("SaveTokenToFile failed: %v", err) - } - - loaded, err := LoadFromFile(path) - if err != nil { - t.Fatalf("LoadFromFile failed: %v", err) - } - - if loaded.AccessToken != ts.AccessToken || loaded.Email != ts.Email { - t.Errorf("loaded data mismatch: %+v", loaded) - } - - // Test ToTokenData - td := ts.ToTokenData() - if td.AccessToken != ts.AccessToken || td.Email != ts.Email { - t.Errorf("ToTokenData failed: %+v", td) - } -} - -func TestLoadFromFile_Errors(t *testing.T) { - _, err := LoadFromFile("non-existent") - if err == nil { - t.Error("expected error for non-existent file") - } - - tempFile, _ := os.CreateTemp("", "invalid-json") - defer func() { _ = os.Remove(tempFile.Name()) }() - _ = os.WriteFile(tempFile.Name(), []byte("invalid"), 0600) - - _, err = LoadFromFile(tempFile.Name()) - if err == nil { - t.Error("expected error for invalid JSON") - } -} - -func TestKiroTokenStorageSaveTokenToFileRejectsTraversalPath(t *testing.T) { - t.Parallel() - - ts := &KiroTokenStorage{Type: "kiro", AccessToken: "token"} - err := ts.SaveTokenToFile("../kiro-token.json") - if err == nil { - t.Fatal("expected error for traversal path") - } - if !strings.Contains(err.Error(), "auth file path is invalid") { - t.Fatalf("expected invalid path error, got %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_repository.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_repository.go deleted file mode 100644 index 469e3b12a7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_repository.go +++ /dev/null @@ -1,271 +0,0 @@ -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io/fs" - "os" - "path/filepath" - "sort" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -func readStringMetadata(metadata map[string]any, keys ...string) string { - for _, key := range keys { - if value, ok := metadata[key].(string); ok { - trimmed := strings.TrimSpace(value) - if trimmed != "" { - return trimmed - } - } - } - return "" -} - -// FileTokenRepository 实现 TokenRepository 接口,基于文件系统存储 -type FileTokenRepository struct { - mu sync.RWMutex - baseDir string -} - -// NewFileTokenRepository 创建一个新的文件 token 存储库 -func NewFileTokenRepository(baseDir string) *FileTokenRepository { - return &FileTokenRepository{ - baseDir: baseDir, - } -} - -// SetBaseDir 设置基础目录 -func (r *FileTokenRepository) SetBaseDir(dir string) { - r.mu.Lock() - r.baseDir = strings.TrimSpace(dir) - r.mu.Unlock() -} - -// FindOldestUnverified 查找需要刷新的 token(按最后验证时间排序) -func (r *FileTokenRepository) FindOldestUnverified(limit int) []*Token { - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - log.Debug("token repository: base directory not configured") - return nil - } - - var tokens []*Token - - err := filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return nil // 忽略错误,继续遍历 - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - - // 只处理 kiro 相关的 token 文件 - if !strings.HasPrefix(d.Name(), "kiro-") { - return nil - } - - token, err := r.readTokenFile(path) - if err != nil { - log.Debugf("token repository: failed to read token file %s: %v", path, err) - return nil - } - - if token != nil && token.RefreshToken != "" { - // 检查 token 是否需要刷新(过期前 5 分钟) - if token.ExpiresAt.IsZero() || time.Until(token.ExpiresAt) < 5*time.Minute { - tokens = append(tokens, token) - } - } - - return nil - }) - - if err != nil { - log.Warnf("token repository: error walking directory: %v", err) - } - - // 按最后验证时间排序(最旧的优先) - sort.Slice(tokens, func(i, j int) bool { - return tokens[i].LastVerified.Before(tokens[j].LastVerified) - }) - - // 限制返回数量 - if limit > 0 && len(tokens) > limit { - tokens = tokens[:limit] - } - - return tokens -} - -// UpdateToken 更新 token 并持久化到文件 -func (r *FileTokenRepository) UpdateToken(token *Token) error { - if token == nil { - return fmt.Errorf("token repository: token is nil") - } - - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - return fmt.Errorf("token repository: base directory not configured") - } - - // 构建文件路径 - filePath := filepath.Join(baseDir, token.ID) - if !strings.HasSuffix(filePath, ".json") { - filePath += ".json" - } - - // 读取现有文件内容 - existingData := make(map[string]any) - if data, err := os.ReadFile(filePath); err == nil { - _ = json.Unmarshal(data, &existingData) - } - - // 更新字段 - existingData["access_token"] = token.AccessToken - existingData["refresh_token"] = token.RefreshToken - existingData["last_refresh"] = time.Now().Format(time.RFC3339) - - if !token.ExpiresAt.IsZero() { - existingData["expires_at"] = token.ExpiresAt.Format(time.RFC3339) - } - - // 保持原有的关键字段 - if token.ClientID != "" { - existingData["client_id"] = token.ClientID - } - if token.ClientSecret != "" { - existingData["client_secret"] = token.ClientSecret - } - if token.AuthMethod != "" { - existingData["auth_method"] = token.AuthMethod - } - if token.Region != "" { - existingData["region"] = token.Region - } - if token.StartURL != "" { - existingData["start_url"] = token.StartURL - } - - // 序列化并写入文件 - raw, err := json.MarshalIndent(existingData, "", " ") - if err != nil { - return fmt.Errorf("token repository: marshal failed: %w", err) - } - - // 原子写入:先写入临时文件,再重命名 - tmpPath := filePath + ".tmp" - if err := os.WriteFile(tmpPath, raw, 0o600); err != nil { - return fmt.Errorf("token repository: write temp file failed: %w", err) - } - if err := os.Rename(tmpPath, filePath); err != nil { - _ = os.Remove(tmpPath) - return fmt.Errorf("token repository: rename failed: %w", err) - } - - log.Debugf("token repository: updated token %s", token.ID) - return nil -} - -// readTokenFile 从文件读取 token -func (r *FileTokenRepository) readTokenFile(path string) (*Token, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, err - } - - var metadata map[string]any - if err := json.Unmarshal(data, &metadata); err != nil { - return nil, err - } - - // 检查是否是 kiro token - tokenType, _ := metadata["type"].(string) - if tokenType != "kiro" { - return nil, nil - } - - // 检查 auth_method (case-insensitive comparison to handle "IdC", "IDC", "idc", etc.) - authMethod := strings.ToLower(readStringMetadata(metadata, "auth_method", "authMethod")) - if authMethod != "idc" && authMethod != "builder-id" { - return nil, nil // 只处理 IDC 和 Builder ID token - } - - token := &Token{ - ID: filepath.Base(path), - AuthMethod: authMethod, - } - - // 解析各字段 - token.AccessToken = readStringMetadata(metadata, "access_token", "accessToken") - token.RefreshToken = readStringMetadata(metadata, "refresh_token", "refreshToken") - token.ClientID = readStringMetadata(metadata, "client_id", "clientId") - token.ClientSecret = readStringMetadata(metadata, "client_secret", "clientSecret") - token.Region = readStringMetadata(metadata, "region") - token.StartURL = readStringMetadata(metadata, "start_url", "startUrl") - token.Provider = readStringMetadata(metadata, "provider") - - // 解析时间字段 - if v := readStringMetadata(metadata, "expires_at", "expiresAt"); v != "" { - if t, err := time.Parse(time.RFC3339, v); err == nil { - token.ExpiresAt = t - } - } - if v, ok := metadata["last_refresh"].(string); ok { - if t, err := time.Parse(time.RFC3339, v); err == nil { - token.LastVerified = t - } - } - - return token, nil -} - -// ListKiroTokens 列出所有 Kiro token(用于调试) -func (r *FileTokenRepository) ListKiroTokens(ctx context.Context) ([]*Token, error) { - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - return nil, fmt.Errorf("token repository: base directory not configured") - } - - var tokens []*Token - - err := filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return nil - } - if d.IsDir() { - return nil - } - if !strings.HasPrefix(d.Name(), "kiro-") || !strings.HasSuffix(d.Name(), ".json") { - return nil - } - - token, err := r.readTokenFile(path) - if err != nil { - return nil - } - if token != nil { - tokens = append(tokens, token) - } - return nil - }) - - return tokens, err -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_repository_camelcase_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_repository_camelcase_test.go deleted file mode 100644 index 449631be33..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/token_repository_camelcase_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package kiro - -import ( - "os" - "path/filepath" - "testing" -) - -func TestReadTokenFile_AcceptsCamelCaseFields(t *testing.T) { - baseDir := t.TempDir() - tokenPath := filepath.Join(baseDir, "kiro-enterprise.json") - content := `{ - "type": "kiro", - "authMethod": "idc", - "accessToken": "at", - "refreshToken": "rt", - "clientId": "cid", - "clientSecret": "csecret", - "startUrl": "https://view.awsapps.com/start", - "region": "us-east-1", - "expiresAt": "2099-01-01T00:00:00Z" -}` - if err := os.WriteFile(tokenPath, []byte(content), 0o600); err != nil { - t.Fatalf("write token file: %v", err) - } - - repo := NewFileTokenRepository(baseDir) - token, err := repo.readTokenFile(tokenPath) - if err != nil { - t.Fatalf("readTokenFile() error = %v", err) - } - if token == nil { - t.Fatal("readTokenFile() returned nil token") - } - if token.AuthMethod != "idc" { - t.Fatalf("AuthMethod = %q, want %q", token.AuthMethod, "idc") - } - if token.ClientID != "cid" { - t.Fatalf("ClientID = %q, want %q", token.ClientID, "cid") - } - if token.ClientSecret != "csecret" { - t.Fatalf("ClientSecret = %q, want %q", token.ClientSecret, "csecret") - } - if token.StartURL != "https://view.awsapps.com/start" { - t.Fatalf("StartURL = %q, want expected start URL", token.StartURL) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/usage_checker.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/usage_checker.go deleted file mode 100644 index 0bca98af7f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/kiro/usage_checker.go +++ /dev/null @@ -1,243 +0,0 @@ -// Package kiro provides authentication functionality for AWS CodeWhisperer (Kiro) API. -// This file implements usage quota checking and monitoring. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -) - -// UsageQuotaResponse represents the API response structure for usage quota checking. -type UsageQuotaResponse struct { - UsageBreakdownList []UsageBreakdownExtended `json:"usageBreakdownList"` - SubscriptionInfo *SubscriptionInfo `json:"subscriptionInfo,omitempty"` - NextDateReset float64 `json:"nextDateReset,omitempty"` -} - -// UsageBreakdownExtended represents detailed usage information for quota checking. -// Note: UsageBreakdown is already defined in codewhisperer_client.go -type UsageBreakdownExtended struct { - ResourceType string `json:"resourceType"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` - FreeTrialInfo *FreeTrialInfoExtended `json:"freeTrialInfo,omitempty"` -} - -// FreeTrialInfoExtended represents free trial usage information. -type FreeTrialInfoExtended struct { - FreeTrialStatus string `json:"freeTrialStatus"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` -} - -// QuotaStatus represents the quota status for a token. -type QuotaStatus struct { - TotalLimit float64 - CurrentUsage float64 - RemainingQuota float64 - IsExhausted bool - ResourceType string - NextReset time.Time -} - -// UsageChecker provides methods for checking token quota usage. -type UsageChecker struct { - httpClient *http.Client - endpoint string -} - -// NewUsageChecker creates a new UsageChecker instance. -func NewUsageChecker(cfg *config.Config) *UsageChecker { - return &UsageChecker{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 30 * time.Second}), - endpoint: awsKiroEndpoint, - } -} - -// NewUsageCheckerWithClient creates a UsageChecker with a custom HTTP client. -func NewUsageCheckerWithClient(client *http.Client) *UsageChecker { - return &UsageChecker{ - httpClient: client, - endpoint: awsKiroEndpoint, - } -} - -// CheckUsage retrieves usage limits for the given token. -func (c *UsageChecker) CheckUsage(ctx context.Context, tokenData *KiroTokenData) (*UsageQuotaResponse, error) { - if tokenData == nil { - return nil, fmt.Errorf("token data is nil") - } - - if tokenData.AccessToken == "" { - return nil, fmt.Errorf("access token is empty") - } - - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - "resourceType": "AGENTIC_REQUEST", - } - - jsonBody, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.endpoint, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", targetGetUsage) - req.Header.Set("Authorization", "Bearer "+tokenData.AccessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body)) - } - - var result UsageQuotaResponse - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse usage response: %w", err) - } - - return &result, nil -} - -// CheckUsageByAccessToken retrieves usage limits using an access token and profile ARN directly. -func (c *UsageChecker) CheckUsageByAccessToken(ctx context.Context, accessToken, profileArn string) (*UsageQuotaResponse, error) { - tokenData := &KiroTokenData{ - AccessToken: accessToken, - ProfileArn: profileArn, - } - return c.CheckUsage(ctx, tokenData) -} - -// GetRemainingQuota calculates the remaining quota from usage limits. -func GetRemainingQuota(usage *UsageQuotaResponse) float64 { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return 0 - } - - var totalRemaining float64 - for _, breakdown := range usage.UsageBreakdownList { - remaining := breakdown.UsageLimitWithPrecision - breakdown.CurrentUsageWithPrecision - if remaining > 0 { - totalRemaining += remaining - } - - if breakdown.FreeTrialInfo != nil { - freeRemaining := breakdown.FreeTrialInfo.UsageLimitWithPrecision - breakdown.FreeTrialInfo.CurrentUsageWithPrecision - if freeRemaining > 0 { - totalRemaining += freeRemaining - } - } - } - - return totalRemaining -} - -// IsQuotaExhausted checks if the quota is exhausted based on usage limits. -func IsQuotaExhausted(usage *UsageQuotaResponse) bool { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return true - } - - for _, breakdown := range usage.UsageBreakdownList { - if breakdown.CurrentUsageWithPrecision < breakdown.UsageLimitWithPrecision { - return false - } - - if breakdown.FreeTrialInfo != nil { - if breakdown.FreeTrialInfo.CurrentUsageWithPrecision < breakdown.FreeTrialInfo.UsageLimitWithPrecision { - return false - } - } - } - - return true -} - -// GetQuotaStatus retrieves a comprehensive quota status for a token. -func (c *UsageChecker) GetQuotaStatus(ctx context.Context, tokenData *KiroTokenData) (*QuotaStatus, error) { - usage, err := c.CheckUsage(ctx, tokenData) - if err != nil { - return nil, err - } - - status := &QuotaStatus{ - IsExhausted: IsQuotaExhausted(usage), - } - - if len(usage.UsageBreakdownList) > 0 { - breakdown := usage.UsageBreakdownList[0] - status.TotalLimit = breakdown.UsageLimitWithPrecision - status.CurrentUsage = breakdown.CurrentUsageWithPrecision - status.RemainingQuota = breakdown.UsageLimitWithPrecision - breakdown.CurrentUsageWithPrecision - status.ResourceType = breakdown.ResourceType - - if breakdown.FreeTrialInfo != nil { - status.TotalLimit += breakdown.FreeTrialInfo.UsageLimitWithPrecision - status.CurrentUsage += breakdown.FreeTrialInfo.CurrentUsageWithPrecision - freeRemaining := breakdown.FreeTrialInfo.UsageLimitWithPrecision - breakdown.FreeTrialInfo.CurrentUsageWithPrecision - if freeRemaining > 0 { - status.RemainingQuota += freeRemaining - } - } - } - - if usage.NextDateReset > 0 { - status.NextReset = time.Unix(int64(usage.NextDateReset/1000), 0) - } - - return status, nil -} - -// CalculateAvailableCount calculates the available request count based on usage limits. -func CalculateAvailableCount(usage *UsageQuotaResponse) float64 { - return GetRemainingQuota(usage) -} - -// GetUsagePercentage calculates the usage percentage. -func GetUsagePercentage(usage *UsageQuotaResponse) float64 { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return 100.0 - } - - var totalLimit, totalUsage float64 - for _, breakdown := range usage.UsageBreakdownList { - totalLimit += breakdown.UsageLimitWithPrecision - totalUsage += breakdown.CurrentUsageWithPrecision - - if breakdown.FreeTrialInfo != nil { - totalLimit += breakdown.FreeTrialInfo.UsageLimitWithPrecision - totalUsage += breakdown.FreeTrialInfo.CurrentUsageWithPrecision - } - } - - if totalLimit == 0 { - return 100.0 - } - - return (totalUsage / totalLimit) * 100 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/models.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/models.go deleted file mode 100644 index 81a4aad2b2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/models.go +++ /dev/null @@ -1,17 +0,0 @@ -// Package auth provides authentication functionality for various AI service providers. -// It includes interfaces and implementations for token storage and authentication methods. -package auth - -// TokenStorage defines the interface for storing authentication tokens. -// Implementations of this interface should provide methods to persist -// authentication tokens to a file system location. -type TokenStorage interface { - // SaveTokenToFile persists authentication tokens to the specified file path. - // - // Parameters: - // - authFilePath: The file path where the authentication tokens should be saved - // - // Returns: - // - error: An error if the save operation fails, nil otherwise - SaveTokenToFile(authFilePath string) error -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_token_manager.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_token_manager.go deleted file mode 100644 index 16fd8ef2cd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_token_manager.go +++ /dev/null @@ -1,81 +0,0 @@ -// Package auth provides authentication helpers for CLIProxy. -// oauth_token_manager.go manages OAuth token lifecycle (store/retrieve/auto-refresh). -// -// Ported from thegent OAuth lifecycle management. -package auth - -import ( - "context" - "fmt" - "sync" - "time" -) - -// tokenRefreshLeadTime refreshes a token this long before its recorded expiry. -const tokenRefreshLeadTime = 30 * time.Second - -// OAuthTokenManager stores OAuth tokens per provider and automatically refreshes -// expired tokens via the configured OAuthProvider. -// -// Thread-safe: uses RWMutex for concurrent reads and exclusive writes. -type OAuthTokenManager struct { - store map[string]*Token - mu sync.RWMutex - provider OAuthProvider -} - -// NewOAuthTokenManager returns a new OAuthTokenManager. -// provider may be nil when auto-refresh is not required. -func NewOAuthTokenManager(provider OAuthProvider) *OAuthTokenManager { - return &OAuthTokenManager{ - store: make(map[string]*Token), - provider: provider, - } -} - -// StoreToken stores a token for the given provider key, replacing any existing token. -func (m *OAuthTokenManager) StoreToken(_ context.Context, providerKey string, token *Token) error { - m.mu.Lock() - defer m.mu.Unlock() - m.store[providerKey] = token - return nil -} - -// GetToken retrieves the token for the given provider key. -// If the token is expired and a provider is configured, it is refreshed automatically -// before being returned. The refreshed token is persisted in the store. -func (m *OAuthTokenManager) GetToken(ctx context.Context, providerKey string) (*Token, error) { - m.mu.RLock() - token, exists := m.store[providerKey] - m.mu.RUnlock() - - if !exists { - return nil, fmt.Errorf("token not found for provider: %s", providerKey) - } - - // Check expiry with lead time to pre-emptively refresh before clock edge. - if time.Now().Add(tokenRefreshLeadTime).After(token.ExpiresAt) { - if m.provider == nil { - return nil, fmt.Errorf("token expired for provider %s and no OAuthProvider configured for refresh", providerKey) - } - - newAccessToken, err := m.provider.RefreshToken(ctx, token.RefreshToken) - if err != nil { - return nil, fmt.Errorf("token refresh failed for provider %s: %w", providerKey, err) - } - - refreshed := &Token{ - AccessToken: newAccessToken, - RefreshToken: token.RefreshToken, - ExpiresAt: time.Now().Add(time.Hour), - } - - m.mu.Lock() - m.store[providerKey] = refreshed - m.mu.Unlock() - - return refreshed, nil - } - - return token, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_token_manager_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_token_manager_test.go deleted file mode 100644 index 6304b929a9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_token_manager_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package auth - -import ( - "context" - "testing" - "time" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// MockOAuthProvider is a test double for OAuthProvider. -type MockOAuthProvider struct { - RefreshTokenFn func(ctx context.Context, refreshToken string) (string, error) -} - -func (m *MockOAuthProvider) RefreshToken(ctx context.Context, refreshToken string) (string, error) { - return m.RefreshTokenFn(ctx, refreshToken) -} - -// TestOAuthTokenManagerStoresAndRetrievesToken verifies basic store/retrieve round-trip. -// @trace FR-AUTH-001 -func TestOAuthTokenManagerStoresAndRetrievesToken(t *testing.T) { - mgr := NewOAuthTokenManager(nil) - - token := &Token{ - AccessToken: "access_token", - RefreshToken: "refresh_token", - ExpiresAt: time.Now().Add(time.Hour), - } - - err := mgr.StoreToken(context.Background(), "provider", token) - require.NoError(t, err) - - retrieved, err := mgr.GetToken(context.Background(), "provider") - require.NoError(t, err) - assert.Equal(t, token.AccessToken, retrieved.AccessToken) -} - -// TestOAuthTokenManagerRefreshesExpiredToken verifies that an expired token triggers -// auto-refresh via the configured OAuthProvider. -// @trace FR-AUTH-001 FR-AUTH-002 -func TestOAuthTokenManagerRefreshesExpiredToken(t *testing.T) { - mockProvider := &MockOAuthProvider{ - RefreshTokenFn: func(_ context.Context, _ string) (string, error) { - return "new_access_token_xyz", nil - }, - } - - mgr := NewOAuthTokenManager(mockProvider) - - err := mgr.StoreToken(context.Background(), "provider", &Token{ - AccessToken: "old_token", - RefreshToken: "refresh_token", - ExpiresAt: time.Now().Add(-time.Hour), // Already expired. - }) - require.NoError(t, err) - - token, err := mgr.GetToken(context.Background(), "provider") - require.NoError(t, err) - assert.Equal(t, "new_access_token_xyz", token.AccessToken) -} - -// TestOAuthTokenManagerReturnsErrorForMissingProvider verifies error on unknown provider key. -// @trace FR-AUTH-001 -func TestOAuthTokenManagerReturnsErrorForMissingProvider(t *testing.T) { - mgr := NewOAuthTokenManager(nil) - - _, err := mgr.GetToken(context.Background(), "nonexistent") - assert.ErrorContains(t, err, "token not found") -} - -// TestOAuthTokenManagerErrorsWhenExpiredWithNoProvider verifies that GetToken fails -// loudly when a token is expired and no provider is configured to refresh it. -// @trace FR-AUTH-002 -func TestOAuthTokenManagerErrorsWhenExpiredWithNoProvider(t *testing.T) { - mgr := NewOAuthTokenManager(nil) // No provider. - - err := mgr.StoreToken(context.Background(), "provider", &Token{ - AccessToken: "old_token", - RefreshToken: "refresh_token", - ExpiresAt: time.Now().Add(-time.Hour), // Expired. - }) - require.NoError(t, err) - - _, err = mgr.GetToken(context.Background(), "provider") - assert.Error(t, err) - assert.ErrorContains(t, err, "no OAuthProvider configured") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_types.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_types.go deleted file mode 100644 index c864a1a46e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/oauth_types.go +++ /dev/null @@ -1,26 +0,0 @@ -// Package auth provides authentication helpers for CLIProxy. -// oauth_types.go defines types for OAuth token management. -package auth - -import ( - "context" - "time" -) - -// Token holds an OAuth access/refresh token pair with an expiration time. -type Token struct { - AccessToken string - RefreshToken string - ExpiresAt time.Time -} - -// IsExpired returns true when the token's expiry has passed. -func (t *Token) IsExpired() bool { - return time.Now().After(t.ExpiresAt) -} - -// OAuthProvider is the interface implemented by concrete OAuth providers. -// RefreshToken exchanges a refresh token for a new access token. -type OAuthProvider interface { - RefreshToken(ctx context.Context, refreshToken string) (string, error) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_auth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_auth.go deleted file mode 100644 index f84a3ad1eb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_auth.go +++ /dev/null @@ -1,369 +0,0 @@ -package qwen - -import ( - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -const ( - // QwenOAuthDeviceCodeEndpoint is the URL for initiating the OAuth 2.0 device authorization flow. - QwenOAuthDeviceCodeEndpoint = "https://chat.qwen.ai/api/v1/oauth2/device/code" - // QwenOAuthTokenEndpoint is the URL for exchanging device codes or refresh tokens for access tokens. - QwenOAuthTokenEndpoint = "https://chat.qwen.ai/api/v1/oauth2/token" - // QwenOAuthClientID is the client identifier for the Qwen OAuth 2.0 application. - QwenOAuthClientID = "f0304373b74a44d2b584a3fb70ca9e56" - // QwenOAuthScope defines the permissions requested by the application. - QwenOAuthScope = "openid profile email model.completion" - // QwenOAuthGrantType specifies the grant type for the device code flow. - QwenOAuthGrantType = "urn:ietf:params:oauth:grant-type:device_code" -) - -// QwenTokenData represents the OAuth credentials, including access and refresh tokens. -type QwenTokenData struct { - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain a new access token when the current one expires. - RefreshToken string `json:"refresh_token,omitempty"` - // TokenType indicates the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ResourceURL specifies the base URL of the resource server. - ResourceURL string `json:"resource_url,omitempty"` - // Expire indicates the expiration date and time of the access token. - Expire string `json:"expiry_date,omitempty"` -} - -// DeviceFlow represents the response from the device authorization endpoint. -type DeviceFlow struct { - // DeviceCode is the code that the client uses to poll for an access token. - DeviceCode string `json:"device_code"` - // UserCode is the code that the user enters at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user can enter the user code to authorize the device. - VerificationURI string `json:"verification_uri"` - // VerificationURIComplete is a URI that includes the user_code, which can be used to automatically - // fill in the code on the verification page. - VerificationURIComplete string `json:"verification_uri_complete"` - // ExpiresIn is the time in seconds until the device_code and user_code expire. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum time in seconds that the client should wait between polling requests. - Interval int `json:"interval"` - // CodeVerifier is the cryptographically random string used in the PKCE flow. - CodeVerifier string `json:"code_verifier"` -} - -// QwenTokenResponse represents the successful token response from the token endpoint. -type QwenTokenResponse struct { - // AccessToken is the token used to access protected resources. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain a new access token. - RefreshToken string `json:"refresh_token,omitempty"` - // TokenType indicates the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ResourceURL specifies the base URL of the resource server. - ResourceURL string `json:"resource_url,omitempty"` - // ExpiresIn is the time in seconds until the access token expires. - ExpiresIn int `json:"expires_in"` -} - -// QwenAuth manages authentication and token handling for the Qwen API. -type QwenAuth struct { - httpClient *http.Client -} - -// NewQwenAuth creates a new QwenAuth instance with a proxy-configured HTTP client. -func NewQwenAuth(cfg *config.Config, httpClient *http.Client) *QwenAuth { - if httpClient != nil { - return &QwenAuth{httpClient: httpClient} - } - return &QwenAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// generateCodeVerifier generates a cryptographically random string for the PKCE code verifier. -func (qa *QwenAuth) generateCodeVerifier() (string, error) { - bytes := make([]byte, 32) - if _, err := rand.Read(bytes); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a SHA-256 hash of the code verifier, used as the PKCE code challenge. -func (qa *QwenAuth) generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.RawURLEncoding.EncodeToString(hash[:]) -} - -// generatePKCEPair creates a new code verifier and its corresponding code challenge for PKCE. -func (qa *QwenAuth) generatePKCEPair() (string, string, error) { - codeVerifier, err := qa.generateCodeVerifier() - if err != nil { - return "", "", err - } - codeChallenge := qa.generateCodeChallenge(codeVerifier) - return codeVerifier, codeChallenge, nil -} - -// RefreshTokens exchanges a refresh token for a new access token. -func (qa *QwenAuth) RefreshTokens(ctx context.Context, refreshToken string) (*QwenTokenData, error) { - data := url.Values{} - data.Set("grant_type", "refresh_token") - data.Set("refresh_token", refreshToken) - data.Set("client_id", QwenOAuthClientID) - - req, err := http.NewRequestWithContext(ctx, "POST", QwenOAuthTokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - - // resp, err := qa.httpClient.PostForm(QwenOAuthTokenEndpoint, data) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %w", err) - } - - if resp.StatusCode != http.StatusOK { - var errorData map[string]interface{} - if err = json.Unmarshal(body, &errorData); err == nil { - return nil, fmt.Errorf("token refresh failed: %v - %v", errorData["error"], errorData["error_description"]) - } - return nil, fmt.Errorf("token refresh failed: %s", string(body)) - } - - var tokenData QwenTokenResponse - if err = json.Unmarshal(body, &tokenData); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - return &QwenTokenData{ - AccessToken: tokenData.AccessToken, - TokenType: tokenData.TokenType, - RefreshToken: tokenData.RefreshToken, - ResourceURL: tokenData.ResourceURL, - Expire: time.Now().Add(time.Duration(tokenData.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// InitiateDeviceFlow starts the OAuth 2.0 device authorization flow and returns the device flow details. -func (qa *QwenAuth) InitiateDeviceFlow(ctx context.Context) (*DeviceFlow, error) { - // Generate PKCE code verifier and challenge - codeVerifier, codeChallenge, err := qa.generatePKCEPair() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE pair: %w", err) - } - - data := url.Values{} - data.Set("client_id", QwenOAuthClientID) - data.Set("scope", QwenOAuthScope) - data.Set("code_challenge", codeChallenge) - data.Set("code_challenge_method", "S256") - - req, err := http.NewRequestWithContext(ctx, "POST", QwenOAuthDeviceCodeEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - - // resp, err := qa.httpClient.PostForm(QwenOAuthDeviceCodeEndpoint, data) - if err != nil { - return nil, fmt.Errorf("device authorization request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("device authorization failed: %d %s. Response: %s", resp.StatusCode, resp.Status, string(body)) - } - - var result DeviceFlow - if err = json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse device flow response: %w", err) - } - - // Check if the response indicates success - if result.DeviceCode == "" { - return nil, fmt.Errorf("device authorization failed: device_code not found in response") - } - - // Add the code_verifier to the result so it can be used later for polling - result.CodeVerifier = codeVerifier - - return &result, nil -} - -// PollForToken polls the token endpoint with the device code to obtain an access token. -func (qa *QwenAuth) PollForToken(deviceCode, codeVerifier string) (*QwenTokenData, error) { - pollInterval := 5 * time.Second - maxAttempts := 60 // 5 minutes max - - for attempt := 0; attempt < maxAttempts; attempt++ { - data := url.Values{} - data.Set("grant_type", QwenOAuthGrantType) - data.Set("client_id", QwenOAuthClientID) - data.Set("device_code", deviceCode) - data.Set("code_verifier", codeVerifier) - - req, err := http.NewRequest(http.MethodPost, QwenOAuthTokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - if err != nil { - fmt.Printf("Polling attempt %d/%d failed: %v\n", attempt+1, maxAttempts, err) - time.Sleep(pollInterval) - continue - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - fmt.Printf("Polling attempt %d/%d failed: %v\n", attempt+1, maxAttempts, err) - time.Sleep(pollInterval) - continue - } - - if resp.StatusCode != http.StatusOK { - // Parse the response as JSON to check for OAuth RFC 8628 standard errors - var errorData map[string]interface{} - if err = json.Unmarshal(body, &errorData); err == nil { - // According to OAuth RFC 8628, handle standard polling responses - if resp.StatusCode == http.StatusBadRequest { - errorType, _ := errorData["error"].(string) - switch errorType { - case "authorization_pending": - // User has not yet approved the authorization request. Continue polling. - fmt.Printf("Polling attempt %d/%d...\n\n", attempt+1, maxAttempts) - time.Sleep(pollInterval) - continue - case "slow_down": - // Client is polling too frequently. Increase poll interval. - pollInterval = time.Duration(float64(pollInterval) * 1.5) - if pollInterval > 10*time.Second { - pollInterval = 10 * time.Second - } - fmt.Printf("Server requested to slow down, increasing poll interval to %v\n\n", pollInterval) - time.Sleep(pollInterval) - continue - case "expired_token": - return nil, fmt.Errorf("device code expired. Please restart the authentication process") - case "access_denied": - return nil, fmt.Errorf("authorization denied by user. Please restart the authentication process") - } - } - - // For other errors, return with proper error information - errorType, _ := errorData["error"].(string) - errorDesc, _ := errorData["error_description"].(string) - return nil, fmt.Errorf("device token poll failed: %s - %s", errorType, errorDesc) - } - - // If JSON parsing fails, fall back to text response - return nil, fmt.Errorf("device token poll failed: %d %s. Response: %s", resp.StatusCode, resp.Status, string(body)) - } - // log.Debugf("%s", string(body)) - // Success - parse token data - var response QwenTokenResponse - if err = json.Unmarshal(body, &response); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Convert to QwenTokenData format and save - tokenData := &QwenTokenData{ - AccessToken: response.AccessToken, - RefreshToken: response.RefreshToken, - TokenType: response.TokenType, - ResourceURL: response.ResourceURL, - Expire: time.Now().Add(time.Duration(response.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - return tokenData, nil - } - - return nil, fmt.Errorf("authentication timeout. Please restart the authentication process") -} - -// RefreshTokensWithRetry attempts to refresh tokens with a specified number of retries upon failure. -func (o *QwenAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*QwenTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// CreateTokenStorage creates a QwenTokenStorage object from a QwenTokenData object. -func (o *QwenAuth) CreateTokenStorage(tokenData *QwenTokenData) *QwenTokenStorage { - storage := &QwenTokenStorage{ - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - LastRefresh: time.Now().Format(time.RFC3339), - ResourceURL: tokenData.ResourceURL, - Expire: tokenData.Expire, - } - - return storage -} - -// UpdateTokenStorage updates an existing token storage with new token data -func (o *QwenAuth) UpdateTokenStorage(storage *QwenTokenStorage, tokenData *QwenTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.ResourceURL = tokenData.ResourceURL - storage.Expire = tokenData.Expire -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_auth_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_auth_test.go deleted file mode 100644 index 36724f6f56..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_auth_test.go +++ /dev/null @@ -1,163 +0,0 @@ -package qwen - -import ( - "context" - "encoding/json" - "io" - "net/http" - "net/http/httptest" - "strconv" - "strings" - "testing" -) - -type rewriteTransport struct { - target string - base http.RoundTripper -} - -func (t *rewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) { - newReq := req.Clone(req.Context()) - newReq.URL.Scheme = "http" - newReq.URL.Host = strings.TrimPrefix(t.target, "http://") - return t.base.RoundTrip(newReq) -} - -type roundTripperFunc func(*http.Request) (*http.Response, error) - -func (f roundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} - -func jsonResponse(status int, body string) *http.Response { - return &http.Response{ - StatusCode: status, - Header: map[string][]string{ - "Content-Type": {"application/json"}, - }, - Body: io.NopCloser(strings.NewReader(body)), - Status: strconv.Itoa(status) + " " + http.StatusText(status), - } -} - -func TestInitiateDeviceFlow(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := DeviceFlow{ - DeviceCode: "dev-code", - UserCode: "user-code", - VerificationURI: "http://qwen.ai/verify", - ExpiresIn: 600, - Interval: 5, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewQwenAuth(nil, client) - resp, err := auth.InitiateDeviceFlow(context.Background()) - if err != nil { - t.Fatalf("InitiateDeviceFlow failed: %v", err) - } - - if resp.DeviceCode != "dev-code" { - t.Errorf("got device code %q, want dev-code", resp.DeviceCode) - } -} - -func TestRefreshTokens(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - resp := QwenTokenResponse{ - AccessToken: "new-access", - RefreshToken: "new-refresh", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - client := &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: http.DefaultTransport, - }, - } - - auth := NewQwenAuth(nil, client) - resp, err := auth.RefreshTokens(context.Background(), "old-refresh") - if err != nil { - t.Fatalf("RefreshTokens failed: %v", err) - } - - if resp.AccessToken != "new-access" { - t.Errorf("got access token %q, want new-access", resp.AccessToken) - } -} - -func TestPollForTokenUsesInjectedHTTPClient(t *testing.T) { - defaultTransport := http.DefaultTransport - defer func() { - http.DefaultTransport = defaultTransport - }() - defaultCalled := 0 - http.DefaultTransport = roundTripperFunc(func(_ *http.Request) (*http.Response, error) { - defaultCalled++ - return jsonResponse(http.StatusOK, `{"access_token":"default-access","token_type":"Bearer","expires_in":3600}`), nil - }) - - customCalled := 0 - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - customCalled++ - _ = r - w.Header().Set("Content-Type", "application/json") - resp := QwenTokenResponse{ - AccessToken: "custom-access", - RefreshToken: "custom-refresh", - ExpiresIn: 3600, - } - _ = json.NewEncoder(w).Encode(resp) - })) - defer ts.Close() - - auth := NewQwenAuth(nil, &http.Client{ - Transport: &rewriteTransport{ - target: ts.URL, - base: defaultTransport, - }, - }) - resp, err := auth.PollForToken("device-code", "code-verifier") - if err != nil { - t.Fatalf("PollForToken failed: %v", err) - } - - if customCalled != 1 { - t.Fatalf("expected custom client to be used exactly once, got %d", customCalled) - } - if defaultCalled != 0 { - t.Fatalf("did not expect default transport to be used, got %d", defaultCalled) - } - if resp.AccessToken != "custom-access" { - t.Fatalf("got access token %q, want %q", resp.AccessToken, "custom-access") - } -} - -func TestQwenTokenStorageSaveTokenToFileRejectsTraversalPath(t *testing.T) { - t.Parallel() - - ts := &QwenTokenStorage{AccessToken: "token"} - err := ts.SaveTokenToFile("../qwen.json") - if err == nil { - t.Fatal("expected error for traversal path") - } - if !strings.Contains(err.Error(), "auth file path is invalid") { - t.Fatalf("expected invalid path error, got %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_token.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_token.go deleted file mode 100644 index 10104bf89c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_token.go +++ /dev/null @@ -1,84 +0,0 @@ -// Package qwen provides authentication and token management functionality -// for Alibaba's Qwen AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Qwen API. -package qwen - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" -) - -// QwenTokenStorage stores OAuth2 token information for Alibaba Qwen API authentication. -// It maintains compatibility with the existing auth system while adding Qwen-specific fields -// for managing access tokens, refresh tokens, and user account information. -type QwenTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - // ResourceURL is the base URL for API requests. - ResourceURL string `json:"resource_url"` - // Email is the Qwen account email address associated with this token. - Email string `json:"email"` - // Type indicates the authentication provider type, always "qwen" for this storage. - Type string `json:"type"` - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` -} - -// SaveTokenToFile serializes the Qwen token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *QwenTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "qwen" - cleanPath, err := cleanTokenFilePath(authFilePath, "qwen token") - if err != nil { - return err - } - if err := os.MkdirAll(filepath.Dir(cleanPath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(cleanPath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -func cleanTokenFilePath(path, scope string) (string, error) { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "", fmt.Errorf("%s: auth file path is empty", scope) - } - clean := filepath.Clean(filepath.FromSlash(trimmed)) - if clean == "." || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("%s: auth file path is invalid", scope) - } - abs, err := filepath.Abs(clean) - if err != nil { - return "", fmt.Errorf("%s: resolve auth file path: %w", scope, err) - } - return filepath.Clean(abs), nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_token_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_token_test.go deleted file mode 100644 index 3fb4881ab5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/qwen/qwen_token_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package qwen - -import ( - "os" - "path/filepath" - "testing" -) - -func TestQwenTokenStorage_SaveTokenToFile(t *testing.T) { - t.Parallel() - - tmpDir := t.TempDir() - path := filepath.Join(tmpDir, "qwen-token.json") - ts := &QwenTokenStorage{ - AccessToken: "access", - Email: "test@example.com", - } - - if err := ts.SaveTokenToFile(path); err != nil { - t.Fatalf("SaveTokenToFile failed: %v", err) - } - if _, err := os.Stat(path); err != nil { - t.Fatalf("expected token file to exist: %v", err) - } -} - -func TestQwenTokenStorage_SaveTokenToFile_RejectsTraversalPath(t *testing.T) { - t.Parallel() - - ts := &QwenTokenStorage{ - AccessToken: "access", - } - if err := ts.SaveTokenToFile("../qwen-token.json"); err == nil { - t.Fatal("expected traversal path to be rejected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/config.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/config.go deleted file mode 100644 index 1e9820f276..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/config.go +++ /dev/null @@ -1,657 +0,0 @@ -package synthesizer - -import ( - "bytes" - "encoding/json" - "fmt" - "net/http" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cursorstorage" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// ConfigSynthesizer generates Auth entries from configuration API keys. -// It handles Gemini, Claude, Codex, OpenAI-compat, and Vertex-compat providers. -type ConfigSynthesizer struct{} - -// NewConfigSynthesizer creates a new ConfigSynthesizer instance. -func NewConfigSynthesizer() *ConfigSynthesizer { - return &ConfigSynthesizer{} -} - -// synthesizeOAICompatFromDedicatedBlocks creates Auth entries from dedicated provider blocks -// (minimax, roo, kilo, deepseek, etc.) using a generic synthesizer path. -func (s *ConfigSynthesizer) synthesizeOAICompatFromDedicatedBlocks(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0) - for _, p := range config.GetDedicatedProviders() { - entries := s.getDedicatedProviderEntries(p, cfg) - if len(entries) == 0 { - continue - } - - for i := range entries { - entry := &entries[i] - apiKey := s.resolveAPIKeyFromEntry(entry.TokenFile, entry.APIKey, i, p.Name) - if apiKey == "" { - continue - } - baseURL := strings.TrimSpace(entry.BaseURL) - if baseURL == "" { - baseURL = p.BaseURL - } - baseURL = strings.TrimSuffix(baseURL, "/") - - id, _ := idGen.Next(p.Name+":key", apiKey, baseURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%d]", p.Name, i), - "base_url": baseURL, - "api_key": apiKey, - } - if entry.Priority != 0 { - attrs["priority"] = strconv.Itoa(entry.Priority) - } - if hash := diff.ComputeOpenAICompatModelsHash(entry.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(entry.Headers, attrs) - - a := &coreauth.Auth{ - ID: id, - Provider: p.Name, - Label: p.Name + "-key", - Prefix: entry.Prefix, - Status: coreauth.StatusActive, - ProxyURL: strings.TrimSpace(entry.ProxyURL), - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, entry.ExcludedModels, "key") - out = append(out, a) - } - } - return out -} - -// Synthesize generates Auth entries from config API keys. -func (s *ConfigSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 32) - if ctx == nil || ctx.Config == nil { - return out, nil - } - - // Gemini API Keys - out = append(out, s.synthesizeGeminiKeys(ctx)...) - // Claude API Keys - out = append(out, s.synthesizeClaudeKeys(ctx)...) - // Codex API Keys - out = append(out, s.synthesizeCodexKeys(ctx)...) - // Kiro (AWS CodeWhisperer) - out = append(out, s.synthesizeKiroKeys(ctx)...) - // Cursor (via cursor-api) - out = append(out, s.synthesizeCursorKeys(ctx)...) - // Dedicated OpenAI-compatible blocks (minimax, roo, kilo, deepseek, groq, etc.) - out = append(out, s.synthesizeOAICompatFromDedicatedBlocks(ctx)...) - // Generic OpenAI-compat - out = append(out, s.synthesizeOpenAICompat(ctx)...) - // Vertex-compat - out = append(out, s.synthesizeVertexCompat(ctx)...) - - return out, nil -} - -// synthesizeGeminiKeys creates Auth entries for Gemini API keys. -func (s *ConfigSynthesizer) synthesizeGeminiKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.GeminiKey)) - for i := range cfg.GeminiKey { - entry := cfg.GeminiKey[i] - key := strings.TrimSpace(entry.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(entry.Prefix) - base := strings.TrimSpace(entry.BaseURL) - proxyURL := strings.TrimSpace(entry.ProxyURL) - id, token := idGen.Next("gemini:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:gemini[%s]", token), - "api_key": key, - } - if entry.Priority != 0 { - attrs["priority"] = strconv.Itoa(entry.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeGeminiModelsHash(entry.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(entry.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: "gemini", - Label: "gemini-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, entry.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeClaudeKeys creates Auth entries for Claude API keys. -func (s *ConfigSynthesizer) synthesizeClaudeKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.ClaudeKey)) - for i := range cfg.ClaudeKey { - ck := cfg.ClaudeKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - base := strings.TrimSpace(ck.BaseURL) - id, token := idGen.Next("claude:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:claude[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeClaudeModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "claude", - Label: "claude-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeCodexKeys creates Auth entries for Codex API keys. -func (s *ConfigSynthesizer) synthesizeCodexKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.CodexKey)) - for i := range cfg.CodexKey { - ck := cfg.CodexKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - id, token := idGen.Next("codex:apikey", key, ck.BaseURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:codex[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if ck.BaseURL != "" { - attrs["base_url"] = ck.BaseURL - } - if hash := diff.ComputeCodexModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "codex", - Label: "codex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeOpenAICompat creates Auth entries for OpenAI-compatible providers. -func (s *ConfigSynthesizer) synthesizeOpenAICompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0) - for i := range cfg.OpenAICompatibility { - compat := &cfg.OpenAICompatibility[i] - prefix := strings.TrimSpace(compat.Prefix) - providerName := strings.ToLower(strings.TrimSpace(compat.Name)) - if providerName == "" { - providerName = "openai-compatibility" - } - base := strings.TrimSpace(compat.BaseURL) - modelsEndpoint := strings.TrimSpace(compat.ModelsEndpoint) - - // Handle new APIKeyEntries format (preferred) - createdEntries := 0 - for j := range compat.APIKeyEntries { - entry := &compat.APIKeyEntries[j] - apiKey := s.resolveAPIKeyFromEntry(entry.TokenFile, entry.APIKey, j, providerName) - if apiKey == "" { - continue - } - proxyURL := strings.TrimSpace(entry.ProxyURL) - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, apiKey, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if modelsEndpoint != "" { - attrs["models_endpoint"] = modelsEndpoint - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if apiKey != "" { - attrs["api_key"] = apiKey - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - createdEntries++ - } - // Fallback: create entry without API key if no APIKeyEntries - if createdEntries == 0 { - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if modelsEndpoint != "" { - attrs["models_endpoint"] = modelsEndpoint - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - } - } - return out -} - -// synthesizeVertexCompat creates Auth entries for Vertex-compatible providers. -func (s *ConfigSynthesizer) synthesizeVertexCompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.VertexCompatAPIKey)) - for i := range cfg.VertexCompatAPIKey { - compat := &cfg.VertexCompatAPIKey[i] - providerName := "vertex" - base := strings.TrimSpace(compat.BaseURL) - - key := strings.TrimSpace(compat.APIKey) - prefix := strings.TrimSpace(compat.Prefix) - proxyURL := strings.TrimSpace(compat.ProxyURL) - idKind := "vertex:apikey" - id, token := idGen.Next(idKind, key, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:vertex-apikey[%s]", token), - "base_url": base, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if key != "" { - attrs["api_key"] = key - } - if hash := diff.ComputeVertexCompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: "vertex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, nil, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeCursorKeys creates Auth entries for Cursor (via cursor-api). -// Precedence: token-file > auto-detected IDE token (zero-action flow). -func (s *ConfigSynthesizer) synthesizeCursorKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - if len(cfg.CursorKey) == 0 { - return nil - } - - out := make([]*coreauth.Auth, 0, len(cfg.CursorKey)) - for i := range cfg.CursorKey { - ck := cfg.CursorKey[i] - cursorAPIURL := strings.TrimSpace(ck.CursorAPIURL) - if cursorAPIURL == "" { - cursorAPIURL = "http://127.0.0.1:3000" - } - baseURL := strings.TrimSuffix(cursorAPIURL, "/") + "/v1" - - var apiKey, source string - if ck.TokenFile != "" { - // token-file path: read sk-... from file (current behavior) - tokenPath := ck.TokenFile - if strings.HasPrefix(tokenPath, "~") { - home, err := os.UserHomeDir() - if err != nil { - log.Warnf("cursor config[%d] failed to expand ~: %v", i, err) - continue - } - tokenPath = filepath.Join(home, tokenPath[1:]) - } - data, err := os.ReadFile(tokenPath) - if err != nil { - log.Warnf("cursor config[%d] failed to read token file %s: %v", i, ck.TokenFile, err) - continue - } - apiKey = strings.TrimSpace(string(data)) - if apiKey == "" || !strings.HasPrefix(apiKey, "sk-") { - log.Warnf("cursor config[%d] token file must contain sk-... key from cursor-api /build-key", i) - continue - } - source = fmt.Sprintf("config:cursor[%s]", ck.TokenFile) - } else { - // zero-action: read from Cursor IDE storage, POST /tokens/add, use auth-token for chat - ideToken, err := cursorstorage.ReadAccessToken() - if err != nil { - log.Warnf("cursor config[%d] %v", i, err) - continue - } - if ideToken == "" { - log.Warnf("cursor config[%d] Cursor IDE not found or not logged in; ensure Cursor IDE is installed and you are logged in", i) - continue - } - authToken := strings.TrimSpace(ck.AuthToken) - if authToken == "" { - log.Warnf("cursor config[%d] cursor-api auth required: set auth-token to match cursor-api AUTH_TOKEN (required for zero-action flow)", i) - continue - } - if err := s.cursorAddToken(cursorAPIURL, authToken, ideToken); err != nil { - log.Warnf("cursor config[%d] failed to add token to cursor-api: %v", i, err) - continue - } - apiKey = authToken - source = "config:cursor[ide-zero-action]" - } - - id, _ := idGen.Next("cursor:token", apiKey, baseURL) - attrs := map[string]string{ - "source": source, - "base_url": baseURL, - "api_key": apiKey, - } - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "cursor", - Label: "cursor-token", - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - } - return out -} - -// cursorAddToken POSTs the IDE access token to cursor-api /tokens/add. -func (s *ConfigSynthesizer) cursorAddToken(baseURL, authToken, ideToken string) error { - url := strings.TrimSuffix(baseURL, "/") + "/tokens/add" - body := map[string]any{ - "tokens": []map[string]string{{"token": ideToken}}, - "enabled": true, - } - raw, err := json.Marshal(body) - if err != nil { - return err - } - req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(raw)) - if err != nil { - return err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+authToken) - client := &http.Client{Timeout: 10 * time.Second} - resp, err := client.Do(req) - if err != nil { - return fmt.Errorf("request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - if resp.StatusCode == http.StatusUnauthorized { - return fmt.Errorf("cursor-api auth required: set auth-token to match cursor-api AUTH_TOKEN") - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return fmt.Errorf("tokens/add returned %d", resp.StatusCode) - } - return nil -} - -func (s *ConfigSynthesizer) resolveAPIKeyFromEntry(tokenFile, apiKey string, _ int, _ string) string { - if apiKey != "" { - return strings.TrimSpace(apiKey) - } - if tokenFile == "" { - return "" - } - tokenPath := tokenFile - if strings.HasPrefix(tokenPath, "~") { - home, err := os.UserHomeDir() - if err != nil { - return "" - } - tokenPath = filepath.Join(home, tokenPath[1:]) - } - data, err := os.ReadFile(tokenPath) - if err != nil { - return "" - } - var parsed struct { - AccessToken string `json:"access_token"` - APIKey string `json:"api_key"` - } - if err := json.Unmarshal(data, &parsed); err == nil { - if v := strings.TrimSpace(parsed.AccessToken); v != "" { - return v - } - if v := strings.TrimSpace(parsed.APIKey); v != "" { - return v - } - } - return strings.TrimSpace(string(data)) -} - -// synthesizeKiroKeys creates Auth entries for Kiro (AWS CodeWhisperer) tokens. -func (s *ConfigSynthesizer) synthesizeKiroKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - if len(cfg.KiroKey) == 0 { - return nil - } - - out := make([]*coreauth.Auth, 0, len(cfg.KiroKey)) - kAuth := kiroauth.NewKiroAuth(cfg) - - for i := range cfg.KiroKey { - kk := cfg.KiroKey[i] - var accessToken, profileArn, refreshToken string - - // Try to load from token file first - if kk.TokenFile != "" && kAuth != nil { - tokenData, err := kAuth.LoadTokenFromFile(kk.TokenFile) - if err != nil { - log.Warnf("failed to load kiro token file %s: %v", kk.TokenFile, err) - } else { - accessToken = tokenData.AccessToken - profileArn = tokenData.ProfileArn - refreshToken = tokenData.RefreshToken - } - } - - // Override with direct config values if provided - if kk.AccessToken != "" { - accessToken = kk.AccessToken - } - if kk.ProfileArn != "" { - profileArn = kk.ProfileArn - } - if kk.RefreshToken != "" { - refreshToken = kk.RefreshToken - } - - if accessToken == "" { - log.Warnf("kiro config[%d] missing access_token, skipping", i) - continue - } - - // profileArn is optional for AWS Builder ID users. When profileArn is empty, - // include refreshToken in the stable ID seed to avoid collisions between - // multiple imported Builder ID credentials. - idSeed := []string{accessToken, profileArn} - if profileArn == "" && refreshToken != "" { - idSeed = append(idSeed, refreshToken) - } - id, token := idGen.Next("kiro:token", idSeed...) - attrs := map[string]string{ - "source": fmt.Sprintf("config:kiro[%s]", token), - "access_token": accessToken, - } - if profileArn != "" { - attrs["profile_arn"] = profileArn - } - if kk.Region != "" { - attrs["region"] = kk.Region - } - if kk.AgentTaskType != "" { - attrs["agent_task_type"] = kk.AgentTaskType - } - if kk.PreferredEndpoint != "" { - attrs["preferred_endpoint"] = kk.PreferredEndpoint - } else if cfg.KiroPreferredEndpoint != "" { - // Apply global default if not overridden by specific key - attrs["preferred_endpoint"] = cfg.KiroPreferredEndpoint - } - if refreshToken != "" { - attrs["refresh_token"] = refreshToken - } - proxyURL := strings.TrimSpace(kk.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "kiro", - Label: "kiro-token", - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - - if refreshToken != "" { - if a.Metadata == nil { - a.Metadata = make(map[string]any) - } - a.Metadata["refresh_token"] = refreshToken - } - - out = append(out, a) - } - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/config_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/config_test.go deleted file mode 100644 index c60bf23080..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/config_test.go +++ /dev/null @@ -1,229 +0,0 @@ -package synthesizer - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "os" - "path/filepath" - "testing" - "time" -) - -func TestConfigSynthesizer_Synthesize(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - ClaudeKey: []config.ClaudeKey{{APIKey: "k1", Prefix: "p1"}}, - GeminiKey: []config.GeminiKey{{APIKey: "g1"}}, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - - if len(auths) != 2 { - t.Errorf("expected 2 auth entries, got %d", len(auths)) - } - - foundClaude := false - for _, a := range auths { - if a.Provider == "claude" { - foundClaude = true - if a.Prefix != "p1" { - t.Errorf("expected prefix p1, got %s", a.Prefix) - } - if a.Attributes["api_key"] != "k1" { - t.Error("missing api_key attribute") - } - } - } - if !foundClaude { - t.Error("claude auth not found") - } -} - -func TestConfigSynthesizer_SynthesizeOpenAICompat(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "provider1", - BaseURL: "http://base", - ModelsEndpoint: "/api/coding/paas/v4/models", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k1"}}, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - - if len(auths) != 1 || auths[0].Provider != "provider1" { - t.Errorf("expected 1 auth for provider1, got %v", auths) - } - if got := auths[0].Attributes["models_endpoint"]; got != "/api/coding/paas/v4/models" { - t.Fatalf("models_endpoint = %q, want %q", got, "/api/coding/paas/v4/models") - } -} - -func TestConfigSynthesizer_SynthesizeMore(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - CodexKey: []config.CodexKey{{APIKey: "co1"}}, - GeneratedConfig: config.GeneratedConfig{ - DeepSeekKey: []config.DeepSeekKey{{APIKey: "ds1"}}, - GroqKey: []config.GroqKey{{APIKey: "gr1"}}, - MistralKey: []config.MistralKey{{APIKey: "mi1"}}, - SiliconFlowKey: []config.SiliconFlowKey{{APIKey: "sf1"}}, - OpenRouterKey: []config.OpenRouterKey{{APIKey: "or1"}}, - TogetherKey: []config.TogetherKey{{APIKey: "to1"}}, - FireworksKey: []config.FireworksKey{{APIKey: "fw1"}}, - NovitaKey: []config.NovitaKey{{APIKey: "no1"}}, - MiniMaxKey: []config.MiniMaxKey{{APIKey: "mm1"}}, - RooKey: []config.RooKey{{APIKey: "ro1"}}, - KiloKey: []config.KiloKey{{APIKey: "ki1"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{{APIKey: "vx1", BaseURL: "http://vx"}}, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - - expectedProviders := map[string]bool{ - "codex": true, - "deepseek": true, - "groq": true, - "mistral": true, - "siliconflow": true, - "openrouter": true, - "together": true, - "fireworks": true, - "novita": true, - "minimax": true, - "roo": true, - "kilo": true, - "vertex": true, - } - - for _, a := range auths { - delete(expectedProviders, a.Provider) - } - - if len(expectedProviders) > 0 { - t.Errorf("missing providers in synthesis: %v", expectedProviders) - } -} - -func TestConfigSynthesizer_SynthesizeKiroKeys_UsesRefreshTokenForIDWhenProfileArnMissing(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - KiroKey: []config.KiroKey{ - {AccessToken: "shared-access-token", RefreshToken: "refresh-one"}, - {AccessToken: "shared-access-token", RefreshToken: "refresh-two"}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - if len(auths) != 2 { - t.Fatalf("expected 2 auth entries, got %d", len(auths)) - } - if auths[0].ID == auths[1].ID { - t.Fatalf("expected unique auth IDs for distinct refresh tokens, got %q", auths[0].ID) - } -} - -func TestConfigSynthesizer_SynthesizeCursorKeys_FromTokenFile(t *testing.T) { - s := NewConfigSynthesizer() - tokenDir := t.TempDir() - tokenPath := filepath.Join(tokenDir, "cursor-token.txt") - if err := os.WriteFile(tokenPath, []byte("sk-cursor-test"), 0o600); err != nil { - t.Fatalf("write token file: %v", err) - } - - ctx := &SynthesisContext{ - Config: &config.Config{ - CursorKey: []config.CursorKey{ - { - TokenFile: tokenPath, - CursorAPIURL: "http://127.0.0.1:3010/", - ProxyURL: "http://127.0.0.1:7890", - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth entry, got %d", len(auths)) - } - - got := auths[0] - if got.Provider != "cursor" { - t.Fatalf("provider = %q, want %q", got.Provider, "cursor") - } - if got.Attributes["api_key"] != "sk-cursor-test" { - t.Fatalf("api_key = %q, want %q", got.Attributes["api_key"], "sk-cursor-test") - } - if got.Attributes["base_url"] != "http://127.0.0.1:3010/v1" { - t.Fatalf("base_url = %q, want %q", got.Attributes["base_url"], "http://127.0.0.1:3010/v1") - } - if got.ProxyURL != "http://127.0.0.1:7890" { - t.Fatalf("proxy_url = %q, want %q", got.ProxyURL, "http://127.0.0.1:7890") - } -} - -func TestConfigSynthesizer_SynthesizeCursorKeys_InvalidTokenFileIsSkipped(t *testing.T) { - s := NewConfigSynthesizer() - tokenDir := t.TempDir() - tokenPath := filepath.Join(tokenDir, "cursor-token.txt") - if err := os.WriteFile(tokenPath, []byte("invalid-token"), 0o600); err != nil { - t.Fatalf("write token file: %v", err) - } - - ctx := &SynthesisContext{ - Config: &config.Config{ - CursorKey: []config.CursorKey{ - { - TokenFile: tokenPath, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected invalid cursor token file to be skipped, got %d auth entries", len(auths)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/context.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/context.go deleted file mode 100644 index 8dadc9026a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/context.go +++ /dev/null @@ -1,19 +0,0 @@ -package synthesizer - -import ( - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// SynthesisContext provides the context needed for auth synthesis. -type SynthesisContext struct { - // Config is the current configuration - Config *config.Config - // AuthDir is the directory containing auth files - AuthDir string - // Now is the current time for timestamps - Now time.Time - // IDGenerator generates stable IDs for auth entries - IDGenerator *StableIDGenerator -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/file.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/file.go deleted file mode 100644 index 65aefc756d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/file.go +++ /dev/null @@ -1,298 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/geminicli" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// FileSynthesizer generates Auth entries from OAuth JSON files. -// It handles file-based authentication and Gemini virtual auth generation. -type FileSynthesizer struct{} - -// NewFileSynthesizer creates a new FileSynthesizer instance. -func NewFileSynthesizer() *FileSynthesizer { - return &FileSynthesizer{} -} - -// Synthesize generates Auth entries from auth files in the auth directory. -func (s *FileSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 16) - if ctx == nil || ctx.AuthDir == "" { - return out, nil - } - - entries, err := os.ReadDir(ctx.AuthDir) - if err != nil { - // Not an error if directory doesn't exist - return out, nil - } - - now := ctx.Now - cfg := ctx.Config - - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full := filepath.Join(ctx.AuthDir, name) - data, errRead := os.ReadFile(full) - if errRead != nil || len(data) == 0 { - continue - } - var metadata map[string]any - if errUnmarshal := json.Unmarshal(data, &metadata); errUnmarshal != nil { - continue - } - t, _ := metadata["type"].(string) - if t == "" { - continue - } - provider := strings.ToLower(t) - if provider == "gemini" { - provider = "gemini-cli" - } - label := provider - if email, _ := metadata["email"].(string); email != "" { - label = email - } - // Use relative path under authDir as ID to stay consistent with the file-based token store - id := full - if rel, errRel := filepath.Rel(ctx.AuthDir, full); errRel == nil && rel != "" { - id = rel - } - - proxyURL := "" - if p, ok := metadata["proxy_url"].(string); ok { - proxyURL = p - } - - prefix := "" - if rawPrefix, ok := metadata["prefix"].(string); ok { - trimmed := strings.TrimSpace(rawPrefix) - trimmed = strings.Trim(trimmed, "/") - if trimmed != "" && !strings.Contains(trimmed, "/") { - prefix = trimmed - } - } - - disabled, _ := metadata["disabled"].(bool) - status := coreauth.StatusActive - if disabled { - status = coreauth.StatusDisabled - } - - // Read per-account excluded models from the OAuth JSON file - perAccountExcluded := extractExcludedModelsFromMetadata(metadata) - - a := &coreauth.Auth{ - ID: id, - Provider: provider, - Label: label, - Prefix: prefix, - Status: status, - Disabled: disabled, - Attributes: map[string]string{ - "source": full, - "path": full, - }, - ProxyURL: proxyURL, - Metadata: metadata, - CreatedAt: now, - UpdatedAt: now, - } - // Read priority from auth file - if rawPriority, ok := metadata["priority"]; ok { - switch v := rawPriority.(type) { - case float64: - a.Attributes["priority"] = strconv.Itoa(int(v)) - case string: - priority := strings.TrimSpace(v) - if _, errAtoi := strconv.Atoi(priority); errAtoi == nil { - a.Attributes["priority"] = priority - } - } - } - ApplyAuthExcludedModelsMeta(a, cfg, perAccountExcluded, "oauth") - if provider == "gemini-cli" { - if virtuals := SynthesizeGeminiVirtualAuths(a, metadata, now); len(virtuals) > 0 { - for _, v := range virtuals { - ApplyAuthExcludedModelsMeta(v, cfg, perAccountExcluded, "oauth") - } - out = append(out, a) - out = append(out, virtuals...) - continue - } - } - out = append(out, a) - } - return out, nil -} - -// SynthesizeGeminiVirtualAuths creates virtual Auth entries for multi-project Gemini credentials. -// It disables the primary auth and creates one virtual auth per project. -func SynthesizeGeminiVirtualAuths(primary *coreauth.Auth, metadata map[string]any, now time.Time) []*coreauth.Auth { - if primary == nil || metadata == nil { - return nil - } - projects := splitGeminiProjectIDs(metadata) - if len(projects) <= 1 { - return nil - } - email, _ := metadata["email"].(string) - shared := geminicli.NewSharedCredential(primary.ID, email, metadata, projects) - primary.Disabled = true - primary.Status = coreauth.StatusDisabled - primary.Runtime = shared - if primary.Attributes == nil { - primary.Attributes = make(map[string]string) - } - primary.Attributes["gemini_virtual_primary"] = "true" - primary.Attributes["virtual_children"] = strings.Join(projects, ",") - source := primary.Attributes["source"] - authPath := primary.Attributes["path"] - originalProvider := primary.Provider - if originalProvider == "" { - originalProvider = "gemini-cli" - } - label := primary.Label - if label == "" { - label = originalProvider - } - virtuals := make([]*coreauth.Auth, 0, len(projects)) - for _, projectID := range projects { - attrs := map[string]string{ - "runtime_only": "true", - "gemini_virtual_parent": primary.ID, - "gemini_virtual_project": projectID, - } - if source != "" { - attrs["source"] = source - } - if authPath != "" { - attrs["path"] = authPath - } - // Propagate priority from primary auth to virtual auths - if priorityVal, hasPriority := primary.Attributes["priority"]; hasPriority && priorityVal != "" { - attrs["priority"] = priorityVal - } - metadataCopy := map[string]any{ - "email": email, - "project_id": projectID, - "virtual": true, - "virtual_parent_id": primary.ID, - "type": metadata["type"], - } - if v, ok := metadata["disable_cooling"]; ok { - metadataCopy["disable_cooling"] = v - } else if v, ok := metadata["disable-cooling"]; ok { - metadataCopy["disable_cooling"] = v - } - if v, ok := metadata["request_retry"]; ok { - metadataCopy["request_retry"] = v - } else if v, ok := metadata["request-retry"]; ok { - metadataCopy["request_retry"] = v - } - proxy := strings.TrimSpace(primary.ProxyURL) - if proxy != "" { - metadataCopy["proxy_url"] = proxy - } - virtual := &coreauth.Auth{ - ID: buildGeminiVirtualID(primary.ID, projectID), - Provider: originalProvider, - Label: fmt.Sprintf("%s [%s]", label, projectID), - Status: coreauth.StatusActive, - Attributes: attrs, - Metadata: metadataCopy, - ProxyURL: primary.ProxyURL, - Prefix: primary.Prefix, - CreatedAt: primary.CreatedAt, - UpdatedAt: primary.UpdatedAt, - Runtime: geminicli.NewVirtualCredential(projectID, shared), - } - virtuals = append(virtuals, virtual) - } - return virtuals -} - -// splitGeminiProjectIDs extracts and deduplicates project IDs from metadata. -func splitGeminiProjectIDs(metadata map[string]any) []string { - raw, _ := metadata["project_id"].(string) - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return nil - } - parts := strings.Split(trimmed, ",") - result := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, ok := seen[id]; ok { - continue - } - seen[id] = struct{}{} - result = append(result, id) - } - return result -} - -// buildGeminiVirtualID constructs a virtual auth ID from base ID and project ID. -func buildGeminiVirtualID(baseID, projectID string) string { - project := strings.TrimSpace(projectID) - if project == "" { - project = "project" - } - replacer := strings.NewReplacer("/", "_", "\\", "_", " ", "_") - return fmt.Sprintf("%s::%s", baseID, replacer.Replace(project)) -} - -// extractExcludedModelsFromMetadata reads per-account excluded models from the OAuth JSON metadata. -// Supports both "excluded_models" and "excluded-models" keys, and accepts both []string and []interface{}. -func extractExcludedModelsFromMetadata(metadata map[string]any) []string { - if metadata == nil { - return nil - } - // Try both key formats - raw, ok := metadata["excluded_models"] - if !ok { - raw, ok = metadata["excluded-models"] - } - if !ok || raw == nil { - return nil - } - var stringSlice []string - switch v := raw.(type) { - case []string: - stringSlice = v - case []interface{}: - stringSlice = make([]string, 0, len(v)) - for _, item := range v { - if s, ok := item.(string); ok { - stringSlice = append(stringSlice, s) - } - } - default: - return nil - } - result := make([]string, 0, len(stringSlice)) - for _, s := range stringSlice { - if trimmed := strings.TrimSpace(s); trimmed != "" { - result = append(result, trimmed) - } - } - return result -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/file_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/file_test.go deleted file mode 100644 index 88873a6138..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/file_test.go +++ /dev/null @@ -1,746 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "os" - "path/filepath" - "strings" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestNewFileSynthesizer(t *testing.T) { - synth := NewFileSynthesizer() - if synth == nil { - t.Fatal("expected non-nil synthesizer") - } -} - -func TestFileSynthesizer_Synthesize_NilContext(t *testing.T) { - synth := NewFileSynthesizer() - auths, err := synth.Synthesize(nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_EmptyAuthDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_NonExistentDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "/non/existent/path", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_ValidAuthFile(t *testing.T) { - tempDir := t.TempDir() - - // Create a valid auth file - authData := map[string]any{ - "type": "claude", - "email": "test@example.com", - "proxy_url": "http://proxy.local", - "prefix": "test-prefix", - "disable_cooling": true, - "request_retry": 2, - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "claude-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "claude" { - t.Errorf("expected provider claude, got %s", auths[0].Provider) - } - if auths[0].Label != "test@example.com" { - t.Errorf("expected label test@example.com, got %s", auths[0].Label) - } - if auths[0].Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", auths[0].Prefix) - } - if auths[0].ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", auths[0].ProxyURL) - } - if v, ok := auths[0].Metadata["disable_cooling"].(bool); !ok || !v { - t.Errorf("expected disable_cooling true, got %v", auths[0].Metadata["disable_cooling"]) - } - if v, ok := auths[0].Metadata["request_retry"].(float64); !ok || int(v) != 2 { - t.Errorf("expected request_retry 2, got %v", auths[0].Metadata["request_retry"]) - } - if auths[0].Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", auths[0].Status) - } -} - -func TestFileSynthesizer_Synthesize_GeminiProviderMapping(t *testing.T) { - tempDir := t.TempDir() - - // Gemini type should be mapped to gemini-cli - authData := map[string]any{ - "type": "gemini", - "email": "gemini@example.com", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "gemini-cli" { - t.Errorf("gemini should be mapped to gemini-cli, got %s", auths[0].Provider) - } -} - -func TestFileSynthesizer_Synthesize_SkipsInvalidFiles(t *testing.T) { - tempDir := t.TempDir() - - // Create various invalid files - _ = os.WriteFile(filepath.Join(tempDir, "not-json.txt"), []byte("text content"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "invalid.json"), []byte("not valid json"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "empty.json"), []byte(""), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "no-type.json"), []byte(`{"email": "test@example.com"}`), 0644) - - // Create one valid file - validData, _ := json.Marshal(map[string]any{"type": "claude", "email": "valid@example.com"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("only valid auth file should be processed, got %d", len(auths)) - } - if auths[0].Label != "valid@example.com" { - t.Errorf("expected label valid@example.com, got %s", auths[0].Label) - } -} - -func TestFileSynthesizer_Synthesize_SkipsDirectories(t *testing.T) { - tempDir := t.TempDir() - - // Create a subdirectory with a json file inside - subDir := filepath.Join(tempDir, "subdir.json") - err := os.Mkdir(subDir, 0755) - if err != nil { - t.Fatalf("failed to create subdir: %v", err) - } - - // Create a valid file in root - validData, _ := json.Marshal(map[string]any{"type": "claude"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_RelativeID(t *testing.T) { - tempDir := t.TempDir() - - authData := map[string]any{"type": "claude"} - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "my-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - // ID should be relative path - if auths[0].ID != "my-auth.json" { - t.Errorf("expected ID my-auth.json, got %s", auths[0].ID) - } -} - -func TestFileSynthesizer_Synthesize_PrefixValidation(t *testing.T) { - tests := []struct { - name string - prefix string - wantPrefix string - }{ - {"valid prefix", "myprefix", "myprefix"}, - {"prefix with slashes trimmed", "/myprefix/", "myprefix"}, - {"prefix with spaces trimmed", " myprefix ", "myprefix"}, - {"prefix with internal slash rejected", "my/prefix", ""}, - {"empty prefix", "", ""}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "prefix": tt.prefix, - } - data, _ := json.Marshal(authData) - _ = os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if auths[0].Prefix != tt.wantPrefix { - t.Errorf("expected prefix %q, got %q", tt.wantPrefix, auths[0].Prefix) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_PriorityParsing(t *testing.T) { - tests := []struct { - name string - priority any - want string - hasValue bool - }{ - { - name: "string with spaces", - priority: " 10 ", - want: "10", - hasValue: true, - }, - { - name: "number", - priority: 8, - want: "8", - hasValue: true, - }, - { - name: "invalid string", - priority: "1x", - hasValue: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "priority": tt.priority, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - value, ok := auths[0].Attributes["priority"] - if tt.hasValue { - if !ok { - t.Fatal("expected priority attribute to be set") - } - if value != tt.want { - t.Fatalf("expected priority %q, got %q", tt.want, value) - } - return - } - if ok { - t.Fatalf("expected priority attribute to be absent, got %q", value) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_OAuthExcludedModelsMerged(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "excluded_models": []string{"custom-model", "MODEL-B"}, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"shared", "model-b"}, - }, - }, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - got := auths[0].Attributes["excluded_models"] - want := "custom-model,model-b,shared" - if got != want { - t.Fatalf("expected excluded_models %q, got %q", want, got) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilInputs(t *testing.T) { - now := time.Now() - - if SynthesizeGeminiVirtualAuths(nil, nil, now) != nil { - t.Error("expected nil for nil primary") - } - if SynthesizeGeminiVirtualAuths(&coreauth.Auth{}, nil, now) != nil { - t.Error("expected nil for nil metadata") - } - if SynthesizeGeminiVirtualAuths(nil, map[string]any{}, now) != nil { - t.Error("expected nil for nil primary with metadata") - } -} - -func TestSynthesizeGeminiVirtualAuths_SingleProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "test-id", - Provider: "gemini-cli", - Label: "test@example.com", - } - metadata := map[string]any{ - "project_id": "single-project", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - if virtuals != nil { - t.Error("single project should not create virtuals") - } -} - -func TestSynthesizeGeminiVirtualAuths_MultiProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Prefix: "test-prefix", - ProxyURL: "http://proxy.local", - Attributes: map[string]string{ - "source": "test-source", - "path": "/path/to/auth", - }, - } - metadata := map[string]any{ - "project_id": "project-a, project-b, project-c", - "email": "test@example.com", - "type": "gemini", - "request_retry": 2, - "disable_cooling": true, - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 3 { - t.Fatalf("expected 3 virtuals, got %d", len(virtuals)) - } - - // Check primary is disabled - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } - if !strings.Contains(primary.Attributes["virtual_children"], "project-a") { - t.Error("expected virtual_children to contain project-a") - } - - // Check virtuals - projectIDs := []string{"project-a", "project-b", "project-c"} - for i, v := range virtuals { - if v.Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli, got %s", v.Provider) - } - if v.Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", v.Status) - } - if v.Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", v.Prefix) - } - if v.ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", v.ProxyURL) - } - if vv, ok := v.Metadata["disable_cooling"].(bool); !ok || !vv { - t.Errorf("expected disable_cooling true, got %v", v.Metadata["disable_cooling"]) - } - if vv, ok := v.Metadata["request_retry"].(int); !ok || vv != 2 { - t.Errorf("expected request_retry 2, got %v", v.Metadata["request_retry"]) - } - if v.Attributes["runtime_only"] != "true" { - t.Error("expected runtime_only=true") - } - if v.Attributes["gemini_virtual_parent"] != "primary-id" { - t.Errorf("expected gemini_virtual_parent=primary-id, got %s", v.Attributes["gemini_virtual_parent"]) - } - if v.Attributes["gemini_virtual_project"] != projectIDs[i] { - t.Errorf("expected gemini_virtual_project=%s, got %s", projectIDs[i], v.Attributes["gemini_virtual_project"]) - } - if !strings.Contains(v.Label, "["+projectIDs[i]+"]") { - t.Errorf("expected label to contain [%s], got %s", projectIDs[i], v.Label) - } - } -} - -func TestSynthesizeGeminiVirtualAuths_EmptyProviderAndLabel(t *testing.T) { - now := time.Now() - // Test with empty Provider and Label to cover fallback branches - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "", // empty provider - should default to gemini-cli - Label: "", // empty label - should default to provider - Attributes: map[string]string{}, - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "user@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - - // Check that empty provider defaults to gemini-cli - if virtuals[0].Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli (default), got %s", virtuals[0].Provider) - } - // Check that empty label defaults to provider - if !strings.Contains(virtuals[0].Label, "gemini-cli") { - t.Errorf("expected label to contain gemini-cli, got %s", virtuals[0].Label) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilPrimaryAttributes(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Attributes: nil, // nil attributes - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - // Nil attributes should be initialized - if primary.Attributes == nil { - t.Error("expected primary.Attributes to be initialized") - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } -} - -func TestSplitGeminiProjectIDs(t *testing.T) { - tests := []struct { - name string - metadata map[string]any - want []string - }{ - { - name: "single project", - metadata: map[string]any{"project_id": "proj-a"}, - want: []string{"proj-a"}, - }, - { - name: "multiple projects", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-c"}, - want: []string{"proj-a", "proj-b", "proj-c"}, - }, - { - name: "with duplicates", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-a"}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "with empty parts", - metadata: map[string]any{"project_id": "proj-a, , proj-b, "}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "empty project_id", - metadata: map[string]any{"project_id": ""}, - want: nil, - }, - { - name: "no project_id", - metadata: map[string]any{}, - want: nil, - }, - { - name: "whitespace only", - metadata: map[string]any{"project_id": " "}, - want: nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := splitGeminiProjectIDs(tt.metadata) - if len(got) != len(tt.want) { - t.Fatalf("expected %v, got %v", tt.want, got) - } - for i := range got { - if got[i] != tt.want[i] { - t.Errorf("expected %v, got %v", tt.want, got) - break - } - } - }) - } -} - -func TestFileSynthesizer_Synthesize_MultiProjectGemini(t *testing.T) { - tempDir := t.TempDir() - - // Create a gemini auth file with multiple projects - authData := map[string]any{ - "type": "gemini", - "email": "multi@example.com", - "project_id": "project-a, project-b, project-c", - "priority": " 10 ", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-multi.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - // Should have 4 auths: 1 primary (disabled) + 3 virtuals - if len(auths) != 4 { - t.Fatalf("expected 4 auths (1 primary + 3 virtuals), got %d", len(auths)) - } - - // First auth should be the primary (disabled) - primary := auths[0] - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if gotPriority := primary.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected primary priority 10, got %q", gotPriority) - } - - // Remaining auths should be virtuals - for i := 1; i < 4; i++ { - v := auths[i] - if v.Status != coreauth.StatusActive { - t.Errorf("expected virtual %d to be active, got %s", i, v.Status) - } - if v.Attributes["gemini_virtual_parent"] != primary.ID { - t.Errorf("expected virtual %d parent to be %s, got %s", i, primary.ID, v.Attributes["gemini_virtual_parent"]) - } - if gotPriority := v.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected virtual %d priority 10, got %q", i, gotPriority) - } - } -} - -func TestBuildGeminiVirtualID(t *testing.T) { - tests := []struct { - name string - baseID string - projectID string - want string - }{ - { - name: "basic", - baseID: "auth.json", - projectID: "my-project", - want: "auth.json::my-project", - }, - { - name: "with slashes", - baseID: "path/to/auth.json", - projectID: "project/with/slashes", - want: "path/to/auth.json::project_with_slashes", - }, - { - name: "with spaces", - baseID: "auth.json", - projectID: "my project", - want: "auth.json::my_project", - }, - { - name: "empty project", - baseID: "auth.json", - projectID: "", - want: "auth.json::project", - }, - { - name: "whitespace project", - baseID: "auth.json", - projectID: " ", - want: "auth.json::project", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := buildGeminiVirtualID(tt.baseID, tt.projectID) - if got != tt.want { - t.Errorf("expected %q, got %q", tt.want, got) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/helpers.go deleted file mode 100644 index a1c7ac4387..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/helpers.go +++ /dev/null @@ -1,123 +0,0 @@ -package synthesizer - -import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -const stableIDGeneratorHashKey = "auth-stable-id-generator:v1" - -// StableIDGenerator generates stable, deterministic IDs for auth entries. -// It uses keyed HMAC-SHA512 hashing with collision handling via counters. -// It is not safe for concurrent use. -type StableIDGenerator struct { - counters map[string]int -} - -// NewStableIDGenerator creates a new StableIDGenerator instance. -func NewStableIDGenerator() *StableIDGenerator { - return &StableIDGenerator{counters: make(map[string]int)} -} - -// Next generates a stable ID based on the kind and parts. -// Returns the full ID (kind:hash) and the short hash portion. -func (g *StableIDGenerator) Next(kind string, parts ...string) (string, string) { - if g == nil { - return kind + ":000000000000", "000000000000" - } - hasher := hmac.New(sha512.New, []byte(stableIDGeneratorHashKey)) - hasher.Write([]byte(kind)) - for _, part := range parts { - trimmed := strings.TrimSpace(part) - hasher.Write([]byte{0}) - hasher.Write([]byte(trimmed)) - } - digest := hex.EncodeToString(hasher.Sum(nil)) - if len(digest) < 12 { - digest = fmt.Sprintf("%012s", digest) - } - short := digest[:12] - key := kind + ":" + short - index := g.counters[key] - g.counters[key] = index + 1 - if index > 0 { - short = fmt.Sprintf("%s-%d", short, index) - } - return fmt.Sprintf("%s:%s", kind, short), short -} - -// ApplyAuthExcludedModelsMeta applies excluded models metadata to an auth entry. -// It computes a hash of excluded models and sets the auth_kind attribute. -// For OAuth entries, perKey (from the JSON file's excluded-models field) is merged -// with the global oauth-excluded-models config for the provider. -func ApplyAuthExcludedModelsMeta(auth *coreauth.Auth, cfg *config.Config, perKey []string, authKind string) { - if auth == nil || cfg == nil { - return - } - authKindKey := strings.ToLower(strings.TrimSpace(authKind)) - seen := make(map[string]struct{}) - add := func(list []string) { - for _, entry := range list { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - key := strings.ToLower(trimmed) - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - } - } - } - if authKindKey == "apikey" { - add(perKey) - } else { - // For OAuth: merge per-account excluded models with global provider-level exclusions - add(perKey) - if cfg.OAuthExcludedModels != nil { - providerKey := strings.ToLower(strings.TrimSpace(auth.Provider)) - add(cfg.OAuthExcludedModels[providerKey]) - } - } - combined := make([]string, 0, len(seen)) - for k := range seen { - combined = append(combined, k) - } - sort.Strings(combined) - hash := diff.ComputeExcludedModelsHash(combined) - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if hash != "" { - auth.Attributes["excluded_models_hash"] = hash - } - // Store the combined excluded models list so that routing can read it at runtime - if len(combined) > 0 { - auth.Attributes["excluded_models"] = strings.Join(combined, ",") - } - if authKind != "" { - auth.Attributes["auth_kind"] = authKind - } -} - -// addConfigHeadersToAttrs adds header configuration to auth attributes. -// Headers are prefixed with "header:" in the attributes map. -func addConfigHeadersToAttrs(headers map[string]string, attrs map[string]string) { - if len(headers) == 0 || attrs == nil { - return - } - for hk, hv := range headers { - key := strings.TrimSpace(hk) - val := strings.TrimSpace(hv) - if key == "" || val == "" { - continue - } - attrs["header:"+key] = val - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/helpers_test.go deleted file mode 100644 index 5840f6716e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/helpers_test.go +++ /dev/null @@ -1,311 +0,0 @@ -package synthesizer - -import ( - "crypto/sha256" - "encoding/hex" - "reflect" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestStableIDGenerator_Next_DoesNotUseLegacySHA256(t *testing.T) { - gen := NewStableIDGenerator() - id, short := gen.Next("gemini:apikey", "test-key", "https://api.example.com") - if id == "" || short == "" { - t.Fatal("expected generated IDs to be non-empty") - } - - legacyHasher := sha256.New() - legacyHasher.Write([]byte("gemini:apikey")) - legacyHasher.Write([]byte{0}) - legacyHasher.Write([]byte("test-key")) - legacyHasher.Write([]byte{0}) - legacyHasher.Write([]byte("https://api.example.com")) - legacyShort := hex.EncodeToString(legacyHasher.Sum(nil))[:12] - - if short == legacyShort { - t.Fatalf("expected short id to differ from legacy sha256 digest %q", legacyShort) - } -} - -func TestNewStableIDGenerator(t *testing.T) { - gen := NewStableIDGenerator() - if gen == nil { - t.Fatal("expected non-nil generator") - } - if gen.counters == nil { - t.Fatal("expected non-nil counters map") - } -} - -func TestStableIDGenerator_Next(t *testing.T) { - tests := []struct { - name string - kind string - parts []string - wantPrefix string - }{ - { - name: "basic gemini apikey", - kind: "gemini:apikey", - parts: []string{"test-key", ""}, - wantPrefix: "gemini:apikey:", - }, - { - name: "claude with base url", - kind: "claude:apikey", - parts: []string{"sk-ant-xxx", "https://api.anthropic.com"}, - wantPrefix: "claude:apikey:", - }, - { - name: "empty parts", - kind: "codex:apikey", - parts: []string{}, - wantPrefix: "codex:apikey:", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - gen := NewStableIDGenerator() - id, short := gen.Next(tt.kind, tt.parts...) - - if !strings.Contains(id, tt.wantPrefix) { - t.Errorf("expected id to contain %q, got %q", tt.wantPrefix, id) - } - if short == "" { - t.Error("expected non-empty short id") - } - if len(short) != 12 { - t.Errorf("expected short id length 12, got %d", len(short)) - } - }) - } -} - -func TestStableIDGenerator_Stability(t *testing.T) { - gen1 := NewStableIDGenerator() - gen2 := NewStableIDGenerator() - - id1, _ := gen1.Next("gemini:apikey", "test-key", "https://api.example.com") - id2, _ := gen2.Next("gemini:apikey", "test-key", "https://api.example.com") - - if id1 != id2 { - t.Errorf("same inputs should produce same ID: got %q and %q", id1, id2) - } -} - -func TestStableIDGenerator_CollisionHandling(t *testing.T) { - gen := NewStableIDGenerator() - - id1, short1 := gen.Next("gemini:apikey", "same-key") - id2, short2 := gen.Next("gemini:apikey", "same-key") - - if id1 == id2 { - t.Error("collision should be handled with suffix") - } - if short1 == short2 { - t.Error("short ids should differ") - } - if !strings.Contains(short2, "-1") { - t.Errorf("second short id should contain -1 suffix, got %q", short2) - } -} - -func TestStableIDGenerator_NilReceiver(t *testing.T) { - var gen *StableIDGenerator = nil - id, short := gen.Next("test:kind", "part") - - if id != "test:kind:000000000000" { - t.Errorf("expected test:kind:000000000000, got %q", id) - } - if short != "000000000000" { - t.Errorf("expected 000000000000, got %q", short) - } -} - -func TestApplyAuthExcludedModelsMeta(t *testing.T) { - tests := []struct { - name string - auth *coreauth.Auth - cfg *config.Config - perKey []string - authKind string - wantHash bool - wantKind string - }{ - { - name: "apikey with excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "model-b"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "oauth with provider excluded models", - auth: &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - }, - cfg: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"claude-2.0"}, - }, - }, - perKey: nil, - authKind: "oauth", - wantHash: true, - wantKind: "oauth", - }, - { - name: "nil auth", - auth: nil, - cfg: &config.Config{}, - }, - { - name: "nil config", - auth: &coreauth.Auth{Provider: "test"}, - cfg: nil, - authKind: "apikey", - }, - { - name: "nil attributes initialized", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: nil, - }, - cfg: &config.Config{}, - perKey: []string{"model-x"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "apikey with duplicate excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "MODEL-A", "model-b", "model-a"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - ApplyAuthExcludedModelsMeta(tt.auth, tt.cfg, tt.perKey, tt.authKind) - - if tt.auth != nil && tt.cfg != nil { - if tt.wantHash { - if _, ok := tt.auth.Attributes["excluded_models_hash"]; !ok { - t.Error("expected excluded_models_hash in attributes") - } - } - if tt.wantKind != "" { - if got := tt.auth.Attributes["auth_kind"]; got != tt.wantKind { - t.Errorf("expected auth_kind=%s, got %s", tt.wantKind, got) - } - } - } - }) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthMergeWritesCombinedModels(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"global-a", "shared"}, - }, - } - - ApplyAuthExcludedModelsMeta(auth, cfg, []string{"per", "SHARED"}, "oauth") - - const wantCombined = "global-a,per,shared" - if gotCombined := auth.Attributes["excluded_models"]; gotCombined != wantCombined { - t.Fatalf("expected excluded_models=%q, got %q", wantCombined, gotCombined) - } - - expectedHash := diff.ComputeExcludedModelsHash([]string{"global-a", "per", "shared"}) - if gotHash := auth.Attributes["excluded_models_hash"]; gotHash != expectedHash { - t.Fatalf("expected excluded_models_hash=%q, got %q", expectedHash, gotHash) - } -} - -func TestAddConfigHeadersToAttrs(t *testing.T) { - tests := []struct { - name string - headers map[string]string - attrs map[string]string - want map[string]string - }{ - { - name: "basic headers", - headers: map[string]string{ - "Authorization": "Bearer token", - "X-Custom": "value", - }, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{ - "existing": "key", - "header:Authorization": "Bearer token", - "header:X-Custom": "value", - }, - }, - { - name: "empty headers", - headers: map[string]string{}, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil headers", - headers: nil, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil attrs", - headers: map[string]string{"key": "value"}, - attrs: nil, - want: nil, - }, - { - name: "skip empty keys and values", - headers: map[string]string{ - "": "value", - "key": "", - " ": "value", - "valid": "valid-value", - }, - attrs: make(map[string]string), - want: map[string]string{ - "header:valid": "valid-value", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - addConfigHeadersToAttrs(tt.headers, tt.attrs) - if !reflect.DeepEqual(tt.attrs, tt.want) { - t.Errorf("expected %v, got %v", tt.want, tt.attrs) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/interface.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/interface.go deleted file mode 100644 index 1a9aedc965..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/interface.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package synthesizer provides auth synthesis strategies for the watcher package. -// It implements the Strategy pattern to support multiple auth sources: -// - ConfigSynthesizer: generates Auth entries from config API keys -// - FileSynthesizer: generates Auth entries from OAuth JSON files -package synthesizer - -import ( - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// AuthSynthesizer defines the interface for generating Auth entries from various sources. -type AuthSynthesizer interface { - // Synthesize generates Auth entries from the given context. - // Returns a slice of Auth pointers and any error encountered. - Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/synthesizer_generated.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/synthesizer_generated.go deleted file mode 100644 index f5f8a8a8d4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/synthesizer/synthesizer_generated.go +++ /dev/null @@ -1,35 +0,0 @@ -// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package synthesizer - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// getDedicatedProviderEntries returns the config entries for a dedicated provider. -func (s *ConfigSynthesizer) getDedicatedProviderEntries(p config.ProviderSpec, cfg *config.Config) []config.OAICompatProviderConfig { - switch p.YAMLKey { - case "minimax": - return cfg.MiniMaxKey - case "roo": - return cfg.RooKey - case "kilo": - return cfg.KiloKey - case "deepseek": - return cfg.DeepSeekKey - case "groq": - return cfg.GroqKey - case "mistral": - return cfg.MistralKey - case "siliconflow": - return cfg.SiliconFlowKey - case "openrouter": - return cfg.OpenRouterKey - case "together": - return cfg.TogetherKey - case "fireworks": - return cfg.FireworksKey - case "novita": - return cfg.NovitaKey - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/keyutil.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/keyutil.go deleted file mode 100644 index a10ade17e3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/keyutil.go +++ /dev/null @@ -1,208 +0,0 @@ -package vertex - -import ( - "crypto/rsa" - "crypto/x509" - "encoding/base64" - "encoding/json" - "encoding/pem" - "fmt" - "strings" -) - -// NormalizeServiceAccountJSON normalizes the given JSON-encoded service account payload. -// It returns the normalized JSON (with sanitized private_key) or, if normalization fails, -// the original bytes and the encountered error. -func NormalizeServiceAccountJSON(raw []byte) ([]byte, error) { - if len(raw) == 0 { - return raw, nil - } - var payload map[string]any - if err := json.Unmarshal(raw, &payload); err != nil { - return raw, err - } - normalized, err := NormalizeServiceAccountMap(payload) - if err != nil { - return raw, err - } - out, err := json.Marshal(normalized) - if err != nil { - return raw, err - } - return out, nil -} - -// NormalizeServiceAccountMap returns a copy of the given service account map with -// a sanitized private_key field that is guaranteed to contain a valid RSA PRIVATE KEY PEM block. -func NormalizeServiceAccountMap(sa map[string]any) (map[string]any, error) { - if sa == nil { - return nil, fmt.Errorf("service account payload is empty") - } - pk, _ := sa["private_key"].(string) - if strings.TrimSpace(pk) == "" { - return nil, fmt.Errorf("service account missing private_key") - } - normalized, err := sanitizePrivateKey(pk) - if err != nil { - return nil, err - } - clone := make(map[string]any, len(sa)) - for k, v := range sa { - clone[k] = v - } - clone["private_key"] = normalized - return clone, nil -} - -func sanitizePrivateKey(raw string) (string, error) { - pk := strings.ReplaceAll(raw, "\r\n", "\n") - pk = strings.ReplaceAll(pk, "\r", "\n") - pk = stripANSIEscape(pk) - pk = strings.ToValidUTF8(pk, "") - pk = strings.TrimSpace(pk) - - normalized := pk - if block, _ := pem.Decode([]byte(pk)); block == nil { - // Attempt to reconstruct from the textual payload. - if reconstructed, err := rebuildPEM(pk); err == nil { - normalized = reconstructed - } else { - return "", fmt.Errorf("private_key is not valid pem: %w", err) - } - } - - block, _ := pem.Decode([]byte(normalized)) - if block == nil { - return "", fmt.Errorf("private_key pem decode failed") - } - - rsaBlock, err := ensureRSAPrivateKey(block) - if err != nil { - return "", err - } - return string(pem.EncodeToMemory(rsaBlock)), nil -} - -func ensureRSAPrivateKey(block *pem.Block) (*pem.Block, error) { - if block == nil { - return nil, fmt.Errorf("pem block is nil") - } - - if block.Type == "RSA PRIVATE KEY" { - if _, err := x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { - return nil, fmt.Errorf("private_key invalid rsa: %w", err) - } - return block, nil - } - - if block.Type == "PRIVATE KEY" { - key, err := x509.ParsePKCS8PrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("private_key invalid pkcs8: %w", err) - } - rsaKey, ok := key.(*rsa.PrivateKey) - if !ok { - return nil, fmt.Errorf("private_key is not an RSA key") - } - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - - // Attempt auto-detection: try PKCS#1 first, then PKCS#8. - if rsaKey, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil { - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil { - if rsaKey, ok := key.(*rsa.PrivateKey); ok { - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - } - return nil, fmt.Errorf("private_key uses unsupported format") -} - -func rebuildPEM(raw string) (string, error) { - kind := "PRIVATE KEY" - if strings.Contains(raw, "RSA PRIVATE KEY") { - kind = "RSA PRIVATE KEY" - } - header := "-----BEGIN " + kind + "-----" - footer := "-----END " + kind + "-----" - start := strings.Index(raw, header) - end := strings.Index(raw, footer) - if start < 0 || end <= start { - return "", fmt.Errorf("missing pem markers") - } - body := raw[start+len(header) : end] - payload := filterBase64(body) - if payload == "" { - return "", fmt.Errorf("private_key base64 payload empty") - } - der, err := base64.StdEncoding.DecodeString(payload) - if err != nil { - return "", fmt.Errorf("private_key base64 decode failed: %w", err) - } - block := &pem.Block{Type: kind, Bytes: der} - return string(pem.EncodeToMemory(block)), nil -} - -func filterBase64(s string) string { - var b strings.Builder - for _, r := range s { - switch { - case r >= 'A' && r <= 'Z': - b.WriteRune(r) - case r >= 'a' && r <= 'z': - b.WriteRune(r) - case r >= '0' && r <= '9': - b.WriteRune(r) - case r == '+' || r == '/' || r == '=': - b.WriteRune(r) - default: - // skip - } - } - return b.String() -} - -func stripANSIEscape(s string) string { - in := []rune(s) - var out []rune - for i := 0; i < len(in); i++ { - r := in[i] - if r != 0x1b { - out = append(out, r) - continue - } - if i+1 >= len(in) { - continue - } - next := in[i+1] - switch next { - case ']': - i += 2 - for i < len(in) { - if in[i] == 0x07 { - break - } - if in[i] == 0x1b && i+1 < len(in) && in[i+1] == '\\' { - i++ - break - } - i++ - } - case '[': - i += 2 - for i < len(in) { - if (in[i] >= 'A' && in[i] <= 'Z') || (in[i] >= 'a' && in[i] <= 'z') { - break - } - i++ - } - default: - // skip single ESC - } - } - return string(out) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/vertex_credentials.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/vertex_credentials.go deleted file mode 100644 index 2d8c107662..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/vertex_credentials.go +++ /dev/null @@ -1,87 +0,0 @@ -// Package vertex provides token storage for Google Vertex AI Gemini via service account credentials. -// It serialises service account JSON into an auth file that is consumed by the runtime executor. -package vertex - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - log "github.com/sirupsen/logrus" -) - -// VertexCredentialStorage stores the service account JSON for Vertex AI access. -// The content is persisted verbatim under the "service_account" key, together with -// helper fields for project, location and email to improve logging and discovery. -type VertexCredentialStorage struct { - // ServiceAccount holds the parsed service account JSON content. - ServiceAccount map[string]any `json:"service_account"` - - // ProjectID is derived from the service account JSON (project_id). - ProjectID string `json:"project_id"` - - // Email is the client_email from the service account JSON. - Email string `json:"email"` - - // Location optionally sets a default region (e.g., us-central1) for Vertex endpoints. - Location string `json:"location,omitempty"` - - // Type is the provider identifier stored alongside credentials. Always "vertex". - Type string `json:"type"` -} - -// SaveTokenToFile writes the credential payload to the given file path in JSON format. -// It ensures the parent directory exists and logs the operation for transparency. -func (s *VertexCredentialStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - if s == nil { - return fmt.Errorf("vertex credential: storage is nil") - } - if s.ServiceAccount == nil { - return fmt.Errorf("vertex credential: service account content is empty") - } - // Ensure we tag the file with the provider type. - s.Type = "vertex" - cleanPath, err := cleanCredentialPath(authFilePath, "vertex credential") - if err != nil { - return err - } - - if err := os.MkdirAll(filepath.Dir(cleanPath), 0o700); err != nil { - return fmt.Errorf("vertex credential: create directory failed: %w", err) - } - f, err := os.Create(cleanPath) - if err != nil { - return fmt.Errorf("vertex credential: create file failed: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("vertex credential: failed to close file: %v", errClose) - } - }() - enc := json.NewEncoder(f) - enc.SetIndent("", " ") - if err = enc.Encode(s); err != nil { - return fmt.Errorf("vertex credential: encode failed: %w", err) - } - return nil -} - -func cleanCredentialPath(path, scope string) (string, error) { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "", fmt.Errorf("%s: auth file path is empty", scope) - } - clean := filepath.Clean(filepath.FromSlash(trimmed)) - if clean == "." || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("%s: auth file path is invalid", scope) - } - abs, err := filepath.Abs(clean) - if err != nil { - return "", fmt.Errorf("%s: resolve auth file path: %w", scope, err) - } - return filepath.Clean(abs), nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/vertex_credentials_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/vertex_credentials_test.go deleted file mode 100644 index 91947892a1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/vertex/vertex_credentials_test.go +++ /dev/null @@ -1,66 +0,0 @@ -package vertex - -import ( - "os" - "path/filepath" - "strings" - "testing" -) - -func TestVertexCredentialStorage_SaveTokenToFile(t *testing.T) { - tmpDir := t.TempDir() - path := filepath.Join(tmpDir, "vertex-token.json") - - s := &VertexCredentialStorage{ - ServiceAccount: map[string]any{ - "project_id": "test-project", - "client_email": "test@example.com", - }, - ProjectID: "test-project", - Email: "test@example.com", - } - - err := s.SaveTokenToFile(path) - if err != nil { - t.Fatalf("SaveTokenToFile failed: %v", err) - } - - data, err := os.ReadFile(path) - if err != nil { - t.Fatalf("failed to read file: %v", err) - } - - if len(data) == 0 { - t.Fatal("saved file is empty") - } -} - -func TestVertexCredentialStorage_NilChecks(t *testing.T) { - var s *VertexCredentialStorage - err := s.SaveTokenToFile("path") - if err == nil { - t.Error("expected error for nil storage") - } - - s = &VertexCredentialStorage{} - err = s.SaveTokenToFile("path") - if err == nil { - t.Error("expected error for empty service account") - } -} - -func TestVertexCredentialStorage_SaveTokenToFileRejectsTraversalPath(t *testing.T) { - t.Parallel() - - s := &VertexCredentialStorage{ - ServiceAccount: map[string]any{"project_id": "p"}, - } - - err := s.SaveTokenToFile("../vertex.json") - if err == nil { - t.Fatal("expected error for traversal path") - } - if !strings.Contains(err.Error(), "auth file path is invalid") { - t.Fatalf("expected invalid path error, got %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/browser/browser.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/browser/browser.go deleted file mode 100644 index e8551788b3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/browser/browser.go +++ /dev/null @@ -1,548 +0,0 @@ -// Package browser provides cross-platform functionality for opening URLs in the default web browser. -// It abstracts the underlying operating system commands and provides a simple interface. -package browser - -import ( - "fmt" - "os/exec" - "runtime" - "strings" - "sync" - - pkgbrowser "github.com/pkg/browser" - log "github.com/sirupsen/logrus" -) - -// incognitoMode controls whether to open URLs in incognito/private mode. -// This is useful for OAuth flows where you want to use a different account. -var incognitoMode bool - -// lastBrowserProcess stores the last opened browser process for cleanup -var lastBrowserProcess *exec.Cmd -var browserMutex sync.Mutex - -// SetIncognitoMode enables or disables incognito/private browsing mode. -func SetIncognitoMode(enabled bool) { - incognitoMode = enabled -} - -// IsIncognitoMode returns whether incognito mode is enabled. -func IsIncognitoMode() bool { - return incognitoMode -} - -// CloseBrowser closes the last opened browser process. -func CloseBrowser() error { - browserMutex.Lock() - defer browserMutex.Unlock() - - if lastBrowserProcess == nil || lastBrowserProcess.Process == nil { - return nil - } - - err := lastBrowserProcess.Process.Kill() - lastBrowserProcess = nil - return err -} - -// OpenURL opens the specified URL in the default web browser. -// It uses the pkg/browser library which provides robust cross-platform support -// for Windows, macOS, and Linux. -// If incognito mode is enabled, it will open in a private/incognito window. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func OpenURL(url string) error { - log.Debugf("Opening URL in browser: %s (incognito=%v)", url, incognitoMode) - - // If incognito mode is enabled, use platform-specific incognito commands - if incognitoMode { - log.Debug("Using incognito mode") - return openURLIncognito(url) - } - - // Use pkg/browser for cross-platform support - err := pkgbrowser.OpenURL(url) - if err == nil { - log.Debug("Successfully opened URL using pkg/browser library") - return nil - } - - log.Debugf("pkg/browser failed: %v, trying platform-specific commands", err) - - // Fallback to platform-specific commands - return openURLPlatformSpecific(url) -} - -// openURLPlatformSpecific is a helper function that opens a URL using OS-specific commands. -// This serves as a fallback mechanism for OpenURL. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func openURLPlatformSpecific(url string) error { - var cmd *exec.Cmd - - switch runtime.GOOS { - case "darwin": // macOS - cmd = exec.Command("open", url) - case "windows": - cmd = exec.Command("rundll32", "url.dll,FileProtocolHandler", url) - case "linux": - // Try common Linux browsers in order of preference - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - cmd = exec.Command(browser, url) - break - } - } - if cmd == nil { - return fmt.Errorf("no suitable browser found on Linux system") - } - default: - return fmt.Errorf("unsupported operating system: %s", runtime.GOOS) - } - - log.Debugf("Running command: %s %v", cmd.Path, cmd.Args[1:]) - err := cmd.Start() - if err != nil { - return fmt.Errorf("failed to start browser command: %w", err) - } - - log.Debug("Successfully opened URL using platform-specific command") - return nil -} - -// openURLIncognito opens a URL in incognito/private browsing mode. -// It first tries to detect the default browser and use its incognito flag. -// Falls back to a chain of known browsers if detection fails. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func openURLIncognito(url string) error { - // First, try to detect and use the default browser - if cmd := tryDefaultBrowserIncognito(url); cmd != nil { - log.Debugf("Using detected default browser: %s %v", cmd.Path, cmd.Args[1:]) - if err := cmd.Start(); err == nil { - storeBrowserProcess(cmd) - log.Debug("Successfully opened URL in default browser's incognito mode") - return nil - } - log.Debugf("Failed to start default browser, trying fallback chain") - } - - // Fallback to known browser chain - cmd := tryFallbackBrowsersIncognito(url) - if cmd == nil { - log.Warn("No browser with incognito support found, falling back to normal mode") - return openURLPlatformSpecific(url) - } - - log.Debugf("Running incognito command: %s %v", cmd.Path, cmd.Args[1:]) - err := cmd.Start() - if err != nil { - log.Warnf("Failed to open incognito browser: %v, falling back to normal mode", err) - return openURLPlatformSpecific(url) - } - - storeBrowserProcess(cmd) - log.Debug("Successfully opened URL in incognito/private mode") - return nil -} - -// storeBrowserProcess safely stores the browser process for later cleanup. -func storeBrowserProcess(cmd *exec.Cmd) { - browserMutex.Lock() - lastBrowserProcess = cmd - browserMutex.Unlock() -} - -// tryDefaultBrowserIncognito attempts to detect the default browser and return -// an exec.Cmd configured with the appropriate incognito flag. -func tryDefaultBrowserIncognito(url string) *exec.Cmd { - switch runtime.GOOS { - case "darwin": - return tryDefaultBrowserMacOS(url) - case "windows": - return tryDefaultBrowserWindows(url) - case "linux": - return tryDefaultBrowserLinux(url) - } - return nil -} - -// tryDefaultBrowserMacOS detects the default browser on macOS. -func tryDefaultBrowserMacOS(url string) *exec.Cmd { - // Try to get default browser from Launch Services - out, err := exec.Command("defaults", "read", "com.apple.LaunchServices/com.apple.launchservices.secure", "LSHandlers").Output() - if err != nil { - return nil - } - - output := string(out) - var browserName string - - // Parse the output to find the http/https handler - if containsBrowserID(output, "com.google.chrome") { - browserName = "chrome" - } else if containsBrowserID(output, "org.mozilla.firefox") { - browserName = "firefox" - } else if containsBrowserID(output, "com.apple.safari") { - browserName = "safari" - } else if containsBrowserID(output, "com.brave.browser") { - browserName = "brave" - } else if containsBrowserID(output, "com.microsoft.edgemac") { - browserName = "edge" - } - - return createMacOSIncognitoCmd(browserName, url) -} - -// containsBrowserID checks if the LaunchServices output contains a browser ID. -func containsBrowserID(output, bundleID string) bool { - return strings.Contains(output, bundleID) -} - -// createMacOSIncognitoCmd creates the appropriate incognito command for macOS browsers. -func createMacOSIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - // Try direct path first - chromePath := "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - if _, err := exec.LookPath(chromePath); err == nil { - return exec.Command(chromePath, "--incognito", url) - } - return exec.Command("open", "-na", "Google Chrome", "--args", "--incognito", url) - case "firefox": - return exec.Command("open", "-na", "Firefox", "--args", "--private-window", url) - case "safari": - // Safari doesn't have CLI incognito, try AppleScript - return tryAppleScriptSafariPrivate(url) - case "brave": - return exec.Command("open", "-na", "Brave Browser", "--args", "--incognito", url) - case "edge": - return exec.Command("open", "-na", "Microsoft Edge", "--args", "--inprivate", url) - } - return nil -} - -// tryAppleScriptSafariPrivate attempts to open Safari in private browsing mode using AppleScript. -func tryAppleScriptSafariPrivate(url string) *exec.Cmd { - // AppleScript to open a new private window in Safari - script := fmt.Sprintf(` - tell application "Safari" - activate - tell application "System Events" - keystroke "n" using {command down, shift down} - delay 0.5 - end tell - set URL of document 1 to "%s" - end tell - `, url) - - cmd := exec.Command("osascript", "-e", script) - // Test if this approach works by checking if Safari is available - if _, err := exec.LookPath("/Applications/Safari.app/Contents/MacOS/Safari"); err != nil { - log.Debug("Safari not found, AppleScript private window not available") - return nil - } - log.Debug("Attempting Safari private window via AppleScript") - return cmd -} - -// tryDefaultBrowserWindows detects the default browser on Windows via registry. -func tryDefaultBrowserWindows(url string) *exec.Cmd { - // Query registry for default browser - out, err := exec.Command("reg", "query", - `HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice`, - "/v", "ProgId").Output() - if err != nil { - return nil - } - - output := string(out) - var browserName string - - // Map ProgId to browser name - if strings.Contains(output, "ChromeHTML") { - browserName = "chrome" - } else if strings.Contains(output, "FirefoxURL") { - browserName = "firefox" - } else if strings.Contains(output, "MSEdgeHTM") { - browserName = "edge" - } else if strings.Contains(output, "BraveHTML") { - browserName = "brave" - } - - return createWindowsIncognitoCmd(browserName, url) -} - -// createWindowsIncognitoCmd creates the appropriate incognito command for Windows browsers. -func createWindowsIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - paths := []string{ - "chrome", - `C:\Program Files\Google\Chrome\Application\chrome.exe`, - `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - case "firefox": - if path, err := exec.LookPath("firefox"); err == nil { - return exec.Command(path, "--private-window", url) - } - case "edge": - paths := []string{ - "msedge", - `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`, - `C:\Program Files\Microsoft\Edge\Application\msedge.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--inprivate", url) - } - } - case "brave": - paths := []string{ - `C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe`, - `C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - } - return nil -} - -// tryDefaultBrowserLinux detects the default browser on Linux using xdg-settings. -func tryDefaultBrowserLinux(url string) *exec.Cmd { - out, err := exec.Command("xdg-settings", "get", "default-web-browser").Output() - if err != nil { - return nil - } - - desktop := string(out) - var browserName string - - // Map .desktop file to browser name - if strings.Contains(desktop, "google-chrome") || strings.Contains(desktop, "chrome") { - browserName = "chrome" - } else if strings.Contains(desktop, "firefox") { - browserName = "firefox" - } else if strings.Contains(desktop, "chromium") { - browserName = "chromium" - } else if strings.Contains(desktop, "brave") { - browserName = "brave" - } else if strings.Contains(desktop, "microsoft-edge") || strings.Contains(desktop, "msedge") { - browserName = "edge" - } - - return createLinuxIncognitoCmd(browserName, url) -} - -// createLinuxIncognitoCmd creates the appropriate incognito command for Linux browsers. -func createLinuxIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - paths := []string{"google-chrome", "google-chrome-stable"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--incognito", url) - } - } - case "firefox": - paths := []string{"firefox", "firefox-esr"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--private-window", url) - } - } - case "chromium": - paths := []string{"chromium", "chromium-browser"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--incognito", url) - } - } - case "brave": - if path, err := exec.LookPath("brave-browser"); err == nil { - return exec.Command(path, "--incognito", url) - } - case "edge": - if path, err := exec.LookPath("microsoft-edge"); err == nil { - return exec.Command(path, "--inprivate", url) - } - } - return nil -} - -// tryFallbackBrowsersIncognito tries a chain of known browsers as fallback. -func tryFallbackBrowsersIncognito(url string) *exec.Cmd { - switch runtime.GOOS { - case "darwin": - return tryFallbackBrowsersMacOS(url) - case "windows": - return tryFallbackBrowsersWindows(url) - case "linux": - return tryFallbackBrowsersLinuxChain(url) - } - return nil -} - -// tryFallbackBrowsersMacOS tries known browsers on macOS. -func tryFallbackBrowsersMacOS(url string) *exec.Cmd { - // Try Chrome - chromePath := "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - if _, err := exec.LookPath(chromePath); err == nil { - return exec.Command(chromePath, "--incognito", url) - } - // Try Firefox - if _, err := exec.LookPath("/Applications/Firefox.app/Contents/MacOS/firefox"); err == nil { - return exec.Command("open", "-na", "Firefox", "--args", "--private-window", url) - } - // Try Brave - if _, err := exec.LookPath("/Applications/Brave Browser.app/Contents/MacOS/Brave Browser"); err == nil { - return exec.Command("open", "-na", "Brave Browser", "--args", "--incognito", url) - } - // Try Edge - if _, err := exec.LookPath("/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge"); err == nil { - return exec.Command("open", "-na", "Microsoft Edge", "--args", "--inprivate", url) - } - // Last resort: try Safari with AppleScript - if cmd := tryAppleScriptSafariPrivate(url); cmd != nil { - log.Info("Using Safari with AppleScript for private browsing (may require accessibility permissions)") - return cmd - } - return nil -} - -// tryFallbackBrowsersWindows tries known browsers on Windows. -func tryFallbackBrowsersWindows(url string) *exec.Cmd { - // Chrome - chromePaths := []string{ - "chrome", - `C:\Program Files\Google\Chrome\Application\chrome.exe`, - `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`, - } - for _, p := range chromePaths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - // Firefox - if path, err := exec.LookPath("firefox"); err == nil { - return exec.Command(path, "--private-window", url) - } - // Edge (usually available on Windows 10+) - edgePaths := []string{ - "msedge", - `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`, - `C:\Program Files\Microsoft\Edge\Application\msedge.exe`, - } - for _, p := range edgePaths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--inprivate", url) - } - } - return nil -} - -// tryFallbackBrowsersLinuxChain tries known browsers on Linux. -func tryFallbackBrowsersLinuxChain(url string) *exec.Cmd { - type browserConfig struct { - name string - flag string - } - browsers := []browserConfig{ - {"google-chrome", "--incognito"}, - {"google-chrome-stable", "--incognito"}, - {"chromium", "--incognito"}, - {"chromium-browser", "--incognito"}, - {"firefox", "--private-window"}, - {"firefox-esr", "--private-window"}, - {"brave-browser", "--incognito"}, - {"microsoft-edge", "--inprivate"}, - } - for _, b := range browsers { - if path, err := exec.LookPath(b.name); err == nil { - return exec.Command(path, b.flag, url) - } - } - return nil -} - -// IsAvailable checks if the system has a command available to open a web browser. -// It verifies the presence of necessary commands for the current operating system. -// -// Returns: -// - true if a browser can be opened, false otherwise. -func IsAvailable() bool { - // Check platform-specific commands - switch runtime.GOOS { - case "darwin": - _, err := exec.LookPath("open") - return err == nil - case "windows": - _, err := exec.LookPath("rundll32") - return err == nil - case "linux": - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - return true - } - } - return false - default: - return false - } -} - -// GetPlatformInfo returns a map containing details about the current platform's -// browser opening capabilities, including the OS, architecture, and available commands. -// -// Returns: -// - A map with platform-specific browser support information. -func GetPlatformInfo() map[string]interface{} { - info := map[string]interface{}{ - "os": runtime.GOOS, - "arch": runtime.GOARCH, - "available": IsAvailable(), - } - - switch runtime.GOOS { - case "darwin": - info["default_command"] = "open" - case "windows": - info["default_command"] = "rundll32" - case "linux": - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - var availableBrowsers []string - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - availableBrowsers = append(availableBrowsers, browser) - } - } - info["available_browsers"] = availableBrowsers - if len(availableBrowsers) > 0 { - info["default_command"] = availableBrowsers[0] - } - } - - return info -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/buildinfo/buildinfo.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/buildinfo/buildinfo.go deleted file mode 100644 index 0bdfaf8b8d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/buildinfo/buildinfo.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package buildinfo exposes compile-time metadata shared across the server. -package buildinfo - -// The following variables are overridden via ldflags during release builds. -// Defaults cover local development builds. -var ( - // Version is the semantic version or git describe output of the binary. - Version = "dev" - - // Commit is the git commit SHA baked into the binary. - Commit = "none" - - // BuildDate records when the binary was built in UTC. - BuildDate = "unknown" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cache/signature_cache.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cache/signature_cache.go deleted file mode 100644 index af5371bfbc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cache/signature_cache.go +++ /dev/null @@ -1,195 +0,0 @@ -package cache - -import ( - "crypto/sha256" - "encoding/hex" - "strings" - "sync" - "time" -) - -// SignatureEntry holds a cached thinking signature with timestamp -type SignatureEntry struct { - Signature string - Timestamp time.Time -} - -const ( - // SignatureCacheTTL is how long signatures are valid - SignatureCacheTTL = 3 * time.Hour - - // SignatureTextHashLen is the length of the hash key (16 hex chars = 64-bit key space) - SignatureTextHashLen = 16 - - // MinValidSignatureLen is the minimum length for a signature to be considered valid - MinValidSignatureLen = 50 - - // CacheCleanupInterval controls how often stale entries are purged - CacheCleanupInterval = 10 * time.Minute -) - -// signatureCache stores signatures by model group -> textHash -> SignatureEntry -var signatureCache sync.Map - -// cacheCleanupOnce ensures the background cleanup goroutine starts only once -var cacheCleanupOnce sync.Once - -// groupCache is the inner map type -type groupCache struct { - mu sync.RWMutex - entries map[string]SignatureEntry -} - -// hashText creates a stable, Unicode-safe key from text content -func hashText(text string) string { - h := sha256.Sum256([]byte(text)) - return hex.EncodeToString(h[:])[:SignatureTextHashLen] -} - -// getOrCreateGroupCache gets or creates a cache bucket for a model group -func getOrCreateGroupCache(groupKey string) *groupCache { - // Start background cleanup on first access - cacheCleanupOnce.Do(startCacheCleanup) - - if val, ok := signatureCache.Load(groupKey); ok { - return val.(*groupCache) - } - sc := &groupCache{entries: make(map[string]SignatureEntry)} - actual, _ := signatureCache.LoadOrStore(groupKey, sc) - return actual.(*groupCache) -} - -// startCacheCleanup launches a background goroutine that periodically -// removes caches where all entries have expired. -func startCacheCleanup() { - go func() { - ticker := time.NewTicker(CacheCleanupInterval) - defer ticker.Stop() - for range ticker.C { - purgeExpiredCaches() - } - }() -} - -// purgeExpiredCaches removes caches with no valid (non-expired) entries. -func purgeExpiredCaches() { - now := time.Now() - signatureCache.Range(func(key, value any) bool { - sc := value.(*groupCache) - sc.mu.Lock() - // Remove expired entries - for k, entry := range sc.entries { - if now.Sub(entry.Timestamp) > SignatureCacheTTL { - delete(sc.entries, k) - } - } - isEmpty := len(sc.entries) == 0 - sc.mu.Unlock() - // Remove cache bucket if empty - if isEmpty { - signatureCache.Delete(key) - } - return true - }) -} - -// CacheSignature stores a thinking signature for a given model group and text. -// Used for Claude models that require signed thinking blocks in multi-turn conversations. -func CacheSignature(modelName, text, signature string) { - if text == "" || signature == "" { - return - } - if len(signature) < MinValidSignatureLen { - return - } - - groupKey := GetModelGroup(modelName) - textHash := hashText(text) - sc := getOrCreateGroupCache(groupKey) - sc.mu.Lock() - defer sc.mu.Unlock() - - sc.entries[textHash] = SignatureEntry{ - Signature: signature, - Timestamp: time.Now(), - } -} - -// GetCachedSignature retrieves a cached signature for a given model group and text. -// Returns empty string if not found or expired. -func GetCachedSignature(modelName, text string) string { - groupKey := GetModelGroup(modelName) - - if text == "" { - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - val, ok := signatureCache.Load(groupKey) - if !ok { - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - sc := val.(*groupCache) - - textHash := hashText(text) - - now := time.Now() - - sc.mu.Lock() - entry, exists := sc.entries[textHash] - if !exists { - sc.mu.Unlock() - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - if now.Sub(entry.Timestamp) > SignatureCacheTTL { - delete(sc.entries, textHash) - sc.mu.Unlock() - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - - // Refresh TTL on access (sliding expiration). - entry.Timestamp = now - sc.entries[textHash] = entry - sc.mu.Unlock() - - return entry.Signature -} - -// ClearSignatureCache clears signature cache for a specific model group or all groups. -func ClearSignatureCache(modelName string) { - if modelName == "" { - signatureCache.Range(func(key, _ any) bool { - signatureCache.Delete(key) - return true - }) - return - } - groupKey := GetModelGroup(modelName) - signatureCache.Delete(groupKey) -} - -// HasValidSignature checks if a signature is valid (non-empty and long enough) -func HasValidSignature(modelName, signature string) bool { - return (signature != "" && len(signature) >= MinValidSignatureLen) || (signature == "skip_thought_signature_validator" && GetModelGroup(modelName) == "gemini") -} - -func GetModelGroup(modelName string) string { - if strings.Contains(modelName, "gpt") { - return "gpt" - } else if strings.Contains(modelName, "claude") { - return "claude" - } else if strings.Contains(modelName, "gemini") { - return "gemini" - } - return modelName -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cache/signature_cache_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cache/signature_cache_test.go deleted file mode 100644 index 8340815934..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cache/signature_cache_test.go +++ /dev/null @@ -1,210 +0,0 @@ -package cache - -import ( - "testing" - "time" -) - -const testModelName = "claude-sonnet-4-5" - -func TestCacheSignature_BasicStorageAndRetrieval(t *testing.T) { - ClearSignatureCache("") - - text := "This is some thinking text content" - signature := "abc123validSignature1234567890123456789012345678901234567890" - - // Store signature - CacheSignature(testModelName, text, signature) - - // Retrieve signature - retrieved := GetCachedSignature(testModelName, text) - if retrieved != signature { - t.Errorf("Expected signature '%s', got '%s'", signature, retrieved) - } -} - -func TestCacheSignature_DifferentModelGroups(t *testing.T) { - ClearSignatureCache("") - - text := "Same text across models" - sig1 := "signature1_1234567890123456789012345678901234567890123456" - sig2 := "signature2_1234567890123456789012345678901234567890123456" - - geminiModel := "gemini-3-pro-preview" - CacheSignature(testModelName, text, sig1) - CacheSignature(geminiModel, text, sig2) - - if GetCachedSignature(testModelName, text) != sig1 { - t.Error("Claude signature mismatch") - } - if GetCachedSignature(geminiModel, text) != sig2 { - t.Error("Gemini signature mismatch") - } -} - -func TestCacheSignature_NotFound(t *testing.T) { - ClearSignatureCache("") - - // Non-existent session - if got := GetCachedSignature(testModelName, "some text"); got != "" { - t.Errorf("Expected empty string for nonexistent session, got '%s'", got) - } - - // Existing session but different text - CacheSignature(testModelName, "text-a", "sigA12345678901234567890123456789012345678901234567890") - if got := GetCachedSignature(testModelName, "text-b"); got != "" { - t.Errorf("Expected empty string for different text, got '%s'", got) - } -} - -func TestCacheSignature_EmptyInputs(t *testing.T) { - ClearSignatureCache("") - - // All empty/invalid inputs should be no-ops - CacheSignature(testModelName, "", "sig12345678901234567890123456789012345678901234567890") - CacheSignature(testModelName, "text", "") - CacheSignature(testModelName, "text", "short") // Too short - - if got := GetCachedSignature(testModelName, "text"); got != "" { - t.Errorf("Expected empty after invalid cache attempts, got '%s'", got) - } -} - -func TestCacheSignature_ShortSignatureRejected(t *testing.T) { - ClearSignatureCache("") - - text := "Some text" - shortSig := "abc123" // Less than 50 chars - - CacheSignature(testModelName, text, shortSig) - - if got := GetCachedSignature(testModelName, text); got != "" { - t.Errorf("Short signature should be rejected, got '%s'", got) - } -} - -func TestClearSignatureCache_ModelGroup(t *testing.T) { - ClearSignatureCache("") - - sig := "validSig1234567890123456789012345678901234567890123456" - CacheSignature(testModelName, "text", sig) - CacheSignature(testModelName, "text-2", sig) - - ClearSignatureCache("session-1") - - if got := GetCachedSignature(testModelName, "text"); got != sig { - t.Error("signature should remain when clearing unknown session") - } -} - -func TestClearSignatureCache_AllSessions(t *testing.T) { - ClearSignatureCache("") - - sig := "validSig1234567890123456789012345678901234567890123456" - CacheSignature(testModelName, "text", sig) - CacheSignature(testModelName, "text-2", sig) - - ClearSignatureCache("") - - if got := GetCachedSignature(testModelName, "text"); got != "" { - t.Error("text should be cleared") - } - if got := GetCachedSignature(testModelName, "text-2"); got != "" { - t.Error("text-2 should be cleared") - } -} - -func TestHasValidSignature(t *testing.T) { - tests := []struct { - name string - modelName string - signature string - expected bool - }{ - {"valid long signature", testModelName, "abc123validSignature1234567890123456789012345678901234567890", true}, - {"exactly 50 chars", testModelName, "12345678901234567890123456789012345678901234567890", true}, - {"49 chars - invalid", testModelName, "1234567890123456789012345678901234567890123456789", false}, - {"empty string", testModelName, "", false}, - {"short signature", testModelName, "abc", false}, - {"gemini sentinel", "gemini-3-pro-preview", "skip_thought_signature_validator", true}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := HasValidSignature(tt.modelName, tt.signature) - if result != tt.expected { - t.Errorf("HasValidSignature(%q) = %v, expected %v", tt.signature, result, tt.expected) - } - }) - } -} - -func TestCacheSignature_TextHashCollisionResistance(t *testing.T) { - ClearSignatureCache("") - - // Different texts should produce different hashes - text1 := "First thinking text" - text2 := "Second thinking text" - sig1 := "signature1_1234567890123456789012345678901234567890123456" - sig2 := "signature2_1234567890123456789012345678901234567890123456" - - CacheSignature(testModelName, text1, sig1) - CacheSignature(testModelName, text2, sig2) - - if GetCachedSignature(testModelName, text1) != sig1 { - t.Error("text1 signature mismatch") - } - if GetCachedSignature(testModelName, text2) != sig2 { - t.Error("text2 signature mismatch") - } -} - -func TestCacheSignature_UnicodeText(t *testing.T) { - ClearSignatureCache("") - - text := "한글 텍스트와 이모지 🎉 그리고 特殊文字" - sig := "unicodeSig123456789012345678901234567890123456789012345" - - CacheSignature(testModelName, text, sig) - - if got := GetCachedSignature(testModelName, text); got != sig { - t.Errorf("Unicode text signature retrieval failed, got '%s'", got) - } -} - -func TestCacheSignature_Overwrite(t *testing.T) { - ClearSignatureCache("") - - text := "Same text" - sig1 := "firstSignature12345678901234567890123456789012345678901" - sig2 := "secondSignature1234567890123456789012345678901234567890" - - CacheSignature(testModelName, text, sig1) - CacheSignature(testModelName, text, sig2) // Overwrite - - if got := GetCachedSignature(testModelName, text); got != sig2 { - t.Errorf("Expected overwritten signature '%s', got '%s'", sig2, got) - } -} - -// Note: TTL expiration test is tricky to test without mocking time -// We test the logic path exists but actual expiration would require time manipulation -func TestCacheSignature_ExpirationLogic(t *testing.T) { - ClearSignatureCache("") - - // This test verifies the expiration check exists - // In a real scenario, we'd mock time.Now() - text := "text" - sig := "validSig1234567890123456789012345678901234567890123456" - - CacheSignature(testModelName, text, sig) - - // Fresh entry should be retrievable - if got := GetCachedSignature(testModelName, text); got != sig { - t.Errorf("Fresh entry should be retrievable, got '%s'", got) - } - - // We can't easily test actual expiration without time mocking - // but the logic is verified by the implementation - _ = time.Now() // Acknowledge we're not testing time passage -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/anthropic_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/anthropic_login.go deleted file mode 100644 index f8bedb4216..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/anthropic_login.go +++ /dev/null @@ -1,59 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoClaudeLogin triggers the Claude OAuth flow through the shared authentication manager. -// It initiates the OAuth authentication process for Anthropic Claude services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoClaudeLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "claude", castToInternalConfig(cfg), authOpts) - if err != nil { - if authErr, ok := errors.AsType[*claude.AuthenticationError](err); ok { - log.Error(claude.GetUserFriendlyMessage(authErr)) - if authErr.Type == claude.ErrPortInUse.Type { - os.Exit(claude.ErrPortInUse.Code) - } - return - } - fmt.Printf("Claude authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Claude authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/antigravity_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/antigravity_login.go deleted file mode 100644 index 991c558ee4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/antigravity_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoAntigravityLogin triggers the OAuth flow for the antigravity provider and saves tokens. -func DoAntigravityLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - record, savedPath, err := manager.Login(context.Background(), "antigravity", castToInternalConfig(cfg), authOpts) - if err != nil { - log.Errorf("Antigravity authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Antigravity authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_dir.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_dir.go deleted file mode 100644 index 803225fd6e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_dir.go +++ /dev/null @@ -1,69 +0,0 @@ -package cmd - -import ( - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -) - -func resolveAuthDir(cfgAuthDir string) (string, error) { - resolved, err := util.ResolveAuthDirOrDefault(cfgAuthDir) - if err != nil { - return "", err - } - return resolved, nil -} - -func ensureAuthDir(cfgAuthDir string, provider string) (string, error) { - authDir, err := resolveAuthDir(cfgAuthDir) - if err != nil { - return "", err - } - - if err := os.MkdirAll(authDir, 0o700); err != nil { - return "", err - } - - info, err := os.Stat(authDir) - if err != nil { - return "", fmt.Errorf("%s auth-dir %q: %v", provider, authDir, err) - } - - mode := info.Mode().Perm() - if mode&0o077 != 0 { - return "", fmt.Errorf("%s auth-dir %q mode %04o is too permissive; run: chmod 700 %q", provider, authDir, mode, authDir) - } - - return authDir, nil -} - -func authDirTokenFileRef(authDir string, fileName string) string { - tokenPath := filepath.Join(authDir, fileName) - authAbs, err := filepath.Abs(authDir) - if err != nil { - return tokenPath - } - tokenAbs := filepath.Join(authAbs, fileName) - - home, err := os.UserHomeDir() - if err != nil { - return tokenPath - } - - rel, errRel := filepath.Rel(home, tokenAbs) - if errRel != nil { - return tokenPath - } - - if rel == "." { - return "~/" + filepath.ToSlash(fileName) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) { - return tokenPath - } - - return "~/" + filepath.ToSlash(rel) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_dir_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_dir_test.go deleted file mode 100644 index 856ad902ef..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_dir_test.go +++ /dev/null @@ -1,61 +0,0 @@ -package cmd - -import ( - "os" - "path/filepath" - "strings" - "testing" -) - -func TestResolveAuthDir_Default(t *testing.T) { - got, err := resolveAuthDir("") - if err != nil { - t.Fatalf("resolveAuthDir(\"\") error: %v", err) - } - - home, err := os.UserHomeDir() - if err != nil { - t.Fatalf("UserHomeDir: %v", err) - } - expected := filepath.Join(home, ".cli-proxy-api") - if got != expected { - t.Fatalf("resolveAuthDir(\"\") = %q, want %q", got, expected) - } -} - -func TestEnsureAuthDir_RejectsTooPermissiveDir(t *testing.T) { - authDir := t.TempDir() - if err := os.Chmod(authDir, 0o755); err != nil { - t.Fatalf("Chmod: %v", err) - } - - if _, err := ensureAuthDir(authDir, "provider"); err == nil { - t.Fatalf("ensureAuthDir(%q) expected error", authDir) - } else if !strings.Contains(err.Error(), "too permissive") { - t.Fatalf("ensureAuthDir(%q) error = %q, want too permissive", authDir, err) - } else if !strings.Contains(err.Error(), "chmod 700") { - t.Fatalf("ensureAuthDir(%q) error = %q, want chmod guidance", authDir, err) - } -} - -func TestAuthDirTokenFileRef(t *testing.T) { - home, err := os.UserHomeDir() - if err != nil { - t.Fatalf("UserHomeDir: %v", err) - } - - got := authDirTokenFileRef(filepath.Join(home, ".cli-proxy-api"), "key.json") - if got != "~/.cli-proxy-api/key.json" { - t.Fatalf("authDirTokenFileRef(home default) = %q, want ~/.cli-proxy-api/key.json", got) - } - - nested := authDirTokenFileRef(filepath.Join(home, ".cli-proxy-api", "provider"), "key.json") - if nested != "~/.cli-proxy-api/provider/key.json" { - t.Fatalf("authDirTokenFileRef(home nested) = %q, want ~/.cli-proxy-api/provider/key.json", nested) - } - - outside := filepath.Join(os.TempDir(), "key.json") - if got := authDirTokenFileRef(os.TempDir(), "key.json"); got != outside { - t.Fatalf("authDirTokenFileRef(outside home) = %q, want %q", got, outside) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_manager.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_manager.go deleted file mode 100644 index 2a3407be49..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/auth_manager.go +++ /dev/null @@ -1,28 +0,0 @@ -package cmd - -import ( - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" -) - -// newAuthManager creates a new authentication manager instance with all supported -// authenticators and a file-based token store. It initializes authenticators for -// Gemini, Codex, Claude, Qwen, IFlow, Antigravity, and GitHub Copilot providers. -// -// Returns: -// - *sdkAuth.Manager: A configured authentication manager instance -func newAuthManager() *sdkAuth.Manager { - store := sdkAuth.GetTokenStore() - manager := sdkAuth.NewManager(store, - sdkAuth.NewGeminiAuthenticator(), - sdkAuth.NewCodexAuthenticator(), - sdkAuth.NewClaudeAuthenticator(), - sdkAuth.NewQwenAuthenticator(), - sdkAuth.NewIFlowAuthenticator(), - sdkAuth.NewAntigravityAuthenticator(), - sdkAuth.NewKimiAuthenticator(), - sdkAuth.NewKiroAuthenticator(), - sdkAuth.NewGitHubCopilotAuthenticator(), - sdkAuth.NewKiloAuthenticator(), - ) - return manager -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/config_cast.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/config_cast.go deleted file mode 100644 index bab4238a74..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/config_cast.go +++ /dev/null @@ -1,24 +0,0 @@ -package cmd - -import ( - "unsafe" - - internalconfig "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// castToInternalConfig converts a pkg/llmproxy/config.Config pointer to an internal/config.Config pointer. -// This is safe because internal/config.Config is a subset of pkg/llmproxy/config.Config, -// and the memory layout of the common fields is identical. -// The extra fields in pkg/llmproxy/config.Config are ignored during the cast. -func castToInternalConfig(cfg *config.Config) *internalconfig.Config { - return (*internalconfig.Config)(unsafe.Pointer(cfg)) -} - -// castToSDKConfig converts a pkg/llmproxy/config.Config pointer to an sdk/config.Config pointer. -// This is safe because sdk/config.Config is an alias for internal/config.Config, which is a subset -// of pkg/llmproxy/config.Config. The memory layout of the common fields is identical. -func castToSDKConfig(cfg *config.Config) *sdkconfig.Config { - return (*sdkconfig.Config)(unsafe.Pointer(cfg)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/cursor_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/cursor_login.go deleted file mode 100644 index e44e268c92..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/cursor_login.go +++ /dev/null @@ -1,192 +0,0 @@ -package cmd - -import ( - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -const ( - defaultCursorAPIURL = "http://127.0.0.1:3000" - defaultCursorTokenFilePath = "~/.cursor/session-token.txt" -) - -// DoCursorLogin configures Cursor credentials in the local config file. -func DoCursorLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - if cfg == nil { - cfg = &config.Config{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - mode, err := promptFn("Cursor auth mode [1] token-file, [2] zero-action from Cursor IDE: ") - if err != nil { - log.Errorf("Cursor login canceled: %v", err) - return - } - - apiURL, err := promptCursorURL(promptFn) - if err != nil { - log.Errorf("Cursor login canceled: %v", err) - return - } - - modeTokenFile := isCursorTokenFileMode(mode) - entry := config.CursorKey{CursorAPIURL: apiURL} - - if modeTokenFile { - if err := applyCursorTokenFileMode(promptFn, &entry); err != nil { - log.Errorf("Cursor token-file login failed: %v", err) - return - } - } else { - if err := applyCursorZeroActionMode(promptFn, &entry); err != nil { - log.Errorf("Cursor zero-action login failed: %v", err) - return - } - } - - if len(cfg.CursorKey) == 0 { - cfg.CursorKey = []config.CursorKey{entry} - } else { - cfg.CursorKey[0] = entry - } - - configPath := strings.TrimSpace(options.ConfigPath) - if configPath == "" { - log.Errorf("Cursor login requires config path; pass --config= before running login") - return - } - - if err := config.SaveConfigPreserveComments(configPath, cfg); err != nil { - log.Errorf("Failed to save cursor config: %v", err) - return - } - - fmt.Printf("Cursor config saved to %s. Restart the proxy to apply it.\n", configPath) -} - -func isCursorTokenFileMode(raw string) bool { - choice := strings.ToLower(strings.TrimSpace(raw)) - return choice != "2" && choice != "zero" && choice != "zero-action" -} - -func promptCursorURL(promptFn func(string) (string, error)) (string, error) { - candidateURL, err := promptFn(fmt.Sprintf("Cursor API URL [%s]: ", defaultCursorAPIURL)) - if err != nil { - return "", err - } - candidateURL = strings.TrimSpace(candidateURL) - if candidateURL == "" { - return defaultCursorAPIURL, nil - } - return candidateURL, nil -} - -func applyCursorZeroActionMode(promptFn func(string) (string, error), entry *config.CursorKey) error { - entry.TokenFile = "" - - candidateToken, err := promptFn("Cursor auth-token (required for zero-action): ") - if err != nil { - return err - } - candidateToken = strings.TrimSpace(candidateToken) - if candidateToken == "" { - return fmt.Errorf("auth-token cannot be empty") - } - - entry.AuthToken = candidateToken - return nil -} - -func applyCursorTokenFileMode(promptFn func(string) (string, error), entry *config.CursorKey) error { - token, err := promptFn("Cursor token (from cursor-api /build-key): ") - if err != nil { - return err - } - token = strings.TrimSpace(token) - if token == "" { - return fmt.Errorf("token cannot be empty") - } - - tokenFile, err := promptFn(fmt.Sprintf("Token-file path [%s]: ", defaultCursorTokenFilePath)) - if err != nil { - return err - } - tokenFile = strings.TrimSpace(tokenFile) - if tokenFile == "" { - tokenFile = defaultCursorTokenFilePath - } - - tokenPath, err := resolveAndWriteCursorTokenFile(tokenFile, token) - if err != nil { - return err - } - - entry.TokenFile = tokenPath - entry.AuthToken = "" - return nil -} - -func resolveAndWriteCursorTokenFile(rawPath, token string) (string, error) { - resolved, err := resolveCursorPathForWrite(rawPath) - if err != nil { - return "", err - } - - if err := os.MkdirAll(filepath.Dir(resolved), 0o700); err != nil { - return "", fmt.Errorf("create token directory: %w", err) - } - - if err := os.WriteFile(resolved, []byte(strings.TrimSpace(token)+"\n"), 0o600); err != nil { - return "", fmt.Errorf("write token file: %w", err) - } - - return cursorTokenPathForConfig(resolved), nil -} - -func resolveCursorPathForWrite(raw string) (string, error) { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "", fmt.Errorf("path cannot be empty") - } - if strings.HasPrefix(trimmed, "~") { - home, err := os.UserHomeDir() - if err != nil { - return "", fmt.Errorf("resolve home dir: %w", err) - } - remainder := strings.TrimPrefix(trimmed, "~") - remainder = strings.ReplaceAll(remainder, "\\", "/") - remainder = strings.TrimLeft(remainder, "/") - if remainder == "" { - return filepath.Clean(home), nil - } - return filepath.Clean(filepath.Join(home, filepath.FromSlash(remainder))), nil - } - - return filepath.Clean(trimmed), nil -} - -func cursorTokenPathForConfig(resolved string) string { - if home, err := os.UserHomeDir(); err == nil { - rel, relErr := filepath.Rel(home, resolved) - if relErr == nil { - cleanRel := filepath.Clean(rel) - if cleanRel != "." && cleanRel != ".." && !strings.HasPrefix(cleanRel, ".."+string(filepath.Separator)) { - return "~/" + filepath.ToSlash(cleanRel) - } - } - } - - return filepath.Clean(resolved) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/cursor_login_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/cursor_login_test.go deleted file mode 100644 index 08e0f0064b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/cursor_login_test.go +++ /dev/null @@ -1,178 +0,0 @@ -package cmd - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestDoCursorLogin_TokenFileMode_WritesTokenAndConfig(t *testing.T) { - tmp := t.TempDir() - configPath := filepath.Join(tmp, "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - - tokenPath := filepath.Join(tmp, "cursor-session-token.txt") - - cfg := &config.Config{Port: 8317} - promptFn := promptFromQueue(t, - "1", - "", - "sk-cursor-token-1", - tokenPath, - ) - - DoCursorLogin(cfg, &LoginOptions{Prompt: promptFn, ConfigPath: configPath}) - - if len(cfg.CursorKey) != 1 { - t.Fatalf("expected cursor config entry, got %d", len(cfg.CursorKey)) - } - - entry := cfg.CursorKey[0] - if entry.CursorAPIURL != defaultCursorAPIURL { - t.Fatalf("CursorAPIURL = %q, want %q", entry.CursorAPIURL, defaultCursorAPIURL) - } - if entry.AuthToken != "" { - t.Fatalf("AuthToken = %q, want empty", entry.AuthToken) - } - if entry.TokenFile != tokenPath { - t.Fatalf("TokenFile = %q, want %q", entry.TokenFile, tokenPath) - } - - contents, err := os.ReadFile(tokenPath) - if err != nil { - t.Fatalf("read token file: %v", err) - } - if got := string(contents); got != "sk-cursor-token-1\n" { - t.Fatalf("token file content = %q, want %q", got, "sk-cursor-token-1\n") - } - - reloaded, err := config.LoadConfig(configPath) - if err != nil { - t.Fatalf("load saved config: %v", err) - } - if len(reloaded.CursorKey) != 1 || reloaded.CursorKey[0].TokenFile != tokenPath { - t.Fatalf("saved cursor config %v", reloaded.CursorKey) - } -} - -func TestDoCursorLogin_ZeroActionMode_ConfiguresAuthToken(t *testing.T) { - tmp := t.TempDir() - configPath := filepath.Join(tmp, "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - - cfg := &config.Config{Port: 8317} - promptFn := promptFromQueue(t, - "2", - "", - "zero-action-token-1", - ) - - DoCursorLogin(cfg, &LoginOptions{Prompt: promptFn, ConfigPath: configPath}) - - entry := cfg.CursorKey[0] - if entry.TokenFile != "" { - t.Fatalf("TokenFile = %q, want empty", entry.TokenFile) - } - if entry.AuthToken != "zero-action-token-1" { - t.Fatalf("AuthToken = %q, want %q", entry.AuthToken, "zero-action-token-1") - } -} - -func TestResolveCursorPathForWrite_ExpandsHome(t *testing.T) { - home, err := os.UserHomeDir() - if err != nil { - t.Fatalf("user home: %v", err) - } - got, err := resolveCursorPathForWrite("~/.cursor/session-token.txt") - if err != nil { - t.Fatalf("resolve path: %v", err) - } - want := filepath.Join(home, ".cursor", "session-token.txt") - if got != filepath.Clean(want) { - t.Fatalf("resolved path = %q, want %q", got, want) - } -} - -func TestCursorTokenPathForConfig_HomePath(t *testing.T) { - home, err := os.UserHomeDir() - if err != nil { - t.Fatalf("user home: %v", err) - } - - got := cursorTokenPathForConfig(filepath.Join(home, "cursor", "token.txt")) - if got != "~/cursor/token.txt" { - t.Fatalf("config path = %q, want %q", got, "~/cursor/token.txt") - } -} - -func promptFromQueue(t *testing.T, values ...string) func(string) (string, error) { - return func(string) (string, error) { - if len(values) == 0 { - return "", errors.New("no prompt values left") - } - value := values[0] - values = values[1:] - t.Logf("prompt answer used: %q", value) - return value, nil - } -} - -func TestIsCursorTokenFileMode(t *testing.T) { - if !isCursorTokenFileMode("1") { - t.Fatalf("expected mode 1 to be token-file mode") - } - if isCursorTokenFileMode("2") { - t.Fatalf("expected mode 2 to be zero-action mode") - } - if isCursorTokenFileMode("zero-action") { - t.Fatalf("expected zero-action mode token choice to disable token file") - } - if !isCursorTokenFileMode("") { - t.Fatalf("expected empty input to default token-file mode") - } -} - -func TestCursorLoginHelpers_TrimmedMessages(t *testing.T) { - prompted := make([]string, 0, 2) - cfg := &config.Config{Port: 8317} - configPath := filepath.Join(t.TempDir(), "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8317\n"), 0o644); err != nil { - t.Fatalf("write config: %v", err) - } - promptedFn := func(msg string) (string, error) { - prompted = append(prompted, msg) - if strings.Contains(msg, "Cursor auth mode") { - return " 1 ", nil - } - if strings.Contains(msg, "Cursor API URL") { - return " ", nil - } - if strings.Contains(msg, "Cursor token") { - return " sk-abc ", nil - } - if strings.Contains(msg, "Token-file path") { - return " ", nil - } - return "", fmt.Errorf("unexpected prompt: %s", msg) - } - DoCursorLogin(cfg, &LoginOptions{Prompt: promptedFn, ConfigPath: configPath}) - if len(prompted) != 4 { - t.Fatalf("expected 4 prompts, got %d", len(prompted)) - } - entry := cfg.CursorKey[0] - if entry.CursorAPIURL != defaultCursorAPIURL { - t.Fatalf("CursorAPIURL = %q, want default %q", entry.CursorAPIURL, defaultCursorAPIURL) - } - if entry.TokenFile != defaultCursorTokenFilePath { - t.Fatalf("TokenFile = %q, want default %q", entry.TokenFile, defaultCursorTokenFilePath) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/generic_apikey_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/generic_apikey_login.go deleted file mode 100644 index 09919cb530..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/generic_apikey_login.go +++ /dev/null @@ -1,277 +0,0 @@ -package cmd - -import ( - "bufio" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -// DoDeepSeekLogin prompts for DeepSeek API key and stores it in auth-dir. -func DoDeepSeekLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "DeepSeek", "platform.deepseek.com", "deepseek-api-key.json", func(tokenFileRef string) { - entry := config.DeepSeekKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.deepseek.com", - } - if len(cfg.DeepSeekKey) == 0 { - cfg.DeepSeekKey = []config.DeepSeekKey{entry} - } else { - cfg.DeepSeekKey[0] = entry - } - }) -} - -// DoGroqLogin prompts for Groq API key and stores it in auth-dir. -func DoGroqLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "Groq", "console.groq.com", "groq-api-key.json", func(tokenFileRef string) { - entry := config.GroqKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.groq.com/openai/v1", - } - if len(cfg.GroqKey) == 0 { - cfg.GroqKey = []config.GroqKey{entry} - } else { - cfg.GroqKey[0] = entry - } - }) -} - -// DoMistralLogin prompts for Mistral API key and stores it in auth-dir. -func DoMistralLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "Mistral", "console.mistral.ai", "mistral-api-key.json", func(tokenFileRef string) { - entry := config.MistralKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.mistral.ai/v1", - } - if len(cfg.MistralKey) == 0 { - cfg.MistralKey = []config.MistralKey{entry} - } else { - cfg.MistralKey[0] = entry - } - }) -} - -// DoSiliconFlowLogin prompts for SiliconFlow API key and stores it in auth-dir. -func DoSiliconFlowLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "SiliconFlow", "cloud.siliconflow.cn", "siliconflow-api-key.json", func(tokenFileRef string) { - entry := config.SiliconFlowKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.siliconflow.cn/v1", - } - if len(cfg.SiliconFlowKey) == 0 { - cfg.SiliconFlowKey = []config.SiliconFlowKey{entry} - } else { - cfg.SiliconFlowKey[0] = entry - } - }) -} - -// DoOpenRouterLogin prompts for OpenRouter API key and stores it in auth-dir. -func DoOpenRouterLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "OpenRouter", "openrouter.ai/keys", "openrouter-api-key.json", func(tokenFileRef string) { - entry := config.OpenRouterKey{ - TokenFile: tokenFileRef, - BaseURL: "https://openrouter.ai/api/v1", - } - if len(cfg.OpenRouterKey) == 0 { - cfg.OpenRouterKey = []config.OpenRouterKey{entry} - } else { - cfg.OpenRouterKey[0] = entry - } - }) -} - -// DoTogetherLogin prompts for Together AI API key and stores it in auth-dir. -func DoTogetherLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "Together AI", "api.together.xyz/settings/api-keys", "together-api-key.json", func(tokenFileRef string) { - entry := config.TogetherKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.together.xyz/v1", - } - if len(cfg.TogetherKey) == 0 { - cfg.TogetherKey = []config.TogetherKey{entry} - } else { - cfg.TogetherKey[0] = entry - } - }) -} - -// DoFireworksLogin prompts for Fireworks AI API key and stores it in auth-dir. -func DoFireworksLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "Fireworks AI", "fireworks.ai/account/api-keys", "fireworks-api-key.json", func(tokenFileRef string) { - entry := config.FireworksKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.fireworks.ai/inference/v1", - } - if len(cfg.FireworksKey) == 0 { - cfg.FireworksKey = []config.FireworksKey{entry} - } else { - cfg.FireworksKey[0] = entry - } - }) -} - -// DoNovitaLogin prompts for Novita AI API key and stores it in auth-dir. -func DoNovitaLogin(cfg *config.Config, options *LoginOptions) { - doGenericAPIKeyLogin(cfg, options, "Novita AI", "novita.ai/dashboard", "novita-api-key.json", func(tokenFileRef string) { - entry := config.NovitaKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.novita.ai/v1", - } - if len(cfg.NovitaKey) == 0 { - cfg.NovitaKey = []config.NovitaKey{entry} - } else { - cfg.NovitaKey[0] = entry - } - }) -} - -// DoClineLogin prompts for Cline API key and stores it as an OpenAI-compatible provider. -func DoClineLogin(cfg *config.Config, options *LoginOptions) { - doGenericOpenAICompatLogin( - cfg, - options, - "Cline", - "cline.bot", - "cline-api-key.json", - "cline", - "https://api.cline.bot/v1", - "cline-default", - ) -} - -// DoAmpLogin prompts for AMP API key and stores it as an OpenAI-compatible provider. -func DoAmpLogin(cfg *config.Config, options *LoginOptions) { - doGenericOpenAICompatLogin( - cfg, - options, - "AMP", - "ampcode.com", - "amp-api-key.json", - "amp", - "https://api.ampcode.com/v1", - "amp-default", - ) -} - -// DoFactoryAPILogin prompts for Factory API key and stores it as an OpenAI-compatible provider. -func DoFactoryAPILogin(cfg *config.Config, options *LoginOptions) { - doGenericOpenAICompatLogin( - cfg, - options, - "Factory API", - "app.factory.ai", - "factory-api-key.json", - "factory-api", - "https://api.factory.ai/v1", - "factory-default", - ) -} - -func doGenericAPIKeyLogin(cfg *config.Config, options *LoginOptions, providerName, providerURL, fileName string, updateConfig func(string)) { - if options == nil { - options = &LoginOptions{} - } - - var apiKey string - promptMsg := fmt.Sprintf("Enter %s API key (from %s): ", providerName, providerURL) - if options.Prompt != nil { - var err error - apiKey, err = options.Prompt(promptMsg) - if err != nil { - log.Errorf("%s prompt failed: %v", providerName, err) - return - } - } else { - fmt.Print(promptMsg) - scanner := bufio.NewScanner(os.Stdin) - if !scanner.Scan() { - log.Errorf("%s: failed to read API key", providerName) - return - } - apiKey = strings.TrimSpace(scanner.Text()) - } - - apiKey = strings.TrimSpace(apiKey) - if apiKey == "" { - log.Errorf("%s: API key cannot be empty", providerName) - return - } - - authDir, err := ensureAuthDir(strings.TrimSpace(cfg.AuthDir), providerName) - if err != nil { - log.Errorf("%s: %v", providerName, err) - return - } - - tokenPath := filepath.Join(authDir, fileName) - tokenData := map[string]string{"api_key": apiKey} - raw, err := json.MarshalIndent(tokenData, "", " ") - if err != nil { - log.Errorf("%s: failed to marshal token: %v", providerName, err) - return - } - if err := os.WriteFile(tokenPath, raw, 0o600); err != nil { - log.Errorf("%s: failed to write token file %s: %v", providerName, tokenPath, err) - return - } - - tokenFileRef := authDirTokenFileRef(authDir, fileName) - - updateConfig(tokenFileRef) - - configPath := options.ConfigPath - if configPath == "" { - log.Errorf("%s: config path not set; cannot save", providerName) - return - } - - if err := config.SaveConfigPreserveComments(configPath, cfg); err != nil { - log.Errorf("%s: failed to save config: %v", providerName, err) - return - } - - fmt.Printf("%s API key saved to %s (auth-dir). Config updated with token-file. Restart the proxy to apply.\n", providerName, tokenPath) -} - -func doGenericOpenAICompatLogin( - cfg *config.Config, - options *LoginOptions, - providerName string, - providerURL string, - fileName string, - compatName string, - baseURL string, - defaultModel string, -) { - doGenericAPIKeyLogin(cfg, options, providerName, providerURL, fileName, func(tokenFileRef string) { - entry := config.OpenAICompatibility{ - Name: compatName, - BaseURL: baseURL, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {TokenFile: tokenFileRef}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: defaultModel, Alias: defaultModel}, - }, - } - - replaced := false - for i := range cfg.OpenAICompatibility { - if strings.EqualFold(cfg.OpenAICompatibility[i].Name, compatName) { - cfg.OpenAICompatibility[i] = entry - replaced = true - break - } - } - if !replaced { - cfg.OpenAICompatibility = append(cfg.OpenAICompatibility, entry) - } - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/github_copilot_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/github_copilot_login.go deleted file mode 100644 index 0be27d00d6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/github_copilot_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoGitHubCopilotLogin triggers the OAuth device flow for GitHub Copilot and saves tokens. -// It initiates the device flow authentication, displays the user code for the user to enter -// at GitHub's verification URL, and waits for authorization before saving the tokens. -// -// Parameters: -// - cfg: The application configuration containing proxy and auth directory settings -// - options: Login options including browser behavior settings -func DoGitHubCopilotLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - } - - record, savedPath, err := manager.Login(context.Background(), "github-copilot", castToInternalConfig(cfg), authOpts) - if err != nil { - log.Errorf("GitHub Copilot authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("GitHub Copilot authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_cookie.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_cookie.go deleted file mode 100644 index 809ff5ae09..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_cookie.go +++ /dev/null @@ -1,111 +0,0 @@ -package cmd - -import ( - "bufio" - "context" - "fmt" - "os" - "path/filepath" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// DoIFlowCookieAuth performs the iFlow cookie-based authentication. -func DoIFlowCookieAuth(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - reader := bufio.NewReader(os.Stdin) - promptFn = func(prompt string) (string, error) { - fmt.Print(prompt) - value, err := reader.ReadString('\n') - if err != nil { - return "", err - } - return strings.TrimSpace(value), nil - } - } - - // Prompt user for cookie - cookie, err := promptForCookie(promptFn) - if err != nil { - fmt.Printf("Failed to get cookie: %v\n", err) - return - } - - // Check for duplicate BXAuth before authentication - bxAuth := iflow.ExtractBXAuth(cookie) - authDir := "." - if cfg != nil && cfg.AuthDir != "" { - authDir = cfg.AuthDir - } - if existingFile, err := iflow.CheckDuplicateBXAuth(authDir, bxAuth); err != nil { - fmt.Printf("Failed to check duplicate: %v\n", err) - return - } else if existingFile != "" { - fmt.Printf("Duplicate BXAuth found, authentication already exists: %s\n", filepath.Base(existingFile)) - return - } - - // Authenticate with cookie - auth := iflow.NewIFlowAuth(cfg, nil) - ctx := context.Background() - - tokenData, err := auth.AuthenticateWithCookie(ctx, cookie) - if err != nil { - fmt.Printf("iFlow cookie authentication failed: %v\n", err) - return - } - - // Create token storage - tokenStorage := auth.CreateCookieTokenStorage(tokenData) - - // Get auth file path using email in filename - authFilePath := getAuthFilePath(cfg, "iflow", tokenData.Email) - - // Save token to file - if err := tokenStorage.SaveTokenToFile(authFilePath); err != nil { - fmt.Printf("Failed to save authentication: %v\n", err) - return - } - - fmt.Println("Authentication successful.") - fmt.Printf("Expires at: %s\n", tokenData.Expire) - fmt.Printf("Authentication saved to: %s\n", authFilePath) -} - -// promptForCookie prompts the user to enter their iFlow cookie -func promptForCookie(promptFn func(string) (string, error)) (string, error) { - line, err := promptFn("Enter iFlow Cookie (from browser cookies): ") - if err != nil { - return "", fmt.Errorf("failed to read cookie: %w", err) - } - - cookie, err := iflow.NormalizeCookie(line) - if err != nil { - return "", err - } - - return cookie, nil -} - -// getAuthFilePath returns the auth file path for the given provider and email -func getAuthFilePath(cfg *config.Config, provider, email string) string { - authDir := "." - if cfg != nil && cfg.AuthDir != "" { - authDir = cfg.AuthDir - } - - fileName := iflow.SanitizeIFlowFileName(email) - if fileName == "" { - fileName = "account" - } - - return filepath.Join(authDir, fmt.Sprintf("%s-%s-%d.json", provider, fileName, time.Now().Unix())) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_cookie_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_cookie_test.go deleted file mode 100644 index 791d4b777e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_cookie_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package cmd - -import ( - "path/filepath" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestGetAuthFilePath_UsesDefaultAuthDirAndFallbackName(t *testing.T) { - path := getAuthFilePath(nil, "iflow", "") - if filepath.Dir(path) != "." { - t.Fatalf("unexpected auth path prefix: %q", path) - } - base := filepath.Base(path) - if !strings.HasPrefix(base, "iflow-account-") { - t.Fatalf("fallback filename should use account marker, got %q", base) - } - - path = getAuthFilePath(&config.Config{}, "iflow", "user@example.com") - base = filepath.Base(path) - if !strings.HasPrefix(base, "iflow-user@example.com-") { - t.Fatalf("filename should include sanitized email, got %q", base) - } - - path = getAuthFilePath(&config.Config{AuthDir: "/tmp/auth"}, "iflow", "user@example.com") - dir := filepath.Dir(path) - if dir != "/tmp/auth" { - t.Fatalf("auth dir should respect cfg.AuthDir; got %q", dir) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_login.go deleted file mode 100644 index aec09e2c9c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/iflow_login.go +++ /dev/null @@ -1,48 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoIFlowLogin performs the iFlow OAuth login via the shared authentication manager. -func DoIFlowLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "iflow", castToInternalConfig(cfg), authOpts) - if err != nil { - if emailErr, ok := errors.AsType[*sdkAuth.EmailRequiredError](err); ok { - log.Error(emailErr.Error()) - return - } - fmt.Printf("iFlow authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("iFlow authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kilo_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kilo_login.go deleted file mode 100644 index f7678f2110..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kilo_login.go +++ /dev/null @@ -1,52 +0,0 @@ -package cmd - -import ( - "fmt" - "io" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -const kiloInstallHint = "Install: https://www.kiloai.com/download" - -// DoKiloLogin handles the Kilo device flow using the shared authentication manager. -// It initiates the device-based authentication process for Kilo AI services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoKiloLogin(cfg *config.Config, options *LoginOptions) { - exitCode := RunKiloLoginWithRunner(RunNativeCLILogin, os.Stdout, os.Stderr) - if exitCode != 0 { - os.Exit(exitCode) - } -} - -// RunKiloLoginWithRunner runs Kilo login with the given runner. Returns exit code to pass to os.Exit. -// Writes success/error messages to stdout/stderr. Used for testability. -func RunKiloLoginWithRunner(runner NativeCLIRunner, stdout, stderr io.Writer) int { - if runner == nil { - runner = RunNativeCLILogin - } - if stdout == nil { - stdout = os.Stdout - } - if stderr == nil { - stderr = os.Stderr - } - exitCode, err := runner(KiloSpec) - if err != nil { - log.Errorf("Kilo login failed: %v", err) - _, _ = fmt.Fprintf(stderr, "\n%s\n", kiloInstallHint) - return 1 - } - if exitCode != 0 { - return exitCode - } - _, _ = fmt.Fprintln(stdout, "Kilo authentication successful!") - _, _ = fmt.Fprintln(stdout, "Add a kilo: block to your config with token-file: \"~/.kilo/oauth-token.json\" and base-url: \"https://api.kiloai.com/v1\"") - return 0 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kimi_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kimi_login.go deleted file mode 100644 index 12111321ab..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kimi_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoKimiLogin triggers the OAuth device flow for Kimi (Moonshot AI) and saves tokens. -// It initiates the device flow authentication, displays the verification URL for the user, -// and waits for authorization before saving the tokens. -// -// Parameters: -// - cfg: The application configuration containing proxy and auth directory settings -// - options: Login options including browser behavior settings -func DoKimiLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - } - - record, savedPath, err := manager.Login(context.Background(), "kimi", castToInternalConfig(cfg), authOpts) - if err != nil { - log.Errorf("Kimi authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kimi authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kiro_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kiro_login.go deleted file mode 100644 index a138c46134..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kiro_login.go +++ /dev/null @@ -1,218 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoKiroLogin triggers the Kiro authentication flow with Google OAuth. -// This is the default login method (same as --kiro-google-login). -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including Prompt field -func DoKiroLogin(cfg *config.Config, options *LoginOptions) { - // Use Google login as default - DoKiroGoogleLogin(cfg, options) -} - -// DoKiroGoogleLogin triggers Kiro authentication with Google OAuth. -// This uses a custom protocol handler (kiro://) to receive the callback. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroGoogleLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with Google login - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.LoginWithGoogle(context.Background(), castToInternalConfig(cfg), &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro Google authentication failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure the protocol handler is installed") - fmt.Println("2. Complete the Google login in the browser") - fmt.Println("3. If callback fails, try: --kiro-import (after logging in via Kiro IDE)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, castToInternalConfig(cfg)) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro Google authentication successful!") -} - -// DoKiroAWSLogin triggers Kiro authentication with AWS Builder ID. -// This uses the device code flow for AWS SSO OIDC authentication. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroAWSLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with AWS Builder ID login (device code flow) - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.Login(context.Background(), castToInternalConfig(cfg), &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro AWS authentication failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure you have an AWS Builder ID") - fmt.Println("2. Complete the authorization in the browser") - fmt.Println("3. If callback fails, try: --kiro-import (after logging in via Kiro IDE)") - if isKiroAWSAccessPortalError(err) { - fmt.Println("4. AWS access portal sign-in failed. Wait before retrying to avoid account lockouts, or use --kiro-aws-authcode.") - fmt.Println("5. If SSO keeps failing, verify IAM Identity Center setup with your administrator.") - } - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, castToInternalConfig(cfg)) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro AWS authentication successful!") -} - -func isKiroAWSAccessPortalError(err error) bool { - if err == nil { - return false - } - lower := strings.ToLower(err.Error()) - return strings.Contains(lower, "aws access portal sign in error") || - strings.Contains(lower, "unable to sign you in to the aws access portal") -} - -// DoKiroAWSAuthCodeLogin triggers Kiro authentication with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroAWSAuthCodeLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with AWS Builder ID login (authorization code flow) - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.LoginWithAuthCode(context.Background(), castToInternalConfig(cfg), &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro AWS authentication (auth code) failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure you have an AWS Builder ID") - fmt.Println("2. Complete the authorization in the browser") - fmt.Println("3. If callback fails, try: --kiro-aws-login (device code flow)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, castToInternalConfig(cfg)) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro AWS authentication successful!") -} - -// DoKiroImport imports Kiro token from Kiro IDE's token file. -// This is useful for users who have already logged in via Kiro IDE -// and want to use the same credentials in CLI Proxy API. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options (currently unused for import) -func DoKiroImport(cfg *config.Config, options *LoginOptions) { - manager := newAuthManager() - - // Use ImportFromKiroIDE instead of Login - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.ImportFromKiroIDE(context.Background(), castToInternalConfig(cfg)) - if err != nil { - log.Errorf("Kiro token import failed: %v", err) - fmt.Println("\nMake sure you have logged in to Kiro IDE first:") - fmt.Println("1. Open Kiro IDE") - fmt.Println("2. Click 'Sign in with Google' (or GitHub)") - fmt.Println("3. Complete the login process") - fmt.Println("4. Run this command again") - return - } - - // Save the imported auth record - savedPath, err := manager.SaveAuth(record, castToInternalConfig(cfg)) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Imported as %s\n", record.Label) - } - fmt.Println("Kiro token import successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kiro_login_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kiro_login_test.go deleted file mode 100644 index 4bf2715b62..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/kiro_login_test.go +++ /dev/null @@ -1,18 +0,0 @@ -package cmd - -import ( - "errors" - "testing" -) - -func TestIsKiroAWSAccessPortalError(t *testing.T) { - if !isKiroAWSAccessPortalError(errors.New("AWS access portal sign in error: retry later")) { - t.Fatal("expected access portal error to be detected") - } - if !isKiroAWSAccessPortalError(errors.New("We were unable to sign you in to the AWS access portal.")) { - t.Fatal("expected access portal phrase to be detected") - } - if isKiroAWSAccessPortalError(errors.New("network timeout")) { - t.Fatal("did not expect unrelated error to be detected") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/login.go deleted file mode 100644 index a87156217e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/login.go +++ /dev/null @@ -1,699 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -// It includes authentication flows for various AI service providers, service startup, -// and other command-line operations. -package cmd - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "os" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/gemini" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" - geminiCLIVersion = "v1internal" - geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" - geminiCLIApiClient = "gl-node/22.17.0" - geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -) - -type projectSelectionRequiredError struct{} - -func (e *projectSelectionRequiredError) Error() string { - return "gemini cli: project selection required" -} - -// DoLogin handles Google Gemini authentication using the shared authentication manager. -// It initiates the OAuth flow for Google Gemini services, performs the legacy CLI user setup, -// and saves the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - projectID: Optional Google Cloud project ID for Gemini services -// - options: Login options including browser behavior and prompts -func DoLogin(cfg *config.Config, projectID string, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - ctx := context.Background() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - trimmedProjectID := strings.TrimSpace(projectID) - callbackPrompt := promptFn - if trimmedProjectID == "" { - callbackPrompt = nil - } - - loginOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - ProjectID: trimmedProjectID, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: callbackPrompt, - } - - authenticator := sdkAuth.NewGeminiAuthenticator() - record, errLogin := authenticator.Login(ctx, castToInternalConfig(cfg), loginOpts) - if errLogin != nil { - log.Errorf("Gemini authentication failed: %v", errLogin) - return - } - - storage, okStorage := record.Storage.(*gemini.GeminiTokenStorage) - if !okStorage || storage == nil { - log.Error("Gemini authentication failed: unsupported token storage") - return - } - - geminiAuth := gemini.NewGeminiAuth() - httpClient, errClient := geminiAuth.GetAuthenticatedClient(ctx, storage, cfg, &gemini.WebLoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Prompt: callbackPrompt, - }) - if errClient != nil { - log.Errorf("Gemini authentication failed: %v", errClient) - return - } - - log.Info("Authentication successful.") - - var activatedProjects []string - - useGoogleOne := false - if trimmedProjectID == "" && promptFn != nil { - fmt.Println("\nSelect login mode:") - fmt.Println(" 1. Code Assist (GCP project, manual selection)") - fmt.Println(" 2. Google One (personal account, auto-discover project)") - choice, errPrompt := promptFn("Enter choice [1/2] (default: 1): ") - if errPrompt == nil && strings.TrimSpace(choice) == "2" { - useGoogleOne = true - } - } - - if useGoogleOne { - log.Info("Google One mode: auto-discovering project...") - if errSetup := performGeminiCLISetup(ctx, httpClient, storage, ""); errSetup != nil { - log.Errorf("Google One auto-discovery failed: %v", errSetup) - return - } - autoProject := strings.TrimSpace(storage.ProjectID) - if autoProject == "" { - log.Error("Google One auto-discovery returned empty project ID") - return - } - log.Infof("Auto-discovered project: %s", autoProject) - activatedProjects = []string{autoProject} - } else { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - log.Errorf("Failed to get project list: %v", errProjects) - return - } - - selectedProjectID := promptForProjectSelection(projects, trimmedProjectID, promptFn) - projectSelections, errSelection := resolveProjectSelections(selectedProjectID, projects) - if errSelection != nil { - log.Errorf("Invalid project selection: %v", errSelection) - return - } - if len(projectSelections) == 0 { - log.Error("No project selected; aborting login.") - return - } - - seenProjects := make(map[string]bool) - for _, candidateID := range projectSelections { - log.Infof("Activating project %s", candidateID) - if errSetup := performGeminiCLISetup(ctx, httpClient, storage, candidateID); errSetup != nil { - if _, ok := errors.AsType[*projectSelectionRequiredError](errSetup); ok { - log.Error("Failed to start user onboarding: A project ID is required.") - showProjectSelectionHelp(storage.Email, projects) - return - } - log.Errorf("Failed to complete user setup: %v", errSetup) - return - } - finalID := strings.TrimSpace(storage.ProjectID) - if finalID == "" { - finalID = candidateID - } - - if seenProjects[finalID] { - log.Infof("Project %s already activated, skipping", finalID) - continue - } - seenProjects[finalID] = true - activatedProjects = append(activatedProjects, finalID) - } - } - - storage.Auto = false - storage.ProjectID = strings.Join(activatedProjects, ",") - - if !storage.Auto && !storage.Checked { - for _, pid := range activatedProjects { - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, httpClient, pid) - if errCheck != nil { - log.Errorf("Failed to check if Cloud AI API is enabled for %s: %v", pid, errCheck) - return - } - if !isChecked { - log.Errorf("Failed to check if Cloud AI API is enabled for project %s. If you encounter an error message, please create an issue.", pid) - return - } - } - storage.Checked = true - } - - updateAuthRecord(record, storage) - - store := sdkAuth.GetTokenStore() - if setter, okSetter := store.(interface{ SetBaseDir(string) }); okSetter && cfg != nil { - setter.SetBaseDir(cfg.AuthDir) - } - - savedPath, errSave := store.Save(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Gemini authentication successful!") -} - -func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage *gemini.GeminiTokenStorage, requestedProject string) error { - metadata := map[string]string{ - "ideType": "IDE_UNSPECIFIED", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - } - - trimmedRequest := strings.TrimSpace(requestedProject) - explicitProject := trimmedRequest != "" - - loadReqBody := map[string]any{ - "metadata": metadata, - } - if explicitProject { - loadReqBody["cloudaicompanionProject"] = trimmedRequest - } - - var loadResp map[string]any - if errLoad := callGeminiCLI(ctx, httpClient, "loadCodeAssist", loadReqBody, &loadResp); errLoad != nil { - return fmt.Errorf("load code assist: %w", errLoad) - } - - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID := trimmedRequest - if projectID == "" { - if id, okProject := loadResp["cloudaicompanionProject"].(string); okProject { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, okProject := loadResp["cloudaicompanionProject"].(map[string]any); okProject { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - } - if projectID == "" { - // Auto-discovery: try onboardUser without specifying a project - // to let Google auto-provision one (matches Gemini CLI headless behavior - // and Antigravity's FetchProjectID pattern). - autoOnboardReq := map[string]any{ - "tierId": tierID, - "metadata": metadata, - } - - autoCtx, autoCancel := context.WithTimeout(ctx, 30*time.Second) - defer autoCancel() - for attempt := 1; ; attempt++ { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(autoCtx, httpClient, "onboardUser", autoOnboardReq, &onboardResp); errOnboard != nil { - return fmt.Errorf("auto-discovery onboardUser: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch v := resp["cloudaicompanionProject"].(type) { - case string: - projectID = strings.TrimSpace(v) - case map[string]any: - if id, okID := v["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - break - } - - log.Debugf("Auto-discovery: onboarding in progress, attempt %d...", attempt) - select { - case <-autoCtx.Done(): - return &projectSelectionRequiredError{} - case <-time.After(2 * time.Second): - } - } - - if projectID == "" { - return &projectSelectionRequiredError{} - } - log.Infof("Auto-discovered project ID via onboarding: %s", projectID) - } - - onboardReqBody := map[string]any{ - "tierId": tierID, - "metadata": metadata, - "cloudaicompanionProject": projectID, - } - - // Store the requested project as a fallback in case the response omits it. - storage.ProjectID = projectID - - for { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(ctx, httpClient, "onboardUser", onboardReqBody, &onboardResp); errOnboard != nil { - return fmt.Errorf("onboard user: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - responseProjectID := "" - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch projectValue := resp["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - responseProjectID = strings.TrimSpace(id) - } - case string: - responseProjectID = strings.TrimSpace(projectValue) - } - } - - finalProjectID := projectID - if responseProjectID != "" { - if explicitProject && !strings.EqualFold(responseProjectID, projectID) { - // Check if this is a free user (gen-lang-client projects or free/legacy tier) - isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") || - strings.EqualFold(tierID, "FREE") || - strings.EqualFold(tierID, "LEGACY") - - if isFreeUser { - // Interactive prompt for free users - fmt.Printf("\nGoogle returned a different project ID:\n") - fmt.Printf(" Requested (frontend): %s\n", projectID) - fmt.Printf(" Returned (backend): %s\n\n", responseProjectID) - fmt.Printf(" Backend project IDs have access to preview models (gemini-3-*).\n") - fmt.Printf(" This is normal for free tier users.\n\n") - fmt.Printf("Which project ID would you like to use?\n") - fmt.Printf(" [1] Backend (recommended): %s\n", responseProjectID) - fmt.Printf(" [2] Frontend: %s\n\n", projectID) - fmt.Printf("Enter choice [1]: ") - - reader := bufio.NewReader(os.Stdin) - choice, _ := reader.ReadString('\n') - choice = strings.TrimSpace(choice) - - if choice == "2" { - log.Infof("Using frontend project ID: %s", projectID) - fmt.Println(". Warning: Frontend project IDs may not have access to preview models.") - finalProjectID = projectID - } else { - log.Infof("Using backend project ID: %s (recommended)", responseProjectID) - finalProjectID = responseProjectID - } - } else { - // Pro users: keep requested project ID (original behavior) - log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID) - } - } else { - finalProjectID = responseProjectID - } - } - - storage.ProjectID = strings.TrimSpace(finalProjectID) - if storage.ProjectID == "" { - storage.ProjectID = strings.TrimSpace(projectID) - } - if storage.ProjectID == "" { - return fmt.Errorf("onboard user completed without project id") - } - log.Infof("Onboarding complete. Using Project ID: %s", storage.ProjectID) - return nil - } - - log.Println("Onboarding in progress, waiting 5 seconds...") - time.Sleep(5 * time.Second) - } -} - -func callGeminiCLI(ctx context.Context, httpClient *http.Client, endpoint string, body any, result any) error { - url := fmt.Sprintf("%s/%s:%s", geminiCLIEndpoint, geminiCLIVersion, endpoint) - if strings.HasPrefix(endpoint, "operations/") { - url = fmt.Sprintf("%s/%s", geminiCLIEndpoint, endpoint) - } - - var reader io.Reader - if body != nil { - rawBody, errMarshal := json.Marshal(body) - if errMarshal != nil { - return fmt.Errorf("marshal request body: %w", errMarshal) - } - reader = bytes.NewReader(rawBody) - } - - req, errRequest := http.NewRequestWithContext(ctx, http.MethodPost, url, reader) - if errRequest != nil { - return fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - req.Header.Set("X-Goog-Api-Client", geminiCLIApiClient) - req.Header.Set("Client-Metadata", geminiCLIClientMetadata) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return fmt.Errorf("api request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - if result == nil { - _, _ = io.Copy(io.Discard, resp.Body) - return nil - } - - if errDecode := json.NewDecoder(resp.Body).Decode(result); errDecode != nil { - return fmt.Errorf("decode response body: %w", errDecode) - } - - return nil -} - -func fetchGCPProjects(ctx context.Context, httpClient *http.Client) ([]interfaces.GCPProjectProjects, error) { - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, "https://cloudresourcemanager.googleapis.com/v1/projects", nil) - if errRequest != nil { - return nil, fmt.Errorf("could not create project list request: %w", errRequest) - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("failed to execute project list request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, fmt.Errorf("project list request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var projects interfaces.GCPProject - if errDecode := json.NewDecoder(resp.Body).Decode(&projects); errDecode != nil { - return nil, fmt.Errorf("failed to unmarshal project list: %w", errDecode) - } - - return projects.Projects, nil -} - -// promptForProjectSelection prints available projects and returns the chosen project ID. -func promptForProjectSelection(projects []interfaces.GCPProjectProjects, presetID string, promptFn func(string) (string, error)) string { - trimmedPreset := strings.TrimSpace(presetID) - if len(projects) == 0 { - if trimmedPreset != "" { - return trimmedPreset - } - fmt.Println("No Google Cloud projects are available for selection.") - return "" - } - - fmt.Println("Available Google Cloud projects:") - defaultIndex := 0 - for idx, project := range projects { - fmt.Printf("[%d] %s (%s)\n", idx+1, project.ProjectID, project.Name) - if trimmedPreset != "" && project.ProjectID == trimmedPreset { - defaultIndex = idx - } - } - fmt.Println("Type 'ALL' to onboard every listed project.") - - defaultID := projects[defaultIndex].ProjectID - - if trimmedPreset != "" { - if strings.EqualFold(trimmedPreset, "ALL") { - return "ALL" - } - for _, project := range projects { - if project.ProjectID == trimmedPreset { - return trimmedPreset - } - } - log.Warnf("Provided project ID %s not found in available projects; please choose from the list.", trimmedPreset) - } - - for { - promptMsg := fmt.Sprintf("Enter project ID [%s] or ALL: ", defaultID) - answer, errPrompt := promptFn(promptMsg) - if errPrompt != nil { - log.Errorf("Project selection prompt failed: %v", errPrompt) - return defaultID - } - answer = strings.TrimSpace(answer) - if strings.EqualFold(answer, "ALL") { - return "ALL" - } - if answer == "" { - return defaultID - } - - for _, project := range projects { - if project.ProjectID == answer { - return project.ProjectID - } - } - - if idx, errAtoi := strconv.Atoi(answer); errAtoi == nil { - if idx >= 1 && idx <= len(projects) { - return projects[idx-1].ProjectID - } - } - - fmt.Println("Invalid selection, enter a project ID or a number from the list.") - } -} - -func resolveProjectSelections(selection string, projects []interfaces.GCPProjectProjects) ([]string, error) { - trimmed := strings.TrimSpace(selection) - if trimmed == "" { - return nil, nil - } - available := make(map[string]struct{}, len(projects)) - ordered := make([]string, 0, len(projects)) - for _, project := range projects { - id := strings.TrimSpace(project.ProjectID) - if id == "" { - continue - } - if _, exists := available[id]; exists { - continue - } - available[id] = struct{}{} - ordered = append(ordered, id) - } - if strings.EqualFold(trimmed, "ALL") { - if len(ordered) == 0 { - return nil, fmt.Errorf("no projects available for ALL selection") - } - return append([]string(nil), ordered...), nil - } - parts := strings.Split(trimmed, ",") - selections := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, dup := seen[id]; dup { - continue - } - if len(available) > 0 { - if _, ok := available[id]; !ok { - return nil, fmt.Errorf("project %s not found in available projects", id) - } - } - seen[id] = struct{}{} - selections = append(selections, id) - } - return selections, nil -} - -func defaultProjectPrompt() func(string) (string, error) { - reader := bufio.NewReader(os.Stdin) - return func(prompt string) (string, error) { - fmt.Print(prompt) - line, errRead := reader.ReadString('\n') - if errRead != nil { - if errors.Is(errRead, io.EOF) { - return strings.TrimSpace(line), nil - } - return "", errRead - } - return strings.TrimSpace(line), nil - } -} - -func showProjectSelectionHelp(email string, projects []interfaces.GCPProjectProjects) { - if email != "" { - log.Infof("Your account %s needs to specify a project ID.", email) - } else { - log.Info("You need to specify a project ID.") - } - - if len(projects) > 0 { - fmt.Println("========================================================================") - for _, p := range projects { - fmt.Printf("Project ID: %s\n", p.ProjectID) - fmt.Printf("Project Name: %s\n", p.Name) - fmt.Println("------------------------------------------------------------------------") - } - } else { - fmt.Println("No active projects were returned for this account.") - } - - fmt.Printf("Please run this command to login again with a specific project:\n\n%s --login --project_id \n", os.Args[0]) -} - -func checkCloudAPIIsEnabled(ctx context.Context, httpClient *http.Client, projectID string) (bool, error) { - serviceUsageURL := "https://serviceusage.googleapis.com" - requiredServices := []string{ - // "geminicloudassist.googleapis.com", // Gemini Cloud Assist API - "cloudaicompanion.googleapis.com", // Gemini for Google Cloud API - } - for _, service := range requiredServices { - checkUrl := fmt.Sprintf("%s/v1/projects/%s/services/%s", serviceUsageURL, projectID, service) - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, checkUrl, nil) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo := httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - if resp.StatusCode == http.StatusOK { - bodyBytes, _ := io.ReadAll(resp.Body) - if gjson.GetBytes(bodyBytes, "state").String() == "ENABLED" { - _ = resp.Body.Close() - continue - } - } - _ = resp.Body.Close() - - enableUrl := fmt.Sprintf("%s/v1/projects/%s/services/%s:enable", serviceUsageURL, projectID, service) - req, errRequest = http.NewRequestWithContext(ctx, http.MethodPost, enableUrl, strings.NewReader("{}")) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo = httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - bodyBytes, _ := io.ReadAll(resp.Body) - errMessage := string(bodyBytes) - errMessageResult := gjson.GetBytes(bodyBytes, "error.message") - if errMessageResult.Exists() { - errMessage = errMessageResult.String() - } - if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated { - _ = resp.Body.Close() - continue - } else if resp.StatusCode == http.StatusBadRequest { - _ = resp.Body.Close() - if strings.Contains(strings.ToLower(errMessage), "already enabled") { - continue - } - } - _ = resp.Body.Close() - return false, fmt.Errorf("project activation required: %s", errMessage) - } - return true, nil -} - -func updateAuthRecord(record *cliproxyauth.Auth, storage *gemini.GeminiTokenStorage) { - if record == nil || storage == nil { - return - } - - finalName := gemini.CredentialFileName(storage.Email, storage.ProjectID, true) - - if record.Metadata == nil { - record.Metadata = make(map[string]any) - } - record.Metadata["email"] = storage.Email - record.Metadata["project_id"] = storage.ProjectID - record.Metadata["auto"] = storage.Auto - record.Metadata["checked"] = storage.Checked - - record.ID = finalName - record.FileName = finalName - record.Storage = storage -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/minimax_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/minimax_login.go deleted file mode 100644 index cbfbc72a59..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/minimax_login.go +++ /dev/null @@ -1,92 +0,0 @@ -package cmd - -import ( - "bufio" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -const minimaxAuthFileName = "minimax-api-key.json" - -// DoMinimaxLogin prompts for MiniMax API key and stores it in auth-dir (same primitives as OAuth providers). -// Writes a JSON file to auth-dir and adds a minimax: block with token-file pointing to it. -func DoMinimaxLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - var apiKey string - if options.Prompt != nil { - var err error - apiKey, err = options.Prompt("Enter MiniMax API key (from platform.minimax.io): ") - if err != nil { - log.Errorf("MiniMax prompt failed: %v", err) - return - } - } else { - fmt.Print("Enter MiniMax API key (from platform.minimax.io): ") - scanner := bufio.NewScanner(os.Stdin) - if !scanner.Scan() { - log.Error("MiniMax: failed to read API key") - return - } - apiKey = strings.TrimSpace(scanner.Text()) - } - - apiKey = strings.TrimSpace(apiKey) - if apiKey == "" { - log.Error("MiniMax: API key cannot be empty") - return - } - - authDir, err := ensureAuthDir(strings.TrimSpace(cfg.AuthDir), "MiniMax") - if err != nil { - log.Errorf("MiniMax: %v", err) - return - } - - tokenPath := filepath.Join(authDir, minimaxAuthFileName) - tokenData := map[string]string{"api_key": apiKey} - raw, err := json.MarshalIndent(tokenData, "", " ") - if err != nil { - log.Errorf("MiniMax: failed to marshal token: %v", err) - return - } - if err := os.WriteFile(tokenPath, raw, 0o600); err != nil { - log.Errorf("MiniMax: failed to write token file %s: %v", tokenPath, err) - return - } - - // Use token-file (same primitive as OAuth providers); do not store raw key in config. - // Prefer portable ~ path when under default auth-dir for consistency with config.example. - tokenFileRef := authDirTokenFileRef(authDir, minimaxAuthFileName) - - entry := config.MiniMaxKey{ - TokenFile: tokenFileRef, - BaseURL: "https://api.minimax.chat/v1", - } - if len(cfg.MiniMaxKey) == 0 { - cfg.MiniMaxKey = []config.MiniMaxKey{entry} - } else { - cfg.MiniMaxKey[0] = entry - } - - configPath := options.ConfigPath - if configPath == "" { - log.Error("MiniMax: config path not set; cannot save") - return - } - - if err := config.SaveConfigPreserveComments(configPath, cfg); err != nil { - log.Errorf("MiniMax: failed to save config: %v", err) - return - } - - fmt.Printf("MiniMax API key saved to %s (auth-dir). Config updated with token-file. Restart the proxy to apply.\n", tokenPath) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/native_cli.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/native_cli.go deleted file mode 100644 index 1c50c36c72..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/native_cli.go +++ /dev/null @@ -1,75 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -package cmd - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" -) - -// NativeCLISpec defines a provider that uses its own CLI for authentication. -type NativeCLISpec struct { - // Name is the CLI binary name (e.g. "roo", "kilo"). - Name string - // Args are the subcommand args (e.g. ["auth", "login"]). - Args []string - // FallbackNames are alternative binary names to try (e.g. "kilocode" for kilo). - FallbackNames []string -} - -var ( - // RooSpec defines Roo Code native CLI: roo auth login. - RooSpec = NativeCLISpec{ - Name: "roo", - Args: []string{"auth", "login"}, - FallbackNames: nil, - } - // KiloSpec defines Kilo native CLI: kilo auth or kilocode auth. - KiloSpec = NativeCLISpec{ - Name: "kilo", - Args: []string{"auth"}, - FallbackNames: []string{"kilocode"}, - } -) - -// ResolveNativeCLI returns the absolute path to the native CLI binary, or empty string if not found. -// Checks PATH and ~/.local/bin. -func ResolveNativeCLI(spec NativeCLISpec) string { - names := append([]string{spec.Name}, spec.FallbackNames...) - for _, name := range names { - if path, err := exec.LookPath(name); err == nil && path != "" { - return path - } - home, err := os.UserHomeDir() - if err != nil { - continue - } - local := filepath.Join(home, ".local", "bin", name) - if info, err := os.Stat(local); err == nil && !info.IsDir() { - return local - } - } - return "" -} - -// RunNativeCLILogin executes the native CLI with the given spec. -// Returns the exit code and any error. Exit code is -1 if the binary was not found. -func RunNativeCLILogin(spec NativeCLISpec) (exitCode int, err error) { - binary := ResolveNativeCLI(spec) - if binary == "" { - return -1, fmt.Errorf("%s CLI not found", spec.Name) - } - cmd := exec.Command(binary, spec.Args...) - cmd.Stdin = os.Stdin - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - cmd.Env = os.Environ() - if runErr := cmd.Run(); runErr != nil { - if exitErr, ok := runErr.(*exec.ExitError); ok { - return exitErr.ExitCode(), nil - } - return -1, runErr - } - return 0, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/native_cli_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/native_cli_test.go deleted file mode 100644 index a1e3d89043..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/native_cli_test.go +++ /dev/null @@ -1,137 +0,0 @@ -package cmd - -import ( - "os" - "os/exec" - "path/filepath" - "testing" -) - -func TestResolveNativeCLI_Roo(t *testing.T) { - path := ResolveNativeCLI(RooSpec) - // May or may not be installed; we only verify the function doesn't panic - if path != "" { - t.Logf("ResolveNativeCLI(roo) found: %s", path) - } else { - t.Log("ResolveNativeCLI(roo) not found (roo may not be installed)") - } -} - -func TestResolveNativeCLI_Kilo(t *testing.T) { - path := ResolveNativeCLI(KiloSpec) - if path != "" { - t.Logf("ResolveNativeCLI(kilo) found: %s", path) - } else { - t.Log("ResolveNativeCLI(kilo) not found (kilo/kilocode may not be installed)") - } -} - -func TestResolveNativeCLI_FromPATH(t *testing.T) { - // Create temp dir with fake binary - tmp := t.TempDir() - fakeRoo := filepath.Join(tmp, "roo") - if err := os.WriteFile(fakeRoo, []byte("#!/bin/sh\nexit 0"), 0755); err != nil { - t.Fatalf("write fake binary: %v", err) - } - origPath := os.Getenv("PATH") - defer func() { _ = os.Setenv("PATH", origPath) }() - _ = os.Setenv("PATH", tmp+string(filepath.ListSeparator)+origPath) - - spec := NativeCLISpec{Name: "roo", Args: []string{"auth", "login"}} - path := ResolveNativeCLI(spec) - if path == "" { - t.Skip("PATH with fake roo not used (exec.LookPath may resolve differently)") - } - if path != fakeRoo { - t.Logf("ResolveNativeCLI returned %q (expected %q); may have found system roo", path, fakeRoo) - } -} - -func TestResolveNativeCLI_LocalBin(t *testing.T) { - tmp := t.TempDir() - localBin := filepath.Join(tmp, ".local", "bin") - if err := os.MkdirAll(localBin, 0755); err != nil { - t.Fatalf("mkdir: %v", err) - } - fakeKilo := filepath.Join(localBin, "kilocode") - if err := os.WriteFile(fakeKilo, []byte("#!/bin/sh\nexit 0"), 0755); err != nil { - t.Fatalf("write fake kilocode: %v", err) - } - - origHome := os.Getenv("HOME") - origPath := os.Getenv("PATH") - defer func() { - _ = os.Setenv("HOME", origHome) - _ = os.Setenv("PATH", origPath) - }() - _ = os.Setenv("HOME", tmp) - // Empty PATH so LookPath fails; we rely on ~/.local/bin - _ = os.Setenv("PATH", "") - - path := ResolveNativeCLI(KiloSpec) - if path != fakeKilo { - t.Errorf("ResolveNativeCLI(kilo) = %q, want %q", path, fakeKilo) - } -} - -func TestRunNativeCLILogin_NotFound(t *testing.T) { - spec := NativeCLISpec{ - Name: "nonexistent-cli-xyz-12345", - Args: []string{"auth"}, - FallbackNames: nil, - } - exitCode, err := RunNativeCLILogin(spec) - if err == nil { - t.Errorf("RunNativeCLILogin expected error for nonexistent binary, got nil") - } - if exitCode != -1 { - t.Errorf("RunNativeCLILogin exitCode = %d, want -1", exitCode) - } -} - -func TestRunNativeCLILogin_Echo(t *testing.T) { - // Use a binary that exists and exits 0 quickly (e.g. true, echo) - truePath, err := exec.LookPath("true") - if err != nil { - truePath, err = exec.LookPath("echo") - if err != nil { - t.Skip("neither 'true' nor 'echo' found in PATH") - } - } - spec := NativeCLISpec{ - Name: filepath.Base(truePath), - Args: []string{}, - FallbackNames: nil, - } - // ResolveNativeCLI may not find it if it's in a non-standard path - path := ResolveNativeCLI(spec) - if path == "" { - // Override spec to use full path - we need a way to test with a known binary - // For now, skip if not found - t.Skip("true/echo not in PATH or ~/.local/bin") - } - // If we get here, RunNativeCLILogin would run "true" or "echo" - avoid side effects - // by just verifying ResolveNativeCLI works - t.Logf("ResolveNativeCLI found %s", path) -} - -func TestRooSpec(t *testing.T) { - if RooSpec.Name != "roo" { - t.Errorf("RooSpec.Name = %q, want roo", RooSpec.Name) - } - if len(RooSpec.Args) != 2 || RooSpec.Args[0] != "auth" || RooSpec.Args[1] != "login" { - t.Errorf("RooSpec.Args = %v, want [auth login]", RooSpec.Args) - } -} - -func TestKiloSpec(t *testing.T) { - if KiloSpec.Name != "kilo" { - t.Errorf("KiloSpec.Name = %q, want kilo", KiloSpec.Name) - } - if len(KiloSpec.Args) != 1 || KiloSpec.Args[0] != "auth" { - t.Errorf("KiloSpec.Args = %v, want [auth]", KiloSpec.Args) - } - if len(KiloSpec.FallbackNames) != 1 || KiloSpec.FallbackNames[0] != "kilocode" { - t.Errorf("KiloSpec.FallbackNames = %v, want [kilocode]", KiloSpec.FallbackNames) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/openai_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/openai_login.go deleted file mode 100644 index aeb1f71a3f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/openai_login.go +++ /dev/null @@ -1,75 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// LoginOptions contains options for the login processes. -// It provides configuration for authentication flows including browser behavior -// and interactive prompting capabilities. -type LoginOptions struct { - // NoBrowser indicates whether to skip opening the browser automatically. - NoBrowser bool - - // CallbackPort overrides the local OAuth callback port when set (>0). - CallbackPort int - - // Prompt allows the caller to provide interactive input when needed. - Prompt func(prompt string) (string, error) - - // ConfigPath is the path to the config file (for login flows that write config, e.g. minimax). - ConfigPath string -} - -// DoCodexLogin triggers the Codex OAuth flow through the shared authentication manager. -// It initiates the OAuth authentication process for OpenAI Codex services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoCodexLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "codex", castToInternalConfig(cfg), authOpts) - if err != nil { - if authErr, ok := errors.AsType[*codex.AuthenticationError](err); ok { - log.Error(codex.GetUserFriendlyMessage(authErr)) - if authErr.Type == codex.ErrPortInUse.Type { - os.Exit(codex.ErrPortInUse.Code) - } - return - } - fmt.Printf("Codex authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - fmt.Println("Codex authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/qwen_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/qwen_login.go deleted file mode 100644 index 33595b782d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/qwen_login.go +++ /dev/null @@ -1,60 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoQwenLogin handles the Qwen device flow using the shared authentication manager. -// It initiates the device-based authentication process for Qwen services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoQwenLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = func(prompt string) (string, error) { - fmt.Println() - fmt.Println(prompt) - var value string - _, err := fmt.Scanln(&value) - return value, err - } - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "qwen", castToInternalConfig(cfg), authOpts) - if err != nil { - if emailErr, ok := errors.AsType[*sdkAuth.EmailRequiredError](err); ok { - log.Error(emailErr.Error()) - return - } - fmt.Printf("Qwen authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Qwen authentication successful!") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/roo_kilo_login_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/roo_kilo_login_test.go deleted file mode 100644 index 6d8667db3f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/roo_kilo_login_test.go +++ /dev/null @@ -1,117 +0,0 @@ -package cmd - -import ( - "bytes" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestRunRooLoginWithRunner_Success(t *testing.T) { - mockRunner := func(spec NativeCLISpec) (int, error) { - if spec.Name != "roo" { - t.Errorf("mockRunner got spec.Name = %q, want roo", spec.Name) - } - return 0, nil - } - var stdout, stderr bytes.Buffer - code := RunRooLoginWithRunner(mockRunner, &stdout, &stderr) - if code != 0 { - t.Errorf("RunRooLoginWithRunner(success) = %d, want 0", code) - } - out := stdout.String() - if !strings.Contains(out, "Roo authentication successful!") { - t.Errorf("stdout missing success message: %q", out) - } - if !strings.Contains(out, "roo: block") { - t.Errorf("stdout missing config hint: %q", out) - } - if stderr.Len() > 0 { - t.Errorf("stderr should be empty on success, got: %q", stderr.String()) - } -} - -func TestRunRooLoginWithRunner_CLINotFound(t *testing.T) { - mockRunner := func(NativeCLISpec) (int, error) { - return -1, errRooNotFound - } - var stdout, stderr bytes.Buffer - code := RunRooLoginWithRunner(mockRunner, &stdout, &stderr) - if code != 1 { - t.Errorf("RunRooLoginWithRunner(not found) = %d, want 1", code) - } - if !strings.Contains(stderr.String(), rooInstallHint) { - t.Errorf("stderr missing install hint: %q", stderr.String()) - } -} - -var errRooNotFound = &mockErr{msg: "roo CLI not found"} - -type mockErr struct{ msg string } - -func (e *mockErr) Error() string { return e.msg } - -func TestRunRooLoginWithRunner_CLIExitsNonZero(t *testing.T) { - mockRunner := func(NativeCLISpec) (int, error) { - return 42, nil // CLI exited with 42 - } - var stdout, stderr bytes.Buffer - code := RunRooLoginWithRunner(mockRunner, &stdout, &stderr) - if code != 42 { - t.Errorf("RunRooLoginWithRunner(exit 42) = %d, want 42", code) - } - if strings.Contains(stdout.String(), "Roo authentication successful!") { - t.Errorf("should not print success when CLI exits non-zero") - } -} - -func TestRunKiloLoginWithRunner_Success(t *testing.T) { - mockRunner := func(spec NativeCLISpec) (int, error) { - if spec.Name != "kilo" { - t.Errorf("mockRunner got spec.Name = %q, want kilo", spec.Name) - } - return 0, nil - } - var stdout, stderr bytes.Buffer - code := RunKiloLoginWithRunner(mockRunner, &stdout, &stderr) - if code != 0 { - t.Errorf("RunKiloLoginWithRunner(success) = %d, want 0", code) - } - out := stdout.String() - if !strings.Contains(out, "Kilo authentication successful!") { - t.Errorf("stdout missing success message: %q", out) - } - if !strings.Contains(out, "kilo: block") { - t.Errorf("stdout missing config hint: %q", out) - } -} - -func TestRunKiloLoginWithRunner_CLINotFound(t *testing.T) { - mockRunner := func(NativeCLISpec) (int, error) { - return -1, &mockErr{msg: "kilo CLI not found"} - } - var stdout, stderr bytes.Buffer - code := RunKiloLoginWithRunner(mockRunner, &stdout, &stderr) - if code != 1 { - t.Errorf("RunKiloLoginWithRunner(not found) = %d, want 1", code) - } - if !strings.Contains(stderr.String(), kiloInstallHint) { - t.Errorf("stderr missing install hint: %q", stderr.String()) - } -} - -func TestDoRooLogin_DoesNotPanic(t *testing.T) { - // DoRooLogin calls os.Exit, so we can't test it directly without subprocess. - // Verify the function exists and accepts config. - cfg := &config.Config{} - opts := &LoginOptions{} - // This would os.Exit - we just ensure it compiles and the signature is correct - _ = cfg - _ = opts - // Run the testable helper instead - code := RunRooLoginWithRunner(func(NativeCLISpec) (int, error) { return 0, nil }, nil, nil) - if code != 0 { - t.Errorf("RunRooLoginWithRunner = %d, want 0", code) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/roo_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/roo_login.go deleted file mode 100644 index cbefa7a65d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/roo_login.go +++ /dev/null @@ -1,54 +0,0 @@ -package cmd - -import ( - "fmt" - "io" - "os" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -const rooInstallHint = "Install: curl -fsSL https://raw.githubusercontent.com/RooCodeInc/Roo-Code/main/apps/cli/install.sh | sh" - -// NativeCLIRunner runs a native CLI login and returns (exitCode, error). -// Used for dependency injection in tests. -type NativeCLIRunner func(spec NativeCLISpec) (exitCode int, err error) - -// RunRooLoginWithRunner runs Roo login with the given runner. Returns exit code to pass to os.Exit. -// Writes success/error messages to stdout/stderr. Used for testability. -func RunRooLoginWithRunner(runner NativeCLIRunner, stdout, stderr io.Writer) int { - if runner == nil { - runner = RunNativeCLILogin - } - if stdout == nil { - stdout = os.Stdout - } - if stderr == nil { - stderr = os.Stderr - } - exitCode, err := runner(RooSpec) - if err != nil { - log.Errorf("Roo login failed: %v", err) - _, _ = fmt.Fprintf(stderr, "\n%s\n", rooInstallHint) - return 1 - } - if exitCode != 0 { - return exitCode - } - _, _ = fmt.Fprintln(stdout, "Roo authentication successful!") - _, _ = fmt.Fprintln(stdout, "Add a roo: block to your config with token-file: \"~/.roo/oauth-token.json\" and base-url: \"https://api.roocode.com/v1\"") - return 0 -} - -// DoRooLogin runs the Roo native CLI (roo auth login) for authentication. -// Roo stores tokens in ~/.roo/; add a roo: block to config with token-file pointing to that location. -// -// Parameters: -// - cfg: The application configuration (used for auth-dir context; roo uses its own paths) -// - options: Login options (unused for native CLI; kept for API consistency) -func DoRooLogin(cfg *config.Config, options *LoginOptions) { - _ = cfg - _ = options - os.Exit(RunRooLoginWithRunner(RunNativeCLILogin, nil, nil)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/run.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/run.go deleted file mode 100644 index 43ec4948da..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/run.go +++ /dev/null @@ -1,98 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -// It includes authentication flows for various AI service providers, service startup, -// and other command-line operations. -package cmd - -import ( - "context" - "errors" - "os/signal" - "syscall" - "time" - - internalapi "github.com/router-for-me/CLIProxyAPI/v6/internal/api" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy" - log "github.com/sirupsen/logrus" -) - -// StartService builds and runs the proxy service using the exported SDK. -// It creates a new proxy service instance, sets up signal handling for graceful shutdown, -// and starts the service with the provided configuration. -// -// Parameters: -// - cfg: The application configuration -// - configPath: The path to the configuration file -// - localPassword: Optional password accepted for local management requests -func StartService(cfg *config.Config, configPath string, localPassword string) { - builder := cliproxy.NewBuilder(). - WithConfig(castToSDKConfig(cfg)). - WithConfigPath(configPath). - WithLocalManagementPassword(localPassword) - - ctxSignal, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) - defer cancel() - - runCtx := ctxSignal - if localPassword != "" { - var keepAliveCancel context.CancelFunc - runCtx, keepAliveCancel = context.WithCancel(ctxSignal) - builder = builder.WithServerOptions(internalapi.WithKeepAliveEndpoint(10*time.Second, func() { - log.Warn("keep-alive endpoint idle for 10s, shutting down") - keepAliveCancel() - })) - } - - service, err := builder.Build() - if err != nil { - log.Errorf("failed to build proxy service: %v", err) - return - } - - err = service.Run(runCtx) - if err != nil && !errors.Is(err, context.Canceled) { - log.Errorf("proxy service exited with error: %v", err) - } -} - -// StartServiceBackground starts the proxy service in a background goroutine -// and returns a cancel function for shutdown and a done channel. -func StartServiceBackground(cfg *config.Config, configPath string, localPassword string) (cancel func(), done <-chan struct{}) { - builder := cliproxy.NewBuilder(). - WithConfig(castToSDKConfig(cfg)). - WithConfigPath(configPath). - WithLocalManagementPassword(localPassword) - - ctx, cancelFn := context.WithCancel(context.Background()) - doneCh := make(chan struct{}) - - service, err := builder.Build() - if err != nil { - log.Errorf("failed to build proxy service: %v", err) - close(doneCh) - return cancelFn, doneCh - } - - go func() { - defer close(doneCh) - if err := service.Run(ctx); err != nil && !errors.Is(err, context.Canceled) { - log.Errorf("proxy service exited with error: %v", err) - } - }() - - return cancelFn, doneCh -} - -// WaitForCloudDeploy waits indefinitely for shutdown signals in cloud deploy mode -// when no configuration file is available. -func WaitForCloudDeploy() { - // Clarify that we are intentionally idle for configuration and not running the API server. - log.Info("Cloud deploy mode: No config found; standing by for configuration. API server is not started. Press Ctrl+C to exit.") - - ctxSignal, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) - defer cancel() - - // Block until shutdown signal is received - <-ctxSignal.Done() - log.Info("Cloud deploy mode: Shutdown signal received; exiting") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/setup.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/setup.go deleted file mode 100644 index b9ac655384..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/setup.go +++ /dev/null @@ -1,211 +0,0 @@ -// Package cmd provides command-line interface helper flows for cliproxy. -package cmd - -import ( - "fmt" - "sort" - "strconv" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -) - -type setupOption struct { - label string - run func(*config.Config, *LoginOptions) -} - -// SetupOptions controls interactive wizard behavior. -type SetupOptions struct { - // ConfigPath points to the active config file. - ConfigPath string - // Prompt provides custom prompt handling for tests. - Prompt func(string) (string, error) -} - -// DoSetupWizard runs an interactive first-run setup flow. -func DoSetupWizard(cfg *config.Config, options *SetupOptions) { - if cfg == nil { - cfg = &config.Config{} - } - promptFn := options.getPromptFn() - - authDir := strings.TrimSpace(cfg.AuthDir) - fmt.Println("Welcome to cliproxy setup.") - fmt.Printf("Config file: %s\n", emptyOrUnset(options.ConfigPath, "(default)")) - fmt.Printf("Auth directory: %s\n", emptyOrUnset(authDir, util.DefaultAuthDir)) - - fmt.Println("") - printProfileSummary(cfg) - fmt.Println("") - - choice, err := promptFn("Continue with guided provider setup? [y/N]: ") - if err != nil || strings.ToLower(strings.TrimSpace(choice)) != "y" { - printPostCheckSummary(cfg) - return - } - - for { - choices := setupOptions() - fmt.Println("Available provider setup actions:") - for i, opt := range choices { - fmt.Printf(" %2d) %s\n", i+1, opt.label) - } - fmt.Printf(" %2d) %s\n", len(choices)+1, "Skip setup and print post-check summary") - selection, errPrompt := promptFn("Select providers (comma-separated IDs, e.g. 1,3,5): ") - if errPrompt != nil { - fmt.Printf("Setup canceled: %v\n", errPrompt) - return - } - - normalized := normalizeSelectionStrings(selection) - if len(normalized) == 0 { - printPostCheckSummary(cfg) - return - } - - selectionContext := &LoginOptions{ - NoBrowser: false, - CallbackPort: 0, - Prompt: promptFn, - ConfigPath: options.ConfigPath, - } - for _, raw := range normalized { - if raw == "" { - continue - } - if raw == "skip" || raw == "s" || raw == "q" || raw == "quit" { - printPostCheckSummary(cfg) - return - } - if raw == "all" || raw == "a" { - for _, option := range choices { - option.run(cfg, selectionContext) - } - printPostCheckSummary(cfg) - return - } - idx, parseErr := strconv.Atoi(raw) - if parseErr != nil || idx < 1 || idx > len(choices) { - fmt.Printf("Ignoring invalid provider index %q\n", raw) - continue - } - option := choices[idx-1] - option.run(cfg, selectionContext) - } - printPostCheckSummary(cfg) - return - } -} - -func (options *SetupOptions) getPromptFn() func(string) (string, error) { - if options == nil { - return defaultProjectPrompt() - } - if options.Prompt != nil { - return options.Prompt - } - return defaultProjectPrompt() -} - -func setupOptions() []setupOption { - return []setupOption{ - {label: "Gemini OAuth login", run: func(cfg *config.Config, loginOptions *LoginOptions) { - DoLogin(cfg, "", loginOptions) - }}, - {label: "Claude OAuth login", run: DoClaudeLogin}, - {label: "Codex OAuth login", run: DoCodexLogin}, - {label: "Kiro OAuth login", run: DoKiroLogin}, - {label: "Cursor login", run: DoCursorLogin}, - {label: "GitHub Copilot OAuth login", run: DoGitHubCopilotLogin}, - {label: "MiniMax API key login", run: DoMinimaxLogin}, - {label: "Kimi API key/OAuth login", run: DoKimiLogin}, - {label: "DeepSeek API key login", run: DoDeepSeekLogin}, - {label: "Groq API key login", run: DoGroqLogin}, - {label: "Mistral API key login", run: DoMistralLogin}, - {label: "SiliconFlow API key login", run: DoSiliconFlowLogin}, - {label: "OpenRouter API key login", run: DoOpenRouterLogin}, - {label: "Together AI API key login", run: DoTogetherLogin}, - {label: "Fireworks AI API key login", run: DoFireworksLogin}, - {label: "Novita AI API key login", run: DoNovitaLogin}, - {label: "Cline API key login", run: DoClineLogin}, - {label: "AMP API key login", run: DoAmpLogin}, - {label: "Factory API key login", run: DoFactoryAPILogin}, - {label: "Roo Code login", run: DoRooLogin}, - {label: "Antigravity login", run: DoAntigravityLogin}, - {label: "iFlow OAuth login", run: DoIFlowLogin}, - {label: "Qwen OAuth login", run: DoQwenLogin}, - } -} - -func printProfileSummary(cfg *config.Config) { - fmt.Println("Detected auth profile signals:") - if cfg == nil { - fmt.Println(" - no config loaded") - return - } - enabled := map[string]bool{ - "Codex API key": len(cfg.CodexKey) > 0, - "Claude API key": len(cfg.ClaudeKey) > 0, - "Gemini OAuth config": len(cfg.GeminiKey) > 0, - "Kiro OAuth config": len(cfg.KiroKey) > 0, - "Cursor OAuth config": len(cfg.CursorKey) > 0, - "MiniMax": len(cfg.MiniMaxKey) > 0, - "Kilo": len(cfg.KiloKey) > 0, - "Roo": len(cfg.RooKey) > 0, - "DeepSeek": len(cfg.DeepSeekKey) > 0, - "Groq": len(cfg.GroqKey) > 0, - "Mistral": len(cfg.MistralKey) > 0, - "SiliconFlow": len(cfg.SiliconFlowKey) > 0, - "OpenRouter": len(cfg.OpenRouterKey) > 0, - "Together": len(cfg.TogetherKey) > 0, - "Fireworks": len(cfg.FireworksKey) > 0, - "Novita": len(cfg.NovitaKey) > 0, - "OpenAI compatibility": len(cfg.OpenAICompatibility) > 0, - } - - keys := make([]string, 0, len(enabled)) - for key := range enabled { - keys = append(keys, key) - } - sort.Strings(keys) - for _, key := range keys { - state := "no" - if enabled[key] { - state = "yes" - } - fmt.Printf(" - %s: %s\n", key, state) - } -} - -func printPostCheckSummary(cfg *config.Config) { - fmt.Println("Setup summary:") - if cfg == nil { - fmt.Println(" - No config loaded.") - return - } - fmt.Printf(" - auth-dir: %s\n", emptyOrUnset(strings.TrimSpace(cfg.AuthDir), "unset")) - fmt.Printf(" - configured providers: codex=%d, claude=%d, kiro=%d, cursor=%d, openai-compat=%d\n", - len(cfg.CodexKey), len(cfg.ClaudeKey), len(cfg.KiroKey), len(cfg.CursorKey), len(cfg.OpenAICompatibility)) -} - -func normalizeSelectionStrings(raw string) []string { - parts := strings.FieldsFunc(raw, func(r rune) bool { return r == ',' || r == ' ' }) - out := make([]string, 0, len(parts)) - for _, part := range parts { - trimmed := strings.ToLower(strings.TrimSpace(part)) - if trimmed == "" { - continue - } - out = append(out, trimmed) - } - return out -} - -func emptyOrUnset(value, fallback string) string { - if value == "" { - return fallback - } - return value -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/setup_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/setup_test.go deleted file mode 100644 index 712536120c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/setup_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package cmd - -import ( - "bytes" - "io" - "os" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestSetupOptions_ContainsCursorLogin(t *testing.T) { - options := setupOptions() - found := false - for _, option := range options { - if option.label == "Cursor login" { - found = true - break - } - } - if !found { - t.Fatal("expected setup options to include Cursor login") - } -} - -func TestSetupOptions_ContainsPromotedProviders(t *testing.T) { - options := setupOptions() - found := map[string]bool{ - "Cline API key login": false, - "AMP API key login": false, - "Factory API key login": false, - } - for _, option := range options { - if _, ok := found[option.label]; ok { - found[option.label] = true - } - } - for label, ok := range found { - if !ok { - t.Fatalf("expected setup options to include %q", label) - } - } -} - -func TestPrintPostCheckSummary_IncludesCursorProviderCount(t *testing.T) { - cfg := &config.Config{ - CursorKey: []config.CursorKey{{CursorAPIURL: defaultCursorAPIURL}}, - } - - output := captureStdout(t, func() { - printPostCheckSummary(cfg) - }) - - if !strings.Contains(output, "cursor=1") { - t.Fatalf("summary output missing cursor count: %q", output) - } -} - -func captureStdout(t *testing.T, fn func()) string { - t.Helper() - - origStdout := os.Stdout - read, write, err := os.Pipe() - if err != nil { - t.Fatalf("os.Pipe: %v", err) - } - os.Stdout = write - fn() - _ = write.Close() - os.Stdout = origStdout - - var buf bytes.Buffer - _, _ = io.Copy(&buf, read) - _ = read.Close() - - return buf.String() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/thegent_login.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/thegent_login.go deleted file mode 100644 index f9020ce206..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/thegent_login.go +++ /dev/null @@ -1,58 +0,0 @@ -package cmd - -import ( - "fmt" - "io" - "os" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -const thegentInstallHint = "Install: pipx install thegent (or pip install -U thegent)" - -func ThegentSpec(provider string) NativeCLISpec { - return NativeCLISpec{ - Name: "thegent", - Args: []string{"cliproxy", "login", strings.TrimSpace(provider)}, - } -} - -// RunThegentLoginWithRunner runs TheGent unified login for a provider. -func RunThegentLoginWithRunner(runner NativeCLIRunner, stdout, stderr io.Writer, provider string) int { - if runner == nil { - runner = RunNativeCLILogin - } - if stdout == nil { - stdout = os.Stdout - } - if stderr == nil { - stderr = os.Stderr - } - - provider = strings.TrimSpace(provider) - if provider == "" { - _, _ = fmt.Fprintln(stderr, "provider is required for --thegent-login (example: --thegent-login=codex)") - return 1 - } - - exitCode, err := runner(ThegentSpec(provider)) - if err != nil { - log.Errorf("TheGent login failed: %v", err) - _, _ = fmt.Fprintf(stderr, "\n%s\n", thegentInstallHint) - return 1 - } - if exitCode != 0 { - return exitCode - } - _, _ = fmt.Fprintf(stdout, "TheGent authentication successful for provider %q!\n", provider) - return 0 -} - -// DoThegentLogin runs TheGent unified provider login flow. -func DoThegentLogin(cfg *config.Config, options *LoginOptions, provider string) { - _ = cfg - _ = options - os.Exit(RunThegentLoginWithRunner(RunNativeCLILogin, nil, nil, provider)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/thegent_login_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/thegent_login_test.go deleted file mode 100644 index ee72bef6f3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/thegent_login_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package cmd - -import ( - "bytes" - "strings" - "testing" -) - -func TestRunThegentLoginWithRunner_Success(t *testing.T) { - mockRunner := func(spec NativeCLISpec) (int, error) { - if spec.Name != "thegent" { - t.Errorf("mockRunner got spec.Name = %q, want thegent", spec.Name) - } - if len(spec.Args) != 3 || spec.Args[0] != "cliproxy" || spec.Args[1] != "login" || spec.Args[2] != "codex" { - t.Errorf("mockRunner got spec.Args = %v, want [cliproxy login codex]", spec.Args) - } - return 0, nil - } - var stdout, stderr bytes.Buffer - code := RunThegentLoginWithRunner(mockRunner, &stdout, &stderr, "codex") - if code != 0 { - t.Errorf("RunThegentLoginWithRunner(success) = %d, want 0", code) - } - if !strings.Contains(stdout.String(), "TheGent authentication successful") { - t.Errorf("stdout missing success message: %q", stdout.String()) - } - if stderr.Len() > 0 { - t.Errorf("stderr should be empty on success, got: %q", stderr.String()) - } -} - -func TestRunThegentLoginWithRunner_EmptyProvider(t *testing.T) { - var stdout, stderr bytes.Buffer - code := RunThegentLoginWithRunner(nil, &stdout, &stderr, " ") - if code != 1 { - t.Errorf("RunThegentLoginWithRunner(empty provider) = %d, want 1", code) - } - if !strings.Contains(stderr.String(), "provider is required") { - t.Errorf("stderr missing provider-required message: %q", stderr.String()) - } -} - -func TestRunThegentLoginWithRunner_CLINotFound(t *testing.T) { - mockRunner := func(NativeCLISpec) (int, error) { - return -1, &mockErr{msg: "thegent CLI not found"} - } - var stdout, stderr bytes.Buffer - code := RunThegentLoginWithRunner(mockRunner, &stdout, &stderr, "codex") - if code != 1 { - t.Errorf("RunThegentLoginWithRunner(not found) = %d, want 1", code) - } - if !strings.Contains(stderr.String(), thegentInstallHint) { - t.Errorf("stderr missing install hint: %q", stderr.String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/vertex_import.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/vertex_import.go deleted file mode 100644 index c1f154808c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cmd/vertex_import.go +++ /dev/null @@ -1,123 +0,0 @@ -// Package cmd contains CLI helpers. This file implements importing a Vertex AI -// service account JSON into the auth store as a dedicated "vertex" credential. -package cmd - -import ( - "context" - "encoding/json" - "fmt" - "os" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/vertex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// DoVertexImport imports a Google Cloud service account key JSON and persists -// it as a "vertex" provider credential. The file content is embedded in the auth -// file to allow portable deployment across stores. -func DoVertexImport(cfg *config.Config, keyPath string) { - if cfg == nil { - cfg = &config.Config{} - } - if resolved, errResolve := util.ResolveAuthDir(cfg.AuthDir); errResolve == nil { - cfg.AuthDir = resolved - } - rawPath := strings.TrimSpace(keyPath) - if rawPath == "" { - log.Errorf("vertex-import: missing service account key path") - return - } - data, errRead := os.ReadFile(rawPath) - if errRead != nil { - log.Errorf("vertex-import: read file failed: %v", errRead) - return - } - var sa map[string]any - if errUnmarshal := json.Unmarshal(data, &sa); errUnmarshal != nil { - log.Errorf("vertex-import: invalid service account json: %v", errUnmarshal) - return - } - // Validate and normalize private_key before saving - normalizedSA, errFix := vertex.NormalizeServiceAccountMap(sa) - if errFix != nil { - log.Errorf("vertex-import: %v", errFix) - return - } - sa = normalizedSA - email, _ := sa["client_email"].(string) - projectID, _ := sa["project_id"].(string) - if strings.TrimSpace(projectID) == "" { - log.Errorf("vertex-import: project_id missing in service account json") - return - } - if strings.TrimSpace(email) == "" { - // Keep empty email but warn - log.Warn("vertex-import: client_email missing in service account json") - } - // Default location if not provided by user. Can be edited in the saved file later. - location := "us-central1" - - fileName := fmt.Sprintf("vertex-%s.json", sanitizeFilePart(projectID)) - // Build auth record - storage := &vertex.VertexCredentialStorage{ - ServiceAccount: sa, - ProjectID: projectID, - Email: email, - Location: location, - } - metadata := map[string]any{ - "service_account": sa, - "project_id": projectID, - "email": email, - "location": location, - "type": "vertex", - "label": labelForVertex(projectID, email), - } - record := &coreauth.Auth{ - ID: fileName, - Provider: "vertex", - FileName: fileName, - Storage: storage, - Metadata: metadata, - } - - store := sdkAuth.GetTokenStore() - if setter, ok := store.(interface{ SetBaseDir(string) }); ok { - setter.SetBaseDir(cfg.AuthDir) - } - path, errSave := store.Save(context.Background(), record) - if errSave != nil { - log.Errorf("vertex-import: save credential failed: %v", errSave) - return - } - fmt.Printf("Vertex credentials imported: %s\n", path) -} - -func sanitizeFilePart(s string) string { - out := strings.TrimSpace(s) - replacers := []string{"/", "_", "\\", "_", ":", "_", " ", "-"} - for i := 0; i < len(replacers); i += 2 { - out = strings.ReplaceAll(out, replacers[i], replacers[i+1]) - } - return out -} - -func labelForVertex(projectID, email string) string { - p := strings.TrimSpace(projectID) - e := strings.TrimSpace(email) - if p != "" && e != "" { - return fmt.Sprintf("%s (%s)", p, e) - } - if p != "" { - return p - } - if e != "" { - return e - } - return "vertex" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config.go deleted file mode 100644 index 20cda78ae8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config.go +++ /dev/null @@ -1,2252 +0,0 @@ -// Package config provides configuration management for the CLI Proxy API server. -// It handles loading and parsing YAML configuration files, and provides structured -// access to application settings including server port, authentication directory, -// debug settings, proxy configuration, and API keys. -// -//go:generate go run ../../cmd/codegen/main.go -package config - -import ( - "bytes" - "encoding/json" - "errors" - "fmt" - "os" - "strings" - "syscall" - - log "github.com/sirupsen/logrus" - "golang.org/x/crypto/bcrypt" - "gopkg.in/yaml.v3" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/ratelimit" -) - -const ( - DefaultPanelGitHubRepository = "https://github.com/router-for-me/Cli-Proxy-API-Management-Center" - DefaultPprofAddr = "127.0.0.1:8316" -) - -// Config represents the application's configuration, loaded from a YAML file. -type Config struct { - SDKConfig `yaml:",inline"` - // Host is the network host/interface on which the API server will bind. - // Default is empty ("") to bind all interfaces (IPv4 + IPv6). Use "127.0.0.1" or "localhost" for local-only access. - Host string `yaml:"host" json:"-"` - // Port is the network port on which the API server will listen. - Port int `yaml:"port" json:"-"` - - // TLS config controls HTTPS server settings. - TLS TLSConfig `yaml:"tls" json:"tls"` - - // RemoteManagement nests management-related options under 'remote-management'. - RemoteManagement RemoteManagement `yaml:"remote-management" json:"-"` - - // AuthDir is the directory where authentication token files are stored. - AuthDir string `yaml:"auth-dir" json:"-"` - - // Debug enables or disables debug-level logging and other debug features. - Debug bool `yaml:"debug" json:"debug"` - - // Pprof config controls the optional pprof HTTP debug server. - Pprof PprofConfig `yaml:"pprof" json:"pprof"` - - // CommercialMode disables high-overhead HTTP middleware features to minimize per-request memory usage. - CommercialMode bool `yaml:"commercial-mode" json:"commercial-mode"` - - // LoggingToFile controls whether application logs are written to rotating files or stdout. - LoggingToFile bool `yaml:"logging-to-file" json:"logging-to-file"` - - // LogsMaxTotalSizeMB limits the total size (in MB) of log files under the logs directory. - // When exceeded, the oldest log files are deleted until within the limit. Set to 0 to disable. - LogsMaxTotalSizeMB int `yaml:"logs-max-total-size-mb" json:"logs-max-total-size-mb"` - - // ErrorLogsMaxFiles limits the number of error log files retained when request logging is disabled. - // When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. - ErrorLogsMaxFiles int `yaml:"error-logs-max-files" json:"error-logs-max-files"` - - // UsageStatisticsEnabled toggles in-memory usage aggregation; when false, usage data is discarded. - UsageStatisticsEnabled bool `yaml:"usage-statistics-enabled" json:"usage-statistics-enabled"` - - // DisableCooling disables quota cooldown scheduling when true. - DisableCooling bool `yaml:"disable-cooling" json:"disable-cooling"` - - // RequestRetry defines the retry times when the request failed. - RequestRetry int `yaml:"request-retry" json:"request-retry"` - // MaxRetryInterval defines the maximum wait time in seconds before retrying a cooled-down credential. - MaxRetryInterval int `yaml:"max-retry-interval" json:"max-retry-interval"` - - // QuotaExceeded defines the behavior when a quota is exceeded. - QuotaExceeded QuotaExceeded `yaml:"quota-exceeded" json:"quota-exceeded"` - - // Routing controls credential selection behavior. - Routing RoutingConfig `yaml:"routing" json:"routing"` - - // WebsocketAuth enables or disables authentication for the WebSocket API. - WebsocketAuth bool `yaml:"ws-auth" json:"ws-auth"` - - // ResponsesWebsocketEnabled gates the dedicated /v1/responses/ws route rollout. - // Nil means enabled (default behavior). - ResponsesWebsocketEnabled *bool `yaml:"responses-websocket-enabled,omitempty" json:"responses-websocket-enabled,omitempty"` - - // GeminiKey defines Gemini API key configurations with optional routing overrides. - GeminiKey []GeminiKey `yaml:"gemini-api-key" json:"gemini-api-key"` - - // GeneratedConfig contains generated config fields for dedicated providers. - GeneratedConfig `yaml:",inline"` - - // KiroKey defines a list of Kiro (AWS CodeWhisperer) configurations. - KiroKey []KiroKey `yaml:"kiro" json:"kiro"` - - // CursorKey defines Cursor (via cursor-api) configurations. Uses login protocol, not static API key. - // Token file contains sk-... key from cursor-api /build-key, or token:checksum for /build-key. - CursorKey []CursorKey `yaml:"cursor" json:"cursor"` - - // KiroPreferredEndpoint sets the global default preferred endpoint for all Kiro providers. - // Values: "ide" (default, CodeWhisperer) or "cli" (Amazon Q). - KiroPreferredEndpoint string `yaml:"kiro-preferred-endpoint" json:"kiro-preferred-endpoint"` - - // Codex defines a list of Codex API key configurations as specified in the YAML configuration file. - CodexKey []CodexKey `yaml:"codex-api-key" json:"codex-api-key"` - - // ClaudeKey defines a list of Claude API key configurations as specified in the YAML configuration file. - ClaudeKey []ClaudeKey `yaml:"claude-api-key" json:"claude-api-key"` - - // ClaudeHeaderDefaults configures default header values for Claude API requests. - // These are used as fallbacks when the client does not send its own headers. - ClaudeHeaderDefaults ClaudeHeaderDefaults `yaml:"claude-header-defaults" json:"claude-header-defaults"` - - // OpenAICompatibility defines OpenAI API compatibility configurations for external providers. - OpenAICompatibility []OpenAICompatibility `yaml:"openai-compatibility" json:"openai-compatibility"` - - // VertexCompatAPIKey defines Vertex AI-compatible API key configurations for third-party providers. - // Used for services that use Vertex AI-style paths but with simple API key authentication. - VertexCompatAPIKey []VertexCompatKey `yaml:"vertex-api-key" json:"vertex-api-key"` - - // AmpCode contains Amp CLI upstream configuration, management restrictions, and model mappings. - AmpCode AmpCode `yaml:"ampcode" json:"ampcode"` - - // OAuthExcludedModels defines per-provider global model exclusions applied to OAuth/file-backed auth entries. - // Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. - OAuthExcludedModels map[string][]string `yaml:"oauth-excluded-models,omitempty" json:"oauth-excluded-models,omitempty"` - - // OAuthModelAlias defines global model name aliases for OAuth/file-backed auth channels. - // These aliases affect both model listing and model routing for supported channels: - // gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. - // - // NOTE: This does not apply to existing per-credential model alias features under: - // gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, and ampcode. - OAuthModelAlias map[string][]OAuthModelAlias `yaml:"oauth-model-alias,omitempty" json:"oauth-model-alias,omitempty"` - - // OAuthUpstream defines per-channel upstream base URL overrides for OAuth/file-backed auth channels. - // Keys are channel identifiers (e.g., gemini-cli, claude, codex, qwen, iflow, github-copilot, antigravity). - // Values must be absolute base URLs (scheme + host), and are normalized by trimming trailing slashes. - OAuthUpstream map[string]string `yaml:"oauth-upstream,omitempty" json:"oauth-upstream,omitempty"` - - // Payload defines default and override rules for provider payload parameters. - Payload PayloadConfig `yaml:"payload" json:"payload"` - - // IncognitoBrowser enables opening OAuth URLs in incognito/private browsing mode. - // This is useful when you want to login with a different account without logging out - // from your current session. Default: false. - IncognitoBrowser bool `yaml:"incognito-browser" json:"incognito-browser"` -} - -// ClaudeHeaderDefaults configures default header values injected into Claude API requests -// when the client does not send them. Update these when Claude Code releases a new version. -type ClaudeHeaderDefaults struct { - UserAgent string `yaml:"user-agent" json:"user-agent"` - PackageVersion string `yaml:"package-version" json:"package-version"` - RuntimeVersion string `yaml:"runtime-version" json:"runtime-version"` - Timeout string `yaml:"timeout" json:"timeout"` -} - -// TLSConfig holds HTTPS server settings. -type TLSConfig struct { - // Enable toggles HTTPS server mode. - Enable bool `yaml:"enable" json:"enable"` - // Cert is the path to the TLS certificate file. - Cert string `yaml:"cert" json:"cert"` - // Key is the path to the TLS private key file. - Key string `yaml:"key" json:"key"` -} - -// PprofConfig holds pprof HTTP server settings. -type PprofConfig struct { - // Enable toggles the pprof HTTP debug server. - Enable bool `yaml:"enable" json:"enable"` - // Addr is the host:port address for the pprof HTTP server. - Addr string `yaml:"addr" json:"addr"` -} - -// RemoteManagement holds management API configuration under 'remote-management'. -type RemoteManagement struct { - // AllowRemote toggles remote (non-localhost) access to management API. - AllowRemote bool `yaml:"allow-remote"` - // SecretKey is the management key (plaintext or bcrypt hashed). YAML key intentionally 'secret-key'. - SecretKey string `yaml:"secret-key"` - // DisableControlPanel skips serving and syncing the bundled management UI when true. - DisableControlPanel bool `yaml:"disable-control-panel"` - // PanelGitHubRepository overrides the GitHub repository used to fetch the management panel asset. - // Accepts either a repository URL (https://github.com/org/repo) or an API releases endpoint. - PanelGitHubRepository string `yaml:"panel-github-repository"` -} - -// QuotaExceeded defines the behavior when API quota limits are exceeded. -// It provides configuration options for automatic failover mechanisms. -type QuotaExceeded struct { - // SwitchProject indicates whether to automatically switch to another project when a quota is exceeded. - SwitchProject bool `yaml:"switch-project" json:"switch-project"` - - // SwitchPreviewModel indicates whether to automatically switch to a preview model when a quota is exceeded. - SwitchPreviewModel bool `yaml:"switch-preview-model" json:"switch-preview-model"` -} - -// RoutingConfig configures how credentials are selected for requests. -type RoutingConfig struct { - // Strategy selects the credential selection strategy. - // Supported values: "round-robin" (default), "fill-first". - Strategy string `yaml:"strategy,omitempty" json:"strategy,omitempty"` -} - -// OAuthModelAlias defines a model ID alias for a specific channel. -// It maps the upstream model name (Name) to the client-visible alias (Alias). -// When Fork is true, the alias is added as an additional model in listings while -// keeping the original model ID available. -type OAuthModelAlias struct { - Name string `yaml:"name" json:"name"` - Alias string `yaml:"alias" json:"alias"` - Fork bool `yaml:"fork,omitempty" json:"fork,omitempty"` -} - -// AmpModelMapping defines a model name mapping for Amp CLI requests. -// When Amp requests a model that isn't available locally, this mapping -// allows routing to an alternative model that IS available. -type AmpModelMapping struct { - // From is the model name that Amp CLI requests (e.g., "claude-opus-4.5"). - From string `yaml:"from" json:"from"` - - // To is the target model name to route to (e.g., "claude-sonnet-4"). - // The target model must have available providers in the registry. - To string `yaml:"to" json:"to"` - - // Params define provider-agnostic request overrides to apply when this mapping is used. - // Keys are merged into the request JSON at the root level unless they already exist. - // For example: params: {"custom_model": "iflow/tab-rt", "enable_stream": true} - Params map[string]interface{} `yaml:"params,omitempty" json:"params,omitempty"` - - // Regex indicates whether the 'from' field should be interpreted as a regular - // expression for matching model names. When true, this mapping is evaluated - // after exact matches and in the order provided. Defaults to false (exact match). - Regex bool `yaml:"regex,omitempty" json:"regex,omitempty"` -} - -// AmpCode groups Amp CLI integration settings including upstream routing, -// optional overrides, management route restrictions, and model fallback mappings. -type AmpCode struct { - // UpstreamURL defines the upstream Amp control plane used for non-provider calls. - UpstreamURL string `yaml:"upstream-url" json:"upstream-url"` - - // UpstreamAPIKey optionally overrides the Authorization header when proxying Amp upstream calls. - UpstreamAPIKey string `yaml:"upstream-api-key" json:"upstream-api-key"` - - // UpstreamAPIKeys maps client API keys (from top-level api-keys) to upstream API keys. - // When a client authenticates with a key that matches an entry, that upstream key is used. - // If no match is found, falls back to UpstreamAPIKey (default behavior). - UpstreamAPIKeys []AmpUpstreamAPIKeyEntry `yaml:"upstream-api-keys,omitempty" json:"upstream-api-keys,omitempty"` - - // RestrictManagementToLocalhost restricts Amp management routes (/api/user, /api/threads, etc.) - // to only accept connections from localhost (127.0.0.1, ::1). When true, prevents drive-by - // browser attacks and remote access to management endpoints. Default: false (API key auth is sufficient). - RestrictManagementToLocalhost bool `yaml:"restrict-management-to-localhost" json:"restrict-management-to-localhost"` - - // ModelMappings defines model name mappings for Amp CLI requests. - // When Amp requests a model that isn't available locally, these mappings - // allow routing to an alternative model that IS available. - ModelMappings []AmpModelMapping `yaml:"model-mappings" json:"model-mappings"` - - // ForceModelMappings when true, model mappings take precedence over local API keys. - // When false (default), local API keys are used first if available. - ForceModelMappings bool `yaml:"force-model-mappings" json:"force-model-mappings"` -} - -// AmpUpstreamAPIKeyEntry maps a set of client API keys to a specific upstream API key. -// When a request is authenticated with one of the APIKeys, the corresponding UpstreamAPIKey -// is used for the upstream Amp request. -type AmpUpstreamAPIKeyEntry struct { - // UpstreamAPIKey is the API key to use when proxying to the Amp upstream. - UpstreamAPIKey string `yaml:"upstream-api-key" json:"upstream-api-key"` - - // APIKeys are the client API keys (from top-level api-keys) that map to this upstream key. - APIKeys []string `yaml:"api-keys" json:"api-keys"` -} - -// PayloadConfig defines default and override parameter rules applied to provider payloads. -type PayloadConfig struct { - // Default defines rules that only set parameters when they are missing in the payload. - Default []PayloadRule `yaml:"default" json:"default"` - // DefaultRaw defines rules that set raw JSON values only when they are missing. - DefaultRaw []PayloadRule `yaml:"default-raw" json:"default-raw"` - // Override defines rules that always set parameters, overwriting any existing values. - Override []PayloadRule `yaml:"override" json:"override"` - // OverrideRaw defines rules that always set raw JSON values, overwriting any existing values. - OverrideRaw []PayloadRule `yaml:"override-raw" json:"override-raw"` - // Filter defines rules that remove parameters from the payload by JSON path. - Filter []PayloadFilterRule `yaml:"filter" json:"filter"` -} - -// PayloadFilterRule describes a rule to remove specific JSON paths from matching model payloads. -type PayloadFilterRule struct { - // Models lists model entries with name pattern and protocol constraint. - Models []PayloadModelRule `yaml:"models" json:"models"` - // Params lists JSON paths (gjson/sjson syntax) to remove from the payload. - Params []string `yaml:"params" json:"params"` -} - -// PayloadRule describes a single rule targeting a list of models with parameter updates. -type PayloadRule struct { - // Models lists model entries with name pattern and protocol constraint. - Models []PayloadModelRule `yaml:"models" json:"models"` - // Params maps JSON paths (gjson/sjson syntax) to values written into the payload. - // For *-raw rules, values are treated as raw JSON fragments (strings are used as-is). - Params map[string]any `yaml:"params" json:"params"` -} - -// PayloadModelRule ties a model name pattern to a specific translator protocol. -type PayloadModelRule struct { - // Name is the model name or wildcard pattern (e.g., "gpt-*", "*-5", "gemini-*-pro"). - Name string `yaml:"name" json:"name"` - // Protocol restricts the rule to a specific translator format (e.g., "gemini", "responses"). - Protocol string `yaml:"protocol" json:"protocol"` -} - -// CloakConfig configures request cloaking for non-Claude-Code clients. -// Cloaking disguises API requests to appear as originating from the official Claude Code CLI. -type CloakConfig struct { - // Mode controls cloaking behavior: "auto" (default), "always", or "never". - // - "auto": cloak only when client is not Claude Code (based on User-Agent) - // - "always": always apply cloaking regardless of client - // - "never": never apply cloaking - Mode string `yaml:"mode,omitempty" json:"mode,omitempty"` - - // StrictMode controls how system prompts are handled when cloaking. - // - false (default): prepend Claude Code prompt to user system messages - // - true: strip all user system messages, keep only Claude Code prompt - StrictMode bool `yaml:"strict-mode,omitempty" json:"strict-mode,omitempty"` - - // SensitiveWords is a list of words to obfuscate with zero-width characters. - // This can help bypass certain content filters. - SensitiveWords []string `yaml:"sensitive-words,omitempty" json:"sensitive-words,omitempty"` -} - -// ClaudeKey represents the configuration for a Claude API key, -// including the API key itself and an optional base URL for the API endpoint. -type ClaudeKey struct { - // APIKey is the authentication key for accessing Claude API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces models for this credential (e.g., "teamA/claude-sonnet-4"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Claude API endpoint. - // If empty, the default Claude API URL will be used. - BaseURL string `yaml:"base-url" json:"base-url"` - - // ProxyURL overrides the global proxy setting for this API key if provided. - ProxyURL string `yaml:"proxy-url" json:"proxy-url"` - - // Models defines upstream model names and aliases for request routing. - Models []ClaudeModel `yaml:"models" json:"models"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` - - // Cloak configures request cloaking for non-Claude-Code clients. - Cloak *CloakConfig `yaml:"cloak,omitempty" json:"cloak,omitempty"` -} - -func (k ClaudeKey) GetAPIKey() string { return k.APIKey } -func (k ClaudeKey) GetBaseURL() string { return k.BaseURL } - -// ClaudeModel describes a mapping between an alias and the actual upstream model name. -type ClaudeModel struct { - // Name is the upstream model identifier used when issuing requests. - Name string `yaml:"name" json:"name"` - - // Alias is the client-facing model name that maps to Name. - Alias string `yaml:"alias" json:"alias"` -} - -func (m ClaudeModel) GetName() string { return m.Name } -func (m ClaudeModel) GetAlias() string { return m.Alias } - -// CodexKey represents the configuration for a Codex API key, -// including the API key itself and an optional base URL for the API endpoint. -type CodexKey struct { - // APIKey is the authentication key for accessing Codex API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces models for this credential (e.g., "teamA/gpt-5-codex"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Codex API endpoint. - // If empty, the default Codex API URL will be used. - BaseURL string `yaml:"base-url" json:"base-url"` - - // Websockets enables the Responses API websocket transport for this credential. - Websockets bool `yaml:"websockets,omitempty" json:"websockets,omitempty"` - - // ProxyURL overrides the global proxy setting for this API key if provided. - ProxyURL string `yaml:"proxy-url" json:"proxy-url"` - - // Models defines upstream model names and aliases for request routing. - Models []CodexModel `yaml:"models" json:"models"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` -} - -func (k CodexKey) GetAPIKey() string { return k.APIKey } -func (k CodexKey) GetBaseURL() string { return k.BaseURL } - -// CodexModel describes a mapping between an alias and the actual upstream model name. -type CodexModel struct { - // Name is the upstream model identifier used when issuing requests. - Name string `yaml:"name" json:"name"` - - // Alias is the client-facing model name that maps to Name. - Alias string `yaml:"alias" json:"alias"` -} - -func (m CodexModel) GetName() string { return m.Name } -func (m CodexModel) GetAlias() string { return m.Alias } - -// GeminiKey represents the configuration for a Gemini API key, -// including optional overrides for upstream base URL, proxy routing, and headers. -type GeminiKey struct { - // APIKey is the authentication key for accessing Gemini API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces models for this credential (e.g., "teamA/gemini-3-pro-preview"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL optionally overrides the Gemini API endpoint. - BaseURL string `yaml:"base-url,omitempty" json:"base-url,omitempty"` - - // ProxyURL optionally overrides the global proxy for this API key. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // Models defines upstream model names and aliases for request routing. - Models []GeminiModel `yaml:"models,omitempty" json:"models,omitempty"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` -} - -func (k GeminiKey) GetAPIKey() string { return k.APIKey } -func (k GeminiKey) GetBaseURL() string { return k.BaseURL } - -// GeminiModel describes a mapping between an alias and the actual upstream model name. -type GeminiModel struct { - // Name is the upstream model identifier used when issuing requests. - Name string `yaml:"name" json:"name"` - - // Alias is the client-facing model name that maps to Name. - Alias string `yaml:"alias" json:"alias"` -} - -func (m GeminiModel) GetName() string { return m.Name } -func (m GeminiModel) GetAlias() string { return m.Alias } - -// KiroKey represents the configuration for Kiro (AWS CodeWhisperer) authentication. -type KiroKey struct { - // TokenFile is the path to the Kiro token file (default: ~/.aws/sso/cache/kiro-auth-token.json) - TokenFile string `yaml:"token-file,omitempty" json:"token-file,omitempty"` - - // AccessToken is the OAuth access token for direct configuration. - AccessToken string `yaml:"access-token,omitempty" json:"access-token,omitempty"` - - // RefreshToken is the OAuth refresh token for token renewal. - RefreshToken string `yaml:"refresh-token,omitempty" json:"refresh-token,omitempty"` - - // ProfileArn is the AWS CodeWhisperer profile ARN. - ProfileArn string `yaml:"profile-arn,omitempty" json:"profile-arn,omitempty"` - - // Region is the AWS region (default: us-east-1). - Region string `yaml:"region,omitempty" json:"region,omitempty"` - - // ProxyURL optionally overrides the global proxy for this configuration. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // AgentTaskType sets the Kiro API task type. Known values: "vibe", "dev", "chat". - // Leave empty to let API use defaults. Different values may inject different system prompts. - AgentTaskType string `yaml:"agent-task-type,omitempty" json:"agent-task-type,omitempty"` - - // PreferredEndpoint sets the preferred Kiro API endpoint/quota. - // Values: "codewhisperer" (default, IDE quota) or "amazonq" (CLI quota). - PreferredEndpoint string `yaml:"preferred-endpoint,omitempty" json:"preferred-endpoint,omitempty"` -} - -// CursorKey represents Cursor (via cursor-api) configuration. Uses login protocol. -// Token file contains sk-... key from cursor-api /build-key, or token:checksum for /build-key. -// When token-file is absent, token is auto-read from Cursor IDE storage (zero-action flow). -type CursorKey struct { - // TokenFile is the path to the Cursor token file (sk-... key or token:checksum). - // Optional: when empty, token is auto-read from Cursor IDE state.vscdb. - TokenFile string `yaml:"token-file,omitempty" json:"token-file,omitempty"` - - // CursorAPIURL is the cursor-api server URL (default: http://127.0.0.1:3000). - CursorAPIURL string `yaml:"cursor-api-url,omitempty" json:"cursor-api-url,omitempty"` - - // AuthToken is the cursor-api admin token (matches AUTH_TOKEN env). Required for zero-action - // flow when using /tokens/add to register IDE token. Used as Bearer for chat when token-file absent. - AuthToken string `yaml:"auth-token,omitempty" json:"auth-token,omitempty"` - - // ProxyURL optionally overrides the global proxy for this configuration. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` -} - -// OAICompatProviderConfig represents a common configuration for OpenAI-compatible providers. -type OAICompatProviderConfig struct { - // TokenFile is the path to OAuth token file (access/refresh). Optional when APIKey is set. - TokenFile string `yaml:"token-file,omitempty" json:"token-file,omitempty"` - - // APIKey is the API key for direct auth (fallback when token-file not used). - APIKey string `yaml:"api-key,omitempty" json:"api-key,omitempty"` - - // BaseURL is the API base URL. - BaseURL string `yaml:"base-url,omitempty" json:"base-url,omitempty"` - - // ProxyURL optionally overrides the global proxy for this configuration. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // Models defines optional model configurations including aliases for routing. - Models []OpenAICompatibilityModel `yaml:"models,omitempty" json:"models,omitempty"` - - // Priority controls selection preference. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces model aliases for this provider. - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // ExcludedModels lists model IDs that should be excluded for this provider. - ExcludedModels []string `yaml:"excluded-models,omitempty" json:"excluded-models,omitempty"` - - // RateLimit defines optional rate limiting configuration for this credential. - RateLimit ratelimit.RateLimitConfig `yaml:"rate-limit,omitempty" json:"rate-limit,omitempty"` -} - -// ProviderSpec defines a provider's metadata for codegen and runtime injection. -type ProviderSpec struct { - Name string - YAMLKey string // If set, a dedicated block is generated in the Config struct - GoName string // Optional: Override PascalCase name in Go (defaults to Title(Name)) - BaseURL string - EnvVars []string // Environment variables for automatic injection - DefaultModels []OpenAICompatibilityModel -} - -// GetDedicatedProviders returns providers that have a dedicated config block. -func GetDedicatedProviders() []ProviderSpec { - var out []ProviderSpec - for _, p := range AllProviders { - if p.YAMLKey != "" { - out = append(out, p) - } - } - return out -} - -// GetPremadeProviders returns providers that can be injected from environment variables. -func GetPremadeProviders() []ProviderSpec { - var out []ProviderSpec - for _, p := range AllProviders { - if len(p.EnvVars) > 0 { - out = append(out, p) - } - } - return out -} - -// GetProviderByName looks up a provider by its name (case-insensitive). -func GetProviderByName(name string) (ProviderSpec, bool) { - for _, p := range AllProviders { - if strings.EqualFold(p.Name, name) { - return p, true - } - } - return ProviderSpec{}, false -} - -// OpenAICompatibility represents the configuration for OpenAI API compatibility -// with external providers, allowing model aliases to be routed through OpenAI API format. -type OpenAICompatibility struct { - // Name is the identifier for this OpenAI compatibility configuration. - Name string `yaml:"name" json:"name"` - - // Priority controls selection preference when multiple providers or credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces model aliases for this provider (e.g., "teamA/kimi-k2"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the external OpenAI-compatible API endpoint. - BaseURL string `yaml:"base-url" json:"base-url"` - - // ModelsEndpoint overrides the upstream model discovery path. - // Defaults to "/v1/models" when omitted. - ModelsEndpoint string `yaml:"models-endpoint,omitempty" json:"models-endpoint,omitempty"` - - // APIKeyEntries defines API keys with optional per-key proxy configuration. - APIKeyEntries []OpenAICompatibilityAPIKey `yaml:"api-key-entries,omitempty" json:"api-key-entries,omitempty"` - - // Models defines the model configurations including aliases for routing. - Models []OpenAICompatibilityModel `yaml:"models" json:"models"` - - // Headers optionally adds extra HTTP headers for requests sent to this provider. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` -} - -// OpenAICompatibilityAPIKey represents an API key configuration with optional proxy setting. -type OpenAICompatibilityAPIKey struct { - // TokenFile is the path to OAuth token file (access/refresh). Optional when APIKey is set. - TokenFile string `yaml:"token-file,omitempty" json:"token-file,omitempty"` - - // APIKey is the authentication key for accessing the external API services. - APIKey string `yaml:"api-key" json:"api-key"` - - // ProxyURL overrides the global proxy setting for this API key if provided. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` -} - -// OpenAICompatibilityModel represents a model configuration for OpenAI compatibility, -// including the actual model name and its alias for API routing. -type OpenAICompatibilityModel struct { - // Name is the actual model name used by the external provider. - Name string `yaml:"name" json:"name"` - - // Alias is the model name alias that clients will use to reference this model. - Alias string `yaml:"alias" json:"alias"` -} - -func (m OpenAICompatibilityModel) GetName() string { return m.Name } -func (m OpenAICompatibilityModel) GetAlias() string { return m.Alias } - -// LoadConfig reads a YAML configuration file from the given path, -// unmarshals it into a Config struct, applies environment variable overrides, -// and returns it. -// -// Parameters: -// - configFile: The path to the YAML configuration file -// -// Returns: -// - *Config: The loaded configuration -// - error: An error if the configuration could not be loaded -func LoadConfig(configFile string) (*Config, error) { - return LoadConfigOptional(configFile, false) -} - -// LoadConfigOptional reads YAML from configFile. -// If optional is true and the file is missing, it returns an empty Config. -// If optional is true and the file is empty or invalid, it returns an empty Config. -func LoadConfigOptional(configFile string, optional bool) (*Config, error) { - // NOTE: Startup oauth-model-alias migration is intentionally disabled. - // Reason: avoid mutating config.yaml during server startup. - // Re-enable the block below if automatic startup migration is needed again. - // if migrated, err := MigrateOAuthModelAlias(configFile); err != nil { - // // Log warning but don't fail - config loading should still work - // fmt.Printf("Warning: oauth-model-alias migration failed: %v\n", err) - // } else if migrated { - // fmt.Println("Migrated oauth-model-mappings to oauth-model-alias") - // } - - // Read the entire configuration file into memory. - data, err := os.ReadFile(configFile) - if err != nil { - if optional { - if os.IsNotExist(err) || errors.Is(err, syscall.EISDIR) { - // Missing and optional: return empty config (cloud deploy standby). - return &Config{}, nil - } - } - if errors.Is(err, syscall.EISDIR) { - return nil, fmt.Errorf( - "failed to read config file: %w (config path %q is a directory; pass a YAML file path such as /CLIProxyAPI/config.yaml)", - err, - configFile, - ) - } - return nil, fmt.Errorf("failed to read config file: %w", err) - } - - // In cloud deploy mode (optional=true), if file is empty or contains only whitespace, return empty config. - if optional && len(data) == 0 { - return &Config{}, nil - } - - // Unmarshal the YAML data into the Config struct. - var cfg Config - // Set defaults before unmarshal so that absent keys keep defaults. - cfg.Host = "" // Default empty: binds to all interfaces (IPv4 + IPv6) - cfg.LoggingToFile = false - cfg.LogsMaxTotalSizeMB = 0 - cfg.ErrorLogsMaxFiles = 10 - cfg.UsageStatisticsEnabled = false - cfg.DisableCooling = false - cfg.Pprof.Enable = false - cfg.Pprof.Addr = DefaultPprofAddr - cfg.AmpCode.RestrictManagementToLocalhost = false // Default to false: API key auth is sufficient - cfg.RemoteManagement.PanelGitHubRepository = DefaultPanelGitHubRepository - cfg.IncognitoBrowser = false // Default to normal browser (AWS uses incognito by force) - if err = yaml.Unmarshal(data, &cfg); err != nil { - if optional { - // In cloud deploy mode, if YAML parsing fails, return empty config instead of error. - return &Config{}, nil - } - return nil, fmt.Errorf("failed to parse config file: %w", err) - } - - // NOTE: Startup legacy key migration is intentionally disabled. - // Reason: avoid mutating config.yaml during server startup. - // Re-enable the block below if automatic startup migration is needed again. - // var legacy legacyConfigData - // if errLegacy := yaml.Unmarshal(data, &legacy); errLegacy == nil { - // if cfg.migrateLegacyGeminiKeys(legacy.LegacyGeminiKeys) { - // cfg.legacyMigrationPending = true - // } - // if cfg.migrateLegacyOpenAICompatibilityKeys(legacy.OpenAICompat) { - // cfg.legacyMigrationPending = true - // } - // if cfg.migrateLegacyAmpConfig(&legacy) { - // cfg.legacyMigrationPending = true - // } - // } - - // Hash remote management key if plaintext is detected (nested) - // We consider a value to be already hashed if it looks like a bcrypt hash ($2a$, $2b$, or $2y$ prefix). - if cfg.RemoteManagement.SecretKey != "" && !looksLikeBcrypt(cfg.RemoteManagement.SecretKey) { - hashed, errHash := hashSecret(cfg.RemoteManagement.SecretKey) - if errHash != nil { - return nil, fmt.Errorf("failed to hash remote management key: %w", errHash) - } - cfg.RemoteManagement.SecretKey = hashed - - // Persist the hashed value back to the config file to avoid re-hashing on next startup. - // Preserve YAML comments and ordering; update only the nested key. - _ = SaveConfigPreserveCommentsUpdateNestedScalar(configFile, []string{"remote-management", "secret-key"}, hashed) - } - - cfg.RemoteManagement.PanelGitHubRepository = strings.TrimSpace(cfg.RemoteManagement.PanelGitHubRepository) - if cfg.RemoteManagement.PanelGitHubRepository == "" { - cfg.RemoteManagement.PanelGitHubRepository = DefaultPanelGitHubRepository - } - - cfg.Pprof.Addr = strings.TrimSpace(cfg.Pprof.Addr) - if cfg.Pprof.Addr == "" { - cfg.Pprof.Addr = DefaultPprofAddr - } - - if cfg.LogsMaxTotalSizeMB < 0 { - cfg.LogsMaxTotalSizeMB = 0 - } - - if cfg.ErrorLogsMaxFiles < 0 { - cfg.ErrorLogsMaxFiles = 10 - } - - // Sanitize Gemini API key configuration and migrate legacy entries. - cfg.SanitizeGeminiKeys() - - // Sanitize Vertex-compatible API keys: drop entries without base-url - cfg.SanitizeVertexCompatKeys() - - // Sanitize Codex keys: drop entries without base-url - cfg.SanitizeCodexKeys() - - // Sanitize Claude key headers - cfg.SanitizeClaudeKeys() - - // Sanitize Kiro keys: trim whitespace from credential fields - cfg.SanitizeKiroKeys() - - // Sanitize Cursor keys: trim whitespace - cfg.SanitizeCursorKeys() - - // Sanitize generated dedicated providers: trim whitespace - cfg.SanitizeGeneratedProviders() - - // Sanitize OpenAI compatibility providers: drop entries without base-url - cfg.SanitizeOpenAICompatibility() - - // Strategy E1: Inject premade providers (zen, nim) from environment if missing in config - cfg.InjectPremadeFromEnv() - - // Normalize OAuth provider model exclusion map. - cfg.OAuthExcludedModels = NormalizeOAuthExcludedModels(cfg.OAuthExcludedModels) - - // Normalize global OAuth model name aliases. - cfg.SanitizeOAuthModelAlias() - - // Normalize OAuth upstream URL override map. - cfg.SanitizeOAuthUpstream() - - // Validate raw payload rules and drop invalid entries. - cfg.SanitizePayloadRules() - - // NOTE: Legacy migration persistence is intentionally disabled together with - // startup legacy migration to keep startup read-only for config.yaml. - // Re-enable the block below if automatic startup migration is needed again. - // if cfg.legacyMigrationPending { - // fmt.Println("Detected legacy configuration keys, attempting to persist the normalized config...") - // if !optional && configFile != "" { - // if err := SaveConfigPreserveComments(configFile, &cfg); err != nil { - // return nil, fmt.Errorf("failed to persist migrated legacy config: %w", err) - // } - // fmt.Println("Legacy configuration normalized and persisted.") - // } else { - // fmt.Println("Legacy configuration normalized in memory; persistence skipped.") - // } - // } - - // Apply environment variable overrides (for Docker deployment convenience) - cfg.ApplyEnvOverrides() - - // Return the populated configuration struct. - return &cfg, nil -} - -// SanitizePayloadRules validates raw JSON payload rule params and drops invalid rules. -func (cfg *Config) SanitizePayloadRules() { - if cfg == nil { - return - } - cfg.Payload.Default = sanitizePayloadRules(cfg.Payload.Default, "default") - cfg.Payload.Override = sanitizePayloadRules(cfg.Payload.Override, "override") - cfg.Payload.Filter = sanitizePayloadFilterRules(cfg.Payload.Filter, "filter") - cfg.Payload.DefaultRaw = sanitizePayloadRawRules(cfg.Payload.DefaultRaw, "default-raw") - cfg.Payload.OverrideRaw = sanitizePayloadRawRules(cfg.Payload.OverrideRaw, "override-raw") -} - -func sanitizePayloadRules(rules []PayloadRule, section string) []PayloadRule { - if len(rules) == 0 { - return rules - } - out := make([]PayloadRule, 0, len(rules)) - for i := range rules { - rule := rules[i] - if len(rule.Params) == 0 { - continue - } - invalid := false - for path := range rule.Params { - if payloadPathInvalid(path) { - log.WithFields(log.Fields{ - "section": section, - "rule_index": i + 1, - "param": path, - }).Warn("payload rule dropped: invalid parameter path") - invalid = true - break - } - } - if invalid { - continue - } - out = append(out, rule) - } - return out -} - -func sanitizePayloadRawRules(rules []PayloadRule, section string) []PayloadRule { - if len(rules) == 0 { - return rules - } - out := make([]PayloadRule, 0, len(rules)) - for i := range rules { - rule := rules[i] - if len(rule.Params) == 0 { - continue - } - invalid := false - for path, value := range rule.Params { - if payloadPathInvalid(path) { - log.WithFields(log.Fields{ - "section": section, - "rule_index": i + 1, - "param": path, - }).Warn("payload rule dropped: invalid parameter path") - invalid = true - break - } - raw, ok := payloadRawString(value) - if !ok { - continue - } - trimmed := bytes.TrimSpace(raw) - if len(trimmed) == 0 || !json.Valid(trimmed) { - log.WithFields(log.Fields{ - "section": section, - "rule_index": i + 1, - "param": path, - }).Warn("payload rule dropped: invalid raw JSON") - invalid = true - break - } - } - if invalid { - continue - } - out = append(out, rule) - } - return out -} - -func sanitizePayloadFilterRules(rules []PayloadFilterRule, section string) []PayloadFilterRule { - if len(rules) == 0 { - return rules - } - out := make([]PayloadFilterRule, 0, len(rules)) - for i := range rules { - rule := rules[i] - if len(rule.Params) == 0 { - continue - } - invalid := false - for _, path := range rule.Params { - if payloadPathInvalid(path) { - log.WithFields(log.Fields{ - "section": section, - "rule_index": i + 1, - "param": path, - }).Warn("payload filter rule dropped: invalid parameter path") - invalid = true - break - } - } - if invalid { - continue - } - out = append(out, rule) - } - return out -} - -func payloadPathInvalid(path string) bool { - p := strings.TrimSpace(path) - if p == "" { - return true - } - return strings.HasPrefix(p, ".") || strings.HasSuffix(p, ".") || strings.Contains(p, "..") -} - -func payloadRawString(value any) ([]byte, bool) { - switch typed := value.(type) { - case string: - return []byte(typed), true - case []byte: - return typed, true - default: - return nil, false - } -} - -// SanitizeOAuthModelAlias normalizes and deduplicates global OAuth model name aliases. -// It trims whitespace, normalizes channel keys to lower-case, drops empty entries, -// allows multiple aliases per upstream name, and ensures aliases are unique within each channel. -// It also injects default aliases for channels that have built-in defaults (e.g., kiro) -// when no user-configured aliases exist for those channels. -func (cfg *Config) SanitizeOAuthModelAlias() { - if cfg == nil { - return - } - - // Inject default aliases for channels with built-in compatibility mappings. - if cfg.OAuthModelAlias == nil { - cfg.OAuthModelAlias = make(map[string][]OAuthModelAlias) - } - if _, hasKiro := cfg.OAuthModelAlias["kiro"]; !hasKiro { - // Check case-insensitive too - found := false - for k := range cfg.OAuthModelAlias { - if strings.EqualFold(strings.TrimSpace(k), "kiro") { - found = true - break - } - } - if !found { - cfg.OAuthModelAlias["kiro"] = defaultKiroAliases() - } - } - if _, hasGitHubCopilot := cfg.OAuthModelAlias["github-copilot"]; !hasGitHubCopilot { - // Check case-insensitive too - found := false - for k := range cfg.OAuthModelAlias { - if strings.EqualFold(strings.TrimSpace(k), "github-copilot") { - found = true - break - } - } - if !found { - cfg.OAuthModelAlias["github-copilot"] = defaultGitHubCopilotAliases() - } - } - - if len(cfg.OAuthModelAlias) == 0 { - return - } - out := make(map[string][]OAuthModelAlias, len(cfg.OAuthModelAlias)) - for rawChannel, aliases := range cfg.OAuthModelAlias { - channel := strings.ToLower(strings.TrimSpace(rawChannel)) - if channel == "" { - continue - } - // Preserve channels that were explicitly set to empty/nil – they act - // as "disabled" markers so default injection won't re-add them (#222). - if len(aliases) == 0 { - out[channel] = nil - continue - } - seenAlias := make(map[string]struct{}, len(aliases)) - clean := make([]OAuthModelAlias, 0, len(aliases)) - for _, entry := range aliases { - name := strings.TrimSpace(entry.Name) - alias := strings.TrimSpace(entry.Alias) - if name == "" || alias == "" { - continue - } - if strings.EqualFold(name, alias) { - continue - } - aliasKey := strings.ToLower(alias) - if _, ok := seenAlias[aliasKey]; ok { - continue - } - seenAlias[aliasKey] = struct{}{} - clean = append(clean, OAuthModelAlias{Name: name, Alias: alias, Fork: entry.Fork}) - } - if len(clean) > 0 { - out[channel] = clean - } - } - cfg.OAuthModelAlias = out -} - -// SanitizeOAuthUpstream normalizes OAuth upstream URL override keys/values. -// It trims whitespace, lowercases channel names, drops empty keys/values, and -// strips trailing slashes from URLs. -func (cfg *Config) SanitizeOAuthUpstream() { - if cfg == nil { - return - } - if len(cfg.OAuthUpstream) == 0 { - return - } - out := make(map[string]string, len(cfg.OAuthUpstream)) - for rawChannel, rawURL := range cfg.OAuthUpstream { - channel := normalizeOAuthUpstreamChannel(rawChannel) - if channel == "" { - continue - } - baseURL := strings.TrimSpace(rawURL) - if baseURL == "" { - continue - } - out[channel] = strings.TrimRight(baseURL, "/") - } - cfg.OAuthUpstream = out -} - -// OAuthUpstreamURL resolves the configured OAuth upstream override for a channel. -// Returns empty string when no override exists. -func (cfg *Config) OAuthUpstreamURL(channel string) string { - if cfg == nil || len(cfg.OAuthUpstream) == 0 { - return "" - } - key := normalizeOAuthUpstreamChannel(channel) - if key == "" { - return "" - } - return strings.TrimSpace(cfg.OAuthUpstream[key]) -} - -func normalizeOAuthUpstreamChannel(channel string) string { - key := strings.TrimSpace(strings.ToLower(channel)) - if key == "" { - return "" - } - key = strings.ReplaceAll(key, "_", "-") - key = strings.ReplaceAll(key, " ", "-") - key = strings.ReplaceAll(key, ".", "-") - key = strings.ReplaceAll(key, "/", "-") - key = strings.Trim(key, "-") - key = strings.Join(strings.FieldsFunc(key, func(r rune) bool { return r == '-' }), "-") - return key -} - -// IsResponsesWebsocketEnabled returns true when the dedicated responses websocket -// route should be mounted. Default is enabled when unset. -func (cfg *Config) IsResponsesWebsocketEnabled() bool { - if cfg == nil || cfg.ResponsesWebsocketEnabled == nil { - return true - } - return *cfg.ResponsesWebsocketEnabled -} - -// SanitizeOpenAICompatibility removes OpenAI-compatibility provider entries that are -// not actionable, specifically those missing a BaseURL. It trims whitespace before -// evaluation and preserves the relative order of remaining entries. -func (cfg *Config) SanitizeOpenAICompatibility() { - if cfg == nil || len(cfg.OpenAICompatibility) == 0 { - return - } - out := make([]OpenAICompatibility, 0, len(cfg.OpenAICompatibility)) - for i := range cfg.OpenAICompatibility { - e := cfg.OpenAICompatibility[i] - e.Name = strings.TrimSpace(e.Name) - e.Prefix = normalizeModelPrefix(e.Prefix) - e.BaseURL = strings.TrimSpace(e.BaseURL) - e.Headers = NormalizeHeaders(e.Headers) - if e.BaseURL == "" { - // Skip providers with no base-url; treated as removed - continue - } - out = append(out, e) - } - cfg.OpenAICompatibility = out -} - -// SanitizeCodexKeys removes Codex API key entries missing a BaseURL. -// It trims whitespace and preserves order for remaining entries. -func (cfg *Config) SanitizeCodexKeys() { - if cfg == nil || len(cfg.CodexKey) == 0 { - return - } - out := make([]CodexKey, 0, len(cfg.CodexKey)) - for i := range cfg.CodexKey { - e := cfg.CodexKey[i] - e.Prefix = normalizeModelPrefix(e.Prefix) - e.BaseURL = strings.TrimSpace(e.BaseURL) - e.Headers = NormalizeHeaders(e.Headers) - e.ExcludedModels = NormalizeExcludedModels(e.ExcludedModels) - if e.BaseURL == "" { - continue - } - out = append(out, e) - } - cfg.CodexKey = out -} - -// SanitizeClaudeKeys normalizes headers for Claude credentials. -func (cfg *Config) SanitizeClaudeKeys() { - if cfg == nil || len(cfg.ClaudeKey) == 0 { - return - } - for i := range cfg.ClaudeKey { - entry := &cfg.ClaudeKey[i] - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.Headers = NormalizeHeaders(entry.Headers) - entry.ExcludedModels = NormalizeExcludedModels(entry.ExcludedModels) - } -} - -// SanitizeKiroKeys trims whitespace from Kiro credential fields. -func (cfg *Config) SanitizeKiroKeys() { - if cfg == nil || len(cfg.KiroKey) == 0 { - return - } - for i := range cfg.KiroKey { - entry := &cfg.KiroKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.AccessToken = strings.TrimSpace(entry.AccessToken) - entry.RefreshToken = strings.TrimSpace(entry.RefreshToken) - entry.ProfileArn = strings.TrimSpace(entry.ProfileArn) - entry.Region = strings.TrimSpace(entry.Region) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.PreferredEndpoint = strings.TrimSpace(entry.PreferredEndpoint) - } -} - -// SanitizeCursorKeys trims whitespace from Cursor credential fields. -func (cfg *Config) SanitizeCursorKeys() { - if cfg == nil || len(cfg.CursorKey) == 0 { - return - } - for i := range cfg.CursorKey { - entry := &cfg.CursorKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.CursorAPIURL = strings.TrimSpace(entry.CursorAPIURL) - entry.AuthToken = strings.TrimSpace(entry.AuthToken) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } -} - -// SanitizeGeminiKeys deduplicates and normalizes Gemini credentials. -func (cfg *Config) SanitizeGeminiKeys() { - if cfg == nil { - return - } - - seen := make(map[string]struct{}, len(cfg.GeminiKey)) - out := cfg.GeminiKey[:0] - for i := range cfg.GeminiKey { - entry := cfg.GeminiKey[i] - entry.APIKey = strings.TrimSpace(entry.APIKey) - if entry.APIKey == "" { - continue - } - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = NormalizeHeaders(entry.Headers) - entry.ExcludedModels = NormalizeExcludedModels(entry.ExcludedModels) - if _, exists := seen[entry.APIKey]; exists { - continue - } - seen[entry.APIKey] = struct{}{} - out = append(out, entry) - } - cfg.GeminiKey = out -} - -func normalizeModelPrefix(prefix string) string { - trimmed := strings.TrimSpace(prefix) - trimmed = strings.Trim(trimmed, "/") - if trimmed == "" { - return "" - } - if strings.Contains(trimmed, "/") { - return "" - } - return trimmed -} - -// InjectPremadeFromEnv injects premade providers (zen, nim) if their environment variables are set. -// This implements Recommendation: Option B from LLM_PROXY_RESEARCH_AUDIT_PLAN.md. -func (cfg *Config) InjectPremadeFromEnv() { - for _, spec := range GetPremadeProviders() { - cfg.injectPremadeFromSpec(spec.Name, spec) - } -} - -func (cfg *Config) injectPremadeFromSpec(name string, spec ProviderSpec) { - // Check if already in config - for _, compat := range cfg.OpenAICompatibility { - if strings.ToLower(compat.Name) == name { - return - } - } - - // Check env vars - var apiKey string - for _, ev := range spec.EnvVars { - if val := os.Getenv(ev); val != "" { - apiKey = val - break - } - } - if apiKey == "" { - return - } - - // Inject virtual entry - entry := OpenAICompatibility{ - Name: name, - BaseURL: spec.BaseURL, - APIKeyEntries: []OpenAICompatibilityAPIKey{ - {APIKey: apiKey}, - }, - Models: spec.DefaultModels, - } - cfg.OpenAICompatibility = append(cfg.OpenAICompatibility, entry) -} - -// looksLikeBcrypt returns true if the provided string appears to be a bcrypt hash. -func looksLikeBcrypt(s string) bool { - return len(s) > 4 && (s[:4] == "$2a$" || s[:4] == "$2b$" || s[:4] == "$2y$") -} - -// NormalizeHeaders trims header keys and values and removes empty pairs. -func NormalizeHeaders(headers map[string]string) map[string]string { - if len(headers) == 0 { - return nil - } - clean := make(map[string]string, len(headers)) - for k, v := range headers { - key := strings.TrimSpace(k) - val := strings.TrimSpace(v) - if key == "" || val == "" { - continue - } - clean[key] = val - } - if len(clean) == 0 { - return nil - } - return clean -} - -// NormalizeExcludedModels trims, lowercases, and deduplicates model exclusion patterns. -// It preserves the order of first occurrences and drops empty entries. -func NormalizeExcludedModels(models []string) []string { - if len(models) == 0 { - return nil - } - seen := make(map[string]struct{}, len(models)) - out := make([]string, 0, len(models)) - for _, raw := range models { - trimmed := strings.ToLower(strings.TrimSpace(raw)) - if trimmed == "" { - continue - } - if _, exists := seen[trimmed]; exists { - continue - } - seen[trimmed] = struct{}{} - out = append(out, trimmed) - } - if len(out) == 0 { - return nil - } - return out -} - -// NormalizeOAuthExcludedModels cleans provider -> excluded models mappings by normalizing provider keys -// and applying model exclusion normalization to each entry. -func NormalizeOAuthExcludedModels(entries map[string][]string) map[string][]string { - if len(entries) == 0 { - return nil - } - out := make(map[string][]string, len(entries)) - for provider, models := range entries { - key := strings.ToLower(strings.TrimSpace(provider)) - if key == "" { - continue - } - normalized := NormalizeExcludedModels(models) - if len(normalized) == 0 { - continue - } - out[key] = normalized - } - if len(out) == 0 { - return nil - } - return out -} - -// hashSecret hashes the given secret using bcrypt. -func hashSecret(secret string) (string, error) { - // Use default cost for simplicity. - hashedBytes, err := bcrypt.GenerateFromPassword([]byte(secret), bcrypt.DefaultCost) - if err != nil { - return "", err - } - return string(hashedBytes), nil -} - -// ApplyEnvOverrides applies environment variable overrides to the configuration. -// This enables Docker deployments with runtime configuration without modifying config.yaml. -// Environment variables take precedence over config file values. -func (cfg *Config) ApplyEnvOverrides() { - if cfg == nil { - return - } - - // CLIPROXY_HOST - Server host (default: "" for all interfaces) - if val := os.Getenv("CLIPROXY_HOST"); val != "" { - cfg.Host = val - log.WithField("host", val).Info("Applied CLIPROXY_HOST override") - } - - // CLIPROXY_PORT - Server port (default: 8317) - if val := os.Getenv("CLIPROXY_PORT"); val != "" { - if port, err := parseIntEnvVar(val); err == nil && port > 0 && port <= 65535 { - cfg.Port = port - log.WithField("port", port).Info("Applied CLIPROXY_PORT override") - } else { - log.WithField("value", val).Warn("Invalid CLIPROXY_PORT value, ignoring") - } - } - - // CLIPROXY_SECRET_KEY - Management API secret key - if val := os.Getenv("CLIPROXY_SECRET_KEY"); val != "" { - // Hash if not already a bcrypt hash - if !looksLikeBcrypt(val) { - hashed, err := hashSecret(val) - if err != nil { - log.WithError(err).Warn("Failed to hash CLIPROXY_SECRET_KEY, using as-is") - cfg.RemoteManagement.SecretKey = val - } else { - cfg.RemoteManagement.SecretKey = hashed - } - } else { - cfg.RemoteManagement.SecretKey = val - } - log.Info("Applied CLIPROXY_SECRET_KEY override") - } - - // CLIPROXY_ALLOW_REMOTE - Allow remote management access (true/false) - if val := os.Getenv("CLIPROXY_ALLOW_REMOTE"); val != "" { - if parsed, err := parseBoolEnvVar(val); err == nil { - cfg.RemoteManagement.AllowRemote = parsed - log.WithField("allow-remote", parsed).Info("Applied CLIPROXY_ALLOW_REMOTE override") - } else { - log.WithField("value", val).Warn("Invalid CLIPROXY_ALLOW_REMOTE value, ignoring") - } - } - - // CLIPROXY_DEBUG - Enable debug logging (true/false) - if val := os.Getenv("CLIPROXY_DEBUG"); val != "" { - if parsed, err := parseBoolEnvVar(val); err == nil { - cfg.Debug = parsed - log.WithField("debug", parsed).Info("Applied CLIPROXY_DEBUG override") - } else { - log.WithField("value", val).Warn("Invalid CLIPROXY_DEBUG value, ignoring") - } - } - - // CLIPROXY_ROUTING_STRATEGY - Routing strategy (round-robin/fill-first) - if val := os.Getenv("CLIPROXY_ROUTING_STRATEGY"); val != "" { - normalized := strings.ToLower(strings.TrimSpace(val)) - switch normalized { - case "round-robin", "roundrobin", "rr": - cfg.Routing.Strategy = "round-robin" - log.Info("Applied CLIPROXY_ROUTING_STRATEGY override: round-robin") - case "fill-first", "fillfirst", "ff": - cfg.Routing.Strategy = "fill-first" - log.Info("Applied CLIPROXY_ROUTING_STRATEGY override: fill-first") - default: - log.WithField("value", val).Warn("Invalid CLIPROXY_ROUTING_STRATEGY value, ignoring") - } - } - - // CLIPROXY_API_KEYS - Comma-separated list of API keys - if val := os.Getenv("CLIPROXY_API_KEYS"); val != "" { - keys := strings.Split(val, ",") - cfg.APIKeys = make([]string, 0, len(keys)) - for _, key := range keys { - trimmed := strings.TrimSpace(key) - if trimmed != "" { - cfg.APIKeys = append(cfg.APIKeys, trimmed) - } - } - if len(cfg.APIKeys) > 0 { - log.WithField("count", len(cfg.APIKeys)).Info("Applied CLIPROXY_API_KEYS override") - } - } -} - -// parseIntEnvVar parses an integer from an environment variable string. -func parseIntEnvVar(val string) (int, error) { - val = strings.TrimSpace(val) - var result int - _, err := fmt.Sscanf(val, "%d", &result) - return result, err -} - -// parseBoolEnvVar parses a boolean from an environment variable string. -// Accepts: true/false, yes/no, 1/0, on/off (case-insensitive). -func parseBoolEnvVar(val string) (bool, error) { - val = strings.ToLower(strings.TrimSpace(val)) - switch val { - case "true", "yes", "1", "on": - return true, nil - case "false", "no", "0", "off": - return false, nil - default: - return false, fmt.Errorf("invalid boolean value: %s", val) - } -} - -// SaveConfigPreserveComments writes the config back to YAML while preserving existing comments -// and key ordering by loading the original file into a yaml.Node tree and updating values in-place. -func SaveConfigPreserveComments(configFile string, cfg *Config) error { - persistCfg := cfg - // Load original YAML as a node tree to preserve comments and ordering. - data, err := os.ReadFile(configFile) - if err != nil { - return err - } - - var original yaml.Node - if err = yaml.Unmarshal(data, &original); err != nil { - return err - } - if original.Kind != yaml.DocumentNode || len(original.Content) == 0 { - return fmt.Errorf("invalid yaml document structure") - } - if original.Content[0] == nil || original.Content[0].Kind != yaml.MappingNode { - return fmt.Errorf("expected root mapping node") - } - - // Marshal the current cfg to YAML, then unmarshal to a yaml.Node we can merge from. - rendered, err := yaml.Marshal(persistCfg) - if err != nil { - return err - } - var generated yaml.Node - if err = yaml.Unmarshal(rendered, &generated); err != nil { - return err - } - if generated.Kind != yaml.DocumentNode || len(generated.Content) == 0 || generated.Content[0] == nil { - return fmt.Errorf("invalid generated yaml structure") - } - if generated.Content[0].Kind != yaml.MappingNode { - return fmt.Errorf("expected generated root mapping node") - } - - // Remove deprecated sections before merging back the sanitized config. - removeLegacyAuthBlock(original.Content[0]) - removeLegacyOpenAICompatAPIKeys(original.Content[0]) - removeLegacyAmpKeys(original.Content[0]) - removeLegacyGenerativeLanguageKeys(original.Content[0]) - - pruneMappingToGeneratedKeys(original.Content[0], generated.Content[0], "oauth-excluded-models") - pruneMappingToGeneratedKeys(original.Content[0], generated.Content[0], "oauth-model-alias") - - // Merge generated into original in-place, preserving comments/order of existing nodes. - mergeMappingPreserve(original.Content[0], generated.Content[0]) - normalizeCollectionNodeStyles(original.Content[0]) - - // Write back. - f, err := os.Create(configFile) - if err != nil { - return err - } - defer func() { _ = f.Close() }() - var buf bytes.Buffer - enc := yaml.NewEncoder(&buf) - enc.SetIndent(2) - if err = enc.Encode(&original); err != nil { - _ = enc.Close() - return err - } - if err = enc.Close(); err != nil { - return err - } - data = NormalizeCommentIndentation(buf.Bytes()) - _, err = f.Write(data) - return err -} - -// SaveConfigPreserveCommentsUpdateNestedScalar updates a nested scalar key path like ["a","b"] -// while preserving comments and positions. -func SaveConfigPreserveCommentsUpdateNestedScalar(configFile string, path []string, value string) error { - data, err := os.ReadFile(configFile) - if err != nil { - return err - } - var root yaml.Node - if err = yaml.Unmarshal(data, &root); err != nil { - return err - } - if root.Kind != yaml.DocumentNode || len(root.Content) == 0 { - return fmt.Errorf("invalid yaml document structure") - } - node := root.Content[0] - // descend mapping nodes following path - for i, key := range path { - if i == len(path)-1 { - // set final scalar - v := getOrCreateMapValue(node, key) - v.Kind = yaml.ScalarNode - v.Tag = "!!str" - v.Value = value - } else { - next := getOrCreateMapValue(node, key) - if next.Kind != yaml.MappingNode { - next.Kind = yaml.MappingNode - next.Tag = "!!map" - } - node = next - } - } - f, err := os.Create(configFile) - if err != nil { - return err - } - defer func() { _ = f.Close() }() - var buf bytes.Buffer - enc := yaml.NewEncoder(&buf) - enc.SetIndent(2) - if err = enc.Encode(&root); err != nil { - _ = enc.Close() - return err - } - if err = enc.Close(); err != nil { - return err - } - data = NormalizeCommentIndentation(buf.Bytes()) - _, err = f.Write(data) - return err -} - -// NormalizeCommentIndentation removes indentation from standalone YAML comment lines to keep them left aligned. -func NormalizeCommentIndentation(data []byte) []byte { - lines := bytes.Split(data, []byte("\n")) - changed := false - for i, line := range lines { - trimmed := bytes.TrimLeft(line, " \t") - if len(trimmed) == 0 || trimmed[0] != '#' { - continue - } - if len(trimmed) == len(line) { - continue - } - lines[i] = append([]byte(nil), trimmed...) - changed = true - } - if !changed { - return data - } - return bytes.Join(lines, []byte("\n")) -} - -// getOrCreateMapValue finds the value node for a given key in a mapping node. -// If not found, it appends a new key/value pair and returns the new value node. -func getOrCreateMapValue(mapNode *yaml.Node, key string) *yaml.Node { - if mapNode.Kind != yaml.MappingNode { - mapNode.Kind = yaml.MappingNode - mapNode.Tag = "!!map" - mapNode.Content = nil - } - for i := 0; i+1 < len(mapNode.Content); i += 2 { - k := mapNode.Content[i] - if k.Value == key { - return mapNode.Content[i+1] - } - } - // append new key/value - mapNode.Content = append(mapNode.Content, &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: key}) - val := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: ""} - mapNode.Content = append(mapNode.Content, val) - return val -} - -// mergeMappingPreserve merges keys from src into dst mapping node while preserving -// key order and comments of existing keys in dst. New keys are only added if their -// value is non-zero and not a known default to avoid polluting the config with defaults. -func mergeMappingPreserve(dst, src *yaml.Node, path ...[]string) { - var currentPath []string - if len(path) > 0 { - currentPath = path[0] - } - - if dst == nil || src == nil { - return - } - if dst.Kind != yaml.MappingNode || src.Kind != yaml.MappingNode { - // If kinds do not match, prefer replacing dst with src semantics in-place - // but keep dst node object to preserve any attached comments at the parent level. - copyNodeShallow(dst, src) - return - } - for i := 0; i+1 < len(src.Content); i += 2 { - sk := src.Content[i] - sv := src.Content[i+1] - idx := findMapKeyIndex(dst, sk.Value) - childPath := appendPath(currentPath, sk.Value) - if idx >= 0 { - // Merge into existing value node (always update, even to zero values) - dv := dst.Content[idx+1] - mergeNodePreserve(dv, sv, childPath) - } else { - // New key: only add if value is non-zero and not a known default - candidate := deepCopyNode(sv) - pruneKnownDefaultsInNewNode(childPath, candidate) - if isKnownDefaultValue(childPath, candidate) { - continue - } - dst.Content = append(dst.Content, deepCopyNode(sk), candidate) - } - } -} - -// mergeNodePreserve merges src into dst for scalars, mappings and sequences while -// reusing destination nodes to keep comments and anchors. For sequences, it updates -// in-place by index. -func mergeNodePreserve(dst, src *yaml.Node, path ...[]string) { - var currentPath []string - if len(path) > 0 { - currentPath = path[0] - } - - if dst == nil || src == nil { - return - } - switch src.Kind { - case yaml.MappingNode: - if dst.Kind != yaml.MappingNode { - copyNodeShallow(dst, src) - } - mergeMappingPreserve(dst, src, currentPath) - case yaml.SequenceNode: - // Preserve explicit null style if dst was null and src is empty sequence - if dst.Kind == yaml.ScalarNode && dst.Tag == "!!null" && len(src.Content) == 0 { - // Keep as null to preserve original style - return - } - if dst.Kind != yaml.SequenceNode { - dst.Kind = yaml.SequenceNode - dst.Tag = "!!seq" - dst.Content = nil - } - reorderSequenceForMerge(dst, src) - // Update elements in place - minContent := len(dst.Content) - if len(src.Content) < minContent { - minContent = len(src.Content) - } - for i := 0; i < minContent; i++ { - if dst.Content[i] == nil { - dst.Content[i] = deepCopyNode(src.Content[i]) - continue - } - mergeNodePreserve(dst.Content[i], src.Content[i], currentPath) - if dst.Content[i] != nil && src.Content[i] != nil && - dst.Content[i].Kind == yaml.MappingNode && src.Content[i].Kind == yaml.MappingNode { - pruneMissingMapKeys(dst.Content[i], src.Content[i]) - } - } - // Append any extra items from src - for i := len(dst.Content); i < len(src.Content); i++ { - dst.Content = append(dst.Content, deepCopyNode(src.Content[i])) - } - // Truncate if dst has extra items not in src - if len(src.Content) < len(dst.Content) { - dst.Content = dst.Content[:len(src.Content)] - } - case yaml.ScalarNode, yaml.AliasNode: - // For scalars, update Tag and Value but keep Style from dst to preserve quoting - dst.Kind = src.Kind - dst.Tag = src.Tag - dst.Value = src.Value - // Keep dst.Style as-is intentionally - case 0: - // Unknown/empty kind; do nothing - default: - // Fallback: replace shallowly - copyNodeShallow(dst, src) - } -} - -// findMapKeyIndex returns the index of key node in dst mapping (index of key, not value). -// Returns -1 when not found. -func findMapKeyIndex(mapNode *yaml.Node, key string) int { - if mapNode == nil || mapNode.Kind != yaml.MappingNode { - return -1 - } - for i := 0; i+1 < len(mapNode.Content); i += 2 { - if mapNode.Content[i] != nil && mapNode.Content[i].Value == key { - return i - } - } - return -1 -} - -// appendPath appends a key to the path, returning a new slice to avoid modifying the original. -func appendPath(path []string, key string) []string { - if len(path) == 0 { - return []string{key} - } - newPath := make([]string, checkedPathLengthPlusOne(len(path))) - copy(newPath, path) - newPath[len(path)] = key - return newPath -} - -func checkedPathLengthPlusOne(pathLen int) int { - maxInt := int(^uint(0) >> 1) - if pathLen < 0 || pathLen >= maxInt { - panic(fmt.Sprintf("path length overflow: %d", pathLen)) - } - return pathLen + 1 -} - -// isKnownDefaultValue returns true if the given node at the specified path -// represents a known default value that should not be written to the config file. -// This prevents non-zero defaults from polluting the config. -func isKnownDefaultValue(path []string, node *yaml.Node) bool { - // First check if it's a zero value - if isZeroValueNode(node) { - return true - } - - // Match known non-zero defaults by exact dotted path. - if len(path) == 0 { - return false - } - - fullPath := strings.Join(path, ".") - - // Check string defaults - if node.Kind == yaml.ScalarNode && node.Tag == "!!str" { - switch fullPath { - case "pprof.addr": - return node.Value == DefaultPprofAddr - case "remote-management.panel-github-repository": - return node.Value == DefaultPanelGitHubRepository - case "routing.strategy": - return node.Value == "round-robin" - } - } - - // Check integer defaults - if node.Kind == yaml.ScalarNode && node.Tag == "!!int" { - switch fullPath { - case "error-logs-max-files": - return node.Value == "10" - } - } - - return false -} - -// pruneKnownDefaultsInNewNode removes default-valued descendants from a new node -// before it is appended into the destination YAML tree. -func pruneKnownDefaultsInNewNode(path []string, node *yaml.Node) { - if node == nil { - return - } - - switch node.Kind { - case yaml.MappingNode: - filtered := make([]*yaml.Node, 0, len(node.Content)) - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valueNode := node.Content[i+1] - if keyNode == nil || valueNode == nil { - continue - } - - childPath := appendPath(path, keyNode.Value) - if isKnownDefaultValue(childPath, valueNode) { - continue - } - - pruneKnownDefaultsInNewNode(childPath, valueNode) - if (valueNode.Kind == yaml.MappingNode || valueNode.Kind == yaml.SequenceNode) && - len(valueNode.Content) == 0 { - continue - } - - filtered = append(filtered, keyNode, valueNode) - } - node.Content = filtered - case yaml.SequenceNode: - for _, child := range node.Content { - pruneKnownDefaultsInNewNode(path, child) - } - } -} - -// isZeroValueNode returns true if the YAML node represents a zero/default value -// that should not be written as a new key to preserve config cleanliness. -// For mappings and sequences, recursively checks if all children are zero values. -func isZeroValueNode(node *yaml.Node) bool { - if node == nil { - return true - } - switch node.Kind { - case yaml.ScalarNode: - switch node.Tag { - case "!!bool": - return node.Value == "false" - case "!!int", "!!float": - return node.Value == "0" || node.Value == "0.0" - case "!!str": - return node.Value == "" - case "!!null": - return true - } - case yaml.SequenceNode: - if len(node.Content) == 0 { - return true - } - // Check if all elements are zero values - for _, child := range node.Content { - if !isZeroValueNode(child) { - return false - } - } - return true - case yaml.MappingNode: - if len(node.Content) == 0 { - return true - } - // Check if all values are zero values (values are at odd indices) - for i := 1; i < len(node.Content); i += 2 { - if !isZeroValueNode(node.Content[i]) { - return false - } - } - return true - } - return false -} - -// deepCopyNode creates a deep copy of a yaml.Node graph. -func deepCopyNode(n *yaml.Node) *yaml.Node { - if n == nil { - return nil - } - cp := *n - if len(n.Content) > 0 { - cp.Content = make([]*yaml.Node, len(n.Content)) - for i := range n.Content { - cp.Content[i] = deepCopyNode(n.Content[i]) - } - } - return &cp -} - -// copyNodeShallow copies type/tag/value and resets content to match src, but -// keeps the same destination node pointer to preserve parent relations/comments. -func copyNodeShallow(dst, src *yaml.Node) { - if dst == nil || src == nil { - return - } - dst.Kind = src.Kind - dst.Tag = src.Tag - dst.Value = src.Value - // Replace content with deep copy from src - if len(src.Content) > 0 { - dst.Content = make([]*yaml.Node, len(src.Content)) - for i := range src.Content { - dst.Content[i] = deepCopyNode(src.Content[i]) - } - } else { - dst.Content = nil - } -} - -func reorderSequenceForMerge(dst, src *yaml.Node) { - if dst == nil || src == nil { - return - } - if len(dst.Content) == 0 { - return - } - if len(src.Content) == 0 { - return - } - original := append([]*yaml.Node(nil), dst.Content...) - used := make([]bool, len(original)) - ordered := make([]*yaml.Node, len(src.Content)) - for i := range src.Content { - if idx := matchSequenceElement(original, used, src.Content[i]); idx >= 0 { - ordered[i] = original[idx] - used[idx] = true - } - } - dst.Content = ordered -} - -func matchSequenceElement(original []*yaml.Node, used []bool, target *yaml.Node) int { - if target == nil { - return -1 - } - switch target.Kind { - case yaml.MappingNode: - id := sequenceElementIdentity(target) - if id != "" { - for i := range original { - if used[i] || original[i] == nil || original[i].Kind != yaml.MappingNode { - continue - } - if sequenceElementIdentity(original[i]) == id { - return i - } - } - } - case yaml.ScalarNode: - val := strings.TrimSpace(target.Value) - if val != "" { - for i := range original { - if used[i] || original[i] == nil || original[i].Kind != yaml.ScalarNode { - continue - } - if strings.TrimSpace(original[i].Value) == val { - return i - } - } - } - default: - } - // Fallback to structural equality to preserve nodes lacking explicit identifiers. - for i := range original { - if used[i] || original[i] == nil { - continue - } - if nodesStructurallyEqual(original[i], target) { - return i - } - } - return -1 -} - -func sequenceElementIdentity(node *yaml.Node) string { - if node == nil || node.Kind != yaml.MappingNode { - return "" - } - identityKeys := []string{"id", "name", "alias", "api-key", "api_key", "apikey", "key", "provider", "model"} - for _, k := range identityKeys { - if v := mappingScalarValue(node, k); v != "" { - return k + "=" + v - } - } - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil || valNode.Kind != yaml.ScalarNode { - continue - } - val := strings.TrimSpace(valNode.Value) - if val != "" { - return strings.ToLower(strings.TrimSpace(keyNode.Value)) + "=" + val - } - } - return "" -} - -func mappingScalarValue(node *yaml.Node, key string) string { - if node == nil || node.Kind != yaml.MappingNode { - return "" - } - lowerKey := strings.ToLower(key) - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil || valNode.Kind != yaml.ScalarNode { - continue - } - if strings.ToLower(strings.TrimSpace(keyNode.Value)) == lowerKey { - return strings.TrimSpace(valNode.Value) - } - } - return "" -} - -func nodesStructurallyEqual(a, b *yaml.Node) bool { - if a == nil || b == nil { - return a == b - } - if a.Kind != b.Kind { - return false - } - switch a.Kind { - case yaml.MappingNode: - if len(a.Content) != len(b.Content) { - return false - } - for i := 0; i+1 < len(a.Content); i += 2 { - if !nodesStructurallyEqual(a.Content[i], b.Content[i]) { - return false - } - if !nodesStructurallyEqual(a.Content[i+1], b.Content[i+1]) { - return false - } - } - return true - case yaml.SequenceNode: - if len(a.Content) != len(b.Content) { - return false - } - for i := range a.Content { - if !nodesStructurallyEqual(a.Content[i], b.Content[i]) { - return false - } - } - return true - case yaml.ScalarNode: - return strings.TrimSpace(a.Value) == strings.TrimSpace(b.Value) - case yaml.AliasNode: - return nodesStructurallyEqual(a.Alias, b.Alias) - default: - return strings.TrimSpace(a.Value) == strings.TrimSpace(b.Value) - } -} - -func removeMapKey(mapNode *yaml.Node, key string) { - if mapNode == nil || mapNode.Kind != yaml.MappingNode || key == "" { - return - } - for i := 0; i+1 < len(mapNode.Content); i += 2 { - if mapNode.Content[i] != nil && mapNode.Content[i].Value == key { - mapNode.Content = append(mapNode.Content[:i], mapNode.Content[i+2:]...) - return - } - } -} - -func pruneMappingToGeneratedKeys(dstRoot, srcRoot *yaml.Node, key string) { - if key == "" || dstRoot == nil || srcRoot == nil { - return - } - if dstRoot.Kind != yaml.MappingNode || srcRoot.Kind != yaml.MappingNode { - return - } - dstIdx := findMapKeyIndex(dstRoot, key) - if dstIdx < 0 || dstIdx+1 >= len(dstRoot.Content) { - return - } - srcIdx := findMapKeyIndex(srcRoot, key) - if srcIdx < 0 { - // Keep an explicit empty mapping for oauth-model-alias when it was previously present. - // - // Rationale: LoadConfig runs MigrateOAuthModelAlias before unmarshalling. If the - // oauth-model-alias key is missing, migration will add the default antigravity aliases. - // When users delete the last channel from oauth-model-alias via the management API, - // we want that deletion to persist across hot reloads and restarts. - if key == "oauth-model-alias" { - dstRoot.Content[dstIdx+1] = &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - return - } - removeMapKey(dstRoot, key) - return - } - if srcIdx+1 >= len(srcRoot.Content) { - return - } - srcVal := srcRoot.Content[srcIdx+1] - dstVal := dstRoot.Content[dstIdx+1] - if srcVal == nil { - dstRoot.Content[dstIdx+1] = nil - return - } - if srcVal.Kind != yaml.MappingNode { - dstRoot.Content[dstIdx+1] = deepCopyNode(srcVal) - return - } - if dstVal == nil || dstVal.Kind != yaml.MappingNode { - dstRoot.Content[dstIdx+1] = deepCopyNode(srcVal) - return - } - pruneMissingMapKeys(dstVal, srcVal) -} - -func pruneMissingMapKeys(dstMap, srcMap *yaml.Node) { - if dstMap == nil || srcMap == nil || dstMap.Kind != yaml.MappingNode || srcMap.Kind != yaml.MappingNode { - return - } - keep := make(map[string]struct{}, len(srcMap.Content)/2) - for i := 0; i+1 < len(srcMap.Content); i += 2 { - keyNode := srcMap.Content[i] - if keyNode == nil { - continue - } - key := strings.TrimSpace(keyNode.Value) - if key == "" { - continue - } - keep[key] = struct{}{} - } - for i := 0; i+1 < len(dstMap.Content); { - keyNode := dstMap.Content[i] - if keyNode == nil { - i += 2 - continue - } - key := strings.TrimSpace(keyNode.Value) - if _, ok := keep[key]; !ok { - dstMap.Content = append(dstMap.Content[:i], dstMap.Content[i+2:]...) - continue - } - i += 2 - } -} - -// normalizeCollectionNodeStyles forces YAML collections to use block notation, keeping -// lists and maps readable. Empty sequences retain flow style ([]) so empty list markers -// remain compact. -func normalizeCollectionNodeStyles(node *yaml.Node) { - if node == nil { - return - } - switch node.Kind { - case yaml.MappingNode: - node.Style = 0 - for i := range node.Content { - normalizeCollectionNodeStyles(node.Content[i]) - } - case yaml.SequenceNode: - if len(node.Content) == 0 { - node.Style = yaml.FlowStyle - } else { - node.Style = 0 - } - for i := range node.Content { - normalizeCollectionNodeStyles(node.Content[i]) - } - default: - // Scalars keep their existing style to preserve quoting - } -} - -func removeLegacyOpenAICompatAPIKeys(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - idx := findMapKeyIndex(root, "openai-compatibility") - if idx < 0 || idx+1 >= len(root.Content) { - return - } - seq := root.Content[idx+1] - if seq == nil || seq.Kind != yaml.SequenceNode { - return - } - for i := range seq.Content { - if seq.Content[i] != nil && seq.Content[i].Kind == yaml.MappingNode { - removeMapKey(seq.Content[i], "api-keys") - } - } -} - -func removeLegacyAmpKeys(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - removeMapKey(root, "amp-upstream-url") - removeMapKey(root, "amp-upstream-api-key") - removeMapKey(root, "amp-restrict-management-to-localhost") - removeMapKey(root, "amp-model-mappings") -} - -func removeLegacyGenerativeLanguageKeys(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - removeMapKey(root, "generative-language-api-key") -} - -func removeLegacyAuthBlock(root *yaml.Node) { - if root == nil || root.Kind != yaml.MappingNode { - return - } - removeMapKey(root, "auth") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config_generated.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config_generated.go deleted file mode 100644 index 9a6b6f3d17..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config_generated.go +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package config - -import "strings" - -// GeneratedConfig contains generated config fields for dedicated providers. -type GeneratedConfig struct { - // MiniMaxKey defines MiniMax configurations. - MiniMaxKey []MiniMaxKey `yaml:"minimax" json:"minimax"` - // RooKey defines Roo configurations. - RooKey []RooKey `yaml:"roo" json:"roo"` - // KiloKey defines Kilo configurations. - KiloKey []KiloKey `yaml:"kilo" json:"kilo"` - // DeepSeekKey defines DeepSeek configurations. - DeepSeekKey []DeepSeekKey `yaml:"deepseek" json:"deepseek"` - // GroqKey defines Groq configurations. - GroqKey []GroqKey `yaml:"groq" json:"groq"` - // MistralKey defines Mistral configurations. - MistralKey []MistralKey `yaml:"mistral" json:"mistral"` - // SiliconFlowKey defines SiliconFlow configurations. - SiliconFlowKey []SiliconFlowKey `yaml:"siliconflow" json:"siliconflow"` - // OpenRouterKey defines OpenRouter configurations. - OpenRouterKey []OpenRouterKey `yaml:"openrouter" json:"openrouter"` - // TogetherKey defines Together configurations. - TogetherKey []TogetherKey `yaml:"together" json:"together"` - // FireworksKey defines Fireworks configurations. - FireworksKey []FireworksKey `yaml:"fireworks" json:"fireworks"` - // NovitaKey defines Novita configurations. - NovitaKey []NovitaKey `yaml:"novita" json:"novita"` -} - -// MiniMaxKey is a type alias for OAICompatProviderConfig for the minimax provider. -type MiniMaxKey = OAICompatProviderConfig - -// RooKey is a type alias for OAICompatProviderConfig for the roo provider. -type RooKey = OAICompatProviderConfig - -// KiloKey is a type alias for OAICompatProviderConfig for the kilo provider. -type KiloKey = OAICompatProviderConfig - -// DeepSeekKey is a type alias for OAICompatProviderConfig for the deepseek provider. -type DeepSeekKey = OAICompatProviderConfig - -// GroqKey is a type alias for OAICompatProviderConfig for the groq provider. -type GroqKey = OAICompatProviderConfig - -// MistralKey is a type alias for OAICompatProviderConfig for the mistral provider. -type MistralKey = OAICompatProviderConfig - -// SiliconFlowKey is a type alias for OAICompatProviderConfig for the siliconflow provider. -type SiliconFlowKey = OAICompatProviderConfig - -// OpenRouterKey is a type alias for OAICompatProviderConfig for the openrouter provider. -type OpenRouterKey = OAICompatProviderConfig - -// TogetherKey is a type alias for OAICompatProviderConfig for the together provider. -type TogetherKey = OAICompatProviderConfig - -// FireworksKey is a type alias for OAICompatProviderConfig for the fireworks provider. -type FireworksKey = OAICompatProviderConfig - -// NovitaKey is a type alias for OAICompatProviderConfig for the novita provider. -type NovitaKey = OAICompatProviderConfig - -// SanitizeGeneratedProviders trims whitespace from generated provider credential fields. -func (cfg *Config) SanitizeGeneratedProviders() { - if cfg == nil { - return - } - for i := range cfg.MiniMaxKey { - entry := &cfg.MiniMaxKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.RooKey { - entry := &cfg.RooKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.KiloKey { - entry := &cfg.KiloKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.DeepSeekKey { - entry := &cfg.DeepSeekKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.GroqKey { - entry := &cfg.GroqKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.MistralKey { - entry := &cfg.MistralKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.SiliconFlowKey { - entry := &cfg.SiliconFlowKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.OpenRouterKey { - entry := &cfg.OpenRouterKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.TogetherKey { - entry := &cfg.TogetherKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.FireworksKey { - entry := &cfg.FireworksKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.NovitaKey { - entry := &cfg.NovitaKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config_test.go deleted file mode 100644 index 779781cf2f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/config_test.go +++ /dev/null @@ -1,221 +0,0 @@ -package config - -import ( - "os" - "path/filepath" - "strings" - "testing" -) - -func TestLoadConfig(t *testing.T) { - tmpFile, err := os.CreateTemp("", "config*.yaml") - if err != nil { - t.Fatal(err) - } - defer func() { _ = os.Remove(tmpFile.Name()) }() - - content := ` -port: 8080 -auth-dir: ./auth -debug: true -` - if _, err := tmpFile.Write([]byte(content)); err != nil { - t.Fatal(err) - } - if err := tmpFile.Close(); err != nil { - t.Fatal(err) - } - - cfg, err := LoadConfig(tmpFile.Name()) - if err != nil { - t.Fatalf("LoadConfig failed: %v", err) - } - - if cfg.Port != 8080 { - t.Errorf("expected port 8080, got %d", cfg.Port) - } - - if cfg.AuthDir != "./auth" { - t.Errorf("expected auth-dir ./auth, got %s", cfg.AuthDir) - } - - if !cfg.Debug { - t.Errorf("expected debug true, got false") - } -} - -func TestConfig_Validate(t *testing.T) { - cfg := &Config{ - Port: 8080, - } - if cfg.Port != 8080 { - t.Errorf("expected port 8080, got %d", cfg.Port) - } -} - -func TestLoadConfigOptional_DirectoryPath(t *testing.T) { - tmpDir := t.TempDir() - dirPath := filepath.Join(tmpDir, "config-dir") - if err := os.MkdirAll(dirPath, 0o755); err != nil { - t.Fatalf("failed to create temp config dir: %v", err) - } - - _, err := LoadConfigOptional(dirPath, false) - if err == nil { - t.Fatal("expected error for directory config path when optional=false") - } - if !strings.Contains(err.Error(), "is a directory") { - t.Fatalf("expected directory error, got: %v", err) - } - if !strings.Contains(err.Error(), "pass a YAML file path") { - t.Fatalf("expected remediation hint in error, got: %v", err) - } - - cfg, err := LoadConfigOptional(dirPath, true) - if err != nil { - t.Fatalf("expected nil error for optional directory config path, got: %v", err) - } - if cfg == nil { - t.Fatal("expected non-nil config for optional directory config path") - } -} - -func TestConfigSanitizePayloadRules_ValidNestedPathsPreserved(t *testing.T) { - cfg := &Config{ - Payload: PayloadConfig{ - Default: []PayloadRule{ - { - Params: map[string]any{ - "response_format.json_schema.schema.properties.output.type": "string", - }, - }, - }, - Override: []PayloadRule{ - { - Params: map[string]any{ - "metadata.flags.enable_nested_mapping": true, - }, - }, - }, - Filter: []PayloadFilterRule{ - { - Params: []string{"metadata.debug.internal"}, - }, - }, - DefaultRaw: []PayloadRule{ - { - Params: map[string]any{ - "tool_choice": `{"type":"function","name":"route_to_primary"}`, - }, - }, - }, - }, - } - - cfg.SanitizePayloadRules() - - if len(cfg.Payload.Default) != 1 { - t.Fatalf("expected default rules preserved, got %d", len(cfg.Payload.Default)) - } - if len(cfg.Payload.Override) != 1 { - t.Fatalf("expected override rules preserved, got %d", len(cfg.Payload.Override)) - } - if len(cfg.Payload.Filter) != 1 { - t.Fatalf("expected filter rules preserved, got %d", len(cfg.Payload.Filter)) - } - if len(cfg.Payload.DefaultRaw) != 1 { - t.Fatalf("expected default-raw rules preserved, got %d", len(cfg.Payload.DefaultRaw)) - } -} - -func TestConfigSanitizePayloadRules_InvalidPathDropped(t *testing.T) { - cfg := &Config{ - Payload: PayloadConfig{ - Default: []PayloadRule{ - { - Params: map[string]any{ - ".invalid.path": "x", - }, - }, - }, - Override: []PayloadRule{ - { - Params: map[string]any{ - "metadata..invalid": true, - }, - }, - }, - Filter: []PayloadFilterRule{ - { - Params: []string{"metadata.invalid."}, - }, - }, - DefaultRaw: []PayloadRule{ - { - Params: map[string]any{ - ".raw.invalid": `{"ok":true}`, - }, - }, - }, - }, - } - - cfg.SanitizePayloadRules() - - if len(cfg.Payload.Default) != 0 { - t.Fatalf("expected invalid default rule dropped, got %d", len(cfg.Payload.Default)) - } - if len(cfg.Payload.Override) != 0 { - t.Fatalf("expected invalid override rule dropped, got %d", len(cfg.Payload.Override)) - } - if len(cfg.Payload.Filter) != 0 { - t.Fatalf("expected invalid filter rule dropped, got %d", len(cfg.Payload.Filter)) - } - if len(cfg.Payload.DefaultRaw) != 0 { - t.Fatalf("expected invalid default-raw rule dropped, got %d", len(cfg.Payload.DefaultRaw)) - } -} - -func TestConfigSanitizePayloadRules_InvalidRawJSONDropped(t *testing.T) { - cfg := &Config{ - Payload: PayloadConfig{ - DefaultRaw: []PayloadRule{ - { - Params: map[string]any{ - "tool_choice": `{"type":`, - }, - }, - }, - OverrideRaw: []PayloadRule{ - { - Params: map[string]any{ - "metadata.labels": []byte(`{"env":"prod"`), - }, - }, - }, - }, - } - - cfg.SanitizePayloadRules() - - if len(cfg.Payload.DefaultRaw) != 0 { - t.Fatalf("expected invalid default-raw JSON rule dropped, got %d", len(cfg.Payload.DefaultRaw)) - } - if len(cfg.Payload.OverrideRaw) != 0 { - t.Fatalf("expected invalid override-raw JSON rule dropped, got %d", len(cfg.Payload.OverrideRaw)) - } -} - -func TestCheckedPathLengthPlusOne(t *testing.T) { - if got := checkedPathLengthPlusOne(4); got != 5 { - t.Fatalf("expected 5, got %d", got) - } - - maxInt := int(^uint(0) >> 1) - defer func() { - if r := recover(); r == nil { - t.Fatal("expected panic for overflow path length") - } - }() - _ = checkedPathLengthPlusOne(maxInt) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_migration.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_migration.go deleted file mode 100644 index 5f98dbcaa4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_migration.go +++ /dev/null @@ -1,312 +0,0 @@ -package config - -import ( - "os" - "strings" - - "gopkg.in/yaml.v3" -) - -// antigravityModelConversionTable maps old built-in aliases to actual model names -// for the antigravity channel during migration. -var antigravityModelConversionTable = map[string]string{ - "gemini-2.5-computer-use-preview-10-2025": "rev19-uic3-1p", - "gemini-3-pro-image-preview": "gemini-3-pro-image", - "gemini-3-pro-preview": "gemini-3-pro-high", - "gemini-3-flash-preview": "gemini-3-flash", - "gemini-claude-sonnet-4-5": "claude-sonnet-4-5", - "gemini-claude-sonnet-4-5-thinking": "claude-sonnet-4-5-thinking", - "gemini-claude-opus-4-5-thinking": "claude-opus-4-5-thinking", - "gemini-claude-opus-thinking": "claude-opus-4-6-thinking", - "gemini-claude-opus-4-6-thinking": "claude-opus-4-6-thinking", -} - -// defaultKiroAliases returns the default oauth-model-alias configuration -// for the kiro channel. Maps kiro-prefixed model names to standard Claude model -// names so that clients like Claude Code can use standard names directly. -func defaultKiroAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - // Sonnet 4.5 - {Name: "kiro-claude-sonnet-4-5", Alias: "claude-sonnet-4-5-20250929", Fork: true}, - {Name: "kiro-claude-sonnet-4-5", Alias: "claude-sonnet-4-5", Fork: true}, - // Sonnet 4 - {Name: "kiro-claude-sonnet-4", Alias: "claude-sonnet-4-20250514", Fork: true}, - {Name: "kiro-claude-sonnet-4", Alias: "claude-sonnet-4", Fork: true}, - // Opus 4.6 - {Name: "kiro-claude-opus-4-6", Alias: "claude-opus-4-6", Fork: true}, - // Opus 4.5 - {Name: "kiro-claude-opus-4-5", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "kiro-claude-opus-4-5", Alias: "claude-opus-4-5", Fork: true}, - // Haiku 4.5 - {Name: "kiro-claude-haiku-4-5", Alias: "claude-haiku-4-5-20251001", Fork: true}, - {Name: "kiro-claude-haiku-4-5", Alias: "claude-haiku-4-5", Fork: true}, - } -} - -// defaultAntigravityAliases returns the default oauth-model-alias configuration -// for the antigravity channel when neither field exists. -func defaultAntigravityAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - {Name: "rev19-uic3-1p", Alias: "rev19-uic3-1p"}, - {Name: "gemini-3-pro-image", Alias: "gemini-3-pro-image-preview"}, - {Name: "gemini-3-pro-high", Alias: "gemini-3-pro-preview"}, - {Name: "gemini-3-flash", Alias: "gemini-3-flash-preview"}, - {Name: "claude-sonnet-4-5", Alias: "gemini-claude-sonnet-4-5"}, - {Name: "claude-sonnet-4-5-thinking", Alias: "gemini-claude-sonnet-4-5-thinking"}, - {Name: "claude-opus-4-5-thinking", Alias: "gemini-claude-opus-4-5-thinking"}, - {Name: "claude-opus-4-6-thinking", Alias: "gemini-claude-opus-thinking"}, - {Name: "claude-opus-4-6-thinking", Alias: "gemini-claude-opus-4-6-thinking"}, - } -} - -// defaultGitHubCopilotAliases returns the default oauth-model-alias configuration -// for the github-copilot channel. -func defaultGitHubCopilotAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - {Name: "claude-opus-4.6", Alias: "claude-opus-4-6", Fork: true}, - } -} - -// MigrateOAuthModelAlias checks for and performs migration from oauth-model-mappings -// to oauth-model-alias at startup. Returns true if migration was performed. -// -// Migration flow: -// 1. Check if oauth-model-alias exists -> skip migration -// 2. Check if oauth-model-mappings exists -> convert and migrate -// - For antigravity channel, convert old built-in aliases to actual model names -// -// 3. Neither exists -> add default antigravity config -func MigrateOAuthModelAlias(configFile string) (bool, error) { - data, err := os.ReadFile(configFile) - if err != nil { - if os.IsNotExist(err) { - return false, nil - } - return false, err - } - if len(data) == 0 { - return false, nil - } - - // Parse YAML into node tree to preserve structure - var root yaml.Node - if err := yaml.Unmarshal(data, &root); err != nil { - return false, nil - } - if root.Kind != yaml.DocumentNode || len(root.Content) == 0 { - return false, nil - } - rootMap := root.Content[0] - if rootMap == nil || rootMap.Kind != yaml.MappingNode { - return false, nil - } - - // Check if oauth-model-alias already exists - if findMapKeyIndex(rootMap, "oauth-model-alias") >= 0 { - return false, nil - } - - // Check if oauth-model-mappings exists - oldIdx := findMapKeyIndex(rootMap, "oauth-model-mappings") - if oldIdx >= 0 { - // Migrate from old field - return migrateFromOldField(configFile, &root, rootMap, oldIdx) - } - - // Neither field exists - add default antigravity config - return addDefaultAntigravityConfig(configFile, &root, rootMap) -} - -// migrateFromOldField converts oauth-model-mappings to oauth-model-alias -func migrateFromOldField(configFile string, root *yaml.Node, rootMap *yaml.Node, oldIdx int) (bool, error) { - if oldIdx+1 >= len(rootMap.Content) { - return false, nil - } - oldValue := rootMap.Content[oldIdx+1] - if oldValue == nil || oldValue.Kind != yaml.MappingNode { - return false, nil - } - - // Parse the old aliases - oldAliases := parseOldAliasNode(oldValue) - if len(oldAliases) == 0 { - // Remove the old field and write - removeMapKeyByIndex(rootMap, oldIdx) - return writeYAMLNode(configFile, root) - } - - // Convert model names for antigravity channel - newAliases := make(map[string][]OAuthModelAlias, len(oldAliases)) - for channel, entries := range oldAliases { - converted := make([]OAuthModelAlias, 0, len(entries)) - for _, entry := range entries { - newEntry := OAuthModelAlias{ - Name: entry.Name, - Alias: entry.Alias, - Fork: entry.Fork, - } - // Convert model names for antigravity channel - if strings.EqualFold(channel, "antigravity") { - if actual, ok := antigravityModelConversionTable[entry.Name]; ok { - newEntry.Name = actual - } - } - converted = append(converted, newEntry) - } - newAliases[channel] = converted - } - - // For antigravity channel, supplement missing default aliases - if antigravityEntries, exists := newAliases["antigravity"]; exists { - // Build a set of already configured (name, alias) pairs. - // A single upstream model may intentionally expose multiple aliases. - configuredPairs := make(map[string]bool, len(antigravityEntries)) - for _, entry := range antigravityEntries { - key := entry.Name + "\x00" + entry.Alias - configuredPairs[key] = true - } - - // Add missing default aliases - for _, defaultAlias := range defaultAntigravityAliases() { - key := defaultAlias.Name + "\x00" + defaultAlias.Alias - if !configuredPairs[key] { - antigravityEntries = append(antigravityEntries, defaultAlias) - } - } - newAliases["antigravity"] = antigravityEntries - } - - // Build new node - newNode := buildOAuthModelAliasNode(newAliases) - - // Replace old key with new key and value - rootMap.Content[oldIdx].Value = "oauth-model-alias" - rootMap.Content[oldIdx+1] = newNode - - return writeYAMLNode(configFile, root) -} - -// addDefaultAntigravityConfig adds the default antigravity configuration -func addDefaultAntigravityConfig(configFile string, root *yaml.Node, rootMap *yaml.Node) (bool, error) { - defaults := map[string][]OAuthModelAlias{ - "antigravity": defaultAntigravityAliases(), - } - newNode := buildOAuthModelAliasNode(defaults) - - // Add new key-value pair - keyNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "oauth-model-alias"} - rootMap.Content = append(rootMap.Content, keyNode, newNode) - - return writeYAMLNode(configFile, root) -} - -// parseOldAliasNode parses the old oauth-model-mappings node structure -func parseOldAliasNode(node *yaml.Node) map[string][]OAuthModelAlias { - if node == nil || node.Kind != yaml.MappingNode { - return nil - } - result := make(map[string][]OAuthModelAlias) - for i := 0; i+1 < len(node.Content); i += 2 { - channelNode := node.Content[i] - entriesNode := node.Content[i+1] - if channelNode == nil || entriesNode == nil { - continue - } - channel := strings.ToLower(strings.TrimSpace(channelNode.Value)) - if channel == "" || entriesNode.Kind != yaml.SequenceNode { - continue - } - entries := make([]OAuthModelAlias, 0, len(entriesNode.Content)) - for _, entryNode := range entriesNode.Content { - if entryNode == nil || entryNode.Kind != yaml.MappingNode { - continue - } - entry := parseAliasEntry(entryNode) - if entry.Name != "" && entry.Alias != "" { - entries = append(entries, entry) - } - } - if len(entries) > 0 { - result[channel] = entries - } - } - return result -} - -// parseAliasEntry parses a single alias entry node -func parseAliasEntry(node *yaml.Node) OAuthModelAlias { - var entry OAuthModelAlias - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil { - continue - } - switch strings.ToLower(strings.TrimSpace(keyNode.Value)) { - case "name": - entry.Name = strings.TrimSpace(valNode.Value) - case "alias": - entry.Alias = strings.TrimSpace(valNode.Value) - case "fork": - entry.Fork = strings.ToLower(strings.TrimSpace(valNode.Value)) == "true" - } - } - return entry -} - -// buildOAuthModelAliasNode creates a YAML node for oauth-model-alias -func buildOAuthModelAliasNode(aliases map[string][]OAuthModelAlias) *yaml.Node { - node := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - for channel, entries := range aliases { - channelNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: channel} - entriesNode := &yaml.Node{Kind: yaml.SequenceNode, Tag: "!!seq"} - for _, entry := range entries { - entryNode := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - entryNode.Content = append(entryNode.Content, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "name"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: entry.Name}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "alias"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: entry.Alias}, - ) - if entry.Fork { - entryNode.Content = append(entryNode.Content, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "fork"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!bool", Value: "true"}, - ) - } - entriesNode.Content = append(entriesNode.Content, entryNode) - } - node.Content = append(node.Content, channelNode, entriesNode) - } - return node -} - -// removeMapKeyByIndex removes a key-value pair from a mapping node by index -func removeMapKeyByIndex(mapNode *yaml.Node, keyIdx int) { - if mapNode == nil || mapNode.Kind != yaml.MappingNode { - return - } - if keyIdx < 0 || keyIdx+1 >= len(mapNode.Content) { - return - } - mapNode.Content = append(mapNode.Content[:keyIdx], mapNode.Content[keyIdx+2:]...) -} - -// writeYAMLNode writes the YAML node tree back to file -func writeYAMLNode(configFile string, root *yaml.Node) (bool, error) { - f, err := os.Create(configFile) - if err != nil { - return false, err - } - defer func() { _ = f.Close() }() - - enc := yaml.NewEncoder(f) - enc.SetIndent(2) - if err := enc.Encode(root); err != nil { - return false, err - } - if err := enc.Close(); err != nil { - return false, err - } - return true, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_migration_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_migration_test.go deleted file mode 100644 index 939a21be2a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_migration_test.go +++ /dev/null @@ -1,259 +0,0 @@ -package config - -import ( - "os" - "path/filepath" - "strings" - "testing" - - "gopkg.in/yaml.v3" -) - -func TestMigrateOAuthModelAlias_SkipsIfNewFieldExists(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `oauth-model-alias: - gemini-cli: - - name: "gemini-2.5-pro" - alias: "g2.5p" -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if migrated { - t.Fatal("expected no migration when oauth-model-alias already exists") - } - - // Verify file unchanged - data, _ := os.ReadFile(configFile) - if !strings.Contains(string(data), "oauth-model-alias:") { - t.Fatal("file should still contain oauth-model-alias") - } -} - -func TestMigrateOAuthModelAlias_MigratesOldField(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `oauth-model-mappings: - gemini-cli: - - name: "gemini-2.5-pro" - alias: "g2.5p" - fork: true -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to occur") - } - - // Verify new field exists and old field removed - data, _ := os.ReadFile(configFile) - if strings.Contains(string(data), "oauth-model-mappings:") { - t.Fatal("old field should be removed") - } - if !strings.Contains(string(data), "oauth-model-alias:") { - t.Fatal("new field should exist") - } - - // Parse and verify structure - var root yaml.Node - if err := yaml.Unmarshal(data, &root); err != nil { - t.Fatal(err) - } -} - -func TestMigrateOAuthModelAlias_ConvertsAntigravityModels(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - // Use old model names that should be converted - content := `oauth-model-mappings: - antigravity: - - name: "gemini-2.5-computer-use-preview-10-2025" - alias: "computer-use" - - name: "gemini-3-pro-preview" - alias: "g3p" - - name: "gemini-claude-opus-thinking" - alias: "opus-thinking" -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to occur") - } - - // Verify model names were converted - data, _ := os.ReadFile(configFile) - content = string(data) - if !strings.Contains(content, "rev19-uic3-1p") { - t.Fatal("expected gemini-2.5-computer-use-preview-10-2025 to be converted to rev19-uic3-1p") - } - if strings.Contains(content, `alias: "gemini-2.5-computer-use-preview-10-2025"`) { - t.Fatal("expected deprecated antigravity alias not to be injected into oauth-model-alias defaults") - } - if !strings.Contains(content, "gemini-3-pro-high") { - t.Fatal("expected gemini-3-pro-preview to be converted to gemini-3-pro-high") - } - if !strings.Contains(content, "claude-opus-4-6-thinking") { - t.Fatal("expected gemini-claude-opus-thinking to be converted to claude-opus-4-6-thinking") - } - - // Verify missing default aliases were supplemented - if !strings.Contains(content, "gemini-3-pro-image") { - t.Fatal("expected missing default alias gemini-3-pro-image to be added") - } - if !strings.Contains(content, "gemini-3-flash") { - t.Fatal("expected missing default alias gemini-3-flash to be added") - } - if !strings.Contains(content, "claude-sonnet-4-5") { - t.Fatal("expected missing default alias claude-sonnet-4-5 to be added") - } - if !strings.Contains(content, "claude-sonnet-4-5-thinking") { - t.Fatal("expected missing default alias claude-sonnet-4-5-thinking to be added") - } - if !strings.Contains(content, "claude-opus-4-5-thinking") { - t.Fatal("expected missing default alias claude-opus-4-5-thinking to be added") - } - if !strings.Contains(content, "claude-opus-4-6-thinking") { - t.Fatal("expected missing default alias claude-opus-4-6-thinking to be added") - } - if !strings.Contains(content, "gemini-claude-opus-thinking") { - t.Fatal("expected default alias gemini-claude-opus-thinking to be added") - } -} - -func TestMigrateOAuthModelAlias_AddsDefaultIfNeitherExists(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `debug: true -port: 8080 -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to add default config") - } - - // Verify default antigravity config was added - data, _ := os.ReadFile(configFile) - content = string(data) - if !strings.Contains(content, "oauth-model-alias:") { - t.Fatal("expected oauth-model-alias to be added") - } - if !strings.Contains(content, "antigravity:") { - t.Fatal("expected antigravity channel to be added") - } - if !strings.Contains(content, "rev19-uic3-1p") { - t.Fatal("expected default antigravity aliases to include rev19-uic3-1p") - } - if strings.Contains(content, `alias: "gemini-2.5-computer-use-preview-10-2025"`) { - t.Fatal("expected deprecated antigravity alias not to be included in default config") - } -} - -func TestMigrateOAuthModelAlias_PreservesOtherConfig(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - content := `debug: true -port: 8080 -oauth-model-mappings: - gemini-cli: - - name: "test" - alias: "t" -api-keys: - - "key1" - - "key2" -` - if err := os.WriteFile(configFile, []byte(content), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !migrated { - t.Fatal("expected migration to occur") - } - - // Verify other config preserved - data, _ := os.ReadFile(configFile) - content = string(data) - if !strings.Contains(content, "debug: true") { - t.Fatal("expected debug field to be preserved") - } - if !strings.Contains(content, "port: 8080") { - t.Fatal("expected port field to be preserved") - } - if !strings.Contains(content, "api-keys:") { - t.Fatal("expected api-keys field to be preserved") - } -} - -func TestMigrateOAuthModelAlias_NonexistentFile(t *testing.T) { - t.Parallel() - - migrated, err := MigrateOAuthModelAlias("/nonexistent/path/config.yaml") - if err != nil { - t.Fatalf("unexpected error for nonexistent file: %v", err) - } - if migrated { - t.Fatal("expected no migration for nonexistent file") - } -} - -func TestMigrateOAuthModelAlias_EmptyFile(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - configFile := filepath.Join(dir, "config.yaml") - - if err := os.WriteFile(configFile, []byte(""), 0644); err != nil { - t.Fatal(err) - } - - migrated, err := MigrateOAuthModelAlias(configFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if migrated { - t.Fatal("expected no migration for empty file") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_test.go deleted file mode 100644 index e3f9994bf5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_model_alias_test.go +++ /dev/null @@ -1,243 +0,0 @@ -package config - -import "testing" - -func TestSanitizeOAuthModelAlias_PreservesForkFlag(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - " CoDeX ": { - {Name: " gpt-5 ", Alias: " g5 ", Fork: true}, - {Name: "gpt-6", Alias: "g6"}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - aliases := cfg.OAuthModelAlias["codex"] - if len(aliases) != 2 { - t.Fatalf("expected 2 sanitized aliases, got %d", len(aliases)) - } - if aliases[0].Name != "gpt-5" || aliases[0].Alias != "g5" || !aliases[0].Fork { - t.Fatalf("expected first alias to be gpt-5->g5 fork=true, got name=%q alias=%q fork=%v", aliases[0].Name, aliases[0].Alias, aliases[0].Fork) - } - if aliases[1].Name != "gpt-6" || aliases[1].Alias != "g6" || aliases[1].Fork { - t.Fatalf("expected second alias to be gpt-6->g6 fork=false, got name=%q alias=%q fork=%v", aliases[1].Name, aliases[1].Alias, aliases[1].Fork) - } -} - -func TestSanitizeOAuthModelAlias_AllowsMultipleAliasesForSameName(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "antigravity": { - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101-thinking", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5", Fork: true}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - aliases := cfg.OAuthModelAlias["antigravity"] - expected := []OAuthModelAlias{ - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5-20251101-thinking", Fork: true}, - {Name: "gemini-claude-opus-4-5-thinking", Alias: "claude-opus-4-5", Fork: true}, - } - if len(aliases) != len(expected) { - t.Fatalf("expected %d sanitized aliases, got %d", len(expected), len(aliases)) - } - for i, exp := range expected { - if aliases[i].Name != exp.Name || aliases[i].Alias != exp.Alias || aliases[i].Fork != exp.Fork { - t.Fatalf("expected alias %d to be name=%q alias=%q fork=%v, got name=%q alias=%q fork=%v", i, exp.Name, exp.Alias, exp.Fork, aliases[i].Name, aliases[i].Alias, aliases[i].Fork) - } - } -} - -func TestSanitizeOAuthModelAlias_AllowsSameAliasForDifferentNames(t *testing.T) { - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "antigravity": { - {Name: "model-a", Alias: "shared-alias"}, - {Name: "model-b", Alias: "shared-alias"}, - {Name: "model-a", Alias: "shared-alias"}, - {Name: "model-a", Alias: "shared-a"}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - aliases := cfg.OAuthModelAlias["antigravity"] - if len(aliases) != 3 { - t.Fatalf("expected 3 sanitized aliases (dedupe by name+alias), got %d", len(aliases)) - } - want := []OAuthModelAlias{ - {Name: "model-a", Alias: "shared-alias"}, - {Name: "model-b", Alias: "shared-alias"}, - {Name: "model-a", Alias: "shared-a"}, - } - for i, exp := range want { - if aliases[i].Name != exp.Name || aliases[i].Alias != exp.Alias { - t.Fatalf("expected alias %d to be %q->%q, got %q->%q", i, exp.Name, exp.Alias, aliases[i].Name, aliases[i].Alias) - } - } -} - -func TestSanitizeOAuthModelAlias_InjectsDefaultKiroAliases(t *testing.T) { - // When no kiro aliases are configured, defaults should be injected - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "codex": { - {Name: "gpt-5", Alias: "g5"}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) == 0 { - t.Fatal("expected default kiro aliases to be injected") - } - - // Check that standard Claude model names are present - aliasSet := make(map[string]bool) - for _, a := range kiroAliases { - aliasSet[a.Alias] = true - } - expectedAliases := []string{ - "claude-sonnet-4-5-20250929", - "claude-sonnet-4-5", - "claude-sonnet-4-20250514", - "claude-sonnet-4", - "claude-opus-4-6", - "claude-opus-4-5-20251101", - "claude-opus-4-5", - "claude-haiku-4-5-20251001", - "claude-haiku-4-5", - } - for _, expected := range expectedAliases { - if !aliasSet[expected] { - t.Fatalf("expected default kiro alias %q to be present", expected) - } - } - - // All should have fork=true - for _, a := range kiroAliases { - if !a.Fork { - t.Fatalf("expected all default kiro aliases to have fork=true, got fork=false for %q", a.Alias) - } - } - - // Codex aliases should still be preserved - if len(cfg.OAuthModelAlias["codex"]) != 1 { - t.Fatal("expected codex aliases to be preserved") - } -} - -func TestSanitizeOAuthModelAlias_DoesNotOverrideUserKiroAliases(t *testing.T) { - // When user has configured kiro aliases, defaults should NOT be injected - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "kiro": { - {Name: "kiro-claude-sonnet-4", Alias: "my-custom-sonnet", Fork: true}, - }, - }, - } - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) != 1 { - t.Fatalf("expected 1 user-configured kiro alias, got %d", len(kiroAliases)) - } - if kiroAliases[0].Alias != "my-custom-sonnet" { - t.Fatalf("expected user alias to be preserved, got %q", kiroAliases[0].Alias) - } -} - -func TestSanitizeOAuthModelAlias_DoesNotReinjectAfterExplicitDeletion(t *testing.T) { - // When user explicitly deletes kiro aliases (key exists with nil value), - // defaults should NOT be re-injected on subsequent sanitize calls (#222). - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "kiro": nil, // explicitly deleted - "codex": {{Name: "gpt-5", Alias: "g5"}}, - }, - } - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) != 0 { - t.Fatalf("expected kiro aliases to remain empty after explicit deletion, got %d aliases", len(kiroAliases)) - } - // The key itself must still be present to prevent re-injection on next reload - if _, exists := cfg.OAuthModelAlias["kiro"]; !exists { - t.Fatal("expected kiro key to be preserved as nil marker after sanitization") - } - // Other channels should be unaffected - if len(cfg.OAuthModelAlias["codex"]) != 1 { - t.Fatal("expected codex aliases to be preserved") - } -} - -func TestSanitizeOAuthModelAlias_DoesNotReinjectAfterExplicitDeletionEmpty(t *testing.T) { - // Same as above but with empty slice instead of nil (PUT with empty body). - cfg := &Config{ - OAuthModelAlias: map[string][]OAuthModelAlias{ - "kiro": {}, // explicitly set to empty - }, - } - - cfg.SanitizeOAuthModelAlias() - - if len(cfg.OAuthModelAlias["kiro"]) != 0 { - t.Fatalf("expected kiro aliases to remain empty, got %d aliases", len(cfg.OAuthModelAlias["kiro"])) - } - if _, exists := cfg.OAuthModelAlias["kiro"]; !exists { - t.Fatal("expected kiro key to be preserved") - } -} - -func TestSanitizeOAuthModelAlias_InjectsDefaultKiroWhenEmpty(t *testing.T) { - // When OAuthModelAlias is nil, kiro defaults should still be injected - cfg := &Config{} - - cfg.SanitizeOAuthModelAlias() - - kiroAliases := cfg.OAuthModelAlias["kiro"] - if len(kiroAliases) == 0 { - t.Fatal("expected default kiro aliases to be injected when OAuthModelAlias is nil") - } - copilotAliases := cfg.OAuthModelAlias["github-copilot"] - if len(copilotAliases) == 0 { - t.Fatal("expected default github-copilot aliases to be injected when OAuthModelAlias is nil") - } - aliasSet := make(map[string]bool) - for _, a := range copilotAliases { - aliasSet[a.Alias] = true - } - if !aliasSet["claude-opus-4-6"] { - t.Fatal("expected default github-copilot alias claude-opus-4-6") - } - if !aliasSet["claude-sonnet-4-6"] { - t.Fatal("expected default github-copilot alias claude-sonnet-4-6") - } -} - -func TestSanitizeOAuthModelAlias_InjectsDefaultGitHubCopilotAliases(t *testing.T) { - cfg := &Config{} - - cfg.SanitizeOAuthModelAlias() - - copilotAliases := cfg.OAuthModelAlias["github-copilot"] - if len(copilotAliases) != 1 { - t.Fatalf("expected 1 default github-copilot alias, got %d", len(copilotAliases)) - } - if copilotAliases[0].Name != "claude-opus-4.6" || copilotAliases[0].Alias != "claude-opus-4-6" || !copilotAliases[0].Fork { - t.Fatalf("expected forked alias %q->%q, got name=%q alias=%q fork=%v", "claude-opus-4.6", "claude-opus-4-6", copilotAliases[0].Name, copilotAliases[0].Alias, copilotAliases[0].Fork) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_upstream_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_upstream_test.go deleted file mode 100644 index bbb8462f36..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/oauth_upstream_test.go +++ /dev/null @@ -1,64 +0,0 @@ -package config - -import "testing" - -func TestSanitizeOAuthUpstream_NormalizesKeysAndValues(t *testing.T) { - cfg := &Config{ - OAuthUpstream: map[string]string{ - " Claude ": " https://api.anthropic.com/ ", - "gemini_cli": "https://cloudcode-pa.googleapis.com///", - " GitHub Copilot ": "https://api.githubcopilot.com/", - "iflow/oauth": "https://iflow.example.com/", - "kiro.idc": "https://kiro.example.com/", - "": "https://ignored.example.com", - "cursor": " ", - }, - } - - cfg.SanitizeOAuthUpstream() - - if got := cfg.OAuthUpstream["claude"]; got != "https://api.anthropic.com" { - t.Fatalf("expected normalized claude URL, got %q", got) - } - if got := cfg.OAuthUpstream["gemini-cli"]; got != "https://cloudcode-pa.googleapis.com" { - t.Fatalf("expected normalized gemini-cli URL, got %q", got) - } - if got := cfg.OAuthUpstream["github-copilot"]; got != "https://api.githubcopilot.com" { - t.Fatalf("expected normalized github-copilot URL, got %q", got) - } - if got := cfg.OAuthUpstream["iflow-oauth"]; got != "https://iflow.example.com" { - t.Fatalf("expected slash-normalized iflow-oauth URL, got %q", got) - } - if got := cfg.OAuthUpstream["kiro-idc"]; got != "https://kiro.example.com" { - t.Fatalf("expected dot-normalized kiro-idc URL, got %q", got) - } - if _, ok := cfg.OAuthUpstream[""]; ok { - t.Fatal("did not expect empty channel key to survive sanitization") - } - if _, ok := cfg.OAuthUpstream["cursor"]; ok { - t.Fatal("did not expect empty URL cursor entry to survive sanitization") - } -} - -func TestOAuthUpstreamURL_LowercasesChannelLookup(t *testing.T) { - cfg := &Config{ - OAuthUpstream: map[string]string{ - "claude": "https://custom-claude.example.com", - "github-copilot": "https://custom-copilot.example.com", - "iflow-oauth": "https://iflow.example.com", - }, - } - - if got := cfg.OAuthUpstreamURL(" Claude "); got != "https://custom-claude.example.com" { - t.Fatalf("expected case-insensitive lookup to match, got %q", got) - } - if got := cfg.OAuthUpstreamURL("github_copilot"); got != "https://custom-copilot.example.com" { - t.Fatalf("expected underscore channel lookup normalization, got %q", got) - } - if got := cfg.OAuthUpstreamURL("iflow/oauth"); got != "https://iflow.example.com" { - t.Fatalf("expected slash lookup normalization, got %q", got) - } - if got := cfg.OAuthUpstreamURL("codex"); got != "" { - t.Fatalf("expected missing channel to return empty string, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/provider_registry_generated.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/provider_registry_generated.go deleted file mode 100644 index 4789c08e7f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/provider_registry_generated.go +++ /dev/null @@ -1,98 +0,0 @@ -// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package config - -// AllProviders defines the registry of all supported LLM providers. -// This is the source of truth for generated config fields and synthesizers. -var AllProviders = []ProviderSpec{ - { - Name: "minimax", - YAMLKey: "minimax", - GoName: "MiniMax", - BaseURL: "https://api.minimax.chat/v1", - }, - { - Name: "roo", - YAMLKey: "roo", - GoName: "Roo", - BaseURL: "https://api.roocode.com/v1", - }, - { - Name: "kilo", - YAMLKey: "kilo", - GoName: "Kilo", - BaseURL: "https://api.kilo.ai/v1", - }, - { - Name: "deepseek", - YAMLKey: "deepseek", - GoName: "DeepSeek", - BaseURL: "https://api.deepseek.com", - }, - { - Name: "groq", - YAMLKey: "groq", - GoName: "Groq", - BaseURL: "https://api.groq.com/openai/v1", - }, - { - Name: "mistral", - YAMLKey: "mistral", - GoName: "Mistral", - BaseURL: "https://api.mistral.ai/v1", - }, - { - Name: "siliconflow", - YAMLKey: "siliconflow", - GoName: "SiliconFlow", - BaseURL: "https://api.siliconflow.cn/v1", - }, - { - Name: "openrouter", - YAMLKey: "openrouter", - GoName: "OpenRouter", - BaseURL: "https://openrouter.ai/api/v1", - }, - { - Name: "together", - YAMLKey: "together", - GoName: "Together", - BaseURL: "https://api.together.xyz/v1", - }, - { - Name: "fireworks", - YAMLKey: "fireworks", - GoName: "Fireworks", - BaseURL: "https://api.fireworks.ai/inference/v1", - }, - { - Name: "novita", - YAMLKey: "novita", - GoName: "Novita", - BaseURL: "https://api.novita.ai/v1", - }, - { - Name: "zen", - YAMLKey: "", - GoName: "", - BaseURL: "https://opencode.ai/zen/v1", - EnvVars: []string{"ZEN_API_KEY", "OPENCODE_API_KEY", "THGENT_ZEN_API_KEY"}, - DefaultModels: []OpenAICompatibilityModel{ - {Name: "glm-5", Alias: "glm-5"}, - {Name: "glm-5", Alias: "z-ai/glm-5"}, - {Name: "glm-5", Alias: "gpt-5-mini"}, - {Name: "glm-5", Alias: "gemini-3-flash"}, - }, - }, - { - Name: "nim", - YAMLKey: "", - GoName: "", - BaseURL: "https://integrate.api.nvidia.com/v1", - EnvVars: []string{"NIM_API_KEY", "THGENT_NIM_API_KEY", "NVIDIA_API_KEY"}, - DefaultModels: []OpenAICompatibilityModel{ - {Name: "z-ai/glm-5", Alias: "z-ai/glm-5"}, - {Name: "z-ai/glm-5", Alias: "glm-5"}, - {Name: "z-ai/glm-5", Alias: "step-3.5-flash"}, - }, - }, -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/providers.json b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/providers.json deleted file mode 100644 index 479caa65c9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/providers.json +++ /dev/null @@ -1,89 +0,0 @@ -[ - { - "name": "minimax", - "yaml_key": "minimax", - "go_name": "MiniMax", - "base_url": "https://api.minimax.chat/v1" - }, - { - "name": "roo", - "yaml_key": "roo", - "go_name": "Roo", - "base_url": "https://api.roocode.com/v1" - }, - { - "name": "kilo", - "yaml_key": "kilo", - "go_name": "Kilo", - "base_url": "https://api.kilo.ai/v1" - }, - { - "name": "deepseek", - "yaml_key": "deepseek", - "go_name": "DeepSeek", - "base_url": "https://api.deepseek.com" - }, - { - "name": "groq", - "yaml_key": "groq", - "go_name": "Groq", - "base_url": "https://api.groq.com/openai/v1" - }, - { - "name": "mistral", - "yaml_key": "mistral", - "go_name": "Mistral", - "base_url": "https://api.mistral.ai/v1" - }, - { - "name": "siliconflow", - "yaml_key": "siliconflow", - "go_name": "SiliconFlow", - "base_url": "https://api.siliconflow.cn/v1" - }, - { - "name": "openrouter", - "yaml_key": "openrouter", - "go_name": "OpenRouter", - "base_url": "https://openrouter.ai/api/v1" - }, - { - "name": "together", - "yaml_key": "together", - "go_name": "Together", - "base_url": "https://api.together.xyz/v1" - }, - { - "name": "fireworks", - "yaml_key": "fireworks", - "go_name": "Fireworks", - "base_url": "https://api.fireworks.ai/inference/v1" - }, - { - "name": "novita", - "yaml_key": "novita", - "go_name": "Novita", - "base_url": "https://api.novita.ai/v1" - }, - { - "name": "zen", - "base_url": "https://opencode.ai/zen/v1", - "env_vars": ["ZEN_API_KEY", "OPENCODE_API_KEY", "THGENT_ZEN_API_KEY"], - "default_models": [ - { "name": "glm-5", "alias": "glm-5" }, - { "name": "glm-5", "alias": "z-ai/glm-5" }, - { "name": "glm-5", "alias": "gpt-5-mini" }, - { "name": "glm-5", "alias": "gemini-3-flash" } - ] - }, - { - "name": "nim", - "base_url": "https://integrate.api.nvidia.com/v1", - "env_vars": ["NIM_API_KEY", "THGENT_NIM_API_KEY", "NVIDIA_API_KEY"], - "default_models": [ - { "name": "z-ai/glm-5", "alias": "z-ai/glm-5" }, - { "name": "z-ai/glm-5", "alias": "glm-5" }, - { "name": "z-ai/glm-5", "alias": "step-3.5-flash" } - ] - } -] diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go deleted file mode 100644 index bf4fb90ecf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go +++ /dev/null @@ -1,43 +0,0 @@ -// Package config provides configuration types for CLI Proxy API. -// This file contains SDK-specific config types that are used by internal/* packages. -package config - -// SDKConfig represents the SDK-level configuration embedded in Config. -type SDKConfig struct { - // ProxyURL is the URL of an optional proxy server to use for outbound requests. - ProxyURL string `yaml:"proxy-url" json:"proxy-url"` - - // ForceModelPrefix requires explicit model prefixes (e.g., "teamA/gemini-3-pro-preview") - // to target prefixed credentials. When false, unprefixed model requests may use prefixed - // credentials as well. - ForceModelPrefix bool `yaml:"force-model-prefix" json:"force-model-prefix"` - - // RequestLog enables or disables detailed request logging functionality. - RequestLog bool `yaml:"request-log" json:"request-log"` - - // APIKeys is a list of keys for authenticating clients to this proxy server. - APIKeys []string `yaml:"api-keys" json:"api-keys"` - - // PassthroughHeaders controls whether upstream response headers are forwarded to downstream clients. - // Default is false (disabled). - PassthroughHeaders bool `yaml:"passthrough-headers" json:"passthrough-headers"` - - // Streaming configures server-side streaming behavior (keep-alives and safe bootstrap retries). - Streaming StreamingConfig `yaml:"streaming" json:"streaming"` - - // NonStreamKeepAliveInterval controls how often blank lines are emitted for non-streaming responses. - // <= 0 disables keep-alives. Value is in seconds. - NonStreamKeepAliveInterval int `yaml:"nonstream-keepalive-interval,omitempty" json:"nonstream-keepalive-interval,omitempty"` -} - -// StreamingConfig holds server streaming behavior configuration. -type StreamingConfig struct { - // KeepAliveSeconds controls how often the server emits SSE heartbeats (": keep-alive\n\n"). - // <= 0 disables keep-alives. Default is 0. - KeepAliveSeconds int `yaml:"keepalive-seconds,omitempty" json:"keepalive-seconds,omitempty"` - - // BootstrapRetries controls how many times the server may retry a streaming request before any bytes are sent, - // to allow auth rotation / transient recovery. - // <= 0 disables bootstrap retries. Default is 0. - BootstrapRetries int `yaml:"bootstrap-retries,omitempty" json:"bootstrap-retries,omitempty"` -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/vertex_compat.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/config/vertex_compat.go deleted file mode 100644 index 786c5318c3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/config/vertex_compat.go +++ /dev/null @@ -1,98 +0,0 @@ -package config - -import "strings" - -// VertexCompatKey represents the configuration for Vertex AI-compatible API keys. -// This supports third-party services that use Vertex AI-style endpoint paths -// (/publishers/google/models/{model}:streamGenerateContent) but authenticate -// with simple API keys instead of Google Cloud service account credentials. -// -// Example services: zenmux.ai and similar Vertex-compatible providers. -type VertexCompatKey struct { - // APIKey is the authentication key for accessing the Vertex-compatible API. - // Maps to the x-goog-api-key header. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces model aliases for this credential (e.g., "teamA/vertex-pro"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Vertex-compatible API endpoint. - // The executor will append "/v1/publishers/google/models/{model}:action" to this. - // Example: "https://zenmux.ai/api" becomes "https://zenmux.ai/api/v1/publishers/google/models/..." - BaseURL string `yaml:"base-url,omitempty" json:"base-url,omitempty"` - - // ProxyURL optionally overrides the global proxy for this API key. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - // Commonly used for cookies, user-agent, and other authentication headers. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // Models defines the model configurations including aliases for routing. - Models []VertexCompatModel `yaml:"models,omitempty" json:"models,omitempty"` -} - -func (k VertexCompatKey) GetAPIKey() string { return k.APIKey } -func (k VertexCompatKey) GetBaseURL() string { return k.BaseURL } - -// VertexCompatModel represents a model configuration for Vertex compatibility, -// including the actual model name and its alias for API routing. -type VertexCompatModel struct { - // Name is the actual model name used by the external provider. - Name string `yaml:"name" json:"name"` - - // Alias is the model name alias that clients will use to reference this model. - Alias string `yaml:"alias" json:"alias"` -} - -func (m VertexCompatModel) GetName() string { return m.Name } -func (m VertexCompatModel) GetAlias() string { return m.Alias } - -// SanitizeVertexCompatKeys deduplicates and normalizes Vertex-compatible API key credentials. -func (cfg *Config) SanitizeVertexCompatKeys() { - if cfg == nil { - return - } - - seen := make(map[string]struct{}, len(cfg.VertexCompatAPIKey)) - out := cfg.VertexCompatAPIKey[:0] - for i := range cfg.VertexCompatAPIKey { - entry := cfg.VertexCompatAPIKey[i] - entry.APIKey = strings.TrimSpace(entry.APIKey) - if entry.APIKey == "" { - continue - } - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - if entry.BaseURL == "" { - // BaseURL is required for Vertex API key entries - continue - } - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = NormalizeHeaders(entry.Headers) - - // Sanitize models: remove entries without valid alias - sanitizedModels := make([]VertexCompatModel, 0, len(entry.Models)) - for _, model := range entry.Models { - model.Alias = strings.TrimSpace(model.Alias) - model.Name = strings.TrimSpace(model.Name) - if model.Alias != "" && model.Name != "" { - sanitizedModels = append(sanitizedModels, model) - } - } - entry.Models = sanitizedModels - - // Use API key + base URL as uniqueness key - uniqueKey := entry.APIKey + "|" + entry.BaseURL - if _, exists := seen[uniqueKey]; exists { - continue - } - seen[uniqueKey] = struct{}{} - out = append(out, entry) - } - cfg.VertexCompatAPIKey = out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/constant/constant.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/constant/constant.go deleted file mode 100644 index 9b7d31aab6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/constant/constant.go +++ /dev/null @@ -1,33 +0,0 @@ -// Package constant defines provider name constants used throughout the CLI Proxy API. -// These constants identify different AI service providers and their variants, -// ensuring consistent naming across the application. -package constant - -const ( - // Gemini represents the Google Gemini provider identifier. - Gemini = "gemini" - - // GeminiCLI represents the Google Gemini CLI provider identifier. - GeminiCLI = "gemini-cli" - - // Codex represents the OpenAI Codex provider identifier. - Codex = "codex" - - // Claude represents the Anthropic Claude provider identifier. - Claude = "claude" - - // OpenAI represents the OpenAI provider identifier. - OpenAI = "openai" - - // OpenaiResponse represents the OpenAI response format identifier. - OpenaiResponse = "openai-response" - - // Antigravity represents the Antigravity response format identifier. - Antigravity = "antigravity" - - // Kiro represents the AWS CodeWhisperer (Kiro) provider identifier. - Kiro = "kiro" - - // Kilo represents the Kilo AI provider identifier. - Kilo = "kilo" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/cursorstorage/cursor_storage.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/cursorstorage/cursor_storage.go deleted file mode 100644 index 5a03b51ed3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/cursorstorage/cursor_storage.go +++ /dev/null @@ -1,63 +0,0 @@ -package cursorstorage - -import ( - "database/sql" - "fmt" - "os" - "path/filepath" - "runtime" - - _ "modernc.org/sqlite" -) - -// ReadAccessToken reads the Cursor access token from the local SQLite storage. -func ReadAccessToken() (string, error) { - dbPath, err := getDatabasePath() - if err != nil { - return "", err - } - - if _, err := os.Stat(dbPath); os.IsNotExist(err) { - return "", fmt.Errorf("cursor database not found at %s", dbPath) - } - - // Connect using the modernc.org/sqlite driver (pure Go) - db, err := sql.Open("sqlite", dbPath) - if err != nil { - return "", fmt.Errorf("failed to open cursor database: %w", err) - } - defer func() { _ = db.Close() }() - - var value string - err = db.QueryRow("SELECT value FROM ItemTable WHERE key = ?", "cursor.accessToken").Scan(&value) - if err != nil { - if err == sql.ErrNoRows { - return "", fmt.Errorf("access token not found in cursor database") - } - return "", fmt.Errorf("failed to query cursor access token: %w", err) - } - - return value, nil -} - -func getDatabasePath() (string, error) { - home, err := os.UserHomeDir() - if err != nil { - return "", err - } - - switch runtime.GOOS { - case "darwin": - return filepath.Join(home, "Library/Application Support/Cursor/User/globalStorage/state.vscdb"), nil - case "windows": - appData := os.Getenv("APPDATA") - if appData == "" { - return "", fmt.Errorf("APPDATA environment variable not set") - } - return filepath.Join(appData, "Cursor/User/globalStorage/state.vscdb"), nil - case "linux": - return filepath.Join(home, ".config/Cursor/User/globalStorage/state.vscdb"), nil - default: - return "", fmt.Errorf("unsupported operating system: %s", runtime.GOOS) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/KIRO_REFACTORING_PLAN.md b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/KIRO_REFACTORING_PLAN.md deleted file mode 100644 index 527b5ad9bd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/KIRO_REFACTORING_PLAN.md +++ /dev/null @@ -1,93 +0,0 @@ -# kiro_executor.go Refactoring Plan - -## Current State -- **File:** `pkg/llmproxy/executor/kiro_executor.go` -- **Size:** 4,676 lines (189KB) -- **Problem:** Monolithic file violates single responsibility principle - -## Identified Logical Modules - -### Module 1: Constants & Config (Lines ~1-150) -**File:** `kiro_constants.go` -- Constants: kiroContentType, kiroAcceptStream, retry configs -- Event stream frame size constants -- User-Agent constants -- Global fingerprint manager - -### Module 2: Retry Logic (Lines ~150-350) -**File:** `kiro_retry.go` -- `retryConfig` struct -- `defaultRetryConfig()` -- `isRetryableError()` -- `isRetryableHTTPStatus()` -- `calculateRetryDelay()` -- `logRetryAttempt()` - -### Module 3: HTTP Client (Lines ~350-500) -**File:** `kiro_client.go` -- `getKiroPooledHTTPClient()` -- `newKiroHTTPClientWithPooling()` -- `kiroEndpointConfig` -- Endpoint resolution functions - -### Module 4: KiroExecutor Core (Lines ~500-1200) -**File:** `kiro_executor.go` (simplified) -- `KiroExecutor` struct -- `NewKiroExecutor()` -- `Identifier()` -- `PrepareRequest()` -- `HttpRequest()` -- `mapModelToKiro()` - -### Module 5: Execution Logic (Lines ~1200-2500) -**File:** `kiro_execute.go` -- `Execute()` -- `executeWithRetry()` -- `kiroCredentials()` -- `determineAgenticMode()` -- `buildKiroPayloadForFormat()` - -### Module 6: Streaming (Lines ~2500-3500) -**File:** `kiro_stream.go` -- `ExecuteStream()` -- `executeStreamWithRetry()` -- `EventStreamError` -- `eventStreamMessage` -- `parseEventStream()` -- `readEventStreamMessage()` -- `streamToChannel()` - -### Module 7: Token & Auth (Lines ~3500-4200) -**File:** `kiro_auth.go` -- `CountTokens()` -- `Refresh()` -- `persistRefreshedAuth()` -- `reloadAuthFromFile()` -- `isTokenExpired()` - -### Module 8: WebSearch (Lines ~4200-4676) -**File:** `kiro_websearch.go` -- `webSearchHandler` -- `newWebSearchHandler()` -- MCP integration functions - -## Implementation Steps - -1. **Phase 1:** Create new modular files with package-level functions (no public API changes) -2. **Phase 2:** Update imports in kiro_executor.go to use new modules -3. **Phase 3:** Run full test suite to verify no regressions -4. **Phase 4:** Deprecate old functions with redirects - -## Estimated LOC Reduction -- Original: 4,676 lines -- After refactor: ~800 lines (kiro_executor.go) + ~600 lines/module × 7 modules -- **Net reduction:** ~30% through better organization and deduplication - -## Risk Assessment -- **Medium Risk:** Requires comprehensive testing -- **Mitigation:** All existing tests must pass; add integration tests for each module -- **Timeline:** 2-3 hours for complete refactor - -## Dependencies to Consider -- Other executors in `executor/` package use similar patterns -- Consider creating shared `executorutil` package for common retry/logging patterns diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/aistudio_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/aistudio_executor.go deleted file mode 100644 index fa63d19f81..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/aistudio_executor.go +++ /dev/null @@ -1,495 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the AI Studio executor that routes requests through a websocket-backed -// transport for the AI Studio provider. -package executor - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/wsrelay" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AIStudioExecutor routes AI Studio requests through a websocket-backed transport. -type AIStudioExecutor struct { - provider string - relay *wsrelay.Manager - cfg *config.Config -} - -// NewAIStudioExecutor creates a new AI Studio executor instance. -// -// Parameters: -// - cfg: The application configuration -// - provider: The provider name -// - relay: The websocket relay manager -// -// Returns: -// - *AIStudioExecutor: A new AI Studio executor instance -func NewAIStudioExecutor(cfg *config.Config, provider string, relay *wsrelay.Manager) *AIStudioExecutor { - return &AIStudioExecutor{provider: strings.ToLower(provider), relay: relay, cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AIStudioExecutor) Identifier() string { return "aistudio" } - -// PrepareRequest prepares the HTTP request for execution (no-op for AI Studio). -func (e *AIStudioExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { - return nil -} - -// HttpRequest forwards an arbitrary HTTP request through the websocket relay. -func (e *AIStudioExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("aistudio executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - if e.relay == nil { - return nil, fmt.Errorf("aistudio executor: ws relay is nil") - } - if auth == nil || auth.ID == "" { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - httpReq := req.WithContext(ctx) - if httpReq.URL == nil || strings.TrimSpace(httpReq.URL.String()) == "" { - return nil, fmt.Errorf("aistudio executor: request URL is empty") - } - - var body []byte - if httpReq.Body != nil { - b, errRead := io.ReadAll(httpReq.Body) - if errRead != nil { - return nil, errRead - } - body = b - httpReq.Body = io.NopCloser(bytes.NewReader(b)) - } - - wsReq := &wsrelay.HTTPRequest{ - Method: httpReq.Method, - URL: httpReq.URL.String(), - Headers: httpReq.Header.Clone(), - Body: body, - } - wsResp, errRelay := e.relay.NonStream(ctx, auth.ID, wsReq) - if errRelay != nil { - return nil, errRelay - } - if wsResp == nil { - return nil, fmt.Errorf("aistudio executor: ws response is nil") - } - - statusText := http.StatusText(wsResp.Status) - if statusText == "" { - statusText = "Unknown" - } - resp := &http.Response{ - StatusCode: wsResp.Status, - Status: fmt.Sprintf("%d %s", wsResp.Status, statusText), - Header: wsResp.Headers.Clone(), - Body: io.NopCloser(bytes.NewReader(wsResp.Body)), - ContentLength: int64(len(wsResp.Body)), - Request: httpReq, - } - return resp, nil -} - -// Execute performs a non-streaming request to the AI Studio API. -func (e *AIStudioExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, false) - if err != nil { - return resp, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - wsResp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, wsResp.Status, wsResp.Headers.Clone()) - if len(wsResp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, wsResp.Body) - } - if wsResp.Status < 200 || wsResp.Status >= 300 { - return resp, statusErr{code: wsResp.Status, msg: string(wsResp.Body)} - } - reporter.publish(ctx, parseGeminiUsage(wsResp.Body)) - var param any - out := sdktranslator.TranslateNonStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, wsResp.Body, ¶m) - resp = cliproxyexecutor.Response{Payload: ensureColonSpacedJSON([]byte(out)), Headers: wsResp.Headers.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the AI Studio API. -func (e *AIStudioExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, true) - if err != nil { - return nil, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - wsStream, err := e.relay.Stream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - firstEvent, ok := <-wsStream - if !ok { - err = fmt.Errorf("wsrelay: stream closed before start") - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - if firstEvent.Status > 0 && firstEvent.Status != http.StatusOK { - metadataLogged := false - if firstEvent.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, firstEvent.Status, firstEvent.Headers.Clone()) - metadataLogged = true - } - var body bytes.Buffer - if len(firstEvent.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, firstEvent.Payload) - body.Write(firstEvent.Payload) - } - if firstEvent.Type == wsrelay.MessageTypeStreamEnd { - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - for event := range wsStream { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - if body.Len() == 0 { - body.WriteString(event.Err.Error()) - } - break - } - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - body.Write(event.Payload) - } - if event.Type == wsrelay.MessageTypeStreamEnd { - break - } - } - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - out := make(chan cliproxyexecutor.StreamChunk) - go func(first wsrelay.StreamEvent) { - defer close(out) - var param any - metadataLogged := false - processEvent := func(event wsrelay.StreamEvent) bool { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - switch event.Type { - case wsrelay.MessageTypeStreamStart: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - case wsrelay.MessageTypeStreamChunk: - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - filtered := FilterSSEUsageMetadata(event.Payload) - if detail, ok := parseGeminiStreamUsage(filtered); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, filtered, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - break - } - case wsrelay.MessageTypeStreamEnd: - return false - case wsrelay.MessageTypeHTTPResp: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, event.Payload, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - reporter.publish(ctx, parseGeminiUsage(event.Payload)) - return false - case wsrelay.MessageTypeError: - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - return true - } - if !processEvent(first) { - return - } - for event := range wsStream { - if !processEvent(event) { - return - } - } - }(firstEvent) - return &cliproxyexecutor.StreamResult{Headers: firstEvent.Headers.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the AI Studio API. -func (e *AIStudioExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - _, body, err := e.translateRequest(req, opts, false) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body.payload, _ = sjson.DeleteBytes(body.payload, "generationConfig") - body.payload, _ = sjson.DeleteBytes(body.payload, "tools") - body.payload, _ = sjson.DeleteBytes(body.payload, "safetySettings") - - endpoint := e.buildEndpoint(baseModel, "countTokens", "") - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - resp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.Status, resp.Headers.Clone()) - if len(resp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, resp.Body) - } - if resp.Status < 200 || resp.Status >= 300 { - return cliproxyexecutor.Response{}, statusErr{code: resp.Status, msg: string(resp.Body)} - } - totalTokens := gjson.GetBytes(resp.Body, "totalTokens").Int() - if totalTokens <= 0 { - return cliproxyexecutor.Response{}, fmt.Errorf("wsrelay: totalTokens missing in response") - } - translated := sdktranslator.TranslateTokenCount(ctx, body.toFormat, opts.SourceFormat, totalTokens, resp.Body) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes the authentication credentials (no-op for AI Studio). -func (e *AIStudioExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -type translatedPayload struct { - payload []byte - action string - toFormat sdktranslator.Format -} - -func (e *AIStudioExecutor) translateRequest(req cliproxyexecutor.Request, opts cliproxyexecutor.Options, stream bool) ([]byte, translatedPayload, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, translatedPayload{}, err - } - payload = fixGeminiImageAspectRatio(baseModel, payload) - requestedModel := payloadRequestedModel(opts, req.Model) - payload = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", payload, originalTranslated, requestedModel) - payload, _ = sjson.DeleteBytes(payload, "generationConfig.maxOutputTokens") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseMimeType") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseJsonSchema") - metadataAction := "generateContent" - if req.Metadata != nil { - if action, _ := req.Metadata["action"].(string); action == "countTokens" { - metadataAction = action - } - } - action := metadataAction - if stream && action != "countTokens" { - action = "streamGenerateContent" - } - payload, _ = sjson.DeleteBytes(payload, "session_id") - return payload, translatedPayload{payload: payload, action: action, toFormat: to}, nil -} - -func (e *AIStudioExecutor) buildEndpoint(model, action, alt string) string { - base := fmt.Sprintf("%s/%s/models/%s:%s", glEndpoint, glAPIVersion, model, action) - if action == "streamGenerateContent" { - if alt == "" { - return base + "?alt=sse" - } - return base + "?$alt=" + url.QueryEscape(alt) - } - if alt != "" && action != "countTokens" { - return base + "?$alt=" + url.QueryEscape(alt) - } - return base -} - -// ensureColonSpacedJSON normalizes JSON objects so that colons are followed by a single space while -// keeping the payload otherwise compact. Non-JSON inputs are returned unchanged. -func ensureColonSpacedJSON(payload []byte) []byte { - trimmed := bytes.TrimSpace(payload) - if len(trimmed) == 0 { - return payload - } - - var decoded any - if err := json.Unmarshal(trimmed, &decoded); err != nil { - return payload - } - - indented, err := json.MarshalIndent(decoded, "", " ") - if err != nil { - return payload - } - - compacted := make([]byte, 0, len(indented)) - inString := false - skipSpace := false - - for i := 0; i < len(indented); i++ { - ch := indented[i] - if ch == '"' { - // A quote is escaped only when preceded by an odd number of consecutive backslashes. - // For example: "\\\"" keeps the quote inside the string, but "\\\\" closes the string. - backslashes := 0 - for j := i - 1; j >= 0 && indented[j] == '\\'; j-- { - backslashes++ - } - if backslashes%2 == 0 { - inString = !inString - } - } - - if !inString { - if ch == '\n' || ch == '\r' { - skipSpace = true - continue - } - if skipSpace { - if ch == ' ' || ch == '\t' { - continue - } - skipSpace = false - } - } - - compacted = append(compacted, ch) - } - - return compacted -} - -func (e *AIStudioExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor.go deleted file mode 100644 index 1c624e572a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor.go +++ /dev/null @@ -1,1783 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Antigravity executor that proxies requests to the antigravity -// upstream using OAuth credentials. -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/sha256" - "encoding/binary" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "math/rand" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - antigravityBaseURLDaily = "https://daily-cloudcode-pa.googleapis.com" - antigravitySandboxBaseURLDaily = "https://daily-cloudcode-pa.sandbox.googleapis.com" - antigravityBaseURLProd = "https://cloudcode-pa.googleapis.com" - antigravityCountTokensPath = "/v1internal:countTokens" - antigravityStreamPath = "/v1internal:streamGenerateContent" - antigravityGeneratePath = "/v1internal:generateContent" - antigravityModelsPath = "/v1internal:fetchAvailableModels" - antigravityClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - antigravityClientSecret = "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" - defaultAntigravityAgent = "antigravity/1.104.0 darwin/arm64" - antigravityAuthType = "antigravity" - refreshSkew = 3000 * time.Second - systemInstruction = "You are Antigravity, a powerful agentic AI coding assistant designed by the Google Deepmind team working on Advanced Agentic Coding.You are pair programming with a USER to solve their coding task. The task may require creating a new codebase, modifying or debugging an existing codebase, or simply answering a question.**Absolute paths only****Proactiveness**" -) - -var ( - randSource = rand.New(rand.NewSource(time.Now().UnixNano())) - randSourceMutex sync.Mutex -) - -// AntigravityExecutor proxies requests to the antigravity upstream. -type AntigravityExecutor struct { - cfg *config.Config -} - -// NewAntigravityExecutor creates a new Antigravity executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *AntigravityExecutor: A new Antigravity executor instance -func NewAntigravityExecutor(cfg *config.Config) *AntigravityExecutor { - return &AntigravityExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AntigravityExecutor) Identifier() string { return antigravityAuthType } - -// PrepareRequest injects Antigravity credentials into the outgoing HTTP request. -func (e *AntigravityExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _, errToken := e.ensureAccessToken(req.Context(), auth) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - return nil -} - -// HttpRequest injects Antigravity credentials into the request and executes it. -func (e *AntigravityExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("antigravity executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - isClaude := strings.Contains(strings.ToLower(baseModel), "claude") - - if isClaude || strings.Contains(baseModel, "gemini-3-pro") { - return e.executeClaudeNonStream(ctx, auth, req, opts) - } - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, false, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - log.Debugf("antigravity executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), bodyBytes)) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity, retrying in %s (attempt %d/%d)", delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - reporter.publish(ctx, parseAntigravityUsage(bodyBytes)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bodyBytes, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -func antigravityModelFingerprint(model string) string { - trimmed := strings.TrimSpace(model) - if trimmed == "" { - return "" - } - sum := sha256.Sum256([]byte(trimmed)) - return hex.EncodeToString(sum[:8]) -} - -// executeClaudeNonStream performs a claude non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) executeClaudeNonStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return resp, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return resp, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - // nolint:gosec // false positive: logging model name, not secret - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - out <- cliproxyexecutor.StreamChunk{Payload: payload} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - - var buffer bytes.Buffer - for chunk := range out { - if chunk.Err != nil { - return resp, chunk.Err - } - if len(chunk.Payload) > 0 { - _, _ = buffer.Write(chunk.Payload) - _, _ = buffer.Write([]byte("\n")) - } - } - resp = cliproxyexecutor.Response{Payload: e.convertStreamToNonStream(buffer.Bytes())} - - reporter.publish(ctx, parseAntigravityUsage(resp.Payload)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, resp.Payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -func (e *AntigravityExecutor) convertStreamToNonStream(stream []byte) []byte { - responseTemplate := "" - var traceID string - var finishReason string - var modelVersion string - var responseID string - var role string - var usageRaw string - parts := make([]map[string]interface{}, 0) - var pendingKind string - var pendingText strings.Builder - var pendingThoughtSig string - - flushPending := func() { - if pendingKind == "" { - return - } - text := pendingText.String() - switch pendingKind { - case "text": - if strings.TrimSpace(text) == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - parts = append(parts, map[string]interface{}{"text": text}) - case "thought": - if strings.TrimSpace(text) == "" && pendingThoughtSig == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - part := map[string]interface{}{"thought": true} - part["text"] = text - if pendingThoughtSig != "" { - part["thoughtSignature"] = pendingThoughtSig - } - parts = append(parts, part) - } - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - } - - normalizePart := func(partResult gjson.Result) map[string]interface{} { - var m map[string]interface{} - _ = json.Unmarshal([]byte(partResult.Raw), &m) - if m == nil { - m = map[string]interface{}{} - } - sig := partResult.Get("thoughtSignature").String() - if sig == "" { - sig = partResult.Get("thought_signature").String() - } - if sig != "" { - m["thoughtSignature"] = sig - delete(m, "thought_signature") - } - if inlineData, ok := m["inline_data"]; ok { - m["inlineData"] = inlineData - delete(m, "inline_data") - } - return m - } - - for _, line := range bytes.Split(stream, []byte("\n")) { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !gjson.ValidBytes(trimmed) { - continue - } - - root := gjson.ParseBytes(trimmed) - responseNode := root.Get("response") - if !responseNode.Exists() { - if root.Get("candidates").Exists() { - responseNode = root - } else { - continue - } - } - responseTemplate = responseNode.Raw - - if traceResult := root.Get("traceId"); traceResult.Exists() && traceResult.String() != "" { - traceID = traceResult.String() - } - - if roleResult := responseNode.Get("candidates.0.content.role"); roleResult.Exists() { - role = roleResult.String() - } - - if finishResult := responseNode.Get("candidates.0.finishReason"); finishResult.Exists() && finishResult.String() != "" { - finishReason = finishResult.String() - } - - if modelResult := responseNode.Get("modelVersion"); modelResult.Exists() && modelResult.String() != "" { - modelVersion = modelResult.String() - } - if responseIDResult := responseNode.Get("responseId"); responseIDResult.Exists() && responseIDResult.String() != "" { - responseID = responseIDResult.String() - } - if usageResult := responseNode.Get("usageMetadata"); usageResult.Exists() { - usageRaw = usageResult.Raw - } else if usageMetadataResult := root.Get("usageMetadata"); usageMetadataResult.Exists() { - usageRaw = usageMetadataResult.Raw - } - - if partsResult := responseNode.Get("candidates.0.content.parts"); partsResult.IsArray() { - for _, part := range partsResult.Array() { - hasFunctionCall := part.Get("functionCall").Exists() - hasInlineData := part.Get("inlineData").Exists() || part.Get("inline_data").Exists() - sig := part.Get("thoughtSignature").String() - if sig == "" { - sig = part.Get("thought_signature").String() - } - text := part.Get("text").String() - thought := part.Get("thought").Bool() - - if hasFunctionCall || hasInlineData { - flushPending() - parts = append(parts, normalizePart(part)) - continue - } - - if thought || part.Get("text").Exists() { - kind := "text" - if thought { - kind = "thought" - } - if pendingKind != "" && pendingKind != kind { - flushPending() - } - pendingKind = kind - pendingText.WriteString(text) - if kind == "thought" && sig != "" { - pendingThoughtSig = sig - } - continue - } - - flushPending() - parts = append(parts, normalizePart(part)) - } - } - } - flushPending() - - if responseTemplate == "" { - responseTemplate = `{"candidates":[{"content":{"role":"model","parts":[]}}]}` - } - - partsJSON, _ := json.Marshal(parts) - responseTemplate, _ = sjson.SetRaw(responseTemplate, "candidates.0.content.parts", string(partsJSON)) - if role != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.content.role", role) - } - if finishReason != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.finishReason", finishReason) - } - if modelVersion != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "modelVersion", modelVersion) - } - if responseID != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "responseId", responseID) - } - if usageRaw != "" { - responseTemplate, _ = sjson.SetRaw(responseTemplate, "usageMetadata", usageRaw) - } else if !gjson.Get(responseTemplate, "usageMetadata").Exists() { - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.promptTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.candidatesTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.totalTokenCount", 0) - } - - output := `{"response":{},"traceId":""}` - output, _ = sjson.SetRaw(output, "response", responseTemplate) - if traceID != "" { - output, _ = sjson.Set(output, "traceId", traceID) - } - return []byte(output) -} - -// ExecuteStream performs a streaming request to the Antigravity API. -func (e *AntigravityExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - ctx = context.WithValue(ctx, interfaces.ContextKeyAlt, "") - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return nil, err - } - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return nil, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return nil, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return nil, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity, retrying in %s (attempt %d/%d)", delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return nil, errWait - } - continue attemptLoop - } - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(payload), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - tail := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, []byte("[DONE]"), ¶m) - for i := range tail { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(tail[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return nil, err - } - - return nil, err -} - -// Refresh refreshes the authentication credentials using the refresh token. -func (e *AntigravityExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return auth, nil - } - updated, errRefresh := e.refreshToken(ctx, auth.Clone()) - if errRefresh != nil { - return nil, errRefresh - } - return updated, nil -} - -// CountTokens counts tokens for the given request using the Antigravity API. -func (e *AntigravityExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return cliproxyexecutor.Response{}, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - if strings.TrimSpace(token) == "" { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - // Prepare payload once (doesn't depend on baseURL) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(e.cfg, auth) - } - base, err = sanitizeAntigravityBaseURL(base) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(antigravityCountTokensPath) - if opts.Alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(opts.Alt)) - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - httpReq.Header.Set("Accept", "application/json") - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return cliproxyexecutor.Response{}, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - return cliproxyexecutor.Response{}, errDo - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode >= http.StatusOK && httpResp.StatusCode < http.StatusMultipleChoices { - count := gjson.GetBytes(bodyBytes, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, bodyBytes) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: httpResp.Header.Clone()}, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - case lastErr != nil: - return cliproxyexecutor.Response{}, lastErr - default: - return cliproxyexecutor.Response{}, statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } -} - -// FetchAntigravityModels retrieves available models using the supplied auth. -// When dynamic fetch fails, it returns a fallback static model list to ensure -// the credential is still usable. -func FetchAntigravityModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - exec := &AntigravityExecutor{cfg: cfg} - token, updatedAuth, errToken := exec.ensureAccessToken(ctx, auth) - if errToken != nil { - log.Warnf("antigravity executor: fetch models failed for %s: token error: %v", auth.ID, errToken) - // Return fallback models when token refresh fails - return getFallbackAntigravityModels() - } - if token == "" { - log.Warnf("antigravity executor: fetch models failed for %s: got empty token", auth.ID) - return getFallbackAntigravityModels() - } - if updatedAuth != nil { - auth = updatedAuth - } - - baseURLs := antigravityBaseURLFallbackOrder(cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - - var lastErr error - var lastStatusCode int - var lastBody []byte - - for idx, baseURL := range baseURLs { - modelsURL := baseURL + antigravityModelsPath - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, modelsURL, bytes.NewReader([]byte(`{}`))) - if errReq != nil { - log.Warnf("antigravity executor: fetch models failed for %s: create request error: %v", auth.ID, errReq) - lastErr = errReq - continue - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if host := resolveHost(baseURL); host != "" { - httpReq.Host = host - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - log.Warnf("antigravity executor: fetch models failed for %s: context canceled: %v", auth.ID, errDo) - return getFallbackAntigravityModels() - } - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: request error: %v", auth.ID, errDo) - return getFallbackAntigravityModels() - } - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: read body error: %v", auth.ID, errRead) - return getFallbackAntigravityModels() - } - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - lastStatusCode = httpResp.StatusCode - lastBody = bodyBytes - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: unexpected status %d, body: %s", auth.ID, httpResp.StatusCode, string(bodyBytes)) - continue - } - - result := gjson.GetBytes(bodyBytes, "models") - if !result.Exists() { - log.Warnf("antigravity executor: fetch models failed for %s: no models field in response, body: %s", auth.ID, string(bodyBytes)) - continue - } - - now := time.Now().Unix() - modelConfig := registry.GetAntigravityModelConfig() - models := make([]*registry.ModelInfo, 0, len(result.Map())) - for originalName, modelData := range result.Map() { - modelID := strings.TrimSpace(originalName) - if modelID == "" { - continue - } - switch modelID { - case "chat_20706", "chat_23310", "gemini-2.5-flash-thinking", "gemini-3-pro-low", "gemini-2.5-pro": - continue - } - modelCfg := modelConfig[modelID] - - // Extract displayName from upstream response, fallback to modelID - displayName := modelData.Get("displayName").String() - if displayName == "" { - displayName = modelID - } - - modelInfo := ®istry.ModelInfo{ - ID: modelID, - Name: modelID, - Description: displayName, - DisplayName: displayName, - Version: modelID, - Object: "model", - Created: now, - OwnedBy: antigravityAuthType, - Type: antigravityAuthType, - } - // Look up Thinking support from static config using upstream model name. - if modelCfg != nil { - if modelCfg.Thinking != nil { - modelInfo.Thinking = modelCfg.Thinking - } - if modelCfg.MaxCompletionTokens > 0 { - modelInfo.MaxCompletionTokens = modelCfg.MaxCompletionTokens - } - } - models = append(models, modelInfo) - } - if len(models) > 0 { - return models - } - // Empty models list, try next base URL or return fallback - log.Debugf("antigravity executor: empty models list from %s for %s", baseURL, auth.ID) - } - - // All base URLs failed, return fallback models - if lastStatusCode > 0 { - bodyPreview := "" - if len(lastBody) > 0 { - if len(lastBody) > 200 { - bodyPreview = string(lastBody[:200]) + "..." - } else { - bodyPreview = string(lastBody) - } - } - if bodyPreview != "" { - log.Warnf("antigravity executor: all base URLs failed for %s, returning fallback models (last status: %d, body: %s)", auth.ID, lastStatusCode, bodyPreview) - } else { - log.Warnf("antigravity executor: all base URLs failed for %s, returning fallback models (last status: %d)", auth.ID, lastStatusCode) - } - } else if lastErr != nil { - log.Warnf("antigravity executor: all base URLs failed for %s, returning fallback models (last error: %v)", auth.ID, lastErr) - } else { - log.Warnf("antigravity executor: no models returned for %s, returning fallback models", auth.ID) - } - return getFallbackAntigravityModels() -} - -// getFallbackAntigravityModels returns a static list of commonly available Antigravity models. -// This ensures credentials remain usable even when the dynamic model fetch fails. -func getFallbackAntigravityModels() []*registry.ModelInfo { - now := time.Now().Unix() - modelConfig := registry.GetAntigravityModelConfig() - - // Common Antigravity models that should always be available - fallbackModelIDs := []string{ - "gemini-2.5-flash", - "gemini-2.5-flash-lite", - "gemini-3-pro-high", - "gemini-3-pro-image", - "gemini-3-flash", - "claude-opus-4-5-thinking", - "claude-opus-4-6-thinking", - "claude-sonnet-4-5", - "claude-sonnet-4-5-thinking", - "claude-sonnet-4-6", - "claude-sonnet-4-6-thinking", - "gpt-oss-120b-medium", - "tab_flash_lite_preview", - } - - models := make([]*registry.ModelInfo, 0, len(fallbackModelIDs)) - for _, modelID := range fallbackModelIDs { - modelInfo := ®istry.ModelInfo{ - ID: modelID, - Name: modelID, - Description: modelID, - DisplayName: modelID, - Version: modelID, - Object: "model", - Created: now, - OwnedBy: antigravityAuthType, - Type: antigravityAuthType, - } - if modelCfg := modelConfig[modelID]; modelCfg != nil { - if modelCfg.Thinking != nil { - modelInfo.Thinking = modelCfg.Thinking - } - if modelCfg.MaxCompletionTokens > 0 { - modelInfo.MaxCompletionTokens = modelCfg.MaxCompletionTokens - } - } - models = append(models, modelInfo) - } - return models -} - -func (e *AntigravityExecutor) ensureAccessToken(ctx context.Context, auth *cliproxyauth.Auth) (string, *cliproxyauth.Auth, error) { - if auth == nil { - return "", nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - accessToken := metaStringValue(auth.Metadata, "access_token") - expiry := tokenExpiry(auth.Metadata) - if accessToken != "" && expiry.After(time.Now().Add(refreshSkew)) { - return accessToken, nil, nil - } - refreshCtx := context.Background() - if ctx != nil { - if rt, ok := ctx.Value(interfaces.ContextKeyRoundRobin).(http.RoundTripper); ok && rt != nil { - refreshCtx = context.WithValue(refreshCtx, interfaces.ContextKeyRoundRobin, rt) - } - } - updated, errRefresh := e.refreshToken(refreshCtx, auth.Clone()) - if errRefresh != nil { - return "", nil, errRefresh - } - return metaStringValue(updated.Metadata, "access_token"), updated, nil -} - -func (e *AntigravityExecutor) refreshToken(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - refreshToken := metaStringValue(auth.Metadata, "refresh_token") - if refreshToken == "" { - return auth, statusErr{code: http.StatusUnauthorized, msg: "missing refresh token"} - } - - form := url.Values{} - form.Set("client_id", antigravityClientID) - form.Set("client_secret", antigravityClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, "https://oauth2.googleapis.com/token", strings.NewReader(form.Encode())) - if errReq != nil { - return auth, errReq - } - httpReq.Header.Set("Host", "oauth2.googleapis.com") - httpReq.Header.Set("User-Agent", defaultAntigravityAgent) - httpReq.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - return auth, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - return auth, errRead - } - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return auth, sErr - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return auth, errUnmarshal - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenResp.AccessToken - if tokenResp.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenResp.RefreshToken - } - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - now := time.Now() - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - auth.Metadata["type"] = antigravityAuthType - if errProject := e.ensureAntigravityProjectID(ctx, auth, tokenResp.AccessToken); errProject != nil { - log.Warnf("antigravity executor: ensure project id failed: %v", errProject) - } - return auth, nil -} - -func (e *AntigravityExecutor) ensureAntigravityProjectID(ctx context.Context, auth *cliproxyauth.Auth, accessToken string) error { - if auth == nil { - return nil - } - - if auth.Metadata["project_id"] != nil { - return nil - } - - token := strings.TrimSpace(accessToken) - if token == "" { - token = metaStringValue(auth.Metadata, "access_token") - } - if token == "" { - return nil - } - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - projectID, errFetch := sdkAuth.FetchAntigravityProjectID(ctx, token, httpClient) - if errFetch != nil { - return errFetch - } - if strings.TrimSpace(projectID) == "" { - return nil - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["project_id"] = strings.TrimSpace(projectID) - - return nil -} - -func (e *AntigravityExecutor) buildRequest(ctx context.Context, auth *cliproxyauth.Auth, token, modelName string, payload []byte, stream bool, alt, baseURL string) (*http.Request, error) { - if token == "" { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(e.cfg, auth) - } - path := antigravityGeneratePath - if stream { - path = antigravityStreamPath - } - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(path) - if stream { - if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } else { - requestURL.WriteString("?alt=sse") - } - } else if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } - - // Extract project_id from auth metadata if available - projectID := "" - if auth != nil && auth.Metadata != nil { - if pid, ok := auth.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(pid) - } - } - payload = geminiToAntigravity(modelName, payload, projectID) - payload, _ = sjson.SetBytes(payload, "model", modelName) - - useAntigravitySchema := strings.Contains(modelName, "claude") || strings.Contains(modelName, "gemini-3-pro-high") - payloadStr := string(payload) - paths := make([]string, 0) - util.Walk(gjson.Parse(payloadStr), "", "parametersJsonSchema", &paths) - for _, p := range paths { - payloadStr, _ = util.RenameKey(payloadStr, p, p[:len(p)-len("parametersJsonSchema")]+"parameters") - } - - if useAntigravitySchema { - payloadStr = util.CleanJSONSchemaForAntigravity(payloadStr) - payloadStr = util.DeleteKeysByName(payloadStr, "$ref", "$defs") - } else { - payloadStr = util.CleanJSONSchemaForGemini(payloadStr) - } - - if useAntigravitySchema { - systemInstructionPartsResult := gjson.Get(payloadStr, "request.systemInstruction.parts") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.role", "user") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.0.text", systemInstruction) - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.1.text", fmt.Sprintf("Please ignore following [ignore]%s[/ignore]", systemInstruction)) - - if systemInstructionPartsResult.Exists() && systemInstructionPartsResult.IsArray() { - for _, partResult := range systemInstructionPartsResult.Array() { - payloadStr, _ = sjson.SetRaw(payloadStr, "request.systemInstruction.parts.-1", partResult.Raw) - } - } - } - - if strings.Contains(modelName, "claude") { - payloadStr, _ = sjson.Set(payloadStr, "request.toolConfig.functionCallingConfig.mode", "VALIDATED") - } else { - payloadStr, _ = sjson.Delete(payloadStr, "request.generationConfig.maxOutputTokens") - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), strings.NewReader(payloadStr)) - if errReq != nil { - return nil, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if stream { - httpReq.Header.Set("Accept", "text/event-stream") - } else { - httpReq.Header.Set("Accept", "application/json") - } - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - var payloadLog []byte - if e.cfg != nil && e.cfg.RequestLog { - payloadLog = []byte(payloadStr) - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payloadLog, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - return httpReq, nil -} - -func tokenExpiry(metadata map[string]any) time.Time { - if metadata == nil { - return time.Time{} - } - if expStr, ok := metadata["expired"].(string); ok { - expStr = strings.TrimSpace(expStr) - if expStr != "" { - if parsed, errParse := time.Parse(time.RFC3339, expStr); errParse == nil { - return parsed - } - } - } - expiresIn, hasExpires := int64Value(metadata["expires_in"]) - tsMs, hasTimestamp := int64Value(metadata["timestamp"]) - if hasExpires && hasTimestamp { - return time.Unix(0, tsMs*int64(time.Millisecond)).Add(time.Duration(expiresIn) * time.Second) - } - return time.Time{} -} - -func metaStringValue(metadata map[string]any, key string) string { - if metadata == nil { - return "" - } - if v, ok := metadata[key]; ok { - switch typed := v.(type) { - case string: - return strings.TrimSpace(typed) - case []byte: - return strings.TrimSpace(string(typed)) - } - } - return "" -} - -func int64Value(value any) (int64, bool) { - switch typed := value.(type) { - case int: - return int64(typed), true - case int64: - return typed, true - case float64: - return int64(typed), true - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i, true - } - case string: - if strings.TrimSpace(typed) == "" { - return 0, false - } - if i, errParse := strconv.ParseInt(strings.TrimSpace(typed), 10, 64); errParse == nil { - return i, true - } - } - return 0, false -} - -func buildBaseURL(cfg *config.Config, auth *cliproxyauth.Auth) string { - if baseURLs := antigravityBaseURLFallbackOrder(cfg, auth); len(baseURLs) > 0 { - return baseURLs[0] - } - return antigravityBaseURLDaily -} - -func resolveHost(base string) string { - parsed, errParse := url.Parse(base) - if errParse != nil { - return "" - } - if parsed.Host != "" { - hostname := parsed.Hostname() - if hostname == "" { - return "" - } - if ip := net.ParseIP(hostname); ip != nil { - return "" - } - if parsed.Port() != "" { - return net.JoinHostPort(hostname, parsed.Port()) - } - return hostname - } - return strings.TrimPrefix(strings.TrimPrefix(base, "https://"), "http://") -} - -func sanitizeAntigravityBaseURL(base string) (string, error) { - normalized := strings.TrimSuffix(strings.TrimSpace(base), "/") - switch normalized { - case antigravityBaseURLDaily, antigravitySandboxBaseURLDaily, antigravityBaseURLProd: - return normalized, nil - default: - return "", fmt.Errorf("antigravity executor: unsupported base url %q", base) - } -} - -func resolveUserAgent(auth *cliproxyauth.Auth) string { - if auth != nil { - if auth.Attributes != nil { - if ua := strings.TrimSpace(auth.Attributes["user_agent"]); ua != "" { - return ua - } - } - if auth.Metadata != nil { - if ua, ok := auth.Metadata["user_agent"].(string); ok && strings.TrimSpace(ua) != "" { - return strings.TrimSpace(ua) - } - } - } - return defaultAntigravityAgent -} - -func antigravityRetryAttempts(auth *cliproxyauth.Auth, cfg *config.Config) int { - retry := 0 - if cfg != nil { - retry = cfg.RequestRetry - } - if auth != nil { - if override, ok := auth.RequestRetryOverride(); ok { - retry = override - } - } - if retry < 0 { - retry = 0 - } - attempts := retry + 1 - if attempts < 1 { - return 1 - } - return attempts -} - -func newAntigravityStatusErr(statusCode int, body []byte) statusErr { - return statusErr{ - code: statusCode, - msg: antigravityErrorMessage(statusCode, body), - } -} - -func antigravityErrorMessage(statusCode int, body []byte) string { - msg := strings.TrimSpace(string(body)) - if statusCode != http.StatusForbidden { - return msg - } - if msg == "" { - return msg - } - lower := strings.ToLower(msg) - if !strings.Contains(lower, "subscription_required") && - !strings.Contains(lower, "gemini code assist license") && - !strings.Contains(lower, "permission_denied") { - return msg - } - if strings.Contains(lower, "hint: the current google project/account does not have a gemini code assist license") { - return msg - } - return msg + "\nHint: The current Google project/account does not have a Gemini Code Assist license. Re-run --antigravity-login with a licensed account/project, or switch providers." -} - -func antigravityShouldRetryNoCapacity(statusCode int, body []byte) bool { - if statusCode != http.StatusServiceUnavailable { - return false - } - if len(body) == 0 { - return false - } - msg := strings.ToLower(string(body)) - return strings.Contains(msg, "no capacity available") -} - -func antigravityNoCapacityRetryDelay(attempt int) time.Duration { - if attempt < 0 { - attempt = 0 - } - // Exponential backoff with jitter: 250ms, 500ms, 1s, 2s, 2s... - baseDelay := time.Duration(250*(1< 2*time.Second { - baseDelay = 2 * time.Second - } - // Add jitter (±10%) - jitter := time.Duration(float64(baseDelay) * 0.1) - randSourceMutex.Lock() - jitterValue := time.Duration(randSource.Int63n(int64(jitter*2 + 1))) - randSourceMutex.Unlock() - return baseDelay - jitter + jitterValue -} - -func antigravityWait(ctx context.Context, wait time.Duration) error { - if wait <= 0 { - return nil - } - timer := time.NewTimer(wait) - defer timer.Stop() - select { - case <-ctx.Done(): - return ctx.Err() - case <-timer.C: - return nil - } -} - -func antigravityBaseURLFallbackOrder(cfg *config.Config, auth *cliproxyauth.Auth) []string { - if base := resolveOAuthBaseURLWithOverride(cfg, antigravityAuthType, "", resolveCustomAntigravityBaseURL(auth)); base != "" { - return []string{base} - } - return []string{ - antigravityBaseURLDaily, - antigravitySandboxBaseURLDaily, - // antigravityBaseURLProd, - } -} - -func resolveCustomAntigravityBaseURL(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["base_url"]); v != "" { - return strings.TrimSuffix(v, "/") - } - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["base_url"].(string); ok { - v = strings.TrimSpace(v) - if v != "" { - return strings.TrimSuffix(v, "/") - } - } - } - return "" -} - -func geminiToAntigravity(modelName string, payload []byte, projectID string) []byte { - template, _ := sjson.Set(string(payload), "model", modelName) - template, _ = sjson.Set(template, "userAgent", "antigravity") - template, _ = sjson.Set(template, "requestType", "agent") - - // Use real project ID from auth if available, otherwise generate random (legacy fallback) - if projectID != "" { - template, _ = sjson.Set(template, "project", projectID) - } else { - template, _ = sjson.Set(template, "project", generateProjectID()) - } - template, _ = sjson.Set(template, "requestId", generateRequestID()) - template, _ = sjson.Set(template, "request.sessionId", generateStableSessionID(payload)) - - template, _ = sjson.Delete(template, "request.safetySettings") - if toolConfig := gjson.Get(template, "toolConfig"); toolConfig.Exists() && !gjson.Get(template, "request.toolConfig").Exists() { - template, _ = sjson.SetRaw(template, "request.toolConfig", toolConfig.Raw) - template, _ = sjson.Delete(template, "toolConfig") - } - return []byte(template) -} - -func generateRequestID() string { - return "agent-" + uuid.NewString() -} - -func generateSessionID() string { - randSourceMutex.Lock() - n := randSource.Int63n(9_000_000_000_000_000_000) - randSourceMutex.Unlock() - return "-" + strconv.FormatInt(n, 10) -} - -func generateStableSessionID(payload []byte) string { - contents := gjson.GetBytes(payload, "request.contents") - if contents.IsArray() { - candidates := make([]string, 0) - for _, content := range contents.Array() { - if content.Get("role").String() == "user" { - if parts := content.Get("parts"); parts.IsArray() { - for _, part := range parts.Array() { - text := strings.TrimSpace(part.Get("text").String()) - if text != "" { - candidates = append(candidates, text) - } - } - } - if len(candidates) > 0 { - normalized := strings.Join(candidates, "\n") - h := sha256.Sum256([]byte(normalized)) - n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF - return "-" + strconv.FormatInt(n, 10) - } - - contentRaw := strings.TrimSpace(content.Raw) - if contentRaw != "" { - h := sha256.Sum256([]byte(contentRaw)) - n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF - return "-" + strconv.FormatInt(n, 10) - } - } - } - } - return generateSessionID() -} - -func generateProjectID() string { - adjectives := []string{"useful", "bright", "swift", "calm", "bold"} - nouns := []string{"fuze", "wave", "spark", "flow", "core"} - randSourceMutex.Lock() - adj := adjectives[randSource.Intn(len(adjectives))] - noun := nouns[randSource.Intn(len(nouns))] - randSourceMutex.Unlock() - randomPart := strings.ToLower(uuid.NewString())[:5] - return adj + "-" + noun + "-" + randomPart -} - -func (e *AntigravityExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_buildrequest_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_buildrequest_test.go deleted file mode 100644 index a70374d0db..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_buildrequest_test.go +++ /dev/null @@ -1,303 +0,0 @@ -package executor - -import ( - "context" - "encoding/json" - "io" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestAntigravityBuildRequest_SanitizesGeminiToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "gemini-2.5-pro") - - decl := extractFirstFunctionDeclaration(t, body) - if _, ok := decl["parametersJsonSchema"]; ok { - t.Fatalf("parametersJsonSchema should be renamed to parameters") - } - - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func TestAntigravityBuildRequest_SanitizesAntigravityToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "claude-opus-4-6") - - decl := extractFirstFunctionDeclaration(t, body) - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func TestAntigravityBuildRequest_RemovesRefAndDefsFromToolSchema(t *testing.T) { - body := buildRequestBodyFromPayloadWithSchemaRefs(t, "claude-opus-4-6") - - decl := extractFirstFunctionDeclaration(t, body) - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertNoSchemaKeywords(t, params) -} - -func TestGenerateStableSessionID_UsesAllUserTextParts(t *testing.T) { - payload := []byte(`{ - "request": { - "contents": [ - { - "role": "user", - "parts": [ - {"inline_data": {"mimeType":"image/png","data":"Zm9v"}}, - {"text": "first real user text"}, - {"text": "ignored?"} - ] - } - ] - } - }`) - - first := generateStableSessionID(payload) - second := generateStableSessionID(payload) - if first != second { - t.Fatalf("expected deterministic session id from non-leading user text, got %q and %q", first, second) - } - if first == "" { - t.Fatal("expected non-empty session id") - } -} - -func TestGenerateStableSessionID_FallsBackToContentRawForNonTextUserMessage(t *testing.T) { - payload := []byte(`{ - "request": { - "contents": [ - { - "role": "user", - "parts": [ - {"tool_call": {"name": "debug", "input": {"value": "ok"}} - ] - } - ] - } - }`) - - first := generateStableSessionID(payload) - second := generateStableSessionID(payload) - if first != second { - t.Fatalf("expected deterministic fallback session id for non-text user content, got %q and %q", first, second) - } - if first == "" { - t.Fatal("expected non-empty fallback session id") - } -} - -func buildRequestBodyFromPayload(t *testing.T, modelName string) map[string]any { - t.Helper() - - executor := &AntigravityExecutor{} - auth := &cliproxyauth.Auth{} - payload := []byte(`{ - "request": { - "tools": [ - { - "function_declarations": [ - { - "name": "tool_1", - "parametersJsonSchema": { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "$id": {"type": "string"}, - "arg": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - } - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - } - } - ] - } - ] - } - }`) - - req, err := executor.buildRequest(context.Background(), auth, "token", modelName, payload, false, "", "https://example.com") - if err != nil { - t.Fatalf("buildRequest error: %v", err) - } - - raw, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read request body error: %v", err) - } - - var body map[string]any - if err := json.Unmarshal(raw, &body); err != nil { - t.Fatalf("unmarshal request body error: %v, body=%s", err, string(raw)) - } - return body -} - -func buildRequestBodyFromPayloadWithSchemaRefs(t *testing.T, modelName string) map[string]any { - t.Helper() - - executor := &AntigravityExecutor{} - auth := &cliproxyauth.Auth{} - payload := []byte(`{ - "request": { - "tools": [ - { - "function_declarations": [ - { - "name": "tool_with_refs", - "parametersJsonSchema": { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "$defs": { - "Address": { - "type": "object", - "properties": { - "city": { "type": "string" }, - "zip": { "type": "string" } - } - } - }, - "properties": { - "address": { - "$ref": "#/$defs/Address" - }, - "payload": { - "type": "object", - "properties": { - "id": { - "type": "string" - } - } - } - } - } - } - ] - } - ] - } - }`) - - req, err := executor.buildRequest(context.Background(), auth, "token", modelName, payload, false, "", "https://example.com") - if err != nil { - t.Fatalf("buildRequest error: %v", err) - } - - raw, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read request body error: %v", err) - } - - var body map[string]any - if err := json.Unmarshal(raw, &body); err != nil { - t.Fatalf("unmarshal request body error: %v, body=%s", err, string(raw)) - } - return body -} - -func extractFirstFunctionDeclaration(t *testing.T, body map[string]any) map[string]any { - t.Helper() - - request, ok := body["request"].(map[string]any) - if !ok { - t.Fatalf("request missing or invalid type") - } - tools, ok := request["tools"].([]any) - if !ok || len(tools) == 0 { - t.Fatalf("tools missing or empty") - } - tool, ok := tools[0].(map[string]any) - if !ok { - t.Fatalf("first tool invalid type") - } - decls, ok := tool["function_declarations"].([]any) - if !ok || len(decls) == 0 { - t.Fatalf("function_declarations missing or empty") - } - decl, ok := decls[0].(map[string]any) - if !ok { - t.Fatalf("first function declaration invalid type") - } - return decl -} - -func assertSchemaSanitizedAndPropertyPreserved(t *testing.T, params map[string]any) { - t.Helper() - - if _, ok := params["$id"]; ok { - t.Fatalf("root $id should be removed from schema") - } - if _, ok := params["patternProperties"]; ok { - t.Fatalf("patternProperties should be removed from schema") - } - - props, ok := params["properties"].(map[string]any) - if !ok { - t.Fatalf("properties missing or invalid type") - } - if _, ok := props["$id"]; !ok { - t.Fatalf("property named $id should be preserved") - } - - arg, ok := props["arg"].(map[string]any) - if !ok { - t.Fatalf("arg property missing or invalid type") - } - if _, ok := arg["prefill"]; ok { - t.Fatalf("prefill should be removed from nested schema") - } - - argProps, ok := arg["properties"].(map[string]any) - if !ok { - t.Fatalf("arg.properties missing or invalid type") - } - mode, ok := argProps["mode"].(map[string]any) - if !ok { - t.Fatalf("mode property missing or invalid type") - } - if _, ok := mode["enumTitles"]; ok { - t.Fatalf("enumTitles should be removed from nested schema") - } -} - -func assertNoSchemaKeywords(t *testing.T, value any) { - t.Helper() - - switch typed := value.(type) { - case map[string]any: - for key, nested := range typed { - switch key { - case "$ref", "$defs": - t.Fatalf("schema keyword %q should be removed for Antigravity request", key) - default: - assertNoSchemaKeywords(t, nested) - } - } - case []any: - for _, nested := range typed { - assertNoSchemaKeywords(t, nested) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_error_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_error_test.go deleted file mode 100644 index 2becd692c5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_error_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package executor - -import ( - "net/http" - "strings" - "testing" -) - -func TestAntigravityErrorMessage_AddsLicenseHintForKnown403(t *testing.T) { - body := []byte(`{"error":{"code":403,"message":"SUBSCRIPTION_REQUIRED: Gemini Code Assist license missing","status":"PERMISSION_DENIED"}}`) - msg := antigravityErrorMessage(http.StatusForbidden, body) - if !strings.Contains(msg, "Hint:") { - t.Fatalf("expected hint in message, got %q", msg) - } - if !strings.Contains(strings.ToLower(msg), "gemini code assist license") { - t.Fatalf("expected license text in message, got %q", msg) - } -} - -func TestAntigravityErrorMessage_NoHintForNon403(t *testing.T) { - body := []byte(`{"error":"bad request"}`) - msg := antigravityErrorMessage(http.StatusBadRequest, body) - if strings.Contains(msg, "Hint:") { - t.Fatalf("did not expect hint for non-403, got %q", msg) - } -} - -func TestAntigravityErrorMessage_DoesNotDuplicateHint(t *testing.T) { - body := []byte(`{"error":{"code":403,"message":"PERMISSION_DENIED: Gemini Code Assist license missing. Hint: The current Google project/account does not have a Gemini Code Assist license. Re-run --antigravity-login with a licensed account/project, or switch providers.","status":"PERMISSION_DENIED"}}`) - msg := antigravityErrorMessage(http.StatusForbidden, body) - if strings.Count(msg, "Hint:") != 1 { - t.Fatalf("expected one hint marker, got %q", msg) - } -} - -func TestAntigravityShouldRetryNoCapacity_NestedCapacityMarker(t *testing.T) { - body := []byte(`{"error":{"code":503,"message":"Resource exhausted: no capacity available right now","status":"UNAVAILABLE"}}`) - if !antigravityShouldRetryNoCapacity(http.StatusServiceUnavailable, body) { - t.Fatalf("expected retry on nested no-capacity marker") - } -} - -func TestAntigravityShouldRetryNoCapacity_DoesNotRetryUnrelated503(t *testing.T) { - body := []byte(`{"error":{"code":503,"message":"service unavailable","status":"UNAVAILABLE"}}`) - if antigravityShouldRetryNoCapacity(http.StatusServiceUnavailable, body) { - t.Fatalf("did not expect retry for unrelated 503") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_logging_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_logging_test.go deleted file mode 100644 index ce17fad150..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_logging_test.go +++ /dev/null @@ -1,14 +0,0 @@ -package executor - -import "testing" - -func TestAntigravityModelFingerprint_RedactsRawModel(t *testing.T) { - raw := "my-sensitive-model-name" - got := antigravityModelFingerprint(raw) - if got == "" { - t.Fatal("expected non-empty fingerprint") - } - if got == raw { - t.Fatalf("fingerprint must not equal raw model: %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_security_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_security_test.go deleted file mode 100644 index 4f44c62c6b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/antigravity_executor_security_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package executor - -import "testing" - -func TestSanitizeAntigravityBaseURL_AllowsKnownHosts(t *testing.T) { - t.Parallel() - - cases := []string{ - antigravityBaseURLDaily, - antigravitySandboxBaseURLDaily, - antigravityBaseURLProd, - } - for _, base := range cases { - got, err := sanitizeAntigravityBaseURL(base) - if err != nil { - t.Fatalf("sanitizeAntigravityBaseURL(%q) error: %v", base, err) - } - if got != base { - t.Fatalf("sanitizeAntigravityBaseURL(%q) = %q, want %q", base, got, base) - } - } -} - -func TestSanitizeAntigravityBaseURL_RejectsUntrustedHost(t *testing.T) { - t.Parallel() - - if _, err := sanitizeAntigravityBaseURL("https://127.0.0.1:8080"); err == nil { - t.Fatal("expected error for untrusted antigravity base URL") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/auth_status_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/auth_status_test.go deleted file mode 100644 index e69dc80ef4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/auth_status_test.go +++ /dev/null @@ -1,90 +0,0 @@ -package executor - -import ( - "context" - "net/http" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/wsrelay" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" -) - -func TestAIStudioHttpRequestMissingAuthStatus(t *testing.T) { - exec := &AIStudioExecutor{relay: &wsrelay.Manager{}} - req, errReq := http.NewRequestWithContext(context.Background(), http.MethodGet, "https://example.com", nil) - if errReq != nil { - t.Fatalf("new request: %v", errReq) - } - - _, err := exec.HttpRequest(context.Background(), nil, req) - if err == nil { - t.Fatal("expected missing auth error") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T (%v)", err, err) - } - if got := se.StatusCode(); got != http.StatusUnauthorized { - t.Fatalf("status code = %d, want %d", got, http.StatusUnauthorized) - } -} - -func TestKiloRefreshMissingAuthStatus(t *testing.T) { - exec := &KiloExecutor{} - _, err := exec.Refresh(context.Background(), nil) - if err == nil { - t.Fatal("expected missing auth error") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T (%v)", err, err) - } - if got := se.StatusCode(); got != http.StatusUnauthorized { - t.Fatalf("status code = %d, want %d", got, http.StatusUnauthorized) - } -} - -func TestCodexRefreshMissingAuthStatus(t *testing.T) { - exec := &CodexExecutor{} - _, err := exec.Refresh(context.Background(), nil) - if err == nil { - t.Fatal("expected missing auth error") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T (%v)", err, err) - } - if got := se.StatusCode(); got != http.StatusUnauthorized { - t.Fatalf("status code = %d, want %d", got, http.StatusUnauthorized) - } -} - -func TestIFlowExecuteMissingAuthStatus(t *testing.T) { - exec := &IFlowExecutor{} - _, err := exec.Execute(context.Background(), nil, cliproxyexecutor.Request{Model: "iflow/gpt-4.1"}, cliproxyexecutor.Options{}) - if err == nil { - t.Fatal("expected missing auth error") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T (%v)", err, err) - } - if got := se.StatusCode(); got != http.StatusUnauthorized { - t.Fatalf("status code = %d, want %d", got, http.StatusUnauthorized) - } -} - -func TestIFlowRefreshMissingAuthStatus(t *testing.T) { - exec := &IFlowExecutor{} - _, err := exec.Refresh(context.Background(), nil) - if err == nil { - t.Fatal("expected missing auth error") - } - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T (%v)", err, err) - } - if got := se.StatusCode(); got != http.StatusUnauthorized { - t.Fatalf("status code = %d, want %d", got, http.StatusUnauthorized) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cache_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cache_helpers.go deleted file mode 100644 index 38a554ba69..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cache_helpers.go +++ /dev/null @@ -1,71 +0,0 @@ -package executor - -import ( - "sync" - "time" -) - -type codexCache struct { - ID string - Expire time.Time -} - -// codexCacheMap stores prompt cache IDs keyed by model+user_id. -// Protected by codexCacheMu. Entries expire after 1 hour. -var ( - codexCacheMap = make(map[string]codexCache) - codexCacheMu sync.RWMutex -) - -// codexCacheCleanupInterval controls how often expired entries are purged. -const codexCacheCleanupInterval = 15 * time.Minute - -// codexCacheCleanupOnce ensures the background cleanup goroutine starts only once. -var codexCacheCleanupOnce sync.Once - -// startCodexCacheCleanup launches a background goroutine that periodically -// removes expired entries from codexCacheMap to prevent memory leaks. -func startCodexCacheCleanup() { - go func() { - ticker := time.NewTicker(codexCacheCleanupInterval) - defer ticker.Stop() - - for range ticker.C { - purgeExpiredCodexCache() - } - }() -} - -// purgeExpiredCodexCache removes entries that have expired. -func purgeExpiredCodexCache() { - now := time.Now() - - codexCacheMu.Lock() - defer codexCacheMu.Unlock() - - for key, cache := range codexCacheMap { - if cache.Expire.Before(now) { - delete(codexCacheMap, key) - } - } -} - -// getCodexCache retrieves a cached entry, returning ok=false if not found or expired. -func getCodexCache(key string) (codexCache, bool) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.RLock() - cache, ok := codexCacheMap[key] - codexCacheMu.RUnlock() - if !ok || cache.Expire.Before(time.Now()) { - return codexCache{}, false - } - return cache, true -} - -// setCodexCache stores a cache entry. -func setCodexCache(key string, cache codexCache) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.Lock() - codexCacheMap[key] = cache - codexCacheMu.Unlock() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/caching_verify_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/caching_verify_test.go deleted file mode 100644 index 6088d304cd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/caching_verify_test.go +++ /dev/null @@ -1,258 +0,0 @@ -package executor - -import ( - "fmt" - "testing" - - "github.com/tidwall/gjson" -) - -func TestEnsureCacheControl(t *testing.T) { - // Test case 1: System prompt as string - t.Run("String System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": "This is a long system prompt", "messages": []}`) - output := ensureCacheControl(input) - - res := gjson.GetBytes(output, "system.0.cache_control.type") - if res.String() != "ephemeral" { - t.Errorf("cache_control not found in system string. Output: %s", string(output)) - } - }) - - // Test case 2: System prompt as array - t.Run("Array System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": [{"type": "text", "text": "Part 1"}, {"type": "text", "text": "Part 2"}], "messages": []}`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST element - res0 := gjson.GetBytes(output, "system.0.cache_control") - res1 := gjson.GetBytes(output, "system.1.cache_control.type") - - if res0.Exists() { - t.Errorf("cache_control should NOT be on the first element") - } - if res1.String() != "ephemeral" { - t.Errorf("cache_control not found on last system element. Output: %s", string(output)) - } - }) - - // Test case 3: Tools are cached - t.Run("Tools Caching", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}}, - {"name": "tool2", "description": "Second tool", "input_schema": {"type": "object"}} - ], - "system": "System prompt", - "messages": [] - }`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST tool - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control") - tool1Cache := gjson.GetBytes(output, "tools.1.cache_control.type") - - if tool0Cache.Exists() { - t.Errorf("cache_control should NOT be on the first tool") - } - if tool1Cache.String() != "ephemeral" { - t.Errorf("cache_control not found on last tool. Output: %s", string(output)) - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("cache_control not found in system. Output: %s", string(output)) - } - }) - - // Test case 4: Tools and system are INDEPENDENT breakpoints - // Per Anthropic docs: Up to 4 breakpoints allowed, tools and system are cached separately - t.Run("Independent Cache Breakpoints", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}, "cache_control": {"type": "ephemeral"}} - ], - "system": [{"type": "text", "text": "System"}], - "messages": [] - }`) - output := ensureCacheControl(input) - - // Tool already has cache_control - should not be changed - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control.type") - if tool0Cache.String() != "ephemeral" { - t.Errorf("existing cache_control was incorrectly removed") - } - - // System SHOULD get cache_control because it is an INDEPENDENT breakpoint - // Tools and system are separate cache levels in the hierarchy - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have its own cache_control breakpoint (independent of tools)") - } - }) - - // Test case 5: Only tools, no system - t.Run("Only Tools No System", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "Tool", "input_schema": {"type": "object"}} - ], - "messages": [{"role": "user", "content": "Hi"}] - }`) - output := ensureCacheControl(input) - - toolCache := gjson.GetBytes(output, "tools.0.cache_control.type") - if toolCache.String() != "ephemeral" { - t.Errorf("cache_control not found on tool. Output: %s", string(output)) - } - }) - - // Test case 6: Many tools (Claude Code scenario) - t.Run("Many Tools (Claude Code Scenario)", func(t *testing.T) { - // Simulate Claude Code with many tools - toolsJSON := `[` - for i := 0; i < 50; i++ { - if i > 0 { - toolsJSON += "," - } - toolsJSON += fmt.Sprintf(`{"name": "tool%d", "description": "Tool %d", "input_schema": {"type": "object"}}`, i, i) - } - toolsJSON += `]` - - input := []byte(fmt.Sprintf(`{ - "model": "claude-3-5-sonnet", - "tools": %s, - "system": [{"type": "text", "text": "You are Claude Code"}], - "messages": [{"role": "user", "content": "Hello"}] - }`, toolsJSON)) - - output := ensureCacheControl(input) - - // Only the last tool (index 49) should have cache_control - for i := 0; i < 49; i++ { - path := fmt.Sprintf("tools.%d.cache_control", i) - if gjson.GetBytes(output, path).Exists() { - t.Errorf("tool %d should NOT have cache_control", i) - } - } - - lastToolCache := gjson.GetBytes(output, "tools.49.cache_control.type") - if lastToolCache.String() != "ephemeral" { - t.Errorf("last tool (49) should have cache_control") - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control") - } - - t.Log("test passed: 50 tools - cache_control only on last tool") - }) - - // Test case 7: Empty tools array - t.Run("Empty Tools Array", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "tools": [], "system": "Test", "messages": []}`) - output := ensureCacheControl(input) - - // System should still get cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control even with empty tools array") - } - }) - - // Test case 8: Messages caching for multi-turn (second-to-last user) - t.Run("Messages Caching Second-To-Last User", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": "First user"}, - {"role": "assistant", "content": "Assistant reply"}, - {"role": "user", "content": "Second user"}, - {"role": "assistant", "content": "Assistant reply 2"}, - {"role": "user", "content": "Third user"} - ] - }`) - output := ensureCacheControl(input) - - cacheType := gjson.GetBytes(output, "messages.2.content.0.cache_control.type") - if cacheType.String() != "ephemeral" { - t.Errorf("cache_control not found on second-to-last user turn. Output: %s", string(output)) - } - - lastUserCache := gjson.GetBytes(output, "messages.4.content.0.cache_control") - if lastUserCache.Exists() { - t.Errorf("last user turn should NOT have cache_control") - } - }) - - // Test case 9: Existing message cache_control should skip injection - t.Run("Messages Skip When Cache Control Exists", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "First user"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Assistant reply", "cache_control": {"type": "ephemeral"}}]}, - {"role": "user", "content": [{"type": "text", "text": "Second user"}]} - ] - }`) - output := ensureCacheControl(input) - - userCache := gjson.GetBytes(output, "messages.0.content.0.cache_control") - if userCache.Exists() { - t.Errorf("cache_control should NOT be injected when a message already has cache_control") - } - - existingCache := gjson.GetBytes(output, "messages.1.content.0.cache_control.type") - if existingCache.String() != "ephemeral" { - t.Errorf("existing cache_control should be preserved. Output: %s", string(output)) - } - }) -} - -// TestCacheControlOrder verifies the correct order: tools -> system -> messages -func TestCacheControlOrder(t *testing.T) { - input := []byte(`{ - "model": "claude-sonnet-4", - "tools": [ - {"name": "Read", "description": "Read file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}}}}, - {"name": "Write", "description": "Write file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}, "content": {"type": "string"}}}} - ], - "system": [ - {"type": "text", "text": "You are Claude Code, Anthropic's official CLI for Claude."}, - {"type": "text", "text": "Additional instructions here..."} - ], - "messages": [ - {"role": "user", "content": "Hello"} - ] - }`) - - output := ensureCacheControl(input) - - // 1. Last tool has cache_control - if gjson.GetBytes(output, "tools.1.cache_control.type").String() != "ephemeral" { - t.Error("last tool should have cache_control") - } - - // 2. First tool has NO cache_control - if gjson.GetBytes(output, "tools.0.cache_control").Exists() { - t.Error("first tool should NOT have cache_control") - } - - // 3. Last system element has cache_control - if gjson.GetBytes(output, "system.1.cache_control.type").String() != "ephemeral" { - t.Error("last system element should have cache_control") - } - - // 4. First system element has NO cache_control - if gjson.GetBytes(output, "system.0.cache_control").Exists() { - t.Error("first system element should NOT have cache_control") - } - - t.Log("cache order correct: tools -> system") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor.go deleted file mode 100644 index f4224127f7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor.go +++ /dev/null @@ -1,1401 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "compress/flate" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "runtime" - "strings" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - claudeauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - - "github.com/gin-gonic/gin" -) - -// ClaudeExecutor is a stateless executor for Anthropic Claude over the messages API. -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type ClaudeExecutor struct { - cfg *config.Config -} - -const claudeToolPrefix = "proxy_" - -func NewClaudeExecutor(cfg *config.Config) *ClaudeExecutor { return &ClaudeExecutor{cfg: cfg} } - -func (e *ClaudeExecutor) Identifier() string { return "claude" } - -// PrepareRequest injects Claude credentials into the outgoing HTTP request. -func (e *ClaudeExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := claudeCreds(auth) - if strings.TrimSpace(apiKey) == "" { - return nil - } - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := req.URL != nil && strings.EqualFold(req.URL.Scheme, "https") && strings.EqualFold(req.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - req.Header.Del("Authorization") - req.Header.Set("x-api-key", apiKey) - } else { - req.Header.Del("x-api-key") - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Claude credentials into the request and executes it. -func (e *ClaudeExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("claude executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://api.anthropic.com", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return resp, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if stream { - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } else { - reporter.publish(ctx, parseClaudeUsage(data)) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - data = stripClaudeToolPrefixFromResponse(data, claudeToolPrefix) - } - var param any - out := sdktranslator.TranslateNonStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - data, - ¶m, - ) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://api.anthropic.com", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return nil, err - } - applyClaudeHeaders(httpReq, auth, apiKey, true, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // If from == to (Claude → Claude), directly forward the SSE stream without translation - if from == to { - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - // Forward the line as-is to preserve SSE format - cloned := make([]byte, len(line)+1) - copy(cloned, line) - cloned[len(line)] = '\n' - out <- cliproxyexecutor.StreamChunk{Payload: cloned} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - // For other formats, use translation - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - chunks := sdktranslator.TranslateStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - bytes.Clone(line), - ¶m, - ) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://api.anthropic.com", baseURL) - - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - if !strings.HasPrefix(baseModel, "claude-3-5-haiku") { - body = checkSystemInstructions(body) - } - - // Extract betas from body and convert to header (for count_tokens too) - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - body = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages/count_tokens?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return cliproxyexecutor.Response{}, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - b, _ := io.ReadAll(resp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)} - } - decodedBody, err := decodeResponseBody(resp.Body, resp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "input_tokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: resp.Header.Clone()}, nil -} - -func (e *ClaudeExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("claude executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("claude executor: auth is nil") - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := claudeauth.NewClaudeAuth(e.cfg, nil) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - auth.Metadata["email"] = td.Email - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "claude" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// extractAndRemoveBetas extracts the "betas" array from the body and removes it. -// Returns the extracted betas as a string slice and the modified body. -func extractAndRemoveBetas(body []byte) ([]string, []byte) { - betasResult := gjson.GetBytes(body, "betas") - if !betasResult.Exists() { - return nil, body - } - var betas []string - if betasResult.IsArray() { - for _, item := range betasResult.Array() { - if s := strings.TrimSpace(item.String()); s != "" { - betas = append(betas, s) - } - } - } else if s := strings.TrimSpace(betasResult.String()); s != "" { - betas = append(betas, s) - } - body, _ = sjson.DeleteBytes(body, "betas") - return betas, body -} - -// disableThinkingIfToolChoiceForced checks if tool_choice forces tool use and disables thinking. -// Anthropic API does not allow thinking when tool_choice is set to "any", "tool", or "function". -// See: https://docs.anthropic.com/en/docs/build-with-claude/extended-thinking#important-considerations -func disableThinkingIfToolChoiceForced(body []byte) []byte { - toolChoiceType := gjson.GetBytes(body, "tool_choice.type").String() - // "auto" is allowed with thinking, but explicit forcing is not. - if toolChoiceType == "any" || toolChoiceType == "tool" || toolChoiceType == "function" { - // Remove thinking configuration entirely to avoid API error - body, _ = sjson.DeleteBytes(body, "thinking") - } - return body -} - -type compositeReadCloser struct { - io.Reader - closers []func() error -} - -func (c *compositeReadCloser) Close() error { - var firstErr error - for i := range c.closers { - if c.closers[i] == nil { - continue - } - if err := c.closers[i](); err != nil && firstErr == nil { - firstErr = err - } - } - return firstErr -} - -func decodeResponseBody(body io.ReadCloser, contentEncoding string) (io.ReadCloser, error) { - if body == nil { - return nil, fmt.Errorf("response body is nil") - } - if contentEncoding == "" { - return body, nil - } - encodings := strings.Split(contentEncoding, ",") - for _, raw := range encodings { - encoding := strings.TrimSpace(strings.ToLower(raw)) - switch encoding { - case "", "identity": - continue - case "gzip": - gzipReader, err := gzip.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - return &compositeReadCloser{ - Reader: gzipReader, - closers: []func() error{ - gzipReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "deflate": - deflateReader := flate.NewReader(body) - return &compositeReadCloser{ - Reader: deflateReader, - closers: []func() error{ - deflateReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "br": - return &compositeReadCloser{ - Reader: brotli.NewReader(body), - closers: []func() error{ - func() error { return body.Close() }, - }, - }, nil - case "zstd": - decoder, err := zstd.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - return &compositeReadCloser{ - Reader: decoder, - closers: []func() error{ - func() error { decoder.Close(); return nil }, - func() error { return body.Close() }, - }, - }, nil - default: - continue - } - } - return body, nil -} - -// mapStainlessOS maps runtime.GOOS to Stainless SDK OS names. -func mapStainlessOS() string { - switch runtime.GOOS { - case "darwin": - return "MacOS" - case "windows": - return "Windows" - case "linux": - return "Linux" - case "freebsd": - return "FreeBSD" - default: - return "Other::" + runtime.GOOS - } -} - -// mapStainlessArch maps runtime.GOARCH to Stainless SDK architecture names. -func mapStainlessArch() string { - switch runtime.GOARCH { - case "amd64": - return "x64" - case "arm64": - return "arm64" - case "386": - return "x86" - default: - return "other::" + runtime.GOARCH - } -} - -func applyClaudeHeaders(r *http.Request, auth *cliproxyauth.Auth, apiKey string, stream bool, extraBetas []string, cfg *config.Config) { - hdrDefault := func(cfgVal, fallback string) string { - if cfgVal != "" { - return cfgVal - } - return fallback - } - - var hd config.ClaudeHeaderDefaults - if cfg != nil { - hd = cfg.ClaudeHeaderDefaults - } - - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := r.URL != nil && strings.EqualFold(r.URL.Scheme, "https") && strings.EqualFold(r.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - r.Header.Del("Authorization") - r.Header.Set("x-api-key", apiKey) - } else { - r.Header.Set("Authorization", "Bearer "+apiKey) - } - r.Header.Set("Content-Type", "application/json") - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - promptCachingBeta := "prompt-caching-2024-07-31" - baseBetas := "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14," + promptCachingBeta - if val := strings.TrimSpace(ginHeaders.Get("Anthropic-Beta")); val != "" { - baseBetas = val - if !strings.Contains(val, "oauth") { - baseBetas += ",oauth-2025-04-20" - } - } - if !strings.Contains(baseBetas, promptCachingBeta) { - baseBetas += "," + promptCachingBeta - } - - // Merge extra betas from request body - if len(extraBetas) > 0 { - existingSet := make(map[string]bool) - for _, b := range strings.Split(baseBetas, ",") { - existingSet[strings.TrimSpace(b)] = true - } - for _, beta := range extraBetas { - beta = strings.TrimSpace(beta) - if beta != "" && !existingSet[beta] { - baseBetas += "," + beta - existingSet[beta] = true - } - } - } - r.Header.Set("Anthropic-Beta", baseBetas) - - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Version", "2023-06-01") - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Dangerous-Direct-Browser-Access", "true") - misc.EnsureHeader(r.Header, ginHeaders, "X-App", "cli") - // Values below match Claude Code 2.1.44 / @anthropic-ai/sdk 0.74.0 (captured 2026-02-17). - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Helper-Method", "stream") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Retry-Count", "0") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime-Version", hdrDefault(hd.RuntimeVersion, "v24.3.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Package-Version", hdrDefault(hd.PackageVersion, "0.74.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime", "node") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Lang", "js") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Arch", mapStainlessArch()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Os", mapStainlessOS()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Timeout", hdrDefault(hd.Timeout, "600")) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", hdrDefault(hd.UserAgent, "claude-cli/2.1.44 (external, sdk-cli)")) - r.Header.Set("Connection", "keep-alive") - r.Header.Set("Accept-Encoding", "gzip, deflate, br, zstd") - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - // Keep OS/Arch mapping dynamic (not configurable). - // They intentionally continue to derive from runtime.GOOS/runtime.GOARCH. - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func claudeCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func checkSystemInstructions(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -func isClaudeOAuthToken(apiKey string) bool { - return strings.Contains(apiKey, "sk-ant-oat") -} - -func applyClaudeToolPrefix(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - - // Collect built-in tool names (those with a non-empty "type" field) so we can - // skip them consistently in both tools and message history. - builtinTools := map[string]bool{} - for _, name := range []string{"web_search", "code_execution", "text_editor", "computer"} { - builtinTools[name] = true - } - - if tools := gjson.GetBytes(body, "tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(index, tool gjson.Result) bool { - // Skip built-in tools (web_search, code_execution, etc.) which have - // a "type" field and require their name to remain unchanged. - if tool.Get("type").Exists() && tool.Get("type").String() != "" { - if n := tool.Get("name").String(); n != "" { - builtinTools[n] = true - } - return true - } - name := tool.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("tools.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - return true - }) - } - - toolChoiceType := gjson.GetBytes(body, "tool_choice.type").String() - if toolChoiceType == "tool" || toolChoiceType == "function" { - name := gjson.GetBytes(body, "tool_choice.name").String() - if name != "" && !strings.HasPrefix(name, prefix) && !builtinTools[name] { - body, _ = sjson.SetBytes(body, "tool_choice.name", prefix+name) - } - - functionName := gjson.GetBytes(body, "tool_choice.function.name").String() - if functionName != "" && !strings.HasPrefix(functionName, prefix) && !builtinTools[functionName] { - body, _ = sjson.SetBytes(body, "tool_choice.function.name", prefix+functionName) - } - } - - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(msgIndex, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - return true - } - content.ForEach(func(contentIndex, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) || builtinTools[name] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - case "tool_reference": - toolName := part.Get("tool_name").String() - if toolName == "" || strings.HasPrefix(toolName, prefix) || builtinTools[toolName] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+toolName) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if nestedToolName != "" && !strings.HasPrefix(nestedToolName, prefix) && !builtinTools[nestedToolName] { - nestedPath := fmt.Sprintf("messages.%d.content.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, prefix+nestedToolName) - } - } - return true - }) - } - } - return true - }) - return true - }) - } - - return body -} - -func stripClaudeToolPrefixFromResponse(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - content := gjson.GetBytes(body, "content") - if !content.Exists() || !content.IsArray() { - return body - } - content.ForEach(func(index, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("content.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(name, prefix)) - case "tool_reference": - toolName := part.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return true - } - path := fmt.Sprintf("content.%d.tool_name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(toolName, prefix)) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if strings.HasPrefix(nestedToolName, prefix) { - nestedPath := fmt.Sprintf("content.%d.content.%d.tool_name", index.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, strings.TrimPrefix(nestedToolName, prefix)) - } - } - return true - }) - } - } - return true - }) - return body -} - -func stripClaudeToolPrefixFromStreamLine(line []byte, prefix string) []byte { - if prefix == "" { - return line - } - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return line - } - contentBlock := gjson.GetBytes(payload, "content_block") - if !contentBlock.Exists() { - return line - } - - blockType := contentBlock.Get("type").String() - var updated []byte - var err error - - switch blockType { - case "tool_use": - name := contentBlock.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.name", strings.TrimPrefix(name, prefix)) - if err != nil { - return line - } - case "tool_reference": - toolName := contentBlock.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.tool_name", strings.TrimPrefix(toolName, prefix)) - if err != nil { - return line - } - default: - return line - } - - trimmed := bytes.TrimSpace(line) - if bytes.HasPrefix(trimmed, []byte("data:")) { - return append([]byte("data: "), updated...) - } - return updated -} - -// getClientUserAgent extracts the client User-Agent from the gin context. -func getClientUserAgent(ctx context.Context) string { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - return ginCtx.GetHeader("User-Agent") - } - return "" -} - -// getCloakConfigFromAuth extracts cloak configuration from auth attributes. -// Returns (cloakMode, strictMode, sensitiveWords). -func getCloakConfigFromAuth(auth *cliproxyauth.Auth) (string, bool, []string) { - if auth == nil || auth.Attributes == nil { - return "auto", false, nil - } - - cloakMode := auth.Attributes["cloak_mode"] - if cloakMode == "" { - cloakMode = "auto" - } - - strictMode := strings.ToLower(auth.Attributes["cloak_strict_mode"]) == "true" - - var sensitiveWords []string - if wordsStr := auth.Attributes["cloak_sensitive_words"]; wordsStr != "" { - sensitiveWords = strings.Split(wordsStr, ",") - for i := range sensitiveWords { - sensitiveWords[i] = strings.TrimSpace(sensitiveWords[i]) - } - } - - return cloakMode, strictMode, sensitiveWords -} - -// resolveClaudeKeyCloakConfig finds the matching ClaudeKey config and returns its CloakConfig. -func resolveClaudeKeyCloakConfig(cfg *config.Config, auth *cliproxyauth.Auth) *config.CloakConfig { - if cfg == nil || auth == nil { - return nil - } - - apiKey, baseURL := claudeCreds(auth) - if apiKey == "" { - return nil - } - - for i := range cfg.ClaudeKey { - entry := &cfg.ClaudeKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - - // Match by API key - if strings.EqualFold(cfgKey, apiKey) { - // If baseURL is specified, also check it - if baseURL != "" && cfgBase != "" && !strings.EqualFold(cfgBase, baseURL) { - continue - } - return entry.Cloak - } - } - - return nil -} - -func nextFakeUserID(apiKey string, useCache bool) string { - if useCache && apiKey != "" { - return cachedUserID(apiKey) - } - return generateFakeUserID() -} - -// injectFakeUserID generates and injects a fake user ID into the request metadata. -func injectFakeUserID(payload []byte, apiKey string, useCache bool) []byte { - metadata := gjson.GetBytes(payload, "metadata") - if !metadata.Exists() { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", nextFakeUserID(apiKey, useCache)) - return payload - } - - existingUserID := gjson.GetBytes(payload, "metadata.user_id").String() - if existingUserID == "" || !isValidUserID(existingUserID) { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", nextFakeUserID(apiKey, useCache)) - } - return payload -} - -// checkSystemInstructionsWithMode injects Claude Code system prompt. -// In strict mode, it replaces all user system messages. -// In non-strict mode (default), it prepends to existing system messages. -func checkSystemInstructionsWithMode(payload []byte, strictMode bool) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - - if strictMode { - // Strict mode: replace all system messages with Claude Code prompt only - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - return payload - } - - // Non-strict mode (default): prepend Claude Code prompt to existing system messages - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -// applyCloaking applies cloaking transformations to the payload based on config and client. -// Cloaking includes: system prompt injection, fake user ID, and sensitive word obfuscation. -func applyCloaking(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, payload []byte, model string) []byte { - clientUserAgent := getClientUserAgent(ctx) - - // Get cloak config from ClaudeKey configuration - cloakCfg := resolveClaudeKeyCloakConfig(cfg, auth) - - // Determine cloak settings - var cloakMode string - var strictMode bool - var sensitiveWords []string - - if cloakCfg != nil { - cloakMode = cloakCfg.Mode - strictMode = cloakCfg.StrictMode - sensitiveWords = cloakCfg.SensitiveWords - } - - // Fallback to auth attributes if no config found - if cloakMode == "" { - attrMode, attrStrict, attrWords := getCloakConfigFromAuth(auth) - cloakMode = attrMode - if !strictMode { - strictMode = attrStrict - } - if len(sensitiveWords) == 0 { - sensitiveWords = attrWords - } - } - - // Determine if cloaking should be applied - if !shouldCloak(cloakMode, clientUserAgent) { - return payload - } - - // Skip system instructions for claude-3-5-haiku models - if !strings.HasPrefix(model, "claude-3-5-haiku") { - payload = checkSystemInstructionsWithMode(payload, strictMode) - } - - // Reuse a stable fake user ID when a matching ClaudeKey cloak config exists. - // This keeps consistent metadata across model variants for the same credential. - apiKey, _ := claudeCreds(auth) - payload = injectFakeUserID(payload, apiKey, cloakCfg != nil) - - // Apply sensitive word obfuscation - if len(sensitiveWords) > 0 { - matcher := buildSensitiveWordMatcher(sensitiveWords) - payload = obfuscateSensitiveWords(payload, matcher) - } - - return payload -} - -// ensureCacheControl injects cache_control breakpoints into the payload for optimal prompt caching. -// According to Anthropic's documentation, cache prefixes are created in order: tools -> system -> messages. -// This function adds cache_control to: -// 1. The LAST tool in the tools array (caches all tool definitions) -// 2. The LAST element in the system array (caches system prompt) -// 3. The SECOND-TO-LAST user turn (caches conversation history for multi-turn) -// -// Up to 4 cache breakpoints are allowed per request. Tools, System, and Messages are INDEPENDENT breakpoints. -// This enables up to 90% cost reduction on cached tokens (cache read = 0.1x base price). -// See: https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching -func ensureCacheControl(payload []byte) []byte { - // 1. Inject cache_control into the LAST tool (caches all tool definitions) - // Tools are cached first in the hierarchy, so this is the most important breakpoint. - payload = injectToolsCacheControl(payload) - - // 2. Inject cache_control into the LAST system prompt element - // System is the second level in the cache hierarchy. - payload = injectSystemCacheControl(payload) - - // 3. Inject cache_control into messages for multi-turn conversation caching - // This caches the conversation history up to the second-to-last user turn. - payload = injectMessagesCacheControl(payload) - - return payload -} - -func countCacheControls(payload []byte) int { - count := 0 - - // Check system - system := gjson.GetBytes(payload, "system") - if system.IsArray() { - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check tools - tools := gjson.GetBytes(payload, "tools") - if tools.IsArray() { - tools.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check messages - messages := gjson.GetBytes(payload, "messages") - if messages.IsArray() { - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - return true - }) - } - - return count -} - -// injectMessagesCacheControl adds cache_control to the second-to-last user turn for multi-turn caching. -// Per Anthropic docs: "Place cache_control on the second-to-last User message to let the model reuse the earlier cache." -// This enables caching of conversation history, which is especially beneficial for long multi-turn conversations. -// Only adds cache_control if: -// - There are at least 2 user turns in the conversation -// - No message content already has cache_control -func injectMessagesCacheControl(payload []byte) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - // Check if ANY message content already has cache_control - hasCacheControlInMessages := false - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInMessages = true - return false - } - return true - }) - } - return !hasCacheControlInMessages - }) - if hasCacheControlInMessages { - return payload - } - - // Find all user message indices - var userMsgIndices []int - messages.ForEach(func(index gjson.Result, msg gjson.Result) bool { - if msg.Get("role").String() == "user" { - userMsgIndices = append(userMsgIndices, int(index.Int())) - } - return true - }) - - // Need at least 2 user turns to cache the second-to-last - if len(userMsgIndices) < 2 { - return payload - } - - // Get the second-to-last user message index - secondToLastUserIdx := userMsgIndices[len(userMsgIndices)-2] - - // Get the content of this message - contentPath := fmt.Sprintf("messages.%d.content", secondToLastUserIdx) - content := gjson.GetBytes(payload, contentPath) - - if content.IsArray() { - // Add cache_control to the last content block of this message - contentCount := int(content.Get("#").Int()) - if contentCount > 0 { - cacheControlPath := fmt.Sprintf("messages.%d.content.%d.cache_control", secondToLastUserIdx, contentCount-1) - result, err := sjson.SetBytes(payload, cacheControlPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into messages: %v", err) - return payload - } - payload = result - } - } else if content.Type == gjson.String { - // Convert string content to array with cache_control - text := content.String() - newContent := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, contentPath, newContent) - if err != nil { - log.Warnf("failed to inject cache_control into message string content: %v", err) - return payload - } - payload = result - } - - return payload -} - -// injectToolsCacheControl adds cache_control to the last tool in the tools array. -// Per Anthropic docs: "The cache_control parameter on the last tool definition caches all tool definitions." -// This only adds cache_control if NO tool in the array already has it. -func injectToolsCacheControl(payload []byte) []byte { - tools := gjson.GetBytes(payload, "tools") - if !tools.Exists() || !tools.IsArray() { - return payload - } - - toolCount := int(tools.Get("#").Int()) - if toolCount == 0 { - return payload - } - - // Check if ANY tool already has cache_control - if so, don't modify tools - hasCacheControlInTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("cache_control").Exists() { - hasCacheControlInTools = true - return false - } - return true - }) - if hasCacheControlInTools { - return payload - } - - // Add cache_control to the last tool - lastToolPath := fmt.Sprintf("tools.%d.cache_control", toolCount-1) - result, err := sjson.SetBytes(payload, lastToolPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into tools array: %v", err) - return payload - } - - return result -} - -// injectSystemCacheControl adds cache_control to the last element in the system prompt. -// Converts string system prompts to array format if needed. -// This only adds cache_control if NO system element already has it. -func injectSystemCacheControl(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - count := int(system.Get("#").Int()) - if count == 0 { - return payload - } - - // Check if ANY system element already has cache_control - hasCacheControlInSystem := false - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInSystem = true - return false - } - return true - }) - if hasCacheControlInSystem { - return payload - } - - // Add cache_control to the last system element - lastSystemPath := fmt.Sprintf("system.%d.cache_control", count-1) - result, err := sjson.SetBytes(payload, lastSystemPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into system array: %v", err) - return payload - } - payload = result - } else if system.Type == gjson.String { - // Convert string system prompt to array with cache_control - // "system": "text" -> "system": [{"type": "text", "text": "text", "cache_control": {"type": "ephemeral"}}] - text := system.String() - newSystem := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, "system", newSystem) - if err != nil { - log.Warnf("failed to inject cache_control into system string: %v", err) - return payload - } - payload = result - } - - return payload -} - -func (e *ClaudeExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor_betas_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor_betas_test.go deleted file mode 100644 index c5bd3f214b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor_betas_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestExtractAndRemoveBetas_AcceptsStringAndArray(t *testing.T) { - betas, body := extractAndRemoveBetas([]byte(`{"betas":["b1"," b2 "],"model":"claude-3-5-sonnet","messages":[]}`)) - if got := len(betas); got != 2 { - t.Fatalf("unexpected beta count = %d", got) - } - if got, want := betas[0], "b1"; got != want { - t.Fatalf("first beta = %q, want %q", got, want) - } - if got, want := betas[1], "b2"; got != want { - t.Fatalf("second beta = %q, want %q", got, want) - } - if got := gjson.GetBytes(body, "betas").Exists(); got { - t.Fatal("betas key should be removed") - } -} - -func TestExtractAndRemoveBetas_ParsesCommaSeparatedString(t *testing.T) { - betas, _ := extractAndRemoveBetas([]byte(`{"betas":" b1, b2 ,, b3 ","model":"claude-3-5-sonnet","messages":[]}`)) - if got := len(betas); got != 3 { - t.Fatalf("unexpected beta count = %d", got) - } - if got, want := betas[0], "b1"; got != want { - t.Fatalf("first beta = %q, want %q", got, want) - } - if got, want := betas[1], "b2"; got != want { - t.Fatalf("second beta = %q, want %q", got, want) - } - if got, want := betas[2], "b3"; got != want { - t.Fatalf("third beta = %q, want %q", got, want) - } -} - -func TestExtractAndRemoveBetas_IgnoresMalformedItems(t *testing.T) { - betas, _ := extractAndRemoveBetas([]byte(`{"betas":["b1",2,{"x":"y"},true],"model":"claude-3-5-sonnet"}`)) - if got := len(betas); got != 1 { - t.Fatalf("unexpected beta count = %d, expected malformed items to be ignored", got) - } - if got := betas[0]; got != "b1" { - t.Fatalf("beta = %q, expected %q", got, "b1") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor_test.go deleted file mode 100644 index 4176a42f69..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/claude_executor_test.go +++ /dev/null @@ -1,417 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func TestApplyClaudeToolPrefix(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"},{"name":"proxy_bravo"}],"tool_choice":{"type":"tool","name":"charlie"},"messages":[{"role":"assistant","content":[{"type":"tool_use","name":"delta","id":"t1","input":{}}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_alpha" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_alpha") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_bravo" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_bravo") - } - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "proxy_charlie" { - t.Fatalf("tool_choice.name = %q, want %q", got, "proxy_charlie") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_delta" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_delta") - } -} - -func TestApplyClaudeToolPrefix_WithToolReference(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"}],"messages":[{"role":"user","content":[{"type":"tool_reference","tool_name":"beta"},{"type":"tool_reference","tool_name":"proxy_gamma"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.tool_name").String(); got != "proxy_beta" { - t.Fatalf("messages.0.content.0.tool_name = %q, want %q", got, "proxy_beta") - } - if got := gjson.GetBytes(out, "messages.0.content.1.tool_name").String(); got != "proxy_gamma" { - t.Fatalf("messages.0.content.1.tool_name = %q, want %q", got, "proxy_gamma") - } -} - -func TestExtractAndRemoveBetas_AcceptsLegacyAnthropicBeta(t *testing.T) { - input := []byte(`{ - "betas": ["prompt-caching-2024-07-31", "thinking-2025-09-01"], - "anthropic_beta": "interleaved-thinking-2025-05-14", - "messages": [{"role":"user","content":"hi"}] - }`) - - got, out := extractAndRemoveBetas(input) - - expected := []string{"prompt-caching-2024-07-31", "thinking-2025-09-01", "interleaved-thinking-2025-05-14"} - if len(got) != len(expected) { - t.Fatalf("got %v, want %v", got, expected) - } - for i := range expected { - if got[i] != expected[i] { - t.Fatalf("got index %d = %q, want %q", i, got[i], expected[i]) - } - } - - if gjson.GetBytes(out, "betas").Exists() { - t.Fatal("betas should be removed from body") - } - if gjson.GetBytes(out, "anthropic_beta").Exists() { - t.Fatal("anthropic_beta should be removed from body") - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinTools(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"},{"name":"my_custom_tool","input_schema":{"type":"object"}}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("built-in tool name should not be prefixed: tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_my_custom_tool" { - t.Fatalf("custom tool should be prefixed: tools.1.name = %q, want %q", got, "proxy_my_custom_tool") - } -} - -func TestApplyClaudeToolPrefix_BuiltinToolSkipped(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search", "max_uses": 5}, - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}}, - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Read" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_KnownBuiltinInHistoryOnly(t *testing.T) { - body := []byte(`{ - "tools": [ - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_CustomToolsPrefixed(t *testing.T) { - body := []byte(`{ - "tools": [{"name": "Read"}, {"name": "Write"}], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}}, - {"type": "tool_use", "name": "Write", "id": "w1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Write" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Write") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Write" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Write") - } -} - -func TestApplyClaudeToolPrefix_ToolChoiceBuiltin(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search"}, - {"name": "Read"} - ], - "tool_choice": {"type": "tool", "name": "web_search"} - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "web_search" { - t.Fatalf("tool_choice.name = %q, want %q", got, "web_search") - } -} - -func TestApplyClaudeToolPrefix_ToolChoiceFunctionName(t *testing.T) { - body := []byte(`{ - "tools": [ - {"name": "Read"} - ], - "tool_choice": {"type": "function", "function": {"name": "Read"}} - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tool_choice.function.name").String(); got != "proxy_Read" { - t.Fatalf("tool_choice.function.name = %q, want %q", got, "proxy_Read") - } -} - -func TestDisableThinkingIfToolChoiceForced(t *testing.T) { - tests := []struct { - name string - body string - }{ - {name: "tool_choice_any", body: `{"tool_choice":{"type":"any"},"thinking":{"budget_tokens":1024}}`}, - {name: "tool_choice_tool", body: `{"tool_choice":{"type":"tool","name":"Read"},"thinking":{"budget_tokens":1024}}`}, - {name: "tool_choice_function", body: `{"tool_choice":{"type":"function","function":{"name":"Read"}},"thinking":{"budget_tokens":1024}}`}, - {name: "tool_choice_auto", body: `{"tool_choice":{"type":"auto"},"thinking":{"budget_tokens":1024}}`}, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - out := disableThinkingIfToolChoiceForced([]byte(tc.body)) - hasThinking := gjson.GetBytes(out, "thinking").Exists() - switch tc.name { - case "tool_choice_any", "tool_choice_tool", "tool_choice_function": - if hasThinking { - t.Fatalf("thinking should be removed, got %s", string(out)) - } - case "tool_choice_auto": - if !hasThinking { - t.Fatalf("thinking should be preserved, got %s", string(out)) - } - } - }) - } -} - -func TestStripClaudeToolPrefixFromResponse(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_use","name":"proxy_alpha","id":"t1","input":{}},{"type":"tool_use","name":"bravo","id":"t2","input":{}}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.name").String(); got != "alpha" { - t.Fatalf("content.0.name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.name").String(); got != "bravo" { - t.Fatalf("content.1.name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromResponse_WithToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_reference","tool_name":"proxy_alpha"},{"type":"tool_reference","tool_name":"bravo"}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.tool_name").String(); got != "alpha" { - t.Fatalf("content.0.tool_name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.tool_name").String(); got != "bravo" { - t.Fatalf("content.1.tool_name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromStreamLine(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_use","name":"proxy_alpha","id":"t1"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.name").String(); got != "alpha" { - t.Fatalf("content_block.name = %q, want %q", got, "alpha") - } -} - -func TestStripClaudeToolPrefixFromStreamLine_WithToolReference(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_reference","tool_name":"proxy_beta"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.tool_name").String(); got != "beta" { - t.Fatalf("content_block.tool_name = %q, want %q", got, "beta") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReference(t *testing.T) { - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"mcp__nia__manage_resource"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "proxy_mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "proxy_mcp__nia__manage_resource") - } -} - -func TestClaudeExecutor_ReusesUserIDAcrossModelsWhenCacheEnabled(t *testing.T) { - resetUserIDCache() - - var userIDs []string - var requestModels []string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - userID := gjson.GetBytes(body, "metadata.user_id").String() - model := gjson.GetBytes(body, "model").String() - userIDs = append(userIDs, userID) - requestModels = append(requestModels, model) - t.Logf("HTTP Server received request: model=%s, user_id=%s, url=%s", model, userID, r.URL.String()) - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"msg_1","type":"message","model":"claude-3-5-sonnet","role":"assistant","content":[{"type":"text","text":"ok"}],"usage":{"input_tokens":1,"output_tokens":1}}`)) - })) - defer server.Close() - - t.Logf("End-to-end test: Fake HTTP server started at %s", server.URL) - - executor := NewClaudeExecutor(&config.Config{ - ClaudeKey: []config.ClaudeKey{ - { - APIKey: "key-123", - BaseURL: server.URL, - Cloak: &config.CloakConfig{}, - }, - }, - }) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "api_key": "key-123", - "base_url": server.URL, - }} - - payload := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`) - models := []string{"claude-3-5-sonnet", "claude-3-5-haiku"} - for _, model := range models { - t.Logf("Sending request for model: %s", model) - modelPayload, _ := sjson.SetBytes(payload, "model", model) - if _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: model, - Payload: modelPayload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("claude"), - }); err != nil { - t.Fatalf("Execute(%s) error: %v", model, err) - } - } - - if len(userIDs) != 2 { - t.Fatalf("expected 2 requests, got %d", len(userIDs)) - } - if userIDs[0] == "" || userIDs[1] == "" { - t.Fatal("expected user_id to be populated") - } - t.Logf("user_id[0] (model=%s): %s", requestModels[0], userIDs[0]) - t.Logf("user_id[1] (model=%s): %s", requestModels[1], userIDs[1]) - if userIDs[0] != userIDs[1] { - t.Fatalf("expected user_id to be reused across models, got %q and %q", userIDs[0], userIDs[1]) - } - if !isValidUserID(userIDs[0]) { - t.Fatalf("user_id %q is not valid", userIDs[0]) - } - t.Logf("✓ End-to-end test passed: Same user_id (%s) was used for both models", userIDs[0]) -} - -func TestClaudeExecutor_GeneratesNewUserIDByDefault(t *testing.T) { - resetUserIDCache() - - var userIDs []string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - userIDs = append(userIDs, gjson.GetBytes(body, "metadata.user_id").String()) - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"msg_1","type":"message","model":"claude-3-5-sonnet","role":"assistant","content":[{"type":"text","text":"ok"}],"usage":{"input_tokens":1,"output_tokens":1}}`)) - })) - defer server.Close() - - executor := NewClaudeExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "api_key": "key-123", - "base_url": server.URL, - }} - - payload := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`) - - for i := 0; i < 2; i++ { - if _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "claude-3-5-sonnet", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("claude"), - }); err != nil { - t.Fatalf("Execute call %d error: %v", i, err) - } - } - - if len(userIDs) != 2 { - t.Fatalf("expected 2 requests, got %d", len(userIDs)) - } - if userIDs[0] == "" || userIDs[1] == "" { - t.Fatal("expected user_id to be populated") - } - if userIDs[0] == userIDs[1] { - t.Fatalf("expected user_id to change when caching is not enabled, got identical values %q", userIDs[0]) - } - if !isValidUserID(userIDs[0]) || !isValidUserID(userIDs[1]) { - t.Fatalf("user_ids should be valid, got %q and %q", userIDs[0], userIDs[1]) - } -} - -func TestStripClaudeToolPrefixFromResponse_NestedToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"proxy_mcp__nia__manage_resource"}]}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - got := gjson.GetBytes(out, "content.0.content.0.tool_name").String() - if got != "mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "mcp__nia__manage_resource") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReferenceWithStringContent(t *testing.T) { - // tool_result.content can be a string - should not be processed - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":"plain string result"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content").String() - if got != "plain string result" { - t.Fatalf("string content should remain unchanged = %q", got) - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinToolReference(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"}],"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"t1","content":[{"type":"tool_reference","tool_name":"web_search"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "web_search" { - t.Fatalf("built-in tool_reference should not be prefixed, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cloak_obfuscate.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cloak_obfuscate.go deleted file mode 100644 index 81781802ac..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cloak_obfuscate.go +++ /dev/null @@ -1,176 +0,0 @@ -package executor - -import ( - "regexp" - "sort" - "strings" - "unicode/utf8" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// zeroWidthSpace is the Unicode zero-width space character used for obfuscation. -const zeroWidthSpace = "\u200B" - -// SensitiveWordMatcher holds the compiled regex for matching sensitive words. -type SensitiveWordMatcher struct { - regex *regexp.Regexp -} - -// buildSensitiveWordMatcher compiles a regex from the word list. -// Words are sorted by length (longest first) for proper matching. -func buildSensitiveWordMatcher(words []string) *SensitiveWordMatcher { - if len(words) == 0 { - return nil - } - - // Filter and normalize words - var validWords []string - for _, w := range words { - w = strings.TrimSpace(w) - if utf8.RuneCountInString(w) >= 2 && !strings.Contains(w, zeroWidthSpace) { - validWords = append(validWords, w) - } - } - - if len(validWords) == 0 { - return nil - } - - // Sort by length (longest first) for proper matching - sort.Slice(validWords, func(i, j int) bool { - return len(validWords[i]) > len(validWords[j]) - }) - - // Escape and join - escaped := make([]string, len(validWords)) - for i, w := range validWords { - escaped[i] = regexp.QuoteMeta(w) - } - - pattern := "(?i)" + strings.Join(escaped, "|") - re, err := regexp.Compile(pattern) - if err != nil { - return nil - } - - return &SensitiveWordMatcher{regex: re} -} - -// obfuscateWord inserts a zero-width space after the first grapheme. -func obfuscateWord(word string) string { - if strings.Contains(word, zeroWidthSpace) { - return word - } - - // Get first rune - r, size := utf8.DecodeRuneInString(word) - if r == utf8.RuneError || size >= len(word) { - return word - } - - return string(r) + zeroWidthSpace + word[size:] -} - -// obfuscateText replaces all sensitive words in the text. -func (m *SensitiveWordMatcher) obfuscateText(text string) string { - if m == nil || m.regex == nil { - return text - } - return m.regex.ReplaceAllStringFunc(text, obfuscateWord) -} - -// obfuscateSensitiveWords processes the payload and obfuscates sensitive words -// in system blocks and message content. -func obfuscateSensitiveWords(payload []byte, matcher *SensitiveWordMatcher) []byte { - if matcher == nil || matcher.regex == nil { - return payload - } - - // Obfuscate in system blocks - payload = obfuscateSystemBlocks(payload, matcher) - - // Obfuscate in messages - payload = obfuscateMessages(payload, matcher) - - return payload -} - -// obfuscateSystemBlocks obfuscates sensitive words in system blocks. -func obfuscateSystemBlocks(payload []byte, matcher *SensitiveWordMatcher) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - modified := false - system.ForEach(func(key, value gjson.Result) bool { - if value.Get("type").String() == "text" { - text := value.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := "system." + key.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - modified = true - } - } - return true - }) - if modified { - return payload - } - } else if system.Type == gjson.String { - text := system.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, "system", obfuscated) - } - } - - return payload -} - -// obfuscateMessages obfuscates sensitive words in message content. -func obfuscateMessages(payload []byte, matcher *SensitiveWordMatcher) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - messages.ForEach(func(msgKey, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() { - return true - } - - msgPath := "messages." + msgKey.String() - - if content.Type == gjson.String { - // Simple string content - text := content.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, msgPath+".content", obfuscated) - } - } else if content.IsArray() { - // Array of content blocks - content.ForEach(func(blockKey, block gjson.Result) bool { - if block.Get("type").String() == "text" { - text := block.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := msgPath + ".content." + blockKey.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - } - } - return true - }) - } - - return true - }) - - return payload -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cloak_utils.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cloak_utils.go deleted file mode 100644 index 6820ff88f2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/cloak_utils.go +++ /dev/null @@ -1,42 +0,0 @@ -package executor - -import ( - "crypto/rand" - "encoding/hex" - "regexp" - "strings" - - "github.com/google/uuid" -) - -// userIDPattern matches Claude Code format: user_[64-hex]_account__session_[uuid-v4] -var userIDPattern = regexp.MustCompile(`^user_[a-fA-F0-9]{64}_account__session_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`) - -// generateFakeUserID generates a fake user ID in Claude Code format. -// Format: user_[64-hex-chars]_account__session_[UUID-v4] -func generateFakeUserID() string { - hexBytes := make([]byte, 32) - _, _ = rand.Read(hexBytes) - hexPart := hex.EncodeToString(hexBytes) - uuidPart := uuid.New().String() - return "user_" + hexPart + "_account__session_" + uuidPart -} - -// isValidUserID checks if a user ID matches Claude Code format. -func isValidUserID(userID string) bool { - return userIDPattern.MatchString(userID) -} - -// shouldCloak determines if request should be cloaked based on config and client User-Agent. -// Returns true if cloaking should be applied. -func shouldCloak(cloakMode string, userAgent string) bool { - switch strings.ToLower(cloakMode) { - case "always": - return true - case "never": - return false - default: // "auto" or empty - // If client is Claude Code, don't cloak - return !strings.HasPrefix(userAgent, "claude-cli") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor.go deleted file mode 100644 index fb5f47ed11..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor.go +++ /dev/null @@ -1,864 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - codexauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "github.com/tiktoken-go/tokenizer" - - "github.com/gin-gonic/gin" - "github.com/google/uuid" -) - -const ( - codexClientVersion = "0.101.0" - codexUserAgent = "codex_cli_rs/0.101.0 (Mac OS 26.0.1; arm64) Apple_Terminal/464" -) - -var dataTag = []byte("data:") - -// CodexExecutor is a stateless executor for Codex (OpenAI Responses API entrypoint). -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type CodexExecutor struct { - cfg *config.Config -} - -func NewCodexExecutor(cfg *config.Config) *CodexExecutor { return &CodexExecutor{cfg: cfg} } - -func (e *CodexExecutor) Identifier() string { return "codex" } - -// PrepareRequest injects Codex credentials into the outgoing HTTP request. -func (e *CodexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := codexCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Codex credentials into the request and executes it. -func (e *CodexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("codex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return e.executeCompact(ctx, auth, req, opts) - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - // Preserve compaction fields for openai-response format (GitHub #1667) - // These fields are used for conversation context management in the Responses API - if from != "openai-response" { - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - } - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - body = normalizeCodexToolSchemas(body) - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - - line = bytes.TrimSpace(line[5:]) - if gjson.GetBytes(line, "type").String() != "response.completed" { - continue - } - - if detail, ok := parseCodexUsage(line); ok { - reporter.publish(ctx, detail) - } - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, line, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - err = statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"} - return resp, err -} - -func (e *CodexExecutor) executeCompact(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai-response") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.DeleteBytes(body, "stream") - body = normalizeCodexToolSchemas(body) - - url := strings.TrimSuffix(baseURL, "/") + "/responses/compact" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - reporter.ensurePublished(ctx) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - // Preserve compaction fields for openai-response format (GitHub #1667) - // These fields are used for conversation context management in the Responses API - if from != "openai-response" { - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - } - body, _ = sjson.SetBytes(body, "model", baseModel) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - body = normalizeCodexToolSchemas(body) - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return nil, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - completed := false - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if gjson.GetBytes(data, "type").String() == "response.completed" { - completed = true - if detail, ok := parseCodexUsage(data); ok { - reporter.publish(ctx, detail) - } - } - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, originalPayload, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - return - } - if !completed { - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{ - Err: statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"}, - } - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *CodexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err := thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body, _ = sjson.SetBytes(body, "model", baseModel) - // Preserve compaction fields for openai-response format (GitHub #1667) - // These fields are used for conversation context management in the Responses API - if from != "openai-response" { - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - } - body, _ = sjson.SetBytes(body, "stream", false) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - enc, err := tokenizerForCodexModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: tokenizer init failed: %w", err) - } - - count, err := countCodexInputTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: token counting failed: %w", err) - } - - usageJSON := fmt.Sprintf(`{"response":{"usage":{"input_tokens":%d,"output_tokens":0,"total_tokens":%d}}}`, count, count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, []byte(usageJSON)) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func tokenizerForCodexModel(model string) (tokenizer.Codec, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - switch { - case sanitized == "": - return tokenizer.Get(tokenizer.Cl100kBase) - case strings.HasPrefix(sanitized, "gpt-5"): - return tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - return tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - return tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - return tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - return tokenizer.ForModel(tokenizer.GPT35Turbo) - default: - return tokenizer.Get(tokenizer.Cl100kBase) - } -} - -func countCodexInputTokens(enc tokenizer.Codec, body []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(body) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(body) - var segments []string - - if inst := strings.TrimSpace(root.Get("instructions").String()); inst != "" { - segments = append(segments, inst) - } - - inputItems := root.Get("input") - if inputItems.IsArray() { - arr := inputItems.Array() - for i := range arr { - item := arr[i] - switch item.Get("type").String() { - case "message": - content := item.Get("content") - if content.IsArray() { - parts := content.Array() - for j := range parts { - part := parts[j] - if text := strings.TrimSpace(part.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - case "function_call": - if name := strings.TrimSpace(item.Get("name").String()); name != "" { - segments = append(segments, name) - } - if args := strings.TrimSpace(item.Get("arguments").String()); args != "" { - segments = append(segments, args) - } - case "function_call_output": - if out := strings.TrimSpace(item.Get("output").String()); out != "" { - segments = append(segments, out) - } - default: - if text := strings.TrimSpace(item.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - } - - tools := root.Get("tools") - if tools.IsArray() { - tarr := tools.Array() - for i := range tarr { - tool := tarr[i] - if name := strings.TrimSpace(tool.Get("name").String()); name != "" { - segments = append(segments, name) - } - if desc := strings.TrimSpace(tool.Get("description").String()); desc != "" { - segments = append(segments, desc) - } - if params := tool.Get("parameters"); params.Exists() { - val := params.Raw - if params.Type == gjson.String { - val = params.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - } - - textFormat := root.Get("text.format") - if textFormat.Exists() { - if name := strings.TrimSpace(textFormat.Get("name").String()); name != "" { - segments = append(segments, name) - } - if schema := textFormat.Get("schema"); schema.Exists() { - val := schema.Raw - if schema.Type == gjson.String { - val = schema.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - - text := strings.Join(segments, "\n") - if text == "" { - return 0, nil - } - - count, err := enc.Count(text) - if err != nil { - return 0, err - } - return int64(count), nil -} - -func (e *CodexExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("codex executor: refresh called") - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "codex executor: missing auth"} - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := codexauth.NewCodexAuth(e.cfg) - td, err := svc.RefreshTokensWithRetry(ctx, refreshToken, 3) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["id_token"] = td.IDToken - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.AccountID != "" { - auth.Metadata["account_id"] = td.AccountID - } - auth.Metadata["email"] = td.Email - // Use unified key in files - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "codex" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func normalizeCodexToolSchemas(body []byte) []byte { - if len(body) == 0 { - return body - } - - var root map[string]any - if err := json.Unmarshal(body, &root); err != nil { - return body - } - - toolsValue, exists := root["tools"] - if !exists { - return body - } - tools, ok := toolsValue.([]any) - if !ok { - return body - } - - changed := false - for i := range tools { - tool, ok := tools[i].(map[string]any) - if !ok { - continue - } - parametersValue, exists := tool["parameters"] - if !exists { - continue - } - - switch parameters := parametersValue.(type) { - case map[string]any: - if normalizeJSONSchemaArrays(parameters) { - changed = true - } - case string: - trimmed := strings.TrimSpace(parameters) - if trimmed == "" { - continue - } - var schema map[string]any - if err := json.Unmarshal([]byte(trimmed), &schema); err != nil { - continue - } - if !normalizeJSONSchemaArrays(schema) { - continue - } - normalizedSchema, err := json.Marshal(schema) - if err != nil { - continue - } - tool["parameters"] = string(normalizedSchema) - changed = true - } - } - - if !changed { - return body - } - normalizedBody, err := json.Marshal(root) - if err != nil { - return body - } - return normalizedBody -} - -func normalizeJSONSchemaArrays(schema map[string]any) bool { - if schema == nil { - return false - } - - changed := false - if schemaTypeHasArray(schema["type"]) { - if _, exists := schema["items"]; !exists { - schema["items"] = map[string]any{} - changed = true - } - } - - if itemsSchema, ok := schema["items"].(map[string]any); ok { - if normalizeJSONSchemaArrays(itemsSchema) { - changed = true - } - } - if itemsArray, ok := schema["items"].([]any); ok { - for i := range itemsArray { - itemSchema, ok := itemsArray[i].(map[string]any) - if !ok { - continue - } - if normalizeJSONSchemaArrays(itemSchema) { - changed = true - } - } - } - - if props, ok := schema["properties"].(map[string]any); ok { - for _, prop := range props { - propSchema, ok := prop.(map[string]any) - if !ok { - continue - } - if normalizeJSONSchemaArrays(propSchema) { - changed = true - } - } - } - - if additionalProperties, ok := schema["additionalProperties"].(map[string]any); ok { - if normalizeJSONSchemaArrays(additionalProperties) { - changed = true - } - } - - for _, key := range []string{"anyOf", "oneOf", "allOf", "prefixItems"} { - nodes, ok := schema[key].([]any) - if !ok { - continue - } - for i := range nodes { - node, ok := nodes[i].(map[string]any) - if !ok { - continue - } - if normalizeJSONSchemaArrays(node) { - changed = true - } - } - } - - return changed -} - -func schemaTypeHasArray(typeValue any) bool { - switch typeNode := typeValue.(type) { - case string: - return strings.EqualFold(strings.TrimSpace(typeNode), "array") - case []any: - for i := range typeNode { - typeName, ok := typeNode[i].(string) - if ok && strings.EqualFold(strings.TrimSpace(typeName), "array") { - return true - } - } - case []string: - for i := range typeNode { - if strings.EqualFold(strings.TrimSpace(typeNode[i]), "array") { - return true - } - } - } - return false -} - -func (e *CodexExecutor) cacheHelper(ctx context.Context, from sdktranslator.Format, url string, req cliproxyexecutor.Request, rawJSON []byte) (*http.Request, error) { - var cache codexCache - switch from { - case "claude": - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - var ok bool - if cache, ok = getCodexCache(key); !ok { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - case "openai-response": - promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key") - if promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - } - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(rawJSON)) - if err != nil { - return nil, err - } - if cache.ID != "" { - httpReq.Header.Set("Conversation_id", cache.ID) - httpReq.Header.Set("Session_id", cache.ID) - } - return httpReq, nil -} - -func applyCodexHeaders(r *http.Request, auth *cliproxyauth.Auth, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "Version", codexClientVersion) - misc.EnsureHeader(r.Header, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", codexUserAgent) - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - r.Header.Set("Connection", "Keep-Alive") - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - r.Header.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - r.Header.Set("Chatgpt-Account-Id", accountID) - } - } - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func codexCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_compact_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_compact_test.go deleted file mode 100644 index cf252043f9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_compact_test.go +++ /dev/null @@ -1,85 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestCodexExecutorCompactUsesCompactEndpoint(t *testing.T) { - var gotPath string - var gotAccept string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - gotAccept = r.Header.Get("Accept") - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":3,"output_tokens":1,"total_tokens":4}}`)) - })) - defer server.Close() - - executor := NewCodexExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL, - "api_key": "test", - }} - payload := []byte(`{"model":"gpt-5.1-codex-max","input":[{"role":"user","content":"compact this"}]}`) - resp, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.1-codex-max", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai-response"), - Alt: "responses/compact", - Stream: false, - }) - if err != nil { - t.Fatalf("Execute error: %v", err) - } - if gotPath != "/responses/compact" { - t.Fatalf("path = %q, want %q", gotPath, "/responses/compact") - } - if gotAccept != "application/json" { - t.Fatalf("accept = %q, want application/json", gotAccept) - } - if !gjson.GetBytes(gotBody, "input").Exists() { - t.Fatalf("expected input in body") - } - if gjson.GetBytes(gotBody, "stream").Exists() { - t.Fatalf("stream must not be present for compact requests") - } - if gjson.GetBytes(resp.Payload, "object").String() != "response.compaction" { - t.Fatalf("unexpected payload: %s", string(resp.Payload)) - } -} - -func TestCodexExecutorCompactStreamingRejected(t *testing.T) { - executor := NewCodexExecutor(&config.Config{}) - _, err := executor.ExecuteStream(context.Background(), nil, cliproxyexecutor.Request{ - Model: "gpt-5.1-codex-max", - Payload: []byte(`{"model":"gpt-5.1-codex-max","input":"x"}`), - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai-response"), - Alt: "responses/compact", - Stream: true, - }) - if err == nil { - t.Fatal("expected error for streaming compact request") - } - st, ok := err.(statusErr) - if !ok { - t.Fatalf("expected statusErr, got %T", err) - } - if st.code != http.StatusBadRequest { - t.Fatalf("status = %d, want %d", st.code, http.StatusBadRequest) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_cpb0106_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_cpb0106_test.go deleted file mode 100644 index f1a7e2034c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_cpb0106_test.go +++ /dev/null @@ -1,138 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -const cpb0106CodexSSECompletedEvent = `data: {"type":"response.completed","response":{"id":"resp_0106","object":"response","status":"completed","created_at":1735689600,"model":"gpt-5.3-codex","output":[{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}],"usage":{"input_tokens":25,"output_tokens":8,"total_tokens":33}}}` - -func loadFixture(t *testing.T, relativePath string) []byte { - t.Helper() - path := filepath.Join("testdata", relativePath) - b, err := os.ReadFile(path) - if err != nil { - t.Fatalf("failed to read fixture %q: %v", path, err) - } - return b -} - -func TestCodexExecutor_VariantOnlyRequest_PassesReasoningForExecute(t *testing.T) { - payload := loadFixture(t, filepath.ToSlash("cpb-0106-variant-only-openwork-chat-completions.json")) - - requestBodyCh := make(chan []byte, 1) - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - requestBodyCh <- append([]byte(nil), body...) - w.Header().Set("Content-Type", "text/event-stream") - _, _ = w.Write([]byte(cpb0106CodexSSECompletedEvent)) - })) - defer server.Close() - - executor := NewCodexExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{ - "base_url": server.URL, - "api_key": "cpb0106", - }, - } - reqPayload := []byte(payload) - - resp, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.3-codex", - Payload: reqPayload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: false, - }) - if err != nil { - t.Fatalf("Execute failed: %v", err) - } - if len(resp.Payload) == 0 { - t.Fatal("expected non-empty response payload") - } - - var upstreamBody []byte - select { - case upstreamBody = <-requestBodyCh: - case <-time.After(2 * time.Second): - t.Fatal("did not capture upstream request body in time") - } - - out := gjson.GetBytes(upstreamBody, "stream") - if !out.Exists() || !out.Bool() { - t.Fatalf("expected upstream stream=true, got %v", out.Bool()) - } - if got := gjson.GetBytes(upstreamBody, "reasoning.effort").String(); got != "high" { - t.Fatalf("expected reasoning.effort=high, got %q", got) - } -} - -func TestCodexExecutor_VariantOnlyRequest_PassesReasoningForExecuteStream(t *testing.T) { - payload := loadFixture(t, filepath.ToSlash("cpb-0106-variant-only-openwork-chat-completions.json")) - - requestBodyCh := make(chan []byte, 1) - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - requestBodyCh <- append([]byte(nil), body...) - w.Header().Set("Content-Type", "text/event-stream") - _, _ = w.Write([]byte(cpb0106CodexSSECompletedEvent)) - })) - defer server.Close() - - executor := NewCodexExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{ - "base_url": server.URL, - "api_key": "cpb0106", - }, - } - reqPayload := []byte(payload) - - streamResult, err := executor.ExecuteStream(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.3-codex", - Payload: reqPayload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: true, - }) - if err != nil { - t.Fatalf("ExecuteStream failed: %v", err) - } - - chunkCount := 0 - for chunk := range streamResult.Chunks { - if len(chunk.Payload) > 0 { - chunkCount++ - } - } - if chunkCount == 0 { - t.Fatal("expected stream result to emit chunks") - } - - var upstreamBody []byte - select { - case upstreamBody = <-requestBodyCh: - case <-time.After(2 * time.Second): - t.Fatal("did not capture upstream request body in time") - } - - if got := gjson.GetBytes(upstreamBody, "stream").Bool(); got != false { - t.Fatalf("expected upstream stream=false in ExecuteStream path, got %v", got) - } - if got := gjson.GetBytes(upstreamBody, "reasoning.effort").String(); got != "high" { - t.Fatalf("expected reasoning.effort=high, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_cpb0227_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_cpb0227_test.go deleted file mode 100644 index de981f6398..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_executor_cpb0227_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package executor - -import ( - "context" - "errors" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -) - -func TestCodexExecutor_CPB0227_ExecuteFailsWhenStreamClosesBeforeResponseCompleted(t *testing.T) { - t.Parallel() - - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/event-stream") - _, _ = io.WriteString(w, "data: {\"type\":\"response.created\"}\n") - _, _ = io.WriteString(w, "data: {\"type\":\"response.in_progress\"}\n") - })) - defer upstream.Close() - - executor := NewCodexExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{"base_url": upstream.URL, "api_key": "cpb0227"}} - - _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5-codex", - Payload: []byte(`{"model":"gpt-5-codex","input":[{"role":"user","content":"ping"}]}`), - }, cliproxyexecutor.Options{SourceFormat: sdktranslator.FromString("openai-response")}) - if err == nil { - t.Fatal("expected Execute to fail when response.completed is missing") - } - - var got statusErr - if !errors.As(err, &got) { - t.Fatalf("expected statusErr, got %T: %v", err, err) - } - if got.code != 408 { - t.Fatalf("expected status 408, got %d", got.code) - } - if !strings.Contains(got.msg, "stream closed before response.completed") { - t.Fatalf("expected completion-missing message, got %q", got.msg) - } -} - -func TestCodexExecutor_CPB0227_ExecuteStreamEmitsErrorWhenResponseCompletedMissing(t *testing.T) { - t.Parallel() - - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/event-stream") - _, _ = io.WriteString(w, "data: {\"type\":\"response.created\"}\n") - _, _ = io.WriteString(w, "data: {\"type\":\"response.output_text.delta\",\"delta\":\"hi\"}\n") - })) - defer upstream.Close() - - executor := NewCodexExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{"base_url": upstream.URL, "api_key": "cpb0227"}} - - streamResult, err := executor.ExecuteStream(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5-codex", - Payload: []byte(`{"model":"gpt-5-codex","input":[{"role":"user","content":"ping"}]}`), - }, cliproxyexecutor.Options{SourceFormat: sdktranslator.FromString("openai-response"), Stream: true}) - if err != nil { - t.Fatalf("ExecuteStream returned unexpected error: %v", err) - } - - var streamErr error - for chunk := range streamResult.Chunks { - if chunk.Err != nil { - streamErr = chunk.Err - break - } - } - if streamErr == nil { - t.Fatal("expected stream error chunk when response.completed is missing") - } - - var got statusErr - if !errors.As(streamErr, &got) { - t.Fatalf("expected statusErr from stream, got %T: %v", streamErr, streamErr) - } - if got.code != 408 { - t.Fatalf("expected status 408, got %d", got.code) - } - if !strings.Contains(got.msg, "stream closed before response.completed") { - t.Fatalf("expected completion-missing message, got %q", got.msg) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor.go deleted file mode 100644 index a6a91d68b7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor.go +++ /dev/null @@ -1,1432 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements a Codex executor that uses the Responses API WebSocket transport. -package executor - -import ( - "bytes" - "context" - "fmt" - "io" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/gorilla/websocket" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/net/proxy" -) - -const ( - codexResponsesWebsocketBetaHeaderValue = "responses_websockets=2026-02-04" - codexResponsesWebsocketIdleTimeout = 5 * time.Minute - codexResponsesWebsocketHandshakeTO = 30 * time.Second -) - -// CodexWebsocketsExecutor executes Codex Responses requests using a WebSocket transport. -// -// It preserves the existing CodexExecutor HTTP implementation as a fallback for endpoints -// not available over WebSocket (e.g. /responses/compact) and for websocket upgrade failures. -type CodexWebsocketsExecutor struct { - *CodexExecutor - - sessMu sync.Mutex - sessions map[string]*codexWebsocketSession -} - -type codexWebsocketSession struct { - sessionID string - - reqMu sync.Mutex - - connMu sync.Mutex - conn *websocket.Conn - wsURL string - authID string - - // connCreateSent tracks whether a `response.create` message has been successfully sent - // on the current websocket connection. The upstream expects the first message on each - // connection to be `response.create`. - connCreateSent bool - - writeMu sync.Mutex - - activeMu sync.Mutex - activeCh chan codexWebsocketRead - activeDone <-chan struct{} - activeCancel context.CancelFunc - - readerConn *websocket.Conn -} - -func NewCodexWebsocketsExecutor(cfg *config.Config) *CodexWebsocketsExecutor { - return &CodexWebsocketsExecutor{ - CodexExecutor: NewCodexExecutor(cfg), - sessions: make(map[string]*codexWebsocketSession), - } -} - -type codexWebsocketRead struct { - conn *websocket.Conn - msgType int - payload []byte - err error -} - -// enqueueCodexWebsocketRead attempts to send a read result to the channel. -// If the channel is full and a done signal is sent, it returns without enqueuing. -// If the channel is full and we have an error, it prioritizes the error by draining and re-sending. -func enqueueCodexWebsocketRead(ch chan codexWebsocketRead, done <-chan struct{}, read codexWebsocketRead) { - if ch == nil { - return - } - - // Try to send without blocking first - select { - case <-done: - return - case ch <- read: - return - default: - } - - // Channel full and done signal not yet sent; check done again - select { - case <-done: - return - default: - } - - // If we have an error, prioritize it by draining the stale message - if read.err != nil { - select { - case <-done: - return - case <-ch: - // Drained stale message, now send the error - ch <- read - } - } -} - -func (s *codexWebsocketSession) setActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCancel != nil { - s.activeCancel() - s.activeCancel = nil - s.activeDone = nil - } - s.activeCh = ch - if ch != nil { - activeCtx, activeCancel := context.WithCancel(context.Background()) - s.activeDone = activeCtx.Done() - s.activeCancel = activeCancel - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) clearActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCh == ch { - s.activeCh = nil - if s.activeCancel != nil { - s.activeCancel() - } - s.activeCancel = nil - s.activeDone = nil - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) writeMessage(conn *websocket.Conn, msgType int, payload []byte) error { - if s == nil { - return fmt.Errorf("codex websockets executor: session is nil") - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - s.writeMu.Lock() - defer s.writeMu.Unlock() - return conn.WriteMessage(msgType, payload) -} - -func (s *codexWebsocketSession) configureConn(conn *websocket.Conn) { - if s == nil || conn == nil { - return - } - conn.SetPingHandler(func(appData string) error { - s.writeMu.Lock() - defer s.writeMu.Unlock() - // Reply pongs from the same write lock to avoid concurrent writes. - return conn.WriteControl(websocket.PongMessage, []byte(appData), time.Now().Add(10*time.Second)) - }) -} - -func (e *CodexWebsocketsExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return e.executeCompact(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - body = normalizeCodexToolSchemas(body) - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return resp, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - defer sess.reqMu.Unlock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if respHS != nil { - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.Execute(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return resp, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - return resp, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - defer func() { - reason := "completed" - if err != nil { - reason = "error" - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - defer sess.clearActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a fresh websocket connection. This is mainly to handle - // upstream closing the socket between sequential requests within the same - // execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry == nil && connRetry != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry == nil { - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - recordAPIResponseError(ctx, e.cfg, errSendRetry) - return resp, errSendRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - return resp, errDialRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errSend) - return resp, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - for { - if ctx != nil && ctx.Err() != nil { - return resp, ctx.Err() - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - recordAPIResponseError(ctx, e.cfg, wsErr) - return resp, wsErr - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - } -} - -func (e *CodexWebsocketsExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - log.Debug("Executing Codex Websockets stream request") - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := req.Payload - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, body, requestedModel) - body = normalizeCodexToolSchemas(body) - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return nil, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - var upstreamHeaders http.Header - if respHS != nil { - upstreamHeaders = respHS.Header.Clone() - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.ExecuteStream(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return nil, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - if sess != nil { - sess.reqMu.Unlock() - } - return nil, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - recordAPIResponseError(ctx, e.cfg, errSend) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a new websocket connection for the same execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry != nil || connRetry == nil { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errDialRetry - } - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry != nil { - recordAPIResponseError(ctx, e.cfg, errSendRetry) - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errSendRetry - } - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, "send_error", errSend) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return nil, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - terminateReason := "completed" - var terminateErr error - - defer close(out) - defer func() { - if sess != nil { - sess.clearActive(readCh) - sess.reqMu.Unlock() - return - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, terminateReason, terminateErr) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - - send := func(chunk cliproxyexecutor.StreamChunk) bool { - if ctx == nil { - out <- chunk - return true - } - select { - case out <- chunk: - return true - case <-ctx.Done(): - return false - } - } - - var param any - for { - if ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - if sess != nil && ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - terminateReason = "read_error" - terminateErr = errRead - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - _ = send(cliproxyexecutor.StreamChunk{Err: errRead}) - return - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - terminateReason = "unexpected_binary" - terminateErr = err - recordAPIResponseError(ctx, e.cfg, err) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - _ = send(cliproxyexecutor.StreamChunk{Err: err}) - return - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - terminateReason = "upstream_error" - terminateErr = wsErr - recordAPIResponseError(ctx, e.cfg, wsErr) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - _ = send(cliproxyexecutor.StreamChunk{Err: wsErr}) - return - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" || eventType == "response.done" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - } - - line := encodeCodexWebsocketAsSSE(payload) - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, body, body, line, ¶m) - for i := range chunks { - if !send(cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}) { - terminateReason = "context_done" - terminateErr = ctx.Err() - return - } - } - if eventType == "response.completed" || eventType == "response.done" { - return - } - } - }() - - return &cliproxyexecutor.StreamResult{Headers: upstreamHeaders, Chunks: out}, nil -} - -func (e *CodexWebsocketsExecutor) dialCodexWebsocket(ctx context.Context, auth *cliproxyauth.Auth, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - dialer := newProxyAwareWebsocketDialer(e.cfg, auth) - dialer.HandshakeTimeout = codexResponsesWebsocketHandshakeTO - dialer.EnableCompression = true - if ctx == nil { - ctx = context.Background() - } - conn, resp, err := dialer.DialContext(ctx, wsURL, headers) - if conn != nil { - // Avoid gorilla/websocket flate tail validation issues on some upstreams/Go versions. - // Negotiating permessage-deflate is fine; we just don't compress outbound messages. - conn.EnableWriteCompression(false) - } - return conn, resp, err -} - -func writeCodexWebsocketMessage(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) error { - if sess != nil { - return sess.writeMessage(conn, websocket.TextMessage, payload) - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - return conn.WriteMessage(websocket.TextMessage, payload) -} - -func buildCodexWebsocketRequestBody(body []byte, allowAppend bool) []byte { - if len(body) == 0 { - return nil - } - - // Codex CLI websocket v2 uses `response.create` with `previous_response_id` for incremental turns. - // The upstream ChatGPT Codex websocket currently rejects that with close 1008 (policy violation). - // Fall back to v1 `response.append` semantics on the same websocket connection to keep the session alive. - // - // NOTE: The upstream expects the first websocket event on each connection to be `response.create`, - // so we only use `response.append` after we have initialized the current connection. - if allowAppend { - if prev := strings.TrimSpace(gjson.GetBytes(body, "previous_response_id").String()); prev != "" { - inputNode := gjson.GetBytes(body, "input") - wsReqBody := []byte(`{}`) - wsReqBody, _ = sjson.SetBytes(wsReqBody, "type", "response.append") - if inputNode.Exists() && inputNode.IsArray() && strings.TrimSpace(inputNode.Raw) != "" { - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte(inputNode.Raw)) - return wsReqBody - } - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte("[]")) - return wsReqBody - } - } - - wsReqBody, errSet := sjson.SetBytes(bytes.Clone(body), "type", "response.create") - if errSet == nil && len(wsReqBody) > 0 { - return wsReqBody - } - fallback := bytes.Clone(body) - fallback, _ = sjson.SetBytes(fallback, "type", "response.create") - return fallback -} - -func readCodexWebsocketMessage(ctx context.Context, sess *codexWebsocketSession, conn *websocket.Conn, readCh chan codexWebsocketRead) (int, []byte, error) { - if sess == nil { - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - return msgType, payload, errRead - } - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - if readCh == nil { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel is nil") - } - for { - select { - case <-ctx.Done(): - return 0, nil, ctx.Err() - case ev, ok := <-readCh: - if !ok { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel closed") - } - if ev.conn != conn { - continue - } - if ev.err != nil { - return 0, nil, ev.err - } - return ev.msgType, ev.payload, nil - } - } -} - -func markCodexWebsocketCreateSent(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) { - if sess == nil || conn == nil || len(payload) == 0 { - return - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "response.create" { - return - } - - sess.connMu.Lock() - if sess.conn == conn { - sess.connCreateSent = true - } - sess.connMu.Unlock() -} - -func newProxyAwareWebsocketDialer(cfg *config.Config, auth *cliproxyauth.Auth) *websocket.Dialer { - dialer := &websocket.Dialer{ - Proxy: http.ProxyFromEnvironment, - HandshakeTimeout: codexResponsesWebsocketHandshakeTO, - EnableCompression: true, - NetDialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).DialContext, - } - - proxyURL := "" - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - if proxyURL == "" { - return dialer - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("codex websockets executor: parse proxy URL failed: %v", errParse) - return dialer - } - - switch parsedURL.Scheme { - case "socks5": - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - socksDialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("codex websockets executor: create SOCKS5 dialer failed: %v", errSOCKS5) - return dialer - } - dialer.Proxy = nil - dialer.NetDialContext = func(_ context.Context, network, addr string) (net.Conn, error) { - return socksDialer.Dial(network, addr) - } - case "http", "https": - dialer.Proxy = http.ProxyURL(parsedURL) - default: - log.Errorf("codex websockets executor: unsupported proxy scheme: %s", parsedURL.Scheme) - } - - return dialer -} - -func buildCodexResponsesWebsocketURL(httpURL string) (string, error) { - parsed, err := url.Parse(strings.TrimSpace(httpURL)) - if err != nil { - return "", err - } - switch strings.ToLower(parsed.Scheme) { - case "http": - parsed.Scheme = "ws" - case "https": - parsed.Scheme = "wss" - } - return parsed.String(), nil -} - -func applyCodexPromptCacheHeaders(from sdktranslator.Format, req cliproxyexecutor.Request, rawJSON []byte) ([]byte, http.Header) { - headers := http.Header{} - if len(rawJSON) == 0 { - return rawJSON, headers - } - - var cache codexCache - switch from { - case "claude": - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - if cached, ok := getCodexCache(key); ok { - cache = cached - } else { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - case "openai-response": - if promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key"); promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - headers.Set("Conversation_id", cache.ID) - headers.Set("Session_id", cache.ID) - } - - return rawJSON, headers -} - -func applyCodexWebsocketHeaders(ctx context.Context, headers http.Header, auth *cliproxyauth.Auth, token string) http.Header { - if headers == nil { - headers = http.Header{} - } - if strings.TrimSpace(token) != "" { - headers.Set("Authorization", "Bearer "+token) - } - - var ginHeaders http.Header - if ginCtx := ginContextFrom(ctx); ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(headers, ginHeaders, "x-codex-beta-features", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-state", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-metadata", "") - misc.EnsureHeader(headers, ginHeaders, "x-responsesapi-include-timing-metrics", "") - - misc.EnsureHeader(headers, ginHeaders, "Version", codexClientVersion) - betaHeader := strings.TrimSpace(headers.Get("OpenAI-Beta")) - if betaHeader == "" && ginHeaders != nil { - betaHeader = strings.TrimSpace(ginHeaders.Get("OpenAI-Beta")) - } - if betaHeader == "" || !strings.Contains(betaHeader, "responses_websockets=") { - betaHeader = codexResponsesWebsocketBetaHeaderValue - } - headers.Set("OpenAI-Beta", betaHeader) - misc.EnsureHeader(headers, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(headers, ginHeaders, "User-Agent", codexUserAgent) - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - headers.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - if trimmed := strings.TrimSpace(accountID); trimmed != "" { - headers.Set("Chatgpt-Account-Id", trimmed) - } - } - } - } - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(&http.Request{Header: headers}, attrs) - - return headers -} - -type statusErrWithHeaders struct { - statusErr - headers http.Header -} - -func (e statusErrWithHeaders) Headers() http.Header { - if e.headers == nil { - return nil - } - return e.headers.Clone() -} - -func parseCodexWebsocketError(payload []byte) (error, bool) { - if len(payload) == 0 { - return nil, false - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "error" { - return nil, false - } - status := int(gjson.GetBytes(payload, "status").Int()) - if status == 0 { - status = int(gjson.GetBytes(payload, "status_code").Int()) - } - if status <= 0 { - return nil, false - } - - out := []byte(`{}`) - if errNode := gjson.GetBytes(payload, "error"); errNode.Exists() { - raw := errNode.Raw - if errNode.Type == gjson.String { - raw = errNode.Raw - } - out, _ = sjson.SetRawBytes(out, "error", []byte(raw)) - } else { - out, _ = sjson.SetBytes(out, "error.type", "server_error") - out, _ = sjson.SetBytes(out, "error.message", http.StatusText(status)) - } - - headers := parseCodexWebsocketErrorHeaders(payload) - return statusErrWithHeaders{ - statusErr: statusErr{code: status, msg: string(out)}, - headers: headers, - }, true -} - -func parseCodexWebsocketErrorHeaders(payload []byte) http.Header { - headersNode := gjson.GetBytes(payload, "headers") - if !headersNode.Exists() || !headersNode.IsObject() { - return nil - } - mapped := make(http.Header) - headersNode.ForEach(func(key, value gjson.Result) bool { - name := strings.TrimSpace(key.String()) - if name == "" { - return true - } - switch value.Type { - case gjson.String: - if v := strings.TrimSpace(value.String()); v != "" { - mapped.Set(name, v) - } - case gjson.Number, gjson.True, gjson.False: - if v := strings.TrimSpace(value.Raw); v != "" { - mapped.Set(name, v) - } - default: - } - return true - }) - if len(mapped) == 0 { - return nil - } - return mapped -} - -func normalizeCodexWebsocketCompletion(payload []byte) []byte { - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) == "response.done" { - updated, err := sjson.SetBytes(payload, "type", "response.completed") - if err == nil && len(updated) > 0 { - return updated - } - } - return payload -} - -func encodeCodexWebsocketAsSSE(payload []byte) []byte { - if len(payload) == 0 { - return nil - } - line := make([]byte, 0, len("data: ")+len(payload)) - line = append(line, []byte("data: ")...) - line = append(line, payload...) - return line -} - -func websocketHandshakeBody(resp *http.Response) []byte { - if resp == nil || resp.Body == nil { - return nil - } - body, _ := io.ReadAll(resp.Body) - closeHTTPResponseBody(resp, "codex websockets executor: close handshake response body error") - if len(body) == 0 { - return nil - } - return body -} - -func closeHTTPResponseBody(resp *http.Response, logPrefix string) { - if resp == nil || resp.Body == nil { - return - } - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("%s: %v", logPrefix, errClose) - } -} - -func executionSessionIDFromOptions(opts cliproxyexecutor.Options) string { - if len(opts.Metadata) == 0 { - return "" - } - raw, ok := opts.Metadata[cliproxyexecutor.ExecutionSessionMetadataKey] - if !ok || raw == nil { - return "" - } - switch v := raw.(type) { - case string: - return strings.TrimSpace(v) - case []byte: - return strings.TrimSpace(string(v)) - default: - return "" - } -} - -func (e *CodexWebsocketsExecutor) getOrCreateSession(sessionID string) *codexWebsocketSession { - sessionID = strings.TrimSpace(sessionID) - if sessionID == "" { - return nil - } - e.sessMu.Lock() - defer e.sessMu.Unlock() - if e.sessions == nil { - e.sessions = make(map[string]*codexWebsocketSession) - } - if sess, ok := e.sessions[sessionID]; ok && sess != nil { - return sess - } - sess := &codexWebsocketSession{sessionID: sessionID} - e.sessions[sessionID] = sess - return sess -} - -func (e *CodexWebsocketsExecutor) ensureUpstreamConn(ctx context.Context, auth *cliproxyauth.Auth, sess *codexWebsocketSession, authID string, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - if sess == nil { - return e.dialCodexWebsocket(ctx, auth, wsURL, headers) - } - - sess.connMu.Lock() - conn := sess.conn - readerConn := sess.readerConn - sess.connMu.Unlock() - if conn != nil { - if readerConn != conn { - sess.connMu.Lock() - sess.readerConn = conn - sess.connMu.Unlock() - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - } - return conn, nil, nil - } - - conn, resp, errDial := e.dialCodexWebsocket(ctx, auth, wsURL, headers) - if errDial != nil { - return nil, resp, errDial - } - - sess.connMu.Lock() - if sess.conn != nil { - previous := sess.conn - sess.connMu.Unlock() - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return previous, nil, nil - } - sess.conn = conn - sess.wsURL = wsURL - sess.authID = authID - sess.connCreateSent = false - sess.readerConn = conn - sess.connMu.Unlock() - - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - logCodexWebsocketConnected(sess.sessionID, authID, wsURL) - return conn, resp, nil -} - -func (e *CodexWebsocketsExecutor) readUpstreamLoop(sess *codexWebsocketSession, conn *websocket.Conn) { - if e == nil || sess == nil || conn == nil { - return - } - for { - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - if errRead != nil { - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errRead}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "upstream_disconnected", errRead) - return - } - - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - errBinary := fmt.Errorf("codex websockets executor: unexpected binary message") - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errBinary}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", errBinary) - return - } - continue - } - - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch == nil { - continue - } - select { - case ch <- codexWebsocketRead{conn: conn, msgType: msgType, payload: payload}: - case <-done: - } - } -} - -func (e *CodexWebsocketsExecutor) invalidateUpstreamConn(sess *codexWebsocketSession, conn *websocket.Conn, reason string, err error) { - if sess == nil || conn == nil { - return - } - - sess.connMu.Lock() - current := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sessionID := sess.sessionID - if current == nil || current != conn { - sess.connMu.Unlock() - return - } - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sess.connMu.Unlock() - - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func (e *CodexWebsocketsExecutor) CloseExecutionSession(sessionID string) { - sessionID = strings.TrimSpace(sessionID) - if e == nil { - return - } - if sessionID == "" { - return - } - if sessionID == cliproxyauth.CloseAllExecutionSessionsID { - e.closeAllExecutionSessions("executor_replaced") - return - } - - e.sessMu.Lock() - sess := e.sessions[sessionID] - delete(e.sessions, sessionID) - e.sessMu.Unlock() - - e.closeExecutionSession(sess, "session_closed") -} - -func (e *CodexWebsocketsExecutor) closeAllExecutionSessions(reason string) { - if e == nil { - return - } - - e.sessMu.Lock() - sessions := make([]*codexWebsocketSession, 0, len(e.sessions)) - for sessionID, sess := range e.sessions { - delete(e.sessions, sessionID) - if sess != nil { - sessions = append(sessions, sess) - } - } - e.sessMu.Unlock() - - for i := range sessions { - e.closeExecutionSession(sessions[i], reason) - } -} - -func (e *CodexWebsocketsExecutor) closeExecutionSession(sess *codexWebsocketSession, reason string) { - if sess == nil { - return - } - reason = strings.TrimSpace(reason) - if reason == "" { - reason = "session_closed" - } - - sess.connMu.Lock() - conn := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sessionID := sess.sessionID - sess.connMu.Unlock() - - if conn == nil { - return - } - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, nil) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func logCodexWebsocketConnected(sessionID string, authID string, wsURL string) { - log.Infof("codex websockets: upstream connected session=%s auth=%s url=%s", strings.TrimSpace(sessionID), sanitizeCodexWebsocketLogField(authID), sanitizeCodexWebsocketLogURL(wsURL)) -} - -func logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason string, err error) { - if err != nil { - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s err=%v", strings.TrimSpace(sessionID), sanitizeCodexWebsocketLogField(authID), sanitizeCodexWebsocketLogURL(wsURL), strings.TrimSpace(reason), err) - return - } - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s", strings.TrimSpace(sessionID), sanitizeCodexWebsocketLogField(authID), sanitizeCodexWebsocketLogURL(wsURL), strings.TrimSpace(reason)) -} - -func sanitizeCodexWebsocketLogField(raw string) string { - return util.RedactAPIKey(strings.TrimSpace(raw)) -} - -func sanitizeCodexWebsocketLogURL(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil || !parsed.IsAbs() { - return util.HideAPIKey(trimmed) - } - parsed.User = nil - parsed.Fragment = "" - parsed.RawQuery = util.MaskSensitiveQuery(parsed.RawQuery) - return parsed.String() -} - -// CodexAutoExecutor routes Codex requests to the websocket transport only when: -// 1. The downstream transport is websocket, and -// 2. The selected auth enables websockets. -// -// For non-websocket downstream requests, it always uses the legacy HTTP implementation. -type CodexAutoExecutor struct { - httpExec *CodexExecutor - wsExec *CodexWebsocketsExecutor -} - -func NewCodexAutoExecutor(cfg *config.Config) *CodexAutoExecutor { - return &CodexAutoExecutor{ - httpExec: NewCodexExecutor(cfg), - wsExec: NewCodexWebsocketsExecutor(cfg), - } -} - -func (e *CodexAutoExecutor) Identifier() string { return "codex" } - -func (e *CodexAutoExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if e == nil || e.httpExec == nil { - return nil - } - return e.httpExec.PrepareRequest(req, auth) -} - -func (e *CodexAutoExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.HttpRequest(ctx, auth, req) -} - -func (e *CodexAutoExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.Execute(ctx, auth, req, opts) - } - return e.httpExec.Execute(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return nil, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.ExecuteStream(ctx, auth, req, opts) - } - return e.httpExec.ExecuteStream(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.Refresh(ctx, auth) -} - -func (e *CodexAutoExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.CountTokens(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) CloseExecutionSession(sessionID string) { - if e == nil || e.wsExec == nil { - return - } - e.wsExec.CloseExecutionSession(sessionID) -} - -func codexWebsocketsEnabled(auth *cliproxyauth.Auth) bool { - if auth == nil { - return false - } - if len(auth.Attributes) > 0 { - if raw := strings.TrimSpace(auth.Attributes["websockets"]); raw != "" { - parsed, errParse := strconv.ParseBool(raw) - if errParse == nil { - return parsed - } - } - } - if len(auth.Metadata) == 0 { - return false - } - raw, ok := auth.Metadata["websockets"] - if !ok || raw == nil { - return false - } - switch v := raw.(type) { - case bool: - return v - case string: - parsed, errParse := strconv.ParseBool(strings.TrimSpace(v)) - if errParse == nil { - return parsed - } - default: - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor_backpressure_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor_backpressure_test.go deleted file mode 100644 index 70dcdd5fe7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor_backpressure_test.go +++ /dev/null @@ -1,39 +0,0 @@ -package executor - -import ( - "context" - "errors" - "testing" -) - -func TestEnqueueCodexWebsocketReadPrioritizesErrorUnderBackpressure(t *testing.T) { - ch := make(chan codexWebsocketRead, 1) - ch <- codexWebsocketRead{msgType: 1, payload: []byte("stale")} - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - wantErr := errors.New("upstream disconnected") - enqueueCodexWebsocketRead(ch, ctx.Done(), codexWebsocketRead{err: wantErr}) - - got := <-ch - if !errors.Is(got.err, wantErr) { - t.Fatalf("expected buffered error to be preserved, got err=%v payload=%q", got.err, string(got.payload)) - } -} - -func TestEnqueueCodexWebsocketReadDoneClosedSkipsEnqueue(t *testing.T) { - ch := make(chan codexWebsocketRead, 1) - stale := codexWebsocketRead{msgType: 1, payload: []byte("stale")} - ch <- stale - - ctx, cancel := context.WithCancel(context.Background()) - cancel() - - enqueueCodexWebsocketRead(ch, ctx.Done(), codexWebsocketRead{err: errors.New("should not enqueue")}) - - got := <-ch - if string(got.payload) != string(stale.payload) || got.msgType != stale.msgType || got.err != nil { - t.Fatalf("expected channel state unchanged when done closed, got %+v", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor_logging_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor_logging_test.go deleted file mode 100644 index 6fc69acef1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/codex_websockets_executor_logging_test.go +++ /dev/null @@ -1,28 +0,0 @@ -package executor - -import ( - "strings" - "testing" -) - -func TestSanitizeCodexWebsocketLogURLMasksQueryAndUserInfo(t *testing.T) { - raw := "wss://user:secret@example.com/v1/realtime?api_key=verysecret&token=abc123&foo=bar#frag" - got := sanitizeCodexWebsocketLogURL(raw) - - if strings.Contains(got, "secret") || strings.Contains(got, "abc123") || strings.Contains(got, "verysecret") { - t.Fatalf("expected sensitive values to be masked, got %q", got) - } - if strings.Contains(got, "user:") { - t.Fatalf("expected userinfo to be removed, got %q", got) - } - if strings.Contains(got, "#frag") { - t.Fatalf("expected fragment to be removed, got %q", got) - } -} - -func TestSanitizeCodexWebsocketLogFieldMasksTokenLikeValue(t *testing.T) { - got := sanitizeCodexWebsocketLogField(" sk-super-secret-token ") - if got == "sk-super-secret-token" { - t.Fatalf("expected auth field to be masked, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor.go deleted file mode 100644 index 4f55ac378b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor.go +++ /dev/null @@ -1,961 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Gemini CLI executor that talks to Cloud Code Assist endpoints -// using OAuth credentials from auth metadata. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "math/rand" - "net/http" - "regexp" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/geminicli" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - codeAssistEndpoint = "https://cloudcode-pa.googleapis.com" - codeAssistVersion = "v1internal" - geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - geminiOAuthClientSecret = "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" -) - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// GeminiCLIExecutor talks to the Cloud Code Assist endpoint using OAuth credentials from auth metadata. -type GeminiCLIExecutor struct { - cfg *config.Config -} - -// NewGeminiCLIExecutor creates a new Gemini CLI executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiCLIExecutor: A new Gemini CLI executor instance -func NewGeminiCLIExecutor(cfg *config.Config) *GeminiCLIExecutor { - return &GeminiCLIExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiCLIExecutor) Identifier() string { return "gemini-cli" } - -// PrepareRequest injects Gemini CLI credentials into the outgoing HTTP request. -func (e *GeminiCLIExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - tokenSource, _, errSource := prepareGeminiCLITokenSource(req.Context(), e.cfg, auth) - if errSource != nil { - return errSource - } - tok, errTok := tokenSource.Token() - if errTok != nil { - return errTok - } - if strings.TrimSpace(tok.AccessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(req) - return nil -} - -// HttpRequest injects Gemini CLI credentials into the request and executes it. -func (e *GeminiCLIExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini-cli executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return resp, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - requestSuffix := thinking.ParseSuffix(req.Model) - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - projectID := resolveGeminiProjectID(auth) - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload, err = applyGeminiThinkingForAttempt(payload, requestSuffix, attemptModel, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - if action == "countTokens" { - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - } else { - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - } - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return resp, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", resolveOAuthBaseURL(e.cfg, e.Identifier(), codeAssistEndpoint, auth), codeAssistVersion, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return resp, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return resp, err - } - - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(respCtx, to, from, attemptModel, opts.OriginalRequest, payload, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debug("gemini cli executor: rate limited, retrying with next model") - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - - err = newGeminiStatusErr(httpResp.StatusCode, data) - return resp, err - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return resp, err -} - -// ExecuteStream performs a streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return nil, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestSuffix := thinking.ParseSuffix(req.Model) - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - projectID := resolveGeminiProjectID(auth) - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload, err = applyGeminiThinkingForAttempt(payload, requestSuffix, attemptModel, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return nil, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", resolveOAuthBaseURL(e.cfg, e.Identifier(), codeAssistEndpoint, auth), codeAssistVersion, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return nil, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "text/event-stream") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debug("gemini cli executor: rate limited, retrying with next model") - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - // Retry 502/503/504 (high demand, transient) on same model with backoff - if (httpResp.StatusCode == 502 || httpResp.StatusCode == 503 || httpResp.StatusCode == 504) && idx == 0 { - const maxRetries = 5 - for attempt := 0; attempt < maxRetries; attempt++ { - backoff := time.Duration(1+attempt*2) * time.Second - if jitter := time.Duration(rand.Intn(500)) * time.Millisecond; jitter > 0 { - backoff += jitter - } - log.Warnf("gemini cli executor: attempt %d/%d got %d (high demand/transient), retrying in %v", attempt+1, maxRetries, httpResp.StatusCode, backoff) - select { - case <-ctx.Done(): - err = ctx.Err() - return nil, err - case <-time.After(backoff): - } - reqHTTP, _ = http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "text/event-stream") - httpResp, errDo = httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - goto streamBlock - } - data, _ = io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - if httpResp.StatusCode != 502 && httpResp.StatusCode != 503 && httpResp.StatusCode != 504 { - err = newGeminiStatusErr(httpResp.StatusCode, data) - return nil, err - } - } - err = newGeminiStatusErr(lastStatus, lastBody) - return nil, err - } - err = newGeminiStatusErr(httpResp.StatusCode, data) - return nil, err - } - - streamBlock: - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response, reqBody []byte, attemptModel string) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - }() - if opts.Alt == "" { - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiCLIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if bytes.HasPrefix(line, dataTag) { - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, bytes.Clone(line), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - } - } - - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - data, errRead := io.ReadAll(resp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errRead} - return - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, data, ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - - segments = sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - }(httpResp, append([]byte(nil), payload...), attemptModel) - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return nil, err -} - -// CountTokens counts tokens for the given request using the Gemini CLI API. -func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - requestSuffix := thinking.ParseSuffix(req.Model) - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - - for _, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload, err = applyGeminiThinkingForAttempt(payload, requestSuffix, attemptModel, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - payload = fixGeminiCLIImageAspectRatio(baseModel, payload) - - tok, errTok := tokenSource.Token() - if errTok != nil { - return cliproxyexecutor.Response{}, errTok - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", resolveOAuthBaseURL(e.cfg, e.Identifier(), codeAssistEndpoint, auth), codeAssistVersion, "countTokens") - if opts.Alt != "" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - resp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - data, errRead := io.ReadAll(resp.Body) - _ = resp.Body.Close() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode >= 200 && resp.StatusCode < 300 { - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil - } - lastStatus = resp.StatusCode - lastBody = append([]byte(nil), data...) - if resp.StatusCode == 429 { - log.Debugf("gemini cli executor: rate limited, retrying with next model") - continue - } - break - } - - if lastStatus == 0 { - lastStatus = 429 - } - return cliproxyexecutor.Response{}, newGeminiStatusErr(lastStatus, lastBody) -} - -// Refresh refreshes the authentication credentials (no-op for Gemini CLI). -func (e *GeminiCLIExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func prepareGeminiCLITokenSource(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth) (oauth2.TokenSource, map[string]any, error) { - metadata := geminiOAuthMetadata(auth) - if auth == nil || metadata == nil { - return nil, nil, fmt.Errorf("gemini-cli auth metadata missing") - } - - var base map[string]any - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } else { - base = make(map[string]any) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, err := json.Marshal(base); err == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, err := time.Parse(time.RFC3339, expiry); err == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - } - - src := conf.TokenSource(ctxToken, &token) - currentToken, err := src.Token() - if err != nil { - return nil, nil, err - } - updateGeminiCLITokenMetadata(auth, base, currentToken) - return oauth2.ReuseTokenSource(currentToken, src), base, nil -} - -func updateGeminiCLITokenMetadata(auth *cliproxyauth.Auth, base map[string]any, tok *oauth2.Token) { - if auth == nil || tok == nil { - return - } - merged := buildGeminiTokenMap(base, tok) - fields := buildGeminiTokenFields(tok, merged) - shared := geminicli.ResolveSharedCredential(auth.Runtime) - if shared != nil { - snapshot := shared.MergeMetadata(fields) - if !geminicli.IsVirtual(auth.Runtime) { - auth.Metadata = snapshot - } - return - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } -} - -func buildGeminiTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if raw, err := json.Marshal(tok); err == nil { - var tokenMap map[string]any - if err = json.Unmarshal(raw, &tokenMap); err == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildGeminiTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func resolveGeminiProjectID(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if runtime := auth.Runtime; runtime != nil { - if virtual, ok := runtime.(*geminicli.VirtualCredential); ok && virtual != nil { - return strings.TrimSpace(virtual.ProjectID) - } - } - return strings.TrimSpace(stringValue(auth.Metadata, "project_id")) -} - -func geminiOAuthMetadata(auth *cliproxyauth.Auth) map[string]any { - if auth == nil { - return nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if snapshot := shared.MetadataSnapshot(); len(snapshot) > 0 { - return snapshot - } - } - return auth.Metadata -} - -func newHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) -} - -func cloneMap(in map[string]any) map[string]any { - if in == nil { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func stringValue(m map[string]any, key string) string { - if m == nil { - return "" - } - if v, ok := m[key]; ok { - switch typed := v.(type) { - case string: - return typed - case fmt.Stringer: - return typed.String() - } - } - return "" -} - -// applyGeminiCLIHeaders sets required headers for the Gemini CLI upstream. -func applyGeminiCLIHeaders(r *http.Request) { - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", "google-api-nodejs-client/9.15.1") - misc.EnsureHeader(r.Header, ginHeaders, "X-Goog-Api-Client", "gl-node/22.17.0") - misc.EnsureHeader(r.Header, ginHeaders, "Client-Metadata", geminiCLIClientMetadata()) -} - -// geminiCLIClientMetadata returns a compact metadata string required by upstream. -func geminiCLIClientMetadata() string { - // Keep parity with CLI client defaults - return "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -} - -// cliPreviewFallbackOrder returns preview model candidates for a base model. -func cliPreviewFallbackOrder(model string) []string { - switch model { - case "gemini-2.5-pro": - return []string{ - // "gemini-2.5-pro-preview-05-06", - // "gemini-2.5-pro-preview-06-05", - } - case "gemini-2.5-flash": - return []string{ - // "gemini-2.5-flash-preview-04-17", - // "gemini-2.5-flash-preview-05-20", - } - case "gemini-2.5-flash-lite": - return []string{ - // "gemini-2.5-flash-lite-preview-06-17", - } - default: - return nil - } -} - -// setJSONField sets a top-level JSON field on a byte slice payload via sjson. -func setJSONField(body []byte, key, value string) []byte { - if key == "" { - return body - } - updated, err := sjson.SetBytes(body, key, value) - if err != nil { - return body - } - return updated -} - -// deleteJSONField removes a top-level key if present (best-effort) via sjson. -func deleteJSONField(body []byte, key string) []byte { - if key == "" || len(body) == 0 { - return body - } - updated, err := sjson.DeleteBytes(body, key) - if err != nil { - return body - } - return updated -} - -func fixGeminiCLIImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "request.generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "request.contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "request.generationConfig.imageConfig") - } - } - return rawJSON -} - -func newGeminiStatusErr(statusCode int, body []byte) statusErr { - err := statusErr{code: statusCode, msg: string(body)} - if statusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(body); parseErr == nil && retryAfter != nil { - err.retryAfter = retryAfter - } - } - return err -} - -func applyGeminiThinkingForAttempt(body []byte, requestSuffix thinking.SuffixResult, attemptModel, fromFormat, toFormat, provider string) ([]byte, error) { - modelWithSuffix := attemptModel - if requestSuffix.HasSuffix { - modelWithSuffix = attemptModel + "(" + requestSuffix.RawSuffix + ")" - } - return thinking.ApplyThinking(body, modelWithSuffix, fromFormat, toFormat, provider) -} - -// parseRetryDelay extracts the retry delay from a Google API 429 error response. -// The error response contains a RetryInfo.retryDelay field in the format "0.847655010s". -// Returns the parsed duration or an error if it cannot be determined. -func parseRetryDelay(errorBody []byte) (*time.Duration, error) { - // Try to parse the retryDelay from the error response - // Format: error.details[].retryDelay where @type == "type.googleapis.com/google.rpc.RetryInfo" - details := gjson.GetBytes(errorBody, "error.details") - if details.Exists() && details.IsArray() { - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.RetryInfo" { - retryDelay := detail.Get("retryDelay").String() - if retryDelay != "" { - // Parse duration string like "0.847655010s" - duration, err := time.ParseDuration(retryDelay) - if err != nil { - return nil, fmt.Errorf("failed to parse duration") - } - return &duration, nil - } - } - } - - // Fallback: try ErrorInfo.metadata.quotaResetDelay (e.g., "373.801628ms") - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.ErrorInfo" { - quotaResetDelay := detail.Get("metadata.quotaResetDelay").String() - if quotaResetDelay != "" { - duration, err := time.ParseDuration(quotaResetDelay) - if err == nil { - return &duration, nil - } - } - } - } - } - - // Fallback: parse from error.message (supports units like ms/s/m/h with optional decimals) - message := gjson.GetBytes(errorBody, "error.message").String() - if message != "" { - re := regexp.MustCompile(`after\s+([0-9]+(?:\.[0-9]+)?(?:ms|s|m|h))\.?`) - if matches := re.FindStringSubmatch(message); len(matches) > 1 { - duration, err := time.ParseDuration(matches[1]) - if err == nil { - return &duration, nil - } - } - } - - return nil, fmt.Errorf("no RetryInfo found") -} - -func (e *GeminiCLIExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor_model_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor_model_test.go deleted file mode 100644 index 0f3d7ae42b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor_model_test.go +++ /dev/null @@ -1,64 +0,0 @@ -package executor - -import ( - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" -) - -func normalizeGeminiCLIModel(model string) string { - model = strings.TrimSpace(strings.ToLower(model)) - switch { - case strings.HasPrefix(model, "gemini-3") && strings.Contains(model, "-pro"): - return "gemini-2.5-pro" - case strings.HasPrefix(model, "gemini-3-flash"): - return "gemini-2.5-flash" - default: - return model - } -} - -func TestNormalizeGeminiCLIModel(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - model string - want string - }{ - {name: "gemini3 pro alias maps to 2_5_pro", model: "gemini-3-pro", want: "gemini-2.5-pro"}, - {name: "gemini3 flash alias maps to 2_5_flash", model: "gemini-3-flash", want: "gemini-2.5-flash"}, - {name: "gemini31 pro alias maps to 2_5_pro", model: "gemini-3.1-pro", want: "gemini-2.5-pro"}, - {name: "non gemini3 model unchanged", model: "gemini-2.5-pro", want: "gemini-2.5-pro"}, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - got := normalizeGeminiCLIModel(tt.model) - if got != tt.want { - t.Fatalf("normalizeGeminiCLIModel(%q)=%q, want %q", tt.model, got, tt.want) - } - }) - } -} - -func TestApplyGeminiThinkingForAttemptModelUsesRequestSuffix(t *testing.T) { - t.Parallel() - - rawPayload := []byte(`{"request":{"contents":[{"role":"user","parts":[{"text":"ping"}]}]}}`) - requestSuffix := thinking.ParseSuffix("gemini-2.5-pro(2048)") - - translated, err := applyGeminiThinkingForAttempt(rawPayload, requestSuffix, "gemini-2.5-pro", "gemini", "gemini-cli", "gemini-cli") - if err != nil { - t.Fatalf("applyGeminiThinkingForAttempt() error = %v", err) - } - - budget := gjson.GetBytes(translated, "request.generationConfig.thinkingConfig.thinkingBudget") - if !budget.Exists() || budget.Int() != 2048 { - t.Fatalf("expected thinking budget 2048, got %q", budget.String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor_retry_delay_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor_retry_delay_test.go deleted file mode 100644 index f26c5a95e1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_cli_executor_retry_delay_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package executor - -import ( - "testing" - "time" -) - -func TestParseRetryDelay_MessageDuration(t *testing.T) { - t.Parallel() - - body := []byte(`{"error":{"message":"Quota exceeded. Your quota will reset after 1.5s."}}`) - got, err := parseRetryDelay(body) - if err != nil { - t.Fatalf("parseRetryDelay returned error: %v", err) - } - if got == nil { - t.Fatal("parseRetryDelay returned nil duration") - } - if *got != 1500*time.Millisecond { - t.Fatalf("parseRetryDelay = %v, want %v", *got, 1500*time.Millisecond) - } -} - -func TestParseRetryDelay_MessageMilliseconds(t *testing.T) { - t.Parallel() - - body := []byte(`{"error":{"message":"Please retry after 250ms."}}`) - got, err := parseRetryDelay(body) - if err != nil { - t.Fatalf("parseRetryDelay returned error: %v", err) - } - if got == nil { - t.Fatal("parseRetryDelay returned nil duration") - } - if *got != 250*time.Millisecond { - t.Fatalf("parseRetryDelay = %v, want %v", *got, 250*time.Millisecond) - } -} - -func TestParseRetryDelay_PrefersRetryInfo(t *testing.T) { - t.Parallel() - - body := []byte(`{"error":{"message":"Your quota will reset after 99s.","details":[{"@type":"type.googleapis.com/google.rpc.RetryInfo","retryDelay":"2s"}]}}`) - got, err := parseRetryDelay(body) - if err != nil { - t.Fatalf("parseRetryDelay returned error: %v", err) - } - if got == nil { - t.Fatal("parseRetryDelay returned nil duration") - } - if *got != 2*time.Second { - t.Fatalf("parseRetryDelay = %v, want %v", *got, 2*time.Second) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_executor.go deleted file mode 100644 index 4a5f2b7ed4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_executor.go +++ /dev/null @@ -1,549 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// It includes stateless executors that handle API requests, streaming responses, -// token counting, and authentication refresh for different AI service providers. -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "math/rand" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - // glEndpoint is the base URL for the Google Generative Language API. - glEndpoint = "https://generativelanguage.googleapis.com" - - // glAPIVersion is the API version used for Gemini requests. - glAPIVersion = "v1beta" - - // streamScannerBuffer is the buffer size for SSE stream scanning. - streamScannerBuffer = 52_428_800 -) - -// GeminiExecutor is a stateless executor for the official Gemini API using API keys. -// It handles both API key and OAuth bearer token authentication, supporting both -// regular and streaming requests to the Google Generative Language API. -type GeminiExecutor struct { - // cfg holds the application configuration. - cfg *config.Config -} - -// NewGeminiExecutor creates a new Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiExecutor: A new Gemini executor instance -func NewGeminiExecutor(cfg *config.Config) *GeminiExecutor { - return &GeminiExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiExecutor) Identifier() string { return "gemini" } - -// PrepareRequest injects Gemini credentials into the outgoing HTTP request. -func (e *GeminiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, bearer := geminiCreds(auth) - if apiKey != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - } else if bearer != "" { - req.Header.Set("Authorization", "Bearer "+bearer) - req.Header.Del("x-goog-api-key") - } - applyGeminiHeaders(req, auth) - return nil -} - -// HttpRequest injects Gemini credentials into the request and executes it. -func (e *GeminiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini API. -// It translates the request to Gemini format, sends it to the API, and translates -// the response back to the requested format. -// -// Parameters: -// - ctx: The context for the request -// - auth: The authentication information -// - req: The request to execute -// - opts: Additional execution options -// -// Returns: -// - cliproxyexecutor.Response: The response from the API -// - error: An error if the request fails -func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - // Official Gemini API via API key or OAuth bearer - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else if bearer != "" { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the Gemini API. -func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - const maxRetries = 5 - retryableStatus := map[int]bool{429: true, 502: true, 503: true, 504: true} - var httpResp *http.Response - for attempt := 0; attempt <= maxRetries; attempt++ { - reqForAttempt, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errReq != nil { - return nil, errReq - } - reqForAttempt.Header = httpReq.Header.Clone() - httpResp, err = httpClient.Do(reqForAttempt) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if attempt < maxRetries { - backoff := time.Duration(1+attempt*2) * time.Second - if jitter := time.Duration(rand.Intn(500)) * time.Millisecond; jitter > 0 { - backoff += jitter - } - log.Warnf("gemini executor: attempt %d/%d failed (connection error), retrying in %v: %v", attempt+1, maxRetries+1, backoff, err) - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(backoff): - } - continue - } - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - break - } - b, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if !retryableStatus[httpResp.StatusCode] || attempt >= maxRetries { - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - backoff := time.Duration(1+attempt*2) * time.Second - if jitter := time.Duration(rand.Intn(500)) * time.Millisecond; jitter > 0 { - backoff += jitter - } - log.Warnf("gemini executor: attempt %d/%d got %d (high demand/transient), retrying in %v", attempt+1, maxRetries+1, httpResp.StatusCode, backoff) - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(backoff): - } - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - filtered := FilterSSEUsageMetadata(line) - payload := jsonPayload(filtered) - if len(payload) == 0 { - continue - } - if detail, ok := parseGeminiStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(payload), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the Gemini API. -func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "countTokens") - - requestBody := bytes.NewReader(translatedReq) - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, requestBody) - if err != nil { - return cliproxyexecutor.Response{}, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - defer func() { _ = resp.Body.Close() }() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - - data, err := io.ReadAll(resp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", resp.StatusCode, summarizeErrorBody(resp.Header.Get("Content-Type"), data)) - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(data)} - } - - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil -} - -// Refresh refreshes the authentication credentials (no-op for Gemini API key). -func (e *GeminiExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func geminiCreds(a *cliproxyauth.Auth) (apiKey, bearer string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - apiKey = v - } - } - if a.Metadata != nil { - // GeminiTokenStorage.Token is a map that may contain access_token - if v, ok := a.Metadata["access_token"].(string); ok && v != "" { - bearer = v - } - if token, ok := a.Metadata["token"].(map[string]any); ok && token != nil { - if v, ok2 := token["access_token"].(string); ok2 && v != "" { - bearer = v - } - } - } - return -} - -func resolveGeminiBaseURL(auth *cliproxyauth.Auth) string { - base := glEndpoint - if auth != nil && auth.Attributes != nil { - if custom := strings.TrimSpace(auth.Attributes["base_url"]); custom != "" { - base = strings.TrimRight(custom, "/") - } - } - if base == "" { - return glEndpoint - } - return base -} - -func applyGeminiHeaders(req *http.Request, auth *cliproxyauth.Auth) { - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) -} - -func fixGeminiImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "generationConfig.imageConfig") - } - } - return rawJSON -} - -func (e *GeminiExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_vertex_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_vertex_executor.go deleted file mode 100644 index 6a657392b6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_vertex_executor.go +++ /dev/null @@ -1,1032 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Vertex AI Gemini executor that talks to Google Vertex AI -// endpoints using service account credentials or API keys. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - vertexauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/vertex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - // vertexAPIVersion aligns with current public Vertex Generative AI API. - vertexAPIVersion = "v1" -) - -// isImagenModel checks if the model name is an Imagen image generation model. -// Imagen models use the :predict action instead of :generateContent. -func isImagenModel(model string) bool { - lowerModel := strings.ToLower(model) - return strings.Contains(lowerModel, "imagen") -} - -// getVertexAction returns the appropriate action for the given model. -// Imagen models use "predict", while Gemini models use "generateContent". -func getVertexAction(model string, isStream bool) string { - if isImagenModel(model) { - return "predict" - } - if isStream { - return "streamGenerateContent" - } - return "generateContent" -} - -// convertImagenToGeminiResponse converts Imagen API response to Gemini format -// so it can be processed by the standard translation pipeline. -// This ensures Imagen models return responses in the same format as gemini-3-pro-image-preview. -func convertImagenToGeminiResponse(data []byte, model string) []byte { - predictions := gjson.GetBytes(data, "predictions") - if !predictions.Exists() || !predictions.IsArray() { - return data - } - - // Build Gemini-compatible response with inlineData - parts := make([]map[string]any, 0) - for _, pred := range predictions.Array() { - imageData := pred.Get("bytesBase64Encoded").String() - mimeType := pred.Get("mimeType").String() - if mimeType == "" { - mimeType = "image/png" - } - if imageData != "" { - parts = append(parts, map[string]any{ - "inlineData": map[string]any{ - "mimeType": mimeType, - "data": imageData, - }, - }) - } - } - - // Generate unique response ID using timestamp - responseId := fmt.Sprintf("imagen-%d", time.Now().UnixNano()) - - response := map[string]any{ - "candidates": []map[string]any{{ - "content": map[string]any{ - "parts": parts, - "role": "model", - }, - "finishReason": "STOP", - }}, - "responseId": responseId, - "modelVersion": model, - // Imagen API doesn't return token counts, set to 0 for tracking purposes - "usageMetadata": map[string]any{ - "promptTokenCount": 0, - "candidatesTokenCount": 0, - "totalTokenCount": 0, - }, - } - - result, err := json.Marshal(response) - if err != nil { - return data - } - return result -} - -// convertToImagenRequest converts a Gemini-style request to Imagen API format. -// Imagen API uses a different structure: instances[].prompt instead of contents[]. -func convertToImagenRequest(payload []byte) ([]byte, error) { - // Extract prompt from Gemini-style contents - prompt := "" - - // Try to get prompt from contents[0].parts[0].text - contentsText := gjson.GetBytes(payload, "contents.0.parts.0.text") - if contentsText.Exists() { - prompt = contentsText.String() - } - - // If no contents, try messages format (OpenAI-compatible) - if prompt == "" { - messagesText := gjson.GetBytes(payload, "messages.#.content") - if messagesText.Exists() && messagesText.IsArray() { - for _, msg := range messagesText.Array() { - if msg.String() != "" { - prompt = msg.String() - break - } - } - } - } - - // If still no prompt, try direct prompt field - if prompt == "" { - directPrompt := gjson.GetBytes(payload, "prompt") - if directPrompt.Exists() { - prompt = directPrompt.String() - } - } - - if prompt == "" { - return nil, fmt.Errorf("imagen: no prompt found in request") - } - - // Build Imagen API request - imagenReq := map[string]any{ - "instances": []map[string]any{ - { - "prompt": prompt, - }, - }, - "parameters": map[string]any{ - "sampleCount": 1, - }, - } - - // Extract optional parameters - if aspectRatio := gjson.GetBytes(payload, "aspectRatio"); aspectRatio.Exists() { - imagenReq["parameters"].(map[string]any)["aspectRatio"] = aspectRatio.String() - } - if sampleCount := gjson.GetBytes(payload, "sampleCount"); sampleCount.Exists() { - imagenReq["parameters"].(map[string]any)["sampleCount"] = int(sampleCount.Int()) - } - if negativePrompt := gjson.GetBytes(payload, "negativePrompt"); negativePrompt.Exists() { - imagenReq["instances"].([]map[string]any)[0]["negativePrompt"] = negativePrompt.String() - } - - return json.Marshal(imagenReq) -} - -// GeminiVertexExecutor sends requests to Vertex AI Gemini endpoints using service account credentials. -type GeminiVertexExecutor struct { - cfg *config.Config -} - -// NewGeminiVertexExecutor creates a new Vertex AI Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiVertexExecutor: A new Vertex AI Gemini executor instance -func NewGeminiVertexExecutor(cfg *config.Config) *GeminiVertexExecutor { - return &GeminiVertexExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiVertexExecutor) Identifier() string { return "vertex" } - -// PrepareRequest injects Vertex credentials into the outgoing HTTP request. -func (e *GeminiVertexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := vertexAPICreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - return nil - } - _, _, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return errCreds - } - token, errToken := vertexAccessToken(req.Context(), e.cfg, auth, saJSON) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Del("x-goog-api-key") - return nil -} - -// HttpRequest injects Vertex credentials into the request and executes it. -func (e *GeminiVertexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("vertex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return resp, errCreds - } - return e.executeWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// ExecuteStream performs a streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return nil, errCreds - } - return e.executeStreamWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeStreamWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// CountTokens counts tokens for the given request using the Vertex AI API. -func (e *GeminiVertexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return cliproxyexecutor.Response{}, errCreds - } - return e.countTokensWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.countTokensWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// Refresh refreshes the authentication credentials (no-op for Vertex). -func (e *GeminiVertexExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -// executeWithServiceAccount handles authentication using service account credentials. -// This method contains the original service account authentication logic. -func (e *GeminiVertexExecutor) executeWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - var body []byte - - // Handle Imagen models with special request format - if isImagenModel(baseModel) { - imagenBody, errImagen := convertToImagenRequest(req.Payload) - if errImagen != nil { - return resp, errImagen - } - body = imagenBody - } else { - // Standard Gemini translation flow - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body = sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - } - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return resp, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - - // For Imagen models, convert response to Gemini format before translation - // This ensures Imagen responses use the same format as gemini-3-pro-image-preview - if isImagenModel(baseModel) { - data = convertImagenToGeminiResponse(data, baseModel) - } - - // Standard Gemini translation (works for both Gemini and converted Imagen responses) - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeWithAPIKey handles authentication using API key credentials. -func (e *GeminiVertexExecutor) executeWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeStreamWithServiceAccount handles streaming authentication using service account credentials. -func (e *GeminiVertexExecutor) executeStreamWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return nil, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// executeStreamWithAPIKey handles streaming authentication using API key credentials. -func (e *GeminiVertexExecutor) executeStreamWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// countTokensWithServiceAccount counts tokens using service account credentials. -func (e *GeminiVertexExecutor) countTokensWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return cliproxyexecutor.Response{}, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// countTokensWithAPIKey handles token counting using API key credentials. -func (e *GeminiVertexExecutor) countTokensWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// vertexCreds extracts project, location and raw service account JSON from auth metadata. -func vertexCreds(a *cliproxyauth.Auth) (projectID, location string, serviceAccountJSON []byte, err error) { - if a == nil || a.Metadata == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing auth metadata") - } - if v, ok := a.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(v) - } - if projectID == "" { - // Some service accounts may use "project"; still prefer standard field - if v, ok := a.Metadata["project"].(string); ok { - projectID = strings.TrimSpace(v) - } - } - if projectID == "" { - return "", "", nil, fmt.Errorf("vertex executor: missing project_id in credentials") - } - if v, ok := a.Metadata["location"].(string); ok && strings.TrimSpace(v) != "" { - location = strings.TrimSpace(v) - } else { - location = "us-central1" - } - var sa map[string]any - if raw, ok := a.Metadata["service_account"].(map[string]any); ok { - sa = raw - } - if sa == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing service_account in credentials") - } - normalized, errNorm := vertexauth.NormalizeServiceAccountMap(sa) - if errNorm != nil { - return "", "", nil, fmt.Errorf("vertex executor: %w", errNorm) - } - saJSON, errMarshal := json.Marshal(normalized) - if errMarshal != nil { - return "", "", nil, fmt.Errorf("vertex executor: marshal service_account failed: %w", errMarshal) - } - return projectID, location, saJSON, nil -} - -// vertexAPICreds extracts API key and base URL from auth attributes following the claudeCreds pattern. -func vertexAPICreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func vertexBaseURL(location string) string { - loc := strings.TrimSpace(location) - switch loc { - case "": - loc = "us-central1" - case "global": - return "https://aiplatform.googleapis.com" - } - return fmt.Sprintf("https://%s-aiplatform.googleapis.com", loc) -} - -func vertexAccessToken(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, saJSON []byte) (string, error) { - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient) - } - // Use cloud-platform scope for Vertex AI. - creds, errCreds := google.CredentialsFromJSON(ctx, saJSON, "https://www.googleapis.com/auth/cloud-platform") - if errCreds != nil { - return "", fmt.Errorf("vertex executor: parse service account json failed: %w", errCreds) - } - tok, errTok := creds.TokenSource.Token() - if errTok != nil { - return "", fmt.Errorf("vertex executor: get access token failed: %w", errTok) - } - return tok.AccessToken, nil -} - -func (e *GeminiVertexExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_vertex_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_vertex_executor_test.go deleted file mode 100644 index 58fcefc157..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/gemini_vertex_executor_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package executor - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestGetVertexActionForImagen(t *testing.T) { - if !isImagenModel("imagen-4.0-fast-generate-001") { - t.Fatalf("expected imagen model detection to be true") - } - if got := getVertexAction("imagen-4.0-fast-generate-001", false); got != "predict" { - t.Fatalf("getVertexAction(non-stream) = %q, want %q", got, "predict") - } - if got := getVertexAction("imagen-4.0-fast-generate-001", true); got != "predict" { - t.Fatalf("getVertexAction(stream) = %q, want %q", got, "predict") - } -} - -func TestConvertToImagenRequestFromContents(t *testing.T) { - payload := []byte(`{ - "contents":[{"parts":[{"text":"draw a red robot"}]}], - "aspectRatio":"16:9", - "sampleCount":2, - "negativePrompt":"blurry" - }`) - - got, err := convertToImagenRequest(payload) - if err != nil { - t.Fatalf("convertToImagenRequest returned error: %v", err) - } - res := gjson.ParseBytes(got) - - if prompt := res.Get("instances.0.prompt").String(); prompt != "draw a red robot" { - t.Fatalf("instances.0.prompt = %q, want %q", prompt, "draw a red robot") - } - if ar := res.Get("parameters.aspectRatio").String(); ar != "16:9" { - t.Fatalf("parameters.aspectRatio = %q, want %q", ar, "16:9") - } - if sc := res.Get("parameters.sampleCount").Int(); sc != 2 { - t.Fatalf("parameters.sampleCount = %d, want %d", sc, 2) - } - if np := res.Get("instances.0.negativePrompt").String(); np != "blurry" { - t.Fatalf("instances.0.negativePrompt = %q, want %q", np, "blurry") - } -} - -func TestConvertImagenToGeminiResponse(t *testing.T) { - input := []byte(`{ - "predictions":[ - {"bytesBase64Encoded":"abc123","mimeType":"image/png"} - ] - }`) - - got := convertImagenToGeminiResponse(input, "imagen-4.0-fast-generate-001") - res := gjson.ParseBytes(got) - - if mime := res.Get("candidates.0.content.parts.0.inlineData.mimeType").String(); mime != "image/png" { - t.Fatalf("inlineData.mimeType = %q, want %q", mime, "image/png") - } - if data := res.Get("candidates.0.content.parts.0.inlineData.data").String(); data != "abc123" { - t.Fatalf("inlineData.data = %q, want %q", data, "abc123") - } - if !strings.HasPrefix(res.Get("responseId").String(), "imagen-") { - t.Fatalf("expected responseId to start with imagen-, got %q", res.Get("responseId").String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/github_copilot_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/github_copilot_executor.go deleted file mode 100644 index 0f4df92db5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/github_copilot_executor.go +++ /dev/null @@ -1,1204 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "sync" - "time" - - "github.com/google/uuid" - copilotauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/copilot" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - githubCopilotBaseURL = "https://api.githubcopilot.com" - githubCopilotChatPath = "/chat/completions" - githubCopilotResponsesPath = "/responses" - githubCopilotAuthType = "github-copilot" - githubCopilotTokenCacheTTL = 25 * time.Minute - // tokenExpiryBuffer is the time before expiry when we should refresh the token. - tokenExpiryBuffer = 5 * time.Minute - // maxScannerBufferSize is the maximum buffer size for SSE scanning (20MB). - maxScannerBufferSize = 20_971_520 - - // Copilot API header values. - copilotUserAgent = "GitHubCopilotChat/0.35.0" - copilotEditorVersion = "vscode/1.107.0" - copilotPluginVersion = "copilot-chat/0.35.0" - copilotIntegrationID = "vscode-chat" - copilotOpenAIIntent = "conversation-panel" - copilotGitHubAPIVer = "2025-04-01" -) - -// GitHubCopilotExecutor handles requests to the GitHub Copilot API. -type GitHubCopilotExecutor struct { - cfg *config.Config - mu sync.RWMutex - cache map[string]*cachedAPIToken -} - -// cachedAPIToken stores a cached Copilot API token with its expiry. -type cachedAPIToken struct { - token string - apiEndpoint string - expiresAt time.Time -} - -// NewGitHubCopilotExecutor constructs a new executor instance. -func NewGitHubCopilotExecutor(cfg *config.Config) *GitHubCopilotExecutor { - return &GitHubCopilotExecutor{ - cfg: cfg, - cache: make(map[string]*cachedAPIToken), - } -} - -// Identifier implements ProviderExecutor. -func (e *GitHubCopilotExecutor) Identifier() string { return githubCopilotAuthType } - -// PrepareRequest implements ProviderExecutor. -func (e *GitHubCopilotExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - ctx := req.Context() - if ctx == nil { - ctx = context.Background() - } - apiToken, _, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return errToken - } - e.applyHeaders(req, apiToken, nil) - return nil -} - -// HttpRequest injects GitHub Copilot credentials into the request and executes it. -func (e *GitHubCopilotExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("github-copilot executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute handles non-streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return resp, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", false) - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - detail := parseOpenAIUsage(data) - if useResponses && detail.TotalTokens == 0 { - detail = parseOpenAIResponsesUsage(data) - } - if detail.TotalTokens > 0 { - reporter.publish(ctx, detail) - } - - var param any - converted := "" - if useResponses && from.String() == "claude" { - converted = translateGitHubCopilotResponsesNonStreamToClaude(data) - } else { - converted = sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, ¶m) - } - resp = cliproxyexecutor.Response{Payload: []byte(converted)} - reporter.ensurePublished(ctx) - return resp, nil -} - -// ExecuteStream handles streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return nil, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", true) - // Enable stream options for usage stats in stream - if !useResponses { - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - } - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, maxScannerBufferSize) - var param any - - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Parse SSE data - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if bytes.Equal(data, []byte("[DONE]")) { - continue - } - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } else if useResponses { - if detail, ok := parseOpenAIResponsesStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } - - var chunks []string - if useResponses && from.String() == "claude" { - chunks = translateGitHubCopilotResponsesStreamToClaude(bytes.Clone(line), ¶m) - } else { - chunks = sdktranslator.TranslateStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, bytes.Clone(line), ¶m) - } - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// CountTokens is not supported for GitHub Copilot. -func (e *GitHubCopilotExecutor) CountTokens(_ context.Context, _ *cliproxyauth.Auth, _ cliproxyexecutor.Request, _ cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusNotImplemented, msg: "count tokens not supported for github-copilot"} -} - -// Refresh validates the GitHub token is still working. -// GitHub OAuth tokens don't expire traditionally, so we just validate. -func (e *GitHubCopilotExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return auth, nil - } - - // Validate the token can still get a Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg, nil) - _, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("github-copilot token validation failed: %v", err)} - } - - return auth, nil -} - -// ensureAPIToken gets or refreshes the Copilot API token. -func (e *GitHubCopilotExecutor) ensureAPIToken(ctx context.Context, auth *cliproxyauth.Auth) (string, string, error) { - if auth == nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing github access token"} - } - - // Check for cached API token using thread-safe access - e.mu.RLock() - if cached, ok := e.cache[accessToken]; ok && cached.expiresAt.After(time.Now().Add(tokenExpiryBuffer)) { - e.mu.RUnlock() - return cached.token, cached.apiEndpoint, nil - } - e.mu.RUnlock() - - // Get a new Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg, nil) - apiToken, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("failed to get copilot api token: %v", err)} - } - - // Use endpoint from token response, fall back to default - apiEndpoint := githubCopilotBaseURL - if apiToken.Endpoints.API != "" { - apiEndpoint = strings.TrimRight(apiToken.Endpoints.API, "/") - } - apiEndpoint = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), apiEndpoint, authBaseURL(auth)) - - // Cache the token with thread-safe access - expiresAt := time.Now().Add(githubCopilotTokenCacheTTL) - if apiToken.ExpiresAt > 0 { - expiresAt = time.Unix(apiToken.ExpiresAt, 0) - } - e.mu.Lock() - e.cache[accessToken] = &cachedAPIToken{ - token: apiToken.Token, - apiEndpoint: apiEndpoint, - expiresAt: expiresAt, - } - e.mu.Unlock() - - return apiToken.Token, apiEndpoint, nil -} - -// applyHeaders sets the required headers for GitHub Copilot API requests. -func (e *GitHubCopilotExecutor) applyHeaders(r *http.Request, apiToken string, body []byte) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiToken) - r.Header.Set("Accept", "application/json") - r.Header.Set("User-Agent", copilotUserAgent) - r.Header.Set("Editor-Version", copilotEditorVersion) - r.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - r.Header.Set("Openai-Intent", copilotOpenAIIntent) - r.Header.Set("Copilot-Integration-Id", copilotIntegrationID) - r.Header.Set("X-Github-Api-Version", copilotGitHubAPIVer) - r.Header.Set("X-Request-Id", uuid.NewString()) - - initiator := "user" - if len(body) > 0 { - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - if role == "assistant" || role == "tool" { - initiator = "agent" - break - } - } - } - } - r.Header.Set("X-Initiator", initiator) -} - -// detectVisionContent checks if the request body contains vision/image content. -// Returns true if the request includes image_url or image type content blocks. -func detectVisionContent(body []byte) bool { - // Parse messages array - messagesResult := gjson.GetBytes(body, "messages") - if !messagesResult.Exists() || !messagesResult.IsArray() { - return false - } - - // Check each message for vision content - for _, message := range messagesResult.Array() { - content := message.Get("content") - - // If content is an array, check each content block - if content.IsArray() { - for _, block := range content.Array() { - blockType := block.Get("type").String() - // Check for image_url or image type - if blockType == "image_url" || blockType == "image" { - return true - } - } - } - } - - return false -} - -// normalizeModel strips the suffix (e.g. "(medium)") from the model name -// before sending to GitHub Copilot, as the upstream API does not accept -// suffixed model identifiers. -func (e *GitHubCopilotExecutor) normalizeModel(model string, body []byte) []byte { - baseModel := thinking.ParseSuffix(model).ModelName - normalizedModel := strings.ToLower(baseModel) - if normalizedModel != model { - body, _ = sjson.SetBytes(body, "model", normalizedModel) - } - return body -} - -func useGitHubCopilotResponsesEndpoint(sourceFormat sdktranslator.Format, model string) bool { - if sourceFormat.String() == "openai-response" { - return true - } - baseModel := strings.ToLower(thinking.ParseSuffix(model).ModelName) - return strings.Contains(baseModel, "codex") -} - -// flattenAssistantContent converts assistant message content from array format -// to a joined string. GitHub Copilot requires assistant content as a string; -// sending it as an array causes Claude models to re-answer all previous prompts. -func flattenAssistantContent(body []byte) []byte { - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - result := body - for i, msg := range messages.Array() { - if msg.Get("role").String() != "assistant" { - continue - } - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - continue - } - // Skip flattening if the content contains non-text blocks (tool_use, thinking, etc.) - hasNonText := false - for _, part := range content.Array() { - if t := part.Get("type").String(); t != "" && t != "text" { - hasNonText = true - break - } - } - if hasNonText { - continue - } - var textParts []string - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - if t := part.Get("text").String(); t != "" { - textParts = append(textParts, t) - } - } - } - joined := strings.Join(textParts, "") - path := fmt.Sprintf("messages.%d.content", i) - result, _ = sjson.SetBytes(result, path, joined) - } - return result -} - -func normalizeGitHubCopilotChatTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - if tool.Get("type").String() != "function" { - continue - } - filtered, _ = sjson.SetRaw(filtered, "-1", tool.Raw) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -func normalizeGitHubCopilotResponsesInput(body []byte) []byte { - input := gjson.GetBytes(body, "input") - if input.Exists() { - // If input is already a string or array, keep it as-is. - if input.Type == gjson.String || input.IsArray() { - return body - } - // Non-string/non-array input: stringify as fallback. - body, _ = sjson.SetBytes(body, "input", input.Raw) - return body - } - - // Convert Claude messages format to OpenAI Responses API input array. - // This preserves the conversation structure (roles, tool calls, tool results) - // which is critical for multi-turn tool-use conversations. - inputArr := "[]" - - // System messages → developer role - if system := gjson.GetBytes(body, "system"); system.Exists() { - var systemParts []string - if system.IsArray() { - for _, part := range system.Array() { - if txt := part.Get("text").String(); txt != "" { - systemParts = append(systemParts, txt) - } - } - } else if system.Type == gjson.String { - systemParts = append(systemParts, system.String()) - } - if len(systemParts) > 0 { - msg := `{"type":"message","role":"developer","content":[]}` - for _, txt := range systemParts { - part := `{"type":"input_text","text":""}` - part, _ = sjson.Set(part, "text", txt) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", msg) - } - } - - // Messages → structured input items - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - content := msg.Get("content") - - if !content.Exists() { - continue - } - - // Simple string content - if content.Type == gjson.String { - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", content.String()) - item, _ = sjson.SetRaw(item, "content.-1", part) - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - continue - } - - if !content.IsArray() { - continue - } - - // Array content: split into message parts vs tool items - var msgParts []string - for _, c := range content.Array() { - cType := c.Get("type").String() - switch cType { - case "text": - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", c.Get("text").String()) - msgParts = append(msgParts, part) - case "image": - source := c.Get("source") - if source.Exists() { - data := source.Get("data").String() - if data == "" { - data = source.Get("base64").String() - } - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = source.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - if data != "" { - part := `{"type":"input_image","image_url":""}` - part, _ = sjson.Set(part, "image_url", fmt.Sprintf("data:%s;base64,%s", mediaType, data)) - msgParts = append(msgParts, part) - } - } - case "tool_use": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fc := `{"type":"function_call","call_id":"","name":"","arguments":""}` - fc, _ = sjson.Set(fc, "call_id", c.Get("id").String()) - fc, _ = sjson.Set(fc, "name", c.Get("name").String()) - if inputRaw := c.Get("input"); inputRaw.Exists() { - fc, _ = sjson.Set(fc, "arguments", inputRaw.Raw) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fc) - case "tool_result": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fco := `{"type":"function_call_output","call_id":"","output":""}` - fco, _ = sjson.Set(fco, "call_id", c.Get("tool_use_id").String()) - // Extract output text - resultContent := c.Get("content") - if resultContent.Type == gjson.String { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } else if resultContent.IsArray() { - var resultParts []string - for _, rc := range resultContent.Array() { - if txt := rc.Get("text").String(); txt != "" { - resultParts = append(resultParts, txt) - } - } - fco, _ = sjson.Set(fco, "output", strings.Join(resultParts, "\n")) - } else if resultContent.Exists() { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fco) - case "thinking": - // Skip thinking blocks - not part of the API input - } - } - - // Flush remaining message parts - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - } - } - } - - body, _ = sjson.SetRawBytes(body, "input", []byte(inputArr)) - // Remove messages/system since we've converted them to input - body, _ = sjson.DeleteBytes(body, "messages") - body, _ = sjson.DeleteBytes(body, "system") - return body -} - -func normalizeGitHubCopilotResponsesTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - toolType := tool.Get("type").String() - // Accept OpenAI format (type="function") and Claude format - // (no type field, but has top-level name + input_schema). - if toolType != "" && toolType != "function" { - continue - } - name := tool.Get("name").String() - if name == "" { - name = tool.Get("function.name").String() - } - if name == "" { - continue - } - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - if desc := tool.Get("description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } else if desc = tool.Get("function.description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } - if params := tool.Get("parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("function.parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("input_schema"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } - filtered, _ = sjson.SetRaw(filtered, "-1", normalized) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - default: - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body - } - } - if toolChoice.Type == gjson.JSON { - choiceType := toolChoice.Get("type").String() - if choiceType == "function" { - name := toolChoice.Get("name").String() - if name == "" { - name = toolChoice.Get("function.name").String() - } - if name != "" { - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - body, _ = sjson.SetRawBytes(body, "tool_choice", []byte(normalized)) - return body - } - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -type githubCopilotResponsesStreamToolState struct { - Index int - ID string - Name string -} - -type githubCopilotResponsesStreamState struct { - MessageStarted bool - MessageStopSent bool - TextBlockStarted bool - TextBlockIndex int - NextContentIndex int - HasToolUse bool - ReasoningActive bool - ReasoningIndex int - OutputIndexToTool map[int]*githubCopilotResponsesStreamToolState - ItemIDToTool map[string]*githubCopilotResponsesStreamToolState -} - -func translateGitHubCopilotResponsesNonStreamToClaude(data []byte) string { - root := gjson.ParseBytes(data) - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("id").String()) - out, _ = sjson.Set(out, "model", root.Get("model").String()) - - hasToolUse := false - if output := root.Get("output"); output.Exists() && output.IsArray() { - for _, item := range output.Array() { - switch item.Get("type").String() { - case "reasoning": - var thinkingText string - if summary := item.Get("summary"); summary.Exists() && summary.IsArray() { - var parts []string - for _, part := range summary.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - if thinkingText == "" { - if content := item.Get("content"); content.Exists() && content.IsArray() { - var parts []string - for _, part := range content.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - } - if thinkingText != "" { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingText) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() && content.IsArray() { - for _, part := range content.Array() { - if part.Get("type").String() != "output_text" { - continue - } - text := part.Get("text").String() - if text == "" { - continue - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - case "function_call": - hasToolUse = true - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolID := item.Get("call_id").String() - if toolID == "" { - toolID = item.Get("id").String() - } - toolUse, _ = sjson.Set(toolUse, "id", toolID) - toolUse, _ = sjson.Set(toolUse, "name", item.Get("name").String()) - if args := item.Get("arguments").String(); args != "" && gjson.Valid(args) { - argObj := gjson.Parse(args) - if argObj.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argObj.Raw) - } - } - out, _ = sjson.SetRaw(out, "content.-1", toolUse) - } - } - } - - inputTokens := root.Get("usage.input_tokens").Int() - outputTokens := root.Get("usage.output_tokens").Int() - cachedTokens := root.Get("usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - if hasToolUse { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else if sr := root.Get("stop_reason").String(); sr == "max_tokens" || sr == "stop" { - out, _ = sjson.Set(out, "stop_reason", sr) - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - return out -} - -func translateGitHubCopilotResponsesStreamToClaude(line []byte, param *any) []string { - if *param == nil { - *param = &githubCopilotResponsesStreamState{ - TextBlockIndex: -1, - OutputIndexToTool: make(map[int]*githubCopilotResponsesStreamToolState), - ItemIDToTool: make(map[string]*githubCopilotResponsesStreamToolState), - } - } - state := (*param).(*githubCopilotResponsesStreamState) - - if !bytes.HasPrefix(line, dataTag) { - return nil - } - payload := bytes.TrimSpace(line[5:]) - if bytes.Equal(payload, []byte("[DONE]")) { - return nil - } - if !gjson.ValidBytes(payload) { - return nil - } - - event := gjson.GetBytes(payload, "type").String() - results := make([]string, 0, 4) - ensureMessageStart := func() { - if state.MessageStarted { - return - } - messageStart := `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}}` - messageStart, _ = sjson.Set(messageStart, "message.id", gjson.GetBytes(payload, "response.id").String()) - messageStart, _ = sjson.Set(messageStart, "message.model", gjson.GetBytes(payload, "response.model").String()) - results = append(results, "event: message_start\ndata: "+messageStart+"\n\n") - state.MessageStarted = true - } - startTextBlockIfNeeded := func() { - if state.TextBlockStarted { - return - } - if state.TextBlockIndex < 0 { - state.TextBlockIndex = state.NextContentIndex - state.NextContentIndex++ - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", state.TextBlockIndex) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - state.TextBlockStarted = true - } - stopTextBlockIfNeeded := func() { - if !state.TextBlockStarted { - return - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", state.TextBlockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - state.TextBlockStarted = false - state.TextBlockIndex = -1 - } - resolveTool := func(itemID string, outputIndex int) *githubCopilotResponsesStreamToolState { - if itemID != "" { - if tool, ok := state.ItemIDToTool[itemID]; ok { - return tool - } - } - if tool, ok := state.OutputIndexToTool[outputIndex]; ok { - if itemID != "" { - state.ItemIDToTool[itemID] = tool - } - return tool - } - return nil - } - - switch event { - case "response.created": - ensureMessageStart() - case "response.output_text.delta": - ensureMessageStart() - startTextBlockIfNeeded() - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - contentDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - contentDelta, _ = sjson.Set(contentDelta, "index", state.TextBlockIndex) - contentDelta, _ = sjson.Set(contentDelta, "delta.text", delta) - results = append(results, "event: content_block_delta\ndata: "+contentDelta+"\n\n") - } - case "response.reasoning_summary_part.added": - ensureMessageStart() - state.ReasoningActive = true - state.ReasoningIndex = state.NextContentIndex - state.NextContentIndex++ - thinkingStart := `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - thinkingStart, _ = sjson.Set(thinkingStart, "index", state.ReasoningIndex) - results = append(results, "event: content_block_start\ndata: "+thinkingStart+"\n\n") - case "response.reasoning_summary_text.delta": - if state.ReasoningActive { - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - thinkingDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - thinkingDelta, _ = sjson.Set(thinkingDelta, "index", state.ReasoningIndex) - thinkingDelta, _ = sjson.Set(thinkingDelta, "delta.thinking", delta) - results = append(results, "event: content_block_delta\ndata: "+thinkingDelta+"\n\n") - } - } - case "response.reasoning_summary_part.done": - if state.ReasoningActive { - thinkingStop := `{"type":"content_block_stop","index":0}` - thinkingStop, _ = sjson.Set(thinkingStop, "index", state.ReasoningIndex) - results = append(results, "event: content_block_stop\ndata: "+thinkingStop+"\n\n") - state.ReasoningActive = false - } - case "response.output_item.added": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - ensureMessageStart() - stopTextBlockIfNeeded() - state.HasToolUse = true - tool := &githubCopilotResponsesStreamToolState{ - Index: state.NextContentIndex, - ID: gjson.GetBytes(payload, "item.call_id").String(), - Name: gjson.GetBytes(payload, "item.name").String(), - } - if tool.ID == "" { - tool.ID = gjson.GetBytes(payload, "item.id").String() - } - state.NextContentIndex++ - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - state.OutputIndexToTool[outputIndex] = tool - if itemID := gjson.GetBytes(payload, "item.id").String(); itemID != "" { - state.ItemIDToTool[itemID] = tool - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", tool.Index) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.id", tool.ID) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.name", tool.Name) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - case "response.output_item.delta": - item := gjson.GetBytes(payload, "item") - if item.Get("type").String() != "function_call" { - break - } - tool := resolveTool(item.Get("id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - partial = item.Get("arguments").String() - } - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.function_call_arguments.delta": - // Copilot sends tool call arguments via this event type (not response.output_item.delta). - // Data format: {"delta":"...", "item_id":"...", "output_index":N, ...} - itemID := gjson.GetBytes(payload, "item_id").String() - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - tool := resolveTool(itemID, outputIndex) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.output_item.done": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - tool := resolveTool(gjson.GetBytes(payload, "item.id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", tool.Index) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - case "response.completed": - ensureMessageStart() - stopTextBlockIfNeeded() - if !state.MessageStopSent { - stopReason := "end_turn" - if state.HasToolUse { - stopReason = "tool_use" - } else if sr := gjson.GetBytes(payload, "response.stop_reason").String(); sr == "max_tokens" || sr == "stop" { - stopReason = sr - } - inputTokens := gjson.GetBytes(payload, "response.usage.input_tokens").Int() - outputTokens := gjson.GetBytes(payload, "response.usage.output_tokens").Int() - cachedTokens := gjson.GetBytes(payload, "response.usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - messageDelta := `{"type":"message_delta","delta":{"stop_reason":"","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - messageDelta, _ = sjson.Set(messageDelta, "delta.stop_reason", stopReason) - messageDelta, _ = sjson.Set(messageDelta, "usage.input_tokens", inputTokens) - messageDelta, _ = sjson.Set(messageDelta, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - messageDelta, _ = sjson.Set(messageDelta, "usage.cache_read_input_tokens", cachedTokens) - } - results = append(results, "event: message_delta\ndata: "+messageDelta+"\n\n") - results = append(results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - state.MessageStopSent = true - } - } - - return results -} - -func isHTTPSuccess(statusCode int) bool { - return statusCode >= 200 && statusCode < 300 -} - -// CloseExecutionSession implements ProviderExecutor. -func (e *GitHubCopilotExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/github_copilot_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/github_copilot_executor_test.go deleted file mode 100644 index e57e4f51d9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/github_copilot_executor_test.go +++ /dev/null @@ -1,375 +0,0 @@ -package executor - -import ( - "net/http" - "strings" - "testing" - - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestGitHubCopilotNormalizeModel_StripsSuffix(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - model string - wantModel string - }{ - { - name: "suffix stripped", - model: "claude-opus-4.6(medium)", - wantModel: "claude-opus-4.6", - }, - { - name: "no suffix unchanged", - model: "claude-opus-4.6", - wantModel: "claude-opus-4.6", - }, - { - name: "different suffix stripped", - model: "gpt-4o(high)", - wantModel: "gpt-4o", - }, - { - name: "numeric suffix stripped", - model: "gemini-2.5-pro(8192)", - wantModel: "gemini-2.5-pro", - }, - { - name: "uppercase model normalized", - model: "GPT-5.1-Codex-Max", - wantModel: "gpt-5.1-codex-max", - }, - } - - e := &GitHubCopilotExecutor{} - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - - body := []byte(`{"model":"` + tt.model + `","messages":[]}`) - got := e.normalizeModel(tt.model, body) - - gotModel := gjson.GetBytes(got, "model").String() - if gotModel != tt.wantModel { - t.Fatalf("normalizeModel() model = %q, want %q", gotModel, tt.wantModel) - } - }) - } -} - -func TestUseGitHubCopilotResponsesEndpoint_OpenAIResponseSource(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai-response"), "claude-3-5-sonnet") { - t.Fatal("expected openai-response source to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_CodexModel(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "gpt-5-codex") { - t.Fatal("expected codex model to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_CodexMiniModel(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "gpt-5.1-codex-mini") { - t.Fatal("expected codex-mini model to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_DefaultChat(t *testing.T) { - t.Parallel() - if useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "claude-3-5-sonnet") { - t.Fatal("expected default openai source with non-codex model to use /chat/completions") - } -} - -func TestNormalizeGitHubCopilotChatTools_KeepFunctionOnly(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"ok"}},{"type":"code_interpreter"}],"tool_choice":"auto"}`) - got := normalizeGitHubCopilotChatTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tool type = %q, want function", tools[0].Get("type").String()) - } -} - -func TestNormalizeGitHubCopilotChatTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[],"tool_choice":{"type":"function","function":{"name":"x"}}}`) - got := normalizeGitHubCopilotChatTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestNormalizeGitHubCopilotResponsesInput_MissingInputExtractedFromSystemAndMessages(t *testing.T) { - t.Parallel() - body := []byte(`{"system":"sys text","messages":[{"role":"user","content":"user text"},{"role":"assistant","content":[{"type":"text","text":"assistant text"}]}]}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if !in.IsArray() { - t.Fatalf("input type = %v, want array", in.Type) - } - raw := in.Raw - if !strings.Contains(raw, "sys text") || !strings.Contains(raw, "user text") || !strings.Contains(raw, "assistant text") { - t.Fatalf("input = %s, want structured array with all texts", raw) - } - if gjson.GetBytes(got, "messages").Exists() { - t.Fatal("messages should be removed after conversion") - } - if gjson.GetBytes(got, "system").Exists() { - t.Fatal("system should be removed after conversion") - } -} - -func TestNormalizeGitHubCopilotResponsesInput_NonStringInputStringified(t *testing.T) { - t.Parallel() - body := []byte(`{"input":{"foo":"bar"}}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if in.Type != gjson.String { - t.Fatalf("input type = %v, want string", in.Type) - } - if !strings.Contains(in.String(), "foo") { - t.Fatalf("input = %q, want stringified object", in.String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenFunctionTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"sum","description":"d","parameters":{"type":"object"}}},{"type":"web_search"}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("name").String() != "sum" { - t.Fatalf("tools[0].name = %q, want sum", tools[0].Get("name").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be preserved") - } -} - -func TestNormalizeGitHubCopilotResponsesTools_ClaudeFormatTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"name":"Bash","description":"Run commands","input_schema":{"type":"object","properties":{"command":{"type":"string"}},"required":["command"]}},{"name":"Read","description":"Read files","input_schema":{"type":"object","properties":{"path":{"type":"string"}}}}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 2 { - t.Fatalf("tools len = %d, want 2", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tools[0].type = %q, want function", tools[0].Get("type").String()) - } - if tools[0].Get("name").String() != "Bash" { - t.Fatalf("tools[0].name = %q, want Bash", tools[0].Get("name").String()) - } - if tools[0].Get("description").String() != "Run commands" { - t.Fatalf("tools[0].description = %q, want 'Run commands'", tools[0].Get("description").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be set from input_schema") - } - if tools[0].Get("parameters.properties.command").Exists() != true { - t.Fatal("expected parameters.properties.command to exist") - } - if tools[1].Get("name").String() != "Read" { - t.Fatalf("tools[1].name = %q, want Read", tools[1].Get("name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenToolChoiceFunctionObject(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function","function":{"name":"sum"}}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice.type").String() != "function" { - t.Fatalf("tool_choice.type = %q, want function", gjson.GetBytes(got, "tool_choice.type").String()) - } - if gjson.GetBytes(got, "tool_choice.name").String() != "sum" { - t.Fatalf("tool_choice.name = %q, want sum", gjson.GetBytes(got, "tool_choice.name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function"}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_TextMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_1","model":"gpt-5-codex","output":[{"type":"message","content":[{"type":"output_text","text":"hello"}]}],"usage":{"input_tokens":3,"output_tokens":5}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "type").String() != "message" { - t.Fatalf("type = %q, want message", gjson.Get(out, "type").String()) - } - if gjson.Get(out, "content.0.type").String() != "text" { - t.Fatalf("content.0.type = %q, want text", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.text").String() != "hello" { - t.Fatalf("content.0.text = %q, want hello", gjson.Get(out, "content.0.text").String()) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_ToolUseMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_2","model":"gpt-5-codex","output":[{"type":"function_call","id":"fc_1","call_id":"call_1","name":"sum","arguments":"{\"a\":1}"}],"usage":{"input_tokens":1,"output_tokens":2}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "content.0.type").String() != "tool_use" { - t.Fatalf("content.0.type = %q, want tool_use", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.name").String() != "sum" { - t.Fatalf("content.0.name = %q, want sum", gjson.Get(out, "content.0.name").String()) - } - if gjson.Get(out, "stop_reason").String() != "tool_use" { - t.Fatalf("stop_reason = %q, want tool_use", gjson.Get(out, "stop_reason").String()) - } -} - -func TestTranslateGitHubCopilotResponsesStreamToClaude_TextLifecycle(t *testing.T) { - t.Parallel() - var param any - - created := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.created","response":{"id":"resp_1","model":"gpt-5-codex"}}`), ¶m) - if len(created) == 0 || !strings.Contains(created[0], "message_start") { - t.Fatalf("created events = %#v, want message_start", created) - } - - delta := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_text.delta","delta":"he"}`), ¶m) - joinedDelta := strings.Join(delta, "") - if !strings.Contains(joinedDelta, "content_block_start") || !strings.Contains(joinedDelta, "text_delta") { - t.Fatalf("delta events = %#v, want content_block_start + text_delta", delta) - } - - completed := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.completed","response":{"usage":{"input_tokens":7,"output_tokens":9}}}`), ¶m) - joinedCompleted := strings.Join(completed, "") - if !strings.Contains(joinedCompleted, "message_delta") || !strings.Contains(joinedCompleted, "message_stop") { - t.Fatalf("completed events = %#v, want message_delta + message_stop", completed) - } -} - -func TestTranslateGitHubCopilotResponses_Parity_TextAndToolAcrossStreamModes(t *testing.T) { - t.Parallel() - - nonStream := []byte(`{"id":"resp_3","model":"gpt-5-codex","output":[{"type":"message","content":[{"type":"output_text","text":"hello parity"}]},{"type":"function_call","id":"fc_1","call_id":"call_1","name":"sum","arguments":"{\"a\":1}"}],"usage":{"input_tokens":5,"output_tokens":7}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(nonStream) - - if gjson.Get(out, "content.0.type").String() != "text" || gjson.Get(out, "content.0.text").String() != "hello parity" { - t.Fatalf("non-stream text mapping mismatch: %s", out) - } - if gjson.Get(out, "content.1.type").String() != "tool_use" || gjson.Get(out, "content.1.name").String() != "sum" { - t.Fatalf("non-stream tool mapping mismatch: %s", out) - } - - var param any - _ = translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.created","response":{"id":"resp_3","model":"gpt-5-codex"}}`), ¶m) - textDelta := strings.Join(translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_text.delta","delta":"hello parity"}`), ¶m), "") - toolAdded := strings.Join(translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_item.added","item":{"type":"function_call","call_id":"call_1","name":"sum","id":"fc_1"},"output_index":1}`), ¶m), "") - toolDone := strings.Join(translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.function_call_arguments.done","item_id":"fc_1","output_index":1,"arguments":"{\"a\":1}"}`), ¶m), "") - - if !strings.Contains(textDelta, `"type":"text_delta"`) || !strings.Contains(textDelta, "hello parity") { - t.Fatalf("stream text mapping mismatch: %s", textDelta) - } - if !strings.Contains(toolAdded, `"type":"tool_use"`) || !strings.Contains(toolAdded, `"name":"sum"`) { - t.Fatalf("stream tool start mismatch: %s", toolAdded) - } - if !strings.Contains(toolDone, `"type":"input_json_delta"`) || !strings.Contains(toolDone, `\"a\":1`) { - t.Fatalf("stream tool args mismatch: %s", toolDone) - } -} - -// --- Tests for X-Initiator detection logic (Problem L) --- - -func TestApplyHeaders_XInitiator_UserOnly(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"system","content":"sys"},{"role":"user","content":"hello"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "user" { - t.Fatalf("X-Initiator = %q, want user", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithAssistantAndUserToolResult(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - // Claude Code typical flow: last message is user (tool result), but has assistant in history - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"assistant","content":"I will read the file"},{"role":"user","content":"tool result here"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (assistant exists in messages)", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithToolRole(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"tool","content":"result"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (tool role exists)", got) - } -} - -// --- Tests for x-github-api-version header (Problem M) --- - -func TestApplyHeaders_GitHubAPIVersion(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - e.applyHeaders(req, "token", nil) - if got := req.Header.Get("X-Github-Api-Version"); got != "2025-04-01" { - t.Fatalf("X-Github-Api-Version = %q, want 2025-04-01", got) - } -} - -// --- Tests for vision detection (Problem P) --- - -func TestDetectVisionContent_WithImageURL(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"describe"},{"type":"image_url","image_url":{"url":"data:image/png;base64,abc"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected vision content to be detected") - } -} - -func TestDetectVisionContent_WithImageType(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"image","source":{"data":"abc","media_type":"image/png"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected image type to be detected") - } -} - -func TestDetectVisionContent_NoVision(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content") - } -} - -func TestDetectVisionContent_NoMessages(t *testing.T) { - t.Parallel() - // After Responses API normalization, messages is removed — detection should return false - body := []byte(`{"input":[{"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content when messages field is absent") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/iflow_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/iflow_executor.go deleted file mode 100644 index cadd5cf107..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/iflow_executor.go +++ /dev/null @@ -1,590 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/hmac" - "crypto/sha256" - "encoding/hex" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/google/uuid" - iflowauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - iflowDefaultEndpoint = "/chat/completions" - iflowUserAgent = "iFlow-Cli" -) - -// IFlowExecutor executes OpenAI-compatible chat completions against the iFlow API using API keys derived from OAuth. -type IFlowExecutor struct { - cfg *config.Config -} - -// NewIFlowExecutor constructs a new executor instance. -func NewIFlowExecutor(cfg *config.Config) *IFlowExecutor { return &IFlowExecutor{cfg: cfg} } - -// Identifier returns the provider key. -func (e *IFlowExecutor) Identifier() string { return "iflow" } - -// PrepareRequest injects iFlow credentials into the outgoing HTTP request. -func (e *IFlowExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := iflowCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - return nil -} - -// HttpRequest injects iFlow credentials into the request and executes it. -func (e *IFlowExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("iflow executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request. -func (e *IFlowExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "iflow executor: missing api key"} - return resp, err - } - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), iflowauth.DefaultAPIBaseURL, baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return resp, err - } - - body = preserveReasoningContentInMessages(body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyIFlowHeaders(httpReq, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - // Ensure usage is recorded even if upstream omits usage metadata. - reporter.ensurePublished(ctx) - - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request. -func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "iflow executor: missing api key"} - return nil, err - } - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), iflowauth.DefaultAPIBaseURL, baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return nil, err - } - - body = preserveReasoningContentInMessages(body) - // Ensure tools array exists to avoid provider quirks similar to Qwen's behaviour. - toolsResult := gjson.GetBytes(body, "tools") - if toolsResult.Exists() && toolsResult.IsArray() && len(toolsResult.Array()) == 0 { - body = ensureToolsArray(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyIFlowHeaders(httpReq, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, _ := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Guarantee a usage record exists even if the stream never emitted usage data. - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *IFlowExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - enc, err := tokenizerForModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes OAuth tokens or cookie-based API keys and updates the stored API key. -func (e *IFlowExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: refresh called") - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "iflow executor: missing auth"} - } - - // Check if this is cookie-based authentication - var cookie string - var email string - if auth.Metadata != nil { - if v, ok := auth.Metadata["cookie"].(string); ok { - cookie = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["email"].(string); ok { - email = strings.TrimSpace(v) - } - } - - // If cookie is present, use cookie-based refresh - if cookie != "" && email != "" { - return e.refreshCookieBased(ctx, auth, cookie, email) - } - - // Otherwise, use OAuth-based refresh - return e.refreshOAuthBased(ctx, auth) -} - -// refreshCookieBased refreshes API key using browser cookie -func (e *IFlowExecutor) refreshCookieBased(ctx context.Context, auth *cliproxyauth.Auth, cookie, email string) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: checking refresh need for cookie-based API key for user: %s", email) - - // Get current expiry time from metadata - var currentExpire string - if auth.Metadata != nil { - if v, ok := auth.Metadata["expired"].(string); ok { - currentExpire = strings.TrimSpace(v) - } - } - - // Check if refresh is needed - needsRefresh, _, err := iflowauth.ShouldRefreshAPIKey(currentExpire) - if err != nil { - log.Warnf("iflow executor: failed to check refresh need: %v", err) - // If we can't check, continue with refresh anyway as a safety measure - } else if !needsRefresh { - log.Debugf("iflow executor: no refresh needed for user: %s", email) - return auth, nil - } - - log.Infof("iflow executor: refreshing cookie-based API key for user: %s", email) - - svc := iflowauth.NewIFlowAuth(e.cfg, nil) - keyData, err := svc.RefreshAPIKey(ctx, cookie, email) - if err != nil { - log.Errorf("iflow executor: cookie-based API key refresh failed: %v", err) - return nil, err - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["api_key"] = keyData.APIKey - auth.Metadata["expired"] = keyData.ExpireTime - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.Metadata["cookie"] = cookie - auth.Metadata["email"] = email - - log.Infof("iflow executor: cookie-based API key refreshed successfully, new expiry: %s", keyData.ExpireTime) - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["api_key"] = keyData.APIKey - - return auth, nil -} - -// refreshOAuthBased refreshes tokens using OAuth refresh token -func (e *IFlowExecutor) refreshOAuthBased(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - refreshToken := "" - oldAccessToken := "" - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["access_token"].(string); ok { - oldAccessToken = strings.TrimSpace(v) - } - } - if refreshToken == "" { - return auth, nil - } - - // Log refresh start without including token material. - if oldAccessToken != "" { - log.Debug("iflow executor: refreshing access token") - } - - svc := iflowauth.NewIFlowAuth(e.cfg, nil) - tokenData, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - log.Errorf("iflow executor: token refresh failed: %v", err) - return nil, classifyIFlowRefreshError(err) - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenData.AccessToken - if tokenData.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenData.RefreshToken - } - if tokenData.APIKey != "" { - auth.Metadata["api_key"] = tokenData.APIKey - } - auth.Metadata["expired"] = tokenData.Expire - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - - log.Debug("iflow executor: token refresh successful") - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if tokenData.APIKey != "" { - auth.Attributes["api_key"] = tokenData.APIKey - } - - return auth, nil -} - -func classifyIFlowRefreshError(err error) error { - if err == nil { - return nil - } - msg := strings.ToLower(err.Error()) - if strings.Contains(msg, "iflow token") && strings.Contains(msg, "server busy") { - return statusErr{code: http.StatusServiceUnavailable, msg: err.Error()} - } - if strings.Contains(msg, "provider rejected token request") && (strings.Contains(msg, "code=429") || strings.Contains(msg, "too many requests") || strings.Contains(msg, "rate limit") || strings.Contains(msg, "quota")) { - return statusErr{code: http.StatusTooManyRequests, msg: err.Error()} - } - if strings.Contains(msg, "provider rejected token request") && strings.Contains(msg, "code=503") { - return statusErr{code: http.StatusServiceUnavailable, msg: err.Error()} - } - if strings.Contains(msg, "provider rejected token request") && strings.Contains(msg, "code=500") { - return statusErr{code: http.StatusServiceUnavailable, msg: err.Error()} - } - return err -} - -func applyIFlowHeaders(r *http.Request, apiKey string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiKey) - r.Header.Set("User-Agent", iflowUserAgent) - - // Generate session-id - sessionID := "session-" + generateUUID() - r.Header.Set("session-id", sessionID) - - // Generate timestamp and signature - timestamp := time.Now().UnixMilli() - r.Header.Set("x-iflow-timestamp", fmt.Sprintf("%d", timestamp)) - - signature := createIFlowSignature(iflowUserAgent, sessionID, timestamp, apiKey) - if signature != "" { - r.Header.Set("x-iflow-signature", signature) - } - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } -} - -// createIFlowSignature generates HMAC-SHA256 signature for iFlow API requests. -// The signature payload format is: userAgent:sessionId:timestamp -func createIFlowSignature(userAgent, sessionID string, timestamp int64, apiKey string) string { - if apiKey == "" { - return "" - } - payload := fmt.Sprintf("%s:%s:%d", userAgent, sessionID, timestamp) - h := hmac.New(sha256.New, []byte(apiKey)) - h.Write([]byte(payload)) - return hex.EncodeToString(h.Sum(nil)) -} - -// generateUUID generates a random UUID v4 string. -func generateUUID() string { - return uuid.New().String() -} - -func iflowCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := strings.TrimSpace(a.Attributes["api_key"]); v != "" { - apiKey = v - } - if v := strings.TrimSpace(a.Attributes["base_url"]); v != "" { - baseURL = v - } - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["api_key"].(string); ok { - apiKey = strings.TrimSpace(v) - } - } - if baseURL == "" && a.Metadata != nil { - if v, ok := a.Metadata["base_url"].(string); ok { - baseURL = strings.TrimSpace(v) - } - } - return apiKey, baseURL -} - -func ensureToolsArray(body []byte) []byte { - placeholder := `[{"type":"function","function":{"name":"noop","description":"Placeholder tool to stabilise streaming","parameters":{"type":"object"}}}]` - updated, err := sjson.SetRawBytes(body, "tools", []byte(placeholder)) - if err != nil { - return body - } - return updated -} - -// preserveReasoningContentInMessages checks if reasoning_content from assistant messages -// is preserved in conversation history for iFlow models that support thinking. -// This is helpful for multi-turn conversations where the model may benefit from seeing -// its previous reasoning to maintain coherent thought chains. -// -// For GLM-4.6/4.7 and MiniMax M2/M2.1, it is recommended to include the full assistant -// response (including reasoning_content) in message history for better context continuity. -func preserveReasoningContentInMessages(body []byte) []byte { - model := strings.ToLower(gjson.GetBytes(body, "model").String()) - - // Only apply to models that support thinking with history preservation - needsPreservation := strings.HasPrefix(model, "glm-4") || strings.HasPrefix(model, "minimax-m2") - - if !needsPreservation { - return body - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - - // Check if any assistant message already has reasoning_content preserved - hasReasoningContent := false - messages.ForEach(func(_, msg gjson.Result) bool { - role := msg.Get("role").String() - if role == "assistant" { - rc := msg.Get("reasoning_content") - if rc.Exists() && rc.String() != "" { - hasReasoningContent = true - return false // stop iteration - } - } - return true - }) - - // If reasoning content is already present, the messages are properly formatted - // No need to modify - the client has correctly preserved reasoning in history - if hasReasoningContent { - log.Debugf("iflow executor: reasoning_content found in message history for %s", model) - } - - return body -} - -func (e *IFlowExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/iflow_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/iflow_executor_test.go deleted file mode 100644 index 2686977921..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/iflow_executor_test.go +++ /dev/null @@ -1,112 +0,0 @@ -package executor - -import ( - "errors" - "net/http" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" -) - -func TestIFlowExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "glm-4", "glm-4", ""}, - {"glm with suffix", "glm-4.1-flash(high)", "glm-4.1-flash", "high"}, - {"minimax no suffix", "minimax-m2", "minimax-m2", ""}, - {"minimax with suffix", "minimax-m2.1(medium)", "minimax-m2.1", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} - -func TestClassifyIFlowRefreshError(t *testing.T) { - t.Run("maps server busy to 503", func(t *testing.T) { - err := classifyIFlowRefreshError(errors.New("iflow token: provider rejected token request (code=500 message=server busy)")) - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T", err) - } - if got := se.StatusCode(); got != http.StatusServiceUnavailable { - t.Fatalf("status code = %d, want %d", got, http.StatusServiceUnavailable) - } - }) - - t.Run("non server busy unchanged", func(t *testing.T) { - in := errors.New("iflow token: provider rejected token request (code=400 message=invalid_grant)") - out := classifyIFlowRefreshError(in) - if !errors.Is(out, in) { - t.Fatalf("expected original error to be preserved") - } - }) - - t.Run("maps provider 429 to 429", func(t *testing.T) { - err := classifyIFlowRefreshError(errors.New("iflow token: provider rejected token request (code=429 message=rate limit exceeded)")) - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T", err) - } - if got := se.StatusCode(); got != http.StatusTooManyRequests { - t.Fatalf("status code = %d, want %d", got, http.StatusTooManyRequests) - } - }) - - t.Run("maps provider 503 to 503", func(t *testing.T) { - err := classifyIFlowRefreshError(errors.New("iflow token: provider rejected token request (code=503 message=service unavailable)")) - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T", err) - } - if got := se.StatusCode(); got != http.StatusServiceUnavailable { - t.Fatalf("status code = %d, want %d", got, http.StatusServiceUnavailable) - } - }) -} - -func TestPreserveReasoningContentInMessages(t *testing.T) { - tests := []struct { - name string - input []byte - want []byte // nil means output should equal input - }{ - { - "non-glm model passthrough", - []byte(`{"model":"gpt-4","messages":[]}`), - nil, - }, - { - "glm model with empty messages", - []byte(`{"model":"glm-4","messages":[]}`), - nil, - }, - { - "glm model preserves existing reasoning_content", - []byte(`{"model":"glm-4","messages":[{"role":"assistant","content":"hi","reasoning_content":"thinking..."}]}`), - nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := preserveReasoningContentInMessages(tt.input) - want := tt.want - if want == nil { - want = tt.input - } - if string(got) != string(want) { - t.Errorf("preserveReasoningContentInMessages() = %s, want %s", got, want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kilo_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kilo_executor.go deleted file mode 100644 index 5599dd5a6e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kilo_executor.go +++ /dev/null @@ -1,462 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "errors" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// KiloExecutor handles requests to Kilo API. -type KiloExecutor struct { - cfg *config.Config -} - -// NewKiloExecutor creates a new Kilo executor instance. -func NewKiloExecutor(cfg *config.Config) *KiloExecutor { - return &KiloExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiloExecutor) Identifier() string { return "kilo" } - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiloExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiloCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return fmt.Errorf("kilo: missing access token") - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest executes a raw HTTP request. -func (e *KiloExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kilo executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request. -func (e *KiloExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { _ = httpResp.Body.Close() }() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - reporter.ensurePublished(ctx) - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil -} - -// ExecuteStream performs a streaming request. -func (e *KiloExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - _ = httpResp.Body.Close() - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { _ = httpResp.Body.Close() }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// Refresh validates the Kilo token. -func (e *KiloExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - return auth, nil -} - -// CountTokens returns the token count for the given request. -func (e *KiloExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, fmt.Errorf("kilo: count tokens not supported") -} - -// kiloCredentials extracts access token and other info from auth. -func kiloCredentials(auth *cliproxyauth.Auth) (accessToken, orgID string) { - if auth == nil { - return "", "" - } - - // Prefer kilocode specific keys, then fall back to generic keys. - // Check metadata first, then attributes. - if auth.Metadata != nil { - if token, ok := auth.Metadata["kilocodeToken"].(string); ok && token != "" { - accessToken = token - } else if token, ok := auth.Metadata["access_token"].(string); ok && token != "" { - accessToken = token - } - - if org, ok := auth.Metadata["kilocodeOrganizationId"].(string); ok && org != "" { - orgID = org - } else if org, ok := auth.Metadata["organization_id"].(string); ok && org != "" { - orgID = org - } - } - - if accessToken == "" && auth.Attributes != nil { - if token := auth.Attributes["kilocodeToken"]; token != "" { - accessToken = token - } else if token := auth.Attributes["access_token"]; token != "" { - accessToken = token - } - } - - if orgID == "" && auth.Attributes != nil { - if org := auth.Attributes["kilocodeOrganizationId"]; org != "" { - orgID = org - } else if org := auth.Attributes["organization_id"]; org != "" { - orgID = org - } - } - - return accessToken, orgID -} - -// FetchKiloModels fetches models from Kilo API. -func FetchKiloModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - log.Infof("kilo: no access token found, skipping dynamic model fetch (using static kilo/auto)") - return registry.GetKiloModels() - } - - log.Debugf("kilo: fetching dynamic models (orgID: %s)", orgID) - - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.kilo.ai/api/openrouter/models", nil) - if err != nil { - log.Warnf("kilo: failed to create model fetch request: %v", err) - return registry.GetKiloModels() - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - req.Header.Set("X-Kilocode-OrganizationID", orgID) - } - req.Header.Set("User-Agent", "cli-proxy-kilo") - - resp, err := httpClient.Do(req) - if err != nil { - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - log.Warnf("kilo: fetch models canceled: %v", err) - } else { - log.Warnf("kilo: using static models (API fetch failed: %v)", err) - } - return registry.GetKiloModels() - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Warnf("kilo: failed to read models response: %v", err) - return registry.GetKiloModels() - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("kilo: fetch models failed: status %d, body: %s", resp.StatusCode, string(body)) - return registry.GetKiloModels() - } - - result := gjson.GetBytes(body, "data") - if !result.Exists() { - // Try root if data field is missing - result = gjson.ParseBytes(body) - if !result.IsArray() { - log.Debugf("kilo: response body: %s", string(body)) - log.Warn("kilo: invalid API response format (expected array or data field with array)") - return registry.GetKiloModels() - } - } - - var dynamicModels []*registry.ModelInfo - now := time.Now().Unix() - count := 0 - totalCount := 0 - - result.ForEach(func(key, value gjson.Result) bool { - totalCount++ - id := value.Get("id").String() - pIdxResult := value.Get("preferredIndex") - preferredIndex := pIdxResult.Int() - - // Filter models where preferredIndex > 0 (Kilo-curated models) - if preferredIndex <= 0 { - return true - } - - // Check if it's free. We look for :free suffix, is_free flag, or zero pricing. - isFree := strings.HasSuffix(id, ":free") || id == "giga-potato" || value.Get("is_free").Bool() - if !isFree { - // Check pricing as fallback - promptPricing := value.Get("pricing.prompt").String() - if promptPricing == "0" || promptPricing == "0.0" { - isFree = true - } - } - - if !isFree { - log.Debugf("kilo: skipping curated paid model: %s", id) - return true - } - - log.Debugf("kilo: found curated model: %s (preferredIndex: %d)", id, preferredIndex) - - dynamicModels = append(dynamicModels, ®istry.ModelInfo{ - ID: id, - DisplayName: value.Get("name").String(), - ContextLength: int(value.Get("context_length").Int()), - OwnedBy: "kilo", - Type: "kilo", - Object: "model", - Created: now, - }) - count++ - return true - }) - - log.Infof("kilo: fetched %d models from API, %d curated free (preferredIndex > 0)", totalCount, count) - if count == 0 && totalCount > 0 { - log.Warn("kilo: no curated free models found (check API response fields)") - } - - staticModels := registry.GetKiloModels() - // Always include kilo/auto (first static model) - allModels := append(staticModels[:1], dynamicModels...) - - return allModels -} - -func (e *KiloExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kimi_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kimi_executor.go deleted file mode 100644 index b7ee53b55d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kimi_executor.go +++ /dev/null @@ -1,619 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - kimiauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kimi" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// KimiExecutor is a stateless executor for Kimi API using OpenAI-compatible chat completions. -type KimiExecutor struct { - ClaudeExecutor - cfg *config.Config -} - -// NewKimiExecutor creates a new Kimi executor. -func NewKimiExecutor(cfg *config.Config) *KimiExecutor { return &KimiExecutor{cfg: cfg} } - -// Identifier returns the executor identifier. -func (e *KimiExecutor) Identifier() string { return "kimi" } - -// PrepareRequest injects Kimi credentials into the outgoing HTTP request. -func (e *KimiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token := kimiCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Kimi credentials into the request and executes it. -func (e *KimiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kimi executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request to Kimi. -func (e *KimiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.Execute(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), false) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return resp, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return resp, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyKimiHeadersWithAuth(httpReq, token, false, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request to Kimi. -func (e *KimiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.ExecuteStream(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), true) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return nil, err - } - - body, err = sjson.SetBytes(body, "stream_options.include_usage", true) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set stream_options in payload: %w", err) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return nil, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyKimiHeadersWithAuth(httpReq, token, true, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 1_048_576) // 1MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens estimates token count for Kimi requests. -func (e *KimiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.CountTokens(ctx, auth, req, opts) -} - -func normalizeKimiToolMessageLinks(body []byte) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body, nil - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body, nil - } - - out := body - pending := make([]string, 0) - patched := 0 - patchedReasoning := 0 - ambiguous := 0 - latestReasoning := "" - hasLatestReasoning := false - - removePending := func(id string) { - for idx := range pending { - if pending[idx] != id { - continue - } - pending = append(pending[:idx], pending[idx+1:]...) - return - } - } - - msgs := messages.Array() - for msgIdx := range msgs { - msg := msgs[msgIdx] - role := strings.TrimSpace(msg.Get("role").String()) - switch role { - case "assistant": - reasoning := msg.Get("reasoning_content") - if reasoning.Exists() { - reasoningText := reasoning.String() - if strings.TrimSpace(reasoningText) != "" { - latestReasoning = reasoningText - hasLatestReasoning = true - } - } - - toolCalls := msg.Get("tool_calls") - if !toolCalls.Exists() || !toolCalls.IsArray() || len(toolCalls.Array()) == 0 { - continue - } - - if !reasoning.Exists() || strings.TrimSpace(reasoning.String()) == "" { - reasoningText := fallbackAssistantReasoning(msg, hasLatestReasoning, latestReasoning) - path := fmt.Sprintf("messages.%d.reasoning_content", msgIdx) - next, err := sjson.SetBytes(out, path, reasoningText) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set assistant reasoning_content: %w", err) - } - out = next - patchedReasoning++ - } - - for _, tc := range toolCalls.Array() { - id := strings.TrimSpace(tc.Get("id").String()) - if id == "" { - continue - } - pending = append(pending, id) - } - case "tool": - toolCallID := strings.TrimSpace(msg.Get("tool_call_id").String()) - if toolCallID == "" { - toolCallID = strings.TrimSpace(msg.Get("call_id").String()) - if toolCallID != "" { - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set tool_call_id from call_id: %w", err) - } - out = next - patched++ - } - } - if toolCallID == "" { - if len(pending) == 1 { - toolCallID = pending[0] - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to infer tool_call_id: %w", err) - } - out = next - patched++ - } else if len(pending) > 1 { - ambiguous++ - } - } - if toolCallID != "" { - removePending(toolCallID) - } - } - } - - if patched > 0 || patchedReasoning > 0 { - log.WithFields(log.Fields{ - "patched_tool_messages": patched, - "patched_reasoning_messages": patchedReasoning, - }).Debug("kimi executor: normalized tool message fields") - } - if ambiguous > 0 { - log.WithFields(log.Fields{ - "ambiguous_tool_messages": ambiguous, - "pending_tool_calls": len(pending), - }).Warn("kimi executor: tool messages missing tool_call_id with ambiguous candidates") - } - - return out, nil -} - -func fallbackAssistantReasoning(msg gjson.Result, hasLatest bool, latest string) string { - if hasLatest && strings.TrimSpace(latest) != "" { - return latest - } - - content := msg.Get("content") - if content.Type == gjson.String { - if text := strings.TrimSpace(content.String()); text != "" { - return text - } - } - if content.IsArray() { - parts := make([]string, 0, len(content.Array())) - for _, item := range content.Array() { - text := strings.TrimSpace(item.Get("text").String()) - if text == "" { - continue - } - parts = append(parts, text) - } - if len(parts) > 0 { - return strings.Join(parts, "\n") - } - } - - return "[reasoning unavailable]" -} - -// Refresh refreshes the Kimi token using the refresh token. -func (e *KimiExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("kimi executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("kimi executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - client := kimiauth.NewDeviceFlowClientWithDeviceID(e.cfg, resolveKimiDeviceID(auth), nil) - td, err := client.RefreshToken(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ExpiresAt > 0 { - exp := time.Unix(td.ExpiresAt, 0).UTC().Format(time.RFC3339) - auth.Metadata["expired"] = exp - } - auth.Metadata["type"] = "kimi" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// applyKimiHeaders sets required headers for Kimi API requests. -// Headers match kimi-cli client for compatibility. -func applyKimiHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - // Match kimi-cli headers exactly - r.Header.Set("User-Agent", "KimiCLI/1.10.6") - r.Header.Set("X-Msh-Platform", "kimi_cli") - r.Header.Set("X-Msh-Version", "1.10.6") - r.Header.Set("X-Msh-Device-Name", getKimiHostname()) - r.Header.Set("X-Msh-Device-Model", getKimiDeviceModel()) - r.Header.Set("X-Msh-Device-Id", getKimiDeviceID()) - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func resolveKimiDeviceIDFromAuth(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return "" - } - - deviceIDRaw, ok := auth.Metadata["device_id"] - if !ok { - return "" - } - - deviceID, ok := deviceIDRaw.(string) - if !ok { - return "" - } - - return strings.TrimSpace(deviceID) -} - -func resolveKimiDeviceIDFromStorage(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - - storage, ok := auth.Storage.(*kimiauth.KimiTokenStorage) - if !ok || storage == nil { - return "" - } - - return strings.TrimSpace(storage.DeviceID) -} - -func resolveKimiDeviceID(auth *cliproxyauth.Auth) string { - deviceID := resolveKimiDeviceIDFromAuth(auth) - if deviceID != "" { - return deviceID - } - return resolveKimiDeviceIDFromStorage(auth) -} - -func applyKimiHeadersWithAuth(r *http.Request, token string, stream bool, auth *cliproxyauth.Auth) { - applyKimiHeaders(r, token, stream) - - if deviceID := resolveKimiDeviceID(auth); deviceID != "" { - r.Header.Set("X-Msh-Device-Id", deviceID) - } -} - -// getKimiHostname returns the machine hostname. -func getKimiHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// getKimiDeviceModel returns a device model string matching kimi-cli format. -func getKimiDeviceModel() string { - return fmt.Sprintf("%s %s", runtime.GOOS, runtime.GOARCH) -} - -// getKimiDeviceID returns a stable device ID, matching kimi-cli storage location. -func getKimiDeviceID() string { - homeDir, err := os.UserHomeDir() - if err != nil { - return "cli-proxy-api-device" - } - // Check kimi-cli's device_id location first (platform-specific) - var kimiShareDir string - switch runtime.GOOS { - case "darwin": - kimiShareDir = filepath.Join(homeDir, "Library", "Application Support", "kimi") - case "windows": - appData := os.Getenv("APPDATA") - if appData == "" { - appData = filepath.Join(homeDir, "AppData", "Roaming") - } - kimiShareDir = filepath.Join(appData, "kimi") - default: // linux and other unix-like - kimiShareDir = filepath.Join(homeDir, ".local", "share", "kimi") - } - deviceIDPath := filepath.Join(kimiShareDir, "device_id") - if data, err := os.ReadFile(deviceIDPath); err == nil { - return strings.TrimSpace(string(data)) - } - return "cli-proxy-api-device" -} - -// kimiCreds extracts the access token from auth. -func kimiCreds(a *cliproxyauth.Auth) (token string) { - if a == nil { - return "" - } - // Check metadata first (OAuth flow stores tokens here) - if a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return v - } - } - // Fallback to attributes (API key style) - if a.Attributes != nil { - if v := a.Attributes["access_token"]; v != "" { - return v - } - if v := a.Attributes["api_key"]; v != "" { - return v - } - } - return "" -} - -// stripKimiPrefix removes the "kimi-" prefix from model names for the upstream API. -func stripKimiPrefix(model string) string { - model = strings.TrimSpace(model) - if strings.HasPrefix(strings.ToLower(model), "kimi-") { - return model[5:] - } - return model -} - -func (e *KimiExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kimi_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kimi_executor_test.go deleted file mode 100644 index 210ddb0ef9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kimi_executor_test.go +++ /dev/null @@ -1,205 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestNormalizeKimiToolMessageLinks_UsesCallIDFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"list_directory:1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","call_id":"list_directory:1","content":"[]"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "list_directory:1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "list_directory:1") - } -} - -func TestNormalizeKimiToolMessageLinks_InferSinglePendingID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_123","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","content":"file-content"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_123" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_123") - } -} - -func TestNormalizeKimiToolMessageLinks_AmbiguousMissingIDIsNotInferred(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}, - {"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}} - ]}, - {"role":"tool","content":"result-without-id"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if gjson.GetBytes(out, "messages.1.tool_call_id").Exists() { - t.Fatalf("messages.1.tool_call_id should be absent for ambiguous case, got %q", gjson.GetBytes(out, "messages.1.tool_call_id").String()) - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingToolCallID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","tool_call_id":"call_1","call_id":"different-id","content":"result"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } -} - -func TestNormalizeKimiToolMessageLinks_InheritsPreviousReasoningForAssistantToolCalls(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"plan","reasoning_content":"previous reasoning"}, - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.reasoning_content").String() - if got != "previous reasoning" { - t.Fatalf("messages.1.reasoning_content = %q, want %q", got, "previous reasoning") - } -} - -func TestNormalizeKimiToolMessageLinks_InsertsFallbackReasoningWhenMissing(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - reasoning := gjson.GetBytes(out, "messages.0.reasoning_content") - if !reasoning.Exists() { - t.Fatalf("messages.0.reasoning_content should exist") - } - if reasoning.String() != "[reasoning unavailable]" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", reasoning.String(), "[reasoning unavailable]") - } -} - -func TestNormalizeKimiToolMessageLinks_UsesContentAsReasoningFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":[{"type":"text","text":"first line"},{"type":"text","text":"second line"}],"tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "first line\nsecond line" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "first line\nsecond line") - } -} - -func TestNormalizeKimiToolMessageLinks_ReplacesEmptyReasoningContent(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"assistant summary","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":""} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "assistant summary" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "assistant summary") - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingAssistantReasoning(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"keep me"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "keep me" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "keep me") - } -} - -func TestNormalizeKimiToolMessageLinks_RepairsIDsAndReasoningTogether(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"r1"}, - {"role":"tool","call_id":"call_1","content":"[]"}, - {"role":"assistant","tool_calls":[{"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","call_id":"call_2","content":"file"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if got := gjson.GetBytes(out, "messages.1.tool_call_id").String(); got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } - if got := gjson.GetBytes(out, "messages.3.tool_call_id").String(); got != "call_2" { - t.Fatalf("messages.3.tool_call_id = %q, want %q", got, "call_2") - } - if got := gjson.GetBytes(out, "messages.2.reasoning_content").String(); got != "r1" { - t.Fatalf("messages.2.reasoning_content = %q, want %q", got, "r1") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor.go deleted file mode 100644 index a4afc0512a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor.go +++ /dev/null @@ -1,4691 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/sha256" - "encoding/base64" - "encoding/binary" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "syscall" - "time" - - "github.com/google/uuid" - kiroclaude "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/claude" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - kiroopenai "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/openai" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro API common constants - kiroContentType = "application/json" - kiroAcceptStream = "*/*" - - // Event Stream frame size constants for boundary protection - // AWS Event Stream binary format: prelude (12 bytes) + headers + payload + message_crc (4 bytes) - // Prelude consists of: total_length (4) + headers_length (4) + prelude_crc (4) - minEventStreamFrameSize = 16 // Minimum: 4(total_len) + 4(headers_len) + 4(prelude_crc) + 4(message_crc) - maxEventStreamMsgSize = 10 << 20 // Maximum message length: 10MB - - // Event Stream error type constants - ErrStreamFatal = "fatal" // Connection/authentication errors, not recoverable - ErrStreamMalformed = "malformed" // Format errors, data cannot be parsed - - // kiroUserAgent matches Amazon Q CLI style for User-Agent header - kiroUserAgent = "aws-sdk-rust/1.3.9 os/macos lang/rust/1.87.0" - // kiroFullUserAgent is the complete x-amz-user-agent header (Amazon Q CLI style) - kiroFullUserAgent = "aws-sdk-rust/1.3.9 ua/2.1 api/ssooidc/1.88.0 os/macos lang/rust/1.87.0 m/E app/AmazonQ-For-CLI" - - // Kiro IDE style headers for IDC auth - kiroIDEUserAgent = "aws-sdk-js/1.0.27 ua/2.1 os/win32#10.0.19044 lang/js md/nodejs#22.21.1 api/codewhispererstreaming#1.0.27 m/E" - kiroIDEAmzUserAgent = "aws-sdk-js/1.0.27" - kiroIDEAgentModeVibe = "vibe" - - // Socket retry configuration constants - // Maximum number of retry attempts for socket/network errors - kiroSocketMaxRetries = 3 - // Base delay between retry attempts (uses exponential backoff: delay * 2^attempt) - kiroSocketBaseRetryDelay = 1 * time.Second - // Maximum delay between retry attempts (cap for exponential backoff) - kiroSocketMaxRetryDelay = 30 * time.Second - // First token timeout for streaming responses (how long to wait for first response) - kiroFirstTokenTimeout = 15 * time.Second - // Streaming read timeout (how long to wait between chunks) - kiroStreamingReadTimeout = 300 * time.Second -) - -// retryableHTTPStatusCodes defines HTTP status codes that are considered retryable. -// Based on kiro2Api reference: 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout) -var retryableHTTPStatusCodes = map[int]bool{ - 502: true, // Bad Gateway - upstream server error - 503: true, // Service Unavailable - server temporarily overloaded - 504: true, // Gateway Timeout - upstream server timeout -} - -// Real-time usage estimation configuration -// These control how often usage updates are sent during streaming -var ( - usageUpdateCharThreshold = 5000 // Send usage update every 5000 characters - usageUpdateTimeInterval = 15 * time.Second // Or every 15 seconds, whichever comes first -) - -// Global FingerprintManager for dynamic User-Agent generation per token -// Each token gets a unique fingerprint on first use, which is cached for subsequent requests -var ( - globalFingerprintManager *kiroauth.FingerprintManager - globalFingerprintManagerOnce sync.Once -) - -// getGlobalFingerprintManager returns the global FingerprintManager instance -func getGlobalFingerprintManager() *kiroauth.FingerprintManager { - globalFingerprintManagerOnce.Do(func() { - globalFingerprintManager = kiroauth.NewFingerprintManager() - log.Infof("kiro: initialized global FingerprintManager for dynamic UA generation") - }) - return globalFingerprintManager -} - -// retryConfig holds configuration for socket retry logic. -// Based on kiro2Api Python implementation patterns. -type retryConfig struct { - MaxRetries int // Maximum number of retry attempts - BaseDelay time.Duration // Base delay between retries (exponential backoff) - MaxDelay time.Duration // Maximum delay cap - RetryableErrors []string // List of retryable error patterns - RetryableStatus map[int]bool // HTTP status codes to retry - FirstTokenTmout time.Duration // Timeout for first token in streaming - StreamReadTmout time.Duration // Timeout between stream chunks -} - -// defaultRetryConfig returns the default retry configuration for Kiro socket operations. -func defaultRetryConfig() retryConfig { - return retryConfig{ - MaxRetries: kiroSocketMaxRetries, - BaseDelay: kiroSocketBaseRetryDelay, - MaxDelay: kiroSocketMaxRetryDelay, - RetryableStatus: retryableHTTPStatusCodes, - RetryableErrors: []string{ - "connection reset", - "connection refused", - "broken pipe", - "EOF", - "timeout", - "temporary failure", - "no such host", - "network is unreachable", - "i/o timeout", - }, - FirstTokenTmout: kiroFirstTokenTimeout, - StreamReadTmout: kiroStreamingReadTimeout, - } -} - -// isRetryableError checks if an error is retryable based on error type and message. -// Returns true for network timeouts, connection resets, and temporary failures. -// Based on kiro2Api's retry logic patterns. -func isRetryableError(err error) bool { - if err == nil { - return false - } - - // Check for context cancellation - not retryable - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - return false - } - - // Check for net.Error (timeout, temporary) - var netErr net.Error - if errors.As(err, &netErr) { - if netErr.Timeout() { - log.Debugf("kiro: isRetryableError: network timeout detected") - return true - } - // Note: Temporary() is deprecated but still useful for some error types - } - - // Check for specific syscall errors (connection reset, broken pipe, etc.) - var syscallErr syscall.Errno - if errors.As(err, &syscallErr) { - switch syscallErr { - case syscall.ECONNRESET: // Connection reset by peer - log.Debugf("kiro: isRetryableError: ECONNRESET detected") - return true - case syscall.ECONNREFUSED: // Connection refused - log.Debugf("kiro: isRetryableError: ECONNREFUSED detected") - return true - case syscall.EPIPE: // Broken pipe - log.Debugf("kiro: isRetryableError: EPIPE (broken pipe) detected") - return true - case syscall.ETIMEDOUT: // Connection timed out - log.Debugf("kiro: isRetryableError: ETIMEDOUT detected") - return true - case syscall.ENETUNREACH: // Network is unreachable - log.Debugf("kiro: isRetryableError: ENETUNREACH detected") - return true - case syscall.EHOSTUNREACH: // No route to host - log.Debugf("kiro: isRetryableError: EHOSTUNREACH detected") - return true - } - } - - // Check for net.OpError wrapping other errors - var opErr *net.OpError - if errors.As(err, &opErr) { - log.Debugf("kiro: isRetryableError: net.OpError detected, op=%s", opErr.Op) - // Recursively check the wrapped error - if opErr.Err != nil { - return isRetryableError(opErr.Err) - } - return true - } - - // Check error message for retryable patterns - errMsg := strings.ToLower(err.Error()) - cfg := defaultRetryConfig() - for _, pattern := range cfg.RetryableErrors { - if strings.Contains(errMsg, pattern) { - log.Debugf("kiro: isRetryableError: pattern '%s' matched in error: %s", pattern, errMsg) - return true - } - } - - // Check for EOF which may indicate connection was closed - if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { - log.Debugf("kiro: isRetryableError: EOF/UnexpectedEOF detected") - return true - } - - return false -} - -// isRetryableHTTPStatus checks if an HTTP status code is retryable. -// Based on kiro2Api: 502, 503, 504 are retryable server errors. -func isRetryableHTTPStatus(statusCode int) bool { - return retryableHTTPStatusCodes[statusCode] -} - -// calculateRetryDelay calculates the delay for the next retry attempt using exponential backoff. -// delay = min(baseDelay * 2^attempt, maxDelay) -// Adds ±30% jitter to prevent thundering herd. -func calculateRetryDelay(attempt int, cfg retryConfig) time.Duration { - return kiroauth.ExponentialBackoffWithJitter(attempt, cfg.BaseDelay, cfg.MaxDelay) -} - -// logRetryAttempt logs a retry attempt with relevant context. -func logRetryAttempt(attempt, maxRetries int, reason string, delay time.Duration, endpoint string) { - log.Warnf("kiro: retry attempt %d/%d for %s, waiting %v before next attempt (endpoint: %s)", - attempt+1, maxRetries, reason, delay, endpoint) -} - -// kiroHTTPClientPool provides a shared HTTP client with connection pooling for Kiro API. -// This reduces connection overhead and improves performance for concurrent requests. -// Based on kiro2Api's connection pooling pattern. -var ( - kiroHTTPClientPool *http.Client - kiroHTTPClientPoolOnce sync.Once -) - -// getKiroPooledHTTPClient returns a shared HTTP client with optimized connection pooling. -// The client is lazily initialized on first use and reused across requests. -// This is especially beneficial for: -// - Reducing TCP handshake overhead -// - Enabling HTTP/2 multiplexing -// - Better handling of keep-alive connections -func getKiroPooledHTTPClient() *http.Client { - kiroHTTPClientPoolOnce.Do(func() { - transport := &http.Transport{ - // Connection pool settings - MaxIdleConns: 100, // Max idle connections across all hosts - MaxIdleConnsPerHost: 20, // Max idle connections per host - MaxConnsPerHost: 50, // Max total connections per host - IdleConnTimeout: 90 * time.Second, // How long idle connections stay in pool - - // Timeouts for connection establishment - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, // TCP connection timeout - KeepAlive: 30 * time.Second, // TCP keep-alive interval - }).DialContext, - - // TLS handshake timeout - TLSHandshakeTimeout: 10 * time.Second, - - // Response header timeout - ResponseHeaderTimeout: 30 * time.Second, - - // Expect 100-continue timeout - ExpectContinueTimeout: 1 * time.Second, - - // Enable HTTP/2 when available - ForceAttemptHTTP2: true, - } - - kiroHTTPClientPool = &http.Client{ - Transport: transport, - // No global timeout - let individual requests set their own timeouts via context - } - - log.Debugf("kiro: initialized pooled HTTP client (MaxIdleConns=%d, MaxIdleConnsPerHost=%d, MaxConnsPerHost=%d)", - transport.MaxIdleConns, transport.MaxIdleConnsPerHost, transport.MaxConnsPerHost) - }) - - return kiroHTTPClientPool -} - -// newKiroHTTPClientWithPooling creates an HTTP client that uses connection pooling when appropriate. -// It respects proxy configuration from auth or config, falling back to the pooled client. -// This provides the best of both worlds: custom proxy support + connection reuse. -func newKiroHTTPClientWithPooling(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - // Check if a proxy is configured - if so, we need a custom client - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // If proxy is configured, use the existing proxy-aware client (doesn't pool) - if proxyURL != "" { - log.Debugf("kiro: using proxy-aware HTTP client (proxy=%s)", proxyURL) - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) - } - - // No proxy - use pooled client for better performance - pooledClient := getKiroPooledHTTPClient() - - // If timeout is specified, we need to wrap the pooled transport with timeout - if timeout > 0 { - return &http.Client{ - Transport: pooledClient.Transport, - Timeout: timeout, - } - } - - return pooledClient -} - -// kiroEndpointConfig bundles endpoint URL with its compatible Origin and AmzTarget values. -// This solves the "triple mismatch" problem where different endpoints require matching -// Origin and X-Amz-Target header values. -// -// Based on reference implementations: -// - amq2api-main: Uses Amazon Q endpoint with CLI origin and AmazonQDeveloperStreamingService target -// - AIClient-2-API: Uses CodeWhisperer endpoint with AI_EDITOR origin and AmazonCodeWhispererStreamingService target -type kiroEndpointConfig struct { - URL string // Endpoint URL - Origin string // Request Origin: "CLI" for Amazon Q quota, "AI_EDITOR" for Kiro IDE quota - AmzTarget string // X-Amz-Target header value - Name string // Endpoint name for logging -} - -// kiroDefaultRegion is the default AWS region for Kiro API endpoints. -// Used when no region is specified in auth metadata. -const kiroDefaultRegion = "us-east-1" - -// extractRegionFromProfileARN extracts the AWS region from a ProfileARN. -// ARN format: arn:aws:codewhisperer:REGION:ACCOUNT:profile/PROFILE_ID -// Returns empty string if region cannot be extracted. -func extractRegionFromProfileARN(profileArn string) string { - if profileArn == "" { - return "" - } - parts := strings.Split(profileArn, ":") - if len(parts) >= 4 && parts[3] != "" { - return parts[3] - } - return "" -} - -// buildKiroEndpointConfigs creates endpoint configurations for the specified region. -// This enables dynamic region support for Enterprise/IdC users in non-us-east-1 regions. -// -// Uses Q endpoint (q.{region}.amazonaws.com) as primary for ALL auth types: -// - Works universally across all AWS regions (CodeWhisperer endpoint only exists in us-east-1) -// - Uses /generateAssistantResponse path with AI_EDITOR origin -// - Does NOT require X-Amz-Target header -// -// The AmzTarget field is kept for backward compatibility but should be empty -// to indicate that the header should NOT be set. -func buildKiroEndpointConfigs(region string) []kiroEndpointConfig { - if region == "" { - region = kiroDefaultRegion - } - return []kiroEndpointConfig{ - { - // Primary: Q endpoint - works for all regions and auth types - URL: fmt.Sprintf("https://q.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "", // Empty = don't set X-Amz-Target header - Name: "AmazonQ", - }, - { - // Fallback: CodeWhisperer endpoint (legacy, only works in us-east-1) - URL: fmt.Sprintf("https://codewhisperer.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "AmazonCodeWhispererStreamingService.GenerateAssistantResponse", - Name: "CodeWhisperer", - }, - } -} - -// resolveKiroAPIRegion determines the AWS region for Kiro API calls. -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func resolveKiroAPIRegion(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return kiroDefaultRegion - } - // Priority 1: Explicit api_region override - if r, ok := auth.Metadata["api_region"].(string); ok && r != "" { - log.Debugf("kiro: using region %s (source: api_region)", r) - return r - } - // Priority 2: Extract from ProfileARN - if profileArn, ok := auth.Metadata["profile_arn"].(string); ok && profileArn != "" { - if arnRegion := extractRegionFromProfileARN(profileArn); arnRegion != "" { - log.Debugf("kiro: using region %s (source: profile_arn)", arnRegion) - return arnRegion - } - } - // Note: OIDC "region" field is NOT used for API endpoint - // Kiro API only exists in us-east-1, while OIDC region can vary (e.g., ap-northeast-2) - // Using OIDC region for API calls causes DNS failures - log.Debugf("kiro: using region %s (source: default)", kiroDefaultRegion) - return kiroDefaultRegion -} - -// kiroEndpointConfigs is kept for backward compatibility with default us-east-1 region. -// Prefer using buildKiroEndpointConfigs(region) for dynamic region support. -var kiroEndpointConfigs = buildKiroEndpointConfigs(kiroDefaultRegion) - -// getKiroEndpointConfigs returns the list of Kiro API endpoint configurations to try in order. -// Supports dynamic region based on auth metadata "api_region", "profile_arn", or "region" field. -// Supports reordering based on "preferred_endpoint" in auth metadata/attributes. -// -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig { - if auth == nil { - return kiroEndpointConfigs - } - - // Determine API region using shared resolution logic - region := resolveKiroAPIRegion(auth) - - // Build endpoint configs for the specified region - endpointConfigs := buildKiroEndpointConfigs(region) - - // For IDC auth, use Q endpoint with AI_EDITOR origin - // IDC tokens work with Q endpoint using Bearer auth - // The difference is only in how tokens are refreshed (OIDC with clientId/clientSecret for IDC) - // NOT in how API calls are made - both Social and IDC use the same endpoint/origin - if auth.Metadata != nil { - authMethod, _ := auth.Metadata["auth_method"].(string) - if strings.ToLower(authMethod) == "idc" { - log.Debugf("kiro: IDC auth, using Q endpoint (region: %s)", region) - return endpointConfigs - } - } - - // Check for preference - var preference string - if auth.Metadata != nil { - if p, ok := auth.Metadata["preferred_endpoint"].(string); ok { - preference = p - } - } - // Check attributes as fallback (e.g. from HTTP headers) - if preference == "" && auth.Attributes != nil { - preference = auth.Attributes["preferred_endpoint"] - } - - if preference == "" { - return endpointConfigs - } - - preference = strings.ToLower(strings.TrimSpace(preference)) - - // Create new slice to avoid modifying global state - var sorted []kiroEndpointConfig - var remaining []kiroEndpointConfig - - for _, cfg := range endpointConfigs { - name := strings.ToLower(cfg.Name) - // Check for matches - // CodeWhisperer aliases: codewhisperer, ide - // AmazonQ aliases: amazonq, q, cli - isMatch := false - if (preference == "codewhisperer" || preference == "ide") && name == "codewhisperer" { - isMatch = true - } else if (preference == "amazonq" || preference == "q" || preference == "cli") && name == "amazonq" { - isMatch = true - } - - if isMatch { - sorted = append(sorted, cfg) - } else { - remaining = append(remaining, cfg) - } - } - - // If preference didn't match anything, return default - if len(sorted) == 0 { - return endpointConfigs - } - - // Combine: preferred first, then others - return append(sorted, remaining...) -} - -// KiroExecutor handles requests to AWS CodeWhisperer (Kiro) API. -type KiroExecutor struct { - cfg *config.Config - refreshMu sync.Mutex // Serializes token refresh operations to prevent race conditions -} - -// isIDCAuth checks if the auth uses IDC (Identity Center) authentication method. -func isIDCAuth(auth *cliproxyauth.Auth) bool { - if auth == nil || auth.Metadata == nil { - return false - } - authMethod, _ := auth.Metadata["auth_method"].(string) - return strings.ToLower(authMethod) == "idc" -} - -// buildKiroPayloadForFormat builds the Kiro API payload based on the source format. -// This is critical because OpenAI and Claude formats have different tool structures: -// - OpenAI: tools[].function.name, tools[].function.description -// - Claude: tools[].name, tools[].description -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// Returns the serialized JSON payload and a boolean indicating whether thinking mode was injected. -func buildKiroPayloadForFormat(body []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, sourceFormat sdktranslator.Format, headers http.Header) ([]byte, bool) { - switch sourceFormat.String() { - case "openai": - log.Debugf("kiro: using OpenAI payload builder for source format: %s", sourceFormat.String()) - return kiroopenai.BuildKiroPayloadFromOpenAI(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - case "kiro": - // Body is already in Kiro format — pass through directly - log.Debugf("kiro: body already in Kiro format, passing through directly") - return sanitizeKiroPayload(body), false - default: - // Default to Claude format - log.Debugf("kiro: using Claude payload builder for source format: %s", sourceFormat.String()) - return kiroclaude.BuildKiroPayload(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - } -} - -func sanitizeKiroPayload(body []byte) []byte { - var payload map[string]any - if err := json.Unmarshal(body, &payload); err != nil { - return body - } - if _, exists := payload["user"]; !exists { - return body - } - delete(payload, "user") - sanitized, err := json.Marshal(payload) - if err != nil { - return body - } - return sanitized -} - -// NewKiroExecutor creates a new Kiro executor instance. -func NewKiroExecutor(cfg *config.Config) *KiroExecutor { - return &KiroExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiroExecutor) Identifier() string { return "kiro" } - -// applyDynamicFingerprint applies token-specific fingerprint headers to the request -// For IDC auth, uses dynamic fingerprint-based User-Agent -// For other auth types, uses static Amazon Q CLI style headers -func applyDynamicFingerprint(req *http.Request, auth *cliproxyauth.Auth) { - if isIDCAuth(auth) { - // Get token-specific fingerprint for dynamic UA generation - tokenKey := getTokenKey(auth) - fp := getGlobalFingerprintManager().GetFingerprint(tokenKey) - - // Use fingerprint-generated dynamic User-Agent - req.Header.Set("User-Agent", fp.BuildUserAgent()) - req.Header.Set("X-Amz-User-Agent", fp.BuildAmzUserAgent()) - req.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - - log.Debugf("kiro: using dynamic fingerprint for token %s (SDK:%s, OS:%s/%s, Kiro:%s)", - tokenKey[:8]+"...", fp.SDKVersion, fp.OSType, fp.OSVersion, fp.KiroVersion) - } else { - // Use static Amazon Q CLI style headers for non-IDC auth - req.Header.Set("User-Agent", kiroUserAgent) - req.Header.Set("X-Amz-User-Agent", kiroFullUserAgent) - } -} - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiroExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiroCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(req, auth) - - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Kiro credentials into the request and executes it. -func (e *KiroExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kiro executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// getTokenKey returns a unique key for rate limiting based on auth credentials. -// Uses auth ID if available, otherwise falls back to a hash of the access token. -func getTokenKey(auth *cliproxyauth.Auth) string { - if auth != nil && auth.ID != "" { - return auth.ID - } - accessToken, _ := kiroCredentials(auth) - if len(accessToken) > 16 { - return accessToken[:16] - } - return accessToken -} - -// Execute sends the request to Kiro API and returns the response. -// Supports automatic token refresh on 401/403 errors. -func (e *KiroExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return resp, fmt.Errorf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh), expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request (non-stream), routing to MCP endpoint") - return e.handleWebSearch(ctx, auth, req, opts, accessToken, profileArn) - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeWithRetry for each endpoint - resp, err = e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, to, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} - -// executeWithRetry performs the actual HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, body []byte, from, to sdktranslator.Format, reporter *usageReporter, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (cliproxyexecutor.Response, error) { - var resp cliproxyexecutor.Response - var kiroPayload []byte - var currentOrigin string - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first request (not on retries) - // This mimics natural user behavior patterns - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return resp, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - // Avoid hard client-side timeout for event-stream responses; let request - // context drive cancellation to prevent premature prelude read failures. - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - // Check for context cancellation first - client disconnected, not a server error - // Use 499 (Client Closed Request - nginx convention) instead of 500 - if errors.Is(err, context.Canceled) { - log.Debugf("kiro: request canceled by client (context.Canceled)") - return resp, statusErr{code: 499, msg: "client canceled request"} - } - - // Check for context deadline exceeded - request timed out - // Return 504 Gateway Timeout instead of 500 - if errors.Is(err, context.DeadlineExceeded) { - log.Debugf("kiro: request timed out (context.DeadlineExceeded)") - return resp, statusErr{code: http.StatusGatewayTimeout, msg: "upstream request timed out"} - } - - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: server error %d after %d retries", httpResp.StatusCode, maxRetries) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro request error, status: 401, body: %s", summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - respBodyStr := string(respBody) - - // Check for SUSPENDED status - return immediately without retry - if strings.Contains(respBodyStr, "SUSPENDED") || strings.Contains(respBodyStr, "TEMPORARILY_SUSPENDED") { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return resp, statusErr{code: httpResp.StatusCode, msg: "account suspended: " + string(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro request error, status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - content, toolUses, usageInfo, stopReason, err := e.parseEventStream(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - - // Fallback for usage if missing from upstream - - // 1. Estimate InputTokens if missing - if usageInfo.InputTokens == 0 { - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if inp, countErr := countOpenAIChatTokens(enc, opts.OriginalRequest); countErr == nil { - usageInfo.InputTokens = inp - } - } - } - - // 2. Estimate OutputTokens if missing and content is available - if usageInfo.OutputTokens == 0 && len(content) > 0 { - // Use tiktoken for more accurate output token calculation - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if tokenCount, countErr := enc.Count(content); countErr == nil { - usageInfo.OutputTokens = int64(tokenCount) - } - } - // Fallback to character count estimation if tiktoken fails - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = int64(len(content) / 4) - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = 1 - } - } - } - - // 3. Update TotalTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - appendAPIResponseChunk(ctx, e.cfg, []byte(content)) - reporter.publish(ctx, usageInfo) - - // Record success for rate limiting - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: request successful, token %s marked as success", tokenKey) - - // Build response in Claude format for Kiro translator - // stopReason is extracted from upstream response by parseEventStream - requestedModel := payloadRequestedModel(opts, req.Model) - kiroResponse := kiroclaude.BuildClaudeResponse(content, toolUses, requestedModel, usageInfo, stopReason) - out := sdktranslator.TranslateNonStream(ctx, to, from, requestedModel, bytes.Clone(opts.OriginalRequest), body, kiroResponse, nil) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return resp, last429Err - } - return resp, fmt.Errorf("kiro: all endpoints exhausted") -} - -// ExecuteStream handles streaming requests to Kiro API. -// Supports automatic token refresh on 401/403 errors and quota fallback on 429. -func (e *KiroExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return nil, fmt.Errorf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: stream waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: stream rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery before stream request") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh) for stream, expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh for stream", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before stream request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request, routing to MCP endpoint") - streamWebSearch, errWebSearch := e.handleWebSearchStream(ctx, auth, req, opts, accessToken, profileArn) - if errWebSearch != nil { - return nil, errWebSearch - } - return &cliproxyexecutor.StreamResult{Chunks: streamWebSearch}, nil - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute stream with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeStreamWithRetry for each endpoint - streamKiro, errStreamKiro := e.executeStreamWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey) - if errStreamKiro != nil { - return nil, errStreamKiro - } - return &cliproxyexecutor.StreamResult{Chunks: streamKiro}, nil -} - -// executeStreamWithRetry performs the streaming HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeStreamWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, body []byte, from sdktranslator.Format, reporter *usageReporter, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (<-chan cliproxyexecutor.StreamChunk, error) { - var currentOrigin string - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, thinkingEnabled := buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: stream trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first streaming request (not on retries) - // This mimics natural user behavior patterns - // Note: Delay is NOT applied during streaming response - only before initial request - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return nil, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry for streaming: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: stream rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: stream %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: stream server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: stream server error %d after %d retries", httpResp.StatusCode, maxRetries) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 400 errors - Credential/Validation issues - // Do NOT switch endpoints - return error immediately - if httpResp.StatusCode == 400 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 400 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // 400 errors indicate request validation issues - return immediately without retry - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying stream request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro stream error, status: 401, body: %s", string(respBody)) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: stream received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, string(respBody)) - - respBodyStr := string(respBody) - - // Check for SUSPENDED status - return immediately without retry - if strings.Contains(respBodyStr, "SUSPENDED") || strings.Contains(respBodyStr, "TEMPORARILY_SUSPENDED") { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: stream account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return nil, statusErr{code: httpResp.StatusCode, msg: "account suspended: " + string(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying stream request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro stream error, status: %d, body: %s", httpResp.StatusCode, string(b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - - // Record success immediately since connection was established successfully - // Streaming errors will be handled separately - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: stream request successful, token %s marked as success", tokenKey) - - go func(resp *http.Response, thinkingEnabled bool) { - defer close(out) - defer func() { - if r := recover(); r != nil { - log.Errorf("kiro: panic in stream handler: %v", r) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("internal error: %v", r)} - } - }() - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // Kiro API always returns tags regardless of request parameters - // So we always enable thinking parsing for Kiro responses - log.Debugf("kiro: stream thinkingEnabled = %v (always true for Kiro)", thinkingEnabled) - - e.streamToChannel(ctx, resp.Body, out, from, payloadRequestedModel(opts, req.Model), opts.OriginalRequest, body, reporter, thinkingEnabled) - }(httpResp, thinkingEnabled) - - return out, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return nil, last429Err - } - return nil, fmt.Errorf("kiro: stream all endpoints exhausted") -} - -// kiroCredentials extracts access token and profile ARN from auth. -func kiroCredentials(auth *cliproxyauth.Auth) (accessToken, profileArn string) { - if auth == nil { - return "", "" - } - - // Try Metadata first (wrapper format) - if auth.Metadata != nil { - if token, ok := auth.Metadata["access_token"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profile_arn"].(string); ok { - profileArn = arn - } - } - - // Try Attributes - if accessToken == "" && auth.Attributes != nil { - accessToken = auth.Attributes["access_token"] - profileArn = auth.Attributes["profile_arn"] - } - - // Try direct fields from flat JSON format (new AWS Builder ID format) - if accessToken == "" && auth.Metadata != nil { - if token, ok := auth.Metadata["accessToken"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profileArn"].(string); ok { - profileArn = arn - } - } - - return accessToken, profileArn -} - -// findRealThinkingEndTag finds the real end tag, skipping false positives. -// Returns -1 if no real end tag is found. -// -// Real tags from Kiro API have specific characteristics: -// - Usually preceded by newline (.\n) -// - Usually followed by newline (\n\n) -// - Not inside code blocks or inline code -// -// False positives (discussion text) have characteristics: -// - In the middle of a sentence -// - Preceded by discussion words like "标签", "tag", "returns" -// - Inside code blocks or inline code -// -// Parameters: -// - content: the content to search in -// - alreadyInCodeBlock: whether we're already inside a code block from previous chunks -// - alreadyInInlineCode: whether we're already inside inline code from previous chunks - -// determineAgenticMode determines if the model is an agentic or chat-only variant. -// Returns (isAgentic, isChatOnly) based on model name suffixes. -func determineAgenticMode(model string) (isAgentic, isChatOnly bool) { - isAgentic = strings.HasSuffix(model, "-agentic") - isChatOnly = strings.HasSuffix(model, "-chat") - return isAgentic, isChatOnly -} - -func getMetadataString(metadata map[string]any, keys ...string) string { - if metadata == nil { - return "" - } - for _, key := range keys { - if value, ok := metadata[key].(string); ok { - trimmed := strings.TrimSpace(value) - if trimmed != "" { - return trimmed - } - } - } - return "" -} - -// getEffectiveProfileArn determines if profileArn should be included based on auth method. -// profileArn is only needed for social auth (Google OAuth), not for AWS SSO OIDC (Builder ID/IDC). -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) - -// getEffectiveProfileArnWithWarning determines if profileArn should be included based on auth method, -// and logs a warning if profileArn is missing for non-builder-id auth. -// This consolidates the auth_method check that was previously done separately. -// -// AWS SSO OIDC (Builder ID/IDC) users don't need profileArn - sending it causes 403 errors. -// Only Kiro Desktop (social auth like Google/GitHub) users need profileArn. -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) -func getEffectiveProfileArnWithWarning(auth *cliproxyauth.Auth, profileArn string) string { - if auth != nil && auth.Metadata != nil { - // Check 1: auth_method field (from CLIProxyAPI tokens) - authMethod := strings.ToLower(getMetadataString(auth.Metadata, "auth_method", "authMethod")) - if authMethod == "builder-id" || authMethod == "idc" { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 2: auth_type field (from kiro-cli tokens) - if authType, ok := auth.Metadata["auth_type"].(string); ok && authType == "aws_sso_oidc" { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 3: client_id + client_secret presence (AWS SSO OIDC signature, like kiro-openai-gateway) - clientID := getMetadataString(auth.Metadata, "client_id", "clientId") - clientSecret := getMetadataString(auth.Metadata, "client_secret", "clientSecret") - if clientID != "" && clientSecret != "" { - return "" // AWS SSO OIDC - don't include profileArn - } - } - // For social auth (Kiro Desktop), profileArn is required - if profileArn == "" { - log.Warnf("kiro: profile ARN not found in auth, API calls may fail") - } - return profileArn -} - -// mapModelToKiro maps external model names to Kiro model IDs. -// Supports both Kiro and Amazon Q prefixes since they use the same API. -// Agentic variants (-agentic suffix) map to the same backend model IDs. -func (e *KiroExecutor) mapModelToKiro(model string) string { - modelMap := map[string]string{ - // Amazon Q format (amazonq- prefix) - same API as Kiro - "amazonq-auto": "auto", - "amazonq-claude-opus-4-6": "claude-opus-4.6", - "amazonq-claude-sonnet-4-6": "claude-sonnet-4.6", - "amazonq-claude-opus-4-5": "claude-opus-4.5", - "amazonq-claude-sonnet-4-5": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4": "claude-sonnet-4", - "amazonq-claude-sonnet-4-20250514": "claude-sonnet-4", - "amazonq-claude-haiku-4-5": "claude-haiku-4.5", - // Kiro format (kiro- prefix) - valid model names that should be preserved - "kiro-claude-opus-4-6": "claude-opus-4.6", - "kiro-claude-sonnet-4-6": "claude-sonnet-4.6", - "kiro-claude-opus-4-5": "claude-opus-4.5", - "kiro-claude-sonnet-4-5": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "kiro-claude-sonnet-4": "claude-sonnet-4", - "kiro-claude-sonnet-4-20250514": "claude-sonnet-4", - "kiro-claude-haiku-4-5": "claude-haiku-4.5", - "kiro-auto": "auto", - // Native format (no prefix) - used by Kiro IDE directly - "claude-opus-4-6": "claude-opus-4.6", - "claude-opus-4.6": "claude-opus-4.6", - "claude-sonnet-4-6": "claude-sonnet-4.6", - "claude-sonnet-4.6": "claude-sonnet-4.6", - "claude-opus-4-5": "claude-opus-4.5", - "claude-opus-4.5": "claude-opus-4.5", - "claude-haiku-4-5": "claude-haiku-4.5", - "claude-haiku-4.5": "claude-haiku-4.5", - "claude-sonnet-4-5": "claude-sonnet-4.5", - "claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "claude-sonnet-4.5": "claude-sonnet-4.5", - "claude-sonnet-4": "claude-sonnet-4", - "claude-sonnet-4-20250514": "claude-sonnet-4", - "auto": "auto", - // Agentic variants (same backend model IDs, but with special system prompt) - "claude-opus-4.6-agentic": "claude-opus-4.6", - "claude-sonnet-4.6-agentic": "claude-sonnet-4.6", - "claude-opus-4.5-agentic": "claude-opus-4.5", - "claude-sonnet-4.5-agentic": "claude-sonnet-4.5", - "claude-sonnet-4-agentic": "claude-sonnet-4", - "claude-haiku-4.5-agentic": "claude-haiku-4.5", - "kiro-claude-opus-4-6-agentic": "claude-opus-4.6", - "kiro-claude-sonnet-4-6-agentic": "claude-sonnet-4.6", - "kiro-claude-opus-4-5-agentic": "claude-opus-4.5", - "kiro-claude-sonnet-4-5-agentic": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-agentic": "claude-sonnet-4", - "kiro-claude-haiku-4-5-agentic": "claude-haiku-4.5", - } - if kiroID, ok := modelMap[model]; ok { - return kiroID - } - - // Smart fallback: try to infer model type from name patterns - modelLower := strings.ToLower(model) - - // Check for Haiku variants - if strings.Contains(modelLower, "haiku") { - log.Debug("kiro: unknown haiku variant, mapping to claude-haiku-4.5") - return "claude-haiku-4.5" - } - - // Check for Sonnet variants - if strings.Contains(modelLower, "sonnet") { - // Check for specific version patterns - if strings.Contains(modelLower, "3-7") || strings.Contains(modelLower, "3.7") { - log.Debug("kiro: unknown sonnet 3.7 variant, mapping to claude-3-7-sonnet-20250219") - return "claude-3-7-sonnet-20250219" - } - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debug("kiro: unknown sonnet 4.6 variant, mapping to claude-sonnet-4.6") - return "claude-sonnet-4.6" - } - if strings.Contains(modelLower, "4-5") || strings.Contains(modelLower, "4.5") { - log.Debug("kiro: unknown Sonnet 4.5 model, mapping to claude-sonnet-4.5") - return "claude-sonnet-4.5" - } - } - - // Check for Opus variants - if strings.Contains(modelLower, "opus") { - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debug("kiro: unknown Opus 4.6 model, mapping to claude-opus-4.6") - return "claude-opus-4.6" - } - log.Debug("kiro: unknown opus variant, mapping to claude-opus-4.5") - return "claude-opus-4.5" - } - - // Final fallback to Sonnet 4.5 (most commonly used model) - log.Warn("kiro: unknown model variant, falling back to claude-sonnet-4.5") - return "claude-sonnet-4.5" -} - -func kiroModelFingerprint(model string) string { - trimmed := strings.TrimSpace(model) - if trimmed == "" { - return "" - } - sum := sha256.Sum256([]byte(trimmed)) - return hex.EncodeToString(sum[:8]) -} - -// EventStreamError represents an Event Stream processing error -type EventStreamError struct { - Type string // "fatal", "malformed" - Message string - Cause error -} - -func (e *EventStreamError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("event stream %s: %s: %v", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("event stream %s: %s", e.Type, e.Message) -} - -// eventStreamMessage represents a parsed AWS Event Stream message -type eventStreamMessage struct { - EventType string // Event type from headers (e.g., "assistantResponseEvent") - Payload []byte // JSON payload of the message -} - -// NOTE: Request building functions moved to pkg/llmproxy/translator/kiro/claude/kiro_claude_request.go -// The executor now uses kiroclaude.BuildKiroPayload() instead - -// parseEventStream parses AWS Event Stream binary format. -// Extracts text content, tool uses, and stop_reason from the response. -// Supports embedded [Called ...] tool calls and input buffering for toolUseEvent. -// Returns: content, toolUses, usageInfo, stopReason, error -func (e *KiroExecutor) parseEventStream(body io.Reader) (string, []kiroclaude.KiroToolUse, usage.Detail, string, error) { - var content strings.Builder - var toolUses []kiroclaude.KiroToolUse - var usageInfo usage.Detail - var stopReason string // Extracted from upstream response - reader := bufio.NewReader(body) - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - - for { - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - log.Errorf("kiro: parseEventStream error: %v", eventErr) - return content.String(), toolUses, usageInfo, stopReason, eventErr - } - if msg == nil { - // Normal end of stream (EOF) - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Debugf("kiro: skipping malformed event: %v", err) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in event stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s - %s", errType, errMsg) - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s", errMsg) - } - - // Extract stop_reason from various event formats - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason (top-level): %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason (top-level): %s", stopReason) - } - - // Handle different event types - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: parseEventStream ignoring followupPrompt event") - continue - - case "assistantResponseEvent": - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if contentText, ok := assistantResp["content"].(string); ok { - content.WriteString(contentText) - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in assistantResponseEvent: %s", stopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in assistantResponseEvent: %s", stopReason) - } - // Extract tool uses from response - if toolUsesRaw, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use from assistantResponse: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - } - // Also try direct format - if contentText, ok := event["content"].(string); ok { - content.WriteString(contentText) - } - // Direct tool uses - if toolUsesRaw, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate direct tool use: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - toolUses = append(toolUses, completedToolUses...) - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in messageStopEvent: %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in messageStopEvent: %s", stopReason) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Infof("kiro: parseEventStream found precise outputTokens in tokenUsage: %d", usageInfo.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Infof("kiro: parseEventStream found precise totalTokens in tokenUsage: %d", usageInfo.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - usageInfo.InputTokens = int64(uncachedInputTokens) - log.Infof("kiro: parseEventStream found uncachedInputTokens in tokenUsage: %d", usageInfo.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if usageInfo.InputTokens > 0 { - usageInfo.InputTokens += int64(cacheReadTokens) - } else { - usageInfo.InputTokens = int64(cacheReadTokens) - } - log.Debugf("kiro: parseEventStream found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in messageMetadataEvent: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in messageMetadataEvent: %d", usageInfo.OutputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in messageMetadataEvent: %d", usageInfo.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in usageEvent: %d", usageInfo.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in usageEvent: %d", usageInfo.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in usageEvent: %d", usageInfo.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: parseEventStream found usage object: input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: parseEventStream found metricsEvent: input=%d, output=%d", - usageInfo.InputTokens, usageInfo.OutputTokens) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - log.Infof("kiro: parseEventStream received meteringEvent: usage=%.2f %s", usageVal, unit) - // Store metering info for potential billing/statistics purposes - // Note: This is separate from token counts - it's AWS billing units - } else { - // Try direct fields - unit := "" - if u, ok := event["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := event["usage"].(float64); ok { - usageVal = u - } - if unit != "" || usageVal > 0 { - log.Infof("kiro: parseEventStream received meteringEvent (direct): usage=%.2f %s", usageVal, unit) - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException", "invalidStateEvent": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } - - // Check for specific error reasons - if reason, ok := event["reason"].(string); ok { - errMsg = fmt.Sprintf("%s (reason: %s)", errMsg, reason) - } - - log.Errorf("kiro: parseEventStream received error event: type=%s, message=%s", errType, errMsg) - - // For invalidStateEvent, we may want to continue processing other events - if eventType == "invalidStateEvent" { - log.Warnf("kiro: invalidStateEvent received, continuing stream processing") - continue - } - - // For other errors, return the error - if errMsg != "" { - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error (%s): %s", errType, errMsg) - } - - default: - // Check for contextUsagePercentage in any event - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received context usage: %.2f%%", upstreamContextPercentage) - } - // Log unknown event types for debugging (to discover new event formats) - log.Debugf("kiro: parseEventStream unknown event type: %s, payload: %s", eventType, string(payload)) - } - - // Check for direct token fields in any event (fallback) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found direct inputTokens: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found direct outputTokens: %d", usageInfo.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if usageInfo.InputTokens == 0 || usageInfo.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if usageInfo.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: parseEventStream found usage object (fallback): input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - } - - // Also check nested supplementaryWebLinksEvent - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - } - - // Parse embedded tool calls from content (e.g., [Called tool_name with args: {...}]) - contentStr := content.String() - cleanedContent, embeddedToolUses := kiroclaude.ParseEmbeddedToolCalls(contentStr, processedIDs) - toolUses = append(toolUses, embeddedToolUses...) - - // Deduplicate all tool uses - toolUses = kiroclaude.DeduplicateToolUses(toolUses) - - // Apply fallback logic for stop_reason if not provided by upstream - // Priority: upstream stopReason > tool_use detection > end_turn default - if stopReason == "" { - if len(toolUses) > 0 { - stopReason = "tool_use" - log.Debugf("kiro: parseEventStream using fallback stop_reason: tool_use (detected %d tool uses)", len(toolUses)) - } else { - stopReason = "end_turn" - log.Debugf("kiro: parseEventStream using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit") - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - if upstreamContextPercentage > 0 { - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - if calculatedInputTokens > 0 { - localEstimate := usageInfo.InputTokens - usageInfo.InputTokens = calculatedInputTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - log.Infof("kiro: parseEventStream using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - return cleanedContent, toolUses, usageInfo, stopReason, nil -} - -// readEventStreamMessage reads and validates a single AWS Event Stream message. -// Returns the parsed message or a structured error for different failure modes. -// This function implements boundary protection and detailed error classification. -// -// AWS Event Stream binary format: -// - Prelude (12 bytes): total_length (4) + headers_length (4) + prelude_crc (4) -// - Headers (variable): header entries -// - Payload (variable): JSON data -// - Message CRC (4 bytes): CRC32C of entire message (not validated, just skipped) -func (e *KiroExecutor) readEventStreamMessage(reader *bufio.Reader) (*eventStreamMessage, *EventStreamError) { - // Read prelude (first 12 bytes: total_len + headers_len + prelude_crc) - prelude := make([]byte, 12) - _, err := io.ReadFull(reader, prelude) - if err == io.EOF { - return nil, nil // Normal end of stream - } - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read prelude", - Cause: err, - } - } - - totalLength := binary.BigEndian.Uint32(prelude[0:4]) - headersLength := binary.BigEndian.Uint32(prelude[4:8]) - // Note: prelude[8:12] is prelude_crc - we read it but don't validate (no CRC check per requirements) - - // Boundary check: minimum frame size - if totalLength < minEventStreamFrameSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("invalid message length: %d (minimum is %d)", totalLength, minEventStreamFrameSize), - } - } - - // Boundary check: maximum message size - if totalLength > maxEventStreamMsgSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("message too large: %d bytes (maximum is %d)", totalLength, maxEventStreamMsgSize), - } - } - - // Boundary check: headers length within message bounds - // Message structure: prelude(12) + headers(headersLength) + payload + message_crc(4) - // So: headersLength must be <= totalLength - 16 (12 for prelude + 4 for message_crc) - if headersLength > totalLength-16 { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("headers length %d exceeds message bounds (total: %d)", headersLength, totalLength), - } - } - - // Read the rest of the message (total - 12 bytes already read) - remaining := make([]byte, totalLength-12) - _, err = io.ReadFull(reader, remaining) - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read message body", - Cause: err, - } - } - - // Extract event type from headers - // Headers start at beginning of 'remaining', length is headersLength - var eventType string - if headersLength > 0 && headersLength <= uint32(len(remaining)) { - eventType = e.extractEventTypeFromBytes(remaining[:headersLength]) - } - - // Calculate payload boundaries - // Payload starts after headers, ends before message_crc (last 4 bytes) - payloadStart := headersLength - payloadEnd := uint32(len(remaining)) - 4 // Skip message_crc at end - - // Validate payload boundaries - if payloadStart >= payloadEnd { - // No payload, return empty message - return &eventStreamMessage{ - EventType: eventType, - Payload: nil, - }, nil - } - - payload := remaining[payloadStart:payloadEnd] - - return &eventStreamMessage{ - EventType: eventType, - Payload: payload, - }, nil -} - -func skipEventStreamHeaderValue(headers []byte, offset int, valueType byte) (int, bool) { - switch valueType { - case 0, 1: // bool true / bool false - return offset, true - case 2: // byte - if offset+1 > len(headers) { - return offset, false - } - return offset + 1, true - case 3: // short - if offset+2 > len(headers) { - return offset, false - } - return offset + 2, true - case 4: // int - if offset+4 > len(headers) { - return offset, false - } - return offset + 4, true - case 5: // long - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 6: // byte array (2-byte length + data) - if offset+2 > len(headers) { - return offset, false - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - return offset, false - } - return offset + valueLen, true - case 8: // timestamp - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 9: // uuid - if offset+16 > len(headers) { - return offset, false - } - return offset + 16, true - default: - return offset, false - } -} - -// extractEventTypeFromBytes extracts the event type from raw header bytes (without prelude CRC prefix) -func (e *KiroExecutor) extractEventTypeFromBytes(headers []byte) string { - offset := 0 - for offset < len(headers) { - nameLen := int(headers[offset]) - offset++ - if offset+nameLen > len(headers) { - break - } - name := string(headers[offset : offset+nameLen]) - offset += nameLen - - if offset >= len(headers) { - break - } - valueType := headers[offset] - offset++ - - if valueType == 7 { // String type - if offset+2 > len(headers) { - break - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - break - } - value := string(headers[offset : offset+valueLen]) - offset += valueLen - - if name == ":event-type" { - return value - } - continue - } - - nextOffset, ok := skipEventStreamHeaderValue(headers, offset, valueType) - if !ok { - break - } - offset = nextOffset - } - return "" -} - -// NOTE: Response building functions moved to pkg/llmproxy/translator/kiro/claude/kiro_claude_response.go -// The executor now uses kiroclaude.BuildClaudeResponse() and kiroclaude.ExtractThinkingFromContent() instead - -// streamToChannel converts AWS Event Stream to channel-based streaming. -// Supports tool calling - emits tool_use content blocks when tools are used. -// Includes embedded [Called ...] tool call parsing and input buffering for toolUseEvent. -// Implements duplicate content filtering using lastContentEvent detection (based on AIClient-2-API). -// Extracts stop_reason from upstream events when available. -// thinkingEnabled controls whether tags are parsed - only parse when request enabled thinking. -func (e *KiroExecutor) streamToChannel(ctx context.Context, body io.Reader, out chan<- cliproxyexecutor.StreamChunk, targetFormat sdktranslator.Format, model string, originalReq, claudeBody []byte, reporter *usageReporter, thinkingEnabled bool) { - reader := bufio.NewReaderSize(body, 20*1024*1024) // 20MB buffer to match other providers - var totalUsage usage.Detail - var hasToolUses bool // Track if any tool uses were emitted - var hasTruncatedTools bool // Track if any tool uses were truncated - var upstreamStopReason string // Track stop_reason from upstream events - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // NOTE: Duplicate content filtering removed - it was causing legitimate repeated - // content (like consecutive newlines) to be incorrectly filtered out. - // The previous implementation compared lastContentEvent == contentDelta which - // is too aggressive for streaming scenarios. - - // Streaming token calculation - accumulate content for real-time token counting - // Based on AIClient-2-API implementation - var accumulatedContent strings.Builder - accumulatedContent.Grow(4096) // Pre-allocate 4KB capacity to reduce reallocations - - // Real-time usage estimation state - // These track when to send periodic usage updates during streaming - var lastUsageUpdateLen int // Last accumulated content length when usage was sent - var lastUsageUpdateTime = time.Now() // Last time usage update was sent - var lastReportedOutputTokens int64 // Last reported output token count - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamCreditUsage float64 // Credit usage from upstream (e.g., 1.458) - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - var hasUpstreamUsage bool // Whether we received usage from upstream - - // Translator param for maintaining tool call state across streaming events - // IMPORTANT: This must persist across all TranslateStream calls - var translatorParam any - - // Thinking mode state tracking - tag-based parsing for tags in content - inThinkBlock := false // Whether we're currently inside a block - isThinkingBlockOpen := false // Track if thinking content block SSE event is open - thinkingBlockIndex := -1 // Index of the thinking content block - var accumulatedThinkingContent strings.Builder // Accumulate thinking content for token counting - - // Buffer for handling partial tag matches at chunk boundaries - var pendingContent strings.Builder // Buffer content that might be part of a tag - - // Pre-calculate input tokens from request if possible - // Kiro uses Claude format, so try Claude format first, then OpenAI format, then fallback - if enc, err := getTokenizer(model); err == nil { - var inputTokens int64 - var countMethod string - - // Try Claude format first (Kiro uses Claude API format) - if inp, err := countClaudeChatTokens(enc, claudeBody); err == nil && inp > 0 { - inputTokens = inp - countMethod = "claude" - } else if inp, err := countOpenAIChatTokens(enc, originalReq); err == nil && inp > 0 { - // Fallback to OpenAI format (for OpenAI-compatible requests) - inputTokens = inp - countMethod = "openai" - } else { - // Final fallback: estimate from raw request size (roughly 4 chars per token) - inputTokens = int64(len(claudeBody) / 4) - if inputTokens == 0 && len(claudeBody) > 0 { - inputTokens = 1 - } - countMethod = "estimate" - } - - totalUsage.InputTokens = inputTokens - log.Debugf("kiro: streamToChannel pre-calculated input tokens: %d (method: %s, claude body: %d bytes, original req: %d bytes)", - totalUsage.InputTokens, countMethod, len(claudeBody), len(originalReq)) - } - - contentBlockIndex := -1 - messageStartSent := false - isTextBlockOpen := false - var outputLen int - - // Ensure usage is published even on early return - defer func() { - reporter.publish(ctx, totalUsage) - }() - - for { - select { - case <-ctx.Done(): - return - default: - } - - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - // Log the error - log.Errorf("kiro: streamToChannel error: %v", eventErr) - - // Send error to channel for client notification - out <- cliproxyexecutor.StreamChunk{Err: eventErr} - return - } - if msg == nil { - // Normal end of stream (EOF) - // Flush any incomplete tool use before ending stream - if currentToolUse != nil && !processedIDs[currentToolUse.ToolUseID] { - log.Warnf("kiro: flushing incomplete tool use at EOF: %s (ID: %s)", currentToolUse.Name, currentToolUse.ToolUseID) - fullInput := currentToolUse.InputBuffer.String() - repairedJSON := kiroclaude.RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse incomplete tool input at EOF: %v", err) - finalInput = make(map[string]interface{}) - } - - processedIDs[currentToolUse.ToolUseID] = true - contentBlockIndex++ - - // Send tool_use content block - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", currentToolUse.ToolUseID, currentToolUse.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send tool input as delta - inputBytes, _ := json.Marshal(finalInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputBytes), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true - currentToolUse = nil - } - - // DISABLED: Tag-based pending character flushing - // This code block was used for tag-based thinking detection which has been - // replaced by reasoningContentEvent handling. No pending tag chars to flush. - // Original code preserved in git history. - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Warnf("kiro: failed to unmarshal event payload: %v, raw: %s", err, string(payload)) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s - %s", errType, errMsg)} - return - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s", errMsg)} - return - } - - // Extract stop_reason from various event formats (streaming) - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason (top-level): %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason (top-level): %s", upstreamStopReason) - } - - // Send message_start on first event - if !messageStartSent { - msgStart := kiroclaude.BuildClaudeMessageStartEvent(model, totalUsage.InputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - messageStartSent = true - } - - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: streamToChannel ignoring followupPrompt event") - continue - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in messageStopEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in messageStopEvent: %s", upstreamStopReason) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - upstreamCreditUsage = usageVal - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent: usage=%.4f %s", usageVal, unit) - } else { - // Try direct fields (event is meteringEvent itself) - if unit, ok := event["unit"].(string); ok { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent (direct): usage=%.4f %s", usage, unit) - } - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - - log.Errorf("kiro: streamToChannel received error event: type=%s, message=%s", errType, errMsg) - - // Send error to the stream and exit - if errMsg != "" { - out <- cliproxyexecutor.StreamChunk{ - Err: fmt.Errorf("kiro API error (%s): %s", errType, errMsg), - } - return - } - - case "invalidStateEvent": - // Handle invalid state events - log and continue (non-fatal) - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if stateEvent, ok := event["invalidStateEvent"].(map[string]interface{}); ok { - if msg, ok := stateEvent["message"].(string); ok { - errMsg = msg - } - } - log.Warnf("kiro: streamToChannel received invalidStateEvent: %s, continuing", errMsg) - continue - - case "assistantResponseEvent": - var contentDelta string - var toolUses []map[string]interface{} - - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if c, ok := assistantResp["content"].(string); ok { - contentDelta = c - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in assistantResponseEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in assistantResponseEvent: %s", upstreamStopReason) - } - // Extract tool uses from response - if tus, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - } - if contentDelta == "" { - if c, ok := event["content"].(string); ok { - contentDelta = c - } - } - // Direct tool uses - if tus, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - - // Handle text content with thinking mode support - if contentDelta != "" { - // NOTE: Duplicate content filtering was removed because it incorrectly - // filtered out legitimate repeated content (like consecutive newlines "\n\n"). - // Streaming naturally can have identical chunks that are valid content. - - outputLen += len(contentDelta) - // Accumulate content for streaming token calculation - accumulatedContent.WriteString(contentDelta) - - // Real-time usage estimation: Check if we should send a usage update - // This helps clients track context usage during long thinking sessions - shouldSendUsageUpdate := false - if accumulatedContent.Len()-lastUsageUpdateLen >= usageUpdateCharThreshold { - shouldSendUsageUpdate = true - } else if time.Since(lastUsageUpdateTime) >= usageUpdateTimeInterval && accumulatedContent.Len() > lastUsageUpdateLen { - shouldSendUsageUpdate = true - } - - if shouldSendUsageUpdate { - // Calculate current output tokens using tiktoken - var currentOutputTokens int64 - if enc, encErr := getTokenizer(model); encErr == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - currentOutputTokens = int64(tokenCount) - } - } - // Fallback to character estimation if tiktoken fails - if currentOutputTokens == 0 { - currentOutputTokens = int64(accumulatedContent.Len() / 4) - if currentOutputTokens == 0 { - currentOutputTokens = 1 - } - } - - // Only send update if token count has changed significantly (at least 10 tokens) - if currentOutputTokens > lastReportedOutputTokens+10 { - // Send ping event with usage information - // This is a non-blocking update that clients can optionally process - pingEvent := kiroclaude.BuildClaudePingEventWithUsage(totalUsage.InputTokens, currentOutputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, pingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - lastReportedOutputTokens = currentOutputTokens - log.Debugf("kiro: sent real-time usage update - input: %d, output: %d (accumulated: %d chars)", - totalUsage.InputTokens, currentOutputTokens, accumulatedContent.Len()) - } - - lastUsageUpdateLen = accumulatedContent.Len() - lastUsageUpdateTime = time.Now() - } - - // TAG-BASED THINKING PARSING: Parse tags from content - // Combine pending content with new content for processing - pendingContent.WriteString(contentDelta) - processContent := pendingContent.String() - pendingContent.Reset() - - // Process content looking for thinking tags - for len(processContent) > 0 { - if inThinkBlock { - // We're inside a thinking block, look for - endIdx := strings.Index(processContent, kirocommon.ThinkingEndTag) - if endIdx >= 0 { - // Found end tag - emit thinking content before the tag - thinkingText := processContent[:endIdx] - if thinkingText != "" { - // Ensure thinking block is open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send thinking delta - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(thinkingText) - } - // Close thinking block - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - inThinkBlock = false - processContent = processContent[endIdx+len(kirocommon.ThinkingEndTag):] - log.Debugf("kiro: closed thinking block, remaining content: %d chars", len(processContent)) - } else { - // No end tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingEndTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingEndTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as thinking content - if processContent != "" { - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(processContent, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(processContent) - } - } - processContent = "" - } - } else { - // Not in thinking block, look for - startIdx := strings.Index(processContent, kirocommon.ThinkingStartTag) - if startIdx >= 0 { - // Found start tag - emit text content before the tag - textBefore := processContent[:startIdx] - if textBefore != "" { - // Close thinking block if open - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - // Ensure text block is open - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send text delta - claudeEvent := kiroclaude.BuildClaudeStreamEvent(textBefore, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Close text block before entering thinking - if isTextBlockOpen { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - inThinkBlock = true - processContent = processContent[startIdx+len(kirocommon.ThinkingStartTag):] - log.Debugf("kiro: entered thinking block") - } else { - // No start tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingStartTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingStartTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as text content - if processContent != "" { - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - claudeEvent := kiroclaude.BuildClaudeStreamEvent(processContent, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - processContent = "" - } - } - } - } - - // Handle tool uses in response (with deduplication) - for _, tu := range toolUses { - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use in stream: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - hasToolUses = true - // Close text block if open before starting tool_use block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Emit tool_use content block - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", toolUseID, toolName) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send input_json_delta with the tool input - if input, ok := tu["input"].(map[string]interface{}); ok { - inputJSON, err := json.Marshal(input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input: %v", err) - // Don't continue - still need to close the block - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - // Close tool_use block (always close even if input marshal failed) - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "reasoningContentEvent": - // Handle official reasoningContentEvent from Kiro API - // This replaces tag-based thinking detection with the proper event type - // Official format: { text: string, signature?: string, redactedContent?: base64 } - var thinkingText string - var signature string - - if re, ok := event["reasoningContentEvent"].(map[string]interface{}); ok { - if text, ok := re["text"].(string); ok { - thinkingText = text - } - if sig, ok := re["signature"].(string); ok { - signature = sig - if len(sig) > 20 { - log.Debugf("kiro: reasoningContentEvent has signature: %s...", sig[:20]) - } else { - log.Debugf("kiro: reasoningContentEvent has signature: %s", sig) - } - } - } else { - // Try direct fields - if text, ok := event["text"].(string); ok { - thinkingText = text - } - if sig, ok := event["signature"].(string); ok { - signature = sig - } - } - - if thinkingText != "" { - // Close text block if open before starting thinking block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Start thinking block if not already open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Send thinking content - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Accumulate for token counting - accumulatedThinkingContent.WriteString(thinkingText) - log.Debugf("kiro: received reasoningContentEvent, text length: %d, has signature: %v", len(thinkingText), signature != "") - } - - // Note: We don't close the thinking block here - it will be closed when we see - // the next assistantResponseEvent or at the end of the stream - _ = signature // Signature can be used for verification if needed - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - - // Emit completed tool uses - for _, tu := range completedToolUses { - // Check if this tool was truncated - emit with SOFT_LIMIT_REACHED marker - if tu.IsTruncated { - hasTruncatedTools = true - log.Infof("kiro: streamToChannel emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", tu.Name, tu.ToolUseID) - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - // Emit tool_use with SOFT_LIMIT_REACHED marker input - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Build SOFT_LIMIT_REACHED marker input - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - markerJSON, _ := json.Marshal(markerInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(markerJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close tool_use block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true // Keep this so stop_reason = tool_use - continue - } - - hasToolUses = true - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - if tu.Input != nil { - inputJSON, err := json.Marshal(tu.Input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input in toolUseEvent: %v", err) - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found precise outputTokens in tokenUsage: %d", totalUsage.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Infof("kiro: streamToChannel found precise totalTokens in tokenUsage: %d", totalUsage.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - totalUsage.InputTokens = int64(uncachedInputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found uncachedInputTokens in tokenUsage: %d", totalUsage.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if totalUsage.InputTokens > 0 { - totalUsage.InputTokens += int64(cacheReadTokens) - } else { - totalUsage.InputTokens = int64(cacheReadTokens) - } - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in messageMetadataEvent: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in messageMetadataEvent: %d", totalUsage.OutputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in messageMetadataEvent: %d", totalUsage.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found inputTokens in usageEvent: %d", totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found outputTokens in usageEvent: %d", totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in usageEvent: %d", totalUsage.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object: input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: streamToChannel found metricsEvent: input=%d, output=%d", - totalUsage.InputTokens, totalUsage.OutputTokens) - - } - default: - // Check for upstream usage events from Kiro API - // Format: {"unit":"credit","unitPlural":"credits","usage":1.458} - if unit, ok := event["unit"].(string); ok && unit == "credit" { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Debugf("kiro: received upstream credit usage: %.4f", upstreamCreditUsage) - } - } - // Format: {"contextUsagePercentage":78.56} - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: received upstream context usage: %.2f%%", upstreamContextPercentage) - } - - // Check for token counts in unknown events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in event %s: %d", eventType, totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in event %s: %d", eventType, totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in event %s: %d", eventType, totalUsage.TotalTokens) - } - - // Check for usage object in unknown events (OpenAI/Claude format) - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object in event %s: input=%d, output=%d, total=%d", - eventType, totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Log unknown event types for debugging (to discover new event formats) - if eventType != "" { - log.Debugf("kiro: streamToChannel unknown event type: %s, payload: %s", eventType, string(payload)) - } - - } - - // Check nested usage event - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - - // Check for direct token fields in any event (fallback) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found direct inputTokens: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found direct outputTokens: %d", totalUsage.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if totalUsage.InputTokens == 0 || totalUsage.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if totalUsage.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: streamToChannel found usage object (fallback): input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - } - } - - // Close content block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Streaming token calculation - calculate output tokens from accumulated content - // Only use local estimation if server didn't provide usage (server-side usage takes priority) - if totalUsage.OutputTokens == 0 && accumulatedContent.Len() > 0 { - // Try to use tiktoken for accurate counting - if enc, err := getTokenizer(model); err == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - totalUsage.OutputTokens = int64(tokenCount) - log.Debugf("kiro: streamToChannel calculated output tokens using tiktoken: %d", totalUsage.OutputTokens) - } else { - // Fallback on count error: estimate from character count - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel tiktoken count failed, estimated from chars: %d", totalUsage.OutputTokens) - } - } else { - // Fallback: estimate from character count (roughly 4 chars per token) - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel estimated output tokens from chars: %d (content len: %d)", totalUsage.OutputTokens, accumulatedContent.Len()) - } - } else if totalUsage.OutputTokens == 0 && outputLen > 0 { - // Legacy fallback using outputLen - totalUsage.OutputTokens = int64(outputLen / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - // Note: The effective input context is ~170k (200k - 30k reserved for output) - if upstreamContextPercentage > 0 { - // Calculate input tokens from context percentage - // Using 200k as the base since that's what Kiro reports against - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - - // Only use calculated value if it's significantly different from local estimate - // This provides more accurate token counts based on upstream data - if calculatedInputTokens > 0 { - localEstimate := totalUsage.InputTokens - totalUsage.InputTokens = calculatedInputTokens - log.Debugf("kiro: using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - totalUsage.TotalTokens = totalUsage.InputTokens + totalUsage.OutputTokens - - // Log upstream usage information if received - if hasUpstreamUsage { - log.Debugf("kiro: upstream usage - credits: %.4f, context: %.2f%%, final tokens - input: %d, output: %d, total: %d", - upstreamCreditUsage, upstreamContextPercentage, - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Determine stop reason: prefer upstream, then detect tool_use, default to end_turn - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - stopReason := upstreamStopReason - if hasTruncatedTools { - // Log that we're using SOFT_LIMIT_REACHED approach - log.Infof("kiro: streamToChannel using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use for truncated tools") - } - if stopReason == "" { - if hasToolUses { - stopReason = "tool_use" - log.Debugf("kiro: streamToChannel using fallback stop_reason: tool_use") - } else { - stopReason = "end_turn" - log.Debugf("kiro: streamToChannel using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (streamToChannel)") - } - - // Send message_delta event - msgDelta := kiroclaude.BuildClaudeMessageDeltaEvent(stopReason, totalUsage) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send message_stop event separately - msgStop := kiroclaude.BuildClaudeMessageStopOnlyEvent() - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - // reporter.publish is called via defer -} - -// NOTE: Claude SSE event builders moved to pkg/llmproxy/translator/kiro/claude/kiro_claude_stream.go -// The executor now uses kiroclaude.BuildClaude*Event() functions instead - -// CountTokens counts tokens locally using tiktoken since Kiro API doesn't expose a token counting endpoint. -// This provides approximate token counts for client requests. -func (e *KiroExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Use tiktoken for local token counting - enc, err := getTokenizer(req.Model) - if err != nil { - log.Warnf("kiro: CountTokens failed to get tokenizer: %v, falling back to estimate", err) - // Fallback: estimate from payload size (roughly 4 chars per token) - estimatedTokens := len(req.Payload) / 4 - if estimatedTokens == 0 && len(req.Payload) > 0 { - estimatedTokens = 1 - } - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, estimatedTokens)), - }, nil - } - - // Try to count tokens from the request payload - var totalTokens int64 - - // Try OpenAI chat format first - if tokens, countErr := countOpenAIChatTokens(enc, req.Payload); countErr == nil && tokens > 0 { - totalTokens = tokens - log.Debugf("kiro: CountTokens counted %d tokens using OpenAI chat format", totalTokens) - } else { - // Fallback: count raw payload tokens - if tokenCount, countErr := enc.Count(string(req.Payload)); countErr == nil { - totalTokens = int64(tokenCount) - log.Debugf("kiro: CountTokens counted %d tokens from raw payload", totalTokens) - } else { - // Final fallback: estimate from payload size - totalTokens = int64(len(req.Payload) / 4) - if totalTokens == 0 && len(req.Payload) > 0 { - totalTokens = 1 - } - log.Debugf("kiro: CountTokens estimated %d tokens from payload size", totalTokens) - } - } - - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, totalTokens)), - }, nil -} - -// Refresh refreshes the Kiro OAuth token. -// Supports both AWS Builder ID (SSO OIDC) and Google OAuth (social login). -// Uses mutex to prevent race conditions when multiple concurrent requests try to refresh. -func (e *KiroExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - // Serialize token refresh operations to prevent race conditions - e.refreshMu.Lock() - defer e.refreshMu.Unlock() - - var authID string - if auth != nil { - authID = auth.ID - } else { - authID = "" - } - log.Debugf("kiro executor: refresh called for auth %s", authID) - if auth == nil { - return nil, fmt.Errorf("kiro executor: auth is nil") - } - - // Double-check: After acquiring lock, verify token still needs refresh - // Another goroutine may have already refreshed while we were waiting - // NOTE: This check has a design limitation - it reads from the auth object passed in, - // not from persistent storage. If another goroutine returns a new Auth object (via Clone), - // this check won't see those updates. The mutex still prevents truly concurrent refreshes, - // but queued goroutines may still attempt redundant refreshes. This is acceptable as - // the refresh operation is idempotent and the extra API calls are infrequent. - if auth.Metadata != nil { - if lastRefresh, ok := auth.Metadata["last_refresh"].(string); ok { - if refreshTime, err := time.Parse(time.RFC3339, lastRefresh); err == nil { - // If token was refreshed within the last 30 seconds, skip refresh - if time.Since(refreshTime) < 30*time.Second { - log.Debugf("kiro executor: token was recently refreshed by another goroutine, skipping") - return auth, nil - } - } - } - // Also check if expires_at is now in the future with sufficient buffer - if expiresAt, ok := auth.Metadata["expires_at"].(string); ok { - if expTime, err := time.Parse(time.RFC3339, expiresAt); err == nil { - // If token expires more than 20 minutes from now, it's still valid - if time.Until(expTime) > 20*time.Minute { - log.Debugf("kiro executor: token is still valid (expires in %v), skipping refresh", time.Until(expTime)) - // CRITICAL FIX: Set NextRefreshAfter to prevent frequent refresh checks - // Without this, shouldRefresh() will return true again in 30 seconds - updated := auth.Clone() - // Set next refresh to 20 minutes before expiry, or at least 30 seconds from now - nextRefresh := expTime.Add(-20 * time.Minute) - minNextRefresh := time.Now().Add(30 * time.Second) - if nextRefresh.Before(minNextRefresh) { - nextRefresh = minNextRefresh - } - updated.NextRefreshAfter = nextRefresh - log.Debugf("kiro executor: setting NextRefreshAfter to %v (in %v)", nextRefresh.Format(time.RFC3339), time.Until(nextRefresh)) - return updated, nil - } - } - } - } - - var refreshToken string - var clientID, clientSecret string - var authMethod string - var region, startURL string - - if auth.Metadata != nil { - refreshToken = getMetadataString(auth.Metadata, "refresh_token", "refreshToken") - clientID = getMetadataString(auth.Metadata, "client_id", "clientId") - clientSecret = getMetadataString(auth.Metadata, "client_secret", "clientSecret") - authMethod = strings.ToLower(getMetadataString(auth.Metadata, "auth_method", "authMethod")) - region = getMetadataString(auth.Metadata, "region") - startURL = getMetadataString(auth.Metadata, "start_url", "startUrl") - } - - if refreshToken == "" { - return nil, fmt.Errorf("kiro executor: refresh token not found") - } - - var tokenData *kiroauth.KiroTokenData - var err error - - ssoClient := kiroauth.NewSSOOIDCClient(e.cfg) - - // Use SSO OIDC refresh for AWS Builder ID or IDC, otherwise use Kiro's OAuth refresh endpoint - switch { - case clientID != "" && clientSecret != "" && authMethod == "idc" && region != "": - // IDC refresh with region-specific endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for IDC (region=%s)", region) - tokenData, err = ssoClient.RefreshTokenWithRegion(ctx, clientID, clientSecret, refreshToken, region, startURL) - case clientID != "" && clientSecret != "" && authMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for AWS Builder ID") - tokenData, err = ssoClient.RefreshToken(ctx, clientID, clientSecret, refreshToken) - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("kiro executor: using Kiro OAuth refresh endpoint") - oauth := kiroauth.NewKiroOAuth(e.cfg) - tokenData, err = oauth.RefreshToken(ctx, refreshToken) - } - - if err != nil { - return nil, fmt.Errorf("kiro executor: token refresh failed: %w", err) - } - - updated := auth.Clone() - now := time.Now() - updated.UpdatedAt = now - updated.LastRefreshedAt = now - - if updated.Metadata == nil { - updated.Metadata = make(map[string]any) - } - updated.Metadata["access_token"] = tokenData.AccessToken - updated.Metadata["refresh_token"] = tokenData.RefreshToken - updated.Metadata["expires_at"] = tokenData.ExpiresAt - updated.Metadata["last_refresh"] = now.Format(time.RFC3339) - if tokenData.ProfileArn != "" { - updated.Metadata["profile_arn"] = tokenData.ProfileArn - } - if tokenData.AuthMethod != "" { - updated.Metadata["auth_method"] = tokenData.AuthMethod - } - if tokenData.Provider != "" { - updated.Metadata["provider"] = tokenData.Provider - } - // Preserve client credentials for future refreshes (AWS Builder ID) - if tokenData.ClientID != "" { - updated.Metadata["client_id"] = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - updated.Metadata["client_secret"] = tokenData.ClientSecret - } - // Preserve region and start_url for IDC token refresh - if tokenData.Region != "" { - updated.Metadata["region"] = tokenData.Region - } - if tokenData.StartURL != "" { - updated.Metadata["start_url"] = tokenData.StartURL - } - - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - updated.Attributes["access_token"] = tokenData.AccessToken - if tokenData.ProfileArn != "" { - updated.Attributes["profile_arn"] = tokenData.ProfileArn - } - - // NextRefreshAfter is aligned with RefreshLead (20min) - if expiresAt, parseErr := time.Parse(time.RFC3339, tokenData.ExpiresAt); parseErr == nil { - updated.NextRefreshAfter = expiresAt.Add(-20 * time.Minute) - } - - log.Infof("kiro executor: token refreshed successfully, expires at %s", tokenData.ExpiresAt) - return updated, nil -} - -// persistRefreshedAuth persists a refreshed auth record to disk. -// This ensures token refreshes from inline retry are saved to the auth file. -func (e *KiroExecutor) persistRefreshedAuth(auth *cliproxyauth.Auth) error { - if auth == nil || auth.Metadata == nil { - return fmt.Errorf("kiro executor: cannot persist nil auth or metadata") - } - - // Determine the file path from auth attributes or filename - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return fmt.Errorf("kiro executor: auth has no file path or filename") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return fmt.Errorf("kiro executor: cannot determine auth file path") - } - } - - // Marshal metadata to JSON - raw, err := json.Marshal(auth.Metadata) - if err != nil { - return fmt.Errorf("kiro executor: marshal metadata failed: %w", err) - } - - // Write to temp file first, then rename (atomic write) - tmp := authPath + ".tmp" - if err := os.WriteFile(tmp, raw, 0o600); err != nil { - return fmt.Errorf("kiro executor: write temp auth file failed: %w", err) - } - if err := os.Rename(tmp, authPath); err != nil { - return fmt.Errorf("kiro executor: rename auth file failed: %w", err) - } - - log.Debugf("kiro executor: persisted refreshed auth to %s", authPath) - return nil -} - -// reloadAuthFromFile 从文件重新加载 auth 数据(方案 B: Fallback 机制) -// 当内存中的 token 已过期时,尝试从文件读取最新的 token -// 这解决了后台刷新器已更新文件但内存中 Auth 对象尚未同步的时间差问题 -func (e *KiroExecutor) reloadAuthFromFile(auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, fmt.Errorf("kiro executor: cannot reload nil auth") - } - - // 确定文件路径 - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return nil, fmt.Errorf("kiro executor: auth has no file path or filename for reload") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return nil, fmt.Errorf("kiro executor: cannot determine auth file path for reload") - } - } - - // 读取文件 - raw, err := os.ReadFile(authPath) - if err != nil { - return nil, fmt.Errorf("kiro executor: failed to read auth file %s: %w", authPath, err) - } - - // 解析 JSON - var metadata map[string]any - if err := json.Unmarshal(raw, &metadata); err != nil { - return nil, fmt.Errorf("kiro executor: failed to parse auth file %s: %w", authPath, err) - } - - // 检查文件中的 token 是否比内存中的更新 - fileExpiresAt, _ := metadata["expires_at"].(string) - fileAccessToken, _ := metadata["access_token"].(string) - memExpiresAt, _ := auth.Metadata["expires_at"].(string) - memAccessToken, _ := auth.Metadata["access_token"].(string) - - // 文件中必须有有效的 access_token - if fileAccessToken == "" { - return nil, fmt.Errorf("kiro executor: auth file has no access_token field") - } - - // 如果有 expires_at,检查是否过期 - if fileExpiresAt != "" { - fileExpTime, parseErr := time.Parse(time.RFC3339, fileExpiresAt) - if parseErr == nil { - // 如果文件中的 token 也已过期,不使用它 - if time.Now().After(fileExpTime) { - log.Debugf("kiro executor: file token also expired at %s, not using", fileExpiresAt) - return nil, fmt.Errorf("kiro executor: file token also expired") - } - } - } - - // 判断文件中的 token 是否比内存中的更新 - // 条件1: access_token 不同(说明已刷新) - // 条件2: expires_at 更新(说明已刷新) - isNewer := false - - // 优先检查 access_token 是否变化 - if fileAccessToken != memAccessToken { - isNewer = true - log.Debugf("kiro executor: file access_token differs from memory, using file token") - } - - // 如果 access_token 相同,检查 expires_at - if !isNewer && fileExpiresAt != "" && memExpiresAt != "" { - fileExpTime, fileParseErr := time.Parse(time.RFC3339, fileExpiresAt) - memExpTime, memParseErr := time.Parse(time.RFC3339, memExpiresAt) - if fileParseErr == nil && memParseErr == nil && fileExpTime.After(memExpTime) { - isNewer = true - log.Debugf("kiro executor: file expires_at (%s) is newer than memory (%s)", fileExpiresAt, memExpiresAt) - } - } - - // 如果文件中没有 expires_at 但 access_token 相同,无法判断是否更新 - if !isNewer && fileExpiresAt == "" && fileAccessToken == memAccessToken { - return nil, fmt.Errorf("kiro executor: cannot determine if file token is newer (no expires_at, same access_token)") - } - - if !isNewer { - log.Debugf("kiro executor: file token not newer than memory token") - return nil, fmt.Errorf("kiro executor: file token not newer") - } - - // 创建更新后的 auth 对象 - updated := auth.Clone() - updated.Metadata = metadata - updated.UpdatedAt = time.Now() - - // 同步更新 Attributes - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - if accessToken, ok := metadata["access_token"].(string); ok { - updated.Attributes["access_token"] = accessToken - } - if profileArn, ok := metadata["profile_arn"].(string); ok { - updated.Attributes["profile_arn"] = profileArn - } - - log.Infof("kiro executor: reloaded auth from file %s, new expires_at: %s", authPath, fileExpiresAt) - return updated, nil -} - -// isTokenExpired checks if a JWT access token has expired. -// Returns true if the token is expired or cannot be parsed. -func (e *KiroExecutor) isTokenExpired(accessToken string) bool { - if accessToken == "" { - return true - } - - // JWT tokens have 3 parts separated by dots - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - // Not a JWT token, assume not expired - return false - } - - // Decode the payload (second part) - // JWT uses base64url encoding without padding (RawURLEncoding) - payload := parts[1] - decoded, err := base64.RawURLEncoding.DecodeString(payload) - if err != nil { - // Try with padding added as fallback - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - decoded, err = base64.URLEncoding.DecodeString(payload) - if err != nil { - log.Debugf("kiro: failed to decode JWT payload: %v", err) - return false - } - } - - var claims struct { - Exp int64 `json:"exp"` - } - if err := json.Unmarshal(decoded, &claims); err != nil { - log.Debugf("kiro: failed to parse JWT claims: %v", err) - return false - } - - if claims.Exp == 0 { - // No expiration claim, assume not expired - return false - } - - expTime := time.Unix(claims.Exp, 0) - now := time.Now() - - // Consider token expired if it expires within 1 minute (buffer for clock skew) - isExpired := now.After(expTime) || expTime.Sub(now) < time.Minute - if isExpired { - log.Debugf("kiro: token expired at %s (now: %s)", expTime.Format(time.RFC3339), now.Format(time.RFC3339)) - } - - return isExpired -} - -// ══════════════════════════════════════════════════════════════════════════════ -// Web Search Handler (MCP API) -// ══════════════════════════════════════════════════════════════════════════════ - -// fetchToolDescription caching: -// Uses a mutex + fetched flag to ensure only one goroutine fetches at a time, -// with automatic retry on failure: -// - On failure, fetched stays false so subsequent calls will retry -// - On success, fetched is set to true — subsequent calls skip immediately (mutex-free fast path) -// The cached description is stored in the translator package via kiroclaude.SetWebSearchDescription(), -// enabling the translator's convertClaudeToolsToKiro to read it when building Kiro requests. -var ( - toolDescMu sync.Mutex - toolDescFetched atomic.Bool -) - -// fetchToolDescription calls MCP tools/list to get the web_search tool description -// and caches it. Safe to call concurrently — only one goroutine fetches at a time. -// If the fetch fails, subsequent calls will retry. On success, no further fetches occur. -// The httpClient parameter allows reusing a shared pooled HTTP client. -func fetchToolDescription(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) { - // Fast path: already fetched successfully, no lock needed - if toolDescFetched.Load() { - return - } - - toolDescMu.Lock() - defer toolDescMu.Unlock() - - // Double-check after acquiring lock - if toolDescFetched.Load() { - return - } - - handler := newWebSearchHandler(ctx, mcpEndpoint, authToken, httpClient, auth, authAttrs) - reqBody := []byte(`{"id":"tools_list","jsonrpc":"2.0","method":"tools/list"}`) - log.Debugf("kiro/websearch MCP tools/list request: %d bytes", len(reqBody)) - - req, err := http.NewRequestWithContext(ctx, "POST", mcpEndpoint, bytes.NewReader(reqBody)) - if err != nil { - log.Warnf("kiro/websearch: failed to create tools/list request: %v", err) - return - } - - // Reuse same headers as callMcpAPI - handler.setMcpHeaders(req) - - resp, err := handler.httpClient.Do(req) - if err != nil { - log.Warnf("kiro/websearch: tools/list request failed: %v", err) - return - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil || resp.StatusCode != http.StatusOK { - log.Warnf("kiro/websearch: tools/list returned status %d", resp.StatusCode) - return - } - log.Debugf("kiro/websearch MCP tools/list response: [%d] %d bytes", resp.StatusCode, len(body)) - - // Parse: {"result":{"tools":[{"name":"web_search","description":"..."}]}} - var result struct { - Result *struct { - Tools []struct { - Name string `json:"name"` - Description string `json:"description"` - } `json:"tools"` - } `json:"result"` - } - if err := json.Unmarshal(body, &result); err != nil || result.Result == nil { - log.Warnf("kiro/websearch: failed to parse tools/list response") - return - } - - for _, tool := range result.Result.Tools { - if tool.Name == "web_search" && tool.Description != "" { - kiroclaude.SetWebSearchDescription(tool.Description) - toolDescFetched.Store(true) // success — no more fetches - log.Infof("kiro/websearch: cached web_search description from tools/list (%d bytes)", len(tool.Description)) - return - } - } - - // web_search tool not found in response - log.Warnf("kiro/websearch: web_search tool not found in tools/list response") -} - -// webSearchHandler handles web search requests via Kiro MCP API -type webSearchHandler struct { - ctx context.Context - mcpEndpoint string - httpClient *http.Client - authToken string - auth *cliproxyauth.Auth // for applyDynamicFingerprint - authAttrs map[string]string // optional, for custom headers from auth.Attributes -} - -// newWebSearchHandler creates a new webSearchHandler. -// If httpClient is nil, a default client with 30s timeout is used. -// Pass a shared pooled client (e.g. from getKiroPooledHTTPClient) for connection reuse. -func newWebSearchHandler(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) *webSearchHandler { - if httpClient == nil { - httpClient = &http.Client{ - Timeout: 30 * time.Second, - } - } - return &webSearchHandler{ - ctx: ctx, - mcpEndpoint: mcpEndpoint, - httpClient: httpClient, - authToken: authToken, - auth: auth, - authAttrs: authAttrs, - } -} - -// setMcpHeaders sets standard MCP API headers on the request, -// aligned with the GAR request pattern. -func (h *webSearchHandler) setMcpHeaders(req *http.Request) { - // 1. Content-Type & Accept (aligned with GAR) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "*/*") - - // 2. Kiro-specific headers (aligned with GAR) - req.Header.Set("x-amzn-kiro-agent-mode", "vibe") - req.Header.Set("x-amzn-codewhisperer-optout", "true") - - // 3. User-Agent: Reuse applyDynamicFingerprint for consistency - applyDynamicFingerprint(req, h.auth) - - // 4. AWS SDK identifiers - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // 5. Authentication - req.Header.Set("Authorization", "Bearer "+h.authToken) - - // 6. Custom headers from auth attributes - util.ApplyCustomHeadersFromAttrs(req, h.authAttrs) -} - -// mcpMaxRetries is the maximum number of retries for MCP API calls. -const mcpMaxRetries = 2 - -// callMcpAPI calls the Kiro MCP API with the given request. -// Includes retry logic with exponential backoff for retryable errors. -func (h *webSearchHandler) callMcpAPI(request *kiroclaude.McpRequest) (*kiroclaude.McpResponse, error) { - requestBody, err := json.Marshal(request) - if err != nil { - return nil, fmt.Errorf("failed to marshal MCP request: %w", err) - } - log.Debugf("kiro/websearch MCP request → %s (%d bytes)", h.mcpEndpoint, len(requestBody)) - - var lastErr error - for attempt := 0; attempt <= mcpMaxRetries; attempt++ { - if attempt > 0 { - backoff := time.Duration(1< 10*time.Second { - backoff = 10 * time.Second - } - log.Warnf("kiro/websearch: MCP retry %d/%d after %v (last error: %v)", attempt, mcpMaxRetries, backoff, lastErr) - select { - case <-h.ctx.Done(): - return nil, h.ctx.Err() - case <-time.After(backoff): - } - } - - req, err := http.NewRequestWithContext(h.ctx, "POST", h.mcpEndpoint, bytes.NewReader(requestBody)) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP request: %w", err) - } - - h.setMcpHeaders(req) - - resp, err := h.httpClient.Do(req) - if err != nil { - lastErr = fmt.Errorf("MCP API request failed: %w", err) - continue // network error → retry - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read MCP response: %w", err) - continue // read error → retry - } - log.Debugf("kiro/websearch MCP response ← [%d] (%d bytes)", resp.StatusCode, len(body)) - - // Retryable HTTP status codes (aligned with GAR: 502, 503, 504) - if resp.StatusCode >= 502 && resp.StatusCode <= 504 { - lastErr = fmt.Errorf("MCP API returned retryable status %d: %s", resp.StatusCode, string(body)) - continue - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("MCP API returned status %d: %s", resp.StatusCode, string(body)) - } - - var mcpResponse kiroclaude.McpResponse - if err := json.Unmarshal(body, &mcpResponse); err != nil { - return nil, fmt.Errorf("failed to parse MCP response: %w", err) - } - - if mcpResponse.Error != nil { - code := -1 - if mcpResponse.Error.Code != nil { - code = *mcpResponse.Error.Code - } - msg := "Unknown error" - if mcpResponse.Error.Message != nil { - msg = *mcpResponse.Error.Message - } - return nil, fmt.Errorf("MCP error %d: %s", code, msg) - } - - return &mcpResponse, nil - } - - return nil, lastErr -} - -// webSearchAuthAttrs extracts auth attributes for MCP calls. -// Used by handleWebSearch and handleWebSearchStream to pass custom headers. -func webSearchAuthAttrs(auth *cliproxyauth.Auth) map[string]string { - if auth != nil { - return auth.Attributes - } - return nil -} - -const maxWebSearchIterations = 5 - -// handleWebSearchStream handles web_search requests: -// Step 1: tools/list (sync) → fetch/cache tool description -// Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop -// Note: We skip the "model decides to search" step because Claude Code already -// decided to use web_search. The Kiro tool description restricts non-coding -// topics, so asking the model again would cause it to refuse valid searches. -func (e *KiroExecutor) handleWebSearchStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: failed to extract search query, falling back to normal flow") - return e.callKiroDirectStream(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // ── Step 1: tools/list (SYNC) — cache tool description ── - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Create output channel - out := make(chan cliproxyexecutor.StreamChunk) - - // Usage reporting: track web search requests like normal streaming requests - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - - go func() { - var wsErr error - defer reporter.trackFailure(ctx, &wsErr) - defer close(out) - - // Estimate input tokens using tokenizer (matching streamToChannel pattern) - var totalUsage usage.Detail - if enc, tokErr := getTokenizer(req.Model); tokErr == nil { - if inp, e := countClaudeChatTokens(enc, req.Payload); e == nil && inp > 0 { - totalUsage.InputTokens = inp - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - if totalUsage.InputTokens == 0 && len(req.Payload) > 0 { - totalUsage.InputTokens = 1 - } - var accumulatedOutputLen int - defer func() { - if wsErr != nil { - return // let trackFailure handle failure reporting - } - totalUsage.OutputTokens = int64(accumulatedOutputLen / 4) - if accumulatedOutputLen > 0 && totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - reporter.publish(ctx, totalUsage) - }() - - // Send message_start event to client (aligned with streamToChannel pattern) - // Use payloadRequestedModel to return user's original model alias - msgStart := kiroclaude.BuildClaudeMessageStartEvent( - payloadRequestedModel(opts, req.Model), - totalUsage.InputTokens, - ) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(msgStart, '\n', '\n')}: - } - - // ── Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop ── - contentBlockIndex := 0 - currentQuery := query - - // Replace web_search tool description with a minimal one that allows re-search. - // The original tools/list description from Kiro restricts non-coding topics, - // but we've already decided to search. We keep the tool so the model can - // request additional searches when results are insufficient. - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - currentClaudePayload := simplifiedPayload - totalSearches := 0 - - // Generate toolUseId for the first iteration (Claude Code already decided to search) - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - - for iteration := 0; iteration < maxWebSearchIterations; iteration++ { - log.Infof("kiro/websearch: search iteration %d/%d", - iteration+1, maxWebSearchIterations) - - // MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(currentQuery) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - totalSearches++ - log.Infof("kiro/websearch: iteration %d — got %d search results", iteration+1, resultCount) - - // Send search indicator events to client - searchEvents := kiroclaude.GenerateSearchIndicatorEvents(currentQuery, currentToolUseId, searchResults, contentBlockIndex) - for _, event := range searchEvents { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: event}: - } - } - contentBlockIndex += 2 - - // Inject tool_use + tool_result into Claude payload, then call GAR - var err error - currentClaudePayload, err = kiroclaude.InjectToolResultsClaude(currentClaudePayload, currentToolUseId, currentQuery, searchResults) - if err != nil { - log.Warnf("kiro/websearch: failed to inject tool results: %v", err) - wsErr = fmt.Errorf("failed to inject tool results: %w", err) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Call GAR with modified Claude payload (full translation pipeline) - modifiedReq := req - modifiedReq.Payload = currentClaudePayload - kiroChunks, kiroErr := e.callKiroAndBuffer(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if kiroErr != nil { - log.Warnf("kiro/websearch: Kiro API failed at iteration %d: %v", iteration+1, kiroErr) - wsErr = fmt.Errorf("kiro API failed at iteration %d: %w", iteration+1, kiroErr) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Analyze response - analysis := kiroclaude.AnalyzeBufferedStream(kiroChunks) - log.Infof("kiro/websearch: iteration %d — stop_reason: %s, has_tool_use: %v", - iteration+1, analysis.StopReason, analysis.HasWebSearchToolUse) - - if analysis.HasWebSearchToolUse && analysis.WebSearchQuery != "" && iteration+1 < maxWebSearchIterations { - // Model wants another search - filteredChunks := kiroclaude.FilterChunksForClient(kiroChunks, analysis.WebSearchToolUseIndex, contentBlockIndex) - for _, chunk := range filteredChunks { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - - currentQuery = analysis.WebSearchQuery - currentToolUseId = analysis.WebSearchToolUseId - continue - } - - // Model returned final response — stream to client - for _, chunk := range kiroChunks { - if contentBlockIndex > 0 && len(chunk) > 0 { - adjusted, shouldForward := kiroclaude.AdjustSSEChunk(chunk, contentBlockIndex) - if !shouldForward { - continue - } - accumulatedOutputLen += len(adjusted) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: adjusted}: - } - } else { - accumulatedOutputLen += len(chunk) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - } - log.Infof("kiro/websearch: completed after %d search iteration(s), total searches: %d", iteration+1, totalSearches) - return - } - - log.Warnf("kiro/websearch: reached max iterations (%d), stopping search loop", maxWebSearchIterations) - }() - - return out, nil -} - -// handleWebSearch handles web_search requests for non-streaming Execute path. -// Performs MCP search synchronously, injects results into the request payload, -// then calls the normal non-streaming Kiro API path which returns a proper -// Claude JSON response (not SSE chunks). -func (e *KiroExecutor) handleWebSearch( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: non-stream: failed to extract search query, falling back to normal Execute") - // Fall through to normal non-streaming path - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // Step 1: Fetch/cache tool description (sync) - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Step 2: Perform MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(query) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: non-stream: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - log.Infof("kiro/websearch: non-stream: got %d search results", resultCount) - - // Step 3: Replace restrictive web_search tool description (align with streaming path) - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - // Step 4: Inject search tool_use + tool_result into Claude payload - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - modifiedPayload, err := kiroclaude.InjectToolResultsClaude(simplifiedPayload, currentToolUseId, query, searchResults) - if err != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject tool results: %v, falling back", err) - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Step 5: Call Kiro API via the normal non-streaming path (executeWithRetry) - // This path uses parseEventStream → BuildClaudeResponse → TranslateNonStream - // to produce a proper Claude JSON response - modifiedReq := req - modifiedReq.Payload = modifiedPayload - - resp, err := e.executeNonStreamFallback(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if err != nil { - return resp, err - } - - // Step 6: Inject server_tool_use + web_search_tool_result into response - // so Claude Code can display "Did X searches in Ys" - indicators := []kiroclaude.SearchIndicator{ - { - ToolUseID: currentToolUseId, - Query: query, - Results: searchResults, - }, - } - injectedPayload, injErr := kiroclaude.InjectSearchIndicatorsInResponse(resp.Payload, indicators) - if injErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject search indicators: %v", injErr) - } else { - resp.Payload = injectedPayload - } - - return resp, nil -} - -// callKiroAndBuffer calls the Kiro API and buffers all response chunks. -// Returns the buffered chunks for analysis before forwarding to client. -// Usage reporting is NOT done here — the caller (handleWebSearchStream) manages its own reporter. -func (e *KiroExecutor) callKiroAndBuffer( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) ([][]byte, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - log.Debugf("kiro/websearch GAR request: %d bytes", len(body)) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - kiroStream, err := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, - body, from, nil, kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - if err != nil { - return nil, err - } - - // Buffer all chunks - var chunks [][]byte - for chunk := range kiroStream { - if chunk.Err != nil { - return chunks, chunk.Err - } - if len(chunk.Payload) > 0 { - chunks = append(chunks, bytes.Clone(chunk.Payload)) - } - } - - log.Debugf("kiro/websearch GAR response: %d chunks buffered", len(chunks)) - - return chunks, nil -} - -// callKiroDirectStream creates a direct streaming channel to Kiro API without search. -func (e *KiroExecutor) callKiroDirectStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var streamErr error - defer reporter.trackFailure(ctx, &streamErr) - - stream, streamErr := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, - body, from, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - return stream, streamErr -} - -// sendFallbackText sends a simple text response when the Kiro API fails during the search loop. -// Delegates SSE event construction to kiroclaude.BuildFallbackTextEvents() for alignment -// with how streamToChannel() uses BuildClaude*Event() functions. -func (e *KiroExecutor) sendFallbackText( - ctx context.Context, - out chan<- cliproxyexecutor.StreamChunk, - contentBlockIndex int, - query string, - searchResults *kiroclaude.WebSearchResults, -) { - events := kiroclaude.BuildFallbackTextEvents(contentBlockIndex, query, searchResults) - for _, event := range events { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(event, '\n', '\n')}: - } - } -} - -// executeNonStreamFallback runs the standard non-streaming Execute path for a request. -// Used by handleWebSearch after injecting search results, or as a fallback. -func (e *KiroExecutor) executeNonStreamFallback( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var err error - defer reporter.trackFailure(ctx, &err) - - resp, err := e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, to, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} - -func (e *KiroExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_extra_test.go deleted file mode 100644 index 98cec297e2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_extra_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package executor - -import ( - "testing" -) - -func TestKiroExecutor_MapModelToKiro(t *testing.T) { - e := &KiroExecutor{} - - tests := []struct { - model string - want string - }{ - {"amazonq-claude-opus-4-6", "claude-opus-4.6"}, - {"kiro-claude-sonnet-4-5", "claude-sonnet-4.5"}, - {"claude-haiku-4.5", "claude-haiku-4.5"}, - {"claude-opus-4.6-agentic", "claude-opus-4.6"}, - {"unknown-haiku-model", "claude-haiku-4.5"}, - {"claude-3.7-sonnet", "claude-3-7-sonnet-20250219"}, - {"claude-4.5-sonnet", "claude-sonnet-4.5"}, - {"something-else", "claude-sonnet-4.5"}, // Default fallback - } - - for _, tt := range tests { - got := e.mapModelToKiro(tt.model) - if got != tt.want { - t.Errorf("mapModelToKiro(%q) = %q, want %q", tt.model, got, tt.want) - } - } -} - -func TestDetermineAgenticMode(t *testing.T) { - tests := []struct { - model string - isAgentic bool - isChatOnly bool - }{ - {"claude-opus-4.6-agentic", true, false}, - {"claude-opus-4.6-chat", false, true}, - {"claude-opus-4.6", false, false}, - {"anything-else", false, false}, - } - - for _, tt := range tests { - isAgentic, isChatOnly := determineAgenticMode(tt.model) - if isAgentic != tt.isAgentic || isChatOnly != tt.isChatOnly { - t.Errorf("determineAgenticMode(%q) = (%v, %v), want (%v, %v)", tt.model, isAgentic, isChatOnly, tt.isAgentic, tt.isChatOnly) - } - } -} - -func TestExtractRegionFromProfileARN(t *testing.T) { - tests := []struct { - arn string - want string - }{ - {"arn:aws:iam:us-east-1:123456789012:role/name", "us-east-1"}, - {"arn:aws:iam:us-west-2:123456789012:role/name", "us-west-2"}, - {"arn:aws:iam::123456789012:role/name", ""}, // No region - {"", ""}, - } - - for _, tt := range tests { - got := extractRegionFromProfileARN(tt.arn) - if got != tt.want { - t.Errorf("extractRegionFromProfileARN(%q) = %q, want %q", tt.arn, got, tt.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_logging_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_logging_test.go deleted file mode 100644 index a42c3bc7ea..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_logging_test.go +++ /dev/null @@ -1,14 +0,0 @@ -package executor - -import "testing" - -func TestKiroModelFingerprint_RedactsRawModel(t *testing.T) { - raw := "user-custom-model-with-sensitive-suffix" - got := kiroModelFingerprint(raw) - if got == "" { - t.Fatal("expected non-empty fingerprint") - } - if got == raw { - t.Fatalf("fingerprint must not equal raw model: %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_metadata_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_metadata_test.go deleted file mode 100644 index 0ad89b6523..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/kiro_executor_metadata_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package executor - -import ( - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestGetEffectiveProfileArnWithWarning_UsesCamelCaseIDCMetadata(t *testing.T) { - auth := &cliproxyauth.Auth{ - Metadata: map[string]any{ - "authMethod": "IDC", - "clientId": "cid", - "clientSecret": "csecret", - }, - } - - if got := getEffectiveProfileArnWithWarning(auth, "arn:aws:codewhisperer:::profile/default"); got != "" { - t.Fatalf("expected empty profile ARN for IDC auth metadata, got %q", got) - } -} - -func TestGetMetadataString_PrefersFirstNonEmptyKey(t *testing.T) { - metadata := map[string]any{ - "client_id": "", - "clientId": "cid-camel", - } - - if got := getMetadataString(metadata, "client_id", "clientId"); got != "cid-camel" { - t.Fatalf("getMetadataString() = %q, want %q", got, "cid-camel") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/logging_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/logging_helpers.go deleted file mode 100644 index f74b1513c1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/logging_helpers.go +++ /dev/null @@ -1,448 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "html" - "net/http" - "sort" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - apiAttemptsKey = "API_UPSTREAM_ATTEMPTS" - apiRequestKey = "API_REQUEST" - apiResponseKey = "API_RESPONSE" - apiResponseTimestampKey = "API_RESPONSE_TIMESTAMP" -) - -type contextKey string - -const ginContextKey contextKey = "gin" - -// upstreamRequestLog captures the outbound upstream request details for logging. -type upstreamRequestLog struct { - URL string - Method string - Headers http.Header - Body []byte - Provider string - AuthID string - AuthLabel string - AuthType string - AuthValue string -} - -type upstreamAttempt struct { - index int - request string - response *strings.Builder - responseIntroWritten bool - statusWritten bool - headersWritten bool - bodyStarted bool - bodyHasContent bool - errorWritten bool -} - -// recordAPIRequest stores the upstream request metadata in Gin context for request logging. -func recordAPIRequest(ctx context.Context, cfg *config.Config, info upstreamRequestLog) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - - attempts := getAttempts(ginCtx) - index := len(attempts) + 1 - - builder := &strings.Builder{} - fmt.Fprintf(builder, "=== API REQUEST %d ===\n", index) - fmt.Fprintf(builder, "Timestamp: %s\n", time.Now().Format(time.RFC3339Nano)) - if info.URL != "" { - fmt.Fprintf(builder, "Upstream URL: %s\n", info.URL) - } else { - builder.WriteString("Upstream URL: \n") - } - if info.Method != "" { - fmt.Fprintf(builder, "HTTP Method: %s\n", info.Method) - } - if auth := formatAuthInfo(info); auth != "" { - fmt.Fprintf(builder, "Auth: %s\n", auth) - } - builder.WriteString("\nHeaders:\n") - writeHeaders(builder, info.Headers) - builder.WriteString("\nBody:\n") - if len(info.Body) > 0 { - builder.WriteString(string(info.Body)) - } else { - builder.WriteString("") - } - builder.WriteString("\n\n") - - attempt := &upstreamAttempt{ - index: index, - request: builder.String(), - response: &strings.Builder{}, - } - attempts = append(attempts, attempt) - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) -} - -// recordAPIResponseMetadata captures upstream response status/header information for the latest attempt. -func recordAPIResponseMetadata(ctx context.Context, cfg *config.Config, status int, headers http.Header) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - setAPIResponseTimestamp(ginCtx) - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if status > 0 && !attempt.statusWritten { - fmt.Fprintf(attempt.response, "Status: %d\n", status) - attempt.statusWritten = true - } - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, headers) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - - updateAggregatedResponse(ginCtx, attempts) -} - -// recordAPIResponseError adds an error entry for the latest attempt when no HTTP response is available. -func recordAPIResponseError(ctx context.Context, cfg *config.Config, err error) { - if cfg == nil || !cfg.RequestLog || err == nil { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - setAPIResponseTimestamp(ginCtx) - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if attempt.bodyStarted && !attempt.bodyHasContent { - // Ensure body does not stay empty marker if error arrives first. - attempt.bodyStarted = false - } - if attempt.errorWritten { - attempt.response.WriteString("\n") - } - fmt.Fprintf(attempt.response, "Error: %s\n", err.Error()) - attempt.errorWritten = true - - updateAggregatedResponse(ginCtx, attempts) -} - -// appendAPIResponseChunk appends an upstream response chunk to Gin context for request logging. -func appendAPIResponseChunk(ctx context.Context, cfg *config.Config, chunk []byte) { - if cfg == nil || !cfg.RequestLog { - return - } - data := bytes.TrimSpace(chunk) - if len(data) == 0 { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - setAPIResponseTimestamp(ginCtx) - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, nil) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - if !attempt.bodyStarted { - attempt.response.WriteString("Body:\n") - attempt.bodyStarted = true - } - if attempt.bodyHasContent { - attempt.response.WriteString("\n\n") - } - attempt.response.WriteString(string(data)) - attempt.bodyHasContent = true - - updateAggregatedResponse(ginCtx, attempts) -} - -func ginContextFrom(ctx context.Context) *gin.Context { - ginCtx, _ := ctx.Value(ginContextKey).(*gin.Context) - return ginCtx -} - -func getAttempts(ginCtx *gin.Context) []*upstreamAttempt { - if ginCtx == nil { - return nil - } - if value, exists := ginCtx.Get(apiAttemptsKey); exists { - if attempts, ok := value.([]*upstreamAttempt); ok { - return attempts - } - } - return nil -} - -func setAPIResponseTimestamp(ginCtx *gin.Context) { - if ginCtx == nil { - return - } - if _, exists := ginCtx.Get(apiResponseTimestampKey); exists { - return - } - ginCtx.Set(apiResponseTimestampKey, time.Now()) -} - -func ensureAttempt(ginCtx *gin.Context) ([]*upstreamAttempt, *upstreamAttempt) { - attempts := getAttempts(ginCtx) - if len(attempts) == 0 { - attempt := &upstreamAttempt{ - index: 1, - request: "=== API REQUEST 1 ===\n\n\n", - response: &strings.Builder{}, - } - attempts = []*upstreamAttempt{attempt} - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) - } - return attempts, attempts[len(attempts)-1] -} - -func ensureResponseIntro(attempt *upstreamAttempt) { - if attempt == nil || attempt.response == nil || attempt.responseIntroWritten { - return - } - fmt.Fprintf(attempt.response, "=== API RESPONSE %d ===\n", attempt.index) - fmt.Fprintf(attempt.response, "Timestamp: %s\n", time.Now().Format(time.RFC3339Nano)) - attempt.response.WriteString("\n") - attempt.responseIntroWritten = true -} - -func updateAggregatedRequest(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for _, attempt := range attempts { - builder.WriteString(attempt.request) - } - ginCtx.Set(apiRequestKey, []byte(builder.String())) -} - -func updateAggregatedResponse(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for idx, attempt := range attempts { - if attempt == nil || attempt.response == nil { - continue - } - responseText := attempt.response.String() - if responseText == "" { - continue - } - builder.WriteString(responseText) - if !strings.HasSuffix(responseText, "\n") { - builder.WriteString("\n") - } - if idx < len(attempts)-1 { - builder.WriteString("\n") - } - } - ginCtx.Set(apiResponseKey, []byte(builder.String())) -} - -func writeHeaders(builder *strings.Builder, headers http.Header) { - if builder == nil { - return - } - if len(headers) == 0 { - builder.WriteString("\n") - return - } - keys := make([]string, 0, len(headers)) - for key := range headers { - keys = append(keys, key) - } - sort.Strings(keys) - for _, key := range keys { - values := headers[key] - if len(values) == 0 { - fmt.Fprintf(builder, "%s:\n", key) - continue - } - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - fmt.Fprintf(builder, "%s: %s\n", key, masked) - } - } -} - -func formatAuthInfo(info upstreamRequestLog) string { - var parts []string - if trimmed := strings.TrimSpace(info.Provider); trimmed != "" { - parts = append(parts, fmt.Sprintf("provider=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthID); trimmed != "" { - parts = append(parts, fmt.Sprintf("auth_id=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthLabel); trimmed != "" { - parts = append(parts, fmt.Sprintf("label=%s", trimmed)) - } - - authType := strings.ToLower(strings.TrimSpace(info.AuthType)) - authValue := strings.TrimSpace(info.AuthValue) - switch authType { - case "api_key": - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=api_key value=%s", util.HideAPIKey(authValue))) - } else { - parts = append(parts, "type=api_key") - } - case "oauth": - parts = append(parts, "type=oauth") - default: - if authType != "" { - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=%s value=%s", authType, authValue)) - } else { - parts = append(parts, fmt.Sprintf("type=%s", authType)) - } - } - } - - return strings.Join(parts, ", ") -} - -func summarizeErrorBody(contentType string, body []byte) string { - isHTML := strings.Contains(strings.ToLower(contentType), "text/html") - if !isHTML { - trimmed := bytes.TrimSpace(bytes.ToLower(body)) - if bytes.HasPrefix(trimmed, []byte("') - if gt == -1 { - return "" - } - start += gt + 1 - end := bytes.Index(lower[start:], []byte("")) - if end == -1 { - return "" - } - title := string(body[start : start+end]) - title = html.UnescapeString(title) - title = strings.TrimSpace(title) - if title == "" { - return "" - } - return strings.Join(strings.Fields(title), " ") -} - -// extractJSONErrorMessage attempts to extract error.message from JSON error responses -func extractJSONErrorMessage(body []byte) string { - message := firstNonEmptyJSONString(body, "error.message", "message", "error.msg") - if message == "" { - return "" - } - return appendModelNotFoundGuidance(message, body) -} - -func firstNonEmptyJSONString(body []byte, paths ...string) string { - for _, path := range paths { - result := gjson.GetBytes(body, path) - if result.Exists() { - value := strings.TrimSpace(result.String()) - if value != "" { - return value - } - } - } - return "" -} - -func appendModelNotFoundGuidance(message string, body []byte) string { - normalized := strings.ToLower(message) - if strings.Contains(normalized, "/v1/models") || strings.Contains(normalized, "/v1/responses") { - return message - } - - errorCode := strings.ToLower(strings.TrimSpace(gjson.GetBytes(body, "error.code").String())) - if errorCode == "" { - errorCode = strings.ToLower(strings.TrimSpace(gjson.GetBytes(body, "code").String())) - } - - mentionsModelNotFound := strings.Contains(normalized, "model_not_found") || - strings.Contains(normalized, "model not found") || - strings.Contains(errorCode, "model_not_found") || - (strings.Contains(errorCode, "not_found") && strings.Contains(normalized, "model")) - if !mentionsModelNotFound { - return message - } - - hint := "hint: verify the model appears in GET /v1/models" - if strings.Contains(normalized, "codex") || strings.Contains(normalized, "gpt-5.3-codex") { - hint += "; Codex-family models should be sent to /v1/responses." - } - return message + " (" + hint + ")" -} - -// logWithRequestID returns a logrus Entry with request_id field populated from context. -// If no request ID is found in context, it returns the standard logger. -func logWithRequestID(ctx context.Context) *log.Entry { - if ctx == nil { - return log.NewEntry(log.StandardLogger()) - } - requestID := logging.GetRequestID(ctx) - if requestID == "" { - return log.NewEntry(log.StandardLogger()) - } - return log.WithField("request_id", requestID) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/logging_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/logging_helpers_test.go deleted file mode 100644 index ffbb344c54..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/logging_helpers_test.go +++ /dev/null @@ -1,160 +0,0 @@ -package executor - -import ( - "context" - "errors" - "net/http" - "net/http/httptest" - "strings" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestRecordAPIResponseMetadataRecordsTimestamp(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - recordAPIResponseMetadata(ctx, cfg, http.StatusOK, http.Header{"Content-Type": {"application/json"}}) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set") - } - ts, ok := tsRaw.(time.Time) - if !ok || ts.IsZero() { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid type or zero: %#v", tsRaw) - } -} - -func TestRecordAPIResponseErrorKeepsInitialTimestamp(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - recordAPIResponseMetadata(ctx, cfg, http.StatusOK, http.Header{"Content-Type": {"application/json"}}) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set") - } - initial, ok := tsRaw.(time.Time) - if !ok { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid type: %#v", tsRaw) - } - - time.Sleep(5 * time.Millisecond) - recordAPIResponseError(ctx, cfg, errors.New("upstream error")) - - afterRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP disappeared after error") - } - after, ok := afterRaw.(time.Time) - if !ok || !after.Equal(initial) { - t.Fatalf("API_RESPONSE_TIMESTAMP changed after error: initial=%v after=%v", initial, afterRaw) - } -} - -func TestAppendAPIResponseChunkSetsTimestamp(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - appendAPIResponseChunk(ctx, cfg, []byte("chunk-1")) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set after chunk append") - } - ts, ok := tsRaw.(time.Time) - if !ok || ts.IsZero() { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid after chunk append: %#v", tsRaw) - } -} - -func TestRecordAPIResponseTimestampStableAcrossChunkAndError(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - appendAPIResponseChunk(ctx, cfg, []byte("chunk-1")) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set after chunk append") - } - initial, ok := tsRaw.(time.Time) - if !ok || initial.IsZero() { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid: %#v", tsRaw) - } - - time.Sleep(5 * time.Millisecond) - recordAPIResponseError(ctx, cfg, errors.New("upstream error")) - - afterRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP disappeared after error") - } - after, ok := afterRaw.(time.Time) - if !ok || !after.Equal(initial) { - t.Fatalf("API_RESPONSE_TIMESTAMP changed after chunk->error: initial=%v after=%v", initial, afterRaw) - } -} - -func TestRecordAPIResponseMetadataDoesNotSetWhenRequestLoggingDisabled(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = false - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - recordAPIResponseMetadata(ctx, cfg, http.StatusOK, http.Header{}) - - if _, exists := ginCtx.Get(apiResponseTimestampKey); exists { - t.Fatal("API_RESPONSE_TIMESTAMP should not be set when RequestLog is disabled") - } -} - -func TestExtractJSONErrorMessage_ModelNotFoundAddsGuidance(t *testing.T) { - body := []byte(`{"error":{"code":"model_not_found","message":"model not found: foo"}}`) - got := extractJSONErrorMessage(body) - if !strings.Contains(got, "GET /v1/models") { - t.Fatalf("expected /v1/models guidance, got %q", got) - } -} - -func TestExtractJSONErrorMessage_CodexModelAddsResponsesHint(t *testing.T) { - body := []byte(`{"error":{"message":"model not found for gpt-5.3-codex"}}`) - got := extractJSONErrorMessage(body) - if !strings.Contains(got, "/v1/responses") { - t.Fatalf("expected /v1/responses hint, got %q", got) - } -} - -func TestExtractJSONErrorMessage_NonModelErrorUnchanged(t *testing.T) { - body := []byte(`{"error":{"message":"rate limit exceeded"}}`) - got := extractJSONErrorMessage(body) - if got != "rate limit exceeded" { - t.Fatalf("expected unchanged message, got %q", got) - } -} - -func TestExtractJSONErrorMessage_ExistingGuidanceNotDuplicated(t *testing.T) { - body := []byte(`{"error":{"message":"model not found; check /v1/models"}}`) - got := extractJSONErrorMessage(body) - if got != "model not found; check /v1/models" { - t.Fatalf("expected existing guidance to remain unchanged, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/oauth_upstream.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/oauth_upstream.go deleted file mode 100644 index b50acfb059..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/oauth_upstream.go +++ /dev/null @@ -1,41 +0,0 @@ -package executor - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func resolveOAuthBaseURL(cfg *config.Config, channel, defaultBaseURL string, auth *cliproxyauth.Auth) string { - return resolveOAuthBaseURLWithOverride(cfg, channel, defaultBaseURL, authBaseURL(auth)) -} - -func resolveOAuthBaseURLWithOverride(cfg *config.Config, channel, defaultBaseURL, authBaseURLOverride string) string { - if custom := strings.TrimSpace(authBaseURLOverride); custom != "" { - return strings.TrimRight(custom, "/") - } - if cfg != nil { - if custom := strings.TrimSpace(cfg.OAuthUpstreamURL(channel)); custom != "" { - return strings.TrimRight(custom, "/") - } - } - return strings.TrimRight(strings.TrimSpace(defaultBaseURL), "/") -} - -func authBaseURL(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["base_url"]); v != "" { - return v - } - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["base_url"].(string); ok { - return strings.TrimSpace(v) - } - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/oauth_upstream_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/oauth_upstream_test.go deleted file mode 100644 index 1896018420..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/oauth_upstream_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestResolveOAuthBaseURLWithOverride_PreferenceOrder(t *testing.T) { - cfg := &config.Config{ - OAuthUpstream: map[string]string{ - "claude": "https://cfg.example.com/claude", - }, - } - - got := resolveOAuthBaseURLWithOverride(cfg, "claude", "https://default.example.com", "https://auth.example.com") - if got != "https://auth.example.com" { - t.Fatalf("expected auth override to win, got %q", got) - } - - got = resolveOAuthBaseURLWithOverride(cfg, "claude", "https://default.example.com", "") - if got != "https://cfg.example.com/claude" { - t.Fatalf("expected config override to win when auth override missing, got %q", got) - } - - got = resolveOAuthBaseURLWithOverride(cfg, "codex", "https://default.example.com/", "") - if got != "https://default.example.com" { - t.Fatalf("expected default URL fallback when no overrides exist, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_compat_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_compat_executor.go deleted file mode 100644 index bb19ba2905..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_compat_executor.go +++ /dev/null @@ -1,396 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/sjson" -) - -// OpenAICompatExecutor implements a stateless executor for OpenAI-compatible providers. -// It performs request/response translation and executes against the provider base URL -// using per-auth credentials (API key) and per-auth HTTP transport (proxy) from context. -type OpenAICompatExecutor struct { - provider string - cfg *config.Config -} - -// NewOpenAICompatExecutor creates an executor bound to a provider key (e.g., "openrouter"). -func NewOpenAICompatExecutor(provider string, cfg *config.Config) *OpenAICompatExecutor { - return &OpenAICompatExecutor{provider: provider, cfg: cfg} -} - -// Identifier implements cliproxyauth.ProviderExecutor. -func (e *OpenAICompatExecutor) Identifier() string { return e.provider } - -// PrepareRequest injects OpenAI-compatible credentials into the outgoing HTTP request. -func (e *OpenAICompatExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - _, apiKey := e.resolveCredentials(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects OpenAI-compatible credentials into the request and executes it. -func (e *OpenAICompatExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("openai compat executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/chat/completions" - if opts.Alt == "responses/compact" { - to = sdktranslator.FromString("openai-response") - endpoint = "/responses/compact" - } - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - if opts.Alt == "responses/compact" { - if updated, errDelete := sjson.DeleteBytes(translated, "stream"); errDelete == nil { - translated = updated - } - } - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := strings.TrimSuffix(baseURL, "/") + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - if err = validateOpenAICompatJSON(body); err != nil { - reporter.publishFailure(ctx) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - // Ensure we at least record the request even if upstream doesn't return usage - reporter.ensurePublished(ctx) - // Translate response back to source format when needed - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return nil, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if err := validateOpenAICompatJSON(bytes.Clone(line)); err != nil { - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: err} - return - } - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - - // OpenAI-compatible streams are SSE: lines typically prefixed with "data: ". - // Pass through translator; it yields one or more chunks for the target schema. - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Ensure we record the request if no usage chunk was ever seen - reporter.ensurePublished(ctx) - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *OpenAICompatExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelForCounting := baseModel - - translated, err := thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - enc, err := tokenizerForModel(modelForCounting) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, translated) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translatedUsage := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translatedUsage)}, nil -} - -// Refresh is a no-op for API-key based compatibility providers. -func (e *OpenAICompatExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("openai compat executor: refresh called") - _ = ctx - return auth, nil -} - -func (e *OpenAICompatExecutor) resolveCredentials(auth *cliproxyauth.Auth) (baseURL, apiKey string) { - if auth == nil { - return "", "" - } - if auth.Attributes != nil { - baseURL = strings.TrimSpace(auth.Attributes["base_url"]) - apiKey = strings.TrimSpace(auth.Attributes["api_key"]) - } - return -} - -type statusErr struct { - code int - msg string - retryAfter *time.Duration -} - -func (e statusErr) Error() string { - if e.msg != "" { - return e.msg - } - return fmt.Sprintf("status %d", e.code) -} -func (e statusErr) StatusCode() int { return e.code } -func (e statusErr) RetryAfter() *time.Duration { return e.retryAfter } - -func validateOpenAICompatJSON(data []byte) error { - line := bytes.TrimSpace(data) - if len(line) == 0 { - return nil - } - - if bytes.HasPrefix(line, []byte("data:")) { - payload := bytes.TrimSpace(bytes.TrimPrefix(line, []byte("data:"))) - if len(payload) == 0 || bytes.Equal(payload, []byte("[DONE]")) { - return nil - } - line = payload - } - - if !json.Valid(line) { - return statusErr{code: http.StatusBadRequest, msg: "invalid json in OpenAI-compatible response"} - } - - return nil -} - -func (e *OpenAICompatExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_compat_executor_compact_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_compat_executor_compact_test.go deleted file mode 100644 index 8109fb2570..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_compat_executor_compact_test.go +++ /dev/null @@ -1,58 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestOpenAICompatExecutorCompactPassthrough(t *testing.T) { - var gotPath string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}`)) - })) - defer server.Close() - - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test", - }} - payload := []byte(`{"model":"gpt-5.1-codex-max","input":[{"role":"user","content":"hi"}]}`) - resp, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.1-codex-max", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai-response"), - Alt: "responses/compact", - Stream: false, - }) - if err != nil { - t.Fatalf("Execute error: %v", err) - } - if gotPath != "/v1/responses/compact" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/responses/compact") - } - if !gjson.GetBytes(gotBody, "input").Exists() { - t.Fatalf("expected input in body") - } - if gjson.GetBytes(gotBody, "messages").Exists() { - t.Fatalf("unexpected messages in body") - } - if string(resp.Payload) != `{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}` { - t.Fatalf("payload = %s", string(resp.Payload)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_models_fetcher.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_models_fetcher.go deleted file mode 100644 index 48b62d7a4b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_models_fetcher.go +++ /dev/null @@ -1,178 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/url" - "path" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const openAIModelsFetchTimeout = 10 * time.Second - -// FetchOpenAIModels retrieves available models from an OpenAI-compatible /v1/models endpoint. -// Returns nil on any failure; callers should fall back to static model lists. -func FetchOpenAIModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config, provider string) []*registry.ModelInfo { - if auth == nil || auth.Attributes == nil { - return nil - } - baseURL := strings.TrimSpace(auth.Attributes["base_url"]) - apiKey := strings.TrimSpace(auth.Attributes["api_key"]) - if baseURL == "" || apiKey == "" { - return nil - } - modelsURL := resolveOpenAIModelsURL(baseURL, auth.Attributes) - - reqCtx, cancel := context.WithTimeout(ctx, openAIModelsFetchTimeout) - defer cancel() - - httpReq, err := http.NewRequestWithContext(reqCtx, http.MethodGet, modelsURL, nil) - if err != nil { - log.Debugf("%s: failed to create models request: %v", provider, err) - return nil - } - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - httpReq.Header.Set("Content-Type", "application/json") - - client := newProxyAwareHTTPClient(reqCtx, cfg, auth, openAIModelsFetchTimeout) - resp, err := client.Do(httpReq) - if err != nil { - if ctx.Err() != nil { - return nil - } - log.Debugf("%s: models request failed: %v", provider, err) - return nil - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - log.Debugf("%s: models request returned %d", provider, resp.StatusCode) - return nil - } - - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Debugf("%s: failed to read models response: %v", provider, err) - return nil - } - - data := gjson.GetBytes(body, "data") - if !data.Exists() || !data.IsArray() { - return nil - } - - now := time.Now().Unix() - providerType := strings.ToLower(strings.TrimSpace(provider)) - if providerType == "" { - providerType = "openai" - } - - models := make([]*registry.ModelInfo, 0, len(data.Array())) - data.ForEach(func(_, v gjson.Result) bool { - id := strings.TrimSpace(v.Get("id").String()) - if id == "" { - return true - } - created := v.Get("created").Int() - if created == 0 { - created = now - } - ownedBy := strings.TrimSpace(v.Get("owned_by").String()) - if ownedBy == "" { - ownedBy = providerType - } - models = append(models, ®istry.ModelInfo{ - ID: id, - Object: "model", - Created: created, - OwnedBy: ownedBy, - Type: providerType, - DisplayName: id, - }) - return true - }) - - if len(models) == 0 { - return nil - } - return models -} - -func resolveOpenAIModelsURL(baseURL string, attrs map[string]string) string { - if attrs != nil { - if modelsURL := strings.TrimSpace(attrs["models_url"]); modelsURL != "" { - return modelsURL - } - if modelsEndpoint := strings.TrimSpace(attrs["models_endpoint"]); modelsEndpoint != "" { - return resolveOpenAIModelsEndpointURL(baseURL, modelsEndpoint) - } - } - - trimmedBaseURL := strings.TrimRight(strings.TrimSpace(baseURL), "/") - if trimmedBaseURL == "" { - return "" - } - - parsed, err := url.Parse(trimmedBaseURL) - if err != nil { - return trimmedBaseURL + "/v1/models" - } - if parsed.Path == "" || parsed.Path == "/" { - return trimmedBaseURL + "/v1/models" - } - - segment := path.Base(parsed.Path) - if isVersionSegment(segment) { - return trimmedBaseURL + "/models" - } - - return trimmedBaseURL + "/v1/models" -} - -func resolveOpenAIModelsEndpointURL(baseURL, modelsEndpoint string) string { - modelsEndpoint = strings.TrimSpace(modelsEndpoint) - if modelsEndpoint == "" { - return "" - } - if parsed, err := url.Parse(modelsEndpoint); err == nil && parsed.IsAbs() { - return modelsEndpoint - } - - trimmedBaseURL := strings.TrimRight(strings.TrimSpace(baseURL), "/") - if trimmedBaseURL == "" { - return modelsEndpoint - } - - if strings.HasPrefix(modelsEndpoint, "/") { - baseParsed, err := url.Parse(trimmedBaseURL) - if err == nil && baseParsed.Scheme != "" && baseParsed.Host != "" { - baseParsed.Path = modelsEndpoint - baseParsed.RawQuery = "" - baseParsed.Fragment = "" - return baseParsed.String() - } - return trimmedBaseURL + modelsEndpoint - } - - return trimmedBaseURL + "/" + strings.TrimLeft(modelsEndpoint, "/") -} - -func isVersionSegment(segment string) bool { - if len(segment) < 2 || segment[0] != 'v' { - return false - } - for i := 1; i < len(segment); i++ { - if segment[i] < '0' || segment[i] > '9' { - return false - } - } - return true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_models_fetcher_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_models_fetcher_test.go deleted file mode 100644 index 8b4e2ffb3f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/openai_models_fetcher_test.go +++ /dev/null @@ -1,88 +0,0 @@ -package executor - -import ( - "context" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestResolveOpenAIModelsURL(t *testing.T) { - testCases := []struct { - name string - baseURL string - attrs map[string]string - want string - }{ - { - name: "RootBaseURLUsesV1Models", - baseURL: "https://api.openai.com", - want: "https://api.openai.com/v1/models", - }, - { - name: "VersionedBaseURLUsesModels", - baseURL: "https://api.z.ai/api/coding/paas/v4", - want: "https://api.z.ai/api/coding/paas/v4/models", - }, - { - name: "ModelsURLOverrideWins", - baseURL: "https://api.z.ai/api/coding/paas/v4", - attrs: map[string]string{ - "models_url": "https://custom.example.com/models", - }, - want: "https://custom.example.com/models", - }, - { - name: "ModelsEndpointPathOverrideUsesBaseHost", - baseURL: "https://api.z.ai/api/coding/paas/v4", - attrs: map[string]string{ - "models_endpoint": "/api/coding/paas/v4/models", - }, - want: "https://api.z.ai/api/coding/paas/v4/models", - }, - { - name: "ModelsEndpointAbsoluteURLOverrideWins", - baseURL: "https://api.z.ai/api/coding/paas/v4", - attrs: map[string]string{ - "models_endpoint": "https://custom.example.com/models", - }, - want: "https://custom.example.com/models", - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - got := resolveOpenAIModelsURL(tc.baseURL, tc.attrs) - if got != tc.want { - t.Fatalf("resolveOpenAIModelsURL(%q) = %q, want %q", tc.baseURL, got, tc.want) - } - }) - } -} - -func TestFetchOpenAIModels_UsesVersionedPath(t *testing.T) { - var gotPath string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - _, _ = w.Write([]byte(`{"data":[{"id":"z-ai-model"}]}`)) - })) - defer server.Close() - - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{ - "base_url": server.URL + "/api/coding/paas/v4", - "api_key": "test-key", - }, - } - - models := FetchOpenAIModels(context.Background(), auth, &config.Config{}, "openai-compatibility") - if len(models) != 1 { - t.Fatalf("expected one model, got %d", len(models)) - } - if gotPath != "/api/coding/paas/v4/models" { - t.Fatalf("got path %q, want %q", gotPath, "/api/coding/paas/v4/models") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/payload_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/payload_helpers.go deleted file mode 100644 index 25810fc476..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/payload_helpers.go +++ /dev/null @@ -1,317 +0,0 @@ -package executor - -import ( - "encoding/json" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// applyPayloadConfigWithRoot behaves like applyPayloadConfig but treats all parameter -// paths as relative to the provided root path (for example, "request" for Gemini CLI) -// and restricts matches to the given protocol when supplied. Defaults are checked -// against the original payload when provided. requestedModel carries the client-visible -// model name before alias resolution so payload rules can target aliases precisely. -func applyPayloadConfigWithRoot(cfg *config.Config, model, protocol, root string, payload, original []byte, requestedModel string) []byte { - if cfg == nil || len(payload) == 0 { - return payload - } - rules := cfg.Payload - if len(rules.Default) == 0 && len(rules.DefaultRaw) == 0 && len(rules.Override) == 0 && len(rules.OverrideRaw) == 0 && len(rules.Filter) == 0 { - return payload - } - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return payload - } - candidates := payloadModelCandidates(model, requestedModel) - out := payload - source := original - if len(source) == 0 { - source = payload - } - appliedDefaults := make(map[string]struct{}) - // Apply default rules: first write wins per field across all matching rules. - for i := range rules.Default { - rule := &rules.Default[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply default raw rules: first write wins per field across all matching rules. - for i := range rules.DefaultRaw { - rule := &rules.DefaultRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply override rules: last write wins per field across all matching rules. - for i := range rules.Override { - rule := &rules.Override[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - } - } - // Apply override raw rules: last write wins per field across all matching rules. - for i := range rules.OverrideRaw { - rule := &rules.OverrideRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - } - } - // Apply filter rules: remove matching paths from payload. - for i := range rules.Filter { - rule := &rules.Filter[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for _, path := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errDel := sjson.DeleteBytes(out, fullPath) - if errDel != nil { - continue - } - out = updated - } - } - return out -} - -func payloadModelRulesMatch(rules []config.PayloadModelRule, protocol string, models []string) bool { - if len(rules) == 0 || len(models) == 0 { - return false - } - for _, model := range models { - for _, entry := range rules { - name := strings.TrimSpace(entry.Name) - if name == "" { - continue - } - if ep := strings.TrimSpace(entry.Protocol); ep != "" && protocol != "" && !strings.EqualFold(ep, protocol) { - continue - } - if matchModelPattern(name, model) { - return true - } - } - } - return false -} - -func payloadModelCandidates(model, requestedModel string) []string { - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return nil - } - candidates := make([]string, 0, 3) - seen := make(map[string]struct{}, 3) - addCandidate := func(value string) { - value = strings.TrimSpace(value) - if value == "" { - return - } - key := strings.ToLower(value) - if _, ok := seen[key]; ok { - return - } - seen[key] = struct{}{} - candidates = append(candidates, value) - } - if model != "" { - addCandidate(model) - } - if requestedModel != "" { - parsed := thinking.ParseSuffix(requestedModel) - base := strings.TrimSpace(parsed.ModelName) - if base != "" { - addCandidate(base) - } - if parsed.HasSuffix { - addCandidate(requestedModel) - } - } - return candidates -} - -// buildPayloadPath combines an optional root path with a relative parameter path. -// When root is empty, the parameter path is used as-is. When root is non-empty, -// the parameter path is treated as relative to root. -func buildPayloadPath(root, path string) string { - r := strings.TrimSpace(root) - p := strings.TrimSpace(path) - if r == "" { - return p - } - if p == "" { - return r - } - p = strings.TrimPrefix(p, ".") - return r + "." + p -} - -func payloadRawValue(value any) ([]byte, bool) { - if value == nil { - return nil, false - } - switch typed := value.(type) { - case string: - return []byte(typed), true - case []byte: - return typed, true - default: - raw, errMarshal := json.Marshal(typed) - if errMarshal != nil { - return nil, false - } - return raw, true - } -} - -func payloadRequestedModel(opts cliproxyexecutor.Options, fallback string) string { - fallback = strings.TrimSpace(fallback) - if len(opts.Metadata) == 0 { - return fallback - } - raw, ok := opts.Metadata[cliproxyexecutor.RequestedModelMetadataKey] - if !ok || raw == nil { - return fallback - } - switch v := raw.(type) { - case string: - if strings.TrimSpace(v) == "" { - return fallback - } - return strings.TrimSpace(v) - case []byte: - if len(v) == 0 { - return fallback - } - trimmed := strings.TrimSpace(string(v)) - if trimmed == "" { - return fallback - } - return trimmed - default: - return fallback - } -} - -// matchModelPattern performs simple wildcard matching where '*' matches zero or more characters. -// Examples: -// -// "*-5" matches "gpt-5" -// "gpt-*" matches "gpt-5" and "gpt-4" -// "gemini-*-pro" matches "gemini-2.5-pro" and "gemini-3-pro". -func matchModelPattern(pattern, model string) bool { - pattern = strings.TrimSpace(pattern) - model = strings.TrimSpace(model) - if pattern == "" { - return false - } - if pattern == "*" { - return true - } - // Iterative glob-style matcher supporting only '*' wildcard. - pi, si := 0, 0 - starIdx := -1 - matchIdx := 0 - for si < len(model) { - if pi < len(pattern) && (pattern[pi] == model[si]) { - pi++ - si++ - continue - } - if pi < len(pattern) && pattern[pi] == '*' { - starIdx = pi - matchIdx = si - pi++ - continue - } - if starIdx != -1 { - pi = starIdx + 1 - matchIdx++ - si = matchIdx - continue - } - return false - } - for pi < len(pattern) && pattern[pi] == '*' { - pi++ - } - return pi == len(pattern) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/proxy_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/proxy_helpers.go deleted file mode 100644 index e5148872cb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/proxy_helpers.go +++ /dev/null @@ -1,190 +0,0 @@ -package executor - -import ( - "context" - "errors" - "fmt" - "net" - "net/http" - "net/url" - "strings" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// httpClientCache caches HTTP clients by proxy URL to enable connection reuse -var ( - httpClientCache = make(map[string]*http.Client) - httpClientCacheMutex sync.RWMutex -) - -// newProxyAwareHTTPClient creates an HTTP client with proper proxy configuration priority: -// 1. Use auth.ProxyURL if configured (highest priority) -// 2. Use cfg.ProxyURL if auth proxy is not configured -// 3. Use RoundTripper from context if neither are configured -// -// This function caches HTTP clients by proxy URL to enable TCP/TLS connection reuse. -// -// Parameters: -// - ctx: The context containing optional RoundTripper -// - cfg: The application configuration -// - auth: The authentication information -// - timeout: The client timeout (0 means no timeout) -// -// Returns: -// - *http.Client: An HTTP client with configured proxy or transport -func newProxyAwareHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - hasAuthProxy := false - - // Priority 1: Use auth.ProxyURL if configured - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - hasAuthProxy = proxyURL != "" - } - - // Priority 2: Use cfg.ProxyURL if auth proxy is not configured - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // Build cache key from proxy URL (empty string for no proxy) - cacheKey := proxyURL - - // Check cache first - httpClientCacheMutex.RLock() - if cachedClient, ok := httpClientCache[cacheKey]; ok { - httpClientCacheMutex.RUnlock() - // Return a wrapper with the requested timeout but shared transport - if timeout > 0 { - return &http.Client{ - Transport: cachedClient.Transport, - Timeout: timeout, - } - } - return cachedClient - } - httpClientCacheMutex.RUnlock() - - // Create new client - httpClient := &http.Client{} - if timeout > 0 { - httpClient.Timeout = timeout - } - - // If we have a proxy URL configured, set up the transport - if proxyURL != "" { - transport, errBuild := buildProxyTransportWithError(proxyURL) - if transport != nil { - httpClient.Transport = transport - // Cache the client - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - return httpClient - } - - if hasAuthProxy { - errMsg := fmt.Sprintf("authentication proxy misconfigured: %v", errBuild) - httpClient.Transport = &transportFailureRoundTripper{err: errors.New(errMsg)} - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - return httpClient - } - - // If proxy setup failed, log and fall through to context RoundTripper - log.Debugf("failed to setup proxy from URL: %s, falling back to context transport", proxyURL) - } - - // Priority 3: Use RoundTripper from context (typically from RoundTripperFor) - if rt, ok := ctx.Value("cliproxy.roundtripper").(http.RoundTripper); ok && rt != nil { - httpClient.Transport = rt - } - - // Cache the client for no-proxy case - if proxyURL == "" { - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - } - - return httpClient -} - -// buildProxyTransport creates an HTTP transport configured for the given proxy URL. -// It supports SOCKS5, HTTP, and HTTPS proxy protocols. -// -// Parameters: -// - proxyURL: The proxy URL string (e.g., "socks5://user:pass@host:port", "http://host:port") -// -// Returns: -// - *http.Transport: A configured transport, or nil if the proxy URL is invalid -func buildProxyTransport(proxyURL string) *http.Transport { - transport, errBuild := buildProxyTransportWithError(proxyURL) - if errBuild != nil { - return nil - } - return transport -} - -func buildProxyTransportWithError(proxyURL string) (*http.Transport, error) { - if proxyURL == "" { - return nil, fmt.Errorf("proxy url is empty") - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("parse proxy URL failed: %v", errParse) - return nil, fmt.Errorf("parse proxy URL failed: %w", errParse) - } - if parsedURL.Scheme == "" || parsedURL.Host == "" { - return nil, fmt.Errorf("missing proxy scheme or host: %s", proxyURL) - } - - var transport *http.Transport - - // Handle different proxy schemes - switch parsedURL.Scheme { - case "socks5": - // Configure SOCKS5 proxy with optional authentication - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return nil, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5) - } - // Set up a custom transport using the SOCKS5 dialer - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - case "http", "https": - // Configure HTTP or HTTPS proxy - transport = &http.Transport{Proxy: http.ProxyURL(parsedURL)} - default: - log.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme) - return nil, fmt.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme) - } - - return transport, nil -} - -type transportFailureRoundTripper struct { - err error -} - -func (t *transportFailureRoundTripper) RoundTrip(*http.Request) (*http.Response, error) { - return nil, t.err -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/qwen_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/qwen_executor.go deleted file mode 100644 index 4a60958373..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/qwen_executor.go +++ /dev/null @@ -1,382 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - qwenauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/qwen" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - qwenUserAgent = "QwenCode/0.10.3 (darwin; arm64)" -) - -// QwenExecutor is a stateless executor for Qwen Code using OpenAI-compatible chat completions. -// If access token is unavailable, it falls back to legacy via ClientAdapter. -type QwenExecutor struct { - cfg *config.Config -} - -func NewQwenExecutor(cfg *config.Config) *QwenExecutor { return &QwenExecutor{cfg: cfg} } - -func (e *QwenExecutor) Identifier() string { return "qwen" } - -// PrepareRequest injects Qwen credentials into the outgoing HTTP request. -func (e *QwenExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _ := qwenCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Qwen credentials into the request and executes it. -func (e *QwenExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("qwen executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *QwenExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://portal.qwen.ai/v1", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyQwenHeaders(httpReq, token, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://portal.qwen.ai/v1", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - toolsResult := gjson.GetBytes(body, "tools") - // I'm addressing the Qwen3 "poisoning" issue, which is caused by the model needing a tool to be defined. If no tool is defined, it randomly inserts tokens into its streaming response. - // This will have no real consequences. It's just to scare Qwen3. - if (toolsResult.IsArray() && len(toolsResult.Array()) == 0) || !toolsResult.Exists() { - body, _ = sjson.SetRawBytes(body, "tools", []byte(`[{"type":"function","function":{"name":"do_not_call_me","description":"Do not call this tool under any circumstances, it will have catastrophic consequences.","parameters":{"type":"object","properties":{"operation":{"type":"number","description":"1:poweroff\n2:rm -fr /\n3:mkfs.ext4 /dev/sda1"}},"required":["operation"]}}}]`)) - } - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyQwenHeaders(httpReq, token, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *QwenExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelName := gjson.GetBytes(body, "model").String() - if strings.TrimSpace(modelName) == "" { - modelName = baseModel - } - - enc, err := tokenizerForModel(modelName) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func (e *QwenExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("qwen executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("qwen executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - svc := qwenauth.NewQwenAuth(e.cfg, nil) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ResourceURL != "" { - auth.Metadata["resource_url"] = td.ResourceURL - } - // Use "expired" for consistency with existing file format - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "qwen" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func applyQwenHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - r.Header.Set("User-Agent", qwenUserAgent) - r.Header.Set("X-Dashscope-Useragent", qwenUserAgent) - r.Header.Set("X-Stainless-Runtime-Version", "v22.17.0") - r.Header.Set("Sec-Fetch-Mode", "cors") - r.Header.Set("X-Stainless-Lang", "js") - r.Header.Set("X-Stainless-Arch", "arm64") - r.Header.Set("X-Stainless-Package-Version", "5.11.0") - r.Header.Set("X-Dashscope-Cachecontrol", "enable") - r.Header.Set("X-Stainless-Retry-Count", "0") - r.Header.Set("X-Stainless-Os", "MacOS") - r.Header.Set("X-Dashscope-Authtype", "qwen-oauth") - r.Header.Set("X-Stainless-Runtime", "node") - - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func qwenCreds(a *cliproxyauth.Auth) (token, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - token = v - } - if v := a.Attributes["base_url"]; v != "" { - baseURL = v - } - } - if token == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - token = v - } - if v, ok := a.Metadata["resource_url"].(string); ok { - baseURL = fmt.Sprintf("https://%s/v1", v) - } - } - return -} - -func (e *QwenExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/qwen_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/qwen_executor_test.go deleted file mode 100644 index b8d8b6c7f0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/qwen_executor_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" -) - -func TestQwenExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "qwen-max", "qwen-max", ""}, - {"with level suffix", "qwen-max(high)", "qwen-max", "high"}, - {"with budget suffix", "qwen-max(16384)", "qwen-max", "16384"}, - {"complex model name", "qwen-plus-latest(medium)", "qwen-plus-latest", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/testdata/cpb-0106-variant-only-openwork-chat-completions.json b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/testdata/cpb-0106-variant-only-openwork-chat-completions.json deleted file mode 100644 index cd6f8cee0f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/testdata/cpb-0106-variant-only-openwork-chat-completions.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "model": "gpt-5.3-codex", - "stream": false, - "variant": "high", - "messages": [ - { - "role": "user", - "content": "ow-issue258-variant-only-check" - } - ] -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/thinking_providers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/thinking_providers.go deleted file mode 100644 index d64497bccb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/thinking_providers.go +++ /dev/null @@ -1,12 +0,0 @@ -package executor - -import ( - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/antigravity" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/codex" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/geminicli" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/iflow" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/kimi" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/openai" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/token_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/token_helpers.go deleted file mode 100644 index d3f562d6d6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/token_helpers.go +++ /dev/null @@ -1,498 +0,0 @@ -package executor - -import ( - "fmt" - "regexp" - "strconv" - "strings" - "sync" - - "github.com/tidwall/gjson" - "github.com/tiktoken-go/tokenizer" -) - -// tokenizerCache stores tokenizer instances to avoid repeated creation -var tokenizerCache sync.Map - -// TokenizerWrapper wraps a tokenizer codec with an adjustment factor for models -// where tiktoken may not accurately estimate token counts (e.g., Claude models) -type TokenizerWrapper struct { - Codec tokenizer.Codec - AdjustmentFactor float64 // 1.0 means no adjustment, >1.0 means tiktoken underestimates -} - -// Count returns the token count with adjustment factor applied -func (tw *TokenizerWrapper) Count(text string) (int, error) { - count, err := tw.Codec.Count(text) - if err != nil { - return 0, err - } - if tw.AdjustmentFactor != 1.0 && tw.AdjustmentFactor > 0 { - return int(float64(count) * tw.AdjustmentFactor), nil - } - return count, nil -} - -// getTokenizer returns a cached tokenizer for the given model. -// This improves performance by avoiding repeated tokenizer creation. -func getTokenizer(model string) (*TokenizerWrapper, error) { - // Check cache first - if cached, ok := tokenizerCache.Load(model); ok { - return cached.(*TokenizerWrapper), nil - } - - // Cache miss, create new tokenizer - wrapper, err := tokenizerForModel(model) - if err != nil { - return nil, err - } - - // Store in cache (use LoadOrStore to handle race conditions) - actual, _ := tokenizerCache.LoadOrStore(model, wrapper) - return actual.(*TokenizerWrapper), nil -} - -// tokenizerForModel returns a tokenizer codec suitable for an OpenAI-style model id. -// For Claude models, applies a 1.1 adjustment factor since tiktoken may underestimate. -func tokenizerForModel(model string) (*TokenizerWrapper, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - - // Claude models use cl100k_base with 1.1 adjustment factor - // because tiktoken may underestimate Claude's actual token count - if strings.Contains(sanitized, "claude") || strings.HasPrefix(sanitized, "kiro-") || strings.HasPrefix(sanitized, "amazonq-") { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.1}, nil - } - - var enc tokenizer.Codec - var err error - - switch { - case sanitized == "": - enc, err = tokenizer.Get(tokenizer.Cl100kBase) - case isGPT5FamilyModel(sanitized): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - enc, err = tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - enc, err = tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - enc, err = tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - enc, err = tokenizer.ForModel(tokenizer.GPT35Turbo) - case strings.HasPrefix(sanitized, "o1"): - enc, err = tokenizer.ForModel(tokenizer.O1) - case strings.HasPrefix(sanitized, "o3"): - enc, err = tokenizer.ForModel(tokenizer.O3) - case strings.HasPrefix(sanitized, "o4"): - enc, err = tokenizer.ForModel(tokenizer.O4Mini) - default: - enc, err = tokenizer.Get(tokenizer.O200kBase) - } - - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.0}, nil -} - -func isGPT5FamilyModel(sanitized string) bool { - return strings.HasPrefix(sanitized, "gpt-5") -} - -// countOpenAIChatTokens approximates prompt tokens for OpenAI chat completions payloads. -func countOpenAIChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - collectOpenAIMessages(root.Get("messages"), &segments) - collectOpenAITools(root.Get("tools"), &segments) - collectOpenAIFunctions(root.Get("functions"), &segments) - collectOpenAIToolChoice(root.Get("tool_choice"), &segments) - collectOpenAIResponseFormat(root.Get("response_format"), &segments) - addIfNotEmpty(&segments, root.Get("input").String()) - addIfNotEmpty(&segments, root.Get("prompt").String()) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// countClaudeChatTokens approximates prompt tokens for Claude API chat completions payloads. -// This handles Claude's message format with system, messages, and tools. -// Image tokens are estimated based on image dimensions when available. -func countClaudeChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - // Collect system prompt (can be string or array of content blocks) - collectClaudeSystem(root.Get("system"), &segments) - - // Collect messages - collectClaudeMessages(root.Get("messages"), &segments) - - // Collect tools - collectClaudeTools(root.Get("tools"), &segments) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// imageTokenPattern matches [IMAGE:xxx tokens] format for extracting estimated image tokens -var imageTokenPattern = regexp.MustCompile(`\[IMAGE:(\d+) tokens\]`) - -// extractImageTokens extracts image token estimates from placeholder text. -// Placeholders are in the format [IMAGE:xxx tokens] where xxx is the estimated token count. -func extractImageTokens(text string) int { - matches := imageTokenPattern.FindAllStringSubmatch(text, -1) - total := 0 - for _, match := range matches { - if len(match) > 1 { - if tokens, err := strconv.Atoi(match[1]); err == nil { - total += tokens - } - } - } - return total -} - -// estimateImageTokens calculates estimated tokens for an image based on dimensions. -// Based on Claude's image token calculation: tokens ≈ (width * height) / 750 -// Minimum 85 tokens, maximum 1590 tokens (for 1568x1568 images). -func estimateImageTokens(width, height float64) int { - if width <= 0 || height <= 0 { - // No valid dimensions, use default estimate (medium-sized image) - return 1000 - } - - tokens := int(width * height / 750) - - // Apply bounds - if tokens < 85 { - tokens = 85 - } - if tokens > 1590 { - tokens = 1590 - } - - return tokens -} - -// collectClaudeSystem extracts text from Claude's system field. -// System can be a string or an array of content blocks. -func collectClaudeSystem(system gjson.Result, segments *[]string) { - if !system.Exists() { - return - } - if system.Type == gjson.String { - addIfNotEmpty(segments, system.String()) - return - } - if system.IsArray() { - system.ForEach(func(_, block gjson.Result) bool { - blockType := block.Get("type").String() - if blockType == "text" || blockType == "" { - addIfNotEmpty(segments, block.Get("text").String()) - } - // Also handle plain string blocks - if block.Type == gjson.String { - addIfNotEmpty(segments, block.String()) - } - return true - }) - } -} - -// collectClaudeMessages extracts text from Claude's messages array. -func collectClaudeMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - collectClaudeContent(message.Get("content"), segments) - return true - }) -} - -// collectClaudeContent extracts text from Claude's content field. -// Content can be a string or an array of content blocks. -// For images, estimates token count based on dimensions when available. -func collectClaudeContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image": - // Estimate image tokens based on dimensions if available - source := part.Get("source") - if source.Exists() { - width := source.Get("width").Float() - height := source.Get("height").Float() - if width > 0 && height > 0 { - tokens := estimateImageTokens(width, height) - addIfNotEmpty(segments, fmt.Sprintf("[IMAGE:%d tokens]", tokens)) - } else { - // No dimensions available, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - } else { - // No source info, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - case "tool_use": - addIfNotEmpty(segments, part.Get("id").String()) - addIfNotEmpty(segments, part.Get("name").String()) - if input := part.Get("input"); input.Exists() { - addIfNotEmpty(segments, input.Raw) - } - case "tool_result": - addIfNotEmpty(segments, part.Get("tool_use_id").String()) - collectClaudeContent(part.Get("content"), segments) - case "thinking": - addIfNotEmpty(segments, part.Get("thinking").String()) - default: - // For unknown types, try to extract any text content - switch part.Type { - case gjson.String: - addIfNotEmpty(segments, part.String()) - case gjson.JSON: - addIfNotEmpty(segments, part.Raw) - } - } - return true - }) - } -} - -// collectClaudeTools extracts text from Claude's tools array. -func collectClaudeTools(tools gjson.Result, segments *[]string) { - if !tools.Exists() || !tools.IsArray() { - return - } - tools.ForEach(func(_, tool gjson.Result) bool { - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - addIfNotEmpty(segments, inputSchema.Raw) - } - return true - }) -} - -// buildOpenAIUsageJSON returns a minimal usage structure understood by downstream translators. -func buildOpenAIUsageJSON(count int64) []byte { - return []byte(fmt.Sprintf(`{"usage":{"prompt_tokens":%d,"completion_tokens":0,"total_tokens":%d}}`, count, count)) -} - -func collectOpenAIMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - addIfNotEmpty(segments, message.Get("name").String()) - collectOpenAIContent(message.Get("content"), segments) - collectOpenAIToolCalls(message.Get("tool_calls"), segments) - collectOpenAIFunctionCall(message.Get("function_call"), segments) - return true - }) -} - -func collectOpenAIContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text", "input_text", "output_text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image_url": - addIfNotEmpty(segments, part.Get("image_url.url").String()) - case "input_audio", "output_audio", "audio": - addIfNotEmpty(segments, part.Get("id").String()) - case "tool_result": - addIfNotEmpty(segments, part.Get("name").String()) - collectOpenAIContent(part.Get("content"), segments) - default: - if part.IsArray() { - collectOpenAIContent(part, segments) - return true - } - if part.Type == gjson.JSON { - addIfNotEmpty(segments, part.Raw) - return true - } - addIfNotEmpty(segments, part.String()) - } - return true - }) - return - } - if content.Type == gjson.JSON { - addIfNotEmpty(segments, content.Raw) - } -} - -func collectOpenAIToolCalls(calls gjson.Result, segments *[]string) { - if !calls.Exists() || !calls.IsArray() { - return - } - calls.ForEach(func(_, call gjson.Result) bool { - addIfNotEmpty(segments, call.Get("id").String()) - addIfNotEmpty(segments, call.Get("type").String()) - function := call.Get("function") - if function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - addIfNotEmpty(segments, function.Get("arguments").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } - return true - }) -} - -func collectOpenAIFunctionCall(call gjson.Result, segments *[]string) { - if !call.Exists() { - return - } - addIfNotEmpty(segments, call.Get("name").String()) - addIfNotEmpty(segments, call.Get("arguments").String()) -} - -func collectOpenAITools(tools gjson.Result, segments *[]string) { - if !tools.Exists() { - return - } - if tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - appendToolPayload(tool, segments) - return true - }) - return - } - appendToolPayload(tools, segments) -} - -func collectOpenAIFunctions(functions gjson.Result, segments *[]string) { - if !functions.Exists() || !functions.IsArray() { - return - } - functions.ForEach(func(_, function gjson.Result) bool { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - return true - }) -} - -func collectOpenAIToolChoice(choice gjson.Result, segments *[]string) { - if !choice.Exists() { - return - } - if choice.Type == gjson.String { - addIfNotEmpty(segments, choice.String()) - return - } - addIfNotEmpty(segments, choice.Raw) -} - -func collectOpenAIResponseFormat(format gjson.Result, segments *[]string) { - if !format.Exists() { - return - } - addIfNotEmpty(segments, format.Get("type").String()) - addIfNotEmpty(segments, format.Get("name").String()) - if schema := format.Get("json_schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } - if schema := format.Get("schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } -} - -func appendToolPayload(tool gjson.Result, segments *[]string) { - if !tool.Exists() { - return - } - addIfNotEmpty(segments, tool.Get("type").String()) - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if function := tool.Get("function"); function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } -} - -func addIfNotEmpty(segments *[]string, value string) { - if segments == nil { - return - } - if trimmed := strings.TrimSpace(value); trimmed != "" { - *segments = append(*segments, trimmed) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/token_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/token_helpers_test.go deleted file mode 100644 index 02fbe61c91..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/token_helpers_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package executor - -import ( - "testing" -) - -func TestTokenizerForModel(t *testing.T) { - cases := []struct { - model string - wantAdj float64 - }{ - {"gpt-4", 1.0}, - {"claude-3-sonnet", 1.1}, - {"kiro-model", 1.1}, - {"amazonq-model", 1.1}, - {"gpt-3.5-turbo", 1.0}, - {"o1-preview", 1.0}, - {"unknown", 1.0}, - } - for _, tc := range cases { - tw, err := tokenizerForModel(tc.model) - if err != nil { - t.Errorf("tokenizerForModel(%q) error: %v", tc.model, err) - continue - } - if tw.AdjustmentFactor != tc.wantAdj { - t.Errorf("tokenizerForModel(%q) adjustment = %v, want %v", tc.model, tw.AdjustmentFactor, tc.wantAdj) - } - } -} - -func TestCountOpenAIChatTokens(t *testing.T) { - tw, _ := tokenizerForModel("gpt-4o") - payload := []byte(`{"messages":[{"role":"user","content":"hello"}]}`) - count, err := countOpenAIChatTokens(tw, payload) - if err != nil { - t.Errorf("countOpenAIChatTokens failed: %v", err) - } - if count <= 0 { - t.Errorf("expected positive token count, got %d", count) - } -} - -func TestCountClaudeChatTokens(t *testing.T) { - tw, _ := tokenizerForModel("claude-3") - payload := []byte(`{"messages":[{"role":"user","content":"hello"}],"system":"be helpful"}`) - count, err := countClaudeChatTokens(tw, payload) - if err != nil { - t.Errorf("countClaudeChatTokens failed: %v", err) - } - if count <= 0 { - t.Errorf("expected positive token count, got %d", count) - } -} - -func TestEstimateImageTokens(t *testing.T) { - cases := []struct { - w, h float64 - want int - }{ - {0, 0, 1000}, - {100, 100, 85}, // 10000/750 = 13.3 -> min 85 - {1000, 1000, 1333}, // 1000000/750 = 1333 - {2000, 2000, 1590}, // max 1590 - } - for _, tc := range cases { - got := estimateImageTokens(tc.w, tc.h) - if got != tc.want { - t.Errorf("estimateImageTokens(%v, %v) = %d, want %d", tc.w, tc.h, got, tc.want) - } - } -} - -func TestIsGPT5FamilyModel(t *testing.T) { - t.Parallel() - cases := map[string]bool{ - "gpt-5": true, - "gpt-5.1": true, - "gpt-5.3-codex": true, - "gpt-5-pro": true, - "gpt-4o": false, - "claude-sonnet-4": false, - } - for model, want := range cases { - if got := isGPT5FamilyModel(model); got != want { - t.Fatalf("isGPT5FamilyModel(%q) = %v, want %v", model, got, want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/usage_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/usage_helpers.go deleted file mode 100644 index fe06ee58cb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/usage_helpers.go +++ /dev/null @@ -1,612 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "strconv" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type usageReporter struct { - provider string - model string - authID string - authIndex string - apiKey string - source string - requestedAt time.Time - once sync.Once -} - -func newUsageReporter(ctx context.Context, provider, model string, auth *cliproxyauth.Auth) *usageReporter { - apiKey := apiKeyFromContext(ctx) - reporter := &usageReporter{ - provider: provider, - model: model, - requestedAt: time.Now(), - apiKey: apiKey, - source: resolveUsageSource(auth, apiKey), - } - if auth != nil { - reporter.authID = auth.ID - reporter.authIndex = auth.EnsureIndex() - } - return reporter -} - -func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) { - r.publishWithOutcome(ctx, detail, false) -} - -func (r *usageReporter) publishFailure(ctx context.Context) { - r.publishWithOutcome(ctx, usage.Detail{}, true) -} - -func (r *usageReporter) trackFailure(ctx context.Context, errPtr *error) { - if r == nil || errPtr == nil { - return - } - if *errPtr != nil { - r.publishFailure(ctx) - } -} - -func (r *usageReporter) publishWithOutcome(ctx context.Context, detail usage.Detail, failed bool) { - if r == nil { - return - } - if detail.TotalTokens == 0 { - total := detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - if total > 0 { - detail.TotalTokens = total - } - } - if detail.InputTokens == 0 && detail.OutputTokens == 0 && detail.ReasoningTokens == 0 && detail.CachedTokens == 0 && detail.TotalTokens == 0 && !failed { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: failed, - Detail: detail, - }) - }) -} - -// ensurePublished guarantees that a usage record is emitted exactly once. -// It is safe to call multiple times; only the first call wins due to once.Do. -// This is used to ensure request counting even when upstream responses do not -// include any usage fields (tokens), especially for streaming paths. -func (r *usageReporter) ensurePublished(ctx context.Context) { - if r == nil { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: false, - Detail: usage.Detail{}, - }) - }) -} - -func apiKeyFromContext(ctx context.Context) string { - if ctx == nil { - return "" - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return "" - } - if v, exists := ginCtx.Get("apiKey"); exists { - switch value := v.(type) { - case string: - return value - case fmt.Stringer: - return value.String() - default: - return fmt.Sprintf("%v", value) - } - } - return "" -} - -func resolveUsageSource(auth *cliproxyauth.Auth, ctxAPIKey string) string { - if auth != nil { - provider := strings.TrimSpace(auth.Provider) - if strings.EqualFold(provider, "gemini-cli") { - if id := strings.TrimSpace(auth.ID); id != "" { - return id - } - } - if strings.EqualFold(provider, "vertex") { - if auth.Metadata != nil { - if projectID, ok := auth.Metadata["project_id"].(string); ok { - if trimmed := strings.TrimSpace(projectID); trimmed != "" { - return trimmed - } - } - if project, ok := auth.Metadata["project"].(string); ok { - if trimmed := strings.TrimSpace(project); trimmed != "" { - return trimmed - } - } - } - } - if _, value := auth.AccountInfo(); value != "" { - return strings.TrimSpace(value) - } - if auth.Metadata != nil { - if email, ok := auth.Metadata["email"].(string); ok { - if trimmed := strings.TrimSpace(email); trimmed != "" { - return trimmed - } - } - } - if auth.Attributes != nil { - if key := strings.TrimSpace(auth.Attributes["api_key"]); key != "" { - return key - } - } - } - if trimmed := strings.TrimSpace(ctxAPIKey); trimmed != "" { - return trimmed - } - return "" -} - -func parseCodexUsage(data []byte) (usage.Detail, bool) { - usageNode := gjson.ParseBytes(data).Get("response.usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if cached := usageNode.Get("input_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("output_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail, true -} - -func parseOpenAIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - return parseOpenAIUsageDetail(usageNode) -} - -func parseOpenAIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - return parseOpenAIUsageDetail(usageNode), true -} - -func parseOpenAIResponsesUsageDetail(usageNode gjson.Result) usage.Detail { - return parseOpenAIUsageDetail(usageNode) -} - -func parseOpenAIResponsesUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - return parseOpenAIResponsesUsageDetail(usageNode) -} - -func parseOpenAIResponsesStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - return parseOpenAIResponsesUsageDetail(usageNode), true -} - -func parseOpenAIUsageDetail(usageNode gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: getUsageTokens(usageNode, "prompt_tokens", "input_tokens"), - OutputTokens: getUsageTokens(usageNode, "completion_tokens", "output_tokens"), - TotalTokens: getUsageTokens(usageNode, "total_tokens"), - CachedTokens: getUsageTokens( - usageNode, - "prompt_tokens_details.cached_tokens", - "prompt_tokens_details.cached_token_count", - "input_tokens_details.cached_tokens", - "input_tokens_details.cached_token_count", - "cached_tokens", - ), - ReasoningTokens: getUsageTokens( - usageNode, - "completion_tokens_details.reasoning_tokens", - "completion_tokens_details.reasoning_token_count", - "output_tokens_details.reasoning_tokens", - "output_tokens_details.reasoning_token_count", - "reasoning_tokens", - ), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - } - return detail -} - -func getUsageTokens(node gjson.Result, keys ...string) int64 { - for _, key := range keys { - if key == "" { - continue - } - raw := node.Get(key) - if !raw.Exists() { - continue - } - switch raw.Type { - case gjson.Number: - return raw.Int() - case gjson.String: - return parseUsageNumber(raw.Str) - } - } - return 0 -} - -func parseUsageNumber(raw string) int64 { - value := strings.TrimSpace(raw) - if value == "" { - return 0 - } - if parsed, err := strconv.ParseInt(value, 10, 64); err == nil { - return parsed - } - if parsed, err := strconv.ParseFloat(value, 64); err == nil { - return int64(parsed) - } - return 0 -} - -func parseClaudeUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - // fall back to creation tokens when read tokens are absent - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail -} - -func parseClaudeStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail, true -} - -func parseGeminiFamilyUsageDetail(node gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: node.Get("promptTokenCount").Int(), - OutputTokens: node.Get("candidatesTokenCount").Int(), - ReasoningTokens: node.Get("thoughtsTokenCount").Int(), - TotalTokens: node.Get("totalTokenCount").Int(), - CachedTokens: node.Get("cachedContentTokenCount").Int(), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - return detail -} - -func parseGeminiCLIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("response.usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("usageMetadata") - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseGeminiCLIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseAntigravityUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("usageMetadata") - } - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseAntigravityStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usageMetadata") - } - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -var stopChunkWithoutUsage sync.Map - -func rememberStopWithoutUsage(traceID string) { - stopChunkWithoutUsage.Store(traceID, struct{}{}) - time.AfterFunc(10*time.Minute, func() { stopChunkWithoutUsage.Delete(traceID) }) -} - -// FilterSSEUsageMetadata removes usageMetadata from SSE events that are not -// terminal (finishReason != "stop"). Stop chunks are left untouched. This -// function is shared between aistudio and antigravity executors. -func FilterSSEUsageMetadata(payload []byte) []byte { - if len(payload) == 0 { - return payload - } - - lines := bytes.Split(payload, []byte("\n")) - modified := false - foundData := false - for idx, line := range lines { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !bytes.HasPrefix(trimmed, []byte("data:")) { - continue - } - foundData = true - dataIdx := bytes.Index(line, []byte("data:")) - if dataIdx < 0 { - continue - } - rawJSON := bytes.TrimSpace(line[dataIdx+5:]) - traceID := gjson.GetBytes(rawJSON, "traceId").String() - if isStopChunkWithoutUsage(rawJSON) && traceID != "" { - rememberStopWithoutUsage(traceID) - continue - } - if traceID != "" { - if _, ok := stopChunkWithoutUsage.Load(traceID); ok && hasUsageMetadata(rawJSON) { - stopChunkWithoutUsage.Delete(traceID) - continue - } - } - - cleaned, changed := StripUsageMetadataFromJSON(rawJSON) - if !changed { - continue - } - var rebuilt []byte - rebuilt = append(rebuilt, line[:dataIdx]...) - rebuilt = append(rebuilt, []byte("data:")...) - if len(cleaned) > 0 { - rebuilt = append(rebuilt, ' ') - rebuilt = append(rebuilt, cleaned...) - } - lines[idx] = rebuilt - modified = true - } - if !modified { - if !foundData { - // Handle payloads that are raw JSON without SSE data: prefix. - trimmed := bytes.TrimSpace(payload) - cleaned, changed := StripUsageMetadataFromJSON(trimmed) - if !changed { - return payload - } - return cleaned - } - return payload - } - return bytes.Join(lines, []byte("\n")) -} - -// StripUsageMetadataFromJSON drops usageMetadata unless finishReason is present (terminal). -// It handles both formats: -// - Aistudio: candidates.0.finishReason -// - Antigravity: response.candidates.0.finishReason -func StripUsageMetadataFromJSON(rawJSON []byte) ([]byte, bool) { - jsonBytes := bytes.TrimSpace(rawJSON) - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return rawJSON, false - } - - // Check for finishReason in both aistudio and antigravity formats - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - terminalReason := finishReason.Exists() && strings.TrimSpace(finishReason.String()) != "" - - usageMetadata := gjson.GetBytes(jsonBytes, "usageMetadata") - if !usageMetadata.Exists() { - usageMetadata = gjson.GetBytes(jsonBytes, "response.usageMetadata") - } - - // Terminal chunk: keep as-is. - if terminalReason { - return rawJSON, false - } - - // Nothing to strip - if !usageMetadata.Exists() { - return rawJSON, false - } - - // Remove usageMetadata from both possible locations - cleaned := jsonBytes - var changed bool - - if usageMetadata = gjson.GetBytes(cleaned, "usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "usageMetadata") - changed = true - } - - if usageMetadata = gjson.GetBytes(cleaned, "response.usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "response.cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "response.usageMetadata") - changed = true - } - - return cleaned, changed -} - -func hasUsageMetadata(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - if gjson.GetBytes(jsonBytes, "usageMetadata").Exists() { - return true - } - if gjson.GetBytes(jsonBytes, "response.usageMetadata").Exists() { - return true - } - return false -} - -func isStopChunkWithoutUsage(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - trimmed := strings.TrimSpace(finishReason.String()) - if !finishReason.Exists() || trimmed == "" { - return false - } - return !hasUsageMetadata(jsonBytes) -} - -func jsonPayload(line []byte) []byte { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 { - return nil - } - if bytes.Equal(trimmed, []byte("[DONE]")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("event:")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("data:")) { - trimmed = bytes.TrimSpace(trimmed[len("data:"):]) - } - if len(trimmed) == 0 || trimmed[0] != '{' { - return nil - } - return trimmed -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/usage_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/usage_helpers_test.go deleted file mode 100644 index 8968abb944..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/usage_helpers_test.go +++ /dev/null @@ -1,110 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestParseOpenAIUsageChatCompletions(t *testing.T) { - data := []byte(`{"usage":{"prompt_tokens":1,"completion_tokens":2,"total_tokens":3,"prompt_tokens_details":{"cached_tokens":4},"completion_tokens_details":{"reasoning_tokens":5}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 1 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 1) - } - if detail.OutputTokens != 2 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 2) - } - if detail.TotalTokens != 3 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 3) - } - if detail.CachedTokens != 4 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 4) - } - if detail.ReasoningTokens != 5 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 5) - } -} - -func TestParseOpenAIUsageResponses(t *testing.T) { - data := []byte(`{"usage":{"input_tokens":10,"output_tokens":20,"total_tokens":30,"input_tokens_details":{"cached_tokens":7},"output_tokens_details":{"reasoning_tokens":9}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 10 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 10) - } - if detail.OutputTokens != 20 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 20) - } - if detail.TotalTokens != 30 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 30) - } - if detail.CachedTokens != 7 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 7) - } - if detail.ReasoningTokens != 9 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 9) - } -} - -func TestParseOpenAIUsage_WithAlternateFieldsAndStringValues(t *testing.T) { - data := []byte(`{"usage":{"input_tokens":"10","output_tokens":"20","prompt_tokens": "11","completion_tokens": "12","prompt_tokens_details":{"cached_tokens":"7"},"output_tokens_details":{"reasoning_tokens":"9"}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 11 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 11) - } - if detail.OutputTokens != 12 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 12) - } - if detail.TotalTokens != 23 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 23) - } - if detail.CachedTokens != 7 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 7) - } - if detail.ReasoningTokens != 9 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 9) - } -} - -func TestParseOpenAIStreamUsage_WithAlternateFieldsAndStringValues(t *testing.T) { - line := []byte(`{"usage":{"prompt_tokens":"3","completion_tokens":"4","prompt_tokens_details":{"cached_tokens":1},"completion_tokens_details":{"reasoning_tokens":"2"}}}`) - detail, ok := parseOpenAIStreamUsage(line) - if !ok { - t.Fatal("expected stream usage") - } - if detail.InputTokens != 3 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 3) - } - if detail.OutputTokens != 4 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 4) - } - if detail.TotalTokens != 7 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 7) - } - if detail.CachedTokens != 1 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 1) - } - if detail.ReasoningTokens != 2 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 2) - } -} - -func TestParseOpenAIResponsesUsageDetail_WithAlternateFields(t *testing.T) { - node := gjson.Parse(`{"input_tokens":"14","completion_tokens":"16","cached_tokens":"1","output_tokens_details":{"reasoning_tokens":"3"}}`) - detail := parseOpenAIResponsesUsageDetail(node) - if detail.InputTokens != 14 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 14) - } - if detail.OutputTokens != 16 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 16) - } - if detail.TotalTokens != 30 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 30) - } - if detail.CachedTokens != 1 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 1) - } - if detail.ReasoningTokens != 3 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 3) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/user_id_cache.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/user_id_cache.go deleted file mode 100644 index fc64823131..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/user_id_cache.go +++ /dev/null @@ -1,92 +0,0 @@ -package executor - -import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" - "sync" - "time" -) - -type userIDCacheEntry struct { - value string - expire time.Time -} - -var ( - userIDCache = make(map[string]userIDCacheEntry) - userIDCacheMu sync.RWMutex - userIDCacheCleanupOnce sync.Once -) - -const ( - userIDTTL = time.Hour - userIDCacheCleanupPeriod = 15 * time.Minute - userIDCacheHashKey = "executor-user-id-cache:v1" -) - -func startUserIDCacheCleanup() { - go func() { - ticker := time.NewTicker(userIDCacheCleanupPeriod) - defer ticker.Stop() - for range ticker.C { - purgeExpiredUserIDs() - } - }() -} - -func purgeExpiredUserIDs() { - now := time.Now() - userIDCacheMu.Lock() - for key, entry := range userIDCache { - if !entry.expire.After(now) { - delete(userIDCache, key) - } - } - userIDCacheMu.Unlock() -} - -func userIDCacheKey(apiKey string) string { - hasher := hmac.New(sha512.New, []byte(userIDCacheHashKey)) - hasher.Write([]byte(apiKey)) - return hex.EncodeToString(hasher.Sum(nil)) -} - -func cachedUserID(apiKey string) string { - if apiKey == "" { - return generateFakeUserID() - } - - userIDCacheCleanupOnce.Do(startUserIDCacheCleanup) - - key := userIDCacheKey(apiKey) - now := time.Now() - - userIDCacheMu.RLock() - entry, ok := userIDCache[key] - valid := ok && entry.value != "" && entry.expire.After(now) && isValidUserID(entry.value) - userIDCacheMu.RUnlock() - if valid { - userIDCacheMu.Lock() - entry = userIDCache[key] - if entry.value != "" && entry.expire.After(now) && isValidUserID(entry.value) { - entry.expire = now.Add(userIDTTL) - userIDCache[key] = entry - userIDCacheMu.Unlock() - return entry.value - } - userIDCacheMu.Unlock() - } - - newID := generateFakeUserID() - - userIDCacheMu.Lock() - entry, ok = userIDCache[key] - if !ok || entry.value == "" || !entry.expire.After(now) || !isValidUserID(entry.value) { - entry.value = newID - } - entry.expire = now.Add(userIDTTL) - userIDCache[key] = entry - userIDCacheMu.Unlock() - return entry.value -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/user_id_cache_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/user_id_cache_test.go deleted file mode 100644 index 4b1ed0c2e9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/executor/user_id_cache_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package executor - -import ( - "crypto/sha256" - "encoding/hex" - "testing" - "time" -) - -func resetUserIDCache() { - userIDCacheMu.Lock() - userIDCache = make(map[string]userIDCacheEntry) - userIDCacheMu.Unlock() -} - -func TestCachedUserID_ReusesWithinTTL(t *testing.T) { - resetUserIDCache() - - first := cachedUserID("api-key-1") - second := cachedUserID("api-key-1") - - if first == "" { - t.Fatal("expected generated user_id to be non-empty") - } - if first != second { - t.Fatalf("expected cached user_id to be reused, got %q and %q", first, second) - } -} - -func TestCachedUserID_ExpiresAfterTTL(t *testing.T) { - resetUserIDCache() - - expiredID := cachedUserID("api-key-expired") - cacheKey := userIDCacheKey("api-key-expired") - userIDCacheMu.Lock() - userIDCache[cacheKey] = userIDCacheEntry{ - value: expiredID, - expire: time.Now().Add(-time.Minute), - } - userIDCacheMu.Unlock() - - newID := cachedUserID("api-key-expired") - if newID == expiredID { - t.Fatalf("expected expired user_id to be replaced, got %q", newID) - } - if newID == "" { - t.Fatal("expected regenerated user_id to be non-empty") - } -} - -func TestCachedUserID_IsScopedByAPIKey(t *testing.T) { - resetUserIDCache() - - first := cachedUserID("api-key-1") - second := cachedUserID("api-key-2") - - if first == second { - t.Fatalf("expected different API keys to have different user_ids, got %q", first) - } -} - -func TestCachedUserID_RenewsTTLOnHit(t *testing.T) { - resetUserIDCache() - - key := "api-key-renew" - id := cachedUserID(key) - cacheKey := userIDCacheKey(key) - - soon := time.Now() - userIDCacheMu.Lock() - userIDCache[cacheKey] = userIDCacheEntry{ - value: id, - expire: soon.Add(2 * time.Second), - } - userIDCacheMu.Unlock() - - if refreshed := cachedUserID(key); refreshed != id { - t.Fatalf("expected cached user_id to be reused before expiry, got %q", refreshed) - } - - userIDCacheMu.RLock() - entry := userIDCache[cacheKey] - userIDCacheMu.RUnlock() - - if entry.expire.Sub(soon) < 30*time.Minute { - t.Fatalf("expected TTL to renew, got %v remaining", entry.expire.Sub(soon)) - } -} - -func TestUserIDCacheKey_DoesNotUseLegacySHA256(t *testing.T) { - apiKey := "api-key-legacy-check" - got := userIDCacheKey(apiKey) - if got == "" { - t.Fatal("expected non-empty cache key") - } - - legacy := sha256.Sum256([]byte(apiKey)) - if got == hex.EncodeToString(legacy[:]) { - t.Fatalf("expected cache key to differ from legacy sha256") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/api_handler.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/api_handler.go deleted file mode 100644 index dacd182054..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/api_handler.go +++ /dev/null @@ -1,17 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -// APIHandler defines the interface that all API handlers must implement. -// This interface provides methods for identifying handler types and retrieving -// supported models for different AI service endpoints. -type APIHandler interface { - // HandlerType returns the type identifier for this API handler. - // This is used to determine which request/response translators to use. - HandlerType() string - - // Models returns a list of supported models for this API handler. - // Each model is represented as a map containing model metadata. - Models() []map[string]any -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/client_models.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/client_models.go deleted file mode 100644 index c6e4ff7802..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/client_models.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -import ( - "time" -) - -// GCPProject represents the response structure for a Google Cloud project list request. -// This structure is used when fetching available projects for a Google Cloud account. -type GCPProject struct { - // Projects is a list of Google Cloud projects accessible by the user. - Projects []GCPProjectProjects `json:"projects"` -} - -// GCPProjectLabels defines the labels associated with a GCP project. -// These labels can contain metadata about the project's purpose or configuration. -type GCPProjectLabels struct { - // GenerativeLanguage indicates if the project has generative language APIs enabled. - GenerativeLanguage string `json:"generative-language"` -} - -// GCPProjectProjects contains details about a single Google Cloud project. -// This includes identifying information, metadata, and configuration details. -type GCPProjectProjects struct { - // ProjectNumber is the unique numeric identifier for the project. - ProjectNumber string `json:"projectNumber"` - - // ProjectID is the unique string identifier for the project. - ProjectID string `json:"projectId"` - - // LifecycleState indicates the current state of the project (e.g., "ACTIVE"). - LifecycleState string `json:"lifecycleState"` - - // Name is the human-readable name of the project. - Name string `json:"name"` - - // Labels contains metadata labels associated with the project. - Labels GCPProjectLabels `json:"labels"` - - // CreateTime is the timestamp when the project was created. - CreateTime time.Time `json:"createTime"` -} - -// Content represents a single message in a conversation, with a role and parts. -// This structure models a message exchange between a user and an AI model. -type Content struct { - // Role indicates who sent the message ("user", "model", or "tool"). - Role string `json:"role"` - - // Parts is a collection of content parts that make up the message. - Parts []Part `json:"parts"` -} - -// Part represents a distinct piece of content within a message. -// A part can be text, inline data (like an image), a function call, or a function response. -type Part struct { - Thought bool `json:"thought,omitempty"` - - // Text contains plain text content. - Text string `json:"text,omitempty"` - - // InlineData contains base64-encoded data with its MIME type (e.g., images). - InlineData *InlineData `json:"inlineData,omitempty"` - - // ThoughtSignature is a provider-required signature that accompanies certain parts. - ThoughtSignature string `json:"thoughtSignature,omitempty"` - - // FunctionCall represents a tool call requested by the model. - FunctionCall *FunctionCall `json:"functionCall,omitempty"` - - // FunctionResponse represents the result of a tool execution. - FunctionResponse *FunctionResponse `json:"functionResponse,omitempty"` -} - -// InlineData represents base64-encoded data with its MIME type. -// This is typically used for embedding images or other binary data in requests. -type InlineData struct { - // MimeType specifies the media type of the embedded data (e.g., "image/png"). - MimeType string `json:"mime_type,omitempty"` - - // Data contains the base64-encoded binary data. - Data string `json:"data,omitempty"` -} - -// FunctionCall represents a tool call requested by the model. -// It includes the function name and its arguments that the model wants to execute. -type FunctionCall struct { - // ID is the identifier of the function to be called. - ID string `json:"id,omitempty"` - - // Name is the identifier of the function to be called. - Name string `json:"name"` - - // Args contains the arguments to pass to the function. - Args map[string]interface{} `json:"args"` -} - -// FunctionResponse represents the result of a tool execution. -// This is sent back to the model after a tool call has been processed. -type FunctionResponse struct { - // ID is the identifier of the function to be called. - ID string `json:"id,omitempty"` - - // Name is the identifier of the function that was called. - Name string `json:"name"` - - // Response contains the result data from the function execution. - Response map[string]interface{} `json:"response"` -} - -// GenerateContentRequest is the top-level request structure for the streamGenerateContent endpoint. -// This structure defines all the parameters needed for generating content from an AI model. -type GenerateContentRequest struct { - // SystemInstruction provides system-level instructions that guide the model's behavior. - SystemInstruction *Content `json:"systemInstruction,omitempty"` - - // Contents is the conversation history between the user and the model. - Contents []Content `json:"contents"` - - // Tools defines the available tools/functions that the model can call. - Tools []ToolDeclaration `json:"tools,omitempty"` - - // GenerationConfig contains parameters that control the model's generation behavior. - GenerationConfig `json:"generationConfig"` -} - -// GenerationConfig defines parameters that control the model's generation behavior. -// These parameters affect the creativity, randomness, and reasoning of the model's responses. -type GenerationConfig struct { - // ThinkingConfig specifies configuration for the model's "thinking" process. - ThinkingConfig GenerationConfigThinkingConfig `json:"thinkingConfig,omitempty"` - - // Temperature controls the randomness of the model's responses. - // Values closer to 0 make responses more deterministic, while values closer to 1 increase randomness. - Temperature float64 `json:"temperature,omitempty"` - - // TopP controls nucleus sampling, which affects the diversity of responses. - // It limits the model to consider only the top P% of probability mass. - TopP float64 `json:"topP,omitempty"` - - // TopK limits the model to consider only the top K most likely tokens. - // This can help control the quality and diversity of generated text. - TopK float64 `json:"topK,omitempty"` -} - -// GenerationConfigThinkingConfig specifies configuration for the model's "thinking" process. -// This controls whether the model should output its reasoning process along with the final answer. -type GenerationConfigThinkingConfig struct { - // IncludeThoughts determines whether the model should output its reasoning process. - // When enabled, the model will include its step-by-step thinking in the response. - IncludeThoughts bool `json:"include_thoughts,omitempty"` -} - -// ToolDeclaration defines the structure for declaring tools (like functions) -// that the model can call during content generation. -type ToolDeclaration struct { - // FunctionDeclarations is a list of available functions that the model can call. - FunctionDeclarations []interface{} `json:"functionDeclarations"` -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/context_keys.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/context_keys.go deleted file mode 100644 index 693f999f61..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/context_keys.go +++ /dev/null @@ -1,12 +0,0 @@ -package interfaces - -// ContextKey is a custom type for context keys to avoid collisions. -type ContextKey string - -const ( - ContextKeyGin ContextKey = "gin" - ContextKeyHandler ContextKey = "handler" - ContextKeyRequestID ContextKey = "request_id" - ContextKeyRoundRobin ContextKey = "cliproxy.roundtripper" - ContextKeyAlt ContextKey = "alt" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/error_message.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/error_message.go deleted file mode 100644 index 52397cd743..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/error_message.go +++ /dev/null @@ -1,12 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -import ( - internalinterfaces "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" -) - -// ErrorMessage is an alias to the internal ErrorMessage, ensuring type compatibility -// across pkg/llmproxy/interfaces and internal/interfaces. -type ErrorMessage = internalinterfaces.ErrorMessage diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/types.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/types.go deleted file mode 100644 index 9fb1e7f3b8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/interfaces/types.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package interfaces provides type aliases for backwards compatibility with translator functions. -// It defines common interface types used throughout the CLI Proxy API for request and response -// transformation operations, maintaining compatibility with the SDK translator package. -package interfaces - -import sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - -// Backwards compatible aliases for translator function types. -type TranslateRequestFunc = sdktranslator.RequestTransform - -type TranslateResponseFunc = sdktranslator.ResponseStreamTransform - -type TranslateResponseNonStreamFunc = sdktranslator.ResponseNonStreamTransform - -type TranslateResponse = sdktranslator.ResponseTransform diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/gin_logger.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/gin_logger.go deleted file mode 100644 index 8232d51bc1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/gin_logger.go +++ /dev/null @@ -1,150 +0,0 @@ -// Package logging provides Gin middleware for HTTP request logging and panic recovery. -// It integrates Gin web framework with logrus for structured logging of HTTP requests, -// responses, and error handling with panic recovery capabilities. -package logging - -import ( - "errors" - "fmt" - "net/http" - "runtime/debug" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -// aiAPIPrefixes defines path prefixes for AI API requests that should have request ID tracking. -var aiAPIPrefixes = []string{ - "/v1/chat/completions", - "/v1/completions", - "/v1/messages", - "/v1/responses", - "/v1beta/models/", - "/api/provider/", -} - -const skipGinLogKey = "__gin_skip_request_logging__" - -// GinLogrusLogger returns a Gin middleware handler that logs HTTP requests and responses -// using logrus. It captures request details including method, path, status code, latency, -// client IP, and any error messages. Request ID is only added for AI API requests. -// -// Output format (AI API): [2025-12-23 20:14:10] [info ] | a1b2c3d4 | 200 | 23.559s | ... -// Output format (others): [2025-12-23 20:14:10] [info ] | -------- | 200 | 23.559s | ... -// -// Returns: -// - gin.HandlerFunc: A middleware handler for request logging -func GinLogrusLogger() gin.HandlerFunc { - return func(c *gin.Context) { - start := time.Now() - path := c.Request.URL.Path - raw := util.MaskSensitiveQuery(c.Request.URL.RawQuery) - - // Only generate request ID for AI API paths - var requestID string - if isAIAPIPath(path) { - requestID = GenerateRequestID() - SetGinRequestID(c, requestID) - ctx := WithRequestID(c.Request.Context(), requestID) - c.Request = c.Request.WithContext(ctx) - } - - c.Next() - - if shouldSkipGinRequestLogging(c) { - return - } - - if raw != "" { - path = path + "?" + raw - } - - latency := time.Since(start) - if latency > time.Minute { - latency = latency.Truncate(time.Second) - } else { - latency = latency.Truncate(time.Millisecond) - } - - statusCode := c.Writer.Status() - clientIP := c.ClientIP() - method := c.Request.Method - errorMessage := c.Errors.ByType(gin.ErrorTypePrivate).String() - - if requestID == "" { - requestID = "--------" - } - logLine := fmt.Sprintf("%3d | %13v | %15s | %-7s \"%s\"", statusCode, latency, clientIP, method, path) - if errorMessage != "" { - logLine = logLine + " | " + errorMessage - } - - entry := log.WithField("request_id", requestID) - - switch { - case statusCode >= http.StatusInternalServerError: - entry.Error(logLine) - case statusCode >= http.StatusBadRequest: - entry.Warn(logLine) - default: - entry.Info(logLine) - } - } -} - -// isAIAPIPath checks if the given path is an AI API endpoint that should have request ID tracking. -func isAIAPIPath(path string) bool { - for _, prefix := range aiAPIPrefixes { - if strings.HasPrefix(path, prefix) { - return true - } - } - return false -} - -// GinLogrusRecovery returns a Gin middleware handler that recovers from panics and logs -// them using logrus. When a panic occurs, it captures the panic value, stack trace, -// and request path, then returns a 500 Internal Server Error response to the client. -// -// Returns: -// - gin.HandlerFunc: A middleware handler for panic recovery -func GinLogrusRecovery() gin.HandlerFunc { - return gin.CustomRecovery(func(c *gin.Context, recovered interface{}) { - if err, ok := recovered.(error); ok && errors.Is(err, http.ErrAbortHandler) { - // Let net/http handle ErrAbortHandler so the connection is aborted without noisy stack logs. - panic(http.ErrAbortHandler) - } - - log.WithFields(log.Fields{ - "panic": recovered, - "stack": string(debug.Stack()), - "path": c.Request.URL.Path, - }).Error("recovered from panic") - - c.AbortWithStatus(http.StatusInternalServerError) - }) -} - -// SkipGinRequestLogging marks the provided Gin context so that GinLogrusLogger -// will skip emitting a log line for the associated request. -func SkipGinRequestLogging(c *gin.Context) { - if c == nil { - return - } - c.Set(skipGinLogKey, true) -} - -func shouldSkipGinRequestLogging(c *gin.Context) bool { - if c == nil { - return false - } - val, exists := c.Get(skipGinLogKey) - if !exists { - return false - } - flag, ok := val.(bool) - return ok && flag -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/gin_logger_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/gin_logger_test.go deleted file mode 100644 index 353e7ea324..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/gin_logger_test.go +++ /dev/null @@ -1,108 +0,0 @@ -package logging - -import ( - "errors" - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestGinLogrusRecoveryRepanicsErrAbortHandler(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusRecovery()) - engine.GET("/abort", func(c *gin.Context) { - panic(http.ErrAbortHandler) - }) - - req := httptest.NewRequest(http.MethodGet, "/abort", nil) - recorder := httptest.NewRecorder() - - defer func() { - recovered := recover() - if recovered == nil { - t.Fatalf("expected panic, got nil") - } - err, ok := recovered.(error) - if !ok { - t.Fatalf("expected error panic, got %T", recovered) - } - if !errors.Is(err, http.ErrAbortHandler) { - t.Fatalf("expected ErrAbortHandler, got %v", err) - } - if err != http.ErrAbortHandler { - t.Fatalf("expected exact ErrAbortHandler sentinel, got %v", err) - } - }() - - engine.ServeHTTP(recorder, req) -} - -func TestGinLogrusRecoveryHandlesRegularPanic(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusRecovery()) - engine.GET("/panic", func(c *gin.Context) { - panic("boom") - }) - - req := httptest.NewRequest(http.MethodGet, "/panic", nil) - recorder := httptest.NewRecorder() - - engine.ServeHTTP(recorder, req) - if recorder.Code != http.StatusInternalServerError { - t.Fatalf("expected 500, got %d", recorder.Code) - } -} - -func TestGinLogrusLogger(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusLogger()) - engine.GET("/v1/chat/completions", func(c *gin.Context) { - c.String(http.StatusOK, "ok") - }) - engine.GET("/skip", func(c *gin.Context) { - SkipGinRequestLogging(c) - c.String(http.StatusOK, "skipped") - }) - - // AI API path - req := httptest.NewRequest(http.MethodGet, "/v1/chat/completions", nil) - recorder := httptest.NewRecorder() - engine.ServeHTTP(recorder, req) - if recorder.Code != http.StatusOK { - t.Fatalf("expected 200, got %d", recorder.Code) - } - - // Regular path - req = httptest.NewRequest(http.MethodGet, "/", nil) - recorder = httptest.NewRecorder() - engine.ServeHTTP(recorder, req) - - // Skipped path - req = httptest.NewRequest(http.MethodGet, "/skip", nil) - recorder = httptest.NewRecorder() - engine.ServeHTTP(recorder, req) -} - -func TestIsAIAPIPath(t *testing.T) { - cases := []struct { - path string - want bool - }{ - {"/v1/chat/completions", true}, - {"/v1/messages", true}, - {"/other", false}, - } - for _, tc := range cases { - if got := isAIAPIPath(tc.path); got != tc.want { - t.Errorf("isAIAPIPath(%q) = %v, want %v", tc.path, got, tc.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/global_logger.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/global_logger.go deleted file mode 100644 index de4a6ff85e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/global_logger.go +++ /dev/null @@ -1,204 +0,0 @@ -package logging - -import ( - "bytes" - "fmt" - "io" - "os" - "path/filepath" - "strings" - "sync" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "gopkg.in/natefinch/lumberjack.v2" -) - -var ( - setupOnce sync.Once - writerMu sync.Mutex - logWriter *lumberjack.Logger - ginInfoWriter *io.PipeWriter - ginErrorWriter *io.PipeWriter -) - -// LogFormatter defines a custom log format for logrus. -// This formatter adds timestamp, level, request ID, and source location to each log entry. -// Format: [2025-12-23 20:14:04] [debug] [manager.go:524] | a1b2c3d4 | Use API key sk-9...0RHO for model gpt-5.2 -type LogFormatter struct{} - -// logFieldOrder defines the display order for common log fields. -var logFieldOrder = []string{"provider", "model", "mode", "budget", "level", "original_mode", "original_value", "min", "max", "clamped_to", "error"} - -// Format renders a single log entry with custom formatting. -func (m *LogFormatter) Format(entry *log.Entry) ([]byte, error) { - var buffer *bytes.Buffer - if entry.Buffer != nil { - buffer = entry.Buffer - } else { - buffer = &bytes.Buffer{} - } - - timestamp := entry.Time.Format("2006-01-02 15:04:05") - message := strings.TrimRight(entry.Message, "\r\n") - - reqID := "--------" - if id, ok := entry.Data["request_id"].(string); ok && id != "" { - reqID = id - } - - level := entry.Level.String() - if level == "warning" { - level = "warn" - } - levelStr := fmt.Sprintf("%-5s", level) - - // Build fields string (only print fields in logFieldOrder) - var fieldsStr string - if len(entry.Data) > 0 { - var fields []string - for _, k := range logFieldOrder { - if v, ok := entry.Data[k]; ok { - fields = append(fields, fmt.Sprintf("%s=%v", k, v)) - } - } - if len(fields) > 0 { - fieldsStr = " " + strings.Join(fields, " ") - } - } - - var formatted string - if entry.Caller != nil { - formatted = fmt.Sprintf("[%s] [%s] [%s] [%s:%d] %s%s\n", timestamp, reqID, levelStr, filepath.Base(entry.Caller.File), entry.Caller.Line, message, fieldsStr) - } else { - formatted = fmt.Sprintf("[%s] [%s] [%s] %s%s\n", timestamp, reqID, levelStr, message, fieldsStr) - } - buffer.WriteString(formatted) - - return buffer.Bytes(), nil -} - -// SetupBaseLogger configures the shared logrus instance and Gin writers. -// It is safe to call multiple times; initialization happens only once. -func SetupBaseLogger() { - setupOnce.Do(func() { - log.SetOutput(os.Stdout) - log.SetLevel(log.InfoLevel) - log.SetReportCaller(true) - log.SetFormatter(&LogFormatter{}) - - ginInfoWriter = log.StandardLogger().Writer() - gin.DefaultWriter = ginInfoWriter - ginErrorWriter = log.StandardLogger().WriterLevel(log.ErrorLevel) - gin.DefaultErrorWriter = ginErrorWriter - gin.DebugPrintFunc = func(format string, values ...interface{}) { - format = strings.TrimRight(format, "\r\n") - log.StandardLogger().Infof(format, values...) - } - - log.RegisterExitHandler(closeLogOutputs) - }) -} - -// isDirWritable checks if the specified directory exists and is writable by attempting to create and remove a test file. -func isDirWritable(dir string) bool { - info, err := os.Stat(dir) - if err != nil || !info.IsDir() { - return false - } - - testFile := filepath.Join(dir, ".perm_test") - f, err := os.Create(testFile) - if err != nil { - return false - } - - defer func() { - _ = f.Close() - _ = os.Remove(testFile) - }() - return true -} - -// ResolveLogDirectory determines the directory used for application logs. -func ResolveLogDirectory(cfg *config.Config) string { - logDir := "logs" - if base := util.WritablePath(); base != "" { - return filepath.Join(base, "logs") - } - if cfg == nil { - return logDir - } - if !isDirWritable(logDir) { - authDir, err := util.ResolveAuthDir(cfg.AuthDir) - if err != nil { - log.Warnf("Failed to resolve auth-dir %q for log directory: %v", cfg.AuthDir, err) - } - if authDir != "" { - logDir = filepath.Join(authDir, "logs") - } - } - return logDir -} - -// ConfigureLogOutput switches the global log destination between rotating files and stdout. -// When logsMaxTotalSizeMB > 0, a background cleaner removes the oldest log files in the logs directory -// until the total size is within the limit. -func ConfigureLogOutput(cfg *config.Config) error { - SetupBaseLogger() - - writerMu.Lock() - defer writerMu.Unlock() - - logDir := ResolveLogDirectory(cfg) - - protectedPath := "" - if cfg.LoggingToFile { - if err := os.MkdirAll(logDir, 0o755); err != nil { - return fmt.Errorf("logging: failed to create log directory: %w", err) - } - if logWriter != nil { - _ = logWriter.Close() - } - protectedPath = filepath.Join(logDir, "main.log") - logWriter = &lumberjack.Logger{ - Filename: protectedPath, - MaxSize: 10, - MaxBackups: 0, - MaxAge: 0, - Compress: false, - } - log.SetOutput(logWriter) - } else { - if logWriter != nil { - _ = logWriter.Close() - logWriter = nil - } - log.SetOutput(os.Stdout) - } - - configureLogDirCleanerLocked(logDir, cfg.LogsMaxTotalSizeMB, protectedPath) - return nil -} - -func closeLogOutputs() { - writerMu.Lock() - defer writerMu.Unlock() - - stopLogDirCleanerLocked() - - if logWriter != nil { - _ = logWriter.Close() - logWriter = nil - } - if ginInfoWriter != nil { - _ = ginInfoWriter.Close() - ginInfoWriter = nil - } - if ginErrorWriter != nil { - _ = ginErrorWriter.Close() - ginErrorWriter = nil - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/log_dir_cleaner.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/log_dir_cleaner.go deleted file mode 100644 index 31d0311dbc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/log_dir_cleaner.go +++ /dev/null @@ -1,167 +0,0 @@ -package logging - -import ( - "context" - "os" - "path/filepath" - "sort" - "strings" - "time" - - log "github.com/sirupsen/logrus" -) - -const logDirCleanerInterval = time.Minute - -var logDirCleanerCancel context.CancelFunc - -func configureLogDirCleanerLocked(logDir string, maxTotalSizeMB int, protectedPath string) { - stopLogDirCleanerLocked() - - if maxTotalSizeMB <= 0 { - return - } - - maxBytes := int64(maxTotalSizeMB) * 1024 * 1024 - if maxBytes <= 0 { - return - } - - dir := strings.TrimSpace(logDir) - if dir == "" { - return - } - - ctx, cancel := context.WithCancel(context.Background()) - logDirCleanerCancel = cancel - go runLogDirCleaner(ctx, filepath.Clean(dir), maxBytes, strings.TrimSpace(protectedPath)) -} - -func stopLogDirCleanerLocked() { - if logDirCleanerCancel == nil { - return - } - logDirCleanerCancel() - logDirCleanerCancel = nil -} - -func runLogDirCleaner(ctx context.Context, logDir string, maxBytes int64, protectedPath string) { - ticker := time.NewTicker(logDirCleanerInterval) - defer ticker.Stop() - - cleanOnce := func() { - deleted, errClean := enforceLogDirSizeLimit(logDir, maxBytes, protectedPath) - if errClean != nil { - log.WithError(errClean).Warn("logging: failed to enforce log directory size limit") - return - } - if deleted > 0 { - log.Debugf("logging: removed %d old log file(s) to enforce log directory size limit", deleted) - } - } - - cleanOnce() - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - cleanOnce() - } - } -} - -func enforceLogDirSizeLimit(logDir string, maxBytes int64, protectedPath string) (int, error) { - if maxBytes <= 0 { - return 0, nil - } - - dir := strings.TrimSpace(logDir) - if dir == "" { - return 0, nil - } - dir = filepath.Clean(dir) - - protected := strings.TrimSpace(protectedPath) - if protected != "" { - protected = filepath.Clean(protected) - } - - type logFile struct { - path string - size int64 - modTime time.Time - } - - var ( - files []logFile - total int64 - ) - errWalk := filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error { - if err != nil { - return nil - } - if d == nil || d.IsDir() { - return nil - } - if !isLogFileName(d.Name()) { - return nil - } - info, errInfo := d.Info() - if errInfo != nil { - return nil - } - if !info.Mode().IsRegular() { - return nil - } - cleanPath := filepath.Clean(path) - files = append(files, logFile{ - path: cleanPath, - size: info.Size(), - modTime: info.ModTime(), - }) - total += info.Size() - return nil - }) - if errWalk != nil { - if os.IsNotExist(errWalk) { - return 0, nil - } - return 0, errWalk - } - - if total <= maxBytes { - return 0, nil - } - - sort.Slice(files, func(i, j int) bool { - return files[i].modTime.Before(files[j].modTime) - }) - - deleted := 0 - for _, file := range files { - if total <= maxBytes { - break - } - if protected != "" && filepath.Clean(file.path) == protected { - continue - } - if errRemove := os.Remove(file.path); errRemove != nil { - log.WithError(errRemove).Warnf("logging: failed to remove old log file: %s", filepath.Base(file.path)) - continue - } - total -= file.size - deleted++ - } - - return deleted, nil -} - -func isLogFileName(name string) bool { - trimmed := strings.TrimSpace(name) - if trimmed == "" { - return false - } - lower := strings.ToLower(trimmed) - return strings.HasSuffix(lower, ".log") || strings.HasSuffix(lower, ".log.gz") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/log_dir_cleaner_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/log_dir_cleaner_test.go deleted file mode 100644 index 05688b5681..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/log_dir_cleaner_test.go +++ /dev/null @@ -1,97 +0,0 @@ -package logging - -import ( - "os" - "path/filepath" - "testing" - "time" -) - -func TestEnforceLogDirSizeLimitDeletesOldest(t *testing.T) { - dir := t.TempDir() - - writeLogFile(t, filepath.Join(dir, "old.log"), 60, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "mid.log"), 60, time.Unix(2, 0)) - protected := filepath.Join(dir, "main.log") - writeLogFile(t, protected, 60, time.Unix(3, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 120, protected) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(filepath.Join(dir, "old.log")); !os.IsNotExist(err) { - t.Fatalf("expected old.log to be removed, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "mid.log")); err != nil { - t.Fatalf("expected mid.log to remain, stat error: %v", err) - } - if _, err := os.Stat(protected); err != nil { - t.Fatalf("expected protected main.log to remain, stat error: %v", err) - } -} - -func TestEnforceLogDirSizeLimitSkipsProtected(t *testing.T) { - dir := t.TempDir() - - protected := filepath.Join(dir, "main.log") - writeLogFile(t, protected, 200, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "other.log"), 50, time.Unix(2, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 100, protected) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(protected); err != nil { - t.Fatalf("expected protected main.log to remain, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "other.log")); !os.IsNotExist(err) { - t.Fatalf("expected other.log to be removed, stat error: %v", err) - } -} - -func TestEnforceLogDirSizeLimitIncludesNestedLogFiles(t *testing.T) { - dir := t.TempDir() - - nestedDir := filepath.Join(dir, "2026-02-22") - if err := os.MkdirAll(nestedDir, 0o755); err != nil { - t.Fatalf("mkdir nested dir: %v", err) - } - - writeLogFile(t, filepath.Join(nestedDir, "old.log"), 80, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "new.log"), 80, time.Unix(2, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 100, "") - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(filepath.Join(nestedDir, "old.log")); !os.IsNotExist(err) { - t.Fatalf("expected nested old.log to be removed, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "new.log")); err != nil { - t.Fatalf("expected new.log to remain, stat error: %v", err) - } -} - -func writeLogFile(t *testing.T, path string, size int, modTime time.Time) { - t.Helper() - - data := make([]byte, size) - if err := os.WriteFile(path, data, 0o644); err != nil { - t.Fatalf("write file: %v", err) - } - if err := os.Chtimes(path, modTime, modTime); err != nil { - t.Fatalf("set times: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/request_logger.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/request_logger.go deleted file mode 100644 index 2aebb888cc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/request_logger.go +++ /dev/null @@ -1,1159 +0,0 @@ -// Package logging provides request logging functionality for the CLI Proxy API server. -// It handles capturing and storing detailed HTTP request and response data when enabled -// through configuration, supporting both regular and streaming responses. -package logging - -import ( - "bytes" - "compress/flate" - "compress/gzip" - "fmt" - "io" - "os" - "path/filepath" - "regexp" - "sort" - "strings" - "sync/atomic" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - log "github.com/sirupsen/logrus" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/buildinfo" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" -) - -var requestLogID atomic.Uint64 - -// RequestLogger defines the interface for logging HTTP requests and responses. -// It provides methods for logging both regular and streaming HTTP request/response cycles. -type RequestLogger interface { - // LogRequest logs a complete non-streaming request/response cycle. - // - // Parameters: - // - url: The request URL - // - method: The HTTP method - // - requestHeaders: The request headers - // - body: The request body - // - statusCode: The response status code - // - responseHeaders: The response headers - // - response: The raw response data - // - apiRequest: The API request data - // - apiResponse: The API response data - // - requestID: Optional request ID for log file naming - // - requestTimestamp: When the request was received - // - apiResponseTimestamp: When the API response was received - // - // Returns: - // - error: An error if logging fails, nil otherwise - LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error - - // LogStreamingRequest initiates logging for a streaming request and returns a writer for chunks. - // - // Parameters: - // - url: The request URL - // - method: The HTTP method - // - headers: The request headers - // - body: The request body - // - requestID: Optional request ID for log file naming - // - // Returns: - // - StreamingLogWriter: A writer for streaming response chunks - // - error: An error if logging initialization fails, nil otherwise - LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (StreamingLogWriter, error) - - // IsEnabled returns whether request logging is currently enabled. - // - // Returns: - // - bool: True if logging is enabled, false otherwise - IsEnabled() bool -} - -// StreamingLogWriter handles real-time logging of streaming response chunks. -// It provides methods for writing streaming response data asynchronously. -type StreamingLogWriter interface { - // WriteChunkAsync writes a response chunk asynchronously (non-blocking). - // - // Parameters: - // - chunk: The response chunk to write - WriteChunkAsync(chunk []byte) - - // WriteStatus writes the response status and headers to the log. - // - // Parameters: - // - status: The response status code - // - headers: The response headers - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteStatus(status int, headers map[string][]string) error - - // WriteAPIRequest writes the upstream API request details to the log. - // This should be called before WriteStatus to maintain proper log ordering. - // - // Parameters: - // - apiRequest: The API request data (typically includes URL, headers, body sent upstream) - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteAPIRequest(apiRequest []byte) error - - // WriteAPIResponse writes the upstream API response details to the log. - // This should be called after the streaming response is complete. - // - // Parameters: - // - apiResponse: The API response data - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteAPIResponse(apiResponse []byte) error - - // SetFirstChunkTimestamp sets the TTFB timestamp captured when first chunk was received. - // - // Parameters: - // - timestamp: The time when first response chunk was received - SetFirstChunkTimestamp(timestamp time.Time) - - // Close finalizes the log file and cleans up resources. - // - // Returns: - // - error: An error if closing fails, nil otherwise - Close() error -} - -// FileRequestLogger implements RequestLogger using file-based storage. -// It provides file-based logging functionality for HTTP requests and responses. -type FileRequestLogger struct { - // enabled indicates whether request logging is currently enabled. - enabled bool - - // logsDir is the directory where log files are stored. - logsDir string - - // errorLogsMaxFiles limits the number of error log files retained. - errorLogsMaxFiles int -} - -// NewFileRequestLogger creates a new file-based request logger. -// -// Parameters: -// - enabled: Whether request logging should be enabled -// - logsDir: The directory where log files should be stored (can be relative) -// - configDir: The directory of the configuration file; when logsDir is -// relative, it will be resolved relative to this directory -// - errorLogsMaxFiles: Maximum number of error log files to retain (0 = no cleanup) -// -// Returns: -// - *FileRequestLogger: A new file-based request logger instance -func NewFileRequestLogger(enabled bool, logsDir string, configDir string, errorLogsMaxFiles int) *FileRequestLogger { - // Resolve logsDir relative to the configuration file directory when it's not absolute. - if !filepath.IsAbs(logsDir) { - // If configDir is provided, resolve logsDir relative to it. - if configDir != "" { - logsDir = filepath.Join(configDir, logsDir) - } - } - return &FileRequestLogger{ - enabled: enabled, - logsDir: logsDir, - errorLogsMaxFiles: errorLogsMaxFiles, - } -} - -// IsEnabled returns whether request logging is currently enabled. -// -// Returns: -// - bool: True if logging is enabled, false otherwise -func (l *FileRequestLogger) IsEnabled() bool { - return l.enabled -} - -// SetEnabled updates the request logging enabled state. -// This method allows dynamic enabling/disabling of request logging. -// -// Parameters: -// - enabled: Whether request logging should be enabled -func (l *FileRequestLogger) SetEnabled(enabled bool) { - l.enabled = enabled -} - -// SetErrorLogsMaxFiles updates the maximum number of error log files to retain. -func (l *FileRequestLogger) SetErrorLogsMaxFiles(maxFiles int) { - l.errorLogsMaxFiles = maxFiles -} - -// LogRequest logs a complete non-streaming request/response cycle to a file. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - requestHeaders: The request headers -// - body: The request body -// - statusCode: The response status code -// - responseHeaders: The response headers -// - response: The raw response data -// - apiRequest: The API request data -// - apiResponse: The API response data -// - requestID: Optional request ID for log file naming -// - requestTimestamp: When the request was received -// - apiResponseTimestamp: When the API response was received -// -// Returns: -// - error: An error if logging fails, nil otherwise -func (l *FileRequestLogger) LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - return l.logRequest(url, method, requestHeaders, body, statusCode, responseHeaders, response, apiRequest, apiResponse, apiResponseErrors, false, requestID, requestTimestamp, apiResponseTimestamp) -} - -// LogRequestWithOptions logs a request with optional forced logging behavior. -// The force flag allows writing error logs even when regular request logging is disabled. -func (l *FileRequestLogger) LogRequestWithOptions(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, force bool, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - return l.logRequest(url, method, requestHeaders, body, statusCode, responseHeaders, response, apiRequest, apiResponse, apiResponseErrors, force, requestID, requestTimestamp, apiResponseTimestamp) -} - -func (l *FileRequestLogger) logRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, force bool, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - if !l.enabled && !force { - return nil - } - - // Ensure logs directory exists - if errEnsure := l.ensureLogsDir(); errEnsure != nil { - return fmt.Errorf("failed to create logs directory: %w", errEnsure) - } - - // Generate filename with request ID - filename := l.generateFilename(url, requestID) - if force && !l.enabled { - filename = l.generateErrorFilename(url, requestID) - } - filePath := filepath.Join(l.logsDir, filename) - - requestBodyPath, errTemp := l.writeRequestBodyTempFile(body) - if errTemp != nil { - log.WithError(errTemp).Warn("failed to create request body temp file, falling back to direct write") - } - if requestBodyPath != "" { - defer func() { - if errRemove := os.Remove(requestBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove request body temp file") - } - }() - } - - responseToWrite, decompressErr := l.decompressResponse(responseHeaders, response) - if decompressErr != nil { - // If decompression fails, continue with original response and annotate the log output. - responseToWrite = response - } - - logFile, errOpen := os.OpenFile(filePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) - if errOpen != nil { - return fmt.Errorf("failed to create log file: %w", errOpen) - } - - writeErr := l.writeNonStreamingLog( - logFile, - url, - method, - requestHeaders, - body, - requestBodyPath, - apiRequest, - apiResponse, - apiResponseErrors, - statusCode, - responseHeaders, - responseToWrite, - decompressErr, - requestTimestamp, - apiResponseTimestamp, - ) - if errClose := logFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request log file") - if writeErr == nil { - return errClose - } - } - if writeErr != nil { - return fmt.Errorf("failed to write log file: %w", writeErr) - } - - if force && !l.enabled { - if errCleanup := l.cleanupOldErrorLogs(); errCleanup != nil { - log.WithError(errCleanup).Warn("failed to clean up old error logs") - } - } - - return nil -} - -// LogStreamingRequest initiates logging for a streaming request. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// - requestID: Optional request ID for log file naming -// -// Returns: -// - StreamingLogWriter: A writer for streaming response chunks -// - error: An error if logging initialization fails, nil otherwise -func (l *FileRequestLogger) LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (StreamingLogWriter, error) { - if !l.enabled { - return &NoOpStreamingLogWriter{}, nil - } - - // Ensure logs directory exists - if err := l.ensureLogsDir(); err != nil { - return nil, fmt.Errorf("failed to create logs directory: %w", err) - } - - // Generate filename with request ID - filename := l.generateFilename(url, requestID) - filePath := filepath.Join(l.logsDir, filename) - - requestHeaders := make(map[string][]string, len(headers)) - for key, values := range headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - requestHeaders[key] = headerValues - } - - requestBodyPath, errTemp := l.writeRequestBodyTempFile(body) - if errTemp != nil { - return nil, fmt.Errorf("failed to create request body temp file: %w", errTemp) - } - - responseBodyFile, errCreate := os.CreateTemp(l.logsDir, "response-body-*.tmp") - if errCreate != nil { - _ = os.Remove(requestBodyPath) - return nil, fmt.Errorf("failed to create response body temp file: %w", errCreate) - } - responseBodyPath := responseBodyFile.Name() - - // Create streaming writer - writer := &FileStreamingLogWriter{ - logFilePath: filePath, - url: url, - method: method, - timestamp: time.Now(), - requestHeaders: requestHeaders, - requestBodyPath: requestBodyPath, - responseBodyPath: responseBodyPath, - responseBodyFile: responseBodyFile, - chunkChan: make(chan []byte, 100), // Buffered channel for async writes - closeChan: make(chan struct{}), - errorChan: make(chan error, 1), - } - - // Start async writer goroutine - go writer.asyncWriter() - - return writer, nil -} - -// generateErrorFilename creates a filename with an error prefix to differentiate forced error logs. -func (l *FileRequestLogger) generateErrorFilename(url string, requestID ...string) string { - return fmt.Sprintf("error-%s", l.generateFilename(url, requestID...)) -} - -// ensureLogsDir creates the logs directory if it doesn't exist. -// -// Returns: -// - error: An error if directory creation fails, nil otherwise -func (l *FileRequestLogger) ensureLogsDir() error { - if _, err := os.Stat(l.logsDir); os.IsNotExist(err) { - return os.MkdirAll(l.logsDir, 0755) - } - return nil -} - -// generateFilename creates a sanitized filename from the URL path and current timestamp. -// Format: v1-responses-2025-12-23T195811-a1b2c3d4.log -// -// Parameters: -// - url: The request URL -// - requestID: Optional request ID to include in filename -// -// Returns: -// - string: A sanitized filename for the log file -func (l *FileRequestLogger) generateFilename(url string, requestID ...string) string { - // Extract path from URL - path := url - if strings.Contains(url, "?") { - path = strings.Split(url, "?")[0] - } - - // Remove leading slash - path = strings.TrimPrefix(path, "/") - - // Sanitize path for filename - sanitized := l.sanitizeForFilename(path) - - // Add timestamp - timestamp := time.Now().Format("2006-01-02T150405") - - // Use request ID if provided, otherwise use sequential ID - var idPart string - if len(requestID) > 0 && requestID[0] != "" { - idPart = l.sanitizeForFilename(requestID[0]) - } else { - id := requestLogID.Add(1) - idPart = fmt.Sprintf("%d", id) - } - - return fmt.Sprintf("%s-%s-%s.log", sanitized, timestamp, idPart) -} - -// sanitizeForFilename replaces characters that are not safe for filenames. -// -// Parameters: -// - path: The path to sanitize -// -// Returns: -// - string: A sanitized filename -func (l *FileRequestLogger) sanitizeForFilename(path string) string { - // Replace slashes with hyphens - sanitized := strings.ReplaceAll(path, "/", "-") - - // Replace colons with hyphens - sanitized = strings.ReplaceAll(sanitized, ":", "-") - - // Replace other problematic characters with hyphens - reg := regexp.MustCompile(`[<>:"|?*\s]`) - sanitized = reg.ReplaceAllString(sanitized, "-") - - // Remove multiple consecutive hyphens - reg = regexp.MustCompile(`-+`) - sanitized = reg.ReplaceAllString(sanitized, "-") - - // Remove leading/trailing hyphens - sanitized = strings.Trim(sanitized, "-") - - // Handle empty result - if sanitized == "" { - sanitized = "root" - } - - return sanitized -} - -// cleanupOldErrorLogs keeps only the newest errorLogsMaxFiles forced error log files. -func (l *FileRequestLogger) cleanupOldErrorLogs() error { - if l.errorLogsMaxFiles <= 0 { - return nil - } - - entries, errRead := os.ReadDir(l.logsDir) - if errRead != nil { - return errRead - } - - type logFile struct { - name string - modTime time.Time - } - - var files []logFile - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - log.WithError(errInfo).Warn("failed to read error log info") - continue - } - files = append(files, logFile{name: name, modTime: info.ModTime()}) - } - - if len(files) <= l.errorLogsMaxFiles { - return nil - } - - sort.Slice(files, func(i, j int) bool { - return files[i].modTime.After(files[j].modTime) - }) - - for _, file := range files[l.errorLogsMaxFiles:] { - if errRemove := os.Remove(filepath.Join(l.logsDir, file.name)); errRemove != nil { - log.WithError(errRemove).Warnf("failed to remove old error log: %s", file.name) - } - } - - return nil -} - -func (l *FileRequestLogger) writeRequestBodyTempFile(body []byte) (string, error) { - tmpFile, errCreate := os.CreateTemp(l.logsDir, "request-body-*.tmp") - if errCreate != nil { - return "", errCreate - } - tmpPath := tmpFile.Name() - - if _, errCopy := io.Copy(tmpFile, bytes.NewReader(body)); errCopy != nil { - _ = tmpFile.Close() - _ = os.Remove(tmpPath) - return "", errCopy - } - if errClose := tmpFile.Close(); errClose != nil { - _ = os.Remove(tmpPath) - return "", errClose - } - return tmpPath, nil -} - -func (l *FileRequestLogger) writeNonStreamingLog( - w io.Writer, - url, method string, - requestHeaders map[string][]string, - requestBody []byte, - requestBodyPath string, - apiRequest []byte, - apiResponse []byte, - apiResponseErrors []*interfaces.ErrorMessage, - statusCode int, - responseHeaders map[string][]string, - response []byte, - decompressErr error, - requestTimestamp time.Time, - apiResponseTimestamp time.Time, -) error { - if requestTimestamp.IsZero() { - requestTimestamp = time.Now() - } - if errWrite := writeRequestInfoWithBody(w, url, method, requestHeaders, requestBody, requestBodyPath, requestTimestamp); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(w, "=== API REQUEST ===\n", "=== API REQUEST", apiRequest, time.Time{}); errWrite != nil { - return errWrite - } - if errWrite := writeAPIErrorResponses(w, apiResponseErrors); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(w, "=== API RESPONSE ===\n", "=== API RESPONSE", apiResponse, apiResponseTimestamp); errWrite != nil { - return errWrite - } - return writeResponseSection(w, statusCode, true, responseHeaders, bytes.NewReader(response), decompressErr, true) -} - -func writeRequestInfoWithBody( - w io.Writer, - url, method string, - headers map[string][]string, - body []byte, - bodyPath string, - timestamp time.Time, -) error { - if _, errWrite := io.WriteString(w, "=== REQUEST INFO ===\n"); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Version: %s\n", buildinfo.Version)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("URL: %s\n", url)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Method: %s\n", method)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Timestamp: %s\n", timestamp.Format(time.RFC3339Nano))); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "=== HEADERS ===\n"); errWrite != nil { - return errWrite - } - for key, values := range headers { - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - if _, errWrite := io.WriteString(w, fmt.Sprintf("%s: %s\n", key, masked)); errWrite != nil { - return errWrite - } - } - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "=== REQUEST BODY ===\n"); errWrite != nil { - return errWrite - } - - if bodyPath != "" { - bodyFile, errOpen := os.Open(bodyPath) - if errOpen != nil { - return errOpen - } - if _, errCopy := io.Copy(w, bodyFile); errCopy != nil { - _ = bodyFile.Close() - return errCopy - } - if errClose := bodyFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request body temp file") - } - } else if _, errWrite := w.Write(body); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "\n\n"); errWrite != nil { - return errWrite - } - return nil -} - -func writeAPISection(w io.Writer, sectionHeader string, sectionPrefix string, payload []byte, timestamp time.Time) error { - if len(payload) == 0 { - return nil - } - - if bytes.HasPrefix(payload, []byte(sectionPrefix)) { - if _, errWrite := w.Write(payload); errWrite != nil { - return errWrite - } - if !bytes.HasSuffix(payload, []byte("\n")) { - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - } else { - if _, errWrite := io.WriteString(w, sectionHeader); errWrite != nil { - return errWrite - } - if !timestamp.IsZero() { - if _, errWrite := io.WriteString(w, fmt.Sprintf("Timestamp: %s\n", timestamp.Format(time.RFC3339Nano))); errWrite != nil { - return errWrite - } - } - if _, errWrite := w.Write(payload); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - return nil -} - -func writeAPIErrorResponses(w io.Writer, apiResponseErrors []*interfaces.ErrorMessage) error { - for i := 0; i < len(apiResponseErrors); i++ { - if apiResponseErrors[i] == nil { - continue - } - if _, errWrite := io.WriteString(w, "=== API ERROR RESPONSE ===\n"); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("HTTP Status: %d\n", apiResponseErrors[i].StatusCode)); errWrite != nil { - return errWrite - } - if apiResponseErrors[i].Error != nil { - if _, errWrite := io.WriteString(w, apiResponseErrors[i].Error.Error()); errWrite != nil { - return errWrite - } - } - if _, errWrite := io.WriteString(w, "\n\n"); errWrite != nil { - return errWrite - } - } - return nil -} - -func writeResponseSection(w io.Writer, statusCode int, statusWritten bool, responseHeaders map[string][]string, responseReader io.Reader, decompressErr error, trailingNewline bool) error { - if _, errWrite := io.WriteString(w, "=== RESPONSE ===\n"); errWrite != nil { - return errWrite - } - if statusWritten { - if _, errWrite := io.WriteString(w, fmt.Sprintf("Status: %d\n", statusCode)); errWrite != nil { - return errWrite - } - } - - for key, values := range responseHeaders { - for _, value := range values { - if _, errWrite := io.WriteString(w, fmt.Sprintf("%s: %s\n", key, value)); errWrite != nil { - return errWrite - } - } - } - - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if responseReader != nil { - if _, errCopy := io.Copy(w, responseReader); errCopy != nil { - return errCopy - } - } - if decompressErr != nil { - if _, errWrite := io.WriteString(w, fmt.Sprintf("\n[DECOMPRESSION ERROR: %v]", decompressErr)); errWrite != nil { - return errWrite - } - } - - if trailingNewline { - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - return nil -} - -// decompressResponse decompresses response data based on Content-Encoding header. -// -// Parameters: -// - responseHeaders: The response headers -// - response: The response data to decompress -// -// Returns: -// - []byte: The decompressed response data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressResponse(responseHeaders map[string][]string, response []byte) ([]byte, error) { - if responseHeaders == nil || len(response) == 0 { - return response, nil - } - - // Check Content-Encoding header - var contentEncoding string - for key, values := range responseHeaders { - if strings.ToLower(key) == "content-encoding" && len(values) > 0 { - contentEncoding = strings.ToLower(values[0]) - break - } - } - - switch contentEncoding { - case "gzip": - return l.decompressGzip(response) - case "deflate": - return l.decompressDeflate(response) - case "br": - return l.decompressBrotli(response) - case "zstd": - return l.decompressZstd(response) - default: - // No compression or unsupported compression - return response, nil - } -} - -// decompressGzip decompresses gzip-encoded data. -// -// Parameters: -// - data: The gzip-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressGzip(data []byte) ([]byte, error) { - reader, err := gzip.NewReader(bytes.NewReader(data)) - if err != nil { - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - defer func() { - if errClose := reader.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close gzip reader in request logger") - } - }() - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress gzip data: %w", err) - } - - return decompressed, nil -} - -// decompressDeflate decompresses deflate-encoded data. -// -// Parameters: -// - data: The deflate-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressDeflate(data []byte) ([]byte, error) { - reader := flate.NewReader(bytes.NewReader(data)) - defer func() { - if errClose := reader.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close deflate reader in request logger") - } - }() - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress deflate data: %w", err) - } - - return decompressed, nil -} - -// decompressBrotli decompresses brotli-encoded data. -// -// Parameters: -// - data: The brotli-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressBrotli(data []byte) ([]byte, error) { - reader := brotli.NewReader(bytes.NewReader(data)) - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress brotli data: %w", err) - } - - return decompressed, nil -} - -// decompressZstd decompresses zstd-encoded data. -// -// Parameters: -// - data: The zstd-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressZstd(data []byte) ([]byte, error) { - decoder, err := zstd.NewReader(bytes.NewReader(data)) - if err != nil { - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - defer decoder.Close() - - decompressed, err := io.ReadAll(decoder) - if err != nil { - return nil, fmt.Errorf("failed to decompress zstd data: %w", err) - } - - return decompressed, nil -} - -// FileStreamingLogWriter implements StreamingLogWriter for file-based streaming logs. -// It spools streaming response chunks to a temporary file to avoid retaining large responses in memory. -// The final log file is assembled when Close is called. -type FileStreamingLogWriter struct { - // logFilePath is the final log file path. - logFilePath string - - // url is the request URL (masked upstream in middleware). - url string - - // method is the HTTP method. - method string - - // timestamp is captured when the streaming log is initialized. - timestamp time.Time - - // requestHeaders stores the request headers. - requestHeaders map[string][]string - - // requestBodyPath is a temporary file path holding the request body. - requestBodyPath string - - // responseBodyPath is a temporary file path holding the streaming response body. - responseBodyPath string - - // responseBodyFile is the temp file where chunks are appended by the async writer. - responseBodyFile *os.File - - // chunkChan is a channel for receiving response chunks to spool. - chunkChan chan []byte - - // closeChan is a channel for signaling when the writer is closed. - closeChan chan struct{} - - // errorChan is a channel for reporting errors during writing. - errorChan chan error - - // responseStatus stores the HTTP status code. - responseStatus int - - // statusWritten indicates whether a non-zero status was recorded. - statusWritten bool - - // responseHeaders stores the response headers. - responseHeaders map[string][]string - - // apiRequest stores the upstream API request data. - apiRequest []byte - - // apiResponse stores the upstream API response data. - apiResponse []byte - - // apiResponseTimestamp captures when the API response was received. - apiResponseTimestamp time.Time -} - -// WriteChunkAsync writes a response chunk asynchronously (non-blocking). -// -// Parameters: -// - chunk: The response chunk to write -func (w *FileStreamingLogWriter) WriteChunkAsync(chunk []byte) { - if w.chunkChan == nil { - return - } - - // Make a copy of the chunk to avoid data races - chunkCopy := make([]byte, len(chunk)) - copy(chunkCopy, chunk) - - // Non-blocking send - select { - case w.chunkChan <- chunkCopy: - default: - // Channel is full, skip this chunk to avoid blocking - } -} - -// WriteStatus buffers the response status and headers for later writing. -// -// Parameters: -// - status: The response status code -// - headers: The response headers -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteStatus(status int, headers map[string][]string) error { - if status == 0 { - return nil - } - - w.responseStatus = status - if headers != nil { - w.responseHeaders = make(map[string][]string, len(headers)) - for key, values := range headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - w.responseHeaders[key] = headerValues - } - } - w.statusWritten = true - return nil -} - -// WriteAPIRequest buffers the upstream API request details for later writing. -// -// Parameters: -// - apiRequest: The API request data (typically includes URL, headers, body sent upstream) -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteAPIRequest(apiRequest []byte) error { - if len(apiRequest) == 0 { - return nil - } - w.apiRequest = bytes.Clone(apiRequest) - return nil -} - -// WriteAPIResponse buffers the upstream API response details for later writing. -// -// Parameters: -// - apiResponse: The API response data -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteAPIResponse(apiResponse []byte) error { - if len(apiResponse) == 0 { - return nil - } - w.apiResponse = bytes.Clone(apiResponse) - return nil -} - -func (w *FileStreamingLogWriter) SetFirstChunkTimestamp(timestamp time.Time) { - if !timestamp.IsZero() { - w.apiResponseTimestamp = timestamp - } -} - -// Close finalizes the log file and cleans up resources. -// It writes all buffered data to the file in the correct order: -// API REQUEST -> API RESPONSE -> RESPONSE (status, headers, body chunks) -// -// Returns: -// - error: An error if closing fails, nil otherwise -func (w *FileStreamingLogWriter) Close() error { - if w.chunkChan != nil { - close(w.chunkChan) - } - - // Wait for async writer to finish spooling chunks - if w.closeChan != nil { - <-w.closeChan - w.chunkChan = nil - } - - select { - case errWrite := <-w.errorChan: - w.cleanupTempFiles() - return errWrite - default: - } - - if w.logFilePath == "" { - w.cleanupTempFiles() - return nil - } - - logFile, errOpen := os.OpenFile(w.logFilePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) - if errOpen != nil { - w.cleanupTempFiles() - return fmt.Errorf("failed to create log file: %w", errOpen) - } - - writeErr := w.writeFinalLog(logFile) - if errClose := logFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request log file") - if writeErr == nil { - writeErr = errClose - } - } - - w.cleanupTempFiles() - return writeErr -} - -// asyncWriter runs in a goroutine to buffer chunks from the channel. -// It continuously reads chunks from the channel and appends them to a temp file for later assembly. -func (w *FileStreamingLogWriter) asyncWriter() { - defer close(w.closeChan) - - for chunk := range w.chunkChan { - if w.responseBodyFile == nil { - continue - } - if _, errWrite := w.responseBodyFile.Write(chunk); errWrite != nil { - select { - case w.errorChan <- errWrite: - default: - } - if errClose := w.responseBodyFile.Close(); errClose != nil { - select { - case w.errorChan <- errClose: - default: - } - } - w.responseBodyFile = nil - } - } - - if w.responseBodyFile == nil { - return - } - if errClose := w.responseBodyFile.Close(); errClose != nil { - select { - case w.errorChan <- errClose: - default: - } - } - w.responseBodyFile = nil -} - -func (w *FileStreamingLogWriter) writeFinalLog(logFile *os.File) error { - if errWrite := writeRequestInfoWithBody(logFile, w.url, w.method, w.requestHeaders, nil, w.requestBodyPath, w.timestamp); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(logFile, "=== API REQUEST ===\n", "=== API REQUEST", w.apiRequest, time.Time{}); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(logFile, "=== API RESPONSE ===\n", "=== API RESPONSE", w.apiResponse, w.apiResponseTimestamp); errWrite != nil { - return errWrite - } - - responseBodyFile, errOpen := os.Open(w.responseBodyPath) - if errOpen != nil { - return errOpen - } - defer func() { - if errClose := responseBodyFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close response body temp file") - } - }() - - return writeResponseSection(logFile, w.responseStatus, w.statusWritten, w.responseHeaders, responseBodyFile, nil, false) -} - -func (w *FileStreamingLogWriter) cleanupTempFiles() { - if w.requestBodyPath != "" { - if errRemove := os.Remove(w.requestBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove request body temp file") - } - w.requestBodyPath = "" - } - - if w.responseBodyPath != "" { - if errRemove := os.Remove(w.responseBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove response body temp file") - } - w.responseBodyPath = "" - } -} - -// NoOpStreamingLogWriter is a no-operation implementation for when logging is disabled. -// It implements the StreamingLogWriter interface but performs no actual logging operations. -type NoOpStreamingLogWriter struct{} - -// WriteChunkAsync is a no-op implementation that does nothing. -// -// Parameters: -// - chunk: The response chunk (ignored) -func (w *NoOpStreamingLogWriter) WriteChunkAsync(_ []byte) {} - -// WriteStatus is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - status: The response status code (ignored) -// - headers: The response headers (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteStatus(_ int, _ map[string][]string) error { - return nil -} - -// WriteAPIRequest is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - apiRequest: The API request data (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteAPIRequest(_ []byte) error { - return nil -} - -// WriteAPIResponse is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - apiResponse: The API response data (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteAPIResponse(_ []byte) error { - return nil -} - -func (w *NoOpStreamingLogWriter) SetFirstChunkTimestamp(_ time.Time) {} - -// Close is a no-op implementation that does nothing and always returns nil. -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) Close() error { return nil } diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/request_logger_security_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/request_logger_security_test.go deleted file mode 100644 index 6483597d2b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/request_logger_security_test.go +++ /dev/null @@ -1,27 +0,0 @@ -package logging - -import ( - "path/filepath" - "strings" - "testing" -) - -func TestGenerateFilename_SanitizesRequestIDForPathSafety(t *testing.T) { - t.Parallel() - - logsDir := t.TempDir() - logger := NewFileRequestLogger(true, logsDir, "", 0) - - filename := logger.generateFilename("/v1/responses", "../escape-path") - resolved := filepath.Join(logsDir, filename) - rel, err := filepath.Rel(logsDir, resolved) - if err != nil { - t.Fatalf("filepath.Rel failed: %v", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) { - t.Fatalf("generated filename escaped logs dir: %s", filename) - } - if strings.Contains(filename, "/") { - t.Fatalf("generated filename contains path separator: %s", filename) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/requestid.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/requestid.go deleted file mode 100644 index 8bd045d114..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/logging/requestid.go +++ /dev/null @@ -1,61 +0,0 @@ -package logging - -import ( - "context" - "crypto/rand" - "encoding/hex" - - "github.com/gin-gonic/gin" -) - -// requestIDKey is the context key for storing/retrieving request IDs. -type requestIDKey struct{} - -// ginRequestIDKey is the Gin context key for request IDs. -const ginRequestIDKey = "__request_id__" - -// GenerateRequestID creates a new 8-character hex request ID. -func GenerateRequestID() string { - b := make([]byte, 4) - if _, err := rand.Read(b); err != nil { - return "00000000" - } - return hex.EncodeToString(b) -} - -// WithRequestID returns a new context with the request ID attached. -func WithRequestID(ctx context.Context, requestID string) context.Context { - return context.WithValue(ctx, requestIDKey{}, requestID) -} - -// GetRequestID retrieves the request ID from the context. -// Returns empty string if not found. -func GetRequestID(ctx context.Context) string { - if ctx == nil { - return "" - } - if id, ok := ctx.Value(requestIDKey{}).(string); ok { - return id - } - return "" -} - -// SetGinRequestID stores the request ID in the Gin context. -func SetGinRequestID(c *gin.Context, requestID string) { - if c != nil { - c.Set(ginRequestIDKey, requestID) - } -} - -// GetGinRequestID retrieves the request ID from the Gin context. -func GetGinRequestID(c *gin.Context) string { - if c == nil { - return "" - } - if id, exists := c.Get(ginRequestIDKey); exists { - if s, ok := id.(string); ok { - return s - } - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/managementasset/updater.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/managementasset/updater.go deleted file mode 100644 index 201b179481..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/managementasset/updater.go +++ /dev/null @@ -1,463 +0,0 @@ -package managementasset - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" - "golang.org/x/sync/singleflight" -) - -const ( - defaultManagementReleaseURL = "https://api.github.com/repos/router-for-me/Cli-Proxy-API-Management-Center/releases/latest" - defaultManagementFallbackURL = "https://cpamc.router-for.me/" - managementAssetName = "management.html" - httpUserAgent = "CLIProxyAPI-management-updater" - managementSyncMinInterval = 30 * time.Second - updateCheckInterval = 3 * time.Hour -) - -// ManagementFileName exposes the control panel asset filename. -const ManagementFileName = managementAssetName - -var ( - lastUpdateCheckMu sync.Mutex - lastUpdateCheckTime time.Time - currentConfigPtr atomic.Pointer[config.Config] - schedulerOnce sync.Once - schedulerConfigPath atomic.Value - sfGroup singleflight.Group -) - -// SetCurrentConfig stores the latest configuration snapshot for management asset decisions. -func SetCurrentConfig(cfg *config.Config) { - if cfg == nil { - currentConfigPtr.Store(nil) - return - } - currentConfigPtr.Store(cfg) -} - -// StartAutoUpdater launches a background goroutine that periodically ensures the management asset is up to date. -// It respects the disable-control-panel flag on every iteration and supports hot-reloaded configurations. -func StartAutoUpdater(ctx context.Context, configFilePath string) { - configFilePath = strings.TrimSpace(configFilePath) - if configFilePath == "" { - log.Debug("management asset auto-updater skipped: empty config path") - return - } - - schedulerConfigPath.Store(configFilePath) - - schedulerOnce.Do(func() { - go runAutoUpdater(ctx) - }) -} - -func runAutoUpdater(ctx context.Context) { - if ctx == nil { - ctx = context.Background() - } - - ticker := time.NewTicker(updateCheckInterval) - defer ticker.Stop() - - runOnce := func() { - cfg := currentConfigPtr.Load() - if cfg == nil { - log.Debug("management asset auto-updater skipped: config not yet available") - return - } - if cfg.RemoteManagement.DisableControlPanel { - log.Debug("management asset auto-updater skipped: control panel disabled") - return - } - - configPath, _ := schedulerConfigPath.Load().(string) - staticDir := StaticDir(configPath) - EnsureLatestManagementHTML(ctx, staticDir, cfg.ProxyURL, cfg.RemoteManagement.PanelGitHubRepository) - } - - runOnce() - - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - runOnce() - } - } -} - -func newHTTPClient(proxyURL string) *http.Client { - client := &http.Client{Timeout: 15 * time.Second} - - sdkCfg := &sdkconfig.SDKConfig{ProxyURL: strings.TrimSpace(proxyURL)} - util.SetProxy(sdkCfg, client) - - return client -} - -type releaseAsset struct { - Name string `json:"name"` - BrowserDownloadURL string `json:"browser_download_url"` - Digest string `json:"digest"` -} - -type releaseResponse struct { - Assets []releaseAsset `json:"assets"` -} - -// StaticDir resolves the directory that stores the management control panel asset. -func StaticDir(configFilePath string) string { - if override := strings.TrimSpace(os.Getenv("MANAGEMENT_STATIC_PATH")); override != "" { - cleaned := filepath.Clean(override) - if strings.EqualFold(filepath.Base(cleaned), managementAssetName) { - return filepath.Dir(cleaned) - } - return cleaned - } - - if writable := util.WritablePath(); writable != "" { - return filepath.Join(writable, "static") - } - - configFilePath = strings.TrimSpace(configFilePath) - if configFilePath == "" { - return "" - } - - base := filepath.Dir(configFilePath) - fileInfo, err := os.Stat(configFilePath) - if err == nil { - if fileInfo.IsDir() { - base = configFilePath - } - } - - return filepath.Join(base, "static") -} - -// FilePath resolves the absolute path to the management control panel asset. -func FilePath(configFilePath string) string { - if override := strings.TrimSpace(os.Getenv("MANAGEMENT_STATIC_PATH")); override != "" { - cleaned := filepath.Clean(override) - if strings.EqualFold(filepath.Base(cleaned), managementAssetName) { - return cleaned - } - return filepath.Join(cleaned, ManagementFileName) - } - - dir := StaticDir(configFilePath) - if dir == "" { - return "" - } - return filepath.Join(dir, ManagementFileName) -} - -// EnsureLatestManagementHTML checks the latest management.html asset and updates the local copy when needed. -// It coalesces concurrent sync attempts and returns whether the asset exists after the sync attempt. -func EnsureLatestManagementHTML(ctx context.Context, staticDir string, proxyURL string, panelRepository string) bool { - if ctx == nil { - ctx = context.Background() - } - - staticDir = strings.TrimSpace(staticDir) - if staticDir == "" { - log.Debug("management asset sync skipped: empty static directory") - return false - } - localPath := filepath.Join(staticDir, managementAssetName) - - _, _, _ = sfGroup.Do(localPath, func() (interface{}, error) { - lastUpdateCheckMu.Lock() - now := time.Now() - timeSinceLastAttempt := now.Sub(lastUpdateCheckTime) - if !lastUpdateCheckTime.IsZero() && timeSinceLastAttempt < managementSyncMinInterval { - lastUpdateCheckMu.Unlock() - log.Debugf( - "management asset sync skipped by throttle: last attempt %v ago (interval %v)", - timeSinceLastAttempt.Round(time.Second), - managementSyncMinInterval, - ) - return nil, nil - } - lastUpdateCheckTime = now - lastUpdateCheckMu.Unlock() - - localFileMissing := false - if _, errStat := os.Stat(localPath); errStat != nil { - if errors.Is(errStat, os.ErrNotExist) { - localFileMissing = true - } else { - log.WithError(errStat).Debug("failed to stat local management asset") - } - } - - if errMkdirAll := os.MkdirAll(staticDir, 0o755); errMkdirAll != nil { - log.WithError(errMkdirAll).Warn("failed to prepare static directory for management asset") - return nil, nil - } - - releaseURL := resolveReleaseURL(panelRepository) - client := newHTTPClient(proxyURL) - - localHash, err := fileSHA256(localPath) - if err != nil { - if !errors.Is(err, os.ErrNotExist) { - log.WithError(err).Debug("failed to read local management asset hash") - } - localHash = "" - } - - asset, remoteHash, err := fetchLatestAsset(ctx, client, releaseURL) - if err != nil { - if localFileMissing { - log.WithError(err).Warn("failed to fetch latest management release information, trying fallback page") - if ensureFallbackManagementHTML(ctx, client, localPath) { - return nil, nil - } - return nil, nil - } - log.WithError(err).Warn("failed to fetch latest management release information") - return nil, nil - } - - if remoteHash != "" && localHash != "" && strings.EqualFold(remoteHash, localHash) { - log.Debug("management asset is already up to date") - return nil, nil - } - - data, downloadedHash, err := downloadAsset(ctx, client, asset.BrowserDownloadURL) - if err != nil { - if localFileMissing { - log.WithError(err).Warn("failed to download management asset, trying fallback page") - if ensureFallbackManagementHTML(ctx, client, localPath) { - return nil, nil - } - return nil, nil - } - log.WithError(err).Warn("failed to download management asset") - return nil, nil - } - - if remoteHash != "" && !strings.EqualFold(remoteHash, downloadedHash) { - log.Warnf("remote digest mismatch for management asset: expected %s got %s", remoteHash, downloadedHash) - } - - if err = atomicWriteFile(localPath, data); err != nil { - log.WithError(err).Warn("failed to update management asset on disk") - return nil, nil - } - - log.Infof("management asset updated successfully (hash=%s)", downloadedHash) - return nil, nil - }) - - _, err := os.Stat(localPath) - return err == nil -} - -func ensureFallbackManagementHTML(ctx context.Context, client *http.Client, localPath string) bool { - data, downloadedHash, err := downloadAsset(ctx, client, defaultManagementFallbackURL) - if err != nil { - log.WithError(err).Warn("failed to download fallback management control panel page") - return false - } - - if err = atomicWriteFile(localPath, data); err != nil { - log.WithError(err).Warn("failed to persist fallback management control panel page") - return false - } - - log.Infof("management asset updated from fallback page successfully (hash=%s)", downloadedHash) - return true -} - -func resolveReleaseURL(repo string) string { - repo = strings.TrimSpace(repo) - if repo == "" { - return defaultManagementReleaseURL - } - - parsed, err := url.Parse(repo) - if err != nil || parsed.Host == "" { - return defaultManagementReleaseURL - } - - host := strings.ToLower(parsed.Host) - parsed.Path = strings.TrimSuffix(parsed.Path, "/") - - if host == "api.github.com" { - if !strings.HasSuffix(strings.ToLower(parsed.Path), "/releases/latest") { - parsed.Path = parsed.Path + "/releases/latest" - } - return parsed.String() - } - - if host == "github.com" { - parts := strings.Split(strings.Trim(parsed.Path, "/"), "/") - if len(parts) >= 2 && parts[0] != "" && parts[1] != "" { - repoName := strings.TrimSuffix(parts[1], ".git") - return fmt.Sprintf("https://api.github.com/repos/%s/%s/releases/latest", parts[0], repoName) - } - } - - return defaultManagementReleaseURL -} - -func fetchLatestAsset(ctx context.Context, client *http.Client, releaseURL string) (*releaseAsset, string, error) { - if strings.TrimSpace(releaseURL) == "" { - releaseURL = defaultManagementReleaseURL - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, releaseURL, nil) - if err != nil { - return nil, "", fmt.Errorf("create release request: %w", err) - } - req.Header.Set("Accept", "application/vnd.github+json") - req.Header.Set("User-Agent", httpUserAgent) - gitURL := strings.ToLower(strings.TrimSpace(os.Getenv("GITSTORE_GIT_URL"))) - if tok := strings.TrimSpace(os.Getenv("GITSTORE_GIT_TOKEN")); tok != "" && strings.Contains(gitURL, "github.com") { - req.Header.Set("Authorization", "Bearer "+tok) - } - - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("execute release request: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - return nil, "", fmt.Errorf("unexpected release status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var release releaseResponse - if err = json.NewDecoder(resp.Body).Decode(&release); err != nil { - return nil, "", fmt.Errorf("decode release response: %w", err) - } - - for i := range release.Assets { - asset := &release.Assets[i] - if strings.EqualFold(asset.Name, managementAssetName) { - remoteHash := parseDigest(asset.Digest) - return asset, remoteHash, nil - } - } - - return nil, "", fmt.Errorf("management asset %s not found in latest release", managementAssetName) -} - -func downloadAsset(ctx context.Context, client *http.Client, downloadURL string) ([]byte, string, error) { - if strings.TrimSpace(downloadURL) == "" { - return nil, "", fmt.Errorf("empty download url") - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, nil) - if err != nil { - return nil, "", fmt.Errorf("create download request: %w", err) - } - req.Header.Set("User-Agent", httpUserAgent) - - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("execute download request: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - return nil, "", fmt.Errorf("unexpected download status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil, "", fmt.Errorf("read download body: %w", err) - } - - sum := sha256.Sum256(data) - return data, hex.EncodeToString(sum[:]), nil -} - -func fileSHA256(path string) (string, error) { - file, err := os.Open(path) - if err != nil { - return "", err - } - defer func() { - _ = file.Close() - }() - - h := sha256.New() - if _, err = io.Copy(h, file); err != nil { - return "", err - } - - return hex.EncodeToString(h.Sum(nil)), nil -} - -func atomicWriteFile(path string, data []byte) error { - tmpFile, err := os.CreateTemp(filepath.Dir(path), "management-*.html") - if err != nil { - return err - } - - tmpName := tmpFile.Name() - defer func() { - _ = tmpFile.Close() - _ = os.Remove(tmpName) - }() - - if _, err = tmpFile.Write(data); err != nil { - return err - } - - if err = tmpFile.Chmod(0o644); err != nil { - return err - } - - if err = tmpFile.Close(); err != nil { - return err - } - - if err = os.Rename(tmpName, path); err != nil { - return err - } - - return nil -} - -func parseDigest(digest string) string { - digest = strings.TrimSpace(digest) - if digest == "" { - return "" - } - - if idx := strings.Index(digest, ":"); idx >= 0 { - digest = digest[idx+1:] - } - - return strings.ToLower(strings.TrimSpace(digest)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/claude_code_instructions.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/claude_code_instructions.go deleted file mode 100644 index 329fc16f87..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/claude_code_instructions.go +++ /dev/null @@ -1,13 +0,0 @@ -// Package misc provides miscellaneous utility functions and embedded data for the CLI Proxy API. -// This package contains general-purpose helpers and embedded resources that do not fit into -// more specific domain packages. It includes embedded instructional text for Claude Code-related operations. -package misc - -import _ "embed" - -// ClaudeCodeInstructions holds the content of the claude_code_instructions.txt file, -// which is embedded into the application binary at compile time. This variable -// contains specific instructions for Claude Code model interactions and code generation guidance. -// -//go:embed claude_code_instructions.txt -var ClaudeCodeInstructions string diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/claude_code_instructions.txt b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/claude_code_instructions.txt deleted file mode 100644 index 25bf2ab720..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/claude_code_instructions.txt +++ /dev/null @@ -1 +0,0 @@ -[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude.","cache_control":{"type":"ephemeral"}}] \ No newline at end of file diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/copy-example-config.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/copy-example-config.go deleted file mode 100644 index 61a25fe449..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/copy-example-config.go +++ /dev/null @@ -1,40 +0,0 @@ -package misc - -import ( - "io" - "os" - "path/filepath" - - log "github.com/sirupsen/logrus" -) - -func CopyConfigTemplate(src, dst string) error { - in, err := os.Open(src) - if err != nil { - return err - } - defer func() { - if errClose := in.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close source config file") - } - }() - - if err = os.MkdirAll(filepath.Dir(dst), 0o700); err != nil { - return err - } - - out, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600) - if err != nil { - return err - } - defer func() { - if errClose := out.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close destination config file") - } - }() - - if _, err = io.Copy(out, in); err != nil { - return err - } - return out.Sync() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/credentials.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/credentials.go deleted file mode 100644 index 86225ff7ae..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/credentials.go +++ /dev/null @@ -1,45 +0,0 @@ -package misc - -import ( - "fmt" - "path/filepath" - "strings" - - log "github.com/sirupsen/logrus" -) - -// Separator used to visually group related log lines. -var credentialSeparator = strings.Repeat("-", 67) - -// LogSavingCredentials emits a consistent log message when persisting auth material. -func LogSavingCredentials(path string) { - if path == "" { - return - } - // Use filepath.Clean so logs remain stable even if callers pass redundant separators. - fmt.Printf("Saving credentials to %s\n", filepath.Clean(path)) -} - -// LogCredentialSeparator adds a visual separator to group auth/key processing logs. -func LogCredentialSeparator() { - log.Debug(credentialSeparator) -} - -// ValidateCredentialPath rejects unsafe credential file paths and returns a cleaned path. -func ValidateCredentialPath(path string) (string, error) { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "", fmt.Errorf("credential path is empty") - } - if strings.ContainsRune(trimmed, '\x00') { - return "", fmt.Errorf("credential path contains NUL byte") - } - cleaned := filepath.Clean(trimmed) - if cleaned == "." { - return "", fmt.Errorf("credential path is invalid") - } - if cleaned != trimmed { - return "", fmt.Errorf("credential path must be clean and traversal-free") - } - return cleaned, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/header_utils.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/header_utils.go deleted file mode 100644 index c6279a4cb1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/header_utils.go +++ /dev/null @@ -1,37 +0,0 @@ -// Package misc provides miscellaneous utility functions for the CLI Proxy API server. -// It includes helper functions for HTTP header manipulation and other common operations -// that don't fit into more specific packages. -package misc - -import ( - "net/http" - "strings" -) - -// EnsureHeader ensures that a header exists in the target header map by checking -// multiple sources in order of priority: source headers, existing target headers, -// and finally the default value. It only sets the header if it's not already present -// and the value is not empty after trimming whitespace. -// -// Parameters: -// - target: The target header map to modify -// - source: The source header map to check first (can be nil) -// - key: The header key to ensure -// - defaultValue: The default value to use if no other source provides a value -func EnsureHeader(target http.Header, source http.Header, key, defaultValue string) { - if target == nil { - return - } - if source != nil { - if val := strings.TrimSpace(source.Get(key)); val != "" { - target.Set(key, val) - return - } - } - if strings.TrimSpace(target.Get(key)) != "" { - return - } - if val := strings.TrimSpace(defaultValue); val != "" { - target.Set(key, val) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/mime-type.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/mime-type.go deleted file mode 100644 index 6c7fcafd60..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/mime-type.go +++ /dev/null @@ -1,743 +0,0 @@ -// Package misc provides miscellaneous utility functions and embedded data for the CLI Proxy API. -// This package contains general-purpose helpers and embedded resources that do not fit into -// more specific domain packages. It includes a comprehensive MIME type mapping for file operations. -package misc - -// MimeTypes is a comprehensive map of file extensions to their corresponding MIME types. -// This map is used to determine the Content-Type header for file uploads and other -// operations where the MIME type needs to be identified from a file extension. -// The list is extensive to cover a wide range of common and uncommon file formats. -var MimeTypes = map[string]string{ - "ez": "application/andrew-inset", - "aw": "application/applixware", - "atom": "application/atom+xml", - "atomcat": "application/atomcat+xml", - "atomsvc": "application/atomsvc+xml", - "ccxml": "application/ccxml+xml", - "cdmia": "application/cdmi-capability", - "cdmic": "application/cdmi-container", - "cdmid": "application/cdmi-domain", - "cdmio": "application/cdmi-object", - "cdmiq": "application/cdmi-queue", - "cu": "application/cu-seeme", - "davmount": "application/davmount+xml", - "dbk": "application/docbook+xml", - "dssc": "application/dssc+der", - "xdssc": "application/dssc+xml", - "ecma": "application/ecmascript", - "emma": "application/emma+xml", - "epub": "application/epub+zip", - "exi": "application/exi", - "pfr": "application/font-tdpfr", - "gml": "application/gml+xml", - "gpx": "application/gpx+xml", - "gxf": "application/gxf", - "stk": "application/hyperstudio", - "ink": "application/inkml+xml", - "ipfix": "application/ipfix", - "jar": "application/java-archive", - "ser": "application/java-serialized-object", - "class": "application/java-vm", - "js": "application/javascript", - "json": "application/json", - "jsonml": "application/jsonml+json", - "lostxml": "application/lost+xml", - "hqx": "application/mac-binhex40", - "cpt": "application/mac-compactpro", - "mads": "application/mads+xml", - "mrc": "application/marc", - "mrcx": "application/marcxml+xml", - "ma": "application/mathematica", - "mathml": "application/mathml+xml", - "mbox": "application/mbox", - "mscml": "application/mediaservercontrol+xml", - "metalink": "application/metalink+xml", - "meta4": "application/metalink4+xml", - "mets": "application/mets+xml", - "mods": "application/mods+xml", - "m21": "application/mp21", - "mp4s": "application/mp4", - "doc": "application/msword", - "mxf": "application/mxf", - "bin": "application/octet-stream", - "oda": "application/oda", - "opf": "application/oebps-package+xml", - "ogx": "application/ogg", - "omdoc": "application/omdoc+xml", - "onepkg": "application/onenote", - "oxps": "application/oxps", - "xer": "application/patch-ops-error+xml", - "pdf": "application/pdf", - "pgp": "application/pgp-encrypted", - "asc": "application/pgp-signature", - "prf": "application/pics-rules", - "p10": "application/pkcs10", - "p7c": "application/pkcs7-mime", - "p7s": "application/pkcs7-signature", - "p8": "application/pkcs8", - "ac": "application/pkix-attr-cert", - "cer": "application/pkix-cert", - "crl": "application/pkix-crl", - "pkipath": "application/pkix-pkipath", - "pki": "application/pkixcmp", - "pls": "application/pls+xml", - "ai": "application/postscript", - "cww": "application/prs.cww", - "pskcxml": "application/pskc+xml", - "rdf": "application/rdf+xml", - "rif": "application/reginfo+xml", - "rnc": "application/relax-ng-compact-syntax", - "rld": "application/resource-lists-diff+xml", - "rl": "application/resource-lists+xml", - "rs": "application/rls-services+xml", - "gbr": "application/rpki-ghostbusters", - "mft": "application/rpki-manifest", - "roa": "application/rpki-roa", - "rsd": "application/rsd+xml", - "rss": "application/rss+xml", - "rtf": "application/rtf", - "sbml": "application/sbml+xml", - "scq": "application/scvp-cv-request", - "scs": "application/scvp-cv-response", - "spq": "application/scvp-vp-request", - "spp": "application/scvp-vp-response", - "sdp": "application/sdp", - "setpay": "application/set-payment-initiation", - "setreg": "application/set-registration-initiation", - "shf": "application/shf+xml", - "smi": "application/smil+xml", - "rq": "application/sparql-query", - "srx": "application/sparql-results+xml", - "gram": "application/srgs", - "grxml": "application/srgs+xml", - "sru": "application/sru+xml", - "ssdl": "application/ssdl+xml", - "ssml": "application/ssml+xml", - "tei": "application/tei+xml", - "tfi": "application/thraud+xml", - "tsd": "application/timestamped-data", - "plb": "application/vnd.3gpp.pic-bw-large", - "psb": "application/vnd.3gpp.pic-bw-small", - "pvb": "application/vnd.3gpp.pic-bw-var", - "tcap": "application/vnd.3gpp2.tcap", - "pwn": "application/vnd.3m.post-it-notes", - "aso": "application/vnd.accpac.simply.aso", - "imp": "application/vnd.accpac.simply.imp", - "acu": "application/vnd.acucobol", - "acutc": "application/vnd.acucorp", - "air": "application/vnd.adobe.air-application-installer-package+zip", - "fcdt": "application/vnd.adobe.formscentral.fcdt", - "fxp": "application/vnd.adobe.fxp", - "xdp": "application/vnd.adobe.xdp+xml", - "xfdf": "application/vnd.adobe.xfdf", - "ahead": "application/vnd.ahead.space", - "azf": "application/vnd.airzip.filesecure.azf", - "azs": "application/vnd.airzip.filesecure.azs", - "azw": "application/vnd.amazon.ebook", - "acc": "application/vnd.americandynamics.acc", - "ami": "application/vnd.amiga.ami", - "apk": "application/vnd.android.package-archive", - "cii": "application/vnd.anser-web-certificate-issue-initiation", - "fti": "application/vnd.anser-web-funds-transfer-initiation", - "atx": "application/vnd.antix.game-component", - "mpkg": "application/vnd.apple.installer+xml", - "m3u8": "application/vnd.apple.mpegurl", - "swi": "application/vnd.aristanetworks.swi", - "iota": "application/vnd.astraea-software.iota", - "aep": "application/vnd.audiograph", - "mpm": "application/vnd.blueice.multipass", - "bmi": "application/vnd.bmi", - "rep": "application/vnd.businessobjects", - "cdxml": "application/vnd.chemdraw+xml", - "mmd": "application/vnd.chipnuts.karaoke-mmd", - "cdy": "application/vnd.cinderella", - "cla": "application/vnd.claymore", - "rp9": "application/vnd.cloanto.rp9", - "c4d": "application/vnd.clonk.c4group", - "c11amc": "application/vnd.cluetrust.cartomobile-config", - "c11amz": "application/vnd.cluetrust.cartomobile-config-pkg", - "csp": "application/vnd.commonspace", - "cdbcmsg": "application/vnd.contact.cmsg", - "cmc": "application/vnd.cosmocaller", - "clkx": "application/vnd.crick.clicker", - "clkk": "application/vnd.crick.clicker.keyboard", - "clkp": "application/vnd.crick.clicker.palette", - "clkt": "application/vnd.crick.clicker.template", - "clkw": "application/vnd.crick.clicker.wordbank", - "wbs": "application/vnd.criticaltools.wbs+xml", - "pml": "application/vnd.ctc-posml", - "ppd": "application/vnd.cups-ppd", - "car": "application/vnd.curl.car", - "pcurl": "application/vnd.curl.pcurl", - "dart": "application/vnd.dart", - "rdz": "application/vnd.data-vision.rdz", - "uvd": "application/vnd.dece.data", - "fe_launch": "application/vnd.denovo.fcselayout-link", - "dna": "application/vnd.dna", - "mlp": "application/vnd.dolby.mlp", - "dpg": "application/vnd.dpgraph", - "dfac": "application/vnd.dreamfactory", - "kpxx": "application/vnd.ds-keypoint", - "ait": "application/vnd.dvb.ait", - "svc": "application/vnd.dvb.service", - "geo": "application/vnd.dynageo", - "mag": "application/vnd.ecowin.chart", - "nml": "application/vnd.enliven", - "esf": "application/vnd.epson.esf", - "msf": "application/vnd.epson.msf", - "qam": "application/vnd.epson.quickanime", - "slt": "application/vnd.epson.salt", - "ssf": "application/vnd.epson.ssf", - "es3": "application/vnd.eszigno3+xml", - "ez2": "application/vnd.ezpix-album", - "ez3": "application/vnd.ezpix-package", - "fdf": "application/vnd.fdf", - "mseed": "application/vnd.fdsn.mseed", - "dataless": "application/vnd.fdsn.seed", - "gph": "application/vnd.flographit", - "ftc": "application/vnd.fluxtime.clip", - "book": "application/vnd.framemaker", - "fnc": "application/vnd.frogans.fnc", - "ltf": "application/vnd.frogans.ltf", - "fsc": "application/vnd.fsc.weblaunch", - "oas": "application/vnd.fujitsu.oasys", - "oa2": "application/vnd.fujitsu.oasys2", - "oa3": "application/vnd.fujitsu.oasys3", - "fg5": "application/vnd.fujitsu.oasysgp", - "bh2": "application/vnd.fujitsu.oasysprs", - "ddd": "application/vnd.fujixerox.ddd", - "xdw": "application/vnd.fujixerox.docuworks", - "xbd": "application/vnd.fujixerox.docuworks.binder", - "fzs": "application/vnd.fuzzysheet", - "txd": "application/vnd.genomatix.tuxedo", - "ggb": "application/vnd.geogebra.file", - "ggt": "application/vnd.geogebra.tool", - "gex": "application/vnd.geometry-explorer", - "gxt": "application/vnd.geonext", - "g2w": "application/vnd.geoplan", - "g3w": "application/vnd.geospace", - "gmx": "application/vnd.gmx", - "kml": "application/vnd.google-earth.kml+xml", - "kmz": "application/vnd.google-earth.kmz", - "gqf": "application/vnd.grafeq", - "gac": "application/vnd.groove-account", - "ghf": "application/vnd.groove-help", - "gim": "application/vnd.groove-identity-message", - "grv": "application/vnd.groove-injector", - "gtm": "application/vnd.groove-tool-message", - "tpl": "application/vnd.groove-tool-template", - "vcg": "application/vnd.groove-vcard", - "hal": "application/vnd.hal+xml", - "zmm": "application/vnd.handheld-entertainment+xml", - "hbci": "application/vnd.hbci", - "les": "application/vnd.hhe.lesson-player", - "hpgl": "application/vnd.hp-hpgl", - "hpid": "application/vnd.hp-hpid", - "hps": "application/vnd.hp-hps", - "jlt": "application/vnd.hp-jlyt", - "pcl": "application/vnd.hp-pcl", - "pclxl": "application/vnd.hp-pclxl", - "sfd-hdstx": "application/vnd.hydrostatix.sof-data", - "mpy": "application/vnd.ibm.minipay", - "afp": "application/vnd.ibm.modcap", - "irm": "application/vnd.ibm.rights-management", - "sc": "application/vnd.ibm.secure-container", - "icc": "application/vnd.iccprofile", - "igl": "application/vnd.igloader", - "ivp": "application/vnd.immervision-ivp", - "ivu": "application/vnd.immervision-ivu", - "igm": "application/vnd.insors.igm", - "xpw": "application/vnd.intercon.formnet", - "i2g": "application/vnd.intergeo", - "qbo": "application/vnd.intu.qbo", - "qfx": "application/vnd.intu.qfx", - "rcprofile": "application/vnd.ipunplugged.rcprofile", - "irp": "application/vnd.irepository.package+xml", - "xpr": "application/vnd.is-xpr", - "fcs": "application/vnd.isac.fcs", - "jam": "application/vnd.jam", - "rms": "application/vnd.jcp.javame.midlet-rms", - "jisp": "application/vnd.jisp", - "joda": "application/vnd.joost.joda-archive", - "ktr": "application/vnd.kahootz", - "karbon": "application/vnd.kde.karbon", - "chrt": "application/vnd.kde.kchart", - "kfo": "application/vnd.kde.kformula", - "flw": "application/vnd.kde.kivio", - "kon": "application/vnd.kde.kontour", - "kpr": "application/vnd.kde.kpresenter", - "ksp": "application/vnd.kde.kspread", - "kwd": "application/vnd.kde.kword", - "htke": "application/vnd.kenameaapp", - "kia": "application/vnd.kidspiration", - "kne": "application/vnd.kinar", - "skd": "application/vnd.koan", - "sse": "application/vnd.kodak-descriptor", - "lasxml": "application/vnd.las.las+xml", - "lbd": "application/vnd.llamagraphics.life-balance.desktop", - "lbe": "application/vnd.llamagraphics.life-balance.exchange+xml", - "123": "application/vnd.lotus-1-2-3", - "apr": "application/vnd.lotus-approach", - "pre": "application/vnd.lotus-freelance", - "nsf": "application/vnd.lotus-notes", - "org": "application/vnd.lotus-organizer", - "scm": "application/vnd.lotus-screencam", - "lwp": "application/vnd.lotus-wordpro", - "portpkg": "application/vnd.macports.portpkg", - "mcd": "application/vnd.mcd", - "mc1": "application/vnd.medcalcdata", - "cdkey": "application/vnd.mediastation.cdkey", - "mwf": "application/vnd.mfer", - "mfm": "application/vnd.mfmp", - "flo": "application/vnd.micrografx.flo", - "igx": "application/vnd.micrografx.igx", - "mif": "application/vnd.mif", - "daf": "application/vnd.mobius.daf", - "dis": "application/vnd.mobius.dis", - "mbk": "application/vnd.mobius.mbk", - "mqy": "application/vnd.mobius.mqy", - "msl": "application/vnd.mobius.msl", - "plc": "application/vnd.mobius.plc", - "txf": "application/vnd.mobius.txf", - "mpn": "application/vnd.mophun.application", - "mpc": "application/vnd.mophun.certificate", - "xul": "application/vnd.mozilla.xul+xml", - "cil": "application/vnd.ms-artgalry", - "cab": "application/vnd.ms-cab-compressed", - "xls": "application/vnd.ms-excel", - "xlam": "application/vnd.ms-excel.addin.macroenabled.12", - "xlsb": "application/vnd.ms-excel.sheet.binary.macroenabled.12", - "xlsm": "application/vnd.ms-excel.sheet.macroenabled.12", - "xltm": "application/vnd.ms-excel.template.macroenabled.12", - "eot": "application/vnd.ms-fontobject", - "chm": "application/vnd.ms-htmlhelp", - "ims": "application/vnd.ms-ims", - "lrm": "application/vnd.ms-lrm", - "thmx": "application/vnd.ms-officetheme", - "cat": "application/vnd.ms-pki.seccat", - "stl": "application/vnd.ms-pki.stl", - "ppt": "application/vnd.ms-powerpoint", - "ppam": "application/vnd.ms-powerpoint.addin.macroenabled.12", - "pptm": "application/vnd.ms-powerpoint.presentation.macroenabled.12", - "sldm": "application/vnd.ms-powerpoint.slide.macroenabled.12", - "ppsm": "application/vnd.ms-powerpoint.slideshow.macroenabled.12", - "potm": "application/vnd.ms-powerpoint.template.macroenabled.12", - "mpp": "application/vnd.ms-project", - "docm": "application/vnd.ms-word.document.macroenabled.12", - "dotm": "application/vnd.ms-word.template.macroenabled.12", - "wps": "application/vnd.ms-works", - "wpl": "application/vnd.ms-wpl", - "xps": "application/vnd.ms-xpsdocument", - "mseq": "application/vnd.mseq", - "mus": "application/vnd.musician", - "msty": "application/vnd.muvee.style", - "taglet": "application/vnd.mynfc", - "nlu": "application/vnd.neurolanguage.nlu", - "nitf": "application/vnd.nitf", - "nnd": "application/vnd.noblenet-directory", - "nns": "application/vnd.noblenet-sealer", - "nnw": "application/vnd.noblenet-web", - "ngdat": "application/vnd.nokia.n-gage.data", - "n-gage": "application/vnd.nokia.n-gage.symbian.install", - "rpst": "application/vnd.nokia.radio-preset", - "rpss": "application/vnd.nokia.radio-presets", - "edm": "application/vnd.novadigm.edm", - "edx": "application/vnd.novadigm.edx", - "ext": "application/vnd.novadigm.ext", - "odc": "application/vnd.oasis.opendocument.chart", - "otc": "application/vnd.oasis.opendocument.chart-template", - "odb": "application/vnd.oasis.opendocument.database", - "odf": "application/vnd.oasis.opendocument.formula", - "odft": "application/vnd.oasis.opendocument.formula-template", - "odg": "application/vnd.oasis.opendocument.graphics", - "otg": "application/vnd.oasis.opendocument.graphics-template", - "odi": "application/vnd.oasis.opendocument.image", - "oti": "application/vnd.oasis.opendocument.image-template", - "odp": "application/vnd.oasis.opendocument.presentation", - "otp": "application/vnd.oasis.opendocument.presentation-template", - "ods": "application/vnd.oasis.opendocument.spreadsheet", - "ots": "application/vnd.oasis.opendocument.spreadsheet-template", - "odt": "application/vnd.oasis.opendocument.text", - "odm": "application/vnd.oasis.opendocument.text-master", - "ott": "application/vnd.oasis.opendocument.text-template", - "oth": "application/vnd.oasis.opendocument.text-web", - "xo": "application/vnd.olpc-sugar", - "dd2": "application/vnd.oma.dd2+xml", - "oxt": "application/vnd.openofficeorg.extension", - "pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation", - "sldx": "application/vnd.openxmlformats-officedocument.presentationml.slide", - "ppsx": "application/vnd.openxmlformats-officedocument.presentationml.slideshow", - "potx": "application/vnd.openxmlformats-officedocument.presentationml.template", - "xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", - "xltx": "application/vnd.openxmlformats-officedocument.spreadsheetml.template", - "docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", - "dotx": "application/vnd.openxmlformats-officedocument.wordprocessingml.template", - "mgp": "application/vnd.osgeo.mapguide.package", - "dp": "application/vnd.osgi.dp", - "esa": "application/vnd.osgi.subsystem", - "oprc": "application/vnd.palm", - "paw": "application/vnd.pawaafile", - "str": "application/vnd.pg.format", - "ei6": "application/vnd.pg.osasli", - "efif": "application/vnd.picsel", - "wg": "application/vnd.pmi.widget", - "plf": "application/vnd.pocketlearn", - "pbd": "application/vnd.powerbuilder6", - "box": "application/vnd.previewsystems.box", - "mgz": "application/vnd.proteus.magazine", - "qps": "application/vnd.publishare-delta-tree", - "ptid": "application/vnd.pvi.ptid1", - "qwd": "application/vnd.quark.quarkxpress", - "bed": "application/vnd.realvnc.bed", - "mxl": "application/vnd.recordare.musicxml", - "musicxml": "application/vnd.recordare.musicxml+xml", - "cryptonote": "application/vnd.rig.cryptonote", - "cod": "application/vnd.rim.cod", - "rm": "application/vnd.rn-realmedia", - "rmvb": "application/vnd.rn-realmedia-vbr", - "link66": "application/vnd.route66.link66+xml", - "st": "application/vnd.sailingtracker.track", - "see": "application/vnd.seemail", - "sema": "application/vnd.sema", - "semd": "application/vnd.semd", - "semf": "application/vnd.semf", - "ifm": "application/vnd.shana.informed.formdata", - "itp": "application/vnd.shana.informed.formtemplate", - "iif": "application/vnd.shana.informed.interchange", - "ipk": "application/vnd.shana.informed.package", - "twd": "application/vnd.simtech-mindmapper", - "mmf": "application/vnd.smaf", - "teacher": "application/vnd.smart.teacher", - "sdkd": "application/vnd.solent.sdkm+xml", - "dxp": "application/vnd.spotfire.dxp", - "sfs": "application/vnd.spotfire.sfs", - "sdc": "application/vnd.stardivision.calc", - "sda": "application/vnd.stardivision.draw", - "sdd": "application/vnd.stardivision.impress", - "smf": "application/vnd.stardivision.math", - "sdw": "application/vnd.stardivision.writer", - "sgl": "application/vnd.stardivision.writer-global", - "smzip": "application/vnd.stepmania.package", - "sm": "application/vnd.stepmania.stepchart", - "sxc": "application/vnd.sun.xml.calc", - "stc": "application/vnd.sun.xml.calc.template", - "sxd": "application/vnd.sun.xml.draw", - "std": "application/vnd.sun.xml.draw.template", - "sxi": "application/vnd.sun.xml.impress", - "sti": "application/vnd.sun.xml.impress.template", - "sxm": "application/vnd.sun.xml.math", - "sxw": "application/vnd.sun.xml.writer", - "sxg": "application/vnd.sun.xml.writer.global", - "stw": "application/vnd.sun.xml.writer.template", - "sus": "application/vnd.sus-calendar", - "svd": "application/vnd.svd", - "sis": "application/vnd.symbian.install", - "bdm": "application/vnd.syncml.dm+wbxml", - "xdm": "application/vnd.syncml.dm+xml", - "xsm": "application/vnd.syncml+xml", - "tao": "application/vnd.tao.intent-module-archive", - "cap": "application/vnd.tcpdump.pcap", - "tmo": "application/vnd.tmobile-livetv", - "tpt": "application/vnd.trid.tpt", - "mxs": "application/vnd.triscape.mxs", - "tra": "application/vnd.trueapp", - "ufd": "application/vnd.ufdl", - "utz": "application/vnd.uiq.theme", - "umj": "application/vnd.umajin", - "unityweb": "application/vnd.unity", - "uoml": "application/vnd.uoml+xml", - "vcx": "application/vnd.vcx", - "vss": "application/vnd.visio", - "vis": "application/vnd.visionary", - "vsf": "application/vnd.vsf", - "wbxml": "application/vnd.wap.wbxml", - "wmlc": "application/vnd.wap.wmlc", - "wmlsc": "application/vnd.wap.wmlscriptc", - "wtb": "application/vnd.webturbo", - "nbp": "application/vnd.wolfram.player", - "wpd": "application/vnd.wordperfect", - "wqd": "application/vnd.wqd", - "stf": "application/vnd.wt.stf", - "xar": "application/vnd.xara", - "xfdl": "application/vnd.xfdl", - "hvd": "application/vnd.yamaha.hv-dic", - "hvs": "application/vnd.yamaha.hv-script", - "hvp": "application/vnd.yamaha.hv-voice", - "osf": "application/vnd.yamaha.openscoreformat", - "osfpvg": "application/vnd.yamaha.openscoreformat.osfpvg+xml", - "saf": "application/vnd.yamaha.smaf-audio", - "spf": "application/vnd.yamaha.smaf-phrase", - "cmp": "application/vnd.yellowriver-custom-menu", - "zir": "application/vnd.zul", - "zaz": "application/vnd.zzazz.deck+xml", - "vxml": "application/voicexml+xml", - "wgt": "application/widget", - "hlp": "application/winhlp", - "wsdl": "application/wsdl+xml", - "wspolicy": "application/wspolicy+xml", - "7z": "application/x-7z-compressed", - "abw": "application/x-abiword", - "ace": "application/x-ace-compressed", - "dmg": "application/x-apple-diskimage", - "aab": "application/x-authorware-bin", - "aam": "application/x-authorware-map", - "aas": "application/x-authorware-seg", - "bcpio": "application/x-bcpio", - "torrent": "application/x-bittorrent", - "blb": "application/x-blorb", - "bz": "application/x-bzip", - "bz2": "application/x-bzip2", - "cbr": "application/x-cbr", - "vcd": "application/x-cdlink", - "cfs": "application/x-cfs-compressed", - "chat": "application/x-chat", - "pgn": "application/x-chess-pgn", - "nsc": "application/x-conference", - "cpio": "application/x-cpio", - "csh": "application/x-csh", - "deb": "application/x-debian-package", - "dgc": "application/x-dgc-compressed", - "cct": "application/x-director", - "wad": "application/x-doom", - "ncx": "application/x-dtbncx+xml", - "dtb": "application/x-dtbook+xml", - "res": "application/x-dtbresource+xml", - "dvi": "application/x-dvi", - "evy": "application/x-envoy", - "eva": "application/x-eva", - "bdf": "application/x-font-bdf", - "gsf": "application/x-font-ghostscript", - "psf": "application/x-font-linux-psf", - "pcf": "application/x-font-pcf", - "snf": "application/x-font-snf", - "afm": "application/x-font-type1", - "arc": "application/x-freearc", - "spl": "application/x-futuresplash", - "gca": "application/x-gca-compressed", - "ulx": "application/x-glulx", - "gnumeric": "application/x-gnumeric", - "gramps": "application/x-gramps-xml", - "gtar": "application/x-gtar", - "hdf": "application/x-hdf", - "install": "application/x-install-instructions", - "iso": "application/x-iso9660-image", - "jnlp": "application/x-java-jnlp-file", - "latex": "application/x-latex", - "lzh": "application/x-lzh-compressed", - "mie": "application/x-mie", - "mobi": "application/x-mobipocket-ebook", - "application": "application/x-ms-application", - "lnk": "application/x-ms-shortcut", - "wmd": "application/x-ms-wmd", - "wmz": "application/x-ms-wmz", - "xbap": "application/x-ms-xbap", - "mdb": "application/x-msaccess", - "obd": "application/x-msbinder", - "crd": "application/x-mscardfile", - "clp": "application/x-msclip", - "mny": "application/x-msmoney", - "pub": "application/x-mspublisher", - "scd": "application/x-msschedule", - "trm": "application/x-msterminal", - "wri": "application/x-mswrite", - "nzb": "application/x-nzb", - "p12": "application/x-pkcs12", - "p7b": "application/x-pkcs7-certificates", - "p7r": "application/x-pkcs7-certreqresp", - "rar": "application/x-rar-compressed", - "ris": "application/x-research-info-systems", - "sh": "application/x-sh", - "shar": "application/x-shar", - "swf": "application/x-shockwave-flash", - "xap": "application/x-silverlight-app", - "sql": "application/x-sql", - "sit": "application/x-stuffit", - "sitx": "application/x-stuffitx", - "srt": "application/x-subrip", - "sv4cpio": "application/x-sv4cpio", - "sv4crc": "application/x-sv4crc", - "t3": "application/x-t3vm-image", - "gam": "application/x-tads", - "tar": "application/x-tar", - "tcl": "application/x-tcl", - "tex": "application/x-tex", - "tfm": "application/x-tex-tfm", - "texi": "application/x-texinfo", - "obj": "application/x-tgif", - "ustar": "application/x-ustar", - "src": "application/x-wais-source", - "crt": "application/x-x509-ca-cert", - "fig": "application/x-xfig", - "xlf": "application/x-xliff+xml", - "xpi": "application/x-xpinstall", - "xz": "application/x-xz", - "xaml": "application/xaml+xml", - "xdf": "application/xcap-diff+xml", - "xenc": "application/xenc+xml", - "xhtml": "application/xhtml+xml", - "xml": "application/xml", - "dtd": "application/xml-dtd", - "xop": "application/xop+xml", - "xpl": "application/xproc+xml", - "xslt": "application/xslt+xml", - "xspf": "application/xspf+xml", - "mxml": "application/xv+xml", - "yang": "application/yang", - "yin": "application/yin+xml", - "zip": "application/zip", - "adp": "audio/adpcm", - "au": "audio/basic", - "mid": "audio/midi", - "m4a": "audio/mp4", - "mp3": "audio/mpeg", - "ogg": "audio/ogg", - "s3m": "audio/s3m", - "sil": "audio/silk", - "uva": "audio/vnd.dece.audio", - "eol": "audio/vnd.digital-winds", - "dra": "audio/vnd.dra", - "dts": "audio/vnd.dts", - "dtshd": "audio/vnd.dts.hd", - "lvp": "audio/vnd.lucent.voice", - "pya": "audio/vnd.ms-playready.media.pya", - "ecelp4800": "audio/vnd.nuera.ecelp4800", - "ecelp7470": "audio/vnd.nuera.ecelp7470", - "ecelp9600": "audio/vnd.nuera.ecelp9600", - "rip": "audio/vnd.rip", - "weba": "audio/webm", - "aac": "audio/x-aac", - "aiff": "audio/x-aiff", - "caf": "audio/x-caf", - "flac": "audio/x-flac", - "mka": "audio/x-matroska", - "m3u": "audio/x-mpegurl", - "wax": "audio/x-ms-wax", - "wma": "audio/x-ms-wma", - "rmp": "audio/x-pn-realaudio-plugin", - "wav": "audio/x-wav", - "xm": "audio/xm", - "cdx": "chemical/x-cdx", - "cif": "chemical/x-cif", - "cmdf": "chemical/x-cmdf", - "cml": "chemical/x-cml", - "csml": "chemical/x-csml", - "xyz": "chemical/x-xyz", - "ttc": "font/collection", - "otf": "font/otf", - "ttf": "font/ttf", - "woff": "font/woff", - "woff2": "font/woff2", - "bmp": "image/bmp", - "cgm": "image/cgm", - "g3": "image/g3fax", - "gif": "image/gif", - "ief": "image/ief", - "jpg": "image/jpeg", - "ktx": "image/ktx", - "png": "image/png", - "btif": "image/prs.btif", - "sgi": "image/sgi", - "svg": "image/svg+xml", - "tiff": "image/tiff", - "psd": "image/vnd.adobe.photoshop", - "dwg": "image/vnd.dwg", - "dxf": "image/vnd.dxf", - "fbs": "image/vnd.fastbidsheet", - "fpx": "image/vnd.fpx", - "fst": "image/vnd.fst", - "mmr": "image/vnd.fujixerox.edmics-mmr", - "rlc": "image/vnd.fujixerox.edmics-rlc", - "mdi": "image/vnd.ms-modi", - "wdp": "image/vnd.ms-photo", - "npx": "image/vnd.net-fpx", - "wbmp": "image/vnd.wap.wbmp", - "xif": "image/vnd.xiff", - "webp": "image/webp", - "3ds": "image/x-3ds", - "ras": "image/x-cmu-raster", - "cmx": "image/x-cmx", - "ico": "image/x-icon", - "sid": "image/x-mrsid-image", - "pcx": "image/x-pcx", - "pnm": "image/x-portable-anymap", - "pbm": "image/x-portable-bitmap", - "pgm": "image/x-portable-graymap", - "ppm": "image/x-portable-pixmap", - "rgb": "image/x-rgb", - "tga": "image/x-tga", - "xbm": "image/x-xbitmap", - "xpm": "image/x-xpixmap", - "xwd": "image/x-xwindowdump", - "dae": "model/vnd.collada+xml", - "dwf": "model/vnd.dwf", - "gdl": "model/vnd.gdl", - "gtw": "model/vnd.gtw", - "mts": "model/vnd.mts", - "vtu": "model/vnd.vtu", - "appcache": "text/cache-manifest", - "ics": "text/calendar", - "css": "text/css", - "csv": "text/csv", - "html": "text/html", - "n3": "text/n3", - "txt": "text/plain", - "dsc": "text/prs.lines.tag", - "rtx": "text/richtext", - "tsv": "text/tab-separated-values", - "ttl": "text/turtle", - "vcard": "text/vcard", - "curl": "text/vnd.curl", - "dcurl": "text/vnd.curl.dcurl", - "mcurl": "text/vnd.curl.mcurl", - "scurl": "text/vnd.curl.scurl", - "sub": "text/vnd.dvb.subtitle", - "fly": "text/vnd.fly", - "flx": "text/vnd.fmi.flexstor", - "gv": "text/vnd.graphviz", - "3dml": "text/vnd.in3d.3dml", - "spot": "text/vnd.in3d.spot", - "jad": "text/vnd.sun.j2me.app-descriptor", - "wml": "text/vnd.wap.wml", - "wmls": "text/vnd.wap.wmlscript", - "asm": "text/x-asm", - "c": "text/x-c", - "java": "text/x-java-source", - "nfo": "text/x-nfo", - "opml": "text/x-opml", - "pas": "text/x-pascal", - "etx": "text/x-setext", - "sfv": "text/x-sfv", - "uu": "text/x-uuencode", - "vcs": "text/x-vcalendar", - "vcf": "text/x-vcard", - "3gp": "video/3gpp", - "3g2": "video/3gpp2", - "h261": "video/h261", - "h263": "video/h263", - "h264": "video/h264", - "jpgv": "video/jpeg", - "mp4": "video/mp4", - "mpeg": "video/mpeg", - "ogv": "video/ogg", - "dvb": "video/vnd.dvb.file", - "fvt": "video/vnd.fvt", - "pyv": "video/vnd.ms-playready.media.pyv", - "viv": "video/vnd.vivo", - "webm": "video/webm", - "f4v": "video/x-f4v", - "fli": "video/x-fli", - "flv": "video/x-flv", - "m4v": "video/x-m4v", - "mkv": "video/x-matroska", - "mng": "video/x-mng", - "asf": "video/x-ms-asf", - "vob": "video/x-ms-vob", - "wm": "video/x-ms-wm", - "wmv": "video/x-ms-wmv", - "wmx": "video/x-ms-wmx", - "wvx": "video/x-ms-wvx", - "avi": "video/x-msvideo", - "movie": "video/x-sgi-movie", - "smv": "video/x-smv", - "ice": "x-conference/x-cooltalk", -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/oauth.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/oauth.go deleted file mode 100644 index c14f39d2fb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/oauth.go +++ /dev/null @@ -1,103 +0,0 @@ -package misc - -import ( - "crypto/rand" - "encoding/hex" - "fmt" - "net/url" - "strings" -) - -// GenerateRandomState generates a cryptographically secure random state parameter -// for OAuth2 flows to prevent CSRF attacks. -// -// Returns: -// - string: A hexadecimal encoded random state string -// - error: An error if the random generation fails, nil otherwise -func GenerateRandomState() (string, error) { - bytes := make([]byte, 16) - if _, err := rand.Read(bytes); err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - return hex.EncodeToString(bytes), nil -} - -// OAuthCallback captures the parsed OAuth callback parameters. -type OAuthCallback struct { - Code string - State string - Error string - ErrorDescription string -} - -// ParseOAuthCallback extracts OAuth parameters from a callback URL. -// It returns nil when the input is empty. -func ParseOAuthCallback(input string) (*OAuthCallback, error) { - trimmed := strings.TrimSpace(input) - if trimmed == "" { - return nil, nil - } - - candidate := trimmed - if !strings.Contains(candidate, "://") { - if strings.HasPrefix(candidate, "?") { - candidate = "http://localhost" + candidate - } else if strings.ContainsAny(candidate, "/?#") || strings.Contains(candidate, ":") { - candidate = "http://" + candidate - } else if strings.Contains(candidate, "=") { - candidate = "http://localhost/?" + candidate - } else { - return nil, fmt.Errorf("invalid callback URL") - } - } - - parsedURL, err := url.Parse(candidate) - if err != nil { - return nil, err - } - - query := parsedURL.Query() - code := strings.TrimSpace(query.Get("code")) - state := strings.TrimSpace(query.Get("state")) - errCode := strings.TrimSpace(query.Get("error")) - errDesc := strings.TrimSpace(query.Get("error_description")) - - if parsedURL.Fragment != "" { - if fragQuery, errFrag := url.ParseQuery(parsedURL.Fragment); errFrag == nil { - if code == "" { - code = strings.TrimSpace(fragQuery.Get("code")) - } - if state == "" { - state = strings.TrimSpace(fragQuery.Get("state")) - } - if errCode == "" { - errCode = strings.TrimSpace(fragQuery.Get("error")) - } - if errDesc == "" { - errDesc = strings.TrimSpace(fragQuery.Get("error_description")) - } - } - } - - if code != "" && state == "" && strings.Contains(code, "#") { - parts := strings.SplitN(code, "#", 2) - code = parts[0] - state = parts[1] - } - - if errCode == "" && errDesc != "" { - errCode = errDesc - errDesc = "" - } - - if code == "" && errCode == "" { - return nil, fmt.Errorf("callback URL missing code") - } - - return &OAuthCallback{ - Code: code, - State: state, - Error: errCode, - ErrorDescription: errDesc, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/path_security.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/path_security.go deleted file mode 100644 index 28e78e9575..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/path_security.go +++ /dev/null @@ -1,69 +0,0 @@ -package misc - -import ( - "fmt" - "os" - "path/filepath" - "strings" -) - -// ResolveSafeFilePath validates and normalizes a file path, rejecting path traversal components. -func ResolveSafeFilePath(path string) (string, error) { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "", fmt.Errorf("path is empty") - } - if hasPathTraversalComponent(trimmed) { - return "", fmt.Errorf("path traversal is not allowed") - } - cleaned := filepath.Clean(trimmed) - if cleaned == "." { - return "", fmt.Errorf("path is invalid") - } - return cleaned, nil -} - -// ResolveSafeFilePathInDir resolves a file name inside baseDir and rejects paths that escape baseDir. -func ResolveSafeFilePathInDir(baseDir, fileName string) (string, error) { - base := strings.TrimSpace(baseDir) - if base == "" { - return "", fmt.Errorf("base directory is empty") - } - name := strings.TrimSpace(fileName) - if name == "" { - return "", fmt.Errorf("file name is empty") - } - if strings.Contains(name, "/") || strings.Contains(name, "\\") { - return "", fmt.Errorf("file name must not contain path separators") - } - if hasPathTraversalComponent(name) { - return "", fmt.Errorf("file name must not contain traversal components") - } - cleanName := filepath.Clean(name) - if cleanName == "." || cleanName == ".." { - return "", fmt.Errorf("file name is invalid") - } - baseAbs, err := filepath.Abs(base) - if err != nil { - return "", fmt.Errorf("resolve base directory: %w", err) - } - resolved := filepath.Clean(filepath.Join(baseAbs, cleanName)) - rel, err := filepath.Rel(baseAbs, resolved) - if err != nil { - return "", fmt.Errorf("resolve relative path: %w", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("resolved path escapes base directory") - } - return resolved, nil -} - -func hasPathTraversalComponent(path string) bool { - normalized := strings.ReplaceAll(path, "\\", "/") - for _, component := range strings.Split(normalized, "/") { - if component == ".." { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/path_security_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/path_security_test.go deleted file mode 100644 index 6eaf1d2beb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/misc/path_security_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package misc - -import ( - "path/filepath" - "strings" - "testing" -) - -func TestResolveSafeFilePathRejectsTraversal(t *testing.T) { - _, err := ResolveSafeFilePath("/tmp/../escape.json") - if err == nil { - t.Fatal("expected traversal path to be rejected") - } -} - -func TestResolveSafeFilePathInDirRejectsSeparatorsAndTraversal(t *testing.T) { - base := t.TempDir() - - if _, err := ResolveSafeFilePathInDir(base, "..\\escape.json"); err == nil { - t.Fatal("expected backslash traversal payload to be rejected") - } - if _, err := ResolveSafeFilePathInDir(base, "../escape.json"); err == nil { - t.Fatal("expected slash traversal payload to be rejected") - } -} - -func TestResolveSafeFilePathInDirResolvesInsideBaseDir(t *testing.T) { - base := t.TempDir() - path, err := ResolveSafeFilePathInDir(base, "valid.json") - if err != nil { - t.Fatalf("expected valid file name: %v", err) - } - if !strings.HasPrefix(path, filepath.Clean(base)+string(filepath.Separator)) { - t.Fatalf("expected resolved path %q under base %q", path, base) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/config.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/config.go deleted file mode 100644 index b8688a3f78..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/config.go +++ /dev/null @@ -1,117 +0,0 @@ -// Package ratelimit provides configurable rate limiting for API providers. -// Supports RPM (Requests Per Minute), TPM (Tokens Per Minute), -// RPD (Requests Per Day), and TPD (Tokens Per Day) limits. -package ratelimit - -// RateLimitConfig defines rate limit settings for a provider/credential. -// All limits are optional - set to 0 to disable a specific limit. -type RateLimitConfig struct { - // RPM is the maximum requests per minute. 0 means no limit. - RPM int `yaml:"rpm" json:"rpm"` - - // TPM is the maximum tokens per minute. 0 means no limit. - TPM int `yaml:"tpm" json:"tpm"` - - // RPD is the maximum requests per day. 0 means no limit. - RPD int `yaml:"rpd" json:"rpd"` - - // TPD is the maximum tokens per day. 0 means no limit. - TPD int `yaml:"tpd" json:"tpd"` - - // WaitOnLimit controls behavior when a limit is exceeded. - // If true, the request will wait until the limit resets. - // If false (default), the request is rejected immediately with HTTP 429. - WaitOnLimit bool `yaml:"wait-on-limit" json:"wait-on-limit"` - - // MaxWaitSeconds is the maximum time to wait when WaitOnLimit is true. - // 0 means wait indefinitely (not recommended). Default: 30. - MaxWaitSeconds int `yaml:"max-wait-seconds" json:"max-wait-seconds"` -} - -// IsEmpty returns true if no rate limits are configured. -func (c *RateLimitConfig) IsEmpty() bool { - return c == nil || (c.RPM == 0 && c.TPM == 0 && c.RPD == 0 && c.TPD == 0) -} - -// HasRequestLimit returns true if any request-based limit is configured. -func (c *RateLimitConfig) HasRequestLimit() bool { - return c != nil && (c.RPM > 0 || c.RPD > 0) -} - -// HasTokenLimit returns true if any token-based limit is configured. -func (c *RateLimitConfig) HasTokenLimit() bool { - return c != nil && (c.TPM > 0 || c.TPD > 0) -} - -// GetMaxWaitDuration returns the maximum wait time as a duration in seconds. -func (c *RateLimitConfig) GetMaxWaitDuration() int { - if c == nil || c.MaxWaitSeconds <= 0 { - return 30 // default 30 seconds - } - return c.MaxWaitSeconds -} - -// RateLimitStatus represents the current status of rate limits for a credential. -type RateLimitStatus struct { - // Provider is the provider name (e.g., "gemini", "claude"). - Provider string `json:"provider"` - - // CredentialID is the identifier for this credential (e.g., API key prefix). - CredentialID string `json:"credential_id"` - - // MinuteWindow contains the current minute window usage. - MinuteWindow WindowStatus `json:"minute_window"` - - // DayWindow contains the current day window usage. - DayWindow WindowStatus `json:"day_window"` - - // IsLimited is true if any limit is currently exceeded. - IsLimited bool `json:"is_limited"` - - // LimitType describes which limit is hit, if any. - LimitType string `json:"limit_type,omitempty"` - - // ResetAt is the time when the current limit will reset (Unix timestamp). - ResetAt int64 `json:"reset_at,omitempty"` - - // WaitSeconds is the estimated wait time in seconds (if limited). - WaitSeconds int `json:"wait_seconds,omitempty"` -} - -// WindowStatus contains usage statistics for a time window. -type WindowStatus struct { - // Requests is the number of requests in the current window. - Requests int64 `json:"requests"` - - // Tokens is the number of tokens in the current window. - Tokens int64 `json:"tokens"` - - // RequestLimit is the configured request limit (0 if unlimited). - RequestLimit int `json:"request_limit"` - - // TokenLimit is the configured token limit (0 if unlimited). - TokenLimit int `json:"token_limit"` - - // WindowStart is the start time of the window (Unix timestamp). - WindowStart int64 `json:"window_start"` - - // WindowEnd is the end time of the window (Unix timestamp). - WindowEnd int64 `json:"window_end"` -} - -// RateLimitError represents an error when a rate limit is exceeded. -type RateLimitError struct { - LimitType string - ResetAt int64 - WaitSeconds int -} - -func (e *RateLimitError) Error() string { - return "rate limit exceeded: " + e.LimitType -} - -// IsRateLimitError checks if an error is a rate limit error. -func IsRateLimitError(err error) bool { - _, ok := err.(*RateLimitError) - return ok -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/manager.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/manager.go deleted file mode 100644 index 8eff50d81f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/manager.go +++ /dev/null @@ -1,236 +0,0 @@ -package ratelimit - -import ( - "encoding/json" - "strconv" - "strings" - "sync" - "time" -) - -// Manager manages rate limiters for all providers and credentials. -type Manager struct { - mu sync.RWMutex - limiters map[string]*SlidingWindow // key: provider:credentialID -} - -// globalManager is the singleton rate limit manager. -var globalManager = NewManager() - -// NewManager creates a new rate limit manager. -func NewManager() *Manager { - return &Manager{ - limiters: make(map[string]*SlidingWindow), - } -} - -// GetManager returns the global rate limit manager. -func GetManager() *Manager { - return globalManager -} - -// makeKey creates a unique key for a provider/credential combination. -func makeKey(provider, credentialID string) string { - return provider + ":" + credentialID -} - -// GetLimiter returns the rate limiter for a provider/credential. -// If no limiter exists, it creates one with the given config. -func (m *Manager) GetLimiter(provider, credentialID string, config RateLimitConfig) *SlidingWindow { - if config.IsEmpty() { - return nil - } - - key := makeKey(provider, credentialID) - - m.mu.RLock() - limiter, exists := m.limiters[key] - m.mu.RUnlock() - - if exists { - limiter.UpdateConfig(config) - return limiter - } - - m.mu.Lock() - defer m.mu.Unlock() - - // Double check after acquiring write lock - if limiter, exists = m.limiters[key]; exists { - limiter.UpdateConfig(config) - return limiter - } - - limiter = NewSlidingWindow(provider, credentialID, config) - m.limiters[key] = limiter - return limiter -} - -// RemoveLimiter removes a rate limiter for a provider/credential. -func (m *Manager) RemoveLimiter(provider, credentialID string) { - key := makeKey(provider, credentialID) - m.mu.Lock() - defer m.mu.Unlock() - delete(m.limiters, key) -} - -// GetStatus returns the rate limit status for a provider/credential. -func (m *Manager) GetStatus(provider, credentialID string) *RateLimitStatus { - key := makeKey(provider, credentialID) - - m.mu.RLock() - limiter, exists := m.limiters[key] - m.mu.RUnlock() - - if !exists { - return nil - } - - status := limiter.GetStatus() - return &status -} - -// GetAllStatuses returns the rate limit status for all tracked limiters. -func (m *Manager) GetAllStatuses() []RateLimitStatus { - m.mu.RLock() - defer m.mu.RUnlock() - - statuses := make([]RateLimitStatus, 0, len(m.limiters)) - for _, limiter := range m.limiters { - statuses = append(statuses, limiter.GetStatus()) - } - return statuses -} - -// TryConsume attempts to consume from a provider/credential's rate limiter. -// Returns nil if successful, or an error if the limit would be exceeded. -func (m *Manager) TryConsume(provider, credentialID string, config RateLimitConfig, requests, tokens int64) error { - if config.IsEmpty() { - return nil - } - - limiter := m.GetLimiter(provider, credentialID, config) - if limiter == nil { - return nil - } - - return limiter.TryConsume(requests, tokens, config.WaitOnLimit) -} - -// RecordUsage records actual usage after a request completes. -func (m *Manager) RecordUsage(provider, credentialID string, config RateLimitConfig, requests, tokens int64) { - if config.IsEmpty() { - return - } - - limiter := m.GetLimiter(provider, credentialID, config) - if limiter == nil { - return - } - - limiter.RecordUsage(requests, tokens) -} - -// CleanupStale removes limiters that haven't been used in the specified duration. -func (m *Manager) CleanupStale(maxAge time.Duration) { - m.mu.Lock() - defer m.mu.Unlock() - - now := time.Now().Unix() - staleThreshold := now - int64(maxAge.Seconds()) - - for key, limiter := range m.limiters { - status := limiter.GetStatus() - // Remove if both windows are expired and no recent activity - if status.MinuteWindow.WindowEnd < staleThreshold && status.DayWindow.WindowEnd < staleThreshold { - delete(m.limiters, key) - } - } -} - -// MaskCredential masks a credential ID for logging/display purposes. -func MaskCredential(credentialID string) string { - if len(credentialID) <= 8 { - return credentialID - } - return credentialID[:4] + "..." + credentialID[len(credentialID)-4:] -} - -// ParseRateLimitConfigFromMap parses rate limit config from a generic map. -// This is useful for loading from YAML/JSON. -func ParseRateLimitConfigFromMap(m map[string]interface{}) RateLimitConfig { - var cfg RateLimitConfig - - apply := func(canonical string, value interface{}) { - parsed, ok := parseIntValue(value) - if !ok { - return - } - switch canonical { - case "rpm": - cfg.RPM = parsed - case "tpm": - cfg.TPM = parsed - case "rpd": - cfg.RPD = parsed - case "tpd": - cfg.TPD = parsed - } - } - - for key, value := range m { - normalized := strings.ToLower(strings.TrimSpace(key)) - switch normalized { - case "rpm", "requests_per_minute", "requestsperminute": - apply("rpm", value) - case "tpm", "tokens_per_minute", "tokensperminute": - apply("tpm", value) - case "rpd", "requests_per_day", "requestsperday": - apply("rpd", value) - case "tpd", "tokens_per_day", "tokensperday": - apply("tpd", value) - } - } - - if v, ok := m["wait-on-limit"]; ok { - if val, ok := v.(bool); ok { - cfg.WaitOnLimit = val - } else if val, ok := v.(string); ok { - cfg.WaitOnLimit = strings.ToLower(val) == "true" - } - } - if v, ok := m["max-wait-seconds"]; ok { - switch val := v.(type) { - case int: - cfg.MaxWaitSeconds = val - case float64: - cfg.MaxWaitSeconds = int(val) - } - } - return cfg -} - -func parseIntValue(v interface{}) (int, bool) { - switch val := v.(type) { - case int: - return val, true - case int64: - return int(val), true - case float64: - return int(val), true - case string: - parsed, err := strconv.Atoi(strings.TrimSpace(val)) - if err != nil { - return 0, false - } - return parsed, true - case json.Number: - parsed, err := val.Int64() - if err != nil { - return 0, false - } - return int(parsed), true - default: - return 0, false - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/manager_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/manager_test.go deleted file mode 100644 index e45291561b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/manager_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package ratelimit - -import ( - "encoding/json" - "testing" -) - -func TestParseRateLimitConfigFromMap_AliasKeys(t *testing.T) { - cfg := ParseRateLimitConfigFromMap(map[string]interface{}{ - "requests_per_minute": json.Number("60"), - "TokensPerMinute": "120", - "requests_per_day": 300.0, - "tokensperday": 480, - "wait-on-limit": true, - "max-wait-seconds": 45.0, - }) - - if cfg.RPM != 60 { - t.Fatalf("RPM = %d, want %d", cfg.RPM, 60) - } - if cfg.TPM != 120 { - t.Fatalf("TPM = %d, want %d", cfg.TPM, 120) - } - if cfg.RPD != 300 { - t.Fatalf("RPD = %d, want %d", cfg.RPD, 300) - } - if cfg.TPD != 480 { - t.Fatalf("TPD = %d, want %d", cfg.TPD, 480) - } - if !cfg.WaitOnLimit { - t.Fatal("WaitOnLimit = false, want true") - } - if cfg.MaxWaitSeconds != 45 { - t.Fatalf("MaxWaitSeconds = %d, want %d", cfg.MaxWaitSeconds, 45) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/window.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/window.go deleted file mode 100644 index 7b5132b7a7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/ratelimit/window.go +++ /dev/null @@ -1,233 +0,0 @@ -package ratelimit - -import ( - "sync" - "time" -) - -// SlidingWindow implements a sliding window rate limiter. -// It tracks both requests and tokens over configurable time windows. -type SlidingWindow struct { - mu sync.RWMutex - - // Provider identifier - provider string - - // Credential identifier (e.g., API key prefix) - credentialID string - - // Configuration - config RateLimitConfig - - // Minute window state - minuteRequests int64 - minuteTokens int64 - minuteWindowEnd int64 - - // Day window state - dayRequests int64 - dayTokens int64 - dayWindowEnd int64 -} - -// NewSlidingWindow creates a new sliding window rate limiter. -func NewSlidingWindow(provider, credentialID string, config RateLimitConfig) *SlidingWindow { - now := time.Now() - return &SlidingWindow{ - provider: provider, - credentialID: credentialID, - config: config, - minuteWindowEnd: now.Truncate(time.Minute).Add(time.Minute).Unix(), - dayWindowEnd: now.Truncate(24 * time.Hour).Add(24 * time.Hour).Unix(), - } -} - -// TryConsume attempts to consume capacity from the rate limiter. -// If allowWait is true and the config allows waiting, it will wait up to maxWait. -// Returns an error if the limit would be exceeded. -func (sw *SlidingWindow) TryConsume(requests int64, tokens int64, allowWait bool) error { - if sw.config.IsEmpty() { - return nil - } - - sw.mu.Lock() - defer sw.mu.Unlock() - - now := time.Now().Unix() - sw.resetWindowsIfNeeded(now) - - // Check minute limits - if sw.config.RPM > 0 && sw.minuteRequests+requests > int64(sw.config.RPM) { - waitSec := int(sw.minuteWindowEnd - now) - if sw.config.WaitOnLimit && allowWait && waitSec <= sw.config.GetMaxWaitDuration() { - sw.mu.Unlock() - time.Sleep(time.Duration(waitSec) * time.Second) - sw.mu.Lock() - sw.resetWindowsIfNeeded(time.Now().Unix()) - } else { - return &RateLimitError{ - LimitType: "rpm", - ResetAt: sw.minuteWindowEnd, - WaitSeconds: waitSec, - } - } - } - - if sw.config.TPM > 0 && sw.minuteTokens+tokens > int64(sw.config.TPM) { - waitSec := int(sw.minuteWindowEnd - now) - if sw.config.WaitOnLimit && allowWait && waitSec <= sw.config.GetMaxWaitDuration() { - sw.mu.Unlock() - time.Sleep(time.Duration(waitSec) * time.Second) - sw.mu.Lock() - sw.resetWindowsIfNeeded(time.Now().Unix()) - } else { - return &RateLimitError{ - LimitType: "tpm", - ResetAt: sw.minuteWindowEnd, - WaitSeconds: waitSec, - } - } - } - - // Check day limits - if sw.config.RPD > 0 && sw.dayRequests+requests > int64(sw.config.RPD) { - waitSec := int(sw.dayWindowEnd - now) - if sw.config.WaitOnLimit && allowWait && waitSec <= sw.config.GetMaxWaitDuration() { - sw.mu.Unlock() - time.Sleep(time.Duration(waitSec) * time.Second) - sw.mu.Lock() - sw.resetWindowsIfNeeded(time.Now().Unix()) - } else { - return &RateLimitError{ - LimitType: "rpd", - ResetAt: sw.dayWindowEnd, - WaitSeconds: waitSec, - } - } - } - - if sw.config.TPD > 0 && sw.dayTokens+tokens > int64(sw.config.TPD) { - waitSec := int(sw.dayWindowEnd - now) - if sw.config.WaitOnLimit && allowWait && waitSec <= sw.config.GetMaxWaitDuration() { - sw.mu.Unlock() - time.Sleep(time.Duration(waitSec) * time.Second) - sw.mu.Lock() - sw.resetWindowsIfNeeded(time.Now().Unix()) - } else { - return &RateLimitError{ - LimitType: "tpd", - ResetAt: sw.dayWindowEnd, - WaitSeconds: waitSec, - } - } - } - - // Consume the capacity - sw.minuteRequests += requests - sw.minuteTokens += tokens - sw.dayRequests += requests - sw.dayTokens += tokens - - return nil -} - -// RecordUsage records actual usage after a request completes. -// This is used to update token counts based on actual response data. -func (sw *SlidingWindow) RecordUsage(requests int64, tokens int64) { - if sw.config.IsEmpty() { - return - } - - sw.mu.Lock() - defer sw.mu.Unlock() - - now := time.Now().Unix() - sw.resetWindowsIfNeeded(now) - - sw.minuteRequests += requests - sw.minuteTokens += tokens - sw.dayRequests += requests - sw.dayTokens += tokens -} - -// GetStatus returns the current rate limit status. -func (sw *SlidingWindow) GetStatus() RateLimitStatus { - sw.mu.RLock() - defer sw.mu.RUnlock() - - now := time.Now().Unix() - sw.resetWindowsIfNeeded(now) - - status := RateLimitStatus{ - Provider: sw.provider, - CredentialID: sw.credentialID, - MinuteWindow: WindowStatus{ - Requests: sw.minuteRequests, - Tokens: sw.minuteTokens, - RequestLimit: sw.config.RPM, - TokenLimit: sw.config.TPM, - WindowStart: sw.minuteWindowEnd - 60, - WindowEnd: sw.minuteWindowEnd, - }, - DayWindow: WindowStatus{ - Requests: sw.dayRequests, - Tokens: sw.dayTokens, - RequestLimit: sw.config.RPD, - TokenLimit: sw.config.TPD, - WindowStart: sw.dayWindowEnd - 86400, - WindowEnd: sw.dayWindowEnd, - }, - } - - // Check if any limit is exceeded - if sw.config.RPM > 0 && sw.minuteRequests >= int64(sw.config.RPM) { - status.IsLimited = true - status.LimitType = "rpm" - status.ResetAt = sw.minuteWindowEnd - status.WaitSeconds = int(sw.minuteWindowEnd - now) - } else if sw.config.TPM > 0 && sw.minuteTokens >= int64(sw.config.TPM) { - status.IsLimited = true - status.LimitType = "tpm" - status.ResetAt = sw.minuteWindowEnd - status.WaitSeconds = int(sw.minuteWindowEnd - now) - } else if sw.config.RPD > 0 && sw.dayRequests >= int64(sw.config.RPD) { - status.IsLimited = true - status.LimitType = "rpd" - status.ResetAt = sw.dayWindowEnd - status.WaitSeconds = int(sw.dayWindowEnd - now) - } else if sw.config.TPD > 0 && sw.dayTokens >= int64(sw.config.TPD) { - status.IsLimited = true - status.LimitType = "tpd" - status.ResetAt = sw.dayWindowEnd - status.WaitSeconds = int(sw.dayWindowEnd - now) - } - - return status -} - -// UpdateConfig updates the rate limit configuration. -func (sw *SlidingWindow) UpdateConfig(config RateLimitConfig) { - sw.mu.Lock() - defer sw.mu.Unlock() - sw.config = config -} - -// resetWindowsIfNeeded resets window counters when the window expires. -// Must be called with the lock held. -func (sw *SlidingWindow) resetWindowsIfNeeded(now int64) { - // Reset minute window if expired - if now >= sw.minuteWindowEnd { - sw.minuteRequests = 0 - sw.minuteTokens = 0 - // Align to minute boundary - sw.minuteWindowEnd = (now/60 + 1) * 60 - } - - // Reset day window if expired - if now >= sw.dayWindowEnd { - sw.dayRequests = 0 - sw.dayTokens = 0 - // Align to day boundary (midnight UTC) - sw.dayWindowEnd = (now/86400 + 1) * 86400 - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/kilo_models.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/kilo_models.go deleted file mode 100644 index ac9939dbb7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/kilo_models.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package registry provides model definitions for various AI service providers. -package registry - -// GetKiloModels returns the Kilo model definitions -func GetKiloModels() []*ModelInfo { - return []*ModelInfo{ - // --- Base Models --- - { - ID: "kilo/auto", - Object: "model", - Created: 1732752000, - OwnedBy: "kilo", - Type: "kilo", - DisplayName: "Kilo Auto", - Description: "Automatic model selection by Kilo", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/kiro_model_converter.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/kiro_model_converter.go deleted file mode 100644 index fe50a8f306..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/kiro_model_converter.go +++ /dev/null @@ -1,303 +0,0 @@ -// Package registry provides Kiro model conversion utilities. -// This file handles converting dynamic Kiro API model lists to the internal ModelInfo format, -// and merging with static metadata for thinking support and other capabilities. -package registry - -import ( - "strings" - "time" -) - -// KiroAPIModel represents a model from Kiro API response. -// This is a local copy to avoid import cycles with the kiro package. -// The structure mirrors kiro.KiroModel for easy data conversion. -type KiroAPIModel struct { - // ModelID is the unique identifier for the model (e.g., "claude-sonnet-4.5") - ModelID string - // ModelName is the human-readable name - ModelName string - // Description is the model description - Description string - // RateMultiplier is the credit multiplier for this model - RateMultiplier float64 - // RateUnit is the unit for rate calculation (e.g., "credit") - RateUnit string - // MaxInputTokens is the maximum input token limit - MaxInputTokens int -} - -// DefaultKiroThinkingSupport defines the default thinking configuration for Kiro models. -// All Kiro models support thinking with the following budget range. -var DefaultKiroThinkingSupport = &ThinkingSupport{ - Min: 1024, // Minimum thinking budget tokens - Max: 32000, // Maximum thinking budget tokens - ZeroAllowed: true, // Allow disabling thinking with 0 - DynamicAllowed: true, // Allow dynamic thinking budget (-1) -} - -// DefaultKiroContextLength is the default context window size for Kiro models. -const DefaultKiroContextLength = 200000 - -// DefaultKiroMaxCompletionTokens is the default max completion tokens for Kiro models. -const DefaultKiroMaxCompletionTokens = 64000 - -// ConvertKiroAPIModels converts Kiro API models to internal ModelInfo format. -// It performs the following transformations: -// - Normalizes model ID (e.g., claude-sonnet-4.5 → kiro-claude-sonnet-4-5) -// - Adds default thinking support metadata -// - Sets default context length and max completion tokens if not provided -// -// Parameters: -// - kiroModels: List of models from Kiro API response -// -// Returns: -// - []*ModelInfo: Converted model information list -func ConvertKiroAPIModels(kiroModels []*KiroAPIModel) []*ModelInfo { - if len(kiroModels) == 0 { - return nil - } - - now := time.Now().Unix() - result := make([]*ModelInfo, 0, len(kiroModels)) - - for _, km := range kiroModels { - // Skip nil models - if km == nil { - continue - } - - // Skip models without valid ID - if km.ModelID == "" { - continue - } - - // Normalize the model ID to kiro-* format - normalizedID := normalizeKiroModelID(km.ModelID) - - // Create ModelInfo with converted data - info := &ModelInfo{ - ID: normalizedID, - Object: "model", - Created: now, - OwnedBy: "aws", - Type: "kiro", - DisplayName: generateKiroDisplayName(km.ModelName, normalizedID), - Description: km.Description, - // Use MaxInputTokens from API if available, otherwise use default - ContextLength: getContextLength(km.MaxInputTokens), - MaxCompletionTokens: DefaultKiroMaxCompletionTokens, - // All Kiro models support thinking - Thinking: cloneThinkingSupport(DefaultKiroThinkingSupport), - } - - result = append(result, info) - } - - return result -} - -// GenerateAgenticVariants creates -agentic variants for each model. -// Agentic variants are optimized for coding agents with chunked writes. -// -// Parameters: -// - models: Base models to generate variants for -// -// Returns: -// - []*ModelInfo: Combined list of base models and their agentic variants -func GenerateAgenticVariants(models []*ModelInfo) []*ModelInfo { - if len(models) == 0 { - return nil - } - - // Pre-allocate result with capacity for both base models and variants - result := make([]*ModelInfo, 0, len(models)*2) - - for _, model := range models { - if model == nil { - continue - } - - // Add the base model first - result = append(result, model) - - // Skip if model already has -agentic suffix - if strings.HasSuffix(model.ID, "-agentic") { - continue - } - - // Skip special models that shouldn't have agentic variants - if model.ID == "kiro-auto" { - continue - } - - // Create agentic variant - agenticModel := &ModelInfo{ - ID: model.ID + "-agentic", - Object: model.Object, - Created: model.Created, - OwnedBy: model.OwnedBy, - Type: model.Type, - DisplayName: model.DisplayName + " (Agentic)", - Description: generateAgenticDescription(model.Description), - ContextLength: model.ContextLength, - MaxCompletionTokens: model.MaxCompletionTokens, - Thinking: cloneThinkingSupport(model.Thinking), - } - - result = append(result, agenticModel) - } - - return result -} - -// MergeWithStaticMetadata merges dynamic models with static metadata. -// Static metadata takes priority for any overlapping fields. -// This allows manual overrides for specific models while keeping dynamic discovery. -// -// Parameters: -// - dynamicModels: Models from Kiro API (converted to ModelInfo) -// - staticModels: Predefined model metadata (from GetKiroModels()) -// -// Returns: -// - []*ModelInfo: Merged model list with static metadata taking priority -func MergeWithStaticMetadata(dynamicModels, staticModels []*ModelInfo) []*ModelInfo { - if len(dynamicModels) == 0 && len(staticModels) == 0 { - return nil - } - - // Build a map of static models for quick lookup - staticMap := make(map[string]*ModelInfo, len(staticModels)) - for _, sm := range staticModels { - if sm != nil && sm.ID != "" { - staticMap[sm.ID] = sm - } - } - - // Build result, preferring static metadata where available - seenIDs := make(map[string]struct{}) - result := make([]*ModelInfo, 0, len(dynamicModels)+len(staticModels)) - - // First, process dynamic models and merge with static if available - for _, dm := range dynamicModels { - if dm == nil || dm.ID == "" { - continue - } - - // Skip duplicates - if _, seen := seenIDs[dm.ID]; seen { - continue - } - seenIDs[dm.ID] = struct{}{} - - // Check if static metadata exists for this model - if sm, exists := staticMap[dm.ID]; exists { - // Static metadata takes priority - use static model - result = append(result, sm) - } else { - // No static metadata - use dynamic model - result = append(result, dm) - } - } - - // Add any static models not in dynamic list - for _, sm := range staticModels { - if sm == nil || sm.ID == "" { - continue - } - if _, seen := seenIDs[sm.ID]; seen { - continue - } - seenIDs[sm.ID] = struct{}{} - result = append(result, sm) - } - - return result -} - -// normalizeKiroModelID converts Kiro API model IDs to internal format. -// Transformation rules: -// - Adds "kiro-" prefix if not present -// - Replaces dots with hyphens (e.g., 4.5 → 4-5) -// - Handles special cases like "auto" → "kiro-auto" -// -// Examples: -// - "claude-sonnet-4.5" → "kiro-claude-sonnet-4-5" -// - "claude-opus-4.5" → "kiro-claude-opus-4-5" -// - "auto" → "kiro-auto" -// - "kiro-claude-sonnet-4-5" → "kiro-claude-sonnet-4-5" (unchanged) -func normalizeKiroModelID(modelID string) string { - if modelID == "" { - return "" - } - - // Trim whitespace - modelID = strings.TrimSpace(modelID) - - // Replace dots with hyphens (e.g., 4.5 → 4-5) - normalized := strings.ReplaceAll(modelID, ".", "-") - - // Add kiro- prefix if not present - if !strings.HasPrefix(normalized, "kiro-") { - normalized = "kiro-" + normalized - } - - return normalized -} - -// generateKiroDisplayName creates a human-readable display name. -// Uses the API-provided model name if available, otherwise generates from ID. -func generateKiroDisplayName(modelName, normalizedID string) string { - if modelName != "" { - return "Kiro " + modelName - } - - // Generate from normalized ID by removing kiro- prefix and formatting - displayID := strings.TrimPrefix(normalizedID, "kiro-") - // Capitalize first letter of each word - words := strings.Split(displayID, "-") - for i, word := range words { - if len(word) > 0 { - words[i] = strings.ToUpper(word[:1]) + word[1:] - } - } - return "Kiro " + strings.Join(words, " ") -} - -// generateAgenticDescription creates description for agentic variants. -func generateAgenticDescription(baseDescription string) string { - if baseDescription == "" { - return "Optimized for coding agents with chunked writes" - } - return baseDescription + " (Agentic mode: chunked writes)" -} - -// getContextLength returns the context length, using default if not provided. -func getContextLength(maxInputTokens int) int { - if maxInputTokens > 0 { - return maxInputTokens - } - return DefaultKiroContextLength -} - -// cloneThinkingSupport creates a deep copy of ThinkingSupport. -// Returns nil if input is nil. -func cloneThinkingSupport(ts *ThinkingSupport) *ThinkingSupport { - if ts == nil { - return nil - } - - clone := &ThinkingSupport{ - Min: ts.Min, - Max: ts.Max, - ZeroAllowed: ts.ZeroAllowed, - DynamicAllowed: ts.DynamicAllowed, - } - - // Deep copy Levels slice if present - if len(ts.Levels) > 0 { - clone.Levels = make([]string, len(ts.Levels)) - copy(clone.Levels, ts.Levels) - } - - return clone -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions.go deleted file mode 100644 index 2160594a61..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions.go +++ /dev/null @@ -1,1228 +0,0 @@ -// Package registry provides model definitions and lookup helpers for various AI providers. -// Static model metadata is stored in model_definitions_static_data.go. -package registry - -import ( - "sort" - "strings" -) - -// GetStaticModelDefinitionsByChannel returns static model definitions for a given channel/provider. -// It returns nil when the channel is unknown. -// -// Supported channels: -// - claude -// - gemini -// - vertex -// - gemini-cli -// - aistudio -// - codex -// - qwen -// - iflow -// - kimi -// - kiro -// - kilo -// - github-copilot -// - amazonq -// - cursor (via cursor-api; use dedicated cursor: block) -// - minimax (use dedicated minimax: block; api.minimax.io) -// - roo (use dedicated roo: block; api.roocode.com) -// - kilo (use dedicated kilo: block; api.kilo.ai) -// - antigravity (returns static overrides only) -func GetStaticModelDefinitionsByChannel(channel string) []*ModelInfo { - key := strings.ToLower(strings.TrimSpace(channel)) - switch key { - case "openai": - return GetOpenAIModels() - case "claude": - return GetClaudeModels() - case "gemini": - return GetGeminiModels() - case "vertex": - return GetGeminiVertexModels() - case "gemini-cli": - return GetGeminiCLIModels() - case "aistudio": - return GetAIStudioModels() - case "codex": - return GetOpenAIModels() - case "qwen": - return GetQwenModels() - case "iflow": - return GetIFlowModels() - case "kimi": - return GetKimiModels() - case "github-copilot": - return GetGitHubCopilotModels() - case "kiro": - return GetKiroModels() - case "amazonq": - return GetAmazonQModels() - case "cursor": - return GetCursorModels() - case "minimax": - return GetMiniMaxModels() - case "roo": - return GetRooModels() - case "kilo": - return GetKiloModels() - case "kilocode": - return GetKiloModels() - case "deepseek": - return GetDeepSeekModels() - case "groq": - return GetGroqModels() - case "mistral": - return GetMistralModels() - case "siliconflow": - return GetSiliconFlowModels() - case "openrouter": - return GetOpenRouterModels() - case "together": - return GetTogetherModels() - case "fireworks": - return GetFireworksModels() - case "novita": - return GetNovitaModels() - case "antigravity": - cfg := GetAntigravityModelConfig() - if len(cfg) == 0 { - return nil - } - models := make([]*ModelInfo, 0, len(cfg)) - for modelID, entry := range cfg { - if modelID == "" || entry == nil { - continue - } - models = append(models, &ModelInfo{ - ID: modelID, - Object: "model", - OwnedBy: "antigravity", - Type: "antigravity", - Thinking: entry.Thinking, - MaxCompletionTokens: entry.MaxCompletionTokens, - }) - } - sort.Slice(models, func(i, j int) bool { - return strings.ToLower(models[i].ID) < strings.ToLower(models[j].ID) - }) - return models - default: - return nil - } -} - -// LookupStaticModelInfo searches all static model definitions for a model by ID. -// Returns nil if no matching model is found. -func LookupStaticModelInfo(modelID string) *ModelInfo { - if modelID == "" { - return nil - } - - allModels := [][]*ModelInfo{ - GetClaudeModels(), - GetGeminiModels(), - GetGeminiVertexModels(), - GetGeminiCLIModels(), - GetAIStudioModels(), - GetOpenAIModels(), - GetQwenModels(), - GetIFlowModels(), - GetKimiModels(), - GetGitHubCopilotModels(), - GetKiroModels(), - GetKiloModels(), - GetAmazonQModels(), - GetCursorModels(), - GetMiniMaxModels(), - GetRooModels(), - GetKiloModels(), - GetDeepSeekModels(), - GetGroqModels(), - GetMistralModels(), - GetSiliconFlowModels(), - GetOpenRouterModels(), - GetTogetherModels(), - GetFireworksModels(), - GetNovitaModels(), - } - for _, models := range allModels { - for _, m := range models { - if m != nil && m.ID == modelID { - return m - } - } - } - - // Check Antigravity static config - if cfg := GetAntigravityModelConfig()[modelID]; cfg != nil { - return &ModelInfo{ - ID: modelID, - Thinking: cfg.Thinking, - MaxCompletionTokens: cfg.MaxCompletionTokens, - } - } - - return nil -} - -// GetGitHubCopilotModels returns the available models for GitHub Copilot. -// These models are available through the GitHub Copilot API at api.githubcopilot.com. -func GetGitHubCopilotModels() []*ModelInfo { - now := int64(1732752000) // 2024-11-27 - gpt4oEntries := []struct { - ID string - DisplayName string - Description string - }{ - {ID: "gpt-4o-2024-11-20", DisplayName: "GPT-4o (2024-11-20)", Description: "OpenAI GPT-4o 2024-11-20 via GitHub Copilot"}, - {ID: "gpt-4o-2024-08-06", DisplayName: "GPT-4o (2024-08-06)", Description: "OpenAI GPT-4o 2024-08-06 via GitHub Copilot"}, - {ID: "gpt-4o-2024-05-13", DisplayName: "GPT-4o (2024-05-13)", Description: "OpenAI GPT-4o 2024-05-13 via GitHub Copilot"}, - {ID: "gpt-4o", DisplayName: "GPT-4o", Description: "OpenAI GPT-4o via GitHub Copilot"}, - {ID: "gpt-4-o-preview", DisplayName: "GPT-4-o Preview", Description: "OpenAI GPT-4-o Preview via GitHub Copilot"}, - } - - models := []*ModelInfo{ - { - ID: "gpt-4.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-4.1", - Description: "OpenAI GPT-4.1 via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - } - - for _, entry := range gpt4oEntries { - models = append(models, &ModelInfo{ - ID: entry.ID, - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: entry.DisplayName, - Description: entry.Description, - ContextLength: 128000, - MaxCompletionTokens: 16384, - }) - } - - models = append(models, []*ModelInfo{ - { - ID: "gpt-5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5", - Description: "OpenAI GPT-5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-mini", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Mini", - Description: "OpenAI GPT-5 Mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex", - Description: "OpenAI GPT-5 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1", - Description: "OpenAI GPT-5.1 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex", - Description: "OpenAI GPT-5.1 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-mini", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex Mini", - Description: "OpenAI GPT-5.1 Codex Mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-max", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex Max", - Description: "OpenAI GPT-5.1 Codex Max via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2", - Description: "OpenAI GPT-5.2 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2 Codex", - Description: "OpenAI GPT-5.2 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5-codex-low", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex (low)", - Description: "OpenAI GPT-5 Codex low reasoning mode via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low"}}, - }, - { - ID: "gpt-5-codex-medium", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex (medium)", - Description: "OpenAI GPT-5 Codex medium reasoning mode via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"medium"}}, - }, - { - ID: "gpt-5-codex-high", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex (high)", - Description: "OpenAI GPT-5 Codex high reasoning mode via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"high"}}, - }, - { - ID: "gpt-5.3-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.3 Codex", - Description: "OpenAI GPT-5.3 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "claude-haiku-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Haiku 4.5", - Description: "Anthropic Claude Haiku 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.1", - Description: "Anthropic Claude Opus 4.1 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.5", - Description: "Anthropic Claude Opus 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.6", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.6", - Description: "Anthropic Claude Opus 4.6 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4", - Description: "Anthropic Claude Sonnet 4 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4.5", - Description: "Anthropic Claude Sonnet 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4.6", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4.6", - Description: "Anthropic Claude Sonnet 4.6 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "gemini-2.5-pro", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 2.5 Pro", - Description: "Google Gemini 2.5 Pro via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3 Pro (Preview)", - Description: "Google Gemini 3 Pro Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3.1 Pro (Preview)", - Description: "Google Gemini 3.1 Pro Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3 Flash (Preview)", - Description: "Google Gemini 3 Flash Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "grok-code-fast-1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Grok Code Fast 1", - Description: "xAI Grok Code Fast 1 via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "oswe-vscode-prime", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Raptor mini (Preview)", - Description: "Raptor mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - }, - }...) - - // GitHub Copilot currently exposes a uniform 128K context window across registered models. - for _, model := range models { - if model != nil { - model.ContextLength = 128000 - } - } - - return models -} - -// GetKiroModels returns the Kiro (AWS CodeWhisperer) model definitions -func GetKiroModels() []*ModelInfo { - return []*ModelInfo{ - // --- Base Models --- - { - ID: "kiro-auto", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Auto", - Description: "Automatic model selection by Kiro", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-6", - Object: "model", - Created: 1736899200, // 2025-01-15 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.6", - Description: "Claude Opus 4.6 via Kiro (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-6", - Object: "model", - Created: 1739836800, // 2025-02-18 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.6", - Description: "Claude Sonnet 4.6 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.5", - Description: "Claude Opus 4.5 via Kiro (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.5", - Description: "Claude Sonnet 4.5 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4", - Description: "Claude Sonnet 4 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-haiku-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Haiku 4.5", - Description: "Claude Haiku 4.5 via Kiro (0.4x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - // --- 第三方模型 (通过 Kiro 接入) --- - { - ID: "kiro-deepseek-3-2", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro DeepSeek 3.2", - Description: "DeepSeek 3.2 via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-minimax-m2-1", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro MiniMax M2.1", - Description: "MiniMax M2.1 via Kiro", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-qwen3-coder-next", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Qwen3 Coder Next", - Description: "Qwen3 Coder Next via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-gpt-4o", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4o", - Description: "OpenAI GPT-4o via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "kiro-gpt-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4", - Description: "OpenAI GPT-4 via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 8192, - }, - { - ID: "kiro-gpt-4-turbo", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4 Turbo", - Description: "OpenAI GPT-4 Turbo via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "kiro-gpt-3-5-turbo", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-3.5 Turbo", - Description: "OpenAI GPT-3.5 Turbo via Kiro", - ContextLength: 16384, - MaxCompletionTokens: 4096, - }, - // --- Agentic Variants (Optimized for coding agents with chunked writes) --- - { - ID: "kiro-claude-opus-4-6-agentic", - Object: "model", - Created: 1736899200, // 2025-01-15 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.6 (Agentic)", - Description: "Claude Opus 4.6 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-6-agentic", - Object: "model", - Created: 1739836800, // 2025-02-18 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.6 (Agentic)", - Description: "Claude Sonnet 4.6 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.5 (Agentic)", - Description: "Claude Opus 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.5 (Agentic)", - Description: "Claude Sonnet 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4 (Agentic)", - Description: "Claude Sonnet 4 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-haiku-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Haiku 4.5 (Agentic)", - Description: "Claude Haiku 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetAmazonQModels returns the Amazon Q (AWS CodeWhisperer) model definitions. -// These models use the same API as Kiro and share the same executor. -func GetAmazonQModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "amazonq-auto", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", // Uses Kiro executor - same API - DisplayName: "Amazon Q Auto", - Description: "Automatic model selection by Amazon Q", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-opus-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Opus 4.5", - Description: "Claude Opus 4.5 via Amazon Q (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-sonnet-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Sonnet 4.5", - Description: "Claude Sonnet 4.5 via Amazon Q (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-sonnet-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Sonnet 4", - Description: "Claude Sonnet 4 via Amazon Q (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-haiku-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Haiku 4.5", - Description: "Claude Haiku 4.5 via Amazon Q (0.4x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - } -} - -// GetCursorModels returns model definitions for Cursor via cursor-api (wisdgod). -// Use dedicated cursor: block in config (token-file, cursor-api-url). -func GetCursorModels() []*ModelInfo { - now := int64(1732752000) - return []*ModelInfo{ - { - ID: "claude-4.5-opus-high-thinking", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "Claude 4.5 Opus High Thinking", - Description: "Anthropic Claude 4.5 Opus via Cursor (cursor-api)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "claude-4.5-opus-high", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "Claude 4.5 Opus High", - Description: "Anthropic Claude 4.5 Opus via Cursor (cursor-api)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "claude-4.5-sonnet-thinking", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "Claude 4.5 Sonnet Thinking", - Description: "Anthropic Claude 4.5 Sonnet via Cursor (cursor-api)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "claude-4-sonnet", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "Claude 4 Sonnet", - Description: "Anthropic Claude 4 Sonnet via Cursor (cursor-api)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "gpt-4o", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "GPT-4o", - Description: "OpenAI GPT-4o via Cursor (cursor-api)", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "GPT-5.1 Codex", - Description: "OpenAI GPT-5.1 Codex via Cursor (cursor-api)", - ContextLength: 200000, - MaxCompletionTokens: 32768, - }, - { - ID: "default", - Object: "model", - Created: now, - OwnedBy: "cursor", - Type: "cursor", - DisplayName: "Default", - Description: "Cursor server-selected default model", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - } -} - -// GetMiniMaxModels returns model definitions for MiniMax (api.minimax.chat). -// Use dedicated minimax: block in config (OAuth token-file or api-key). -func GetMiniMaxModels() []*ModelInfo { - now := int64(1758672000) - return []*ModelInfo{ - { - ID: "minimax-m2", - Object: "model", - Created: now, - OwnedBy: "minimax", - Type: "minimax", - DisplayName: "MiniMax M2", - Description: "MiniMax M2 via api.minimax.chat", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "minimax-m2.1", - Object: "model", - Created: 1766448000, - OwnedBy: "minimax", - Type: "minimax", - DisplayName: "MiniMax M2.1", - Description: "MiniMax M2.1 via api.minimax.chat", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "minimax-m2.5", - Object: "model", - Created: 1770825600, - OwnedBy: "minimax", - Type: "minimax", - DisplayName: "MiniMax M2.5", - Description: "MiniMax M2.5 via api.minimax.chat", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetRooModels returns model definitions for Roo Code (RooCodeInc). -// Use dedicated roo: block in config (token-file or api-key). -func GetRooModels() []*ModelInfo { - now := int64(1758672000) - return []*ModelInfo{ - { - ID: "roo-default", - Object: "model", - Created: now, - OwnedBy: "roo", - Type: "roo", - DisplayName: "Roo Default", - Description: "Roo Code default model via api.roocode.com", - ContextLength: 128000, - MaxCompletionTokens: 32768, - }, - } -} - -// GetDeepSeekModels returns static model definitions for DeepSeek. -func GetDeepSeekModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "deepseek-chat", - Object: "model", - Created: now, - OwnedBy: "deepseek", - Type: "deepseek", - DisplayName: "DeepSeek V3", - Description: "DeepSeek-V3 chat model", - ContextLength: 64000, - MaxCompletionTokens: 8192, - }, - { - ID: "deepseek-reasoner", - Object: "model", - Created: now, - OwnedBy: "deepseek", - Type: "deepseek", - DisplayName: "DeepSeek R1", - Description: "DeepSeek-R1 reasoning model", - ContextLength: 64000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetGroqModels returns static model definitions for Groq. -func GetGroqModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "llama-3.3-70b-versatile", - Object: "model", - Created: now, - OwnedBy: "groq", - Type: "groq", - DisplayName: "Llama 3.3 70B (Groq)", - Description: "Llama 3.3 70B via Groq LPU", - ContextLength: 128000, - MaxCompletionTokens: 32768, - }, - { - ID: "llama-3.1-8b-instant", - Object: "model", - Created: now, - OwnedBy: "groq", - Type: "groq", - DisplayName: "Llama 3.1 8B (Groq)", - Description: "Llama 3.1 8B via Groq LPU", - ContextLength: 128000, - MaxCompletionTokens: 32768, - }, - } -} - -// GetMistralModels returns static model definitions for Mistral AI. -func GetMistralModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "mistral-large-latest", - Object: "model", - Created: now, - OwnedBy: "mistral", - Type: "mistral", - DisplayName: "Mistral Large", - Description: "Mistral Large latest model", - ContextLength: 128000, - MaxCompletionTokens: 32768, - }, - { - ID: "codestral-latest", - Object: "model", - Created: now, - OwnedBy: "mistral", - Type: "mistral", - DisplayName: "Codestral", - Description: "Mistral code-specialized model", - ContextLength: 32000, - MaxCompletionTokens: 32768, - }, - } -} - -// GetSiliconFlowModels returns static model definitions for SiliconFlow. -func GetSiliconFlowModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "deepseek-ai/DeepSeek-V3", - Object: "model", - Created: now, - OwnedBy: "siliconflow", - Type: "siliconflow", - DisplayName: "DeepSeek V3 (SiliconFlow)", - Description: "DeepSeek-V3 via SiliconFlow", - ContextLength: 64000, - MaxCompletionTokens: 8192, - }, - { - ID: "deepseek-ai/DeepSeek-R1", - Object: "model", - Created: now, - OwnedBy: "siliconflow", - Type: "siliconflow", - DisplayName: "DeepSeek R1 (SiliconFlow)", - Description: "DeepSeek-R1 via SiliconFlow", - ContextLength: 64000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetOpenRouterModels returns static model definitions for OpenRouter. -func GetOpenRouterModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "anthropic/claude-3.5-sonnet", - Object: "model", - Created: now, - OwnedBy: "openrouter", - Type: "openrouter", - DisplayName: "Claude 3.5 Sonnet (OpenRouter)", - ContextLength: 200000, - MaxCompletionTokens: 8192, - }, - { - ID: "google/gemini-2.0-flash-001", - Object: "model", - Created: now, - OwnedBy: "openrouter", - Type: "openrouter", - DisplayName: "Gemini 2.0 Flash (OpenRouter)", - ContextLength: 1000000, - MaxCompletionTokens: 8192, - }, - } -} - -// GetTogetherModels returns static model definitions for Together AI. -func GetTogetherModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "deepseek-ai/DeepSeek-V3", - Object: "model", - Created: now, - OwnedBy: "together", - Type: "together", - DisplayName: "DeepSeek V3 (Together)", - ContextLength: 64000, - MaxCompletionTokens: 8192, - }, - { - ID: "deepseek-ai/DeepSeek-R1", - Object: "model", - Created: now, - OwnedBy: "together", - Type: "together", - DisplayName: "DeepSeek R1 (Together)", - ContextLength: 64000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetFireworksModels returns static model definitions for Fireworks AI. -func GetFireworksModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "accounts/fireworks/models/deepseek-v3", - Object: "model", - Created: now, - OwnedBy: "fireworks", - Type: "fireworks", - DisplayName: "DeepSeek V3 (Fireworks)", - ContextLength: 64000, - MaxCompletionTokens: 8192, - }, - { - ID: "accounts/fireworks/models/deepseek-r1", - Object: "model", - Created: now, - OwnedBy: "fireworks", - Type: "fireworks", - DisplayName: "DeepSeek R1 (Fireworks)", - ContextLength: 64000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetNovitaModels returns static model definitions for Novita AI. -func GetNovitaModels() []*ModelInfo { - now := int64(1738672000) - return []*ModelInfo{ - { - ID: "deepseek/deepseek-v3", - Object: "model", - Created: now, - OwnedBy: "novita", - Type: "novita", - DisplayName: "DeepSeek V3 (Novita)", - ContextLength: 64000, - MaxCompletionTokens: 8192, - }, - { - ID: "deepseek/deepseek-r1", - Object: "model", - Created: now, - OwnedBy: "novita", - Type: "novita", - DisplayName: "DeepSeek R1 (Novita)", - ContextLength: 64000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions_static_data.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions_static_data.go deleted file mode 100644 index 9055541305..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions_static_data.go +++ /dev/null @@ -1,983 +0,0 @@ -// Package registry provides model definitions for various AI service providers. -// This file stores the static model metadata catalog. -package registry - -// GetClaudeModels returns the standard Claude model definitions -func GetClaudeModels() []*ModelInfo { - return []*ModelInfo{ - - { - ID: "claude-haiku-4-5-20251001", - Object: "model", - Created: 1759276800, // 2025-10-01 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Haiku", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-5-20250929", - Object: "model", - Created: 1759104000, // 2025-09-29 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-6", - Object: "model", - Created: 1771372800, // 2026-02-17 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-6", - Object: "model", - Created: 1770318000, // 2026-02-05 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Opus", - Description: "Premium model combining maximum intelligence with practical performance", - ContextLength: 1000000, - MaxCompletionTokens: 128000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-6", - Object: "model", - Created: 1771286400, // 2026-02-17 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Sonnet", - Description: "Best combination of speed and intelligence", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-5-20251101", - Object: "model", - Created: 1761955200, // 2025-11-01 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Opus", - Description: "Premium model combining maximum intelligence with practical performance", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-1-20250805", - Object: "model", - Created: 1722945600, // 2025-08-05 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.1 Opus", - ContextLength: 200000, - MaxCompletionTokens: 32000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-20250514", - Object: "model", - Created: 1715644800, // 2025-05-14 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4 Opus", - ContextLength: 200000, - MaxCompletionTokens: 32000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-20250514", - Object: "model", - Created: 1715644800, // 2025-05-14 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-3-7-sonnet-20250219", - Object: "model", - Created: 1708300800, // 2025-02-19 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 3.7 Sonnet", - ContextLength: 128000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-3-5-haiku-20241022", - Object: "model", - Created: 1729555200, // 2024-10-22 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 3.5 Haiku", - ContextLength: 128000, - MaxCompletionTokens: 8192, - // Thinking: not supported for Haiku models - }, - } -} - -// GetGeminiModels returns the standard Gemini model definitions -func GetGeminiModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Gemini 3 Flash Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gemini-3-pro-image-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-image-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Image Preview", - Description: "Gemini 3 Pro Image Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - } -} - -func GetGeminiVertexModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gemini-3-pro-image-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-image-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Image Preview", - Description: "Gemini 3 Pro Image Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - // Imagen image generation models - use :predict action - { - ID: "imagen-4.0-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Generate", - Description: "Imagen 4.0 image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-4.0-ultra-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-ultra-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Ultra Generate", - Description: "Imagen 4.0 Ultra high-quality image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-3.0-generate-002", - Object: "model", - Created: 1740000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-3.0-generate-002", - Version: "3.0", - DisplayName: "Imagen 3.0 Generate", - Description: "Imagen 3.0 image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-3.0-fast-generate-001", - Object: "model", - Created: 1740000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-3.0-fast-generate-001", - Version: "3.0", - DisplayName: "Imagen 3.0 Fast Generate", - Description: "Imagen 3.0 fast image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-4.0-fast-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-fast-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Fast Generate", - Description: "Imagen 4.0 fast image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - } -} - -// GetGeminiCLIModels returns the standard Gemini model definitions -func GetGeminiCLIModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Our most intelligent model with SOTA reasoning and multimodal understanding, and powerful agentic and vibe coding capabilities", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - } -} - -// GetAIStudioModels returns the Gemini model definitions for AI Studio integrations -func GetAIStudioModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-pro-latest", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-pro-latest", - Version: "2.5", - DisplayName: "Gemini Pro Latest", - Description: "Latest release of Gemini Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-flash-latest", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-flash-latest", - Version: "2.5", - DisplayName: "Gemini Flash Latest", - Description: "Latest release of Gemini Flash", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-flash-lite-latest", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-flash-lite-latest", - Version: "2.5", - DisplayName: "Gemini Flash-Lite Latest", - Description: "Latest release of Gemini Flash-Lite", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 512, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - // { - // ID: "gemini-2.5-flash-image-preview", - // Object: "model", - // Created: 1756166400, - // OwnedBy: "google", - // Type: "gemini", - // Name: "models/gemini-2.5-flash-image-preview", - // Version: "2.5", - // DisplayName: "Gemini 2.5 Flash Image Preview", - // Description: "State-of-the-art image generation and editing model.", - // InputTokenLimit: 1048576, - // OutputTokenLimit: 8192, - // SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - // // image models don't support thinkingConfig; leave Thinking nil - // }, - { - ID: "gemini-2.5-flash-image", - Object: "model", - Created: 1759363200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-image", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Image", - Description: "State-of-the-art image generation and editing model.", - InputTokenLimit: 1048576, - OutputTokenLimit: 8192, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - // image models don't support thinkingConfig; leave Thinking nil - }, - } -} - -// GetOpenAIModels returns the standard OpenAI model definitions -func GetOpenAIModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gpt-5", - Object: "model", - Created: 1754524800, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-08-07", - DisplayName: "GPT 5", - Description: "Stable version of GPT 5, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: 1757894400, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-09-15", - DisplayName: "GPT 5 Codex", - Description: "Stable version of GPT 5 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex-mini", - Object: "model", - Created: 1762473600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-11-07", - DisplayName: "GPT 5 Codex Mini", - Description: "Stable version of GPT 5 Codex Mini: cheaper, faster, but less capable version of GPT 5 Codex.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1", - Description: "Stable version of GPT 5.1, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1 Codex", - Description: "Stable version of GPT 5.1 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-mini", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1 Codex Mini", - Description: "Stable version of GPT 5.1 Codex Mini: cheaper, faster, but less capable version of GPT 5.1 Codex.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-max", - Object: "model", - Created: 1763424000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-max", - DisplayName: "GPT 5.1 Codex Max", - Description: "Stable version of GPT 5.1 Codex Max", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: 1765440000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.2", - DisplayName: "GPT 5.2", - Description: "Stable version of GPT 5.2", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: 1765440000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.2", - DisplayName: "GPT 5.2 Codex", - Description: "Stable version of GPT 5.2 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex", - Object: "model", - Created: 1770307200, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.3", - DisplayName: "GPT 5.3 Codex", - Description: "Stable version of GPT 5.3 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex-spark", - Object: "model", - Created: 1770912000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.3", - DisplayName: "GPT 5.3 Codex Spark", - Description: "Ultra-fast coding model.", - ContextLength: 128000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - } -} - -// GetQwenModels returns the standard Qwen model definitions -func GetQwenModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "qwen3-coder-plus", - Object: "model", - Created: 1753228800, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Coder Plus", - Description: "Advanced code generation and understanding model", - ContextLength: 32768, - MaxCompletionTokens: 8192, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "qwen3-coder-flash", - Object: "model", - Created: 1753228800, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Coder Flash", - Description: "Fast code generation model", - ContextLength: 8192, - MaxCompletionTokens: 2048, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "coder-model", - Object: "model", - Created: 1771171200, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.5", - DisplayName: "Qwen 3.5 Plus", - Description: "efficient hybrid model with leading coding performance", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "qwen3.5", - Object: "model", - Created: 1771171200, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.5", - DisplayName: "Qwen 3.5", - Description: "Canonical alias for Qwen 3.5 Plus model metadata", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "vision-model", - Object: "model", - Created: 1758672000, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Vision Model", - Description: "Vision model model", - ContextLength: 32768, - MaxCompletionTokens: 2048, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - } -} - -// iFlowThinkingSupport is a shared ThinkingSupport configuration for iFlow models -// that support thinking mode via chat_template_kwargs.enable_thinking (boolean toggle). -// Uses level-based configuration so standard normalization flows apply before conversion. -var iFlowThinkingSupport = &ThinkingSupport{ - Levels: []string{"none", "auto", "minimal", "low", "medium", "high", "xhigh"}, -} - -// GetIFlowModels returns supported models for iFlow OAuth accounts. -func GetIFlowModels() []*ModelInfo { - entries := []struct { - ID string - DisplayName string - Description string - Created int64 - Thinking *ThinkingSupport - }{ - {ID: "tstars2.0", DisplayName: "TStars-2.0", Description: "iFlow TStars-2.0 multimodal assistant", Created: 1746489600}, - {ID: "qwen3-coder-plus", DisplayName: "Qwen3-Coder-Plus", Description: "Qwen3 Coder Plus code generation", Created: 1753228800}, - {ID: "qwen3-max", DisplayName: "Qwen3-Max", Description: "Qwen3 flagship model", Created: 1758672000}, - {ID: "qwen3-vl-plus", DisplayName: "Qwen3-VL-Plus", Description: "Qwen3 multimodal vision-language", Created: 1758672000}, - {ID: "qwen3-max-preview", DisplayName: "Qwen3-Max-Preview", Description: "Qwen3 Max preview build", Created: 1757030400, Thinking: iFlowThinkingSupport}, - {ID: "kimi-k2-0905", DisplayName: "Kimi-K2-Instruct-0905", Description: "Moonshot Kimi K2 instruct 0905", Created: 1757030400}, - {ID: "glm-4.6", DisplayName: "GLM-4.6", Description: "Zhipu GLM 4.6 general model", Created: 1759190400, Thinking: iFlowThinkingSupport}, - {ID: "glm-4.7", DisplayName: "GLM-4.7", Description: "Zhipu GLM 4.7 general model", Created: 1766448000, Thinking: iFlowThinkingSupport}, - {ID: "glm-5", DisplayName: "GLM-5", Description: "Zhipu GLM 5 general model", Created: 1770768000, Thinking: iFlowThinkingSupport}, - {ID: "kimi-k2", DisplayName: "Kimi-K2", Description: "Moonshot Kimi K2 general model", Created: 1752192000}, - {ID: "kimi-k2-thinking", DisplayName: "Kimi-K2-Thinking", Description: "Moonshot Kimi K2 thinking model", Created: 1762387200}, - {ID: "deepseek-v3.2-chat", DisplayName: "DeepSeek-V3.2", Description: "DeepSeek V3.2 Chat", Created: 1764576000}, - {ID: "deepseek-v3.2-reasoner", DisplayName: "DeepSeek-V3.2", Description: "DeepSeek V3.2 Reasoner", Created: 1764576000}, - {ID: "deepseek-v3.2", DisplayName: "DeepSeek-V3.2-Exp", Description: "DeepSeek V3.2 experimental", Created: 1759104000, Thinking: iFlowThinkingSupport}, - {ID: "deepseek-v3.1", DisplayName: "DeepSeek-V3.1-Terminus", Description: "DeepSeek V3.1 Terminus", Created: 1756339200, Thinking: iFlowThinkingSupport}, - {ID: "deepseek-r1", DisplayName: "DeepSeek-R1", Description: "DeepSeek reasoning model R1", Created: 1737331200}, - {ID: "deepseek-v3", DisplayName: "DeepSeek-V3-671B", Description: "DeepSeek V3 671B", Created: 1734307200}, - {ID: "qwen3-32b", DisplayName: "Qwen3-32B", Description: "Qwen3 32B", Created: 1747094400}, - {ID: "qwen3-235b-a22b-thinking-2507", DisplayName: "Qwen3-235B-A22B-Thinking", Description: "Qwen3 235B A22B Thinking (2507)", Created: 1753401600}, - {ID: "qwen3-235b-a22b-instruct", DisplayName: "Qwen3-235B-A22B-Instruct", Description: "Qwen3 235B A22B Instruct", Created: 1753401600}, - {ID: "qwen3-235b", DisplayName: "Qwen3-235B-A22B", Description: "Qwen3 235B A22B", Created: 1753401600}, - {ID: "minimax-m2", DisplayName: "MiniMax-M2", Description: "MiniMax M2", Created: 1758672000, Thinking: iFlowThinkingSupport}, - {ID: "minimax-m2.1", DisplayName: "MiniMax-M2.1", Description: "MiniMax M2.1", Created: 1766448000, Thinking: iFlowThinkingSupport}, - {ID: "minimax-m2.5", DisplayName: "MiniMax-M2.5", Description: "MiniMax M2.5", Created: 1770825600, Thinking: iFlowThinkingSupport}, - {ID: "iflow-rome-30ba3b", DisplayName: "iFlow-ROME-30BA3B", Description: "iFlow ROME 30BA3B model", Created: 1736899200}, - {ID: "kimi-k2.5", DisplayName: "Kimi-K2.5", Description: "Moonshot Kimi K2.5", Created: 1769443200, Thinking: iFlowThinkingSupport}, - } - models := make([]*ModelInfo, 0, len(entries)) - for _, entry := range entries { - models = append(models, &ModelInfo{ - ID: entry.ID, - Object: "model", - Created: entry.Created, - OwnedBy: "iflow", - Type: "iflow", - DisplayName: entry.DisplayName, - Description: entry.Description, - Thinking: entry.Thinking, - }) - } - return models -} - -// AntigravityModelConfig captures static antigravity model overrides, including -// Thinking budget limits and provider max completion tokens. -type AntigravityModelConfig struct { - Thinking *ThinkingSupport - MaxCompletionTokens int -} - -// GetAntigravityModelConfig returns static configuration for antigravity models. -// Keys use upstream model names returned by the Antigravity models endpoint. -func GetAntigravityModelConfig() map[string]*AntigravityModelConfig { - return map[string]*AntigravityModelConfig{ - // "rev19-uic3-1p": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}}, - "gemini-2.5-flash": {Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}}, - "gemini-2.5-flash-lite": {Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}}, - "gemini-3-pro-high": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3-pro-image": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3-flash": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}}, - "claude-opus-4-5-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "gemini-claude-opus-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-opus-4-6-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-sonnet-4-5": {MaxCompletionTokens: 64000}, - "claude-sonnet-4-5-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-sonnet-4-6": {MaxCompletionTokens: 64000}, - "claude-sonnet-4-6-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "gpt-oss-120b-medium": {}, - "tab_flash_lite_preview": {}, - } -} - -// GetKimiModels returns the standard Kimi (Moonshot AI) model definitions -func GetKimiModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "kimi-k2", - Object: "model", - Created: 1752192000, // 2025-07-11 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2", - Description: "Kimi K2 - Moonshot AI's flagship coding model", - ContextLength: 131072, - MaxCompletionTokens: 32768, - }, - { - ID: "kimi-k2-thinking", - Object: "model", - Created: 1762387200, // 2025-11-06 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2 Thinking", - Description: "Kimi K2 Thinking - Extended reasoning model", - ContextLength: 131072, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kimi-k2.5", - Object: "model", - Created: 1769472000, // 2026-01-26 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2.5", - Description: "Kimi K2.5 - Latest Moonshot AI coding model with improved capabilities", - ContextLength: 131072, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions_test.go deleted file mode 100644 index e705377fe4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_definitions_test.go +++ /dev/null @@ -1,136 +0,0 @@ -package registry - -import ( - "testing" -) - -func TestGetStaticModelDefinitionsByChannel(t *testing.T) { - channels := []string{ - "claude", "gemini", "vertex", "gemini-cli", "aistudio", "codex", - "qwen", "iflow", "github-copilot", "kiro", "amazonq", "cursor", - "minimax", "roo", "kilo", "kilocode", "deepseek", "groq", "mistral", - "siliconflow", "openrouter", "together", "fireworks", "novita", - "antigravity", - } - - for _, ch := range channels { - models := GetStaticModelDefinitionsByChannel(ch) - if models == nil && ch != "antigravity" { - t.Errorf("expected models for channel %s, got nil", ch) - } - } - - if GetStaticModelDefinitionsByChannel("unknown") != nil { - t.Error("expected nil for unknown channel") - } -} - -func TestLookupStaticModelInfo(t *testing.T) { - // Known model - m := LookupStaticModelInfo("claude-3-5-sonnet-20241022") - if m == nil { - // Try another one if that's not in the static data - m = LookupStaticModelInfo("gpt-4o") - } - if m != nil { - if m.ID == "" { - t.Error("model ID should not be empty") - } - } - - // Unknown model - if LookupStaticModelInfo("non-existent-model") != nil { - t.Error("expected nil for unknown model") - } - - // Empty ID - if LookupStaticModelInfo("") != nil { - t.Error("expected nil for empty model ID") - } -} - -func TestGetGitHubCopilotModels(t *testing.T) { - models := GetGitHubCopilotModels() - if len(models) == 0 { - t.Error("expected models for GitHub Copilot") - } - foundGPT5 := false - foundGPT5CodexVariants := map[string]bool{ - "gpt-5-codex-low": false, - "gpt-5-codex-medium": false, - "gpt-5-codex-high": false, - } - for _, m := range models { - if m.ID == "gpt-5" { - foundGPT5 = true - break - } - } - for _, m := range models { - if _, ok := foundGPT5CodexVariants[m.ID]; ok { - foundGPT5CodexVariants[m.ID] = true - } - } - if !foundGPT5 { - t.Error("expected gpt-5 model in GitHub Copilot models") - } - for modelID, found := range foundGPT5CodexVariants { - if !found { - t.Errorf("expected %s model in GitHub Copilot models", modelID) - } - } - - for _, m := range models { - if m.ContextLength != 128000 { - t.Fatalf("expected github-copilot model %q context_length=128000, got %d", m.ID, m.ContextLength) - } - } -} - -func TestGetAntigravityModelConfig_IncludesOpusAlias(t *testing.T) { - cfg := GetAntigravityModelConfig() - entry, ok := cfg["gemini-claude-opus-thinking"] - if !ok { - t.Fatal("expected gemini-claude-opus-thinking alias in antigravity model config") - } - if entry == nil || entry.Thinking == nil { - t.Fatal("expected gemini-claude-opus-thinking to define thinking support") - } -} - -func TestGetQwenModels_IncludesQwen35Alias(t *testing.T) { - models := GetQwenModels() - foundAlias := false - for _, model := range models { - if model.ID == "qwen3.5" { - foundAlias = true - if model.DisplayName == "" { - t.Fatal("expected qwen3.5 to expose display name") - } - break - } - } - if !foundAlias { - t.Fatal("expected qwen3.5 in Qwen model definitions") - } - if LookupStaticModelInfo("qwen3.5") == nil { - t.Fatal("expected static lookup for qwen3.5") - } -} - -func TestGetOpenAIModels_GPT51Metadata(t *testing.T) { - models := GetOpenAIModels() - for _, model := range models { - if model.ID != "gpt-5.1" { - continue - } - if model.DisplayName != "GPT 5.1" { - t.Fatalf("expected gpt-5.1 display name %q, got %q", "GPT 5.1", model.DisplayName) - } - if model.Description == "" || model.Description == "Stable version of GPT 5, The best model for coding and agentic tasks across domains." { - t.Fatalf("expected gpt-5.1 description to explicitly mention version 5.1, got %q", model.Description) - } - return - } - t.Fatal("expected gpt-5.1 in OpenAI model definitions") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_registry.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_registry.go deleted file mode 100644 index 85906a8948..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_registry.go +++ /dev/null @@ -1,1248 +0,0 @@ -// Package registry provides centralized model management for all AI service providers. -// It implements a dynamic model registry with reference counting to track active clients -// and automatically hide models when no clients are available or when quota is exceeded. -package registry - -import ( - "context" - "crypto/sha256" - "fmt" - "sort" - "strings" - "sync" - "time" - - misc "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - log "github.com/sirupsen/logrus" -) - -// ModelInfo represents information about an available model -type ModelInfo struct { - // ID is the unique identifier for the model - ID string `json:"id"` - // Object type for the model (typically "model") - Object string `json:"object"` - // Created timestamp when the model was created - Created int64 `json:"created"` - // OwnedBy indicates the organization that owns the model - OwnedBy string `json:"owned_by"` - // Type indicates the model type (e.g., "claude", "gemini", "openai") - Type string `json:"type"` - // DisplayName is the human-readable name for the model - DisplayName string `json:"display_name,omitempty"` - // Name is used for Gemini-style model names - Name string `json:"name,omitempty"` - // Version is the model version - Version string `json:"version,omitempty"` - // Description provides detailed information about the model - Description string `json:"description,omitempty"` - // InputTokenLimit is the maximum input token limit - InputTokenLimit int `json:"inputTokenLimit,omitempty"` - // OutputTokenLimit is the maximum output token limit - OutputTokenLimit int `json:"outputTokenLimit,omitempty"` - // SupportedGenerationMethods lists supported generation methods - SupportedGenerationMethods []string `json:"supportedGenerationMethods,omitempty"` - // ContextLength is the context window size - ContextLength int `json:"context_length,omitempty"` - // MaxCompletionTokens is the maximum completion tokens - MaxCompletionTokens int `json:"max_completion_tokens,omitempty"` - // SupportedParameters lists supported parameters - SupportedParameters []string `json:"supported_parameters,omitempty"` - // SupportedEndpoints lists supported API endpoints (e.g., "/chat/completions", "/responses"). - SupportedEndpoints []string `json:"supported_endpoints,omitempty"` - - // Thinking holds provider-specific reasoning/thinking budget capabilities. - // This is optional and currently used for Gemini thinking budget normalization. - Thinking *ThinkingSupport `json:"thinking,omitempty"` - - // UserDefined indicates this model was defined through config file's models[] - // array (e.g., openai-compatibility.*.models[], *-api-key.models[]). - // UserDefined models have thinking configuration passed through without validation. - UserDefined bool `json:"-"` -} - -// ThinkingSupport describes a model family's supported internal reasoning budget range. -// Values are interpreted in provider-native token units. -type ThinkingSupport struct { - // Min is the minimum allowed thinking budget (inclusive). - Min int `json:"min,omitempty"` - // Max is the maximum allowed thinking budget (inclusive). - Max int `json:"max,omitempty"` - // ZeroAllowed indicates whether 0 is a valid value (to disable thinking). - ZeroAllowed bool `json:"zero_allowed,omitempty"` - // DynamicAllowed indicates whether -1 is a valid value (dynamic thinking budget). - DynamicAllowed bool `json:"dynamic_allowed,omitempty"` - // Levels defines discrete reasoning effort levels (e.g., "low", "medium", "high"). - // When set, the model uses level-based reasoning instead of token budgets. - Levels []string `json:"levels,omitempty"` -} - -// ModelRegistration tracks a model's availability -type ModelRegistration struct { - // Info contains the model metadata - Info *ModelInfo - // InfoByProvider maps provider identifiers to specific ModelInfo to support differing capabilities. - InfoByProvider map[string]*ModelInfo - // Count is the number of active clients that can provide this model - Count int - // LastUpdated tracks when this registration was last modified - LastUpdated time.Time - // QuotaExceededClients tracks which clients have exceeded quota for this model - QuotaExceededClients map[string]*time.Time - // Providers tracks available clients grouped by provider identifier - Providers map[string]int - // SuspendedClients tracks temporarily disabled clients keyed by client ID - SuspendedClients map[string]string -} - -// ModelRegistryHook provides optional callbacks for external integrations to track model list changes. -// Hook implementations must be non-blocking and resilient; calls are executed asynchronously and panics are recovered. -type ModelRegistryHook interface { - OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) - OnModelsUnregistered(ctx context.Context, provider, clientID string) -} - -// ModelRegistry manages the global registry of available models -type ModelRegistry struct { - // models maps model ID to registration information - models map[string]*ModelRegistration - // clientModels maps client ID to the models it provides - clientModels map[string][]string - // clientModelInfos maps client ID to a map of model ID -> ModelInfo - // This preserves the original model info provided by each client - clientModelInfos map[string]map[string]*ModelInfo - // clientProviders maps client ID to its provider identifier - clientProviders map[string]string - // mutex ensures thread-safe access to the registry - mutex *sync.RWMutex - // hook is an optional callback sink for model registration changes - hook ModelRegistryHook -} - -// Global model registry instance -var globalRegistry *ModelRegistry -var registryOnce sync.Once - -// GetGlobalRegistry returns the global model registry instance -func GetGlobalRegistry() *ModelRegistry { - registryOnce.Do(func() { - globalRegistry = &ModelRegistry{ - models: make(map[string]*ModelRegistration), - clientModels: make(map[string][]string), - clientModelInfos: make(map[string]map[string]*ModelInfo), - clientProviders: make(map[string]string), - mutex: &sync.RWMutex{}, - } - }) - return globalRegistry -} - -// LookupModelInfo searches dynamic registry (provider-specific > global) then static definitions. -func LookupModelInfo(modelID string, provider ...string) *ModelInfo { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - return nil - } - - p := "" - if len(provider) > 0 { - p = strings.ToLower(strings.TrimSpace(provider[0])) - } - - if info := GetGlobalRegistry().GetModelInfo(modelID, p); info != nil { - return info - } - return LookupStaticModelInfo(modelID) -} - -// SetHook sets an optional hook for observing model registration changes. -func (r *ModelRegistry) SetHook(hook ModelRegistryHook) { - if r == nil { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - r.hook = hook -} - -const defaultModelRegistryHookTimeout = 5 * time.Second - -func (r *ModelRegistry) triggerModelsRegistered(provider, clientID string, models []*ModelInfo) { - hook := r.hook - if hook == nil { - return - } - modelsCopy := cloneModelInfosUnique(models) - go func() { - defer func() { - if recovered := recover(); recovered != nil { - log.Errorf("model registry hook OnModelsRegistered panic: %v", recovered) - } - }() - ctx, cancel := context.WithTimeout(context.Background(), defaultModelRegistryHookTimeout) - defer cancel() - hook.OnModelsRegistered(ctx, provider, clientID, modelsCopy) - }() -} - -func (r *ModelRegistry) triggerModelsUnregistered(provider, clientID string) { - hook := r.hook - if hook == nil { - return - } - go func() { - defer func() { - if recovered := recover(); recovered != nil { - log.Errorf("model registry hook OnModelsUnregistered panic: %v", recovered) - } - }() - ctx, cancel := context.WithTimeout(context.Background(), defaultModelRegistryHookTimeout) - defer cancel() - hook.OnModelsUnregistered(ctx, provider, clientID) - }() -} - -// RegisterClient registers a client and its supported models -// Parameters: -// - clientID: Unique identifier for the client -// - clientProvider: Provider name (e.g., "gemini", "claude", "openai") -// - models: List of models that this client can provide -func (r *ModelRegistry) RegisterClient(clientID, clientProvider string, models []*ModelInfo) { - r.mutex.Lock() - defer r.mutex.Unlock() - - provider := strings.ToLower(clientProvider) - if provider == "github-copilot" { - models = normalizeCopilotContextLength(models) - } - uniqueModelIDs := make([]string, 0, len(models)) - rawModelIDs := make([]string, 0, len(models)) - newModels := make(map[string]*ModelInfo, len(models)) - newCounts := make(map[string]int, len(models)) - for _, model := range models { - if model == nil || model.ID == "" { - continue - } - rawModelIDs = append(rawModelIDs, model.ID) - newCounts[model.ID]++ - if _, exists := newModels[model.ID]; exists { - continue - } - newModels[model.ID] = model - uniqueModelIDs = append(uniqueModelIDs, model.ID) - } - - if len(uniqueModelIDs) == 0 { - // No models supplied; unregister existing client state if present. - r.unregisterClientInternal(clientID) - delete(r.clientModels, clientID) - delete(r.clientModelInfos, clientID) - delete(r.clientProviders, clientID) - misc.LogCredentialSeparator() - return - } - - now := time.Now() - - oldModels, hadExisting := r.clientModels[clientID] - oldProvider := r.clientProviders[clientID] - providerChanged := oldProvider != provider - if !hadExisting { - // Pure addition path. - for _, modelID := range rawModelIDs { - model := newModels[modelID] - r.addModelRegistration(modelID, provider, model, now) - } - r.clientModels[clientID] = append([]string(nil), rawModelIDs...) - // Store client's own model infos - clientInfos := make(map[string]*ModelInfo, len(newModels)) - for id, m := range newModels { - clientInfos[id] = cloneModelInfo(m) - } - r.clientModelInfos[clientID] = clientInfos - if provider != "" { - r.clientProviders[clientID] = provider - } else { - delete(r.clientProviders, clientID) - } - r.triggerModelsRegistered(provider, clientID, models) - log.Debugf("Registered client %s from provider %s with %d models", clientID, clientProvider, len(rawModelIDs)) - misc.LogCredentialSeparator() - return - } - - oldCounts := make(map[string]int, len(oldModels)) - for _, id := range oldModels { - oldCounts[id]++ - } - - added := make([]string, 0) - for _, id := range uniqueModelIDs { - if oldCounts[id] == 0 { - added = append(added, id) - } - } - - removed := make([]string, 0) - for id := range oldCounts { - if newCounts[id] == 0 { - removed = append(removed, id) - } - } - - // Handle provider change for overlapping models before modifications. - if providerChanged && oldProvider != "" { - for id, newCount := range newCounts { - if newCount == 0 { - continue - } - oldCount := oldCounts[id] - if oldCount == 0 { - continue - } - toRemove := newCount - if oldCount < toRemove { - toRemove = oldCount - } - if reg, ok := r.models[id]; ok && reg.Providers != nil { - if count, okProv := reg.Providers[oldProvider]; okProv { - if count <= toRemove { - delete(reg.Providers, oldProvider) - if reg.InfoByProvider != nil { - delete(reg.InfoByProvider, oldProvider) - } - } else { - reg.Providers[oldProvider] = count - toRemove - } - } - } - } - } - - // Apply removals first to keep counters accurate. - for _, id := range removed { - oldCount := oldCounts[id] - for i := 0; i < oldCount; i++ { - r.removeModelRegistration(clientID, id, oldProvider, now) - } - } - - for id, oldCount := range oldCounts { - newCount := newCounts[id] - if newCount == 0 || oldCount <= newCount { - continue - } - overage := oldCount - newCount - for i := 0; i < overage; i++ { - r.removeModelRegistration(clientID, id, oldProvider, now) - } - } - - // Apply additions. - for id, newCount := range newCounts { - oldCount := oldCounts[id] - if newCount <= oldCount { - continue - } - model := newModels[id] - diff := newCount - oldCount - for i := 0; i < diff; i++ { - r.addModelRegistration(id, provider, model, now) - } - } - - // Update metadata for models that remain associated with the client. - addedSet := make(map[string]struct{}, len(added)) - for _, id := range added { - addedSet[id] = struct{}{} - } - for _, id := range uniqueModelIDs { - model := newModels[id] - if reg, ok := r.models[id]; ok { - reg.Info = cloneModelInfo(model) - if provider != "" { - if reg.InfoByProvider == nil { - reg.InfoByProvider = make(map[string]*ModelInfo) - } - reg.InfoByProvider[provider] = cloneModelInfo(model) - } - reg.LastUpdated = now - if reg.QuotaExceededClients != nil { - delete(reg.QuotaExceededClients, clientID) - } - if reg.SuspendedClients != nil { - delete(reg.SuspendedClients, clientID) - } - if providerChanged && provider != "" { - if _, newlyAdded := addedSet[id]; newlyAdded { - continue - } - overlapCount := newCounts[id] - if oldCount := oldCounts[id]; oldCount < overlapCount { - overlapCount = oldCount - } - if overlapCount <= 0 { - continue - } - if reg.Providers == nil { - reg.Providers = make(map[string]int) - } - reg.Providers[provider] += overlapCount - } - } - } - - // Update client bookkeeping. - if len(rawModelIDs) > 0 { - r.clientModels[clientID] = append([]string(nil), rawModelIDs...) - } - // Update client's own model infos - clientInfos := make(map[string]*ModelInfo, len(newModels)) - for id, m := range newModels { - clientInfos[id] = cloneModelInfo(m) - } - r.clientModelInfos[clientID] = clientInfos - if provider != "" { - r.clientProviders[clientID] = provider - } else { - delete(r.clientProviders, clientID) - } - - r.triggerModelsRegistered(provider, clientID, models) - if len(added) == 0 && len(removed) == 0 && !providerChanged { - // Only metadata (e.g., display name) changed; skip separator when no log output. - return - } - - log.Debugf("Reconciled client %s (provider %s) models: +%d, -%d", clientID, provider, len(added), len(removed)) - misc.LogCredentialSeparator() -} - -func normalizeCopilotContextLength(models []*ModelInfo) []*ModelInfo { - normalized := make([]*ModelInfo, 0, len(models)) - for _, model := range models { - if model == nil { - continue - } - copyModel := cloneModelInfo(model) - copyModel.ContextLength = 128000 - normalized = append(normalized, copyModel) - } - return normalized -} - -func (r *ModelRegistry) addModelRegistration(modelID, provider string, model *ModelInfo, now time.Time) { - if model == nil || modelID == "" { - return - } - if existing, exists := r.models[modelID]; exists { - existing.Count++ - existing.LastUpdated = now - existing.Info = cloneModelInfo(model) - if existing.SuspendedClients == nil { - existing.SuspendedClients = make(map[string]string) - } - if existing.InfoByProvider == nil { - existing.InfoByProvider = make(map[string]*ModelInfo) - } - if provider != "" { - if existing.Providers == nil { - existing.Providers = make(map[string]int) - } - existing.Providers[provider]++ - existing.InfoByProvider[provider] = cloneModelInfo(model) - } - log.Debugf("Incremented count for model %s, now %d clients", modelID, existing.Count) - return - } - - registration := &ModelRegistration{ - Info: cloneModelInfo(model), - InfoByProvider: make(map[string]*ModelInfo), - Count: 1, - LastUpdated: now, - QuotaExceededClients: make(map[string]*time.Time), - SuspendedClients: make(map[string]string), - } - if provider != "" { - registration.Providers = map[string]int{provider: 1} - registration.InfoByProvider[provider] = cloneModelInfo(model) - } - r.models[modelID] = registration - log.Debugf("Registered new model %s from provider %s", modelID, provider) -} - -func (r *ModelRegistry) removeModelRegistration(clientID, modelID, provider string, now time.Time) { - registration, exists := r.models[modelID] - if !exists { - return - } - registration.Count-- - registration.LastUpdated = now - if registration.QuotaExceededClients != nil { - delete(registration.QuotaExceededClients, clientID) - } - if registration.SuspendedClients != nil { - delete(registration.SuspendedClients, clientID) - } - if registration.Count < 0 { - registration.Count = 0 - } - if provider != "" && registration.Providers != nil { - if count, ok := registration.Providers[provider]; ok { - if count <= 1 { - delete(registration.Providers, provider) - if registration.InfoByProvider != nil { - delete(registration.InfoByProvider, provider) - } - } else { - registration.Providers[provider] = count - 1 - } - } - } - log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count) - if registration.Count <= 0 { - delete(r.models, modelID) - log.Debugf("Removed model %s as no clients remain", modelID) - } -} - -func cloneModelInfo(model *ModelInfo) *ModelInfo { - if model == nil { - return nil - } - copyModel := *model - if len(model.SupportedGenerationMethods) > 0 { - copyModel.SupportedGenerationMethods = append([]string(nil), model.SupportedGenerationMethods...) - } - if len(model.SupportedParameters) > 0 { - copyModel.SupportedParameters = append([]string(nil), model.SupportedParameters...) - } - if len(model.SupportedEndpoints) > 0 { - copyModel.SupportedEndpoints = append([]string(nil), model.SupportedEndpoints...) - } - return ©Model -} - -func cloneModelInfosUnique(models []*ModelInfo) []*ModelInfo { - if len(models) == 0 { - return nil - } - cloned := make([]*ModelInfo, 0, len(models)) - seen := make(map[string]struct{}, len(models)) - for _, model := range models { - if model == nil || model.ID == "" { - continue - } - if _, exists := seen[model.ID]; exists { - continue - } - seen[model.ID] = struct{}{} - cloned = append(cloned, cloneModelInfo(model)) - } - return cloned -} - -// UnregisterClient removes a client and decrements counts for its models -// Parameters: -// - clientID: Unique identifier for the client to remove -func (r *ModelRegistry) UnregisterClient(clientID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - r.unregisterClientInternal(clientID) -} - -// unregisterClientInternal performs the actual client unregistration (internal, no locking) -func (r *ModelRegistry) unregisterClientInternal(clientID string) { - models, exists := r.clientModels[clientID] - provider, hasProvider := r.clientProviders[clientID] - if !exists { - if hasProvider { - delete(r.clientProviders, clientID) - } - return - } - - now := time.Now() - for _, modelID := range models { - if registration, isExists := r.models[modelID]; isExists { - registration.Count-- - registration.LastUpdated = now - - // Remove quota tracking for this client - delete(registration.QuotaExceededClients, clientID) - if registration.SuspendedClients != nil { - delete(registration.SuspendedClients, clientID) - } - - if hasProvider && registration.Providers != nil { - if count, ok := registration.Providers[provider]; ok { - if count <= 1 { - delete(registration.Providers, provider) - if registration.InfoByProvider != nil { - delete(registration.InfoByProvider, provider) - } - } else { - registration.Providers[provider] = count - 1 - } - } - } - - log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count) - - // Remove model if no clients remain - if registration.Count <= 0 { - delete(r.models, modelID) - log.Debugf("Removed model %s as no clients remain", modelID) - } - } - } - - delete(r.clientModels, clientID) - delete(r.clientModelInfos, clientID) - if hasProvider { - delete(r.clientProviders, clientID) - } - log.Debugf("Unregistered client %s", clientID) - // Separator line after completing client unregistration (after the summary line) - misc.LogCredentialSeparator() - r.triggerModelsUnregistered(provider, clientID) -} - -// SetModelQuotaExceeded marks a model as quota exceeded for a specific client -// Parameters: -// - clientID: The client that exceeded quota -// - modelID: The model that exceeded quota -func (r *ModelRegistry) SetModelQuotaExceeded(clientID, modelID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - - if registration, exists := r.models[modelID]; exists { - registration.QuotaExceededClients[clientID] = new(time.Now()) - log.Debug("Marked model as quota exceeded for client") - } -} - -// ClearModelQuotaExceeded removes quota exceeded status for a model and client -// Parameters: -// - clientID: The client to clear quota status for -// - modelID: The model to clear quota status for -func (r *ModelRegistry) ClearModelQuotaExceeded(clientID, modelID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - - if registration, exists := r.models[modelID]; exists { - delete(registration.QuotaExceededClients, clientID) - // log.Debugf("Cleared quota exceeded status for model %s and client %s", modelID, clientID) - } -} - -// SuspendClientModel marks a client's model as temporarily unavailable until explicitly resumed. -// Parameters: -// - clientID: The client to suspend -// - modelID: The model affected by the suspension -// - reason: Optional description for observability -func (r *ModelRegistry) SuspendClientModel(clientID, modelID, reason string) { - if clientID == "" || modelID == "" { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil { - return - } - if registration.SuspendedClients == nil { - registration.SuspendedClients = make(map[string]string) - } - if _, already := registration.SuspendedClients[clientID]; already { - return - } - registration.SuspendedClients[clientID] = reason - registration.LastUpdated = time.Now() - if reason != "" { - log.Debugf("Suspended client %s for model %s (reason provided)", logSafeRegistryID(clientID), logSafeRegistryID(modelID)) - } else { - log.Debug("Suspended client for model") - } -} - -// ResumeClientModel clears a previous suspension so the client counts toward availability again. -// Parameters: -// - clientID: The client to resume -// - modelID: The model being resumed -func (r *ModelRegistry) ResumeClientModel(clientID, modelID string) { - if clientID == "" || modelID == "" { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil || registration.SuspendedClients == nil { - return - } - if _, ok := registration.SuspendedClients[clientID]; !ok { - return - } - delete(registration.SuspendedClients, clientID) - registration.LastUpdated = time.Now() - log.Debug("Resumed suspended client for model") -} - -func logSafeRegistryID(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - sum := sha256.Sum256([]byte(trimmed)) - return fmt.Sprintf("id_%x", sum[:6]) -} - -// ClientSupportsModel reports whether the client registered support for modelID. -func (r *ModelRegistry) ClientSupportsModel(clientID, modelID string) bool { - clientID = strings.TrimSpace(clientID) - modelID = strings.TrimSpace(modelID) - if clientID == "" || modelID == "" { - return false - } - - r.mutex.RLock() - defer r.mutex.RUnlock() - - models, exists := r.clientModels[clientID] - if !exists || len(models) == 0 { - return false - } - - for _, id := range models { - if strings.EqualFold(strings.TrimSpace(id), modelID) { - return true - } - } - - return false -} - -// GetAvailableModels returns all models that have at least one available client -// Parameters: -// - handlerType: The handler type to filter models for (e.g., "openai", "claude", "gemini") -// -// Returns: -// - []map[string]any: List of available models in the requested format -func (r *ModelRegistry) GetAvailableModels(handlerType string) []map[string]any { - r.mutex.RLock() - defer r.mutex.RUnlock() - - models := make([]map[string]any, 0) - quotaExpiredDuration := 5 * time.Minute - - for _, registration := range r.models { - // Check if model has any non-quota-exceeded clients - availableClients := registration.Count - now := time.Now() - - // Count clients that have exceeded quota but haven't recovered yet - expiredClients := 0 - for _, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - - cooldownSuspended := 0 - otherSuspended := 0 - if registration.SuspendedClients != nil { - for _, reason := range registration.SuspendedClients { - if strings.EqualFold(reason, "quota") { - cooldownSuspended++ - continue - } - otherSuspended++ - } - } - - effectiveClients := availableClients - expiredClients - otherSuspended - if effectiveClients < 0 { - effectiveClients = 0 - } - - // Include models that have available clients, or those solely cooling down. - if effectiveClients > 0 || (availableClients > 0 && (expiredClients > 0 || cooldownSuspended > 0) && otherSuspended == 0) { - model := r.convertModelToMap(registration.Info, handlerType) - if model != nil { - models = append(models, model) - } - } - } - - if len(models) == 0 && strings.EqualFold(handlerType, "openai") { - for _, model := range GetStaticModelDefinitionsByChannel("openai") { - modelMap := r.convertModelToMap(model, handlerType) - if modelMap != nil { - models = append(models, modelMap) - } - } - } - - return models -} - -// GetAvailableModelsByProvider returns models available for the given provider identifier. -// Parameters: -// - provider: Provider identifier (e.g., "codex", "gemini", "antigravity") -// -// Returns: -// - []*ModelInfo: List of available models for the provider -func (r *ModelRegistry) GetAvailableModelsByProvider(provider string) []*ModelInfo { - provider = strings.ToLower(strings.TrimSpace(provider)) - if provider == "" { - return nil - } - - r.mutex.RLock() - defer r.mutex.RUnlock() - - type providerModel struct { - count int - info *ModelInfo - } - - providerModels := make(map[string]*providerModel) - - for clientID, clientProvider := range r.clientProviders { - if clientProvider != provider { - continue - } - modelIDs := r.clientModels[clientID] - if len(modelIDs) == 0 { - continue - } - clientInfos := r.clientModelInfos[clientID] - for _, modelID := range modelIDs { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - continue - } - entry := providerModels[modelID] - if entry == nil { - entry = &providerModel{} - providerModels[modelID] = entry - } - entry.count++ - if entry.info == nil { - if clientInfos != nil { - if info := clientInfos[modelID]; info != nil { - entry.info = info - } - } - if entry.info == nil { - if reg, ok := r.models[modelID]; ok && reg != nil && reg.Info != nil { - entry.info = reg.Info - } - } - } - } - } - - if len(providerModels) == 0 { - return nil - } - - quotaExpiredDuration := 5 * time.Minute - now := time.Now() - result := make([]*ModelInfo, 0, len(providerModels)) - - for modelID, entry := range providerModels { - if entry == nil || entry.count <= 0 { - continue - } - registration, ok := r.models[modelID] - - expiredClients := 0 - cooldownSuspended := 0 - otherSuspended := 0 - if ok && registration != nil { - if registration.QuotaExceededClients != nil { - for clientID, quotaTime := range registration.QuotaExceededClients { - if clientID == "" { - continue - } - if p, okProvider := r.clientProviders[clientID]; !okProvider || p != provider { - continue - } - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - } - if registration.SuspendedClients != nil { - for clientID, reason := range registration.SuspendedClients { - if clientID == "" { - continue - } - if p, okProvider := r.clientProviders[clientID]; !okProvider || p != provider { - continue - } - if strings.EqualFold(reason, "quota") { - cooldownSuspended++ - continue - } - otherSuspended++ - } - } - } - - availableClients := entry.count - effectiveClients := availableClients - expiredClients - otherSuspended - if effectiveClients < 0 { - effectiveClients = 0 - } - - if effectiveClients > 0 || (availableClients > 0 && (expiredClients > 0 || cooldownSuspended > 0) && otherSuspended == 0) { - if entry.info != nil { - result = append(result, entry.info) - continue - } - if ok && registration != nil && registration.Info != nil { - result = append(result, registration.Info) - } - } - } - - return result -} - -// GetModelCount returns the number of available clients for a specific model -// Parameters: -// - modelID: The model ID to check -// -// Returns: -// - int: Number of available clients for the model -func (r *ModelRegistry) GetModelCount(modelID string) int { - r.mutex.RLock() - defer r.mutex.RUnlock() - - if registration, exists := r.models[modelID]; exists { - now := time.Now() - quotaExpiredDuration := 5 * time.Minute - - // Count clients that have exceeded quota but haven't recovered yet - expiredClients := 0 - for _, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - suspendedClients := 0 - if registration.SuspendedClients != nil { - suspendedClients = len(registration.SuspendedClients) - } - result := registration.Count - expiredClients - suspendedClients - if result < 0 { - return 0 - } - return result - } - return 0 -} - -// GetModelProviders returns provider identifiers that currently supply the given model -// Parameters: -// - modelID: The model ID to check -// -// Returns: -// - []string: Provider identifiers ordered by availability count (descending) -func (r *ModelRegistry) GetModelProviders(modelID string) []string { - r.mutex.RLock() - defer r.mutex.RUnlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil || len(registration.Providers) == 0 { - return nil - } - - type providerCount struct { - name string - count int - } - providers := make([]providerCount, 0, len(registration.Providers)) - // suspendedByProvider := make(map[string]int) - // if registration.SuspendedClients != nil { - // for clientID := range registration.SuspendedClients { - // if provider, ok := r.clientProviders[clientID]; ok && provider != "" { - // suspendedByProvider[provider]++ - // } - // } - // } - for name, count := range registration.Providers { - if count <= 0 { - continue - } - // adjusted := count - suspendedByProvider[name] - // if adjusted <= 0 { - // continue - // } - // providers = append(providers, providerCount{name: name, count: adjusted}) - providers = append(providers, providerCount{name: name, count: count}) - } - if len(providers) == 0 { - return nil - } - - sort.Slice(providers, func(i, j int) bool { - if providers[i].count == providers[j].count { - return providers[i].name < providers[j].name - } - return providers[i].count > providers[j].count - }) - - result := make([]string, 0, len(providers)) - for _, item := range providers { - result = append(result, item.name) - } - return result -} - -// GetModelInfo returns ModelInfo, prioritizing provider-specific definition if available. -func (r *ModelRegistry) GetModelInfo(modelID, provider string) *ModelInfo { - r.mutex.RLock() - defer r.mutex.RUnlock() - if reg, ok := r.models[modelID]; ok && reg != nil { - // Try provider specific definition first - if provider != "" && reg.InfoByProvider != nil { - if reg.Providers != nil { - if count, ok := reg.Providers[provider]; ok && count > 0 { - if info, ok := reg.InfoByProvider[provider]; ok && info != nil { - return info - } - } - } - } - // Fallback to global info (last registered) - return reg.Info - } - return nil -} - -// convertModelToMap converts ModelInfo to the appropriate format for different handler types -func (r *ModelRegistry) convertModelToMap(model *ModelInfo, handlerType string) map[string]any { - if model == nil { - return nil - } - - switch handlerType { - case "openai": - result := map[string]any{ - "id": model.ID, - "object": "model", - "owned_by": model.OwnedBy, - } - if model.Created > 0 { - result["created"] = model.Created - } - if model.Type != "" { - result["type"] = model.Type - } - if model.DisplayName != "" { - result["display_name"] = model.DisplayName - } - if model.Version != "" { - result["version"] = model.Version - } - if model.Description != "" { - result["description"] = model.Description - } - if model.ContextLength > 0 { - result["context_length"] = model.ContextLength - } - if model.MaxCompletionTokens > 0 { - result["max_completion_tokens"] = model.MaxCompletionTokens - } - if len(model.SupportedParameters) > 0 { - result["supported_parameters"] = model.SupportedParameters - } - if len(model.SupportedEndpoints) > 0 { - result["supported_endpoints"] = model.SupportedEndpoints - } - return result - - case "claude", "kiro", "antigravity": - // Claude, Kiro, and Antigravity all use Claude-compatible format for Claude Code client - result := map[string]any{ - "id": model.ID, - "object": "model", - "owned_by": model.OwnedBy, - } - if model.Created > 0 { - result["created_at"] = model.Created - } - if model.Type != "" { - result["type"] = "model" - } - if model.DisplayName != "" { - result["display_name"] = model.DisplayName - } - // Add thinking support for Claude Code client - // Claude Code checks for "thinking" field (simple boolean) to enable tab toggle - // Also add "extended_thinking" for detailed budget info - if model.Thinking != nil { - result["thinking"] = true - result["extended_thinking"] = map[string]any{ - "supported": true, - "min": model.Thinking.Min, - "max": model.Thinking.Max, - "zero_allowed": model.Thinking.ZeroAllowed, - "dynamic_allowed": model.Thinking.DynamicAllowed, - } - } - return result - - case "gemini": - result := map[string]any{} - if model.Name != "" { - result["name"] = model.Name - } else { - result["name"] = model.ID - } - if model.Version != "" { - result["version"] = model.Version - } - if model.DisplayName != "" { - result["displayName"] = model.DisplayName - } - if model.Description != "" { - result["description"] = model.Description - } - if model.InputTokenLimit > 0 { - result["inputTokenLimit"] = model.InputTokenLimit - } - if model.OutputTokenLimit > 0 { - result["outputTokenLimit"] = model.OutputTokenLimit - } - if len(model.SupportedGenerationMethods) > 0 { - result["supportedGenerationMethods"] = model.SupportedGenerationMethods - } - return result - - default: - // Generic format - result := map[string]any{ - "id": model.ID, - "object": "model", - } - if model.OwnedBy != "" { - result["owned_by"] = model.OwnedBy - } - if model.Type != "" { - result["type"] = model.Type - } - if model.Created != 0 { - result["created"] = model.Created - } - return result - } -} - -// CleanupExpiredQuotas removes expired quota tracking entries -func (r *ModelRegistry) CleanupExpiredQuotas() { - r.mutex.Lock() - defer r.mutex.Unlock() - - now := time.Now() - quotaExpiredDuration := 5 * time.Minute - - for modelID, registration := range r.models { - for clientID, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) >= quotaExpiredDuration { - delete(registration.QuotaExceededClients, clientID) - log.Debugf("Cleaned up expired quota tracking for model %s, client %s", modelID, clientID) - } - } - } -} - -// GetFirstAvailableModel returns the first available model for the given handler type. -// It prioritizes models by their creation timestamp (newest first) and checks if they have -// available clients that are not suspended or over quota. -// -// Parameters: -// - handlerType: The API handler type (e.g., "openai", "claude", "gemini") -// -// Returns: -// - string: The model ID of the first available model, or empty string if none available -// - error: An error if no models are available -func (r *ModelRegistry) GetFirstAvailableModel(handlerType string) (string, error) { - r.mutex.RLock() - defer r.mutex.RUnlock() - - // Get all available models for this handler type - models := r.GetAvailableModels(handlerType) - if len(models) == 0 { - return "", fmt.Errorf("no models available for handler type: %s", handlerType) - } - - // Sort models by creation timestamp (newest first) - sort.Slice(models, func(i, j int) bool { - // Extract created timestamps from map - createdI, okI := models[i]["created"].(int64) - createdJ, okJ := models[j]["created"].(int64) - if !okI || !okJ { - return false - } - return createdI > createdJ - }) - - // Find the first model with available clients - for _, model := range models { - if modelID, ok := model["id"].(string); ok { - if count := r.GetModelCount(modelID); count > 0 { - return modelID, nil - } - } - } - - return "", fmt.Errorf("no available clients for any model in handler type: %s", handlerType) -} - -// GetModelsForClient returns the models registered for a specific client. -// Parameters: -// - clientID: The client identifier (typically auth file name or auth ID) -// -// Returns: -// - []*ModelInfo: List of models registered for this client, nil if client not found -func (r *ModelRegistry) GetModelsForClient(clientID string) []*ModelInfo { - r.mutex.RLock() - defer r.mutex.RUnlock() - - modelIDs, exists := r.clientModels[clientID] - if !exists || len(modelIDs) == 0 { - return nil - } - - // Try to use client-specific model infos first - clientInfos := r.clientModelInfos[clientID] - - seen := make(map[string]struct{}) - result := make([]*ModelInfo, 0, len(modelIDs)) - for _, modelID := range modelIDs { - if _, dup := seen[modelID]; dup { - continue - } - seen[modelID] = struct{}{} - - // Prefer client's own model info to preserve original type/owned_by - if clientInfos != nil { - if info, ok := clientInfos[modelID]; ok && info != nil { - result = append(result, info) - continue - } - } - // Fallback to global registry (for backwards compatibility) - if reg, ok := r.models[modelID]; ok && reg.Info != nil { - result = append(result, reg.Info) - } - } - return result -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_registry_hook_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_registry_hook_test.go deleted file mode 100644 index 3e023d8f87..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/model_registry_hook_test.go +++ /dev/null @@ -1,245 +0,0 @@ -package registry - -import ( - "context" - "sync" - "testing" - "time" -) - -func newTestModelRegistry() *ModelRegistry { - return &ModelRegistry{ - models: make(map[string]*ModelRegistration), - clientModels: make(map[string][]string), - clientModelInfos: make(map[string]map[string]*ModelInfo), - clientProviders: make(map[string]string), - mutex: &sync.RWMutex{}, - } -} - -type registeredCall struct { - provider string - clientID string - models []*ModelInfo -} - -type unregisteredCall struct { - provider string - clientID string -} - -type capturingHook struct { - registeredCh chan registeredCall - unregisteredCh chan unregisteredCall -} - -func (h *capturingHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - h.registeredCh <- registeredCall{provider: provider, clientID: clientID, models: models} -} - -func (h *capturingHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) { - h.unregisteredCh <- unregisteredCall{provider: provider, clientID: clientID} -} - -func TestModelRegistryHook_OnModelsRegisteredCalled(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - inputModels := []*ModelInfo{ - {ID: "m1", DisplayName: "Model One"}, - {ID: "m2", DisplayName: "Model Two"}, - } - r.RegisterClient("client-1", "OpenAI", inputModels) - - select { - case call := <-hook.registeredCh: - if call.provider != "openai" { - t.Fatalf("provider mismatch: got %q, want %q", call.provider, "openai") - } - if call.clientID != "client-1" { - t.Fatalf("clientID mismatch: got %q, want %q", call.clientID, "client-1") - } - if len(call.models) != 2 { - t.Fatalf("models length mismatch: got %d, want %d", len(call.models), 2) - } - if call.models[0] == nil || call.models[0].ID != "m1" { - t.Fatalf("models[0] mismatch: got %#v, want ID=%q", call.models[0], "m1") - } - if call.models[1] == nil || call.models[1].ID != "m2" { - t.Fatalf("models[1] mismatch: got %#v, want ID=%q", call.models[1], "m2") - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } -} - -func TestModelRegistryHook_OnModelsUnregisteredCalled(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - select { - case <-hook.registeredCh: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - r.UnregisterClient("client-1") - - select { - case call := <-hook.unregisteredCh: - if call.provider != "openai" { - t.Fatalf("provider mismatch: got %q, want %q", call.provider, "openai") - } - if call.clientID != "client-1" { - t.Fatalf("clientID mismatch: got %q, want %q", call.clientID, "client-1") - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsUnregistered hook call") - } -} - -type blockingHook struct { - started chan struct{} - unblock chan struct{} -} - -func (h *blockingHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - select { - case <-h.started: - default: - close(h.started) - } - <-h.unblock -} - -func (h *blockingHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) {} - -func TestModelRegistryHook_DoesNotBlockRegisterClient(t *testing.T) { - r := newTestModelRegistry() - hook := &blockingHook{ - started: make(chan struct{}), - unblock: make(chan struct{}), - } - r.SetHook(hook) - defer close(hook.unblock) - - done := make(chan struct{}) - go func() { - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - close(done) - }() - - select { - case <-hook.started: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for hook to start") - } - - select { - case <-done: - case <-time.After(200 * time.Millisecond): - t.Fatal("RegisterClient appears to be blocked by hook") - } - - if !r.ClientSupportsModel("client-1", "m1") { - t.Fatal("model registration failed; expected client to support model") - } -} - -type panicHook struct { - registeredCalled chan struct{} - unregisteredCalled chan struct{} -} - -func (h *panicHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - if h.registeredCalled != nil { - h.registeredCalled <- struct{}{} - } - panic("boom") -} - -func (h *panicHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) { - if h.unregisteredCalled != nil { - h.unregisteredCalled <- struct{}{} - } - panic("boom") -} - -func TestModelRegistryHook_PanicDoesNotAffectRegistry(t *testing.T) { - r := newTestModelRegistry() - hook := &panicHook{ - registeredCalled: make(chan struct{}, 1), - unregisteredCalled: make(chan struct{}, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - - select { - case <-hook.registeredCalled: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - if !r.ClientSupportsModel("client-1", "m1") { - t.Fatal("model registration failed; expected client to support model") - } - - r.UnregisterClient("client-1") - - select { - case <-hook.unregisteredCalled: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsUnregistered hook call") - } -} - -func TestRegisterClient_NormalizesCopilotContextLength(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-copilot", "github-copilot", []*ModelInfo{ - {ID: "gpt-5", ContextLength: 200000}, - {ID: "gpt-5-mini", ContextLength: 1048576}, - }) - - select { - case call := <-hook.registeredCh: - for _, model := range call.models { - if model.ContextLength != 128000 { - t.Fatalf("hook model %q context_length=%d, want 128000", model.ID, model.ContextLength) - } - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - registration, ok := r.models["gpt-5"] - if !ok || registration == nil || registration.Info == nil { - t.Fatal("expected gpt-5 registration info") - } - if registration.Info.ContextLength != 128000 { - t.Fatalf("registry info context_length=%d, want 128000", registration.Info.ContextLength) - } - - clientInfo, ok := r.clientModelInfos["client-copilot"]["gpt-5-mini"] - if !ok || clientInfo == nil { - t.Fatal("expected client model info for gpt-5-mini") - } - if clientInfo.ContextLength != 128000 { - t.Fatalf("client model info context_length=%d, want 128000", clientInfo.ContextLength) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_router.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_router.go deleted file mode 100644 index 21620da3d3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_router.go +++ /dev/null @@ -1,243 +0,0 @@ -// Package registry provides model definitions and lookup helpers for various AI providers. -// pareto_router.go implements the Pareto frontier routing algorithm. -// -// Algorithm (ported from thegent/src/thegent/routing/pareto_router.py): -// 1. Seed candidates from the quality-proxy table (model ID → cost/quality/latency). -// 2. Filter models that violate any hard constraint (cost, latency, quality). -// 3. Build Pareto frontier: remove dominated models. -// 4. Select best from frontier by quality/cost ratio (highest ratio wins; -// zero-cost models get +Inf ratio and are implicitly best). -package registry - -import ( - "context" - "fmt" - "math" - "strings" -) - -// qualityProxy maps known model IDs to their quality scores in [0,1]. -// Sourced from thegent pareto_router.py QUALITY_PROXY table. -var qualityProxy = map[string]float64{ - "claude-opus-4.6": 0.95, - "claude-opus-4.6-1m": 0.96, - "claude-sonnet-4.6": 0.88, - "claude-haiku-4.5": 0.75, - "gpt-5.3-codex-high": 0.92, - "gpt-5.3-codex": 0.82, - "claude-4.5-opus-high-thinking": 0.94, - "claude-4.5-opus-high": 0.92, - "claude-4.5-sonnet-thinking": 0.85, - "claude-4-sonnet": 0.80, - "gpt-4o": 0.85, - "gpt-5.1-codex": 0.80, - "gemini-3-flash": 0.78, - "gemini-3.1-pro": 0.90, - "gemini-2.5-flash": 0.76, - "gemini-2.0-flash": 0.72, - "glm-5": 0.78, - "minimax-m2.5": 0.75, - "deepseek-v3.2": 0.80, - "composer-1.5": 0.82, - "composer-1": 0.78, - "roo-default": 0.70, - "kilo-default": 0.70, -} - -// costPer1kProxy maps model IDs to estimated cost per 1k tokens (USD). -// These are rough estimates used for Pareto ranking. -var costPer1kProxy = map[string]float64{ - "claude-opus-4.6": 0.015, - "claude-opus-4.6-1m": 0.015, - "claude-sonnet-4.6": 0.003, - "claude-haiku-4.5": 0.00025, - "gpt-5.3-codex-high": 0.020, - "gpt-5.3-codex": 0.010, - "claude-4.5-opus-high-thinking": 0.025, - "claude-4.5-opus-high": 0.015, - "claude-4.5-sonnet-thinking": 0.005, - "claude-4-sonnet": 0.003, - "gpt-4o": 0.005, - "gpt-5.1-codex": 0.008, - "gemini-3-flash": 0.00015, - "gemini-3.1-pro": 0.007, - "gemini-2.5-flash": 0.0001, - "gemini-2.0-flash": 0.0001, - "glm-5": 0.001, - "minimax-m2.5": 0.001, - "deepseek-v3.2": 0.0005, - "composer-1.5": 0.002, - "composer-1": 0.001, - "roo-default": 0.0, - "kilo-default": 0.0, -} - -// latencyMsProxy maps model IDs to estimated p50 latency in milliseconds. -var latencyMsProxy = map[string]int{ - "claude-opus-4.6": 4000, - "claude-opus-4.6-1m": 5000, - "claude-sonnet-4.6": 2000, - "claude-haiku-4.5": 800, - "gpt-5.3-codex-high": 6000, - "gpt-5.3-codex": 3000, - "claude-4.5-opus-high-thinking": 8000, - "claude-4.5-opus-high": 5000, - "claude-4.5-sonnet-thinking": 4000, - "claude-4-sonnet": 2500, - "gpt-4o": 2000, - "gpt-5.1-codex": 3000, - "gemini-3-flash": 600, - "gemini-3.1-pro": 3000, - "gemini-2.5-flash": 500, - "gemini-2.0-flash": 400, - "glm-5": 1500, - "minimax-m2.5": 1200, - "deepseek-v3.2": 1000, - "composer-1.5": 2000, - "composer-1": 1500, - "roo-default": 1000, - "kilo-default": 1000, -} - -// inferProviderFromModelID derives the provider name from a model ID. -func inferProvider(modelID string) string { - lower := strings.ToLower(modelID) - switch { - case strings.HasPrefix(lower, "claude"): - return "claude" - case strings.HasPrefix(lower, "gpt") || strings.HasPrefix(lower, "o1") || strings.HasPrefix(lower, "o3"): - return "openai" - case strings.HasPrefix(lower, "gemini"): - return "gemini" - case strings.HasPrefix(lower, "deepseek"): - return "deepseek" - case strings.HasPrefix(lower, "glm"): - return "glm" - case strings.HasPrefix(lower, "minimax"): - return "minimax" - case strings.HasPrefix(lower, "composer"): - return "composer" - case strings.HasPrefix(lower, "roo"): - return "roo" - case strings.HasPrefix(lower, "kilo"): - return "kilo" - default: - return "unknown" - } -} - -// ParetoRouter selects the Pareto-optimal model for a given RoutingRequest. -type ParetoRouter struct{} - -// NewParetoRouter returns a new ParetoRouter. -func NewParetoRouter() *ParetoRouter { - return &ParetoRouter{} -} - -// SelectModel applies hard constraints, builds the Pareto frontier, and returns -// the best candidate by quality/cost ratio. -func (p *ParetoRouter) SelectModel(_ context.Context, req *RoutingRequest) (*RoutingCandidate, error) { - allCandidates := buildCandidates(req) - - feasible := filterByConstraints(allCandidates, req) - if len(feasible) == 0 { - return nil, fmt.Errorf("no models satisfy constraints (cost<=%.4f, latency<=%dms, quality>=%.2f)", - req.MaxCostPerCall, req.MaxLatencyMs, req.MinQualityScore) - } - - frontier := computeParetoFrontier(feasible) - return selectFromCandidates(frontier), nil -} - -// buildCandidates constructs RoutingCandidates from the quality/cost proxy tables. -// Estimated cost is scaled from per-1k-tokens to per-call assuming ~1000 tokens avg. -func buildCandidates(_ *RoutingRequest) []*RoutingCandidate { - candidates := make([]*RoutingCandidate, 0, len(qualityProxy)) - for modelID, quality := range qualityProxy { - costPer1k := costPer1kProxy[modelID] - // Estimate per-call cost at 1000 token average. - estimatedCost := costPer1k * 1.0 - latencyMs, ok := latencyMsProxy[modelID] - if !ok { - latencyMs = 2000 - } - candidates = append(candidates, &RoutingCandidate{ - ModelID: modelID, - Provider: inferProvider(modelID), - EstimatedCost: estimatedCost, - EstimatedLatencyMs: latencyMs, - QualityScore: quality, - }) - } - return candidates -} - -// filterByConstraints returns only candidates that satisfy all hard constraints. -func filterByConstraints(candidates []*RoutingCandidate, req *RoutingRequest) []*RoutingCandidate { - out := make([]*RoutingCandidate, 0, len(candidates)) - for _, c := range candidates { - if req.MaxCostPerCall > 0 && c.EstimatedCost > req.MaxCostPerCall { - continue - } - if req.MaxLatencyMs > 0 && c.EstimatedLatencyMs > req.MaxLatencyMs { - continue - } - if c.QualityScore < req.MinQualityScore { - continue - } - out = append(out, c) - } - return out -} - -// computeParetoFrontier removes dominated candidates and returns the Pareto-optimal set. -// A candidate c is dominated if another candidate d has: -// - EstimatedCost <= c.EstimatedCost AND -// - EstimatedLatencyMs <= c.EstimatedLatencyMs AND -// - QualityScore >= c.QualityScore AND -// - at least one strictly better on one axis. -func computeParetoFrontier(candidates []*RoutingCandidate) []*RoutingCandidate { - frontier := make([]*RoutingCandidate, 0, len(candidates)) - for _, c := range candidates { - dominated := false - for _, other := range candidates { - if other == c { - continue - } - if isDominated(c, other) { - dominated = true - break - } - } - if !dominated { - frontier = append(frontier, c) - } - } - return frontier -} - -// selectFromCandidates returns the candidate with the highest quality/cost ratio. -// Zero-cost candidates are implicitly +Inf ratio (best). -// Falls back to highest quality score when frontier is empty. -func selectFromCandidates(frontier []*RoutingCandidate) *RoutingCandidate { - if len(frontier) == 0 { - return nil - } - best := frontier[0] - bestRatio := ratio(best) - for _, c := range frontier[1:] { - r := ratio(c) - if r > bestRatio { - bestRatio = r - best = c - } - } - return best -} - -func ratio(c *RoutingCandidate) float64 { - if c.EstimatedCost == 0 { - return math.Inf(1) - } - return c.QualityScore / c.EstimatedCost -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_router_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_router_test.go deleted file mode 100644 index f1c0785111..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_router_test.go +++ /dev/null @@ -1,164 +0,0 @@ -package registry - -import ( - "context" - "math" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// TestParetoRoutingSelectsOptimalModelGivenConstraints verifies the primary integration -// path: given hard constraints, SelectModel returns a candidate on the Pareto frontier -// that satisfies every constraint. -// @trace FR-ROUTING-001 -func TestParetoRoutingSelectsOptimalModelGivenConstraints(t *testing.T) { - paretoRouter := NewParetoRouter() - - req := &RoutingRequest{ - TaskComplexity: "NORMAL", - MaxCostPerCall: 0.01, - MaxLatencyMs: 5000, - MinQualityScore: 0.75, - TaskMetadata: map[string]string{ - "category": "code_analysis", - "tokens_in": "2500", - }, - } - - selected, err := paretoRouter.SelectModel(context.Background(), req) - - assert.NoError(t, err) - require.NotNil(t, selected) - assert.LessOrEqual(t, selected.EstimatedCost, req.MaxCostPerCall) - assert.LessOrEqual(t, selected.EstimatedLatencyMs, req.MaxLatencyMs) - assert.GreaterOrEqual(t, selected.QualityScore, req.MinQualityScore) - assert.NotEmpty(t, selected.ModelID) - assert.NotEmpty(t, selected.Provider) -} - -// TestParetoRoutingRejectsImpossibleConstraints verifies that an error is returned when -// no model can satisfy the combined constraints. -// @trace FR-ROUTING-002 -func TestParetoRoutingRejectsImpossibleConstraints(t *testing.T) { - paretoRouter := NewParetoRouter() - - req := &RoutingRequest{ - MaxCostPerCall: 0.000001, // Impossibly cheap - MaxLatencyMs: 1, // Impossibly fast - MinQualityScore: 0.99, // Impossibly high - } - - selected, err := paretoRouter.SelectModel(context.Background(), req) - - assert.Error(t, err) - assert.Nil(t, selected) -} - -// TestParetoFrontierRemovesDominatedCandidates verifies the core Pareto algorithm: -// a candidate dominated on all axes is excluded from the frontier. -// @trace FR-ROUTING-003 -func TestParetoFrontierRemovesDominatedCandidates(t *testing.T) { - // cheap + fast + good dominates expensive + slow + bad. - dominated := &RoutingCandidate{ - ModelID: "bad-model", - EstimatedCost: 0.05, - EstimatedLatencyMs: 10000, - QualityScore: 0.60, - } - dominator := &RoutingCandidate{ - ModelID: "good-model", - EstimatedCost: 0.01, - EstimatedLatencyMs: 1000, - QualityScore: 0.90, - } - - frontier := computeParetoFrontier([]*RoutingCandidate{dominated, dominator}) - - assert.Len(t, frontier, 1) - assert.Equal(t, "good-model", frontier[0].ModelID) -} - -// TestParetoFrontierKeepsNonDominatedSet verifies that two candidates where neither -// dominates the other both appear on the frontier. -// @trace FR-ROUTING-003 -func TestParetoFrontierKeepsNonDominatedSet(t *testing.T) { - // cheap+fast but lower quality vs expensive+slow but higher quality — no dominance. - fast := &RoutingCandidate{ - ModelID: "fast-cheap", - EstimatedCost: 0.001, - EstimatedLatencyMs: 400, - QualityScore: 0.72, - } - smart := &RoutingCandidate{ - ModelID: "smart-expensive", - EstimatedCost: 0.015, - EstimatedLatencyMs: 4000, - QualityScore: 0.95, - } - - frontier := computeParetoFrontier([]*RoutingCandidate{fast, smart}) - - assert.Len(t, frontier, 2) -} - -// TestSelectFromCandidatesPrefersHighRatio verifies that selectFromCandidates picks -// the candidate with the best quality/cost ratio. -// @trace FR-ROUTING-001 -func TestSelectFromCandidatesPrefersHighRatio(t *testing.T) { - lowRatio := &RoutingCandidate{ - ModelID: "pricey", - EstimatedCost: 0.10, - QualityScore: 0.80, // ratio = 8 - } - highRatio := &RoutingCandidate{ - ModelID: "efficient", - EstimatedCost: 0.01, - QualityScore: 0.80, // ratio = 80 - } - - winner := selectFromCandidates([]*RoutingCandidate{lowRatio, highRatio}) - assert.Equal(t, "efficient", winner.ModelID) -} - -// TestSelectFromCandidatesEmpty verifies nil is returned on empty frontier. -func TestSelectFromCandidatesEmpty(t *testing.T) { - result := selectFromCandidates([]*RoutingCandidate{}) - assert.Nil(t, result) -} - -// TestIsDominated verifies the dominance predicate. -// @trace FR-ROUTING-003 -func TestIsDominated(t *testing.T) { - base := &RoutingCandidate{EstimatedCost: 0.05, EstimatedLatencyMs: 5000, QualityScore: 0.70} - better := &RoutingCandidate{EstimatedCost: 0.01, EstimatedLatencyMs: 1000, QualityScore: 0.90} - equal := &RoutingCandidate{EstimatedCost: 0.05, EstimatedLatencyMs: 5000, QualityScore: 0.70} - - assert.True(t, isDominated(base, better), "better should dominate base") - assert.False(t, isDominated(base, equal), "equal should not dominate base") - assert.False(t, isDominated(better, base), "base should not dominate better") -} - -// TestInferProvider verifies provider inference from model IDs. -func TestInferProvider(t *testing.T) { - cases := []struct { - model string - expected string - }{ - {"claude-sonnet-4.6", "claude"}, - {"gpt-4o", "openai"}, - {"gemini-3-flash", "gemini"}, - {"deepseek-v3.2", "deepseek"}, - {"roo-default", "roo"}, - } - for _, tc := range cases { - assert.Equal(t, tc.expected, inferProvider(tc.model), "model=%s", tc.model) - } -} - -// TestRatioZeroCost verifies that zero-cost models get +Inf ratio. -func TestRatioZeroCost(t *testing.T) { - c := &RoutingCandidate{EstimatedCost: 0, QualityScore: 0.70} - assert.True(t, math.IsInf(ratio(c), 1)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_types.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_types.go deleted file mode 100644 index e829a8027d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/pareto_types.go +++ /dev/null @@ -1,48 +0,0 @@ -// Package registry provides model definitions and lookup helpers for various AI providers. -// pareto_types.go defines types for Pareto frontier routing. -package registry - -// RoutingRequest specifies hard constraints for model selection. -type RoutingRequest struct { - // TaskComplexity is one of: FAST, NORMAL, COMPLEX, HIGH_COMPLEX. - TaskComplexity string - // MaxCostPerCall is the hard cost cap in USD. 0 means uncapped. - MaxCostPerCall float64 - // MaxLatencyMs is the hard latency cap in milliseconds. 0 means uncapped. - MaxLatencyMs int - // MinQualityScore is the minimum acceptable quality in [0,1]. - MinQualityScore float64 - // TaskMetadata carries optional hints (category, tokens_in, etc.). - TaskMetadata map[string]string -} - -// RoutingCandidate is a model that satisfies routing constraints. -type RoutingCandidate struct { - ModelID string - Provider string - EstimatedCost float64 - EstimatedLatencyMs int - QualityScore float64 -} - -// qualityCostRatio returns quality/cost; returns +Inf for free models. -func (c *RoutingCandidate) qualityCostRatio() float64 { - if c.EstimatedCost == 0 { - return positiveInf - } - return c.QualityScore / c.EstimatedCost -} - -const positiveInf = float64(1<<63-1) / float64(1<<63) - -// isDominated returns true when other dominates c: -// other is at least as good on both axes and strictly better on one. -func isDominated(c, other *RoutingCandidate) bool { - costOK := other.EstimatedCost <= c.EstimatedCost - latencyOK := other.EstimatedLatencyMs <= c.EstimatedLatencyMs - qualityOK := other.QualityScore >= c.QualityScore - strictlyBetter := other.EstimatedCost < c.EstimatedCost || - other.EstimatedLatencyMs < c.EstimatedLatencyMs || - other.QualityScore > c.QualityScore - return costOK && latencyOK && qualityOK && strictlyBetter -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/task_classifier.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/task_classifier.go deleted file mode 100644 index e69da4758d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/task_classifier.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package registry provides model definitions and lookup helpers for various AI providers. -// task_classifier.go classifies tasks by complexity based on token counts. -// -// Ported from thegent/src/thegent/routing/task_router.py (TaskClassifier class). -package registry - -import "context" - -// TaskClassificationRequest carries token counts and optional metadata for classification. -type TaskClassificationRequest struct { - TokensIn int - TokensOut int - Metadata map[string]string -} - -// TaskClassifier categorises tasks into complexity tiers. -// Tiers map to separate Pareto frontiers (cheap/fast models for FAST, -// high-quality models for HIGH_COMPLEX). -// -// Boundaries (total tokens): -// - FAST: < 500 -// - NORMAL: 500 – 4 999 -// - COMPLEX: 5 000 – 49 999 -// - HIGH_COMPLEX: ≥ 50 000 -type TaskClassifier struct{} - -// NewTaskClassifier returns a new TaskClassifier. -func NewTaskClassifier() *TaskClassifier { - return &TaskClassifier{} -} - -// Classify returns the complexity category for a task based on total token count. -func (tc *TaskClassifier) Classify(_ context.Context, req *TaskClassificationRequest) (string, error) { - total := req.TokensIn + req.TokensOut - switch { - case total < 500: - return "FAST", nil - case total < 5000: - return "NORMAL", nil - case total < 50000: - return "COMPLEX", nil - default: - return "HIGH_COMPLEX", nil - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/task_classifier_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/task_classifier_test.go deleted file mode 100644 index b343fbf8ae..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/registry/task_classifier_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package registry - -import ( - "context" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// @trace FR-ROUTING-004 - -func TestTaskClassifierCategorizesFast(t *testing.T) { - tc := NewTaskClassifier() - - req := &TaskClassificationRequest{ - TokensIn: 250, - TokensOut: 100, - Metadata: map[string]string{"category": "quick_lookup"}, - } - - category, err := tc.Classify(context.Background(), req) - - require.NoError(t, err) - assert.Equal(t, "FAST", category) -} - -func TestTaskClassifierCategorizesNormal(t *testing.T) { - tc := NewTaskClassifier() - - req := &TaskClassificationRequest{ - TokensIn: 2500, - TokensOut: 500, - } - - category, err := tc.Classify(context.Background(), req) - - require.NoError(t, err) - assert.Equal(t, "NORMAL", category) -} - -func TestTaskClassifierCategorizesComplex(t *testing.T) { - tc := NewTaskClassifier() - - req := &TaskClassificationRequest{ - TokensIn: 25000, - TokensOut: 5000, - } - - category, err := tc.Classify(context.Background(), req) - - require.NoError(t, err) - assert.Equal(t, "COMPLEX", category) -} - -func TestTaskClassifierCategorizesHighComplex(t *testing.T) { - tc := NewTaskClassifier() - - req := &TaskClassificationRequest{ - TokensIn: 100000, - } - - category, err := tc.Classify(context.Background(), req) - - require.NoError(t, err) - assert.Equal(t, "HIGH_COMPLEX", category) -} - -func TestTaskClassifierBoundaries(t *testing.T) { - tc := NewTaskClassifier() - ctx := context.Background() - - cases := []struct { - tokensIn int - tokensOut int - expected string - }{ - {499, 0, "FAST"}, - {500, 0, "NORMAL"}, - {4999, 0, "NORMAL"}, - {5000, 0, "COMPLEX"}, - {49999, 0, "COMPLEX"}, - {50000, 0, "HIGH_COMPLEX"}, - } - - for _, tc2 := range cases { - got, err := tc.Classify(ctx, &TaskClassificationRequest{ - TokensIn: tc2.tokensIn, - TokensOut: tc2.tokensOut, - }) - require.NoError(t, err) - assert.Equal(t, tc2.expected, got, "tokensIn=%d tokensOut=%d", tc2.tokensIn, tc2.tokensOut) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/aistudio_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/aistudio_executor.go deleted file mode 100644 index fa63d19f81..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/aistudio_executor.go +++ /dev/null @@ -1,495 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the AI Studio executor that routes requests through a websocket-backed -// transport for the AI Studio provider. -package executor - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/wsrelay" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AIStudioExecutor routes AI Studio requests through a websocket-backed transport. -type AIStudioExecutor struct { - provider string - relay *wsrelay.Manager - cfg *config.Config -} - -// NewAIStudioExecutor creates a new AI Studio executor instance. -// -// Parameters: -// - cfg: The application configuration -// - provider: The provider name -// - relay: The websocket relay manager -// -// Returns: -// - *AIStudioExecutor: A new AI Studio executor instance -func NewAIStudioExecutor(cfg *config.Config, provider string, relay *wsrelay.Manager) *AIStudioExecutor { - return &AIStudioExecutor{provider: strings.ToLower(provider), relay: relay, cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AIStudioExecutor) Identifier() string { return "aistudio" } - -// PrepareRequest prepares the HTTP request for execution (no-op for AI Studio). -func (e *AIStudioExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { - return nil -} - -// HttpRequest forwards an arbitrary HTTP request through the websocket relay. -func (e *AIStudioExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("aistudio executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - if e.relay == nil { - return nil, fmt.Errorf("aistudio executor: ws relay is nil") - } - if auth == nil || auth.ID == "" { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - httpReq := req.WithContext(ctx) - if httpReq.URL == nil || strings.TrimSpace(httpReq.URL.String()) == "" { - return nil, fmt.Errorf("aistudio executor: request URL is empty") - } - - var body []byte - if httpReq.Body != nil { - b, errRead := io.ReadAll(httpReq.Body) - if errRead != nil { - return nil, errRead - } - body = b - httpReq.Body = io.NopCloser(bytes.NewReader(b)) - } - - wsReq := &wsrelay.HTTPRequest{ - Method: httpReq.Method, - URL: httpReq.URL.String(), - Headers: httpReq.Header.Clone(), - Body: body, - } - wsResp, errRelay := e.relay.NonStream(ctx, auth.ID, wsReq) - if errRelay != nil { - return nil, errRelay - } - if wsResp == nil { - return nil, fmt.Errorf("aistudio executor: ws response is nil") - } - - statusText := http.StatusText(wsResp.Status) - if statusText == "" { - statusText = "Unknown" - } - resp := &http.Response{ - StatusCode: wsResp.Status, - Status: fmt.Sprintf("%d %s", wsResp.Status, statusText), - Header: wsResp.Headers.Clone(), - Body: io.NopCloser(bytes.NewReader(wsResp.Body)), - ContentLength: int64(len(wsResp.Body)), - Request: httpReq, - } - return resp, nil -} - -// Execute performs a non-streaming request to the AI Studio API. -func (e *AIStudioExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, false) - if err != nil { - return resp, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - wsResp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, wsResp.Status, wsResp.Headers.Clone()) - if len(wsResp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, wsResp.Body) - } - if wsResp.Status < 200 || wsResp.Status >= 300 { - return resp, statusErr{code: wsResp.Status, msg: string(wsResp.Body)} - } - reporter.publish(ctx, parseGeminiUsage(wsResp.Body)) - var param any - out := sdktranslator.TranslateNonStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, wsResp.Body, ¶m) - resp = cliproxyexecutor.Response{Payload: ensureColonSpacedJSON([]byte(out)), Headers: wsResp.Headers.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the AI Studio API. -func (e *AIStudioExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, true) - if err != nil { - return nil, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - wsStream, err := e.relay.Stream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - firstEvent, ok := <-wsStream - if !ok { - err = fmt.Errorf("wsrelay: stream closed before start") - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - if firstEvent.Status > 0 && firstEvent.Status != http.StatusOK { - metadataLogged := false - if firstEvent.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, firstEvent.Status, firstEvent.Headers.Clone()) - metadataLogged = true - } - var body bytes.Buffer - if len(firstEvent.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, firstEvent.Payload) - body.Write(firstEvent.Payload) - } - if firstEvent.Type == wsrelay.MessageTypeStreamEnd { - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - for event := range wsStream { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - if body.Len() == 0 { - body.WriteString(event.Err.Error()) - } - break - } - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - body.Write(event.Payload) - } - if event.Type == wsrelay.MessageTypeStreamEnd { - break - } - } - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - out := make(chan cliproxyexecutor.StreamChunk) - go func(first wsrelay.StreamEvent) { - defer close(out) - var param any - metadataLogged := false - processEvent := func(event wsrelay.StreamEvent) bool { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - switch event.Type { - case wsrelay.MessageTypeStreamStart: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - case wsrelay.MessageTypeStreamChunk: - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - filtered := FilterSSEUsageMetadata(event.Payload) - if detail, ok := parseGeminiStreamUsage(filtered); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, filtered, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - break - } - case wsrelay.MessageTypeStreamEnd: - return false - case wsrelay.MessageTypeHTTPResp: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, event.Payload, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - reporter.publish(ctx, parseGeminiUsage(event.Payload)) - return false - case wsrelay.MessageTypeError: - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - return true - } - if !processEvent(first) { - return - } - for event := range wsStream { - if !processEvent(event) { - return - } - } - }(firstEvent) - return &cliproxyexecutor.StreamResult{Headers: firstEvent.Headers.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the AI Studio API. -func (e *AIStudioExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - _, body, err := e.translateRequest(req, opts, false) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body.payload, _ = sjson.DeleteBytes(body.payload, "generationConfig") - body.payload, _ = sjson.DeleteBytes(body.payload, "tools") - body.payload, _ = sjson.DeleteBytes(body.payload, "safetySettings") - - endpoint := e.buildEndpoint(baseModel, "countTokens", "") - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - resp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.Status, resp.Headers.Clone()) - if len(resp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, resp.Body) - } - if resp.Status < 200 || resp.Status >= 300 { - return cliproxyexecutor.Response{}, statusErr{code: resp.Status, msg: string(resp.Body)} - } - totalTokens := gjson.GetBytes(resp.Body, "totalTokens").Int() - if totalTokens <= 0 { - return cliproxyexecutor.Response{}, fmt.Errorf("wsrelay: totalTokens missing in response") - } - translated := sdktranslator.TranslateTokenCount(ctx, body.toFormat, opts.SourceFormat, totalTokens, resp.Body) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes the authentication credentials (no-op for AI Studio). -func (e *AIStudioExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -type translatedPayload struct { - payload []byte - action string - toFormat sdktranslator.Format -} - -func (e *AIStudioExecutor) translateRequest(req cliproxyexecutor.Request, opts cliproxyexecutor.Options, stream bool) ([]byte, translatedPayload, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, translatedPayload{}, err - } - payload = fixGeminiImageAspectRatio(baseModel, payload) - requestedModel := payloadRequestedModel(opts, req.Model) - payload = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", payload, originalTranslated, requestedModel) - payload, _ = sjson.DeleteBytes(payload, "generationConfig.maxOutputTokens") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseMimeType") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseJsonSchema") - metadataAction := "generateContent" - if req.Metadata != nil { - if action, _ := req.Metadata["action"].(string); action == "countTokens" { - metadataAction = action - } - } - action := metadataAction - if stream && action != "countTokens" { - action = "streamGenerateContent" - } - payload, _ = sjson.DeleteBytes(payload, "session_id") - return payload, translatedPayload{payload: payload, action: action, toFormat: to}, nil -} - -func (e *AIStudioExecutor) buildEndpoint(model, action, alt string) string { - base := fmt.Sprintf("%s/%s/models/%s:%s", glEndpoint, glAPIVersion, model, action) - if action == "streamGenerateContent" { - if alt == "" { - return base + "?alt=sse" - } - return base + "?$alt=" + url.QueryEscape(alt) - } - if alt != "" && action != "countTokens" { - return base + "?$alt=" + url.QueryEscape(alt) - } - return base -} - -// ensureColonSpacedJSON normalizes JSON objects so that colons are followed by a single space while -// keeping the payload otherwise compact. Non-JSON inputs are returned unchanged. -func ensureColonSpacedJSON(payload []byte) []byte { - trimmed := bytes.TrimSpace(payload) - if len(trimmed) == 0 { - return payload - } - - var decoded any - if err := json.Unmarshal(trimmed, &decoded); err != nil { - return payload - } - - indented, err := json.MarshalIndent(decoded, "", " ") - if err != nil { - return payload - } - - compacted := make([]byte, 0, len(indented)) - inString := false - skipSpace := false - - for i := 0; i < len(indented); i++ { - ch := indented[i] - if ch == '"' { - // A quote is escaped only when preceded by an odd number of consecutive backslashes. - // For example: "\\\"" keeps the quote inside the string, but "\\\\" closes the string. - backslashes := 0 - for j := i - 1; j >= 0 && indented[j] == '\\'; j-- { - backslashes++ - } - if backslashes%2 == 0 { - inString = !inString - } - } - - if !inString { - if ch == '\n' || ch == '\r' { - skipSpace = true - continue - } - if skipSpace { - if ch == ' ' || ch == '\t' { - continue - } - skipSpace = false - } - } - - compacted = append(compacted, ch) - } - - return compacted -} - -func (e *AIStudioExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/antigravity_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/antigravity_executor.go deleted file mode 100644 index ca5994a120..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/antigravity_executor.go +++ /dev/null @@ -1,1774 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Antigravity executor that proxies requests to the antigravity -// upstream using OAuth credentials. -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/sha256" - "encoding/binary" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "math/rand" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - antigravityBaseURLDaily = "https://daily-cloudcode-pa.googleapis.com" - antigravitySandboxBaseURLDaily = "https://daily-cloudcode-pa.sandbox.googleapis.com" - antigravityBaseURLProd = "https://cloudcode-pa.googleapis.com" - antigravityCountTokensPath = "/v1internal:countTokens" - antigravityStreamPath = "/v1internal:streamGenerateContent" - antigravityGeneratePath = "/v1internal:generateContent" - antigravityModelsPath = "/v1internal:fetchAvailableModels" - antigravityClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - antigravityClientSecret = "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" - defaultAntigravityAgent = "antigravity/1.104.0 darwin/arm64" - antigravityAuthType = "antigravity" - refreshSkew = 3000 * time.Second - systemInstruction = "You are Antigravity, a powerful agentic AI coding assistant designed by the Google Deepmind team working on Advanced Agentic Coding.You are pair programming with a USER to solve their coding task. The task may require creating a new codebase, modifying or debugging an existing codebase, or simply answering a question.**Absolute paths only****Proactiveness**" -) - -var ( - randSource = rand.New(rand.NewSource(time.Now().UnixNano())) - randSourceMutex sync.Mutex -) - -// AntigravityExecutor proxies requests to the antigravity upstream. -type AntigravityExecutor struct { - cfg *config.Config -} - -// NewAntigravityExecutor creates a new Antigravity executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *AntigravityExecutor: A new Antigravity executor instance -func NewAntigravityExecutor(cfg *config.Config) *AntigravityExecutor { - return &AntigravityExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AntigravityExecutor) Identifier() string { return antigravityAuthType } - -// PrepareRequest injects Antigravity credentials into the outgoing HTTP request. -func (e *AntigravityExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _, errToken := e.ensureAccessToken(req.Context(), auth) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - return nil -} - -// HttpRequest injects Antigravity credentials into the request and executes it. -func (e *AntigravityExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("antigravity executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - isClaude := strings.Contains(strings.ToLower(baseModel), "claude") - - if isClaude || strings.Contains(baseModel, "gemini-3-pro") { - return e.executeClaudeNonStream(ctx, auth, req, opts) - } - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, false, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - log.Debugf("antigravity executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), bodyBytes)) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity, retrying in %s (attempt %d/%d)", delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - reporter.publish(ctx, parseAntigravityUsage(bodyBytes)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bodyBytes, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -func antigravityModelFingerprint(model string) string { - trimmed := strings.TrimSpace(model) - if trimmed == "" { - return "" - } - sum := sha256.Sum256([]byte(trimmed)) - return hex.EncodeToString(sum[:8]) -} - -// executeClaudeNonStream performs a claude non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) executeClaudeNonStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return resp, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return resp, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - out <- cliproxyexecutor.StreamChunk{Payload: payload} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - - var buffer bytes.Buffer - for chunk := range out { - if chunk.Err != nil { - return resp, chunk.Err - } - if len(chunk.Payload) > 0 { - _, _ = buffer.Write(chunk.Payload) - _, _ = buffer.Write([]byte("\n")) - } - } - resp = cliproxyexecutor.Response{Payload: e.convertStreamToNonStream(buffer.Bytes())} - - reporter.publish(ctx, parseAntigravityUsage(resp.Payload)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, resp.Payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -func (e *AntigravityExecutor) convertStreamToNonStream(stream []byte) []byte { - responseTemplate := "" - var traceID string - var finishReason string - var modelVersion string - var responseID string - var role string - var usageRaw string - parts := make([]map[string]interface{}, 0) - var pendingKind string - var pendingText strings.Builder - var pendingThoughtSig string - - flushPending := func() { - if pendingKind == "" { - return - } - text := pendingText.String() - switch pendingKind { - case "text": - if strings.TrimSpace(text) == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - parts = append(parts, map[string]interface{}{"text": text}) - case "thought": - if strings.TrimSpace(text) == "" && pendingThoughtSig == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - part := map[string]interface{}{"thought": true} - part["text"] = text - if pendingThoughtSig != "" { - part["thoughtSignature"] = pendingThoughtSig - } - parts = append(parts, part) - } - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - } - - normalizePart := func(partResult gjson.Result) map[string]interface{} { - var m map[string]interface{} - _ = json.Unmarshal([]byte(partResult.Raw), &m) - if m == nil { - m = map[string]interface{}{} - } - sig := partResult.Get("thoughtSignature").String() - if sig == "" { - sig = partResult.Get("thought_signature").String() - } - if sig != "" { - m["thoughtSignature"] = sig - delete(m, "thought_signature") - } - if inlineData, ok := m["inline_data"]; ok { - m["inlineData"] = inlineData - delete(m, "inline_data") - } - return m - } - - for _, line := range bytes.Split(stream, []byte("\n")) { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !gjson.ValidBytes(trimmed) { - continue - } - - root := gjson.ParseBytes(trimmed) - responseNode := root.Get("response") - if !responseNode.Exists() { - if root.Get("candidates").Exists() { - responseNode = root - } else { - continue - } - } - responseTemplate = responseNode.Raw - - if traceResult := root.Get("traceId"); traceResult.Exists() && traceResult.String() != "" { - traceID = traceResult.String() - } - - if roleResult := responseNode.Get("candidates.0.content.role"); roleResult.Exists() { - role = roleResult.String() - } - - if finishResult := responseNode.Get("candidates.0.finishReason"); finishResult.Exists() && finishResult.String() != "" { - finishReason = finishResult.String() - } - - if modelResult := responseNode.Get("modelVersion"); modelResult.Exists() && modelResult.String() != "" { - modelVersion = modelResult.String() - } - if responseIDResult := responseNode.Get("responseId"); responseIDResult.Exists() && responseIDResult.String() != "" { - responseID = responseIDResult.String() - } - if usageResult := responseNode.Get("usageMetadata"); usageResult.Exists() { - usageRaw = usageResult.Raw - } else if usageMetadataResult := root.Get("usageMetadata"); usageMetadataResult.Exists() { - usageRaw = usageMetadataResult.Raw - } - - if partsResult := responseNode.Get("candidates.0.content.parts"); partsResult.IsArray() { - for _, part := range partsResult.Array() { - hasFunctionCall := part.Get("functionCall").Exists() - hasInlineData := part.Get("inlineData").Exists() || part.Get("inline_data").Exists() - sig := part.Get("thoughtSignature").String() - if sig == "" { - sig = part.Get("thought_signature").String() - } - text := part.Get("text").String() - thought := part.Get("thought").Bool() - - if hasFunctionCall || hasInlineData { - flushPending() - parts = append(parts, normalizePart(part)) - continue - } - - if thought || part.Get("text").Exists() { - kind := "text" - if thought { - kind = "thought" - } - if pendingKind != "" && pendingKind != kind { - flushPending() - } - pendingKind = kind - pendingText.WriteString(text) - if kind == "thought" && sig != "" { - pendingThoughtSig = sig - } - continue - } - - flushPending() - parts = append(parts, normalizePart(part)) - } - } - } - flushPending() - - if responseTemplate == "" { - responseTemplate = `{"candidates":[{"content":{"role":"model","parts":[]}}]}` - } - - partsJSON, _ := json.Marshal(parts) - responseTemplate, _ = sjson.SetRaw(responseTemplate, "candidates.0.content.parts", string(partsJSON)) - if role != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.content.role", role) - } - if finishReason != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.finishReason", finishReason) - } - if modelVersion != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "modelVersion", modelVersion) - } - if responseID != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "responseId", responseID) - } - if usageRaw != "" { - responseTemplate, _ = sjson.SetRaw(responseTemplate, "usageMetadata", usageRaw) - } else if !gjson.Get(responseTemplate, "usageMetadata").Exists() { - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.promptTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.candidatesTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.totalTokenCount", 0) - } - - output := `{"response":{},"traceId":""}` - output, _ = sjson.SetRaw(output, "response", responseTemplate) - if traceID != "" { - output, _ = sjson.Set(output, "traceId", traceID) - } - return []byte(output) -} - -// ExecuteStream performs a streaming request to the Antigravity API. -func (e *AntigravityExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - ctx = context.WithValue(ctx, interfaces.ContextKeyAlt, "") - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return nil, err - } - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return nil, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return nil, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return nil, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity, retrying in %s (attempt %d/%d)", delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return nil, errWait - } - continue attemptLoop - } - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(payload), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - tail := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, []byte("[DONE]"), ¶m) - for i := range tail { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(tail[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return nil, err - } - - return nil, err -} - -// Refresh refreshes the authentication credentials using the refresh token. -func (e *AntigravityExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return auth, nil - } - updated, errRefresh := e.refreshToken(ctx, auth.Clone()) - if errRefresh != nil { - return nil, errRefresh - } - return updated, nil -} - -// CountTokens counts tokens for the given request using the Antigravity API. -func (e *AntigravityExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return cliproxyexecutor.Response{}, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - if strings.TrimSpace(token) == "" { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - // Prepare payload once (doesn't depend on baseURL) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - - baseURLs := antigravityBaseURLFallbackOrder(e.cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(e.cfg, auth) - } - - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(antigravityCountTokensPath) - if opts.Alt != "" { - requestURL.WriteString(url.QueryEscape(opts.Alt)) - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - httpReq.Header.Set("Accept", "application/json") - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return cliproxyexecutor.Response{}, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - return cliproxyexecutor.Response{}, errDo - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode >= http.StatusOK && httpResp.StatusCode < http.StatusMultipleChoices { - count := gjson.GetBytes(bodyBytes, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, bodyBytes) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: httpResp.Header.Clone()}, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - } - - switch { - case lastStatus != 0: - sErr := newAntigravityStatusErr(lastStatus, lastBody) - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - case lastErr != nil: - return cliproxyexecutor.Response{}, lastErr - default: - return cliproxyexecutor.Response{}, statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } -} - -// FetchAntigravityModels retrieves available models using the supplied auth. -// When dynamic fetch fails, it returns a fallback static model list to ensure -// the credential is still usable. -func FetchAntigravityModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - exec := &AntigravityExecutor{cfg: cfg} - token, updatedAuth, errToken := exec.ensureAccessToken(ctx, auth) - if errToken != nil { - log.Warnf("antigravity executor: fetch models failed for %s: token error: %v", auth.ID, errToken) - // Return fallback models when token refresh fails - return getFallbackAntigravityModels() - } - if token == "" { - log.Warnf("antigravity executor: fetch models failed for %s: got empty token", auth.ID) - return getFallbackAntigravityModels() - } - if updatedAuth != nil { - auth = updatedAuth - } - - baseURLs := antigravityBaseURLFallbackOrder(cfg, auth) - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - - var lastErr error - var lastStatusCode int - var lastBody []byte - - for idx, baseURL := range baseURLs { - modelsURL := baseURL + antigravityModelsPath - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, modelsURL, bytes.NewReader([]byte(`{}`))) - if errReq != nil { - log.Warnf("antigravity executor: fetch models failed for %s: create request error: %v", auth.ID, errReq) - lastErr = errReq - continue - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if host := resolveHost(baseURL); host != "" { - httpReq.Host = host - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - log.Warnf("antigravity executor: fetch models failed for %s: context canceled: %v", auth.ID, errDo) - return getFallbackAntigravityModels() - } - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: request error: %v", auth.ID, errDo) - return getFallbackAntigravityModels() - } - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: read body error: %v", auth.ID, errRead) - return getFallbackAntigravityModels() - } - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - lastStatusCode = httpResp.StatusCode - lastBody = bodyBytes - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: unexpected status %d, body: %s", auth.ID, httpResp.StatusCode, string(bodyBytes)) - continue - } - - result := gjson.GetBytes(bodyBytes, "models") - if !result.Exists() { - log.Warnf("antigravity executor: fetch models failed for %s: no models field in response, body: %s", auth.ID, string(bodyBytes)) - continue - } - - now := time.Now().Unix() - modelConfig := registry.GetAntigravityModelConfig() - models := make([]*registry.ModelInfo, 0, len(result.Map())) - for originalName, modelData := range result.Map() { - modelID := strings.TrimSpace(originalName) - if modelID == "" { - continue - } - switch modelID { - case "chat_20706", "chat_23310", "gemini-2.5-flash-thinking", "gemini-3-pro-low", "gemini-2.5-pro": - continue - } - modelCfg := modelConfig[modelID] - - // Extract displayName from upstream response, fallback to modelID - displayName := modelData.Get("displayName").String() - if displayName == "" { - displayName = modelID - } - - modelInfo := ®istry.ModelInfo{ - ID: modelID, - Name: modelID, - Description: displayName, - DisplayName: displayName, - Version: modelID, - Object: "model", - Created: now, - OwnedBy: antigravityAuthType, - Type: antigravityAuthType, - } - // Look up Thinking support from static config using upstream model name. - if modelCfg != nil { - if modelCfg.Thinking != nil { - modelInfo.Thinking = modelCfg.Thinking - } - if modelCfg.MaxCompletionTokens > 0 { - modelInfo.MaxCompletionTokens = modelCfg.MaxCompletionTokens - } - } - models = append(models, modelInfo) - } - if len(models) > 0 { - return models - } - // Empty models list, try next base URL or return fallback - log.Debugf("antigravity executor: empty models list from %s for %s", baseURL, auth.ID) - } - - // All base URLs failed, return fallback models - if lastStatusCode > 0 { - bodyPreview := "" - if len(lastBody) > 0 { - if len(lastBody) > 200 { - bodyPreview = string(lastBody[:200]) + "..." - } else { - bodyPreview = string(lastBody) - } - } - if bodyPreview != "" { - log.Warnf("antigravity executor: all base URLs failed for %s, returning fallback models (last status: %d, body: %s)", auth.ID, lastStatusCode, bodyPreview) - } else { - log.Warnf("antigravity executor: all base URLs failed for %s, returning fallback models (last status: %d)", auth.ID, lastStatusCode) - } - } else if lastErr != nil { - log.Warnf("antigravity executor: all base URLs failed for %s, returning fallback models (last error: %v)", auth.ID, lastErr) - } else { - log.Warnf("antigravity executor: no models returned for %s, returning fallback models", auth.ID) - } - return getFallbackAntigravityModels() -} - -// getFallbackAntigravityModels returns a static list of commonly available Antigravity models. -// This ensures credentials remain usable even when the dynamic model fetch fails. -func getFallbackAntigravityModels() []*registry.ModelInfo { - now := time.Now().Unix() - modelConfig := registry.GetAntigravityModelConfig() - - // Common Antigravity models that should always be available - fallbackModelIDs := []string{ - "gemini-2.5-flash", - "gemini-2.5-flash-lite", - "gemini-3-pro-high", - "gemini-3-pro-image", - "gemini-3-flash", - "claude-opus-4-5-thinking", - "claude-opus-4-6-thinking", - "claude-sonnet-4-5", - "claude-sonnet-4-5-thinking", - "claude-sonnet-4-6", - "claude-sonnet-4-6-thinking", - "gpt-oss-120b-medium", - "tab_flash_lite_preview", - } - - models := make([]*registry.ModelInfo, 0, len(fallbackModelIDs)) - for _, modelID := range fallbackModelIDs { - modelInfo := ®istry.ModelInfo{ - ID: modelID, - Name: modelID, - Description: modelID, - DisplayName: modelID, - Version: modelID, - Object: "model", - Created: now, - OwnedBy: antigravityAuthType, - Type: antigravityAuthType, - } - if modelCfg := modelConfig[modelID]; modelCfg != nil { - if modelCfg.Thinking != nil { - modelInfo.Thinking = modelCfg.Thinking - } - if modelCfg.MaxCompletionTokens > 0 { - modelInfo.MaxCompletionTokens = modelCfg.MaxCompletionTokens - } - } - models = append(models, modelInfo) - } - return models -} - -func (e *AntigravityExecutor) ensureAccessToken(ctx context.Context, auth *cliproxyauth.Auth) (string, *cliproxyauth.Auth, error) { - if auth == nil { - return "", nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - accessToken := metaStringValue(auth.Metadata, "access_token") - expiry := tokenExpiry(auth.Metadata) - if accessToken != "" && expiry.After(time.Now().Add(refreshSkew)) { - return accessToken, nil, nil - } - refreshCtx := context.Background() - if ctx != nil { - if rt, ok := ctx.Value(interfaces.ContextKeyRoundRobin).(http.RoundTripper); ok && rt != nil { - refreshCtx = context.WithValue(refreshCtx, interfaces.ContextKeyRoundRobin, rt) - } - } - updated, errRefresh := e.refreshToken(refreshCtx, auth.Clone()) - if errRefresh != nil { - return "", nil, errRefresh - } - return metaStringValue(updated.Metadata, "access_token"), updated, nil -} - -func (e *AntigravityExecutor) refreshToken(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - refreshToken := metaStringValue(auth.Metadata, "refresh_token") - if refreshToken == "" { - return auth, statusErr{code: http.StatusUnauthorized, msg: "missing refresh token"} - } - - form := url.Values{} - form.Set("client_id", antigravityClientID) - form.Set("client_secret", antigravityClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, "https://oauth2.googleapis.com/token", strings.NewReader(form.Encode())) - if errReq != nil { - return auth, errReq - } - httpReq.Header.Set("Host", "oauth2.googleapis.com") - httpReq.Header.Set("User-Agent", defaultAntigravityAgent) - httpReq.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - return auth, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - return auth, errRead - } - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - sErr := newAntigravityStatusErr(httpResp.StatusCode, bodyBytes) - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return auth, sErr - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return auth, errUnmarshal - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenResp.AccessToken - if tokenResp.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenResp.RefreshToken - } - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - now := time.Now() - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - auth.Metadata["type"] = antigravityAuthType - if errProject := e.ensureAntigravityProjectID(ctx, auth, tokenResp.AccessToken); errProject != nil { - log.Warnf("antigravity executor: ensure project id failed: %v", errProject) - } - return auth, nil -} - -func (e *AntigravityExecutor) ensureAntigravityProjectID(ctx context.Context, auth *cliproxyauth.Auth, accessToken string) error { - if auth == nil { - return nil - } - - if auth.Metadata["project_id"] != nil { - return nil - } - - token := strings.TrimSpace(accessToken) - if token == "" { - token = metaStringValue(auth.Metadata, "access_token") - } - if token == "" { - return nil - } - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - projectID, errFetch := sdkAuth.FetchAntigravityProjectID(ctx, token, httpClient) - if errFetch != nil { - return errFetch - } - if strings.TrimSpace(projectID) == "" { - return nil - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["project_id"] = strings.TrimSpace(projectID) - - return nil -} - -func (e *AntigravityExecutor) buildRequest(ctx context.Context, auth *cliproxyauth.Auth, token, modelName string, payload []byte, stream bool, alt, baseURL string) (*http.Request, error) { - if token == "" { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(e.cfg, auth) - } - path := antigravityGeneratePath - if stream { - path = antigravityStreamPath - } - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(path) - if stream { - if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } else { - requestURL.WriteString("?alt=sse") - } - } else if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } - - // Extract project_id from auth metadata if available - projectID := "" - if auth != nil && auth.Metadata != nil { - if pid, ok := auth.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(pid) - } - } - payload = geminiToAntigravity(modelName, payload, projectID) - payload, _ = sjson.SetBytes(payload, "model", modelName) - - useAntigravitySchema := strings.Contains(modelName, "claude") || strings.Contains(modelName, "gemini-3-pro-high") - payloadStr := string(payload) - paths := make([]string, 0) - util.Walk(gjson.Parse(payloadStr), "", "parametersJsonSchema", &paths) - for _, p := range paths { - payloadStr, _ = util.RenameKey(payloadStr, p, p[:len(p)-len("parametersJsonSchema")]+"parameters") - } - - if useAntigravitySchema { - payloadStr = util.CleanJSONSchemaForAntigravity(payloadStr) - payloadStr = util.DeleteKeysByName(payloadStr, "$ref", "$defs") - } else { - payloadStr = util.CleanJSONSchemaForGemini(payloadStr) - } - - if useAntigravitySchema { - systemInstructionPartsResult := gjson.Get(payloadStr, "request.systemInstruction.parts") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.role", "user") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.0.text", systemInstruction) - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.1.text", fmt.Sprintf("Please ignore following [ignore]%s[/ignore]", systemInstruction)) - - if systemInstructionPartsResult.Exists() && systemInstructionPartsResult.IsArray() { - for _, partResult := range systemInstructionPartsResult.Array() { - payloadStr, _ = sjson.SetRaw(payloadStr, "request.systemInstruction.parts.-1", partResult.Raw) - } - } - } - - if strings.Contains(modelName, "claude") { - payloadStr, _ = sjson.Set(payloadStr, "request.toolConfig.functionCallingConfig.mode", "VALIDATED") - } else { - payloadStr, _ = sjson.Delete(payloadStr, "request.generationConfig.maxOutputTokens") - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), strings.NewReader(payloadStr)) - if errReq != nil { - return nil, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if stream { - httpReq.Header.Set("Accept", "text/event-stream") - } else { - httpReq.Header.Set("Accept", "application/json") - } - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - var payloadLog []byte - if e.cfg != nil && e.cfg.RequestLog { - payloadLog = []byte(payloadStr) - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payloadLog, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - return httpReq, nil -} - -func tokenExpiry(metadata map[string]any) time.Time { - if metadata == nil { - return time.Time{} - } - if expStr, ok := metadata["expired"].(string); ok { - expStr = strings.TrimSpace(expStr) - if expStr != "" { - if parsed, errParse := time.Parse(time.RFC3339, expStr); errParse == nil { - return parsed - } - } - } - expiresIn, hasExpires := int64Value(metadata["expires_in"]) - tsMs, hasTimestamp := int64Value(metadata["timestamp"]) - if hasExpires && hasTimestamp { - return time.Unix(0, tsMs*int64(time.Millisecond)).Add(time.Duration(expiresIn) * time.Second) - } - return time.Time{} -} - -func metaStringValue(metadata map[string]any, key string) string { - if metadata == nil { - return "" - } - if v, ok := metadata[key]; ok { - switch typed := v.(type) { - case string: - return strings.TrimSpace(typed) - case []byte: - return strings.TrimSpace(string(typed)) - } - } - return "" -} - -func int64Value(value any) (int64, bool) { - switch typed := value.(type) { - case int: - return int64(typed), true - case int64: - return typed, true - case float64: - return int64(typed), true - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i, true - } - case string: - if strings.TrimSpace(typed) == "" { - return 0, false - } - if i, errParse := strconv.ParseInt(strings.TrimSpace(typed), 10, 64); errParse == nil { - return i, true - } - } - return 0, false -} - -func buildBaseURL(cfg *config.Config, auth *cliproxyauth.Auth) string { - if baseURLs := antigravityBaseURLFallbackOrder(cfg, auth); len(baseURLs) > 0 { - return baseURLs[0] - } - return antigravityBaseURLDaily -} - -func resolveHost(base string) string { - parsed, errParse := url.Parse(base) - if errParse != nil { - return "" - } - if parsed.Host != "" { - hostname := parsed.Hostname() - if hostname == "" { - return "" - } - if ip := net.ParseIP(hostname); ip != nil { - return "" - } - if parsed.Port() != "" { - return net.JoinHostPort(hostname, parsed.Port()) - } - return hostname - } - return strings.TrimPrefix(strings.TrimPrefix(base, "https://"), "http://") -} - -func sanitizeAntigravityBaseURL(base string) (string, error) { - normalized := strings.TrimSuffix(strings.TrimSpace(base), "/") - switch normalized { - case antigravityBaseURLDaily, antigravitySandboxBaseURLDaily, antigravityBaseURLProd: - return normalized, nil - default: - return "", fmt.Errorf("antigravity executor: unsupported base url %q", base) - } -} - -func resolveUserAgent(auth *cliproxyauth.Auth) string { - if auth != nil { - if auth.Attributes != nil { - if ua := strings.TrimSpace(auth.Attributes["user_agent"]); ua != "" { - return ua - } - } - if auth.Metadata != nil { - if ua, ok := auth.Metadata["user_agent"].(string); ok && strings.TrimSpace(ua) != "" { - return strings.TrimSpace(ua) - } - } - } - return defaultAntigravityAgent -} - -func antigravityRetryAttempts(auth *cliproxyauth.Auth, cfg *config.Config) int { - retry := 0 - if cfg != nil { - retry = cfg.RequestRetry - } - if auth != nil { - if override, ok := auth.RequestRetryOverride(); ok { - retry = override - } - } - if retry < 0 { - retry = 0 - } - attempts := retry + 1 - if attempts < 1 { - return 1 - } - return attempts -} - -func newAntigravityStatusErr(statusCode int, body []byte) statusErr { - return statusErr{ - code: statusCode, - msg: antigravityErrorMessage(statusCode, body), - } -} - -func antigravityErrorMessage(statusCode int, body []byte) string { - msg := strings.TrimSpace(string(body)) - if statusCode != http.StatusForbidden { - return msg - } - if msg == "" { - return msg - } - lower := strings.ToLower(msg) - if !strings.Contains(lower, "subscription_required") && - !strings.Contains(lower, "gemini code assist license") && - !strings.Contains(lower, "permission_denied") { - return msg - } - return msg + "\nHint: The current Google project/account does not have a Gemini Code Assist license. Re-run --antigravity-login with a licensed account/project, or switch providers." -} - -func antigravityShouldRetryNoCapacity(statusCode int, body []byte) bool { - if statusCode != http.StatusServiceUnavailable { - return false - } - if len(body) == 0 { - return false - } - msg := strings.ToLower(string(body)) - return strings.Contains(msg, "no capacity available") -} - -func antigravityNoCapacityRetryDelay(attempt int) time.Duration { - if attempt < 0 { - attempt = 0 - } - // Exponential backoff with jitter: 250ms, 500ms, 1s, 2s, 2s... - baseDelay := time.Duration(250*(1< 2*time.Second { - baseDelay = 2 * time.Second - } - // Add jitter (±10%) - jitter := time.Duration(float64(baseDelay) * 0.1) - randSourceMutex.Lock() - jitterValue := time.Duration(randSource.Int63n(int64(jitter*2 + 1))) - randSourceMutex.Unlock() - return baseDelay - jitter + jitterValue -} - -func antigravityWait(ctx context.Context, wait time.Duration) error { - if wait <= 0 { - return nil - } - timer := time.NewTimer(wait) - defer timer.Stop() - select { - case <-ctx.Done(): - return ctx.Err() - case <-timer.C: - return nil - } -} - -func antigravityBaseURLFallbackOrder(cfg *config.Config, auth *cliproxyauth.Auth) []string { - if base := resolveOAuthBaseURLWithOverride(cfg, antigravityAuthType, "", resolveCustomAntigravityBaseURL(auth)); base != "" { - return []string{base} - } - return []string{ - antigravityBaseURLDaily, - antigravitySandboxBaseURLDaily, - // antigravityBaseURLProd, - } -} - -func resolveCustomAntigravityBaseURL(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["base_url"]); v != "" { - return strings.TrimSuffix(v, "/") - } - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["base_url"].(string); ok { - v = strings.TrimSpace(v) - if v != "" { - return strings.TrimSuffix(v, "/") - } - } - } - return "" -} - -func geminiToAntigravity(modelName string, payload []byte, projectID string) []byte { - template, _ := sjson.Set(string(payload), "model", modelName) - template, _ = sjson.Set(template, "userAgent", "antigravity") - template, _ = sjson.Set(template, "requestType", "agent") - - // Use real project ID from auth if available, otherwise generate random (legacy fallback) - if projectID != "" { - template, _ = sjson.Set(template, "project", projectID) - } else { - template, _ = sjson.Set(template, "project", generateProjectID()) - } - template, _ = sjson.Set(template, "requestId", generateRequestID()) - template, _ = sjson.Set(template, "request.sessionId", generateStableSessionID(payload)) - - template, _ = sjson.Delete(template, "request.safetySettings") - if toolConfig := gjson.Get(template, "toolConfig"); toolConfig.Exists() && !gjson.Get(template, "request.toolConfig").Exists() { - template, _ = sjson.SetRaw(template, "request.toolConfig", toolConfig.Raw) - template, _ = sjson.Delete(template, "toolConfig") - } - return []byte(template) -} - -func generateRequestID() string { - return "agent-" + uuid.NewString() -} - -func generateSessionID() string { - randSourceMutex.Lock() - n := randSource.Int63n(9_000_000_000_000_000_000) - randSourceMutex.Unlock() - return "-" + strconv.FormatInt(n, 10) -} - -func generateStableSessionID(payload []byte) string { - contents := gjson.GetBytes(payload, "request.contents") - if contents.IsArray() { - candidates := make([]string, 0) - for _, content := range contents.Array() { - if content.Get("role").String() == "user" { - if parts := content.Get("parts"); parts.IsArray() { - for _, part := range parts.Array() { - text := strings.TrimSpace(part.Get("text").String()) - if text != "" { - candidates = append(candidates, text) - } - } - } - if len(candidates) > 0 { - normalized := strings.Join(candidates, "\n") - h := sha256.Sum256([]byte(normalized)) - n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF - return "-" + strconv.FormatInt(n, 10) - } - - contentRaw := strings.TrimSpace(content.Raw) - if contentRaw != "" { - h := sha256.Sum256([]byte(contentRaw)) - n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF - return "-" + strconv.FormatInt(n, 10) - } - } - } - } - return generateSessionID() -} - -func generateProjectID() string { - adjectives := []string{"useful", "bright", "swift", "calm", "bold"} - nouns := []string{"fuze", "wave", "spark", "flow", "core"} - randSourceMutex.Lock() - adj := adjectives[randSource.Intn(len(adjectives))] - noun := nouns[randSource.Intn(len(nouns))] - randSourceMutex.Unlock() - randomPart := strings.ToLower(uuid.NewString())[:5] - return adj + "-" + noun + "-" + randomPart -} - -func (e *AntigravityExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/antigravity_executor_buildrequest_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/antigravity_executor_buildrequest_test.go deleted file mode 100644 index a70374d0db..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/antigravity_executor_buildrequest_test.go +++ /dev/null @@ -1,303 +0,0 @@ -package executor - -import ( - "context" - "encoding/json" - "io" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestAntigravityBuildRequest_SanitizesGeminiToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "gemini-2.5-pro") - - decl := extractFirstFunctionDeclaration(t, body) - if _, ok := decl["parametersJsonSchema"]; ok { - t.Fatalf("parametersJsonSchema should be renamed to parameters") - } - - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func TestAntigravityBuildRequest_SanitizesAntigravityToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "claude-opus-4-6") - - decl := extractFirstFunctionDeclaration(t, body) - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func TestAntigravityBuildRequest_RemovesRefAndDefsFromToolSchema(t *testing.T) { - body := buildRequestBodyFromPayloadWithSchemaRefs(t, "claude-opus-4-6") - - decl := extractFirstFunctionDeclaration(t, body) - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertNoSchemaKeywords(t, params) -} - -func TestGenerateStableSessionID_UsesAllUserTextParts(t *testing.T) { - payload := []byte(`{ - "request": { - "contents": [ - { - "role": "user", - "parts": [ - {"inline_data": {"mimeType":"image/png","data":"Zm9v"}}, - {"text": "first real user text"}, - {"text": "ignored?"} - ] - } - ] - } - }`) - - first := generateStableSessionID(payload) - second := generateStableSessionID(payload) - if first != second { - t.Fatalf("expected deterministic session id from non-leading user text, got %q and %q", first, second) - } - if first == "" { - t.Fatal("expected non-empty session id") - } -} - -func TestGenerateStableSessionID_FallsBackToContentRawForNonTextUserMessage(t *testing.T) { - payload := []byte(`{ - "request": { - "contents": [ - { - "role": "user", - "parts": [ - {"tool_call": {"name": "debug", "input": {"value": "ok"}} - ] - } - ] - } - }`) - - first := generateStableSessionID(payload) - second := generateStableSessionID(payload) - if first != second { - t.Fatalf("expected deterministic fallback session id for non-text user content, got %q and %q", first, second) - } - if first == "" { - t.Fatal("expected non-empty fallback session id") - } -} - -func buildRequestBodyFromPayload(t *testing.T, modelName string) map[string]any { - t.Helper() - - executor := &AntigravityExecutor{} - auth := &cliproxyauth.Auth{} - payload := []byte(`{ - "request": { - "tools": [ - { - "function_declarations": [ - { - "name": "tool_1", - "parametersJsonSchema": { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "$id": {"type": "string"}, - "arg": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - } - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - } - } - ] - } - ] - } - }`) - - req, err := executor.buildRequest(context.Background(), auth, "token", modelName, payload, false, "", "https://example.com") - if err != nil { - t.Fatalf("buildRequest error: %v", err) - } - - raw, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read request body error: %v", err) - } - - var body map[string]any - if err := json.Unmarshal(raw, &body); err != nil { - t.Fatalf("unmarshal request body error: %v, body=%s", err, string(raw)) - } - return body -} - -func buildRequestBodyFromPayloadWithSchemaRefs(t *testing.T, modelName string) map[string]any { - t.Helper() - - executor := &AntigravityExecutor{} - auth := &cliproxyauth.Auth{} - payload := []byte(`{ - "request": { - "tools": [ - { - "function_declarations": [ - { - "name": "tool_with_refs", - "parametersJsonSchema": { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "$defs": { - "Address": { - "type": "object", - "properties": { - "city": { "type": "string" }, - "zip": { "type": "string" } - } - } - }, - "properties": { - "address": { - "$ref": "#/$defs/Address" - }, - "payload": { - "type": "object", - "properties": { - "id": { - "type": "string" - } - } - } - } - } - } - ] - } - ] - } - }`) - - req, err := executor.buildRequest(context.Background(), auth, "token", modelName, payload, false, "", "https://example.com") - if err != nil { - t.Fatalf("buildRequest error: %v", err) - } - - raw, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read request body error: %v", err) - } - - var body map[string]any - if err := json.Unmarshal(raw, &body); err != nil { - t.Fatalf("unmarshal request body error: %v, body=%s", err, string(raw)) - } - return body -} - -func extractFirstFunctionDeclaration(t *testing.T, body map[string]any) map[string]any { - t.Helper() - - request, ok := body["request"].(map[string]any) - if !ok { - t.Fatalf("request missing or invalid type") - } - tools, ok := request["tools"].([]any) - if !ok || len(tools) == 0 { - t.Fatalf("tools missing or empty") - } - tool, ok := tools[0].(map[string]any) - if !ok { - t.Fatalf("first tool invalid type") - } - decls, ok := tool["function_declarations"].([]any) - if !ok || len(decls) == 0 { - t.Fatalf("function_declarations missing or empty") - } - decl, ok := decls[0].(map[string]any) - if !ok { - t.Fatalf("first function declaration invalid type") - } - return decl -} - -func assertSchemaSanitizedAndPropertyPreserved(t *testing.T, params map[string]any) { - t.Helper() - - if _, ok := params["$id"]; ok { - t.Fatalf("root $id should be removed from schema") - } - if _, ok := params["patternProperties"]; ok { - t.Fatalf("patternProperties should be removed from schema") - } - - props, ok := params["properties"].(map[string]any) - if !ok { - t.Fatalf("properties missing or invalid type") - } - if _, ok := props["$id"]; !ok { - t.Fatalf("property named $id should be preserved") - } - - arg, ok := props["arg"].(map[string]any) - if !ok { - t.Fatalf("arg property missing or invalid type") - } - if _, ok := arg["prefill"]; ok { - t.Fatalf("prefill should be removed from nested schema") - } - - argProps, ok := arg["properties"].(map[string]any) - if !ok { - t.Fatalf("arg.properties missing or invalid type") - } - mode, ok := argProps["mode"].(map[string]any) - if !ok { - t.Fatalf("mode property missing or invalid type") - } - if _, ok := mode["enumTitles"]; ok { - t.Fatalf("enumTitles should be removed from nested schema") - } -} - -func assertNoSchemaKeywords(t *testing.T, value any) { - t.Helper() - - switch typed := value.(type) { - case map[string]any: - for key, nested := range typed { - switch key { - case "$ref", "$defs": - t.Fatalf("schema keyword %q should be removed for Antigravity request", key) - default: - assertNoSchemaKeywords(t, nested) - } - } - case []any: - for _, nested := range typed { - assertNoSchemaKeywords(t, nested) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cache_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cache_helpers.go deleted file mode 100644 index 38a554ba69..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cache_helpers.go +++ /dev/null @@ -1,71 +0,0 @@ -package executor - -import ( - "sync" - "time" -) - -type codexCache struct { - ID string - Expire time.Time -} - -// codexCacheMap stores prompt cache IDs keyed by model+user_id. -// Protected by codexCacheMu. Entries expire after 1 hour. -var ( - codexCacheMap = make(map[string]codexCache) - codexCacheMu sync.RWMutex -) - -// codexCacheCleanupInterval controls how often expired entries are purged. -const codexCacheCleanupInterval = 15 * time.Minute - -// codexCacheCleanupOnce ensures the background cleanup goroutine starts only once. -var codexCacheCleanupOnce sync.Once - -// startCodexCacheCleanup launches a background goroutine that periodically -// removes expired entries from codexCacheMap to prevent memory leaks. -func startCodexCacheCleanup() { - go func() { - ticker := time.NewTicker(codexCacheCleanupInterval) - defer ticker.Stop() - - for range ticker.C { - purgeExpiredCodexCache() - } - }() -} - -// purgeExpiredCodexCache removes entries that have expired. -func purgeExpiredCodexCache() { - now := time.Now() - - codexCacheMu.Lock() - defer codexCacheMu.Unlock() - - for key, cache := range codexCacheMap { - if cache.Expire.Before(now) { - delete(codexCacheMap, key) - } - } -} - -// getCodexCache retrieves a cached entry, returning ok=false if not found or expired. -func getCodexCache(key string) (codexCache, bool) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.RLock() - cache, ok := codexCacheMap[key] - codexCacheMu.RUnlock() - if !ok || cache.Expire.Before(time.Now()) { - return codexCache{}, false - } - return cache, true -} - -// setCodexCache stores a cache entry. -func setCodexCache(key string, cache codexCache) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.Lock() - codexCacheMap[key] = cache - codexCacheMu.Unlock() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/caching_verify_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/caching_verify_test.go deleted file mode 100644 index 6088d304cd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/caching_verify_test.go +++ /dev/null @@ -1,258 +0,0 @@ -package executor - -import ( - "fmt" - "testing" - - "github.com/tidwall/gjson" -) - -func TestEnsureCacheControl(t *testing.T) { - // Test case 1: System prompt as string - t.Run("String System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": "This is a long system prompt", "messages": []}`) - output := ensureCacheControl(input) - - res := gjson.GetBytes(output, "system.0.cache_control.type") - if res.String() != "ephemeral" { - t.Errorf("cache_control not found in system string. Output: %s", string(output)) - } - }) - - // Test case 2: System prompt as array - t.Run("Array System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": [{"type": "text", "text": "Part 1"}, {"type": "text", "text": "Part 2"}], "messages": []}`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST element - res0 := gjson.GetBytes(output, "system.0.cache_control") - res1 := gjson.GetBytes(output, "system.1.cache_control.type") - - if res0.Exists() { - t.Errorf("cache_control should NOT be on the first element") - } - if res1.String() != "ephemeral" { - t.Errorf("cache_control not found on last system element. Output: %s", string(output)) - } - }) - - // Test case 3: Tools are cached - t.Run("Tools Caching", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}}, - {"name": "tool2", "description": "Second tool", "input_schema": {"type": "object"}} - ], - "system": "System prompt", - "messages": [] - }`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST tool - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control") - tool1Cache := gjson.GetBytes(output, "tools.1.cache_control.type") - - if tool0Cache.Exists() { - t.Errorf("cache_control should NOT be on the first tool") - } - if tool1Cache.String() != "ephemeral" { - t.Errorf("cache_control not found on last tool. Output: %s", string(output)) - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("cache_control not found in system. Output: %s", string(output)) - } - }) - - // Test case 4: Tools and system are INDEPENDENT breakpoints - // Per Anthropic docs: Up to 4 breakpoints allowed, tools and system are cached separately - t.Run("Independent Cache Breakpoints", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}, "cache_control": {"type": "ephemeral"}} - ], - "system": [{"type": "text", "text": "System"}], - "messages": [] - }`) - output := ensureCacheControl(input) - - // Tool already has cache_control - should not be changed - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control.type") - if tool0Cache.String() != "ephemeral" { - t.Errorf("existing cache_control was incorrectly removed") - } - - // System SHOULD get cache_control because it is an INDEPENDENT breakpoint - // Tools and system are separate cache levels in the hierarchy - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have its own cache_control breakpoint (independent of tools)") - } - }) - - // Test case 5: Only tools, no system - t.Run("Only Tools No System", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "Tool", "input_schema": {"type": "object"}} - ], - "messages": [{"role": "user", "content": "Hi"}] - }`) - output := ensureCacheControl(input) - - toolCache := gjson.GetBytes(output, "tools.0.cache_control.type") - if toolCache.String() != "ephemeral" { - t.Errorf("cache_control not found on tool. Output: %s", string(output)) - } - }) - - // Test case 6: Many tools (Claude Code scenario) - t.Run("Many Tools (Claude Code Scenario)", func(t *testing.T) { - // Simulate Claude Code with many tools - toolsJSON := `[` - for i := 0; i < 50; i++ { - if i > 0 { - toolsJSON += "," - } - toolsJSON += fmt.Sprintf(`{"name": "tool%d", "description": "Tool %d", "input_schema": {"type": "object"}}`, i, i) - } - toolsJSON += `]` - - input := []byte(fmt.Sprintf(`{ - "model": "claude-3-5-sonnet", - "tools": %s, - "system": [{"type": "text", "text": "You are Claude Code"}], - "messages": [{"role": "user", "content": "Hello"}] - }`, toolsJSON)) - - output := ensureCacheControl(input) - - // Only the last tool (index 49) should have cache_control - for i := 0; i < 49; i++ { - path := fmt.Sprintf("tools.%d.cache_control", i) - if gjson.GetBytes(output, path).Exists() { - t.Errorf("tool %d should NOT have cache_control", i) - } - } - - lastToolCache := gjson.GetBytes(output, "tools.49.cache_control.type") - if lastToolCache.String() != "ephemeral" { - t.Errorf("last tool (49) should have cache_control") - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control") - } - - t.Log("test passed: 50 tools - cache_control only on last tool") - }) - - // Test case 7: Empty tools array - t.Run("Empty Tools Array", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "tools": [], "system": "Test", "messages": []}`) - output := ensureCacheControl(input) - - // System should still get cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control even with empty tools array") - } - }) - - // Test case 8: Messages caching for multi-turn (second-to-last user) - t.Run("Messages Caching Second-To-Last User", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": "First user"}, - {"role": "assistant", "content": "Assistant reply"}, - {"role": "user", "content": "Second user"}, - {"role": "assistant", "content": "Assistant reply 2"}, - {"role": "user", "content": "Third user"} - ] - }`) - output := ensureCacheControl(input) - - cacheType := gjson.GetBytes(output, "messages.2.content.0.cache_control.type") - if cacheType.String() != "ephemeral" { - t.Errorf("cache_control not found on second-to-last user turn. Output: %s", string(output)) - } - - lastUserCache := gjson.GetBytes(output, "messages.4.content.0.cache_control") - if lastUserCache.Exists() { - t.Errorf("last user turn should NOT have cache_control") - } - }) - - // Test case 9: Existing message cache_control should skip injection - t.Run("Messages Skip When Cache Control Exists", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "First user"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Assistant reply", "cache_control": {"type": "ephemeral"}}]}, - {"role": "user", "content": [{"type": "text", "text": "Second user"}]} - ] - }`) - output := ensureCacheControl(input) - - userCache := gjson.GetBytes(output, "messages.0.content.0.cache_control") - if userCache.Exists() { - t.Errorf("cache_control should NOT be injected when a message already has cache_control") - } - - existingCache := gjson.GetBytes(output, "messages.1.content.0.cache_control.type") - if existingCache.String() != "ephemeral" { - t.Errorf("existing cache_control should be preserved. Output: %s", string(output)) - } - }) -} - -// TestCacheControlOrder verifies the correct order: tools -> system -> messages -func TestCacheControlOrder(t *testing.T) { - input := []byte(`{ - "model": "claude-sonnet-4", - "tools": [ - {"name": "Read", "description": "Read file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}}}}, - {"name": "Write", "description": "Write file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}, "content": {"type": "string"}}}} - ], - "system": [ - {"type": "text", "text": "You are Claude Code, Anthropic's official CLI for Claude."}, - {"type": "text", "text": "Additional instructions here..."} - ], - "messages": [ - {"role": "user", "content": "Hello"} - ] - }`) - - output := ensureCacheControl(input) - - // 1. Last tool has cache_control - if gjson.GetBytes(output, "tools.1.cache_control.type").String() != "ephemeral" { - t.Error("last tool should have cache_control") - } - - // 2. First tool has NO cache_control - if gjson.GetBytes(output, "tools.0.cache_control").Exists() { - t.Error("first tool should NOT have cache_control") - } - - // 3. Last system element has cache_control - if gjson.GetBytes(output, "system.1.cache_control.type").String() != "ephemeral" { - t.Error("last system element should have cache_control") - } - - // 4. First system element has NO cache_control - if gjson.GetBytes(output, "system.0.cache_control").Exists() { - t.Error("first system element should NOT have cache_control") - } - - t.Log("cache order correct: tools -> system") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor.go deleted file mode 100644 index 82b44771d7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor.go +++ /dev/null @@ -1,1414 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "compress/flate" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "runtime" - "strings" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - claudeauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - - "github.com/gin-gonic/gin" -) - -// ClaudeExecutor is a stateless executor for Anthropic Claude over the messages API. -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type ClaudeExecutor struct { - cfg *config.Config -} - -const claudeToolPrefix = "proxy_" - -func NewClaudeExecutor(cfg *config.Config) *ClaudeExecutor { return &ClaudeExecutor{cfg: cfg} } - -func (e *ClaudeExecutor) Identifier() string { return "claude" } - -// PrepareRequest injects Claude credentials into the outgoing HTTP request. -func (e *ClaudeExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := claudeCreds(auth) - if strings.TrimSpace(apiKey) == "" { - return nil - } - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := req.URL != nil && strings.EqualFold(req.URL.Scheme, "https") && strings.EqualFold(req.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - req.Header.Del("Authorization") - req.Header.Set("x-api-key", apiKey) - } else { - req.Header.Del("x-api-key") - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Claude credentials into the request and executes it. -func (e *ClaudeExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("claude executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://api.anthropic.com", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return resp, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if stream { - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } else { - reporter.publish(ctx, parseClaudeUsage(data)) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - data = stripClaudeToolPrefixFromResponse(data, claudeToolPrefix) - } - var param any - out := sdktranslator.TranslateNonStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - data, - ¶m, - ) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://api.anthropic.com", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return nil, err - } - applyClaudeHeaders(httpReq, auth, apiKey, true, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // If from == to (Claude → Claude), directly forward the SSE stream without translation - if from == to { - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - // Forward the line as-is to preserve SSE format - cloned := make([]byte, len(line)+1) - copy(cloned, line) - cloned[len(line)] = '\n' - out <- cliproxyexecutor.StreamChunk{Payload: cloned} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - // For other formats, use translation - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - chunks := sdktranslator.TranslateStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - bytes.Clone(line), - ¶m, - ) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://api.anthropic.com", baseURL) - - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - if !strings.HasPrefix(baseModel, "claude-3-5-haiku") { - body = checkSystemInstructions(body) - } - - // Extract betas from body and convert to header (for count_tokens too) - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - body = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages/count_tokens?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return cliproxyexecutor.Response{}, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - b, _ := io.ReadAll(resp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)} - } - decodedBody, err := decodeResponseBody(resp.Body, resp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "input_tokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: resp.Header.Clone()}, nil -} - -func (e *ClaudeExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("claude executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("claude executor: auth is nil") - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := claudeauth.NewClaudeAuth(e.cfg, nil) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - auth.Metadata["email"] = td.Email - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "claude" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// extractAndRemoveBetas extracts the "betas" array from the body and removes it. -// Returns the extracted betas as a string slice and the modified body. -func extractAndRemoveBetas(body []byte) ([]string, []byte) { - betasResult := gjson.GetBytes(body, "betas") - if !betasResult.Exists() { - return nil, body - } - var betas []string - if betasResult.IsArray() { - for _, item := range betasResult.Array() { - if item.Type != gjson.String { - continue - } - if s := strings.TrimSpace(item.String()); s != "" { - betas = append(betas, s) - } - } - } else if betasResult.Type == gjson.String { - for _, token := range strings.Split(betasResult.Str, ",") { - if s := strings.TrimSpace(token); s != "" { - betas = append(betas, s) - } - } - } - body, _ = sjson.DeleteBytes(body, "betas") - return betas, body -} - -// disableThinkingIfToolChoiceForced checks if tool_choice forces tool use and disables thinking. -// Anthropic API does not allow thinking when tool_choice is set to "any", "tool", or "function". -// See: https://docs.anthropic.com/en/docs/build-with-claude/extended-thinking#important-considerations -func disableThinkingIfToolChoiceForced(body []byte) []byte { - toolChoiceType := gjson.GetBytes(body, "tool_choice.type").String() - // "auto" is allowed with thinking, but explicit forcing is not. - if toolChoiceType == "any" || toolChoiceType == "tool" || toolChoiceType == "function" { - // Remove thinking configuration entirely to avoid API error - body, _ = sjson.DeleteBytes(body, "thinking") - } - return body -} - -type compositeReadCloser struct { - io.Reader - closers []func() error -} - -func (c *compositeReadCloser) Close() error { - var firstErr error - for i := range c.closers { - if c.closers[i] == nil { - continue - } - if err := c.closers[i](); err != nil && firstErr == nil { - firstErr = err - } - } - return firstErr -} - -func decodeResponseBody(body io.ReadCloser, contentEncoding string) (io.ReadCloser, error) { - if body == nil { - return nil, fmt.Errorf("response body is nil") - } - if contentEncoding == "" { - return body, nil - } - encodings := strings.Split(contentEncoding, ",") - for _, raw := range encodings { - encoding := strings.TrimSpace(strings.ToLower(raw)) - switch encoding { - case "", "identity": - continue - case "gzip": - gzipReader, err := gzip.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - return &compositeReadCloser{ - Reader: gzipReader, - closers: []func() error{ - gzipReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "deflate": - deflateReader := flate.NewReader(body) - return &compositeReadCloser{ - Reader: deflateReader, - closers: []func() error{ - deflateReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "br": - return &compositeReadCloser{ - Reader: brotli.NewReader(body), - closers: []func() error{ - func() error { return body.Close() }, - }, - }, nil - case "zstd": - decoder, err := zstd.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - return &compositeReadCloser{ - Reader: decoder, - closers: []func() error{ - func() error { decoder.Close(); return nil }, - func() error { return body.Close() }, - }, - }, nil - default: - continue - } - } - return body, nil -} - -// mapStainlessOS maps runtime.GOOS to Stainless SDK OS names. -func mapStainlessOS() string { - switch runtime.GOOS { - case "darwin": - return "MacOS" - case "windows": - return "Windows" - case "linux": - return "Linux" - case "freebsd": - return "FreeBSD" - default: - return "Other::" + runtime.GOOS - } -} - -// mapStainlessArch maps runtime.GOARCH to Stainless SDK architecture names. -func mapStainlessArch() string { - switch runtime.GOARCH { - case "amd64": - return "x64" - case "arm64": - return "arm64" - case "386": - return "x86" - default: - return "other::" + runtime.GOARCH - } -} - -func applyClaudeHeaders(r *http.Request, auth *cliproxyauth.Auth, apiKey string, stream bool, extraBetas []string, cfg *config.Config) { - hdrDefault := func(cfgVal, fallback string) string { - if cfgVal != "" { - return cfgVal - } - return fallback - } - - var hd config.ClaudeHeaderDefaults - if cfg != nil { - hd = cfg.ClaudeHeaderDefaults - } - - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := r.URL != nil && strings.EqualFold(r.URL.Scheme, "https") && strings.EqualFold(r.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - r.Header.Del("Authorization") - r.Header.Set("x-api-key", apiKey) - } else { - r.Header.Set("Authorization", "Bearer "+apiKey) - } - r.Header.Set("Content-Type", "application/json") - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - promptCachingBeta := "prompt-caching-2024-07-31" - baseBetas := "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14," + promptCachingBeta - if val := strings.TrimSpace(ginHeaders.Get("Anthropic-Beta")); val != "" { - baseBetas = val - if !strings.Contains(val, "oauth") { - baseBetas += ",oauth-2025-04-20" - } - } - if !strings.Contains(baseBetas, promptCachingBeta) { - baseBetas += "," + promptCachingBeta - } - - // Merge extra betas from request body - if len(extraBetas) > 0 { - existingSet := make(map[string]bool) - for _, b := range strings.Split(baseBetas, ",") { - existingSet[strings.TrimSpace(b)] = true - } - for _, beta := range extraBetas { - beta = strings.TrimSpace(beta) - if beta != "" && !existingSet[beta] { - baseBetas += "," + beta - existingSet[beta] = true - } - } - } - r.Header.Set("Anthropic-Beta", baseBetas) - - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Version", "2023-06-01") - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Dangerous-Direct-Browser-Access", "true") - misc.EnsureHeader(r.Header, ginHeaders, "X-App", "cli") - // Values below match Claude Code 2.1.44 / @anthropic-ai/sdk 0.74.0 (captured 2026-02-17). - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Helper-Method", "stream") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Retry-Count", "0") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime-Version", hdrDefault(hd.RuntimeVersion, "v24.3.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Package-Version", hdrDefault(hd.PackageVersion, "0.74.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime", "node") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Lang", "js") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Arch", mapStainlessArch()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Os", mapStainlessOS()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Timeout", hdrDefault(hd.Timeout, "600")) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", hdrDefault(hd.UserAgent, "claude-cli/2.1.44 (external, sdk-cli)")) - r.Header.Set("Connection", "keep-alive") - r.Header.Set("Accept-Encoding", "gzip, deflate, br, zstd") - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - // Keep OS/Arch mapping dynamic (not configurable). - // They intentionally continue to derive from runtime.GOOS/runtime.GOARCH. - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func claudeCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func checkSystemInstructions(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -func isClaudeOAuthToken(apiKey string) bool { - return strings.Contains(apiKey, "sk-ant-oat") -} - -func applyClaudeToolPrefix(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - - // Collect built-in tool names (those with a non-empty "type" field) so we can - // skip them consistently in both tools and message history. - builtinTools := map[string]bool{} - for _, name := range []string{"web_search", "code_execution", "text_editor", "computer"} { - builtinTools[name] = true - } - - if tools := gjson.GetBytes(body, "tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(index, tool gjson.Result) bool { - // Skip built-in tools (web_search, code_execution, etc.) which have - // a "type" field and require their name to remain unchanged. - if tool.Get("type").Exists() && tool.Get("type").String() != "" { - if n := tool.Get("name").String(); n != "" { - builtinTools[n] = true - } - return true - } - name := tool.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("tools.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - return true - }) - } - - toolChoiceType := gjson.GetBytes(body, "tool_choice.type").String() - if toolChoiceType == "tool" || toolChoiceType == "function" { - name := gjson.GetBytes(body, "tool_choice.name").String() - if name != "" && !strings.HasPrefix(name, prefix) && !builtinTools[name] { - body, _ = sjson.SetBytes(body, "tool_choice.name", prefix+name) - } - - functionName := gjson.GetBytes(body, "tool_choice.function.name").String() - if functionName != "" && !strings.HasPrefix(functionName, prefix) && !builtinTools[functionName] { - body, _ = sjson.SetBytes(body, "tool_choice.function.name", prefix+functionName) - } - } - if toolChoiceType == "function" { - functionName := gjson.GetBytes(body, "tool_choice.function.name").String() - if functionName != "" && !strings.HasPrefix(functionName, prefix) && !builtinTools[functionName] { - body, _ = sjson.SetBytes(body, "tool_choice.function.name", prefix+functionName) - } - } - - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(msgIndex, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - return true - } - content.ForEach(func(contentIndex, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) || builtinTools[name] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - case "tool_reference": - toolName := part.Get("tool_name").String() - if toolName == "" || strings.HasPrefix(toolName, prefix) || builtinTools[toolName] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+toolName) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if nestedToolName != "" && !strings.HasPrefix(nestedToolName, prefix) && !builtinTools[nestedToolName] { - nestedPath := fmt.Sprintf("messages.%d.content.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, prefix+nestedToolName) - } - } - return true - }) - } - } - return true - }) - return true - }) - } - - return body -} - -func stripClaudeToolPrefixFromResponse(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - content := gjson.GetBytes(body, "content") - if !content.Exists() || !content.IsArray() { - return body - } - content.ForEach(func(index, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("content.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(name, prefix)) - case "tool_reference": - toolName := part.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return true - } - path := fmt.Sprintf("content.%d.tool_name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(toolName, prefix)) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if strings.HasPrefix(nestedToolName, prefix) { - nestedPath := fmt.Sprintf("content.%d.content.%d.tool_name", index.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, strings.TrimPrefix(nestedToolName, prefix)) - } - } - return true - }) - } - } - return true - }) - return body -} - -func stripClaudeToolPrefixFromStreamLine(line []byte, prefix string) []byte { - if prefix == "" { - return line - } - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return line - } - contentBlock := gjson.GetBytes(payload, "content_block") - if !contentBlock.Exists() { - return line - } - - blockType := contentBlock.Get("type").String() - var updated []byte - var err error - - switch blockType { - case "tool_use": - name := contentBlock.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.name", strings.TrimPrefix(name, prefix)) - if err != nil { - return line - } - case "tool_reference": - toolName := contentBlock.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.tool_name", strings.TrimPrefix(toolName, prefix)) - if err != nil { - return line - } - default: - return line - } - - trimmed := bytes.TrimSpace(line) - if bytes.HasPrefix(trimmed, []byte("data:")) { - return append([]byte("data: "), updated...) - } - return updated -} - -// getClientUserAgent extracts the client User-Agent from the gin context. -func getClientUserAgent(ctx context.Context) string { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - return ginCtx.GetHeader("User-Agent") - } - return "" -} - -// getCloakConfigFromAuth extracts cloak configuration from auth attributes. -// Returns (cloakMode, strictMode, sensitiveWords). -func getCloakConfigFromAuth(auth *cliproxyauth.Auth) (string, bool, []string) { - if auth == nil || auth.Attributes == nil { - return "auto", false, nil - } - - cloakMode := auth.Attributes["cloak_mode"] - if cloakMode == "" { - cloakMode = "auto" - } - - strictMode := strings.ToLower(auth.Attributes["cloak_strict_mode"]) == "true" - - var sensitiveWords []string - if wordsStr := auth.Attributes["cloak_sensitive_words"]; wordsStr != "" { - sensitiveWords = strings.Split(wordsStr, ",") - for i := range sensitiveWords { - sensitiveWords[i] = strings.TrimSpace(sensitiveWords[i]) - } - } - - return cloakMode, strictMode, sensitiveWords -} - -// resolveClaudeKeyCloakConfig finds the matching ClaudeKey config and returns its CloakConfig. -func resolveClaudeKeyCloakConfig(cfg *config.Config, auth *cliproxyauth.Auth) *config.CloakConfig { - if cfg == nil || auth == nil { - return nil - } - - apiKey, baseURL := claudeCreds(auth) - if apiKey == "" { - return nil - } - - for i := range cfg.ClaudeKey { - entry := &cfg.ClaudeKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - - // Match by API key - if strings.EqualFold(cfgKey, apiKey) { - // If baseURL is specified, also check it - if baseURL != "" && cfgBase != "" && !strings.EqualFold(cfgBase, baseURL) { - continue - } - return entry.Cloak - } - } - - return nil -} - -func nextFakeUserID(apiKey string, useCache bool) string { - if useCache && apiKey != "" { - // Note: useCache param is not implemented; always generates new ID - } - return generateFakeUserID() -} - -// injectFakeUserID generates and injects a fake user ID into the request metadata. -func injectFakeUserID(payload []byte, apiKey string, useCache bool) []byte { - metadata := gjson.GetBytes(payload, "metadata") - if !metadata.Exists() { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", nextFakeUserID(apiKey, useCache)) - return payload - } - - existingUserID := gjson.GetBytes(payload, "metadata.user_id").String() - if existingUserID == "" || !isValidUserID(existingUserID) { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", nextFakeUserID(apiKey, useCache)) - } - return payload -} - -// checkSystemInstructionsWithMode injects Claude Code system prompt. -// In strict mode, it replaces all user system messages. -// In non-strict mode (default), it prepends to existing system messages. -func checkSystemInstructionsWithMode(payload []byte, strictMode bool) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - - if strictMode { - // Strict mode: replace all system messages with Claude Code prompt only - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - return payload - } - - // Non-strict mode (default): prepend Claude Code prompt to existing system messages - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -// applyCloaking applies cloaking transformations to the payload based on config and client. -// Cloaking includes: system prompt injection, fake user ID, and sensitive word obfuscation. -func applyCloaking(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, payload []byte, model string) []byte { - clientUserAgent := getClientUserAgent(ctx) - - // Get cloak config from ClaudeKey configuration - cloakCfg := resolveClaudeKeyCloakConfig(cfg, auth) - - // Determine cloak settings - var cloakMode string - var strictMode bool - var sensitiveWords []string - - if cloakCfg != nil { - cloakMode = cloakCfg.Mode - strictMode = cloakCfg.StrictMode - sensitiveWords = cloakCfg.SensitiveWords - } - - // Fallback to auth attributes if no config found - if cloakMode == "" { - attrMode, attrStrict, attrWords := getCloakConfigFromAuth(auth) - cloakMode = attrMode - if !strictMode { - strictMode = attrStrict - } - if len(sensitiveWords) == 0 { - sensitiveWords = attrWords - } - } - - // Determine if cloaking should be applied - if !shouldCloak(cloakMode, clientUserAgent) { - return payload - } - - // Skip system instructions for claude-3-5-haiku models - if !strings.HasPrefix(model, "claude-3-5-haiku") { - payload = checkSystemInstructionsWithMode(payload, strictMode) - } - - // Reuse a stable fake user ID when a matching ClaudeKey cloak config exists. - // This keeps consistent metadata across model variants for the same credential. - apiKey, _ := claudeCreds(auth) - payload = injectFakeUserID(payload, apiKey, cloakCfg != nil) - - // Apply sensitive word obfuscation - if len(sensitiveWords) > 0 { - matcher := buildSensitiveWordMatcher(sensitiveWords) - payload = obfuscateSensitiveWords(payload, matcher) - } - - return payload -} - -// ensureCacheControl injects cache_control breakpoints into the payload for optimal prompt caching. -// According to Anthropic's documentation, cache prefixes are created in order: tools -> system -> messages. -// This function adds cache_control to: -// 1. The LAST tool in the tools array (caches all tool definitions) -// 2. The LAST element in the system array (caches system prompt) -// 3. The SECOND-TO-LAST user turn (caches conversation history for multi-turn) -// -// Up to 4 cache breakpoints are allowed per request. Tools, System, and Messages are INDEPENDENT breakpoints. -// This enables up to 90% cost reduction on cached tokens (cache read = 0.1x base price). -// See: https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching -func ensureCacheControl(payload []byte) []byte { - // 1. Inject cache_control into the LAST tool (caches all tool definitions) - // Tools are cached first in the hierarchy, so this is the most important breakpoint. - payload = injectToolsCacheControl(payload) - - // 2. Inject cache_control into the LAST system prompt element - // System is the second level in the cache hierarchy. - payload = injectSystemCacheControl(payload) - - // 3. Inject cache_control into messages for multi-turn conversation caching - // This caches the conversation history up to the second-to-last user turn. - payload = injectMessagesCacheControl(payload) - - return payload -} - -func countCacheControls(payload []byte) int { - count := 0 - - // Check system - system := gjson.GetBytes(payload, "system") - if system.IsArray() { - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check tools - tools := gjson.GetBytes(payload, "tools") - if tools.IsArray() { - tools.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check messages - messages := gjson.GetBytes(payload, "messages") - if messages.IsArray() { - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - return true - }) - } - - return count -} - -// injectMessagesCacheControl adds cache_control to the second-to-last user turn for multi-turn caching. -// Per Anthropic docs: "Place cache_control on the second-to-last User message to let the model reuse the earlier cache." -// This enables caching of conversation history, which is especially beneficial for long multi-turn conversations. -// Only adds cache_control if: -// - There are at least 2 user turns in the conversation -// - No message content already has cache_control -func injectMessagesCacheControl(payload []byte) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - // Check if ANY message content already has cache_control - hasCacheControlInMessages := false - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInMessages = true - return false - } - return true - }) - } - return !hasCacheControlInMessages - }) - if hasCacheControlInMessages { - return payload - } - - // Find all user message indices - var userMsgIndices []int - messages.ForEach(func(index gjson.Result, msg gjson.Result) bool { - if msg.Get("role").String() == "user" { - userMsgIndices = append(userMsgIndices, int(index.Int())) - } - return true - }) - - // Need at least 2 user turns to cache the second-to-last - if len(userMsgIndices) < 2 { - return payload - } - - // Get the second-to-last user message index - secondToLastUserIdx := userMsgIndices[len(userMsgIndices)-2] - - // Get the content of this message - contentPath := fmt.Sprintf("messages.%d.content", secondToLastUserIdx) - content := gjson.GetBytes(payload, contentPath) - - if content.IsArray() { - // Add cache_control to the last content block of this message - contentCount := int(content.Get("#").Int()) - if contentCount > 0 { - cacheControlPath := fmt.Sprintf("messages.%d.content.%d.cache_control", secondToLastUserIdx, contentCount-1) - result, err := sjson.SetBytes(payload, cacheControlPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into messages: %v", err) - return payload - } - payload = result - } - } else if content.Type == gjson.String { - // Convert string content to array with cache_control - text := content.String() - newContent := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, contentPath, newContent) - if err != nil { - log.Warnf("failed to inject cache_control into message string content: %v", err) - return payload - } - payload = result - } - - return payload -} - -// injectToolsCacheControl adds cache_control to the last tool in the tools array. -// Per Anthropic docs: "The cache_control parameter on the last tool definition caches all tool definitions." -// This only adds cache_control if NO tool in the array already has it. -func injectToolsCacheControl(payload []byte) []byte { - tools := gjson.GetBytes(payload, "tools") - if !tools.Exists() || !tools.IsArray() { - return payload - } - - toolCount := int(tools.Get("#").Int()) - if toolCount == 0 { - return payload - } - - // Check if ANY tool already has cache_control - if so, don't modify tools - hasCacheControlInTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("cache_control").Exists() { - hasCacheControlInTools = true - return false - } - return true - }) - if hasCacheControlInTools { - return payload - } - - // Add cache_control to the last tool - lastToolPath := fmt.Sprintf("tools.%d.cache_control", toolCount-1) - result, err := sjson.SetBytes(payload, lastToolPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into tools array: %v", err) - return payload - } - - return result -} - -// injectSystemCacheControl adds cache_control to the last element in the system prompt. -// Converts string system prompts to array format if needed. -// This only adds cache_control if NO system element already has it. -func injectSystemCacheControl(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - count := int(system.Get("#").Int()) - if count == 0 { - return payload - } - - // Check if ANY system element already has cache_control - hasCacheControlInSystem := false - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInSystem = true - return false - } - return true - }) - if hasCacheControlInSystem { - return payload - } - - // Add cache_control to the last system element - lastSystemPath := fmt.Sprintf("system.%d.cache_control", count-1) - result, err := sjson.SetBytes(payload, lastSystemPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into system array: %v", err) - return payload - } - payload = result - } else if system.Type == gjson.String { - // Convert string system prompt to array with cache_control - // "system": "text" -> "system": [{"type": "text", "text": "text", "cache_control": {"type": "ephemeral"}}] - text := system.String() - newSystem := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, "system", newSystem) - if err != nil { - log.Warnf("failed to inject cache_control into system string: %v", err) - return payload - } - payload = result - } - - return payload -} - -func (e *ClaudeExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor_betas_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor_betas_test.go deleted file mode 100644 index c5bd3f214b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor_betas_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestExtractAndRemoveBetas_AcceptsStringAndArray(t *testing.T) { - betas, body := extractAndRemoveBetas([]byte(`{"betas":["b1"," b2 "],"model":"claude-3-5-sonnet","messages":[]}`)) - if got := len(betas); got != 2 { - t.Fatalf("unexpected beta count = %d", got) - } - if got, want := betas[0], "b1"; got != want { - t.Fatalf("first beta = %q, want %q", got, want) - } - if got, want := betas[1], "b2"; got != want { - t.Fatalf("second beta = %q, want %q", got, want) - } - if got := gjson.GetBytes(body, "betas").Exists(); got { - t.Fatal("betas key should be removed") - } -} - -func TestExtractAndRemoveBetas_ParsesCommaSeparatedString(t *testing.T) { - betas, _ := extractAndRemoveBetas([]byte(`{"betas":" b1, b2 ,, b3 ","model":"claude-3-5-sonnet","messages":[]}`)) - if got := len(betas); got != 3 { - t.Fatalf("unexpected beta count = %d", got) - } - if got, want := betas[0], "b1"; got != want { - t.Fatalf("first beta = %q, want %q", got, want) - } - if got, want := betas[1], "b2"; got != want { - t.Fatalf("second beta = %q, want %q", got, want) - } - if got, want := betas[2], "b3"; got != want { - t.Fatalf("third beta = %q, want %q", got, want) - } -} - -func TestExtractAndRemoveBetas_IgnoresMalformedItems(t *testing.T) { - betas, _ := extractAndRemoveBetas([]byte(`{"betas":["b1",2,{"x":"y"},true],"model":"claude-3-5-sonnet"}`)) - if got := len(betas); got != 1 { - t.Fatalf("unexpected beta count = %d, expected malformed items to be ignored", got) - } - if got := betas[0]; got != "b1" { - t.Fatalf("beta = %q, expected %q", got, "b1") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor_test.go deleted file mode 100644 index ec1b556342..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/claude_executor_test.go +++ /dev/null @@ -1,355 +0,0 @@ -package executor - -import ( - "bytes" - "net/http" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "github.com/tidwall/gjson" -) - -func TestApplyClaudeToolPrefix(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"},{"name":"proxy_bravo"}],"tool_choice":{"type":"tool","name":"charlie"},"messages":[{"role":"assistant","content":[{"type":"tool_use","name":"delta","id":"t1","input":{}}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_alpha" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_alpha") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_bravo" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_bravo") - } - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "proxy_charlie" { - t.Fatalf("tool_choice.name = %q, want %q", got, "proxy_charlie") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_delta" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_delta") - } -} - -func TestApplyClaudeToolPrefix_WithToolReference(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"}],"messages":[{"role":"user","content":[{"type":"tool_reference","tool_name":"beta"},{"type":"tool_reference","tool_name":"proxy_gamma"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.tool_name").String(); got != "proxy_beta" { - t.Fatalf("messages.0.content.0.tool_name = %q, want %q", got, "proxy_beta") - } - if got := gjson.GetBytes(out, "messages.0.content.1.tool_name").String(); got != "proxy_gamma" { - t.Fatalf("messages.0.content.1.tool_name = %q, want %q", got, "proxy_gamma") - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinTools(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"},{"name":"my_custom_tool","input_schema":{"type":"object"}}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("built-in tool name should not be prefixed: tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_my_custom_tool" { - t.Fatalf("custom tool should be prefixed: tools.1.name = %q, want %q", got, "proxy_my_custom_tool") - } -} - -func TestApplyClaudeToolPrefix_BuiltinToolSkipped(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search", "max_uses": 5}, - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}}, - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Read" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_KnownBuiltinInHistoryOnly(t *testing.T) { - body := []byte(`{ - "tools": [ - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_CustomToolsPrefixed(t *testing.T) { - body := []byte(`{ - "tools": [{"name": "Read"}, {"name": "Write"}], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}}, - {"type": "tool_use", "name": "Write", "id": "w1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Write" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Write") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Write" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Write") - } -} - -func TestApplyClaudeToolPrefix_ToolChoiceBuiltin(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search"}, - {"name": "Read"} - ], - "tool_choice": {"type": "tool", "name": "web_search"} - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "web_search" { - t.Fatalf("tool_choice.name = %q, want %q", got, "web_search") - } -} - -func TestApplyClaudeToolPrefix_ToolChoiceFunctionName(t *testing.T) { - body := []byte(`{ - "tools": [ - {"name": "Read"} - ], - "tool_choice": {"type": "function", "function": {"name": "Read"}} - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tool_choice.function.name").String(); got != "proxy_Read" { - t.Fatalf("tool_choice.function.name = %q, want %q", got, "proxy_Read") - } -} - -func TestDisableThinkingIfToolChoiceForced(t *testing.T) { - tests := []struct { - name string - body string - }{ - { - name: "tool_choice_any", - body: `{"tool_choice":{"type":"any"},"thinking":{"budget_tokens":1024}}`, - }, - { - name: "tool_choice_tool", - body: `{"tool_choice":{"type":"tool","name":"Read"},"thinking":{"budget_tokens":1024}}`, - }, - { - name: "tool_choice_function", - body: `{"tool_choice":{"type":"function","function":{"name":"Read"}},"thinking":{"budget_tokens":1024}}`, - }, - { - name: "tool_choice_auto", - body: `{"tool_choice":{"type":"auto"},"thinking":{"budget_tokens":1024}}`, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - out := disableThinkingIfToolChoiceForced([]byte(tc.body)) - hasThinking := gjson.GetBytes(out, "thinking").Exists() - switch tc.name { - case "tool_choice_any", "tool_choice_tool", "tool_choice_function": - if hasThinking { - t.Fatalf("thinking should be removed, got %s", string(out)) - } - case "tool_choice_auto": - if !hasThinking { - t.Fatalf("thinking should be preserved, got %s", string(out)) - } - } - }) - } -} - -func TestStripClaudeToolPrefixFromResponse(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_use","name":"proxy_alpha","id":"t1","input":{}},{"type":"tool_use","name":"bravo","id":"t2","input":{}}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.name").String(); got != "alpha" { - t.Fatalf("content.0.name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.name").String(); got != "bravo" { - t.Fatalf("content.1.name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromResponse_WithToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_reference","tool_name":"proxy_alpha"},{"type":"tool_reference","tool_name":"bravo"}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.tool_name").String(); got != "alpha" { - t.Fatalf("content.0.tool_name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.tool_name").String(); got != "bravo" { - t.Fatalf("content.1.tool_name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromStreamLine(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_use","name":"proxy_alpha","id":"t1"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.name").String(); got != "alpha" { - t.Fatalf("content_block.name = %q, want %q", got, "alpha") - } -} - -func TestStripClaudeToolPrefixFromStreamLine_WithToolReference(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_reference","tool_name":"proxy_beta"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.tool_name").String(); got != "beta" { - t.Fatalf("content_block.tool_name = %q, want %q", got, "beta") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReference(t *testing.T) { - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"mcp__nia__manage_resource"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "proxy_mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "proxy_mcp__nia__manage_resource") - } -} - -func TestStripClaudeToolPrefixFromResponse_NestedToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"proxy_mcp__nia__manage_resource"}]}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - got := gjson.GetBytes(out, "content.0.content.0.tool_name").String() - if got != "mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "mcp__nia__manage_resource") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReferenceWithStringContent(t *testing.T) { - // tool_result.content can be a string - should not be processed - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":"plain string result"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content").String() - if got != "plain string result" { - t.Fatalf("string content should remain unchanged = %q", got) - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinToolReference(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"}],"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"t1","content":[{"type":"tool_reference","tool_name":"web_search"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "web_search" { - t.Fatalf("built-in tool_reference should not be prefixed, got %q", got) - } -} - -func TestApplyClaudeToolPrefix_ToolResultMissingContentField(t *testing.T) { - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"t1"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - if got := gjson.GetBytes(out, "messages.0.content.0.tool_use_id").String(); got != "t1" { - t.Fatalf("tool_result should remain unchanged when content is missing, got tool_use_id=%q", got) - } - if got := gjson.GetBytes(out, "messages.0.content.0.content").String(); got != "" { - t.Fatalf("missing content field should remain missing, got %q", got) - } -} - -func TestStripClaudeToolPrefixFromResponse_ToolResultMissingContentField(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_result","tool_use_id":"t1"}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - if got := gjson.GetBytes(out, "content.0.tool_use_id").String(); got != "t1" { - t.Fatalf("tool_result should remain unchanged when content is missing, got tool_use_id=%q", got) - } - if got := gjson.GetBytes(out, "content.0.content").String(); got != "" { - t.Fatalf("missing content field should remain missing, got %q", got) - } -} - -func TestApplyClaudeHeaders_AnthropicUsesXAPIKeyAndDefaults(t *testing.T) { - req, err := http.NewRequest(http.MethodPost, "https://api.anthropic.com/v1/messages", nil) - if err != nil { - t.Fatalf("new request: %v", err) - } - auth := &cliproxyauth.Auth{Attributes: map[string]string{"api_key": "sk-ant-test"}} - applyClaudeHeaders(req, auth, "sk-ant-test", true, []string{"extra-beta"}, &config.Config{}) - - if got := req.Header.Get("x-api-key"); got != "sk-ant-test" { - t.Fatalf("x-api-key = %q, want %q", got, "sk-ant-test") - } - if got := req.Header.Get("Authorization"); got != "" { - t.Fatalf("Authorization should be empty for Anthropic API-key flow, got %q", got) - } - if got := req.Header.Get("Accept"); got != "text/event-stream" { - t.Fatalf("Accept = %q, want %q", got, "text/event-stream") - } - betas := req.Header.Get("Anthropic-Beta") - for _, want := range []string{"prompt-caching-2024-07-31", "oauth-2025-04-20", "extra-beta"} { - if !bytes.Contains([]byte(betas), []byte(want)) { - t.Fatalf("Anthropic-Beta missing %q: %q", want, betas) - } - } - if got := req.Header.Get("X-Stainless-Package-Version"); got != "0.74.0" { - t.Fatalf("X-Stainless-Package-Version = %q, want %q", got, "0.74.0") - } -} - -func TestApplyClaudeHeaders_NonAnthropicUsesBearer(t *testing.T) { - req, err := http.NewRequest(http.MethodPost, "https://gateway.example.com/v1/messages", nil) - if err != nil { - t.Fatalf("new request: %v", err) - } - auth := &cliproxyauth.Auth{Attributes: map[string]string{"api_key": "token-123"}} - applyClaudeHeaders(req, auth, "token-123", false, nil, &config.Config{}) - - if got := req.Header.Get("Authorization"); got != "Bearer token-123" { - t.Fatalf("Authorization = %q, want %q", got, "Bearer token-123") - } - if got := req.Header.Get("x-api-key"); got != "" { - t.Fatalf("x-api-key should be empty for non-Anthropic base URL, got %q", got) - } - if got := req.Header.Get("Accept"); got != "application/json" { - t.Fatalf("Accept = %q, want %q", got, "application/json") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cloak_obfuscate.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cloak_obfuscate.go deleted file mode 100644 index 81781802ac..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cloak_obfuscate.go +++ /dev/null @@ -1,176 +0,0 @@ -package executor - -import ( - "regexp" - "sort" - "strings" - "unicode/utf8" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// zeroWidthSpace is the Unicode zero-width space character used for obfuscation. -const zeroWidthSpace = "\u200B" - -// SensitiveWordMatcher holds the compiled regex for matching sensitive words. -type SensitiveWordMatcher struct { - regex *regexp.Regexp -} - -// buildSensitiveWordMatcher compiles a regex from the word list. -// Words are sorted by length (longest first) for proper matching. -func buildSensitiveWordMatcher(words []string) *SensitiveWordMatcher { - if len(words) == 0 { - return nil - } - - // Filter and normalize words - var validWords []string - for _, w := range words { - w = strings.TrimSpace(w) - if utf8.RuneCountInString(w) >= 2 && !strings.Contains(w, zeroWidthSpace) { - validWords = append(validWords, w) - } - } - - if len(validWords) == 0 { - return nil - } - - // Sort by length (longest first) for proper matching - sort.Slice(validWords, func(i, j int) bool { - return len(validWords[i]) > len(validWords[j]) - }) - - // Escape and join - escaped := make([]string, len(validWords)) - for i, w := range validWords { - escaped[i] = regexp.QuoteMeta(w) - } - - pattern := "(?i)" + strings.Join(escaped, "|") - re, err := regexp.Compile(pattern) - if err != nil { - return nil - } - - return &SensitiveWordMatcher{regex: re} -} - -// obfuscateWord inserts a zero-width space after the first grapheme. -func obfuscateWord(word string) string { - if strings.Contains(word, zeroWidthSpace) { - return word - } - - // Get first rune - r, size := utf8.DecodeRuneInString(word) - if r == utf8.RuneError || size >= len(word) { - return word - } - - return string(r) + zeroWidthSpace + word[size:] -} - -// obfuscateText replaces all sensitive words in the text. -func (m *SensitiveWordMatcher) obfuscateText(text string) string { - if m == nil || m.regex == nil { - return text - } - return m.regex.ReplaceAllStringFunc(text, obfuscateWord) -} - -// obfuscateSensitiveWords processes the payload and obfuscates sensitive words -// in system blocks and message content. -func obfuscateSensitiveWords(payload []byte, matcher *SensitiveWordMatcher) []byte { - if matcher == nil || matcher.regex == nil { - return payload - } - - // Obfuscate in system blocks - payload = obfuscateSystemBlocks(payload, matcher) - - // Obfuscate in messages - payload = obfuscateMessages(payload, matcher) - - return payload -} - -// obfuscateSystemBlocks obfuscates sensitive words in system blocks. -func obfuscateSystemBlocks(payload []byte, matcher *SensitiveWordMatcher) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - modified := false - system.ForEach(func(key, value gjson.Result) bool { - if value.Get("type").String() == "text" { - text := value.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := "system." + key.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - modified = true - } - } - return true - }) - if modified { - return payload - } - } else if system.Type == gjson.String { - text := system.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, "system", obfuscated) - } - } - - return payload -} - -// obfuscateMessages obfuscates sensitive words in message content. -func obfuscateMessages(payload []byte, matcher *SensitiveWordMatcher) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - messages.ForEach(func(msgKey, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() { - return true - } - - msgPath := "messages." + msgKey.String() - - if content.Type == gjson.String { - // Simple string content - text := content.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, msgPath+".content", obfuscated) - } - } else if content.IsArray() { - // Array of content blocks - content.ForEach(func(blockKey, block gjson.Result) bool { - if block.Get("type").String() == "text" { - text := block.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := msgPath + ".content." + blockKey.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - } - } - return true - }) - } - - return true - }) - - return payload -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cloak_utils.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cloak_utils.go deleted file mode 100644 index 6820ff88f2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/cloak_utils.go +++ /dev/null @@ -1,42 +0,0 @@ -package executor - -import ( - "crypto/rand" - "encoding/hex" - "regexp" - "strings" - - "github.com/google/uuid" -) - -// userIDPattern matches Claude Code format: user_[64-hex]_account__session_[uuid-v4] -var userIDPattern = regexp.MustCompile(`^user_[a-fA-F0-9]{64}_account__session_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`) - -// generateFakeUserID generates a fake user ID in Claude Code format. -// Format: user_[64-hex-chars]_account__session_[UUID-v4] -func generateFakeUserID() string { - hexBytes := make([]byte, 32) - _, _ = rand.Read(hexBytes) - hexPart := hex.EncodeToString(hexBytes) - uuidPart := uuid.New().String() - return "user_" + hexPart + "_account__session_" + uuidPart -} - -// isValidUserID checks if a user ID matches Claude Code format. -func isValidUserID(userID string) bool { - return userIDPattern.MatchString(userID) -} - -// shouldCloak determines if request should be cloaked based on config and client User-Agent. -// Returns true if cloaking should be applied. -func shouldCloak(cloakMode string, userAgent string) bool { - switch strings.ToLower(cloakMode) { - case "always": - return true - case "never": - return false - default: // "auto" or empty - // If client is Claude Code, don't cloak - return !strings.HasPrefix(userAgent, "claude-cli") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_executor.go deleted file mode 100644 index fb5f47ed11..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_executor.go +++ /dev/null @@ -1,864 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - codexauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "github.com/tiktoken-go/tokenizer" - - "github.com/gin-gonic/gin" - "github.com/google/uuid" -) - -const ( - codexClientVersion = "0.101.0" - codexUserAgent = "codex_cli_rs/0.101.0 (Mac OS 26.0.1; arm64) Apple_Terminal/464" -) - -var dataTag = []byte("data:") - -// CodexExecutor is a stateless executor for Codex (OpenAI Responses API entrypoint). -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type CodexExecutor struct { - cfg *config.Config -} - -func NewCodexExecutor(cfg *config.Config) *CodexExecutor { return &CodexExecutor{cfg: cfg} } - -func (e *CodexExecutor) Identifier() string { return "codex" } - -// PrepareRequest injects Codex credentials into the outgoing HTTP request. -func (e *CodexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := codexCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Codex credentials into the request and executes it. -func (e *CodexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("codex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return e.executeCompact(ctx, auth, req, opts) - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - // Preserve compaction fields for openai-response format (GitHub #1667) - // These fields are used for conversation context management in the Responses API - if from != "openai-response" { - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - } - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - body = normalizeCodexToolSchemas(body) - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - - line = bytes.TrimSpace(line[5:]) - if gjson.GetBytes(line, "type").String() != "response.completed" { - continue - } - - if detail, ok := parseCodexUsage(line); ok { - reporter.publish(ctx, detail) - } - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, line, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - err = statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"} - return resp, err -} - -func (e *CodexExecutor) executeCompact(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai-response") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.DeleteBytes(body, "stream") - body = normalizeCodexToolSchemas(body) - - url := strings.TrimSuffix(baseURL, "/") + "/responses/compact" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - reporter.ensurePublished(ctx) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - // Preserve compaction fields for openai-response format (GitHub #1667) - // These fields are used for conversation context management in the Responses API - if from != "openai-response" { - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - } - body, _ = sjson.SetBytes(body, "model", baseModel) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - body = normalizeCodexToolSchemas(body) - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return nil, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - completed := false - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if gjson.GetBytes(data, "type").String() == "response.completed" { - completed = true - if detail, ok := parseCodexUsage(data); ok { - reporter.publish(ctx, detail) - } - } - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, originalPayload, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - return - } - if !completed { - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{ - Err: statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"}, - } - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *CodexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err := thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body, _ = sjson.SetBytes(body, "model", baseModel) - // Preserve compaction fields for openai-response format (GitHub #1667) - // These fields are used for conversation context management in the Responses API - if from != "openai-response" { - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - } - body, _ = sjson.SetBytes(body, "stream", false) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - enc, err := tokenizerForCodexModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: tokenizer init failed: %w", err) - } - - count, err := countCodexInputTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: token counting failed: %w", err) - } - - usageJSON := fmt.Sprintf(`{"response":{"usage":{"input_tokens":%d,"output_tokens":0,"total_tokens":%d}}}`, count, count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, []byte(usageJSON)) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func tokenizerForCodexModel(model string) (tokenizer.Codec, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - switch { - case sanitized == "": - return tokenizer.Get(tokenizer.Cl100kBase) - case strings.HasPrefix(sanitized, "gpt-5"): - return tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - return tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - return tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - return tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - return tokenizer.ForModel(tokenizer.GPT35Turbo) - default: - return tokenizer.Get(tokenizer.Cl100kBase) - } -} - -func countCodexInputTokens(enc tokenizer.Codec, body []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(body) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(body) - var segments []string - - if inst := strings.TrimSpace(root.Get("instructions").String()); inst != "" { - segments = append(segments, inst) - } - - inputItems := root.Get("input") - if inputItems.IsArray() { - arr := inputItems.Array() - for i := range arr { - item := arr[i] - switch item.Get("type").String() { - case "message": - content := item.Get("content") - if content.IsArray() { - parts := content.Array() - for j := range parts { - part := parts[j] - if text := strings.TrimSpace(part.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - case "function_call": - if name := strings.TrimSpace(item.Get("name").String()); name != "" { - segments = append(segments, name) - } - if args := strings.TrimSpace(item.Get("arguments").String()); args != "" { - segments = append(segments, args) - } - case "function_call_output": - if out := strings.TrimSpace(item.Get("output").String()); out != "" { - segments = append(segments, out) - } - default: - if text := strings.TrimSpace(item.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - } - - tools := root.Get("tools") - if tools.IsArray() { - tarr := tools.Array() - for i := range tarr { - tool := tarr[i] - if name := strings.TrimSpace(tool.Get("name").String()); name != "" { - segments = append(segments, name) - } - if desc := strings.TrimSpace(tool.Get("description").String()); desc != "" { - segments = append(segments, desc) - } - if params := tool.Get("parameters"); params.Exists() { - val := params.Raw - if params.Type == gjson.String { - val = params.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - } - - textFormat := root.Get("text.format") - if textFormat.Exists() { - if name := strings.TrimSpace(textFormat.Get("name").String()); name != "" { - segments = append(segments, name) - } - if schema := textFormat.Get("schema"); schema.Exists() { - val := schema.Raw - if schema.Type == gjson.String { - val = schema.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - - text := strings.Join(segments, "\n") - if text == "" { - return 0, nil - } - - count, err := enc.Count(text) - if err != nil { - return 0, err - } - return int64(count), nil -} - -func (e *CodexExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("codex executor: refresh called") - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "codex executor: missing auth"} - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := codexauth.NewCodexAuth(e.cfg) - td, err := svc.RefreshTokensWithRetry(ctx, refreshToken, 3) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["id_token"] = td.IDToken - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.AccountID != "" { - auth.Metadata["account_id"] = td.AccountID - } - auth.Metadata["email"] = td.Email - // Use unified key in files - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "codex" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func normalizeCodexToolSchemas(body []byte) []byte { - if len(body) == 0 { - return body - } - - var root map[string]any - if err := json.Unmarshal(body, &root); err != nil { - return body - } - - toolsValue, exists := root["tools"] - if !exists { - return body - } - tools, ok := toolsValue.([]any) - if !ok { - return body - } - - changed := false - for i := range tools { - tool, ok := tools[i].(map[string]any) - if !ok { - continue - } - parametersValue, exists := tool["parameters"] - if !exists { - continue - } - - switch parameters := parametersValue.(type) { - case map[string]any: - if normalizeJSONSchemaArrays(parameters) { - changed = true - } - case string: - trimmed := strings.TrimSpace(parameters) - if trimmed == "" { - continue - } - var schema map[string]any - if err := json.Unmarshal([]byte(trimmed), &schema); err != nil { - continue - } - if !normalizeJSONSchemaArrays(schema) { - continue - } - normalizedSchema, err := json.Marshal(schema) - if err != nil { - continue - } - tool["parameters"] = string(normalizedSchema) - changed = true - } - } - - if !changed { - return body - } - normalizedBody, err := json.Marshal(root) - if err != nil { - return body - } - return normalizedBody -} - -func normalizeJSONSchemaArrays(schema map[string]any) bool { - if schema == nil { - return false - } - - changed := false - if schemaTypeHasArray(schema["type"]) { - if _, exists := schema["items"]; !exists { - schema["items"] = map[string]any{} - changed = true - } - } - - if itemsSchema, ok := schema["items"].(map[string]any); ok { - if normalizeJSONSchemaArrays(itemsSchema) { - changed = true - } - } - if itemsArray, ok := schema["items"].([]any); ok { - for i := range itemsArray { - itemSchema, ok := itemsArray[i].(map[string]any) - if !ok { - continue - } - if normalizeJSONSchemaArrays(itemSchema) { - changed = true - } - } - } - - if props, ok := schema["properties"].(map[string]any); ok { - for _, prop := range props { - propSchema, ok := prop.(map[string]any) - if !ok { - continue - } - if normalizeJSONSchemaArrays(propSchema) { - changed = true - } - } - } - - if additionalProperties, ok := schema["additionalProperties"].(map[string]any); ok { - if normalizeJSONSchemaArrays(additionalProperties) { - changed = true - } - } - - for _, key := range []string{"anyOf", "oneOf", "allOf", "prefixItems"} { - nodes, ok := schema[key].([]any) - if !ok { - continue - } - for i := range nodes { - node, ok := nodes[i].(map[string]any) - if !ok { - continue - } - if normalizeJSONSchemaArrays(node) { - changed = true - } - } - } - - return changed -} - -func schemaTypeHasArray(typeValue any) bool { - switch typeNode := typeValue.(type) { - case string: - return strings.EqualFold(strings.TrimSpace(typeNode), "array") - case []any: - for i := range typeNode { - typeName, ok := typeNode[i].(string) - if ok && strings.EqualFold(strings.TrimSpace(typeName), "array") { - return true - } - } - case []string: - for i := range typeNode { - if strings.EqualFold(strings.TrimSpace(typeNode[i]), "array") { - return true - } - } - } - return false -} - -func (e *CodexExecutor) cacheHelper(ctx context.Context, from sdktranslator.Format, url string, req cliproxyexecutor.Request, rawJSON []byte) (*http.Request, error) { - var cache codexCache - switch from { - case "claude": - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - var ok bool - if cache, ok = getCodexCache(key); !ok { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - case "openai-response": - promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key") - if promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - } - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(rawJSON)) - if err != nil { - return nil, err - } - if cache.ID != "" { - httpReq.Header.Set("Conversation_id", cache.ID) - httpReq.Header.Set("Session_id", cache.ID) - } - return httpReq, nil -} - -func applyCodexHeaders(r *http.Request, auth *cliproxyauth.Auth, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "Version", codexClientVersion) - misc.EnsureHeader(r.Header, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", codexUserAgent) - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - r.Header.Set("Connection", "Keep-Alive") - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - r.Header.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - r.Header.Set("Chatgpt-Account-Id", accountID) - } - } - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func codexCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_executor_schema_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_executor_schema_test.go deleted file mode 100644 index 1b02a21b78..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_executor_schema_test.go +++ /dev/null @@ -1,76 +0,0 @@ -package executor - -import ( - "encoding/json" - "testing" - - "github.com/tidwall/gjson" -) - -func TestNormalizeCodexToolSchemas_UnionTypeArrayAddsItems(t *testing.T) { - t.Parallel() - - body := []byte(`{"tools":[{"name":"tool_object","parameters":{"type":["object","array"]}},{"name":"tool_string","parameters":"{\"type\":[\"null\",\"array\"]}"}]}`) - got := normalizeCodexToolSchemas(body) - - if !gjson.GetBytes(got, "tools.0.parameters.items").Exists() { - t.Fatalf("expected items for object parameters union array type") - } - - paramsString := gjson.GetBytes(got, "tools.1.parameters").String() - if paramsString == "" { - t.Fatal("expected parameters string for second tool") - } - var schema map[string]any - if err := json.Unmarshal([]byte(paramsString), &schema); err != nil { - t.Fatalf("failed to parse parameters string: %v", err) - } - if _, ok := schema["items"]; !ok { - t.Fatal("expected items in string parameters union array type") - } -} - -func TestNormalizeCodexToolSchemas_NestedCompositeArrayAddsItems(t *testing.T) { - t.Parallel() - - body := []byte(`{ - "tools":[ - { - "name":"nested", - "parameters":{ - "type":"object", - "properties":{ - "payload":{ - "anyOf":[ - {"type":"array"}, - {"type":"object","properties":{"nested":{"type":["array","null"]}}} - ] - } - } - } - } - ] -}`) - - got := normalizeCodexToolSchemas(body) - if !gjson.GetBytes(got, "tools.0.parameters.properties.payload.anyOf.0.items").Exists() { - t.Fatal("expected items added for anyOf array schema") - } - if !gjson.GetBytes(got, "tools.0.parameters.properties.payload.anyOf.1.properties.nested.items").Exists() { - t.Fatal("expected items added for nested union array schema") - } -} - -func TestNormalizeCodexToolSchemas_ExistingItemsUnchanged(t *testing.T) { - t.Parallel() - - body := []byte("{\n \"tools\": [\n {\n \"name\": \"already_ok\",\n \"parameters\": {\n \"type\": \"array\",\n \"items\": {\"type\": \"string\"}\n }\n }\n ]\n}\n") - got := normalizeCodexToolSchemas(body) - - if string(got) != string(body) { - t.Fatal("expected original body when schema already has items") - } - if gjson.GetBytes(got, "tools.0.parameters.items.type").String() != "string" { - t.Fatal("expected existing items schema to remain unchanged") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_token_count_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_token_count_test.go deleted file mode 100644 index f0acd3f267..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_token_count_test.go +++ /dev/null @@ -1,65 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tiktoken-go/tokenizer" -) - -func TestCountCodexInputTokens_FunctionCallOutputObjectIncluded(t *testing.T) { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - t.Fatalf("tokenizer init failed: %v", err) - } - - body := []byte(`{"input":[{"type":"function_call_output","output":{"ok":true,"items":[1,2,3]}}]}`) - count, err := countCodexInputTokens(enc, body) - if err != nil { - t.Fatalf("countCodexInputTokens failed: %v", err) - } - if count <= 0 { - t.Fatalf("count = %d, want > 0", count) - } -} - -func TestCountCodexInputTokens_FunctionCallArgumentsObjectIncluded(t *testing.T) { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - t.Fatalf("tokenizer init failed: %v", err) - } - - body := []byte(`{"input":[{"type":"function_call","name":"sum","arguments":{"a":1,"b":2}}]}`) - count, err := countCodexInputTokens(enc, body) - if err != nil { - t.Fatalf("countCodexInputTokens failed: %v", err) - } - if count <= 0 { - t.Fatalf("count = %d, want > 0", count) - } -} - -func TestCountCodexInputTokens_FunctionCallArgumentsObjectSerializationParity(t *testing.T) { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - t.Fatalf("tokenizer init failed: %v", err) - } - - objectBody := []byte(`{"input":[{"type":"function_call","name":"sum","arguments":{"a":1,"b":{"nested":true},"items":[1,2,3]}}]}`) - stringBody := []byte(`{"input":[{"type":"function_call","name":"sum","arguments":"{\"a\":1,\"b\":{\"nested\":true},\"items\":[1,2,3]}"}]}`) - - objectCount, err := countCodexInputTokens(enc, objectBody) - if err != nil { - t.Fatalf("countCodexInputTokens object failed: %v", err) - } - stringCount, err := countCodexInputTokens(enc, stringBody) - if err != nil { - t.Fatalf("countCodexInputTokens string failed: %v", err) - } - - if objectCount <= 0 || stringCount <= 0 { - t.Fatalf("counts must be positive, object=%d string=%d", objectCount, stringCount) - } - if objectCount != stringCount { - t.Fatalf("object vs string count mismatch: object=%d string=%d", objectCount, stringCount) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor.go deleted file mode 100644 index a29c996c21..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor.go +++ /dev/null @@ -1,1432 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements a Codex executor that uses the Responses API WebSocket transport. -package executor - -import ( - "bytes" - "context" - "fmt" - "io" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/gorilla/websocket" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/net/proxy" -) - -const ( - codexResponsesWebsocketBetaHeaderValue = "responses_websockets=2026-02-04" - codexResponsesWebsocketIdleTimeout = 5 * time.Minute - codexResponsesWebsocketHandshakeTO = 30 * time.Second -) - -// CodexWebsocketsExecutor executes Codex Responses requests using a WebSocket transport. -// -// It preserves the existing CodexExecutor HTTP implementation as a fallback for endpoints -// not available over WebSocket (e.g. /responses/compact) and for websocket upgrade failures. -type CodexWebsocketsExecutor struct { - *CodexExecutor - - sessMu sync.Mutex - sessions map[string]*codexWebsocketSession -} - -type codexWebsocketSession struct { - sessionID string - - reqMu sync.Mutex - - connMu sync.Mutex - conn *websocket.Conn - wsURL string - authID string - - // connCreateSent tracks whether a `response.create` message has been successfully sent - // on the current websocket connection. The upstream expects the first message on each - // connection to be `response.create`. - connCreateSent bool - - writeMu sync.Mutex - - activeMu sync.Mutex - activeCh chan codexWebsocketRead - activeDone <-chan struct{} - activeCancel context.CancelFunc - - readerConn *websocket.Conn -} - -func NewCodexWebsocketsExecutor(cfg *config.Config) *CodexWebsocketsExecutor { - return &CodexWebsocketsExecutor{ - CodexExecutor: NewCodexExecutor(cfg), - sessions: make(map[string]*codexWebsocketSession), - } -} - -type codexWebsocketRead struct { - conn *websocket.Conn - msgType int - payload []byte - err error -} - -// enqueueCodexWebsocketRead attempts to send a read result to the channel. -// If the channel is full and a done signal is sent, it returns without enqueuing. -// If the channel is full and we have an error, it prioritizes the error by draining and re-sending. -func enqueueCodexWebsocketRead(ch chan codexWebsocketRead, done <-chan struct{}, read codexWebsocketRead) { - if ch == nil { - return - } - - // Try to send without blocking first - select { - case <-done: - return - case ch <- read: - return - default: - } - - // Channel full and done signal not yet sent; check done again - select { - case <-done: - return - default: - } - - // If we have an error, prioritize it by draining the stale message - if read.err != nil { - select { - case <-done: - return - case <-ch: - // Drained stale message, now send the error - ch <- read - } - } -} - -func (s *codexWebsocketSession) setActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCancel != nil { - s.activeCancel() - s.activeCancel = nil - s.activeDone = nil - } - s.activeCh = ch - if ch != nil { - activeCtx, activeCancel := context.WithCancel(context.Background()) - s.activeDone = activeCtx.Done() - s.activeCancel = activeCancel - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) clearActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCh == ch { - s.activeCh = nil - if s.activeCancel != nil { - s.activeCancel() - } - s.activeCancel = nil - s.activeDone = nil - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) writeMessage(conn *websocket.Conn, msgType int, payload []byte) error { - if s == nil { - return fmt.Errorf("codex websockets executor: session is nil") - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - s.writeMu.Lock() - defer s.writeMu.Unlock() - return conn.WriteMessage(msgType, payload) -} - -func (s *codexWebsocketSession) configureConn(conn *websocket.Conn) { - if s == nil || conn == nil { - return - } - conn.SetPingHandler(func(appData string) error { - s.writeMu.Lock() - defer s.writeMu.Unlock() - // Reply pongs from the same write lock to avoid concurrent writes. - return conn.WriteControl(websocket.PongMessage, []byte(appData), time.Now().Add(10*time.Second)) - }) -} - -func (e *CodexWebsocketsExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return e.executeCompact(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - body = normalizeCodexToolSchemas(body) - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return resp, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - defer sess.reqMu.Unlock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if respHS != nil { - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.Execute(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return resp, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - return resp, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - defer func() { - reason := "completed" - if err != nil { - reason = "error" - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - defer sess.clearActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a fresh websocket connection. This is mainly to handle - // upstream closing the socket between sequential requests within the same - // execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry == nil && connRetry != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry == nil { - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - recordAPIResponseError(ctx, e.cfg, errSendRetry) - return resp, errSendRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - return resp, errDialRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errSend) - return resp, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - for { - if ctx != nil && ctx.Err() != nil { - return resp, ctx.Err() - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - recordAPIResponseError(ctx, e.cfg, wsErr) - return resp, wsErr - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - } -} - -func (e *CodexWebsocketsExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - log.Debug("executing codex websockets stream request") - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://chatgpt.com/backend-api/codex", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := req.Payload - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, body, requestedModel) - body = normalizeCodexToolSchemas(body) - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return nil, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - var upstreamHeaders http.Header - if respHS != nil { - upstreamHeaders = respHS.Header.Clone() - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.ExecuteStream(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return nil, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - if sess != nil { - sess.reqMu.Unlock() - } - return nil, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - recordAPIResponseError(ctx, e.cfg, errSend) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a new websocket connection for the same execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry != nil || connRetry == nil { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errDialRetry - } - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry != nil { - recordAPIResponseError(ctx, e.cfg, errSendRetry) - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errSendRetry - } - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, "send_error", errSend) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return nil, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - terminateReason := "completed" - var terminateErr error - - defer close(out) - defer func() { - if sess != nil { - sess.clearActive(readCh) - sess.reqMu.Unlock() - return - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, terminateReason, terminateErr) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - - send := func(chunk cliproxyexecutor.StreamChunk) bool { - if ctx == nil { - out <- chunk - return true - } - select { - case out <- chunk: - return true - case <-ctx.Done(): - return false - } - } - - var param any - for { - if ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - if sess != nil && ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - terminateReason = "read_error" - terminateErr = errRead - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - _ = send(cliproxyexecutor.StreamChunk{Err: errRead}) - return - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - terminateReason = "unexpected_binary" - terminateErr = err - recordAPIResponseError(ctx, e.cfg, err) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - _ = send(cliproxyexecutor.StreamChunk{Err: err}) - return - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - terminateReason = "upstream_error" - terminateErr = wsErr - recordAPIResponseError(ctx, e.cfg, wsErr) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - _ = send(cliproxyexecutor.StreamChunk{Err: wsErr}) - return - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" || eventType == "response.done" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - } - - line := encodeCodexWebsocketAsSSE(payload) - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, body, body, line, ¶m) - for i := range chunks { - if !send(cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}) { - terminateReason = "context_done" - terminateErr = ctx.Err() - return - } - } - if eventType == "response.completed" || eventType == "response.done" { - return - } - } - }() - - return &cliproxyexecutor.StreamResult{Headers: upstreamHeaders, Chunks: out}, nil -} - -func (e *CodexWebsocketsExecutor) dialCodexWebsocket(ctx context.Context, auth *cliproxyauth.Auth, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - dialer := newProxyAwareWebsocketDialer(e.cfg, auth) - dialer.HandshakeTimeout = codexResponsesWebsocketHandshakeTO - dialer.EnableCompression = true - if ctx == nil { - ctx = context.Background() - } - conn, resp, err := dialer.DialContext(ctx, wsURL, headers) - if conn != nil { - // Avoid gorilla/websocket flate tail validation issues on some upstreams/Go versions. - // Negotiating permessage-deflate is fine; we just don't compress outbound messages. - conn.EnableWriteCompression(false) - } - return conn, resp, err -} - -func writeCodexWebsocketMessage(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) error { - if sess != nil { - return sess.writeMessage(conn, websocket.TextMessage, payload) - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - return conn.WriteMessage(websocket.TextMessage, payload) -} - -func buildCodexWebsocketRequestBody(body []byte, allowAppend bool) []byte { - if len(body) == 0 { - return nil - } - - // Codex CLI websocket v2 uses `response.create` with `previous_response_id` for incremental turns. - // The upstream ChatGPT Codex websocket currently rejects that with close 1008 (policy violation). - // Fall back to v1 `response.append` semantics on the same websocket connection to keep the session alive. - // - // NOTE: The upstream expects the first websocket event on each connection to be `response.create`, - // so we only use `response.append` after we have initialized the current connection. - if allowAppend { - if prev := strings.TrimSpace(gjson.GetBytes(body, "previous_response_id").String()); prev != "" { - inputNode := gjson.GetBytes(body, "input") - wsReqBody := []byte(`{}`) - wsReqBody, _ = sjson.SetBytes(wsReqBody, "type", "response.append") - if inputNode.Exists() && inputNode.IsArray() && strings.TrimSpace(inputNode.Raw) != "" { - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte(inputNode.Raw)) - return wsReqBody - } - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte("[]")) - return wsReqBody - } - } - - wsReqBody, errSet := sjson.SetBytes(bytes.Clone(body), "type", "response.create") - if errSet == nil && len(wsReqBody) > 0 { - return wsReqBody - } - fallback := bytes.Clone(body) - fallback, _ = sjson.SetBytes(fallback, "type", "response.create") - return fallback -} - -func readCodexWebsocketMessage(ctx context.Context, sess *codexWebsocketSession, conn *websocket.Conn, readCh chan codexWebsocketRead) (int, []byte, error) { - if sess == nil { - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - return msgType, payload, errRead - } - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - if readCh == nil { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel is nil") - } - for { - select { - case <-ctx.Done(): - return 0, nil, ctx.Err() - case ev, ok := <-readCh: - if !ok { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel closed") - } - if ev.conn != conn { - continue - } - if ev.err != nil { - return 0, nil, ev.err - } - return ev.msgType, ev.payload, nil - } - } -} - -func markCodexWebsocketCreateSent(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) { - if sess == nil || conn == nil || len(payload) == 0 { - return - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "response.create" { - return - } - - sess.connMu.Lock() - if sess.conn == conn { - sess.connCreateSent = true - } - sess.connMu.Unlock() -} - -func newProxyAwareWebsocketDialer(cfg *config.Config, auth *cliproxyauth.Auth) *websocket.Dialer { - dialer := &websocket.Dialer{ - Proxy: http.ProxyFromEnvironment, - HandshakeTimeout: codexResponsesWebsocketHandshakeTO, - EnableCompression: true, - NetDialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).DialContext, - } - - proxyURL := "" - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - if proxyURL == "" { - return dialer - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("codex websockets executor: parse proxy URL failed: %v", errParse) - return dialer - } - - switch parsedURL.Scheme { - case "socks5": - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - socksDialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("codex websockets executor: create SOCKS5 dialer failed: %v", errSOCKS5) - return dialer - } - dialer.Proxy = nil - dialer.NetDialContext = func(_ context.Context, network, addr string) (net.Conn, error) { - return socksDialer.Dial(network, addr) - } - case "http", "https": - dialer.Proxy = http.ProxyURL(parsedURL) - default: - log.Errorf("codex websockets executor: unsupported proxy scheme: %s", parsedURL.Scheme) - } - - return dialer -} - -func buildCodexResponsesWebsocketURL(httpURL string) (string, error) { - parsed, err := url.Parse(strings.TrimSpace(httpURL)) - if err != nil { - return "", err - } - switch strings.ToLower(parsed.Scheme) { - case "http": - parsed.Scheme = "ws" - case "https": - parsed.Scheme = "wss" - } - return parsed.String(), nil -} - -func applyCodexPromptCacheHeaders(from sdktranslator.Format, req cliproxyexecutor.Request, rawJSON []byte) ([]byte, http.Header) { - headers := http.Header{} - if len(rawJSON) == 0 { - return rawJSON, headers - } - - var cache codexCache - switch from { - case "claude": - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - if cached, ok := getCodexCache(key); ok { - cache = cached - } else { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - case "openai-response": - if promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key"); promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - headers.Set("Conversation_id", cache.ID) - headers.Set("Session_id", cache.ID) - } - - return rawJSON, headers -} - -func applyCodexWebsocketHeaders(ctx context.Context, headers http.Header, auth *cliproxyauth.Auth, token string) http.Header { - if headers == nil { - headers = http.Header{} - } - if strings.TrimSpace(token) != "" { - headers.Set("Authorization", "Bearer "+token) - } - - var ginHeaders http.Header - if ginCtx := ginContextFrom(ctx); ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(headers, ginHeaders, "x-codex-beta-features", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-state", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-metadata", "") - misc.EnsureHeader(headers, ginHeaders, "x-responsesapi-include-timing-metrics", "") - - misc.EnsureHeader(headers, ginHeaders, "Version", codexClientVersion) - betaHeader := strings.TrimSpace(headers.Get("OpenAI-Beta")) - if betaHeader == "" && ginHeaders != nil { - betaHeader = strings.TrimSpace(ginHeaders.Get("OpenAI-Beta")) - } - if betaHeader == "" || !strings.Contains(betaHeader, "responses_websockets=") { - betaHeader = codexResponsesWebsocketBetaHeaderValue - } - headers.Set("OpenAI-Beta", betaHeader) - misc.EnsureHeader(headers, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(headers, ginHeaders, "User-Agent", codexUserAgent) - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - headers.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - if trimmed := strings.TrimSpace(accountID); trimmed != "" { - headers.Set("Chatgpt-Account-Id", trimmed) - } - } - } - } - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(&http.Request{Header: headers}, attrs) - - return headers -} - -type statusErrWithHeaders struct { - statusErr - headers http.Header -} - -func (e statusErrWithHeaders) Headers() http.Header { - if e.headers == nil { - return nil - } - return e.headers.Clone() -} - -func parseCodexWebsocketError(payload []byte) (error, bool) { - if len(payload) == 0 { - return nil, false - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "error" { - return nil, false - } - status := int(gjson.GetBytes(payload, "status").Int()) - if status == 0 { - status = int(gjson.GetBytes(payload, "status_code").Int()) - } - if status <= 0 { - return nil, false - } - - out := []byte(`{}`) - if errNode := gjson.GetBytes(payload, "error"); errNode.Exists() { - raw := errNode.Raw - if errNode.Type == gjson.String { - raw = errNode.Raw - } - out, _ = sjson.SetRawBytes(out, "error", []byte(raw)) - } else { - out, _ = sjson.SetBytes(out, "error.type", "server_error") - out, _ = sjson.SetBytes(out, "error.message", http.StatusText(status)) - } - - headers := parseCodexWebsocketErrorHeaders(payload) - return statusErrWithHeaders{ - statusErr: statusErr{code: status, msg: string(out)}, - headers: headers, - }, true -} - -func parseCodexWebsocketErrorHeaders(payload []byte) http.Header { - headersNode := gjson.GetBytes(payload, "headers") - if !headersNode.Exists() || !headersNode.IsObject() { - return nil - } - mapped := make(http.Header) - headersNode.ForEach(func(key, value gjson.Result) bool { - name := strings.TrimSpace(key.String()) - if name == "" { - return true - } - switch value.Type { - case gjson.String: - if v := strings.TrimSpace(value.String()); v != "" { - mapped.Set(name, v) - } - case gjson.Number, gjson.True, gjson.False: - if v := strings.TrimSpace(value.Raw); v != "" { - mapped.Set(name, v) - } - default: - } - return true - }) - if len(mapped) == 0 { - return nil - } - return mapped -} - -func normalizeCodexWebsocketCompletion(payload []byte) []byte { - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) == "response.done" { - updated, err := sjson.SetBytes(payload, "type", "response.completed") - if err == nil && len(updated) > 0 { - return updated - } - } - return payload -} - -func encodeCodexWebsocketAsSSE(payload []byte) []byte { - if len(payload) == 0 { - return nil - } - line := make([]byte, 0, len("data: ")+len(payload)) - line = append(line, []byte("data: ")...) - line = append(line, payload...) - return line -} - -func websocketHandshakeBody(resp *http.Response) []byte { - if resp == nil || resp.Body == nil { - return nil - } - body, _ := io.ReadAll(resp.Body) - closeHTTPResponseBody(resp, "codex websockets executor: close handshake response body error") - if len(body) == 0 { - return nil - } - return body -} - -func closeHTTPResponseBody(resp *http.Response, logPrefix string) { - if resp == nil || resp.Body == nil { - return - } - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("%s: %v", logPrefix, errClose) - } -} - -func executionSessionIDFromOptions(opts cliproxyexecutor.Options) string { - if len(opts.Metadata) == 0 { - return "" - } - raw, ok := opts.Metadata[cliproxyexecutor.ExecutionSessionMetadataKey] - if !ok || raw == nil { - return "" - } - switch v := raw.(type) { - case string: - return strings.TrimSpace(v) - case []byte: - return strings.TrimSpace(string(v)) - default: - return "" - } -} - -func (e *CodexWebsocketsExecutor) getOrCreateSession(sessionID string) *codexWebsocketSession { - sessionID = strings.TrimSpace(sessionID) - if sessionID == "" { - return nil - } - e.sessMu.Lock() - defer e.sessMu.Unlock() - if e.sessions == nil { - e.sessions = make(map[string]*codexWebsocketSession) - } - if sess, ok := e.sessions[sessionID]; ok && sess != nil { - return sess - } - sess := &codexWebsocketSession{sessionID: sessionID} - e.sessions[sessionID] = sess - return sess -} - -func (e *CodexWebsocketsExecutor) ensureUpstreamConn(ctx context.Context, auth *cliproxyauth.Auth, sess *codexWebsocketSession, authID string, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - if sess == nil { - return e.dialCodexWebsocket(ctx, auth, wsURL, headers) - } - - sess.connMu.Lock() - conn := sess.conn - readerConn := sess.readerConn - sess.connMu.Unlock() - if conn != nil { - if readerConn != conn { - sess.connMu.Lock() - sess.readerConn = conn - sess.connMu.Unlock() - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - } - return conn, nil, nil - } - - conn, resp, errDial := e.dialCodexWebsocket(ctx, auth, wsURL, headers) - if errDial != nil { - return nil, resp, errDial - } - - sess.connMu.Lock() - if sess.conn != nil { - previous := sess.conn - sess.connMu.Unlock() - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return previous, nil, nil - } - sess.conn = conn - sess.wsURL = wsURL - sess.authID = authID - sess.connCreateSent = false - sess.readerConn = conn - sess.connMu.Unlock() - - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - logCodexWebsocketConnected(sess.sessionID, authID, wsURL) - return conn, resp, nil -} - -func (e *CodexWebsocketsExecutor) readUpstreamLoop(sess *codexWebsocketSession, conn *websocket.Conn) { - if e == nil || sess == nil || conn == nil { - return - } - for { - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - if errRead != nil { - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errRead}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "upstream_disconnected", errRead) - return - } - - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - errBinary := fmt.Errorf("codex websockets executor: unexpected binary message") - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errBinary}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", errBinary) - return - } - continue - } - - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch == nil { - continue - } - select { - case ch <- codexWebsocketRead{conn: conn, msgType: msgType, payload: payload}: - case <-done: - } - } -} - -func (e *CodexWebsocketsExecutor) invalidateUpstreamConn(sess *codexWebsocketSession, conn *websocket.Conn, reason string, err error) { - if sess == nil || conn == nil { - return - } - - sess.connMu.Lock() - current := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sessionID := sess.sessionID - if current == nil || current != conn { - sess.connMu.Unlock() - return - } - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sess.connMu.Unlock() - - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func (e *CodexWebsocketsExecutor) CloseExecutionSession(sessionID string) { - sessionID = strings.TrimSpace(sessionID) - if e == nil { - return - } - if sessionID == "" { - return - } - if sessionID == cliproxyauth.CloseAllExecutionSessionsID { - e.closeAllExecutionSessions("executor_replaced") - return - } - - e.sessMu.Lock() - sess := e.sessions[sessionID] - delete(e.sessions, sessionID) - e.sessMu.Unlock() - - e.closeExecutionSession(sess, "session_closed") -} - -func (e *CodexWebsocketsExecutor) closeAllExecutionSessions(reason string) { - if e == nil { - return - } - - e.sessMu.Lock() - sessions := make([]*codexWebsocketSession, 0, len(e.sessions)) - for sessionID, sess := range e.sessions { - delete(e.sessions, sessionID) - if sess != nil { - sessions = append(sessions, sess) - } - } - e.sessMu.Unlock() - - for i := range sessions { - e.closeExecutionSession(sessions[i], reason) - } -} - -func (e *CodexWebsocketsExecutor) closeExecutionSession(sess *codexWebsocketSession, reason string) { - if sess == nil { - return - } - reason = strings.TrimSpace(reason) - if reason == "" { - reason = "session_closed" - } - - sess.connMu.Lock() - conn := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sessionID := sess.sessionID - sess.connMu.Unlock() - - if conn == nil { - return - } - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, nil) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func logCodexWebsocketConnected(sessionID string, authID string, wsURL string) { - log.Infof("codex websockets: upstream connected session=%s auth=%s url=%s", strings.TrimSpace(sessionID), sanitizeCodexWebsocketLogField(authID), sanitizeCodexWebsocketLogURL(wsURL)) -} - -func logCodexWebsocketDisconnected(sessionID string, authID string, wsURL string, reason string, err error) { - if err != nil { - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s err=%v", strings.TrimSpace(sessionID), sanitizeCodexWebsocketLogField(authID), sanitizeCodexWebsocketLogURL(wsURL), strings.TrimSpace(reason), err) - return - } - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s", strings.TrimSpace(sessionID), sanitizeCodexWebsocketLogField(authID), sanitizeCodexWebsocketLogURL(wsURL), strings.TrimSpace(reason)) -} - -func sanitizeCodexWebsocketLogField(raw string) string { - return util.HideAPIKey(strings.TrimSpace(raw)) -} - -func sanitizeCodexWebsocketLogURL(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil || !parsed.IsAbs() { - return util.HideAPIKey(trimmed) - } - parsed.User = nil - parsed.Fragment = "" - parsed.RawQuery = util.MaskSensitiveQuery(parsed.RawQuery) - return parsed.String() -} - -// CodexAutoExecutor routes Codex requests to the websocket transport only when: -// 1. The downstream transport is websocket, and -// 2. The selected auth enables websockets. -// -// For non-websocket downstream requests, it always uses the legacy HTTP implementation. -type CodexAutoExecutor struct { - httpExec *CodexExecutor - wsExec *CodexWebsocketsExecutor -} - -func NewCodexAutoExecutor(cfg *config.Config) *CodexAutoExecutor { - return &CodexAutoExecutor{ - httpExec: NewCodexExecutor(cfg), - wsExec: NewCodexWebsocketsExecutor(cfg), - } -} - -func (e *CodexAutoExecutor) Identifier() string { return "codex" } - -func (e *CodexAutoExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if e == nil || e.httpExec == nil { - return nil - } - return e.httpExec.PrepareRequest(req, auth) -} - -func (e *CodexAutoExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.HttpRequest(ctx, auth, req) -} - -func (e *CodexAutoExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.Execute(ctx, auth, req, opts) - } - return e.httpExec.Execute(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return nil, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.ExecuteStream(ctx, auth, req, opts) - } - return e.httpExec.ExecuteStream(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.Refresh(ctx, auth) -} - -func (e *CodexAutoExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.CountTokens(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) CloseExecutionSession(sessionID string) { - if e == nil || e.wsExec == nil { - return - } - e.wsExec.CloseExecutionSession(sessionID) -} - -func codexWebsocketsEnabled(auth *cliproxyauth.Auth) bool { - if auth == nil { - return false - } - if len(auth.Attributes) > 0 { - if raw := strings.TrimSpace(auth.Attributes["websockets"]); raw != "" { - parsed, errParse := strconv.ParseBool(raw) - if errParse == nil { - return parsed - } - } - } - if len(auth.Metadata) == 0 { - return false - } - raw, ok := auth.Metadata["websockets"] - if !ok || raw == nil { - return false - } - switch v := raw.(type) { - case bool: - return v - case string: - parsed, errParse := strconv.ParseBool(strings.TrimSpace(v)) - if errParse == nil { - return parsed - } - default: - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_backpressure_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_backpressure_test.go deleted file mode 100644 index 70dcdd5fe7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_backpressure_test.go +++ /dev/null @@ -1,39 +0,0 @@ -package executor - -import ( - "context" - "errors" - "testing" -) - -func TestEnqueueCodexWebsocketReadPrioritizesErrorUnderBackpressure(t *testing.T) { - ch := make(chan codexWebsocketRead, 1) - ch <- codexWebsocketRead{msgType: 1, payload: []byte("stale")} - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - wantErr := errors.New("upstream disconnected") - enqueueCodexWebsocketRead(ch, ctx.Done(), codexWebsocketRead{err: wantErr}) - - got := <-ch - if !errors.Is(got.err, wantErr) { - t.Fatalf("expected buffered error to be preserved, got err=%v payload=%q", got.err, string(got.payload)) - } -} - -func TestEnqueueCodexWebsocketReadDoneClosedSkipsEnqueue(t *testing.T) { - ch := make(chan codexWebsocketRead, 1) - stale := codexWebsocketRead{msgType: 1, payload: []byte("stale")} - ch <- stale - - ctx, cancel := context.WithCancel(context.Background()) - cancel() - - enqueueCodexWebsocketRead(ch, ctx.Done(), codexWebsocketRead{err: errors.New("should not enqueue")}) - - got := <-ch - if string(got.payload) != string(stale.payload) || got.msgType != stale.msgType || got.err != nil { - t.Fatalf("expected channel state unchanged when done closed, got %+v", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_headers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_headers_test.go deleted file mode 100644 index fa6ac332e8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_headers_test.go +++ /dev/null @@ -1,65 +0,0 @@ -package executor - -import ( - "context" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/gin-gonic/gin" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestApplyCodexWebsocketHeaders_IncludesResponsesWebsocketsBetaByDefault(t *testing.T) { - got := applyCodexWebsocketHeaders(context.Background(), nil, nil, "tok") - if got.Get("OpenAI-Beta") != codexResponsesWebsocketBetaHeaderValue { - t.Fatalf("expected OpenAI-Beta %q, got %q", codexResponsesWebsocketBetaHeaderValue, got.Get("OpenAI-Beta")) - } - if got.Get("Authorization") != "Bearer tok" { - t.Fatalf("expected Authorization to be set, got %q", got.Get("Authorization")) - } -} - -func TestApplyCodexWebsocketHeaders_PreservesExplicitResponsesWebsocketsBeta(t *testing.T) { - input := http.Header{} - input.Set("OpenAI-Beta", "responses_websockets=2025-12-34,custom-beta") - got := applyCodexWebsocketHeaders(context.Background(), input, nil, "tok") - if got.Get("OpenAI-Beta") != "responses_websockets=2025-12-34,custom-beta" { - t.Fatalf("unexpected OpenAI-Beta: %q", got.Get("OpenAI-Beta")) - } -} - -func TestApplyCodexWebsocketHeaders_ReplacesNonWebsocketBetaValue(t *testing.T) { - input := http.Header{} - input.Set("OpenAI-Beta", "foo=bar") - got := applyCodexWebsocketHeaders(context.Background(), input, nil, "tok") - if got.Get("OpenAI-Beta") != codexResponsesWebsocketBetaHeaderValue { - t.Fatalf("expected fallback OpenAI-Beta %q, got %q", codexResponsesWebsocketBetaHeaderValue, got.Get("OpenAI-Beta")) - } -} - -func TestApplyCodexWebsocketHeaders_UsesGinOpenAIBeta(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - ginCtx.Request, _ = http.NewRequest(http.MethodPost, "http://127.0.0.1/v1/responses", strings.NewReader("{}")) - ginCtx.Request.Header.Set("OpenAI-Beta", "responses_websockets=2030-01-01") - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - got := applyCodexWebsocketHeaders(ctx, nil, nil, "tok") - if got.Get("OpenAI-Beta") != "responses_websockets=2030-01-01" { - t.Fatalf("unexpected OpenAI-Beta from gin headers: %q", got.Get("OpenAI-Beta")) - } -} - -func TestApplyCodexWebsocketHeaders_UsesAPICredentialsForOriginatorBehavior(t *testing.T) { - got := applyCodexWebsocketHeaders(context.Background(), nil, nil, "tok") - if got.Get("Originator") != "codex_cli_rs" { - t.Fatalf("expected originator for token-based auth, got %q", got.Get("Originator")) - } - - withAPIKey := &cliproxyauth.Auth{Attributes: map[string]string{"api_key": "api-key"}} - got = applyCodexWebsocketHeaders(context.Background(), nil, withAPIKey, "tok") - if got.Get("Originator") != "" { - t.Fatalf("expected no originator when API key auth is present, got %q", got.Get("Originator")) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_logging_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_logging_test.go deleted file mode 100644 index 6fc69acef1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/codex_websockets_executor_logging_test.go +++ /dev/null @@ -1,28 +0,0 @@ -package executor - -import ( - "strings" - "testing" -) - -func TestSanitizeCodexWebsocketLogURLMasksQueryAndUserInfo(t *testing.T) { - raw := "wss://user:secret@example.com/v1/realtime?api_key=verysecret&token=abc123&foo=bar#frag" - got := sanitizeCodexWebsocketLogURL(raw) - - if strings.Contains(got, "secret") || strings.Contains(got, "abc123") || strings.Contains(got, "verysecret") { - t.Fatalf("expected sensitive values to be masked, got %q", got) - } - if strings.Contains(got, "user:") { - t.Fatalf("expected userinfo to be removed, got %q", got) - } - if strings.Contains(got, "#frag") { - t.Fatalf("expected fragment to be removed, got %q", got) - } -} - -func TestSanitizeCodexWebsocketLogFieldMasksTokenLikeValue(t *testing.T) { - got := sanitizeCodexWebsocketLogField(" sk-super-secret-token ") - if got == "sk-super-secret-token" { - t.Fatalf("expected auth field to be masked, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor.go deleted file mode 100644 index eac2991a96..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor.go +++ /dev/null @@ -1,976 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Gemini CLI executor that talks to Cloud Code Assist endpoints -// using OAuth credentials from auth metadata. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "math/rand" - "net/http" - "regexp" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/geminicli" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - codeAssistEndpoint = "https://cloudcode-pa.googleapis.com" - codeAssistVersion = "v1internal" - geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - geminiOAuthClientSecret = "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" -) - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// GeminiCLIExecutor talks to the Cloud Code Assist endpoint using OAuth credentials from auth metadata. -type GeminiCLIExecutor struct { - cfg *config.Config -} - -// NewGeminiCLIExecutor creates a new Gemini CLI executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiCLIExecutor: A new Gemini CLI executor instance -func NewGeminiCLIExecutor(cfg *config.Config) *GeminiCLIExecutor { - return &GeminiCLIExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiCLIExecutor) Identifier() string { return "gemini-cli" } - -// PrepareRequest injects Gemini CLI credentials into the outgoing HTTP request. -func (e *GeminiCLIExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - tokenSource, _, errSource := prepareGeminiCLITokenSource(req.Context(), e.cfg, auth) - if errSource != nil { - return errSource - } - tok, errTok := tokenSource.Token() - if errTok != nil { - return errTok - } - if strings.TrimSpace(tok.AccessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(req) - return nil -} - -// HttpRequest injects Gemini CLI credentials into the request and executes it. -func (e *GeminiCLIExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini-cli executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return resp, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - requestSuffix := thinking.ParseSuffix(req.Model) - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - projectID := resolveGeminiProjectID(auth) - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload, err = applyGeminiThinkingForAttempt(payload, requestSuffix, attemptModel, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - if action == "countTokens" { - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - } else { - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - } - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return resp, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", resolveOAuthBaseURL(e.cfg, e.Identifier(), codeAssistEndpoint, auth), codeAssistVersion, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return resp, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return resp, err - } - - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(respCtx, to, from, attemptModel, opts.OriginalRequest, payload, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debug("gemini cli executor: rate limited, retrying with next model") - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - - err = newGeminiStatusErr(httpResp.StatusCode, data) - return resp, err - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return resp, err -} - -// ExecuteStream performs a streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return nil, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestSuffix := thinking.ParseSuffix(req.Model) - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - projectID := resolveGeminiProjectID(auth) - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload, err = applyGeminiThinkingForAttempt(payload, requestSuffix, attemptModel, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return nil, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", resolveOAuthBaseURL(e.cfg, e.Identifier(), codeAssistEndpoint, auth), codeAssistVersion, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return nil, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "text/event-stream") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debug("gemini cli executor: rate limited, retrying with next model") - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - // Retry 502/503/504 (high demand, transient) on same model with backoff - if (httpResp.StatusCode == 502 || httpResp.StatusCode == 503 || httpResp.StatusCode == 504) && idx == 0 { - const maxRetries = 5 - for attempt := 0; attempt < maxRetries; attempt++ { - backoff := time.Duration(1+attempt*2) * time.Second - if jitter := time.Duration(rand.Intn(500)) * time.Millisecond; jitter > 0 { - backoff += jitter - } - log.Warnf("gemini cli executor: attempt %d/%d got %d (high demand/transient), retrying in %v", attempt+1, maxRetries, httpResp.StatusCode, backoff) - select { - case <-ctx.Done(): - err = ctx.Err() - return nil, err - case <-time.After(backoff): - } - reqHTTP, _ = http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "text/event-stream") - httpResp, errDo = httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - goto streamBlock - } - data, _ = io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - if httpResp.StatusCode != 502 && httpResp.StatusCode != 503 && httpResp.StatusCode != 504 { - err = newGeminiStatusErr(httpResp.StatusCode, data) - return nil, err - } - } - err = newGeminiStatusErr(lastStatus, lastBody) - return nil, err - } - err = newGeminiStatusErr(httpResp.StatusCode, data) - return nil, err - } - - streamBlock: - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response, reqBody []byte, attemptModel string) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - }() - if opts.Alt == "" { - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiCLIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if bytes.HasPrefix(line, dataTag) { - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, bytes.Clone(line), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - } - } - - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - data, errRead := io.ReadAll(resp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errRead} - return - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, data, ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - - segments = sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - }(httpResp, append([]byte(nil), payload...), attemptModel) - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return nil, err -} - -// CountTokens counts tokens for the given request using the Gemini CLI API. -func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - requestSuffix := thinking.ParseSuffix(req.Model) - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - - for _, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload, err = applyGeminiThinkingForAttempt(payload, requestSuffix, attemptModel, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - payload = fixGeminiCLIImageAspectRatio(baseModel, payload) - - tok, errTok := tokenSource.Token() - if errTok != nil { - return cliproxyexecutor.Response{}, errTok - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", resolveOAuthBaseURL(e.cfg, e.Identifier(), codeAssistEndpoint, auth), codeAssistVersion, "countTokens") - if opts.Alt != "" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - resp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - data, errRead := io.ReadAll(resp.Body) - _ = resp.Body.Close() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode >= 200 && resp.StatusCode < 300 { - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil - } - lastStatus = resp.StatusCode - lastBody = append([]byte(nil), data...) - if resp.StatusCode == 429 { - log.Debugf("gemini cli executor: rate limited, retrying with next model") - continue - } - break - } - - if lastStatus == 0 { - lastStatus = 429 - } - return cliproxyexecutor.Response{}, newGeminiStatusErr(lastStatus, lastBody) -} - -// Refresh refreshes the authentication credentials (no-op for Gemini CLI). -func (e *GeminiCLIExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func prepareGeminiCLITokenSource(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth) (oauth2.TokenSource, map[string]any, error) { - metadata := geminiOAuthMetadata(auth) - if auth == nil || metadata == nil { - return nil, nil, fmt.Errorf("gemini-cli auth metadata missing") - } - - var base map[string]any - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } else { - base = make(map[string]any) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, err := json.Marshal(base); err == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, err := time.Parse(time.RFC3339, expiry); err == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - } - - src := conf.TokenSource(ctxToken, &token) - currentToken, err := src.Token() - if err != nil { - return nil, nil, err - } - updateGeminiCLITokenMetadata(auth, base, currentToken) - return oauth2.ReuseTokenSource(currentToken, src), base, nil -} - -func updateGeminiCLITokenMetadata(auth *cliproxyauth.Auth, base map[string]any, tok *oauth2.Token) { - if auth == nil || tok == nil { - return - } - merged := buildGeminiTokenMap(base, tok) - fields := buildGeminiTokenFields(tok, merged) - shared := geminicli.ResolveSharedCredential(auth.Runtime) - if shared != nil { - snapshot := shared.MergeMetadata(fields) - if !geminicli.IsVirtual(auth.Runtime) { - auth.Metadata = snapshot - } - return - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } -} - -func buildGeminiTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if raw, err := json.Marshal(tok); err == nil { - var tokenMap map[string]any - if err = json.Unmarshal(raw, &tokenMap); err == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildGeminiTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func resolveGeminiProjectID(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if runtime := auth.Runtime; runtime != nil { - if virtual, ok := runtime.(*geminicli.VirtualCredential); ok && virtual != nil { - return strings.TrimSpace(virtual.ProjectID) - } - } - return strings.TrimSpace(stringValue(auth.Metadata, "project_id")) -} - -func geminiOAuthMetadata(auth *cliproxyauth.Auth) map[string]any { - if auth == nil { - return nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if snapshot := shared.MetadataSnapshot(); len(snapshot) > 0 { - return snapshot - } - } - return auth.Metadata -} - -func newHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) -} - -func cloneMap(in map[string]any) map[string]any { - if in == nil { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func stringValue(m map[string]any, key string) string { - if m == nil { - return "" - } - if v, ok := m[key]; ok { - switch typed := v.(type) { - case string: - return typed - case fmt.Stringer: - return typed.String() - } - } - return "" -} - -// applyGeminiCLIHeaders sets required headers for the Gemini CLI upstream. -func applyGeminiCLIHeaders(r *http.Request) { - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", "google-api-nodejs-client/9.15.1") - misc.EnsureHeader(r.Header, ginHeaders, "X-Goog-Api-Client", "gl-node/22.17.0") - misc.EnsureHeader(r.Header, ginHeaders, "Client-Metadata", geminiCLIClientMetadata()) -} - -// geminiCLIClientMetadata returns a compact metadata string required by upstream. -func geminiCLIClientMetadata() string { - // Keep parity with CLI client defaults - return "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -} - -// normalizeGeminiCLIModel normalizes Gemini CLI model names. -// Maps gemini-3.* versions to their gemini-2.5-* equivalents. -func normalizeGeminiCLIModel(model string) string { - switch model { - case "gemini-3-pro", "gemini-3.1-pro": - return "gemini-2.5-pro" - case "gemini-3-flash", "gemini-3.1-flash": - return "gemini-2.5-flash" - default: - return model - } -} - -// cliPreviewFallbackOrder returns preview model candidates for a base model. -func cliPreviewFallbackOrder(model string) []string { - switch model { - case "gemini-2.5-pro": - return []string{ - // "gemini-2.5-pro-preview-05-06", - // "gemini-2.5-pro-preview-06-05", - } - case "gemini-2.5-flash": - return []string{ - // "gemini-2.5-flash-preview-04-17", - // "gemini-2.5-flash-preview-05-20", - } - case "gemini-2.5-flash-lite": - return []string{ - // "gemini-2.5-flash-lite-preview-06-17", - } - default: - return nil - } -} - -// setJSONField sets a top-level JSON field on a byte slice payload via sjson. -func setJSONField(body []byte, key, value string) []byte { - if key == "" { - return body - } - updated, err := sjson.SetBytes(body, key, value) - if err != nil { - return body - } - return updated -} - -// deleteJSONField removes a top-level key if present (best-effort) via sjson. -func deleteJSONField(body []byte, key string) []byte { - if key == "" || len(body) == 0 { - return body - } - updated, err := sjson.DeleteBytes(body, key) - if err != nil { - return body - } - return updated -} - -func fixGeminiCLIImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "request.generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "request.contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "request.generationConfig.imageConfig") - } - } - return rawJSON -} - -func newGeminiStatusErr(statusCode int, body []byte) statusErr { - err := statusErr{code: statusCode, msg: string(body)} - if statusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(body); parseErr == nil && retryAfter != nil { - err.retryAfter = retryAfter - } - } - return err -} - -func applyGeminiThinkingForAttempt(body []byte, requestSuffix thinking.SuffixResult, attemptModel, fromFormat, toFormat, provider string) ([]byte, error) { - modelWithSuffix := attemptModel - if requestSuffix.HasSuffix { - modelWithSuffix = attemptModel + "(" + requestSuffix.RawSuffix + ")" - } - - return thinking.ApplyThinking(body, modelWithSuffix, fromFormat, toFormat, provider) -} - -// parseRetryDelay extracts the retry delay from a Google API 429 error response. -// The error response contains a RetryInfo.retryDelay field in the format "0.847655010s". -// Returns the parsed duration or an error if it cannot be determined. -func parseRetryDelay(errorBody []byte) (*time.Duration, error) { - // Try to parse the retryDelay from the error response - // Format: error.details[].retryDelay where @type == "type.googleapis.com/google.rpc.RetryInfo" - details := gjson.GetBytes(errorBody, "error.details") - if details.Exists() && details.IsArray() { - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.RetryInfo" { - retryDelay := detail.Get("retryDelay").String() - if retryDelay != "" { - // Parse duration string like "0.847655010s" - duration, err := time.ParseDuration(retryDelay) - if err != nil { - return nil, fmt.Errorf("failed to parse duration") - } - return &duration, nil - } - } - } - - // Fallback: try ErrorInfo.metadata.quotaResetDelay (e.g., "373.801628ms") - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.ErrorInfo" { - quotaResetDelay := detail.Get("metadata.quotaResetDelay").String() - if quotaResetDelay != "" { - duration, err := time.ParseDuration(quotaResetDelay) - if err == nil { - return &duration, nil - } - } - } - } - } - - // Fallback: parse from error.message (supports units like ms/s/m/h with optional decimals) - message := gjson.GetBytes(errorBody, "error.message").String() - if message != "" { - re := regexp.MustCompile(`after\s+([0-9]+(?:\.[0-9]+)?(?:ms|s|m|h))\.?`) - if matches := re.FindStringSubmatch(message); len(matches) > 1 { - duration, err := time.ParseDuration(matches[1]) - if err == nil { - return &duration, nil - } - } - } - - return nil, fmt.Errorf("no RetryInfo found") -} - -func (e *GeminiCLIExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor_model_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor_model_test.go deleted file mode 100644 index 59ffb3d824..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor_model_test.go +++ /dev/null @@ -1,29 +0,0 @@ -package executor - -import "testing" - -func TestNormalizeGeminiCLIModel(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - model string - want string - }{ - {name: "gemini3 pro alias maps to 2_5_pro", model: "gemini-3-pro", want: "gemini-2.5-pro"}, - {name: "gemini3 flash alias maps to 2_5_flash", model: "gemini-3-flash", want: "gemini-2.5-flash"}, - {name: "gemini31 pro alias maps to 2_5_pro", model: "gemini-3.1-pro", want: "gemini-2.5-pro"}, - {name: "non gemini3 model unchanged", model: "gemini-2.5-pro", want: "gemini-2.5-pro"}, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - got := normalizeGeminiCLIModel(tt.model) - if got != tt.want { - t.Fatalf("normalizeGeminiCLIModel(%q)=%q, want %q", tt.model, got, tt.want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor_retry_delay_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor_retry_delay_test.go deleted file mode 100644 index f26c5a95e1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_cli_executor_retry_delay_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package executor - -import ( - "testing" - "time" -) - -func TestParseRetryDelay_MessageDuration(t *testing.T) { - t.Parallel() - - body := []byte(`{"error":{"message":"Quota exceeded. Your quota will reset after 1.5s."}}`) - got, err := parseRetryDelay(body) - if err != nil { - t.Fatalf("parseRetryDelay returned error: %v", err) - } - if got == nil { - t.Fatal("parseRetryDelay returned nil duration") - } - if *got != 1500*time.Millisecond { - t.Fatalf("parseRetryDelay = %v, want %v", *got, 1500*time.Millisecond) - } -} - -func TestParseRetryDelay_MessageMilliseconds(t *testing.T) { - t.Parallel() - - body := []byte(`{"error":{"message":"Please retry after 250ms."}}`) - got, err := parseRetryDelay(body) - if err != nil { - t.Fatalf("parseRetryDelay returned error: %v", err) - } - if got == nil { - t.Fatal("parseRetryDelay returned nil duration") - } - if *got != 250*time.Millisecond { - t.Fatalf("parseRetryDelay = %v, want %v", *got, 250*time.Millisecond) - } -} - -func TestParseRetryDelay_PrefersRetryInfo(t *testing.T) { - t.Parallel() - - body := []byte(`{"error":{"message":"Your quota will reset after 99s.","details":[{"@type":"type.googleapis.com/google.rpc.RetryInfo","retryDelay":"2s"}]}}`) - got, err := parseRetryDelay(body) - if err != nil { - t.Fatalf("parseRetryDelay returned error: %v", err) - } - if got == nil { - t.Fatal("parseRetryDelay returned nil duration") - } - if *got != 2*time.Second { - t.Fatalf("parseRetryDelay = %v, want %v", *got, 2*time.Second) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_executor.go deleted file mode 100644 index 4a5f2b7ed4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_executor.go +++ /dev/null @@ -1,549 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// It includes stateless executors that handle API requests, streaming responses, -// token counting, and authentication refresh for different AI service providers. -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "math/rand" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - // glEndpoint is the base URL for the Google Generative Language API. - glEndpoint = "https://generativelanguage.googleapis.com" - - // glAPIVersion is the API version used for Gemini requests. - glAPIVersion = "v1beta" - - // streamScannerBuffer is the buffer size for SSE stream scanning. - streamScannerBuffer = 52_428_800 -) - -// GeminiExecutor is a stateless executor for the official Gemini API using API keys. -// It handles both API key and OAuth bearer token authentication, supporting both -// regular and streaming requests to the Google Generative Language API. -type GeminiExecutor struct { - // cfg holds the application configuration. - cfg *config.Config -} - -// NewGeminiExecutor creates a new Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiExecutor: A new Gemini executor instance -func NewGeminiExecutor(cfg *config.Config) *GeminiExecutor { - return &GeminiExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiExecutor) Identifier() string { return "gemini" } - -// PrepareRequest injects Gemini credentials into the outgoing HTTP request. -func (e *GeminiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, bearer := geminiCreds(auth) - if apiKey != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - } else if bearer != "" { - req.Header.Set("Authorization", "Bearer "+bearer) - req.Header.Del("x-goog-api-key") - } - applyGeminiHeaders(req, auth) - return nil -} - -// HttpRequest injects Gemini credentials into the request and executes it. -func (e *GeminiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini API. -// It translates the request to Gemini format, sends it to the API, and translates -// the response back to the requested format. -// -// Parameters: -// - ctx: The context for the request -// - auth: The authentication information -// - req: The request to execute -// - opts: Additional execution options -// -// Returns: -// - cliproxyexecutor.Response: The response from the API -// - error: An error if the request fails -func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - // Official Gemini API via API key or OAuth bearer - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else if bearer != "" { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the Gemini API. -func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - const maxRetries = 5 - retryableStatus := map[int]bool{429: true, 502: true, 503: true, 504: true} - var httpResp *http.Response - for attempt := 0; attempt <= maxRetries; attempt++ { - reqForAttempt, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errReq != nil { - return nil, errReq - } - reqForAttempt.Header = httpReq.Header.Clone() - httpResp, err = httpClient.Do(reqForAttempt) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if attempt < maxRetries { - backoff := time.Duration(1+attempt*2) * time.Second - if jitter := time.Duration(rand.Intn(500)) * time.Millisecond; jitter > 0 { - backoff += jitter - } - log.Warnf("gemini executor: attempt %d/%d failed (connection error), retrying in %v: %v", attempt+1, maxRetries+1, backoff, err) - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(backoff): - } - continue - } - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - break - } - b, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if !retryableStatus[httpResp.StatusCode] || attempt >= maxRetries { - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - backoff := time.Duration(1+attempt*2) * time.Second - if jitter := time.Duration(rand.Intn(500)) * time.Millisecond; jitter > 0 { - backoff += jitter - } - log.Warnf("gemini executor: attempt %d/%d got %d (high demand/transient), retrying in %v", attempt+1, maxRetries+1, httpResp.StatusCode, backoff) - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(backoff): - } - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - filtered := FilterSSEUsageMetadata(line) - payload := jsonPayload(filtered) - if len(payload) == 0 { - continue - } - if detail, ok := parseGeminiStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(payload), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the Gemini API. -func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "countTokens") - - requestBody := bytes.NewReader(translatedReq) - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, requestBody) - if err != nil { - return cliproxyexecutor.Response{}, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - defer func() { _ = resp.Body.Close() }() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - - data, err := io.ReadAll(resp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", resp.StatusCode, summarizeErrorBody(resp.Header.Get("Content-Type"), data)) - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(data)} - } - - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil -} - -// Refresh refreshes the authentication credentials (no-op for Gemini API key). -func (e *GeminiExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func geminiCreds(a *cliproxyauth.Auth) (apiKey, bearer string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - apiKey = v - } - } - if a.Metadata != nil { - // GeminiTokenStorage.Token is a map that may contain access_token - if v, ok := a.Metadata["access_token"].(string); ok && v != "" { - bearer = v - } - if token, ok := a.Metadata["token"].(map[string]any); ok && token != nil { - if v, ok2 := token["access_token"].(string); ok2 && v != "" { - bearer = v - } - } - } - return -} - -func resolveGeminiBaseURL(auth *cliproxyauth.Auth) string { - base := glEndpoint - if auth != nil && auth.Attributes != nil { - if custom := strings.TrimSpace(auth.Attributes["base_url"]); custom != "" { - base = strings.TrimRight(custom, "/") - } - } - if base == "" { - return glEndpoint - } - return base -} - -func applyGeminiHeaders(req *http.Request, auth *cliproxyauth.Auth) { - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) -} - -func fixGeminiImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "generationConfig.imageConfig") - } - } - return rawJSON -} - -func (e *GeminiExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_vertex_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_vertex_executor.go deleted file mode 100644 index add0f4578b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/gemini_vertex_executor.go +++ /dev/null @@ -1,1030 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Vertex AI Gemini executor that talks to Google Vertex AI -// endpoints using service account credentials or API keys. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - vertexauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/vertex" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - // vertexAPIVersion aligns with current public Vertex Generative AI API. - vertexAPIVersion = "v1" -) - -// isImagenModel checks if the model name is an Imagen image generation model. -// Imagen models use the :predict action instead of :generateContent. -func isImagenModel(model string) bool { - lowerModel := strings.ToLower(model) - return strings.Contains(lowerModel, "imagen") -} - -// getVertexAction returns the appropriate action for the given model. -// Imagen models use "predict", while Gemini models use "generateContent". -func getVertexAction(model string, isStream bool) string { - if isImagenModel(model) { - return "predict" - } - if isStream { - return "streamGenerateContent" - } - return "generateContent" -} - -// convertImagenToGeminiResponse converts Imagen API response to Gemini format -// so it can be processed by the standard translation pipeline. -// This ensures Imagen models return responses in the same format as gemini-3-pro-image-preview. -func convertImagenToGeminiResponse(data []byte, model string) []byte { - predictions := gjson.GetBytes(data, "predictions") - if !predictions.Exists() || !predictions.IsArray() { - return data - } - - // Build Gemini-compatible response with inlineData - parts := make([]map[string]any, 0) - for _, pred := range predictions.Array() { - imageData := pred.Get("bytesBase64Encoded").String() - mimeType := pred.Get("mimeType").String() - if mimeType == "" { - mimeType = "image/png" - } - if imageData != "" { - parts = append(parts, map[string]any{ - "inlineData": map[string]any{ - "mimeType": mimeType, - "data": imageData, - }, - }) - } - } - - // Generate unique response ID using timestamp - responseId := fmt.Sprintf("imagen-%d", time.Now().UnixNano()) - - response := map[string]any{ - "candidates": []map[string]any{{ - "content": map[string]any{ - "parts": parts, - "role": "model", - }, - "finishReason": "STOP", - }}, - "responseId": responseId, - "modelVersion": model, - // Imagen API doesn't return token counts, set to 0 for tracking purposes - "usageMetadata": map[string]any{ - "promptTokenCount": 0, - "candidatesTokenCount": 0, - "totalTokenCount": 0, - }, - } - - result, err := json.Marshal(response) - if err != nil { - return data - } - return result -} - -// convertToImagenRequest converts a Gemini-style request to Imagen API format. -// Imagen API uses a different structure: instances[].prompt instead of contents[]. -func convertToImagenRequest(payload []byte) ([]byte, error) { - // Extract prompt from Gemini-style contents - prompt := "" - - // Try to get prompt from contents[0].parts[0].text - contentsText := gjson.GetBytes(payload, "contents.0.parts.0.text") - if contentsText.Exists() { - prompt = contentsText.String() - } - - // If no contents, try messages format (OpenAI-compatible) - if prompt == "" { - messagesText := gjson.GetBytes(payload, "messages.#.content") - if messagesText.Exists() && messagesText.IsArray() { - for _, msg := range messagesText.Array() { - if msg.String() != "" { - prompt = msg.String() - break - } - } - } - } - - // If still no prompt, try direct prompt field - if prompt == "" { - directPrompt := gjson.GetBytes(payload, "prompt") - if directPrompt.Exists() { - prompt = directPrompt.String() - } - } - - if prompt == "" { - return nil, fmt.Errorf("imagen: no prompt found in request") - } - - // Build Imagen API request - imagenReq := map[string]any{ - "instances": []map[string]any{ - { - "prompt": prompt, - }, - }, - "parameters": map[string]any{ - "sampleCount": 1, - }, - } - - // Extract optional parameters - if aspectRatio := gjson.GetBytes(payload, "aspectRatio"); aspectRatio.Exists() { - imagenReq["parameters"].(map[string]any)["aspectRatio"] = aspectRatio.String() - } - if sampleCount := gjson.GetBytes(payload, "sampleCount"); sampleCount.Exists() { - imagenReq["parameters"].(map[string]any)["sampleCount"] = int(sampleCount.Int()) - } - if negativePrompt := gjson.GetBytes(payload, "negativePrompt"); negativePrompt.Exists() { - imagenReq["instances"].([]map[string]any)[0]["negativePrompt"] = negativePrompt.String() - } - - return json.Marshal(imagenReq) -} - -// GeminiVertexExecutor sends requests to Vertex AI Gemini endpoints using service account credentials. -type GeminiVertexExecutor struct { - cfg *config.Config -} - -// NewGeminiVertexExecutor creates a new Vertex AI Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiVertexExecutor: A new Vertex AI Gemini executor instance -func NewGeminiVertexExecutor(cfg *config.Config) *GeminiVertexExecutor { - return &GeminiVertexExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiVertexExecutor) Identifier() string { return "vertex" } - -// PrepareRequest injects Vertex credentials into the outgoing HTTP request. -func (e *GeminiVertexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := vertexAPICreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - return nil - } - _, _, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return errCreds - } - token, errToken := vertexAccessToken(req.Context(), e.cfg, auth, saJSON) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Del("x-goog-api-key") - return nil -} - -// HttpRequest injects Vertex credentials into the request and executes it. -func (e *GeminiVertexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("vertex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return resp, errCreds - } - return e.executeWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// ExecuteStream performs a streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return nil, errCreds - } - return e.executeStreamWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeStreamWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// CountTokens counts tokens for the given request using the Vertex AI API. -func (e *GeminiVertexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return cliproxyexecutor.Response{}, errCreds - } - return e.countTokensWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.countTokensWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// Refresh refreshes the authentication credentials (no-op for Vertex). -func (e *GeminiVertexExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -// executeWithServiceAccount handles authentication using service account credentials. -// This method contains the original service account authentication logic. -func (e *GeminiVertexExecutor) executeWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - var body []byte - - // Handle Imagen models with special request format - if isImagenModel(baseModel) { - imagenBody, errImagen := convertToImagenRequest(req.Payload) - if errImagen != nil { - return resp, errImagen - } - body = imagenBody - } else { - // Standard Gemini translation flow - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body = sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - } - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return resp, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - - // For Imagen models, convert response to Gemini format before translation - // This ensures Imagen responses use the same format as gemini-3-pro-image-preview - if isImagenModel(baseModel) { - data = convertImagenToGeminiResponse(data, baseModel) - } - - // Standard Gemini translation (works for both Gemini and converted Imagen responses) - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeWithAPIKey handles authentication using API key credentials. -func (e *GeminiVertexExecutor) executeWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeStreamWithServiceAccount handles streaming authentication using service account credentials. -func (e *GeminiVertexExecutor) executeStreamWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return nil, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// executeStreamWithAPIKey handles streaming authentication using API key credentials. -func (e *GeminiVertexExecutor) executeStreamWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// countTokensWithServiceAccount counts tokens using service account credentials. -func (e *GeminiVertexExecutor) countTokensWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return cliproxyexecutor.Response{}, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// countTokensWithAPIKey handles token counting using API key credentials. -func (e *GeminiVertexExecutor) countTokensWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, interfaces.ContextKeyAlt, opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// vertexCreds extracts project, location and raw service account JSON from auth metadata. -func vertexCreds(a *cliproxyauth.Auth) (projectID, location string, serviceAccountJSON []byte, err error) { - if a == nil || a.Metadata == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing auth metadata") - } - if v, ok := a.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(v) - } - if projectID == "" { - // Some service accounts may use "project"; still prefer standard field - if v, ok := a.Metadata["project"].(string); ok { - projectID = strings.TrimSpace(v) - } - } - if projectID == "" { - return "", "", nil, fmt.Errorf("vertex executor: missing project_id in credentials") - } - if v, ok := a.Metadata["location"].(string); ok && strings.TrimSpace(v) != "" { - location = strings.TrimSpace(v) - } else { - location = "us-central1" - } - var sa map[string]any - if raw, ok := a.Metadata["service_account"].(map[string]any); ok { - sa = raw - } - if sa == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing service_account in credentials") - } - normalized, errNorm := vertexauth.NormalizeServiceAccountMap(sa) - if errNorm != nil { - return "", "", nil, fmt.Errorf("vertex executor: %w", errNorm) - } - saJSON, errMarshal := json.Marshal(normalized) - if errMarshal != nil { - return "", "", nil, fmt.Errorf("vertex executor: marshal service_account failed: %w", errMarshal) - } - return projectID, location, saJSON, nil -} - -// vertexAPICreds extracts API key and base URL from auth attributes following the claudeCreds pattern. -func vertexAPICreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func vertexBaseURL(location string) string { - loc := strings.TrimSpace(location) - switch loc { - case "": - loc = "us-central1" - case "global": - return "https://aiplatform.googleapis.com" - } - return fmt.Sprintf("https://%s-aiplatform.googleapis.com", loc) -} - -func vertexAccessToken(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, saJSON []byte) (string, error) { - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient) - } - // Use cloud-platform scope for Vertex AI. - creds, errCreds := google.CredentialsFromJSON(ctx, saJSON, "https://www.googleapis.com/auth/cloud-platform") - if errCreds != nil { - return "", fmt.Errorf("vertex executor: parse service account json failed: %w", errCreds) - } - tok, errTok := creds.TokenSource.Token() - if errTok != nil { - return "", fmt.Errorf("vertex executor: get access token failed: %w", errTok) - } - return tok.AccessToken, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/github_copilot_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/github_copilot_executor.go deleted file mode 100644 index 8a572cd109..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/github_copilot_executor.go +++ /dev/null @@ -1,1223 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "sync" - "time" - - "github.com/google/uuid" - copilotauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/copilot" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - githubCopilotBaseURL = "https://api.githubcopilot.com" - githubCopilotChatPath = "/chat/completions" - githubCopilotResponsesPath = "/responses" - githubCopilotAuthType = "github-copilot" - githubCopilotTokenCacheTTL = 25 * time.Minute - // tokenExpiryBuffer is the time before expiry when we should refresh the token. - tokenExpiryBuffer = 5 * time.Minute - // maxScannerBufferSize is the maximum buffer size for SSE scanning (20MB). - maxScannerBufferSize = 20_971_520 - - // Copilot API header values. - copilotUserAgent = "GitHubCopilotChat/0.35.0" - copilotEditorVersion = "vscode/1.107.0" - copilotPluginVersion = "copilot-chat/0.35.0" - copilotIntegrationID = "vscode-chat" - copilotOpenAIIntent = "conversation-panel" - copilotGitHubAPIVer = "2025-04-01" -) - -// GitHubCopilotExecutor handles requests to the GitHub Copilot API. -type GitHubCopilotExecutor struct { - cfg *config.Config - mu sync.RWMutex - cache map[string]*cachedAPIToken -} - -// cachedAPIToken stores a cached Copilot API token with its expiry. -type cachedAPIToken struct { - token string - apiEndpoint string - expiresAt time.Time -} - -// NewGitHubCopilotExecutor constructs a new executor instance. -func NewGitHubCopilotExecutor(cfg *config.Config) *GitHubCopilotExecutor { - return &GitHubCopilotExecutor{ - cfg: cfg, - cache: make(map[string]*cachedAPIToken), - } -} - -// Identifier implements ProviderExecutor. -func (e *GitHubCopilotExecutor) Identifier() string { return githubCopilotAuthType } - -// PrepareRequest implements ProviderExecutor. -func (e *GitHubCopilotExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - ctx := req.Context() - if ctx == nil { - ctx = context.Background() - } - apiToken, _, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return errToken - } - e.applyHeaders(req, apiToken, nil) - return nil -} - -// HttpRequest injects GitHub Copilot credentials into the request and executes it. -func (e *GitHubCopilotExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("github-copilot executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute handles non-streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return resp, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", false) - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - detail := parseOpenAIUsage(data) - if useResponses && detail.TotalTokens == 0 { - detail = parseOpenAIResponsesUsage(data) - } - if detail.TotalTokens > 0 { - reporter.publish(ctx, detail) - } - - var param any - converted := "" - if useResponses && from.String() == "claude" { - converted = translateGitHubCopilotResponsesNonStreamToClaude(data) - } else { - converted = sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, ¶m) - } - resp = cliproxyexecutor.Response{Payload: []byte(converted)} - reporter.ensurePublished(ctx) - return resp, nil -} - -// ExecuteStream handles streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return nil, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", true) - // Enable stream options for usage stats in stream - if !useResponses { - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - } - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, maxScannerBufferSize) - var param any - - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Parse SSE data - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if bytes.Equal(data, []byte("[DONE]")) { - continue - } - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } else if useResponses { - if detail, ok := parseOpenAIResponsesStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } - - var chunks []string - if useResponses && from.String() == "claude" { - chunks = translateGitHubCopilotResponsesStreamToClaude(bytes.Clone(line), ¶m) - } else { - chunks = sdktranslator.TranslateStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, bytes.Clone(line), ¶m) - } - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// CountTokens is not supported for GitHub Copilot. -func (e *GitHubCopilotExecutor) CountTokens(_ context.Context, _ *cliproxyauth.Auth, _ cliproxyexecutor.Request, _ cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusNotImplemented, msg: "count tokens not supported for github-copilot"} -} - -// Refresh validates the GitHub token is still working. -// GitHub OAuth tokens don't expire traditionally, so we just validate. -func (e *GitHubCopilotExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return auth, nil - } - - // Validate the token can still get a Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg, nil) - _, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("github-copilot token validation failed: %v", err)} - } - - return auth, nil -} - -// ensureAPIToken gets or refreshes the Copilot API token. -func (e *GitHubCopilotExecutor) ensureAPIToken(ctx context.Context, auth *cliproxyauth.Auth) (string, string, error) { - if auth == nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing github access token"} - } - - // Check for cached API token using thread-safe access - e.mu.RLock() - if cached, ok := e.cache[accessToken]; ok && cached.expiresAt.After(time.Now().Add(tokenExpiryBuffer)) { - e.mu.RUnlock() - return cached.token, cached.apiEndpoint, nil - } - e.mu.RUnlock() - - // Get a new Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg, nil) - apiToken, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("failed to get copilot api token: %v", err)} - } - - // Use endpoint from token response, fall back to default - apiEndpoint := githubCopilotBaseURL - if apiToken.Endpoints.API != "" { - apiEndpoint = strings.TrimRight(apiToken.Endpoints.API, "/") - } - apiEndpoint = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), apiEndpoint, authBaseURL(auth)) - - // Cache the token with thread-safe access - expiresAt := time.Now().Add(githubCopilotTokenCacheTTL) - if apiToken.ExpiresAt > 0 { - expiresAt = time.Unix(apiToken.ExpiresAt, 0) - } - e.mu.Lock() - e.cache[accessToken] = &cachedAPIToken{ - token: apiToken.Token, - apiEndpoint: apiEndpoint, - expiresAt: expiresAt, - } - e.mu.Unlock() - - return apiToken.Token, apiEndpoint, nil -} - -// applyHeaders sets the required headers for GitHub Copilot API requests. -func (e *GitHubCopilotExecutor) applyHeaders(r *http.Request, apiToken string, body []byte) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiToken) - r.Header.Set("Accept", "application/json") - r.Header.Set("User-Agent", copilotUserAgent) - r.Header.Set("Editor-Version", copilotEditorVersion) - r.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - r.Header.Set("Openai-Intent", copilotOpenAIIntent) - r.Header.Set("Copilot-Integration-Id", copilotIntegrationID) - r.Header.Set("X-Github-Api-Version", copilotGitHubAPIVer) - r.Header.Set("X-Request-Id", uuid.NewString()) - - initiator := "user" - if len(body) > 0 { - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - if role == "assistant" || role == "tool" { - initiator = "agent" - break - } - } - } - } - r.Header.Set("X-Initiator", initiator) -} - -// detectVisionContent checks if the request body contains vision/image content. -// Returns true if the request includes image_url or image type content blocks. -func detectVisionContent(body []byte) bool { - // Parse messages array - messagesResult := gjson.GetBytes(body, "messages") - if !messagesResult.Exists() || !messagesResult.IsArray() { - return false - } - - // Check each message for vision content - for _, message := range messagesResult.Array() { - content := message.Get("content") - - // If content is an array, check each content block - if content.IsArray() { - for _, block := range content.Array() { - blockType := block.Get("type").String() - // Check for image_url or image type - if blockType == "image_url" || blockType == "image" { - return true - } - } - } - } - - return false -} - -// normalizeModel strips the suffix (e.g. "(medium)") from the model name -// before sending to GitHub Copilot, as the upstream API does not accept -// suffixed model identifiers. -func (e *GitHubCopilotExecutor) normalizeModel(model string, body []byte) []byte { - baseModel := thinking.ParseSuffix(model).ModelName - if baseModel != model { - body, _ = sjson.SetBytes(body, "model", baseModel) - } - return body -} - -func useGitHubCopilotResponsesEndpoint(sourceFormat sdktranslator.Format, model string) bool { - if sourceFormat.String() == "openai-response" { - return true - } - baseModel := strings.ToLower(thinking.ParseSuffix(model).ModelName) - return strings.Contains(baseModel, "codex") -} - -// flattenAssistantContent converts assistant message content from array format -// to a joined string. GitHub Copilot requires assistant content as a string; -// sending it as an array causes Claude models to re-answer all previous prompts. -func flattenAssistantContent(body []byte) []byte { - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - result := body - for i, msg := range messages.Array() { - if msg.Get("role").String() != "assistant" { - continue - } - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - continue - } - // Skip flattening if the content contains non-text blocks (tool_use, thinking, etc.) - hasNonText := false - for _, part := range content.Array() { - if t := part.Get("type").String(); t != "" && t != "text" { - hasNonText = true - break - } - } - if hasNonText { - continue - } - var textParts []string - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - if t := part.Get("text").String(); t != "" { - textParts = append(textParts, t) - } - } - } - joined := strings.Join(textParts, "") - path := fmt.Sprintf("messages.%d.content", i) - result, _ = sjson.SetBytes(result, path, joined) - } - return result -} - -func normalizeGitHubCopilotChatTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - if tool.Get("type").String() != "function" { - continue - } - filtered, _ = sjson.SetRaw(filtered, "-1", tool.Raw) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -func normalizeGitHubCopilotResponsesInput(body []byte) []byte { - input := gjson.GetBytes(body, "input") - if input.Exists() { - // If input is already a string or array, keep it as-is. - if input.Type == gjson.String || input.IsArray() { - return body - } - // Non-string/non-array input: stringify as fallback. - body, _ = sjson.SetBytes(body, "input", input.Raw) - return body - } - - // Convert Claude messages format to OpenAI Responses API input array. - // This preserves the conversation structure (roles, tool calls, tool results) - // which is critical for multi-turn tool-use conversations. - inputArr := "[]" - - // System messages → developer role - if system := gjson.GetBytes(body, "system"); system.Exists() { - var systemParts []string - if system.IsArray() { - for _, part := range system.Array() { - if txt := part.Get("text").String(); txt != "" { - systemParts = append(systemParts, txt) - } - } - } else if system.Type == gjson.String { - systemParts = append(systemParts, system.String()) - } - if len(systemParts) > 0 { - msg := `{"type":"message","role":"developer","content":[]}` - for _, txt := range systemParts { - part := `{"type":"input_text","text":""}` - part, _ = sjson.Set(part, "text", txt) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", msg) - } - } - - // Messages → structured input items - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - content := msg.Get("content") - - if !content.Exists() { - continue - } - - // Simple string content - if content.Type == gjson.String { - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", content.String()) - item, _ = sjson.SetRaw(item, "content.-1", part) - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - continue - } - - if !content.IsArray() { - continue - } - - // Array content: split into message parts vs tool items - var msgParts []string - for _, c := range content.Array() { - cType := c.Get("type").String() - switch cType { - case "text": - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", c.Get("text").String()) - msgParts = append(msgParts, part) - case "image": - source := c.Get("source") - if source.Exists() { - data := source.Get("data").String() - if data == "" { - data = source.Get("base64").String() - } - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = source.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - if data != "" { - part := `{"type":"input_image","image_url":""}` - part, _ = sjson.Set(part, "image_url", fmt.Sprintf("data:%s;base64,%s", mediaType, data)) - msgParts = append(msgParts, part) - } - } - case "tool_use": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fc := `{"type":"function_call","call_id":"","name":"","arguments":""}` - fc, _ = sjson.Set(fc, "call_id", c.Get("id").String()) - fc, _ = sjson.Set(fc, "name", c.Get("name").String()) - if inputRaw := c.Get("input"); inputRaw.Exists() { - fc, _ = sjson.Set(fc, "arguments", inputRaw.Raw) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fc) - case "tool_result": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fco := `{"type":"function_call_output","call_id":"","output":""}` - fco, _ = sjson.Set(fco, "call_id", c.Get("tool_use_id").String()) - // Extract output text - resultContent := c.Get("content") - if resultContent.Type == gjson.String { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } else if resultContent.IsArray() { - var resultParts []string - for _, rc := range resultContent.Array() { - if txt := rc.Get("text").String(); txt != "" { - resultParts = append(resultParts, txt) - } - } - fco, _ = sjson.Set(fco, "output", strings.Join(resultParts, "\n")) - } else if resultContent.Exists() { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fco) - case "thinking": - // Skip thinking blocks - not part of the API input - } - } - - // Flush remaining message parts - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - } - } - } - - body, _ = sjson.SetRawBytes(body, "input", []byte(inputArr)) - // Remove messages/system since we've converted them to input - body, _ = sjson.DeleteBytes(body, "messages") - body, _ = sjson.DeleteBytes(body, "system") - return body -} - -func normalizeGitHubCopilotResponsesTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - toolType := tool.Get("type").String() - // Accept OpenAI format (type="function") and Claude format - // (no type field, but has top-level name + input_schema). - if toolType != "" && toolType != "function" { - continue - } - name := tool.Get("name").String() - if name == "" { - name = tool.Get("function.name").String() - } - if name == "" { - continue - } - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - if desc := tool.Get("description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } else if desc = tool.Get("function.description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } - if params := tool.Get("parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("function.parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("input_schema"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } - filtered, _ = sjson.SetRaw(filtered, "-1", normalized) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - default: - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body - } - } - if toolChoice.Type == gjson.JSON { - choiceType := toolChoice.Get("type").String() - if choiceType == "function" { - name := toolChoice.Get("name").String() - if name == "" { - name = toolChoice.Get("function.name").String() - } - if name != "" { - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - body, _ = sjson.SetRawBytes(body, "tool_choice", []byte(normalized)) - return body - } - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -type githubCopilotResponsesStreamToolState struct { - Index int - ID string - Name string - // HasReceivedArgumentsDelta tracks whether function_call_arguments.delta has been observed for this tool. - HasReceivedArgumentsDelta bool -} - -type githubCopilotResponsesStreamState struct { - MessageStarted bool - MessageStopSent bool - TextBlockStarted bool - TextBlockIndex int - NextContentIndex int - HasToolUse bool - ReasoningActive bool - ReasoningIndex int - OutputIndexToTool map[int]*githubCopilotResponsesStreamToolState - ItemIDToTool map[string]*githubCopilotResponsesStreamToolState -} - -func translateGitHubCopilotResponsesNonStreamToClaude(data []byte) string { - root := gjson.ParseBytes(data) - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("id").String()) - out, _ = sjson.Set(out, "model", root.Get("model").String()) - - hasToolUse := false - if output := root.Get("output"); output.Exists() && output.IsArray() { - for _, item := range output.Array() { - switch item.Get("type").String() { - case "reasoning": - var thinkingText string - if summary := item.Get("summary"); summary.Exists() && summary.IsArray() { - var parts []string - for _, part := range summary.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - if thinkingText == "" { - if content := item.Get("content"); content.Exists() && content.IsArray() { - var parts []string - for _, part := range content.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - } - if thinkingText != "" { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingText) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() && content.IsArray() { - for _, part := range content.Array() { - if part.Get("type").String() != "output_text" { - continue - } - text := part.Get("text").String() - if text == "" { - continue - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - case "function_call": - hasToolUse = true - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolID := item.Get("call_id").String() - if toolID == "" { - toolID = item.Get("id").String() - } - toolUse, _ = sjson.Set(toolUse, "id", toolID) - toolUse, _ = sjson.Set(toolUse, "name", item.Get("name").String()) - if args := item.Get("arguments").String(); args != "" && gjson.Valid(args) { - argObj := gjson.Parse(args) - if argObj.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argObj.Raw) - } - } - out, _ = sjson.SetRaw(out, "content.-1", toolUse) - } - } - } - - inputTokens := root.Get("usage.input_tokens").Int() - outputTokens := root.Get("usage.output_tokens").Int() - cachedTokens := root.Get("usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - if hasToolUse { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else if sr := root.Get("stop_reason").String(); sr == "max_tokens" || sr == "stop" { - out, _ = sjson.Set(out, "stop_reason", sr) - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - return out -} - -func translateGitHubCopilotResponsesStreamToClaude(line []byte, param *any) []string { - if *param == nil { - *param = &githubCopilotResponsesStreamState{ - TextBlockIndex: -1, - OutputIndexToTool: make(map[int]*githubCopilotResponsesStreamToolState), - ItemIDToTool: make(map[string]*githubCopilotResponsesStreamToolState), - } - } - state := (*param).(*githubCopilotResponsesStreamState) - - if !bytes.HasPrefix(line, dataTag) { - return nil - } - payload := bytes.TrimSpace(line[5:]) - if bytes.Equal(payload, []byte("[DONE]")) { - return nil - } - if !gjson.ValidBytes(payload) { - return nil - } - - event := gjson.GetBytes(payload, "type").String() - results := make([]string, 0, 4) - ensureMessageStart := func() { - if state.MessageStarted { - return - } - messageStart := `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}}` - messageStart, _ = sjson.Set(messageStart, "message.id", gjson.GetBytes(payload, "response.id").String()) - messageStart, _ = sjson.Set(messageStart, "message.model", gjson.GetBytes(payload, "response.model").String()) - results = append(results, "event: message_start\ndata: "+messageStart+"\n\n") - state.MessageStarted = true - } - startTextBlockIfNeeded := func() { - if state.TextBlockStarted { - return - } - if state.TextBlockIndex < 0 { - state.TextBlockIndex = state.NextContentIndex - state.NextContentIndex++ - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", state.TextBlockIndex) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - state.TextBlockStarted = true - } - stopTextBlockIfNeeded := func() { - if !state.TextBlockStarted { - return - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", state.TextBlockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - state.TextBlockStarted = false - state.TextBlockIndex = -1 - } - resolveTool := func(itemID string, outputIndex int) *githubCopilotResponsesStreamToolState { - if itemID != "" { - if tool, ok := state.ItemIDToTool[itemID]; ok { - return tool - } - } - if tool, ok := state.OutputIndexToTool[outputIndex]; ok { - if itemID != "" { - state.ItemIDToTool[itemID] = tool - } - return tool - } - return nil - } - - switch event { - case "response.created": - ensureMessageStart() - case "response.output_text.delta": - ensureMessageStart() - startTextBlockIfNeeded() - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - contentDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - contentDelta, _ = sjson.Set(contentDelta, "index", state.TextBlockIndex) - contentDelta, _ = sjson.Set(contentDelta, "delta.text", delta) - results = append(results, "event: content_block_delta\ndata: "+contentDelta+"\n\n") - } - case "response.reasoning_summary_part.added": - ensureMessageStart() - state.ReasoningActive = true - state.ReasoningIndex = state.NextContentIndex - state.NextContentIndex++ - thinkingStart := `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - thinkingStart, _ = sjson.Set(thinkingStart, "index", state.ReasoningIndex) - results = append(results, "event: content_block_start\ndata: "+thinkingStart+"\n\n") - case "response.reasoning_summary_text.delta": - if state.ReasoningActive { - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - thinkingDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - thinkingDelta, _ = sjson.Set(thinkingDelta, "index", state.ReasoningIndex) - thinkingDelta, _ = sjson.Set(thinkingDelta, "delta.thinking", delta) - results = append(results, "event: content_block_delta\ndata: "+thinkingDelta+"\n\n") - } - } - case "response.reasoning_summary_part.done": - if state.ReasoningActive { - thinkingStop := `{"type":"content_block_stop","index":0}` - thinkingStop, _ = sjson.Set(thinkingStop, "index", state.ReasoningIndex) - results = append(results, "event: content_block_stop\ndata: "+thinkingStop+"\n\n") - state.ReasoningActive = false - } - case "response.output_item.added": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - ensureMessageStart() - stopTextBlockIfNeeded() - state.HasToolUse = true - tool := &githubCopilotResponsesStreamToolState{ - Index: state.NextContentIndex, - ID: gjson.GetBytes(payload, "item.call_id").String(), - Name: gjson.GetBytes(payload, "item.name").String(), - } - if tool.ID == "" { - tool.ID = gjson.GetBytes(payload, "item.id").String() - } - state.NextContentIndex++ - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - state.OutputIndexToTool[outputIndex] = tool - if itemID := gjson.GetBytes(payload, "item.id").String(); itemID != "" { - state.ItemIDToTool[itemID] = tool - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", tool.Index) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.id", tool.ID) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.name", tool.Name) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - case "response.output_item.delta": - item := gjson.GetBytes(payload, "item") - if item.Get("type").String() != "function_call" { - break - } - tool := resolveTool(item.Get("id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - partial = item.Get("arguments").String() - } - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - tool.HasReceivedArgumentsDelta = true - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.function_call_arguments.delta": - // Copilot sends tool call arguments via this event type (not response.output_item.delta). - // Data format: {"delta":"...", "item_id":"...", "output_index":N, ...} - itemID := gjson.GetBytes(payload, "item_id").String() - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - tool := resolveTool(itemID, outputIndex) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - tool.HasReceivedArgumentsDelta = true - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.function_call_arguments.done": - itemID := gjson.GetBytes(payload, "item_id").String() - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - tool := resolveTool(itemID, outputIndex) - if tool == nil || tool.HasReceivedArgumentsDelta { - break - } - arguments := gjson.GetBytes(payload, "arguments").String() - if arguments == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", arguments) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.output_item.done": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - tool := resolveTool(gjson.GetBytes(payload, "item.id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", tool.Index) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - case "response.completed": - ensureMessageStart() - stopTextBlockIfNeeded() - if !state.MessageStopSent { - stopReason := "end_turn" - if state.HasToolUse { - stopReason = "tool_use" - } else if sr := gjson.GetBytes(payload, "response.stop_reason").String(); sr == "max_tokens" || sr == "stop" { - stopReason = sr - } - inputTokens := gjson.GetBytes(payload, "response.usage.input_tokens").Int() - outputTokens := gjson.GetBytes(payload, "response.usage.output_tokens").Int() - cachedTokens := gjson.GetBytes(payload, "response.usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - messageDelta := `{"type":"message_delta","delta":{"stop_reason":"","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - messageDelta, _ = sjson.Set(messageDelta, "delta.stop_reason", stopReason) - messageDelta, _ = sjson.Set(messageDelta, "usage.input_tokens", inputTokens) - messageDelta, _ = sjson.Set(messageDelta, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - messageDelta, _ = sjson.Set(messageDelta, "usage.cache_read_input_tokens", cachedTokens) - } - results = append(results, "event: message_delta\ndata: "+messageDelta+"\n\n") - results = append(results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - state.MessageStopSent = true - } - } - - return results -} - -// isHTTPSuccess checks if the status code indicates success (2xx). -func isHTTPSuccess(statusCode int) bool { - return statusCode >= 200 && statusCode < 300 -} - -// CloseExecutionSession implements ProviderExecutor. -func (e *GitHubCopilotExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/github_copilot_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/github_copilot_executor_test.go deleted file mode 100644 index f54b59f45c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/github_copilot_executor_test.go +++ /dev/null @@ -1,374 +0,0 @@ -package executor - -import ( - "net/http" - "strings" - "testing" - - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestGitHubCopilotNormalizeModel_StripsSuffix(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - model string - wantModel string - }{ - { - name: "suffix stripped", - model: "claude-opus-4.6(medium)", - wantModel: "claude-opus-4.6", - }, - { - name: "no suffix unchanged", - model: "claude-opus-4.6", - wantModel: "claude-opus-4.6", - }, - { - name: "different suffix stripped", - model: "gpt-4o(high)", - wantModel: "gpt-4o", - }, - { - name: "numeric suffix stripped", - model: "gemini-2.5-pro(8192)", - wantModel: "gemini-2.5-pro", - }, - } - - e := &GitHubCopilotExecutor{} - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - - body := []byte(`{"model":"` + tt.model + `","messages":[]}`) - got := e.normalizeModel(tt.model, body) - - gotModel := gjson.GetBytes(got, "model").String() - if gotModel != tt.wantModel { - t.Fatalf("normalizeModel() model = %q, want %q", gotModel, tt.wantModel) - } - }) - } -} - -func TestUseGitHubCopilotResponsesEndpoint_OpenAIResponseSource(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai-response"), "claude-3-5-sonnet") { - t.Fatal("expected openai-response source to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_CodexModel(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "gpt-5-codex") { - t.Fatal("expected codex model to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_DefaultChat(t *testing.T) { - t.Parallel() - if useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "claude-3-5-sonnet") { - t.Fatal("expected default openai source with non-codex model to use /chat/completions") - } -} - -func TestNormalizeGitHubCopilotChatTools_KeepFunctionOnly(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"ok"}},{"type":"code_interpreter"}],"tool_choice":"auto"}`) - got := normalizeGitHubCopilotChatTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tool type = %q, want function", tools[0].Get("type").String()) - } -} - -func TestNormalizeGitHubCopilotChatTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[],"tool_choice":{"type":"function","function":{"name":"x"}}}`) - got := normalizeGitHubCopilotChatTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestNormalizeGitHubCopilotResponsesInput_MissingInputExtractedFromSystemAndMessages(t *testing.T) { - t.Parallel() - body := []byte(`{"system":"sys text","messages":[{"role":"user","content":"user text"},{"role":"assistant","content":[{"type":"text","text":"assistant text"}]}]}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if !in.IsArray() { - t.Fatalf("input type = %v, want array", in.Type) - } - raw := in.Raw - if !strings.Contains(raw, "sys text") || !strings.Contains(raw, "user text") || !strings.Contains(raw, "assistant text") { - t.Fatalf("input = %s, want structured array with all texts", raw) - } - if gjson.GetBytes(got, "messages").Exists() { - t.Fatal("messages should be removed after conversion") - } - if gjson.GetBytes(got, "system").Exists() { - t.Fatal("system should be removed after conversion") - } -} - -func TestNormalizeGitHubCopilotResponsesInput_NonStringInputStringified(t *testing.T) { - t.Parallel() - body := []byte(`{"input":{"foo":"bar"}}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if in.Type != gjson.String { - t.Fatalf("input type = %v, want string", in.Type) - } - if !strings.Contains(in.String(), "foo") { - t.Fatalf("input = %q, want stringified object", in.String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenFunctionTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"sum","description":"d","parameters":{"type":"object"}}},{"type":"web_search"}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("name").String() != "sum" { - t.Fatalf("tools[0].name = %q, want sum", tools[0].Get("name").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be preserved") - } -} - -func TestNormalizeGitHubCopilotResponsesTools_ClaudeFormatTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"name":"Bash","description":"Run commands","input_schema":{"type":"object","properties":{"command":{"type":"string"}},"required":["command"]}},{"name":"Read","description":"Read files","input_schema":{"type":"object","properties":{"path":{"type":"string"}}}}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 2 { - t.Fatalf("tools len = %d, want 2", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tools[0].type = %q, want function", tools[0].Get("type").String()) - } - if tools[0].Get("name").String() != "Bash" { - t.Fatalf("tools[0].name = %q, want Bash", tools[0].Get("name").String()) - } - if tools[0].Get("description").String() != "Run commands" { - t.Fatalf("tools[0].description = %q, want 'Run commands'", tools[0].Get("description").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be set from input_schema") - } - if tools[0].Get("parameters.properties.command").Exists() != true { - t.Fatal("expected parameters.properties.command to exist") - } - if tools[1].Get("name").String() != "Read" { - t.Fatalf("tools[1].name = %q, want Read", tools[1].Get("name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenToolChoiceFunctionObject(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function","function":{"name":"sum"}}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice.type").String() != "function" { - t.Fatalf("tool_choice.type = %q, want function", gjson.GetBytes(got, "tool_choice.type").String()) - } - if gjson.GetBytes(got, "tool_choice.name").String() != "sum" { - t.Fatalf("tool_choice.name = %q, want sum", gjson.GetBytes(got, "tool_choice.name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function"}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_TextMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_1","model":"gpt-5-codex","output":[{"type":"message","content":[{"type":"output_text","text":"hello"}]}],"usage":{"input_tokens":3,"output_tokens":5}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "type").String() != "message" { - t.Fatalf("type = %q, want message", gjson.Get(out, "type").String()) - } - if gjson.Get(out, "content.0.type").String() != "text" { - t.Fatalf("content.0.type = %q, want text", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.text").String() != "hello" { - t.Fatalf("content.0.text = %q, want hello", gjson.Get(out, "content.0.text").String()) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_ToolUseMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_2","model":"gpt-5-codex","output":[{"type":"function_call","id":"fc_1","call_id":"call_1","name":"sum","arguments":"{\"a\":1}"}],"usage":{"input_tokens":1,"output_tokens":2}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "content.0.type").String() != "tool_use" { - t.Fatalf("content.0.type = %q, want tool_use", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.name").String() != "sum" { - t.Fatalf("content.0.name = %q, want sum", gjson.Get(out, "content.0.name").String()) - } - if gjson.Get(out, "stop_reason").String() != "tool_use" { - t.Fatalf("stop_reason = %q, want tool_use", gjson.Get(out, "stop_reason").String()) - } -} - -func TestTranslateGitHubCopilotResponsesStreamToClaude_TextLifecycle(t *testing.T) { - t.Parallel() - var param any - - created := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.created","response":{"id":"resp_1","model":"gpt-5-codex"}}`), ¶m) - if len(created) == 0 || !strings.Contains(created[0], "message_start") { - t.Fatalf("created events = %#v, want message_start", created) - } - - delta := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_text.delta","delta":"he"}`), ¶m) - joinedDelta := strings.Join(delta, "") - if !strings.Contains(joinedDelta, "content_block_start") || !strings.Contains(joinedDelta, "text_delta") { - t.Fatalf("delta events = %#v, want content_block_start + text_delta", delta) - } - - completed := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.completed","response":{"usage":{"input_tokens":7,"output_tokens":9}}}`), ¶m) - joinedCompleted := strings.Join(completed, "") - if !strings.Contains(joinedCompleted, "message_delta") || !strings.Contains(joinedCompleted, "message_stop") { - t.Fatalf("completed events = %#v, want message_delta + message_stop", completed) - } -} - -func TestTranslateGitHubCopilotResponsesStreamToClaude_FunctionCallArgumentsDoneWithoutDelta(t *testing.T) { - t.Parallel() - var param any - - added := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_item.added","item":{"type":"function_call","call_id":"call-1","name":"sum","id":"fc-1"},"output_index":0}`), ¶m) - if len(added) == 0 { - t.Fatalf("output_item.added events = %#v", added) - } - - done := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.function_call_arguments.done","item_id":"fc-1","output_index":0,"arguments":"{\"a\":1}"}`), ¶m) - if len(done) != 1 { - t.Fatalf("expected one event for function_call_arguments.done, got %d: %#v", len(done), done) - } - if !strings.Contains(done[0], `"input_json_delta"`) { - t.Fatalf("expected function call argument delta event, got %q", done[0]) - } - if !strings.Contains(done[0], `\"a\":1`) { - t.Fatalf("expected done arguments payload, got %q", done[0]) - } -} - -func TestTranslateGitHubCopilotResponsesStreamToClaude_DeduplicatesFunctionCallArgumentsDone(t *testing.T) { - t.Parallel() - var param any - - added := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_item.added","item":{"type":"function_call","call_id":"call-1","name":"sum","id":"fc-1"},"output_index":0}`), ¶m) - if len(added) == 0 { - t.Fatalf("output_item.added events = %#v", added) - } - - delta := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.function_call_arguments.delta","item_id":"fc-1","output_index":0,"delta":"{\"a\":1"}`), ¶m) - if len(delta) != 1 || !strings.Contains(delta[0], `"input_json_delta"`) { - t.Fatalf("expected delta event, got %#v", delta) - } - - done := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.function_call_arguments.done","item_id":"fc-1","output_index":0,"arguments":"{\"a\":1}"}`), ¶m) - if len(done) != 0 { - t.Fatalf("expected no event after delta completion, got %d: %#v", len(done), done) - } -} - -// --- Tests for X-Initiator detection logic (Problem L) --- - -func TestApplyHeaders_XInitiator_UserOnly(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"system","content":"sys"},{"role":"user","content":"hello"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "user" { - t.Fatalf("X-Initiator = %q, want user", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithAssistantAndUserToolResult(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - // Claude Code typical flow: last message is user (tool result), but has assistant in history - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"assistant","content":"I will read the file"},{"role":"user","content":"tool result here"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (assistant exists in messages)", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithToolRole(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"tool","content":"result"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (tool role exists)", got) - } -} - -// --- Tests for x-github-api-version header (Problem M) --- - -func TestApplyHeaders_GitHubAPIVersion(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - e.applyHeaders(req, "token", nil) - if got := req.Header.Get("X-Github-Api-Version"); got != "2025-04-01" { - t.Fatalf("X-Github-Api-Version = %q, want 2025-04-01", got) - } -} - -// --- Tests for vision detection (Problem P) --- - -func TestDetectVisionContent_WithImageURL(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"describe"},{"type":"image_url","image_url":{"url":"data:image/png;base64,abc"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected vision content to be detected") - } -} - -func TestDetectVisionContent_WithImageType(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"image","source":{"data":"abc","media_type":"image/png"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected image type to be detected") - } -} - -func TestDetectVisionContent_NoVision(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content") - } -} - -func TestDetectVisionContent_NoMessages(t *testing.T) { - t.Parallel() - // After Responses API normalization, messages is removed — detection should return false - body := []byte(`{"input":[{"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content when messages field is absent") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/iflow_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/iflow_executor.go deleted file mode 100644 index 4d3eb11b79..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/iflow_executor.go +++ /dev/null @@ -1,588 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/hmac" - "crypto/sha256" - "encoding/hex" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/google/uuid" - iflowauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - iflowDefaultEndpoint = "/chat/completions" - iflowUserAgent = "iFlow-Cli" -) - -// IFlowExecutor executes OpenAI-compatible chat completions against the iFlow API using API keys derived from OAuth. -type IFlowExecutor struct { - cfg *config.Config -} - -// NewIFlowExecutor constructs a new executor instance. -func NewIFlowExecutor(cfg *config.Config) *IFlowExecutor { return &IFlowExecutor{cfg: cfg} } - -// Identifier returns the provider key. -func (e *IFlowExecutor) Identifier() string { return "iflow" } - -// PrepareRequest injects iFlow credentials into the outgoing HTTP request. -func (e *IFlowExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := iflowCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - return nil -} - -// HttpRequest injects iFlow credentials into the request and executes it. -func (e *IFlowExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("iflow executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request. -func (e *IFlowExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "iflow executor: missing api key"} - return resp, err - } - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), iflowauth.DefaultAPIBaseURL, baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return resp, err - } - - body = preserveReasoningContentInMessages(body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyIFlowHeaders(httpReq, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - // Ensure usage is recorded even if upstream omits usage metadata. - reporter.ensurePublished(ctx) - - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request. -func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "iflow executor: missing api key"} - return nil, err - } - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), iflowauth.DefaultAPIBaseURL, baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return nil, err - } - - body = preserveReasoningContentInMessages(body) - // Ensure tools array exists to avoid provider quirks similar to Qwen's behaviour. - toolsResult := gjson.GetBytes(body, "tools") - if toolsResult.Exists() && toolsResult.IsArray() && len(toolsResult.Array()) == 0 { - body = ensureToolsArray(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyIFlowHeaders(httpReq, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, _ := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Guarantee a usage record exists even if the stream never emitted usage data. - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *IFlowExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - enc, err := tokenizerForModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes OAuth tokens or cookie-based API keys and updates the stored API key. -func (e *IFlowExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: refresh called") - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "iflow executor: missing auth"} - } - - // Check if this is cookie-based authentication - var cookie string - var email string - if auth.Metadata != nil { - if v, ok := auth.Metadata["cookie"].(string); ok { - cookie = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["email"].(string); ok { - email = strings.TrimSpace(v) - } - } - - // If cookie is present, use cookie-based refresh - if cookie != "" && email != "" { - return e.refreshCookieBased(ctx, auth, cookie, email) - } - - // Otherwise, use OAuth-based refresh - return e.refreshOAuthBased(ctx, auth) -} - -// refreshCookieBased refreshes API key using browser cookie -func (e *IFlowExecutor) refreshCookieBased(ctx context.Context, auth *cliproxyauth.Auth, cookie, email string) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: checking refresh need for cookie-based API key for user: %s", email) - - // Get current expiry time from metadata - var currentExpire string - if auth.Metadata != nil { - if v, ok := auth.Metadata["expires_at"].(string); ok { - currentExpire = strings.TrimSpace(v) - } - } - - // Check if refresh is needed - needsRefresh, _, err := iflowauth.ShouldRefreshAPIKey(currentExpire) - if err != nil { - log.Warnf("iflow executor: failed to check refresh need: %v", err) - // If we can't check, continue with refresh anyway as a safety measure - } else if !needsRefresh { - log.Debugf("iflow executor: no refresh needed for user: %s", email) - return auth, nil - } - - log.Infof("iflow executor: refreshing cookie-based API key for user: %s", email) - - svc := iflowauth.NewIFlowAuth(e.cfg, nil) - keyData, err := svc.RefreshAPIKey(ctx, cookie, email) - if err != nil { - log.Errorf("iflow executor: cookie-based API key refresh failed: %v", err) - return nil, err - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["api_key"] = keyData.APIKey - auth.Metadata["expires_at"] = keyData.ExpireTime - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.Metadata["cookie"] = cookie - auth.Metadata["email"] = email - - log.Infof("iflow executor: cookie-based API key refreshed successfully, new expiry: %s", keyData.ExpireTime) - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["api_key"] = keyData.APIKey - - return auth, nil -} - -// refreshOAuthBased refreshes tokens using OAuth refresh token -func (e *IFlowExecutor) refreshOAuthBased(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - refreshToken := "" - oldAccessToken := "" - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["access_token"].(string); ok { - oldAccessToken = strings.TrimSpace(v) - } - } - if refreshToken == "" { - return auth, nil - } - - // Avoid logging token material. - if oldAccessToken != "" { - log.Debug("iflow executor: refreshing access token") - } - - svc := iflowauth.NewIFlowAuth(e.cfg, nil) - tokenData, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - log.Errorf("iflow executor: token refresh failed: %v", err) - return nil, classifyIFlowRefreshError(err) - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenData.AccessToken - if tokenData.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenData.RefreshToken - } - if tokenData.APIKey != "" { - auth.Metadata["api_key"] = tokenData.APIKey - } - auth.Metadata["expires_at"] = tokenData.Expire - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - - log.Debug("iflow executor: token refresh successful") - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if tokenData.APIKey != "" { - auth.Attributes["api_key"] = tokenData.APIKey - } - - return auth, nil -} - -func classifyIFlowRefreshError(err error) error { - if err == nil { - return nil - } - msg := strings.ToLower(err.Error()) - if strings.Contains(msg, "iflow token") && strings.Contains(msg, "server busy") { - return statusErr{code: http.StatusServiceUnavailable, msg: err.Error()} - } - if strings.Contains(msg, "provider rejected token request") && (strings.Contains(msg, "code=429") || strings.Contains(msg, "too many requests") || strings.Contains(msg, "rate limit") || strings.Contains(msg, "quota")) { - return statusErr{code: http.StatusTooManyRequests, msg: err.Error()} - } - if strings.Contains(msg, "provider rejected token request") && strings.Contains(msg, "code=503") { - return statusErr{code: http.StatusServiceUnavailable, msg: err.Error()} - } - if strings.Contains(msg, "provider rejected token request") && strings.Contains(msg, "code=500") { - return statusErr{code: http.StatusServiceUnavailable, msg: err.Error()} - } - return err -} - -func applyIFlowHeaders(r *http.Request, apiKey string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiKey) - r.Header.Set("User-Agent", iflowUserAgent) - - // Generate session-id - sessionID := "session-" + generateUUID() - r.Header.Set("session-id", sessionID) - - // Generate timestamp and signature - timestamp := time.Now().UnixMilli() - r.Header.Set("x-iflow-timestamp", fmt.Sprintf("%d", timestamp)) - - signature := createIFlowSignature(iflowUserAgent, sessionID, timestamp, apiKey) - if signature != "" { - r.Header.Set("x-iflow-signature", signature) - } - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } -} - -// createIFlowSignature generates HMAC-SHA256 signature for iFlow API requests. -// The signature payload format is: userAgent:sessionId:timestamp -func createIFlowSignature(userAgent, sessionID string, timestamp int64, apiKey string) string { - if apiKey == "" { - return "" - } - payload := fmt.Sprintf("%s:%s:%d", userAgent, sessionID, timestamp) - h := hmac.New(sha256.New, []byte(apiKey)) - h.Write([]byte(payload)) - return hex.EncodeToString(h.Sum(nil)) -} - -// generateUUID generates a random UUID v4 string. -func generateUUID() string { - return uuid.New().String() -} - -func iflowCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := strings.TrimSpace(a.Attributes["api_key"]); v != "" { - apiKey = v - } - if v := strings.TrimSpace(a.Attributes["base_url"]); v != "" { - baseURL = v - } - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["api_key"].(string); ok { - apiKey = strings.TrimSpace(v) - } - } - if baseURL == "" && a.Metadata != nil { - if v, ok := a.Metadata["base_url"].(string); ok { - baseURL = strings.TrimSpace(v) - } - } - return apiKey, baseURL -} - -func ensureToolsArray(body []byte) []byte { - placeholder := `[{"type":"function","function":{"name":"noop","description":"Placeholder tool to stabilise streaming","parameters":{"type":"object"}}}]` - updated, err := sjson.SetRawBytes(body, "tools", []byte(placeholder)) - if err != nil { - return body - } - return updated -} - -// preserveReasoningContentInMessages checks if reasoning_content from assistant messages -// is preserved in conversation history for iFlow models that support thinking. -// This is helpful for multi-turn conversations where the model may benefit from seeing -// its previous reasoning to maintain coherent thought chains. -// -// For GLM-4.6/4.7 and MiniMax M2/M2.1, it is recommended to include the full assistant -// response (including reasoning_content) in message history for better context continuity. -func preserveReasoningContentInMessages(body []byte) []byte { - model := strings.ToLower(gjson.GetBytes(body, "model").String()) - - // Only apply to models that support thinking with history preservation - needsPreservation := strings.HasPrefix(model, "glm-4") || strings.HasPrefix(model, "minimax-m2") - - if !needsPreservation { - return body - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - - // Check if any assistant message already has reasoning_content preserved - hasReasoningContent := false - messages.ForEach(func(_, msg gjson.Result) bool { - role := msg.Get("role").String() - if role == "assistant" { - rc := msg.Get("reasoning_content") - if rc.Exists() && rc.String() != "" { - hasReasoningContent = true - return false // stop iteration - } - } - return true - }) - - // If reasoning content is already present, the messages are properly formatted - // No need to modify - the client has correctly preserved reasoning in history - if hasReasoningContent { - log.Debugf("iflow executor: reasoning_content found in message history for %s", model) - } - - return body -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/iflow_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/iflow_executor_test.go deleted file mode 100644 index 3a1ba2e43f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/iflow_executor_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package executor - -import ( - "errors" - "net/http" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" -) - -func TestIFlowExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "glm-4", "glm-4", ""}, - {"glm with suffix", "glm-4.1-flash(high)", "glm-4.1-flash", "high"}, - {"minimax no suffix", "minimax-m2", "minimax-m2", ""}, - {"minimax with suffix", "minimax-m2.1(medium)", "minimax-m2.1", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} - -func TestPreserveReasoningContentInMessages(t *testing.T) { - tests := []struct { - name string - input []byte - want []byte // nil means output should equal input - }{ - { - "non-glm model passthrough", - []byte(`{"model":"gpt-4","messages":[]}`), - nil, - }, - { - "glm model with empty messages", - []byte(`{"model":"glm-4","messages":[]}`), - nil, - }, - { - "glm model preserves existing reasoning_content", - []byte(`{"model":"glm-4","messages":[{"role":"assistant","content":"hi","reasoning_content":"thinking..."}]}`), - nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := preserveReasoningContentInMessages(tt.input) - want := tt.want - if want == nil { - want = tt.input - } - if string(got) != string(want) { - t.Errorf("preserveReasoningContentInMessages() = %s, want %s", got, want) - } - }) - } -} - -func TestClassifyIFlowRefreshError(t *testing.T) { - t.Run("maps server busy to 503", func(t *testing.T) { - err := classifyIFlowRefreshError(errors.New("iflow token: provider rejected token request (code=500 message=server busy)")) - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T", err) - } - if got := se.StatusCode(); got != http.StatusServiceUnavailable { - t.Fatalf("status code = %d, want %d", got, http.StatusServiceUnavailable) - } - }) - - t.Run("maps provider 429 to 429", func(t *testing.T) { - err := classifyIFlowRefreshError(errors.New("iflow token: provider rejected token request (code=429 message=rate limit exceeded)")) - se, ok := err.(interface{ StatusCode() int }) - if !ok { - t.Fatalf("expected status error type, got %T", err) - } - if got := se.StatusCode(); got != http.StatusTooManyRequests { - t.Fatalf("status code = %d, want %d", got, http.StatusTooManyRequests) - } - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kilo_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kilo_executor.go deleted file mode 100644 index 5599dd5a6e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kilo_executor.go +++ /dev/null @@ -1,462 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "errors" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// KiloExecutor handles requests to Kilo API. -type KiloExecutor struct { - cfg *config.Config -} - -// NewKiloExecutor creates a new Kilo executor instance. -func NewKiloExecutor(cfg *config.Config) *KiloExecutor { - return &KiloExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiloExecutor) Identifier() string { return "kilo" } - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiloExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiloCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return fmt.Errorf("kilo: missing access token") - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest executes a raw HTTP request. -func (e *KiloExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kilo executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request. -func (e *KiloExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { _ = httpResp.Body.Close() }() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - reporter.ensurePublished(ctx) - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil -} - -// ExecuteStream performs a streaming request. -func (e *KiloExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - _ = httpResp.Body.Close() - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { _ = httpResp.Body.Close() }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// Refresh validates the Kilo token. -func (e *KiloExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - return auth, nil -} - -// CountTokens returns the token count for the given request. -func (e *KiloExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, fmt.Errorf("kilo: count tokens not supported") -} - -// kiloCredentials extracts access token and other info from auth. -func kiloCredentials(auth *cliproxyauth.Auth) (accessToken, orgID string) { - if auth == nil { - return "", "" - } - - // Prefer kilocode specific keys, then fall back to generic keys. - // Check metadata first, then attributes. - if auth.Metadata != nil { - if token, ok := auth.Metadata["kilocodeToken"].(string); ok && token != "" { - accessToken = token - } else if token, ok := auth.Metadata["access_token"].(string); ok && token != "" { - accessToken = token - } - - if org, ok := auth.Metadata["kilocodeOrganizationId"].(string); ok && org != "" { - orgID = org - } else if org, ok := auth.Metadata["organization_id"].(string); ok && org != "" { - orgID = org - } - } - - if accessToken == "" && auth.Attributes != nil { - if token := auth.Attributes["kilocodeToken"]; token != "" { - accessToken = token - } else if token := auth.Attributes["access_token"]; token != "" { - accessToken = token - } - } - - if orgID == "" && auth.Attributes != nil { - if org := auth.Attributes["kilocodeOrganizationId"]; org != "" { - orgID = org - } else if org := auth.Attributes["organization_id"]; org != "" { - orgID = org - } - } - - return accessToken, orgID -} - -// FetchKiloModels fetches models from Kilo API. -func FetchKiloModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - log.Infof("kilo: no access token found, skipping dynamic model fetch (using static kilo/auto)") - return registry.GetKiloModels() - } - - log.Debugf("kilo: fetching dynamic models (orgID: %s)", orgID) - - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.kilo.ai/api/openrouter/models", nil) - if err != nil { - log.Warnf("kilo: failed to create model fetch request: %v", err) - return registry.GetKiloModels() - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - req.Header.Set("X-Kilocode-OrganizationID", orgID) - } - req.Header.Set("User-Agent", "cli-proxy-kilo") - - resp, err := httpClient.Do(req) - if err != nil { - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - log.Warnf("kilo: fetch models canceled: %v", err) - } else { - log.Warnf("kilo: using static models (API fetch failed: %v)", err) - } - return registry.GetKiloModels() - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Warnf("kilo: failed to read models response: %v", err) - return registry.GetKiloModels() - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("kilo: fetch models failed: status %d, body: %s", resp.StatusCode, string(body)) - return registry.GetKiloModels() - } - - result := gjson.GetBytes(body, "data") - if !result.Exists() { - // Try root if data field is missing - result = gjson.ParseBytes(body) - if !result.IsArray() { - log.Debugf("kilo: response body: %s", string(body)) - log.Warn("kilo: invalid API response format (expected array or data field with array)") - return registry.GetKiloModels() - } - } - - var dynamicModels []*registry.ModelInfo - now := time.Now().Unix() - count := 0 - totalCount := 0 - - result.ForEach(func(key, value gjson.Result) bool { - totalCount++ - id := value.Get("id").String() - pIdxResult := value.Get("preferredIndex") - preferredIndex := pIdxResult.Int() - - // Filter models where preferredIndex > 0 (Kilo-curated models) - if preferredIndex <= 0 { - return true - } - - // Check if it's free. We look for :free suffix, is_free flag, or zero pricing. - isFree := strings.HasSuffix(id, ":free") || id == "giga-potato" || value.Get("is_free").Bool() - if !isFree { - // Check pricing as fallback - promptPricing := value.Get("pricing.prompt").String() - if promptPricing == "0" || promptPricing == "0.0" { - isFree = true - } - } - - if !isFree { - log.Debugf("kilo: skipping curated paid model: %s", id) - return true - } - - log.Debugf("kilo: found curated model: %s (preferredIndex: %d)", id, preferredIndex) - - dynamicModels = append(dynamicModels, ®istry.ModelInfo{ - ID: id, - DisplayName: value.Get("name").String(), - ContextLength: int(value.Get("context_length").Int()), - OwnedBy: "kilo", - Type: "kilo", - Object: "model", - Created: now, - }) - count++ - return true - }) - - log.Infof("kilo: fetched %d models from API, %d curated free (preferredIndex > 0)", totalCount, count) - if count == 0 && totalCount > 0 { - log.Warn("kilo: no curated free models found (check API response fields)") - } - - staticModels := registry.GetKiloModels() - // Always include kilo/auto (first static model) - allModels := append(staticModels[:1], dynamicModels...) - - return allModels -} - -func (e *KiloExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kimi_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kimi_executor.go deleted file mode 100644 index b7ee53b55d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kimi_executor.go +++ /dev/null @@ -1,619 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - kimiauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kimi" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// KimiExecutor is a stateless executor for Kimi API using OpenAI-compatible chat completions. -type KimiExecutor struct { - ClaudeExecutor - cfg *config.Config -} - -// NewKimiExecutor creates a new Kimi executor. -func NewKimiExecutor(cfg *config.Config) *KimiExecutor { return &KimiExecutor{cfg: cfg} } - -// Identifier returns the executor identifier. -func (e *KimiExecutor) Identifier() string { return "kimi" } - -// PrepareRequest injects Kimi credentials into the outgoing HTTP request. -func (e *KimiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token := kimiCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Kimi credentials into the request and executes it. -func (e *KimiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kimi executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request to Kimi. -func (e *KimiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.Execute(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), false) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return resp, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return resp, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyKimiHeadersWithAuth(httpReq, token, false, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request to Kimi. -func (e *KimiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.ExecuteStream(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), true) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return nil, err - } - - body, err = sjson.SetBytes(body, "stream_options.include_usage", true) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set stream_options in payload: %w", err) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return nil, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyKimiHeadersWithAuth(httpReq, token, true, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 1_048_576) // 1MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens estimates token count for Kimi requests. -func (e *KimiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.CountTokens(ctx, auth, req, opts) -} - -func normalizeKimiToolMessageLinks(body []byte) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body, nil - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body, nil - } - - out := body - pending := make([]string, 0) - patched := 0 - patchedReasoning := 0 - ambiguous := 0 - latestReasoning := "" - hasLatestReasoning := false - - removePending := func(id string) { - for idx := range pending { - if pending[idx] != id { - continue - } - pending = append(pending[:idx], pending[idx+1:]...) - return - } - } - - msgs := messages.Array() - for msgIdx := range msgs { - msg := msgs[msgIdx] - role := strings.TrimSpace(msg.Get("role").String()) - switch role { - case "assistant": - reasoning := msg.Get("reasoning_content") - if reasoning.Exists() { - reasoningText := reasoning.String() - if strings.TrimSpace(reasoningText) != "" { - latestReasoning = reasoningText - hasLatestReasoning = true - } - } - - toolCalls := msg.Get("tool_calls") - if !toolCalls.Exists() || !toolCalls.IsArray() || len(toolCalls.Array()) == 0 { - continue - } - - if !reasoning.Exists() || strings.TrimSpace(reasoning.String()) == "" { - reasoningText := fallbackAssistantReasoning(msg, hasLatestReasoning, latestReasoning) - path := fmt.Sprintf("messages.%d.reasoning_content", msgIdx) - next, err := sjson.SetBytes(out, path, reasoningText) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set assistant reasoning_content: %w", err) - } - out = next - patchedReasoning++ - } - - for _, tc := range toolCalls.Array() { - id := strings.TrimSpace(tc.Get("id").String()) - if id == "" { - continue - } - pending = append(pending, id) - } - case "tool": - toolCallID := strings.TrimSpace(msg.Get("tool_call_id").String()) - if toolCallID == "" { - toolCallID = strings.TrimSpace(msg.Get("call_id").String()) - if toolCallID != "" { - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set tool_call_id from call_id: %w", err) - } - out = next - patched++ - } - } - if toolCallID == "" { - if len(pending) == 1 { - toolCallID = pending[0] - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to infer tool_call_id: %w", err) - } - out = next - patched++ - } else if len(pending) > 1 { - ambiguous++ - } - } - if toolCallID != "" { - removePending(toolCallID) - } - } - } - - if patched > 0 || patchedReasoning > 0 { - log.WithFields(log.Fields{ - "patched_tool_messages": patched, - "patched_reasoning_messages": patchedReasoning, - }).Debug("kimi executor: normalized tool message fields") - } - if ambiguous > 0 { - log.WithFields(log.Fields{ - "ambiguous_tool_messages": ambiguous, - "pending_tool_calls": len(pending), - }).Warn("kimi executor: tool messages missing tool_call_id with ambiguous candidates") - } - - return out, nil -} - -func fallbackAssistantReasoning(msg gjson.Result, hasLatest bool, latest string) string { - if hasLatest && strings.TrimSpace(latest) != "" { - return latest - } - - content := msg.Get("content") - if content.Type == gjson.String { - if text := strings.TrimSpace(content.String()); text != "" { - return text - } - } - if content.IsArray() { - parts := make([]string, 0, len(content.Array())) - for _, item := range content.Array() { - text := strings.TrimSpace(item.Get("text").String()) - if text == "" { - continue - } - parts = append(parts, text) - } - if len(parts) > 0 { - return strings.Join(parts, "\n") - } - } - - return "[reasoning unavailable]" -} - -// Refresh refreshes the Kimi token using the refresh token. -func (e *KimiExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("kimi executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("kimi executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - client := kimiauth.NewDeviceFlowClientWithDeviceID(e.cfg, resolveKimiDeviceID(auth), nil) - td, err := client.RefreshToken(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ExpiresAt > 0 { - exp := time.Unix(td.ExpiresAt, 0).UTC().Format(time.RFC3339) - auth.Metadata["expired"] = exp - } - auth.Metadata["type"] = "kimi" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// applyKimiHeaders sets required headers for Kimi API requests. -// Headers match kimi-cli client for compatibility. -func applyKimiHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - // Match kimi-cli headers exactly - r.Header.Set("User-Agent", "KimiCLI/1.10.6") - r.Header.Set("X-Msh-Platform", "kimi_cli") - r.Header.Set("X-Msh-Version", "1.10.6") - r.Header.Set("X-Msh-Device-Name", getKimiHostname()) - r.Header.Set("X-Msh-Device-Model", getKimiDeviceModel()) - r.Header.Set("X-Msh-Device-Id", getKimiDeviceID()) - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func resolveKimiDeviceIDFromAuth(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return "" - } - - deviceIDRaw, ok := auth.Metadata["device_id"] - if !ok { - return "" - } - - deviceID, ok := deviceIDRaw.(string) - if !ok { - return "" - } - - return strings.TrimSpace(deviceID) -} - -func resolveKimiDeviceIDFromStorage(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - - storage, ok := auth.Storage.(*kimiauth.KimiTokenStorage) - if !ok || storage == nil { - return "" - } - - return strings.TrimSpace(storage.DeviceID) -} - -func resolveKimiDeviceID(auth *cliproxyauth.Auth) string { - deviceID := resolveKimiDeviceIDFromAuth(auth) - if deviceID != "" { - return deviceID - } - return resolveKimiDeviceIDFromStorage(auth) -} - -func applyKimiHeadersWithAuth(r *http.Request, token string, stream bool, auth *cliproxyauth.Auth) { - applyKimiHeaders(r, token, stream) - - if deviceID := resolveKimiDeviceID(auth); deviceID != "" { - r.Header.Set("X-Msh-Device-Id", deviceID) - } -} - -// getKimiHostname returns the machine hostname. -func getKimiHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// getKimiDeviceModel returns a device model string matching kimi-cli format. -func getKimiDeviceModel() string { - return fmt.Sprintf("%s %s", runtime.GOOS, runtime.GOARCH) -} - -// getKimiDeviceID returns a stable device ID, matching kimi-cli storage location. -func getKimiDeviceID() string { - homeDir, err := os.UserHomeDir() - if err != nil { - return "cli-proxy-api-device" - } - // Check kimi-cli's device_id location first (platform-specific) - var kimiShareDir string - switch runtime.GOOS { - case "darwin": - kimiShareDir = filepath.Join(homeDir, "Library", "Application Support", "kimi") - case "windows": - appData := os.Getenv("APPDATA") - if appData == "" { - appData = filepath.Join(homeDir, "AppData", "Roaming") - } - kimiShareDir = filepath.Join(appData, "kimi") - default: // linux and other unix-like - kimiShareDir = filepath.Join(homeDir, ".local", "share", "kimi") - } - deviceIDPath := filepath.Join(kimiShareDir, "device_id") - if data, err := os.ReadFile(deviceIDPath); err == nil { - return strings.TrimSpace(string(data)) - } - return "cli-proxy-api-device" -} - -// kimiCreds extracts the access token from auth. -func kimiCreds(a *cliproxyauth.Auth) (token string) { - if a == nil { - return "" - } - // Check metadata first (OAuth flow stores tokens here) - if a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return v - } - } - // Fallback to attributes (API key style) - if a.Attributes != nil { - if v := a.Attributes["access_token"]; v != "" { - return v - } - if v := a.Attributes["api_key"]; v != "" { - return v - } - } - return "" -} - -// stripKimiPrefix removes the "kimi-" prefix from model names for the upstream API. -func stripKimiPrefix(model string) string { - model = strings.TrimSpace(model) - if strings.HasPrefix(strings.ToLower(model), "kimi-") { - return model[5:] - } - return model -} - -func (e *KimiExecutor) CloseExecutionSession(sessionID string) {} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kimi_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kimi_executor_test.go deleted file mode 100644 index 210ddb0ef9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kimi_executor_test.go +++ /dev/null @@ -1,205 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestNormalizeKimiToolMessageLinks_UsesCallIDFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"list_directory:1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","call_id":"list_directory:1","content":"[]"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "list_directory:1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "list_directory:1") - } -} - -func TestNormalizeKimiToolMessageLinks_InferSinglePendingID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_123","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","content":"file-content"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_123" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_123") - } -} - -func TestNormalizeKimiToolMessageLinks_AmbiguousMissingIDIsNotInferred(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}, - {"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}} - ]}, - {"role":"tool","content":"result-without-id"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if gjson.GetBytes(out, "messages.1.tool_call_id").Exists() { - t.Fatalf("messages.1.tool_call_id should be absent for ambiguous case, got %q", gjson.GetBytes(out, "messages.1.tool_call_id").String()) - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingToolCallID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","tool_call_id":"call_1","call_id":"different-id","content":"result"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } -} - -func TestNormalizeKimiToolMessageLinks_InheritsPreviousReasoningForAssistantToolCalls(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"plan","reasoning_content":"previous reasoning"}, - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.reasoning_content").String() - if got != "previous reasoning" { - t.Fatalf("messages.1.reasoning_content = %q, want %q", got, "previous reasoning") - } -} - -func TestNormalizeKimiToolMessageLinks_InsertsFallbackReasoningWhenMissing(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - reasoning := gjson.GetBytes(out, "messages.0.reasoning_content") - if !reasoning.Exists() { - t.Fatalf("messages.0.reasoning_content should exist") - } - if reasoning.String() != "[reasoning unavailable]" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", reasoning.String(), "[reasoning unavailable]") - } -} - -func TestNormalizeKimiToolMessageLinks_UsesContentAsReasoningFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":[{"type":"text","text":"first line"},{"type":"text","text":"second line"}],"tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "first line\nsecond line" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "first line\nsecond line") - } -} - -func TestNormalizeKimiToolMessageLinks_ReplacesEmptyReasoningContent(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"assistant summary","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":""} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "assistant summary" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "assistant summary") - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingAssistantReasoning(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"keep me"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "keep me" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "keep me") - } -} - -func TestNormalizeKimiToolMessageLinks_RepairsIDsAndReasoningTogether(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"r1"}, - {"role":"tool","call_id":"call_1","content":"[]"}, - {"role":"assistant","tool_calls":[{"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","call_id":"call_2","content":"file"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if got := gjson.GetBytes(out, "messages.1.tool_call_id").String(); got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } - if got := gjson.GetBytes(out, "messages.3.tool_call_id").String(); got != "call_2" { - t.Fatalf("messages.3.tool_call_id = %q, want %q", got, "call_2") - } - if got := gjson.GetBytes(out, "messages.2.reasoning_content").String(); got != "r1" { - t.Fatalf("messages.2.reasoning_content = %q, want %q", got, "r1") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kiro_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kiro_executor.go deleted file mode 100644 index 40bc97bc3c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kiro_executor.go +++ /dev/null @@ -1,4690 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/base64" - "encoding/binary" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "syscall" - "time" - - "github.com/google/uuid" - kiroclaude "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/claude" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/common" - kiroopenai "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/kiro/openai" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro API common constants - kiroContentType = "application/json" - kiroAcceptStream = "*/*" - - // Event Stream frame size constants for boundary protection - // AWS Event Stream binary format: prelude (12 bytes) + headers + payload + message_crc (4 bytes) - // Prelude consists of: total_length (4) + headers_length (4) + prelude_crc (4) - minEventStreamFrameSize = 16 // Minimum: 4(total_len) + 4(headers_len) + 4(prelude_crc) + 4(message_crc) - maxEventStreamMsgSize = 10 << 20 // Maximum message length: 10MB - - // Event Stream error type constants - ErrStreamFatal = "fatal" // Connection/authentication errors, not recoverable - ErrStreamMalformed = "malformed" // Format errors, data cannot be parsed - - // kiroUserAgent matches Amazon Q CLI style for User-Agent header - kiroUserAgent = "aws-sdk-rust/1.3.9 os/macos lang/rust/1.87.0" - // kiroFullUserAgent is the complete x-amz-user-agent header (Amazon Q CLI style) - kiroFullUserAgent = "aws-sdk-rust/1.3.9 ua/2.1 api/ssooidc/1.88.0 os/macos lang/rust/1.87.0 m/E app/AmazonQ-For-CLI" - - // Kiro IDE style headers for IDC auth - kiroIDEUserAgent = "aws-sdk-js/1.0.27 ua/2.1 os/win32#10.0.19044 lang/js md/nodejs#22.21.1 api/codewhispererstreaming#1.0.27 m/E" - kiroIDEAmzUserAgent = "aws-sdk-js/1.0.27" - kiroIDEAgentModeVibe = "vibe" - - // Socket retry configuration constants - // Maximum number of retry attempts for socket/network errors - kiroSocketMaxRetries = 3 - // Base delay between retry attempts (uses exponential backoff: delay * 2^attempt) - kiroSocketBaseRetryDelay = 1 * time.Second - // Maximum delay between retry attempts (cap for exponential backoff) - kiroSocketMaxRetryDelay = 30 * time.Second - // First token timeout for streaming responses (how long to wait for first response) - kiroFirstTokenTimeout = 15 * time.Second - // Streaming read timeout (how long to wait between chunks) - kiroStreamingReadTimeout = 300 * time.Second -) - -// retryableHTTPStatusCodes defines HTTP status codes that are considered retryable. -// Based on kiro2Api reference: 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout) -var retryableHTTPStatusCodes = map[int]bool{ - 502: true, // Bad Gateway - upstream server error - 503: true, // Service Unavailable - server temporarily overloaded - 504: true, // Gateway Timeout - upstream server timeout -} - -// Real-time usage estimation configuration -// These control how often usage updates are sent during streaming -var ( - usageUpdateCharThreshold = 5000 // Send usage update every 5000 characters - usageUpdateTimeInterval = 15 * time.Second // Or every 15 seconds, whichever comes first -) - -// Global FingerprintManager for dynamic User-Agent generation per token -// Each token gets a unique fingerprint on first use, which is cached for subsequent requests -var ( - globalFingerprintManager *kiroauth.FingerprintManager - globalFingerprintManagerOnce sync.Once -) - -// getGlobalFingerprintManager returns the global FingerprintManager instance -func getGlobalFingerprintManager() *kiroauth.FingerprintManager { - globalFingerprintManagerOnce.Do(func() { - globalFingerprintManager = kiroauth.NewFingerprintManager() - log.Infof("kiro: initialized global FingerprintManager for dynamic UA generation") - }) - return globalFingerprintManager -} - -// retryConfig holds configuration for socket retry logic. -// Based on kiro2Api Python implementation patterns. -type retryConfig struct { - MaxRetries int // Maximum number of retry attempts - BaseDelay time.Duration // Base delay between retries (exponential backoff) - MaxDelay time.Duration // Maximum delay cap - RetryableErrors []string // List of retryable error patterns - RetryableStatus map[int]bool // HTTP status codes to retry - FirstTokenTmout time.Duration // Timeout for first token in streaming - StreamReadTmout time.Duration // Timeout between stream chunks -} - -// defaultRetryConfig returns the default retry configuration for Kiro socket operations. -func defaultRetryConfig() retryConfig { - return retryConfig{ - MaxRetries: kiroSocketMaxRetries, - BaseDelay: kiroSocketBaseRetryDelay, - MaxDelay: kiroSocketMaxRetryDelay, - RetryableStatus: retryableHTTPStatusCodes, - RetryableErrors: []string{ - "connection reset", - "connection refused", - "broken pipe", - "EOF", - "timeout", - "temporary failure", - "no such host", - "network is unreachable", - "i/o timeout", - }, - FirstTokenTmout: kiroFirstTokenTimeout, - StreamReadTmout: kiroStreamingReadTimeout, - } -} - -// isRetryableError checks if an error is retryable based on error type and message. -// Returns true for network timeouts, connection resets, and temporary failures. -// Based on kiro2Api's retry logic patterns. -func isRetryableError(err error) bool { - if err == nil { - return false - } - - // Check for context cancellation - not retryable - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - return false - } - - // Check for net.Error (timeout, temporary) - var netErr net.Error - if errors.As(err, &netErr) { - if netErr.Timeout() { - log.Debugf("kiro: isRetryableError: network timeout detected") - return true - } - // Note: Temporary() is deprecated but still useful for some error types - } - - // Check for specific syscall errors (connection reset, broken pipe, etc.) - var syscallErr syscall.Errno - if errors.As(err, &syscallErr) { - switch syscallErr { - case syscall.ECONNRESET: // Connection reset by peer - log.Debugf("kiro: isRetryableError: ECONNRESET detected") - return true - case syscall.ECONNREFUSED: // Connection refused - log.Debugf("kiro: isRetryableError: ECONNREFUSED detected") - return true - case syscall.EPIPE: // Broken pipe - log.Debugf("kiro: isRetryableError: EPIPE (broken pipe) detected") - return true - case syscall.ETIMEDOUT: // Connection timed out - log.Debugf("kiro: isRetryableError: ETIMEDOUT detected") - return true - case syscall.ENETUNREACH: // Network is unreachable - log.Debugf("kiro: isRetryableError: ENETUNREACH detected") - return true - case syscall.EHOSTUNREACH: // No route to host - log.Debugf("kiro: isRetryableError: EHOSTUNREACH detected") - return true - } - } - - // Check for net.OpError wrapping other errors - var opErr *net.OpError - if errors.As(err, &opErr) { - log.Debugf("kiro: isRetryableError: net.OpError detected, op=%s", opErr.Op) - // Recursively check the wrapped error - if opErr.Err != nil { - return isRetryableError(opErr.Err) - } - return true - } - - // Check error message for retryable patterns - errMsg := strings.ToLower(err.Error()) - cfg := defaultRetryConfig() - for _, pattern := range cfg.RetryableErrors { - if strings.Contains(errMsg, pattern) { - log.Debugf("kiro: isRetryableError: pattern '%s' matched in error: %s", pattern, errMsg) - return true - } - } - - // Check for EOF which may indicate connection was closed - if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { - log.Debugf("kiro: isRetryableError: EOF/UnexpectedEOF detected") - return true - } - - return false -} - -// isRetryableHTTPStatus checks if an HTTP status code is retryable. -// Based on kiro2Api: 502, 503, 504 are retryable server errors. -func isRetryableHTTPStatus(statusCode int) bool { - return retryableHTTPStatusCodes[statusCode] -} - -// calculateRetryDelay calculates the delay for the next retry attempt using exponential backoff. -// delay = min(baseDelay * 2^attempt, maxDelay) -// Adds ±30% jitter to prevent thundering herd. -func calculateRetryDelay(attempt int, cfg retryConfig) time.Duration { - return kiroauth.ExponentialBackoffWithJitter(attempt, cfg.BaseDelay, cfg.MaxDelay) -} - -// logRetryAttempt logs a retry attempt with relevant context. -func logRetryAttempt(attempt, maxRetries int, reason string, delay time.Duration, endpoint string) { - log.Warnf("kiro: retry attempt %d/%d for %s, waiting %v before next attempt (endpoint: %s)", - attempt+1, maxRetries, reason, delay, endpoint) -} - -// kiroHTTPClientPool provides a shared HTTP client with connection pooling for Kiro API. -// This reduces connection overhead and improves performance for concurrent requests. -// Based on kiro2Api's connection pooling pattern. -var ( - kiroHTTPClientPool *http.Client - kiroHTTPClientPoolOnce sync.Once -) - -// getKiroPooledHTTPClient returns a shared HTTP client with optimized connection pooling. -// The client is lazily initialized on first use and reused across requests. -// This is especially beneficial for: -// - Reducing TCP handshake overhead -// - Enabling HTTP/2 multiplexing -// - Better handling of keep-alive connections -func getKiroPooledHTTPClient() *http.Client { - kiroHTTPClientPoolOnce.Do(func() { - transport := &http.Transport{ - // Connection pool settings - MaxIdleConns: 100, // Max idle connections across all hosts - MaxIdleConnsPerHost: 20, // Max idle connections per host - MaxConnsPerHost: 50, // Max total connections per host - IdleConnTimeout: 90 * time.Second, // How long idle connections stay in pool - - // Timeouts for connection establishment - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, // TCP connection timeout - KeepAlive: 30 * time.Second, // TCP keep-alive interval - }).DialContext, - - // TLS handshake timeout - TLSHandshakeTimeout: 10 * time.Second, - - // Response header timeout - ResponseHeaderTimeout: 30 * time.Second, - - // Expect 100-continue timeout - ExpectContinueTimeout: 1 * time.Second, - - // Enable HTTP/2 when available - ForceAttemptHTTP2: true, - } - - kiroHTTPClientPool = &http.Client{ - Transport: transport, - // No global timeout - let individual requests set their own timeouts via context - } - - log.Debugf("kiro: initialized pooled HTTP client (MaxIdleConns=%d, MaxIdleConnsPerHost=%d, MaxConnsPerHost=%d)", - transport.MaxIdleConns, transport.MaxIdleConnsPerHost, transport.MaxConnsPerHost) - }) - - return kiroHTTPClientPool -} - -// newKiroHTTPClientWithPooling creates an HTTP client that uses connection pooling when appropriate. -// It respects proxy configuration from auth or config, falling back to the pooled client. -// This provides the best of both worlds: custom proxy support + connection reuse. -func newKiroHTTPClientWithPooling(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - // Check if a proxy is configured - if so, we need a custom client - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // If proxy is configured, use the existing proxy-aware client (doesn't pool) - if proxyURL != "" { - log.Debugf("kiro: using proxy-aware HTTP client (proxy=%s)", proxyURL) - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) - } - - // No proxy - use pooled client for better performance - pooledClient := getKiroPooledHTTPClient() - - // If timeout is specified, we need to wrap the pooled transport with timeout - if timeout > 0 { - return &http.Client{ - Transport: pooledClient.Transport, - Timeout: timeout, - } - } - - return pooledClient -} - -// kiroEndpointConfig bundles endpoint URL with its compatible Origin and AmzTarget values. -// This solves the "triple mismatch" problem where different endpoints require matching -// Origin and X-Amz-Target header values. -// -// Based on reference implementations: -// - amq2api-main: Uses Amazon Q endpoint with CLI origin and AmazonQDeveloperStreamingService target -// - AIClient-2-API: Uses CodeWhisperer endpoint with AI_EDITOR origin and AmazonCodeWhispererStreamingService target -type kiroEndpointConfig struct { - URL string // Endpoint URL - Origin string // Request Origin: "CLI" for Amazon Q quota, "AI_EDITOR" for Kiro IDE quota - AmzTarget string // X-Amz-Target header value - Name string // Endpoint name for logging -} - -// kiroDefaultRegion is the default AWS region for Kiro API endpoints. -// Used when no region is specified in auth metadata. -const kiroDefaultRegion = "us-east-1" - -// extractRegionFromProfileARN extracts the AWS region from a ProfileARN. -// ARN format: arn:aws:codewhisperer:REGION:ACCOUNT:profile/PROFILE_ID -// Returns empty string if region cannot be extracted. -func extractRegionFromProfileARN(profileArn string) string { - if profileArn == "" { - return "" - } - parts := strings.Split(profileArn, ":") - if len(parts) >= 4 && parts[3] != "" { - return parts[3] - } - return "" -} - -// buildKiroEndpointConfigs creates endpoint configurations for the specified region. -// This enables dynamic region support for Enterprise/IdC users in non-us-east-1 regions. -// -// Uses Q endpoint (q.{region}.amazonaws.com) as primary for ALL auth types: -// - Works universally across all AWS regions (CodeWhisperer endpoint only exists in us-east-1) -// - Uses /generateAssistantResponse path with AI_EDITOR origin -// - Does NOT require X-Amz-Target header -// -// The AmzTarget field is kept for backward compatibility but should be empty -// to indicate that the header should NOT be set. -func buildKiroEndpointConfigs(region string) []kiroEndpointConfig { - if region == "" { - region = kiroDefaultRegion - } - return []kiroEndpointConfig{ - { - // Primary: Q endpoint - works for all regions and auth types - URL: fmt.Sprintf("https://q.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "", // Empty = don't set X-Amz-Target header - Name: "AmazonQ", - }, - { - // Fallback: CodeWhisperer endpoint (legacy, only works in us-east-1) - URL: fmt.Sprintf("https://codewhisperer.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "AmazonCodeWhispererStreamingService.GenerateAssistantResponse", - Name: "CodeWhisperer", - }, - } -} - -// resolveKiroAPIRegion determines the AWS region for Kiro API calls. -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func resolveKiroAPIRegion(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return kiroDefaultRegion - } - // Priority 1: Explicit api_region override - if r, ok := auth.Metadata["api_region"].(string); ok && r != "" { - log.Debugf("kiro: using region %s (source: api_region)", r) - return r - } - // Priority 2: Extract from ProfileARN - if profileArn, ok := auth.Metadata["profile_arn"].(string); ok && profileArn != "" { - if arnRegion := extractRegionFromProfileARN(profileArn); arnRegion != "" { - log.Debugf("kiro: using region %s (source: profile_arn)", arnRegion) - return arnRegion - } - } - // Note: OIDC "region" field is NOT used for API endpoint - // Kiro API only exists in us-east-1, while OIDC region can vary (e.g., ap-northeast-2) - // Using OIDC region for API calls causes DNS failures - log.Debugf("kiro: using region %s (source: default)", kiroDefaultRegion) - return kiroDefaultRegion -} - -// kiroEndpointConfigs is kept for backward compatibility with default us-east-1 region. -// Prefer using buildKiroEndpointConfigs(region) for dynamic region support. -var kiroEndpointConfigs = buildKiroEndpointConfigs(kiroDefaultRegion) - -// getKiroEndpointConfigs returns the list of Kiro API endpoint configurations to try in order. -// Supports dynamic region based on auth metadata "api_region", "profile_arn", or "region" field. -// Supports reordering based on "preferred_endpoint" in auth metadata/attributes. -// -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig { - if auth == nil { - return kiroEndpointConfigs - } - - // Determine API region using shared resolution logic - region := resolveKiroAPIRegion(auth) - - // Build endpoint configs for the specified region - endpointConfigs := buildKiroEndpointConfigs(region) - - // For IDC auth, use Q endpoint with AI_EDITOR origin - // IDC tokens work with Q endpoint using Bearer auth - // The difference is only in how tokens are refreshed (OIDC with clientId/clientSecret for IDC) - // NOT in how API calls are made - both Social and IDC use the same endpoint/origin - if auth.Metadata != nil { - authMethod, _ := auth.Metadata["auth_method"].(string) - if strings.ToLower(authMethod) == "idc" { - log.Debugf("kiro: IDC auth, using Q endpoint (region: %s)", region) - return endpointConfigs - } - } - - // Check for preference - var preference string - if auth.Metadata != nil { - if p, ok := auth.Metadata["preferred_endpoint"].(string); ok { - preference = p - } - } - // Check attributes as fallback (e.g. from HTTP headers) - if preference == "" && auth.Attributes != nil { - preference = auth.Attributes["preferred_endpoint"] - } - - if preference == "" { - return endpointConfigs - } - - preference = strings.ToLower(strings.TrimSpace(preference)) - - // Create new slice to avoid modifying global state - var sorted []kiroEndpointConfig - var remaining []kiroEndpointConfig - - for _, cfg := range endpointConfigs { - name := strings.ToLower(cfg.Name) - // Check for matches - // CodeWhisperer aliases: codewhisperer, ide - // AmazonQ aliases: amazonq, q, cli - isMatch := false - if (preference == "codewhisperer" || preference == "ide") && name == "codewhisperer" { - isMatch = true - } else if (preference == "amazonq" || preference == "q" || preference == "cli") && name == "amazonq" { - isMatch = true - } - - if isMatch { - sorted = append(sorted, cfg) - } else { - remaining = append(remaining, cfg) - } - } - - // If preference didn't match anything, return default - if len(sorted) == 0 { - return endpointConfigs - } - - // Combine: preferred first, then others - return append(sorted, remaining...) -} - -// KiroExecutor handles requests to AWS CodeWhisperer (Kiro) API. -type KiroExecutor struct { - cfg *config.Config - refreshMu sync.Mutex // Serializes token refresh operations to prevent race conditions -} - -// isIDCAuth checks if the auth uses IDC (Identity Center) authentication method. -func isIDCAuth(auth *cliproxyauth.Auth) bool { - if auth == nil || auth.Metadata == nil { - return false - } - authMethod, _ := auth.Metadata["auth_method"].(string) - return strings.ToLower(authMethod) == "idc" -} - -// buildKiroPayloadForFormat builds the Kiro API payload based on the source format. -// This is critical because OpenAI and Claude formats have different tool structures: -// - OpenAI: tools[].function.name, tools[].function.description -// - Claude: tools[].name, tools[].description -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// Returns the serialized JSON payload and a boolean indicating whether thinking mode was injected. -func buildKiroPayloadForFormat(body []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, sourceFormat sdktranslator.Format, headers http.Header) ([]byte, bool) { - switch sourceFormat.String() { - case "openai": - log.Debugf("kiro: using OpenAI payload builder for source format: %s", sourceFormat.String()) - return kiroopenai.BuildKiroPayloadFromOpenAI(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - case "kiro": - // Body is already in Kiro format — pass through directly - log.Debugf("kiro: body already in Kiro format, passing through directly") - return sanitizeKiroPayload(body), false - default: - // Default to Claude format - log.Debugf("kiro: using Claude payload builder for source format: %s", sourceFormat.String()) - return kiroclaude.BuildKiroPayload(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - } -} - -func sanitizeKiroPayload(body []byte) []byte { - var payload map[string]any - if err := json.Unmarshal(body, &payload); err != nil { - return body - } - if _, exists := payload["user"]; !exists { - return body - } - delete(payload, "user") - sanitized, err := json.Marshal(payload) - if err != nil { - return body - } - return sanitized -} - -// NewKiroExecutor creates a new Kiro executor instance. -func NewKiroExecutor(cfg *config.Config) *KiroExecutor { - return &KiroExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiroExecutor) Identifier() string { return "kiro" } - -// applyDynamicFingerprint applies token-specific fingerprint headers to the request -// For IDC auth, uses dynamic fingerprint-based User-Agent -// For other auth types, uses static Amazon Q CLI style headers -func applyDynamicFingerprint(req *http.Request, auth *cliproxyauth.Auth) { - if isIDCAuth(auth) { - // Get token-specific fingerprint for dynamic UA generation - tokenKey := getTokenKey(auth) - fp := getGlobalFingerprintManager().GetFingerprint(tokenKey) - - // Use fingerprint-generated dynamic User-Agent - req.Header.Set("User-Agent", fp.BuildUserAgent()) - req.Header.Set("X-Amz-User-Agent", fp.BuildAmzUserAgent()) - req.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - - log.Debugf("kiro: using dynamic fingerprint for token %s (SDK:%s, OS:%s/%s, Kiro:%s)", - tokenKey[:8]+"...", fp.SDKVersion, fp.OSType, fp.OSVersion, fp.KiroVersion) - } else { - // Use static Amazon Q CLI style headers for non-IDC auth - req.Header.Set("User-Agent", kiroUserAgent) - req.Header.Set("X-Amz-User-Agent", kiroFullUserAgent) - } -} - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiroExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiroCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(req, auth) - - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Kiro credentials into the request and executes it. -func (e *KiroExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kiro executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// getTokenKey returns a unique key for rate limiting based on auth credentials. -// Uses auth ID if available, otherwise falls back to a hash of the access token. -func getTokenKey(auth *cliproxyauth.Auth) string { - if auth != nil && auth.ID != "" { - return auth.ID - } - accessToken, _ := kiroCredentials(auth) - if len(accessToken) > 16 { - return accessToken[:16] - } - return accessToken -} - -func formatKiroCooldownError(remaining time.Duration, reason string) error { - base := fmt.Sprintf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - switch reason { - case kiroauth.CooldownReasonSuspended: - return fmt.Errorf("%s; account appears suspended upstream, re-auth this Kiro entry or switch auth index", base) - case kiroauth.CooldownReason429, kiroauth.CooldownReasonQuotaExhausted: - return fmt.Errorf("%s; quota/rate-limit cooldown active, tune quota-exceeded.switch-project or quota-exceeded.switch-preview-model", base) - default: - return errors.New(base) - } -} - -func formatKiroSuspendedStatusMessage(respBody []byte) string { - return "account suspended by upstream Kiro endpoint: " + string(respBody) + "; re-auth this Kiro entry or use another auth index" -} - -func isKiroSuspendedOrBannedResponse(respBody string) bool { - if strings.TrimSpace(respBody) == "" { - return false - } - lowerBody := strings.ToLower(respBody) - return strings.Contains(lowerBody, "temporarily_suspended") || - strings.Contains(lowerBody, "suspended") || - strings.Contains(lowerBody, "account_banned") || - strings.Contains(lowerBody, "account banned") || - strings.Contains(lowerBody, "banned") -} - -// Execute sends the request to Kiro API and returns the response. -// Supports automatic token refresh on 401/403 errors. -func (e *KiroExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return resp, formatKiroCooldownError(remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh), expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request (non-stream), routing to MCP endpoint") - return e.handleWebSearch(ctx, auth, req, opts, accessToken, profileArn) - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeWithRetry for each endpoint - resp, err = e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, to, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} - -// executeWithRetry performs the actual HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, body []byte, from, to sdktranslator.Format, reporter *usageReporter, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (cliproxyexecutor.Response, error) { - var resp cliproxyexecutor.Response - var kiroPayload []byte - var currentOrigin string - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first request (not on retries) - // This mimics natural user behavior patterns - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return resp, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 120*time.Second) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - // Check for context cancellation first - client disconnected, not a server error - // Use 499 (Client Closed Request - nginx convention) instead of 500 - if errors.Is(err, context.Canceled) { - log.Debugf("kiro: request canceled by client (context.Canceled)") - return resp, statusErr{code: 499, msg: "client canceled request"} - } - - // Check for context deadline exceeded - request timed out - // Return 504 Gateway Timeout instead of 500 - if errors.Is(err, context.DeadlineExceeded) { - log.Debugf("kiro: request timed out (context.DeadlineExceeded)") - return resp, statusErr{code: http.StatusGatewayTimeout, msg: "upstream request timed out"} - } - - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: server error %d after %d retries", httpResp.StatusCode, maxRetries) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro request error, status: 401, body: %s", summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - respBodyStr := string(respBody) - - // Check for suspended/banned status - return immediately without retry - if isKiroSuspendedOrBannedResponse(respBodyStr) { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return resp, statusErr{code: httpResp.StatusCode, msg: formatKiroSuspendedStatusMessage(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro request error, status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - content, toolUses, usageInfo, stopReason, err := e.parseEventStream(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - - // Fallback for usage if missing from upstream - - // 1. Estimate InputTokens if missing - if usageInfo.InputTokens == 0 { - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if inp, countErr := countOpenAIChatTokens(enc, opts.OriginalRequest); countErr == nil { - usageInfo.InputTokens = inp - } - } - } - - // 2. Estimate OutputTokens if missing and content is available - if usageInfo.OutputTokens == 0 && len(content) > 0 { - // Use tiktoken for more accurate output token calculation - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if tokenCount, countErr := enc.Count(content); countErr == nil { - usageInfo.OutputTokens = int64(tokenCount) - } - } - // Fallback to character count estimation if tiktoken fails - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = int64(len(content) / 4) - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = 1 - } - } - } - - // 3. Update TotalTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - appendAPIResponseChunk(ctx, e.cfg, []byte(content)) - reporter.publish(ctx, usageInfo) - - // Record success for rate limiting - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: request successful, token %s marked as success", tokenKey) - - // Build response in Claude format for Kiro translator - // stopReason is extracted from upstream response by parseEventStream - requestedModel := payloadRequestedModel(opts, req.Model) - kiroResponse := kiroclaude.BuildClaudeResponse(content, toolUses, requestedModel, usageInfo, stopReason) - out := sdktranslator.TranslateNonStream(ctx, to, from, requestedModel, bytes.Clone(opts.OriginalRequest), body, kiroResponse, nil) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return resp, last429Err - } - return resp, fmt.Errorf("kiro: all endpoints exhausted") -} - -// ExecuteStream handles streaming requests to Kiro API. -// Supports automatic token refresh on 401/403 errors and quota fallback on 429. -func (e *KiroExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return nil, formatKiroCooldownError(remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: stream waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: stream rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery before stream request") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh) for stream, expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh for stream", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before stream request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request, routing to MCP endpoint") - streamWebSearch, errWebSearch := e.handleWebSearchStream(ctx, auth, req, opts, accessToken, profileArn) - if errWebSearch != nil { - return nil, errWebSearch - } - return &cliproxyexecutor.StreamResult{Chunks: streamWebSearch}, nil - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute stream with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeStreamWithRetry for each endpoint - streamKiro, errStreamKiro := e.executeStreamWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey) - if errStreamKiro != nil { - return nil, errStreamKiro - } - return &cliproxyexecutor.StreamResult{Chunks: streamKiro}, nil -} - -// executeStreamWithRetry performs the streaming HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeStreamWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, body []byte, from sdktranslator.Format, reporter *usageReporter, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (<-chan cliproxyexecutor.StreamChunk, error) { - var currentOrigin string - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, thinkingEnabled := buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: stream trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first streaming request (not on retries) - // This mimics natural user behavior patterns - // Note: Delay is NOT applied during streaming response - only before initial request - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return nil, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry for streaming: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: stream rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: stream %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: stream server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: stream server error %d after %d retries", httpResp.StatusCode, maxRetries) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 400 errors - Credential/Validation issues - // Do NOT switch endpoints - return error immediately - if httpResp.StatusCode == 400 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 400 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // 400 errors indicate request validation issues - return immediately without retry - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying stream request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro stream error, status: 401, body: %s", string(respBody)) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: stream received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, string(respBody)) - - respBodyStr := string(respBody) - - // Check for suspended/banned status - return immediately without retry - if isKiroSuspendedOrBannedResponse(respBodyStr) { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: stream account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return nil, statusErr{code: httpResp.StatusCode, msg: formatKiroSuspendedStatusMessage(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying stream request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro stream error, status: %d, body: %s", httpResp.StatusCode, string(b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - - // Record success immediately since connection was established successfully - // Streaming errors will be handled separately - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: stream request successful, token %s marked as success", tokenKey) - - go func(resp *http.Response, thinkingEnabled bool) { - defer close(out) - defer func() { - if r := recover(); r != nil { - log.Errorf("kiro: panic in stream handler: %v", r) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("internal error: %v", r)} - } - }() - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // Kiro API always returns tags regardless of request parameters - // So we always enable thinking parsing for Kiro responses - log.Debugf("kiro: stream thinkingEnabled = %v (always true for Kiro)", thinkingEnabled) - - e.streamToChannel(ctx, resp.Body, out, from, payloadRequestedModel(opts, req.Model), opts.OriginalRequest, body, reporter, thinkingEnabled) - }(httpResp, thinkingEnabled) - - return out, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return nil, last429Err - } - return nil, fmt.Errorf("kiro: stream all endpoints exhausted") -} - -// kiroCredentials extracts access token and profile ARN from auth. -func kiroCredentials(auth *cliproxyauth.Auth) (accessToken, profileArn string) { - if auth == nil { - return "", "" - } - - // Try Metadata first (wrapper format) - if auth.Metadata != nil { - if token, ok := auth.Metadata["access_token"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profile_arn"].(string); ok { - profileArn = arn - } - } - - // Try Attributes - if accessToken == "" && auth.Attributes != nil { - accessToken = auth.Attributes["access_token"] - profileArn = auth.Attributes["profile_arn"] - } - - // Try direct fields from flat JSON format (new AWS Builder ID format) - if accessToken == "" && auth.Metadata != nil { - if token, ok := auth.Metadata["accessToken"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profileArn"].(string); ok { - profileArn = arn - } - } - - return accessToken, profileArn -} - -// findRealThinkingEndTag finds the real end tag, skipping false positives. -// Returns -1 if no real end tag is found. -// -// Real tags from Kiro API have specific characteristics: -// - Usually preceded by newline (.\n) -// - Usually followed by newline (\n\n) -// - Not inside code blocks or inline code -// -// False positives (discussion text) have characteristics: -// - In the middle of a sentence -// - Preceded by discussion words like "标签", "tag", "returns" -// - Inside code blocks or inline code -// -// Parameters: -// - content: the content to search in -// - alreadyInCodeBlock: whether we're already inside a code block from previous chunks -// - alreadyInInlineCode: whether we're already inside inline code from previous chunks - -// determineAgenticMode determines if the model is an agentic or chat-only variant. -// Returns (isAgentic, isChatOnly) based on model name suffixes. -func determineAgenticMode(model string) (isAgentic, isChatOnly bool) { - isAgentic = strings.HasSuffix(model, "-agentic") - isChatOnly = strings.HasSuffix(model, "-chat") - return isAgentic, isChatOnly -} - -// getEffectiveProfileArnWithWarning determines if profileArn should be included based on auth method, -// and logs a warning if profileArn is missing for non-builder-id auth. -// This consolidates the auth_method check that was previously done separately. -// -// AWS SSO OIDC (Builder ID/IDC) users don't need profileArn - sending it causes 403 errors. -// Only Kiro Desktop (social auth like Google/GitHub) users need profileArn. -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) -func getEffectiveProfileArnWithWarning(auth *cliproxyauth.Auth, profileArn string) string { - if auth != nil && auth.Metadata != nil { - // Check 1: auth_method field (from CLIProxyAPI tokens) - if authMethod, ok := auth.Metadata["auth_method"].(string); ok && (authMethod == "builder-id" || authMethod == "idc") { - return "" - } - // Check 2: auth_type field (from kiro-cli tokens) - if authType, ok := auth.Metadata["auth_type"].(string); ok && authType == "aws_sso_oidc" { - return "" - } - // Check 3: client_id + client_secret presence (AWS SSO OIDC signature, like kiro-openai-gateway) - _, hasClientID := auth.Metadata["client_id"].(string) - _, hasClientSecret := auth.Metadata["client_secret"].(string) - if hasClientID && hasClientSecret { - return "" - } - } - // For social auth (Kiro Desktop), profileArn is required. - if profileArn == "" { - log.Warnf("kiro: profile ARN not found in auth, API calls may fail") - } - return profileArn -} - -func (e *KiroExecutor) mapModelToKiro(model string) string { - modelMap := map[string]string{ - // Amazon Q format (amazonq- prefix) - same API as Kiro - "amazonq-auto": "auto", - "amazonq-claude-opus-4-6": "claude-opus-4.6", - "amazonq-claude-sonnet-4-6": "claude-sonnet-4.6", - "amazonq-claude-opus-4-5": "claude-opus-4.5", - "amazonq-claude-sonnet-4-5": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4": "claude-sonnet-4", - "amazonq-claude-sonnet-4-20250514": "claude-sonnet-4", - "amazonq-claude-haiku-4-5": "claude-haiku-4.5", - // Kiro format (kiro- prefix) - valid model names that should be preserved - "kiro-claude-opus-4-6": "claude-opus-4.6", - "kiro-claude-sonnet-4-6": "claude-sonnet-4.6", - "kiro-claude-opus-4-5": "claude-opus-4.5", - "kiro-claude-sonnet-4-5": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "kiro-claude-sonnet-4": "claude-sonnet-4", - "kiro-claude-sonnet-4-20250514": "claude-sonnet-4", - "kiro-claude-haiku-4-5": "claude-haiku-4.5", - "kiro-auto": "auto", - // Native format (no prefix) - used by Kiro IDE directly - "claude-opus-4-6": "claude-opus-4.6", - "claude-opus-4.6": "claude-opus-4.6", - "claude-sonnet-4-6": "claude-sonnet-4.6", - "claude-sonnet-4.6": "claude-sonnet-4.6", - "claude-opus-4-5": "claude-opus-4.5", - "claude-opus-4.5": "claude-opus-4.5", - "claude-haiku-4-5": "claude-haiku-4.5", - "claude-haiku-4.5": "claude-haiku-4.5", - "claude-sonnet-4-5": "claude-sonnet-4.5", - "claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "claude-sonnet-4.5": "claude-sonnet-4.5", - "claude-sonnet-4": "claude-sonnet-4", - "claude-sonnet-4-20250514": "claude-sonnet-4", - "auto": "auto", - // Agentic variants (same backend model IDs, but with special system prompt) - "claude-opus-4.6-agentic": "claude-opus-4.6", - "claude-sonnet-4.6-agentic": "claude-sonnet-4.6", - "claude-opus-4.5-agentic": "claude-opus-4.5", - "claude-sonnet-4.5-agentic": "claude-sonnet-4.5", - "claude-sonnet-4-agentic": "claude-sonnet-4", - "claude-haiku-4.5-agentic": "claude-haiku-4.5", - "kiro-claude-opus-4-6-agentic": "claude-opus-4.6", - "kiro-claude-sonnet-4-6-agentic": "claude-sonnet-4.6", - "kiro-claude-opus-4-5-agentic": "claude-opus-4.5", - "kiro-claude-sonnet-4-5-agentic": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-agentic": "claude-sonnet-4", - "kiro-claude-haiku-4-5-agentic": "claude-haiku-4.5", - } - if kiroID, ok := modelMap[model]; ok { - return kiroID - } - - // Smart fallback: try to infer model type from name patterns - modelLower := strings.ToLower(model) - - // Check for Haiku variants - if strings.Contains(modelLower, "haiku") { - log.Debugf("kiro: unknown Haiku model '%s', mapping to claude-haiku-4.5", model) - return "claude-haiku-4.5" - } - - // Check for Sonnet variants - if strings.Contains(modelLower, "sonnet") { - // Check for specific version patterns - if strings.Contains(modelLower, "3-7") || strings.Contains(modelLower, "3.7") { - log.Debugf("kiro: unknown Sonnet 3.7 model '%s', mapping to claude-3-7-sonnet-20250219", model) - return "claude-3-7-sonnet-20250219" - } - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debugf("kiro: unknown Sonnet 4.6 model '%s', mapping to claude-sonnet-4.6", model) - return "claude-sonnet-4.6" - } - if strings.Contains(modelLower, "4-5") || strings.Contains(modelLower, "4.5") { - log.Debugf("kiro: unknown Sonnet 4.5 model '%s', mapping to claude-sonnet-4.5", model) - return "claude-sonnet-4.5" - } - // Default to Sonnet 4 - log.Debugf("kiro: unknown Sonnet model '%s', mapping to claude-sonnet-4", model) - return "claude-sonnet-4" - } - - // Check for Opus variants - if strings.Contains(modelLower, "opus") { - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debugf("kiro: unknown Opus 4.6 model '%s', mapping to claude-opus-4.6", model) - return "claude-opus-4.6" - } - log.Debugf("kiro: unknown Opus model '%s', mapping to claude-opus-4.5", model) - return "claude-opus-4.5" - } - - // Final fallback to Sonnet 4.5 (most commonly used model) - log.Warnf("kiro: unknown model '%s', falling back to claude-sonnet-4.5", model) - return "claude-sonnet-4.5" -} - -// EventStreamError represents an Event Stream processing error -type EventStreamError struct { - Type string // "fatal", "malformed" - Message string - Cause error -} - -func (e *EventStreamError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("event stream %s: %s: %v", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("event stream %s: %s", e.Type, e.Message) -} - -// eventStreamMessage represents a parsed AWS Event Stream message -type eventStreamMessage struct { - EventType string // Event type from headers (e.g., "assistantResponseEvent") - Payload []byte // JSON payload of the message -} - -// NOTE: Request building functions moved to pkg/llmproxy/translator/kiro/claude/kiro_claude_request.go -// The executor now uses kiroclaude.BuildKiroPayload() instead - -// parseEventStream parses AWS Event Stream binary format. -// Extracts text content, tool uses, and stop_reason from the response. -// Supports embedded [Called ...] tool calls and input buffering for toolUseEvent. -// Returns: content, toolUses, usageInfo, stopReason, error -func (e *KiroExecutor) parseEventStream(body io.Reader) (string, []kiroclaude.KiroToolUse, usage.Detail, string, error) { - var content strings.Builder - var toolUses []kiroclaude.KiroToolUse - var usageInfo usage.Detail - var stopReason string // Extracted from upstream response - reader := bufio.NewReader(body) - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - - for { - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - log.Errorf("kiro: parseEventStream error: %v", eventErr) - return content.String(), toolUses, usageInfo, stopReason, eventErr - } - if msg == nil { - // Normal end of stream (EOF) - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Debugf("kiro: skipping malformed event: %v", err) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in event stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s - %s", errType, errMsg) - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s", errMsg) - } - - // Extract stop_reason from various event formats - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason (top-level): %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason (top-level): %s", stopReason) - } - - // Handle different event types - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: parseEventStream ignoring followupPrompt event") - continue - - case "assistantResponseEvent": - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if contentText, ok := assistantResp["content"].(string); ok { - content.WriteString(contentText) - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in assistantResponseEvent: %s", stopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in assistantResponseEvent: %s", stopReason) - } - // Extract tool uses from response - if toolUsesRaw, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use from assistantResponse: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - } - // Also try direct format - if contentText, ok := event["content"].(string); ok { - content.WriteString(contentText) - } - // Direct tool uses - if toolUsesRaw, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate direct tool use: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - toolUses = append(toolUses, completedToolUses...) - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in messageStopEvent: %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in messageStopEvent: %s", stopReason) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Infof("kiro: parseEventStream found precise outputTokens in tokenUsage: %d", usageInfo.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Infof("kiro: parseEventStream found precise totalTokens in tokenUsage: %d", usageInfo.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - usageInfo.InputTokens = int64(uncachedInputTokens) - log.Infof("kiro: parseEventStream found uncachedInputTokens in tokenUsage: %d", usageInfo.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if usageInfo.InputTokens > 0 { - usageInfo.InputTokens += int64(cacheReadTokens) - } else { - usageInfo.InputTokens = int64(cacheReadTokens) - } - log.Debugf("kiro: parseEventStream found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in messageMetadataEvent: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in messageMetadataEvent: %d", usageInfo.OutputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in messageMetadataEvent: %d", usageInfo.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in usageEvent: %d", usageInfo.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in usageEvent: %d", usageInfo.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in usageEvent: %d", usageInfo.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: parseEventStream found usage object: input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: parseEventStream found metricsEvent: input=%d, output=%d", - usageInfo.InputTokens, usageInfo.OutputTokens) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - log.Infof("kiro: parseEventStream received meteringEvent: usage=%.2f %s", usageVal, unit) - // Store metering info for potential billing/statistics purposes - // Note: This is separate from token counts - it's AWS billing units - } else { - // Try direct fields - unit := "" - if u, ok := event["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := event["usage"].(float64); ok { - usageVal = u - } - if unit != "" || usageVal > 0 { - log.Infof("kiro: parseEventStream received meteringEvent (direct): usage=%.2f %s", usageVal, unit) - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException", "invalidStateEvent": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } - - // Check for specific error reasons - if reason, ok := event["reason"].(string); ok { - errMsg = fmt.Sprintf("%s (reason: %s)", errMsg, reason) - } - - log.Errorf("kiro: parseEventStream received error event: type=%s, message=%s", errType, errMsg) - - // For invalidStateEvent, we may want to continue processing other events - if eventType == "invalidStateEvent" { - log.Warnf("kiro: invalidStateEvent received, continuing stream processing") - continue - } - - // For other errors, return the error - if errMsg != "" { - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error (%s): %s", errType, errMsg) - } - - default: - // Check for contextUsagePercentage in any event - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received context usage: %.2f%%", upstreamContextPercentage) - } - // Log unknown event types for debugging (to discover new event formats) - log.Debugf("kiro: parseEventStream unknown event type: %s, payload: %s", eventType, string(payload)) - } - - // Check for direct token fields in any event (fallback) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found direct inputTokens: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found direct outputTokens: %d", usageInfo.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if usageInfo.InputTokens == 0 || usageInfo.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if usageInfo.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: parseEventStream found usage object (fallback): input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - } - - // Also check nested supplementaryWebLinksEvent - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - } - - // Parse embedded tool calls from content (e.g., [Called tool_name with args: {...}]) - contentStr := content.String() - cleanedContent, embeddedToolUses := kiroclaude.ParseEmbeddedToolCalls(contentStr, processedIDs) - toolUses = append(toolUses, embeddedToolUses...) - - // Deduplicate all tool uses - toolUses = kiroclaude.DeduplicateToolUses(toolUses) - - // Apply fallback logic for stop_reason if not provided by upstream - // Priority: upstream stopReason > tool_use detection > end_turn default - if stopReason == "" { - if len(toolUses) > 0 { - stopReason = "tool_use" - log.Debugf("kiro: parseEventStream using fallback stop_reason: tool_use (detected %d tool uses)", len(toolUses)) - } else { - stopReason = "end_turn" - log.Debugf("kiro: parseEventStream using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit") - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - if upstreamContextPercentage > 0 { - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - if calculatedInputTokens > 0 { - localEstimate := usageInfo.InputTokens - usageInfo.InputTokens = calculatedInputTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - log.Infof("kiro: parseEventStream using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - return cleanedContent, toolUses, usageInfo, stopReason, nil -} - -// readEventStreamMessage reads and validates a single AWS Event Stream message. -// Returns the parsed message or a structured error for different failure modes. -// This function implements boundary protection and detailed error classification. -// -// AWS Event Stream binary format: -// - Prelude (12 bytes): total_length (4) + headers_length (4) + prelude_crc (4) -// - Headers (variable): header entries -// - Payload (variable): JSON data -// - Message CRC (4 bytes): CRC32C of entire message (not validated, just skipped) -func (e *KiroExecutor) readEventStreamMessage(reader *bufio.Reader) (*eventStreamMessage, *EventStreamError) { - // Read prelude (first 12 bytes: total_len + headers_len + prelude_crc) - prelude := make([]byte, 12) - _, err := io.ReadFull(reader, prelude) - if err == io.EOF { - return nil, nil // Normal end of stream - } - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read prelude", - Cause: err, - } - } - - totalLength := binary.BigEndian.Uint32(prelude[0:4]) - headersLength := binary.BigEndian.Uint32(prelude[4:8]) - // Note: prelude[8:12] is prelude_crc - we read it but don't validate (no CRC check per requirements) - - // Boundary check: minimum frame size - if totalLength < minEventStreamFrameSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("invalid message length: %d (minimum is %d)", totalLength, minEventStreamFrameSize), - } - } - - // Boundary check: maximum message size - if totalLength > maxEventStreamMsgSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("message too large: %d bytes (maximum is %d)", totalLength, maxEventStreamMsgSize), - } - } - - // Boundary check: headers length within message bounds - // Message structure: prelude(12) + headers(headersLength) + payload + message_crc(4) - // So: headersLength must be <= totalLength - 16 (12 for prelude + 4 for message_crc) - if headersLength > totalLength-16 { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("headers length %d exceeds message bounds (total: %d)", headersLength, totalLength), - } - } - - // Read the rest of the message (total - 12 bytes already read) - remaining := make([]byte, totalLength-12) - _, err = io.ReadFull(reader, remaining) - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read message body", - Cause: err, - } - } - - // Extract event type from headers - // Headers start at beginning of 'remaining', length is headersLength - var eventType string - if headersLength > 0 && headersLength <= uint32(len(remaining)) { - eventType = e.extractEventTypeFromBytes(remaining[:headersLength]) - } - - // Calculate payload boundaries - // Payload starts after headers, ends before message_crc (last 4 bytes) - payloadStart := headersLength - payloadEnd := uint32(len(remaining)) - 4 // Skip message_crc at end - - // Validate payload boundaries - if payloadStart >= payloadEnd { - // No payload, return empty message - return &eventStreamMessage{ - EventType: eventType, - Payload: nil, - }, nil - } - - payload := remaining[payloadStart:payloadEnd] - - return &eventStreamMessage{ - EventType: eventType, - Payload: payload, - }, nil -} - -func skipEventStreamHeaderValue(headers []byte, offset int, valueType byte) (int, bool) { - switch valueType { - case 0, 1: // bool true / bool false - return offset, true - case 2: // byte - if offset+1 > len(headers) { - return offset, false - } - return offset + 1, true - case 3: // short - if offset+2 > len(headers) { - return offset, false - } - return offset + 2, true - case 4: // int - if offset+4 > len(headers) { - return offset, false - } - return offset + 4, true - case 5: // long - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 6: // byte array (2-byte length + data) - if offset+2 > len(headers) { - return offset, false - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - return offset, false - } - return offset + valueLen, true - case 8: // timestamp - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 9: // uuid - if offset+16 > len(headers) { - return offset, false - } - return offset + 16, true - default: - return offset, false - } -} - -// extractEventTypeFromBytes extracts the event type from raw header bytes (without prelude CRC prefix) -func (e *KiroExecutor) extractEventTypeFromBytes(headers []byte) string { - offset := 0 - for offset < len(headers) { - nameLen := int(headers[offset]) - offset++ - if offset+nameLen > len(headers) { - break - } - name := string(headers[offset : offset+nameLen]) - offset += nameLen - - if offset >= len(headers) { - break - } - valueType := headers[offset] - offset++ - - if valueType == 7 { // String type - if offset+2 > len(headers) { - break - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - break - } - value := string(headers[offset : offset+valueLen]) - offset += valueLen - - if name == ":event-type" { - return value - } - continue - } - - nextOffset, ok := skipEventStreamHeaderValue(headers, offset, valueType) - if !ok { - break - } - offset = nextOffset - } - return "" -} - -// NOTE: Response building functions moved to pkg/llmproxy/translator/kiro/claude/kiro_claude_response.go -// The executor now uses kiroclaude.BuildClaudeResponse() and kiroclaude.ExtractThinkingFromContent() instead - -// streamToChannel converts AWS Event Stream to channel-based streaming. -// Supports tool calling - emits tool_use content blocks when tools are used. -// Includes embedded [Called ...] tool call parsing and input buffering for toolUseEvent. -// Implements duplicate content filtering using lastContentEvent detection (based on AIClient-2-API). -// Extracts stop_reason from upstream events when available. -// thinkingEnabled controls whether tags are parsed - only parse when request enabled thinking. -func (e *KiroExecutor) streamToChannel(ctx context.Context, body io.Reader, out chan<- cliproxyexecutor.StreamChunk, targetFormat sdktranslator.Format, model string, originalReq, claudeBody []byte, reporter *usageReporter, thinkingEnabled bool) { - reader := bufio.NewReaderSize(body, 20*1024*1024) // 20MB buffer to match other providers - var totalUsage usage.Detail - var hasToolUses bool // Track if any tool uses were emitted - var hasTruncatedTools bool // Track if any tool uses were truncated - var upstreamStopReason string // Track stop_reason from upstream events - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // NOTE: Duplicate content filtering removed - it was causing legitimate repeated - // content (like consecutive newlines) to be incorrectly filtered out. - // The previous implementation compared lastContentEvent == contentDelta which - // is too aggressive for streaming scenarios. - - // Streaming token calculation - accumulate content for real-time token counting - // Based on AIClient-2-API implementation - var accumulatedContent strings.Builder - accumulatedContent.Grow(4096) // Pre-allocate 4KB capacity to reduce reallocations - - // Real-time usage estimation state - // These track when to send periodic usage updates during streaming - var lastUsageUpdateLen int // Last accumulated content length when usage was sent - var lastUsageUpdateTime = time.Now() // Last time usage update was sent - var lastReportedOutputTokens int64 // Last reported output token count - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamCreditUsage float64 // Credit usage from upstream (e.g., 1.458) - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - var hasUpstreamUsage bool // Whether we received usage from upstream - - // Translator param for maintaining tool call state across streaming events - // IMPORTANT: This must persist across all TranslateStream calls - var translatorParam any - - // Thinking mode state tracking - tag-based parsing for tags in content - inThinkBlock := false // Whether we're currently inside a block - isThinkingBlockOpen := false // Track if thinking content block SSE event is open - thinkingBlockIndex := -1 // Index of the thinking content block - var accumulatedThinkingContent strings.Builder // Accumulate thinking content for token counting - - // Buffer for handling partial tag matches at chunk boundaries - var pendingContent strings.Builder // Buffer content that might be part of a tag - - // Pre-calculate input tokens from request if possible - // Kiro uses Claude format, so try Claude format first, then OpenAI format, then fallback - if enc, err := getTokenizer(model); err == nil { - var inputTokens int64 - var countMethod string - - // Try Claude format first (Kiro uses Claude API format) - if inp, err := countClaudeChatTokens(enc, claudeBody); err == nil && inp > 0 { - inputTokens = inp - countMethod = "claude" - } else if inp, err := countOpenAIChatTokens(enc, originalReq); err == nil && inp > 0 { - // Fallback to OpenAI format (for OpenAI-compatible requests) - inputTokens = inp - countMethod = "openai" - } else { - // Final fallback: estimate from raw request size (roughly 4 chars per token) - inputTokens = int64(len(claudeBody) / 4) - if inputTokens == 0 && len(claudeBody) > 0 { - inputTokens = 1 - } - countMethod = "estimate" - } - - totalUsage.InputTokens = inputTokens - log.Debugf("kiro: streamToChannel pre-calculated input tokens: %d (method: %s, claude body: %d bytes, original req: %d bytes)", - totalUsage.InputTokens, countMethod, len(claudeBody), len(originalReq)) - } - - contentBlockIndex := -1 - messageStartSent := false - isTextBlockOpen := false - var outputLen int - - // Ensure usage is published even on early return - defer func() { - reporter.publish(ctx, totalUsage) - }() - - for { - select { - case <-ctx.Done(): - return - default: - } - - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - // Log the error - log.Errorf("kiro: streamToChannel error: %v", eventErr) - - // Send error to channel for client notification - out <- cliproxyexecutor.StreamChunk{Err: eventErr} - return - } - if msg == nil { - // Normal end of stream (EOF) - // Flush any incomplete tool use before ending stream - if currentToolUse != nil && !processedIDs[currentToolUse.ToolUseID] { - log.Warnf("kiro: flushing incomplete tool use at EOF: %s (ID: %s)", currentToolUse.Name, currentToolUse.ToolUseID) - fullInput := currentToolUse.InputBuffer.String() - repairedJSON := kiroclaude.RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse incomplete tool input at EOF: %v", err) - finalInput = make(map[string]interface{}) - } - - processedIDs[currentToolUse.ToolUseID] = true - contentBlockIndex++ - - // Send tool_use content block - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", currentToolUse.ToolUseID, currentToolUse.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send tool input as delta - inputBytes, _ := json.Marshal(finalInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputBytes), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true - currentToolUse = nil - } - - // DISABLED: Tag-based pending character flushing - // This code block was used for tag-based thinking detection which has been - // replaced by reasoningContentEvent handling. No pending tag chars to flush. - // Original code preserved in git history. - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Warnf("kiro: failed to unmarshal event payload: %v, raw: %s", err, string(payload)) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s - %s", errType, errMsg)} - return - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s", errMsg)} - return - } - - // Extract stop_reason from various event formats (streaming) - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason (top-level): %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason (top-level): %s", upstreamStopReason) - } - - // Send message_start on first event - if !messageStartSent { - msgStart := kiroclaude.BuildClaudeMessageStartEvent(model, totalUsage.InputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - messageStartSent = true - } - - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: streamToChannel ignoring followupPrompt event") - continue - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in messageStopEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in messageStopEvent: %s", upstreamStopReason) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - upstreamCreditUsage = usageVal - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent: usage=%.4f %s", usageVal, unit) - } else { - // Try direct fields (event is meteringEvent itself) - if unit, ok := event["unit"].(string); ok { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent (direct): usage=%.4f %s", usage, unit) - } - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - - log.Errorf("kiro: streamToChannel received error event: type=%s, message=%s", errType, errMsg) - - // Send error to the stream and exit - if errMsg != "" { - out <- cliproxyexecutor.StreamChunk{ - Err: fmt.Errorf("kiro API error (%s): %s", errType, errMsg), - } - return - } - - case "invalidStateEvent": - // Handle invalid state events - log and continue (non-fatal) - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if stateEvent, ok := event["invalidStateEvent"].(map[string]interface{}); ok { - if msg, ok := stateEvent["message"].(string); ok { - errMsg = msg - } - } - log.Warnf("kiro: streamToChannel received invalidStateEvent: %s, continuing", errMsg) - continue - - case "assistantResponseEvent": - var contentDelta string - var toolUses []map[string]interface{} - - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if c, ok := assistantResp["content"].(string); ok { - contentDelta = c - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in assistantResponseEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in assistantResponseEvent: %s", upstreamStopReason) - } - // Extract tool uses from response - if tus, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - } - if contentDelta == "" { - if c, ok := event["content"].(string); ok { - contentDelta = c - } - } - // Direct tool uses - if tus, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - - // Handle text content with thinking mode support - if contentDelta != "" { - // NOTE: Duplicate content filtering was removed because it incorrectly - // filtered out legitimate repeated content (like consecutive newlines "\n\n"). - // Streaming naturally can have identical chunks that are valid content. - - outputLen += len(contentDelta) - // Accumulate content for streaming token calculation - accumulatedContent.WriteString(contentDelta) - - // Real-time usage estimation: Check if we should send a usage update - // This helps clients track context usage during long thinking sessions - shouldSendUsageUpdate := false - if accumulatedContent.Len()-lastUsageUpdateLen >= usageUpdateCharThreshold { - shouldSendUsageUpdate = true - } else if time.Since(lastUsageUpdateTime) >= usageUpdateTimeInterval && accumulatedContent.Len() > lastUsageUpdateLen { - shouldSendUsageUpdate = true - } - - if shouldSendUsageUpdate { - // Calculate current output tokens using tiktoken - var currentOutputTokens int64 - if enc, encErr := getTokenizer(model); encErr == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - currentOutputTokens = int64(tokenCount) - } - } - // Fallback to character estimation if tiktoken fails - if currentOutputTokens == 0 { - currentOutputTokens = int64(accumulatedContent.Len() / 4) - if currentOutputTokens == 0 { - currentOutputTokens = 1 - } - } - - // Only send update if token count has changed significantly (at least 10 tokens) - if currentOutputTokens > lastReportedOutputTokens+10 { - // Send ping event with usage information - // This is a non-blocking update that clients can optionally process - pingEvent := kiroclaude.BuildClaudePingEventWithUsage(totalUsage.InputTokens, currentOutputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, pingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - lastReportedOutputTokens = currentOutputTokens - log.Debugf("kiro: sent real-time usage update - input: %d, output: %d (accumulated: %d chars)", - totalUsage.InputTokens, currentOutputTokens, accumulatedContent.Len()) - } - - lastUsageUpdateLen = accumulatedContent.Len() - lastUsageUpdateTime = time.Now() - } - - // TAG-BASED THINKING PARSING: Parse tags from content - // Combine pending content with new content for processing - pendingContent.WriteString(contentDelta) - processContent := pendingContent.String() - pendingContent.Reset() - - // Process content looking for thinking tags - for len(processContent) > 0 { - if inThinkBlock { - // We're inside a thinking block, look for - endIdx := strings.Index(processContent, kirocommon.ThinkingEndTag) - if endIdx >= 0 { - // Found end tag - emit thinking content before the tag - thinkingText := processContent[:endIdx] - if thinkingText != "" { - // Ensure thinking block is open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send thinking delta - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(thinkingText) - } - // Close thinking block - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - inThinkBlock = false - processContent = processContent[endIdx+len(kirocommon.ThinkingEndTag):] - log.Debugf("kiro: closed thinking block, remaining content: %d chars", len(processContent)) - } else { - // No end tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingEndTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingEndTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as thinking content - if processContent != "" { - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(processContent, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(processContent) - } - } - processContent = "" - } - } else { - // Not in thinking block, look for - startIdx := strings.Index(processContent, kirocommon.ThinkingStartTag) - if startIdx >= 0 { - // Found start tag - emit text content before the tag - textBefore := processContent[:startIdx] - if textBefore != "" { - // Close thinking block if open - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - // Ensure text block is open - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send text delta - claudeEvent := kiroclaude.BuildClaudeStreamEvent(textBefore, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Close text block before entering thinking - if isTextBlockOpen { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - inThinkBlock = true - processContent = processContent[startIdx+len(kirocommon.ThinkingStartTag):] - log.Debugf("kiro: entered thinking block") - } else { - // No start tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingStartTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingStartTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as text content - if processContent != "" { - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - claudeEvent := kiroclaude.BuildClaudeStreamEvent(processContent, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - processContent = "" - } - } - } - } - - // Handle tool uses in response (with deduplication) - for _, tu := range toolUses { - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use in stream: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - hasToolUses = true - // Close text block if open before starting tool_use block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Emit tool_use content block - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", toolUseID, toolName) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send input_json_delta with the tool input - if input, ok := tu["input"].(map[string]interface{}); ok { - inputJSON, err := json.Marshal(input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input: %v", err) - // Don't continue - still need to close the block - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - // Close tool_use block (always close even if input marshal failed) - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "reasoningContentEvent": - // Handle official reasoningContentEvent from Kiro API - // This replaces tag-based thinking detection with the proper event type - // Official format: { text: string, signature?: string, redactedContent?: base64 } - var thinkingText string - var signature string - - if re, ok := event["reasoningContentEvent"].(map[string]interface{}); ok { - if text, ok := re["text"].(string); ok { - thinkingText = text - } - if sig, ok := re["signature"].(string); ok { - signature = sig - if len(sig) > 20 { - log.Debugf("kiro: reasoningContentEvent has signature: %s...", sig[:20]) - } else { - log.Debugf("kiro: reasoningContentEvent has signature: %s", sig) - } - } - } else { - // Try direct fields - if text, ok := event["text"].(string); ok { - thinkingText = text - } - if sig, ok := event["signature"].(string); ok { - signature = sig - } - } - - if thinkingText != "" { - // Close text block if open before starting thinking block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Start thinking block if not already open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Send thinking content - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Accumulate for token counting - accumulatedThinkingContent.WriteString(thinkingText) - log.Debugf("kiro: received reasoningContentEvent, text length: %d, has signature: %v", len(thinkingText), signature != "") - } - - // Note: We don't close the thinking block here - it will be closed when we see - // the next assistantResponseEvent or at the end of the stream - _ = signature // Signature can be used for verification if needed - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - - // Emit completed tool uses - for _, tu := range completedToolUses { - // Check if this tool was truncated - emit with SOFT_LIMIT_REACHED marker - if tu.IsTruncated { - hasTruncatedTools = true - log.Infof("kiro: streamToChannel emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", tu.Name, tu.ToolUseID) - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - // Emit tool_use with SOFT_LIMIT_REACHED marker input - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Build SOFT_LIMIT_REACHED marker input - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - markerJSON, _ := json.Marshal(markerInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(markerJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close tool_use block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true // Keep this so stop_reason = tool_use - continue - } - - hasToolUses = true - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - if tu.Input != nil { - inputJSON, err := json.Marshal(tu.Input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input in toolUseEvent: %v", err) - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found precise outputTokens in tokenUsage: %d", totalUsage.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Infof("kiro: streamToChannel found precise totalTokens in tokenUsage: %d", totalUsage.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - totalUsage.InputTokens = int64(uncachedInputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found uncachedInputTokens in tokenUsage: %d", totalUsage.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if totalUsage.InputTokens > 0 { - totalUsage.InputTokens += int64(cacheReadTokens) - } else { - totalUsage.InputTokens = int64(cacheReadTokens) - } - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in messageMetadataEvent: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in messageMetadataEvent: %d", totalUsage.OutputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in messageMetadataEvent: %d", totalUsage.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found inputTokens in usageEvent: %d", totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found outputTokens in usageEvent: %d", totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in usageEvent: %d", totalUsage.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object: input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: streamToChannel found metricsEvent: input=%d, output=%d", - totalUsage.InputTokens, totalUsage.OutputTokens) - - } - default: - // Check for upstream usage events from Kiro API - // Format: {"unit":"credit","unitPlural":"credits","usage":1.458} - if unit, ok := event["unit"].(string); ok && unit == "credit" { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Debugf("kiro: received upstream credit usage: %.4f", upstreamCreditUsage) - } - } - // Format: {"contextUsagePercentage":78.56} - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: received upstream context usage: %.2f%%", upstreamContextPercentage) - } - - // Check for token counts in unknown events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in event %s: %d", eventType, totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in event %s: %d", eventType, totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in event %s: %d", eventType, totalUsage.TotalTokens) - } - - // Check for usage object in unknown events (OpenAI/Claude format) - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object in event %s: input=%d, output=%d, total=%d", - eventType, totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Log unknown event types for debugging (to discover new event formats) - if eventType != "" { - log.Debugf("kiro: streamToChannel unknown event type: %s, payload: %s", eventType, string(payload)) - } - - } - - // Check nested usage event - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - - // Check for direct token fields in any event (fallback) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found direct inputTokens: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found direct outputTokens: %d", totalUsage.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if totalUsage.InputTokens == 0 || totalUsage.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if totalUsage.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: streamToChannel found usage object (fallback): input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - } - } - - // Close content block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Streaming token calculation - calculate output tokens from accumulated content - // Only use local estimation if server didn't provide usage (server-side usage takes priority) - if totalUsage.OutputTokens == 0 && accumulatedContent.Len() > 0 { - // Try to use tiktoken for accurate counting - if enc, err := getTokenizer(model); err == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - totalUsage.OutputTokens = int64(tokenCount) - log.Debugf("kiro: streamToChannel calculated output tokens using tiktoken: %d", totalUsage.OutputTokens) - } else { - // Fallback on count error: estimate from character count - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel tiktoken count failed, estimated from chars: %d", totalUsage.OutputTokens) - } - } else { - // Fallback: estimate from character count (roughly 4 chars per token) - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel estimated output tokens from chars: %d (content len: %d)", totalUsage.OutputTokens, accumulatedContent.Len()) - } - } else if totalUsage.OutputTokens == 0 && outputLen > 0 { - // Legacy fallback using outputLen - totalUsage.OutputTokens = int64(outputLen / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - // Note: The effective input context is ~170k (200k - 30k reserved for output) - if upstreamContextPercentage > 0 { - // Calculate input tokens from context percentage - // Using 200k as the base since that's what Kiro reports against - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - - // Only use calculated value if it's significantly different from local estimate - // This provides more accurate token counts based on upstream data - if calculatedInputTokens > 0 { - localEstimate := totalUsage.InputTokens - totalUsage.InputTokens = calculatedInputTokens - log.Debugf("kiro: using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - totalUsage.TotalTokens = totalUsage.InputTokens + totalUsage.OutputTokens - - // Log upstream usage information if received - if hasUpstreamUsage { - log.Debugf("kiro: upstream usage - credits: %.4f, context: %.2f%%, final tokens - input: %d, output: %d, total: %d", - upstreamCreditUsage, upstreamContextPercentage, - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Determine stop reason: prefer upstream, then detect tool_use, default to end_turn - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - stopReason := upstreamStopReason - if hasTruncatedTools { - // Log that we're using SOFT_LIMIT_REACHED approach - log.Infof("kiro: streamToChannel using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use for truncated tools") - } - if stopReason == "" { - if hasToolUses { - stopReason = "tool_use" - log.Debugf("kiro: streamToChannel using fallback stop_reason: tool_use") - } else { - stopReason = "end_turn" - log.Debugf("kiro: streamToChannel using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (streamToChannel)") - } - - // Send message_delta event - msgDelta := kiroclaude.BuildClaudeMessageDeltaEvent(stopReason, totalUsage) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send message_stop event separately - msgStop := kiroclaude.BuildClaudeMessageStopOnlyEvent() - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - // reporter.publish is called via defer -} - -// NOTE: Claude SSE event builders moved to pkg/llmproxy/translator/kiro/claude/kiro_claude_stream.go -// The executor now uses kiroclaude.BuildClaude*Event() functions instead - -// CountTokens counts tokens locally using tiktoken since Kiro API doesn't expose a token counting endpoint. -// This provides approximate token counts for client requests. -func (e *KiroExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Use tiktoken for local token counting - enc, err := getTokenizer(req.Model) - if err != nil { - log.Warnf("kiro: CountTokens failed to get tokenizer: %v, falling back to estimate", err) - // Fallback: estimate from payload size (roughly 4 chars per token) - estimatedTokens := len(req.Payload) / 4 - if estimatedTokens == 0 && len(req.Payload) > 0 { - estimatedTokens = 1 - } - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, estimatedTokens)), - }, nil - } - - // Try to count tokens from the request payload - var totalTokens int64 - - // Try OpenAI chat format first - if tokens, countErr := countOpenAIChatTokens(enc, req.Payload); countErr == nil && tokens > 0 { - totalTokens = tokens - log.Debugf("kiro: CountTokens counted %d tokens using OpenAI chat format", totalTokens) - } else { - // Fallback: count raw payload tokens - if tokenCount, countErr := enc.Count(string(req.Payload)); countErr == nil { - totalTokens = int64(tokenCount) - log.Debugf("kiro: CountTokens counted %d tokens from raw payload", totalTokens) - } else { - // Final fallback: estimate from payload size - totalTokens = int64(len(req.Payload) / 4) - if totalTokens == 0 && len(req.Payload) > 0 { - totalTokens = 1 - } - log.Debugf("kiro: CountTokens estimated %d tokens from payload size", totalTokens) - } - } - - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, totalTokens)), - }, nil -} - -// Refresh refreshes the Kiro OAuth token. -// Supports both AWS Builder ID (SSO OIDC) and Google OAuth (social login). -// Uses mutex to prevent race conditions when multiple concurrent requests try to refresh. -func (e *KiroExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - // Serialize token refresh operations to prevent race conditions - e.refreshMu.Lock() - defer e.refreshMu.Unlock() - - var authID string - if auth != nil { - authID = auth.ID - } else { - authID = "" - } - log.Debugf("kiro executor: refresh called for auth %s", authID) - if auth == nil { - return nil, fmt.Errorf("kiro executor: auth is nil") - } - - // Double-check: After acquiring lock, verify token still needs refresh - // Another goroutine may have already refreshed while we were waiting - // NOTE: This check has a design limitation - it reads from the auth object passed in, - // not from persistent storage. If another goroutine returns a new Auth object (via Clone), - // this check won't see those updates. The mutex still prevents truly concurrent refreshes, - // but queued goroutines may still attempt redundant refreshes. This is acceptable as - // the refresh operation is idempotent and the extra API calls are infrequent. - if auth.Metadata != nil { - if lastRefresh, ok := auth.Metadata["last_refresh"].(string); ok { - if refreshTime, err := time.Parse(time.RFC3339, lastRefresh); err == nil { - // If token was refreshed within the last 30 seconds, skip refresh - if time.Since(refreshTime) < 30*time.Second { - log.Debugf("kiro executor: token was recently refreshed by another goroutine, skipping") - return auth, nil - } - } - } - // Also check if expires_at is now in the future with sufficient buffer - if expiresAt, ok := auth.Metadata["expires_at"].(string); ok { - if expTime, err := time.Parse(time.RFC3339, expiresAt); err == nil { - // If token expires more than 20 minutes from now, it's still valid - if time.Until(expTime) > 20*time.Minute { - log.Debugf("kiro executor: token is still valid (expires in %v), skipping refresh", time.Until(expTime)) - // CRITICAL FIX: Set NextRefreshAfter to prevent frequent refresh checks - // Without this, shouldRefresh() will return true again in 30 seconds - updated := auth.Clone() - // Set next refresh to 20 minutes before expiry, or at least 30 seconds from now - nextRefresh := expTime.Add(-20 * time.Minute) - minNextRefresh := time.Now().Add(30 * time.Second) - if nextRefresh.Before(minNextRefresh) { - nextRefresh = minNextRefresh - } - updated.NextRefreshAfter = nextRefresh - log.Debugf("kiro executor: setting NextRefreshAfter to %v (in %v)", nextRefresh.Format(time.RFC3339), time.Until(nextRefresh)) - return updated, nil - } - } - } - } - - var refreshToken string - var clientID, clientSecret string - var authMethod string - var region, startURL string - - if auth.Metadata != nil { - if rt, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = rt - } - if cid, ok := auth.Metadata["client_id"].(string); ok { - clientID = cid - } - if cs, ok := auth.Metadata["client_secret"].(string); ok { - clientSecret = cs - } - if am, ok := auth.Metadata["auth_method"].(string); ok { - authMethod = am - } - if r, ok := auth.Metadata["region"].(string); ok { - region = r - } - if su, ok := auth.Metadata["start_url"].(string); ok { - startURL = su - } - } - - if refreshToken == "" { - return nil, fmt.Errorf("kiro executor: refresh token not found") - } - - var tokenData *kiroauth.KiroTokenData - var err error - - ssoClient := kiroauth.NewSSOOIDCClient(e.cfg) - - // Use SSO OIDC refresh for AWS Builder ID or IDC, otherwise use Kiro's OAuth refresh endpoint - switch { - case clientID != "" && clientSecret != "" && authMethod == "idc" && region != "": - // IDC refresh with region-specific endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for IDC (region=%s)", region) - tokenData, err = ssoClient.RefreshTokenWithRegion(ctx, clientID, clientSecret, refreshToken, region, startURL) - case clientID != "" && clientSecret != "" && authMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for AWS Builder ID") - tokenData, err = ssoClient.RefreshToken(ctx, clientID, clientSecret, refreshToken) - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("kiro executor: using Kiro OAuth refresh endpoint") - oauth := kiroauth.NewKiroOAuth(e.cfg) - tokenData, err = oauth.RefreshToken(ctx, refreshToken) - } - - if err != nil { - return nil, fmt.Errorf("kiro executor: token refresh failed: %w", err) - } - - updated := auth.Clone() - now := time.Now() - updated.UpdatedAt = now - updated.LastRefreshedAt = now - - if updated.Metadata == nil { - updated.Metadata = make(map[string]any) - } - updated.Metadata["access_token"] = tokenData.AccessToken - updated.Metadata["refresh_token"] = tokenData.RefreshToken - updated.Metadata["expires_at"] = tokenData.ExpiresAt - updated.Metadata["last_refresh"] = now.Format(time.RFC3339) - if tokenData.ProfileArn != "" { - updated.Metadata["profile_arn"] = tokenData.ProfileArn - } - if tokenData.AuthMethod != "" { - updated.Metadata["auth_method"] = tokenData.AuthMethod - } - if tokenData.Provider != "" { - updated.Metadata["provider"] = tokenData.Provider - } - // Preserve client credentials for future refreshes (AWS Builder ID) - if tokenData.ClientID != "" { - updated.Metadata["client_id"] = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - updated.Metadata["client_secret"] = tokenData.ClientSecret - } - // Preserve region and start_url for IDC token refresh - if tokenData.Region != "" { - updated.Metadata["region"] = tokenData.Region - } - if tokenData.StartURL != "" { - updated.Metadata["start_url"] = tokenData.StartURL - } - - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - updated.Attributes["access_token"] = tokenData.AccessToken - if tokenData.ProfileArn != "" { - updated.Attributes["profile_arn"] = tokenData.ProfileArn - } - - // NextRefreshAfter is aligned with RefreshLead (20min) - if expiresAt, parseErr := time.Parse(time.RFC3339, tokenData.ExpiresAt); parseErr == nil { - updated.NextRefreshAfter = expiresAt.Add(-20 * time.Minute) - } - - log.Infof("kiro executor: token refreshed successfully, expires at %s", tokenData.ExpiresAt) - return updated, nil -} - -// persistRefreshedAuth persists a refreshed auth record to disk. -// This ensures token refreshes from inline retry are saved to the auth file. -func (e *KiroExecutor) persistRefreshedAuth(auth *cliproxyauth.Auth) error { - if auth == nil || auth.Metadata == nil { - return fmt.Errorf("kiro executor: cannot persist nil auth or metadata") - } - - // Determine the file path from auth attributes or filename - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return fmt.Errorf("kiro executor: auth has no file path or filename") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return fmt.Errorf("kiro executor: cannot determine auth file path") - } - } - - // Marshal metadata to JSON - raw, err := json.Marshal(auth.Metadata) - if err != nil { - return fmt.Errorf("kiro executor: marshal metadata failed: %w", err) - } - - // Write to temp file first, then rename (atomic write) - tmp := authPath + ".tmp" - if err := os.WriteFile(tmp, raw, 0o600); err != nil { - return fmt.Errorf("kiro executor: write temp auth file failed: %w", err) - } - if err := os.Rename(tmp, authPath); err != nil { - return fmt.Errorf("kiro executor: rename auth file failed: %w", err) - } - - log.Debugf("kiro executor: persisted refreshed auth to %s", authPath) - return nil -} - -// reloadAuthFromFile 从文件重新加载 auth 数据(方案 B: Fallback 机制) -// 当内存中的 token 已过期时,尝试从文件读取最新的 token -// 这解决了后台刷新器已更新文件但内存中 Auth 对象尚未同步的时间差问题 -func (e *KiroExecutor) reloadAuthFromFile(auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, fmt.Errorf("kiro executor: cannot reload nil auth") - } - - // 确定文件路径 - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return nil, fmt.Errorf("kiro executor: auth has no file path or filename for reload") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return nil, fmt.Errorf("kiro executor: cannot determine auth file path for reload") - } - } - - // 读取文件 - raw, err := os.ReadFile(authPath) - if err != nil { - return nil, fmt.Errorf("kiro executor: failed to read auth file %s: %w", authPath, err) - } - - // 解析 JSON - var metadata map[string]any - if err := json.Unmarshal(raw, &metadata); err != nil { - return nil, fmt.Errorf("kiro executor: failed to parse auth file %s: %w", authPath, err) - } - - // 检查文件中的 token 是否比内存中的更新 - fileExpiresAt, _ := metadata["expires_at"].(string) - fileAccessToken, _ := metadata["access_token"].(string) - memExpiresAt, _ := auth.Metadata["expires_at"].(string) - memAccessToken, _ := auth.Metadata["access_token"].(string) - - // 文件中必须有有效的 access_token - if fileAccessToken == "" { - return nil, fmt.Errorf("kiro executor: auth file has no access_token field") - } - - // 如果有 expires_at,检查是否过期 - if fileExpiresAt != "" { - fileExpTime, parseErr := time.Parse(time.RFC3339, fileExpiresAt) - if parseErr == nil { - // 如果文件中的 token 也已过期,不使用它 - if time.Now().After(fileExpTime) { - log.Debugf("kiro executor: file token also expired at %s, not using", fileExpiresAt) - return nil, fmt.Errorf("kiro executor: file token also expired") - } - } - } - - // 判断文件中的 token 是否比内存中的更新 - // 条件1: access_token 不同(说明已刷新) - // 条件2: expires_at 更新(说明已刷新) - isNewer := false - - // 优先检查 access_token 是否变化 - if fileAccessToken != memAccessToken { - isNewer = true - log.Debugf("kiro executor: file access_token differs from memory, using file token") - } - - // 如果 access_token 相同,检查 expires_at - if !isNewer && fileExpiresAt != "" && memExpiresAt != "" { - fileExpTime, fileParseErr := time.Parse(time.RFC3339, fileExpiresAt) - memExpTime, memParseErr := time.Parse(time.RFC3339, memExpiresAt) - if fileParseErr == nil && memParseErr == nil && fileExpTime.After(memExpTime) { - isNewer = true - log.Debugf("kiro executor: file expires_at (%s) is newer than memory (%s)", fileExpiresAt, memExpiresAt) - } - } - - // 如果文件中没有 expires_at 但 access_token 相同,无法判断是否更新 - if !isNewer && fileExpiresAt == "" && fileAccessToken == memAccessToken { - return nil, fmt.Errorf("kiro executor: cannot determine if file token is newer (no expires_at, same access_token)") - } - - if !isNewer { - log.Debugf("kiro executor: file token not newer than memory token") - return nil, fmt.Errorf("kiro executor: file token not newer") - } - - // 创建更新后的 auth 对象 - updated := auth.Clone() - updated.Metadata = metadata - updated.UpdatedAt = time.Now() - - // 同步更新 Attributes - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - if accessToken, ok := metadata["access_token"].(string); ok { - updated.Attributes["access_token"] = accessToken - } - if profileArn, ok := metadata["profile_arn"].(string); ok { - updated.Attributes["profile_arn"] = profileArn - } - - log.Infof("kiro executor: reloaded auth from file %s, new expires_at: %s", authPath, fileExpiresAt) - return updated, nil -} - -// isTokenExpired checks if a JWT access token has expired. -// Returns true if the token is expired or cannot be parsed. -func (e *KiroExecutor) isTokenExpired(accessToken string) bool { - if accessToken == "" { - return true - } - - // JWT tokens have 3 parts separated by dots - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - // Not a JWT token, assume not expired - return false - } - - // Decode the payload (second part) - // JWT uses base64url encoding without padding (RawURLEncoding) - payload := parts[1] - decoded, err := base64.RawURLEncoding.DecodeString(payload) - if err != nil { - // Try with padding added as fallback - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - decoded, err = base64.URLEncoding.DecodeString(payload) - if err != nil { - log.Debugf("kiro: failed to decode JWT payload: %v", err) - return false - } - } - - var claims struct { - Exp int64 `json:"exp"` - } - if err := json.Unmarshal(decoded, &claims); err != nil { - log.Debugf("kiro: failed to parse JWT claims: %v", err) - return false - } - - if claims.Exp == 0 { - // No expiration claim, assume not expired - return false - } - - expTime := time.Unix(claims.Exp, 0) - now := time.Now() - - // Consider token expired if it expires within 1 minute (buffer for clock skew) - isExpired := now.After(expTime) || expTime.Sub(now) < time.Minute - if isExpired { - log.Debugf("kiro: token expired at %s (now: %s)", expTime.Format(time.RFC3339), now.Format(time.RFC3339)) - } - - return isExpired -} - -// ══════════════════════════════════════════════════════════════════════════════ -// Web Search Handler (MCP API) -// ══════════════════════════════════════════════════════════════════════════════ - -// fetchToolDescription caching: -// Uses a mutex + fetched flag to ensure only one goroutine fetches at a time, -// with automatic retry on failure: -// - On failure, fetched stays false so subsequent calls will retry -// - On success, fetched is set to true — subsequent calls skip immediately (mutex-free fast path) -// The cached description is stored in the translator package via kiroclaude.SetWebSearchDescription(), -// enabling the translator's convertClaudeToolsToKiro to read it when building Kiro requests. -var ( - toolDescMu sync.Mutex - toolDescFetched atomic.Bool -) - -// fetchToolDescription calls MCP tools/list to get the web_search tool description -// and caches it. Safe to call concurrently — only one goroutine fetches at a time. -// If the fetch fails, subsequent calls will retry. On success, no further fetches occur. -// The httpClient parameter allows reusing a shared pooled HTTP client. -func fetchToolDescription(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) { - // Fast path: already fetched successfully, no lock needed - if toolDescFetched.Load() { - return - } - - toolDescMu.Lock() - defer toolDescMu.Unlock() - - // Double-check after acquiring lock - if toolDescFetched.Load() { - return - } - - handler := newWebSearchHandler(ctx, mcpEndpoint, authToken, httpClient, auth, authAttrs) - reqBody := []byte(`{"id":"tools_list","jsonrpc":"2.0","method":"tools/list"}`) - log.Debugf("kiro/websearch MCP tools/list request: %d bytes", len(reqBody)) - - req, err := http.NewRequestWithContext(ctx, "POST", mcpEndpoint, bytes.NewReader(reqBody)) - if err != nil { - log.Warnf("kiro/websearch: failed to create tools/list request: %v", err) - return - } - - // Reuse same headers as callMcpAPI - handler.setMcpHeaders(req) - - resp, err := handler.httpClient.Do(req) - if err != nil { - log.Warnf("kiro/websearch: tools/list request failed: %v", err) - return - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil || resp.StatusCode != http.StatusOK { - log.Warnf("kiro/websearch: tools/list returned status %d", resp.StatusCode) - return - } - log.Debugf("kiro/websearch MCP tools/list response: [%d] %d bytes", resp.StatusCode, len(body)) - - // Parse: {"result":{"tools":[{"name":"web_search","description":"..."}]}} - var result struct { - Result *struct { - Tools []struct { - Name string `json:"name"` - Description string `json:"description"` - } `json:"tools"` - } `json:"result"` - } - if err := json.Unmarshal(body, &result); err != nil || result.Result == nil { - log.Warnf("kiro/websearch: failed to parse tools/list response") - return - } - - for _, tool := range result.Result.Tools { - if tool.Name == "web_search" && tool.Description != "" { - kiroclaude.SetWebSearchDescription(tool.Description) - toolDescFetched.Store(true) // success — no more fetches - log.Infof("kiro/websearch: cached web_search description from tools/list (%d bytes)", len(tool.Description)) - return - } - } - - // web_search tool not found in response - log.Warnf("kiro/websearch: web_search tool not found in tools/list response") -} - -// webSearchHandler handles web search requests via Kiro MCP API -type webSearchHandler struct { - ctx context.Context - mcpEndpoint string - httpClient *http.Client - authToken string - auth *cliproxyauth.Auth // for applyDynamicFingerprint - authAttrs map[string]string // optional, for custom headers from auth.Attributes -} - -// newWebSearchHandler creates a new webSearchHandler. -// If httpClient is nil, a default client with 30s timeout is used. -// Pass a shared pooled client (e.g. from getKiroPooledHTTPClient) for connection reuse. -func newWebSearchHandler(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) *webSearchHandler { - if httpClient == nil { - httpClient = &http.Client{ - Timeout: 30 * time.Second, - } - } - return &webSearchHandler{ - ctx: ctx, - mcpEndpoint: mcpEndpoint, - httpClient: httpClient, - authToken: authToken, - auth: auth, - authAttrs: authAttrs, - } -} - -// setMcpHeaders sets standard MCP API headers on the request, -// aligned with the GAR request pattern. -func (h *webSearchHandler) setMcpHeaders(req *http.Request) { - // 1. Content-Type & Accept (aligned with GAR) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "*/*") - - // 2. Kiro-specific headers (aligned with GAR) - req.Header.Set("x-amzn-kiro-agent-mode", "vibe") - req.Header.Set("x-amzn-codewhisperer-optout", "true") - - // 3. User-Agent: Reuse applyDynamicFingerprint for consistency - applyDynamicFingerprint(req, h.auth) - - // 4. AWS SDK identifiers - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // 5. Authentication - req.Header.Set("Authorization", "Bearer "+h.authToken) - - // 6. Custom headers from auth attributes - util.ApplyCustomHeadersFromAttrs(req, h.authAttrs) -} - -// mcpMaxRetries is the maximum number of retries for MCP API calls. -const mcpMaxRetries = 2 - -// callMcpAPI calls the Kiro MCP API with the given request. -// Includes retry logic with exponential backoff for retryable errors. -func (h *webSearchHandler) callMcpAPI(request *kiroclaude.McpRequest) (*kiroclaude.McpResponse, error) { - requestBody, err := json.Marshal(request) - if err != nil { - return nil, fmt.Errorf("failed to marshal MCP request: %w", err) - } - log.Debugf("kiro/websearch MCP request → %s (%d bytes)", h.mcpEndpoint, len(requestBody)) - - var lastErr error - for attempt := 0; attempt <= mcpMaxRetries; attempt++ { - if attempt > 0 { - backoff := time.Duration(1< 10*time.Second { - backoff = 10 * time.Second - } - log.Warnf("kiro/websearch: MCP retry %d/%d after %v (last error: %v)", attempt, mcpMaxRetries, backoff, lastErr) - select { - case <-h.ctx.Done(): - return nil, h.ctx.Err() - case <-time.After(backoff): - } - } - - req, err := http.NewRequestWithContext(h.ctx, "POST", h.mcpEndpoint, bytes.NewReader(requestBody)) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP request: %w", err) - } - - h.setMcpHeaders(req) - - resp, err := h.httpClient.Do(req) - if err != nil { - lastErr = fmt.Errorf("MCP API request failed: %w", err) - continue // network error → retry - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read MCP response: %w", err) - continue // read error → retry - } - log.Debugf("kiro/websearch MCP response ← [%d] (%d bytes)", resp.StatusCode, len(body)) - - // Retryable HTTP status codes (aligned with GAR: 502, 503, 504) - if resp.StatusCode >= 502 && resp.StatusCode <= 504 { - lastErr = fmt.Errorf("MCP API returned retryable status %d: %s", resp.StatusCode, string(body)) - continue - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("MCP API returned status %d: %s", resp.StatusCode, string(body)) - } - - var mcpResponse kiroclaude.McpResponse - if err := json.Unmarshal(body, &mcpResponse); err != nil { - return nil, fmt.Errorf("failed to parse MCP response: %w", err) - } - - if mcpResponse.Error != nil { - code := -1 - if mcpResponse.Error.Code != nil { - code = *mcpResponse.Error.Code - } - msg := "Unknown error" - if mcpResponse.Error.Message != nil { - msg = *mcpResponse.Error.Message - } - return nil, fmt.Errorf("MCP error %d: %s", code, msg) - } - - return &mcpResponse, nil - } - - return nil, lastErr -} - -// webSearchAuthAttrs extracts auth attributes for MCP calls. -// Used by handleWebSearch and handleWebSearchStream to pass custom headers. -func webSearchAuthAttrs(auth *cliproxyauth.Auth) map[string]string { - if auth != nil { - return auth.Attributes - } - return nil -} - -const maxWebSearchIterations = 5 - -// handleWebSearchStream handles web_search requests: -// Step 1: tools/list (sync) → fetch/cache tool description -// Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop -// Note: We skip the "model decides to search" step because Claude Code already -// decided to use web_search. The Kiro tool description restricts non-coding -// topics, so asking the model again would cause it to refuse valid searches. -func (e *KiroExecutor) handleWebSearchStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: failed to extract search query, falling back to normal flow") - return e.callKiroDirectStream(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // ── Step 1: tools/list (SYNC) — cache tool description ── - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Create output channel - out := make(chan cliproxyexecutor.StreamChunk) - - // Usage reporting: track web search requests like normal streaming requests - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - - go func() { - var wsErr error - defer reporter.trackFailure(ctx, &wsErr) - defer close(out) - - // Estimate input tokens using tokenizer (matching streamToChannel pattern) - var totalUsage usage.Detail - if enc, tokErr := getTokenizer(req.Model); tokErr == nil { - if inp, e := countClaudeChatTokens(enc, req.Payload); e == nil && inp > 0 { - totalUsage.InputTokens = inp - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - if totalUsage.InputTokens == 0 && len(req.Payload) > 0 { - totalUsage.InputTokens = 1 - } - var accumulatedOutputLen int - defer func() { - if wsErr != nil { - return // let trackFailure handle failure reporting - } - totalUsage.OutputTokens = int64(accumulatedOutputLen / 4) - if accumulatedOutputLen > 0 && totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - reporter.publish(ctx, totalUsage) - }() - - // Send message_start event to client (aligned with streamToChannel pattern) - // Use payloadRequestedModel to return user's original model alias - msgStart := kiroclaude.BuildClaudeMessageStartEvent( - payloadRequestedModel(opts, req.Model), - totalUsage.InputTokens, - ) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(msgStart, '\n', '\n')}: - } - - // ── Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop ── - contentBlockIndex := 0 - currentQuery := query - - // Replace web_search tool description with a minimal one that allows re-search. - // The original tools/list description from Kiro restricts non-coding topics, - // but we've already decided to search. We keep the tool so the model can - // request additional searches when results are insufficient. - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - currentClaudePayload := simplifiedPayload - totalSearches := 0 - - // Generate toolUseId for the first iteration (Claude Code already decided to search) - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - - for iteration := 0; iteration < maxWebSearchIterations; iteration++ { - log.Infof("kiro/websearch: search iteration %d/%d", - iteration+1, maxWebSearchIterations) - - // MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(currentQuery) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - totalSearches++ - log.Infof("kiro/websearch: iteration %d — got %d search results", iteration+1, resultCount) - - // Send search indicator events to client - searchEvents := kiroclaude.GenerateSearchIndicatorEvents(currentQuery, currentToolUseId, searchResults, contentBlockIndex) - for _, event := range searchEvents { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: event}: - } - } - contentBlockIndex += 2 - - // Inject tool_use + tool_result into Claude payload, then call GAR - var err error - currentClaudePayload, err = kiroclaude.InjectToolResultsClaude(currentClaudePayload, currentToolUseId, currentQuery, searchResults) - if err != nil { - log.Warnf("kiro/websearch: failed to inject tool results: %v", err) - wsErr = fmt.Errorf("failed to inject tool results: %w", err) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Call GAR with modified Claude payload (full translation pipeline) - modifiedReq := req - modifiedReq.Payload = currentClaudePayload - kiroChunks, kiroErr := e.callKiroAndBuffer(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if kiroErr != nil { - log.Warnf("kiro/websearch: Kiro API failed at iteration %d: %v", iteration+1, kiroErr) - wsErr = fmt.Errorf("kiro API failed at iteration %d: %w", iteration+1, kiroErr) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Analyze response - analysis := kiroclaude.AnalyzeBufferedStream(kiroChunks) - log.Infof("kiro/websearch: iteration %d — stop_reason: %s, has_tool_use: %v", - iteration+1, analysis.StopReason, analysis.HasWebSearchToolUse) - - if analysis.HasWebSearchToolUse && analysis.WebSearchQuery != "" && iteration+1 < maxWebSearchIterations { - // Model wants another search - filteredChunks := kiroclaude.FilterChunksForClient(kiroChunks, analysis.WebSearchToolUseIndex, contentBlockIndex) - for _, chunk := range filteredChunks { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - - currentQuery = analysis.WebSearchQuery - currentToolUseId = analysis.WebSearchToolUseId - continue - } - - // Model returned final response — stream to client - for _, chunk := range kiroChunks { - if contentBlockIndex > 0 && len(chunk) > 0 { - adjusted, shouldForward := kiroclaude.AdjustSSEChunk(chunk, contentBlockIndex) - if !shouldForward { - continue - } - accumulatedOutputLen += len(adjusted) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: adjusted}: - } - } else { - accumulatedOutputLen += len(chunk) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - } - log.Infof("kiro/websearch: completed after %d search iteration(s), total searches: %d", iteration+1, totalSearches) - return - } - - log.Warnf("kiro/websearch: reached max iterations (%d), stopping search loop", maxWebSearchIterations) - }() - - return out, nil -} - -// handleWebSearch handles web_search requests for non-streaming Execute path. -// Performs MCP search synchronously, injects results into the request payload, -// then calls the normal non-streaming Kiro API path which returns a proper -// Claude JSON response (not SSE chunks). -func (e *KiroExecutor) handleWebSearch( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: non-stream: failed to extract search query, falling back to normal Execute") - // Fall through to normal non-streaming path - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // Step 1: Fetch/cache tool description (sync) - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Step 2: Perform MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(query) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: non-stream: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - log.Infof("kiro/websearch: non-stream: got %d search results", resultCount) - - // Step 3: Replace restrictive web_search tool description (align with streaming path) - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - // Step 4: Inject search tool_use + tool_result into Claude payload - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - modifiedPayload, err := kiroclaude.InjectToolResultsClaude(simplifiedPayload, currentToolUseId, query, searchResults) - if err != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject tool results: %v, falling back", err) - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Step 5: Call Kiro API via the normal non-streaming path (executeWithRetry) - // This path uses parseEventStream → BuildClaudeResponse → TranslateNonStream - // to produce a proper Claude JSON response - modifiedReq := req - modifiedReq.Payload = modifiedPayload - - resp, err := e.executeNonStreamFallback(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if err != nil { - return resp, err - } - - // Step 6: Inject server_tool_use + web_search_tool_result into response - // so Claude Code can display "Did X searches in Ys" - indicators := []kiroclaude.SearchIndicator{ - { - ToolUseID: currentToolUseId, - Query: query, - Results: searchResults, - }, - } - injectedPayload, injErr := kiroclaude.InjectSearchIndicatorsInResponse(resp.Payload, indicators) - if injErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject search indicators: %v", injErr) - } else { - resp.Payload = injectedPayload - } - - return resp, nil -} - -// callKiroAndBuffer calls the Kiro API and buffers all response chunks. -// Returns the buffered chunks for analysis before forwarding to client. -// Usage reporting is NOT done here — the caller (handleWebSearchStream) manages its own reporter. -func (e *KiroExecutor) callKiroAndBuffer( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) ([][]byte, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - log.Debugf("kiro/websearch GAR request: %d bytes", len(body)) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - kiroStream, err := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, nil, kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - if err != nil { - return nil, err - } - - // Buffer all chunks - var chunks [][]byte - for chunk := range kiroStream { - if chunk.Err != nil { - return chunks, chunk.Err - } - if len(chunk.Payload) > 0 { - chunks = append(chunks, bytes.Clone(chunk.Payload)) - } - } - - log.Debugf("kiro/websearch GAR response: %d chunks buffered", len(chunks)) - - return chunks, nil -} - -// callKiroDirectStream creates a direct streaming channel to Kiro API without search. -func (e *KiroExecutor) callKiroDirectStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var streamErr error - defer reporter.trackFailure(ctx, &streamErr) - - stream, streamErr := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - return stream, streamErr -} - -// sendFallbackText sends a simple text response when the Kiro API fails during the search loop. -// Delegates SSE event construction to kiroclaude.BuildFallbackTextEvents() for alignment -// with how streamToChannel() uses BuildClaude*Event() functions. -func (e *KiroExecutor) sendFallbackText( - ctx context.Context, - out chan<- cliproxyexecutor.StreamChunk, - contentBlockIndex int, - query string, - searchResults *kiroclaude.WebSearchResults, -) { - events := kiroclaude.BuildFallbackTextEvents(contentBlockIndex, query, searchResults) - for _, event := range events { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(event, '\n', '\n')}: - } - } -} - -// executeNonStreamFallback runs the standard non-streaming Execute path for a request. -// Used by handleWebSearch after injecting search results, or as a fallback. -func (e *KiroExecutor) executeNonStreamFallback( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var err error - defer reporter.trackFailure(ctx, &err) - - resp, err := e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, body, from, to, reporter, kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kiro_executor_extra_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kiro_executor_extra_test.go deleted file mode 100644 index 0efae05df4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/kiro_executor_extra_test.go +++ /dev/null @@ -1,147 +0,0 @@ -package executor - -import ( - "strings" - "testing" - "time" - - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" -) - -func TestKiroExecutor_MapModelToKiro(t *testing.T) { - e := &KiroExecutor{} - - tests := []struct { - model string - want string - }{ - {"amazonq-claude-opus-4-6", "claude-opus-4.6"}, - {"kiro-claude-sonnet-4-5", "claude-sonnet-4.5"}, - {"claude-haiku-4.5", "claude-haiku-4.5"}, - {"claude-opus-4.6-agentic", "claude-opus-4.6"}, - {"unknown-haiku-model", "claude-haiku-4.5"}, - {"claude-3.7-sonnet", "claude-3-7-sonnet-20250219"}, - {"claude-4.5-sonnet", "claude-sonnet-4.5"}, - {"something-else", "claude-sonnet-4.5"}, // Default fallback - } - - for _, tt := range tests { - got := e.mapModelToKiro(tt.model) - if got != tt.want { - t.Errorf("mapModelToKiro(%q) = %q, want %q", tt.model, got, tt.want) - } - } -} - -func TestDetermineAgenticMode(t *testing.T) { - tests := []struct { - model string - isAgentic bool - isChatOnly bool - }{ - {"claude-opus-4.6-agentic", true, false}, - {"claude-opus-4.6-chat", false, true}, - {"claude-opus-4.6", false, false}, - {"anything-else", false, false}, - } - - for _, tt := range tests { - isAgentic, isChatOnly := determineAgenticMode(tt.model) - if isAgentic != tt.isAgentic || isChatOnly != tt.isChatOnly { - t.Errorf("determineAgenticMode(%q) = (%v, %v), want (%v, %v)", tt.model, isAgentic, isChatOnly, tt.isAgentic, tt.isChatOnly) - } - } -} - -func TestExtractRegionFromProfileARN(t *testing.T) { - tests := []struct { - arn string - want string - }{ - {"arn:aws:iam:us-east-1:123456789012:role/name", "us-east-1"}, - {"arn:aws:iam:us-west-2:123456789012:role/name", "us-west-2"}, - {"arn:aws:iam::123456789012:role/name", ""}, // No region - {"", ""}, - } - - for _, tt := range tests { - got := extractRegionFromProfileARN(tt.arn) - if got != tt.want { - t.Errorf("extractRegionFromProfileARN(%q) = %q, want %q", tt.arn, got, tt.want) - } - } -} - -func TestFormatKiroCooldownError(t *testing.T) { - t.Run("suspended has remediation", func(t *testing.T) { - err := formatKiroCooldownError(2*time.Minute, kiroauth.CooldownReasonSuspended) - msg := err.Error() - if !strings.Contains(msg, "reason: account_suspended") { - t.Fatalf("expected cooldown reason in message, got %q", msg) - } - if !strings.Contains(msg, "re-auth this Kiro entry or switch auth index") { - t.Fatalf("expected suspension remediation in message, got %q", msg) - } - }) - - t.Run("quota has routing guidance", func(t *testing.T) { - err := formatKiroCooldownError(30*time.Second, kiroauth.CooldownReason429) - msg := err.Error() - if !strings.Contains(msg, "reason: rate_limit_exceeded") { - t.Fatalf("expected cooldown reason in message, got %q", msg) - } - if !strings.Contains(msg, "quota-exceeded.switch-project") { - t.Fatalf("expected quota guidance in message, got %q", msg) - } - }) -} - -func TestFormatKiroSuspendedStatusMessage(t *testing.T) { - msg := formatKiroSuspendedStatusMessage([]byte(`{"status":"SUSPENDED"}`)) - if !strings.Contains(msg, `{"status":"SUSPENDED"}`) { - t.Fatalf("expected upstream response body in message, got %q", msg) - } - if !strings.Contains(msg, "re-auth this Kiro entry or use another auth index") { - t.Fatalf("expected remediation text in message, got %q", msg) - } -} - -func TestIsKiroSuspendedOrBannedResponse(t *testing.T) { - tests := []struct { - name string - body string - want bool - }{ - { - name: "uppercase suspended token", - body: `{"status":"SUSPENDED"}`, - want: true, - }, - { - name: "lowercase banned sentence", - body: `{"message":"account banned due to abuse checks"}`, - want: true, - }, - { - name: "temporary suspended lowercase key", - body: `{"status":"temporarily_suspended"}`, - want: true, - }, - { - name: "token expired should not count as banned", - body: `{"error":"token expired"}`, - want: false, - }, - { - name: "empty body", - body: ` `, - want: false, - }, - } - - for _, tt := range tests { - if got := isKiroSuspendedOrBannedResponse(tt.body); got != tt.want { - t.Fatalf("%s: isKiroSuspendedOrBannedResponse(%q) = %v, want %v", tt.name, tt.body, got, tt.want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/logging_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/logging_helpers.go deleted file mode 100644 index f74b1513c1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/logging_helpers.go +++ /dev/null @@ -1,448 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "html" - "net/http" - "sort" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - apiAttemptsKey = "API_UPSTREAM_ATTEMPTS" - apiRequestKey = "API_REQUEST" - apiResponseKey = "API_RESPONSE" - apiResponseTimestampKey = "API_RESPONSE_TIMESTAMP" -) - -type contextKey string - -const ginContextKey contextKey = "gin" - -// upstreamRequestLog captures the outbound upstream request details for logging. -type upstreamRequestLog struct { - URL string - Method string - Headers http.Header - Body []byte - Provider string - AuthID string - AuthLabel string - AuthType string - AuthValue string -} - -type upstreamAttempt struct { - index int - request string - response *strings.Builder - responseIntroWritten bool - statusWritten bool - headersWritten bool - bodyStarted bool - bodyHasContent bool - errorWritten bool -} - -// recordAPIRequest stores the upstream request metadata in Gin context for request logging. -func recordAPIRequest(ctx context.Context, cfg *config.Config, info upstreamRequestLog) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - - attempts := getAttempts(ginCtx) - index := len(attempts) + 1 - - builder := &strings.Builder{} - fmt.Fprintf(builder, "=== API REQUEST %d ===\n", index) - fmt.Fprintf(builder, "Timestamp: %s\n", time.Now().Format(time.RFC3339Nano)) - if info.URL != "" { - fmt.Fprintf(builder, "Upstream URL: %s\n", info.URL) - } else { - builder.WriteString("Upstream URL: \n") - } - if info.Method != "" { - fmt.Fprintf(builder, "HTTP Method: %s\n", info.Method) - } - if auth := formatAuthInfo(info); auth != "" { - fmt.Fprintf(builder, "Auth: %s\n", auth) - } - builder.WriteString("\nHeaders:\n") - writeHeaders(builder, info.Headers) - builder.WriteString("\nBody:\n") - if len(info.Body) > 0 { - builder.WriteString(string(info.Body)) - } else { - builder.WriteString("") - } - builder.WriteString("\n\n") - - attempt := &upstreamAttempt{ - index: index, - request: builder.String(), - response: &strings.Builder{}, - } - attempts = append(attempts, attempt) - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) -} - -// recordAPIResponseMetadata captures upstream response status/header information for the latest attempt. -func recordAPIResponseMetadata(ctx context.Context, cfg *config.Config, status int, headers http.Header) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - setAPIResponseTimestamp(ginCtx) - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if status > 0 && !attempt.statusWritten { - fmt.Fprintf(attempt.response, "Status: %d\n", status) - attempt.statusWritten = true - } - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, headers) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - - updateAggregatedResponse(ginCtx, attempts) -} - -// recordAPIResponseError adds an error entry for the latest attempt when no HTTP response is available. -func recordAPIResponseError(ctx context.Context, cfg *config.Config, err error) { - if cfg == nil || !cfg.RequestLog || err == nil { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - setAPIResponseTimestamp(ginCtx) - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if attempt.bodyStarted && !attempt.bodyHasContent { - // Ensure body does not stay empty marker if error arrives first. - attempt.bodyStarted = false - } - if attempt.errorWritten { - attempt.response.WriteString("\n") - } - fmt.Fprintf(attempt.response, "Error: %s\n", err.Error()) - attempt.errorWritten = true - - updateAggregatedResponse(ginCtx, attempts) -} - -// appendAPIResponseChunk appends an upstream response chunk to Gin context for request logging. -func appendAPIResponseChunk(ctx context.Context, cfg *config.Config, chunk []byte) { - if cfg == nil || !cfg.RequestLog { - return - } - data := bytes.TrimSpace(chunk) - if len(data) == 0 { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - setAPIResponseTimestamp(ginCtx) - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, nil) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - if !attempt.bodyStarted { - attempt.response.WriteString("Body:\n") - attempt.bodyStarted = true - } - if attempt.bodyHasContent { - attempt.response.WriteString("\n\n") - } - attempt.response.WriteString(string(data)) - attempt.bodyHasContent = true - - updateAggregatedResponse(ginCtx, attempts) -} - -func ginContextFrom(ctx context.Context) *gin.Context { - ginCtx, _ := ctx.Value(ginContextKey).(*gin.Context) - return ginCtx -} - -func getAttempts(ginCtx *gin.Context) []*upstreamAttempt { - if ginCtx == nil { - return nil - } - if value, exists := ginCtx.Get(apiAttemptsKey); exists { - if attempts, ok := value.([]*upstreamAttempt); ok { - return attempts - } - } - return nil -} - -func setAPIResponseTimestamp(ginCtx *gin.Context) { - if ginCtx == nil { - return - } - if _, exists := ginCtx.Get(apiResponseTimestampKey); exists { - return - } - ginCtx.Set(apiResponseTimestampKey, time.Now()) -} - -func ensureAttempt(ginCtx *gin.Context) ([]*upstreamAttempt, *upstreamAttempt) { - attempts := getAttempts(ginCtx) - if len(attempts) == 0 { - attempt := &upstreamAttempt{ - index: 1, - request: "=== API REQUEST 1 ===\n\n\n", - response: &strings.Builder{}, - } - attempts = []*upstreamAttempt{attempt} - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) - } - return attempts, attempts[len(attempts)-1] -} - -func ensureResponseIntro(attempt *upstreamAttempt) { - if attempt == nil || attempt.response == nil || attempt.responseIntroWritten { - return - } - fmt.Fprintf(attempt.response, "=== API RESPONSE %d ===\n", attempt.index) - fmt.Fprintf(attempt.response, "Timestamp: %s\n", time.Now().Format(time.RFC3339Nano)) - attempt.response.WriteString("\n") - attempt.responseIntroWritten = true -} - -func updateAggregatedRequest(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for _, attempt := range attempts { - builder.WriteString(attempt.request) - } - ginCtx.Set(apiRequestKey, []byte(builder.String())) -} - -func updateAggregatedResponse(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for idx, attempt := range attempts { - if attempt == nil || attempt.response == nil { - continue - } - responseText := attempt.response.String() - if responseText == "" { - continue - } - builder.WriteString(responseText) - if !strings.HasSuffix(responseText, "\n") { - builder.WriteString("\n") - } - if idx < len(attempts)-1 { - builder.WriteString("\n") - } - } - ginCtx.Set(apiResponseKey, []byte(builder.String())) -} - -func writeHeaders(builder *strings.Builder, headers http.Header) { - if builder == nil { - return - } - if len(headers) == 0 { - builder.WriteString("\n") - return - } - keys := make([]string, 0, len(headers)) - for key := range headers { - keys = append(keys, key) - } - sort.Strings(keys) - for _, key := range keys { - values := headers[key] - if len(values) == 0 { - fmt.Fprintf(builder, "%s:\n", key) - continue - } - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - fmt.Fprintf(builder, "%s: %s\n", key, masked) - } - } -} - -func formatAuthInfo(info upstreamRequestLog) string { - var parts []string - if trimmed := strings.TrimSpace(info.Provider); trimmed != "" { - parts = append(parts, fmt.Sprintf("provider=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthID); trimmed != "" { - parts = append(parts, fmt.Sprintf("auth_id=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthLabel); trimmed != "" { - parts = append(parts, fmt.Sprintf("label=%s", trimmed)) - } - - authType := strings.ToLower(strings.TrimSpace(info.AuthType)) - authValue := strings.TrimSpace(info.AuthValue) - switch authType { - case "api_key": - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=api_key value=%s", util.HideAPIKey(authValue))) - } else { - parts = append(parts, "type=api_key") - } - case "oauth": - parts = append(parts, "type=oauth") - default: - if authType != "" { - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=%s value=%s", authType, authValue)) - } else { - parts = append(parts, fmt.Sprintf("type=%s", authType)) - } - } - } - - return strings.Join(parts, ", ") -} - -func summarizeErrorBody(contentType string, body []byte) string { - isHTML := strings.Contains(strings.ToLower(contentType), "text/html") - if !isHTML { - trimmed := bytes.TrimSpace(bytes.ToLower(body)) - if bytes.HasPrefix(trimmed, []byte("') - if gt == -1 { - return "" - } - start += gt + 1 - end := bytes.Index(lower[start:], []byte("")) - if end == -1 { - return "" - } - title := string(body[start : start+end]) - title = html.UnescapeString(title) - title = strings.TrimSpace(title) - if title == "" { - return "" - } - return strings.Join(strings.Fields(title), " ") -} - -// extractJSONErrorMessage attempts to extract error.message from JSON error responses -func extractJSONErrorMessage(body []byte) string { - message := firstNonEmptyJSONString(body, "error.message", "message", "error.msg") - if message == "" { - return "" - } - return appendModelNotFoundGuidance(message, body) -} - -func firstNonEmptyJSONString(body []byte, paths ...string) string { - for _, path := range paths { - result := gjson.GetBytes(body, path) - if result.Exists() { - value := strings.TrimSpace(result.String()) - if value != "" { - return value - } - } - } - return "" -} - -func appendModelNotFoundGuidance(message string, body []byte) string { - normalized := strings.ToLower(message) - if strings.Contains(normalized, "/v1/models") || strings.Contains(normalized, "/v1/responses") { - return message - } - - errorCode := strings.ToLower(strings.TrimSpace(gjson.GetBytes(body, "error.code").String())) - if errorCode == "" { - errorCode = strings.ToLower(strings.TrimSpace(gjson.GetBytes(body, "code").String())) - } - - mentionsModelNotFound := strings.Contains(normalized, "model_not_found") || - strings.Contains(normalized, "model not found") || - strings.Contains(errorCode, "model_not_found") || - (strings.Contains(errorCode, "not_found") && strings.Contains(normalized, "model")) - if !mentionsModelNotFound { - return message - } - - hint := "hint: verify the model appears in GET /v1/models" - if strings.Contains(normalized, "codex") || strings.Contains(normalized, "gpt-5.3-codex") { - hint += "; Codex-family models should be sent to /v1/responses." - } - return message + " (" + hint + ")" -} - -// logWithRequestID returns a logrus Entry with request_id field populated from context. -// If no request ID is found in context, it returns the standard logger. -func logWithRequestID(ctx context.Context) *log.Entry { - if ctx == nil { - return log.NewEntry(log.StandardLogger()) - } - requestID := logging.GetRequestID(ctx) - if requestID == "" { - return log.NewEntry(log.StandardLogger()) - } - return log.WithField("request_id", requestID) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/logging_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/logging_helpers_test.go deleted file mode 100644 index b6c41db21f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/logging_helpers_test.go +++ /dev/null @@ -1,145 +0,0 @@ -package executor - -import ( - "context" - "errors" - "net/http" - "net/http/httptest" - "strings" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestRecordAPIResponseMetadataRecordsTimestamp(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - recordAPIResponseMetadata(ctx, cfg, http.StatusOK, http.Header{"Content-Type": {"application/json"}}) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set") - } - ts, ok := tsRaw.(time.Time) - if !ok || ts.IsZero() { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid type or zero: %#v", tsRaw) - } -} - -func TestRecordAPIResponseErrorKeepsInitialTimestamp(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - recordAPIResponseMetadata(ctx, cfg, http.StatusOK, http.Header{"Content-Type": {"application/json"}}) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set") - } - initial, ok := tsRaw.(time.Time) - if !ok { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid type: %#v", tsRaw) - } - - time.Sleep(5 * time.Millisecond) - recordAPIResponseError(ctx, cfg, errors.New("upstream error")) - - afterRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP disappeared after error") - } - after, ok := afterRaw.(time.Time) - if !ok || !after.Equal(initial) { - t.Fatalf("API_RESPONSE_TIMESTAMP changed after error: initial=%v after=%v", initial, afterRaw) - } -} - -func TestAppendAPIResponseChunkSetsTimestamp(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - appendAPIResponseChunk(ctx, cfg, []byte("chunk-1")) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set after chunk append") - } - ts, ok := tsRaw.(time.Time) - if !ok || ts.IsZero() { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid after chunk append: %#v", tsRaw) - } -} - -func TestAppendChunkKeepsTimestampWhenErrorFollows(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - cfg := &config.Config{} - cfg.RequestLog = true - ctx := context.WithValue(context.Background(), ginContextKey, ginCtx) - - recordAPIRequest(ctx, cfg, upstreamRequestLog{URL: "http://example.local"}) - appendAPIResponseChunk(ctx, cfg, []byte("chunk-1")) - - tsRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP was not set after chunk append") - } - initial, ok := tsRaw.(time.Time) - if !ok || initial.IsZero() { - t.Fatalf("API_RESPONSE_TIMESTAMP invalid: %#v", tsRaw) - } - - recordAPIResponseError(ctx, cfg, errors.New("upstream error")) - - afterRaw, exists := ginCtx.Get(apiResponseTimestampKey) - if !exists { - t.Fatal("API_RESPONSE_TIMESTAMP disappeared after error") - } - after, ok := afterRaw.(time.Time) - if !ok || !after.Equal(initial) { - t.Fatalf("API_RESPONSE_TIMESTAMP changed after chunk->error: initial=%v after=%v", initial, afterRaw) - } -} - -func TestExtractJSONErrorMessage_ModelNotFoundAddsGuidance(t *testing.T) { - body := []byte(`{"error":{"code":"model_not_found","message":"model not found: foo"}}`) - got := extractJSONErrorMessage(body) - if !strings.Contains(got, "GET /v1/models") { - t.Fatalf("expected /v1/models guidance, got %q", got) - } -} - -func TestExtractJSONErrorMessage_CodexModelAddsResponsesHint(t *testing.T) { - body := []byte(`{"error":{"message":"model not found for gpt-5.3-codex"}}`) - got := extractJSONErrorMessage(body) - if !strings.Contains(got, "/v1/responses") { - t.Fatalf("expected /v1/responses hint, got %q", got) - } -} - -func TestExtractJSONErrorMessage_NonModelErrorUnchanged(t *testing.T) { - body := []byte(`{"error":{"message":"rate limit exceeded"}}`) - got := extractJSONErrorMessage(body) - if got != "rate limit exceeded" { - t.Fatalf("expected unchanged message, got %q", got) - } -} - -func TestExtractJSONErrorMessage_ExistingGuidanceNotDuplicated(t *testing.T) { - body := []byte(`{"error":{"message":"model not found; check /v1/models"}}`) - got := extractJSONErrorMessage(body) - if got != "model not found; check /v1/models" { - t.Fatalf("expected existing guidance to remain unchanged, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/oauth_upstream.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/oauth_upstream.go deleted file mode 100644 index b50acfb059..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/oauth_upstream.go +++ /dev/null @@ -1,41 +0,0 @@ -package executor - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func resolveOAuthBaseURL(cfg *config.Config, channel, defaultBaseURL string, auth *cliproxyauth.Auth) string { - return resolveOAuthBaseURLWithOverride(cfg, channel, defaultBaseURL, authBaseURL(auth)) -} - -func resolveOAuthBaseURLWithOverride(cfg *config.Config, channel, defaultBaseURL, authBaseURLOverride string) string { - if custom := strings.TrimSpace(authBaseURLOverride); custom != "" { - return strings.TrimRight(custom, "/") - } - if cfg != nil { - if custom := strings.TrimSpace(cfg.OAuthUpstreamURL(channel)); custom != "" { - return strings.TrimRight(custom, "/") - } - } - return strings.TrimRight(strings.TrimSpace(defaultBaseURL), "/") -} - -func authBaseURL(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["base_url"]); v != "" { - return v - } - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["base_url"].(string); ok { - return strings.TrimSpace(v) - } - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/oauth_upstream_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/oauth_upstream_test.go deleted file mode 100644 index 1896018420..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/oauth_upstream_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestResolveOAuthBaseURLWithOverride_PreferenceOrder(t *testing.T) { - cfg := &config.Config{ - OAuthUpstream: map[string]string{ - "claude": "https://cfg.example.com/claude", - }, - } - - got := resolveOAuthBaseURLWithOverride(cfg, "claude", "https://default.example.com", "https://auth.example.com") - if got != "https://auth.example.com" { - t.Fatalf("expected auth override to win, got %q", got) - } - - got = resolveOAuthBaseURLWithOverride(cfg, "claude", "https://default.example.com", "") - if got != "https://cfg.example.com/claude" { - t.Fatalf("expected config override to win when auth override missing, got %q", got) - } - - got = resolveOAuthBaseURLWithOverride(cfg, "codex", "https://default.example.com/", "") - if got != "https://default.example.com" { - t.Fatalf("expected default URL fallback when no overrides exist, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_compat_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_compat_executor.go deleted file mode 100644 index 9faf1dc1b1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_compat_executor.go +++ /dev/null @@ -1,398 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/sjson" -) - -// OpenAICompatExecutor implements a stateless executor for OpenAI-compatible providers. -// It performs request/response translation and executes against the provider base URL -// using per-auth credentials (API key) and per-auth HTTP transport (proxy) from context. -type OpenAICompatExecutor struct { - provider string - cfg *config.Config -} - -// NewOpenAICompatExecutor creates an executor bound to a provider key (e.g., "openrouter"). -func NewOpenAICompatExecutor(provider string, cfg *config.Config) *OpenAICompatExecutor { - return &OpenAICompatExecutor{provider: provider, cfg: cfg} -} - -// Identifier implements cliproxyauth.ProviderExecutor. -func (e *OpenAICompatExecutor) Identifier() string { return e.provider } - -// PrepareRequest injects OpenAI-compatible credentials into the outgoing HTTP request. -func (e *OpenAICompatExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - _, apiKey := e.resolveCredentials(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects OpenAI-compatible credentials into the request and executes it. -func (e *OpenAICompatExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("openai compat executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/chat/completions" - if opts.Alt == "responses/compact" { - to = sdktranslator.FromString("openai-response") - endpoint = "/responses/compact" - } - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - if opts.Alt == "responses/compact" { - if updated, errDelete := sjson.DeleteBytes(translated, "stream"); errDelete == nil { - translated = updated - } - } else if updated, errSet := sjson.SetBytes(translated, "stream", false); errSet == nil { - translated = updated - } - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := strings.TrimSuffix(baseURL, "/") + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Accept", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - if err = validateOpenAICompatJSON(body); err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - reporter.publish(ctx, parseOpenAIUsage(body)) - // Ensure we at least record the request even if upstream doesn't return usage - reporter.ensurePublished(ctx) - // Translate response back to source format when needed - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return nil, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - if err := validateOpenAICompatJSON(bytes.Clone(line)); err != nil { - recordAPIResponseError(ctx, e.cfg, err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: err} - return - } - - // OpenAI-compatible streams are SSE: lines typically prefixed with "data: ". - // Pass through translator; it yields one or more chunks for the target schema. - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Ensure we record the request if no usage chunk was ever seen - reporter.ensurePublished(ctx) - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *OpenAICompatExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelForCounting := baseModel - - translated, err := thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - enc, err := tokenizerForModel(modelForCounting) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, translated) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translatedUsage := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translatedUsage)}, nil -} - -// Refresh is a no-op for API-key based compatibility providers. -func (e *OpenAICompatExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("openai compat executor: refresh called") - _ = ctx - return auth, nil -} - -func (e *OpenAICompatExecutor) resolveCredentials(auth *cliproxyauth.Auth) (baseURL, apiKey string) { - if auth == nil { - return "", "" - } - if auth.Attributes != nil { - baseURL = strings.TrimSpace(auth.Attributes["base_url"]) - apiKey = strings.TrimSpace(auth.Attributes["api_key"]) - } - return -} - -type statusErr struct { - code int - msg string - retryAfter *time.Duration -} - -func (e statusErr) Error() string { - if e.msg != "" { - return e.msg - } - return fmt.Sprintf("status %d", e.code) -} -func (e statusErr) StatusCode() int { return e.code } -func (e statusErr) RetryAfter() *time.Duration { return e.retryAfter } - -func validateOpenAICompatJSON(data []byte) error { - line := bytes.TrimSpace(data) - if len(line) == 0 { - return nil - } - - if bytes.HasPrefix(line, []byte("data:")) { - payload := bytes.TrimSpace(bytes.TrimPrefix(line, []byte("data:"))) - if len(payload) == 0 || bytes.Equal(payload, []byte("[DONE]")) { - return nil - } - line = payload - } - - if !json.Valid(line) { - return statusErr{code: http.StatusBadRequest, msg: "invalid json in OpenAI-compatible response"} - } - - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_compat_executor_compact_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_compat_executor_compact_test.go deleted file mode 100644 index 41c1389a9c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_compat_executor_compact_test.go +++ /dev/null @@ -1,217 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestOpenAICompatExecutorCompactPassthrough(t *testing.T) { - var gotPath string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}`)) - })) - defer server.Close() - - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test", - }} - payload := []byte(`{"model":"gpt-5.1-codex-max","input":[{"role":"user","content":"hi"}]}`) - resp, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.1-codex-max", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai-response"), - Alt: "responses/compact", - Stream: false, - }) - if err != nil { - t.Fatalf("Execute error: %v", err) - } - if gotPath != "/v1/responses/compact" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/responses/compact") - } - if !gjson.GetBytes(gotBody, "input").Exists() { - t.Fatalf("expected input in body") - } - if gjson.GetBytes(gotBody, "messages").Exists() { - t.Fatalf("unexpected messages in body") - } - if string(resp.Payload) != `{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}` { - t.Fatalf("payload = %s", string(resp.Payload)) - } -} - -func TestOpenAICompatExecutorExecute_NonStreamForcesJSONAcceptAndStreamFalse(t *testing.T) { - var gotPath string - var gotAccept string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - gotAccept = r.Header.Get("Accept") - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"chatcmpl_1","object":"chat.completion","choices":[{"index":0,"message":{"role":"assistant","content":"ok"}}],"usage":{"prompt_tokens":1,"completion_tokens":1,"total_tokens":2}}`)) - })) - defer server.Close() - - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test", - }} - - _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-4o-mini", - Payload: []byte(`{"model":"gpt-4o-mini","messages":[{"role":"user","content":"ping"}],"stream":true}`), - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: false, - }) - if err != nil { - t.Fatalf("Execute error: %v", err) - } - if gotPath != "/v1/chat/completions" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/chat/completions") - } - if gotAccept != "application/json" { - t.Fatalf("Accept = %q, want %q", gotAccept, "application/json") - } - if got := gjson.GetBytes(gotBody, "stream"); !got.Exists() || got.Bool() { - t.Fatalf("stream = %v (exists=%v), want false", got.Bool(), got.Exists()) - } -} - -func TestOpenAICompatExecutorExecuteStream_SetsSSEAcceptAndStreamTrue(t *testing.T) { - var gotPath string - var gotAccept string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - gotAccept = r.Header.Get("Accept") - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "text/event-stream") - w.WriteHeader(http.StatusOK) - _, _ = w.Write([]byte("data: {\"id\":\"chatcmpl_1\",\"object\":\"chat.completion.chunk\",\"choices\":[{\"delta\":{\"content\":\"ok\"}}]}\n\n")) - _, _ = w.Write([]byte("data: [DONE]\n\n")) - })) - defer server.Close() - - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test", - }} - - streamResult, err := executor.ExecuteStream(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-4o-mini", - Payload: []byte(`{"model":"gpt-4o-mini","messages":[{"role":"user","content":"ping"}]}`), - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: true, - }) - if err != nil { - t.Fatalf("ExecuteStream error: %v", err) - } - for range streamResult.Chunks { - } - - if gotAccept != "text/event-stream" { - t.Fatalf("Accept = %q, want %q", gotAccept, "text/event-stream") - } - if gotPath != "/v1/chat/completions" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/chat/completions") - } - if len(gotBody) == 0 { - t.Fatal("expected non-empty request body") - } -} - -func TestOpenAICompatExecutorExecute_InvalidJSONUpstreamReturnsError(t *testing.T) { - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": "data:,/v1", - }} - - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(http.StatusOK) - _, _ = w.Write([]byte("not-json")) - })) - defer server.Close() - auth.Attributes["base_url"] = server.URL + "/v1" - - _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-4o-mini", - Payload: []byte(`{"model":"gpt-4o-mini","messages":[{"role":"user","content":"ping"}]`), - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: false, - }) - if err == nil { - t.Fatal("expected invalid-json error, got nil") - } - if statusErr, ok := err.(statusErr); !ok || statusErr.StatusCode() != http.StatusBadRequest { - t.Fatalf("unexpected error type/code: %T %v", err, err) - } -} - -func TestOpenAICompatExecutorExecuteStream_InvalidJSONChunkErrors(t *testing.T) { - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": "data:,/v1", - "api_key": "test", - }} - - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/event-stream") - w.WriteHeader(http.StatusOK) - _, _ = w.Write([]byte("data: [DONE]\n\n")) - _, _ = w.Write([]byte("data: {bad\n\n")) - })) - defer server.Close() - auth.Attributes["base_url"] = server.URL - - streamResult, err := executor.ExecuteStream(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-4o-mini", - Payload: []byte(`{"model":"gpt-4o-mini","messages":[{"role":"user","content":"ping"}]`), - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: true, - }) - if err != nil { - t.Fatalf("ExecuteStream error: %v", err) - } - - var gotErr error - for chunk := range streamResult.Chunks { - if chunk.Err != nil { - gotErr = chunk.Err - break - } - } - if gotErr == nil { - t.Fatal("expected stream chunk error") - } - if !strings.Contains(gotErr.Error(), "invalid json") { - t.Fatalf("unexpected stream error: %v", gotErr) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_models_fetcher.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_models_fetcher.go deleted file mode 100644 index 48b62d7a4b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_models_fetcher.go +++ /dev/null @@ -1,178 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/url" - "path" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const openAIModelsFetchTimeout = 10 * time.Second - -// FetchOpenAIModels retrieves available models from an OpenAI-compatible /v1/models endpoint. -// Returns nil on any failure; callers should fall back to static model lists. -func FetchOpenAIModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config, provider string) []*registry.ModelInfo { - if auth == nil || auth.Attributes == nil { - return nil - } - baseURL := strings.TrimSpace(auth.Attributes["base_url"]) - apiKey := strings.TrimSpace(auth.Attributes["api_key"]) - if baseURL == "" || apiKey == "" { - return nil - } - modelsURL := resolveOpenAIModelsURL(baseURL, auth.Attributes) - - reqCtx, cancel := context.WithTimeout(ctx, openAIModelsFetchTimeout) - defer cancel() - - httpReq, err := http.NewRequestWithContext(reqCtx, http.MethodGet, modelsURL, nil) - if err != nil { - log.Debugf("%s: failed to create models request: %v", provider, err) - return nil - } - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - httpReq.Header.Set("Content-Type", "application/json") - - client := newProxyAwareHTTPClient(reqCtx, cfg, auth, openAIModelsFetchTimeout) - resp, err := client.Do(httpReq) - if err != nil { - if ctx.Err() != nil { - return nil - } - log.Debugf("%s: models request failed: %v", provider, err) - return nil - } - defer func() { _ = resp.Body.Close() }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - log.Debugf("%s: models request returned %d", provider, resp.StatusCode) - return nil - } - - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Debugf("%s: failed to read models response: %v", provider, err) - return nil - } - - data := gjson.GetBytes(body, "data") - if !data.Exists() || !data.IsArray() { - return nil - } - - now := time.Now().Unix() - providerType := strings.ToLower(strings.TrimSpace(provider)) - if providerType == "" { - providerType = "openai" - } - - models := make([]*registry.ModelInfo, 0, len(data.Array())) - data.ForEach(func(_, v gjson.Result) bool { - id := strings.TrimSpace(v.Get("id").String()) - if id == "" { - return true - } - created := v.Get("created").Int() - if created == 0 { - created = now - } - ownedBy := strings.TrimSpace(v.Get("owned_by").String()) - if ownedBy == "" { - ownedBy = providerType - } - models = append(models, ®istry.ModelInfo{ - ID: id, - Object: "model", - Created: created, - OwnedBy: ownedBy, - Type: providerType, - DisplayName: id, - }) - return true - }) - - if len(models) == 0 { - return nil - } - return models -} - -func resolveOpenAIModelsURL(baseURL string, attrs map[string]string) string { - if attrs != nil { - if modelsURL := strings.TrimSpace(attrs["models_url"]); modelsURL != "" { - return modelsURL - } - if modelsEndpoint := strings.TrimSpace(attrs["models_endpoint"]); modelsEndpoint != "" { - return resolveOpenAIModelsEndpointURL(baseURL, modelsEndpoint) - } - } - - trimmedBaseURL := strings.TrimRight(strings.TrimSpace(baseURL), "/") - if trimmedBaseURL == "" { - return "" - } - - parsed, err := url.Parse(trimmedBaseURL) - if err != nil { - return trimmedBaseURL + "/v1/models" - } - if parsed.Path == "" || parsed.Path == "/" { - return trimmedBaseURL + "/v1/models" - } - - segment := path.Base(parsed.Path) - if isVersionSegment(segment) { - return trimmedBaseURL + "/models" - } - - return trimmedBaseURL + "/v1/models" -} - -func resolveOpenAIModelsEndpointURL(baseURL, modelsEndpoint string) string { - modelsEndpoint = strings.TrimSpace(modelsEndpoint) - if modelsEndpoint == "" { - return "" - } - if parsed, err := url.Parse(modelsEndpoint); err == nil && parsed.IsAbs() { - return modelsEndpoint - } - - trimmedBaseURL := strings.TrimRight(strings.TrimSpace(baseURL), "/") - if trimmedBaseURL == "" { - return modelsEndpoint - } - - if strings.HasPrefix(modelsEndpoint, "/") { - baseParsed, err := url.Parse(trimmedBaseURL) - if err == nil && baseParsed.Scheme != "" && baseParsed.Host != "" { - baseParsed.Path = modelsEndpoint - baseParsed.RawQuery = "" - baseParsed.Fragment = "" - return baseParsed.String() - } - return trimmedBaseURL + modelsEndpoint - } - - return trimmedBaseURL + "/" + strings.TrimLeft(modelsEndpoint, "/") -} - -func isVersionSegment(segment string) bool { - if len(segment) < 2 || segment[0] != 'v' { - return false - } - for i := 1; i < len(segment); i++ { - if segment[i] < '0' || segment[i] > '9' { - return false - } - } - return true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_models_fetcher_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_models_fetcher_test.go deleted file mode 100644 index 8b4e2ffb3f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/openai_models_fetcher_test.go +++ /dev/null @@ -1,88 +0,0 @@ -package executor - -import ( - "context" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestResolveOpenAIModelsURL(t *testing.T) { - testCases := []struct { - name string - baseURL string - attrs map[string]string - want string - }{ - { - name: "RootBaseURLUsesV1Models", - baseURL: "https://api.openai.com", - want: "https://api.openai.com/v1/models", - }, - { - name: "VersionedBaseURLUsesModels", - baseURL: "https://api.z.ai/api/coding/paas/v4", - want: "https://api.z.ai/api/coding/paas/v4/models", - }, - { - name: "ModelsURLOverrideWins", - baseURL: "https://api.z.ai/api/coding/paas/v4", - attrs: map[string]string{ - "models_url": "https://custom.example.com/models", - }, - want: "https://custom.example.com/models", - }, - { - name: "ModelsEndpointPathOverrideUsesBaseHost", - baseURL: "https://api.z.ai/api/coding/paas/v4", - attrs: map[string]string{ - "models_endpoint": "/api/coding/paas/v4/models", - }, - want: "https://api.z.ai/api/coding/paas/v4/models", - }, - { - name: "ModelsEndpointAbsoluteURLOverrideWins", - baseURL: "https://api.z.ai/api/coding/paas/v4", - attrs: map[string]string{ - "models_endpoint": "https://custom.example.com/models", - }, - want: "https://custom.example.com/models", - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - got := resolveOpenAIModelsURL(tc.baseURL, tc.attrs) - if got != tc.want { - t.Fatalf("resolveOpenAIModelsURL(%q) = %q, want %q", tc.baseURL, got, tc.want) - } - }) - } -} - -func TestFetchOpenAIModels_UsesVersionedPath(t *testing.T) { - var gotPath string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - _, _ = w.Write([]byte(`{"data":[{"id":"z-ai-model"}]}`)) - })) - defer server.Close() - - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{ - "base_url": server.URL + "/api/coding/paas/v4", - "api_key": "test-key", - }, - } - - models := FetchOpenAIModels(context.Background(), auth, &config.Config{}, "openai-compatibility") - if len(models) != 1 { - t.Fatalf("expected one model, got %d", len(models)) - } - if gotPath != "/api/coding/paas/v4/models" { - t.Fatalf("got path %q, want %q", gotPath, "/api/coding/paas/v4/models") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/payload_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/payload_helpers.go deleted file mode 100644 index 25810fc476..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/payload_helpers.go +++ /dev/null @@ -1,317 +0,0 @@ -package executor - -import ( - "encoding/json" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// applyPayloadConfigWithRoot behaves like applyPayloadConfig but treats all parameter -// paths as relative to the provided root path (for example, "request" for Gemini CLI) -// and restricts matches to the given protocol when supplied. Defaults are checked -// against the original payload when provided. requestedModel carries the client-visible -// model name before alias resolution so payload rules can target aliases precisely. -func applyPayloadConfigWithRoot(cfg *config.Config, model, protocol, root string, payload, original []byte, requestedModel string) []byte { - if cfg == nil || len(payload) == 0 { - return payload - } - rules := cfg.Payload - if len(rules.Default) == 0 && len(rules.DefaultRaw) == 0 && len(rules.Override) == 0 && len(rules.OverrideRaw) == 0 && len(rules.Filter) == 0 { - return payload - } - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return payload - } - candidates := payloadModelCandidates(model, requestedModel) - out := payload - source := original - if len(source) == 0 { - source = payload - } - appliedDefaults := make(map[string]struct{}) - // Apply default rules: first write wins per field across all matching rules. - for i := range rules.Default { - rule := &rules.Default[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply default raw rules: first write wins per field across all matching rules. - for i := range rules.DefaultRaw { - rule := &rules.DefaultRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply override rules: last write wins per field across all matching rules. - for i := range rules.Override { - rule := &rules.Override[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - } - } - // Apply override raw rules: last write wins per field across all matching rules. - for i := range rules.OverrideRaw { - rule := &rules.OverrideRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - } - } - // Apply filter rules: remove matching paths from payload. - for i := range rules.Filter { - rule := &rules.Filter[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for _, path := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errDel := sjson.DeleteBytes(out, fullPath) - if errDel != nil { - continue - } - out = updated - } - } - return out -} - -func payloadModelRulesMatch(rules []config.PayloadModelRule, protocol string, models []string) bool { - if len(rules) == 0 || len(models) == 0 { - return false - } - for _, model := range models { - for _, entry := range rules { - name := strings.TrimSpace(entry.Name) - if name == "" { - continue - } - if ep := strings.TrimSpace(entry.Protocol); ep != "" && protocol != "" && !strings.EqualFold(ep, protocol) { - continue - } - if matchModelPattern(name, model) { - return true - } - } - } - return false -} - -func payloadModelCandidates(model, requestedModel string) []string { - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return nil - } - candidates := make([]string, 0, 3) - seen := make(map[string]struct{}, 3) - addCandidate := func(value string) { - value = strings.TrimSpace(value) - if value == "" { - return - } - key := strings.ToLower(value) - if _, ok := seen[key]; ok { - return - } - seen[key] = struct{}{} - candidates = append(candidates, value) - } - if model != "" { - addCandidate(model) - } - if requestedModel != "" { - parsed := thinking.ParseSuffix(requestedModel) - base := strings.TrimSpace(parsed.ModelName) - if base != "" { - addCandidate(base) - } - if parsed.HasSuffix { - addCandidate(requestedModel) - } - } - return candidates -} - -// buildPayloadPath combines an optional root path with a relative parameter path. -// When root is empty, the parameter path is used as-is. When root is non-empty, -// the parameter path is treated as relative to root. -func buildPayloadPath(root, path string) string { - r := strings.TrimSpace(root) - p := strings.TrimSpace(path) - if r == "" { - return p - } - if p == "" { - return r - } - p = strings.TrimPrefix(p, ".") - return r + "." + p -} - -func payloadRawValue(value any) ([]byte, bool) { - if value == nil { - return nil, false - } - switch typed := value.(type) { - case string: - return []byte(typed), true - case []byte: - return typed, true - default: - raw, errMarshal := json.Marshal(typed) - if errMarshal != nil { - return nil, false - } - return raw, true - } -} - -func payloadRequestedModel(opts cliproxyexecutor.Options, fallback string) string { - fallback = strings.TrimSpace(fallback) - if len(opts.Metadata) == 0 { - return fallback - } - raw, ok := opts.Metadata[cliproxyexecutor.RequestedModelMetadataKey] - if !ok || raw == nil { - return fallback - } - switch v := raw.(type) { - case string: - if strings.TrimSpace(v) == "" { - return fallback - } - return strings.TrimSpace(v) - case []byte: - if len(v) == 0 { - return fallback - } - trimmed := strings.TrimSpace(string(v)) - if trimmed == "" { - return fallback - } - return trimmed - default: - return fallback - } -} - -// matchModelPattern performs simple wildcard matching where '*' matches zero or more characters. -// Examples: -// -// "*-5" matches "gpt-5" -// "gpt-*" matches "gpt-5" and "gpt-4" -// "gemini-*-pro" matches "gemini-2.5-pro" and "gemini-3-pro". -func matchModelPattern(pattern, model string) bool { - pattern = strings.TrimSpace(pattern) - model = strings.TrimSpace(model) - if pattern == "" { - return false - } - if pattern == "*" { - return true - } - // Iterative glob-style matcher supporting only '*' wildcard. - pi, si := 0, 0 - starIdx := -1 - matchIdx := 0 - for si < len(model) { - if pi < len(pattern) && (pattern[pi] == model[si]) { - pi++ - si++ - continue - } - if pi < len(pattern) && pattern[pi] == '*' { - starIdx = pi - matchIdx = si - pi++ - continue - } - if starIdx != -1 { - pi = starIdx + 1 - matchIdx++ - si = matchIdx - continue - } - return false - } - for pi < len(pattern) && pattern[pi] == '*' { - pi++ - } - return pi == len(pattern) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/proxy_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/proxy_helpers.go deleted file mode 100644 index e5148872cb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/proxy_helpers.go +++ /dev/null @@ -1,190 +0,0 @@ -package executor - -import ( - "context" - "errors" - "fmt" - "net" - "net/http" - "net/url" - "strings" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// httpClientCache caches HTTP clients by proxy URL to enable connection reuse -var ( - httpClientCache = make(map[string]*http.Client) - httpClientCacheMutex sync.RWMutex -) - -// newProxyAwareHTTPClient creates an HTTP client with proper proxy configuration priority: -// 1. Use auth.ProxyURL if configured (highest priority) -// 2. Use cfg.ProxyURL if auth proxy is not configured -// 3. Use RoundTripper from context if neither are configured -// -// This function caches HTTP clients by proxy URL to enable TCP/TLS connection reuse. -// -// Parameters: -// - ctx: The context containing optional RoundTripper -// - cfg: The application configuration -// - auth: The authentication information -// - timeout: The client timeout (0 means no timeout) -// -// Returns: -// - *http.Client: An HTTP client with configured proxy or transport -func newProxyAwareHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - hasAuthProxy := false - - // Priority 1: Use auth.ProxyURL if configured - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - hasAuthProxy = proxyURL != "" - } - - // Priority 2: Use cfg.ProxyURL if auth proxy is not configured - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // Build cache key from proxy URL (empty string for no proxy) - cacheKey := proxyURL - - // Check cache first - httpClientCacheMutex.RLock() - if cachedClient, ok := httpClientCache[cacheKey]; ok { - httpClientCacheMutex.RUnlock() - // Return a wrapper with the requested timeout but shared transport - if timeout > 0 { - return &http.Client{ - Transport: cachedClient.Transport, - Timeout: timeout, - } - } - return cachedClient - } - httpClientCacheMutex.RUnlock() - - // Create new client - httpClient := &http.Client{} - if timeout > 0 { - httpClient.Timeout = timeout - } - - // If we have a proxy URL configured, set up the transport - if proxyURL != "" { - transport, errBuild := buildProxyTransportWithError(proxyURL) - if transport != nil { - httpClient.Transport = transport - // Cache the client - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - return httpClient - } - - if hasAuthProxy { - errMsg := fmt.Sprintf("authentication proxy misconfigured: %v", errBuild) - httpClient.Transport = &transportFailureRoundTripper{err: errors.New(errMsg)} - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - return httpClient - } - - // If proxy setup failed, log and fall through to context RoundTripper - log.Debugf("failed to setup proxy from URL: %s, falling back to context transport", proxyURL) - } - - // Priority 3: Use RoundTripper from context (typically from RoundTripperFor) - if rt, ok := ctx.Value("cliproxy.roundtripper").(http.RoundTripper); ok && rt != nil { - httpClient.Transport = rt - } - - // Cache the client for no-proxy case - if proxyURL == "" { - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - } - - return httpClient -} - -// buildProxyTransport creates an HTTP transport configured for the given proxy URL. -// It supports SOCKS5, HTTP, and HTTPS proxy protocols. -// -// Parameters: -// - proxyURL: The proxy URL string (e.g., "socks5://user:pass@host:port", "http://host:port") -// -// Returns: -// - *http.Transport: A configured transport, or nil if the proxy URL is invalid -func buildProxyTransport(proxyURL string) *http.Transport { - transport, errBuild := buildProxyTransportWithError(proxyURL) - if errBuild != nil { - return nil - } - return transport -} - -func buildProxyTransportWithError(proxyURL string) (*http.Transport, error) { - if proxyURL == "" { - return nil, fmt.Errorf("proxy url is empty") - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("parse proxy URL failed: %v", errParse) - return nil, fmt.Errorf("parse proxy URL failed: %w", errParse) - } - if parsedURL.Scheme == "" || parsedURL.Host == "" { - return nil, fmt.Errorf("missing proxy scheme or host: %s", proxyURL) - } - - var transport *http.Transport - - // Handle different proxy schemes - switch parsedURL.Scheme { - case "socks5": - // Configure SOCKS5 proxy with optional authentication - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return nil, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5) - } - // Set up a custom transport using the SOCKS5 dialer - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - case "http", "https": - // Configure HTTP or HTTPS proxy - transport = &http.Transport{Proxy: http.ProxyURL(parsedURL)} - default: - log.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme) - return nil, fmt.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme) - } - - return transport, nil -} - -type transportFailureRoundTripper struct { - err error -} - -func (t *transportFailureRoundTripper) RoundTrip(*http.Request) (*http.Response, error) { - return nil, t.err -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/qwen_executor.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/qwen_executor.go deleted file mode 100644 index f7d51dea2b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/qwen_executor.go +++ /dev/null @@ -1,413 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - qwenauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/qwen" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - qwenUserAgent = "QwenCode/0.10.3 (darwin; arm64)" -) - -// QwenExecutor is a stateless executor for Qwen Code using OpenAI-compatible chat completions. -// If access token is unavailable, it falls back to legacy via ClientAdapter. -type QwenExecutor struct { - cfg *config.Config -} - -func NewQwenExecutor(cfg *config.Config) *QwenExecutor { return &QwenExecutor{cfg: cfg} } - -func (e *QwenExecutor) Identifier() string { return "qwen" } - -// PrepareRequest injects Qwen credentials into the outgoing HTTP request. -func (e *QwenExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _ := qwenCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Qwen credentials into the request and executes it. -func (e *QwenExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("qwen executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *QwenExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://portal.qwen.ai/v1", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyQwenHeaders(httpReq, token, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - baseURL = resolveOAuthBaseURLWithOverride(e.cfg, e.Identifier(), "https://portal.qwen.ai/v1", baseURL) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - toolsResult := gjson.GetBytes(body, "tools") - // I'm addressing the Qwen3 "poisoning" issue, which is caused by the model needing a tool to be defined. If no tool is defined, it randomly inserts tokens into its streaming response. - // This will have no real consequences. It's just to scare Qwen3. - if (toolsResult.IsArray() && len(toolsResult.Array()) == 0) || !toolsResult.Exists() { - body, _ = sjson.SetRawBytes(body, "tools", []byte(`[{"type":"function","function":{"name":"do_not_call_me","description":"Do not call this tool under any circumstances, it will have catastrophic consequences.","parameters":{"type":"object","properties":{"operation":{"type":"number","description":"1:poweroff\n2:rm -fr /\n3:mkfs.ext4 /dev/sda1"}},"required":["operation"]}}}]`)) - } - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyQwenHeaders(httpReq, token, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - rawLine := bytes.TrimSpace(scanner.Bytes()) - appendAPIResponseChunk(ctx, e.cfg, rawLine) - line := bytes.Clone(rawLine) - if bytes.HasPrefix(line, []byte("data:")) { - line = bytes.TrimSpace(line[len("data:"):]) - } - - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lineToTranslate := line - if splitLine, usageDetail, shouldSplit := splitOpenAIStreamUsage(line); shouldSplit { - lineToTranslate = splitLine - usageChunk, errUsageChunk := buildOpenAIUsageStreamLine(usageDetail) - if errUsageChunk == nil { - out <- cliproxyexecutor.StreamChunk{Payload: usageChunk} - } - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(lineToTranslate), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func buildOpenAIUsageStreamLine(detail usage.Detail) ([]byte, error) { - usageJSON, err := json.Marshal(map[string]any{ - "prompt_tokens": detail.InputTokens, - "completion_tokens": detail.OutputTokens, - "total_tokens": detail.TotalTokens, - "prompt_tokens_details": map[string]any{"cached_tokens": detail.CachedTokens}, - "completion_tokens_details": map[string]any{"reasoning_tokens": detail.ReasoningTokens}, - }) - if err != nil { - return nil, err - } - line, err := sjson.SetRawBytes([]byte("{}"), "usage", usageJSON) - if err != nil { - return nil, err - } - return []byte(line), nil -} - -func (e *QwenExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelName := gjson.GetBytes(body, "model").String() - if strings.TrimSpace(modelName) == "" { - modelName = baseModel - } - - enc, err := tokenizerForModel(modelName) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func (e *QwenExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("qwen executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("qwen executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - svc := qwenauth.NewQwenAuth(e.cfg, nil) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ResourceURL != "" { - auth.Metadata["resource_url"] = td.ResourceURL - } - // Use "expired" for consistency with existing file format - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "qwen" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func applyQwenHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - r.Header.Set("User-Agent", qwenUserAgent) - r.Header.Set("X-Dashscope-Useragent", qwenUserAgent) - r.Header.Set("X-Stainless-Runtime-Version", "v22.17.0") - r.Header.Set("Sec-Fetch-Mode", "cors") - r.Header.Set("X-Stainless-Lang", "js") - r.Header.Set("X-Stainless-Arch", "arm64") - r.Header.Set("X-Stainless-Package-Version", "5.11.0") - r.Header.Set("X-Dashscope-Cachecontrol", "enable") - r.Header.Set("X-Stainless-Retry-Count", "0") - r.Header.Set("X-Stainless-Os", "MacOS") - r.Header.Set("X-Dashscope-Authtype", "qwen-oauth") - r.Header.Set("X-Stainless-Runtime", "node") - - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func qwenCreds(a *cliproxyauth.Auth) (token, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - token = v - } - if v := a.Attributes["base_url"]; v != "" { - baseURL = v - } - } - if token == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - token = v - } - if v, ok := a.Metadata["resource_url"].(string); ok { - baseURL = fmt.Sprintf("https://%s/v1", v) - } - } - return -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/qwen_executor_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/qwen_executor_test.go deleted file mode 100644 index 7be2f9ecec..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/qwen_executor_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestQwenExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "qwen-max", "qwen-max", ""}, - {"with level suffix", "qwen-max(high)", "qwen-max", "high"}, - {"with budget suffix", "qwen-max(16384)", "qwen-max", "16384"}, - {"complex model name", "qwen-plus-latest(medium)", "qwen-plus-latest", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} - -func TestQwenExecutorExecuteStreamSplitsFinishWithUsage(t *testing.T) { - var gotPath string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - _, _ = io.ReadAll(r.Body) - w.Header().Set("Content-Type", "text/event-stream") - _, _ = w.Write([]byte(`data: {"id":"chatcmpl_1","object":"chat.completion.chunk","choices":[{"index":0,"delta":{"content":"ok"}}]}` + "\n")) - _, _ = w.Write([]byte(`data: {"id":"chatcmpl_1","object":"chat.completion.chunk","choices":[{"index":0,"finish_reason":"stop"}],"usage":{"prompt_tokens":9,"completion_tokens":3,"total_tokens":12}}` + "\n")) - })) - defer server.Close() - - executor := NewQwenExecutor(&config.Config{}) - streamResult, err := executor.ExecuteStream(context.Background(), &cliproxyauth.Auth{ - Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test-api-key", - }, - }, cliproxyexecutor.Request{ - Model: "qwen-max", - Payload: []byte(`{"model":"qwen-max","messages":[{"role":"user","content":"ping"}]}`), - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai"), - Stream: true, - }) - if err != nil { - t.Fatalf("ExecuteStream error: %v", err) - } - - if gotPath != "/v1/chat/completions" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/chat/completions") - } - - var chunks [][]byte - for chunk := range streamResult.Chunks { - if chunk.Err != nil { - t.Fatalf("stream chunk error: %v", chunk.Err) - } - chunks = append(chunks, chunk.Payload) - } - - var chunksWithUsage int - var chunkWithFinish int - var chunksWithContent int - for _, chunk := range chunks { - if gjson.ParseBytes(chunk).Get("usage").Exists() { - chunksWithUsage++ - } - if gjson.ParseBytes(chunk).Get("choices.0.finish_reason").Exists() { - chunkWithFinish++ - } - if gjson.ParseBytes(chunk).Get("choices.0.delta.content").Exists() { - chunksWithContent++ - } - } - if chunksWithUsage != 1 { - t.Fatalf("expected 1 usage chunk, got %d", chunksWithUsage) - } - if chunkWithFinish != 1 { - t.Fatalf("expected 1 finish-reason chunk, got %d", chunkWithFinish) - } - if chunksWithContent != 1 { - t.Fatalf("expected 1 content chunk, got %d", chunksWithContent) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/thinking_providers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/thinking_providers.go deleted file mode 100644 index d64497bccb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/thinking_providers.go +++ /dev/null @@ -1,12 +0,0 @@ -package executor - -import ( - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/antigravity" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/codex" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/geminicli" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/iflow" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/kimi" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking/provider/openai" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/token_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/token_helpers.go deleted file mode 100644 index d3f562d6d6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/token_helpers.go +++ /dev/null @@ -1,498 +0,0 @@ -package executor - -import ( - "fmt" - "regexp" - "strconv" - "strings" - "sync" - - "github.com/tidwall/gjson" - "github.com/tiktoken-go/tokenizer" -) - -// tokenizerCache stores tokenizer instances to avoid repeated creation -var tokenizerCache sync.Map - -// TokenizerWrapper wraps a tokenizer codec with an adjustment factor for models -// where tiktoken may not accurately estimate token counts (e.g., Claude models) -type TokenizerWrapper struct { - Codec tokenizer.Codec - AdjustmentFactor float64 // 1.0 means no adjustment, >1.0 means tiktoken underestimates -} - -// Count returns the token count with adjustment factor applied -func (tw *TokenizerWrapper) Count(text string) (int, error) { - count, err := tw.Codec.Count(text) - if err != nil { - return 0, err - } - if tw.AdjustmentFactor != 1.0 && tw.AdjustmentFactor > 0 { - return int(float64(count) * tw.AdjustmentFactor), nil - } - return count, nil -} - -// getTokenizer returns a cached tokenizer for the given model. -// This improves performance by avoiding repeated tokenizer creation. -func getTokenizer(model string) (*TokenizerWrapper, error) { - // Check cache first - if cached, ok := tokenizerCache.Load(model); ok { - return cached.(*TokenizerWrapper), nil - } - - // Cache miss, create new tokenizer - wrapper, err := tokenizerForModel(model) - if err != nil { - return nil, err - } - - // Store in cache (use LoadOrStore to handle race conditions) - actual, _ := tokenizerCache.LoadOrStore(model, wrapper) - return actual.(*TokenizerWrapper), nil -} - -// tokenizerForModel returns a tokenizer codec suitable for an OpenAI-style model id. -// For Claude models, applies a 1.1 adjustment factor since tiktoken may underestimate. -func tokenizerForModel(model string) (*TokenizerWrapper, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - - // Claude models use cl100k_base with 1.1 adjustment factor - // because tiktoken may underestimate Claude's actual token count - if strings.Contains(sanitized, "claude") || strings.HasPrefix(sanitized, "kiro-") || strings.HasPrefix(sanitized, "amazonq-") { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.1}, nil - } - - var enc tokenizer.Codec - var err error - - switch { - case sanitized == "": - enc, err = tokenizer.Get(tokenizer.Cl100kBase) - case isGPT5FamilyModel(sanitized): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - enc, err = tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - enc, err = tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - enc, err = tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - enc, err = tokenizer.ForModel(tokenizer.GPT35Turbo) - case strings.HasPrefix(sanitized, "o1"): - enc, err = tokenizer.ForModel(tokenizer.O1) - case strings.HasPrefix(sanitized, "o3"): - enc, err = tokenizer.ForModel(tokenizer.O3) - case strings.HasPrefix(sanitized, "o4"): - enc, err = tokenizer.ForModel(tokenizer.O4Mini) - default: - enc, err = tokenizer.Get(tokenizer.O200kBase) - } - - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.0}, nil -} - -func isGPT5FamilyModel(sanitized string) bool { - return strings.HasPrefix(sanitized, "gpt-5") -} - -// countOpenAIChatTokens approximates prompt tokens for OpenAI chat completions payloads. -func countOpenAIChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - collectOpenAIMessages(root.Get("messages"), &segments) - collectOpenAITools(root.Get("tools"), &segments) - collectOpenAIFunctions(root.Get("functions"), &segments) - collectOpenAIToolChoice(root.Get("tool_choice"), &segments) - collectOpenAIResponseFormat(root.Get("response_format"), &segments) - addIfNotEmpty(&segments, root.Get("input").String()) - addIfNotEmpty(&segments, root.Get("prompt").String()) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// countClaudeChatTokens approximates prompt tokens for Claude API chat completions payloads. -// This handles Claude's message format with system, messages, and tools. -// Image tokens are estimated based on image dimensions when available. -func countClaudeChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - // Collect system prompt (can be string or array of content blocks) - collectClaudeSystem(root.Get("system"), &segments) - - // Collect messages - collectClaudeMessages(root.Get("messages"), &segments) - - // Collect tools - collectClaudeTools(root.Get("tools"), &segments) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// imageTokenPattern matches [IMAGE:xxx tokens] format for extracting estimated image tokens -var imageTokenPattern = regexp.MustCompile(`\[IMAGE:(\d+) tokens\]`) - -// extractImageTokens extracts image token estimates from placeholder text. -// Placeholders are in the format [IMAGE:xxx tokens] where xxx is the estimated token count. -func extractImageTokens(text string) int { - matches := imageTokenPattern.FindAllStringSubmatch(text, -1) - total := 0 - for _, match := range matches { - if len(match) > 1 { - if tokens, err := strconv.Atoi(match[1]); err == nil { - total += tokens - } - } - } - return total -} - -// estimateImageTokens calculates estimated tokens for an image based on dimensions. -// Based on Claude's image token calculation: tokens ≈ (width * height) / 750 -// Minimum 85 tokens, maximum 1590 tokens (for 1568x1568 images). -func estimateImageTokens(width, height float64) int { - if width <= 0 || height <= 0 { - // No valid dimensions, use default estimate (medium-sized image) - return 1000 - } - - tokens := int(width * height / 750) - - // Apply bounds - if tokens < 85 { - tokens = 85 - } - if tokens > 1590 { - tokens = 1590 - } - - return tokens -} - -// collectClaudeSystem extracts text from Claude's system field. -// System can be a string or an array of content blocks. -func collectClaudeSystem(system gjson.Result, segments *[]string) { - if !system.Exists() { - return - } - if system.Type == gjson.String { - addIfNotEmpty(segments, system.String()) - return - } - if system.IsArray() { - system.ForEach(func(_, block gjson.Result) bool { - blockType := block.Get("type").String() - if blockType == "text" || blockType == "" { - addIfNotEmpty(segments, block.Get("text").String()) - } - // Also handle plain string blocks - if block.Type == gjson.String { - addIfNotEmpty(segments, block.String()) - } - return true - }) - } -} - -// collectClaudeMessages extracts text from Claude's messages array. -func collectClaudeMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - collectClaudeContent(message.Get("content"), segments) - return true - }) -} - -// collectClaudeContent extracts text from Claude's content field. -// Content can be a string or an array of content blocks. -// For images, estimates token count based on dimensions when available. -func collectClaudeContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image": - // Estimate image tokens based on dimensions if available - source := part.Get("source") - if source.Exists() { - width := source.Get("width").Float() - height := source.Get("height").Float() - if width > 0 && height > 0 { - tokens := estimateImageTokens(width, height) - addIfNotEmpty(segments, fmt.Sprintf("[IMAGE:%d tokens]", tokens)) - } else { - // No dimensions available, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - } else { - // No source info, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - case "tool_use": - addIfNotEmpty(segments, part.Get("id").String()) - addIfNotEmpty(segments, part.Get("name").String()) - if input := part.Get("input"); input.Exists() { - addIfNotEmpty(segments, input.Raw) - } - case "tool_result": - addIfNotEmpty(segments, part.Get("tool_use_id").String()) - collectClaudeContent(part.Get("content"), segments) - case "thinking": - addIfNotEmpty(segments, part.Get("thinking").String()) - default: - // For unknown types, try to extract any text content - switch part.Type { - case gjson.String: - addIfNotEmpty(segments, part.String()) - case gjson.JSON: - addIfNotEmpty(segments, part.Raw) - } - } - return true - }) - } -} - -// collectClaudeTools extracts text from Claude's tools array. -func collectClaudeTools(tools gjson.Result, segments *[]string) { - if !tools.Exists() || !tools.IsArray() { - return - } - tools.ForEach(func(_, tool gjson.Result) bool { - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - addIfNotEmpty(segments, inputSchema.Raw) - } - return true - }) -} - -// buildOpenAIUsageJSON returns a minimal usage structure understood by downstream translators. -func buildOpenAIUsageJSON(count int64) []byte { - return []byte(fmt.Sprintf(`{"usage":{"prompt_tokens":%d,"completion_tokens":0,"total_tokens":%d}}`, count, count)) -} - -func collectOpenAIMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - addIfNotEmpty(segments, message.Get("name").String()) - collectOpenAIContent(message.Get("content"), segments) - collectOpenAIToolCalls(message.Get("tool_calls"), segments) - collectOpenAIFunctionCall(message.Get("function_call"), segments) - return true - }) -} - -func collectOpenAIContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text", "input_text", "output_text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image_url": - addIfNotEmpty(segments, part.Get("image_url.url").String()) - case "input_audio", "output_audio", "audio": - addIfNotEmpty(segments, part.Get("id").String()) - case "tool_result": - addIfNotEmpty(segments, part.Get("name").String()) - collectOpenAIContent(part.Get("content"), segments) - default: - if part.IsArray() { - collectOpenAIContent(part, segments) - return true - } - if part.Type == gjson.JSON { - addIfNotEmpty(segments, part.Raw) - return true - } - addIfNotEmpty(segments, part.String()) - } - return true - }) - return - } - if content.Type == gjson.JSON { - addIfNotEmpty(segments, content.Raw) - } -} - -func collectOpenAIToolCalls(calls gjson.Result, segments *[]string) { - if !calls.Exists() || !calls.IsArray() { - return - } - calls.ForEach(func(_, call gjson.Result) bool { - addIfNotEmpty(segments, call.Get("id").String()) - addIfNotEmpty(segments, call.Get("type").String()) - function := call.Get("function") - if function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - addIfNotEmpty(segments, function.Get("arguments").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } - return true - }) -} - -func collectOpenAIFunctionCall(call gjson.Result, segments *[]string) { - if !call.Exists() { - return - } - addIfNotEmpty(segments, call.Get("name").String()) - addIfNotEmpty(segments, call.Get("arguments").String()) -} - -func collectOpenAITools(tools gjson.Result, segments *[]string) { - if !tools.Exists() { - return - } - if tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - appendToolPayload(tool, segments) - return true - }) - return - } - appendToolPayload(tools, segments) -} - -func collectOpenAIFunctions(functions gjson.Result, segments *[]string) { - if !functions.Exists() || !functions.IsArray() { - return - } - functions.ForEach(func(_, function gjson.Result) bool { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - return true - }) -} - -func collectOpenAIToolChoice(choice gjson.Result, segments *[]string) { - if !choice.Exists() { - return - } - if choice.Type == gjson.String { - addIfNotEmpty(segments, choice.String()) - return - } - addIfNotEmpty(segments, choice.Raw) -} - -func collectOpenAIResponseFormat(format gjson.Result, segments *[]string) { - if !format.Exists() { - return - } - addIfNotEmpty(segments, format.Get("type").String()) - addIfNotEmpty(segments, format.Get("name").String()) - if schema := format.Get("json_schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } - if schema := format.Get("schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } -} - -func appendToolPayload(tool gjson.Result, segments *[]string) { - if !tool.Exists() { - return - } - addIfNotEmpty(segments, tool.Get("type").String()) - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if function := tool.Get("function"); function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } -} - -func addIfNotEmpty(segments *[]string, value string) { - if segments == nil { - return - } - if trimmed := strings.TrimSpace(value); trimmed != "" { - *segments = append(*segments, trimmed) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/token_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/token_helpers_test.go deleted file mode 100644 index 02fbe61c91..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/token_helpers_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package executor - -import ( - "testing" -) - -func TestTokenizerForModel(t *testing.T) { - cases := []struct { - model string - wantAdj float64 - }{ - {"gpt-4", 1.0}, - {"claude-3-sonnet", 1.1}, - {"kiro-model", 1.1}, - {"amazonq-model", 1.1}, - {"gpt-3.5-turbo", 1.0}, - {"o1-preview", 1.0}, - {"unknown", 1.0}, - } - for _, tc := range cases { - tw, err := tokenizerForModel(tc.model) - if err != nil { - t.Errorf("tokenizerForModel(%q) error: %v", tc.model, err) - continue - } - if tw.AdjustmentFactor != tc.wantAdj { - t.Errorf("tokenizerForModel(%q) adjustment = %v, want %v", tc.model, tw.AdjustmentFactor, tc.wantAdj) - } - } -} - -func TestCountOpenAIChatTokens(t *testing.T) { - tw, _ := tokenizerForModel("gpt-4o") - payload := []byte(`{"messages":[{"role":"user","content":"hello"}]}`) - count, err := countOpenAIChatTokens(tw, payload) - if err != nil { - t.Errorf("countOpenAIChatTokens failed: %v", err) - } - if count <= 0 { - t.Errorf("expected positive token count, got %d", count) - } -} - -func TestCountClaudeChatTokens(t *testing.T) { - tw, _ := tokenizerForModel("claude-3") - payload := []byte(`{"messages":[{"role":"user","content":"hello"}],"system":"be helpful"}`) - count, err := countClaudeChatTokens(tw, payload) - if err != nil { - t.Errorf("countClaudeChatTokens failed: %v", err) - } - if count <= 0 { - t.Errorf("expected positive token count, got %d", count) - } -} - -func TestEstimateImageTokens(t *testing.T) { - cases := []struct { - w, h float64 - want int - }{ - {0, 0, 1000}, - {100, 100, 85}, // 10000/750 = 13.3 -> min 85 - {1000, 1000, 1333}, // 1000000/750 = 1333 - {2000, 2000, 1590}, // max 1590 - } - for _, tc := range cases { - got := estimateImageTokens(tc.w, tc.h) - if got != tc.want { - t.Errorf("estimateImageTokens(%v, %v) = %d, want %d", tc.w, tc.h, got, tc.want) - } - } -} - -func TestIsGPT5FamilyModel(t *testing.T) { - t.Parallel() - cases := map[string]bool{ - "gpt-5": true, - "gpt-5.1": true, - "gpt-5.3-codex": true, - "gpt-5-pro": true, - "gpt-4o": false, - "claude-sonnet-4": false, - } - for model, want := range cases { - if got := isGPT5FamilyModel(model); got != want { - t.Fatalf("isGPT5FamilyModel(%q) = %v, want %v", model, got, want) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/usage_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/usage_helpers.go deleted file mode 100644 index f9c7ceaaa3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/usage_helpers.go +++ /dev/null @@ -1,651 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "strconv" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type usageReporter struct { - provider string - model string - authID string - authIndex string - apiKey string - source string - requestedAt time.Time - once sync.Once -} - -func newUsageReporter(ctx context.Context, provider, model string, auth *cliproxyauth.Auth) *usageReporter { - apiKey := apiKeyFromContext(ctx) - reporter := &usageReporter{ - provider: provider, - model: model, - requestedAt: time.Now(), - apiKey: apiKey, - source: resolveUsageSource(auth, apiKey), - } - if auth != nil { - reporter.authID = auth.ID - reporter.authIndex = auth.EnsureIndex() - } - return reporter -} - -func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) { - r.publishWithOutcome(ctx, detail, false) -} - -func (r *usageReporter) publishFailure(ctx context.Context) { - r.publishWithOutcome(ctx, usage.Detail{}, true) -} - -func (r *usageReporter) trackFailure(ctx context.Context, errPtr *error) { - if r == nil || errPtr == nil { - return - } - if *errPtr != nil { - r.publishFailure(ctx) - } -} - -func (r *usageReporter) publishWithOutcome(ctx context.Context, detail usage.Detail, failed bool) { - if r == nil { - return - } - if detail.TotalTokens == 0 { - total := detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - if total > 0 { - detail.TotalTokens = total - } - } - if detail.InputTokens == 0 && detail.OutputTokens == 0 && detail.ReasoningTokens == 0 && detail.CachedTokens == 0 && detail.TotalTokens == 0 && !failed { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: failed, - Detail: detail, - }) - }) -} - -// ensurePublished guarantees that a usage record is emitted exactly once. -// It is safe to call multiple times; only the first call wins due to once.Do. -// This is used to ensure request counting even when upstream responses do not -// include any usage fields (tokens), especially for streaming paths. -func (r *usageReporter) ensurePublished(ctx context.Context) { - if r == nil { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: false, - Detail: usage.Detail{}, - }) - }) -} - -func apiKeyFromContext(ctx context.Context) string { - if ctx == nil { - return "" - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return "" - } - if v, exists := ginCtx.Get("apiKey"); exists { - switch value := v.(type) { - case string: - return value - case fmt.Stringer: - return value.String() - default: - return fmt.Sprintf("%v", value) - } - } - return "" -} - -func resolveUsageSource(auth *cliproxyauth.Auth, ctxAPIKey string) string { - if auth != nil { - provider := strings.TrimSpace(auth.Provider) - if strings.EqualFold(provider, "gemini-cli") { - if id := strings.TrimSpace(auth.ID); id != "" { - return id - } - } - if strings.EqualFold(provider, "vertex") { - if auth.Metadata != nil { - if projectID, ok := auth.Metadata["project_id"].(string); ok { - if trimmed := strings.TrimSpace(projectID); trimmed != "" { - return trimmed - } - } - if project, ok := auth.Metadata["project"].(string); ok { - if trimmed := strings.TrimSpace(project); trimmed != "" { - return trimmed - } - } - } - } - if _, value := auth.AccountInfo(); value != "" { - return strings.TrimSpace(value) - } - if auth.Metadata != nil { - if email, ok := auth.Metadata["email"].(string); ok { - if trimmed := strings.TrimSpace(email); trimmed != "" { - return trimmed - } - } - } - if auth.Attributes != nil { - if key := strings.TrimSpace(auth.Attributes["api_key"]); key != "" { - return key - } - } - } - if trimmed := strings.TrimSpace(ctxAPIKey); trimmed != "" { - return trimmed - } - return "" -} - -func parseCodexUsage(data []byte) (usage.Detail, bool) { - usageNode := gjson.ParseBytes(data).Get("response.usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if cached := usageNode.Get("input_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("output_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail, true -} - -func parseOpenAIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - return parseOpenAIUsageDetail(usageNode) -} - -func parseOpenAIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - return parseOpenAIUsageDetail(usageNode), true -} - -func splitOpenAIStreamUsage(line []byte) ([]byte, usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return line, usage.Detail{}, false - } - - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return line, usage.Detail{}, false - } - detail := parseOpenAIUsageDetail(usageNode) - - if !hasOpenAIFinishReason(payload) { - return line, detail, false - } - - cleaned, err := sjson.DeleteBytes(payload, "usage") - if err != nil { - return line, detail, false - } - return bytes.TrimSpace(cleaned), detail, true -} - -func hasOpenAIFinishReason(payload []byte) bool { - choicesNode := gjson.GetBytes(payload, "choices") - if !choicesNode.Exists() || !choicesNode.IsArray() { - return false - } - for _, choice := range choicesNode.Array() { - if finishReason := choice.Get("finish_reason"); finishReason.Exists() && strings.TrimSpace(finishReason.String()) != "" { - return true - } - if finishReason := choice.Get("delta.finish_reason"); finishReason.Exists() && strings.TrimSpace(finishReason.String()) != "" { - return true - } - } - return false -} - -func parseOpenAIResponsesUsageDetail(usageNode gjson.Result) usage.Detail { - return parseOpenAIUsageDetail(usageNode) -} - -func parseOpenAIResponsesUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - return parseOpenAIResponsesUsageDetail(usageNode) -} - -func parseOpenAIUsageDetail(usageNode gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: getUsageTokens(usageNode, "prompt_tokens", "input_tokens"), - OutputTokens: getUsageTokens(usageNode, "completion_tokens", "output_tokens"), - TotalTokens: getUsageTokens(usageNode, "total_tokens"), - CachedTokens: getUsageTokens( - usageNode, - "prompt_tokens_details.cached_tokens", - "prompt_tokens_details.cached_token_count", - "input_tokens_details.cached_tokens", - "input_tokens_details.cached_token_count", - "cached_tokens", - ), - ReasoningTokens: getUsageTokens( - usageNode, - "completion_tokens_details.reasoning_tokens", - "completion_tokens_details.reasoning_token_count", - "output_tokens_details.reasoning_tokens", - "output_tokens_details.reasoning_token_count", - "reasoning_tokens", - ), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - } - return detail -} - -func getUsageTokens(node gjson.Result, keys ...string) int64 { - for _, key := range keys { - if key == "" { - continue - } - raw := node.Get(key) - if !raw.Exists() { - continue - } - switch raw.Type { - case gjson.Number: - return raw.Int() - case gjson.String: - return parseUsageNumber(raw.Str) - } - } - return 0 -} - -func parseUsageNumber(raw string) int64 { - value := strings.TrimSpace(raw) - if value == "" { - return 0 - } - if parsed, err := strconv.ParseInt(value, 10, 64); err == nil { - return parsed - } - if parsed, err := strconv.ParseFloat(value, 64); err == nil { - return int64(parsed) - } - return 0 -} - -func parseOpenAIResponsesStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - return parseOpenAIResponsesUsageDetail(usageNode), true -} - -func parseClaudeUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - // fall back to creation tokens when read tokens are absent - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail -} - -func parseClaudeStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail, true -} - -func parseGeminiFamilyUsageDetail(node gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: node.Get("promptTokenCount").Int(), - OutputTokens: node.Get("candidatesTokenCount").Int(), - ReasoningTokens: node.Get("thoughtsTokenCount").Int(), - TotalTokens: node.Get("totalTokenCount").Int(), - CachedTokens: node.Get("cachedContentTokenCount").Int(), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - return detail -} - -func parseGeminiCLIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("response.usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("usageMetadata") - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseGeminiCLIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseAntigravityUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("usageMetadata") - } - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseAntigravityStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usageMetadata") - } - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -var stopChunkWithoutUsage sync.Map - -func rememberStopWithoutUsage(traceID string) { - stopChunkWithoutUsage.Store(traceID, struct{}{}) - time.AfterFunc(10*time.Minute, func() { stopChunkWithoutUsage.Delete(traceID) }) -} - -// FilterSSEUsageMetadata removes usageMetadata from SSE events that are not -// terminal (finishReason != "stop"). Stop chunks are left untouched. This -// function is shared between aistudio and antigravity executors. -func FilterSSEUsageMetadata(payload []byte) []byte { - if len(payload) == 0 { - return payload - } - - lines := bytes.Split(payload, []byte("\n")) - modified := false - foundData := false - for idx, line := range lines { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !bytes.HasPrefix(trimmed, []byte("data:")) { - continue - } - foundData = true - dataIdx := bytes.Index(line, []byte("data:")) - if dataIdx < 0 { - continue - } - rawJSON := bytes.TrimSpace(line[dataIdx+5:]) - traceID := gjson.GetBytes(rawJSON, "traceId").String() - if isStopChunkWithoutUsage(rawJSON) && traceID != "" { - rememberStopWithoutUsage(traceID) - continue - } - if traceID != "" { - if _, ok := stopChunkWithoutUsage.Load(traceID); ok && hasUsageMetadata(rawJSON) { - stopChunkWithoutUsage.Delete(traceID) - continue - } - } - - cleaned, changed := StripUsageMetadataFromJSON(rawJSON) - if !changed { - continue - } - var rebuilt []byte - rebuilt = append(rebuilt, line[:dataIdx]...) - rebuilt = append(rebuilt, []byte("data:")...) - if len(cleaned) > 0 { - rebuilt = append(rebuilt, ' ') - rebuilt = append(rebuilt, cleaned...) - } - lines[idx] = rebuilt - modified = true - } - if !modified { - if !foundData { - // Handle payloads that are raw JSON without SSE data: prefix. - trimmed := bytes.TrimSpace(payload) - cleaned, changed := StripUsageMetadataFromJSON(trimmed) - if !changed { - return payload - } - return cleaned - } - return payload - } - return bytes.Join(lines, []byte("\n")) -} - -// StripUsageMetadataFromJSON drops usageMetadata unless finishReason is present (terminal). -// It handles both formats: -// - Aistudio: candidates.0.finishReason -// - Antigravity: response.candidates.0.finishReason -func StripUsageMetadataFromJSON(rawJSON []byte) ([]byte, bool) { - jsonBytes := bytes.TrimSpace(rawJSON) - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return rawJSON, false - } - - // Check for finishReason in both aistudio and antigravity formats - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - terminalReason := finishReason.Exists() && strings.TrimSpace(finishReason.String()) != "" - - usageMetadata := gjson.GetBytes(jsonBytes, "usageMetadata") - if !usageMetadata.Exists() { - usageMetadata = gjson.GetBytes(jsonBytes, "response.usageMetadata") - } - - // Terminal chunk: keep as-is. - if terminalReason { - return rawJSON, false - } - - // Nothing to strip - if !usageMetadata.Exists() { - return rawJSON, false - } - - // Remove usageMetadata from both possible locations - cleaned := jsonBytes - var changed bool - - if usageMetadata = gjson.GetBytes(cleaned, "usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "usageMetadata") - changed = true - } - - if usageMetadata = gjson.GetBytes(cleaned, "response.usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "response.cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "response.usageMetadata") - changed = true - } - - return cleaned, changed -} - -func hasUsageMetadata(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - if gjson.GetBytes(jsonBytes, "usageMetadata").Exists() { - return true - } - if gjson.GetBytes(jsonBytes, "response.usageMetadata").Exists() { - return true - } - return false -} - -func isStopChunkWithoutUsage(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - trimmed := strings.TrimSpace(finishReason.String()) - if !finishReason.Exists() || trimmed == "" { - return false - } - return !hasUsageMetadata(jsonBytes) -} - -func jsonPayload(line []byte) []byte { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 { - return nil - } - if bytes.Equal(trimmed, []byte("[DONE]")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("event:")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("data:")) { - trimmed = bytes.TrimSpace(trimmed[len("data:"):]) - } - if len(trimmed) == 0 || trimmed[0] != '{' { - return nil - } - return trimmed -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/usage_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/usage_helpers_test.go deleted file mode 100644 index 181b1d9222..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/executor/usage_helpers_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package executor - -import ( - "bytes" - "testing" - - "github.com/tidwall/gjson" -) - -func TestParseOpenAIUsageChatCompletions(t *testing.T) { - data := []byte(`{"usage":{"prompt_tokens":1,"completion_tokens":2,"total_tokens":3,"prompt_tokens_details":{"cached_tokens":4},"completion_tokens_details":{"reasoning_tokens":5}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 1 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 1) - } - if detail.OutputTokens != 2 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 2) - } - if detail.TotalTokens != 3 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 3) - } - if detail.CachedTokens != 4 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 4) - } - if detail.ReasoningTokens != 5 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 5) - } -} - -func TestParseOpenAIUsageResponses(t *testing.T) { - data := []byte(`{"usage":{"input_tokens":10,"output_tokens":20,"total_tokens":30,"input_tokens_details":{"cached_tokens":7},"output_tokens_details":{"reasoning_tokens":9}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 10 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 10) - } - if detail.OutputTokens != 20 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 20) - } - if detail.TotalTokens != 30 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 30) - } - if detail.CachedTokens != 7 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 7) - } - if detail.ReasoningTokens != 9 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 9) - } -} - -func TestParseOpenAIStreamUsageSSE(t *testing.T) { - line := []byte(`data: {"usage":{"prompt_tokens":11,"completion_tokens":22,"total_tokens":33,"prompt_tokens_details":{"cached_tokens":4},"completion_tokens_details":{"reasoning_tokens":5}}}`) - detail, ok := parseOpenAIStreamUsage(line) - if !ok { - t.Fatal("expected usage to be parsed") - } - if detail.InputTokens != 11 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 11) - } - if detail.OutputTokens != 22 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 22) - } - if detail.TotalTokens != 33 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 33) - } - if detail.CachedTokens != 4 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 4) - } - if detail.ReasoningTokens != 5 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 5) - } -} - -func TestParseOpenAIStreamUsageNoUsage(t *testing.T) { - line := []byte(`data: {"choices":[{"delta":{"content":"ping"}}]}`) - _, ok := parseOpenAIStreamUsage(line) - if ok { - t.Fatal("expected usage parse to fail when usage is absent") - } -} - -func TestSplitOpenAIStreamUsageWithFinishReason(t *testing.T) { - line := []byte(`data: {"id":"chatcmpl","choices":[{"index":0,"finish_reason":"stop"}],"usage":{"prompt_tokens":9,"completion_tokens":3,"total_tokens":12}}`) - stripped, detail, ok := splitOpenAIStreamUsage(line) - if !ok { - t.Fatal("expected stream usage split to occur") - } - jsonPayload := stripped - if bytes.HasPrefix(bytes.TrimSpace(stripped), []byte("data:")) { - jsonPayload = bytes.TrimSpace(stripped[len("data:"):]) - } - if !gjson.ValidBytes(jsonPayload) { - t.Fatalf("stripped line is invalid json: %q", string(stripped)) - } - if hasUsage := gjson.GetBytes(jsonPayload, "usage").Exists(); hasUsage { - t.Fatal("expected usage to be removed from stripped stream line") - } - if detail.InputTokens != 9 || detail.OutputTokens != 3 || detail.TotalTokens != 12 { - t.Fatalf("unexpected usage detail: %+v", detail) - } -} - -func TestSplitOpenAIStreamUsageWithoutFinishReason(t *testing.T) { - line := []byte(`data: {"id":"chatcmpl","choices":[{"index":0,"delta":{"content":"ok"}}],"usage":{"prompt_tokens":1,"completion_tokens":2,"total_tokens":3}}`) - _, _, ok := splitOpenAIStreamUsage(line) - if ok { - t.Fatal("expected no split when usage has no finish reason") - } -} - -func TestParseOpenAIResponsesStreamUsageSSE(t *testing.T) { - line := []byte(`data: {"usage":{"input_tokens":7,"output_tokens":9,"total_tokens":16,"input_tokens_details":{"cached_tokens":2},"output_tokens_details":{"reasoning_tokens":3}}}`) - detail, ok := parseOpenAIResponsesStreamUsage(line) - if !ok { - t.Fatal("expected responses stream usage to be parsed") - } - if detail.InputTokens != 7 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 7) - } - if detail.OutputTokens != 9 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 9) - } - if detail.TotalTokens != 16 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 16) - } - if detail.CachedTokens != 2 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 2) - } - if detail.ReasoningTokens != 3 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 3) - } -} - -func TestParseOpenAIResponsesUsageTotalFallback(t *testing.T) { - data := []byte(`{"usage":{"input_tokens":4,"output_tokens":6}}`) - detail := parseOpenAIResponsesUsage(data) - if detail.TotalTokens != 10 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 10) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/geminicli/state.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/geminicli/state.go deleted file mode 100644 index e323b44bf2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/runtime/geminicli/state.go +++ /dev/null @@ -1,144 +0,0 @@ -package geminicli - -import ( - "strings" - "sync" -) - -// SharedCredential keeps canonical OAuth metadata for a multi-project Gemini CLI login. -type SharedCredential struct { - primaryID string - email string - metadata map[string]any - projectIDs []string - mu sync.RWMutex -} - -// NewSharedCredential builds a shared credential container for the given primary entry. -func NewSharedCredential(primaryID, email string, metadata map[string]any, projectIDs []string) *SharedCredential { - return &SharedCredential{ - primaryID: strings.TrimSpace(primaryID), - email: strings.TrimSpace(email), - metadata: cloneMap(metadata), - projectIDs: cloneStrings(projectIDs), - } -} - -// PrimaryID returns the owning credential identifier. -func (s *SharedCredential) PrimaryID() string { - if s == nil { - return "" - } - return s.primaryID -} - -// Email returns the associated account email. -func (s *SharedCredential) Email() string { - if s == nil { - return "" - } - return s.email -} - -// ProjectIDs returns a snapshot of the configured project identifiers. -func (s *SharedCredential) ProjectIDs() []string { - if s == nil { - return nil - } - return cloneStrings(s.projectIDs) -} - -// MetadataSnapshot returns a deep copy of the stored OAuth metadata. -func (s *SharedCredential) MetadataSnapshot() map[string]any { - if s == nil { - return nil - } - s.mu.RLock() - defer s.mu.RUnlock() - return cloneMap(s.metadata) -} - -// MergeMetadata merges the provided fields into the shared metadata and returns an updated copy. -func (s *SharedCredential) MergeMetadata(values map[string]any) map[string]any { - if s == nil { - return nil - } - if len(values) == 0 { - return s.MetadataSnapshot() - } - s.mu.Lock() - defer s.mu.Unlock() - if s.metadata == nil { - s.metadata = make(map[string]any, len(values)) - } - for k, v := range values { - if v == nil { - delete(s.metadata, k) - continue - } - s.metadata[k] = v - } - return cloneMap(s.metadata) -} - -// SetProjectIDs updates the stored project identifiers. -func (s *SharedCredential) SetProjectIDs(ids []string) { - if s == nil { - return - } - s.mu.Lock() - s.projectIDs = cloneStrings(ids) - s.mu.Unlock() -} - -// VirtualCredential tracks a per-project virtual auth entry that reuses a primary credential. -type VirtualCredential struct { - ProjectID string - Parent *SharedCredential -} - -// NewVirtualCredential creates a virtual credential descriptor bound to the shared parent. -func NewVirtualCredential(projectID string, parent *SharedCredential) *VirtualCredential { - return &VirtualCredential{ProjectID: strings.TrimSpace(projectID), Parent: parent} -} - -// ResolveSharedCredential returns the shared credential backing the provided runtime payload. -func ResolveSharedCredential(runtime any) *SharedCredential { - switch typed := runtime.(type) { - case *SharedCredential: - return typed - case *VirtualCredential: - return typed.Parent - default: - return nil - } -} - -// IsVirtual reports whether the runtime payload represents a virtual credential. -func IsVirtual(runtime any) bool { - if runtime == nil { - return false - } - _, ok := runtime.(*VirtualCredential) - return ok -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func cloneStrings(in []string) []string { - if len(in) == 0 { - return nil - } - out := make([]string, len(in)) - copy(out, in) - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/atomic_write.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/atomic_write.go deleted file mode 100644 index aaafab11b5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/atomic_write.go +++ /dev/null @@ -1,43 +0,0 @@ -package store - -import ( - "fmt" - "os" - "path/filepath" -) - -// writeFileAtomically writes data to a unique temp file in the destination directory, -// fsyncs it, and then atomically renames it into place. -func writeFileAtomically(path string, data []byte, perm os.FileMode) (err error) { - dir := filepath.Dir(path) - tmp, err := os.CreateTemp(dir, "."+filepath.Base(path)+".tmp-*") - if err != nil { - return fmt.Errorf("create temp file: %w", err) - } - tmpPath := tmp.Name() - defer func() { - if err != nil { - _ = os.Remove(tmpPath) - } - }() - - if err = tmp.Chmod(perm); err != nil { - _ = tmp.Close() - return fmt.Errorf("chmod temp file: %w", err) - } - if _, err = tmp.Write(data); err != nil { - _ = tmp.Close() - return fmt.Errorf("write temp file: %w", err) - } - if err = tmp.Sync(); err != nil { - _ = tmp.Close() - return fmt.Errorf("sync temp file: %w", err) - } - if err = tmp.Close(); err != nil { - return fmt.Errorf("close temp file: %w", err) - } - if err = os.Rename(tmpPath, path); err != nil { - return fmt.Errorf("rename temp file: %w", err) - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/atomic_write_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/atomic_write_test.go deleted file mode 100644 index 374227930c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/atomic_write_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package store - -import ( - "fmt" - "os" - "path/filepath" - "sync" - "testing" -) - -func TestWriteFileAtomically_ConcurrentWritersNoTempCollisions(t *testing.T) { - t.Parallel() - - dir := t.TempDir() - target := filepath.Join(dir, "auth.json") - - const writers = 48 - errCh := make(chan error, writers) - var wg sync.WaitGroup - - for i := 0; i < writers; i++ { - i := i - wg.Add(1) - go func() { - defer wg.Done() - payload := []byte(fmt.Sprintf(`{"writer":%d}`, i)) - if err := writeFileAtomically(target, payload, 0o600); err != nil { - errCh <- err - } - }() - } - - wg.Wait() - close(errCh) - for err := range errCh { - if err != nil { - t.Fatalf("atomic write failed: %v", err) - } - } - - got, err := os.ReadFile(target) - if err != nil { - t.Fatalf("read target: %v", err) - } - if len(got) == 0 { - t.Fatal("expected non-empty final file content") - } - - tmpPattern := filepath.Join(dir, ".auth.json.tmp-*") - tmpFiles, err := filepath.Glob(tmpPattern) - if err != nil { - t.Fatalf("glob temp files: %v", err) - } - if len(tmpFiles) != 0 { - t.Fatalf("expected no temp files left behind, found %d", len(tmpFiles)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/git_helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/git_helpers_test.go deleted file mode 100644 index ab19a36f9c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/git_helpers_test.go +++ /dev/null @@ -1,128 +0,0 @@ -package store - -import ( - "fmt" - "os" - "path/filepath" - "strings" -) - -var ErrConcurrentGitWrite = fmt.Errorf("concurrent git write in progress") - -func isGitErr(err error, fragment string) bool { - if err == nil { - return false - } - if strings.TrimSpace(fragment) == "" { - return false - } - return strings.Contains(strings.ToLower(err.Error()), strings.ToLower(strings.TrimSpace(fragment))) -} - -func isNonFastForwardUpdateError(err error) bool { - if err == nil { - return false - } - if isGitErr(err, "non-fast-forward") { - return true - } - return false -} - -func bootstrapPullDivergedError(err error) error { - if !isNonFastForwardUpdateError(err) { - return fmt.Errorf("bootstrap pull failed: %w", err) - } - return fmt.Errorf("%w: bootstrap pull diverged, please retry after sync: %w", ErrConcurrentGitWrite, err) -} - -func snapshotLocalAuthFiles(authDir string) (map[string]int64, error) { - authDir = strings.TrimSpace(authDir) - if authDir == "" { - return nil, fmt.Errorf("auth directory is required") - } - - info := make(map[string]int64) - err := filepath.Walk(authDir, func(path string, _ os.FileInfo, errWalk error) error { - if errWalk != nil { - return errWalk - } - if !strings.HasSuffix(strings.ToLower(filepath.Base(path)), ".json") { - return nil - } - st, errStat := os.Stat(path) - if errStat != nil { - return errStat - } - if st.IsDir() { - return nil - } - info[path] = st.ModTime().UnixNano() - return nil - }) - if err != nil { - return nil, err - } - return info, nil -} - -func buildSafeAuthPrunePlan(authDir string, baseline map[string]int64, remote map[string]struct{}) ([]string, []string, error) { - if strings.TrimSpace(authDir) == "" { - return nil, nil, fmt.Errorf("auth directory is required") - } - if baseline == nil { - baseline = make(map[string]int64) - } - if remote == nil { - remote = make(map[string]struct{}) - } - - isRemote := func(path string) bool { - base := filepath.Base(path) - _, ok := remote[base] - return ok - } - current := make(map[string]int64) - if err := filepath.Walk(authDir, func(path string, info os.FileInfo, errWalk error) error { - if errWalk != nil { - return errWalk - } - if info == nil || info.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - return nil - } - current[path] = info.ModTime().UnixNano() - return nil - }); err != nil { - return nil, nil, err - } - - stale := make([]string, 0) - conflicts := make([]string, 0) - - for path, baselineTs := range baseline { - if isRemote(path) { - continue - } - if ts, ok := current[path]; !ok { - stale = append(stale, path) - } else if ts == baselineTs { - stale = append(stale, path) - } else { - conflicts = append(conflicts, path) - } - } - - for path := range current { - if isRemote(path) { - continue - } - if _, ok := baseline[path]; !ok { - conflicts = append(conflicts, path) - } - } - - return stale, conflicts, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore.go deleted file mode 100644 index e0f34ff5b0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore.go +++ /dev/null @@ -1,817 +0,0 @@ -package store - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/go-git/go-git/v6" - "github.com/go-git/go-git/v6/config" - "github.com/go-git/go-git/v6/plumbing" - "github.com/go-git/go-git/v6/plumbing/object" - "github.com/go-git/go-git/v6/plumbing/transport" - "github.com/go-git/go-git/v6/plumbing/transport/http" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// gcInterval defines minimum time between garbage collection runs. -const gcInterval = 5 * time.Minute - -// GitTokenStore persists token records and auth metadata using git as the backing storage. -type GitTokenStore struct { - mu sync.Mutex - dirLock sync.RWMutex - baseDir string - repoDir string - configDir string - remote string - username string - password string - lastGC time.Time -} - -// NewGitTokenStore creates a token store that saves credentials to disk through the -// TokenStorage implementation embedded in the token record. -func NewGitTokenStore(remote, username, password string) *GitTokenStore { - return &GitTokenStore{ - remote: remote, - username: username, - password: password, - } -} - -// SetBaseDir updates the default directory used for auth JSON persistence when no explicit path is provided. -func (s *GitTokenStore) SetBaseDir(dir string) { - clean := strings.TrimSpace(dir) - if clean == "" { - s.dirLock.Lock() - s.baseDir = "" - s.repoDir = "" - s.configDir = "" - s.dirLock.Unlock() - return - } - if abs, err := filepath.Abs(clean); err == nil { - clean = abs - } - repoDir := filepath.Dir(clean) - if repoDir == "" || repoDir == "." { - repoDir = clean - } - configDir := filepath.Join(repoDir, "config") - s.dirLock.Lock() - s.baseDir = clean - s.repoDir = repoDir - s.configDir = configDir - s.dirLock.Unlock() -} - -// AuthDir returns the directory used for auth persistence. -func (s *GitTokenStore) AuthDir() string { - return s.baseDirSnapshot() -} - -// ConfigPath returns the managed config file path. -func (s *GitTokenStore) ConfigPath() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - if s.configDir == "" { - return "" - } - return filepath.Join(s.configDir, "config.yaml") -} - -// EnsureRepository prepares the local git working tree by cloning or opening the repository. -func (s *GitTokenStore) EnsureRepository() error { - s.dirLock.Lock() - if s.remote == "" { - s.dirLock.Unlock() - return fmt.Errorf("git token store: remote not configured") - } - if s.baseDir == "" { - s.dirLock.Unlock() - return fmt.Errorf("git token store: base directory not configured") - } - repoDir := s.repoDir - if repoDir == "" { - repoDir = filepath.Dir(s.baseDir) - if repoDir == "" || repoDir == "." { - repoDir = s.baseDir - } - s.repoDir = repoDir - } - if s.configDir == "" { - s.configDir = filepath.Join(repoDir, "config") - } - authDir := filepath.Join(repoDir, "auths") - configDir := filepath.Join(repoDir, "config") - gitDir := filepath.Join(repoDir, ".git") - authMethod := s.gitAuth() - var initPaths []string - if _, err := os.Stat(gitDir); errors.Is(err, fs.ErrNotExist) { - if errMk := os.MkdirAll(repoDir, 0o700); errMk != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create repo dir: %w", errMk) - } - if _, errClone := git.PlainClone(repoDir, &git.CloneOptions{Auth: authMethod, URL: s.remote}); errClone != nil { - if errors.Is(errClone, transport.ErrEmptyRemoteRepository) { - _ = os.RemoveAll(gitDir) - repo, errInit := git.PlainInit(repoDir, false) - if errInit != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: init empty repo: %w", errInit) - } - if _, errRemote := repo.Remote("origin"); errRemote != nil { - if _, errCreate := repo.CreateRemote(&config.RemoteConfig{ - Name: "origin", - URLs: []string{s.remote}, - }); errCreate != nil && !errors.Is(errCreate, git.ErrRemoteExists) { - s.dirLock.Unlock() - return fmt.Errorf("git token store: configure remote: %w", errCreate) - } - } - if err := os.MkdirAll(authDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth dir: %w", err) - } - if err := os.MkdirAll(configDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config dir: %w", err) - } - if err := ensureEmptyFile(filepath.Join(authDir, ".gitkeep")); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth placeholder: %w", err) - } - if err := ensureEmptyFile(filepath.Join(configDir, ".gitkeep")); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config placeholder: %w", err) - } - initPaths = []string{ - filepath.Join("auths", ".gitkeep"), - filepath.Join("config", ".gitkeep"), - } - } else { - s.dirLock.Unlock() - return fmt.Errorf("git token store: clone remote: %w", errClone) - } - } - } else if err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: stat repo: %w", err) - } else { - repo, errOpen := git.PlainOpen(repoDir) - if errOpen != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: open repo: %w", errOpen) - } - worktree, errWorktree := repo.Worktree() - if errWorktree != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: worktree: %w", errWorktree) - } - if errPull := worktree.Pull(&git.PullOptions{Auth: authMethod, RemoteName: "origin"}); errPull != nil { - switch { - case errors.Is(errPull, git.NoErrAlreadyUpToDate), - errors.Is(errPull, git.ErrUnstagedChanges), - errors.Is(errPull, git.ErrNonFastForwardUpdate): - // Ignore clean syncs, local edits, and remote divergence—local changes win. - case errors.Is(errPull, transport.ErrAuthenticationRequired), - errors.Is(errPull, plumbing.ErrReferenceNotFound), - errors.Is(errPull, transport.ErrEmptyRemoteRepository): - // Ignore authentication prompts and empty remote references on initial sync. - default: - s.dirLock.Unlock() - return fmt.Errorf("git token store: pull: %w", errPull) - } - } - } - if err := os.MkdirAll(s.baseDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth dir: %w", err) - } - if err := os.MkdirAll(s.configDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config dir: %w", err) - } - s.dirLock.Unlock() - if len(initPaths) > 0 { - s.mu.Lock() - err := s.commitAndPushLocked("Initialize git token store", initPaths...) - s.mu.Unlock() - if err != nil { - return err - } - } - return nil -} - -// Save persists token storage and metadata to the resolved auth file path. -func (s *GitTokenStore) Save(_ context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("auth filestore: missing file path attribute for %s", auth.ID) - } - path, err = ensurePathWithinDir(path, s.baseDirSnapshot(), "auth filestore") - if err != nil { - return "", err - } - - if auth.Disabled { - if _, statErr := os.Stat(path); os.IsNotExist(statErr) { - return "", nil - } - } - - if err = s.EnsureRepository(); err != nil { - return "", err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("auth filestore: create dir failed: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("auth filestore: marshal metadata failed: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if !os.IsNotExist(errRead) { - return "", fmt.Errorf("auth filestore: read existing failed: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("auth filestore: write temp failed: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("auth filestore: rename failed: %w", errRename) - } - default: - return "", fmt.Errorf("auth filestore: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - relPath, errRel := s.relativeToRepo(path) - if errRel != nil { - return "", errRel - } - messageID := auth.ID - if strings.TrimSpace(messageID) == "" { - messageID = filepath.Base(path) - } - if errCommit := s.commitAndPushLocked(fmt.Sprintf("Update auth %s", strings.TrimSpace(messageID)), relPath); errCommit != nil { - return "", errCommit - } - - return path, nil -} - -// List enumerates all auth JSON files under the configured directory. -func (s *GitTokenStore) List(_ context.Context) ([]*cliproxyauth.Auth, error) { - if err := s.EnsureRepository(); err != nil { - return nil, err - } - dir := s.baseDirSnapshot() - if dir == "" { - return nil, fmt.Errorf("auth filestore: directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, err - } - return entries, nil -} - -// Delete removes the auth file. -func (s *GitTokenStore) Delete(_ context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("auth filestore: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - if err = s.EnsureRepository(); err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("auth filestore: delete failed: %w", err) - } - if err == nil { - rel, errRel := s.relativeToRepo(path) - if errRel != nil { - return errRel - } - messageID := id - if errCommit := s.commitAndPushLocked(fmt.Sprintf("Delete auth %s", messageID), rel); errCommit != nil { - return errCommit - } - } - return nil -} - -// PersistAuthFiles commits and pushes the provided paths to the remote repository. -// It no-ops when the store is not fully configured or when there are no paths. -func (s *GitTokenStore) PersistAuthFiles(_ context.Context, message string, paths ...string) error { - if len(paths) == 0 { - return nil - } - if err := s.EnsureRepository(); err != nil { - return err - } - - filtered := make([]string, 0, len(paths)) - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - rel, err := s.relativeToRepo(trimmed) - if err != nil { - return err - } - filtered = append(filtered, rel) - } - if len(filtered) == 0 { - return nil - } - - s.mu.Lock() - defer s.mu.Unlock() - - if strings.TrimSpace(message) == "" { - message = "Sync watcher updates" - } - return s.commitAndPushLocked(message, filtered...) -} - -func (s *GitTokenStore) resolveDeletePath(id string) (string, error) { - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - clean := filepath.Clean(filepath.FromSlash(strings.TrimSpace(id))) - if clean == "." || clean == "" { - return "", fmt.Errorf("auth filestore: invalid id") - } - if filepath.IsAbs(clean) || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("auth filestore: id resolves outside auth directory") - } - path := filepath.Join(dir, clean) - rel, err := filepath.Rel(dir, path) - if err != nil { - return "", fmt.Errorf("auth filestore: relative path: %w", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("auth filestore: id resolves outside auth directory") - } - return path, nil -} - -func (s *GitTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat file: %w", err) - } - id := s.idFor(path, baseDir) - auth := &cliproxyauth.Auth{ - ID: id, - Provider: provider, - FileName: id, - Label: s.labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: map[string]string{"path": path}, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - if email, ok := metadata["email"].(string); ok && email != "" { - auth.Attributes["email"] = email - } - return auth, nil -} - -func (s *GitTokenStore) idFor(path, baseDir string) string { - if baseDir == "" { - return path - } - rel, err := filepath.Rel(baseDir, path) - if err != nil { - return path - } - return rel -} - -func (s *GitTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - baseDir := strings.TrimSpace(s.baseDirSnapshot()) - candidate := "" - - if auth.Attributes != nil { - candidate = strings.TrimSpace(auth.Attributes["path"]) - } - if candidate == "" { - candidate = strings.TrimSpace(auth.FileName) - } - if candidate == "" { - if auth.ID == "" { - return "", fmt.Errorf("auth filestore: missing id") - } - candidate = strings.TrimSpace(auth.ID) - } - if candidate == "" { - return "", fmt.Errorf("auth filestore: missing path") - } - if !filepath.IsAbs(candidate) { - if baseDir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - candidate = filepath.Join(baseDir, candidate) - } - if baseDir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return ensurePathWithinDir(candidate, baseDir, "auth filestore") -} - -func (s *GitTokenStore) labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v, ok := metadata["label"].(string); ok && v != "" { - return v - } - if v, ok := metadata["email"].(string); ok && v != "" { - return v - } - if project, ok := metadata["project_id"].(string); ok && project != "" { - return project - } - return "" -} - -func (s *GitTokenStore) baseDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.baseDir -} - -func (s *GitTokenStore) repoDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.repoDir -} - -func (s *GitTokenStore) gitAuth() transport.AuthMethod { - if s.username == "" && s.password == "" { - return nil - } - user := s.username - if user == "" { - user = "git" - } - return &http.BasicAuth{Username: user, Password: s.password} -} - -func (s *GitTokenStore) relativeToRepo(path string) (string, error) { - repoDir := s.repoDirSnapshot() - if repoDir == "" { - return "", fmt.Errorf("git token store: repository path not configured") - } - absRepo := repoDir - if abs, err := filepath.Abs(repoDir); err == nil { - absRepo = abs - } - cleanPath := path - if abs, err := filepath.Abs(path); err == nil { - cleanPath = abs - } - rel, err := filepath.Rel(absRepo, cleanPath) - if err != nil { - return "", fmt.Errorf("git token store: relative path: %w", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("git token store: path outside repository") - } - return rel, nil -} - -func (s *GitTokenStore) commitAndPushLocked(message string, relPaths ...string) error { - repoDir := s.repoDirSnapshot() - if repoDir == "" { - return fmt.Errorf("git token store: repository path not configured") - } - repo, err := git.PlainOpen(repoDir) - if err != nil { - return fmt.Errorf("git token store: open repo: %w", err) - } - worktree, err := repo.Worktree() - if err != nil { - return fmt.Errorf("git token store: worktree: %w", err) - } - added := false - for _, rel := range relPaths { - if strings.TrimSpace(rel) == "" { - continue - } - if _, err = worktree.Add(rel); err != nil { - if errors.Is(err, os.ErrNotExist) { - if _, errRemove := worktree.Remove(rel); errRemove != nil && !errors.Is(errRemove, os.ErrNotExist) { - return fmt.Errorf("git token store: remove %s: %w", rel, errRemove) - } - } else { - return fmt.Errorf("git token store: add %s: %w", rel, err) - } - } - added = true - } - if !added { - return nil - } - status, err := worktree.Status() - if err != nil { - return fmt.Errorf("git token store: status: %w", err) - } - if status.IsClean() { - return nil - } - if strings.TrimSpace(message) == "" { - message = "Update auth store" - } - signature := &object.Signature{ - Name: "CLIProxyAPI", - Email: "cliproxy@local", - When: time.Now(), - } - commitHash, err := worktree.Commit(message, &git.CommitOptions{ - Author: signature, - }) - if err != nil { - if errors.Is(err, git.ErrEmptyCommit) { - return nil - } - return fmt.Errorf("git token store: commit: %w", err) - } - headRef, errHead := repo.Head() - if errHead != nil { - if !errors.Is(errHead, plumbing.ErrReferenceNotFound) { - return fmt.Errorf("git token store: get head: %w", errHead) - } - } else if errRewrite := s.rewriteHeadAsSingleCommit(repo, headRef.Name(), commitHash, message, signature); errRewrite != nil { - return errRewrite - } - s.maybeRunGC(repo) - if err = repo.Push(&git.PushOptions{Auth: s.gitAuth(), Force: true}); err != nil { - if errors.Is(err, git.NoErrAlreadyUpToDate) { - return nil - } - return fmt.Errorf("git token store: push: %w", err) - } - return nil -} - -// rewriteHeadAsSingleCommit rewrites the current branch tip to a single-parentless commit and leaves history squashed. -func (s *GitTokenStore) rewriteHeadAsSingleCommit(repo *git.Repository, branch plumbing.ReferenceName, commitHash plumbing.Hash, message string, signature *object.Signature) error { - commitObj, err := repo.CommitObject(commitHash) - if err != nil { - return fmt.Errorf("git token store: inspect head commit: %w", err) - } - squashed := &object.Commit{ - Author: *signature, - Committer: *signature, - Message: message, - TreeHash: commitObj.TreeHash, - ParentHashes: nil, - Encoding: commitObj.Encoding, - ExtraHeaders: commitObj.ExtraHeaders, - } - mem := &plumbing.MemoryObject{} - mem.SetType(plumbing.CommitObject) - if err := squashed.Encode(mem); err != nil { - return fmt.Errorf("git token store: encode squashed commit: %w", err) - } - newHash, err := repo.Storer.SetEncodedObject(mem) - if err != nil { - return fmt.Errorf("git token store: write squashed commit: %w", err) - } - if err := repo.Storer.SetReference(plumbing.NewHashReference(branch, newHash)); err != nil { - return fmt.Errorf("git token store: update branch reference: %w", err) - } - return nil -} - -func (s *GitTokenStore) maybeRunGC(repo *git.Repository) { - now := time.Now() - if now.Sub(s.lastGC) < gcInterval { - return - } - s.lastGC = now - - pruneOpts := git.PruneOptions{ - OnlyObjectsOlderThan: now, - Handler: repo.DeleteObject, - } - if err := repo.Prune(pruneOpts); err != nil && !errors.Is(err, git.ErrLooseObjectsNotSupported) { - return - } - _ = repo.RepackObjects(&git.RepackConfig{}) -} - -// PersistConfig commits and pushes configuration changes to git. -func (s *GitTokenStore) PersistConfig(_ context.Context) error { - if err := s.EnsureRepository(); err != nil { - return err - } - configPath := s.ConfigPath() - if configPath == "" { - return fmt.Errorf("git token store: config path not configured") - } - if _, err := os.Stat(configPath); err != nil { - if errors.Is(err, fs.ErrNotExist) { - return nil - } - return fmt.Errorf("git token store: stat config: %w", err) - } - s.mu.Lock() - defer s.mu.Unlock() - rel, err := s.relativeToRepo(configPath) - if err != nil { - return err - } - return s.commitAndPushLocked("Update config", rel) -} - -func ensureEmptyFile(path string) error { - if _, err := os.Stat(path); err != nil { - if errors.Is(err, fs.ErrNotExist) { - return os.WriteFile(path, []byte{}, 0o600) - } - return err - } - return nil -} - -func jsonEqual(a, b []byte) bool { - var objA any - var objB any - if err := json.Unmarshal(a, &objA); err != nil { - return false - } - if err := json.Unmarshal(b, &objB); err != nil { - return false - } - return deepEqualJSON(objA, objB) -} - -func deepEqualJSON(a, b any) bool { - switch valA := a.(type) { - case map[string]any: - valB, ok := b.(map[string]any) - if !ok || len(valA) != len(valB) { - return false - } - for key, subA := range valA { - subB, ok1 := valB[key] - if !ok1 || !deepEqualJSON(subA, subB) { - return false - } - } - return true - case []any: - sliceB, ok := b.([]any) - if !ok || len(valA) != len(sliceB) { - return false - } - for i := range valA { - if !deepEqualJSON(valA[i], sliceB[i]) { - return false - } - } - return true - case float64: - valB, ok := b.(float64) - if !ok { - return false - } - return valA == valB - case string: - valB, ok := b.(string) - if !ok { - return false - } - return valA == valB - case bool: - valB, ok := b.(bool) - if !ok { - return false - } - return valA == valB - case nil: - return b == nil - default: - return false - } -} - -// openOrInitRepositoryAfterEmptyClone opens or initializes a git repository at the given directory. -// If a .git directory already exists (e.g., from a failed clone), it archives it with a -// timestamped backup name before initializing a new repository. -func openOrInitRepositoryAfterEmptyClone(repoDir string) (*git.Repository, error) { - gitDir := filepath.Join(repoDir, ".git") - - // If .git exists, archive it - if _, err := os.Stat(gitDir); err == nil { - // .git exists, archive it - timestamp := time.Now().Format("20060102-150405") - backupName := fmt.Sprintf(".git.bootstrap-backup-%s", timestamp) - backupPath := filepath.Join(repoDir, backupName) - if errRename := os.Rename(gitDir, backupPath); errRename != nil { - return nil, fmt.Errorf("archive existing .git directory: %w", errRename) - } - } else if !errors.Is(err, fs.ErrNotExist) { - // Unexpected error - return nil, fmt.Errorf("stat .git directory: %w", err) - } - // Now .git does not exist, initialize a fresh repository - repo, errInit := git.PlainInit(repoDir, false) - if errInit != nil { - return nil, fmt.Errorf("initialize repository: %w", errInit) - } - return repo, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_bootstrap_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_bootstrap_test.go deleted file mode 100644 index d0662f8220..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_bootstrap_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package store - -import ( - "os" - "path/filepath" - "strings" - "testing" - - "github.com/go-git/go-git/v6" -) - -func TestOpenOrInitRepositoryAfterEmptyCloneArchivesExistingGitDir(t *testing.T) { - t.Parallel() - - repoDir := t.TempDir() - gitDir := filepath.Join(repoDir, ".git") - if err := os.MkdirAll(gitDir, 0o700); err != nil { - t.Fatalf("create git dir: %v", err) - } - markerPath := filepath.Join(gitDir, "marker.txt") - if err := os.WriteFile(markerPath, []byte("keep-me"), 0o600); err != nil { - t.Fatalf("write marker: %v", err) - } - - repo, err := openOrInitRepositoryAfterEmptyClone(repoDir) - if err != nil { - t.Fatalf("open/init repo: %v", err) - } - if repo == nil { - t.Fatalf("expected repository instance") - } - - if _, err := git.PlainOpen(repoDir); err != nil { - t.Fatalf("open initialized repository: %v", err) - } - entries, err := os.ReadDir(repoDir) - if err != nil { - t.Fatalf("read repo dir: %v", err) - } - backupCount := 0 - for _, entry := range entries { - if !strings.HasPrefix(entry.Name(), ".git.bootstrap-backup-") { - continue - } - backupCount++ - archivedMarker := filepath.Join(repoDir, entry.Name(), "marker.txt") - if _, err := os.Stat(archivedMarker); err != nil { - t.Fatalf("expected archived marker file: %v", err) - } - } - if backupCount != 1 { - t.Fatalf("expected exactly one archived git dir, got %d", backupCount) - } -} - -func TestEnsureRepositoryBootstrapsEmptyRemoteClone(t *testing.T) { - t.Parallel() - - remoteDir := filepath.Join(t.TempDir(), "remote.git") - if _, err := git.PlainInit(remoteDir, true); err != nil { - t.Fatalf("init bare remote: %v", err) - } - - repoRoot := filepath.Join(t.TempDir(), "local-repo") - store := NewGitTokenStore(remoteDir, "", "") - store.SetBaseDir(filepath.Join(repoRoot, "auths")) - - if err := store.EnsureRepository(); err != nil { - t.Fatalf("ensure repository: %v", err) - } - - if _, err := os.Stat(filepath.Join(repoRoot, ".git")); err != nil { - t.Fatalf("expected local .git directory: %v", err) - } - if _, err := os.Stat(filepath.Join(repoRoot, "auths", ".gitkeep")); err != nil { - t.Fatalf("expected auth placeholder: %v", err) - } - if _, err := os.Stat(filepath.Join(repoRoot, "config", ".gitkeep")); err != nil { - t.Fatalf("expected config placeholder: %v", err) - } - - repo, err := git.PlainOpen(repoRoot) - if err != nil { - t.Fatalf("open local repository: %v", err) - } - origin, err := repo.Remote("origin") - if err != nil { - t.Fatalf("origin remote: %v", err) - } - urls := origin.Config().URLs - if len(urls) != 1 || urls[0] != remoteDir { - t.Fatalf("unexpected origin URLs: %#v", urls) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_push_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_push_test.go deleted file mode 100644 index affe44dbf1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_push_test.go +++ /dev/null @@ -1,42 +0,0 @@ -package store - -import ( - "errors" - "strings" - "testing" - - "github.com/go-git/go-git/v6" -) - -func TestIsNonFastForwardUpdateError(t *testing.T) { - t.Parallel() - - if !isNonFastForwardUpdateError(git.ErrNonFastForwardUpdate) { - t.Fatalf("expected ErrNonFastForwardUpdate to be detected") - } - if !isNonFastForwardUpdateError(errors.New("remote rejected: non-fast-forward update")) { - t.Fatalf("expected textual non-fast-forward error to be detected") - } - if isNonFastForwardUpdateError(errors.New("some other push error")) { - t.Fatalf("did not expect unrelated error to be detected") - } - if isNonFastForwardUpdateError(nil) { - t.Fatalf("nil must not be detected as non-fast-forward") - } -} - -func TestBootstrapPullDivergedError(t *testing.T) { - t.Parallel() - - err := bootstrapPullDivergedError(git.ErrNonFastForwardUpdate) - if !errors.Is(err, ErrConcurrentGitWrite) { - t.Fatalf("expected ErrConcurrentGitWrite wrapper, got: %v", err) - } - msg := strings.ToLower(err.Error()) - if !strings.Contains(msg, "bootstrap pull diverged") { - t.Fatalf("expected bootstrap divergence context, got: %s", err.Error()) - } - if !strings.Contains(msg, "retry") { - t.Fatalf("expected retry guidance in error message, got: %s", err.Error()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_security_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_security_test.go deleted file mode 100644 index 67fc36181e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/gitstore_security_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package store - -import ( - "path/filepath" - "strings" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestResolveDeletePath_RejectsTraversalAndAbsolute(t *testing.T) { - t.Parallel() - - baseDir := t.TempDir() - s := &GitTokenStore{} - s.SetBaseDir(baseDir) - - if _, err := s.resolveDeletePath("../outside.json"); err == nil { - t.Fatalf("expected traversal id to be rejected") - } - if _, err := s.resolveDeletePath(filepath.Join(baseDir, "nested", "token.json")); err == nil { - t.Fatalf("expected absolute id to be rejected") - } -} - -func TestResolveDeletePath_ReturnsPathInsideBaseDir(t *testing.T) { - t.Parallel() - - baseDir := t.TempDir() - s := &GitTokenStore{} - s.SetBaseDir(baseDir) - - path, err := s.resolveDeletePath("nested/token.json") - if err != nil { - t.Fatalf("resolveDeletePath failed: %v", err) - } - rel, err := filepath.Rel(baseDir, path) - if err != nil { - t.Fatalf("filepath.Rel failed: %v", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) { - t.Fatalf("resolved path escaped base dir: %s", path) - } -} - -func TestResolveAuthPath_RejectsTraversalPath(t *testing.T) { - t.Parallel() - - baseDir := t.TempDir() - s := &GitTokenStore{} - s.SetBaseDir(baseDir) - - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{"path": "../escape.json"}, - ID: "ignored", - } - if _, err := s.resolveAuthPath(auth); err == nil { - t.Fatalf("expected traversal path to be rejected") - } -} - -func TestResolveAuthPath_UsesManagedDirAndRejectsOutsidePath(t *testing.T) { - t.Parallel() - - baseDir := t.TempDir() - s := &GitTokenStore{} - s.SetBaseDir(baseDir) - - outside := filepath.Join(baseDir, "..", "outside.json") - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{"path": outside}, - ID: "ignored", - } - if _, err := s.resolveAuthPath(auth); err == nil { - t.Fatalf("expected outside absolute path to be rejected") - } -} - -func TestResolveAuthPath_AppendsBaseDirForRelativeFileName(t *testing.T) { - t.Parallel() - - baseDir := t.TempDir() - s := &GitTokenStore{} - s.SetBaseDir(baseDir) - - auth := &cliproxyauth.Auth{ - FileName: "providers/team/provider.json", - } - got, err := s.resolveAuthPath(auth) - if err != nil { - t.Fatalf("resolveAuthPath failed: %v", err) - } - rel, err := filepath.Rel(baseDir, got) - if err != nil { - t.Fatalf("filepath.Rel failed: %v", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) { - t.Fatalf("resolved path escaped auth directory: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore.go deleted file mode 100644 index b38ef22dc5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore.go +++ /dev/null @@ -1,646 +0,0 @@ -package store - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "io" - "io/fs" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/minio/minio-go/v7" - "github.com/minio/minio-go/v7/pkg/credentials" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -const ( - objectStoreConfigKey = "config/config.yaml" - objectStoreAuthPrefix = "auths" -) - -// ObjectStoreConfig captures configuration for the object storage-backed token store. -type ObjectStoreConfig struct { - Endpoint string - Bucket string - AccessKey string - SecretKey string - Region string - Prefix string - LocalRoot string - UseSSL bool - PathStyle bool -} - -// ObjectTokenStore persists configuration and authentication metadata using an S3-compatible object storage backend. -// Files are mirrored to a local workspace so existing file-based flows continue to operate. -type ObjectTokenStore struct { - client *minio.Client - cfg ObjectStoreConfig - spoolRoot string - configPath string - authDir string - mu sync.Mutex -} - -// NewObjectTokenStore initializes an object storage backed token store. -func NewObjectTokenStore(cfg ObjectStoreConfig) (*ObjectTokenStore, error) { - cfg.Endpoint = strings.TrimSpace(cfg.Endpoint) - cfg.Bucket = strings.TrimSpace(cfg.Bucket) - cfg.AccessKey = strings.TrimSpace(cfg.AccessKey) - cfg.SecretKey = strings.TrimSpace(cfg.SecretKey) - cfg.Prefix = strings.Trim(cfg.Prefix, "/") - - if cfg.Endpoint == "" { - return nil, fmt.Errorf("object store: endpoint is required") - } - if cfg.Bucket == "" { - return nil, fmt.Errorf("object store: bucket is required") - } - if cfg.AccessKey == "" { - return nil, fmt.Errorf("object store: access key is required") - } - if cfg.SecretKey == "" { - return nil, fmt.Errorf("object store: secret key is required") - } - - root := strings.TrimSpace(cfg.LocalRoot) - if root == "" { - if cwd, err := os.Getwd(); err == nil { - root = filepath.Join(cwd, "objectstore") - } else { - root = filepath.Join(os.TempDir(), "objectstore") - } - } - absRoot, err := filepath.Abs(root) - if err != nil { - return nil, fmt.Errorf("object store: resolve spool directory: %w", err) - } - - configDir := filepath.Join(absRoot, "config") - authDir := filepath.Join(absRoot, "auths") - - if err = os.MkdirAll(configDir, 0o700); err != nil { - return nil, fmt.Errorf("object store: create config directory: %w", err) - } - if err = os.MkdirAll(authDir, 0o700); err != nil { - return nil, fmt.Errorf("object store: create auth directory: %w", err) - } - - options := &minio.Options{ - Creds: credentials.NewStaticV4(cfg.AccessKey, cfg.SecretKey, ""), - Secure: cfg.UseSSL, - Region: cfg.Region, - } - if cfg.PathStyle { - options.BucketLookup = minio.BucketLookupPath - } - - client, err := minio.New(cfg.Endpoint, options) - if err != nil { - return nil, fmt.Errorf("object store: create client: %w", err) - } - - return &ObjectTokenStore{ - client: client, - cfg: cfg, - spoolRoot: absRoot, - configPath: filepath.Join(configDir, "config.yaml"), - authDir: authDir, - }, nil -} - -// SetBaseDir implements the optional interface used by authenticators; it is a no-op because -// the object store controls its own workspace. -func (s *ObjectTokenStore) SetBaseDir(string) {} - -// ConfigPath returns the managed configuration file path inside the spool directory. -func (s *ObjectTokenStore) ConfigPath() string { - if s == nil { - return "" - } - return s.configPath -} - -// AuthDir returns the local directory containing mirrored auth files. -func (s *ObjectTokenStore) AuthDir() string { - if s == nil { - return "" - } - return s.authDir -} - -// Bootstrap ensures the target bucket exists and synchronizes data from the object storage backend. -func (s *ObjectTokenStore) Bootstrap(ctx context.Context, exampleConfigPath string) error { - if s == nil { - return fmt.Errorf("object store: not initialized") - } - if err := s.ensureBucket(ctx); err != nil { - return err - } - if err := s.syncConfigFromBucket(ctx, exampleConfigPath); err != nil { - return err - } - if err := s.syncAuthFromBucket(ctx); err != nil { - return err - } - return nil -} - -// Save persists authentication metadata to disk and uploads it to the object storage backend. -func (s *ObjectTokenStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("object store: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("object store: missing file path attribute for %s", auth.ID) - } - path, err = ensurePathWithinDir(path, s.authDir, "object store") - if err != nil { - return "", err - } - - if auth.Disabled { - if _, statErr := os.Stat(path); errors.Is(statErr, fs.ErrNotExist) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("object store: create auth directory: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("object store: marshal metadata: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if errRead != nil && !errors.Is(errRead, fs.ErrNotExist) { - return "", fmt.Errorf("object store: read existing metadata: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("object store: write temp auth file: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("object store: rename auth file: %w", errRename) - } - default: - return "", fmt.Errorf("object store: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - if err = s.uploadAuth(ctx, path); err != nil { - return "", err - } - return path, nil -} - -// List enumerates auth JSON files from the mirrored workspace. -func (s *ObjectTokenStore) List(_ context.Context) ([]*cliproxyauth.Auth, error) { - dir := strings.TrimSpace(s.AuthDir()) - if dir == "" { - return nil, fmt.Errorf("object store: auth directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0, 32) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - log.WithError(err).Warnf("object store: skip auth %s", path) - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, fmt.Errorf("object store: walk auth directory: %w", err) - } - return entries, nil -} - -// Delete removes an auth file locally and remotely. -func (s *ObjectTokenStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("object store: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !errors.Is(err, fs.ErrNotExist) { - return fmt.Errorf("object store: delete auth file: %w", err) - } - if err = s.deleteAuthObject(ctx, path); err != nil { - return err - } - return nil -} - -// PersistAuthFiles uploads the provided auth files to the object storage backend. -func (s *ObjectTokenStore) PersistAuthFiles(ctx context.Context, _ string, paths ...string) error { - if len(paths) == 0 { - return nil - } - - s.mu.Lock() - defer s.mu.Unlock() - - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - abs, err := s.ensureManagedAuthPath(trimmed) - if err != nil { - return err - } - if err := s.uploadAuth(ctx, abs); err != nil { - return err - } - } - return nil -} - -// PersistConfig uploads the local configuration file to the object storage backend. -func (s *ObjectTokenStore) PersistConfig(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - data, err := os.ReadFile(s.configPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteObject(ctx, objectStoreConfigKey) - } - return fmt.Errorf("object store: read config file: %w", err) - } - if len(data) == 0 { - return s.deleteObject(ctx, objectStoreConfigKey) - } - return s.putObject(ctx, objectStoreConfigKey, data, "application/x-yaml") -} - -func (s *ObjectTokenStore) ensureBucket(ctx context.Context) error { - exists, err := s.client.BucketExists(ctx, s.cfg.Bucket) - if err != nil { - return fmt.Errorf("object store: check bucket: %w", err) - } - if exists { - return nil - } - if err = s.client.MakeBucket(ctx, s.cfg.Bucket, minio.MakeBucketOptions{Region: s.cfg.Region}); err != nil { - return fmt.Errorf("object store: create bucket: %w", err) - } - return nil -} - -func (s *ObjectTokenStore) syncConfigFromBucket(ctx context.Context, example string) error { - key := s.prefixedKey(objectStoreConfigKey) - _, err := s.client.StatObject(ctx, s.cfg.Bucket, key, minio.StatObjectOptions{}) - switch { - case err == nil: - object, errGet := s.client.GetObject(ctx, s.cfg.Bucket, key, minio.GetObjectOptions{}) - if errGet != nil { - return fmt.Errorf("object store: fetch config: %w", errGet) - } - defer func() { _ = object.Close() }() - data, errRead := io.ReadAll(object) - if errRead != nil { - return fmt.Errorf("object store: read config: %w", errRead) - } - if errWrite := os.WriteFile(s.configPath, normalizeLineEndingsBytes(data), 0o600); errWrite != nil { - return fmt.Errorf("object store: write config: %w", errWrite) - } - case isObjectNotFound(err): - if _, statErr := os.Stat(s.configPath); errors.Is(statErr, fs.ErrNotExist) { - if example != "" { - if errCopy := misc.CopyConfigTemplate(example, s.configPath); errCopy != nil { - return fmt.Errorf("object store: copy example config: %w", errCopy) - } - } else { - if errCreate := os.MkdirAll(filepath.Dir(s.configPath), 0o700); errCreate != nil { - return fmt.Errorf("object store: prepare config directory: %w", errCreate) - } - if errWrite := os.WriteFile(s.configPath, []byte{}, 0o600); errWrite != nil { - return fmt.Errorf("object store: create empty config: %w", errWrite) - } - } - } - data, errRead := os.ReadFile(s.configPath) - if errRead != nil { - return fmt.Errorf("object store: read local config: %w", errRead) - } - if len(data) > 0 { - if errPut := s.putObject(ctx, objectStoreConfigKey, data, "application/x-yaml"); errPut != nil { - return errPut - } - } - default: - return fmt.Errorf("object store: stat config: %w", err) - } - return nil -} - -func (s *ObjectTokenStore) syncAuthFromBucket(ctx context.Context) error { - // NOTE: We intentionally do NOT use os.RemoveAll here. - // Wiping the directory triggers file watcher delete events, which then - // propagate deletions to the remote object store (race condition). - // Instead, we just ensure the directory exists and overwrite files incrementally. - if err := os.MkdirAll(s.authDir, 0o700); err != nil { - return fmt.Errorf("object store: create auth directory: %w", err) - } - - prefix := s.prefixedKey(objectStoreAuthPrefix + "/") - objectCh := s.client.ListObjects(ctx, s.cfg.Bucket, minio.ListObjectsOptions{ - Prefix: prefix, - Recursive: true, - }) - for object := range objectCh { - if object.Err != nil { - return fmt.Errorf("object store: list auth objects: %w", object.Err) - } - rel := strings.TrimPrefix(object.Key, prefix) - if rel == "" || strings.HasSuffix(rel, "/") { - continue - } - relPath := filepath.FromSlash(rel) - if filepath.IsAbs(relPath) { - log.WithField("key", object.Key).Warn("object store: skip auth outside mirror") - continue - } - cleanRel := filepath.Clean(relPath) - if cleanRel == "." || cleanRel == ".." || strings.HasPrefix(cleanRel, ".."+string(os.PathSeparator)) { - log.WithField("key", object.Key).Warn("object store: skip auth outside mirror") - continue - } - local := filepath.Join(s.authDir, cleanRel) - if err := os.MkdirAll(filepath.Dir(local), 0o700); err != nil { - return fmt.Errorf("object store: prepare auth subdir: %w", err) - } - reader, errGet := s.client.GetObject(ctx, s.cfg.Bucket, object.Key, minio.GetObjectOptions{}) - if errGet != nil { - return fmt.Errorf("object store: download auth %s: %w", object.Key, errGet) - } - data, errRead := io.ReadAll(reader) - _ = reader.Close() - if errRead != nil { - return fmt.Errorf("object store: read auth %s: %w", object.Key, errRead) - } - if errWrite := os.WriteFile(local, data, 0o600); errWrite != nil { - return fmt.Errorf("object store: write auth %s: %w", local, errWrite) - } - } - return nil -} - -func (s *ObjectTokenStore) uploadAuth(ctx context.Context, path string) error { - if path == "" { - return nil - } - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return fmt.Errorf("object store: resolve auth relative path: %w", err) - } - data, err := os.ReadFile(path) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteAuthObject(ctx, path) - } - return fmt.Errorf("object store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthObject(ctx, path) - } - key := objectStoreAuthPrefix + "/" + filepath.ToSlash(rel) - return s.putObject(ctx, key, data, "application/json") -} - -func (s *ObjectTokenStore) deleteAuthObject(ctx context.Context, path string) error { - if path == "" { - return nil - } - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return fmt.Errorf("object store: resolve auth relative path: %w", err) - } - key := objectStoreAuthPrefix + "/" + filepath.ToSlash(rel) - return s.deleteObject(ctx, key) -} - -func (s *ObjectTokenStore) putObject(ctx context.Context, key string, data []byte, contentType string) error { - if len(data) == 0 { - return s.deleteObject(ctx, key) - } - fullKey := s.prefixedKey(key) - reader := bytes.NewReader(data) - _, err := s.client.PutObject(ctx, s.cfg.Bucket, fullKey, reader, int64(len(data)), minio.PutObjectOptions{ - ContentType: contentType, - }) - if err != nil { - return fmt.Errorf("object store: put object %s: %w", fullKey, err) - } - return nil -} - -func (s *ObjectTokenStore) deleteObject(ctx context.Context, key string) error { - fullKey := s.prefixedKey(key) - err := s.client.RemoveObject(ctx, s.cfg.Bucket, fullKey, minio.RemoveObjectOptions{}) - if err != nil { - if isObjectNotFound(err) { - return nil - } - return fmt.Errorf("object store: delete object %s: %w", fullKey, err) - } - return nil -} - -func (s *ObjectTokenStore) prefixedKey(key string) string { - key = strings.TrimLeft(key, "/") - if s.cfg.Prefix == "" { - return key - } - return strings.TrimLeft(s.cfg.Prefix+"/"+key, "/") -} - -func (s *ObjectTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("object store: auth is nil") - } - if auth.Attributes != nil { - if path := strings.TrimSpace(auth.Attributes["path"]); path != "" { - return s.ensureManagedAuthPath(path) - } - } - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - fileName = strings.TrimSpace(auth.ID) - } - if fileName == "" { - return "", fmt.Errorf("object store: auth %s missing filename", auth.ID) - } - if !strings.HasSuffix(strings.ToLower(fileName), ".json") { - fileName += ".json" - } - return s.ensureManagedAuthPath(fileName) -} - -func (s *ObjectTokenStore) resolveDeletePath(id string) (string, error) { - id = strings.TrimSpace(id) - if id == "" { - return "", fmt.Errorf("object store: id is empty") - } - clean := filepath.Clean(filepath.FromSlash(id)) - if clean == "." || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("object store: invalid auth identifier %s", id) - } - if !strings.HasSuffix(strings.ToLower(clean), ".json") { - clean += ".json" - } - return s.ensureManagedAuthPath(clean) -} - -func (s *ObjectTokenStore) ensureManagedAuthPath(path string) (string, error) { - if s == nil { - return "", fmt.Errorf("object store: store not initialized") - } - authDir := strings.TrimSpace(s.authDir) - if authDir == "" { - return "", fmt.Errorf("object store: auth directory not configured") - } - absAuthDir, err := filepath.Abs(authDir) - if err != nil { - return "", fmt.Errorf("object store: resolve auth directory: %w", err) - } - candidate := strings.TrimSpace(path) - if candidate == "" { - return "", fmt.Errorf("object store: auth path is empty") - } - if !filepath.IsAbs(candidate) { - candidate = filepath.Join(absAuthDir, filepath.FromSlash(candidate)) - } - absCandidate, err := filepath.Abs(candidate) - if err != nil { - return "", fmt.Errorf("object store: resolve auth path %q: %w", path, err) - } - rel, err := filepath.Rel(absAuthDir, absCandidate) - if err != nil { - return "", fmt.Errorf("object store: compute relative auth path: %w", err) - } - if rel == "." || rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("object store: path %q escapes auth directory", path) - } - return absCandidate, nil -} - -func (s *ObjectTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider := strings.TrimSpace(valueAsString(metadata["type"])) - if provider == "" { - provider = "unknown" - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat auth file: %w", err) - } - rel, errRel := filepath.Rel(baseDir, path) - if errRel != nil { - rel = filepath.Base(path) - } - rel = normalizeAuthID(rel) - attr := map[string]string{"path": path} - if email := strings.TrimSpace(valueAsString(metadata["email"])); email != "" { - attr["email"] = email - } - auth := &cliproxyauth.Auth{ - ID: rel, - Provider: provider, - FileName: rel, - Label: labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - return auth, nil -} - -func normalizeLineEndingsBytes(data []byte) []byte { - replaced := bytes.ReplaceAll(data, []byte{'\r', '\n'}, []byte{'\n'}) - return bytes.ReplaceAll(replaced, []byte{'\r'}, []byte{'\n'}) -} - -func isObjectNotFound(err error) bool { - if err == nil { - return false - } - resp := minio.ToErrorResponse(err) - if resp.StatusCode == http.StatusNotFound { - return true - } - switch resp.Code { - case "NoSuchKey", "NotFound", "NoSuchBucket": - return true - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore_path_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore_path_test.go deleted file mode 100644 index 653c197670..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore_path_test.go +++ /dev/null @@ -1,58 +0,0 @@ -package store - -import ( - "path/filepath" - "strings" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestObjectResolveAuthPathRejectsTraversalFromAttributes(t *testing.T) { - t.Parallel() - - store := &ObjectTokenStore{authDir: filepath.Join(t.TempDir(), "auths")} - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{"path": "../escape.json"}, - } - if _, err := store.resolveAuthPath(auth); err == nil { - t.Fatalf("expected traversal path rejection") - } -} - -func TestObjectResolveAuthPathRejectsAbsoluteOutsideAuthDir(t *testing.T) { - t.Parallel() - - root := t.TempDir() - store := &ObjectTokenStore{authDir: filepath.Join(root, "auths")} - outside := filepath.Join(root, "..", "outside.json") - auth := &cliproxyauth.Auth{ - Attributes: map[string]string{"path": outside}, - } - if _, err := store.resolveAuthPath(auth); err == nil { - t.Fatalf("expected outside absolute path rejection") - } -} - -func TestObjectResolveDeletePathConstrainsToAuthDir(t *testing.T) { - t.Parallel() - - root := t.TempDir() - authDir := filepath.Join(root, "auths") - store := &ObjectTokenStore{authDir: authDir} - - got, err := store.resolveDeletePath("team/provider") - if err != nil { - t.Fatalf("resolve delete path: %v", err) - } - if !strings.HasSuffix(got, filepath.Join("team", "provider.json")) { - t.Fatalf("expected .json suffix, got %s", got) - } - rel, err := filepath.Rel(authDir, got) - if err != nil { - t.Fatalf("relative path: %v", err) - } - if strings.HasPrefix(rel, "..") || rel == "." { - t.Fatalf("path escaped auth directory: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore_prune_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore_prune_test.go deleted file mode 100644 index 760df4a550..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/objectstore_prune_test.go +++ /dev/null @@ -1,129 +0,0 @@ -package store - -import ( - "os" - "path/filepath" - "testing" - "time" -) - -func TestBuildSafeAuthPrunePlan_PrunesUnchangedStaleJSON(t *testing.T) { - t.Parallel() - - authDir := t.TempDir() - stalePath := filepath.Join(authDir, "stale.json") - if err := os.WriteFile(stalePath, []byte(`{"stale":true}`), 0o600); err != nil { - t.Fatalf("write stale file: %v", err) - } - - baseline, err := snapshotLocalAuthFiles(authDir) - if err != nil { - t.Fatalf("snapshot baseline: %v", err) - } - - stale, conflicts, err := buildSafeAuthPrunePlan(authDir, baseline, map[string]struct{}{}) - if err != nil { - t.Fatalf("build prune plan: %v", err) - } - - if len(stale) != 1 || stale[0] != stalePath { - t.Fatalf("expected stale path %s, got %#v", stalePath, stale) - } - if len(conflicts) != 0 { - t.Fatalf("expected no conflicts, got %#v", conflicts) - } -} - -func TestBuildSafeAuthPrunePlan_SkipsLocallyModifiedFileAsConflict(t *testing.T) { - t.Parallel() - - authDir := t.TempDir() - changedPath := filepath.Join(authDir, "changed.json") - if err := os.WriteFile(changedPath, []byte(`{"v":1}`), 0o600); err != nil { - t.Fatalf("write changed file: %v", err) - } - - baseline, err := snapshotLocalAuthFiles(authDir) - if err != nil { - t.Fatalf("snapshot baseline: %v", err) - } - - if err := os.WriteFile(changedPath, []byte(`{"v":2}`), 0o600); err != nil { - t.Fatalf("rewrite changed file: %v", err) - } - now := time.Now().Add(2 * time.Second) - if err := os.Chtimes(changedPath, now, now); err != nil { - t.Fatalf("chtimes changed file: %v", err) - } - - stale, conflicts, err := buildSafeAuthPrunePlan(authDir, baseline, map[string]struct{}{}) - if err != nil { - t.Fatalf("build prune plan: %v", err) - } - - if len(stale) != 0 { - t.Fatalf("expected no stale paths, got %#v", stale) - } - if len(conflicts) != 1 || conflicts[0] != changedPath { - t.Fatalf("expected conflict path %s, got %#v", changedPath, conflicts) - } -} - -func TestBuildSafeAuthPrunePlan_SkipsNewLocalFileAsConflict(t *testing.T) { - t.Parallel() - - authDir := t.TempDir() - baseline, err := snapshotLocalAuthFiles(authDir) - if err != nil { - t.Fatalf("snapshot baseline: %v", err) - } - - newPath := filepath.Join(authDir, "new.json") - if err := os.WriteFile(newPath, []byte(`{"new":true}`), 0o600); err != nil { - t.Fatalf("write new file: %v", err) - } - - stale, conflicts, err := buildSafeAuthPrunePlan(authDir, baseline, map[string]struct{}{}) - if err != nil { - t.Fatalf("build prune plan: %v", err) - } - - if len(stale) != 0 { - t.Fatalf("expected no stale paths, got %#v", stale) - } - if len(conflicts) != 1 || conflicts[0] != newPath { - t.Fatalf("expected conflict path %s, got %#v", newPath, conflicts) - } -} - -func TestBuildSafeAuthPrunePlan_DoesNotPruneRemoteOrNonJSON(t *testing.T) { - t.Parallel() - - authDir := t.TempDir() - remotePath := filepath.Join(authDir, "remote.json") - nonJSONPath := filepath.Join(authDir, "keep.txt") - if err := os.WriteFile(remotePath, []byte(`{"remote":true}`), 0o600); err != nil { - t.Fatalf("write remote file: %v", err) - } - if err := os.WriteFile(nonJSONPath, []byte("keep"), 0o600); err != nil { - t.Fatalf("write non-json file: %v", err) - } - - baseline, err := snapshotLocalAuthFiles(authDir) - if err != nil { - t.Fatalf("snapshot baseline: %v", err) - } - - remote := map[string]struct{}{"remote.json": {}} - stale, conflicts, err := buildSafeAuthPrunePlan(authDir, baseline, remote) - if err != nil { - t.Fatalf("build prune plan: %v", err) - } - - if len(stale) != 0 { - t.Fatalf("expected no stale paths, got %#v", stale) - } - if len(conflicts) != 0 { - t.Fatalf("expected no conflicts, got %#v", conflicts) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/path_guard.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/path_guard.go deleted file mode 100644 index fd2c9b7eb1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/path_guard.go +++ /dev/null @@ -1,39 +0,0 @@ -package store - -import ( - "fmt" - "os" - "path/filepath" - "strings" -) - -func ensurePathWithinDir(path, baseDir, scope string) (string, error) { - trimmedPath := strings.TrimSpace(path) - if trimmedPath == "" { - return "", fmt.Errorf("%s: path is empty", scope) - } - trimmedBase := strings.TrimSpace(baseDir) - if trimmedBase == "" { - return "", fmt.Errorf("%s: base directory is not configured", scope) - } - - absBase, err := filepath.Abs(trimmedBase) - if err != nil { - return "", fmt.Errorf("%s: resolve base directory: %w", scope, err) - } - absPath, err := filepath.Abs(trimmedPath) - if err != nil { - return "", fmt.Errorf("%s: resolve path: %w", scope, err) - } - cleanBase := filepath.Clean(absBase) - cleanPath := filepath.Clean(absPath) - - rel, err := filepath.Rel(cleanBase, cleanPath) - if err != nil { - return "", fmt.Errorf("%s: compute relative path: %w", scope, err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("%s: path escapes managed directory", scope) - } - return cleanPath, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/path_guard_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/path_guard_test.go deleted file mode 100644 index 12e5edd685..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/path_guard_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package store - -import ( - "context" - "path/filepath" - "strings" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestObjectTokenStoreSaveRejectsPathOutsideAuthDir(t *testing.T) { - t.Parallel() - - authDir := filepath.Join(t.TempDir(), "auths") - store := &ObjectTokenStore{authDir: authDir} - outside := filepath.Join(t.TempDir(), "outside.json") - auth := &cliproxyauth.Auth{ - ID: "outside", - Disabled: true, - Attributes: map[string]string{ - "path": outside, - }, - } - - _, err := store.Save(context.Background(), auth) - if err == nil { - t.Fatal("expected error for path outside managed auth directory") - } - if !strings.Contains(err.Error(), "escapes") { - t.Fatalf("expected managed directory error, got: %v", err) - } -} - -func TestGitTokenStoreSaveRejectsPathOutsideAuthDir(t *testing.T) { - t.Parallel() - - baseDir := filepath.Join(t.TempDir(), "repo", "auths") - store := NewGitTokenStore("", "", "") - store.SetBaseDir(baseDir) - outside := filepath.Join(t.TempDir(), "outside.json") - auth := &cliproxyauth.Auth{ - ID: "outside", - Attributes: map[string]string{ - "path": outside, - }, - Metadata: map[string]any{"type": "test"}, - } - - _, err := store.Save(context.Background(), auth) - if err == nil { - t.Fatal("expected error for path outside managed auth directory") - } - if !strings.Contains(err.Error(), "escapes") { - t.Fatalf("expected managed directory error, got: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore.go deleted file mode 100644 index 03e4fd4f39..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore.go +++ /dev/null @@ -1,721 +0,0 @@ -package store - -import ( - "context" - "database/sql" - "encoding/json" - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - - _ "github.com/jackc/pgx/v5/stdlib" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -const ( - defaultConfigTable = "config_store" - defaultAuthTable = "auth_store" - defaultConfigKey = "config" -) - -// PostgresStoreConfig captures configuration required to initialize a Postgres-backed store. -type PostgresStoreConfig struct { - DSN string - Schema string - ConfigTable string - AuthTable string - SpoolDir string -} - -// PostgresStore persists configuration and authentication metadata using PostgreSQL as backend -// while mirroring data to a local workspace so existing file-based workflows continue to operate. -type PostgresStore struct { - db *sql.DB - cfg PostgresStoreConfig - spoolRoot string - configPath string - authDir string - mu sync.Mutex -} - -// NewPostgresStore establishes a connection to PostgreSQL and prepares the local workspace. -func NewPostgresStore(ctx context.Context, cfg PostgresStoreConfig) (*PostgresStore, error) { - trimmedDSN := strings.TrimSpace(cfg.DSN) - if trimmedDSN == "" { - return nil, fmt.Errorf("postgres store: DSN is required") - } - cfg.DSN = trimmedDSN - if cfg.ConfigTable == "" { - cfg.ConfigTable = defaultConfigTable - } - if cfg.AuthTable == "" { - cfg.AuthTable = defaultAuthTable - } - - spoolRoot := strings.TrimSpace(cfg.SpoolDir) - if spoolRoot == "" { - if cwd, err := os.Getwd(); err == nil { - spoolRoot = filepath.Join(cwd, "pgstore") - } else { - spoolRoot = filepath.Join(os.TempDir(), "pgstore") - } - } - absSpool, err := filepath.Abs(spoolRoot) - if err != nil { - return nil, fmt.Errorf("postgres store: resolve spool directory: %w", err) - } - configDir := filepath.Join(absSpool, "config") - authDir := filepath.Join(absSpool, "auths") - if err = os.MkdirAll(configDir, 0o700); err != nil { - return nil, fmt.Errorf("postgres store: create config directory: %w", err) - } - if err = os.MkdirAll(authDir, 0o700); err != nil { - return nil, fmt.Errorf("postgres store: create auth directory: %w", err) - } - - db, err := sql.Open("pgx", cfg.DSN) - if err != nil { - return nil, fmt.Errorf("postgres store: open database connection: %w", err) - } - if err = db.PingContext(ctx); err != nil { - _ = db.Close() - return nil, fmt.Errorf("postgres store: ping database: %w", err) - } - - store := &PostgresStore{ - db: db, - cfg: cfg, - spoolRoot: absSpool, - configPath: filepath.Join(configDir, "config.yaml"), - authDir: authDir, - } - return store, nil -} - -// Close releases the underlying database connection. -func (s *PostgresStore) Close() error { - if s == nil || s.db == nil { - return nil - } - return s.db.Close() -} - -// EnsureSchema creates the required tables (and schema when provided). -func (s *PostgresStore) EnsureSchema(ctx context.Context) error { - if s == nil || s.db == nil { - return fmt.Errorf("postgres store: not initialized") - } - if schema := strings.TrimSpace(s.cfg.Schema); schema != "" { - query := fmt.Sprintf("CREATE SCHEMA IF NOT EXISTS %s", quoteIdentifier(schema)) - if _, err := s.db.ExecContext(ctx, query); err != nil { - return fmt.Errorf("postgres store: create schema: %w", err) - } - } - configTable := s.fullTableName(s.cfg.ConfigTable) - if _, err := s.db.ExecContext(ctx, fmt.Sprintf(` - CREATE TABLE IF NOT EXISTS %s ( - id TEXT PRIMARY KEY, - content TEXT NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() - ) - `, configTable)); err != nil { - return fmt.Errorf("postgres store: create config table: %w", err) - } - authTable := s.fullTableName(s.cfg.AuthTable) - if _, err := s.db.ExecContext(ctx, fmt.Sprintf(` - CREATE TABLE IF NOT EXISTS %s ( - id TEXT PRIMARY KEY, - content JSONB NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() - ) - `, authTable)); err != nil { - return fmt.Errorf("postgres store: create auth table: %w", err) - } - return nil -} - -// Bootstrap synchronizes configuration and auth records between PostgreSQL and the local workspace. -func (s *PostgresStore) Bootstrap(ctx context.Context, exampleConfigPath string) error { - if err := s.EnsureSchema(ctx); err != nil { - return err - } - if err := s.syncConfigFromDatabase(ctx, exampleConfigPath); err != nil { - return err - } - if err := s.syncAuthFromDatabase(ctx); err != nil { - return err - } - return nil -} - -// ConfigPath returns the managed configuration file path inside the spool directory. -func (s *PostgresStore) ConfigPath() string { - if s == nil { - return "" - } - return s.configPath -} - -// AuthDir returns the local directory containing mirrored auth files. -func (s *PostgresStore) AuthDir() string { - if s == nil { - return "" - } - return s.authDir -} - -// WorkDir exposes the root spool directory used for mirroring. -func (s *PostgresStore) WorkDir() string { - if s == nil { - return "" - } - return s.spoolRoot -} - -// SetBaseDir implements the optional interface used by authenticators; it is a no-op because -// the Postgres-backed store controls its own workspace. -func (s *PostgresStore) SetBaseDir(string) {} - -// Save persists authentication metadata to disk and PostgreSQL. -func (s *PostgresStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("postgres store: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("postgres store: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); errors.Is(statErr, fs.ErrNotExist) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("postgres store: create auth directory: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("postgres store: marshal metadata: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if errRead != nil && !errors.Is(errRead, fs.ErrNotExist) { - return "", fmt.Errorf("postgres store: read existing metadata: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("postgres store: write temp auth file: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("postgres store: rename auth file: %w", errRename) - } - default: - return "", fmt.Errorf("postgres store: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - relID, err := s.relativeAuthID(path) - if err != nil { - return "", err - } - if err = s.upsertAuthRecord(ctx, relID, path); err != nil { - return "", err - } - return path, nil -} - -// List enumerates all auth records stored in PostgreSQL. -func (s *PostgresStore) List(ctx context.Context) ([]*cliproxyauth.Auth, error) { - query := fmt.Sprintf("SELECT id, content, created_at, updated_at FROM %s ORDER BY id", s.fullTableName(s.cfg.AuthTable)) - rows, err := s.db.QueryContext(ctx, query) - if err != nil { - return nil, fmt.Errorf("postgres store: list auth: %w", err) - } - defer func() { _ = rows.Close() }() - - auths := make([]*cliproxyauth.Auth, 0, 32) - for rows.Next() { - var ( - id string - payload string - createdAt time.Time - updatedAt time.Time - ) - if err = rows.Scan(&id, &payload, &createdAt, &updatedAt); err != nil { - return nil, fmt.Errorf("postgres store: scan auth row: %w", err) - } - path, errPath := s.absoluteAuthPath(id) - if errPath != nil { - log.WithError(errPath).Warnf("postgres store: skipping auth %s outside spool", id) - continue - } - metadata := make(map[string]any) - if err = json.Unmarshal([]byte(payload), &metadata); err != nil { - log.WithError(err).Warnf("postgres store: skipping auth %s with invalid json", id) - continue - } - provider := strings.TrimSpace(valueAsString(metadata["type"])) - if provider == "" { - provider = "unknown" - } - attr := map[string]string{"path": path} - if email := strings.TrimSpace(valueAsString(metadata["email"])); email != "" { - attr["email"] = email - } - auth := &cliproxyauth.Auth{ - ID: normalizeAuthID(id), - Provider: provider, - FileName: normalizeAuthID(id), - Label: labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: createdAt, - UpdatedAt: updatedAt, - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - auths = append(auths, auth) - } - if err = rows.Err(); err != nil { - return nil, fmt.Errorf("postgres store: iterate auth rows: %w", err) - } - return auths, nil -} - -// Delete removes an auth file and the corresponding database record. -func (s *PostgresStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("postgres store: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !errors.Is(err, fs.ErrNotExist) { - return fmt.Errorf("postgres store: delete auth file: %w", err) - } - relID, err := s.relativeAuthID(path) - if err != nil { - return err - } - return s.deleteAuthRecord(ctx, relID) -} - -// PersistAuthFiles stores the provided auth file changes in PostgreSQL. -func (s *PostgresStore) PersistAuthFiles(ctx context.Context, _ string, paths ...string) error { - if len(paths) == 0 { - return nil - } - s.mu.Lock() - defer s.mu.Unlock() - - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - relID, err := s.relativeAuthID(trimmed) - if err != nil { - // Attempt to resolve absolute path under authDir. - abs := trimmed - if !filepath.IsAbs(abs) { - abs = filepath.Join(s.authDir, trimmed) - } - relID, err = s.relativeAuthID(abs) - if err != nil { - log.WithError(err).Warnf("postgres store: ignoring auth path %s", trimmed) - continue - } - trimmed = abs - } - if err = s.syncAuthFile(ctx, relID, trimmed); err != nil { - return err - } - } - return nil -} - -// PersistConfig mirrors the local configuration file to PostgreSQL. -func (s *PostgresStore) PersistConfig(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - data, err := os.ReadFile(s.configPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteConfigRecord(ctx) - } - return fmt.Errorf("postgres store: read config file: %w", err) - } - return s.persistConfig(ctx, data) -} - -// syncConfigFromDatabase writes the database-stored config to disk or seeds the database from template. -func (s *PostgresStore) syncConfigFromDatabase(ctx context.Context, exampleConfigPath string) error { - query := fmt.Sprintf("SELECT content FROM %s WHERE id = $1", s.fullTableName(s.cfg.ConfigTable)) - var content string - err := s.db.QueryRowContext(ctx, query, defaultConfigKey).Scan(&content) - switch { - case errors.Is(err, sql.ErrNoRows): - if _, errStat := os.Stat(s.configPath); errors.Is(errStat, fs.ErrNotExist) { - if exampleConfigPath != "" { - if errCopy := misc.CopyConfigTemplate(exampleConfigPath, s.configPath); errCopy != nil { - return fmt.Errorf("postgres store: copy example config: %w", errCopy) - } - } else { - if errCreate := os.MkdirAll(filepath.Dir(s.configPath), 0o700); errCreate != nil { - return fmt.Errorf("postgres store: prepare config directory: %w", errCreate) - } - if errWrite := os.WriteFile(s.configPath, []byte{}, 0o600); errWrite != nil { - return fmt.Errorf("postgres store: create empty config: %w", errWrite) - } - } - } - data, errRead := os.ReadFile(s.configPath) - if errRead != nil { - return fmt.Errorf("postgres store: read local config: %w", errRead) - } - if errPersist := s.persistConfig(ctx, data); errPersist != nil { - return errPersist - } - case err != nil: - return fmt.Errorf("postgres store: load config from database: %w", err) - default: - if err = os.MkdirAll(filepath.Dir(s.configPath), 0o700); err != nil { - return fmt.Errorf("postgres store: prepare config directory: %w", err) - } - normalized := normalizeLineEndings(content) - if err = os.WriteFile(s.configPath, []byte(normalized), 0o600); err != nil { - return fmt.Errorf("postgres store: write config to spool: %w", err) - } - } - return nil -} - -// syncAuthFromDatabase populates the local auth directory from PostgreSQL data. -func (s *PostgresStore) syncAuthFromDatabase(ctx context.Context) error { - query := fmt.Sprintf("SELECT id, content FROM %s", s.fullTableName(s.cfg.AuthTable)) - rows, err := s.db.QueryContext(ctx, query) - if err != nil { - return fmt.Errorf("postgres store: load auth from database: %w", err) - } - defer func() { _ = rows.Close() }() - - if err = os.MkdirAll(s.authDir, 0o700); err != nil { - return fmt.Errorf("postgres store: recreate auth directory: %w", err) - } - - for rows.Next() { - var ( - id string - payload string - ) - if err = rows.Scan(&id, &payload); err != nil { - return fmt.Errorf("postgres store: scan auth row: %w", err) - } - path, errPath := s.absoluteAuthPath(id) - if errPath != nil { - log.WithError(errPath).Warnf("postgres store: skipping auth %s outside spool", id) - continue - } - if info, errInfo := os.Stat(path); errInfo == nil && info.IsDir() { - continue - } - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return fmt.Errorf("postgres store: create auth subdir: %w", err) - } - if err = os.WriteFile(path, []byte(payload), 0o600); err != nil { - return fmt.Errorf("postgres store: write auth file: %w", err) - } - } - if err = rows.Err(); err != nil { - return fmt.Errorf("postgres store: iterate auth rows: %w", err) - } - return nil -} - -func (s *PostgresStore) syncAuthFile(ctx context.Context, relID, path string) error { - data, err := os.ReadFile(path) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteAuthRecord(ctx, relID) - } - return fmt.Errorf("postgres store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthRecord(ctx, relID) - } - return s.persistAuth(ctx, relID, data) -} - -func (s *PostgresStore) upsertAuthRecord(ctx context.Context, relID, _ string) error { - path, err := s.absoluteAuthPath(relID) - if err != nil { - return fmt.Errorf("postgres store: resolve auth path: %w", err) - } - data, err := os.ReadFile(path) - if err != nil { - return fmt.Errorf("postgres store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthRecord(ctx, relID) - } - return s.persistAuth(ctx, relID, data) -} - -func (s *PostgresStore) persistAuth(ctx context.Context, relID string, data []byte) error { - jsonPayload := json.RawMessage(data) - query := fmt.Sprintf(` - INSERT INTO %s (id, content, created_at, updated_at) - VALUES ($1, $2, NOW(), NOW()) - ON CONFLICT (id) - DO UPDATE SET content = EXCLUDED.content, updated_at = NOW() - `, s.fullTableName(s.cfg.AuthTable)) - if _, err := s.db.ExecContext(ctx, query, relID, jsonPayload); err != nil { - return fmt.Errorf("postgres store: upsert auth record: %w", err) - } - return nil -} - -func (s *PostgresStore) deleteAuthRecord(ctx context.Context, relID string) error { - query := fmt.Sprintf("DELETE FROM %s WHERE id = $1", s.fullTableName(s.cfg.AuthTable)) - if _, err := s.db.ExecContext(ctx, query, relID); err != nil { - return fmt.Errorf("postgres store: delete auth record: %w", err) - } - return nil -} - -func (s *PostgresStore) persistConfig(ctx context.Context, data []byte) error { - query := fmt.Sprintf(` - INSERT INTO %s (id, content, created_at, updated_at) - VALUES ($1, $2, NOW(), NOW()) - ON CONFLICT (id) - DO UPDATE SET content = EXCLUDED.content, updated_at = NOW() - `, s.fullTableName(s.cfg.ConfigTable)) - normalized := normalizeLineEndings(string(data)) - if _, err := s.db.ExecContext(ctx, query, defaultConfigKey, normalized); err != nil { - return fmt.Errorf("postgres store: upsert config: %w", err) - } - return nil -} - -func (s *PostgresStore) deleteConfigRecord(ctx context.Context) error { - query := fmt.Sprintf("DELETE FROM %s WHERE id = $1", s.fullTableName(s.cfg.ConfigTable)) - if _, err := s.db.ExecContext(ctx, query, defaultConfigKey); err != nil { - return fmt.Errorf("postgres store: delete config: %w", err) - } - return nil -} - -func (s *PostgresStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("postgres store: auth is nil") - } - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - return s.ensureManagedAuthPath(p) - } - } - if fileName := strings.TrimSpace(auth.FileName); fileName != "" { - return s.ensureManagedAuthPath(fileName) - } - if auth.ID == "" { - return "", fmt.Errorf("postgres store: missing id") - } - return s.ensureManagedAuthPath(auth.ID) -} - -func (s *PostgresStore) resolveDeletePath(id string) (string, error) { - id = strings.TrimSpace(id) - if id == "" { - return "", fmt.Errorf("postgres store: id is empty") - } - return s.ensureManagedAuthPath(id) -} - -func (s *PostgresStore) ensureManagedAuthPath(path string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - authDir := strings.TrimSpace(s.authDir) - if authDir == "" { - return "", fmt.Errorf("postgres store: auth directory not configured") - } - absAuthDir, err := filepath.Abs(authDir) - if err != nil { - return "", fmt.Errorf("postgres store: resolve auth directory: %w", err) - } - candidate := strings.TrimSpace(path) - if candidate == "" { - return "", fmt.Errorf("postgres store: auth path is empty") - } - if !filepath.IsAbs(candidate) { - candidate = filepath.Join(absAuthDir, filepath.FromSlash(candidate)) - } - absCandidate, err := filepath.Abs(candidate) - if err != nil { - return "", fmt.Errorf("postgres store: resolve auth path %q: %w", path, err) - } - rel, err := filepath.Rel(absAuthDir, absCandidate) - if err != nil { - return "", fmt.Errorf("postgres store: compute relative auth path: %w", err) - } - if rel == "." || rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("postgres store: path %q outside managed directory", path) - } - return absCandidate, nil -} - -func (s *PostgresStore) relativeAuthID(path string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - if !filepath.IsAbs(path) { - path = filepath.Join(s.authDir, path) - } - clean := filepath.Clean(path) - rel, err := filepath.Rel(s.authDir, clean) - if err != nil { - return "", fmt.Errorf("postgres store: compute relative path: %w", err) - } - if strings.HasPrefix(rel, "..") { - return "", fmt.Errorf("postgres store: path %s outside managed directory", path) - } - return filepath.ToSlash(rel), nil -} - -func (s *PostgresStore) absoluteAuthPath(id string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - clean := filepath.Clean(filepath.FromSlash(id)) - if clean == "." || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("postgres store: invalid auth identifier %s", id) - } - path := filepath.Join(s.authDir, clean) - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return "", err - } - if strings.HasPrefix(rel, "..") { - return "", fmt.Errorf("postgres store: resolved auth path escapes auth directory") - } - return path, nil -} - -func (s *PostgresStore) resolveManagedAuthPath(candidate string) (string, error) { - trimmed := strings.TrimSpace(candidate) - if trimmed == "" { - return "", fmt.Errorf("postgres store: auth path is empty") - } - - var resolved string - if filepath.IsAbs(trimmed) { - resolved = filepath.Clean(trimmed) - } else { - resolved = filepath.Join(s.authDir, filepath.FromSlash(trimmed)) - resolved = filepath.Clean(resolved) - } - - rel, err := filepath.Rel(s.authDir, resolved) - if err != nil { - return "", fmt.Errorf("postgres store: compute relative path: %w", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("postgres store: path %q outside managed directory", candidate) - } - return resolved, nil -} - -func (s *PostgresStore) fullTableName(name string) string { - if strings.TrimSpace(s.cfg.Schema) == "" { - return quoteIdentifier(name) - } - return quoteIdentifier(s.cfg.Schema) + "." + quoteIdentifier(name) -} - -func quoteIdentifier(identifier string) string { - replaced := strings.ReplaceAll(identifier, "\"", "\"\"") - return "\"" + replaced + "\"" -} - -func valueAsString(v any) string { - switch t := v.(type) { - case string: - return t - case fmt.Stringer: - return t.String() - default: - return "" - } -} - -func labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v := strings.TrimSpace(valueAsString(metadata["label"])); v != "" { - return v - } - if v := strings.TrimSpace(valueAsString(metadata["email"])); v != "" { - return v - } - if v := strings.TrimSpace(valueAsString(metadata["project_id"])); v != "" { - return v - } - return "" -} - -func normalizeAuthID(id string) string { - return filepath.ToSlash(filepath.Clean(id)) -} - -func normalizeLineEndings(s string) string { - if s == "" { - return s - } - s = strings.ReplaceAll(s, "\r\n", "\n") - s = strings.ReplaceAll(s, "\r", "\n") - return s -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore_path_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore_path_test.go deleted file mode 100644 index 50cf943722..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore_path_test.go +++ /dev/null @@ -1,51 +0,0 @@ -package store - -import ( - "path/filepath" - "strings" - "testing" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestPostgresResolveAuthPathRejectsTraversalFromFileName(t *testing.T) { - t.Parallel() - - store := &PostgresStore{authDir: filepath.Join(t.TempDir(), "auths")} - auth := &cliproxyauth.Auth{FileName: "../escape.json"} - if _, err := store.resolveAuthPath(auth); err == nil { - t.Fatalf("expected traversal path rejection") - } -} - -func TestPostgresResolveAuthPathRejectsAbsoluteOutsideAuthDir(t *testing.T) { - t.Parallel() - - root := t.TempDir() - store := &PostgresStore{authDir: filepath.Join(root, "auths")} - outside := filepath.Join(root, "..", "outside.json") - auth := &cliproxyauth.Auth{Attributes: map[string]string{"path": outside}} - if _, err := store.resolveAuthPath(auth); err == nil { - t.Fatalf("expected outside absolute path rejection") - } -} - -func TestPostgresResolveDeletePathConstrainsToAuthDir(t *testing.T) { - t.Parallel() - - root := t.TempDir() - authDir := filepath.Join(root, "auths") - store := &PostgresStore{authDir: authDir} - - got, err := store.resolveDeletePath("team/provider.json") - if err != nil { - t.Fatalf("resolve delete path: %v", err) - } - rel, err := filepath.Rel(authDir, got) - if err != nil { - t.Fatalf("relative path: %v", err) - } - if strings.HasPrefix(rel, "..") || rel == "." { - t.Fatalf("path escaped auth directory: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore_test.go deleted file mode 100644 index 2e4e9b9fac..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/store/postgresstore_test.go +++ /dev/null @@ -1,148 +0,0 @@ -package store - -import ( - "context" - "database/sql" - "os" - "path/filepath" - "strings" - "testing" - - _ "modernc.org/sqlite" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestSyncAuthFromDatabase_PreservesLocalOnlyFiles(t *testing.T) { - t.Parallel() - - store, db := newSQLitePostgresStore(t) - t.Cleanup(func() { _ = db.Close() }) - - if _, err := db.Exec(`INSERT INTO "auth_store"(id, content) VALUES (?, ?)`, "nested/provider.json", `{"token":"db"}`); err != nil { - t.Fatalf("insert auth row: %v", err) - } - - localOnly := filepath.Join(store.authDir, "local-only.json") - if err := os.WriteFile(localOnly, []byte(`{"token":"local"}`), 0o600); err != nil { - t.Fatalf("seed local-only file: %v", err) - } - - if err := store.syncAuthFromDatabase(context.Background()); err != nil { - t.Fatalf("sync auth from database: %v", err) - } - - if _, err := os.Stat(localOnly); err != nil { - t.Fatalf("expected local-only file to be preserved: %v", err) - } - - mirrored := filepath.Join(store.authDir, "nested", "provider.json") - got, err := os.ReadFile(mirrored) - if err != nil { - t.Fatalf("read mirrored auth file: %v", err) - } - if string(got) != `{"token":"db"}` { - t.Fatalf("unexpected mirrored content: %s", got) - } -} - -func TestSyncAuthFromDatabase_ContinuesOnPathConflict(t *testing.T) { - t.Parallel() - - store, db := newSQLitePostgresStore(t) - t.Cleanup(func() { _ = db.Close() }) - - if _, err := db.Exec(`INSERT INTO "auth_store"(id, content) VALUES (?, ?)`, "conflict.json", `{"token":"db-conflict"}`); err != nil { - t.Fatalf("insert conflict auth row: %v", err) - } - if _, err := db.Exec(`INSERT INTO "auth_store"(id, content) VALUES (?, ?)`, "healthy.json", `{"token":"db-healthy"}`); err != nil { - t.Fatalf("insert healthy auth row: %v", err) - } - - conflictPath := filepath.Join(store.authDir, "conflict.json") - if err := os.MkdirAll(conflictPath, 0o700); err != nil { - t.Fatalf("seed conflicting directory: %v", err) - } - - if err := store.syncAuthFromDatabase(context.Background()); err != nil { - t.Fatalf("sync auth from database: %v", err) - } - - if info, err := os.Stat(conflictPath); err != nil { - t.Fatalf("stat conflict path: %v", err) - } else if !info.IsDir() { - t.Fatalf("expected conflict path to remain a directory") - } - - healthyPath := filepath.Join(store.authDir, "healthy.json") - got, err := os.ReadFile(healthyPath) - if err != nil { - t.Fatalf("read healthy mirrored auth file: %v", err) - } - if string(got) != `{"token":"db-healthy"}` { - t.Fatalf("unexpected healthy mirrored content: %s", got) - } -} - -func TestPostgresStoreSave_RejectsPathOutsideAuthDir(t *testing.T) { - t.Parallel() - - store, db := newSQLitePostgresStore(t) - t.Cleanup(func() { _ = db.Close() }) - - auth := &cliproxyauth.Auth{ - ID: "outside.json", - FileName: "../../outside.json", - Metadata: map[string]any{"type": "kiro"}, - } - _, err := store.Save(context.Background(), auth) - if err == nil { - t.Fatalf("expected save to reject path traversal") - } - if !strings.Contains(err.Error(), "outside managed directory") { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestPostgresStoreDelete_RejectsAbsolutePathOutsideAuthDir(t *testing.T) { - t.Parallel() - - store, db := newSQLitePostgresStore(t) - t.Cleanup(func() { _ = db.Close() }) - - outside := filepath.Join(filepath.Dir(store.authDir), "outside.json") - err := store.Delete(context.Background(), outside) - if err == nil { - t.Fatalf("expected delete to reject absolute path outside auth dir") - } - if !strings.Contains(err.Error(), "outside managed directory") { - t.Fatalf("unexpected error: %v", err) - } -} - -func newSQLitePostgresStore(t *testing.T) (*PostgresStore, *sql.DB) { - t.Helper() - - db, err := sql.Open("sqlite", ":memory:") - if err != nil { - t.Fatalf("open sqlite: %v", err) - } - if _, err = db.Exec(`CREATE TABLE "auth_store" (id TEXT PRIMARY KEY, content TEXT NOT NULL)`); err != nil { - _ = db.Close() - t.Fatalf("create auth table: %v", err) - } - - spool := t.TempDir() - authDir := filepath.Join(spool, "auths") - if err = os.MkdirAll(authDir, 0o700); err != nil { - _ = db.Close() - t.Fatalf("create auth dir: %v", err) - } - - store := &PostgresStore{ - db: db, - cfg: PostgresStoreConfig{AuthTable: "auth_store"}, - authDir: authDir, - } - return store, db -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply.go deleted file mode 100644 index 81cd9ddf34..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply.go +++ /dev/null @@ -1,544 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -package thinking - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// providerAppliers maps provider names to their ProviderApplier implementations. -var providerAppliers = map[string]ProviderApplier{ - "gemini": nil, - "gemini-cli": nil, - "claude": nil, - "openai": nil, - "codex": nil, - "iflow": nil, - "antigravity": nil, - "kimi": nil, -} - -// GetProviderApplier returns the ProviderApplier for the given provider name. -// Returns nil if the provider is not registered. -func GetProviderApplier(provider string) ProviderApplier { - return providerAppliers[provider] -} - -// RegisterProvider registers a provider applier by name. -func RegisterProvider(name string, applier ProviderApplier) { - providerAppliers[name] = applier -} - -// IsUserDefinedModel reports whether the model is a user-defined model that should -// have thinking configuration passed through without validation. -// -// User-defined models are configured via config file's models[] array -// (e.g., openai-compatibility.*.models[], *-api-key.models[]). These models -// are marked with UserDefined=true at registration time. -// -// User-defined models should have their thinking configuration applied directly, -// letting the upstream service validate the configuration. -func IsUserDefinedModel(modelInfo *registry.ModelInfo) bool { - if modelInfo == nil { - return true - } - return modelInfo.UserDefined -} - -// ApplyThinking applies thinking configuration to a request body. -// -// This is the unified entry point for all providers. It follows the processing -// order defined in FR25: route check → model capability query → config extraction -// → validation → application. -// -// Suffix Priority: When the model name includes a thinking suffix (e.g., "gemini-2.5-pro(8192)"), -// the suffix configuration takes priority over any thinking parameters in the request body. -// This enables users to override thinking settings via the model name without modifying their -// request payload. -// -// Parameters: -// - body: Original request body JSON -// - model: Model name, optionally with thinking suffix (e.g., "claude-sonnet-4-5(16384)") -// - fromFormat: Source request format (e.g., openai, codex, gemini) -// - toFormat: Target provider format for the request body (gemini, gemini-cli, antigravity, claude, openai, codex, iflow) -// - providerKey: Provider identifier used for registry model lookups (may differ from toFormat, e.g., openrouter -> openai) -// -// Returns: -// - Modified request body JSON with thinking configuration applied -// - Error if validation fails (ThinkingError). On error, the original body -// is returned (not nil) to enable defensive programming patterns. -// -// Passthrough behavior (returns original body without error): -// - Unknown provider (not in providerAppliers map) -// - modelInfo.Thinking is nil (model doesn't support thinking) -// -// Note: Unknown models (modelInfo is nil) are treated as user-defined models: we skip -// validation and still apply the thinking config so the upstream can validate it. -// -// Example: -// -// // With suffix - suffix config takes priority -// result, err := thinking.ApplyThinking(body, "gemini-2.5-pro(8192)", "gemini", "gemini", "gemini") -// -// // Without suffix - uses body config -// result, err := thinking.ApplyThinking(body, "gemini-2.5-pro", "gemini", "gemini", "gemini") -func ApplyThinking(body []byte, model string, fromFormat string, toFormat string, providerKey string) ([]byte, error) { - providerFormat := strings.ToLower(strings.TrimSpace(toFormat)) - providerKey = strings.ToLower(strings.TrimSpace(providerKey)) - if providerKey == "" { - providerKey = providerFormat - } - fromFormat = strings.ToLower(strings.TrimSpace(fromFormat)) - if fromFormat == "" { - fromFormat = providerFormat - } - // 1. Route check: Get provider applier - applier := GetProviderApplier(providerFormat) - if applier == nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - }).Debug("thinking: unknown provider, passthrough |") - return body, nil - } - - // 2. Parse suffix and get modelInfo - suffixResult := ParseSuffix(model) - baseModel := suffixResult.ModelName - // Use provider-specific lookup to handle capability differences across providers. - modelInfo := registry.LookupModelInfo(baseModel, providerKey) - - // 3. Model capability check - // Unknown models are treated as user-defined so thinking config can still be applied. - // The upstream service is responsible for validating the configuration. - if IsUserDefinedModel(modelInfo) { - return applyUserDefinedModel(body, modelInfo, fromFormat, providerFormat, suffixResult) - } - if modelInfo.Thinking == nil { - config := extractThinkingConfig(body, providerFormat) - if hasThinkingConfig(config) { - // nolint:gosec // false positive: logging model name, not secret - log.WithFields(log.Fields{ - "model": baseModel, - "provider": providerFormat, - }).Debug("thinking: model does not support thinking, stripping config |") - return StripThinkingConfig(body, providerFormat), nil - } - log.Debug("thinking: model does not support thinking, passthrough |") - return body, nil - } - - // 4. Get config: suffix priority over body - var config ThinkingConfig - if suffixResult.HasSuffix { - config = parseSuffixToConfig(suffixResult.RawSuffix, providerFormat, model) - log.WithFields(log.Fields{ - "provider": providerFormat, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: config from model suffix |") - } else { - config = extractThinkingConfig(body, providerFormat) - if hasThinkingConfig(config) { - log.WithField("provider", providerFormat).Debug("thinking: request includes thinking config |") - } - } - - if !hasThinkingConfig(config) { - // Force thinking for thinking models even without explicit config - // Models with "thinking" in their name should have thinking enabled by default - if isForcedThinkingModel(modelInfo.ID, model) { - config = ThinkingConfig{Mode: ModeAuto, Budget: -1} - log.WithFields(log.Fields{ - "provider": providerFormat, - "mode": config.Mode, - "forced": true, - }).Debug("thinking: forced thinking for thinking model |") - } else { - // nolint:gosec // false positive: logging model name, not secret - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - }).Debug("thinking: no config found, passthrough |") - return body, nil - } - } - - // 5. Validate and normalize configuration - validated, err := ValidateConfig(config, modelInfo, fromFormat, providerFormat, suffixResult.HasSuffix) - if err != nil { - log.Warn("thinking: validation failed |") - // Return original body on validation failure (defensive programming). - // This ensures callers who ignore the error won't receive nil body. - // The upstream service will decide how to handle the unmodified request. - return body, err - } - - // Defensive check: ValidateConfig should never return (nil, nil) - if validated == nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - }).Warn("thinking: ValidateConfig returned nil config without error, passthrough |") - return body, nil - } - - log.WithFields(log.Fields{ - "provider": redactLogText(providerFormat), - "model": redactLogText(modelInfo.ID), - "mode": redactLogMode(validated.Mode), - "budget": redactLogInt(validated.Budget), - "level": redactLogLevel(validated.Level), - }).Debug("thinking: processed config to apply |") - - // 6. Apply configuration using provider-specific applier - return applier.Apply(body, *validated, modelInfo) -} - -// parseSuffixToConfig converts a raw suffix string to ThinkingConfig. -// -// Parsing priority: -// 1. Special values: "none" → ModeNone, "auto"/"-1" → ModeAuto -// 2. Level names: "minimal", "low", "medium", "high", "xhigh" → ModeLevel -// 3. Numeric values: positive integers → ModeBudget, 0 → ModeNone -// -// If none of the above match, returns empty ThinkingConfig (treated as no config). -func parseSuffixToConfig(rawSuffix, provider, model string) ThinkingConfig { - // 1. Try special values first (none, auto, -1) - if mode, ok := ParseSpecialSuffix(rawSuffix); ok { - switch mode { - case ModeNone: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case ModeAuto: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - } - } - - // 2. Try level parsing (minimal, low, medium, high, xhigh) - if level, ok := ParseLevelSuffix(rawSuffix); ok { - return ThinkingConfig{Mode: ModeLevel, Level: level} - } - - // 3. Try numeric parsing - if budget, ok := ParseNumericSuffix(rawSuffix); ok { - if budget == 0 { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeBudget, Budget: budget} - } - - // Unknown suffix format - return empty config - log.WithFields(log.Fields{ - "provider": redactLogText(provider), - "model": redactLogText(model), - "raw_suffix": redactLogText(rawSuffix), - }).Debug("thinking: unknown suffix format, treating as no config |") - return ThinkingConfig{} -} - -// applyUserDefinedModel applies thinking configuration for user-defined models -// without ThinkingSupport validation. -func applyUserDefinedModel(body []byte, modelInfo *registry.ModelInfo, fromFormat, toFormat string, suffixResult SuffixResult) ([]byte, error) { - // Get model ID for logging - modelID := "" - if modelInfo != nil { - modelID = modelInfo.ID - } else { - modelID = suffixResult.ModelName - } - - // Get config: suffix priority over body - var config ThinkingConfig - if suffixResult.HasSuffix { - config = parseSuffixToConfig(suffixResult.RawSuffix, toFormat, modelID) - } else { - config = extractThinkingConfig(body, toFormat) - } - - if !hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "model": redactLogText(modelID), - "provider": redactLogText(toFormat), - }).Debug("thinking: user-defined model, passthrough (no config) |") - return body, nil - } - - applier := GetProviderApplier(toFormat) - if applier == nil { - log.WithFields(log.Fields{ - "model": redactLogText(modelID), - "provider": redactLogText(toFormat), - }).Debug("thinking: user-defined model, passthrough (unknown provider) |") - return body, nil - } - - log.WithFields(log.Fields{ - "provider": redactLogText(toFormat), - "model": redactLogText(modelID), - "mode": redactLogMode(config.Mode), - "budget": redactLogInt(config.Budget), - "level": redactLogLevel(config.Level), - }).Debug("thinking: applying config for user-defined model (skip validation)") - - config = normalizeUserDefinedConfig(config, fromFormat, toFormat) - return applier.Apply(body, config, modelInfo) -} - -func normalizeUserDefinedConfig(config ThinkingConfig, fromFormat, toFormat string) ThinkingConfig { - if config.Mode != ModeLevel { - return config - } - if !isBudgetBasedProvider(toFormat) || !isLevelBasedProvider(fromFormat) { - return config - } - budget, ok := ConvertLevelToBudget(string(config.Level)) - if !ok { - return config - } - config.Mode = ModeBudget - config.Budget = budget - config.Level = "" - return config -} - -// extractThinkingConfig extracts provider-specific thinking config from request body. -func extractThinkingConfig(body []byte, provider string) ThinkingConfig { - if len(body) == 0 || !gjson.ValidBytes(body) { - return ThinkingConfig{} - } - - switch provider { - case "claude": - return extractClaudeConfig(body) - case "gemini", "gemini-cli", "antigravity": - return extractGeminiConfig(body, provider) - case "openai": - return extractOpenAIConfig(body) - case "codex": - return extractCodexConfig(body) - case "iflow": - config := extractIFlowConfig(body) - if hasThinkingConfig(config) { - return config - } - return extractOpenAIConfig(body) - case "kimi": - // Kimi uses OpenAI-compatible reasoning_effort format - return extractOpenAIConfig(body) - default: - return ThinkingConfig{} - } -} - -func hasThinkingConfig(config ThinkingConfig) bool { - return config.Mode != ModeBudget || config.Budget != 0 || config.Level != "" -} - -// extractClaudeConfig extracts thinking configuration from Claude format request body. -// -// Claude API format: -// - thinking.type: "enabled" or "disabled" -// - thinking.budget_tokens: integer (-1=auto, 0=disabled, >0=budget) -// - output_config.effort: "low", "medium", "high" (Claude Opus 4.6+) -// -// Priority: thinking.type="disabled" takes precedence over budget_tokens. -// output_config.effort is checked first as it's the newer format. -// When type="enabled" without budget_tokens, returns ModeAuto to indicate -// the user wants thinking enabled but didn't specify a budget. -func extractClaudeConfig(body []byte) ThinkingConfig { - // Check output_config.effort first (newer format for Claude Opus 4.6+) - if effort := gjson.GetBytes(body, "output_config.effort"); effort.Exists() { - value := strings.ToLower(strings.TrimSpace(effort.String())) - switch value { - case "none", "": - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case "auto": - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - // Treat as level (low, medium, high) - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - } - - thinkingType := gjson.GetBytes(body, "thinking.type").String() - if thinkingType == "disabled" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - // Check budget_tokens - if budget := gjson.GetBytes(body, "thinking.budget_tokens"); budget.Exists() { - value := int(budget.Int()) - switch value { - case 0: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case -1: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeBudget, Budget: value} - } - } - - // If type="enabled" but no budget_tokens, treat as auto (user wants thinking but no budget specified) - if thinkingType == "enabled" { - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - } - - return ThinkingConfig{} -} - -// extractGeminiConfig extracts thinking configuration from Gemini format request body. -// -// Gemini API format: -// - generationConfig.thinkingConfig.thinkingLevel: "none", "auto", or level name (Gemini 3) -// - generationConfig.thinkingConfig.thinkingBudget: integer (Gemini 2.5) -// -// For gemini-cli and antigravity providers, the path is prefixed with "request.". -// -// Priority: thinkingLevel is checked first (Gemini 3 format), then thinkingBudget (Gemini 2.5 format). -// This allows newer Gemini 3 level-based configs to take precedence. -func extractGeminiConfig(body []byte, provider string) ThinkingConfig { - prefix := "generationConfig.thinkingConfig" - if provider == "gemini-cli" || provider == "antigravity" { - prefix = "request.generationConfig.thinkingConfig" - } - - // Check thinkingLevel first (Gemini 3 format takes precedence) - level := gjson.GetBytes(body, prefix+".thinkingLevel") - if !level.Exists() { - // Google official Gemini Python SDK sends snake_case field names - level = gjson.GetBytes(body, prefix+".thinking_level") - } - if level.Exists() { - value := level.String() - switch value { - case "none": - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case "auto": - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - } - - // Check thinkingBudget (Gemini 2.5 format) - budget := gjson.GetBytes(body, prefix+".thinkingBudget") - if !budget.Exists() { - // Google official Gemini Python SDK sends snake_case field names - budget = gjson.GetBytes(body, prefix+".thinking_budget") - } - if budget.Exists() { - value := int(budget.Int()) - switch value { - case 0: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case -1: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeBudget, Budget: value} - } - } - - return ThinkingConfig{} -} - -// extractOpenAIConfig extracts thinking configuration from OpenAI format request body. -// -// OpenAI API format: -// - reasoning_effort: "none", "low", "medium", "high" (discrete levels) -// -// OpenAI uses level-based thinking configuration only, no numeric budget support. -// The "none" value is treated specially to return ModeNone. -func extractOpenAIConfig(body []byte) ThinkingConfig { - // Check reasoning_effort (OpenAI Chat Completions format) - if effort := gjson.GetBytes(body, "reasoning_effort"); effort.Exists() { - value := effort.String() - if value == "none" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - - return ThinkingConfig{} -} - -// extractCodexConfig extracts thinking configuration from Codex format request body. -// -// Codex API format (OpenAI Responses API): -// - reasoning.effort: "none", "low", "medium", "high" -// -// This is similar to OpenAI but uses nested field "reasoning.effort" instead of "reasoning_effort". -func extractCodexConfig(body []byte) ThinkingConfig { - // Check reasoning.effort (Codex / OpenAI Responses API format) - if effort := gjson.GetBytes(body, "reasoning.effort"); effort.Exists() { - value := effort.String() - if value == "none" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - - // Compatibility fallback: some clients send Claude-style `variant` - // instead of OpenAI/Codex `reasoning.effort`. - if variant := gjson.GetBytes(body, "variant"); variant.Exists() { - switch strings.ToLower(strings.TrimSpace(variant.String())) { - case "none": - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case "xhigh", "x-high", "x_high": - return ThinkingConfig{Mode: ModeLevel, Level: LevelXHigh} - case "high": - return ThinkingConfig{Mode: ModeLevel, Level: LevelHigh} - case "medium": - return ThinkingConfig{Mode: ModeLevel, Level: LevelMedium} - case "low": - return ThinkingConfig{Mode: ModeLevel, Level: LevelLow} - case "minimal": - return ThinkingConfig{Mode: ModeLevel, Level: LevelMinimal} - case "auto": - return ThinkingConfig{Mode: ModeLevel, Level: LevelAuto} - } - } - - return ThinkingConfig{} -} - -// extractIFlowConfig extracts thinking configuration from iFlow format request body. -// -// iFlow API format (supports multiple model families): -// - GLM format: chat_template_kwargs.enable_thinking (boolean) -// - MiniMax format: reasoning_split (boolean) -// -// Returns ModeBudget with Budget=1 as a sentinel value indicating "enabled". -// The actual budget/configuration is determined by the iFlow applier based on model capabilities. -// Budget=1 is used because iFlow models don't use numeric budgets; they only support on/off. -func extractIFlowConfig(body []byte) ThinkingConfig { - // GLM format: chat_template_kwargs.enable_thinking - if enabled := gjson.GetBytes(body, "chat_template_kwargs.enable_thinking"); enabled.Exists() { - if enabled.Bool() { - // Budget=1 is a sentinel meaning "enabled" (iFlow doesn't use numeric budgets) - return ThinkingConfig{Mode: ModeBudget, Budget: 1} - } - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - // MiniMax format: reasoning_split - if split := gjson.GetBytes(body, "reasoning_split"); split.Exists() { - if split.Bool() { - // Budget=1 is a sentinel meaning "enabled" (iFlow doesn't use numeric budgets) - return ThinkingConfig{Mode: ModeBudget, Budget: 1} - } - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - return ThinkingConfig{} -} - -// isForcedThinkingModel checks if a model should have thinking forced on. -// Models with "thinking" in their name (like claude-opus-4-6-thinking) should -// have thinking enabled by default even without explicit budget. -func isForcedThinkingModel(modelID, fullModelName string) bool { - return strings.Contains(strings.ToLower(modelID), "thinking") || - strings.Contains(strings.ToLower(fullModelName), "thinking") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply_codex_variant_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply_codex_variant_test.go deleted file mode 100644 index 2bca12073a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply_codex_variant_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package thinking - -import "testing" - -func TestExtractCodexConfig_PrefersReasoningEffortOverVariant(t *testing.T) { - body := []byte(`{"reasoning":{"effort":"high"},"variant":"low"}`) - cfg := extractCodexConfig(body) - - if cfg.Mode != ModeLevel || cfg.Level != LevelHigh { - t.Fatalf("unexpected config: %+v", cfg) - } -} - -func TestExtractCodexConfig_VariantFallback(t *testing.T) { - tests := []struct { - name string - body string - want ThinkingConfig - }{ - { - name: "high", - body: `{"variant":"high"}`, - want: ThinkingConfig{Mode: ModeLevel, Level: LevelHigh}, - }, - { - name: "x-high alias", - body: `{"variant":"x-high"}`, - want: ThinkingConfig{Mode: ModeLevel, Level: LevelXHigh}, - }, - { - name: "none", - body: `{"variant":"none"}`, - want: ThinkingConfig{Mode: ModeNone, Budget: 0}, - }, - { - name: "auto", - body: `{"variant":"auto"}`, - want: ThinkingConfig{Mode: ModeLevel, Level: LevelAuto}, - }, - { - name: "unknown", - body: `{"variant":"mystery"}`, - want: ThinkingConfig{}, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := extractCodexConfig([]byte(tt.body)) - if got != tt.want { - t.Fatalf("got=%+v want=%+v", got, tt.want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply_logging_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply_logging_test.go deleted file mode 100644 index 5f5902f931..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/apply_logging_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package thinking - -import ( - "bytes" - "strings" - "testing" - - log "github.com/sirupsen/logrus" -) - -func TestApplyThinking_UnknownProviderLogDoesNotExposeModel(t *testing.T) { - var buf bytes.Buffer - prevOut := log.StandardLogger().Out - prevLevel := log.GetLevel() - log.SetOutput(&buf) - log.SetLevel(log.DebugLevel) - t.Cleanup(func() { - log.SetOutput(prevOut) - log.SetLevel(prevLevel) - }) - - model := "sensitive-user-model" - if _, err := ApplyThinking([]byte(`{"messages":[]}`), model, "", "unknown-provider", ""); err != nil { - t.Fatalf("ApplyThinking returned unexpected error: %v", err) - } - - logs := buf.String() - if !strings.Contains(logs, "thinking: unknown provider") { - t.Fatalf("expected unknown provider log, got %q", logs) - } - if strings.Contains(logs, model) { - t.Fatalf("log output leaked model value: %q", logs) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/convert.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/convert.go deleted file mode 100644 index ea4c50c37c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/convert.go +++ /dev/null @@ -1,142 +0,0 @@ -package thinking - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -// levelToBudgetMap defines the standard Level → Budget mapping. -// All keys are lowercase; lookups should use strings.ToLower. -var levelToBudgetMap = map[string]int{ - "none": 0, - "auto": -1, - "minimal": 512, - "low": 1024, - "medium": 8192, - "high": 24576, - "xhigh": 32768, -} - -// ConvertLevelToBudget converts a thinking level to a budget value. -// -// This is a semantic conversion that maps discrete levels to numeric budgets. -// Level matching is case-insensitive. -// -// Level → Budget mapping: -// - none → 0 -// - auto → -1 -// - minimal → 512 -// - low → 1024 -// - medium → 8192 -// - high → 24576 -// - xhigh → 32768 -// -// Returns: -// - budget: The converted budget value -// - ok: true if level is valid, false otherwise -func ConvertLevelToBudget(level string) (int, bool) { - budget, ok := levelToBudgetMap[strings.ToLower(level)] - return budget, ok -} - -// BudgetThreshold constants define the upper bounds for each thinking level. -// These are used by ConvertBudgetToLevel for range-based mapping. -const ( - // ThresholdMinimal is the upper bound for "minimal" level (1-512) - ThresholdMinimal = 512 - // ThresholdLow is the upper bound for "low" level (513-1024) - ThresholdLow = 1024 - // ThresholdMedium is the upper bound for "medium" level (1025-8192) - ThresholdMedium = 8192 - // ThresholdHigh is the upper bound for "high" level (8193-24576) - ThresholdHigh = 24576 -) - -// ConvertBudgetToLevel converts a budget value to the nearest thinking level. -// -// This is a semantic conversion that maps numeric budgets to discrete levels. -// Uses threshold-based mapping for range conversion. -// -// Budget → Level thresholds: -// - -1 → auto -// - 0 → none -// - 1-512 → minimal -// - 513-1024 → low -// - 1025-8192 → medium -// - 8193-24576 → high -// - 24577+ → xhigh -// -// Returns: -// - level: The converted thinking level string -// - ok: true if budget is valid, false for invalid negatives (< -1) -func ConvertBudgetToLevel(budget int) (string, bool) { - switch { - case budget < -1: - // Invalid negative values - return "", false - case budget == -1: - return string(LevelAuto), true - case budget == 0: - return string(LevelNone), true - case budget <= ThresholdMinimal: - return string(LevelMinimal), true - case budget <= ThresholdLow: - return string(LevelLow), true - case budget <= ThresholdMedium: - return string(LevelMedium), true - case budget <= ThresholdHigh: - return string(LevelHigh), true - default: - return string(LevelXHigh), true - } -} - -// ModelCapability describes the thinking format support of a model. -type ModelCapability int - -const ( - // CapabilityUnknown indicates modelInfo is nil (passthrough behavior, internal use). - CapabilityUnknown ModelCapability = iota - 1 - // CapabilityNone indicates model doesn't support thinking (Thinking is nil). - CapabilityNone - // CapabilityBudgetOnly indicates the model supports numeric budgets only. - CapabilityBudgetOnly - // CapabilityLevelOnly indicates the model supports discrete levels only. - CapabilityLevelOnly - // CapabilityHybrid indicates the model supports both budgets and levels. - CapabilityHybrid -) - -// detectModelCapability determines the thinking format capability of a model. -// -// This is an internal function used by validation and conversion helpers. -// It analyzes the model's ThinkingSupport configuration to classify the model: -// - CapabilityNone: modelInfo.Thinking is nil (model doesn't support thinking) -// - CapabilityBudgetOnly: Has Min/Max but no Levels (Claude, Gemini 2.5) -// - CapabilityLevelOnly: Has Levels but no Min/Max (OpenAI, iFlow) -// - CapabilityHybrid: Has both Min/Max and Levels (Gemini 3) -// -// Note: Returns a special sentinel value when modelInfo itself is nil (unknown model). -func detectModelCapability(modelInfo *registry.ModelInfo) ModelCapability { - if modelInfo == nil { - return CapabilityUnknown // sentinel for "passthrough" behavior - } - if modelInfo.Thinking == nil { - return CapabilityNone - } - support := modelInfo.Thinking - hasBudget := support.Min > 0 || support.Max > 0 - hasLevels := len(support.Levels) > 0 - - switch { - case hasBudget && hasLevels: - return CapabilityHybrid - case hasBudget: - return CapabilityBudgetOnly - case hasLevels: - return CapabilityLevelOnly - default: - return CapabilityNone - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/convert_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/convert_test.go deleted file mode 100644 index e2e800e345..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/convert_test.go +++ /dev/null @@ -1,53 +0,0 @@ -package thinking - -import ( - "testing" -) - -func TestConvertLevelToBudget(t *testing.T) { - cases := []struct { - level string - want int - wantOk bool - }{ - {"none", 0, true}, - {"auto", -1, true}, - {"minimal", 512, true}, - {"low", 1024, true}, - {"medium", 8192, true}, - {"high", 24576, true}, - {"xhigh", 32768, true}, - {"UNKNOWN", 0, false}, - } - - for _, tc := range cases { - got, ok := ConvertLevelToBudget(tc.level) - if got != tc.want || ok != tc.wantOk { - t.Errorf("ConvertLevelToBudget(%q) = (%d, %v), want (%d, %v)", tc.level, got, ok, tc.want, tc.wantOk) - } - } -} - -func TestConvertBudgetToLevel(t *testing.T) { - cases := []struct { - budget int - want string - wantOk bool - }{ - {-2, "", false}, - {-1, "auto", true}, - {0, "none", true}, - {100, "minimal", true}, - {600, "low", true}, - {2000, "medium", true}, - {10000, "high", true}, - {30000, "xhigh", true}, - } - - for _, tc := range cases { - got, ok := ConvertBudgetToLevel(tc.budget) - if got != tc.want || ok != tc.wantOk { - t.Errorf("ConvertBudgetToLevel(%d) = (%q, %v), want (%q, %v)", tc.budget, got, ok, tc.want, tc.wantOk) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/errors.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/errors.go deleted file mode 100644 index 5eed93814e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/errors.go +++ /dev/null @@ -1,82 +0,0 @@ -// Package thinking provides unified thinking configuration processing logic. -package thinking - -import "net/http" - -// ErrorCode represents the type of thinking configuration error. -type ErrorCode string - -// Error codes for thinking configuration processing. -const ( - // ErrInvalidSuffix indicates the suffix format cannot be parsed. - // Example: "model(abc" (missing closing parenthesis) - ErrInvalidSuffix ErrorCode = "INVALID_SUFFIX" - - // ErrUnknownLevel indicates the level value is not in the valid list. - // Example: "model(ultra)" where "ultra" is not a valid level - ErrUnknownLevel ErrorCode = "UNKNOWN_LEVEL" - - // ErrThinkingNotSupported indicates the model does not support thinking. - // Example: claude-haiku-4-5 does not have thinking capability - ErrThinkingNotSupported ErrorCode = "THINKING_NOT_SUPPORTED" - - // ErrLevelNotSupported indicates the model does not support level mode. - // Example: using level with a budget-only model - ErrLevelNotSupported ErrorCode = "LEVEL_NOT_SUPPORTED" - - // ErrBudgetOutOfRange indicates the budget value is outside model range. - // Example: budget 64000 exceeds max 20000 - ErrBudgetOutOfRange ErrorCode = "BUDGET_OUT_OF_RANGE" - - // ErrProviderMismatch indicates the provider does not match the model. - // Example: applying Claude format to a Gemini model - ErrProviderMismatch ErrorCode = "PROVIDER_MISMATCH" -) - -// ThinkingError represents an error that occurred during thinking configuration processing. -// -// This error type provides structured information about the error, including: -// - Code: A machine-readable error code for programmatic handling -// - Message: A human-readable description of the error -// - Model: The model name related to the error (optional) -// - Details: Additional context information (optional) -type ThinkingError struct { - // Code is the machine-readable error code - Code ErrorCode - // Message is the human-readable error description. - // Should be lowercase, no trailing period, with context if applicable. - Message string - // Model is the model name related to this error (optional) - Model string - // Details contains additional context information (optional) - Details map[string]interface{} -} - -// Error implements the error interface. -// Returns the message directly without code prefix. -// Use Code field for programmatic error handling. -func (e *ThinkingError) Error() string { - return e.Message -} - -// NewThinkingError creates a new ThinkingError with the given code and message. -func NewThinkingError(code ErrorCode, message string) *ThinkingError { - return &ThinkingError{ - Code: code, - Message: message, - } -} - -// NewThinkingErrorWithModel creates a new ThinkingError with model context. -func NewThinkingErrorWithModel(code ErrorCode, message, model string) *ThinkingError { - return &ThinkingError{ - Code: code, - Message: message, - Model: model, - } -} - -// StatusCode implements a portable status code interface for HTTP handlers. -func (e *ThinkingError) StatusCode() int { - return http.StatusBadRequest -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/log_redaction.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/log_redaction.go deleted file mode 100644 index f2e450a5b8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/log_redaction.go +++ /dev/null @@ -1,34 +0,0 @@ -package thinking - -import ( - "fmt" - "strings" -) - -const redactedLogValue = "[REDACTED]" - -func redactLogText(value string) string { - if strings.TrimSpace(value) == "" { - return "" - } - return redactedLogValue -} - -func redactLogInt(_ int) string { - return redactedLogValue -} - -func redactLogMode(_ ThinkingMode) string { - return redactedLogValue -} - -func redactLogLevel(_ ThinkingLevel) string { - return redactedLogValue -} - -func redactLogError(err error) string { - if err == nil { - return "" - } - return fmt.Sprintf("%T", err) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/log_redaction_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/log_redaction_test.go deleted file mode 100644 index 3c66972fce..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/log_redaction_test.go +++ /dev/null @@ -1,213 +0,0 @@ -package thinking - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - log "github.com/sirupsen/logrus" - "github.com/sirupsen/logrus/hooks/test" -) - -type redactionTestApplier struct{} - -func (redactionTestApplier) Apply(body []byte, _ ThinkingConfig, _ *registry.ModelInfo) ([]byte, error) { - return body, nil -} - -func TestThinkingValidateLogsRedactSensitiveValues(t *testing.T) { - hook := test.NewLocal(log.StandardLogger()) - defer hook.Reset() - - previousLevel := log.GetLevel() - log.SetLevel(log.DebugLevel) - defer log.SetLevel(previousLevel) - - providerSecret := "provider-secret-l6-validate" - modelSecret := "model-secret-l6-validate" - - convertAutoToMidRange( - ThinkingConfig{Mode: ModeAuto, Budget: -1}, - ®istry.ThinkingSupport{Levels: []string{"low", "high"}}, - providerSecret, - modelSecret, - ) - - convertAutoToMidRange( - ThinkingConfig{Mode: ModeAuto, Budget: -1}, - ®istry.ThinkingSupport{Min: 1000, Max: 3000}, - providerSecret, - modelSecret, - ) - - clampLevel( - LevelMedium, - ®istry.ModelInfo{ - ID: modelSecret, - Thinking: ®istry.ThinkingSupport{ - Levels: []string{"low", "high"}, - }, - }, - providerSecret, - ) - - clampBudget( - 0, - ®istry.ModelInfo{ - ID: modelSecret, - Thinking: ®istry.ThinkingSupport{ - Min: 1024, - Max: 8192, - ZeroAllowed: false, - }, - }, - providerSecret, - ) - - logClamp(providerSecret, modelSecret, 9999, 8192, 1024, 8192) - - assertLogFieldRedacted(t, hook, "thinking: mode converted, dynamic not allowed, using medium level |", "provider") - assertLogFieldRedacted(t, hook, "thinking: mode converted, dynamic not allowed, using medium level |", "model") - assertLogFieldRedacted(t, hook, "thinking: mode converted, dynamic not allowed, using medium level |", "clamped_to") - - assertLogFieldRedacted(t, hook, "thinking: mode converted, dynamic not allowed |", "provider") - assertLogFieldRedacted(t, hook, "thinking: mode converted, dynamic not allowed |", "model") - assertLogFieldRedacted(t, hook, "thinking: mode converted, dynamic not allowed |", "clamped_to") - - assertLogFieldRedacted(t, hook, "thinking: level clamped |", "provider") - assertLogFieldRedacted(t, hook, "thinking: level clamped |", "model") - assertLogFieldRedacted(t, hook, "thinking: level clamped |", "original_value") - assertLogFieldRedacted(t, hook, "thinking: level clamped |", "clamped_to") - - assertLogFieldRedacted(t, hook, "thinking: budget zero not allowed |", "provider") - assertLogFieldRedacted(t, hook, "thinking: budget zero not allowed |", "model") - assertLogFieldRedacted(t, hook, "thinking: budget zero not allowed |", "original_value") - assertLogFieldRedacted(t, hook, "thinking: budget zero not allowed |", "min") - assertLogFieldRedacted(t, hook, "thinking: budget zero not allowed |", "max") - assertLogFieldRedacted(t, hook, "thinking: budget zero not allowed |", "clamped_to") - - assertLogFieldRedacted(t, hook, "thinking: budget clamped |", "provider") - assertLogFieldRedacted(t, hook, "thinking: budget clamped |", "model") - assertLogFieldRedacted(t, hook, "thinking: budget clamped |", "original_value") - assertLogFieldRedacted(t, hook, "thinking: budget clamped |", "min") - assertLogFieldRedacted(t, hook, "thinking: budget clamped |", "max") - assertLogFieldRedacted(t, hook, "thinking: budget clamped |", "clamped_to") -} - -func TestThinkingApplyLogsRedactSensitiveValues(t *testing.T) { - hook := test.NewLocal(log.StandardLogger()) - defer hook.Reset() - - previousLevel := log.GetLevel() - log.SetLevel(log.DebugLevel) - defer log.SetLevel(previousLevel) - - previousClaude := GetProviderApplier("claude") - RegisterProvider("claude", redactionTestApplier{}) - defer RegisterProvider("claude", previousClaude) - - modelSecret := "model-secret-l6-apply" - suffixSecret := "suffix-secret-l6-apply" - - reg := registry.GetGlobalRegistry() - clientID := "redaction-test-client-l6-apply" - reg.RegisterClient(clientID, "claude", []*registry.ModelInfo{ - { - ID: modelSecret, - Thinking: ®istry.ThinkingSupport{ - Min: 1000, - Max: 3000, - ZeroAllowed: false, - }, - }, - }) - defer reg.RegisterClient(clientID, "claude", nil) - - _, err := ApplyThinking( - []byte(`{"thinking":{"budget_tokens":2000}}`), - modelSecret, - "claude", - "claude", - "claude", - ) - if err != nil { - t.Fatalf("ApplyThinking success path returned error: %v", err) - } - - _ = parseSuffixToConfig(suffixSecret, "claude", modelSecret) - - _, err = applyUserDefinedModel( - []byte(`{}`), - nil, - "claude", - "claude", - SuffixResult{ModelName: modelSecret}, - ) - if err != nil { - t.Fatalf("applyUserDefinedModel no-config path returned error: %v", err) - } - - _, err = applyUserDefinedModel( - []byte(`{"thinking":{"budget_tokens":2000}}`), - nil, - "claude", - "lane6-unknown-provider", - SuffixResult{ModelName: modelSecret, HasSuffix: true, RawSuffix: "high"}, - ) - if err != nil { - t.Fatalf("applyUserDefinedModel unknown-provider path returned error: %v", err) - } - - _, err = applyUserDefinedModel( - []byte(`{"thinking":{"budget_tokens":2000}}`), - nil, - "claude", - "claude", - SuffixResult{ModelName: modelSecret}, - ) - if err != nil { - t.Fatalf("applyUserDefinedModel apply path returned error: %v", err) - } - - assertLogFieldRedacted(t, hook, "thinking: processed config to apply |", "provider") - assertLogFieldRedacted(t, hook, "thinking: processed config to apply |", "model") - assertLogFieldRedacted(t, hook, "thinking: processed config to apply |", "mode") - assertLogFieldRedacted(t, hook, "thinking: processed config to apply |", "budget") - assertLogFieldRedacted(t, hook, "thinking: processed config to apply |", "level") - - assertLogFieldRedacted(t, hook, "thinking: unknown suffix format, treating as no config |", "provider") - assertLogFieldRedacted(t, hook, "thinking: unknown suffix format, treating as no config |", "model") - assertLogFieldRedacted(t, hook, "thinking: unknown suffix format, treating as no config |", "raw_suffix") - - assertLogFieldRedacted(t, hook, "thinking: user-defined model, passthrough (no config) |", "provider") - assertLogFieldRedacted(t, hook, "thinking: user-defined model, passthrough (no config) |", "model") - - assertLogFieldRedacted(t, hook, "thinking: user-defined model, passthrough (unknown provider) |", "provider") - assertLogFieldRedacted(t, hook, "thinking: user-defined model, passthrough (unknown provider) |", "model") - - assertLogFieldRedacted(t, hook, "thinking: applying config for user-defined model (skip validation)", "provider") - assertLogFieldRedacted(t, hook, "thinking: applying config for user-defined model (skip validation)", "model") - assertLogFieldRedacted(t, hook, "thinking: applying config for user-defined model (skip validation)", "mode") - assertLogFieldRedacted(t, hook, "thinking: applying config for user-defined model (skip validation)", "budget") - assertLogFieldRedacted(t, hook, "thinking: applying config for user-defined model (skip validation)", "level") -} - -func assertLogFieldRedacted(t *testing.T, hook *test.Hook, message, field string) { - t.Helper() - for _, entry := range hook.AllEntries() { - if entry.Message != message { - continue - } - value, ok := entry.Data[field] - if !ok && field == "level" { - value, ok = entry.Data["fields.level"] - } - if !ok { - t.Fatalf("log %q missing field %q", message, field) - } - if value != redactedLogValue { - t.Fatalf("log %q field %q = %v, want %q", message, field, value, redactedLogValue) - } - return - } - t.Fatalf("log %q not found", message) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/antigravity/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/antigravity/apply.go deleted file mode 100644 index 4853285c30..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/antigravity/apply.go +++ /dev/null @@ -1,242 +0,0 @@ -// Package antigravity implements thinking configuration for Antigravity API format. -// -// Antigravity uses request.generationConfig.thinkingConfig.* path (same as gemini-cli) -// but requires additional normalization for Claude models: -// - Ensure thinking budget < max_tokens -// - Remove thinkingConfig if budget < minimum allowed -package antigravity - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Antigravity API format. -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Antigravity thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("antigravity", NewApplier()) -} - -// Apply applies thinking configuration to Antigravity request body. -// -// For Claude models, additional constraints are applied: -// - Ensure thinking budget < max_tokens -// - Remove thinkingConfig if budget < minimum allowed -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config, modelInfo) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - isClaude := strings.Contains(strings.ToLower(modelInfo.ID), "claude") - - // ModeAuto: Always use Budget format with thinkingBudget=-1 - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - if config.Mode == thinking.ModeBudget { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - - // For non-auto modes, choose format based on model capabilities - support := modelInfo.Thinking - if len(support.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config, modelInfo, isClaude) -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - isClaude := false - if modelInfo != nil { - isClaude = strings.Contains(strings.ToLower(modelInfo.ID), "claude") - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config, modelInfo, isClaude) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo, isClaude bool) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // Apply Claude-specific constraints first to get the final budget value - if isClaude && modelInfo != nil { - budget, result = a.normalizeClaudeBudget(budget, result, modelInfo, config.Mode) - // Check if budget was removed entirely - if budget == -2 { - return result, nil - } - } - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -// normalizeClaudeBudget applies Claude-specific constraints to thinking budget. -// -// It handles: -// - Ensuring thinking budget < max_tokens -// - Removing thinkingConfig if budget < minimum allowed -// -// Returns the normalized budget and updated payload. -// Returns budget=-2 as a sentinel indicating thinkingConfig was removed entirely. -func (a *Applier) normalizeClaudeBudget(budget int, payload []byte, modelInfo *registry.ModelInfo, mode thinking.ThinkingMode) (int, []byte) { - if modelInfo == nil { - return budget, payload - } - - // Get effective max tokens - effectiveMax, setDefaultMax := a.effectiveMaxTokens(payload, modelInfo) - if effectiveMax > 0 && budget >= effectiveMax { - budget = effectiveMax - 1 - } - - // Check minimum budget - minBudget := 0 - if modelInfo.Thinking != nil { - minBudget = modelInfo.Thinking.Min - } - if minBudget > 0 && budget >= 0 && budget < minBudget { - if mode == thinking.ModeNone { - // Keep thinking config present for ModeNone and clamp budget, - // so includeThoughts=false is preserved explicitly. - budget = minBudget - } else { - // Budget is below minimum, remove thinking config entirely - payload, _ = sjson.DeleteBytes(payload, "request.generationConfig.thinkingConfig") - return -2, payload - } - } - - // Set default max tokens if needed - if setDefaultMax && effectiveMax > 0 { - payload, _ = sjson.SetBytes(payload, "request.generationConfig.maxOutputTokens", effectiveMax) - } - - return budget, payload -} - -// effectiveMaxTokens returns the max tokens to cap thinking: -// prefer request-provided maxOutputTokens; otherwise fall back to model default. -// The boolean indicates whether the value came from the model default (and thus should be written back). -func (a *Applier) effectiveMaxTokens(payload []byte, modelInfo *registry.ModelInfo) (max int, fromModel bool) { - if maxTok := gjson.GetBytes(payload, "request.generationConfig.maxOutputTokens"); maxTok.Exists() && maxTok.Int() > 0 { - return int(maxTok.Int()), false - } - if modelInfo != nil && modelInfo.MaxCompletionTokens > 0 { - return modelInfo.MaxCompletionTokens, true - } - return 0, false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/antigravity/apply_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/antigravity/apply_test.go deleted file mode 100644 index b533664b8a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/antigravity/apply_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package antigravity - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" -) - -func TestApplyLevelFormatPreservesExplicitSnakeCaseIncludeThoughts(t *testing.T) { - a := NewApplier() - body := []byte(`{"request":{"generationConfig":{"thinkingConfig":{"include_thoughts":false,"thinkingBudget":1024}}}}`) - cfg := thinking.ThinkingConfig{Mode: thinking.ModeLevel, Level: thinking.LevelHigh} - model := ®istry.ModelInfo{ID: "gemini-3-flash", Thinking: ®istry.ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}}} - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if !res.Get("request.generationConfig.thinkingConfig.thinkingLevel").Exists() { - t.Fatalf("expected thinkingLevel to be set") - } - if res.Get("request.generationConfig.thinkingConfig.includeThoughts").Bool() { - t.Fatalf("expected includeThoughts=false from explicit include_thoughts") - } - if res.Get("request.generationConfig.thinkingConfig.include_thoughts").Exists() { - t.Fatalf("expected include_thoughts to be normalized away") - } -} - -func TestApplier_ClaudeModeNone_PreservesDisableIntentUnderMinBudget(t *testing.T) { - a := NewApplier() - body := []byte(`{"request":{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}}`) - cfg := thinking.ThinkingConfig{Mode: thinking.ModeNone, Budget: 0} - model := ®istry.ModelInfo{ - ID: "claude-sonnet-4-5", - MaxCompletionTokens: 4096, - Thinking: ®istry.ThinkingSupport{Min: 1024}, - } - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - res := gjson.ParseBytes(out) - if !res.Get("request.generationConfig.thinkingConfig").Exists() { - t.Fatalf("expected thinkingConfig to remain for ModeNone") - } - if got := res.Get("request.generationConfig.thinkingConfig.includeThoughts").Bool(); got { - t.Fatalf("expected includeThoughts=false for ModeNone") - } - if got := res.Get("request.generationConfig.thinkingConfig.thinkingBudget").Int(); got < 1024 { - t.Fatalf("expected budget clamped to min >= 1024, got %d", got) - } -} - -func TestApplier_ClaudeBudgetBelowMin_RemovesThinkingConfigForNonNoneModes(t *testing.T) { - a := NewApplier() - body := []byte(`{"request":{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}}`) - cfg := thinking.ThinkingConfig{Mode: thinking.ModeBudget, Budget: 1} - model := ®istry.ModelInfo{ - ID: "claude-sonnet-4-5", - MaxCompletionTokens: 4096, - Thinking: ®istry.ThinkingSupport{Min: 1024}, - } - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - res := gjson.ParseBytes(out) - if res.Get("request.generationConfig.thinkingConfig").Exists() { - t.Fatalf("expected thinkingConfig removed for non-ModeNone min-budget violation") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/claude/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/claude/apply.go deleted file mode 100644 index 6bf57e4e0f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/claude/apply.go +++ /dev/null @@ -1,199 +0,0 @@ -// Package claude implements thinking configuration scaffolding for Claude models. -// -// Claude models use the thinking.budget_tokens format with values in the range -// 1024-128000. Some Claude models support ZeroAllowed (sonnet-4-5, opus-4-5), -// while older models do not. -// Claude Opus 4.6+ also supports output_config.effort as a level-based alternative. -// See: _bmad-output/planning-artifacts/architecture.md#Epic-6 -package claude - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Claude models. -// This applier is stateless and holds no configuration. -type Applier struct{} - -// NewApplier creates a new Claude thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("claude", NewApplier()) -} - -// Apply applies thinking configuration to Claude request body. -// -// IMPORTANT: This method expects config to be pre-validated by thinking.ValidateConfig. -// ValidateConfig handles: -// - Mode conversion (Level→Budget, Auto→Budget) -// - Budget clamping to model range -// - ZeroAllowed constraint enforcement -// -// Apply only processes ModeBudget and ModeNone; other modes are passed through unchanged. -// -// Expected output format when enabled (budget-based): -// -// { -// "thinking": { -// "type": "enabled", -// "budget_tokens": 16384 -// } -// } -// -// Expected output format when disabled: -// -// { -// "thinking": { -// "type": "disabled" -// } -// } -// -// For Claude Opus 4.6+, output_config.effort may be used instead of budget_tokens. -// When output_config.effort is present, it takes precedence over thinking.budget_tokens. -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleClaude(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only process ModeBudget and ModeNone; other modes pass through - // (caller should use ValidateConfig first to normalize modes) - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeLevel { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // Handle level-based configuration (output_config.effort) - if config.Mode == thinking.ModeLevel { - return applyLevelBasedConfig(body, config) - } - - // Budget is expected to be pre-validated by ValidateConfig (clamped, ZeroAllowed enforced) - // Decide enabled/disabled based on budget value - if config.Budget == 0 { - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - } - - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.SetBytes(result, "thinking.budget_tokens", config.Budget) - - // Ensure max_tokens > thinking.budget_tokens (Anthropic API constraint) - result = a.normalizeClaudeBudget(result, config.Budget, modelInfo) - return result, nil -} - -// applyLevelBasedConfig applies level-based thinking config using output_config.effort. -// This is the preferred format for Claude Opus 4.6+ models. -func applyLevelBasedConfig(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - level := string(config.Level) - if level == "" || level == "none" { - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - } - - // Map level to output_config.effort format - effort := strings.ToLower(level) - - // Set output_config.effort for level-based thinking - result, _ := sjson.SetBytes(body, "output_config.effort", effort) - - // Also set thinking.type for backward compatibility - result, _ = sjson.SetBytes(result, "thinking.type", "enabled") - - return result, nil -} - -// normalizeClaudeBudget applies Claude-specific constraints to ensure max_tokens > budget_tokens. -// Anthropic API requires this constraint; violating it returns a 400 error. -func (a *Applier) normalizeClaudeBudget(body []byte, budgetTokens int, modelInfo *registry.ModelInfo) []byte { - if budgetTokens <= 0 { - return body - } - - // Ensure the request satisfies Claude constraints: - // 1) Determine effective max_tokens (request overrides model default) - // 2) If budget_tokens >= max_tokens, reduce budget_tokens to max_tokens-1 - // 3) If the adjusted budget falls below the model minimum, leave the request unchanged - // 4) If max_tokens came from model default, write it back into the request - - effectiveMax, setDefaultMax := a.effectiveMaxTokens(body, modelInfo) - if setDefaultMax && effectiveMax > 0 { - body, _ = sjson.SetBytes(body, "max_tokens", effectiveMax) - } - - // Compute the budget we would apply after enforcing budget_tokens < max_tokens. - adjustedBudget := budgetTokens - if effectiveMax > 0 && adjustedBudget >= effectiveMax { - adjustedBudget = effectiveMax - 1 - } - - minBudget := 0 - if modelInfo != nil && modelInfo.Thinking != nil { - minBudget = modelInfo.Thinking.Min - } - if minBudget > 0 && adjustedBudget > 0 && adjustedBudget < minBudget { - // If enforcing the max_tokens constraint would push the budget below the model minimum, - // leave the request unchanged. - return body - } - - if adjustedBudget != budgetTokens { - body, _ = sjson.SetBytes(body, "thinking.budget_tokens", adjustedBudget) - } - - return body -} - -// effectiveMaxTokens returns the max tokens to cap thinking: -// prefer request-provided max_tokens; otherwise fall back to model default. -// The boolean indicates whether the value came from the model default (and thus should be written back). -func (a *Applier) effectiveMaxTokens(body []byte, modelInfo *registry.ModelInfo) (max int, fromModel bool) { - if maxTok := gjson.GetBytes(body, "max_tokens"); maxTok.Exists() && maxTok.Int() > 0 { - return int(maxTok.Int()), false - } - if modelInfo != nil && modelInfo.MaxCompletionTokens > 0 { - return modelInfo.MaxCompletionTokens, true - } - return 0, false -} - -func applyCompatibleClaude(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - switch config.Mode { - case thinking.ModeNone: - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - case thinking.ModeAuto: - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - default: - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.SetBytes(result, "thinking.budget_tokens", config.Budget) - return result, nil - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/claude/apply_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/claude/apply_test.go deleted file mode 100644 index cafa7f0f08..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/claude/apply_test.go +++ /dev/null @@ -1,87 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" -) - -func TestNormalizeClaudeBudget_WritesDefaultedMaxTokensAndReducesBudget(t *testing.T) { - a := NewApplier() - body := []byte(`{"model":"claude-sonnet-4.5","input":"ping"}`) - model := ®istry.ModelInfo{ - ID: "claude-sonnet-4.5", - MaxCompletionTokens: 1024, - Thinking: ®istry.ThinkingSupport{Min: 256}, - } - cfg := thinking.ThinkingConfig{ - Mode: thinking.ModeBudget, - Budget: 2000, - } - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if res.Get("max_tokens").Int() != 1024 { - t.Fatalf("expected max_tokens to be set from model default, got %d", res.Get("max_tokens").Int()) - } - if res.Get("thinking.budget_tokens").Int() != 1023 { - t.Fatalf("expected budget_tokens to be reduced below max_tokens, got %d", res.Get("thinking.budget_tokens").Int()) - } -} - -func TestNormalizeClaudeBudget_RespectsProvidedMaxTokens(t *testing.T) { - a := NewApplier() - body := []byte(`{"model":"claude-sonnet-4.5","max_tokens":4096,"input":"ping"}`) - model := ®istry.ModelInfo{ - ID: "claude-sonnet-4.5", - MaxCompletionTokens: 1024, - Thinking: ®istry.ThinkingSupport{Min: 256}, - } - cfg := thinking.ThinkingConfig{ - Mode: thinking.ModeBudget, - Budget: 2048, - } - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if res.Get("thinking.budget_tokens").Int() != 2048 { - t.Fatalf("expected explicit budget_tokens to be preserved when max_tokens is higher, got %d", res.Get("thinking.budget_tokens").Int()) - } - if res.Get("max_tokens").Int() != 4096 { - t.Fatalf("expected explicit max_tokens to be preserved, got %d", res.Get("max_tokens").Int()) - } -} - -func TestNormalizeClaudeBudget_NoMinBudgetRegressionBelowMinimum(t *testing.T) { - a := NewApplier() - body := []byte(`{"model":"claude-sonnet-4.5","max_tokens":300,"input":"ping"}`) - model := ®istry.ModelInfo{ - ID: "claude-sonnet-4.5", - MaxCompletionTokens: 1024, - Thinking: ®istry.ThinkingSupport{Min: 1024}, - } - cfg := thinking.ThinkingConfig{ - Mode: thinking.ModeBudget, - Budget: 2000, - } - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if res.Get("thinking.budget_tokens").Int() != 2000 { - t.Fatalf("expected no budget adjustment when reduction would violate model minimum, got %d", res.Get("thinking.budget_tokens").Int()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/codex/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/codex/apply.go deleted file mode 100644 index 80bd037341..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/codex/apply.go +++ /dev/null @@ -1,131 +0,0 @@ -// Package codex implements thinking configuration for Codex (OpenAI Responses API) models. -// -// Codex models use the reasoning.effort format with discrete levels -// (low/medium/high). This is similar to OpenAI but uses nested field -// "reasoning.effort" instead of "reasoning_effort". -// See: _bmad-output/planning-artifacts/architecture.md#Epic-8 -package codex - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Codex models. -// -// Codex-specific behavior: -// - Output format: reasoning.effort (string: low/medium/high/xhigh) -// - Level-only mode: no numeric budget support -// - Some models support ZeroAllowed (gpt-5.1, gpt-5.2) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Codex thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("codex", NewApplier()) -} - -// Apply applies thinking configuration to Codex request body. -// -// Expected output format: -// -// { -// "reasoning": { -// "effort": "high" -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleCodex(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only handle ModeLevel and ModeNone; other modes pass through unchanged. - if config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeLevel { - result, _ := sjson.SetBytes(body, "reasoning.effort", string(config.Level)) - return result, nil - } - - effort := "" - support := modelInfo.Thinking - if config.Budget == 0 { - if support.ZeroAllowed || hasLevel(support.Levels, string(thinking.LevelNone)) { - effort = string(thinking.LevelNone) - } - } - if effort == "" && config.Level != "" { - effort = string(config.Level) - } - if effort == "" && len(support.Levels) > 0 { - effort = support.Levels[0] - } - if effort == "" { - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning.effort", effort) - return result, nil -} - -func applyCompatibleCodex(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - // Auto mode for user-defined models: pass through as "auto" - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Budget mode: convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning.effort", effort) - return result, nil -} - -func hasLevel(levels []string, target string) bool { - for _, level := range levels { - if strings.EqualFold(strings.TrimSpace(level), target) { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/gemini/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/gemini/apply.go deleted file mode 100644 index 9ee28f16f2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/gemini/apply.go +++ /dev/null @@ -1,200 +0,0 @@ -// Package gemini implements thinking configuration for Gemini models. -// -// Gemini models have two formats: -// - Gemini 2.5: Uses thinkingBudget (numeric) -// - Gemini 3.x: Uses thinkingLevel (string: minimal/low/medium/high) -// or thinkingBudget=-1 for auto/dynamic mode -// -// Output format is determined by ThinkingConfig.Mode and ThinkingSupport.Levels: -// - ModeAuto: Always uses thinkingBudget=-1 (both Gemini 2.5 and 3.x) -// - len(Levels) > 0: Uses thinkingLevel (Gemini 3.x discrete levels) -// - len(Levels) == 0: Uses thinkingBudget (Gemini 2.5) -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Gemini models. -// -// Gemini-specific behavior: -// - Gemini 2.5: thinkingBudget format, flash series supports ZeroAllowed -// - Gemini 3.x: thinkingLevel format, cannot be disabled -// - Use ThinkingSupport.Levels to decide output format -type Applier struct{} - -// NewApplier creates a new Gemini thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("gemini", NewApplier()) -} - -// Apply applies thinking configuration to Gemini request body. -// -// Expected output format (Gemini 2.5): -// -// { -// "generationConfig": { -// "thinkingConfig": { -// "thinkingBudget": 8192, -// "includeThoughts": true -// } -// } -// } -// -// Expected output format (Gemini 3.x): -// -// { -// "generationConfig": { -// "thinkingConfig": { -// "thinkingLevel": "high", -// "includeThoughts": true -// } -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // Choose format based on config.Mode and model capabilities: - // - ModeLevel: use Level format (validation will reject unsupported levels) - // - ModeNone: use Level format if model has Levels, else Budget format - // - ModeBudget/ModeAuto: use Budget format - switch config.Mode { - case thinking.ModeLevel: - return a.applyLevelFormat(body, config) - case thinking.ModeNone: - // ModeNone: route based on model capability (has Levels or not) - if len(modelInfo.Thinking.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config) - default: - return a.applyBudgetFormat(body, config) - } -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // ModeNone semantics: - // - ModeNone + Budget=0: completely disable thinking (not possible for Level-only models) - // - ModeNone + Budget>0: forced to think but hide output (includeThoughts=false) - // ValidateConfig sets config.Level to the lowest level when ModeNone + Budget > 0. - - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/gemini/apply_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/gemini/apply_test.go deleted file mode 100644 index 07c5870ba1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/gemini/apply_test.go +++ /dev/null @@ -1,52 +0,0 @@ -package gemini - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" -) - -func TestApplyLevelFormatPreservesExplicitSnakeCaseIncludeThoughts(t *testing.T) { - a := NewApplier() - body := []byte(`{"generationConfig":{"thinkingConfig":{"include_thoughts":false,"thinkingBudget":1024}}}`) - cfg := thinking.ThinkingConfig{Mode: thinking.ModeLevel, Level: thinking.LevelHigh} - model := ®istry.ModelInfo{ID: "gemini-3-flash", Thinking: ®istry.ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}}} - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if !res.Get("generationConfig.thinkingConfig.thinkingLevel").Exists() { - t.Fatalf("expected thinkingLevel to be set") - } - if res.Get("generationConfig.thinkingConfig.includeThoughts").Bool() { - t.Fatalf("expected includeThoughts=false from explicit include_thoughts") - } - if res.Get("generationConfig.thinkingConfig.include_thoughts").Exists() { - t.Fatalf("expected include_thoughts to be normalized away") - } -} - -func TestApplyBudgetFormatModeNoneForcesIncludeThoughtsFalse(t *testing.T) { - a := NewApplier() - body := []byte(`{"generationConfig":{"thinkingConfig":{"includeThoughts":true}}}`) - cfg := thinking.ThinkingConfig{Mode: thinking.ModeNone, Budget: 0} - model := ®istry.ModelInfo{ID: "gemini-2.5-flash", Thinking: ®istry.ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true}} - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if res.Get("generationConfig.thinkingConfig.includeThoughts").Bool() { - t.Fatalf("expected includeThoughts=false for ModeNone") - } - if res.Get("generationConfig.thinkingConfig.thinkingBudget").Int() != 0 { - t.Fatalf("expected thinkingBudget=0, got %d", res.Get("generationConfig.thinkingConfig.thinkingBudget").Int()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/geminicli/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/geminicli/apply.go deleted file mode 100644 index e2bd81869c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/geminicli/apply.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package geminicli implements thinking configuration for Gemini CLI API format. -// -// Gemini CLI uses request.generationConfig.thinkingConfig.* path instead of -// generationConfig.thinkingConfig.* used by standard Gemini API. -package geminicli - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Gemini CLI API format. -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Gemini CLI thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("gemini-cli", NewApplier()) -} - -// Apply applies thinking configuration to Gemini CLI request body. -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // ModeAuto: Always use Budget format with thinkingBudget=-1 - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - if config.Mode == thinking.ModeBudget { - return a.applyBudgetFormat(body, config) - } - - // For non-auto modes, choose format based on model capabilities - support := modelInfo.Thinking - if len(support.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/geminicli/apply_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/geminicli/apply_test.go deleted file mode 100644 index e03c36d740..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/geminicli/apply_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package geminicli - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" -) - -func TestApplyLevelFormatPreservesExplicitSnakeCaseIncludeThoughts(t *testing.T) { - a := NewApplier() - body := []byte(`{"request":{"generationConfig":{"thinkingConfig":{"include_thoughts":false,"thinkingBudget":1024}}}}`) - cfg := thinking.ThinkingConfig{Mode: thinking.ModeLevel, Level: thinking.LevelHigh} - model := ®istry.ModelInfo{ID: "gemini-3-flash", Thinking: ®istry.ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}}} - - out, err := a.Apply(body, cfg, model) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - res := gjson.ParseBytes(out) - if !res.Get("request.generationConfig.thinkingConfig.thinkingLevel").Exists() { - t.Fatalf("expected thinkingLevel to be set") - } - if res.Get("request.generationConfig.thinkingConfig.includeThoughts").Bool() { - t.Fatalf("expected includeThoughts=false from explicit include_thoughts") - } - if res.Get("request.generationConfig.thinkingConfig.include_thoughts").Exists() { - t.Fatalf("expected include_thoughts to be normalized away") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/iflow/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/iflow/apply.go deleted file mode 100644 index f4be678830..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/iflow/apply.go +++ /dev/null @@ -1,173 +0,0 @@ -// Package iflow implements thinking configuration for iFlow models. -// -// iFlow models use boolean toggle semantics: -// - Models using chat_template_kwargs.enable_thinking (boolean toggle) -// - MiniMax models: reasoning_split (boolean) -// -// Level values are converted to boolean: none=false, all others=true -// See: _bmad-output/planning-artifacts/architecture.md#Epic-9 -package iflow - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for iFlow models. -// -// iFlow-specific behavior: -// - enable_thinking toggle models: enable_thinking boolean -// - GLM models: enable_thinking boolean + clear_thinking=false -// - MiniMax models: reasoning_split boolean -// - Level to boolean: none=false, others=true -// - No quantized support (only on/off) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new iFlow thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("iflow", NewApplier()) -} - -// Apply applies thinking configuration to iFlow request body. -// -// Expected output format (GLM): -// -// { -// "chat_template_kwargs": { -// "enable_thinking": true, -// "clear_thinking": false -// } -// } -// -// Expected output format (MiniMax): -// -// { -// "reasoning_split": true -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return body, nil - } - if modelInfo.Thinking == nil { - return body, nil - } - - if isEnableThinkingModel(modelInfo.ID) { - return applyEnableThinking(body, config, isGLMModel(modelInfo.ID)), nil - } - - if isMiniMaxModel(modelInfo.ID) { - return applyMiniMax(body, config), nil - } - - return body, nil -} - -// configToBoolean converts ThinkingConfig to boolean for iFlow models. -// -// Conversion rules: -// - ModeNone: false -// - ModeAuto: true -// - ModeBudget + Budget=0: false -// - ModeBudget + Budget>0: true -// - ModeLevel + Level="none": false -// - ModeLevel + any other level: true -// - Default (unknown mode): true -func configToBoolean(config thinking.ThinkingConfig) bool { - switch config.Mode { - case thinking.ModeNone: - return false - case thinking.ModeAuto: - return true - case thinking.ModeBudget: - return config.Budget > 0 - case thinking.ModeLevel: - return config.Level != thinking.LevelNone - default: - return true - } -} - -// applyEnableThinking applies thinking configuration for models that use -// chat_template_kwargs.enable_thinking format. -// -// Output format when enabled: -// -// {"chat_template_kwargs": {"enable_thinking": true, "clear_thinking": false}} -// -// Output format when disabled: -// -// {"chat_template_kwargs": {"enable_thinking": false}} -// -// Note: clear_thinking is only set for GLM models when thinking is enabled. -func applyEnableThinking(body []byte, config thinking.ThinkingConfig, setClearThinking bool) []byte { - enableThinking := configToBoolean(config) - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - result, _ := sjson.SetBytes(body, "chat_template_kwargs.enable_thinking", enableThinking) - - // clear_thinking is a GLM-only knob, strip it for other models. - result, _ = sjson.DeleteBytes(result, "chat_template_kwargs.clear_thinking") - - // clear_thinking only needed when thinking is enabled - if enableThinking && setClearThinking { - result, _ = sjson.SetBytes(result, "chat_template_kwargs.clear_thinking", false) - } - - return result -} - -// applyMiniMax applies thinking configuration for MiniMax models. -// -// Output format: -// -// {"reasoning_split": true/false} -func applyMiniMax(body []byte, config thinking.ThinkingConfig) []byte { - reasoningSplit := configToBoolean(config) - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - result, _ := sjson.SetBytes(body, "reasoning_split", reasoningSplit) - - return result -} - -// isEnableThinkingModel determines if the model uses chat_template_kwargs.enable_thinking format. -func isEnableThinkingModel(modelID string) bool { - if isGLMModel(modelID) { - return true - } - id := strings.ToLower(modelID) - switch id { - case "qwen3-max-preview", "deepseek-v3.2", "deepseek-v3.1": - return true - default: - return false - } -} - -// isGLMModel determines if the model is a GLM series model. -func isGLMModel(modelID string) bool { - return strings.HasPrefix(strings.ToLower(modelID), "glm") -} - -// isMiniMaxModel determines if the model is a MiniMax series model. -// MiniMax models use reasoning_split format. -func isMiniMaxModel(modelID string) bool { - return strings.HasPrefix(strings.ToLower(modelID), "minimax") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/kimi/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/kimi/apply.go deleted file mode 100644 index ec670e3929..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/kimi/apply.go +++ /dev/null @@ -1,126 +0,0 @@ -// Package kimi implements thinking configuration for Kimi (Moonshot AI) models. -// -// Kimi models use the OpenAI-compatible reasoning_effort format with discrete levels -// (low/medium/high). The provider strips any existing thinking config and applies -// the unified ThinkingConfig in OpenAI format. -package kimi - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Kimi models. -// -// Kimi-specific behavior: -// - Output format: reasoning_effort (string: low/medium/high) -// - Uses OpenAI-compatible format -// - Supports budget-to-level conversion -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Kimi thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("kimi", NewApplier()) -} - -// Apply applies thinking configuration to Kimi request body. -// -// Expected output format: -// -// { -// "reasoning_effort": "high" -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleKimi(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - // Kimi uses "none" to disable thinking - effort = string(thinking.LevelNone) - case thinking.ModeBudget: - // Convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - case thinking.ModeAuto: - // Auto mode maps to "auto" effort - effort = string(thinking.LevelAuto) - default: - return body, nil - } - - if effort == "" { - return body, nil - } - - result, err := sjson.SetBytes(body, "reasoning_effort", effort) - if err != nil { - return body, fmt.Errorf("kimi thinking: failed to set reasoning_effort: %w", err) - } - return result, nil -} - -// applyCompatibleKimi applies thinking config for user-defined Kimi models. -func applyCompatibleKimi(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Convert budget to level - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, err := sjson.SetBytes(body, "reasoning_effort", effort) - if err != nil { - return body, fmt.Errorf("kimi thinking: failed to set reasoning_effort: %w", err) - } - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/openai/apply.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/openai/apply.go deleted file mode 100644 index fe3a326988..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/provider/openai/apply.go +++ /dev/null @@ -1,214 +0,0 @@ -// Package openai implements thinking configuration for OpenAI/Codex models. -// -// OpenAI models use the reasoning_effort format with discrete levels -// (low/medium/high). Some models support xhigh and none levels. -// See: _bmad-output/planning-artifacts/architecture.md#Epic-8 -package openai - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// validReasoningEffortLevels contains the standard values accepted by the -// OpenAI reasoning_effort field. Provider-specific extensions (minimal, xhigh, -// auto) are normalized to standard equivalents when the model does not support -// them. -var validReasoningEffortLevels = map[string]struct{}{ - "none": {}, - "low": {}, - "medium": {}, - "high": {}, - "xhigh": {}, -} - -// clampReasoningEffort maps any thinking level string to a value that is safe -// to send as OpenAI reasoning_effort. Non-standard CPA-internal values are -// mapped to the nearest supported equivalent for the target model. -// -// Mapping rules: -// - none / low / medium / high → returned as-is (already valid) -// - xhigh → "high" (nearest lower standard level) -// - minimal → "low" (nearest higher standard level) -// - auto → "medium" (reasonable default) -// - anything else → "medium" (safe default) -func clampReasoningEffort(level string, support *registry.ThinkingSupport) string { - raw := strings.ToLower(strings.TrimSpace(level)) - if raw == "" { - return raw - } - if hasLevel(support.Levels, raw) { - return raw - } - - if _, ok := validReasoningEffortLevels[raw]; !ok { - log.WithFields(log.Fields{ - "original": level, - "clamped": string(thinking.LevelMedium), - }).Debug("openai: reasoning_effort clamped to default level") - return string(thinking.LevelMedium) - } - - // Normalize non-standard inputs when not explicitly supported by model. - if support == nil || len(support.Levels) == 0 { - switch raw { - case string(thinking.LevelXHigh): - return string(thinking.LevelHigh) - case string(thinking.LevelMinimal): - return string(thinking.LevelLow) - case string(thinking.LevelAuto): - return string(thinking.LevelMedium) - } - return raw - } - - if hasLevel(support.Levels, string(thinking.LevelXHigh)) && raw == string(thinking.LevelXHigh) { - return raw - } - - // If the provider supports minimal levels, preserve them. - if raw == string(thinking.LevelMinimal) && hasLevel(support.Levels, string(thinking.LevelMinimal)) { - return level - } - - // Model does not support provider-specific levels; map to nearest supported standard - // level for compatibility. - switch raw { - case string(thinking.LevelXHigh): - if hasLevel(support.Levels, string(thinking.LevelHigh)) { - return string(thinking.LevelHigh) - } - case string(thinking.LevelMinimal): - if hasLevel(support.Levels, string(thinking.LevelLow)) { - return string(thinking.LevelLow) - } - case string(thinking.LevelAuto): - return string(thinking.LevelMedium) - default: - break - } - - // Fall back to the provided level only when model support is not constrained. - if _, ok := validReasoningEffortLevels[raw]; ok { - return raw - } - return string(thinking.LevelMedium) -} - -// Applier implements thinking.ProviderApplier for OpenAI models. -// -// OpenAI-specific behavior: -// - Output format: reasoning_effort (string: low/medium/high/xhigh) -// - Level-only mode: no numeric budget support -// - Some models support ZeroAllowed (gpt-5.1, gpt-5.2) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new OpenAI thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("openai", NewApplier()) -} - -// Apply applies thinking configuration to OpenAI request body. -// -// Expected output format: -// -// { -// "reasoning_effort": "high" -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleOpenAI(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only handle ModeLevel and ModeNone; other modes pass through unchanged. - if config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeLevel { - result, _ := sjson.SetBytes(body, "reasoning_effort", clampReasoningEffort(string(config.Level), modelInfo.Thinking)) - return result, nil - } - - effort := "" - support := modelInfo.Thinking - if config.Budget == 0 { - if support.ZeroAllowed || hasLevel(support.Levels, string(thinking.LevelNone)) { - effort = string(thinking.LevelNone) - } - } - if effort == "" && config.Level != "" { - effort = string(config.Level) - } - if effort == "" && len(support.Levels) > 0 { - effort = support.Levels[0] - } - if effort == "" { - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning_effort", clampReasoningEffort(effort, support)) - return result, nil -} - -func applyCompatibleOpenAI(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - // Auto mode for user-defined models: pass through as "auto" - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Budget mode: convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning_effort", effort) - return result, nil -} - -func hasLevel(levels []string, target string) bool { - for _, level := range levels { - if strings.EqualFold(strings.TrimSpace(level), strings.TrimSpace(target)) { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/strip.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/strip.go deleted file mode 100644 index eb69171504..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/strip.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -package thinking - -import ( - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// StripThinkingConfig removes thinking configuration fields from request body. -// -// This function is used when a model doesn't support thinking but the request -// contains thinking configuration. The configuration is silently removed to -// prevent upstream API errors. -// -// Parameters: -// - body: Original request body JSON -// - provider: Provider name (determines which fields to strip) -// -// Returns: -// - Modified request body JSON with thinking configuration removed -// - Original body is returned unchanged if: -// - body is empty or invalid JSON -// - provider is unknown -// - no thinking configuration found -func StripThinkingConfig(body []byte, provider string) []byte { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body - } - - var paths []string - switch provider { - case "claude": - paths = []string{"thinking"} - case "gemini": - paths = []string{"generationConfig.thinkingConfig"} - case "gemini-cli", "antigravity": - paths = []string{"request.generationConfig.thinkingConfig"} - case "openai": - paths = []string{"reasoning_effort"} - case "codex": - paths = []string{"reasoning.effort"} - case "iflow": - paths = []string{ - "chat_template_kwargs.enable_thinking", - "chat_template_kwargs.clear_thinking", - "reasoning_split", - "reasoning_effort", - } - default: - return body - } - - result := body - for _, path := range paths { - result, _ = sjson.DeleteBytes(result, path) - } - return result -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/suffix.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/suffix.go deleted file mode 100644 index 275c085687..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/suffix.go +++ /dev/null @@ -1,146 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -// -// This file implements suffix parsing functionality for extracting -// thinking configuration from model names in the format model(value). -package thinking - -import ( - "strconv" - "strings" -) - -// ParseSuffix extracts thinking suffix from a model name. -// -// The suffix format is: model-name(value) -// Examples: -// - "claude-sonnet-4-5(16384)" -> ModelName="claude-sonnet-4-5", RawSuffix="16384" -// - "gpt-5.2(high)" -> ModelName="gpt-5.2", RawSuffix="high" -// - "gemini-2.5-pro" -> ModelName="gemini-2.5-pro", HasSuffix=false -// -// This function only extracts the suffix; it does not validate or interpret -// the suffix content. Use ParseNumericSuffix, ParseLevelSuffix, etc. for -// content interpretation. -func ParseSuffix(model string) SuffixResult { - // Find the last opening parenthesis - lastOpen := strings.LastIndex(model, "(") - if lastOpen == -1 { - return SuffixResult{ModelName: model, HasSuffix: false} - } - - // Check if the string ends with a closing parenthesis - if !strings.HasSuffix(model, ")") { - return SuffixResult{ModelName: model, HasSuffix: false} - } - - // Extract components - modelName := model[:lastOpen] - rawSuffix := model[lastOpen+1 : len(model)-1] - - return SuffixResult{ - ModelName: modelName, - HasSuffix: true, - RawSuffix: rawSuffix, - } -} - -// ParseNumericSuffix attempts to parse a raw suffix as a numeric budget value. -// -// This function parses the raw suffix content (from ParseSuffix.RawSuffix) as an integer. -// Only non-negative integers are considered valid numeric suffixes. -// -// Platform note: The budget value uses Go's int type, which is 32-bit on 32-bit -// systems and 64-bit on 64-bit systems. Values exceeding the platform's int range -// will return ok=false. -// -// Leading zeros are accepted: "08192" parses as 8192. -// -// Examples: -// - "8192" -> budget=8192, ok=true -// - "0" -> budget=0, ok=true (represents ModeNone) -// - "08192" -> budget=8192, ok=true (leading zeros accepted) -// - "-1" -> budget=0, ok=false (negative numbers are not valid numeric suffixes) -// - "high" -> budget=0, ok=false (not a number) -// - "9223372036854775808" -> budget=0, ok=false (overflow on 64-bit systems) -// -// For special handling of -1 as auto mode, use ParseSpecialSuffix instead. -func ParseNumericSuffix(rawSuffix string) (budget int, ok bool) { - if rawSuffix == "" { - return 0, false - } - - value, err := strconv.Atoi(rawSuffix) - if err != nil { - return 0, false - } - - // Negative numbers are not valid numeric suffixes - // -1 should be handled by special value parsing as "auto" - if value < 0 { - return 0, false - } - - return value, true -} - -// ParseSpecialSuffix attempts to parse a raw suffix as a special thinking mode value. -// -// This function handles special strings that represent a change in thinking mode: -// - "none" -> ModeNone (disables thinking) -// - "auto" -> ModeAuto (automatic/dynamic thinking) -// - "-1" -> ModeAuto (numeric representation of auto mode) -// -// String values are case-insensitive. -func ParseSpecialSuffix(rawSuffix string) (mode ThinkingMode, ok bool) { - if rawSuffix == "" { - return ModeBudget, false - } - - // Case-insensitive matching - switch strings.ToLower(rawSuffix) { - case "none": - return ModeNone, true - case "auto", "-1": - return ModeAuto, true - default: - return ModeBudget, false - } -} - -// ParseLevelSuffix attempts to parse a raw suffix as a discrete thinking level. -// -// This function parses the raw suffix content (from ParseSuffix.RawSuffix) as a level. -// Only discrete effort levels are valid: minimal, low, medium, high, xhigh. -// Level matching is case-insensitive. -// -// Special values (none, auto) are NOT handled by this function; use ParseSpecialSuffix -// instead. This separation allows callers to prioritize special value handling. -// -// Examples: -// - "high" -> level=LevelHigh, ok=true -// - "HIGH" -> level=LevelHigh, ok=true (case insensitive) -// - "medium" -> level=LevelMedium, ok=true -// - "none" -> level="", ok=false (special value, use ParseSpecialSuffix) -// - "auto" -> level="", ok=false (special value, use ParseSpecialSuffix) -// - "8192" -> level="", ok=false (numeric, use ParseNumericSuffix) -// - "ultra" -> level="", ok=false (unknown level) -func ParseLevelSuffix(rawSuffix string) (level ThinkingLevel, ok bool) { - if rawSuffix == "" { - return "", false - } - - // Case-insensitive matching - switch strings.ToLower(rawSuffix) { - case "minimal": - return LevelMinimal, true - case "low": - return LevelLow, true - case "medium": - return LevelMedium, true - case "high": - return LevelHigh, true - case "xhigh": - return LevelXHigh, true - default: - return "", false - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/text.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/text.go deleted file mode 100644 index eed1ba2879..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/text.go +++ /dev/null @@ -1,41 +0,0 @@ -package thinking - -import ( - "github.com/tidwall/gjson" -) - -// GetThinkingText extracts the thinking text from a content part. -// Handles various formats: -// - Simple string: { "thinking": "text" } or { "text": "text" } -// - Wrapped object: { "thinking": { "text": "text", "cache_control": {...} } } -// - Gemini-style: { "thought": true, "text": "text" } -// Returns the extracted text string. -func GetThinkingText(part gjson.Result) string { - // Try direct text field first (Gemini-style) - if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - return text.String() - } - - // Try thinking field - thinkingField := part.Get("thinking") - if !thinkingField.Exists() { - return "" - } - - // thinking is a string - if thinkingField.Type == gjson.String { - return thinkingField.String() - } - - // thinking is an object with inner text/thinking - if thinkingField.IsObject() { - if inner := thinkingField.Get("text"); inner.Exists() && inner.Type == gjson.String { - return inner.String() - } - if inner := thinkingField.Get("thinking"); inner.Exists() && inner.Type == gjson.String { - return inner.String() - } - } - - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/types.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/types.go deleted file mode 100644 index c480c16694..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/types.go +++ /dev/null @@ -1,116 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -// -// This package offers a unified interface for parsing, validating, and applying -// thinking configurations across various AI providers (Claude, Gemini, OpenAI, iFlow). -package thinking - -import "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - -// ThinkingMode represents the type of thinking configuration mode. -type ThinkingMode int - -const ( - // ModeBudget indicates using a numeric budget (corresponds to suffix "(1000)" etc.) - ModeBudget ThinkingMode = iota - // ModeLevel indicates using a discrete level (corresponds to suffix "(high)" etc.) - ModeLevel - // ModeNone indicates thinking is disabled (corresponds to suffix "(none)" or budget=0) - ModeNone - // ModeAuto indicates automatic/dynamic thinking (corresponds to suffix "(auto)" or budget=-1) - ModeAuto -) - -// String returns the string representation of ThinkingMode. -func (m ThinkingMode) String() string { - switch m { - case ModeBudget: - return "budget" - case ModeLevel: - return "level" - case ModeNone: - return "none" - case ModeAuto: - return "auto" - default: - return "unknown" - } -} - -// ThinkingLevel represents a discrete thinking level. -type ThinkingLevel string - -const ( - // LevelNone disables thinking - LevelNone ThinkingLevel = "none" - // LevelAuto enables automatic/dynamic thinking - LevelAuto ThinkingLevel = "auto" - // LevelMinimal sets minimal thinking effort - LevelMinimal ThinkingLevel = "minimal" - // LevelLow sets low thinking effort - LevelLow ThinkingLevel = "low" - // LevelMedium sets medium thinking effort - LevelMedium ThinkingLevel = "medium" - // LevelHigh sets high thinking effort - LevelHigh ThinkingLevel = "high" - // LevelXHigh sets extra-high thinking effort - LevelXHigh ThinkingLevel = "xhigh" -) - -// ThinkingConfig represents a unified thinking configuration. -// -// This struct is used to pass thinking configuration information between components. -// Depending on Mode, either Budget or Level field is effective: -// - ModeNone: Budget=0, Level is ignored -// - ModeAuto: Budget=-1, Level is ignored -// - ModeBudget: Budget is a positive integer, Level is ignored -// - ModeLevel: Budget is ignored, Level is a valid level -type ThinkingConfig struct { - // Mode specifies the configuration mode - Mode ThinkingMode - // Budget is the thinking budget (token count), only effective when Mode is ModeBudget. - // Special values: 0 means disabled, -1 means automatic - Budget int - // Level is the thinking level, only effective when Mode is ModeLevel - Level ThinkingLevel -} - -// SuffixResult represents the result of parsing a model name for thinking suffix. -// -// A thinking suffix is specified in the format model-name(value), where value -// can be a numeric budget (e.g., "16384") or a level name (e.g., "high"). -type SuffixResult struct { - // ModelName is the model name with the suffix removed. - // If no suffix was found, this equals the original input. - ModelName string - - // HasSuffix indicates whether a valid suffix was found. - HasSuffix bool - - // RawSuffix is the content inside the parentheses, without the parentheses. - // Empty string if HasSuffix is false. - RawSuffix string -} - -// ProviderApplier defines the interface for provider-specific thinking configuration application. -// -// Types implementing this interface are responsible for converting a unified ThinkingConfig -// into provider-specific format and applying it to the request body. -// -// Implementation requirements: -// - Apply method must be idempotent -// - Must not modify the input config or modelInfo -// - Returns a modified copy of the request body -// - Returns appropriate ThinkingError for unsupported configurations -type ProviderApplier interface { - // Apply applies the thinking configuration to the request body. - // - // Parameters: - // - body: Original request body JSON - // - config: Unified thinking configuration - // - modelInfo: Model registry information containing ThinkingSupport properties - // - // Returns: - // - Modified request body JSON - // - ThinkingError if the configuration is invalid or unsupported - Apply(body []byte, config ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/validate.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/validate.go deleted file mode 100644 index 04d9719a33..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/validate.go +++ /dev/null @@ -1,378 +0,0 @@ -// Package thinking provides unified thinking configuration processing logic. -package thinking - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - log "github.com/sirupsen/logrus" -) - -// ValidateConfig validates a thinking configuration against model capabilities. -// -// This function performs comprehensive validation: -// - Checks if the model supports thinking -// - Auto-converts between Budget and Level formats based on model capability -// - Validates that requested level is in the model's supported levels list -// - Clamps budget values to model's allowed range -// - When converting Budget -> Level for level-only models, clamps the derived standard level to the nearest supported level -// (special values none/auto are preserved) -// - When config comes from a model suffix, strict budget validation is disabled (we clamp instead of error) -// -// Parameters: -// - config: The thinking configuration to validate -// - support: Model's ThinkingSupport properties (nil means no thinking support) -// - fromFormat: Source provider format (used to determine strict validation rules) -// - toFormat: Target provider format -// - fromSuffix: Whether config was sourced from model suffix -// -// Returns: -// - Normalized ThinkingConfig with clamped values -// - ThinkingError if validation fails (ErrThinkingNotSupported, ErrLevelNotSupported, etc.) -// -// Auto-conversion behavior: -// - Budget-only model + Level config → Level converted to Budget -// - Level-only model + Budget config → Budget converted to Level -// - Hybrid model → preserve original format -func ValidateConfig(config ThinkingConfig, modelInfo *registry.ModelInfo, fromFormat, toFormat string, fromSuffix bool) (*ThinkingConfig, error) { - fromFormat, toFormat = strings.ToLower(strings.TrimSpace(fromFormat)), strings.ToLower(strings.TrimSpace(toFormat)) - model := "unknown" - support := (*registry.ThinkingSupport)(nil) - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - support = modelInfo.Thinking - } - - if support == nil { - if config.Mode != ModeNone { - return nil, NewThinkingErrorWithModel(ErrThinkingNotSupported, "thinking not supported for this model", model) - } - return &config, nil - } - - allowClampUnsupported := isBudgetBasedProvider(fromFormat) && isLevelBasedProvider(toFormat) - strictBudget := !fromSuffix && fromFormat != "" && isSameProviderFamily(fromFormat, toFormat) - budgetDerivedFromLevel := false - - capability := detectModelCapability(modelInfo) - switch capability { - case CapabilityBudgetOnly: - if config.Mode == ModeLevel { - if config.Level == LevelAuto { - break - } - budget, ok := ConvertLevelToBudget(string(config.Level)) - if !ok { - return nil, NewThinkingError(ErrUnknownLevel, fmt.Sprintf("unknown level: %s", config.Level)) - } - config.Mode = ModeBudget - config.Budget = budget - config.Level = "" - budgetDerivedFromLevel = true - } - case CapabilityLevelOnly: - if config.Mode == ModeBudget { - level, ok := ConvertBudgetToLevel(config.Budget) - if !ok { - return nil, NewThinkingError(ErrUnknownLevel, fmt.Sprintf("budget %d cannot be converted to a valid level", config.Budget)) - } - // When converting Budget -> Level for level-only models, clamp the derived standard level - // to the nearest supported level. Special values (none/auto) are preserved. - config.Mode = ModeLevel - config.Level = clampLevel(ThinkingLevel(level), modelInfo, toFormat) - config.Budget = 0 - } - case CapabilityHybrid: - } - - if config.Mode == ModeLevel && config.Level == LevelNone { - config.Mode = ModeNone - config.Budget = 0 - config.Level = "" - } - if config.Mode == ModeLevel && config.Level == LevelAuto { - config.Mode = ModeAuto - config.Budget = -1 - config.Level = "" - } - if config.Mode == ModeBudget && config.Budget == 0 { - config.Mode = ModeNone - config.Level = "" - } - - if len(support.Levels) > 0 && config.Mode == ModeLevel { - if !isLevelSupported(string(config.Level), support.Levels) { - if allowClampUnsupported { - config.Level = clampLevel(config.Level, modelInfo, toFormat) - } - if !isLevelSupported(string(config.Level), support.Levels) { - // User explicitly specified an unsupported level - return error - // (budget-derived levels may be clamped based on source format) - validLevels := normalizeLevels(support.Levels) - message := fmt.Sprintf("level %q not supported, valid levels: %s", strings.ToLower(string(config.Level)), strings.Join(validLevels, ", ")) - return nil, NewThinkingError(ErrLevelNotSupported, message) - } - } - } - - if strictBudget && config.Mode == ModeBudget && !budgetDerivedFromLevel { - min, max := support.Min, support.Max - if min != 0 || max != 0 { - if config.Budget < min || config.Budget > max || (config.Budget == 0 && !support.ZeroAllowed) { - message := fmt.Sprintf("budget %d out of range [%d,%d]", config.Budget, min, max) - return nil, NewThinkingError(ErrBudgetOutOfRange, message) - } - } - } - - // Convert ModeAuto to mid-range if dynamic not allowed - if config.Mode == ModeAuto && !support.DynamicAllowed { - config = convertAutoToMidRange(config, support, toFormat, model) - } - - if config.Mode == ModeNone && toFormat == "claude" { - // Claude supports explicit disable via thinking.type="disabled". - // Keep Budget=0 so applier can omit budget_tokens. - config.Budget = 0 - config.Level = "" - } else { - switch config.Mode { - case ModeBudget, ModeAuto, ModeNone: - config.Budget = clampBudget(config.Budget, modelInfo, toFormat) - } - - // ModeNone with clamped Budget > 0: set Level to lowest for Level-only/Hybrid models - // This ensures Apply layer doesn't need to access support.Levels - if config.Mode == ModeNone && config.Budget > 0 && len(support.Levels) > 0 { - config.Level = ThinkingLevel(support.Levels[0]) - } - } - - return &config, nil -} - -// convertAutoToMidRange converts ModeAuto to a mid-range value when dynamic is not allowed. -// -// This function handles the case where a model does not support dynamic/auto thinking. -// The auto mode is silently converted to a fixed value based on model capability: -// - Level-only models: convert to ModeLevel with LevelMedium -// - Budget models: convert to ModeBudget with mid = (Min + Max) / 2 -// -// Logging: -// - Debug level when conversion occurs -// - Fields: original_mode, clamped_to, reason -func convertAutoToMidRange(config ThinkingConfig, support *registry.ThinkingSupport, provider, model string) ThinkingConfig { - // For level-only models (has Levels but no Min/Max range), use ModeLevel with medium - if len(support.Levels) > 0 && support.Min == 0 && support.Max == 0 { - config.Mode = ModeLevel - config.Level = LevelMedium - config.Budget = 0 - log.WithFields(log.Fields{ - "provider": redactLogText(provider), - "model": redactLogText(model), - "original_mode": "auto", - "clamped_to": redactLogLevel(LevelMedium), - }).Debug("thinking: mode converted, dynamic not allowed, using medium level |") - return config - } - - // For budget models, use mid-range budget - mid := (support.Min + support.Max) / 2 - if mid <= 0 && support.ZeroAllowed { - config.Mode = ModeNone - config.Budget = 0 - } else if mid <= 0 { - config.Mode = ModeBudget - config.Budget = support.Min - } else { - config.Mode = ModeBudget - config.Budget = mid - } - log.WithFields(log.Fields{ - "provider": redactLogText(provider), - "model": redactLogText(model), - "original_mode": "auto", - "clamped_to": redactLogInt(config.Budget), - }).Debug("thinking: mode converted, dynamic not allowed |") - return config -} - -// standardLevelOrder defines the canonical ordering of thinking levels from lowest to highest. -var standardLevelOrder = []ThinkingLevel{LevelMinimal, LevelLow, LevelMedium, LevelHigh, LevelXHigh} - -// clampLevel clamps the given level to the nearest supported level. -// On tie, prefers the lower level. -func clampLevel(level ThinkingLevel, modelInfo *registry.ModelInfo, provider string) ThinkingLevel { - model := "unknown" - var supported []string - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - if modelInfo.Thinking != nil { - supported = modelInfo.Thinking.Levels - } - } - - if len(supported) == 0 || isLevelSupported(string(level), supported) { - return level - } - - pos := levelIndex(string(level)) - if pos == -1 { - return level - } - bestIdx, bestDist := -1, len(standardLevelOrder)+1 - - for _, s := range supported { - if idx := levelIndex(strings.TrimSpace(s)); idx != -1 { - if dist := abs(pos - idx); dist < bestDist || (dist == bestDist && idx < bestIdx) { - bestIdx, bestDist = idx, dist - } - } - } - - if bestIdx >= 0 { - clamped := standardLevelOrder[bestIdx] - log.WithFields(log.Fields{ - "provider": redactLogText(provider), - "model": redactLogText(model), - "original_value": redactLogLevel(level), - "clamped_to": redactLogLevel(clamped), - }).Debug("thinking: level clamped |") - return clamped - } - return level -} - -// clampBudget clamps a budget value to the model's supported range. -func clampBudget(value int, modelInfo *registry.ModelInfo, provider string) int { - model := "unknown" - support := (*registry.ThinkingSupport)(nil) - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - support = modelInfo.Thinking - } - if support == nil { - return value - } - - // Auto value (-1) passes through without clamping. - if value == -1 { - return value - } - - min, max := support.Min, support.Max - if value == 0 && !support.ZeroAllowed { - log.WithFields(log.Fields{ - "provider": redactLogText(provider), - "model": redactLogText(model), - "original_value": redactLogInt(value), - "clamped_to": redactLogInt(min), - "min": redactLogInt(min), - "max": redactLogInt(max), - }).Warn("thinking: budget zero not allowed |") - return min - } - - // Some models are level-only and do not define numeric budget ranges. - if min == 0 && max == 0 { - return value - } - - if value < min { - if value == 0 && support.ZeroAllowed { - return 0 - } - logClamp(provider, model, value, min, min, max) - return min - } - if value > max { - logClamp(provider, model, value, max, min, max) - return max - } - return value -} - -func isLevelSupported(level string, supported []string) bool { - for _, s := range supported { - if strings.EqualFold(level, strings.TrimSpace(s)) { - return true - } - } - return false -} - -func levelIndex(level string) int { - for i, l := range standardLevelOrder { - if strings.EqualFold(level, string(l)) { - return i - } - } - return -1 -} - -func normalizeLevels(levels []string) []string { - out := make([]string, len(levels)) - for i, l := range levels { - out[i] = strings.ToLower(strings.TrimSpace(l)) - } - return out -} - -func isBudgetBasedProvider(provider string) bool { - switch provider { - case "gemini", "gemini-cli", "antigravity", "claude": - return true - default: - return false - } -} - -func isLevelBasedProvider(provider string) bool { - switch provider { - case "openai", "openai-response", "codex": - return true - default: - return false - } -} - -func isGeminiFamily(provider string) bool { - switch provider { - case "gemini", "gemini-cli", "antigravity": - return true - default: - return false - } -} - -func isSameProviderFamily(from, to string) bool { - if from == to { - return true - } - return isGeminiFamily(from) && isGeminiFamily(to) -} - -func abs(x int) int { - if x < 0 { - return -x - } - return x -} - -func logClamp(provider, model string, original, clampedTo, min, max int) { - log.WithFields(log.Fields{ - "provider": redactLogText(provider), - "model": redactLogText(model), - "original_value": redactLogInt(original), - "min": redactLogInt(min), - "max": redactLogInt(max), - "clamped_to": redactLogInt(clampedTo), - }).Debug("thinking: budget clamped |") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/validate_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/validate_test.go deleted file mode 100644 index ff0621cfa0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/thinking/validate_test.go +++ /dev/null @@ -1,275 +0,0 @@ -package thinking - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -func TestValidateConfig_ClampBudgetToModelMinAndMaxBoundaries(t *testing.T) { - modelInfo := ®istry.ModelInfo{ - ID: "clamp-model", - Thinking: ®istry.ThinkingSupport{ - Min: 1024, - Max: 32000, - ZeroAllowed: false, - DynamicAllowed: false, - }, - } - - tests := []struct { - name string - config ThinkingConfig - fromFormat string - toFormat string - fromSuffix bool - wantMode ThinkingMode - wantBudget int - wantLevel ThinkingLevel - wantErrCode ErrorCode - wantErrNil bool - }{ - { - name: "below min clamps up", - config: ThinkingConfig{Mode: ModeBudget, Budget: 10}, - fromFormat: "openai", - toFormat: "claude", - wantMode: ModeBudget, - wantBudget: 1024, - wantErrNil: true, - }, - { - name: "zero clamps up when zero disallowed", - config: ThinkingConfig{Mode: ModeBudget, Budget: 0}, - fromFormat: "openai", - toFormat: "claude", - wantMode: ModeNone, - wantBudget: 0, - wantErrNil: true, - }, - { - name: "negative clamps up when same source is suffix-based", - config: ThinkingConfig{Mode: ModeBudget, Budget: -5}, - fromFormat: "openai", - toFormat: "claude", - fromSuffix: true, - wantMode: ModeBudget, - wantBudget: 1024, - wantErrNil: true, - }, - { - name: "above max clamps down", - config: ThinkingConfig{Mode: ModeBudget, Budget: 64000}, - fromFormat: "openai", - toFormat: "claude", - fromSuffix: true, - wantMode: ModeBudget, - wantBudget: 32000, - wantErrNil: true, - }, - { - name: "same provider strict mode rejects out-of-range budget", - config: ThinkingConfig{Mode: ModeBudget, Budget: 64000}, - fromFormat: "claude", - toFormat: "claude", - wantErrNil: false, - wantErrCode: ErrBudgetOutOfRange, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - done, err := ValidateConfig(tt.config, modelInfo, tt.fromFormat, tt.toFormat, tt.fromSuffix) - if tt.wantErrNil && err != nil { - t.Fatalf("ValidateConfig(...) unexpected error: %v", err) - } - if !tt.wantErrNil { - thinkingErr, ok := err.(*ThinkingError) - if !ok { - t.Fatalf("expected ThinkingError, got: %T %v", err, err) - } - if thinkingErr.Code != tt.wantErrCode { - t.Fatalf("error code=%s, want=%s", thinkingErr.Code, tt.wantErrCode) - } - return - } - - if done == nil { - t.Fatal("expected non-nil config") - } - if done.Mode != tt.wantMode { - t.Fatalf("Mode=%s, want=%s", done.Mode, tt.wantMode) - } - if done.Budget != tt.wantBudget { - t.Fatalf("Budget=%d, want=%d", done.Budget, tt.wantBudget) - } - if done.Level != tt.wantLevel { - t.Fatalf("Level=%s, want=%s", done.Level, tt.wantLevel) - } - }) - } -} - -func TestValidateConfig_LevelReboundToSupportedSet(t *testing.T) { - modelInfo := ®istry.ModelInfo{ - ID: "hybrid-level-model", - Thinking: ®istry.ThinkingSupport{ - Levels: []string{"low", "high"}, - }, - } - - tests := []struct { - name string - budget int - fromFormat string - toFormat string - wantLevel ThinkingLevel - wantBudget int - wantMode ThinkingMode - wantErrCode ErrorCode - }{ - { - name: "budget converts to minimal then clamps to lowest supported", - budget: 10, - fromFormat: "gemini", - toFormat: "openai", - wantMode: ModeLevel, - wantLevel: LevelLow, - wantBudget: 0, - }, - { - name: "budget between low and high stays low on tie lower", - budget: 3000, - fromFormat: "gemini", - toFormat: "openai", - wantMode: ModeLevel, - wantLevel: LevelLow, - wantBudget: 0, - }, - { - name: "unsupported discrete level rejected", - budget: 0, - fromFormat: "openai", - toFormat: "openai", - wantMode: ModeLevel, - wantLevel: LevelXHigh, - wantErrCode: ErrLevelNotSupported, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - config := ThinkingConfig{Mode: ModeBudget, Budget: tt.budget} - if tt.name == "unsupported discrete level rejected" { - config = ThinkingConfig{Mode: ModeLevel, Level: LevelXHigh} - } - - got, err := ValidateConfig(config, modelInfo, tt.fromFormat, tt.toFormat, false) - if tt.name == "unsupported discrete level rejected" { - if err == nil { - t.Fatal("expected error") - } - thinkingErr, ok := err.(*ThinkingError) - if !ok { - t.Fatalf("expected ThinkingError, got %T %v", err, err) - } - if thinkingErr.Code != tt.wantErrCode { - t.Fatalf("error code=%s, want=%s", thinkingErr.Code, tt.wantErrCode) - } - return - } - - if err != nil { - t.Fatalf("ValidateConfig unexpected error: %v", err) - } - if got == nil { - t.Fatal("expected non-nil config") - } - if got.Mode != tt.wantMode { - t.Fatalf("Mode=%s, want=%s", got.Mode, tt.wantMode) - } - if got.Budget != tt.wantBudget { - t.Fatalf("Budget=%d, want=%d", got.Budget, tt.wantBudget) - } - if got.Level != tt.wantLevel { - t.Fatalf("Level=%s, want=%s", got.Level, tt.wantLevel) - } - }) - } -} - -func TestValidateConfig_ZeroAllowedBudgetPreserved(t *testing.T) { - modelInfo := ®istry.ModelInfo{ - ID: "zero-allowed-model", - Thinking: ®istry.ThinkingSupport{ - Min: 1024, - Max: 32000, - ZeroAllowed: true, - DynamicAllowed: false, - }, - } - - got, err := ValidateConfig(ThinkingConfig{Mode: ModeBudget, Budget: 0}, modelInfo, "openai", "openai", true) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got == nil { - t.Fatal("expected config") - } - if got.Mode != ModeNone { - t.Fatalf("Mode=%s, want=%s", got.Mode, ModeNone) - } - if got.Budget != 0 { - t.Fatalf("Budget=%d, want=0", got.Budget) - } -} - -func TestValidateConfig_ModeAutoFallsBackToMidpointWhenDynamicUnsupported(t *testing.T) { - modelInfo := ®istry.ModelInfo{ - ID: "auto-midpoint-model", - Thinking: ®istry.ThinkingSupport{ - Min: 1000, - Max: 3000, - DynamicAllowed: false, - }, - } - - got, err := ValidateConfig(ThinkingConfig{Mode: ModeAuto, Budget: -1}, modelInfo, "openai", "claude", false) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got == nil { - t.Fatal("expected config") - } - if got.Mode != ModeBudget { - t.Fatalf("Mode=%s, want=%s", got.Mode, ModeBudget) - } - if got.Budget != 2000 { - t.Fatalf("Budget=%d, want=2000", got.Budget) - } -} - -func TestValidateConfig_ModeAutoPreservedWhenDynamicAllowed(t *testing.T) { - modelInfo := ®istry.ModelInfo{ - ID: "auto-preserved-model", - Thinking: ®istry.ThinkingSupport{ - Min: 1000, - Max: 3000, - DynamicAllowed: true, - }, - } - - got, err := ValidateConfig(ThinkingConfig{Mode: ModeAuto, Budget: -1}, modelInfo, "openai", "claude", true) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got == nil { - t.Fatal("expected config") - } - if got.Mode != ModeAuto { - t.Fatalf("Mode=%s, want=%s", got.Mode, ModeAuto) - } - if got.Budget != -1 { - t.Fatalf("Budget=%d, want=-1", got.Budget) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_adapter.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_adapter.go deleted file mode 100644 index d43024afe8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_adapter.go +++ /dev/null @@ -1,70 +0,0 @@ -// Package acp provides an ACP (Agent Communication Protocol) translator for CLIProxy. -// acp_adapter.go implements translation between Claude/OpenAI format and ACP format, -// and a lightweight registry for adapter lookup. -package acp - -import ( - "context" - "fmt" -) - -// Adapter translates between Claude/OpenAI request format and ACP format. -type Adapter interface { - // Translate converts a ChatCompletionRequest to an ACPRequest. - Translate(ctx context.Context, req *ChatCompletionRequest) (*ACPRequest, error) -} - -// ACPAdapter implements the Adapter interface. -type ACPAdapter struct { - baseURL string -} - -// NewACPAdapter returns an ACPAdapter configured to forward requests to baseURL. -func NewACPAdapter(baseURL string) *ACPAdapter { - return &ACPAdapter{baseURL: baseURL} -} - -// Translate converts a ChatCompletionRequest to an ACPRequest. -// Message role and content fields are preserved verbatim; the model ID is passed through. -func (a *ACPAdapter) Translate(_ context.Context, req *ChatCompletionRequest) (*ACPRequest, error) { - if req == nil { - return nil, fmt.Errorf("request must not be nil") - } - acpMessages := make([]ACPMessage, len(req.Messages)) - for i, m := range req.Messages { - acpMessages[i] = ACPMessage{Role: m.Role, Content: m.Content} - } - return &ACPRequest{ - Model: req.Model, - Messages: acpMessages, - }, nil -} - -// Registry is a simple name-keyed registry of Adapter instances. -type Registry struct { - adapters map[string]Adapter -} - -// NewTranslatorRegistry returns a Registry pre-populated with the default ACP adapter. -func NewTranslatorRegistry() *Registry { - r := &Registry{adapters: make(map[string]Adapter)} - // Register the ACP adapter by default. - r.Register("acp", NewACPAdapter("http://localhost:9000")) - return r -} - -// Register stores an adapter under the given name. -func (r *Registry) Register(name string, adapter Adapter) { - r.adapters[name] = adapter -} - -// HasTranslator reports whether an adapter is registered for name. -func (r *Registry) HasTranslator(name string) bool { - _, ok := r.adapters[name] - return ok -} - -// GetTranslator returns the adapter registered under name, or nil when absent. -func (r *Registry) GetTranslator(name string) Adapter { - return r.adapters[name] -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_adapter_registry_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_adapter_registry_test.go deleted file mode 100644 index 3d0ce5c086..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_adapter_registry_test.go +++ /dev/null @@ -1,77 +0,0 @@ -package acp - -import ( - "context" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// TestACPAdapterIsRegisteredAndAvailable verifies that NewTranslatorRegistry -// auto-registers the ACP adapter under the "acp" key. -// @trace FR-ADAPTERS-001 -func TestACPAdapterIsRegisteredAndAvailable(t *testing.T) { - registry := NewTranslatorRegistry() - - adapterExists := registry.HasTranslator("acp") - - assert.True(t, adapterExists, "ACP adapter not registered in translator registry") -} - -// TestACPAdapterTransformsClaudeToACP verifies that a Claude/OpenAI-format request is -// correctly translated to ACP format by the registered adapter. -// @trace FR-ADAPTERS-001 FR-ADAPTERS-002 -func TestACPAdapterTransformsClaudeToACP(t *testing.T) { - registry := NewTranslatorRegistry() - adapter := registry.GetTranslator("acp") - require.NotNil(t, adapter) - - claudeReq := &ChatCompletionRequest{ - Model: "claude-opus-4-6", - Messages: []Message{ - {Role: "user", Content: "Hello"}, - }, - } - - acpReq, err := adapter.Translate(context.Background(), claudeReq) - - require.NoError(t, err) - require.NotNil(t, acpReq) - assert.Equal(t, "claude-opus-4-6", acpReq.Model) - assert.Len(t, acpReq.Messages, 1) - assert.Equal(t, "user", acpReq.Messages[0].Role) - assert.Equal(t, "Hello", acpReq.Messages[0].Content) -} - -// TestACPAdapterRejectsNilRequest verifies that a nil request returns an error. -func TestACPAdapterRejectsNilRequest(t *testing.T) { - adapter := NewACPAdapter("http://localhost:9000") - - _, err := adapter.Translate(context.Background(), nil) - - assert.Error(t, err) -} - -// TestACPAdapterPreservesMultipleMessages verifies multi-turn conversation preservation. -// @trace FR-ADAPTERS-002 -func TestACPAdapterPreservesMultipleMessages(t *testing.T) { - adapter := NewACPAdapter("http://localhost:9000") - - req := &ChatCompletionRequest{ - Model: "claude-sonnet-4.6", - Messages: []Message{ - {Role: "system", Content: "You are a helpful assistant."}, - {Role: "user", Content: "What is 2+2?"}, - {Role: "assistant", Content: "4"}, - {Role: "user", Content: "And 3+3?"}, - }, - } - - acpReq, err := adapter.Translate(context.Background(), req) - - require.NoError(t, err) - assert.Len(t, acpReq.Messages, 4) - assert.Equal(t, "system", acpReq.Messages[0].Role) - assert.Equal(t, "assistant", acpReq.Messages[2].Role) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_request.go deleted file mode 100644 index 4b649e7a66..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_request.go +++ /dev/null @@ -1,30 +0,0 @@ -// Package acp provides an ACP (Agent Communication Protocol) translator for CLIProxy. -// -// Ported from thegent/src/thegent/adapters/acp_client.py. -// Translates Claude/OpenAI API request format into ACP format and back. -package acp - -// ACPMessage is a single message in ACP format. -type ACPMessage struct { - Role string `json:"role"` - Content string `json:"content"` -} - -// ACPRequest is the ACP-format request payload. -type ACPRequest struct { - Model string `json:"model"` - Messages []ACPMessage `json:"messages"` -} - -// ChatCompletionRequest is the OpenAI-compatible / Claude-compatible request format -// accepted by the ACP adapter. -type ChatCompletionRequest struct { - Model string `json:"model"` - Messages []Message `json:"messages"` -} - -// Message is an OpenAI/Claude-compatible message. -type Message struct { - Role string `json:"role"` - Content string `json:"content"` -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_response.go deleted file mode 100644 index e2899094a9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/acp/acp_response.go +++ /dev/null @@ -1,13 +0,0 @@ -package acp - -// ACPResponse is the ACP-format response payload. -type ACPResponse struct { - ID string `json:"id"` - Model string `json:"model"` - Choices []ACPChoice `json:"choices"` -} - -// ACPChoice is a single choice in an ACP response. -type ACPChoice struct { - Message ACPMessage `json:"message"` -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_request.go deleted file mode 100644 index a45ec918fe..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_request.go +++ /dev/null @@ -1,430 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// This package handles the conversion of Claude Code API requests into Gemini CLI-compatible -// JSON format, transforming message contents, system instructions, and tool declarations -// into the format expected by Gemini CLI API clients. It performs JSON data transformation -// to ensure compatibility between Claude Code API format and Gemini CLI API's expected format. -package claude - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cache" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToAntigravity parses and transforms a Claude Code API request into Gemini CLI API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini CLI API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini CLI API format -// 3. Converts system instructions to the expected format -// 4. Maps message contents with proper role transformations -// 5. Handles tool declarations and tool choices -// 6. Maps generation configuration parameters -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertClaudeRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - enableThoughtTranslate := true - rawJSON := inputRawJSON - modelOverrides := registry.GetAntigravityModelConfig() - - // system instruction - systemInstructionJSON := "" - hasSystemInstruction := false - systemResult := gjson.GetBytes(rawJSON, "system") - if systemResult.IsArray() { - systemResults := systemResult.Array() - systemInstructionJSON = `{"role":"user","parts":[]}` - for i := 0; i < len(systemResults); i++ { - systemPromptResult := systemResults[i] - systemTypePromptResult := systemPromptResult.Get("type") - if systemTypePromptResult.Type == gjson.String && systemTypePromptResult.String() == "text" { - systemPrompt := strings.TrimSpace(systemPromptResult.Get("text").String()) - if systemPrompt == "" { - continue - } - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "text", systemPrompt) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", partJSON) - hasSystemInstruction = true - } - } - } else if systemResult.Type == gjson.String { - systemPrompt := strings.TrimSpace(systemResult.String()) - if systemPrompt != "" { - systemInstructionJSON = `{"role":"user","parts":[{"text":""}]}` - systemInstructionJSON, _ = sjson.Set(systemInstructionJSON, "parts.0.text", systemPrompt) - hasSystemInstruction = true - } - } - - // contents - contentsJSON := "[]" - hasContents := false - - messagesResult := gjson.GetBytes(rawJSON, "messages") - if messagesResult.IsArray() { - messageResults := messagesResult.Array() - numMessages := len(messageResults) - for i := 0; i < numMessages; i++ { - messageResult := messageResults[i] - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - continue - } - originalRole := roleResult.String() - role := originalRole - if role == "assistant" { - role = "model" - } - clientContentJSON := `{"role":"","parts":[]}` - clientContentJSON, _ = sjson.Set(clientContentJSON, "role", role) - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentResults := contentsResult.Array() - numContents := len(contentResults) - var currentMessageThinkingSignature string - for j := 0; j < numContents; j++ { - contentResult := contentResults[j] - contentTypeResult := contentResult.Get("type") - if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "thinking" { - // Use GetThinkingText to handle wrapped thinking objects - thinkingText := thinking.GetThinkingText(contentResult) - - // Always try cached signature first (more reliable than client-provided) - // Client may send stale or invalid signatures from different sessions - signature := "" - if thinkingText != "" { - if cachedSig := cache.GetCachedSignature(modelName, thinkingText); cachedSig != "" { - signature = cachedSig - // log.Debugf("Using cached signature for thinking block") - } - } - - // Fallback to client signature only if cache miss and client signature is valid - if signature == "" { - signatureResult := contentResult.Get("signature") - clientSignature := "" - if signatureResult.Exists() && signatureResult.String() != "" { - arrayClientSignatures := strings.SplitN(signatureResult.String(), "#", 2) - if len(arrayClientSignatures) == 2 { - if cache.GetModelGroup(modelName) == arrayClientSignatures[0] { - clientSignature = arrayClientSignatures[1] - } - } - } - if cache.HasValidSignature(modelName, clientSignature) { - signature = clientSignature - } - // log.Debugf("Using client-provided signature for thinking block") - } - - // Store for subsequent tool_use in the same message - if cache.HasValidSignature(modelName, signature) { - currentMessageThinkingSignature = signature - } - - // Skip trailing unsigned thinking blocks on last assistant message - isUnsigned := !cache.HasValidSignature(modelName, signature) - - // If unsigned, skip entirely (don't convert to text) - // Claude requires assistant messages to start with thinking blocks when thinking is enabled - // Converting to text would break this requirement - if isUnsigned { - // log.Debugf("Dropping unsigned thinking block (no valid signature)") - enableThoughtTranslate = false - continue - } - - // Valid signature, send as thought block - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "thought", true) - if thinkingText != "" { - partJSON, _ = sjson.Set(partJSON, "text", thinkingText) - } - if signature != "" { - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", signature) - } - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "text" { - prompt := strings.TrimSpace(contentResult.Get("text").String()) - // Skip empty text parts to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - if strings.TrimSpace(prompt) == "" { - continue - } - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "text", prompt) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_use" { - // NOTE: Do NOT inject dummy thinking blocks here. - // Antigravity API validates signatures, so dummy values are rejected. - - functionName := contentResult.Get("name").String() - argsResult := contentResult.Get("input") - functionID := contentResult.Get("id").String() - - // Handle both object and string input formats - var argsRaw string - if argsResult.IsObject() { - argsRaw = argsResult.Raw - } else if argsResult.Type == gjson.String { - // Input is a JSON string, parse and validate it - parsed := gjson.Parse(argsResult.String()) - if parsed.IsObject() { - argsRaw = parsed.Raw - } - } - - if argsRaw != "" { - partJSON := `{}` - - // Use skip_thought_signature_validator for tool calls without valid thinking signature - // This is the approach used in opencode-google-antigravity-auth for Gemini - // and also works for Claude through Antigravity API - const skipSentinel = "skip_thought_signature_validator" - if cache.HasValidSignature(modelName, currentMessageThinkingSignature) { - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", currentMessageThinkingSignature) - } else { - // No valid signature - use skip sentinel to bypass validation - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", skipSentinel) - } - - if functionID != "" { - partJSON, _ = sjson.Set(partJSON, "functionCall.id", functionID) - } - partJSON, _ = sjson.Set(partJSON, "functionCall.name", functionName) - partJSON, _ = sjson.SetRaw(partJSON, "functionCall.args", argsRaw) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_result" { - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID != "" { - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-2], "-") - } - functionResponseResult := contentResult.Get("content") - - functionResponseJSON := `{}` - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "id", toolCallID) - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "name", funcName) - - responseData := "" - if functionResponseResult.Type == gjson.String { - responseData = functionResponseResult.String() - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "response.result", responseData) - } else if functionResponseResult.IsArray() { - frResults := functionResponseResult.Array() - if len(frResults) == 1 { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", frResults[0].Raw) - } else { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } - - } else if functionResponseResult.IsObject() { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } else if functionResponseResult.Raw != "" { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } else { - // Content field is missing entirely — .Raw is empty which - // causes sjson.SetRaw to produce invalid JSON (e.g. "result":}). - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "response.result", "") - } - - partJSON := `{}` - partJSON, _ = sjson.SetRaw(partJSON, "functionResponse", functionResponseJSON) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "image" { - sourceResult := contentResult.Get("source") - if sourceResult.Get("type").String() == "base64" { - inlineDataJSON := `{}` - if mimeType := sourceResult.Get("media_type").String(); mimeType != "" { - inlineDataJSON, _ = sjson.Set(inlineDataJSON, "mime_type", mimeType) - } - if data := sourceResult.Get("data").String(); data != "" { - inlineDataJSON, _ = sjson.Set(inlineDataJSON, "data", data) - } - - partJSON := `{}` - partJSON, _ = sjson.SetRaw(partJSON, "inlineData", inlineDataJSON) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } - } - - // Reorder parts for 'model' role to ensure thinking block is first - if role == "model" { - partsResult := gjson.Get(clientContentJSON, "parts") - if partsResult.IsArray() { - parts := partsResult.Array() - var thinkingParts []gjson.Result - var otherParts []gjson.Result - for _, part := range parts { - if part.Get("thought").Bool() { - thinkingParts = append(thinkingParts, part) - } else { - otherParts = append(otherParts, part) - } - } - if len(thinkingParts) > 0 { - firstPartIsThinking := parts[0].Get("thought").Bool() - if !firstPartIsThinking || len(thinkingParts) > 1 { - var newParts []interface{} - for _, p := range thinkingParts { - newParts = append(newParts, p.Value()) - } - for _, p := range otherParts { - newParts = append(newParts, p.Value()) - } - clientContentJSON, _ = sjson.Set(clientContentJSON, "parts", newParts) - } - } - } - } - - // Skip messages with empty parts array to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - partsCheck := gjson.Get(clientContentJSON, "parts") - if !partsCheck.IsArray() || len(partsCheck.Array()) == 0 { - continue - } - - contentsJSON, _ = sjson.SetRaw(contentsJSON, "-1", clientContentJSON) - hasContents = true - } else if contentsResult.Type == gjson.String { - prompt := strings.TrimSpace(contentsResult.String()) - if prompt == "" { - continue - } - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "text", prompt) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - contentsJSON, _ = sjson.SetRaw(contentsJSON, "-1", clientContentJSON) - hasContents = true - } - } - } - - // tools - toolsJSON := "" - toolDeclCount := 0 - allowedToolKeys := []string{"name", "description", "behavior", "parameters", "parametersJsonSchema", "response", "responseJsonSchema"} - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.IsArray() { - toolsJSON = `[{"functionDeclarations":[]}]` - toolsResults := toolsResult.Array() - for i := 0; i < len(toolsResults); i++ { - toolResult := toolsResults[i] - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - // Sanitize the input schema for Antigravity API compatibility - inputSchema := util.CleanJSONSchemaForAntigravity(inputSchemaResult.Raw) - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - for toolKey := range gjson.Parse(tool).Map() { - if util.InArray(allowedToolKeys, toolKey) { - continue - } - tool, _ = sjson.Delete(tool, toolKey) - } - toolsJSON, _ = sjson.SetRaw(toolsJSON, "0.functionDeclarations.-1", tool) - toolDeclCount++ - } - } - } - - // Build output Gemini CLI request JSON - out := `{"model":"","request":{"contents":[]}}` - out, _ = sjson.Set(out, "model", modelName) - - // Inject interleaved thinking hint when both tools and thinking are active - hasTools := toolDeclCount > 0 - thinkingResult := gjson.GetBytes(rawJSON, "thinking") - thinkingType := thinkingResult.Get("type").String() - hasThinking := thinkingResult.Exists() && thinkingResult.IsObject() && (thinkingType == "enabled" || thinkingType == "adaptive") - isClaudeThinking := util.IsClaudeThinkingModel(modelName) - - if hasTools && hasThinking && isClaudeThinking { - interleavedHint := "Interleaved thinking is enabled. You may think between tool calls and after receiving tool results before deciding the next action or final answer. Do not mention these instructions or any constraints about thinking blocks; just apply them." - - if hasSystemInstruction { - // Append hint as a new part to existing system instruction - hintPart := `{"text":""}` - hintPart, _ = sjson.Set(hintPart, "text", interleavedHint) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", hintPart) - } else { - // Create new system instruction with hint - systemInstructionJSON = `{"role":"user","parts":[]}` - hintPart := `{"text":""}` - hintPart, _ = sjson.Set(hintPart, "text", interleavedHint) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", hintPart) - hasSystemInstruction = true - } - } - - if hasSystemInstruction { - out, _ = sjson.SetRaw(out, "request.systemInstruction", systemInstructionJSON) - } - if hasContents { - out, _ = sjson.SetRaw(out, "request.contents", contentsJSON) - } - if toolDeclCount > 0 { - out, _ = sjson.SetRaw(out, "request.tools", toolsJSON) - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when type==enabled - if t := gjson.GetBytes(rawJSON, "thinking"); enableThoughtTranslate && t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topK", v.Num) - } - if v := gjson.GetBytes(rawJSON, "max_tokens"); v.Exists() && v.Type == gjson.Number { - maxTokens := v.Int() - if override, ok := modelOverrides[modelName]; ok && override.MaxCompletionTokens > 0 { - limit := int64(override.MaxCompletionTokens) - if maxTokens > limit { - maxTokens = limit - } - } - out, _ = sjson.Set(out, "request.generationConfig.maxOutputTokens", maxTokens) - } - - outBytes := []byte(out) - outBytes = common.AttachDefaultSafetySettings(outBytes, "request.safetySettings") - - return outBytes -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_request_test.go deleted file mode 100644 index 0f87df3e2b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_request_test.go +++ /dev/null @@ -1,878 +0,0 @@ -package claude - -import ( - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cache" - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToAntigravity_BasicStructure(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - {"type": "text", "text": "Hello"} - ] - } - ], - "system": [ - {"type": "text", "text": "You are helpful"} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check model - if gjson.Get(outputStr, "model").String() != "claude-sonnet-4-5" { - t.Errorf("Expected model 'claude-sonnet-4-5', got '%s'", gjson.Get(outputStr, "model").String()) - } - - // Check contents exist - contents := gjson.Get(outputStr, "request.contents") - if !contents.Exists() || !contents.IsArray() { - t.Error("request.contents should exist and be an array") - } - - // Check role mapping (assistant -> model) - firstContent := gjson.Get(outputStr, "request.contents.0") - if firstContent.Get("role").String() != "user" { - t.Errorf("Expected role 'user', got '%s'", firstContent.Get("role").String()) - } - - // Check systemInstruction - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Error("systemInstruction should exist") - } - if sysInstruction.Get("parts.0.text").String() != "You are helpful" { - t.Error("systemInstruction text mismatch") - } -} - -func TestConvertClaudeRequestToAntigravity_RoleMapping(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "Hi"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Hello"}]} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // assistant should be mapped to model - secondContent := gjson.Get(outputStr, "request.contents.1") - if secondContent.Get("role").String() != "model" { - t.Errorf("Expected role 'model' (mapped from 'assistant'), got '%s'", secondContent.Get("role").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_SkipsWhitespaceOnlyTextBlocksAssistantMessage(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": " \n\t "}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Hello"}]} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - contents := gjson.Get(outputStr, "request.contents").Array() - if len(contents) != 1 { - t.Fatalf("expected only non-empty content entry, got %d", len(contents)) - } - if contents[0].Get("parts.0.text").String() != "Hello" { - t.Fatalf("expected assistant text to remain, got %s", contents[0].Raw) - } -} - -func TestConvertClaudeRequestToAntigravity_SkipsWhitespaceOnlyTextBlocks(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": " \n\t "}]}, - {"role": "user", "content": [{"type": "text", "text": "Hello"}]} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - contents := gjson.Get(outputStr, "request.contents").Array() - if len(contents) != 1 { - t.Fatalf("expected 1 non-empty content entry, got %d", len(contents)) - } - if contents[0].Get("parts.0.text").String() != "Hello" { - t.Fatalf("expected non-empty text content to remain") - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingBlocks(t *testing.T) { - cache.ClearSignatureCache("") - - // Valid signature must be at least 50 characters - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Let me think..." - - // Pre-cache the signature (simulating a previous response for the same thinking text) - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"}, - {"type": "text", "text": "Answer"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check thinking block conversion (now in contents.1 due to user message) - firstPart := gjson.Get(outputStr, "request.contents.1.parts.0") - if !firstPart.Get("thought").Bool() { - t.Error("thinking block should have thought: true") - } - if firstPart.Get("text").String() != thinkingText { - t.Error("thinking text mismatch") - } - if firstPart.Get("thoughtSignature").String() != validSignature { - t.Errorf("Expected thoughtSignature '%s', got '%s'", validSignature, firstPart.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingBlockWithoutSignature(t *testing.T) { - cache.ClearSignatureCache("") - - // Unsigned thinking blocks should be removed entirely (not converted to text) - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Let me think..."}, - {"type": "text", "text": "Answer"} - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Without signature, thinking block should be removed (not converted to text) - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (thinking removed), got %d", len(parts)) - } - - // Only text part should remain - if parts[0].Get("thought").Bool() { - t.Error("Thinking block should be removed, not preserved") - } - if parts[0].Get("text").String() != "Answer" { - t.Errorf("Expected text 'Answer', got '%s'", parts[0].Get("text").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolDeclarations(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [], - "tools": [ - { - "name": "test_tool", - "description": "A test tool", - "input_schema": { - "type": "object", - "properties": { - "name": {"type": "string"} - }, - "required": ["name"] - } - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("gemini-1.5-pro", inputJSON, false) - outputStr := string(output) - - // Check tools structure - tools := gjson.Get(outputStr, "request.tools") - if !tools.Exists() { - t.Error("Tools should exist in output") - } - - funcDecl := gjson.Get(outputStr, "request.tools.0.functionDeclarations.0") - if funcDecl.Get("name").String() != "test_tool" { - t.Errorf("Expected tool name 'test_tool', got '%s'", funcDecl.Get("name").String()) - } - - // Check input_schema renamed to parametersJsonSchema - if funcDecl.Get("parametersJsonSchema").Exists() { - t.Log("parametersJsonSchema exists (expected)") - } - if funcDecl.Get("input_schema").Exists() { - t.Error("input_schema should be removed") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolUse(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "call_123", - "name": "get_weather", - "input": "{\"location\": \"Paris\"}" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Now we expect only 1 part (tool_use), no dummy thinking block injected - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (tool only, no dummy injection), got %d", len(parts)) - } - - // Check function call conversion at parts[0] - funcCall := parts[0].Get("functionCall") - if !funcCall.Exists() { - t.Error("functionCall should exist at parts[0]") - } - if funcCall.Get("name").String() != "get_weather" { - t.Errorf("Expected function name 'get_weather', got '%s'", funcCall.Get("name").String()) - } - if funcCall.Get("id").String() != "call_123" { - t.Errorf("Expected function id 'call_123', got '%s'", funcCall.Get("id").String()) - } - // Verify skip_thought_signature_validator is added (bypass for tools without valid thinking) - expectedSig := "skip_thought_signature_validator" - actualSig := parts[0].Get("thoughtSignature").String() - if actualSig != expectedSig { - t.Errorf("Expected thoughtSignature '%s', got '%s'", expectedSig, actualSig) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolUse_WithSignature(t *testing.T) { - cache.ClearSignatureCache("") - - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Let me think..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"}, - { - "type": "tool_use", - "id": "call_123", - "name": "get_weather", - "input": "{\"location\": \"Paris\"}" - } - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check function call has the signature from the preceding thinking block (now in contents.1) - part := gjson.Get(outputStr, "request.contents.1.parts.1") - if part.Get("functionCall.name").String() != "get_weather" { - t.Errorf("Expected functionCall, got %s", part.Raw) - } - if part.Get("thoughtSignature").String() != validSignature { - t.Errorf("Expected thoughtSignature '%s' on tool_use, got '%s'", validSignature, part.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ReorderThinking(t *testing.T) { - cache.ClearSignatureCache("") - - // Case: text block followed by thinking block -> should be reordered to thinking first - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Planning..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is the plan."}, - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Verify order: Thinking block MUST be first (now in contents.1 due to user message) - parts := gjson.Get(outputStr, "request.contents.1.parts").Array() - if len(parts) != 2 { - t.Fatalf("Expected 2 parts, got %d", len(parts)) - } - - if !parts[0].Get("thought").Bool() { - t.Error("First part should be thinking block after reordering") - } - if parts[1].Get("text").String() != "Here is the plan." { - t.Error("Second part should be text block") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResult(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "get_weather-call-123", - "content": "22C sunny" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check function response conversion - funcResp := gjson.Get(outputStr, "request.contents.0.parts.0.functionResponse") - if !funcResp.Exists() { - t.Error("functionResponse should exist") - } - if funcResp.Get("id").String() != "get_weather-call-123" { - t.Errorf("Expected function id, got '%s'", funcResp.Get("id").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingConfig(t *testing.T) { - // Note: This test requires the model to be registered in the registry - // with Thinking metadata. If the registry is not populated in test environment, - // thinkingConfig won't be added. We'll test the basic structure only. - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [], - "thinking": { - "type": "enabled", - "budget_tokens": 8000 - } - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check thinking config conversion (only if model supports thinking in registry) - thinkingConfig := gjson.Get(outputStr, "request.generationConfig.thinkingConfig") - if thinkingConfig.Exists() { - if thinkingConfig.Get("thinkingBudget").Int() != 8000 { - t.Errorf("Expected thinkingBudget 8000, got %d", thinkingConfig.Get("thinkingBudget").Int()) - } - if !thinkingConfig.Get("includeThoughts").Bool() { - t.Error("includeThoughts should be true") - } - } else { - t.Log("thinkingConfig not present - model may not be registered in test registry") - } -} - -func TestConvertClaudeRequestToAntigravity_ImageContent(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - { - "type": "image", - "source": { - "type": "base64", - "media_type": "image/png", - "data": "iVBORw0KGgoAAAANSUhEUg==" - } - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check inline data conversion - inlineData := gjson.Get(outputStr, "request.contents.0.parts.0.inlineData") - if !inlineData.Exists() { - t.Error("inlineData should exist") - } - if inlineData.Get("mime_type").String() != "image/png" { - t.Error("mime_type mismatch") - } - if !strings.Contains(inlineData.Get("data").String(), "iVBORw0KGgo") { - t.Error("data mismatch") - } -} - -func TestConvertClaudeRequestToAntigravity_GenerationConfig(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [], - "temperature": 0.7, - "top_p": 0.9, - "top_k": 40, - "max_tokens": 2000 - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - genConfig := gjson.Get(outputStr, "request.generationConfig") - if genConfig.Get("temperature").Float() != 0.7 { - t.Errorf("Expected temperature 0.7, got %f", genConfig.Get("temperature").Float()) - } - if genConfig.Get("topP").Float() != 0.9 { - t.Errorf("Expected topP 0.9, got %f", genConfig.Get("topP").Float()) - } - if genConfig.Get("topK").Float() != 40 { - t.Errorf("Expected topK 40, got %f", genConfig.Get("topK").Float()) - } - if genConfig.Get("maxOutputTokens").Float() != 2000 { - t.Errorf("Expected maxOutputTokens 2000, got %f", genConfig.Get("maxOutputTokens").Float()) - } -} - -func TestConvertClaudeRequestToAntigravity_MaxTokensClamped(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "hello"}]} - ], - "max_tokens": 128000 - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, false) - maxOutput := gjson.GetBytes(output, "request.generationConfig.maxOutputTokens") - if !maxOutput.Exists() { - t.Fatal("maxOutputTokens should exist") - } - if maxOutput.Int() != 64000 { - t.Fatalf("expected maxOutputTokens to be clamped to 64000, got %d", maxOutput.Int()) - } -} - -// ============================================================================ -// Trailing Unsigned Thinking Block Removal -// ============================================================================ - -func TestConvertClaudeRequestToAntigravity_TrailingUnsignedThinking_Removed(t *testing.T) { - // Last assistant message ends with unsigned thinking block - should be removed - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is my answer"}, - {"type": "thinking", "thinking": "I should think more..."} - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // The last part of the last assistant message should NOT be a thinking block - lastMessageParts := gjson.Get(outputStr, "request.contents.1.parts") - if !lastMessageParts.IsArray() { - t.Fatal("Last message should have parts array") - } - parts := lastMessageParts.Array() - if len(parts) == 0 { - t.Fatal("Last message should have at least one part") - } - - // The unsigned thinking should be removed, leaving only the text - lastPart := parts[len(parts)-1] - if lastPart.Get("thought").Bool() { - t.Error("Trailing unsigned thinking block should be removed") - } -} - -func TestConvertClaudeRequestToAntigravity_TrailingSignedThinking_Kept(t *testing.T) { - cache.ClearSignatureCache("") - - // Last assistant message ends with signed thinking block - should be kept - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Valid thinking..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is my answer"}, - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // The signed thinking block should be preserved - lastMessageParts := gjson.Get(outputStr, "request.contents.1.parts") - parts := lastMessageParts.Array() - if len(parts) < 2 { - t.Error("Signed thinking block should be preserved") - } -} - -func TestConvertClaudeRequestToAntigravity_MiddleUnsignedThinking_Removed(t *testing.T) { - // Middle message has unsigned thinking - should be removed entirely - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Middle thinking..."}, - {"type": "text", "text": "Answer"} - ] - }, - { - "role": "user", - "content": [{"type": "text", "text": "Follow up"}] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Unsigned thinking should be removed entirely - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (thinking removed), got %d", len(parts)) - } - - // Only text part should remain - if parts[0].Get("thought").Bool() { - t.Error("Thinking block should be removed, not preserved") - } - if parts[0].Get("text").String() != "Answer" { - t.Errorf("Expected text 'Answer', got '%s'", parts[0].Get("text").String()) - } -} - -// ============================================================================ -// Tool + Thinking System Hint Injection -// ============================================================================ - -func TestConvertClaudeRequestToAntigravity_ToolAndThinking_HintInjected(t *testing.T) { - // When both tools and thinking are enabled, hint should be injected into system instruction - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should contain the interleaved thinking hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Fatal("systemInstruction should exist") - } - - // Check if hint is appended - sysText := sysInstruction.Get("parts").Array() - found := false - for _, part := range sysText { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - found = true - break - } - } - if !found { - t.Errorf("Interleaved thinking hint should be injected when tools and thinking are both active, got: %v", sysInstruction.Raw) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolsOnly_NoHint(t *testing.T) { - // When only tools are present (no thinking), hint should NOT be injected - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // System instruction should NOT contain the hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if sysInstruction.Exists() { - for _, part := range sysInstruction.Get("parts").Array() { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - t.Error("Hint should NOT be injected when only tools are present (no thinking)") - } - } - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingOnly_NoHint(t *testing.T) { - // When only thinking is enabled (no tools), hint should NOT be injected - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should NOT contain the hint (no tools) - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if sysInstruction.Exists() { - for _, part := range sysInstruction.Get("parts").Array() { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - t.Error("Hint should NOT be injected when only thinking is present (no tools)") - } - } - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResultNoContent(t *testing.T) { - // Bug repro: tool_result with no content field produces invalid JSON - inputJSON := []byte(`{ - "model": "claude-opus-4-6-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "MyTool-123-456", - "name": "MyTool", - "input": {"key": "value"} - } - ] - }, - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "MyTool-123-456" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, true) - outputStr := string(output) - - if !gjson.Valid(outputStr) { - t.Errorf("Result is not valid JSON:\n%s", outputStr) - } - - // Verify the functionResponse has a valid result value - fr := gjson.Get(outputStr, "request.contents.1.parts.0.functionResponse.response.result") - if !fr.Exists() { - t.Error("functionResponse.response.result should exist") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResultNullContent(t *testing.T) { - // Bug repro: tool_result with null content produces invalid JSON - inputJSON := []byte(`{ - "model": "claude-opus-4-6-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "MyTool-123-456", - "name": "MyTool", - "input": {"key": "value"} - } - ] - }, - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "MyTool-123-456", - "content": null - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, true) - outputStr := string(output) - - if !gjson.Valid(outputStr) { - t.Errorf("Result is not valid JSON:\n%s", outputStr) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolAndThinking_NoExistingSystem(t *testing.T) { - // When tools + thinking but no system instruction, should create one with hint - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should be created with hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Fatal("systemInstruction should be created when tools + thinking are active") - } - - sysText := sysInstruction.Get("parts").Array() - found := false - for _, part := range sysText { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - found = true - break - } - } - if !found { - t.Errorf("Interleaved thinking hint should be in created systemInstruction, got: %v", sysInstruction.Raw) - } -} - -func TestConvertClaudeRequestToAntigravity_SkipsEmptySystemTextParts(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": ""}, {"type": "text", "text": " "}] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - if gjson.Get(outputStr, "request.systemInstruction").Exists() { - t.Fatalf("systemInstruction should be omitted when all system text blocks are empty: %s", outputStr) - } -} - -func TestConvertClaudeRequestToAntigravity_SkipsEmptyStringMessageContent(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5", - "messages": [ - {"role": "user", "content": " "}, - {"role": "assistant", "content": "ok"} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - contents := gjson.Get(outputStr, "request.contents").Array() - if len(contents) != 1 { - t.Fatalf("expected 1 non-empty message after filtering empty string content, got %d (%s)", len(contents), outputStr) - } - if contents[0].Get("role").String() != "model" { - t.Fatalf("expected remaining message role=model, got %q", contents[0].Get("role").String()) - } - if contents[0].Get("parts.0.text").String() != "ok" { - t.Fatalf("expected remaining text 'ok', got %q", contents[0].Get("parts.0.text").String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_response.go deleted file mode 100644 index 50dd7138c1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_response.go +++ /dev/null @@ -1,511 +0,0 @@ -// Package claude provides response translation functionality for Claude Code API compatibility. -// This package handles the conversion of backend client responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cache" - log "github.com/sirupsen/logrus" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion and maintains state across streaming chunks. -// This structure tracks the current state of the response translation process to ensure -// proper sequencing of SSE events and transitions between different content types. -type Params struct { - HasFirstResponse bool // Indicates if the initial message_start event has been sent - ResponseType int // Current response type: 0=none, 1=content, 2=thinking, 3=function - ResponseIndex int // Index counter for content blocks in the streaming response - HasFinishReason bool // Tracks whether a finish reason has been observed - FinishReason string // The finish reason string returned by the provider - HasUsageMetadata bool // Tracks whether usage metadata has been observed - PromptTokenCount int64 // Cached prompt token count from usage metadata - CandidatesTokenCount int64 // Cached candidate token count from usage metadata - ThoughtsTokenCount int64 // Cached thinking token count from usage metadata - TotalTokenCount int64 // Cached total token count from usage metadata - CachedTokenCount int64 // Cached content token count (indicates prompt caching) - HasSentFinalEvents bool // Indicates if final content/message events have been sent - HasToolUse bool // Indicates if tool use was observed in the stream - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output - - // Signature caching support - CurrentThinkingText strings.Builder // Accumulates thinking text for signature caching -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertAntigravityResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertAntigravityResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - modelName := gjson.GetBytes(requestRawJSON, "model").String() - - params := (*param).(*Params) - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - output := "" - // Only send final events if we have actually output content - if params.HasContent { - appendFinalEvents(params, &output, true) - return []string{ - output + "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk to establish the streaming session - if !params.HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values according to Claude Code API specification - // This follows the Claude Code API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Use cpaUsageMetadata within the message_start event for Claude. - if promptTokenCount := gjson.GetBytes(rawJSON, "response.cpaUsageMetadata.promptTokenCount"); promptTokenCount.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.usage.input_tokens", promptTokenCount.Int()) - } - if candidatesTokenCount := gjson.GetBytes(rawJSON, "response.cpaUsageMetadata.candidatesTokenCount"); candidatesTokenCount.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.usage.output_tokens", candidatesTokenCount.Int()) - } - - // Override default values with actual response metadata if available from the Gemini CLI response - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - params.HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - if thoughtSignature := partResult.Get("thoughtSignature"); thoughtSignature.Exists() && thoughtSignature.String() != "" { - // log.Debug("Branch: signature_delta") - - if params.CurrentThinkingText.Len() > 0 { - cache.CacheSignature(modelName, params.CurrentThinkingText.String(), thoughtSignature.String()) - // log.Debugf("Cached signature for thinking block (textLen=%d)", params.CurrentThinkingText.Len()) - params.CurrentThinkingText.Reset() - } - - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":""}}`, params.ResponseIndex), "delta.signature", fmt.Sprintf("%s#%s", cache.GetModelGroup(modelName), thoughtSignature.String())) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else if params.ResponseType == 2 { // Continue existing thinking block if already in thinking state - params.CurrentThinkingText.WriteString(partTextResult.String()) - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, params.ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if params.ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, params.ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, params.ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.ResponseType = 2 // Set state to thinking - params.HasContent = true - // Start accumulating thinking text for signature caching - params.CurrentThinkingText.Reset() - params.CurrentThinkingText.WriteString(partTextResult.String()) - } - } else { - finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason") - if partTextResult.String() != "" || !finishReasonResult.Exists() { - // Process regular text content (user-visible output) - // Continue existing text block if already in content state - if params.ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, params.ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if params.ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - if partTextResult.String() != "" { - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, params.ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, params.ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.ResponseType = 1 // Set state to content - params.HasContent = true - } - } - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude Code API compatibility - params.HasToolUse = true - fcName := functionCallResult.Get("name").String() - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if params.ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - params.ResponseType = 0 - } - - // Special handling for thinking state transition - if params.ResponseType == 2 { - params.ResponseType = 0 - } - - // Close any other existing content block - if params.ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude Code format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, params.ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, params.ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - params.ResponseType = 3 - params.HasContent = true - } - } - } - - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - params.HasFinishReason = true - params.FinishReason = finishReasonResult.String() - } - - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - params.HasUsageMetadata = true - params.CachedTokenCount = usageResult.Get("cachedContentTokenCount").Int() - params.PromptTokenCount = usageResult.Get("promptTokenCount").Int() - params.CachedTokenCount - params.CandidatesTokenCount = usageResult.Get("candidatesTokenCount").Int() - params.ThoughtsTokenCount = usageResult.Get("thoughtsTokenCount").Int() - params.TotalTokenCount = usageResult.Get("totalTokenCount").Int() - if params.CandidatesTokenCount == 0 && params.TotalTokenCount > 0 { - params.CandidatesTokenCount = params.TotalTokenCount - params.PromptTokenCount - params.ThoughtsTokenCount - if params.CandidatesTokenCount < 0 { - params.CandidatesTokenCount = 0 - } - } - } - - if params.HasUsageMetadata && params.HasFinishReason { - appendFinalEvents(params, &output, false) - } - - return []string{output} -} - -func appendFinalEvents(params *Params, output *string, force bool) { - if params.HasSentFinalEvents { - return - } - - if !params.HasUsageMetadata && !force { - return - } - - // Only send final events if we have actually output content - if !params.HasContent { - return - } - - if params.ResponseType != 0 { - *output = *output + "event: content_block_stop\n" - *output = *output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - *output = *output + "\n\n\n" - params.ResponseType = 0 - } - - stopReason := resolveStopReason(params) - usageOutputTokens := params.CandidatesTokenCount + params.ThoughtsTokenCount - if usageOutputTokens == 0 && params.TotalTokenCount > 0 { - usageOutputTokens = params.TotalTokenCount - params.PromptTokenCount - if usageOutputTokens < 0 { - usageOutputTokens = 0 - } - } - - *output = *output + "event: message_delta\n" - *output = *output + "data: " - delta := fmt.Sprintf(`{"type":"message_delta","delta":{"stop_reason":"%s","stop_sequence":null},"usage":{"input_tokens":%d,"output_tokens":%d}}`, stopReason, params.PromptTokenCount, usageOutputTokens) - // Add cache_read_input_tokens if cached tokens are present (indicates prompt caching is working) - if params.CachedTokenCount > 0 { - var err error - delta, err = sjson.Set(delta, "usage.cache_read_input_tokens", params.CachedTokenCount) - if err != nil { - log.Warnf("antigravity claude response: failed to set cache_read_input_tokens: %v", err) - } - } - *output = *output + delta + "\n\n\n" - - params.HasSentFinalEvents = true -} - -func resolveStopReason(params *Params) string { - if params.HasToolUse { - return "tool_use" - } - - switch params.FinishReason { - case "MAX_TOKENS": - return "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - return "end_turn" - } - - return "end_turn" -} - -// ConvertAntigravityResponseToClaudeNonStream converts a non-streaming Gemini CLI response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini CLI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertAntigravityResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - modelName := gjson.GetBytes(requestRawJSON, "model").String() - - root := gjson.ParseBytes(rawJSON) - promptTokens := root.Get("response.usageMetadata.promptTokenCount").Int() - candidateTokens := root.Get("response.usageMetadata.candidatesTokenCount").Int() - thoughtTokens := root.Get("response.usageMetadata.thoughtsTokenCount").Int() - totalTokens := root.Get("response.usageMetadata.totalTokenCount").Int() - cachedTokens := root.Get("response.usageMetadata.cachedContentTokenCount").Int() - outputTokens := candidateTokens + thoughtTokens - if outputTokens == 0 && totalTokens > 0 { - outputTokens = totalTokens - promptTokens - if outputTokens < 0 { - outputTokens = 0 - } - } - - responseJSON := `{"id":"","type":"message","role":"assistant","model":"","content":null,"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - responseJSON, _ = sjson.Set(responseJSON, "id", root.Get("response.responseId").String()) - responseJSON, _ = sjson.Set(responseJSON, "model", root.Get("response.modelVersion").String()) - responseJSON, _ = sjson.Set(responseJSON, "usage.input_tokens", promptTokens) - responseJSON, _ = sjson.Set(responseJSON, "usage.output_tokens", outputTokens) - // Add cache_read_input_tokens if cached tokens are present (indicates prompt caching is working) - if cachedTokens > 0 { - var err error - responseJSON, err = sjson.Set(responseJSON, "usage.cache_read_input_tokens", cachedTokens) - if err != nil { - log.Warnf("antigravity claude response: failed to set cache_read_input_tokens: %v", err) - } - } - - contentArrayInitialized := false - ensureContentArray := func() { - if contentArrayInitialized { - return - } - responseJSON, _ = sjson.SetRaw(responseJSON, "content", "[]") - contentArrayInitialized = true - } - - parts := root.Get("response.candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - thinkingSignature := "" - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - ensureContentArray() - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 && thinkingSignature == "" { - return - } - ensureContentArray() - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - if thinkingSignature != "" { - block, _ = sjson.Set(block, "signature", fmt.Sprintf("%s#%s", cache.GetModelGroup(modelName), thinkingSignature)) - } - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", block) - thinkingBuilder.Reset() - thinkingSignature = "" - } - - if parts.IsArray() { - for _, part := range parts.Array() { - isThought := part.Get("thought").Bool() - if isThought { - sig := part.Get("thoughtSignature") - if !sig.Exists() { - sig = part.Get("thought_signature") - } - if sig.Exists() && sig.String() != "" { - thinkingSignature = sig.String() - } - } - - if text := part.Get("text"); text.Exists() && text.String() != "" { - if isThought { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - - if args := functionCall.Get("args"); args.Exists() && args.Raw != "" && gjson.Valid(args.Raw) && args.IsObject() { - toolBlock, _ = sjson.SetRaw(toolBlock, "input", args.Raw) - } - - ensureContentArray() - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("response.candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - responseJSON, _ = sjson.Set(responseJSON, "stop_reason", stopReason) - - if promptTokens == 0 && outputTokens == 0 { - if usageMeta := root.Get("response.usageMetadata"); !usageMeta.Exists() { - responseJSON, _ = sjson.Delete(responseJSON, "usage") - } - } - - return responseJSON -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_response_test.go deleted file mode 100644 index 4e7cae0804..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/antigravity_claude_response_test.go +++ /dev/null @@ -1,246 +0,0 @@ -package claude - -import ( - "context" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cache" -) - -// ============================================================================ -// Signature Caching Tests -// ============================================================================ - -func TestConvertAntigravityResponseToClaude_ParamsInitialized(t *testing.T) { - cache.ClearSignatureCache("") - - // Request with user message - should initialize params - requestJSON := []byte(`{ - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "Hello world"}]} - ] - }`) - - // First response chunk with thinking - responseJSON := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Let me think...", "thought": true}] - } - }] - } - }`) - - var param any - ctx := context.Background() - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, responseJSON, ¶m) - - params := param.(*Params) - if !params.HasFirstResponse { - t.Error("HasFirstResponse should be set after first chunk") - } - if params.CurrentThinkingText.Len() == 0 { - t.Error("Thinking text should be accumulated") - } -} - -func TestConvertAntigravityResponseToClaude_ThinkingTextAccumulated(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "messages": [{"role": "user", "content": [{"type": "text", "text": "Test"}]}] - }`) - - // First thinking chunk - chunk1 := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "First part of thinking...", "thought": true}] - } - }] - } - }`) - - // Second thinking chunk (continuation) - chunk2 := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": " Second part of thinking...", "thought": true}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process first chunk - starts new thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, chunk1, ¶m) - params := param.(*Params) - - if params.CurrentThinkingText.Len() == 0 { - t.Error("Thinking text should be accumulated after first chunk") - } - - // Process second chunk - continues thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, chunk2, ¶m) - - text := params.CurrentThinkingText.String() - if !strings.Contains(text, "First part") || !strings.Contains(text, "Second part") { - t.Errorf("Thinking text should accumulate both parts, got: %s", text) - } -} - -func TestConvertAntigravityResponseToClaude_SignatureCached(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Cache test"}]}] - }`) - - // Thinking chunk - thinkingChunk := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "My thinking process here", "thought": true}] - } - }] - } - }`) - - // Signature chunk - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - signatureChunk := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSignature + `"}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process thinking chunk - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, thinkingChunk, ¶m) - params := param.(*Params) - thinkingText := params.CurrentThinkingText.String() - - if thinkingText == "" { - t.Fatal("Thinking text should be accumulated") - } - - // Process signature chunk - should cache the signature - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, signatureChunk, ¶m) - - // Verify signature was cached - cachedSig := cache.GetCachedSignature("claude-sonnet-4-5-thinking", thinkingText) - if cachedSig != validSignature { - t.Errorf("Expected cached signature '%s', got '%s'", validSignature, cachedSig) - } - - // Verify thinking text was reset after caching - if params.CurrentThinkingText.Len() != 0 { - t.Error("Thinking text should be reset after signature is cached") - } -} - -func TestConvertAntigravityResponseToClaude_MultipleThinkingBlocks(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Multi block test"}]}] - }`) - - validSig1 := "signature1_12345678901234567890123456789012345678901234567" - validSig2 := "signature2_12345678901234567890123456789012345678901234567" - - // First thinking block with signature - block1Thinking := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "First thinking block", "thought": true}] - } - }] - } - }`) - block1Sig := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSig1 + `"}] - } - }] - } - }`) - - // Text content (breaks thinking) - textBlock := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Regular text output"}] - } - }] - } - }`) - - // Second thinking block with signature - block2Thinking := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Second thinking block", "thought": true}] - } - }] - } - }`) - block2Sig := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSig2 + `"}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process first thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block1Thinking, ¶m) - params := param.(*Params) - firstThinkingText := params.CurrentThinkingText.String() - - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block1Sig, ¶m) - - // Verify first signature cached - if cache.GetCachedSignature("claude-sonnet-4-5-thinking", firstThinkingText) != validSig1 { - t.Error("First thinking block signature should be cached") - } - - // Process text (transitions out of thinking) - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, textBlock, ¶m) - - // Process second thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block2Thinking, ¶m) - secondThinkingText := params.CurrentThinkingText.String() - - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block2Sig, ¶m) - - // Verify second signature cached - if cache.GetCachedSignature("claude-sonnet-4-5-thinking", secondThinkingText) != validSig2 { - t.Error("Second thinking block signature should be cached") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/init.go deleted file mode 100644 index ca7c184503..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Antigravity, - ConvertClaudeRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToClaude, - NonStream: ConvertAntigravityResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_request.go deleted file mode 100644 index 092b4bf664..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_request.go +++ /dev/null @@ -1,313 +0,0 @@ -// Package gemini provides request translation functionality for Gemini CLI to Gemini API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Gemini API's expected format. -package gemini - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToAntigravity parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini API format -// 3. Converts system instructions to the expected format -// 4. Fixes CLI tool response format and grouping -// -// Parameters: -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertGeminiRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - template := "" - template = `{"project":"","request":{},"model":""}` - template, _ = sjson.SetRaw(template, "request", string(rawJSON)) - template, _ = sjson.Set(template, "model", modelName) - template, _ = sjson.Delete(template, "request.model") - - template, errFixCLIToolResponse := fixCLIToolResponse(template) - if errFixCLIToolResponse != nil { - return []byte{} - } - - systemInstructionResult := gjson.Get(template, "request.system_instruction") - if systemInstructionResult.Exists() { - template, _ = sjson.SetRaw(template, "request.systemInstruction", systemInstructionResult.Raw) - template, _ = sjson.Delete(template, "request.system_instruction") - } - rawJSON = []byte(template) - - // Normalize roles in request.contents: default to valid values if missing/invalid - contents := gjson.GetBytes(rawJSON, "request.contents") - if contents.Exists() { - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - switch prevRole { - case "": - newRole = "user" - case "user": - newRole = "model" - default: - newRole = "user" - } - path := fmt.Sprintf("request.contents.%d.role", idx) - rawJSON, _ = sjson.SetBytes(rawJSON, path, newRole) - role = newRole - } - prevRole = role - idx++ - return true - }) - } - - toolsResult := gjson.GetBytes(rawJSON, "request.tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - // Gemini-specific handling for non-Claude models: - // - Add skip_thought_signature_validator to functionCall parts so upstream can bypass signature validation. - // - Also mark thinking parts with the same sentinel when present (we keep the parts; we only annotate them). - if !strings.Contains(modelName, "claude") { - const skipSentinel = "skip_thought_signature_validator" - - gjson.GetBytes(rawJSON, "request.contents").ForEach(func(contentIdx, content gjson.Result) bool { - if content.Get("role").String() == "model" { - // First pass: collect indices of thinking parts to mark with skip sentinel - var thinkingIndicesToSkipSignature []int64 - content.Get("parts").ForEach(func(partIdx, part gjson.Result) bool { - // Collect indices of thinking blocks to mark with skip sentinel - if part.Get("thought").Bool() { - thinkingIndicesToSkipSignature = append(thinkingIndicesToSkipSignature, partIdx.Int()) - } - // Add skip sentinel to functionCall parts - if part.Get("functionCall").Exists() { - existingSig := part.Get("thoughtSignature").String() - if existingSig == "" || len(existingSig) < 50 { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", contentIdx.Int(), partIdx.Int()), skipSentinel) - } - } - return true - }) - - // Add skip_thought_signature_validator sentinel to thinking blocks in reverse order to preserve indices - for i := len(thinkingIndicesToSkipSignature) - 1; i >= 0; i-- { - idx := thinkingIndicesToSkipSignature[i] - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", contentIdx.Int(), idx), skipSentinel) - } - } - return true - }) - } - - return common.AttachDefaultSafetySettings(rawJSON, "request.safetySettings") -} - -// FunctionCallGroup represents a group of function calls and their responses -type FunctionCallGroup struct { - ResponsesNeeded int -} - -// parseFunctionResponseRaw attempts to normalize a function response part into a JSON object string. -// Falls back to a minimal "functionResponse" object when parsing fails. -func parseFunctionResponseRaw(response gjson.Result) string { - if response.IsObject() && gjson.Valid(response.Raw) { - return response.Raw - } - - log.Debugf("parse function response failed, using fallback") - funcResp := response.Get("functionResponse") - if funcResp.Exists() { - fr := `{"functionResponse":{"name":"","response":{"result":""}}}` - fr, _ = sjson.Set(fr, "functionResponse.name", funcResp.Get("name").String()) - fr, _ = sjson.Set(fr, "functionResponse.response.result", funcResp.Get("response").String()) - if id := funcResp.Get("id").String(); id != "" { - fr, _ = sjson.Set(fr, "functionResponse.id", id) - } - return fr - } - - fr := `{"functionResponse":{"name":"unknown","response":{"result":""}}}` - fr, _ = sjson.Set(fr, "functionResponse.response.result", response.String()) - return fr -} - -// fixCLIToolResponse performs sophisticated tool response format conversion and grouping. -// This function transforms the CLI tool response format by intelligently grouping function calls -// with their corresponding responses, ensuring proper conversation flow and API compatibility. -// It converts from a linear format (1.json) to a grouped format (2.json) where function calls -// and their responses are properly associated and structured. -// -// Parameters: -// - input: The input JSON string to be processed -// -// Returns: -// - string: The processed JSON string with grouped function calls and responses -// - error: An error if the processing fails -func fixCLIToolResponse(input string) (string, error) { - // Parse the input JSON to extract the conversation structure - parsed := gjson.Parse(input) - - // Extract the contents array which contains the conversation messages - contents := parsed.Get("request.contents") - if !contents.Exists() { - // log.Debugf(input) - return input, fmt.Errorf("contents not found in input") - } - - // Initialize data structures for processing and grouping - contentsWrapper := `{"contents":[]}` - var pendingGroups []*FunctionCallGroup // Groups awaiting completion with responses - var collectedResponses []gjson.Result // Standalone responses to be matched - - // Process each content object in the conversation - // This iterates through messages and groups function calls with their responses - contents.ForEach(func(key, value gjson.Result) bool { - role := value.Get("role").String() - parts := value.Get("parts") - - // Check if this content has function responses - var responsePartsInThisContent []gjson.Result - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionResponse").Exists() { - responsePartsInThisContent = append(responsePartsInThisContent, part) - } - return true - }) - - // If this content has function responses, collect them - if len(responsePartsInThisContent) > 0 { - collectedResponses = append(collectedResponses, responsePartsInThisContent...) - - // Check if any pending groups can be satisfied - for i := len(pendingGroups) - 1; i >= 0; i-- { - group := pendingGroups[i] - if len(collectedResponses) >= group.ResponsesNeeded { - // Take the needed responses for this group - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - // Create merged function response content - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - partRaw := parseFunctionResponseRaw(response) - if partRaw != "" { - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", partRaw) - } - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - - // Remove this group as it's been satisfied - pendingGroups = append(pendingGroups[:i], pendingGroups[i+1:]...) - break - } - } - - return true // Skip adding this content, responses are merged - } - - // If this is a model with function calls, create a new group - if role == "model" { - functionCallsCount := 0 - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - functionCallsCount++ - } - return true - }) - - if functionCallsCount > 0 { - // Add the model content - if !value.IsObject() { - log.Warnf("failed to parse model content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - - // Create a new group for tracking responses - group := &FunctionCallGroup{ - ResponsesNeeded: functionCallsCount, - } - pendingGroups = append(pendingGroups, group) - } else { - // Regular model content without function calls - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - } else { - // Non-model content (user, etc.) - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - - return true - }) - - // Handle any remaining pending groups with remaining responses - for _, group := range pendingGroups { - if len(collectedResponses) >= group.ResponsesNeeded { - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - partRaw := parseFunctionResponseRaw(response) - if partRaw != "" { - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", partRaw) - } - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - } - } - - // Update the original JSON with the new contents - result := input - result, _ = sjson.SetRaw(result, "request.contents", gjson.Get(contentsWrapper, "contents").Raw) - - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_request_test.go deleted file mode 100644 index e6a94ec8f0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_request_test.go +++ /dev/null @@ -1,65 +0,0 @@ -package gemini - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToAntigravity(t *testing.T) { - input := []byte(`{ - "model": "gemini-pro", - "contents": [ - {"role": "user", "parts": [{"text": "hello"}]}, - {"parts": [{"text": "hi"}]} - ], - "system_instruction": {"parts": [{"text": "be kind"}]} - }`) - - got := ConvertGeminiRequestToAntigravity("gemini-1.5-pro", input, false) - - res := gjson.ParseBytes(got) - if res.Get("model").String() != "gemini-1.5-pro" { - t.Errorf("expected model gemini-1.5-pro, got %q", res.Get("model").String()) - } - - // Check role normalization - role1 := res.Get("request.contents.0.role").String() - role2 := res.Get("request.contents.1.role").String() - if role1 != "user" || role2 != "model" { - t.Errorf("expected roles user/model, got %q/%q", role1, role2) - } - - // Check system instruction rename - if !res.Get("request.systemInstruction").Exists() { - t.Error("expected systemInstruction to exist") - } -} - -func TestFixCLIToolResponse(t *testing.T) { - input := `{ - "request": { - "contents": [ - {"role": "user", "parts": [{"text": "call tool"}]}, - {"role": "model", "parts": [{"functionCall": {"name": "test", "args": {}}}]}, - {"role": "user", "parts": [{"functionResponse": {"name": "test", "response": {"result": "ok"}}}]} - ] - } - }` - - got, err := fixCLIToolResponse(input) - if err != nil { - t.Fatalf("fixCLIToolResponse failed: %v", err) - } - - res := gjson.Parse(got) - contents := res.Get("request.contents").Array() - if len(contents) != 3 { - t.Errorf("expected 3 content blocks, got %d", len(contents)) - } - - lastRole := contents[2].Get("role").String() - if lastRole != "function" { - t.Errorf("expected last role to be function, got %q", lastRole) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_response.go deleted file mode 100644 index b06968a405..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_response.go +++ /dev/null @@ -1,109 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Gemini CLI API compatibility. -// It handles parsing and transforming Gemini API requests into Gemini CLI API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Gemini CLI API's expected format. -package gemini - -import ( - "bytes" - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertAntigravityResponseToGemini parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the response data from the request -// 2. Handles alternative response formats -// 3. Processes array responses by extracting individual response objects -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - []string: The transformed request data in Gemini API format -func ConvertAntigravityResponseToGemini(ctx context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if alt, ok := ctx.Value(interfaces.ContextKeyAlt).(string); ok { - var chunk []byte - if alt == "" { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk = []byte(responseResult.Raw) - chunk = restoreUsageMetadata(chunk) - } - } else { - chunkTemplate := "[]" - responseResult := gjson.ParseBytes(chunk) - if responseResult.IsArray() { - responseResultItems := responseResult.Array() - for i := 0; i < len(responseResultItems); i++ { - responseResultItem := responseResultItems[i] - if responseResultItem.Get("response").Exists() { - chunkTemplate, _ = sjson.SetRaw(chunkTemplate, "-1", responseResultItem.Get("response").Raw) - } - } - } - chunk = []byte(chunkTemplate) - } - return []string{string(chunk)} - } - return []string{} -} - -// ConvertAntigravityResponseToGeminiNonStream converts a non-streaming Gemini CLI request to a non-streaming Gemini response. -// This function processes the complete Gemini CLI request and transforms it into a single Gemini-compatible -// JSON response. It extracts the response data from the request and returns it in the expected format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing the response data -func ConvertAntigravityResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk := restoreUsageMetadata([]byte(responseResult.Raw)) - return string(chunk) - } - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -// restoreUsageMetadata renames cpaUsageMetadata back to usageMetadata. -// The executor renames usageMetadata to cpaUsageMetadata in non-terminal chunks -// to preserve usage data while hiding it from clients that don't expect it. -// When returning standard Gemini API format, we must restore the original name. -func restoreUsageMetadata(chunk []byte) []byte { - if cpaUsage := gjson.GetBytes(chunk, "cpaUsageMetadata"); cpaUsage.Exists() { - if !gjson.GetBytes(chunk, "usageMetadata").Exists() { - chunk, _ = sjson.SetRawBytes(chunk, "usageMetadata", []byte(cpaUsage.Raw)) - } - chunk, _ = sjson.DeleteBytes(chunk, "cpaUsageMetadata") - } - if cpaUsage := gjson.GetBytes(chunk, "response.cpaUsageMetadata"); cpaUsage.Exists() { - if !gjson.GetBytes(chunk, "response.usageMetadata").Exists() { - chunk, _ = sjson.SetRawBytes(chunk, "response.usageMetadata", []byte(cpaUsage.Raw)) - } - chunk, _ = sjson.DeleteBytes(chunk, "response.cpaUsageMetadata") - } - return chunk -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_response_test.go deleted file mode 100644 index eeb5b1913f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/antigravity_gemini_response_test.go +++ /dev/null @@ -1,113 +0,0 @@ -package gemini - -import ( - "context" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/tidwall/gjson" -) - -func TestRestoreUsageMetadata(t *testing.T) { - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata renamed to usageMetadata", - input: []byte(`{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100,"candidatesTokenCount":200}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100,"candidatesTokenCount":200}}`, - }, - { - name: "no cpaUsageMetadata unchanged", - input: []byte(`{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - { - name: "empty input", - input: []byte(`{}`), - expected: `{}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := restoreUsageMetadata(tt.input) - if string(result) != tt.expected { - t.Errorf("restoreUsageMetadata() = %s, want %s", string(result), tt.expected) - } - }) - } -} - -func TestConvertAntigravityResponseToGeminiNonStream(t *testing.T) { - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata restored in response", - input: []byte(`{"response":{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - { - name: "usageMetadata preserved", - input: []byte(`{"response":{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertAntigravityResponseToGeminiNonStream(context.Background(), "", nil, nil, tt.input, nil) - if result != tt.expected { - t.Errorf("ConvertAntigravityResponseToGeminiNonStream() = %s, want %s", result, tt.expected) - } - }) - } -} - -func TestConvertAntigravityResponseToGeminiStream(t *testing.T) { - ctx := context.WithValue(context.Background(), interfaces.ContextKeyAlt, "") - - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata restored in streaming response", - input: []byte(`data: {"response":{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - results := ConvertAntigravityResponseToGemini(ctx, "", nil, nil, tt.input, nil) - if len(results) != 1 { - t.Fatalf("expected 1 result, got %d", len(results)) - } - if results[0] != tt.expected { - t.Errorf("ConvertAntigravityResponseToGemini() = %s, want %s", results[0], tt.expected) - } - }) - } -} - -func TestRestoreUsageMetadata_RemovesCpaFieldWhenUsageAlreadyPresent(t *testing.T) { - input := []byte(`{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":5},"cpaUsageMetadata":{"promptTokenCount":100}}`) - result := restoreUsageMetadata(input) - - if !gjson.GetBytes(result, "usageMetadata").Exists() { - t.Fatalf("usageMetadata should exist: %s", string(result)) - } - if gjson.GetBytes(result, "cpaUsageMetadata").Exists() { - t.Fatalf("cpaUsageMetadata should be removed: %s", string(result)) - } - if got := gjson.GetBytes(result, "usageMetadata.promptTokenCount").Int(); got != 5 { - t.Fatalf("usageMetadata should keep existing value, got %d", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/init.go deleted file mode 100644 index 382c4e3e6a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.Antigravity, - ConvertGeminiRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToGemini, - NonStream: ConvertAntigravityResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_request.go deleted file mode 100644 index c1aab2340d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_request.go +++ /dev/null @@ -1,440 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToAntigravity converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"project":"","request":{"contents":[]},"model":"gemini-2.5-pro"}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini CLI thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "request.generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k/max_tokens - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topK", tkr.Num) - } - if maxTok := gjson.GetBytes(rawJSON, "max_tokens"); maxTok.Exists() && maxTok.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.maxOutputTokens", maxTok.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "request.generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini CLI request.generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - case "video": - responseMods = append(responseMods, "VIDEO") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "request.generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into request.generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.imageSize", size.Str) - } - } - if videoCfg := gjson.GetBytes(rawJSON, "video_config"); videoCfg.Exists() && videoCfg.IsObject() { - if duration := videoCfg.Get("duration_seconds"); duration.Exists() && duration.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.durationSeconds", duration.Str) - } - if ar := videoCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.aspectRatio", ar.Str) - } - if resolution := videoCfg.Get("resolution"); resolution.Exists() && resolution.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.resolution", resolution.Str) - } - if negativePrompt := videoCfg.Get("negative_prompt"); negativePrompt.Exists() && negativePrompt.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.negativePrompt", negativePrompt.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> request.systemInstruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if strings.TrimSpace(text) != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } else if role == "assistant" { - node := []byte(`{"role":"model","parts":[]}`) - p := 0 - if content.Type == gjson.String && strings.TrimSpace(content.String()) != "" { - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if strings.TrimSpace(text) != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.id", fid) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - if gjson.Valid(fargs) { - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - } else { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.args.params", []byte(fargs)) - } - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - if hasAntigravityParts(node) { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.id", fid) - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - // Handle non-JSON output gracefully (matches dev branch approach) - if resp != "null" { - parsed := gjson.Parse(resp) - if parsed.Type == gjson.JSON { - toolNode, _ = sjson.SetRawBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(parsed.Raw)) - } else { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", resp) - } - } - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", toolNode) - } - } else if hasAntigravityParts(node) { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - } - } - } - - // tools -> request.tools[].functionDeclarations + request.tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - cleanedGoogleSearch := common.SanitizeToolSearchForGemini(gs.Raw) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(cleanedGoogleSearch)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "request.tools", toolsNode) - } - } - - return common.AttachDefaultSafetySettings(out, "request.safetySettings") -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } - -func hasAntigravityParts(node []byte) bool { - return gjson.GetBytes(node, "parts.#").Int() > 0 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_request_test.go deleted file mode 100644 index 5acb3c5329..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_request_test.go +++ /dev/null @@ -1,70 +0,0 @@ -package chat_completions - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIRequestToAntigravitySkipsEmptyAssistantMessage(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[ - {"role":"user","content":"first"}, - {"role":"assistant","content":""}, - {"role":"user","content":"second"} - ] - }`) - - got := ConvertOpenAIRequestToAntigravity("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - if count := len(res.Get("request.contents").Array()); count != 2 { - t.Fatalf("expected 2 request.contents entries (assistant empty skipped), got %d", count) - } - if res.Get("request.contents.0.role").String() != "user" || res.Get("request.contents.1.role").String() != "user" { - t.Fatalf("expected only user entries, got %s", res.Get("request.contents").Raw) - } -} - -func TestConvertOpenAIRequestToAntigravitySkipsWhitespaceOnlyAssistantMessage(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[ - {"role":"user","content":"first"}, - {"role":"assistant","content":" \n\t "}, - {"role":"user","content":"second"} - ] - }`) - - got := ConvertOpenAIRequestToAntigravity("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - if count := len(res.Get("request.contents").Array()); count != 2 { - t.Fatalf("expected 2 request.contents entries (assistant whitespace-only skipped), got %d", count) - } -} - -func TestConvertOpenAIRequestToAntigravityRemovesUnsupportedGoogleSearchFields(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - {"google_search":{"defer_loading":true,"deferLoading":true,"lat":"1"}} - ] - }`) - - got := ConvertOpenAIRequestToAntigravity("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - tool := res.Get("request.tools.0.googleSearch") - if !tool.Exists() { - t.Fatalf("expected googleSearch tool to exist") - } - if tool.Get("defer_loading").Exists() { - t.Fatalf("expected defer_loading to be removed") - } - if tool.Get("deferLoading").Exists() { - t.Fatalf("expected deferLoading to be removed") - } - if tool.Get("lat").String() != "1" { - t.Fatalf("expected non-problematic fields to remain") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_response.go deleted file mode 100644 index 7d3167e185..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_response.go +++ /dev/null @@ -1,241 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - log "github.com/sirupsen/logrus" - - geminiopenai "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/chat-completions" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertCliResponseToOpenAIChatParams holds parameters for response conversion. -type convertCliResponseToOpenAIChatParams struct { - UnixTimestamp int64 - FunctionIndex int - SawToolCall bool // Tracks if any tool call was seen in the entire stream - UpstreamFinishReason string // Caches the upstream finish reason for final chunk -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertAntigravityResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertAntigravityResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &convertCliResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "response.createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } else { - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - // Cache the finish reason - do NOT set it in output yet (will be set on final chunk) - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - (*param).(*convertCliResponseToOpenAIChatParams).UpstreamFinishReason = strings.ToUpper(finishReasonResult.String()) - } - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - cachedTokenCount - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("antigravity openai response: failed to set cached_tokens: %v", err) - } - } - } - - // Process the main content part of the response. - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Ignore encrypted thoughtSignature but keep any actual content in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - textContent := partTextResult.String() - - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", textContent) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", textContent) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - (*param).(*convertCliResponseToOpenAIChatParams).SawToolCall = true // Persist across chunks - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - functionCallIndex := (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex - (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex++ - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - // Determine finish_reason only on the final chunk (has both finishReason and usage metadata) - params := (*param).(*convertCliResponseToOpenAIChatParams) - upstreamFinishReason := params.UpstreamFinishReason - sawToolCall := params.SawToolCall - - usageExists := gjson.GetBytes(rawJSON, "response.usageMetadata").Exists() - isFinalChunk := upstreamFinishReason != "" && usageExists - - if isFinalChunk { - var finishReason string - if sawToolCall { - finishReason = "tool_calls" - } else if upstreamFinishReason == "MAX_TOKENS" { - finishReason = "max_tokens" - } else { - finishReason = "stop" - } - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", strings.ToLower(upstreamFinishReason)) - } - - return []string{template} -} - -// ConvertAntigravityResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertAntigravityResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return geminiopenai.ConvertGeminiResponseToOpenAINonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, []byte(responseResult.Raw), param) - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go deleted file mode 100644 index eea1ad5216..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go +++ /dev/null @@ -1,128 +0,0 @@ -package chat_completions - -import ( - "context" - "testing" - - "github.com/tidwall/gjson" -) - -func TestFinishReasonToolCallsNotOverwritten(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Contains functionCall - should set SawToolCall = true - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"functionCall":{"name":"list_files","args":{"path":"."}}}]}}]}}`) - result1 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Verify chunk1 has no finish_reason (null) - if len(result1) != 1 { - t.Fatalf("Expected 1 result from chunk1, got %d", len(result1)) - } - fr1 := gjson.Get(result1[0], "choices.0.finish_reason") - if fr1.Exists() && fr1.String() != "" && fr1.Type.String() != "Null" { - t.Errorf("Expected finish_reason to be null in chunk1, got: %v", fr1.String()) - } - - // Chunk 2: Contains finishReason STOP + usage (final chunk, no functionCall) - // This simulates what the upstream sends AFTER the tool call chunk - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":20,"totalTokenCount":30}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify chunk2 has finish_reason: "tool_calls" (not "stop") - if len(result2) != 1 { - t.Fatalf("Expected 1 result from chunk2, got %d", len(result2)) - } - fr2 := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr2 != "tool_calls" { - t.Errorf("Expected finish_reason 'tool_calls', got: %s", fr2) - } - - // Verify native_finish_reason is lowercase upstream value - nfr2 := gjson.Get(result2[0], "choices.0.native_finish_reason").String() - if nfr2 != "stop" { - t.Errorf("Expected native_finish_reason 'stop', got: %s", nfr2) - } -} - -func TestFinishReasonStopForNormalText(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content only - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello world"}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with STOP - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "stop" (no tool calls were made) - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "stop" { - t.Errorf("Expected finish_reason 'stop', got: %s", fr) - } -} - -func TestFinishReasonMaxTokens(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello"}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with MAX_TOKENS - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"MAX_TOKENS"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":100,"totalTokenCount":110}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "max_tokens" - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "max_tokens" { - t.Errorf("Expected finish_reason 'max_tokens', got: %s", fr) - } -} - -func TestToolCallTakesPriorityOverMaxTokens(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Contains functionCall - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"functionCall":{"name":"test","args":{}}}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with MAX_TOKENS (but we had a tool call, so tool_calls should win) - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"MAX_TOKENS"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":100,"totalTokenCount":110}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "tool_calls" (takes priority over max_tokens) - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "tool_calls" { - t.Errorf("Expected finish_reason 'tool_calls', got: %s", fr) - } -} - -func TestNoFinishReasonOnIntermediateChunks(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content (no finish reason, no usage) - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello"}]}}]}}`) - result1 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Verify no finish_reason on intermediate chunk - fr1 := gjson.Get(result1[0], "choices.0.finish_reason") - if fr1.Exists() && fr1.String() != "" && fr1.Type.String() != "Null" { - t.Errorf("Expected no finish_reason on intermediate chunk, got: %v", fr1) - } - - // Chunk 2: More text (no finish reason, no usage) - chunk2 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":" world"}]}}]}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify no finish_reason on intermediate chunk - fr2 := gjson.Get(result2[0], "choices.0.finish_reason") - if fr2.Exists() && fr2.String() != "" && fr2.Type.String() != "Null" { - t.Errorf("Expected no finish_reason on intermediate chunk, got: %v", fr2) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/init.go deleted file mode 100644 index bed6e8a963..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Antigravity, - ConvertOpenAIRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAI, - NonStream: ConvertAntigravityResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_request.go deleted file mode 100644 index 5061d75db9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_request.go +++ /dev/null @@ -1,12 +0,0 @@ -package responses - -import ( - antigravitygemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/antigravity/gemini" - geminiopenai "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/responses" -) - -func ConvertOpenAIResponsesRequestToAntigravity(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = geminiopenai.ConvertOpenAIResponsesRequestToGemini(modelName, rawJSON, stream) - return antigravitygemini.ConvertGeminiRequestToAntigravity(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_request_test.go deleted file mode 100644 index 75405feef5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_request_test.go +++ /dev/null @@ -1,25 +0,0 @@ -package responses - -import ( - "testing" -) - -func TestConvertOpenAIResponsesRequestToAntigravity(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "instructions": "Be helpful.", - "input": [ - { - "role": "user", - "content": [ - {"type": "input_text", "text": "hello"} - ] - } - ] - }`) - - got := ConvertOpenAIResponsesRequestToAntigravity("gpt-4o", input, false) - if len(got) == 0 { - t.Errorf("got empty result") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_response.go deleted file mode 100644 index 83d5816271..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/antigravity_openai-responses_response.go +++ /dev/null @@ -1,35 +0,0 @@ -package responses - -import ( - "context" - - geminiopenai "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/responses" - "github.com/tidwall/gjson" -) - -func ConvertAntigravityResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - return geminiopenai.ConvertGeminiResponseToOpenAIResponses(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -func ConvertAntigravityResponseToOpenAIResponsesNonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - - requestResult := gjson.GetBytes(originalRequestRawJSON, "request") - if responseResult.Exists() { - originalRequestRawJSON = []byte(requestResult.Raw) - } - - requestResult = gjson.GetBytes(requestRawJSON, "request") - if responseResult.Exists() { - requestRawJSON = []byte(requestResult.Raw) - } - - return geminiopenai.ConvertGeminiResponseToOpenAIResponsesNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/init.go deleted file mode 100644 index 6132e33446..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/antigravity/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Antigravity, - ConvertOpenAIResponsesRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAIResponses, - NonStream: ConvertAntigravityResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/claude_gemini-cli_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/claude_gemini-cli_request.go deleted file mode 100644 index ae046aa513..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/claude_gemini-cli_request.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini CLI to Claude Code API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Claude Code API's expected format. -package geminiCLI - -import ( - claudegemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToClaude parses and transforms a Gemini CLI API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Claude Code API format -// 3. Converts system instructions to the expected format -// 4. Delegates to the Gemini-to-Claude conversion function for further processing -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertGeminiCLIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - modelResult := gjson.GetBytes(rawJSON, "model") - // Extract the inner request object and promote it to the top level - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - // Restore the model information at the top level - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelResult.String()) - // Convert systemInstruction field to system_instruction for Claude Code compatibility - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - // Delegate to the Gemini-to-Claude conversion function for further processing - return claudegemini.ConvertGeminiRequestToClaude(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/claude_gemini-cli_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/claude_gemini-cli_response.go deleted file mode 100644 index 6343af153a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/claude_gemini-cli_response.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package geminiCLI provides response translation functionality for Claude Code to Gemini CLI API compatibility. -// This package handles the conversion of Claude Code API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "context" - - claudegemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/gemini" - "github.com/tidwall/sjson" -) - -// ConvertClaudeResponseToGeminiCLI converts Claude Code streaming response format to Gemini CLI format. -// This function processes various Claude Code event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini CLI API format. -// The function wraps each converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response wrapped in a response object -func ConvertClaudeResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := claudegemini.ConvertClaudeResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - // Wrap each converted response in a "response" object to match Gemini CLI API structure - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertClaudeResponseToGeminiCLINonStream converts a non-streaming Claude Code response to a non-streaming Gemini CLI response. -// This function processes the complete Claude Code response and transforms it into a single Gemini-compatible -// JSON response. It wraps the converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: A Gemini-compatible JSON response wrapped in a response object -func ConvertClaudeResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - strJSON := claudegemini.ConvertClaudeResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - // Wrap the converted response in a "response" object to match Gemini CLI API structure - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return claudegemini.GeminiTokenCount(ctx, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/init.go deleted file mode 100644 index bbd686ab75..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.Claude, - ConvertGeminiCLIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGeminiCLI, - NonStream: ConvertClaudeResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/claude_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/claude_gemini_request.go deleted file mode 100644 index c908ad0e63..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/claude_gemini_request.go +++ /dev/null @@ -1,374 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Claude Code API compatibility. -// It handles parsing and transforming Gemini API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Claude Code API's expected format. -package gemini - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertGeminiRequestToClaude parses and transforms a Gemini API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and generation configuration extraction -// 2. System instruction conversion to Claude Code format -// 3. Message content conversion with proper role mapping -// 4. Tool call and tool result handling with FIFO queue for ID matching -// 5. Image and file data conversion to Claude Code base64 format -// 6. Tool declaration and tool choice configuration mapping -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertGeminiRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude message payload - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Helper for generating tool call IDs in the form: toolu_ - // This ensures unique identifiers for tool calls in the Claude Code format - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix for uniqueness - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // FIFO queue to store tool call IDs for matching with tool results - // Gemini uses sequential pairing across possibly multiple in-flight - // functionCalls, so we keep a FIFO queue of generated tool IDs and - // consume them in order when functionResponses arrive. - var pendingToolIDs []string - - // Model mapping to specify which Claude Code model to use - out, _ = sjson.Set(out, "model", modelName) - - // Generation config extraction from Gemini format - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - // Max output tokens configuration - if maxTokens := genConfig.Get("maxOutputTokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - // Temperature setting for controlling response randomness - if temp := genConfig.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := genConfig.Get("topP"); topP.Exists() { - // Top P setting for nucleus sampling (filtered out if temperature is set) - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - // Stop sequences configuration for custom termination conditions - if stopSeqs := genConfig.Get("stopSequences"); stopSeqs.Exists() && stopSeqs.IsArray() { - var stopSequences []string - stopSeqs.ForEach(func(_, value gjson.Result) bool { - stopSequences = append(stopSequences, value.String()) - return true - }) - if len(stopSequences) > 0 { - out, _ = sjson.Set(out, "stop_sequences", stopSequences) - } - } - // Include thoughts configuration for reasoning process visibility - // Translator only does format conversion, ApplyThinking handles model capability validation. - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - level := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - switch level { - case "": - case "none": - out, _ = sjson.Set(out, "thinking.type", "disabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - case "auto": - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - default: - if budget, ok := thinking.ConvertLevelToBudget(level); ok { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - budget := int(thinkingBudget.Int()) - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - default: - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } else if includeThoughts := thinkingConfig.Get("includeThoughts"); includeThoughts.Exists() && includeThoughts.Type == gjson.True { - out, _ = sjson.Set(out, "thinking.type", "enabled") - } else if includeThoughts := thinkingConfig.Get("include_thoughts"); includeThoughts.Exists() && includeThoughts.Type == gjson.True { - out, _ = sjson.Set(out, "thinking.type", "enabled") - } - } - } - } - - // System instruction conversion to Claude Code format - if sysInstr := root.Get("system_instruction"); sysInstr.Exists() { - if parts := sysInstr.Get("parts"); parts.Exists() && parts.IsArray() { - var systemText strings.Builder - parts.ForEach(func(_, part gjson.Result) bool { - if text := part.Get("text"); text.Exists() { - if systemText.Len() > 0 { - systemText.WriteString("\n") - } - systemText.WriteString(text.String()) - } - return true - }) - if systemText.Len() > 0 { - // Create system message in Claude Code format - systemMessage := `{"role":"user","content":[{"type":"text","text":""}]}` - systemMessage, _ = sjson.Set(systemMessage, "content.0.text", systemText.String()) - out, _ = sjson.SetRaw(out, "messages.-1", systemMessage) - } - } - } - - // Contents conversion to messages with proper role mapping - if contents := root.Get("contents"); contents.Exists() && contents.IsArray() { - contents.ForEach(func(_, content gjson.Result) bool { - role := content.Get("role").String() - // Map Gemini roles to Claude Code roles - if role == "model" { - role = "assistant" - } - - if role == "function" { - role = "user" - } - - if role == "tool" { - role = "user" - } - - // Create message structure in Claude Code format - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - - if parts := content.Get("parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Text content conversion - if text := part.Get("text"); text.Exists() { - textContent := `{"type":"text","text":""}` - textContent, _ = sjson.Set(textContent, "text", text.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", textContent) - return true - } - - // Function call (from model/assistant) conversion to tool use - if fc := part.Get("functionCall"); fc.Exists() && role == "assistant" { - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - - // Generate a unique tool ID and enqueue it for later matching - // with the corresponding functionResponse - toolID := genToolCallID() - pendingToolIDs = append(pendingToolIDs, toolID) - toolUse, _ = sjson.Set(toolUse, "id", toolID) - - if name := fc.Get("name"); name.Exists() { - toolUse, _ = sjson.Set(toolUse, "name", name.String()) - } - if args := fc.Get("args"); args.Exists() && args.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", args.Raw) - } - msg, _ = sjson.SetRaw(msg, "content.-1", toolUse) - return true - } - - // Function response (from user) conversion to tool result - if fr := part.Get("functionResponse"); fr.Exists() { - toolResult := `{"type":"tool_result","tool_use_id":"","content":""}` - - // Attach the oldest queued tool_id to pair the response - // with its call. If the queue is empty, generate a new id. - var toolID string - if len(pendingToolIDs) > 0 { - toolID = pendingToolIDs[0] - // Pop the first element from the queue - pendingToolIDs = pendingToolIDs[1:] - } else { - // Fallback: generate new ID if no pending tool_use found - toolID = genToolCallID() - } - toolResult, _ = sjson.Set(toolResult, "tool_use_id", toolID) - - // Extract result content from the function response - if result := fr.Get("response.result"); result.Exists() { - toolResult, _ = sjson.Set(toolResult, "content", result.String()) - } else if response := fr.Get("response"); response.Exists() { - toolResult, _ = sjson.Set(toolResult, "content", response.Raw) - } - msg, _ = sjson.SetRaw(msg, "content.-1", toolResult) - return true - } - - // Image content (inline_data) conversion to Claude Code format - if inlineData := part.Get("inline_data"); inlineData.Exists() { - imageContent := `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - if mimeType := inlineData.Get("mime_type"); mimeType.Exists() { - imageContent, _ = sjson.Set(imageContent, "source.media_type", mimeType.String()) - } - if data := inlineData.Get("data"); data.Exists() { - imageContent, _ = sjson.Set(imageContent, "source.data", data.String()) - } - msg, _ = sjson.SetRaw(msg, "content.-1", imageContent) - return true - } - - // File data conversion to text content with file info - if fileData := part.Get("file_data"); fileData.Exists() { - // For file data, we'll convert to text content with file info - textContent := `{"type":"text","text":""}` - fileInfo := "File: " + fileData.Get("file_uri").String() - if mimeType := fileData.Get("mime_type"); mimeType.Exists() { - fileInfo += " (Type: " + mimeType.String() + ")" - } - textContent, _ = sjson.Set(textContent, "text", fileInfo) - msg, _ = sjson.SetRaw(msg, "content.-1", textContent) - return true - } - - return true - }) - } - - // Only add message if it has content - if contentArray := gjson.Get(msg, "content"); contentArray.Exists() && len(contentArray.Array()) > 0 { - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - return true - }) - } - - // Tools mapping: Gemini functionDeclarations -> Claude Code tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var anthropicTools []interface{} - - tools.ForEach(func(_, tool gjson.Result) bool { - if funcDecls := tool.Get("functionDeclarations"); funcDecls.Exists() && funcDecls.IsArray() { - funcDecls.ForEach(func(_, funcDecl gjson.Result) bool { - anthropicTool := `{"name":"","description":"","input_schema":{}}` - - if name := funcDecl.Get("name"); name.Exists() { - anthropicTool, _ = sjson.Set(anthropicTool, "name", name.String()) - } - if desc := funcDecl.Get("description"); desc.Exists() { - anthropicTool, _ = sjson.Set(anthropicTool, "description", desc.String()) - } - if params := funcDecl.Get("parameters"); params.Exists() { - // Clean up the parameters schema for Claude Code compatibility - cleaned := params.Raw - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - cleaned, _ = sjson.Set(cleaned, "$schema", "http://json-schema.org/draft-07/schema#") - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", cleaned) - } else if params = funcDecl.Get("parametersJsonSchema"); params.Exists() { - // Clean up the parameters schema for Claude Code compatibility - cleaned := params.Raw - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - cleaned, _ = sjson.Set(cleaned, "$schema", "http://json-schema.org/draft-07/schema#") - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", cleaned) - } - - anthropicTools = append(anthropicTools, gjson.Parse(anthropicTool).Value()) - return true - }) - } - return true - }) - - if len(anthropicTools) > 0 { - out, _ = sjson.Set(out, "tools", anthropicTools) - } - } - - // Tool config mapping from Gemini format to Claude Code format - if toolConfig := root.Get("tool_config"); toolConfig.Exists() { - if funcCalling := toolConfig.Get("function_calling_config"); funcCalling.Exists() { - if mode := funcCalling.Get("mode"); mode.Exists() { - switch mode.String() { - case "AUTO": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "NONE": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"none"}`) - case "ANY": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - } - } - } - - // Stream setting configuration - out, _ = sjson.Set(out, "stream", stream) - - // Convert tool parameter types to lowercase for Claude Code compatibility - var pathsToLower []string - toolsResult := gjson.Get(out, "tools") - util.Walk(toolsResult, "", "type", &pathsToLower) - for _, p := range pathsToLower { - fullPath := fmt.Sprintf("tools.%s", p) - out, _ = sjson.Set(out, fullPath, strings.ToLower(gjson.Get(out, fullPath).String())) - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/claude_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/claude_gemini_response.go deleted file mode 100644 index c38f8ae787..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/claude_gemini_response.go +++ /dev/null @@ -1,566 +0,0 @@ -// Package gemini provides response translation functionality for Claude Code to Gemini API compatibility. -// This package handles the conversion of Claude Code API responses into Gemini-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package gemini - -import ( - "bufio" - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertAnthropicResponseToGeminiParams holds parameters for response conversion -// It also carries minimal streaming state across calls to assemble tool_use input_json_delta. -// This structure maintains state information needed for proper conversion of streaming responses -// from Claude Code format to Gemini format, particularly for handling tool calls that span -// multiple streaming events. -type ConvertAnthropicResponseToGeminiParams struct { - Model string - CreatedAt int64 - ResponseID string - LastStorageOutput string - IsStreaming bool - - // Streaming state for tool_use assembly - // Keyed by content_block index from Claude SSE events - ToolUseNames map[int]string // function/tool name per block index - ToolUseArgs map[int]*strings.Builder // accumulates partial_json across deltas -} - -// ConvertClaudeResponseToGemini converts Claude Code streaming response format to Gemini format. -// This function processes various Claude Code event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, reasoning content, and usage metadata, outputting responses that match -// the Gemini API format. The function supports incremental updates for streaming responses and maintains -// state information to properly assemble multi-part tool calls. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response -func ConvertClaudeResponseToGemini(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertAnthropicResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - root := gjson.ParseBytes(rawJSON) - eventType := root.Get("type").String() - - // Base Gemini response template with default values - template := `{"candidates":[{"content":{"role":"model","parts":[]}}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - if (*param).(*ConvertAnthropicResponseToGeminiParams).Model != "" { - // Map Claude model names back to Gemini model names - template, _ = sjson.Set(template, "modelVersion", (*param).(*ConvertAnthropicResponseToGeminiParams).Model) - } - - // Set response ID and creation time - if (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID != "" { - template, _ = sjson.Set(template, "responseId", (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID) - } - - // Set creation time to current time if not provided - if (*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt == 0 { - (*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt = time.Now().Unix() - } - template, _ = sjson.Set(template, "createTime", time.Unix((*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt, 0).Format(time.RFC3339Nano)) - - switch eventType { - case "message_start": - // Initialize response with message metadata when a new message begins - if message := root.Get("message"); message.Exists() { - (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID = message.Get("id").String() - (*param).(*ConvertAnthropicResponseToGeminiParams).Model = message.Get("model").String() - } - return []string{} - - case "content_block_start": - // Start of a content block - record tool_use name by index for functionCall assembly - if cb := root.Get("content_block"); cb.Exists() { - if cb.Get("type").String() == "tool_use" { - idx := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames == nil { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames = map[int]string{} - } - if name := cb.Get("name"); name.Exists() { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames[idx] = name.String() - } - } - } - return []string{} - - case "content_block_delta": - // Handle content delta (text, thinking, or tool use arguments) - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - - switch deltaType { - case "text_delta": - // Regular text content delta for normal response text - if text := delta.Get("text"); text.Exists() && text.String() != "" { - textPart := `{"text":""}` - textPart, _ = sjson.Set(textPart, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", textPart) - } - case "thinking_delta": - // Thinking/reasoning content delta for models with reasoning capabilities - if text := delta.Get("thinking"); text.Exists() && text.String() != "" { - thinkingPart := `{"thought":true,"text":""}` - thinkingPart, _ = sjson.Set(thinkingPart, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", thinkingPart) - } - case "input_json_delta": - // Tool use input delta - accumulate partial_json by index for later assembly at content_block_stop - idx := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs == nil { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs = map[int]*strings.Builder{} - } - b, ok := (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx] - if !ok || b == nil { - bb := &strings.Builder{} - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx] = bb - b = bb - } - if pj := delta.Get("partial_json"); pj.Exists() { - b.WriteString(pj.String()) - } - return []string{} - } - } - return []string{template} - - case "content_block_stop": - // End of content block - finalize tool calls if any - idx := int(root.Get("index").Int()) - // Claude's content_block_stop often doesn't include content_block payload (see docs/response-claude.txt) - // So we finalize using accumulated state captured during content_block_start and input_json_delta. - name := "" - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames != nil { - name = (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames[idx] - } - var argsTrim string - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs != nil { - if b := (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx]; b != nil { - argsTrim = strings.TrimSpace(b.String()) - } - } - if name != "" || argsTrim != "" { - functionCall := `{"functionCall":{"name":"","args":{}}}` - if name != "" { - functionCall, _ = sjson.Set(functionCall, "functionCall.name", name) - } - if argsTrim != "" { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsTrim) - } - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", functionCall) - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - (*param).(*ConvertAnthropicResponseToGeminiParams).LastStorageOutput = template - // cleanup used state for this index - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs != nil { - delete((*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs, idx) - } - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames != nil { - delete((*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames, idx) - } - return []string{template} - } - return []string{} - - case "message_delta": - // Handle message-level changes (like stop reason and usage information) - if delta := root.Get("delta"); delta.Exists() { - if stopReason := delta.Get("stop_reason"); stopReason.Exists() { - switch stopReason.String() { - case "end_turn": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - case "tool_use": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - case "max_tokens": - template, _ = sjson.Set(template, "candidates.0.finishReason", "MAX_TOKENS") - case "stop_sequence": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - default: - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } - } - } - - if usage := root.Get("usage"); usage.Exists() { - // Basic token counts for prompt and completion - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - - // Set basic usage metadata according to Gemini API specification - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", inputTokens+outputTokens) - - // Add cache-related token counts if present (Claude Code API cache fields) - if cacheCreationTokens := usage.Get("cache_creation_input_tokens"); cacheCreationTokens.Exists() { - template, _ = sjson.Set(template, "usageMetadata.cachedContentTokenCount", cacheCreationTokens.Int()) - } - if cacheReadTokens := usage.Get("cache_read_input_tokens"); cacheReadTokens.Exists() { - // Add cache read tokens to cached content count - existingCacheTokens := usage.Get("cache_creation_input_tokens").Int() - totalCacheTokens := existingCacheTokens + cacheReadTokens.Int() - template, _ = sjson.Set(template, "usageMetadata.cachedContentTokenCount", totalCacheTokens) - } - - // Add thinking tokens if present (for models with reasoning capabilities) - if thinkingTokens := usage.Get("thinking_tokens"); thinkingTokens.Exists() { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", thinkingTokens.Int()) - } - - // Set traffic type (required by Gemini API) - template, _ = sjson.Set(template, "usageMetadata.trafficType", "PROVISIONED_THROUGHPUT") - } - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - - return []string{template} - case "message_stop": - // Final message with usage information - no additional output needed - return []string{} - case "error": - // Handle error responses and convert to Gemini error format - errorMsg := root.Get("error.message").String() - if errorMsg == "" { - errorMsg = "Unknown error occurred" - } - - // Create error response in Gemini format - errorResponse := `{"error":{"code":400,"message":"","status":"INVALID_ARGUMENT"}}` - errorResponse, _ = sjson.Set(errorResponse, "error.message", errorMsg) - return []string{errorResponse} - - default: - // Unknown event type, return empty response - return []string{} - } -} - -// ConvertClaudeResponseToGeminiNonStream converts a non-streaming Claude Code response to a non-streaming Gemini response. -// This function processes the complete Claude Code response and transforms it into a single Gemini-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Gemini API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing all message content and metadata -func ConvertClaudeResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - // Base Gemini response template for non-streaming with default values - template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - template, _ = sjson.Set(template, "modelVersion", modelName) - - streamingEvents := make([][]byte, 0) - - scanner := bufio.NewScanner(bytes.NewReader(rawJSON)) - buffer := make([]byte, 52_428_800) // 50MB - scanner.Buffer(buffer, 52_428_800) - for scanner.Scan() { - line := scanner.Bytes() - // log.Debug(string(line)) - if bytes.HasPrefix(line, dataTag) { - jsonData := bytes.TrimSpace(line[5:]) - streamingEvents = append(streamingEvents, jsonData) - } - } - // log.Debug("streamingEvents: ", streamingEvents) - // log.Debug("rawJSON: ", string(rawJSON)) - - // Initialize parameters for streaming conversion with proper state management - newParam := &ConvertAnthropicResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - LastStorageOutput: "", - IsStreaming: false, - ToolUseNames: nil, - ToolUseArgs: nil, - } - - // Process each streaming event and collect parts - var allParts []string - var finalUsageJSON string - var responseID string - var createdAt int64 - - for _, eventData := range streamingEvents { - if len(eventData) == 0 { - continue - } - - root := gjson.ParseBytes(eventData) - eventType := root.Get("type").String() - - switch eventType { - case "message_start": - // Extract response metadata including ID, model, and creation time - if message := root.Get("message"); message.Exists() { - responseID = message.Get("id").String() - newParam.ResponseID = responseID - newParam.Model = message.Get("model").String() - - // Set creation time to current time if not provided - createdAt = time.Now().Unix() - newParam.CreatedAt = createdAt - } - - case "content_block_start": - // Prepare for content block; record tool_use name by index for later functionCall assembly - idx := int(root.Get("index").Int()) - if cb := root.Get("content_block"); cb.Exists() { - if cb.Get("type").String() == "tool_use" { - if newParam.ToolUseNames == nil { - newParam.ToolUseNames = map[int]string{} - } - if name := cb.Get("name"); name.Exists() { - newParam.ToolUseNames[idx] = name.String() - } - } - } - continue - - case "content_block_delta": - // Handle content delta (text, thinking, or tool input) - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - switch deltaType { - case "text_delta": - // Process regular text content - if text := delta.Get("text"); text.Exists() && text.String() != "" { - partJSON := `{"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - allParts = append(allParts, partJSON) - } - case "thinking_delta": - // Process reasoning/thinking content - if text := delta.Get("thinking"); text.Exists() && text.String() != "" { - partJSON := `{"thought":true,"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - allParts = append(allParts, partJSON) - } - case "input_json_delta": - // accumulate args partial_json for this index - idx := int(root.Get("index").Int()) - if newParam.ToolUseArgs == nil { - newParam.ToolUseArgs = map[int]*strings.Builder{} - } - if _, ok := newParam.ToolUseArgs[idx]; !ok || newParam.ToolUseArgs[idx] == nil { - newParam.ToolUseArgs[idx] = &strings.Builder{} - } - if pj := delta.Get("partial_json"); pj.Exists() { - newParam.ToolUseArgs[idx].WriteString(pj.String()) - } - } - } - - case "content_block_stop": - // Handle tool use completion by assembling accumulated arguments - idx := int(root.Get("index").Int()) - // Claude's content_block_stop often doesn't include content_block payload (see docs/response-claude.txt) - // So we finalize using accumulated state captured during content_block_start and input_json_delta. - name := "" - if newParam.ToolUseNames != nil { - name = newParam.ToolUseNames[idx] - } - var argsTrim string - if newParam.ToolUseArgs != nil { - if b := newParam.ToolUseArgs[idx]; b != nil { - argsTrim = strings.TrimSpace(b.String()) - } - } - if name != "" || argsTrim != "" { - functionCallJSON := `{"functionCall":{"name":"","args":{}}}` - if name != "" { - functionCallJSON, _ = sjson.Set(functionCallJSON, "functionCall.name", name) - } - if argsTrim != "" { - functionCallJSON, _ = sjson.SetRaw(functionCallJSON, "functionCall.args", argsTrim) - } - allParts = append(allParts, functionCallJSON) - // cleanup used state for this index - if newParam.ToolUseArgs != nil { - delete(newParam.ToolUseArgs, idx) - } - if newParam.ToolUseNames != nil { - delete(newParam.ToolUseNames, idx) - } - } - - case "message_delta": - // Extract final usage information using sjson for token counts and metadata - if usage := root.Get("usage"); usage.Exists() { - usageJSON := `{}` - - // Basic token counts for prompt and completion - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - - // Set basic usage metadata according to Gemini API specification - usageJSON, _ = sjson.Set(usageJSON, "promptTokenCount", inputTokens) - usageJSON, _ = sjson.Set(usageJSON, "candidatesTokenCount", outputTokens) - usageJSON, _ = sjson.Set(usageJSON, "totalTokenCount", inputTokens+outputTokens) - - // Add cache-related token counts if present (Claude Code API cache fields) - if cacheCreationTokens := usage.Get("cache_creation_input_tokens"); cacheCreationTokens.Exists() { - usageJSON, _ = sjson.Set(usageJSON, "cachedContentTokenCount", cacheCreationTokens.Int()) - } - if cacheReadTokens := usage.Get("cache_read_input_tokens"); cacheReadTokens.Exists() { - // Add cache read tokens to cached content count - existingCacheTokens := usage.Get("cache_creation_input_tokens").Int() - totalCacheTokens := existingCacheTokens + cacheReadTokens.Int() - usageJSON, _ = sjson.Set(usageJSON, "cachedContentTokenCount", totalCacheTokens) - } - - // Add thinking tokens if present (for models with reasoning capabilities) - if thinkingTokens := usage.Get("thinking_tokens"); thinkingTokens.Exists() { - usageJSON, _ = sjson.Set(usageJSON, "thoughtsTokenCount", thinkingTokens.Int()) - } - - // Set traffic type (required by Gemini API) - usageJSON, _ = sjson.Set(usageJSON, "trafficType", "PROVISIONED_THROUGHPUT") - - finalUsageJSON = usageJSON - } - } - } - - // Set response metadata - if responseID != "" { - template, _ = sjson.Set(template, "responseId", responseID) - } - if createdAt > 0 { - template, _ = sjson.Set(template, "createTime", time.Unix(createdAt, 0).Format(time.RFC3339Nano)) - } - - // Consolidate consecutive text parts and thinking parts for cleaner output - consolidatedParts := consolidateParts(allParts) - - // Set the consolidated parts array - if len(consolidatedParts) > 0 { - partsJSON := "[]" - for _, partJSON := range consolidatedParts { - partsJSON, _ = sjson.SetRaw(partsJSON, "-1", partJSON) - } - template, _ = sjson.SetRaw(template, "candidates.0.content.parts", partsJSON) - } - - // Set usage metadata - if finalUsageJSON != "" { - template, _ = sjson.SetRaw(template, "usageMetadata", finalUsageJSON) - } - - return template -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -// consolidateParts merges consecutive text parts and thinking parts to create a cleaner response. -// This function processes the parts array to combine adjacent text elements and thinking elements -// into single consolidated parts, which results in a more readable and efficient response structure. -// Tool calls and other non-text parts are preserved as separate elements. -func consolidateParts(parts []string) []string { - if len(parts) == 0 { - return parts - } - - var consolidated []string - var currentTextPart strings.Builder - var currentThoughtPart strings.Builder - var hasText, hasThought bool - - flushText := func() { - // Flush accumulated text content to the consolidated parts array - if hasText && currentTextPart.Len() > 0 { - textPartJSON := `{"text":""}` - textPartJSON, _ = sjson.Set(textPartJSON, "text", currentTextPart.String()) - consolidated = append(consolidated, textPartJSON) - currentTextPart.Reset() - hasText = false - } - } - - flushThought := func() { - // Flush accumulated thinking content to the consolidated parts array - if hasThought && currentThoughtPart.Len() > 0 { - thoughtPartJSON := `{"thought":true,"text":""}` - thoughtPartJSON, _ = sjson.Set(thoughtPartJSON, "text", currentThoughtPart.String()) - consolidated = append(consolidated, thoughtPartJSON) - currentThoughtPart.Reset() - hasThought = false - } - } - - for _, partJSON := range parts { - part := gjson.Parse(partJSON) - if !part.Exists() || !part.IsObject() { - // Flush any pending parts and add this non-text part - flushText() - flushThought() - consolidated = append(consolidated, partJSON) - continue - } - - thought := part.Get("thought") - if thought.Exists() && thought.Type == gjson.True { - // This is a thinking part - flush any pending text first - flushText() // Flush any pending text first - - if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - currentThoughtPart.WriteString(text.String()) - hasThought = true - } - } else if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - // This is a regular text part - flush any pending thought first - flushThought() // Flush any pending thought first - - currentTextPart.WriteString(text.String()) - hasText = true - } else { - // This is some other type of part (like function call) - flush both text and thought - flushText() - flushThought() - consolidated = append(consolidated, partJSON) - } - } - - // Flush any remaining parts - flushThought() // Flush thought first to maintain order - flushText() - - return consolidated -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/init.go deleted file mode 100644 index 28ab8a4452..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.Claude, - ConvertGeminiRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGemini, - NonStream: ConvertClaudeResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_request.go deleted file mode 100644 index 1dec184f6d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_request.go +++ /dev/null @@ -1,316 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Claude Code API compatibility. -// It handles parsing and transforming OpenAI Chat Completions API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between OpenAI API format and Claude Code API's expected format. -package chat_completions - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertOpenAIRequestToClaude parses and transforms an OpenAI Chat Completions API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and parameter extraction (max_tokens, temperature, top_p, etc.) -// 2. Message content conversion from OpenAI to Claude Code format -// 3. Tool call and tool result handling with proper ID mapping -// 4. Image data conversion from OpenAI data URLs to Claude Code base64 format -// 5. Stop sequence and streaming configuration handling -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertOpenAIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude Code API template with default max_tokens value - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Convert OpenAI reasoning_effort to Claude thinking config. - if v := root.Get("reasoning_effort"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort != "" { - budget, ok := thinking.ConvertLevelToBudget(effort) - if ok { - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - default: - if budget > 0 { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } - } - } - - // Helper for generating tool call IDs in the form: toolu_ - // This ensures unique identifiers for tool calls in the Claude Code format - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix for uniqueness - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // Model mapping to specify which Claude Code model to use - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens configuration with fallback to default value - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Temperature setting for controlling response randomness - if temp := root.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := root.Get("top_p"); topP.Exists() { - // Top P setting for nucleus sampling (filtered out if temperature is set) - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Stop sequences configuration for custom termination conditions - if stop := root.Get("stop"); stop.Exists() { - if stop.IsArray() { - var stopSequences []string - stop.ForEach(func(_, value gjson.Result) bool { - stopSequences = append(stopSequences, value.String()) - return true - }) - if len(stopSequences) > 0 { - out, _ = sjson.Set(out, "stop_sequences", stopSequences) - } - } else { - out, _ = sjson.Set(out, "stop_sequences", []string{stop.String()}) - } - } - - // Stream configuration to enable or disable streaming responses - out, _ = sjson.Set(out, "stream", stream) - - // Process messages and transform them to Claude Code format - if messages := root.Get("messages"); messages.Exists() && messages.IsArray() { - messageIndex := 0 - systemMessageIndex := -1 - messages.ForEach(func(_, message gjson.Result) bool { - role := message.Get("role").String() - contentResult := message.Get("content") - - switch role { - case "system": - if systemMessageIndex == -1 { - systemMsg := `{"role":"user","content":[]}` - out, _ = sjson.SetRaw(out, "messages.-1", systemMsg) - systemMessageIndex = messageIndex - messageIndex++ - } - if contentResult.Exists() && contentResult.Type == gjson.String && contentResult.String() != "" { - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", contentResult.String()) - out, _ = sjson.SetRaw(out, fmt.Sprintf("messages.%d.content.-1", systemMessageIndex), textPart) - } else if contentResult.Exists() && contentResult.IsArray() { - contentResult.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", part.Get("text").String()) - out, _ = sjson.SetRaw(out, fmt.Sprintf("messages.%d.content.-1", systemMessageIndex), textPart) - } - return true - }) - } - case "user", "assistant": - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - - // Handle content based on its type (string or array) - if contentResult.Exists() && contentResult.Type == gjson.String && contentResult.String() != "" { - part := `{"type":"text","text":""}` - part, _ = sjson.Set(part, "text", contentResult.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } else if contentResult.Exists() && contentResult.IsArray() { - contentResult.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - - switch partType { - case "text": - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", part.Get("text").String()) - msg, _ = sjson.SetRaw(msg, "content.-1", textPart) - - case "image_url": - // Convert OpenAI image format to Claude Code format - imageURL := part.Get("image_url.url").String() - if strings.HasPrefix(imageURL, "data:") { - // Extract base64 data and media type from data URL - parts := strings.Split(imageURL, ",") - if len(parts) == 2 { - mediaTypePart := strings.Split(parts[0], ";")[0] - mediaType := strings.TrimPrefix(mediaTypePart, "data:") - data := parts[1] - - imagePart := `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - imagePart, _ = sjson.Set(imagePart, "source.media_type", mediaType) - imagePart, _ = sjson.Set(imagePart, "source.data", data) - msg, _ = sjson.SetRaw(msg, "content.-1", imagePart) - } - } - } - return true - }) - } - - // Handle tool calls (for assistant messages) - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() && role == "assistant" { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - if toolCall.Get("type").String() == "function" { - toolCallID := toolCall.Get("id").String() - if toolCallID == "" { - toolCallID = genToolCallID() - } - - function := toolCall.Get("function") - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUse, _ = sjson.Set(toolUse, "id", toolCallID) - toolUse, _ = sjson.Set(toolUse, "name", function.Get("name").String()) - - // Parse arguments for the tool call - if args := function.Get("arguments"); args.Exists() { - argsStr := args.String() - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argsJSON.Raw) - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - - msg, _ = sjson.SetRaw(msg, "content.-1", toolUse) - } - return true - }) - } - - out, _ = sjson.SetRaw(out, "messages.-1", msg) - messageIndex++ - - case "tool": - // Handle tool result messages conversion - toolCallID := message.Get("tool_call_id").String() - content := message.Get("content").String() - - msg := `{"role":"user","content":[{"type":"tool_result","tool_use_id":"","content":""}]}` - msg, _ = sjson.Set(msg, "content.0.tool_use_id", toolCallID) - msg, _ = sjson.Set(msg, "content.0.content", content) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - messageIndex++ - } - return true - }) - } - - // Tools mapping: OpenAI tools -> Claude Code tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() && len(tools.Array()) > 0 { - hasAnthropicTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("type").String() == "function" { - function := tool.Get("function") - anthropicTool := `{"name":"","description":""}` - anthropicTool, _ = sjson.Set(anthropicTool, "name", function.Get("name").String()) - anthropicTool, _ = sjson.Set(anthropicTool, "description", function.Get("description").String()) - - // Convert parameters schema for the tool - if parameters := function.Get("parameters"); parameters.Exists() { - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", parameters.Raw) - } else if parameters := function.Get("parametersJsonSchema"); parameters.Exists() { - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", parameters.Raw) - } - - out, _ = sjson.SetRaw(out, "tools.-1", anthropicTool) - hasAnthropicTools = true - } - return true - }) - - if !hasAnthropicTools { - out, _ = sjson.Delete(out, "tools") - } - } - - // Tool choice mapping from OpenAI format to Claude Code format - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.String: - choice := toolChoice.String() - switch choice { - case "none": - // Don't set tool_choice, Claude Code will not use tools - case "auto": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "required": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - case gjson.JSON: - // Specific tool choice mapping - if toolChoice.Get("type").String() == "function" { - functionName := toolChoice.Get("function.name").String() - toolChoiceJSON := `{"type":"tool","name":""}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "name", functionName) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - } - default: - } - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_request_test.go deleted file mode 100644 index bad6e92035..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_request_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package chat_completions - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIRequestToClaude(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [ - {"role": "user", "content": "hello"} - ], - "max_tokens": 1024, - "temperature": 0.5 - }`) - - got := ConvertOpenAIRequestToClaude("claude-3-5-sonnet", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "claude-3-5-sonnet" { - t.Errorf("expected model claude-3-5-sonnet, got %s", res.Get("model").String()) - } - - if res.Get("max_tokens").Int() != 1024 { - t.Errorf("expected max_tokens 1024, got %d", res.Get("max_tokens").Int()) - } - - messages := res.Get("messages").Array() - if len(messages) != 1 { - t.Errorf("expected 1 message, got %d", len(messages)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_response.go deleted file mode 100644 index 346db69a11..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_response.go +++ /dev/null @@ -1,436 +0,0 @@ -// Package openai provides response translation functionality for Claude Code to OpenAI API compatibility. -// This package handles the conversion of Claude Code API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertAnthropicResponseToOpenAIParams holds parameters for response conversion -type ConvertAnthropicResponseToOpenAIParams struct { - CreatedAt int64 - ResponseID string - FinishReason string - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertClaudeResponseToOpenAI converts Claude Code streaming response format to OpenAI Chat Completions format. -// This function processes various Claude Code event types and transforms them into OpenAI-compatible JSON responses. -// It handles text content, tool calls, reasoning content, and usage metadata, outputting responses that match -// the OpenAI API format. The function supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertClaudeResponseToOpenAI(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - var localParam any - if param == nil { - param = &localParam - } - if *param == nil { - *param = &ConvertAnthropicResponseToOpenAIParams{ - CreatedAt: 0, - ResponseID: "", - FinishReason: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - root := gjson.ParseBytes(rawJSON) - eventType := root.Get("type").String() - - // Base OpenAI streaming response template - template := `{"id":"","object":"chat.completion.chunk","created":0,"model":"","choices":[{"index":0,"delta":{},"finish_reason":null}]}` - - // Set model - if modelName != "" { - template, _ = sjson.Set(template, "model", modelName) - } - - // Set response ID and creation time - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID != "" { - template, _ = sjson.Set(template, "id", (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID) - } - if (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt > 0 { - template, _ = sjson.Set(template, "created", (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt) - } - - switch eventType { - case "message_start": - // Initialize response with message metadata when a new message begins - if message := root.Get("message"); message.Exists() { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID = message.Get("id").String() - (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt = time.Now().Unix() - - template, _ = sjson.Set(template, "id", (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID) - template, _ = sjson.Set(template, "model", modelName) - template, _ = sjson.Set(template, "created", (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt) - - // Set initial role to assistant for the response - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - - // Initialize tool calls accumulator for tracking tool call progress - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator == nil { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - } - return []string{template} - - case "content_block_start": - // Start of a content block (text, tool use, or reasoning) - if contentBlock := root.Get("content_block"); contentBlock.Exists() { - blockType := contentBlock.Get("type").String() - - if blockType == "tool_use" { - // Start of tool call - initialize accumulator to track arguments - toolCallID := contentBlock.Get("id").String() - toolName := contentBlock.Get("name").String() - index := int(root.Get("index").Int()) - - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator == nil { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index] = &ToolCallAccumulator{ - ID: toolCallID, - Name: toolName, - } - - // Don't output anything yet - wait for complete tool call - return []string{} - } - } - return []string{} - - case "content_block_delta": - // Handle content delta (text, tool use arguments, or reasoning content) - hasContent := false - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - - switch deltaType { - case "text_delta": - // Text content delta - send incremental text updates - if text := delta.Get("text"); text.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.content", text.String()) - hasContent = true - } - case "thinking_delta": - // Accumulate reasoning/thinking content - if thinking := delta.Get("thinking"); thinking.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", thinking.String()) - hasContent = true - } - case "input_json_delta": - // Tool use input delta - accumulate arguments for tool calls - if partialJSON := delta.Get("partial_json"); partialJSON.Exists() { - index := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator != nil { - if accumulator, exists := (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index]; exists { - accumulator.Arguments.WriteString(partialJSON.String()) - } - } - } - // Don't output anything yet - wait for complete tool call - return []string{} - } - } - if hasContent { - return []string{template} - } else { - return []string{} - } - - case "content_block_stop": - // End of content block - output complete tool call if it's a tool_use block - index := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator != nil { - if accumulator, exists := (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index]; exists { - // Build complete tool call with accumulated arguments - arguments := accumulator.Arguments.String() - if arguments == "" { - arguments = "{}" - } - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.index", index) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.id", accumulator.ID) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.type", "function") - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.function.name", accumulator.Name) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.function.arguments", arguments) - - // Clean up the accumulator for this index - delete((*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator, index) - - return []string{template} - } - } - return []string{} - - case "message_delta": - // Handle message-level changes including stop reason and usage - if delta := root.Get("delta"); delta.Exists() { - if stopReason := delta.Get("stop_reason"); stopReason.Exists() { - (*param).(*ConvertAnthropicResponseToOpenAIParams).FinishReason = mapAnthropicStopReasonToOpenAI(stopReason.String()) - template, _ = sjson.Set(template, "choices.0.finish_reason", (*param).(*ConvertAnthropicResponseToOpenAIParams).FinishReason) - } - } - - // Handle usage information for token counts - if usage := root.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cacheReadInputTokens := usage.Get("cache_read_input_tokens").Int() - cacheCreationInputTokens := usage.Get("cache_creation_input_tokens").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokens+cacheCreationInputTokens) - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokens) - template, _ = sjson.Set(template, "usage.total_tokens", inputTokens+outputTokens) - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cacheReadInputTokens) - } - return []string{template} - - case "message_stop": - // Final message event - no additional output needed - return []string{} - - case "ping": - // Ping events for keeping connection alive - no output needed - return []string{} - - case "error": - // Error event - format and return error response - if errorData := root.Get("error"); errorData.Exists() { - errorJSON := `{"error":{"message":"","type":""}}` - errorJSON, _ = sjson.Set(errorJSON, "error.message", errorData.Get("message").String()) - errorJSON, _ = sjson.Set(errorJSON, "error.type", errorData.Get("type").String()) - return []string{errorJSON} - } - return []string{} - - default: - // Unknown event type - ignore - return []string{} - } -} - -// mapAnthropicStopReasonToOpenAI maps Anthropic stop reasons to OpenAI stop reasons -func mapAnthropicStopReasonToOpenAI(anthropicReason string) string { - switch anthropicReason { - case "end_turn": - return "stop" - case "tool_use": - return "tool_calls" - case "max_tokens": - return "length" - case "stop_sequence": - return "stop" - default: - return "stop" - } -} - -// ConvertClaudeResponseToOpenAINonStream converts a non-streaming Claude Code response to a non-streaming OpenAI response. -// This function processes the complete Claude Code response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertClaudeResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - chunks := make([][]byte, 0) - - lines := bytes.Split(rawJSON, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - chunks = append(chunks, bytes.TrimSpace(line[5:])) - } - - // Base OpenAI non-streaming response template - out := `{"id":"","object":"chat.completion","created":0,"model":"","choices":[{"index":0,"message":{"role":"assistant","content":""},"finish_reason":"stop"}],"usage":{"prompt_tokens":0,"completion_tokens":0,"total_tokens":0}}` - - var messageID string - var model string - var createdAt int64 - var stopReason string - var contentParts []string - var reasoningParts []string - toolCallsAccumulator := make(map[int]*ToolCallAccumulator) - - for _, chunk := range chunks { - root := gjson.ParseBytes(chunk) - eventType := root.Get("type").String() - - switch eventType { - case "message_start": - // Extract initial message metadata including ID, model, and input token count - if message := root.Get("message"); message.Exists() { - messageID = message.Get("id").String() - model = message.Get("model").String() - createdAt = time.Now().Unix() - } - - case "content_block_start": - // Handle different content block types at the beginning - if contentBlock := root.Get("content_block"); contentBlock.Exists() { - blockType := contentBlock.Get("type").String() - if blockType == "thinking" { - // Start of thinking/reasoning content - skip for now as it's handled in delta - continue - } else if blockType == "tool_use" { - // Initialize tool call accumulator for this index - index := int(root.Get("index").Int()) - toolCallsAccumulator[index] = &ToolCallAccumulator{ - ID: contentBlock.Get("id").String(), - Name: contentBlock.Get("name").String(), - } - } - } - - case "content_block_delta": - // Process incremental content updates - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - switch deltaType { - case "text_delta": - // Accumulate text content - if text := delta.Get("text"); text.Exists() { - contentParts = append(contentParts, text.String()) - } - case "thinking_delta": - // Accumulate reasoning/thinking content - if thinking := delta.Get("thinking"); thinking.Exists() { - reasoningParts = append(reasoningParts, thinking.String()) - } - case "input_json_delta": - // Accumulate tool call arguments - if partialJSON := delta.Get("partial_json"); partialJSON.Exists() { - index := int(root.Get("index").Int()) - if accumulator, exists := toolCallsAccumulator[index]; exists { - accumulator.Arguments.WriteString(partialJSON.String()) - } - } - } - } - - case "content_block_stop": - // Finalize tool call arguments for this index when content block ends - index := int(root.Get("index").Int()) - if accumulator, exists := toolCallsAccumulator[index]; exists { - if accumulator.Arguments.Len() == 0 { - accumulator.Arguments.WriteString("{}") - } - } - - case "message_delta": - // Extract stop reason and output token count when message ends - if delta := root.Get("delta"); delta.Exists() { - if sr := delta.Get("stop_reason"); sr.Exists() { - stopReason = sr.String() - } - } - if usage := root.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cacheReadInputTokens := usage.Get("cache_read_input_tokens").Int() - cacheCreationInputTokens := usage.Get("cache_creation_input_tokens").Int() - out, _ = sjson.Set(out, "usage.prompt_tokens", inputTokens+cacheCreationInputTokens) - out, _ = sjson.Set(out, "usage.completion_tokens", outputTokens) - out, _ = sjson.Set(out, "usage.total_tokens", inputTokens+outputTokens) - out, _ = sjson.Set(out, "usage.prompt_tokens_details.cached_tokens", cacheReadInputTokens) - } - } - } - - // Set basic response fields including message ID, creation time, and model - out, _ = sjson.Set(out, "id", messageID) - out, _ = sjson.Set(out, "created", createdAt) - out, _ = sjson.Set(out, "model", model) - - // Set message content by combining all text parts - messageContent := strings.Join(contentParts, "") - out, _ = sjson.Set(out, "choices.0.message.content", messageContent) - - // Add reasoning content if available (following OpenAI reasoning format) - if len(reasoningParts) > 0 { - reasoningContent := strings.Join(reasoningParts, "") - // Add reasoning as a separate field in the message - out, _ = sjson.Set(out, "choices.0.message.reasoning", reasoningContent) - } - - // Set tool calls if any were accumulated during processing - if len(toolCallsAccumulator) > 0 { - toolCallsCount := 0 - maxIndex := -1 - for index := range toolCallsAccumulator { - if index > maxIndex { - maxIndex = index - } - } - - for i := 0; i <= maxIndex; i++ { - accumulator, exists := toolCallsAccumulator[i] - if !exists { - continue - } - - arguments := accumulator.Arguments.String() - - idPath := fmt.Sprintf("choices.0.message.tool_calls.%d.id", toolCallsCount) - typePath := fmt.Sprintf("choices.0.message.tool_calls.%d.type", toolCallsCount) - namePath := fmt.Sprintf("choices.0.message.tool_calls.%d.function.name", toolCallsCount) - argumentsPath := fmt.Sprintf("choices.0.message.tool_calls.%d.function.arguments", toolCallsCount) - - out, _ = sjson.Set(out, idPath, accumulator.ID) - out, _ = sjson.Set(out, typePath, "function") - out, _ = sjson.Set(out, namePath, accumulator.Name) - out, _ = sjson.Set(out, argumentsPath, arguments) - toolCallsCount++ - } - if toolCallsCount > 0 { - out, _ = sjson.Set(out, "choices.0.finish_reason", "tool_calls") - } else { - out, _ = sjson.Set(out, "choices.0.finish_reason", mapAnthropicStopReasonToOpenAI(stopReason)) - } - } else { - out, _ = sjson.Set(out, "choices.0.finish_reason", mapAnthropicStopReasonToOpenAI(stopReason)) - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_response_test.go deleted file mode 100644 index 3282d3777e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/claude_openai_response_test.go +++ /dev/null @@ -1,63 +0,0 @@ -package chat_completions - -import ( - "context" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertClaudeResponseToOpenAI(t *testing.T) { - ctx := context.Background() - model := "gpt-4o" - var param any - - // Message start - raw := []byte(`data: {"type": "message_start", "message": {"id": "msg_123", "role": "assistant", "model": "claude-3"}}`) - got := ConvertClaudeResponseToOpenAI(ctx, model, nil, nil, raw, ¶m) - if len(got) != 1 { - t.Errorf("expected 1 chunk, got %d", len(got)) - } - res := gjson.Parse(got[0]) - if res.Get("id").String() != "msg_123" || res.Get("choices.0.delta.role").String() != "assistant" { - t.Errorf("unexpected message_start output: %s", got[0]) - } - - // Content delta - raw = []byte(`data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "hello"}}`) - got = ConvertClaudeResponseToOpenAI(ctx, model, nil, nil, raw, ¶m) - if len(got) != 1 { - t.Errorf("expected 1 chunk, got %d", len(got)) - } - res = gjson.Parse(got[0]) - if res.Get("choices.0.delta.content").String() != "hello" { - t.Errorf("unexpected content_block_delta output: %s", got[0]) - } - - // Message delta (usage) - raw = []byte(`data: {"type": "message_delta", "delta": {"stop_reason": "end_turn"}, "usage": {"input_tokens": 10, "output_tokens": 5}}`) - got = ConvertClaudeResponseToOpenAI(ctx, model, nil, nil, raw, ¶m) - if len(got) != 1 { - t.Errorf("expected 1 chunk, got %d", len(got)) - } - res = gjson.Parse(got[0]) - if res.Get("usage.total_tokens").Int() != 15 { - t.Errorf("unexpected usage output: %s", got[0]) - } -} - -func TestConvertClaudeResponseToOpenAINonStream(t *testing.T) { - raw := []byte(`data: {"type": "message_start", "message": {"id": "msg_123", "model": "claude-3"}} -data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "hello "}} -data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "world"}} -data: {"type": "message_delta", "delta": {"stop_reason": "end_turn"}, "usage": {"input_tokens": 10, "output_tokens": 5}}`) - - got := ConvertClaudeResponseToOpenAINonStream(context.Background(), "gpt-4o", nil, nil, raw, nil) - res := gjson.Parse(got) - if res.Get("choices.0.message.content").String() != "hello world" { - t.Errorf("unexpected content: %s", got) - } - if res.Get("usage.total_tokens").Int() != 15 { - t.Errorf("unexpected usage: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/init.go deleted file mode 100644 index a73543038b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Claude, - ConvertOpenAIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAI, - NonStream: ConvertClaudeResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_request.go deleted file mode 100644 index 53138dcf32..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_request.go +++ /dev/null @@ -1,453 +0,0 @@ -package responses - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertOpenAIResponsesRequestToClaude transforms an OpenAI Responses API request -// into a Claude Messages API request using only gjson/sjson for JSON handling. -// It supports: -// - instructions -> system message -// - input[].type==message with input_text/output_text -> user/assistant messages -// - function_call -> assistant tool_use -// - function_call_output -> user tool_result -// - tools[].parameters -> tools[].input_schema -// - max_output_tokens -> max_tokens -// - stream passthrough via parameter -func ConvertOpenAIResponsesRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude message payload - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Convert OpenAI Responses reasoning.effort to Claude thinking config. - if v := root.Get("reasoning.effort"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort != "" { - budget, ok := thinking.ConvertLevelToBudget(effort) - if ok { - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - default: - if budget > 0 { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } - } - } - - // Helper for generating tool call IDs when missing - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens - if mot := root.Get("max_output_tokens"); mot.Exists() { - out, _ = sjson.Set(out, "max_tokens", mot.Int()) - } - - // Stream - out, _ = sjson.Set(out, "stream", stream) - - // instructions -> as a leading message (use role user for Claude API compatibility) - instructionsText := "" - extractedFromSystem := false - if instr := root.Get("instructions"); instr.Exists() && instr.Type == gjson.String { - instructionsText = instr.String() - if instructionsText != "" { - sysMsg := `{"role":"user","content":""}` - sysMsg, _ = sjson.Set(sysMsg, "content", instructionsText) - out, _ = sjson.SetRaw(out, "messages.-1", sysMsg) - } - } - - if instructionsText == "" { - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - if strings.EqualFold(item.Get("role").String(), "system") { - var builder strings.Builder - if parts := item.Get("content"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - textResult := part.Get("text") - text := textResult.String() - if builder.Len() > 0 && text != "" { - builder.WriteByte('\n') - } - builder.WriteString(text) - return true - }) - } else if parts.Type == gjson.String { - builder.WriteString(parts.String()) - } - instructionsText = builder.String() - if instructionsText != "" { - sysMsg := `{"role":"user","content":""}` - sysMsg, _ = sjson.Set(sysMsg, "content", instructionsText) - out, _ = sjson.SetRaw(out, "messages.-1", sysMsg) - extractedFromSystem = true - } - } - return instructionsText == "" - }) - } - } - - // input can be a raw string for compatibility with OpenAI Responses API. - if instructionsText == "" { - if input := root.Get("input"); input.Exists() && input.Type == gjson.String { - msg := `{"role":"user","content":""}` - msg, _ = sjson.Set(msg, "content", input.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - } - - // input array processing - pendingReasoning := "" - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - if extractedFromSystem && strings.EqualFold(item.Get("role").String(), "system") { - return true - } - typ := item.Get("type").String() - if typ == "" && item.Get("role").String() != "" { - typ = "message" - } - switch typ { - case "message": - // Determine role and construct Claude-compatible content parts. - var role string - var textAggregate strings.Builder - var partsJSON []string - hasImage := false - hasRedactedThinking := false - if parts := item.Get("content"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - ptype := part.Get("type").String() - switch ptype { - case "input_text", "output_text": - if t := part.Get("text"); t.Exists() { - txt := t.String() - textAggregate.WriteString(txt) - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", txt) - partsJSON = append(partsJSON, contentPart) - } - if ptype == "input_text" { - role = "user" - } else { - role = "assistant" - } - case "input_image": - url := part.Get("image_url").String() - if url == "" { - url = part.Get("url").String() - } - if url != "" { - var contentPart string - if strings.HasPrefix(url, "data:") { - trimmed := strings.TrimPrefix(url, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - mediaType := "application/octet-stream" - data := "" - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mediaType = mediaAndData[0] - } - data = mediaAndData[1] - } - if data != "" { - contentPart = `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - contentPart, _ = sjson.Set(contentPart, "source.media_type", mediaType) - contentPart, _ = sjson.Set(contentPart, "source.data", data) - } - } else { - contentPart = `{"type":"image","source":{"type":"url","url":""}}` - contentPart, _ = sjson.Set(contentPart, "source.url", url) - } - if contentPart != "" { - partsJSON = append(partsJSON, contentPart) - if role == "" { - role = "user" - } - hasImage = true - } - } - case "reasoning", "thinking", "reasoning_text", "summary_text": - if redacted := redactedThinkingPartFromResult(part); redacted != "" { - partsJSON = append(partsJSON, redacted) - hasRedactedThinking = true - if role == "" { - role = "assistant" - } - } - } - return true - }) - } else if parts.Type == gjson.String { - textAggregate.WriteString(parts.String()) - } - - // Fallback to given role if content types not decisive - if role == "" { - r := item.Get("role").String() - switch r { - case "user", "assistant", "system": - role = r - default: - role = "user" - } - } - - if role == "assistant" && pendingReasoning != "" { - partsJSON = append([]string{buildRedactedThinkingPart(pendingReasoning)}, partsJSON...) - pendingReasoning = "" - hasRedactedThinking = true - } - - if len(partsJSON) > 0 { - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - // Preserve legacy single-text flattening, but keep structured arrays when - // image/thinking content is present. - if len(partsJSON) == 1 && !hasImage && !hasRedactedThinking { - // Preserve legacy behavior for single text content - msg, _ = sjson.Delete(msg, "content") - textPart := gjson.Parse(partsJSON[0]) - msg, _ = sjson.Set(msg, "content", textPart.Get("text").String()) - } else { - for _, partJSON := range partsJSON { - msg, _ = sjson.SetRaw(msg, "content.-1", partJSON) - } - } - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } else if textAggregate.Len() > 0 || role == "system" { - msg := `{"role":"","content":""}` - msg, _ = sjson.Set(msg, "role", role) - msg, _ = sjson.Set(msg, "content", textAggregate.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - case "function_call": - // Map to assistant tool_use - callID := item.Get("call_id").String() - if callID == "" { - callID = genToolCallID() - } - name := item.Get("name").String() - argsStr := item.Get("arguments").String() - - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUse, _ = sjson.Set(toolUse, "id", callID) - toolUse, _ = sjson.Set(toolUse, "name", name) - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argsJSON.Raw) - } - } - - asst := `{"role":"assistant","content":[]}` - if pendingReasoning != "" { - asst, _ = sjson.SetRaw(asst, "content.-1", buildRedactedThinkingPart(pendingReasoning)) - pendingReasoning = "" - } - asst, _ = sjson.SetRaw(asst, "content.-1", toolUse) - out, _ = sjson.SetRaw(out, "messages.-1", asst) - - case "function_call_output": - // Map to user tool_result - callID := item.Get("call_id").String() - outputStr := item.Get("output").String() - toolResult := `{"type":"tool_result","tool_use_id":"","content":""}` - toolResult, _ = sjson.Set(toolResult, "tool_use_id", callID) - toolResult, _ = sjson.Set(toolResult, "content", outputStr) - - usr := `{"role":"user","content":[]}` - usr, _ = sjson.SetRaw(usr, "content.-1", toolResult) - out, _ = sjson.SetRaw(out, "messages.-1", usr) - case "reasoning": - // Preserve reasoning history so Claude thinking-enabled requests keep - // thinking/redacted_thinking before tool_use blocks. - if text := extractResponsesReasoningText(item); text != "" { - if pendingReasoning == "" { - pendingReasoning = text - } else { - pendingReasoning = pendingReasoning + "\n\n" + text - } - } - } - return true - }) - } - if pendingReasoning != "" { - asst := `{"role":"assistant","content":[]}` - asst, _ = sjson.SetRaw(asst, "content.-1", buildRedactedThinkingPart(pendingReasoning)) - out, _ = sjson.SetRaw(out, "messages.-1", asst) - } - - // tools mapping: parameters -> input_schema - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - toolsJSON := "[]" - tools.ForEach(func(_, tool gjson.Result) bool { - tJSON := `{"name":"","description":"","input_schema":{}}` - if n := tool.Get("name"); n.Exists() { - tJSON, _ = sjson.Set(tJSON, "name", n.String()) - } - if d := tool.Get("description"); d.Exists() { - tJSON, _ = sjson.Set(tJSON, "description", d.String()) - } - - if params := tool.Get("parameters"); params.Exists() { - tJSON, _ = sjson.SetRaw(tJSON, "input_schema", params.Raw) - } else if params = tool.Get("parametersJsonSchema"); params.Exists() { - tJSON, _ = sjson.SetRaw(tJSON, "input_schema", params.Raw) - } - - toolsJSON, _ = sjson.SetRaw(toolsJSON, "-1", tJSON) - return true - }) - if gjson.Parse(toolsJSON).IsArray() && len(gjson.Parse(toolsJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", toolsJSON) - } - } - - // Map tool_choice similar to Chat Completions translator (optional in docs, safe to handle) - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.String: - switch toolChoice.String() { - case "auto": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "none": - // Leave unset; implies no tools - case "required": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - case gjson.JSON: - if toolChoice.Get("type").String() == "function" { - fn := toolChoice.Get("function.name").String() - toolChoiceJSON := `{"name":"","type":"tool"}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "name", fn) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - } - default: - - } - } - - return []byte(out) -} - -func extractResponsesReasoningText(item gjson.Result) string { - var parts []string - - appendText := func(v string) { - if strings.TrimSpace(v) != "" { - parts = append(parts, v) - } - } - - if summary := item.Get("summary"); summary.Exists() && summary.IsArray() { - summary.ForEach(func(_, s gjson.Result) bool { - if text := s.Get("text"); text.Exists() { - appendText(text.String()) - } - return true - }) - } - - if content := item.Get("content"); content.Exists() && content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if txt := extractThinkingLikeText(part); txt != "" { - appendText(txt) - } - return true - }) - } - - if text := item.Get("text"); text.Exists() { - appendText(text.String()) - } - if reasoning := item.Get("reasoning"); reasoning.Exists() { - appendText(reasoning.String()) - } - - return strings.Join(parts, "\n\n") -} - -func redactedThinkingPartFromResult(part gjson.Result) string { - text := extractThinkingLikeText(part) - if text == "" { - return "" - } - return buildRedactedThinkingPart(text) -} - -func extractThinkingLikeText(part gjson.Result) string { - if txt := strings.TrimSpace(thinking.GetThinkingText(part)); txt != "" { - return txt - } - if text := part.Get("text"); text.Exists() { - if txt := strings.TrimSpace(text.String()); txt != "" { - return txt - } - } - if summary := part.Get("summary"); summary.Exists() { - if txt := strings.TrimSpace(summary.String()); txt != "" { - return txt - } - } - return "" -} - -func buildRedactedThinkingPart(text string) string { - part := `{"type":"redacted_thinking","data":""}` - part, _ = sjson.Set(part, "data", text) - return part -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_request_test.go deleted file mode 100644 index f0d8929f53..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_request_test.go +++ /dev/null @@ -1,178 +0,0 @@ -package responses - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIResponsesRequestToClaude(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "instructions": "Be helpful.", - "input": [ - { - "role": "user", - "content": [ - {"type": "input_text", "text": "hello"} - ] - } - ], - "max_output_tokens": 100 - }`) - - got := ConvertOpenAIResponsesRequestToClaude("claude-3-5-sonnet", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "claude-3-5-sonnet" { - t.Errorf("expected model claude-3-5-sonnet, got %s", res.Get("model").String()) - } - - if res.Get("max_tokens").Int() != 100 { - t.Errorf("expected max_tokens 100, got %d", res.Get("max_tokens").Int()) - } - - messages := res.Get("messages").Array() - if len(messages) < 1 { - t.Errorf("expected at least 1 message, got %d", len(messages)) - } -} - -func TestConvertOpenAIResponsesRequestToClaudeToolChoice(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "input": [{"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}], - "tool_choice": "required", - "tools": [{ - "type": "function", - "name": "weather", - "description": "Get weather", - "parameters": {"type":"object","properties":{"city":{"type":"string"}}} - }] - }`) - - got := ConvertOpenAIResponsesRequestToClaude("claude-3-5-sonnet", input, false) - res := gjson.ParseBytes(got) - - if res.Get("tool_choice.type").String() != "any" { - t.Fatalf("tool_choice.type = %s, want any", res.Get("tool_choice.type").String()) - } - - if res.Get("max_tokens").Int() != 32000 { - t.Fatalf("expected default max_tokens to remain, got %d", res.Get("max_tokens").Int()) - } -} - -func TestConvertOpenAIResponsesRequestToClaudeFunctionCallOutput(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "input": [ - {"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}, - {"type":"function_call","call_id":"call-1","name":"weather","arguments":"{\"city\":\"sf\"}"}, - {"type":"function_call_output","call_id":"call-1","output":"\"cloudy\""} - ] - }`) - - got := ConvertOpenAIResponsesRequestToClaude("claude-3-5-sonnet", input, false) - res := gjson.ParseBytes(got) - - messages := res.Get("messages").Array() - if len(messages) < 3 { - t.Fatalf("expected at least 3 messages, got %d", len(messages)) - } - - last := messages[len(messages)-1] - if last.Get("role").String() != "user" { - t.Fatalf("last message role = %s, want user", last.Get("role").String()) - } - if last.Get("content.0.type").String() != "tool_result" { - t.Fatalf("last content type = %s, want tool_result", last.Get("content.0.type").String()) - } -} - -func TestConvertOpenAIResponsesRequestToClaudeStringInputBody(t *testing.T) { - input := []byte(`{"model":"claude-3-5-sonnet","input":"hello"}`) - got := ConvertOpenAIResponsesRequestToClaude("claude-3-5-sonnet", input, false) - res := gjson.ParseBytes(got) - - messages := res.Get("messages").Array() - if len(messages) != 1 { - t.Fatalf("messages len = %d, want 1", len(messages)) - } - if messages[0].Get("role").String() != "user" { - t.Fatalf("message role = %s, want user", messages[0].Get("role").String()) - } - if messages[0].Get("content").String() != "hello" { - t.Fatalf("message content = %q, want hello", messages[0].Get("content").String()) - } -} - -func TestConvertOpenAIResponsesRequestToClaude_PreservesReasoningBeforeToolUse(t *testing.T) { - input := []byte(`{ - "model": "claude-opus-4-6-thinking", - "input": [ - { - "type":"reasoning", - "summary":[{"type":"summary_text","text":"I should call weather tool"}] - }, - { - "type":"function_call", - "call_id":"call-1", - "name":"weather", - "arguments":"{\"city\":\"sf\"}" - } - ] - }`) - - got := ConvertOpenAIResponsesRequestToClaude("claude-opus-4-6-thinking", input, false) - res := gjson.ParseBytes(got) - - messages := res.Get("messages").Array() - if len(messages) != 1 { - t.Fatalf("messages len = %d, want 1", len(messages)) - } - - content := messages[0].Get("content").Array() - if len(content) != 2 { - t.Fatalf("assistant content len = %d, want 2", len(content)) - } - if content[0].Get("type").String() != "redacted_thinking" { - t.Fatalf("first content type = %s, want redacted_thinking", content[0].Get("type").String()) - } - if content[0].Get("data").String() != "I should call weather tool" { - t.Fatalf("redacted_thinking data = %q", content[0].Get("data").String()) - } - if content[1].Get("type").String() != "tool_use" { - t.Fatalf("second content type = %s, want tool_use", content[1].Get("type").String()) - } -} - -func TestConvertOpenAIResponsesRequestToClaude_SanitizesThinkingSignature(t *testing.T) { - input := []byte(`{ - "model":"claude-opus-4-6", - "input":[ - { - "type":"message", - "role":"assistant", - "content":[ - {"type":"thinking","thinking":"prior provider reasoning","signature":"invalid-signature"}, - {"type":"output_text","text":"tool call next"} - ] - } - ] - }`) - - got := ConvertOpenAIResponsesRequestToClaude("claude-opus-4-6", input, false) - res := gjson.ParseBytes(got) - - first := res.Get("messages.0.content.0") - if first.Get("type").String() != "redacted_thinking" { - t.Fatalf("first content type = %s, want redacted_thinking", first.Get("type").String()) - } - if first.Get("data").String() != "prior provider reasoning" { - t.Fatalf("redacted thinking data = %q", first.Get("data").String()) - } - if first.Get("signature").Exists() { - t.Fatal("redacted_thinking must not carry signature") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_response.go deleted file mode 100644 index 7bba514a27..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_response.go +++ /dev/null @@ -1,688 +0,0 @@ -package responses - -import ( - "bufio" - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type claudeToResponsesState struct { - Seq int - ResponseID string - CreatedAt int64 - CurrentMsgID string - CurrentFCID string - InTextBlock bool - InFuncBlock bool - FuncArgsBuf map[int]*strings.Builder // index -> args - // function call bookkeeping for output aggregation - FuncNames map[int]string // index -> function name - FuncCallIDs map[int]string // index -> call id - // message text aggregation - TextBuf strings.Builder - // reasoning state - ReasoningActive bool - ReasoningItemID string - ReasoningBuf strings.Builder - ReasoningPartAdded bool - ReasoningIndex int - // usage aggregation - InputTokens int64 - OutputTokens int64 - UsageSeen bool -} - -var dataTag = []byte("data:") - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -func emitEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertClaudeResponseToOpenAIResponses converts Claude SSE to OpenAI Responses SSE events. -func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &claudeToResponsesState{FuncArgsBuf: make(map[int]*strings.Builder), FuncNames: make(map[int]string), FuncCallIDs: make(map[int]string)} - } - st := (*param).(*claudeToResponsesState) - - // Expect `data: {..}` from Claude clients - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - root := gjson.ParseBytes(rawJSON) - ev := root.Get("type").String() - var out []string - - nextSeq := func() int { st.Seq++; return st.Seq } - - switch ev { - case "message_start": - if msg := root.Get("message"); msg.Exists() { - st.ResponseID = msg.Get("id").String() - st.CreatedAt = time.Now().Unix() - // Reset per-message aggregation state - st.TextBuf.Reset() - st.ReasoningBuf.Reset() - st.ReasoningActive = false - st.InTextBlock = false - st.InFuncBlock = false - st.CurrentMsgID = "" - st.CurrentFCID = "" - st.ReasoningItemID = "" - st.ReasoningIndex = 0 - st.ReasoningPartAdded = false - st.FuncArgsBuf = make(map[int]*strings.Builder) - st.FuncNames = make(map[int]string) - st.FuncCallIDs = make(map[int]string) - st.InputTokens = 0 - st.OutputTokens = 0 - st.UsageSeen = false - if usage := msg.Get("usage"); usage.Exists() { - if v := usage.Get("input_tokens"); v.Exists() { - st.InputTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("output_tokens"); v.Exists() { - st.OutputTokens = v.Int() - st.UsageSeen = true - } - } - // response.created - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.created", created)) - // response.in_progress - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.in_progress", inprog)) - } - case "content_block_start": - cb := root.Get("content_block") - if !cb.Exists() { - return out - } - idx := int(root.Get("index").Int()) - switch cb.Get("type").String() { - case "text": - // open message item + content part - st.InTextBlock = true - st.CurrentMsgID = fmt.Sprintf("msg_%s_0", st.ResponseID) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.added", item)) - - part := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.content_part.added", part)) - case "tool_use": - st.InFuncBlock = true - st.CurrentFCID = cb.Get("id").String() - name := cb.Get("name").String() - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - item, _ = sjson.Set(item, "item.call_id", st.CurrentFCID) - item, _ = sjson.Set(item, "item.name", name) - out = append(out, emitEvent("response.output_item.added", item)) - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - // record function metadata for aggregation - st.FuncCallIDs[idx] = st.CurrentFCID - st.FuncNames[idx] = name - case "thinking": - // start reasoning item - st.ReasoningActive = true - st.ReasoningIndex = idx - st.ReasoningBuf.Reset() - st.ReasoningItemID = fmt.Sprintf("rs_%s_%d", st.ResponseID, idx) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", st.ReasoningItemID) - out = append(out, emitEvent("response.output_item.added", item)) - // add a summary part placeholder - part := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.ReasoningItemID) - part, _ = sjson.Set(part, "output_index", idx) - out = append(out, emitEvent("response.reasoning_summary_part.added", part)) - st.ReasoningPartAdded = true - } - case "content_block_delta": - d := root.Get("delta") - if !d.Exists() { - return out - } - switch d.Get("type").String() { - case "text_delta": - if t := d.Get("text"); t.Exists() { - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.CurrentMsgID) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.output_text.delta", msg)) - // aggregate text for response.output - st.TextBuf.WriteString(t.String()) - } - case "input_json_delta": - idx := int(root.Get("index").Int()) - if pj := d.Get("partial_json"); pj.Exists() { - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - st.FuncArgsBuf[idx].WriteString(pj.String()) - msg := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - msg, _ = sjson.Set(msg, "output_index", idx) - msg, _ = sjson.Set(msg, "delta", pj.String()) - out = append(out, emitEvent("response.function_call_arguments.delta", msg)) - } - case "thinking_delta": - if st.ReasoningActive { - if t := d.Get("thinking"); t.Exists() { - st.ReasoningBuf.WriteString(t.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningItemID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.reasoning_summary_text.delta", msg)) - } - } - } - case "content_block_stop": - idx := int(root.Get("index").Int()) - if st.InTextBlock { - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_text.done", done)) - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.content_part.done", partDone)) - final := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","text":""}],"role":"assistant"}}` - final, _ = sjson.Set(final, "sequence_number", nextSeq()) - final, _ = sjson.Set(final, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.done", final)) - st.InTextBlock = false - } else if st.InFuncBlock { - args := "{}" - if buf := st.FuncArgsBuf[idx]; buf != nil { - if buf.Len() > 0 { - args = buf.String() - } - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.CurrentFCID) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - st.InFuncBlock = false - } else if st.ReasoningActive { - full := st.ReasoningBuf.String() - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningItemID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", full) - out = append(out, emitEvent("response.reasoning_summary_text.done", textDone)) - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningItemID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", full) - out = append(out, emitEvent("response.reasoning_summary_part.done", partDone)) - st.ReasoningActive = false - st.ReasoningPartAdded = false - } - case "message_delta": - if usage := root.Get("usage"); usage.Exists() { - if v := usage.Get("output_tokens"); v.Exists() { - st.OutputTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("input_tokens"); v.Exists() { - st.InputTokens = v.Int() - st.UsageSeen = true - } - } - case "message_stop": - - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.CreatedAt) - // Inject original request fields into response as per docs/response.completed.json - - reqBytes := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if len(reqBytes) > 0 { - req := gjson.ParseBytes(reqBytes) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - - // Build response.output from aggregated state - outputsWrapper := `{"arr":[]}` - // reasoning item (if any) - if st.ReasoningBuf.Len() > 0 || st.ReasoningPartAdded { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", st.ReasoningItemID) - item, _ = sjson.Set(item, "summary.0.text", st.ReasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - // assistant message item (if any text) - if st.TextBuf.Len() > 0 || st.InTextBlock || st.CurrentMsgID != "" { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", st.CurrentMsgID) - item, _ = sjson.Set(item, "content.0.text", st.TextBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - // function_call items (in ascending index order for determinism) - if len(st.FuncArgsBuf) > 0 { - // collect indices - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for idx := range st.FuncArgsBuf { - idxs = append(idxs, idx) - } - // simple sort (small N), avoid adding new imports - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, idx := range idxs { - args := "" - if b := st.FuncArgsBuf[idx]; b != nil { - args = b.String() - } - callID := st.FuncCallIDs[idx] - name := st.FuncNames[idx] - if callID == "" && st.CurrentFCID != "" { - callID = st.CurrentFCID - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - - reasoningTokens := int64(0) - if st.ReasoningBuf.Len() > 0 { - reasoningTokens = int64(st.ReasoningBuf.Len() / 4) - } - usagePresent := st.UsageSeen || reasoningTokens > 0 - if usagePresent { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.InputTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", 0) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.OutputTokens) - if reasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", reasoningTokens) - } - total := st.InputTokens + st.OutputTokens - if total > 0 || st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - } - out = append(out, emitEvent("response.completed", completed)) - } - - return out -} - -// ConvertClaudeResponseToOpenAIResponsesNonStream aggregates Claude SSE into a single OpenAI Responses JSON. -func ConvertClaudeResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - // Aggregate Claude SSE lines into a single OpenAI Responses JSON (non-stream) - // We follow the same aggregation logic as the streaming variant but produce - // one final object matching docs/out.json structure. - - // Collect SSE data: lines start with "data: "; ignore others - var chunks [][]byte - { - // Use a simple scanner to iterate through raw bytes - // Note: extremely large responses may require increasing the buffer - scanner := bufio.NewScanner(bytes.NewReader(rawJSON)) - buf := make([]byte, 52_428_800) // 50MB - scanner.Buffer(buf, 52_428_800) - for scanner.Scan() { - line := scanner.Bytes() - if !bytes.HasPrefix(line, dataTag) { - continue - } - chunks = append(chunks, line[len(dataTag):]) - } - } - - // Base OpenAI Responses (non-stream) object - out := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null,"output":[],"usage":{"input_tokens":0,"input_tokens_details":{"cached_tokens":0},"output_tokens":0,"output_tokens_details":{},"total_tokens":0}}` - - // Aggregation state - var ( - responseID string - createdAt int64 - currentMsgID string - currentFCID string - textBuf strings.Builder - reasoningBuf strings.Builder - reasoningActive bool - reasoningItemID string - inputTokens int64 - outputTokens int64 - ) - - // Per-index tool call aggregation - type toolState struct { - id string - name string - args strings.Builder - } - toolCalls := make(map[int]*toolState) - - // Walk through SSE chunks to fill state - for _, ch := range chunks { - root := gjson.ParseBytes(ch) - ev := root.Get("type").String() - - switch ev { - case "message_start": - if msg := root.Get("message"); msg.Exists() { - responseID = msg.Get("id").String() - createdAt = time.Now().Unix() - if usage := msg.Get("usage"); usage.Exists() { - inputTokens = usage.Get("input_tokens").Int() - } - } - - case "content_block_start": - cb := root.Get("content_block") - if !cb.Exists() { - continue - } - idx := int(root.Get("index").Int()) - typ := cb.Get("type").String() - switch typ { - case "text": - currentMsgID = "msg_" + responseID + "_0" - case "tool_use": - currentFCID = cb.Get("id").String() - name := cb.Get("name").String() - if toolCalls[idx] == nil { - toolCalls[idx] = &toolState{id: currentFCID, name: name} - } else { - toolCalls[idx].id = currentFCID - toolCalls[idx].name = name - } - case "thinking": - reasoningActive = true - reasoningItemID = fmt.Sprintf("rs_%s_%d", responseID, idx) - } - - case "content_block_delta": - d := root.Get("delta") - if !d.Exists() { - continue - } - dt := d.Get("type").String() - switch dt { - case "text_delta": - if t := d.Get("text"); t.Exists() { - textBuf.WriteString(t.String()) - } - case "input_json_delta": - if pj := d.Get("partial_json"); pj.Exists() { - idx := int(root.Get("index").Int()) - if toolCalls[idx] == nil { - toolCalls[idx] = &toolState{} - } - toolCalls[idx].args.WriteString(pj.String()) - } - case "thinking_delta": - if reasoningActive { - if t := d.Get("thinking"); t.Exists() { - reasoningBuf.WriteString(t.String()) - } - } - } - - case "content_block_stop": - // Nothing special to finalize for non-stream aggregation - _ = root - - case "message_delta": - if usage := root.Get("usage"); usage.Exists() { - outputTokens = usage.Get("output_tokens").Int() - } - } - } - - // Populate base fields - out, _ = sjson.Set(out, "id", responseID) - out, _ = sjson.Set(out, "created_at", createdAt) - - // Inject request echo fields as top-level (similar to streaming variant) - reqBytes := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if len(reqBytes) > 0 { - req := gjson.ParseBytes(reqBytes) - if v := req.Get("instructions"); v.Exists() { - out, _ = sjson.Set(out, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - out, _ = sjson.Set(out, "max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - out, _ = sjson.Set(out, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - out, _ = sjson.Set(out, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - out, _ = sjson.Set(out, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - out, _ = sjson.Set(out, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - out, _ = sjson.Set(out, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - out, _ = sjson.Set(out, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - out, _ = sjson.Set(out, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - out, _ = sjson.Set(out, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - out, _ = sjson.Set(out, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - out, _ = sjson.Set(out, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - out, _ = sjson.Set(out, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - out, _ = sjson.Set(out, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - out, _ = sjson.Set(out, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - out, _ = sjson.Set(out, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - out, _ = sjson.Set(out, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - out, _ = sjson.Set(out, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - out, _ = sjson.Set(out, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - out, _ = sjson.Set(out, "metadata", v.Value()) - } - } - - // Build output array - outputsWrapper := `{"arr":[]}` - if reasoningBuf.Len() > 0 { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", reasoningItemID) - item, _ = sjson.Set(item, "summary.0.text", reasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - if currentMsgID != "" || textBuf.Len() > 0 { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", currentMsgID) - item, _ = sjson.Set(item, "content.0.text", textBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - if len(toolCalls) > 0 { - // Preserve index order - idxs := make([]int, 0, len(toolCalls)) - for i := range toolCalls { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - st := toolCalls[i] - args := st.args.String() - if args == "" { - args = "{}" - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", st.id)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", st.id) - item, _ = sjson.Set(item, "name", st.name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - out, _ = sjson.SetRaw(out, "output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // Usage - total := inputTokens + outputTokens - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - out, _ = sjson.Set(out, "usage.total_tokens", total) - if reasoningBuf.Len() > 0 { - // Rough estimate similar to chat completions - reasoningTokens := int64(len(reasoningBuf.String()) / 4) - if reasoningTokens > 0 { - out, _ = sjson.Set(out, "usage.output_tokens_details.reasoning_tokens", reasoningTokens) - } - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_response_test.go deleted file mode 100644 index 1c40d98425..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/claude_openai-responses_response_test.go +++ /dev/null @@ -1,64 +0,0 @@ -package responses - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertClaudeResponseToOpenAIResponses(t *testing.T) { - ctx := context.Background() - var param any - - // Message start - raw := []byte(`data: {"type": "message_start", "message": {"id": "msg_123", "role": "assistant", "model": "claude-3"}}`) - got := ConvertClaudeResponseToOpenAIResponses(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 2 { - t.Errorf("expected 2 chunks, got %d", len(got)) - } - - // Content block start (text) - raw = []byte(`data: {"type": "content_block_start", "index": 0, "content_block": {"type": "text", "text": ""}}`) - got = ConvertClaudeResponseToOpenAIResponses(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 2 { - t.Errorf("expected 2 chunks, got %d", len(got)) - } - - // Content delta - raw = []byte(`data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "hello"}}`) - got = ConvertClaudeResponseToOpenAIResponses(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Errorf("expected 1 chunk, got %d", len(got)) - } - - // Message stop - raw = []byte(`data: {"type": "message_stop"}`) - got = ConvertClaudeResponseToOpenAIResponses(ctx, "gpt-4o", nil, []byte(`{"model": "gpt-4o"}`), raw, ¶m) - if len(got) != 1 { - t.Errorf("expected 1 chunk, got %d", len(got)) - } - res := gjson.Parse(got[0][strings.Index(got[0], "data: ")+6:]) - if res.Get("type").String() != "response.completed" { - t.Errorf("expected response.completed, got %s", res.Get("type").String()) - } -} - -func TestConvertClaudeResponseToOpenAIResponsesNonStream(t *testing.T) { - raw := []byte(`data: {"type": "message_start", "message": {"id": "msg_123", "model": "claude-3"}} -data: {"type": "content_block_start", "index": 0, "content_block": {"type": "text", "text": ""}} -data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "hello "}} -data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "world"}} -data: {"type": "message_delta", "delta": {"stop_reason": "end_turn"}, "usage": {"input_tokens": 10, "output_tokens": 5}}`) - - got := ConvertClaudeResponseToOpenAIResponsesNonStream(context.Background(), "gpt-4o", nil, nil, raw, nil) - res := gjson.Parse(got) - if res.Get("status").String() != "completed" { - t.Errorf("expected completed, got %s", res.Get("status").String()) - } - output := res.Get("output").Array() - if len(output) == 0 || output[0].Get("content.0.text").String() != "hello world" { - t.Errorf("unexpected content: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/init.go deleted file mode 100644 index 92f455fe10..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/claude/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Claude, - ConvertOpenAIResponsesRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAIResponses, - NonStream: ConvertClaudeResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_request.go deleted file mode 100644 index edfd88001a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_request.go +++ /dev/null @@ -1,370 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// It handles parsing and transforming Claude Code API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude Code API format and the internal client's expected format. -package claude - -import ( - "fmt" - "strconv" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToCodex parses and transforms a Claude Code API request into the internal client format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the internal client. -// The function performs the following transformations: -// 1. Sets up a template with the model name and empty instructions field -// 2. Processes system messages and converts them to developer input content -// 3. Transforms message contents (text, image, tool_use, tool_result) to appropriate formats -// 4. Converts tools declarations to the expected format -// 5. Adds additional configuration parameters for the Codex API -// 6. Maps Claude thinking configuration to Codex reasoning settings -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in internal client format -func ConvertClaudeRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - - template := `{"model":"","instructions":"","input":[]}` - - rootResult := gjson.ParseBytes(rawJSON) - template, _ = sjson.Set(template, "model", modelName) - - // Process system messages and convert them to input content format. - systemsResult := rootResult.Get("system") - if systemsResult.IsArray() { - systemResults := systemsResult.Array() - message := `{"type":"message","role":"developer","content":[]}` - for i := 0; i < len(systemResults); i++ { - systemResult := systemResults[i] - systemTypeResult := systemResult.Get("type") - if systemTypeResult.String() == "text" { - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", i), "input_text") - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.text", i), systemResult.Get("text").String()) - } - } - template, _ = sjson.SetRaw(template, "input.-1", message) - } - - // Process messages and transform their contents to appropriate formats. - messagesResult := rootResult.Get("messages") - if messagesResult.IsArray() { - messageResults := messagesResult.Array() - - for i := 0; i < len(messageResults); i++ { - messageResult := messageResults[i] - messageRole := messageResult.Get("role").String() - - newMessage := func() string { - msg := `{"type": "message","role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", messageRole) - return msg - } - - message := newMessage() - contentIndex := 0 - hasContent := false - - flushMessage := func() { - if hasContent { - template, _ = sjson.SetRaw(template, "input.-1", message) - message = newMessage() - contentIndex = 0 - hasContent = false - } - } - - appendTextContent := func(text string) { - partType := "input_text" - if messageRole == "assistant" { - partType = "output_text" - } - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", contentIndex), partType) - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.text", contentIndex), text) - contentIndex++ - hasContent = true - } - - appendImageContent := func(dataURL string) { - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", contentIndex), "input_image") - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.image_url", contentIndex), dataURL) - contentIndex++ - hasContent = true - } - - messageContentsResult := messageResult.Get("content") - if messageContentsResult.IsArray() { - messageContentResults := messageContentsResult.Array() - for j := 0; j < len(messageContentResults); j++ { - messageContentResult := messageContentResults[j] - contentType := messageContentResult.Get("type").String() - - switch contentType { - case "text": - appendTextContent(messageContentResult.Get("text").String()) - case "image": - sourceResult := messageContentResult.Get("source") - if sourceResult.Exists() { - data := sourceResult.Get("data").String() - if data == "" { - data = sourceResult.Get("base64").String() - } - if data != "" { - mediaType := sourceResult.Get("media_type").String() - if mediaType == "" { - mediaType = sourceResult.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - dataURL := fmt.Sprintf("data:%s;base64,%s", mediaType, data) - appendImageContent(dataURL) - } - } - case "tool_use": - flushMessage() - functionCallMessage := `{"type":"function_call"}` - functionCallMessage, _ = sjson.Set(functionCallMessage, "call_id", messageContentResult.Get("id").String()) - { - name := messageContentResult.Get("name").String() - toolMap := buildReverseMapFromClaudeOriginalToShort(rawJSON) - if short, ok := toolMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - functionCallMessage, _ = sjson.Set(functionCallMessage, "name", name) - } - functionCallMessage, _ = sjson.Set(functionCallMessage, "arguments", messageContentResult.Get("input").Raw) - template, _ = sjson.SetRaw(template, "input.-1", functionCallMessage) - case "tool_result": - flushMessage() - functionCallOutputMessage := `{"type":"function_call_output"}` - functionCallOutputMessage, _ = sjson.Set(functionCallOutputMessage, "call_id", messageContentResult.Get("tool_use_id").String()) - functionCallOutputMessage, _ = sjson.Set(functionCallOutputMessage, "output", messageContentResult.Get("content").String()) - template, _ = sjson.SetRaw(template, "input.-1", functionCallOutputMessage) - } - } - flushMessage() - } else if messageContentsResult.Type == gjson.String { - appendTextContent(messageContentsResult.String()) - flushMessage() - } - } - - } - - // Convert tools declarations to the expected format for the Codex API. - toolsResult := rootResult.Get("tools") - if toolsResult.IsArray() { - template, _ = sjson.SetRaw(template, "tools", `[]`) - template, _ = sjson.Set(template, "tool_choice", `auto`) - toolResults := toolsResult.Array() - // Build short name map from declared tools - var names []string - for i := 0; i < len(toolResults); i++ { - n := toolResults[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - shortMap := buildShortNameMap(names) - for i := 0; i < len(toolResults); i++ { - toolResult := toolResults[i] - // Special handling: map Claude web search tool to Codex web_search - if util.IsWebSearchTool(toolResult.Get("name").String(), toolResult.Get("type").String()) { - // Replace the tool content entirely with {"type":"web_search"} - template, _ = sjson.SetRaw(template, "tools.-1", `{"type":"web_search"}`) - continue - } - // Special handling: Codex sends "custom" type tools (e.g., apply_patch with Lark grammar) - // These have "format" instead of "input_schema" and cannot be directly translated. - // Convert to minimal valid function schema to avoid 400 errors (GitHub #1671). - if toolResult.Get("type").String() == "custom" { - toolName := toolResult.Get("name").String() - toolDesc := toolResult.Get("description").String() - if toolName == "" { - toolName = "custom_tool" - } - minimalTool := fmt.Sprintf(`{"type":"function","name":"%s","description":"%s","parameters":{"type":"object","properties":{}}}`, - toolName, toolDesc) - template, _ = sjson.SetRaw(template, "tools.-1", minimalTool) - continue - } - tool := toolResult.Raw - tool, _ = sjson.Set(tool, "type", "function") - // Apply shortened name if needed - if v := toolResult.Get("name"); v.Exists() { - name := v.String() - if short, ok := shortMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - tool, _ = sjson.Set(tool, "name", name) - } - tool, _ = sjson.SetRaw(tool, "parameters", normalizeToolParameters(toolResult.Get("input_schema").Raw)) - tool, _ = sjson.Delete(tool, "input_schema") - tool, _ = sjson.Delete(tool, "parameters.$schema") - tool, _ = sjson.Set(tool, "strict", false) - template, _ = sjson.SetRaw(template, "tools.-1", tool) - } - } - - // Add additional configuration parameters for the Codex API. - template, _ = sjson.Set(template, "parallel_tool_calls", true) - - // Convert thinking.budget_tokens to reasoning.effort. - reasoningEffort := "medium" - if thinkingConfig := rootResult.Get("thinking"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - switch thinkingConfig.Get("type").String() { - case "enabled": - if budgetTokens := thinkingConfig.Get("budget_tokens"); budgetTokens.Exists() { - budget := int(budgetTokens.Int()) - if effort, ok := thinking.ConvertBudgetToLevel(budget); ok && effort != "" { - reasoningEffort = effort - } - } - case "adaptive": - // Claude adaptive means "enable with max capacity"; keep it as highest level - // and let ApplyThinking normalize per target model capability. - reasoningEffort = string(thinking.LevelXHigh) - case "disabled": - if effort, ok := thinking.ConvertBudgetToLevel(0); ok && effort != "" { - reasoningEffort = effort - } - } - } - template, _ = sjson.Set(template, "reasoning.effort", reasoningEffort) - template, _ = sjson.Set(template, "reasoning.summary", "auto") - template, _ = sjson.Set(template, "stream", true) - template, _ = sjson.Set(template, "store", false) - template, _ = sjson.Set(template, "include", []string{"reasoning.encrypted_content"}) - - return []byte(template) -} - -// shortenNameIfNeeded applies a simple shortening rule for a single name. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -// buildShortNameMap ensures uniqueness of shortened names within a request. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} - -// buildReverseMapFromClaudeOriginalToShort builds original->short map, used to map tool_use names to short. -func buildReverseMapFromClaudeOriginalToShort(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - m := map[string]string{} - if !tools.IsArray() { - return m - } - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - n := arr[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - if len(names) > 0 { - m = buildShortNameMap(names) - } - return m -} - -// normalizeToolParameters ensures object schemas contain at least an empty properties map. -func normalizeToolParameters(raw string) string { - raw = strings.TrimSpace(raw) - if raw == "" || raw == "null" || !gjson.Valid(raw) { - return `{"type":"object","properties":{}}` - } - schema := raw - result := gjson.Parse(raw) - schemaType := result.Get("type").String() - if schemaType == "" { - schema, _ = sjson.Set(schema, "type", "object") - schemaType = "object" - } - if schemaType == "object" && !result.Get("properties").Exists() { - schema, _ = sjson.SetRaw(schema, "properties", `{}`) - } - return schema -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_request_test.go deleted file mode 100644 index 79ab86cf2a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_request_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToCodex(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": "hello"} - ] - }`) - - got := ConvertClaudeRequestToCodex("gpt-4o", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - inputArray := res.Get("input").Array() - if len(inputArray) < 1 { - t.Errorf("expected at least 1 input item, got %d", len(inputArray)) - } -} - -func TestConvertClaudeRequestToCodex_CustomToolConvertedToFunctionSchema(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": "hello"} - ], - "tools": [ - { - "type": "custom", - "name": "apply_patch", - "description": "Apply patch with grammar constraints", - "format": { - "type": "grammar", - "grammar": "start: /[\\s\\S]*/" - } - } - ] - }`) - - got := ConvertClaudeRequestToCodex("gpt-4o", input, true) - res := gjson.ParseBytes(got) - - if toolType := res.Get("tools.0.type").String(); toolType != "function" { - t.Fatalf("expected tools[0].type function, got %s", toolType) - } - if toolName := res.Get("tools.0.name").String(); toolName != "apply_patch" { - t.Fatalf("expected tools[0].name apply_patch, got %s", toolName) - } - if paramType := res.Get("tools.0.parameters.type").String(); paramType != "object" { - t.Fatalf("expected tools[0].parameters.type object, got %s", paramType) - } -} - -func TestConvertClaudeRequestToCodex_WebSearchToolTypeIsMapped(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": "hello"} - ], - "tools": [ - { - "name": "web_search", - "type": "web_search_20250305" - } - ] - }`) - - got := ConvertClaudeRequestToCodex("gpt-4o", input, true) - res := gjson.ParseBytes(got) - - if gotType := res.Get("tools.0.type").String(); gotType != "web_search" { - t.Fatalf("expected mapped web search tool type, got %q", gotType) - } - if toolName := res.Get("tools.0.name").String(); toolName != "" { - t.Fatalf("web_search mapping should not set explicit name, got %q", toolName) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_response.go deleted file mode 100644 index f6d213613d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_response.go +++ /dev/null @@ -1,373 +0,0 @@ -// Package claude provides response translation functionality for Codex to Claude Code API compatibility. -// This package handles the conversion of Codex API responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCodexResponseToClaudeParams holds parameters for response conversion. -type ConvertCodexResponseToClaudeParams struct { - HasToolCall bool - BlockIndex int - HasReceivedArgumentsDelta bool -} - -// ConvertCodexResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates Codex API responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertCodexResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCodexResponseToClaudeParams{ - HasToolCall: false, - BlockIndex: 0, - } - } - - // log.Debugf("rawJSON: %s", string(rawJSON)) - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - output := "" - rootResult := gjson.ParseBytes(rawJSON) - typeResult := rootResult.Get("type") - typeStr := typeResult.String() - template := "" - switch typeStr { - case "response.created": - template = `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"claude-opus-4-1-20250805","stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0},"content":[],"stop_reason":null}}` - template, _ = sjson.Set(template, "message.model", rootResult.Get("response.model").String()) - template, _ = sjson.Set(template, "message.id", rootResult.Get("response.id").String()) - - output = "event: message_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - case "response.reasoning_summary_part.added": - template = `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - case "response.reasoning_summary_text.delta": - template = `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.thinking", rootResult.Get("delta").String()) - - output = "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - case "response.reasoning_summary_part.done": - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - - case "response.content_part.added": - template = `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - case "response.output_text.delta": - template = `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.text", rootResult.Get("delta").String()) - - output = "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - case "response.content_part.done": - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - case "response.completed": - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - p := (*param).(*ConvertCodexResponseToClaudeParams).HasToolCall - stopReason := rootResult.Get("response.stop_reason").String() - if p { - template, _ = sjson.Set(template, "delta.stop_reason", "tool_use") - } else if stopReason == "max_tokens" || stopReason == "stop" { - template, _ = sjson.Set(template, "delta.stop_reason", stopReason) - } else { - template, _ = sjson.Set(template, "delta.stop_reason", "end_turn") - } - inputTokens, outputTokens, cachedTokens := extractResponsesUsage(rootResult.Get("response.usage")) - template, _ = sjson.Set(template, "usage.input_tokens", inputTokens) - template, _ = sjson.Set(template, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - template, _ = sjson.Set(template, "usage.cache_read_input_tokens", cachedTokens) - } - - output = "event: message_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - output += "event: message_stop\n" - output += `data: {"type":"message_stop"}` - output += "\n\n" - case "response.output_item.added": - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - (*param).(*ConvertCodexResponseToClaudeParams).HasToolCall = true - template = `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "content_block.id", itemResult.Get("call_id").String()) - { - // Restore original tool name if shortened - name := itemResult.Get("name").String() - rev := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - template, _ = sjson.Set(template, "content_block.name", name) - } - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - case "response.output_item.done": - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - case "response.function_call_arguments.delta": - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.partial_json", rootResult.Get("delta").String()) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - - return []string{output} -} - -// ConvertCodexResponseToClaudeNonStream converts a non-streaming Codex response to a non-streaming Claude Code response. -// This function processes the complete Codex response and transforms it into a single Claude Code-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Claude Code API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Claude Code-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, _ []byte, rawJSON []byte, _ *any) string { - revNames := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON) - - rootResult := gjson.ParseBytes(rawJSON) - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - responseData := rootResult.Get("response") - if !responseData.Exists() { - return "" - } - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", responseData.Get("id").String()) - out, _ = sjson.Set(out, "model", responseData.Get("model").String()) - inputTokens, outputTokens, cachedTokens := extractResponsesUsage(responseData.Get("usage")) - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - - hasToolCall := false - - if output := responseData.Get("output"); output.Exists() && output.IsArray() { - output.ForEach(func(_, item gjson.Result) bool { - switch item.Get("type").String() { - case "reasoning": - thinkingBuilder := strings.Builder{} - if summary := item.Get("summary"); summary.Exists() { - if summary.IsArray() { - summary.ForEach(func(_, part gjson.Result) bool { - if txt := part.Get("text"); txt.Exists() { - thinkingBuilder.WriteString(txt.String()) - } else { - thinkingBuilder.WriteString(part.String()) - } - return true - }) - } else { - thinkingBuilder.WriteString(summary.String()) - } - } - if thinkingBuilder.Len() == 0 { - if content := item.Get("content"); content.Exists() { - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if txt := part.Get("text"); txt.Exists() { - thinkingBuilder.WriteString(txt.String()) - } else { - thinkingBuilder.WriteString(part.String()) - } - return true - }) - } else { - thinkingBuilder.WriteString(content.String()) - } - } - } - if thinkingBuilder.Len() > 0 { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() { - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "output_text" { - text := part.Get("text").String() - if text != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - return true - }) - } else { - text := content.String() - if text != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - } - case "function_call": - hasToolCall = true - name := item.Get("name").String() - if original, ok := revNames[name]; ok { - name = original - } - - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", item.Get("call_id").String()) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if argsStr := item.Get("arguments").String(); argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - inputRaw = argsJSON.Raw - } - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - } - return true - }) - } - - if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" { - out, _ = sjson.Set(out, "stop_reason", stopReason.String()) - } else if hasToolCall { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - - if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" { - out, _ = sjson.SetRaw(out, "stop_sequence", stopSequence.Raw) - } - - return out -} - -func extractResponsesUsage(usage gjson.Result) (int64, int64, int64) { - if !usage.Exists() || usage.Type == gjson.Null { - return 0, 0, 0 - } - - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cachedTokens := usage.Get("input_tokens_details.cached_tokens").Int() - - if cachedTokens > 0 { - if inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } else { - inputTokens = 0 - } - } - - return inputTokens, outputTokens, cachedTokens -} - -// buildReverseMapFromClaudeOriginalShortToOriginal builds a map[short]original from original Claude request tools. -func buildReverseMapFromClaudeOriginalShortToOriginal(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if !tools.IsArray() { - return rev - } - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - n := arr[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - return rev -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_response_test.go deleted file mode 100644 index 083e03d99b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/codex_claude_response_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package claude - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertCodexResponseToClaude(t *testing.T) { - ctx := context.Background() - var param any - - // response.created - raw := []byte(`data: {"type": "response.created", "response": {"id": "resp_123", "model": "gpt-4o"}}`) - got := ConvertCodexResponseToClaude(ctx, "claude-3", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk, got %d", len(got)) - } - if !strings.Contains(got[0], `"id":"resp_123"`) { - t.Errorf("unexpected output: %s", got[0]) - } - - // response.output_text.delta - raw = []byte(`data: {"type": "response.output_text.delta", "delta": "hello"}`) - got = ConvertCodexResponseToClaude(ctx, "claude-3", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk, got %d", len(got)) - } - if !strings.Contains(got[0], `"text":"hello"`) { - t.Errorf("unexpected output: %s", got[0]) - } -} - -func TestConvertCodexResponseToClaudeNonStream(t *testing.T) { - raw := []byte(`{"type": "response.completed", "response": { - "id": "resp_123", - "model": "gpt-4o", - "output": [ - {"type": "message", "content": [ - {"type": "output_text", "text": "hello"} - ]} - ], - "usage": {"input_tokens": 10, "output_tokens": 5} - }}`) - - got := ConvertCodexResponseToClaudeNonStream(context.Background(), "claude-3", nil, nil, raw, nil) - res := gjson.Parse(got) - if res.Get("id").String() != "resp_123" { - t.Errorf("expected id resp_123, got %s", res.Get("id").String()) - } - if res.Get("content.0.text").String() != "hello" { - t.Errorf("unexpected content: %s", got) - } -} - -func TestConvertCodexResponseToClaude_FunctionCallArgumentsDone(t *testing.T) { - ctx := context.Background() - var param any - - raw := []byte(`data: {"type":"response.function_call_arguments.done","arguments":"{\"x\":1}","output_index":0}`) - got := ConvertCodexResponseToClaude(ctx, "gpt-5.3-codex", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk, got %d", len(got)) - } - if !strings.Contains(got[0], `"content_block_delta"`) { - t.Fatalf("expected content_block_delta event, got %q", got[0]) - } - if !strings.Contains(got[0], `"input_json_delta"`) { - t.Fatalf("expected input_json_delta event, got %q", got[0]) - } - if !strings.Contains(got[0], `\"x\":1`) { - t.Fatalf("expected arguments payload, got %q", got[0]) - } -} - -func TestConvertCodexResponseToClaude_DeduplicatesFunctionCallArgumentsDoneWhenDeltaReceived(t *testing.T) { - ctx := context.Background() - var param any - - doneRaw := []byte(`data: {"type":"response.function_call_arguments.done","arguments":"{\"x\":1}","output_index":0}`) - - // Send delta first to set HasReceivedArgumentsDelta=true. - deltaRaw := []byte(`data: {"type":"response.function_call_arguments.delta","delta":"{\"x\":","output_index":0}`) - gotDelta := ConvertCodexResponseToClaude(ctx, "gpt-5.3-codex", nil, nil, deltaRaw, ¶m) - if len(gotDelta) != 1 { - t.Fatalf("expected 1 chunk for delta, got %d", len(gotDelta)) - } - - gotDone := ConvertCodexResponseToClaude(ctx, "gpt-5.3-codex", nil, nil, doneRaw, ¶m) - if len(gotDone) != 1 || gotDone[0] != "" { - t.Fatalf("expected empty chunk for done event when delta already received, got len=%d, chunk=%q", len(gotDone), gotDone) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/init.go deleted file mode 100644 index f1e8dd869c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Codex, - ConvertClaudeRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToClaude, - NonStream: ConvertCodexResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_request.go deleted file mode 100644 index 4b00053ce0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_request.go +++ /dev/null @@ -1,41 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini CLI to Codex API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Codex API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Codex API's expected format. -package geminiCLI - -import ( - codexgemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToCodex parses and transforms a Gemini CLI API request into Codex API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Codex API. -// The function performs the following transformations: -// 1. Extracts the inner request object and promotes it to the top level -// 2. Restores the model information at the top level -// 3. Converts systemInstruction field to system_instruction for Codex compatibility -// 4. Delegates to the Gemini-to-Codex conversion function for further processing -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Codex API format -func ConvertGeminiCLIRequestToCodex(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelName) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - return codexgemini.ConvertGeminiRequestToCodex(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_request_test.go deleted file mode 100644 index 01af6c0f77..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_request_test.go +++ /dev/null @@ -1,39 +0,0 @@ -package geminiCLI - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiCLIRequestToCodex(t *testing.T) { - input := []byte(`{ - "request": { - "contents": [ - { - "role": "user", - "parts": [ - {"text": "hello"} - ] - } - ], - "systemInstruction": { - "parts": [ - {"text": "system instruction"} - ] - } - } - }`) - - got := ConvertGeminiCLIRequestToCodex("gpt-4o", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - inputArray := res.Get("input").Array() - if len(inputArray) < 1 { - t.Errorf("expected at least 1 input item, got %d", len(inputArray)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_response.go deleted file mode 100644 index aa7a48dc01..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/codex_gemini-cli_response.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package geminiCLI provides response translation functionality for Codex to Gemini CLI API compatibility. -// This package handles the conversion of Codex API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "context" - "fmt" - - codexgemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/gemini" - "github.com/tidwall/sjson" -) - -// ConvertCodexResponseToGeminiCLI converts Codex streaming response format to Gemini CLI format. -// This function processes various Codex event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini CLI API format. -// The function wraps each converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response wrapped in a response object -func ConvertCodexResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := codexgemini.ConvertCodexResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertCodexResponseToGeminiCLINonStream converts a non-streaming Codex response to a non-streaming Gemini CLI response. -// This function processes the complete Codex response and transforms it into a single Gemini-compatible -// JSON response. It wraps the converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: A Gemini-compatible JSON response wrapped in a response object -func ConvertCodexResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - // log.Debug(string(rawJSON)) - strJSON := codexgemini.ConvertCodexResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/init.go deleted file mode 100644 index 3aea61e18f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.Codex, - ConvertGeminiCLIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGeminiCLI, - NonStream: ConvertCodexResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_request.go deleted file mode 100644 index f5513a7bd3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_request.go +++ /dev/null @@ -1,364 +0,0 @@ -// Package gemini provides request translation functionality for Codex to Gemini API compatibility. -// It handles parsing and transforming Codex API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Codex API format and Gemini API's expected format. -package gemini - -import ( - "crypto/rand" - "fmt" - "math/big" - "strconv" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToCodex parses and transforms a Gemini API request into Codex API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Codex API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and generation configuration extraction -// 2. System instruction conversion to Codex format -// 3. Message content conversion with proper role mapping -// 4. Tool call and tool result handling with FIFO queue for ID matching -// 5. Tool declaration and tool choice configuration mapping -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Codex API format -func ConvertGeminiRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base template - out := `{"model":"","instructions":"","input":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Pre-compute tool name shortening map from declared functionDeclarations - shortMap := map[string]string{} - if tools := root.Get("tools"); tools.IsArray() { - var names []string - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - fns := tarr[i].Get("functionDeclarations") - if !fns.IsArray() { - continue - } - for _, fn := range fns.Array() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - if len(names) > 0 { - shortMap = buildShortNameMap(names) - } - } - - // helper for generating paired call IDs in the form: call_ - // Gemini uses sequential pairing across possibly multiple in-flight - // functionCalls, so we keep a FIFO queue of generated call IDs and - // consume them in order when functionResponses arrive. - var pendingCallIDs []string - - // genCallID creates a random call id like: call_<8chars> - genCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 8 chars random suffix - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "call_" + b.String() - } - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // System instruction -> as a user message with input_text parts - sysParts := root.Get("system_instruction.parts") - if sysParts.IsArray() { - msg := `{"type":"message","role":"developer","content":[]}` - arr := sysParts.Array() - for i := 0; i < len(arr); i++ { - p := arr[i] - if t := p.Get("text"); t.Exists() { - part := `{}` - part, _ = sjson.Set(part, "type", "input_text") - part, _ = sjson.Set(part, "text", t.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - } - if len(gjson.Get(msg, "content").Array()) > 0 { - out, _ = sjson.SetRaw(out, "input.-1", msg) - } - } - - // Contents -> messages and function calls/results - contents := root.Get("contents") - if contents.IsArray() { - items := contents.Array() - for i := 0; i < len(items); i++ { - item := items[i] - role := item.Get("role").String() - if role == "model" { - role = "assistant" - } - - parts := item.Get("parts") - if !parts.IsArray() { - continue - } - parr := parts.Array() - for j := 0; j < len(parr); j++ { - p := parr[j] - // text part - if t := p.Get("text"); t.Exists() { - msg := `{"type":"message","role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", t.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - out, _ = sjson.SetRaw(out, "input.-1", msg) - continue - } - - // function call from model - if fc := p.Get("functionCall"); fc.Exists() { - fn := `{"type":"function_call"}` - if name := fc.Get("name"); name.Exists() { - n := name.String() - if short, ok := shortMap[n]; ok { - n = short - } else { - n = shortenNameIfNeeded(n) - } - fn, _ = sjson.Set(fn, "name", n) - } - if args := fc.Get("args"); args.Exists() { - fn, _ = sjson.Set(fn, "arguments", args.Raw) - } - // generate a paired random call_id and enqueue it so the - // corresponding functionResponse can pop the earliest id - // to preserve ordering when multiple calls are present. - id := genCallID() - fn, _ = sjson.Set(fn, "call_id", id) - pendingCallIDs = append(pendingCallIDs, id) - out, _ = sjson.SetRaw(out, "input.-1", fn) - continue - } - - // function response from user - if fr := p.Get("functionResponse"); fr.Exists() { - fno := `{"type":"function_call_output"}` - // Prefer a string result if present; otherwise embed the raw response as a string - if res := fr.Get("response.result"); res.Exists() { - fno, _ = sjson.Set(fno, "output", res.String()) - } else if resp := fr.Get("response"); resp.Exists() { - fno, _ = sjson.Set(fno, "output", resp.Raw) - } - // fno, _ = sjson.Set(fno, "call_id", "call_W6nRJzFXyPM2LFBbfo98qAbq") - // attach the oldest queued call_id to pair the response - // with its call. If the queue is empty, generate a new id. - var id string - if len(pendingCallIDs) > 0 { - id = pendingCallIDs[0] - // pop the first element - pendingCallIDs = pendingCallIDs[1:] - } else { - id = genCallID() - } - fno, _ = sjson.Set(fno, "call_id", id) - out, _ = sjson.SetRaw(out, "input.-1", fno) - continue - } - } - } - } - - // Tools mapping: Gemini functionDeclarations -> Codex tools - tools := root.Get("tools") - if tools.IsArray() { - out, _ = sjson.SetRaw(out, "tools", `[]`) - out, _ = sjson.Set(out, "tool_choice", "auto") - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - td := tarr[i] - fns := td.Get("functionDeclarations") - if !fns.IsArray() { - continue - } - farr := fns.Array() - for j := 0; j < len(farr); j++ { - fn := farr[j] - tool := `{}` - tool, _ = sjson.Set(tool, "type", "function") - if v := fn.Get("name"); v.Exists() { - name := v.String() - if short, ok := shortMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - tool, _ = sjson.Set(tool, "name", name) - } - if v := fn.Get("description"); v.Exists() { - tool, _ = sjson.Set(tool, "description", v.String()) - } - if prm := fn.Get("parameters"); prm.Exists() { - // Remove optional $schema field if present - cleaned := prm.Raw - cleaned, _ = sjson.Delete(cleaned, "$schema") - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - tool, _ = sjson.SetRaw(tool, "parameters", cleaned) - } else if prm = fn.Get("parametersJsonSchema"); prm.Exists() { - // Remove optional $schema field if present - cleaned := prm.Raw - cleaned, _ = sjson.Delete(cleaned, "$schema") - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - tool, _ = sjson.SetRaw(tool, "parameters", cleaned) - } - tool, _ = sjson.Set(tool, "strict", false) - out, _ = sjson.SetRaw(out, "tools.-1", tool) - } - } - } - - // Fixed flags aligning with Codex expectations - out, _ = sjson.Set(out, "parallel_tool_calls", true) - - // Convert Gemini thinkingConfig to Codex reasoning.effort. - // Note: Google official Python SDK sends snake_case fields (thinking_level/thinking_budget). - effortSet := false - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - effort := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning.effort", effort) - effortSet = true - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - if effort, ok := thinking.ConvertBudgetToLevel(int(thinkingBudget.Int())); ok { - out, _ = sjson.Set(out, "reasoning.effort", effort) - effortSet = true - } - } - } - } - } - if !effortSet { - // No thinking config, set default effort - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - out, _ = sjson.Set(out, "reasoning.summary", "auto") - out, _ = sjson.Set(out, "stream", true) - out, _ = sjson.Set(out, "store", false) - out, _ = sjson.Set(out, "include", []string{"reasoning.encrypted_content"}) - - var pathsToLower []string - toolsResult := gjson.Get(out, "tools") - util.Walk(toolsResult, "", "type", &pathsToLower) - for _, p := range pathsToLower { - fullPath := fmt.Sprintf("tools.%s", p) - out, _ = sjson.Set(out, fullPath, strings.ToLower(gjson.Get(out, fullPath).String())) - } - - return []byte(out) -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -// buildShortNameMap ensures uniqueness of shortened names within a request. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_request_test.go deleted file mode 100644 index 416bfc8c68..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_request_test.go +++ /dev/null @@ -1,37 +0,0 @@ -package gemini - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToCodex(t *testing.T) { - input := []byte(`{ - "contents": [ - { - "role": "user", - "parts": [ - {"text": "hello"} - ] - } - ], - "system_instruction": { - "parts": [ - {"text": "system instruction"} - ] - } - }`) - - got := ConvertGeminiRequestToCodex("gpt-4o", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - inputArray := res.Get("input").Array() - if len(inputArray) < 1 { - t.Errorf("expected at least 1 input item, got %d", len(inputArray)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_response.go deleted file mode 100644 index f65d443ee8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_response.go +++ /dev/null @@ -1,313 +0,0 @@ -// Package gemini provides response translation functionality for Codex to Gemini API compatibility. -// This package handles the conversion of Codex API responses into Gemini-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. -package gemini - -import ( - "bytes" - "context" - "fmt" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCodexResponseToGeminiParams holds parameters for response conversion. -type ConvertCodexResponseToGeminiParams struct { - Model string - CreatedAt int64 - ResponseID string - LastStorageOutput string -} - -// ConvertCodexResponseToGemini converts Codex streaming response format to Gemini format. -// This function processes various Codex event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// The function maintains state across multiple calls to ensure proper response sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response -func ConvertCodexResponseToGemini(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCodexResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - LastStorageOutput: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - rootResult := gjson.ParseBytes(rawJSON) - typeResult := rootResult.Get("type") - typeStr := typeResult.String() - - // Base Gemini response template - template := `{"candidates":[{"content":{"role":"model","parts":[]}}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"gemini-2.5-pro","createTime":"2025-08-15T02:52:03.884209Z","responseId":"06CeaPH7NaCU48APvNXDyA4"}` - if (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput != "" && typeStr == "response.output_item.done" { - template = (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput - } else { - template, _ = sjson.Set(template, "modelVersion", (*param).(*ConvertCodexResponseToGeminiParams).Model) - createdAtResult := rootResult.Get("response.created_at") - if createdAtResult.Exists() { - (*param).(*ConvertCodexResponseToGeminiParams).CreatedAt = createdAtResult.Int() - template, _ = sjson.Set(template, "createTime", time.Unix((*param).(*ConvertCodexResponseToGeminiParams).CreatedAt, 0).Format(time.RFC3339Nano)) - } - template, _ = sjson.Set(template, "responseId", (*param).(*ConvertCodexResponseToGeminiParams).ResponseID) - } - - // Handle function call completion - if typeStr == "response.output_item.done" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - // Create function call part - functionCall := `{"functionCall":{"name":"","args":{}}}` - { - // Restore original tool name if shortened - n := itemResult.Get("name").String() - rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCall, _ = sjson.Set(functionCall, "functionCall.name", n) - } - - // Parse and set arguments - argsStr := itemResult.Get("arguments").String() - if argsStr != "" { - argsResult := gjson.Parse(argsStr) - if argsResult.IsObject() { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsStr) - } - } - - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", functionCall) - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - - (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput = template - - // Use this return to storage message - return []string{} - } - } - - switch typeStr { - case "response.created": // Handle response creation - set model and response ID - template, _ = sjson.Set(template, "modelVersion", rootResult.Get("response.model").String()) - template, _ = sjson.Set(template, "responseId", rootResult.Get("response.id").String()) - (*param).(*ConvertCodexResponseToGeminiParams).ResponseID = rootResult.Get("response.id").String() - case "response.reasoning_summary_text.delta": // Handle reasoning/thinking content delta - part := `{"thought":true,"text":""}` - part, _ = sjson.Set(part, "text", rootResult.Get("delta").String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - case "response.output_text.delta": // Handle regular text content delta - part := `{"text":""}` - part, _ = sjson.Set(part, "text", rootResult.Get("delta").String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - case "response.completed": // Handle response completion with usage metadata - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", rootResult.Get("response.usage.input_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", rootResult.Get("response.usage.output_tokens").Int()) - totalTokens := rootResult.Get("response.usage.input_tokens").Int() + rootResult.Get("response.usage.output_tokens").Int() - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens) - default: - return []string{} - } - - if (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput != "" { - return []string{(*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput, template} - } else { - return []string{template} - } - -} - -// ConvertCodexResponseToGeminiNonStream converts a non-streaming Codex response to a non-streaming Gemini response. -// This function processes the complete Codex response and transforms it into a single Gemini-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Gemini API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - // Base Gemini response template for non-streaming - template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - template, _ = sjson.Set(template, "modelVersion", modelName) - - // Set response metadata from the completed response - responseData := rootResult.Get("response") - if responseData.Exists() { - // Set response ID - if responseId := responseData.Get("id"); responseId.Exists() { - template, _ = sjson.Set(template, "responseId", responseId.String()) - } - - // Set creation time - if createdAt := responseData.Get("created_at"); createdAt.Exists() { - template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano)) - } - - // Set usage metadata - if usage := responseData.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - totalTokens := inputTokens + outputTokens - - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens) - } - - // Process output content to build parts array - hasToolCall := false - var pendingFunctionCalls []string - - flushPendingFunctionCalls := func() { - if len(pendingFunctionCalls) == 0 { - return - } - // Add all pending function calls as individual parts - // This maintains the original Gemini API format while ensuring consecutive calls are grouped together - for _, fc := range pendingFunctionCalls { - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", fc) - } - pendingFunctionCalls = nil - } - - if output := responseData.Get("output"); output.Exists() && output.IsArray() { - output.ForEach(func(key, value gjson.Result) bool { - itemType := value.Get("type").String() - - switch itemType { - case "reasoning": - // Flush any pending function calls before adding non-function content - flushPendingFunctionCalls() - - // Add thinking content - if content := value.Get("content"); content.Exists() { - part := `{"text":"","thought":true}` - part, _ = sjson.Set(part, "text", content.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } - - case "message": - // Flush any pending function calls before adding non-function content - flushPendingFunctionCalls() - - // Add regular text content - if content := value.Get("content"); content.Exists() && content.IsArray() { - content.ForEach(func(_, contentItem gjson.Result) bool { - if contentItem.Get("type").String() == "output_text" { - if text := contentItem.Get("text"); text.Exists() { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } - } - return true - }) - } - - case "function_call": - // Collect function call for potential merging with consecutive ones - hasToolCall = true - functionCall := `{"functionCall":{"args":{},"name":""}}` - { - n := value.Get("name").String() - rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCall, _ = sjson.Set(functionCall, "functionCall.name", n) - } - - // Parse and set arguments - if argsStr := value.Get("arguments").String(); argsStr != "" { - argsResult := gjson.Parse(argsStr) - if argsResult.IsObject() { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsStr) - } - } - - pendingFunctionCalls = append(pendingFunctionCalls, functionCall) - } - return true - }) - - // Handle any remaining pending function calls at the end - flushPendingFunctionCalls() - } - - // Set finish reason based on whether there were tool calls - if hasToolCall { - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } else { - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } - } - return template -} - -// buildReverseMapFromGeminiOriginal builds a map[short]original from original Gemini request tools. -func buildReverseMapFromGeminiOriginal(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if !tools.IsArray() { - return rev - } - var names []string - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - fns := tarr[i].Get("functionDeclarations") - if !fns.IsArray() { - continue - } - for _, fn := range fns.Array() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - return rev -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_response_test.go deleted file mode 100644 index 74510fa1f9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/codex_gemini_response_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package gemini - -import ( - "context" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertCodexResponseToGemini(t *testing.T) { - ctx := context.Background() - var param any - - // response.created - raw := []byte(`data: {"type": "response.created", "response": {"id": "resp_123", "model": "gpt-4o"}}`) - got := ConvertCodexResponseToGemini(ctx, "gemini-1.5-pro", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk, got %d", len(got)) - } - res := gjson.Parse(got[0]) - if res.Get("responseId").String() != "resp_123" { - t.Errorf("unexpected output: %s", got[0]) - } - - // response.output_text.delta - raw = []byte(`data: {"type": "response.output_text.delta", "delta": "hello"}`) - got = ConvertCodexResponseToGemini(ctx, "gemini-1.5-pro", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk, got %d", len(got)) - } - res = gjson.Parse(got[0]) - if res.Get("candidates.0.content.parts.0.text").String() != "hello" { - t.Errorf("unexpected output: %s", got[0]) - } -} - -func TestConvertCodexResponseToGeminiNonStream(t *testing.T) { - raw := []byte(`{"type": "response.completed", "response": { - "id": "resp_123", - "model": "gpt-4o", - "output": [ - {"type": "message", "content": [ - {"type": "output_text", "text": "hello"} - ]} - ], - "usage": {"input_tokens": 10, "output_tokens": 5} - }}`) - - got := ConvertCodexResponseToGeminiNonStream(context.Background(), "gemini-1.5-pro", nil, nil, raw, nil) - res := gjson.Parse(got) - if res.Get("responseId").String() != "resp_123" { - t.Errorf("expected id resp_123, got %s", res.Get("responseId").String()) - } - if res.Get("candidates.0.content.parts.0.text").String() != "hello" { - t.Errorf("unexpected content: %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/init.go deleted file mode 100644 index 095dc20d93..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.Codex, - ConvertGeminiRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGemini, - NonStream: ConvertCodexResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go deleted file mode 100644 index a343f24ea9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go +++ /dev/null @@ -1,449 +0,0 @@ -// Package openai provides utilities to translate OpenAI Chat Completions -// request JSON into OpenAI Responses API request JSON using gjson/sjson. -// It supports tools, multimodal text/image inputs, and Structured Outputs. -// The package handles the conversion of OpenAI API requests into the format -// expected by the OpenAI Responses API, including proper mapping of messages, -// tools, and generation parameters. -package chat_completions - -import ( - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIRequestToCodex converts an OpenAI Chat Completions request JSON -// into an OpenAI Responses API request JSON. The transformation follows the -// examples defined in docs/2.md exactly, including tools, multi-turn dialog, -// multimodal text/image handling, and Structured Outputs mapping. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI Chat Completions API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in OpenAI Responses API format -func ConvertOpenAIRequestToCodex(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Start with empty JSON object - out := `{"instructions":""}` - - // Stream must be set to true - out, _ = sjson.Set(out, "stream", stream) - - // Codex not support temperature, top_p, top_k, max_output_tokens, so comment them - // if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() { - // out, _ = sjson.Set(out, "temperature", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() { - // out, _ = sjson.Set(out, "top_p", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() { - // out, _ = sjson.Set(out, "top_k", v.Value()) - // } - - // Map token limits - // if v := gjson.GetBytes(rawJSON, "max_tokens"); v.Exists() { - // out, _ = sjson.Set(out, "max_output_tokens", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "max_completion_tokens"); v.Exists() { - // out, _ = sjson.Set(out, "max_output_tokens", v.Value()) - // } - - // Map reasoning effort; support flat legacy field and variant fallback. - if v := gjson.GetBytes(rawJSON, "reasoning_effort"); v.Exists() { - out, _ = sjson.Set(out, "reasoning.effort", v.Value()) - } else if v := gjson.GetBytes(rawJSON, `reasoning\.effort`); v.Exists() { - out, _ = sjson.Set(out, "reasoning.effort", v.Value()) - } else if v := gjson.GetBytes(rawJSON, "variant"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort == "" { - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } else { - out, _ = sjson.Set(out, "reasoning.effort", effort) - } - } else { - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - out, _ = sjson.Set(out, "parallel_tool_calls", true) - out, _ = sjson.Set(out, "reasoning.summary", "auto") - out, _ = sjson.Set(out, "include", []string{"reasoning.encrypted_content"}) - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // Build tool name shortening map from original tools (if any) - originalToolNameMap := map[string]string{} - { - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - // Collect original tool names - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - } - if len(names) > 0 { - originalToolNameMap = buildShortNameMap(names) - } - } - } - - // Extract system instructions from first system message (string or text object) - messages := gjson.GetBytes(rawJSON, "messages") - // if messages.IsArray() { - // arr := messages.Array() - // for i := 0; i < len(arr); i++ { - // m := arr[i] - // if m.Get("role").String() == "system" { - // c := m.Get("content") - // if c.Type == gjson.String { - // out, _ = sjson.Set(out, "instructions", c.String()) - // } else if c.IsObject() && c.Get("type").String() == "text" { - // out, _ = sjson.Set(out, "instructions", c.Get("text").String()) - // } - // break - // } - // } - // } - - // Build input from messages, handling all message types including tool calls - out, _ = sjson.SetRaw(out, "input", `[]`) - if messages.IsArray() { - arr := messages.Array() - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - - switch role { - case "tool": - // Handle tool response messages as top-level function_call_output objects - toolCallID := m.Get("tool_call_id").String() - content := m.Get("content").String() - - // Create function_call_output object - funcOutput := `{}` - funcOutput, _ = sjson.Set(funcOutput, "type", "function_call_output") - funcOutput, _ = sjson.Set(funcOutput, "call_id", toolCallID) - funcOutput, _ = sjson.Set(funcOutput, "output", content) - out, _ = sjson.SetRaw(out, "input.-1", funcOutput) - - default: - // Handle regular messages - msg := `{}` - msg, _ = sjson.Set(msg, "type", "message") - if role == "system" { - msg, _ = sjson.Set(msg, "role", "developer") - } else { - msg, _ = sjson.Set(msg, "role", role) - } - - msg, _ = sjson.SetRaw(msg, "content", `[]`) - - // Handle regular content - c := m.Get("content") - if c.Exists() && c.Type == gjson.String && c.String() != "" { - // Single string content - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", c.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } else if c.Exists() && c.IsArray() { - items := c.Array() - for j := 0; j < len(items); j++ { - it := items[j] - t := it.Get("type").String() - switch t { - case "text": - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", it.Get("text").String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - case "image_url": - // Map image inputs to input_image for Responses API - if role == "user" { - part := `{}` - part, _ = sjson.Set(part, "type", "input_image") - if u := it.Get("image_url.url"); u.Exists() { - part, _ = sjson.Set(part, "image_url", u.String()) - } - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - case "file": - // Files are not specified in examples; skip for now - } - } - } - - out, _ = sjson.SetRaw(out, "input.-1", msg) - - // Handle tool calls for assistant messages as separate top-level objects - if role == "assistant" { - toolCalls := m.Get("tool_calls") - if toolCalls.Exists() && toolCalls.IsArray() { - toolCallsArr := toolCalls.Array() - for j := 0; j < len(toolCallsArr); j++ { - tc := toolCallsArr[j] - if tc.Get("type").String() == "function" { - // Create function_call as top-level object - funcCall := `{}` - funcCall, _ = sjson.Set(funcCall, "type", "function_call") - funcCall, _ = sjson.Set(funcCall, "call_id", tc.Get("id").String()) - { - name := normalizeToolNameAgainstMap(tc.Get("function.name").String(), originalToolNameMap) - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - funcCall, _ = sjson.Set(funcCall, "name", name) - } - funcCall, _ = sjson.Set(funcCall, "arguments", tc.Get("function.arguments").String()) - out, _ = sjson.SetRaw(out, "input.-1", funcCall) - } - } - } - } - } - } - } - - // Map response_format and text settings to Responses API text.format - rf := gjson.GetBytes(rawJSON, "response_format") - text := gjson.GetBytes(rawJSON, "text") - if rf.Exists() { - // Always create text object when response_format provided - if !gjson.Get(out, "text").Exists() { - out, _ = sjson.SetRaw(out, "text", `{}`) - } - - rft := rf.Get("type").String() - switch rft { - case "text": - out, _ = sjson.Set(out, "text.format.type", "text") - case "json_schema": - js := rf.Get("json_schema") - if js.Exists() { - out, _ = sjson.Set(out, "text.format.type", "json_schema") - if v := js.Get("name"); v.Exists() { - out, _ = sjson.Set(out, "text.format.name", v.Value()) - } - if v := js.Get("strict"); v.Exists() { - out, _ = sjson.Set(out, "text.format.strict", v.Value()) - } - if v := js.Get("schema"); v.Exists() { - out, _ = sjson.SetRaw(out, "text.format.schema", v.Raw) - } - } - } - - // Map verbosity if provided - if text.Exists() { - if v := text.Get("verbosity"); v.Exists() { - out, _ = sjson.Set(out, "text.verbosity", v.Value()) - } - } - } else if text.Exists() { - // If only text.verbosity present (no response_format), map verbosity - if v := text.Get("verbosity"); v.Exists() { - if !gjson.Get(out, "text").Exists() { - out, _ = sjson.SetRaw(out, "text", `{}`) - } - out, _ = sjson.Set(out, "text.verbosity", v.Value()) - } - } - - // Map tools (flatten function fields) - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", `[]`) - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - toolType := t.Get("type").String() - // Pass through built-in tools (e.g. {"type":"web_search"}) directly for the Responses API. - // Only "function" needs structural conversion because Chat Completions nests details under "function". - if toolType != "" && toolType != "function" && t.IsObject() { - out, _ = sjson.SetRaw(out, "tools.-1", t.Raw) - continue - } - - if toolType == "function" { - item := `{}` - item, _ = sjson.Set(item, "type", "function") - fn := t.Get("function") - if fn.Exists() { - if v := fn.Get("name"); v.Exists() { - name := normalizeToolNameAgainstMap(v.String(), originalToolNameMap) - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - item, _ = sjson.Set(item, "name", name) - } - if v := fn.Get("description"); v.Exists() { - item, _ = sjson.Set(item, "description", v.Value()) - } - if v := fn.Get("parameters"); v.Exists() { - item, _ = sjson.SetRaw(item, "parameters", v.Raw) - } - if v := fn.Get("strict"); v.Exists() { - item, _ = sjson.Set(item, "strict", v.Value()) - } - } - out, _ = sjson.SetRaw(out, "tools.-1", item) - } - } - } - - // Map tool_choice when present. - // Chat Completions: "tool_choice" can be a string ("auto"/"none") or an object (e.g. {"type":"function","function":{"name":"..."}}). - // Responses API: keep built-in tool choices as-is; flatten function choice to {"type":"function","name":"..."}. - if tc := gjson.GetBytes(rawJSON, "tool_choice"); tc.Exists() { - switch { - case tc.Type == gjson.String: - out, _ = sjson.Set(out, "tool_choice", tc.String()) - case tc.IsObject(): - tcType := tc.Get("type").String() - if tcType == "function" { - name := normalizeToolNameAgainstMap(tc.Get("function.name").String(), originalToolNameMap) - if name != "" { - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - } - choice := `{}` - choice, _ = sjson.Set(choice, "type", "function") - if name != "" { - choice, _ = sjson.Set(choice, "name", name) - } - out, _ = sjson.SetRaw(out, "tool_choice", choice) - } else if tcType != "" { - // Built-in tool choices (e.g. {"type":"web_search"}) are already Responses-compatible. - out, _ = sjson.SetRaw(out, "tool_choice", tc.Raw) - } - } - } - - out, _ = sjson.Set(out, "store", false) - return []byte(out) -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -// If the name length exceeds 64, it will try to preserve the "mcp__" prefix and last segment. -// Otherwise it truncates to 64 characters. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - // Keep prefix and last segment after '__' - idx := strings.LastIndex(name, "__") - if idx > 0 { - candidate := "mcp__" + name[idx+2:] - if len(candidate) > limit { - return candidate[:limit] - } - return candidate - } - } - return name[:limit] -} - -// buildShortNameMap generates unique short names (<=64) for the given list of names. -// It preserves the "mcp__" prefix with the last segment when possible and ensures uniqueness -// by appending suffixes like "~1", "~2" if needed. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} - -func normalizeToolNameAgainstMap(name string, m map[string]string) string { - if name == "" { - return name - } - if _, ok := m[name]; ok { - return name - } - - const proxyPrefix = "proxy_" - if strings.HasPrefix(name, proxyPrefix) { - trimmed := strings.TrimPrefix(name, proxyPrefix) - if _, ok := m[trimmed]; ok { - return trimmed - } - } - - return name -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go deleted file mode 100644 index 1cd689c16c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go +++ /dev/null @@ -1,212 +0,0 @@ -package chat_completions - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIRequestToCodex(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [ - {"role": "user", "content": "hello"} - ] - }`) - - got := ConvertOpenAIRequestToCodex("gpt-4o", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - if res.Get("reasoning.effort").String() != "medium" { - t.Errorf("expected reasoning.effort medium, got %s", res.Get("reasoning.effort").String()) - } - - inputArray := res.Get("input").Array() - if len(inputArray) != 1 { - t.Errorf("expected 1 input item, got %d", len(inputArray)) - } - - // Test with image and tool calls - input2 := []byte(`{ - "model": "gpt-4o", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "hi"}, {"type": "image_url", "image_url": {"url": "http://img"}}]}, - {"role": "assistant", "tool_calls": [{"id": "c1", "type": "function", "function": {"name": "f1", "arguments": "{}"}}]} - ], - "tools": [{"type": "function", "function": {"name": "f1", "description": "d1", "parameters": {"type": "object"}}}], - "reasoning_effort": "high" - }`) - - got2 := ConvertOpenAIRequestToCodex("gpt-4o", input2, false) - res2 := gjson.ParseBytes(got2) - - if res2.Get("reasoning.effort").String() != "high" { - t.Errorf("expected reasoning.effort high, got %s", res2.Get("reasoning.effort").String()) - } - - inputArray2 := res2.Get("input").Array() - // user message + assistant message (empty content) + function_call message - if len(inputArray2) != 3 { - t.Fatalf("expected 3 input items, got %d", len(inputArray2)) - } - - if inputArray2[2].Get("type").String() != "function_call" { - t.Errorf("expected third input item to be function_call, got %s", inputArray2[2].Get("type").String()) - } -} - -func TestConvertOpenAIRequestToCodex_NormalizesProxyPrefixedToolChoice(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [{"role": "user", "content": "hello"}], - "tools": [ - { - "type": "function", - "function": { - "name": "search_docs", - "description": "search", - "parameters": {"type": "object"} - } - } - ], - "tool_choice": { - "type": "function", - "function": {"name": "proxy_search_docs"} - } - }`) - - got := ConvertOpenAIRequestToCodex("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if toolName := res.Get("tools.0.name").String(); toolName != "search_docs" { - t.Fatalf("expected tools[0].name search_docs, got %s", toolName) - } - if choiceName := res.Get("tool_choice.name").String(); choiceName != "search_docs" { - t.Fatalf("expected tool_choice.name search_docs, got %s", choiceName) - } -} - -func TestConvertOpenAIRequestToCodex_NormalizesProxyPrefixedAssistantToolCall(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [ - {"role": "user", "content": "hello"}, - { - "role": "assistant", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": {"name": "proxy_search_docs", "arguments": "{}"} - } - ] - } - ], - "tools": [ - { - "type": "function", - "function": { - "name": "search_docs", - "description": "search", - "parameters": {"type": "object"} - } - } - ] - }`) - - got := ConvertOpenAIRequestToCodex("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if callName := res.Get("input.2.name").String(); callName != "search_docs" { - t.Fatalf("expected function_call name search_docs, got %s", callName) - } -} - -func TestConvertOpenAIRequestToCodex_UsesVariantFallbackWhenReasoningEffortMissing(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [{"role": "user", "content": "hello"}], - "variant": "high" - }`) - - got := ConvertOpenAIRequestToCodex("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if gotEffort := res.Get("reasoning.effort").String(); gotEffort != "high" { - t.Fatalf("expected reasoning.effort to use variant fallback high, got %s", gotEffort) - } -} - -func TestConvertOpenAIRequestToCodex_UsesLegacyFlatReasoningEffortField(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [{"role":"user","content":"hello"}], - "reasoning.effort": "low" - }`) - got := ConvertOpenAIRequestToCodex("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if gotEffort := res.Get("reasoning.effort").String(); gotEffort != "low" { - t.Fatalf("expected reasoning.effort to use legacy flat field low, got %s", gotEffort) - } -} - -func TestConvertOpenAIRequestToCodex_UsesReasoningEffortBeforeVariant(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [{"role": "user", "content": "hello"}], - "reasoning_effort": "low", - "variant": "high" - }`) - - got := ConvertOpenAIRequestToCodex("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if gotEffort := res.Get("reasoning.effort").String(); gotEffort != "low" { - t.Fatalf("expected reasoning.effort to prefer reasoning_effort low, got %s", gotEffort) - } -} - -func TestConvertOpenAIRequestToCodex_ResponseFormatMapsToTextFormat(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "messages": [{"role":"user","content":"Return JSON"}], - "response_format": { - "type": "json_schema", - "json_schema": { - "name": "answer", - "strict": true, - "schema": { - "type": "object", - "properties": { - "result": {"type":"string"} - }, - "required": ["result"] - } - } - } - }`) - - got := ConvertOpenAIRequestToCodex("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if res.Get("response_format").Exists() { - t.Fatalf("expected response_format to be removed from codex payload") - } - if gotType := res.Get("text.format.type").String(); gotType != "json_schema" { - t.Fatalf("expected text.format.type json_schema, got %s", gotType) - } - if gotName := res.Get("text.format.name").String(); gotName != "answer" { - t.Fatalf("expected text.format.name answer, got %s", gotName) - } - if gotStrict := res.Get("text.format.strict").Bool(); !gotStrict { - t.Fatalf("expected text.format.strict true") - } - if !res.Get("text.format.schema").Exists() { - t.Fatalf("expected text.format.schema to be present") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_response.go deleted file mode 100644 index e20cffc211..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_response.go +++ /dev/null @@ -1,410 +0,0 @@ -// Package openai provides response translation functionality for Codex to OpenAI API compatibility. -// This package handles the conversion of Codex API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCliToOpenAIParams holds parameters for response conversion. -type ConvertCliToOpenAIParams struct { - ResponseID string - CreatedAt int64 - Model string - FunctionCallIndex int - HasReceivedArgumentsDelta bool - HasToolCallAnnounced bool -} - -// ConvertCodexResponseToOpenAI translates a single chunk of a streaming response from the -// Codex API format to the OpenAI Chat Completions streaming format. -// It processes various Codex event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertCodexResponseToOpenAI(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCliToOpenAIParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - FunctionCallIndex: -1, - HasReceivedArgumentsDelta: false, - HasToolCallAnnounced: false, - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - rootResult := gjson.ParseBytes(rawJSON) - - typeResult := rootResult.Get("type") - dataType := typeResult.String() - if dataType == "response.created" { - (*param).(*ConvertCliToOpenAIParams).ResponseID = rootResult.Get("response.id").String() - (*param).(*ConvertCliToOpenAIParams).CreatedAt = rootResult.Get("response.created_at").Int() - (*param).(*ConvertCliToOpenAIParams).Model = rootResult.Get("response.model").String() - return []string{} - } - - // Extract and set the model version. - if modelResult := gjson.GetBytes(rawJSON, "model"); modelResult.Exists() { - template, _ = sjson.Set(template, "model", modelResult.String()) - } - - template, _ = sjson.Set(template, "created", (*param).(*ConvertCliToOpenAIParams).CreatedAt) - - // Extract and set the response ID. - template, _ = sjson.Set(template, "id", (*param).(*ConvertCliToOpenAIParams).ResponseID) - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usage"); usageResult.Exists() { - if outputTokensResult := usageResult.Get("output_tokens"); outputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokensResult.Int()) - } - if totalTokensResult := usageResult.Get("total_tokens"); totalTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokensResult.Int()) - } - if inputTokensResult := usageResult.Get("input_tokens"); inputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokensResult.Int()) - } - if cachedTokensResult := usageResult.Get("input_tokens_details.cached_tokens"); cachedTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokensResult.Int()) - } - if reasoningTokensResult := usageResult.Get("output_tokens_details.reasoning_tokens"); reasoningTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", reasoningTokensResult.Int()) - } - } - - switch dataType { - case "response.reasoning_summary_text.delta": - if deltaResult := rootResult.Get("delta"); deltaResult.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", deltaResult.String()) - } - case "response.reasoning_summary_text.done": - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", "\n\n") - case "response.output_text.delta": - if deltaResult := rootResult.Get("delta"); deltaResult.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.content", deltaResult.String()) - } - case "response.completed": - finishReason := "stop" - if (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex != -1 { - finishReason = "tool_calls" - } - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - case "response.output_item.added": - itemResult := rootResult.Get("item") - if !itemResult.Exists() || itemResult.Get("type").String() != "function_call" { - return []string{} - } - - // Increment index for this new function call item. - (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex++ - (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta = false - (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced = true - - functionCallItemTemplate := `{"index":0,"id":"","type":"function","function":{"name":"","arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", itemResult.Get("call_id").String()) - - // Restore original tool name if it was shortened. - name := itemResult.Get("name").String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", name) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", "") - - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - case "response.function_call_arguments.delta": - (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta = true - - deltaValue := rootResult.Get("delta").String() - functionCallItemTemplate := `{"index":0,"function":{"arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", deltaValue) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - case "response.function_call_arguments.done": - if (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta { - // Arguments were already streamed via delta events; nothing to emit. - return []string{} - } - - // Fallback: no delta events were received, emit the full arguments as a single chunk. - fullArgs := rootResult.Get("arguments").String() - functionCallItemTemplate := `{"index":0,"function":{"arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", fullArgs) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - case "response.output_item.done": - itemResult := rootResult.Get("item") - if !itemResult.Exists() || itemResult.Get("type").String() != "function_call" { - return []string{} - } - - if (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced { - // Tool call was already announced via output_item.added; skip emission. - (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced = false - return []string{} - } - - // Fallback path: model skipped output_item.added, so emit complete tool call now. - (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex++ - - functionCallItemTemplate := `{"index":0,"id":"","type":"function","function":{"name":"","arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", itemResult.Get("call_id").String()) - - // Restore original tool name if it was shortened. - name := itemResult.Get("name").String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", name) - - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", itemResult.Get("arguments").String()) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - default: - return []string{} - } - - return []string{template} -} - -// ConvertCodexResponseToOpenAINonStream converts a non-streaming Codex response to a non-streaming OpenAI response. -// This function processes the complete Codex response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - unixTimestamp := time.Now().Unix() - - responseResult := rootResult.Get("response") - - template := `{"id":"","object":"chat.completion","created":123456,"model":"model","choices":[{"index":0,"message":{"role":"assistant","content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelResult := responseResult.Get("model"); modelResult.Exists() { - template, _ = sjson.Set(template, "model", modelResult.String()) - } - - // Extract and set the creation timestamp. - if createdAtResult := responseResult.Get("created_at"); createdAtResult.Exists() { - template, _ = sjson.Set(template, "created", createdAtResult.Int()) - } else { - template, _ = sjson.Set(template, "created", unixTimestamp) - } - - // Extract and set the response ID. - if idResult := responseResult.Get("id"); idResult.Exists() { - template, _ = sjson.Set(template, "id", idResult.String()) - } - - // Extract and set usage metadata (token counts). - if usageResult := responseResult.Get("usage"); usageResult.Exists() { - if outputTokensResult := usageResult.Get("output_tokens"); outputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokensResult.Int()) - } - if totalTokensResult := usageResult.Get("total_tokens"); totalTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokensResult.Int()) - } - if inputTokensResult := usageResult.Get("input_tokens"); inputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokensResult.Int()) - } - if cachedTokensResult := usageResult.Get("input_tokens_details.cached_tokens"); cachedTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokensResult.Int()) - } - if reasoningTokensResult := usageResult.Get("output_tokens_details.reasoning_tokens"); reasoningTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", reasoningTokensResult.Int()) - } - } - - // Process the output array for content and function calls - outputResult := responseResult.Get("output") - if outputResult.IsArray() { - outputArray := outputResult.Array() - var contentText string - var reasoningText string - var toolCalls []string - - for _, outputItem := range outputArray { - outputType := outputItem.Get("type").String() - - switch outputType { - case "reasoning": - // Extract reasoning content from summary - if summaryResult := outputItem.Get("summary"); summaryResult.IsArray() { - summaryArray := summaryResult.Array() - for _, summaryItem := range summaryArray { - if summaryItem.Get("type").String() == "summary_text" { - reasoningText = summaryItem.Get("text").String() - break - } - } - } - case "message": - // Extract message content - if contentResult := outputItem.Get("content"); contentResult.IsArray() { - contentArray := contentResult.Array() - for _, contentItem := range contentArray { - if contentItem.Get("type").String() == "output_text" { - contentText = contentItem.Get("text").String() - break - } - } - } - case "function_call": - // Handle function call content - functionCallTemplate := `{"id": "","type": "function","function": {"name": "","arguments": ""}}` - - if callIdResult := outputItem.Get("call_id"); callIdResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", callIdResult.String()) - } - - if nameResult := outputItem.Get("name"); nameResult.Exists() { - n := nameResult.String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", n) - } - - if argsResult := outputItem.Get("arguments"); argsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", argsResult.String()) - } - - toolCalls = append(toolCalls, functionCallTemplate) - } - } - - // Set content and reasoning content if found - if contentText != "" { - template, _ = sjson.Set(template, "choices.0.message.content", contentText) - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - - if reasoningText != "" { - template, _ = sjson.Set(template, "choices.0.message.reasoning_content", reasoningText) - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - - // Add tool calls if any - if len(toolCalls) > 0 { - template, _ = sjson.SetRaw(template, "choices.0.message.tool_calls", `[]`) - for _, toolCall := range toolCalls { - template, _ = sjson.SetRaw(template, "choices.0.message.tool_calls.-1", toolCall) - } - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - } - - // Extract and set the finish reason based on status and presence of tool calls - if statusResult := responseResult.Get("status"); statusResult.Exists() { - status := statusResult.String() - if status == "completed" { - // Check if there are tool calls to set appropriate finish_reason - toolCallsResult := gjson.Get(template, "choices.0.message.tool_calls") - if toolCallsResult.IsArray() && len(toolCallsResult.Array()) > 0 { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else { - template, _ = sjson.Set(template, "choices.0.finish_reason", "stop") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "stop") - } - } - } - - return template -} - -// buildReverseMapFromOriginalOpenAI builds a map of shortened tool name -> original tool name -// from the original OpenAI-style request JSON using the same shortening logic. -func buildReverseMapFromOriginalOpenAI(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if tools.IsArray() && len(tools.Array()) > 0 { - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() != "function" { - continue - } - fn := t.Get("function") - if !fn.Exists() { - continue - } - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - } - return rev -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_response_test.go deleted file mode 100644 index fc0d48204b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_response_test.go +++ /dev/null @@ -1,127 +0,0 @@ -package chat_completions - -import ( - "context" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertCodexResponseToOpenAI(t *testing.T) { - ctx := context.Background() - var param any - - // response.created - raw := []byte(`data: {"type": "response.created", "response": {"id": "resp_123", "created_at": 1629141600, "model": "gpt-4o"}}`) - got := ConvertCodexResponseToOpenAI(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 0 { - t.Errorf("expected 0 chunks for response.created, got %d", len(got)) - } - - // response.output_text.delta - raw = []byte(`data: {"type": "response.output_text.delta", "delta": "hello"}`) - got = ConvertCodexResponseToOpenAI(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk, got %d", len(got)) - } - res := gjson.Parse(got[0]) - if res.Get("id").String() != "resp_123" || res.Get("choices.0.delta.content").String() != "hello" { - t.Errorf("unexpected output: %s", got[0]) - } - - // response.reasoning_summary_text.delta - raw = []byte(`data: {"type": "response.reasoning_summary_text.delta", "delta": "Thinking..."}`) - got = ConvertCodexResponseToOpenAI(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk for reasoning, got %d", len(got)) - } - res = gjson.Parse(got[0]) - if res.Get("choices.0.delta.reasoning_content").String() != "Thinking..." { - t.Errorf("expected reasoning_content Thinking..., got %s", res.Get("choices.0.delta.reasoning_content").String()) - } - - // response.output_item.done (function_call) - raw = []byte(`data: {"type": "response.output_item.done", "item": {"type": "function_call", "call_id": "c1", "name": "f1", "arguments": "{}"}}`) - got = ConvertCodexResponseToOpenAI(ctx, "gpt-4o", nil, nil, raw, ¶m) - if len(got) != 1 { - t.Fatalf("expected 1 chunk for tool call, got %d", len(got)) - } - res = gjson.Parse(got[0]) - if res.Get("choices.0.delta.tool_calls.0.function.name").String() != "f1" { - t.Errorf("expected function name f1, got %s", res.Get("choices.0.delta.tool_calls.0.function.name").String()) - } -} - -func TestConvertCodexResponseToOpenAINonStream(t *testing.T) { - raw := []byte(`{"type": "response.completed", "response": { - "id": "resp_123", - "model": "gpt-4o", - "created_at": 1629141600, - "output": [ - {"type": "message", "content": [ - {"type": "output_text", "text": "hello"} - ]} - ], - "usage": {"input_tokens": 10, "output_tokens": 5}, - "status": "completed" - }}`) - - got := ConvertCodexResponseToOpenAINonStream(context.Background(), "gpt-4o", nil, nil, raw, nil) - res := gjson.Parse(got) - if res.Get("id").String() != "resp_123" { - t.Errorf("expected id resp_123, got %s", res.Get("id").String()) - } - if res.Get("choices.0.message.content").String() != "hello" { - t.Errorf("unexpected content: %s", got) - } -} - -func TestConvertCodexResponseToOpenAINonStream_Full(t *testing.T) { - raw := []byte(`{"type": "response.completed", "response": { - "id": "resp_123", - "model": "gpt-4o", - "created_at": 1629141600, - "status": "completed", - "output": [ - { - "type": "reasoning", - "summary": [{"type": "summary_text", "text": "thought"}] - }, - { - "type": "message", - "content": [{"type": "output_text", "text": "result"}] - }, - { - "type": "function_call", - "call_id": "c1", - "name": "f1", - "arguments": "{}" - } - ], - "usage": { - "input_tokens": 10, - "output_tokens": 5, - "total_tokens": 15, - "output_tokens_details": {"reasoning_tokens": 2} - } - }}`) - - got := ConvertCodexResponseToOpenAINonStream(context.Background(), "gpt-4o", nil, nil, raw, nil) - res := gjson.Parse(got) - - if res.Get("choices.0.message.reasoning_content").String() != "thought" { - t.Errorf("expected reasoning_content thought, got %s", res.Get("choices.0.message.reasoning_content").String()) - } - if res.Get("choices.0.message.content").String() != "result" { - t.Errorf("expected content result, got %s", res.Get("choices.0.message.content").String()) - } - if res.Get("choices.0.message.tool_calls.0.function.name").String() != "f1" { - t.Errorf("expected tool call f1, got %s", res.Get("choices.0.message.tool_calls.0.function.name").String()) - } - if res.Get("choices.0.finish_reason").String() != "tool_calls" { - t.Errorf("expected finish_reason tool_calls, got %s", res.Get("choices.0.finish_reason").String()) - } - if res.Get("usage.completion_tokens_details.reasoning_tokens").Int() != 2 { - t.Errorf("expected reasoning_tokens 2, got %d", res.Get("usage.completion_tokens_details.reasoning_tokens").Int()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/init.go deleted file mode 100644 index eae51ab32b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Codex, - ConvertOpenAIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAI, - NonStream: ConvertCodexResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go deleted file mode 100644 index b565332460..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go +++ /dev/null @@ -1,346 +0,0 @@ -package responses - -import ( - "fmt" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func ConvertOpenAIResponsesRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - - // Build tool name shortening map from original tools (if any). - originalToolNameMap := map[string]string{} - { - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - namePath := t.Get("function.name") - if namePath.Exists() { - names = append(names, namePath.String()) - } - } - if len(names) > 0 { - originalToolNameMap = buildShortNameMap(names) - } - } - } - - inputResult := gjson.GetBytes(rawJSON, "input") - if inputResult.Type == gjson.String { - input, _ := sjson.Set(`[{"type":"message","role":"user","content":[{"type":"input_text","text":""}]}]`, "0.content.0.text", inputResult.String()) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "input", []byte(input)) - } - - // Preserve compaction fields for context management - // These fields are used for conversation context management in the Responses API - previousResponseID := gjson.GetBytes(rawJSON, "previous_response_id") - if !previousResponseID.Exists() { - if conversationID := gjson.GetBytes(rawJSON, "conversation_id"); conversationID.Exists() { - previousResponseID = conversationID - } - } - promptCacheKey := gjson.GetBytes(rawJSON, "prompt_cache_key") - safetyIdentifier := gjson.GetBytes(rawJSON, "safety_identifier") - - rawJSON, _ = sjson.SetBytes(rawJSON, "stream", true) - rawJSON, _ = sjson.SetBytes(rawJSON, "store", false) - // Map variant -> reasoning.effort when reasoning.effort is not explicitly provided. - if !gjson.GetBytes(rawJSON, "reasoning.effort").Exists() { - if variant := gjson.GetBytes(rawJSON, "variant"); variant.Exists() { - effort := strings.ToLower(strings.TrimSpace(variant.String())) - if effort != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "reasoning.effort", effort) - } - } - } - rawJSON, _ = sjson.SetBytes(rawJSON, "parallel_tool_calls", true) - rawJSON, _ = sjson.SetBytes(rawJSON, "include", []string{"reasoning.encrypted_content"}) - // Codex Responses rejects token limit fields, so strip them out before forwarding. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_output_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_completion_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "temperature") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "top_p") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "service_tier") - - // Delete the user field as it is not supported by the Codex upstream. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "user") - // Normalize alias-only conversation tracking fields to Codex-native key. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "conversation_id") - - // Restore compaction fields after other transformations - if previousResponseID.Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, "previous_response_id", previousResponseID.String()) - } - if promptCacheKey.Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", promptCacheKey.String()) - } - if safetyIdentifier.Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, "safety_identifier", safetyIdentifier.String()) - } - - // Convert role "system" to "developer" in input array to comply with Codex API requirements. - rawJSON = convertSystemRoleToDeveloper(rawJSON) - // Normalize tools/tool_choice names for proxy_ prefixes and maximum-length handling. - rawJSON = normalizeResponseTools(rawJSON, originalToolNameMap) - rawJSON = normalizeResponseToolChoice(rawJSON, originalToolNameMap) - rawJSON = removeItemReferences(rawJSON) - - return rawJSON -} - -// convertSystemRoleToDeveloper traverses the input array and converts any message items -// with role "system" to role "developer". This is necessary because Codex API does not -// accept "system" role in the input array. -func convertSystemRoleToDeveloper(rawJSON []byte) []byte { - inputResult := gjson.GetBytes(rawJSON, "input") - if !inputResult.IsArray() { - return rawJSON - } - - inputArray := inputResult.Array() - result := rawJSON - - // Directly modify role values for items with "system" role - for i := 0; i < len(inputArray); i++ { - rolePath := fmt.Sprintf("input.%d.role", i) - if gjson.GetBytes(result, rolePath).String() == "system" { - result, _ = sjson.SetBytes(result, rolePath, "developer") - } - } - - return result -} - -func removeItemReferences(rawJSON []byte) []byte { - inputResult := gjson.GetBytes(rawJSON, "input") - if !inputResult.IsArray() { - return rawJSON - } - - filtered := make([]string, 0, len(inputResult.Array())) - changed := false - for _, item := range inputResult.Array() { - if item.Get("type").String() == "item_reference" { - changed = true - continue - } - itemRaw := item.Raw - if item.Get("type").String() == "message" { - content := item.Get("content") - if content.IsArray() { - kept := "[]" - contentChanged := false - for _, part := range content.Array() { - if part.Get("type").String() == "item_reference" { - contentChanged = true - continue - } - kept, _ = sjson.SetRaw(kept, "-1", part.Raw) - } - if contentChanged { - changed = true - itemRaw, _ = sjson.SetRaw(itemRaw, "content", kept) - } - } - } - filtered = append(filtered, itemRaw) - } - - if !changed { - return rawJSON - } - - result := "[]" - for _, itemRaw := range filtered { - result, _ = sjson.SetRaw(result, "-1", itemRaw) - } - - out, _ := sjson.SetRawBytes(rawJSON, "input", []byte(result)) - return out -} - -// normalizeResponseTools remaps tool entries and long function names to match upstream expectations. -func normalizeResponseTools(rawJSON []byte, nameMap map[string]string) []byte { - tools := gjson.GetBytes(rawJSON, "tools") - if !tools.IsArray() || len(tools.Array()) == 0 { - return rawJSON - } - - arr := tools.Array() - result := make([]string, 0, len(arr)) - changed := false - - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() != "function" { - result = append(result, t.Raw) - continue - } - - fn := t.Get("function") - if !fn.Exists() { - result = append(result, t.Raw) - continue - } - - name := fn.Get("name").String() - name = normalizeToolNameAgainstMap(name, nameMap) - name = shortenNameIfNeeded(name) - - if name != fn.Get("name").String() { - changed = true - fnRaw := fn.Raw - fnRaw, _ = sjson.Set(fnRaw, "name", name) - item := `{}` - item, _ = sjson.Set(item, "type", "function") - item, _ = sjson.SetRaw(item, "function", fnRaw) - result = append(result, item) - } else { - result = append(result, t.Raw) - } - } - - if !changed { - return rawJSON - } - - out := "[]" - for _, item := range result { - out, _ = sjson.SetRaw(out, "-1", item) - } - rawJSON, _ = sjson.SetRawBytes(rawJSON, "tools", []byte(out)) - return rawJSON -} - -// normalizeResponseToolChoice remaps function tool_choice payload names when needed. -func normalizeResponseToolChoice(rawJSON []byte, nameMap map[string]string) []byte { - tc := gjson.GetBytes(rawJSON, "tool_choice") - if !tc.Exists() { - return rawJSON - } - - if tc.Type == gjson.String { - return rawJSON - } - if !tc.IsObject() { - return rawJSON - } - - tcType := tc.Get("type").String() - if tcType != "function" { - return rawJSON - } - - name := tc.Get("function.name").String() - name = normalizeToolNameAgainstMap(name, nameMap) - name = shortenNameIfNeeded(name) - if name == tc.Get("function.name").String() { - return rawJSON - } - - updated, _ := sjson.Set(tc.Raw, "function.name", name) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "tool_choice", []byte(updated)) - return rawJSON -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -// If the name length exceeds 64, it will try to preserve the "mcp__" prefix and last segment. -// Otherwise it truncates to 64 characters. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - candidate := "mcp__" + name[idx+2:] - if len(candidate) > limit { - return candidate[:limit] - } - return candidate - } - } - return name[:limit] -} - -// buildShortNameMap generates unique short names (<=64) for the given list of names. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} - -func normalizeToolNameAgainstMap(name string, m map[string]string) string { - if name == "" { - return name - } - if _, ok := m[name]; ok { - return name - } - - const proxyPrefix = "proxy_" - if strings.HasPrefix(name, proxyPrefix) { - trimmed := strings.TrimPrefix(name, proxyPrefix) - if _, ok := m[trimmed]; ok { - return trimmed - } - } - - return name -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request_test.go deleted file mode 100644 index 63a43fbe4c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request_test.go +++ /dev/null @@ -1,545 +0,0 @@ -package responses - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -// TestConvertSystemRoleToDeveloper_BasicConversion tests the basic system -> developer role conversion -func TestConvertSystemRoleToDeveloper_BasicConversion(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are a pirate."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Say hello."}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that system role was converted to developer - firstItemRole := gjson.Get(outputStr, "input.0.role") - if firstItemRole.String() != "developer" { - t.Errorf("Expected role 'developer', got '%s'", firstItemRole.String()) - } - - // Check that user role remains unchanged - secondItemRole := gjson.Get(outputStr, "input.1.role") - if secondItemRole.String() != "user" { - t.Errorf("Expected role 'user', got '%s'", secondItemRole.String()) - } - - // Check content is preserved - firstItemContent := gjson.Get(outputStr, "input.0.content.0.text") - if firstItemContent.String() != "You are a pirate." { - t.Errorf("Expected content 'You are a pirate.', got '%s'", firstItemContent.String()) - } -} - -// TestConvertSystemRoleToDeveloper_MultipleSystemMessages tests conversion with multiple system messages -func TestConvertSystemRoleToDeveloper_MultipleSystemMessages(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are helpful."}] - }, - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "Be concise."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that both system roles were converted - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected first role 'developer', got '%s'", firstRole.String()) - } - - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "developer" { - t.Errorf("Expected second role 'developer', got '%s'", secondRole.String()) - } - - // Check that user role is unchanged - thirdRole := gjson.Get(outputStr, "input.2.role") - if thirdRole.String() != "user" { - t.Errorf("Expected third role 'user', got '%s'", thirdRole.String()) - } -} - -// TestConvertSystemRoleToDeveloper_NoSystemMessages tests that requests without system messages are unchanged -func TestConvertSystemRoleToDeveloper_NoSystemMessages(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - }, - { - "type": "message", - "role": "assistant", - "content": [{"type": "output_text", "text": "Hi there!"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that user and assistant roles are unchanged - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "user" { - t.Errorf("Expected role 'user', got '%s'", firstRole.String()) - } - - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "assistant" { - t.Errorf("Expected role 'assistant', got '%s'", secondRole.String()) - } -} - -// TestConvertSystemRoleToDeveloper_EmptyInput tests that empty input arrays are handled correctly -func TestConvertSystemRoleToDeveloper_EmptyInput(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that input is still an empty array - inputArray := gjson.Get(outputStr, "input") - if !inputArray.IsArray() { - t.Error("Input should still be an array") - } - if len(inputArray.Array()) != 0 { - t.Errorf("Expected empty array, got %d items", len(inputArray.Array())) - } -} - -// TestConvertSystemRoleToDeveloper_NoInputField tests that requests without input field are unchanged -func TestConvertSystemRoleToDeveloper_NoInputField(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that other fields are still set correctly - stream := gjson.Get(outputStr, "stream") - if !stream.Bool() { - t.Error("Stream should be set to true by conversion") - } - - store := gjson.Get(outputStr, "store") - if store.Bool() { - t.Error("Store should be set to false by conversion") - } -} - -// TestConvertOpenAIResponsesRequestToCodex_OriginalIssue tests the exact issue reported by the user -func TestConvertOpenAIResponsesRequestToCodex_OriginalIssue(t *testing.T) { - // This is the exact input that was failing with "System messages are not allowed" - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": "You are a pirate. Always respond in pirate speak." - }, - { - "type": "message", - "role": "user", - "content": "Say hello." - } - ], - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Verify system role was converted to developer - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected role 'developer', got '%s'", firstRole.String()) - } - - // Verify stream was set to true (as required by Codex) - stream := gjson.Get(outputStr, "stream") - if !stream.Bool() { - t.Error("Stream should be set to true") - } - - // Verify other required fields for Codex - store := gjson.Get(outputStr, "store") - if store.Bool() { - t.Error("Store should be false") - } - - parallelCalls := gjson.Get(outputStr, "parallel_tool_calls") - if !parallelCalls.Bool() { - t.Error("parallel_tool_calls should be true") - } - - include := gjson.Get(outputStr, "include") - if !include.IsArray() || len(include.Array()) != 1 { - t.Error("include should be an array with one element") - } else if include.Array()[0].String() != "reasoning.encrypted_content" { - t.Errorf("Expected include[0] to be 'reasoning.encrypted_content', got '%s'", include.Array()[0].String()) - } -} - -// TestConvertSystemRoleToDeveloper_AssistantRole tests that assistant role is preserved -func TestConvertSystemRoleToDeveloper_AssistantRole(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are helpful."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - }, - { - "type": "message", - "role": "assistant", - "content": [{"type": "output_text", "text": "Hi!"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check system -> developer - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected first role 'developer', got '%s'", firstRole.String()) - } - - // Check user unchanged - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "user" { - t.Errorf("Expected second role 'user', got '%s'", secondRole.String()) - } - - // Check assistant unchanged - thirdRole := gjson.Get(outputStr, "input.2.role") - if thirdRole.String() != "assistant" { - t.Errorf("Expected third role 'assistant', got '%s'", thirdRole.String()) - } -} - -func TestUserFieldDeletion(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "user": "test-user", - "input": [{"role": "user", "content": "Hello"}] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Verify user field is deleted - userField := gjson.Get(outputStr, "user") - if userField.Exists() { - t.Errorf("user field should be deleted, but it was found with value: %s", userField.Raw) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_RemovesItemReferenceInputItems(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - {"type": "item_reference", "id": "msg_123"}, - {"type": "message", "role": "user", "content": "hello"}, - {"type": "item_reference", "id": "msg_456"} - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - input := gjson.Get(outputStr, "input") - if !input.IsArray() { - t.Fatalf("expected input to be an array") - } - if got := len(input.Array()); got != 1 { - t.Fatalf("expected 1 input item after filtering item_reference, got %d", got) - } - if itemType := gjson.Get(outputStr, "input.0.type").String(); itemType != "message" { - t.Fatalf("expected remaining input[0].type message, got %s", itemType) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_RemovesNestedItemReferenceContentParts(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "user", - "content": [ - {"type": "input_text", "text": "hello"}, - {"type": "item_reference", "id": "msg_123"}, - {"type": "input_text", "text": "world"} - ] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - content := gjson.Get(outputStr, "input.0.content") - if !content.IsArray() { - t.Fatalf("expected message content array") - } - if got := len(content.Array()); got != 2 { - t.Fatalf("expected 2 content parts after filtering item_reference, got %d", got) - } - if got := gjson.Get(outputStr, "input.0.content.0.type").String(); got != "input_text" { - t.Fatalf("expected input.0.content.0.type=input_text, got %s", got) - } - if got := gjson.Get(outputStr, "input.0.content.1.type").String(); got != "input_text" { - t.Fatalf("expected input.0.content.1.type=input_text, got %s", got) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_DeletesMaxTokensField(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "max_tokens": 128, - "input": [{"type":"message","role":"user","content":"hello"}] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - if got := gjson.GetBytes(output, "max_tokens"); got.Exists() { - t.Fatalf("expected max_tokens to be removed, got %s", got.Raw) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_UsesVariantAsReasoningEffortFallback(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "variant": "high", - "input": [ - {"type": "message", "role": "user", "content": "hello"} - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - if got := gjson.Get(outputStr, "reasoning.effort").String(); got != "high" { - t.Fatalf("expected reasoning.effort=high fallback, got %s", got) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_CPB0228_InputStringNormalizedToInputList(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5-codex", - "input": "Summarize this request", - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5-codex", inputJSON, false) - outputStr := string(output) - - input := gjson.Get(outputStr, "input") - if !input.IsArray() { - t.Fatalf("expected input to be normalized to an array, got %s", input.Type.String()) - } - if got := len(input.Array()); got != 1 { - t.Fatalf("expected one normalized input message, got %d", got) - } - if got := gjson.Get(outputStr, "input.0.type").String(); got != "message" { - t.Fatalf("expected input.0.type=message, got %q", got) - } - if got := gjson.Get(outputStr, "input.0.role").String(); got != "user" { - t.Fatalf("expected input.0.role=user, got %q", got) - } - if got := gjson.Get(outputStr, "input.0.content.0.type").String(); got != "input_text" { - t.Fatalf("expected input.0.content.0.type=input_text, got %q", got) - } - if got := gjson.Get(outputStr, "input.0.content.0.text").String(); got != "Summarize this request" { - t.Fatalf("expected input text preserved, got %q", got) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_CPB0228_PreservesCompactionFieldsWithStringInput(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5-codex", - "input": "continue", - "previous_response_id": "resp_prev_1", - "prompt_cache_key": "cache_abc", - "safety_identifier": "safe_123" - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5-codex", inputJSON, false) - outputStr := string(output) - - if got := gjson.Get(outputStr, "previous_response_id").String(); got != "resp_prev_1" { - t.Fatalf("expected previous_response_id to be preserved, got %q", got) - } - if got := gjson.Get(outputStr, "prompt_cache_key").String(); got != "cache_abc" { - t.Fatalf("expected prompt_cache_key to be preserved, got %q", got) - } - if got := gjson.Get(outputStr, "safety_identifier").String(); got != "safe_123" { - t.Fatalf("expected safety_identifier to be preserved, got %q", got) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_CPB0225_ConversationIDAliasMapsToPreviousResponseID(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5-codex", - "input": "continue", - "conversation_id": "resp_alias_1" - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5-codex", inputJSON, false) - outputStr := string(output) - - if got := gjson.Get(outputStr, "previous_response_id").String(); got != "resp_alias_1" { - t.Fatalf("expected conversation_id alias to map to previous_response_id, got %q", got) - } - if gjson.Get(outputStr, "conversation_id").Exists() { - t.Fatalf("expected conversation_id alias to be removed after normalization") - } -} - -func TestConvertOpenAIResponsesRequestToCodex_CPB0225_PrefersPreviousResponseIDOverAlias(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5-codex", - "input": "continue", - "previous_response_id": "resp_primary", - "conversation_id": "resp_alias" - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5-codex", inputJSON, false) - outputStr := string(output) - - if got := gjson.Get(outputStr, "previous_response_id").String(); got != "resp_primary" { - t.Fatalf("expected previous_response_id to win over conversation_id alias, got %q", got) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_UsesReasoningEffortOverVariant(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "reasoning": {"effort": "low"}, - "variant": "high", - "input": [ - {"type": "message", "role": "user", "content": "hello"} - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - if got := gjson.Get(outputStr, "reasoning.effort").String(); got != "low" { - t.Fatalf("expected reasoning.effort to prefer explicit reasoning.effort low, got %s", got) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_NormalizesToolChoiceFunctionProxyPrefix(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "tools": [ - { - "type": "function", - "function": {"name": "send_email", "description": "send email", "parameters": {}} - } - ], - "tool_choice": { - "type": "function", - "function": {"name": "proxy_send_email"} - }, - "input": [{"type":"message","role":"user","content":"send email"}] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - if gjson.Get(outputStr, "tool_choice.function.name").String() != "send_email" { - t.Fatalf("expected tool_choice.function.name to normalize to send_email, got %q", gjson.Get(outputStr, "tool_choice.function.name").String()) - } - if gjson.Get(outputStr, "tools.0.function.name").String() != "send_email" { - t.Fatalf("expected tools.0.function.name to normalize to send_email, got %q", gjson.Get(outputStr, "tools.0.function.name").String()) - } -} - -func TestConvertOpenAIResponsesRequestToCodex_NormalizesToolsAndChoiceIndependently(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "tools": [ - { - "type": "function", - "function": {"name": "` + longName(0) + `", "description": "x", "parameters": {}} - }, - { - "type": "function", - "function": {"name": "` + longName(1) + `", "description": "y", "parameters": {}} - } - ], - "tool_choice": { - "type": "function", - "function": {"name": "proxy_` + longName(1) + `"} - }, - "input": [{"type":"message","role":"user","content":"run"}] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - t1 := gjson.Get(outputStr, "tools.0.function.name").String() - t2 := gjson.Get(outputStr, "tools.1.function.name").String() - tc := gjson.Get(outputStr, "tool_choice.function.name").String() - - if t1 == "" || t2 == "" || tc == "" { - t.Fatalf("expected normalized names, got tool1=%q tool2=%q tool_choice=%q", t1, t2, tc) - } - if len(t1) > 64 || len(t2) > 64 || len(tc) > 64 { - t.Fatalf("expected all normalized names <=64, got len(tool1)=%d len(tool2)=%d len(tool_choice)=%d", len(t1), len(t2), len(tc)) - } -} - -func longName(i int) string { - base := "proxy_mcp__very_long_prefix_segment_for_tool_normalization_" - return base + strings.Repeat("x", 80) + string(rune('a'+i)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_response.go deleted file mode 100644 index 4287206a99..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_response.go +++ /dev/null @@ -1,48 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertCodexResponseToOpenAIResponses converts OpenAI Chat Completions streaming chunks -// to OpenAI Responses SSE events (response.*). - -func ConvertCodexResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - if typeResult := gjson.GetBytes(rawJSON, "type"); typeResult.Exists() { - typeStr := typeResult.String() - if typeStr == "response.created" || typeStr == "response.in_progress" || typeStr == "response.completed" { - if gjson.GetBytes(rawJSON, "response.instructions").Exists() { - instructions := gjson.GetBytes(originalRequestRawJSON, "instructions").String() - rawJSON, _ = sjson.SetBytes(rawJSON, "response.instructions", instructions) - } - } - } - out := fmt.Sprintf("data: %s", string(rawJSON)) - return []string{out} - } - return []string{string(rawJSON)} -} - -// ConvertCodexResponseToOpenAIResponsesNonStream builds a single Responses JSON -// from a non-streaming OpenAI Chat Completions response. -func ConvertCodexResponseToOpenAIResponsesNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - responseResult := rootResult.Get("response") - template := responseResult.Raw - if responseResult.Get("instructions").Exists() { - instructions := gjson.GetBytes(originalRequestRawJSON, "instructions").String() - template, _ = sjson.Set(template, "instructions", instructions) - } - return template -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/init.go deleted file mode 100644 index 2ed47e848a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/codex/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Codex, - ConvertOpenAIResponsesRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAIResponses, - NonStream: ConvertCodexResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_request.go deleted file mode 100644 index 00d62ddc10..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_request.go +++ /dev/null @@ -1,210 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// This package handles the conversion of Claude Code API requests into Gemini CLI-compatible -// JSON format, transforming message contents, system instructions, and tool declarations -// into the format expected by Gemini CLI API clients. It performs JSON data transformation -// to ensure compatibility between Claude Code API format and Gemini CLI API's expected format. -package claude - -import ( - "bytes" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIClaudeThoughtSignature = "skip_thought_signature_validator" - -// ConvertClaudeRequestToCLI parses and transforms a Claude Code API request into Gemini CLI API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini CLI API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini CLI API format -// 3. Converts system instructions to the expected format -// 4. Maps message contents with proper role transformations -// 5. Handles tool declarations and tool choices -// 6. Maps generation configuration parameters -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertClaudeRequestToCLI(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - rawJSON = bytes.ReplaceAll(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`)) - - // Build output Gemini CLI request JSON - out := `{"model":"","request":{"contents":[]}}` - out, _ = sjson.Set(out, "model", modelName) - - // system instruction - if systemResult := gjson.GetBytes(rawJSON, "system"); systemResult.IsArray() { - systemInstruction := `{"role":"user","parts":[]}` - hasSystemParts := false - systemResult.ForEach(func(_, systemPromptResult gjson.Result) bool { - if systemPromptResult.Get("type").String() == "text" { - textResult := systemPromptResult.Get("text") - if textResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", textResult.String()) - systemInstruction, _ = sjson.SetRaw(systemInstruction, "parts.-1", part) - hasSystemParts = true - } - } - return true - }) - if hasSystemParts { - out, _ = sjson.SetRaw(out, "request.systemInstruction", systemInstruction) - } - } else if systemResult.Type == gjson.String { - out, _ = sjson.Set(out, "request.systemInstruction.parts.-1.text", systemResult.String()) - } - - // contents - if messagesResult := gjson.GetBytes(rawJSON, "messages"); messagesResult.IsArray() { - messagesResult.ForEach(func(_, messageResult gjson.Result) bool { - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - return true - } - role := roleResult.String() - if role == "assistant" { - role = "model" - } - - contentJSON := `{"role":"","parts":[]}` - contentJSON, _ = sjson.Set(contentJSON, "role", role) - - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentsResult.ForEach(func(_, contentResult gjson.Result) bool { - switch contentResult.Get("type").String() { - case "text": - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentResult.Get("text").String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "tool_use": - functionName := contentResult.Get("name").String() - functionArgs := contentResult.Get("input").String() - argsResult := gjson.Parse(functionArgs) - if argsResult.IsObject() && gjson.Valid(functionArgs) { - // Claude may include thought_signature in tool args; Gemini treats this as - // a base64 thought signature and can reject malformed values. - sanitizedArgs, err := sjson.Delete(functionArgs, "thought_signature") - if err != nil { - sanitizedArgs = functionArgs - } - part := `{"thoughtSignature":"","functionCall":{"name":"","args":{}}}` - part, _ = sjson.Set(part, "thoughtSignature", geminiCLIClaudeThoughtSignature) - part, _ = sjson.Set(part, "functionCall.name", functionName) - part, _ = sjson.SetRaw(part, "functionCall.args", sanitizedArgs) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - - case "tool_result": - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID == "" { - return true - } - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-1], "-") - } - responseData := contentResult.Get("content").Raw - part := `{"functionResponse":{"name":"","response":{"result":""}}}` - part, _ = sjson.Set(part, "functionResponse.name", funcName) - part, _ = sjson.Set(part, "functionResponse.response.result", responseData) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "image": - source := contentResult.Get("source") - if source.Get("type").String() == "base64" { - mimeType := source.Get("media_type").String() - data := source.Get("data").String() - if mimeType != "" && data != "" { - part := `{"inlineData":{"mime_type":"","data":""}}` - part, _ = sjson.Set(part, "inlineData.mime_type", mimeType) - part, _ = sjson.Set(part, "inlineData.data", data) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - } - } - return true - }) - out, _ = sjson.SetRaw(out, "request.contents.-1", contentJSON) - } else if contentsResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentsResult.String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - out, _ = sjson.SetRaw(out, "request.contents.-1", contentJSON) - } - return true - }) - } - - // tools - if toolsResult := gjson.GetBytes(rawJSON, "tools"); toolsResult.IsArray() { - hasTools := false - toolsResult.ForEach(func(_, toolResult gjson.Result) bool { - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - inputSchema := inputSchemaResult.Raw - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - tool, _ = sjson.Delete(tool, "strict") - tool, _ = sjson.Delete(tool, "input_examples") - tool, _ = sjson.Delete(tool, "type") - tool, _ = sjson.Delete(tool, "cache_control") - if gjson.Valid(tool) && gjson.Parse(tool).IsObject() { - if !hasTools { - out, _ = sjson.SetRaw(out, "request.tools", `[{"functionDeclarations":[]}]`) - hasTools = true - } - out, _ = sjson.SetRaw(out, "request.tools.0.functionDeclarations.-1", tool) - } - } - return true - }) - if !hasTools { - out, _ = sjson.Delete(out, "request.tools") - } - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when type==enabled - if t := gjson.GetBytes(rawJSON, "thinking"); t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topK", v.Num) - } - - outBytes := []byte(out) - outBytes = common.AttachDefaultSafetySettings(outBytes, "request.safetySettings") - - return outBytes -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_request_test.go deleted file mode 100644 index d3042b330b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_request_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToCLI(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": "hello"} - ] - }`) - - got := ConvertClaudeRequestToCLI("gemini-1.5-pro", input, false) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gemini-1.5-pro" { - t.Errorf("expected model gemini-1.5-pro, got %s", res.Get("model").String()) - } - - contents := res.Get("request.contents").Array() - if len(contents) != 1 { - t.Errorf("expected 1 content item, got %d", len(contents)) - } -} - -func TestConvertClaudeRequestToCLI_SanitizesToolUseThoughtSignature(t *testing.T) { - input := []byte(`{ - "messages":[ - { - "role":"assistant", - "content":[ - { - "type":"tool_use", - "id":"toolu_01", - "name":"lookup", - "input":{"q":"hello"} - } - ] - } - ] - }`) - - got := ConvertClaudeRequestToCLI("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - - part := res.Get("request.contents.0.parts.0") - if !part.Get("functionCall").Exists() { - t.Fatalf("expected tool_use to map to functionCall") - } - if part.Get("thoughtSignature").String() != geminiCLIClaudeThoughtSignature { - t.Fatalf("expected thoughtSignature %q, got %q", geminiCLIClaudeThoughtSignature, part.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToCLI_StripsThoughtSignatureFromToolArgs(t *testing.T) { - input := []byte(`{ - "messages":[ - { - "role":"assistant", - "content":[ - { - "type":"tool_use", - "id":"toolu_01", - "name":"lookup", - "input":{"q":"hello","thought_signature":"not-base64"} - } - ] - } - ] - }`) - - got := ConvertClaudeRequestToCLI("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - - args := res.Get("request.contents.0.parts.0.functionCall.args") - if !args.Exists() { - t.Fatalf("expected functionCall args to exist") - } - if args.Get("q").String() != "hello" { - t.Fatalf("expected q arg to be preserved, got %q", args.Get("q").String()) - } - if args.Get("thought_signature").Exists() { - t.Fatalf("expected thought_signature to be stripped from tool args") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_response.go deleted file mode 100644 index 2a6d1de2db..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/gemini-cli_claude_response.go +++ /dev/null @@ -1,361 +0,0 @@ -// Package claude provides response translation functionality for Claude Code API compatibility. -// This package handles the conversion of backend client responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion and maintains state across streaming chunks. -// This structure tracks the current state of the response translation process to ensure -// proper sequencing of SSE events and transitions between different content types. -type Params struct { - HasFirstResponse bool // Indicates if the initial message_start event has been sent - ResponseType int // Current response type: 0=none, 1=content, 2=thinking, 3=function - ResponseIndex int // Index counter for content blocks in the streaming response - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertGeminiCLIResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertGeminiCLIResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // Only send message_stop if we have actually output content - if (*param).(*Params).HasContent { - return []string{ - "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - // Track whether tools are being used in this response chunk - usedTool := false - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk to establish the streaming session - if !(*param).(*Params).HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values according to Claude Code API specification - // This follows the Claude Code API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Override default values with actual response metadata if available from the Gemini CLI response - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - (*param).(*Params).HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - // Continue existing thinking block if already in thinking state - if (*param).(*Params).ResponseType == 2 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 2 // Set state to thinking - (*param).(*Params).HasContent = true - } - } else { - // Process regular text content (user-visible output) - // Continue existing text block if already in content state - if (*param).(*Params).ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 1 // Set state to content - (*param).(*Params).HasContent = true - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude Code API compatibility - usedTool = true - fcName := functionCallResult.Get("name").String() - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if (*param).(*Params).ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - (*param).(*Params).ResponseType = 0 - } - - // Close any other existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude Code format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, (*param).(*Params).ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - (*param).(*Params).ResponseType = 3 - (*param).(*Params).HasContent = true - } - } - } - - usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata") - // Process usage metadata and finish reason when present in the response - if usageResult.Exists() && bytes.Contains(rawJSON, []byte(`"finishReason"`)) { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - // Only send final events if we have actually output content - if (*param).(*Params).HasContent { - // Close the final content block - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - - // Send the final message delta with usage information and stop reason - output = output + "event: message_delta\n" - output = output + `data: ` - - // Create the message delta template with appropriate stop reason - template := `{"type":"message_delta","delta":{"stop_reason":"end_turn","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - // Set tool_use stop reason if tools were used in this response - if usedTool { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } else if finish := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finish.Exists() && finish.String() == "MAX_TOKENS" { - template = `{"type":"message_delta","delta":{"stop_reason":"max_tokens","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } - - // Include thinking tokens in output token count if present - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.output_tokens", candidatesTokenCountResult.Int()+thoughtsTokenCount) - template, _ = sjson.Set(template, "usage.input_tokens", usageResult.Get("promptTokenCount").Int()) - - output = output + template + "\n\n\n" - } - } - } - - return []string{output} -} - -// ConvertGeminiCLIResponseToClaudeNonStream converts a non-streaming Gemini CLI response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini CLI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertGeminiCLIResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("response.responseId").String()) - out, _ = sjson.Set(out, "model", root.Get("response.modelVersion").String()) - - inputTokens := root.Get("response.usageMetadata.promptTokenCount").Int() - outputTokens := root.Get("response.usageMetadata.candidatesTokenCount").Int() + root.Get("response.usageMetadata.thoughtsTokenCount").Int() - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - - parts := root.Get("response.candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - thinkingBuilder.Reset() - } - - if parts.IsArray() { - for _, part := range parts.Array() { - if text := part.Get("text"); text.Exists() && text.String() != "" { - if part.Get("thought").Bool() { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if args := functionCall.Get("args"); args.Exists() && gjson.Valid(args.Raw) && args.IsObject() { - inputRaw = args.Raw - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("response.candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - out, _ = sjson.Set(out, "stop_reason", stopReason) - - if inputTokens == int64(0) && outputTokens == int64(0) && !root.Get("response.usageMetadata").Exists() { - out, _ = sjson.Delete(out, "usage") - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/init.go deleted file mode 100644 index 713147c785..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.GeminiCLI, - ConvertClaudeRequestToCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToClaude, - NonStream: ConvertGeminiCLIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request.go deleted file mode 100644 index 3daa4057db..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request.go +++ /dev/null @@ -1,269 +0,0 @@ -// Package gemini provides request translation functionality for Gemini CLI to Gemini API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Gemini API's expected format. -package gemini - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToGeminiCLI parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini API format -// 3. Converts system instructions to the expected format -// 4. Fixes CLI tool response format and grouping -// -// Parameters: -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertGeminiRequestToGeminiCLI(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - template := "" - template = `{"project":"","request":{},"model":""}` - template, _ = sjson.SetRaw(template, "request", string(rawJSON)) - template, _ = sjson.Set(template, "model", gjson.Get(template, "request.model").String()) - template, _ = sjson.Delete(template, "request.model") - - template, errFixCLIToolResponse := fixCLIToolResponse(template) - if errFixCLIToolResponse != nil { - return []byte{} - } - - systemInstructionResult := gjson.Get(template, "request.system_instruction") - if systemInstructionResult.Exists() { - template, _ = sjson.SetRaw(template, "request.systemInstruction", systemInstructionResult.Raw) - template, _ = sjson.Delete(template, "request.system_instruction") - } - rawJSON = []byte(template) - - // Normalize roles in request.contents: default to valid values if missing/invalid - contents := gjson.GetBytes(rawJSON, "request.contents") - if contents.Exists() { - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - switch prevRole { - case "": - newRole = "user" - case "user": - newRole = "model" - default: - newRole = "user" - } - path := fmt.Sprintf("request.contents.%d.role", idx) - rawJSON, _ = sjson.SetBytes(rawJSON, path, newRole) - role = newRole - } - prevRole = role - idx++ - return true - }) - } - - toolsResult := gjson.GetBytes(rawJSON, "request.tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - gjson.GetBytes(rawJSON, "request.contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - return common.AttachDefaultSafetySettings(rawJSON, "request.safetySettings") -} - -// FunctionCallGroup represents a group of function calls and their responses -type FunctionCallGroup struct { - ResponsesNeeded int -} - -// fixCLIToolResponse performs sophisticated tool response format conversion and grouping. -// This function transforms the CLI tool response format by intelligently grouping function calls -// with their corresponding responses, ensuring proper conversation flow and API compatibility. -// It converts from a linear format (1.json) to a grouped format (2.json) where function calls -// and their responses are properly associated and structured. -// -// Parameters: -// - input: The input JSON string to be processed -// -// Returns: -// - string: The processed JSON string with grouped function calls and responses -// - error: An error if the processing fails -func fixCLIToolResponse(input string) (string, error) { - // Parse the input JSON to extract the conversation structure - parsed := gjson.Parse(input) - - // Extract the contents array which contains the conversation messages - contents := parsed.Get("request.contents") - if !contents.Exists() { - // log.Debugf(input) - return input, fmt.Errorf("contents not found in input") - } - - // Initialize data structures for processing and grouping - contentsWrapper := `{"contents":[]}` - var pendingGroups []*FunctionCallGroup // Groups awaiting completion with responses - var collectedResponses []gjson.Result // Standalone responses to be matched - - // Process each content object in the conversation - // This iterates through messages and groups function calls with their responses - contents.ForEach(func(key, value gjson.Result) bool { - role := value.Get("role").String() - parts := value.Get("parts") - - // Check if this content has function responses - var responsePartsInThisContent []gjson.Result - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionResponse").Exists() { - responsePartsInThisContent = append(responsePartsInThisContent, part) - } - return true - }) - - // If this content has function responses, collect them - if len(responsePartsInThisContent) > 0 { - collectedResponses = append(collectedResponses, responsePartsInThisContent...) - - // Check if any pending groups can be satisfied - for i := len(pendingGroups) - 1; i >= 0; i-- { - group := pendingGroups[i] - if len(collectedResponses) >= group.ResponsesNeeded { - // Take the needed responses for this group - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - // Create merged function response content - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - if !response.IsObject() { - log.Warnf("failed to parse function response") - continue - } - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", response.Raw) - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - - // Remove this group as it's been satisfied - pendingGroups = append(pendingGroups[:i], pendingGroups[i+1:]...) - break - } - } - - return true // Skip adding this content, responses are merged - } - - // If this is a model with function calls, create a new group - if role == "model" { - functionCallsCount := 0 - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - functionCallsCount++ - } - return true - }) - - if functionCallsCount > 0 { - // Add the model content - if !value.IsObject() { - log.Warnf("failed to parse model content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - - // Create a new group for tracking responses - group := &FunctionCallGroup{ - ResponsesNeeded: functionCallsCount, - } - pendingGroups = append(pendingGroups, group) - } else { - // Regular model content without function calls - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - } else { - // Non-model content (user, etc.) - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - - return true - }) - - // Handle any remaining pending groups with remaining responses - for _, group := range pendingGroups { - if len(collectedResponses) >= group.ResponsesNeeded { - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - if !response.IsObject() { - log.Warnf("failed to parse function response") - continue - } - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", response.Raw) - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - } - } - - // Update the original JSON with the new contents - result := input - result, _ = sjson.SetRaw(result, "request.contents", gjson.Get(contentsWrapper, "contents").Raw) - - return result, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request_test.go deleted file mode 100644 index 75c5d6ee5b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package gemini - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToGeminiCLI(t *testing.T) { - input := []byte(`{ - "model": "gemini-1.5-pro", - "contents": [ - { - "parts": [ - {"text": "hello"} - ] - } - ] - }`) - - got := ConvertGeminiRequestToGeminiCLI("gemini-1.5-pro", input, false) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gemini-1.5-pro" { - t.Errorf("expected model gemini-1.5-pro, got %s", res.Get("model").String()) - } - - contents := res.Get("request.contents").Array() - if len(contents) != 1 { - t.Errorf("expected 1 content, got %d", len(contents)) - } - - if contents[0].Get("role").String() != "user" { - t.Errorf("expected role user, got %s", contents[0].Get("role").String()) - } -} - -func TestConvertGeminiRequestToGeminiCLI_SanitizesThoughtSignatureOnModelParts(t *testing.T) { - input := []byte(`{ - "model": "gemini-1.5-pro", - "contents": [ - { - "role": "model", - "parts": [ - {"thoughtSignature": "\\claude#abc"}, - {"functionCall": {"name": "tool", "args": {}}} - ] - } - ] - }`) - - got := ConvertGeminiRequestToGeminiCLI("gemini-1.5-pro", input, false) - res := gjson.ParseBytes(got) - - for i, part := range res.Get("request.contents.0.parts").Array() { - if part.Get("thoughtSignature").String() != "skip_thought_signature_validator" { - t.Fatalf("part[%d] thoughtSignature not sanitized: %s", i, part.Get("thoughtSignature").String()) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_response.go deleted file mode 100644 index cb48e3aa2a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_response.go +++ /dev/null @@ -1,87 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Gemini CLI API compatibility. -// It handles parsing and transforming Gemini API requests into Gemini CLI API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Gemini CLI API's expected format. -package gemini - -import ( - "bytes" - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCliResponseToGemini parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the response data from the request -// 2. Handles alternative response formats -// 3. Processes array responses by extracting individual response objects -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - []string: The transformed request data in Gemini API format -func ConvertGeminiCliResponseToGemini(ctx context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if alt, ok := ctx.Value(interfaces.ContextKeyAlt).(string); ok { - var chunk []byte - if alt == "" { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk = []byte(responseResult.Raw) - } - } else { - chunkTemplate := "[]" - responseResult := gjson.ParseBytes(chunk) - if responseResult.IsArray() { - responseResultItems := responseResult.Array() - for i := 0; i < len(responseResultItems); i++ { - responseResultItem := responseResultItems[i] - if responseResultItem.Get("response").Exists() { - chunkTemplate, _ = sjson.SetRaw(chunkTemplate, "-1", responseResultItem.Get("response").Raw) - } - } - } - chunk = []byte(chunkTemplate) - } - return []string{string(chunk)} - } - return []string{} -} - -// ConvertGeminiCliResponseToGeminiNonStream converts a non-streaming Gemini CLI request to a non-streaming Gemini response. -// This function processes the complete Gemini CLI request and transforms it into a single Gemini-compatible -// JSON response. It extracts the response data from the request and returns it in the expected format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing the response data -func ConvertGeminiCliResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return responseResult.Raw - } - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/init.go deleted file mode 100644 index cfce5ec05e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.GeminiCLI, - ConvertGeminiRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCliResponseToGemini, - NonStream: ConvertGeminiCliResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go deleted file mode 100644 index ac6cba98b4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go +++ /dev/null @@ -1,395 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToGeminiCLI converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToGeminiCLI(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := []byte(common.SanitizeOpenAIInputForGemini(string(inputRawJSON))) - // Base envelope (no default thinkingConfig) - out := []byte(`{"project":"","request":{"contents":[]},"model":"gemini-2.5-pro"}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini CLI thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "request.generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topK", tkr.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "request.generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini CLI request.generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - case "video": - responseMods = append(responseMods, "VIDEO") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "request.generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into request.generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.imageSize", size.Str) - } - } - if videoCfg := gjson.GetBytes(rawJSON, "video_config"); videoCfg.Exists() && videoCfg.IsObject() { - if duration := videoCfg.Get("duration_seconds"); duration.Exists() && duration.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.durationSeconds", duration.Str) - } - if ar := videoCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.aspectRatio", ar.Str) - } - if resolution := videoCfg.Get("resolution"); resolution.Exists() && resolution.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.resolution", resolution.Str) - } - if negativePrompt := videoCfg.Get("negative_prompt"); negativePrompt.Exists() && negativePrompt.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.videoConfig.negativePrompt", negativePrompt.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> request.systemInstruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", item.Get("text").String()) - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } else if role == "assistant" { - p := 0 - node := []byte(`{"role":"model","parts":[]}`) - if content.Type == gjson.String && content.String() != "" { - // Assistant text -> single model content - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", item.Get("text").String()) - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - if hasGeminiCLIParts(node) { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(resp)) - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", toolNode) - } - } else if hasGeminiCLIParts(node) { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - } - } - } - - // tools -> request.tools[].functionDeclarations + request.tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - params := fn.Get("parameters") - if !params.Exists() { - params = fn.Get("parametersJsonSchema") - } - strict := fn.Get("strict").Exists() && fn.Get("strict").Bool() - schema := common.NormalizeOpenAIFunctionSchemaForGemini(params, strict) - fnRaw, _ = sjson.Delete(fnRaw, "parameters") - fnRaw, _ = sjson.Delete(fnRaw, "parametersJsonSchema") - fnRaw, _ = sjson.Delete(fnRaw, "strict") - fnRaw, _ = sjson.SetRaw(fnRaw, "parametersJsonSchema", schema) - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - cleanedGoogleSearch := common.SanitizeToolSearchForGemini(gs.Raw) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(cleanedGoogleSearch)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "request.tools", toolsNode) - } - } - - return common.AttachDefaultSafetySettings(out, "request.safetySettings") -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } - -func hasGeminiCLIParts(node []byte) bool { - return gjson.GetBytes(node, "parts.#").Int() > 0 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request_test.go deleted file mode 100644 index 601074e40e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package chat_completions - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIRequestToGeminiCLISkipsEmptyAssistantMessage(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[ - {"role":"user","content":"first"}, - {"role":"assistant","content":""}, - {"role":"user","content":"second"} - ] - }`) - - got := ConvertOpenAIRequestToGeminiCLI("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - if count := len(res.Get("request.contents").Array()); count != 2 { - t.Fatalf("expected 2 request.contents entries (assistant empty skipped), got %d", count) - } - if res.Get("request.contents.0.role").String() != "user" || res.Get("request.contents.1.role").String() != "user" { - t.Fatalf("expected only user entries, got %s", res.Get("request.contents").Raw) - } -} - -func TestConvertOpenAIRequestToGeminiCLIRemovesUnsupportedGoogleSearchFields(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - {"google_search":{"defer_loading":true,"deferLoading":true,"lat":"1"}} - ] - }`) - - got := ConvertOpenAIRequestToGeminiCLI("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - tool := res.Get("request.tools.0.googleSearch") - if !tool.Exists() { - t.Fatalf("expected googleSearch tool to exist") - } - if tool.Get("defer_loading").Exists() { - t.Fatalf("expected defer_loading to be removed") - } - if tool.Get("deferLoading").Exists() { - t.Fatalf("expected deferLoading to be removed") - } - if tool.Get("lat").String() != "1" { - t.Fatalf("expected non-problematic fields to remain") - } -} - -func TestConvertOpenAIRequestToGeminiCLINormalizesFunctionSchema(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "type":"function", - "function":{ - "name":"search", - "strict":true, - "parameters":{ - "type":"object", - "$id":"urn:search", - "properties":{ - "query":{"type":"string"}, - "limit":{"type":["integer","null"],"nullable":true} - }, - "patternProperties":{"^x-":{"type":"string"}}, - "required":["query","limit"] - } - } - } - ] - }`) - - got := ConvertOpenAIRequestToGeminiCLI("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - schema := res.Get("request.tools.0.functionDeclarations.0.parametersJsonSchema") - if !schema.Exists() { - t.Fatalf("expected normalized parametersJsonSchema to exist") - } - if schema.Get("$id").Exists() { - t.Fatalf("expected $id to be removed") - } - if schema.Get("patternProperties").Exists() { - t.Fatalf("expected patternProperties to be removed") - } - if schema.Get("properties.limit.nullable").Exists() { - t.Fatalf("expected nullable to be removed") - } - if schema.Get("properties.limit.type").IsArray() { - t.Fatalf("expected limit.type to be flattened from array") - } - if !schema.Get("additionalProperties").Exists() || schema.Get("additionalProperties").Bool() { - t.Fatalf("expected strict schema additionalProperties=false") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go deleted file mode 100644 index 47e0d77f3a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go +++ /dev/null @@ -1,235 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - geminiopenai "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/chat-completions" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertCliResponseToOpenAIChatParams holds parameters for response conversion. -type convertCliResponseToOpenAIChatParams struct { - UnixTimestamp int64 - FunctionIndex int -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertCliResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertCliResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &convertCliResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "response.createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } else { - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - finishReason := "" - if stopReasonResult := gjson.GetBytes(rawJSON, "response.stop_reason"); stopReasonResult.Exists() { - finishReason = stopReasonResult.String() - } - if finishReason == "" { - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - finishReason = finishReasonResult.String() - } - } - finishReason = strings.ToLower(finishReason) - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini-cli openai response: failed to set cached_tokens: %v", err) - } - } - } - - // Process the main content part of the response. - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - hasFunctionCall := false - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Ignore encrypted thoughtSignature but keep any actual content in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - textContent := partTextResult.String() - - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", textContent) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", textContent) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - hasFunctionCall = true - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - functionCallIndex := (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex - (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex++ - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - if hasFunctionCall { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else if finishReason != "" && (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex == 0 { - // Only pass through specific finish reasons - if finishReason == "max_tokens" || finishReason == "stop" { - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } - } - - return []string{template} -} - -// ConvertCliResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertCliResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return geminiopenai.ConvertGeminiResponseToOpenAINonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, []byte(responseResult.Raw), param) - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/init.go deleted file mode 100644 index 6172ae4137..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.GeminiCLI, - ConvertOpenAIRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertCliResponseToOpenAI, - NonStream: ConvertCliResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go deleted file mode 100644 index 0d4fbfb9ec..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go +++ /dev/null @@ -1,12 +0,0 @@ -package responses - -import ( - geminicligemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/gemini" - geminiopenai "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/responses" -) - -func ConvertOpenAIResponsesRequestToGeminiCLI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = geminiopenai.ConvertOpenAIResponsesRequestToGemini(modelName, rawJSON, stream) - return geminicligemini.ConvertGeminiRequestToGeminiCLI(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go deleted file mode 100644 index 195273a8bf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go +++ /dev/null @@ -1,35 +0,0 @@ -package responses - -import ( - "context" - - geminiopenai "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/responses" - "github.com/tidwall/gjson" -) - -func ConvertGeminiCLIResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - return geminiopenai.ConvertGeminiResponseToOpenAIResponses(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -func ConvertGeminiCLIResponseToOpenAIResponsesNonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - - requestResult := gjson.GetBytes(originalRequestRawJSON, "request") - if responseResult.Exists() { - originalRequestRawJSON = []byte(requestResult.Raw) - } - - requestResult = gjson.GetBytes(requestRawJSON, "request") - if responseResult.Exists() { - requestRawJSON = []byte(requestResult.Raw) - } - - return geminiopenai.ConvertGeminiResponseToOpenAIResponsesNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/init.go deleted file mode 100644 index 10de90dd8c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini-cli/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.GeminiCLI, - ConvertOpenAIResponsesRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToOpenAIResponses, - NonStream: ConvertGeminiCLIResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_request.go deleted file mode 100644 index 5e27f23b29..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_request.go +++ /dev/null @@ -1,203 +0,0 @@ -// Package claude provides request translation functionality for Claude API. -// It handles parsing and transforming Claude API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude API format and the internal client's expected format. -package claude - -import ( - "bytes" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiClaudeThoughtSignature = "skip_thought_signature_validator" - -// ConvertClaudeRequestToGemini parses a Claude API request and returns a complete -// Gemini CLI request body (as JSON bytes) ready to be sent via SendRawMessageStream. -// All JSON transformations are performed using gjson/sjson. -// -// Parameters: -// - modelName: The name of the model. -// - rawJSON: The raw JSON request from the Claude API. -// - stream: A boolean indicating if the request is for a streaming response. -// -// Returns: -// - []byte: The transformed request in Gemini CLI format. -func ConvertClaudeRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - rawJSON = bytes.ReplaceAll(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`)) - - // Build output Gemini CLI request JSON - out := `{"contents":[]}` - out, _ = sjson.Set(out, "model", modelName) - - // system instruction - if systemResult := gjson.GetBytes(rawJSON, "system"); systemResult.IsArray() { - systemInstruction := `{"role":"user","parts":[]}` - hasSystemParts := false - systemResult.ForEach(func(_, systemPromptResult gjson.Result) bool { - if systemPromptResult.Get("type").String() == "text" { - textResult := systemPromptResult.Get("text") - if textResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", textResult.String()) - systemInstruction, _ = sjson.SetRaw(systemInstruction, "parts.-1", part) - hasSystemParts = true - } - } - return true - }) - if hasSystemParts { - out, _ = sjson.SetRaw(out, "system_instruction", systemInstruction) - } - } else if systemResult.Type == gjson.String { - out, _ = sjson.Set(out, "system_instruction.parts.-1.text", systemResult.String()) - } - - // contents - if messagesResult := gjson.GetBytes(rawJSON, "messages"); messagesResult.IsArray() { - messagesResult.ForEach(func(_, messageResult gjson.Result) bool { - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - return true - } - role := roleResult.String() - if role == "assistant" { - role = "model" - } - - contentJSON := `{"role":"","parts":[]}` - contentJSON, _ = sjson.Set(contentJSON, "role", role) - - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentsResult.ForEach(func(_, contentResult gjson.Result) bool { - switch contentResult.Get("type").String() { - case "text": - text := strings.TrimSpace(contentResult.Get("text").String()) - // Skip empty text parts to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - if strings.TrimSpace(text) == "" { - return true - } - part := `{"text":""}` - part, _ = sjson.Set(part, "text", text) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "tool_use": - functionName := contentResult.Get("name").String() - functionArgs := contentResult.Get("input").String() - argsResult := gjson.Parse(functionArgs) - if argsResult.IsObject() && gjson.Valid(functionArgs) { - // Claude may include thought_signature in tool args; Gemini treats this as - // a base64 thought signature and can reject malformed values. - sanitizedArgs, err := sjson.Delete(functionArgs, "thought_signature") - if err != nil { - sanitizedArgs = functionArgs - } - part := `{"thoughtSignature":"","functionCall":{"name":"","args":{}}}` - part, _ = sjson.Set(part, "thoughtSignature", geminiClaudeThoughtSignature) - part, _ = sjson.Set(part, "functionCall.name", functionName) - part, _ = sjson.SetRaw(part, "functionCall.args", sanitizedArgs) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - - case "tool_result": - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID == "" { - return true - } - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-1], "-") - } - responseData := contentResult.Get("content").Raw - part := `{"functionResponse":{"name":"","response":{"result":""}}}` - part, _ = sjson.Set(part, "functionResponse.name", funcName) - part, _ = sjson.Set(part, "functionResponse.response.result", responseData) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - return true - }) - if len(gjson.Get(contentJSON, "parts").Array()) > 0 { - out, _ = sjson.SetRaw(out, "contents.-1", contentJSON) - } - } else if contentsResult.Type == gjson.String { - text := strings.TrimSpace(contentsResult.String()) - // Skip empty text parts to avoid Gemini API error - if strings.TrimSpace(text) != "" { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", text) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - out, _ = sjson.SetRaw(out, "contents.-1", contentJSON) - } - } - return true - }) - } - - // tools - if toolsResult := gjson.GetBytes(rawJSON, "tools"); toolsResult.IsArray() { - hasTools := false - toolsResult.ForEach(func(_, toolResult gjson.Result) bool { - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - inputSchema := common.SanitizeParametersJSONSchemaForGemini(inputSchemaResult.Raw) - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - tool, _ = sjson.Delete(tool, "strict") - tool, _ = sjson.Delete(tool, "input_examples") - tool, _ = sjson.Delete(tool, "type") - tool, _ = sjson.Delete(tool, "cache_control") - if gjson.Valid(tool) && gjson.Parse(tool).IsObject() { - if !hasTools { - out, _ = sjson.SetRaw(out, "tools", `[{"functionDeclarations":[]}]`) - hasTools = true - } - out, _ = sjson.SetRaw(out, "tools.0.functionDeclarations.-1", tool) - } - } - return true - }) - if !hasTools { - out, _ = sjson.Delete(out, "tools") - } - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when enabled - // Translator only does format conversion, ApplyThinking handles model capability validation. - if t := gjson.GetBytes(rawJSON, "thinking"); t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.topK", v.Num) - } - - result := []byte(out) - result = common.AttachDefaultSafetySettings(result, "safetySettings") - - return result -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_request_test.go deleted file mode 100644 index 936938819a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_request_test.go +++ /dev/null @@ -1,141 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToGemini(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": "hello"} - ] - }`) - - got := ConvertClaudeRequestToGemini("gemini-1.5-pro", input, false) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gemini-1.5-pro" { - t.Errorf("expected model gemini-1.5-pro, got %s", res.Get("model").String()) - } - - contents := res.Get("contents").Array() - if len(contents) != 1 { - t.Errorf("expected 1 content item, got %d", len(contents)) - } -} - -func TestConvertClaudeRequestToGeminiRemovesUnsupportedSchemaFields(t *testing.T) { - input := []byte(`{ - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "name":"lookup", - "description":"lookup values", - "input_schema":{ - "type":"object", - "$id":"urn:tool:lookup", - "properties":{"q":{"type":"string"}}, - "patternProperties":{"^x-":{"type":"string"}} - } - } - ] - }`) - - got := ConvertClaudeRequestToGemini("gemini-1.5-pro", input, false) - res := gjson.ParseBytes(got) - - schema := res.Get("tools.0.functionDeclarations.0.parametersJsonSchema") - if !schema.Exists() { - t.Fatalf("expected parametersJsonSchema to exist") - } - if schema.Get("$id").Exists() { - t.Fatalf("expected $id to be removed from parametersJsonSchema") - } - if schema.Get("patternProperties").Exists() { - t.Fatalf("expected patternProperties to be removed from parametersJsonSchema") - } -} - -func TestConvertClaudeRequestToGeminiSkipsMetadataOnlyMessageBlocks(t *testing.T) { - input := []byte(`{ - "messages":[ - {"role":"user","content":[{"type":"metadata","note":"ignore"}]}, - {"role":"user","content":[{"type":"text","text":"hello"}]} - ] - }`) - - got := ConvertClaudeRequestToGemini("gemini-1.5-pro", input, false) - res := gjson.ParseBytes(got) - - contents := res.Get("contents").Array() - if len(contents) != 1 { - t.Fatalf("expected only 1 valid content entry, got %d", len(contents)) - } - if contents[0].Get("parts.0.text").String() != "hello" { - t.Fatalf("expected text content to be preserved") - } -} - -func TestConvertClaudeRequestToGemini_SanitizesToolUseThoughtSignature(t *testing.T) { - input := []byte(`{ - "messages":[ - { - "role":"assistant", - "content":[ - { - "type":"tool_use", - "id":"toolu_01", - "name":"lookup", - "input":{"q":"hello"} - } - ] - } - ] - }`) - - got := ConvertClaudeRequestToGemini("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - - part := res.Get("contents.0.parts.0") - if !part.Get("functionCall").Exists() { - t.Fatalf("expected tool_use to map to functionCall") - } - if part.Get("thoughtSignature").String() != geminiClaudeThoughtSignature { - t.Fatalf("expected thoughtSignature %q, got %q", geminiClaudeThoughtSignature, part.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToGemini_StripsThoughtSignatureFromToolArgs(t *testing.T) { - input := []byte(`{ - "messages":[ - { - "role":"assistant", - "content":[ - { - "type":"tool_use", - "id":"toolu_01", - "name":"lookup", - "input":{"q":"hello","thought_signature":"not-base64"} - } - ] - } - ] - }`) - - got := ConvertClaudeRequestToGemini("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - - args := res.Get("contents.0.parts.0.functionCall.args") - if !args.Exists() { - t.Fatalf("expected functionCall args to exist") - } - if args.Get("q").String() != "hello" { - t.Fatalf("expected q arg to be preserved, got %q", args.Get("q").String()) - } - if args.Get("thought_signature").Exists() { - t.Fatalf("expected thought_signature to be stripped from tool args") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_response.go deleted file mode 100644 index f5c760eeb6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/gemini_claude_response.go +++ /dev/null @@ -1,367 +0,0 @@ -// Package claude provides response translation functionality for Claude API. -// This package handles the conversion of backend client responses into Claude-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion. -type Params struct { - IsGlAPIKey bool - HasFirstResponse bool - ResponseType int - ResponseIndex int - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertGeminiResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Claude-compatible JSON response. -func ConvertGeminiResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - IsGlAPIKey: false, - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // Only send message_stop if we have actually output content - if (*param).(*Params).HasContent { - return []string{ - "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - // Track whether tools are being used in this response chunk - usedTool := false - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk - if !(*param).(*Params).HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values - // This follows the Claude API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Override default values with actual response metadata if available - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - (*param).(*Params).HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - // Continue existing thinking block - if (*param).(*Params).ResponseType == 2 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 2 // Set state to thinking - (*param).(*Params).HasContent = true - } - } else { - // Process regular text content (user-visible output) - // Continue existing text block - if (*param).(*Params).ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 1 // Set state to content - (*param).(*Params).HasContent = true - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude API compatibility - usedTool = true - fcName := functionCallResult.Get("name").String() - - // FIX: Handle streaming split/delta where name might be empty in subsequent chunks. - // If we are already in tool use mode and name is empty, treat as continuation (delta). - if (*param).(*Params).ResponseType == 3 && fcName == "" { - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - // Continue to next part without closing/opening logic - continue - } - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if (*param).(*Params).ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - (*param).(*Params).ResponseType = 0 - } - - // Close any other existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, (*param).(*Params).ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - (*param).(*Params).ResponseType = 3 - (*param).(*Params).HasContent = true - } - } - } - - usageResult := gjson.GetBytes(rawJSON, "usageMetadata") - if usageResult.Exists() && bytes.Contains(rawJSON, []byte(`"finishReason"`)) { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - // Only send final events if we have actually output content - if (*param).(*Params).HasContent { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - - output = output + "event: message_delta\n" - output = output + `data: ` - - template := `{"type":"message_delta","delta":{"stop_reason":"end_turn","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - if usedTool { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } else if finish := gjson.GetBytes(rawJSON, "candidates.0.finishReason"); finish.Exists() && finish.String() == "MAX_TOKENS" { - template = `{"type":"message_delta","delta":{"stop_reason":"max_tokens","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } - - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.output_tokens", candidatesTokenCountResult.Int()+thoughtsTokenCount) - template, _ = sjson.Set(template, "usage.input_tokens", usageResult.Get("promptTokenCount").Int()) - - output = output + template + "\n\n\n" - } - } - } - - return []string{output} -} - -// ConvertGeminiResponseToClaudeNonStream converts a non-streaming Gemini response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertGeminiResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("responseId").String()) - out, _ = sjson.Set(out, "model", root.Get("modelVersion").String()) - - inputTokens := root.Get("usageMetadata.promptTokenCount").Int() - outputTokens := root.Get("usageMetadata.candidatesTokenCount").Int() + root.Get("usageMetadata.thoughtsTokenCount").Int() - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - - parts := root.Get("candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - thinkingBuilder.Reset() - } - - if parts.IsArray() { - for _, part := range parts.Array() { - if text := part.Get("text"); text.Exists() && text.String() != "" { - if part.Get("thought").Bool() { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if args := functionCall.Get("args"); args.Exists() && gjson.Valid(args.Raw) && args.IsObject() { - inputRaw = args.Raw - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - out, _ = sjson.Set(out, "stop_reason", stopReason) - - if inputTokens == int64(0) && outputTokens == int64(0) && !root.Get("usageMetadata").Exists() { - out, _ = sjson.Delete(out, "usage") - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/init.go deleted file mode 100644 index 98969cfd1a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Gemini, - ConvertClaudeRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToClaude, - NonStream: ConvertGeminiResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/safety.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/safety.go deleted file mode 100644 index e4b1429382..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/safety.go +++ /dev/null @@ -1,47 +0,0 @@ -package common - -import ( - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// DefaultSafetySettings returns the default Gemini safety configuration we attach to requests. -func DefaultSafetySettings() []map[string]string { - return []map[string]string{ - { - "category": "HARM_CATEGORY_HARASSMENT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_HATE_SPEECH", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_SEXUALLY_EXPLICIT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_DANGEROUS_CONTENT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_CIVIC_INTEGRITY", - "threshold": "BLOCK_NONE", - }, - } -} - -// AttachDefaultSafetySettings ensures the default safety settings are present when absent. -// The caller must provide the target JSON path (e.g. "safetySettings" or "request.safetySettings"). -func AttachDefaultSafetySettings(rawJSON []byte, path string) []byte { - if gjson.GetBytes(rawJSON, path).Exists() { - return rawJSON - } - - out, err := sjson.SetBytes(rawJSON, path, DefaultSafetySettings()) - if err != nil { - return rawJSON - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/sanitize.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/sanitize.go deleted file mode 100644 index 93131b075e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/sanitize.go +++ /dev/null @@ -1,63 +0,0 @@ -package common - -import ( - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func deleteJSONKeys(raw string, keys ...string) string { - cleaned := raw - for _, key := range keys { - var paths []string - util.Walk(gjson.Parse(cleaned), "", key, &paths) - sort.Strings(paths) - for _, path := range paths { - cleaned, _ = sjson.Delete(cleaned, path) - } - } - return cleaned -} - -// SanitizeParametersJSONSchemaForGemini removes JSON Schema fields that Gemini rejects. -func SanitizeParametersJSONSchemaForGemini(raw string) string { - withoutUnsupportedKeywords := deleteJSONKeys(raw, "$id", "patternProperties") - return util.CleanJSONSchemaForGemini(withoutUnsupportedKeywords) -} - -// SanitizeToolSearchForGemini removes ToolSearch fields unsupported by Gemini. -func SanitizeToolSearchForGemini(raw string) string { - return deleteJSONKeys(raw, "defer_loading", "deferLoading") -} - -// SanitizeOpenAIInputForGemini strips known incompatible thought-signature keys -// that can leak from cross-provider histories into Gemini request payloads. -func SanitizeOpenAIInputForGemini(raw string) string { - return deleteJSONKeys(raw, "thought_signature", "thoughtSignature") -} - -// NormalizeOpenAIFunctionSchemaForGemini builds a Gemini-safe parametersJsonSchema -// from OpenAI function schema inputs and enforces a deterministic root shape. -func NormalizeOpenAIFunctionSchemaForGemini(params gjson.Result, strict bool) string { - out := `{"type":"OBJECT","properties":{}}` - if params.Exists() { - raw := strings.TrimSpace(params.Raw) - if params.Type == gjson.String { - raw = strings.TrimSpace(params.String()) - } - if raw != "" && raw != "null" && gjson.Valid(raw) { - out = SanitizeParametersJSONSchemaForGemini(raw) - } - } - out, _ = sjson.Set(out, "type", "OBJECT") - if !gjson.Get(out, "properties").Exists() { - out, _ = sjson.SetRaw(out, "properties", `{}`) - } - if strict { - out, _ = sjson.Set(out, "additionalProperties", false) - } - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/sanitize_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/sanitize_test.go deleted file mode 100644 index 14f5f752a8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/common/sanitize_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package common - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestNormalizeOpenAIFunctionSchemaForGemini_StrictAddsClosedObject(t *testing.T) { - params := gjson.Parse(`{ - "type":"object", - "$id":"urn:test", - "properties":{"name":{"type":"string"}}, - "patternProperties":{"^x-":{"type":"string"}} - }`) - - got := NormalizeOpenAIFunctionSchemaForGemini(params, true) - res := gjson.Parse(got) - - if res.Get("$id").Exists() { - t.Fatalf("expected $id to be removed") - } - if res.Get("patternProperties").Exists() { - t.Fatalf("expected patternProperties to be removed") - } - if res.Get("type").String() != "OBJECT" { - t.Fatalf("expected root type OBJECT, got %q", res.Get("type").String()) - } - if !res.Get("properties.name").Exists() { - t.Fatalf("expected properties.name to exist") - } - if !res.Get("additionalProperties").Exists() || res.Get("additionalProperties").Bool() { - t.Fatalf("expected additionalProperties=false when strict=true") - } -} - -func TestNormalizeOpenAIFunctionSchemaForGemini_EmptySchemaDefaults(t *testing.T) { - got := NormalizeOpenAIFunctionSchemaForGemini(gjson.Result{}, false) - res := gjson.Parse(got) - - if res.Get("type").String() != "OBJECT" { - t.Fatalf("expected root type OBJECT, got %q", res.Get("type").String()) - } - if !res.Get("properties").IsObject() { - t.Fatalf("expected properties object to exist") - } - if res.Get("additionalProperties").Exists() { - t.Fatalf("did not expect additionalProperties for non-strict schema") - } -} - -func TestNormalizeOpenAIFunctionSchemaForGemini_CleansNullableAndTypeArrays(t *testing.T) { - params := gjson.Parse(`{ - "type":"object", - "properties":{ - "query":{"type":"string"}, - "limit":{"type":["integer","null"],"nullable":true} - }, - "required":["query","limit"] - }`) - - got := NormalizeOpenAIFunctionSchemaForGemini(params, false) - res := gjson.Parse(got) - - if res.Get("properties.limit.nullable").Exists() { - t.Fatalf("expected nullable to be removed from limit schema") - } - if res.Get("properties.limit.type").IsArray() { - t.Fatalf("expected limit.type array to be flattened, got %s", res.Get("properties.limit.type").Raw) - } - - required := res.Get("required").Array() - for _, field := range required { - if field.String() == "limit" { - t.Fatalf("expected nullable field limit to be removed from required list") - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/gemini_gemini-cli_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/gemini_gemini-cli_request.go deleted file mode 100644 index 529f8047b7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/gemini_gemini-cli_request.go +++ /dev/null @@ -1,63 +0,0 @@ -// Package gemini provides request translation functionality for Claude API. -// It handles parsing and transforming Claude API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude API format and the internal client's expected format. -package geminiCLI - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// PrepareClaudeRequest parses and transforms a Claude API request into internal client format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the internal client. -func ConvertGeminiCLIRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - modelResult := gjson.GetBytes(rawJSON, "model") - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelResult.String()) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - gjson.GetBytes(rawJSON, "contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - return common.AttachDefaultSafetySettings(rawJSON, "safetySettings") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/gemini_gemini-cli_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/gemini_gemini-cli_response.go deleted file mode 100644 index 39b8dfb644..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/gemini_gemini-cli_response.go +++ /dev/null @@ -1,62 +0,0 @@ -// Package gemini_cli provides response translation functionality for Gemini API to Gemini CLI API. -// This package handles the conversion of Gemini API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/sjson" -) - -var dataTag = []byte("data:") - -// ConvertGeminiResponseToGeminiCLI converts Gemini streaming response format to Gemini CLI single-line JSON format. -// This function processes various Gemini event types and transforms them into Gemini CLI-compatible JSON responses. -// It handles thinking content, regular text content, and function calls, outputting single-line JSON -// that matches the Gemini CLI API response format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion (unused). -// -// Returns: -// - []string: A slice of strings, each containing a Gemini CLI-compatible JSON response. -func ConvertGeminiResponseToGeminiCLI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - json := `{"response": {}}` - rawJSON, _ = sjson.SetRawBytes([]byte(json), "response", rawJSON) - return []string{string(rawJSON)} -} - -// ConvertGeminiResponseToGeminiCLINonStream converts a non-streaming Gemini response to a non-streaming Gemini CLI response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion (unused). -// -// Returns: -// - string: A Gemini CLI-compatible JSON response. -func ConvertGeminiResponseToGeminiCLINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - json := `{"response": {}}` - rawJSON, _ = sjson.SetRawBytes([]byte(json), "response", rawJSON) - return string(rawJSON) -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/init.go deleted file mode 100644 index 7953fc4bd6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.Gemini, - ConvertGeminiCLIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToGeminiCLI, - NonStream: ConvertGeminiResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request.go deleted file mode 100644 index 6ce71d9583..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request.go +++ /dev/null @@ -1,101 +0,0 @@ -// Package gemini provides in-provider request normalization for Gemini API. -// It ensures incoming v1beta requests meet minimal schema requirements -// expected by Google's Generative Language API. -package gemini - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToGemini normalizes Gemini v1beta requests. -// - Adds a default role for each content if missing or invalid. -// The first message defaults to "user", then alternates user/model when needed. -// -// It keeps the payload otherwise unchanged. -func ConvertGeminiRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Fast path: if no contents field, only attach safety settings - contents := gjson.GetBytes(rawJSON, "contents") - if !contents.Exists() { - return common.AttachDefaultSafetySettings(rawJSON, "safetySettings") - } - - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - if gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.functionDeclarations", i)).Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.functionDeclarations", i), fmt.Sprintf("tools.%d.function_declarations", i)) - rawJSON = []byte(strJson) - } - - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - // Walk contents and fix roles - out := rawJSON - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - - // Only user/model are valid for Gemini v1beta requests - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - switch prevRole { - case "": - newRole = "user" - case "user": - newRole = "model" - default: - newRole = "user" - } - path := fmt.Sprintf("contents.%d.role", idx) - out, _ = sjson.SetBytes(out, path, newRole) - role = newRole - } - - prevRole = role - idx++ - return true - }) - - gjson.GetBytes(out, "contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - out, _ = sjson.SetBytes(out, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - out, _ = sjson.SetBytes(out, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - if gjson.GetBytes(rawJSON, "generationConfig.responseSchema").Exists() { - strJson, _ := util.RenameKey(string(out), "generationConfig.responseSchema", "generationConfig.responseJsonSchema") - out = []byte(strJson) - } - - out = common.AttachDefaultSafetySettings(out, "safetySettings") - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request_test.go deleted file mode 100644 index 19e611bf19..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request_test.go +++ /dev/null @@ -1,63 +0,0 @@ -package gemini - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToGemini(t *testing.T) { - input := []byte(`{ - "contents": [ - { - "parts": [ - {"text": "hello"} - ] - }, - { - "parts": [ - {"text": "hi"} - ] - } - ] - }`) - - got := ConvertGeminiRequestToGemini("model", input, false) - res := gjson.ParseBytes(got) - - contents := res.Get("contents").Array() - if len(contents) != 2 { - t.Errorf("expected 2 contents, got %d", len(contents)) - } - - if contents[0].Get("role").String() != "user" { - t.Errorf("expected first role user, got %s", contents[0].Get("role").String()) - } - - if contents[1].Get("role").String() != "model" { - t.Errorf("expected second role model, got %s", contents[1].Get("role").String()) - } -} - -func TestConvertGeminiRequestToGemini_SanitizesThoughtSignatureOnModelParts(t *testing.T) { - input := []byte(`{ - "contents": [ - { - "role": "model", - "parts": [ - {"thoughtSignature": "\\claude#abc"}, - {"functionCall": {"name": "tool", "args": {}}} - ] - } - ] - }`) - - got := ConvertGeminiRequestToGemini("model", input, false) - res := gjson.ParseBytes(got) - - for i, part := range res.Get("contents.0.parts").Array() { - if part.Get("thoughtSignature").String() != "skip_thought_signature_validator" { - t.Fatalf("part[%d] thoughtSignature not sanitized: %s", i, part.Get("thoughtSignature").String()) - } - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_response.go deleted file mode 100644 index 05fb6ab95e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/gemini_gemini_response.go +++ /dev/null @@ -1,29 +0,0 @@ -package gemini - -import ( - "bytes" - "context" - "fmt" -) - -// PassthroughGeminiResponseStream forwards Gemini responses unchanged. -func PassthroughGeminiResponseStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - return []string{string(rawJSON)} -} - -// PassthroughGeminiResponseNonStream forwards Gemini responses unchanged. -func PassthroughGeminiResponseNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/init.go deleted file mode 100644 index d4ab316246..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/gemini/init.go +++ /dev/null @@ -1,22 +0,0 @@ -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -// Register a no-op response translator and a request normalizer for constant.Gemini→constant.Gemini. -// The request converter ensures missing or invalid roles are normalized to valid values. -func init() { - translator.Register( - constant.Gemini, - constant.Gemini, - ConvertGeminiRequestToGemini, - interfaces.TranslateResponse{ - Stream: PassthroughGeminiResponseStream, - NonStream: PassthroughGeminiResponseNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_request.go deleted file mode 100644 index 893303cfcb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_request.go +++ /dev/null @@ -1,403 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini API compatibility. -// It converts OpenAI Chat Completions requests into Gemini compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/common" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/misc" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToGemini converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertOpenAIRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := []byte(common.SanitizeOpenAIInputForGemini(string(inputRawJSON))) - // Base envelope (no default thinkingConfig) - out := []byte(`{"contents":[]}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.topK", tkr.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - case "video": - responseMods = append(responseMods, "VIDEO") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.imageConfig.imageSize", size.Str) - } - } - if videoCfg := gjson.GetBytes(rawJSON, "video_config"); videoCfg.Exists() && videoCfg.IsObject() { - if duration := videoCfg.Get("duration_seconds"); duration.Exists() && duration.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.videoConfig.durationSeconds", duration.Str) - } - if ar := videoCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.videoConfig.aspectRatio", ar.Str) - } - if resolution := videoCfg.Get("resolution"); resolution.Exists() && resolution.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.videoConfig.resolution", resolution.Str) - } - if negativePrompt := videoCfg.Get("negative_prompt"); negativePrompt.Exists() && negativePrompt.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.videoConfig.negativePrompt", negativePrompt.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> system_instruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if strings.TrimSpace(text) != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } else if role == "assistant" { - node := []byte(`{"role":"model","parts":[]}`) - p := 0 - if content.Type == gjson.String && strings.TrimSpace(content.String()) != "" { - // Assistant text -> single model content - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if strings.TrimSpace(text) != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - if hasGeminiParts(node) { - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(resp)) - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "contents.-1", toolNode) - } - } else if hasGeminiParts(node) { - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } - } - } - } - - // tools -> tools[].functionDeclarations + tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - params := fn.Get("parameters") - if !params.Exists() { - params = fn.Get("parametersJsonSchema") - } - strict := fn.Get("strict").Exists() && fn.Get("strict").Bool() - schema := common.NormalizeOpenAIFunctionSchemaForGemini(params, strict) - fnRaw, _ = sjson.Delete(fnRaw, "parameters") - fnRaw, _ = sjson.Delete(fnRaw, "parametersJsonSchema") - fnRaw, _ = sjson.Delete(fnRaw, "strict") - fnRaw, _ = sjson.SetRaw(fnRaw, "parametersJsonSchema", schema) - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - cleanedGoogleSearch := common.SanitizeToolSearchForGemini(gs.Raw) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(cleanedGoogleSearch)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "tools", toolsNode) - } - } - - out = common.AttachDefaultSafetySettings(out, "safetySettings") - - return out -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } - -func hasGeminiParts(node []byte) bool { - return gjson.GetBytes(node, "parts.#").Int() > 0 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_request_test.go deleted file mode 100644 index 698f6a9aa6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_request_test.go +++ /dev/null @@ -1,153 +0,0 @@ -package chat_completions - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIRequestToGeminiRemovesUnsupportedGoogleSearchFields(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - {"google_search":{"defer_loading":true,"deferLoading":true,"lat":"1"}} - ] - }`) - - got := ConvertOpenAIRequestToGemini("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - tool := res.Get("tools.0.googleSearch") - if !tool.Exists() { - t.Fatalf("expected googleSearch tool to exist") - } - if tool.Get("defer_loading").Exists() { - t.Fatalf("expected defer_loading to be removed") - } - if tool.Get("deferLoading").Exists() { - t.Fatalf("expected deferLoading to be removed") - } - if tool.Get("lat").String() != "1" { - t.Fatalf("expected non-problematic fields to remain") - } -} - -func TestConvertOpenAIRequestToGeminiMapsVideoConfigAndModalities(t *testing.T) { - input := []byte(`{ - "model":"veo-3.1-generate-preview", - "messages":[{"role":"user","content":"make a video"}], - "modalities":["video","text"], - "video_config":{ - "duration_seconds":"8", - "aspect_ratio":"16:9", - "resolution":"720p", - "negative_prompt":"blurry" - } - }`) - - got := ConvertOpenAIRequestToGemini("veo-3.1-generate-preview", input, false) - res := gjson.ParseBytes(got) - if !res.Get("generationConfig.responseModalities").IsArray() { - t.Fatalf("expected generationConfig.responseModalities array") - } - if res.Get("generationConfig.responseModalities.0").String() != "VIDEO" { - t.Fatalf("expected first modality VIDEO, got %q", res.Get("generationConfig.responseModalities.0").String()) - } - if res.Get("generationConfig.videoConfig.durationSeconds").String() != "8" { - t.Fatalf("expected durationSeconds=8, got %q", res.Get("generationConfig.videoConfig.durationSeconds").String()) - } - if res.Get("generationConfig.videoConfig.aspectRatio").String() != "16:9" { - t.Fatalf("expected aspectRatio=16:9, got %q", res.Get("generationConfig.videoConfig.aspectRatio").String()) - } - if res.Get("generationConfig.videoConfig.resolution").String() != "720p" { - t.Fatalf("expected resolution=720p, got %q", res.Get("generationConfig.videoConfig.resolution").String()) - } - if res.Get("generationConfig.videoConfig.negativePrompt").String() != "blurry" { - t.Fatalf("expected negativePrompt=blurry, got %q", res.Get("generationConfig.videoConfig.negativePrompt").String()) - } -} - -func TestConvertOpenAIRequestToGeminiSkipsEmptyAssistantMessage(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[ - {"role":"user","content":"first"}, - {"role":"assistant","content":""}, - {"role":"user","content":"second"} - ] - }`) - - got := ConvertOpenAIRequestToGemini("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - if count := len(res.Get("contents").Array()); count != 2 { - t.Fatalf("expected 2 content entries (assistant empty skipped), got %d", count) - } - if res.Get("contents.0.role").String() != "user" || res.Get("contents.1.role").String() != "user" { - t.Fatalf("expected only user entries, got %s", res.Get("contents").Raw) - } -} - -func TestConvertOpenAIRequestToGeminiSkipsWhitespaceOnlyAssistantMessage(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[ - {"role":"user","content":"first"}, - {"role":"assistant","content":" \n\t "}, - {"role":"user","content":"second"} - ] - }`) - - got := ConvertOpenAIRequestToGemini("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - if count := len(res.Get("contents").Array()); count != 2 { - t.Fatalf("expected 2 content entries (assistant whitespace-only skipped), got %d", count) - } -} - -func TestConvertOpenAIRequestToGeminiStrictToolSchemaSetsClosedObject(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "type":"function", - "function":{ - "name":"save_note", - "description":"Save a note", - "strict":true, - "parameters":{"type":"object","properties":{"note":{"type":"string"}}} - } - } - ] - }`) - - got := ConvertOpenAIRequestToGemini("gemini-2.5-pro", input, false) - res := gjson.ParseBytes(got) - - if !res.Get("tools.0.functionDeclarations.0.parametersJsonSchema.additionalProperties").Exists() { - t.Fatalf("expected additionalProperties to be set for strict schema") - } - if res.Get("tools.0.functionDeclarations.0.parametersJsonSchema.additionalProperties").Bool() { - t.Fatalf("expected additionalProperties=false for strict schema") - } -} - -func TestConvertOpenAIRequestToGeminiStripsThoughtSignatureFields(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.5-pro", - "messages":[ - {"role":"user","content":"hello"} - ], - "metadata":{"thought_signature":"abc","thoughtSignature":"def"} - }`) - - got := ConvertOpenAIRequestToGemini("gemini-2.5-pro", input, false) - raw := string(got) - if strings.Contains(raw, "thought_signature") { - t.Fatalf("expected thought_signature to be removed from translated payload") - } - if strings.Contains(raw, "\"thoughtSignature\":\"def\"") { - t.Fatalf("expected inbound thoughtSignature value to be removed from translated payload") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_response.go deleted file mode 100644 index f0d03d470a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/gemini_openai_response.go +++ /dev/null @@ -1,411 +0,0 @@ -// Package openai provides response translation functionality for Gemini to OpenAI API compatibility. -// This package handles the conversion of Gemini API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertGeminiResponseToOpenAIChatParams holds parameters for response conversion. -type convertGeminiResponseToOpenAIChatParams struct { - UnixTimestamp int64 - // FunctionIndex tracks tool call indices per candidate index to support multiple candidates. - FunctionIndex map[int]int -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertGeminiResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertGeminiResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - // Initialize parameters if nil. - if *param == nil { - *param = &convertGeminiResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: make(map[int]int), - } - } - - // Ensure the Map is initialized (handling cases where param might be reused from older context). - p := (*param).(*convertGeminiResponseToOpenAIChatParams) - if p.FunctionIndex == nil { - p.FunctionIndex = make(map[int]int) - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE base template. - // We use a base template and clone it for each candidate to support multiple candidates. - baseTemplate := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - p.UnixTimestamp = t.Unix() - } - baseTemplate, _ = sjson.Set(baseTemplate, "created", p.UnixTimestamp) - } else { - baseTemplate, _ = sjson.Set(baseTemplate, "created", p.UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "id", responseIDResult.String()) - } - - // Extract and set usage metadata (token counts). - // Usage is applied to the base template so it appears in the chunks. - if usageResult := gjson.GetBytes(rawJSON, "usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - cachedTokenCount - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - baseTemplate, _ = sjson.Set(baseTemplate, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - baseTemplate, err = sjson.Set(baseTemplate, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini openai response: failed to set cached_tokens in streaming: %v", err) - } - } - } - - var responseStrings []string - candidates := gjson.GetBytes(rawJSON, "candidates") - - // Iterate over all candidates to support candidate_count > 1. - if candidates.IsArray() { - candidates.ForEach(func(_, candidate gjson.Result) bool { - // Clone the template for the current candidate. - template := baseTemplate - - // Set the specific index for this candidate. - candidateIndex := int(candidate.Get("index").Int()) - template, _ = sjson.Set(template, "choices.0.index", candidateIndex) - - finishReason := "" - if stopReasonResult := gjson.GetBytes(rawJSON, "stop_reason"); stopReasonResult.Exists() { - finishReason = stopReasonResult.String() - } - if finishReason == "" { - if finishReasonResult := gjson.GetBytes(rawJSON, "candidates.0.finishReason"); finishReasonResult.Exists() { - finishReason = finishReasonResult.String() - } - } - finishReason = strings.ToLower(finishReason) - - partsResult := candidate.Get("content.parts") - hasFunctionCall := false - - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Skip pure thoughtSignature parts but keep any actual payload in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - text := partTextResult.String() - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", text) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", text) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - hasFunctionCall = true - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - - // Retrieve the function index for this specific candidate. - functionCallIndex := p.FunctionIndex[candidateIndex] - p.FunctionIndex[candidateIndex]++ - - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - if hasFunctionCall { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else if finishReason != "" { - // Only pass through specific finish reasons - if finishReason == "max_tokens" || finishReason == "stop" { - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } - } - - responseStrings = append(responseStrings, template) - return true // continue loop - }) - } else { - // If there are no candidates (e.g., a pure usageMetadata chunk), return the usage chunk if present. - if gjson.GetBytes(rawJSON, "usageMetadata").Exists() && len(responseStrings) == 0 { - // OpenAI spec: chunks with only usage should have empty choices or OMIT it. - // LiteLLM can fail with "missing finish_reason for choice 0" if a choice exists with null finish_reason. - template, _ := sjson.Delete(baseTemplate, "choices") - template, _ = sjson.SetRaw(template, "choices", "[]") - responseStrings = append(responseStrings, template) - } - } - - return responseStrings -} - -// ConvertGeminiResponseToOpenAINonStream converts a non-streaming Gemini response to a non-streaming OpenAI response. -// This function processes the complete Gemini response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertGeminiResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - var unixTimestamp int64 - // Initialize template with an empty choices array to support multiple candidates. - template := `{"id":"","object":"chat.completion","created":123456,"model":"model","choices":[]}` - - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - if createTimeResult := gjson.GetBytes(rawJSON, "createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - unixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", unixTimestamp) - } else { - template, _ = sjson.Set(template, "created", unixTimestamp) - } - - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - if usageResult := gjson.GetBytes(rawJSON, "usageMetadata"); usageResult.Exists() { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount+thoughtsTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini openai response: failed to set cached_tokens in non-streaming: %v", err) - } - } - } - - // Process the main content part of the response for all candidates. - candidates := gjson.GetBytes(rawJSON, "candidates") - if candidates.IsArray() { - candidates.ForEach(func(_, candidate gjson.Result) bool { - // Construct a single Choice object. - choiceTemplate := `{"index":0,"message":{"role":"assistant","content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}` - - // Set the index for this choice. - choiceTemplate, _ = sjson.Set(choiceTemplate, "index", candidate.Get("index").Int()) - - // Set finish reason. - if finishReasonResult := candidate.Get("finishReason"); finishReasonResult.Exists() { - choiceTemplate, _ = sjson.Set(choiceTemplate, "finish_reason", strings.ToLower(finishReasonResult.String())) - choiceTemplate, _ = sjson.Set(choiceTemplate, "native_finish_reason", strings.ToLower(finishReasonResult.String())) - } - - partsResult := candidate.Get("content.parts") - hasFunctionCall := false - if partsResult.IsArray() { - partsResults := partsResult.Array() - for i := 0; i < len(partsResults); i++ { - partResult := partsResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - if partTextResult.Exists() { - // Append text content, distinguishing between regular content and reasoning. - if partResult.Get("thought").Bool() { - oldVal := gjson.Get(choiceTemplate, "message.reasoning_content").String() - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.reasoning_content", oldVal+partTextResult.String()) - } else { - oldVal := gjson.Get(choiceTemplate, "message.content").String() - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.content", oldVal+partTextResult.String()) - } - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - } else if functionCallResult.Exists() { - // Append function call content to the tool_calls array. - hasFunctionCall = true - toolCallsResult := gjson.Get(choiceTemplate, "message.tool_calls") - if !toolCallsResult.Exists() || !toolCallsResult.IsArray() { - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.tool_calls", `[]`) - } - functionCallItemTemplate := `{"id": "","type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", fcArgsResult.Raw) - } - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.tool_calls.-1", functionCallItemTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data != "" { - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(choiceTemplate, "message.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.images", `[]`) - } - imageIndex := len(gjson.Get(choiceTemplate, "message.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.images.-1", imagePayload) - } - } - } - } - - if hasFunctionCall { - choiceTemplate, _ = sjson.Set(choiceTemplate, "finish_reason", "tool_calls") - choiceTemplate, _ = sjson.Set(choiceTemplate, "native_finish_reason", "tool_calls") - } - - // Append the constructed choice to the main choices array. - template, _ = sjson.SetRaw(template, "choices.-1", choiceTemplate) - return true - }) - } - - return template -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/init.go deleted file mode 100644 index 6b196a3455..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Gemini, - ConvertOpenAIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAI, - NonStream: ConvertGeminiResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go deleted file mode 100644 index f76b9ea501..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go +++ /dev/null @@ -1,458 +0,0 @@ -package responses - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiResponsesThoughtSignature = "skip_thought_signature_validator" - -func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := []byte(common.SanitizeOpenAIInputForGemini(string(inputRawJSON))) - - // Note: modelName and stream parameters are part of the fixed method signature - _ = modelName // Unused but required by interface - _ = stream // Unused but required by interface - - // Base Gemini API template (do not include thinkingConfig by default) - out := `{"contents":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Extract system instruction from OpenAI "instructions" field - if instructions := root.Get("instructions"); instructions.Exists() { - systemInstr := `{"parts":[{"text":""}]}` - systemInstr, _ = sjson.Set(systemInstr, "parts.0.text", instructions.String()) - out, _ = sjson.SetRaw(out, "system_instruction", systemInstr) - } - - // Convert input messages to Gemini contents format - if input := root.Get("input"); input.Exists() && input.IsArray() { - items := input.Array() - - // Normalize consecutive function calls and outputs so each call is immediately followed by its response - normalized := make([]gjson.Result, 0, len(items)) - for i := 0; i < len(items); { - item := items[i] - itemType := item.Get("type").String() - itemRole := item.Get("role").String() - if itemType == "" && itemRole != "" { - itemType = "message" - } - - if itemType == "function_call" { - var calls []gjson.Result - var outputs []gjson.Result - - for i < len(items) { - next := items[i] - nextType := next.Get("type").String() - nextRole := next.Get("role").String() - if nextType == "" && nextRole != "" { - nextType = "message" - } - if nextType != "function_call" { - break - } - calls = append(calls, next) - i++ - } - - for i < len(items) { - next := items[i] - nextType := next.Get("type").String() - nextRole := next.Get("role").String() - if nextType == "" && nextRole != "" { - nextType = "message" - } - if nextType != "function_call_output" { - break - } - outputs = append(outputs, next) - i++ - } - - if len(calls) > 0 { - outputMap := make(map[string]gjson.Result, len(outputs)) - for _, out := range outputs { - outputMap[out.Get("call_id").String()] = out - } - for _, call := range calls { - normalized = append(normalized, call) - callID := call.Get("call_id").String() - if resp, ok := outputMap[callID]; ok { - normalized = append(normalized, resp) - delete(outputMap, callID) - } - } - for _, out := range outputs { - if _, ok := outputMap[out.Get("call_id").String()]; ok { - normalized = append(normalized, out) - } - } - continue - } - } - - if itemType == "function_call_output" { - normalized = append(normalized, item) - i++ - continue - } - - normalized = append(normalized, item) - i++ - } - - for _, item := range normalized { - itemType := item.Get("type").String() - itemRole := item.Get("role").String() - if itemType == "" && itemRole != "" { - itemType = "message" - } - - switch itemType { - case "message": - if strings.EqualFold(itemRole, "system") { - if contentArray := item.Get("content"); contentArray.Exists() { - systemInstr := "" - if systemInstructionResult := gjson.Get(out, "system_instruction"); systemInstructionResult.Exists() { - systemInstr = systemInstructionResult.Raw - } else { - systemInstr = `{"parts":[]}` - } - - if contentArray.IsArray() { - contentArray.ForEach(func(_, contentItem gjson.Result) bool { - part := `{"text":""}` - text := contentItem.Get("text").String() - part, _ = sjson.Set(part, "text", text) - systemInstr, _ = sjson.SetRaw(systemInstr, "parts.-1", part) - return true - }) - } else if contentArray.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentArray.String()) - systemInstr, _ = sjson.SetRaw(systemInstr, "parts.-1", part) - } - - if systemInstr != `{"parts":[]}` { - out, _ = sjson.SetRaw(out, "system_instruction", systemInstr) - } - } - continue - } - - // Handle regular messages - // Note: In Responses format, model outputs may appear as content items with type "output_text" - // even when the message.role is "user". We split such items into distinct Gemini messages - // with roles derived from the content type to match docs/convert-2.md. - if contentArray := item.Get("content"); contentArray.Exists() && contentArray.IsArray() { - currentRole := "" - var currentParts []string - - flush := func() { - if currentRole == "" || len(currentParts) == 0 { - currentParts = nil - return - } - one := `{"role":"","parts":[]}` - one, _ = sjson.Set(one, "role", currentRole) - for _, part := range currentParts { - one, _ = sjson.SetRaw(one, "parts.-1", part) - } - out, _ = sjson.SetRaw(out, "contents.-1", one) - currentParts = nil - } - - contentArray.ForEach(func(_, contentItem gjson.Result) bool { - contentType := contentItem.Get("type").String() - if contentType == "" { - contentType = "input_text" - } - - effRole := "user" - if itemRole != "" { - switch strings.ToLower(itemRole) { - case "assistant", "model": - effRole = "model" - default: - effRole = strings.ToLower(itemRole) - } - } - if contentType == "output_text" { - effRole = "model" - } - if effRole == "assistant" { - effRole = "model" - } - - if currentRole != "" && effRole != currentRole { - flush() - currentRole = "" - } - if currentRole == "" { - currentRole = effRole - } - - var partJSON string - switch contentType { - case "input_text", "output_text": - if text := contentItem.Get("text"); text.Exists() { - textValue := text.String() - if strings.TrimSpace(textValue) != "" { - partJSON = `{"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", textValue) - } - } - case "input_image": - imageURL := contentItem.Get("image_url").String() - if imageURL == "" { - imageURL = contentItem.Get("url").String() - } - if imageURL != "" { - mimeType := "application/octet-stream" - data := "" - if strings.HasPrefix(imageURL, "data:") { - trimmed := strings.TrimPrefix(imageURL, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mimeType = mediaAndData[0] - } - data = mediaAndData[1] - } else { - mediaAndData = strings.SplitN(trimmed, ",", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mimeType = mediaAndData[0] - } - data = mediaAndData[1] - } - } - } - if data != "" { - partJSON = `{"inline_data":{"mime_type":"","data":""}}` - partJSON, _ = sjson.Set(partJSON, "inline_data.mime_type", mimeType) - partJSON, _ = sjson.Set(partJSON, "inline_data.data", data) - } - } - } - - if partJSON != "" { - currentParts = append(currentParts, partJSON) - } - return true - }) - - flush() - } else if contentArray.Type == gjson.String { - contentText := contentArray.String() - if strings.TrimSpace(contentText) == "" { - continue - } - effRole := "user" - if itemRole != "" { - switch strings.ToLower(itemRole) { - case "assistant", "model": - effRole = "model" - default: - effRole = strings.ToLower(itemRole) - } - } - - one := `{"role":"","parts":[{"text":""}]}` - one, _ = sjson.Set(one, "role", effRole) - one, _ = sjson.Set(one, "parts.0.text", contentText) - out, _ = sjson.SetRaw(out, "contents.-1", one) - } - case "function_call": - // Handle function calls - convert to model message with functionCall - name := item.Get("name").String() - arguments := item.Get("arguments").String() - - modelContent := `{"role":"model","parts":[]}` - functionCall := `{"functionCall":{"name":"","args":{}}}` - functionCall, _ = sjson.Set(functionCall, "functionCall.name", name) - functionCall, _ = sjson.Set(functionCall, "thoughtSignature", geminiResponsesThoughtSignature) - functionCall, _ = sjson.Set(functionCall, "functionCall.id", item.Get("call_id").String()) - - // Parse arguments JSON string and set as args object - if arguments != "" { - argsResult := gjson.Parse(arguments) - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsResult.Raw) - } - - modelContent, _ = sjson.SetRaw(modelContent, "parts.-1", functionCall) - out, _ = sjson.SetRaw(out, "contents.-1", modelContent) - - case "function_call_output": - // Handle function call outputs - convert to function message with functionResponse - callID := item.Get("call_id").String() - // Use .Raw to preserve the JSON encoding (includes quotes for strings) - outputRaw := item.Get("output").Str - - functionContent := `{"role":"function","parts":[]}` - functionResponse := `{"functionResponse":{"name":"","response":{}}}` - - // We need to extract the function name from the previous function_call - // For now, we'll use a placeholder or extract from context if available - functionName := "unknown" // This should ideally be matched with the corresponding function_call - - // Find the corresponding function call name by matching call_id - // We need to look back through the input array to find the matching call - if inputArray := root.Get("input"); inputArray.Exists() && inputArray.IsArray() { - inputArray.ForEach(func(_, prevItem gjson.Result) bool { - if prevItem.Get("type").String() == "function_call" && prevItem.Get("call_id").String() == callID { - functionName = prevItem.Get("name").String() - return false // Stop iteration - } - return true - }) - } - - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.name", functionName) - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.id", callID) - - // Set the function output into the response. - // When the output is valid JSON without literal control characters - // (newlines, carriage returns inside string values) we embed it as a - // raw JSON value so the model sees structured data. Otherwise we - // fall back to sjson.Set which safely escapes the value as a string. - // This prevents sjson.SetRaw from corrupting the JSON tree when the - // raw value contains literal newlines (common with double-encoded - // function outputs whose inner escape sequences were decoded by .Str). - if outputRaw != "" && outputRaw != "null" { - output := gjson.Parse(outputRaw) - if output.Type == gjson.JSON && !containsLiteralControlChars(output.Raw) { - functionResponse, _ = sjson.SetRaw(functionResponse, "functionResponse.response.result", output.Raw) - } else { - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.response.result", outputRaw) - } - } - functionContent, _ = sjson.SetRaw(functionContent, "parts.-1", functionResponse) - out, _ = sjson.SetRaw(out, "contents.-1", functionContent) - - case "reasoning": - thoughtContent := `{"role":"model","parts":[]}` - thought := `{"text":"","thoughtSignature":"","thought":true}` - thought, _ = sjson.Set(thought, "text", item.Get("summary.0.text").String()) - thought, _ = sjson.Set(thought, "thoughtSignature", item.Get("encrypted_content").String()) - - thoughtContent, _ = sjson.SetRaw(thoughtContent, "parts.-1", thought) - out, _ = sjson.SetRaw(out, "contents.-1", thoughtContent) - } - } - } else if input.Exists() && input.Type == gjson.String { - // Simple string input conversion to user message - userContent := `{"role":"user","parts":[{"text":""}]}` - userContent, _ = sjson.Set(userContent, "parts.0.text", input.String()) - out, _ = sjson.SetRaw(out, "contents.-1", userContent) - } - - // Convert tools to Gemini functionDeclarations format - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - geminiTools := `[{"functionDeclarations":[]}]` - - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("type").String() == "function" { - funcDecl := `{"name":"","description":"","parametersJsonSchema":{}}` - - if name := tool.Get("name"); name.Exists() { - funcDecl, _ = sjson.Set(funcDecl, "name", name.String()) - } - if desc := tool.Get("description"); desc.Exists() { - funcDecl, _ = sjson.Set(funcDecl, "description", desc.String()) - } - params := tool.Get("parameters") - if !params.Exists() { - params = tool.Get("parametersJsonSchema") - } - strict := tool.Get("strict").Exists() && tool.Get("strict").Bool() - cleaned := common.NormalizeOpenAIFunctionSchemaForGemini(params, strict) - funcDecl, _ = sjson.SetRaw(funcDecl, "parametersJsonSchema", cleaned) - - geminiTools, _ = sjson.SetRaw(geminiTools, "0.functionDeclarations.-1", funcDecl) - } - return true - }) - - // Only add tools if there are function declarations - if funcDecls := gjson.Get(geminiTools, "0.functionDeclarations"); funcDecls.Exists() && len(funcDecls.Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", geminiTools) - } - } - - // Handle generation config from OpenAI format - if maxOutputTokens := root.Get("max_output_tokens"); maxOutputTokens.Exists() { - genConfig := `{"maxOutputTokens":0}` - genConfig, _ = sjson.Set(genConfig, "maxOutputTokens", maxOutputTokens.Int()) - out, _ = sjson.SetRaw(out, "generationConfig", genConfig) - } - - // Handle temperature if present - if temperature := root.Get("temperature"); temperature.Exists() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - out, _ = sjson.Set(out, "generationConfig.temperature", temperature.Float()) - } - - // Handle top_p if present - if topP := root.Get("top_p"); topP.Exists() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - out, _ = sjson.Set(out, "generationConfig.topP", topP.Float()) - } - - // Handle stop sequences - if stopSequences := root.Get("stop_sequences"); stopSequences.Exists() && stopSequences.IsArray() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - var sequences []string - stopSequences.ForEach(func(_, seq gjson.Result) bool { - sequences = append(sequences, seq.String()) - return true - }) - out, _ = sjson.Set(out, "generationConfig.stopSequences", sequences) - } - - // Apply thinking configuration: convert OpenAI Responses API reasoning.effort to Gemini thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := root.Get("reasoning.effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.Set(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.Set(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.Set(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.Set(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - result := []byte(out) - result = common.AttachDefaultSafetySettings(result, "safetySettings") - return result -} - -// containsLiteralControlChars reports whether s contains any ASCII control -// character (0x00–0x1F) other than horizontal tab (0x09). Literal newlines -// and carriage returns inside a JSON value cause sjson.SetRaw to mis-parse -// string boundaries and corrupt the surrounding JSON tree. -func containsLiteralControlChars(s string) bool { - for _, c := range s { - if c < 0x20 && c != '\t' { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go deleted file mode 100644 index 123184f914..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go +++ /dev/null @@ -1,172 +0,0 @@ -package responses - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIResponsesRequestToGeminiFunctionCall(t *testing.T) { - input := []byte(`{ - "model": "gemini-2.0-flash", - "input": [ - {"type":"message","role":"user","content":[{"type":"input_text","text":"What's the forecast?"}]}, - {"type":"function_call","call_id":"call-1","name":"weather","arguments":"{\"city\":\"SF\"}"}, - {"type":"function_call_output","call_id":"call-1","output":"{\"temp\":72}"} - ] - }`) - - got := ConvertOpenAIResponsesRequestToGemini("gemini-2.0-flash", input, false) - res := gjson.ParseBytes(got) - - first := res.Get("contents.0") - if first.Get("role").String() != "user" { - t.Fatalf("contents[0].role = %s, want user", first.Get("role").String()) - } - if first.Get("parts.0.text").String() != "What's the forecast?" { - t.Fatalf("unexpected first part text: %q", first.Get("parts.0.text").String()) - } - - second := res.Get("contents.1") - if second.Get("role").String() != "model" { - t.Fatalf("contents[1].role = %s, want model", second.Get("role").String()) - } - if second.Get("parts.0.functionCall.name").String() != "weather" { - t.Fatalf("unexpected function name: %s", second.Get("parts.0.functionCall.name").String()) - } - - third := res.Get("contents.2") - if third.Get("role").String() != "function" { - t.Fatalf("contents[2].role = %s, want function", third.Get("role").String()) - } - if third.Get("parts.0.functionResponse.name").String() != "weather" { - t.Fatalf("unexpected function response name: %s", third.Get("parts.0.functionResponse.name").String()) - } -} - -func TestConvertOpenAIResponsesRequestToGeminiSkipsEmptyTextParts(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.0-flash", - "input":[ - {"type":"message","role":"user","content":[ - {"type":"input_text","text":" "}, - {"type":"input_text","text":"real prompt"} - ]} - ] - }`) - - got := ConvertOpenAIResponsesRequestToGemini("gemini-2.0-flash", input, false) - res := gjson.ParseBytes(got) - if res.Get("contents.0.parts.#").Int() != 1 { - t.Fatalf("expected only one non-empty text part, got %s", res.Get("contents.0.parts").Raw) - } - if res.Get("contents.0.parts.0.text").String() != "real prompt" { - t.Fatalf("expected surviving text part to be preserved") - } -} - -func TestConvertOpenAIResponsesRequestToGeminiMapsMaxOutputTokens(t *testing.T) { - input := []byte(`{"model":"gemini-2.0-flash","input":"hello","max_output_tokens":123}`) - - got := ConvertOpenAIResponsesRequestToGemini("gemini-2.0-flash", input, false) - res := gjson.ParseBytes(got) - if res.Get("generationConfig.maxOutputTokens").Int() != 123 { - t.Fatalf("generationConfig.maxOutputTokens = %d, want 123", res.Get("generationConfig.maxOutputTokens").Int()) - } -} - -func TestConvertOpenAIResponsesRequestToGeminiRemovesUnsupportedSchemaFields(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.0-flash", - "input":"hello", - "tools":[ - { - "type":"function", - "name":"search", - "description":"search data", - "parameters":{ - "type":"object", - "$id":"urn:search", - "properties":{"query":{"type":"string"}}, - "patternProperties":{"^x-":{"type":"string"}} - } - } - ] - }`) - - got := ConvertOpenAIResponsesRequestToGemini("gemini-2.0-flash", input, false) - res := gjson.ParseBytes(got) - schema := res.Get("tools.0.functionDeclarations.0.parametersJsonSchema") - if !schema.Exists() { - t.Fatalf("expected parametersJsonSchema to exist") - } - if schema.Get("$id").Exists() { - t.Fatalf("expected $id to be removed") - } - if schema.Get("patternProperties").Exists() { - t.Fatalf("expected patternProperties to be removed") - } -} - -func TestConvertOpenAIResponsesRequestToGeminiHandlesNullableTypeArrays(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.0-flash", - "input":"hello", - "tools":[ - { - "type":"function", - "name":"write_file", - "description":"write file content", - "parameters":{ - "type":"object", - "properties":{ - "path":{"type":"string"}, - "content":{"type":["string","null"]} - }, - "required":["path"] - } - } - ] - }`) - - got := ConvertOpenAIResponsesRequestToGemini("gemini-2.0-flash", input, false) - res := gjson.ParseBytes(got) - - contentType := res.Get("tools.0.functionDeclarations.0.parametersJsonSchema.properties.content.type") - if !contentType.Exists() { - t.Fatalf("expected content.type to exist after schema normalization") - } - if contentType.Type == gjson.String && strings.HasPrefix(contentType.String(), "[") { - t.Fatalf("expected content.type not to be stringified type array, got %q", contentType.String()) - } -} - -func TestConvertOpenAIResponsesRequestToGeminiStrictSchemaClosesAdditionalProperties(t *testing.T) { - input := []byte(`{ - "model":"gemini-2.0-flash", - "input":"hello", - "tools":[ - { - "type":"function", - "name":"write_file", - "description":"write file content", - "strict":true, - "parameters":{ - "type":"object", - "properties":{"path":{"type":"string"}} - } - } - ] - }`) - - got := ConvertOpenAIResponsesRequestToGemini("gemini-2.0-flash", input, false) - res := gjson.ParseBytes(got) - - if !res.Get("tools.0.functionDeclarations.0.parametersJsonSchema.additionalProperties").Exists() { - t.Fatalf("expected strict schema to set additionalProperties") - } - if res.Get("tools.0.functionDeclarations.0.parametersJsonSchema.additionalProperties").Bool() { - t.Fatalf("expected additionalProperties=false for strict schema") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_response.go deleted file mode 100644 index 985897fab9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_response.go +++ /dev/null @@ -1,758 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type geminiToResponsesState struct { - Seq int - ResponseID string - CreatedAt int64 - Started bool - - // message aggregation - MsgOpened bool - MsgClosed bool - MsgIndex int - CurrentMsgID string - TextBuf strings.Builder - ItemTextBuf strings.Builder - - // reasoning aggregation - ReasoningOpened bool - ReasoningIndex int - ReasoningItemID string - ReasoningEnc string - ReasoningBuf strings.Builder - ReasoningClosed bool - - // function call aggregation (keyed by output_index) - NextIndex int - FuncArgsBuf map[int]*strings.Builder - FuncNames map[int]string - FuncCallIDs map[int]string - FuncDone map[int]bool -} - -// responseIDCounter provides a process-wide unique counter for synthesized response identifiers. -var responseIDCounter uint64 - -// funcCallIDCounter provides a process-wide unique counter for function call identifiers. -var funcCallIDCounter uint64 - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -func unwrapRequestRoot(root gjson.Result) gjson.Result { - req := root.Get("request") - if !req.Exists() { - return root - } - if req.Get("model").Exists() || req.Get("input").Exists() || req.Get("instructions").Exists() { - return req - } - return root -} - -func unwrapGeminiResponseRoot(root gjson.Result) gjson.Result { - resp := root.Get("response") - if !resp.Exists() { - return root - } - // Vertex-style Gemini responses wrap the actual payload in a "response" object. - if resp.Get("candidates").Exists() || resp.Get("responseId").Exists() || resp.Get("usageMetadata").Exists() { - return resp - } - return root -} - -func emitEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertGeminiResponseToOpenAIResponses converts Gemini SSE chunks into OpenAI Responses SSE events. -func ConvertGeminiResponseToOpenAIResponses(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &geminiToResponsesState{ - FuncArgsBuf: make(map[int]*strings.Builder), - FuncNames: make(map[int]string), - FuncCallIDs: make(map[int]string), - FuncDone: make(map[int]bool), - } - } - st := (*param).(*geminiToResponsesState) - if st.FuncArgsBuf == nil { - st.FuncArgsBuf = make(map[int]*strings.Builder) - } - if st.FuncNames == nil { - st.FuncNames = make(map[int]string) - } - if st.FuncCallIDs == nil { - st.FuncCallIDs = make(map[int]string) - } - if st.FuncDone == nil { - st.FuncDone = make(map[int]bool) - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - rawJSON = bytes.TrimSpace(rawJSON) - if len(rawJSON) == 0 || bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - root := gjson.ParseBytes(rawJSON) - if !root.Exists() { - return []string{} - } - root = unwrapGeminiResponseRoot(root) - - var out []string - nextSeq := func() int { st.Seq++; return st.Seq } - - // Helper to finalize reasoning summary events in correct order. - // It emits response.reasoning_summary_text.done followed by - // response.reasoning_summary_part.done exactly once. - finalizeReasoning := func() { - if !st.ReasoningOpened || st.ReasoningClosed { - return - } - full := st.ReasoningBuf.String() - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningItemID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", full) - out = append(out, emitEvent("response.reasoning_summary_text.done", textDone)) - - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningItemID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", full) - out = append(out, emitEvent("response.reasoning_summary_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "item.id", st.ReasoningItemID) - itemDone, _ = sjson.Set(itemDone, "output_index", st.ReasoningIndex) - itemDone, _ = sjson.Set(itemDone, "item.encrypted_content", st.ReasoningEnc) - itemDone, _ = sjson.Set(itemDone, "item.summary.0.text", full) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.ReasoningClosed = true - } - - // Helper to finalize the assistant message in correct order. - // It emits response.output_text.done, response.content_part.done, - // and response.output_item.done exactly once. - finalizeMessage := func() { - if !st.MsgOpened || st.MsgClosed { - return - } - fullText := st.ItemTextBuf.String() - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", st.CurrentMsgID) - done, _ = sjson.Set(done, "output_index", st.MsgIndex) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitEvent("response.output_text.done", done)) - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.CurrentMsgID) - partDone, _ = sjson.Set(partDone, "output_index", st.MsgIndex) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitEvent("response.content_part.done", partDone)) - final := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","text":""}],"role":"assistant"}}` - final, _ = sjson.Set(final, "sequence_number", nextSeq()) - final, _ = sjson.Set(final, "output_index", st.MsgIndex) - final, _ = sjson.Set(final, "item.id", st.CurrentMsgID) - final, _ = sjson.Set(final, "item.content.0.text", fullText) - out = append(out, emitEvent("response.output_item.done", final)) - - st.MsgClosed = true - } - - // Initialize per-response fields and emit created/in_progress once - if !st.Started { - st.ResponseID = root.Get("responseId").String() - if st.ResponseID == "" { - st.ResponseID = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - if !strings.HasPrefix(st.ResponseID, "resp_") { - st.ResponseID = fmt.Sprintf("resp_%s", st.ResponseID) - } - if v := root.Get("createTime"); v.Exists() { - if t, errParseCreateTime := time.Parse(time.RFC3339Nano, v.String()); errParseCreateTime == nil { - st.CreatedAt = t.Unix() - } - } - if st.CreatedAt == 0 { - st.CreatedAt = time.Now().Unix() - } - - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.created", created)) - - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.in_progress", inprog)) - - st.Started = true - st.NextIndex = 0 - } - - // Handle parts (text/thought/functionCall) - if parts := root.Get("candidates.0.content.parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Reasoning text - if part.Get("thought").Bool() { - if st.ReasoningClosed { - // Ignore any late thought chunks after reasoning is finalized. - return true - } - if sig := part.Get("thoughtSignature"); sig.Exists() && sig.String() != "" && sig.String() != geminiResponsesThoughtSignature { - st.ReasoningEnc = sig.String() - } else if sig = part.Get("thought_signature"); sig.Exists() && sig.String() != "" && sig.String() != geminiResponsesThoughtSignature { - st.ReasoningEnc = sig.String() - } - if !st.ReasoningOpened { - st.ReasoningOpened = true - st.ReasoningIndex = st.NextIndex - st.NextIndex++ - st.ReasoningItemID = fmt.Sprintf("rs_%s_%d", st.ResponseID, st.ReasoningIndex) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","encrypted_content":"","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", st.ReasoningIndex) - item, _ = sjson.Set(item, "item.id", st.ReasoningItemID) - item, _ = sjson.Set(item, "item.encrypted_content", st.ReasoningEnc) - out = append(out, emitEvent("response.output_item.added", item)) - partAdded := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partAdded, _ = sjson.Set(partAdded, "sequence_number", nextSeq()) - partAdded, _ = sjson.Set(partAdded, "item_id", st.ReasoningItemID) - partAdded, _ = sjson.Set(partAdded, "output_index", st.ReasoningIndex) - out = append(out, emitEvent("response.reasoning_summary_part.added", partAdded)) - } - if t := part.Get("text"); t.Exists() && t.String() != "" { - st.ReasoningBuf.WriteString(t.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningItemID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.reasoning_summary_text.delta", msg)) - } - return true - } - - // Assistant visible text - if t := part.Get("text"); t.Exists() && t.String() != "" { - // Before emitting non-reasoning outputs, finalize reasoning if open. - finalizeReasoning() - if !st.MsgOpened { - st.MsgOpened = true - st.MsgIndex = st.NextIndex - st.NextIndex++ - st.CurrentMsgID = fmt.Sprintf("msg_%s_0", st.ResponseID) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", st.MsgIndex) - item, _ = sjson.Set(item, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.added", item)) - partAdded := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partAdded, _ = sjson.Set(partAdded, "sequence_number", nextSeq()) - partAdded, _ = sjson.Set(partAdded, "item_id", st.CurrentMsgID) - partAdded, _ = sjson.Set(partAdded, "output_index", st.MsgIndex) - out = append(out, emitEvent("response.content_part.added", partAdded)) - st.ItemTextBuf.Reset() - } - st.TextBuf.WriteString(t.String()) - st.ItemTextBuf.WriteString(t.String()) - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.CurrentMsgID) - msg, _ = sjson.Set(msg, "output_index", st.MsgIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.output_text.delta", msg)) - return true - } - - // Function call - if fc := part.Get("functionCall"); fc.Exists() { - // Before emitting function-call outputs, finalize reasoning and the message (if open). - // Responses streaming requires message done events before the next output_item.added. - finalizeReasoning() - finalizeMessage() - name := fc.Get("name").String() - idx := st.NextIndex - st.NextIndex++ - // Ensure buffers - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - if st.FuncCallIDs[idx] == "" { - st.FuncCallIDs[idx] = fmt.Sprintf("call_%d_%d", time.Now().UnixNano(), atomic.AddUint64(&funcCallIDCounter, 1)) - } - st.FuncNames[idx] = name - - argsJSON := "{}" - if args := fc.Get("args"); args.Exists() { - argsJSON = args.Raw - } - if st.FuncArgsBuf[idx].Len() == 0 && argsJSON != "" { - st.FuncArgsBuf[idx].WriteString(argsJSON) - } - - // Emit item.added for function call - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - item, _ = sjson.Set(item, "item.call_id", st.FuncCallIDs[idx]) - item, _ = sjson.Set(item, "item.name", name) - out = append(out, emitEvent("response.output_item.added", item)) - - // Emit arguments delta (full args in one chunk). - // When Gemini omits args, emit "{}" to keep Responses streaming event order consistent. - if argsJSON != "" { - ad := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - ad, _ = sjson.Set(ad, "sequence_number", nextSeq()) - ad, _ = sjson.Set(ad, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - ad, _ = sjson.Set(ad, "output_index", idx) - ad, _ = sjson.Set(ad, "delta", argsJSON) - out = append(out, emitEvent("response.function_call_arguments.delta", ad)) - } - - // Gemini emits the full function call payload at once, so we can finalize it immediately. - if !st.FuncDone[idx] { - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", argsJSON) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - itemDone, _ = sjson.Set(itemDone, "item.arguments", argsJSON) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.FuncCallIDs[idx]) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.FuncDone[idx] = true - } - - return true - } - - return true - }) - } - - // Finalization on finishReason - if fr := root.Get("candidates.0.finishReason"); fr.Exists() && fr.String() != "" { - // Finalize reasoning first to keep ordering tight with last delta - finalizeReasoning() - finalizeMessage() - - // Close function calls - if len(st.FuncArgsBuf) > 0 { - // sort indices (small N); avoid extra imports - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for idx := range st.FuncArgsBuf { - idxs = append(idxs, idx) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, idx := range idxs { - if st.FuncDone[idx] { - continue - } - args := "{}" - if b := st.FuncArgsBuf[idx]; b != nil && b.Len() > 0 { - args = b.String() - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.FuncCallIDs[idx]) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.FuncDone[idx] = true - } - } - - // Reasoning already finalized above if present - - // Build response.completed with aggregated outputs and request echo fields - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.CreatedAt) - - if reqJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON); len(reqJSON) > 0 { - req := unwrapRequestRoot(gjson.ParseBytes(reqJSON)) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - - // Compose outputs in output_index order. - outputsWrapper := `{"arr":[]}` - for idx := 0; idx < st.NextIndex; idx++ { - if st.ReasoningOpened && idx == st.ReasoningIndex { - item := `{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", st.ReasoningItemID) - item, _ = sjson.Set(item, "encrypted_content", st.ReasoningEnc) - item, _ = sjson.Set(item, "summary.0.text", st.ReasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - continue - } - if st.MsgOpened && idx == st.MsgIndex { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", st.CurrentMsgID) - item, _ = sjson.Set(item, "content.0.text", st.TextBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - continue - } - - if callID, ok := st.FuncCallIDs[idx]; ok && callID != "" { - args := "{}" - if b := st.FuncArgsBuf[idx]; b != nil && b.Len() > 0 { - args = b.String() - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", st.FuncNames[idx]) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // usage mapping - if um := root.Get("usageMetadata"); um.Exists() { - // input tokens = prompt + thoughts - input := um.Get("promptTokenCount").Int() + um.Get("thoughtsTokenCount").Int() - completed, _ = sjson.Set(completed, "response.usage.input_tokens", input) - // cached token details: align with OpenAI "cached_tokens" semantics. - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", um.Get("cachedContentTokenCount").Int()) - // output tokens - if v := um.Get("candidatesTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.output_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.output_tokens", 0) - } - if v := um.Get("thoughtsTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", 0) - } - if v := um.Get("totalTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", 0) - } - } - - out = append(out, emitEvent("response.completed", completed)) - } - - return out -} - -// ConvertGeminiResponseToOpenAIResponsesNonStream aggregates Gemini response JSON into a single OpenAI Responses JSON object. -func ConvertGeminiResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - root = unwrapGeminiResponseRoot(root) - - // Base response scaffold - resp := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null}` - - // id: prefer provider responseId, otherwise synthesize - id := root.Get("responseId").String() - if id == "" { - id = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - // Normalize to response-style id (prefix resp_ if missing) - if !strings.HasPrefix(id, "resp_") { - id = fmt.Sprintf("resp_%s", id) - } - resp, _ = sjson.Set(resp, "id", id) - - // created_at: map from createTime if available - createdAt := time.Now().Unix() - if v := root.Get("createTime"); v.Exists() { - if t, errParseCreateTime := time.Parse(time.RFC3339Nano, v.String()); errParseCreateTime == nil { - createdAt = t.Unix() - } - } - resp, _ = sjson.Set(resp, "created_at", createdAt) - - // Echo request fields when present; fallback model from response modelVersion - if reqJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON); len(reqJSON) > 0 { - req := unwrapRequestRoot(gjson.ParseBytes(reqJSON)) - if v := req.Get("instructions"); v.Exists() { - resp, _ = sjson.Set(resp, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } else if v = root.Get("modelVersion"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - resp, _ = sjson.Set(resp, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - resp, _ = sjson.Set(resp, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - resp, _ = sjson.Set(resp, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - resp, _ = sjson.Set(resp, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - resp, _ = sjson.Set(resp, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - resp, _ = sjson.Set(resp, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - resp, _ = sjson.Set(resp, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - resp, _ = sjson.Set(resp, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - resp, _ = sjson.Set(resp, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - resp, _ = sjson.Set(resp, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - resp, _ = sjson.Set(resp, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - resp, _ = sjson.Set(resp, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - resp, _ = sjson.Set(resp, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - resp, _ = sjson.Set(resp, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - resp, _ = sjson.Set(resp, "metadata", v.Value()) - } - } else if v := root.Get("modelVersion"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - - // Build outputs from candidates[0].content.parts - var reasoningText strings.Builder - var reasoningEncrypted string - var messageText strings.Builder - var haveMessage bool - - haveOutput := false - ensureOutput := func() { - if haveOutput { - return - } - resp, _ = sjson.SetRaw(resp, "output", "[]") - haveOutput = true - } - appendOutput := func(itemJSON string) { - ensureOutput() - resp, _ = sjson.SetRaw(resp, "output.-1", itemJSON) - } - - if parts := root.Get("candidates.0.content.parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, p gjson.Result) bool { - if p.Get("thought").Bool() { - if t := p.Get("text"); t.Exists() { - reasoningText.WriteString(t.String()) - } - if sig := p.Get("thoughtSignature"); sig.Exists() && sig.String() != "" { - reasoningEncrypted = sig.String() - } - return true - } - if t := p.Get("text"); t.Exists() && t.String() != "" { - messageText.WriteString(t.String()) - haveMessage = true - return true - } - if fc := p.Get("functionCall"); fc.Exists() { - name := fc.Get("name").String() - args := fc.Get("args") - callID := fmt.Sprintf("call_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&funcCallIDCounter, 1)) - itemJSON := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("fc_%s", callID)) - itemJSON, _ = sjson.Set(itemJSON, "call_id", callID) - itemJSON, _ = sjson.Set(itemJSON, "name", name) - argsStr := "" - if args.Exists() { - argsStr = args.Raw - } - itemJSON, _ = sjson.Set(itemJSON, "arguments", argsStr) - appendOutput(itemJSON) - return true - } - return true - }) - } - - // Reasoning output item - if reasoningText.Len() > 0 || reasoningEncrypted != "" { - rid := strings.TrimPrefix(id, "resp_") - itemJSON := `{"id":"","type":"reasoning","encrypted_content":""}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("rs_%s", rid)) - itemJSON, _ = sjson.Set(itemJSON, "encrypted_content", reasoningEncrypted) - if reasoningText.Len() > 0 { - summaryJSON := `{"type":"summary_text","text":""}` - summaryJSON, _ = sjson.Set(summaryJSON, "text", reasoningText.String()) - itemJSON, _ = sjson.SetRaw(itemJSON, "summary", "[]") - itemJSON, _ = sjson.SetRaw(itemJSON, "summary.-1", summaryJSON) - } - appendOutput(itemJSON) - } - - // Assistant message output item - if haveMessage { - itemJSON := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("msg_%s_0", strings.TrimPrefix(id, "resp_"))) - itemJSON, _ = sjson.Set(itemJSON, "content.0.text", messageText.String()) - appendOutput(itemJSON) - } - - // usage mapping - if um := root.Get("usageMetadata"); um.Exists() { - // input tokens = prompt + thoughts - input := um.Get("promptTokenCount").Int() + um.Get("thoughtsTokenCount").Int() - resp, _ = sjson.Set(resp, "usage.input_tokens", input) - // cached token details: align with OpenAI "cached_tokens" semantics. - resp, _ = sjson.Set(resp, "usage.input_tokens_details.cached_tokens", um.Get("cachedContentTokenCount").Int()) - // output tokens - if v := um.Get("candidatesTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens", v.Int()) - } - if v := um.Get("thoughtsTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens_details.reasoning_tokens", v.Int()) - } - if v := um.Get("totalTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.total_tokens", v.Int()) - } - } - - return resp -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_response_test.go deleted file mode 100644 index 8c7299753c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_response_test.go +++ /dev/null @@ -1,353 +0,0 @@ -package responses - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func parseSSEEvent(t *testing.T, chunk string) (string, gjson.Result) { - t.Helper() - - lines := strings.Split(chunk, "\n") - if len(lines) < 2 { - t.Fatalf("unexpected SSE chunk: %q", chunk) - } - - event := strings.TrimSpace(strings.TrimPrefix(lines[0], "event:")) - dataLine := strings.TrimSpace(strings.TrimPrefix(lines[1], "data:")) - if !gjson.Valid(dataLine) { - t.Fatalf("invalid SSE data JSON: %q", dataLine) - } - return event, gjson.Parse(dataLine) -} - -func TestConvertGeminiResponseToOpenAIResponses_UnwrapAndAggregateText(t *testing.T) { - // Vertex-style Gemini stream wraps the actual response payload under "response". - // This test ensures we unwrap and that output_text.done contains the full text. - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"让"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"我先"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"了解"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"mcp__serena__list_dir","args":{"recursive":false,"relative_path":"internal"},"id":"toolu_1"}}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15,"cachedContentTokenCount":2},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - } - - originalReq := []byte(`{"instructions":"test instructions","model":"gpt-5","max_output_tokens":123}`) - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", originalReq, nil, []byte(line), ¶m)...) - } - - var ( - gotTextDone bool - gotMessageDone bool - gotResponseDone bool - gotFuncDone bool - - textDone string - messageText string - responseID string - instructions string - cachedTokens int64 - - funcName string - funcArgs string - - posTextDone = -1 - posPartDone = -1 - posMessageDone = -1 - posFuncAdded = -1 - ) - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_text.done": - gotTextDone = true - if posTextDone == -1 { - posTextDone = i - } - textDone = data.Get("text").String() - case "response.content_part.done": - if posPartDone == -1 { - posPartDone = i - } - case "response.output_item.done": - switch data.Get("item.type").String() { - case "message": - gotMessageDone = true - if posMessageDone == -1 { - posMessageDone = i - } - messageText = data.Get("item.content.0.text").String() - case "function_call": - gotFuncDone = true - funcName = data.Get("item.name").String() - funcArgs = data.Get("item.arguments").String() - } - case "response.output_item.added": - if data.Get("item.type").String() == "function_call" && posFuncAdded == -1 { - posFuncAdded = i - } - case "response.completed": - gotResponseDone = true - responseID = data.Get("response.id").String() - instructions = data.Get("response.instructions").String() - cachedTokens = data.Get("response.usage.input_tokens_details.cached_tokens").Int() - } - } - - if !gotTextDone { - t.Fatalf("missing response.output_text.done event") - } - if posTextDone == -1 || posPartDone == -1 || posMessageDone == -1 || posFuncAdded == -1 { - t.Fatalf("missing ordering events: textDone=%d partDone=%d messageDone=%d funcAdded=%d", posTextDone, posPartDone, posMessageDone, posFuncAdded) - } - if posTextDone >= posPartDone || posPartDone >= posMessageDone || posMessageDone >= posFuncAdded { - t.Fatalf("unexpected message/function ordering: textDone=%d partDone=%d messageDone=%d funcAdded=%d", posTextDone, posPartDone, posMessageDone, posFuncAdded) - } - if !gotMessageDone { - t.Fatalf("missing message response.output_item.done event") - } - if !gotFuncDone { - t.Fatalf("missing function_call response.output_item.done event") - } - if !gotResponseDone { - t.Fatalf("missing response.completed event") - } - - if textDone != "让我先了解" { - t.Fatalf("unexpected output_text.done text: got %q", textDone) - } - if messageText != "让我先了解" { - t.Fatalf("unexpected message done text: got %q", messageText) - } - - if responseID != "resp_req_vrtx_1" { - t.Fatalf("unexpected response id: got %q", responseID) - } - if instructions != "test instructions" { - t.Fatalf("unexpected instructions echo: got %q", instructions) - } - if cachedTokens != 2 { - t.Fatalf("unexpected cached token count: got %d", cachedTokens) - } - - if funcName != "mcp__serena__list_dir" { - t.Fatalf("unexpected function name: got %q", funcName) - } - if !gjson.Valid(funcArgs) { - t.Fatalf("invalid function arguments JSON: %q", funcArgs) - } - if gjson.Get(funcArgs, "recursive").Bool() != false { - t.Fatalf("unexpected recursive arg: %v", gjson.Get(funcArgs, "recursive").Value()) - } - if gjson.Get(funcArgs, "relative_path").String() != "internal" { - t.Fatalf("unexpected relative_path arg: %q", gjson.Get(funcArgs, "relative_path").String()) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_ReasoningEncryptedContent(t *testing.T) { - sig := "RXE0RENrZ0lDeEFDR0FJcVFOZDdjUzlleGFuRktRdFcvSzNyZ2MvWDNCcDQ4RmxSbGxOWUlOVU5kR1l1UHMrMGdkMVp0Vkg3ekdKU0g4YVljc2JjN3lNK0FrdGpTNUdqamI4T3Z0VVNETzdQd3pmcFhUOGl3U3hXUEJvTVFRQ09mWTFyMEtTWGZxUUlJakFqdmFGWk83RW1XRlBKckJVOVpkYzdDKw==" - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"thoughtSignature":"` + sig + `","text":""}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"text":"a"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"hello"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - var ( - addedEnc string - doneEnc string - ) - for _, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.added": - if data.Get("item.type").String() == "reasoning" { - addedEnc = data.Get("item.encrypted_content").String() - } - case "response.output_item.done": - if data.Get("item.type").String() == "reasoning" { - doneEnc = data.Get("item.encrypted_content").String() - } - } - } - - if addedEnc != sig { - t.Fatalf("unexpected encrypted_content in response.output_item.added: got %q", addedEnc) - } - if doneEnc != sig { - t.Fatalf("unexpected encrypted_content in response.output_item.done: got %q", doneEnc) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_FunctionCallEventOrder(t *testing.T) { - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool0"}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool1"}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool2","args":{"a":1}}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - posAdded := []int{-1, -1, -1} - posArgsDelta := []int{-1, -1, -1} - posArgsDone := []int{-1, -1, -1} - posItemDone := []int{-1, -1, -1} - posCompleted := -1 - deltaByIndex := map[int]string{} - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.added": - if data.Get("item.type").String() != "function_call" { - continue - } - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posAdded) { - posAdded[idx] = i - } - case "response.function_call_arguments.delta": - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posArgsDelta) { - posArgsDelta[idx] = i - deltaByIndex[idx] = data.Get("delta").String() - } - case "response.function_call_arguments.done": - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posArgsDone) { - posArgsDone[idx] = i - } - case "response.output_item.done": - if data.Get("item.type").String() != "function_call" { - continue - } - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posItemDone) { - posItemDone[idx] = i - } - case "response.completed": - posCompleted = i - - output := data.Get("response.output") - if !output.Exists() || !output.IsArray() { - t.Fatalf("missing response.output in response.completed") - } - if len(output.Array()) != 3 { - t.Fatalf("unexpected response.output length: got %d", len(output.Array())) - } - if data.Get("response.output.0.name").String() != "tool0" || data.Get("response.output.0.arguments").String() != "{}" { - t.Fatalf("unexpected output[0]: %s", data.Get("response.output.0").Raw) - } - if data.Get("response.output.1.name").String() != "tool1" || data.Get("response.output.1.arguments").String() != "{}" { - t.Fatalf("unexpected output[1]: %s", data.Get("response.output.1").Raw) - } - if data.Get("response.output.2.name").String() != "tool2" { - t.Fatalf("unexpected output[2] name: %s", data.Get("response.output.2").Raw) - } - if !gjson.Valid(data.Get("response.output.2.arguments").String()) { - t.Fatalf("unexpected output[2] arguments: %q", data.Get("response.output.2.arguments").String()) - } - } - } - - if posCompleted == -1 { - t.Fatalf("missing response.completed event") - } - for idx := 0; idx < 3; idx++ { - if posAdded[idx] == -1 || posArgsDelta[idx] == -1 || posArgsDone[idx] == -1 || posItemDone[idx] == -1 { - t.Fatalf("missing function call events for output_index %d: added=%d argsDelta=%d argsDone=%d itemDone=%d", idx, posAdded[idx], posArgsDelta[idx], posArgsDone[idx], posItemDone[idx]) - } - if posAdded[idx] >= posArgsDelta[idx] || posArgsDelta[idx] >= posArgsDone[idx] || posArgsDone[idx] >= posItemDone[idx] { - t.Fatalf("unexpected ordering for output_index %d: added=%d argsDelta=%d argsDone=%d itemDone=%d", idx, posAdded[idx], posArgsDelta[idx], posArgsDone[idx], posItemDone[idx]) - } - if idx > 0 && posItemDone[idx-1] >= posAdded[idx] { - t.Fatalf("function call events overlap between %d and %d: prevDone=%d nextAdded=%d", idx-1, idx, posItemDone[idx-1], posAdded[idx]) - } - } - - if deltaByIndex[0] != "{}" { - t.Fatalf("unexpected delta for output_index 0: got %q", deltaByIndex[0]) - } - if deltaByIndex[1] != "{}" { - t.Fatalf("unexpected delta for output_index 1: got %q", deltaByIndex[1]) - } - if deltaByIndex[2] == "" || !gjson.Valid(deltaByIndex[2]) || gjson.Get(deltaByIndex[2], "a").Int() != 1 { - t.Fatalf("unexpected delta for output_index 2: got %q", deltaByIndex[2]) - } - if posItemDone[2] >= posCompleted { - t.Fatalf("response.completed should be after last output_item.done: last=%d completed=%d", posItemDone[2], posCompleted) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_ResponseOutputOrdering(t *testing.T) { - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool0","args":{"x":"y"}}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"hi"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - posFuncDone := -1 - posMsgAdded := -1 - posCompleted := -1 - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.done": - if data.Get("item.type").String() == "function_call" && data.Get("output_index").Int() == 0 { - posFuncDone = i - } - case "response.output_item.added": - if data.Get("item.type").String() == "message" && data.Get("output_index").Int() == 1 { - posMsgAdded = i - } - case "response.completed": - posCompleted = i - if data.Get("response.output.0.type").String() != "function_call" { - t.Fatalf("expected response.output[0] to be function_call: %s", data.Get("response.output.0").Raw) - } - if data.Get("response.output.1.type").String() != "message" { - t.Fatalf("expected response.output[1] to be message: %s", data.Get("response.output.1").Raw) - } - if data.Get("response.output.1.content.0.text").String() != "hi" { - t.Fatalf("unexpected message text in response.output[1]: %s", data.Get("response.output.1").Raw) - } - } - } - - if posFuncDone == -1 || posMsgAdded == -1 || posCompleted == -1 { - t.Fatalf("missing required events: funcDone=%d msgAdded=%d completed=%d", posFuncDone, posMsgAdded, posCompleted) - } - if posFuncDone >= posMsgAdded { - t.Fatalf("expected function_call to complete before message is added: funcDone=%d msgAdded=%d", posFuncDone, posMsgAdded) - } - if posMsgAdded >= posCompleted { - t.Fatalf("expected response.completed after message added: msgAdded=%d completed=%d", posMsgAdded, posCompleted) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/init.go deleted file mode 100644 index 0bfd525850..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/gemini/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Gemini, - ConvertOpenAIResponsesRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAIResponses, - NonStream: ConvertGeminiResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/init.go deleted file mode 100644 index 402680c356..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/init.go +++ /dev/null @@ -1,39 +0,0 @@ -package translator - -import ( - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/gemini-cli" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/antigravity/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/antigravity/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/antigravity/openai/chat-completions" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/antigravity/openai/responses" - - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/openai" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/init.go deleted file mode 100644 index d2682c1490..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package claude provides translation between constant.Kiro and constant.Claude formats. -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Kiro, - ConvertClaudeRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToClaude, - NonStream: ConvertKiroNonStreamToClaude, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude.go deleted file mode 100644 index 752a00d987..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package claude provides translation between Kiro and Claude formats. -// Since Kiro executor generates Claude-compatible SSE format internally (with event: prefix), -// translations are pass-through for streaming, but responses need proper formatting. -package claude - -import ( - "context" -) - -// ConvertKiroStreamToClaude converts Kiro streaming response to Claude format. -// Kiro executor already generates complete SSE format with "event:" prefix, -// so this is a simple pass-through. -func ConvertKiroStreamToClaude(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) []string { - return []string{string(rawResponse)} -} - -// ConvertKiroNonStreamToClaude converts Kiro non-streaming response to Claude format. -// The response is already in Claude format, so this is a pass-through. -func ConvertKiroNonStreamToClaude(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) string { - return string(rawResponse) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_request.go deleted file mode 100644 index e392ee0512..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_request.go +++ /dev/null @@ -1,961 +0,0 @@ -// Package claude provides request translation functionality for Claude API to Kiro format. -// It handles parsing and transforming Claude API requests into the Kiro/Amazon Q API format, -// extracting model information, system instructions, message contents, and tool declarations. -package claude - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - "time" - "unicode/utf8" - - "github.com/google/uuid" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// remoteWebSearchDescription is a minimal fallback for when dynamic fetch from MCP tools/list hasn't completed yet. -const remoteWebSearchDescription = "WebSearch looks up information outside the model's training data. Supports multiple queries to gather comprehensive information." - -// Kiro API request structs - field order determines JSON key order - -// KiroPayload is the top-level request structure for Kiro API -type KiroPayload struct { - ConversationState KiroConversationState `json:"conversationState"` - ProfileArn string `json:"profileArn,omitempty"` - InferenceConfig *KiroInferenceConfig `json:"inferenceConfig,omitempty"` -} - -// KiroInferenceConfig contains inference parameters for the Kiro API. -type KiroInferenceConfig struct { - MaxTokens int `json:"maxTokens,omitempty"` - Temperature float64 `json:"temperature,omitempty"` - TopP float64 `json:"topP,omitempty"` -} - -// KiroConversationState holds the conversation context -type KiroConversationState struct { - ChatTriggerType string `json:"chatTriggerType"` // Required: "MANUAL" - must be first field - ConversationID string `json:"conversationId"` - CurrentMessage KiroCurrentMessage `json:"currentMessage"` - History []KiroHistoryMessage `json:"history,omitempty"` -} - -// KiroCurrentMessage wraps the current user message -type KiroCurrentMessage struct { - UserInputMessage KiroUserInputMessage `json:"userInputMessage"` -} - -// KiroHistoryMessage represents a message in the conversation history -type KiroHistoryMessage struct { - UserInputMessage *KiroUserInputMessage `json:"userInputMessage,omitempty"` - AssistantResponseMessage *KiroAssistantResponseMessage `json:"assistantResponseMessage,omitempty"` -} - -// KiroImage represents an image in Kiro API format -type KiroImage struct { - Format string `json:"format"` - Source KiroImageSource `json:"source"` -} - -// KiroImageSource contains the image data -type KiroImageSource struct { - Bytes string `json:"bytes"` // base64 encoded image data -} - -// KiroUserInputMessage represents a user message -type KiroUserInputMessage struct { - Content string `json:"content"` - ModelID string `json:"modelId"` - Origin string `json:"origin"` - Images []KiroImage `json:"images,omitempty"` - UserInputMessageContext *KiroUserInputMessageContext `json:"userInputMessageContext,omitempty"` -} - -// KiroUserInputMessageContext contains tool-related context -type KiroUserInputMessageContext struct { - ToolResults []KiroToolResult `json:"toolResults,omitempty"` - Tools []KiroToolWrapper `json:"tools,omitempty"` -} - -// KiroToolResult represents a tool execution result -type KiroToolResult struct { - Content []KiroTextContent `json:"content"` - Status string `json:"status"` - ToolUseID string `json:"toolUseId"` -} - -// KiroTextContent represents text content -type KiroTextContent struct { - Text string `json:"text"` -} - -// KiroToolWrapper wraps a tool specification -type KiroToolWrapper struct { - ToolSpecification KiroToolSpecification `json:"toolSpecification"` -} - -// KiroToolSpecification defines a tool's schema -type KiroToolSpecification struct { - Name string `json:"name"` - Description string `json:"description"` - InputSchema KiroInputSchema `json:"inputSchema"` -} - -// KiroInputSchema wraps the JSON schema for tool input -type KiroInputSchema struct { - JSON interface{} `json:"json"` -} - -// KiroAssistantResponseMessage represents an assistant message -type KiroAssistantResponseMessage struct { - Content string `json:"content"` - ToolUses []KiroToolUse `json:"toolUses,omitempty"` -} - -// KiroToolUse represents a tool invocation by the assistant -type KiroToolUse struct { - ToolUseID string `json:"toolUseId"` - Name string `json:"name"` - Input map[string]interface{} `json:"input"` - IsTruncated bool `json:"-"` // Internal flag, not serialized - TruncationInfo *TruncationInfo `json:"-"` // Truncation details, not serialized -} - -// ConvertClaudeRequestToKiro converts a Claude API request to Kiro format. -// This is the main entry point for request translation. -func ConvertClaudeRequestToKiro(modelName string, inputRawJSON []byte, stream bool) []byte { - // For Kiro, we pass through the Claude format since buildKiroPayload - // expects Claude format and does the conversion internally. - // The actual conversion happens in the executor when building the HTTP request. - return inputRawJSON -} - -// BuildKiroPayload constructs the Kiro API request payload from Claude format. -// Supports tool calling - tools are passed via userInputMessageContext. -// origin parameter determines which quota to use: "CLI" for Amazon Q, "AI_EDITOR" for Kiro IDE. -// isAgentic parameter enables chunked write optimization prompt for -agentic model variants. -// isChatOnly parameter disables tool calling for -chat model variants (pure conversation mode). -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// metadata parameter is kept for API compatibility but no longer used for thinking configuration. -// Supports thinking mode - when enabled, injects thinking tags into system prompt. -// Returns the payload and a boolean indicating whether thinking mode was injected. -func BuildKiroPayload(claudeBody []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, headers http.Header, metadata map[string]any) ([]byte, bool) { - // Extract max_tokens for potential use in inferenceConfig - // Handle -1 as "use maximum" (Kiro max output is ~32000 tokens) - const kiroMaxOutputTokens = 32000 - var maxTokens int64 - if mt := gjson.GetBytes(claudeBody, "max_tokens"); mt.Exists() { - maxTokens = mt.Int() - if maxTokens == -1 { - maxTokens = kiroMaxOutputTokens - log.Debugf("kiro: max_tokens=-1 converted to %d", kiroMaxOutputTokens) - } - } - - // Extract temperature if specified - var temperature float64 - var hasTemperature bool - if temp := gjson.GetBytes(claudeBody, "temperature"); temp.Exists() { - temperature = temp.Float() - hasTemperature = true - } - - // Extract top_p if specified - var topP float64 - var hasTopP bool - if tp := gjson.GetBytes(claudeBody, "top_p"); tp.Exists() { - topP = tp.Float() - hasTopP = true - log.Debugf("kiro: extracted top_p: %.2f", topP) - } - - // Normalize origin value for Kiro API compatibility - origin = normalizeOrigin(origin) - log.Debugf("kiro: normalized origin value: %s", origin) - - messages := gjson.GetBytes(claudeBody, "messages") - - // For chat-only mode, don't include tools - var tools gjson.Result - if !isChatOnly { - tools = gjson.GetBytes(claudeBody, "tools") - } - - // Extract system prompt - systemPrompt := extractSystemPrompt(claudeBody) - - // Check for thinking mode using the comprehensive IsThinkingEnabledWithHeaders function - // This supports Claude API format, OpenAI reasoning_effort, AMP/Cursor format, and Anthropic-Beta header - thinkingEnabled := IsThinkingEnabledWithHeaders(claudeBody, headers) - - // Inject timestamp context - timestamp := time.Now().Format("2006-01-02 15:04:05 MST") - timestampContext := fmt.Sprintf("[Context: Current time is %s]", timestamp) - if systemPrompt != "" { - systemPrompt = timestampContext + "\n\n" + systemPrompt - } else { - systemPrompt = timestampContext - } - log.Debugf("kiro: injected timestamp context: %s", timestamp) - - // Inject agentic optimization prompt for -agentic model variants - if isAgentic { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += kirocommon.KiroAgenticSystemPrompt - } - - // Handle tool_choice parameter - Kiro doesn't support it natively, so we inject system prompt hints - // Claude tool_choice values: {"type": "auto/any/tool", "name": "..."} - toolChoiceHint := extractClaudeToolChoiceHint(claudeBody) - if toolChoiceHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += toolChoiceHint - log.Debugf("kiro: injected tool_choice hint into system prompt") - } - - // Convert Claude tools to Kiro format - kiroTools := convertClaudeToolsToKiro(tools) - - // Thinking mode implementation: - // Kiro API supports official thinking/reasoning mode via tag. - // When set to "enabled", Kiro returns reasoning content as official reasoningContentEvent - // rather than inline tags in assistantResponseEvent. - // We cap max_thinking_length to reserve space for tool outputs and prevent truncation. - if thinkingEnabled { - thinkingHint := `enabled -16000` - if systemPrompt != "" { - systemPrompt = thinkingHint + "\n\n" + systemPrompt - } else { - systemPrompt = thinkingHint - } - log.Infof("kiro: injected thinking prompt (official mode), has_tools: %v", len(kiroTools) > 0) - } - - // Process messages and build history - history, currentUserMsg, currentToolResults := processMessages(messages, modelID, origin) - - // Build content with system prompt (only on first turn to avoid re-injection) - if currentUserMsg != nil { - effectiveSystemPrompt := systemPrompt - if len(history) > 0 { - effectiveSystemPrompt = "" // Don't re-inject on subsequent turns - } - currentUserMsg.Content = buildFinalContent(currentUserMsg.Content, effectiveSystemPrompt, currentToolResults) - - // Deduplicate currentToolResults - currentToolResults = deduplicateToolResults(currentToolResults) - - // Build userInputMessageContext with tools and tool results - if len(kiroTools) > 0 || len(currentToolResults) > 0 { - currentUserMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - Tools: kiroTools, - ToolResults: currentToolResults, - } - } - } - - // Build payload - var currentMessage KiroCurrentMessage - if currentUserMsg != nil { - currentMessage = KiroCurrentMessage{UserInputMessage: *currentUserMsg} - } else { - fallbackContent := "" - if systemPrompt != "" { - fallbackContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n" - } - currentMessage = KiroCurrentMessage{UserInputMessage: KiroUserInputMessage{ - Content: fallbackContent, - ModelID: modelID, - Origin: origin, - }} - } - - // Build inferenceConfig if we have any inference parameters - // Note: Kiro API doesn't actually use max_tokens for thinking budget - var inferenceConfig *KiroInferenceConfig - if maxTokens > 0 || hasTemperature || hasTopP { - inferenceConfig = &KiroInferenceConfig{} - if maxTokens > 0 { - inferenceConfig.MaxTokens = int(maxTokens) - } - if hasTemperature { - inferenceConfig.Temperature = temperature - } - if hasTopP { - inferenceConfig.TopP = topP - } - } - - payload := KiroPayload{ - ConversationState: KiroConversationState{ - ChatTriggerType: "MANUAL", - ConversationID: uuid.New().String(), - CurrentMessage: currentMessage, - History: history, - }, - ProfileArn: profileArn, - InferenceConfig: inferenceConfig, - } - - result, err := json.Marshal(payload) - if err != nil { - log.Debugf("kiro: failed to marshal payload: %v", err) - return nil, false - } - - return result, thinkingEnabled -} - -// normalizeOrigin normalizes origin value for Kiro API compatibility -func normalizeOrigin(origin string) string { - switch origin { - case "KIRO_CLI": - return "CLI" - case "KIRO_AI_EDITOR": - return "AI_EDITOR" - case "AMAZON_Q": - return "CLI" - case "KIRO_IDE": - return "AI_EDITOR" - default: - return origin - } -} - -// extractSystemPrompt extracts system prompt from Claude request -func extractSystemPrompt(claudeBody []byte) string { - systemField := gjson.GetBytes(claudeBody, "system") - if systemField.IsArray() { - var sb strings.Builder - for _, block := range systemField.Array() { - if block.Get("type").String() == "text" { - sb.WriteString(block.Get("text").String()) - } else if block.Type == gjson.String { - sb.WriteString(block.String()) - } - } - return sb.String() - } - return systemField.String() -} - -// checkThinkingMode checks if thinking mode is enabled in the Claude request -func checkThinkingMode(claudeBody []byte) (bool, int64) { - thinkingEnabled := false - var budgetTokens int64 = 24000 - - thinkingField := gjson.GetBytes(claudeBody, "thinking") - if thinkingField.Exists() { - thinkingType := thinkingField.Get("type").String() - if thinkingType == "enabled" { - thinkingEnabled = true - if bt := thinkingField.Get("budget_tokens"); bt.Exists() { - budgetTokens = bt.Int() - if budgetTokens <= 0 { - thinkingEnabled = false - log.Debugf("kiro: thinking mode disabled via budget_tokens <= 0") - } - } - if thinkingEnabled { - log.Debugf("kiro: thinking mode enabled via Claude API parameter, budget_tokens: %d", budgetTokens) - } - } - } - - return thinkingEnabled, budgetTokens -} - -// IsThinkingEnabledFromHeader checks if thinking mode is enabled via Anthropic-Beta header. -// Claude CLI uses "Anthropic-Beta: interleaved-thinking-2025-05-14" to enable thinking. -func IsThinkingEnabledFromHeader(headers http.Header) bool { - if headers == nil { - return false - } - betaHeader := headers.Get("Anthropic-Beta") - if betaHeader == "" { - return false - } - // Check for interleaved-thinking beta feature - if strings.Contains(betaHeader, "interleaved-thinking") { - log.Debugf("kiro: thinking mode enabled via Anthropic-Beta header: %s", betaHeader) - return true - } - return false -} - -// IsThinkingEnabled is a public wrapper to check if thinking mode is enabled. -// This is used by the executor to determine whether to parse tags in responses. -// When thinking is NOT enabled in the request, tags in responses should be -// treated as regular text content, not as thinking blocks. -// -// Supports multiple formats: -// - Claude API format: thinking.type = "enabled" -// - OpenAI format: reasoning_effort parameter -// - AMP/Cursor format: interleaved in system prompt -func IsThinkingEnabled(body []byte) bool { - return IsThinkingEnabledWithHeaders(body, nil) -} - -// IsThinkingEnabledWithHeaders checks if thinking mode is enabled from body or headers. -// This is the comprehensive check that supports all thinking detection methods: -// - Claude API format: thinking.type = "enabled" -// - OpenAI format: reasoning_effort parameter -// - AMP/Cursor format: interleaved in system prompt -// - Anthropic-Beta header: interleaved-thinking-2025-05-14 -func IsThinkingEnabledWithHeaders(body []byte, headers http.Header) bool { - // Check Anthropic-Beta header first (Claude Code uses this) - if IsThinkingEnabledFromHeader(headers) { - return true - } - - // Check Claude API format first (thinking.type = "enabled") - enabled, _ := checkThinkingMode(body) - if enabled { - log.Debugf("kiro: IsThinkingEnabled returning true (Claude API format)") - return true - } - - // Check OpenAI format: reasoning_effort parameter - // Valid values: "low", "medium", "high", "auto" (not "none") - reasoningEffort := gjson.GetBytes(body, "reasoning_effort") - if reasoningEffort.Exists() { - effort := reasoningEffort.String() - if effort != "" && effort != "none" { - log.Debugf("kiro: thinking mode enabled via OpenAI reasoning_effort: %s", effort) - return true - } - } - - // Check AMP/Cursor format: interleaved in system prompt - // This is how AMP client passes thinking configuration - bodyStr := string(body) - if strings.Contains(bodyStr, "") && strings.Contains(bodyStr, "") { - // Extract thinking mode value - startTag := "" - endTag := "" - startIdx := strings.Index(bodyStr, startTag) - if startIdx >= 0 { - startIdx += len(startTag) - endIdx := strings.Index(bodyStr[startIdx:], endTag) - if endIdx >= 0 { - thinkingMode := bodyStr[startIdx : startIdx+endIdx] - if thinkingMode == "interleaved" || thinkingMode == "enabled" { - log.Debugf("kiro: thinking mode enabled via AMP/Cursor format: %s", thinkingMode) - return true - } - } - } - } - - // Check OpenAI format: max_completion_tokens with reasoning (o1-style) - // Some clients use this to indicate reasoning mode - if gjson.GetBytes(body, "max_completion_tokens").Exists() { - // If max_completion_tokens is set, check if model name suggests reasoning - model := gjson.GetBytes(body, "model").String() - if strings.Contains(strings.ToLower(model), "thinking") || - strings.Contains(strings.ToLower(model), "reason") { - log.Debugf("kiro: thinking mode enabled via model name hint: %s", model) - return true - } - } - - log.Debugf("kiro: IsThinkingEnabled returning false (no thinking mode detected)") - return false -} - -// shortenToolNameIfNeeded shortens tool names that exceed 64 characters. -// MCP tools often have long names like "mcp__server-name__tool-name". -// This preserves the "mcp__" prefix and last segment when possible. -func shortenToolNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - // For MCP tools, try to preserve prefix and last segment - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -func ensureKiroInputSchema(parameters interface{}) interface{} { - if parameters != nil { - return parameters - } - return map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{}, - } -} - -// convertClaudeToolsToKiro converts Claude tools to Kiro format -func convertClaudeToolsToKiro(tools gjson.Result) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - if !tools.IsArray() { - return kiroTools - } - - toolsArray := tools.Array() - for _, tool := range toolsArray { - name := tool.Get("name").String() - toolType := strings.ToLower(strings.TrimSpace(tool.Get("type").String())) - description := tool.Get("description").String() - inputSchemaResult := tool.Get("input_schema") - var inputSchema interface{} - if inputSchemaResult.Exists() && inputSchemaResult.Type != gjson.Null { - inputSchema = inputSchemaResult.Value() - } - inputSchema = ensureKiroInputSchema(inputSchema) - - // Shorten tool name if it exceeds 64 characters (common with MCP tools) - originalName := name - name = shortenToolNameIfNeeded(name) - if name != originalName { - log.Debugf("kiro: shortened tool name from '%s' to '%s'", originalName, name) - } - - // CRITICAL FIX: Kiro API requires non-empty description - if strings.TrimSpace(description) == "" { - description = fmt.Sprintf("Tool: %s", name) - log.Debugf("kiro: tool '%s' has empty description, using default: %s", name, description) - } - - // Claude built-in web_search tools can appear alongside normal tools. - // In mixed-tool requests, skip the built-in entry to avoid upstream 400 errors. - if strings.HasPrefix(toolType, "web_search") && len(toolsArray) > 1 { - log.Infof("kiro: skipping Claude built-in web_search tool in mixed-tool request (type=%s)", toolType) - continue - } - - // Rename web_search → remote_web_search for Kiro API compatibility - if name == "web_search" || strings.HasPrefix(toolType, "web_search") { - name = "remote_web_search" - // Prefer dynamically fetched description, fall back to hardcoded constant - if cached := GetWebSearchDescription(); cached != "" { - description = cached - } else { - description = remoteWebSearchDescription - } - log.Debugf("kiro: renamed tool web_search → remote_web_search") - } - - // Truncate long descriptions (individual tool limit) - if len(description) > kirocommon.KiroMaxToolDescLen { - truncLen := kirocommon.KiroMaxToolDescLen - 30 - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - description = description[:truncLen] + "... (description truncated)" - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: inputSchema}, - }, - }) - } - - // Apply dynamic compression if total tools size exceeds threshold - // This prevents 500 errors when Claude Code sends too many tools - kiroTools = compressToolsIfNeeded(kiroTools) - - return kiroTools -} - -// processMessages processes Claude messages and builds Kiro history -func processMessages(messages gjson.Result, modelID, origin string) ([]KiroHistoryMessage, *KiroUserInputMessage, []KiroToolResult) { - var history []KiroHistoryMessage - var currentUserMsg *KiroUserInputMessage - var currentToolResults []KiroToolResult - - // Merge adjacent messages with the same role - messagesArray := kirocommon.MergeAdjacentMessages(messages.Array()) - - // FIX: Kiro API requires history to start with a user message. - // Some clients (e.g., OpenClaw) send conversations starting with an assistant message, - // which is valid for the Claude API but causes "Improperly formed request" on Kiro. - // Prepend a placeholder user message so the history alternation is correct. - if len(messagesArray) > 0 && messagesArray[0].Get("role").String() == "assistant" { - placeholder := `{"role":"user","content":"."}` - messagesArray = append([]gjson.Result{gjson.Parse(placeholder)}, messagesArray...) - log.Infof("kiro: messages started with assistant role, prepended placeholder user message for Kiro API compatibility") - } - - for i, msg := range messagesArray { - role := msg.Get("role").String() - isLastMessage := i == len(messagesArray)-1 - - switch role { - case "user": - userMsg, toolResults := BuildUserMessageStruct(msg, modelID, origin) - // CRITICAL: Kiro API requires content to be non-empty for ALL user messages - // This includes both history messages and the current message. - // When user message contains only tool_result (no text), content will be empty. - // This commonly happens in compaction requests from OpenCode. - if strings.TrimSpace(userMsg.Content) == "" { - if len(toolResults) > 0 { - userMsg.Content = kirocommon.DefaultUserContentWithToolResults - } else { - userMsg.Content = kirocommon.DefaultUserContent - } - log.Debugf("kiro: user content was empty, using default: %s", userMsg.Content) - } - if isLastMessage { - currentUserMsg = &userMsg - currentToolResults = toolResults - } else { - // For history messages, embed tool results in context - if len(toolResults) > 0 { - userMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - ToolResults: toolResults, - } - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &userMsg, - }) - } - case "assistant": - assistantMsg := BuildAssistantMessageStruct(msg) - if isLastMessage { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - // Create a "Continue" user message as currentMessage - currentUserMsg = &KiroUserInputMessage{ - Content: "Continue", - ModelID: modelID, - Origin: origin, - } - } else { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - } - } - } - - // POST-PROCESSING: Remove orphaned tool_results that have no matching tool_use - // in any assistant message. This happens when Claude Code compaction truncates - // the conversation and removes the assistant message containing the tool_use, - // but keeps the user message with the corresponding tool_result. - // Without this fix, Kiro API returns "Improperly formed request". - validToolUseIDs := make(map[string]bool) - for _, h := range history { - if h.AssistantResponseMessage != nil { - for _, tu := range h.AssistantResponseMessage.ToolUses { - validToolUseIDs[tu.ToolUseID] = true - } - } - } - - // Filter orphaned tool results from history user messages - for i, h := range history { - if h.UserInputMessage != nil && h.UserInputMessage.UserInputMessageContext != nil { - ctx := h.UserInputMessage.UserInputMessageContext - if len(ctx.ToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(ctx.ToolResults)) - for _, tr := range ctx.ToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - } else { - log.Debugf("kiro: dropping orphaned tool_result in history[%d]: toolUseId=%s (no matching tool_use)", i, tr.ToolUseID) - } - } - ctx.ToolResults = filtered - if len(ctx.ToolResults) == 0 && len(ctx.Tools) == 0 { - h.UserInputMessage.UserInputMessageContext = nil - } - } - } - } - - // Filter orphaned tool results from current message - if len(currentToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(currentToolResults)) - for _, tr := range currentToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - } else { - log.Debugf("kiro: dropping orphaned tool_result in currentMessage: toolUseId=%s (no matching tool_use)", tr.ToolUseID) - } - } - if len(filtered) != len(currentToolResults) { - log.Infof("kiro: dropped %d orphaned tool_result(s) from currentMessage (compaction artifact)", len(currentToolResults)-len(filtered)) - } - currentToolResults = filtered - } - - return history, currentUserMsg, currentToolResults -} - -// buildFinalContent builds the final content with system prompt -func buildFinalContent(content, systemPrompt string, toolResults []KiroToolResult) string { - var contentBuilder strings.Builder - - if systemPrompt != "" { - contentBuilder.WriteString("--- SYSTEM PROMPT ---\n") - contentBuilder.WriteString(systemPrompt) - contentBuilder.WriteString("\n--- END SYSTEM PROMPT ---\n\n") - } - - contentBuilder.WriteString(content) - finalContent := contentBuilder.String() - - // CRITICAL: Kiro API requires content to be non-empty - if strings.TrimSpace(finalContent) == "" { - if len(toolResults) > 0 { - finalContent = "Tool results provided." - } else { - finalContent = "Continue" - } - log.Debugf("kiro: content was empty, using default: %s", finalContent) - } - - return finalContent -} - -// deduplicateToolResults removes duplicate tool results -func deduplicateToolResults(toolResults []KiroToolResult) []KiroToolResult { - if len(toolResults) == 0 { - return toolResults - } - - seenIDs := make(map[string]bool) - unique := make([]KiroToolResult, 0, len(toolResults)) - for _, tr := range toolResults { - if !seenIDs[tr.ToolUseID] { - seenIDs[tr.ToolUseID] = true - unique = append(unique, tr) - } else { - log.Debugf("kiro: skipping duplicate toolResult in currentMessage: %s", tr.ToolUseID) - } - } - return unique -} - -// extractClaudeToolChoiceHint extracts tool_choice from Claude request and returns a system prompt hint. -// Claude tool_choice values: -// - {"type": "auto"}: Model decides (default, no hint needed) -// - {"type": "any"}: Must use at least one tool -// - {"type": "tool", "name": "..."}: Must use specific tool -func extractClaudeToolChoiceHint(claudeBody []byte) string { - toolChoice := gjson.GetBytes(claudeBody, "tool_choice") - if !toolChoice.Exists() { - return "" - } - - toolChoiceType := toolChoice.Get("type").String() - switch toolChoiceType { - case "any": - return "[INSTRUCTION: You MUST use at least one of the available tools to respond. Do not respond with text only - always make a tool call.]" - case "tool": - toolName := toolChoice.Get("name").String() - if toolName != "" { - return fmt.Sprintf("[INSTRUCTION: You MUST use the tool named '%s' to respond. Do not use any other tool or respond with text only.]", toolName) - } - case "auto": - // Default behavior, no hint needed - return "" - } - - return "" -} - -// BuildUserMessageStruct builds a user message and extracts tool results -func BuildUserMessageStruct(msg gjson.Result, modelID, origin string) (KiroUserInputMessage, []KiroToolResult) { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolResults []KiroToolResult - var images []KiroImage - - // Track seen toolUseIds to deduplicate - seenToolUseIDs := make(map[string]bool) - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "image": - mediaType := part.Get("source.media_type").String() - data := part.Get("source.data").String() - - format := "" - if idx := strings.LastIndex(mediaType, "/"); idx != -1 { - format = mediaType[idx+1:] - } - - if format != "" && data != "" { - images = append(images, KiroImage{ - Format: format, - Source: KiroImageSource{ - Bytes: data, - }, - }) - } - case "tool_result": - toolUseID := part.Get("tool_use_id").String() - - // Skip duplicate toolUseIds - if seenToolUseIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool_result with toolUseId: %s", toolUseID) - continue - } - seenToolUseIDs[toolUseID] = true - - isError := part.Get("is_error").Bool() - resultContent := part.Get("content") - - var textContents []KiroTextContent - - // Check if this tool_result contains error from our SOFT_LIMIT_REACHED tool_use - // The client will return an error when trying to execute a tool with marker input - resultStr := resultContent.String() - isSoftLimitError := strings.Contains(resultStr, "SOFT_LIMIT_REACHED") || - strings.Contains(resultStr, "_status") || - strings.Contains(resultStr, "truncated") || - strings.Contains(resultStr, "missing required") || - strings.Contains(resultStr, "invalid input") || - strings.Contains(resultStr, "Error writing file") - - if isError && isSoftLimitError { - // Replace error content with SOFT_LIMIT_REACHED guidance - log.Infof("kiro: detected SOFT_LIMIT_REACHED in tool_result for %s, replacing with guidance", toolUseID) - softLimitMsg := `SOFT_LIMIT_REACHED - -Your previous tool call was incomplete due to API output size limits. -The content was PARTIALLY transmitted but NOT executed. - -REQUIRED ACTION: -1. Split your content into smaller chunks (max 300 lines per call) -2. For file writes: Create file with first chunk, then use append for remaining -3. Do NOT regenerate content you already attempted - continue from where you stopped - -STATUS: This is NOT an error. Continue with smaller chunks.` - textContents = append(textContents, KiroTextContent{Text: softLimitMsg}) - // Mark as SUCCESS so Claude doesn't treat it as a failure - isError = false - } else if resultContent.IsArray() { - for _, item := range resultContent.Array() { - if item.Get("type").String() == "text" { - textContents = append(textContents, KiroTextContent{Text: item.Get("text").String()}) - } else if item.Type == gjson.String { - textContents = append(textContents, KiroTextContent{Text: item.String()}) - } - } - } else if resultContent.Type == gjson.String { - textContents = append(textContents, KiroTextContent{Text: resultContent.String()}) - } - - if len(textContents) == 0 { - textContents = append(textContents, KiroTextContent{Text: "Tool use was cancelled by the user"}) - } - - status := "success" - if isError { - status = "error" - } - - toolResults = append(toolResults, KiroToolResult{ - ToolUseID: toolUseID, - Content: textContents, - Status: status, - }) - } - } - } else { - contentBuilder.WriteString(content.String()) - } - - userMsg := KiroUserInputMessage{ - Content: contentBuilder.String(), - ModelID: modelID, - Origin: origin, - } - - if len(images) > 0 { - userMsg.Images = images - } - - return userMsg, toolResults -} - -// BuildAssistantMessageStruct builds an assistant message with tool uses -func BuildAssistantMessageStruct(msg gjson.Result) KiroAssistantResponseMessage { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolUses []KiroToolUse - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "tool_use": - toolUseID := part.Get("id").String() - toolName := part.Get("name").String() - toolInput := part.Get("input") - - var inputMap map[string]interface{} - if toolInput.IsObject() { - inputMap = make(map[string]interface{}) - toolInput.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - // Rename web_search → remote_web_search to match convertClaudeToolsToKiro - if toolName == "web_search" { - toolName = "remote_web_search" - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - } else { - contentBuilder.WriteString(content.String()) - } - - // CRITICAL FIX: Kiro API requires non-empty content for assistant messages - // This can happen with compaction requests where assistant messages have only tool_use - // (no text content). Without this fix, Kiro API returns "Improperly formed request" error. - finalContent := contentBuilder.String() - if strings.TrimSpace(finalContent) == "" { - if len(toolUses) > 0 { - finalContent = kirocommon.DefaultAssistantContentWithTools - } else { - finalContent = kirocommon.DefaultAssistantContent - } - log.Debugf("kiro: assistant content was empty, using default: %s", finalContent) - } - - return KiroAssistantResponseMessage{ - Content: finalContent, - ToolUses: toolUses, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_request_test.go deleted file mode 100644 index cfa3bbe5e9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_request_test.go +++ /dev/null @@ -1,363 +0,0 @@ -package claude - -import ( - "encoding/json" - "net/http" - "strings" - "testing" - - chatcompletions "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/claude/openai/chat-completions" - "github.com/tidwall/gjson" -) - -func TestBuildKiroPayload(t *testing.T) { - claudeBody := []byte(`{ - "model": "claude-3-sonnet", - "max_tokens": 1024, - "messages": [ - {"role": "user", "content": "hello"} - ], - "system": "be helpful" - }`) - - payload, thinking := BuildKiroPayload(claudeBody, "kiro-model", "arn:aws:kiro", "CLI", false, false, nil, nil) - if thinking { - t.Error("expected thinking to be false") - } - - var p KiroPayload - if err := json.Unmarshal(payload, &p); err != nil { - t.Fatalf("failed to unmarshal payload: %v", err) - } - - if p.ProfileArn != "arn:aws:kiro" { - t.Errorf("expected profileArn arn:aws:kiro, got %s", p.ProfileArn) - } - - if p.InferenceConfig.MaxTokens != 1024 { - t.Errorf("expected maxTokens 1024, got %d", p.InferenceConfig.MaxTokens) - } - - content := p.ConversationState.CurrentMessage.UserInputMessage.Content - if !strings.Contains(content, "hello") { - t.Errorf("expected content to contain 'hello', got %s", content) - } - if !strings.Contains(content, "be helpful") { - t.Errorf("expected content to contain system prompt 'be helpful', got %s", content) - } - - // Test agentic and chatOnly - payload2, _ := BuildKiroPayload(claudeBody, "kiro-model", "arn", "CLI", true, true, nil, nil) - if !strings.Contains(string(payload2), "CHUNKED WRITE PROTOCOL") { - t.Error("Agentic prompt not found in payload") - } -} - -func TestBuildKiroPayload_Thinking(t *testing.T) { - claudeBody := []byte(`{ - "model": "claude-3-sonnet", - "messages": [{"role": "user", "content": "hi"}], - "thinking": {"type": "enabled", "budget_tokens": 1000} - }`) - - payload, thinking := BuildKiroPayload(claudeBody, "kiro-model", "arn", "CLI", false, false, nil, nil) - if !thinking { - t.Error("expected thinking to be true") - } - - // json.Marshal escapes < and > by default - if !strings.Contains(string(payload), "thinking_mode") { - t.Error("expected thinking hint in payload") - } -} - -func TestBuildKiroPayload_ToolChoice(t *testing.T) { - claudeBody := []byte(`{ - "model": "claude-3-sonnet", - "messages": [{"role": "user", "content": "hi"}], - "tools": [{"name": "my_tool", "description": "desc", "input_schema": {"type": "object"}}], - "tool_choice": {"type": "tool", "name": "my_tool"} - }`) - - payload, _ := BuildKiroPayload(claudeBody, "kiro-model", "arn", "CLI", false, false, nil, nil) - if !strings.Contains(string(payload), "You MUST use the tool named 'my_tool'") { - t.Error("expected tool_choice hint in payload") - } -} - -func TestIsThinkingEnabledWithHeaders(t *testing.T) { - cases := []struct { - name string - body string - headers http.Header - want bool - }{ - {"None", `{}`, nil, false}, - {"Claude Enabled", `{"thinking": {"type": "enabled", "budget_tokens": 1000}}`, nil, true}, - {"Claude Disabled", `{"thinking": {"type": "disabled"}}`, nil, false}, - {"OpenAI", `{"reasoning_effort": "high"}`, nil, true}, - {"Cursor", `{"system": "interleaved"}`, nil, true}, - {"Header", `{}`, http.Header{"Anthropic-Beta": []string{"interleaved-thinking-2025-05-14"}}, true}, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - if got := IsThinkingEnabledWithHeaders([]byte(tc.body), tc.headers); got != tc.want { - t.Errorf("got %v, want %v", got, tc.want) - } - }) - } -} - -func TestConvertClaudeToolsToKiro(t *testing.T) { - tools := gjson.Parse(`[ - { - "name": "web_search", - "description": "search the web", - "input_schema": {"type": "object", "properties": {"query": {"type": "string"}}} - }, - { - "name": "long_name_" + strings.Repeat("a", 60), - "description": "", - "input_schema": {"type": "object"} - } - ]`) - - kiroTools := convertClaudeToolsToKiro(tools) - if len(kiroTools) != 2 { - t.Fatalf("expected 2 tools, got %d", len(kiroTools)) - } - - if kiroTools[0].ToolSpecification.Name != "remote_web_search" { - t.Errorf("expected remote_web_search, got %s", kiroTools[0].ToolSpecification.Name) - } - - if kiroTools[1].ToolSpecification.Description == "" { - t.Error("expected non-empty description for second tool") - } -} - -func TestConvertClaudeToolsToKiro_SkipsBuiltInWebSearchInMixedTools(t *testing.T) { - tools := gjson.Parse(`[ - { - "type": "web_search_20250305", - "name": "web_search", - "max_uses": 8 - }, - { - "name": "filesystem_read", - "description": "Read a file", - "input_schema": {"type": "object", "properties": {"path": {"type": "string"}}} - } - ]`) - - kiroTools := convertClaudeToolsToKiro(tools) - if len(kiroTools) != 1 { - t.Fatalf("expected 1 tool after skipping built-in web search, got %d", len(kiroTools)) - } - - if kiroTools[0].ToolSpecification.Name != "filesystem_read" { - t.Fatalf("expected filesystem_read tool, got %s", kiroTools[0].ToolSpecification.Name) - } -} - -func TestProcessMessages(t *testing.T) { - messages := gjson.Parse(`[ - {"role": "user", "content": "hello"}, - {"role": "assistant", "content": [{"type": "text", "text": "I can help."}, {"type": "tool_use", "id": "call_1", "name": "my_tool", "input": {"a": 1}}]}, - {"role": "user", "content": [{"type": "tool_result", "tool_use_id": "call_1", "content": "result 1"}]} - ]`) - - history, currentMsg, currentToolResults := processMessages(messages, "model-1", "CLI") - - // Pre-requisite: my history should have user and assistant message - if len(history) != 2 { - t.Fatalf("expected 2 history messages, got %d", len(history)) - } - - if history[0].UserInputMessage == nil { - t.Error("expected first history message to be user") - } - - if history[1].AssistantResponseMessage == nil { - t.Error("expected second history message to be assistant") - } - - if currentMsg == nil { - t.Fatal("expected currentMsg not to be nil") - } - - if len(currentToolResults) != 1 { - t.Errorf("expected 1 current tool result, got %d", len(currentToolResults)) - } - - if currentToolResults[0].ToolUseID != "call_1" { - t.Errorf("expected toolUseId call_1, got %s", currentToolResults[0].ToolUseID) - } -} - -func TestProcessMessages_Orphaned(t *testing.T) { - // Assistant message with tool_use is MISSING (simulating compaction) - messages := gjson.Parse(`[ - {"role": "user", "content": [{"type": "tool_result", "tool_use_id": "call_1", "content": "result 1"}]} - ]`) - - history, currentMsg, currentToolResults := processMessages(messages, "model-1", "CLI") - - if len(history) != 0 { - t.Errorf("expected 0 history messages, got %d", len(history)) - } - - if len(currentToolResults) != 0 { - t.Errorf("expected 0 current tool results (orphaned), got %d", len(currentToolResults)) - } - - if !strings.Contains(currentMsg.Content, "Tool results provided.") { - t.Errorf("expected default content, got %s", currentMsg.Content) - } -} - -func TestProcessMessages_StartingWithAssistant(t *testing.T) { - messages := gjson.Parse(`[ - {"role": "assistant", "content": "Hello"} - ]`) - - history, _, _ := processMessages(messages, "model-1", "CLI") - - // Should prepend a placeholder user message - if len(history) != 2 { - t.Fatalf("expected 2 history messages (placeholder user + assistant), got %d", len(history)) - } - - if history[0].UserInputMessage.Content != "." { - t.Errorf("expected placeholder user content '.', got %s", history[0].UserInputMessage.Content) - } -} - -func TestBuildUserMessageStruct_SoftLimit(t *testing.T) { - msg := gjson.Parse(`{ - "role": "user", - "content": [ - {"type": "tool_result", "tool_use_id": "call_1", "is_error": true, "content": "SOFT_LIMIT_REACHED error"} - ] - }`) - - _, results := BuildUserMessageStruct(msg, "model", "CLI") - if len(results) != 1 { - t.Fatalf("expected 1 tool result, got %d", len(results)) - } - - if results[0].Status != "success" { - t.Errorf("expected status success for soft limit error, got %s", results[0].Status) - } - - if !strings.Contains(results[0].Content[0].Text, "SOFT_LIMIT_REACHED") { - t.Errorf("expected content to contain SOFT_LIMIT_REACHED, got %s", results[0].Content[0].Text) - } -} - -func TestBuildAssistantMessageStruct(t *testing.T) { - // Simple text - msg1 := gjson.Parse(`{"role": "assistant", "content": "hello"}`) - res1 := BuildAssistantMessageStruct(msg1) - if res1.Content != "hello" { - t.Errorf("expected content hello, got %s", res1.Content) - } - - // Array content with tool use - msg2 := gjson.Parse(`{"role": "assistant", "content": [{"type": "text", "text": "using tool"}, {"type": "tool_use", "id": "c1", "name": "f1", "input": {"x": 1}}]}`) - res2 := BuildAssistantMessageStruct(msg2) - if res2.Content != "using tool" { - t.Errorf("expected content 'using tool', got %s", res2.Content) - } - if len(res2.ToolUses) != 1 || res2.ToolUses[0].Name != "f1" { - t.Errorf("expected tool call f1, got %v", res2.ToolUses) - } - - // Empty content with tool use - msg3 := gjson.Parse(`{"role": "assistant", "content": [{"type": "tool_use", "id": "c1", "name": "f1", "input": {"x": 1}}]}`) - res3 := BuildAssistantMessageStruct(msg3) - if res3.Content == "" { - t.Error("expected non-empty default content for assistant tool use") - } -} - -func TestShortenToolNameIfNeeded(t *testing.T) { - tests := []struct { - name string - expected string - }{ - {"short_name", "short_name"}, - {strings.Repeat("a", 65), strings.Repeat("a", 64)}, - {"mcp__server__long_tool_name_that_exceeds_sixty_four_characters_limit", "mcp__long_tool_name_that_exceeds_sixty_four_characters_limit"}, - {"mcp__" + strings.Repeat("a", 70), "mcp__" + strings.Repeat("a", 59)}, - } - for _, tt := range tests { - got := shortenToolNameIfNeeded(tt.name) - if got != tt.expected { - t.Errorf("shortenToolNameIfNeeded(%s) = %s, want %s", tt.name, got, tt.expected) - } - } -} - -func TestExtractClaudeToolChoiceHint(t *testing.T) { - tests := []struct { - body string - expected string - }{ - {`{"tool_choice": {"type": "any"}}`, "MUST use at least one"}, - {`{"tool_choice": {"type": "tool", "name": "t1"}}`, "MUST use the tool named 't1'"}, - {`{"tool_choice": {"type": "auto"}}`, ""}, - {`{}`, ""}, - } - for _, tt := range tests { - got := extractClaudeToolChoiceHint([]byte(tt.body)) - if tt.expected == "" { - if got != "" { - t.Errorf("extractClaudeToolChoiceHint(%s) = %s, want empty", tt.body, got) - } - } else if !strings.Contains(got, tt.expected) { - t.Errorf("extractClaudeToolChoiceHint(%s) = %s, want it to contain %s", tt.body, got, tt.expected) - } - } -} - -func TestBuildKiroPayload_OpenAICompatIssue145Payload(t *testing.T) { - openAIRequest := []byte(`{ - "model":"kiro-claude-haiku-4-5", - "messages":[ - {"role":"system","content":"Write next reply in a fictional chat."}, - {"role":"assistant","content":"嗨。今天过得怎么样?"}, - {"role":"user","content":"你好"} - ], - "max_tokens":2000, - "temperature":0.95, - "top_p":0.9 - }`) - - claudeReq := chatcompletions.ConvertOpenAIRequestToClaude("claude-haiku-4.5", openAIRequest, false) - payload, _ := BuildKiroPayload(claudeReq, "claude-haiku-4.5", "arn:aws:kiro", "CLI", false, false, nil, nil) - - var parsed KiroPayload - if err := json.Unmarshal(payload, &parsed); err != nil { - t.Fatalf("failed to unmarshal payload: %v", err) - } - - current := parsed.ConversationState.CurrentMessage.UserInputMessage.Content - if strings.TrimSpace(current) == "" { - t.Fatal("expected non-empty current message content") - } - if !strings.Contains(current, "你好") { - t.Fatalf("expected current content to include latest user input, got %q", current) - } - if len(parsed.ConversationState.History) == 0 { - t.Fatal("expected non-empty history") - } - first := parsed.ConversationState.History[0] - if first.UserInputMessage == nil { - t.Fatal("expected history to start with user message for Kiro compatibility") - } - if strings.TrimSpace(first.UserInputMessage.Content) == "" { - t.Fatal("expected first history user content to be non-empty") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_response.go deleted file mode 100644 index 2aa0a523ac..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_response.go +++ /dev/null @@ -1,230 +0,0 @@ -// Package claude provides response translation functionality for Kiro API to Claude format. -// This package handles the conversion of Kiro API responses into Claude-compatible format, -// including support for thinking blocks and tool use. -package claude - -import ( - "crypto/sha256" - "encoding/base64" - "encoding/json" - "strings" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" - - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common" -) - -// generateThinkingSignature generates a signature for thinking content. -// This is required by Claude API for thinking blocks in non-streaming responses. -// The signature is a base64-encoded hash of the thinking content. -func generateThinkingSignature(thinkingContent string) string { - if thinkingContent == "" { - return "" - } - // Generate a deterministic signature based on content hash - hash := sha256.Sum256([]byte(thinkingContent)) - return base64.StdEncoding.EncodeToString(hash[:]) -} - -// Local references to kirocommon constants for thinking block parsing -var ( - thinkingStartTag = kirocommon.ThinkingStartTag - thinkingEndTag = kirocommon.ThinkingEndTag -) - -// BuildClaudeResponse constructs a Claude-compatible response. -// Supports tool_use blocks when tools are present in the response. -// Supports thinking blocks - parses tags and converts to Claude thinking content blocks. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildClaudeResponse(content string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - var contentBlocks []map[string]interface{} - - // Extract thinking blocks and text from content - if content != "" { - blocks := ExtractThinkingFromContent(content) - contentBlocks = append(contentBlocks, blocks...) - - // Log if thinking blocks were extracted - for _, block := range blocks { - if block["type"] == "thinking" { - thinkingContent := block["thinking"].(string) - log.Infof("kiro: buildClaudeResponse extracted thinking block (len: %d)", len(thinkingContent)) - } - } - } - - // Add tool_use blocks - emit truncated tools with SOFT_LIMIT_REACHED marker - hasTruncatedTools := false - for _, toolUse := range toolUses { - if toolUse.IsTruncated && toolUse.TruncationInfo != nil { - // Emit tool_use with SOFT_LIMIT_REACHED marker input - hasTruncatedTools = true - log.Infof("kiro: buildClaudeResponse emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", toolUse.Name, toolUse.ToolUseID) - - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "tool_use", - "id": toolUse.ToolUseID, - "name": toolUse.Name, - "input": markerInput, - }) - } else { - // Normal tool use - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "tool_use", - "id": toolUse.ToolUseID, - "name": toolUse.Name, - "input": toolUse.Input, - }) - } - } - - // Log if we used SOFT_LIMIT_REACHED - if hasTruncatedTools { - log.Infof("kiro: buildClaudeResponse using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use") - } - - // Ensure at least one content block (Claude API requires non-empty content) - if len(contentBlocks) == 0 { - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": "", - }) - } - - // Use upstream stopReason; apply fallback logic if not provided - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - if stopReason == "" { - stopReason = "end_turn" - if len(toolUses) > 0 { - stopReason = "tool_use" - } - log.Debugf("kiro: buildClaudeResponse using fallback stop_reason: %s", stopReason) - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (buildClaudeResponse)") - } - - response := map[string]interface{}{ - "id": "msg_" + uuid.New().String()[:24], - "type": "message", - "role": "assistant", - "model": model, - "content": contentBlocks, - "stop_reason": stopReason, - "usage": map[string]interface{}{ - "input_tokens": usageInfo.InputTokens, - "output_tokens": usageInfo.OutputTokens, - }, - } - result, _ := json.Marshal(response) - return result -} - -// ExtractThinkingFromContent parses content to extract thinking blocks and text. -// Returns a list of content blocks in the order they appear in the content. -// Handles interleaved thinking and text blocks correctly. -func ExtractThinkingFromContent(content string) []map[string]interface{} { - var blocks []map[string]interface{} - - if content == "" { - return blocks - } - - // Check if content contains thinking tags at all - if !strings.Contains(content, thinkingStartTag) { - // No thinking tags, return as plain text - return []map[string]interface{}{ - { - "type": "text", - "text": content, - }, - } - } - - log.Debugf("kiro: extractThinkingFromContent - found thinking tags in content (len: %d)", len(content)) - - remaining := content - - for len(remaining) > 0 { - // Look for tag - startIdx := strings.Index(remaining, thinkingStartTag) - - if startIdx == -1 { - // No more thinking tags, add remaining as text - if strings.TrimSpace(remaining) != "" { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": remaining, - }) - } - break - } - - // Add text before thinking tag (if any meaningful content) - if startIdx > 0 { - textBefore := remaining[:startIdx] - if strings.TrimSpace(textBefore) != "" { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": textBefore, - }) - } - } - - // Move past the opening tag - remaining = remaining[startIdx+len(thinkingStartTag):] - - // Find closing tag - endIdx := strings.Index(remaining, thinkingEndTag) - - if endIdx == -1 { - // No closing tag found, treat rest as thinking content (incomplete response) - if strings.TrimSpace(remaining) != "" { - // Generate signature for thinking content (required by Claude API) - signature := generateThinkingSignature(remaining) - blocks = append(blocks, map[string]interface{}{ - "type": "thinking", - "thinking": remaining, - "signature": signature, - }) - log.Warnf("kiro: extractThinkingFromContent - missing closing tag") - } - break - } - - // Extract thinking content between tags - thinkContent := remaining[:endIdx] - if strings.TrimSpace(thinkContent) != "" { - // Generate signature for thinking content (required by Claude API) - signature := generateThinkingSignature(thinkContent) - blocks = append(blocks, map[string]interface{}{ - "type": "thinking", - "thinking": thinkContent, - "signature": signature, - }) - log.Debugf("kiro: extractThinkingFromContent - extracted thinking block (len: %d)", len(thinkContent)) - } - - // Move past the closing tag - remaining = remaining[endIdx+len(thinkingEndTag):] - } - - // If no blocks were created (all whitespace), return empty text block - if len(blocks) == 0 { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": "", - }) - } - - return blocks -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_response_test.go deleted file mode 100644 index 35ab421000..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_response_test.go +++ /dev/null @@ -1,115 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - "github.com/tidwall/gjson" -) - -func TestBuildClaudeResponse(t *testing.T) { - // Test basic response - got := BuildClaudeResponse("Hello", nil, "model-1", usage.Detail{InputTokens: 10, OutputTokens: 20}, "end_turn") - res := gjson.ParseBytes(got) - - if res.Get("content.0.text").String() != "Hello" { - t.Errorf("expected content Hello, got %s", res.Get("content.0.text").String()) - } - - if res.Get("usage.input_tokens").Int() != 10 { - t.Errorf("expected input tokens 10, got %d", res.Get("usage.input_tokens").Int()) - } -} - -func TestBuildClaudeResponse_ToolUse(t *testing.T) { - toolUses := []KiroToolUse{ - { - ToolUseID: "call_1", - Name: "my_tool", - Input: map[string]interface{}{"arg": 1}, - }, - } - - got := BuildClaudeResponse("", toolUses, "model-1", usage.Detail{}, "") - res := gjson.ParseBytes(got) - - content := res.Get("content").Array() - // Should have ONLY tool_use block if content is empty - if len(content) != 1 { - t.Fatalf("expected 1 content block, got %d", len(content)) - } - - if content[0].Get("type").String() != "tool_use" { - t.Errorf("expected tool_use block, got %s", content[0].Get("type").String()) - } -} - -func TestExtractThinkingFromContent(t *testing.T) { - content := "Before thought After" - blocks := ExtractThinkingFromContent(content) - - if len(blocks) != 3 { - t.Fatalf("expected 3 blocks, got %d", len(blocks)) - } - - if blocks[0]["type"] != "text" || blocks[0]["text"] != "Before " { - t.Errorf("first block mismatch: %v", blocks[0]) - } - - if blocks[1]["type"] != "thinking" || blocks[1]["thinking"] != "thought" { - t.Errorf("second block mismatch: %v", blocks[1]) - } - - if blocks[2]["type"] != "text" || blocks[2]["text"] != " After" { - t.Errorf("third block mismatch: %v", blocks[2]) - } -} - -func TestGenerateThinkingSignature(t *testing.T) { - s1 := generateThinkingSignature("test") - s2 := generateThinkingSignature("test") - if s1 == "" || s1 != s2 { - t.Errorf("expected deterministic non-empty signature, got %s, %s", s1, s2) - } - if generateThinkingSignature("") != "" { - t.Error("expected empty signature for empty content") - } -} - -func TestBuildClaudeResponse_Truncated(t *testing.T) { - toolUses := []KiroToolUse{ - { - ToolUseID: "c1", - Name: "f1", - IsTruncated: true, - TruncationInfo: &TruncationInfo{}, - }, - } - got := BuildClaudeResponse("", toolUses, "model", usage.Detail{}, "tool_use") - res := gjson.ParseBytes(got) - - content := res.Get("content").Array() - if len(content) != 1 { - t.Fatalf("expected 1 content block, got %d", len(content)) - } - - if content[0].Get("input._status").String() != "SOFT_LIMIT_REACHED" { - t.Errorf("expected SOFT_LIMIT_REACHED status, got %v", content[0].Get("input._status").String()) - } -} - -func TestExtractThinkingFromContent_Complex(t *testing.T) { - // Missing closing tag - content2 := "Incomplete" - blocks2 := ExtractThinkingFromContent(content2) - if len(blocks2) != 1 || blocks2[0]["type"] != "thinking" { - t.Errorf("expected 1 thinking block for missing closing tag, got %v", blocks2) - } - - // Multiple thinking blocks - content3 := "T1 and T2" - blocks3 := ExtractThinkingFromContent(content3) - if len(blocks3) != 3 { // T1, " and ", T2 - t.Errorf("expected 3 blocks for multiple thinking, got %d", len(blocks3)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_stream.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_stream.go deleted file mode 100644 index c86b6e023e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_stream.go +++ /dev/null @@ -1,306 +0,0 @@ -// Package claude provides streaming SSE event building for Claude format. -// This package handles the construction of Claude-compatible Server-Sent Events (SSE) -// for streaming responses from Kiro API. -package claude - -import ( - "encoding/json" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -// BuildClaudeMessageStartEvent creates the message_start SSE event -func BuildClaudeMessageStartEvent(model string, inputTokens int64) []byte { - event := map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": "msg_" + uuid.New().String()[:24], - "type": "message", - "role": "assistant", - "content": []interface{}{}, - "model": model, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{"input_tokens": inputTokens, "output_tokens": 0}, - }, - } - result, _ := json.Marshal(event) - return []byte("event: message_start\ndata: " + string(result)) -} - -// BuildClaudeContentBlockStartEvent creates a content_block_start SSE event -func BuildClaudeContentBlockStartEvent(index int, blockType, toolUseID, toolName string) []byte { - var contentBlock map[string]interface{} - switch blockType { - case "tool_use": - contentBlock = map[string]interface{}{ - "type": "tool_use", - "id": toolUseID, - "name": toolName, - "input": map[string]interface{}{}, - } - case "thinking": - contentBlock = map[string]interface{}{ - "type": "thinking", - "thinking": "", - } - default: - contentBlock = map[string]interface{}{ - "type": "text", - "text": "", - } - } - - event := map[string]interface{}{ - "type": "content_block_start", - "index": index, - "content_block": contentBlock, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_start\ndata: " + string(result)) -} - -// BuildClaudeStreamEvent creates a text_delta content_block_delta SSE event -func BuildClaudeStreamEvent(contentDelta string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "text_delta", - "text": contentDelta, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// BuildClaudeInputJsonDeltaEvent creates an input_json_delta event for tool use streaming -func BuildClaudeInputJsonDeltaEvent(partialJSON string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": partialJSON, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// BuildClaudeContentBlockStopEvent creates a content_block_stop SSE event -func BuildClaudeContentBlockStopEvent(index int) []byte { - event := map[string]interface{}{ - "type": "content_block_stop", - "index": index, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_stop\ndata: " + string(result)) -} - -// BuildClaudeThinkingBlockStopEvent creates a content_block_stop SSE event for thinking blocks. -func BuildClaudeThinkingBlockStopEvent(index int) []byte { - event := map[string]interface{}{ - "type": "content_block_stop", - "index": index, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_stop\ndata: " + string(result)) -} - -// BuildClaudeMessageDeltaEvent creates the message_delta event with stop_reason and usage -func BuildClaudeMessageDeltaEvent(stopReason string, usageInfo usage.Detail) []byte { - deltaEvent := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": stopReason, - "stop_sequence": nil, - }, - "usage": map[string]interface{}{ - "input_tokens": usageInfo.InputTokens, - "output_tokens": usageInfo.OutputTokens, - }, - } - deltaResult, _ := json.Marshal(deltaEvent) - return []byte("event: message_delta\ndata: " + string(deltaResult)) -} - -// BuildClaudeMessageStopOnlyEvent creates only the message_stop event -func BuildClaudeMessageStopOnlyEvent() []byte { - stopEvent := map[string]interface{}{ - "type": "message_stop", - } - stopResult, _ := json.Marshal(stopEvent) - return []byte("event: message_stop\ndata: " + string(stopResult)) -} - -// BuildClaudePingEventWithUsage creates a ping event with embedded usage information. -// This is used for real-time usage estimation during streaming. -func BuildClaudePingEventWithUsage(inputTokens, outputTokens int64) []byte { - event := map[string]interface{}{ - "type": "ping", - "usage": map[string]interface{}{ - "input_tokens": inputTokens, - "output_tokens": outputTokens, - "total_tokens": inputTokens + outputTokens, - "estimated": true, - }, - } - result, _ := json.Marshal(event) - return []byte("event: ping\ndata: " + string(result)) -} - -// BuildClaudeThinkingDeltaEvent creates a thinking_delta event for Claude API compatibility. -// This is used when streaming thinking content wrapped in tags. -func BuildClaudeThinkingDeltaEvent(thinkingDelta string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "thinking_delta", - "thinking": thinkingDelta, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// PendingTagSuffix detects if the buffer ends with a partial prefix of the given tag. -// Returns the length of the partial match (0 if no match). -// Based on amq2api implementation for handling cross-chunk tag boundaries. -func PendingTagSuffix(buffer, tag string) int { - if buffer == "" || tag == "" { - return 0 - } - maxLen := len(buffer) - if maxLen > len(tag)-1 { - maxLen = len(tag) - 1 - } - for length := maxLen; length > 0; length-- { - if len(buffer) >= length && buffer[len(buffer)-length:] == tag[:length] { - return length - } - } - return 0 -} - -// GenerateSearchIndicatorEvents generates ONLY the search indicator SSE events -// (server_tool_use + web_search_tool_result) without text summary or message termination. -// These events trigger Claude Code's search indicator UI. -// The caller is responsible for sending message_start before and message_delta/stop after. -func GenerateSearchIndicatorEvents( - query string, - toolUseID string, - searchResults *WebSearchResults, - startIndex int, -) [][]byte { - events := make([][]byte, 0, 5) - - // 1. content_block_start (server_tool_use) - event1 := map[string]interface{}{ - "type": "content_block_start", - "index": startIndex, - "content_block": map[string]interface{}{ - "id": toolUseID, - "type": "server_tool_use", - "name": "web_search", - "input": map[string]interface{}{}, - }, - } - data1, _ := json.Marshal(event1) - events = append(events, []byte("event: content_block_start\ndata: "+string(data1)+"\n\n")) - - // 2. content_block_delta (input_json_delta) - inputJSON, _ := json.Marshal(map[string]string{"query": query}) - event2 := map[string]interface{}{ - "type": "content_block_delta", - "index": startIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": string(inputJSON), - }, - } - data2, _ := json.Marshal(event2) - events = append(events, []byte("event: content_block_delta\ndata: "+string(data2)+"\n\n")) - - // 3. content_block_stop (server_tool_use) - event3 := map[string]interface{}{ - "type": "content_block_stop", - "index": startIndex, - } - data3, _ := json.Marshal(event3) - events = append(events, []byte("event: content_block_stop\ndata: "+string(data3)+"\n\n")) - - // 4. content_block_start (web_search_tool_result) - searchContent := make([]map[string]interface{}, 0) - if searchResults != nil { - for _, r := range searchResults.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - event4 := map[string]interface{}{ - "type": "content_block_start", - "index": startIndex + 1, - "content_block": map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": toolUseID, - "content": searchContent, - }, - } - data4, _ := json.Marshal(event4) - events = append(events, []byte("event: content_block_start\ndata: "+string(data4)+"\n\n")) - - // 5. content_block_stop (web_search_tool_result) - event5 := map[string]interface{}{ - "type": "content_block_stop", - "index": startIndex + 1, - } - data5, _ := json.Marshal(event5) - events = append(events, []byte("event: content_block_stop\ndata: "+string(data5)+"\n\n")) - - return events -} - -// BuildFallbackTextEvents generates SSE events for a fallback text response -// when the Kiro API fails during the search loop. Uses BuildClaude*Event() -// functions to align with streamToChannel patterns. -// Returns raw SSE byte slices ready to be sent to the client channel. -func BuildFallbackTextEvents(contentBlockIndex int, query string, results *WebSearchResults) [][]byte { - summary := FormatSearchContextPrompt(query, results) - outputTokens := len(summary) / 4 - if len(summary) > 0 && outputTokens == 0 { - outputTokens = 1 - } - - var events [][]byte - - // content_block_start (text) - events = append(events, BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "")) - - // content_block_delta (text_delta) - events = append(events, BuildClaudeStreamEvent(summary, contentBlockIndex)) - - // content_block_stop - events = append(events, BuildClaudeContentBlockStopEvent(contentBlockIndex)) - - // message_delta with end_turn - events = append(events, BuildClaudeMessageDeltaEvent("end_turn", usage.Detail{ - OutputTokens: int64(outputTokens), - })) - - // message_stop - events = append(events, BuildClaudeMessageStopOnlyEvent()) - - return events -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_stream_parser.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_stream_parser.go deleted file mode 100644 index 741e667f56..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_stream_parser.go +++ /dev/null @@ -1,338 +0,0 @@ -package claude - -import ( - "encoding/json" - "strings" - - log "github.com/sirupsen/logrus" -) - -// AdjustStreamIndices adjusts content block indices in SSE event data by adding an offset. -// It also suppresses duplicate message_start events (returns shouldForward=false). -// This is used to combine search indicator events (indices 0,1) with Kiro model response events. -// -// The data parameter is a single SSE "data:" line payload (JSON). -// Returns: adjusted data, shouldForward (false = skip this event). -func AdjustStreamIndices(data []byte, offset int) ([]byte, bool) { - if len(data) == 0 { - return data, true - } - - // Quick check: parse the JSON - var event map[string]interface{} - if err := json.Unmarshal(data, &event); err != nil { - // Not valid JSON, pass through - return data, true - } - - eventType, _ := event["type"].(string) - - // Suppress duplicate message_start events - if eventType == "message_start" { - return data, false - } - - // Adjust index for content_block events - switch eventType { - case "content_block_start", "content_block_delta", "content_block_stop": - if idx, ok := event["index"].(float64); ok { - event["index"] = int(idx) + offset - adjusted, err := json.Marshal(event) - if err != nil { - return data, true - } - return adjusted, true - } - } - - // Pass through all other events unchanged (message_delta, message_stop, ping, etc.) - return data, true -} - -// AdjustSSEChunk processes a raw SSE chunk (potentially containing multiple "event:/data:" pairs) -// and adjusts content block indices. Suppresses duplicate message_start events. -// Returns the adjusted chunk and whether it should be forwarded. -func AdjustSSEChunk(chunk []byte, offset int) ([]byte, bool) { - chunkStr := string(chunk) - - // Fast path: if no "data:" prefix, pass through - if !strings.Contains(chunkStr, "data: ") { - return chunk, true - } - - var result strings.Builder - hasContent := false - - lines := strings.Split(chunkStr, "\n") - for i := 0; i < len(lines); i++ { - line := lines[i] - - if strings.HasPrefix(line, "data: ") { - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - if dataPayload == "[DONE]" { - result.WriteString(line + "\n") - hasContent = true - continue - } - - adjusted, shouldForward := AdjustStreamIndices([]byte(dataPayload), offset) - if !shouldForward { - // Skip this event and its preceding "event:" line - // Also skip the trailing empty line - continue - } - - result.WriteString("data: " + string(adjusted) + "\n") - hasContent = true - } else if strings.HasPrefix(line, "event: ") { - // Check if the next data line will be suppressed - if i+1 < len(lines) && strings.HasPrefix(lines[i+1], "data: ") { - dataPayload := strings.TrimPrefix(lines[i+1], "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err == nil { - if eventType, ok := event["type"].(string); ok && eventType == "message_start" { - // Skip both the event: and data: lines - i++ // skip the data: line too - continue - } - } - } - result.WriteString(line + "\n") - hasContent = true - } else { - result.WriteString(line + "\n") - if strings.TrimSpace(line) != "" { - hasContent = true - } - } - } - - if !hasContent { - return nil, false - } - - return []byte(result.String()), true -} - -// BufferedStreamResult contains the analysis of buffered SSE chunks from a Kiro API response. -type BufferedStreamResult struct { - // StopReason is the detected stop_reason from the stream (e.g., "end_turn", "tool_use") - StopReason string - // WebSearchQuery is the extracted query if the model requested another web_search - WebSearchQuery string - // WebSearchToolUseId is the tool_use ID from the model's response (needed for toolResults) - WebSearchToolUseId string - // HasWebSearchToolUse indicates whether the model requested web_search - HasWebSearchToolUse bool - // WebSearchToolUseIndex is the content_block index of the web_search tool_use - WebSearchToolUseIndex int -} - -// AnalyzeBufferedStream scans buffered SSE chunks to detect stop_reason and web_search tool_use. -// This is used in the search loop to determine if the model wants another search round. -func AnalyzeBufferedStream(chunks [][]byte) BufferedStreamResult { - result := BufferedStreamResult{WebSearchToolUseIndex: -1} - - // Track tool use state across chunks - var currentToolName string - var currentToolIndex = -1 - var toolInputBuilder strings.Builder - - for _, chunk := range chunks { - chunkStr := string(chunk) - lines := strings.Split(chunkStr, "\n") - for _, line := range lines { - if !strings.HasPrefix(line, "data: ") { - continue - } - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - if dataPayload == "[DONE]" || dataPayload == "" { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err != nil { - continue - } - - eventType, _ := event["type"].(string) - - switch eventType { - case "message_delta": - // Extract stop_reason from message_delta - if delta, ok := event["delta"].(map[string]interface{}); ok { - if sr, ok := delta["stop_reason"].(string); ok && sr != "" { - result.StopReason = sr - } - } - - case "content_block_start": - // Detect tool_use content blocks - if cb, ok := event["content_block"].(map[string]interface{}); ok { - if cbType, ok := cb["type"].(string); ok && cbType == "tool_use" { - if name, ok := cb["name"].(string); ok { - currentToolName = strings.ToLower(name) - if idx, ok := event["index"].(float64); ok { - currentToolIndex = int(idx) - } - // Capture tool use ID for toolResults handshake - if id, ok := cb["id"].(string); ok { - result.WebSearchToolUseId = id - } - toolInputBuilder.Reset() - } - } - } - - case "content_block_delta": - // Accumulate tool input JSON - if currentToolName != "" { - if delta, ok := event["delta"].(map[string]interface{}); ok { - if deltaType, ok := delta["type"].(string); ok && deltaType == "input_json_delta" { - if partial, ok := delta["partial_json"].(string); ok { - toolInputBuilder.WriteString(partial) - } - } - } - } - - case "content_block_stop": - // Finalize tool use detection - if currentToolName == "web_search" || currentToolName == "websearch" || currentToolName == "remote_web_search" { - result.HasWebSearchToolUse = true - result.WebSearchToolUseIndex = currentToolIndex - // Extract query from accumulated input JSON - inputJSON := toolInputBuilder.String() - var input map[string]string - if err := json.Unmarshal([]byte(inputJSON), &input); err == nil { - if q, ok := input["query"]; ok { - result.WebSearchQuery = q - } - } - log.Debugf("kiro/websearch: detected web_search tool_use") - } - currentToolName = "" - currentToolIndex = -1 - toolInputBuilder.Reset() - } - } - } - - return result -} - -// FilterChunksForClient processes buffered SSE chunks and removes web_search tool_use -// content blocks. This prevents the client from seeing "Tool use" prompts for web_search -// when the proxy is handling the search loop internally. -// Also suppresses message_start and message_delta/message_stop events since those -// are managed by the outer handleWebSearchStream. -func FilterChunksForClient(chunks [][]byte, wsToolIndex int, indexOffset int) [][]byte { - var filtered [][]byte - - for _, chunk := range chunks { - chunkStr := string(chunk) - lines := strings.Split(chunkStr, "\n") - - var resultBuilder strings.Builder - hasContent := false - - for i := 0; i < len(lines); i++ { - line := lines[i] - - if strings.HasPrefix(line, "data: ") { - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - if dataPayload == "[DONE]" { - // Skip [DONE] — the outer loop manages stream termination - continue - } - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err != nil { - resultBuilder.WriteString(line + "\n") - hasContent = true - continue - } - - eventType, _ := event["type"].(string) - - // Skip message_start (outer loop sends its own) - if eventType == "message_start" { - continue - } - - // Skip message_delta and message_stop (outer loop manages these) - if eventType == "message_delta" || eventType == "message_stop" { - continue - } - - // Check if this event belongs to the web_search tool_use block - if wsToolIndex >= 0 { - if idx, ok := event["index"].(float64); ok && int(idx) == wsToolIndex { - // Skip events for the web_search tool_use block - continue - } - } - - // Apply index offset for remaining events - if indexOffset > 0 { - switch eventType { - case "content_block_start", "content_block_delta", "content_block_stop": - if idx, ok := event["index"].(float64); ok { - event["index"] = int(idx) + indexOffset - adjusted, err := json.Marshal(event) - if err == nil { - resultBuilder.WriteString("data: " + string(adjusted) + "\n") - hasContent = true - continue - } - } - } - } - - resultBuilder.WriteString(line + "\n") - hasContent = true - } else if strings.HasPrefix(line, "event: ") { - // Check if the next data line will be suppressed - if i+1 < len(lines) && strings.HasPrefix(lines[i+1], "data: ") { - nextData := strings.TrimPrefix(lines[i+1], "data: ") - nextData = strings.TrimSpace(nextData) - - var nextEvent map[string]interface{} - if err := json.Unmarshal([]byte(nextData), &nextEvent); err == nil { - nextType, _ := nextEvent["type"].(string) - if nextType == "message_start" || nextType == "message_delta" || nextType == "message_stop" { - i++ // skip the data line - continue - } - if wsToolIndex >= 0 { - if idx, ok := nextEvent["index"].(float64); ok && int(idx) == wsToolIndex { - i++ // skip the data line - continue - } - } - } - } - resultBuilder.WriteString(line + "\n") - hasContent = true - } else { - resultBuilder.WriteString(line + "\n") - if strings.TrimSpace(line) != "" { - hasContent = true - } - } - } - - if hasContent { - filtered = append(filtered, []byte(resultBuilder.String())) - } - } - - return filtered -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_tools.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_tools.go deleted file mode 100644 index ef7ccab2bd..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_tools.go +++ /dev/null @@ -1,544 +0,0 @@ -// Package claude provides tool calling support for Kiro to Claude translation. -// This package handles parsing embedded tool calls, JSON repair, and deduplication. -package claude - -import ( - "encoding/json" - "regexp" - "strings" - - "github.com/google/uuid" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common" - log "github.com/sirupsen/logrus" -) - -// ToolUseState tracks the state of an in-progress tool use during streaming. -type ToolUseState struct { - ToolUseID string - Name string - InputBuffer strings.Builder - IsComplete bool - TruncationInfo *TruncationInfo // Truncation detection result (set when complete) -} - -// Pre-compiled regex patterns for performance -var ( - // embeddedToolCallPattern matches [Called tool_name with args: {...}] format - embeddedToolCallPattern = regexp.MustCompile(`\[Called\s+([A-Za-z0-9_.-]+)\s+with\s+args:\s*`) - // trailingCommaPattern matches trailing commas before closing braces/brackets - trailingCommaPattern = regexp.MustCompile(`,\s*([}\]])`) -) - -// ParseEmbeddedToolCalls extracts [Called tool_name with args: {...}] format from text. -// Kiro sometimes embeds tool calls in text content instead of using toolUseEvent. -// Returns the cleaned text (with tool calls removed) and extracted tool uses. -func ParseEmbeddedToolCalls(text string, processedIDs map[string]bool) (string, []KiroToolUse) { - if !strings.Contains(text, "[Called") { - return text, nil - } - - var toolUses []KiroToolUse - cleanText := text - - // Find all [Called markers - matches := embeddedToolCallPattern.FindAllStringSubmatchIndex(text, -1) - if len(matches) == 0 { - return text, nil - } - - // Process matches in reverse order to maintain correct indices - for i := len(matches) - 1; i >= 0; i-- { - matchStart := matches[i][0] - toolNameStart := matches[i][2] - toolNameEnd := matches[i][3] - - if toolNameStart < 0 || toolNameEnd < 0 { - continue - } - - toolName := text[toolNameStart:toolNameEnd] - - // Find the JSON object start (after "with args:") - jsonStart := matches[i][1] - if jsonStart >= len(text) { - continue - } - - // Skip whitespace to find the opening brace - for jsonStart < len(text) && (text[jsonStart] == ' ' || text[jsonStart] == '\t') { - jsonStart++ - } - - if jsonStart >= len(text) || text[jsonStart] != '{' { - continue - } - - // Find matching closing bracket - jsonEnd := findMatchingBracket(text, jsonStart) - if jsonEnd < 0 { - continue - } - - // Extract JSON and find the closing bracket of [Called ...] - jsonStr := text[jsonStart : jsonEnd+1] - - // Find the closing ] after the JSON - closingBracket := jsonEnd + 1 - for closingBracket < len(text) && text[closingBracket] != ']' { - closingBracket++ - } - if closingBracket >= len(text) { - continue - } - - // End index of the full tool call (closing ']' inclusive) - matchEnd := closingBracket + 1 - - // Repair and parse JSON - repairedJSON := RepairJSON(jsonStr) - var inputMap map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &inputMap); err != nil { - log.Debugf("kiro: failed to parse embedded tool call JSON: %v, raw: %s", err, jsonStr) - continue - } - - // Generate unique tool ID - toolUseID := "toolu_" + uuid.New().String()[:12] - - // Check for duplicates using name+input as key - dedupeKey := toolName + ":" + repairedJSON - if processedIDs != nil { - if processedIDs[dedupeKey] { - log.Debugf("kiro: skipping duplicate embedded tool call: %s", toolName) - // Still remove from text even if duplicate - if matchStart >= 0 && matchEnd <= len(cleanText) && matchStart <= matchEnd { - cleanText = cleanText[:matchStart] + cleanText[matchEnd:] - } - continue - } - processedIDs[dedupeKey] = true - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - - log.Infof("kiro: extracted embedded tool call: %s (ID: %s)", toolName, toolUseID) - - // Remove from clean text (index-based removal to avoid deleting the wrong occurrence) - if matchStart >= 0 && matchEnd <= len(cleanText) && matchStart <= matchEnd { - cleanText = cleanText[:matchStart] + cleanText[matchEnd:] - } - } - - return cleanText, toolUses -} - -// findMatchingBracket finds the index of the closing brace/bracket that matches -// the opening one at startPos. Handles nested objects and strings correctly. -func findMatchingBracket(text string, startPos int) int { - if startPos >= len(text) { - return -1 - } - - openChar := text[startPos] - var closeChar byte - switch openChar { - case '{': - closeChar = '}' - case '[': - closeChar = ']' - default: - return -1 - } - - depth := 1 - inString := false - escapeNext := false - - for i := startPos + 1; i < len(text); i++ { - char := text[i] - - if escapeNext { - escapeNext = false - continue - } - - if char == '\\' && inString { - escapeNext = true - continue - } - - if char == '"' { - inString = !inString - continue - } - - if !inString { - switch char { - case openChar: - depth++ - case closeChar: - depth-- - if depth == 0 { - return i - } - } - } - } - - return -1 -} - -// RepairJSON attempts to fix common JSON issues that may occur in tool call arguments. -// Conservative repair strategy: -// 1. First try to parse JSON directly - if valid, return as-is -// 2. Only attempt repair if parsing fails -// 3. After repair, validate the result - if still invalid, return original -func RepairJSON(jsonString string) string { - // Handle empty or invalid input - if jsonString == "" { - return "{}" - } - - str := strings.TrimSpace(jsonString) - if str == "" { - return "{}" - } - - // CONSERVATIVE STRATEGY: First try to parse directly - var testParse interface{} - if err := json.Unmarshal([]byte(str), &testParse); err == nil { - log.Debugf("kiro: repairJSON - JSON is already valid, returning unchanged") - return str - } - - log.Debugf("kiro: repairJSON - JSON parse failed, attempting repair") - originalStr := str - - // First, escape unescaped newlines/tabs within JSON string values - str = escapeNewlinesInStrings(str) - // Remove trailing commas before closing braces/brackets - str = trailingCommaPattern.ReplaceAllString(str, "$1") - - // Calculate bracket balance - braceCount := 0 - bracketCount := 0 - inString := false - escape := false - lastValidIndex := -1 - - for i := 0; i < len(str); i++ { - char := str[i] - - if escape { - escape = false - continue - } - - if char == '\\' { - escape = true - continue - } - - if char == '"' { - inString = !inString - continue - } - - if inString { - continue - } - - switch char { - case '{': - braceCount++ - case '}': - braceCount-- - case '[': - bracketCount++ - case ']': - bracketCount-- - } - - if braceCount >= 0 && bracketCount >= 0 { - lastValidIndex = i - } - } - - // If brackets are unbalanced, try to repair - if braceCount > 0 || bracketCount > 0 { - if lastValidIndex > 0 && lastValidIndex < len(str)-1 { - truncated := str[:lastValidIndex+1] - // Recount brackets after truncation - braceCount = 0 - bracketCount = 0 - inString = false - escape = false - for i := 0; i < len(truncated); i++ { - char := truncated[i] - if escape { - escape = false - continue - } - if char == '\\' { - escape = true - continue - } - if char == '"' { - inString = !inString - continue - } - if inString { - continue - } - switch char { - case '{': - braceCount++ - case '}': - braceCount-- - case '[': - bracketCount++ - case ']': - bracketCount-- - } - } - str = truncated - } - - // Add missing closing brackets - for braceCount > 0 { - str += "}" - braceCount-- - } - for bracketCount > 0 { - str += "]" - bracketCount-- - } - } - - // Validate repaired JSON - if err := json.Unmarshal([]byte(str), &testParse); err != nil { - log.Warnf("kiro: repairJSON - repair failed to produce valid JSON, returning original") - return originalStr - } - - log.Debugf("kiro: repairJSON - successfully repaired JSON") - return str -} - -// escapeNewlinesInStrings escapes literal newlines, tabs, and other control characters -// that appear inside JSON string values. -func escapeNewlinesInStrings(raw string) string { - var result strings.Builder - result.Grow(len(raw) + 100) - - inString := false - escaped := false - - for i := 0; i < len(raw); i++ { - c := raw[i] - - if escaped { - result.WriteByte(c) - escaped = false - continue - } - - if c == '\\' && inString { - result.WriteByte(c) - escaped = true - continue - } - - if c == '"' { - inString = !inString - result.WriteByte(c) - continue - } - - if inString { - switch c { - case '\n': - result.WriteString("\\n") - case '\r': - result.WriteString("\\r") - case '\t': - result.WriteString("\\t") - default: - result.WriteByte(c) - } - } else { - result.WriteByte(c) - } - } - - return result.String() -} - -// ProcessToolUseEvent handles a toolUseEvent from the Kiro stream. -// It accumulates input fragments and emits tool_use blocks when complete. -// Returns events to emit and updated state. -func ProcessToolUseEvent(event map[string]interface{}, currentToolUse *ToolUseState, processedIDs map[string]bool) ([]KiroToolUse, *ToolUseState) { - var toolUses []KiroToolUse - - // Extract from nested toolUseEvent or direct format - tu := event - if nested, ok := event["toolUseEvent"].(map[string]interface{}); ok { - tu = nested - } - - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - isStop := false - if stop, ok := tu["stop"].(bool); ok { - isStop = stop - } - - // Get input - can be string (fragment) or object (complete) - var inputFragment string - var inputMap map[string]interface{} - - if inputRaw, ok := tu["input"]; ok { - switch v := inputRaw.(type) { - case string: - inputFragment = v - case map[string]interface{}: - inputMap = v - } - } - - // New tool use starting - if toolUseID != "" && toolName != "" { - if currentToolUse != nil && currentToolUse.ToolUseID != toolUseID { - log.Warnf("kiro: interleaved tool use detected - new ID %s arrived while %s in progress, completing previous", - toolUseID, currentToolUse.ToolUseID) - if !processedIDs[currentToolUse.ToolUseID] { - incomplete := KiroToolUse{ - ToolUseID: currentToolUse.ToolUseID, - Name: currentToolUse.Name, - } - if currentToolUse.InputBuffer.Len() > 0 { - raw := currentToolUse.InputBuffer.String() - repaired := RepairJSON(raw) - - var input map[string]interface{} - if err := json.Unmarshal([]byte(repaired), &input); err != nil { - log.Warnf("kiro: failed to parse interleaved tool input: %v, raw: %s", err, raw) - input = make(map[string]interface{}) - } - incomplete.Input = input - } - toolUses = append(toolUses, incomplete) - processedIDs[currentToolUse.ToolUseID] = true - } - currentToolUse = nil - } - - if currentToolUse == nil { - if processedIDs != nil && processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate toolUseEvent: %s", toolUseID) - return nil, nil - } - - currentToolUse = &ToolUseState{ - ToolUseID: toolUseID, - Name: toolName, - } - log.Infof("kiro: starting new tool use: %s (ID: %s)", toolName, toolUseID) - } - } - - // Accumulate input fragments - if currentToolUse != nil && inputFragment != "" { - currentToolUse.InputBuffer.WriteString(inputFragment) - log.Debugf("kiro: accumulated input fragment, total length: %d", currentToolUse.InputBuffer.Len()) - } - - // If complete input object provided directly - if currentToolUse != nil && inputMap != nil { - inputBytes, _ := json.Marshal(inputMap) - currentToolUse.InputBuffer.Reset() - currentToolUse.InputBuffer.Write(inputBytes) - } - - // Tool use complete - if isStop && currentToolUse != nil { - fullInput := currentToolUse.InputBuffer.String() - - // Repair and parse the accumulated JSON - repairedJSON := RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse accumulated tool input: %v, raw: %s", err, fullInput) - finalInput = make(map[string]interface{}) - } - - // Detect truncation for all tools - truncInfo := DetectTruncation(currentToolUse.Name, currentToolUse.ToolUseID, fullInput, finalInput) - if truncInfo.IsTruncated { - log.Warnf("kiro: TRUNCATION DETECTED for tool %s (ID: %s): type=%s, raw_size=%d bytes", - currentToolUse.Name, currentToolUse.ToolUseID, truncInfo.TruncationType, len(fullInput)) - log.Warnf("kiro: truncation details: %s", truncInfo.ErrorMessage) - if len(truncInfo.ParsedFields) > 0 { - log.Infof("kiro: partial fields received: %v", truncInfo.ParsedFields) - } - // Store truncation info in the state for upstream handling - currentToolUse.TruncationInfo = &truncInfo - } else { - log.Infof("kiro: tool use %s input length: %d bytes (no truncation)", currentToolUse.Name, len(fullInput)) - } - - // Create the tool use with truncation info if applicable - toolUse := KiroToolUse{ - ToolUseID: currentToolUse.ToolUseID, - Name: currentToolUse.Name, - Input: finalInput, - IsTruncated: truncInfo.IsTruncated, - TruncationInfo: nil, // Will be set below if truncated - } - if truncInfo.IsTruncated { - toolUse.TruncationInfo = &truncInfo - } - toolUses = append(toolUses, toolUse) - - if processedIDs != nil { - processedIDs[currentToolUse.ToolUseID] = true - } - - log.Infof("kiro: completed tool use: %s (ID: %s, truncated: %v)", currentToolUse.Name, currentToolUse.ToolUseID, truncInfo.IsTruncated) - return toolUses, nil - } - - return toolUses, currentToolUse -} - -// DeduplicateToolUses removes duplicate tool uses based on toolUseId and content. -func DeduplicateToolUses(toolUses []KiroToolUse) []KiroToolUse { - seenIDs := make(map[string]bool) - seenContent := make(map[string]bool) - var unique []KiroToolUse - - for _, tu := range toolUses { - if seenIDs[tu.ToolUseID] { - log.Debugf("kiro: removing ID-duplicate tool use: %s (name: %s)", tu.ToolUseID, tu.Name) - continue - } - - inputJSON, _ := json.Marshal(tu.Input) - contentKey := tu.Name + ":" + string(inputJSON) - - if seenContent[contentKey] { - log.Debugf("kiro: removing content-duplicate tool use: %s (id: %s)", tu.Name, tu.ToolUseID) - continue - } - - seenIDs[tu.ToolUseID] = true - seenContent[contentKey] = true - unique = append(unique, tu) - } - - return unique -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_tools_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_tools_test.go deleted file mode 100644 index bba370d4c5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_claude_tools_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package claude - -import "testing" - -func TestProcessToolUseEvent_PreservesBooleanFields(t *testing.T) { - processedIDs := map[string]bool{} - - event := map[string]interface{}{ - "toolUseEvent": map[string]interface{}{ - "toolUseId": "toolu_1", - "name": "sequentialthinking", - "input": map[string]interface{}{ - "thought": "step 1", - "nextThoughtNeeded": false, - }, - "stop": true, - }, - } - - toolUses, state := ProcessToolUseEvent(event, nil, processedIDs) - if state != nil { - t.Fatalf("expected nil state after stop event, got %+v", state) - } - if len(toolUses) != 1 { - t.Fatalf("expected 1 tool use, got %d", len(toolUses)) - } - - next, ok := toolUses[0].Input["nextThoughtNeeded"].(bool) - if !ok { - t.Fatalf("expected nextThoughtNeeded to be bool, got %#v", toolUses[0].Input["nextThoughtNeeded"]) - } - if next { - t.Fatalf("expected nextThoughtNeeded=false, got true") - } -} - -func TestProcessToolUseEvent_PreservesBooleanFieldsFromFragments(t *testing.T) { - processedIDs := map[string]bool{} - - start := map[string]interface{}{ - "toolUseEvent": map[string]interface{}{ - "toolUseId": "toolu_2", - "name": "sequentialthinking", - "input": "{\"thought\":\"step 1\",", - "stop": false, - }, - } - - _, state := ProcessToolUseEvent(start, nil, processedIDs) - if state == nil { - t.Fatalf("expected in-progress state after first fragment") - } - - stop := map[string]interface{}{ - "toolUseEvent": map[string]interface{}{ - "toolUseId": "toolu_2", - "name": "sequentialthinking", - "input": "\"nextThoughtNeeded\":false}", - "stop": true, - }, - } - - toolUses, state := ProcessToolUseEvent(stop, state, processedIDs) - if state != nil { - t.Fatalf("expected nil state after completion, got %+v", state) - } - if len(toolUses) != 1 { - t.Fatalf("expected 1 tool use, got %d", len(toolUses)) - } - - next, ok := toolUses[0].Input["nextThoughtNeeded"].(bool) - if !ok { - t.Fatalf("expected nextThoughtNeeded to be bool, got %#v", toolUses[0].Input["nextThoughtNeeded"]) - } - if next { - t.Fatalf("expected nextThoughtNeeded=false, got true") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_websearch.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_websearch.go deleted file mode 100644 index 6f45d24e08..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_websearch.go +++ /dev/null @@ -1,731 +0,0 @@ -// Package claude provides web search functionality for Kiro translator. -// This file implements detection, MCP request/response types, and pure data -// transformation utilities for web search. SSE event generation, stream analysis, -// and HTTP I/O logic reside in the executor package (kiro_executor.go). -package claude - -import ( - "encoding/json" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const maxInt = int(^uint(0) >> 1) - -// cachedToolDescription stores the dynamically-fetched web_search tool description. -// Written by the executor via SetWebSearchDescription, read by the translator -// when building the remote_web_search tool for Kiro API requests. -var cachedToolDescription atomic.Value // stores string - -// GetWebSearchDescription returns the cached web_search tool description, -// or empty string if not yet fetched. Lock-free via atomic.Value. -func GetWebSearchDescription() string { - if v := cachedToolDescription.Load(); v != nil { - return v.(string) - } - return "" -} - -// SetWebSearchDescription stores the dynamically-fetched web_search tool description. -// Called by the executor after fetching from MCP tools/list. -func SetWebSearchDescription(desc string) { - cachedToolDescription.Store(desc) -} - -// McpRequest represents a JSON-RPC 2.0 request to Kiro MCP API -type McpRequest struct { - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Method string `json:"method"` - Params McpParams `json:"params"` -} - -// McpParams represents MCP request parameters -type McpParams struct { - Name string `json:"name"` - Arguments McpArguments `json:"arguments"` -} - -// McpArgumentsMeta represents the _meta field in MCP arguments -type McpArgumentsMeta struct { - IsValid bool `json:"_isValid"` - ActivePath []string `json:"_activePath"` - CompletedPaths [][]string `json:"_completedPaths"` -} - -// McpArguments represents MCP request arguments -type McpArguments struct { - Query string `json:"query"` - Meta *McpArgumentsMeta `json:"_meta,omitempty"` -} - -// McpResponse represents a JSON-RPC 2.0 response from Kiro MCP API -type McpResponse struct { - Error *McpError `json:"error,omitempty"` - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Result *McpResult `json:"result,omitempty"` -} - -// McpError represents an MCP error -type McpError struct { - Code *int `json:"code,omitempty"` - Message *string `json:"message,omitempty"` -} - -// McpResult represents MCP result -type McpResult struct { - Content []McpContent `json:"content"` - IsError bool `json:"isError"` -} - -// McpContent represents MCP content item -type McpContent struct { - ContentType string `json:"type"` - Text string `json:"text"` -} - -// WebSearchResults represents parsed search results -type WebSearchResults struct { - Results []WebSearchResult `json:"results"` - TotalResults *int `json:"totalResults,omitempty"` - Query *string `json:"query,omitempty"` - Error *string `json:"error,omitempty"` -} - -// WebSearchResult represents a single search result -type WebSearchResult struct { - Title string `json:"title"` - URL string `json:"url"` - Snippet *string `json:"snippet,omitempty"` - PublishedDate *int64 `json:"publishedDate,omitempty"` - ID *string `json:"id,omitempty"` - Domain *string `json:"domain,omitempty"` - MaxVerbatimWordLimit *int `json:"maxVerbatimWordLimit,omitempty"` - PublicDomain *bool `json:"publicDomain,omitempty"` -} - -// HasWebSearchTool checks if the request contains ONLY a web_search tool. -// Returns true only if tools array has exactly one tool named "web_search". -// Only intercept pure web_search requests (single-tool array). -func HasWebSearchTool(body []byte) bool { - tools := gjson.GetBytes(body, "tools") - if !tools.IsArray() { - return false - } - - toolsArray := tools.Array() - if len(toolsArray) != 1 { - return false - } - - // Check if the single tool is web_search - tool := toolsArray[0] - - // Check both name and type fields for web_search detection - name := strings.ToLower(tool.Get("name").String()) - toolType := strings.ToLower(tool.Get("type").String()) - - return util.IsWebSearchTool(name, toolType) -} - -// ExtractSearchQuery extracts the search query from the request. -// Reads messages[0].content and removes "Perform a web search for the query: " prefix. -func ExtractSearchQuery(body []byte) string { - messages := gjson.GetBytes(body, "messages") - if !messages.IsArray() || len(messages.Array()) == 0 { - return "" - } - - firstMsg := messages.Array()[0] - content := firstMsg.Get("content") - - var text string - if content.IsArray() { - // Array format: [{"type": "text", "text": "..."}] - for _, block := range content.Array() { - if block.Get("type").String() == "text" { - text = block.Get("text").String() - break - } - } - } else { - // String format - text = content.String() - } - - // Remove prefix "Perform a web search for the query: " - const prefix = "Perform a web search for the query: " - text = strings.TrimPrefix(text, prefix) - - return strings.TrimSpace(text) -} - -// generateRandomID8 generates an 8-character random lowercase alphanumeric string -func generateRandomID8() string { - u := uuid.New() - return strings.ToLower(strings.ReplaceAll(u.String(), "-", "")[:8]) -} - -// CreateMcpRequest creates an MCP request for web search. -// Returns (toolUseID, McpRequest) -// ID format: web_search_tooluse_{22 random}_{timestamp_millis}_{8 random} -func CreateMcpRequest(query string) (string, *McpRequest) { - random22 := GenerateToolUseID() - timestamp := time.Now().UnixMilli() - random8 := generateRandomID8() - - requestID := fmt.Sprintf("web_search_tooluse_%s_%d_%s", random22, timestamp, random8) - - // tool_use_id format: srvtoolu_{32 hex chars} - toolUseID := "srvtoolu_" + strings.ReplaceAll(uuid.New().String(), "-", "")[:32] - - request := &McpRequest{ - ID: requestID, - JSONRPC: "2.0", - Method: "tools/call", - Params: McpParams{ - Name: "web_search", - Arguments: McpArguments{ - Query: query, - Meta: &McpArgumentsMeta{ - IsValid: true, - ActivePath: []string{"query"}, - CompletedPaths: [][]string{{"query"}}, - }, - }, - }, - } - - return toolUseID, request -} - -// GenerateToolUseID generates a Kiro-style tool use ID (base62-like UUID) -func GenerateToolUseID() string { - return strings.ReplaceAll(uuid.New().String(), "-", "")[:22] -} - -// ReplaceWebSearchToolDescription replaces the web_search tool description with -// a minimal version that allows re-search without the restrictive "do not search -// non-coding topics" instruction from the original Kiro tools/list response. -// This keeps the tool available so the model can request additional searches. -func ReplaceWebSearchToolDescription(body []byte) ([]byte, error) { - tools := gjson.GetBytes(body, "tools") - if !tools.IsArray() { - return body, nil - } - - var updated []json.RawMessage - for _, tool := range tools.Array() { - name := strings.ToLower(tool.Get("name").String()) - toolType := strings.ToLower(tool.Get("type").String()) - - if util.IsWebSearchTool(name, toolType) { - // Replace with a minimal web_search tool definition - minimalTool := map[string]interface{}{ - "name": "web_search", - "description": "Search the web for information. Use this when the previous search results are insufficient or when you need additional information on a different aspect of the query. Provide a refined or different search query.", - "input_schema": map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{ - "query": map[string]interface{}{ - "type": "string", - "description": "The search query to execute", - }, - }, - "required": []string{"query"}, - "additionalProperties": false, - }, - } - minimalJSON, err := json.Marshal(minimalTool) - if err != nil { - return body, fmt.Errorf("failed to marshal minimal tool: %w", err) - } - updated = append(updated, json.RawMessage(minimalJSON)) - } else { - updated = append(updated, json.RawMessage(tool.Raw)) - } - } - - updatedJSON, err := json.Marshal(updated) - if err != nil { - return body, fmt.Errorf("failed to marshal updated tools: %w", err) - } - result, err := sjson.SetRawBytes(body, "tools", updatedJSON) - if err != nil { - return body, fmt.Errorf("failed to set updated tools: %w", err) - } - - return result, nil -} - -// FormatSearchContextPrompt formats search results as a structured text block -// for injection into the system prompt. -func FormatSearchContextPrompt(query string, results *WebSearchResults) string { - var sb strings.Builder - fmt.Fprintf(&sb, "[Web Search Results for \"%s\"]\n", query) - - if results != nil && len(results.Results) > 0 { - for i, r := range results.Results { - fmt.Fprintf(&sb, "%d. %s - %s\n", i+1, r.Title, r.URL) - if r.Snippet != nil && *r.Snippet != "" { - snippet := *r.Snippet - if len(snippet) > 500 { - snippet = snippet[:500] + "..." - } - fmt.Fprintf(&sb, " %s\n", snippet) - } - } - } else { - sb.WriteString("No results found.\n") - } - - sb.WriteString("[End Web Search Results]") - return sb.String() -} - -// FormatToolResultText formats search results as JSON text for the toolResults content field. -// This matches the format observed in Kiro IDE HAR captures. -func FormatToolResultText(results *WebSearchResults) string { - if results == nil || len(results.Results) == 0 { - return "No search results found." - } - - text := fmt.Sprintf("Found %d search result(s):\n\n", len(results.Results)) - resultJSON, err := json.MarshalIndent(results.Results, "", " ") - if err != nil { - return text + "Error formatting results." - } - return text + string(resultJSON) -} - -// InjectToolResultsClaude modifies a Claude-format JSON payload to append -// tool_use (assistant) and tool_result (user) messages to the messages array. -// BuildKiroPayload correctly translates: -// - assistant tool_use → KiroAssistantResponseMessage.toolUses -// - user tool_result → KiroUserInputMessageContext.toolResults -// -// This produces the exact same GAR request format as the Kiro IDE (HAR captures). -// IMPORTANT: The web_search tool must remain in the "tools" array for this to work. -// Use ReplaceWebSearchToolDescription to keep the tool available with a minimal description. -func InjectToolResultsClaude(claudePayload []byte, toolUseId, query string, results *WebSearchResults) ([]byte, error) { - var payload map[string]interface{} - if err := json.Unmarshal(claudePayload, &payload); err != nil { - return claudePayload, fmt.Errorf("failed to parse claude payload: %w", err) - } - - messages, _ := payload["messages"].([]interface{}) - - // 1. Append assistant message with tool_use (matches HAR: assistantResponseMessage.toolUses) - assistantMsg := map[string]interface{}{ - "role": "assistant", - "content": []interface{}{ - map[string]interface{}{ - "type": "tool_use", - "id": toolUseId, - "name": "web_search", - "input": map[string]interface{}{"query": query}, - }, - }, - } - messages = append(messages, assistantMsg) - - // 2. Append user message with tool_result + search behavior instructions. - // NOTE: We embed search instructions HERE (not in system prompt) because - // BuildKiroPayload clears the system prompt when len(history) > 0, - // which is always true after injecting assistant + user messages. - now := time.Now() - searchGuidance := fmt.Sprintf(` -Current date: %s (%s) - -IMPORTANT: Evaluate the search results above carefully. If the results are: -- Mostly spam, SEO junk, or unrelated websites -- Missing actual information about the query topic -- Outdated or not matching the requested time frame - -Then you MUST use the web_search tool again with a refined query. Try: -- Rephrasing in English for better coverage -- Using more specific keywords -- Adding date context - -Do NOT apologize for bad results without first attempting a re-search. -`, now.Format("January 2, 2006"), now.Format("Monday")) - - userMsg := map[string]interface{}{ - "role": "user", - "content": []interface{}{ - map[string]interface{}{ - "type": "tool_result", - "tool_use_id": toolUseId, - "content": FormatToolResultText(results), - }, - map[string]interface{}{ - "type": "text", - "text": searchGuidance, - }, - }, - } - messages = append(messages, userMsg) - - payload["messages"] = messages - - result, err := json.Marshal(payload) - if err != nil { - return claudePayload, fmt.Errorf("failed to marshal updated payload: %w", err) - } - - log.Infof("kiro/websearch: injected tool_use+tool_result (toolUseId=%s, messages=%d)", - toolUseId, len(messages)) - - return result, nil -} - -// InjectSearchIndicatorsInResponse prepends server_tool_use + web_search_tool_result -// content blocks into a non-streaming Claude JSON response. Claude Code counts -// server_tool_use blocks to display "Did X searches in Ys". -// -// Input response: {"content": [{"type":"text","text":"..."}], ...} -// Output response: {"content": [{"type":"server_tool_use",...}, {"type":"web_search_tool_result",...}, {"type":"text","text":"..."}], ...} -func InjectSearchIndicatorsInResponse(responsePayload []byte, searches []SearchIndicator) ([]byte, error) { - if len(searches) == 0 { - return responsePayload, nil - } - - var resp map[string]interface{} - if err := json.Unmarshal(responsePayload, &resp); err != nil { - return responsePayload, fmt.Errorf("failed to parse response: %w", err) - } - - existingContent, _ := resp["content"].([]interface{}) - - // Build new content: search indicators first, then existing content - capacity, err := checkedSearchContentCapacity(len(searches), len(existingContent)) - if err != nil { - return responsePayload, err - } - newContent := make([]interface{}, 0, capacity) - - for _, s := range searches { - // server_tool_use block - newContent = append(newContent, map[string]interface{}{ - "type": "server_tool_use", - "id": s.ToolUseID, - "name": "web_search", - "input": map[string]interface{}{"query": s.Query}, - }) - - // web_search_tool_result block - searchContent := make([]map[string]interface{}, 0) - if s.Results != nil { - for _, r := range s.Results.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - newContent = append(newContent, map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": s.ToolUseID, - "content": searchContent, - }) - } - - // Append existing content blocks - newContent = append(newContent, existingContent...) - resp["content"] = newContent - - result, err := json.Marshal(resp) - if err != nil { - return responsePayload, fmt.Errorf("failed to marshal response: %w", err) - } - - log.Infof("kiro/websearch: injected %d search indicator(s) into non-stream response", len(searches)) - return result, nil -} - -func checkedSearchContentCapacity(searchCount, existingCount int) (int, error) { - if searchCount < 0 || existingCount < 0 { - return 0, fmt.Errorf("invalid negative content sizes: searches=%d existing=%d", searchCount, existingCount) - } - if searchCount > (maxInt-existingCount)/2 { - return 0, fmt.Errorf("search indicator content capacity overflow: searches=%d existing=%d", searchCount, existingCount) - } - return searchCount*2 + existingCount, nil -} - -// SearchIndicator holds the data for one search operation to inject into a response. -type SearchIndicator struct { - ToolUseID string - Query string - Results *WebSearchResults -} - -// BuildMcpEndpoint constructs the MCP endpoint URL for the given AWS region. -// Centralizes the URL pattern used by both handleWebSearch and handleWebSearchStream. -func BuildMcpEndpoint(region string) string { - return fmt.Sprintf("https://q.%s.amazonaws.com/mcp", region) -} - -// ParseSearchResults extracts WebSearchResults from MCP response -func ParseSearchResults(response *McpResponse) *WebSearchResults { - if response == nil || response.Result == nil || len(response.Result.Content) == 0 { - return nil - } - - content := response.Result.Content[0] - if content.ContentType != "text" { - return nil - } - - var results WebSearchResults - if err := json.Unmarshal([]byte(content.Text), &results); err != nil { - log.Warnf("kiro/websearch: failed to parse search results: %v", err) - return nil - } - - return &results -} - -// SseEvent represents a Server-Sent Event -type SseEvent struct { - Event string - Data interface{} -} - -// ToSSEString converts the event to SSE wire format -func (e *SseEvent) ToSSEString() string { - dataBytes, _ := json.Marshal(e.Data) - return fmt.Sprintf("event: %s\ndata: %s\n\n", e.Event, string(dataBytes)) -} - -// GenerateMessageID generates a unique message ID for Claude API -func GenerateMessageID() string { - return "msg_" + strings.ReplaceAll(uuid.New().String(), "-", "")[:24] -} - -// GenerateWebSearchEvents generates the 11-event SSE sequence for web search. -func GenerateWebSearchEvents( - model string, - query string, - toolUseID string, - searchResults *WebSearchResults, - inputTokens int, -) []SseEvent { - events := make([]SseEvent, 0, 15) - messageID := GenerateMessageID() - - // 1. message_start - events = append(events, SseEvent{ - Event: "message_start", - Data: map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": messageID, - "type": "message", - "role": "assistant", - "model": model, - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": inputTokens, - "output_tokens": 0, - "cache_creation_input_tokens": 0, - "cache_read_input_tokens": 0, - }, - }, - }, - }) - - // 2. content_block_start (server_tool_use) - events = append(events, SseEvent{ - Event: "content_block_start", - Data: map[string]interface{}{ - "type": "content_block_start", - "index": 0, - "content_block": map[string]interface{}{ - "id": toolUseID, - "type": "server_tool_use", - "name": "web_search", - "input": map[string]interface{}{}, - }, - }, - }) - - // 3. content_block_delta (input_json_delta) - inputJSON, _ := json.Marshal(map[string]string{"query": query}) - events = append(events, SseEvent{ - Event: "content_block_delta", - Data: map[string]interface{}{ - "type": "content_block_delta", - "index": 0, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": string(inputJSON), - }, - }, - }) - - // 4. content_block_stop (server_tool_use) - events = append(events, SseEvent{ - Event: "content_block_stop", - Data: map[string]interface{}{ - "type": "content_block_stop", - "index": 0, - }, - }) - - // 5. content_block_start (web_search_tool_result) - searchContent := make([]map[string]interface{}, 0) - if searchResults != nil { - for _, r := range searchResults.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - events = append(events, SseEvent{ - Event: "content_block_start", - Data: map[string]interface{}{ - "type": "content_block_start", - "index": 1, - "content_block": map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": toolUseID, - "content": searchContent, - }, - }, - }) - - // 6. content_block_stop (web_search_tool_result) - events = append(events, SseEvent{ - Event: "content_block_stop", - Data: map[string]interface{}{ - "type": "content_block_stop", - "index": 1, - }, - }) - - // 7. content_block_start (text) - events = append(events, SseEvent{ - Event: "content_block_start", - Data: map[string]interface{}{ - "type": "content_block_start", - "index": 2, - "content_block": map[string]interface{}{ - "type": "text", - "text": "", - }, - }, - }) - - // 8. content_block_delta (text_delta) - generate search summary - summary := generateSearchSummary(query, searchResults) - - // Split text into chunks for streaming effect - chunkSize := 100 - runes := []rune(summary) - for i := 0; i < len(runes); i += chunkSize { - end := i + chunkSize - if end > len(runes) { - end = len(runes) - } - chunk := string(runes[i:end]) - events = append(events, SseEvent{ - Event: "content_block_delta", - Data: map[string]interface{}{ - "type": "content_block_delta", - "index": 2, - "delta": map[string]interface{}{ - "type": "text_delta", - "text": chunk, - }, - }, - }) - } - - // 9. content_block_stop (text) - events = append(events, SseEvent{ - Event: "content_block_stop", - Data: map[string]interface{}{ - "type": "content_block_stop", - "index": 2, - }, - }) - - // 10. message_delta - outputTokens := (len(summary) + 3) / 4 // Simple estimation - events = append(events, SseEvent{ - Event: "message_delta", - Data: map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": "end_turn", - "stop_sequence": nil, - }, - "usage": map[string]interface{}{ - "output_tokens": outputTokens, - }, - }, - }) - - // 11. message_stop - events = append(events, SseEvent{ - Event: "message_stop", - Data: map[string]interface{}{ - "type": "message_stop", - }, - }) - - return events -} - -// generateSearchSummary generates a text summary of search results -func generateSearchSummary(query string, results *WebSearchResults) string { - var sb strings.Builder - fmt.Fprintf(&sb, "Here are the search results for \"%s\":\n\n", query) - - if results != nil && len(results.Results) > 0 { - for i, r := range results.Results { - fmt.Fprintf(&sb, "%d. **%s**\n", i+1, r.Title) - if r.Snippet != nil { - snippet := *r.Snippet - if len(snippet) > 200 { - snippet = snippet[:200] + "..." - } - fmt.Fprintf(&sb, " %s\n", snippet) - } - fmt.Fprintf(&sb, " Source: %s\n\n", r.URL) - } - } else { - sb.WriteString("No results found.\n") - } - - sb.WriteString("\nPlease note that these are web search results and may not be fully accurate or up-to-date.") - - return sb.String() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_websearch_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_websearch_test.go deleted file mode 100644 index 409734799a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/kiro_websearch_test.go +++ /dev/null @@ -1,114 +0,0 @@ -package claude - -import ( - "strings" - "testing" -) - -func TestHasWebSearchTool(t *testing.T) { - tests := []struct { - name string - body string - want bool - }{ - { - name: "pure web search", - body: `{"tools":[{"name":"web_search"}]}`, - want: true, - }, - { - name: "web search with type", - body: `{"tools":[{"type":"web_search_20250305"}]}`, - want: true, - }, - { - name: "web search with legacy type prefix", - body: `{"tools":[{"type":"web_search_202501"}]}`, - want: true, - }, - { - name: "web search with uppercase type", - body: `{"tools":[{"type":"WEB_SEARCH_20250305"}]}`, - want: true, - }, - { - name: "multiple tools", - body: `{"tools":[{"name":"web_search"},{"name":"other"}]}`, - want: false, - }, - { - name: "no web search", - body: `{"tools":[{"name":"other"}]}`, - want: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := HasWebSearchTool([]byte(tt.body)); got != tt.want { - t.Errorf("HasWebSearchTool() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestExtractSearchQuery(t *testing.T) { - body := `{"messages":[{"role":"user","content":"Perform a web search for the query: hello world"}]}` - got := ExtractSearchQuery([]byte(body)) - if got != "hello world" { - t.Errorf("got %q, want %q", got, "hello world") - } -} - -func TestFormatSearchContextPrompt(t *testing.T) { - snippet := "snippet" - results := &WebSearchResults{ - Results: []WebSearchResult{ - {Title: "title1", URL: "url1", Snippet: &snippet}, - }, - } - got := FormatSearchContextPrompt("query", results) - if !strings.Contains(got, "title1") || !strings.Contains(got, "url1") || !strings.Contains(got, "snippet") { - t.Errorf("unexpected prompt content: %s", got) - } -} - -func TestGenerateWebSearchEvents(t *testing.T) { - events := GenerateWebSearchEvents("model", "query", "id", nil, 10) - if len(events) < 11 { - t.Errorf("expected at least 11 events, got %d", len(events)) - } - - foundMessageStart := false - for _, e := range events { - if e.Event == "message_start" { - foundMessageStart = true - break - } - } - if !foundMessageStart { - t.Error("message_start event not found") - } -} - -func TestCheckedSearchContentCapacity(t *testing.T) { - t.Run("ok", func(t *testing.T) { - got, err := checkedSearchContentCapacity(3, 4) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != 10 { - t.Fatalf("expected 10, got %d", got) - } - }) - - t.Run("overflow", func(t *testing.T) { - _, err := checkedSearchContentCapacity(maxInt/2+1, 0) - if err == nil { - t.Fatal("expected overflow error, got nil") - } - if !strings.Contains(err.Error(), "overflow") { - t.Fatalf("expected overflow error, got: %v", err) - } - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/tool_compression.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/tool_compression.go deleted file mode 100644 index ed7658cbb5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/tool_compression.go +++ /dev/null @@ -1,191 +0,0 @@ -// Package claude provides tool compression functionality for Kiro translator. -// This file implements dynamic tool compression to reduce tool payload size -// when it exceeds the target threshold, preventing 500 errors from Kiro API. -package claude - -import ( - "encoding/json" - "unicode/utf8" - - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common" - log "github.com/sirupsen/logrus" -) - -// calculateToolsSize calculates the JSON serialized size of the tools list. -// Returns the size in bytes. -func calculateToolsSize(tools []KiroToolWrapper) int { - if len(tools) == 0 { - return 0 - } - data, err := json.Marshal(tools) - if err != nil { - log.Warnf("kiro: failed to marshal tools for size calculation: %v", err) - return 0 - } - return len(data) -} - -// simplifyInputSchema simplifies the input_schema by keeping only essential fields: -// type, enum, required. Recursively processes nested properties. -func simplifyInputSchema(schema interface{}) interface{} { - if schema == nil { - return nil - } - - schemaMap, ok := schema.(map[string]interface{}) - if !ok { - return schema - } - - simplified := make(map[string]interface{}) - - // Keep essential fields - if t, ok := schemaMap["type"]; ok { - simplified["type"] = t - } - if enum, ok := schemaMap["enum"]; ok { - simplified["enum"] = enum - } - if required, ok := schemaMap["required"]; ok { - simplified["required"] = required - } - - // Recursively process properties - if properties, ok := schemaMap["properties"].(map[string]interface{}); ok { - simplifiedProps := make(map[string]interface{}) - for key, value := range properties { - simplifiedProps[key] = simplifyInputSchema(value) - } - simplified["properties"] = simplifiedProps - } - - // Process items for array types - if items, ok := schemaMap["items"]; ok { - simplified["items"] = simplifyInputSchema(items) - } - - // Process additionalProperties if present - if additionalProps, ok := schemaMap["additionalProperties"]; ok { - simplified["additionalProperties"] = simplifyInputSchema(additionalProps) - } - - // Process anyOf, oneOf, allOf - for _, key := range []string{"anyOf", "oneOf", "allOf"} { - if arr, ok := schemaMap[key].([]interface{}); ok { - simplifiedArr := make([]interface{}, len(arr)) - for i, item := range arr { - simplifiedArr[i] = simplifyInputSchema(item) - } - simplified[key] = simplifiedArr - } - } - - return simplified -} - -// compressToolDescription compresses a description to the target length. -// Ensures the result is at least MinToolDescriptionLength characters. -// Uses UTF-8 safe truncation. -func compressToolDescription(description string, targetLength int) string { - if targetLength < kirocommon.MinToolDescriptionLength { - targetLength = kirocommon.MinToolDescriptionLength - } - - if len(description) <= targetLength { - return description - } - - // Find a safe truncation point (UTF-8 boundary) - truncLen := targetLength - 3 // Leave room for "..." - - // Ensure we don't cut in the middle of a UTF-8 character - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - - if truncLen <= 0 { - return description[:kirocommon.MinToolDescriptionLength] - } - - return description[:truncLen] + "..." -} - -// compressToolsIfNeeded compresses tools if their total size exceeds the target threshold. -// Compression strategy: -// 1. First, check if compression is needed (size > ToolCompressionTargetSize) -// 2. Step 1: Simplify input_schema (keep only type/enum/required) -// 3. Step 2: Proportionally compress descriptions (minimum MinToolDescriptionLength chars) -// Returns the compressed tools list. -func compressToolsIfNeeded(tools []KiroToolWrapper) []KiroToolWrapper { - if len(tools) == 0 { - return tools - } - - originalSize := calculateToolsSize(tools) - if originalSize <= kirocommon.ToolCompressionTargetSize { - log.Debugf("kiro: tools size %d bytes is within target %d bytes, no compression needed", - originalSize, kirocommon.ToolCompressionTargetSize) - return tools - } - - log.Infof("kiro: tools size %d bytes exceeds target %d bytes, starting compression", - originalSize, kirocommon.ToolCompressionTargetSize) - - // Create a copy of tools to avoid modifying the original - compressedTools := make([]KiroToolWrapper, len(tools)) - for i, tool := range tools { - compressedTools[i] = KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: tool.ToolSpecification.Name, - Description: tool.ToolSpecification.Description, - InputSchema: KiroInputSchema{JSON: tool.ToolSpecification.InputSchema.JSON}, - }, - } - } - - // Step 1: Simplify input_schema - for i := range compressedTools { - compressedTools[i].ToolSpecification.InputSchema.JSON = - simplifyInputSchema(compressedTools[i].ToolSpecification.InputSchema.JSON) - } - - sizeAfterSchemaSimplification := calculateToolsSize(compressedTools) - log.Debugf("kiro: size after schema simplification: %d bytes (reduced by %d bytes)", - sizeAfterSchemaSimplification, originalSize-sizeAfterSchemaSimplification) - - // Check if we're within target after schema simplification - if sizeAfterSchemaSimplification <= kirocommon.ToolCompressionTargetSize { - log.Infof("kiro: compression complete after schema simplification, final size: %d bytes", - sizeAfterSchemaSimplification) - return compressedTools - } - - // Step 2: Compress descriptions proportionally - sizeToReduce := float64(sizeAfterSchemaSimplification - kirocommon.ToolCompressionTargetSize) - var totalDescLen float64 - for _, tool := range compressedTools { - totalDescLen += float64(len(tool.ToolSpecification.Description)) - } - - if totalDescLen > 0 { - // Assume size reduction comes primarily from descriptions. - keepRatio := 1.0 - (sizeToReduce / totalDescLen) - if keepRatio > 1.0 { - keepRatio = 1.0 - } else if keepRatio < 0 { - keepRatio = 0 - } - - for i := range compressedTools { - desc := compressedTools[i].ToolSpecification.Description - targetLen := int(float64(len(desc)) * keepRatio) - compressedTools[i].ToolSpecification.Description = compressToolDescription(desc, targetLen) - } - } - - finalSize := calculateToolsSize(compressedTools) - log.Infof("kiro: compression complete, original: %d bytes, final: %d bytes (%.1f%% reduction)", - originalSize, finalSize, float64(originalSize-finalSize)/float64(originalSize)*100) - - return compressedTools -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/tool_compression_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/tool_compression_test.go deleted file mode 100644 index f40b6d2db2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/tool_compression_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package claude - -import ( - "strings" - "testing" -) - -func TestSimplifyInputSchema(t *testing.T) { - input := map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{ - "foo": map[string]interface{}{ - "type": "string", - "description": "extra info", - }, - }, - "required": []interface{}{"foo"}, - "extra": "discard me", - } - - simplified := simplifyInputSchema(input).(map[string]interface{}) - - if simplified["type"] != "object" { - t.Error("missing type") - } - if _, ok := simplified["extra"]; ok { - t.Error("extra field not discarded") - } - - props := simplified["properties"].(map[string]interface{}) - foo := props["foo"].(map[string]interface{}) - if foo["type"] != "string" { - t.Error("nested type missing") - } - if _, ok := foo["description"]; ok { - t.Error("nested description not discarded") - } -} - -func TestCompressToolDescription(t *testing.T) { - desc := "This is a very long tool description that should be compressed to a shorter version." - compressed := compressToolDescription(desc, 60) - - if !strings.HasSuffix(compressed, "...") { - t.Error("expected suffix ...") - } - if len(compressed) > 60 { - t.Errorf("expected length <= 60, got %d", len(compressed)) - } -} - -func TestCompressToolsIfNeeded(t *testing.T) { - tools := []KiroToolWrapper{ - { - ToolSpecification: KiroToolSpecification{ - Name: "t1", - Description: "d1", - InputSchema: KiroInputSchema{JSON: map[string]interface{}{"type": "object"}}, - }, - }, - } - - // No compression needed - result := compressToolsIfNeeded(tools) - if len(result) != 1 || result[0].ToolSpecification.Name != "t1" { - t.Error("unexpected result for no compression") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/truncation_detector.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/truncation_detector.go deleted file mode 100644 index e0a1c133f9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/truncation_detector.go +++ /dev/null @@ -1,526 +0,0 @@ -// Package claude provides truncation detection for Kiro tool call responses. -// When Kiro API reaches its output token limit, tool call JSON may be truncated, -// resulting in incomplete or unparseable input parameters. -package claude - -import ( - "encoding/json" - "strings" - - log "github.com/sirupsen/logrus" -) - -// TruncationInfo contains details about detected truncation in a tool use event. -type TruncationInfo struct { - IsTruncated bool // Whether truncation was detected - TruncationType string // Type of truncation detected - ToolName string // Name of the truncated tool - ToolUseID string // ID of the truncated tool use - RawInput string // The raw (possibly truncated) input string - ParsedFields map[string]string // Fields that were successfully parsed before truncation - ErrorMessage string // Human-readable error message -} - -// TruncationType constants for different truncation scenarios -const ( - TruncationTypeNone = "" // No truncation detected - TruncationTypeEmptyInput = "empty_input" // No input data received at all - TruncationTypeInvalidJSON = "invalid_json" // JSON is syntactically invalid (truncated mid-value) - TruncationTypeMissingFields = "missing_fields" // JSON parsed but critical fields are missing - TruncationTypeIncompleteString = "incomplete_string" // String value was cut off mid-content -) - -// KnownWriteTools lists tool names that typically write content and have a "content" field. -// These tools are checked for content field truncation specifically. -var KnownWriteTools = map[string]bool{ - "Write": true, - "write_to_file": true, - "fsWrite": true, - "create_file": true, - "edit_file": true, - "apply_diff": true, - "str_replace_editor": true, - "insert": true, -} - -// KnownCommandTools lists tool names that execute commands. -var KnownCommandTools = map[string]bool{ - "Bash": true, - "execute": true, - "run_command": true, - "shell": true, - "terminal": true, - "execute_python": true, -} - -// RequiredFieldsByTool maps tool names to their required fields. -// If any of these fields are missing, the tool input is considered truncated. -var RequiredFieldsByTool = map[string][]string{ - "Write": {"file_path", "content"}, - "write_to_file": {"path", "content"}, - "fsWrite": {"path", "content"}, - "create_file": {"path", "content"}, - "edit_file": {"path"}, - "apply_diff": {"path", "diff"}, - "str_replace_editor": {"path", "old_str", "new_str"}, - // Ampcode-compatible Bash tool uses "cmd", while other clients commonly use "command". - // Accept either key to avoid false truncation detection loops. - "Bash": {"command", "cmd"}, - "execute": {"command", "cmd"}, - "run_command": {"command", "cmd"}, -} - -// DetectTruncation checks if the tool use input appears to be truncated. -// It returns detailed information about the truncation status and type. -func DetectTruncation(toolName, toolUseID, rawInput string, parsedInput map[string]interface{}) TruncationInfo { - info := TruncationInfo{ - ToolName: toolName, - ToolUseID: toolUseID, - RawInput: rawInput, - ParsedFields: make(map[string]string), - } - - // Scenario 1: Empty input buffer - no data received at all - if strings.TrimSpace(rawInput) == "" { - info.IsTruncated = true - info.TruncationType = TruncationTypeEmptyInput - info.ErrorMessage = "Tool input was completely empty - API response may have been truncated before tool parameters were transmitted" - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): empty input buffer", - info.TruncationType, toolName, toolUseID) - return info - } - - // Scenario 2: JSON parse failure - syntactically invalid JSON - if len(parsedInput) == 0 { - // Check if the raw input looks like truncated JSON - if looksLikeTruncatedJSON(rawInput) { - info.IsTruncated = true - info.TruncationType = TruncationTypeInvalidJSON - info.ParsedFields = extractPartialFields(rawInput) - info.ErrorMessage = buildTruncationErrorMessage(toolName, info.TruncationType, info.ParsedFields, rawInput) - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): JSON parse failed, raw length=%d bytes", - info.TruncationType, toolName, toolUseID, len(rawInput)) - return info - } - } - - // Scenario 3: JSON parsed but critical fields are missing - if parsedInput != nil { - requiredFields, hasRequirements := RequiredFieldsByTool[toolName] - if hasRequirements { - missingFields := findMissingRequiredFields(parsedInput, requiredFields) - if len(missingFields) > 0 { - info.IsTruncated = true - info.TruncationType = TruncationTypeMissingFields - info.ParsedFields = extractParsedFieldNames(parsedInput) - info.ErrorMessage = buildMissingFieldsErrorMessage(toolName, missingFields, info.ParsedFields) - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): missing required fields: %v", - info.TruncationType, toolName, toolUseID, missingFields) - return info - } - } - - // Scenario 4: Check for incomplete string values (very short content for write tools) - if isWriteTool(toolName) { - if contentTruncation := detectContentTruncation(parsedInput, rawInput); contentTruncation != "" { - info.IsTruncated = true - info.TruncationType = TruncationTypeIncompleteString - info.ParsedFields = extractParsedFieldNames(parsedInput) - info.ErrorMessage = contentTruncation - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): %s", - info.TruncationType, toolName, toolUseID, contentTruncation) - return info - } - } - } - - // No truncation detected - info.IsTruncated = false - info.TruncationType = TruncationTypeNone - return info -} - -// looksLikeTruncatedJSON checks if the raw string appears to be truncated JSON. -func looksLikeTruncatedJSON(raw string) bool { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return false - } - - // Must start with { to be considered JSON - if !strings.HasPrefix(trimmed, "{") { - return false - } - - // Count brackets to detect imbalance - openBraces := strings.Count(trimmed, "{") - closeBraces := strings.Count(trimmed, "}") - openBrackets := strings.Count(trimmed, "[") - closeBrackets := strings.Count(trimmed, "]") - - // Bracket imbalance suggests truncation - if openBraces > closeBraces || openBrackets > closeBrackets { - return true - } - - // Check for obvious truncation patterns - // - Ends with a quote but no closing brace - // - Ends with a colon (mid key-value) - // - Ends with a comma (mid object/array) - lastChar := trimmed[len(trimmed)-1] - if lastChar != '}' && lastChar != ']' { - // Check if it's not a complete simple value - if lastChar == '"' || lastChar == ':' || lastChar == ',' { - return true - } - } - - // Check for unclosed strings (odd number of unescaped quotes) - inString := false - escaped := false - for i := 0; i < len(trimmed); i++ { - c := trimmed[i] - if escaped { - escaped = false - continue - } - if c == '\\' { - escaped = true - continue - } - if c == '"' { - inString = !inString - } - } - if inString { - return true // Unclosed string - } - - return false -} - -// extractPartialFields attempts to extract any field names from malformed JSON. -// This helps provide context about what was received before truncation. -func extractPartialFields(raw string) map[string]string { - fields := make(map[string]string) - - // Simple pattern matching for "key": "value" or "key": value patterns - // This works even with truncated JSON - trimmed := strings.TrimSpace(raw) - if !strings.HasPrefix(trimmed, "{") { - return fields - } - - // Remove opening brace - content := strings.TrimPrefix(trimmed, "{") - - // Split by comma (rough parsing) - parts := strings.Split(content, ",") - for _, part := range parts { - part = strings.TrimSpace(part) - if colonIdx := strings.Index(part, ":"); colonIdx > 0 { - key := strings.TrimSpace(part[:colonIdx]) - key = strings.Trim(key, `"'`) - value := strings.TrimSpace(part[colonIdx+1:]) - value = strings.Trim(value, `"'`) - - // Truncate long values for display - if len(value) > 50 { - value = value[:50] + "..." - } - fields[key] = value - } - } - - return fields -} - -// extractParsedFieldNames returns the field names from a successfully parsed map. -func extractParsedFieldNames(parsed map[string]interface{}) map[string]string { - fields := make(map[string]string) - for key, val := range parsed { - switch v := val.(type) { - case string: - if len(v) > 50 { - fields[key] = v[:50] + "..." - } else { - fields[key] = v - } - case nil: - fields[key] = "" - default: - // For complex types, just indicate presence - fields[key] = "" - } - } - return fields -} - -// findMissingRequiredFields checks which required fields are missing from the parsed input. -func findMissingRequiredFields(parsed map[string]interface{}, required []string) []string { - var missing []string - for _, field := range required { - if _, exists := parsed[field]; !exists { - missing = append(missing, field) - } - } - if len(required) == 2 && - ((required[0] == "command" && required[1] == "cmd") || - (required[0] == "cmd" && required[1] == "command")) && - len(missing) == 1 { - return nil - } - return missing -} - -// isWriteTool checks if the tool is a known write/file operation tool. -func isWriteTool(toolName string) bool { - return KnownWriteTools[toolName] -} - -// detectContentTruncation checks if the content field appears truncated for write tools. -func detectContentTruncation(parsed map[string]interface{}, rawInput string) string { - // Check for content field - content, hasContent := parsed["content"] - if !hasContent { - return "" - } - - contentStr, isString := content.(string) - if !isString { - return "" - } - - // Heuristic: if raw input is very large but content is suspiciously short, - // it might indicate truncation during JSON repair - if len(rawInput) > 1000 && len(contentStr) < 100 { - return "content field appears suspiciously short compared to raw input size" - } - - // Check for code blocks that appear to be cut off - if strings.Contains(contentStr, "```") { - openFences := strings.Count(contentStr, "```") - if openFences%2 != 0 { - return "content contains unclosed code fence (```) suggesting truncation" - } - } - - return "" -} - -// buildTruncationErrorMessage creates a human-readable error message for truncation. -func buildTruncationErrorMessage(toolName, truncationType string, parsedFields map[string]string, rawInput string) string { - var sb strings.Builder - sb.WriteString("Tool input was truncated by the API. ") - - switch truncationType { - case TruncationTypeEmptyInput: - sb.WriteString("No input data was received.") - case TruncationTypeInvalidJSON: - sb.WriteString("JSON was cut off mid-transmission. ") - if len(parsedFields) > 0 { - sb.WriteString("Partial fields received: ") - first := true - for k := range parsedFields { - if !first { - sb.WriteString(", ") - } - sb.WriteString(k) - first = false - } - } - case TruncationTypeMissingFields: - sb.WriteString("Required fields are missing from the input.") - case TruncationTypeIncompleteString: - sb.WriteString("Content appears to be shortened or incomplete.") - } - - sb.WriteString(" Received ") - sb.WriteString(string(rune(len(rawInput)))) - sb.WriteString(" bytes. Please retry with smaller content chunks.") - - return sb.String() -} - -// buildMissingFieldsErrorMessage creates an error message for missing required fields. -func buildMissingFieldsErrorMessage(toolName string, missingFields []string, parsedFields map[string]string) string { - var sb strings.Builder - sb.WriteString("Tool '") - sb.WriteString(toolName) - sb.WriteString("' is missing required fields: ") - sb.WriteString(strings.Join(missingFields, ", ")) - sb.WriteString(". Fields received: ") - - first := true - for k := range parsedFields { - if !first { - sb.WriteString(", ") - } - sb.WriteString(k) - first = false - } - - sb.WriteString(". This usually indicates the API response was truncated.") - return sb.String() -} - -// IsTruncated is a convenience function to check if a tool use appears truncated. -func IsTruncated(toolName, rawInput string, parsedInput map[string]interface{}) bool { - info := DetectTruncation(toolName, "", rawInput, parsedInput) - return info.IsTruncated -} - -// GetTruncationSummary returns a short summary string for logging. -func GetTruncationSummary(info TruncationInfo) string { - if !info.IsTruncated { - return "" - } - - result, _ := json.Marshal(map[string]interface{}{ - "tool": info.ToolName, - "type": info.TruncationType, - "parsed_fields": info.ParsedFields, - "raw_input_size": len(info.RawInput), - }) - return string(result) -} - -// SoftFailureMessage contains the message structure for a truncation soft failure. -// This is returned to Claude as a tool_result to guide retry behavior. -type SoftFailureMessage struct { - Status string // "incomplete" - not an error, just incomplete - Reason string // Why the tool call was incomplete - Guidance []string // Step-by-step retry instructions - Context string // Any context about what was received - MaxLineHint int // Suggested maximum lines per chunk -} - -// BuildSoftFailureMessage creates a structured message for Claude when truncation is detected. -// This follows the "soft failure" pattern: -// - For Claude: Clear explanation of what happened and how to fix -// - For User: Hidden or minimized (appears as normal processing) -// -// Key principle: "Conclusion First" -// 1. First state what happened (incomplete) -// 2. Then explain how to fix (chunked approach) -// 3. Provide specific guidance (line limits) -func BuildSoftFailureMessage(info TruncationInfo) SoftFailureMessage { - msg := SoftFailureMessage{ - Status: "incomplete", - MaxLineHint: 300, // Conservative default - } - - // Build reason based on truncation type - switch info.TruncationType { - case TruncationTypeEmptyInput: - msg.Reason = "Your tool call was too large and the input was completely lost during transmission." - msg.MaxLineHint = 200 - case TruncationTypeInvalidJSON: - msg.Reason = "Your tool call was truncated mid-transmission, resulting in incomplete JSON." - msg.MaxLineHint = 250 - case TruncationTypeMissingFields: - msg.Reason = "Your tool call was partially received but critical fields were cut off." - msg.MaxLineHint = 300 - case TruncationTypeIncompleteString: - msg.Reason = "Your tool call content was truncated - the full content did not arrive." - msg.MaxLineHint = 350 - default: - msg.Reason = "Your tool call was truncated by the API due to output size limits." - } - - // Build context from parsed fields - if len(info.ParsedFields) > 0 { - var parts []string - for k, v := range info.ParsedFields { - if len(v) > 30 { - v = v[:30] + "..." - } - parts = append(parts, k+"="+v) - } - msg.Context = "Received partial data: " + strings.Join(parts, ", ") - } - - // Build retry guidance - CRITICAL: Conclusion first approach - msg.Guidance = []string{ - "CONCLUSION: Split your output into smaller chunks and retry.", - "", - "REQUIRED APPROACH:", - "1. For file writes: Write in chunks of ~" + formatInt(msg.MaxLineHint) + " lines maximum", - "2. For new files: First create with initial chunk, then append remaining sections", - "3. For edits: Make surgical, targeted changes - avoid rewriting entire files", - "", - "EXAMPLE (writing a 600-line file):", - " - Step 1: Write lines 1-300 (create file)", - " - Step 2: Append lines 301-600 (extend file)", - "", - "DO NOT attempt to write the full content again in a single call.", - "The API has a hard output limit that cannot be bypassed.", - } - - return msg -} - -// formatInt converts an integer to string (helper to avoid strconv import) -func formatInt(n int) string { - if n == 0 { - return "0" - } - result := "" - for n > 0 { - result = string(rune('0'+n%10)) + result - n /= 10 - } - return result -} - -// BuildSoftFailureToolResult creates a tool_result content for Claude. -// This is what Claude will see when a tool call is truncated. -// Returns a string that should be used as the tool_result content. -func BuildSoftFailureToolResult(info TruncationInfo) string { - msg := BuildSoftFailureMessage(info) - - var sb strings.Builder - sb.WriteString("TOOL_CALL_INCOMPLETE\n") - sb.WriteString("status: ") - sb.WriteString(msg.Status) - sb.WriteString("\n") - sb.WriteString("reason: ") - sb.WriteString(msg.Reason) - sb.WriteString("\n") - - if msg.Context != "" { - sb.WriteString("context: ") - sb.WriteString(msg.Context) - sb.WriteString("\n") - } - - sb.WriteString("\n") - for _, line := range msg.Guidance { - if line != "" { - sb.WriteString(line) - sb.WriteString("\n") - } - } - - return sb.String() -} - -// CreateTruncationToolResult creates a KiroToolUse that represents a soft failure. -// Instead of returning the truncated tool_use, we return a tool with a special -// error result that guides Claude to retry with smaller chunks. -// -// This is the key mechanism for "soft failure": -// - stop_reason remains "tool_use" so Claude continues -// - The tool_result content explains the issue and how to fix it -// - Claude will read this and adjust its approach -func CreateTruncationToolResult(info TruncationInfo) KiroToolUse { - // We create a pseudo tool_use that represents the failed attempt - // The executor will convert this to a tool_result with the guidance message - return KiroToolUse{ - ToolUseID: info.ToolUseID, - Name: info.ToolName, - Input: nil, // No input since it was truncated - IsTruncated: true, - TruncationInfo: &info, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go deleted file mode 100644 index f4f36275fa..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package claude - -import ( - "strings" - "testing" -) - -func TestDetectTruncation(t *testing.T) { - // 1. Empty input - info1 := DetectTruncation("Write", "c1", "", nil) - if !info1.IsTruncated || info1.TruncationType != TruncationTypeEmptyInput { - t.Errorf("expected empty_input truncation, got %v", info1) - } - - // 2. Invalid JSON (truncated) - info2 := DetectTruncation("Write", "c1", `{"file_path": "test.txt", "content": "hello`, nil) - if !info2.IsTruncated || info2.TruncationType != TruncationTypeInvalidJSON { - t.Errorf("expected invalid_json truncation, got %v", info2) - } - if info2.ParsedFields["file_path"] != "test.txt" { - t.Errorf("expected partial field file_path=test.txt, got %v", info2.ParsedFields) - } - - // 3. Missing fields - parsed3 := map[string]interface{}{"file_path": "test.txt"} - info3 := DetectTruncation("Write", "c1", `{"file_path": "test.txt"}`, parsed3) - if !info3.IsTruncated || info3.TruncationType != TruncationTypeMissingFields { - t.Errorf("expected missing_fields truncation, got %v", info3) - } - - // 4. Incomplete string (write tool) - parsed4 := map[string]interface{}{"file_path": "test.txt", "content": "```go\nfunc main() {"} - info4 := DetectTruncation("Write", "c1", `{"file_path": "test.txt", "content": "`+"```"+`go\nfunc main() {"}`, parsed4) - if !info4.IsTruncated || info4.TruncationType != TruncationTypeIncompleteString { - t.Errorf("expected incomplete_string truncation, got %v", info4) - } - if !strings.Contains(info4.ErrorMessage, "unclosed code fence") { - t.Errorf("expected unclosed code fence error, got %s", info4.ErrorMessage) - } - - // 5. Success - parsed5 := map[string]interface{}{"file_path": "test.txt", "content": "hello"} - info5 := DetectTruncation("Write", "c1", `{"file_path": "test.txt", "content": "hello"}`, parsed5) - if info5.IsTruncated { - t.Errorf("expected no truncation, got %v", info5) - } - - // 6. Bash cmd alias compatibility (Ampcode) - parsed6 := map[string]interface{}{"cmd": "echo hello"} - info6 := DetectTruncation("Bash", "c2", `{"cmd":"echo hello"}`, parsed6) - if info6.IsTruncated { - t.Errorf("expected no truncation for Bash cmd alias, got %v", info6) - } - - // 7. execute cmd alias compatibility - parsed7 := map[string]interface{}{"cmd": "ls -la"} - info7 := DetectTruncation("execute", "c3", `{"cmd":"ls -la"}`, parsed7) - if info7.IsTruncated { - t.Errorf("expected no truncation for execute cmd alias, got %v", info7) - } - - // 8. run_command cmd alias compatibility - parsed8 := map[string]interface{}{"cmd": "pwd"} - info8 := DetectTruncation("run_command", "c4", `{"cmd":"pwd"}`, parsed8) - if info8.IsTruncated { - t.Errorf("expected no truncation for run_command cmd alias, got %v", info8) - } - - // 9. command tool still truncates when both command aliases are missing - parsed9 := map[string]interface{}{"path": "/tmp"} - info9 := DetectTruncation("execute", "c5", `{"path":"/tmp"}`, parsed9) - if !info9.IsTruncated || info9.TruncationType != TruncationTypeMissingFields { - t.Errorf("expected missing_fields truncation when command aliases are absent, got %v", info9) - } -} - -func TestBuildSoftFailureToolResult(t *testing.T) { - info := TruncationInfo{ - IsTruncated: true, - TruncationType: TruncationTypeInvalidJSON, - ToolName: "Write", - ToolUseID: "c1", - RawInput: `{"file_path": "test.txt", "content": "abc`, - ParsedFields: map[string]string{"file_path": "test.txt"}, - } - got := BuildSoftFailureToolResult(info) - if !strings.Contains(got, "TOOL_CALL_INCOMPLETE") { - t.Error("expected TOOL_CALL_INCOMPLETE header") - } - if !strings.Contains(got, "file_path=test.txt") { - t.Error("expected partial context in message") - } - if !strings.Contains(got, "Split your output into smaller chunks") { - t.Error("expected retry guidance") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/constants.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/constants.go deleted file mode 100644 index 3016947cf2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/constants.go +++ /dev/null @@ -1,103 +0,0 @@ -// Package common provides shared constants and utilities for Kiro translator. -package common - -const ( - // KiroMaxToolDescLen is the maximum description length for Kiro API tools. - // Kiro API limit is 10240 bytes, leave room for "..." - KiroMaxToolDescLen = 10237 - - // ToolCompressionTargetSize is the target total size for compressed tools (20KB). - // If tools exceed this size, compression will be applied. - ToolCompressionTargetSize = 20 * 1024 // 20KB - - // MinToolDescriptionLength is the minimum description length after compression. - // Descriptions will not be shortened below this length. - MinToolDescriptionLength = 50 - - // ThinkingStartTag is the start tag for thinking blocks in responses. - ThinkingStartTag = "" - - // ThinkingEndTag is the end tag for thinking blocks in responses. - ThinkingEndTag = "" - - // CodeFenceMarker is the markdown code fence marker. - CodeFenceMarker = "```" - - // AltCodeFenceMarker is the alternative markdown code fence marker. - AltCodeFenceMarker = "~~~" - - // InlineCodeMarker is the markdown inline code marker (backtick). - InlineCodeMarker = "`" - - // DefaultAssistantContentWithTools is the fallback content for assistant messages - // that have tool_use but no text content. Kiro API requires non-empty content. - // IMPORTANT: Use a minimal neutral string that the model won't mimic in responses. - // Previously "I'll help you with that." which caused the model to parrot it back. - DefaultAssistantContentWithTools = "." - - // DefaultAssistantContent is the fallback content for assistant messages - // that have no content at all. Kiro API requires non-empty content. - // IMPORTANT: Use a minimal neutral string that the model won't mimic in responses. - // Previously "I understand." which could leak into model behavior. - DefaultAssistantContent = "." - - // DefaultUserContentWithToolResults is the fallback content for user messages - // that have only tool_result (no text). Kiro API requires non-empty content. - DefaultUserContentWithToolResults = "Tool results provided." - - // DefaultUserContent is the fallback content for user messages - // that have no content at all. Kiro API requires non-empty content. - DefaultUserContent = "Continue" - - // KiroAgenticSystemPrompt is injected only for -agentic models to prevent timeouts on large writes. - // AWS Kiro API has a 2-3 minute timeout for large file write operations. - KiroAgenticSystemPrompt = ` -# CRITICAL: CHUNKED WRITE PROTOCOL (MANDATORY) - -You MUST follow these rules for ALL file operations. Violation causes server timeouts and task failure. - -## ABSOLUTE LIMITS -- **MAXIMUM 350 LINES** per single write/edit operation - NO EXCEPTIONS -- **RECOMMENDED 300 LINES** or less for optimal performance -- **NEVER** write entire files in one operation if >300 lines - -## MANDATORY CHUNKED WRITE STRATEGY - -### For NEW FILES (>300 lines total): -1. FIRST: Write initial chunk (first 250-300 lines) using write_to_file/fsWrite -2. THEN: Append remaining content in 250-300 line chunks using file append operations -3. REPEAT: Continue appending until complete - -### For EDITING EXISTING FILES: -1. Use surgical edits (apply_diff/targeted edits) - change ONLY what's needed -2. NEVER rewrite entire files - use incremental modifications -3. Split large refactors into multiple small, focused edits - -### For LARGE CODE GENERATION: -1. Generate in logical sections (imports, types, functions separately) -2. Write each section as a separate operation -3. Use append operations for subsequent sections - -## EXAMPLES OF CORRECT BEHAVIOR - -✅ CORRECT: Writing a 600-line file -- Operation 1: Write lines 1-300 (initial file creation) -- Operation 2: Append lines 301-600 - -✅ CORRECT: Editing multiple functions -- Operation 1: Edit function A -- Operation 2: Edit function B -- Operation 3: Edit function C - -❌ WRONG: Writing 500 lines in single operation → TIMEOUT -❌ WRONG: Rewriting entire file to change 5 lines → TIMEOUT -❌ WRONG: Generating massive code blocks without chunking → TIMEOUT - -## WHY THIS MATTERS -- Server has 2-3 minute timeout for operations -- Large writes exceed timeout and FAIL completely -- Chunked writes are FASTER and more RELIABLE -- Failed writes waste time and require retry - -REMEMBER: When in doubt, write LESS per operation. Multiple small operations > one large operation.` -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/message_merge.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/message_merge.go deleted file mode 100644 index a4bd1bcf96..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/message_merge.go +++ /dev/null @@ -1,172 +0,0 @@ -// Package common provides shared utilities for Kiro translators. -package common - -import ( - "encoding/json" - - "github.com/tidwall/gjson" -) - -// MergeAdjacentMessages merges adjacent messages with the same role. -// This reduces API call complexity and improves compatibility. -// Based on AIClient-2-API implementation. -// NOTE: Tool messages are NOT merged because each has a unique tool_call_id that must be preserved. -func MergeAdjacentMessages(messages []gjson.Result) []gjson.Result { - if len(messages) <= 1 { - return messages - } - - var merged []gjson.Result - for _, msg := range messages { - if len(merged) == 0 { - merged = append(merged, msg) - continue - } - - lastMsg := merged[len(merged)-1] - currentRole := msg.Get("role").String() - lastRole := lastMsg.Get("role").String() - - // Don't merge tool messages - each has a unique tool_call_id - if currentRole == "tool" || lastRole == "tool" { - merged = append(merged, msg) - continue - } - - if currentRole == lastRole { - // Merge content from current message into last message - mergedContent := mergeMessageContent(lastMsg, msg) - var mergedToolCalls []interface{} - if currentRole == "assistant" { - // Preserve assistant tool_calls when adjacent assistant messages are merged. - mergedToolCalls = mergeToolCalls(lastMsg.Get("tool_calls"), msg.Get("tool_calls")) - } - - // Create a new merged message JSON. - mergedMsg := createMergedMessage(lastRole, mergedContent, mergedToolCalls) - merged[len(merged)-1] = gjson.Parse(mergedMsg) - } else { - merged = append(merged, msg) - } - } - - return merged -} - -// mergeMessageContent merges the content of two messages with the same role. -// Handles both string content and array content (with text, tool_use, tool_result blocks). -func mergeMessageContent(msg1, msg2 gjson.Result) string { - content1 := msg1.Get("content") - content2 := msg2.Get("content") - - // Extract content blocks from both messages - var blocks1, blocks2 []map[string]interface{} - - if content1.IsArray() { - for _, block := range content1.Array() { - blocks1 = append(blocks1, blockToMap(block)) - } - } else if content1.Type == gjson.String { - blocks1 = append(blocks1, map[string]interface{}{ - "type": "text", - "text": content1.String(), - }) - } - - if content2.IsArray() { - for _, block := range content2.Array() { - blocks2 = append(blocks2, blockToMap(block)) - } - } else if content2.Type == gjson.String { - blocks2 = append(blocks2, map[string]interface{}{ - "type": "text", - "text": content2.String(), - }) - } - - // Merge text blocks if both end/start with text - if len(blocks1) > 0 && len(blocks2) > 0 { - if blocks1[len(blocks1)-1]["type"] == "text" && blocks2[0]["type"] == "text" { - // Merge the last text block of msg1 with the first text block of msg2 - text1 := blocks1[len(blocks1)-1]["text"].(string) - text2 := blocks2[0]["text"].(string) - blocks1[len(blocks1)-1]["text"] = text1 + "\n" + text2 - blocks2 = blocks2[1:] // Remove the merged block from blocks2 - } - } - - // Combine all blocks - allBlocks := append(blocks1, blocks2...) - - // Convert to JSON - result, _ := json.Marshal(allBlocks) - return string(result) -} - -// blockToMap converts a gjson.Result block to a map[string]interface{} -func blockToMap(block gjson.Result) map[string]interface{} { - result := make(map[string]interface{}) - block.ForEach(func(key, value gjson.Result) bool { - if value.IsObject() { - result[key.String()] = blockToMap(value) - } else if value.IsArray() { - var arr []interface{} - for _, item := range value.Array() { - if item.IsObject() { - arr = append(arr, blockToMap(item)) - } else { - arr = append(arr, item.Value()) - } - } - result[key.String()] = arr - } else { - result[key.String()] = value.Value() - } - return true - }) - return result -} - -// createMergedMessage creates a JSON string for a merged message. -// toolCalls is optional and only emitted for assistant role. -func createMergedMessage(role string, content string, toolCalls []interface{}) string { - msg := map[string]interface{}{ - "role": role, - "content": json.RawMessage(content), - } - if role == "assistant" && len(toolCalls) > 0 { - msg["tool_calls"] = toolCalls - } - result, _ := json.Marshal(msg) - return string(result) -} - -// mergeToolCalls combines tool_calls from two assistant messages while preserving order. -func mergeToolCalls(tc1, tc2 gjson.Result) []interface{} { - var merged []interface{} - seenIDs := map[string]struct{}{} - - if tc1.IsArray() { - for _, tc := range tc1.Array() { - id := tc.Get("id").String() - if id != "" { - seenIDs[id] = struct{}{} - } - merged = append(merged, tc.Value()) - } - } - if tc2.IsArray() { - for _, tc := range tc2.Array() { - id := tc.Get("id").String() - if id != "" { - if _, exists := seenIDs[id]; exists { - continue - } - seenIDs[id] = struct{}{} - } - merged = append(merged, tc.Value()) - } - } - - return merged -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/message_merge_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/message_merge_test.go deleted file mode 100644 index b2b8712ae0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/message_merge_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package common - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func parseMessages(t *testing.T, raw string) []gjson.Result { - t.Helper() - parsed := gjson.Parse(raw) - if !parsed.IsArray() { - t.Fatalf("expected JSON array, got: %s", raw) - } - return parsed.Array() -} - -func TestMergeAdjacentMessages_AssistantMergePreservesToolCalls(t *testing.T) { - messages := parseMessages(t, `[ - {"role":"assistant","content":"part1"}, - { - "role":"assistant", - "content":"part2", - "tool_calls":[ - { - "id":"call_1", - "type":"function", - "function":{"name":"Read","arguments":"{}"} - } - ] - }, - {"role":"tool","tool_call_id":"call_1","content":"ok"} - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 2 { - t.Fatalf("expected 2 messages after merge, got %d", len(merged)) - } - - assistant := merged[0] - if assistant.Get("role").String() != "assistant" { - t.Fatalf("expected first message role assistant, got %q", assistant.Get("role").String()) - } - - toolCalls := assistant.Get("tool_calls") - if !toolCalls.IsArray() || len(toolCalls.Array()) != 1 { - t.Fatalf("expected assistant.tool_calls length 1, got: %s", toolCalls.Raw) - } - if toolCalls.Array()[0].Get("id").String() != "call_1" { - t.Fatalf("expected tool call id call_1, got %q", toolCalls.Array()[0].Get("id").String()) - } - - contentRaw := assistant.Get("content").Raw - if !strings.Contains(contentRaw, "part1") || !strings.Contains(contentRaw, "part2") { - t.Fatalf("expected merged content to contain both parts, got: %s", contentRaw) - } - - if merged[1].Get("role").String() != "tool" { - t.Fatalf("expected second message role tool, got %q", merged[1].Get("role").String()) - } -} - -func TestMergeAdjacentMessages_AssistantMergeCombinesMultipleToolCalls(t *testing.T) { - messages := parseMessages(t, `[ - { - "role":"assistant", - "content":"first", - "tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"Read","arguments":"{}"}} - ] - }, - { - "role":"assistant", - "content":"second", - "tool_calls":[ - {"id":"call_2","type":"function","function":{"name":"Write","arguments":"{}"}} - ] - } - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 1 { - t.Fatalf("expected 1 message after merge, got %d", len(merged)) - } - - toolCalls := merged[0].Get("tool_calls").Array() - if len(toolCalls) != 2 { - t.Fatalf("expected 2 merged tool calls, got %d", len(toolCalls)) - } - if toolCalls[0].Get("id").String() != "call_1" || toolCalls[1].Get("id").String() != "call_2" { - t.Fatalf("unexpected merged tool call ids: %q, %q", toolCalls[0].Get("id").String(), toolCalls[1].Get("id").String()) - } -} - -func TestMergeAdjacentMessages_AssistantMergeDeduplicatesToolCallIDs(t *testing.T) { - messages := parseMessages(t, `[ - { - "role":"assistant", - "content":"first", - "tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"Read","arguments":"{}"}} - ] - }, - { - "role":"assistant", - "content":"second", - "tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"Read","arguments":"{}"}}, - {"id":"call_2","type":"function","function":{"name":"Write","arguments":"{}"}} - ] - } - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 1 { - t.Fatalf("expected 1 message after merge, got %d", len(merged)) - } - - toolCalls := merged[0].Get("tool_calls").Array() - if len(toolCalls) != 2 { - t.Fatalf("expected duplicate tool_call id to be removed, got %d tool calls", len(toolCalls)) - } - if toolCalls[0].Get("id").String() != "call_1" || toolCalls[1].Get("id").String() != "call_2" { - t.Fatalf("unexpected merged tool call ids: %q, %q", toolCalls[0].Get("id").String(), toolCalls[1].Get("id").String()) - } -} - -func TestMergeAdjacentMessages_ToolMessagesRemainUnmerged(t *testing.T) { - messages := parseMessages(t, `[ - {"role":"tool","tool_call_id":"call_1","content":"r1"}, - {"role":"tool","tool_call_id":"call_2","content":"r2"} - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 2 { - t.Fatalf("expected tool messages to remain separate, got %d", len(merged)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/utils.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/utils.go deleted file mode 100644 index 4c7c734085..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/common/utils.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package common provides shared constants and utilities for Kiro translator. -package common - -// GetString safely extracts a string from a map. -// Returns empty string if the key doesn't exist or the value is not a string. -func GetString(m map[string]interface{}, key string) string { - if v, ok := m[key].(string); ok { - return v - } - return "" -} - -// GetStringValue is an alias for GetString for backward compatibility. -func GetStringValue(m map[string]interface{}, key string) string { - return GetString(m, key) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/init.go deleted file mode 100644 index 00ae0b5075..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package openai provides translation between constant.OpenAI Chat Completions and constant.Kiro formats. -package openai - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenAI, // source format - constant.Kiro, // target format - ConvertOpenAIRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToOpenAI, - NonStream: ConvertKiroNonStreamToOpenAI, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai.go deleted file mode 100644 index 519bee1abb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai.go +++ /dev/null @@ -1,370 +0,0 @@ -// Package openai provides translation between OpenAI Chat Completions and Kiro formats. -// This package enables direct OpenAI → Kiro translation, bypassing the Claude intermediate layer. -// -// The Kiro executor generates Claude-compatible SSE format internally, so the streaming response -// translation converts from Claude SSE format to OpenAI SSE format. -package openai - -import ( - "bytes" - "context" - "encoding/json" - "strings" - - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// ConvertKiroStreamToOpenAI converts Kiro streaming response to OpenAI format. -// The Kiro executor emits Claude-compatible SSE events, so this function translates -// from Claude SSE format to OpenAI SSE format. -// -// Claude SSE format: -// - event: message_start\ndata: {...} -// - event: content_block_start\ndata: {...} -// - event: content_block_delta\ndata: {...} -// - event: content_block_stop\ndata: {...} -// - event: message_delta\ndata: {...} -// - event: message_stop\ndata: {...} -// -// OpenAI SSE format: -// - data: {"id":"...","object":"chat.completion.chunk",...} -// - data: [DONE] -func ConvertKiroStreamToOpenAI(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) []string { - // Initialize state if needed - if *param == nil { - *param = NewOpenAIStreamState(model) - } - state := (*param).(*OpenAIStreamState) - - // Parse the Claude SSE event - responseStr := string(rawResponse) - - // Handle raw event format (event: xxx\ndata: {...}) - var eventType string - var eventData string - - if strings.HasPrefix(responseStr, "event:") { - // Parse event type and data - lines := strings.SplitN(responseStr, "\n", 2) - if len(lines) >= 1 { - eventType = strings.TrimSpace(strings.TrimPrefix(lines[0], "event:")) - } - if len(lines) >= 2 && strings.HasPrefix(lines[1], "data:") { - eventData = strings.TrimSpace(strings.TrimPrefix(lines[1], "data:")) - } - } else if strings.HasPrefix(responseStr, "data:") { - // Just data line - eventData = strings.TrimSpace(strings.TrimPrefix(responseStr, "data:")) - } else { - // Try to parse as raw JSON - eventData = strings.TrimSpace(responseStr) - } - - if eventData == "" { - return []string{} - } - - // Parse the event data as JSON - eventJSON := gjson.Parse(eventData) - if !eventJSON.Exists() { - return []string{} - } - - // Determine event type from JSON if not already set - if eventType == "" { - eventType = eventJSON.Get("type").String() - } - - var results []string - - switch eventType { - case "message_start": - // Send first chunk with role - firstChunk := BuildOpenAISSEFirstChunk(state) - results = append(results, firstChunk) - - case "content_block_start": - // Check block type - blockType := eventJSON.Get("content_block.type").String() - switch blockType { - case "text": - // Text block starting - nothing to emit yet - case "thinking": - // Thinking block starting - nothing to emit yet for OpenAI - case "tool_use": - // Tool use block starting - toolUseID := eventJSON.Get("content_block.id").String() - toolName := eventJSON.Get("content_block.name").String() - chunk := BuildOpenAISSEToolCallStart(state, toolUseID, toolName) - results = append(results, chunk) - state.ToolCallIndex++ - } - - case "content_block_delta": - deltaType := eventJSON.Get("delta.type").String() - switch deltaType { - case "text_delta": - textDelta := eventJSON.Get("delta.text").String() - if textDelta != "" { - chunk := BuildOpenAISSETextDelta(state, textDelta) - results = append(results, chunk) - } - case "thinking_delta": - // Convert thinking to reasoning_content for o1-style compatibility - thinkingDelta := eventJSON.Get("delta.thinking").String() - if thinkingDelta != "" { - chunk := BuildOpenAISSEReasoningDelta(state, thinkingDelta) - results = append(results, chunk) - } - case "input_json_delta": - // Tool call arguments delta - partialJSON := eventJSON.Get("delta.partial_json").String() - if partialJSON != "" { - // Get the tool index from content block index - blockIndex := int(eventJSON.Get("index").Int()) - chunk := BuildOpenAISSEToolCallArgumentsDelta(state, partialJSON, blockIndex-1) // Adjust for 0-based tool index - results = append(results, chunk) - } - } - - case "content_block_stop": - // Content block ended - nothing to emit for OpenAI - - case "message_delta": - // Message delta with stop_reason - stopReason := eventJSON.Get("delta.stop_reason").String() - finishReason := mapKiroStopReasonToOpenAI(stopReason) - if finishReason != "" { - chunk := BuildOpenAISSEFinish(state, finishReason) - results = append(results, chunk) - } - - // Extract usage if present - if eventJSON.Get("usage").Exists() { - inputTokens := eventJSON.Get("usage.input_tokens").Int() - outputTokens := eventJSON.Get("usage.output_tokens").Int() - usageInfo := usage.Detail{ - InputTokens: inputTokens, - OutputTokens: outputTokens, - TotalTokens: inputTokens + outputTokens, - } - chunk := BuildOpenAISSEUsage(state, usageInfo) - results = append(results, chunk) - } - - case "message_stop": - // Final event - do NOT emit [DONE] here - // The handler layer (openai_handlers.go) will send [DONE] when the stream closes - // Emitting [DONE] here would cause duplicate [DONE] markers - - case "ping": - // Ping event with usage - optionally emit usage chunk - if eventJSON.Get("usage").Exists() { - inputTokens := eventJSON.Get("usage.input_tokens").Int() - outputTokens := eventJSON.Get("usage.output_tokens").Int() - usageInfo := usage.Detail{ - InputTokens: inputTokens, - OutputTokens: outputTokens, - TotalTokens: inputTokens + outputTokens, - } - chunk := BuildOpenAISSEUsage(state, usageInfo) - results = append(results, chunk) - } - } - - return results -} - -// ConvertKiroNonStreamToOpenAI converts Kiro non-streaming response to OpenAI format. -// The Kiro executor returns Claude-compatible JSON responses, so this function translates -// from Claude format to OpenAI format. -func ConvertKiroNonStreamToOpenAI(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) string { - // Parse the Claude-format response - response := gjson.ParseBytes(rawResponse) - - // Extract content - var content string - var reasoningContent string - var toolUses []KiroToolUse - - // Get stop_reason - stopReason := response.Get("stop_reason").String() - - // Process content blocks - contentBlocks := response.Get("content") - if contentBlocks.IsArray() { - for _, block := range contentBlocks.Array() { - blockType := block.Get("type").String() - switch blockType { - case "text": - content += block.Get("text").String() - case "thinking": - // Convert thinking blocks to reasoning_content for OpenAI format - reasoningContent += block.Get("thinking").String() - case "tool_use": - toolUseID := block.Get("id").String() - toolName := block.Get("name").String() - toolInput := block.Get("input") - - var inputMap map[string]interface{} - if toolInput.IsObject() { - inputMap = make(map[string]interface{}) - toolInput.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - } - - // Extract usage - usageInfo := usage.Detail{ - InputTokens: response.Get("usage.input_tokens").Int(), - OutputTokens: response.Get("usage.output_tokens").Int(), - } - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - // Build OpenAI response with reasoning_content support - openaiResponse := BuildOpenAIResponseWithReasoning(content, reasoningContent, toolUses, model, usageInfo, stopReason) - return string(openaiResponse) -} - -// ParseClaudeEvent parses a Claude SSE event and returns the event type and data -func ParseClaudeEvent(rawEvent []byte) (eventType string, eventData []byte) { - lines := bytes.Split(rawEvent, []byte("\n")) - for _, line := range lines { - line = bytes.TrimSpace(line) - if bytes.HasPrefix(line, []byte("event:")) { - eventType = string(bytes.TrimSpace(bytes.TrimPrefix(line, []byte("event:")))) - } else if bytes.HasPrefix(line, []byte("data:")) { - eventData = bytes.TrimSpace(bytes.TrimPrefix(line, []byte("data:"))) - } - } - return eventType, eventData -} - -// ExtractThinkingFromContent parses content to extract thinking blocks. -// Returns cleaned content (without thinking tags) and whether thinking was found. -func ExtractThinkingFromContent(content string) (string, string, bool) { - if !strings.Contains(content, kirocommon.ThinkingStartTag) { - return content, "", false - } - - var cleanedContent strings.Builder - var thinkingContent strings.Builder - hasThinking := false - remaining := content - - for len(remaining) > 0 { - startIdx := strings.Index(remaining, kirocommon.ThinkingStartTag) - if startIdx == -1 { - cleanedContent.WriteString(remaining) - break - } - - // Add content before thinking tag - cleanedContent.WriteString(remaining[:startIdx]) - - // Move past opening tag - remaining = remaining[startIdx+len(kirocommon.ThinkingStartTag):] - - // Find closing tag - endIdx := strings.Index(remaining, kirocommon.ThinkingEndTag) - if endIdx == -1 { - // No closing tag - treat rest as thinking - thinkingContent.WriteString(remaining) - hasThinking = true - break - } - - // Extract thinking content - thinkingContent.WriteString(remaining[:endIdx]) - hasThinking = true - remaining = remaining[endIdx+len(kirocommon.ThinkingEndTag):] - } - - return strings.TrimSpace(cleanedContent.String()), strings.TrimSpace(thinkingContent.String()), hasThinking -} - -// ConvertOpenAIToolsToKiroFormat is a helper that converts OpenAI tools format to Kiro format -func ConvertOpenAIToolsToKiroFormat(tools []map[string]interface{}) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - - for _, tool := range tools { - toolType, _ := tool["type"].(string) - if toolType != "function" { - continue - } - - fn, ok := tool["function"].(map[string]interface{}) - if !ok { - continue - } - - name := kirocommon.GetString(fn, "name") - description := kirocommon.GetString(fn, "description") - parameters := ensureKiroInputSchema(fn["parameters"]) - - if name == "" { - continue - } - - if description == "" { - description = "Tool: " + name - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: parameters}, - }, - }) - } - - return kiroTools -} - -// OpenAIStreamParams holds parameters for OpenAI streaming conversion -type OpenAIStreamParams struct { - State *OpenAIStreamState - ThinkingState *ThinkingTagState - ToolCallsEmitted map[string]bool -} - -// NewOpenAIStreamParams creates new streaming parameters -func NewOpenAIStreamParams(model string) *OpenAIStreamParams { - return &OpenAIStreamParams{ - State: NewOpenAIStreamState(model), - ThinkingState: NewThinkingTagState(), - ToolCallsEmitted: make(map[string]bool), - } -} - -// ConvertClaudeToolUseToOpenAI converts a Claude tool_use block to OpenAI tool_calls format -func ConvertClaudeToolUseToOpenAI(toolUseID, toolName string, input map[string]interface{}) map[string]interface{} { - inputJSON, _ := json.Marshal(input) - return map[string]interface{}{ - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": string(inputJSON), - }, - } -} - -// LogStreamEvent logs a streaming event for debugging -func LogStreamEvent(eventType, data string) { - log.Debugf("kiro-openai: stream event type=%s, data_len=%d", eventType, len(data)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_request.go deleted file mode 100644 index 968809420e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_request.go +++ /dev/null @@ -1,985 +0,0 @@ -// Package openai provides request translation from OpenAI Chat Completions to Kiro format. -// It handles parsing and transforming OpenAI API requests into the Kiro/Amazon Q API format, -// extracting model information, system instructions, message contents, and tool declarations. -package openai - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - "time" - "unicode/utf8" - - "github.com/google/uuid" - kiroclaude "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/claude" - kirocommon "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// Kiro API request structs - reuse from kiroclaude package structure - -// KiroPayload is the top-level request structure for Kiro API -type KiroPayload struct { - ConversationState KiroConversationState `json:"conversationState"` - ProfileArn string `json:"profileArn,omitempty"` - InferenceConfig *KiroInferenceConfig `json:"inferenceConfig,omitempty"` -} - -// KiroInferenceConfig contains inference parameters for the Kiro API. -type KiroInferenceConfig struct { - MaxTokens int `json:"maxTokens,omitempty"` - Temperature float64 `json:"temperature,omitempty"` - TopP float64 `json:"topP,omitempty"` -} - -// KiroConversationState holds the conversation context -type KiroConversationState struct { - ChatTriggerType string `json:"chatTriggerType"` // Required: "MANUAL" - ConversationID string `json:"conversationId"` - CurrentMessage KiroCurrentMessage `json:"currentMessage"` - History []KiroHistoryMessage `json:"history,omitempty"` -} - -// KiroCurrentMessage wraps the current user message -type KiroCurrentMessage struct { - UserInputMessage KiroUserInputMessage `json:"userInputMessage"` -} - -// KiroHistoryMessage represents a message in the conversation history -type KiroHistoryMessage struct { - UserInputMessage *KiroUserInputMessage `json:"userInputMessage,omitempty"` - AssistantResponseMessage *KiroAssistantResponseMessage `json:"assistantResponseMessage,omitempty"` -} - -// KiroImage represents an image in Kiro API format -type KiroImage struct { - Format string `json:"format"` - Source KiroImageSource `json:"source"` -} - -// KiroImageSource contains the image data -type KiroImageSource struct { - Bytes string `json:"bytes"` // base64 encoded image data -} - -// KiroUserInputMessage represents a user message -type KiroUserInputMessage struct { - Content string `json:"content"` - ModelID string `json:"modelId"` - Origin string `json:"origin"` - Images []KiroImage `json:"images,omitempty"` - UserInputMessageContext *KiroUserInputMessageContext `json:"userInputMessageContext,omitempty"` -} - -// KiroUserInputMessageContext contains tool-related context -type KiroUserInputMessageContext struct { - ToolResults []KiroToolResult `json:"toolResults,omitempty"` - Tools []KiroToolWrapper `json:"tools,omitempty"` -} - -// KiroToolResult represents a tool execution result -type KiroToolResult struct { - Content []KiroTextContent `json:"content"` - Status string `json:"status"` - ToolUseID string `json:"toolUseId"` -} - -// KiroTextContent represents text content -type KiroTextContent struct { - Text string `json:"text"` -} - -// KiroToolWrapper wraps a tool specification -type KiroToolWrapper struct { - ToolSpecification KiroToolSpecification `json:"toolSpecification"` -} - -// KiroToolSpecification defines a tool's schema -type KiroToolSpecification struct { - Name string `json:"name"` - Description string `json:"description"` - InputSchema KiroInputSchema `json:"inputSchema"` -} - -// KiroInputSchema wraps the JSON schema for tool input -type KiroInputSchema struct { - JSON interface{} `json:"json"` -} - -// KiroAssistantResponseMessage represents an assistant message -type KiroAssistantResponseMessage struct { - Content string `json:"content"` - ToolUses []KiroToolUse `json:"toolUses,omitempty"` -} - -// KiroToolUse represents a tool invocation by the assistant -type KiroToolUse struct { - ToolUseID string `json:"toolUseId"` - Name string `json:"name"` - Input map[string]interface{} `json:"input"` -} - -// ConvertOpenAIRequestToKiro converts an OpenAI Chat Completions request to Kiro format. -// This is the main entry point for request translation. -// Note: The actual payload building happens in the executor, this just passes through -// the OpenAI format which will be converted by BuildKiroPayloadFromOpenAI. -func ConvertOpenAIRequestToKiro(modelName string, inputRawJSON []byte, stream bool) []byte { - // Pass through the OpenAI format - actual conversion happens in BuildKiroPayloadFromOpenAI - return inputRawJSON -} - -// BuildKiroPayloadFromOpenAI constructs the Kiro API request payload from OpenAI format. -// Supports tool calling - tools are passed via userInputMessageContext. -// origin parameter determines which quota to use: "CLI" for Amazon Q, "AI_EDITOR" for Kiro IDE. -// isAgentic parameter enables chunked write optimization prompt for -agentic model variants. -// isChatOnly parameter disables tool calling for -chat model variants (pure conversation mode). -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// metadata parameter is kept for API compatibility but no longer used for thinking configuration. -// Returns the payload and a boolean indicating whether thinking mode was injected. -func BuildKiroPayloadFromOpenAI(openaiBody []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, headers http.Header, metadata map[string]any) ([]byte, bool) { - // Extract max_tokens for potential use in inferenceConfig - // Handle -1 as "use maximum" (Kiro max output is ~32000 tokens) - const kiroMaxOutputTokens = 32000 - var maxTokens int64 - if mt := gjson.GetBytes(openaiBody, "max_tokens"); mt.Exists() { - maxTokens = mt.Int() - if maxTokens == -1 { - maxTokens = kiroMaxOutputTokens - log.Debugf("kiro-openai: max_tokens=-1 converted to %d", kiroMaxOutputTokens) - } - } - - // Extract temperature if specified - var temperature float64 - var hasTemperature bool - if temp := gjson.GetBytes(openaiBody, "temperature"); temp.Exists() { - temperature = temp.Float() - hasTemperature = true - } - - // Extract top_p if specified - var topP float64 - var hasTopP bool - if tp := gjson.GetBytes(openaiBody, "top_p"); tp.Exists() { - topP = tp.Float() - hasTopP = true - log.Debugf("kiro-openai: extracted top_p: %.2f", topP) - } - - // Normalize origin value for Kiro API compatibility - origin = normalizeOrigin(origin) - log.Debugf("kiro-openai: normalized origin value: %s", origin) - - messages := gjson.GetBytes(openaiBody, "messages") - - // For chat-only mode, don't include tools - var tools gjson.Result - if !isChatOnly { - tools = gjson.GetBytes(openaiBody, "tools") - } - - // Extract system prompt from messages - systemPrompt := extractSystemPromptFromOpenAI(messages) - - // Inject timestamp context - timestamp := time.Now().Format("2006-01-02 15:04:05 MST") - timestampContext := fmt.Sprintf("[Context: Current time is %s]", timestamp) - if systemPrompt != "" { - systemPrompt = timestampContext + "\n\n" + systemPrompt - } else { - systemPrompt = timestampContext - } - log.Debugf("kiro-openai: injected timestamp context: %s", timestamp) - - // Inject agentic optimization prompt for -agentic model variants - if isAgentic { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += kirocommon.KiroAgenticSystemPrompt - } - - // Handle tool_choice parameter - Kiro doesn't support it natively, so we inject system prompt hints - // OpenAI tool_choice values: "none", "auto", "required", or {"type":"function","function":{"name":"..."}} - toolChoiceHint := extractToolChoiceHint(openaiBody) - if toolChoiceHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += toolChoiceHint - log.Debugf("kiro-openai: injected tool_choice hint into system prompt") - } - - // Handle response_format parameter - Kiro doesn't support it natively, so we inject system prompt hints - // OpenAI response_format: {"type": "json_object"} or {"type": "json_schema", "json_schema": {...}} - responseFormatHint := extractResponseFormatHint(openaiBody) - if responseFormatHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += responseFormatHint - log.Debugf("kiro-openai: injected response_format hint into system prompt") - } - - // Check for thinking mode - // Supports OpenAI reasoning_effort parameter, model name hints, and Anthropic-Beta header - thinkingEnabled := checkThinkingModeFromOpenAIWithHeaders(openaiBody, headers) - - // Convert OpenAI tools to Kiro format - kiroTools := convertOpenAIToolsToKiro(tools) - - // Thinking mode implementation: - // Kiro API supports official thinking/reasoning mode via tag. - // When set to "enabled", Kiro returns reasoning content as official reasoningContentEvent - // rather than inline tags in assistantResponseEvent. - // Use a conservative thinking budget to reduce latency/cost spikes in long sessions. - if thinkingEnabled { - thinkingHint := `enabled -16000` - if systemPrompt != "" { - systemPrompt = thinkingHint + "\n\n" + systemPrompt - } else { - systemPrompt = thinkingHint - } - log.Infof("kiro-openai: injected thinking prompt (official mode), has_tools: %v", len(kiroTools) > 0) - } - - // Process messages and build history - history, currentUserMsg, currentToolResults := processOpenAIMessages(messages, modelID, origin) - - // Build content with system prompt - if currentUserMsg != nil { - currentUserMsg.Content = buildFinalContent(currentUserMsg.Content, systemPrompt, currentToolResults) - - // Deduplicate currentToolResults - currentToolResults = deduplicateToolResults(currentToolResults) - - // Build userInputMessageContext with tools and tool results - if len(kiroTools) > 0 || len(currentToolResults) > 0 { - currentUserMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - Tools: kiroTools, - ToolResults: currentToolResults, - } - } - } - - // Build payload - var currentMessage KiroCurrentMessage - if currentUserMsg != nil { - currentMessage = KiroCurrentMessage{UserInputMessage: *currentUserMsg} - } else { - fallbackContent := "" - if systemPrompt != "" { - fallbackContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n" - } - currentMessage = KiroCurrentMessage{UserInputMessage: KiroUserInputMessage{ - Content: fallbackContent, - ModelID: modelID, - Origin: origin, - }} - } - - // Build inferenceConfig if we have any inference parameters - // Note: Kiro API doesn't actually use max_tokens for thinking budget - var inferenceConfig *KiroInferenceConfig - if maxTokens > 0 || hasTemperature || hasTopP { - inferenceConfig = &KiroInferenceConfig{} - if maxTokens > 0 { - inferenceConfig.MaxTokens = int(maxTokens) - } - if hasTemperature { - inferenceConfig.Temperature = temperature - } - if hasTopP { - inferenceConfig.TopP = topP - } - } - - payload := KiroPayload{ - ConversationState: KiroConversationState{ - ChatTriggerType: "MANUAL", - ConversationID: uuid.New().String(), - CurrentMessage: currentMessage, - History: history, - }, - ProfileArn: profileArn, - InferenceConfig: inferenceConfig, - } - - result, err := json.Marshal(payload) - if err != nil { - log.Debugf("kiro-openai: failed to marshal payload: %v", err) - return nil, false - } - - return result, thinkingEnabled -} - -// normalizeOrigin normalizes origin value for Kiro API compatibility -func normalizeOrigin(origin string) string { - switch origin { - case "KIRO_CLI": - return "CLI" - case "KIRO_AI_EDITOR": - return "AI_EDITOR" - case "AMAZON_Q": - return "CLI" - case "KIRO_IDE": - return "AI_EDITOR" - default: - return origin - } -} - -// extractSystemPromptFromOpenAI extracts system prompt from OpenAI messages -func extractSystemPromptFromOpenAI(messages gjson.Result) string { - if !messages.IsArray() { - return "" - } - - var systemParts []string - for _, msg := range messages.Array() { - if msg.Get("role").String() == "system" { - content := msg.Get("content") - if content.Type == gjson.String { - systemParts = append(systemParts, content.String()) - } else if content.IsArray() { - // Handle array content format - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - systemParts = append(systemParts, part.Get("text").String()) - } - } - } - } - } - - return strings.Join(systemParts, "\n") -} - -// shortenToolNameIfNeeded shortens tool names that exceed 64 characters. -// MCP tools often have long names like "mcp__server-name__tool-name". -// This preserves the "mcp__" prefix and last segment when possible. -func shortenToolNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - // For MCP tools, try to preserve prefix and last segment - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -func ensureKiroInputSchema(parameters interface{}) interface{} { - if parameters != nil { - return parameters - } - return map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{}, - } -} - -// convertOpenAIToolsToKiro converts OpenAI tools to Kiro format -func convertOpenAIToolsToKiro(tools gjson.Result) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - if !tools.IsArray() { - return kiroTools - } - - for _, tool := range tools.Array() { - // OpenAI tools have type "function" with function definition inside - if tool.Get("type").String() != "function" { - continue - } - - fn := tool.Get("function") - if !fn.Exists() { - continue - } - - name := fn.Get("name").String() - description := fn.Get("description").String() - parametersResult := fn.Get("parameters") - var parameters interface{} - if parametersResult.Exists() && parametersResult.Type != gjson.Null { - parameters = parametersResult.Value() - } - parameters = ensureKiroInputSchema(parameters) - - // Shorten tool name if it exceeds 64 characters (common with MCP tools) - originalName := name - name = shortenToolNameIfNeeded(name) - if name != originalName { - log.Debugf("kiro-openai: shortened tool name from '%s' to '%s'", originalName, name) - } - - // CRITICAL FIX: Kiro API requires non-empty description - if strings.TrimSpace(description) == "" { - description = fmt.Sprintf("Tool: %s", name) - log.Debugf("kiro-openai: tool '%s' has empty description, using default: %s", name, description) - } - - // Truncate long descriptions - if len(description) > kirocommon.KiroMaxToolDescLen { - truncLen := kirocommon.KiroMaxToolDescLen - 30 - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - description = description[:truncLen] + "... (description truncated)" - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: parameters}, - }, - }) - } - - return kiroTools -} - -// processOpenAIMessages processes OpenAI messages and builds Kiro history -func processOpenAIMessages(messages gjson.Result, modelID, origin string) ([]KiroHistoryMessage, *KiroUserInputMessage, []KiroToolResult) { - var history []KiroHistoryMessage - var currentUserMsg *KiroUserInputMessage - var currentToolResults []KiroToolResult - - if !messages.IsArray() { - return history, currentUserMsg, currentToolResults - } - - // Merge adjacent messages with the same role - messagesArray := kirocommon.MergeAdjacentMessages(messages.Array()) - - // Track pending tool results that should be attached to the next user message - // This is critical for LiteLLM-translated requests where tool results appear - // as separate "tool" role messages between assistant and user messages - var pendingToolResults []KiroToolResult - - for i, msg := range messagesArray { - role := msg.Get("role").String() - isLastMessage := i == len(messagesArray)-1 - - switch role { - case "system": - // System messages are handled separately via extractSystemPromptFromOpenAI - continue - - case "user": - userMsg, toolResults := buildUserMessageFromOpenAI(msg, modelID, origin) - // Merge any pending tool results from preceding "tool" role messages - toolResults = append(pendingToolResults, toolResults...) - pendingToolResults = nil // Reset pending tool results - - if isLastMessage { - currentUserMsg = &userMsg - currentToolResults = toolResults - } else { - // CRITICAL: Kiro API requires content to be non-empty for history messages - if strings.TrimSpace(userMsg.Content) == "" { - if len(toolResults) > 0 { - userMsg.Content = "Tool results provided." - } else { - userMsg.Content = "Continue" - } - } - // For history messages, embed tool results in context - if len(toolResults) > 0 { - userMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - ToolResults: toolResults, - } - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &userMsg, - }) - } - - case "assistant": - assistantMsg := buildAssistantMessageFromOpenAI(msg) - - // If there are pending tool results, we need to insert a synthetic user message - // before this assistant message to maintain proper conversation structure - if len(pendingToolResults) > 0 { - syntheticUserMsg := KiroUserInputMessage{ - Content: "Tool results provided.", - ModelID: modelID, - Origin: origin, - UserInputMessageContext: &KiroUserInputMessageContext{ - ToolResults: pendingToolResults, - }, - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &syntheticUserMsg, - }) - pendingToolResults = nil - } - - if isLastMessage { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - // Create a "Continue" user message as currentMessage - currentUserMsg = &KiroUserInputMessage{ - Content: "Continue", - ModelID: modelID, - Origin: origin, - } - } else { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - } - - case "tool": - // Tool messages in OpenAI format provide results for tool_calls - // These are typically followed by user or assistant messages - // Collect them as pending and attach to the next user message - toolCallID := msg.Get("tool_call_id").String() - content := msg.Get("content").String() - - if toolCallID != "" { - toolResult := KiroToolResult{ - ToolUseID: toolCallID, - Content: []KiroTextContent{{Text: content}}, - Status: "success", - } - // Collect pending tool results to attach to the next user message - pendingToolResults = append(pendingToolResults, toolResult) - } - } - } - - // Handle case where tool results are at the end with no following user message - if len(pendingToolResults) > 0 { - currentToolResults = append(currentToolResults, pendingToolResults...) - // If there's no current user message, create a synthetic one for the tool results - if currentUserMsg == nil { - currentUserMsg = &KiroUserInputMessage{ - Content: "Tool results provided.", - ModelID: modelID, - Origin: origin, - } - } - } - - // Truncate history if too long to prevent Kiro API errors - history = truncateHistoryIfNeeded(history) - history, currentToolResults = filterOrphanedToolResults(history, currentToolResults) - - return history, currentUserMsg, currentToolResults -} - -const kiroMaxHistoryMessages = 50 - -func truncateHistoryIfNeeded(history []KiroHistoryMessage) []KiroHistoryMessage { - if len(history) <= kiroMaxHistoryMessages { - return history - } - - log.Debugf("kiro-openai: truncating history from %d to %d messages", len(history), kiroMaxHistoryMessages) - return history[len(history)-kiroMaxHistoryMessages:] -} - -func filterOrphanedToolResults(history []KiroHistoryMessage, currentToolResults []KiroToolResult) ([]KiroHistoryMessage, []KiroToolResult) { - // Remove tool results with no matching tool_use in retained history. - // This happens after truncation when the assistant turn that produced tool_use - // is dropped but a later user/tool_result survives. - validToolUseIDs := make(map[string]bool) - for _, h := range history { - if h.AssistantResponseMessage == nil { - continue - } - for _, tu := range h.AssistantResponseMessage.ToolUses { - validToolUseIDs[tu.ToolUseID] = true - } - } - - for i, h := range history { - if h.UserInputMessage == nil || h.UserInputMessage.UserInputMessageContext == nil { - continue - } - ctx := h.UserInputMessage.UserInputMessageContext - if len(ctx.ToolResults) == 0 { - continue - } - - filtered := make([]KiroToolResult, 0, len(ctx.ToolResults)) - for _, tr := range ctx.ToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - continue - } - log.Debugf("kiro-openai: dropping orphaned tool_result in history[%d]: toolUseId=%s (no matching tool_use)", i, tr.ToolUseID) - } - ctx.ToolResults = filtered - if len(ctx.ToolResults) == 0 && len(ctx.Tools) == 0 { - h.UserInputMessage.UserInputMessageContext = nil - } - } - - if len(currentToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(currentToolResults)) - for _, tr := range currentToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - continue - } - log.Debugf("kiro-openai: dropping orphaned tool_result in currentMessage: toolUseId=%s (no matching tool_use)", tr.ToolUseID) - } - if len(filtered) != len(currentToolResults) { - log.Infof("kiro-openai: dropped %d orphaned tool_result(s) from currentMessage", len(currentToolResults)-len(filtered)) - } - currentToolResults = filtered - } - - return history, currentToolResults -} - -// buildUserMessageFromOpenAI builds a user message from OpenAI format and extracts tool results -func buildUserMessageFromOpenAI(msg gjson.Result, modelID, origin string) (KiroUserInputMessage, []KiroToolResult) { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolResults []KiroToolResult - var images []KiroImage - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "image_url": - imageURL := part.Get("image_url.url").String() - if strings.HasPrefix(imageURL, "data:") { - // Parse data URL: data:image/png;base64,xxxxx - if idx := strings.Index(imageURL, ";base64,"); idx != -1 { - mediaType := imageURL[5:idx] // Skip "data:" - data := imageURL[idx+8:] // Skip ";base64," - - format := "" - if lastSlash := strings.LastIndex(mediaType, "/"); lastSlash != -1 { - format = mediaType[lastSlash+1:] - } - - if format != "" && data != "" { - images = append(images, KiroImage{ - Format: format, - Source: KiroImageSource{ - Bytes: data, - }, - }) - } - } - } - } - } - } else if content.Type == gjson.String { - contentBuilder.WriteString(content.String()) - } - - userMsg := KiroUserInputMessage{ - Content: contentBuilder.String(), - ModelID: modelID, - Origin: origin, - } - - if len(images) > 0 { - userMsg.Images = images - } - - return userMsg, toolResults -} - -// buildAssistantMessageFromOpenAI builds an assistant message from OpenAI format -func buildAssistantMessageFromOpenAI(msg gjson.Result) KiroAssistantResponseMessage { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolUses []KiroToolUse - - // Handle content - if content.Type == gjson.String { - contentBuilder.WriteString(content.String()) - } else if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "tool_use": - // Handle tool_use in content array (Anthropic/OpenCode format) - // This is different from OpenAI's tool_calls format - toolUseID := part.Get("id").String() - toolName := part.Get("name").String() - inputData := part.Get("input") - - inputMap := make(map[string]interface{}) - if inputData.Exists() && inputData.IsObject() { - inputData.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - log.Debugf("kiro-openai: extracted tool_use from content array: %s", toolName) - } - } - } - - // Handle tool_calls (OpenAI format) - toolCalls := msg.Get("tool_calls") - if toolCalls.IsArray() { - for _, tc := range toolCalls.Array() { - if tc.Get("type").String() != "function" { - continue - } - - toolUseID := tc.Get("id").String() - toolName := tc.Get("function.name").String() - toolArgs := tc.Get("function.arguments").String() - inputMap := parseToolArgumentsToMap(toolArgs) - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - - // CRITICAL FIX: Kiro API requires non-empty content for assistant messages - // This can happen with compaction requests or error recovery scenarios - finalContent := contentBuilder.String() - if strings.TrimSpace(finalContent) == "" { - if len(toolUses) > 0 { - finalContent = kirocommon.DefaultAssistantContentWithTools - } else { - finalContent = kirocommon.DefaultAssistantContent - } - log.Debugf("kiro-openai: assistant content was empty, using default: %s", finalContent) - } - - return KiroAssistantResponseMessage{ - Content: finalContent, - ToolUses: toolUses, - } -} - -func parseToolArgumentsToMap(toolArgs string) map[string]interface{} { - trimmed := strings.TrimSpace(toolArgs) - if trimmed == "" { - return map[string]interface{}{} - } - - var inputMap map[string]interface{} - if err := json.Unmarshal([]byte(trimmed), &inputMap); err == nil { - return inputMap - } - - var raw interface{} - if err := json.Unmarshal([]byte(trimmed), &raw); err == nil { - if raw == nil { - return map[string]interface{}{} - } - return map[string]interface{}{"value": raw} - } - - return map[string]interface{}{"raw": trimmed} -} - -// buildFinalContent builds the final content with system prompt -func buildFinalContent(content, systemPrompt string, toolResults []KiroToolResult) string { - var contentBuilder strings.Builder - - if systemPrompt != "" { - contentBuilder.WriteString("--- SYSTEM PROMPT ---\n") - contentBuilder.WriteString(systemPrompt) - contentBuilder.WriteString("\n--- END SYSTEM PROMPT ---\n\n") - } - - contentBuilder.WriteString(content) - finalContent := contentBuilder.String() - - // CRITICAL: Kiro API requires content to be non-empty - if strings.TrimSpace(finalContent) == "" { - if len(toolResults) > 0 { - finalContent = "Tool results provided." - } else { - finalContent = "Continue" - } - log.Debugf("kiro-openai: content was empty, using default: %s", finalContent) - } - - return finalContent -} - -// checkThinkingModeFromOpenAIWithHeaders checks if thinking mode is enabled in the OpenAI request. -// Returns thinkingEnabled. -// Supports: -// - Anthropic-Beta header with interleaved-thinking (Claude CLI) -// - reasoning_effort parameter (low/medium/high/auto) -// - Model name containing "thinking" or "reason" -// - tag in system prompt (AMP/Cursor format) -func checkThinkingModeFromOpenAIWithHeaders(openaiBody []byte, headers http.Header) bool { - // Check Anthropic-Beta header first (Claude CLI uses this) - if kiroclaude.IsThinkingEnabledFromHeader(headers) { - log.Debugf("kiro-openai: thinking mode enabled via Anthropic-Beta header") - return true - } - - // Check OpenAI format: reasoning_effort parameter - // Valid values: "low", "medium", "high", "auto" (not "none") - reasoningEffort := gjson.GetBytes(openaiBody, "reasoning_effort") - if reasoningEffort.Exists() { - effort := reasoningEffort.String() - if effort != "" && effort != "none" { - log.Debugf("kiro-openai: thinking mode enabled via reasoning_effort: %s", effort) - return true - } - } - - // Check AMP/Cursor format: interleaved in system prompt - bodyStr := string(openaiBody) - if strings.Contains(bodyStr, "") && strings.Contains(bodyStr, "") { - startTag := "" - endTag := "" - startIdx := strings.Index(bodyStr, startTag) - if startIdx >= 0 { - startIdx += len(startTag) - endIdx := strings.Index(bodyStr[startIdx:], endTag) - if endIdx >= 0 { - thinkingMode := bodyStr[startIdx : startIdx+endIdx] - if thinkingMode == "interleaved" || thinkingMode == "enabled" { - log.Debugf("kiro-openai: thinking mode enabled via AMP/Cursor format: %s", thinkingMode) - return true - } - } - } - } - - // Check model name for thinking hints - model := gjson.GetBytes(openaiBody, "model").String() - modelLower := strings.ToLower(model) - if strings.Contains(modelLower, "thinking") || strings.Contains(modelLower, "-reason") { - log.Debugf("kiro-openai: thinking mode enabled via model name hint: %s", model) - return true - } - - log.Debugf("kiro-openai: no thinking mode detected in OpenAI request") - return false -} - -// hasThinkingTagInBody checks if the request body already contains thinking configuration tags. -// This is used to prevent duplicate injection when client (e.g., AMP/Cursor) already includes thinking config. - -// extractToolChoiceHint extracts tool_choice from OpenAI request and returns a system prompt hint. -// OpenAI tool_choice values: -// - "none": Don't use any tools -// - "auto": Model decides (default, no hint needed) -// - "required": Must use at least one tool -// - {"type":"function","function":{"name":"..."}} : Must use specific tool -func extractToolChoiceHint(openaiBody []byte) string { - toolChoice := gjson.GetBytes(openaiBody, "tool_choice") - if !toolChoice.Exists() { - return "" - } - - // Handle string values - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "none": - // Note: When tool_choice is "none", we should ideally not pass tools at all - // But since we can't modify tool passing here, we add a strong hint - return "[INSTRUCTION: Do NOT use any tools. Respond with text only.]" - case "required": - return "[INSTRUCTION: You MUST use at least one of the available tools to respond. Do not respond with text only - always make a tool call.]" - case "auto": - // Default behavior, no hint needed - return "" - } - } - - // Handle object value: {"type":"function","function":{"name":"..."}} - if toolChoice.IsObject() { - if toolChoice.Get("type").String() == "function" { - toolName := toolChoice.Get("function.name").String() - if toolName != "" { - return fmt.Sprintf("[INSTRUCTION: You MUST use the tool named '%s' to respond. Do not use any other tool or respond with text only.]", toolName) - } - } - } - - return "" -} - -// extractResponseFormatHint extracts response_format from OpenAI request and returns a system prompt hint. -// OpenAI response_format values: -// - {"type": "text"}: Default, no hint needed -// - {"type": "json_object"}: Must respond with valid JSON -// - {"type": "json_schema", "json_schema": {...}}: Must respond with JSON matching schema -func extractResponseFormatHint(openaiBody []byte) string { - responseFormat := gjson.GetBytes(openaiBody, "response_format") - if !responseFormat.Exists() { - return "" - } - - formatType := responseFormat.Get("type").String() - switch formatType { - case "json_object": - return "[INSTRUCTION: You MUST respond with valid JSON only. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]" - case "json_schema": - // Extract schema if provided - schema := responseFormat.Get("json_schema.schema") - if schema.Exists() { - schemaStr := schema.Raw - // Truncate if too long - if len(schemaStr) > 500 { - schemaStr = schemaStr[:500] + "..." - } - return fmt.Sprintf("[INSTRUCTION: You MUST respond with valid JSON that matches this schema: %s. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]", schemaStr) - } - return "[INSTRUCTION: You MUST respond with valid JSON only. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]" - case "text": - // Default behavior, no hint needed - return "" - } - - return "" -} - -// deduplicateToolResults removes duplicate tool results -func deduplicateToolResults(toolResults []KiroToolResult) []KiroToolResult { - if len(toolResults) == 0 { - return toolResults - } - - seenIDs := make(map[string]bool) - unique := make([]KiroToolResult, 0, len(toolResults)) - for _, tr := range toolResults { - if !seenIDs[tr.ToolUseID] { - seenIDs[tr.ToolUseID] = true - unique = append(unique, tr) - } else { - log.Debugf("kiro-openai: skipping duplicate toolResult: %s", tr.ToolUseID) - } - } - return unique -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_request_test.go deleted file mode 100644 index 22953bbc27..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_request_test.go +++ /dev/null @@ -1,440 +0,0 @@ -package openai - -import ( - "encoding/json" - "testing" -) - -// TestToolResultsAttachedToCurrentMessage verifies that tool results from "tool" role messages -// are properly attached to the current user message (the last message in the conversation). -// This is critical for LiteLLM-translated requests where tool results appear as separate messages. -func TestToolResultsAttachedToCurrentMessage(t *testing.T) { - // OpenAI format request simulating LiteLLM's translation from Anthropic format - // Sequence: user -> assistant (with tool_calls) -> tool (result) -> user - // The last user message should have the tool results attached - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello, can you read a file for me?"}, - { - "role": "assistant", - "content": "I'll read that file for you.", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/test.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_abc123", - "content": "File contents: Hello World!" - }, - {"role": "user", "content": "What did the file say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // The last user message becomes currentMessage - // History should have: user (first), assistant (with tool_calls) - t.Logf("History count: %d", len(payload.ConversationState.History)) - if len(payload.ConversationState.History) != 2 { - t.Errorf("Expected 2 history entries (user + assistant), got %d", len(payload.ConversationState.History)) - } - - // Tool results should be attached to currentMessage (the last user message) - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx == nil { - t.Fatal("Expected currentMessage to have UserInputMessageContext with tool results") - } - - if len(ctx.ToolResults) != 1 { - t.Fatalf("Expected 1 tool result in currentMessage, got %d", len(ctx.ToolResults)) - } - - tr := ctx.ToolResults[0] - if tr.ToolUseID != "call_abc123" { - t.Errorf("Expected toolUseId 'call_abc123', got '%s'", tr.ToolUseID) - } - if len(tr.Content) == 0 || tr.Content[0].Text != "File contents: Hello World!" { - t.Errorf("Tool result content mismatch, got: %+v", tr.Content) - } -} - -// TestToolResultsInHistoryUserMessage verifies that when there are multiple user messages -// after tool results, the tool results are attached to the correct user message in history. -func TestToolResultsInHistoryUserMessage(t *testing.T) { - // Sequence: user -> assistant (with tool_calls) -> tool (result) -> user -> assistant -> user - // The first user after tool should have tool results in history - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello"}, - { - "role": "assistant", - "content": "I'll read the file.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "File result" - }, - {"role": "user", "content": "Thanks for the file"}, - {"role": "assistant", "content": "You're welcome"}, - {"role": "user", "content": "Bye"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // History should have: user, assistant, user (with tool results), assistant - // CurrentMessage should be: last user "Bye" - t.Logf("History count: %d", len(payload.ConversationState.History)) - - // Find the user message in history with tool results - foundToolResults := false - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil { - t.Logf("History[%d]: user message content=%q", i, h.UserInputMessage.Content) - if h.UserInputMessage.UserInputMessageContext != nil { - if len(h.UserInputMessage.UserInputMessageContext.ToolResults) > 0 { - foundToolResults = true - t.Logf(" Found %d tool results", len(h.UserInputMessage.UserInputMessageContext.ToolResults)) - tr := h.UserInputMessage.UserInputMessageContext.ToolResults[0] - if tr.ToolUseID != "call_1" { - t.Errorf("Expected toolUseId 'call_1', got '%s'", tr.ToolUseID) - } - } - } - } - if h.AssistantResponseMessage != nil { - t.Logf("History[%d]: assistant message content=%q", i, h.AssistantResponseMessage.Content) - } - } - - if !foundToolResults { - t.Error("Tool results were not attached to any user message in history") - } -} - -// TestToolResultsWithMultipleToolCalls verifies handling of multiple tool calls -func TestToolResultsWithMultipleToolCalls(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read two files for me"}, - { - "role": "assistant", - "content": "I'll read both files.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/file1.txt\"}" - } - }, - { - "id": "call_2", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/file2.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "Content of file 1" - }, - { - "role": "tool", - "tool_call_id": "call_2", - "content": "Content of file 2" - }, - {"role": "user", "content": "What do they say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - t.Logf("History count: %d", len(payload.ConversationState.History)) - t.Logf("CurrentMessage content: %q", payload.ConversationState.CurrentMessage.UserInputMessage.Content) - - // Check if there are any tool results anywhere - var totalToolResults int - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil && h.UserInputMessage.UserInputMessageContext != nil { - count := len(h.UserInputMessage.UserInputMessageContext.ToolResults) - t.Logf("History[%d] user message has %d tool results", i, count) - totalToolResults += count - } - } - - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx != nil { - t.Logf("CurrentMessage has %d tool results", len(ctx.ToolResults)) - totalToolResults += len(ctx.ToolResults) - } else { - t.Logf("CurrentMessage has no UserInputMessageContext") - } - - if totalToolResults != 2 { - t.Errorf("Expected 2 tool results total, got %d", totalToolResults) - } -} - -// TestToolResultsAtEndOfConversation verifies tool results are handled when -// the conversation ends with tool results (no following user message) -func TestToolResultsAtEndOfConversation(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read a file"}, - { - "role": "assistant", - "content": "Reading the file.", - "tool_calls": [ - { - "id": "call_end", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/test.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_end", - "content": "File contents here" - } - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // When the last message is a tool result, a synthetic user message is created - // and tool results should be attached to it - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx == nil || len(ctx.ToolResults) == 0 { - t.Error("Expected tool results to be attached to current message when conversation ends with tool result") - } else { - if ctx.ToolResults[0].ToolUseID != "call_end" { - t.Errorf("Expected toolUseId 'call_end', got '%s'", ctx.ToolResults[0].ToolUseID) - } - } -} - -// TestToolResultsFollowedByAssistant verifies handling when tool results are followed -// by an assistant message (no intermediate user message). -// This is the pattern from LiteLLM translation of Anthropic format where: -// user message has ONLY tool_result blocks -> LiteLLM creates tool messages -// then the next message is assistant -func TestToolResultsFollowedByAssistant(t *testing.T) { - // Sequence: user -> assistant (with tool_calls) -> tool -> tool -> assistant -> user - // This simulates LiteLLM's translation of: - // user: "Read files" - // assistant: [tool_use, tool_use] - // user: [tool_result, tool_result] <- becomes multiple "tool" role messages - // assistant: "I've read them" - // user: "What did they say?" - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read two files for me"}, - { - "role": "assistant", - "content": "I'll read both files.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/a.txt\"}" - } - }, - { - "id": "call_2", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/b.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "Contents of file A" - }, - { - "role": "tool", - "tool_call_id": "call_2", - "content": "Contents of file B" - }, - { - "role": "assistant", - "content": "I've read both files." - }, - {"role": "user", "content": "What did they say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - t.Logf("History count: %d", len(payload.ConversationState.History)) - - // Tool results should be attached to a synthetic user message or the history should be valid - var totalToolResults int - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil { - t.Logf("History[%d]: user message content=%q", i, h.UserInputMessage.Content) - if h.UserInputMessage.UserInputMessageContext != nil { - count := len(h.UserInputMessage.UserInputMessageContext.ToolResults) - t.Logf(" Has %d tool results", count) - totalToolResults += count - } - } - if h.AssistantResponseMessage != nil { - t.Logf("History[%d]: assistant message content=%q", i, h.AssistantResponseMessage.Content) - } - } - - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx != nil { - t.Logf("CurrentMessage has %d tool results", len(ctx.ToolResults)) - totalToolResults += len(ctx.ToolResults) - } - - if totalToolResults != 2 { - t.Errorf("Expected 2 tool results total, got %d", totalToolResults) - } -} - -// TestAssistantEndsConversation verifies handling when assistant is the last message -func TestAssistantEndsConversation(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello"}, - { - "role": "assistant", - "content": "Hi there!" - } - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // When assistant is last, a "Continue" user message should be created - if payload.ConversationState.CurrentMessage.UserInputMessage.Content == "" { - t.Error("Expected a 'Continue' message to be created when assistant is last") - } -} - -func TestFilterOrphanedToolResults_RemovesHistoryAndCurrentOrphans(t *testing.T) { - history := []KiroHistoryMessage{ - { - AssistantResponseMessage: &KiroAssistantResponseMessage{ - Content: "assistant", - ToolUses: []KiroToolUse{ - {ToolUseID: "keep-1", Name: "Read", Input: map[string]interface{}{}}, - }, - }, - }, - { - UserInputMessage: &KiroUserInputMessage{ - Content: "user-with-mixed-results", - UserInputMessageContext: &KiroUserInputMessageContext{ - ToolResults: []KiroToolResult{ - {ToolUseID: "keep-1", Status: "success", Content: []KiroTextContent{{Text: "ok"}}}, - {ToolUseID: "orphan-1", Status: "success", Content: []KiroTextContent{{Text: "bad"}}}, - }, - }, - }, - }, - { - UserInputMessage: &KiroUserInputMessage{ - Content: "user-only-orphans", - UserInputMessageContext: &KiroUserInputMessageContext{ - ToolResults: []KiroToolResult{ - {ToolUseID: "orphan-2", Status: "success", Content: []KiroTextContent{{Text: "bad"}}}, - }, - }, - }, - }, - } - - currentToolResults := []KiroToolResult{ - {ToolUseID: "keep-1", Status: "success", Content: []KiroTextContent{{Text: "ok"}}}, - {ToolUseID: "orphan-3", Status: "success", Content: []KiroTextContent{{Text: "bad"}}}, - } - - filteredHistory, filteredCurrent := filterOrphanedToolResults(history, currentToolResults) - - ctx1 := filteredHistory[1].UserInputMessage.UserInputMessageContext - if ctx1 == nil || len(ctx1.ToolResults) != 1 || ctx1.ToolResults[0].ToolUseID != "keep-1" { - t.Fatalf("expected mixed history message to keep only keep-1, got: %+v", ctx1) - } - - if filteredHistory[2].UserInputMessage.UserInputMessageContext != nil { - t.Fatalf("expected orphan-only history context to be removed") - } - - if len(filteredCurrent) != 1 || filteredCurrent[0].ToolUseID != "keep-1" { - t.Fatalf("expected current tool results to keep only keep-1, got: %+v", filteredCurrent) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_response.go deleted file mode 100644 index 7d085de06d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_response.go +++ /dev/null @@ -1,277 +0,0 @@ -// Package openai provides response translation from Kiro to OpenAI format. -// This package handles the conversion of Kiro API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses. -package openai - -import ( - "encoding/json" - "fmt" - "sync/atomic" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" -) - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// BuildOpenAIResponse constructs an OpenAI Chat Completions-compatible response. -// Supports tool_calls when tools are present in the response. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildOpenAIResponse(content string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - return BuildOpenAIResponseWithReasoning(content, "", toolUses, model, usageInfo, stopReason) -} - -// BuildOpenAIResponseWithReasoning constructs an OpenAI Chat Completions-compatible response with reasoning_content support. -// Supports tool_calls when tools are present in the response. -// reasoningContent is included as reasoning_content field in the message when present. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildOpenAIResponseWithReasoning(content, reasoningContent string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - // Build the message object - message := map[string]interface{}{ - "role": "assistant", - "content": content, - } - - // Add reasoning_content if present (for thinking/reasoning models) - if reasoningContent != "" { - message["reasoning_content"] = reasoningContent - } - - // Add tool_calls if present - if len(toolUses) > 0 { - var toolCalls []map[string]interface{} - for i, tu := range toolUses { - inputJSON, _ := json.Marshal(tu.Input) - toolCalls = append(toolCalls, map[string]interface{}{ - "id": tu.ToolUseID, - "type": "function", - "index": i, - "function": map[string]interface{}{ - "name": tu.Name, - "arguments": string(inputJSON), - }, - }) - } - message["tool_calls"] = toolCalls - // When tool_calls are present, content should be null according to OpenAI spec - if content == "" { - message["content"] = nil - } - } - - // Use upstream stopReason; apply fallback logic if not provided - finishReason := mapKiroStopReasonToOpenAI(stopReason) - if finishReason == "" { - finishReason = "stop" - if len(toolUses) > 0 { - finishReason = "tool_calls" - } - log.Debugf("kiro-openai: buildOpenAIResponse using fallback finish_reason: %s", finishReason) - } - - response := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:24], - "object": "chat.completion", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{ - { - "index": 0, - "message": message, - "finish_reason": finishReason, - }, - }, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - - result, _ := json.Marshal(response) - return result -} - -// mapKiroStopReasonToOpenAI converts Kiro/Claude stop_reason to OpenAI finish_reason -func mapKiroStopReasonToOpenAI(stopReason string) string { - switch stopReason { - case "end_turn": - return "stop" - case "stop_sequence": - return "stop" - case "tool_use": - return "tool_calls" - case "max_tokens": - return "length" - case "content_filtered": - return "content_filter" - default: - return stopReason - } -} - -// BuildOpenAIStreamChunk constructs an OpenAI Chat Completions streaming chunk. -// This is the delta format used in streaming responses. -func BuildOpenAIStreamChunk(model string, deltaContent string, deltaToolCalls []map[string]interface{}, finishReason string, index int) []byte { - delta := map[string]interface{}{} - - // First chunk should include role - if index == 0 && deltaContent == "" && len(deltaToolCalls) == 0 { - delta["role"] = "assistant" - delta["content"] = "" - } else if deltaContent != "" { - delta["content"] = deltaContent - } - - // Add tool_calls delta if present - if len(deltaToolCalls) > 0 { - delta["tool_calls"] = deltaToolCalls - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - } - - if finishReason != "" { - choice["finish_reason"] = finishReason - } else { - choice["finish_reason"] = nil - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamChunkWithToolCallStart creates a stream chunk for tool call start -func BuildOpenAIStreamChunkWithToolCallStart(model string, toolUseID, toolName string, toolIndex int) []byte { - toolCall := map[string]interface{}{ - "index": toolIndex, - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": "", - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - "finish_reason": nil, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamChunkWithToolCallDelta creates a stream chunk for tool call arguments delta -func BuildOpenAIStreamChunkWithToolCallDelta(model string, argumentsDelta string, toolIndex int) []byte { - toolCall := map[string]interface{}{ - "index": toolIndex, - "function": map[string]interface{}{ - "arguments": argumentsDelta, - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - "finish_reason": nil, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamDoneChunk creates the final [DONE] stream event -func BuildOpenAIStreamDoneChunk() []byte { - return []byte("data: [DONE]") -} - -// BuildOpenAIStreamFinishChunk creates the final chunk with finish_reason -func BuildOpenAIStreamFinishChunk(model string, finishReason string) []byte { - choice := map[string]interface{}{ - "index": 0, - "delta": map[string]interface{}{}, - "finish_reason": finishReason, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamUsageChunk creates a chunk with usage information (optional, for stream_options.include_usage) -func BuildOpenAIStreamUsageChunk(model string, usageInfo usage.Detail) []byte { - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{}, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - - result, _ := json.Marshal(chunk) - return result -} - -// GenerateToolCallID generates a unique tool call ID in OpenAI format -func GenerateToolCallID(toolName string) string { - return fmt.Sprintf("call_%s_%d_%d", toolName[:min(8, len(toolName))], time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1)) -} - -// min returns the minimum of two integers -func min(a, b int) int { - if a < b { - return a - } - return b -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_stream.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_stream.go deleted file mode 100644 index 484a94ee0f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/kiro/openai/kiro_openai_stream.go +++ /dev/null @@ -1,212 +0,0 @@ -// Package openai provides streaming SSE event building for OpenAI format. -// This package handles the construction of OpenAI-compatible Server-Sent Events (SSE) -// for streaming responses from Kiro API. -package openai - -import ( - "encoding/json" - "time" - - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -// OpenAIStreamState tracks the state of streaming response conversion -type OpenAIStreamState struct { - ChunkIndex int - ToolCallIndex int - HasSentFirstChunk bool - Model string - ResponseID string - Created int64 -} - -// NewOpenAIStreamState creates a new stream state for tracking -func NewOpenAIStreamState(model string) *OpenAIStreamState { - return &OpenAIStreamState{ - ChunkIndex: 0, - ToolCallIndex: 0, - HasSentFirstChunk: false, - Model: model, - ResponseID: "chatcmpl-" + uuid.New().String()[:24], - Created: time.Now().Unix(), - } -} - -// FormatSSEEvent formats a JSON payload for SSE streaming. -// Note: This returns raw JSON data without "data:" prefix. -// The SSE "data:" prefix is added by the Handler layer (e.g., openai_handlers.go) -// to maintain architectural consistency and avoid double-prefix issues. -func FormatSSEEvent(data []byte) string { - return string(data) -} - -// BuildOpenAISSETextDelta creates an SSE event for text content delta -func BuildOpenAISSETextDelta(state *OpenAIStreamState, textDelta string) string { - delta := map[string]interface{}{ - "content": textDelta, - } - - // Include role in first chunk - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEToolCallStart creates an SSE event for tool call start -func BuildOpenAISSEToolCallStart(state *OpenAIStreamState, toolUseID, toolName string) string { - toolCall := map[string]interface{}{ - "index": state.ToolCallIndex, - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": "", - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - // Include role in first chunk if not sent yet - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEToolCallArgumentsDelta creates an SSE event for tool call arguments delta -func BuildOpenAISSEToolCallArgumentsDelta(state *OpenAIStreamState, argumentsDelta string, toolIndex int) string { - toolCall := map[string]interface{}{ - "index": toolIndex, - "function": map[string]interface{}{ - "arguments": argumentsDelta, - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEFinish creates an SSE event with finish_reason -func BuildOpenAISSEFinish(state *OpenAIStreamState, finishReason string) string { - chunk := buildBaseChunk(state, map[string]interface{}{}, &finishReason) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEUsage creates an SSE event with usage information -func BuildOpenAISSEUsage(state *OpenAIStreamState, usageInfo usage.Detail) string { - chunk := map[string]interface{}{ - "id": state.ResponseID, - "object": "chat.completion.chunk", - "created": state.Created, - "model": state.Model, - "choices": []map[string]interface{}{}, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - result, _ := json.Marshal(chunk) - return FormatSSEEvent(result) -} - -// BuildOpenAISSEDone creates the final [DONE] SSE event. -// Note: This returns raw "[DONE]" without "data:" prefix. -// The SSE "data:" prefix is added by the Handler layer (e.g., openai_handlers.go) -// to maintain architectural consistency and avoid double-prefix issues. -func BuildOpenAISSEDone() string { - return "[DONE]" -} - -// buildBaseChunk creates a base chunk structure for streaming -func buildBaseChunk(state *OpenAIStreamState, delta map[string]interface{}, finishReason *string) map[string]interface{} { - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - } - - if finishReason != nil { - choice["finish_reason"] = *finishReason - } else { - choice["finish_reason"] = nil - } - - return map[string]interface{}{ - "id": state.ResponseID, - "object": "chat.completion.chunk", - "created": state.Created, - "model": state.Model, - "choices": []map[string]interface{}{choice}, - } -} - -// BuildOpenAISSEReasoningDelta creates an SSE event for reasoning content delta -// This is used for o1/o3 style models that expose reasoning tokens -func BuildOpenAISSEReasoningDelta(state *OpenAIStreamState, reasoningDelta string) string { - delta := map[string]interface{}{ - "reasoning_content": reasoningDelta, - } - - // Include role in first chunk - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEFirstChunk creates the first chunk with role only -func BuildOpenAISSEFirstChunk(state *OpenAIStreamState) string { - delta := map[string]interface{}{ - "role": "assistant", - "content": "", - } - - state.HasSentFirstChunk = true - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// ThinkingTagState tracks state for thinking tag detection in streaming -type ThinkingTagState struct { - InThinkingBlock bool - PendingStartChars int - PendingEndChars int -} - -// NewThinkingTagState creates a new thinking tag state -func NewThinkingTagState() *ThinkingTagState { - return &ThinkingTagState{ - InThinkingBlock: false, - PendingStartChars: 0, - PendingEndChars: 0, - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/init.go deleted file mode 100644 index 5312c8162d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.OpenAI, - ConvertClaudeRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToClaude, - NonStream: ConvertOpenAIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_request.go deleted file mode 100644 index 856cc458a3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_request.go +++ /dev/null @@ -1,405 +0,0 @@ -// Package claude provides request translation functionality for Anthropic to OpenAI API. -// It handles parsing and transforming Anthropic API requests into OpenAI Chat Completions API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Anthropic API format and OpenAI API's expected format. -package claude - -import ( - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToOpenAI parses and transforms an Anthropic API request into OpenAI Chat Completions API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertClaudeRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI Chat Completions API template - out := `{"model":"","messages":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Model mapping - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Temperature - if temp := root.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := root.Get("top_p"); topP.Exists() { // Top P - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Stop sequences -> stop - if stopSequences := root.Get("stop_sequences"); stopSequences.Exists() { - if stopSequences.IsArray() { - var stops []string - stopSequences.ForEach(func(_, value gjson.Result) bool { - stops = append(stops, value.String()) - return true - }) - if len(stops) > 0 { - if len(stops) == 1 { - out, _ = sjson.Set(out, "stop", stops[0]) - } else { - out, _ = sjson.Set(out, "stop", stops) - } - } - } - } - - // Stream - out, _ = sjson.Set(out, "stream", stream) - - // Thinking: Convert Claude thinking.budget_tokens to OpenAI reasoning_effort - if thinkingConfig := root.Get("thinking"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - if thinkingType := thinkingConfig.Get("type"); thinkingType.Exists() { - switch thinkingType.String() { - case "enabled": - if budgetTokens := thinkingConfig.Get("budget_tokens"); budgetTokens.Exists() { - budget := int(budgetTokens.Int()) - if effort, ok := thinking.ConvertBudgetToLevel(budget); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else { - // No budget_tokens specified, default to "auto" for enabled thinking - if effort, ok := thinking.ConvertBudgetToLevel(-1); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - case "adaptive": - // Claude adaptive means "enable with max capacity"; keep it as highest level - // and let ApplyThinking normalize per target model capability. - out, _ = sjson.Set(out, "reasoning_effort", string(thinking.LevelXHigh)) - case "disabled": - if effort, ok := thinking.ConvertBudgetToLevel(0); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - } - } - - // Process messages and system - var messagesJSON = "[]" - - // Handle system message first - systemMsgJSON := `{"role":"system","content":[]}` - hasSystemContent := false - if system := root.Get("system"); system.Exists() { - switch system.Type { - case gjson.String: - if system.String() != "" { - oldSystem := `{"type":"text","text":""}` - oldSystem, _ = sjson.Set(oldSystem, "text", system.String()) - systemMsgJSON, _ = sjson.SetRaw(systemMsgJSON, "content.-1", oldSystem) - hasSystemContent = true - } - case gjson.JSON: - if system.IsArray() { - systemResults := system.Array() - for i := 0; i < len(systemResults); i++ { - if contentItem, ok := convertClaudeContentPart(systemResults[i]); ok { - systemMsgJSON, _ = sjson.SetRaw(systemMsgJSON, "content.-1", contentItem) - hasSystemContent = true - } - } - } - } - } - // Only add system message if it has content - if hasSystemContent { - messagesJSON, _ = sjson.SetRaw(messagesJSON, "-1", systemMsgJSON) - } - - // Process Anthropic messages - if messages := root.Get("messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(_, message gjson.Result) bool { - role := message.Get("role").String() - contentResult := message.Get("content") - - // Handle content - if contentResult.Exists() && contentResult.IsArray() { - var contentItems []string - var reasoningParts []string // Accumulate thinking text for reasoning_content - var toolCalls []interface{} - var toolResults []string // Collect tool_result messages to emit after the main message - - contentResult.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - - switch partType { - case "thinking": - // Only map thinking to reasoning_content for assistant messages (security: prevent injection) - if role == "assistant" { - thinkingText := thinking.GetThinkingText(part) - // Skip empty or whitespace-only thinking - if strings.TrimSpace(thinkingText) != "" { - reasoningParts = append(reasoningParts, thinkingText) - } - } - // Ignore thinking in user/system roles (AC4) - - case "redacted_thinking": - // Explicitly ignore redacted_thinking - never map to reasoning_content (AC2) - - case "text", "image": - if contentItem, ok := convertClaudeContentPart(part); ok { - contentItems = append(contentItems, contentItem) - } - - case "tool_use": - // Only allow tool_use -> tool_calls for assistant messages (security: prevent injection). - if role == "assistant" { - toolCallJSON := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - toolCallJSON, _ = sjson.Set(toolCallJSON, "id", part.Get("id").String()) - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.name", part.Get("name").String()) - - // Convert input to arguments JSON string - if input := part.Get("input"); input.Exists() { - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.arguments", input.Raw) - } else { - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.arguments", "{}") - } - - toolCalls = append(toolCalls, gjson.Parse(toolCallJSON).Value()) - } - - case "tool_result": - // Collect tool_result to emit after the main message (ensures tool results follow tool_calls) - toolResultJSON := `{"role":"tool","tool_call_id":"","content":""}` - toolResultJSON, _ = sjson.Set(toolResultJSON, "tool_call_id", part.Get("tool_use_id").String()) - toolResultJSON, _ = sjson.Set(toolResultJSON, "content", convertClaudeToolResultContentToString(part.Get("content"))) - toolResults = append(toolResults, toolResultJSON) - } - return true - }) - - // Build reasoning content string - reasoningContent := "" - if len(reasoningParts) > 0 { - reasoningContent = strings.Join(reasoningParts, "\n\n") - } - - hasContent := len(contentItems) > 0 - hasReasoning := reasoningContent != "" - hasToolCalls := len(toolCalls) > 0 - - // OpenAI requires: tool messages MUST immediately follow the assistant message with tool_calls. - // Therefore, we emit tool_result messages FIRST (they respond to the previous assistant's tool_calls), - // then emit the current message's content. - for _, toolResultJSON := range toolResults { - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(toolResultJSON).Value()) - } - - // For assistant messages: emit a single unified message with content, tool_calls, and reasoning_content - // This avoids splitting into multiple assistant messages which breaks OpenAI tool-call adjacency - if role == "assistant" { - if hasContent || hasReasoning || hasToolCalls { - msgJSON := `{"role":"assistant"}` - - // Add content (as array if we have items, empty string if reasoning-only) - if hasContent { - contentArrayJSON := "[]" - for _, contentItem := range contentItems { - contentArrayJSON, _ = sjson.SetRaw(contentArrayJSON, "-1", contentItem) - } - msgJSON, _ = sjson.SetRaw(msgJSON, "content", contentArrayJSON) - } else { - // Ensure content field exists for OpenAI compatibility - msgJSON, _ = sjson.Set(msgJSON, "content", "") - } - - // Add reasoning_content if present - if hasReasoning { - msgJSON, _ = sjson.Set(msgJSON, "reasoning_content", reasoningContent) - } - - // Add tool_calls if present (in same message as content) - if hasToolCalls { - msgJSON, _ = sjson.Set(msgJSON, "tool_calls", toolCalls) - } - - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - } else { - // For non-assistant roles: emit content message if we have content - // If the message only contains tool_results (no text/image), we still processed them above - if hasContent { - msgJSON := `{"role":""}` - msgJSON, _ = sjson.Set(msgJSON, "role", role) - - contentArrayJSON := "[]" - for _, contentItem := range contentItems { - contentArrayJSON, _ = sjson.SetRaw(contentArrayJSON, "-1", contentItem) - } - msgJSON, _ = sjson.SetRaw(msgJSON, "content", contentArrayJSON) - - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - } - - } else if contentResult.Exists() && contentResult.Type == gjson.String { - // Simple string content - msgJSON := `{"role":"","content":""}` - msgJSON, _ = sjson.Set(msgJSON, "role", role) - msgJSON, _ = sjson.Set(msgJSON, "content", contentResult.String()) - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - - return true - }) - } - - // Set messages - if gjson.Parse(messagesJSON).IsArray() && len(gjson.Parse(messagesJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "messages", messagesJSON) - } - - // Process tools - convert Anthropic tools to OpenAI functions - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var toolsJSON = "[]" - - tools.ForEach(func(_, tool gjson.Result) bool { - openAIToolJSON := `{"type":"function","function":{"name":"","description":""}}` - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.name", tool.Get("name").String()) - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.description", tool.Get("description").String()) - - // Convert Anthropic input_schema to OpenAI function parameters - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.parameters", inputSchema.Value()) - } - - toolsJSON, _ = sjson.Set(toolsJSON, "-1", gjson.Parse(openAIToolJSON).Value()) - return true - }) - - if gjson.Parse(toolsJSON).IsArray() && len(gjson.Parse(toolsJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", toolsJSON) - } - } - - // Tool choice mapping - convert Anthropic tool_choice to OpenAI format - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Get("type").String() { - case "auto": - out, _ = sjson.Set(out, "tool_choice", "auto") - case "any": - out, _ = sjson.Set(out, "tool_choice", "required") - case "tool": - // Specific tool choice - toolName := toolChoice.Get("name").String() - toolChoiceJSON := `{"type":"function","function":{"name":""}}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "function.name", toolName) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - default: - // Default to auto if not specified - out, _ = sjson.Set(out, "tool_choice", "auto") - } - } - - // Handle user parameter (for tracking) - if user := root.Get("user"); user.Exists() { - out, _ = sjson.Set(out, "user", user.String()) - } - - return []byte(out) -} - -func convertClaudeContentPart(part gjson.Result) (string, bool) { - partType := part.Get("type").String() - - switch partType { - case "text": - text := part.Get("text").String() - if strings.TrimSpace(text) == "" { - return "", false - } - textContent := `{"type":"text","text":""}` - textContent, _ = sjson.Set(textContent, "text", text) - return textContent, true - - case "image": - var imageURL string - - if source := part.Get("source"); source.Exists() { - sourceType := source.Get("type").String() - switch sourceType { - case "base64": - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = "application/octet-stream" - } - data := source.Get("data").String() - if data != "" { - imageURL = "data:" + mediaType + ";base64," + data - } - case "url": - imageURL = source.Get("url").String() - } - } - - if imageURL == "" { - imageURL = part.Get("url").String() - } - - if imageURL == "" { - return "", false - } - - imageContent := `{"type":"image_url","image_url":{"url":""}}` - imageContent, _ = sjson.Set(imageContent, "image_url.url", imageURL) - - return imageContent, true - - default: - return "", false - } -} - -func convertClaudeToolResultContentToString(content gjson.Result) string { - if !content.Exists() { - return "" - } - - if content.Type == gjson.String { - return content.String() - } - - if content.IsArray() { - var parts []string - content.ForEach(func(_, item gjson.Result) bool { - switch { - case item.Type == gjson.String: - parts = append(parts, item.String()) - case item.IsObject() && item.Get("text").Exists() && item.Get("text").Type == gjson.String: - parts = append(parts, item.Get("text").String()) - default: - parts = append(parts, item.Raw) - } - return true - }) - - joined := strings.Join(parts, "\n\n") - if strings.TrimSpace(joined) != "" { - return joined - } - return content.Raw - } - - if content.IsObject() { - if text := content.Get("text"); text.Exists() && text.Type == gjson.String { - return text.String() - } - return content.Raw - } - - return content.Raw -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_request_test.go deleted file mode 100644 index 454c1d5832..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_request_test.go +++ /dev/null @@ -1,194 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToOpenAI(t *testing.T) { - input := []byte(`{ - "model": "claude-3-sonnet", - "max_tokens": 1024, - "messages": [ - {"role": "user", "content": "hello"} - ], - "system": "be helpful", - "thinking": {"type": "enabled", "budget_tokens": 1024} - }`) - - got := ConvertClaudeRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - if res.Get("max_tokens").Int() != 1024 { - t.Errorf("expected max_tokens 1024, got %d", res.Get("max_tokens").Int()) - } - - // OpenAI format for system message is role: system, content: string or array - // Our translator converts it to role: system, content: [{type: text, text: ...}] - messages := res.Get("messages").Array() - if len(messages) != 2 { - t.Fatalf("expected 2 messages, got %d", len(messages)) - } - - if messages[0].Get("role").String() != "system" { - t.Errorf("expected first message role system, got %s", messages[0].Get("role").String()) - } - - if messages[1].Get("role").String() != "user" { - t.Errorf("expected second message role user, got %s", messages[1].Get("role").String()) - } - - // Check thinking conversion - if res.Get("reasoning_effort").String() == "" { - t.Error("expected reasoning_effort to be set") - } -} - -func TestConvertClaudeRequestToOpenAI_SystemArray(t *testing.T) { - input := []byte(`{ - "model": "claude-3-sonnet", - "system": [ - {"type": "text", "text": "be helpful"}, - {"type": "text", "text": "and polite"} - ], - "messages": [{"role": "user", "content": "hello"}] - }`) - - got := ConvertClaudeRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - messages := res.Get("messages").Array() - if len(messages) != 2 { - t.Fatalf("expected 2 messages, got %d", len(messages)) - } - - content := messages[0].Get("content").Array() - if len(content) != 2 { - t.Errorf("expected 2 system content parts, got %d", len(content)) - } - - if content[0].Get("text").String() != "be helpful" { - t.Errorf("expected first system part be helpful, got %s", content[0].Get("text").String()) - } -} - -func TestConvertClaudeRequestToOpenAI_FullMessage(t *testing.T) { - input := []byte(`{ - "model": "claude-3-sonnet", - "messages": [ - { - "role": "user", - "content": [ - {"type": "text", "text": "describe this"}, - {"type": "image", "source": {"type": "base64", "media_type": "image/png", "data": "abc"}} - ] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Let me see..."}, - {"type": "text", "text": "This is a cat."}, - {"type": "tool_use", "id": "call_1", "name": "get_cat_details", "input": {"cat_id": 1}} - ] - }, - { - "role": "user", - "content": [ - {"type": "tool_result", "tool_use_id": "call_1", "content": "cat info"} - ] - } - ], - "tools": [ - {"name": "get_cat_details", "description": "Get details about a cat", "input_schema": {"type": "object", "properties": {"cat_id": {"type": "integer"}}}} - ] - }`) - - got := ConvertClaudeRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - messages := res.Get("messages").Array() - // user + assistant (thinking, text, tool_use) + tool_result - if len(messages) != 3 { - t.Fatalf("expected 3 messages, got %d", len(messages)) - } - - // First message: user with image - content1 := messages[0].Get("content").Array() - if len(content1) != 2 { - t.Errorf("expected 2 user content parts, got %d", len(content1)) - } - if content1[1].Get("type").String() != "image_url" { - t.Errorf("expected image_url part, got %s", content1[1].Get("type").String()) - } - - // Second message: assistant with reasoning, content, tool_calls - if messages[1].Get("role").String() != "assistant" { - t.Errorf("expected second message role assistant, got %s", messages[1].Get("role").String()) - } - if messages[1].Get("reasoning_content").String() != "Let me see..." { - t.Errorf("expected reasoning_content Let me see..., got %s", messages[1].Get("reasoning_content").String()) - } - if messages[1].Get("tool_calls").Array()[0].Get("function.name").String() != "get_cat_details" { - t.Errorf("expected tool call get_cat_details, got %s", messages[1].Get("tool_calls").Array()[0].Get("function.name").String()) - } - - // Third message: tool result - if messages[2].Get("role").String() != "tool" { - t.Errorf("expected third message role tool, got %s", messages[2].Get("role").String()) - } - if messages[2].Get("content").String() != "cat info" { - t.Errorf("expected tool result content cat info, got %s", messages[2].Get("content").String()) - } - - // Check tools - tools := res.Get("tools").Array() - if len(tools) != 1 { - t.Errorf("expected 1 tool, got %d", len(tools)) - } - if tools[0].Get("function.name").String() != "get_cat_details" { - t.Errorf("expected tool get_cat_details, got %s", tools[0].Get("function.name").String()) - } -} - -func TestConvertClaudeRequestToOpenAI_ToolChoice(t *testing.T) { - input := []byte(`{ - "model": "claude-3-sonnet", - "messages": [{"role": "user", "content": "hello"}], - "tool_choice": {"type": "tool", "name": "my_tool"} - }`) - - got := ConvertClaudeRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if res.Get("tool_choice.function.name").String() != "my_tool" { - t.Errorf("expected tool_choice function name my_tool, got %s", res.Get("tool_choice.function.name").String()) - } -} - -func TestConvertClaudeRequestToOpenAI_Params(t *testing.T) { - input := []byte(`{ - "model": "claude-3-sonnet", - "messages": [{"role": "user", "content": "hello"}], - "temperature": 0.5, - "stop_sequences": ["STOP"], - "user": "u123" - }`) - - got := ConvertClaudeRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if res.Get("temperature").Float() != 0.5 { - t.Errorf("expected temperature 0.5, got %f", res.Get("temperature").Float()) - } - if res.Get("stop").String() != "STOP" { - t.Errorf("expected stop STOP, got %s", res.Get("stop").String()) - } - if res.Get("user").String() != "u123" { - t.Errorf("expected user u123, got %s", res.Get("user").String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_response.go deleted file mode 100644 index e1f78fbc27..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_response.go +++ /dev/null @@ -1,689 +0,0 @@ -// Package claude provides response translation functionality for OpenAI to Anthropic API. -// This package handles the conversion of OpenAI Chat Completions API responses into Anthropic API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Anthropic API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package claude - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertOpenAIResponseToAnthropicParams holds parameters for response conversion -type ConvertOpenAIResponseToAnthropicParams struct { - MessageID string - Model string - CreatedAt int64 - // Content accumulator for streaming - ContentAccumulator strings.Builder - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator - // Track if text content block has been started - TextContentBlockStarted bool - // Track if thinking content block has been started - ThinkingContentBlockStarted bool - // Track finish reason for later use - FinishReason string - // Track if content blocks have been stopped - ContentBlocksStopped bool - // Track if message_delta has been sent - MessageDeltaSent bool - // Track if message_start has been sent - MessageStarted bool - // Track if message_stop has been sent - MessageStopSent bool - // Tool call content block index mapping - ToolCallBlockIndexes map[int]int - // Index assigned to text content block - TextContentBlockIndex int - // Index assigned to thinking content block - ThinkingContentBlockIndex int - // Next available content block index - NextContentBlockIndex int -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertOpenAIResponseToClaude converts OpenAI streaming response format to Anthropic API format. -// This function processes OpenAI streaming chunks and transforms them into Anthropic-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Anthropic API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing an Anthropic-compatible JSON response. -func ConvertOpenAIResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertOpenAIResponseToAnthropicParams{ - MessageID: "", - Model: "", - CreatedAt: 0, - ContentAccumulator: strings.Builder{}, - ToolCallsAccumulator: nil, - TextContentBlockStarted: false, - ThinkingContentBlockStarted: false, - FinishReason: "", - ContentBlocksStopped: false, - MessageDeltaSent: false, - ToolCallBlockIndexes: make(map[int]int), - TextContentBlockIndex: -1, - ThinkingContentBlockIndex: -1, - NextContentBlockIndex: 0, - } - } - - trimmed := bytes.TrimSpace(rawJSON) - if bytes.Equal(trimmed, []byte("[DONE]")) { - return convertOpenAIDoneToAnthropic((*param).(*ConvertOpenAIResponseToAnthropicParams)) - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - // Check if this is the [DONE] marker - rawStr := strings.TrimSpace(string(rawJSON)) - if rawStr == "[DONE]" { - return convertOpenAIDoneToAnthropic((*param).(*ConvertOpenAIResponseToAnthropicParams)) - } - - streamResult := gjson.GetBytes(originalRequestRawJSON, "stream") - if !streamResult.Exists() || (streamResult.Exists() && streamResult.Type == gjson.False) { - return convertOpenAINonStreamingToAnthropic(rawJSON) - } else { - return convertOpenAIStreamingChunkToAnthropic(rawJSON, (*param).(*ConvertOpenAIResponseToAnthropicParams)) - } -} - -// convertOpenAIStreamingChunkToAnthropic converts OpenAI streaming chunk to Anthropic streaming events -func convertOpenAIStreamingChunkToAnthropic(rawJSON []byte, param *ConvertOpenAIResponseToAnthropicParams) []string { - root := gjson.ParseBytes(rawJSON) - var results []string - - // Initialize parameters if needed - if param.MessageID == "" { - param.MessageID = root.Get("id").String() - } - if param.Model == "" { - param.Model = root.Get("model").String() - } - if param.CreatedAt == 0 { - param.CreatedAt = root.Get("created").Int() - } - - // Helper to ensure message_start is sent before any content_block_start - // This is required by the Anthropic SSE protocol - message_start must come first. - // Some OpenAI-compatible providers (like GitHub Copilot) may not send role: "assistant" - // in the first chunk, so we need to emit message_start when we first see content. - ensureMessageStarted := func() { - if param.MessageStarted { - return - } - messageStart := map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": param.MessageID, - "type": "message", - "role": "assistant", - "model": param.Model, - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - }, - } - messageStartJSON, _ := json.Marshal(messageStart) - results = append(results, "event: message_start\ndata: "+string(messageStartJSON)+"\n\n") - param.MessageStarted = true - } - - // Check if this is the first chunk (has role) - if delta := root.Get("choices.0.delta"); delta.Exists() { - if !param.MessageStarted { - // Send message_start event - ensureMessageStarted() - - // Don't send content_block_start for text here - wait for actual content - } - - // Handle reasoning content delta - if reasoning := delta.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range collectOpenAIReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - stopTextContentBlock(param, &results) - if !param.ThinkingContentBlockStarted { - ensureMessageStarted() // Must send message_start before content_block_start - if param.ThinkingContentBlockIndex == -1 { - param.ThinkingContentBlockIndex = param.NextContentBlockIndex - param.NextContentBlockIndex++ - } - contentBlockStartJSON := `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - contentBlockStartJSON, _ = sjson.Set(contentBlockStartJSON, "index", param.ThinkingContentBlockIndex) - results = append(results, "event: content_block_start\ndata: "+contentBlockStartJSON+"\n\n") - param.ThinkingContentBlockStarted = true - } - - thinkingDeltaJSON := `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - thinkingDeltaJSON, _ = sjson.Set(thinkingDeltaJSON, "index", param.ThinkingContentBlockIndex) - thinkingDeltaJSON, _ = sjson.Set(thinkingDeltaJSON, "delta.thinking", reasoningText) - results = append(results, "event: content_block_delta\ndata: "+thinkingDeltaJSON+"\n\n") - } - } - - // Handle content delta - if content := delta.Get("content"); content.Exists() && content.String() != "" { - // Send content_block_start for text if not already sent - if !param.TextContentBlockStarted { - ensureMessageStarted() // Must send message_start before content_block_start - stopThinkingContentBlock(param, &results) - if param.TextContentBlockIndex == -1 { - param.TextContentBlockIndex = param.NextContentBlockIndex - param.NextContentBlockIndex++ - } - contentBlockStartJSON := `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - contentBlockStartJSON, _ = sjson.Set(contentBlockStartJSON, "index", param.TextContentBlockIndex) - results = append(results, "event: content_block_start\ndata: "+contentBlockStartJSON+"\n\n") - param.TextContentBlockStarted = true - } - - contentDeltaJSON := `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - contentDeltaJSON, _ = sjson.Set(contentDeltaJSON, "index", param.TextContentBlockIndex) - contentDeltaJSON, _ = sjson.Set(contentDeltaJSON, "delta.text", content.String()) - results = append(results, "event: content_block_delta\ndata: "+contentDeltaJSON+"\n\n") - - // Accumulate content - param.ContentAccumulator.WriteString(content.String()) - } - - // Handle tool calls - if toolCalls := delta.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - if param.ToolCallsAccumulator == nil { - param.ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - index := int(toolCall.Get("index").Int()) - blockIndex := param.toolContentBlockIndex(index) - - // Initialize accumulator if needed - if _, exists := param.ToolCallsAccumulator[index]; !exists { - param.ToolCallsAccumulator[index] = &ToolCallAccumulator{} - } - - accumulator := param.ToolCallsAccumulator[index] - - // Handle tool call ID - if id := toolCall.Get("id"); id.Exists() { - accumulator.ID = id.String() - } - - // Handle function name - if function := toolCall.Get("function"); function.Exists() { - if name := function.Get("name"); name.Exists() { - accumulator.Name = name.String() - - ensureMessageStarted() // Must send message_start before content_block_start - - stopThinkingContentBlock(param, &results) - - stopTextContentBlock(param, &results) - - // Send content_block_start for tool_use - contentBlockStartJSON := `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - contentBlockStartJSON, _ = sjson.Set(contentBlockStartJSON, "index", blockIndex) - contentBlockStartJSON, _ = sjson.Set(contentBlockStartJSON, "content_block.id", accumulator.ID) - contentBlockStartJSON, _ = sjson.Set(contentBlockStartJSON, "content_block.name", accumulator.Name) - results = append(results, "event: content_block_start\ndata: "+contentBlockStartJSON+"\n\n") - } - - // Handle function arguments - if args := function.Get("arguments"); args.Exists() { - argsText := args.String() - if argsText != "" { - accumulator.Arguments.WriteString(argsText) - } - } - } - - return true - }) - } - } - - // Handle finish_reason (but don't send message_delta/message_stop yet) - if finishReason := root.Get("choices.0.finish_reason"); finishReason.Exists() && finishReason.String() != "" { - reason := finishReason.String() - param.FinishReason = reason - - // Send content_block_stop for thinking content if needed - if param.ThinkingContentBlockStarted { - contentBlockStopJSON := `{"type":"content_block_stop","index":0}` - contentBlockStopJSON, _ = sjson.Set(contentBlockStopJSON, "index", param.ThinkingContentBlockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStopJSON+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 - } - - // Send content_block_stop for text if text content block was started - stopTextContentBlock(param, &results) - - // Send content_block_stop for any tool calls - if !param.ContentBlocksStopped { - for index := range param.ToolCallsAccumulator { - accumulator := param.ToolCallsAccumulator[index] - blockIndex := param.toolContentBlockIndex(index) - - // Send complete input_json_delta with all accumulated arguments - if accumulator.Arguments.Len() > 0 { - inputDeltaJSON := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDeltaJSON, _ = sjson.Set(inputDeltaJSON, "index", blockIndex) - inputDeltaJSON, _ = sjson.Set(inputDeltaJSON, "delta.partial_json", util.FixJSON(accumulator.Arguments.String())) - results = append(results, "event: content_block_delta\ndata: "+inputDeltaJSON+"\n\n") - } - - contentBlockStopJSON := `{"type":"content_block_stop","index":0}` - contentBlockStopJSON, _ = sjson.Set(contentBlockStopJSON, "index", blockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStopJSON+"\n\n") - delete(param.ToolCallBlockIndexes, index) - } - param.ContentBlocksStopped = true - } - - // Don't send message_delta here - wait for usage info or [DONE] - } - - // Handle usage information separately (this comes in a later chunk) - // Only process if usage has actual values (not null) - if param.FinishReason != "" { - usage := root.Get("usage") - var inputTokens, outputTokens, cachedTokens int64 - if usage.Exists() && usage.Type != gjson.Null { - inputTokens, outputTokens, cachedTokens = extractOpenAIUsage(usage) - // Send message_delta with usage - messageDeltaJSON := `{"type":"message_delta","delta":{"stop_reason":"","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - messageDeltaJSON, _ = sjson.Set(messageDeltaJSON, "delta.stop_reason", mapOpenAIFinishReasonToAnthropic(param.FinishReason)) - messageDeltaJSON, _ = sjson.Set(messageDeltaJSON, "usage.input_tokens", inputTokens) - messageDeltaJSON, _ = sjson.Set(messageDeltaJSON, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - messageDeltaJSON, _ = sjson.Set(messageDeltaJSON, "usage.cache_read_input_tokens", cachedTokens) - } - results = append(results, "event: message_delta\ndata: "+messageDeltaJSON+"\n\n") - param.MessageDeltaSent = true - - emitMessageStopIfNeeded(param, &results) - } - } - - return results -} - -// convertOpenAIDoneToAnthropic handles the [DONE] marker and sends final events -func convertOpenAIDoneToAnthropic(param *ConvertOpenAIResponseToAnthropicParams) []string { - var results []string - - // Ensure all content blocks are stopped before final events - if param.ThinkingContentBlockStarted { - contentBlockStopJSON := `{"type":"content_block_stop","index":0}` - contentBlockStopJSON, _ = sjson.Set(contentBlockStopJSON, "index", param.ThinkingContentBlockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStopJSON+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 - } - - stopTextContentBlock(param, &results) - - if !param.ContentBlocksStopped { - for index := range param.ToolCallsAccumulator { - accumulator := param.ToolCallsAccumulator[index] - blockIndex := param.toolContentBlockIndex(index) - - if accumulator.Arguments.Len() > 0 { - inputDeltaJSON := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDeltaJSON, _ = sjson.Set(inputDeltaJSON, "index", blockIndex) - inputDeltaJSON, _ = sjson.Set(inputDeltaJSON, "delta.partial_json", util.FixJSON(accumulator.Arguments.String())) - results = append(results, "event: content_block_delta\ndata: "+inputDeltaJSON+"\n\n") - } - - contentBlockStopJSON := `{"type":"content_block_stop","index":0}` - contentBlockStopJSON, _ = sjson.Set(contentBlockStopJSON, "index", blockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStopJSON+"\n\n") - delete(param.ToolCallBlockIndexes, index) - } - param.ContentBlocksStopped = true - } - - // If we haven't sent message_delta yet (no usage info was received), send it now - if param.FinishReason != "" && !param.MessageDeltaSent { - messageDeltaJSON := `{"type":"message_delta","delta":{"stop_reason":"","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - messageDeltaJSON, _ = sjson.Set(messageDeltaJSON, "delta.stop_reason", mapOpenAIFinishReasonToAnthropic(param.FinishReason)) - results = append(results, "event: message_delta\ndata: "+messageDeltaJSON+"\n\n") - param.MessageDeltaSent = true - } - - emitMessageStopIfNeeded(param, &results) - - return results -} - -// convertOpenAINonStreamingToAnthropic converts OpenAI non-streaming response to Anthropic format -func convertOpenAINonStreamingToAnthropic(rawJSON []byte) []string { - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("id").String()) - out, _ = sjson.Set(out, "model", root.Get("model").String()) - - // Process message content and tool calls - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() && len(choices.Array()) > 0 { - choice := choices.Array()[0] // Take first choice - - reasoningNode := choice.Get("message.reasoning_content") - for _, reasoningText := range collectOpenAIReasoningTexts(reasoningNode) { - if reasoningText == "" { - continue - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", reasoningText) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - - // Handle text content - if content := choice.Get("message.content"); content.Exists() && content.String() != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", content.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - - // Handle tool calls - if toolCalls := choice.Get("message.tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - toolUseBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUseBlock, _ = sjson.Set(toolUseBlock, "id", toolCall.Get("id").String()) - toolUseBlock, _ = sjson.Set(toolUseBlock, "name", toolCall.Get("function.name").String()) - - argsStr := util.FixJSON(toolCall.Get("function.arguments").String()) - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUseBlock, _ = sjson.SetRaw(toolUseBlock, "input", argsJSON.Raw) - } else { - toolUseBlock, _ = sjson.SetRaw(toolUseBlock, "input", "{}") - } - } else { - toolUseBlock, _ = sjson.SetRaw(toolUseBlock, "input", "{}") - } - - out, _ = sjson.SetRaw(out, "content.-1", toolUseBlock) - return true - }) - } - - // Set stop reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - out, _ = sjson.Set(out, "stop_reason", mapOpenAIFinishReasonToAnthropic(finishReason.String())) - } - } - - // Set usage information - if usage := root.Get("usage"); usage.Exists() { - inputTokens, outputTokens, cachedTokens := extractOpenAIUsage(usage) - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - } - - return []string{out} -} - -// mapOpenAIFinishReasonToAnthropic maps OpenAI finish reasons to Anthropic equivalents -func mapOpenAIFinishReasonToAnthropic(openAIReason string) string { - switch openAIReason { - case "stop": - return "end_turn" - case "length": - return "max_tokens" - case "tool_calls": - return "tool_use" - case "content_filter": - return "end_turn" // Anthropic doesn't have direct equivalent - case "function_call": // Legacy OpenAI - return "tool_use" - default: - return "end_turn" - } -} - -func (p *ConvertOpenAIResponseToAnthropicParams) toolContentBlockIndex(openAIToolIndex int) int { - if idx, ok := p.ToolCallBlockIndexes[openAIToolIndex]; ok { - return idx - } - idx := p.NextContentBlockIndex - p.NextContentBlockIndex++ - p.ToolCallBlockIndexes[openAIToolIndex] = idx - return idx -} - -func collectOpenAIReasoningTexts(node gjson.Result) []string { - var texts []string - if !node.Exists() { - return texts - } - - if node.IsArray() { - node.ForEach(func(_, value gjson.Result) bool { - texts = append(texts, collectOpenAIReasoningTexts(value)...) - return true - }) - return texts - } - - switch node.Type { - case gjson.String: - if text := node.String(); text != "" { - texts = append(texts, text) - } - case gjson.JSON: - if text := node.Get("text"); text.Exists() { - if textStr := text.String(); textStr != "" { - texts = append(texts, textStr) - } - } else if raw := node.Raw; raw != "" && !strings.HasPrefix(raw, "{") && !strings.HasPrefix(raw, "[") { - texts = append(texts, raw) - } - } - - return texts -} - -func stopThinkingContentBlock(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if !param.ThinkingContentBlockStarted { - return - } - contentBlockStopJSON := `{"type":"content_block_stop","index":0}` - contentBlockStopJSON, _ = sjson.Set(contentBlockStopJSON, "index", param.ThinkingContentBlockIndex) - *results = append(*results, "event: content_block_stop\ndata: "+contentBlockStopJSON+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 -} - -func emitMessageStopIfNeeded(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if param.MessageStopSent { - return - } - *results = append(*results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - param.MessageStopSent = true -} - -func stopTextContentBlock(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if !param.TextContentBlockStarted { - return - } - contentBlockStopJSON := `{"type":"content_block_stop","index":0}` - contentBlockStopJSON, _ = sjson.Set(contentBlockStopJSON, "index", param.TextContentBlockIndex) - *results = append(*results, "event: content_block_stop\ndata: "+contentBlockStopJSON+"\n\n") - param.TextContentBlockStarted = false - param.TextContentBlockIndex = -1 -} - -// ConvertOpenAIResponseToClaudeNonStream converts a non-streaming OpenAI response to a non-streaming Anthropic response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: An Anthropic-compatible JSON response. -func ConvertOpenAIResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("id").String()) - out, _ = sjson.Set(out, "model", root.Get("model").String()) - - hasToolCall := false - stopReasonSet := false - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() && len(choices.Array()) > 0 { - choice := choices.Array()[0] - - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - out, _ = sjson.Set(out, "stop_reason", mapOpenAIFinishReasonToAnthropic(finishReason.String())) - stopReasonSet = true - } - - if message := choice.Get("message"); message.Exists() { - // 1. Process reasoning content first (Anthropic requirement) - if reasoning := message.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range collectOpenAIReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", reasoningText) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - - // 2. Process content - if contentResult := message.Get("content"); contentResult.Exists() { - if contentResult.IsArray() { - for _, item := range contentResult.Array() { - if item.Get("type").String() == "text" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", item.Get("text").String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - } else if contentResult.Type == gjson.String { - textContent := contentResult.String() - if textContent != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textContent) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - } - - // 3. Process tool calls - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - hasToolCall = true - toolUseBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUseBlock, _ = sjson.Set(toolUseBlock, "id", toolCall.Get("id").String()) - toolUseBlock, _ = sjson.Set(toolUseBlock, "name", toolCall.Get("function.name").String()) - - argsStr := util.FixJSON(toolCall.Get("function.arguments").String()) - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUseBlock, _ = sjson.SetRaw(toolUseBlock, "input", argsJSON.Raw) - } else { - toolUseBlock, _ = sjson.SetRaw(toolUseBlock, "input", "{}") - } - } else { - toolUseBlock, _ = sjson.SetRaw(toolUseBlock, "input", "{}") - } - - out, _ = sjson.SetRaw(out, "content.-1", toolUseBlock) - return true - }) - } - } - } - - if respUsage := root.Get("usage"); respUsage.Exists() { - inputTokens, outputTokens, cachedTokens := extractOpenAIUsage(respUsage) - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - } - - if !stopReasonSet { - if hasToolCall { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} - -func extractOpenAIUsage(usage gjson.Result) (int64, int64, int64) { - if !usage.Exists() || usage.Type == gjson.Null { - return 0, 0, 0 - } - - inputTokens := usage.Get("prompt_tokens").Int() - outputTokens := usage.Get("completion_tokens").Int() - cachedTokens := usage.Get("prompt_tokens_details.cached_tokens").Int() - - if cachedTokens > 0 { - if inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } else { - inputTokens = 0 - } - } - - return inputTokens, outputTokens, cachedTokens -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_response_test.go deleted file mode 100644 index 59bd1e18e2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/claude/openai_claude_response_test.go +++ /dev/null @@ -1,216 +0,0 @@ -package claude - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIResponseToClaude(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": true}`) - request := []byte(`{}`) - - // Test streaming chunk with content - chunk := []byte(`data: {"id": "chatcmpl-123", "model": "gpt-4o", "created": 1677652288, "choices": [{"index": 0, "delta": {"content": "Hello"}, "finish_reason": null}]}`) - var param any - got := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk, ¶m) - - if len(got) != 3 { // message_start + content_block_start + content_block_delta - t.Errorf("expected 3 events, got %d", len(got)) - } - - // Test [DONE] - doneChunk := []byte(`data: [DONE]`) - gotDone := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, doneChunk, ¶m) - if len(gotDone) == 0 { - t.Errorf("expected events for [DONE], got 0") - } -} - -func TestConvertOpenAIResponseToClaude_DoneWithoutDataPrefix(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": true}`) - request := []byte(`{}`) - var param any - - chunk := []byte(`data: {"id":"chatcmpl-1","model":"gpt-4o","choices":[{"index":0,"delta":{"content":"hello"}}]}`) - _ = ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk, ¶m) - - doneChunk := []byte(`[DONE]`) - got := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, doneChunk, ¶m) - if len(got) == 0 { - t.Fatalf("expected terminal events for bare [DONE], got 0") - } - - last := got[len(got)-1] - if !strings.Contains(last, `"type":"message_stop"`) { - t.Fatalf("expected final message_stop event, got %q", last) - } -} - -func TestConvertOpenAIResponseToClaude_DoneWithoutDataPrefixEmitsMessageDeltaAfterFinishReason(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": true}`) - request := []byte(`{}`) - var param any - - chunk := []byte(`data: {"id":"chatcmpl-1","model":"gpt-4o","choices":[{"index":0,"delta":{},"finish_reason":"stop"}]}`) - gotFinish := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk, ¶m) - if len(gotFinish) == 0 { - t.Fatalf("expected finish chunk events, got 0") - } - - doneChunk := []byte(`[DONE]`) - gotDone := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, doneChunk, ¶m) - if len(gotDone) < 2 { - t.Fatalf("expected message_delta and message_stop on bare [DONE], got %d events", len(gotDone)) - } - if !strings.Contains(gotDone[0], `"type":"message_delta"`) { - t.Fatalf("expected first event message_delta, got %q", gotDone[0]) - } - if !strings.Contains(gotDone[len(gotDone)-1], `"type":"message_stop"`) { - t.Fatalf("expected last event message_stop, got %q", gotDone[len(gotDone)-1]) - } -} - -func TestConvertOpenAIResponseToClaude_StreamingReasoning(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": true}`) - request := []byte(`{}`) - var param any - - // 1. Reasoning content chunk - chunk1 := []byte(`data: {"id": "chatcmpl-1", "choices": [{"index": 0, "delta": {"reasoning_content": "Thinking..."}}]}`) - got1 := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk1, ¶m) - // message_start + content_block_start(thinking) + content_block_delta(thinking) - if len(got1) != 3 { - t.Errorf("expected 3 events, got %d", len(got1)) - } - - // 2. Transition to content - chunk2 := []byte(`data: {"id": "chatcmpl-1", "choices": [{"index": 0, "delta": {"content": "Hello"}}]}`) - got2 := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk2, ¶m) - _ = got2 - // content_block_stop(thinking) + content_block_start(text) + content_block_delta(text) - if len(got2) != 3 { - t.Errorf("expected 3 events for transition, got %d", len(got2)) - } -} - -func TestConvertOpenAIResponseToClaude_StreamingToolCalls(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": true}`) - request := []byte(`{}`) - var param any - - // 1. Tool call chunk (start) - chunk1 := []byte(`data: {"id": "chatcmpl-1", "choices": [{"index": 0, "delta": {"tool_calls": [{"index": 0, "id": "call_1", "function": {"name": "my_tool", "arguments": ""}}]}}]}`) - got1 := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk1, ¶m) - // message_start + content_block_start(tool_use) - if len(got1) != 2 { - t.Errorf("expected 2 events, got %d", len(got1)) - } - - // 2. Tool call chunk (arguments) - chunk2 := []byte(`data: {"id": "chatcmpl-1", "choices": [{"index": 0, "delta": {"tool_calls": [{"index": 0, "function": {"arguments": "{\"a\":1}"}}]}}]}`) - got2 := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk2, ¶m) - _ = got2 - // No events emitted during argument accumulation usually, wait until stop or [DONE] - // Actually, the current implementation emits nothing for arguments during accumulation. - - // 3. Finish reason tool_calls - chunk3 := []byte(`data: {"id": "chatcmpl-1", "choices": [{"index": 0, "delta": {}, "finish_reason": "tool_calls"}]}`) - got3 := ConvertOpenAIResponseToClaude(ctx, "claude-3-sonnet", originalRequest, request, chunk3, ¶m) - // content_block_delta(input_json_delta) + content_block_stop - if len(got3) != 2 { - t.Errorf("expected 2 events for finish, got %d", len(got3)) - } -} - -func TestConvertOpenAIResponseToClaudeNonStream(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": false}`) - request := []byte(`{}`) - - // Test non-streaming response with reasoning and content - response := []byte(`{ - "id": "chatcmpl-123", - "model": "gpt-4o", - "choices": [{ - "index": 0, - "message": { - "role": "assistant", - "content": "Hello", - "reasoning_content": "Thinking..." - }, - "finish_reason": "stop" - }], - "usage": { - "prompt_tokens": 10, - "completion_tokens": 20 - } - }`) - - got := ConvertOpenAIResponseToClaudeNonStream(ctx, "claude-3-sonnet", originalRequest, request, response, nil) - res := gjson.Parse(got) - - if res.Get("id").String() != "chatcmpl-123" { - t.Errorf("expected id chatcmpl-123, got %s", res.Get("id").String()) - } - - content := res.Get("content").Array() - if len(content) != 2 { - t.Errorf("expected 2 content blocks, got %d", len(content)) - } - - if content[0].Get("type").String() != "thinking" { - t.Errorf("expected first block type thinking, got %s", content[0].Get("type").String()) - } - - if content[1].Get("type").String() != "text" { - t.Errorf("expected second block type text, got %s", content[1].Get("type").String()) - } -} - -func TestConvertOpenAIResponseToClaude_ToolCalls(t *testing.T) { - ctx := context.Background() - originalRequest := []byte(`{"stream": false}`) - request := []byte(`{}`) - - response := []byte(`{ - "id": "chatcmpl-123", - "choices": [{ - "message": { - "role": "assistant", - "tool_calls": [{ - "id": "call_123", - "type": "function", - "function": { - "name": "my_tool", - "arguments": "{\"arg\": 1}" - } - }] - }, - "finish_reason": "tool_calls" - }] - }`) - - got := ConvertOpenAIResponseToClaudeNonStream(ctx, "claude-3-sonnet", originalRequest, request, response, nil) - res := gjson.Parse(got) - - content := res.Get("content").Array() - if len(content) != 1 { - t.Fatalf("expected 1 content block, got %d", len(content)) - } - - if content[0].Get("type").String() != "tool_use" { - t.Errorf("expected tool_use block, got %s", content[0].Get("type").String()) - } - - if content[0].Get("name").String() != "my_tool" { - t.Errorf("expected tool name my_tool, got %s", content[0].Get("name").String()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/init.go deleted file mode 100644 index 02462e54e1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.OpenAI, - ConvertGeminiCLIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGeminiCLI, - NonStream: ConvertOpenAIResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_request.go deleted file mode 100644 index 48e294f5f0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_request.go +++ /dev/null @@ -1,27 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini to OpenAI API. -// It handles parsing and transforming Gemini API requests into OpenAI Chat Completions API format, -// extracting model information, generation config, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and OpenAI API's expected format. -package geminiCLI - -import ( - openaigemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToOpenAI parses and transforms a Gemini API request into OpenAI Chat Completions API format. -// It extracts the model name, generation config, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertGeminiCLIRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelName) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - return openaigemini.ConvertGeminiRequestToOpenAI(modelName, rawJSON, stream) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_request_test.go deleted file mode 100644 index a8934ca4a6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_request_test.go +++ /dev/null @@ -1,50 +0,0 @@ -package geminiCLI - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiCLIRequestToOpenAI(t *testing.T) { - input := []byte(`{ - "request": { - "contents": [ - { - "role": "user", - "parts": [ - {"text": "hello"} - ] - } - ], - "generationConfig": { - "temperature": 0.7 - }, - "systemInstruction": { - "parts": [ - {"text": "system instruction"} - ] - } - } - }`) - - got := ConvertGeminiCLIRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - if res.Get("temperature").Float() != 0.7 { - t.Errorf("expected temperature 0.7, got %v", res.Get("temperature").Float()) - } - - messages := res.Get("messages").Array() - // systemInstruction should become a system message in ConvertGeminiRequestToOpenAI (if it supports it) - // Actually, ConvertGeminiRequestToOpenAI should handle system_instruction if it exists in the raw JSON after translation here. - - // Let's see if we have 2 messages (system + user) - if len(messages) < 1 { - t.Errorf("expected at least 1 message, got %d", len(messages)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_response.go deleted file mode 100644 index 1e8d09a999..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini-cli/openai_gemini_response.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package geminiCLI provides response translation functionality for OpenAI to Gemini API. -// This package handles the conversion of OpenAI Chat Completions API responses into Gemini API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package geminiCLI - -import ( - "context" - "fmt" - - openaigemini "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/openai/gemini" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponseToGeminiCLI converts OpenAI Chat Completions streaming response format to Gemini API format. -// This function processes OpenAI streaming chunks and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := openaigemini.ConvertOpenAIResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertOpenAIResponseToGeminiCLINonStream converts a non-streaming OpenAI response to a non-streaming Gemini CLI response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - strJSON := openaigemini.ConvertOpenAIResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/init.go deleted file mode 100644 index 80da2bc492..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.OpenAI, - ConvertGeminiRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGemini, - NonStream: ConvertOpenAIResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_request.go deleted file mode 100644 index 694aeaa4d9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_request.go +++ /dev/null @@ -1,321 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to OpenAI API. -// It handles parsing and transforming Gemini API requests into OpenAI Chat Completions API format, -// extracting model information, generation config, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and OpenAI API's expected format. -package gemini - -import ( - "crypto/rand" - "fmt" - "math/big" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToOpenAI parses and transforms a Gemini API request into OpenAI Chat Completions API format. -// It extracts the model name, generation config, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertGeminiRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI Chat Completions API template - out := `{"model":"","messages":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Helper for generating tool call IDs in the form: call_ - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "call_" + b.String() - } - - // Model mapping - out, _ = sjson.Set(out, "model", modelName) - - // Generation config mapping - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - // Temperature - if temp := genConfig.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } - - // Max tokens - if maxTokens := genConfig.Get("maxOutputTokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Top P - if topP := genConfig.Get("topP"); topP.Exists() { - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Top K (OpenAI doesn't have direct equivalent, but we can map it) - if topK := genConfig.Get("topK"); topK.Exists() { - // Store as custom parameter for potential use - out, _ = sjson.Set(out, "top_k", topK.Int()) - } - - // Stop sequences - if stopSequences := genConfig.Get("stopSequences"); stopSequences.Exists() && stopSequences.IsArray() { - var stops []string - stopSequences.ForEach(func(_, value gjson.Result) bool { - stops = append(stops, value.String()) - return true - }) - if len(stops) > 0 { - out, _ = sjson.Set(out, "stop", stops) - } - } - - // Candidate count (OpenAI 'n' parameter) - if candidateCount := genConfig.Get("candidateCount"); candidateCount.Exists() { - out, _ = sjson.Set(out, "n", candidateCount.Int()) - } - - // Map Gemini thinkingConfig to OpenAI reasoning_effort. - // Always perform conversion to support allowCompat models that may not be in registry. - // Note: Google official Python SDK sends snake_case fields (thinking_level/thinking_budget). - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - effort := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - if effort, ok := thinking.ConvertBudgetToLevel(int(thinkingBudget.Int())); ok { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - } - } - } - - // Stream parameter - out, _ = sjson.Set(out, "stream", stream) - - // Process contents (Gemini messages) -> OpenAI messages - var toolCallIDs []string // Track tool call IDs for matching with tool results - - // System instruction -> OpenAI system message - // Gemini may provide `systemInstruction` or `system_instruction`; support both keys. - systemInstruction := root.Get("systemInstruction") - if !systemInstruction.Exists() { - systemInstruction = root.Get("system_instruction") - } - if systemInstruction.Exists() { - parts := systemInstruction.Get("parts") - msg := `{"role":"system","content":[]}` - hasContent := false - - if parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Handle text parts - if text := part.Get("text"); text.Exists() { - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", text.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", contentPart) - hasContent = true - } - - // Handle inline data (e.g., images) - if inlineData := part.Get("inlineData"); inlineData.Exists() { - mimeType := inlineData.Get("mimeType").String() - if mimeType == "" { - mimeType = "application/octet-stream" - } - data := inlineData.Get("data").String() - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - msg, _ = sjson.SetRaw(msg, "content.-1", contentPart) - hasContent = true - } - return true - }) - } - - if hasContent { - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - } - - if contents := root.Get("contents"); contents.Exists() && contents.IsArray() { - contents.ForEach(func(_, content gjson.Result) bool { - role := content.Get("role").String() - parts := content.Get("parts") - - // Convert role: model -> assistant - if role == "model" { - role = "assistant" - } - - msg := `{"role":"","content":""}` - msg, _ = sjson.Set(msg, "role", role) - - var textBuilder strings.Builder - contentWrapper := `{"arr":[]}` - contentPartsCount := 0 - onlyTextContent := true - toolCallsWrapper := `{"arr":[]}` - toolCallsCount := 0 - - if parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Handle text parts - if text := part.Get("text"); text.Exists() { - formattedText := text.String() - textBuilder.WriteString(formattedText) - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", formattedText) - contentWrapper, _ = sjson.SetRaw(contentWrapper, "arr.-1", contentPart) - contentPartsCount++ - } - - // Handle inline data (e.g., images) - if inlineData := part.Get("inlineData"); inlineData.Exists() { - onlyTextContent = false - - mimeType := inlineData.Get("mimeType").String() - if mimeType == "" { - mimeType = "application/octet-stream" - } - data := inlineData.Get("data").String() - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - contentWrapper, _ = sjson.SetRaw(contentWrapper, "arr.-1", contentPart) - contentPartsCount++ - } - - // Handle function calls (Gemini) -> tool calls (OpenAI) - if functionCall := part.Get("functionCall"); functionCall.Exists() { - toolCallID := genToolCallID() - toolCallIDs = append(toolCallIDs, toolCallID) - - toolCall := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - toolCall, _ = sjson.Set(toolCall, "id", toolCallID) - toolCall, _ = sjson.Set(toolCall, "function.name", functionCall.Get("name").String()) - - // Convert args to arguments JSON string - if args := functionCall.Get("args"); args.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.arguments", args.Raw) - } else { - toolCall, _ = sjson.Set(toolCall, "function.arguments", "{}") - } - - toolCallsWrapper, _ = sjson.SetRaw(toolCallsWrapper, "arr.-1", toolCall) - toolCallsCount++ - } - - // Handle function responses (Gemini) -> tool role messages (OpenAI) - if functionResponse := part.Get("functionResponse"); functionResponse.Exists() { - // Create tool message for function response - toolMsg := `{"role":"tool","tool_call_id":"","content":""}` - - // Convert response.content to JSON string - if response := functionResponse.Get("response"); response.Exists() { - if contentField := response.Get("content"); contentField.Exists() { - toolMsg, _ = sjson.Set(toolMsg, "content", contentField.Raw) - } else { - toolMsg, _ = sjson.Set(toolMsg, "content", response.Raw) - } - } - - // Try to match with previous tool call ID - _ = functionResponse.Get("name").String() // functionName not used for now - if len(toolCallIDs) > 0 { - // Use the last tool call ID (simple matching by function name) - // In a real implementation, you might want more sophisticated matching - toolMsg, _ = sjson.Set(toolMsg, "tool_call_id", toolCallIDs[len(toolCallIDs)-1]) - } else { - // Generate a tool call ID if none available - toolMsg, _ = sjson.Set(toolMsg, "tool_call_id", genToolCallID()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", toolMsg) - } - - return true - }) - } - - // Set content - if contentPartsCount > 0 { - if onlyTextContent { - msg, _ = sjson.Set(msg, "content", textBuilder.String()) - } else { - msg, _ = sjson.SetRaw(msg, "content", gjson.Get(contentWrapper, "arr").Raw) - } - } - - // Set tool calls if any - if toolCallsCount > 0 { - msg, _ = sjson.SetRaw(msg, "tool_calls", gjson.Get(toolCallsWrapper, "arr").Raw) - } - - out, _ = sjson.SetRaw(out, "messages.-1", msg) - return true - }) - } - - // Tools mapping: Gemini tools -> OpenAI tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - if functionDeclarations := tool.Get("functionDeclarations"); functionDeclarations.Exists() && functionDeclarations.IsArray() { - functionDeclarations.ForEach(func(_, funcDecl gjson.Result) bool { - openAITool := `{"type":"function","function":{"name":"","description":""}}` - openAITool, _ = sjson.Set(openAITool, "function.name", funcDecl.Get("name").String()) - openAITool, _ = sjson.Set(openAITool, "function.description", funcDecl.Get("description").String()) - - // Convert parameters schema - if parameters := funcDecl.Get("parameters"); parameters.Exists() { - openAITool, _ = sjson.SetRaw(openAITool, "function.parameters", parameters.Raw) - } else if parameters := funcDecl.Get("parametersJsonSchema"); parameters.Exists() { - openAITool, _ = sjson.SetRaw(openAITool, "function.parameters", parameters.Raw) - } - - out, _ = sjson.SetRaw(out, "tools.-1", openAITool) - return true - }) - } - return true - }) - } - - // Tool choice mapping (Gemini doesn't have direct equivalent, but we can handle it) - if toolConfig := root.Get("toolConfig"); toolConfig.Exists() { - if functionCallingConfig := toolConfig.Get("functionCallingConfig"); functionCallingConfig.Exists() { - mode := functionCallingConfig.Get("mode").String() - switch mode { - case "NONE": - out, _ = sjson.Set(out, "tool_choice", "none") - case "AUTO": - out, _ = sjson.Set(out, "tool_choice", "auto") - case "ANY": - out, _ = sjson.Set(out, "tool_choice", "required") - } - } - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_request_test.go deleted file mode 100644 index 55bc784108..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_request_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package gemini - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToOpenAI(t *testing.T) { - input := []byte(`{ - "contents": [ - { - "role": "user", - "parts": [ - {"text": "hello"} - ] - } - ], - "generationConfig": { - "temperature": 0.7, - "maxOutputTokens": 100, - "thinkingConfig": { - "thinkingLevel": "high" - } - } - }`) - - got := ConvertGeminiRequestToOpenAI("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o" { - t.Errorf("expected model gpt-4o, got %s", res.Get("model").String()) - } - - if res.Get("temperature").Float() != 0.7 { - t.Errorf("expected temperature 0.7, got %v", res.Get("temperature").Float()) - } - - if res.Get("max_tokens").Int() != 100 { - t.Errorf("expected max_tokens 100, got %d", res.Get("max_tokens").Int()) - } - - if res.Get("reasoning_effort").String() != "high" { - t.Errorf("expected reasoning_effort high, got %s", res.Get("reasoning_effort").String()) - } - - messages := res.Get("messages").Array() - if len(messages) != 1 { - t.Errorf("expected 1 message, got %d", len(messages)) - } - - if messages[0].Get("role").String() != "user" || messages[0].Get("content").String() != "hello" { - t.Errorf("unexpected user message: %s", messages[0].Raw) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_response.go deleted file mode 100644 index 530617dd96..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/gemini/openai_gemini_response.go +++ /dev/null @@ -1,667 +0,0 @@ -// Package gemini provides response translation functionality for OpenAI to Gemini API. -// This package handles the conversion of OpenAI Chat Completions API responses into Gemini API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package gemini - -import ( - "bytes" - "context" - "fmt" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponseToGeminiParams holds parameters for response conversion -type ConvertOpenAIResponseToGeminiParams struct { - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator - // Content accumulator for streaming - ContentAccumulator strings.Builder - // Track if this is the first chunk - IsFirstChunk bool -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertOpenAIResponseToGemini converts OpenAI Chat Completions streaming response format to Gemini API format. -// This function processes OpenAI streaming chunks and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response. -func ConvertOpenAIResponseToGemini(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertOpenAIResponseToGeminiParams{ - ToolCallsAccumulator: nil, - ContentAccumulator: strings.Builder{}, - IsFirstChunk: false, - } - } - - // Handle [DONE] marker - if strings.TrimSpace(string(rawJSON)) == "[DONE]" { - return []string{} - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - root := gjson.ParseBytes(rawJSON) - - // Initialize accumulators if needed - if (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator == nil { - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - // Process choices - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - // Handle empty choices array (usage-only chunk) - if len(choices.Array()) == 0 { - // This is a usage-only chunk, handle usage and return - if usage := root.Get("usage"); usage.Exists() { - template := `{"candidates":[],"usageMetadata":{}}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - template, _ = sjson.Set(template, "model", model.String()) - } - - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - return []string{template} - } - return []string{} - } - - var results []string - - choices.ForEach(func(choiceIndex, choice gjson.Result) bool { - // Base Gemini response template without finishReason; set when known - template := `{"candidates":[{"content":{"parts":[],"role":"model"},"index":0}]}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - template, _ = sjson.Set(template, "model", model.String()) - } - - _ = int(choice.Get("index").Int()) // choiceIdx not used in streaming - delta := choice.Get("delta") - baseTemplate := template - - // Handle role (only in first chunk) - if role := delta.Get("role"); role.Exists() && (*param).(*ConvertOpenAIResponseToGeminiParams).IsFirstChunk { - // OpenAI assistant -> Gemini model - if role.String() == "assistant" { - template, _ = sjson.Set(template, "candidates.0.content.role", "model") - } - (*param).(*ConvertOpenAIResponseToGeminiParams).IsFirstChunk = false - results = append(results, template) - return true - } - - var chunkOutputs []string - - // Handle reasoning/thinking delta - if reasoning := delta.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range extractReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - reasoningTemplate := baseTemplate - reasoningTemplate, _ = sjson.Set(reasoningTemplate, "candidates.0.content.parts.0.thought", true) - reasoningTemplate, _ = sjson.Set(reasoningTemplate, "candidates.0.content.parts.0.text", reasoningText) - chunkOutputs = append(chunkOutputs, reasoningTemplate) - } - } - - // Handle content delta - if content := delta.Get("content"); content.Exists() && content.String() != "" { - contentText := content.String() - (*param).(*ConvertOpenAIResponseToGeminiParams).ContentAccumulator.WriteString(contentText) - - // Create text part for this delta - contentTemplate := baseTemplate - contentTemplate, _ = sjson.Set(contentTemplate, "candidates.0.content.parts.0.text", contentText) - chunkOutputs = append(chunkOutputs, contentTemplate) - } - - if len(chunkOutputs) > 0 { - results = append(results, chunkOutputs...) - return true - } - - // Handle tool calls delta - if toolCalls := delta.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - toolIndex := int(toolCall.Get("index").Int()) - toolID := toolCall.Get("id").String() - toolType := toolCall.Get("type").String() - function := toolCall.Get("function") - - // Skip non-function tool calls explicitly marked as other types. - if toolType != "" && toolType != "function" { - return true - } - - // OpenAI streaming deltas may omit the type field while still carrying function data. - if !function.Exists() { - return true - } - - functionName := function.Get("name").String() - functionArgs := function.Get("arguments").String() - - // Initialize accumulator if needed so later deltas without type can append arguments. - if _, exists := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex]; !exists { - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] = &ToolCallAccumulator{ - ID: toolID, - Name: functionName, - } - } - - acc := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] - - // Update ID if provided - if toolID != "" { - acc.ID = toolID - } - - // Update name if provided - if functionName != "" { - acc.Name = functionName - } - - // Accumulate arguments - if functionArgs != "" { - acc.Arguments.WriteString(functionArgs) - } - - return true - }) - - // Don't output anything for tool call deltas - wait for completion - return true - } - - // Handle finish reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - geminiFinishReason := mapOpenAIFinishReasonToGemini(finishReason.String()) - template, _ = sjson.Set(template, "candidates.0.finishReason", geminiFinishReason) - - // If we have accumulated tool calls, output them now - if len((*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator) > 0 { - partIndex := 0 - for _, accumulator := range (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator { - namePath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.name", partIndex) - argsPath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.args", partIndex) - template, _ = sjson.Set(template, namePath, accumulator.Name) - template, _ = sjson.SetRaw(template, argsPath, parseArgsToObjectRaw(accumulator.Arguments.String())) - partIndex++ - } - - // Clear accumulators - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - results = append(results, template) - return true - } - - // Handle usage information - if usage := root.Get("usage"); usage.Exists() { - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - results = append(results, template) - return true - } - - return true - }) - return results - } - return []string{} -} - -// mapOpenAIFinishReasonToGemini maps OpenAI finish reasons to Gemini finish reasons -func mapOpenAIFinishReasonToGemini(openAIReason string) string { - switch openAIReason { - case "stop": - return "STOP" - case "length": - return "MAX_TOKENS" - case "tool_calls": - return "STOP" // Gemini doesn't have a specific tool_calls finish reason - case "content_filter": - return "SAFETY" - default: - return "STOP" - } -} - -// parseArgsToObjectRaw safely parses a JSON string of function arguments into an object JSON string. -// It returns "{}" if the input is empty or cannot be parsed as a JSON object. -func parseArgsToObjectRaw(argsStr string) string { - trimmed := strings.TrimSpace(argsStr) - if trimmed == "" || trimmed == "{}" { - return "{}" - } - - // First try strict JSON - if gjson.Valid(trimmed) { - strict := gjson.Parse(trimmed) - if strict.IsObject() { - return strict.Raw - } - } - - // Tolerant parse: handle streams where values are barewords (e.g., 北京, celsius) - tolerant := tolerantParseJSONObjectRaw(trimmed) - if tolerant != "{}" { - return tolerant - } - - // Fallback: return empty object when parsing fails - return "{}" -} - -func escapeSjsonPathKey(key string) string { - key = strings.ReplaceAll(key, `\`, `\\`) - key = strings.ReplaceAll(key, `.`, `\.`) - return key -} - -// tolerantParseJSONObjectRaw attempts to parse a JSON-like object string into a JSON object string, tolerating -// bareword values (unquoted strings) commonly seen during streamed tool calls. -// Example input: {"location": 北京, "unit": celsius} -func tolerantParseJSONObjectRaw(s string) string { - // Ensure we operate within the outermost braces if present - start := strings.Index(s, "{") - end := strings.LastIndex(s, "}") - if start == -1 || end == -1 || start >= end { - return "{}" - } - content := s[start+1 : end] - - runes := []rune(content) - n := len(runes) - i := 0 - result := "{}" - - for i < n { - // Skip whitespace and commas - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t' || runes[i] == ',') { - i++ - } - if i >= n { - break - } - - // Expect quoted key - if runes[i] != '"' { - // Unable to parse this segment reliably; skip to next comma - for i < n && runes[i] != ',' { - i++ - } - continue - } - - // Parse JSON string for key - keyToken, nextIdx := parseJSONStringRunes(runes, i) - if nextIdx == -1 { - break - } - keyName := jsonStringTokenToRawString(keyToken) - sjsonKey := escapeSjsonPathKey(keyName) - i = nextIdx - - // Skip whitespace - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i >= n || runes[i] != ':' { - break - } - i++ // skip ':' - // Skip whitespace - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i >= n { - break - } - - // Parse value (string, number, object/array, bareword) - switch runes[i] { - case '"': - // JSON string - valToken, ni := parseJSONStringRunes(runes, i) - if ni == -1 { - // Malformed; treat as empty string - result, _ = sjson.Set(result, sjsonKey, "") - i = n - } else { - result, _ = sjson.Set(result, sjsonKey, jsonStringTokenToRawString(valToken)) - i = ni - } - case '{', '[': - // Bracketed value: attempt to capture balanced structure - seg, ni := captureBracketed(runes, i) - if ni == -1 { - i = n - } else { - if gjson.Valid(seg) { - result, _ = sjson.SetRaw(result, sjsonKey, seg) - } else { - result, _ = sjson.Set(result, sjsonKey, seg) - } - i = ni - } - default: - // Bare token until next comma or end - j := i - for j < n && runes[j] != ',' { - j++ - } - token := strings.TrimSpace(string(runes[i:j])) - // Interpret common JSON atoms and numbers; otherwise treat as string - if token == "true" { - result, _ = sjson.Set(result, sjsonKey, true) - } else if token == "false" { - result, _ = sjson.Set(result, sjsonKey, false) - } else if token == "null" { - result, _ = sjson.Set(result, sjsonKey, nil) - } else if numVal, ok := tryParseNumber(token); ok { - result, _ = sjson.Set(result, sjsonKey, numVal) - } else { - result, _ = sjson.Set(result, sjsonKey, token) - } - i = j - } - - // Skip trailing whitespace and optional comma before next pair - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i < n && runes[i] == ',' { - i++ - } - } - - return result -} - -// parseJSONStringRunes returns the JSON string token (including quotes) and the index just after it. -func parseJSONStringRunes(runes []rune, start int) (string, int) { - if start >= len(runes) || runes[start] != '"' { - return "", -1 - } - i := start + 1 - escaped := false - for i < len(runes) { - r := runes[i] - if r == '\\' && !escaped { - escaped = true - i++ - continue - } - if r == '"' && !escaped { - return string(runes[start : i+1]), i + 1 - } - escaped = false - i++ - } - return string(runes[start:]), -1 -} - -// jsonStringTokenToRawString converts a JSON string token (including quotes) to a raw Go string value. -func jsonStringTokenToRawString(token string) string { - r := gjson.Parse(token) - if r.Type == gjson.String { - return r.String() - } - // Fallback: strip surrounding quotes if present - if len(token) >= 2 && token[0] == '"' && token[len(token)-1] == '"' { - return token[1 : len(token)-1] - } - return token -} - -// captureBracketed captures a balanced JSON object/array starting at index i. -// Returns the segment string and the index just after it; -1 if malformed. -func captureBracketed(runes []rune, i int) (string, int) { - if i >= len(runes) { - return "", -1 - } - startRune := runes[i] - var endRune rune - switch startRune { - case '{': - endRune = '}' - case '[': - endRune = ']' - default: - return "", -1 - } - depth := 0 - j := i - inStr := false - escaped := false - for j < len(runes) { - r := runes[j] - if inStr { - if r == '\\' && !escaped { - escaped = true - j++ - continue - } - if r == '"' && !escaped { - inStr = false - } else { - escaped = false - } - j++ - continue - } - if r == '"' { - inStr = true - j++ - continue - } - switch r { - case startRune: - depth++ - case endRune: - depth-- - if depth == 0 { - return string(runes[i : j+1]), j + 1 - } - } - j++ - } - return string(runes[i:]), -1 -} - -// tryParseNumber attempts to parse a string as an int or float. -func tryParseNumber(s string) (interface{}, bool) { - if s == "" { - return nil, false - } - // Try integer - if i64, errParseInt := strconv.ParseInt(s, 10, 64); errParseInt == nil { - return i64, true - } - if u64, errParseUInt := strconv.ParseUint(s, 10, 64); errParseUInt == nil { - return u64, true - } - if f64, errParseFloat := strconv.ParseFloat(s, 64); errParseFloat == nil { - return f64, true - } - return nil, false -} - -// ConvertOpenAIResponseToGeminiNonStream converts a non-streaming OpenAI response to a non-streaming Gemini response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - - // Base Gemini response template without finishReason; set when known - out := `{"candidates":[{"content":{"parts":[],"role":"model"},"index":0}]}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - out, _ = sjson.Set(out, "model", model.String()) - } - - // Process choices - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(choiceIndex, choice gjson.Result) bool { - choiceIdx := int(choice.Get("index").Int()) - message := choice.Get("message") - - // Set role - if role := message.Get("role"); role.Exists() { - if role.String() == "assistant" { - out, _ = sjson.Set(out, "candidates.0.content.role", "model") - } - } - - partIndex := 0 - - // Handle reasoning content before visible text - if reasoning := message.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range extractReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.thought", partIndex), true) - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.text", partIndex), reasoningText) - partIndex++ - } - } - - // Handle content first - if content := message.Get("content"); content.Exists() && content.String() != "" { - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.text", partIndex), content.String()) - partIndex++ - } - - // Handle tool calls - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - if toolCall.Get("type").String() == "function" { - function := toolCall.Get("function") - functionName := function.Get("name").String() - functionArgs := function.Get("arguments").String() - - namePath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.name", partIndex) - argsPath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.args", partIndex) - out, _ = sjson.Set(out, namePath, functionName) - out, _ = sjson.SetRaw(out, argsPath, parseArgsToObjectRaw(functionArgs)) - partIndex++ - } - return true - }) - } - - // Handle finish reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - geminiFinishReason := mapOpenAIFinishReasonToGemini(finishReason.String()) - out, _ = sjson.Set(out, "candidates.0.finishReason", geminiFinishReason) - } - - // Set index - out, _ = sjson.Set(out, "candidates.0.index", choiceIdx) - - return true - }) - } - - // Handle usage information - if usage := root.Get("usage"); usage.Exists() { - out, _ = sjson.Set(out, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - out, _ = sjson.Set(out, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - out, _ = sjson.Set(out, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - out, _ = sjson.Set(out, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - } - - return out -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -func reasoningTokensFromUsage(usage gjson.Result) int64 { - if usage.Exists() { - if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - } - return 0 -} - -func extractReasoningTexts(node gjson.Result) []string { - var texts []string - if !node.Exists() { - return texts - } - - if node.IsArray() { - node.ForEach(func(_, value gjson.Result) bool { - texts = append(texts, extractReasoningTexts(value)...) - return true - }) - return texts - } - - switch node.Type { - case gjson.String: - texts = append(texts, node.String()) - case gjson.JSON: - if text := node.Get("text"); text.Exists() { - texts = append(texts, text.String()) - } else if raw := strings.TrimSpace(node.Raw); raw != "" && !strings.HasPrefix(raw, "{") && !strings.HasPrefix(raw, "[") { - texts = append(texts, raw) - } - } - - return texts -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/init.go deleted file mode 100644 index 5b16565e72..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.OpenAI, - ConvertOpenAIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToOpenAI, - NonStream: ConvertOpenAIResponseToOpenAINonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_request.go deleted file mode 100644 index a74cded6c7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_request.go +++ /dev/null @@ -1,30 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "github.com/tidwall/sjson" -) - -// ConvertOpenAIRequestToOpenAI converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToOpenAI(modelName string, inputRawJSON []byte, _ bool) []byte { - // Update the "model" field in the JSON payload with the provided modelName - // The sjson.SetBytes function returns a new byte slice with the updated JSON. - updatedJSON, err := sjson.SetBytes(inputRawJSON, "model", modelName) - if err != nil { - // If there's an error, return the original JSON or handle the error appropriately. - // For now, we'll return the original, but in a real scenario, logging or a more robust error - // handling mechanism would be needed. - return inputRawJSON - } - return updatedJSON -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_request_test.go deleted file mode 100644 index a8db00e3dc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_request_test.go +++ /dev/null @@ -1,16 +0,0 @@ -package chat_completions - -import ( - "bytes" - "testing" -) - -func TestConvertOpenAIRequestToOpenAI(t *testing.T) { - input := []byte(`{"model": "gpt-3.5-turbo", "messages": [{"role": "user", "content": "hello"}]}`) - modelName := "gpt-4o" - got := ConvertOpenAIRequestToOpenAI(modelName, input, false) - - if !bytes.Contains(got, []byte(`"model": "gpt-4o"`)) && !bytes.Contains(got, []byte(`"model":"gpt-4o"`)) { - t.Errorf("expected model gpt-4o, got %s", string(got)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_response.go deleted file mode 100644 index ff2acc5270..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_response.go +++ /dev/null @@ -1,52 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" -) - -// ConvertOpenAIResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertOpenAIResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - return []string{string(rawJSON)} -} - -// ConvertOpenAIResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertOpenAIResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return string(rawJSON) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_response_test.go deleted file mode 100644 index 98d5699a5b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/chat-completions/openai_openai_response_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package chat_completions - -import ( - "context" - "testing" -) - -func TestConvertOpenAIResponseToOpenAI(t *testing.T) { - ctx := context.Background() - rawJSON := []byte(`data: {"id": "123"}`) - got := ConvertOpenAIResponseToOpenAI(ctx, "model", nil, nil, rawJSON, nil) - if len(got) != 1 || got[0] != `{"id": "123"}` { - t.Errorf("expected {\"id\": \"123\"}, got %v", got) - } - - doneJSON := []byte(`data: [DONE]`) - gotDone := ConvertOpenAIResponseToOpenAI(ctx, "model", nil, nil, doneJSON, nil) - if len(gotDone) != 0 { - t.Errorf("expected empty slice for [DONE], got %v", gotDone) - } -} - -func TestConvertOpenAIResponseToOpenAINonStream(t *testing.T) { - ctx := context.Background() - rawJSON := []byte(`{"id": "123"}`) - got := ConvertOpenAIResponseToOpenAINonStream(ctx, "model", nil, nil, rawJSON, nil) - if got != `{"id": "123"}` { - t.Errorf("expected {\"id\": \"123\"}, got %s", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/init.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/init.go deleted file mode 100644 index 6d51ead3ac..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/translator" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.OpenAI, - ConvertOpenAIResponsesRequestToOpenAIChatCompletions, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIChatCompletionsResponseToOpenAIResponses, - NonStream: ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_request.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_request.go deleted file mode 100644 index b03b3e1cf5..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_request.go +++ /dev/null @@ -1,235 +0,0 @@ -package responses - -import ( - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponsesRequestToOpenAIChatCompletions converts OpenAI responses format to OpenAI chat completions format. -// It transforms the OpenAI responses API format (with instructions and input array) into the standard -// OpenAI chat completions format (with messages array and system content). -// -// The conversion handles: -// 1. Model name and streaming configuration -// 2. Instructions to system message conversion -// 3. Input array to messages array transformation -// 4. Tool definitions and tool choice conversion -// 5. Function calls and function results handling -// 6. Generation parameters mapping (max_completion_tokens, reasoning, etc.) -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data in OpenAI responses format -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in OpenAI chat completions format -func ConvertOpenAIResponsesRequestToOpenAIChatCompletions(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI chat completions template with default values - out := `{"model":"","messages":[],"stream":false}` - - root := gjson.ParseBytes(rawJSON) - - // Set model name - out, _ = sjson.Set(out, "model", modelName) - - // Set stream configuration - out, _ = sjson.Set(out, "stream", stream) - - // Map generation parameters from responses format to chat completions format - if maxTokens := root.Get("max_output_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_completion_tokens", maxTokens.Int()) - } - - if parallelToolCalls := root.Get("parallel_tool_calls"); parallelToolCalls.Exists() { - out, _ = sjson.Set(out, "parallel_tool_calls", parallelToolCalls.Bool()) - } - - // Convert instructions to system message - if instructions := root.Get("instructions"); instructions.Exists() { - systemMessage := `{"role":"system","content":""}` - systemMessage, _ = sjson.Set(systemMessage, "content", instructions.String()) - out, _ = sjson.SetRaw(out, "messages.-1", systemMessage) - } - - // Convert input array to messages - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - itemType := item.Get("type").String() - if itemType == "" && item.Get("role").String() != "" { - itemType = "message" - } - - switch itemType { - case "message", "": - // Handle regular message conversion - role := item.Get("role").String() - if role == "developer" { - role = "user" - } - message := `{"role":"","content":[]}` - message, _ = sjson.Set(message, "role", role) - - if content := item.Get("content"); content.Exists() && content.IsArray() { - var messageContent string - var toolCalls []interface{} - - content.ForEach(func(_, contentItem gjson.Result) bool { - contentType := contentItem.Get("type").String() - if contentType == "" { - contentType = "input_text" - } - - switch contentType { - case "input_text", "output_text": - text := contentItem.Get("text").String() - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", text) - message, _ = sjson.SetRaw(message, "content.-1", contentPart) - case "input_image": - imageURL := contentItem.Get("image_url").String() - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - message, _ = sjson.SetRaw(message, "content.-1", contentPart) - } - return true - }) - - if messageContent != "" { - message, _ = sjson.Set(message, "content", messageContent) - } - - if len(toolCalls) > 0 { - message, _ = sjson.Set(message, "tool_calls", toolCalls) - } - } else if content.Type == gjson.String { - message, _ = sjson.Set(message, "content", content.String()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", message) - - case "function_call": - // Handle function call conversion to assistant message with tool_calls - assistantMessage := `{"role":"assistant","tool_calls":[]}` - - toolCall := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - - if callId := item.Get("call_id"); callId.Exists() { - toolCall, _ = sjson.Set(toolCall, "id", callId.String()) - } - - if name := item.Get("name"); name.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.name", name.String()) - } - - if arguments := item.Get("arguments"); arguments.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.arguments", arguments.String()) - } - - assistantMessage, _ = sjson.SetRaw(assistantMessage, "tool_calls.0", toolCall) - out, _ = sjson.SetRaw(out, "messages.-1", assistantMessage) - - case "function_call_output": - // Handle function call output conversion to tool message - toolMessage := `{"role":"tool","tool_call_id":"","content":""}` - - if callId := item.Get("call_id"); callId.Exists() { - toolMessage, _ = sjson.Set(toolMessage, "tool_call_id", callId.String()) - } - - if output := item.Get("output"); output.Exists() { - toolMessage, _ = sjson.Set(toolMessage, "content", output.String()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", toolMessage) - } - - return true - }) - } else if input.Type == gjson.String { - msg := "{}" - msg, _ = sjson.Set(msg, "role", "user") - msg, _ = sjson.Set(msg, "content", input.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - // Convert tools from responses format to chat completions format - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var chatCompletionsTools []interface{} - - tools.ForEach(func(_, tool gjson.Result) bool { - // Built-in tools (e.g. {"type":"web_search"}) are already compatible with the Chat Completions schema. - // Only function tools need structural conversion because Chat Completions nests details under "function". - toolType := tool.Get("type").String() - if toolType != "" && toolType != "function" && tool.IsObject() { - // Almost all providers lack built-in tools, so we just ignore them. - // chatCompletionsTools = append(chatCompletionsTools, tool.Value()) - return true - } - - chatTool := `{"type":"function","function":{}}` - - // Convert tool structure from responses format to chat completions format - function := `{"name":"","description":"","parameters":{}}` - - if name := tool.Get("name"); name.Exists() { - function, _ = sjson.Set(function, "name", name.String()) - } - - if description := tool.Get("description"); description.Exists() { - function, _ = sjson.Set(function, "description", description.String()) - } - - if parameters := tool.Get("parameters"); parameters.Exists() { - function, _ = sjson.SetRaw(function, "parameters", parameters.Raw) - } - - chatTool, _ = sjson.SetRaw(chatTool, "function", function) - chatCompletionsTools = append(chatCompletionsTools, gjson.Parse(chatTool).Value()) - - return true - }) - - if len(chatCompletionsTools) > 0 { - out, _ = sjson.Set(out, "tools", chatCompletionsTools) - } - } - - // Map reasoning controls. - // - // Priority: - // 1. reasoning.effort object field - // 2. flat legacy field "reasoning.effort" - // 3. variant - if reasoningEffort := root.Get("reasoning.effort"); reasoningEffort.Exists() { - effort := strings.ToLower(strings.TrimSpace(reasoningEffort.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else if reasoningEffort := root.Get(`reasoning\.effort`); reasoningEffort.Exists() { - effort := strings.ToLower(strings.TrimSpace(reasoningEffort.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else if variant := root.Get("variant"); variant.Exists() && variant.Type == gjson.String { - effort := strings.ToLower(strings.TrimSpace(variant.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - - // Convert tool_choice if present - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.JSON: - out, _ = sjson.SetRaw(out, "tool_choice", toolChoice.Raw) - default: - out, _ = sjson.Set(out, "tool_choice", toolChoice.Value()) - } - } - - return []byte(out) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_request_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_request_test.go deleted file mode 100644 index 3aca4aed60..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_request_test.go +++ /dev/null @@ -1,187 +0,0 @@ -package responses - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIResponsesRequestToOpenAIChatCompletions(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "instructions": "Be helpful.", - "input": [ - { - "role": "user", - "content": [ - {"type": "input_text", "text": "hello"} - ] - } - ], - "max_output_tokens": 100 - }`) - - got := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("gpt-4o-new", input, true) - res := gjson.ParseBytes(got) - - if res.Get("model").String() != "gpt-4o-new" { - t.Errorf("expected model gpt-4o-new, got %s", res.Get("model").String()) - } - - if res.Get("stream").Bool() != true { - t.Errorf("expected stream true, got %v", res.Get("stream").Bool()) - } - - if res.Get("max_completion_tokens").Int() != 100 { - t.Errorf("expected max_completion_tokens 100, got %d", res.Get("max_completion_tokens").Int()) - } - if res.Get("max_tokens").Exists() { - t.Errorf("max_tokens must not be present for OpenAI chat completions: %s", res.Get("max_tokens").Raw) - } - - messages := res.Get("messages").Array() - if len(messages) != 2 { - t.Errorf("expected 2 messages (system + user), got %d", len(messages)) - } - - if messages[0].Get("role").String() != "system" || messages[0].Get("content").String() != "Be helpful." { - t.Errorf("unexpected system message: %s", messages[0].Raw) - } - - if messages[1].Get("role").String() != "user" || messages[1].Get("content.0.text").String() != "hello" { - t.Errorf("unexpected user message: %s", messages[1].Raw) - } - - // Test full input with messages, function calls, and results - input2 := []byte(`{ - "instructions": "sys", - "input": [ - {"role": "user", "content": "hello"}, - {"type": "function_call", "call_id": "c1", "name": "f1", "arguments": "{}"}, - {"type": "function_call_output", "call_id": "c1", "output": "ok"} - ], - "tools": [{"type": "function", "name": "f1", "description": "d1", "parameters": {"type": "object"}}], - "max_output_tokens": 100, - "reasoning": {"effort": "high"} - }`) - - got2 := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("m1", input2, false) - res2 := gjson.ParseBytes(got2) - - if res2.Get("max_completion_tokens").Int() != 100 { - t.Errorf("expected max_completion_tokens 100, got %d", res2.Get("max_completion_tokens").Int()) - } - if res2.Get("max_tokens").Exists() { - t.Errorf("max_tokens must not be present for OpenAI chat completions: %s", res2.Get("max_tokens").Raw) - } - - if res2.Get("reasoning_effort").String() != "high" { - t.Errorf("expected reasoning_effort high, got %s", res2.Get("reasoning_effort").String()) - } - - messages2 := res2.Get("messages").Array() - // sys + user + assistant(tool_call) + tool(result) - if len(messages2) != 4 { - t.Fatalf("expected 4 messages, got %d", len(messages2)) - } - - if messages2[2].Get("role").String() != "assistant" || !messages2[2].Get("tool_calls").Exists() { - t.Error("expected third message to be assistant with tool_calls") - } - - if messages2[3].Get("role").String() != "tool" || messages2[3].Get("content").String() != "ok" { - t.Error("expected fourth message to be tool with content ok") - } - - if len(res2.Get("tools").Array()) != 1 { - t.Errorf("expected 1 tool, got %d", len(res2.Get("tools").Array())) - } - - // Test with developer role, image, and parallel tool calls - input3 := []byte(`{ - "model": "gpt-4o", - "input": [ - {"role": "developer", "content": "dev msg"}, - {"role": "user", "content": [{"type": "input_image", "image_url": "http://img"}]} - ], - "parallel_tool_calls": true - }`) - got3 := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("gpt-4o", input3, false) - res3 := gjson.ParseBytes(got3) - - messages3 := res3.Get("messages").Array() - if len(messages3) != 2 { - t.Fatalf("expected 2 messages, got %d", len(messages3)) - } - // developer -> user - if messages3[0].Get("role").String() != "user" { - t.Errorf("expected developer role converted to user, got %s", messages3[0].Get("role").String()) - } - // image content - if messages3[1].Get("content.0.type").String() != "image_url" { - t.Errorf("expected image_url type, got %s", messages3[1].Get("content.0.type").String()) - } - if res3.Get("parallel_tool_calls").Bool() != true { - t.Error("expected parallel_tool_calls true") - } - - // Test input as string - input4 := []byte(`{"input": "hello"}`) - got4 := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("gpt-4o", input4, false) - res4 := gjson.ParseBytes(got4) - if res4.Get("messages.0.content").String() != "hello" { - t.Errorf("expected content hello, got %s", res4.Get("messages.0.content").String()) - } -} - -func TestConvertOpenAIResponsesRequestToOpenAIChatCompletionsToolChoice(t *testing.T) { - input := []byte(`{ - "model": "gpt-4o", - "input": [{"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}], - "tool_choice": {"type":"function","function":{"name":"weather"}} - }`) - - got := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("gpt-4o", input, false) - res := gjson.ParseBytes(got) - - toolChoice := res.Get("tool_choice") - if !toolChoice.Exists() { - t.Fatalf("expected tool_choice") - } - if toolChoice.Get("type").String() != "function" { - t.Fatalf("tool_choice.type = %s, want function", toolChoice.Get("type").String()) - } - if toolChoice.Get("function.name").String() != "weather" { - t.Fatalf("tool_choice.function.name = %s, want weather", toolChoice.Get("function.name").String()) - } - - if res.Get("tool_choice").Type != gjson.JSON { - t.Fatalf("tool_choice should be object, got %s", res.Get("tool_choice").Type.String()) - } -} - -func TestConvertOpenAIResponsesRequestToOpenAIChatCompletions_MapsLegacyReasoningEffort(t *testing.T) { - input := []byte(`{ - "model":"gpt-4.1", - "input":[{"type":"message","role":"user","content":[{"type":"input_text","text":"ping"}]}], - "reasoning.effort":"low" - }`) - - output := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("gpt-4.1", input, false) - if got := gjson.GetBytes(output, "reasoning_effort").String(); got != "low" { - t.Fatalf("expected reasoning_effort low from legacy flat field, got %q", got) - } -} - -func TestConvertOpenAIResponsesRequestToOpenAIChatCompletions_MapsVariantFallback(t *testing.T) { - input := []byte(`{ - "model":"gpt-4.1", - "input":[{"type":"message","role":"user","content":[{"type":"input_text","text":"ping"}]}], - "variant":"medium" - }`) - - output := ConvertOpenAIResponsesRequestToOpenAIChatCompletions("gpt-4.1", input, false) - if got := gjson.GetBytes(output, "reasoning_effort").String(); got != "medium" { - t.Fatalf("expected reasoning_effort medium from variant, got %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_response.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_response.go deleted file mode 100644 index faaafc6cae..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_response.go +++ /dev/null @@ -1,829 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -type oaiToResponsesStateReasoning struct { - ReasoningID string - ReasoningData string -} -type oaiToResponsesState struct { - Seq int - ResponseID string - Created int64 - Started bool - ReasoningID string - ReasoningIndex int - // aggregation buffers for response.output - // Per-output message text buffers by index - MsgTextBuf map[int]*strings.Builder - ReasoningBuf strings.Builder - Reasonings []oaiToResponsesStateReasoning - FuncArgsBuf map[int]*strings.Builder // index -> args - FuncNames map[int]string // index -> name - FuncCallIDs map[int]string // index -> call_id - // message item state per output index - MsgItemAdded map[int]bool // whether response.output_item.added emitted for message - MsgContentAdded map[int]bool // whether response.content_part.added emitted for message - MsgItemDone map[int]bool // whether message done events were emitted - // function item done state - FuncArgsDone map[int]bool - FuncItemDone map[int]bool - // usage aggregation - PromptTokens int64 - CachedTokens int64 - CompletionTokens int64 - TotalTokens int64 - ReasoningTokens int64 - UsageSeen bool - CompletionSent bool - StopSeen bool -} - -// responseIDCounter provides a process-wide unique counter for synthesized response identifiers. -var responseIDCounter uint64 - -func emitRespEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -func emitCompletionEvents(st *oaiToResponsesState) []string { - if st == nil || st.CompletionSent { - return []string{} - } - - nextSeq := func() int { - st.Seq++ - return st.Seq - } - - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.Created) - - if st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.PromptTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", st.CachedTokens) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.CompletionTokens) - if st.ReasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", st.ReasoningTokens) - } - total := st.TotalTokens - if total == 0 { - total = st.PromptTokens + st.CompletionTokens - } - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - - st.CompletionSent = true - return []string{emitRespEvent("response.completed", completed)} -} - -// ConvertOpenAIChatCompletionsResponseToOpenAIResponses converts OpenAI Chat Completions streaming chunks -// to OpenAI Responses SSE events (response.*). -func ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &oaiToResponsesState{ - FuncArgsBuf: make(map[int]*strings.Builder), - FuncNames: make(map[int]string), - FuncCallIDs: make(map[int]string), - MsgTextBuf: make(map[int]*strings.Builder), - MsgItemAdded: make(map[int]bool), - MsgContentAdded: make(map[int]bool), - MsgItemDone: make(map[int]bool), - FuncArgsDone: make(map[int]bool), - FuncItemDone: make(map[int]bool), - Reasonings: make([]oaiToResponsesStateReasoning, 0), - } - } - st := (*param).(*oaiToResponsesState) - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - rawJSON = bytes.TrimSpace(rawJSON) - if len(rawJSON) == 0 { - return []string{} - } - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // GitHub #1085: Emit completion events on [DONE] marker instead of returning empty - return emitCompletionEvents(st) - } - - root := gjson.ParseBytes(rawJSON) - obj := root.Get("object") - if obj.Exists() && obj.String() != "" && obj.String() != "chat.completion.chunk" { - return []string{} - } - if !root.Get("choices").Exists() || !root.Get("choices").IsArray() { - return []string{} - } - - if usage := root.Get("usage"); usage.Exists() { - if v := usage.Get("prompt_tokens"); v.Exists() { - st.PromptTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("prompt_tokens_details.cached_tokens"); v.Exists() { - st.CachedTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("completion_tokens"); v.Exists() { - st.CompletionTokens = v.Int() - st.UsageSeen = true - } else if v := usage.Get("output_tokens"); v.Exists() { - st.CompletionTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() { - st.ReasoningTokens = v.Int() - st.UsageSeen = true - } else if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - st.ReasoningTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("total_tokens"); v.Exists() { - st.TotalTokens = v.Int() - st.UsageSeen = true - } - } - - nextSeq := func() int { st.Seq++; return st.Seq } - var out []string - - if !st.Started { - st.ResponseID = root.Get("id").String() - st.Created = root.Get("created").Int() - // reset aggregation state for a new streaming response - st.MsgTextBuf = make(map[int]*strings.Builder) - st.ReasoningBuf.Reset() - st.ReasoningID = "" - st.ReasoningIndex = 0 - st.FuncArgsBuf = make(map[int]*strings.Builder) - st.FuncNames = make(map[int]string) - st.FuncCallIDs = make(map[int]string) - st.MsgItemAdded = make(map[int]bool) - st.MsgContentAdded = make(map[int]bool) - st.MsgItemDone = make(map[int]bool) - st.FuncArgsDone = make(map[int]bool) - st.FuncItemDone = make(map[int]bool) - st.PromptTokens = 0 - st.CachedTokens = 0 - st.CompletionTokens = 0 - st.TotalTokens = 0 - st.ReasoningTokens = 0 - st.UsageSeen = false - st.CompletionSent = false - st.StopSeen = false - // response.created - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.Created) - out = append(out, emitRespEvent("response.created", created)) - - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.Created) - out = append(out, emitRespEvent("response.in_progress", inprog)) - st.Started = true - } - - stopReasoning := func(text string) { - // Emit reasoning done events - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", text) - out = append(out, emitRespEvent("response.reasoning_summary_text.done", textDone)) - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", text) - out = append(out, emitRespEvent("response.reasoning_summary_part.done", partDone)) - outputItemDone := `{"type":"response.output_item.done","item":{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]},"output_index":0,"sequence_number":0}` - outputItemDone, _ = sjson.Set(outputItemDone, "sequence_number", nextSeq()) - outputItemDone, _ = sjson.Set(outputItemDone, "item.id", st.ReasoningID) - outputItemDone, _ = sjson.Set(outputItemDone, "output_index", st.ReasoningIndex) - outputItemDone, _ = sjson.Set(outputItemDone, "item.summary.text", text) - out = append(out, emitRespEvent("response.output_item.done", outputItemDone)) - - st.Reasonings = append(st.Reasonings, oaiToResponsesStateReasoning{ReasoningID: st.ReasoningID, ReasoningData: text}) - st.ReasoningID = "" - } - - // choices[].delta content / tool_calls / reasoning_content - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(_, choice gjson.Result) bool { - idx := int(choice.Get("index").Int()) - delta := choice.Get("delta") - if delta.Exists() { - if c := delta.Get("content"); c.Exists() && c.String() != "" { - // Ensure the message item and its first content part are announced before any text deltas - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - if !st.MsgItemAdded[idx] { - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - out = append(out, emitRespEvent("response.output_item.added", item)) - st.MsgItemAdded[idx] = true - } - if !st.MsgContentAdded[idx] { - part := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - part, _ = sjson.Set(part, "output_index", idx) - part, _ = sjson.Set(part, "content_index", 0) - out = append(out, emitRespEvent("response.content_part.added", part)) - st.MsgContentAdded[idx] = true - } - - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - msg, _ = sjson.Set(msg, "output_index", idx) - msg, _ = sjson.Set(msg, "content_index", 0) - msg, _ = sjson.Set(msg, "delta", c.String()) - out = append(out, emitRespEvent("response.output_text.delta", msg)) - // aggregate for response.output - if st.MsgTextBuf[idx] == nil { - st.MsgTextBuf[idx] = &strings.Builder{} - } - st.MsgTextBuf[idx].WriteString(c.String()) - } - - // reasoning_content (OpenAI reasoning incremental text) - if rc := delta.Get("reasoning_content"); rc.Exists() && rc.String() != "" { - // On first appearance, add reasoning item and part - if st.ReasoningID == "" { - st.ReasoningID = fmt.Sprintf("rs_%s_%d", st.ResponseID, idx) - st.ReasoningIndex = idx - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", st.ReasoningID) - out = append(out, emitRespEvent("response.output_item.added", item)) - part := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.ReasoningID) - part, _ = sjson.Set(part, "output_index", st.ReasoningIndex) - out = append(out, emitRespEvent("response.reasoning_summary_part.added", part)) - } - // Append incremental text to reasoning buffer - st.ReasoningBuf.WriteString(rc.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", rc.String()) - out = append(out, emitRespEvent("response.reasoning_summary_text.delta", msg)) - } - - // tool calls - if tcs := delta.Get("tool_calls"); tcs.Exists() && tcs.IsArray() { - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - // Before emitting any function events, if a message is open for this index, - // close its text/content to match Codex expected ordering. - if st.MsgItemAdded[idx] && !st.MsgItemDone[idx] { - fullText := "" - if b := st.MsgTextBuf[idx]; b != nil { - fullText = b.String() - } - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - done, _ = sjson.Set(done, "output_index", idx) - done, _ = sjson.Set(done, "content_index", 0) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitRespEvent("response.output_text.done", done)) - - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - partDone, _ = sjson.Set(partDone, "output_index", idx) - partDone, _ = sjson.Set(partDone, "content_index", 0) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitRespEvent("response.content_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - itemDone, _ = sjson.Set(itemDone, "item.content.0.text", fullText) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.MsgItemDone[idx] = true - } - - // Only emit item.added once per tool call and preserve call_id across chunks. - newCallID := tcs.Get("0.id").String() - nameChunk := tcs.Get("0.function.name").String() - if nameChunk != "" { - st.FuncNames[idx] = nameChunk - } - existingCallID := st.FuncCallIDs[idx] - effectiveCallID := existingCallID - shouldEmitItem := false - if existingCallID == "" && newCallID != "" { - // First time seeing a valid call_id for this index - effectiveCallID = newCallID - st.FuncCallIDs[idx] = newCallID - shouldEmitItem = true - } - - if shouldEmitItem && effectiveCallID != "" { - o := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - o, _ = sjson.Set(o, "sequence_number", nextSeq()) - o, _ = sjson.Set(o, "output_index", idx) - o, _ = sjson.Set(o, "item.id", fmt.Sprintf("fc_%s", effectiveCallID)) - o, _ = sjson.Set(o, "item.call_id", effectiveCallID) - name := st.FuncNames[idx] - o, _ = sjson.Set(o, "item.name", name) - out = append(out, emitRespEvent("response.output_item.added", o)) - } - - // Ensure args buffer exists for this index - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - - // Append arguments delta if available and we have a valid call_id to reference - if args := tcs.Get("0.function.arguments"); args.Exists() && args.String() != "" { - // Prefer an already known call_id; fall back to newCallID if first time - refCallID := st.FuncCallIDs[idx] - if refCallID == "" { - refCallID = newCallID - } - if refCallID != "" { - ad := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - ad, _ = sjson.Set(ad, "sequence_number", nextSeq()) - ad, _ = sjson.Set(ad, "item_id", fmt.Sprintf("fc_%s", refCallID)) - ad, _ = sjson.Set(ad, "output_index", idx) - ad, _ = sjson.Set(ad, "delta", args.String()) - out = append(out, emitRespEvent("response.function_call_arguments.delta", ad)) - } - st.FuncArgsBuf[idx].WriteString(args.String()) - } - } - } - - // finish_reason triggers finalization, including text done/content done/item done, - // reasoning done/part.done, function args done/item done, and completed - if fr := choice.Get("finish_reason"); fr.Exists() && fr.String() != "" { - st.StopSeen = true - // Emit message done events for all indices that started a message - if len(st.MsgItemAdded) > 0 { - // sort indices for deterministic order - idxs := make([]int, 0, len(st.MsgItemAdded)) - for i := range st.MsgItemAdded { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - if st.MsgItemAdded[i] && !st.MsgItemDone[i] { - fullText := "" - if b := st.MsgTextBuf[i]; b != nil { - fullText = b.String() - } - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - done, _ = sjson.Set(done, "output_index", i) - done, _ = sjson.Set(done, "content_index", 0) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitRespEvent("response.output_text.done", done)) - - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - partDone, _ = sjson.Set(partDone, "output_index", i) - partDone, _ = sjson.Set(partDone, "content_index", 0) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitRespEvent("response.content_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", i) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - itemDone, _ = sjson.Set(itemDone, "item.content.0.text", fullText) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.MsgItemDone[i] = true - } - } - } - - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - - // Emit function call done events for any active function calls - if len(st.FuncCallIDs) > 0 { - idxs := make([]int, 0, len(st.FuncCallIDs)) - for i := range st.FuncCallIDs { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - callID := st.FuncCallIDs[i] - if callID == "" || st.FuncItemDone[i] { - continue - } - args := "{}" - if b := st.FuncArgsBuf[i]; b != nil && b.Len() > 0 { - args = b.String() - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", callID)) - fcDone, _ = sjson.Set(fcDone, "output_index", i) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitRespEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", i) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", callID)) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", callID) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[i]) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.FuncItemDone[i] = true - st.FuncArgsDone[i] = true - } - } - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.Created) - // Inject original request fields into response as per docs/response.completed.json. - reqRawJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if reqRawJSON != nil { - req := gjson.ParseBytes(reqRawJSON) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - // Build response.output using aggregated buffers - outputsWrapper := `{"arr":[]}` - if len(st.Reasonings) > 0 { - for _, r := range st.Reasonings { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", r.ReasoningID) - item, _ = sjson.Set(item, "summary.0.text", r.ReasoningData) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - // Append message items in ascending index order - if len(st.MsgItemAdded) > 0 { - midxs := make([]int, 0, len(st.MsgItemAdded)) - for i := range st.MsgItemAdded { - midxs = append(midxs, i) - } - for i := 0; i < len(midxs); i++ { - for j := i + 1; j < len(midxs); j++ { - if midxs[j] < midxs[i] { - midxs[i], midxs[j] = midxs[j], midxs[i] - } - } - } - for _, i := range midxs { - txt := "" - if b := st.MsgTextBuf[i]; b != nil { - txt = b.String() - } - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - item, _ = sjson.Set(item, "content.0.text", txt) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if len(st.FuncArgsBuf) > 0 { - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for i := range st.FuncArgsBuf { - idxs = append(idxs, i) - } - // small-N sort without extra imports - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - args := "" - if b := st.FuncArgsBuf[i]; b != nil { - args = b.String() - } - callID := st.FuncCallIDs[i] - name := st.FuncNames[i] - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - if st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.PromptTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", st.CachedTokens) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.CompletionTokens) - if st.ReasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", st.ReasoningTokens) - } - total := st.TotalTokens - if total == 0 { - total = st.PromptTokens + st.CompletionTokens - } - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - out = append(out, emitRespEvent("response.completed", completed)) - st.CompletionSent = true - } - - return true - }) - } - - return out -} - -// ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream builds a single Responses JSON -// from a non-streaming OpenAI Chat Completions response. -func ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - - // Basic response scaffold - resp := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null}` - - // id: use provider id if present, otherwise synthesize - id := root.Get("id").String() - if id == "" { - id = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - resp, _ = sjson.Set(resp, "id", id) - - // created_at: map from chat.completion created - created := root.Get("created").Int() - if created == 0 { - created = time.Now().Unix() - } - resp, _ = sjson.Set(resp, "created_at", created) - - // Echo request fields when available (aligns with streaming path behavior) - reqRawJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if reqRawJSON != nil { - req := gjson.ParseBytes(reqRawJSON) - if v := req.Get("instructions"); v.Exists() { - resp, _ = sjson.Set(resp, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } else { - // Also support max_tokens from chat completion style - if v = req.Get("max_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } - } - if v := req.Get("max_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } else if v = root.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - resp, _ = sjson.Set(resp, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - resp, _ = sjson.Set(resp, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - resp, _ = sjson.Set(resp, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - resp, _ = sjson.Set(resp, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - resp, _ = sjson.Set(resp, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - resp, _ = sjson.Set(resp, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - resp, _ = sjson.Set(resp, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - resp, _ = sjson.Set(resp, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - resp, _ = sjson.Set(resp, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - resp, _ = sjson.Set(resp, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - resp, _ = sjson.Set(resp, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - resp, _ = sjson.Set(resp, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - resp, _ = sjson.Set(resp, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - resp, _ = sjson.Set(resp, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - resp, _ = sjson.Set(resp, "metadata", v.Value()) - } - } else if v := root.Get("model"); v.Exists() { - // Fallback model from response - resp, _ = sjson.Set(resp, "model", v.String()) - } - - // Build output list from choices[...] - outputsWrapper := `{"arr":[]}` - // Detect and capture reasoning content if present - rcText := gjson.GetBytes(rawJSON, "choices.0.message.reasoning_content").String() - includeReasoning := rcText != "" - if !includeReasoning && reqRawJSON != nil { - includeReasoning = gjson.GetBytes(reqRawJSON, "reasoning").Exists() - } - if includeReasoning { - rid := strings.TrimPrefix(id, "resp_") - // Prefer summary_text from reasoning_content; encrypted_content is optional - reasoningItem := `{"id":"","type":"reasoning","encrypted_content":"","summary":[]}` - reasoningItem, _ = sjson.Set(reasoningItem, "id", fmt.Sprintf("rs_%s", rid)) - if rcText != "" { - reasoningItem, _ = sjson.Set(reasoningItem, "summary.0.type", "summary_text") - reasoningItem, _ = sjson.Set(reasoningItem, "summary.0.text", rcText) - } - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", reasoningItem) - } - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(_, choice gjson.Result) bool { - msg := choice.Get("message") - if msg.Exists() { - // Text message part - if c := msg.Get("content"); c.Exists() && c.String() != "" { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("msg_%s_%d", id, int(choice.Get("index").Int()))) - item, _ = sjson.Set(item, "content.0.text", c.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - - // Function/tool calls - if tcs := msg.Get("tool_calls"); tcs.Exists() && tcs.IsArray() { - tcs.ForEach(func(_, tc gjson.Result) bool { - callID := tc.Get("id").String() - name := tc.Get("function.name").String() - args := tc.Get("function.arguments").String() - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - return true - }) - } - } - return true - }) - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - resp, _ = sjson.SetRaw(resp, "output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // usage mapping - if usage := root.Get("usage"); usage.Exists() { - // Map common tokens - if usage.Get("prompt_tokens").Exists() || usage.Get("completion_tokens").Exists() || usage.Get("total_tokens").Exists() { - resp, _ = sjson.Set(resp, "usage.input_tokens", usage.Get("prompt_tokens").Int()) - if d := usage.Get("prompt_tokens_details.cached_tokens"); d.Exists() { - resp, _ = sjson.Set(resp, "usage.input_tokens_details.cached_tokens", d.Int()) - } - resp, _ = sjson.Set(resp, "usage.output_tokens", usage.Get("completion_tokens").Int()) - // Reasoning tokens not available in Chat Completions; set only if present under output_tokens_details - if d := usage.Get("output_tokens_details.reasoning_tokens"); d.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens_details.reasoning_tokens", d.Int()) - } - resp, _ = sjson.Set(resp, "usage.total_tokens", usage.Get("total_tokens").Int()) - } else { - // Fallback to raw usage object if structure differs - resp, _ = sjson.Set(resp, "usage", usage.Value()) - } - } - - return resp -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_response_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_response_test.go deleted file mode 100644 index fb84602b6c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/openai/openai/responses/openai_openai-responses_response_test.go +++ /dev/null @@ -1,295 +0,0 @@ -package responses - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponses(t *testing.T) { - ctx := context.Background() - var param any - - // 1. First chunk (reasoning) - chunk1 := []byte(`{"id": "resp1", "created": 123, "choices": [{"index": 0, "delta": {"reasoning_content": "Thinking..."}}]}`) - got1 := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk1, ¶m) - // response.created, response.in_progress, response.output_item.added(rs), response.reasoning_summary_part.added, response.reasoning_summary_text.delta - if len(got1) != 5 { - t.Errorf("expected 5 events for first chunk, got %d", len(got1)) - } - - // 2. Second chunk (content) - chunk2 := []byte(`{"id": "resp1", "choices": [{"index": 0, "delta": {"content": "Hello"}}]}`) - got2 := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk2, ¶m) - // reasoning text.done, reasoning part.done, reasoning item.done, msg item.added, msg content.added, msg text.delta - if len(got2) != 6 { - t.Errorf("expected 6 events for second chunk, got %d", len(got2)) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(t *testing.T) { - ctx := context.Background() - rawJSON := []byte(`{ - "id": "chatcmpl-123", - "created": 1677652288, - "model": "gpt-4o", - "choices": [{ - "index": 0, - "message": { - "role": "assistant", - "content": "Hello", - "reasoning_content": "Think" - }, - "finish_reason": "stop" - }], - "usage": { - "prompt_tokens": 10, - "completion_tokens": 20, - "total_tokens": 30 - } - }`) - - got := ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(ctx, "m1", nil, nil, rawJSON, nil) - res := gjson.Parse(got) - - if res.Get("id").String() != "chatcmpl-123" { - t.Errorf("expected id chatcmpl-123, got %s", res.Get("id").String()) - } - - outputs := res.Get("output").Array() - if len(outputs) != 2 { - t.Errorf("expected 2 output items, got %d", len(outputs)) - } - - if outputs[0].Get("type").String() != "reasoning" { - t.Errorf("expected first output item reasoning, got %s", outputs[0].Get("type").String()) - } - - if outputs[1].Get("type").String() != "message" { - t.Errorf("expected second output item message, got %s", outputs[1].Get("type").String()) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponses_ToolCalls(t *testing.T) { - ctx := context.Background() - var param any - - // Start message - chunk1 := []byte(`{"id": "resp1", "created": 123, "choices": [{"index": 0, "delta": {"content": "Hello"}}]}`) - got1 := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk1, ¶m) - if len(got1) != 5 { // created, in_prog, item.added, content.added, text.delta - t.Fatalf("expected 5 events, got %d", len(got1)) - } - - // Tool call delta (should trigger text done, part done, item done for current message) - chunk2 := []byte(`{"id": "resp1", "choices": [{"index": 0, "delta": {"tool_calls": [{"id": "c1", "function": {"name": "f1", "arguments": "{}"}}]}}]}`) - got2 := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk2, ¶m) - // text.done, content.done, item.done, tool_item.added, tool_args.delta - if len(got2) != 5 { - t.Errorf("expected 5 events for tool call, got %d", len(got2)) - } - - // Finish - chunk3 := []byte(`{"id": "resp1", "choices": [{"index": 0, "finish_reason": "stop"}]}`) - got3 := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk3, ¶m) - // tool_args.done, tool_item.done, completed - if len(got3) != 3 { - t.Errorf("expected 3 events for finish, got %d", len(got3)) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream_Usage(t *testing.T) { - ctx := context.Background() - rawJSON := []byte(`{ - "id": "chatcmpl-123", - "choices": [{"index": 0, "message": {"content": "hi"}}], - "usage": { - "prompt_tokens": 10, - "completion_tokens": 5, - "total_tokens": 15, - "prompt_tokens_details": {"cached_tokens": 3}, - "output_tokens_details": {"reasoning_tokens": 2} - } - }`) - - got := ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(ctx, "m1", nil, nil, rawJSON, nil) - res := gjson.Parse(got) - - if res.Get("usage.input_tokens_details.cached_tokens").Int() != 3 { - t.Errorf("expected cached_tokens 3, got %d", res.Get("usage.input_tokens_details.cached_tokens").Int()) - } - if res.Get("usage.output_tokens_details.reasoning_tokens").Int() != 2 { - t.Errorf("expected reasoning_tokens 2, got %d", res.Get("usage.output_tokens_details.reasoning_tokens").Int()) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponses_DoneMarkerEmitsCompletion(t *testing.T) { - ctx := context.Background() - var param any - - chunk := []byte(`{"id":"resp1","created":123,"choices":[{"index":0,"delta":{"content":"hello"}}]}`) - _ = ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk, ¶m) - - doneEvents := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, []byte("[DONE]"), ¶m) - if len(doneEvents) != 1 { - t.Fatalf("expected exactly one event on [DONE], got %d", len(doneEvents)) - } - if !strings.Contains(doneEvents[0], "event: response.completed") { - t.Fatalf("expected response.completed event on [DONE], got %q", doneEvents[0]) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponses_DoneMarkerNoDuplicateCompletion(t *testing.T) { - ctx := context.Background() - var param any - - chunk1 := []byte(`{"id":"resp1","created":123,"choices":[{"index":0,"delta":{"content":"hello"}}]}`) - _ = ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, chunk1, ¶m) - - finishChunk := []byte(`{"id":"resp1","choices":[{"index":0,"finish_reason":"stop"}]}`) - finishEvents := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, finishChunk, ¶m) - foundCompleted := false - for _, event := range finishEvents { - if strings.Contains(event, "event: response.completed") { - foundCompleted = true - break - } - } - if !foundCompleted { - t.Fatalf("expected response.completed on finish_reason chunk") - } - - doneEvents := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, "m1", nil, nil, []byte("[DONE]"), ¶m) - if len(doneEvents) != 0 { - t.Fatalf("expected no events on [DONE] after completion already emitted, got %d", len(doneEvents)) - } -} - -func extractEventData(event string) string { - lines := strings.SplitN(event, "\n", 2) - if len(lines) != 2 { - return "" - } - return strings.TrimSpace(strings.TrimPrefix(lines[1], "data: ")) -} - -func findCompletedData(outputs []string) string { - for _, output := range outputs { - if strings.HasPrefix(output, "event: response.completed") { - return extractEventData(output) - } - } - return "" -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream_UsesOriginalRequestJSON(t *testing.T) { - original := []byte(`{ - "instructions": "original instructions", - "max_output_tokens": 512, - "model": "orig-model", - "temperature": 0.2 - }`) - request := []byte(`{ - "instructions": "transformed instructions", - "max_output_tokens": 123, - "model": "request-model", - "temperature": 0.9 - }`) - raw := []byte(`{ - "id":"chatcmpl-1", - "created":1700000000, - "model":"gpt-4o-mini", - "choices":[{"index":0,"message":{"content":"hello","role":"assistant"}}], - "usage":{"prompt_tokens":10,"completion_tokens":20,"total_tokens":30} - }`) - - response := ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(context.TODO(), "", original, request, raw, nil) - - if got := gjson.Get(response, "instructions").String(); got != "original instructions" { - t.Fatalf("response.instructions expected original value, got %q", got) - } - if got := gjson.Get(response, "max_output_tokens").Int(); got != 512 { - t.Fatalf("response.max_output_tokens expected original value, got %d", got) - } - if got := gjson.Get(response, "model").String(); got != "orig-model" { - t.Fatalf("response.model expected original value, got %q", got) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream_FallsBackToRequestJSON(t *testing.T) { - request := []byte(`{ - "instructions": "request-only instructions", - "max_output_tokens": 333, - "model": "request-model", - "temperature": 0.8 - }`) - raw := []byte(`{ - "id":"chatcmpl-1", - "created":1700000000, - "model":"gpt-4o-mini", - "choices":[{"index":0,"message":{"content":"hello","role":"assistant"}}], - "usage":{"prompt_tokens":10,"completion_tokens":20,"total_tokens":30} - }`) - - response := ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(context.TODO(), "", nil, request, raw, nil) - - if got := gjson.Get(response, "instructions").String(); got != "request-only instructions" { - t.Fatalf("response.instructions expected request value, got %q", got) - } - if got := gjson.Get(response, "max_output_tokens").Int(); got != 333 { - t.Fatalf("response.max_output_tokens expected request value, got %d", got) - } - if got := gjson.Get(response, "model").String(); got != "request-model" { - t.Fatalf("response.model expected request value, got %q", got) - } -} - -func TestConvertOpenAIChatCompletionsResponseToOpenAIResponses_UsesOriginalRequestJSON(t *testing.T) { - var state any - original := []byte(`{ - "instructions":"stream original", - "max_output_tokens": 512, - "model":"orig-stream-model", - "temperature": 0.4 - }`) - request := []byte(`{ - "instructions":"stream transformed", - "max_output_tokens": 64, - "model":"request-stream-model", - "temperature": 0.9 - }`) - first := []byte(`{ - "id":"chatcmpl-stream", - "created":1700000001, - "object":"chat.completion.chunk", - "choices":[{"index":0,"delta":{"content":"hi"}}] - }`) - second := []byte(`{ - "id":"chatcmpl-stream", - "created":1700000001, - "object":"chat.completion.chunk", - "choices":[{"index":0,"delta":{},"finish_reason":"stop"}] - }`) - - output := ConvertOpenAIChatCompletionsResponseToOpenAIResponses(context.TODO(), "", original, request, first, &state) - if len(output) == 0 { - t.Fatal("expected first stream chunk to emit events") - } - output = ConvertOpenAIChatCompletionsResponseToOpenAIResponses(context.TODO(), "", original, request, second, &state) - completedData := findCompletedData(output) - if completedData == "" { - t.Fatal("expected response.completed event on final chunk") - } - - if got := gjson.Get(completedData, "response.instructions").String(); got != "stream original" { - t.Fatalf("response.instructions expected original value, got %q", got) - } - if got := gjson.Get(completedData, "response.model").String(); got != "orig-stream-model" { - t.Fatalf("response.model expected original value, got %q", got) - } - if got := gjson.Get(completedData, "response.temperature").Float(); got != 0.4 { - t.Fatalf("response.temperature expected original value, got %f", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/translator/translator.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/translator/translator.go deleted file mode 100644 index 4f0ed1cdbc..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/translator/translator.go +++ /dev/null @@ -1,89 +0,0 @@ -// Package translator provides request and response translation functionality -// between different AI API formats. It acts as a wrapper around the SDK translator -// registry, providing convenient functions for translating requests and responses -// between OpenAI, Claude, Gemini, and other API formats. -package translator - -import ( - "context" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" -) - -// registry holds the default translator registry instance. -var registry = sdktranslator.Default() - -// Register registers a new translator for converting between two API formats. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - request: The request translation function -// - response: The response translation function -func Register(from, to string, request interfaces.TranslateRequestFunc, response interfaces.TranslateResponse) { - registry.Register(sdktranslator.FromString(from), sdktranslator.FromString(to), request, response) -} - -// Request translates a request from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - modelName: The model name for the request -// - rawJSON: The raw JSON request data -// - stream: Whether this is a streaming request -// -// Returns: -// - []byte: The translated request JSON -func Request(from, to, modelName string, rawJSON []byte, stream bool) []byte { - return registry.TranslateRequest(sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, rawJSON, stream) -} - -// NeedConvert checks if a response translation is needed between two API formats. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// -// Returns: -// - bool: True if response translation is needed, false otherwise -func NeedConvert(from, to string) bool { - return registry.HasResponseTransformer(sdktranslator.FromString(from), sdktranslator.FromString(to)) -} - -// Response translates a streaming response from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - ctx: The context for the translation -// - modelName: The model name for the response -// - originalRequestRawJSON: The original request JSON -// - requestRawJSON: The translated request JSON -// - rawJSON: The raw response JSON -// - param: Additional parameters for translation -// -// Returns: -// - []string: The translated response lines -func Response(from, to string, ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - return registry.TranslateStream(ctx, sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// ResponseNonStream translates a non-streaming response from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - ctx: The context for the translation -// - modelName: The model name for the response -// - originalRequestRawJSON: The original request JSON -// - requestRawJSON: The translated request JSON -// - rawJSON: The raw response JSON -// - param: Additional parameters for translation -// -// Returns: -// - string: The translated response JSON -func ResponseNonStream(from, to string, ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return registry.TranslateNonStream(ctx, sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/translator/translator_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/translator/translator_test.go deleted file mode 100644 index 422d224f04..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/translator/translator_test.go +++ /dev/null @@ -1,87 +0,0 @@ -package translator - -import ( - "context" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" -) - -func TestRequest(t *testing.T) { - // OpenAI to OpenAI is usually a pass-through or simple transformation - input := []byte(`{"model": "gpt-3.5-turbo", "messages": [{"role": "user", "content": "hello"}]}`) - got := Request("openai", "openai", "gpt-4o", input, false) - if string(got) == "" { - t.Errorf("got empty result") - } -} - -func TestNeedConvert(t *testing.T) { - if NeedConvert("openai", "openai") { - t.Errorf("openai to openai should not need conversion by default") - } -} - -func TestResponse(t *testing.T) { - ctx := context.Background() - got := Response("openai", "openai", ctx, "gpt-4o", nil, nil, []byte(`{"id":"1"}`), nil) - if len(got) == 0 { - t.Errorf("got empty response") - } -} - -func TestRegister(t *testing.T) { - from := "unit_from" - to := "unit_to" - - Request(from, to, "model", []byte(`{}`), false) - - calls := 0 - Register(from, to, func(_ string, rawJSON []byte, _ bool) []byte { - calls++ - return append(append([]byte(`{"wrapped":`), rawJSON...), '}') - }, interfaces.TranslateResponse{ - Stream: func(_ context.Context, model string, _, _, rawJSON []byte, _ *any) []string { - calls++ - return []string{string(rawJSON) + "::" + model} - }, - NonStream: func(_ context.Context, model string, _, _, rawJSON []byte, _ *any) string { - calls++ - return string(rawJSON) + "::" + model - }, - }) - - gotReq := Request(from, to, "gpt-4o", []byte(`{"v":1}`), true) - if string(gotReq) != `{"wrapped":{"v":1}}` { - t.Fatalf("got request %q", string(gotReq)) - } - if !NeedConvert(from, to) { - t.Fatalf("expected conversion path to be registered") - } - if calls == 0 { - t.Fatalf("expected register callbacks to be invoked") - } -} - -func TestResponseNonStream(t *testing.T) { - from := "unit_from_nonstream" - to := "unit_to_nonstream" - - Register(from, to, nil, interfaces.TranslateResponse{ - NonStream: func(_ context.Context, model string, _, _, rawJSON []byte, _ *any) string { - return string(rawJSON) + "::" + model + "::nonstream" - }, - }) - - got := ResponseNonStream(to, from, context.Background(), "model-1", nil, nil, []byte("payload"), nil) - if got != `payload::model-1::nonstream` { - t.Fatalf("got %q, want %q", got, `payload::model-1::nonstream`) - } -} - -func TestResponseNonStreamFallback(t *testing.T) { - got := ResponseNonStream("missing_from", "missing_to", context.Background(), "model-2", nil, nil, []byte("payload"), nil) - if got != "payload" { - t.Fatalf("got %q, want raw payload", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/util/websearch.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/util/websearch.go deleted file mode 100644 index cef5b8c55f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/util/websearch.go +++ /dev/null @@ -1,13 +0,0 @@ -package util - -import "strings" - -// IsWebSearchTool checks if a tool name or type indicates web search capability. -func IsWebSearchTool(name, toolType string) bool { - name = strings.ToLower(strings.TrimSpace(name)) - toolType = strings.ToLower(strings.TrimSpace(toolType)) - - return name == "web_search" || - strings.HasPrefix(toolType, "web_search") || - toolType == "web_search_20250305" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/util/websearch_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/util/websearch_test.go deleted file mode 100644 index ba7d150870..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/translator/util/websearch_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package util - -import "testing" - -func TestIsWebSearchTool(t *testing.T) { - tests := []struct { - title string - toolName string - typ string - want bool - }{ - {title: "name only", toolName: "web_search", typ: "", want: true}, - {title: "name only mixed case", toolName: "WEB_SEARCH", typ: "", want: true}, - {title: "type exact", toolName: "", typ: "web_search_20250305", want: true}, - {title: "type legacy", toolName: "", typ: "web_search_beta_202501", want: true}, - {title: "not web search", toolName: "other_tool", typ: "other", want: false}, - } - - for _, tt := range tests { - t.Run(tt.title, func(t *testing.T) { - if got := IsWebSearchTool(tt.toolName, tt.typ); got != tt.want { - t.Fatalf("IsWebSearchTool(%q, %q) = %v, want %v", tt.toolName, tt.typ, got, tt.want) - } - }) - } - - for _, tt := range []struct { - name string - typ string - want bool - }{ - {name: "empty", typ: "", want: false}, - {name: "type prefix", typ: "web_search_202501", want: true}, - } { - t.Run("typ-only-"+tt.name, func(t *testing.T) { - if got := IsWebSearchTool("", tt.typ); got != tt.want { - t.Fatalf("IsWebSearchTool(\"\", %q) = %v, want %v", tt.typ, got, tt.want) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/app.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/app.go deleted file mode 100644 index b9ee9e1a3a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/app.go +++ /dev/null @@ -1,542 +0,0 @@ -package tui - -import ( - "fmt" - "io" - "os" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// Tab identifiers -const ( - tabDashboard = iota - tabConfig - tabAuthFiles - tabAPIKeys - tabOAuth - tabUsage - tabLogs -) - -// App is the root bubbletea model that contains all tab sub-models. -type App struct { - activeTab int - tabs []string - - standalone bool - logsEnabled bool - - authenticated bool - authInput textinput.Model - authError string - authConnecting bool - - dashboard dashboardModel - config configTabModel - auth authTabModel - keys keysTabModel - oauth oauthTabModel - usage usageTabModel - logs logsTabModel - - client *Client - - width int - height int - ready bool - - // Track which tabs have been initialized (fetched data) - initialized [7]bool -} - -type authConnectMsg struct { - cfg map[string]any - err error -} - -// NewApp creates the root TUI application model. -func NewApp(port int, secretKey string, hook *LogHook) App { - standalone := hook != nil - authRequired := !standalone - ti := textinput.New() - ti.CharLimit = 512 - ti.EchoMode = textinput.EchoPassword - ti.EchoCharacter = '*' - ti.SetValue(strings.TrimSpace(secretKey)) - ti.Focus() - - client := NewClient(port, secretKey) - app := App{ - activeTab: tabDashboard, - standalone: standalone, - logsEnabled: true, - authenticated: !authRequired, - authInput: ti, - dashboard: newDashboardModel(client), - config: newConfigTabModel(client), - auth: newAuthTabModel(client), - keys: newKeysTabModel(client), - oauth: newOAuthTabModel(client), - usage: newUsageTabModel(client), - logs: newLogsTabModel(client, hook), - client: client, - initialized: [7]bool{ - tabDashboard: true, - tabLogs: true, - }, - } - - app.refreshTabs() - if authRequired { - app.initialized = [7]bool{} - } - app.setAuthInputPrompt() - return app -} - -func (a App) Init() tea.Cmd { - if !a.authenticated { - return textinput.Blink - } - cmds := []tea.Cmd{a.dashboard.Init()} - if a.logsEnabled { - cmds = append(cmds, a.logs.Init()) - } - return tea.Batch(cmds...) -} - -func (a App) Update(msg tea.Msg) (tea.Model, tea.Cmd) { - switch msg := msg.(type) { - case tea.WindowSizeMsg: - a.width = msg.Width - a.height = msg.Height - a.ready = true - if a.width > 0 { - a.authInput.Width = a.width - 6 - } - contentH := a.height - 4 // tab bar + status bar - if contentH < 1 { - contentH = 1 - } - contentW := a.width - a.dashboard.SetSize(contentW, contentH) - a.config.SetSize(contentW, contentH) - a.auth.SetSize(contentW, contentH) - a.keys.SetSize(contentW, contentH) - a.oauth.SetSize(contentW, contentH) - a.usage.SetSize(contentW, contentH) - a.logs.SetSize(contentW, contentH) - return a, nil - - case authConnectMsg: - a.authConnecting = false - if msg.err != nil { - a.authError = fmt.Sprintf(T("auth_gate_connect_fail"), msg.err.Error()) - return a, nil - } - a.authError = "" - a.authenticated = true - a.logsEnabled = a.standalone || isLogsEnabledFromConfig(msg.cfg) - a.refreshTabs() - a.initialized = [7]bool{} - a.initialized[tabDashboard] = true - cmds := []tea.Cmd{a.dashboard.Init()} - if a.logsEnabled { - a.initialized[tabLogs] = true - cmds = append(cmds, a.logs.Init()) - } - return a, tea.Batch(cmds...) - - case configUpdateMsg: - var cmdLogs tea.Cmd - if !a.standalone && msg.err == nil && msg.path == "logging-to-file" { - logsEnabledConfig, okConfig := msg.value.(bool) - if okConfig { - logsEnabledBefore := a.logsEnabled - a.logsEnabled = logsEnabledConfig - if logsEnabledBefore != a.logsEnabled { - a.refreshTabs() - } - if !a.logsEnabled { - a.initialized[tabLogs] = false - } - if !logsEnabledBefore && a.logsEnabled { - a.initialized[tabLogs] = true - cmdLogs = a.logs.Init() - } - } - } - - var cmdConfig tea.Cmd - a.config, cmdConfig = a.config.Update(msg) - if cmdConfig != nil && cmdLogs != nil { - return a, tea.Batch(cmdConfig, cmdLogs) - } - if cmdConfig != nil { - return a, cmdConfig - } - return a, cmdLogs - - case tea.KeyMsg: - if !a.authenticated { - switch msg.String() { - case "ctrl+c", "q": - return a, tea.Quit - case "L": - ToggleLocale() - a.refreshTabs() - a.setAuthInputPrompt() - return a, nil - case "enter": - if a.authConnecting { - return a, nil - } - password := strings.TrimSpace(a.authInput.Value()) - if password == "" { - a.authError = T("auth_gate_password_required") - return a, nil - } - a.authError = "" - a.authConnecting = true - return a, a.connectWithPassword(password) - default: - var cmd tea.Cmd - a.authInput, cmd = a.authInput.Update(msg) - return a, cmd - } - } - - switch msg.String() { - case "ctrl+c": - return a, tea.Quit - case "q": - // Only quit if not in logs tab (where 'q' might be useful) - if !a.logsEnabled || a.activeTab != tabLogs { - return a, tea.Quit - } - case "L": - ToggleLocale() - a.refreshTabs() - return a.broadcastToAllTabs(localeChangedMsg{}) - case "tab": - if len(a.tabs) == 0 { - return a, nil - } - prevTab := a.activeTab - a.activeTab = (a.activeTab + 1) % len(a.tabs) - return a, a.initTabIfNeeded(prevTab) - case "shift+tab": - if len(a.tabs) == 0 { - return a, nil - } - prevTab := a.activeTab - a.activeTab = (a.activeTab - 1 + len(a.tabs)) % len(a.tabs) - return a, a.initTabIfNeeded(prevTab) - } - } - - if !a.authenticated { - var cmd tea.Cmd - a.authInput, cmd = a.authInput.Update(msg) - return a, cmd - } - - // Route msg to active tab - var cmd tea.Cmd - switch a.activeTab { - case tabDashboard: - a.dashboard, cmd = a.dashboard.Update(msg) - case tabConfig: - a.config, cmd = a.config.Update(msg) - case tabAuthFiles: - a.auth, cmd = a.auth.Update(msg) - case tabAPIKeys: - a.keys, cmd = a.keys.Update(msg) - case tabOAuth: - a.oauth, cmd = a.oauth.Update(msg) - case tabUsage: - a.usage, cmd = a.usage.Update(msg) - case tabLogs: - a.logs, cmd = a.logs.Update(msg) - } - - // Keep logs polling alive even when logs tab is not active. - if a.logsEnabled && a.activeTab != tabLogs { - switch msg.(type) { - case logsPollMsg, logsTickMsg, logLineMsg: - var logCmd tea.Cmd - a.logs, logCmd = a.logs.Update(msg) - if logCmd != nil { - cmd = logCmd - } - } - } - - return a, cmd -} - -// localeChangedMsg is broadcast to all tabs when the user toggles locale. -type localeChangedMsg struct{} - -func (a *App) refreshTabs() { - names := TabNames() - if a.logsEnabled { - a.tabs = names - } else { - filtered := make([]string, 0, len(names)-1) - for idx, name := range names { - if idx == tabLogs { - continue - } - filtered = append(filtered, name) - } - a.tabs = filtered - } - - if len(a.tabs) == 0 { - a.activeTab = tabDashboard - return - } - if a.activeTab >= len(a.tabs) { - a.activeTab = len(a.tabs) - 1 - } -} - -func (a *App) initTabIfNeeded(_ int) tea.Cmd { - if a.initialized[a.activeTab] { - return nil - } - a.initialized[a.activeTab] = true - switch a.activeTab { - case tabDashboard: - return a.dashboard.Init() - case tabConfig: - return a.config.Init() - case tabAuthFiles: - return a.auth.Init() - case tabAPIKeys: - return a.keys.Init() - case tabOAuth: - return a.oauth.Init() - case tabUsage: - return a.usage.Init() - case tabLogs: - if !a.logsEnabled { - return nil - } - return a.logs.Init() - } - return nil -} - -func (a App) View() string { - if !a.authenticated { - return a.renderAuthView() - } - - if !a.ready { - return T("initializing_tui") - } - - var sb strings.Builder - - // Tab bar - sb.WriteString(a.renderTabBar()) - sb.WriteString("\n") - - // Content - switch a.activeTab { - case tabDashboard: - sb.WriteString(a.dashboard.View()) - case tabConfig: - sb.WriteString(a.config.View()) - case tabAuthFiles: - sb.WriteString(a.auth.View()) - case tabAPIKeys: - sb.WriteString(a.keys.View()) - case tabOAuth: - sb.WriteString(a.oauth.View()) - case tabUsage: - sb.WriteString(a.usage.View()) - case tabLogs: - if a.logsEnabled { - sb.WriteString(a.logs.View()) - } - } - - // Status bar - sb.WriteString("\n") - sb.WriteString(a.renderStatusBar()) - - return sb.String() -} - -func (a App) renderAuthView() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("auth_gate_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_gate_help"))) - sb.WriteString("\n\n") - if a.authConnecting { - sb.WriteString(warningStyle.Render(T("auth_gate_connecting"))) - sb.WriteString("\n\n") - } - if strings.TrimSpace(a.authError) != "" { - sb.WriteString(errorStyle.Render(a.authError)) - sb.WriteString("\n\n") - } - sb.WriteString(a.authInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_gate_enter"))) - return sb.String() -} - -func (a App) renderTabBar() string { - var tabs []string - for i, name := range a.tabs { - if i == a.activeTab { - tabs = append(tabs, tabActiveStyle.Render(name)) - } else { - tabs = append(tabs, tabInactiveStyle.Render(name)) - } - } - tabBar := lipgloss.JoinHorizontal(lipgloss.Top, tabs...) - return tabBarStyle.Width(a.width).Render(tabBar) -} - -func (a App) renderStatusBar() string { - left := strings.TrimRight(T("status_left"), " ") - right := strings.TrimRight(T("status_right"), " ") - - width := a.width - if width < 1 { - width = 1 - } - - // statusBarStyle has left/right padding(1), so content area is width-2. - contentWidth := width - 2 - if contentWidth < 0 { - contentWidth = 0 - } - - if lipgloss.Width(left) > contentWidth { - left = fitStringWidth(left, contentWidth) - right = "" - } - - remaining := contentWidth - lipgloss.Width(left) - if remaining < 0 { - remaining = 0 - } - if lipgloss.Width(right) > remaining { - right = fitStringWidth(right, remaining) - } - - gap := contentWidth - lipgloss.Width(left) - lipgloss.Width(right) - if gap < 0 { - gap = 0 - } - return statusBarStyle.Width(width).Render(left + strings.Repeat(" ", gap) + right) -} - -func fitStringWidth(text string, maxWidth int) string { - if maxWidth <= 0 { - return "" - } - if lipgloss.Width(text) <= maxWidth { - return text - } - - out := "" - for _, r := range text { - next := out + string(r) - if lipgloss.Width(next) > maxWidth { - break - } - out = next - } - return out -} - -func isLogsEnabledFromConfig(cfg map[string]any) bool { - if cfg == nil { - return true - } - value, ok := cfg["logging-to-file"] - if !ok { - return true - } - enabled, ok := value.(bool) - if !ok { - return true - } - return enabled -} - -func (a *App) setAuthInputPrompt() { - if a == nil { - return - } - a.authInput.Prompt = fmt.Sprintf(" %s: ", T("auth_gate_password")) -} - -func (a App) connectWithPassword(password string) tea.Cmd { - return func() tea.Msg { - a.client.SetSecretKey(password) - cfg, errGetConfig := a.client.GetConfig() - return authConnectMsg{cfg: cfg, err: errGetConfig} - } -} - -// Run starts the TUI application. -// output specifies where bubbletea renders. If nil, defaults to os.Stdout. -func Run(port int, secretKey string, hook *LogHook, output io.Writer) error { - if output == nil { - output = os.Stdout - } - app := NewApp(port, secretKey, hook) - p := tea.NewProgram(app, tea.WithAltScreen(), tea.WithOutput(output)) - _, err := p.Run() - return err -} - -func (a App) broadcastToAllTabs(msg tea.Msg) (tea.Model, tea.Cmd) { - var cmds []tea.Cmd - var cmd tea.Cmd - - a.dashboard, cmd = a.dashboard.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.config, cmd = a.config.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.auth, cmd = a.auth.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.keys, cmd = a.keys.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.oauth, cmd = a.oauth.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.usage, cmd = a.usage.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.logs, cmd = a.logs.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - - return a, tea.Batch(cmds...) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/auth_tab.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/auth_tab.go deleted file mode 100644 index 519994420a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/auth_tab.go +++ /dev/null @@ -1,456 +0,0 @@ -package tui - -import ( - "fmt" - "strconv" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// editableField represents an editable field on an auth file. -type editableField struct { - label string - key string // API field key: "prefix", "proxy_url", "priority" -} - -var authEditableFields = []editableField{ - {label: "Prefix", key: "prefix"}, - {label: "Proxy URL", key: "proxy_url"}, - {label: "Priority", key: "priority"}, -} - -// authTabModel displays auth credential files with interactive management. -type authTabModel struct { - client *Client - viewport viewport.Model - files []map[string]any - err error - width int - height int - ready bool - cursor int - expanded int // -1 = none expanded, >=0 = expanded index - confirm int // -1 = no confirmation, >=0 = confirm delete for index - status string - - // Editing state - editing bool // true when editing a field - editField int // index into authEditableFields - editInput textinput.Model // text input for editing - editFileName string // name of file being edited -} - -type authFilesMsg struct { - files []map[string]any - err error -} - -type authActionMsg struct { - action string // "deleted", "toggled", "updated" - err error -} - -func newAuthTabModel(client *Client) authTabModel { - ti := textinput.New() - ti.CharLimit = 256 - return authTabModel{ - client: client, - expanded: -1, - confirm: -1, - editInput: ti, - } -} - -func (m authTabModel) Init() tea.Cmd { - return m.fetchFiles -} - -func (m authTabModel) fetchFiles() tea.Msg { - files, err := m.client.GetAuthFiles() - return authFilesMsg{files: files, err: err} -} - -func (m authTabModel) Update(msg tea.Msg) (authTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case authFilesMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.files = msg.files - if m.cursor >= len(m.files) { - m.cursor = max(0, len(m.files)-1) - } - m.status = "" - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case authActionMsg: - if msg.err != nil { - m.status = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.status = successStyle.Render("✓ " + msg.action) - } - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, m.fetchFiles - - case tea.KeyMsg: - // ---- Editing mode ---- - if m.editing { - return m.handleEditInput(msg) - } - - // ---- Delete confirmation mode ---- - if m.confirm >= 0 { - return m.handleConfirmInput(msg) - } - - // ---- Normal mode ---- - return m.handleNormalInput(msg) - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -// startEdit activates inline editing for a field on the currently selected auth file. -func (m *authTabModel) startEdit(fieldIdx int) tea.Cmd { - if m.cursor >= len(m.files) { - return nil - } - f := m.files[m.cursor] - m.editFileName = getString(f, "name") - m.editField = fieldIdx - m.editing = true - - // Pre-populate with current value - key := authEditableFields[fieldIdx].key - currentVal := getAnyString(f, key) - m.editInput.SetValue(currentVal) - m.editInput.Focus() - m.editInput.Prompt = fmt.Sprintf(" %s: ", authEditableFields[fieldIdx].label) - m.viewport.SetContent(m.renderContent()) - return textinput.Blink -} - -func (m *authTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.editInput.Width = w - 20 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m authTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m authTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("auth_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_help1"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_help2"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - if len(m.files) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_auth_files"))) - sb.WriteString("\n") - return sb.String() - } - - for i, f := range m.files { - name := getString(f, "name") - channel := getString(f, "channel") - email := getString(f, "email") - disabled := getBool(f, "disabled") - - statusIcon := successStyle.Render("●") - statusText := T("status_active") - if disabled { - statusIcon = lipgloss.NewStyle().Foreground(colorMuted).Render("○") - statusText = T("status_disabled") - } - - cursor := " " - rowStyle := lipgloss.NewStyle() - if i == m.cursor { - cursor = "▸ " - rowStyle = lipgloss.NewStyle().Bold(true) - } - - displayName := name - if len(displayName) > 24 { - displayName = displayName[:21] + "..." - } - displayEmail := email - if len(displayEmail) > 28 { - displayEmail = displayEmail[:25] + "..." - } - - row := fmt.Sprintf("%s%s %-24s %-12s %-28s %s", - cursor, statusIcon, displayName, channel, displayEmail, statusText) - sb.WriteString(rowStyle.Render(row)) - sb.WriteString("\n") - - // Delete confirmation - if m.confirm == i { - sb.WriteString(warningStyle.Render(fmt.Sprintf(" "+T("confirm_delete"), name))) - sb.WriteString("\n") - } - - // Inline edit input - if m.editing && i == m.cursor { - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(" " + T("enter_save") + " • " + T("esc_cancel"))) - sb.WriteString("\n") - } - - // Expanded detail view - if m.expanded == i { - sb.WriteString(m.renderDetail(f)) - } - } - - if m.status != "" { - sb.WriteString("\n") - sb.WriteString(m.status) - sb.WriteString("\n") - } - - return sb.String() -} - -func (m authTabModel) renderDetail(f map[string]any) string { - var sb strings.Builder - - labelStyle := lipgloss.NewStyle(). - Foreground(lipgloss.Color("111")). - Bold(true) - valueStyle := lipgloss.NewStyle(). - Foreground(lipgloss.Color("252")) - editableMarker := lipgloss.NewStyle(). - Foreground(lipgloss.Color("214")). - Render(" ✎") - - sb.WriteString(" ┌─────────────────────────────────────────────\n") - - fields := []struct { - label string - key string - editable bool - }{ - {"Name", "name", false}, - {"Channel", "channel", false}, - {"Email", "email", false}, - {"Status", "status", false}, - {"Status Msg", "status_message", false}, - {"File Name", "file_name", false}, - {"Auth Type", "auth_type", false}, - {"Prefix", "prefix", true}, - {"Proxy URL", "proxy_url", true}, - {"Priority", "priority", true}, - {"Project ID", "project_id", false}, - {"Disabled", "disabled", false}, - {"Created", "created_at", false}, - {"Updated", "updated_at", false}, - } - - for _, field := range fields { - val := getAnyString(f, field.key) - if val == "" || val == "" { - if field.editable { - val = T("not_set") - } else { - continue - } - } - editMark := "" - if field.editable { - editMark = editableMarker - } - line := fmt.Sprintf(" │ %s %s%s", - labelStyle.Render(fmt.Sprintf("%-12s:", field.label)), - valueStyle.Render(val), - editMark) - sb.WriteString(line) - sb.WriteString("\n") - } - - sb.WriteString(" └─────────────────────────────────────────────\n") - return sb.String() -} - -// getAnyString converts any value to its string representation. -func getAnyString(m map[string]any, key string) string { - v, ok := m[key] - if !ok || v == nil { - return "" - } - return fmt.Sprintf("%v", v) -} - -func max(a, b int) int { - if a > b { - return a - } - return b -} - -func (m authTabModel) handleEditInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "enter": - value := m.editInput.Value() - fieldKey := authEditableFields[m.editField].key - fileName := m.editFileName - m.editing = false - m.editInput.Blur() - fields := map[string]any{} - if fieldKey == "priority" { - p, err := strconv.Atoi(value) - if err != nil { - return m, func() tea.Msg { - return authActionMsg{err: fmt.Errorf("%s: %s", T("invalid_int"), value)} - } - } - fields[fieldKey] = p - } else { - fields[fieldKey] = value - } - return m, func() tea.Msg { - err := m.client.PatchAuthFileFields(fileName, fields) - if err != nil { - return authActionMsg{err: err} - } - return authActionMsg{action: fmt.Sprintf(T("updated_field"), fieldKey, fileName)} - } - case "esc": - m.editing = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.editInput, cmd = m.editInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } -} - -func (m authTabModel) handleConfirmInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "y", "Y": - idx := m.confirm - m.confirm = -1 - if idx < len(m.files) { - name := getString(m.files[idx], "name") - return m, func() tea.Msg { - err := m.client.DeleteAuthFile(name) - if err != nil { - return authActionMsg{err: err} - } - return authActionMsg{action: fmt.Sprintf(T("deleted"), name)} - } - } - m.viewport.SetContent(m.renderContent()) - return m, nil - case "n", "N", "esc": - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, nil - } - return m, nil -} - -func (m authTabModel) handleNormalInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "j", "down": - if len(m.files) > 0 { - m.cursor = (m.cursor + 1) % len(m.files) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "k", "up": - if len(m.files) > 0 { - m.cursor = (m.cursor - 1 + len(m.files)) % len(m.files) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "enter", " ": - if m.expanded == m.cursor { - m.expanded = -1 - } else { - m.expanded = m.cursor - } - m.viewport.SetContent(m.renderContent()) - return m, nil - case "d", "D": - if m.cursor < len(m.files) { - m.confirm = m.cursor - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "e", "E": - if m.cursor < len(m.files) { - f := m.files[m.cursor] - name := getString(f, "name") - disabled := getBool(f, "disabled") - newDisabled := !disabled - return m, func() tea.Msg { - err := m.client.ToggleAuthFile(name, newDisabled) - if err != nil { - return authActionMsg{err: err} - } - action := T("enabled") - if newDisabled { - action = T("disabled") - } - return authActionMsg{action: fmt.Sprintf("%s %s", action, name)} - } - } - return m, nil - case "1": - return m, m.startEdit(0) // prefix - case "2": - return m, m.startEdit(1) // proxy_url - case "3": - return m, m.startEdit(2) // priority - case "r": - m.status = "" - return m, m.fetchFiles - default: - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/browser.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/browser.go deleted file mode 100644 index 5532a5a21b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/browser.go +++ /dev/null @@ -1,20 +0,0 @@ -package tui - -import ( - "os/exec" - "runtime" -) - -// openBrowser opens the specified URL in the user's default browser. -func openBrowser(url string) error { - switch runtime.GOOS { - case "darwin": - return exec.Command("open", url).Start() - case "linux": - return exec.Command("xdg-open", url).Start() - case "windows": - return exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start() - default: - return exec.Command("xdg-open", url).Start() - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/client.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/client.go deleted file mode 100644 index bab467e152..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/client.go +++ /dev/null @@ -1,400 +0,0 @@ -package tui - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strconv" - "strings" - "time" -) - -// Client wraps HTTP calls to the management API. -type Client struct { - baseURL string - secretKey string - http *http.Client -} - -// NewClient creates a new management API client. -func NewClient(port int, secretKey string) *Client { - return &Client{ - baseURL: fmt.Sprintf("http://127.0.0.1:%d", port), - secretKey: strings.TrimSpace(secretKey), - http: &http.Client{ - Timeout: 10 * time.Second, - }, - } -} - -// SetSecretKey updates management API bearer token used by this client. -func (c *Client) SetSecretKey(secretKey string) { - c.secretKey = strings.TrimSpace(secretKey) -} - -func (c *Client) doRequest(method, path string, body io.Reader) ([]byte, int, error) { - url := c.baseURL + path - req, err := http.NewRequest(method, url, body) - if err != nil { - return nil, 0, err - } - if c.secretKey != "" { - req.Header.Set("Authorization", "Bearer "+c.secretKey) - } - if body != nil { - req.Header.Set("Content-Type", "application/json") - } - resp, err := c.http.Do(req) - if err != nil { - return nil, 0, err - } - defer func() { _ = resp.Body.Close() }() - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil, resp.StatusCode, err - } - return data, resp.StatusCode, nil -} - -func (c *Client) get(path string) ([]byte, error) { - data, code, err := c.doRequest("GET", path, nil) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -func (c *Client) put(path string, body io.Reader) ([]byte, error) { - data, code, err := c.doRequest("PUT", path, body) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -func (c *Client) patch(path string, body io.Reader) ([]byte, error) { - data, code, err := c.doRequest("PATCH", path, body) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -// getJSON fetches a path and unmarshals JSON into a generic map. -func (c *Client) getJSON(path string) (map[string]any, error) { - data, err := c.get(path) - if err != nil { - return nil, err - } - var result map[string]any - if err := json.Unmarshal(data, &result); err != nil { - return nil, err - } - return result, nil -} - -// postJSON sends a JSON body via POST and checks for errors. -func (c *Client) postJSON(path string, body any) error { - jsonBody, err := json.Marshal(body) - if err != nil { - return err - } - _, code, err := c.doRequest("POST", path, strings.NewReader(string(jsonBody))) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("HTTP %d", code) - } - return nil -} - -// GetConfig fetches the parsed config. -func (c *Client) GetConfig() (map[string]any, error) { - return c.getJSON("/v0/management/config") -} - -// GetConfigYAML fetches the raw config.yaml content. -func (c *Client) GetConfigYAML() (string, error) { - data, err := c.get("/v0/management/config.yaml") - if err != nil { - return "", err - } - return string(data), nil -} - -// PutConfigYAML uploads new config.yaml content. -func (c *Client) PutConfigYAML(yamlContent string) error { - _, err := c.put("/v0/management/config.yaml", strings.NewReader(yamlContent)) - return err -} - -// GetUsage fetches usage statistics. -func (c *Client) GetUsage() (map[string]any, error) { - return c.getJSON("/v0/management/usage") -} - -// GetAuthFiles lists auth credential files. -// API returns {"files": [...]}. -func (c *Client) GetAuthFiles() ([]map[string]any, error) { - wrapper, err := c.getJSON("/v0/management/auth-files") - if err != nil { - return nil, err - } - return extractList(wrapper, "files") -} - -// DeleteAuthFile deletes a single auth file by name. -func (c *Client) DeleteAuthFile(name string) error { - query := url.Values{} - query.Set("name", name) - path := "/v0/management/auth-files?" + query.Encode() - _, code, err := c.doRequest("DELETE", path, nil) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("delete failed (HTTP %d)", code) - } - return nil -} - -// ToggleAuthFile enables or disables an auth file. -func (c *Client) ToggleAuthFile(name string, disabled bool) error { - body, _ := json.Marshal(map[string]any{"name": name, "disabled": disabled}) - _, err := c.patch("/v0/management/auth-files/status", strings.NewReader(string(body))) - return err -} - -// PatchAuthFileFields updates editable fields on an auth file. -func (c *Client) PatchAuthFileFields(name string, fields map[string]any) error { - fields["name"] = name - body, _ := json.Marshal(fields) - _, err := c.patch("/v0/management/auth-files/fields", strings.NewReader(string(body))) - return err -} - -// GetLogs fetches log lines from the server. -func (c *Client) GetLogs(after int64, limit int) ([]string, int64, error) { - query := url.Values{} - if limit > 0 { - query.Set("limit", strconv.Itoa(limit)) - } - if after > 0 { - query.Set("after", strconv.FormatInt(after, 10)) - } - - path := "/v0/management/logs" - encodedQuery := query.Encode() - if encodedQuery != "" { - path += "?" + encodedQuery - } - - wrapper, err := c.getJSON(path) - if err != nil { - return nil, after, err - } - - lines := []string{} - if rawLines, ok := wrapper["lines"]; ok && rawLines != nil { - rawJSON, errMarshal := json.Marshal(rawLines) - if errMarshal != nil { - return nil, after, errMarshal - } - if errUnmarshal := json.Unmarshal(rawJSON, &lines); errUnmarshal != nil { - return nil, after, errUnmarshal - } - } - - latest := after - if rawLatest, ok := wrapper["latest-timestamp"]; ok { - switch value := rawLatest.(type) { - case float64: - latest = int64(value) - case json.Number: - if parsed, errParse := value.Int64(); errParse == nil { - latest = parsed - } - case int64: - latest = value - case int: - latest = int64(value) - } - } - if latest < after { - latest = after - } - - return lines, latest, nil -} - -// GetAPIKeys fetches the list of API keys. -// API returns {"api-keys": [...]}. -func (c *Client) GetAPIKeys() ([]string, error) { - wrapper, err := c.getJSON("/v0/management/api-keys") - if err != nil { - return nil, err - } - arr, ok := wrapper["api-keys"] - if !ok { - return nil, nil - } - raw, err := json.Marshal(arr) - if err != nil { - return nil, err - } - var result []string - if err := json.Unmarshal(raw, &result); err != nil { - return nil, err - } - return result, nil -} - -// AddAPIKey adds a new API key by sending old=nil, new=key which appends. -func (c *Client) AddAPIKey(key string) error { - body := map[string]any{"old": nil, "new": key} - jsonBody, _ := json.Marshal(body) - _, err := c.patch("/v0/management/api-keys", strings.NewReader(string(jsonBody))) - return err -} - -// EditAPIKey replaces an API key at the given index. -func (c *Client) EditAPIKey(index int, newValue string) error { - body := map[string]any{"index": index, "value": newValue} - jsonBody, _ := json.Marshal(body) - _, err := c.patch("/v0/management/api-keys", strings.NewReader(string(jsonBody))) - return err -} - -// DeleteAPIKey deletes an API key by index. -func (c *Client) DeleteAPIKey(index int) error { - _, code, err := c.doRequest("DELETE", fmt.Sprintf("/v0/management/api-keys?index=%d", index), nil) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("delete failed (HTTP %d)", code) - } - return nil -} - -// GetGeminiKeys fetches Gemini API keys. -// API returns {"gemini-api-key": [...]}. -func (c *Client) GetGeminiKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/gemini-api-key", "gemini-api-key") -} - -// GetClaudeKeys fetches Claude API keys. -func (c *Client) GetClaudeKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/claude-api-key", "claude-api-key") -} - -// GetCodexKeys fetches Codex API keys. -func (c *Client) GetCodexKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/codex-api-key", "codex-api-key") -} - -// GetVertexKeys fetches Vertex API keys. -func (c *Client) GetVertexKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/vertex-api-key", "vertex-api-key") -} - -// GetOpenAICompat fetches OpenAI compatibility entries. -func (c *Client) GetOpenAICompat() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/openai-compatibility", "openai-compatibility") -} - -// getWrappedKeyList fetches a wrapped list from the API. -func (c *Client) getWrappedKeyList(path, key string) ([]map[string]any, error) { - wrapper, err := c.getJSON(path) - if err != nil { - return nil, err - } - return extractList(wrapper, key) -} - -// extractList pulls an array of maps from a wrapper object by key. -func extractList(wrapper map[string]any, key string) ([]map[string]any, error) { - arr, ok := wrapper[key] - if !ok || arr == nil { - return nil, nil - } - raw, err := json.Marshal(arr) - if err != nil { - return nil, err - } - var result []map[string]any - if err := json.Unmarshal(raw, &result); err != nil { - return nil, err - } - return result, nil -} - -// GetDebug fetches the current debug setting. -func (c *Client) GetDebug() (bool, error) { - wrapper, err := c.getJSON("/v0/management/debug") - if err != nil { - return false, err - } - if v, ok := wrapper["debug"]; ok { - if b, ok := v.(bool); ok { - return b, nil - } - } - return false, nil -} - -// GetAuthStatus polls the OAuth session status. -// Returns status ("wait", "ok", "error") and optional error message. -func (c *Client) GetAuthStatus(state string) (string, string, error) { - query := url.Values{} - query.Set("state", state) - path := "/v0/management/get-auth-status?" + query.Encode() - wrapper, err := c.getJSON(path) - if err != nil { - return "", "", err - } - status := getString(wrapper, "status") - errMsg := getString(wrapper, "error") - return status, errMsg, nil -} - -// ----- Config field update methods ----- - -// PutBoolField updates a boolean config field. -func (c *Client) PutBoolField(path string, value bool) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// PutIntField updates an integer config field. -func (c *Client) PutIntField(path string, value int) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// PutStringField updates a string config field. -func (c *Client) PutStringField(path string, value string) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// DeleteField sends a DELETE request for a config field. -func (c *Client) DeleteField(path string) error { - _, _, err := c.doRequest("DELETE", "/v0/management/"+path, nil) - return err -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/config_tab.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/config_tab.go deleted file mode 100644 index ff9ad040e0..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/config_tab.go +++ /dev/null @@ -1,413 +0,0 @@ -package tui - -import ( - "fmt" - "strconv" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// configField represents a single editable config field. -type configField struct { - label string - apiPath string // management API path (e.g. "debug", "proxy-url") - kind string // "bool", "int", "string", "readonly" - value string // current display value - rawValue any // raw value from API -} - -// configTabModel displays parsed config with interactive editing. -type configTabModel struct { - client *Client - viewport viewport.Model - fields []configField - cursor int - editing bool - textInput textinput.Model - err error - message string // status message (success/error) - width int - height int - ready bool -} - -type configDataMsg struct { - config map[string]any - err error -} - -type configUpdateMsg struct { - path string - value any - err error -} - -func newConfigTabModel(client *Client) configTabModel { - ti := textinput.New() - ti.CharLimit = 256 - return configTabModel{ - client: client, - textInput: ti, - } -} - -func (m configTabModel) Init() tea.Cmd { - return m.fetchConfig -} - -func (m configTabModel) fetchConfig() tea.Msg { - cfg, err := m.client.GetConfig() - return configDataMsg{config: cfg, err: err} -} - -func (m configTabModel) Update(msg tea.Msg) (configTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case configDataMsg: - if msg.err != nil { - m.err = msg.err - m.fields = nil - } else { - m.err = nil - m.fields = m.parseConfig(msg.config) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case configUpdateMsg: - if msg.err != nil { - m.message = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.message = successStyle.Render(T("updated_ok")) - } - m.viewport.SetContent(m.renderContent()) - // Refresh config from server - return m, m.fetchConfig - - case tea.KeyMsg: - if m.editing { - return m.handleEditingKey(msg) - } - return m.handleNormalKey(msg) - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m configTabModel) handleNormalKey(msg tea.KeyMsg) (configTabModel, tea.Cmd) { - switch msg.String() { - case "r": - m.message = "" - return m, m.fetchConfig - case "up", "k": - if m.cursor > 0 { - m.cursor-- - m.viewport.SetContent(m.renderContent()) - // Ensure cursor is visible - m.ensureCursorVisible() - } - return m, nil - case "down", "j": - if m.cursor < len(m.fields)-1 { - m.cursor++ - m.viewport.SetContent(m.renderContent()) - m.ensureCursorVisible() - } - return m, nil - case "enter", " ": - if m.cursor >= 0 && m.cursor < len(m.fields) { - f := m.fields[m.cursor] - if f.kind == "readonly" { - return m, nil - } - if f.kind == "bool" { - // Toggle directly - return m, m.toggleBool(m.cursor) - } - // Start editing for int/string - m.editing = true - m.textInput.SetValue(configFieldEditValue(f)) - m.textInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - } - return m, nil - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m configTabModel) handleEditingKey(msg tea.KeyMsg) (configTabModel, tea.Cmd) { - switch msg.String() { - case "enter": - m.editing = false - m.textInput.Blur() - return m, m.submitEdit(m.cursor, m.textInput.Value()) - case "esc": - m.editing = false - m.textInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.textInput, cmd = m.textInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } -} - -func (m configTabModel) toggleBool(idx int) tea.Cmd { - return func() tea.Msg { - f := m.fields[idx] - current := f.value == "true" - newValue := !current - errPutBool := m.client.PutBoolField(f.apiPath, newValue) - return configUpdateMsg{ - path: f.apiPath, - value: newValue, - err: errPutBool, - } - } -} - -func (m configTabModel) submitEdit(idx int, newValue string) tea.Cmd { - return func() tea.Msg { - f := m.fields[idx] - var err error - var value any - switch f.kind { - case "int": - valueInt, errAtoi := strconv.Atoi(newValue) - if errAtoi != nil { - return configUpdateMsg{ - path: f.apiPath, - err: fmt.Errorf("%s: %s", T("invalid_int"), newValue), - } - } - value = valueInt - err = m.client.PutIntField(f.apiPath, valueInt) - case "string": - value = newValue - err = m.client.PutStringField(f.apiPath, newValue) - } - return configUpdateMsg{ - path: f.apiPath, - value: value, - err: err, - } - } -} - -func configFieldEditValue(f configField) string { - if rawString, ok := f.rawValue.(string); ok { - return rawString - } - return f.value -} - -func (m *configTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m *configTabModel) ensureCursorVisible() { - // Each field takes ~1 line, header takes ~4 lines - targetLine := m.cursor + 5 - if targetLine < m.viewport.YOffset { - m.viewport.SetYOffset(targetLine) - } - if targetLine >= m.viewport.YOffset+m.viewport.Height { - m.viewport.SetYOffset(targetLine - m.viewport.Height + 1) - } -} - -func (m configTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m configTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("config_title"))) - sb.WriteString("\n") - - if m.message != "" { - sb.WriteString(" " + m.message) - sb.WriteString("\n") - } - - sb.WriteString(helpStyle.Render(T("config_help1"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("config_help2"))) - sb.WriteString("\n\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render(" ⚠ Error: " + m.err.Error())) - return sb.String() - } - - if len(m.fields) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_config"))) - return sb.String() - } - - currentSection := "" - for i, f := range m.fields { - // Section headers - section := fieldSection(f.apiPath) - if section != currentSection { - currentSection = section - sb.WriteString("\n") - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(" ── " + section + " ")) - sb.WriteString("\n") - } - - isSelected := i == m.cursor - prefix := " " - if isSelected { - prefix = "▸ " - } - - labelStr := lipgloss.NewStyle(). - Foreground(colorInfo). - Bold(isSelected). - Width(32). - Render(f.label) - - var valueStr string - if m.editing && isSelected { - valueStr = m.textInput.View() - } else { - switch f.kind { - case "bool": - if f.value == "true" { - valueStr = successStyle.Render("● ON") - } else { - valueStr = lipgloss.NewStyle().Foreground(colorMuted).Render("○ OFF") - } - case "readonly": - valueStr = lipgloss.NewStyle().Foreground(colorSubtext).Render(f.value) - default: - valueStr = valueStyle.Render(f.value) - } - } - - line := prefix + labelStr + " " + valueStr - if isSelected && !m.editing { - line = lipgloss.NewStyle().Background(colorSurface).Render(line) - } - sb.WriteString(line + "\n") - } - - return sb.String() -} - -func (m configTabModel) parseConfig(cfg map[string]any) []configField { - var fields []configField - - // Server settings - fields = append(fields, configField{"Port", "port", "readonly", fmt.Sprintf("%.0f", getFloat(cfg, "port")), nil}) - fields = append(fields, configField{"Host", "host", "readonly", getString(cfg, "host"), nil}) - fields = append(fields, configField{"Debug", "debug", "bool", fmt.Sprintf("%v", getBool(cfg, "debug")), nil}) - fields = append(fields, configField{"Proxy URL", "proxy-url", "string", getString(cfg, "proxy-url"), nil}) - fields = append(fields, configField{"Request Retry", "request-retry", "int", fmt.Sprintf("%.0f", getFloat(cfg, "request-retry")), nil}) - fields = append(fields, configField{"Max Retry Interval (s)", "max-retry-interval", "int", fmt.Sprintf("%.0f", getFloat(cfg, "max-retry-interval")), nil}) - fields = append(fields, configField{"Force Model Prefix", "force-model-prefix", "string", getString(cfg, "force-model-prefix"), nil}) - - // Logging - fields = append(fields, configField{"Logging to File", "logging-to-file", "bool", fmt.Sprintf("%v", getBool(cfg, "logging-to-file")), nil}) - fields = append(fields, configField{"Logs Max Total Size (MB)", "logs-max-total-size-mb", "int", fmt.Sprintf("%.0f", getFloat(cfg, "logs-max-total-size-mb")), nil}) - fields = append(fields, configField{"Error Logs Max Files", "error-logs-max-files", "int", fmt.Sprintf("%.0f", getFloat(cfg, "error-logs-max-files")), nil}) - fields = append(fields, configField{"Usage Stats Enabled", "usage-statistics-enabled", "bool", fmt.Sprintf("%v", getBool(cfg, "usage-statistics-enabled")), nil}) - fields = append(fields, configField{"Request Log", "request-log", "bool", fmt.Sprintf("%v", getBool(cfg, "request-log")), nil}) - - // Quota exceeded - fields = append(fields, configField{"Switch Project on Quota", "quota-exceeded/switch-project", "bool", fmt.Sprintf("%v", getBoolNested(cfg, "quota-exceeded", "switch-project")), nil}) - fields = append(fields, configField{"Switch Preview Model", "quota-exceeded/switch-preview-model", "bool", fmt.Sprintf("%v", getBoolNested(cfg, "quota-exceeded", "switch-preview-model")), nil}) - - // Routing - if routing, ok := cfg["routing"].(map[string]any); ok { - fields = append(fields, configField{"Routing Strategy", "routing/strategy", "string", getString(routing, "strategy"), nil}) - } else { - fields = append(fields, configField{"Routing Strategy", "routing/strategy", "string", "", nil}) - } - - // WebSocket auth - fields = append(fields, configField{"WebSocket Auth", "ws-auth", "bool", fmt.Sprintf("%v", getBool(cfg, "ws-auth")), nil}) - - // AMP settings - if amp, ok := cfg["ampcode"].(map[string]any); ok { - upstreamURL := getString(amp, "upstream-url") - upstreamAPIKey := getString(amp, "upstream-api-key") - fields = append(fields, configField{"AMP Upstream URL", "ampcode/upstream-url", "string", upstreamURL, upstreamURL}) - fields = append(fields, configField{"AMP Upstream API Key", "ampcode/upstream-api-key", "string", maskIfNotEmpty(upstreamAPIKey), upstreamAPIKey}) - fields = append(fields, configField{"AMP Restrict Mgmt Localhost", "ampcode/restrict-management-to-localhost", "bool", fmt.Sprintf("%v", getBool(amp, "restrict-management-to-localhost")), nil}) - } - - return fields -} - -func fieldSection(apiPath string) string { - if strings.HasPrefix(apiPath, "ampcode/") { - return T("section_ampcode") - } - if strings.HasPrefix(apiPath, "quota-exceeded/") { - return T("section_quota") - } - if strings.HasPrefix(apiPath, "routing/") { - return T("section_routing") - } - switch apiPath { - case "port", "host", "debug", "proxy-url", "request-retry", "max-retry-interval", "force-model-prefix": - return T("section_server") - case "logging-to-file", "logs-max-total-size-mb", "error-logs-max-files", "usage-statistics-enabled", "request-log": - return T("section_logging") - case "ws-auth": - return T("section_websocket") - default: - return T("section_other") - } -} - -func getBoolNested(m map[string]any, keys ...string) bool { - current := m - for i, key := range keys { - if i == len(keys)-1 { - return getBool(current, key) - } - if nested, ok := current[key].(map[string]any); ok { - current = nested - } else { - return false - } - } - return false -} - -func maskIfNotEmpty(s string) string { - if s == "" { - return T("not_set") - } - return maskKey(s) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/dashboard.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/dashboard.go deleted file mode 100644 index 151c89728f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/dashboard.go +++ /dev/null @@ -1,324 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// dashboardModel displays server info, stats cards, and config overview. -type dashboardModel struct { - client *Client - viewport viewport.Model - content string - err error - width int - height int - ready bool - - // Cached data for re-rendering on locale change - lastConfig map[string]any - lastUsage map[string]any - lastAuthFiles []map[string]any - lastAPIKeys []string -} - -type dashboardDataMsg struct { - config map[string]any - usage map[string]any - authFiles []map[string]any - apiKeys []string - err error -} - -func newDashboardModel(client *Client) dashboardModel { - return dashboardModel{ - client: client, - } -} - -func (m dashboardModel) Init() tea.Cmd { - return m.fetchData -} - -func (m dashboardModel) fetchData() tea.Msg { - cfg, cfgErr := m.client.GetConfig() - usage, usageErr := m.client.GetUsage() - authFiles, authErr := m.client.GetAuthFiles() - apiKeys, keysErr := m.client.GetAPIKeys() - - var err error - for _, e := range []error{cfgErr, usageErr, authErr, keysErr} { - if e != nil { - err = e - break - } - } - return dashboardDataMsg{config: cfg, usage: usage, authFiles: authFiles, apiKeys: apiKeys, err: err} -} - -func (m dashboardModel) Update(msg tea.Msg) (dashboardModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - // Re-render immediately with cached data using new locale - m.content = m.renderDashboard(m.lastConfig, m.lastUsage, m.lastAuthFiles, m.lastAPIKeys) - m.viewport.SetContent(m.content) - // Also fetch fresh data in background - return m, m.fetchData - - case dashboardDataMsg: - if msg.err != nil { - m.err = msg.err - m.content = errorStyle.Render("⚠ Error: " + msg.err.Error()) - } else { - m.err = nil - // Cache data for locale switching - m.lastConfig = msg.config - m.lastUsage = msg.usage - m.lastAuthFiles = msg.authFiles - m.lastAPIKeys = msg.apiKeys - - m.content = m.renderDashboard(msg.config, msg.usage, msg.authFiles, msg.apiKeys) - } - m.viewport.SetContent(m.content) - return m, nil - - case tea.KeyMsg: - if msg.String() == "r" { - return m, m.fetchData - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *dashboardModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.content) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m dashboardModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m dashboardModel) renderDashboard(cfg, usage map[string]any, authFiles []map[string]any, apiKeys []string) string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("dashboard_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("dashboard_help"))) - sb.WriteString("\n\n") - - // ━━━ Connection Status ━━━ - connStyle := lipgloss.NewStyle().Bold(true).Foreground(colorSuccess) - sb.WriteString(connStyle.Render(T("connected"))) - fmt.Fprintf(&sb, " %s", m.client.baseURL) - sb.WriteString("\n\n") - - // ━━━ Stats Cards ━━━ - cardWidth := 25 - if m.width > 0 { - cardWidth = (m.width - 6) / 4 - if cardWidth < 18 { - cardWidth = 18 - } - } - - cardStyle := lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(lipgloss.Color("240")). - Padding(0, 1). - Width(cardWidth). - Height(3) - - // Card 1: API Keys - keyCount := len(apiKeys) - card1 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("111")).Render(fmt.Sprintf("🔑 %d", keyCount)), - lipgloss.NewStyle().Foreground(colorMuted).Render(T("mgmt_keys")), - )) - - // Card 2: Auth Files - authCount := len(authFiles) - activeAuth := 0 - for _, f := range authFiles { - if !getBool(f, "disabled") { - activeAuth++ - } - } - card2 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("76")).Render(fmt.Sprintf("📄 %d", authCount)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s (%d %s)", T("auth_files_label"), activeAuth, T("active_suffix"))), - )) - - // Card 3: Total Requests - totalReqs := int64(0) - successReqs := int64(0) - failedReqs := int64(0) - totalTokens := int64(0) - if usage != nil { - if usageMap, ok := usage["usage"].(map[string]any); ok { - totalReqs = int64(getFloat(usageMap, "total_requests")) - successReqs = int64(getFloat(usageMap, "success_count")) - failedReqs = int64(getFloat(usageMap, "failure_count")) - totalTokens = int64(getFloat(usageMap, "total_tokens")) - } - } - card3 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("214")).Render(fmt.Sprintf("📈 %d", totalReqs)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s (✓%d ✗%d)", T("total_requests"), successReqs, failedReqs)), - )) - - // Card 4: Total Tokens - tokenStr := formatLargeNumber(totalTokens) - card4 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("170")).Render(fmt.Sprintf("🔤 %s", tokenStr)), - lipgloss.NewStyle().Foreground(colorMuted).Render(T("total_tokens")), - )) - - sb.WriteString(lipgloss.JoinHorizontal(lipgloss.Top, card1, " ", card2, " ", card3, " ", card4)) - sb.WriteString("\n\n") - - // ━━━ Current Config ━━━ - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("current_config"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - - if cfg != nil { - debug := getBool(cfg, "debug") - retry := getFloat(cfg, "request-retry") - proxyURL := getString(cfg, "proxy-url") - loggingToFile := getBool(cfg, "logging-to-file") - usageEnabled := true - if v, ok := cfg["usage-statistics-enabled"]; ok { - if b, ok2 := v.(bool); ok2 { - usageEnabled = b - } - } - - configItems := []struct { - label string - value string - }{ - {T("debug_mode"), boolEmoji(debug)}, - {T("usage_stats"), boolEmoji(usageEnabled)}, - {T("log_to_file"), boolEmoji(loggingToFile)}, - {T("retry_count"), fmt.Sprintf("%.0f", retry)}, - } - if proxyURL != "" { - configItems = append(configItems, struct { - label string - value string - }{T("proxy_url"), proxyURL}) - } - - // Render config items as a compact row - for _, item := range configItems { - fmt.Fprintf(&sb, " %s %s\n", - labelStyle.Render(item.label+":"), - valueStyle.Render(item.value)) - } - - // Routing strategy - strategy := "round-robin" - if routing, ok := cfg["routing"].(map[string]any); ok { - if s := getString(routing, "strategy"); s != "" { - strategy = s - } - } - fmt.Fprintf(&sb, " %s %s\n", - labelStyle.Render(T("routing_strategy")+":"), - valueStyle.Render(strategy)) - } - - sb.WriteString("\n") - - // ━━━ Per-Model Usage ━━━ - if usage != nil { - if usageMap, ok := usage["usage"].(map[string]any); ok { - if apis, ok := usageMap["apis"].(map[string]any); ok && len(apis) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("model_stats"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - - header := fmt.Sprintf(" %-40s %10s %12s", T("model"), T("requests"), T("tokens")) - sb.WriteString(tableHeaderStyle.Render(header)) - sb.WriteString("\n") - - for _, apiSnap := range apis { - if apiMap, ok := apiSnap.(map[string]any); ok { - if models, ok := apiMap["models"].(map[string]any); ok { - for model, v := range models { - if stats, ok := v.(map[string]any); ok { - reqs := int64(getFloat(stats, "total_requests")) - toks := int64(getFloat(stats, "total_tokens")) - row := fmt.Sprintf(" %-40s %10d %12s", truncate(model, 40), reqs, formatLargeNumber(toks)) - sb.WriteString(tableCellStyle.Render(row)) - sb.WriteString("\n") - } - } - } - } - } - } - } - } - - return sb.String() -} - -func boolEmoji(b bool) string { - if b { - return T("bool_yes") - } - return T("bool_no") -} - -func formatLargeNumber(n int64) string { - if n >= 1_000_000 { - return fmt.Sprintf("%.1fM", float64(n)/1_000_000) - } - if n >= 1_000 { - return fmt.Sprintf("%.1fK", float64(n)/1_000) - } - return fmt.Sprintf("%d", n) -} - -func truncate(s string, maxLen int) string { - if len(s) > maxLen { - return s[:maxLen-3] + "..." - } - return s -} - -func minInt(a, b int) int { - if a < b { - return a - } - return b -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/helpers.go deleted file mode 100644 index 96a5c029d3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/helpers.go +++ /dev/null @@ -1,97 +0,0 @@ -package tui - -import ( - "encoding/json" - "fmt" - "strconv" -) - -func getString(m map[string]any, key string) string { - v, ok := m[key] - if !ok || v == nil { - return "" - } - return fmt.Sprintf("%v", v) -} - -func getBool(m map[string]any, key string) bool { - v, ok := m[key] - if !ok || v == nil { - return false - } - switch typed := v.(type) { - case bool: - return typed - case string: - if parsed, err := strconv.ParseBool(typed); err == nil { - return parsed - } - case int: - return typed != 0 - case int64: - return typed != 0 - case int32: - return typed != 0 - case uint: - return typed != 0 - case uint64: - return typed != 0 - case float64: - return typed != 0 - case float32: - return typed != 0 - case json.Number: - if parsed, err := strconv.ParseBool(typed.String()); err == nil { - return parsed - } - if parsedFloat, err := typed.Float64(); err == nil { - return parsedFloat != 0 - } - } - return false -} - -func getFloat(m map[string]any, key string) float64 { - v, ok := m[key] - if !ok || v == nil { - return 0 - } - switch typed := v.(type) { - case float64: - return typed - case float32: - return float64(typed) - case int: - return float64(typed) - case int64: - return float64(typed) - case int32: - return float64(typed) - case int16: - return float64(typed) - case int8: - return float64(typed) - case uint: - return float64(typed) - case uint64: - return float64(typed) - case uint32: - return float64(typed) - case uint16: - return float64(typed) - case string: - parsed, err := strconv.ParseFloat(typed, 64) - if err != nil { - return 0 - } - return parsed - case json.Number: - parsed, err := typed.Float64() - if err != nil { - return 0 - } - return parsed - default: - return 0 - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/i18n.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/i18n.go deleted file mode 100644 index 7cc364abcf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/i18n.go +++ /dev/null @@ -1,524 +0,0 @@ -package tui - -// i18n provides a simple internationalization system for the TUI. -// Supported locales: "zh" (Chinese), "en" (English), "fa" (Farsi). - -var currentLocale = "en" - -// SetLocale changes the active locale. -func SetLocale(locale string) { - if _, ok := locales[locale]; ok { - currentLocale = locale - } -} - -// CurrentLocale returns the active locale code. -func CurrentLocale() string { - return currentLocale -} - -// ToggleLocale rotates through en -> zh -> fa. -func ToggleLocale() { - switch currentLocale { - case "en": - currentLocale = "zh" - case "zh": - currentLocale = "fa" - default: - currentLocale = "en" - } -} - -// T returns the translated string for the given key. -func T(key string) string { - if m, ok := locales[currentLocale]; ok { - if v, ok := m[key]; ok { - return v - } - } - // Fallback to English - if m, ok := locales["en"]; ok { - if v, ok := m[key]; ok { - return v - } - } - return key -} - -var locales = map[string]map[string]string{ - "zh": zhStrings, - "en": enStrings, - "fa": faStrings, -} - -// ────────────────────────────────────────── -// Tab names -// ────────────────────────────────────────── -var zhTabNames = []string{"仪表盘", "配置", "认证文件", "API 密钥", "OAuth", "使用统计", "日志"} -var enTabNames = []string{"Dashboard", "Config", "Auth Files", "API Keys", "OAuth", "Usage", "Logs"} -var faTabNames = []string{"داشبورد", "پیکربندی", "فایل\u200cهای احراز هویت", "کلیدهای API", "OAuth", "کاربرد", "لاگ\u200cها"} - -// TabNames returns tab names in the current locale. -func TabNames() []string { - switch currentLocale { - case "zh": - return zhTabNames - case "fa": - return faTabNames - default: - return enTabNames - } -} - -var zhStrings = map[string]string{ - // ── Common ── - "loading": "加载中...", - "refresh": "刷新", - "save": "保存", - "cancel": "取消", - "confirm": "确认", - "yes": "是", - "no": "否", - "error": "错误", - "success": "成功", - "navigate": "导航", - "scroll": "滚动", - "enter_save": "Enter: 保存", - "esc_cancel": "Esc: 取消", - "enter_submit": "Enter: 提交", - "press_r": "[r] 刷新", - "press_scroll": "[↑↓] 滚动", - "not_set": "(未设置)", - "error_prefix": "⚠ 错误: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI 管理终端", - "status_right": "Tab/Shift+Tab: 切换 • L: 语言 • q/Ctrl+C: 退出 ", - "initializing_tui": "正在初始化...", - "auth_gate_title": "🔐 连接管理 API", - "auth_gate_help": " 请输入管理密码并按 Enter 连接", - "auth_gate_password": "密码", - "auth_gate_enter": " Enter: 连接 • q/Ctrl+C: 退出 • L: 语言", - "auth_gate_connecting": "正在连接...", - "auth_gate_connect_fail": "连接失败:%s", - "auth_gate_password_required": "请输入密码", - - // ── Dashboard ── - "dashboard_title": "📊 仪表盘", - "dashboard_help": " [r] 刷新 • [↑↓] 滚动", - "connected": "● 已连接", - "mgmt_keys": "管理密钥", - "auth_files_label": "认证文件", - "active_suffix": "活跃", - "total_requests": "请求", - "success_label": "成功", - "failure_label": "失败", - "total_tokens": "总 Tokens", - "current_config": "当前配置", - "debug_mode": "启用调试模式", - "usage_stats": "启用使用统计", - "log_to_file": "启用日志记录到文件", - "retry_count": "重试次数", - "proxy_url": "代理 URL", - "routing_strategy": "路由策略", - "model_stats": "模型统计", - "model": "模型", - "requests": "请求数", - "tokens": "Tokens", - "bool_yes": "是 ✓", - "bool_no": "否", - - // ── Config ── - "config_title": "⚙ 配置", - "config_help1": " [↑↓/jk] 导航 • [Enter/Space] 编辑 • [r] 刷新", - "config_help2": " 布尔: Enter 切换 • 文本/数字: Enter 输入, Enter 确认, Esc 取消", - "updated_ok": "✓ 更新成功", - "no_config": " 未加载配置", - "invalid_int": "无效整数", - "section_server": "服务器", - "section_logging": "日志与统计", - "section_quota": "配额超限处理", - "section_routing": "路由", - "section_websocket": "WebSocket", - "section_ampcode": "AMP Code", - "section_other": "其他", - - // ── Auth Files ── - "auth_title": "🔑 认证文件", - "auth_help1": " [↑↓/jk] 导航 • [Enter] 展开 • [e] 启用/停用 • [d] 删除 • [r] 刷新", - "auth_help2": " [1] 编辑 prefix • [2] 编辑 proxy_url • [3] 编辑 priority", - "no_auth_files": " 无认证文件", - "confirm_delete": "⚠ 删除 %s? [y/n]", - "deleted": "已删除 %s", - "enabled": "已启用", - "disabled": "已停用", - "updated_field": "已更新 %s 的 %s", - "status_active": "活跃", - "status_disabled": "已停用", - - // ── API Keys ── - "keys_title": "🔐 API 密钥", - "keys_help": " [↑↓/jk] 导航 • [a] 添加 • [e] 编辑 • [d] 删除 • [c] 复制 • [r] 刷新", - "no_keys": " 无 API Key,按 [a] 添加", - "access_keys": "Access API Keys", - "confirm_delete_key": "⚠ 确认删除 %s? [y/n]", - "key_added": "已添加 API Key", - "key_updated": "已更新 API Key", - "key_deleted": "已删除 API Key", - "copied": "✓ 已复制到剪贴板", - "copy_failed": "✗ 复制失败", - "new_key_prompt": " New Key: ", - "edit_key_prompt": " Edit Key: ", - "enter_add": " Enter: 添加 • Esc: 取消", - "enter_save_esc": " Enter: 保存 • Esc: 取消", - - // ── OAuth ── - "oauth_title": "🔐 OAuth 登录", - "oauth_select": " 选择提供商并按 [Enter] 开始 OAuth 登录:", - "oauth_help": " [↑↓/jk] 导航 • [Enter] 登录 • [Esc] 清除状态", - "oauth_initiating": "⏳ 正在初始化 %s 登录...", - "oauth_success": "认证成功! 请刷新 Auth Files 标签查看新凭证。", - "oauth_completed": "认证流程已完成。", - "oauth_failed": "认证失败", - "oauth_timeout": "OAuth 流程超时 (5 分钟)", - "oauth_press_esc": " 按 [Esc] 取消", - "oauth_auth_url": " 授权链接:", - "oauth_remote_hint": " 远程浏览器模式:在浏览器中打开上述链接完成授权后,将回调 URL 粘贴到下方。", - "oauth_callback_url": " 回调 URL:", - "oauth_press_c": " 按 [c] 输入回调 URL • [Esc] 返回", - "oauth_submitting": "⏳ 提交回调中...", - "oauth_submit_ok": "✓ 回调已提交,等待处理...", - "oauth_submit_fail": "✗ 提交回调失败", - "oauth_waiting": " 等待认证中...", - - // ── Usage ── - "usage_title": "📈 使用统计", - "usage_help": " [r] 刷新 • [↑↓] 滚动", - "usage_no_data": " 使用数据不可用", - "usage_total_reqs": "总请求数", - "usage_total_tokens": "总 Token 数", - "usage_success": "成功", - "usage_failure": "失败", - "usage_total_token_l": "总Token", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "请求趋势 (按小时)", - "usage_tok_by_hour": "Token 使用趋势 (按小时)", - "usage_req_by_day": "请求趋势 (按天)", - "usage_api_detail": "API 详细统计", - "usage_input": "输入", - "usage_output": "输出", - "usage_cached": "缓存", - "usage_reasoning": "思考", - - // ── Logs ── - "logs_title": "📋 日志", - "logs_auto_scroll": "● 自动滚动", - "logs_paused": "○ 已暂停", - "logs_filter": "过滤", - "logs_lines": "行数", - "logs_help": " [a] 自动滚动 • [c] 清除 • [1] 全部 [2] info+ [3] warn+ [4] error • [↑↓] 滚动", - "logs_waiting": " 等待日志输出...", -} - -var enStrings = map[string]string{ - // ── Common ── - "loading": "Loading...", - "refresh": "Refresh", - "save": "Save", - "cancel": "Cancel", - "confirm": "Confirm", - "yes": "Yes", - "no": "No", - "error": "Error", - "success": "Success", - "navigate": "Navigate", - "scroll": "Scroll", - "enter_save": "Enter: Save", - "esc_cancel": "Esc: Cancel", - "enter_submit": "Enter: Submit", - "press_r": "[r] Refresh", - "press_scroll": "[↑↓] Scroll", - "not_set": "(not set)", - "error_prefix": "⚠ Error: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI Management TUI", - "status_right": "Tab/Shift+Tab: switch • L: lang • q/Ctrl+C: quit ", - "initializing_tui": "Initializing...", - "auth_gate_title": "🔐 Connect Management API", - "auth_gate_help": " Enter management password and press Enter to connect", - "auth_gate_password": "Password", - "auth_gate_enter": " Enter: connect • q/Ctrl+C: quit • L: lang", - "auth_gate_connecting": "Connecting...", - "auth_gate_connect_fail": "Connection failed: %s", - "auth_gate_password_required": "password is required", - - // ── Dashboard ── - "dashboard_title": "📊 Dashboard", - "dashboard_help": " [r] Refresh • [↑↓] Scroll", - "connected": "● Connected", - "mgmt_keys": "Mgmt Keys", - "auth_files_label": "Auth Files", - "active_suffix": "active", - "total_requests": "Requests", - "success_label": "Success", - "failure_label": "Failed", - "total_tokens": "Total Tokens", - "current_config": "Current Config", - "debug_mode": "Debug Mode", - "usage_stats": "Usage Statistics", - "log_to_file": "Log to File", - "retry_count": "Retry Count", - "proxy_url": "Proxy URL", - "routing_strategy": "Routing Strategy", - "model_stats": "Model Stats", - "model": "Model", - "requests": "Requests", - "tokens": "Tokens", - "bool_yes": "Yes ✓", - "bool_no": "No", - - // ── Config ── - "config_title": "⚙ Configuration", - "config_help1": " [↑↓/jk] Navigate • [Enter/Space] Edit • [r] Refresh", - "config_help2": " Bool: Enter to toggle • String/Int: Enter to type, Enter to confirm, Esc to cancel", - "updated_ok": "✓ Updated successfully", - "no_config": " No configuration loaded", - "invalid_int": "invalid integer", - "section_server": "Server", - "section_logging": "Logging & Stats", - "section_quota": "Quota Exceeded Handling", - "section_routing": "Routing", - "section_websocket": "WebSocket", - "section_ampcode": "AMP Code", - "section_other": "Other", - - // ── Auth Files ── - "auth_title": "🔑 Auth Files", - "auth_help1": " [↑↓/jk] Navigate • [Enter] Expand • [e] Enable/Disable • [d] Delete • [r] Refresh", - "auth_help2": " [1] Edit prefix • [2] Edit proxy_url • [3] Edit priority", - "no_auth_files": " No auth files found", - "confirm_delete": "⚠ Delete %s? [y/n]", - "deleted": "Deleted %s", - "enabled": "Enabled", - "disabled": "Disabled", - "updated_field": "Updated %s on %s", - "status_active": "active", - "status_disabled": "disabled", - - // ── API Keys ── - "keys_title": "🔐 API Keys", - "keys_help": " [↑↓/jk] Navigate • [a] Add • [e] Edit • [d] Delete • [c] Copy • [r] Refresh", - "no_keys": " No API Keys. Press [a] to add", - "access_keys": "Access API Keys", - "confirm_delete_key": "⚠ Delete %s? [y/n]", - "key_added": "API Key added", - "key_updated": "API Key updated", - "key_deleted": "API Key deleted", - "copied": "✓ Copied to clipboard", - "copy_failed": "✗ Copy failed", - "new_key_prompt": " New Key: ", - "edit_key_prompt": " Edit Key: ", - "enter_add": " Enter: Add • Esc: Cancel", - "enter_save_esc": " Enter: Save • Esc: Cancel", - - // ── OAuth ── - "oauth_title": "🔐 OAuth Login", - "oauth_select": " Select a provider and press [Enter] to start OAuth login:", - "oauth_help": " [↑↓/jk] Navigate • [Enter] Login • [Esc] Clear status", - "oauth_initiating": "⏳ Initiating %s login...", - "oauth_success": "Authentication successful! Refresh Auth Files tab to see the new credential.", - "oauth_completed": "Authentication flow completed.", - "oauth_failed": "Authentication failed", - "oauth_timeout": "OAuth flow timed out (5 minutes)", - "oauth_press_esc": " Press [Esc] to cancel", - "oauth_auth_url": " Authorization URL:", - "oauth_remote_hint": " Remote browser mode: Open the URL above in browser, paste the callback URL below after authorization.", - "oauth_callback_url": " Callback URL:", - "oauth_press_c": " Press [c] to enter callback URL • [Esc] to go back", - "oauth_submitting": "⏳ Submitting callback...", - "oauth_submit_ok": "✓ Callback submitted, waiting...", - "oauth_submit_fail": "✗ Callback submission failed", - "oauth_waiting": " Waiting for authentication...", - - // ── Usage ── - "usage_title": "📈 Usage Statistics", - "usage_help": " [r] Refresh • [↑↓] Scroll", - "usage_no_data": " Usage data not available", - "usage_total_reqs": "Total Requests", - "usage_total_tokens": "Total Tokens", - "usage_success": "Success", - "usage_failure": "Failed", - "usage_total_token_l": "Total Tokens", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "Requests by Hour", - "usage_tok_by_hour": "Token Usage by Hour", - "usage_req_by_day": "Requests by Day", - "usage_api_detail": "API Detail Statistics", - "usage_input": "Input", - "usage_output": "Output", - "usage_cached": "Cached", - "usage_reasoning": "Reasoning", - - // ── Logs ── - "logs_title": "📋 Logs", - "logs_auto_scroll": "● AUTO-SCROLL", - "logs_paused": "○ PAUSED", - "logs_filter": "Filter", - "logs_lines": "Lines", - "logs_help": " [a] Auto-scroll • [c] Clear • [1] All [2] info+ [3] warn+ [4] error • [↑↓] Scroll", - "logs_waiting": " Waiting for log output...", -} - -var faStrings = map[string]string{ - // ── Common ── - "loading": "در حال بارگذاری...", - "refresh": "بازخوانی", - "save": "ذخیره", - "cancel": "لغو", - "confirm": "تایید", - "yes": "بله", - "no": "خیر", - "error": "خطا", - "success": "موفق", - "navigate": "جابجایی", - "scroll": "پیمایش", - "enter_save": "Enter: ذخیره", - "esc_cancel": "Esc: لغو", - "enter_submit": "Enter: ارسال", - "press_r": "[r] بازخوانی", - "press_scroll": "[↑↓] پیمایش", - "not_set": "(تنظیم نشده)", - "error_prefix": "⚠ خطا: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI پنل مدیریت", - "status_right": "Tab/Shift+Tab: جابجایی • L: زبان • q/Ctrl+C: خروج ", - "initializing_tui": "در حال راه\u200cاندازی...", - "auth_gate_title": "🔐 اتصال به API مدیریت", - "auth_gate_help": " رمز عبور مدیریت را وارد کرده و Enter بزنید", - "auth_gate_password": "رمز عبور", - "auth_gate_enter": " Enter: اتصال • q/Ctrl+C: خروج • L: زبان", - "auth_gate_connecting": "در حال اتصال...", - "auth_gate_connect_fail": "اتصال ناموفق: %s", - "auth_gate_password_required": "رمز عبور الزامی است", - - // ── Dashboard ── - "dashboard_title": "📊 داشبورد", - "dashboard_help": " [r] بازخوانی • [↑↓] پیمایش", - "connected": "● متصل", - "mgmt_keys": "کلیدهای مدیریت", - "auth_files_label": "فایل\u200cهای احراز هویت", - "active_suffix": "فعال", - "total_requests": "درخواست\u200cها", - "success_label": "موفق", - "failure_label": "ناموفق", - "total_tokens": "مجموع توکن\u200cها", - "current_config": "پیکربندی فعلی", - "debug_mode": "حالت اشکال\u200cزدایی", - "usage_stats": "آمار مصرف", - "log_to_file": "ثبت لاگ در فایل", - "retry_count": "تعداد تلاش مجدد", - "proxy_url": "نشانی پروکسی", - "routing_strategy": "استراتژی مسیریابی", - "model_stats": "آمار مدل\u200cها", - "model": "مدل", - "requests": "درخواست\u200cها", - "tokens": "توکن\u200cها", - "bool_yes": "بله ✓", - "bool_no": "خیر", - - // ── Config ── - "config_title": "⚙ پیکربندی", - "config_help1": " [↑↓/jk] جابجایی • [Enter/Space] ویرایش • [r] بازخوانی", - "config_help2": " بولی: Enter برای تغییر • متن/عدد: Enter برای ورود، Enter برای تایید، Esc برای لغو", - "updated_ok": "✓ با موفقیت به\u200cروزرسانی شد", - "no_config": " پیکربندی بارگذاری نشده است", - "invalid_int": "عدد صحیح نامعتبر", - "section_server": "سرور", - "section_logging": "لاگ و آمار", - "section_quota": "مدیریت عبور از سهمیه", - "section_routing": "مسیریابی", - "section_websocket": "وب\u200cسوکت", - "section_ampcode": "AMP Code", - "section_other": "سایر", - - // ── Auth Files ── - "auth_title": "🔑 فایل\u200cهای احراز هویت", - "auth_help1": " [↑↓/jk] جابجایی • [Enter] بازکردن • [e] فعال/غیرفعال • [d] حذف • [r] بازخوانی", - "auth_help2": " [1] ویرایش prefix • [2] ویرایش proxy_url • [3] ویرایش priority", - "no_auth_files": " فایل احراز هویت یافت نشد", - "confirm_delete": "⚠ حذف %s؟ [y/n]", - "deleted": "%s حذف شد", - "enabled": "فعال شد", - "disabled": "غیرفعال شد", - "updated_field": "%s برای %s به\u200cروزرسانی شد", - "status_active": "فعال", - "status_disabled": "غیرفعال", - - // ── API Keys ── - "keys_title": "🔐 کلیدهای API", - "keys_help": " [↑↓/jk] جابجایی • [a] افزودن • [e] ویرایش • [d] حذف • [c] کپی • [r] بازخوانی", - "no_keys": " کلید API وجود ندارد. [a] را بزنید", - "access_keys": "کلیدهای دسترسی API", - "confirm_delete_key": "⚠ حذف %s؟ [y/n]", - "key_added": "کلید API اضافه شد", - "key_updated": "کلید API به\u200cروزرسانی شد", - "key_deleted": "کلید API حذف شد", - "copied": "✓ در کلیپ\u200cبورد کپی شد", - "copy_failed": "✗ کپی ناموفق بود", - "new_key_prompt": " کلید جدید: ", - "edit_key_prompt": " ویرایش کلید: ", - "enter_add": " Enter: افزودن • Esc: لغو", - "enter_save_esc": " Enter: ذخیره • Esc: لغو", - - // ── OAuth ── - "oauth_title": "🔐 ورود OAuth", - "oauth_select": " ارائه\u200cدهنده را انتخاب کرده و [Enter] را برای شروع بزنید:", - "oauth_help": " [↑↓/jk] جابجایی • [Enter] ورود • [Esc] پاک\u200cکردن وضعیت", - "oauth_initiating": "⏳ شروع ورود %s...", - "oauth_success": "احراز هویت موفق بود! تب Auth Files را بازخوانی کنید.", - "oauth_completed": "فرایند احراز هویت کامل شد.", - "oauth_failed": "احراز هویت ناموفق بود", - "oauth_timeout": "مهلت OAuth تمام شد (5 دقیقه)", - "oauth_press_esc": " [Esc] برای لغو", - "oauth_auth_url": " نشانی مجوز:", - "oauth_remote_hint": " حالت مرورگر راه\u200cدور: لینک بالا را باز کنید و بعد از احراز هویت، URL بازگشت را وارد کنید.", - "oauth_callback_url": " URL بازگشت:", - "oauth_press_c": " [c] برای وارد کردن URL بازگشت • [Esc] برای بازگشت", - "oauth_submitting": "⏳ در حال ارسال بازگشت...", - "oauth_submit_ok": "✓ بازگشت ارسال شد، در انتظار پردازش...", - "oauth_submit_fail": "✗ ارسال بازگشت ناموفق بود", - "oauth_waiting": " در انتظار احراز هویت...", - - // ── Usage ── - "usage_title": "📈 آمار مصرف", - "usage_help": " [r] بازخوانی • [↑↓] پیمایش", - "usage_no_data": " داده مصرف موجود نیست", - "usage_total_reqs": "مجموع درخواست\u200cها", - "usage_total_tokens": "مجموع توکن\u200cها", - "usage_success": "موفق", - "usage_failure": "ناموفق", - "usage_total_token_l": "مجموع توکن\u200cها", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "درخواست\u200cها بر اساس ساعت", - "usage_tok_by_hour": "مصرف توکن بر اساس ساعت", - "usage_req_by_day": "درخواست\u200cها بر اساس روز", - "usage_api_detail": "آمار جزئی API", - "usage_input": "ورودی", - "usage_output": "خروجی", - "usage_cached": "کش\u200cشده", - "usage_reasoning": "استدلال", - - // ── Logs ── - "logs_title": "📋 لاگ\u200cها", - "logs_auto_scroll": "● پیمایش خودکار", - "logs_paused": "○ متوقف", - "logs_filter": "فیلتر", - "logs_lines": "خطوط", - "logs_help": " [a] پیمایش خودکار • [c] پاکسازی • [1] همه [2] info+ [3] warn+ [4] error • [↑↓] پیمایش", - "logs_waiting": " در انتظار خروجی لاگ...", -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/i18n_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/i18n_test.go deleted file mode 100644 index 6642cb703b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/i18n_test.go +++ /dev/null @@ -1,59 +0,0 @@ -package tui - -import "testing" - -func TestLocaleKeyParity(t *testing.T) { - t.Cleanup(func() { - SetLocale("en") - }) - - required := []string{"zh", "en", "fa"} - base := locales["en"] - if len(base) == 0 { - t.Fatal("en locale is empty") - } - - for _, code := range required { - loc, ok := locales[code] - if !ok { - t.Fatalf("missing locale: %s", code) - } - if len(loc) != len(base) { - t.Fatalf("locale %s key count mismatch: got=%d want=%d", code, len(loc), len(base)) - } - for key := range base { - if _, exists := loc[key]; !exists { - t.Fatalf("locale %s missing key: %s", code, key) - } - } - } -} - -func TestTabNameParity(t *testing.T) { - if len(zhTabNames) != len(enTabNames) { - t.Fatalf("zh/en tab name count mismatch: got zh=%d en=%d", len(zhTabNames), len(enTabNames)) - } - if len(faTabNames) != len(enTabNames) { - t.Fatalf("fa/en tab name count mismatch: got fa=%d en=%d", len(faTabNames), len(enTabNames)) - } -} - -func TestToggleLocaleCyclesAllLanguages(t *testing.T) { - t.Cleanup(func() { - SetLocale("en") - }) - - SetLocale("en") - ToggleLocale() - if CurrentLocale() != "zh" { - t.Fatalf("expected zh after first toggle, got %s", CurrentLocale()) - } - ToggleLocale() - if CurrentLocale() != "fa" { - t.Fatalf("expected fa after second toggle, got %s", CurrentLocale()) - } - ToggleLocale() - if CurrentLocale() != "en" { - t.Fatalf("expected en after third toggle, got %s", CurrentLocale()) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/keys_tab.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/keys_tab.go deleted file mode 100644 index 1ceadc7194..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/keys_tab.go +++ /dev/null @@ -1,405 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - - "github.com/atotto/clipboard" - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// keysTabModel displays and manages API keys. -type keysTabModel struct { - client *Client - viewport viewport.Model - keys []string - gemini []map[string]any - claude []map[string]any - codex []map[string]any - vertex []map[string]any - openai []map[string]any - err error - width int - height int - ready bool - cursor int - confirm int // -1 = no deletion pending - status string - - // Editing / Adding - editing bool - adding bool - editIdx int - editInput textinput.Model -} - -type keysDataMsg struct { - apiKeys []string - gemini []map[string]any - claude []map[string]any - codex []map[string]any - vertex []map[string]any - openai []map[string]any - err error -} - -type keyActionMsg struct { - action string - err error -} - -func newKeysTabModel(client *Client) keysTabModel { - ti := textinput.New() - ti.CharLimit = 512 - ti.Prompt = " Key: " - return keysTabModel{ - client: client, - confirm: -1, - editInput: ti, - } -} - -func (m keysTabModel) Init() tea.Cmd { - return m.fetchKeys -} - -func (m keysTabModel) fetchKeys() tea.Msg { - result := keysDataMsg{} - apiKeys, err := m.client.GetAPIKeys() - if err != nil { - result.err = err - return result - } - result.apiKeys = apiKeys - result.gemini, _ = m.client.GetGeminiKeys() - result.claude, _ = m.client.GetClaudeKeys() - result.codex, _ = m.client.GetCodexKeys() - result.vertex, _ = m.client.GetVertexKeys() - result.openai, _ = m.client.GetOpenAICompat() - return result -} - -func (m keysTabModel) Update(msg tea.Msg) (keysTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case keysDataMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.keys = msg.apiKeys - m.gemini = msg.gemini - m.claude = msg.claude - m.codex = msg.codex - m.vertex = msg.vertex - m.openai = msg.openai - if m.cursor >= len(m.keys) { - m.cursor = max(0, len(m.keys)-1) - } - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case keyActionMsg: - if msg.err != nil { - m.status = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.status = successStyle.Render("✓ " + msg.action) - } - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, m.fetchKeys - - case tea.KeyMsg: - // ---- Editing / Adding mode ---- - if m.editing || m.adding { - switch msg.String() { - case "enter": - value := strings.TrimSpace(m.editInput.Value()) - if value == "" { - m.editing = false - m.adding = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - } - isAdding := m.adding - editIdx := m.editIdx - m.editing = false - m.adding = false - m.editInput.Blur() - if isAdding { - return m, func() tea.Msg { - err := m.client.AddAPIKey(value) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_added")} - } - } - return m, func() tea.Msg { - err := m.client.EditAPIKey(editIdx, value) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_updated")} - } - case "esc": - m.editing = false - m.adding = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.editInput, cmd = m.editInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } - } - - // ---- Delete confirmation ---- - if m.confirm >= 0 { - switch msg.String() { - case "y", "Y": - idx := m.confirm - m.confirm = -1 - return m, func() tea.Msg { - err := m.client.DeleteAPIKey(idx) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_deleted")} - } - case "n", "N", "esc": - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, nil - } - return m, nil - } - - // ---- Normal mode ---- - switch msg.String() { - case "j", "down": - if len(m.keys) > 0 { - m.cursor = (m.cursor + 1) % len(m.keys) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "k", "up": - if len(m.keys) > 0 { - m.cursor = (m.cursor - 1 + len(m.keys)) % len(m.keys) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "a": - // Add new key - m.adding = true - m.editing = false - m.editInput.SetValue("") - m.editInput.Prompt = T("new_key_prompt") - m.editInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - case "e": - // Edit selected key - if m.cursor < len(m.keys) { - m.editing = true - m.adding = false - m.editIdx = m.cursor - m.editInput.SetValue(m.keys[m.cursor]) - m.editInput.Prompt = T("edit_key_prompt") - m.editInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - } - return m, nil - case "d": - // Delete selected key - if m.cursor < len(m.keys) { - m.confirm = m.cursor - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "c": - // Copy selected key to clipboard - if m.cursor < len(m.keys) { - key := m.keys[m.cursor] - if err := clipboard.WriteAll(key); err != nil { - m.status = errorStyle.Render(T("copy_failed") + ": " + err.Error()) - } else { - m.status = successStyle.Render(T("copied")) - } - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "r": - m.status = "" - return m, m.fetchKeys - default: - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *keysTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.editInput.Width = w - 16 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m keysTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m keysTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("keys_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("keys_help"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render(T("error_prefix") + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - // ━━━ Access API Keys (interactive) ━━━ - sb.WriteString(tableHeaderStyle.Render(fmt.Sprintf(" %s (%d)", T("access_keys"), len(m.keys)))) - sb.WriteString("\n") - - if len(m.keys) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_keys"))) - sb.WriteString("\n") - } - - for i, key := range m.keys { - cursor := " " - rowStyle := lipgloss.NewStyle() - if i == m.cursor { - cursor = "▸ " - rowStyle = lipgloss.NewStyle().Bold(true) - } - - row := fmt.Sprintf("%s%d. %s", cursor, i+1, maskKey(key)) - sb.WriteString(rowStyle.Render(row)) - sb.WriteString("\n") - - // Delete confirmation - if m.confirm == i { - sb.WriteString(warningStyle.Render(fmt.Sprintf(" "+T("confirm_delete_key"), maskKey(key)))) - sb.WriteString("\n") - } - - // Edit input - if m.editing && m.editIdx == i { - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("enter_save_esc"))) - sb.WriteString("\n") - } - } - - // Add input - if m.adding { - sb.WriteString("\n") - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("enter_add"))) - sb.WriteString("\n") - } - - sb.WriteString("\n") - - // ━━━ Provider Keys (read-only display) ━━━ - renderProviderKeys(&sb, "Gemini API Keys", m.gemini) - renderProviderKeys(&sb, "Claude API Keys", m.claude) - renderProviderKeys(&sb, "Codex API Keys", m.codex) - renderProviderKeys(&sb, "Vertex API Keys", m.vertex) - - if len(m.openai) > 0 { - renderSection(&sb, "OpenAI Compatibility", len(m.openai)) - for i, entry := range m.openai { - name := getString(entry, "name") - baseURL := getString(entry, "base-url") - prefix := getString(entry, "prefix") - info := name - if prefix != "" { - info += " (prefix: " + prefix + ")" - } - if baseURL != "" { - info += " → " + baseURL - } - fmt.Fprintf(&sb, " %d. %s\n", i+1, info) - } - sb.WriteString("\n") - } - - if m.status != "" { - sb.WriteString(m.status) - sb.WriteString("\n") - } - - return sb.String() -} - -func renderSection(sb *strings.Builder, title string, count int) { - header := fmt.Sprintf("%s (%d)", title, count) - sb.WriteString(tableHeaderStyle.Render(" " + header)) - sb.WriteString("\n") -} - -func renderProviderKeys(sb *strings.Builder, title string, keys []map[string]any) { - if len(keys) == 0 { - return - } - renderSection(sb, title, len(keys)) - for i, key := range keys { - apiKey := getString(key, "api-key") - prefix := getString(key, "prefix") - baseURL := getString(key, "base-url") - info := maskKey(apiKey) - if prefix != "" { - info += " (prefix: " + prefix + ")" - } - if baseURL != "" { - info += " → " + baseURL - } - fmt.Fprintf(sb, " %d. %s\n", i+1, info) - } - sb.WriteString("\n") -} - -func maskKey(key string) string { - if len(key) <= 8 { - return strings.Repeat("*", len(key)) - } - return key[:4] + strings.Repeat("*", len(key)-8) + key[len(key)-4:] -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/loghook.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/loghook.go deleted file mode 100644 index 157e7fd83e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/loghook.go +++ /dev/null @@ -1,78 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "sync" - - log "github.com/sirupsen/logrus" -) - -// LogHook is a logrus hook that captures log entries and sends them to a channel. -type LogHook struct { - ch chan string - formatter log.Formatter - mu sync.Mutex - levels []log.Level -} - -// NewLogHook creates a new LogHook with a buffered channel of the given size. -func NewLogHook(bufSize int) *LogHook { - return &LogHook{ - ch: make(chan string, bufSize), - formatter: &log.TextFormatter{DisableColors: true, FullTimestamp: true}, - levels: log.AllLevels, - } -} - -// SetFormatter sets a custom formatter for the hook. -func (h *LogHook) SetFormatter(f log.Formatter) { - h.mu.Lock() - defer h.mu.Unlock() - h.formatter = f -} - -// Levels returns the log levels this hook should fire on. -func (h *LogHook) Levels() []log.Level { - return h.levels -} - -// Fire is called by logrus when a log entry is fired. -func (h *LogHook) Fire(entry *log.Entry) error { - h.mu.Lock() - f := h.formatter - h.mu.Unlock() - - var line string - if f != nil { - b, err := f.Format(entry) - if err == nil { - line = strings.TrimRight(string(b), "\n\r") - } else { - line = fmt.Sprintf("[%s] %s", entry.Level, entry.Message) - } - } else { - line = fmt.Sprintf("[%s] %s", entry.Level, entry.Message) - } - - // Non-blocking send - select { - case h.ch <- line: - default: - // Drop oldest if full - select { - case <-h.ch: - default: - } - select { - case h.ch <- line: - default: - } - } - return nil -} - -// Chan returns the channel to read log lines from. -func (h *LogHook) Chan() <-chan string { - return h.ch -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/logs_tab.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/logs_tab.go deleted file mode 100644 index 456200d915..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/logs_tab.go +++ /dev/null @@ -1,261 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "time" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" -) - -// logsTabModel displays real-time log lines from hook/API source. -type logsTabModel struct { - client *Client - hook *LogHook - viewport viewport.Model - lines []string - maxLines int - autoScroll bool - width int - height int - ready bool - filter string // "", "debug", "info", "warn", "error" - after int64 - lastErr error -} - -type logsPollMsg struct { - lines []string - latest int64 - err error -} - -type logsTickMsg struct{} -type logLineMsg string - -func newLogsTabModel(client *Client, hook *LogHook) logsTabModel { - return logsTabModel{ - client: client, - hook: hook, - maxLines: 5000, - autoScroll: true, - } -} - -func (m logsTabModel) Init() tea.Cmd { - if m.hook != nil { - return m.waitForLog - } - return m.fetchLogs -} - -func (m logsTabModel) fetchLogs() tea.Msg { - lines, latest, err := m.client.GetLogs(m.after, 200) - return logsPollMsg{ - lines: lines, - latest: latest, - err: err, - } -} - -func (m logsTabModel) waitForNextPoll() tea.Cmd { - return tea.Tick(2*time.Second, func(_ time.Time) tea.Msg { - return logsTickMsg{} - }) -} - -func (m logsTabModel) waitForLog() tea.Msg { - if m.hook == nil { - return nil - } - line, ok := <-m.hook.Chan() - if !ok { - return nil - } - return logLineMsg(line) -} - -func (m logsTabModel) Update(msg tea.Msg) (logsTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderLogs()) - return m, nil - case logsTickMsg: - if m.hook != nil { - return m, nil - } - return m, m.fetchLogs - case logsPollMsg: - if m.hook != nil { - return m, nil - } - if msg.err != nil { - m.lastErr = msg.err - } else { - m.lastErr = nil - m.after = msg.latest - if len(msg.lines) > 0 { - m.lines = append(m.lines, msg.lines...) - if len(m.lines) > m.maxLines { - m.lines = m.lines[len(m.lines)-m.maxLines:] - } - } - } - m.viewport.SetContent(m.renderLogs()) - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, m.waitForNextPoll() - case logLineMsg: - m.lines = append(m.lines, string(msg)) - if len(m.lines) > m.maxLines { - m.lines = m.lines[len(m.lines)-m.maxLines:] - } - m.viewport.SetContent(m.renderLogs()) - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, m.waitForLog - - case tea.KeyMsg: - switch msg.String() { - case "a": - m.autoScroll = !m.autoScroll - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, nil - case "c": - m.lines = nil - m.lastErr = nil - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "1": - m.filter = "" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "2": - m.filter = "info" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "3": - m.filter = "warn" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "4": - m.filter = "error" - m.viewport.SetContent(m.renderLogs()) - return m, nil - default: - wasAtBottom := m.viewport.AtBottom() - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - // If user scrolls up, disable auto-scroll - if !m.viewport.AtBottom() && wasAtBottom { - m.autoScroll = false - } - // If user scrolls to bottom, re-enable auto-scroll - if m.viewport.AtBottom() { - m.autoScroll = true - } - return m, cmd - } - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *logsTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderLogs()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m logsTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m logsTabModel) renderLogs() string { - var sb strings.Builder - - scrollStatus := successStyle.Render(T("logs_auto_scroll")) - if !m.autoScroll { - scrollStatus = warningStyle.Render(T("logs_paused")) - } - filterLabel := "ALL" - if m.filter != "" { - filterLabel = strings.ToUpper(m.filter) + "+" - } - - header := fmt.Sprintf(" %s %s %s: %s %s: %d", - T("logs_title"), scrollStatus, T("logs_filter"), filterLabel, T("logs_lines"), len(m.lines)) - sb.WriteString(titleStyle.Render(header)) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("logs_help"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.lastErr != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.lastErr.Error())) - sb.WriteString("\n") - } - - if len(m.lines) == 0 { - sb.WriteString(subtitleStyle.Render(T("logs_waiting"))) - return sb.String() - } - - for _, line := range m.lines { - if m.filter != "" && !m.matchLevel(line) { - continue - } - styled := m.styleLine(line) - sb.WriteString(styled) - sb.WriteString("\n") - } - - return sb.String() -} - -func (m logsTabModel) matchLevel(line string) bool { - switch m.filter { - case "error": - return strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") || strings.Contains(line, "[panic]") - case "warn": - return strings.Contains(line, "[warn") || strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") - case "info": - return !strings.Contains(line, "[debug]") - default: - return true - } -} - -func (m logsTabModel) styleLine(line string) string { - if strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") { - return logErrorStyle.Render(line) - } - if strings.Contains(line, "[warn") { - return logWarnStyle.Render(line) - } - if strings.Contains(line, "[info") { - return logInfoStyle.Render(line) - } - if strings.Contains(line, "[debug]") { - return logDebugStyle.Render(line) - } - return line -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/oauth_tab.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/oauth_tab.go deleted file mode 100644 index 3989e3d861..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/oauth_tab.go +++ /dev/null @@ -1,473 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "time" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// oauthProvider represents an OAuth provider option. -type oauthProvider struct { - name string - apiPath string // management API path - emoji string -} - -var oauthProviders = []oauthProvider{ - {"Gemini CLI", "gemini-cli-auth-url", "🟦"}, - {"Claude (Anthropic)", "anthropic-auth-url", "🟧"}, - {"Codex (OpenAI)", "codex-auth-url", "🟩"}, - {"Antigravity", "antigravity-auth-url", "🟪"}, - {"Qwen", "qwen-auth-url", "🟨"}, - {"Kimi", "kimi-auth-url", "🟫"}, - {"IFlow", "iflow-auth-url", "⬜"}, -} - -// oauthTabModel handles OAuth login flows. -type oauthTabModel struct { - client *Client - viewport viewport.Model - cursor int - state oauthState - message string - err error - width int - height int - ready bool - - // Remote browser mode - authURL string // auth URL to display - authState string // OAuth state parameter - providerName string // current provider name - callbackInput textinput.Model - inputActive bool // true when user is typing callback URL -} - -type oauthState int - -const ( - oauthIdle oauthState = iota - oauthPending - oauthRemote // remote browser mode: waiting for manual callback - oauthSuccess - oauthError -) - -// Messages -type oauthStartMsg struct { - url string - state string - providerName string - err error -} - -type oauthPollMsg struct { - done bool - message string - err error -} - -type oauthCallbackSubmitMsg struct { - err error -} - -func newOAuthTabModel(client *Client) oauthTabModel { - ti := textinput.New() - ti.Placeholder = "http://localhost:.../auth/callback?code=...&state=..." - ti.CharLimit = 2048 - ti.Prompt = " 回调 URL: " - return oauthTabModel{ - client: client, - callbackInput: ti, - } -} - -func (m oauthTabModel) Init() tea.Cmd { - return nil -} - -func (m oauthTabModel) Update(msg tea.Msg) (oauthTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case oauthStartMsg: - if msg.err != nil { - m.state = oauthError - m.err = msg.err - m.message = errorStyle.Render("✗ " + msg.err.Error()) - m.viewport.SetContent(m.renderContent()) - return m, nil - } - m.authURL = msg.url - m.authState = msg.state - m.providerName = msg.providerName - m.state = oauthRemote - m.callbackInput.SetValue("") - m.callbackInput.Focus() - m.inputActive = true - m.message = "" - m.viewport.SetContent(m.renderContent()) - // Also start polling in the background - return m, tea.Batch(textinput.Blink, m.pollOAuthStatus(msg.state)) - - case oauthPollMsg: - if msg.err != nil { - m.state = oauthError - m.err = msg.err - m.message = errorStyle.Render("✗ " + msg.err.Error()) - m.inputActive = false - m.callbackInput.Blur() - } else if msg.done { - m.state = oauthSuccess - m.message = successStyle.Render("✓ " + msg.message) - m.inputActive = false - m.callbackInput.Blur() - } else { - m.message = warningStyle.Render("⏳ " + msg.message) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case oauthCallbackSubmitMsg: - if msg.err != nil { - m.message = errorStyle.Render(T("oauth_submit_fail") + ": " + msg.err.Error()) - } else { - m.message = successStyle.Render(T("oauth_submit_ok")) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case tea.KeyMsg: - // ---- Input active: typing callback URL ---- - if m.inputActive { - switch msg.String() { - case "enter": - callbackURL := m.callbackInput.Value() - if callbackURL == "" { - return m, nil - } - m.inputActive = false - m.callbackInput.Blur() - m.message = warningStyle.Render(T("oauth_submitting")) - m.viewport.SetContent(m.renderContent()) - return m, m.submitCallback(callbackURL) - case "esc": - m.inputActive = false - m.callbackInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.callbackInput, cmd = m.callbackInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } - } - - // ---- Remote mode but not typing ---- - if m.state == oauthRemote { - switch msg.String() { - case "c", "C": - // Re-activate input - m.inputActive = true - m.callbackInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - case "esc": - m.state = oauthIdle - m.message = "" - m.authURL = "" - m.authState = "" - m.viewport.SetContent(m.renderContent()) - return m, nil - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - // ---- Pending (auto polling) ---- - if m.state == oauthPending { - if msg.String() == "esc" { - m.state = oauthIdle - m.message = "" - m.viewport.SetContent(m.renderContent()) - } - return m, nil - } - - // ---- Idle ---- - switch msg.String() { - case "up", "k": - if m.cursor > 0 { - m.cursor-- - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "down", "j": - if m.cursor < len(oauthProviders)-1 { - m.cursor++ - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "enter": - if m.cursor >= 0 && m.cursor < len(oauthProviders) { - provider := oauthProviders[m.cursor] - m.state = oauthPending - m.message = warningStyle.Render(fmt.Sprintf(T("oauth_initiating"), provider.name)) - m.viewport.SetContent(m.renderContent()) - return m, m.startOAuth(provider) - } - return m, nil - case "esc": - m.state = oauthIdle - m.message = "" - m.err = nil - m.viewport.SetContent(m.renderContent()) - return m, nil - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m oauthTabModel) startOAuth(provider oauthProvider) tea.Cmd { - return func() tea.Msg { - // Call the auth URL endpoint with is_webui=true - data, err := m.client.getJSON("/v0/management/" + provider.apiPath + "?is_webui=true") - if err != nil { - return oauthStartMsg{err: fmt.Errorf("failed to start %s login: %w", provider.name, err)} - } - - authURL := getString(data, "url") - state := getString(data, "state") - if authURL == "" { - return oauthStartMsg{err: fmt.Errorf("no auth URL returned for %s", provider.name)} - } - - // Try to open browser (best effort) - _ = openBrowser(authURL) - - return oauthStartMsg{url: authURL, state: state, providerName: provider.name} - } -} - -func (m oauthTabModel) submitCallback(callbackURL string) tea.Cmd { - return func() tea.Msg { - // Determine provider from current context - providerKey := "" - for _, p := range oauthProviders { - if p.name == m.providerName { - // Map provider name to the canonical key the API expects - switch p.apiPath { - case "gemini-cli-auth-url": - providerKey = "gemini" - case "anthropic-auth-url": - providerKey = "anthropic" - case "codex-auth-url": - providerKey = "codex" - case "antigravity-auth-url": - providerKey = "antigravity" - case "qwen-auth-url": - providerKey = "qwen" - case "kimi-auth-url": - providerKey = "kimi" - case "iflow-auth-url": - providerKey = "iflow" - } - break - } - } - - body := map[string]string{ - "provider": providerKey, - "redirect_url": callbackURL, - "state": m.authState, - } - err := m.client.postJSON("/v0/management/oauth-callback", body) - if err != nil { - return oauthCallbackSubmitMsg{err: err} - } - return oauthCallbackSubmitMsg{} - } -} - -func (m oauthTabModel) pollOAuthStatus(state string) tea.Cmd { - return func() tea.Msg { - // Poll session status for up to 5 minutes - deadline := time.Now().Add(5 * time.Minute) - for { - if time.Now().After(deadline) { - return oauthPollMsg{done: false, err: fmt.Errorf("%s", T("oauth_timeout"))} - } - - time.Sleep(2 * time.Second) - - status, errMsg, err := m.client.GetAuthStatus(state) - if err != nil { - continue // Ignore transient errors - } - - switch status { - case "ok": - return oauthPollMsg{ - done: true, - message: T("oauth_success"), - } - case "error": - return oauthPollMsg{ - done: false, - err: fmt.Errorf("%s: %s", T("oauth_failed"), errMsg), - } - case "wait": - continue - default: - return oauthPollMsg{ - done: true, - message: T("oauth_completed"), - } - } - } - } -} - -func (m *oauthTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.callbackInput.Width = w - 16 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m oauthTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m oauthTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("oauth_title"))) - sb.WriteString("\n\n") - - if m.message != "" { - sb.WriteString(" " + m.message) - sb.WriteString("\n\n") - } - - // ---- Remote browser mode ---- - if m.state == oauthRemote { - sb.WriteString(m.renderRemoteMode()) - return sb.String() - } - - if m.state == oauthPending { - sb.WriteString(helpStyle.Render(T("oauth_press_esc"))) - return sb.String() - } - - sb.WriteString(helpStyle.Render(T("oauth_select"))) - sb.WriteString("\n\n") - - for i, p := range oauthProviders { - isSelected := i == m.cursor - prefix := " " - if isSelected { - prefix = "▸ " - } - - label := fmt.Sprintf("%s %s", p.emoji, p.name) - if isSelected { - label = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("#FFFFFF")).Background(colorPrimary).Padding(0, 1).Render(label) - } else { - label = lipgloss.NewStyle().Foreground(colorText).Padding(0, 1).Render(label) - } - - sb.WriteString(prefix + label + "\n") - } - - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("oauth_help"))) - - return sb.String() -} - -func (m oauthTabModel) renderRemoteMode() string { - var sb strings.Builder - - providerStyle := lipgloss.NewStyle().Bold(true).Foreground(colorHighlight) - sb.WriteString(providerStyle.Render(fmt.Sprintf(" ✦ %s OAuth", m.providerName))) - sb.WriteString("\n\n") - - // Auth URL section - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorInfo).Render(T("oauth_auth_url"))) - sb.WriteString("\n") - - // Wrap URL to fit terminal width - urlStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("252")) - maxURLWidth := m.width - 6 - if maxURLWidth < 40 { - maxURLWidth = 40 - } - wrappedURL := wrapText(m.authURL, maxURLWidth) - for _, line := range wrappedURL { - sb.WriteString(" " + urlStyle.Render(line) + "\n") - } - sb.WriteString("\n") - - sb.WriteString(helpStyle.Render(T("oauth_remote_hint"))) - sb.WriteString("\n\n") - - // Callback URL input - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorInfo).Render(T("oauth_callback_url"))) - sb.WriteString("\n") - - if m.inputActive { - sb.WriteString(m.callbackInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(" " + T("enter_submit") + " • " + T("esc_cancel"))) - } else { - sb.WriteString(helpStyle.Render(T("oauth_press_c"))) - } - - sb.WriteString("\n\n") - sb.WriteString(warningStyle.Render(T("oauth_waiting"))) - - return sb.String() -} - -// wrapText splits a long string into lines of at most maxWidth characters. -func wrapText(s string, maxWidth int) []string { - if maxWidth <= 0 { - return []string{s} - } - var lines []string - for len(s) > maxWidth { - lines = append(lines, s[:maxWidth]) - s = s[maxWidth:] - } - if len(s) > 0 { - lines = append(lines, s) - } - return lines -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/styles.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/styles.go deleted file mode 100644 index 004c221d1c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/styles.go +++ /dev/null @@ -1,99 +0,0 @@ -// Package tui provides a terminal-based management interface for CLIProxyAPI. -package tui - -import "github.com/charmbracelet/lipgloss" - -// Color palette -var ( - colorPrimary = lipgloss.Color("#7C3AED") // violet - colorSuccess = lipgloss.Color("#22C55E") // green - colorWarning = lipgloss.Color("#EAB308") // yellow - colorError = lipgloss.Color("#EF4444") // red - colorInfo = lipgloss.Color("#3B82F6") // blue - colorMuted = lipgloss.Color("#6B7280") // gray - colorSurface = lipgloss.Color("#313244") // slightly lighter - colorText = lipgloss.Color("#CDD6F4") // light text - colorSubtext = lipgloss.Color("#A6ADC8") // dimmer text - colorBorder = lipgloss.Color("#45475A") // border - colorHighlight = lipgloss.Color("#F5C2E7") // pink highlight -) - -// Tab bar styles -var ( - tabActiveStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(lipgloss.Color("#FFFFFF")). - Background(colorPrimary). - Padding(0, 2) - - tabInactiveStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Background(colorSurface). - Padding(0, 2) - - tabBarStyle = lipgloss.NewStyle(). - Background(colorSurface). - PaddingLeft(1). - PaddingBottom(0) -) - -// Content styles -var ( - titleStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(colorHighlight). - MarginBottom(1) - - subtitleStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Italic(true) - - labelStyle = lipgloss.NewStyle(). - Foreground(colorInfo). - Bold(true). - Width(24) - - valueStyle = lipgloss.NewStyle(). - Foreground(colorText) - - errorStyle = lipgloss.NewStyle(). - Foreground(colorError). - Bold(true) - - successStyle = lipgloss.NewStyle(). - Foreground(colorSuccess) - - warningStyle = lipgloss.NewStyle(). - Foreground(colorWarning) - - statusBarStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Background(colorSurface). - PaddingLeft(1). - PaddingRight(1) - - helpStyle = lipgloss.NewStyle(). - Foreground(colorMuted) -) - -// Log level styles -var ( - logDebugStyle = lipgloss.NewStyle().Foreground(colorMuted) - logInfoStyle = lipgloss.NewStyle().Foreground(colorInfo) - logWarnStyle = lipgloss.NewStyle().Foreground(colorWarning) - logErrorStyle = lipgloss.NewStyle().Foreground(colorError) -) - -// Table styles -var ( - tableHeaderStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(colorHighlight). - BorderBottom(true). - BorderStyle(lipgloss.NormalBorder()). - BorderForeground(colorBorder) - - tableCellStyle = lipgloss.NewStyle(). - Foreground(colorText). - PaddingRight(2) -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/usage_tab.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/usage_tab.go deleted file mode 100644 index 6d33724216..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/usage_tab.go +++ /dev/null @@ -1,447 +0,0 @@ -package tui - -import ( - "fmt" - "sort" - "strings" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// usageTabModel displays usage statistics with charts and breakdowns. -type usageTabModel struct { - client *Client - viewport viewport.Model - usage map[string]any - err error - width int - height int - ready bool -} - -type usageDataMsg struct { - usage map[string]any - err error -} - -func newUsageTabModel(client *Client) usageTabModel { - return usageTabModel{ - client: client, - } -} - -func (m usageTabModel) Init() tea.Cmd { - return m.fetchData -} - -func (m usageTabModel) fetchData() tea.Msg { - usage, err := m.client.GetUsage() - return usageDataMsg{usage: usage, err: err} -} - -func (m usageTabModel) Update(msg tea.Msg) (usageTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case usageDataMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.usage = msg.usage - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case tea.KeyMsg: - if msg.String() == "r" { - return m, m.fetchData - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *usageTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m usageTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m usageTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("usage_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("usage_help"))) - sb.WriteString("\n\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - if m.usage == nil { - sb.WriteString(subtitleStyle.Render(T("usage_no_data"))) - sb.WriteString("\n") - return sb.String() - } - - usageMap, _ := m.usage["usage"].(map[string]any) - if usageMap == nil { - sb.WriteString(subtitleStyle.Render(T("usage_no_data"))) - sb.WriteString("\n") - return sb.String() - } - - totalReqs := int64(getFloat(usageMap, "total_requests")) - successCnt := int64(getFloat(usageMap, "success_count")) - failureCnt := int64(getFloat(usageMap, "failure_count")) - totalTokens := resolveUsageTotalTokens(usageMap) - - // ━━━ Overview Cards ━━━ - cardWidth := 20 - if m.width > 0 { - cardWidth = (m.width - 6) / 4 - if cardWidth < 16 { - cardWidth = 16 - } - } - cardStyle := lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(lipgloss.Color("240")). - Padding(0, 1). - Width(cardWidth). - Height(3) - - // Total Requests - card1 := cardStyle.BorderForeground(lipgloss.Color("111")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_total_reqs")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("111")).Render(fmt.Sprintf("%d", totalReqs)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("● %s: %d ● %s: %d", T("usage_success"), successCnt, T("usage_failure"), failureCnt)), - )) - - // Total Tokens - card2 := cardStyle.BorderForeground(lipgloss.Color("214")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_total_tokens")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("214")).Render(formatLargeNumber(totalTokens)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %s", T("usage_total_token_l"), formatLargeNumber(totalTokens))), - )) - - // RPM - rpm := float64(0) - if totalReqs > 0 { - if rByH, ok := usageMap["requests_by_hour"].(map[string]any); ok && len(rByH) > 0 { - rpm = float64(totalReqs) / float64(len(rByH)) / 60.0 - } - } - card3 := cardStyle.BorderForeground(lipgloss.Color("76")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_rpm")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("76")).Render(fmt.Sprintf("%.2f", rpm)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %d", T("usage_total_reqs"), totalReqs)), - )) - - // TPM - tpm := float64(0) - if totalTokens > 0 { - if tByH, ok := usageMap["tokens_by_hour"].(map[string]any); ok && len(tByH) > 0 { - tpm = float64(totalTokens) / float64(len(tByH)) / 60.0 - } - } - card4 := cardStyle.BorderForeground(lipgloss.Color("170")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_tpm")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("170")).Render(fmt.Sprintf("%.2f", tpm)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %s", T("usage_total_tokens"), formatLargeNumber(totalTokens))), - )) - - sb.WriteString(lipgloss.JoinHorizontal(lipgloss.Top, card1, " ", card2, " ", card3, " ", card4)) - sb.WriteString("\n\n") - - // ━━━ Requests by Hour (ASCII bar chart) ━━━ - if rByH, ok := usageMap["requests_by_hour"].(map[string]any); ok && len(rByH) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_req_by_hour"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(rByH, m.width-6, lipgloss.Color("111"))) - sb.WriteString("\n") - } - - // ━━━ Tokens by Hour ━━━ - if tByH, ok := usageMap["tokens_by_hour"].(map[string]any); ok && len(tByH) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_tok_by_hour"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(tByH, m.width-6, lipgloss.Color("214"))) - sb.WriteString("\n") - } - - // ━━━ Requests by Day ━━━ - if rByD, ok := usageMap["requests_by_day"].(map[string]any); ok && len(rByD) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_req_by_day"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(rByD, m.width-6, lipgloss.Color("76"))) - sb.WriteString("\n") - } - - // ━━━ API Detail Stats ━━━ - if apis, ok := usageMap["apis"].(map[string]any); ok && len(apis) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_api_detail"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 80))) - sb.WriteString("\n") - - header := fmt.Sprintf(" %-30s %10s %12s", "API", T("requests"), T("tokens")) - sb.WriteString(tableHeaderStyle.Render(header)) - sb.WriteString("\n") - - for apiName, apiSnap := range apis { - if apiMap, ok := apiSnap.(map[string]any); ok { - apiReqs := int64(getFloat(apiMap, "total_requests")) - apiToks := int64(getFloat(apiMap, "total_tokens")) - - row := fmt.Sprintf(" %-30s %10d %12s", - truncate(maskKey(apiName), 30), apiReqs, formatLargeNumber(apiToks)) - sb.WriteString(lipgloss.NewStyle().Bold(true).Render(row)) - sb.WriteString("\n") - - // Per-model breakdown - if models, ok := apiMap["models"].(map[string]any); ok { - for model, v := range models { - if stats, ok := v.(map[string]any); ok { - mReqs := int64(getFloat(stats, "total_requests")) - mToks := int64(getFloat(stats, "total_tokens")) - mRow := fmt.Sprintf(" ├─ %-28s %10d %12s", - truncate(model, 28), mReqs, formatLargeNumber(mToks)) - sb.WriteString(tableCellStyle.Render(mRow)) - sb.WriteString("\n") - - // Token type breakdown from details - sb.WriteString(m.renderTokenBreakdown(stats)) - } - } - } - } - } - } - - sb.WriteString("\n") - return sb.String() -} - -func resolveUsageTotalTokens(usageMap map[string]any) int64 { - totalTokens := int64(getFloat(usageMap, "total_tokens")) - if totalTokens > 0 { - return totalTokens - } - - apis, ok := usageMap["apis"].(map[string]any) - if !ok || len(apis) == 0 { - return totalTokens - } - - var fromModels int64 - var fromDetails int64 - for _, apiSnap := range apis { - apiMap, ok := apiSnap.(map[string]any) - if !ok { - continue - } - models, ok := apiMap["models"].(map[string]any) - if !ok { - continue - } - for _, statsRaw := range models { - stats, ok := statsRaw.(map[string]any) - if !ok { - continue - } - modelTotal := int64(getFloat(stats, "total_tokens")) - if modelTotal > 0 { - fromModels += modelTotal - continue - } - fromDetails += usageDetailsTokenTotal(stats) - } - } - - if fromModels > 0 { - return fromModels - } - if fromDetails > 0 { - return fromDetails - } - return totalTokens -} - -func usageDetailsTokenTotal(modelStats map[string]any) int64 { - details, ok := modelStats["details"] - if !ok { - return 0 - } - detailList, ok := details.([]any) - if !ok || len(detailList) == 0 { - return 0 - } - - var total int64 - for _, d := range detailList { - dm, ok := d.(map[string]any) - if !ok { - continue - } - input, output, cached, reasoning := usageTokenBreakdown(dm) - total += input + output + cached + reasoning - } - return total -} - -func usageTokenBreakdown(detail map[string]any) (inputTotal, outputTotal, cachedTotal, reasoningTotal int64) { - if tokens, ok := detail["tokens"].(map[string]any); ok { - inputTotal += int64(getFloat(tokens, "input_tokens")) - outputTotal += int64(getFloat(tokens, "output_tokens")) - cachedTotal += int64(getFloat(tokens, "cached_tokens")) - reasoningTotal += int64(getFloat(tokens, "reasoning_tokens")) - } - - // Some providers send token counts flat on detail entries. - inputTotal += int64(getFloat(detail, "input_tokens")) - inputTotal += int64(getFloat(detail, "prompt_tokens")) - outputTotal += int64(getFloat(detail, "output_tokens")) - outputTotal += int64(getFloat(detail, "completion_tokens")) - cachedTotal += int64(getFloat(detail, "cached_tokens")) - reasoningTotal += int64(getFloat(detail, "reasoning_tokens")) - - return inputTotal, outputTotal, cachedTotal, reasoningTotal -} - -// renderTokenBreakdown aggregates input/output/cached/reasoning tokens from model details. -func (m usageTabModel) renderTokenBreakdown(modelStats map[string]any) string { - details, ok := modelStats["details"] - if !ok { - return "" - } - detailList, ok := details.([]any) - if !ok || len(detailList) == 0 { - return "" - } - - var inputTotal, outputTotal, cachedTotal, reasoningTotal int64 - for _, d := range detailList { - dm, ok := d.(map[string]any) - if !ok { - continue - } - input, output, cached, reasoning := usageTokenBreakdown(dm) - inputTotal += input - outputTotal += output - cachedTotal += cached - reasoningTotal += reasoning - } - - if inputTotal == 0 && outputTotal == 0 && cachedTotal == 0 && reasoningTotal == 0 { - return "" - } - - parts := []string{} - if inputTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_input"), formatLargeNumber(inputTotal))) - } - if outputTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_output"), formatLargeNumber(outputTotal))) - } - if cachedTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_cached"), formatLargeNumber(cachedTotal))) - } - if reasoningTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_reasoning"), formatLargeNumber(reasoningTotal))) - } - - return fmt.Sprintf(" │ %s\n", - lipgloss.NewStyle().Foreground(colorMuted).Render(strings.Join(parts, " "))) -} - -// renderBarChart renders a simple ASCII horizontal bar chart. -func renderBarChart(data map[string]any, maxBarWidth int, barColor lipgloss.Color) string { - if maxBarWidth < 10 { - maxBarWidth = 10 - } - - // Sort keys - keys := make([]string, 0, len(data)) - for k := range data { - keys = append(keys, k) - } - sort.Strings(keys) - - // Find max value - maxVal := float64(0) - for _, k := range keys { - v := getFloat(data, k) - if v > maxVal { - maxVal = v - } - } - if maxVal == 0 { - return "" - } - - barStyle := lipgloss.NewStyle().Foreground(barColor) - var sb strings.Builder - - labelWidth := 12 - barAvail := maxBarWidth - labelWidth - 12 - if barAvail < 5 { - barAvail = 5 - } - - for _, k := range keys { - v := getFloat(data, k) - barLen := int(v / maxVal * float64(barAvail)) - if barLen < 1 && v > 0 { - barLen = 1 - } - bar := strings.Repeat("█", barLen) - label := k - if len(label) > labelWidth { - label = label[:labelWidth] - } - fmt.Fprintf(&sb, " %-*s %s %s\n", - labelWidth, label, - barStyle.Render(bar), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%.0f", v)), - ) - } - - return sb.String() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/usage_tab_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/usage_tab_test.go deleted file mode 100644 index a05ae00eb1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/tui/usage_tab_test.go +++ /dev/null @@ -1,91 +0,0 @@ -package tui - -import "testing" - -func TestResolveUsageTotalTokens_PrefersTopLevelValue(t *testing.T) { - usageMap := map[string]any{ - "total_tokens": float64(123), - "apis": map[string]any{ - "kimi": map[string]any{ - "models": map[string]any{ - "kimi-k2.5": map[string]any{"total_tokens": float64(999)}, - }, - }, - }, - } - - if got := resolveUsageTotalTokens(usageMap); got != 123 { - t.Fatalf("resolveUsageTotalTokens() = %d, want 123", got) - } -} - -func TestResolveUsageTotalTokens_FallsBackToModelTotals(t *testing.T) { - usageMap := map[string]any{ - "total_tokens": float64(0), - "apis": map[string]any{ - "kimi": map[string]any{ - "models": map[string]any{ - "kimi-k2.5": map[string]any{"total_tokens": float64(40)}, - "kimi-k2.6": map[string]any{"total_tokens": float64(60)}, - }, - }, - }, - } - - if got := resolveUsageTotalTokens(usageMap); got != 100 { - t.Fatalf("resolveUsageTotalTokens() = %d, want 100", got) - } -} - -func TestResolveUsageTotalTokens_FallsBackToDetailBreakdown(t *testing.T) { - usageMap := map[string]any{ - "total_tokens": float64(0), - "apis": map[string]any{ - "kimi": map[string]any{ - "models": map[string]any{ - "kimi-k2.5": map[string]any{ - "details": []any{ - map[string]any{ - "prompt_tokens": float64(10), - "completion_tokens": float64(15), - "cached_tokens": float64(5), - "reasoning_tokens": float64(3), - }, - map[string]any{ - "tokens": map[string]any{ - "input_tokens": float64(7), - "output_tokens": float64(8), - "cached_tokens": float64(1), - "reasoning_tokens": float64(1), - }, - }, - }, - }, - }, - }, - }, - } - - // 10+15+5+3 + 7+8+1+1 - if got := resolveUsageTotalTokens(usageMap); got != 50 { - t.Fatalf("resolveUsageTotalTokens() = %d, want 50", got) - } -} - -func TestUsageTokenBreakdown_CombinesNestedAndFlatFields(t *testing.T) { - detail := map[string]any{ - "prompt_tokens": float64(11), - "completion_tokens": float64(12), - "tokens": map[string]any{ - "input_tokens": float64(1), - "output_tokens": float64(2), - "cached_tokens": float64(3), - "reasoning_tokens": float64(4), - }, - } - - input, output, cached, reasoning := usageTokenBreakdown(detail) - if input != 12 || output != 14 || cached != 3 || reasoning != 4 { - t.Fatalf("usageTokenBreakdown() = (%d,%d,%d,%d), want (12,14,3,4)", input, output, cached, reasoning) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/logger_plugin.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/logger_plugin.go deleted file mode 100644 index e4371e8d39..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/logger_plugin.go +++ /dev/null @@ -1,472 +0,0 @@ -// Package usage provides usage tracking and logging functionality for the CLI Proxy API server. -// It includes plugins for monitoring API usage, token consumption, and other metrics -// to help with observability and billing purposes. -package usage - -import ( - "context" - "fmt" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/gin-gonic/gin" - coreusage "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -var statisticsEnabled atomic.Bool - -func init() { - statisticsEnabled.Store(true) - coreusage.RegisterPlugin(NewLoggerPlugin()) -} - -// LoggerPlugin collects in-memory request statistics for usage analysis. -// It implements coreusage.Plugin to receive usage records emitted by the runtime. -type LoggerPlugin struct { - stats *RequestStatistics -} - -// NewLoggerPlugin constructs a new logger plugin instance. -// -// Returns: -// - *LoggerPlugin: A new logger plugin instance wired to the shared statistics store. -func NewLoggerPlugin() *LoggerPlugin { return &LoggerPlugin{stats: defaultRequestStatistics} } - -// HandleUsage implements coreusage.Plugin. -// It updates the in-memory statistics store whenever a usage record is received. -// -// Parameters: -// - ctx: The context for the usage record -// - record: The usage record to aggregate -func (p *LoggerPlugin) HandleUsage(ctx context.Context, record coreusage.Record) { - if !statisticsEnabled.Load() { - return - } - if p == nil || p.stats == nil { - return - } - p.stats.Record(ctx, record) -} - -// SetStatisticsEnabled toggles whether in-memory statistics are recorded. -func SetStatisticsEnabled(enabled bool) { statisticsEnabled.Store(enabled) } - -// StatisticsEnabled reports the current recording state. -func StatisticsEnabled() bool { return statisticsEnabled.Load() } - -// RequestStatistics maintains aggregated request metrics in memory. -type RequestStatistics struct { - mu sync.RWMutex - - totalRequests int64 - successCount int64 - failureCount int64 - totalTokens int64 - - apis map[string]*apiStats - - requestsByDay map[string]int64 - requestsByHour map[int]int64 - tokensByDay map[string]int64 - tokensByHour map[int]int64 -} - -// apiStats holds aggregated metrics for a single API key. -type apiStats struct { - TotalRequests int64 - TotalTokens int64 - Models map[string]*modelStats -} - -// modelStats holds aggregated metrics for a specific model within an API. -type modelStats struct { - TotalRequests int64 - TotalTokens int64 - Details []RequestDetail -} - -// RequestDetail stores the timestamp and token usage for a single request. -type RequestDetail struct { - Timestamp time.Time `json:"timestamp"` - Source string `json:"source"` - AuthIndex string `json:"auth_index"` - Tokens TokenStats `json:"tokens"` - Failed bool `json:"failed"` -} - -// TokenStats captures the token usage breakdown for a request. -type TokenStats struct { - InputTokens int64 `json:"input_tokens"` - OutputTokens int64 `json:"output_tokens"` - ReasoningTokens int64 `json:"reasoning_tokens"` - CachedTokens int64 `json:"cached_tokens"` - TotalTokens int64 `json:"total_tokens"` -} - -// StatisticsSnapshot represents an immutable view of the aggregated metrics. -type StatisticsSnapshot struct { - TotalRequests int64 `json:"total_requests"` - SuccessCount int64 `json:"success_count"` - FailureCount int64 `json:"failure_count"` - TotalTokens int64 `json:"total_tokens"` - - APIs map[string]APISnapshot `json:"apis"` - - RequestsByDay map[string]int64 `json:"requests_by_day"` - RequestsByHour map[string]int64 `json:"requests_by_hour"` - TokensByDay map[string]int64 `json:"tokens_by_day"` - TokensByHour map[string]int64 `json:"tokens_by_hour"` -} - -// APISnapshot summarises metrics for a single API key. -type APISnapshot struct { - TotalRequests int64 `json:"total_requests"` - TotalTokens int64 `json:"total_tokens"` - Models map[string]ModelSnapshot `json:"models"` -} - -// ModelSnapshot summarises metrics for a specific model. -type ModelSnapshot struct { - TotalRequests int64 `json:"total_requests"` - TotalTokens int64 `json:"total_tokens"` - Details []RequestDetail `json:"details"` -} - -var defaultRequestStatistics = NewRequestStatistics() - -// GetRequestStatistics returns the shared statistics store. -func GetRequestStatistics() *RequestStatistics { return defaultRequestStatistics } - -// NewRequestStatistics constructs an empty statistics store. -func NewRequestStatistics() *RequestStatistics { - return &RequestStatistics{ - apis: make(map[string]*apiStats), - requestsByDay: make(map[string]int64), - requestsByHour: make(map[int]int64), - tokensByDay: make(map[string]int64), - tokensByHour: make(map[int]int64), - } -} - -// Record ingests a new usage record and updates the aggregates. -func (s *RequestStatistics) Record(ctx context.Context, record coreusage.Record) { - if s == nil { - return - } - if !statisticsEnabled.Load() { - return - } - timestamp := record.RequestedAt - if timestamp.IsZero() { - timestamp = time.Now() - } - detail := normaliseDetail(record.Detail) - totalTokens := detail.TotalTokens - statsKey := record.APIKey - if statsKey == "" { - statsKey = resolveAPIIdentifier(ctx, record) - } - failed := record.Failed - if !failed { - failed = !resolveSuccess(ctx) - } - success := !failed - modelName := record.Model - if modelName == "" { - modelName = "unknown" - } - dayKey := timestamp.Format("2006-01-02") - hourKey := timestamp.Hour() - - s.mu.Lock() - defer s.mu.Unlock() - - s.totalRequests++ - if success { - s.successCount++ - } else { - s.failureCount++ - } - s.totalTokens += totalTokens - - stats, ok := s.apis[statsKey] - if !ok { - stats = &apiStats{Models: make(map[string]*modelStats)} - s.apis[statsKey] = stats - } - s.updateAPIStats(stats, modelName, RequestDetail{ - Timestamp: timestamp, - Source: record.Source, - AuthIndex: record.AuthIndex, - Tokens: detail, - Failed: failed, - }) - - s.requestsByDay[dayKey]++ - s.requestsByHour[hourKey]++ - s.tokensByDay[dayKey] += totalTokens - s.tokensByHour[hourKey] += totalTokens -} - -func (s *RequestStatistics) updateAPIStats(stats *apiStats, model string, detail RequestDetail) { - stats.TotalRequests++ - stats.TotalTokens += detail.Tokens.TotalTokens - modelStatsValue, ok := stats.Models[model] - if !ok { - modelStatsValue = &modelStats{} - stats.Models[model] = modelStatsValue - } - modelStatsValue.TotalRequests++ - modelStatsValue.TotalTokens += detail.Tokens.TotalTokens - modelStatsValue.Details = append(modelStatsValue.Details, detail) -} - -// Snapshot returns a copy of the aggregated metrics for external consumption. -func (s *RequestStatistics) Snapshot() StatisticsSnapshot { - result := StatisticsSnapshot{} - if s == nil { - return result - } - - s.mu.RLock() - defer s.mu.RUnlock() - - result.TotalRequests = s.totalRequests - result.SuccessCount = s.successCount - result.FailureCount = s.failureCount - result.TotalTokens = s.totalTokens - - result.APIs = make(map[string]APISnapshot, len(s.apis)) - for apiName, stats := range s.apis { - apiSnapshot := APISnapshot{ - TotalRequests: stats.TotalRequests, - TotalTokens: stats.TotalTokens, - Models: make(map[string]ModelSnapshot, len(stats.Models)), - } - for modelName, modelStatsValue := range stats.Models { - requestDetails := make([]RequestDetail, len(modelStatsValue.Details)) - copy(requestDetails, modelStatsValue.Details) - apiSnapshot.Models[modelName] = ModelSnapshot{ - TotalRequests: modelStatsValue.TotalRequests, - TotalTokens: modelStatsValue.TotalTokens, - Details: requestDetails, - } - } - result.APIs[apiName] = apiSnapshot - } - - result.RequestsByDay = make(map[string]int64, len(s.requestsByDay)) - for k, v := range s.requestsByDay { - result.RequestsByDay[k] = v - } - - result.RequestsByHour = make(map[string]int64, len(s.requestsByHour)) - for hour, v := range s.requestsByHour { - key := formatHour(hour) - result.RequestsByHour[key] = v - } - - result.TokensByDay = make(map[string]int64, len(s.tokensByDay)) - for k, v := range s.tokensByDay { - result.TokensByDay[k] = v - } - - result.TokensByHour = make(map[string]int64, len(s.tokensByHour)) - for hour, v := range s.tokensByHour { - key := formatHour(hour) - result.TokensByHour[key] = v - } - - return result -} - -type MergeResult struct { - Added int64 `json:"added"` - Skipped int64 `json:"skipped"` -} - -// MergeSnapshot merges an exported statistics snapshot into the current store. -// Existing data is preserved and duplicate request details are skipped. -func (s *RequestStatistics) MergeSnapshot(snapshot StatisticsSnapshot) MergeResult { - result := MergeResult{} - if s == nil { - return result - } - - s.mu.Lock() - defer s.mu.Unlock() - - seen := make(map[string]struct{}) - for apiName, stats := range s.apis { - if stats == nil { - continue - } - for modelName, modelStatsValue := range stats.Models { - if modelStatsValue == nil { - continue - } - for _, detail := range modelStatsValue.Details { - seen[dedupKey(apiName, modelName, detail)] = struct{}{} - } - } - } - - for apiName, apiSnapshot := range snapshot.APIs { - apiName = strings.TrimSpace(apiName) - if apiName == "" { - continue - } - stats, ok := s.apis[apiName] - if !ok || stats == nil { - stats = &apiStats{Models: make(map[string]*modelStats)} - s.apis[apiName] = stats - } else if stats.Models == nil { - stats.Models = make(map[string]*modelStats) - } - for modelName, modelSnapshot := range apiSnapshot.Models { - modelName = strings.TrimSpace(modelName) - if modelName == "" { - modelName = "unknown" - } - for _, detail := range modelSnapshot.Details { - detail.Tokens = normaliseTokenStats(detail.Tokens) - if detail.Timestamp.IsZero() { - detail.Timestamp = time.Now() - } - key := dedupKey(apiName, modelName, detail) - if _, exists := seen[key]; exists { - result.Skipped++ - continue - } - seen[key] = struct{}{} - s.recordImported(apiName, modelName, stats, detail) - result.Added++ - } - } - } - - return result -} - -func (s *RequestStatistics) recordImported(apiName, modelName string, stats *apiStats, detail RequestDetail) { - totalTokens := detail.Tokens.TotalTokens - if totalTokens < 0 { - totalTokens = 0 - } - - s.totalRequests++ - if detail.Failed { - s.failureCount++ - } else { - s.successCount++ - } - s.totalTokens += totalTokens - - s.updateAPIStats(stats, modelName, detail) - - dayKey := detail.Timestamp.Format("2006-01-02") - hourKey := detail.Timestamp.Hour() - - s.requestsByDay[dayKey]++ - s.requestsByHour[hourKey]++ - s.tokensByDay[dayKey] += totalTokens - s.tokensByHour[hourKey] += totalTokens -} - -func dedupKey(apiName, modelName string, detail RequestDetail) string { - timestamp := detail.Timestamp.UTC().Format(time.RFC3339Nano) - tokens := normaliseTokenStats(detail.Tokens) - return fmt.Sprintf( - "%s|%s|%s|%s|%s|%t|%d|%d|%d|%d|%d", - apiName, - modelName, - timestamp, - detail.Source, - detail.AuthIndex, - detail.Failed, - tokens.InputTokens, - tokens.OutputTokens, - tokens.ReasoningTokens, - tokens.CachedTokens, - tokens.TotalTokens, - ) -} - -func resolveAPIIdentifier(ctx context.Context, record coreusage.Record) string { - if ctx != nil { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil { - path := ginCtx.FullPath() - if path == "" && ginCtx.Request != nil { - path = ginCtx.Request.URL.Path - } - method := "" - if ginCtx.Request != nil { - method = ginCtx.Request.Method - } - if path != "" { - if method != "" { - return method + " " + path - } - return path - } - } - } - if record.Provider != "" { - return record.Provider - } - return "unknown" -} - -func resolveSuccess(ctx context.Context) bool { - if ctx == nil { - return true - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return true - } - status := ginCtx.Writer.Status() - if status == 0 { - return true - } - return status < httpStatusBadRequest -} - -const httpStatusBadRequest = 400 - -func normaliseDetail(detail coreusage.Detail) TokenStats { - tokens := TokenStats{ - InputTokens: detail.InputTokens, - OutputTokens: detail.OutputTokens, - ReasoningTokens: detail.ReasoningTokens, - CachedTokens: detail.CachedTokens, - TotalTokens: detail.TotalTokens, - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens + detail.CachedTokens - } - return tokens -} - -func normaliseTokenStats(tokens TokenStats) TokenStats { - if tokens.TotalTokens == 0 { - tokens.TotalTokens = tokens.InputTokens + tokens.OutputTokens + tokens.ReasoningTokens - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = tokens.InputTokens + tokens.OutputTokens + tokens.ReasoningTokens + tokens.CachedTokens - } - return tokens -} - -func formatHour(hour int) string { - if hour < 0 { - hour = 0 - } - hour = hour % 24 - return fmt.Sprintf("%02d", hour) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/message_transforms.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/message_transforms.go deleted file mode 100644 index 5b6126c2ed..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/message_transforms.go +++ /dev/null @@ -1,305 +0,0 @@ -// Package usage provides message transformation capabilities for handling -// long conversations that exceed model context limits. -// -// Supported transforms: -// - middle-out: Compress conversation by keeping start/end messages and trimming middle -package usage - -import ( - "context" - "encoding/json" - "fmt" - "strings" -) - -// TransformType represents the type of message transformation -type TransformType string - -const ( - // TransformMiddleOut keeps first half and last half of conversation, compresses middle - TransformMiddleOut TransformType = "middle-out" - // TransformTruncateStart keeps only the most recent messages - TransformTruncateStart TransformType = "truncate-start" - // TransformTruncateEnd keeps only the earliest messages - TransformTruncateEnd TransformType = "truncate-end" - // TransformSummarize summarizes the middle portion - TransformSummarize TransformType = "summarize" -) - -// Message represents a chat message -type Message struct { - Role string `json:"role"` - Content interface{} `json:"content"` - Name string `json:"name,omitempty"` - ToolCalls []ToolCall `json:"tool_calls,omitempty"` -} - -// ToolCall represents a tool call in a message -type ToolCall struct { - ID string `json:"id"` - Type string `json:"type"` - Function FunctionCall `json:"function"` -} - -// FunctionCall represents a function call -type FunctionCall struct { - Name string `json:"name"` - Arguments json.RawMessage `json:"arguments"` -} - -// TransformRequest specifies parameters for message transformation -type TransformRequest struct { - // Transform is the transformation type to apply - Transform TransformType - // MaxMessages is the maximum number of messages to keep (0 = auto) - MaxMessages int - // MaxTokens is the target maximum tokens (0 = use MaxMessages) - MaxTokens int - // KeepSystem determines if system message should always be kept - KeepSystem bool - // SummaryPrompt is the prompt to use for summarization (if TransformSummarize) - SummaryPrompt string - // PreserveLatestN messages to always keep at the end - PreserveLatestN int - // PreserveFirstN messages to always keep at the start - PreserveFirstN int -} - -// TransformResponse contains the result of message transformation -type TransformResponse struct { - Messages []Message `json:"messages"` - OriginalCount int `json:"original_count"` - FinalCount int `json:"final_count"` - TokensRemoved int `json:"tokens_removed"` - Transform string `json:"transform"` - Reason string `json:"reason,omitempty"` -} - -// TransformMessages applies the specified transformation to messages -func TransformMessages(ctx context.Context, messages []Message, req *TransformRequest) (*TransformResponse, error) { - if len(messages) == 0 { - return &TransformResponse{ - Messages: messages, - OriginalCount: 0, - FinalCount: 0, - TokensRemoved: 0, - Transform: string(req.Transform), - }, nil - } - - // Set defaults - if req.Transform == "" { - req.Transform = TransformMiddleOut - } - if req.MaxMessages == 0 { - req.MaxMessages = 20 - } - if req.PreserveLatestN == 0 { - req.PreserveLatestN = 5 - } - - // Make a copy to avoid modifying original - result := make([]Message, len(messages)) - copy(result, messages) - - var reason string - switch req.Transform { - case TransformMiddleOut: - result, reason = transformMiddleOut(result, req) - case TransformTruncateStart: - result, reason = transformTruncateStart(result, req) - case TransformTruncateEnd: - result, reason = transformTruncateEnd(result, req) - default: - return nil, fmt.Errorf("unknown transform type: %s", req.Transform) - } - - return &TransformResponse{ - Messages: result, - OriginalCount: len(messages), - FinalCount: len(result), - TokensRemoved: len(messages) - len(result), - Transform: string(req.Transform), - Reason: reason, - }, nil -} - -// transformMiddleOut keeps first N and last N messages, compresses middle -func transformMiddleOut(messages []Message, req *TransformRequest) ([]Message, string) { - // Find system message if present - var systemIdx = -1 - for i, m := range messages { - if m.Role == "system" { - systemIdx = i - break - } - } - - // Calculate how many to keep from start and end - available := len(messages) - if systemIdx >= 0 { - available-- - } - - startKeep := req.PreserveFirstN - if startKeep == 0 { - startKeep = available / 4 - if startKeep < 2 { - startKeep = 2 - } - } - - endKeep := req.PreserveLatestN - if endKeep == 0 { - endKeep = available / 4 - if endKeep < 2 { - endKeep = 2 - } - } - - // If we need to keep fewer than available, compress - if startKeep+endKeep >= available { - return messages, "conversation within limits, no transformation needed" - } - - // Build result - var result []Message - - // Add system message if present and KeepSystem is true - if systemIdx >= 0 && req.KeepSystem { - result = append(result, messages[systemIdx]) - } - - // Add messages from start - if systemIdx > 0 { - // System is at index 0 - result = append(result, messages[0:startKeep]...) - } else { - result = append(result, messages[0:startKeep]...) - } - - // Add compression indicator - compressedCount := available - startKeep - endKeep - if compressedCount > 0 { - result = append(result, Message{ - Role: "system", - Content: fmt.Sprintf("[%d messages compressed due to context length limits]", compressedCount), - }) - } - - // Add messages from end - endStart := len(messages) - endKeep - result = append(result, messages[endStart:]...) - - return result, fmt.Sprintf("compressed %d messages, kept %d from start and %d from end", - compressedCount, startKeep, endKeep) -} - -// transformTruncateStart keeps only the most recent messages -func transformTruncateStart(messages []Message, req *TransformRequest) ([]Message, string) { - if len(messages) <= req.MaxMessages { - return messages, "within message limit" - } - - // Find system message - var systemMsg *Message - var nonSystem []Message - - for _, m := range messages { - if m.Role == "system" && req.KeepSystem { - systemMsg = &m - } else { - nonSystem = append(nonSystem, m) - } - } - - // Keep most recent - keep := req.MaxMessages - if systemMsg != nil { - keep-- - } - - if keep <= 0 { - keep = 1 - } - - if keep >= len(nonSystem) { - return messages, "within message limit" - } - - nonSystem = nonSystem[len(nonSystem)-keep:] - - // Rebuild - var result []Message - if systemMsg != nil { - result = append(result, *systemMsg) - } - result = append(result, nonSystem...) - - return result, fmt.Sprintf("truncated to last %d messages", len(result)) -} - -// transformTruncateEnd keeps only the earliest messages -func transformTruncateEnd(messages []Message, req *TransformRequest) ([]Message, string) { - if len(messages) <= req.MaxMessages { - return messages, "within message limit" - } - - keep := req.MaxMessages - if keep >= len(messages) { - keep = len(messages) - } - - result := messages[:keep] - return result, fmt.Sprintf("truncated to first %d messages", len(result)) -} - -// EstimateTokens estimates the number of tokens in messages (rough approximation) -func EstimateTokens(messages []Message) int { - total := 0 - for _, m := range messages { - // Rough estimate: 1 token ≈ 4 characters - switch content := m.Content.(type) { - case string: - total += len(content) / 4 - case []interface{}: - for _, part := range content { - if p, ok := part.(map[string]interface{}); ok { - if text, ok := p["text"].(string); ok { - total += len(text) / 4 - } - } - } - } - // Add role overhead - total += len(m.Role) / 4 - } - return total -} - -// MiddleOutTransform creates a TransformRequest for middle-out compression -func MiddleOutTransform(preserveStart, preserveEnd int) *TransformRequest { - return &TransformRequest{ - Transform: TransformMiddleOut, - PreserveFirstN: preserveStart, - PreserveLatestN: preserveEnd, - KeepSystem: true, - } -} - -// ParseTransformType parses a transform type string -func ParseTransformType(s string) (TransformType, error) { - s = strings.ToLower(strings.TrimSpace(s)) - switch s { - case "middle-out", "middle_out", "middleout": - return TransformMiddleOut, nil - case "truncate-start", "truncate_start", "truncatestart": - return TransformTruncateStart, nil - case "truncate-end", "truncate_end", "truncateend": - return TransformTruncateEnd, nil - case "summarize": - return TransformSummarize, nil - default: - return "", fmt.Errorf("unknown transform type: %s", s) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/metrics.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/metrics.go deleted file mode 100644 index 4c02d549af..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/metrics.go +++ /dev/null @@ -1,89 +0,0 @@ -// Package usage provides provider-level metrics for OpenRouter-style routing. -package usage - -import ( - "strings" -) - -func normalizeProvider(apiKey string) string { - key := strings.ToLower(strings.TrimSpace(apiKey)) - if key == "" { - return key - } - parts := strings.Split(key, "-") - provider := strings.TrimSpace(parts[0]) - switch provider { - case "droid", "droidcli": - return "gemini" - default: - return provider - } -} - -// ProviderMetrics holds per-provider metrics for routing decisions. -type ProviderMetrics struct { - RequestCount int64 `json:"request_count"` - SuccessCount int64 `json:"success_count"` - FailureCount int64 `json:"failure_count"` - TotalTokens int64 `json:"total_tokens"` - SuccessRate float64 `json:"success_rate"` - CostPer1kIn float64 `json:"cost_per_1k_input,omitempty"` - CostPer1kOut float64 `json:"cost_per_1k_output,omitempty"` - LatencyP50Ms int `json:"latency_p50_ms,omitempty"` - LatencyP95Ms int `json:"latency_p95_ms,omitempty"` -} - -// Known providers for routing (thegent model→provider mapping). -var knownProviders = map[string]struct{}{ - "nim": {}, "kilo": {}, "minimax": {}, "glm": {}, "openrouter": {}, - "antigravity": {}, "claude": {}, "codex": {}, "gemini": {}, "roo": {}, - "kiro": {}, "cursor": {}, -} - -// Fallback cost per 1k tokens (USD) when no usage data. Align with thegent _GLM_OFFER_COST. -var fallbackCostPer1k = map[string]float64{ - "nim": 0.22, "kilo": 0.28, "minimax": 0.36, "glm": 0.80, "openrouter": 0.30, -} - -// GetProviderMetrics returns per-provider metrics from the usage snapshot. -// Used by thegent for OpenRouter-style routing (cheapest, fastest, cost_quality). -func GetProviderMetrics() map[string]ProviderMetrics { - snap := GetRequestStatistics().Snapshot() - result := make(map[string]ProviderMetrics) - for apiKey, apiSnap := range snap.APIs { - provider := normalizeProvider(apiKey) - if _, ok := knownProviders[provider]; !ok { - continue - } - failures := int64(0) - for _, m := range apiSnap.Models { - for _, d := range m.Details { - if d.Failed { - failures++ - } - } - } - success := apiSnap.TotalRequests - failures - if success < 0 { - success = 0 - } - sr := 1.0 - if apiSnap.TotalRequests > 0 { - sr = float64(success) / float64(apiSnap.TotalRequests) - } - cost := fallbackCostPer1k[provider] - if cost == 0 { - cost = 0.5 - } - result[provider] = ProviderMetrics{ - RequestCount: apiSnap.TotalRequests, - SuccessCount: success, - FailureCount: failures, - TotalTokens: apiSnap.TotalTokens, - SuccessRate: sr, - CostPer1kIn: cost / 2, - CostPer1kOut: cost, - } - } - return result -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/metrics_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/metrics_test.go deleted file mode 100644 index 7b0ada1e9a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/metrics_test.go +++ /dev/null @@ -1,246 +0,0 @@ -package usage - -import ( - "context" - "encoding/json" - "testing" - "time" - - coreusage "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/usage" -) - -func TestGetProviderMetrics_Empty(t *testing.T) { - got := GetProviderMetrics() - if got == nil { - t.Fatal("expected non-nil map") - } - if len(got) != 0 { - t.Errorf("expected empty map with no usage, got %d providers", len(got)) - } -} - -func TestGetProviderMetrics_JSONRoundtrip(t *testing.T) { - got := GetProviderMetrics() - // Ensure result is JSON-serializable (used by GET /v1/metrics/providers) - _, err := json.Marshal(got) - if err != nil { - t.Errorf("GetProviderMetrics result must be JSON-serializable: %v", err) - } -} - -func TestKnownProviders(t *testing.T) { - for p := range knownProviders { - if p == "" { - t.Error("empty known provider") - } - } -} - -func TestFallbackCost(t *testing.T) { - for p, cost := range fallbackCostPer1k { - if cost <= 0 { - t.Errorf("invalid cost for %s: %f", p, cost) - } - } -} - -func TestGetProviderMetrics_FiltersKnownProviders(t *testing.T) { - stats := GetRequestStatistics() - ctx := context.Background() - - record := coreusage.Record{ - Provider: "openrouter", - APIKey: "openrouter-analytics", - Model: "gpt-4o", - Detail: coreusage.Detail{ - TotalTokens: 12, - }, - } - stats.Record(ctx, record) - - unknown := coreusage.Record{ - Provider: "mystery-provider", - APIKey: "mystery-provider", - Model: "mystery-model", - Detail: coreusage.Detail{ - TotalTokens: 12, - }, - } - stats.Record(ctx, unknown) - - metrics := GetProviderMetrics() - if _, ok := metrics["openrouter"]; !ok { - t.Fatal("expected openrouter in provider metrics") - } - if _, ok := metrics["mystery-provider"]; ok { - t.Fatal("unknown provider should not be present in provider metrics") - } -} - -func TestNormalizeProviderAliasesDroidToGemini(t *testing.T) { - t.Parallel() - cases := map[string]string{ - "droid-main": "gemini", - "droidcli-prod": "gemini", - "gemini-live": "gemini", - } - for input, want := range cases { - if got := normalizeProvider(input); got != want { - t.Fatalf("normalizeProvider(%q) = %q, want %q", input, got, want) - } - } -} - -func TestGetProviderMetrics_IncludesKiroAndCursor(t *testing.T) { - stats := GetRequestStatistics() - ctx := context.Background() - - stats.Record(ctx, coreusage.Record{ - Provider: "kiro", - APIKey: "kiro-main", - Model: "kiro/claude-sonnet-4.6", - Detail: coreusage.Detail{ - TotalTokens: 42, - }, - }) - stats.Record(ctx, coreusage.Record{ - Provider: "cursor", - APIKey: "cursor-primary", - Model: "cursor/default", - Detail: coreusage.Detail{ - TotalTokens: 21, - }, - }) - - metrics := GetProviderMetrics() - if _, ok := metrics["kiro"]; !ok { - t.Fatal("expected kiro in provider metrics") - } - if _, ok := metrics["cursor"]; !ok { - t.Fatal("expected cursor in provider metrics") - } -} - -func TestGetProviderMetrics_StableRateBounds(t *testing.T) { - metrics := GetProviderMetrics() - for provider, stat := range metrics { - if stat.SuccessRate < 0 || stat.SuccessRate > 1 { - t.Fatalf("provider=%s success_rate out of [0,1]: %f", provider, stat.SuccessRate) - } - } -} - -func TestGetProviderMetrics_WithUsage(t *testing.T) { - stats := GetRequestStatistics() - ctx := context.Background() - - // Use a known provider like 'claude' - record := coreusage.Record{ - Provider: "claude", - APIKey: "claude", - Model: "claude-3-sonnet", - Detail: coreusage.Detail{ - TotalTokens: 1000, - }, - Failed: false, - } - stats.Record(ctx, record) - - // Add a failure - failRecord := coreusage.Record{ - Provider: "claude", - APIKey: "claude", - Model: "claude-3-sonnet", - Failed: true, - } - stats.Record(ctx, failRecord) - - metrics := GetProviderMetrics() - m, ok := metrics["claude"] - if !ok { - t.Errorf("claude metrics not found") - return - } - - if m.RequestCount < 2 { - t.Errorf("expected at least 2 requests, got %d", m.RequestCount) - } - if m.FailureCount < 1 { - t.Errorf("expected at least 1 failure, got %d", m.FailureCount) - } - if m.SuccessCount < 1 { - t.Errorf("expected at least 1 success, got %d", m.SuccessCount) - } -} - -func TestLoggerPlugin(t *testing.T) { - plugin := NewLoggerPlugin() - if plugin == nil { - t.Fatal("NewLoggerPlugin returned nil") - } - - ctx := context.Background() - record := coreusage.Record{Model: "test"} - - SetStatisticsEnabled(false) - if StatisticsEnabled() { - t.Error("expected statistics disabled") - } - plugin.HandleUsage(ctx, record) - - SetStatisticsEnabled(true) - if !StatisticsEnabled() { - t.Error("expected statistics enabled") - } - plugin.HandleUsage(ctx, record) -} - -func TestRequestStatistics_MergeSnapshot(t *testing.T) { - s := NewRequestStatistics() - - snap := StatisticsSnapshot{ - APIs: map[string]APISnapshot{ - "api1": { - Models: map[string]ModelSnapshot{ - "m1": { - Details: []RequestDetail{ - { - Timestamp: time.Now(), - Tokens: TokenStats{InputTokens: 10, OutputTokens: 5}, - Failed: false, - }, - }, - }, - }, - }, - }, - } - - res := s.MergeSnapshot(snap) - if res.Added != 1 { - t.Errorf("expected 1 added, got %d", res.Added) - } - - // Test deduplication - res2 := s.MergeSnapshot(snap) - if res2.Skipped != 1 { - t.Errorf("expected 1 skipped, got %d", res2.Skipped) - } -} - -func TestRequestStatistics_Snapshot(t *testing.T) { - s := NewRequestStatistics() - s.Record(context.Background(), coreusage.Record{ - APIKey: "api1", - Model: "m1", - Detail: coreusage.Detail{InputTokens: 10}, - }) - - snap := s.Snapshot() - if snap.TotalRequests != 1 { - t.Errorf("expected 1 total request, got %d", snap.TotalRequests) - } - if _, ok := snap.APIs["api1"]; !ok { - t.Error("api1 not found in snapshot") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/privacy_zdr.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/privacy_zdr.go deleted file mode 100644 index aac581aaa1..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/privacy_zdr.go +++ /dev/null @@ -1,323 +0,0 @@ -// Package usage provides Zero Data Retention (ZDR) controls for privacy-sensitive requests. -// This allows routing requests only to providers that do not retain or train on user data. -package usage - -import ( - "context" - "fmt" - "sync" - "time" -) - -// DataPolicy represents a provider's data retention policy -type DataPolicy struct { - Provider string - RetainsData bool // Whether provider retains any data - TrainsOnData bool // Whether provider trains models on data - RetentionPeriod time.Duration // How long data is retained - Jurisdiction string // Data processing jurisdiction - Certifications []string // Compliance certifications (SOC2, HIPAA, etc.) -} - -// ZDRConfig configures Zero Data Retention settings -type ZDRConfig struct { - // RequireZDR requires all requests to use ZDR providers only - RequireZDR bool - // PerRequestZDR allows per-request ZDR override - PerRequestZDR bool - // AllowedPolicies maps provider names to their data policies - AllowedPolicies map[string]*DataPolicy - // DefaultPolicy is used for providers not in AllowedPolicies - DefaultPolicy *DataPolicy -} - -// ZDRRequest specifies ZDR requirements for a request -type ZDRRequest struct { - // RequireZDR requires ZDR for this specific request - RequireZDR bool - // PreferredJurisdiction is the preferred data jurisdiction (e.g., "US", "EU") - PreferredJurisdiction string - // RequiredCertifications required compliance certifications - RequiredCertifications []string - // ExcludedProviders providers to exclude - ExcludedProviders []string - // AllowRetainData allows providers that retain data - AllowRetainData bool - // AllowTrainData allows providers that train on data - AllowTrainData bool -} - -// ZDRResult contains the ZDR routing decision -type ZDRResult struct { - AllowedProviders []string - BlockedProviders []string - Reason string - AllZDR bool -} - -// ZDRController handles ZDR routing decisions -type ZDRController struct { - mu sync.RWMutex - config *ZDRConfig - providerPolicies map[string]*DataPolicy -} - -// NewZDRController creates a new ZDR controller -func NewZDRController(config *ZDRConfig) *ZDRController { - c := &ZDRController{ - config: config, - providerPolicies: make(map[string]*DataPolicy), - } - - // Initialize with default policies if provided - if config != nil && config.AllowedPolicies != nil { - for provider, policy := range config.AllowedPolicies { - c.providerPolicies[provider] = policy - } - } - - // Set defaults for common providers if not configured - c.initializeDefaultPolicies() - - return c -} - -// initializeDefaultPolicies sets up known provider policies -func (z *ZDRController) initializeDefaultPolicies() { - defaults := map[string]*DataPolicy{ - "google": { - Provider: "google", - RetainsData: true, - TrainsOnData: false, // Has ZDR option - RetentionPeriod: 24 * time.Hour, - Jurisdiction: "US", - Certifications: []string{"SOC2", "ISO27001"}, - }, - "anthropic": { - Provider: "anthropic", - RetainsData: true, - TrainsOnData: false, - RetentionPeriod: time.Hour, - Jurisdiction: "US", - Certifications: []string{"SOC2", "HIPAA"}, - }, - "openai": { - Provider: "openai", - RetainsData: true, - TrainsOnData: true, - RetentionPeriod: 30 * 24 * time.Hour, - Jurisdiction: "US", - Certifications: []string{"SOC2"}, - }, - "deepseek": { - Provider: "deepseek", - RetainsData: true, - TrainsOnData: true, - RetentionPeriod: 90 * 24 * time.Hour, - Jurisdiction: "CN", - Certifications: []string{}, - }, - "minimax": { - Provider: "minimax", - RetainsData: true, - TrainsOnData: true, - RetentionPeriod: 30 * 24 * time.Hour, - Jurisdiction: "CN", - Certifications: []string{}, - }, - "moonshot": { - Provider: "moonshot", - RetainsData: true, - TrainsOnData: true, - RetentionPeriod: 30 * 24 * time.Hour, - Jurisdiction: "CN", - Certifications: []string{}, - }, - } - - for provider, policy := range defaults { - if _, ok := z.providerPolicies[provider]; !ok { - z.providerPolicies[provider] = policy - } - } -} - -// CheckProviders filters providers based on ZDR requirements -func (z *ZDRController) CheckProviders(ctx context.Context, providers []string, req *ZDRRequest) (*ZDRResult, error) { - if len(providers) == 0 { - return nil, fmt.Errorf("no providers specified") - } - - // Use default request if nil - if req == nil { - req = &ZDRRequest{} - } - - // Check if global ZDR is required - if z.config != nil && z.config.RequireZDR && !req.RequireZDR { - req.RequireZDR = true - } - - var allowed []string - var blocked []string - - for _, provider := range providers { - policy := z.getPolicy(provider) - - // Check exclusions first - if isExcluded(provider, req.ExcludedProviders) { - blocked = append(blocked, provider) - continue - } - - // Check ZDR requirements - if req.RequireZDR { - if policy == nil || policy.RetainsData || policy.TrainsOnData { - if !req.AllowRetainData && policy != nil && policy.RetainsData { - blocked = append(blocked, provider) - continue - } - if !req.AllowTrainData && policy != nil && policy.TrainsOnData { - blocked = append(blocked, provider) - continue - } - } - } - - // Check jurisdiction - if req.PreferredJurisdiction != "" && policy != nil { - if policy.Jurisdiction != req.PreferredJurisdiction { - // Not blocked, but deprioritized in real implementation - } - } - - // Check certifications - if len(req.RequiredCertifications) > 0 && policy != nil { - hasCerts := hasAllCertifications(policy.Certifications, req.RequiredCertifications) - if !hasCerts { - blocked = append(blocked, provider) - continue - } - } - - allowed = append(allowed, provider) - } - - allZDR := true - for _, p := range allowed { - policy := z.getPolicy(p) - if policy == nil || policy.RetainsData || policy.TrainsOnData { - allZDR = false - break - } - } - - reason := "" - if len(allowed) == 0 { - reason = "no providers match ZDR requirements" - } else if len(blocked) > 0 { - reason = fmt.Sprintf("%d providers blocked by ZDR requirements", len(blocked)) - } else if allZDR { - reason = "all providers support ZDR" - } - - return &ZDRResult{ - AllowedProviders: allowed, - BlockedProviders: blocked, - Reason: reason, - AllZDR: allZDR, - }, nil -} - -// getPolicy returns the data policy for a provider -func (z *ZDRController) getPolicy(provider string) *DataPolicy { - z.mu.RLock() - defer z.mu.RUnlock() - - // Try exact match first - if policy, ok := z.providerPolicies[provider]; ok { - return policy - } - - // Try prefix match - lower := provider - for p, policy := range z.providerPolicies { - if len(p) < len(lower) && lower[:len(p)] == p { - return policy - } - } - - // Return default if configured - if z.config != nil && z.config.DefaultPolicy != nil { - return z.config.DefaultPolicy - } - - return nil -} - -// isExcluded checks if a provider is in the exclusion list -func isExcluded(provider string, exclusions []string) bool { - for _, e := range exclusions { - if provider == e { - return true - } - } - return false -} - -// hasAllCertifications checks if provider has all required certifications -func hasAllCertifications(providerCerts, required []string) bool { - certSet := make(map[string]bool) - for _, c := range providerCerts { - certSet[c] = true - } - for _, r := range required { - if !certSet[r] { - return false - } - } - return true -} - -// SetPolicy updates the data policy for a provider -func (z *ZDRController) SetPolicy(provider string, policy *DataPolicy) { - z.mu.Lock() - defer z.mu.Unlock() - z.providerPolicies[provider] = policy -} - -// GetPolicy returns the data policy for a provider -func (z *ZDRController) GetPolicy(provider string) *DataPolicy { - z.mu.RLock() - defer z.mu.RUnlock() - return z.providerPolicies[provider] -} - -// GetAllPolicies returns all configured policies -func (z *ZDRController) GetAllPolicies() map[string]*DataPolicy { - z.mu.RLock() - defer z.mu.RUnlock() - result := make(map[string]*DataPolicy) - for k, v := range z.providerPolicies { - result[k] = v - } - return result -} - -// NewZDRRequest creates a new ZDR request with sensible defaults -func NewZDRRequest() *ZDRRequest { - return &ZDRRequest{ - RequireZDR: true, - AllowRetainData: false, - AllowTrainData: false, - } -} - -// NewZDRConfig creates a new ZDR configuration -func NewZDRConfig() *ZDRConfig { - return &ZDRConfig{ - RequireZDR: false, - PerRequestZDR: true, - AllowedPolicies: make(map[string]*DataPolicy), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_enforcer.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_enforcer.go deleted file mode 100644 index 7efd3f0396..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_enforcer.go +++ /dev/null @@ -1,79 +0,0 @@ -// Package usage provides provider-level metrics for OpenRouter-style routing. -// quota_enforcer.go implements daily quota enforcement for token count and cost. -// -// Ported from thegent/src/thegent/integrations/connector_quota.py. -package usage - -import ( - "context" - "sync" - "time" -) - -// QuotaEnforcer tracks daily usage and blocks requests that would exceed configured limits. -// -// Thread-safe: uses RWMutex for concurrent reads and exclusive writes. -// Daily window resets automatically when the reset timestamp is reached. -type QuotaEnforcer struct { - quota *QuotaLimit - current *Usage - mu sync.RWMutex - resetAt time.Time -} - -// NewQuotaEnforcer creates a QuotaEnforcer with a 24-hour rolling window. -func NewQuotaEnforcer(quota *QuotaLimit) *QuotaEnforcer { - return &QuotaEnforcer{ - quota: quota, - current: &Usage{}, - resetAt: time.Now().Add(24 * time.Hour), - } -} - -// RecordUsage accumulates observed usage after a successful request completes. -func (e *QuotaEnforcer) RecordUsage(_ context.Context, usage *Usage) error { - e.mu.Lock() - defer e.mu.Unlock() - e.maybeResetLocked() - e.current.TokensUsed += usage.TokensUsed - e.current.CostUsed += usage.CostUsed - return nil -} - -// CheckQuota returns (true, nil) when the request is within quota, (false, nil) when -// it would exceed a limit. An error is returned only for internal failures. -// -// The check uses the accumulated usage at the time of the call. If the daily window -// has expired, it is reset before checking. -// -// Token estimation: 1 message character ≈ 0.25 tokens (rough proxy when exact counts -// are unavailable). Cost estimation is omitted (0) when not provided. -func (e *QuotaEnforcer) CheckQuota(_ context.Context, req *QuotaCheckRequest) (bool, error) { - e.mu.Lock() - e.maybeResetLocked() - tokensUsed := e.current.TokensUsed - costUsed := e.current.CostUsed - e.mu.Unlock() - - if e.quota.MaxTokensPerDay > 0 { - if tokensUsed+req.EstimatedTokens > e.quota.MaxTokensPerDay { - return false, nil - } - } - if e.quota.MaxCostPerDay > 0 { - if costUsed+req.EstimatedCost > e.quota.MaxCostPerDay { - return false, nil - } - } - - return true, nil -} - -// maybeResetLocked resets accumulated usage when the daily window has elapsed. -// Caller must hold e.mu (write lock). -func (e *QuotaEnforcer) maybeResetLocked() { - if time.Now().After(e.resetAt) { - e.current = &Usage{} - e.resetAt = time.Now().Add(24 * time.Hour) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_enforcer_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_enforcer_test.go deleted file mode 100644 index e108d60a71..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_enforcer_test.go +++ /dev/null @@ -1,118 +0,0 @@ -package usage - -import ( - "context" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -// @trace FR-QUOTA-001 FR-QUOTA-002 - -func TestQuotaEnforcerAllowsRequestWithinQuota(t *testing.T) { - quota := &QuotaLimit{ - MaxTokensPerDay: 100000, - MaxCostPerDay: 10.0, - } - - enforcer := NewQuotaEnforcer(quota) - - allowed, err := enforcer.CheckQuota(context.Background(), &QuotaCheckRequest{ - EstimatedTokens: 1000, - EstimatedCost: 0.01, - }) - - require.NoError(t, err) - assert.True(t, allowed, "request should be allowed within quota") -} - -func TestQuotaEnforcerBlocksRequestWhenTokenQuotaExhausted(t *testing.T) { - quota := &QuotaLimit{ - MaxTokensPerDay: 100000, - MaxCostPerDay: 10.0, - } - - enforcer := NewQuotaEnforcer(quota) - - // Record usage close to the limit. - err := enforcer.RecordUsage(context.Background(), &Usage{ - TokensUsed: 99000, - CostUsed: 0.0, - }) - require.NoError(t, err) - - // Request that would exceed token quota. - allowed, err := enforcer.CheckQuota(context.Background(), &QuotaCheckRequest{ - EstimatedTokens: 2000, // 99000 + 2000 = 101000 > 100000 - EstimatedCost: 0.01, - }) - - require.NoError(t, err) - assert.False(t, allowed, "request should be blocked when token quota exhausted") -} - -func TestQuotaEnforcerBlocksRequestWhenCostQuotaExhausted(t *testing.T) { - quota := &QuotaLimit{ - MaxTokensPerDay: 100000, - MaxCostPerDay: 10.0, - } - - enforcer := NewQuotaEnforcer(quota) - - err := enforcer.RecordUsage(context.Background(), &Usage{ - TokensUsed: 0, - CostUsed: 9.90, - }) - require.NoError(t, err) - - // Request that would exceed cost quota. - allowed, err := enforcer.CheckQuota(context.Background(), &QuotaCheckRequest{ - EstimatedTokens: 500, - EstimatedCost: 0.20, // 9.90 + 0.20 = 10.10 > 10.0 - }) - - require.NoError(t, err) - assert.False(t, allowed, "request should be blocked when cost quota exhausted") -} - -func TestQuotaEnforcerTracksAccumulatedUsage(t *testing.T) { - quota := &QuotaLimit{ - MaxTokensPerDay: 100, - MaxCostPerDay: 1.0, - } - - enforcer := NewQuotaEnforcer(quota) - - // Record in two batches. - require.NoError(t, enforcer.RecordUsage(context.Background(), &Usage{TokensUsed: 40})) - require.NoError(t, enforcer.RecordUsage(context.Background(), &Usage{TokensUsed: 40})) - - // 40+40=80 used; 30 more would exceed 100. - allowed, err := enforcer.CheckQuota(context.Background(), &QuotaCheckRequest{ - EstimatedTokens: 30, - }) - require.NoError(t, err) - assert.False(t, allowed) - - // But 19 more is fine (80+19=99 <= 100). - allowed, err = enforcer.CheckQuota(context.Background(), &QuotaCheckRequest{ - EstimatedTokens: 19, - }) - require.NoError(t, err) - assert.True(t, allowed) -} - -func TestQuotaEnforcerAllowsWhenExactlyAtLimit(t *testing.T) { - quota := &QuotaLimit{MaxTokensPerDay: 100} - enforcer := NewQuotaEnforcer(quota) - - require.NoError(t, enforcer.RecordUsage(context.Background(), &Usage{TokensUsed: 50})) - - // Exactly 50 more = 100, which equals the cap (not exceeds). - allowed, err := enforcer.CheckQuota(context.Background(), &QuotaCheckRequest{ - EstimatedTokens: 50, - }) - require.NoError(t, err) - assert.True(t, allowed, "exactly at limit should be allowed") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_types.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_types.go deleted file mode 100644 index 3e7e75efc2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/quota_types.go +++ /dev/null @@ -1,23 +0,0 @@ -// Package usage provides provider-level metrics for OpenRouter-style routing. -// quota_types.go defines types for quota enforcement. -package usage - -// QuotaLimit specifies daily usage caps. -type QuotaLimit struct { - // MaxTokensPerDay is the daily token limit. 0 means uncapped. - MaxTokensPerDay float64 - // MaxCostPerDay is the daily cost cap in USD. 0 means uncapped. - MaxCostPerDay float64 -} - -// Usage records observed resource consumption. -type Usage struct { - TokensUsed float64 - CostUsed float64 -} - -// QuotaCheckRequest carries an estimated token/cost projection for a pending request. -type QuotaCheckRequest struct { - EstimatedTokens float64 - EstimatedCost float64 -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/shm_sync.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/shm_sync.go deleted file mode 100644 index 121ea90ea9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/shm_sync.go +++ /dev/null @@ -1,88 +0,0 @@ -package usage - -import ( - "encoding/binary" - "fmt" - "math" - "os" - "time" - - "github.com/edsrzf/mmap-go" -) - -const ( - MaxProviders = 32 - ProviderSlotSize = 128 - ProviderOffset = 256 * 256 - ShmSize = ProviderOffset + (MaxProviders * ProviderSlotSize) + 8192 -) - -// SyncToSHM writes the current provider metrics to the shared memory mesh. -func SyncToSHM(shmPath string) error { - metrics := GetProviderMetrics() - - f, err := os.OpenFile(shmPath, os.O_RDWR|os.O_CREATE, 0666) - if err != nil { - return fmt.Errorf("failed to open SHM: %w", err) - } - defer func() { _ = f.Close() }() - - // Ensure file is large enough - info, err := f.Stat() - if err != nil { - return err - } - if info.Size() < int64(ShmSize) { - if err := f.Truncate(int64(ShmSize)); err != nil { - return err - } - } - - m, err := mmap.Map(f, mmap.RDWR, 0) - if err != nil { - return fmt.Errorf("failed to mmap: %w", err) - } - defer func() { _ = m.Unmap() }() - - now := float64(time.Now().UnixNano()) / 1e9 - - for name, data := range metrics { - if name == "" { - continue - } - - nameBytes := make([]byte, 32) - copy(nameBytes, name) - - var targetIdx = -1 - for i := 0; i < MaxProviders; i++ { - start := ProviderOffset + (i * ProviderSlotSize) - slotName := m[start : start+32] - if slotName[0] == 0 { - if targetIdx == -1 { - targetIdx = i - } - continue - } - if string(slotName[:len(name)]) == name { - targetIdx = i - break - } - } - - if targetIdx == -1 { - continue // No slots left - } - - start := ProviderOffset + (targetIdx * ProviderSlotSize) - copy(m[start:start+32], nameBytes) - binary.LittleEndian.PutUint64(m[start+32:start+40], uint64(data.RequestCount)) - binary.LittleEndian.PutUint64(m[start+40:start+48], uint64(data.SuccessCount)) - binary.LittleEndian.PutUint64(m[start+48:start+56], uint64(data.FailureCount)) - binary.LittleEndian.PutUint32(m[start+56:start+60], uint32(data.LatencyP50Ms)) - binary.LittleEndian.PutUint32(m[start+60:start+64], math.Float32bits(float32(data.SuccessRate))) - binary.LittleEndian.PutUint64(m[start+64:start+72], math.Float64bits(now)) - } - - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/structured_outputs.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/structured_outputs.go deleted file mode 100644 index c2284169a2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/structured_outputs.go +++ /dev/null @@ -1,352 +0,0 @@ -// Package usage provides structured output capabilities with JSON Schema enforcement. -// This ensures responses conform to specified schemas, reducing parsing errors. -package usage - -import ( - "encoding/json" - "fmt" -) - -// JSONSchema represents a JSON Schema for structured output validation -type JSONSchema struct { - Type string `json:"type,omitempty"` - Properties map[string]*Schema `json:"properties,omitempty"` - Required []string `json:"required,omitempty"` - Items *JSONSchema `json:"items,omitempty"` - Enum []interface{} `json:"enum,omitempty"` - Minimum *float64 `json:"minimum,omitempty"` - Maximum *float64 `json:"maximum,omitempty"` - MinLength *int `json:"minLength,omitempty"` - MaxLength *int `json:"maxLength,omitempty"` - Pattern string `json:"pattern,omitempty"` - Format string `json:"format,omitempty"` - // For nested objects - AllOf []*JSONSchema `json:"allOf,omitempty"` - OneOf []*JSONSchema `json:"oneOf,omitempty"` - AnyOf []*JSONSchema `json:"anyOf,omitempty"` - Not *JSONSchema `json:"not,omitempty"` -} - -// Schema is an alias for JSONSchema -type Schema = JSONSchema - -// ResponseFormat specifies the desired output format -type ResponseFormat struct { - // Type is the response format type (e.g., "json_schema", "text", "json_object") - Type string `json:"type"` - // Schema is the JSON Schema (for json_schema type) - Schema *JSONSchema `json:"schema,omitempty"` - // Strict enables strict schema enforcement - Strict *bool `json:"strict,omitempty"` - // Name is the name of the schema (for json_schema type) - Name string `json:"name,omitempty"` - // Description is the description of the schema (for json_schema type) - Description string `json:"description,omitempty"` -} - -// ValidationResult represents the result of validating a response against a schema -type ValidationResult struct { - Valid bool `json:"valid"` - Errors []string `json:"errors,omitempty"` - Warnings []string `json:"warnings,omitempty"` -} - -// ResponseHealer attempts to fix responses that don't match the schema -type ResponseHealer struct { - schema *JSONSchema - maxAttempts int - removeUnknown bool -} - -// NewResponseHealer creates a new ResponseHealer -func NewResponseHealer(schema *JSONSchema) *ResponseHealer { - return &ResponseHealer{ - schema: schema, - maxAttempts: 3, - removeUnknown: true, - } -} - -// Heal attempts to fix a response to match the schema -func (h *ResponseHealer) Heal(response json.RawMessage) (json.RawMessage, error) { - // First, try to parse as-is - var data interface{} - if err := json.Unmarshal(response, &data); err != nil { - // Try to extract JSON from response - healed := h.extractJSON(string(response)) - if healed == "" { - return nil, fmt.Errorf("failed to parse response: %w", err) - } - if err := json.Unmarshal([]byte(healed), &data); err != nil { - return nil, fmt.Errorf("failed to parse extracted JSON: %w", err) - } - } - - // Validate - result := h.Validate(response) - if result.Valid { - return response, nil - } - - // Attempt to heal - return h.healData(data, result.Errors) -} - -// Validate checks if a response matches the schema -func (h *ResponseHealer) Validate(response json.RawMessage) ValidationResult { - var data interface{} - if err := json.Unmarshal(response, &data); err != nil { - return ValidationResult{ - Valid: false, - Errors: []string{fmt.Sprintf("failed to parse JSON: %v", err)}, - } - } - - return h.validateData(data, "") -} - -// validateData recursively validates data against the schema -func (h *ResponseHealer) validateData(data interface{}, path string) ValidationResult { - var errors []string - - switch v := data.(type) { - case map[string]interface{}: - if h.schema.Type == "object" || h.schema.Properties != nil { - // Check required fields - for _, req := range h.schema.Required { - if _, ok := v[req]; !ok { - errors = append(errors, fmt.Sprintf("missing required field: %s", req)) - } - } - // Check property types - for prop, propSchemaVal := range h.schema.Properties { - if val, ok := v[prop]; ok { - result := h.validateData(val, path+"."+prop) - errors = append(errors, result.Errors...) - // Use propSchemaVal to avoid unused variable - _ = propSchemaVal - } - } - } - case []interface{}: - if h.schema.Type == "array" && h.schema.Items != nil { - for i, item := range v { - result := h.validateData(item, fmt.Sprintf("%s[%d]", path, i)) - errors = append(errors, result.Errors...) - } - } - case string: - if h.schema.Type == "string" { - if h.schema.MinLength != nil && len(v) < *h.schema.MinLength { - errors = append(errors, fmt.Sprintf("string too short: %d < %d", len(v), *h.schema.MinLength)) - } - if h.schema.MaxLength != nil && len(v) > *h.schema.MaxLength { - errors = append(errors, fmt.Sprintf("string too long: %d > %d", len(v), *h.schema.MaxLength)) - } - if h.schema.Pattern != "" { - // Simple pattern check (would need regex in production) - _ = h.schema.Pattern - } - if len(h.schema.Enum) > 0 { - found := false - for _, e := range h.schema.Enum { - if e == v { - found = true - break - } - } - if !found { - errors = append(errors, fmt.Sprintf("value not in enum: %s", v)) - } - } - } - case float64: - if h.schema.Type == "number" || h.schema.Type == "integer" { - if h.schema.Minimum != nil && v < *h.schema.Minimum { - errors = append(errors, fmt.Sprintf("number too small: %v < %v", v, *h.schema.Minimum)) - } - if h.schema.Maximum != nil && v > *h.schema.Maximum { - errors = append(errors, fmt.Sprintf("number too large: %v > %v", v, *h.schema.Maximum)) - } - } - case bool: - if h.schema.Type == "boolean" { - // OK - } - case nil: - // Null values - } - - if len(errors) == 0 { - return ValidationResult{Valid: true} - } - return ValidationResult{Valid: false, Errors: errors} -} - -// healData attempts to fix data to match schema -func (h *ResponseHealer) healData(data interface{}, errors []string) (json.RawMessage, error) { - // Simple healing: remove unknown fields if enabled - if h.removeUnknown { - if m, ok := data.(map[string]interface{}); ok { - if h.schema.Properties != nil { - cleaned := make(map[string]interface{}) - for k, v := range m { - if _, ok := h.schema.Properties[k]; ok { - cleaned[k] = v - } - } - // Add required fields with defaults if missing - for _, req := range h.schema.Required { - if _, ok := cleaned[req]; !ok { - cleaned[req] = getDefaultForType(h.schema.Properties[req]) - } - } - return json.Marshal(cleaned) - } - } - } - - // If healing failed, return original with errors - return nil, fmt.Errorf("failed to heal: %v", errors) -} - -// extractJSON attempts to extract JSON from a response that might contain extra text -func (h *ResponseHealer) extractJSON(s string) string { - // Try to find JSON object/array - start := -1 - end := -1 - - for i, c := range s { - if c == '{' && start == -1 { - start = i - } - if c == '}' && start != -1 && end == -1 { - end = i + 1 - break - } - if c == '[' && start == -1 { - start = i - } - if c == ']' && start != -1 && end == -1 { - end = i + 1 - break - } - } - - if start != -1 && end != -1 { - return s[start:end] - } - - return "" -} - -// getDefaultForType returns a default value for a schema type -func getDefaultForType(schema *Schema) interface{} { - if schema == nil { - return nil - } - switch schema.Type { - case "string": - return "" - case "number", "integer": - return 0 - case "boolean": - return false - case "array": - return []interface{}{} - case "object": - return map[string]interface{}{} - default: - return nil - } -} - -// NewResponseFormat creates a new ResponseFormat for JSON Schema enforcement -func NewResponseFormat(schema *JSONSchema, name, description string) *ResponseFormat { - strict := true - return &ResponseFormat{ - Type: "json_schema", - Schema: schema, - Name: name, - Description: description, - Strict: &strict, - } -} - -// CommonSchemas provides commonly used schemas -var CommonSchemas = struct { - // CodeReview represents a code review response - CodeReview *JSONSchema - // Summarization represents a summary response - Summarization *JSONSchema - // Extraction represents data extraction - Extraction *JSONSchema -}{ - CodeReview: &JSONSchema{ - Type: "object", - Properties: map[string]*Schema{ - "issues": { - Type: "array", - Items: &JSONSchema{ - Type: "object", - Properties: map[string]*Schema{ - "severity": {Type: "string", Enum: []interface{}{"error", "warning", "info"}}, - "line": {Type: "integer"}, - "message": {Type: "string"}, - "code": {Type: "string"}, - }, - Required: []string{"severity", "message"}, - }, - }, - "summary": {Type: "string"}, - "score": {Type: "number", Minimum: float64Ptr(0), Maximum: float64Ptr(10)}, - }, - Required: []string{"summary", "issues"}, - }, - Summarization: &JSONSchema{ - Type: "object", - Properties: map[string]*Schema{ - "summary": {Type: "string", MinLength: intPtr(10)}, - "highlights": {Type: "array", Items: &JSONSchema{Type: "string"}}, - "sentiment": {Type: "string", Enum: []interface{}{"positive", "neutral", "negative"}}, - }, - Required: []string{"summary"}, - }, - Extraction: &JSONSchema{ - Type: "object", - Properties: map[string]*Schema{ - "entities": { - Type: "array", - Items: &JSONSchema{ - Type: "object", - Properties: map[string]*Schema{ - "type": {Type: "string"}, - "value": {Type: "string"}, - "score": {Type: "number", Minimum: float64Ptr(0), Maximum: float64Ptr(1)}, - }, - Required: []string{"type", "value"}, - }, - }, - "relations": { - Type: "array", - Items: &JSONSchema{ - Type: "object", - Properties: map[string]*Schema{ - "from": {Type: "string"}, - "to": {Type: "string"}, - "type": {Type: "string"}, - }, - Required: []string{"from", "to", "type"}, - }, - }, - }, - }, -} - -func float64Ptr(f float64) *float64 { - return &f -} - -func intPtr(i int) *int { - return &i -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/zero_completion_insurance.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/zero_completion_insurance.go deleted file mode 100644 index 0afa0219ae..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/usage/zero_completion_insurance.go +++ /dev/null @@ -1,253 +0,0 @@ -// Package usage provides Zero Completion Insurance functionality. -// This ensures users are not charged for requests that result in zero output tokens -// due to errors or blank responses. -package usage - -import ( - "context" - "fmt" - "sync" - "time" -) - -// CompletionStatus represents the status of a request completion -type CompletionStatus string - -const ( - // StatusSuccess indicates successful completion - StatusSuccess CompletionStatus = "success" - // StatusZeroTokens indicates zero output tokens (should be refunded) - StatusZeroTokens CompletionStatus = "zero_tokens" - // StatusError indicates an error occurred (should be refunded) - StatusError CompletionStatus = "error" - // StatusFiltered indicates content was filtered (partial refund) - StatusFiltered CompletionStatus = "filtered" -) - -// RequestRecord tracks a request for insurance purposes -type RequestRecord struct { - RequestID string - ModelID string - Provider string - APIKey string - InputTokens int - // Completion fields set after response - OutputTokens int - Status CompletionStatus - Error string - FinishReason string - Timestamp time.Time - PriceCharged float64 - RefundAmount float64 - IsInsured bool - RefundReason string -} - -// ZeroCompletionInsurance tracks requests and provides refunds for failed completions -type ZeroCompletionInsurance struct { - mu sync.RWMutex - records map[string]*RequestRecord - refundTotal float64 - requestCount int64 - enabled bool - // Configuration - refundZeroTokens bool - refundErrors bool - refundFiltered bool - filterErrorPatterns []string -} - -// NewZeroCompletionInsurance creates a new insurance service -func NewZeroCompletionInsurance() *ZeroCompletionInsurance { - return &ZeroCompletionInsurance{ - records: make(map[string]*RequestRecord), - enabled: true, - refundZeroTokens: true, - refundErrors: true, - refundFiltered: false, - filterErrorPatterns: []string{ - "rate_limit", - "quota_exceeded", - "context_length_exceeded", - }, - } -} - -// StartRequest records the start of a request for insurance tracking -func (z *ZeroCompletionInsurance) StartRequest(ctx context.Context, reqID, modelID, provider, apiKey string, inputTokens int) *RequestRecord { - z.mu.Lock() - defer z.mu.Unlock() - - record := &RequestRecord{ - RequestID: reqID, - ModelID: modelID, - Provider: provider, - APIKey: apiKey, - InputTokens: inputTokens, - Timestamp: time.Now(), - IsInsured: z.enabled, - } - - z.records[reqID] = record - z.requestCount++ - - return record -} - -// CompleteRequest records the completion of a request and determines if refund is needed -func (z *ZeroCompletionInsurance) CompleteRequest(ctx context.Context, reqID string, outputTokens int, finishReason, err string) (*RequestRecord, float64) { - z.mu.Lock() - defer z.mu.Unlock() - - record, ok := z.records[reqID] - if !ok { - return nil, 0 - } - - record.OutputTokens = outputTokens - record.FinishReason = finishReason - record.Timestamp = time.Now() - - // Determine status and refund - record.Status, record.RefundAmount = z.determineRefund(outputTokens, finishReason, err) - - if err != "" { - record.Error = err - } - - // Process refund - if record.RefundAmount > 0 && record.IsInsured { - z.refundTotal += record.RefundAmount - record.RefundReason = z.getRefundReason(record.Status, err) - } - - return record, record.RefundAmount -} - -// determineRefund calculates the refund amount based on completion status -func (z *ZeroCompletionInsurance) determineRefund(outputTokens int, finishReason, err string) (CompletionStatus, float64) { - // Zero output tokens case - if outputTokens == 0 { - if z.refundZeroTokens { - return StatusZeroTokens, 1.0 // Full refund - } - return StatusZeroTokens, 0 - } - - // Error case - if err != "" { - // Check if error is refundable - for _, pattern := range z.filterErrorPatterns { - if contains(err, pattern) { - if z.refundErrors { - return StatusError, 1.0 // Full refund - } - return StatusError, 0 - } - } - // Non-refundable errors - return StatusError, 0 - } - - // Filtered content - if contains(finishReason, "content_filter") || contains(finishReason, "filtered") { - if z.refundFiltered { - return StatusFiltered, 0.5 // 50% refund - } - return StatusFiltered, 0 - } - - return StatusSuccess, 0 -} - -// getRefundReason returns a human-readable reason for the refund -func (z *ZeroCompletionInsurance) getRefundReason(status CompletionStatus, err string) string { - switch status { - case StatusZeroTokens: - return "Zero output tokens - covered by Zero Completion Insurance" - case StatusError: - if err != "" { - return fmt.Sprintf("Error: %s - covered by Zero Completion Insurance", err) - } - return "Request error - covered by Zero Completion Insurance" - case StatusFiltered: - return "Content filtered - partial refund applied" - default: - return "" - } -} - -// contains is a simple string contains check -func contains(s, substr string) bool { - return len(s) >= len(substr) && (s == substr || len(s) > 0 && containsHelper(s, substr)) -} - -func containsHelper(s, substr string) bool { - for i := 0; i <= len(s)-len(substr); i++ { - if s[i:i+len(substr)] == substr { - return true - } - } - return false -} - -// GetStats returns insurance statistics -func (z *ZeroCompletionInsurance) GetStats() InsuranceStats { - z.mu.RLock() - defer z.mu.RUnlock() - - var zeroTokenCount, errorCount, filteredCount, successCount int64 - var totalRefunded float64 - - for _, r := range z.records { - switch r.Status { - case StatusZeroTokens: - zeroTokenCount++ - case StatusError: - errorCount++ - case StatusFiltered: - filteredCount++ - case StatusSuccess: - successCount++ - } - totalRefunded += r.RefundAmount - } - - return InsuranceStats{ - TotalRequests: z.requestCount, - SuccessCount: successCount, - ZeroTokenCount: zeroTokenCount, - ErrorCount: errorCount, - FilteredCount: filteredCount, - TotalRefunded: totalRefunded, - RefundPercent: func() float64 { - if z.requestCount == 0 { return 0 } - return float64(zeroTokenCount+errorCount) / float64(z.requestCount) * 100 - }(), - } -} - -// InsuranceStats holds insurance statistics -type InsuranceStats struct { - TotalRequests int64 `json:"total_requests"` - SuccessCount int64 `json:"success_count"` - ZeroTokenCount int64 `json:"zero_token_count"` - ErrorCount int64 `json:"error_count"` - FilteredCount int64 `json:"filtered_count"` - TotalRefunded float64 `json:"total_refunded"` - RefundPercent float64 `json:"refund_percent"` -} - -// Enable enables or disables the insurance -func (z *ZeroCompletionInsurance) Enable(enabled bool) { - z.mu.Lock() - defer z.mu.Unlock() - z.enabled = enabled -} - -// IsEnabled returns whether insurance is enabled -func (z *ZeroCompletionInsurance) IsEnabled() bool { - z.mu.RLock() - defer z.mu.RUnlock() - return z.enabled -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/claude_model.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/claude_model.go deleted file mode 100644 index 1534f02c46..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/claude_model.go +++ /dev/null @@ -1,10 +0,0 @@ -package util - -import "strings" - -// IsClaudeThinkingModel checks if the model is a Claude thinking model -// that requires the interleaved-thinking beta header. -func IsClaudeThinkingModel(model string) bool { - lower := strings.ToLower(model) - return strings.Contains(lower, "claude") && strings.Contains(lower, "thinking") -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/claude_model_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/claude_model_test.go deleted file mode 100644 index d20c337de4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/claude_model_test.go +++ /dev/null @@ -1,42 +0,0 @@ -package util - -import "testing" - -func TestIsClaudeThinkingModel(t *testing.T) { - tests := []struct { - name string - model string - expected bool - }{ - // Claude thinking models - should return true - {"claude-sonnet-4-5-thinking", "claude-sonnet-4-5-thinking", true}, - {"claude-opus-4-5-thinking", "claude-opus-4-5-thinking", true}, - {"claude-opus-4-6-thinking", "claude-opus-4-6-thinking", true}, - {"Claude-Sonnet-Thinking uppercase", "Claude-Sonnet-4-5-Thinking", true}, - {"claude thinking mixed case", "Claude-THINKING-Model", true}, - - // Non-thinking Claude models - should return false - {"claude-sonnet-4-5 (no thinking)", "claude-sonnet-4-5", false}, - {"claude-opus-4-5 (no thinking)", "claude-opus-4-5", false}, - {"claude-3-5-sonnet", "claude-3-5-sonnet-20240620", false}, - - // Non-Claude models - should return false - {"gemini-3-pro-preview", "gemini-3-pro-preview", false}, - {"gemini-thinking model", "gemini-3-pro-thinking", false}, // not Claude - {"gpt-4o", "gpt-4o", false}, - {"empty string", "", false}, - - // Edge cases - {"thinking without claude", "thinking-model", false}, - {"claude without thinking", "claude-model", false}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := IsClaudeThinkingModel(tt.model) - if result != tt.expected { - t.Errorf("IsClaudeThinkingModel(%q) = %v, expected %v", tt.model, result, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/gemini_schema.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/gemini_schema.go deleted file mode 100644 index af8fe111e8..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/gemini_schema.go +++ /dev/null @@ -1,943 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -package util - -import ( - "fmt" - "sort" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var gjsonPathKeyReplacer = strings.NewReplacer(".", "\\.", "*", "\\*", "?", "\\?") - -const placeholderReasonDescription = "Brief explanation of why you are calling this tool" - -// CleanJSONSchemaForAntigravity transforms a JSON schema to be compatible with Antigravity API. -// It handles unsupported keywords, type flattening, and schema simplification while preserving -// semantic information as description hints. -func CleanJSONSchemaForAntigravity(jsonStr string) string { - return cleanJSONSchema(jsonStr, true) -} - -// CleanJSONSchemaForGemini transforms a JSON schema to be compatible with Gemini tool calling. -// It removes unsupported keywords and simplifies schemas, without adding empty-schema placeholders. -func CleanJSONSchemaForGemini(jsonStr string) string { - return cleanJSONSchema(jsonStr, false) -} - -// cleanJSONSchema performs the core cleaning operations on the JSON schema. -func cleanJSONSchema(jsonStr string, addPlaceholder bool) string { - // Phase 1: Convert and add hints - jsonStr = convertRefsToHints(jsonStr) - jsonStr = convertConstToEnum(jsonStr) - jsonStr = convertEnumValuesToStrings(jsonStr) - jsonStr = addEnumHints(jsonStr) - jsonStr = addAdditionalPropertiesHints(jsonStr) - jsonStr = moveConstraintsToDescription(jsonStr) - - // Phase 2: Flatten complex structures - jsonStr = mergeAllOf(jsonStr) - jsonStr = flattenAnyOfOneOf(jsonStr) - jsonStr = flattenTypeArrays(jsonStr) - - // Phase 3: Cleanup - jsonStr = removeUnsupportedKeywords(jsonStr) - jsonStr = removeInvalidToolProperties(jsonStr) - if !addPlaceholder { - // Gemini schema cleanup: remove nullable/title and placeholder-only fields. - // Process nullable first to update required array before removing the keyword. - jsonStr = processNullableKeyword(jsonStr) - jsonStr = removeKeywords(jsonStr, []string{"title"}) - jsonStr = removePlaceholderFields(jsonStr) - } - jsonStr = cleanupRequiredFields(jsonStr) - // Phase 4: Add placeholder for empty object schemas (Claude VALIDATED mode requirement) - if addPlaceholder { - jsonStr = addEmptySchemaPlaceholder(jsonStr) - } - - return jsonStr -} - -// processNullableKeyword processes the "nullable" keyword and updates required arrays. -// When nullable: true is found on a property, that property is removed from the parent's -// required array since nullable properties are optional. -func processNullableKeyword(jsonStr string) string { - paths := findPaths(jsonStr, "nullable") - nullableFields := make(map[string][]string) - - for _, p := range paths { - val := gjson.Get(jsonStr, p) - if !val.Exists() || val.Type != gjson.True { - continue - } - - // Determine if this is a property with nullable: true - parts := splitGJSONPath(p) - if len(parts) >= 3 && parts[len(parts)-3] == "properties" { - fieldNameEscaped := parts[len(parts)-2] - fieldName := unescapeGJSONPathKey(fieldNameEscaped) - objectPath := strings.Join(parts[:len(parts)-3], ".") - - nullableFields[objectPath] = append(nullableFields[objectPath], fieldName) - - // Add hint to description - propPath := joinPath(objectPath, "properties."+fieldNameEscaped) - jsonStr = appendHint(jsonStr, propPath, "(nullable)") - } - } - - // Update required arrays to remove nullable fields - for objectPath, fields := range nullableFields { - reqPath := joinPath(objectPath, "required") - req := gjson.Get(jsonStr, reqPath) - if !req.IsArray() { - continue - } - - var filtered []string - for _, r := range req.Array() { - if !contains(fields, r.String()) { - filtered = append(filtered, r.String()) - } - } - - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - - // Remove all nullable keywords - deletePaths := make([]string, 0) - deletePaths = append(deletePaths, paths...) - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - - return jsonStr -} - -// removeKeywords removes all occurrences of specified keywords from the JSON schema. -func removeKeywords(jsonStr string, keywords []string) string { - deletePaths := make([]string, 0) - pathsByField := findPathsByFields(jsonStr, keywords) - for _, key := range keywords { - for _, p := range pathsByField[key] { - if isPropertyDefinition(trimSuffix(p, "."+key)) { - continue - } - deletePaths = append(deletePaths, p) - } - } - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - return jsonStr -} - -// removePlaceholderFields removes placeholder-only properties ("_" and "reason") and their required entries. -func removePlaceholderFields(jsonStr string) string { - // Remove "_" placeholder properties. - paths := findPaths(jsonStr, "_") - sortByDepth(paths) - for _, p := range paths { - if !strings.HasSuffix(p, ".properties._") { - continue - } - jsonStr, _ = sjson.Delete(jsonStr, p) - parentPath := trimSuffix(p, ".properties._") - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != "_" { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - - // Remove placeholder-only "reason" objects. - reasonPaths := findPaths(jsonStr, "reason") - sortByDepth(reasonPaths) - for _, p := range reasonPaths { - if !strings.HasSuffix(p, ".properties.reason") { - continue - } - parentPath := trimSuffix(p, ".properties.reason") - props := gjson.Get(jsonStr, joinPath(parentPath, "properties")) - if !props.IsObject() || len(props.Map()) != 1 { - continue - } - desc := gjson.Get(jsonStr, p+".description").String() - if desc != placeholderReasonDescription { - continue - } - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != "reason" { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - - // Some schemas surface only the required marker path; strip required=["reason"] - // when the sibling placeholder object is present. - requiredPaths := findPaths(jsonStr, "required") - sortByDepth(requiredPaths) - for _, p := range requiredPaths { - if !strings.HasSuffix(p, ".required") { - continue - } - req := gjson.Get(jsonStr, p) - if !req.IsArray() { - continue - } - values := req.Array() - if len(values) != 1 || values[0].String() != "reason" { - continue - } - parentPath := trimSuffix(p, ".required") - propsPath := joinPath(parentPath, "properties") - props := gjson.Get(jsonStr, propsPath) - if !props.IsObject() || len(props.Map()) != 1 { - continue - } - desc := gjson.Get(jsonStr, joinPath(parentPath, "properties.reason.description")).String() - if desc != placeholderReasonDescription { - continue - } - jsonStr, _ = sjson.Delete(jsonStr, p) - } - - // Deterministic top-level cleanup for placeholder-only schemas. - // Some client payloads bypass path discovery but still carry: - // properties.reason + required:["reason"]. - topReq := gjson.Get(jsonStr, "required") - if topReq.IsArray() { - values := topReq.Array() - if len(values) == 1 && values[0].String() == "reason" { - topProps := gjson.Get(jsonStr, "properties") - if topProps.IsObject() && len(topProps.Map()) == 1 { - topDesc := gjson.Get(jsonStr, "properties.reason.description").String() - if topDesc == placeholderReasonDescription { - jsonStr, _ = sjson.Delete(jsonStr, "required") - } - } - } - } - - return jsonStr -} - -var invalidToolPropertyNames = []string{ - "cornerRadius", - "fillColor", - "fontFamily", - "fontSize", - "fontWeight", - "gap", - "padding", - "strokeColor", - "strokeThickness", - "textColor", -} - -// removeInvalidToolProperties strips known UI style properties that the Antigravity API rejects -// from nested tool parameter schemas. It also cleans up any required arrays that listed these fields. -func removeInvalidToolProperties(jsonStr string) string { - if len(invalidToolPropertyNames) == 0 { - return jsonStr - } - pathsByField := findPathsByFields(jsonStr, invalidToolPropertyNames) - var deletePaths []string - for _, field := range invalidToolPropertyNames { - for _, path := range pathsByField[field] { - deletePaths = append(deletePaths, path) - parentPath := trimSuffix(path, "."+field) - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != field { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else if len(filtered) != len(req.Array()) { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - } - sortByDepth(deletePaths) - for _, path := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, path) - } - return jsonStr -} - -// convertRefsToHints converts $ref to description hints (Lazy Hint strategy). -func convertRefsToHints(jsonStr string) string { - paths := findPaths(jsonStr, "$ref") - sortByDepth(paths) - - for _, p := range paths { - refVal := gjson.Get(jsonStr, p).String() - defName := refVal - if idx := strings.LastIndex(refVal, "/"); idx >= 0 { - defName = refVal[idx+1:] - } - - parentPath := trimSuffix(p, ".$ref") - hint := fmt.Sprintf("See: %s", defName) - if existing := gjson.Get(jsonStr, descriptionPath(parentPath)).String(); existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - - replacement := `{"type":"object","description":""}` - replacement, _ = sjson.Set(replacement, "description", hint) - jsonStr = setRawAt(jsonStr, parentPath, replacement) - } - return jsonStr -} - -func convertConstToEnum(jsonStr string) string { - for _, p := range findPaths(jsonStr, "const") { - val := gjson.Get(jsonStr, p) - if !val.Exists() { - continue - } - enumPath := trimSuffix(p, ".const") + ".enum" - if !gjson.Get(jsonStr, enumPath).Exists() { - jsonStr, _ = sjson.Set(jsonStr, enumPath, []interface{}{val.Value()}) - } - } - return jsonStr -} - -// convertEnumValuesToStrings ensures all enum values are strings and the schema type is set to string. -// Gemini API requires enum values to be of type string, not numbers or booleans. -func convertEnumValuesToStrings(jsonStr string) string { - for _, p := range findPaths(jsonStr, "enum") { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() { - continue - } - - var stringVals []string - for _, item := range arr.Array() { - stringVals = append(stringVals, item.String()) - } - - // Always update enum values to strings and set type to "string" - // This ensures compatibility with Antigravity Gemini which only allows enum for STRING type - jsonStr, _ = sjson.Set(jsonStr, p, stringVals) - parentPath := trimSuffix(p, ".enum") - jsonStr, _ = sjson.Set(jsonStr, joinPath(parentPath, "type"), "string") - } - return jsonStr -} - -func addEnumHints(jsonStr string) string { - for _, p := range findPaths(jsonStr, "enum") { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() { - continue - } - items := arr.Array() - if len(items) <= 1 || len(items) > 10 { - continue - } - - var vals []string - for _, item := range items { - vals = append(vals, item.String()) - } - jsonStr = appendHint(jsonStr, trimSuffix(p, ".enum"), "Allowed: "+strings.Join(vals, ", ")) - } - return jsonStr -} - -func addAdditionalPropertiesHints(jsonStr string) string { - for _, p := range findPaths(jsonStr, "additionalProperties") { - if gjson.Get(jsonStr, p).Type == gjson.False { - jsonStr = appendHint(jsonStr, trimSuffix(p, ".additionalProperties"), "No extra properties allowed") - } - } - return jsonStr -} - -var unsupportedConstraints = []string{ - "minLength", "maxLength", "exclusiveMinimum", "exclusiveMaximum", - "pattern", "minItems", "maxItems", "format", - "default", "examples", // Claude rejects these in VALIDATED mode -} - -func moveConstraintsToDescription(jsonStr string) string { - pathsByField := findPathsByFields(jsonStr, unsupportedConstraints) - for _, key := range unsupportedConstraints { - for _, p := range pathsByField[key] { - val := gjson.Get(jsonStr, p) - if !val.Exists() || val.IsObject() || val.IsArray() { - continue - } - parentPath := trimSuffix(p, "."+key) - if isPropertyDefinition(parentPath) { - continue - } - jsonStr = appendHint(jsonStr, parentPath, fmt.Sprintf("%s: %s", key, val.String())) - } - } - return jsonStr -} - -func mergeAllOf(jsonStr string) string { - paths := findPaths(jsonStr, "allOf") - sortByDepth(paths) - - for _, p := range paths { - allOf := gjson.Get(jsonStr, p) - if !allOf.IsArray() { - continue - } - parentPath := trimSuffix(p, ".allOf") - - for _, item := range allOf.Array() { - if props := item.Get("properties"); props.IsObject() { - props.ForEach(func(key, value gjson.Result) bool { - destPath := joinPath(parentPath, "properties."+escapeGJSONPathKey(key.String())) - jsonStr, _ = sjson.SetRaw(jsonStr, destPath, value.Raw) - return true - }) - } - if req := item.Get("required"); req.IsArray() { - reqPath := joinPath(parentPath, "required") - current := getStrings(jsonStr, reqPath) - for _, r := range req.Array() { - if s := r.String(); !contains(current, s) { - current = append(current, s) - } - } - jsonStr, _ = sjson.Set(jsonStr, reqPath, current) - } - } - jsonStr, _ = sjson.Delete(jsonStr, p) - } - return jsonStr -} - -func flattenAnyOfOneOf(jsonStr string) string { - for _, key := range []string{"anyOf", "oneOf"} { - paths := findPaths(jsonStr, key) - sortByDepth(paths) - - for _, p := range paths { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() || len(arr.Array()) == 0 { - continue - } - - parentPath := trimSuffix(p, "."+key) - parentDesc := gjson.Get(jsonStr, descriptionPath(parentPath)).String() - - items := arr.Array() - bestIdx, allTypes := selectBest(items) - selected := items[bestIdx].Raw - - if parentDesc != "" { - selected = mergeDescriptionRaw(selected, parentDesc) - } - - if len(allTypes) > 1 { - hint := "Accepts: " + strings.Join(allTypes, " | ") - selected = appendHintRaw(selected, hint) - } - - jsonStr = setRawAt(jsonStr, parentPath, selected) - } - } - return jsonStr -} - -func selectBest(items []gjson.Result) (bestIdx int, types []string) { - bestScore := -1 - for i, item := range items { - t := item.Get("type").String() - score := 0 - - switch { - case t == "object" || item.Get("properties").Exists(): - score, t = 3, orDefault(t, "object") - case t == "array" || item.Get("items").Exists(): - score, t = 2, orDefault(t, "array") - case t != "" && t != "null": - score = 1 - default: - t = orDefault(t, "null") - } - - if t != "" { - types = append(types, t) - } - if score > bestScore { - bestScore, bestIdx = score, i - } - } - return -} - -func flattenTypeArrays(jsonStr string) string { - paths := findPaths(jsonStr, "type") - sortByDepth(paths) - - nullableFields := make(map[string][]string) - - for _, p := range paths { - res := gjson.Get(jsonStr, p) - if !res.IsArray() || len(res.Array()) == 0 { - continue - } - - hasNull := false - var nonNullTypes []string - for _, item := range res.Array() { - s := item.String() - if s == "null" { - hasNull = true - } else if s != "" { - nonNullTypes = append(nonNullTypes, s) - } - } - - firstType := "string" - if len(nonNullTypes) > 0 { - firstType = nonNullTypes[0] - } - - jsonStr, _ = sjson.Set(jsonStr, p, firstType) - - parentPath := trimSuffix(p, ".type") - if len(nonNullTypes) > 1 { - hint := "Accepts: " + strings.Join(nonNullTypes, " | ") - jsonStr = appendHint(jsonStr, parentPath, hint) - } - - if hasNull { - parts := splitGJSONPath(p) - if len(parts) >= 3 && parts[len(parts)-3] == "properties" { - fieldNameEscaped := parts[len(parts)-2] - fieldName := unescapeGJSONPathKey(fieldNameEscaped) - objectPath := strings.Join(parts[:len(parts)-3], ".") - nullableFields[objectPath] = append(nullableFields[objectPath], fieldName) - - propPath := joinPath(objectPath, "properties."+fieldNameEscaped) - jsonStr = appendHint(jsonStr, propPath, "(nullable)") - } - } - } - - for objectPath, fields := range nullableFields { - reqPath := joinPath(objectPath, "required") - req := gjson.Get(jsonStr, reqPath) - if !req.IsArray() { - continue - } - - var filtered []string - for _, r := range req.Array() { - if !contains(fields, r.String()) { - filtered = append(filtered, r.String()) - } - } - - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - return jsonStr -} - -func removeUnsupportedKeywords(jsonStr string) string { - keywords := append(unsupportedConstraints, - "$schema", "$defs", "definitions", "const", "$ref", "$id", "additionalProperties", - "propertyNames", "patternProperties", // Gemini doesn't support these schema keywords - "enumTitles", "prefill", // Claude/OpenCode schema metadata fields unsupported by Gemini - ) - - deletePaths := make([]string, 0) - pathsByField := findPathsByFields(jsonStr, keywords) - for _, key := range keywords { - for _, p := range pathsByField[key] { - if isPropertyDefinition(trimSuffix(p, "."+key)) { - continue - } - deletePaths = append(deletePaths, p) - } - } - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - // Remove x-* extension fields (e.g., x-google-enum-descriptions) that are not supported by Gemini API - jsonStr = removeExtensionFields(jsonStr) - return jsonStr -} - -// removeExtensionFields removes all x-* extension fields from the JSON schema. -// These are OpenAPI/JSON Schema extension fields that Google APIs don't recognize. -func removeExtensionFields(jsonStr string) string { - var paths []string - walkForExtensions(gjson.Parse(jsonStr), "", &paths) - // walkForExtensions returns paths in a way that deeper paths are added before their ancestors - // when they are not deleted wholesale, but since we skip children of deleted x-* nodes, - // any collected path is safe to delete. We still use DeleteBytes for efficiency. - - b := []byte(jsonStr) - for _, p := range paths { - b, _ = sjson.DeleteBytes(b, p) - } - return string(b) -} - -func walkForExtensions(value gjson.Result, path string, paths *[]string) { - if value.IsArray() { - arr := value.Array() - for i := len(arr) - 1; i >= 0; i-- { - walkForExtensions(arr[i], joinPath(path, strconv.Itoa(i)), paths) - } - return - } - - if value.IsObject() { - value.ForEach(func(key, val gjson.Result) bool { - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - childPath := joinPath(path, safeKey) - - // If it's an extension field, we delete it and don't need to look at its children. - if strings.HasPrefix(keyStr, "x-") && !isPropertyDefinition(path) { - *paths = append(*paths, childPath) - return true - } - - walkForExtensions(val, childPath, paths) - return true - }) - } -} - -func cleanupRequiredFields(jsonStr string) string { - for _, p := range findPaths(jsonStr, "required") { - parentPath := trimSuffix(p, ".required") - propsPath := joinPath(parentPath, "properties") - - req := gjson.Get(jsonStr, p) - props := gjson.Get(jsonStr, propsPath) - if !req.IsArray() || !props.IsObject() { - continue - } - - var valid []string - for _, r := range req.Array() { - key := r.String() - if props.Get(escapeGJSONPathKey(key)).Exists() { - valid = append(valid, key) - } - } - - if len(valid) != len(req.Array()) { - if len(valid) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, p) - } else { - jsonStr, _ = sjson.Set(jsonStr, p, valid) - } - } - } - return jsonStr -} - -// addEmptySchemaPlaceholder adds a placeholder "reason" property to empty object schemas. -// Claude VALIDATED mode requires at least one required property in tool schemas. -func addEmptySchemaPlaceholder(jsonStr string) string { - // Find all "type" fields - paths := findPaths(jsonStr, "type") - - // Process from deepest to shallowest (to handle nested objects properly) - sortByDepth(paths) - - for _, p := range paths { - typeVal := gjson.Get(jsonStr, p) - if typeVal.String() != "object" { - continue - } - - // Get the parent path (the object containing "type") - parentPath := trimSuffix(p, ".type") - - // Check if properties exists and is empty or missing - propsPath := joinPath(parentPath, "properties") - propsVal := gjson.Get(jsonStr, propsPath) - reqPath := joinPath(parentPath, "required") - reqVal := gjson.Get(jsonStr, reqPath) - hasRequiredProperties := reqVal.IsArray() && len(reqVal.Array()) > 0 - - needsPlaceholder := false - if !propsVal.Exists() { - // No properties field at all - needsPlaceholder = true - } else if propsVal.IsObject() && len(propsVal.Map()) == 0 { - // Empty properties object - needsPlaceholder = true - } - - if needsPlaceholder { - // Add placeholder "reason" property - reasonPath := joinPath(propsPath, "reason") - jsonStr, _ = sjson.Set(jsonStr, reasonPath+".type", "string") - jsonStr, _ = sjson.Set(jsonStr, reasonPath+".description", placeholderReasonDescription) - - // Add to required array - jsonStr, _ = sjson.Set(jsonStr, reqPath, []string{"reason"}) - continue - } - - // If schema has properties but none are required, add a minimal placeholder. - if propsVal.IsObject() && !hasRequiredProperties { - // DO NOT add placeholder if it's a top-level schema (parentPath is empty) - // or if we've already added a placeholder reason above. - if parentPath == "" { - continue - } - placeholderPath := joinPath(propsPath, "_") - if !gjson.Get(jsonStr, placeholderPath).Exists() { - jsonStr, _ = sjson.Set(jsonStr, placeholderPath+".type", "boolean") - } - jsonStr, _ = sjson.Set(jsonStr, reqPath, []string{"_"}) - } - } - - return jsonStr -} - -// --- Helpers --- - -func findPaths(jsonStr, field string) []string { - var paths []string - Walk(gjson.Parse(jsonStr), "", field, &paths) - return paths -} - -func findPathsByFields(jsonStr string, fields []string) map[string][]string { - set := make(map[string]struct{}, len(fields)) - for _, field := range fields { - set[field] = struct{}{} - } - paths := make(map[string][]string, len(set)) - walkForFields(gjson.Parse(jsonStr), "", set, paths) - return paths -} - -func walkForFields(value gjson.Result, path string, fields map[string]struct{}, paths map[string][]string) { - switch value.Type { - case gjson.JSON: - value.ForEach(func(key, val gjson.Result) bool { - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - - var childPath string - if path == "" { - childPath = safeKey - } else { - childPath = path + "." + safeKey - } - - if _, ok := fields[keyStr]; ok { - paths[keyStr] = append(paths[keyStr], childPath) - } - - walkForFields(val, childPath, fields, paths) - return true - }) - case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null: - // Terminal types - no further traversal needed - } -} - -func sortByDepth(paths []string) { - sort.Slice(paths, func(i, j int) bool { return len(paths[i]) > len(paths[j]) }) -} - -func trimSuffix(path, suffix string) string { - if path == strings.TrimPrefix(suffix, ".") { - return "" - } - return strings.TrimSuffix(path, suffix) -} - -func joinPath(base, suffix string) string { - if base == "" { - return suffix - } - return base + "." + suffix -} - -func setRawAt(jsonStr, path, value string) string { - if path == "" { - return value - } - result, _ := sjson.SetRaw(jsonStr, path, value) - return result -} - -func isPropertyDefinition(path string) bool { - return path == "properties" || strings.HasSuffix(path, ".properties") -} - -func descriptionPath(parentPath string) string { - if parentPath == "" || parentPath == "@this" { - return "description" - } - return parentPath + ".description" -} - -func appendHint(jsonStr, parentPath, hint string) string { - descPath := parentPath + ".description" - if parentPath == "" || parentPath == "@this" { - descPath = "description" - } - existing := gjson.Get(jsonStr, descPath).String() - if existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - jsonStr, _ = sjson.Set(jsonStr, descPath, hint) - return jsonStr -} - -func appendHintRaw(jsonRaw, hint string) string { - existing := gjson.Get(jsonRaw, "description").String() - if existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - jsonRaw, _ = sjson.Set(jsonRaw, "description", hint) - return jsonRaw -} - -func getStrings(jsonStr, path string) []string { - var result []string - if arr := gjson.Get(jsonStr, path); arr.IsArray() { - for _, r := range arr.Array() { - result = append(result, r.String()) - } - } - return result -} - -func contains(slice []string, item string) bool { - for _, s := range slice { - if s == item { - return true - } - } - return false -} - -func orDefault(val, def string) string { - if val == "" { - return def - } - return val -} - -func escapeGJSONPathKey(key string) string { - if !strings.ContainsAny(key, ".*?") { - return key - } - return gjsonPathKeyReplacer.Replace(key) -} - -func unescapeGJSONPathKey(key string) string { - if !strings.Contains(key, "\\") { - return key - } - var b strings.Builder - b.Grow(len(key)) - for i := 0; i < len(key); i++ { - if key[i] == '\\' && i+1 < len(key) { - i++ - b.WriteByte(key[i]) - continue - } - b.WriteByte(key[i]) - } - return b.String() -} - -func splitGJSONPath(path string) []string { - if path == "" { - return nil - } - - parts := make([]string, 0, strings.Count(path, ".")+1) - var b strings.Builder - b.Grow(len(path)) - - for i := 0; i < len(path); i++ { - c := path[i] - if c == '\\' && i+1 < len(path) { - b.WriteByte('\\') - i++ - b.WriteByte(path[i]) - continue - } - if c == '.' { - parts = append(parts, b.String()) - b.Reset() - continue - } - b.WriteByte(c) - } - parts = append(parts, b.String()) - return parts -} - -func mergeDescriptionRaw(schemaRaw, parentDesc string) string { - childDesc := gjson.Get(schemaRaw, "description").String() - switch childDesc { - case "": - schemaRaw, _ = sjson.Set(schemaRaw, "description", parentDesc) - return schemaRaw - case parentDesc: - return schemaRaw - default: - combined := fmt.Sprintf("%s (%s)", parentDesc, childDesc) - schemaRaw, _ = sjson.Set(schemaRaw, "description", combined) - return schemaRaw - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/gemini_schema_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/gemini_schema_test.go deleted file mode 100644 index a941f358ac..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/gemini_schema_test.go +++ /dev/null @@ -1,1107 +0,0 @@ -package util - -import ( - "encoding/json" - "reflect" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestCleanJSONSchemaForAntigravity_ConstToEnum(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "const": "InsightVizNode" - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": ["InsightVizNode"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_TypeFlattening_Nullable(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { - "type": ["string", "null"] - }, - "other": { - "type": "string" - } - }, - "required": ["name", "other"] - }` - - expected := `{ - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "(nullable)" - }, - "other": { - "type": "string" - } - }, - "required": ["other"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_ConstraintsToDescription(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "tags": { - "type": "array", - "description": "List of tags", - "minItems": 1 - }, - "name": { - "type": "string", - "description": "User name", - "minLength": 3 - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // minItems should be REMOVED and moved to description - if strings.Contains(result, `"minItems"`) { - t.Errorf("minItems keyword should be removed") - } - if !strings.Contains(result, "minItems: 1") { - t.Errorf("minItems hint missing in description") - } - - // minLength should be moved to description - if !strings.Contains(result, "minLength: 3") { - t.Errorf("minLength hint missing in description") - } - if strings.Contains(result, `"minLength":`) || strings.Contains(result, `"minLength" :`) { - t.Errorf("minLength keyword should be removed") - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfFlattening_SmartSelection(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "query": { - "anyOf": [ - { "type": "null" }, - { - "type": "object", - "properties": { - "kind": { "type": "string" } - } - } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "query": { - "type": "object", - "description": "Accepts: null | object", - "properties": { - "_": { "type": "boolean" }, - "kind": { "type": "string" } - }, - "required": ["_"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_OneOfFlattening(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "config": { - "oneOf": [ - { "type": "string" }, - { "type": "integer" } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "config": { - "type": "string", - "description": "Accepts: string | integer" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_AllOfMerging(t *testing.T) { - input := `{ - "type": "object", - "allOf": [ - { - "properties": { - "a": { "type": "string" } - }, - "required": ["a"] - }, - { - "properties": { - "b": { "type": "integer" } - }, - "required": ["b"] - } - ] - }` - - expected := `{ - "type": "object", - "properties": { - "a": { "type": "string" }, - "b": { "type": "integer" } - }, - "required": ["a", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_RefHandling(t *testing.T) { - input := `{ - "definitions": { - "User": { - "type": "object", - "properties": { - "name": { "type": "string" } - } - } - }, - "type": "object", - "properties": { - "customer": { "$ref": "#/definitions/User" } - } - }` - - // After $ref is converted to placeholder object, empty schema placeholder is also added - expected := `{ - "type": "object", - "properties": { - "customer": { - "type": "object", - "description": "See: User", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_RefHandling_DescriptionEscaping(t *testing.T) { - input := `{ - "definitions": { - "User": { - "type": "object", - "properties": { - "name": { "type": "string" } - } - } - }, - "type": "object", - "properties": { - "customer": { - "description": "He said \"hi\"\\nsecond line", - "$ref": "#/definitions/User" - } - } - }` - - // After $ref is converted, empty schema placeholder is also added - expected := `{ - "type": "object", - "properties": { - "customer": { - "type": "object", - "description": "He said \"hi\"\\nsecond line (See: User)", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_CyclicRefDefaults(t *testing.T) { - input := `{ - "definitions": { - "Node": { - "type": "object", - "properties": { - "child": { "$ref": "#/definitions/Node" } - } - } - }, - "$ref": "#/definitions/Node" - }` - - result := CleanJSONSchemaForAntigravity(input) - - var resMap map[string]interface{} - _ = json.Unmarshal([]byte(result), &resMap) - - if resMap["type"] != "object" { - t.Errorf("Expected type: object, got: %v", resMap["type"]) - } - - desc, ok := resMap["description"].(string) - if !ok || !strings.Contains(desc, "Node") { - t.Errorf("Expected description hint containing 'Node', got: %v", resMap["description"]) - } -} - -func TestCleanJSONSchemaForAntigravity_RequiredCleanup(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "a": {"type": "string"}, - "b": {"type": "string"} - }, - "required": ["a", "b", "c"] - }` - - expected := `{ - "type": "object", - "properties": { - "a": {"type": "string"}, - "b": {"type": "string"} - }, - "required": ["a", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_AllOfMerging_DotKeys(t *testing.T) { - input := `{ - "type": "object", - "allOf": [ - { - "properties": { - "my.param": { "type": "string" } - }, - "required": ["my.param"] - }, - { - "properties": { - "b": { "type": "integer" } - }, - "required": ["b"] - } - ] - }` - - expected := `{ - "type": "object", - "properties": { - "my.param": { "type": "string" }, - "b": { "type": "integer" } - }, - "required": ["my.param", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_PropertyNameCollision(t *testing.T) { - // A tool has an argument named "pattern" - should NOT be treated as a constraint - input := `{ - "type": "object", - "properties": { - "pattern": { - "type": "string", - "description": "The regex pattern" - } - }, - "required": ["pattern"] - }` - - expected := `{ - "type": "object", - "properties": { - "pattern": { - "type": "string", - "description": "The regex pattern" - } - }, - "required": ["pattern"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) - - var resMap map[string]interface{} - _ = json.Unmarshal([]byte(result), &resMap) - props, _ := resMap["properties"].(map[string]interface{}) - if _, ok := props["description"]; ok { - t.Errorf("Invalid 'description' property injected into properties map") - } -} - -func TestCleanJSONSchemaForAntigravity_DotKeys(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "my.param": { - "type": "string", - "$ref": "#/definitions/MyType" - } - }, - "definitions": { - "MyType": { "type": "string" } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - var resMap map[string]interface{} - if err := json.Unmarshal([]byte(result), &resMap); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - props, ok := resMap["properties"].(map[string]interface{}) - if !ok { - t.Fatalf("properties missing") - } - - if val, ok := props["my.param"]; !ok { - t.Fatalf("Key 'my.param' is missing. Result: %s", result) - } else { - valMap, _ := val.(map[string]interface{}) - if _, hasRef := valMap["$ref"]; hasRef { - t.Errorf("Key 'my.param' still contains $ref") - } - if _, ok := props["my"]; ok { - t.Errorf("Artifact key 'my' created by sjson splitting") - } - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfAlternativeHints(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "anyOf": [ - { "type": "string" }, - { "type": "integer" }, - { "type": "null" } - ] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Accepts:") { - t.Errorf("Expected alternative types hint, got: %s", result) - } - if !strings.Contains(result, "string") || !strings.Contains(result, "integer") { - t.Errorf("Expected all alternative types in hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NullableHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { - "type": ["string", "null"], - "description": "User name" - } - }, - "required": ["name"] - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "(nullable)") { - t.Errorf("Expected nullable hint, got: %s", result) - } - if !strings.Contains(result, "User name") { - t.Errorf("Expected original description to be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_TypeFlattening_Nullable_DotKey(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "my.param": { - "type": ["string", "null"] - }, - "other": { - "type": "string" - } - }, - "required": ["my.param", "other"] - }` - - expected := `{ - "type": "object", - "properties": { - "my.param": { - "type": "string", - "description": "(nullable)" - }, - "other": { - "type": "string" - } - }, - "required": ["other"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_EnumHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "status": { - "type": "string", - "enum": ["active", "inactive", "pending"], - "description": "Current status" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Allowed:") { - t.Errorf("Expected enum values hint, got: %s", result) - } - if !strings.Contains(result, "active") || !strings.Contains(result, "inactive") { - t.Errorf("Expected enum values in hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_AdditionalPropertiesHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { "type": "string" } - }, - "additionalProperties": false - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "No extra properties allowed") { - t.Errorf("Expected additionalProperties hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfFlattening_PreservesDescription(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "config": { - "description": "Parent desc", - "anyOf": [ - { "type": "string", "description": "Child desc" }, - { "type": "integer" } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "config": { - "type": "string", - "description": "Parent desc (Child desc) (Accepts: string | integer)" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_SingleEnumNoHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": ["fixed"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if strings.Contains(result, "Allowed:") { - t.Errorf("Single value enum should not add Allowed hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_MultipleNonNullTypes(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "type": ["string", "integer", "boolean"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Accepts:") { - t.Errorf("Expected multiple types hint, got: %s", result) - } - if !strings.Contains(result, "string") || !strings.Contains(result, "integer") || !strings.Contains(result, "boolean") { - t.Errorf("Expected all types in hint, got: %s", result) - } -} - -func compareJSON(t *testing.T, expectedJSON, actualJSON string) { - var expMap, actMap map[string]interface{} - errExp := json.Unmarshal([]byte(expectedJSON), &expMap) - errAct := json.Unmarshal([]byte(actualJSON), &actMap) - - if errExp != nil || errAct != nil { - t.Fatalf("JSON Unmarshal error. Exp: %v, Act: %v", errExp, errAct) - } - - if !reflect.DeepEqual(expMap, actMap) { - expBytes, _ := json.MarshalIndent(expMap, "", " ") - actBytes, _ := json.MarshalIndent(actMap, "", " ") - t.Errorf("JSON mismatch:\nExpected:\n%s\n\nActual:\n%s", string(expBytes), string(actBytes)) - } -} - -// ============================================================================ -// Empty Schema Placeholder Tests -// ============================================================================ - -func TestCleanJSONSchemaForAntigravity_EmptySchemaPlaceholder(t *testing.T) { - // Empty object schema with no properties should get a placeholder - input := `{ - "type": "object" - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have placeholder property added - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty schema should have 'reason' placeholder property, got: %s", result) - } - if !strings.Contains(result, `"required"`) { - t.Errorf("Empty schema should have 'required' with 'reason', got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_EmptyPropertiesPlaceholder(t *testing.T) { - // Object with empty properties object - input := `{ - "type": "object", - "properties": {} - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have placeholder property added - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty properties should have 'reason' placeholder, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NonEmptySchemaUnchanged(t *testing.T) { - // Schema with properties should NOT get placeholder - input := `{ - "type": "object", - "properties": { - "name": {"type": "string"} - }, - "required": ["name"] - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should NOT have placeholder property - if strings.Contains(result, `"reason"`) { - t.Errorf("Non-empty schema should NOT have 'reason' placeholder, got: %s", result) - } - // Original properties should be preserved - if !strings.Contains(result, `"name"`) { - t.Errorf("Original property 'name' should be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NestedEmptySchema(t *testing.T) { - // Nested empty object in items should also get placeholder - input := `{ - "type": "object", - "properties": { - "items": { - "type": "array", - "items": { - "type": "object" - } - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Nested empty object should also get placeholder - // Check that the nested object has a reason property - parsed := gjson.Parse(result) - nestedProps := parsed.Get("properties.items.items.properties") - if !nestedProps.Exists() || !nestedProps.Get("reason").Exists() { - t.Errorf("Nested empty object should have 'reason' placeholder, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_EmptySchemaWithDescription(t *testing.T) { - // Empty schema with description should preserve description and add placeholder - input := `{ - "type": "object", - "description": "An empty object" - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have both description and placeholder - if !strings.Contains(result, `"An empty object"`) { - t.Errorf("Description should be preserved, got: %s", result) - } - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty schema should have 'reason' placeholder, got: %s", result) - } -} - -// ============================================================================ -// Format field handling (ad-hoc patch removal) -// ============================================================================ - -func TestCleanJSONSchemaForAntigravity_FormatFieldRemoval(t *testing.T) { - // format:"uri" should be removed and added as hint - input := `{ - "type": "object", - "properties": { - "url": { - "type": "string", - "format": "uri", - "description": "A URL" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // format should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("format field should be removed, got: %s", result) - } - // hint should be added to description - if !strings.Contains(result, "format: uri") { - t.Errorf("format hint should be added to description, got: %s", result) - } - // original description should be preserved - if !strings.Contains(result, "A URL") { - t.Errorf("Original description should be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_FormatFieldNoDescription(t *testing.T) { - // format without description should create description with hint - input := `{ - "type": "object", - "properties": { - "email": { - "type": "string", - "format": "email" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // format should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("format field should be removed, got: %s", result) - } - // hint should be added - if !strings.Contains(result, "format: email") { - t.Errorf("format hint should be added, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_MultipleFormats(t *testing.T) { - // Multiple format fields should all be handled - input := `{ - "type": "object", - "properties": { - "url": {"type": "string", "format": "uri"}, - "email": {"type": "string", "format": "email"}, - "date": {"type": "string", "format": "date-time"} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // All format fields should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("All format fields should be removed, got: %s", result) - } - // All hints should be added - if !strings.Contains(result, "format: uri") { - t.Errorf("uri format hint should be added, got: %s", result) - } - if !strings.Contains(result, "format: email") { - t.Errorf("email format hint should be added, got: %s", result) - } - if !strings.Contains(result, "format: date-time") { - t.Errorf("date-time format hint should be added, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NumericEnumToString(t *testing.T) { - // Gemini API requires enum values to be strings, not numbers - input := `{ - "type": "object", - "properties": { - "priority": {"type": "integer", "enum": [0, 1, 2]}, - "level": {"type": "number", "enum": [1.5, 2.5, 3.5]}, - "status": {"type": "string", "enum": ["active", "inactive"]} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Numeric enum values should be converted to strings - if strings.Contains(result, `"enum":[0,1,2]`) { - t.Errorf("Integer enum values should be converted to strings, got: %s", result) - } - if strings.Contains(result, `"enum":[1.5,2.5,3.5]`) { - t.Errorf("Float enum values should be converted to strings, got: %s", result) - } - // Should contain string versions - if !strings.Contains(result, `"0"`) || !strings.Contains(result, `"1"`) || !strings.Contains(result, `"2"`) { - t.Errorf("Integer enum values should be converted to string format, got: %s", result) - } - // String enum values should remain unchanged - if !strings.Contains(result, `"active"`) || !strings.Contains(result, `"inactive"`) { - t.Errorf("String enum values should remain unchanged, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_BooleanEnumToString(t *testing.T) { - // Boolean enum values should also be converted to strings - input := `{ - "type": "object", - "properties": { - "enabled": {"type": "boolean", "enum": [true, false]} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Boolean enum values should be converted to strings - if strings.Contains(result, `"enum":[true,false]`) { - t.Errorf("Boolean enum values should be converted to strings, got: %s", result) - } - // Should contain string versions "true" and "false" - if !strings.Contains(result, `"true"`) || !strings.Contains(result, `"false"`) { - t.Errorf("Boolean enum values should be converted to string format, got: %s", result) - } -} - -func TestCleanJSONSchemaForGemini_RemovesGeminiUnsupportedMetadataFields(t *testing.T) { - input := `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "payload": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - }, - "$id": { - "type": "string", - "description": "property name should not be removed" - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "payload": { - "type": "object", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "description": "Allowed: a, b" - } - } - }, - "$id": { - "type": "string", - "description": "property name should not be removed" - } - } - }` - - result := CleanJSONSchemaForGemini(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForGemini_PreservesPlaceholderReason(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - }` - - result := CleanJSONSchemaForGemini(input) - parsed := gjson.Parse(result) - if !parsed.Get("properties.reason").Exists() { - t.Fatalf("expected placeholder reason property to remain, got: %s", result) - } - if parsed.Get("required").Exists() { - t.Fatalf("expected required array to be removed for placeholder schema, got: %s", result) - } -} - -func TestRemoveExtensionFields(t *testing.T) { - tests := []struct { - name string - input string - expected string - }{ - { - name: "removes x- fields at root", - input: `{ - "type": "object", - "x-custom-meta": "value", - "properties": { - "foo": { "type": "string" } - } - }`, - expected: `{ - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - }, - { - name: "removes x- fields in nested properties", - input: `{ - "type": "object", - "properties": { - "foo": { - "type": "string", - "x-internal-id": 123 - } - } - }`, - expected: `{ - "type": "object", - "properties": { - "foo": { - "type": "string" - } - } - }`, - }, - { - name: "does NOT remove properties named x-", - input: `{ - "type": "object", - "properties": { - "x-data": { "type": "string" }, - "normal": { "type": "number", "x-meta": "remove" } - }, - "required": ["x-data"] - }`, - expected: `{ - "type": "object", - "properties": { - "x-data": { "type": "string" }, - "normal": { "type": "number" } - }, - "required": ["x-data"] - }`, - }, - { - name: "does NOT remove $schema and other meta fields (as requested)", - input: `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "test", - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - expected: `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "test", - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - }, - { - name: "handles properties named $schema", - input: `{ - "type": "object", - "properties": { - "$schema": { "type": "string" } - } - }`, - expected: `{ - "type": "object", - "properties": { - "$schema": { "type": "string" } - } - }`, - }, - { - name: "handles escaping in paths", - input: `{ - "type": "object", - "properties": { - "foo.bar": { - "type": "string", - "x-meta": "remove" - } - }, - "x-root.meta": "remove" - }`, - expected: `{ - "type": "object", - "properties": { - "foo.bar": { - "type": "string" - } - } - }`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actual := removeExtensionFields(tt.input) - compareJSON(t, tt.expected, actual) - }) - } -} - -func TestCleanJSONSchemaForAntigravity_RemovesInvalidToolProperties(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "type": "object", - "properties": { - "cornerRadius": {"type": "number"}, - "strokeColor": {"type": "string"}, - "textColor": {"type": "string"}, - "allowed": {"type": "string"} - }, - "required": ["cornerRadius", "allowed"] - } - }, - "required": ["value"] - }` - - result := CleanJSONSchemaForAntigravity(input) - if gjson.Get(result, "properties.value.properties.cornerRadius").Exists() { - t.Fatalf("cornerRadius should be removed from the schema") - } - if gjson.Get(result, "properties.value.properties.strokeColor").Exists() { - t.Fatalf("strokeColor should be removed from the schema") - } - if gjson.Get(result, "properties.value.properties.textColor").Exists() { - t.Fatalf("textColor should be removed from the schema") - } - if !gjson.Get(result, "properties.value.properties.allowed").Exists() { - t.Fatalf("allowed property should be preserved") - } - required := gjson.Get(result, "properties.value.required") - if !required.IsArray() || len(required.Array()) != 1 || required.Array()[0].String() != "allowed" { - t.Fatalf("required array should only contain allowed after cleaning, got %s", required.Raw) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/header_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/header_helpers.go deleted file mode 100644 index c53c291f10..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/header_helpers.go +++ /dev/null @@ -1,52 +0,0 @@ -package util - -import ( - "net/http" - "strings" -) - -// ApplyCustomHeadersFromAttrs applies user-defined headers stored in the provided attributes map. -// Custom headers override built-in defaults when conflicts occur. -func ApplyCustomHeadersFromAttrs(r *http.Request, attrs map[string]string) { - if r == nil { - return - } - applyCustomHeaders(r, extractCustomHeaders(attrs)) -} - -func extractCustomHeaders(attrs map[string]string) map[string]string { - if len(attrs) == 0 { - return nil - } - headers := make(map[string]string) - for k, v := range attrs { - if !strings.HasPrefix(k, "header:") { - continue - } - name := strings.TrimSpace(strings.TrimPrefix(k, "header:")) - if name == "" { - continue - } - val := strings.TrimSpace(v) - if val == "" { - continue - } - headers[name] = val - } - if len(headers) == 0 { - return nil - } - return headers -} - -func applyCustomHeaders(r *http.Request, headers map[string]string) { - if r == nil || len(headers) == 0 { - return - } - for k, v := range headers { - if k == "" || v == "" { - continue - } - r.Header.Set(k, v) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/image.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/image.go deleted file mode 100644 index 70d5cdc413..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/image.go +++ /dev/null @@ -1,59 +0,0 @@ -package util - -import ( - "bytes" - "encoding/base64" - "image" - "image/draw" - "image/png" -) - -func CreateWhiteImageBase64(aspectRatio string) (string, error) { - width := 1024 - height := 1024 - - switch aspectRatio { - case "1:1": - width = 1024 - height = 1024 - case "2:3": - width = 832 - height = 1248 - case "3:2": - width = 1248 - height = 832 - case "3:4": - width = 864 - height = 1184 - case "4:3": - width = 1184 - height = 864 - case "4:5": - width = 896 - height = 1152 - case "5:4": - width = 1152 - height = 896 - case "9:16": - width = 768 - height = 1344 - case "16:9": - width = 1344 - height = 768 - case "21:9": - width = 1536 - height = 672 - } - - img := image.NewRGBA(image.Rect(0, 0, width, height)) - draw.Draw(img, img.Bounds(), image.White, image.Point{}, draw.Src) - - var buf bytes.Buffer - - if err := png.Encode(&buf, img); err != nil { - return "", err - } - - base64String := base64.StdEncoding.EncodeToString(buf.Bytes()) - return base64String, nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/provider.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/provider.go deleted file mode 100644 index bc156e9327..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/provider.go +++ /dev/null @@ -1,332 +0,0 @@ -// Package util provides utility functions used across the CLIProxyAPI application. -// These functions handle common tasks such as determining AI service providers -// from model names and managing HTTP proxies. -package util - -import ( - "net/url" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - log "github.com/sirupsen/logrus" -) - -// GetProviderName determines all AI service providers capable of serving a registered model. -// It first queries the global model registry to retrieve the providers backing the supplied model name. -// When the model has not been registered yet, it falls back to legacy string heuristics to infer -// potential providers. -// -// Supported providers include (but are not limited to): -// - "gemini" for Google's Gemini family -// - "codex" for OpenAI GPT-compatible providers -// - "claude" for Anthropic models -// - "qwen" for Alibaba's Qwen models -// - "openai-compatibility" for external OpenAI-compatible providers -// -// Parameters: -// - modelName: The name of the model to identify providers for. -// - cfg: The application configuration containing OpenAI compatibility settings. -// -// Returns: -// - []string: All provider identifiers capable of serving the model, ordered by preference. -func GetProviderName(modelName string) []string { - if modelName == "" { - return nil - } - - if pinnedProvider, _, pinned := ResolveProviderPinnedModel(modelName); pinned { - return []string{pinnedProvider} - } - - providers := make([]string, 0, 4) - seen := make(map[string]struct{}) - - appendProvider := func(name string) { - if name == "" { - return - } - if _, exists := seen[name]; exists { - return - } - seen[name] = struct{}{} - providers = append(providers, name) - } - - for _, provider := range registry.GetGlobalRegistry().GetModelProviders(modelName) { - appendProvider(provider) - } - - if len(providers) > 0 { - return providers - } - - return providers -} - -// ResolveProviderPinnedModel checks whether modelName is a provider-pinned alias -// in the form "/" and verifies that provider currently serves -// the target model in the global registry. -// -// Returns: -// - provider: normalized provider prefix -// - baseModel: model without provider prefix -// - ok: true when prefix is valid and provider serves baseModel -func ResolveProviderPinnedModel(modelName string) (provider string, baseModel string, ok bool) { - modelName = strings.TrimSpace(modelName) - parts := strings.SplitN(modelName, "/", 2) - if len(parts) != 2 { - return "", "", false - } - - provider = strings.ToLower(strings.TrimSpace(parts[0])) - baseModel = strings.TrimSpace(parts[1]) - if provider == "" || baseModel == "" { - return "", "", false - } - - for _, candidate := range registry.GetGlobalRegistry().GetModelProviders(baseModel) { - if strings.EqualFold(candidate, provider) { - return provider, baseModel, true - } - } - - return "", "", false -} - -// ResolveAutoModel resolves the "auto" model name to an actual available model. -// It uses an empty handler type to get any available model from the registry. -// -// Parameters: -// - modelName: The model name to check (should be "auto") -// -// Returns: -// - string: The resolved model name, or the original if not "auto" or resolution fails -func ResolveAutoModel(modelName string) string { - if modelName != "auto" { - return modelName - } - - // Use empty string as handler type to get any available model - firstModel, err := registry.GetGlobalRegistry().GetFirstAvailableModel("") - if err != nil { - log.Warnf("Failed to resolve 'auto' model: %v, falling back to original model name", err) - return modelName - } - - log.Infof("Resolved 'auto' model to: %s", firstModel) - return firstModel -} - -// IsOpenAICompatibilityAlias checks if the given model name is an alias -// configured for OpenAI compatibility routing. -// -// Parameters: -// - modelName: The model name to check -// - cfg: The application configuration containing OpenAI compatibility settings -// -// Returns: -// - bool: True if the model name is an OpenAI compatibility alias, false otherwise -func IsOpenAICompatibilityAlias(modelName string, cfg *config.Config) bool { - if cfg == nil { - return false - } - modelName = normalizeOpenAICompatibilityAlias(modelName) - if modelName == "" { - return false - } - - for _, compat := range cfg.OpenAICompatibility { - for _, model := range compat.Models { - if strings.EqualFold(strings.TrimSpace(model.Alias), modelName) || strings.EqualFold(strings.TrimSpace(model.Name), modelName) { - return true - } - } - } - return false -} - -// GetOpenAICompatibilityConfig returns the OpenAI compatibility configuration -// and model details for the given alias. -// -// Parameters: -// - alias: The model alias to find configuration for -// - cfg: The application configuration containing OpenAI compatibility settings -// -// Returns: -// - *config.OpenAICompatibility: The matching compatibility configuration, or nil if not found -// - *config.OpenAICompatibilityModel: The matching model configuration, or nil if not found -func GetOpenAICompatibilityConfig(alias string, cfg *config.Config) (*config.OpenAICompatibility, *config.OpenAICompatibilityModel) { - if cfg == nil { - return nil, nil - } - alias = normalizeOpenAICompatibilityAlias(alias) - if alias == "" { - return nil, nil - } - - for _, compat := range cfg.OpenAICompatibility { - for _, model := range compat.Models { - if strings.EqualFold(strings.TrimSpace(model.Alias), alias) || strings.EqualFold(strings.TrimSpace(model.Name), alias) { - return &compat, &model - } - } - } - return nil, nil -} - -func normalizeOpenAICompatibilityAlias(modelName string) string { - modelName = strings.TrimSpace(modelName) - if modelName == "" { - return "" - } - if _, baseModel, ok := ResolveProviderPinnedModel(modelName); ok { - return baseModel - } - return modelName -} - -// InArray checks if a string exists in a slice of strings. -// It iterates through the slice and returns true if the target string is found, -// otherwise it returns false. -// -// Parameters: -// - hystack: The slice of strings to search in -// - needle: The string to search for -// -// Returns: -// - bool: True if the string is found, false otherwise -func InArray(hystack []string, needle string) bool { - for _, item := range hystack { - if needle == item { - return true - } - } - return false -} - -// HideAPIKey obscures an API key for logging purposes, showing only the first and last few characters. -// -// Parameters: -// - apiKey: The API key to hide. -// -// Returns: -// - string: The obscured API key. -func HideAPIKey(apiKey string) string { - if len(apiKey) > 8 { - return apiKey[:4] + "..." + apiKey[len(apiKey)-4:] - } else if len(apiKey) > 4 { - return apiKey[:2] + "..." + apiKey[len(apiKey)-2:] - } else if len(apiKey) > 2 { - return apiKey[:1] + "..." + apiKey[len(apiKey)-1:] - } - return apiKey -} - -// RedactAPIKey completely redacts an API key for secure logging. -// Unlike HideAPIKey which shows partial characters, this returns "[REDACTED]" -// to satisfy strict security scanning requirements. -func RedactAPIKey(apiKey string) string { - if apiKey == "" { - return "" - } - return "[REDACTED]" -} - -// maskAuthorizationHeader masks the Authorization header value while preserving the auth type prefix. -// Common formats: "Bearer ", "Basic ", "ApiKey ", etc. -// It preserves the prefix (e.g., "Bearer ") and only masks the token/credential part. -// -// Parameters: -// - value: The Authorization header value -// -// Returns: -// - string: The masked Authorization value with prefix preserved -func MaskAuthorizationHeader(value string) string { - parts := strings.SplitN(strings.TrimSpace(value), " ", 2) - if len(parts) < 2 { - return HideAPIKey(value) - } - return parts[0] + " " + HideAPIKey(parts[1]) -} - -// MaskSensitiveHeaderValue masks sensitive header values while preserving expected formats. -// -// Behavior by header key (case-insensitive): -// - "Authorization": Preserve the auth type prefix (e.g., "Bearer ") and mask only the credential part. -// - Headers containing "api-key": Mask the entire value using HideAPIKey. -// - Others: Return the original value unchanged. -// -// Parameters: -// - key: The HTTP header name to inspect (case-insensitive matching). -// - value: The header value to mask when sensitive. -// -// Returns: -// - string: The masked value according to the header type; unchanged if not sensitive. -func MaskSensitiveHeaderValue(key, value string) string { - lowerKey := strings.ToLower(strings.TrimSpace(key)) - switch { - case strings.Contains(lowerKey, "authorization"): - return MaskAuthorizationHeader(value) - case strings.Contains(lowerKey, "api-key"), - strings.Contains(lowerKey, "apikey"), - strings.Contains(lowerKey, "token"), - strings.Contains(lowerKey, "secret"): - return HideAPIKey(value) - default: - return value - } -} - -// MaskSensitiveQuery masks sensitive query parameters, e.g. auth_token, within the raw query string. -func MaskSensitiveQuery(raw string) string { - if raw == "" { - return "" - } - parts := strings.Split(raw, "&") - changed := false - for i, part := range parts { - if part == "" { - continue - } - keyPart := part - valuePart := "" - if idx := strings.Index(part, "="); idx >= 0 { - keyPart = part[:idx] - valuePart = part[idx+1:] - } - decodedKey, err := url.QueryUnescape(keyPart) - if err != nil { - decodedKey = keyPart - } - if !shouldMaskQueryParam(decodedKey) { - continue - } - decodedValue, err := url.QueryUnescape(valuePart) - if err != nil { - decodedValue = valuePart - } - masked := HideAPIKey(strings.TrimSpace(decodedValue)) - parts[i] = keyPart + "=" + url.QueryEscape(masked) - changed = true - } - if !changed { - return raw - } - return strings.Join(parts, "&") -} - -func shouldMaskQueryParam(key string) bool { - key = strings.ToLower(strings.TrimSpace(key)) - if key == "" { - return false - } - key = strings.TrimSuffix(key, "[]") - if key == "key" || strings.Contains(key, "api-key") || strings.Contains(key, "apikey") || strings.Contains(key, "api_key") { - return true - } - if strings.Contains(key, "token") || strings.Contains(key, "secret") { - return true - } - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/provider_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/provider_test.go deleted file mode 100644 index 5ba8f58939..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/provider_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package util - -import ( - "reflect" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" -) - -func TestResolveProviderPinnedModel(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-pinned-openai", "openai", []*registry.ModelInfo{{ID: "gpt-5.1"}}) - reg.RegisterClient("test-pinned-copilot", "github-copilot", []*registry.ModelInfo{{ID: "gpt-5.1"}}) - t.Cleanup(func() { - reg.UnregisterClient("test-pinned-openai") - reg.UnregisterClient("test-pinned-copilot") - }) - - provider, model, ok := ResolveProviderPinnedModel("github-copilot/gpt-5.1") - if !ok { - t.Fatal("expected github-copilot/gpt-5.1 to resolve as provider-pinned model") - } - if provider != "github-copilot" || model != "gpt-5.1" { - t.Fatalf("got provider=%q model=%q, want provider=%q model=%q", provider, model, "github-copilot", "gpt-5.1") - } - - if _, _, ok := ResolveProviderPinnedModel("unknown/gpt-5.1"); ok { - t.Fatal("expected unknown/gpt-5.1 not to resolve") - } -} - -func TestGetProviderName_ProviderPinnedModel(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-provider-openai", "openai", []*registry.ModelInfo{{ID: "gpt-5.2"}}) - reg.RegisterClient("test-provider-copilot", "github-copilot", []*registry.ModelInfo{{ID: "gpt-5.2"}}) - t.Cleanup(func() { - reg.UnregisterClient("test-provider-openai") - reg.UnregisterClient("test-provider-copilot") - }) - - got := GetProviderName("github-copilot/gpt-5.2") - want := []string{"github-copilot"} - if !reflect.DeepEqual(got, want) { - t.Fatalf("GetProviderName() = %v, want %v", got, want) - } -} - -func TestIsOpenAICompatibilityAlias_MatchesAliasAndNameCaseInsensitive(t *testing.T) { - cfg := &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "compat-a", - Models: []config.OpenAICompatibilityModel{ - {Name: "gpt-5.2", Alias: "gpt-5.2-codex"}, - }, - }, - }, - } - - if !IsOpenAICompatibilityAlias("gpt-5.2-codex", cfg) { - t.Fatal("expected alias lookup to return true") - } - if !IsOpenAICompatibilityAlias("GPT-5.2", cfg) { - t.Fatal("expected name lookup to return true") - } - if IsOpenAICompatibilityAlias("gpt-4.1", cfg) { - t.Fatal("unexpected alias hit for unknown model") - } -} - -func TestGetOpenAICompatibilityConfig_MatchesAliasAndName(t *testing.T) { - cfg := &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "compat-a", - Models: []config.OpenAICompatibilityModel{ - {Name: "gpt-5.2", Alias: "gpt-5.2-codex"}, - }, - }, - }, - } - - compat, model := GetOpenAICompatibilityConfig("gpt-5.2-codex", cfg) - if compat == nil || model == nil { - t.Fatal("expected alias lookup to resolve compat config") - } - - compatByName, modelByName := GetOpenAICompatibilityConfig("GPT-5.2", cfg) - if compatByName == nil || modelByName == nil { - t.Fatal("expected name lookup to resolve compat config") - } - if modelByName.Alias != "gpt-5.2-codex" { - t.Fatalf("resolved model alias = %q, want gpt-5.2-codex", modelByName.Alias) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/proxy.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/proxy.go deleted file mode 100644 index e990820da9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/proxy.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for proxy configuration, HTTP client setup, -// log level management, and other common operations used across the application. -package util - -import ( - "context" - "net" - "net/http" - "net/url" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// SetProxy configures the provided HTTP client with proxy settings from the configuration. -// It supports SOCKS5, HTTP, and HTTPS proxies. The function modifies the client's transport -// to route requests through the configured proxy server. -func SetProxy(cfg *config.SDKConfig, httpClient *http.Client) *http.Client { - var transport *http.Transport - // Attempt to parse the proxy URL from the configuration. - proxyURL, errParse := url.Parse(cfg.ProxyURL) - if errParse == nil { - // Handle different proxy schemes. - switch proxyURL.Scheme { - case "socks5": - // Configure SOCKS5 proxy with optional authentication. - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return httpClient - } - // Set up a custom transport using the SOCKS5 dialer. - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - case "http", "https": - // Configure HTTP or HTTPS proxy. - transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - } - // If a new transport was created, apply it to the HTTP client. - if transport != nil { - httpClient.Transport = transport - } - return httpClient -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/sanitize_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/sanitize_test.go deleted file mode 100644 index 477ff1c457..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/sanitize_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package util - -import ( - "testing" -) - -func TestSanitizeFunctionName(t *testing.T) { - tests := []struct { - name string - input string - expected string - }{ - {"Normal", "valid_name", "valid_name"}, - {"With Dots", "name.with.dots", "name.with.dots"}, - {"With Colons", "name:with:colons", "name:with:colons"}, - {"With Dashes", "name-with-dashes", "name-with-dashes"}, - {"Mixed Allowed", "name.with_dots:colons-dashes", "name.with_dots:colons-dashes"}, - {"Invalid Characters", "name!with@invalid#chars", "name_with_invalid_chars"}, - {"Spaces", "name with spaces", "name_with_spaces"}, - {"Non-ASCII", "name_with_你好_chars", "name_with____chars"}, - {"Starts with digit", "123name", "_123name"}, - {"Starts with dot", ".name", "_.name"}, - {"Starts with colon", ":name", "_:name"}, - {"Starts with dash", "-name", "_-name"}, - {"Starts with invalid char", "!name", "_name"}, - {"Exactly 64 chars", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact"}, - {"Too long (65 chars)", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charactX", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact"}, - {"Very long", "this_is_a_very_long_name_that_exceeds_the_sixty_four_character_limit_for_function_names", "this_is_a_very_long_name_that_exceeds_the_sixty_four_character_l"}, - {"Starts with digit (64 chars total)", "1234567890123456789012345678901234567890123456789012345678901234", "_123456789012345678901234567890123456789012345678901234567890123"}, - {"Starts with invalid char (64 chars total)", "!234567890123456789012345678901234567890123456789012345678901234", "_234567890123456789012345678901234567890123456789012345678901234"}, - {"Empty", "", ""}, - {"Single character invalid", "@", "_"}, - {"Single character valid", "a", "a"}, - {"Single character digit", "1", "_1"}, - {"Single character underscore", "_", "_"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := SanitizeFunctionName(tt.input) - if got != tt.expected { - t.Errorf("SanitizeFunctionName(%q) = %v, want %v", tt.input, got, tt.expected) - } - // Verify Gemini compliance - if len(got) > 64 { - t.Errorf("SanitizeFunctionName(%q) result too long: %d", tt.input, len(got)) - } - if len(got) > 0 { - first := got[0] - if (first < 'a' || first > 'z') && (first < 'A' || first > 'Z') && first != '_' { - t.Errorf("SanitizeFunctionName(%q) result starts with invalid char: %c", tt.input, first) - } - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/ssh_helper.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/ssh_helper.go deleted file mode 100644 index 2f81fcb365..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/ssh_helper.go +++ /dev/null @@ -1,135 +0,0 @@ -// Package util provides helper functions for SSH tunnel instructions and network-related tasks. -// This includes detecting the appropriate IP address and printing commands -// to help users connect to the local server from a remote machine. -package util - -import ( - "context" - "fmt" - "io" - "net" - "net/http" - "strings" - "time" - - log "github.com/sirupsen/logrus" -) - -var ipServices = []string{ - "https://api.ipify.org", - "https://ifconfig.me/ip", - "https://icanhazip.com", - "https://ipinfo.io/ip", -} - -// getPublicIP attempts to retrieve the public IP address from a list of external services. -// It iterates through the ipServices and returns the first successful response. -// -// Returns: -// - string: The public IP address as a string -// - error: An error if all services fail, nil otherwise -func getPublicIP() (string, error) { - for _, service := range ipServices { - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - req, err := http.NewRequestWithContext(ctx, "GET", service, nil) - if err != nil { - log.Debugf("Failed to create request to %s: %v", service, err) - continue - } - - resp, err := http.DefaultClient.Do(req) - if err != nil { - log.Debugf("Failed to get public IP from %s: %v", service, err) - continue - } - defer func() { - if closeErr := resp.Body.Close(); closeErr != nil { - log.Warnf("Failed to close response body from %s: %v", service, closeErr) - } - }() - - if resp.StatusCode != http.StatusOK { - log.Debugf("bad status code from %s: %d", service, resp.StatusCode) - continue - } - - ip, err := io.ReadAll(resp.Body) - if err != nil { - log.Debugf("Failed to read response body from %s: %v", service, err) - continue - } - return strings.TrimSpace(string(ip)), nil - } - return "", fmt.Errorf("all IP services failed") -} - -// getOutboundIP retrieves the preferred outbound IP address of this machine. -// It uses a UDP connection to a public DNS server to determine the local IP -// address that would be used for outbound traffic. -// -// Returns: -// - string: The outbound IP address as a string -// - error: An error if the IP address cannot be determined, nil otherwise -func getOutboundIP() (string, error) { - conn, err := net.Dial("udp", "8.8.8.8:80") - if err != nil { - return "", err - } - defer func() { - if closeErr := conn.Close(); closeErr != nil { - log.Warnf("Failed to close UDP connection: %v", closeErr) - } - }() - - localAddr, ok := conn.LocalAddr().(*net.UDPAddr) - if !ok { - return "", fmt.Errorf("could not assert UDP address type") - } - - return localAddr.IP.String(), nil -} - -// GetIPAddress attempts to find the best-available IP address. -// It first tries to get the public IP address, and if that fails, -// it falls back to getting the local outbound IP address. -// -// Returns: -// - string: The determined IP address (preferring public IPv4) -func GetIPAddress() string { - publicIP, err := getPublicIP() - if err == nil { - log.Debugf("Public IP detected: %s", publicIP) - return publicIP - } - log.Warnf("Failed to get public IP, falling back to outbound IP: %v", err) - outboundIP, err := getOutboundIP() - if err == nil { - log.Debugf("Outbound IP detected: %s", outboundIP) - return outboundIP - } - log.Errorf("Failed to get any IP address: %v", err) - return "127.0.0.1" // Fallback -} - -// PrintSSHTunnelInstructions detects the IP address and prints SSH tunnel instructions -// for the user to connect to the local OAuth callback server from a remote machine. -// -// Parameters: -// - port: The local port number for the SSH tunnel -func PrintSSHTunnelInstructions(port int) { - ipAddress := GetIPAddress() - border := "================================================================================" - fmt.Println("To authenticate from a remote machine, an SSH tunnel may be required.") - fmt.Println(border) - fmt.Println(" Run one of the following commands on your local machine (NOT the server):") - fmt.Println() - fmt.Printf(" # Standard SSH command (assumes SSH port 22):\n") - fmt.Printf(" ssh -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress) - fmt.Println() - fmt.Printf(" # If using an SSH key (assumes SSH port 22):\n") - fmt.Printf(" ssh -i -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress) - fmt.Println() - fmt.Println(" NOTE: If your server's SSH port is not 22, please modify the '-p 22' part accordingly.") - fmt.Println(border) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/translator.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/translator.go deleted file mode 100644 index 621f7a65e9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/translator.go +++ /dev/null @@ -1,276 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for JSON manipulation, proxy configuration, -// and other common operations used across the application. -package util - -import ( - "bytes" - "fmt" - "sort" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Walk recursively traverses a JSON structure to find all occurrences of a specific field. -// It builds paths to each occurrence and adds them to the provided paths slice. -// -// Parameters: -// - value: The gjson.Result object to traverse -// - path: The current path in the JSON structure (empty string for root) -// - field: The field name to search for -// - paths: Pointer to a slice where found paths will be stored -// -// The function works recursively, building dot-notation paths to each occurrence -// of the specified field throughout the JSON structure. -func Walk(value gjson.Result, path, field string, paths *[]string) { - switch value.Type { - case gjson.JSON: - // For JSON objects and arrays, iterate through each child - value.ForEach(func(key, val gjson.Result) bool { - var childPath string - // Escape special characters for gjson/sjson path syntax - // . -> \. - // * -> \* - // ? -> \? - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - - if path == "" { - childPath = safeKey - } else { - childPath = path + "." + safeKey - } - if keyStr == field { - *paths = append(*paths, childPath) - } - Walk(val, childPath, field, paths) - return true - }) - case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null: - // Terminal types - no further traversal needed - } -} - -// RenameKey renames a key in a JSON string by moving its value to a new key path -// and then deleting the old key path. -// -// Parameters: -// - jsonStr: The JSON string to modify -// - oldKeyPath: The dot-notation path to the key that should be renamed -// - newKeyPath: The dot-notation path where the value should be moved to -// -// Returns: -// - string: The modified JSON string with the key renamed -// - error: An error if the operation fails -// -// The function performs the rename in two steps: -// 1. Sets the value at the new key path -// 2. Deletes the old key path -func RenameKey(jsonStr, oldKeyPath, newKeyPath string) (string, error) { - value := gjson.Get(jsonStr, oldKeyPath) - - if !value.Exists() { - return "", fmt.Errorf("old key '%s' does not exist", oldKeyPath) - } - - interimJson, err := sjson.SetRaw(jsonStr, newKeyPath, value.Raw) - if err != nil { - return "", fmt.Errorf("failed to set new key '%s': %w", newKeyPath, err) - } - - finalJson, err := sjson.Delete(interimJson, oldKeyPath) - if err != nil { - return "", fmt.Errorf("failed to delete old key '%s': %w", oldKeyPath, err) - } - - return finalJson, nil -} - -// FixJSON converts non-standard JSON that uses single quotes for strings into -// RFC 8259-compliant JSON by converting those single-quoted strings to -// double-quoted strings with proper escaping. -// -// Examples: -// -// {'a': 1, 'b': '2'} => {"a": 1, "b": "2"} -// {"t": 'He said "hi"'} => {"t": "He said \"hi\""} -// -// Rules: -// - Existing double-quoted JSON strings are preserved as-is. -// - Single-quoted strings are converted to double-quoted strings. -// - Inside converted strings, any double quote is escaped (\"). -// - Common backslash escapes (\n, \r, \t, \b, \f, \\) are preserved. -// - \' inside single-quoted strings becomes a literal ' in the output (no -// escaping needed inside double quotes). -// - Unicode escapes (\uXXXX) inside single-quoted strings are forwarded. -// - The function does not attempt to fix other non-JSON features beyond quotes. -func FixJSON(input string) string { - var out bytes.Buffer - - inDouble := false - inSingle := false - escaped := false // applies within the current string state - - // Helper to write a rune, escaping double quotes when inside a converted - // single-quoted string (which becomes a double-quoted string in output). - writeConverted := func(r rune) { - if r == '"' { - out.WriteByte('\\') - out.WriteByte('"') - return - } - out.WriteRune(r) - } - - runes := []rune(input) - for i := 0; i < len(runes); i++ { - r := runes[i] - - if inDouble { - out.WriteRune(r) - if escaped { - // end of escape sequence in a standard JSON string - escaped = false - continue - } - if r == '\\' { - escaped = true - continue - } - if r == '"' { - inDouble = false - } - continue - } - - if inSingle { - if escaped { - // Handle common escape sequences after a backslash within a - // single-quoted string - escaped = false - switch r { - case 'n', 'r', 't', 'b', 'f', '/', '"': - // Keep the backslash and the character (except for '"' which - // rarely appears, but if it does, keep as \" to remain valid) - out.WriteByte('\\') - out.WriteRune(r) - case '\\': - out.WriteByte('\\') - out.WriteByte('\\') - case '\'': - // \' inside single-quoted becomes a literal ' - out.WriteRune('\'') - case 'u': - // Forward \uXXXX if possible - out.WriteByte('\\') - out.WriteByte('u') - // Copy up to next 4 hex digits if present - for k := 0; k < 4 && i+1 < len(runes); k++ { - peek := runes[i+1] - // simple hex check - if (peek >= '0' && peek <= '9') || (peek >= 'a' && peek <= 'f') || (peek >= 'A' && peek <= 'F') { - out.WriteRune(peek) - i++ - } else { - break - } - } - default: - // Unknown escape: preserve the backslash and the char - out.WriteByte('\\') - out.WriteRune(r) - } - continue - } - - if r == '\\' { // start escape sequence - escaped = true - continue - } - if r == '\'' { // end of single-quoted string - out.WriteByte('"') - inSingle = false - continue - } - // regular char inside converted string; escape double quotes - writeConverted(r) - continue - } - - // Outside any string - if r == '"' { - inDouble = true - out.WriteRune(r) - continue - } - if r == '\'' { // start of non-standard single-quoted string - inSingle = true - out.WriteByte('"') - continue - } - out.WriteRune(r) - } - - // If input ended while still inside a single-quoted string, close it to - // produce the best-effort valid JSON. - if inSingle { - out.WriteByte('"') - } - - return out.String() -} - -// DeleteKeysByName removes all keys matching the provided names from any depth in the JSON document. -// -// Parameters: -// - jsonStr: source JSON string -// - keys: key names to remove, e.g. "$ref", "$defs" -// -// Returns: -// - string: JSON with matching keys removed -func DeleteKeysByName(jsonStr string, keys ...string) string { - if strings.TrimSpace(jsonStr) == "" || len(keys) == 0 { - return jsonStr - } - - filtered := make(map[string]struct{}, len(keys)) - for _, key := range keys { - filtered[key] = struct{}{} - } - - paths := make([]string, 0) - for key := range filtered { - utilPaths := make([]string, 0) - Walk(gjson.Parse(jsonStr), "", key, &utilPaths) - paths = append(paths, utilPaths...) - } - - seen := make(map[string]struct{}, len(paths)) - unique := make([]string, 0, len(paths)) - for _, path := range paths { - if _, ok := seen[path]; ok { - continue - } - seen[path] = struct{}{} - unique = append(unique, path) - } - - sortByPathDepthDesc(unique) - for _, path := range unique { - jsonStr, _ = sjson.Delete(jsonStr, path) - } - return jsonStr -} - -func sortByPathDepthDesc(paths []string) { - sort.Slice(paths, func(i, j int) bool { - depthI := strings.Count(paths[i], ".") - depthJ := strings.Count(paths[j], ".") - if depthI != depthJ { - return depthI > depthJ - } - return len(paths[i]) > len(paths[j]) - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/translator_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/translator_test.go deleted file mode 100644 index 44aa551feb..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/translator_test.go +++ /dev/null @@ -1,149 +0,0 @@ -package util - -import ( - "encoding/json" - "testing" -) - -func TestDeleteKeysByName_RemovesRefAndDefsRecursively(t *testing.T) { - input := `{ - "root": { - "$defs": { - "Address": {"type": "object", "properties": {"city": {"type": "string"}} - }, - "tool": { - "$ref": "#/definitions/Address", - "properties": { - "address": { - "$ref": "#/$defs/Address", - "$defs": {"Nested": {"type": "string"}} - } - } - } - }, - "items": [ - {"name": "leaf", "$defs": {"x": 1}}, - {"name": "leaf2", "kind": {"$ref": "#/tool"}} - ] - } - } - ` - - got := DeleteKeysByName(input, "$ref", "$defs") - - var payload map[string]any - if err := json.Unmarshal([]byte(got), &payload); err != nil { - t.Fatalf("DeleteKeysByName returned invalid json: %v", err) - } - - r, ok := payload["root"].(map[string]any) - if !ok { - t.Fatal("root missing or invalid") - } - - if _, ok := r["$defs"]; ok { - t.Fatalf("root $defs should be removed") - } - - items, ok := r["items"].([]any) - if !ok { - t.Fatal("items missing or invalid") - } - for i, item := range items { - obj, ok := item.(map[string]any) - if !ok { - t.Fatalf("items[%d] invalid type", i) - } - if _, ok := obj["$defs"]; ok { - t.Fatalf("items[%d].$defs should be removed", i) - } - } -} - -func TestDeleteKeysByName_IgnoresMissingKeys(t *testing.T) { - input := `{"model":"claude-opus","tools":[{"name":"ok"}]}` - if got := DeleteKeysByName(input, "$ref", "$defs"); got != input { - t.Fatalf("DeleteKeysByName should keep payload unchanged when no keys match: got %s", got) - } -} - -func TestDeleteKeysByName_RemovesMultipleKeyNames(t *testing.T) { - input := `{ - "node": { - "one": {"target":1}, - "two": {"target":2} - }, - "target": {"value": 99} - }` - - got := DeleteKeysByName(input, "one", "target", "missing") - - var payload map[string]any - if err := json.Unmarshal([]byte(got), &payload); err != nil { - t.Fatalf("DeleteKeysByName returned invalid json: %v", err) - } - - node, ok := payload["node"].(map[string]any) - if !ok { - t.Fatal("node missing or invalid") - } - if _, ok := node["one"]; ok { - t.Fatalf("node.one should be removed") - } - if _, ok := node["two"]; !ok { - t.Fatalf("node.two should remain") - } - if _, ok := payload["target"]; ok { - t.Fatalf("top-level target should be removed") - } -} - -func TestDeleteKeysByName_UsesStableDeletionPathSorting(t *testing.T) { - input := `{ - "tool": { - "parameters": { - "$defs": { - "nested": {"$ref": "#/tool/parameters/$defs/nested"} - }, - "properties": { - "value": {"type": "string", "$ref": "#/tool/parameters/$defs/nested"} - } - } - } - }` - - got := DeleteKeysByName(input, "$defs", "$ref") - - var payload map[string]any - if err := json.Unmarshal([]byte(got), &payload); err != nil { - t.Fatalf("DeleteKeysByName returned invalid json: %v", err) - } - - tool, ok := payload["tool"].(map[string]any) - if !ok { - t.Fatal("tool missing or invalid") - } - - parameters, ok := tool["parameters"].(map[string]any) - if !ok { - t.Fatal("parameters missing or invalid") - } - if _, ok := parameters["$defs"]; ok { - t.Fatalf("parameters.$defs should be removed") - } - - properties, ok := parameters["properties"].(map[string]any) - if !ok { - t.Fatal("properties missing or invalid") - } - value, ok := properties["value"].(map[string]any) - if !ok { - t.Fatal("value missing or invalid") - } - if _, ok := value["$ref"]; ok { - t.Fatalf("nested $ref should be removed") - } - if _, ok := value["type"]; !ok { - t.Fatalf("value.type should remain") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/util.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/util.go deleted file mode 100644 index 52d17c8a87..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/util.go +++ /dev/null @@ -1,139 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for logging configuration, file system operations, -// and other common utilities used throughout the application. -package util - -import ( - "context" - "fmt" - "os" - "path/filepath" - "regexp" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - log "github.com/sirupsen/logrus" -) - -var functionNameSanitizer = regexp.MustCompile(`[^a-zA-Z0-9_.:-]`) - -const DefaultAuthDir = "~/.cli-proxy-api" - -// SanitizeFunctionName ensures a function name matches the requirements for Gemini/Vertex AI. -// It replaces invalid characters with underscores, ensures it starts with a letter or underscore, -// and truncates it to 64 characters if necessary. -// Regex Rule: [^a-zA-Z0-9_.:-] replaced with _. -func SanitizeFunctionName(name string) string { - if name == "" { - return "" - } - - // Replace invalid characters with underscore - sanitized := functionNameSanitizer.ReplaceAllString(name, "_") - - // Ensure it starts with a letter or underscore - // Re-reading requirements: Must start with a letter or an underscore. - if len(sanitized) > 0 { - first := sanitized[0] - if (first < 'a' || first > 'z') && (first < 'A' || first > 'Z') && first != '_' { - // If it starts with an allowed character but not allowed at the beginning (digit, dot, colon, dash), - // we must prepend an underscore. - - // To stay within the 64-character limit while prepending, we must truncate first. - if len(sanitized) >= 64 { - sanitized = sanitized[:63] - } - sanitized = "_" + sanitized - } - } else { - sanitized = "_" - } - - // Truncate to 64 characters - if len(sanitized) > 64 { - sanitized = sanitized[:64] - } - return sanitized -} - -// SetLogLevel configures the logrus log level based on the configuration. -// It sets the log level to DebugLevel if debug mode is enabled, otherwise to InfoLevel. -func SetLogLevel(cfg *config.Config) { - currentLevel := log.GetLevel() - var newLevel log.Level - if cfg.Debug { - newLevel = log.DebugLevel - } else { - newLevel = log.InfoLevel - } - - if currentLevel != newLevel { - log.SetLevel(newLevel) - log.Infof("log level changed from %s to %s (debug=%t)", currentLevel, newLevel, cfg.Debug) - } -} - -// ResolveAuthDir normalizes the auth directory path for consistent reuse throughout the app. -// It expands a leading tilde (~) to the user's home directory and returns a cleaned path. -func ResolveAuthDir(authDir string) (string, error) { - if authDir == "" { - return "", nil - } - if strings.HasPrefix(authDir, "~") { - home, err := os.UserHomeDir() - if err != nil { - return "", fmt.Errorf("resolve auth dir: %w", err) - } - remainder := strings.TrimPrefix(authDir, "~") - remainder = strings.TrimLeft(remainder, "/\\") - if remainder == "" { - return filepath.Clean(home), nil - } - normalized := strings.ReplaceAll(remainder, "\\", "/") - return filepath.Clean(filepath.Join(home, filepath.FromSlash(normalized))), nil - } - return filepath.Clean(authDir), nil -} - -// ResolveAuthDirOrDefault resolves the configured auth directory, falling back -// to the project default when empty. -func ResolveAuthDirOrDefault(authDir string) (string, error) { - trimmed := strings.TrimSpace(authDir) - if trimmed == "" { - trimmed = DefaultAuthDir - } - return ResolveAuthDir(trimmed) -} - -// CountAuthFiles returns the number of auth records available through the provided Store. -// For filesystem-backed stores, this reflects the number of JSON auth files under the configured directory. -func CountAuthFiles[T any](ctx context.Context, store interface { - List(context.Context) ([]T, error) -}) int { - if store == nil { - return 0 - } - if ctx == nil { - ctx = context.Background() - } - entries, err := store.List(ctx) - if err != nil { - log.Debugf("countAuthFiles: failed to list auth records: %v", err) - return 0 - } - return len(entries) -} - -// WritablePath returns the cleaned WRITABLE_PATH environment variable when it is set. -// It accepts both uppercase and lowercase variants for compatibility with existing conventions. -func WritablePath() string { - for _, key := range []string{"WRITABLE_PATH", "writable_path"} { - if value, ok := os.LookupEnv(key); ok { - trimmed := strings.TrimSpace(value) - if trimmed != "" { - return filepath.Clean(trimmed) - } - } - } - return "" -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/util_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/util/util_test.go deleted file mode 100644 index 0beac317d2..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/util/util_test.go +++ /dev/null @@ -1,81 +0,0 @@ -package util - -import ( - "context" - "os" - "path/filepath" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestSetLogLevel(t *testing.T) { - cfg := &config.Config{Debug: true} - SetLogLevel(cfg) - // No easy way to assert without global state check, but ensures no panic - - cfg.Debug = false - SetLogLevel(cfg) -} - -func TestResolveAuthDirOrDefault(t *testing.T) { - home, _ := os.UserHomeDir() - - cases := []struct { - authDir string - want string - }{ - {"", filepath.Join(home, ".cli-proxy-api")}, - {"~", home}, - {"~/.cli-proxy-api", filepath.Join(home, ".cli-proxy-api")}, - } - - for _, tc := range cases { - got, err := ResolveAuthDirOrDefault(tc.authDir) - if err != nil { - t.Errorf("ResolveAuthDirOrDefault(%q) error: %v", tc.authDir, err) - continue - } - if got != tc.want { - t.Errorf("ResolveAuthDirOrDefault(%q) = %q, want %q", tc.authDir, got, tc.want) - } - } -} - -func TestResolveAuthDir(t *testing.T) { - home, _ := os.UserHomeDir() - cases := []struct { - dir string - want string - }{ - {"", ""}, - {"/abs/path", "/abs/path"}, - {"~", home}, - {"~/test", filepath.Join(home, "test")}, - } - for _, tc := range cases { - got, err := ResolveAuthDir(tc.dir) - if err != nil { - t.Errorf("ResolveAuthDir(%q) error: %v", tc.dir, err) - continue - } - if got != tc.want { - t.Errorf("ResolveAuthDir(%q) = %q, want %q", tc.dir, got, tc.want) - } - } -} - -type mockStore struct { - items []int -} - -func (m *mockStore) List(ctx context.Context) ([]int, error) { - return m.items, nil -} - -func TestCountAuthFiles(t *testing.T) { - store := &mockStore{items: []int{1, 2, 3}} - if got := CountAuthFiles(context.Background(), store); got != 3 { - t.Errorf("CountAuthFiles() = %d, want 3", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/clients.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/clients.go deleted file mode 100644 index 4e1d17c773..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/clients.go +++ /dev/null @@ -1,303 +0,0 @@ -// clients.go implements watcher client lifecycle logic and persistence helpers. -// It reloads clients, handles incremental auth file changes, and persists updates when supported. -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -func (w *Watcher) reloadClients(rescanAuth bool, affectedOAuthProviders []string, forceAuthRefresh bool) { - log.Debugf("starting full client load process") - - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - - if cfg == nil { - log.Error("config is nil, cannot reload clients") - return - } - - if len(affectedOAuthProviders) > 0 { - w.clientsMutex.Lock() - if w.currentAuths != nil { - filtered := make(map[string]*coreauth.Auth, len(w.currentAuths)) - for id, auth := range w.currentAuths { - if auth == nil { - continue - } - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if _, match := matchProvider(provider, affectedOAuthProviders); match { - continue - } - filtered[id] = auth - } - w.currentAuths = filtered - log.Debugf("applying oauth-excluded-models to providers %v", affectedOAuthProviders) - } else { - w.currentAuths = nil - } - w.clientsMutex.Unlock() - } - - geminiAPIKeyCount, vertexCompatAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount := BuildAPIKeyClients(cfg) - staticCredentialClientCount := summarizeStaticCredentialClients( - geminiAPIKeyCount, - vertexCompatAPIKeyCount, - claudeAPIKeyCount, - codexAPIKeyCount, - openAICompatCount, - ) - log.Debugf("loaded %d static credential clients", staticCredentialClientCount) - - var authFileCount int - if rescanAuth { - authFileCount = w.loadFileClients(cfg) - log.Debugf("loaded %d file-based clients", authFileCount) - } else { - w.clientsMutex.RLock() - authFileCount = len(w.lastAuthHashes) - w.clientsMutex.RUnlock() - log.Debugf("skipping auth directory rescan; retaining %d existing auth files", authFileCount) - } - - if rescanAuth { - w.clientsMutex.Lock() - - w.lastAuthHashes = make(map[string]string) - w.lastAuthContents = make(map[string]*coreauth.Auth) - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory for hash cache: %v", errResolveAuthDir) - } else if resolvedAuthDir != "" { - _ = filepath.Walk(resolvedAuthDir, func(path string, info fs.FileInfo, err error) error { - if err != nil { - return nil - } - if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - if data, errReadFile := os.ReadFile(path); errReadFile == nil && len(data) > 0 { - sum := sha256.Sum256(data) - normalizedPath := w.normalizeAuthPath(path) - w.lastAuthHashes[normalizedPath] = hex.EncodeToString(sum[:]) - // Parse and cache auth content for future diff comparisons - var auth coreauth.Auth - if errParse := json.Unmarshal(data, &auth); errParse == nil { - w.lastAuthContents[normalizedPath] = &auth - } - } - } - return nil - }) - } - w.clientsMutex.Unlock() - } - - totalNewClients := authFileCount + staticCredentialClientCount - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback before auth refresh") - w.reloadCallback(cfg) - } - - w.refreshAuthState(forceAuthRefresh) - - log.Infof("%s", clientReloadSummary(totalNewClients, authFileCount, staticCredentialClientCount)) -} - -func (w *Watcher) addOrUpdateClient(path string) { - data, errRead := os.ReadFile(path) - if errRead != nil { - log.Errorf("failed to read auth file %s: %v", filepath.Base(path), errRead) - return - } - if len(data) == 0 { - log.Debugf("ignoring empty auth file: %s", filepath.Base(path)) - return - } - - sum := sha256.Sum256(data) - curHash := hex.EncodeToString(sum[:]) - normalized := w.normalizeAuthPath(path) - - // Parse new auth content for diff comparison - var newAuth coreauth.Auth - if errParse := json.Unmarshal(data, &newAuth); errParse != nil { - log.Errorf("failed to parse auth file %s: %v", filepath.Base(path), errParse) - return - } - - w.clientsMutex.Lock() - - cfg := w.config - if cfg == nil { - log.Error("config is nil, cannot add or update client") - w.clientsMutex.Unlock() - return - } - if prev, ok := w.lastAuthHashes[normalized]; ok && prev == curHash { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(path)) - w.clientsMutex.Unlock() - return - } - - // Get old auth for diff comparison - var oldAuth *coreauth.Auth - if w.lastAuthContents != nil { - oldAuth = w.lastAuthContents[normalized] - } - - // Compute and log field changes - if changes := diff.BuildAuthChangeDetails(oldAuth, &newAuth); len(changes) > 0 { - log.Debugf("auth field changes for %s:", filepath.Base(path)) - for _, c := range changes { - log.Debugf(" %s", c) - } - } - - // Update caches - w.lastAuthHashes[normalized] = curHash - if w.lastAuthContents == nil { - w.lastAuthContents = make(map[string]*coreauth.Auth) - } - w.lastAuthContents[normalized] = &newAuth - - w.clientsMutex.Unlock() // Unlock before the callback - - w.refreshAuthState(false) - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback after add/update") - w.reloadCallback(cfg) - } - w.persistAuthAsync(fmt.Sprintf("Sync auth %s", filepath.Base(path)), path) -} - -func (w *Watcher) removeClient(path string) { - normalized := w.normalizeAuthPath(path) - w.clientsMutex.Lock() - - cfg := w.config - delete(w.lastAuthHashes, normalized) - delete(w.lastAuthContents, normalized) - - w.clientsMutex.Unlock() // Release the lock before the callback - - w.refreshAuthState(false) - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback after removal") - w.reloadCallback(cfg) - } - w.persistAuthAsync(fmt.Sprintf("Remove auth %s", filepath.Base(path)), path) -} - -func (w *Watcher) loadFileClients(cfg *config.Config) int { - authFileCount := 0 - successfulAuthCount := 0 - - authDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir) - if errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory: %v", errResolveAuthDir) - return 0 - } - if authDir == "" { - return 0 - } - - errWalk := filepath.Walk(authDir, func(path string, info fs.FileInfo, err error) error { - if err != nil { - log.Debugf("error accessing path %s: %v", filepath.Base(path), err) - return err - } - if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - authFileCount++ - log.Debugf("processing auth file %d: %s", authFileCount, filepath.Base(path)) - if data, errCreate := os.ReadFile(path); errCreate == nil && len(data) > 0 { - successfulAuthCount++ - } - } - return nil - }) - - if errWalk != nil { - log.Errorf("error walking auth directory: %v", errWalk) - } - log.Debugf("auth directory scan complete - found %d .json files, %d readable", authFileCount, successfulAuthCount) - return authFileCount -} - -func BuildAPIKeyClients(cfg *config.Config) (int, int, int, int, int) { - geminiAPIKeyCount := 0 - vertexCompatAPIKeyCount := 0 - claudeAPIKeyCount := 0 - codexAPIKeyCount := 0 - openAICompatCount := 0 - - if len(cfg.GeminiKey) > 0 { - geminiAPIKeyCount += len(cfg.GeminiKey) - } - if len(cfg.VertexCompatAPIKey) > 0 { - vertexCompatAPIKeyCount += len(cfg.VertexCompatAPIKey) - } - if len(cfg.ClaudeKey) > 0 { - claudeAPIKeyCount += len(cfg.ClaudeKey) - } - if len(cfg.CodexKey) > 0 { - codexAPIKeyCount += len(cfg.CodexKey) - } - if len(cfg.OpenAICompatibility) > 0 { - for _, compatConfig := range cfg.OpenAICompatibility { - openAICompatCount += len(compatConfig.APIKeyEntries) - } - } - return geminiAPIKeyCount, vertexCompatAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount -} - -func (w *Watcher) persistConfigAsync() { - if w == nil || w.storePersister == nil { - return - } - go func() { - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - if err := w.storePersister.PersistConfig(ctx); err != nil { - log.Errorf("failed to persist config change: %v", err) - } - }() -} - -func (w *Watcher) persistAuthAsync(message string, paths ...string) { - if w == nil || w.storePersister == nil { - return - } - filtered := make([]string, 0, len(paths)) - for _, p := range paths { - if trimmed := strings.TrimSpace(p); trimmed != "" { - filtered = append(filtered, trimmed) - } - } - if len(filtered) == 0 { - return - } - go func() { - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - if err := w.storePersister.PersistAuthFiles(ctx, message, filtered...); err != nil { - log.Errorf("failed to persist auth changes: %v", err) - } - }() -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/config_reload.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/config_reload.go deleted file mode 100644 index 940b235594..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/config_reload.go +++ /dev/null @@ -1,136 +0,0 @@ -// config_reload.go implements debounced configuration hot reload. -// It detects material changes and reloads clients when the config changes. -package watcher - -import ( - "crypto/sha256" - "encoding/hex" - "os" - "path/filepath" - "reflect" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" - "gopkg.in/yaml.v3" - - log "github.com/sirupsen/logrus" -) - -func (w *Watcher) stopConfigReloadTimer() { - w.configReloadMu.Lock() - if w.configReloadTimer != nil { - w.configReloadTimer.Stop() - w.configReloadTimer = nil - } - w.configReloadMu.Unlock() -} - -func (w *Watcher) scheduleConfigReload() { - w.configReloadMu.Lock() - defer w.configReloadMu.Unlock() - if w.configReloadTimer != nil { - w.configReloadTimer.Stop() - } - w.configReloadTimer = time.AfterFunc(configReloadDebounce, func() { - w.configReloadMu.Lock() - w.configReloadTimer = nil - w.configReloadMu.Unlock() - w.reloadConfigIfChanged() - }) -} - -func (w *Watcher) reloadConfigIfChanged() { - data, err := os.ReadFile(w.configPath) - if err != nil { - log.Errorf("failed to read config file for hash check: %v", err) - return - } - if len(data) == 0 { - log.Debugf("ignoring empty config file write event") - return - } - sum := sha256.Sum256(data) - newHash := hex.EncodeToString(sum[:]) - - w.clientsMutex.RLock() - currentHash := w.lastConfigHash - w.clientsMutex.RUnlock() - - if currentHash != "" && currentHash == newHash { - log.Debugf("config file content unchanged (hash match), skipping reload") - return - } - log.Infof("config file changed, reloading: %s", filepath.Base(w.configPath)) - if w.reloadConfig() { - finalHash := newHash - if updatedData, errRead := os.ReadFile(w.configPath); errRead == nil && len(updatedData) > 0 { - sumUpdated := sha256.Sum256(updatedData) - finalHash = hex.EncodeToString(sumUpdated[:]) - } else if errRead != nil { - log.WithError(errRead).Debug("failed to compute updated config hash after reload") - } - w.clientsMutex.Lock() - w.lastConfigHash = finalHash - w.clientsMutex.Unlock() - w.persistConfigAsync() - } -} - -func (w *Watcher) reloadConfig() bool { - log.Debug("=========================== CONFIG RELOAD ============================") - log.Debugf("starting config reload from: %s", filepath.Base(w.configPath)) - - newConfig, errLoadConfig := config.LoadConfig(w.configPath) - if errLoadConfig != nil { - log.Errorf("failed to reload config: %v", errLoadConfig) - return false - } - - if w.mirroredAuthDir != "" { - newConfig.AuthDir = w.mirroredAuthDir - } else { - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(newConfig.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory from config: %v", errResolveAuthDir) - } else { - newConfig.AuthDir = resolvedAuthDir - } - } - - w.clientsMutex.Lock() - var oldConfig *config.Config - _ = yaml.Unmarshal(w.oldConfigYaml, &oldConfig) - w.oldConfigYaml, _ = yaml.Marshal(newConfig) - w.config = newConfig - w.clientsMutex.Unlock() - - var affectedOAuthProviders []string - if oldConfig != nil { - _, affectedOAuthProviders = diff.DiffOAuthExcludedModelChanges(oldConfig.OAuthExcludedModels, newConfig.OAuthExcludedModels) - } - - util.SetLogLevel(newConfig) - if oldConfig != nil && oldConfig.Debug != newConfig.Debug { - log.Debugf("log level updated - debug mode changed from %t to %t", oldConfig.Debug, newConfig.Debug) - } - - if oldConfig != nil { - details := diff.BuildConfigChangeDetails(oldConfig, newConfig) - if len(details) > 0 { - log.Debugf("config changes detected: %d field group(s)", len(details)) - for _, line := range redactedConfigChangeLogLines(details) { - log.Debug(line) - } - } else { - log.Debugf("no material config field changes detected") - } - } - - authDirChanged := oldConfig == nil || oldConfig.AuthDir != newConfig.AuthDir - forceAuthRefresh := oldConfig != nil && (oldConfig.ForceModelPrefix != newConfig.ForceModelPrefix || !reflect.DeepEqual(oldConfig.OAuthModelAlias, newConfig.OAuthModelAlias)) - - log.Infof("config successfully reloaded, triggering client reload") - w.reloadClients(authDirChanged, affectedOAuthProviders, forceAuthRefresh) - return true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/auth_diff.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/auth_diff.go deleted file mode 100644 index 4b6e600852..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/auth_diff.go +++ /dev/null @@ -1,44 +0,0 @@ -// auth_diff.go computes human-readable diffs for auth file field changes. -package diff - -import ( - "fmt" - "strings" - - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// BuildAuthChangeDetails computes a redacted, human-readable list of auth field changes. -// Only prefix, proxy_url, and disabled fields are tracked; sensitive data is never printed. -func BuildAuthChangeDetails(oldAuth, newAuth *coreauth.Auth) []string { - changes := make([]string, 0, 3) - - // Handle nil cases by using empty Auth as default - if oldAuth == nil { - oldAuth = &coreauth.Auth{} - } - if newAuth == nil { - return changes - } - - // Compare prefix - oldPrefix := strings.TrimSpace(oldAuth.Prefix) - newPrefix := strings.TrimSpace(newAuth.Prefix) - if oldPrefix != newPrefix { - changes = append(changes, fmt.Sprintf("prefix: %s -> %s", oldPrefix, newPrefix)) - } - - // Compare proxy_url (redacted) - oldProxy := strings.TrimSpace(oldAuth.ProxyURL) - newProxy := strings.TrimSpace(newAuth.ProxyURL) - if oldProxy != newProxy { - changes = append(changes, fmt.Sprintf("proxy_url: %s -> %s", formatProxyURL(oldProxy), formatProxyURL(newProxy))) - } - - // Compare disabled - if oldAuth.Disabled != newAuth.Disabled { - changes = append(changes, fmt.Sprintf("disabled: %t -> %t", oldAuth.Disabled, newAuth.Disabled)) - } - - return changes -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/config_diff.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/config_diff.go deleted file mode 100644 index 5beeeebe1a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/config_diff.go +++ /dev/null @@ -1,419 +0,0 @@ -package diff - -import ( - "fmt" - "net/url" - "reflect" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// BuildConfigChangeDetails computes a redacted, human-readable list of config changes. -// Secrets are never printed; only structural or non-sensitive fields are surfaced. -func BuildConfigChangeDetails(oldCfg, newCfg *config.Config) []string { - changes := make([]string, 0, 16) - if oldCfg == nil || newCfg == nil { - return changes - } - - // Simple scalars - if oldCfg.Port != newCfg.Port { - changes = append(changes, fmt.Sprintf("port: %d -> %d", oldCfg.Port, newCfg.Port)) - } - if oldCfg.AuthDir != newCfg.AuthDir { - changes = append(changes, fmt.Sprintf("auth-dir: %s -> %s", oldCfg.AuthDir, newCfg.AuthDir)) - } - if oldCfg.Debug != newCfg.Debug { - changes = append(changes, fmt.Sprintf("debug: %t -> %t", oldCfg.Debug, newCfg.Debug)) - } - if oldCfg.Pprof.Enable != newCfg.Pprof.Enable { - changes = append(changes, fmt.Sprintf("pprof.enable: %t -> %t", oldCfg.Pprof.Enable, newCfg.Pprof.Enable)) - } - if strings.TrimSpace(oldCfg.Pprof.Addr) != strings.TrimSpace(newCfg.Pprof.Addr) { - changes = append(changes, fmt.Sprintf("pprof.addr: %s -> %s", strings.TrimSpace(oldCfg.Pprof.Addr), strings.TrimSpace(newCfg.Pprof.Addr))) - } - if oldCfg.LoggingToFile != newCfg.LoggingToFile { - changes = append(changes, fmt.Sprintf("logging-to-file: %t -> %t", oldCfg.LoggingToFile, newCfg.LoggingToFile)) - } - if oldCfg.UsageStatisticsEnabled != newCfg.UsageStatisticsEnabled { - changes = append(changes, fmt.Sprintf("usage-statistics-enabled: %t -> %t", oldCfg.UsageStatisticsEnabled, newCfg.UsageStatisticsEnabled)) - } - if oldCfg.DisableCooling != newCfg.DisableCooling { - changes = append(changes, fmt.Sprintf("disable-cooling: %t -> %t", oldCfg.DisableCooling, newCfg.DisableCooling)) - } - if oldCfg.RequestLog != newCfg.RequestLog { - changes = append(changes, fmt.Sprintf("request-log: %t -> %t", oldCfg.RequestLog, newCfg.RequestLog)) - } - if oldCfg.LogsMaxTotalSizeMB != newCfg.LogsMaxTotalSizeMB { - changes = append(changes, fmt.Sprintf("logs-max-total-size-mb: %d -> %d", oldCfg.LogsMaxTotalSizeMB, newCfg.LogsMaxTotalSizeMB)) - } - if oldCfg.ErrorLogsMaxFiles != newCfg.ErrorLogsMaxFiles { - changes = append(changes, fmt.Sprintf("error-logs-max-files: %d -> %d", oldCfg.ErrorLogsMaxFiles, newCfg.ErrorLogsMaxFiles)) - } - if oldCfg.RequestRetry != newCfg.RequestRetry { - changes = append(changes, fmt.Sprintf("request-retry: %d -> %d", oldCfg.RequestRetry, newCfg.RequestRetry)) - } - if oldCfg.MaxRetryInterval != newCfg.MaxRetryInterval { - changes = append(changes, fmt.Sprintf("max-retry-interval: %d -> %d", oldCfg.MaxRetryInterval, newCfg.MaxRetryInterval)) - } - if oldCfg.ProxyURL != newCfg.ProxyURL { - changes = append(changes, fmt.Sprintf("proxy-url: %s -> %s", formatProxyURL(oldCfg.ProxyURL), formatProxyURL(newCfg.ProxyURL))) - } - if oldCfg.WebsocketAuth != newCfg.WebsocketAuth { - changes = append(changes, fmt.Sprintf("ws-auth: %t -> %t", oldCfg.WebsocketAuth, newCfg.WebsocketAuth)) - } - if oldCfg.ForceModelPrefix != newCfg.ForceModelPrefix { - changes = append(changes, fmt.Sprintf("force-model-prefix: %t -> %t", oldCfg.ForceModelPrefix, newCfg.ForceModelPrefix)) - } - if oldCfg.NonStreamKeepAliveInterval != newCfg.NonStreamKeepAliveInterval { - changes = append(changes, fmt.Sprintf("nonstream-keepalive-interval: %d -> %d", oldCfg.NonStreamKeepAliveInterval, newCfg.NonStreamKeepAliveInterval)) - } - - // Quota-exceeded behavior - if oldCfg.QuotaExceeded.SwitchProject != newCfg.QuotaExceeded.SwitchProject { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-project: %t -> %t", oldCfg.QuotaExceeded.SwitchProject, newCfg.QuotaExceeded.SwitchProject)) - } - if oldCfg.QuotaExceeded.SwitchPreviewModel != newCfg.QuotaExceeded.SwitchPreviewModel { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-preview-model: %t -> %t", oldCfg.QuotaExceeded.SwitchPreviewModel, newCfg.QuotaExceeded.SwitchPreviewModel)) - } - - if oldCfg.Routing.Strategy != newCfg.Routing.Strategy { - changes = append(changes, fmt.Sprintf("routing.strategy: %s -> %s", oldCfg.Routing.Strategy, newCfg.Routing.Strategy)) - } - - // API keys (redacted) and counts - if len(oldCfg.APIKeys) != len(newCfg.APIKeys) { - changes = append(changes, fmt.Sprintf("api-keys count: %d -> %d", len(oldCfg.APIKeys), len(newCfg.APIKeys))) - } else if !reflect.DeepEqual(trimStrings(oldCfg.APIKeys), trimStrings(newCfg.APIKeys)) { - changes = append(changes, "api-keys: values updated (count unchanged, redacted)") - } - if len(oldCfg.GeminiKey) != len(newCfg.GeminiKey) { - changes = append(changes, fmt.Sprintf("gemini-api-key count: %d -> %d", len(oldCfg.GeminiKey), len(newCfg.GeminiKey))) - } else { - for i := range oldCfg.GeminiKey { - o := oldCfg.GeminiKey[i] - n := newCfg.GeminiKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("gemini[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("gemini[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("gemini[%d].headers: updated", i)) - } - oldModels := SummarizeGeminiModels(o.Models) - newModels := SummarizeGeminiModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // Claude keys (do not print key material) - if len(oldCfg.ClaudeKey) != len(newCfg.ClaudeKey) { - changes = append(changes, fmt.Sprintf("claude-api-key count: %d -> %d", len(oldCfg.ClaudeKey), len(newCfg.ClaudeKey))) - } else { - for i := range oldCfg.ClaudeKey { - o := oldCfg.ClaudeKey[i] - n := newCfg.ClaudeKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("claude[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("claude[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("claude[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("claude[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("claude[%d].headers: updated", i)) - } - oldModels := SummarizeClaudeModels(o.Models) - newModels := SummarizeClaudeModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("claude[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("claude[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - if o.Cloak != nil && n.Cloak != nil { - if strings.TrimSpace(o.Cloak.Mode) != strings.TrimSpace(n.Cloak.Mode) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.mode: %s -> %s", i, o.Cloak.Mode, n.Cloak.Mode)) - } - if o.Cloak.StrictMode != n.Cloak.StrictMode { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.strict-mode: %t -> %t", i, o.Cloak.StrictMode, n.Cloak.StrictMode)) - } - if len(o.Cloak.SensitiveWords) != len(n.Cloak.SensitiveWords) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.sensitive-words: %d -> %d", i, len(o.Cloak.SensitiveWords), len(n.Cloak.SensitiveWords))) - } - } - } - } - - // Codex keys (do not print key material) - if len(oldCfg.CodexKey) != len(newCfg.CodexKey) { - changes = append(changes, fmt.Sprintf("codex-api-key count: %d -> %d", len(oldCfg.CodexKey), len(newCfg.CodexKey))) - } else { - for i := range oldCfg.CodexKey { - o := oldCfg.CodexKey[i] - n := newCfg.CodexKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("codex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("codex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("codex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if o.Websockets != n.Websockets { - changes = append(changes, fmt.Sprintf("codex[%d].websockets: %t -> %t", i, o.Websockets, n.Websockets)) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("codex[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("codex[%d].headers: updated", i)) - } - oldModels := SummarizeCodexModels(o.Models) - newModels := SummarizeCodexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("codex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("codex[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // AmpCode settings (redacted where needed) - oldAmpURL := strings.TrimSpace(oldCfg.AmpCode.UpstreamURL) - newAmpURL := strings.TrimSpace(newCfg.AmpCode.UpstreamURL) - if oldAmpURL != newAmpURL { - changes = append(changes, fmt.Sprintf("ampcode.upstream-url: %s -> %s", oldAmpURL, newAmpURL)) - } - oldAmpKey := strings.TrimSpace(oldCfg.AmpCode.UpstreamAPIKey) - newAmpKey := strings.TrimSpace(newCfg.AmpCode.UpstreamAPIKey) - switch { - case oldAmpKey == "" && newAmpKey != "": - changes = append(changes, "ampcode.upstream-api-key: added") - case oldAmpKey != "" && newAmpKey == "": - changes = append(changes, "ampcode.upstream-api-key: removed") - case oldAmpKey != newAmpKey: - changes = append(changes, "ampcode.upstream-api-key: updated") - } - if oldCfg.AmpCode.RestrictManagementToLocalhost != newCfg.AmpCode.RestrictManagementToLocalhost { - changes = append(changes, fmt.Sprintf("ampcode.restrict-management-to-localhost: %t -> %t", oldCfg.AmpCode.RestrictManagementToLocalhost, newCfg.AmpCode.RestrictManagementToLocalhost)) - } - oldMappings := SummarizeAmpModelMappings(oldCfg.AmpCode.ModelMappings) - newMappings := SummarizeAmpModelMappings(newCfg.AmpCode.ModelMappings) - if oldMappings.hash != newMappings.hash { - changes = append(changes, fmt.Sprintf("ampcode.model-mappings: updated (%d -> %d entries)", oldMappings.count, newMappings.count)) - } - if oldCfg.AmpCode.ForceModelMappings != newCfg.AmpCode.ForceModelMappings { - changes = append(changes, fmt.Sprintf("ampcode.force-model-mappings: %t -> %t", oldCfg.AmpCode.ForceModelMappings, newCfg.AmpCode.ForceModelMappings)) - } - oldUpstreamAPIKeysCount := len(oldCfg.AmpCode.UpstreamAPIKeys) - newUpstreamAPIKeysCount := len(newCfg.AmpCode.UpstreamAPIKeys) - if !equalUpstreamAPIKeys(oldCfg.AmpCode.UpstreamAPIKeys, newCfg.AmpCode.UpstreamAPIKeys) { - changes = append(changes, fmt.Sprintf("ampcode.upstream-api-keys: updated (%d -> %d entries)", oldUpstreamAPIKeysCount, newUpstreamAPIKeysCount)) - } - - if entries, _ := DiffOAuthExcludedModelChanges(oldCfg.OAuthExcludedModels, newCfg.OAuthExcludedModels); len(entries) > 0 { - changes = append(changes, entries...) - } - if entries, _ := DiffOAuthModelAliasChanges(oldCfg.OAuthModelAlias, newCfg.OAuthModelAlias); len(entries) > 0 { - changes = append(changes, entries...) - } - - // Remote management (never print the key) - if oldCfg.RemoteManagement.AllowRemote != newCfg.RemoteManagement.AllowRemote { - changes = append(changes, fmt.Sprintf("remote-management.allow-remote: %t -> %t", oldCfg.RemoteManagement.AllowRemote, newCfg.RemoteManagement.AllowRemote)) - } - if oldCfg.RemoteManagement.DisableControlPanel != newCfg.RemoteManagement.DisableControlPanel { - changes = append(changes, fmt.Sprintf("remote-management.disable-control-panel: %t -> %t", oldCfg.RemoteManagement.DisableControlPanel, newCfg.RemoteManagement.DisableControlPanel)) - } - oldPanelRepo := strings.TrimSpace(oldCfg.RemoteManagement.PanelGitHubRepository) - newPanelRepo := strings.TrimSpace(newCfg.RemoteManagement.PanelGitHubRepository) - if oldPanelRepo != newPanelRepo { - changes = append(changes, fmt.Sprintf("remote-management.panel-github-repository: %s -> %s", oldPanelRepo, newPanelRepo)) - } - if oldCfg.RemoteManagement.SecretKey != newCfg.RemoteManagement.SecretKey { - switch { - case oldCfg.RemoteManagement.SecretKey == "" && newCfg.RemoteManagement.SecretKey != "": - changes = append(changes, "remote-management.secret-key: created") - case oldCfg.RemoteManagement.SecretKey != "" && newCfg.RemoteManagement.SecretKey == "": - changes = append(changes, "remote-management.secret-key: deleted") - default: - changes = append(changes, "remote-management.secret-key: updated") - } - } - - // Cursor config - if len(oldCfg.CursorKey) != len(newCfg.CursorKey) { - changes = append(changes, fmt.Sprintf("cursor: count %d -> %d", len(oldCfg.CursorKey), len(newCfg.CursorKey))) - } else { - for i := range oldCfg.CursorKey { - o, n := oldCfg.CursorKey[i], newCfg.CursorKey[i] - if strings.TrimSpace(o.TokenFile) != strings.TrimSpace(n.TokenFile) { - changes = append(changes, fmt.Sprintf("cursor[%d].token-file: updated", i)) - } - if strings.TrimSpace(o.CursorAPIURL) != strings.TrimSpace(n.CursorAPIURL) { - changes = append(changes, fmt.Sprintf("cursor[%d].cursor-api-url: updated", i)) - } - } - } - - // Dedicated OpenAI-compatible providers (generated) - BuildConfigChangeDetailsGeneratedProviders(oldCfg, newCfg, &changes) - - // OpenAI compatibility providers (summarized) - - // OpenAI compatibility providers (summarized) - if compat := DiffOpenAICompatibility(oldCfg.OpenAICompatibility, newCfg.OpenAICompatibility); len(compat) > 0 { - changes = append(changes, "openai-compatibility:") - for _, c := range compat { - changes = append(changes, " "+c) - } - } - - // Vertex-compatible API keys - if len(oldCfg.VertexCompatAPIKey) != len(newCfg.VertexCompatAPIKey) { - changes = append(changes, fmt.Sprintf("vertex-api-key count: %d -> %d", len(oldCfg.VertexCompatAPIKey), len(newCfg.VertexCompatAPIKey))) - } else { - for i := range oldCfg.VertexCompatAPIKey { - o := oldCfg.VertexCompatAPIKey[i] - n := newCfg.VertexCompatAPIKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("vertex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("vertex[%d].api-key: updated", i)) - } - oldModels := SummarizeVertexModels(o.Models) - newModels := SummarizeVertexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("vertex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("vertex[%d].headers: updated", i)) - } - } - } - - return changes -} - -func trimStrings(in []string) []string { - out := make([]string, len(in)) - for i := range in { - out[i] = strings.TrimSpace(in[i]) - } - return out -} - -func equalStringMap(a, b map[string]string) bool { - if len(a) != len(b) { - return false - } - for k, v := range a { - if b[k] != v { - return false - } - } - return true -} - -func formatProxyURL(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil { - return "" - } - host := strings.TrimSpace(parsed.Host) - scheme := strings.TrimSpace(parsed.Scheme) - if host == "" { - // Allow host:port style without scheme. - parsed2, err2 := url.Parse("http://" + trimmed) - if err2 == nil { - host = strings.TrimSpace(parsed2.Host) - } - scheme = "" - } - if host == "" { - return "" - } - if scheme == "" { - return host - } - return scheme + "://" + host -} - -func equalStringSet(a, b []string) bool { - if len(a) == 0 && len(b) == 0 { - return true - } - aSet := make(map[string]struct{}, len(a)) - for _, k := range a { - aSet[strings.TrimSpace(k)] = struct{}{} - } - bSet := make(map[string]struct{}, len(b)) - for _, k := range b { - bSet[strings.TrimSpace(k)] = struct{}{} - } - if len(aSet) != len(bSet) { - return false - } - for k := range aSet { - if _, ok := bSet[k]; !ok { - return false - } - } - return true -} - -// equalUpstreamAPIKeys compares two slices of AmpUpstreamAPIKeyEntry for equality. -// Comparison is done by count and content (upstream key and client keys). -func equalUpstreamAPIKeys(a, b []config.AmpUpstreamAPIKeyEntry) bool { - if len(a) != len(b) { - return false - } - for i := range a { - if strings.TrimSpace(a[i].UpstreamAPIKey) != strings.TrimSpace(b[i].UpstreamAPIKey) { - return false - } - if !equalStringSet(a[i].APIKeys, b[i].APIKeys) { - return false - } - } - return true -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/config_diff_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/config_diff_test.go deleted file mode 100644 index 302889f3bf..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/config_diff_test.go +++ /dev/null @@ -1,54 +0,0 @@ -package diff - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "testing" -) - -func TestBuildConfigChangeDetails(t *testing.T) { - oldCfg := &config.Config{ - Port: 8080, - Debug: false, - ClaudeKey: []config.ClaudeKey{{APIKey: "k1"}}, - } - newCfg := &config.Config{ - Port: 9090, - Debug: true, - ClaudeKey: []config.ClaudeKey{{APIKey: "k1"}, {APIKey: "k2"}}, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - if len(changes) != 3 { - t.Errorf("expected 3 changes, got %d: %v", len(changes), changes) - } - - // Test unknown proxy URL - u := formatProxyURL("http://user:pass@host:1234") - if u != "http://host:1234" { - t.Errorf("expected redacted user:pass, got %s", u) - } -} - -func TestEqualStringMap(t *testing.T) { - m1 := map[string]string{"a": "1"} - m2 := map[string]string{"a": "1"} - m3 := map[string]string{"a": "2"} - if !equalStringMap(m1, m2) { - t.Error("expected true for m1, m2") - } - if equalStringMap(m1, m3) { - t.Error("expected false for m1, m3") - } -} - -func TestEqualStringSet(t *testing.T) { - s1 := []string{"a", "b"} - s2 := []string{"b", "a"} - s3 := []string{"a"} - if !equalStringSet(s1, s2) { - t.Error("expected true for s1, s2") - } - if equalStringSet(s1, s3) { - t.Error("expected false for s1, s3") - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/diff_generated.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/diff_generated.go deleted file mode 100644 index 3d65600f66..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/diff_generated.go +++ /dev/null @@ -1,44 +0,0 @@ -// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package diff - -import ( - "fmt" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// BuildConfigChangeDetailsGeneratedProviders computes changes for generated dedicated providers. -func BuildConfigChangeDetailsGeneratedProviders(oldCfg, newCfg *config.Config, changes *[]string) { - if len(oldCfg.MiniMaxKey) != len(newCfg.MiniMaxKey) { - *changes = append(*changes, fmt.Sprintf("minimax: count %d -> %d", len(oldCfg.MiniMaxKey), len(newCfg.MiniMaxKey))) - } - if len(oldCfg.RooKey) != len(newCfg.RooKey) { - *changes = append(*changes, fmt.Sprintf("roo: count %d -> %d", len(oldCfg.RooKey), len(newCfg.RooKey))) - } - if len(oldCfg.KiloKey) != len(newCfg.KiloKey) { - *changes = append(*changes, fmt.Sprintf("kilo: count %d -> %d", len(oldCfg.KiloKey), len(newCfg.KiloKey))) - } - if len(oldCfg.DeepSeekKey) != len(newCfg.DeepSeekKey) { - *changes = append(*changes, fmt.Sprintf("deepseek: count %d -> %d", len(oldCfg.DeepSeekKey), len(newCfg.DeepSeekKey))) - } - if len(oldCfg.GroqKey) != len(newCfg.GroqKey) { - *changes = append(*changes, fmt.Sprintf("groq: count %d -> %d", len(oldCfg.GroqKey), len(newCfg.GroqKey))) - } - if len(oldCfg.MistralKey) != len(newCfg.MistralKey) { - *changes = append(*changes, fmt.Sprintf("mistral: count %d -> %d", len(oldCfg.MistralKey), len(newCfg.MistralKey))) - } - if len(oldCfg.SiliconFlowKey) != len(newCfg.SiliconFlowKey) { - *changes = append(*changes, fmt.Sprintf("siliconflow: count %d -> %d", len(oldCfg.SiliconFlowKey), len(newCfg.SiliconFlowKey))) - } - if len(oldCfg.OpenRouterKey) != len(newCfg.OpenRouterKey) { - *changes = append(*changes, fmt.Sprintf("openrouter: count %d -> %d", len(oldCfg.OpenRouterKey), len(newCfg.OpenRouterKey))) - } - if len(oldCfg.TogetherKey) != len(newCfg.TogetherKey) { - *changes = append(*changes, fmt.Sprintf("together: count %d -> %d", len(oldCfg.TogetherKey), len(newCfg.TogetherKey))) - } - if len(oldCfg.FireworksKey) != len(newCfg.FireworksKey) { - *changes = append(*changes, fmt.Sprintf("fireworks: count %d -> %d", len(oldCfg.FireworksKey), len(newCfg.FireworksKey))) - } - if len(oldCfg.NovitaKey) != len(newCfg.NovitaKey) { - *changes = append(*changes, fmt.Sprintf("novita: count %d -> %d", len(oldCfg.NovitaKey), len(newCfg.NovitaKey))) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/model_hash.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/model_hash.go deleted file mode 100644 index 20293ca73b..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/model_hash.go +++ /dev/null @@ -1,132 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "encoding/json" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// ComputeOpenAICompatModelsHash returns a stable hash for OpenAI-compat models. -// Used to detect model list changes during hot reload. -func ComputeOpenAICompatModelsHash(models []config.OpenAICompatibilityModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeVertexCompatModelsHash returns a stable hash for Vertex-compatible models. -func ComputeVertexCompatModelsHash(models []config.VertexCompatModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeClaudeModelsHash returns a stable hash for Claude model aliases. -func ComputeClaudeModelsHash(models []config.ClaudeModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeCodexModelsHash returns a stable hash for Codex model aliases. -func ComputeCodexModelsHash(models []config.CodexModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeGeminiModelsHash returns a stable hash for Gemini model aliases. -func ComputeGeminiModelsHash(models []config.GeminiModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeExcludedModelsHash returns a normalized hash for excluded model lists. -func ComputeExcludedModelsHash(excluded []string) string { - if len(excluded) == 0 { - return "" - } - normalized := make([]string, 0, len(excluded)) - for _, entry := range excluded { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - normalized = append(normalized, strings.ToLower(trimmed)) - } - } - if len(normalized) == 0 { - return "" - } - sort.Strings(normalized) - data, _ := json.Marshal(normalized) - sum := sha256.Sum256(data) - return hex.EncodeToString(sum[:]) -} - -func normalizeModelPairs(collect func(out func(key string))) []string { - seen := make(map[string]struct{}) - keys := make([]string, 0) - collect(func(key string) { - if _, exists := seen[key]; exists { - return - } - seen[key] = struct{}{} - keys = append(keys, key) - }) - if len(keys) == 0 { - return nil - } - sort.Strings(keys) - return keys -} - -func hashJoined(keys []string) string { - if len(keys) == 0 { - return "" - } - sum := sha256.Sum256([]byte(strings.Join(keys, "\n"))) - return hex.EncodeToString(sum[:]) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/model_hash_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/model_hash_test.go deleted file mode 100644 index b01b3582f7..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/model_hash_test.go +++ /dev/null @@ -1,194 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestComputeOpenAICompatModelsHash_Deterministic(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: "gpt-3.5-turbo"}, - } - hash1 := ComputeOpenAICompatModelsHash(models) - hash2 := ComputeOpenAICompatModelsHash(models) - if hash1 == "" { - t.Fatal("hash should not be empty") - } - if hash1 != hash2 { - t.Fatalf("hash should be deterministic, got %s vs %s", hash1, hash2) - } - changed := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: "gpt-4"}, {Name: "gpt-4.1"}}) - if hash1 == changed { - t.Fatal("hash should change when model list changes") - } -} - -func TestComputeOpenAICompatModelsHash_NormalizesAndDedups(t *testing.T) { - a := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: " "}, - {Name: "GPT-4", Alias: "GPT4"}, - {Alias: "a1"}, - } - b := []config.OpenAICompatibilityModel{ - {Alias: "A1"}, - {Name: "gpt-4", Alias: "gpt4"}, - } - h1 := ComputeOpenAICompatModelsHash(a) - h2 := ComputeOpenAICompatModelsHash(b) - if h1 == "" || h2 == "" { - t.Fatal("expected non-empty hashes for non-empty model sets") - } - if h1 != h2 { - t.Fatalf("expected normalized hashes to match, got %s / %s", h1, h2) - } -} - -func TestComputeVertexCompatModelsHash_DifferentInputs(t *testing.T) { - models := []config.VertexCompatModel{{Name: "gemini-pro", Alias: "pro"}} - hash1 := ComputeVertexCompatModelsHash(models) - hash2 := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: "gemini-1.5-pro", Alias: "pro"}}) - if hash1 == "" || hash2 == "" { - t.Fatal("hashes should not be empty for non-empty models") - } - if hash1 == hash2 { - t.Fatal("hash should differ when model content differs") - } -} - -func TestComputeVertexCompatModelsHash_IgnoresBlankAndOrder(t *testing.T) { - a := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeVertexCompatModelsHash(a), ComputeVertexCompatModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeClaudeModelsHash_Empty(t *testing.T) { - if got := ComputeClaudeModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeClaudeModelsHash([]config.ClaudeModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeCodexModelsHash_Empty(t *testing.T) { - if got := ComputeCodexModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeCodexModelsHash([]config.CodexModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeClaudeModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeClaudeModelsHash(a), ComputeClaudeModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeCodexModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeCodexModelsHash(a), ComputeCodexModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeExcludedModelsHash_Normalizes(t *testing.T) { - hash1 := ComputeExcludedModelsHash([]string{" A ", "b", "a"}) - hash2 := ComputeExcludedModelsHash([]string{"a", " b", "A"}) - if hash1 == "" || hash2 == "" { - t.Fatal("hash should not be empty for non-empty input") - } - if hash1 != hash2 { - t.Fatalf("hash should be order/space insensitive for same multiset, got %s vs %s", hash1, hash2) - } - hash3 := ComputeExcludedModelsHash([]string{"c"}) - if hash1 == hash3 { - t.Fatal("hash should differ for different normalized sets") - } -} - -func TestComputeOpenAICompatModelsHash_Empty(t *testing.T) { - if got := ComputeOpenAICompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: " "}, {Alias: ""}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeVertexCompatModelsHash_Empty(t *testing.T) { - if got := ComputeVertexCompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: " "}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeExcludedModelsHash_Empty(t *testing.T) { - if got := ComputeExcludedModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{" ", ""}); got != "" { - t.Fatalf("expected empty hash for whitespace-only entries, got %q", got) - } -} - -func TestComputeClaudeModelsHash_Deterministic(t *testing.T) { - models := []config.ClaudeModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeClaudeModelsHash(models) - h2 := ComputeClaudeModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeClaudeModelsHash([]config.ClaudeModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} - -func TestComputeCodexModelsHash_Deterministic(t *testing.T) { - models := []config.CodexModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeCodexModelsHash(models) - h2 := ComputeCodexModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeCodexModelsHash([]config.CodexModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/models_summary.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/models_summary.go deleted file mode 100644 index 326c23ac27..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/models_summary.go +++ /dev/null @@ -1,125 +0,0 @@ -package diff - -import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -const vertexModelsSummaryHashKey = "watcher-vertex-models-summary:v1" - -type GeminiModelsSummary struct { - hash string - count int -} - -type ClaudeModelsSummary struct { - hash string - count int -} - -type CodexModelsSummary struct { - hash string - count int -} - -type VertexModelsSummary struct { - hash string - count int -} - -// SummarizeGeminiModels hashes Gemini model aliases for change detection. -func SummarizeGeminiModels(models []config.GeminiModel) GeminiModelsSummary { - if len(models) == 0 { - return GeminiModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return GeminiModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeClaudeModels hashes Claude model aliases for change detection. -func SummarizeClaudeModels(models []config.ClaudeModel) ClaudeModelsSummary { - if len(models) == 0 { - return ClaudeModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return ClaudeModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeCodexModels hashes Codex model aliases for change detection. -func SummarizeCodexModels(models []config.CodexModel) CodexModelsSummary { - if len(models) == 0 { - return CodexModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return CodexModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeVertexModels hashes Vertex-compatible model aliases for change detection. -func SummarizeVertexModels(models []config.VertexCompatModel) VertexModelsSummary { - if len(models) == 0 { - return VertexModelsSummary{} - } - names := make([]string, 0, len(models)) - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - if alias != "" { - name = alias - } - names = append(names, name) - } - if len(names) == 0 { - return VertexModelsSummary{} - } - sort.Strings(names) - hasher := hmac.New(sha512.New, []byte(vertexModelsSummaryHashKey)) - hasher.Write([]byte(strings.Join(names, "|"))) - return VertexModelsSummary{ - hash: hex.EncodeToString(hasher.Sum(nil)), - count: len(names), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_excluded.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_excluded.go deleted file mode 100644 index 0994e7a7ed..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_excluded.go +++ /dev/null @@ -1,118 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -type ExcludedModelsSummary struct { - hash string - count int -} - -// SummarizeExcludedModels normalizes and hashes an excluded-model list. -func SummarizeExcludedModels(list []string) ExcludedModelsSummary { - if len(list) == 0 { - return ExcludedModelsSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, entry := range list { - if trimmed := strings.ToLower(strings.TrimSpace(entry)); trimmed != "" { - if _, exists := seen[trimmed]; exists { - continue - } - seen[trimmed] = struct{}{} - normalized = append(normalized, trimmed) - } - } - sort.Strings(normalized) - return ExcludedModelsSummary{ - hash: ComputeExcludedModelsHash(normalized), - count: len(normalized), - } -} - -// SummarizeOAuthExcludedModels summarizes OAuth excluded models per provider. -func SummarizeOAuthExcludedModels(entries map[string][]string) map[string]ExcludedModelsSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]ExcludedModelsSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = SummarizeExcludedModels(v) - } - return out -} - -// DiffOAuthExcludedModelChanges compares OAuth excluded models maps. -func DiffOAuthExcludedModelChanges(oldMap, newMap map[string][]string) ([]string, []string) { - oldSummary := SummarizeOAuthExcludedModels(oldMap) - newSummary := SummarizeOAuthExcludedModels(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -type AmpModelMappingsSummary struct { - hash string - count int -} - -// SummarizeAmpModelMappings hashes Amp model mappings for change detection. -func SummarizeAmpModelMappings(mappings []config.AmpModelMapping) AmpModelMappingsSummary { - if len(mappings) == 0 { - return AmpModelMappingsSummary{} - } - entries := make([]string, 0, len(mappings)) - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if from == "" && to == "" { - continue - } - entries = append(entries, from+"->"+to) - } - if len(entries) == 0 { - return AmpModelMappingsSummary{} - } - sort.Strings(entries) - sum := sha256.Sum256([]byte(strings.Join(entries, "|"))) - return AmpModelMappingsSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(entries), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_excluded_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_excluded_test.go deleted file mode 100644 index 1ddd7c769d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_excluded_test.go +++ /dev/null @@ -1,126 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestSummarizeExcludedModels_NormalizesAndDedupes(t *testing.T) { - summary := SummarizeExcludedModels([]string{"A", " a ", "B", "b"}) - if summary.count != 2 { - t.Fatalf("expected 2 unique entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeExcludedModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } -} - -func TestDiffOAuthExcludedModelChanges(t *testing.T) { - oldMap := map[string][]string{ - "ProviderA": {"model-1", "model-2"}, - "providerB": {"x"}, - } - newMap := map[string][]string{ - "providerA": {"model-1", "model-3"}, - "providerC": {"y"}, - } - - changes, affected := DiffOAuthExcludedModelChanges(oldMap, newMap) - expectContains(t, changes, "oauth-excluded-models[providera]: updated (2 -> 2 entries)") - expectContains(t, changes, "oauth-excluded-models[providerb]: removed") - expectContains(t, changes, "oauth-excluded-models[providerc]: added (1 entries)") - - if len(affected) != 3 { - t.Fatalf("expected 3 affected providers, got %d", len(affected)) - } -} - -func TestSummarizeAmpModelMappings(t *testing.T) { - summary := SummarizeAmpModelMappings([]config.AmpModelMapping{ - {From: "a", To: "A"}, - {From: "b", To: "B"}, - {From: " ", To: " "}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeAmpModelMappings(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeAmpModelMappings([]config.AmpModelMapping{{From: " ", To: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank mappings ignored, got %+v", blank) - } -} - -func TestSummarizeOAuthExcludedModels_NormalizesKeys(t *testing.T) { - out := SummarizeOAuthExcludedModels(map[string][]string{ - "ProvA": {"X"}, - "": {"ignored"}, - }) - if len(out) != 1 { - t.Fatalf("expected only non-empty key summary, got %d", len(out)) - } - if _, ok := out["prova"]; !ok { - t.Fatalf("expected normalized key 'prova', got keys %v", out) - } - if out["prova"].count != 1 || out["prova"].hash == "" { - t.Fatalf("unexpected summary %+v", out["prova"]) - } - if outEmpty := SummarizeOAuthExcludedModels(nil); outEmpty != nil { - t.Fatalf("expected nil map for nil input, got %v", outEmpty) - } -} - -func TestSummarizeVertexModels(t *testing.T) { - summary := SummarizeVertexModels([]config.VertexCompatModel{ - {Name: "m1"}, - {Name: " ", Alias: "alias"}, - {}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 vertex models, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeVertexModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeVertexModels([]config.VertexCompatModel{{Name: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank model ignored, got %+v", blank) - } -} - -func TestSummarizeVertexModels_DoesNotUseLegacySHA256(t *testing.T) { - summary := SummarizeVertexModels([]config.VertexCompatModel{ - {Name: "m1"}, - {Name: "m2"}, - }) - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - - legacy := sha256.Sum256([]byte("m1|m2")) - if summary.hash == hex.EncodeToString(legacy[:]) { - t.Fatalf("expected vertex hash to differ from legacy sha256") - } -} - -func expectContains(t *testing.T, list []string, target string) { - t.Helper() - for _, entry := range list { - if entry == target { - return - } - } - t.Fatalf("expected list to contain %q, got %#v", target, list) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_model_alias.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_model_alias.go deleted file mode 100644 index 4e6ad3b794..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/oauth_model_alias.go +++ /dev/null @@ -1,101 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -type OAuthModelAliasSummary struct { - hash string - count int -} - -// SummarizeOAuthModelAlias summarizes OAuth model alias per channel. -func SummarizeOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string]OAuthModelAliasSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]OAuthModelAliasSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = summarizeOAuthModelAliasList(v) - } - if len(out) == 0 { - return nil - } - return out -} - -// DiffOAuthModelAliasChanges compares OAuth model alias maps. -func DiffOAuthModelAliasChanges(oldMap, newMap map[string][]config.OAuthModelAlias) ([]string, []string) { - oldSummary := SummarizeOAuthModelAlias(oldMap) - newSummary := SummarizeOAuthModelAlias(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -func summarizeOAuthModelAliasList(list []config.OAuthModelAlias) OAuthModelAliasSummary { - if len(list) == 0 { - return OAuthModelAliasSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, alias := range list { - name := strings.ToLower(strings.TrimSpace(alias.Name)) - aliasVal := strings.ToLower(strings.TrimSpace(alias.Alias)) - if name == "" || aliasVal == "" { - continue - } - key := name + "->" + aliasVal - if alias.Fork { - key += "|fork" - } - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - normalized = append(normalized, key) - } - if len(normalized) == 0 { - return OAuthModelAliasSummary{} - } - sort.Strings(normalized) - sum := sha256.Sum256([]byte(strings.Join(normalized, "|"))) - return OAuthModelAliasSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(normalized), - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/openai_compat.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/openai_compat.go deleted file mode 100644 index dfbeafee21..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/openai_compat.go +++ /dev/null @@ -1,187 +0,0 @@ -package diff - -import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -const openAICompatSignatureHashKey = "watcher-openai-compat-signature:v1" - -// DiffOpenAICompatibility produces human-readable change descriptions. -func DiffOpenAICompatibility(oldList, newList []config.OpenAICompatibility) []string { - changes := make([]string, 0) - oldMap := make(map[string]config.OpenAICompatibility, len(oldList)) - oldLabels := make(map[string]string, len(oldList)) - for idx, entry := range oldList { - key, label := openAICompatKey(entry, idx) - oldMap[key] = entry - oldLabels[key] = label - } - newMap := make(map[string]config.OpenAICompatibility, len(newList)) - newLabels := make(map[string]string, len(newList)) - for idx, entry := range newList { - key, label := openAICompatKey(entry, idx) - newMap[key] = entry - newLabels[key] = label - } - keySet := make(map[string]struct{}, len(oldMap)+len(newMap)) - for key := range oldMap { - keySet[key] = struct{}{} - } - for key := range newMap { - keySet[key] = struct{}{} - } - orderedKeys := make([]string, 0, len(keySet)) - for key := range keySet { - orderedKeys = append(orderedKeys, key) - } - sort.Strings(orderedKeys) - for _, key := range orderedKeys { - oldEntry, oldOk := oldMap[key] - newEntry, newOk := newMap[key] - label := oldLabels[key] - if label == "" { - label = newLabels[key] - } - switch { - case !oldOk: - changes = append(changes, fmt.Sprintf("provider added: %s (api-keys=%d, models=%d)", label, countAPIKeys(newEntry), countOpenAIModels(newEntry.Models))) - case !newOk: - changes = append(changes, fmt.Sprintf("provider removed: %s (api-keys=%d, models=%d)", label, countAPIKeys(oldEntry), countOpenAIModels(oldEntry.Models))) - default: - if detail := describeOpenAICompatibilityUpdate(oldEntry, newEntry); detail != "" { - changes = append(changes, fmt.Sprintf("provider updated: %s %s", label, detail)) - } - } - } - return changes -} - -func describeOpenAICompatibilityUpdate(oldEntry, newEntry config.OpenAICompatibility) string { - oldKeyCount := countAPIKeys(oldEntry) - newKeyCount := countAPIKeys(newEntry) - oldModelCount := countOpenAIModels(oldEntry.Models) - newModelCount := countOpenAIModels(newEntry.Models) - details := make([]string, 0, 3) - if oldKeyCount != newKeyCount { - details = append(details, fmt.Sprintf("api-keys %d -> %d", oldKeyCount, newKeyCount)) - } - if oldModelCount != newModelCount { - details = append(details, fmt.Sprintf("models %d -> %d", oldModelCount, newModelCount)) - } - if !equalStringMap(oldEntry.Headers, newEntry.Headers) { - details = append(details, "headers updated") - } - if len(details) == 0 { - return "" - } - return "(" + strings.Join(details, ", ") + ")" -} - -func countAPIKeys(entry config.OpenAICompatibility) int { - count := 0 - for _, keyEntry := range entry.APIKeyEntries { - if strings.TrimSpace(keyEntry.APIKey) != "" { - count++ - } - } - return count -} - -func countOpenAIModels(models []config.OpenAICompatibilityModel) int { - count := 0 - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - count++ - } - return count -} - -func openAICompatKey(entry config.OpenAICompatibility, index int) (string, string) { - name := strings.TrimSpace(entry.Name) - if name != "" { - return "name:" + name, name - } - base := strings.TrimSpace(entry.BaseURL) - if base != "" { - return "base:" + base, base - } - for _, model := range entry.Models { - alias := strings.TrimSpace(model.Alias) - if alias == "" { - alias = strings.TrimSpace(model.Name) - } - if alias != "" { - return "alias:" + alias, alias - } - } - sig := openAICompatSignature(entry) - if sig == "" { - return fmt.Sprintf("index:%d", index), fmt.Sprintf("entry-%d", index+1) - } - short := sig - if len(short) > 8 { - short = short[:8] - } - return "sig:" + sig, "compat-" + short -} - -func openAICompatSignature(entry config.OpenAICompatibility) string { - var parts []string - - if v := strings.TrimSpace(entry.Name); v != "" { - parts = append(parts, "name="+strings.ToLower(v)) - } - if v := strings.TrimSpace(entry.BaseURL); v != "" { - parts = append(parts, "base="+v) - } - - models := make([]string, 0, len(entry.Models)) - for _, model := range entry.Models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - models = append(models, strings.ToLower(name)+"|"+strings.ToLower(alias)) - } - if len(models) > 0 { - sort.Strings(models) - parts = append(parts, "models="+strings.Join(models, ",")) - } - - if len(entry.Headers) > 0 { - keys := make([]string, 0, len(entry.Headers)) - for k := range entry.Headers { - if trimmed := strings.TrimSpace(k); trimmed != "" { - keys = append(keys, strings.ToLower(trimmed)) - } - } - if len(keys) > 0 { - sort.Strings(keys) - parts = append(parts, "headers="+strings.Join(keys, ",")) - } - } - - // Intentionally exclude API key material; only count non-empty entries. - if count := countAPIKeys(entry); count > 0 { - parts = append(parts, fmt.Sprintf("api_keys=%d", count)) - } - - if len(parts) == 0 { - return "" - } - hasher := hmac.New(sha512.New, []byte(openAICompatSignatureHashKey)) - hasher.Write([]byte(strings.Join(parts, "|"))) - return hex.EncodeToString(hasher.Sum(nil)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/openai_compat_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/openai_compat_test.go deleted file mode 100644 index 4e2907c0f3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/diff/openai_compat_test.go +++ /dev/null @@ -1,203 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -func TestDiffOpenAICompatibility(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - }, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - {APIKey: "key-b"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: "m2"}, - }, - Headers: map[string]string{"X-Test": "1"}, - }, - { - Name: "provider-b", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-b"}}, - }, - } - - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider added: provider-b (api-keys=1, models=0)") - expectContains(t, changes, "provider updated: provider-a (api-keys 1 -> 2, models 1 -> 2, headers updated)") -} - -func TestDiffOpenAICompatibility_RemovedAndUnchanged(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - if changes := DiffOpenAICompatibility(oldList, newList); len(changes) != 0 { - t.Fatalf("expected no changes, got %v", changes) - } - - newList = nil - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider removed: provider-a (api-keys=1, models=1)") -} - -func TestOpenAICompatKeyFallbacks(t *testing.T) { - entry := config.OpenAICompatibility{ - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{{Alias: "alias-only"}}, - } - key, label := openAICompatKey(entry, 0) - if key != "base:http://base" || label != "http://base" { - t.Fatalf("expected base key, got %s/%s", key, label) - } - - entry.BaseURL = "" - key, label = openAICompatKey(entry, 1) - if key != "alias:alias-only" || label != "alias-only" { - t.Fatalf("expected alias fallback, got %s/%s", key, label) - } - - entry.Models = nil - key, label = openAICompatKey(entry, 2) - if key != "index:2" || label != "entry-3" { - t.Fatalf("expected index fallback, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_UsesName(t *testing.T) { - entry := config.OpenAICompatibility{Name: "My-Provider"} - key, label := openAICompatKey(entry, 0) - if key != "name:My-Provider" || label != "My-Provider" { - t.Fatalf("expected name key, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_SignatureFallbackWhenOnlyAPIKeys(t *testing.T) { - entry := config.OpenAICompatibility{ - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k1"}, {APIKey: "k2"}}, - } - key, label := openAICompatKey(entry, 0) - if !strings.HasPrefix(key, "sig:") || !strings.HasPrefix(label, "compat-") { - t.Fatalf("expected signature key, got %s/%s", key, label) - } -} - -func TestOpenAICompatSignature_EmptyReturnsEmpty(t *testing.T) { - if got := openAICompatSignature(config.OpenAICompatibility{}); got != "" { - t.Fatalf("expected empty signature, got %q", got) - } -} - -func TestOpenAICompatSignature_StableAndNormalized(t *testing.T) { - a := config.OpenAICompatibility{ - Name: " Provider ", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: " "}, - {Alias: "A1"}, - }, - Headers: map[string]string{ - "X-Test": "1", - " ": "ignored", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - {APIKey: " "}, - }, - } - b := config.OpenAICompatibility{ - Name: "provider", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Alias: "a1"}, - {Name: "m1"}, - }, - Headers: map[string]string{ - "x-test": "2", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k2"}, - }, - } - - sigA := openAICompatSignature(a) - sigB := openAICompatSignature(b) - if sigA == "" || sigB == "" { - t.Fatalf("expected non-empty signatures, got %q / %q", sigA, sigB) - } - if sigA != sigB { - t.Fatalf("expected normalized signatures to match, got %s / %s", sigA, sigB) - } - - c := b - c.Models = append(c.Models, config.OpenAICompatibilityModel{Name: "m2"}) - if sigC := openAICompatSignature(c); sigC == sigB { - t.Fatalf("expected signature to change when models change, got %s", sigC) - } - -} - -func TestOpenAICompatSignature_DoesNotUseLegacySHA256(t *testing.T) { - entry := config.OpenAICompatibility{Name: "provider"} - got := openAICompatSignature(entry) - if got == "" { - t.Fatal("expected non-empty signature") - } - - legacy := sha256.Sum256([]byte("name=provider")) - if got == hex.EncodeToString(legacy[:]) { - t.Fatalf("expected signature to differ from legacy sha256") - } -} - -func TestCountOpenAIModelsSkipsBlanks(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: ""}, - {Alias: ""}, - {Name: " "}, - {Alias: "a1"}, - } - if got := countOpenAIModels(models); got != 2 { - t.Fatalf("expected 2 counted models, got %d", got) - } -} - -func TestOpenAICompatKeyUsesModelNameWhenAliasEmpty(t *testing.T) { - entry := config.OpenAICompatibility{ - Models: []config.OpenAICompatibilityModel{{Name: "model-name"}}, - } - key, label := openAICompatKey(entry, 5) - if key != "alias:model-name" || label != "model-name" { - t.Fatalf("expected model-name fallback, got %s/%s", key, label) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/dispatcher.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/dispatcher.go deleted file mode 100644 index 517316bff6..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/dispatcher.go +++ /dev/null @@ -1,273 +0,0 @@ -// dispatcher.go implements auth update dispatching and queue management. -// It batches, deduplicates, and delivers auth updates to registered consumers. -package watcher - -import ( - "context" - "fmt" - "reflect" - "sync" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/synthesizer" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func (w *Watcher) setAuthUpdateQueue(queue chan<- AuthUpdate) { - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - w.authQueue = queue - if w.dispatchCond == nil { - w.dispatchCond = sync.NewCond(&w.dispatchMu) - } - if w.dispatchCancel != nil { - w.dispatchCancel() - if w.dispatchCond != nil { - w.dispatchMu.Lock() - w.dispatchCond.Broadcast() - w.dispatchMu.Unlock() - } - w.dispatchCancel = nil - } - if queue != nil { - ctx, cancel := context.WithCancel(context.Background()) - w.dispatchCancel = cancel - go w.dispatchLoop(ctx) - } -} - -func (w *Watcher) dispatchRuntimeAuthUpdate(update AuthUpdate) bool { - if w == nil { - return false - } - w.clientsMutex.Lock() - if w.runtimeAuths == nil { - w.runtimeAuths = make(map[string]*coreauth.Auth) - } - switch update.Action { - case AuthUpdateActionAdd, AuthUpdateActionModify: - if update.Auth != nil && update.Auth.ID != "" { - clone := update.Auth.Clone() - w.runtimeAuths[clone.ID] = clone - if w.currentAuths == nil { - w.currentAuths = make(map[string]*coreauth.Auth) - } - w.currentAuths[clone.ID] = clone.Clone() - } - case AuthUpdateActionDelete: - id := update.ID - if id == "" && update.Auth != nil { - id = update.Auth.ID - } - if id != "" { - delete(w.runtimeAuths, id) - if w.currentAuths != nil { - delete(w.currentAuths, id) - } - } - } - w.clientsMutex.Unlock() - if w.getAuthQueue() == nil { - return false - } - w.dispatchAuthUpdates([]AuthUpdate{update}) - return true -} - -func (w *Watcher) refreshAuthState(force bool) { - auths := w.SnapshotCoreAuths() - w.clientsMutex.Lock() - if len(w.runtimeAuths) > 0 { - for _, a := range w.runtimeAuths { - if a != nil { - auths = append(auths, a.Clone()) - } - } - } - updates := w.prepareAuthUpdatesLocked(auths, force) - w.clientsMutex.Unlock() - w.dispatchAuthUpdates(updates) -} - -func (w *Watcher) prepareAuthUpdatesLocked(auths []*coreauth.Auth, force bool) []AuthUpdate { - newState := make(map[string]*coreauth.Auth, len(auths)) - for _, auth := range auths { - if auth == nil || auth.ID == "" { - continue - } - newState[auth.ID] = auth.Clone() - } - if w.currentAuths == nil { - w.currentAuths = newState - if w.authQueue == nil { - return nil - } - updates := make([]AuthUpdate, 0, len(newState)) - for id, auth := range newState { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionAdd, ID: id, Auth: auth.Clone()}) - } - return updates - } - if w.authQueue == nil { - w.currentAuths = newState - return nil - } - updates := make([]AuthUpdate, 0, len(newState)+len(w.currentAuths)) - for id, auth := range newState { - if existing, ok := w.currentAuths[id]; !ok { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionAdd, ID: id, Auth: auth.Clone()}) - } else if force || !authEqual(existing, auth) { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionModify, ID: id, Auth: auth.Clone()}) - } - } - for id := range w.currentAuths { - if _, ok := newState[id]; !ok { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionDelete, ID: id}) - } - } - w.currentAuths = newState - return updates -} - -func (w *Watcher) dispatchAuthUpdates(updates []AuthUpdate) { - if len(updates) == 0 { - return - } - queue := w.getAuthQueue() - if queue == nil { - return - } - baseTS := time.Now().UnixNano() - w.dispatchMu.Lock() - if w.pendingUpdates == nil { - w.pendingUpdates = make(map[string]AuthUpdate) - } - for idx, update := range updates { - key := w.authUpdateKey(update, baseTS+int64(idx)) - if _, exists := w.pendingUpdates[key]; !exists { - w.pendingOrder = append(w.pendingOrder, key) - } - w.pendingUpdates[key] = update - } - if w.dispatchCond != nil { - w.dispatchCond.Signal() - } - w.dispatchMu.Unlock() -} - -func (w *Watcher) authUpdateKey(update AuthUpdate, ts int64) string { - if update.ID != "" { - return update.ID - } - return fmt.Sprintf("%s:%d", update.Action, ts) -} - -func (w *Watcher) dispatchLoop(ctx context.Context) { - for { - batch, ok := w.nextPendingBatch(ctx) - if !ok { - return - } - queue := w.getAuthQueue() - if queue == nil { - if ctx.Err() != nil { - return - } - time.Sleep(10 * time.Millisecond) - continue - } - for _, update := range batch { - select { - case queue <- update: - case <-ctx.Done(): - return - } - } - } -} - -func (w *Watcher) nextPendingBatch(ctx context.Context) ([]AuthUpdate, bool) { - w.dispatchMu.Lock() - defer w.dispatchMu.Unlock() - for len(w.pendingOrder) == 0 { - if ctx.Err() != nil { - return nil, false - } - w.dispatchCond.Wait() - if ctx.Err() != nil { - return nil, false - } - } - batch := make([]AuthUpdate, 0, len(w.pendingOrder)) - for _, key := range w.pendingOrder { - batch = append(batch, w.pendingUpdates[key]) - delete(w.pendingUpdates, key) - } - w.pendingOrder = w.pendingOrder[:0] - return batch, true -} - -func (w *Watcher) getAuthQueue() chan<- AuthUpdate { - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - return w.authQueue -} - -func (w *Watcher) stopDispatch() { - if w.dispatchCancel != nil { - w.dispatchCancel() - w.dispatchCancel = nil - } - w.dispatchMu.Lock() - w.pendingOrder = nil - w.pendingUpdates = nil - if w.dispatchCond != nil { - w.dispatchCond.Broadcast() - } - w.dispatchMu.Unlock() - w.clientsMutex.Lock() - w.authQueue = nil - w.clientsMutex.Unlock() -} - -func authEqual(a, b *coreauth.Auth) bool { - return reflect.DeepEqual(normalizeAuth(a), normalizeAuth(b)) -} - -func normalizeAuth(a *coreauth.Auth) *coreauth.Auth { - if a == nil { - return nil - } - clone := a.Clone() - clone.CreatedAt = time.Time{} - clone.UpdatedAt = time.Time{} - clone.LastRefreshedAt = time.Time{} - clone.NextRefreshAfter = time.Time{} - clone.Runtime = nil - clone.Quota.NextRecoverAt = time.Time{} - return clone -} - -func snapshotCoreAuths(cfg *config.Config, authDir string) []*coreauth.Auth { - ctx := &synthesizer.SynthesisContext{ - Config: cfg, - AuthDir: authDir, - Now: time.Now(), - IDGenerator: synthesizer.NewStableIDGenerator(), - } - - var out []*coreauth.Auth - - configSynth := synthesizer.NewConfigSynthesizer() - if auths, err := configSynth.Synthesize(ctx); err == nil { - out = append(out, auths...) - } - - fileSynth := synthesizer.NewFileSynthesizer() - if auths, err := fileSynth.Synthesize(ctx); err == nil { - out = append(out, auths...) - } - - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/events.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/events.go deleted file mode 100644 index 1cb8db64f3..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/events.go +++ /dev/null @@ -1,274 +0,0 @@ -// events.go implements fsnotify event handling for config and auth file changes. -// It normalizes paths, debounces noisy events, and triggers reload/update logic. -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - "github.com/fsnotify/fsnotify" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - log "github.com/sirupsen/logrus" -) - -func matchProvider(provider string, targets []string) (string, bool) { - p := strings.ToLower(strings.TrimSpace(provider)) - for _, t := range targets { - if strings.EqualFold(p, strings.TrimSpace(t)) { - return p, true - } - } - return p, false -} - -func (w *Watcher) start(ctx context.Context) error { - if errAddConfig := w.watcher.Add(w.configPath); errAddConfig != nil { - log.Errorf("failed to watch config file %s: %v", w.configPath, errAddConfig) - return errAddConfig - } - log.Debugf("watching config file: %s", w.configPath) - - if errAddAuthDir := w.watcher.Add(w.authDir); errAddAuthDir != nil { - log.Errorf("failed to watch auth directory %s: %v", w.authDir, errAddAuthDir) - return errAddAuthDir - } - log.Debugf("watching auth directory: %s", w.authDir) - - w.watchKiroIDETokenFile() - - go w.processEvents(ctx) - - w.reloadClients(true, nil, false) - return nil -} - -func (w *Watcher) watchKiroIDETokenFile() { - homeDir, err := os.UserHomeDir() - if err != nil { - log.Debugf("failed to get home directory for Kiro IDE token watch: %v", err) - return - } - - kiroTokenDir := filepath.Join(homeDir, ".aws", "sso", "cache") - - if _, statErr := os.Stat(kiroTokenDir); os.IsNotExist(statErr) { - log.Debugf("Kiro IDE token directory does not exist: %s", kiroTokenDir) - return - } - - if errAdd := w.watcher.Add(kiroTokenDir); errAdd != nil { - log.Debugf("failed to watch Kiro IDE token directory %s: %v", kiroTokenDir, errAdd) - return - } - log.Debugf("watching Kiro IDE token directory: %s", kiroTokenDir) -} - -func (w *Watcher) processEvents(ctx context.Context) { - for { - select { - case <-ctx.Done(): - return - case event, ok := <-w.watcher.Events: - if !ok { - return - } - w.handleEvent(event) - case errWatch, ok := <-w.watcher.Errors: - if !ok { - return - } - log.Errorf("file watcher error: %v", errWatch) - } - } -} - -func (w *Watcher) handleEvent(event fsnotify.Event) { - // Filter only relevant events: config file or auth-dir JSON files. - configOps := fsnotify.Write | fsnotify.Create | fsnotify.Rename - normalizedName := w.normalizeAuthPath(event.Name) - normalizedConfigPath := w.normalizeAuthPath(w.configPath) - normalizedAuthDir := w.normalizeAuthPath(w.authDir) - isConfigEvent := normalizedName == normalizedConfigPath && event.Op&configOps != 0 - authOps := fsnotify.Create | fsnotify.Write | fsnotify.Remove | fsnotify.Rename - isAuthJSON := strings.HasPrefix(normalizedName, normalizedAuthDir) && strings.HasSuffix(normalizedName, ".json") && event.Op&authOps != 0 - isKiroIDEToken := w.isKiroIDETokenFile(event.Name) && event.Op&authOps != 0 - if !isConfigEvent && !isAuthJSON && !isKiroIDEToken { - // Ignore unrelated files (e.g., cookie snapshots *.cookie) and other noise. - return - } - - if isKiroIDEToken { - w.handleKiroIDETokenChange(event) - return - } - - now := time.Now() - log.Debugf("file system event detected: %s %s", event.Op.String(), event.Name) - - // Handle config file changes - if isConfigEvent { - log.Debugf("config file change details - operation: %s, timestamp: %s", event.Op.String(), now.Format("2006-01-02 15:04:05.000")) - w.scheduleConfigReload() - return - } - - // Handle auth directory changes incrementally (.json only) - if event.Op&(fsnotify.Remove|fsnotify.Rename) != 0 { - if w.shouldDebounceRemove(normalizedName, now) { - log.Debugf("debouncing remove event for %s", filepath.Base(event.Name)) - return - } - // Atomic replace on some platforms may surface as Rename (or Remove) before the new file is ready. - // Wait briefly; if the path exists again, treat as an update instead of removal. - time.Sleep(replaceCheckDelay) - if _, statErr := os.Stat(event.Name); statErr == nil { - if unchanged, errSame := w.authFileUnchanged(event.Name); errSame == nil && unchanged { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(event.Name)) - return - } - logAuthFileChange(event.Op, filepath.Base(event.Name)) - w.addOrUpdateClient(event.Name) - return - } - if !w.isKnownAuthFile(event.Name) { - log.Debugf("ignoring remove for unknown auth file: %s", filepath.Base(event.Name)) - return - } - logAuthFileChange(event.Op, filepath.Base(event.Name)) - w.removeClient(event.Name) - return - } - if event.Op&(fsnotify.Create|fsnotify.Write) != 0 { - if unchanged, errSame := w.authFileUnchanged(event.Name); errSame == nil && unchanged { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(event.Name)) - return - } - logAuthFileChange(event.Op, filepath.Base(event.Name)) - w.addOrUpdateClient(event.Name) - } -} - -func logAuthFileChange(op fsnotify.Op, baseName string) { - if isWriteOnlyAuthEvent(op) { - log.Debugf("auth file changed (%s): %s, processing incrementally", op.String(), baseName) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", op.String(), baseName) -} - -func isWriteOnlyAuthEvent(op fsnotify.Op) bool { - return op&fsnotify.Write != 0 && op&^fsnotify.Write == 0 -} - -func (w *Watcher) isKiroIDETokenFile(path string) bool { - normalized := filepath.ToSlash(path) - return strings.HasSuffix(normalized, "kiro-auth-token.json") && strings.Contains(normalized, ".aws/sso/cache") -} - -func (w *Watcher) handleKiroIDETokenChange(event fsnotify.Event) { - log.Debugf("Kiro IDE token file event detected: %s %s", event.Op.String(), event.Name) - - if event.Op&(fsnotify.Remove|fsnotify.Rename) != 0 { - time.Sleep(replaceCheckDelay) - if _, statErr := os.Stat(event.Name); statErr != nil { - log.Debugf("Kiro IDE token file removed: %s", event.Name) - return - } - } - - // Use retry logic to handle file lock contention (e.g., Kiro IDE writing the file) - // This prevents "being used by another process" errors on Windows - tokenData, err := kiroauth.LoadKiroIDETokenWithRetry(10, 50*time.Millisecond) - if err != nil { - log.Debugf("failed to load Kiro IDE token after change: %v", err) - return - } - - log.Infof("Kiro IDE token file updated, access token refreshed (provider: %s)", tokenData.Provider) - - w.refreshAuthState(true) - - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - - if w.reloadCallback != nil && cfg != nil { - log.Debugf("triggering server update callback after Kiro IDE token change") - w.reloadCallback(cfg) - } -} - -func (w *Watcher) authFileUnchanged(path string) (bool, error) { - data, errRead := os.ReadFile(path) - if errRead != nil { - return false, errRead - } - if len(data) == 0 { - return false, nil - } - sum := sha256.Sum256(data) - curHash := hex.EncodeToString(sum[:]) - - normalized := w.normalizeAuthPath(path) - w.clientsMutex.RLock() - prevHash, ok := w.lastAuthHashes[normalized] - w.clientsMutex.RUnlock() - if ok && prevHash == curHash { - return true, nil - } - return false, nil -} - -func (w *Watcher) isKnownAuthFile(path string) bool { - normalized := w.normalizeAuthPath(path) - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - _, ok := w.lastAuthHashes[normalized] - return ok -} - -func (w *Watcher) normalizeAuthPath(path string) string { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "" - } - cleaned := filepath.Clean(trimmed) - if runtime.GOOS == "windows" { - cleaned = strings.TrimPrefix(cleaned, `\\?\`) - cleaned = strings.ToLower(cleaned) - } - return cleaned -} - -func (w *Watcher) shouldDebounceRemove(normalizedPath string, now time.Time) bool { - if normalizedPath == "" { - return false - } - w.clientsMutex.Lock() - if w.lastRemoveTimes == nil { - w.lastRemoveTimes = make(map[string]time.Time) - } - if last, ok := w.lastRemoveTimes[normalizedPath]; ok { - if now.Sub(last) < authRemoveDebounceWindow { - w.clientsMutex.Unlock() - return true - } - } - w.lastRemoveTimes[normalizedPath] = now - if len(w.lastRemoveTimes) > 128 { - cutoff := now.Add(-2 * authRemoveDebounceWindow) - for p, t := range w.lastRemoveTimes { - if t.Before(cutoff) { - delete(w.lastRemoveTimes, p) - } - } - } - w.clientsMutex.Unlock() - return false -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/logging_helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/logging_helpers.go deleted file mode 100644 index b4cd3ae225..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/logging_helpers.go +++ /dev/null @@ -1,24 +0,0 @@ -package watcher - -import "fmt" - -func summarizeStaticCredentialClients(gemini, vertex, claude, codex, openAICompat int) int { - return gemini + vertex + claude + codex + openAICompat -} - -func clientReloadSummary(totalClients, authFileCount, staticCredentialClients int) string { - return fmt.Sprintf( - "full client load complete - %d clients (%d auth files + %d static credential clients)", - totalClients, - authFileCount, - staticCredentialClients, - ) -} - -func redactedConfigChangeLogLines(details []string) []string { - lines := make([]string, 0, len(details)) - for i := range details { - lines = append(lines, fmt.Sprintf(" change[%d] recorded (redacted)", i+1)) - } - return lines -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/logging_safety_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/logging_safety_test.go deleted file mode 100644 index 2dd7424e5a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/logging_safety_test.go +++ /dev/null @@ -1,40 +0,0 @@ -package watcher - -import ( - "strings" - "testing" -) - -func TestRedactedConfigChangeLogLines(t *testing.T) { - lines := redactedConfigChangeLogLines([]string{ - "api-key: sk-live-abc123", - "oauth-token: bearer secret", - }) - if len(lines) != 2 { - t.Fatalf("expected 2 lines, got %d", len(lines)) - } - for _, line := range lines { - if strings.Contains(line, "sk-live-abc123") || strings.Contains(line, "secret") { - t.Fatalf("sensitive content leaked in redacted line: %q", line) - } - if !strings.Contains(line, "redacted") { - t.Fatalf("expected redacted marker in line: %q", line) - } - } -} - -func TestClientReloadSummary(t *testing.T) { - got := clientReloadSummary(9, 4, 5) - if !strings.Contains(got, "9 clients") { - t.Fatalf("expected total client count, got %q", got) - } - if !strings.Contains(got, "4 auth files") { - t.Fatalf("expected auth file count, got %q", got) - } - if !strings.Contains(got, "5 static credential clients") { - t.Fatalf("expected static credential count, got %q", got) - } - if strings.Contains(strings.ToLower(got), "api key") { - t.Fatalf("summary should not mention api keys directly: %q", got) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/config.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/config.go deleted file mode 100644 index 65cadb1464..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/config.go +++ /dev/null @@ -1,660 +0,0 @@ -package synthesizer - -import ( - "bytes" - "encoding/json" - "fmt" - "net/http" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cursorstorage" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// ConfigSynthesizer generates Auth entries from configuration API keys. -// It handles Gemini, Claude, Codex, OpenAI-compat, and Vertex-compat providers. -type ConfigSynthesizer struct{} - -// NewConfigSynthesizer creates a new ConfigSynthesizer instance. -func NewConfigSynthesizer() *ConfigSynthesizer { - return &ConfigSynthesizer{} -} - -// synthesizeOAICompatFromDedicatedBlocks creates Auth entries from dedicated provider blocks -// (minimax, roo, kilo, deepseek, etc.) using a generic synthesizer path. -func (s *ConfigSynthesizer) synthesizeOAICompatFromDedicatedBlocks(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0) - for _, p := range config.GetDedicatedProviders() { - entries := s.getDedicatedProviderEntries(p, cfg) - if len(entries) == 0 { - continue - } - - for i := range entries { - entry := &entries[i] - apiKey := s.resolveAPIKeyFromEntry(entry.TokenFile, entry.APIKey, i, p.Name) - if apiKey == "" { - continue - } - baseURL := strings.TrimSpace(entry.BaseURL) - if baseURL == "" { - baseURL = p.BaseURL - } - baseURL = strings.TrimSuffix(baseURL, "/") - - id, _ := idGen.Next(p.Name+":key", apiKey, baseURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%d]", p.Name, i), - "base_url": baseURL, - "api_key": apiKey, - } - if entry.Priority != 0 { - attrs["priority"] = strconv.Itoa(entry.Priority) - } - if hash := diff.ComputeOpenAICompatModelsHash(entry.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(entry.Headers, attrs) - - a := &coreauth.Auth{ - ID: id, - Provider: p.Name, - Label: p.Name + "-key", - Prefix: entry.Prefix, - Status: coreauth.StatusActive, - ProxyURL: strings.TrimSpace(entry.ProxyURL), - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, entry.ExcludedModels, "key") - out = append(out, a) - } - } - return out -} - -// Synthesize generates Auth entries from config API keys. -func (s *ConfigSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 32) - if ctx == nil || ctx.Config == nil { - return out, nil - } - - // Gemini API Keys - out = append(out, s.synthesizeGeminiKeys(ctx)...) - // Claude API Keys - out = append(out, s.synthesizeClaudeKeys(ctx)...) - // Codex API Keys - out = append(out, s.synthesizeCodexKeys(ctx)...) - // Kiro (AWS CodeWhisperer) - out = append(out, s.synthesizeKiroKeys(ctx)...) - // Cursor (via cursor-api) - out = append(out, s.synthesizeCursorKeys(ctx)...) - // Dedicated OpenAI-compatible blocks (minimax, roo, kilo, deepseek, groq, etc.) - out = append(out, s.synthesizeOAICompatFromDedicatedBlocks(ctx)...) - // Generic OpenAI-compat - out = append(out, s.synthesizeOpenAICompat(ctx)...) - // Vertex-compat - out = append(out, s.synthesizeVertexCompat(ctx)...) - - return out, nil -} - -// synthesizeGeminiKeys creates Auth entries for Gemini API keys. -func (s *ConfigSynthesizer) synthesizeGeminiKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.GeminiKey)) - for i := range cfg.GeminiKey { - entry := cfg.GeminiKey[i] - key := strings.TrimSpace(entry.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(entry.Prefix) - base := strings.TrimSpace(entry.BaseURL) - proxyURL := strings.TrimSpace(entry.ProxyURL) - id, token := idGen.Next("gemini:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:gemini[%s]", token), - "api_key": key, - } - if entry.Priority != 0 { - attrs["priority"] = strconv.Itoa(entry.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeGeminiModelsHash(entry.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(entry.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: "gemini", - Label: "gemini-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, entry.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeClaudeKeys creates Auth entries for Claude API keys. -func (s *ConfigSynthesizer) synthesizeClaudeKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.ClaudeKey)) - for i := range cfg.ClaudeKey { - ck := cfg.ClaudeKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - base := strings.TrimSpace(ck.BaseURL) - id, token := idGen.Next("claude:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:claude[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeClaudeModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "claude", - Label: "claude-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeCodexKeys creates Auth entries for Codex API keys. -func (s *ConfigSynthesizer) synthesizeCodexKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.CodexKey)) - for i := range cfg.CodexKey { - ck := cfg.CodexKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - id, token := idGen.Next("codex:apikey", key, ck.BaseURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:codex[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if ck.BaseURL != "" { - attrs["base_url"] = ck.BaseURL - } - if ck.Websockets { - attrs["websockets"] = "true" - } - if hash := diff.ComputeCodexModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "codex", - Label: "codex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeOpenAICompat creates Auth entries for OpenAI-compatible providers. -func (s *ConfigSynthesizer) synthesizeOpenAICompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0) - for i := range cfg.OpenAICompatibility { - compat := &cfg.OpenAICompatibility[i] - prefix := strings.TrimSpace(compat.Prefix) - providerName := strings.ToLower(strings.TrimSpace(compat.Name)) - if providerName == "" { - providerName = "openai-compatibility" - } - base := strings.TrimSpace(compat.BaseURL) - modelsEndpoint := strings.TrimSpace(compat.ModelsEndpoint) - - // Handle new APIKeyEntries format (preferred) - createdEntries := 0 - for j := range compat.APIKeyEntries { - entry := &compat.APIKeyEntries[j] - apiKey := s.resolveAPIKeyFromEntry(entry.TokenFile, entry.APIKey, j, providerName) - if apiKey == "" { - continue - } - proxyURL := strings.TrimSpace(entry.ProxyURL) - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, apiKey, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if modelsEndpoint != "" { - attrs["models_endpoint"] = modelsEndpoint - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if apiKey != "" { - attrs["api_key"] = apiKey - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - createdEntries++ - } - // Fallback: create entry without API key if no APIKeyEntries - if createdEntries == 0 { - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if modelsEndpoint != "" { - attrs["models_endpoint"] = modelsEndpoint - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - } - } - return out -} - -// synthesizeVertexCompat creates Auth entries for Vertex-compatible providers. -func (s *ConfigSynthesizer) synthesizeVertexCompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.VertexCompatAPIKey)) - for i := range cfg.VertexCompatAPIKey { - compat := &cfg.VertexCompatAPIKey[i] - providerName := "vertex" - base := strings.TrimSpace(compat.BaseURL) - - key := strings.TrimSpace(compat.APIKey) - prefix := strings.TrimSpace(compat.Prefix) - proxyURL := strings.TrimSpace(compat.ProxyURL) - idKind := "vertex:apikey" - id, token := idGen.Next(idKind, key, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:vertex-apikey[%s]", token), - "base_url": base, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if key != "" { - attrs["api_key"] = key - } - if hash := diff.ComputeVertexCompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: "vertex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, nil, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeCursorKeys creates Auth entries for Cursor (via cursor-api). -// Precedence: token-file > auto-detected IDE token (zero-action flow). -func (s *ConfigSynthesizer) synthesizeCursorKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - if len(cfg.CursorKey) == 0 { - return nil - } - - out := make([]*coreauth.Auth, 0, len(cfg.CursorKey)) - for i := range cfg.CursorKey { - ck := cfg.CursorKey[i] - cursorAPIURL := strings.TrimSpace(ck.CursorAPIURL) - if cursorAPIURL == "" { - cursorAPIURL = "http://127.0.0.1:3000" - } - baseURL := strings.TrimSuffix(cursorAPIURL, "/") + "/v1" - - var apiKey, source string - if ck.TokenFile != "" { - // token-file path: read sk-... from file (current behavior) - tokenPath := ck.TokenFile - if strings.HasPrefix(tokenPath, "~") { - home, err := os.UserHomeDir() - if err != nil { - log.Warnf("cursor config[%d] failed to expand ~: %v", i, err) - continue - } - tokenPath = filepath.Join(home, tokenPath[1:]) - } - data, err := os.ReadFile(tokenPath) - if err != nil { - log.Warnf("cursor config[%d] failed to read token file %s: %v", i, ck.TokenFile, err) - continue - } - apiKey = strings.TrimSpace(string(data)) - if apiKey == "" || !strings.HasPrefix(apiKey, "sk-") { - log.Warnf("cursor config[%d] token file must contain sk-... key from cursor-api /build-key", i) - continue - } - source = fmt.Sprintf("config:cursor[%s]", ck.TokenFile) - } else { - // zero-action: read from Cursor IDE storage, POST /tokens/add, use auth-token for chat - ideToken, err := cursorstorage.ReadAccessToken() - if err != nil { - log.Warnf("cursor config[%d] %v", i, err) - continue - } - if ideToken == "" { - log.Warnf("cursor config[%d] Cursor IDE not found or not logged in; ensure Cursor IDE is installed and you are logged in", i) - continue - } - authToken := strings.TrimSpace(ck.AuthToken) - if authToken == "" { - log.Warnf("cursor config[%d] cursor-api auth required: set auth-token to match cursor-api AUTH_TOKEN (required for zero-action flow)", i) - continue - } - if err := s.cursorAddToken(cursorAPIURL, authToken, ideToken); err != nil { - log.Warnf("cursor config[%d] failed to add token to cursor-api: %v", i, err) - continue - } - apiKey = authToken - source = "config:cursor[ide-zero-action]" - } - - id, _ := idGen.Next("cursor:token", apiKey, baseURL) - attrs := map[string]string{ - "source": source, - "base_url": baseURL, - "api_key": apiKey, - } - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "cursor", - Label: "cursor-token", - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - } - return out -} - -// cursorAddToken POSTs the IDE access token to cursor-api /tokens/add. -func (s *ConfigSynthesizer) cursorAddToken(baseURL, authToken, ideToken string) error { - url := strings.TrimSuffix(baseURL, "/") + "/tokens/add" - body := map[string]any{ - "tokens": []map[string]string{{"token": ideToken}}, - "enabled": true, - } - raw, err := json.Marshal(body) - if err != nil { - return err - } - req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(raw)) - if err != nil { - return err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+authToken) - client := &http.Client{Timeout: 10 * time.Second} - resp, err := client.Do(req) - if err != nil { - return fmt.Errorf("request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - if resp.StatusCode == http.StatusUnauthorized { - return fmt.Errorf("cursor-api auth required: set auth-token to match cursor-api AUTH_TOKEN") - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return fmt.Errorf("tokens/add returned %d", resp.StatusCode) - } - return nil -} - -func (s *ConfigSynthesizer) resolveAPIKeyFromEntry(tokenFile, apiKey string, _ int, _ string) string { - if apiKey != "" { - return strings.TrimSpace(apiKey) - } - if tokenFile == "" { - return "" - } - tokenPath := tokenFile - if strings.HasPrefix(tokenPath, "~") { - home, err := os.UserHomeDir() - if err != nil { - return "" - } - tokenPath = filepath.Join(home, tokenPath[1:]) - } - data, err := os.ReadFile(tokenPath) - if err != nil { - return "" - } - var parsed struct { - AccessToken string `json:"access_token"` - APIKey string `json:"api_key"` - } - if err := json.Unmarshal(data, &parsed); err == nil { - if v := strings.TrimSpace(parsed.AccessToken); v != "" { - return v - } - if v := strings.TrimSpace(parsed.APIKey); v != "" { - return v - } - } - return strings.TrimSpace(string(data)) -} - -// synthesizeKiroKeys creates Auth entries for Kiro (AWS CodeWhisperer) tokens. -func (s *ConfigSynthesizer) synthesizeKiroKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - if len(cfg.KiroKey) == 0 { - return nil - } - - out := make([]*coreauth.Auth, 0, len(cfg.KiroKey)) - kAuth := kiroauth.NewKiroAuth(cfg) - - for i := range cfg.KiroKey { - kk := cfg.KiroKey[i] - var accessToken, profileArn, refreshToken string - - // Try to load from token file first - if kk.TokenFile != "" && kAuth != nil { - tokenData, err := kAuth.LoadTokenFromFile(kk.TokenFile) - if err != nil { - log.Warnf("failed to load kiro token file %s: %v", kk.TokenFile, err) - } else { - accessToken = tokenData.AccessToken - profileArn = tokenData.ProfileArn - refreshToken = tokenData.RefreshToken - } - } - - // Override with direct config values if provided - if kk.AccessToken != "" { - accessToken = kk.AccessToken - } - if kk.ProfileArn != "" { - profileArn = kk.ProfileArn - } - if kk.RefreshToken != "" { - refreshToken = kk.RefreshToken - } - - if accessToken == "" { - log.Warnf("kiro config[%d] missing access_token, skipping", i) - continue - } - - // profileArn is optional for AWS Builder ID users. When profileArn is empty, - // include refreshToken in the stable ID seed to avoid collisions between - // multiple imported Builder ID credentials. - idSeed := []string{accessToken, profileArn} - if profileArn == "" && refreshToken != "" { - idSeed = append(idSeed, refreshToken) - } - id, token := idGen.Next("kiro:token", idSeed...) - attrs := map[string]string{ - "source": fmt.Sprintf("config:kiro[%s]", token), - "access_token": accessToken, - } - if profileArn != "" { - attrs["profile_arn"] = profileArn - } - if kk.Region != "" { - attrs["region"] = kk.Region - } - if kk.AgentTaskType != "" { - attrs["agent_task_type"] = kk.AgentTaskType - } - if kk.PreferredEndpoint != "" { - attrs["preferred_endpoint"] = kk.PreferredEndpoint - } else if cfg.KiroPreferredEndpoint != "" { - // Apply global default if not overridden by specific key - attrs["preferred_endpoint"] = cfg.KiroPreferredEndpoint - } - if refreshToken != "" { - attrs["refresh_token"] = refreshToken - } - proxyURL := strings.TrimSpace(kk.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "kiro", - Label: "kiro-token", - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - - if refreshToken != "" { - if a.Metadata == nil { - a.Metadata = make(map[string]any) - } - a.Metadata["refresh_token"] = refreshToken - } - - out = append(out, a) - } - return out -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/config_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/config_test.go deleted file mode 100644 index 38ff58af8f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/config_test.go +++ /dev/null @@ -1,229 +0,0 @@ -package synthesizer - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "os" - "path/filepath" - "testing" - "time" -) - -func TestConfigSynthesizer_Synthesize(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - ClaudeKey: []config.ClaudeKey{{APIKey: "k1", Prefix: "p1"}}, - GeminiKey: []config.GeminiKey{{APIKey: "g1"}}, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - - if len(auths) != 2 { - t.Errorf("expected 2 auth entries, got %d", len(auths)) - } - - foundClaude := false - for _, a := range auths { - if a.Provider == "claude" { - foundClaude = true - if a.Prefix != "p1" { - t.Errorf("expected prefix p1, got %s", a.Prefix) - } - if a.Attributes["api_key"] != "k1" { - t.Error("missing api_key attribute") - } - } - } - if !foundClaude { - t.Error("claude auth not found") - } -} - -func TestConfigSynthesizer_SynthesizeOpenAICompat(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "provider1", - BaseURL: "http://base", - ModelsEndpoint: "/api/coding/paas/v4/models", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k1"}}, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - - if len(auths) != 1 || auths[0].Provider != "provider1" { - t.Errorf("expected 1 auth for provider1, got %v", auths) - } - if got := auths[0].Attributes["models_endpoint"]; got != "/api/coding/paas/v4/models" { - t.Fatalf("models_endpoint = %q, want %q", got, "/api/coding/paas/v4/models") - } -} - -func TestConfigSynthesizer_SynthesizeMore(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - CodexKey: []config.CodexKey{{APIKey: "co1"}}, - VertexCompatAPIKey: []config.VertexCompatKey{{APIKey: "vx1", BaseURL: "http://vx"}}, - GeneratedConfig: config.GeneratedConfig{ - DeepSeekKey: []config.DeepSeekKey{{APIKey: "ds1"}}, - GroqKey: []config.GroqKey{{APIKey: "gr1"}}, - MistralKey: []config.MistralKey{{APIKey: "mi1"}}, - SiliconFlowKey: []config.SiliconFlowKey{{APIKey: "sf1"}}, - OpenRouterKey: []config.OpenRouterKey{{APIKey: "or1"}}, - TogetherKey: []config.TogetherKey{{APIKey: "to1"}}, - FireworksKey: []config.FireworksKey{{APIKey: "fw1"}}, - NovitaKey: []config.NovitaKey{{APIKey: "no1"}}, - MiniMaxKey: []config.MiniMaxKey{{APIKey: "mm1"}}, - RooKey: []config.RooKey{{APIKey: "ro1"}}, - KiloKey: []config.KiloKey{{APIKey: "ki1"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - - expectedProviders := map[string]bool{ - "codex": true, - "deepseek": true, - "groq": true, - "mistral": true, - "siliconflow": true, - "openrouter": true, - "together": true, - "fireworks": true, - "novita": true, - "minimax": true, - "roo": true, - "kilo": true, - "vertex": true, - } - - for _, a := range auths { - delete(expectedProviders, a.Provider) - } - - if len(expectedProviders) > 0 { - t.Errorf("missing providers in synthesis: %v", expectedProviders) - } -} - -func TestConfigSynthesizer_SynthesizeKiroKeys_UsesRefreshTokenForIDWhenProfileArnMissing(t *testing.T) { - s := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - KiroKey: []config.KiroKey{ - {AccessToken: "shared-access-token", RefreshToken: "refresh-one"}, - {AccessToken: "shared-access-token", RefreshToken: "refresh-two"}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - if len(auths) != 2 { - t.Fatalf("expected 2 auth entries, got %d", len(auths)) - } - if auths[0].ID == auths[1].ID { - t.Fatalf("expected unique auth IDs for distinct refresh tokens, got %q", auths[0].ID) - } -} - -func TestConfigSynthesizer_SynthesizeCursorKeys_FromTokenFile(t *testing.T) { - s := NewConfigSynthesizer() - tokenDir := t.TempDir() - tokenPath := filepath.Join(tokenDir, "cursor-token.txt") - if err := os.WriteFile(tokenPath, []byte("sk-cursor-test"), 0o600); err != nil { - t.Fatalf("write token file: %v", err) - } - - ctx := &SynthesisContext{ - Config: &config.Config{ - CursorKey: []config.CursorKey{ - { - TokenFile: tokenPath, - CursorAPIURL: "http://127.0.0.1:3010/", - ProxyURL: "http://127.0.0.1:7890", - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth entry, got %d", len(auths)) - } - - got := auths[0] - if got.Provider != "cursor" { - t.Fatalf("provider = %q, want %q", got.Provider, "cursor") - } - if got.Attributes["api_key"] != "sk-cursor-test" { - t.Fatalf("api_key = %q, want %q", got.Attributes["api_key"], "sk-cursor-test") - } - if got.Attributes["base_url"] != "http://127.0.0.1:3010/v1" { - t.Fatalf("base_url = %q, want %q", got.Attributes["base_url"], "http://127.0.0.1:3010/v1") - } - if got.ProxyURL != "http://127.0.0.1:7890" { - t.Fatalf("proxy_url = %q, want %q", got.ProxyURL, "http://127.0.0.1:7890") - } -} - -func TestConfigSynthesizer_SynthesizeCursorKeys_InvalidTokenFileIsSkipped(t *testing.T) { - s := NewConfigSynthesizer() - tokenDir := t.TempDir() - tokenPath := filepath.Join(tokenDir, "cursor-token.txt") - if err := os.WriteFile(tokenPath, []byte("invalid-token"), 0o600); err != nil { - t.Fatalf("write token file: %v", err) - } - - ctx := &SynthesisContext{ - Config: &config.Config{ - CursorKey: []config.CursorKey{ - { - TokenFile: tokenPath, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := s.Synthesize(ctx) - if err != nil { - t.Fatalf("Synthesize failed: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected invalid cursor token file to be skipped, got %d auth entries", len(auths)) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/context.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/context.go deleted file mode 100644 index 8dadc9026a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/context.go +++ /dev/null @@ -1,19 +0,0 @@ -package synthesizer - -import ( - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// SynthesisContext provides the context needed for auth synthesis. -type SynthesisContext struct { - // Config is the current configuration - Config *config.Config - // AuthDir is the directory containing auth files - AuthDir string - // Now is the current time for timestamps - Now time.Time - // IDGenerator generates stable IDs for auth entries - IDGenerator *StableIDGenerator -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/file.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/file.go deleted file mode 100644 index 65aefc756d..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/file.go +++ /dev/null @@ -1,298 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/geminicli" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// FileSynthesizer generates Auth entries from OAuth JSON files. -// It handles file-based authentication and Gemini virtual auth generation. -type FileSynthesizer struct{} - -// NewFileSynthesizer creates a new FileSynthesizer instance. -func NewFileSynthesizer() *FileSynthesizer { - return &FileSynthesizer{} -} - -// Synthesize generates Auth entries from auth files in the auth directory. -func (s *FileSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 16) - if ctx == nil || ctx.AuthDir == "" { - return out, nil - } - - entries, err := os.ReadDir(ctx.AuthDir) - if err != nil { - // Not an error if directory doesn't exist - return out, nil - } - - now := ctx.Now - cfg := ctx.Config - - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full := filepath.Join(ctx.AuthDir, name) - data, errRead := os.ReadFile(full) - if errRead != nil || len(data) == 0 { - continue - } - var metadata map[string]any - if errUnmarshal := json.Unmarshal(data, &metadata); errUnmarshal != nil { - continue - } - t, _ := metadata["type"].(string) - if t == "" { - continue - } - provider := strings.ToLower(t) - if provider == "gemini" { - provider = "gemini-cli" - } - label := provider - if email, _ := metadata["email"].(string); email != "" { - label = email - } - // Use relative path under authDir as ID to stay consistent with the file-based token store - id := full - if rel, errRel := filepath.Rel(ctx.AuthDir, full); errRel == nil && rel != "" { - id = rel - } - - proxyURL := "" - if p, ok := metadata["proxy_url"].(string); ok { - proxyURL = p - } - - prefix := "" - if rawPrefix, ok := metadata["prefix"].(string); ok { - trimmed := strings.TrimSpace(rawPrefix) - trimmed = strings.Trim(trimmed, "/") - if trimmed != "" && !strings.Contains(trimmed, "/") { - prefix = trimmed - } - } - - disabled, _ := metadata["disabled"].(bool) - status := coreauth.StatusActive - if disabled { - status = coreauth.StatusDisabled - } - - // Read per-account excluded models from the OAuth JSON file - perAccountExcluded := extractExcludedModelsFromMetadata(metadata) - - a := &coreauth.Auth{ - ID: id, - Provider: provider, - Label: label, - Prefix: prefix, - Status: status, - Disabled: disabled, - Attributes: map[string]string{ - "source": full, - "path": full, - }, - ProxyURL: proxyURL, - Metadata: metadata, - CreatedAt: now, - UpdatedAt: now, - } - // Read priority from auth file - if rawPriority, ok := metadata["priority"]; ok { - switch v := rawPriority.(type) { - case float64: - a.Attributes["priority"] = strconv.Itoa(int(v)) - case string: - priority := strings.TrimSpace(v) - if _, errAtoi := strconv.Atoi(priority); errAtoi == nil { - a.Attributes["priority"] = priority - } - } - } - ApplyAuthExcludedModelsMeta(a, cfg, perAccountExcluded, "oauth") - if provider == "gemini-cli" { - if virtuals := SynthesizeGeminiVirtualAuths(a, metadata, now); len(virtuals) > 0 { - for _, v := range virtuals { - ApplyAuthExcludedModelsMeta(v, cfg, perAccountExcluded, "oauth") - } - out = append(out, a) - out = append(out, virtuals...) - continue - } - } - out = append(out, a) - } - return out, nil -} - -// SynthesizeGeminiVirtualAuths creates virtual Auth entries for multi-project Gemini credentials. -// It disables the primary auth and creates one virtual auth per project. -func SynthesizeGeminiVirtualAuths(primary *coreauth.Auth, metadata map[string]any, now time.Time) []*coreauth.Auth { - if primary == nil || metadata == nil { - return nil - } - projects := splitGeminiProjectIDs(metadata) - if len(projects) <= 1 { - return nil - } - email, _ := metadata["email"].(string) - shared := geminicli.NewSharedCredential(primary.ID, email, metadata, projects) - primary.Disabled = true - primary.Status = coreauth.StatusDisabled - primary.Runtime = shared - if primary.Attributes == nil { - primary.Attributes = make(map[string]string) - } - primary.Attributes["gemini_virtual_primary"] = "true" - primary.Attributes["virtual_children"] = strings.Join(projects, ",") - source := primary.Attributes["source"] - authPath := primary.Attributes["path"] - originalProvider := primary.Provider - if originalProvider == "" { - originalProvider = "gemini-cli" - } - label := primary.Label - if label == "" { - label = originalProvider - } - virtuals := make([]*coreauth.Auth, 0, len(projects)) - for _, projectID := range projects { - attrs := map[string]string{ - "runtime_only": "true", - "gemini_virtual_parent": primary.ID, - "gemini_virtual_project": projectID, - } - if source != "" { - attrs["source"] = source - } - if authPath != "" { - attrs["path"] = authPath - } - // Propagate priority from primary auth to virtual auths - if priorityVal, hasPriority := primary.Attributes["priority"]; hasPriority && priorityVal != "" { - attrs["priority"] = priorityVal - } - metadataCopy := map[string]any{ - "email": email, - "project_id": projectID, - "virtual": true, - "virtual_parent_id": primary.ID, - "type": metadata["type"], - } - if v, ok := metadata["disable_cooling"]; ok { - metadataCopy["disable_cooling"] = v - } else if v, ok := metadata["disable-cooling"]; ok { - metadataCopy["disable_cooling"] = v - } - if v, ok := metadata["request_retry"]; ok { - metadataCopy["request_retry"] = v - } else if v, ok := metadata["request-retry"]; ok { - metadataCopy["request_retry"] = v - } - proxy := strings.TrimSpace(primary.ProxyURL) - if proxy != "" { - metadataCopy["proxy_url"] = proxy - } - virtual := &coreauth.Auth{ - ID: buildGeminiVirtualID(primary.ID, projectID), - Provider: originalProvider, - Label: fmt.Sprintf("%s [%s]", label, projectID), - Status: coreauth.StatusActive, - Attributes: attrs, - Metadata: metadataCopy, - ProxyURL: primary.ProxyURL, - Prefix: primary.Prefix, - CreatedAt: primary.CreatedAt, - UpdatedAt: primary.UpdatedAt, - Runtime: geminicli.NewVirtualCredential(projectID, shared), - } - virtuals = append(virtuals, virtual) - } - return virtuals -} - -// splitGeminiProjectIDs extracts and deduplicates project IDs from metadata. -func splitGeminiProjectIDs(metadata map[string]any) []string { - raw, _ := metadata["project_id"].(string) - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return nil - } - parts := strings.Split(trimmed, ",") - result := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, ok := seen[id]; ok { - continue - } - seen[id] = struct{}{} - result = append(result, id) - } - return result -} - -// buildGeminiVirtualID constructs a virtual auth ID from base ID and project ID. -func buildGeminiVirtualID(baseID, projectID string) string { - project := strings.TrimSpace(projectID) - if project == "" { - project = "project" - } - replacer := strings.NewReplacer("/", "_", "\\", "_", " ", "_") - return fmt.Sprintf("%s::%s", baseID, replacer.Replace(project)) -} - -// extractExcludedModelsFromMetadata reads per-account excluded models from the OAuth JSON metadata. -// Supports both "excluded_models" and "excluded-models" keys, and accepts both []string and []interface{}. -func extractExcludedModelsFromMetadata(metadata map[string]any) []string { - if metadata == nil { - return nil - } - // Try both key formats - raw, ok := metadata["excluded_models"] - if !ok { - raw, ok = metadata["excluded-models"] - } - if !ok || raw == nil { - return nil - } - var stringSlice []string - switch v := raw.(type) { - case []string: - stringSlice = v - case []interface{}: - stringSlice = make([]string, 0, len(v)) - for _, item := range v { - if s, ok := item.(string); ok { - stringSlice = append(stringSlice, s) - } - } - default: - return nil - } - result := make([]string, 0, len(stringSlice)) - for _, s := range stringSlice { - if trimmed := strings.TrimSpace(s); trimmed != "" { - result = append(result, trimmed) - } - } - return result -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/file_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/file_test.go deleted file mode 100644 index 88873a6138..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/file_test.go +++ /dev/null @@ -1,746 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "os" - "path/filepath" - "strings" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestNewFileSynthesizer(t *testing.T) { - synth := NewFileSynthesizer() - if synth == nil { - t.Fatal("expected non-nil synthesizer") - } -} - -func TestFileSynthesizer_Synthesize_NilContext(t *testing.T) { - synth := NewFileSynthesizer() - auths, err := synth.Synthesize(nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_EmptyAuthDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_NonExistentDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "/non/existent/path", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_ValidAuthFile(t *testing.T) { - tempDir := t.TempDir() - - // Create a valid auth file - authData := map[string]any{ - "type": "claude", - "email": "test@example.com", - "proxy_url": "http://proxy.local", - "prefix": "test-prefix", - "disable_cooling": true, - "request_retry": 2, - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "claude-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "claude" { - t.Errorf("expected provider claude, got %s", auths[0].Provider) - } - if auths[0].Label != "test@example.com" { - t.Errorf("expected label test@example.com, got %s", auths[0].Label) - } - if auths[0].Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", auths[0].Prefix) - } - if auths[0].ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", auths[0].ProxyURL) - } - if v, ok := auths[0].Metadata["disable_cooling"].(bool); !ok || !v { - t.Errorf("expected disable_cooling true, got %v", auths[0].Metadata["disable_cooling"]) - } - if v, ok := auths[0].Metadata["request_retry"].(float64); !ok || int(v) != 2 { - t.Errorf("expected request_retry 2, got %v", auths[0].Metadata["request_retry"]) - } - if auths[0].Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", auths[0].Status) - } -} - -func TestFileSynthesizer_Synthesize_GeminiProviderMapping(t *testing.T) { - tempDir := t.TempDir() - - // Gemini type should be mapped to gemini-cli - authData := map[string]any{ - "type": "gemini", - "email": "gemini@example.com", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "gemini-cli" { - t.Errorf("gemini should be mapped to gemini-cli, got %s", auths[0].Provider) - } -} - -func TestFileSynthesizer_Synthesize_SkipsInvalidFiles(t *testing.T) { - tempDir := t.TempDir() - - // Create various invalid files - _ = os.WriteFile(filepath.Join(tempDir, "not-json.txt"), []byte("text content"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "invalid.json"), []byte("not valid json"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "empty.json"), []byte(""), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "no-type.json"), []byte(`{"email": "test@example.com"}`), 0644) - - // Create one valid file - validData, _ := json.Marshal(map[string]any{"type": "claude", "email": "valid@example.com"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("only valid auth file should be processed, got %d", len(auths)) - } - if auths[0].Label != "valid@example.com" { - t.Errorf("expected label valid@example.com, got %s", auths[0].Label) - } -} - -func TestFileSynthesizer_Synthesize_SkipsDirectories(t *testing.T) { - tempDir := t.TempDir() - - // Create a subdirectory with a json file inside - subDir := filepath.Join(tempDir, "subdir.json") - err := os.Mkdir(subDir, 0755) - if err != nil { - t.Fatalf("failed to create subdir: %v", err) - } - - // Create a valid file in root - validData, _ := json.Marshal(map[string]any{"type": "claude"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_RelativeID(t *testing.T) { - tempDir := t.TempDir() - - authData := map[string]any{"type": "claude"} - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "my-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - // ID should be relative path - if auths[0].ID != "my-auth.json" { - t.Errorf("expected ID my-auth.json, got %s", auths[0].ID) - } -} - -func TestFileSynthesizer_Synthesize_PrefixValidation(t *testing.T) { - tests := []struct { - name string - prefix string - wantPrefix string - }{ - {"valid prefix", "myprefix", "myprefix"}, - {"prefix with slashes trimmed", "/myprefix/", "myprefix"}, - {"prefix with spaces trimmed", " myprefix ", "myprefix"}, - {"prefix with internal slash rejected", "my/prefix", ""}, - {"empty prefix", "", ""}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "prefix": tt.prefix, - } - data, _ := json.Marshal(authData) - _ = os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if auths[0].Prefix != tt.wantPrefix { - t.Errorf("expected prefix %q, got %q", tt.wantPrefix, auths[0].Prefix) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_PriorityParsing(t *testing.T) { - tests := []struct { - name string - priority any - want string - hasValue bool - }{ - { - name: "string with spaces", - priority: " 10 ", - want: "10", - hasValue: true, - }, - { - name: "number", - priority: 8, - want: "8", - hasValue: true, - }, - { - name: "invalid string", - priority: "1x", - hasValue: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "priority": tt.priority, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - value, ok := auths[0].Attributes["priority"] - if tt.hasValue { - if !ok { - t.Fatal("expected priority attribute to be set") - } - if value != tt.want { - t.Fatalf("expected priority %q, got %q", tt.want, value) - } - return - } - if ok { - t.Fatalf("expected priority attribute to be absent, got %q", value) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_OAuthExcludedModelsMerged(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "excluded_models": []string{"custom-model", "MODEL-B"}, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"shared", "model-b"}, - }, - }, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - got := auths[0].Attributes["excluded_models"] - want := "custom-model,model-b,shared" - if got != want { - t.Fatalf("expected excluded_models %q, got %q", want, got) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilInputs(t *testing.T) { - now := time.Now() - - if SynthesizeGeminiVirtualAuths(nil, nil, now) != nil { - t.Error("expected nil for nil primary") - } - if SynthesizeGeminiVirtualAuths(&coreauth.Auth{}, nil, now) != nil { - t.Error("expected nil for nil metadata") - } - if SynthesizeGeminiVirtualAuths(nil, map[string]any{}, now) != nil { - t.Error("expected nil for nil primary with metadata") - } -} - -func TestSynthesizeGeminiVirtualAuths_SingleProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "test-id", - Provider: "gemini-cli", - Label: "test@example.com", - } - metadata := map[string]any{ - "project_id": "single-project", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - if virtuals != nil { - t.Error("single project should not create virtuals") - } -} - -func TestSynthesizeGeminiVirtualAuths_MultiProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Prefix: "test-prefix", - ProxyURL: "http://proxy.local", - Attributes: map[string]string{ - "source": "test-source", - "path": "/path/to/auth", - }, - } - metadata := map[string]any{ - "project_id": "project-a, project-b, project-c", - "email": "test@example.com", - "type": "gemini", - "request_retry": 2, - "disable_cooling": true, - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 3 { - t.Fatalf("expected 3 virtuals, got %d", len(virtuals)) - } - - // Check primary is disabled - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } - if !strings.Contains(primary.Attributes["virtual_children"], "project-a") { - t.Error("expected virtual_children to contain project-a") - } - - // Check virtuals - projectIDs := []string{"project-a", "project-b", "project-c"} - for i, v := range virtuals { - if v.Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli, got %s", v.Provider) - } - if v.Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", v.Status) - } - if v.Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", v.Prefix) - } - if v.ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", v.ProxyURL) - } - if vv, ok := v.Metadata["disable_cooling"].(bool); !ok || !vv { - t.Errorf("expected disable_cooling true, got %v", v.Metadata["disable_cooling"]) - } - if vv, ok := v.Metadata["request_retry"].(int); !ok || vv != 2 { - t.Errorf("expected request_retry 2, got %v", v.Metadata["request_retry"]) - } - if v.Attributes["runtime_only"] != "true" { - t.Error("expected runtime_only=true") - } - if v.Attributes["gemini_virtual_parent"] != "primary-id" { - t.Errorf("expected gemini_virtual_parent=primary-id, got %s", v.Attributes["gemini_virtual_parent"]) - } - if v.Attributes["gemini_virtual_project"] != projectIDs[i] { - t.Errorf("expected gemini_virtual_project=%s, got %s", projectIDs[i], v.Attributes["gemini_virtual_project"]) - } - if !strings.Contains(v.Label, "["+projectIDs[i]+"]") { - t.Errorf("expected label to contain [%s], got %s", projectIDs[i], v.Label) - } - } -} - -func TestSynthesizeGeminiVirtualAuths_EmptyProviderAndLabel(t *testing.T) { - now := time.Now() - // Test with empty Provider and Label to cover fallback branches - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "", // empty provider - should default to gemini-cli - Label: "", // empty label - should default to provider - Attributes: map[string]string{}, - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "user@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - - // Check that empty provider defaults to gemini-cli - if virtuals[0].Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli (default), got %s", virtuals[0].Provider) - } - // Check that empty label defaults to provider - if !strings.Contains(virtuals[0].Label, "gemini-cli") { - t.Errorf("expected label to contain gemini-cli, got %s", virtuals[0].Label) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilPrimaryAttributes(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Attributes: nil, // nil attributes - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - // Nil attributes should be initialized - if primary.Attributes == nil { - t.Error("expected primary.Attributes to be initialized") - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } -} - -func TestSplitGeminiProjectIDs(t *testing.T) { - tests := []struct { - name string - metadata map[string]any - want []string - }{ - { - name: "single project", - metadata: map[string]any{"project_id": "proj-a"}, - want: []string{"proj-a"}, - }, - { - name: "multiple projects", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-c"}, - want: []string{"proj-a", "proj-b", "proj-c"}, - }, - { - name: "with duplicates", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-a"}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "with empty parts", - metadata: map[string]any{"project_id": "proj-a, , proj-b, "}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "empty project_id", - metadata: map[string]any{"project_id": ""}, - want: nil, - }, - { - name: "no project_id", - metadata: map[string]any{}, - want: nil, - }, - { - name: "whitespace only", - metadata: map[string]any{"project_id": " "}, - want: nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := splitGeminiProjectIDs(tt.metadata) - if len(got) != len(tt.want) { - t.Fatalf("expected %v, got %v", tt.want, got) - } - for i := range got { - if got[i] != tt.want[i] { - t.Errorf("expected %v, got %v", tt.want, got) - break - } - } - }) - } -} - -func TestFileSynthesizer_Synthesize_MultiProjectGemini(t *testing.T) { - tempDir := t.TempDir() - - // Create a gemini auth file with multiple projects - authData := map[string]any{ - "type": "gemini", - "email": "multi@example.com", - "project_id": "project-a, project-b, project-c", - "priority": " 10 ", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-multi.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - // Should have 4 auths: 1 primary (disabled) + 3 virtuals - if len(auths) != 4 { - t.Fatalf("expected 4 auths (1 primary + 3 virtuals), got %d", len(auths)) - } - - // First auth should be the primary (disabled) - primary := auths[0] - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if gotPriority := primary.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected primary priority 10, got %q", gotPriority) - } - - // Remaining auths should be virtuals - for i := 1; i < 4; i++ { - v := auths[i] - if v.Status != coreauth.StatusActive { - t.Errorf("expected virtual %d to be active, got %s", i, v.Status) - } - if v.Attributes["gemini_virtual_parent"] != primary.ID { - t.Errorf("expected virtual %d parent to be %s, got %s", i, primary.ID, v.Attributes["gemini_virtual_parent"]) - } - if gotPriority := v.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected virtual %d priority 10, got %q", i, gotPriority) - } - } -} - -func TestBuildGeminiVirtualID(t *testing.T) { - tests := []struct { - name string - baseID string - projectID string - want string - }{ - { - name: "basic", - baseID: "auth.json", - projectID: "my-project", - want: "auth.json::my-project", - }, - { - name: "with slashes", - baseID: "path/to/auth.json", - projectID: "project/with/slashes", - want: "path/to/auth.json::project_with_slashes", - }, - { - name: "with spaces", - baseID: "auth.json", - projectID: "my project", - want: "auth.json::my_project", - }, - { - name: "empty project", - baseID: "auth.json", - projectID: "", - want: "auth.json::project", - }, - { - name: "whitespace project", - baseID: "auth.json", - projectID: " ", - want: "auth.json::project", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := buildGeminiVirtualID(tt.baseID, tt.projectID) - if got != tt.want { - t.Errorf("expected %q, got %q", tt.want, got) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/helpers.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/helpers.go deleted file mode 100644 index dc31c7136f..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/helpers.go +++ /dev/null @@ -1,123 +0,0 @@ -package synthesizer - -import ( - "crypto/hmac" - "crypto/sha512" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -const stableIDGeneratorHashKey = "watcher-stable-id-generator:v1" - -// StableIDGenerator generates stable, deterministic IDs for auth entries. -// It uses keyed HMAC-SHA512 hashing with collision handling via counters. -// It is not safe for concurrent use. -type StableIDGenerator struct { - counters map[string]int -} - -// NewStableIDGenerator creates a new StableIDGenerator instance. -func NewStableIDGenerator() *StableIDGenerator { - return &StableIDGenerator{counters: make(map[string]int)} -} - -// Next generates a stable ID based on the kind and parts. -// Returns the full ID (kind:hash) and the short hash portion. -func (g *StableIDGenerator) Next(kind string, parts ...string) (string, string) { - if g == nil { - return kind + ":000000000000", "000000000000" - } - hasher := hmac.New(sha512.New, []byte(stableIDGeneratorHashKey)) - hasher.Write([]byte(kind)) - for _, part := range parts { - trimmed := strings.TrimSpace(part) - hasher.Write([]byte{0}) - hasher.Write([]byte(trimmed)) - } - digest := hex.EncodeToString(hasher.Sum(nil)) - if len(digest) < 12 { - digest = fmt.Sprintf("%012s", digest) - } - short := digest[:12] - key := kind + ":" + short - index := g.counters[key] - g.counters[key] = index + 1 - if index > 0 { - short = fmt.Sprintf("%s-%d", short, index) - } - return fmt.Sprintf("%s:%s", kind, short), short -} - -// ApplyAuthExcludedModelsMeta applies excluded models metadata to an auth entry. -// It computes a hash of excluded models and sets the auth_kind attribute. -// For OAuth entries, perKey (from the JSON file's excluded-models field) is merged -// with the global oauth-excluded-models config for the provider. -func ApplyAuthExcludedModelsMeta(auth *coreauth.Auth, cfg *config.Config, perKey []string, authKind string) { - if auth == nil || cfg == nil { - return - } - authKindKey := strings.ToLower(strings.TrimSpace(authKind)) - seen := make(map[string]struct{}) - add := func(list []string) { - for _, entry := range list { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - key := strings.ToLower(trimmed) - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - } - } - } - if authKindKey == "apikey" { - add(perKey) - } else { - // For OAuth: merge per-account excluded models with global provider-level exclusions - add(perKey) - if cfg.OAuthExcludedModels != nil { - providerKey := strings.ToLower(strings.TrimSpace(auth.Provider)) - add(cfg.OAuthExcludedModels[providerKey]) - } - } - combined := make([]string, 0, len(seen)) - for k := range seen { - combined = append(combined, k) - } - sort.Strings(combined) - hash := diff.ComputeExcludedModelsHash(combined) - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if hash != "" { - auth.Attributes["excluded_models_hash"] = hash - } - // Store the combined excluded models list so that routing can read it at runtime - if len(combined) > 0 { - auth.Attributes["excluded_models"] = strings.Join(combined, ",") - } - if authKind != "" { - auth.Attributes["auth_kind"] = authKind - } -} - -// addConfigHeadersToAttrs adds header configuration to auth attributes. -// Headers are prefixed with "header:" in the attributes map. -func addConfigHeadersToAttrs(headers map[string]string, attrs map[string]string) { - if len(headers) == 0 || attrs == nil { - return - } - for hk, hv := range headers { - key := strings.TrimSpace(hk) - val := strings.TrimSpace(hv) - if key == "" || val == "" { - continue - } - attrs["header:"+key] = val - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/helpers_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/helpers_test.go deleted file mode 100644 index 5840f6716e..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/helpers_test.go +++ /dev/null @@ -1,311 +0,0 @@ -package synthesizer - -import ( - "crypto/sha256" - "encoding/hex" - "reflect" - "strings" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func TestStableIDGenerator_Next_DoesNotUseLegacySHA256(t *testing.T) { - gen := NewStableIDGenerator() - id, short := gen.Next("gemini:apikey", "test-key", "https://api.example.com") - if id == "" || short == "" { - t.Fatal("expected generated IDs to be non-empty") - } - - legacyHasher := sha256.New() - legacyHasher.Write([]byte("gemini:apikey")) - legacyHasher.Write([]byte{0}) - legacyHasher.Write([]byte("test-key")) - legacyHasher.Write([]byte{0}) - legacyHasher.Write([]byte("https://api.example.com")) - legacyShort := hex.EncodeToString(legacyHasher.Sum(nil))[:12] - - if short == legacyShort { - t.Fatalf("expected short id to differ from legacy sha256 digest %q", legacyShort) - } -} - -func TestNewStableIDGenerator(t *testing.T) { - gen := NewStableIDGenerator() - if gen == nil { - t.Fatal("expected non-nil generator") - } - if gen.counters == nil { - t.Fatal("expected non-nil counters map") - } -} - -func TestStableIDGenerator_Next(t *testing.T) { - tests := []struct { - name string - kind string - parts []string - wantPrefix string - }{ - { - name: "basic gemini apikey", - kind: "gemini:apikey", - parts: []string{"test-key", ""}, - wantPrefix: "gemini:apikey:", - }, - { - name: "claude with base url", - kind: "claude:apikey", - parts: []string{"sk-ant-xxx", "https://api.anthropic.com"}, - wantPrefix: "claude:apikey:", - }, - { - name: "empty parts", - kind: "codex:apikey", - parts: []string{}, - wantPrefix: "codex:apikey:", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - gen := NewStableIDGenerator() - id, short := gen.Next(tt.kind, tt.parts...) - - if !strings.Contains(id, tt.wantPrefix) { - t.Errorf("expected id to contain %q, got %q", tt.wantPrefix, id) - } - if short == "" { - t.Error("expected non-empty short id") - } - if len(short) != 12 { - t.Errorf("expected short id length 12, got %d", len(short)) - } - }) - } -} - -func TestStableIDGenerator_Stability(t *testing.T) { - gen1 := NewStableIDGenerator() - gen2 := NewStableIDGenerator() - - id1, _ := gen1.Next("gemini:apikey", "test-key", "https://api.example.com") - id2, _ := gen2.Next("gemini:apikey", "test-key", "https://api.example.com") - - if id1 != id2 { - t.Errorf("same inputs should produce same ID: got %q and %q", id1, id2) - } -} - -func TestStableIDGenerator_CollisionHandling(t *testing.T) { - gen := NewStableIDGenerator() - - id1, short1 := gen.Next("gemini:apikey", "same-key") - id2, short2 := gen.Next("gemini:apikey", "same-key") - - if id1 == id2 { - t.Error("collision should be handled with suffix") - } - if short1 == short2 { - t.Error("short ids should differ") - } - if !strings.Contains(short2, "-1") { - t.Errorf("second short id should contain -1 suffix, got %q", short2) - } -} - -func TestStableIDGenerator_NilReceiver(t *testing.T) { - var gen *StableIDGenerator = nil - id, short := gen.Next("test:kind", "part") - - if id != "test:kind:000000000000" { - t.Errorf("expected test:kind:000000000000, got %q", id) - } - if short != "000000000000" { - t.Errorf("expected 000000000000, got %q", short) - } -} - -func TestApplyAuthExcludedModelsMeta(t *testing.T) { - tests := []struct { - name string - auth *coreauth.Auth - cfg *config.Config - perKey []string - authKind string - wantHash bool - wantKind string - }{ - { - name: "apikey with excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "model-b"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "oauth with provider excluded models", - auth: &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - }, - cfg: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"claude-2.0"}, - }, - }, - perKey: nil, - authKind: "oauth", - wantHash: true, - wantKind: "oauth", - }, - { - name: "nil auth", - auth: nil, - cfg: &config.Config{}, - }, - { - name: "nil config", - auth: &coreauth.Auth{Provider: "test"}, - cfg: nil, - authKind: "apikey", - }, - { - name: "nil attributes initialized", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: nil, - }, - cfg: &config.Config{}, - perKey: []string{"model-x"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "apikey with duplicate excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "MODEL-A", "model-b", "model-a"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - ApplyAuthExcludedModelsMeta(tt.auth, tt.cfg, tt.perKey, tt.authKind) - - if tt.auth != nil && tt.cfg != nil { - if tt.wantHash { - if _, ok := tt.auth.Attributes["excluded_models_hash"]; !ok { - t.Error("expected excluded_models_hash in attributes") - } - } - if tt.wantKind != "" { - if got := tt.auth.Attributes["auth_kind"]; got != tt.wantKind { - t.Errorf("expected auth_kind=%s, got %s", tt.wantKind, got) - } - } - } - }) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthMergeWritesCombinedModels(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"global-a", "shared"}, - }, - } - - ApplyAuthExcludedModelsMeta(auth, cfg, []string{"per", "SHARED"}, "oauth") - - const wantCombined = "global-a,per,shared" - if gotCombined := auth.Attributes["excluded_models"]; gotCombined != wantCombined { - t.Fatalf("expected excluded_models=%q, got %q", wantCombined, gotCombined) - } - - expectedHash := diff.ComputeExcludedModelsHash([]string{"global-a", "per", "shared"}) - if gotHash := auth.Attributes["excluded_models_hash"]; gotHash != expectedHash { - t.Fatalf("expected excluded_models_hash=%q, got %q", expectedHash, gotHash) - } -} - -func TestAddConfigHeadersToAttrs(t *testing.T) { - tests := []struct { - name string - headers map[string]string - attrs map[string]string - want map[string]string - }{ - { - name: "basic headers", - headers: map[string]string{ - "Authorization": "Bearer token", - "X-Custom": "value", - }, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{ - "existing": "key", - "header:Authorization": "Bearer token", - "header:X-Custom": "value", - }, - }, - { - name: "empty headers", - headers: map[string]string{}, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil headers", - headers: nil, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil attrs", - headers: map[string]string{"key": "value"}, - attrs: nil, - want: nil, - }, - { - name: "skip empty keys and values", - headers: map[string]string{ - "": "value", - "key": "", - " ": "value", - "valid": "valid-value", - }, - attrs: make(map[string]string), - want: map[string]string{ - "header:valid": "valid-value", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - addConfigHeadersToAttrs(tt.headers, tt.attrs) - if !reflect.DeepEqual(tt.attrs, tt.want) { - t.Errorf("expected %v, got %v", tt.want, tt.attrs) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/interface.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/interface.go deleted file mode 100644 index 1a9aedc965..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/interface.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package synthesizer provides auth synthesis strategies for the watcher package. -// It implements the Strategy pattern to support multiple auth sources: -// - ConfigSynthesizer: generates Auth entries from config API keys -// - FileSynthesizer: generates Auth entries from OAuth JSON files -package synthesizer - -import ( - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// AuthSynthesizer defines the interface for generating Auth entries from various sources. -type AuthSynthesizer interface { - // Synthesize generates Auth entries from the given context. - // Returns a slice of Auth pointers and any error encountered. - Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/synthesizer_generated.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/synthesizer_generated.go deleted file mode 100644 index f5f8a8a8d4..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/synthesizer/synthesizer_generated.go +++ /dev/null @@ -1,35 +0,0 @@ -// Code generated by github.com/router-for-me/CLIProxyAPI/v6/cmd/codegen; DO NOT EDIT. -package synthesizer - -import ( - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" -) - -// getDedicatedProviderEntries returns the config entries for a dedicated provider. -func (s *ConfigSynthesizer) getDedicatedProviderEntries(p config.ProviderSpec, cfg *config.Config) []config.OAICompatProviderConfig { - switch p.YAMLKey { - case "minimax": - return cfg.MiniMaxKey - case "roo": - return cfg.RooKey - case "kilo": - return cfg.KiloKey - case "deepseek": - return cfg.DeepSeekKey - case "groq": - return cfg.GroqKey - case "mistral": - return cfg.MistralKey - case "siliconflow": - return cfg.SiliconFlowKey - case "openrouter": - return cfg.OpenRouterKey - case "together": - return cfg.TogetherKey - case "fireworks": - return cfg.FireworksKey - case "novita": - return cfg.NovitaKey - } - return nil -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/watcher.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/watcher.go deleted file mode 100644 index 7eec47211c..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/watcher.go +++ /dev/null @@ -1,256 +0,0 @@ -// Package watcher watches config/auth files and triggers hot reloads. -// It supports cross-platform fsnotify event handling. -package watcher - -import ( - "context" - "strings" - "sync" - "time" - - "github.com/fsnotify/fsnotify" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - "gopkg.in/yaml.v3" - - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// storePersister captures persistence-capable token store methods used by the watcher. -type storePersister interface { - PersistConfig(ctx context.Context) error - PersistAuthFiles(ctx context.Context, message string, paths ...string) error -} - -type authDirProvider interface { - AuthDir() string -} - -// Watcher manages file watching for configuration and authentication files -type Watcher struct { - configPath string - authDir string - config *config.Config - clientsMutex sync.RWMutex - configReloadMu sync.Mutex - configReloadTimer *time.Timer - reloadCallback func(*config.Config) - watcher *fsnotify.Watcher - lastAuthHashes map[string]string - lastAuthContents map[string]*coreauth.Auth - lastRemoveTimes map[string]time.Time - lastConfigHash string - authQueue chan<- AuthUpdate - currentAuths map[string]*coreauth.Auth - runtimeAuths map[string]*coreauth.Auth - dispatchMu sync.Mutex - dispatchCond *sync.Cond - pendingUpdates map[string]AuthUpdate - pendingOrder []string - dispatchCancel context.CancelFunc - storePersister storePersister - mirroredAuthDir string - oldConfigYaml []byte -} - -// AuthUpdateAction represents the type of change detected in auth sources. -type AuthUpdateAction string - -const ( - AuthUpdateActionAdd AuthUpdateAction = "add" - AuthUpdateActionModify AuthUpdateAction = "modify" - AuthUpdateActionDelete AuthUpdateAction = "delete" -) - -// AuthUpdate describes an incremental change to auth configuration. -type AuthUpdate struct { - Action AuthUpdateAction - ID string - Auth *coreauth.Auth -} - -const ( - // replaceCheckDelay is a short delay to allow atomic replace (rename) to settle - // before deciding whether a Remove event indicates a real deletion. - replaceCheckDelay = 50 * time.Millisecond - configReloadDebounce = 150 * time.Millisecond - authRemoveDebounceWindow = 1 * time.Second -) - -// NewWatcher creates a new file watcher instance -func NewWatcher(configPath, authDir string, reloadCallback func(*config.Config)) (*Watcher, error) { - watcher, errNewWatcher := fsnotify.NewWatcher() - if errNewWatcher != nil { - return nil, errNewWatcher - } - w := &Watcher{ - configPath: configPath, - authDir: authDir, - reloadCallback: reloadCallback, - watcher: watcher, - lastAuthHashes: make(map[string]string), - } - w.dispatchCond = sync.NewCond(&w.dispatchMu) - if store := sdkAuth.GetTokenStore(); store != nil { - if persister, ok := store.(storePersister); ok { - w.storePersister = persister - log.Debug("persistence-capable token store detected; watcher will propagate persisted changes") - } - if provider, ok := store.(authDirProvider); ok { - if fixed := strings.TrimSpace(provider.AuthDir()); fixed != "" { - w.mirroredAuthDir = fixed - log.Debugf("mirrored auth directory locked to %s", fixed) - } - } - } - return w, nil -} - -// Start begins watching the configuration file and authentication directory -func (w *Watcher) Start(ctx context.Context) error { - return w.start(ctx) -} - -// Stop stops the file watcher -func (w *Watcher) Stop() error { - w.stopDispatch() - w.stopConfigReloadTimer() - return w.watcher.Close() -} - -// SetConfig updates the current configuration -func (w *Watcher) SetConfig(cfg *config.Config) { - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - w.config = cfg - w.oldConfigYaml, _ = yaml.Marshal(cfg) -} - -// SetAuthUpdateQueue sets the queue used to emit auth updates. -func (w *Watcher) SetAuthUpdateQueue(queue chan<- AuthUpdate) { - w.setAuthUpdateQueue(queue) -} - -// DispatchRuntimeAuthUpdate allows external runtime providers (e.g., websocket-driven auths) -// to push auth updates through the same queue used by file/config watchers. -// Returns true if the update was enqueued; false if no queue is configured. -func (w *Watcher) DispatchRuntimeAuthUpdate(update AuthUpdate) bool { - return w.dispatchRuntimeAuthUpdate(update) -} - -// SnapshotCoreAuths converts current clients snapshot into core auth entries. -func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth { - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - return snapshotCoreAuths(cfg, w.authDir) -} - -// NotifyTokenRefreshed 处理后台刷新器的 token 更新通知 -// 当后台刷新器成功刷新 token 后调用此方法,更新内存中的 Auth 对象 -// tokenID: token 文件名(如 kiro-xxx.json) -// accessToken: 新的 access token -// refreshToken: 新的 refresh token -// expiresAt: 新的过期时间 -func (w *Watcher) NotifyTokenRefreshed(tokenID, accessToken, refreshToken, expiresAt string) { - if w == nil { - return - } - - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - - // 遍历 currentAuths,找到匹配的 Auth 并更新 - updated := false - for id, auth := range w.currentAuths { - if auth == nil || auth.Metadata == nil { - continue - } - - // 检查是否是 kiro 类型的 auth - authType, _ := auth.Metadata["type"].(string) - if authType != "kiro" { - continue - } - - // 多种匹配方式,解决不同来源的 auth 对象字段差异 - matched := false - - // 1. 通过 auth.ID 匹配(ID 可能包含文件名) - if !matched && auth.ID != "" { - if auth.ID == tokenID || strings.HasSuffix(auth.ID, "/"+tokenID) || strings.HasSuffix(auth.ID, "\\"+tokenID) { - matched = true - } - // ID 可能是 "kiro-xxx" 格式(无扩展名),tokenID 是 "kiro-xxx.json" - if !matched && strings.TrimSuffix(tokenID, ".json") == auth.ID { - matched = true - } - } - - // 2. 通过 auth.Attributes["path"] 匹配 - if !matched && auth.Attributes != nil { - if authPath := auth.Attributes["path"]; authPath != "" { - // 提取文件名部分进行比较 - pathBase := authPath - if idx := strings.LastIndexAny(authPath, "/\\"); idx >= 0 { - pathBase = authPath[idx+1:] - } - if pathBase == tokenID || strings.TrimSuffix(pathBase, ".json") == strings.TrimSuffix(tokenID, ".json") { - matched = true - } - } - } - - // 3. 通过 auth.FileName 匹配(原有逻辑) - if !matched && auth.FileName != "" { - if auth.FileName == tokenID || strings.HasSuffix(auth.FileName, "/"+tokenID) || strings.HasSuffix(auth.FileName, "\\"+tokenID) { - matched = true - } - } - - if matched { - // 更新内存中的 token - auth.Metadata["access_token"] = accessToken - auth.Metadata["refresh_token"] = refreshToken - auth.Metadata["expires_at"] = expiresAt - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.UpdatedAt = time.Now() - auth.LastRefreshedAt = time.Now() - - log.Infof("watcher: updated in-memory auth for token %s (auth ID: %s)", tokenID, id) - updated = true - - // 同时更新 runtimeAuths 中的副本(如果存在) - if w.runtimeAuths != nil { - if runtimeAuth, ok := w.runtimeAuths[id]; ok && runtimeAuth != nil { - if runtimeAuth.Metadata == nil { - runtimeAuth.Metadata = make(map[string]any) - } - runtimeAuth.Metadata["access_token"] = accessToken - runtimeAuth.Metadata["refresh_token"] = refreshToken - runtimeAuth.Metadata["expires_at"] = expiresAt - runtimeAuth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - runtimeAuth.UpdatedAt = time.Now() - runtimeAuth.LastRefreshedAt = time.Now() - } - } - - // 发送更新通知到 authQueue - if w.authQueue != nil { - go func(authClone *coreauth.Auth) { - update := AuthUpdate{ - Action: AuthUpdateActionModify, - ID: authClone.ID, - Auth: authClone, - } - w.dispatchAuthUpdates([]AuthUpdate{update}) - }(auth.Clone()) - } - } - } - - if !updated { - log.Debugf("watcher: no matching auth found for token %s, will be picked up on next file scan", tokenID) - } -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/watcher_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/watcher_test.go deleted file mode 100644 index 941e8e2c64..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/watcher/watcher_test.go +++ /dev/null @@ -1,1513 +0,0 @@ -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "testing" - "time" - - "github.com/fsnotify/fsnotify" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/diff" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/synthesizer" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config" - sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "gopkg.in/yaml.v3" -) - -func TestApplyAuthExcludedModelsMeta_APIKey(t *testing.T) { - auth := &coreauth.Auth{Attributes: map[string]string{}} - cfg := &config.Config{} - perKey := []string{" Model-1 ", "model-2"} - - synthesizer.ApplyAuthExcludedModelsMeta(auth, cfg, perKey, "apikey") - - expected := diff.ComputeExcludedModelsHash([]string{"model-1", "model-2"}) - if got := auth.Attributes["excluded_models_hash"]; got != expected { - t.Fatalf("expected hash %s, got %s", expected, got) - } - if got := auth.Attributes["auth_kind"]; got != "apikey" { - t.Fatalf("expected auth_kind=apikey, got %s", got) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthProvider(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "TestProv", - Attributes: map[string]string{}, - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "testprov": {"A", "b"}, - }, - } - - synthesizer.ApplyAuthExcludedModelsMeta(auth, cfg, nil, "oauth") - - expected := diff.ComputeExcludedModelsHash([]string{"a", "b"}) - if got := auth.Attributes["excluded_models_hash"]; got != expected { - t.Fatalf("expected hash %s, got %s", expected, got) - } - if got := auth.Attributes["auth_kind"]; got != "oauth" { - t.Fatalf("expected auth_kind=oauth, got %s", got) - } -} - -func TestBuildAPIKeyClientsCounts(t *testing.T) { - cfg := &config.Config{ - GeminiKey: []config.GeminiKey{{APIKey: "g1"}, {APIKey: "g2"}}, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1"}, - }, - ClaudeKey: []config.ClaudeKey{{APIKey: "c1"}}, - CodexKey: []config.CodexKey{{APIKey: "x1"}, {APIKey: "x2"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - {APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "o1"}, {APIKey: "o2"}}}, - }, - } - - gemini, vertex, claude, codex, compat := BuildAPIKeyClients(cfg) - if gemini != 2 || vertex != 1 || claude != 1 || codex != 2 || compat != 2 { - t.Fatalf("unexpected counts: %d %d %d %d %d", gemini, vertex, claude, codex, compat) - } -} - -func TestNormalizeAuthStripsTemporalFields(t *testing.T) { - now := time.Now() - auth := &coreauth.Auth{ - CreatedAt: now, - UpdatedAt: now, - LastRefreshedAt: now, - NextRefreshAfter: now, - Quota: coreauth.QuotaState{ - NextRecoverAt: now, - }, - Runtime: map[string]any{"k": "v"}, - } - - normalized := normalizeAuth(auth) - if !normalized.CreatedAt.IsZero() || !normalized.UpdatedAt.IsZero() || !normalized.LastRefreshedAt.IsZero() || !normalized.NextRefreshAfter.IsZero() { - t.Fatal("expected time fields to be zeroed") - } - if normalized.Runtime != nil { - t.Fatal("expected runtime to be nil") - } - if !normalized.Quota.NextRecoverAt.IsZero() { - t.Fatal("expected quota.NextRecoverAt to be zeroed") - } -} - -func TestMatchProvider(t *testing.T) { - if _, ok := matchProvider("OpenAI", []string{"openai", "claude"}); !ok { - t.Fatal("expected match to succeed ignoring case") - } - if _, ok := matchProvider("missing", []string{"openai"}); ok { - t.Fatal("expected match to fail for unknown provider") - } -} - -func TestSnapshotCoreAuths_ConfigAndAuthFiles(t *testing.T) { - authDir := t.TempDir() - metadata := map[string]any{ - "type": "gemini", - "email": "user@example.com", - "project_id": "proj-a, proj-b", - "proxy_url": "https://proxy", - } - authFile := filepath.Join(authDir, "gemini.json") - data, err := json.Marshal(metadata) - if err != nil { - t.Fatalf("failed to marshal metadata: %v", err) - } - if err = os.WriteFile(authFile, data, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - cfg := &config.Config{ - AuthDir: authDir, - GeminiKey: []config.GeminiKey{ - { - APIKey: "g-key", - BaseURL: "https://gemini", - ExcludedModels: []string{"Model-A", "model-b"}, - Headers: map[string]string{"X-Req": "1"}, - }, - }, - OAuthExcludedModels: map[string][]string{ - "gemini-cli": {"Foo", "bar"}, - }, - } - - w := &Watcher{authDir: authDir} - w.SetConfig(cfg) - - auths := w.SnapshotCoreAuths() - if len(auths) != 4 { - t.Fatalf("expected 4 auth entries (1 config + 1 primary + 2 virtual), got %d", len(auths)) - } - - var geminiAPIKeyAuth *coreauth.Auth - var geminiPrimary *coreauth.Auth - virtuals := make([]*coreauth.Auth, 0) - for _, a := range auths { - switch { - case a.Provider == "gemini" && a.Attributes["api_key"] == "g-key": - geminiAPIKeyAuth = a - case a.Attributes["gemini_virtual_primary"] == "true": - geminiPrimary = a - case strings.TrimSpace(a.Attributes["gemini_virtual_parent"]) != "": - virtuals = append(virtuals, a) - } - } - if geminiAPIKeyAuth == nil { - t.Fatal("expected synthesized Gemini API key auth") - } - expectedAPIKeyHash := diff.ComputeExcludedModelsHash([]string{"Model-A", "model-b"}) - if geminiAPIKeyAuth.Attributes["excluded_models_hash"] != expectedAPIKeyHash { - t.Fatalf("expected API key excluded hash %s, got %s", expectedAPIKeyHash, geminiAPIKeyAuth.Attributes["excluded_models_hash"]) - } - if geminiAPIKeyAuth.Attributes["auth_kind"] != "apikey" { - t.Fatalf("expected auth_kind=apikey, got %s", geminiAPIKeyAuth.Attributes["auth_kind"]) - } - - if geminiPrimary == nil { - t.Fatal("expected primary gemini-cli auth from file") - } - if !geminiPrimary.Disabled || geminiPrimary.Status != coreauth.StatusDisabled { - t.Fatal("expected primary gemini-cli auth to be disabled when virtual auths are synthesized") - } - expectedOAuthHash := diff.ComputeExcludedModelsHash([]string{"Foo", "bar"}) - if geminiPrimary.Attributes["excluded_models_hash"] != expectedOAuthHash { - t.Fatalf("expected OAuth excluded hash %s, got %s", expectedOAuthHash, geminiPrimary.Attributes["excluded_models_hash"]) - } - if geminiPrimary.Attributes["auth_kind"] != "oauth" { - t.Fatalf("expected auth_kind=oauth, got %s", geminiPrimary.Attributes["auth_kind"]) - } - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtual auths, got %d", len(virtuals)) - } - for _, v := range virtuals { - if v.Attributes["gemini_virtual_parent"] != geminiPrimary.ID { - t.Fatalf("virtual auth missing parent link to %s", geminiPrimary.ID) - } - if v.Attributes["excluded_models_hash"] != expectedOAuthHash { - t.Fatalf("expected virtual excluded hash %s, got %s", expectedOAuthHash, v.Attributes["excluded_models_hash"]) - } - if v.Status != coreauth.StatusActive { - t.Fatalf("expected virtual auth to be active, got %s", v.Status) - } - } -} - -func TestReloadConfigIfChanged_TriggersOnChangeAndSkipsUnchanged(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - configPath := filepath.Join(tmpDir, "config.yaml") - writeConfig := func(port int, allowRemote bool) { - cfg := &config.Config{ - Port: port, - AuthDir: authDir, - RemoteManagement: config.RemoteManagement{ - AllowRemote: allowRemote, - }, - } - data, err := yaml.Marshal(cfg) - if err != nil { - t.Fatalf("failed to marshal config: %v", err) - } - if err = os.WriteFile(configPath, data, 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - } - - writeConfig(8080, false) - - reloads := 0 - w := &Watcher{ - configPath: configPath, - authDir: authDir, - reloadCallback: func(*config.Config) { reloads++ }, - } - - w.reloadConfigIfChanged() - if reloads != 1 { - t.Fatalf("expected first reload to trigger callback once, got %d", reloads) - } - - // Same content should be skipped by hash check. - w.reloadConfigIfChanged() - if reloads != 1 { - t.Fatalf("expected unchanged config to be skipped, callback count %d", reloads) - } - - writeConfig(9090, true) - w.reloadConfigIfChanged() - if reloads != 2 { - t.Fatalf("expected changed config to trigger reload, callback count %d", reloads) - } - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if w.config == nil || w.config.Port != 9090 || !w.config.RemoteManagement.AllowRemote { - t.Fatalf("expected config to be updated after reload, got %+v", w.config) - } -} - -func TestStartAndStopSuccess(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir), 0o644); err != nil { - t.Fatalf("failed to create config file: %v", err) - } - - var reloads int32 - w, err := NewWatcher(configPath, authDir, func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err != nil { - t.Fatalf("expected Start to succeed: %v", err) - } - cancel() - if err := w.Stop(); err != nil { - t.Fatalf("expected Stop to succeed: %v", err) - } - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected one reload callback, got %d", got) - } -} - -func TestStartFailsWhenConfigMissing(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "missing-config.yaml") - - w, err := NewWatcher(configPath, authDir, nil) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - defer func() { _ = w.Stop() }() - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err == nil { - t.Fatal("expected Start to fail for missing config file") - } -} - -func TestDispatchRuntimeAuthUpdateEnqueuesAndUpdatesState(t *testing.T) { - queue := make(chan AuthUpdate, 4) - w := &Watcher{} - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - auth := &coreauth.Auth{ID: "auth-1", Provider: "test"} - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionAdd, Auth: auth}); !ok { - t.Fatal("expected DispatchRuntimeAuthUpdate to enqueue") - } - - select { - case update := <-queue: - if update.Action != AuthUpdateActionAdd || update.Auth.ID != "auth-1" { - t.Fatalf("unexpected update: %+v", update) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for auth update") - } - - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionDelete, ID: "auth-1"}); !ok { - t.Fatal("expected delete update to enqueue") - } - select { - case update := <-queue: - if update.Action != AuthUpdateActionDelete || update.ID != "auth-1" { - t.Fatalf("unexpected delete update: %+v", update) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for delete update") - } - w.clientsMutex.RLock() - if _, exists := w.runtimeAuths["auth-1"]; exists { - w.clientsMutex.RUnlock() - t.Fatal("expected runtime auth to be cleared after delete") - } - w.clientsMutex.RUnlock() -} - -func TestAddOrUpdateClientSkipsUnchanged(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to create auth file: %v", err) - } - data, _ := os.ReadFile(authFile) - sum := sha256.Sum256(data) - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - // Use normalizeAuthPath to match how addOrUpdateClient stores the key - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - w.addOrUpdateClient(authFile) - if got := atomic.LoadInt32(&reloads); got != 0 { - t.Fatalf("expected no reload for unchanged file, got %d", got) - } -} - -func TestAddOrUpdateClientTriggersReloadAndHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo","api_key":"k"}`), 0o644); err != nil { - t.Fatalf("failed to create auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - - w.addOrUpdateClient(authFile) - - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected reload callback once, got %d", got) - } - // Use normalizeAuthPath to match how addOrUpdateClient stores the key - normalized := w.normalizeAuthPath(authFile) - if _, ok := w.lastAuthHashes[normalized]; !ok { - t.Fatalf("expected hash to be stored for %s", normalized) - } -} - -func TestRemoveClientRemovesHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - var reloads int32 - - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - // Use normalizeAuthPath to set up the hash with the correct key format - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.removeClient(authFile) - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected hash to be removed after deletion") - } - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected reload callback once, got %d", got) - } -} - -func TestShouldDebounceRemove(t *testing.T) { - w := &Watcher{} - path := filepath.Clean("test.json") - - if w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("first call should not debounce") - } - if !w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("second call within window should debounce") - } - - w.clientsMutex.Lock() - w.lastRemoveTimes = map[string]time.Time{path: time.Now().Add(-2 * authRemoveDebounceWindow)} - w.clientsMutex.Unlock() - - if w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("call after window should not debounce") - } -} - -func TestAuthFileUnchangedUsesHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - content := []byte(`{"type":"demo"}`) - if err := os.WriteFile(authFile, content, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - w := &Watcher{lastAuthHashes: make(map[string]string)} - unchanged, err := w.authFileUnchanged(authFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if unchanged { - t.Fatal("expected first check to report changed") - } - - sum := sha256.Sum256(content) - // Use normalizeAuthPath to match how authFileUnchanged looks up the key - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - unchanged, err = w.authFileUnchanged(authFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !unchanged { - t.Fatal("expected hash match to report unchanged") - } -} - -func TestAuthFileUnchangedEmptyAndMissing(t *testing.T) { - tmpDir := t.TempDir() - emptyFile := filepath.Join(tmpDir, "empty.json") - if err := os.WriteFile(emptyFile, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty auth file: %v", err) - } - - w := &Watcher{lastAuthHashes: make(map[string]string)} - unchanged, err := w.authFileUnchanged(emptyFile) - if err != nil { - t.Fatalf("unexpected error for empty file: %v", err) - } - if unchanged { - t.Fatal("expected empty file to be treated as changed") - } - - _, err = w.authFileUnchanged(filepath.Join(tmpDir, "missing.json")) - if err == nil { - t.Fatal("expected error for missing auth file") - } -} - -func TestReloadClientsCachesAuthHashes(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "one.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - w := &Watcher{ - authDir: tmpDir, - config: &config.Config{AuthDir: tmpDir}, - } - - w.reloadClients(true, nil, false) - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if len(w.lastAuthHashes) != 1 { - t.Fatalf("expected hash cache for one auth file, got %d", len(w.lastAuthHashes)) - } -} - -func TestReloadClientsLogsConfigDiffs(t *testing.T) { - tmpDir := t.TempDir() - oldCfg := &config.Config{AuthDir: tmpDir, Port: 1, Debug: false} - newCfg := &config.Config{AuthDir: tmpDir, Port: 2, Debug: true} - - w := &Watcher{ - authDir: tmpDir, - config: oldCfg, - } - w.SetConfig(oldCfg) - w.oldConfigYaml, _ = yaml.Marshal(oldCfg) - - w.clientsMutex.Lock() - w.config = newCfg - w.clientsMutex.Unlock() - - w.reloadClients(false, nil, false) -} - -func TestReloadClientsHandlesNilConfig(t *testing.T) { - w := &Watcher{} - w.reloadClients(true, nil, false) -} - -func TestReloadClientsFiltersProvidersWithNilCurrentAuths(t *testing.T) { - tmp := t.TempDir() - w := &Watcher{ - authDir: tmp, - config: &config.Config{AuthDir: tmp}, - } - w.reloadClients(false, []string{"match"}, false) - if len(w.currentAuths) != 0 { - t.Fatalf("expected currentAuths to be nil or empty, got %d", len(w.currentAuths)) - } -} - -func TestSetAuthUpdateQueueNilResetsDispatch(t *testing.T) { - w := &Watcher{} - queue := make(chan AuthUpdate, 1) - w.SetAuthUpdateQueue(queue) - if w.dispatchCond == nil || w.dispatchCancel == nil { - t.Fatal("expected dispatch to be initialized") - } - w.SetAuthUpdateQueue(nil) - if w.dispatchCancel != nil { - t.Fatal("expected dispatch cancel to be cleared when queue nil") - } -} - -func TestPersistAsyncEarlyReturns(t *testing.T) { - var nilWatcher *Watcher - nilWatcher.persistConfigAsync() - nilWatcher.persistAuthAsync("msg", "a") - - w := &Watcher{} - w.persistConfigAsync() - w.persistAuthAsync("msg", " ", "") -} - -type errorPersister struct { - configCalls int32 - authCalls int32 -} - -func (p *errorPersister) PersistConfig(context.Context) error { - atomic.AddInt32(&p.configCalls, 1) - return fmt.Errorf("persist config error") -} - -func (p *errorPersister) PersistAuthFiles(context.Context, string, ...string) error { - atomic.AddInt32(&p.authCalls, 1) - return fmt.Errorf("persist auth error") -} - -func TestPersistAsyncErrorPaths(t *testing.T) { - p := &errorPersister{} - w := &Watcher{storePersister: p} - w.persistConfigAsync() - w.persistAuthAsync("msg", "a") - time.Sleep(30 * time.Millisecond) - if atomic.LoadInt32(&p.configCalls) != 1 { - t.Fatalf("expected PersistConfig to be called once, got %d", p.configCalls) - } - if atomic.LoadInt32(&p.authCalls) != 1 { - t.Fatalf("expected PersistAuthFiles to be called once, got %d", p.authCalls) - } -} - -func TestStopConfigReloadTimerSafeWhenNil(t *testing.T) { - w := &Watcher{} - w.stopConfigReloadTimer() - w.configReloadMu.Lock() - w.configReloadTimer = time.AfterFunc(10*time.Millisecond, func() {}) - w.configReloadMu.Unlock() - time.Sleep(1 * time.Millisecond) - w.stopConfigReloadTimer() -} - -func TestHandleEventRemovesAuthFile(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "remove.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - if err := os.Remove(authFile); err != nil { - t.Fatalf("failed to remove auth file pre-check: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - config: &config.Config{AuthDir: tmpDir}, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - // Use normalizeAuthPath to set up the hash with the correct key format - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected reload callback once, got %d", reloads) - } - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected hash entry to be removed") - } -} - -func TestDispatchAuthUpdatesFlushesQueue(t *testing.T) { - queue := make(chan AuthUpdate, 4) - w := &Watcher{} - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - w.dispatchAuthUpdates([]AuthUpdate{ - {Action: AuthUpdateActionAdd, ID: "a"}, - {Action: AuthUpdateActionModify, ID: "b"}, - }) - - got := make([]AuthUpdate, 0, 2) - for i := 0; i < 2; i++ { - select { - case u := <-queue: - got = append(got, u) - case <-time.After(2 * time.Second): - t.Fatalf("timed out waiting for update %d", i) - } - } - if len(got) != 2 || got[0].ID != "a" || got[1].ID != "b" { - t.Fatalf("unexpected updates order/content: %+v", got) - } -} - -func TestDispatchLoopExitsOnContextDoneWhileSending(t *testing.T) { - queue := make(chan AuthUpdate) // unbuffered to block sends - w := &Watcher{ - authQueue: queue, - pendingUpdates: map[string]AuthUpdate{ - "k": {Action: AuthUpdateActionAdd, ID: "k"}, - }, - pendingOrder: []string{"k"}, - } - - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.dispatchLoop(ctx) - close(done) - }() - - time.Sleep(30 * time.Millisecond) - cancel() - - select { - case <-done: - case <-time.After(2 * time.Second): - t.Fatal("expected dispatchLoop to exit after ctx canceled while blocked on send") - } -} - -func TestProcessEventsHandlesEventErrorAndChannelClose(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: make(chan fsnotify.Event, 2), - Errors: make(chan error, 2), - }, - configPath: "config.yaml", - authDir: "auth", - } - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - w.watcher.Events <- fsnotify.Event{Name: "unrelated.txt", Op: fsnotify.Write} - w.watcher.Errors <- fmt.Errorf("watcher error") - - time.Sleep(20 * time.Millisecond) - close(w.watcher.Events) - close(w.watcher.Errors) - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit after channels closed") - } -} - -func TestProcessEventsReturnsWhenErrorsChannelClosed(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: nil, - Errors: make(chan error), - }, - } - - close(w.watcher.Errors) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit after errors channel closed") - } -} - -func TestHandleEventIgnoresUnrelatedFiles(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: filepath.Join(tmpDir, "note.txt"), Op: fsnotify.Write}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected no reloads for unrelated file, got %d", reloads) - } -} - -func TestHandleEventConfigChangeSchedulesReload(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: configPath, Op: fsnotify.Write}) - - time.Sleep(400 * time.Millisecond) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected config change to trigger reload once, got %d", reloads) - } -} - -func TestHandleEventAuthWriteTriggersUpdate(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "a.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Write}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected auth write to trigger reload callback, got %d", reloads) - } -} - -func TestIsWriteOnlyAuthEvent(t *testing.T) { - tests := []struct { - name string - op fsnotify.Op - want bool - }{ - {name: "write only", op: fsnotify.Write, want: true}, - {name: "create only", op: fsnotify.Create, want: false}, - {name: "remove only", op: fsnotify.Remove, want: false}, - {name: "rename only", op: fsnotify.Rename, want: false}, - {name: "create plus write", op: fsnotify.Create | fsnotify.Write, want: false}, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - if got := isWriteOnlyAuthEvent(tt.op); got != tt.want { - t.Fatalf("isWriteOnlyAuthEvent(%v) = %v, want %v", tt.op, got, tt.want) - } - }) - } -} - -func TestHandleEventRemoveDebounceSkips(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "remove.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - lastRemoveTimes: map[string]time.Time{ - filepath.Clean(authFile): time.Now(), - }, - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected remove to be debounced, got %d", reloads) - } -} - -func TestHandleEventAtomicReplaceUnchangedSkips(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "same.json") - content := []byte(`{"type":"demo"}`) - if err := os.WriteFile(authFile, content, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - sum := sha256.Sum256(content) - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Rename}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected unchanged atomic replace to be skipped, got %d", reloads) - } -} - -func TestHandleEventAtomicReplaceChangedTriggersUpdate(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "change.json") - oldContent := []byte(`{"type":"demo","v":1}`) - newContent := []byte(`{"type":"demo","v":2}`) - if err := os.WriteFile(authFile, newContent, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - oldSum := sha256.Sum256(oldContent) - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(oldSum[:]) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Rename}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected changed atomic replace to trigger update, got %d", reloads) - } -} - -func TestHandleEventRemoveUnknownFileIgnored(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "unknown.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected unknown remove to be ignored, got %d", reloads) - } -} - -func TestHandleEventRemoveKnownFileDeletes(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "known.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected known remove to trigger reload, got %d", reloads) - } - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected known auth hash to be deleted") - } -} - -func TestNormalizeAuthPathAndDebounceCleanup(t *testing.T) { - w := &Watcher{} - if got := w.normalizeAuthPath(" "); got != "" { - t.Fatalf("expected empty normalize result, got %q", got) - } - if got := w.normalizeAuthPath(" a/../b "); got != filepath.Clean("a/../b") { - t.Fatalf("unexpected normalize result: %q", got) - } - - w.clientsMutex.Lock() - w.lastRemoveTimes = make(map[string]time.Time, 140) - old := time.Now().Add(-3 * authRemoveDebounceWindow) - for i := 0; i < 129; i++ { - w.lastRemoveTimes[fmt.Sprintf("old-%d", i)] = old - } - w.clientsMutex.Unlock() - - w.shouldDebounceRemove("new-path", time.Now()) - - w.clientsMutex.Lock() - gotLen := len(w.lastRemoveTimes) - w.clientsMutex.Unlock() - if gotLen >= 129 { - t.Fatalf("expected debounce cleanup to shrink map, got %d", gotLen) - } -} - -func TestRefreshAuthStateDispatchesRuntimeAuths(t *testing.T) { - queue := make(chan AuthUpdate, 8) - w := &Watcher{ - authDir: t.TempDir(), - lastAuthHashes: make(map[string]string), - } - w.SetConfig(&config.Config{AuthDir: w.authDir}) - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - w.clientsMutex.Lock() - w.runtimeAuths = map[string]*coreauth.Auth{ - "nil": nil, - "r1": {ID: "r1", Provider: "runtime"}, - } - w.clientsMutex.Unlock() - - w.refreshAuthState(false) - - select { - case u := <-queue: - if u.Action != AuthUpdateActionAdd || u.ID != "r1" { - t.Fatalf("unexpected auth update: %+v", u) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for runtime auth update") - } -} - -func TestAddOrUpdateClientEdgeCases(t *testing.T) { - tmpDir := t.TempDir() - authDir := tmpDir - authFile := filepath.Join(tmpDir, "edge.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - emptyFile := filepath.Join(tmpDir, "empty.json") - if err := os.WriteFile(emptyFile, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - - w.addOrUpdateClient(filepath.Join(tmpDir, "missing.json")) - w.addOrUpdateClient(emptyFile) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected no reloads for missing/empty file, got %d", reloads) - } - - w.addOrUpdateClient(authFile) // config nil -> should not panic or update - if len(w.lastAuthHashes) != 0 { - t.Fatalf("expected no hash entries without config, got %d", len(w.lastAuthHashes)) - } -} - -func TestLoadFileClientsWalkError(t *testing.T) { - tmpDir := t.TempDir() - noAccessDir := filepath.Join(tmpDir, "0noaccess") - if err := os.MkdirAll(noAccessDir, 0o755); err != nil { - t.Fatalf("failed to create noaccess dir: %v", err) - } - if err := os.Chmod(noAccessDir, 0); err != nil { - t.Skipf("chmod not supported: %v", err) - } - defer func() { _ = os.Chmod(noAccessDir, 0o755) }() - - cfg := &config.Config{AuthDir: tmpDir} - w := &Watcher{} - w.SetConfig(cfg) - - count := w.loadFileClients(cfg) - if count != 0 { - t.Fatalf("expected count 0 due to walk error, got %d", count) - } -} - -func TestReloadConfigIfChangedHandlesMissingAndEmpty(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - w := &Watcher{ - configPath: filepath.Join(tmpDir, "missing.yaml"), - authDir: authDir, - } - w.reloadConfigIfChanged() // missing file -> log + return - - emptyPath := filepath.Join(tmpDir, "empty.yaml") - if err := os.WriteFile(emptyPath, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty config: %v", err) - } - w.configPath = emptyPath - w.reloadConfigIfChanged() // empty file -> early return -} - -func TestReloadConfigUsesMirroredAuthDir(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+filepath.Join(tmpDir, "other")+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - w := &Watcher{ - configPath: configPath, - authDir: authDir, - mirroredAuthDir: authDir, - lastAuthHashes: make(map[string]string), - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - if ok := w.reloadConfig(); !ok { - t.Fatal("expected reloadConfig to succeed") - } - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if w.config == nil || w.config.AuthDir != authDir { - t.Fatalf("expected AuthDir to be overridden by mirroredAuthDir %s, got %+v", authDir, w.config) - } -} - -func TestReloadConfigFiltersAffectedOAuthProviders(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - - // Ensure SnapshotCoreAuths yields a provider that is NOT affected, so we can assert it survives. - if err := os.WriteFile(filepath.Join(authDir, "provider-b.json"), []byte(`{"type":"provider-b","email":"b@example.com"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - oldCfg := &config.Config{ - AuthDir: authDir, - OAuthExcludedModels: map[string][]string{ - "provider-a": {"m1"}, - }, - } - newCfg := &config.Config{ - AuthDir: authDir, - OAuthExcludedModels: map[string][]string{ - "provider-a": {"m2"}, - }, - } - data, err := yaml.Marshal(newCfg) - if err != nil { - t.Fatalf("failed to marshal config: %v", err) - } - if err = os.WriteFile(configPath, data, 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - w := &Watcher{ - configPath: configPath, - authDir: authDir, - lastAuthHashes: make(map[string]string), - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "provider-a"}, - }, - } - w.SetConfig(oldCfg) - - if ok := w.reloadConfig(); !ok { - t.Fatal("expected reloadConfig to succeed") - } - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - for _, auth := range w.currentAuths { - if auth != nil && auth.Provider == "provider-a" { - t.Fatal("expected affected provider auth to be filtered") - } - } - foundB := false - for _, auth := range w.currentAuths { - if auth != nil && auth.Provider == "provider-b" { - foundB = true - break - } - } - if !foundB { - t.Fatal("expected unaffected provider auth to remain") - } -} - -func TestStartFailsWhenAuthDirMissing(t *testing.T) { - tmpDir := t.TempDir() - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+filepath.Join(tmpDir, "missing-auth")+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authDir := filepath.Join(tmpDir, "missing-auth") - - w, err := NewWatcher(configPath, authDir, nil) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - defer func() { _ = w.Stop() }() - w.SetConfig(&config.Config{AuthDir: authDir}) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err == nil { - t.Fatal("expected Start to fail for missing auth dir") - } -} - -func TestDispatchRuntimeAuthUpdateReturnsFalseWithoutQueue(t *testing.T) { - w := &Watcher{} - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionAdd, Auth: &coreauth.Auth{ID: "a"}}); ok { - t.Fatal("expected DispatchRuntimeAuthUpdate to return false when no queue configured") - } - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionDelete, Auth: &coreauth.Auth{ID: "a"}}); ok { - t.Fatal("expected DispatchRuntimeAuthUpdate delete to return false when no queue configured") - } -} - -func TestNormalizeAuthNil(t *testing.T) { - if normalizeAuth(nil) != nil { - t.Fatal("expected normalizeAuth(nil) to return nil") - } -} - -// stubStore implements coreauth.Store plus watcher-specific persistence helpers. -type stubStore struct { - authDir string - cfgPersisted int32 - authPersisted int32 - lastAuthMessage string - lastAuthPaths []string -} - -func (s *stubStore) List(context.Context) ([]*coreauth.Auth, error) { return nil, nil } -func (s *stubStore) Save(context.Context, *coreauth.Auth) (string, error) { - return "", nil -} -func (s *stubStore) Delete(context.Context, string) error { return nil } -func (s *stubStore) PersistConfig(context.Context) error { - atomic.AddInt32(&s.cfgPersisted, 1) - return nil -} -func (s *stubStore) PersistAuthFiles(_ context.Context, message string, paths ...string) error { - atomic.AddInt32(&s.authPersisted, 1) - s.lastAuthMessage = message - s.lastAuthPaths = paths - return nil -} -func (s *stubStore) AuthDir() string { return s.authDir } - -func TestNewWatcherDetectsPersisterAndAuthDir(t *testing.T) { - tmp := t.TempDir() - store := &stubStore{authDir: tmp} - orig := sdkAuth.GetTokenStore() - sdkAuth.RegisterTokenStore(store) - defer sdkAuth.RegisterTokenStore(orig) - - w, err := NewWatcher("config.yaml", "auth", nil) - if err != nil { - t.Fatalf("NewWatcher failed: %v", err) - } - if w.storePersister == nil { - t.Fatal("expected storePersister to be set from token store") - } - if w.mirroredAuthDir != tmp { - t.Fatalf("expected mirroredAuthDir %s, got %s", tmp, w.mirroredAuthDir) - } -} - -func TestPersistConfigAndAuthAsyncInvokePersister(t *testing.T) { - w := &Watcher{ - storePersister: &stubStore{}, - } - - w.persistConfigAsync() - w.persistAuthAsync("msg", " a ", "", "b ") - - time.Sleep(30 * time.Millisecond) - store := w.storePersister.(*stubStore) - if atomic.LoadInt32(&store.cfgPersisted) != 1 { - t.Fatalf("expected PersistConfig to be called once, got %d", store.cfgPersisted) - } - if atomic.LoadInt32(&store.authPersisted) != 1 { - t.Fatalf("expected PersistAuthFiles to be called once, got %d", store.authPersisted) - } - if store.lastAuthMessage != "msg" { - t.Fatalf("unexpected auth message: %s", store.lastAuthMessage) - } - if len(store.lastAuthPaths) != 2 || store.lastAuthPaths[0] != "a" || store.lastAuthPaths[1] != "b" { - t.Fatalf("unexpected filtered paths: %#v", store.lastAuthPaths) - } -} - -func TestScheduleConfigReloadDebounces(t *testing.T) { - tmp := t.TempDir() - authDir := tmp - cfgPath := tmp + "/config.yaml" - if err := os.WriteFile(cfgPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - var reloads int32 - w := &Watcher{ - configPath: cfgPath, - authDir: authDir, - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.scheduleConfigReload() - w.scheduleConfigReload() - - time.Sleep(400 * time.Millisecond) - - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected single debounced reload, got %d", reloads) - } - if w.lastConfigHash == "" { - t.Fatal("expected lastConfigHash to be set after reload") - } -} - -func TestPrepareAuthUpdatesLockedForceAndDelete(t *testing.T) { - w := &Watcher{ - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "p1"}, - }, - authQueue: make(chan AuthUpdate, 4), - } - - updates := w.prepareAuthUpdatesLocked([]*coreauth.Auth{{ID: "a", Provider: "p2"}}, false) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionModify || updates[0].ID != "a" { - t.Fatalf("unexpected modify updates: %+v", updates) - } - - updates = w.prepareAuthUpdatesLocked([]*coreauth.Auth{{ID: "a", Provider: "p2"}}, true) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionModify { - t.Fatalf("expected force modify, got %+v", updates) - } - - updates = w.prepareAuthUpdatesLocked([]*coreauth.Auth{}, false) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionDelete || updates[0].ID != "a" { - t.Fatalf("expected delete for missing auth, got %+v", updates) - } -} - -func TestAuthEqualIgnoresTemporalFields(t *testing.T) { - now := time.Now() - a := &coreauth.Auth{ID: "x", CreatedAt: now} - b := &coreauth.Auth{ID: "x", CreatedAt: now.Add(5 * time.Second)} - if !authEqual(a, b) { - t.Fatal("expected authEqual to ignore temporal differences") - } -} - -func TestDispatchLoopExitsWhenQueueNilAndContextCanceled(t *testing.T) { - w := &Watcher{ - dispatchCond: nil, - pendingUpdates: map[string]AuthUpdate{"k": {ID: "k"}}, - pendingOrder: []string{"k"}, - } - w.dispatchCond = sync.NewCond(&w.dispatchMu) - - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.dispatchLoop(ctx) - close(done) - }() - - time.Sleep(20 * time.Millisecond) - cancel() - w.dispatchMu.Lock() - w.dispatchCond.Broadcast() - w.dispatchMu.Unlock() - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("dispatchLoop did not exit after context cancel") - } -} - -func TestReloadClientsFiltersOAuthProvidersWithoutRescan(t *testing.T) { - tmp := t.TempDir() - w := &Watcher{ - authDir: tmp, - config: &config.Config{AuthDir: tmp}, - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "Match"}, - "b": {ID: "b", Provider: "other"}, - }, - lastAuthHashes: map[string]string{"cached": "hash"}, - } - - w.reloadClients(false, []string{"match"}, false) - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if _, ok := w.currentAuths["a"]; ok { - t.Fatal("expected filtered provider to be removed") - } - if len(w.lastAuthHashes) != 1 { - t.Fatalf("expected existing hash cache to be retained, got %d", len(w.lastAuthHashes)) - } -} - -func TestScheduleProcessEventsStopsOnContextDone(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: make(chan fsnotify.Event, 1), - Errors: make(chan error, 1), - }, - configPath: "config.yaml", - authDir: "auth", - } - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - cancel() - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit on context cancel") - } -} - -func hexString(data []byte) string { - return strings.ToLower(fmt.Sprintf("%x", data)) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/http.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/http.go deleted file mode 100644 index abdb277cb9..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/http.go +++ /dev/null @@ -1,248 +0,0 @@ -package wsrelay - -import ( - "bytes" - "context" - "errors" - "fmt" - "net/http" - "time" - - "github.com/google/uuid" -) - -// HTTPRequest represents a proxied HTTP request delivered to websocket clients. -type HTTPRequest struct { - Method string - URL string - Headers http.Header - Body []byte -} - -// HTTPResponse captures the response relayed back from websocket clients. -type HTTPResponse struct { - Status int - Headers http.Header - Body []byte -} - -// StreamEvent represents a streaming response event from clients. -type StreamEvent struct { - Type string - Payload []byte - Status int - Headers http.Header - Err error -} - -// NonStream executes a non-streaming HTTP request using the websocket provider. -func (m *Manager) NonStream(ctx context.Context, provider string, req *HTTPRequest) (*HTTPResponse, error) { - if req == nil { - return nil, fmt.Errorf("wsrelay: request is nil") - } - msg := Message{ID: uuid.NewString(), Type: MessageTypeHTTPReq, Payload: encodeRequest(req)} - respCh, err := m.Send(ctx, provider, msg) - if err != nil { - return nil, err - } - var ( - streamMode bool - streamResp *HTTPResponse - streamBody bytes.Buffer - ) - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case msg, ok := <-respCh: - if !ok { - if streamMode { - if streamResp == nil { - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } else if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamResp.Body = append(streamResp.Body[:0], streamBody.Bytes()...) - return streamResp, nil - } - return nil, errors.New("wsrelay: connection closed during response") - } - switch msg.Type { - case MessageTypeHTTPResp: - resp := decodeResponse(msg.Payload) - if streamMode && streamBody.Len() > 0 && len(resp.Body) == 0 { - resp.Body = append(resp.Body[:0], streamBody.Bytes()...) - } - return resp, nil - case MessageTypeError: - return nil, decodeError(msg.Payload) - case MessageTypeStreamStart, MessageTypeStreamChunk: - if msg.Type == MessageTypeStreamStart { - streamMode = true - streamResp = decodeResponse(msg.Payload) - if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamBody.Reset() - continue - } - if !streamMode { - streamMode = true - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } - chunk := decodeChunk(msg.Payload) - if len(chunk) > 0 { - streamBody.Write(chunk) - } - case MessageTypeStreamEnd: - if !streamMode { - return &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)}, nil - } - if streamResp == nil { - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } else if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamResp.Body = append(streamResp.Body[:0], streamBody.Bytes()...) - return streamResp, nil - default: - } - } - } -} - -// Stream executes a streaming HTTP request and returns channel with stream events. -func (m *Manager) Stream(ctx context.Context, provider string, req *HTTPRequest) (<-chan StreamEvent, error) { - if req == nil { - return nil, fmt.Errorf("wsrelay: request is nil") - } - msg := Message{ID: uuid.NewString(), Type: MessageTypeHTTPReq, Payload: encodeRequest(req)} - respCh, err := m.Send(ctx, provider, msg) - if err != nil { - return nil, err - } - out := make(chan StreamEvent) - go func() { - defer close(out) - send := func(ev StreamEvent) bool { - if ctx == nil { - out <- ev - return true - } - select { - case <-ctx.Done(): - return false - case out <- ev: - return true - } - } - for { - select { - case <-ctx.Done(): - return - case msg, ok := <-respCh: - if !ok { - _ = send(StreamEvent{Err: errors.New("wsrelay: stream closed")}) - return - } - switch msg.Type { - case MessageTypeStreamStart: - resp := decodeResponse(msg.Payload) - if okSend := send(StreamEvent{Type: MessageTypeStreamStart, Status: resp.Status, Headers: resp.Headers}); !okSend { - return - } - case MessageTypeStreamChunk: - chunk := decodeChunk(msg.Payload) - if okSend := send(StreamEvent{Type: MessageTypeStreamChunk, Payload: chunk}); !okSend { - return - } - case MessageTypeStreamEnd: - _ = send(StreamEvent{Type: MessageTypeStreamEnd}) - return - case MessageTypeError: - _ = send(StreamEvent{Type: MessageTypeError, Err: decodeError(msg.Payload)}) - return - case MessageTypeHTTPResp: - resp := decodeResponse(msg.Payload) - _ = send(StreamEvent{Type: MessageTypeHTTPResp, Status: resp.Status, Headers: resp.Headers, Payload: resp.Body}) - return - default: - } - } - } - }() - return out, nil -} - -func encodeRequest(req *HTTPRequest) map[string]any { - headers := make(map[string]any, len(req.Headers)) - for key, values := range req.Headers { - copyValues := make([]string, len(values)) - copy(copyValues, values) - headers[key] = copyValues - } - return map[string]any{ - "method": req.Method, - "url": req.URL, - "headers": headers, - "body": string(req.Body), - "sent_at": time.Now().UTC().Format(time.RFC3339Nano), - } -} - -func decodeResponse(payload map[string]any) *HTTPResponse { - if payload == nil { - return &HTTPResponse{Status: http.StatusBadGateway, Headers: make(http.Header)} - } - resp := &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - if status, ok := payload["status"].(float64); ok { - resp.Status = int(status) - } - if headers, ok := payload["headers"].(map[string]any); ok { - for key, raw := range headers { - switch v := raw.(type) { - case []any: - for _, item := range v { - if str, ok := item.(string); ok { - resp.Headers.Add(key, str) - } - } - case []string: - for _, str := range v { - resp.Headers.Add(key, str) - } - case string: - resp.Headers.Set(key, v) - } - } - } - if body, ok := payload["body"].(string); ok { - resp.Body = []byte(body) - } - return resp -} - -func decodeChunk(payload map[string]any) []byte { - if payload == nil { - return nil - } - if data, ok := payload["data"].(string); ok { - return []byte(data) - } - return nil -} - -func decodeError(payload map[string]any) error { - if payload == nil { - return errors.New("wsrelay: unknown error") - } - message, _ := payload["error"].(string) - status := 0 - if v, ok := payload["status"].(float64); ok { - status = int(v) - } - if message == "" { - message = "wsrelay: upstream error" - } - return fmt.Errorf("%s (status=%d)", message, status) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/manager.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/manager.go deleted file mode 100644 index ae28234c15..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/manager.go +++ /dev/null @@ -1,205 +0,0 @@ -package wsrelay - -import ( - "context" - "crypto/rand" - "errors" - "fmt" - "net/http" - "strings" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -// Manager exposes a websocket endpoint that proxies Gemini requests to -// connected clients. -type Manager struct { - path string - upgrader websocket.Upgrader - sessions map[string]*session - sessMutex sync.RWMutex - - providerFactory func(*http.Request) (string, error) - onConnected func(string) - onDisconnected func(string, error) - - logDebugf func(string, ...any) - logInfof func(string, ...any) - logWarnf func(string, ...any) -} - -// Options configures a Manager instance. -type Options struct { - Path string - ProviderFactory func(*http.Request) (string, error) - OnConnected func(string) - OnDisconnected func(string, error) - LogDebugf func(string, ...any) - LogInfof func(string, ...any) - LogWarnf func(string, ...any) -} - -// NewManager builds a websocket relay manager with the supplied options. -func NewManager(opts Options) *Manager { - path := strings.TrimSpace(opts.Path) - if path == "" { - path = "/v1/ws" - } - if !strings.HasPrefix(path, "/") { - path = "/" + path - } - mgr := &Manager{ - path: path, - sessions: make(map[string]*session), - upgrader: websocket.Upgrader{ - ReadBufferSize: 1024, - WriteBufferSize: 1024, - CheckOrigin: func(r *http.Request) bool { - return true - }, - }, - providerFactory: opts.ProviderFactory, - onConnected: opts.OnConnected, - onDisconnected: opts.OnDisconnected, - logDebugf: opts.LogDebugf, - logInfof: opts.LogInfof, - logWarnf: opts.LogWarnf, - } - if mgr.logDebugf == nil { - mgr.logDebugf = func(string, ...any) {} - } - if mgr.logInfof == nil { - mgr.logInfof = func(string, ...any) {} - } - if mgr.logWarnf == nil { - mgr.logWarnf = func(s string, args ...any) { fmt.Printf(s+"\n", args...) } - } - return mgr -} - -// Path returns the HTTP path the manager expects for websocket upgrades. -func (m *Manager) Path() string { - if m == nil { - return "/v1/ws" - } - return m.path -} - -// Handler exposes an http.Handler that upgrades connections to websocket sessions. -func (m *Manager) Handler() http.Handler { - return http.HandlerFunc(m.handleWebsocket) -} - -// Stop gracefully closes all active websocket sessions. -func (m *Manager) Stop(_ context.Context) error { - m.sessMutex.Lock() - sessions := make([]*session, 0, len(m.sessions)) - for _, sess := range m.sessions { - sessions = append(sessions, sess) - } - m.sessions = make(map[string]*session) - m.sessMutex.Unlock() - - for _, sess := range sessions { - if sess != nil { - sess.cleanup(errors.New("wsrelay: manager stopped")) - } - } - return nil -} - -// handleWebsocket upgrades the connection and wires the session into the pool. -func (m *Manager) handleWebsocket(w http.ResponseWriter, r *http.Request) { - expectedPath := m.Path() - if expectedPath != "" && r.URL != nil && r.URL.Path != expectedPath { - http.NotFound(w, r) - return - } - if !strings.EqualFold(r.Method, http.MethodGet) { - w.Header().Set("Allow", http.MethodGet) - http.Error(w, "method not allowed", http.StatusMethodNotAllowed) - return - } - conn, err := m.upgrader.Upgrade(w, r, nil) - if err != nil { - m.logWarnf("wsrelay: upgrade failed: %v", err) - return - } - s := newSession(conn, m, randomProviderName()) - if m.providerFactory != nil { - name, err := m.providerFactory(r) - if err != nil { - s.cleanup(err) - return - } - if strings.TrimSpace(name) != "" { - s.provider = strings.ToLower(name) - } - } - if s.provider == "" { - s.provider = strings.ToLower(s.id) - } - m.sessMutex.Lock() - var replaced *session - if existing, ok := m.sessions[s.provider]; ok { - replaced = existing - } - m.sessions[s.provider] = s - m.sessMutex.Unlock() - - if replaced != nil { - replaced.cleanup(errors.New("replaced by new connection")) - } - if m.onConnected != nil { - m.onConnected(s.provider) - } - - go s.run(context.Background()) -} - -// Send forwards the message to the specific provider connection and returns a channel -// yielding response messages. -func (m *Manager) Send(ctx context.Context, provider string, msg Message) (<-chan Message, error) { - s := m.session(provider) - if s == nil { - return nil, fmt.Errorf("wsrelay: provider %s not connected", provider) - } - return s.request(ctx, msg) -} - -func (m *Manager) session(provider string) *session { - key := strings.ToLower(strings.TrimSpace(provider)) - m.sessMutex.RLock() - s := m.sessions[key] - m.sessMutex.RUnlock() - return s -} - -func (m *Manager) handleSessionClosed(s *session, cause error) { - if s == nil { - return - } - key := strings.ToLower(strings.TrimSpace(s.provider)) - m.sessMutex.Lock() - if cur, ok := m.sessions[key]; ok && cur == s { - delete(m.sessions, key) - } - m.sessMutex.Unlock() - if m.onDisconnected != nil { - m.onDisconnected(s.provider, cause) - } -} - -func randomProviderName() string { - const alphabet = "abcdefghijklmnopqrstuvwxyz0123456789" - buf := make([]byte, 16) - if _, err := rand.Read(buf); err != nil { - return fmt.Sprintf("aistudio-%x", time.Now().UnixNano()) - } - for i := range buf { - buf[i] = alphabet[int(buf[i])%len(alphabet)] - } - return "aistudio-" + string(buf) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/message.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/message.go deleted file mode 100644 index bf716e5e1a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/message.go +++ /dev/null @@ -1,27 +0,0 @@ -package wsrelay - -// Message represents the JSON payload exchanged with websocket clients. -type Message struct { - ID string `json:"id"` - Type string `json:"type"` - Payload map[string]any `json:"payload,omitempty"` -} - -const ( - // MessageTypeHTTPReq identifies an HTTP-style request envelope. - MessageTypeHTTPReq = "http_request" - // MessageTypeHTTPResp identifies a non-streaming HTTP response envelope. - MessageTypeHTTPResp = "http_response" - // MessageTypeStreamStart marks the beginning of a streaming response. - MessageTypeStreamStart = "stream_start" - // MessageTypeStreamChunk carries a streaming response chunk. - MessageTypeStreamChunk = "stream_chunk" - // MessageTypeStreamEnd marks the completion of a streaming response. - MessageTypeStreamEnd = "stream_end" - // MessageTypeError carries an error response. - MessageTypeError = "error" - // MessageTypePing represents ping messages from clients. - MessageTypePing = "ping" - // MessageTypePong represents pong responses back to clients. - MessageTypePong = "pong" -) diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/session.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/session.go deleted file mode 100644 index cd401e0c73..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/session.go +++ /dev/null @@ -1,188 +0,0 @@ -package wsrelay - -import ( - "context" - "errors" - "fmt" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -const ( - readTimeout = 60 * time.Second - writeTimeout = 10 * time.Second - maxInboundMessageLen = 64 << 20 // 64 MiB - heartbeatInterval = 30 * time.Second -) - -var errClosed = errors.New("websocket session closed") - -type pendingRequest struct { - ch chan Message - closeOnce sync.Once -} - -func (pr *pendingRequest) close() { - if pr == nil { - return - } - pr.closeOnce.Do(func() { - close(pr.ch) - }) -} - -type session struct { - conn *websocket.Conn - manager *Manager - provider string - id string - closed chan struct{} - closeOnce sync.Once - writeMutex sync.Mutex - pending sync.Map // map[string]*pendingRequest -} - -func newSession(conn *websocket.Conn, mgr *Manager, id string) *session { - s := &session{ - conn: conn, - manager: mgr, - provider: "", - id: id, - closed: make(chan struct{}), - } - conn.SetReadLimit(maxInboundMessageLen) - _ = conn.SetReadDeadline(time.Now().Add(readTimeout)) - conn.SetPongHandler(func(string) error { - _ = conn.SetReadDeadline(time.Now().Add(readTimeout)) - return nil - }) - s.startHeartbeat() - return s -} - -func (s *session) startHeartbeat() { - if s == nil || s.conn == nil { - return - } - ticker := time.NewTicker(heartbeatInterval) - go func() { - defer ticker.Stop() - for { - select { - case <-s.closed: - return - case <-ticker.C: - s.writeMutex.Lock() - err := s.conn.WriteControl(websocket.PingMessage, []byte("ping"), time.Now().Add(writeTimeout)) - s.writeMutex.Unlock() - if err != nil { - s.cleanup(err) - return - } - } - } - }() -} - -func (s *session) run(ctx context.Context) { - defer s.cleanup(errClosed) - for { - var msg Message - if err := s.conn.ReadJSON(&msg); err != nil { - s.cleanup(err) - return - } - s.dispatch(msg) - } -} - -func (s *session) dispatch(msg Message) { - if msg.Type == MessageTypePing { - _ = s.send(context.Background(), Message{ID: msg.ID, Type: MessageTypePong}) - return - } - if value, ok := s.pending.Load(msg.ID); ok { - req := value.(*pendingRequest) - select { - case req.ch <- msg: - default: - } - if msg.Type == MessageTypeHTTPResp || msg.Type == MessageTypeError || msg.Type == MessageTypeStreamEnd { - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - actual.(*pendingRequest).close() - } - } - return - } - if msg.Type == MessageTypeHTTPResp || msg.Type == MessageTypeError || msg.Type == MessageTypeStreamEnd { - s.manager.logDebugf("wsrelay: received terminal message for unknown id %s (provider=%s)", msg.ID, s.provider) - } -} - -func (s *session) send(ctx context.Context, msg Message) error { - select { - case <-s.closed: - return errClosed - default: - } - s.writeMutex.Lock() - defer s.writeMutex.Unlock() - if err := s.conn.SetWriteDeadline(time.Now().Add(writeTimeout)); err != nil { - return fmt.Errorf("set write deadline: %w", err) - } - if err := s.conn.WriteJSON(msg); err != nil { - return fmt.Errorf("write json: %w", err) - } - return nil -} - -func (s *session) request(ctx context.Context, msg Message) (<-chan Message, error) { - if msg.ID == "" { - return nil, fmt.Errorf("wsrelay: message id is required") - } - if _, loaded := s.pending.LoadOrStore(msg.ID, &pendingRequest{ch: make(chan Message, 8)}); loaded { - return nil, fmt.Errorf("wsrelay: duplicate message id %s", msg.ID) - } - value, _ := s.pending.Load(msg.ID) - req := value.(*pendingRequest) - if err := s.send(ctx, msg); err != nil { - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - req := actual.(*pendingRequest) - req.close() - } - return nil, err - } - go func() { - select { - case <-ctx.Done(): - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - actual.(*pendingRequest).close() - } - case <-s.closed: - } - }() - return req.ch, nil -} - -func (s *session) cleanup(cause error) { - s.closeOnce.Do(func() { - close(s.closed) - s.pending.Range(func(key, value any) bool { - req := value.(*pendingRequest) - msg := Message{ID: key.(string), Type: MessageTypeError, Payload: map[string]any{"error": cause.Error()}} - select { - case req.ch <- msg: - default: - } - req.close() - return true - }) - s.pending = sync.Map{} - _ = s.conn.Close() - if s.manager != nil { - s.manager.handleSessionClosed(s, cause) - } - }) -} diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/wsrelay_test.go b/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/wsrelay_test.go deleted file mode 100644 index 70d78fae6a..0000000000 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/wsrelay/wsrelay_test.go +++ /dev/null @@ -1,45 +0,0 @@ -package wsrelay - -import ( - "context" - "net/http/httptest" - "strings" - "testing" - - "github.com/gorilla/websocket" -) - -func TestManager_Handler(t *testing.T) { - mgr := NewManager(Options{}) - ts := httptest.NewServer(mgr.Handler()) - defer ts.Close() - - wsURL := "ws" + strings.TrimPrefix(ts.URL, "http") + mgr.Path() - conn, _, err := websocket.DefaultDialer.Dial(wsURL, nil) - if err != nil { - t.Fatalf("failed to connect: %v", err) - } - defer func() { _ = conn.Close() }() - - if mgr.Path() != "/v1/ws" { - t.Errorf("got path %q, want /v1/ws", mgr.Path()) - } -} - -func TestManager_Stop(t *testing.T) { - mgr := NewManager(Options{}) - ts := httptest.NewServer(mgr.Handler()) - defer ts.Close() - - wsURL := "ws" + strings.TrimPrefix(ts.URL, "http") + mgr.Path() - conn, _, err := websocket.DefaultDialer.Dial(wsURL, nil) - if err != nil { - t.Fatalf("failed to connect: %v", err) - } - defer func() { _ = conn.Close() }() - - err = mgr.Stop(context.Background()) - if err != nil { - t.Fatalf("Stop failed: %v", err) - } -} diff --git a/.worktrees/config/m/config-build/active/releasebatch b/.worktrees/config/m/config-build/active/releasebatch deleted file mode 100755 index 7ba7129aa5..0000000000 Binary files a/.worktrees/config/m/config-build/active/releasebatch and /dev/null differ diff --git a/.worktrees/config/m/config-build/active/scripts/generate_llms_docs.py b/.worktrees/config/m/config-build/active/scripts/generate_llms_docs.py deleted file mode 100755 index cbcb8403f1..0000000000 --- a/.worktrees/config/m/config-build/active/scripts/generate_llms_docs.py +++ /dev/null @@ -1,267 +0,0 @@ -#!/usr/bin/env python3 -"""Generate repository-level LLM context files. - -Targets: -- llms.txt: concise, exactly 1000 lines -- llms-full.txt: detailed, exactly 7000 lines (within requested 5k-10k) -""" - -from __future__ import annotations - -import argparse -import re -from dataclasses import dataclass -from pathlib import Path - -DEFAULT_CONCISE_TARGET = 1000 -DEFAULT_FULL_TARGET = 7000 - -INCLUDE_SUFFIXES = { - ".md", - ".go", - ".yaml", - ".yml", - ".json", - ".toml", - ".sh", - ".ps1", - ".ts", -} -INCLUDE_NAMES = { - "Dockerfile", - "Taskfile.yml", - "go.mod", - "go.sum", - "LICENSE", - "README.md", -} -EXCLUDE_DIRS = { - ".git", - ".github", - "node_modules", - "dist", - "build", - ".venv", - "vendor", -} - - -@dataclass -class RepoFile: - path: Path - rel: str - content: str - - -def read_text(path: Path) -> str: - try: - return path.read_text(encoding="utf-8") - except UnicodeDecodeError: - return path.read_text(encoding="utf-8", errors="ignore") - - -def collect_files(repo_root: Path) -> list[RepoFile]: - files: list[RepoFile] = [] - for path in sorted(repo_root.rglob("*")): - if not path.is_file(): - continue - parts = set(path.parts) - if parts & EXCLUDE_DIRS: - continue - if path.name in {"llms.txt", "llms-full.txt"}: - continue - if path.suffix.lower() not in INCLUDE_SUFFIXES and path.name not in INCLUDE_NAMES: - continue - if path.stat().st_size > 300_000: - continue - rel = path.relative_to(repo_root).as_posix() - files.append(RepoFile(path=path, rel=rel, content=read_text(path))) - return files - - -def markdown_headings(text: str) -> list[str]: - out = [] - for line in text.splitlines(): - s = line.strip() - if s.startswith("#"): - out.append(s) - return out - - -def list_task_names(taskfile_text: str) -> list[str]: - names = [] - for line in taskfile_text.splitlines(): - m = re.match(r"^\s{2}([a-zA-Z0-9:_\-.]+):\s*$", line) - if m: - names.append(m.group(1)) - return names - - -def extract_endpoints(go_text: str) -> list[str]: - endpoints = [] - for m in re.finditer(r'"(/v[0-9]/[^"\s]*)"', go_text): - endpoints.append(m.group(1)) - for m in re.finditer(r'"(/health[^"\s]*)"', go_text): - endpoints.append(m.group(1)) - return sorted(set(endpoints)) - - -def normalize_lines(lines: list[str]) -> list[str]: - out = [] - for line in lines: - s = line.rstrip() - if not s: - out.append("") - else: - out.append(s) - return out - - -def fit_lines(lines: list[str], target: int, fallback_pool: list[str]) -> list[str]: - lines = normalize_lines(lines) - if len(lines) > target: - return lines[:target] - - idx = 0 - while len(lines) < target: - if fallback_pool: - lines.append(fallback_pool[idx % len(fallback_pool)]) - idx += 1 - else: - lines.append(f"filler-line-{len(lines)+1}") - return lines - - -def build_concise(repo_root: Path, files: list[RepoFile], target: int) -> list[str]: - lines: list[str] = [] - by_rel = {f.rel: f for f in files} - - readme = by_rel.get("README.md") - taskfile = by_rel.get("Taskfile.yml") - - lines.append("# cliproxyapi++ LLM Context (Concise)") - lines.append("Generated from repository files for agent/dev/user consumption.") - lines.append("") - - if readme: - lines.append("## README Highlights") - for raw in readme.content.splitlines()[:180]: - s = raw.strip() - if s: - lines.append(s) - lines.append("") - - if taskfile: - lines.append("## Taskfile Tasks") - for name in list_task_names(taskfile.content): - lines.append(f"- {name}") - lines.append("") - - lines.append("## Documentation Index") - doc_files = [f for f in files if f.rel.startswith("docs/") and f.rel.endswith(".md")] - for f in doc_files: - lines.append(f"- {f.rel}") - lines.append("") - - lines.append("## Markdown Headings") - for f in doc_files + ([readme] if readme else []): - if not f: - continue - hs = markdown_headings(f.content) - if not hs: - continue - lines.append(f"### {f.rel}") - for h in hs[:80]: - lines.append(f"- {h}") - lines.append("") - - lines.append("## Go Source Index") - go_files = [f for f in files if f.rel.endswith(".go")] - for f in go_files: - lines.append(f"- {f.rel}") - lines.append("") - - lines.append("## API/Health Endpoints (Detected)") - seen = set() - for f in go_files: - for ep in extract_endpoints(f.content): - if ep in seen: - continue - seen.add(ep) - lines.append(f"- {ep}") - lines.append("") - - lines.append("## Config and Examples") - for f in files: - if f.rel.startswith("examples/") or "config" in f.rel.lower(): - lines.append(f"- {f.rel}") - - fallback_pool = [f"index:{f.rel}" for f in files] - return fit_lines(lines, target, fallback_pool) - - -def build_full(repo_root: Path, files: list[RepoFile], concise: list[str], target: int) -> list[str]: - lines: list[str] = [] - lines.append("# cliproxyapi++ LLM Context (Full)") - lines.append("Expanded, line-addressable repository context.") - lines.append("") - - lines.extend(concise[:300]) - lines.append("") - lines.append("## Detailed File Snapshots") - - snapshot_files = [ - f - for f in files - if f.rel.endswith((".md", ".go", ".yaml", ".yml", ".sh", ".ps1", ".ts")) - ] - - for f in snapshot_files: - lines.append("") - lines.append(f"### FILE: {f.rel}") - body = f.content.splitlines() - if not body: - lines.append("(empty)") - continue - - max_lines = 160 if f.rel.endswith(".go") else 220 if f.rel.endswith(".md") else 120 - for i, raw in enumerate(body[:max_lines], 1): - lines.append(f"{i:04d}: {raw.rstrip()}") - - lines.append("") - lines.append("## Repository Path Inventory") - for f in files: - lines.append(f"- {f.rel}") - - fallback_pool = [f"path:{f.rel}" for f in files] - return fit_lines(lines, target, fallback_pool) - - -def main() -> int: - parser = argparse.ArgumentParser(description="Generate llms.txt and llms-full.txt") - parser.add_argument("--repo-root", default=".", help="Repository root") - parser.add_argument("--concise-target", type=int, default=DEFAULT_CONCISE_TARGET) - parser.add_argument("--full-target", type=int, default=DEFAULT_FULL_TARGET) - args = parser.parse_args() - - repo_root = Path(args.repo_root).resolve() - files = collect_files(repo_root) - - concise = build_concise(repo_root, files, args.concise_target) - full = build_full(repo_root, files, concise, args.full_target) - - concise_path = repo_root / "llms.txt" - full_path = repo_root / "llms-full.txt" - - concise_path.write_text("\n".join(concise) + "\n", encoding="utf-8") - full_path.write_text("\n".join(full) + "\n", encoding="utf-8") - - print(f"Generated {concise_path}") - print(f"Generated {full_path}") - print(f"llms.txt lines: {len(concise)}") - print(f"llms-full.txt lines: {len(full)}") - return 0 - - -if __name__ == "__main__": - raise SystemExit(main()) diff --git a/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix-cheapest.sh b/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix-cheapest.sh deleted file mode 100755 index cf139c4123..0000000000 --- a/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix-cheapest.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -# Convenience matrix for cheap/lowest-cost aliases used in provider smoke checks. -# -# This keeps CI and local smoke commands reproducible while still allowing callers -# to override cases/URLs in advanced workflows. - -readonly default_cheapest_cases="openai:gpt-5-codex-mini,claude:claude-3-5-haiku-20241022,gemini:gemini-2.5-flash,kimi:kimi-k2,qwen:qwen3-coder-flash,deepseek:deepseek-v3" -readonly cheapest_mode="${CLIPROXY_PROVIDER_SMOKE_CHEAP_MODE:-default}" -readonly explicit_all_cases="${CLIPROXY_PROVIDER_SMOKE_ALL_CASES:-}" - -if [ "${cheapest_mode}" = "all" ]; then - if [ -z "${explicit_all_cases}" ]; then - echo "[WARN] CLIPROXY_PROVIDER_SMOKE_ALL_CASES is empty; falling back to default cheapest aliases." - export CLIPROXY_PROVIDER_SMOKE_CASES="${CLIPROXY_PROVIDER_SMOKE_CASES:-$default_cheapest_cases}" - else - export CLIPROXY_PROVIDER_SMOKE_CASES="${explicit_all_cases}" - fi -else - export CLIPROXY_PROVIDER_SMOKE_CASES="${CLIPROXY_PROVIDER_SMOKE_CASES:-$default_cheapest_cases}" -fi - -if [ -z "${CLIPROXY_PROVIDER_SMOKE_CASES}" ]; then - echo "[WARN] provider smoke cases are empty; script will skip." - exit 0 -fi - -export CLIPROXY_SMOKE_EXPECT_SUCCESS="${CLIPROXY_SMOKE_EXPECT_SUCCESS:-0}" - -if [ -n "${explicit_all_cases}" ] && [ "${cheapest_mode}" = "all" ]; then - echo "[INFO] provider-smoke-matrix-cheapest running all-cheapest mode with ${CLIPROXY_PROVIDER_SMOKE_CASES}" -else - echo "[INFO] provider-smoke-matrix-cheapest running default mode with ${CLIPROXY_PROVIDER_SMOKE_CASES}" -fi - -"$(dirname "$0")/provider-smoke-matrix.sh" diff --git a/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix-test.sh b/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix-test.sh deleted file mode 100755 index 0d4f840c78..0000000000 --- a/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix-test.sh +++ /dev/null @@ -1,224 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -run_matrix_check() { - local label="$1" - local expect_exit_code="$2" - shift 2 - - local output status - output="" - status=0 - set +e - output="$("$@" 2>&1)" - status=$? - set -e - - printf '===== %s =====\n' "$label" - echo "${output}" - - if [ "${status}" -ne "${expect_exit_code}" ]; then - echo "[FAIL] ${label}: expected exit code ${expect_exit_code}, got ${status}" - exit 1 - fi -} - -create_fake_curl() { - local output_path="$1" - local state_file="$2" - local status_sequence="${3:-200}" - - cat >"${output_path}" <<'EOF' -#!/usr/bin/env bash -set -euo pipefail - -url="" -output_file="" -next_is_output=0 -for arg in "$@"; do - if [ "${next_is_output}" -eq 1 ]; then - output_file="${arg}" - next_is_output=0 - continue - fi - if [ "${arg}" = "-o" ]; then - next_is_output=1 - continue - fi - if [[ "${arg}" == http* ]]; then - url="${arg}" - fi -done - -count=0 -if [ -f "${STATE_FILE}" ]; then - count="$(cat "${STATE_FILE}")" -fi -count=$((count + 1)) -printf '%s' "${count}" > "${STATE_FILE}" - -case "${url}" in - *"/v1/models"*) - if [ -n "${output_file}" ]; then - printf '%s\n' '{"object":"list","data":[]}' > "${output_file}" - fi - echo "200" - ;; - *"/v1/responses"*) - IFS=',' read -r -a statuses <<< "${STATUS_SEQUENCE}" - index=$((count - 1)) - if [ "${index}" -ge "${#statuses[@]}" ]; then - index=$(( ${#statuses[@]} - 1 )) - fi - status="${statuses[${index}]}" - if [ -n "${output_file}" ]; then - printf '%s\n' '{"id":"mock","object":"response"}' > "${output_file}" - fi - printf '%s\n' "${status}" - ;; - *) - if [ -n "${output_file}" ]; then - printf '%s\n' '{"error":"unexpected request"}' > "${output_file}" - fi - echo "404" - ;; -esac -EOF - - chmod +x "${output_path}" - printf '%s\n' "${state_file}" -} - -run_skip_case() { - local workdir - workdir="$(mktemp -d)" - local fake_curl="${workdir}/fake-curl.sh" - local state="${workdir}/state" - - create_fake_curl "${fake_curl}" "${state}" "200,200,200" - - run_matrix_check "empty cases are skipped" 0 \ - env \ - CLIPROXY_PROVIDER_SMOKE_CASES="" \ - CLIPROXY_SMOKE_CURL_BIN="${fake_curl}" \ - CLIPROXY_SMOKE_WAIT_FOR_READY="0" \ - ./scripts/provider-smoke-matrix.sh - - rm -rf "${workdir}" -} - -run_pass_case() { - local workdir - workdir="$(mktemp -d)" - local fake_curl="${workdir}/fake-curl.sh" - local state="${workdir}/state" - - create_fake_curl "${fake_curl}" "${state}" "200,200" - - run_matrix_check "successful responses complete without failure" 0 \ - env \ - STATUS_SEQUENCE="200,200" \ - STATE_FILE="${state}" \ - CLIPROXY_PROVIDER_SMOKE_CASES="openai:gpt-4o-mini,claude:claude-sonnet-4" \ - CLIPROXY_SMOKE_CURL_BIN="${fake_curl}" \ - CLIPROXY_SMOKE_WAIT_FOR_READY="1" \ - CLIPROXY_SMOKE_READY_ATTEMPTS="1" \ - CLIPROXY_SMOKE_READY_SLEEP_SECONDS="0" \ - ./scripts/provider-smoke-matrix.sh - - rm -rf "${workdir}" -} - -run_fail_case() { - local workdir - workdir="$(mktemp -d)" - local fake_curl="${workdir}/fake-curl.sh" - local state="${workdir}/state" - - create_fake_curl "${fake_curl}" "${state}" "500" - - run_matrix_check "non-2xx responses fail when EXPECT_SUCCESS=0" 1 \ - env \ - STATUS_SEQUENCE="500" \ - STATE_FILE="${state}" \ - CLIPROXY_PROVIDER_SMOKE_CASES="openai:gpt-4o-mini" \ - CLIPROXY_SMOKE_CURL_BIN="${fake_curl}" \ - CLIPROXY_SMOKE_WAIT_FOR_READY="0" \ - CLIPROXY_SMOKE_TIMEOUT_SECONDS="1" \ - ./scripts/provider-smoke-matrix.sh - - rm -rf "${workdir}" -} - -run_cheapest_case() { - local workdir - workdir="$(mktemp -d)" - local fake_curl="${workdir}/fake-curl.sh" - local state="${workdir}/state" - - create_fake_curl "${fake_curl}" "${state}" - - run_matrix_check "cheapest defaults include 6 aliases" 0 \ - env \ - STATUS_SEQUENCE="200,200,200,200,200,200" \ - STATE_FILE="${state}" \ - CLIPROXY_SMOKE_CURL_BIN="${fake_curl}" \ - CLIPROXY_SMOKE_WAIT_FOR_READY="1" \ - CLIPROXY_SMOKE_READY_ATTEMPTS="1" \ - CLIPROXY_SMOKE_READY_SLEEP_SECONDS="0" \ - ./scripts/provider-smoke-matrix-cheapest.sh - - rm -rf "${workdir}" -} - -run_cheapest_all_override_case() { - local workdir - workdir="$(mktemp -d)" - local fake_curl="${workdir}/fake-curl.sh" - local state="${workdir}/state" - - create_fake_curl "${fake_curl}" "${state}" - - run_matrix_check "all-cheapest override list is honored" 0 \ - env \ - CLIPROXY_PROVIDER_SMOKE_CHEAP_MODE="all" \ - CLIPROXY_PROVIDER_SMOKE_ALL_CASES="openai:gpt-4o-mini" \ - STATUS_SEQUENCE="200" \ - STATE_FILE="${state}" \ - CLIPROXY_SMOKE_CURL_BIN="${fake_curl}" \ - CLIPROXY_SMOKE_WAIT_FOR_READY="0" \ - CLIPROXY_SMOKE_TIMEOUT_SECONDS="1" \ - ./scripts/provider-smoke-matrix-cheapest.sh - - rm -rf "${workdir}" -} - -run_cheapest_all_fallback_case() { - local workdir - workdir="$(mktemp -d)" - local fake_curl="${workdir}/fake-curl.sh" - local state="${workdir}/state" - - create_fake_curl "${fake_curl}" "${state}" - - run_matrix_check "all-cheapest mode falls back to default when all-cases missing" 0 \ - env \ - CLIPROXY_PROVIDER_SMOKE_CHEAP_MODE="all" \ - CLIPROXY_PROVIDER_SMOKE_CASES="" \ - STATUS_SEQUENCE="200,200,200,200,200,200" \ - STATE_FILE="${state}" \ - CLIPROXY_SMOKE_CURL_BIN="${fake_curl}" \ - CLIPROXY_SMOKE_WAIT_FOR_READY="0" \ - CLIPROXY_SMOKE_TIMEOUT_SECONDS="1" \ - ./scripts/provider-smoke-matrix-cheapest.sh - - rm -rf "${workdir}" -} -run_skip_case -run_pass_case -run_fail_case -run_cheapest_case -run_cheapest_all_override_case -run_cheapest_all_fallback_case - -echo "[OK] provider-smoke-matrix script test suite passed" diff --git a/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix.sh b/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix.sh deleted file mode 100755 index 943b8f837f..0000000000 --- a/.worktrees/config/m/config-build/active/scripts/provider-smoke-matrix.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -BASE_URL="${CLIPROXY_BASE_URL:-http://127.0.0.1:8317}" -REQUEST_TIMEOUT="${CLIPROXY_SMOKE_TIMEOUT_SECONDS:-5}" -CASES="${CLIPROXY_PROVIDER_SMOKE_CASES:-}" -EXPECT_SUCCESS="${CLIPROXY_SMOKE_EXPECT_SUCCESS:-0}" -SMOKE_CURL_BIN="${CLIPROXY_SMOKE_CURL_BIN:-curl}" -WAIT_FOR_READY="${CLIPROXY_SMOKE_WAIT_FOR_READY:-0}" -READY_ATTEMPTS="${CLIPROXY_SMOKE_READY_ATTEMPTS:-60}" -READY_SLEEP_SECONDS="${CLIPROXY_SMOKE_READY_SLEEP_SECONDS:-1}" - -if [ -z "${CASES}" ]; then - echo "[SKIP] CLIPROXY_PROVIDER_SMOKE_CASES is empty. Set it to comma-separated cases like 'openai:gpt-4o-mini,claude:claude-3-5-sonnet-20241022'." - exit 0 -fi - -if ! command -v "${SMOKE_CURL_BIN}" >/dev/null 2>&1; then - echo "[SKIP] curl is required for provider smoke matrix." - exit 0 -fi - -if [ "${WAIT_FOR_READY}" = "1" ]; then - attempt=0 - while [ "${attempt}" -lt "${READY_ATTEMPTS}" ]; do - response_code="$("${SMOKE_CURL_BIN}" -sS -o /dev/null -w '%{http_code}' --max-time "${REQUEST_TIMEOUT}" "${BASE_URL}/v1/models" || true)" - case "${response_code}" in - 200|401|403) - echo "[OK] proxy ready (GET /v1/models -> ${response_code})" - break - ;; - esac - attempt=$((attempt + 1)) - if [ "${attempt}" -ge "${READY_ATTEMPTS}" ]; then - echo "[WARN] proxy not ready at ${BASE_URL}/v1/models after ${READY_ATTEMPTS} attempts" - break - fi - sleep "${READY_SLEEP_SECONDS}" - done -fi - -export LC_ALL=C -IFS=',' read -r -a CASE_LIST <<< "${CASES}" - -failures=0 -for case_pair in "${CASE_LIST[@]}"; do - case_pair="$(echo "${case_pair}" | tr -d '[:space:]')" - [ -z "${case_pair}" ] && continue - - if [[ "${case_pair}" == *:* ]]; then - model="${case_pair#*:}" - else - model="${case_pair}" - fi - - if [ -z "${model}" ]; then - echo "[WARN] empty case in CLIPROXY_PROVIDER_SMOKE_CASES; skipping" - continue - fi - - payload="$(printf '{"model":"%s","stream":false,"messages":[{"role":"user","content":"ping"}]}' "${model}")" - body_file="$(mktemp)" - http_code="0" - - # shellcheck disable=SC2086 - if ! http_code="$("${SMOKE_CURL_BIN}" -sS -o "${body_file}" -w '%{http_code}' \ - -X POST \ - -H 'Content-Type: application/json' \ - -d "${payload}" \ - --max-time "${REQUEST_TIMEOUT}" \ - "${BASE_URL}/v1/responses")"; then - http_code="0" - fi - - body="$(cat "${body_file}")" - rm -f "${body_file}" - - if [ "${http_code}" -eq 0 ]; then - echo "[FAIL] ${model}: request failed (curl/network failure)" - failures=$((failures + 1)) - continue - fi - - if [ "${EXPECT_SUCCESS}" = "1" ]; then - if [ "${http_code}" -ge 400 ]; then - echo "[FAIL] ${model}: HTTP ${http_code} body=${body}" - failures=$((failures + 1)) - else - echo "[OK] ${model}: HTTP ${http_code}" - fi - continue - fi - - if echo "${http_code}" | grep -qE '^(200|401|403)$'; then - echo "[OK] ${model}: HTTP ${http_code} (non-fatal for matrix smoke)" - else - echo "[FAIL] ${model}: HTTP ${http_code} body=${body}" - failures=$((failures + 1)) - fi -done - -if [ "${failures}" -ne 0 ]; then - echo "[FAIL] provider smoke matrix had ${failures} failing cases" - exit 1 -fi - -echo "[OK] provider smoke matrix completed" diff --git a/.worktrees/config/m/config-build/active/scripts/release_batch.sh b/.worktrees/config/m/config-build/active/scripts/release_batch.sh deleted file mode 100755 index 4f72158fd4..0000000000 --- a/.worktrees/config/m/config-build/active/scripts/release_batch.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -usage() { - cat <<'EOF' -Usage: scripts/release_batch.sh [--hotfix] [--target ] [--dry-run] - -Creates and publishes a GitHub release using the repo's existing tag pattern: - v..- - -Rules: - - Default mode (no --hotfix): bump patch, reset batch to 0. - - --hotfix mode: keep patch, increment batch suffix. - -Examples: - scripts/release_batch.sh - scripts/release_batch.sh --hotfix - scripts/release_batch.sh --target main --dry-run -EOF -} - -hotfix=0 -target_branch="main" -dry_run=0 - -while [[ $# -gt 0 ]]; do - case "$1" in - --hotfix) - hotfix=1 - shift - ;; - --target) - target_branch="${2:-}" - if [[ -z "$target_branch" ]]; then - echo "error: --target requires a value" >&2 - exit 1 - fi - shift 2 - ;; - --dry-run) - dry_run=1 - shift - ;; - -h|--help) - usage - exit 0 - ;; - *) - echo "error: unknown argument: $1" >&2 - usage - exit 1 - ;; - esac -done - -if [[ -n "$(git status --porcelain)" ]]; then - echo "error: working tree is not clean; commit/stash before release" >&2 - exit 1 -fi - -if ! command -v gh >/dev/null 2>&1; then - echo "error: gh CLI is required" >&2 - exit 1 -fi - -git fetch origin "$target_branch" --quiet -git fetch --tags origin --quiet - -if ! git show-ref --verify --quiet "refs/remotes/origin/${target_branch}"; then - echo "error: target branch origin/${target_branch} not found" >&2 - exit 1 -fi - -latest_tag="$(git tag -l 'v*' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+-[0-9]+$' | sort -V | tail -n 1)" -if [[ -z "$latest_tag" ]]; then - echo "error: no existing release tags matching v-" >&2 - exit 1 -fi - -version="${latest_tag#v}" -base="${version%-*}" -batch="${version##*-}" -major="${base%%.*}" -minor_patch="${base#*.}" -minor="${minor_patch%%.*}" -patch="${base##*.}" - -if [[ "$hotfix" -eq 1 ]]; then - next_patch="$patch" - next_batch="$((batch + 1))" -else - next_patch="$((patch + 1))" - next_batch=0 -fi - -next_tag="v${major}.${minor}.${next_patch}-${next_batch}" - -range="${latest_tag}..origin/${target_branch}" -mapfile -t commits < <(git log --pretty='%H %s' "$range") -if [[ "${#commits[@]}" -eq 0 ]]; then - echo "error: no commits found in ${range}" >&2 - exit 1 -fi - -notes_file="$(mktemp)" -{ - echo "## Changelog" - for line in "${commits[@]}"; do - echo "* ${line}" - done - echo -} > "$notes_file" - -echo "latest tag : $latest_tag" -echo "next tag : $next_tag" -echo "target : origin/${target_branch}" -echo "commits : ${#commits[@]}" - -if [[ "$dry_run" -eq 1 ]]; then - echo - echo "--- release notes preview ---" - cat "$notes_file" - rm -f "$notes_file" - exit 0 -fi - -git tag -a "$next_tag" "origin/${target_branch}" -m "$next_tag" -git push origin "$next_tag" -gh release create "$next_tag" \ - --title "$next_tag" \ - --target "$target_branch" \ - --notes-file "$notes_file" - -rm -f "$notes_file" -echo "release published: $next_tag" diff --git a/.worktrees/config/m/config-build/active/sdk/access/errors.go b/.worktrees/config/m/config-build/active/sdk/access/errors.go deleted file mode 100644 index 6f344bb0a2..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/access/errors.go +++ /dev/null @@ -1,90 +0,0 @@ -package access - -import ( - "fmt" - "net/http" - "strings" -) - -// AuthErrorCode classifies authentication failures. -type AuthErrorCode string - -const ( - AuthErrorCodeNoCredentials AuthErrorCode = "no_credentials" - AuthErrorCodeInvalidCredential AuthErrorCode = "invalid_credential" - AuthErrorCodeNotHandled AuthErrorCode = "not_handled" - AuthErrorCodeInternal AuthErrorCode = "internal_error" -) - -// AuthError carries authentication failure details and HTTP status. -type AuthError struct { - Code AuthErrorCode - Message string - StatusCode int - Cause error -} - -func (e *AuthError) Error() string { - if e == nil { - return "" - } - message := strings.TrimSpace(e.Message) - if message == "" { - message = "authentication error" - } - if e.Cause != nil { - return fmt.Sprintf("%s: %v", message, e.Cause) - } - return message -} - -func (e *AuthError) Unwrap() error { - if e == nil { - return nil - } - return e.Cause -} - -// HTTPStatusCode returns a safe fallback for missing status codes. -func (e *AuthError) HTTPStatusCode() int { - if e == nil || e.StatusCode <= 0 { - return http.StatusInternalServerError - } - return e.StatusCode -} - -func newAuthError(code AuthErrorCode, message string, statusCode int, cause error) *AuthError { - return &AuthError{ - Code: code, - Message: message, - StatusCode: statusCode, - Cause: cause, - } -} - -func NewNoCredentialsError() *AuthError { - return newAuthError(AuthErrorCodeNoCredentials, "Missing API key", http.StatusUnauthorized, nil) -} - -func NewInvalidCredentialError() *AuthError { - return newAuthError(AuthErrorCodeInvalidCredential, "Invalid API key", http.StatusUnauthorized, nil) -} - -func NewNotHandledError() *AuthError { - return newAuthError(AuthErrorCodeNotHandled, "authentication provider did not handle request", 0, nil) -} - -func NewInternalAuthError(message string, cause error) *AuthError { - normalizedMessage := strings.TrimSpace(message) - if normalizedMessage == "" { - normalizedMessage = "Authentication service error" - } - return newAuthError(AuthErrorCodeInternal, normalizedMessage, http.StatusInternalServerError, cause) -} - -func IsAuthErrorCode(authErr *AuthError, code AuthErrorCode) bool { - if authErr == nil { - return false - } - return authErr.Code == code -} diff --git a/.worktrees/config/m/config-build/active/sdk/access/manager.go b/.worktrees/config/m/config-build/active/sdk/access/manager.go deleted file mode 100644 index 2d4b032639..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/access/manager.go +++ /dev/null @@ -1,88 +0,0 @@ -package access - -import ( - "context" - "net/http" - "sync" -) - -// Manager coordinates authentication providers. -type Manager struct { - mu sync.RWMutex - providers []Provider -} - -// NewManager constructs an empty manager. -func NewManager() *Manager { - return &Manager{} -} - -// SetProviders replaces the active provider list. -func (m *Manager) SetProviders(providers []Provider) { - if m == nil { - return - } - cloned := make([]Provider, len(providers)) - copy(cloned, providers) - m.mu.Lock() - m.providers = cloned - m.mu.Unlock() -} - -// Providers returns a snapshot of the active providers. -func (m *Manager) Providers() []Provider { - if m == nil { - return nil - } - m.mu.RLock() - defer m.mu.RUnlock() - snapshot := make([]Provider, len(m.providers)) - copy(snapshot, m.providers) - return snapshot -} - -// Authenticate evaluates providers until one succeeds. -func (m *Manager) Authenticate(ctx context.Context, r *http.Request) (*Result, *AuthError) { - if m == nil { - return nil, nil - } - providers := m.Providers() - if len(providers) == 0 { - return nil, nil - } - - var ( - missing bool - invalid bool - ) - - for _, provider := range providers { - if provider == nil { - continue - } - res, authErr := provider.Authenticate(ctx, r) - if authErr == nil { - return res, nil - } - if IsAuthErrorCode(authErr, AuthErrorCodeNotHandled) { - continue - } - if IsAuthErrorCode(authErr, AuthErrorCodeNoCredentials) { - missing = true - continue - } - if IsAuthErrorCode(authErr, AuthErrorCodeInvalidCredential) { - invalid = true - continue - } - return nil, authErr - } - - if invalid { - return nil, NewInvalidCredentialError() - } - if missing { - return nil, NewNoCredentialsError() - } - return nil, NewNoCredentialsError() -} diff --git a/.worktrees/config/m/config-build/active/sdk/access/manager_test.go b/.worktrees/config/m/config-build/active/sdk/access/manager_test.go deleted file mode 100644 index cc10818ae1..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/access/manager_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package access - -import ( - "context" - "net/http" - "testing" -) - -type mockProvider struct { - id string - auth func(ctx context.Context, r *http.Request) (*Result, *AuthError) -} - -func (m *mockProvider) Identifier() string { return m.id } -func (m *mockProvider) Authenticate(ctx context.Context, r *http.Request) (*Result, *AuthError) { - return m.auth(ctx, r) -} - -func TestManager_Authenticate(t *testing.T) { - m := NewManager() - - // Test empty providers - res, err := m.Authenticate(context.Background(), nil) - if res != nil || err != nil { - t.Error("expected nil result and error for empty manager") - } - - p1 := &mockProvider{ - id: "p1", - auth: func(ctx context.Context, r *http.Request) (*Result, *AuthError) { - return nil, NewNotHandledError() - }, - } - p2 := &mockProvider{ - id: "p2", - auth: func(ctx context.Context, r *http.Request) (*Result, *AuthError) { - return &Result{Provider: "p2", Principal: "user"}, nil - }, - } - - m.SetProviders([]Provider{p1, p2}) - - // Test success - res, err = m.Authenticate(context.Background(), nil) - if err != nil { - t.Errorf("unexpected error: %v", err) - } - if res == nil || res.Provider != "p2" { - t.Errorf("expected result from p2, got %v", res) - } - - // Test invalid - p2.auth = func(ctx context.Context, r *http.Request) (*Result, *AuthError) { - return nil, NewInvalidCredentialError() - } - _, err = m.Authenticate(context.Background(), nil) - if err == nil || err.Code != AuthErrorCodeInvalidCredential { - t.Errorf("expected invalid credential error, got %v", err) - } - - // Test no credentials - p2.auth = func(ctx context.Context, r *http.Request) (*Result, *AuthError) { - return nil, NewNoCredentialsError() - } - _, err = m.Authenticate(context.Background(), nil) - if err == nil || err.Code != AuthErrorCodeNoCredentials { - t.Errorf("expected no credentials error, got %v", err) - } -} - -func TestManager_Providers(t *testing.T) { - m := NewManager() - p1 := &mockProvider{id: "p1"} - m.SetProviders([]Provider{p1}) - - providers := m.Providers() - if len(providers) != 1 || providers[0].Identifier() != "p1" { - t.Errorf("unexpected providers: %v", providers) - } - - // Test snapshot - m.SetProviders(nil) - if len(providers) != 1 { - t.Error("Providers() should return a snapshot") - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/access/registry.go b/.worktrees/config/m/config-build/active/sdk/access/registry.go deleted file mode 100644 index cbb0d1c555..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/access/registry.go +++ /dev/null @@ -1,83 +0,0 @@ -package access - -import ( - "context" - "net/http" - "strings" - "sync" -) - -// Provider validates credentials for incoming requests. -type Provider interface { - Identifier() string - Authenticate(ctx context.Context, r *http.Request) (*Result, *AuthError) -} - -// Result conveys authentication outcome. -type Result struct { - Provider string - Principal string - Metadata map[string]string -} - -var ( - registryMu sync.RWMutex - registry = make(map[string]Provider) - order []string -) - -// RegisterProvider registers a pre-built provider instance for a given type identifier. -func RegisterProvider(typ string, provider Provider) { - normalizedType := strings.TrimSpace(typ) - if normalizedType == "" || provider == nil { - return - } - - registryMu.Lock() - if _, exists := registry[normalizedType]; !exists { - order = append(order, normalizedType) - } - registry[normalizedType] = provider - registryMu.Unlock() -} - -// UnregisterProvider removes a provider by type identifier. -func UnregisterProvider(typ string) { - normalizedType := strings.TrimSpace(typ) - if normalizedType == "" { - return - } - registryMu.Lock() - if _, exists := registry[normalizedType]; !exists { - registryMu.Unlock() - return - } - delete(registry, normalizedType) - for index := range order { - if order[index] != normalizedType { - continue - } - order = append(order[:index], order[index+1:]...) - break - } - registryMu.Unlock() -} - -// RegisteredProviders returns the global provider instances in registration order. -func RegisteredProviders() []Provider { - registryMu.RLock() - if len(order) == 0 { - registryMu.RUnlock() - return nil - } - providers := make([]Provider, 0, len(order)) - for _, providerType := range order { - provider, exists := registry[providerType] - if !exists || provider == nil { - continue - } - providers = append(providers, provider) - } - registryMu.RUnlock() - return providers -} diff --git a/.worktrees/config/m/config-build/active/sdk/access/types.go b/.worktrees/config/m/config-build/active/sdk/access/types.go deleted file mode 100644 index 4ed80d0483..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/access/types.go +++ /dev/null @@ -1,47 +0,0 @@ -package access - -// AccessConfig groups request authentication providers. -type AccessConfig struct { - // Providers lists configured authentication providers. - Providers []AccessProvider `yaml:"providers,omitempty" json:"providers,omitempty"` -} - -// AccessProvider describes a request authentication provider entry. -type AccessProvider struct { - // Name is the instance identifier for the provider. - Name string `yaml:"name" json:"name"` - - // Type selects the provider implementation registered via the SDK. - Type string `yaml:"type" json:"type"` - - // SDK optionally names a third-party SDK module providing this provider. - SDK string `yaml:"sdk,omitempty" json:"sdk,omitempty"` - - // APIKeys lists inline keys for providers that require them. - APIKeys []string `yaml:"api-keys,omitempty" json:"api-keys,omitempty"` - - // Config passes provider-specific options to the implementation. - Config map[string]any `yaml:"config,omitempty" json:"config,omitempty"` -} - -const ( - // AccessProviderTypeConfigAPIKey is the built-in provider validating inline API keys. - AccessProviderTypeConfigAPIKey = "config-api-key" - - // DefaultAccessProviderName is applied when no provider name is supplied. - DefaultAccessProviderName = "config-inline" -) - -// MakeInlineAPIKeyProvider constructs an inline API key provider configuration. -// It returns nil when no keys are supplied. -func MakeInlineAPIKeyProvider(keys []string) *AccessProvider { - if len(keys) == 0 { - return nil - } - provider := &AccessProvider{ - Name: DefaultAccessProviderName, - Type: AccessProviderTypeConfigAPIKey, - APIKeys: append([]string(nil), keys...), - } - return provider -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/code_handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/code_handlers.go deleted file mode 100644 index 074ffc0d07..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/code_handlers.go +++ /dev/null @@ -1,327 +0,0 @@ -// Package claude provides HTTP handlers for Claude API code-related functionality. -// This package implements Claude-compatible streaming chat completions with sophisticated -// client rotation and quota management systems to ensure high availability and optimal -// resource utilization across multiple backend clients. It handles request translation -// between Claude API format and the underlying Gemini backend, providing seamless -// API compatibility while maintaining robust error handling and connection management. -package claude - -import ( - "bytes" - "compress/gzip" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - - "github.com/gin-gonic/gin" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// ClaudeCodeAPIHandler contains the handlers for Claude API endpoints. -// It holds a pool of clients to interact with the backend service. -type ClaudeCodeAPIHandler struct { - *handlers.BaseAPIHandler -} - -// NewClaudeCodeAPIHandler creates a new Claude API handlers instance. -// It takes an BaseAPIHandler instance as input and returns a ClaudeCodeAPIHandler. -// -// Parameters: -// - apiHandlers: The base API handler instance. -// -// Returns: -// - *ClaudeCodeAPIHandler: A new Claude code API handler instance. -func NewClaudeCodeAPIHandler(apiHandlers *handlers.BaseAPIHandler) *ClaudeCodeAPIHandler { - return &ClaudeCodeAPIHandler{ - BaseAPIHandler: apiHandlers, - } -} - -// HandlerType returns the identifier for this handler implementation. -func (h *ClaudeCodeAPIHandler) HandlerType() string { - return Claude -} - -// Models returns a list of models supported by this handler. -func (h *ClaudeCodeAPIHandler) Models() []map[string]any { - // Get dynamic models from the global registry - modelRegistry := registry.GetGlobalRegistry() - return modelRegistry.GetAvailableModels("claude") -} - -// ClaudeMessages handles Claude-compatible streaming chat completions. -// This function implements a sophisticated client rotation and quota management system -// to ensure high availability and optimal resource utilization across multiple backend clients. -// -// Parameters: -// - c: The Gin context for the request. -func (h *ClaudeCodeAPIHandler) ClaudeMessages(c *gin.Context) { - // Extract raw JSON data from the incoming request - rawJSON, err := c.GetRawData() - // If data retrieval fails, return a 400 Bad Request error. - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - // Check if the client requested a streaming response. - streamResult := gjson.GetBytes(rawJSON, "stream") - if !streamResult.Exists() || streamResult.Type == gjson.False { - h.handleNonStreamingResponse(c, rawJSON) - } else { - h.handleStreamingResponse(c, rawJSON) - } -} - -// ClaudeMessages handles Claude-compatible streaming chat completions. -// This function implements a sophisticated client rotation and quota management system -// to ensure high availability and optimal resource utilization across multiple backend clients. -// -// Parameters: -// - c: The Gin context for the request. -func (h *ClaudeCodeAPIHandler) ClaudeCountTokens(c *gin.Context) { - // Extract raw JSON data from the incoming request - rawJSON, err := c.GetRawData() - // If data retrieval fails, return a 400 Bad Request error. - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - c.Header("Content-Type", "application/json") - - alt := h.GetAlt(c) - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - - modelName := gjson.GetBytes(rawJSON, "model").String() - - resp, upstreamHeaders, errMsg := h.ExecuteCountWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, alt) - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -// ClaudeModels handles the Claude models listing endpoint. -// It returns a JSON response containing available Claude models and their specifications. -// -// Parameters: -// - c: The Gin context for the request. -func (h *ClaudeCodeAPIHandler) ClaudeModels(c *gin.Context) { - models := h.Models() - firstID := "" - lastID := "" - if len(models) > 0 { - if id, ok := models[0]["id"].(string); ok { - firstID = id - } - if id, ok := models[len(models)-1]["id"].(string); ok { - lastID = id - } - } - - c.JSON(http.StatusOK, gin.H{ - "data": models, - "has_more": false, - "first_id": firstID, - "last_id": lastID, - }) -} - -// handleNonStreamingResponse handles non-streaming content generation requests for Claude models. -// This function processes the request synchronously and returns the complete generated -// response in a single API call. It supports various generation parameters and -// response formats. -// -// Parameters: -// - c: The Gin context for the request -// - modelName: The name of the Gemini model to use for content generation -// - rawJSON: The raw JSON request body containing generation parameters and content -func (h *ClaudeCodeAPIHandler) handleNonStreamingResponse(c *gin.Context, rawJSON []byte) { - c.Header("Content-Type", "application/json") - alt := h.GetAlt(c) - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - stopKeepAlive := h.StartNonStreamingKeepAlive(c, cliCtx) - - modelName := gjson.GetBytes(rawJSON, "model").String() - - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, alt) - stopKeepAlive() - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - - // Decompress gzipped responses - Claude API sometimes returns gzip without Content-Encoding header - // This fixes title generation and other non-streaming responses that arrive compressed - if len(resp) >= 2 && resp[0] == 0x1f && resp[1] == 0x8b { - gzReader, errGzip := gzip.NewReader(bytes.NewReader(resp)) - if errGzip != nil { - log.Warnf("failed to decompress gzipped Claude response: %v", errGzip) - } else { - defer func() { - if errClose := gzReader.Close(); errClose != nil { - log.Warnf("failed to close Claude gzip reader: %v", errClose) - } - }() - decompressed, errRead := io.ReadAll(gzReader) - if errRead != nil { - log.Warnf("failed to read decompressed Claude response: %v", errRead) - } else { - resp = decompressed - } - } - } - - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -// handleStreamingResponse streams Claude-compatible responses backed by Gemini. -// It sets up SSE, selects a backend client with rotation/quota logic, -// forwards chunks, and translates them to Claude CLI format. -// -// Parameters: -// - c: The Gin context for the request. -// - rawJSON: The raw JSON request body. -func (h *ClaudeCodeAPIHandler) handleStreamingResponse(c *gin.Context, rawJSON []byte) { - // Get the http.Flusher interface to manually flush the response. - // This is crucial for streaming as it allows immediate sending of data chunks - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - modelName := gjson.GetBytes(rawJSON, "model").String() - - // Create a cancellable context for the backend client request - // This allows proper cleanup and cancellation of ongoing requests - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, "") - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Peek at the first chunk to determine success or failure before setting headers - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - // Err channel closed cleanly; wait for data channel. - errChan = nil - continue - } - // Upstream failed immediately. Return proper error status and JSON. - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - // Stream closed without data? Send DONE or just headers. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - flusher.Flush() - cliCancel(nil) - return - } - - // Success! Set headers now. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - - // Write the first chunk - if len(chunk) > 0 { - _, _ = c.Writer.Write(chunk) - flusher.Flush() - } - - // Continue streaming the rest - h.forwardClaudeStream(c, flusher, func(err error) { cliCancel(err) }, dataChan, errChan) - return - } - } -} - -func (h *ClaudeCodeAPIHandler) forwardClaudeStream(c *gin.Context, flusher http.Flusher, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage) { - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - WriteChunk: func(chunk []byte) { - if len(chunk) == 0 { - return - } - _, _ = c.Writer.Write(chunk) - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - c.Status(status) - - errorBytes, _ := json.Marshal(h.toClaudeError(errMsg)) - _, _ = fmt.Fprintf(c.Writer, "event: error\ndata: %s\n\n", errorBytes) - }, - }) -} - -type claudeErrorDetail struct { - Type string `json:"type"` - Message string `json:"message"` -} - -type claudeErrorResponse struct { - Type string `json:"type"` - Error claudeErrorDetail `json:"error"` -} - -func (h *ClaudeCodeAPIHandler) toClaudeError(msg *interfaces.ErrorMessage) claudeErrorResponse { - return claudeErrorResponse{ - Type: "error", - Error: claudeErrorDetail{ - Type: "api_error", - Message: msg.Error.Error(), - }, - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/request_sanitize.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/request_sanitize.go deleted file mode 100644 index 9a8729da70..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/request_sanitize.go +++ /dev/null @@ -1,137 +0,0 @@ -package claude - -import ( - "encoding/json" - "strconv" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const placeholderReasonDescription = "Brief explanation of why you are calling this tool" - -func sanitizeClaudeRequest(rawJSON []byte) []byte { - tools := gjson.GetBytes(rawJSON, "tools") - if !tools.Exists() || !tools.IsArray() { - return rawJSON - } - - updated := rawJSON - changed := false - for i, tool := range tools.Array() { - schemaPath := "tools." + strconv.Itoa(i) + ".input_schema" - inputSchema := tool.Get("input_schema") - if !inputSchema.Exists() { - inputSchema = tool.Get("custom.input_schema") - schemaPath = "tools." + strconv.Itoa(i) + ".custom.input_schema" - } - if !inputSchema.Exists() || !inputSchema.IsObject() { - continue - } - sanitizedSchema, schemaChanged := sanitizeToolInputSchema([]byte(inputSchema.Raw)) - if !schemaChanged { - continue - } - next, err := sjson.SetRawBytes(updated, schemaPath, sanitizedSchema) - if err != nil { - return rawJSON - } - updated = next - changed = true - } - if !changed { - return rawJSON - } - return updated -} - -func sanitizeToolInputSchema(rawSchema []byte) ([]byte, bool) { - var schema any - if err := json.Unmarshal(rawSchema, &schema); err != nil { - return rawSchema, false - } - changed := stripSchemaPlaceholders(schema) - if !changed { - return rawSchema, false - } - out, err := json.Marshal(schema) - if err != nil { - return rawSchema, false - } - return out, true -} - -func stripSchemaPlaceholders(node any) bool { - changed := false - - switch current := node.(type) { - case map[string]any: - for _, v := range current { - if stripSchemaPlaceholders(v) { - changed = true - } - } - - propsRaw, ok := current["properties"] - if !ok { - return changed - } - props, ok := propsRaw.(map[string]any) - if !ok { - return changed - } - - if _, ok := props["_"]; ok { - delete(props, "_") - filterRequired(current, "_") - changed = true - } - - reasonRaw, hasReason := props["reason"] - if hasReason && isPlaceholderReason(reasonRaw) { - delete(props, "reason") - filterRequired(current, "reason") - changed = true - } - case []any: - for _, v := range current { - if stripSchemaPlaceholders(v) { - changed = true - } - } - } - - return changed -} - -func filterRequired(schema map[string]any, key string) { - requiredRaw, ok := schema["required"] - if !ok { - return - } - requiredList, ok := requiredRaw.([]any) - if !ok { - return - } - filtered := make([]any, 0, len(requiredList)) - for _, v := range requiredList { - if str, ok := v.(string); ok && str == key { - continue - } - filtered = append(filtered, v) - } - if len(filtered) == 0 { - delete(schema, "required") - return - } - schema["required"] = filtered -} - -func isPlaceholderReason(reasonSchema any) bool { - reasonMap, ok := reasonSchema.(map[string]any) - if !ok { - return false - } - description, _ := reasonMap["description"].(string) - return description == placeholderReasonDescription -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/request_sanitize_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/request_sanitize_test.go deleted file mode 100644 index a04dd743e7..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/claude/request_sanitize_test.go +++ /dev/null @@ -1,150 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestSanitizeClaudeRequest_RemovesPlaceholderReasonOnlySchema(t *testing.T) { - raw := []byte(`{ - "model":"claude-test", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "name":"EnterPlanMode", - "description":"Switch to plan mode", - "input_schema":{ - "type":"object", - "properties":{ - "reason":{ - "type":"string", - "description":"Brief explanation of why you are calling this tool" - } - }, - "required":["reason"] - } - } - ] - }`) - - sanitized := sanitizeClaudeRequest(raw) - - if gjson.GetBytes(sanitized, "tools.0.input_schema.properties.reason").Exists() { - t.Fatalf("expected placeholder reason property to be removed, got: %s", string(sanitized)) - } - if gjson.GetBytes(sanitized, "tools.0.input_schema.required").Exists() { - t.Fatalf("expected required to be removed after stripping placeholder-only schema, got: %s", string(sanitized)) - } -} - -func TestSanitizeClaudeRequest_PreservesNonPlaceholderReasonSchema(t *testing.T) { - raw := []byte(`{ - "model":"claude-test", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "name":"RealReasonTool", - "input_schema":{ - "type":"object", - "properties":{ - "reason":{ - "type":"string", - "description":"Business reason" - } - }, - "required":["reason"] - } - } - ] - }`) - - sanitized := sanitizeClaudeRequest(raw) - - if !gjson.GetBytes(sanitized, "tools.0.input_schema.properties.reason").Exists() { - t.Fatalf("expected non-placeholder reason property to be preserved, got: %s", string(sanitized)) - } - if gjson.GetBytes(sanitized, "tools.0.input_schema.required.0").String() != "reason" { - t.Fatalf("expected required reason to be preserved, got: %s", string(sanitized)) - } -} - -func TestSanitizeClaudeRequest_RemovesPlaceholderReasonWithOtherProperties(t *testing.T) { - raw := []byte(`{ - "model":"claude-test", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "name":"EnterPlanMode", - "input_schema":{ - "type":"object", - "properties":{ - "reason":{ - "type":"string", - "description":"Brief explanation of why you are calling this tool" - }, - "_":{ - "type":"string" - }, - "mode":{ - "type":"string" - } - }, - "required":["reason","_","mode"] - } - } - ] - }`) - - sanitized := sanitizeClaudeRequest(raw) - - if gjson.GetBytes(sanitized, "tools.0.input_schema.properties.reason").Exists() { - t.Fatalf("expected placeholder reason property to be removed, got: %s", string(sanitized)) - } - if gjson.GetBytes(sanitized, "tools.0.input_schema.properties._").Exists() { - t.Fatalf("expected placeholder underscore property to be removed, got: %s", string(sanitized)) - } - if got := gjson.GetBytes(sanitized, "tools.0.input_schema.required.#").Int(); got != 1 { - t.Fatalf("expected only one required entry after stripping placeholders, got %d in %s", got, string(sanitized)) - } - if got := gjson.GetBytes(sanitized, "tools.0.input_schema.required.0").String(); got != "mode" { - t.Fatalf("expected remaining required field to be mode, got %q in %s", got, string(sanitized)) - } -} - -func TestSanitizeClaudeRequest_RemovesPlaceholderReasonFromCustomInputSchema(t *testing.T) { - raw := []byte(`{ - "model":"claude-test", - "messages":[{"role":"user","content":"hello"}], - "tools":[ - { - "name":"CustomSchemaTool", - "custom":{ - "input_schema":{ - "type":"object", - "properties":{ - "reason":{ - "type":"string", - "description":"Brief explanation of why you are calling this tool" - }, - "mode":{"type":"string"} - }, - "required":["reason","mode"] - } - } - } - ] - }`) - - sanitized := sanitizeClaudeRequest(raw) - - if gjson.GetBytes(sanitized, "tools.0.custom.input_schema.properties.reason").Exists() { - t.Fatalf("expected placeholder reason in custom.input_schema to be removed, got: %s", string(sanitized)) - } - if got := gjson.GetBytes(sanitized, "tools.0.custom.input_schema.required.#").Int(); got != 1 { - t.Fatalf("expected one required field to remain, got %d in %s", got, string(sanitized)) - } - if got := gjson.GetBytes(sanitized, "tools.0.custom.input_schema.required.0").String(); got != "mode" { - t.Fatalf("expected remaining required field to be mode, got %q in %s", got, string(sanitized)) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/gemini/gemini-cli_handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/gemini/gemini-cli_handlers.go deleted file mode 100644 index b5fd494375..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/gemini/gemini-cli_handlers.go +++ /dev/null @@ -1,231 +0,0 @@ -// Package gemini provides HTTP handlers for Gemini CLI API functionality. -// This package implements handlers that process CLI-specific requests for Gemini API operations, -// including content generation and streaming content generation endpoints. -// The handlers restrict access to localhost only and manage communication with the backend service. -package gemini - -import ( - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// GeminiCLIAPIHandler contains the handlers for Gemini CLI API endpoints. -// It holds a pool of clients to interact with the backend service. -type GeminiCLIAPIHandler struct { - *handlers.BaseAPIHandler -} - -// NewGeminiCLIAPIHandler creates a new Gemini CLI API handlers instance. -// It takes an BaseAPIHandler instance as input and returns a GeminiCLIAPIHandler. -func NewGeminiCLIAPIHandler(apiHandlers *handlers.BaseAPIHandler) *GeminiCLIAPIHandler { - return &GeminiCLIAPIHandler{ - BaseAPIHandler: apiHandlers, - } -} - -// HandlerType returns the type of this handler. -func (h *GeminiCLIAPIHandler) HandlerType() string { - return GeminiCLI -} - -// Models returns a list of models supported by this handler. -func (h *GeminiCLIAPIHandler) Models() []map[string]any { - return make([]map[string]any, 0) -} - -// CLIHandler handles CLI-specific requests for Gemini API operations. -// It restricts access to localhost only and routes requests to appropriate internal handlers. -func (h *GeminiCLIAPIHandler) CLIHandler(c *gin.Context) { - if !strings.HasPrefix(c.Request.RemoteAddr, "127.0.0.1:") { - c.JSON(http.StatusForbidden, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "CLI reply only allow local access", - Type: "forbidden", - }, - }) - return - } - - rawJSON, _ := c.GetRawData() - requestRawURI := c.Request.URL.Path - - if requestRawURI == "/v1internal:generateContent" { - h.handleInternalGenerateContent(c, rawJSON) - } else if requestRawURI == "/v1internal:streamGenerateContent" { - h.handleInternalStreamGenerateContent(c, rawJSON) - } else { - reqBody := bytes.NewBuffer(rawJSON) - req, err := http.NewRequest("POST", fmt.Sprintf("https://cloudcode-pa.googleapis.com%s", c.Request.URL.RequestURI()), reqBody) - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - for key, value := range c.Request.Header { - req.Header[key] = value - } - - httpClient := util.SetProxy(h.Cfg, &http.Client{}) - - resp, err := httpClient.Do(req) - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - defer func() { - if err = resp.Body.Close(); err != nil { - log.Printf("warn: failed to close response body: %v", err) - } - }() - bodyBytes, _ := io.ReadAll(resp.Body) - - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: string(bodyBytes), - Type: "invalid_request_error", - }, - }) - return - } - - defer func() { - _ = resp.Body.Close() - }() - - for key, value := range resp.Header { - c.Header(key, value[0]) - } - output, err := io.ReadAll(resp.Body) - if err != nil { - log.Errorf("Failed to read response body: %v", err) - return - } - c.Set("API_RESPONSE_TIMESTAMP", time.Now()) - _, _ = c.Writer.Write(output) - c.Set("API_RESPONSE", output) - } -} - -// handleInternalStreamGenerateContent handles streaming content generation requests. -// It sets up a server-sent event stream and forwards the request to the backend client. -// The function continuously proxies response chunks from the backend to the client. -func (h *GeminiCLIAPIHandler) handleInternalStreamGenerateContent(c *gin.Context, rawJSON []byte) { - alt := h.GetAlt(c) - - if alt == "" { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Get the http.Flusher interface to manually flush the response. - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - modelResult := gjson.GetBytes(rawJSON, "model") - modelName := modelResult.String() - - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, "") - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - h.forwardCLIStream(c, flusher, "", func(err error) { cliCancel(err) }, dataChan, errChan) - return -} - -// handleInternalGenerateContent handles non-streaming content generation requests. -// It sends a request to the backend client and proxies the entire response back to the client at once. -func (h *GeminiCLIAPIHandler) handleInternalGenerateContent(c *gin.Context, rawJSON []byte) { - c.Header("Content-Type", "application/json") - modelResult := gjson.GetBytes(rawJSON, "model") - modelName := modelResult.String() - - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, "") - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -func (h *GeminiCLIAPIHandler) forwardCLIStream(c *gin.Context, flusher http.Flusher, alt string, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage) { - var keepAliveInterval *time.Duration - if alt != "" { - keepAliveInterval = new(time.Duration(0)) - } - - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - KeepAliveInterval: keepAliveInterval, - WriteChunk: func(chunk []byte) { - if alt == "" { - if bytes.Equal(chunk, []byte("data: [DONE]")) || bytes.Equal(chunk, []byte("[DONE]")) { - return - } - - if !bytes.HasPrefix(chunk, []byte("data:")) { - _, _ = c.Writer.Write([]byte("data: ")) - } - - _, _ = c.Writer.Write(chunk) - _, _ = c.Writer.Write([]byte("\n\n")) - } else { - _, _ = c.Writer.Write(chunk) - } - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - errText := http.StatusText(status) - if errMsg.Error != nil && errMsg.Error.Error() != "" { - errText = errMsg.Error.Error() - } - body := handlers.BuildErrorResponseBody(status, errText) - if alt == "" { - _, _ = fmt.Fprintf(c.Writer, "event: error\ndata: %s\n\n", string(body)) - } else { - _, _ = c.Writer.Write(body) - } - }, - }) -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/gemini/gemini_handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/gemini/gemini_handlers.go deleted file mode 100644 index e51ad19bc5..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/gemini/gemini_handlers.go +++ /dev/null @@ -1,341 +0,0 @@ -// Package gemini provides HTTP handlers for Gemini API endpoints. -// This package implements handlers for managing Gemini model operations including -// model listing, content generation, streaming content generation, and token counting. -// It serves as a proxy layer between clients and the Gemini backend service, -// handling request translation, client management, and response processing. -package gemini - -import ( - "context" - "fmt" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" -) - -// GeminiAPIHandler contains the handlers for Gemini API endpoints. -// It holds a pool of clients to interact with the backend service. -type GeminiAPIHandler struct { - *handlers.BaseAPIHandler -} - -// NewGeminiAPIHandler creates a new Gemini API handlers instance. -// It takes an BaseAPIHandler instance as input and returns a GeminiAPIHandler. -func NewGeminiAPIHandler(apiHandlers *handlers.BaseAPIHandler) *GeminiAPIHandler { - return &GeminiAPIHandler{ - BaseAPIHandler: apiHandlers, - } -} - -// HandlerType returns the identifier for this handler implementation. -func (h *GeminiAPIHandler) HandlerType() string { - return Gemini -} - -// Models returns the Gemini-compatible model metadata supported by this handler. -func (h *GeminiAPIHandler) Models() []map[string]any { - // Get dynamic models from the global registry - modelRegistry := registry.GetGlobalRegistry() - return modelRegistry.GetAvailableModels("gemini") -} - -// GeminiModels handles the Gemini models listing endpoint. -// It returns a JSON response containing available Gemini models and their specifications. -func (h *GeminiAPIHandler) GeminiModels(c *gin.Context) { - rawModels := h.Models() - normalizedModels := make([]map[string]any, 0, len(rawModels)) - defaultMethods := []string{"generateContent"} - for _, model := range rawModels { - normalizedModel := make(map[string]any, len(model)) - for k, v := range model { - normalizedModel[k] = v - } - if name, ok := normalizedModel["name"].(string); ok && name != "" { - if !strings.HasPrefix(name, "models/") { - normalizedModel["name"] = "models/" + name - } - if displayName, _ := normalizedModel["displayName"].(string); displayName == "" { - normalizedModel["displayName"] = name - } - if description, _ := normalizedModel["description"].(string); description == "" { - normalizedModel["description"] = name - } - } - if _, ok := normalizedModel["supportedGenerationMethods"]; !ok { - normalizedModel["supportedGenerationMethods"] = defaultMethods - } - normalizedModels = append(normalizedModels, normalizedModel) - } - c.JSON(http.StatusOK, gin.H{ - "models": normalizedModels, - }) -} - -// GeminiGetHandler handles GET requests for specific Gemini model information. -// It returns detailed information about a specific Gemini model based on the action parameter. -func (h *GeminiAPIHandler) GeminiGetHandler(c *gin.Context) { - var request struct { - Action string `uri:"action" binding:"required"` - } - if err := c.ShouldBindUri(&request); err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - action := strings.TrimPrefix(request.Action, "/") - - // Get dynamic models from the global registry and find the matching one - availableModels := h.Models() - var targetModel map[string]any - - for _, model := range availableModels { - name, _ := model["name"].(string) - // Match name with or without 'models/' prefix - if name == action || name == "models/"+action { - targetModel = model - break - } - } - - if targetModel != nil { - // Ensure the name has 'models/' prefix in the output if it's a Gemini model - if name, ok := targetModel["name"].(string); ok && name != "" && !strings.HasPrefix(name, "models/") { - targetModel["name"] = "models/" + name - } - c.JSON(http.StatusOK, targetModel) - return - } - - c.JSON(http.StatusNotFound, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Not Found", - Type: "not_found", - }, - }) -} - -// GeminiHandler handles POST requests for Gemini API operations. -// It routes requests to appropriate handlers based on the action parameter (model:method format). -func (h *GeminiAPIHandler) GeminiHandler(c *gin.Context) { - var request struct { - Action string `uri:"action" binding:"required"` - } - if err := c.ShouldBindUri(&request); err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - action := strings.Split(strings.TrimPrefix(request.Action, "/"), ":") - if len(action) != 2 { - c.JSON(http.StatusNotFound, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("%s not found.", c.Request.URL.Path), - Type: "invalid_request_error", - }, - }) - return - } - - method := action[1] - rawJSON, _ := c.GetRawData() - - switch method { - case "generateContent": - h.handleGenerateContent(c, action[0], rawJSON) - case "streamGenerateContent": - h.handleStreamGenerateContent(c, action[0], rawJSON) - case "countTokens": - h.handleCountTokens(c, action[0], rawJSON) - } -} - -// handleStreamGenerateContent handles streaming content generation requests for Gemini models. -// This function establishes a Server-Sent Events connection and streams the generated content -// back to the client in real-time. It supports both SSE format and direct streaming based -// on the 'alt' query parameter. -// -// Parameters: -// - c: The Gin context for the request -// - modelName: The name of the Gemini model to use for content generation -// - rawJSON: The raw JSON request body containing generation parameters -func (h *GeminiAPIHandler) handleStreamGenerateContent(c *gin.Context, modelName string, rawJSON []byte) { - alt := h.GetAlt(c) - - // Get the http.Flusher interface to manually flush the response. - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, alt) - - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Peek at the first chunk - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - // Err channel closed cleanly; wait for data channel. - errChan = nil - continue - } - // Upstream failed immediately. Return proper error status and JSON. - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - // Closed without data - if alt == "" { - setSSEHeaders() - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - flusher.Flush() - cliCancel(nil) - return - } - - // Success! Set headers. - if alt == "" { - setSSEHeaders() - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - - // Write first chunk - if alt == "" { - _, _ = c.Writer.Write([]byte("data: ")) - _, _ = c.Writer.Write(chunk) - _, _ = c.Writer.Write([]byte("\n\n")) - } else { - _, _ = c.Writer.Write(chunk) - } - flusher.Flush() - - // Continue - h.forwardGeminiStream(c, flusher, alt, func(err error) { cliCancel(err) }, dataChan, errChan) - return - } - } -} - -// handleCountTokens handles token counting requests for Gemini models. -// This function counts the number of tokens in the provided content without -// generating a response. It's useful for quota management and content validation. -// -// Parameters: -// - c: The Gin context for the request -// - modelName: The name of the Gemini model to use for token counting -// - rawJSON: The raw JSON request body containing the content to count -func (h *GeminiAPIHandler) handleCountTokens(c *gin.Context, modelName string, rawJSON []byte) { - c.Header("Content-Type", "application/json") - alt := h.GetAlt(c) - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - resp, upstreamHeaders, errMsg := h.ExecuteCountWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, alt) - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -// handleGenerateContent handles non-streaming content generation requests for Gemini models. -// This function processes the request synchronously and returns the complete generated -// response in a single API call. It supports various generation parameters and -// response formats. -// -// Parameters: -// - c: The Gin context for the request -// - modelName: The name of the Gemini model to use for content generation -// - rawJSON: The raw JSON request body containing generation parameters and content -func (h *GeminiAPIHandler) handleGenerateContent(c *gin.Context, modelName string, rawJSON []byte) { - c.Header("Content-Type", "application/json") - alt := h.GetAlt(c) - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - stopKeepAlive := h.StartNonStreamingKeepAlive(c, cliCtx) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, alt) - stopKeepAlive() - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -func (h *GeminiAPIHandler) forwardGeminiStream(c *gin.Context, flusher http.Flusher, alt string, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage) { - var keepAliveInterval *time.Duration - if alt != "" { - keepAliveInterval = new(time.Duration(0)) - } - - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - KeepAliveInterval: keepAliveInterval, - WriteChunk: func(chunk []byte) { - if alt == "" { - _, _ = c.Writer.Write([]byte("data: ")) - _, _ = c.Writer.Write(chunk) - _, _ = c.Writer.Write([]byte("\n\n")) - } else { - _, _ = c.Writer.Write(chunk) - } - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - errText := http.StatusText(status) - if errMsg.Error != nil && errMsg.Error.Error() != "" { - errText = errMsg.Error.Error() - } - body := handlers.BuildErrorResponseBody(status, errText) - if alt == "" { - _, _ = fmt.Fprintf(c.Writer, "event: error\ndata: %s\n\n", string(body)) - } else { - _, _ = c.Writer.Write(body) - } - }, - }) -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers.go deleted file mode 100644 index 5d43fc58fa..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers.go +++ /dev/null @@ -1,876 +0,0 @@ -// Package handlers provides core API handler functionality for the CLI Proxy API server. -// It includes common types, client management, load balancing, and error handling -// shared across all API endpoint handlers (OpenAI, Claude, Gemini). -package handlers - -import ( - "bytes" - "encoding/json" - "fmt" - "net/http" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/google/uuid" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - coreexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "golang.org/x/net/context" -) - -// ErrorResponse represents a standard error response format for the API. -// It contains a single ErrorDetail field. -type ErrorResponse struct { - // Error contains detailed information about the error that occurred. - Error ErrorDetail `json:"error"` -} - -// ErrorDetail provides specific information about an error that occurred. -// It includes a human-readable message, an error type, and an optional error code. -type ErrorDetail struct { - // Message is a human-readable message providing more details about the error. - Message string `json:"message"` - - // Type is the category of error that occurred (e.g., "invalid_request_error"). - Type string `json:"type"` - - // Code is a short code identifying the error, if applicable. - Code string `json:"code,omitempty"` -} - -const idempotencyKeyMetadataKey = "idempotency_key" - -const ( - defaultStreamingKeepAliveSeconds = 0 - defaultStreamingBootstrapRetries = 0 -) - -type pinnedAuthContextKey struct{} -type selectedAuthCallbackContextKey struct{} -type executionSessionContextKey struct{} - -// WithPinnedAuthID returns a child context that requests execution on a specific auth ID. -func WithPinnedAuthID(ctx context.Context, authID string) context.Context { - authID = strings.TrimSpace(authID) - if authID == "" { - return ctx - } - if ctx == nil { - ctx = context.Background() - } - return context.WithValue(ctx, pinnedAuthContextKey{}, authID) -} - -// WithSelectedAuthIDCallback returns a child context that receives the selected auth ID. -func WithSelectedAuthIDCallback(ctx context.Context, callback func(string)) context.Context { - if callback == nil { - return ctx - } - if ctx == nil { - ctx = context.Background() - } - return context.WithValue(ctx, selectedAuthCallbackContextKey{}, callback) -} - -// WithExecutionSessionID returns a child context tagged with a long-lived execution session ID. -func WithExecutionSessionID(ctx context.Context, sessionID string) context.Context { - sessionID = strings.TrimSpace(sessionID) - if sessionID == "" { - return ctx - } - if ctx == nil { - ctx = context.Background() - } - return context.WithValue(ctx, executionSessionContextKey{}, sessionID) -} - -// BuildErrorResponseBody builds an OpenAI-compatible JSON error response body. -// If errText is already valid JSON, it is returned as-is to preserve upstream error payloads. -func BuildErrorResponseBody(status int, errText string) []byte { - if status <= 0 { - status = http.StatusInternalServerError - } - if strings.TrimSpace(errText) == "" { - errText = http.StatusText(status) - } - - trimmed := strings.TrimSpace(errText) - if trimmed != "" && json.Valid([]byte(trimmed)) { - return []byte(trimmed) - } - - errType := "invalid_request_error" - var code string - switch status { - case http.StatusUnauthorized: - errType = "authentication_error" - code = "invalid_api_key" - case http.StatusForbidden: - errType = "permission_error" - code = "insufficient_quota" - case http.StatusTooManyRequests: - errType = "rate_limit_error" - code = "rate_limit_exceeded" - case http.StatusNotFound: - errType = "invalid_request_error" - code = "model_not_found" - default: - if status >= http.StatusInternalServerError { - errType = "server_error" - code = "internal_server_error" - } - } - - payload, err := json.Marshal(ErrorResponse{ - Error: ErrorDetail{ - Message: errText, - Type: errType, - Code: code, - }, - }) - if err != nil { - return []byte(fmt.Sprintf(`{"error":{"message":%q,"type":"server_error","code":"internal_server_error"}}`, errText)) - } - return payload -} - -// StreamingKeepAliveInterval returns the SSE keep-alive interval for this server. -// Returning 0 disables keep-alives (default when unset). -func StreamingKeepAliveInterval(cfg *config.SDKConfig) time.Duration { - seconds := defaultStreamingKeepAliveSeconds - if cfg != nil { - seconds = cfg.Streaming.KeepAliveSeconds - } - if seconds <= 0 { - return 0 - } - return time.Duration(seconds) * time.Second -} - -// NonStreamingKeepAliveInterval returns the keep-alive interval for non-streaming responses. -// Returning 0 disables keep-alives (default when unset). -func NonStreamingKeepAliveInterval(cfg *config.SDKConfig) time.Duration { - seconds := 0 - if cfg != nil { - seconds = cfg.NonStreamKeepAliveInterval - } - if seconds <= 0 { - return 0 - } - return time.Duration(seconds) * time.Second -} - -// StreamingBootstrapRetries returns how many times a streaming request may be retried before any bytes are sent. -func StreamingBootstrapRetries(cfg *config.SDKConfig) int { - retries := defaultStreamingBootstrapRetries - if cfg != nil { - retries = cfg.Streaming.BootstrapRetries - } - if retries < 0 { - retries = 0 - } - return retries -} - -// PassthroughHeadersEnabled returns whether upstream response headers should be forwarded to clients. -// Default is false. -func PassthroughHeadersEnabled(cfg *config.SDKConfig) bool { - return cfg != nil && cfg.PassthroughHeaders -} - -func requestExecutionMetadata(ctx context.Context) map[string]any { - // Idempotency-Key is an optional client-supplied header used to correlate retries. - // It is forwarded as execution metadata; when absent we generate a UUID. - key := "" - if ctx != nil { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - key = strings.TrimSpace(ginCtx.GetHeader("Idempotency-Key")) - } - } - if key == "" { - key = uuid.NewString() - } - - meta := map[string]any{idempotencyKeyMetadataKey: key} - if pinnedAuthID := pinnedAuthIDFromContext(ctx); pinnedAuthID != "" { - meta[coreexecutor.PinnedAuthMetadataKey] = pinnedAuthID - } - if selectedCallback := selectedAuthIDCallbackFromContext(ctx); selectedCallback != nil { - meta[coreexecutor.SelectedAuthCallbackMetadataKey] = selectedCallback - } - if executionSessionID := executionSessionIDFromContext(ctx); executionSessionID != "" { - meta[coreexecutor.ExecutionSessionMetadataKey] = executionSessionID - } - return meta -} - -func pinnedAuthIDFromContext(ctx context.Context) string { - if ctx == nil { - return "" - } - raw := ctx.Value(pinnedAuthContextKey{}) - switch v := raw.(type) { - case string: - return strings.TrimSpace(v) - case []byte: - return strings.TrimSpace(string(v)) - default: - return "" - } -} - -func selectedAuthIDCallbackFromContext(ctx context.Context) func(string) { - if ctx == nil { - return nil - } - raw := ctx.Value(selectedAuthCallbackContextKey{}) - if callback, ok := raw.(func(string)); ok && callback != nil { - return callback - } - return nil -} - -func executionSessionIDFromContext(ctx context.Context) string { - if ctx == nil { - return "" - } - raw := ctx.Value(executionSessionContextKey{}) - switch v := raw.(type) { - case string: - return strings.TrimSpace(v) - case []byte: - return strings.TrimSpace(string(v)) - default: - return "" - } -} - -// BaseAPIHandler contains the handlers for API endpoints. -// It holds a pool of clients to interact with the backend service and manages -// load balancing, client selection, and configuration. -type BaseAPIHandler struct { - // AuthManager manages auth lifecycle and execution in the new architecture. - AuthManager *coreauth.Manager - - // Cfg holds the current application configuration. - Cfg *config.SDKConfig -} - -// NewBaseAPIHandlers creates a new API handlers instance. -// It takes a slice of clients and configuration as input. -// -// Parameters: -// - cliClients: A slice of AI service clients -// - cfg: The application configuration -// -// Returns: -// - *BaseAPIHandler: A new API handlers instance -func NewBaseAPIHandlers(cfg *config.SDKConfig, authManager *coreauth.Manager) *BaseAPIHandler { - h := &BaseAPIHandler{ - Cfg: cfg, - AuthManager: authManager, - } - return h -} - -// UpdateClients updates the handlers' client list and configuration. -// This method is called when the configuration or authentication tokens change. -// -// Parameters: -// - clients: The new slice of AI service clients -// - cfg: The new application configuration -func (h *BaseAPIHandler) UpdateClients(cfg *config.SDKConfig) { h.Cfg = cfg } - -// GetAlt extracts the 'alt' parameter from the request query string. -// It checks both 'alt' and '$alt' parameters and returns the appropriate value. -// -// Parameters: -// - c: The Gin context containing the HTTP request -// -// Returns: -// - string: The alt parameter value, or empty string if it's "sse" -func (h *BaseAPIHandler) GetAlt(c *gin.Context) string { - var alt string - var hasAlt bool - alt, hasAlt = c.GetQuery("alt") - if !hasAlt { - alt, _ = c.GetQuery("$alt") - } - if alt == "sse" { - return "" - } - return alt -} - -// GetContextWithCancel creates a new context with cancellation capabilities. -// It embeds the Gin context and the API handler into the new context for later use. -// The returned cancel function also handles logging the API response if request logging is enabled. -// -// Parameters: -// - handler: The API handler associated with the request. -// - c: The Gin context of the current request. -// - ctx: The parent context (caller values/deadlines are preserved; request context adds cancellation and request ID). -// -// Returns: -// - context.Context: The new context with cancellation and embedded values. -// - APIHandlerCancelFunc: A function to cancel the context and log the response. -func (h *BaseAPIHandler) GetContextWithCancel(handler interfaces.APIHandler, c *gin.Context, ctx context.Context) (context.Context, APIHandlerCancelFunc) { - parentCtx := ctx - if parentCtx == nil { - parentCtx = context.Background() - } - - var requestCtx context.Context - if c != nil && c.Request != nil { - requestCtx = c.Request.Context() - } - - if requestCtx != nil && logging.GetRequestID(parentCtx) == "" { - if requestID := logging.GetRequestID(requestCtx); requestID != "" { - parentCtx = logging.WithRequestID(parentCtx, requestID) - } else if requestID := logging.GetGinRequestID(c); requestID != "" { - parentCtx = logging.WithRequestID(parentCtx, requestID) - } - } - newCtx, cancel := context.WithCancel(parentCtx) - if requestCtx != nil && requestCtx != parentCtx { - go func() { - select { - case <-requestCtx.Done(): - cancel() - case <-newCtx.Done(): - } - }() - } - newCtx = context.WithValue(newCtx, "gin", c) - newCtx = context.WithValue(newCtx, "handler", handler) - return newCtx, func(params ...interface{}) { - if h.Cfg.RequestLog && len(params) == 1 { - if existing, exists := c.Get("API_RESPONSE"); exists { - if existingBytes, ok := existing.([]byte); ok && len(bytes.TrimSpace(existingBytes)) > 0 { - switch params[0].(type) { - case error, string: - cancel() - return - } - } - } - - var payload []byte - switch data := params[0].(type) { - case []byte: - payload = data - case error: - if data != nil { - payload = []byte(data.Error()) - } - case string: - payload = []byte(data) - } - if len(payload) > 0 { - if existing, exists := c.Get("API_RESPONSE"); exists { - if existingBytes, ok := existing.([]byte); ok && len(existingBytes) > 0 { - trimmedPayload := bytes.TrimSpace(payload) - if len(trimmedPayload) > 0 && bytes.Contains(existingBytes, trimmedPayload) { - cancel() - return - } - } - } - appendAPIResponse(c, payload) - } - } - - cancel() - } -} - -// StartNonStreamingKeepAlive emits blank lines every 5 seconds while waiting for a non-streaming response. -// It returns a stop function that must be called before writing the final response. -func (h *BaseAPIHandler) StartNonStreamingKeepAlive(c *gin.Context, ctx context.Context) func() { - if h == nil || c == nil { - return func() {} - } - interval := NonStreamingKeepAliveInterval(h.Cfg) - if interval <= 0 { - return func() {} - } - flusher, ok := c.Writer.(http.Flusher) - if !ok { - return func() {} - } - if ctx == nil { - ctx = context.Background() - } - - stopChan := make(chan struct{}) - var stopOnce sync.Once - var wg sync.WaitGroup - wg.Add(1) - go func() { - defer wg.Done() - ticker := time.NewTicker(interval) - defer ticker.Stop() - for { - select { - case <-stopChan: - return - case <-ctx.Done(): - return - case <-ticker.C: - _, _ = c.Writer.Write([]byte("\n")) - flusher.Flush() - } - } - }() - - return func() { - stopOnce.Do(func() { - close(stopChan) - }) - wg.Wait() - } -} - -// appendAPIResponse preserves any previously captured API response and appends new data. -func appendAPIResponse(c *gin.Context, data []byte) { - if c == nil || len(data) == 0 { - return - } - - // Capture timestamp on first API response - if _, exists := c.Get("API_RESPONSE_TIMESTAMP"); !exists { - c.Set("API_RESPONSE_TIMESTAMP", time.Now()) - } - - if existing, exists := c.Get("API_RESPONSE"); exists { - if existingBytes, ok := existing.([]byte); ok && len(existingBytes) > 0 { - combined := make([]byte, 0, len(existingBytes)+len(data)+1) - combined = append(combined, existingBytes...) - if existingBytes[len(existingBytes)-1] != '\n' { - combined = append(combined, '\n') - } - combined = append(combined, data...) - c.Set("API_RESPONSE", combined) - return - } - } - - c.Set("API_RESPONSE", bytes.Clone(data)) -} - -// ExecuteWithAuthManager executes a non-streaming request via the core auth manager. -// This path is the only supported execution route. -func (h *BaseAPIHandler) ExecuteWithAuthManager(ctx context.Context, handlerType, modelName string, rawJSON []byte, alt string) ([]byte, http.Header, *interfaces.ErrorMessage) { - providers, normalizedModel, errMsg := h.getRequestDetails(modelName) - if errMsg != nil { - return nil, nil, errMsg - } - reqMeta := requestExecutionMetadata(ctx) - reqMeta[coreexecutor.RequestedModelMetadataKey] = normalizedModel - payload := rawJSON - if len(payload) == 0 { - payload = nil - } - req := coreexecutor.Request{ - Model: normalizedModel, - Payload: payload, - } - opts := coreexecutor.Options{ - Stream: false, - Alt: alt, - OriginalRequest: rawJSON, - SourceFormat: sdktranslator.FromString(handlerType), - } - opts.Metadata = reqMeta - resp, err := h.AuthManager.Execute(ctx, providers, req, opts) - if err != nil { - status := http.StatusInternalServerError - if se, ok := err.(interface{ StatusCode() int }); ok && se != nil { - if code := se.StatusCode(); code > 0 { - status = code - } - } - var addon http.Header - if he, ok := err.(interface{ Headers() http.Header }); ok && he != nil { - if hdr := he.Headers(); hdr != nil { - addon = hdr.Clone() - } - } - return nil, nil, &interfaces.ErrorMessage{StatusCode: status, Error: err, Addon: addon} - } - if !PassthroughHeadersEnabled(h.Cfg) { - return resp.Payload, nil, nil - } - return resp.Payload, FilterUpstreamHeaders(resp.Headers), nil -} - -// ExecuteCountWithAuthManager executes a non-streaming request via the core auth manager. -// This path is the only supported execution route. -func (h *BaseAPIHandler) ExecuteCountWithAuthManager(ctx context.Context, handlerType, modelName string, rawJSON []byte, alt string) ([]byte, http.Header, *interfaces.ErrorMessage) { - providers, normalizedModel, errMsg := h.getRequestDetails(modelName) - if errMsg != nil { - return nil, nil, errMsg - } - reqMeta := requestExecutionMetadata(ctx) - reqMeta[coreexecutor.RequestedModelMetadataKey] = normalizedModel - payload := rawJSON - if len(payload) == 0 { - payload = nil - } - req := coreexecutor.Request{ - Model: normalizedModel, - Payload: payload, - } - opts := coreexecutor.Options{ - Stream: false, - Alt: alt, - OriginalRequest: rawJSON, - SourceFormat: sdktranslator.FromString(handlerType), - } - opts.Metadata = reqMeta - resp, err := h.AuthManager.ExecuteCount(ctx, providers, req, opts) - if err != nil { - status := http.StatusInternalServerError - if se, ok := err.(interface{ StatusCode() int }); ok && se != nil { - if code := se.StatusCode(); code > 0 { - status = code - } - } - var addon http.Header - if he, ok := err.(interface{ Headers() http.Header }); ok && he != nil { - if hdr := he.Headers(); hdr != nil { - addon = hdr.Clone() - } - } - return nil, nil, &interfaces.ErrorMessage{StatusCode: status, Error: err, Addon: addon} - } - if !PassthroughHeadersEnabled(h.Cfg) { - return resp.Payload, nil, nil - } - return resp.Payload, FilterUpstreamHeaders(resp.Headers), nil -} - -// ExecuteStreamWithAuthManager executes a streaming request via the core auth manager. -// This path is the only supported execution route. -// The returned http.Header carries upstream response headers captured before streaming begins. -func (h *BaseAPIHandler) ExecuteStreamWithAuthManager(ctx context.Context, handlerType, modelName string, rawJSON []byte, alt string) (<-chan []byte, http.Header, <-chan *interfaces.ErrorMessage) { - providers, normalizedModel, errMsg := h.getRequestDetails(modelName) - if errMsg != nil { - errChan := make(chan *interfaces.ErrorMessage, 1) - errChan <- errMsg - close(errChan) - return nil, nil, errChan - } - reqMeta := requestExecutionMetadata(ctx) - reqMeta[coreexecutor.RequestedModelMetadataKey] = normalizedModel - payload := rawJSON - if len(payload) == 0 { - payload = nil - } - req := coreexecutor.Request{ - Model: normalizedModel, - Payload: payload, - } - opts := coreexecutor.Options{ - Stream: true, - Alt: alt, - OriginalRequest: rawJSON, - SourceFormat: sdktranslator.FromString(handlerType), - } - opts.Metadata = reqMeta - streamResult, err := h.AuthManager.ExecuteStream(ctx, providers, req, opts) - if err != nil { - errChan := make(chan *interfaces.ErrorMessage, 1) - status := http.StatusInternalServerError - if se, ok := err.(interface{ StatusCode() int }); ok && se != nil { - if code := se.StatusCode(); code > 0 { - status = code - } - } - var addon http.Header - if he, ok := err.(interface{ Headers() http.Header }); ok && he != nil { - if hdr := he.Headers(); hdr != nil { - addon = hdr.Clone() - } - } - errChan <- &interfaces.ErrorMessage{StatusCode: status, Error: err, Addon: addon} - close(errChan) - return nil, nil, errChan - } - passthroughHeadersEnabled := PassthroughHeadersEnabled(h.Cfg) - // Capture upstream headers from the initial connection synchronously before the goroutine starts. - // Keep a mutable map so bootstrap retries can replace it before first payload is sent. - var upstreamHeaders http.Header - if passthroughHeadersEnabled { - upstreamHeaders = cloneHeader(FilterUpstreamHeaders(streamResult.Headers)) - if upstreamHeaders == nil { - upstreamHeaders = make(http.Header) - } - } - chunks := streamResult.Chunks - dataChan := make(chan []byte) - errChan := make(chan *interfaces.ErrorMessage, 1) - go func() { - defer close(dataChan) - defer close(errChan) - sentPayload := false - bootstrapRetries := 0 - maxBootstrapRetries := StreamingBootstrapRetries(h.Cfg) - - sendErr := func(msg *interfaces.ErrorMessage) bool { - if ctx == nil { - errChan <- msg - return true - } - select { - case <-ctx.Done(): - return false - case errChan <- msg: - return true - } - } - - sendData := func(chunk []byte) bool { - if ctx == nil { - dataChan <- chunk - return true - } - select { - case <-ctx.Done(): - return false - case dataChan <- chunk: - return true - } - } - - bootstrapEligible := func(err error) bool { - status := statusFromError(err) - if status == 0 { - return true - } - switch status { - case http.StatusUnauthorized, http.StatusForbidden, http.StatusPaymentRequired, - http.StatusRequestTimeout, http.StatusTooManyRequests: - return true - default: - return status >= http.StatusInternalServerError - } - } - - outer: - for { - for { - var chunk coreexecutor.StreamChunk - var ok bool - if ctx != nil { - select { - case <-ctx.Done(): - return - case chunk, ok = <-chunks: - } - } else { - chunk, ok = <-chunks - } - if !ok { - return - } - if chunk.Err != nil { - streamErr := chunk.Err - // Safe bootstrap recovery: if the upstream fails before any payload bytes are sent, - // retry a few times (to allow auth rotation / transient recovery) and then attempt model fallback. - if !sentPayload { - if bootstrapRetries < maxBootstrapRetries && bootstrapEligible(streamErr) { - bootstrapRetries++ - retryResult, retryErr := h.AuthManager.ExecuteStream(ctx, providers, req, opts) - if retryErr == nil { - if passthroughHeadersEnabled { - replaceHeader(upstreamHeaders, FilterUpstreamHeaders(retryResult.Headers)) - } - chunks = retryResult.Chunks - continue outer - } - streamErr = retryErr - } - } - - status := http.StatusInternalServerError - if se, ok := streamErr.(interface{ StatusCode() int }); ok && se != nil { - if code := se.StatusCode(); code > 0 { - status = code - } - } - var addon http.Header - if he, ok := streamErr.(interface{ Headers() http.Header }); ok && he != nil { - if hdr := he.Headers(); hdr != nil { - addon = hdr.Clone() - } - } - _ = sendErr(&interfaces.ErrorMessage{StatusCode: status, Error: streamErr, Addon: addon}) - return - } - if len(chunk.Payload) > 0 { - sentPayload = true - if okSendData := sendData(cloneBytes(chunk.Payload)); !okSendData { - return - } - } - } - } - }() - return dataChan, upstreamHeaders, errChan -} - -func statusFromError(err error) int { - if err == nil { - return 0 - } - if se, ok := err.(interface{ StatusCode() int }); ok && se != nil { - if code := se.StatusCode(); code > 0 { - return code - } - } - return 0 -} - -func (h *BaseAPIHandler) getRequestDetails(modelName string) (providers []string, normalizedModel string, err *interfaces.ErrorMessage) { - resolvedModelName := modelName - initialSuffix := thinking.ParseSuffix(modelName) - if initialSuffix.ModelName == "auto" { - resolvedBase := util.ResolveAutoModel(initialSuffix.ModelName) - if initialSuffix.HasSuffix { - resolvedModelName = fmt.Sprintf("%s(%s)", resolvedBase, initialSuffix.RawSuffix) - } else { - resolvedModelName = resolvedBase - } - } else { - resolvedModelName = util.ResolveAutoModel(modelName) - } - - parsed := thinking.ParseSuffix(resolvedModelName) - baseModel := strings.TrimSpace(parsed.ModelName) - - providers = util.GetProviderName(baseModel) - // Fallback: if baseModel has no provider but differs from resolvedModelName, - // try using the full model name. This handles edge cases where custom models - // may be registered with their full suffixed name (e.g., "my-model(8192)"). - // Evaluated in Story 11.8: This fallback is intentionally preserved to support - // custom model registrations that include thinking suffixes. - if len(providers) == 0 && baseModel != resolvedModelName { - providers = util.GetProviderName(resolvedModelName) - } - - if len(providers) == 0 { - return nil, "", &interfaces.ErrorMessage{StatusCode: http.StatusBadGateway, Error: fmt.Errorf("unknown provider for model %s", modelName)} - } - - // The thinking suffix is preserved in the model name itself, so no - // metadata-based configuration passing is needed. - return providers, resolvedModelName, nil -} - -func cloneBytes(src []byte) []byte { - if len(src) == 0 { - return nil - } - dst := make([]byte, len(src)) - copy(dst, src) - return dst -} - -func cloneHeader(src http.Header) http.Header { - if src == nil { - return nil - } - dst := make(http.Header, len(src)) - for key, values := range src { - dst[key] = append([]string(nil), values...) - } - return dst -} - -func replaceHeader(dst http.Header, src http.Header) { - for key := range dst { - delete(dst, key) - } - for key, values := range src { - dst[key] = append([]string(nil), values...) - } -} - -// WriteErrorResponse writes an error message to the response writer using the HTTP status embedded in the message. -func (h *BaseAPIHandler) WriteErrorResponse(c *gin.Context, msg *interfaces.ErrorMessage) { - status := http.StatusInternalServerError - if msg != nil && msg.StatusCode > 0 { - status = msg.StatusCode - } - if msg != nil && msg.Addon != nil && PassthroughHeadersEnabled(h.Cfg) { - for key, values := range msg.Addon { - if len(values) == 0 { - continue - } - c.Writer.Header().Del(key) - for _, value := range values { - c.Writer.Header().Add(key, value) - } - } - } - - errText := http.StatusText(status) - if msg != nil && msg.Error != nil { - if v := strings.TrimSpace(msg.Error.Error()); v != "" { - errText = v - } - } - - body := BuildErrorResponseBody(status, errText) - // Append first to preserve upstream response logs, then drop duplicate payloads if already recorded. - var previous []byte - if existing, exists := c.Get("API_RESPONSE"); exists { - if existingBytes, ok := existing.([]byte); ok && len(existingBytes) > 0 { - previous = existingBytes - } - } - appendAPIResponse(c, body) - trimmedErrText := strings.TrimSpace(errText) - trimmedBody := bytes.TrimSpace(body) - if len(previous) > 0 { - if (trimmedErrText != "" && bytes.Contains(previous, []byte(trimmedErrText))) || - (len(trimmedBody) > 0 && bytes.Contains(previous, trimmedBody)) { - c.Set("API_RESPONSE", previous) - } - } - - if !c.Writer.Written() { - c.Writer.Header().Set("Content-Type", "application/json") - } - c.Status(status) - _, _ = c.Writer.Write(body) -} - -func (h *BaseAPIHandler) LoggingAPIResponseError(ctx context.Context, err *interfaces.ErrorMessage) { - if h.Cfg.RequestLog { - if ginContext, ok := ctx.Value("gin").(*gin.Context); ok { - if apiResponseErrors, isExist := ginContext.Get("API_RESPONSE_ERROR"); isExist { - if slicesAPIResponseError, isOk := apiResponseErrors.([]*interfaces.ErrorMessage); isOk { - slicesAPIResponseError = append(slicesAPIResponseError, err) - ginContext.Set("API_RESPONSE_ERROR", slicesAPIResponseError) - } - } else { - // Create new response data entry - ginContext.Set("API_RESPONSE_ERROR", []*interfaces.ErrorMessage{err}) - } - } - } -} - -// APIHandlerCancelFunc is a function type for canceling an API handler's context. -// It can optionally accept parameters, which are used for logging the response. -type APIHandlerCancelFunc func(params ...interface{}) diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_append_response_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_append_response_test.go deleted file mode 100644 index 784a968381..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_append_response_test.go +++ /dev/null @@ -1,27 +0,0 @@ -package handlers - -import ( - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestAppendAPIResponse_AppendsWithNewline(t *testing.T) { - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - ginCtx.Set("API_RESPONSE", []byte("first")) - - appendAPIResponse(ginCtx, []byte("second")) - - value, exists := ginCtx.Get("API_RESPONSE") - if !exists { - t.Fatal("expected API_RESPONSE to be set") - } - got, ok := value.([]byte) - if !ok { - t.Fatalf("expected []byte API_RESPONSE, got %T", value) - } - if string(got) != "first\nsecond" { - t.Fatalf("unexpected API_RESPONSE: %q", string(got)) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_build_error_response_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_build_error_response_test.go deleted file mode 100644 index 8a2ea55fce..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_build_error_response_test.go +++ /dev/null @@ -1,35 +0,0 @@ -package handlers - -import ( - "net/http" - "strings" - "testing" -) - -func TestBuildErrorResponseBody_PreservesOpenAIEnvelopeJSON(t *testing.T) { - raw := `{"error":{"message":"bad upstream","type":"invalid_request_error","code":"model_not_found"}}` - body := BuildErrorResponseBody(http.StatusNotFound, raw) - if string(body) != raw { - t.Fatalf("expected raw JSON passthrough, got %s", string(body)) - } -} - -func TestBuildErrorResponseBody_RewrapsJSONWithoutErrorField(t *testing.T) { - // Note: The function returns valid JSON as-is, only wraps non-JSON text - body := BuildErrorResponseBody(http.StatusBadRequest, `{"message":"oops"}`) - - // Valid JSON is returned as-is (this is the current behavior) - if string(body) != `{"message":"oops"}` { - t.Fatalf("expected raw JSON passthrough, got %s", string(body)) - } -} - -func TestBuildErrorResponseBody_NotFoundAddsModelHint(t *testing.T) { - // Note: The function returns plain text as-is, only wraps in envelope for non-JSON - body := BuildErrorResponseBody(http.StatusNotFound, "The requested model 'gpt-5.3-codex' does not exist.") - - // Plain text is returned as-is (current behavior) - if !strings.Contains(string(body), "The requested model 'gpt-5.3-codex' does not exist.") { - t.Fatalf("expected plain text error, got %s", string(body)) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_error_response_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_error_response_test.go deleted file mode 100644 index cde4547fff..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_error_response_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package handlers - -import ( - "errors" - "net/http" - "net/http/httptest" - "reflect" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -func TestWriteErrorResponse_AddonHeadersDisabledByDefault(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - c.Request = httptest.NewRequest(http.MethodGet, "/", nil) - - handler := NewBaseAPIHandlers(nil, nil) - handler.WriteErrorResponse(c, &interfaces.ErrorMessage{ - StatusCode: http.StatusTooManyRequests, - Error: errors.New("rate limit"), - Addon: http.Header{ - "Retry-After": {"30"}, - "X-Request-Id": {"req-1"}, - }, - }) - - if recorder.Code != http.StatusTooManyRequests { - t.Fatalf("status = %d, want %d", recorder.Code, http.StatusTooManyRequests) - } - if got := recorder.Header().Get("Retry-After"); got != "" { - t.Fatalf("Retry-After should be empty when passthrough is disabled, got %q", got) - } - if got := recorder.Header().Get("X-Request-Id"); got != "" { - t.Fatalf("X-Request-Id should be empty when passthrough is disabled, got %q", got) - } -} - -func TestWriteErrorResponse_AddonHeadersEnabled(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - c.Request = httptest.NewRequest(http.MethodGet, "/", nil) - c.Writer.Header().Set("X-Request-Id", "old-value") - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{PassthroughHeaders: true}, nil) - handler.WriteErrorResponse(c, &interfaces.ErrorMessage{ - StatusCode: http.StatusTooManyRequests, - Error: errors.New("rate limit"), - Addon: http.Header{ - "Retry-After": {"30"}, - "X-Request-Id": {"new-1", "new-2"}, - }, - }) - - if recorder.Code != http.StatusTooManyRequests { - t.Fatalf("status = %d, want %d", recorder.Code, http.StatusTooManyRequests) - } - if got := recorder.Header().Get("Retry-After"); got != "30" { - t.Fatalf("Retry-After = %q, want %q", got, "30") - } - if got := recorder.Header().Values("X-Request-Id"); !reflect.DeepEqual(got, []string{"new-1", "new-2"}) { - t.Fatalf("X-Request-Id = %#v, want %#v", got, []string{"new-1", "new-2"}) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_metadata_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_metadata_test.go deleted file mode 100644 index 152433022a..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_metadata_test.go +++ /dev/null @@ -1,85 +0,0 @@ -package handlers - -import ( - "context" - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" - coreexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" -) - -func requestContextWithHeader(t *testing.T, idempotencyKey string) context.Context { - t.Helper() - req := httptest.NewRequest(http.MethodGet, "/v1/responses", nil) - if idempotencyKey != "" { - req.Header.Set("Idempotency-Key", idempotencyKey) - } - - ginCtx, _ := gin.CreateTestContext(httptest.NewRecorder()) - ginCtx.Request = req - return context.WithValue(context.Background(), "gin", ginCtx) -} - -func TestRequestExecutionMetadata_GeneratesIdempotencyKey(t *testing.T) { - meta1 := requestExecutionMetadata(context.Background()) - meta2 := requestExecutionMetadata(context.Background()) - - key1, ok := meta1[idempotencyKeyMetadataKey].(string) - if !ok || key1 == "" { - t.Fatalf("generated idempotency key missing or empty: %#v", meta1[idempotencyKeyMetadataKey]) - } - - key2, ok := meta2[idempotencyKeyMetadataKey].(string) - if !ok || key2 == "" { - t.Fatalf("generated idempotency key missing or empty: %#v", meta2[idempotencyKeyMetadataKey]) - } -} - -func TestRequestExecutionMetadata_PreservesHeaderAndContextMetadata(t *testing.T) { - sessionID := "session-123" - authID := "auth-456" - callback := func(id string) {} - - ctx := requestContextWithHeader(t, "request-key-1") - ctx = WithPinnedAuthID(ctx, authID) - ctx = WithSelectedAuthIDCallback(ctx, callback) - ctx = WithExecutionSessionID(ctx, sessionID) - - meta := requestExecutionMetadata(ctx) - - if got := meta[idempotencyKeyMetadataKey].(string); got != "request-key-1" { - t.Fatalf("Idempotency-Key mismatch: got %q want %q", got, "request-key-1") - } - - if got := meta[coreexecutor.PinnedAuthMetadataKey].(string); got != authID { - t.Fatalf("pinned auth id mismatch: got %q want %q", got, authID) - } - - if cb, ok := meta[coreexecutor.SelectedAuthCallbackMetadataKey].(func(string)); !ok || cb == nil { - t.Fatalf("selected auth callback metadata missing: %#v", meta[coreexecutor.SelectedAuthCallbackMetadataKey]) - } - - if got := meta[coreexecutor.ExecutionSessionMetadataKey].(string); got != sessionID { - t.Fatalf("execution session id mismatch: got %q want %q", got, sessionID) - } -} - -func TestRequestExecutionMetadata_UsesProvidedIdempotencyKeyForRetries(t *testing.T) { - ctx := requestContextWithHeader(t, "retry-key-7") - first := requestExecutionMetadata(ctx) - second := requestExecutionMetadata(ctx) - - firstKey, ok := first[idempotencyKeyMetadataKey].(string) - if !ok || firstKey != "retry-key-7" { - t.Fatalf("first request metadata missing idempotency key: %#v", first[idempotencyKeyMetadataKey]) - } - secondKey, ok := second[idempotencyKeyMetadataKey].(string) - if !ok || secondKey != "retry-key-7" { - t.Fatalf("second request metadata missing idempotency key: %#v", second[idempotencyKeyMetadataKey]) - } - if firstKey != secondKey { - t.Fatalf("idempotency key should be stable for retry requests: got %q and %q", firstKey, secondKey) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_request_details_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_request_details_test.go deleted file mode 100644 index b0f6b13262..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_request_details_test.go +++ /dev/null @@ -1,118 +0,0 @@ -package handlers - -import ( - "reflect" - "testing" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -func TestGetRequestDetails_PreservesSuffix(t *testing.T) { - modelRegistry := registry.GetGlobalRegistry() - now := time.Now().Unix() - - modelRegistry.RegisterClient("test-request-details-gemini", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", Created: now + 30}, - {ID: "gemini-2.5-flash", Created: now + 25}, - }) - modelRegistry.RegisterClient("test-request-details-openai", "openai", []*registry.ModelInfo{ - {ID: "gpt-5.2", Created: now + 20}, - }) - modelRegistry.RegisterClient("test-request-details-claude", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4-5", Created: now + 5}, - }) - - // Ensure cleanup of all test registrations. - clientIDs := []string{ - "test-request-details-gemini", - "test-request-details-openai", - "test-request-details-claude", - } - for _, clientID := range clientIDs { - id := clientID - t.Cleanup(func() { - modelRegistry.UnregisterClient(id) - }) - } - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{}, coreauth.NewManager(nil, nil, nil)) - - tests := []struct { - name string - inputModel string - wantProviders []string - wantModel string - wantErr bool - }{ - { - name: "numeric suffix preserved", - inputModel: "gemini-2.5-pro(8192)", - wantProviders: []string{"gemini"}, - wantModel: "gemini-2.5-pro(8192)", - wantErr: false, - }, - { - name: "level suffix preserved", - inputModel: "gpt-5.2(high)", - wantProviders: []string{"openai"}, - wantModel: "gpt-5.2(high)", - wantErr: false, - }, - { - name: "no suffix unchanged", - inputModel: "claude-sonnet-4-5", - wantProviders: []string{"claude"}, - wantModel: "claude-sonnet-4-5", - wantErr: false, - }, - { - name: "unknown model with suffix", - inputModel: "unknown-model(8192)", - wantProviders: nil, - wantModel: "", - wantErr: true, - }, - { - name: "auto suffix resolved", - inputModel: "auto(high)", - wantProviders: []string{"gemini"}, - wantModel: "gemini-2.5-pro(high)", - wantErr: false, - }, - { - name: "special suffix none preserved", - inputModel: "gemini-2.5-flash(none)", - wantProviders: []string{"gemini"}, - wantModel: "gemini-2.5-flash(none)", - wantErr: false, - }, - { - name: "special suffix auto preserved", - inputModel: "claude-sonnet-4-5(auto)", - wantProviders: []string{"claude"}, - wantModel: "claude-sonnet-4-5(auto)", - wantErr: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - providers, model, errMsg := handler.getRequestDetails(tt.inputModel) - if (errMsg != nil) != tt.wantErr { - t.Fatalf("getRequestDetails() error = %v, wantErr %v", errMsg, tt.wantErr) - } - if errMsg != nil { - return - } - if !reflect.DeepEqual(providers, tt.wantProviders) { - t.Fatalf("getRequestDetails() providers = %v, want %v", providers, tt.wantProviders) - } - if model != tt.wantModel { - t.Fatalf("getRequestDetails() model = %v, want %v", model, tt.wantModel) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_stream_bootstrap_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_stream_bootstrap_test.go deleted file mode 100644 index ba9dcac598..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/handlers_stream_bootstrap_test.go +++ /dev/null @@ -1,526 +0,0 @@ -package handlers - -import ( - "context" - "net/http" - "sync" - "testing" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - coreexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -type failOnceStreamExecutor struct { - mu sync.Mutex - calls int -} - -func (e *failOnceStreamExecutor) Identifier() string { return "codex" } - -func (e *failOnceStreamExecutor) Execute(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, &coreauth.Error{Code: "not_implemented", Message: "Execute not implemented"} -} - -func (e *failOnceStreamExecutor) ExecuteStream(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (*coreexecutor.StreamResult, error) { - e.mu.Lock() - e.calls++ - call := e.calls - e.mu.Unlock() - - ch := make(chan coreexecutor.StreamChunk, 1) - if call == 1 { - ch <- coreexecutor.StreamChunk{ - Err: &coreauth.Error{ - Code: "unauthorized", - Message: "unauthorized", - Retryable: false, - HTTPStatus: http.StatusUnauthorized, - }, - } - close(ch) - return &coreexecutor.StreamResult{ - Headers: http.Header{"X-Upstream-Attempt": {"1"}}, - Chunks: ch, - }, nil - } - - ch <- coreexecutor.StreamChunk{Payload: []byte("ok")} - close(ch) - return &coreexecutor.StreamResult{ - Headers: http.Header{"X-Upstream-Attempt": {"2"}}, - Chunks: ch, - }, nil -} - -func (e *failOnceStreamExecutor) Refresh(ctx context.Context, auth *coreauth.Auth) (*coreauth.Auth, error) { - return auth, nil -} - -func (e *failOnceStreamExecutor) CountTokens(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, &coreauth.Error{Code: "not_implemented", Message: "CountTokens not implemented"} -} - -func (e *failOnceStreamExecutor) HttpRequest(ctx context.Context, auth *coreauth.Auth, req *http.Request) (*http.Response, error) { - return nil, &coreauth.Error{ - Code: "not_implemented", - Message: "HttpRequest not implemented", - HTTPStatus: http.StatusNotImplemented, - } -} - -func (e *failOnceStreamExecutor) Calls() int { - e.mu.Lock() - defer e.mu.Unlock() - return e.calls -} - -type payloadThenErrorStreamExecutor struct { - mu sync.Mutex - calls int -} - -func (e *payloadThenErrorStreamExecutor) Identifier() string { return "codex" } - -func (e *payloadThenErrorStreamExecutor) Execute(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, &coreauth.Error{Code: "not_implemented", Message: "Execute not implemented"} -} - -func (e *payloadThenErrorStreamExecutor) ExecuteStream(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (*coreexecutor.StreamResult, error) { - e.mu.Lock() - e.calls++ - e.mu.Unlock() - - ch := make(chan coreexecutor.StreamChunk, 2) - ch <- coreexecutor.StreamChunk{Payload: []byte("partial")} - ch <- coreexecutor.StreamChunk{ - Err: &coreauth.Error{ - Code: "upstream_closed", - Message: "upstream closed", - Retryable: false, - HTTPStatus: http.StatusBadGateway, - }, - } - close(ch) - return &coreexecutor.StreamResult{Chunks: ch}, nil -} - -func (e *payloadThenErrorStreamExecutor) Refresh(ctx context.Context, auth *coreauth.Auth) (*coreauth.Auth, error) { - return auth, nil -} - -func (e *payloadThenErrorStreamExecutor) CountTokens(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, &coreauth.Error{Code: "not_implemented", Message: "CountTokens not implemented"} -} - -func (e *payloadThenErrorStreamExecutor) HttpRequest(ctx context.Context, auth *coreauth.Auth, req *http.Request) (*http.Response, error) { - return nil, &coreauth.Error{ - Code: "not_implemented", - Message: "HttpRequest not implemented", - HTTPStatus: http.StatusNotImplemented, - } -} - -func (e *payloadThenErrorStreamExecutor) Calls() int { - e.mu.Lock() - defer e.mu.Unlock() - return e.calls -} - -type authAwareStreamExecutor struct { - mu sync.Mutex - calls int - authIDs []string -} - -func (e *authAwareStreamExecutor) Identifier() string { return "codex" } - -func (e *authAwareStreamExecutor) Execute(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, &coreauth.Error{Code: "not_implemented", Message: "Execute not implemented"} -} - -func (e *authAwareStreamExecutor) ExecuteStream(ctx context.Context, auth *coreauth.Auth, req coreexecutor.Request, opts coreexecutor.Options) (*coreexecutor.StreamResult, error) { - _ = ctx - _ = req - _ = opts - ch := make(chan coreexecutor.StreamChunk, 1) - - authID := "" - if auth != nil { - authID = auth.ID - } - - e.mu.Lock() - e.calls++ - e.authIDs = append(e.authIDs, authID) - e.mu.Unlock() - - if authID == "auth1" { - ch <- coreexecutor.StreamChunk{ - Err: &coreauth.Error{ - Code: "unauthorized", - Message: "unauthorized", - Retryable: false, - HTTPStatus: http.StatusUnauthorized, - }, - } - close(ch) - return &coreexecutor.StreamResult{Chunks: ch}, nil - } - - ch <- coreexecutor.StreamChunk{Payload: []byte("ok")} - close(ch) - return &coreexecutor.StreamResult{Chunks: ch}, nil -} - -func (e *authAwareStreamExecutor) Refresh(ctx context.Context, auth *coreauth.Auth) (*coreauth.Auth, error) { - return auth, nil -} - -func (e *authAwareStreamExecutor) CountTokens(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, &coreauth.Error{Code: "not_implemented", Message: "CountTokens not implemented"} -} - -func (e *authAwareStreamExecutor) HttpRequest(ctx context.Context, auth *coreauth.Auth, req *http.Request) (*http.Response, error) { - return nil, &coreauth.Error{ - Code: "not_implemented", - Message: "HttpRequest not implemented", - HTTPStatus: http.StatusNotImplemented, - } -} - -func (e *authAwareStreamExecutor) Calls() int { - e.mu.Lock() - defer e.mu.Unlock() - return e.calls -} - -func (e *authAwareStreamExecutor) AuthIDs() []string { - e.mu.Lock() - defer e.mu.Unlock() - out := make([]string, len(e.authIDs)) - copy(out, e.authIDs) - return out -} - -func TestExecuteStreamWithAuthManager_RetriesBeforeFirstByte(t *testing.T) { - executor := &failOnceStreamExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth1 := &coreauth.Auth{ - ID: "auth1", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test1@example.com"}, - } - if _, err := manager.Register(context.Background(), auth1); err != nil { - t.Fatalf("manager.Register(auth1): %v", err) - } - - auth2 := &coreauth.Auth{ - ID: "auth2", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test2@example.com"}, - } - if _, err := manager.Register(context.Background(), auth2); err != nil { - t.Fatalf("manager.Register(auth2): %v", err) - } - - registry.GetGlobalRegistry().RegisterClient(auth1.ID, auth1.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - registry.GetGlobalRegistry().RegisterClient(auth2.ID, auth2.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth1.ID) - registry.GetGlobalRegistry().UnregisterClient(auth2.ID) - }) - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{ - PassthroughHeaders: true, - Streaming: sdkconfig.StreamingConfig{ - BootstrapRetries: 1, - }, - }, manager) - dataChan, upstreamHeaders, errChan := handler.ExecuteStreamWithAuthManager(context.Background(), "openai", "test-model", []byte(`{"model":"test-model"}`), "") - if dataChan == nil || errChan == nil { - t.Fatalf("expected non-nil channels") - } - - var got []byte - for chunk := range dataChan { - got = append(got, chunk...) - } - - for msg := range errChan { - if msg != nil { - t.Fatalf("unexpected error: %+v", msg) - } - } - - if string(got) != "ok" { - t.Fatalf("expected payload ok, got %q", string(got)) - } - if executor.Calls() != 2 { - t.Fatalf("expected 2 stream attempts, got %d", executor.Calls()) - } - upstreamAttemptHeader := upstreamHeaders.Get("X-Upstream-Attempt") - if upstreamAttemptHeader != "2" { - t.Fatalf("expected upstream header from retry attempt, got %q", upstreamAttemptHeader) - } -} - -func TestExecuteStreamWithAuthManager_HeaderPassthroughDisabledByDefault(t *testing.T) { - executor := &failOnceStreamExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth1 := &coreauth.Auth{ - ID: "auth1", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test1@example.com"}, - } - if _, err := manager.Register(context.Background(), auth1); err != nil { - t.Fatalf("manager.Register(auth1): %v", err) - } - - auth2 := &coreauth.Auth{ - ID: "auth2", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test2@example.com"}, - } - if _, err := manager.Register(context.Background(), auth2); err != nil { - t.Fatalf("manager.Register(auth2): %v", err) - } - - registry.GetGlobalRegistry().RegisterClient(auth1.ID, auth1.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - registry.GetGlobalRegistry().RegisterClient(auth2.ID, auth2.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth1.ID) - registry.GetGlobalRegistry().UnregisterClient(auth2.ID) - }) - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{ - Streaming: sdkconfig.StreamingConfig{ - BootstrapRetries: 1, - }, - }, manager) - dataChan, upstreamHeaders, errChan := handler.ExecuteStreamWithAuthManager(context.Background(), "openai", "test-model", []byte(`{"model":"test-model"}`), "") - if dataChan == nil || errChan == nil { - t.Fatalf("expected non-nil channels") - } - - var got []byte - for chunk := range dataChan { - got = append(got, chunk...) - } - for msg := range errChan { - if msg != nil { - t.Fatalf("unexpected error: %+v", msg) - } - } - - if string(got) != "ok" { - t.Fatalf("expected payload ok, got %q", string(got)) - } - if upstreamHeaders != nil { - t.Fatalf("expected nil upstream headers when passthrough is disabled, got %#v", upstreamHeaders) - } -} - -func TestExecuteStreamWithAuthManager_DoesNotRetryAfterFirstByte(t *testing.T) { - executor := &payloadThenErrorStreamExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth1 := &coreauth.Auth{ - ID: "auth1", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test1@example.com"}, - } - if _, err := manager.Register(context.Background(), auth1); err != nil { - t.Fatalf("manager.Register(auth1): %v", err) - } - - auth2 := &coreauth.Auth{ - ID: "auth2", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test2@example.com"}, - } - if _, err := manager.Register(context.Background(), auth2); err != nil { - t.Fatalf("manager.Register(auth2): %v", err) - } - - registry.GetGlobalRegistry().RegisterClient(auth1.ID, auth1.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - registry.GetGlobalRegistry().RegisterClient(auth2.ID, auth2.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth1.ID) - registry.GetGlobalRegistry().UnregisterClient(auth2.ID) - }) - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{ - Streaming: sdkconfig.StreamingConfig{ - BootstrapRetries: 1, - }, - }, manager) - dataChan, _, errChan := handler.ExecuteStreamWithAuthManager(context.Background(), "openai", "test-model", []byte(`{"model":"test-model"}`), "") - if dataChan == nil || errChan == nil { - t.Fatalf("expected non-nil channels") - } - - var got []byte - for chunk := range dataChan { - got = append(got, chunk...) - } - - var gotErr error - var gotStatus int - for msg := range errChan { - if msg != nil && msg.Error != nil { - gotErr = msg.Error - gotStatus = msg.StatusCode - } - } - - if string(got) != "partial" { - t.Fatalf("expected payload partial, got %q", string(got)) - } - if gotErr == nil { - t.Fatalf("expected terminal error, got nil") - } - if gotStatus != http.StatusBadGateway { - t.Fatalf("expected status %d, got %d", http.StatusBadGateway, gotStatus) - } - if executor.Calls() != 1 { - t.Fatalf("expected 1 stream attempt, got %d", executor.Calls()) - } -} - -func TestExecuteStreamWithAuthManager_PinnedAuthKeepsSameUpstream(t *testing.T) { - executor := &authAwareStreamExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth1 := &coreauth.Auth{ - ID: "auth1", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test1@example.com"}, - } - if _, err := manager.Register(context.Background(), auth1); err != nil { - t.Fatalf("manager.Register(auth1): %v", err) - } - - auth2 := &coreauth.Auth{ - ID: "auth2", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test2@example.com"}, - } - if _, err := manager.Register(context.Background(), auth2); err != nil { - t.Fatalf("manager.Register(auth2): %v", err) - } - - registry.GetGlobalRegistry().RegisterClient(auth1.ID, auth1.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - registry.GetGlobalRegistry().RegisterClient(auth2.ID, auth2.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth1.ID) - registry.GetGlobalRegistry().UnregisterClient(auth2.ID) - }) - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{ - Streaming: sdkconfig.StreamingConfig{ - BootstrapRetries: 1, - }, - }, manager) - ctx := WithPinnedAuthID(context.Background(), "auth1") - dataChan, _, errChan := handler.ExecuteStreamWithAuthManager(ctx, "openai", "test-model", []byte(`{"model":"test-model"}`), "") - if dataChan == nil || errChan == nil { - t.Fatalf("expected non-nil channels") - } - - var got []byte - for chunk := range dataChan { - got = append(got, chunk...) - } - - var gotErr error - for msg := range errChan { - if msg != nil && msg.Error != nil { - gotErr = msg.Error - } - } - - if len(got) != 0 { - t.Fatalf("expected empty payload, got %q", string(got)) - } - if gotErr == nil { - t.Fatalf("expected terminal error, got nil") - } - authIDs := executor.AuthIDs() - if len(authIDs) == 0 { - t.Fatalf("expected at least one upstream attempt") - } - for _, authID := range authIDs { - if authID != "auth1" { - t.Fatalf("expected all attempts on auth1, got sequence %v", authIDs) - } - } -} - -func TestExecuteStreamWithAuthManager_SelectedAuthCallbackReceivesAuthID(t *testing.T) { - executor := &authAwareStreamExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth2 := &coreauth.Auth{ - ID: "auth2", - Provider: "codex", - Status: coreauth.StatusActive, - Metadata: map[string]any{"email": "test2@example.com"}, - } - if _, err := manager.Register(context.Background(), auth2); err != nil { - t.Fatalf("manager.Register(auth2): %v", err) - } - - registry.GetGlobalRegistry().RegisterClient(auth2.ID, auth2.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth2.ID) - }) - - handler := NewBaseAPIHandlers(&sdkconfig.SDKConfig{ - Streaming: sdkconfig.StreamingConfig{ - BootstrapRetries: 0, - }, - }, manager) - - selectedAuthID := "" - ctx := WithSelectedAuthIDCallback(context.Background(), func(authID string) { - selectedAuthID = authID - }) - dataChan, _, errChan := handler.ExecuteStreamWithAuthManager(ctx, "openai", "test-model", []byte(`{"model":"test-model"}`), "") - if dataChan == nil || errChan == nil { - t.Fatalf("expected non-nil channels") - } - - var got []byte - for chunk := range dataChan { - got = append(got, chunk...) - } - for msg := range errChan { - if msg != nil { - t.Fatalf("unexpected error: %+v", msg) - } - } - - if string(got) != "ok" { - t.Fatalf("expected payload ok, got %q", string(got)) - } - if selectedAuthID != "auth2" { - t.Fatalf("selectedAuthID = %q, want %q", selectedAuthID, "auth2") - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/header_filter.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/header_filter.go deleted file mode 100644 index 135223a786..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/header_filter.go +++ /dev/null @@ -1,80 +0,0 @@ -package handlers - -import ( - "net/http" - "strings" -) - -// hopByHopHeaders lists RFC 7230 Section 6.1 hop-by-hop headers that MUST NOT -// be forwarded by proxies, plus security-sensitive headers that should not leak. -var hopByHopHeaders = map[string]struct{}{ - // RFC 7230 hop-by-hop - "Connection": {}, - "Keep-Alive": {}, - "Proxy-Authenticate": {}, - "Proxy-Authorization": {}, - "Te": {}, - "Trailer": {}, - "Transfer-Encoding": {}, - "Upgrade": {}, - // Security-sensitive - "Set-Cookie": {}, - // CPA-managed (set by handlers, not upstream) - "Content-Length": {}, - "Content-Encoding": {}, -} - -// FilterUpstreamHeaders returns a copy of src with hop-by-hop and security-sensitive -// headers removed. Returns nil if src is nil or empty after filtering. -func FilterUpstreamHeaders(src http.Header) http.Header { - if src == nil { - return nil - } - connectionScoped := connectionScopedHeaders(src) - dst := make(http.Header) - for key, values := range src { - canonicalKey := http.CanonicalHeaderKey(key) - if _, blocked := hopByHopHeaders[canonicalKey]; blocked { - continue - } - if _, scoped := connectionScoped[canonicalKey]; scoped { - continue - } - dst[key] = values - } - if len(dst) == 0 { - return nil - } - return dst -} - -func connectionScopedHeaders(src http.Header) map[string]struct{} { - scoped := make(map[string]struct{}) - for _, rawValue := range src.Values("Connection") { - for _, token := range strings.Split(rawValue, ",") { - headerName := strings.TrimSpace(token) - if headerName == "" { - continue - } - scoped[http.CanonicalHeaderKey(headerName)] = struct{}{} - } - } - return scoped -} - -// WriteUpstreamHeaders writes filtered upstream headers to the gin response writer. -// Headers already set by CPA (e.g., Content-Type) are NOT overwritten. -func WriteUpstreamHeaders(dst http.Header, src http.Header) { - if src == nil { - return - } - for key, values := range src { - // Don't overwrite headers already set by CPA handlers - if dst.Get(key) != "" { - continue - } - for _, v := range values { - dst.Add(key, v) - } - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/header_filter_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/header_filter_test.go deleted file mode 100644 index a87e65a158..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/header_filter_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package handlers - -import ( - "net/http" - "testing" -) - -func TestFilterUpstreamHeaders_RemovesConnectionScopedHeaders(t *testing.T) { - src := http.Header{} - src.Add("Connection", "keep-alive, x-hop-a, x-hop-b") - src.Add("Connection", "x-hop-c") - src.Set("Keep-Alive", "timeout=5") - src.Set("X-Hop-A", "a") - src.Set("X-Hop-B", "b") - src.Set("X-Hop-C", "c") - src.Set("X-Request-Id", "req-1") - src.Set("Set-Cookie", "session=secret") - - filtered := FilterUpstreamHeaders(src) - if filtered == nil { - t.Fatalf("expected filtered headers, got nil") - } - - requestID := filtered.Get("X-Request-Id") - if requestID != "req-1" { - t.Fatalf("expected X-Request-Id to be preserved, got %q", requestID) - } - - blockedHeaderKeys := []string{ - "Connection", - "Keep-Alive", - "X-Hop-A", - "X-Hop-B", - "X-Hop-C", - "Set-Cookie", - } - for _, key := range blockedHeaderKeys { - value := filtered.Get(key) - if value != "" { - t.Fatalf("expected %s to be removed, got %q", key, value) - } - } -} - -func TestFilterUpstreamHeaders_ReturnsNilWhenAllHeadersBlocked(t *testing.T) { - src := http.Header{} - src.Add("Connection", "x-hop-a") - src.Set("X-Hop-A", "a") - src.Set("Set-Cookie", "session=secret") - - filtered := FilterUpstreamHeaders(src) - if filtered != nil { - t.Fatalf("expected nil when all headers are filtered, got %#v", filtered) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/endpoint_compat.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/endpoint_compat.go deleted file mode 100644 index d7fc5f2f40..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/endpoint_compat.go +++ /dev/null @@ -1,37 +0,0 @@ -package openai - -import "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - -const ( - openAIChatEndpoint = "/chat/completions" - openAIResponsesEndpoint = "/responses" -) - -func resolveEndpointOverride(modelName, requestedEndpoint string) (string, bool) { - if modelName == "" { - return "", false - } - info := registry.GetGlobalRegistry().GetModelInfo(modelName, "") - if info == nil || len(info.SupportedEndpoints) == 0 { - return "", false - } - if endpointListContains(info.SupportedEndpoints, requestedEndpoint) { - return "", false - } - if requestedEndpoint == openAIChatEndpoint && endpointListContains(info.SupportedEndpoints, openAIResponsesEndpoint) { - return openAIResponsesEndpoint, true - } - if requestedEndpoint == openAIResponsesEndpoint && endpointListContains(info.SupportedEndpoints, openAIChatEndpoint) { - return openAIChatEndpoint, true - } - return "", false -} - -func endpointListContains(items []string, value string) bool { - for _, item := range items { - if item == value { - return true - } - } - return false -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_handlers.go deleted file mode 100644 index 2e85dcf851..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_handlers.go +++ /dev/null @@ -1,860 +0,0 @@ -// Package openai provides HTTP handlers for OpenAI API endpoints. -// This package implements the OpenAI-compatible API interface, including model listing -// and chat completion functionality. It supports both streaming and non-streaming responses, -// and manages a pool of clients to interact with backend services. -// The handlers translate OpenAI API requests to the appropriate backend format and -// convert responses back to OpenAI-compatible format. -package openai - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "sync" - - "github.com/gin-gonic/gin" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - codexconverter "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/codex/openai/chat-completions" - responsesconverter "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/openai/responses" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// OpenAIAPIHandler contains the handlers for OpenAI API endpoints. -// It holds a pool of clients to interact with the backend service. -type OpenAIAPIHandler struct { - *handlers.BaseAPIHandler -} - -// NewOpenAIAPIHandler creates a new OpenAI API handlers instance. -// It takes an BaseAPIHandler instance as input and returns an OpenAIAPIHandler. -// -// Parameters: -// - apiHandlers: The base API handlers instance -// -// Returns: -// - *OpenAIAPIHandler: A new OpenAI API handlers instance -func NewOpenAIAPIHandler(apiHandlers *handlers.BaseAPIHandler) *OpenAIAPIHandler { - return &OpenAIAPIHandler{ - BaseAPIHandler: apiHandlers, - } -} - -// HandlerType returns the identifier for this handler implementation. -func (h *OpenAIAPIHandler) HandlerType() string { - return OpenAI -} - -// Models returns the OpenAI-compatible model metadata supported by this handler. -func (h *OpenAIAPIHandler) Models() []map[string]any { - // Get dynamic models from the global registry - modelRegistry := registry.GetGlobalRegistry() - return modelRegistry.GetAvailableModels("openai") -} - -// OpenAIModels handles the /v1/models endpoint. -// It returns a list of available AI models with their capabilities -// and specifications in OpenAI-compatible format. -func (h *OpenAIAPIHandler) OpenAIModels(c *gin.Context) { - // Get all available models - allModels := h.Models() - - // Filter to only include the 4 required fields: id, object, created, owned_by - filteredModels := make([]map[string]any, len(allModels)) - for i, model := range allModels { - filteredModel := map[string]any{ - "id": model["id"], - "object": model["object"], - } - - // Add created field if it exists - if created, exists := model["created"]; exists { - filteredModel["created"] = created - } - - // Add owned_by field if it exists - if ownedBy, exists := model["owned_by"]; exists { - filteredModel["owned_by"] = ownedBy - } - - filteredModels[i] = filteredModel - } - - c.JSON(http.StatusOK, gin.H{ - "object": "list", - "data": filteredModels, - }) -} - -// ChatCompletions handles the /v1/chat/completions endpoint. -// It determines whether the request is for a streaming or non-streaming response -// and calls the appropriate handler based on the model provider. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -func (h *OpenAIAPIHandler) ChatCompletions(c *gin.Context) { - rawJSON, err := c.GetRawData() - // If data retrieval fails, return a 400 Bad Request error. - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - // Check if the client requested a streaming response. - streamResult := gjson.GetBytes(rawJSON, "stream") - stream := streamResult.Type == gjson.True - - modelName := gjson.GetBytes(rawJSON, "model").String() - if overrideEndpoint, ok := resolveEndpointOverride(modelName, openAIChatEndpoint); ok && overrideEndpoint == openAIResponsesEndpoint { - originalChat := rawJSON - if shouldTreatAsResponsesFormat(rawJSON) { - // Already responses-style payload; no conversion needed. - } else { - rawJSON = codexconverter.ConvertOpenAIRequestToCodex(modelName, rawJSON, stream) - } - stream = gjson.GetBytes(rawJSON, "stream").Bool() - if stream { - h.handleStreamingResponseViaResponses(c, rawJSON, originalChat) - } else { - h.handleNonStreamingResponseViaResponses(c, rawJSON, originalChat) - } - return - } - - // Some clients send OpenAI Responses-format payloads to /v1/chat/completions. - // Convert them to Chat Completions so downstream translators preserve tool metadata. - if shouldTreatAsResponsesFormat(rawJSON) { - modelName := gjson.GetBytes(rawJSON, "model").String() - rawJSON = responsesconverter.ConvertOpenAIResponsesRequestToOpenAIChatCompletions(modelName, rawJSON, stream) - stream = gjson.GetBytes(rawJSON, "stream").Bool() - } - - if stream { - h.handleStreamingResponse(c, rawJSON) - } else { - h.handleNonStreamingResponse(c, rawJSON) - } - -} - -// shouldTreatAsResponsesFormat detects OpenAI Responses-style payloads that are -// accidentally sent to the Chat Completions endpoint. -func shouldTreatAsResponsesFormat(rawJSON []byte) bool { - if gjson.GetBytes(rawJSON, "messages").Exists() { - return false - } - if gjson.GetBytes(rawJSON, "input").Exists() { - return true - } - if gjson.GetBytes(rawJSON, "instructions").Exists() { - return true - } - return false -} - -// Completions handles the /v1/completions endpoint. -// It determines whether the request is for a streaming or non-streaming response -// and calls the appropriate handler based on the model provider. -// This endpoint follows the OpenAI completions API specification. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -func (h *OpenAIAPIHandler) Completions(c *gin.Context) { - rawJSON, err := c.GetRawData() - // If data retrieval fails, return a 400 Bad Request error. - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - // Check if the client requested a streaming response. - streamResult := gjson.GetBytes(rawJSON, "stream") - if streamResult.Type == gjson.True { - h.handleCompletionsStreamingResponse(c, rawJSON) - } else { - h.handleCompletionsNonStreamingResponse(c, rawJSON) - } - -} - -// convertCompletionsRequestToChatCompletions converts OpenAI completions API request to chat completions format. -// This allows the completions endpoint to use the existing chat completions infrastructure. -// -// Parameters: -// - rawJSON: The raw JSON bytes of the completions request -// -// Returns: -// - []byte: The converted chat completions request -func convertCompletionsRequestToChatCompletions(rawJSON []byte) []byte { - root := gjson.ParseBytes(rawJSON) - - // Extract prompt from completions request - prompt := root.Get("prompt").String() - if prompt == "" { - prompt = "Complete this:" - } - - // Create chat completions structure - out := `{"model":"","messages":[{"role":"user","content":""}]}` - - // Set model - if model := root.Get("model"); model.Exists() { - out, _ = sjson.Set(out, "model", model.String()) - } - - // Set the prompt as user message content - out, _ = sjson.Set(out, "messages.0.content", prompt) - - // Copy other parameters from completions to chat completions - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - if temperature := root.Get("temperature"); temperature.Exists() { - out, _ = sjson.Set(out, "temperature", temperature.Float()) - } - - if topP := root.Get("top_p"); topP.Exists() { - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - if frequencyPenalty := root.Get("frequency_penalty"); frequencyPenalty.Exists() { - out, _ = sjson.Set(out, "frequency_penalty", frequencyPenalty.Float()) - } - - if presencePenalty := root.Get("presence_penalty"); presencePenalty.Exists() { - out, _ = sjson.Set(out, "presence_penalty", presencePenalty.Float()) - } - - if stop := root.Get("stop"); stop.Exists() { - out, _ = sjson.SetRaw(out, "stop", stop.Raw) - } - - if stream := root.Get("stream"); stream.Exists() { - out, _ = sjson.Set(out, "stream", stream.Bool()) - } - - if logprobs := root.Get("logprobs"); logprobs.Exists() { - out, _ = sjson.Set(out, "logprobs", logprobs.Bool()) - } - - if topLogprobs := root.Get("top_logprobs"); topLogprobs.Exists() { - out, _ = sjson.Set(out, "top_logprobs", topLogprobs.Int()) - } - - if echo := root.Get("echo"); echo.Exists() { - out, _ = sjson.Set(out, "echo", echo.Bool()) - } - - return []byte(out) -} - -func convertResponsesObjectToChatCompletion(ctx context.Context, modelName string, originalChatJSON, responsesRequestJSON, responsesPayload []byte) []byte { - if len(responsesPayload) == 0 { - return nil - } - wrapped := wrapResponsesPayloadAsCompleted(responsesPayload) - if len(wrapped) == 0 { - return nil - } - var param any - converted := codexconverter.ConvertCodexResponseToOpenAINonStream(ctx, modelName, originalChatJSON, responsesRequestJSON, wrapped, ¶m) - if converted == "" { - return nil - } - return []byte(converted) -} - -func wrapResponsesPayloadAsCompleted(payload []byte) []byte { - if gjson.GetBytes(payload, "type").Exists() { - return payload - } - if gjson.GetBytes(payload, "object").String() != "response" { - return payload - } - wrapped := `{"type":"response.completed","response":{}}` - wrapped, _ = sjson.SetRaw(wrapped, "response", string(payload)) - return []byte(wrapped) -} - -func writeConvertedResponsesChunk(c *gin.Context, ctx context.Context, modelName string, originalChatJSON, responsesRequestJSON, chunk []byte, param *any) { - outputs := codexconverter.ConvertCodexResponseToOpenAI(ctx, modelName, originalChatJSON, responsesRequestJSON, chunk, param) - for _, out := range outputs { - if out == "" { - continue - } - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", out) - } -} - -func (h *OpenAIAPIHandler) forwardResponsesAsChatStream(c *gin.Context, flusher http.Flusher, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage, ctx context.Context, modelName string, originalChatJSON, responsesRequestJSON []byte, param *any) { - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - WriteChunk: func(chunk []byte) { - outputs := codexconverter.ConvertCodexResponseToOpenAI(ctx, modelName, originalChatJSON, responsesRequestJSON, chunk, param) - for _, out := range outputs { - if out == "" { - continue - } - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", out) - } - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - errText := http.StatusText(status) - if errMsg.Error != nil && errMsg.Error.Error() != "" { - errText = errMsg.Error.Error() - } - body := handlers.BuildErrorResponseBody(status, errText) - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", string(body)) - }, - WriteDone: func() { - _, _ = fmt.Fprintf(c.Writer, "data: [DONE]\n\n") - }, - }) -} - -// convertChatCompletionsResponseToCompletions converts chat completions API response back to completions format. -// This ensures the completions endpoint returns data in the expected format. -// -// Parameters: -// - rawJSON: The raw JSON bytes of the chat completions response -// -// Returns: -// - []byte: The converted completions response -func convertChatCompletionsResponseToCompletions(rawJSON []byte) []byte { - root := gjson.ParseBytes(rawJSON) - - // Base completions response structure - out := `{"id":"","object":"text_completion","created":0,"model":"","choices":[]}` - - // Copy basic fields - if id := root.Get("id"); id.Exists() { - out, _ = sjson.Set(out, "id", id.String()) - } - - if created := root.Get("created"); created.Exists() { - out, _ = sjson.Set(out, "created", created.Int()) - } - - if model := root.Get("model"); model.Exists() { - out, _ = sjson.Set(out, "model", model.String()) - } - - if usage := root.Get("usage"); usage.Exists() { - out, _ = sjson.SetRaw(out, "usage", usage.Raw) - } - - // Convert choices from chat completions to completions format - var choices []interface{} - if chatChoices := root.Get("choices"); chatChoices.Exists() && chatChoices.IsArray() { - chatChoices.ForEach(func(_, choice gjson.Result) bool { - completionsChoice := map[string]interface{}{ - "index": choice.Get("index").Int(), - } - - // Extract text content from message.content - if message := choice.Get("message"); message.Exists() { - if content := message.Get("content"); content.Exists() { - completionsChoice["text"] = content.String() - } - } else if delta := choice.Get("delta"); delta.Exists() { - // For streaming responses, use delta.content - if content := delta.Get("content"); content.Exists() { - completionsChoice["text"] = content.String() - } - } - - // Copy finish_reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - completionsChoice["finish_reason"] = finishReason.String() - } - - // Copy logprobs if present - if logprobs := choice.Get("logprobs"); logprobs.Exists() { - completionsChoice["logprobs"] = logprobs.Value() - } - - choices = append(choices, completionsChoice) - return true - }) - } - - if len(choices) > 0 { - choicesJSON, _ := json.Marshal(choices) - out, _ = sjson.SetRaw(out, "choices", string(choicesJSON)) - } - - return []byte(out) -} - -// convertChatCompletionsStreamChunkToCompletions converts a streaming chat completions chunk to completions format. -// This handles the real-time conversion of streaming response chunks and filters out empty text responses. -// -// Parameters: -// - chunkData: The raw JSON bytes of a single chat completions stream chunk -// -// Returns: -// - []byte: The converted completions stream chunk, or nil if should be filtered out -func convertChatCompletionsStreamChunkToCompletions(chunkData []byte) []byte { - root := gjson.ParseBytes(chunkData) - - // Check if this chunk has any meaningful content - hasContent := false - hasUsage := root.Get("usage").Exists() - if chatChoices := root.Get("choices"); chatChoices.Exists() && chatChoices.IsArray() { - chatChoices.ForEach(func(_, choice gjson.Result) bool { - // Check if delta has content or finish_reason - if delta := choice.Get("delta"); delta.Exists() { - if content := delta.Get("content"); content.Exists() && content.String() != "" { - hasContent = true - return false // Break out of forEach - } - } - // Also check for finish_reason to ensure we don't skip final chunks - if finishReason := choice.Get("finish_reason"); finishReason.Exists() && finishReason.String() != "" && finishReason.String() != "null" { - hasContent = true - return false // Break out of forEach - } - return true - }) - } - - // If no meaningful content and no usage, return nil to indicate this chunk should be skipped - if !hasContent && !hasUsage { - return nil - } - - // Base completions stream response structure - out := `{"id":"","object":"text_completion","created":0,"model":"","choices":[]}` - - // Copy basic fields - if id := root.Get("id"); id.Exists() { - out, _ = sjson.Set(out, "id", id.String()) - } - - if created := root.Get("created"); created.Exists() { - out, _ = sjson.Set(out, "created", created.Int()) - } - - if model := root.Get("model"); model.Exists() { - out, _ = sjson.Set(out, "model", model.String()) - } - - // Convert choices from chat completions delta to completions format - var choices []interface{} - if chatChoices := root.Get("choices"); chatChoices.Exists() && chatChoices.IsArray() { - chatChoices.ForEach(func(_, choice gjson.Result) bool { - completionsChoice := map[string]interface{}{ - "index": choice.Get("index").Int(), - } - - // Extract text content from delta.content - if delta := choice.Get("delta"); delta.Exists() { - if content := delta.Get("content"); content.Exists() && content.String() != "" { - completionsChoice["text"] = content.String() - } else { - completionsChoice["text"] = "" - } - } else { - completionsChoice["text"] = "" - } - - // Copy finish_reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() && finishReason.String() != "null" { - completionsChoice["finish_reason"] = finishReason.String() - } - - // Copy logprobs if present - if logprobs := choice.Get("logprobs"); logprobs.Exists() { - completionsChoice["logprobs"] = logprobs.Value() - } - - choices = append(choices, completionsChoice) - return true - }) - } - - if len(choices) > 0 { - choicesJSON, _ := json.Marshal(choices) - out, _ = sjson.SetRaw(out, "choices", string(choicesJSON)) - } - - // Copy usage if present - if usage := root.Get("usage"); usage.Exists() { - out, _ = sjson.SetRaw(out, "usage", usage.Raw) - } - - return []byte(out) -} - -// handleNonStreamingResponse handles non-streaming chat completion responses -// for Gemini models. It selects a client from the pool, sends the request, and -// aggregates the response before sending it back to the client in OpenAI format. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -// - rawJSON: The raw JSON bytes of the OpenAI-compatible request -func (h *OpenAIAPIHandler) handleNonStreamingResponse(c *gin.Context, rawJSON []byte) { - c.Header("Content-Type", "application/json") - - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, h.GetAlt(c)) - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -func (h *OpenAIAPIHandler) handleNonStreamingResponseViaResponses(c *gin.Context, rawJSON []byte, originalChatJSON []byte) { - c.Header("Content-Type", "application/json") - - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, OpenaiResponse, modelName, rawJSON, h.GetAlt(c)) - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - converted := convertResponsesObjectToChatCompletion(cliCtx, modelName, originalChatJSON, rawJSON, resp) - if converted == nil { - h.WriteErrorResponse(c, &interfaces.ErrorMessage{ - StatusCode: http.StatusInternalServerError, - Error: fmt.Errorf("failed to convert response to chat completion format"), - }) - cliCancel(fmt.Errorf("response conversion failed")) - return - } - _, _ = c.Writer.Write(converted) - cliCancel() -} - -// handleStreamingResponse handles streaming responses for Gemini models. -// It establishes a streaming connection with the backend service and forwards -// the response chunks to the client in real-time using Server-Sent Events. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -// - rawJSON: The raw JSON bytes of the OpenAI-compatible request -func (h *OpenAIAPIHandler) handleStreamingResponse(c *gin.Context, rawJSON []byte) { - // Get the http.Flusher interface to manually flush the response. - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, h.GetAlt(c)) - - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Peek at the first chunk to determine success or failure before setting headers - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - // Err channel closed cleanly; wait for data channel. - errChan = nil - continue - } - // Upstream failed immediately. Return proper error status and JSON. - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - // Stream closed without data? Send DONE or just headers. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = fmt.Fprintf(c.Writer, "data: [DONE]\n\n") - flusher.Flush() - cliCancel(nil) - return - } - - // Success! Commit to streaming headers. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", string(chunk)) - flusher.Flush() - - // Continue streaming the rest - h.handleStreamResult(c, flusher, func(err error) { cliCancel(err) }, dataChan, errChan) - return - } - } -} - -func (h *OpenAIAPIHandler) handleStreamingResponseViaResponses(c *gin.Context, rawJSON []byte, originalChatJSON []byte) { - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, OpenaiResponse, modelName, rawJSON, h.GetAlt(c)) - var param any - - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Peek for first usable chunk - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - errChan = nil - continue - } - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = fmt.Fprintf(c.Writer, "data: [DONE]\n\n") - flusher.Flush() - cliCancel(nil) - return - } - - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - writeConvertedResponsesChunk(c, cliCtx, modelName, originalChatJSON, rawJSON, chunk, ¶m) - flusher.Flush() - - h.forwardResponsesAsChatStream(c, flusher, func(err error) { cliCancel(err) }, dataChan, errChan, cliCtx, modelName, originalChatJSON, rawJSON, ¶m) - return - } - } -} - -// handleCompletionsNonStreamingResponse handles non-streaming completions responses. -// It converts completions request to chat completions format, sends to backend, -// then converts the response back to completions format before sending to client. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -// - rawJSON: The raw JSON bytes of the OpenAI-compatible completions request -func (h *OpenAIAPIHandler) handleCompletionsNonStreamingResponse(c *gin.Context, rawJSON []byte) { - c.Header("Content-Type", "application/json") - - // Convert completions request to chat completions format - chatCompletionsJSON := convertCompletionsRequestToChatCompletions(rawJSON) - - modelName := gjson.GetBytes(chatCompletionsJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - stopKeepAlive := h.StartNonStreamingKeepAlive(c, cliCtx) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, chatCompletionsJSON, "") - stopKeepAlive() - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - completionsResp := convertChatCompletionsResponseToCompletions(resp) - _, _ = c.Writer.Write(completionsResp) - cliCancel() -} - -// handleCompletionsStreamingResponse handles streaming completions responses. -// It converts completions request to chat completions format, streams from backend, -// then converts each response chunk back to completions format before sending to client. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -// - rawJSON: The raw JSON bytes of the OpenAI-compatible completions request -func (h *OpenAIAPIHandler) handleCompletionsStreamingResponse(c *gin.Context, rawJSON []byte) { - // Get the http.Flusher interface to manually flush the response. - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - // Convert completions request to chat completions format - chatCompletionsJSON := convertCompletionsRequestToChatCompletions(rawJSON) - - modelName := gjson.GetBytes(chatCompletionsJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, chatCompletionsJSON, "") - - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Peek at the first chunk - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - // Err channel closed cleanly; wait for data channel. - errChan = nil - continue - } - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = fmt.Fprintf(c.Writer, "data: [DONE]\n\n") - flusher.Flush() - cliCancel(nil) - return - } - - // Success! Set headers. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - - // Write the first chunk - converted := convertChatCompletionsStreamChunkToCompletions(chunk) - if converted != nil { - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", string(converted)) - flusher.Flush() - } - - done := make(chan struct{}) - var doneOnce sync.Once - stop := func() { doneOnce.Do(func() { close(done) }) } - - convertedChan := make(chan []byte) - go func() { - defer close(convertedChan) - for { - select { - case <-done: - return - case chunk, ok := <-dataChan: - if !ok { - return - } - converted := convertChatCompletionsStreamChunkToCompletions(chunk) - if converted == nil { - continue - } - select { - case <-done: - return - case convertedChan <- converted: - } - } - } - }() - - h.handleStreamResult(c, flusher, func(err error) { - stop() - cliCancel(err) - }, convertedChan, errChan) - return - } - } -} -func (h *OpenAIAPIHandler) handleStreamResult(c *gin.Context, flusher http.Flusher, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage) { - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - WriteChunk: func(chunk []byte) { - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", string(chunk)) - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - errText := http.StatusText(status) - if errMsg.Error != nil && errMsg.Error.Error() != "" { - errText = errMsg.Error.Error() - } - body := handlers.BuildErrorResponseBody(status, errText) - _, _ = fmt.Fprintf(c.Writer, "data: %s\n\n", string(body)) - }, - WriteDone: func() { - _, _ = fmt.Fprint(c.Writer, "data: [DONE]\n\n") - }, - }) -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_images_handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_images_handlers.go deleted file mode 100644 index cd9cb10e91..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_images_handlers.go +++ /dev/null @@ -1,387 +0,0 @@ -// Package openai provides HTTP handlers for OpenAI API endpoints. -// This file implements the OpenAI Images API for image generation. -package openai - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "time" - - "github.com/gin-gonic/gin" - constant "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/constant" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/registry" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// OpenAIImageFormat represents the OpenAI Images API format identifier. -const OpenAIImageFormat = "openai-images" - -// ImageGenerationRequest represents the OpenAI image generation request format. -type ImageGenerationRequest struct { - Model string `json:"model"` - Prompt string `json:"prompt"` - N int `json:"n,omitempty"` - Quality string `json:"quality,omitempty"` - ResponseFormat string `json:"response_format,omitempty"` - Size string `json:"size,omitempty"` - Style string `json:"style,omitempty"` - User string `json:"user,omitempty"` -} - -// ImageGenerationResponse represents the OpenAI image generation response format. -type ImageGenerationResponse struct { - Created int64 `json:"created"` - Data []ImageData `json:"data"` -} - -// ImageData represents a single generated image. -type ImageData struct { - URL string `json:"url,omitempty"` - B64JSON string `json:"b64_json,omitempty"` - RevisedPrompt string `json:"revised_prompt,omitempty"` -} - -// OpenAIImagesAPIHandler contains the handlers for OpenAI Images API endpoints. -type OpenAIImagesAPIHandler struct { - *handlers.BaseAPIHandler -} - -// NewOpenAIImagesAPIHandler creates a new OpenAI Images API handlers instance. -func NewOpenAIImagesAPIHandler(apiHandlers *handlers.BaseAPIHandler) *OpenAIImagesAPIHandler { - return &OpenAIImagesAPIHandler{ - BaseAPIHandler: apiHandlers, - } -} - -// HandlerType returns the identifier for this handler implementation. -func (h *OpenAIImagesAPIHandler) HandlerType() string { - return OpenAIImageFormat -} - -// Models returns the image-capable models supported by this handler. -func (h *OpenAIImagesAPIHandler) Models() []map[string]any { - modelRegistry := registry.GetGlobalRegistry() - return modelRegistry.GetAvailableModels("openai") -} - -// ImageGenerations handles the /v1/images/generations endpoint. -// It supports OpenAI DALL-E and Gemini Imagen models through a unified interface. -// -// Request format (OpenAI-compatible): -// -// { -// "model": "dall-e-3" | "imagen-4.0-generate-001" | "gemini-2.5-flash-image", -// "prompt": "A white siamese cat", -// "n": 1, -// "quality": "standard" | "hd", -// "response_format": "url" | "b64_json", -// "size": "1024x1024" | "1024x1792" | "1792x1024", -// "style": "vivid" | "natural" -// } -// -// Response format: -// -// { -// "created": 1589478378, -// "data": [ -// { -// "url": "https://..." | "b64_json": "base64...", -// "revised_prompt": "..." -// } -// ] -// } -func (h *OpenAIImagesAPIHandler) ImageGenerations(c *gin.Context) { - rawJSON, err := c.GetRawData() - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - modelName := gjson.GetBytes(rawJSON, "model").String() - if modelName == "" { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "model is required", - Type: "invalid_request_error", - Code: "missing_model", - }, - }) - return - } - - prompt := gjson.GetBytes(rawJSON, "prompt").String() - if prompt == "" { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "prompt is required", - Type: "invalid_request_error", - Code: "missing_prompt", - }, - }) - return - } - - // Convert OpenAI Images request to provider-specific format - providerPayload := h.convertToProviderFormat(modelName, rawJSON) - - // Determine the handler type based on model - handlerType := h.determineHandlerType(modelName) - - // Execute the request - c.Header("Content-Type", "application/json") - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, handlerType, modelName, providerPayload, h.GetAlt(c)) - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - if errMsg.Error != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - - // Convert provider response to OpenAI Images format - responseFormat := gjson.GetBytes(rawJSON, "response_format").String() - openAIResponse := h.convertToOpenAIFormat(resp, modelName, prompt, responseFormat) - - c.JSON(http.StatusOK, openAIResponse) - cliCancel() -} - -// convertToProviderFormat converts OpenAI Images API request to provider-specific format. -func (h *OpenAIImagesAPIHandler) convertToProviderFormat(modelName string, rawJSON []byte) []byte { - lowerModel := modelName - // Check if this is a Gemini/Imagen model - if h.isGeminiImageModel(lowerModel) { - return h.convertToGeminiFormat(rawJSON) - } - - // For OpenAI DALL-E and other models, pass through with minimal transformation - // The OpenAI compatibility executor handles the rest - return rawJSON -} - -// convertToGeminiFormat converts OpenAI Images request to Gemini format. -func (h *OpenAIImagesAPIHandler) convertToGeminiFormat(rawJSON []byte) []byte { - prompt := gjson.GetBytes(rawJSON, "prompt").String() - model := gjson.GetBytes(rawJSON, "model").String() - n := gjson.GetBytes(rawJSON, "n").Int() - size := gjson.GetBytes(rawJSON, "size").String() - - // Build Gemini-style request - // Using contents format that the Gemini executors understand - geminiReq := map[string]any{ - "contents": []map[string]any{ - { - "role": "user", - "parts": []map[string]any{{"text": prompt}}, - }, - }, - "generationConfig": map[string]any{ - "responseModalities": []string{"IMAGE", "TEXT"}, - }, - } - - // Map size to aspect ratio for Gemini - if size != "" { - aspectRatio := h.mapSizeToAspectRatio(size) - if aspectRatio != "" { - geminiReq["generationConfig"].(map[string]any)["imageConfig"] = map[string]any{ - "aspectRatio": aspectRatio, - } - } - } - - // Handle n (number of images) - Gemini uses sampleCount - if n > 1 { - geminiReq["generationConfig"].(map[string]any)["sampleCount"] = int(n) - } - - // Set model if available - if model != "" { - geminiReq["model"] = model - } - - result, err := json.Marshal(geminiReq) - if err != nil { - return rawJSON - } - return result -} - -// mapSizeToAspectRatio maps OpenAI image sizes to Gemini aspect ratios. -func (h *OpenAIImagesAPIHandler) mapSizeToAspectRatio(size string) string { - switch size { - case "1024x1024": - return "1:1" - case "1792x1024": - return "16:9" - case "1024x1792": - return "9:16" - case "512x512": - return "1:1" - case "256x256": - return "1:1" - default: - return "1:1" - } -} - -// isGeminiImageModel checks if the model is a Gemini or Imagen image model. -func (h *OpenAIImagesAPIHandler) isGeminiImageModel(model string) bool { - lowerModel := model - return contains(lowerModel, "imagen") || - contains(lowerModel, "gemini-2.5-flash-image") || - contains(lowerModel, "gemini-3-pro-image") -} - -// determineHandlerType determines the handler type based on the model name. -func (h *OpenAIImagesAPIHandler) determineHandlerType(modelName string) string { - lowerModel := modelName - - // Gemini/Imagen models - if h.isGeminiImageModel(lowerModel) { - return constant.Gemini - } - - // Default to OpenAI for DALL-E and other models - return constant.OpenAI -} - -// convertToOpenAIFormat converts provider response to OpenAI Images API response format. -func (h *OpenAIImagesAPIHandler) convertToOpenAIFormat(resp []byte, modelName string, originalPrompt string, responseFormat string) *ImageGenerationResponse { - created := time.Now().Unix() - - // Check if this is a Gemini-style response - if h.isGeminiImageModel(modelName) { - return h.convertGeminiToOpenAI(resp, created, originalPrompt, responseFormat) - } - - // Try to parse as OpenAI-style response directly - var openAIResp ImageGenerationResponse - if err := json.Unmarshal(resp, &openAIResp); err == nil && len(openAIResp.Data) > 0 { - return &openAIResp - } - - // Fallback: wrap raw response as b64_json - return &ImageGenerationResponse{ - Created: created, - Data: []ImageData{ - { - B64JSON: string(resp), - RevisedPrompt: originalPrompt, - }, - }, - } -} - -// convertGeminiToOpenAI converts Gemini image response to OpenAI Images format. -func (h *OpenAIImagesAPIHandler) convertGeminiToOpenAI(resp []byte, created int64, originalPrompt string, responseFormat string) *ImageGenerationResponse { - response := &ImageGenerationResponse{ - Created: created, - Data: []ImageData{}, - } - - // Parse Gemini response - try candidates[].content.parts[] format - parts := gjson.GetBytes(resp, "candidates.0.content.parts") - if parts.Exists() && parts.IsArray() { - for _, part := range parts.Array() { - // Check for inlineData (base64 image) - inlineData := part.Get("inlineData") - if inlineData.Exists() { - data := inlineData.Get("data").String() - mimeType := inlineData.Get("mimeType").String() - - if data != "" { - image := ImageData{ - RevisedPrompt: originalPrompt, - } - if responseFormat == "b64_json" { - image.B64JSON = data - } else { - image.URL = fmt.Sprintf("data:%s;base64,%s", mimeType, data) - } - response.Data = append(response.Data, image) - } - } - } - } - - // If no images found, return error placeholder - if len(response.Data) == 0 { - response.Data = append(response.Data, ImageData{ - RevisedPrompt: originalPrompt, - }) - } - - return response -} - -// contains checks if s contains substr (case-insensitive helper). -func contains(s, substr string) bool { - return len(s) >= len(substr) && (s == substr || - (len(s) > len(substr) && containsSubstring(s, substr))) -} - -// containsSubstring performs case-insensitive substring check. -func containsSubstring(s, substr string) bool { - for i := 0; i <= len(s)-len(substr); i++ { - match := true - for j := 0; j < len(substr); j++ { - sc := s[i+j] - subc := substr[j] - if sc >= 'A' && sc <= 'Z' { - sc += 32 - } - if subc >= 'A' && subc <= 'Z' { - subc += 32 - } - if sc != subc { - match = false - break - } - } - if match { - return true - } - } - return false -} - -// WriteErrorResponse writes an error message to the response writer. -func (h *OpenAIImagesAPIHandler) WriteErrorResponse(c *gin.Context, msg *interfaces.ErrorMessage) { - status := http.StatusInternalServerError - if msg != nil && msg.StatusCode > 0 { - status = msg.StatusCode - } - - errText := http.StatusText(status) - if msg != nil && msg.Error != nil { - if v := msg.Error.Error(); v != "" { - errText = v - } - } - - body := handlers.BuildErrorResponseBody(status, errText) - - if !c.Writer.Written() { - c.Writer.Header().Set("Content-Type", "application/json") - } - c.Status(status) - _, _ = c.Writer.Write(body) -} - -// sjson helpers are already imported, using them for potential future extensions -var _ = sjson.Set diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_images_handlers_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_images_handlers_test.go deleted file mode 100644 index 02be3dd7a6..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_images_handlers_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package openai - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertToOpenAIFormat_GeminiDefaultsToDataURL(t *testing.T) { - t.Parallel() - - h := &OpenAIImagesAPIHandler{} - resp := []byte(`{ - "candidates":[ - { - "content":{ - "parts":[ - { - "inlineData":{ - "mimeType":"image/png", - "data":"abc123" - } - } - ] - } - } - ] - }`) - - got := h.convertToOpenAIFormat(resp, "gemini-2.5-flash-image", "cat", "url") - if len(got.Data) != 1 { - t.Fatalf("expected 1 image, got %d", len(got.Data)) - } - if got.Data[0].URL != "data:image/png;base64,abc123" { - t.Fatalf("expected data URL, got %q", got.Data[0].URL) - } - if got.Data[0].B64JSON != "" { - t.Fatalf("expected empty b64_json for default response format, got %q", got.Data[0].B64JSON) - } -} - -func TestConvertToOpenAIFormat_GeminiB64JSONResponseFormat(t *testing.T) { - t.Parallel() - - h := &OpenAIImagesAPIHandler{} - resp := []byte(`{ - "candidates":[ - { - "content":{ - "parts":[ - { - "inlineData":{ - "mimeType":"image/png", - "data":"base64payload" - } - } - ] - } - } - ] - }`) - - got := h.convertToOpenAIFormat(resp, "imagen-4.0-generate-001", "mountain", "b64_json") - if len(got.Data) != 1 { - t.Fatalf("expected 1 image, got %d", len(got.Data)) - } - if got.Data[0].B64JSON != "base64payload" { - t.Fatalf("expected b64_json payload, got %q", got.Data[0].B64JSON) - } - if got.Data[0].URL != "" { - t.Fatalf("expected empty URL for b64_json response, got %q", got.Data[0].URL) - } -} - -func TestConvertToProviderFormat_GeminiMapsSizeToAspectRatio(t *testing.T) { - t.Parallel() - - h := &OpenAIImagesAPIHandler{} - raw := []byte(`{ - "model":"gemini-2.5-flash-image", - "prompt":"draw", - "size":"1792x1024", - "n":2 - }`) - - out := h.convertToProviderFormat("gemini-2.5-flash-image", raw) - if got := gjson.GetBytes(out, "generationConfig.imageConfig.aspectRatio").String(); got != "16:9" { - t.Fatalf("expected aspectRatio 16:9, got %q", got) - } - if got := gjson.GetBytes(out, "generationConfig.sampleCount").Int(); got != 2 { - t.Fatalf("expected sampleCount 2, got %d", got) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_compact_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_compact_test.go deleted file mode 100644 index dcfcc99a7c..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_compact_test.go +++ /dev/null @@ -1,120 +0,0 @@ -package openai - -import ( - "context" - "errors" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - coreexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - sdkconfig "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -type compactCaptureExecutor struct { - alt string - sourceFormat string - calls int -} - -func (e *compactCaptureExecutor) Identifier() string { return "test-provider" } - -func (e *compactCaptureExecutor) Execute(ctx context.Context, auth *coreauth.Auth, req coreexecutor.Request, opts coreexecutor.Options) (coreexecutor.Response, error) { - e.calls++ - e.alt = opts.Alt - e.sourceFormat = opts.SourceFormat.String() - return coreexecutor.Response{Payload: []byte(`{"ok":true}`)}, nil -} - -func (e *compactCaptureExecutor) ExecuteStream(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (*coreexecutor.StreamResult, error) { - return nil, errors.New("not implemented") -} - -func (e *compactCaptureExecutor) Refresh(ctx context.Context, auth *coreauth.Auth) (*coreauth.Auth, error) { - return auth, nil -} - -func (e *compactCaptureExecutor) CountTokens(context.Context, *coreauth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) { - return coreexecutor.Response{}, errors.New("not implemented") -} - -func (e *compactCaptureExecutor) HttpRequest(context.Context, *coreauth.Auth, *http.Request) (*http.Response, error) { - return nil, errors.New("not implemented") -} - -func TestOpenAIResponsesCompactRejectsStream(t *testing.T) { - gin.SetMode(gin.TestMode) - executor := &compactCaptureExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth := &coreauth.Auth{ID: "auth1", Provider: executor.Identifier(), Status: coreauth.StatusActive} - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("Register auth: %v", err) - } - registry.GetGlobalRegistry().RegisterClient(auth.ID, auth.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth.ID) - }) - - base := handlers.NewBaseAPIHandlers(&sdkconfig.SDKConfig{}, manager) - h := NewOpenAIResponsesAPIHandler(base) - router := gin.New() - router.POST("/v1/responses/compact", h.Compact) - - req := httptest.NewRequest(http.MethodPost, "/v1/responses/compact", strings.NewReader(`{"model":"test-model","stream":true}`)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - router.ServeHTTP(resp, req) - - if resp.Code != http.StatusBadRequest { - t.Fatalf("status = %d, want %d", resp.Code, http.StatusBadRequest) - } - if executor.calls != 0 { - t.Fatalf("executor calls = %d, want 0", executor.calls) - } -} - -func TestOpenAIResponsesCompactExecute(t *testing.T) { - gin.SetMode(gin.TestMode) - executor := &compactCaptureExecutor{} - manager := coreauth.NewManager(nil, nil, nil) - manager.RegisterExecutor(executor) - - auth := &coreauth.Auth{ID: "auth2", Provider: executor.Identifier(), Status: coreauth.StatusActive} - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("Register auth: %v", err) - } - registry.GetGlobalRegistry().RegisterClient(auth.ID, auth.Provider, []*registry.ModelInfo{{ID: "test-model"}}) - t.Cleanup(func() { - registry.GetGlobalRegistry().UnregisterClient(auth.ID) - }) - - base := handlers.NewBaseAPIHandlers(&sdkconfig.SDKConfig{}, manager) - h := NewOpenAIResponsesAPIHandler(base) - router := gin.New() - router.POST("/v1/responses/compact", h.Compact) - - req := httptest.NewRequest(http.MethodPost, "/v1/responses/compact", strings.NewReader(`{"model":"test-model","input":"hello"}`)) - req.Header.Set("Content-Type", "application/json") - resp := httptest.NewRecorder() - router.ServeHTTP(resp, req) - - if resp.Code != http.StatusOK { - t.Fatalf("status = %d, want %d", resp.Code, http.StatusOK) - } - if executor.alt != "responses/compact" { - t.Fatalf("alt = %q, want %q", executor.alt, "responses/compact") - } - if executor.sourceFormat != "openai-response" { - t.Fatalf("source format = %q, want %q", executor.sourceFormat, "openai-response") - } - if strings.TrimSpace(resp.Body.String()) != `{"ok":true}` { - t.Fatalf("body = %s", resp.Body.String()) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_handlers.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_handlers.go deleted file mode 100644 index f10e8d51f7..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_handlers.go +++ /dev/null @@ -1,428 +0,0 @@ -// Package openai provides HTTP handlers for OpenAIResponses API endpoints. -// This package implements the OpenAIResponses-compatible API interface, including model listing -// and chat completion functionality. It supports both streaming and non-streaming responses, -// and manages a pool of clients to interact with backend services. -// The handlers translate OpenAIResponses API requests to the appropriate backend format and -// convert responses back to OpenAIResponses-compatible format. -package openai - -import ( - "bytes" - "context" - "fmt" - "net/http" - - "github.com/gin-gonic/gin" - . "github.com/router-for-me/CLIProxyAPI/v6/internal/constant" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - responsesconverter "github.com/router-for-me/CLIProxyAPI/v6/internal/translator/openai/openai/responses" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// OpenAIResponsesAPIHandler contains the handlers for OpenAIResponses API endpoints. -// It holds a pool of clients to interact with the backend service. -type OpenAIResponsesAPIHandler struct { - *handlers.BaseAPIHandler -} - -// NewOpenAIResponsesAPIHandler creates a new OpenAIResponses API handlers instance. -// It takes an BaseAPIHandler instance as input and returns an OpenAIResponsesAPIHandler. -// -// Parameters: -// - apiHandlers: The base API handlers instance -// -// Returns: -// - *OpenAIResponsesAPIHandler: A new OpenAIResponses API handlers instance -func NewOpenAIResponsesAPIHandler(apiHandlers *handlers.BaseAPIHandler) *OpenAIResponsesAPIHandler { - return &OpenAIResponsesAPIHandler{ - BaseAPIHandler: apiHandlers, - } -} - -// HandlerType returns the identifier for this handler implementation. -func (h *OpenAIResponsesAPIHandler) HandlerType() string { - return OpenaiResponse -} - -// Models returns the OpenAIResponses-compatible model metadata supported by this handler. -func (h *OpenAIResponsesAPIHandler) Models() []map[string]any { - // Get dynamic models from the global registry - modelRegistry := registry.GetGlobalRegistry() - return modelRegistry.GetAvailableModels("openai") -} - -// OpenAIResponsesModels handles the /v1/models endpoint. -// It returns a list of available AI models with their capabilities -// and specifications in OpenAIResponses-compatible format. -func (h *OpenAIResponsesAPIHandler) OpenAIResponsesModels(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{ - "object": "list", - "data": h.Models(), - }) -} - -// Responses handles the /v1/responses endpoint. -// It determines whether the request is for a streaming or non-streaming response -// and calls the appropriate handler based on the model provider. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -func (h *OpenAIResponsesAPIHandler) Responses(c *gin.Context) { - rawJSON, err := c.GetRawData() - // If data retrieval fails, return a 400 Bad Request error. - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - // Check if the client requested a streaming response. - streamResult := gjson.GetBytes(rawJSON, "stream") - stream := streamResult.Type == gjson.True - - modelName := gjson.GetBytes(rawJSON, "model").String() - if overrideEndpoint, ok := resolveEndpointOverride(modelName, openAIResponsesEndpoint); ok && overrideEndpoint == openAIChatEndpoint { - chatJSON := responsesconverter.ConvertOpenAIResponsesRequestToOpenAIChatCompletions(modelName, rawJSON, stream) - stream = gjson.GetBytes(chatJSON, "stream").Bool() - if stream { - h.handleStreamingResponseViaChat(c, rawJSON, chatJSON) - } else { - h.handleNonStreamingResponseViaChat(c, rawJSON, chatJSON) - } - return - } - - if stream { - h.handleStreamingResponse(c, rawJSON) - } else { - h.handleNonStreamingResponse(c, rawJSON) - } - -} - -func (h *OpenAIResponsesAPIHandler) Compact(c *gin.Context) { - rawJSON, err := c.GetRawData() - if err != nil { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: fmt.Sprintf("Invalid request: %v", err), - Type: "invalid_request_error", - }, - }) - return - } - - streamResult := gjson.GetBytes(rawJSON, "stream") - if streamResult.Type == gjson.True { - c.JSON(http.StatusBadRequest, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported for compact responses", - Type: "invalid_request_error", - }, - }) - return - } - if streamResult.Exists() { - if updated, err := sjson.DeleteBytes(rawJSON, "stream"); err == nil { - rawJSON = updated - } - } - - c.Header("Content-Type", "application/json") - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - stopKeepAlive := h.StartNonStreamingKeepAlive(c, cliCtx) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, "responses/compact") - stopKeepAlive() - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -// handleNonStreamingResponse handles non-streaming chat completion responses -// for Gemini models. It selects a client from the pool, sends the request, and -// aggregates the response before sending it back to the client in OpenAIResponses format. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -// - rawJSON: The raw JSON bytes of the OpenAIResponses-compatible request -func (h *OpenAIResponsesAPIHandler) handleNonStreamingResponse(c *gin.Context, rawJSON []byte) { - c.Header("Content-Type", "application/json") - - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - stopKeepAlive := h.StartNonStreamingKeepAlive(c, cliCtx) - - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, "") - stopKeepAlive() - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write(resp) - cliCancel() -} - -func (h *OpenAIResponsesAPIHandler) handleNonStreamingResponseViaChat(c *gin.Context, originalResponsesJSON, chatJSON []byte) { - c.Header("Content-Type", "application/json") - - modelName := gjson.GetBytes(chatJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - resp, upstreamHeaders, errMsg := h.ExecuteWithAuthManager(cliCtx, OpenAI, modelName, chatJSON, "") - if errMsg != nil { - h.WriteErrorResponse(c, errMsg) - cliCancel(errMsg.Error) - return - } - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - var param any - converted := responsesconverter.ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(cliCtx, modelName, originalResponsesJSON, originalResponsesJSON, resp, ¶m) - if converted == "" { - h.WriteErrorResponse(c, &interfaces.ErrorMessage{ - StatusCode: http.StatusInternalServerError, - Error: fmt.Errorf("failed to convert chat completion response to responses format"), - }) - cliCancel(fmt.Errorf("response conversion failed")) - return - } - _, _ = c.Writer.Write([]byte(converted)) - cliCancel() -} - -// handleStreamingResponse handles streaming responses for Gemini models. -// It establishes a streaming connection with the backend service and forwards -// the response chunks to the client in real-time using Server-Sent Events. -// -// Parameters: -// - c: The Gin context containing the HTTP request and response -// - rawJSON: The raw JSON bytes of the OpenAIResponses-compatible request -func (h *OpenAIResponsesAPIHandler) handleStreamingResponse(c *gin.Context, rawJSON []byte) { - // Get the http.Flusher interface to manually flush the response. - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - // New core execution path - modelName := gjson.GetBytes(rawJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, rawJSON, "") - - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - // Peek at the first chunk - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - // Err channel closed cleanly; wait for data channel. - errChan = nil - continue - } - // Upstream failed immediately. Return proper error status and JSON. - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - // Stream closed without data? Send headers and done. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write([]byte("\n")) - flusher.Flush() - cliCancel(nil) - return - } - - // Success! Set headers. - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - - // Write first chunk logic (matching forwardResponsesStream) - if bytes.HasPrefix(chunk, []byte("event:")) { - _, _ = c.Writer.Write([]byte("\n")) - } - _, _ = c.Writer.Write(chunk) - _, _ = c.Writer.Write([]byte("\n")) - flusher.Flush() - - // Continue - h.forwardResponsesStream(c, flusher, func(err error) { cliCancel(err) }, dataChan, errChan) - return - } - } -} - -func (h *OpenAIResponsesAPIHandler) handleStreamingResponseViaChat(c *gin.Context, originalResponsesJSON, chatJSON []byte) { - flusher, ok := c.Writer.(http.Flusher) - if !ok { - c.JSON(http.StatusInternalServerError, handlers.ErrorResponse{ - Error: handlers.ErrorDetail{ - Message: "Streaming not supported", - Type: "server_error", - }, - }) - return - } - - modelName := gjson.GetBytes(chatJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - dataChan, upstreamHeaders, errChan := h.ExecuteStreamWithAuthManager(cliCtx, OpenAI, modelName, chatJSON, "") - var param any - - setSSEHeaders := func() { - c.Header("Content-Type", "text/event-stream") - c.Header("Cache-Control", "no-cache") - c.Header("Connection", "keep-alive") - c.Header("Access-Control-Allow-Origin", "*") - } - - for { - select { - case <-c.Request.Context().Done(): - cliCancel(c.Request.Context().Err()) - return - case errMsg, ok := <-errChan: - if !ok { - errChan = nil - continue - } - h.WriteErrorResponse(c, errMsg) - if errMsg != nil { - cliCancel(errMsg.Error) - } else { - cliCancel(nil) - } - return - case chunk, ok := <-dataChan: - if !ok { - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - _, _ = c.Writer.Write([]byte("\n")) - flusher.Flush() - cliCancel(nil) - return - } - - setSSEHeaders() - handlers.WriteUpstreamHeaders(c.Writer.Header(), upstreamHeaders) - writeChatAsResponsesChunk(c, cliCtx, modelName, originalResponsesJSON, chunk, ¶m) - flusher.Flush() - - h.forwardChatAsResponsesStream(c, flusher, func(err error) { cliCancel(err) }, dataChan, errChan, cliCtx, modelName, originalResponsesJSON, ¶m) - return - } - } -} - -func writeChatAsResponsesChunk(c *gin.Context, ctx context.Context, modelName string, originalResponsesJSON, chunk []byte, param *any) { - outputs := responsesconverter.ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, modelName, originalResponsesJSON, originalResponsesJSON, chunk, param) - for _, out := range outputs { - if out == "" { - continue - } - if bytes.HasPrefix([]byte(out), []byte("event:")) { - _, _ = c.Writer.Write([]byte("\n")) - } - _, _ = c.Writer.Write([]byte(out)) - _, _ = c.Writer.Write([]byte("\n")) - } -} - -func (h *OpenAIResponsesAPIHandler) forwardChatAsResponsesStream(c *gin.Context, flusher http.Flusher, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage, ctx context.Context, modelName string, originalResponsesJSON []byte, param *any) { - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - WriteChunk: func(chunk []byte) { - outputs := responsesconverter.ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx, modelName, originalResponsesJSON, originalResponsesJSON, chunk, param) - for _, out := range outputs { - if out == "" { - continue - } - if bytes.HasPrefix([]byte(out), []byte("event:")) { - _, _ = c.Writer.Write([]byte("\n")) - } - _, _ = c.Writer.Write([]byte(out)) - _, _ = c.Writer.Write([]byte("\n")) - } - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - errText := http.StatusText(status) - if errMsg.Error != nil && errMsg.Error.Error() != "" { - errText = errMsg.Error.Error() - } - body := handlers.BuildErrorResponseBody(status, errText) - _, _ = fmt.Fprintf(c.Writer, "\nevent: error\ndata: %s\n\n", string(body)) - }, - WriteDone: func() { - _, _ = c.Writer.Write([]byte("\n")) - }, - }) -} - -func (h *OpenAIResponsesAPIHandler) forwardResponsesStream(c *gin.Context, flusher http.Flusher, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage) { - h.ForwardStream(c, flusher, cancel, data, errs, handlers.StreamForwardOptions{ - WriteChunk: func(chunk []byte) { - if bytes.HasPrefix(chunk, []byte("event:")) { - _, _ = c.Writer.Write([]byte("\n")) - } - _, _ = c.Writer.Write(chunk) - _, _ = c.Writer.Write([]byte("\n")) - }, - WriteTerminalError: func(errMsg *interfaces.ErrorMessage) { - if errMsg == nil { - return - } - status := http.StatusInternalServerError - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - } - errText := http.StatusText(status) - if errMsg.Error != nil && errMsg.Error.Error() != "" { - errText = errMsg.Error.Error() - } - body := handlers.BuildErrorResponseBody(status, errText) - _, _ = fmt.Fprintf(c.Writer, "\nevent: error\ndata: %s\n\n", string(body)) - }, - WriteDone: func() { - _, _ = c.Writer.Write([]byte("\n")) - }, - }) -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_websocket.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_websocket.go deleted file mode 100644 index f2d44f059e..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_websocket.go +++ /dev/null @@ -1,662 +0,0 @@ -package openai - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "net/http" - "strconv" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/google/uuid" - "github.com/gorilla/websocket" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - wsRequestTypeCreate = "response.create" - wsRequestTypeAppend = "response.append" - wsEventTypeError = "error" - wsEventTypeCompleted = "response.completed" - wsEventTypeDone = "response.done" - wsDoneMarker = "[DONE]" - wsTurnStateHeader = "x-codex-turn-state" - wsRequestBodyKey = "REQUEST_BODY_OVERRIDE" - wsPayloadLogMaxSize = 2048 -) - -var responsesWebsocketUpgrader = websocket.Upgrader{ - ReadBufferSize: 4096, - WriteBufferSize: 4096, - CheckOrigin: func(r *http.Request) bool { - return true - }, -} - -// ResponsesWebsocket handles websocket requests for /v1/responses. -// It accepts `response.create` and `response.append` requests and streams -// response events back as JSON websocket text messages. -func (h *OpenAIResponsesAPIHandler) ResponsesWebsocket(c *gin.Context) { - conn, err := responsesWebsocketUpgrader.Upgrade(c.Writer, c.Request, websocketUpgradeHeaders(c.Request)) - if err != nil { - return - } - passthroughSessionID := uuid.NewString() - clientRemoteAddr := "" - if c != nil && c.Request != nil { - clientRemoteAddr = strings.TrimSpace(c.Request.RemoteAddr) - } - log.Infof("responses websocket: client connected id=%s remote=%s", passthroughSessionID, clientRemoteAddr) - var wsTerminateErr error - var wsBodyLog strings.Builder - defer func() { - if wsTerminateErr != nil { - // log.Infof("responses websocket: session closing id=%s reason=%v", passthroughSessionID, wsTerminateErr) - } else { - log.Infof("responses websocket: session closing id=%s", passthroughSessionID) - } - if h != nil && h.AuthManager != nil { - h.AuthManager.CloseExecutionSession(passthroughSessionID) - log.Infof("responses websocket: upstream execution session closed id=%s", passthroughSessionID) - } - setWebsocketRequestBody(c, wsBodyLog.String()) - if errClose := conn.Close(); errClose != nil { - log.Warnf("responses websocket: close connection error: %v", errClose) - } - }() - - var lastRequest []byte - lastResponseOutput := []byte("[]") - pinnedAuthID := "" - - for { - msgType, payload, errReadMessage := conn.ReadMessage() - if errReadMessage != nil { - wsTerminateErr = errReadMessage - appendWebsocketEvent(&wsBodyLog, "disconnect", []byte(errReadMessage.Error())) - if websocket.IsCloseError(errReadMessage, websocket.CloseNormalClosure, websocket.CloseGoingAway, websocket.CloseNoStatusReceived) { - log.Infof("responses websocket: client disconnected id=%s error=%v", passthroughSessionID, errReadMessage) - } else { - // log.Warnf("responses websocket: read message failed id=%s error=%v", passthroughSessionID, errReadMessage) - } - return - } - if msgType != websocket.TextMessage && msgType != websocket.BinaryMessage { - continue - } - // log.Infof( - // "responses websocket: downstream_in id=%s type=%d event=%s payload=%s", - // passthroughSessionID, - // msgType, - // websocketPayloadEventType(payload), - // websocketPayloadPreview(payload), - // ) - appendWebsocketEvent(&wsBodyLog, "request", payload) - - allowIncrementalInputWithPreviousResponseID := websocketUpstreamSupportsIncrementalInput(nil, nil) - if pinnedAuthID != "" && h != nil && h.AuthManager != nil { - if pinnedAuth, ok := h.AuthManager.GetByID(pinnedAuthID); ok && pinnedAuth != nil { - allowIncrementalInputWithPreviousResponseID = websocketUpstreamSupportsIncrementalInput(pinnedAuth.Attributes, pinnedAuth.Metadata) - } - } - - var requestJSON []byte - var updatedLastRequest []byte - var errMsg *interfaces.ErrorMessage - requestJSON, updatedLastRequest, errMsg = normalizeResponsesWebsocketRequestWithMode( - payload, - lastRequest, - lastResponseOutput, - allowIncrementalInputWithPreviousResponseID, - ) - if errMsg != nil { - h.LoggingAPIResponseError(context.WithValue(context.Background(), "gin", c), errMsg) - markAPIResponseTimestamp(c) - errorPayload, errWrite := writeResponsesWebsocketError(conn, errMsg) - appendWebsocketEvent(&wsBodyLog, "response", errorPayload) - log.Infof( - "responses websocket: downstream_out id=%s type=%d event=%s payload=%s", - passthroughSessionID, - websocket.TextMessage, - websocketPayloadEventType(errorPayload), - websocketPayloadPreview(errorPayload), - ) - if errWrite != nil { - log.Warnf( - "responses websocket: downstream_out write failed id=%s event=%s error=%v", - passthroughSessionID, - websocketPayloadEventType(errorPayload), - errWrite, - ) - return - } - continue - } - lastRequest = updatedLastRequest - - modelName := gjson.GetBytes(requestJSON, "model").String() - cliCtx, cliCancel := h.GetContextWithCancel(h, c, context.Background()) - cliCtx = cliproxyexecutor.WithDownstreamWebsocket(cliCtx) - cliCtx = handlers.WithExecutionSessionID(cliCtx, passthroughSessionID) - if pinnedAuthID != "" { - cliCtx = handlers.WithPinnedAuthID(cliCtx, pinnedAuthID) - } else { - cliCtx = handlers.WithSelectedAuthIDCallback(cliCtx, func(authID string) { - pinnedAuthID = strings.TrimSpace(authID) - }) - } - dataChan, _, errChan := h.ExecuteStreamWithAuthManager(cliCtx, h.HandlerType(), modelName, requestJSON, "") - - completedOutput, errForward := h.forwardResponsesWebsocket(c, conn, cliCancel, dataChan, errChan, &wsBodyLog, passthroughSessionID) - if errForward != nil { - wsTerminateErr = errForward - appendWebsocketEvent(&wsBodyLog, "disconnect", []byte(errForward.Error())) - log.Warnf("responses websocket: forward failed id=%s error=%v", passthroughSessionID, errForward) - return - } - lastResponseOutput = completedOutput - } -} - -func websocketUpgradeHeaders(req *http.Request) http.Header { - headers := http.Header{} - if req == nil { - return headers - } - - // Keep the same sticky turn-state across reconnects when provided by the client. - turnState := strings.TrimSpace(req.Header.Get(wsTurnStateHeader)) - if turnState != "" { - headers.Set(wsTurnStateHeader, turnState) - } - return headers -} - -func normalizeResponsesWebsocketRequest(rawJSON []byte, lastRequest []byte, lastResponseOutput []byte) ([]byte, []byte, *interfaces.ErrorMessage) { - return normalizeResponsesWebsocketRequestWithMode(rawJSON, lastRequest, lastResponseOutput, true) -} - -func normalizeResponsesWebsocketRequestWithMode(rawJSON []byte, lastRequest []byte, lastResponseOutput []byte, allowIncrementalInputWithPreviousResponseID bool) ([]byte, []byte, *interfaces.ErrorMessage) { - requestType := strings.TrimSpace(gjson.GetBytes(rawJSON, "type").String()) - switch requestType { - case wsRequestTypeCreate: - // log.Infof("responses websocket: response.create request") - if len(lastRequest) == 0 { - return normalizeResponseCreateRequest(rawJSON) - } - return normalizeResponseSubsequentRequest(rawJSON, lastRequest, lastResponseOutput, allowIncrementalInputWithPreviousResponseID) - case wsRequestTypeAppend: - // log.Infof("responses websocket: response.append request") - return normalizeResponseSubsequentRequest(rawJSON, lastRequest, lastResponseOutput, allowIncrementalInputWithPreviousResponseID) - default: - return nil, lastRequest, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("unsupported websocket request type: %s", requestType), - } - } -} - -func normalizeResponseCreateRequest(rawJSON []byte) ([]byte, []byte, *interfaces.ErrorMessage) { - normalized, errDelete := sjson.DeleteBytes(rawJSON, "type") - if errDelete != nil { - normalized = bytes.Clone(rawJSON) - } - normalized, _ = sjson.SetBytes(normalized, "stream", true) - if !gjson.GetBytes(normalized, "input").Exists() { - normalized, _ = sjson.SetRawBytes(normalized, "input", []byte("[]")) - } - - modelName := strings.TrimSpace(gjson.GetBytes(normalized, "model").String()) - if modelName == "" { - return nil, nil, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("missing model in response.create request"), - } - } - return normalized, bytes.Clone(normalized), nil -} - -func normalizeResponseSubsequentRequest(rawJSON []byte, lastRequest []byte, lastResponseOutput []byte, allowIncrementalInputWithPreviousResponseID bool) ([]byte, []byte, *interfaces.ErrorMessage) { - if len(lastRequest) == 0 { - return nil, lastRequest, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("websocket request received before response.create"), - } - } - - nextInput := gjson.GetBytes(rawJSON, "input") - if !nextInput.Exists() || !nextInput.IsArray() { - return nil, lastRequest, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("websocket request requires array field: input"), - } - } - - // Websocket v2 mode uses response.create with previous_response_id + incremental input. - // Do not expand it into a full input transcript; upstream expects the incremental payload. - if allowIncrementalInputWithPreviousResponseID { - if prev := strings.TrimSpace(gjson.GetBytes(rawJSON, "previous_response_id").String()); prev != "" { - normalized, errDelete := sjson.DeleteBytes(rawJSON, "type") - if errDelete != nil { - normalized = bytes.Clone(rawJSON) - } - if !gjson.GetBytes(normalized, "model").Exists() { - modelName := strings.TrimSpace(gjson.GetBytes(lastRequest, "model").String()) - if modelName != "" { - normalized, _ = sjson.SetBytes(normalized, "model", modelName) - } - } - if !gjson.GetBytes(normalized, "instructions").Exists() { - instructions := gjson.GetBytes(lastRequest, "instructions") - if instructions.Exists() { - normalized, _ = sjson.SetRawBytes(normalized, "instructions", []byte(instructions.Raw)) - } - } - normalized, _ = sjson.SetBytes(normalized, "stream", true) - return normalized, bytes.Clone(normalized), nil - } - } - - existingInput := gjson.GetBytes(lastRequest, "input") - mergedInput, errMerge := mergeJSONArrayRaw(existingInput.Raw, normalizeJSONArrayRaw(lastResponseOutput)) - if errMerge != nil { - return nil, lastRequest, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("invalid previous response output: %w", errMerge), - } - } - - mergedInput, errMerge = mergeJSONArrayRaw(mergedInput, nextInput.Raw) - if errMerge != nil { - return nil, lastRequest, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("invalid request input: %w", errMerge), - } - } - - normalized, errDelete := sjson.DeleteBytes(rawJSON, "type") - if errDelete != nil { - normalized = bytes.Clone(rawJSON) - } - normalized, _ = sjson.DeleteBytes(normalized, "previous_response_id") - var errSet error - normalized, errSet = sjson.SetRawBytes(normalized, "input", []byte(mergedInput)) - if errSet != nil { - return nil, lastRequest, &interfaces.ErrorMessage{ - StatusCode: http.StatusBadRequest, - Error: fmt.Errorf("failed to merge websocket input: %w", errSet), - } - } - if !gjson.GetBytes(normalized, "model").Exists() { - modelName := strings.TrimSpace(gjson.GetBytes(lastRequest, "model").String()) - if modelName != "" { - normalized, _ = sjson.SetBytes(normalized, "model", modelName) - } - } - if !gjson.GetBytes(normalized, "instructions").Exists() { - instructions := gjson.GetBytes(lastRequest, "instructions") - if instructions.Exists() { - normalized, _ = sjson.SetRawBytes(normalized, "instructions", []byte(instructions.Raw)) - } - } - normalized, _ = sjson.SetBytes(normalized, "stream", true) - return normalized, bytes.Clone(normalized), nil -} - -func websocketUpstreamSupportsIncrementalInput(attributes map[string]string, metadata map[string]any) bool { - if len(attributes) > 0 { - if raw := strings.TrimSpace(attributes["websockets"]); raw != "" { - parsed, errParse := strconv.ParseBool(raw) - if errParse == nil { - return parsed - } - } - } - if len(metadata) == 0 { - return false - } - raw, ok := metadata["websockets"] - if !ok || raw == nil { - return false - } - switch value := raw.(type) { - case bool: - return value - case string: - parsed, errParse := strconv.ParseBool(strings.TrimSpace(value)) - if errParse == nil { - return parsed - } - default: - } - return false -} - -func mergeJSONArrayRaw(existingRaw, appendRaw string) (string, error) { - existingRaw = strings.TrimSpace(existingRaw) - appendRaw = strings.TrimSpace(appendRaw) - if existingRaw == "" { - existingRaw = "[]" - } - if appendRaw == "" { - appendRaw = "[]" - } - - var existing []json.RawMessage - if err := json.Unmarshal([]byte(existingRaw), &existing); err != nil { - return "", err - } - var appendItems []json.RawMessage - if err := json.Unmarshal([]byte(appendRaw), &appendItems); err != nil { - return "", err - } - - merged := append(existing, appendItems...) - out, err := json.Marshal(merged) - if err != nil { - return "", err - } - return string(out), nil -} - -func normalizeJSONArrayRaw(raw []byte) string { - trimmed := strings.TrimSpace(string(raw)) - if trimmed == "" { - return "[]" - } - result := gjson.Parse(trimmed) - if result.Type == gjson.JSON && result.IsArray() { - return trimmed - } - return "[]" -} - -func (h *OpenAIResponsesAPIHandler) forwardResponsesWebsocket( - c *gin.Context, - conn *websocket.Conn, - cancel handlers.APIHandlerCancelFunc, - data <-chan []byte, - errs <-chan *interfaces.ErrorMessage, - wsBodyLog *strings.Builder, - sessionID string, -) ([]byte, error) { - completed := false - completedOutput := []byte("[]") - - for { - select { - case <-c.Request.Context().Done(): - cancel(c.Request.Context().Err()) - return completedOutput, c.Request.Context().Err() - case errMsg, ok := <-errs: - if !ok { - errs = nil - continue - } - if errMsg != nil { - h.LoggingAPIResponseError(context.WithValue(context.Background(), "gin", c), errMsg) - markAPIResponseTimestamp(c) - errorPayload, errWrite := writeResponsesWebsocketError(conn, errMsg) - appendWebsocketEvent(wsBodyLog, "response", errorPayload) - log.Infof( - "responses websocket: downstream_out id=%s type=%d event=%s payload=%s", - sessionID, - websocket.TextMessage, - websocketPayloadEventType(errorPayload), - websocketPayloadPreview(errorPayload), - ) - if errWrite != nil { - // log.Warnf( - // "responses websocket: downstream_out write failed id=%s event=%s error=%v", - // sessionID, - // websocketPayloadEventType(errorPayload), - // errWrite, - // ) - cancel(errMsg.Error) - return completedOutput, errWrite - } - } - if errMsg != nil { - cancel(errMsg.Error) - } else { - cancel(nil) - } - return completedOutput, nil - case chunk, ok := <-data: - if !ok { - if !completed { - errMsg := &interfaces.ErrorMessage{ - StatusCode: http.StatusRequestTimeout, - Error: fmt.Errorf("stream closed before response.completed"), - } - h.LoggingAPIResponseError(context.WithValue(context.Background(), "gin", c), errMsg) - markAPIResponseTimestamp(c) - errorPayload, errWrite := writeResponsesWebsocketError(conn, errMsg) - appendWebsocketEvent(wsBodyLog, "response", errorPayload) - log.Infof( - "responses websocket: downstream_out id=%s type=%d event=%s payload=%s", - sessionID, - websocket.TextMessage, - websocketPayloadEventType(errorPayload), - websocketPayloadPreview(errorPayload), - ) - if errWrite != nil { - log.Warnf( - "responses websocket: downstream_out write failed id=%s event=%s error=%v", - sessionID, - websocketPayloadEventType(errorPayload), - errWrite, - ) - cancel(errMsg.Error) - return completedOutput, errWrite - } - cancel(errMsg.Error) - return completedOutput, nil - } - cancel(nil) - return completedOutput, nil - } - - payloads := websocketJSONPayloadsFromChunk(chunk) - for i := range payloads { - eventType := gjson.GetBytes(payloads[i], "type").String() - if eventType == wsEventTypeCompleted { - // log.Infof("replace %s with %s", wsEventTypeCompleted, wsEventTypeDone) - payloads[i], _ = sjson.SetBytes(payloads[i], "type", wsEventTypeDone) - - completed = true - completedOutput = responseCompletedOutputFromPayload(payloads[i]) - } - markAPIResponseTimestamp(c) - appendWebsocketEvent(wsBodyLog, "response", payloads[i]) - // log.Infof( - // "responses websocket: downstream_out id=%s type=%d event=%s payload=%s", - // sessionID, - // websocket.TextMessage, - // websocketPayloadEventType(payloads[i]), - // websocketPayloadPreview(payloads[i]), - // ) - if errWrite := conn.WriteMessage(websocket.TextMessage, payloads[i]); errWrite != nil { - log.Warnf( - "responses websocket: downstream_out write failed id=%s event=%s error=%v", - sessionID, - websocketPayloadEventType(payloads[i]), - errWrite, - ) - cancel(errWrite) - return completedOutput, errWrite - } - } - } - } -} - -func responseCompletedOutputFromPayload(payload []byte) []byte { - output := gjson.GetBytes(payload, "response.output") - if output.Exists() && output.IsArray() { - return bytes.Clone([]byte(output.Raw)) - } - return []byte("[]") -} - -func websocketJSONPayloadsFromChunk(chunk []byte) [][]byte { - payloads := make([][]byte, 0, 2) - lines := bytes.Split(chunk, []byte("\n")) - for i := range lines { - line := bytes.TrimSpace(lines[i]) - if len(line) == 0 || bytes.HasPrefix(line, []byte("event:")) { - continue - } - if bytes.HasPrefix(line, []byte("data:")) { - line = bytes.TrimSpace(line[len("data:"):]) - } - if len(line) == 0 || bytes.Equal(line, []byte(wsDoneMarker)) { - continue - } - if json.Valid(line) { - payloads = append(payloads, bytes.Clone(line)) - } - } - - if len(payloads) > 0 { - return payloads - } - - trimmed := bytes.TrimSpace(chunk) - if bytes.HasPrefix(trimmed, []byte("data:")) { - trimmed = bytes.TrimSpace(trimmed[len("data:"):]) - } - if len(trimmed) > 0 && !bytes.Equal(trimmed, []byte(wsDoneMarker)) && json.Valid(trimmed) { - payloads = append(payloads, bytes.Clone(trimmed)) - } - return payloads -} - -func writeResponsesWebsocketError(conn *websocket.Conn, errMsg *interfaces.ErrorMessage) ([]byte, error) { - status := http.StatusInternalServerError - errText := http.StatusText(status) - if errMsg != nil { - if errMsg.StatusCode > 0 { - status = errMsg.StatusCode - errText = http.StatusText(status) - } - if errMsg.Error != nil && strings.TrimSpace(errMsg.Error.Error()) != "" { - errText = errMsg.Error.Error() - } - } - - body := handlers.BuildErrorResponseBody(status, errText) - payload := map[string]any{ - "type": wsEventTypeError, - "status": status, - } - - if errMsg != nil && errMsg.Addon != nil { - headers := map[string]any{} - for key, values := range errMsg.Addon { - if len(values) == 0 { - continue - } - headers[key] = values[0] - } - if len(headers) > 0 { - payload["headers"] = headers - } - } - - if len(body) > 0 && json.Valid(body) { - var decoded map[string]any - if errDecode := json.Unmarshal(body, &decoded); errDecode == nil { - if inner, ok := decoded["error"]; ok { - payload["error"] = inner - } else { - payload["error"] = decoded - } - } - } - - if _, ok := payload["error"]; !ok { - payload["error"] = map[string]any{ - "type": "server_error", - "message": errText, - } - } - - data, err := json.Marshal(payload) - if err != nil { - return nil, err - } - return data, conn.WriteMessage(websocket.TextMessage, data) -} - -func appendWebsocketEvent(builder *strings.Builder, eventType string, payload []byte) { - if builder == nil { - return - } - trimmedPayload := bytes.TrimSpace(payload) - if len(trimmedPayload) == 0 { - return - } - if builder.Len() > 0 { - builder.WriteString("\n") - } - builder.WriteString("websocket.") - builder.WriteString(eventType) - builder.WriteString("\n") - builder.Write(trimmedPayload) - builder.WriteString("\n") -} - -func websocketPayloadEventType(payload []byte) string { - eventType := strings.TrimSpace(gjson.GetBytes(payload, "type").String()) - if eventType == "" { - return "-" - } - return eventType -} - -func websocketPayloadPreview(payload []byte) string { - trimmedPayload := bytes.TrimSpace(payload) - if len(trimmedPayload) == 0 { - return "" - } - preview := trimmedPayload - if len(preview) > wsPayloadLogMaxSize { - preview = preview[:wsPayloadLogMaxSize] - } - previewText := strings.ReplaceAll(string(preview), "\n", "\\n") - previewText = strings.ReplaceAll(previewText, "\r", "\\r") - if len(trimmedPayload) > wsPayloadLogMaxSize { - return fmt.Sprintf("%s...(truncated,total=%d)", previewText, len(trimmedPayload)) - } - return previewText -} - -func setWebsocketRequestBody(c *gin.Context, body string) { - if c == nil { - return - } - trimmedBody := strings.TrimSpace(body) - if trimmedBody == "" { - return - } - c.Set(wsRequestBodyKey, []byte(trimmedBody)) -} - -func markAPIResponseTimestamp(c *gin.Context) { - if c == nil { - return - } - if _, exists := c.Get("API_RESPONSE_TIMESTAMP"); exists { - return - } - c.Set("API_RESPONSE_TIMESTAMP", time.Now()) -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_websocket_test.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_websocket_test.go deleted file mode 100644 index 9b6cec7832..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/openai/openai_responses_websocket_test.go +++ /dev/null @@ -1,249 +0,0 @@ -package openai - -import ( - "bytes" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/gin-gonic/gin" - "github.com/tidwall/gjson" -) - -func TestNormalizeResponsesWebsocketRequestCreate(t *testing.T) { - raw := []byte(`{"type":"response.create","model":"test-model","stream":false,"input":[{"type":"message","id":"msg-1"}]}`) - - normalized, last, errMsg := normalizeResponsesWebsocketRequest(raw, nil, nil) - if errMsg != nil { - t.Fatalf("unexpected error: %v", errMsg.Error) - } - if gjson.GetBytes(normalized, "type").Exists() { - t.Fatalf("normalized create request must not include type field") - } - if !gjson.GetBytes(normalized, "stream").Bool() { - t.Fatalf("normalized create request must force stream=true") - } - if gjson.GetBytes(normalized, "model").String() != "test-model" { - t.Fatalf("unexpected model: %s", gjson.GetBytes(normalized, "model").String()) - } - if !bytes.Equal(last, normalized) { - t.Fatalf("last request snapshot should match normalized request") - } -} - -func TestNormalizeResponsesWebsocketRequestCreateWithHistory(t *testing.T) { - lastRequest := []byte(`{"model":"test-model","stream":true,"input":[{"type":"message","id":"msg-1"}]}`) - lastResponseOutput := []byte(`[ - {"type":"function_call","id":"fc-1","call_id":"call-1"}, - {"type":"message","id":"assistant-1"} - ]`) - raw := []byte(`{"type":"response.create","input":[{"type":"function_call_output","call_id":"call-1","id":"tool-out-1"}]}`) - - normalized, next, errMsg := normalizeResponsesWebsocketRequest(raw, lastRequest, lastResponseOutput) - if errMsg != nil { - t.Fatalf("unexpected error: %v", errMsg.Error) - } - if gjson.GetBytes(normalized, "type").Exists() { - t.Fatalf("normalized subsequent create request must not include type field") - } - if gjson.GetBytes(normalized, "model").String() != "test-model" { - t.Fatalf("unexpected model: %s", gjson.GetBytes(normalized, "model").String()) - } - - input := gjson.GetBytes(normalized, "input").Array() - if len(input) != 4 { - t.Fatalf("merged input len = %d, want 4", len(input)) - } - if input[0].Get("id").String() != "msg-1" || - input[1].Get("id").String() != "fc-1" || - input[2].Get("id").String() != "assistant-1" || - input[3].Get("id").String() != "tool-out-1" { - t.Fatalf("unexpected merged input order") - } - if !bytes.Equal(next, normalized) { - t.Fatalf("next request snapshot should match normalized request") - } -} - -func TestNormalizeResponsesWebsocketRequestWithPreviousResponseIDIncremental(t *testing.T) { - lastRequest := []byte(`{"model":"test-model","stream":true,"instructions":"be helpful","input":[{"type":"message","id":"msg-1"}]}`) - lastResponseOutput := []byte(`[ - {"type":"function_call","id":"fc-1","call_id":"call-1"}, - {"type":"message","id":"assistant-1"} - ]`) - raw := []byte(`{"type":"response.create","previous_response_id":"resp-1","input":[{"type":"function_call_output","call_id":"call-1","id":"tool-out-1"}]}`) - - normalized, next, errMsg := normalizeResponsesWebsocketRequestWithMode(raw, lastRequest, lastResponseOutput, true) - if errMsg != nil { - t.Fatalf("unexpected error: %v", errMsg.Error) - } - if gjson.GetBytes(normalized, "type").Exists() { - t.Fatalf("normalized request must not include type field") - } - if gjson.GetBytes(normalized, "previous_response_id").String() != "resp-1" { - t.Fatalf("previous_response_id must be preserved in incremental mode") - } - input := gjson.GetBytes(normalized, "input").Array() - if len(input) != 1 { - t.Fatalf("incremental input len = %d, want 1", len(input)) - } - if input[0].Get("id").String() != "tool-out-1" { - t.Fatalf("unexpected incremental input item id: %s", input[0].Get("id").String()) - } - if gjson.GetBytes(normalized, "model").String() != "test-model" { - t.Fatalf("unexpected model: %s", gjson.GetBytes(normalized, "model").String()) - } - if gjson.GetBytes(normalized, "instructions").String() != "be helpful" { - t.Fatalf("unexpected instructions: %s", gjson.GetBytes(normalized, "instructions").String()) - } - if !bytes.Equal(next, normalized) { - t.Fatalf("next request snapshot should match normalized request") - } -} - -func TestNormalizeResponsesWebsocketRequestWithPreviousResponseIDMergedWhenIncrementalDisabled(t *testing.T) { - lastRequest := []byte(`{"model":"test-model","stream":true,"input":[{"type":"message","id":"msg-1"}]}`) - lastResponseOutput := []byte(`[ - {"type":"function_call","id":"fc-1","call_id":"call-1"}, - {"type":"message","id":"assistant-1"} - ]`) - raw := []byte(`{"type":"response.create","previous_response_id":"resp-1","input":[{"type":"function_call_output","call_id":"call-1","id":"tool-out-1"}]}`) - - normalized, next, errMsg := normalizeResponsesWebsocketRequestWithMode(raw, lastRequest, lastResponseOutput, false) - if errMsg != nil { - t.Fatalf("unexpected error: %v", errMsg.Error) - } - if gjson.GetBytes(normalized, "previous_response_id").Exists() { - t.Fatalf("previous_response_id must be removed when incremental mode is disabled") - } - input := gjson.GetBytes(normalized, "input").Array() - if len(input) != 4 { - t.Fatalf("merged input len = %d, want 4", len(input)) - } - if input[0].Get("id").String() != "msg-1" || - input[1].Get("id").String() != "fc-1" || - input[2].Get("id").String() != "assistant-1" || - input[3].Get("id").String() != "tool-out-1" { - t.Fatalf("unexpected merged input order") - } - if !bytes.Equal(next, normalized) { - t.Fatalf("next request snapshot should match normalized request") - } -} - -func TestNormalizeResponsesWebsocketRequestAppend(t *testing.T) { - lastRequest := []byte(`{"model":"test-model","stream":true,"input":[{"type":"message","id":"msg-1"}]}`) - lastResponseOutput := []byte(`[ - {"type":"message","id":"assistant-1"}, - {"type":"function_call_output","id":"tool-out-1"} - ]`) - raw := []byte(`{"type":"response.append","input":[{"type":"message","id":"msg-2"},{"type":"message","id":"msg-3"}]}`) - - normalized, next, errMsg := normalizeResponsesWebsocketRequest(raw, lastRequest, lastResponseOutput) - if errMsg != nil { - t.Fatalf("unexpected error: %v", errMsg.Error) - } - input := gjson.GetBytes(normalized, "input").Array() - if len(input) != 5 { - t.Fatalf("merged input len = %d, want 5", len(input)) - } - if input[0].Get("id").String() != "msg-1" || - input[1].Get("id").String() != "assistant-1" || - input[2].Get("id").String() != "tool-out-1" || - input[3].Get("id").String() != "msg-2" || - input[4].Get("id").String() != "msg-3" { - t.Fatalf("unexpected merged input order") - } - if !bytes.Equal(next, normalized) { - t.Fatalf("next request snapshot should match normalized append request") - } -} - -func TestNormalizeResponsesWebsocketRequestAppendWithoutCreate(t *testing.T) { - raw := []byte(`{"type":"response.append","input":[]}`) - - _, _, errMsg := normalizeResponsesWebsocketRequest(raw, nil, nil) - if errMsg == nil { - t.Fatalf("expected error for append without previous request") - } - if errMsg.StatusCode != http.StatusBadRequest { - t.Fatalf("status = %d, want %d", errMsg.StatusCode, http.StatusBadRequest) - } -} - -func TestWebsocketJSONPayloadsFromChunk(t *testing.T) { - chunk := []byte("event: response.created\n\ndata: {\"type\":\"response.created\",\"response\":{\"id\":\"resp-1\"}}\n\ndata: [DONE]\n") - - payloads := websocketJSONPayloadsFromChunk(chunk) - if len(payloads) != 1 { - t.Fatalf("payloads len = %d, want 1", len(payloads)) - } - if gjson.GetBytes(payloads[0], "type").String() != "response.created" { - t.Fatalf("unexpected payload type: %s", gjson.GetBytes(payloads[0], "type").String()) - } -} - -func TestWebsocketJSONPayloadsFromPlainJSONChunk(t *testing.T) { - chunk := []byte(`{"type":"response.completed","response":{"id":"resp-1"}}`) - - payloads := websocketJSONPayloadsFromChunk(chunk) - if len(payloads) != 1 { - t.Fatalf("payloads len = %d, want 1", len(payloads)) - } - if gjson.GetBytes(payloads[0], "type").String() != "response.completed" { - t.Fatalf("unexpected payload type: %s", gjson.GetBytes(payloads[0], "type").String()) - } -} - -func TestResponseCompletedOutputFromPayload(t *testing.T) { - payload := []byte(`{"type":"response.completed","response":{"id":"resp-1","output":[{"type":"message","id":"out-1"}]}}`) - - output := responseCompletedOutputFromPayload(payload) - items := gjson.ParseBytes(output).Array() - if len(items) != 1 { - t.Fatalf("output len = %d, want 1", len(items)) - } - if items[0].Get("id").String() != "out-1" { - t.Fatalf("unexpected output id: %s", items[0].Get("id").String()) - } -} - -func TestAppendWebsocketEvent(t *testing.T) { - var builder strings.Builder - - appendWebsocketEvent(&builder, "request", []byte(" {\"type\":\"response.create\"}\n")) - appendWebsocketEvent(&builder, "response", []byte("{\"type\":\"response.created\"}")) - - got := builder.String() - if !strings.Contains(got, "websocket.request\n{\"type\":\"response.create\"}\n") { - t.Fatalf("request event not found in body: %s", got) - } - if !strings.Contains(got, "websocket.response\n{\"type\":\"response.created\"}\n") { - t.Fatalf("response event not found in body: %s", got) - } -} - -func TestSetWebsocketRequestBody(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - - setWebsocketRequestBody(c, " \n ") - if _, exists := c.Get(wsRequestBodyKey); exists { - t.Fatalf("request body key should not be set for empty body") - } - - setWebsocketRequestBody(c, "event body") - value, exists := c.Get(wsRequestBodyKey) - if !exists { - t.Fatalf("request body key not set") - } - bodyBytes, ok := value.([]byte) - if !ok { - t.Fatalf("request body key type mismatch") - } - if string(bodyBytes) != "event body" { - t.Fatalf("request body = %q, want %q", string(bodyBytes), "event body") - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/handlers/stream_forwarder.go b/.worktrees/config/m/config-build/active/sdk/api/handlers/stream_forwarder.go deleted file mode 100644 index 401baca8fa..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/handlers/stream_forwarder.go +++ /dev/null @@ -1,121 +0,0 @@ -package handlers - -import ( - "net/http" - "time" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" -) - -type StreamForwardOptions struct { - // KeepAliveInterval overrides the configured streaming keep-alive interval. - // If nil, the configured default is used. If set to <= 0, keep-alives are disabled. - KeepAliveInterval *time.Duration - - // WriteChunk writes a single data chunk to the response body. It should not flush. - WriteChunk func(chunk []byte) - - // WriteTerminalError writes an error payload to the response body when streaming fails - // after headers have already been committed. It should not flush. - WriteTerminalError func(errMsg *interfaces.ErrorMessage) - - // WriteDone optionally writes a terminal marker when the upstream data channel closes - // without an error (e.g. OpenAI's `[DONE]`). It should not flush. - WriteDone func() - - // WriteKeepAlive optionally writes a keep-alive heartbeat. It should not flush. - // When nil, a standard SSE comment heartbeat is used. - WriteKeepAlive func() -} - -func (h *BaseAPIHandler) ForwardStream(c *gin.Context, flusher http.Flusher, cancel func(error), data <-chan []byte, errs <-chan *interfaces.ErrorMessage, opts StreamForwardOptions) { - if c == nil { - return - } - if cancel == nil { - return - } - - writeChunk := opts.WriteChunk - if writeChunk == nil { - writeChunk = func([]byte) {} - } - - writeKeepAlive := opts.WriteKeepAlive - if writeKeepAlive == nil { - writeKeepAlive = func() { - _, _ = c.Writer.Write([]byte(": keep-alive\n\n")) - } - } - - keepAliveInterval := StreamingKeepAliveInterval(h.Cfg) - if opts.KeepAliveInterval != nil { - keepAliveInterval = *opts.KeepAliveInterval - } - var keepAlive *time.Ticker - var keepAliveC <-chan time.Time - if keepAliveInterval > 0 { - keepAlive = time.NewTicker(keepAliveInterval) - defer keepAlive.Stop() - keepAliveC = keepAlive.C - } - - var terminalErr *interfaces.ErrorMessage - for { - select { - case <-c.Request.Context().Done(): - cancel(c.Request.Context().Err()) - return - case chunk, ok := <-data: - if !ok { - // Prefer surfacing a terminal error if one is pending. - if terminalErr == nil { - select { - case errMsg, ok := <-errs: - if ok && errMsg != nil { - terminalErr = errMsg - } - default: - } - } - if terminalErr != nil { - if opts.WriteTerminalError != nil { - opts.WriteTerminalError(terminalErr) - } - flusher.Flush() - cancel(terminalErr.Error) - return - } - if opts.WriteDone != nil { - opts.WriteDone() - } - flusher.Flush() - cancel(nil) - return - } - writeChunk(chunk) - flusher.Flush() - case errMsg, ok := <-errs: - if !ok { - continue - } - if errMsg != nil { - terminalErr = errMsg - if opts.WriteTerminalError != nil { - opts.WriteTerminalError(errMsg) - flusher.Flush() - } - } - var execErr error - if errMsg != nil { - execErr = errMsg.Error - } - cancel(execErr) - return - case <-keepAliveC: - writeKeepAlive() - flusher.Flush() - } - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/management.go b/.worktrees/config/m/config-build/active/sdk/api/management.go deleted file mode 100644 index 6fd3b709be..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/management.go +++ /dev/null @@ -1,77 +0,0 @@ -// Package api exposes helpers for embedding CLIProxyAPI. -// -// It wraps internal management handler types so external projects can integrate -// management endpoints without importing internal packages. -package api - -import ( - "github.com/gin-gonic/gin" - internalmanagement "github.com/router-for-me/CLIProxyAPI/v6/internal/api/handlers/management" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" -) - -// ManagementTokenRequester exposes a limited subset of management endpoints for requesting tokens. -type ManagementTokenRequester interface { - RequestAnthropicToken(*gin.Context) - RequestGeminiCLIToken(*gin.Context) - RequestCodexToken(*gin.Context) - RequestAntigravityToken(*gin.Context) - RequestQwenToken(*gin.Context) - RequestKimiToken(*gin.Context) - RequestIFlowToken(*gin.Context) - RequestIFlowCookieToken(*gin.Context) - GetAuthStatus(c *gin.Context) - PostOAuthCallback(c *gin.Context) -} - -type managementTokenRequester struct { - handler *internalmanagement.Handler -} - -// NewManagementTokenRequester creates a limited management handler exposing only token request endpoints. -func NewManagementTokenRequester(cfg *config.Config, manager *coreauth.Manager) ManagementTokenRequester { - return &managementTokenRequester{ - handler: internalmanagement.NewHandlerWithoutConfigFilePath(cfg, manager), - } -} - -func (m *managementTokenRequester) RequestAnthropicToken(c *gin.Context) { - m.handler.RequestAnthropicToken(c) -} - -func (m *managementTokenRequester) RequestGeminiCLIToken(c *gin.Context) { - m.handler.RequestGeminiCLIToken(c) -} - -func (m *managementTokenRequester) RequestCodexToken(c *gin.Context) { - m.handler.RequestCodexToken(c) -} - -func (m *managementTokenRequester) RequestAntigravityToken(c *gin.Context) { - m.handler.RequestAntigravityToken(c) -} - -func (m *managementTokenRequester) RequestQwenToken(c *gin.Context) { - m.handler.RequestQwenToken(c) -} - -func (m *managementTokenRequester) RequestKimiToken(c *gin.Context) { - m.handler.RequestKimiToken(c) -} - -func (m *managementTokenRequester) RequestIFlowToken(c *gin.Context) { - m.handler.RequestIFlowToken(c) -} - -func (m *managementTokenRequester) RequestIFlowCookieToken(c *gin.Context) { - m.handler.RequestIFlowCookieToken(c) -} - -func (m *managementTokenRequester) GetAuthStatus(c *gin.Context) { - m.handler.GetAuthStatus(c) -} - -func (m *managementTokenRequester) PostOAuthCallback(c *gin.Context) { - m.handler.PostOAuthCallback(c) -} diff --git a/.worktrees/config/m/config-build/active/sdk/api/options.go b/.worktrees/config/m/config-build/active/sdk/api/options.go deleted file mode 100644 index 8497884bf0..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/api/options.go +++ /dev/null @@ -1,46 +0,0 @@ -// Package api exposes server option helpers for embedding CLIProxyAPI. -// -// It wraps internal server option types so external projects can configure the embedded -// HTTP server without importing internal packages. -package api - -import ( - "time" - - "github.com/gin-gonic/gin" - internalapi "github.com/router-for-me/CLIProxyAPI/v6/internal/api" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/api/handlers" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/config" - "github.com/router-for-me/CLIProxyAPI/v6/sdk/logging" -) - -// ServerOption customises HTTP server construction. -type ServerOption = internalapi.ServerOption - -// WithMiddleware appends additional Gin middleware during server construction. -func WithMiddleware(mw ...gin.HandlerFunc) ServerOption { return internalapi.WithMiddleware(mw...) } - -// WithEngineConfigurator allows callers to mutate the Gin engine prior to middleware setup. -func WithEngineConfigurator(fn func(*gin.Engine)) ServerOption { - return internalapi.WithEngineConfigurator(fn) -} - -// WithRouterConfigurator appends a callback after default routes are registered. -func WithRouterConfigurator(fn func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config)) ServerOption { - return internalapi.WithRouterConfigurator(fn) -} - -// WithLocalManagementPassword stores a runtime-only management password accepted for localhost requests. -func WithLocalManagementPassword(password string) ServerOption { - return internalapi.WithLocalManagementPassword(password) -} - -// WithKeepAliveEndpoint enables a keep-alive endpoint with the provided timeout and callback. -func WithKeepAliveEndpoint(timeout time.Duration, onTimeout func()) ServerOption { - return internalapi.WithKeepAliveEndpoint(timeout, onTimeout) -} - -// WithRequestLoggerFactory customises request logger creation. -func WithRequestLoggerFactory(factory func(*config.Config, string) logging.RequestLogger) ServerOption { - return internalapi.WithRequestLoggerFactory(factory) -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/antigravity.go b/.worktrees/config/m/config-build/active/sdk/auth/antigravity.go deleted file mode 100644 index 6ed31d6d72..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/antigravity.go +++ /dev/null @@ -1,265 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "net" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/antigravity" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// AntigravityAuthenticator implements OAuth login for the antigravity provider. -type AntigravityAuthenticator struct{} - -// NewAntigravityAuthenticator constructs a new authenticator instance. -func NewAntigravityAuthenticator() Authenticator { return &AntigravityAuthenticator{} } - -// Provider returns the provider key for antigravity. -func (AntigravityAuthenticator) Provider() string { return "antigravity" } - -// RefreshLead instructs the manager to refresh five minutes before expiry. -func (AntigravityAuthenticator) RefreshLead() *time.Duration { - return new(5 * time.Minute) -} - -// Login launches a local OAuth flow to obtain antigravity tokens and persists them. -func (AntigravityAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - callbackPort := antigravity.CallbackPort - if opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - - authSvc := antigravity.NewAntigravityAuth(cfg, nil) - - state, err := misc.GenerateRandomState() - if err != nil { - return nil, fmt.Errorf("antigravity: failed to generate state: %w", err) - } - - srv, port, cbChan, errServer := startAntigravityCallbackServer(callbackPort) - if errServer != nil { - return nil, fmt.Errorf("antigravity: failed to start callback server: %w", errServer) - } - defer func() { - shutdownCtx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - _ = srv.Shutdown(shutdownCtx) - }() - - redirectURI := fmt.Sprintf("http://localhost:%d/oauth-callback", port) - authURL := authSvc.BuildAuthURL(state, redirectURI) - - if !opts.NoBrowser { - fmt.Println("Opening browser for antigravity authentication") - if !browser.IsAvailable() { - log.Warn("No browser available; please open the URL manually") - util.PrintSSHTunnelInstructions(port) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } else if errOpen := browser.OpenURL(authURL); errOpen != nil { - log.Warnf("Failed to open browser automatically: %v", errOpen) - util.PrintSSHTunnelInstructions(port) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - } else { - util.PrintSSHTunnelInstructions(port) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - - fmt.Println("Waiting for antigravity authentication callback...") - - var cbRes callbackResult - timeoutTimer := time.NewTimer(5 * time.Minute) - defer timeoutTimer.Stop() - - var manualPromptTimer *time.Timer - var manualPromptC <-chan time.Time - if opts.Prompt != nil { - manualPromptTimer = time.NewTimer(15 * time.Second) - manualPromptC = manualPromptTimer.C - defer manualPromptTimer.Stop() - } - -waitForCallback: - for { - select { - case res := <-cbChan: - cbRes = res - break waitForCallback - case <-manualPromptC: - manualPromptC = nil - if manualPromptTimer != nil { - manualPromptTimer.Stop() - } - select { - case res := <-cbChan: - cbRes = res - break waitForCallback - default: - } - input, errPrompt := opts.Prompt("Paste the antigravity callback URL (or press Enter to keep waiting): ") - if errPrompt != nil { - return nil, errPrompt - } - parsed, errParse := misc.ParseOAuthCallback(input) - if errParse != nil { - return nil, errParse - } - if parsed == nil { - continue - } - cbRes = callbackResult{ - Code: parsed.Code, - State: parsed.State, - Error: parsed.Error, - } - break waitForCallback - case <-timeoutTimer.C: - return nil, fmt.Errorf("antigravity: authentication timed out") - } - } - - if cbRes.Error != "" { - return nil, fmt.Errorf("antigravity: authentication failed: %s", cbRes.Error) - } - if cbRes.State != state { - return nil, fmt.Errorf("antigravity: invalid state") - } - if cbRes.Code == "" { - return nil, fmt.Errorf("antigravity: missing authorization code") - } - - tokenResp, errToken := authSvc.ExchangeCodeForTokens(ctx, cbRes.Code, redirectURI) - if errToken != nil { - return nil, fmt.Errorf("antigravity: token exchange failed: %w", errToken) - } - - accessToken := strings.TrimSpace(tokenResp.AccessToken) - if accessToken == "" { - return nil, fmt.Errorf("antigravity: token exchange returned empty access token") - } - - email, errInfo := authSvc.FetchUserInfo(ctx, accessToken) - if errInfo != nil { - return nil, fmt.Errorf("antigravity: fetch user info failed: %w", errInfo) - } - email = strings.TrimSpace(email) - if email == "" { - return nil, fmt.Errorf("antigravity: empty email returned from user info") - } - - // Fetch project ID via loadCodeAssist (same approach as Gemini CLI) - projectID := "" - if accessToken != "" { - fetchedProjectID, errProject := authSvc.FetchProjectID(ctx, accessToken) - if errProject != nil { - log.Warnf("antigravity: failed to fetch project ID: %v", errProject) - } else { - projectID = fetchedProjectID - log.Infof("antigravity: obtained project ID %s", projectID) - } - } - - now := time.Now() - metadata := map[string]any{ - "type": "antigravity", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_in": tokenResp.ExpiresIn, - "timestamp": now.UnixMilli(), - "expired": now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - if email != "" { - metadata["email"] = email - } - if projectID != "" { - metadata["project_id"] = projectID - } - - fileName := antigravity.CredentialFileName(email) - label := email - if label == "" { - label = "antigravity" - } - - fmt.Println("Antigravity authentication successful") - if projectID != "" { - fmt.Printf("Using GCP project: %s\n", projectID) - } - return &coreauth.Auth{ - ID: fileName, - Provider: "antigravity", - FileName: fileName, - Label: label, - Metadata: metadata, - }, nil -} - -type callbackResult struct { - Code string - Error string - State string -} - -func startAntigravityCallbackServer(port int) (*http.Server, int, <-chan callbackResult, error) { - if port <= 0 { - port = antigravity.CallbackPort - } - addr := fmt.Sprintf(":%d", port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return nil, 0, nil, err - } - port = listener.Addr().(*net.TCPAddr).Port - resultCh := make(chan callbackResult, 1) - - mux := http.NewServeMux() - mux.HandleFunc("/oauth-callback", func(w http.ResponseWriter, r *http.Request) { - q := r.URL.Query() - res := callbackResult{ - Code: strings.TrimSpace(q.Get("code")), - Error: strings.TrimSpace(q.Get("error")), - State: strings.TrimSpace(q.Get("state")), - } - resultCh <- res - if res.Code != "" && res.Error == "" { - _, _ = w.Write([]byte("

Login successful

You can close this window.

")) - } else { - _, _ = w.Write([]byte("

Login failed

Please check the CLI output.

")) - } - }) - - srv := &http.Server{Handler: mux} - go func() { - if errServe := srv.Serve(listener); errServe != nil && !strings.Contains(errServe.Error(), "Server closed") { - log.Warnf("antigravity callback server error: %v", errServe) - } - }() - - return srv, port, resultCh, nil -} - -// FetchAntigravityProjectID exposes project discovery for external callers. -func FetchAntigravityProjectID(ctx context.Context, accessToken string, httpClient *http.Client) (string, error) { - cfg := &config.Config{} - authSvc := antigravity.NewAntigravityAuth(cfg, httpClient) - return authSvc.FetchProjectID(ctx, accessToken) -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/claude.go b/.worktrees/config/m/config-build/active/sdk/auth/claude.go deleted file mode 100644 index 706763b3ea..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/claude.go +++ /dev/null @@ -1,214 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/claude" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - // legacy client removed - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// ClaudeAuthenticator implements the OAuth login flow for Anthropic Claude accounts. -type ClaudeAuthenticator struct { - CallbackPort int -} - -// NewClaudeAuthenticator constructs a Claude authenticator with default settings. -func NewClaudeAuthenticator() *ClaudeAuthenticator { - return &ClaudeAuthenticator{CallbackPort: 54545} -} - -func (a *ClaudeAuthenticator) Provider() string { - return "claude" -} - -func (a *ClaudeAuthenticator) RefreshLead() *time.Duration { - return new(4 * time.Hour) -} - -func (a *ClaudeAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - callbackPort := a.CallbackPort - if opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - - pkceCodes, err := claude.GeneratePKCECodes() - if err != nil { - return nil, fmt.Errorf("claude pkce generation failed: %w", err) - } - - state, err := misc.GenerateRandomState() - if err != nil { - return nil, fmt.Errorf("claude state generation failed: %w", err) - } - - oauthServer := claude.NewOAuthServer(callbackPort) - if err = oauthServer.Start(); err != nil { - if strings.Contains(err.Error(), "already in use") { - return nil, claude.NewAuthenticationError(claude.ErrPortInUse, err) - } - return nil, claude.NewAuthenticationError(claude.ErrServerStartFailed, err) - } - defer func() { - stopCtx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - if stopErr := oauthServer.Stop(stopCtx); stopErr != nil { - log.Warnf("claude oauth server stop error: %v", stopErr) - } - }() - - authSvc := claude.NewClaudeAuth(cfg) - - authURL, returnedState, err := authSvc.GenerateAuthURL(state, pkceCodes) - if err != nil { - return nil, fmt.Errorf("claude authorization url generation failed: %w", err) - } - state = returnedState - - if !opts.NoBrowser { - fmt.Println("Opening browser for Claude authentication") - if !browser.IsAvailable() { - log.Warn("No browser available; please open the URL manually") - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } else if err = browser.OpenURL(authURL); err != nil { - log.Warnf("Failed to open browser automatically: %v", err) - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - } else { - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - - fmt.Println("Waiting for Claude authentication callback...") - - callbackCh := make(chan *claude.OAuthResult, 1) - callbackErrCh := make(chan error, 1) - manualDescription := "" - - go func() { - result, errWait := oauthServer.WaitForCallback(5 * time.Minute) - if errWait != nil { - callbackErrCh <- errWait - return - } - callbackCh <- result - }() - - var result *claude.OAuthResult - var manualPromptTimer *time.Timer - var manualPromptC <-chan time.Time - if opts.Prompt != nil { - manualPromptTimer = time.NewTimer(15 * time.Second) - manualPromptC = manualPromptTimer.C - defer manualPromptTimer.Stop() - } - -waitForCallback: - for { - select { - case result = <-callbackCh: - break waitForCallback - case err = <-callbackErrCh: - if strings.Contains(err.Error(), "timeout") { - return nil, claude.NewAuthenticationError(claude.ErrCallbackTimeout, err) - } - return nil, err - case <-manualPromptC: - manualPromptC = nil - if manualPromptTimer != nil { - manualPromptTimer.Stop() - } - select { - case result = <-callbackCh: - break waitForCallback - case err = <-callbackErrCh: - if strings.Contains(err.Error(), "timeout") { - return nil, claude.NewAuthenticationError(claude.ErrCallbackTimeout, err) - } - return nil, err - default: - } - input, errPrompt := opts.Prompt("Paste the Claude callback URL (or press Enter to keep waiting): ") - if errPrompt != nil { - return nil, errPrompt - } - parsed, errParse := misc.ParseOAuthCallback(input) - if errParse != nil { - return nil, errParse - } - if parsed == nil { - continue - } - manualDescription = parsed.ErrorDescription - result = &claude.OAuthResult{ - Code: parsed.Code, - State: parsed.State, - Error: parsed.Error, - } - break waitForCallback - } - } - - if result.Error != "" { - return nil, claude.NewOAuthError(result.Error, manualDescription, http.StatusBadRequest) - } - - if result.State != state { - log.Errorf("State mismatch: expected %s, got %s", state, result.State) - return nil, claude.NewAuthenticationError(claude.ErrInvalidState, fmt.Errorf("state mismatch")) - } - - log.Debug("Claude authorization code received; exchanging for tokens") - log.Debugf("Code: %s, State: %s", result.Code[:min(20, len(result.Code))], state) - - authBundle, err := authSvc.ExchangeCodeForTokens(ctx, result.Code, state, pkceCodes) - if err != nil { - log.Errorf("Token exchange failed: %v", err) - return nil, claude.NewAuthenticationError(claude.ErrCodeExchangeFailed, err) - } - - tokenStorage := authSvc.CreateTokenStorage(authBundle) - - if tokenStorage == nil || tokenStorage.Email == "" { - return nil, fmt.Errorf("claude token storage missing account information") - } - - fileName := fmt.Sprintf("claude-%s.json", tokenStorage.Email) - metadata := map[string]any{ - "email": tokenStorage.Email, - } - - fmt.Println("Claude authentication successful") - if authBundle.APIKey != "" { - fmt.Println("Claude API key obtained and stored") - } - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Storage: tokenStorage, - Metadata: metadata, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/codex.go b/.worktrees/config/m/config-build/active/sdk/auth/codex.go deleted file mode 100644 index c81842eb3c..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/codex.go +++ /dev/null @@ -1,224 +0,0 @@ -package auth - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "fmt" - "net/http" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - // legacy client removed - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// CodexAuthenticator implements the OAuth login flow for Codex accounts. -type CodexAuthenticator struct { - CallbackPort int -} - -// NewCodexAuthenticator constructs a Codex authenticator with default settings. -func NewCodexAuthenticator() *CodexAuthenticator { - return &CodexAuthenticator{CallbackPort: 1455} -} - -func (a *CodexAuthenticator) Provider() string { - return "codex" -} - -func (a *CodexAuthenticator) RefreshLead() *time.Duration { - return new(5 * 24 * time.Hour) -} - -func (a *CodexAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - callbackPort := a.CallbackPort - if opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - - pkceCodes, err := codex.GeneratePKCECodes() - if err != nil { - return nil, fmt.Errorf("codex pkce generation failed: %w", err) - } - - state, err := misc.GenerateRandomState() - if err != nil { - return nil, fmt.Errorf("codex state generation failed: %w", err) - } - - oauthServer := codex.NewOAuthServer(callbackPort) - if err = oauthServer.Start(); err != nil { - if strings.Contains(err.Error(), "already in use") { - return nil, codex.NewAuthenticationError(codex.ErrPortInUse, err) - } - return nil, codex.NewAuthenticationError(codex.ErrServerStartFailed, err) - } - defer func() { - stopCtx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - if stopErr := oauthServer.Stop(stopCtx); stopErr != nil { - log.Warnf("codex oauth server stop error: %v", stopErr) - } - }() - - authSvc := codex.NewCodexAuth(cfg) - - authURL, err := authSvc.GenerateAuthURL(state, pkceCodes) - if err != nil { - return nil, fmt.Errorf("codex authorization url generation failed: %w", err) - } - - if !opts.NoBrowser { - fmt.Println("Opening browser for Codex authentication") - if !browser.IsAvailable() { - log.Warn("No browser available; please open the URL manually") - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } else if err = browser.OpenURL(authURL); err != nil { - log.Warnf("Failed to open browser automatically: %v", err) - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - } else { - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - - fmt.Println("Waiting for Codex authentication callback...") - - callbackCh := make(chan *codex.OAuthResult, 1) - callbackErrCh := make(chan error, 1) - manualDescription := "" - - go func() { - result, errWait := oauthServer.WaitForCallback(5 * time.Minute) - if errWait != nil { - callbackErrCh <- errWait - return - } - callbackCh <- result - }() - - var result *codex.OAuthResult - var manualPromptTimer *time.Timer - var manualPromptC <-chan time.Time - if opts.Prompt != nil { - manualPromptTimer = time.NewTimer(15 * time.Second) - manualPromptC = manualPromptTimer.C - defer manualPromptTimer.Stop() - } - -waitForCallback: - for { - select { - case result = <-callbackCh: - break waitForCallback - case err = <-callbackErrCh: - if strings.Contains(err.Error(), "timeout") { - return nil, codex.NewAuthenticationError(codex.ErrCallbackTimeout, err) - } - return nil, err - case <-manualPromptC: - manualPromptC = nil - if manualPromptTimer != nil { - manualPromptTimer.Stop() - } - select { - case result = <-callbackCh: - break waitForCallback - case err = <-callbackErrCh: - if strings.Contains(err.Error(), "timeout") { - return nil, codex.NewAuthenticationError(codex.ErrCallbackTimeout, err) - } - return nil, err - default: - } - input, errPrompt := opts.Prompt("Paste the Codex callback URL (or press Enter to keep waiting): ") - if errPrompt != nil { - return nil, errPrompt - } - parsed, errParse := misc.ParseOAuthCallback(input) - if errParse != nil { - return nil, errParse - } - if parsed == nil { - continue - } - manualDescription = parsed.ErrorDescription - result = &codex.OAuthResult{ - Code: parsed.Code, - State: parsed.State, - Error: parsed.Error, - } - break waitForCallback - } - } - - if result.Error != "" { - return nil, codex.NewOAuthError(result.Error, manualDescription, http.StatusBadRequest) - } - - if result.State != state { - return nil, codex.NewAuthenticationError(codex.ErrInvalidState, fmt.Errorf("state mismatch")) - } - - log.Debug("Codex authorization code received; exchanging for tokens") - - authBundle, err := authSvc.ExchangeCodeForTokens(ctx, result.Code, pkceCodes) - if err != nil { - return nil, codex.NewAuthenticationError(codex.ErrCodeExchangeFailed, err) - } - - tokenStorage := authSvc.CreateTokenStorage(authBundle) - - if tokenStorage == nil || tokenStorage.Email == "" { - return nil, fmt.Errorf("codex token storage missing account information") - } - - planType := "" - hashAccountID := "" - if tokenStorage.IDToken != "" { - if claims, errParse := codex.ParseJWTToken(tokenStorage.IDToken); errParse == nil && claims != nil { - planType = strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType) - accountID := strings.TrimSpace(claims.CodexAuthInfo.ChatgptAccountID) - if accountID != "" { - digest := sha256.Sum256([]byte(accountID)) - hashAccountID = hex.EncodeToString(digest[:])[:8] - } - } - } - fileName := codex.CredentialFileName(tokenStorage.Email, planType, hashAccountID, true) - metadata := map[string]any{ - "email": tokenStorage.Email, - } - - fmt.Println("Codex authentication successful") - if authBundle.APIKey != "" { - fmt.Println("Codex API key obtained and stored") - } - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Storage: tokenStorage, - Metadata: metadata, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/errors.go b/.worktrees/config/m/config-build/active/sdk/auth/errors.go deleted file mode 100644 index 78fe9a17bd..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/errors.go +++ /dev/null @@ -1,40 +0,0 @@ -package auth - -import ( - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces" -) - -// ProjectSelectionError indicates that the user must choose a specific project ID. -type ProjectSelectionError struct { - Email string - Projects []interfaces.GCPProjectProjects -} - -func (e *ProjectSelectionError) Error() string { - if e == nil { - return "cliproxy auth: project selection required" - } - return fmt.Sprintf("cliproxy auth: project selection required for %s", e.Email) -} - -// ProjectsDisplay returns the projects list for caller presentation. -func (e *ProjectSelectionError) ProjectsDisplay() []interfaces.GCPProjectProjects { - if e == nil { - return nil - } - return e.Projects -} - -// EmailRequiredError indicates that the calling context must provide an email or alias. -type EmailRequiredError struct { - Prompt string -} - -func (e *EmailRequiredError) Error() string { - if e == nil || e.Prompt == "" { - return "cliproxy auth: email is required" - } - return e.Prompt -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/filestore.go b/.worktrees/config/m/config-build/active/sdk/auth/filestore.go deleted file mode 100644 index 4715d7f7b1..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/filestore.go +++ /dev/null @@ -1,446 +0,0 @@ -package auth - -import ( - "context" - "encoding/json" - "fmt" - "io" - "io/fs" - "net/http" - "net/url" - "os" - "path/filepath" - "strings" - "sync" - "time" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// FileTokenStore persists token records and auth metadata using the filesystem as backing storage. -type FileTokenStore struct { - mu sync.Mutex - dirLock sync.RWMutex - baseDir string -} - -// NewFileTokenStore creates a token store that saves credentials to disk through the -// TokenStorage implementation embedded in the token record. -func NewFileTokenStore() *FileTokenStore { - return &FileTokenStore{} -} - -// SetBaseDir updates the default directory used for auth JSON persistence when no explicit path is provided. -func (s *FileTokenStore) SetBaseDir(dir string) { - s.dirLock.Lock() - s.baseDir = strings.TrimSpace(dir) - s.dirLock.Unlock() -} - -// Save persists token storage and metadata to the resolved auth file path. -func (s *FileTokenStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("auth filestore: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); os.IsNotExist(statErr) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("auth filestore: create dir failed: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - auth.Metadata["disabled"] = auth.Disabled - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("auth filestore: marshal metadata failed: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - file, errOpen := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, 0o600) - if errOpen != nil { - return "", fmt.Errorf("auth filestore: open existing failed: %w", errOpen) - } - if _, errWrite := file.Write(raw); errWrite != nil { - _ = file.Close() - return "", fmt.Errorf("auth filestore: write existing failed: %w", errWrite) - } - if errClose := file.Close(); errClose != nil { - return "", fmt.Errorf("auth filestore: close existing failed: %w", errClose) - } - return path, nil - } else if !os.IsNotExist(errRead) { - return "", fmt.Errorf("auth filestore: read existing failed: %w", errRead) - } - if errWrite := os.WriteFile(path, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("auth filestore: write file failed: %w", errWrite) - } - default: - return "", fmt.Errorf("auth filestore: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - return path, nil -} - -// List enumerates all auth JSON files under the configured directory. -func (s *FileTokenStore) List(ctx context.Context) ([]*cliproxyauth.Auth, error) { - dir := s.baseDirSnapshot() - if dir == "" { - return nil, fmt.Errorf("auth filestore: directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, err - } - return entries, nil -} - -// Delete removes the auth file. -func (s *FileTokenStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("auth filestore: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - if err = os.Remove(path); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("auth filestore: delete failed: %w", err) - } - return nil -} - -func (s *FileTokenStore) resolveDeletePath(id string) (string, error) { - if strings.ContainsRune(id, os.PathSeparator) || filepath.IsAbs(id) { - return id, nil - } - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return filepath.Join(dir, id), nil -} - -func (s *FileTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - if provider == "antigravity" || provider == "gemini" { - projectID := "" - if pid, ok := metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(pid) - } - if projectID == "" { - accessToken := extractAccessToken(metadata) - // For gemini type, the stored access_token is likely expired (~1h lifetime). - // Refresh it using the long-lived refresh_token before querying. - if provider == "gemini" { - if tokenMap, ok := metadata["token"].(map[string]any); ok { - if refreshed, errRefresh := refreshGeminiAccessToken(tokenMap, http.DefaultClient); errRefresh == nil { - accessToken = refreshed - } - } - } - if accessToken != "" { - fetchedProjectID, errFetch := FetchAntigravityProjectID(context.Background(), accessToken, http.DefaultClient) - if errFetch == nil && strings.TrimSpace(fetchedProjectID) != "" { - metadata["project_id"] = strings.TrimSpace(fetchedProjectID) - if raw, errMarshal := json.Marshal(metadata); errMarshal == nil { - if file, errOpen := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, 0o600); errOpen == nil { - _, _ = file.Write(raw) - _ = file.Close() - } - } - } - } - } - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat file: %w", err) - } - id := s.idFor(path, baseDir) - disabled, _ := metadata["disabled"].(bool) - status := cliproxyauth.StatusActive - if disabled { - status = cliproxyauth.StatusDisabled - } - - // Calculate NextRefreshAfter from expires_at (20 minutes before expiry) - var nextRefreshAfter time.Time - if expiresAtStr, ok := metadata["expires_at"].(string); ok && expiresAtStr != "" { - if expiresAt, err := time.Parse(time.RFC3339, expiresAtStr); err == nil { - nextRefreshAfter = expiresAt.Add(-20 * time.Minute) - } - } - - auth := &cliproxyauth.Auth{ - ID: id, - Provider: provider, - FileName: id, - Label: s.labelFor(metadata), - Status: status, - Disabled: disabled, - Attributes: map[string]string{"path": path}, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: nextRefreshAfter, - } - if email, ok := metadata["email"].(string); ok && email != "" { - auth.Attributes["email"] = email - } - return auth, nil -} - -func (s *FileTokenStore) idFor(path, baseDir string) string { - if baseDir == "" { - return path - } - rel, err := filepath.Rel(baseDir, path) - if err != nil { - return path - } - return rel -} - -func (s *FileTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - return p, nil - } - } - if fileName := strings.TrimSpace(auth.FileName); fileName != "" { - if filepath.IsAbs(fileName) { - return fileName, nil - } - if dir := s.baseDirSnapshot(); dir != "" { - return filepath.Join(dir, fileName), nil - } - return fileName, nil - } - if auth.ID == "" { - return "", fmt.Errorf("auth filestore: missing id") - } - if filepath.IsAbs(auth.ID) { - return auth.ID, nil - } - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return filepath.Join(dir, auth.ID), nil -} - -func (s *FileTokenStore) labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v, ok := metadata["label"].(string); ok && v != "" { - return v - } - if v, ok := metadata["email"].(string); ok && v != "" { - return v - } - if project, ok := metadata["project_id"].(string); ok && project != "" { - return project - } - return "" -} - -func (s *FileTokenStore) baseDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.baseDir -} - -func extractAccessToken(metadata map[string]any) string { - if at, ok := metadata["access_token"].(string); ok { - if v := strings.TrimSpace(at); v != "" { - return v - } - } - if tokenMap, ok := metadata["token"].(map[string]any); ok { - if at, ok := tokenMap["access_token"].(string); ok { - if v := strings.TrimSpace(at); v != "" { - return v - } - } - } - return "" -} - -func refreshGeminiAccessToken(tokenMap map[string]any, httpClient *http.Client) (string, error) { - refreshToken, _ := tokenMap["refresh_token"].(string) - clientID, _ := tokenMap["client_id"].(string) - clientSecret, _ := tokenMap["client_secret"].(string) - tokenURI, _ := tokenMap["token_uri"].(string) - - if refreshToken == "" || clientID == "" || clientSecret == "" { - return "", fmt.Errorf("missing refresh credentials") - } - if tokenURI == "" { - tokenURI = "https://oauth2.googleapis.com/token" - } - - data := url.Values{ - "grant_type": {"refresh_token"}, - "refresh_token": {refreshToken}, - "client_id": {clientID}, - "client_secret": {clientSecret}, - } - - resp, err := httpClient.PostForm(tokenURI, data) - if err != nil { - return "", fmt.Errorf("refresh request: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, _ := io.ReadAll(resp.Body) - if resp.StatusCode != http.StatusOK { - return "", fmt.Errorf("refresh failed: status %d", resp.StatusCode) - } - - var result map[string]any - if errUnmarshal := json.Unmarshal(body, &result); errUnmarshal != nil { - return "", fmt.Errorf("decode refresh response: %w", errUnmarshal) - } - - newAccessToken, _ := result["access_token"].(string) - if newAccessToken == "" { - return "", fmt.Errorf("no access_token in refresh response") - } - - tokenMap["access_token"] = newAccessToken - return newAccessToken, nil -} - -// jsonEqual compares two JSON blobs by parsing them into Go objects and deep comparing. -func jsonEqual(a, b []byte) bool { - var objA any - var objB any - if err := json.Unmarshal(a, &objA); err != nil { - return false - } - if err := json.Unmarshal(b, &objB); err != nil { - return false - } - return deepEqualJSON(objA, objB) -} - -func deepEqualJSON(a, b any) bool { - switch valA := a.(type) { - case map[string]any: - valB, ok := b.(map[string]any) - if !ok || len(valA) != len(valB) { - return false - } - for key, subA := range valA { - subB, ok1 := valB[key] - if !ok1 || !deepEqualJSON(subA, subB) { - return false - } - } - return true - case []any: - sliceB, ok := b.([]any) - if !ok || len(valA) != len(sliceB) { - return false - } - for i := range valA { - if !deepEqualJSON(valA[i], sliceB[i]) { - return false - } - } - return true - case float64: - valB, ok := b.(float64) - if !ok { - return false - } - return valA == valB - case string: - valB, ok := b.(string) - if !ok { - return false - } - return valA == valB - case bool: - valB, ok := b.(bool) - if !ok { - return false - } - return valA == valB - case nil: - return b == nil - default: - return false - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/filestore_test.go b/.worktrees/config/m/config-build/active/sdk/auth/filestore_test.go deleted file mode 100644 index 9e135ad4c9..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/filestore_test.go +++ /dev/null @@ -1,80 +0,0 @@ -package auth - -import "testing" - -func TestExtractAccessToken(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - metadata map[string]any - expected string - }{ - { - "antigravity top-level access_token", - map[string]any{"access_token": "tok-abc"}, - "tok-abc", - }, - { - "gemini nested token.access_token", - map[string]any{ - "token": map[string]any{"access_token": "tok-nested"}, - }, - "tok-nested", - }, - { - "top-level takes precedence over nested", - map[string]any{ - "access_token": "tok-top", - "token": map[string]any{"access_token": "tok-nested"}, - }, - "tok-top", - }, - { - "empty metadata", - map[string]any{}, - "", - }, - { - "whitespace-only access_token", - map[string]any{"access_token": " "}, - "", - }, - { - "wrong type access_token", - map[string]any{"access_token": 12345}, - "", - }, - { - "token is not a map", - map[string]any{"token": "not-a-map"}, - "", - }, - { - "nested whitespace-only", - map[string]any{ - "token": map[string]any{"access_token": " "}, - }, - "", - }, - { - "fallback to nested when top-level empty", - map[string]any{ - "access_token": "", - "token": map[string]any{"access_token": "tok-fallback"}, - }, - "tok-fallback", - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - got := extractAccessToken(tt.metadata) - if got != tt.expected { - t.Errorf("extractAccessToken() = %q, want %q", got, tt.expected) - } - }) - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/gemini.go b/.worktrees/config/m/config-build/active/sdk/auth/gemini.go deleted file mode 100644 index 2b8f9c2b88..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/gemini.go +++ /dev/null @@ -1,73 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/gemini" - // legacy client removed - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// GeminiAuthenticator implements the login flow for Google Gemini CLI accounts. -type GeminiAuthenticator struct{} - -// NewGeminiAuthenticator constructs a Gemini authenticator. -func NewGeminiAuthenticator() *GeminiAuthenticator { - return &GeminiAuthenticator{} -} - -func (a *GeminiAuthenticator) Provider() string { - return "gemini" -} - -func (a *GeminiAuthenticator) RefreshLead() *time.Duration { - return nil -} - -func (a *GeminiAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - var ts gemini.GeminiTokenStorage - if opts.ProjectID != "" { - ts.ProjectID = opts.ProjectID - } - - geminiAuth := gemini.NewGeminiAuth() - _, err := geminiAuth.GetAuthenticatedClient(ctx, &ts, cfg, &gemini.WebLoginOptions{ - NoBrowser: opts.NoBrowser, - CallbackPort: opts.CallbackPort, - Prompt: opts.Prompt, - }) - if err != nil { - return nil, fmt.Errorf("gemini authentication failed: %w", err) - } - - // Skip onboarding here; rely on upstream configuration - - fileName := fmt.Sprintf("%s-%s.json", ts.Email, ts.ProjectID) - metadata := map[string]any{ - "email": ts.Email, - "project_id": ts.ProjectID, - } - - fmt.Println("Gemini authentication successful") - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Storage: &ts, - Metadata: metadata, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/github_copilot.go b/.worktrees/config/m/config-build/active/sdk/auth/github_copilot.go deleted file mode 100644 index 1d14ac4751..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/github_copilot.go +++ /dev/null @@ -1,129 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/copilot" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// GitHubCopilotAuthenticator implements the OAuth device flow login for GitHub Copilot. -type GitHubCopilotAuthenticator struct{} - -// NewGitHubCopilotAuthenticator constructs a new GitHub Copilot authenticator. -func NewGitHubCopilotAuthenticator() Authenticator { - return &GitHubCopilotAuthenticator{} -} - -// Provider returns the provider key for github-copilot. -func (GitHubCopilotAuthenticator) Provider() string { - return "github-copilot" -} - -// RefreshLead returns nil since GitHub OAuth tokens don't expire in the traditional sense. -// The token remains valid until the user revokes it or the Copilot subscription expires. -func (GitHubCopilotAuthenticator) RefreshLead() *time.Duration { - return nil -} - -// Login initiates the GitHub device flow authentication for Copilot access. -func (a GitHubCopilotAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if opts == nil { - opts = &LoginOptions{} - } - - authSvc := copilot.NewCopilotAuth(cfg) - - // Start the device flow - fmt.Println("Starting GitHub Copilot authentication...") - deviceCode, err := authSvc.StartDeviceFlow(ctx) - if err != nil { - return nil, fmt.Errorf("github-copilot: failed to start device flow: %w", err) - } - - // Display the user code and verification URL - fmt.Printf("\nTo authenticate, please visit: %s\n", deviceCode.VerificationURI) - fmt.Printf("And enter the code: %s\n\n", deviceCode.UserCode) - - // Try to open the browser automatically - if !opts.NoBrowser { - if browser.IsAvailable() { - if errOpen := browser.OpenURL(deviceCode.VerificationURI); errOpen != nil { - log.Warnf("Failed to open browser automatically: %v", errOpen) - } - } - } - - fmt.Println("Waiting for GitHub authorization...") - fmt.Printf("(This will timeout in %d seconds if not authorized)\n", deviceCode.ExpiresIn) - - // Wait for user authorization - authBundle, err := authSvc.WaitForAuthorization(ctx, deviceCode) - if err != nil { - errMsg := copilot.GetUserFriendlyMessage(err) - return nil, fmt.Errorf("github-copilot: %s", errMsg) - } - - // Verify the token can get a Copilot API token - fmt.Println("Verifying Copilot access...") - apiToken, err := authSvc.GetCopilotAPIToken(ctx, authBundle.TokenData.AccessToken) - if err != nil { - return nil, fmt.Errorf("github-copilot: failed to verify Copilot access - you may not have an active Copilot subscription: %w", err) - } - - // Create the token storage - tokenStorage := authSvc.CreateTokenStorage(authBundle) - - // Build metadata with token information for the executor - metadata := map[string]any{ - "type": "github-copilot", - "username": authBundle.Username, - "access_token": authBundle.TokenData.AccessToken, - "token_type": authBundle.TokenData.TokenType, - "scope": authBundle.TokenData.Scope, - "timestamp": time.Now().UnixMilli(), - } - - if apiToken.ExpiresAt > 0 { - metadata["api_token_expires_at"] = apiToken.ExpiresAt - } - - fileName := fmt.Sprintf("github-copilot-%s.json", authBundle.Username) - - fmt.Printf("\nGitHub Copilot authentication successful for user: %s\n", authBundle.Username) - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Label: authBundle.Username, - Storage: tokenStorage, - Metadata: metadata, - }, nil -} - -// RefreshGitHubCopilotToken validates and returns the current token status. -// GitHub OAuth tokens don't need traditional refresh - we just validate they still work. -func RefreshGitHubCopilotToken(ctx context.Context, cfg *config.Config, storage *copilot.CopilotTokenStorage) error { - if storage == nil || storage.AccessToken == "" { - return fmt.Errorf("no token available") - } - - authSvc := copilot.NewCopilotAuth(cfg) - - // Validate the token can still get a Copilot API token - _, err := authSvc.GetCopilotAPIToken(ctx, storage.AccessToken) - if err != nil { - return fmt.Errorf("token validation failed: %w", err) - } - - return nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/iflow.go b/.worktrees/config/m/config-build/active/sdk/auth/iflow.go deleted file mode 100644 index a695311db2..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/iflow.go +++ /dev/null @@ -1,190 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/iflow" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - "github.com/router-for-me/CLIProxyAPI/v6/internal/misc" - "github.com/router-for-me/CLIProxyAPI/v6/internal/util" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// IFlowAuthenticator implements the OAuth login flow for iFlow accounts. -type IFlowAuthenticator struct{} - -// NewIFlowAuthenticator constructs a new authenticator instance. -func NewIFlowAuthenticator() *IFlowAuthenticator { return &IFlowAuthenticator{} } - -// Provider returns the provider key for the authenticator. -func (a *IFlowAuthenticator) Provider() string { return "iflow" } - -// RefreshLead indicates how soon before expiry a refresh should be attempted. -func (a *IFlowAuthenticator) RefreshLead() *time.Duration { - return new(24 * time.Hour) -} - -// Login performs the OAuth code flow using a local callback server. -func (a *IFlowAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - callbackPort := iflow.CallbackPort - if opts.CallbackPort > 0 { - callbackPort = opts.CallbackPort - } - - authSvc := iflow.NewIFlowAuth(cfg) - - oauthServer := iflow.NewOAuthServer(callbackPort) - if err := oauthServer.Start(); err != nil { - if strings.Contains(err.Error(), "already in use") { - return nil, fmt.Errorf("iflow authentication server port in use: %w", err) - } - return nil, fmt.Errorf("iflow authentication server failed: %w", err) - } - defer func() { - stopCtx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - if stopErr := oauthServer.Stop(stopCtx); stopErr != nil { - log.Warnf("iflow oauth server stop error: %v", stopErr) - } - }() - - state, err := misc.GenerateRandomState() - if err != nil { - return nil, fmt.Errorf("iflow auth: failed to generate state: %w", err) - } - - authURL, redirectURI := authSvc.AuthorizationURL(state, callbackPort) - - if !opts.NoBrowser { - fmt.Println("Opening browser for iFlow authentication") - if !browser.IsAvailable() { - log.Warn("No browser available; please open the URL manually") - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } else if err = browser.OpenURL(authURL); err != nil { - log.Warnf("Failed to open browser automatically: %v", err) - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - } else { - util.PrintSSHTunnelInstructions(callbackPort) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - - fmt.Println("Waiting for iFlow authentication callback...") - - callbackCh := make(chan *iflow.OAuthResult, 1) - callbackErrCh := make(chan error, 1) - - go func() { - result, errWait := oauthServer.WaitForCallback(5 * time.Minute) - if errWait != nil { - callbackErrCh <- errWait - return - } - callbackCh <- result - }() - - var result *iflow.OAuthResult - var manualPromptTimer *time.Timer - var manualPromptC <-chan time.Time - if opts.Prompt != nil { - manualPromptTimer = time.NewTimer(15 * time.Second) - manualPromptC = manualPromptTimer.C - defer manualPromptTimer.Stop() - } - -waitForCallback: - for { - select { - case result = <-callbackCh: - break waitForCallback - case err = <-callbackErrCh: - return nil, fmt.Errorf("iflow auth: callback wait failed: %w", err) - case <-manualPromptC: - manualPromptC = nil - if manualPromptTimer != nil { - manualPromptTimer.Stop() - } - select { - case result = <-callbackCh: - break waitForCallback - case err = <-callbackErrCh: - return nil, fmt.Errorf("iflow auth: callback wait failed: %w", err) - default: - } - input, errPrompt := opts.Prompt("Paste the iFlow callback URL (or press Enter to keep waiting): ") - if errPrompt != nil { - return nil, errPrompt - } - parsed, errParse := misc.ParseOAuthCallback(input) - if errParse != nil { - return nil, errParse - } - if parsed == nil { - continue - } - result = &iflow.OAuthResult{ - Code: parsed.Code, - State: parsed.State, - Error: parsed.Error, - } - break waitForCallback - } - } - if result.Error != "" { - return nil, fmt.Errorf("iflow auth: provider returned error %s", result.Error) - } - if result.State != state { - return nil, fmt.Errorf("iflow auth: state mismatch") - } - - tokenData, err := authSvc.ExchangeCodeForTokens(ctx, result.Code, redirectURI) - if err != nil { - return nil, fmt.Errorf("iflow authentication failed: %w", err) - } - - tokenStorage := authSvc.CreateTokenStorage(tokenData) - - email := strings.TrimSpace(tokenStorage.Email) - if email == "" { - return nil, fmt.Errorf("iflow authentication failed: missing account identifier") - } - - fileName := fmt.Sprintf("iflow-%s-%d.json", email, time.Now().Unix()) - metadata := map[string]any{ - "email": email, - "api_key": tokenStorage.APIKey, - "access_token": tokenStorage.AccessToken, - "refresh_token": tokenStorage.RefreshToken, - "expired": tokenStorage.Expire, - } - - fmt.Println("iFlow authentication successful") - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Storage: tokenStorage, - Metadata: metadata, - Attributes: map[string]string{ - "api_key": tokenStorage.APIKey, - }, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/interfaces.go b/.worktrees/config/m/config-build/active/sdk/auth/interfaces.go deleted file mode 100644 index 64cf8ed035..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/interfaces.go +++ /dev/null @@ -1,29 +0,0 @@ -package auth - -import ( - "context" - "errors" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -var ErrRefreshNotSupported = errors.New("cliproxy auth: refresh not supported") - -// LoginOptions captures generic knobs shared across authenticators. -// Provider-specific logic can inspect Metadata for extra parameters. -type LoginOptions struct { - NoBrowser bool - ProjectID string - CallbackPort int - Metadata map[string]string - Prompt func(prompt string) (string, error) -} - -// Authenticator manages login and optional refresh flows for a provider. -type Authenticator interface { - Provider() string - Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) - RefreshLead() *time.Duration -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/kilo.go b/.worktrees/config/m/config-build/active/sdk/auth/kilo.go deleted file mode 100644 index 7e98f7c4b7..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/kilo.go +++ /dev/null @@ -1,121 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kilo" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// KiloAuthenticator implements the login flow for Kilo AI accounts. -type KiloAuthenticator struct{} - -// NewKiloAuthenticator constructs a Kilo authenticator. -func NewKiloAuthenticator() *KiloAuthenticator { - return &KiloAuthenticator{} -} - -func (a *KiloAuthenticator) Provider() string { - return "kilo" -} - -func (a *KiloAuthenticator) RefreshLead() *time.Duration { - return nil -} - -// Login manages the device flow authentication for Kilo AI. -func (a *KiloAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - kilocodeAuth := kilo.NewKiloAuth() - - fmt.Println("Initiating Kilo device authentication...") - resp, err := kilocodeAuth.InitiateDeviceFlow(ctx) - if err != nil { - return nil, fmt.Errorf("failed to initiate device flow: %w", err) - } - - fmt.Printf("Please visit: %s\n", resp.VerificationURL) - fmt.Printf("And enter code: %s\n", resp.Code) - - fmt.Println("Waiting for authorization...") - status, err := kilocodeAuth.PollForToken(ctx, resp.Code) - if err != nil { - return nil, fmt.Errorf("authentication failed: %w", err) - } - - fmt.Printf("Authentication successful for %s\n", status.UserEmail) - - profile, err := kilocodeAuth.GetProfile(ctx, status.Token) - if err != nil { - return nil, fmt.Errorf("failed to fetch profile: %w", err) - } - - var orgID string - if len(profile.Orgs) > 1 { - fmt.Println("Multiple organizations found. Please select one:") - for i, org := range profile.Orgs { - fmt.Printf("[%d] %s (%s)\n", i+1, org.Name, org.ID) - } - - if opts.Prompt != nil { - input, err := opts.Prompt("Enter the number of the organization: ") - if err != nil { - return nil, err - } - var choice int - _, err = fmt.Sscan(input, &choice) - if err == nil && choice > 0 && choice <= len(profile.Orgs) { - orgID = profile.Orgs[choice-1].ID - } else { - orgID = profile.Orgs[0].ID - fmt.Printf("Invalid choice, defaulting to %s\n", profile.Orgs[0].Name) - } - } else { - orgID = profile.Orgs[0].ID - fmt.Printf("Non-interactive mode, defaulting to organization: %s\n", profile.Orgs[0].Name) - } - } else if len(profile.Orgs) == 1 { - orgID = profile.Orgs[0].ID - } - - defaults, err := kilocodeAuth.GetDefaults(ctx, status.Token, orgID) - if err != nil { - fmt.Printf("Warning: failed to fetch defaults: %v\n", err) - defaults = &kilo.Defaults{} - } - - ts := &kilo.KiloTokenStorage{ - Token: status.Token, - OrganizationID: orgID, - Model: defaults.Model, - Email: status.UserEmail, - Type: "kilo", - } - - fileName := kilo.CredentialFileName(status.UserEmail) - metadata := map[string]any{ - "email": status.UserEmail, - "organization_id": orgID, - "model": defaults.Model, - } - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Storage: ts, - Metadata: metadata, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/kimi.go b/.worktrees/config/m/config-build/active/sdk/auth/kimi.go deleted file mode 100644 index 12ae101e7d..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/kimi.go +++ /dev/null @@ -1,123 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kimi" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// kimiRefreshLead is the duration before token expiry when refresh should occur. -var kimiRefreshLead = 5 * time.Minute - -// KimiAuthenticator implements the OAuth device flow login for Kimi (Moonshot AI). -type KimiAuthenticator struct{} - -// NewKimiAuthenticator constructs a new Kimi authenticator. -func NewKimiAuthenticator() Authenticator { - return &KimiAuthenticator{} -} - -// Provider returns the provider key for kimi. -func (KimiAuthenticator) Provider() string { - return "kimi" -} - -// RefreshLead returns the duration before token expiry when refresh should occur. -// Kimi tokens expire and need to be refreshed before expiry. -func (KimiAuthenticator) RefreshLead() *time.Duration { - return &kimiRefreshLead -} - -// Login initiates the Kimi device flow authentication. -func (a KimiAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if opts == nil { - opts = &LoginOptions{} - } - - authSvc := kimi.NewKimiAuth(cfg) - - // Start the device flow - fmt.Println("Starting Kimi authentication...") - deviceCode, err := authSvc.StartDeviceFlow(ctx) - if err != nil { - return nil, fmt.Errorf("kimi: failed to start device flow: %w", err) - } - - // Display the verification URL - verificationURL := deviceCode.VerificationURIComplete - if verificationURL == "" { - verificationURL = deviceCode.VerificationURI - } - - fmt.Printf("\nTo authenticate, please visit:\n%s\n\n", verificationURL) - if deviceCode.UserCode != "" { - fmt.Printf("User code: %s\n\n", deviceCode.UserCode) - } - - // Try to open the browser automatically - if !opts.NoBrowser { - if browser.IsAvailable() { - if errOpen := browser.OpenURL(verificationURL); errOpen != nil { - log.Warnf("Failed to open browser automatically: %v", errOpen) - } else { - fmt.Println("Browser opened automatically.") - } - } - } - - fmt.Println("Waiting for authorization...") - if deviceCode.ExpiresIn > 0 { - fmt.Printf("(This will timeout in %d seconds if not authorized)\n", deviceCode.ExpiresIn) - } - - // Wait for user authorization - authBundle, err := authSvc.WaitForAuthorization(ctx, deviceCode) - if err != nil { - return nil, fmt.Errorf("kimi: %w", err) - } - - // Create the token storage - tokenStorage := authSvc.CreateTokenStorage(authBundle) - - // Build metadata with token information - metadata := map[string]any{ - "type": "kimi", - "access_token": authBundle.TokenData.AccessToken, - "refresh_token": authBundle.TokenData.RefreshToken, - "token_type": authBundle.TokenData.TokenType, - "scope": authBundle.TokenData.Scope, - "timestamp": time.Now().UnixMilli(), - } - - if authBundle.TokenData.ExpiresAt > 0 { - exp := time.Unix(authBundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - metadata["expired"] = exp - } - if strings.TrimSpace(authBundle.DeviceID) != "" { - metadata["device_id"] = strings.TrimSpace(authBundle.DeviceID) - } - - // Generate a unique filename - fileName := fmt.Sprintf("kimi-%d.json", time.Now().UnixMilli()) - - fmt.Println("\nKimi authentication successful!") - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Label: "Kimi User", - Storage: tokenStorage, - Metadata: metadata, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/kiro.go b/.worktrees/config/m/config-build/active/sdk/auth/kiro.go deleted file mode 100644 index ad165b75a3..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/kiro.go +++ /dev/null @@ -1,446 +0,0 @@ -package auth - -import ( - "context" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - "time" - - kiroauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/kiro" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// extractKiroIdentifier extracts a meaningful identifier for file naming. -// Returns account name if provided, otherwise profile ARN ID, then client ID. -// All extracted values are sanitized to prevent path injection attacks. -func extractKiroIdentifier(accountName, profileArn, clientID string) string { - // Priority 1: Use account name if provided - if accountName != "" { - return kiroauth.SanitizeEmailForFilename(accountName) - } - - // Priority 2: Use profile ARN ID part (sanitized to prevent path injection) - if profileArn != "" { - parts := strings.Split(profileArn, "/") - if len(parts) >= 2 { - // Sanitize the ARN component to prevent path traversal - return kiroauth.SanitizeEmailForFilename(parts[len(parts)-1]) - } - } - - // Priority 3: Use client ID (for IDC auth without email/profileArn) - if clientID != "" { - return kiroauth.SanitizeEmailForFilename(clientID) - } - - // Fallback: timestamp - return fmt.Sprintf("%d", time.Now().UnixNano()%100000) -} - -// KiroAuthenticator implements OAuth authentication for Kiro with Google login. -type KiroAuthenticator struct{} - -// NewKiroAuthenticator constructs a Kiro authenticator. -func NewKiroAuthenticator() *KiroAuthenticator { - return &KiroAuthenticator{} -} - -// Provider returns the provider key for the authenticator. -func (a *KiroAuthenticator) Provider() string { - return "kiro" -} - -// RefreshLead indicates how soon before expiry a refresh should be attempted. -// Set to 20 minutes for proactive refresh before token expiry. -func (a *KiroAuthenticator) RefreshLead() *time.Duration { - d := 20 * time.Minute - return &d -} - -// createAuthRecord creates an auth record from token data. -func (a *KiroAuthenticator) createAuthRecord(tokenData *kiroauth.KiroTokenData, source string) (*coreauth.Auth, error) { - // Parse expires_at - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - expiresAt = time.Now().Add(1 * time.Hour) - } - - // Determine label and identifier based on auth method - // Generate sequence number for uniqueness - seq := time.Now().UnixNano() % 100000 - - var label, idPart string - if tokenData.AuthMethod == "idc" { - label = "kiro-idc" - // Priority: email > startUrl identifier > sequence only - // Email is unique, so no sequence needed when email is available - if tokenData.Email != "" { - idPart = kiroauth.SanitizeEmailForFilename(tokenData.Email) - } else if tokenData.StartURL != "" { - identifier := kiroauth.ExtractIDCIdentifier(tokenData.StartURL) - if identifier != "" { - idPart = fmt.Sprintf("%s-%05d", identifier, seq) - } else { - idPart = fmt.Sprintf("%05d", seq) - } - } else { - idPart = fmt.Sprintf("%05d", seq) - } - } else { - label = fmt.Sprintf("kiro-%s", source) - idPart = extractKiroIdentifier(tokenData.Email, tokenData.ProfileArn, tokenData.ClientID) - } - - now := time.Now() - fileName := fmt.Sprintf("%s-%s.json", label, idPart) - - metadata := map[string]any{ - "type": "kiro", - "access_token": tokenData.AccessToken, - "refresh_token": tokenData.RefreshToken, - "profile_arn": tokenData.ProfileArn, - "expires_at": tokenData.ExpiresAt, - "auth_method": tokenData.AuthMethod, - "provider": tokenData.Provider, - "client_id": tokenData.ClientID, - "client_secret": tokenData.ClientSecret, - "email": tokenData.Email, - } - - // Add IDC-specific fields if present - if tokenData.StartURL != "" { - metadata["start_url"] = tokenData.StartURL - } - if tokenData.Region != "" { - metadata["region"] = tokenData.Region - } - - attributes := map[string]string{ - "profile_arn": tokenData.ProfileArn, - "source": source, - "email": tokenData.Email, - } - - // Add IDC-specific attributes if present - if tokenData.AuthMethod == "idc" { - attributes["source"] = "aws-idc" - if tokenData.StartURL != "" { - attributes["start_url"] = tokenData.StartURL - } - if tokenData.Region != "" { - attributes["region"] = tokenData.Region - } - } - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Label: label, - Status: coreauth.StatusActive, - CreatedAt: now, - UpdatedAt: now, - Metadata: metadata, - Attributes: attributes, - // NextRefreshAfter: 20 minutes before expiry - NextRefreshAfter: expiresAt.Add(-20 * time.Minute), - } - - if tokenData.Email != "" { - fmt.Printf("\n✓ Kiro authentication completed successfully! (Account: %s)\n", tokenData.Email) - } else { - fmt.Println("\n✓ Kiro authentication completed successfully!") - } - - return record, nil -} - -// Login performs OAuth login for Kiro with AWS (Builder ID or IDC). -// This shows a method selection prompt and handles both flows. -func (a *KiroAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("kiro auth: configuration is required") - } - - // Use the unified method selection flow (Builder ID or IDC) - ssoClient := kiroauth.NewSSOOIDCClient(cfg) - tokenData, err := ssoClient.LoginWithMethodSelection(ctx) - if err != nil { - return nil, fmt.Errorf("login failed: %w", err) - } - - return a.createAuthRecord(tokenData, "aws") -} - -// LoginWithAuthCode performs OAuth login for Kiro with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (a *KiroAuthenticator) LoginWithAuthCode(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("kiro auth: configuration is required") - } - - oauth := kiroauth.NewKiroOAuth(cfg) - - // Use AWS Builder ID authorization code flow - tokenData, err := oauth.LoginWithBuilderIDAuthCode(ctx) - if err != nil { - return nil, fmt.Errorf("login failed: %w", err) - } - - // Parse expires_at - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - expiresAt = time.Now().Add(1 * time.Hour) - } - - // Extract identifier for file naming - idPart := extractKiroIdentifier(tokenData.Email, tokenData.ProfileArn, tokenData.ClientID) - - now := time.Now() - fileName := fmt.Sprintf("kiro-aws-%s.json", idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Label: "kiro-aws", - Status: coreauth.StatusActive, - CreatedAt: now, - UpdatedAt: now, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenData.AccessToken, - "refresh_token": tokenData.RefreshToken, - "profile_arn": tokenData.ProfileArn, - "expires_at": tokenData.ExpiresAt, - "auth_method": tokenData.AuthMethod, - "provider": tokenData.Provider, - "client_id": tokenData.ClientID, - "client_secret": tokenData.ClientSecret, - "email": tokenData.Email, - }, - Attributes: map[string]string{ - "profile_arn": tokenData.ProfileArn, - "source": "aws-builder-id-authcode", - "email": tokenData.Email, - }, - // NextRefreshAfter: 20 minutes before expiry - NextRefreshAfter: expiresAt.Add(-20 * time.Minute), - } - - if tokenData.Email != "" { - fmt.Printf("\n✓ Kiro authentication completed successfully! (Account: %s)\n", tokenData.Email) - } else { - fmt.Println("\n✓ Kiro authentication completed successfully!") - } - - return record, nil -} - -// LoginWithGoogle performs OAuth login for Kiro with Google. -// NOTE: Google login is not available for third-party applications due to AWS Cognito restrictions. -// Please use AWS Builder ID or import your token from Kiro IDE. -func (a *KiroAuthenticator) LoginWithGoogle(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - return nil, fmt.Errorf("Google login is not available for third-party applications due to AWS Cognito restrictions.\n\nAlternatives:\n 1. Use AWS Builder ID: cliproxy kiro --builder-id\n 2. Import token from Kiro IDE: cliproxy kiro --import\n\nTo get a token from Kiro IDE:\n 1. Open Kiro IDE and login with Google\n 2. Find: ~/.kiro/kiro-auth-token.json\n 3. Run: cliproxy kiro --import") -} - -// LoginWithGitHub performs OAuth login for Kiro with GitHub. -// NOTE: GitHub login is not available for third-party applications due to AWS Cognito restrictions. -// Please use AWS Builder ID or import your token from Kiro IDE. -func (a *KiroAuthenticator) LoginWithGitHub(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - return nil, fmt.Errorf("GitHub login is not available for third-party applications due to AWS Cognito restrictions.\n\nAlternatives:\n 1. Use AWS Builder ID: cliproxy kiro --builder-id\n 2. Import token from Kiro IDE: cliproxy kiro --import\n\nTo get a token from Kiro IDE:\n 1. Open Kiro IDE and login with GitHub\n 2. Find: ~/.kiro/kiro-auth-token.json\n 3. Run: cliproxy kiro --import") -} - -// ImportFromKiroIDE imports token from Kiro IDE's token file. -func (a *KiroAuthenticator) ImportFromKiroIDE(ctx context.Context, cfg *config.Config) (*coreauth.Auth, error) { - tokenData, err := kiroauth.LoadKiroIDEToken() - if err != nil { - return nil, fmt.Errorf("failed to load Kiro IDE token: %w", err) - } - - // Parse expires_at - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - expiresAt = time.Now().Add(1 * time.Hour) - } - - // Extract email from JWT if not already set (for imported tokens) - if tokenData.Email == "" { - tokenData.Email = kiroauth.ExtractEmailFromJWT(tokenData.AccessToken) - } - - // Extract identifier for file naming - idPart := extractKiroIdentifier(tokenData.Email, tokenData.ProfileArn, tokenData.ClientID) - // Sanitize provider to prevent path traversal (defense-in-depth) - provider := kiroauth.SanitizeEmailForFilename(strings.ToLower(strings.TrimSpace(tokenData.Provider))) - if provider == "" { - provider = "imported" // Fallback for legacy tokens without provider - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-%s-%s.json", provider, idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Label: fmt.Sprintf("kiro-%s", provider), - Status: coreauth.StatusActive, - CreatedAt: now, - UpdatedAt: now, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenData.AccessToken, - "refresh_token": tokenData.RefreshToken, - "profile_arn": tokenData.ProfileArn, - "expires_at": tokenData.ExpiresAt, - "auth_method": tokenData.AuthMethod, - "provider": tokenData.Provider, - "client_id": tokenData.ClientID, - "client_secret": tokenData.ClientSecret, - "client_id_hash": tokenData.ClientIDHash, - "email": tokenData.Email, - "region": tokenData.Region, - "start_url": tokenData.StartURL, - }, - Attributes: map[string]string{ - "profile_arn": tokenData.ProfileArn, - "source": "kiro-ide-import", - "email": tokenData.Email, - "region": tokenData.Region, - }, - // NextRefreshAfter: 20 minutes before expiry - NextRefreshAfter: expiresAt.Add(-20 * time.Minute), - } - - // Display the email if extracted - if tokenData.Email != "" { - fmt.Printf("\n✓ Imported Kiro token from IDE (Provider: %s, Account: %s)\n", tokenData.Provider, tokenData.Email) - } else { - fmt.Printf("\n✓ Imported Kiro token from IDE (Provider: %s)\n", tokenData.Provider) - } - - return record, nil -} - -// Refresh refreshes an expired Kiro token using AWS SSO OIDC. -func (a *KiroAuthenticator) Refresh(ctx context.Context, cfg *config.Config, auth *coreauth.Auth) (*coreauth.Auth, error) { - if auth == nil || auth.Metadata == nil { - return nil, fmt.Errorf("invalid auth record") - } - - refreshToken, ok := auth.Metadata["refresh_token"].(string) - if !ok || refreshToken == "" { - return nil, fmt.Errorf("refresh token not found") - } - - clientID, _ := auth.Metadata["client_id"].(string) - clientSecret, _ := auth.Metadata["client_secret"].(string) - clientIDHash, _ := auth.Metadata["client_id_hash"].(string) - authMethod, _ := auth.Metadata["auth_method"].(string) - startURL, _ := auth.Metadata["start_url"].(string) - region, _ := auth.Metadata["region"].(string) - - // For Enterprise Kiro IDE (IDC auth), try to load clientId/clientSecret from device registration - // if they are missing from metadata. This handles the case where token was imported without - // clientId/clientSecret but has clientIdHash. - if (clientID == "" || clientSecret == "") && clientIDHash != "" { - if loadedClientID, loadedClientSecret, err := loadDeviceRegistrationCredentials(clientIDHash); err == nil { - clientID = loadedClientID - clientSecret = loadedClientSecret - } - } - - var tokenData *kiroauth.KiroTokenData - var err error - - ssoClient := kiroauth.NewSSOOIDCClient(cfg) - - // Use SSO OIDC refresh for AWS Builder ID or IDC, otherwise use Kiro's OAuth refresh endpoint - switch { - case clientID != "" && clientSecret != "" && authMethod == "idc" && region != "": - // IDC refresh with region-specific endpoint - tokenData, err = ssoClient.RefreshTokenWithRegion(ctx, clientID, clientSecret, refreshToken, region, startURL) - case clientID != "" && clientSecret != "" && (authMethod == "builder-id" || authMethod == "idc"): - // Builder ID or IDC refresh with default endpoint (us-east-1) - tokenData, err = ssoClient.RefreshToken(ctx, clientID, clientSecret, refreshToken) - default: - // Fallback to Kiro's refresh endpoint (for social auth: Google/GitHub) - oauth := kiroauth.NewKiroOAuth(cfg) - tokenData, err = oauth.RefreshToken(ctx, refreshToken) - } - - if err != nil { - return nil, fmt.Errorf("token refresh failed: %w", err) - } - - // Parse expires_at - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - expiresAt = time.Now().Add(1 * time.Hour) - } - - // Clone auth to avoid mutating the input parameter - updated := auth.Clone() - now := time.Now() - updated.UpdatedAt = now - updated.LastRefreshedAt = now - updated.Metadata["access_token"] = tokenData.AccessToken - updated.Metadata["refresh_token"] = tokenData.RefreshToken - updated.Metadata["expires_at"] = tokenData.ExpiresAt - updated.Metadata["last_refresh"] = now.Format(time.RFC3339) // For double-check optimization - // Store clientId/clientSecret if they were loaded from device registration - if clientID != "" && updated.Metadata["client_id"] == nil { - updated.Metadata["client_id"] = clientID - } - if clientSecret != "" && updated.Metadata["client_secret"] == nil { - updated.Metadata["client_secret"] = clientSecret - } - // NextRefreshAfter: 20 minutes before expiry - updated.NextRefreshAfter = expiresAt.Add(-20 * time.Minute) - - return updated, nil -} - -// loadDeviceRegistrationCredentials loads clientId and clientSecret from device registration file. -// This is used when refreshing tokens that were imported without clientId/clientSecret. -func loadDeviceRegistrationCredentials(clientIDHash string) (clientID, clientSecret string, err error) { - if clientIDHash == "" { - return "", "", fmt.Errorf("clientIdHash is empty") - } - - // Sanitize clientIdHash to prevent path traversal - if strings.Contains(clientIDHash, "/") || strings.Contains(clientIDHash, "\\") || strings.Contains(clientIDHash, "..") { - return "", "", fmt.Errorf("invalid clientIdHash: contains path separator") - } - - homeDir, err := os.UserHomeDir() - if err != nil { - return "", "", fmt.Errorf("failed to get home directory: %w", err) - } - - deviceRegPath := filepath.Join(homeDir, ".aws", "sso", "cache", clientIDHash+".json") - data, err := os.ReadFile(deviceRegPath) - if err != nil { - return "", "", fmt.Errorf("failed to read device registration file: %w", err) - } - - var deviceReg struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - } - - if err := json.Unmarshal(data, &deviceReg); err != nil { - return "", "", fmt.Errorf("failed to parse device registration: %w", err) - } - - if deviceReg.ClientID == "" || deviceReg.ClientSecret == "" { - return "", "", fmt.Errorf("device registration missing clientId or clientSecret") - } - - return deviceReg.ClientID, deviceReg.ClientSecret, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/manager.go b/.worktrees/config/m/config-build/active/sdk/auth/manager.go deleted file mode 100644 index d630f128e3..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/manager.go +++ /dev/null @@ -1,89 +0,0 @@ -package auth - -import ( - "context" - "fmt" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -// Manager aggregates authenticators and coordinates persistence via a token store. -type Manager struct { - authenticators map[string]Authenticator - store coreauth.Store -} - -// NewManager constructs a manager with the provided token store and authenticators. -// If store is nil, the caller must set it later using SetStore. -func NewManager(store coreauth.Store, authenticators ...Authenticator) *Manager { - mgr := &Manager{ - authenticators: make(map[string]Authenticator), - store: store, - } - for i := range authenticators { - mgr.Register(authenticators[i]) - } - return mgr -} - -// Register adds or replaces an authenticator keyed by its provider identifier. -func (m *Manager) Register(a Authenticator) { - if a == nil { - return - } - if m.authenticators == nil { - m.authenticators = make(map[string]Authenticator) - } - m.authenticators[a.Provider()] = a -} - -// SetStore updates the token store used for persistence. -func (m *Manager) SetStore(store coreauth.Store) { - m.store = store -} - -// Login executes the provider login flow and persists the resulting auth record. -func (m *Manager) Login(ctx context.Context, provider string, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, string, error) { - auth, ok := m.authenticators[provider] - if !ok { - return nil, "", fmt.Errorf("cliproxy auth: authenticator %s not registered", provider) - } - - record, err := auth.Login(ctx, cfg, opts) - if err != nil { - return nil, "", err - } - if record == nil { - return nil, "", fmt.Errorf("cliproxy auth: authenticator %s returned nil record", provider) - } - - if m.store == nil { - return record, "", nil - } - - if cfg != nil { - if dirSetter, ok := m.store.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(cfg.AuthDir) - } - } - - savedPath, err := m.store.Save(ctx, record) - if err != nil { - return record, "", err - } - return record, savedPath, nil -} - -// SaveAuth persists an auth record directly without going through the login flow. -func (m *Manager) SaveAuth(record *coreauth.Auth, cfg *config.Config) (string, error) { - if m.store == nil { - return "", fmt.Errorf("no store configured") - } - if cfg != nil { - if dirSetter, ok := m.store.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(cfg.AuthDir) - } - } - return m.store.Save(context.Background(), record) -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/qwen.go b/.worktrees/config/m/config-build/active/sdk/auth/qwen.go deleted file mode 100644 index 310d498760..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/qwen.go +++ /dev/null @@ -1,113 +0,0 @@ -package auth - -import ( - "context" - "fmt" - "strings" - "time" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/qwen" - "github.com/router-for-me/CLIProxyAPI/v6/internal/browser" - // legacy client removed - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// QwenAuthenticator implements the device flow login for Qwen accounts. -type QwenAuthenticator struct{} - -// NewQwenAuthenticator constructs a Qwen authenticator. -func NewQwenAuthenticator() *QwenAuthenticator { - return &QwenAuthenticator{} -} - -func (a *QwenAuthenticator) Provider() string { - return "qwen" -} - -func (a *QwenAuthenticator) RefreshLead() *time.Duration { - return new(3 * time.Hour) -} - -func (a *QwenAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) { - if cfg == nil { - return nil, fmt.Errorf("cliproxy auth: configuration is required") - } - if ctx == nil { - ctx = context.Background() - } - if opts == nil { - opts = &LoginOptions{} - } - - authSvc := qwen.NewQwenAuth(cfg) - - deviceFlow, err := authSvc.InitiateDeviceFlow(ctx) - if err != nil { - return nil, fmt.Errorf("qwen device flow initiation failed: %w", err) - } - - authURL := deviceFlow.VerificationURIComplete - - if !opts.NoBrowser { - fmt.Println("Opening browser for Qwen authentication") - if !browser.IsAvailable() { - log.Warn("No browser available; please open the URL manually") - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } else if err = browser.OpenURL(authURL); err != nil { - log.Warnf("Failed to open browser automatically: %v", err) - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - } else { - fmt.Printf("Visit the following URL to continue authentication:\n%s\n", authURL) - } - - fmt.Println("Waiting for Qwen authentication...") - - tokenData, err := authSvc.PollForToken(deviceFlow.DeviceCode, deviceFlow.CodeVerifier) - if err != nil { - return nil, fmt.Errorf("qwen authentication failed: %w", err) - } - - tokenStorage := authSvc.CreateTokenStorage(tokenData) - - email := "" - if opts.Metadata != nil { - email = opts.Metadata["email"] - if email == "" { - email = opts.Metadata["alias"] - } - } - - if email == "" && opts.Prompt != nil { - email, err = opts.Prompt("Please input your email address or alias for Qwen:") - if err != nil { - return nil, err - } - } - - email = strings.TrimSpace(email) - if email == "" { - return nil, &EmailRequiredError{Prompt: "Please provide an email address or alias for Qwen."} - } - - tokenStorage.Email = email - - // no legacy client construction - - fileName := fmt.Sprintf("qwen-%s.json", tokenStorage.Email) - metadata := map[string]any{ - "email": tokenStorage.Email, - } - - fmt.Println("Qwen authentication successful") - - return &coreauth.Auth{ - ID: fileName, - Provider: a.Provider(), - FileName: fileName, - Storage: tokenStorage, - Metadata: metadata, - }, nil -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/refresh_registry.go b/.worktrees/config/m/config-build/active/sdk/auth/refresh_registry.go deleted file mode 100644 index ecf8e820af..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/refresh_registry.go +++ /dev/null @@ -1,33 +0,0 @@ -package auth - -import ( - "time" - - cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -func init() { - registerRefreshLead("codex", func() Authenticator { return NewCodexAuthenticator() }) - registerRefreshLead("claude", func() Authenticator { return NewClaudeAuthenticator() }) - registerRefreshLead("qwen", func() Authenticator { return NewQwenAuthenticator() }) - registerRefreshLead("iflow", func() Authenticator { return NewIFlowAuthenticator() }) - registerRefreshLead("gemini", func() Authenticator { return NewGeminiAuthenticator() }) - registerRefreshLead("gemini-cli", func() Authenticator { return NewGeminiAuthenticator() }) - registerRefreshLead("antigravity", func() Authenticator { return NewAntigravityAuthenticator() }) - registerRefreshLead("kimi", func() Authenticator { return NewKimiAuthenticator() }) - registerRefreshLead("kiro", func() Authenticator { return NewKiroAuthenticator() }) - registerRefreshLead("github-copilot", func() Authenticator { return NewGitHubCopilotAuthenticator() }) -} - -func registerRefreshLead(provider string, factory func() Authenticator) { - cliproxyauth.RegisterRefreshLeadProvider(provider, func() *time.Duration { - if factory == nil { - return nil - } - auth := factory() - if auth == nil { - return nil - } - return auth.RefreshLead() - }) -} diff --git a/.worktrees/config/m/config-build/active/sdk/auth/store_registry.go b/.worktrees/config/m/config-build/active/sdk/auth/store_registry.go deleted file mode 100644 index 760449f8cf..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/auth/store_registry.go +++ /dev/null @@ -1,35 +0,0 @@ -package auth - -import ( - "sync" - - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" -) - -var ( - storeMu sync.RWMutex - registeredStore coreauth.Store -) - -// RegisterTokenStore sets the global token store used by the authentication helpers. -func RegisterTokenStore(store coreauth.Store) { - storeMu.Lock() - registeredStore = store - storeMu.Unlock() -} - -// GetTokenStore returns the globally registered token store. -func GetTokenStore() coreauth.Store { - storeMu.RLock() - s := registeredStore - storeMu.RUnlock() - if s != nil { - return s - } - storeMu.Lock() - defer storeMu.Unlock() - if registeredStore == nil { - registeredStore = NewFileTokenStore() - } - return registeredStore -} diff --git a/.worktrees/config/m/config-build/active/sdk/config/config.go b/.worktrees/config/m/config-build/active/sdk/config/config.go deleted file mode 100644 index 14163418f7..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/config/config.go +++ /dev/null @@ -1,54 +0,0 @@ -// Package config provides the public SDK configuration API. -// -// It re-exports the server configuration types and helpers so external projects can -// embed CLIProxyAPI without importing internal packages. -package config - -import internalconfig "github.com/router-for-me/CLIProxyAPI/v6/internal/config" - -type SDKConfig = internalconfig.SDKConfig - -type Config = internalconfig.Config - -type StreamingConfig = internalconfig.StreamingConfig -type TLSConfig = internalconfig.TLSConfig -type RemoteManagement = internalconfig.RemoteManagement -type AmpCode = internalconfig.AmpCode -type OAuthModelAlias = internalconfig.OAuthModelAlias -type PayloadConfig = internalconfig.PayloadConfig -type PayloadRule = internalconfig.PayloadRule -type PayloadFilterRule = internalconfig.PayloadFilterRule -type PayloadModelRule = internalconfig.PayloadModelRule - -type GeminiKey = internalconfig.GeminiKey -type CodexKey = internalconfig.CodexKey -type ClaudeKey = internalconfig.ClaudeKey -type VertexCompatKey = internalconfig.VertexCompatKey -type VertexCompatModel = internalconfig.VertexCompatModel -type OpenAICompatibility = internalconfig.OpenAICompatibility -type OpenAICompatibilityAPIKey = internalconfig.OpenAICompatibilityAPIKey -type OpenAICompatibilityModel = internalconfig.OpenAICompatibilityModel - -type TLS = internalconfig.TLSConfig - -const ( - DefaultPanelGitHubRepository = internalconfig.DefaultPanelGitHubRepository -) - -func LoadConfig(configFile string) (*Config, error) { return internalconfig.LoadConfig(configFile) } - -func LoadConfigOptional(configFile string, optional bool) (*Config, error) { - return internalconfig.LoadConfigOptional(configFile, optional) -} - -func SaveConfigPreserveComments(configFile string, cfg *Config) error { - return internalconfig.SaveConfigPreserveComments(configFile, cfg) -} - -func SaveConfigPreserveCommentsUpdateNestedScalar(configFile string, path []string, value string) error { - return internalconfig.SaveConfigPreserveCommentsUpdateNestedScalar(configFile, path, value) -} - -func NormalizeCommentIndentation(data []byte) []byte { - return internalconfig.NormalizeCommentIndentation(data) -} diff --git a/.worktrees/config/m/config-build/active/sdk/config/config_test.go b/.worktrees/config/m/config-build/active/sdk/config/config_test.go deleted file mode 100644 index c62a83d012..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/config/config_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package config - -import ( - "os" - "testing" -) - -func TestConfigWrappers(t *testing.T) { - tmpFile, _ := os.CreateTemp("", "config*.yaml") - defer func() { _ = os.Remove(tmpFile.Name()) }() - _, _ = tmpFile.Write([]byte("{}")) - _ = tmpFile.Close() - - cfg, err := LoadConfig(tmpFile.Name()) - if err != nil { - t.Errorf("LoadConfig failed: %v", err) - } - if cfg == nil { - t.Fatal("LoadConfig returned nil") - } - - cfg, err = LoadConfigOptional(tmpFile.Name(), true) - if err != nil { - t.Errorf("LoadConfigOptional failed: %v", err) - } - - err = SaveConfigPreserveComments(tmpFile.Name(), cfg) - if err != nil { - t.Errorf("SaveConfigPreserveComments failed: %v", err) - } - - err = SaveConfigPreserveCommentsUpdateNestedScalar(tmpFile.Name(), []string{"debug"}, "true") - if err != nil { - t.Errorf("SaveConfigPreserveCommentsUpdateNestedScalar failed: %v", err) - } - - data := NormalizeCommentIndentation([]byte(" # comment")) - if len(data) == 0 { - t.Error("NormalizeCommentIndentation returned empty") - } -} diff --git a/.worktrees/config/m/config-build/active/sdk/logging/request_logger.go b/.worktrees/config/m/config-build/active/sdk/logging/request_logger.go deleted file mode 100644 index ddbda6b8b0..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/logging/request_logger.go +++ /dev/null @@ -1,25 +0,0 @@ -// Package logging re-exports request logging primitives for SDK consumers. -package logging - -import internallogging "github.com/router-for-me/CLIProxyAPI/v6/internal/logging" - -const defaultErrorLogsMaxFiles = 10 - -// RequestLogger defines the interface for logging HTTP requests and responses. -type RequestLogger = internallogging.RequestLogger - -// StreamingLogWriter handles real-time logging of streaming response chunks. -type StreamingLogWriter = internallogging.StreamingLogWriter - -// FileRequestLogger implements RequestLogger using file-based storage. -type FileRequestLogger = internallogging.FileRequestLogger - -// NewFileRequestLogger creates a new file-based request logger with default error log retention (10 files). -func NewFileRequestLogger(enabled bool, logsDir string, configDir string) *FileRequestLogger { - return internallogging.NewFileRequestLogger(enabled, logsDir, configDir, defaultErrorLogsMaxFiles) -} - -// NewFileRequestLoggerWithOptions creates a new file-based request logger with configurable error log retention. -func NewFileRequestLoggerWithOptions(enabled bool, logsDir string, configDir string, errorLogsMaxFiles int) *FileRequestLogger { - return internallogging.NewFileRequestLogger(enabled, logsDir, configDir, errorLogsMaxFiles) -} diff --git a/.worktrees/config/m/config-build/active/sdk/translator/builtin/builtin.go b/.worktrees/config/m/config-build/active/sdk/translator/builtin/builtin.go deleted file mode 100644 index 798e43f1a9..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/builtin/builtin.go +++ /dev/null @@ -1,18 +0,0 @@ -// Package builtin exposes the built-in translator registrations for SDK users. -package builtin - -import ( - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator" -) - -// Registry exposes the default registry populated with all built-in translators. -func Registry() *sdktranslator.Registry { - return sdktranslator.Default() -} - -// Pipeline returns a pipeline that already contains the built-in translators. -func Pipeline() *sdktranslator.Pipeline { - return sdktranslator.NewPipeline(sdktranslator.Default()) -} diff --git a/.worktrees/config/m/config-build/active/sdk/translator/format.go b/.worktrees/config/m/config-build/active/sdk/translator/format.go deleted file mode 100644 index ec0f37f65d..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/format.go +++ /dev/null @@ -1,14 +0,0 @@ -package translator - -// Format identifies a request/response schema used inside the proxy. -type Format string - -// FromString converts an arbitrary identifier to a translator format. -func FromString(v string) Format { - return Format(v) -} - -// String returns the raw schema identifier. -func (f Format) String() string { - return string(f) -} diff --git a/.worktrees/config/m/config-build/active/sdk/translator/formats.go b/.worktrees/config/m/config-build/active/sdk/translator/formats.go deleted file mode 100644 index aafe9e056c..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/formats.go +++ /dev/null @@ -1,12 +0,0 @@ -package translator - -// Common format identifiers exposed for SDK users. -const ( - FormatOpenAI Format = "openai" - FormatOpenAIResponse Format = "openai-response" - FormatClaude Format = "claude" - FormatGemini Format = "gemini" - FormatGeminiCLI Format = "gemini-cli" - FormatCodex Format = "codex" - FormatAntigravity Format = "antigravity" -) diff --git a/.worktrees/config/m/config-build/active/sdk/translator/helpers.go b/.worktrees/config/m/config-build/active/sdk/translator/helpers.go deleted file mode 100644 index bf8cfbf79d..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/helpers.go +++ /dev/null @@ -1,28 +0,0 @@ -package translator - -import "context" - -// TranslateRequestByFormatName converts a request payload between schemas by their string identifiers. -func TranslateRequestByFormatName(from, to Format, model string, rawJSON []byte, stream bool) []byte { - return TranslateRequest(from, to, model, rawJSON, stream) -} - -// HasResponseTransformerByFormatName reports whether a response translator exists between two schemas. -func HasResponseTransformerByFormatName(from, to Format) bool { - return HasResponseTransformer(from, to) -} - -// TranslateStreamByFormatName converts streaming responses between schemas by their string identifiers. -func TranslateStreamByFormatName(ctx context.Context, from, to Format, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - return TranslateStream(ctx, from, to, model, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// TranslateNonStreamByFormatName converts non-streaming responses between schemas by their string identifiers. -func TranslateNonStreamByFormatName(ctx context.Context, from, to Format, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return TranslateNonStream(ctx, from, to, model, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// TranslateTokenCountByFormatName converts token counts between schemas by their string identifiers. -func TranslateTokenCountByFormatName(ctx context.Context, from, to Format, count int64, rawJSON []byte) string { - return TranslateTokenCount(ctx, from, to, count, rawJSON) -} diff --git a/.worktrees/config/m/config-build/active/sdk/translator/pipeline.go b/.worktrees/config/m/config-build/active/sdk/translator/pipeline.go deleted file mode 100644 index 5fa6c66a0a..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/pipeline.go +++ /dev/null @@ -1,106 +0,0 @@ -package translator - -import "context" - -// RequestEnvelope represents a request in the translation pipeline. -type RequestEnvelope struct { - Format Format - Model string - Stream bool - Body []byte -} - -// ResponseEnvelope represents a response in the translation pipeline. -type ResponseEnvelope struct { - Format Format - Model string - Stream bool - Body []byte - Chunks []string -} - -// RequestMiddleware decorates request translation. -type RequestMiddleware func(ctx context.Context, req RequestEnvelope, next RequestHandler) (RequestEnvelope, error) - -// ResponseMiddleware decorates response translation. -type ResponseMiddleware func(ctx context.Context, resp ResponseEnvelope, next ResponseHandler) (ResponseEnvelope, error) - -// RequestHandler performs request translation between formats. -type RequestHandler func(ctx context.Context, req RequestEnvelope) (RequestEnvelope, error) - -// ResponseHandler performs response translation between formats. -type ResponseHandler func(ctx context.Context, resp ResponseEnvelope) (ResponseEnvelope, error) - -// Pipeline orchestrates request/response transformation with middleware support. -type Pipeline struct { - registry *Registry - requestMiddleware []RequestMiddleware - responseMiddleware []ResponseMiddleware -} - -// NewPipeline constructs a pipeline bound to the provided registry. -func NewPipeline(registry *Registry) *Pipeline { - if registry == nil { - registry = Default() - } - return &Pipeline{registry: registry} -} - -// UseRequest adds request middleware executed in registration order. -func (p *Pipeline) UseRequest(mw RequestMiddleware) { - if mw != nil { - p.requestMiddleware = append(p.requestMiddleware, mw) - } -} - -// UseResponse adds response middleware executed in registration order. -func (p *Pipeline) UseResponse(mw ResponseMiddleware) { - if mw != nil { - p.responseMiddleware = append(p.responseMiddleware, mw) - } -} - -// TranslateRequest applies middleware and registry transformations. -func (p *Pipeline) TranslateRequest(ctx context.Context, from, to Format, req RequestEnvelope) (RequestEnvelope, error) { - terminal := func(ctx context.Context, input RequestEnvelope) (RequestEnvelope, error) { - translated := p.registry.TranslateRequest(from, to, input.Model, input.Body, input.Stream) - input.Body = translated - input.Format = to - return input, nil - } - - handler := terminal - for i := len(p.requestMiddleware) - 1; i >= 0; i-- { - mw := p.requestMiddleware[i] - next := handler - handler = func(ctx context.Context, r RequestEnvelope) (RequestEnvelope, error) { - return mw(ctx, r, next) - } - } - - return handler(ctx, req) -} - -// TranslateResponse applies middleware and registry transformations. -func (p *Pipeline) TranslateResponse(ctx context.Context, from, to Format, resp ResponseEnvelope, originalReq, translatedReq []byte, param *any) (ResponseEnvelope, error) { - terminal := func(ctx context.Context, input ResponseEnvelope) (ResponseEnvelope, error) { - if input.Stream { - input.Chunks = p.registry.TranslateStream(ctx, from, to, input.Model, originalReq, translatedReq, input.Body, param) - } else { - input.Body = []byte(p.registry.TranslateNonStream(ctx, from, to, input.Model, originalReq, translatedReq, input.Body, param)) - } - input.Format = to - return input, nil - } - - handler := terminal - for i := len(p.responseMiddleware) - 1; i >= 0; i-- { - mw := p.responseMiddleware[i] - next := handler - handler = func(ctx context.Context, r ResponseEnvelope) (ResponseEnvelope, error) { - return mw(ctx, r, next) - } - } - - return handler(ctx, resp) -} diff --git a/.worktrees/config/m/config-build/active/sdk/translator/registry.go b/.worktrees/config/m/config-build/active/sdk/translator/registry.go deleted file mode 100644 index ace9713711..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/registry.go +++ /dev/null @@ -1,142 +0,0 @@ -package translator - -import ( - "context" - "sync" -) - -// Registry manages translation functions across schemas. -type Registry struct { - mu sync.RWMutex - requests map[Format]map[Format]RequestTransform - responses map[Format]map[Format]ResponseTransform -} - -// NewRegistry constructs an empty translator registry. -func NewRegistry() *Registry { - return &Registry{ - requests: make(map[Format]map[Format]RequestTransform), - responses: make(map[Format]map[Format]ResponseTransform), - } -} - -// Register stores request/response transforms between two formats. -func (r *Registry) Register(from, to Format, request RequestTransform, response ResponseTransform) { - r.mu.Lock() - defer r.mu.Unlock() - - if _, ok := r.requests[from]; !ok { - r.requests[from] = make(map[Format]RequestTransform) - } - if request != nil { - r.requests[from][to] = request - } - - if _, ok := r.responses[from]; !ok { - r.responses[from] = make(map[Format]ResponseTransform) - } - r.responses[from][to] = response -} - -// TranslateRequest converts a payload between schemas, returning the original payload -// if no translator is registered. -func (r *Registry) TranslateRequest(from, to Format, model string, rawJSON []byte, stream bool) []byte { - r.mu.RLock() - defer r.mu.RUnlock() - - if byTarget, ok := r.requests[from]; ok { - if fn, isOk := byTarget[to]; isOk && fn != nil { - return fn(model, rawJSON, stream) - } - } - return rawJSON -} - -// HasResponseTransformer indicates whether a response translator exists. -func (r *Registry) HasResponseTransformer(from, to Format) bool { - r.mu.RLock() - defer r.mu.RUnlock() - - if byTarget, ok := r.responses[from]; ok { - if _, isOk := byTarget[to]; isOk { - return true - } - } - return false -} - -// TranslateStream applies the registered streaming response translator. -func (r *Registry) TranslateStream(ctx context.Context, from, to Format, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - r.mu.RLock() - defer r.mu.RUnlock() - - if byTarget, ok := r.responses[to]; ok { - if fn, isOk := byTarget[from]; isOk && fn.Stream != nil { - return fn.Stream(ctx, model, originalRequestRawJSON, requestRawJSON, rawJSON, param) - } - } - return []string{string(rawJSON)} -} - -// TranslateNonStream applies the registered non-stream response translator. -func (r *Registry) TranslateNonStream(ctx context.Context, from, to Format, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - r.mu.RLock() - defer r.mu.RUnlock() - - if byTarget, ok := r.responses[to]; ok { - if fn, isOk := byTarget[from]; isOk && fn.NonStream != nil { - return fn.NonStream(ctx, model, originalRequestRawJSON, requestRawJSON, rawJSON, param) - } - } - return string(rawJSON) -} - -// TranslateNonStream applies the registered non-stream response translator. -func (r *Registry) TranslateTokenCount(ctx context.Context, from, to Format, count int64, rawJSON []byte) string { - r.mu.RLock() - defer r.mu.RUnlock() - - if byTarget, ok := r.responses[to]; ok { - if fn, isOk := byTarget[from]; isOk && fn.TokenCount != nil { - return fn.TokenCount(ctx, count) - } - } - return string(rawJSON) -} - -var defaultRegistry = NewRegistry() - -// Default exposes the package-level registry for shared use. -func Default() *Registry { - return defaultRegistry -} - -// Register attaches transforms to the default registry. -func Register(from, to Format, request RequestTransform, response ResponseTransform) { - defaultRegistry.Register(from, to, request, response) -} - -// TranslateRequest is a helper on the default registry. -func TranslateRequest(from, to Format, model string, rawJSON []byte, stream bool) []byte { - return defaultRegistry.TranslateRequest(from, to, model, rawJSON, stream) -} - -// HasResponseTransformer inspects the default registry. -func HasResponseTransformer(from, to Format) bool { - return defaultRegistry.HasResponseTransformer(from, to) -} - -// TranslateStream is a helper on the default registry. -func TranslateStream(ctx context.Context, from, to Format, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - return defaultRegistry.TranslateStream(ctx, from, to, model, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// TranslateNonStream is a helper on the default registry. -func TranslateNonStream(ctx context.Context, from, to Format, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return defaultRegistry.TranslateNonStream(ctx, from, to, model, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// TranslateTokenCount is a helper on the default registry. -func TranslateTokenCount(ctx context.Context, from, to Format, count int64, rawJSON []byte) string { - return defaultRegistry.TranslateTokenCount(ctx, from, to, count, rawJSON) -} diff --git a/.worktrees/config/m/config-build/active/sdk/translator/types.go b/.worktrees/config/m/config-build/active/sdk/translator/types.go deleted file mode 100644 index ff69340a57..0000000000 --- a/.worktrees/config/m/config-build/active/sdk/translator/types.go +++ /dev/null @@ -1,34 +0,0 @@ -// Package translator provides types and functions for converting chat requests and responses between different schemas. -package translator - -import "context" - -// RequestTransform is a function type that converts a request payload from a source schema to a target schema. -// It takes the model name, the raw JSON payload of the request, and a boolean indicating if the request is for a streaming response. -// It returns the converted request payload as a byte slice. -type RequestTransform func(model string, rawJSON []byte, stream bool) []byte - -// ResponseStreamTransform is a function type that converts a streaming response from a source schema to a target schema. -// It takes a context, the model name, the raw JSON of the original and converted requests, the raw JSON of the current response chunk, and an optional parameter. -// It returns a slice of strings, where each string is a chunk of the converted streaming response. -type ResponseStreamTransform func(ctx context.Context, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string - -// ResponseNonStreamTransform is a function type that converts a non-streaming response from a source schema to a target schema. -// It takes a context, the model name, the raw JSON of the original and converted requests, the raw JSON of the response, and an optional parameter. -// It returns the converted response as a single string. -type ResponseNonStreamTransform func(ctx context.Context, model string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string - -// ResponseTokenCountTransform is a function type that transforms a token count from a source format to a target format. -// It takes a context and the token count as an int64, and returns the transformed token count as a string. -type ResponseTokenCountTransform func(ctx context.Context, count int64) string - -// ResponseTransform is a struct that groups together the functions for transforming streaming and non-streaming responses, -// as well as token counts. -type ResponseTransform struct { - // Stream is the function for transforming streaming responses. - Stream ResponseStreamTransform - // NonStream is the function for transforming non-streaming responses. - NonStream ResponseNonStreamTransform - // TokenCount is the function for transforming token counts. - TokenCount ResponseTokenCountTransform -} diff --git a/.worktrees/config/m/config-build/active/test/amp_management_test.go b/.worktrees/config/m/config-build/active/test/amp_management_test.go deleted file mode 100644 index e384ef0e8b..0000000000 --- a/.worktrees/config/m/config-build/active/test/amp_management_test.go +++ /dev/null @@ -1,915 +0,0 @@ -package test - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "testing" - - "github.com/gin-gonic/gin" - "github.com/router-for-me/CLIProxyAPI/v6/internal/api/handlers/management" - "github.com/router-for-me/CLIProxyAPI/v6/internal/config" -) - -func init() { - gin.SetMode(gin.TestMode) -} - -// newAmpTestHandler creates a test handler with default ampcode configuration. -func newAmpTestHandler(t *testing.T) (*management.Handler, string) { - t.Helper() - tmpDir := t.TempDir() - configPath := filepath.Join(tmpDir, "config.yaml") - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "https://example.com", - UpstreamAPIKey: "test-api-key-12345", - RestrictManagementToLocalhost: true, - ForceModelMappings: false, - ModelMappings: []config.AmpModelMapping{ - {From: "gpt-4", To: "gemini-pro"}, - }, - }, - } - - if err := os.WriteFile(configPath, []byte("port: 8080\n"), 0644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - h := management.NewHandler(cfg, configPath, nil) - return h, configPath -} - -// setupAmpRouter creates a test router with all ampcode management endpoints. -func setupAmpRouter(h *management.Handler) *gin.Engine { - r := gin.New() - mgmt := r.Group("/v0/management") - { - mgmt.GET("/ampcode", h.GetAmpCode) - mgmt.GET("/ampcode/upstream-url", h.GetAmpUpstreamURL) - mgmt.PUT("/ampcode/upstream-url", h.PutAmpUpstreamURL) - mgmt.DELETE("/ampcode/upstream-url", h.DeleteAmpUpstreamURL) - mgmt.GET("/ampcode/upstream-api-key", h.GetAmpUpstreamAPIKey) - mgmt.PUT("/ampcode/upstream-api-key", h.PutAmpUpstreamAPIKey) - mgmt.DELETE("/ampcode/upstream-api-key", h.DeleteAmpUpstreamAPIKey) - mgmt.GET("/ampcode/upstream-api-keys", h.GetAmpUpstreamAPIKeys) - mgmt.PUT("/ampcode/upstream-api-keys", h.PutAmpUpstreamAPIKeys) - mgmt.PATCH("/ampcode/upstream-api-keys", h.PatchAmpUpstreamAPIKeys) - mgmt.DELETE("/ampcode/upstream-api-keys", h.DeleteAmpUpstreamAPIKeys) - mgmt.GET("/ampcode/restrict-management-to-localhost", h.GetAmpRestrictManagementToLocalhost) - mgmt.PUT("/ampcode/restrict-management-to-localhost", h.PutAmpRestrictManagementToLocalhost) - mgmt.GET("/ampcode/model-mappings", h.GetAmpModelMappings) - mgmt.PUT("/ampcode/model-mappings", h.PutAmpModelMappings) - mgmt.PATCH("/ampcode/model-mappings", h.PatchAmpModelMappings) - mgmt.DELETE("/ampcode/model-mappings", h.DeleteAmpModelMappings) - mgmt.GET("/ampcode/force-model-mappings", h.GetAmpForceModelMappings) - mgmt.PUT("/ampcode/force-model-mappings", h.PutAmpForceModelMappings) - } - return r -} - -// TestGetAmpCode verifies GET /v0/management/ampcode returns full ampcode config. -func TestGetAmpCode(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string]config.AmpCode - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - ampcode := resp["ampcode"] - if ampcode.UpstreamURL != "https://example.com" { - t.Errorf("expected upstream-url %q, got %q", "https://example.com", ampcode.UpstreamURL) - } - if len(ampcode.ModelMappings) != 1 { - t.Errorf("expected 1 model mapping, got %d", len(ampcode.ModelMappings)) - } -} - -// TestGetAmpUpstreamURL verifies GET /v0/management/ampcode/upstream-url returns the upstream URL. -func TestGetAmpUpstreamURL(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-url", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string]string - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - if resp["upstream-url"] != "https://example.com" { - t.Errorf("expected %q, got %q", "https://example.com", resp["upstream-url"]) - } -} - -// TestPutAmpUpstreamURL verifies PUT /v0/management/ampcode/upstream-url updates the upstream URL. -func TestPutAmpUpstreamURL(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": "https://new-upstream.com"}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-url", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String()) - } -} - -// TestDeleteAmpUpstreamURL verifies DELETE /v0/management/ampcode/upstream-url clears the upstream URL. -func TestDeleteAmpUpstreamURL(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-url", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestGetAmpUpstreamAPIKey verifies GET /v0/management/ampcode/upstream-api-key returns the API key. -func TestGetAmpUpstreamAPIKey(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-key", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string]any - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - key := resp["upstream-api-key"].(string) - if key != "test-api-key-12345" { - t.Errorf("expected key %q, got %q", "test-api-key-12345", key) - } -} - -// TestPutAmpUpstreamAPIKey verifies PUT /v0/management/ampcode/upstream-api-key updates the API key. -func TestPutAmpUpstreamAPIKey(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": "new-secret-key"}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-key", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -func TestPutAmpUpstreamAPIKeys_PersistsAndReturns(t *testing.T) { - h, configPath := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value":[{"upstream-api-key":" u1 ","api-keys":[" k1 ","","k2"]}]}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-keys", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String()) - } - - // Verify it was persisted to disk - loaded, err := config.LoadConfig(configPath) - if err != nil { - t.Fatalf("failed to load config from disk: %v", err) - } - if len(loaded.AmpCode.UpstreamAPIKeys) != 1 { - t.Fatalf("expected 1 upstream-api-keys entry, got %d", len(loaded.AmpCode.UpstreamAPIKeys)) - } - entry := loaded.AmpCode.UpstreamAPIKeys[0] - if entry.UpstreamAPIKey != "u1" { - t.Fatalf("expected upstream-api-key u1, got %q", entry.UpstreamAPIKey) - } - if len(entry.APIKeys) != 2 || entry.APIKeys[0] != "k1" || entry.APIKeys[1] != "k2" { - t.Fatalf("expected api-keys [k1 k2], got %#v", entry.APIKeys) - } - - // Verify it is returned by GET /ampcode - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - var resp map[string]config.AmpCode - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - if got := resp["ampcode"].UpstreamAPIKeys; len(got) != 1 || got[0].UpstreamAPIKey != "u1" { - t.Fatalf("expected upstream-api-keys to be present after update, got %#v", got) - } -} - -func TestDeleteAmpUpstreamAPIKeys_ClearsAll(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - // Seed with one entry - putBody := `{"value":[{"upstream-api-key":"u1","api-keys":["k1"]}]}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-keys", bytes.NewBufferString(putBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String()) - } - - deleteBody := `{"value":[]}` - req = httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-api-keys", bytes.NewBufferString(deleteBody)) - req.Header.Set("Content-Type", "application/json") - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-keys", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - var resp map[string][]config.AmpUpstreamAPIKeyEntry - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - if resp["upstream-api-keys"] != nil && len(resp["upstream-api-keys"]) != 0 { - t.Fatalf("expected cleared list, got %#v", resp["upstream-api-keys"]) - } -} - -// TestDeleteAmpUpstreamAPIKey verifies DELETE /v0/management/ampcode/upstream-api-key clears the API key. -func TestDeleteAmpUpstreamAPIKey(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-api-key", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestGetAmpRestrictManagementToLocalhost verifies GET returns the localhost restriction setting. -func TestGetAmpRestrictManagementToLocalhost(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/restrict-management-to-localhost", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string]bool - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - if resp["restrict-management-to-localhost"] != true { - t.Error("expected restrict-management-to-localhost to be true") - } -} - -// TestPutAmpRestrictManagementToLocalhost verifies PUT updates the localhost restriction setting. -func TestPutAmpRestrictManagementToLocalhost(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": false}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/restrict-management-to-localhost", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestGetAmpModelMappings verifies GET /v0/management/ampcode/model-mappings returns all mappings. -func TestGetAmpModelMappings(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - mappings := resp["model-mappings"] - if len(mappings) != 1 { - t.Fatalf("expected 1 mapping, got %d", len(mappings)) - } - if mappings[0].From != "gpt-4" || mappings[0].To != "gemini-pro" { - t.Errorf("unexpected mapping: %+v", mappings[0]) - } -} - -// TestPutAmpModelMappings verifies PUT /v0/management/ampcode/model-mappings replaces all mappings. -func TestPutAmpModelMappings(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": [{"from": "claude-3", "to": "gpt-4o"}, {"from": "gemini", "to": "claude"}]}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String()) - } -} - -// TestPatchAmpModelMappings verifies PATCH updates existing mappings and adds new ones. -func TestPatchAmpModelMappings(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": [{"from": "gpt-4", "to": "updated-model"}, {"from": "new-model", "to": "target"}]}` - req := httptest.NewRequest(http.MethodPatch, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d: %s", http.StatusOK, w.Code, w.Body.String()) - } -} - -// TestDeleteAmpModelMappings_Specific verifies DELETE removes specified mappings by "from" field. -func TestDeleteAmpModelMappings_Specific(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": ["gpt-4"]}` - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestDeleteAmpModelMappings_All verifies DELETE with empty body removes all mappings. -func TestDeleteAmpModelMappings_All(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestGetAmpForceModelMappings verifies GET returns the force-model-mappings setting. -func TestGetAmpForceModelMappings(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/force-model-mappings", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string]bool - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal response: %v", err) - } - - if resp["force-model-mappings"] != false { - t.Error("expected force-model-mappings to be false") - } -} - -// TestPutAmpForceModelMappings verifies PUT updates the force-model-mappings setting. -func TestPutAmpForceModelMappings(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": true}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/force-model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestPutAmpModelMappings_VerifyState verifies PUT replaces mappings and state is persisted. -func TestPutAmpModelMappings_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": [{"from": "model-a", "to": "model-b"}, {"from": "model-c", "to": "model-d"}, {"from": "model-e", "to": "model-f"}]}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("PUT failed: status %d, body: %s", w.Code, w.Body.String()) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - mappings := resp["model-mappings"] - if len(mappings) != 3 { - t.Fatalf("expected 3 mappings, got %d", len(mappings)) - } - - expected := map[string]string{"model-a": "model-b", "model-c": "model-d", "model-e": "model-f"} - for _, m := range mappings { - if expected[m.From] != m.To { - t.Errorf("mapping %q -> expected %q, got %q", m.From, expected[m.From], m.To) - } - } -} - -// TestPatchAmpModelMappings_VerifyState verifies PATCH merges mappings correctly. -func TestPatchAmpModelMappings_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": [{"from": "gpt-4", "to": "updated-target"}, {"from": "new-model", "to": "new-target"}]}` - req := httptest.NewRequest(http.MethodPatch, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("PATCH failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - mappings := resp["model-mappings"] - if len(mappings) != 2 { - t.Fatalf("expected 2 mappings (1 updated + 1 new), got %d", len(mappings)) - } - - found := make(map[string]string) - for _, m := range mappings { - found[m.From] = m.To - } - - if found["gpt-4"] != "updated-target" { - t.Errorf("gpt-4 should map to updated-target, got %q", found["gpt-4"]) - } - if found["new-model"] != "new-target" { - t.Errorf("new-model should map to new-target, got %q", found["new-model"]) - } -} - -// TestDeleteAmpModelMappings_VerifyState verifies DELETE removes specific mappings and keeps others. -func TestDeleteAmpModelMappings_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - putBody := `{"value": [{"from": "a", "to": "1"}, {"from": "b", "to": "2"}, {"from": "c", "to": "3"}]}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(putBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - delBody := `{"value": ["a", "c"]}` - req = httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(delBody)) - req.Header.Set("Content-Type", "application/json") - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("DELETE failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - mappings := resp["model-mappings"] - if len(mappings) != 1 { - t.Fatalf("expected 1 mapping remaining, got %d", len(mappings)) - } - if mappings[0].From != "b" || mappings[0].To != "2" { - t.Errorf("expected b->2, got %s->%s", mappings[0].From, mappings[0].To) - } -} - -// TestDeleteAmpModelMappings_NonExistent verifies DELETE with non-existent mapping doesn't affect existing ones. -func TestDeleteAmpModelMappings_NonExistent(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - delBody := `{"value": ["non-existent-model"]}` - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(delBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if len(resp["model-mappings"]) != 1 { - t.Errorf("original mapping should remain, got %d mappings", len(resp["model-mappings"])) - } -} - -// TestPutAmpModelMappings_Empty verifies PUT with empty array clears all mappings. -func TestPutAmpModelMappings_Empty(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": []}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if len(resp["model-mappings"]) != 0 { - t.Errorf("expected 0 mappings, got %d", len(resp["model-mappings"])) - } -} - -// TestPutAmpUpstreamURL_VerifyState verifies PUT updates upstream URL and persists state. -func TestPutAmpUpstreamURL_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": "https://new-api.example.com"}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-url", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("PUT failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-url", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string]string - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if resp["upstream-url"] != "https://new-api.example.com" { - t.Errorf("expected %q, got %q", "https://new-api.example.com", resp["upstream-url"]) - } -} - -// TestDeleteAmpUpstreamURL_VerifyState verifies DELETE clears upstream URL. -func TestDeleteAmpUpstreamURL_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-url", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("DELETE failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-url", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string]string - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if resp["upstream-url"] != "" { - t.Errorf("expected empty string, got %q", resp["upstream-url"]) - } -} - -// TestPutAmpUpstreamAPIKey_VerifyState verifies PUT updates API key and persists state. -func TestPutAmpUpstreamAPIKey_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": "new-secret-api-key-xyz"}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/upstream-api-key", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("PUT failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-key", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string]string - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if resp["upstream-api-key"] != "new-secret-api-key-xyz" { - t.Errorf("expected %q, got %q", "new-secret-api-key-xyz", resp["upstream-api-key"]) - } -} - -// TestDeleteAmpUpstreamAPIKey_VerifyState verifies DELETE clears API key. -func TestDeleteAmpUpstreamAPIKey_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/upstream-api-key", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("DELETE failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/upstream-api-key", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string]string - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if resp["upstream-api-key"] != "" { - t.Errorf("expected empty string, got %q", resp["upstream-api-key"]) - } -} - -// TestPutAmpRestrictManagementToLocalhost_VerifyState verifies PUT updates localhost restriction. -func TestPutAmpRestrictManagementToLocalhost_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": false}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/restrict-management-to-localhost", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("PUT failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/restrict-management-to-localhost", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string]bool - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if resp["restrict-management-to-localhost"] != false { - t.Error("expected false after update") - } -} - -// TestPutAmpForceModelMappings_VerifyState verifies PUT updates force-model-mappings setting. -func TestPutAmpForceModelMappings_VerifyState(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{"value": true}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/force-model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("PUT failed: status %d", w.Code) - } - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/force-model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string]bool - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if resp["force-model-mappings"] != true { - t.Error("expected true after update") - } -} - -// TestPutBoolField_EmptyObject verifies PUT with empty object returns 400. -func TestPutBoolField_EmptyObject(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - body := `{}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/force-model-mappings", bytes.NewBufferString(body)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusBadRequest { - t.Fatalf("expected status %d for empty object, got %d", http.StatusBadRequest, w.Code) - } -} - -// TestComplexMappingsWorkflow tests a full workflow: PUT, PATCH, DELETE, and GET. -func TestComplexMappingsWorkflow(t *testing.T) { - h, _ := newAmpTestHandler(t) - r := setupAmpRouter(h) - - putBody := `{"value": [{"from": "m1", "to": "t1"}, {"from": "m2", "to": "t2"}, {"from": "m3", "to": "t3"}, {"from": "m4", "to": "t4"}]}` - req := httptest.NewRequest(http.MethodPut, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(putBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - patchBody := `{"value": [{"from": "m2", "to": "t2-updated"}, {"from": "m5", "to": "t5"}]}` - req = httptest.NewRequest(http.MethodPatch, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(patchBody)) - req.Header.Set("Content-Type", "application/json") - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - delBody := `{"value": ["m1", "m3"]}` - req = httptest.NewRequest(http.MethodDelete, "/v0/management/ampcode/model-mappings", bytes.NewBufferString(delBody)) - req.Header.Set("Content-Type", "application/json") - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - req = httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - mappings := resp["model-mappings"] - if len(mappings) != 3 { - t.Fatalf("expected 3 mappings (m2, m4, m5), got %d", len(mappings)) - } - - expected := map[string]string{"m2": "t2-updated", "m4": "t4", "m5": "t5"} - found := make(map[string]string) - for _, m := range mappings { - found[m.From] = m.To - } - - for from, to := range expected { - if found[from] != to { - t.Errorf("mapping %s: expected %q, got %q", from, to, found[from]) - } - } -} - -// TestNilHandlerGetAmpCode verifies handler works with empty config. -func TestNilHandlerGetAmpCode(t *testing.T) { - cfg := &config.Config{} - h := management.NewHandler(cfg, "", nil) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } -} - -// TestEmptyConfigGetAmpModelMappings verifies GET returns empty array for fresh config. -func TestEmptyConfigGetAmpModelMappings(t *testing.T) { - cfg := &config.Config{} - tmpDir := t.TempDir() - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8080\n"), 0644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - h := management.NewHandler(cfg, configPath, nil) - r := setupAmpRouter(h) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/ampcode/model-mappings", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("expected status %d, got %d", http.StatusOK, w.Code) - } - - var resp map[string][]config.AmpModelMapping - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("failed to unmarshal: %v", err) - } - - if len(resp["model-mappings"]) != 0 { - t.Errorf("expected 0 mappings, got %d", len(resp["model-mappings"])) - } -} diff --git a/.worktrees/config/m/config-build/active/test/builtin_tools_translation_test.go b/.worktrees/config/m/config-build/active/test/builtin_tools_translation_test.go deleted file mode 100644 index 07d7671544..0000000000 --- a/.worktrees/config/m/config-build/active/test/builtin_tools_translation_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package test - -import ( - "testing" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator" - - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestOpenAIToCodex_PreservesBuiltinTools(t *testing.T) { - in := []byte(`{ - "model":"gpt-5", - "messages":[{"role":"user","content":"hi"}], - "tools":[{"type":"web_search","search_context_size":"high"}], - "tool_choice":{"type":"web_search"} - }`) - - out := sdktranslator.TranslateRequest(sdktranslator.FormatOpenAI, sdktranslator.FormatCodex, "gpt-5", in, false) - - if got := gjson.GetBytes(out, "tools.#").Int(); got != 1 { - t.Fatalf("expected 1 tool, got %d: %s", got, string(out)) - } - if got := gjson.GetBytes(out, "tools.0.type").String(); got != "web_search" { - t.Fatalf("expected tools[0].type=web_search, got %q: %s", got, string(out)) - } - if got := gjson.GetBytes(out, "tools.0.search_context_size").String(); got != "high" { - t.Fatalf("expected tools[0].search_context_size=high, got %q: %s", got, string(out)) - } - if got := gjson.GetBytes(out, "tool_choice.type").String(); got != "web_search" { - t.Fatalf("expected tool_choice.type=web_search, got %q: %s", got, string(out)) - } -} - -func TestOpenAIResponsesToOpenAI_IgnoresBuiltinTools(t *testing.T) { - in := []byte(`{ - "model":"gpt-5", - "input":[{"role":"user","content":[{"type":"input_text","text":"hi"}]}], - "tools":[{"type":"web_search","search_context_size":"low"}] - }`) - - out := sdktranslator.TranslateRequest(sdktranslator.FormatOpenAIResponse, sdktranslator.FormatOpenAI, "gpt-5", in, false) - - if got := gjson.GetBytes(out, "tools.#").Int(); got != 0 { - t.Fatalf("expected 0 tools (builtin tools not supported in Chat Completions), got %d: %s", got, string(out)) - } -} diff --git a/.worktrees/config/m/config-build/active/test/roo_kilo_login_integration_test.go b/.worktrees/config/m/config-build/active/test/roo_kilo_login_integration_test.go deleted file mode 100644 index 7072da8144..0000000000 --- a/.worktrees/config/m/config-build/active/test/roo_kilo_login_integration_test.go +++ /dev/null @@ -1,106 +0,0 @@ -// Integration tests for -roo-login and -kilo-login flags. -// Runs the cliproxyapi++ binary with fake roo/kilo in PATH. -package test - -import ( - "os" - "os/exec" - "path/filepath" - "strings" - "testing" -) - -func findOrBuildBinary(t *testing.T) string { - t.Helper() - // Prefer existing binary in repo root - wd, err := os.Getwd() - if err != nil { - t.Fatalf("getwd: %v", err) - } - // When running from test/, parent is repo root - repoRoot := filepath.Dir(wd) - if filepath.Base(wd) != "test" { - repoRoot = wd - } - binary := filepath.Join(repoRoot, "cli-proxy-api-plus") - if info, err := os.Stat(binary); err == nil && !info.IsDir() { - return binary - } - // Build it - out := filepath.Join(repoRoot, "cli-proxy-api-plus-integration-test") - cmd := exec.Command("go", "build", "-o", out, "./cmd/server") - cmd.Dir = repoRoot - if outB, err := cmd.CombinedOutput(); err != nil { - t.Fatalf("build binary: %v\n%s", err, outB) - } - return out -} - -func TestRooLoginFlag_WithFakeRoo(t *testing.T) { - binary := findOrBuildBinary(t) - tmp := t.TempDir() - fakeRoo := filepath.Join(tmp, "roo") - script := "#!/bin/sh\nexit 0\n" - if err := os.WriteFile(fakeRoo, []byte(script), 0755); err != nil { - t.Fatalf("write fake roo: %v", err) - } - origPath := os.Getenv("PATH") - defer func() { _ = os.Setenv("PATH", origPath) }() - _ = os.Setenv("PATH", tmp+string(filepath.ListSeparator)+origPath) - - cmd := exec.Command(binary, "-roo-login") - cmd.Env = append(os.Environ(), "PATH="+tmp+string(filepath.ListSeparator)+origPath) - cmd.Stdout = nil - cmd.Stderr = nil - err := cmd.Run() - if err != nil { - t.Errorf("-roo-login with fake roo in PATH: %v", err) - } -} - -func TestKiloLoginFlag_WithFakeKilo(t *testing.T) { - binary := findOrBuildBinary(t) - tmp := t.TempDir() - fakeKilo := filepath.Join(tmp, "kilo") - script := "#!/bin/sh\nexit 0\n" - if err := os.WriteFile(fakeKilo, []byte(script), 0755); err != nil { - t.Fatalf("write fake kilo: %v", err) - } - origPath := os.Getenv("PATH") - defer func() { _ = os.Setenv("PATH", origPath) }() - _ = os.Setenv("PATH", tmp+string(filepath.ListSeparator)+origPath) - - cmd := exec.Command(binary, "-kilo-login") - cmd.Env = append(os.Environ(), "PATH="+tmp+string(filepath.ListSeparator)+origPath) - cmd.Stdout = nil - cmd.Stderr = nil - err := cmd.Run() - if err != nil { - t.Errorf("-kilo-login with fake kilo in PATH: %v", err) - } -} - -func TestRooLoginFlag_WithoutRoo_ExitsNonZero(t *testing.T) { - binary := findOrBuildBinary(t) - tmp := t.TempDir() - configPath := filepath.Join(tmp, "config.yaml") - if err := os.WriteFile(configPath, []byte("port: 8317\n"), 0644); err != nil { - t.Fatalf("write config: %v", err) - } - // Empty PATH + temp HOME with no ~/.local/bin/roo so roo is not found - env := make([]string, 0, len(os.Environ())+3) - for _, e := range os.Environ() { - if !strings.HasPrefix(e, "PATH=") && !strings.HasPrefix(e, "HOME=") { - env = append(env, e) - } - } - env = append(env, "PATH=", "HOME="+tmp) - cmd := exec.Command(binary, "-config", configPath, "-roo-login") - cmd.Env = env - cmd.Stdout = nil - cmd.Stderr = nil - err := cmd.Run() - if err == nil { - t.Error("-roo-login without roo in PATH or ~/.local/bin should exit non-zero") - } -} diff --git a/.worktrees/config/m/config-build/active/test/thinking_conversion_test.go b/.worktrees/config/m/config-build/active/test/thinking_conversion_test.go deleted file mode 100644 index e7beb1a351..0000000000 --- a/.worktrees/config/m/config-build/active/test/thinking_conversion_test.go +++ /dev/null @@ -1,3214 +0,0 @@ -package test - -import ( - "fmt" - "strings" - "testing" - "time" - - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/translator" - - // Import provider packages to trigger init() registration of ProviderAppliers - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/antigravity" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/claude" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/codex" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/gemini" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/geminicli" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/iflow" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/kimi" - _ "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking/provider/openai" - - "github.com/router-for-me/CLIProxyAPI/v6/internal/registry" - "github.com/router-for-me/CLIProxyAPI/v6/internal/thinking" - sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// thinkingTestCase represents a common test case structure for both suffix and body tests. -type thinkingTestCase struct { - name string - from string - to string - model string - inputJSON string - expectField string - expectValue string - includeThoughts string - expectErr bool -} - -// TestThinkingE2EMatrix_Suffix tests the thinking configuration transformation using model name suffix. -// Data flow: Input JSON → TranslateRequest → ApplyThinking → Validate Output -// No helper functions are used; all test data is inline. -func TestThinkingE2EMatrix_Suffix(t *testing.T) { - reg := registry.GetGlobalRegistry() - uid := fmt.Sprintf("thinking-e2e-suffix-%d", time.Now().UnixNano()) - - reg.RegisterClient(uid, "test", getTestModels()) - defer reg.UnregisterClient(uid) - - cases := []thinkingTestCase{ - // level-model (Levels=minimal/low/medium/high, ZeroAllowed=false, DynamicAllowed=false) - - // Case 1: No suffix → injected default → medium - { - name: "1", - from: "openai", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 2: Specified medium → medium - { - name: "2", - from: "openai", - to: "codex", - model: "level-model(medium)", - inputJSON: `{"model":"level-model(medium)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 3: Specified xhigh → out of range error - { - name: "3", - from: "openai", - to: "codex", - model: "level-model(xhigh)", - inputJSON: `{"model":"level-model(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: true, - }, - // Case 4: Level none → clamped to minimal (ZeroAllowed=false) - { - name: "4", - from: "openai", - to: "codex", - model: "level-model(none)", - inputJSON: `{"model":"level-model(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "minimal", - expectErr: false, - }, - // Case 5: Level auto → DynamicAllowed=false → medium (mid-range) - { - name: "5", - from: "openai", - to: "codex", - model: "level-model(auto)", - inputJSON: `{"model":"level-model(auto)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 6: No suffix from gemini → injected default → medium - { - name: "6", - from: "gemini", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 7: Budget 8192 → medium - { - name: "7", - from: "gemini", - to: "codex", - model: "level-model(8192)", - inputJSON: `{"model":"level-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 8: Budget 64000 → clamped to high - { - name: "8", - from: "gemini", - to: "codex", - model: "level-model(64000)", - inputJSON: `{"model":"level-model(64000)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // Case 9: Budget 0 → clamped to minimal (ZeroAllowed=false) - { - name: "9", - from: "gemini", - to: "codex", - model: "level-model(0)", - inputJSON: `{"model":"level-model(0)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning.effort", - expectValue: "minimal", - expectErr: false, - }, - // Case 10: Budget -1 → auto → DynamicAllowed=false → medium (mid-range) - { - name: "10", - from: "gemini", - to: "codex", - model: "level-model(-1)", - inputJSON: `{"model":"level-model(-1)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 11: Claude source no suffix → passthrough (no thinking) - { - name: "11", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 12: Budget 8192 → medium - { - name: "12", - from: "claude", - to: "openai", - model: "level-model(8192)", - inputJSON: `{"model":"level-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "medium", - expectErr: false, - }, - // Case 13: Budget 64000 → clamped to high - { - name: "13", - from: "claude", - to: "openai", - model: "level-model(64000)", - inputJSON: `{"model":"level-model(64000)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // Case 14: Budget 0 → clamped to minimal (ZeroAllowed=false) - { - name: "14", - from: "claude", - to: "openai", - model: "level-model(0)", - inputJSON: `{"model":"level-model(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "minimal", - expectErr: false, - }, - // Case 15: Budget -1 → auto → DynamicAllowed=false → medium (mid-range) - { - name: "15", - from: "claude", - to: "openai", - model: "level-model(-1)", - inputJSON: `{"model":"level-model(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "medium", - expectErr: false, - }, - - // level-subset-model (Levels=low/high, ZeroAllowed=false, DynamicAllowed=false) - - // Case 16: Budget 8192 → medium → rounded down to low - { - name: "16", - from: "gemini", - to: "openai", - model: "level-subset-model(8192)", - inputJSON: `{"model":"level-subset-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_effort", - expectValue: "low", - expectErr: false, - }, - // Case 17: Budget 1 → minimal → clamped to low (min supported) - { - name: "17", - from: "claude", - to: "gemini", - model: "level-subset-model(1)", - inputJSON: `{"model":"level-subset-model(1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "low", - includeThoughts: "true", - expectErr: false, - }, - - // gemini-budget-model (Min=128, Max=20000, ZeroAllowed=false, DynamicAllowed=true) - - // Case 18: No suffix → passthrough - { - name: "18", - from: "openai", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 19: Effort medium → 8192 - { - name: "19", - from: "openai", - to: "gemini", - model: "gemini-budget-model(medium)", - inputJSON: `{"model":"gemini-budget-model(medium)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 20: Effort xhigh → clamped to 20000 (max) - { - name: "20", - from: "openai", - to: "gemini", - model: "gemini-budget-model(xhigh)", - inputJSON: `{"model":"gemini-budget-model(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 21: Effort none → clamped to 128 (min) → includeThoughts=false - { - name: "21", - from: "openai", - to: "gemini", - model: "gemini-budget-model(none)", - inputJSON: `{"model":"gemini-budget-model(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "128", - includeThoughts: "false", - expectErr: false, - }, - // Case 22: Effort auto → DynamicAllowed=true → -1 - { - name: "22", - from: "openai", - to: "gemini", - model: "gemini-budget-model(auto)", - inputJSON: `{"model":"gemini-budget-model(auto)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - // Case 23: Claude source no suffix → passthrough - { - name: "23", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 24: Budget 8192 → 8192 - { - name: "24", - from: "claude", - to: "gemini", - model: "gemini-budget-model(8192)", - inputJSON: `{"model":"gemini-budget-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 25: Budget 64000 → clamped to 20000 (max) - { - name: "25", - from: "claude", - to: "gemini", - model: "gemini-budget-model(64000)", - inputJSON: `{"model":"gemini-budget-model(64000)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 26: Budget 0 → clamped to 128 (min) → includeThoughts=false - { - name: "26", - from: "claude", - to: "gemini", - model: "gemini-budget-model(0)", - inputJSON: `{"model":"gemini-budget-model(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "128", - includeThoughts: "false", - expectErr: false, - }, - // Case 27: Budget -1 → DynamicAllowed=true → -1 - { - name: "27", - from: "claude", - to: "gemini", - model: "gemini-budget-model(-1)", - inputJSON: `{"model":"gemini-budget-model(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - - // gemini-mixed-model (Min=128, Max=32768, Levels=low/high, ZeroAllowed=false, DynamicAllowed=true) - - // Case 28: OpenAI source no suffix → passthrough - { - name: "28", - from: "openai", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 29: Effort high → low/high supported → high - { - name: "29", - from: "openai", - to: "gemini", - model: "gemini-mixed-model(high)", - inputJSON: `{"model":"gemini-mixed-model(high)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "high", - includeThoughts: "true", - expectErr: false, - }, - // Case 30: Effort xhigh → not in low/high → error - { - name: "30", - from: "openai", - to: "gemini", - model: "gemini-mixed-model(xhigh)", - inputJSON: `{"model":"gemini-mixed-model(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: true, - }, - // Case 31: Effort none → clamped to low (min supported) → includeThoughts=false - { - name: "31", - from: "openai", - to: "gemini", - model: "gemini-mixed-model(none)", - inputJSON: `{"model":"gemini-mixed-model(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "low", - includeThoughts: "false", - expectErr: false, - }, - // Case 32: Effort auto → DynamicAllowed=true → -1 (budget) - { - name: "32", - from: "openai", - to: "gemini", - model: "gemini-mixed-model(auto)", - inputJSON: `{"model":"gemini-mixed-model(auto)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - // Case 33: Claude source no suffix → passthrough - { - name: "33", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 34: Budget 8192 → 8192 (keep budget) - { - name: "34", - from: "claude", - to: "gemini", - model: "gemini-mixed-model(8192)", - inputJSON: `{"model":"gemini-mixed-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 35: Budget 64000 → clamped to 32768 (max) - { - name: "35", - from: "claude", - to: "gemini", - model: "gemini-mixed-model(64000)", - inputJSON: `{"model":"gemini-mixed-model(64000)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "32768", - includeThoughts: "true", - expectErr: false, - }, - // Case 36: Budget 0 → minimal → clamped to low (min level) → includeThoughts=false - { - name: "36", - from: "claude", - to: "gemini", - model: "gemini-mixed-model(0)", - inputJSON: `{"model":"gemini-mixed-model(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "low", - includeThoughts: "false", - expectErr: false, - }, - // Case 37: Budget -1 → DynamicAllowed=true → -1 (budget) - { - name: "37", - from: "claude", - to: "gemini", - model: "gemini-mixed-model(-1)", - inputJSON: `{"model":"gemini-mixed-model(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - - // claude-budget-model (Min=1024, Max=128000, ZeroAllowed=true, DynamicAllowed=false) - - // Case 38: OpenAI source no suffix → passthrough - { - name: "38", - from: "openai", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 39: Effort medium → 8192 - { - name: "39", - from: "openai", - to: "claude", - model: "claude-budget-model(medium)", - inputJSON: `{"model":"claude-budget-model(medium)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 40: Effort xhigh → clamped to 32768 (matrix value) - { - name: "40", - from: "openai", - to: "claude", - model: "claude-budget-model(xhigh)", - inputJSON: `{"model":"claude-budget-model(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "32768", - expectErr: false, - }, - // Case 41: Effort none → ZeroAllowed=true → disabled - { - name: "41", - from: "openai", - to: "claude", - model: "claude-budget-model(none)", - inputJSON: `{"model":"claude-budget-model(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.type", - expectValue: "disabled", - expectErr: false, - }, - // Case 42: Effort auto → DynamicAllowed=false → 64512 (mid-range) - { - name: "42", - from: "openai", - to: "claude", - model: "claude-budget-model(auto)", - inputJSON: `{"model":"claude-budget-model(auto)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "64512", - expectErr: false, - }, - // Case 43: Gemini source no suffix → passthrough - { - name: "43", - from: "gemini", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 44: Budget 8192 → 8192 - { - name: "44", - from: "gemini", - to: "claude", - model: "claude-budget-model(8192)", - inputJSON: `{"model":"claude-budget-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 45: Budget 200000 → clamped to 128000 (max) - { - name: "45", - from: "gemini", - to: "claude", - model: "claude-budget-model(200000)", - inputJSON: `{"model":"claude-budget-model(200000)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "thinking.budget_tokens", - expectValue: "128000", - expectErr: false, - }, - // Case 46: Budget 0 → ZeroAllowed=true → disabled - { - name: "46", - from: "gemini", - to: "claude", - model: "claude-budget-model(0)", - inputJSON: `{"model":"claude-budget-model(0)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "thinking.type", - expectValue: "disabled", - expectErr: false, - }, - // Case 47: Budget -1 → auto → DynamicAllowed=false → 64512 (mid-range) - { - name: "47", - from: "gemini", - to: "claude", - model: "claude-budget-model(-1)", - inputJSON: `{"model":"claude-budget-model(-1)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "thinking.budget_tokens", - expectValue: "64512", - expectErr: false, - }, - - // antigravity-budget-model (Min=128, Max=20000, ZeroAllowed=true, DynamicAllowed=true) - - // Case 48: Gemini to Antigravity no suffix → passthrough - { - name: "48", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 49: Effort medium → 8192 - { - name: "49", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model(medium)", - inputJSON: `{"model":"antigravity-budget-model(medium)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 50: Effort xhigh → clamped to 20000 (max) - { - name: "50", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model(xhigh)", - inputJSON: `{"model":"antigravity-budget-model(xhigh)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 51: Effort none → ZeroAllowed=true → 0 → includeThoughts=false - { - name: "51", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model(none)", - inputJSON: `{"model":"antigravity-budget-model(none)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "0", - includeThoughts: "false", - expectErr: false, - }, - // Case 52: Effort auto → DynamicAllowed=true → -1 - { - name: "52", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model(auto)", - inputJSON: `{"model":"antigravity-budget-model(auto)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - // Case 53: Claude to Antigravity no suffix → passthrough - { - name: "53", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 54: Budget 8192 → 8192 - { - name: "54", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model(8192)", - inputJSON: `{"model":"antigravity-budget-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 55: Budget 64000 → clamped to 20000 (max) - { - name: "55", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model(64000)", - inputJSON: `{"model":"antigravity-budget-model(64000)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 56: Budget 0 → ZeroAllowed=true → 0 → includeThoughts=false - { - name: "56", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model(0)", - inputJSON: `{"model":"antigravity-budget-model(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "0", - includeThoughts: "false", - expectErr: false, - }, - // Case 57: Budget -1 → DynamicAllowed=true → -1 - { - name: "57", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model(-1)", - inputJSON: `{"model":"antigravity-budget-model(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - - // no-thinking-model (Thinking=nil) - - // Case 58: No thinking support → no configuration - { - name: "58", - from: "gemini", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 59: Budget 8192 → no thinking support → suffix stripped → no configuration - { - name: "59", - from: "gemini", - to: "openai", - model: "no-thinking-model(8192)", - inputJSON: `{"model":"no-thinking-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 60: Budget 0 → suffix stripped → no configuration - { - name: "60", - from: "gemini", - to: "openai", - model: "no-thinking-model(0)", - inputJSON: `{"model":"no-thinking-model(0)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 61: Budget -1 → suffix stripped → no configuration - { - name: "61", - from: "gemini", - to: "openai", - model: "no-thinking-model(-1)", - inputJSON: `{"model":"no-thinking-model(-1)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 62: Claude source no suffix → no configuration - { - name: "62", - from: "claude", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 63: Budget 8192 → suffix stripped → no configuration - { - name: "63", - from: "claude", - to: "openai", - model: "no-thinking-model(8192)", - inputJSON: `{"model":"no-thinking-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 64: Budget 0 → suffix stripped → no configuration - { - name: "64", - from: "claude", - to: "openai", - model: "no-thinking-model(0)", - inputJSON: `{"model":"no-thinking-model(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 65: Budget -1 → suffix stripped → no configuration - { - name: "65", - from: "claude", - to: "openai", - model: "no-thinking-model(-1)", - inputJSON: `{"model":"no-thinking-model(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - - // user-defined-model (UserDefined=true, Thinking=nil) - - // Case 66: User defined model no suffix → passthrough - { - name: "66", - from: "gemini", - to: "openai", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 67: Budget 8192 → passthrough logic → medium - { - name: "67", - from: "gemini", - to: "openai", - model: "user-defined-model(8192)", - inputJSON: `{"model":"user-defined-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_effort", - expectValue: "medium", - expectErr: false, - }, - // Case 68: Budget 64000 → passthrough logic → xhigh - { - name: "68", - from: "gemini", - to: "openai", - model: "user-defined-model(64000)", - inputJSON: `{"model":"user-defined-model(64000)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 69: Budget 0 → passthrough logic → none - { - name: "69", - from: "gemini", - to: "openai", - model: "user-defined-model(0)", - inputJSON: `{"model":"user-defined-model(0)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_effort", - expectValue: "none", - expectErr: false, - }, - // Case 70: Budget -1 → passthrough logic → auto - { - name: "70", - from: "gemini", - to: "openai", - model: "user-defined-model(-1)", - inputJSON: `{"model":"user-defined-model(-1)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_effort", - expectValue: "auto", - expectErr: false, - }, - // Case 71: Claude to Codex no suffix → injected default → medium - { - name: "71", - from: "claude", - to: "codex", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 72: Budget 8192 → passthrough logic → medium - { - name: "72", - from: "claude", - to: "codex", - model: "user-defined-model(8192)", - inputJSON: `{"model":"user-defined-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 73: Budget 64000 → passthrough logic → xhigh - { - name: "73", - from: "claude", - to: "codex", - model: "user-defined-model(64000)", - inputJSON: `{"model":"user-defined-model(64000)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 74: Budget 0 → passthrough logic → none - { - name: "74", - from: "claude", - to: "codex", - model: "user-defined-model(0)", - inputJSON: `{"model":"user-defined-model(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "none", - expectErr: false, - }, - // Case 75: Budget -1 → passthrough logic → auto - { - name: "75", - from: "claude", - to: "codex", - model: "user-defined-model(-1)", - inputJSON: `{"model":"user-defined-model(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "auto", - expectErr: false, - }, - // Case 76: OpenAI to Gemini budget 8192 → passthrough → 8192 - { - name: "76", - from: "openai", - to: "gemini", - model: "user-defined-model(8192)", - inputJSON: `{"model":"user-defined-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 77: OpenAI to Claude budget 8192 → passthrough → 8192 - { - name: "77", - from: "openai", - to: "claude", - model: "user-defined-model(8192)", - inputJSON: `{"model":"user-defined-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 78: OpenAI-Response to Gemini budget 8192 → passthrough → 8192 - { - name: "78", - from: "openai-response", - to: "gemini", - model: "user-defined-model(8192)", - inputJSON: `{"model":"user-defined-model(8192)","input":[{"role":"user","content":"hi"}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 79: OpenAI-Response to Claude budget 8192 → passthrough → 8192 - { - name: "79", - from: "openai-response", - to: "claude", - model: "user-defined-model(8192)", - inputJSON: `{"model":"user-defined-model(8192)","input":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - - // Same-protocol passthrough tests (80-89) - - // Case 80: OpenAI to OpenAI, level high → passthrough reasoning_effort - { - name: "80", - from: "openai", - to: "openai", - model: "level-model(high)", - inputJSON: `{"model":"level-model(high)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // Case 81: OpenAI to OpenAI, level xhigh → out of range error - { - name: "81", - from: "openai", - to: "openai", - model: "level-model(xhigh)", - inputJSON: `{"model":"level-model(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: true, - }, - // Case 82: OpenAI-Response to Codex, level high → passthrough reasoning.effort - { - name: "82", - from: "openai-response", - to: "codex", - model: "level-model(high)", - inputJSON: `{"model":"level-model(high)","input":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // Case 83: OpenAI-Response to Codex, level xhigh → out of range error - { - name: "83", - from: "openai-response", - to: "codex", - model: "level-model(xhigh)", - inputJSON: `{"model":"level-model(xhigh)","input":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: true, - }, - // Case 84: Gemini to Gemini, budget 8192 → passthrough thinkingBudget - { - name: "84", - from: "gemini", - to: "gemini", - model: "gemini-budget-model(8192)", - inputJSON: `{"model":"gemini-budget-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 85: Gemini to Gemini, budget 64000 → clamped to Max - { - name: "85", - from: "gemini", - to: "gemini", - model: "gemini-budget-model(64000)", - inputJSON: `{"model":"gemini-budget-model(64000)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 86: Claude to Claude, budget 8192 → passthrough thinking.budget_tokens - { - name: "86", - from: "claude", - to: "claude", - model: "claude-budget-model(8192)", - inputJSON: `{"model":"claude-budget-model(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 87: Claude to Claude, budget 200000 → clamped to Max - { - name: "87", - from: "claude", - to: "claude", - model: "claude-budget-model(200000)", - inputJSON: `{"model":"claude-budget-model(200000)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "thinking.budget_tokens", - expectValue: "128000", - expectErr: false, - }, - // Case 88: Gemini-CLI to Antigravity, budget 8192 → passthrough thinkingBudget - { - name: "88", - from: "gemini-cli", - to: "antigravity", - model: "antigravity-budget-model(8192)", - inputJSON: `{"model":"antigravity-budget-model(8192)","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}]}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 89: Gemini-CLI to Antigravity, budget 64000 → clamped to Max - { - name: "89", - from: "gemini-cli", - to: "antigravity", - model: "antigravity-budget-model(64000)", - inputJSON: `{"model":"antigravity-budget-model(64000)","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}]}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - - // iflow tests: glm-test and minimax-test (Cases 90-105) - - // glm-test (from: openai, claude) - // Case 90: OpenAI to iflow, no suffix → passthrough - { - name: "90", - from: "openai", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 91: OpenAI to iflow, (medium) → enable_thinking=true - { - name: "91", - from: "openai", - to: "iflow", - model: "glm-test(medium)", - inputJSON: `{"model":"glm-test(medium)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 92: OpenAI to iflow, (auto) → enable_thinking=true - { - name: "92", - from: "openai", - to: "iflow", - model: "glm-test(auto)", - inputJSON: `{"model":"glm-test(auto)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 93: OpenAI to iflow, (none) → enable_thinking=false - { - name: "93", - from: "openai", - to: "iflow", - model: "glm-test(none)", - inputJSON: `{"model":"glm-test(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "false", - expectErr: false, - }, - // Case 94: Claude to iflow, no suffix → passthrough - { - name: "94", - from: "claude", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 95: Claude to iflow, (8192) → enable_thinking=true - { - name: "95", - from: "claude", - to: "iflow", - model: "glm-test(8192)", - inputJSON: `{"model":"glm-test(8192)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 96: Claude to iflow, (-1) → enable_thinking=true - { - name: "96", - from: "claude", - to: "iflow", - model: "glm-test(-1)", - inputJSON: `{"model":"glm-test(-1)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 97: Claude to iflow, (0) → enable_thinking=false - { - name: "97", - from: "claude", - to: "iflow", - model: "glm-test(0)", - inputJSON: `{"model":"glm-test(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "false", - expectErr: false, - }, - - // minimax-test (from: openai, gemini) - // Case 98: OpenAI to iflow, no suffix → passthrough - { - name: "98", - from: "openai", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 99: OpenAI to iflow, (medium) → reasoning_split=true - { - name: "99", - from: "openai", - to: "iflow", - model: "minimax-test(medium)", - inputJSON: `{"model":"minimax-test(medium)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 100: OpenAI to iflow, (auto) → reasoning_split=true - { - name: "100", - from: "openai", - to: "iflow", - model: "minimax-test(auto)", - inputJSON: `{"model":"minimax-test(auto)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 101: OpenAI to iflow, (none) → reasoning_split=false - { - name: "101", - from: "openai", - to: "iflow", - model: "minimax-test(none)", - inputJSON: `{"model":"minimax-test(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_split", - expectValue: "false", - expectErr: false, - }, - // Case 102: Gemini to iflow, no suffix → passthrough - { - name: "102", - from: "gemini", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 103: Gemini to iflow, (8192) → reasoning_split=true - { - name: "103", - from: "gemini", - to: "iflow", - model: "minimax-test(8192)", - inputJSON: `{"model":"minimax-test(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 104: Gemini to iflow, (-1) → reasoning_split=true - { - name: "104", - from: "gemini", - to: "iflow", - model: "minimax-test(-1)", - inputJSON: `{"model":"minimax-test(-1)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 105: Gemini to iflow, (0) → reasoning_split=false - { - name: "105", - from: "gemini", - to: "iflow", - model: "minimax-test(0)", - inputJSON: `{"model":"minimax-test(0)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning_split", - expectValue: "false", - expectErr: false, - }, - - // Gemini Family Cross-Channel Consistency (Cases 106-114) - // Tests that gemini/gemini-cli/antigravity as same API family should have consistent validation behavior - - // Case 106: Gemini to Antigravity, budget 64000 (suffix) → clamped to Max - { - name: "106", - from: "gemini", - to: "antigravity", - model: "gemini-budget-model(64000)", - inputJSON: `{"model":"gemini-budget-model(64000)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 107: Gemini to Gemini-CLI, budget 64000 (suffix) → clamped to Max - { - name: "107", - from: "gemini", - to: "gemini-cli", - model: "gemini-budget-model(64000)", - inputJSON: `{"model":"gemini-budget-model(64000)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 108: Gemini-CLI to Antigravity, budget 64000 (suffix) → clamped to Max - { - name: "108", - from: "gemini-cli", - to: "antigravity", - model: "gemini-budget-model(64000)", - inputJSON: `{"model":"gemini-budget-model(64000)","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}]}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 109: Gemini-CLI to Gemini, budget 64000 (suffix) → clamped to Max - { - name: "109", - from: "gemini-cli", - to: "gemini", - model: "gemini-budget-model(64000)", - inputJSON: `{"model":"gemini-budget-model(64000)","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}]}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 110: Gemini to Antigravity, budget 8192 → passthrough (normal value) - { - name: "110", - from: "gemini", - to: "antigravity", - model: "gemini-budget-model(8192)", - inputJSON: `{"model":"gemini-budget-model(8192)","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 111: Gemini-CLI to Antigravity, budget 8192 → passthrough (normal value) - { - name: "111", - from: "gemini-cli", - to: "antigravity", - model: "gemini-budget-model(8192)", - inputJSON: `{"model":"gemini-budget-model(8192)","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}]}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - - // GitHub Copilot tests: gpt-5, gpt-5.1, gpt-5.2 (Levels=low/medium/high, some with none/xhigh) - // Testing /chat/completions endpoint (openai format) - with suffix - - // Case 112: OpenAI to gpt-5, level high → high - { - name: "112", - from: "openai", - to: "github-copilot", - model: "gpt-5(high)", - inputJSON: `{"model":"gpt-5(high)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // Case 113: OpenAI to gpt-5, level none → clamped to low (ZeroAllowed=false) - { - name: "113", - from: "openai", - to: "github-copilot", - model: "gpt-5(none)", - inputJSON: `{"model":"gpt-5(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "low", - expectErr: false, - }, - // Case 114: OpenAI to gpt-5.1, level none → none (ZeroAllowed=true) - { - name: "114", - from: "openai", - to: "github-copilot", - model: "gpt-5.1(none)", - inputJSON: `{"model":"gpt-5.1(none)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "none", - expectErr: false, - }, - // Case 115: OpenAI to gpt-5.2, level xhigh → xhigh - { - name: "115", - from: "openai", - to: "github-copilot", - model: "gpt-5.2(xhigh)", - inputJSON: `{"model":"gpt-5.2(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 116: OpenAI to gpt-5, level xhigh (out of range) → error - { - name: "116", - from: "openai", - to: "github-copilot", - model: "gpt-5(xhigh)", - inputJSON: `{"model":"gpt-5(xhigh)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: true, - }, - // Case 117: Claude to gpt-5.1, budget 0 → none (ZeroAllowed=true) - { - name: "117", - from: "claude", - to: "github-copilot", - model: "gpt-5.1(0)", - inputJSON: `{"model":"gpt-5.1(0)","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning_effort", - expectValue: "none", - expectErr: false, - }, - - // GitHub Copilot tests: /responses endpoint (codex format) - with suffix - - // Case 118: OpenAI-Response to gpt-5-codex, level high → high - { - name: "118", - from: "openai-response", - to: "github-copilot", - model: "gpt-5-codex(high)", - inputJSON: `{"model":"gpt-5-codex(high)","input":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // Case 119: OpenAI-Response to gpt-5.2-codex, level xhigh → xhigh - { - name: "119", - from: "openai-response", - to: "github-copilot", - model: "gpt-5.2-codex(xhigh)", - inputJSON: `{"model":"gpt-5.2-codex(xhigh)","input":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 120: OpenAI-Response to gpt-5.2-codex, level none → none - { - name: "120", - from: "openai-response", - to: "github-copilot", - model: "gpt-5.2-codex(none)", - inputJSON: `{"model":"gpt-5.2-codex(none)","input":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "none", - expectErr: false, - }, - // Case 121: OpenAI-Response to gpt-5-codex, level none → clamped to low (ZeroAllowed=false) - { - name: "121", - from: "openai-response", - to: "github-copilot", - model: "gpt-5-codex(none)", - inputJSON: `{"model":"gpt-5-codex(none)","input":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "low", - expectErr: false, - }, - } - - runThinkingTests(t, cases) -} - -// TestThinkingE2EMatrix_Body tests the thinking configuration transformation using request body parameters. -// Data flow: Input JSON with thinking params → TranslateRequest → ApplyThinking → Validate Output -func TestThinkingE2EMatrix_Body(t *testing.T) { - reg := registry.GetGlobalRegistry() - uid := fmt.Sprintf("thinking-e2e-body-%d", time.Now().UnixNano()) - - reg.RegisterClient(uid, "test", getTestModels()) - defer reg.UnregisterClient(uid) - - cases := []thinkingTestCase{ - // level-model (Levels=minimal/low/medium/high, ZeroAllowed=false, DynamicAllowed=false) - - // Case 1: No param → injected default → medium - { - name: "1", - from: "openai", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 2: reasoning_effort=medium → medium - { - name: "2", - from: "openai", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 3: reasoning_effort=xhigh → out of range error - { - name: "3", - from: "openai", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "", - expectErr: true, - }, - // Case 4: reasoning_effort=none → clamped to minimal - { - name: "4", - from: "openai", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "reasoning.effort", - expectValue: "minimal", - expectErr: false, - }, - // Case 5: reasoning_effort=auto → medium (DynamicAllowed=false) - { - name: "5", - from: "openai", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"auto"}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 6: No param from gemini → injected default → medium - { - name: "6", - from: "gemini", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 7: thinkingBudget=8192 → medium - { - name: "7", - from: "gemini", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 8: thinkingBudget=64000 → clamped to high - { - name: "8", - from: "gemini", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // Case 9: thinkingBudget=0 → clamped to minimal - { - name: "9", - from: "gemini", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":0}}}`, - expectField: "reasoning.effort", - expectValue: "minimal", - expectErr: false, - }, - // Case 10: thinkingBudget=-1 → medium (DynamicAllowed=false) - { - name: "10", - from: "gemini", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 11: Claude no param → passthrough (no thinking) - { - name: "11", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 12: thinking.budget_tokens=8192 → medium - { - name: "12", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "reasoning_effort", - expectValue: "medium", - expectErr: false, - }, - // Case 13: thinking.budget_tokens=64000 → clamped to high - { - name: "13", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":64000}}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // Case 14: thinking.budget_tokens=0 → clamped to minimal - { - name: "14", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "reasoning_effort", - expectValue: "minimal", - expectErr: false, - }, - // Case 15: thinking.budget_tokens=-1 → medium (DynamicAllowed=false) - { - name: "15", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "reasoning_effort", - expectValue: "medium", - expectErr: false, - }, - - // level-subset-model (Levels=low/high, ZeroAllowed=false, DynamicAllowed=false) - - // Case 16: thinkingBudget=8192 → medium → rounded down to low - { - name: "16", - from: "gemini", - to: "openai", - model: "level-subset-model", - inputJSON: `{"model":"level-subset-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "reasoning_effort", - expectValue: "low", - expectErr: false, - }, - // Case 17: thinking.budget_tokens=1 → minimal → clamped to low - { - name: "17", - from: "claude", - to: "gemini", - model: "level-subset-model", - inputJSON: `{"model":"level-subset-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":1}}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "low", - includeThoughts: "true", - expectErr: false, - }, - - // gemini-budget-model (Min=128, Max=20000, ZeroAllowed=false, DynamicAllowed=true) - - // Case 18: No param → passthrough - { - name: "18", - from: "openai", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 19: reasoning_effort=medium → 8192 - { - name: "19", - from: "openai", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 20: reasoning_effort=xhigh → clamped to 20000 - { - name: "20", - from: "openai", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 21: reasoning_effort=none → clamped to 128 → includeThoughts=false - { - name: "21", - from: "openai", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "128", - includeThoughts: "false", - expectErr: false, - }, - // Case 22: reasoning_effort=auto → -1 (DynamicAllowed=true) - { - name: "22", - from: "openai", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"auto"}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - // Case 23: Claude no param → passthrough - { - name: "23", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 24: thinking.budget_tokens=8192 → 8192 - { - name: "24", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 25: thinking.budget_tokens=64000 → clamped to 20000 - { - name: "25", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":64000}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 26: thinking.budget_tokens=0 → clamped to 128 → includeThoughts=false - { - name: "26", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "128", - includeThoughts: "false", - expectErr: false, - }, - // Case 27: thinking.budget_tokens=-1 → -1 (DynamicAllowed=true) - { - name: "27", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - - // gemini-mixed-model (Min=128, Max=32768, Levels=low/high, ZeroAllowed=false, DynamicAllowed=true) - - // Case 28: No param → passthrough - { - name: "28", - from: "openai", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 29: reasoning_effort=high → high - { - name: "29", - from: "openai", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"high"}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "high", - includeThoughts: "true", - expectErr: false, - }, - // Case 30: reasoning_effort=xhigh → error (not in low/high) - { - name: "30", - from: "openai", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "", - expectErr: true, - }, - // Case 31: reasoning_effort=none → clamped to low → includeThoughts=false - { - name: "31", - from: "openai", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "low", - includeThoughts: "false", - expectErr: false, - }, - // Case 32: reasoning_effort=auto → -1 (DynamicAllowed=true) - { - name: "32", - from: "openai", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"auto"}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - // Case 33: Claude no param → passthrough - { - name: "33", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 34: thinking.budget_tokens=8192 → 8192 (keeps budget) - { - name: "34", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 35: thinking.budget_tokens=64000 → clamped to 32768 (keeps budget) - { - name: "35", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":64000}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "32768", - includeThoughts: "true", - expectErr: false, - }, - // Case 36: thinking.budget_tokens=0 → clamped to low → includeThoughts=false - { - name: "36", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "low", - includeThoughts: "false", - expectErr: false, - }, - // Case 37: thinking.budget_tokens=-1 → -1 (DynamicAllowed=true) - { - name: "37", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - - // claude-budget-model (Min=1024, Max=128000, ZeroAllowed=true, DynamicAllowed=false) - - // Case 38: No param → passthrough - { - name: "38", - from: "openai", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 39: reasoning_effort=medium → 8192 - { - name: "39", - from: "openai", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 40: reasoning_effort=xhigh → clamped to 32768 - { - name: "40", - from: "openai", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "thinking.budget_tokens", - expectValue: "32768", - expectErr: false, - }, - // Case 41: reasoning_effort=none → disabled - { - name: "41", - from: "openai", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "thinking.type", - expectValue: "disabled", - expectErr: false, - }, - // Case 42: reasoning_effort=auto → 64512 (mid-range) - { - name: "42", - from: "openai", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"auto"}`, - expectField: "thinking.budget_tokens", - expectValue: "64512", - expectErr: false, - }, - // Case 43: Gemini no param → passthrough - { - name: "43", - from: "gemini", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 44: thinkingBudget=8192 → 8192 - { - name: "44", - from: "gemini", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 45: thinkingBudget=200000 → clamped to 128000 - { - name: "45", - from: "gemini", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":200000}}}`, - expectField: "thinking.budget_tokens", - expectValue: "128000", - expectErr: false, - }, - // Case 46: thinkingBudget=0 → disabled - { - name: "46", - from: "gemini", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":0}}}`, - expectField: "thinking.type", - expectValue: "disabled", - expectErr: false, - }, - // Case 47: thinkingBudget=-1 → 64512 (mid-range) - { - name: "47", - from: "gemini", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`, - expectField: "thinking.budget_tokens", - expectValue: "64512", - expectErr: false, - }, - - // antigravity-budget-model (Min=128, Max=20000, ZeroAllowed=true, DynamicAllowed=true) - - // Case 48: Gemini no param → passthrough - { - name: "48", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 49: thinkingLevel=medium → 8192 - { - name: "49", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingLevel":"medium"}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 50: thinkingLevel=xhigh → clamped to 20000 - { - name: "50", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingLevel":"xhigh"}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 51: thinkingLevel=none → 0 (ZeroAllowed=true) - { - name: "51", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingLevel":"none"}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "0", - includeThoughts: "false", - expectErr: false, - }, - // Case 52: thinkingBudget=-1 → -1 (DynamicAllowed=true) - { - name: "52", - from: "gemini", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - // Case 53: Claude no param → passthrough - { - name: "53", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 54: thinking.budget_tokens=8192 → 8192 - { - name: "54", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 55: thinking.budget_tokens=64000 → clamped to 20000 - { - name: "55", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":64000}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // Case 56: thinking.budget_tokens=0 → 0 (ZeroAllowed=true) - { - name: "56", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "0", - includeThoughts: "false", - expectErr: false, - }, - // Case 57: thinking.budget_tokens=-1 → -1 (DynamicAllowed=true) - { - name: "57", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "-1", - includeThoughts: "true", - expectErr: false, - }, - - // no-thinking-model (Thinking=nil) - - // Case 58: Gemini no param → passthrough - { - name: "58", - from: "gemini", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 59: thinkingBudget=8192 → stripped - { - name: "59", - from: "gemini", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "", - expectErr: false, - }, - // Case 60: thinkingBudget=0 → stripped - { - name: "60", - from: "gemini", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":0}}}`, - expectField: "", - expectErr: false, - }, - // Case 61: thinkingBudget=-1 → stripped - { - name: "61", - from: "gemini", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`, - expectField: "", - expectErr: false, - }, - // Case 62: Claude no param → passthrough - { - name: "62", - from: "claude", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 63: thinking.budget_tokens=8192 → stripped - { - name: "63", - from: "claude", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "", - expectErr: false, - }, - // Case 64: thinking.budget_tokens=0 → stripped - { - name: "64", - from: "claude", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "", - expectErr: false, - }, - // Case 65: thinking.budget_tokens=-1 → stripped - { - name: "65", - from: "claude", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "", - expectErr: false, - }, - - // user-defined-model (UserDefined=true, Thinking=nil) - - // Case 66: Gemini no param → passthrough - { - name: "66", - from: "gemini", - to: "openai", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 67: thinkingBudget=8192 → medium - { - name: "67", - from: "gemini", - to: "openai", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "reasoning_effort", - expectValue: "medium", - expectErr: false, - }, - // Case 68: thinkingBudget=64000 → xhigh (passthrough) - { - name: "68", - from: "gemini", - to: "openai", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}`, - expectField: "reasoning_effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 69: thinkingBudget=0 → none - { - name: "69", - from: "gemini", - to: "openai", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":0}}}`, - expectField: "reasoning_effort", - expectValue: "none", - expectErr: false, - }, - // Case 70: thinkingBudget=-1 → auto - { - name: "70", - from: "gemini", - to: "openai", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`, - expectField: "reasoning_effort", - expectValue: "auto", - expectErr: false, - }, - // Case 71: Claude no param → injected default → medium - { - name: "71", - from: "claude", - to: "codex", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}]}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 72: thinking.budget_tokens=8192 → medium - { - name: "72", - from: "claude", - to: "codex", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "reasoning.effort", - expectValue: "medium", - expectErr: false, - }, - // Case 73: thinking.budget_tokens=64000 → xhigh (passthrough) - { - name: "73", - from: "claude", - to: "codex", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":64000}}`, - expectField: "reasoning.effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 74: thinking.budget_tokens=0 → none - { - name: "74", - from: "claude", - to: "codex", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "reasoning.effort", - expectValue: "none", - expectErr: false, - }, - // Case 75: thinking.budget_tokens=-1 → auto - { - name: "75", - from: "claude", - to: "codex", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "reasoning.effort", - expectValue: "auto", - expectErr: false, - }, - // Case 76: OpenAI reasoning_effort=medium to Gemini → 8192 - { - name: "76", - from: "openai", - to: "gemini", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 77: OpenAI reasoning_effort=medium to Claude → 8192 - { - name: "77", - from: "openai", - to: "claude", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 78: OpenAI-Response reasoning.effort=medium to Gemini → 8192 - { - name: "78", - from: "openai-response", - to: "gemini", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"medium"}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 79: OpenAI-Response reasoning.effort=medium to Claude → 8192 - { - name: "79", - from: "openai-response", - to: "claude", - model: "user-defined-model", - inputJSON: `{"model":"user-defined-model","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"medium"}}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - - // Same-protocol passthrough tests (80-89) - - // Case 80: OpenAI to OpenAI, reasoning_effort=high → passthrough - { - name: "80", - from: "openai", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"high"}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // Case 81: OpenAI to OpenAI, reasoning_effort=xhigh → out of range error - { - name: "81", - from: "openai", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "", - expectErr: true, - }, - // Case 82: OpenAI-Response to Codex, reasoning.effort=high → passthrough - { - name: "82", - from: "openai-response", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"high"}}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // Case 83: OpenAI-Response to Codex, reasoning.effort=xhigh → out of range error - { - name: "83", - from: "openai-response", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"xhigh"}}`, - expectField: "", - expectErr: true, - }, - // Case 84: Gemini to Gemini, thinkingBudget=8192 → passthrough - { - name: "84", - from: "gemini", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 85: Gemini to Gemini, thinkingBudget=64000 → exceeds Max error - { - name: "85", - from: "gemini", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}`, - expectField: "", - expectErr: true, - }, - // Case 86: Claude to Claude, thinking.budget_tokens=8192 → passthrough - { - name: "86", - from: "claude", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "thinking.budget_tokens", - expectValue: "8192", - expectErr: false, - }, - // Case 87: Claude to Claude, thinking.budget_tokens=200000 → exceeds Max error - { - name: "87", - from: "claude", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":200000}}`, - expectField: "", - expectErr: true, - }, - // Case 88: Gemini-CLI to Antigravity, thinkingBudget=8192 → passthrough - { - name: "88", - from: "gemini-cli", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 89: Gemini-CLI to Antigravity, thinkingBudget=64000 → exceeds Max error - { - name: "89", - from: "gemini-cli", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}}`, - expectField: "", - expectErr: true, - }, - - // iflow tests: glm-test and minimax-test (Cases 90-105) - - // glm-test (from: openai, claude) - // Case 90: OpenAI to iflow, no param → passthrough - { - name: "90", - from: "openai", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 91: OpenAI to iflow, reasoning_effort=medium → enable_thinking=true - { - name: "91", - from: "openai", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 92: OpenAI to iflow, reasoning_effort=auto → enable_thinking=true - { - name: "92", - from: "openai", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"auto"}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 93: OpenAI to iflow, reasoning_effort=none → enable_thinking=false - { - name: "93", - from: "openai", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "false", - expectErr: false, - }, - // Case 94: Claude to iflow, no param → passthrough - { - name: "94", - from: "claude", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 95: Claude to iflow, thinking.budget_tokens=8192 → enable_thinking=true - { - name: "95", - from: "claude", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":8192}}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 96: Claude to iflow, thinking.budget_tokens=-1 → enable_thinking=true - { - name: "96", - from: "claude", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":-1}}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // Case 97: Claude to iflow, thinking.budget_tokens=0 → enable_thinking=false - { - name: "97", - from: "claude", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "false", - expectErr: false, - }, - - // minimax-test (from: openai, gemini) - // Case 98: OpenAI to iflow, no param → passthrough - { - name: "98", - from: "openai", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","messages":[{"role":"user","content":"hi"}]}`, - expectField: "", - expectErr: false, - }, - // Case 99: OpenAI to iflow, reasoning_effort=medium → reasoning_split=true - { - name: "99", - from: "openai", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"medium"}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 100: OpenAI to iflow, reasoning_effort=auto → reasoning_split=true - { - name: "100", - from: "openai", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"auto"}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 101: OpenAI to iflow, reasoning_effort=none → reasoning_split=false - { - name: "101", - from: "openai", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "reasoning_split", - expectValue: "false", - expectErr: false, - }, - // Case 102: Gemini to iflow, no param → passthrough - { - name: "102", - from: "gemini", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","contents":[{"role":"user","parts":[{"text":"hi"}]}]}`, - expectField: "", - expectErr: false, - }, - // Case 103: Gemini to iflow, thinkingBudget=8192 → reasoning_split=true - { - name: "103", - from: "gemini", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 104: Gemini to iflow, thinkingBudget=-1 → reasoning_split=true - { - name: "104", - from: "gemini", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":-1}}}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // Case 105: Gemini to iflow, thinkingBudget=0 → reasoning_split=false - { - name: "105", - from: "gemini", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":0}}}`, - expectField: "reasoning_split", - expectValue: "false", - expectErr: false, - }, - - // Gemini Family Cross-Channel Consistency (Cases 106-114) - // Tests that gemini/gemini-cli/antigravity as same API family should have consistent validation behavior - - // Case 106: Gemini to Antigravity, thinkingBudget=64000 → exceeds Max error (same family strict validation) - { - name: "106", - from: "gemini", - to: "antigravity", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}`, - expectField: "", - expectErr: true, - }, - // Case 107: Gemini to Gemini-CLI, thinkingBudget=64000 → exceeds Max error (same family strict validation) - { - name: "107", - from: "gemini", - to: "gemini-cli", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}`, - expectField: "", - expectErr: true, - }, - // Case 108: Gemini-CLI to Antigravity, thinkingBudget=64000 → exceeds Max error (same family strict validation) - { - name: "108", - from: "gemini-cli", - to: "antigravity", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}}`, - expectField: "", - expectErr: true, - }, - // Case 109: Gemini-CLI to Gemini, thinkingBudget=64000 → exceeds Max error (same family strict validation) - { - name: "109", - from: "gemini-cli", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":64000}}}}`, - expectField: "", - expectErr: true, - }, - // Case 110: Gemini to Antigravity, thinkingBudget=8192 → passthrough (normal value) - { - name: "110", - from: "gemini", - to: "antigravity", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - // Case 111: Gemini-CLI to Antigravity, thinkingBudget=8192 → passthrough (normal value) - { - name: "111", - from: "gemini-cli", - to: "antigravity", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","request":{"contents":[{"role":"user","parts":[{"text":"hi"}]}],"generationConfig":{"thinkingConfig":{"thinkingBudget":8192}}}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "8192", - includeThoughts: "true", - expectErr: false, - }, - - // GitHub Copilot tests: gpt-5, gpt-5.1, gpt-5.2 (Levels=low/medium/high, some with none/xhigh) - // Testing /chat/completions endpoint (openai format) - with body params - - // Case 112: OpenAI to gpt-5, reasoning_effort=high → high - { - name: "112", - from: "openai", - to: "github-copilot", - model: "gpt-5", - inputJSON: `{"model":"gpt-5","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"high"}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // Case 113: OpenAI to gpt-5, reasoning_effort=none → clamped to low (ZeroAllowed=false) - { - name: "113", - from: "openai", - to: "github-copilot", - model: "gpt-5", - inputJSON: `{"model":"gpt-5","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "reasoning_effort", - expectValue: "low", - expectErr: false, - }, - // Case 114: OpenAI to gpt-5.1, reasoning_effort=none → none (ZeroAllowed=true) - { - name: "114", - from: "openai", - to: "github-copilot", - model: "gpt-5.1", - inputJSON: `{"model":"gpt-5.1","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"none"}`, - expectField: "reasoning_effort", - expectValue: "none", - expectErr: false, - }, - // Case 115: OpenAI to gpt-5.2, reasoning_effort=xhigh → xhigh - { - name: "115", - from: "openai", - to: "github-copilot", - model: "gpt-5.2", - inputJSON: `{"model":"gpt-5.2","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "reasoning_effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 116: OpenAI to gpt-5, reasoning_effort=xhigh (out of range) → error - { - name: "116", - from: "openai", - to: "github-copilot", - model: "gpt-5", - inputJSON: `{"model":"gpt-5","messages":[{"role":"user","content":"hi"}],"reasoning_effort":"xhigh"}`, - expectField: "", - expectErr: true, - }, - // Case 117: Claude to gpt-5.1, thinking.budget_tokens=0 → none (ZeroAllowed=true) - { - name: "117", - from: "claude", - to: "github-copilot", - model: "gpt-5.1", - inputJSON: `{"model":"gpt-5.1","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"enabled","budget_tokens":0}}`, - expectField: "reasoning_effort", - expectValue: "none", - expectErr: false, - }, - - // GitHub Copilot tests: /responses endpoint (codex format) - with body params - - // Case 118: OpenAI-Response to gpt-5-codex, reasoning.effort=high → high - { - name: "118", - from: "openai-response", - to: "github-copilot", - model: "gpt-5-codex", - inputJSON: `{"model":"gpt-5-codex","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"high"}}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // Case 119: OpenAI-Response to gpt-5.2-codex, reasoning.effort=xhigh → xhigh - { - name: "119", - from: "openai-response", - to: "github-copilot", - model: "gpt-5.2-codex", - inputJSON: `{"model":"gpt-5.2-codex","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"xhigh"}}`, - expectField: "reasoning.effort", - expectValue: "xhigh", - expectErr: false, - }, - // Case 120: OpenAI-Response to gpt-5.2-codex, reasoning.effort=none → none - { - name: "120", - from: "openai-response", - to: "github-copilot", - model: "gpt-5.2-codex", - inputJSON: `{"model":"gpt-5.2-codex","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"none"}}`, - expectField: "reasoning.effort", - expectValue: "none", - expectErr: false, - }, - // Case 121: OpenAI-Response to gpt-5-codex, reasoning.effort=none → clamped to low (ZeroAllowed=false) - { - name: "121", - from: "openai-response", - to: "github-copilot", - model: "gpt-5-codex", - inputJSON: `{"model":"gpt-5-codex","input":[{"role":"user","content":"hi"}],"reasoning":{"effort":"none"}}`, - expectField: "reasoning.effort", - expectValue: "low", - expectErr: false, - }, - } - - runThinkingTests(t, cases) -} - -// TestThinkingE2EClaudeAdaptive_Body tests Claude thinking.type=adaptive extended body-only cases. -// These cases validate that adaptive means "thinking enabled without explicit budget", and -// cross-protocol conversion should resolve to target-model maximum thinking capability. -func TestThinkingE2EClaudeAdaptive_Body(t *testing.T) { - reg := registry.GetGlobalRegistry() - uid := fmt.Sprintf("thinking-e2e-claude-adaptive-%d", time.Now().UnixNano()) - - reg.RegisterClient(uid, "test", getTestModels()) - defer reg.UnregisterClient(uid) - - cases := []thinkingTestCase{ - // A1: Claude adaptive to OpenAI level model -> highest supported level - { - name: "A1", - from: "claude", - to: "openai", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "reasoning_effort", - expectValue: "high", - expectErr: false, - }, - // A2: Claude adaptive to Gemini level subset model -> highest supported level - { - name: "A2", - from: "claude", - to: "gemini", - model: "level-subset-model", - inputJSON: `{"model":"level-subset-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "high", - includeThoughts: "true", - expectErr: false, - }, - // A3: Claude adaptive to Gemini budget model -> max budget - { - name: "A3", - from: "claude", - to: "gemini", - model: "gemini-budget-model", - inputJSON: `{"model":"gemini-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // A4: Claude adaptive to Gemini mixed model -> highest supported level - { - name: "A4", - from: "claude", - to: "gemini", - model: "gemini-mixed-model", - inputJSON: `{"model":"gemini-mixed-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "generationConfig.thinkingConfig.thinkingLevel", - expectValue: "high", - includeThoughts: "true", - expectErr: false, - }, - // A5: Claude adaptive passthrough for same protocol - { - name: "A5", - from: "claude", - to: "claude", - model: "claude-budget-model", - inputJSON: `{"model":"claude-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "thinking.type", - expectValue: "adaptive", - expectErr: false, - }, - // A6: Claude adaptive to Antigravity budget model -> max budget - { - name: "A6", - from: "claude", - to: "antigravity", - model: "antigravity-budget-model", - inputJSON: `{"model":"antigravity-budget-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "request.generationConfig.thinkingConfig.thinkingBudget", - expectValue: "20000", - includeThoughts: "true", - expectErr: false, - }, - // A7: Claude adaptive to iFlow GLM -> enabled boolean - { - name: "A7", - from: "claude", - to: "iflow", - model: "glm-test", - inputJSON: `{"model":"glm-test","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "chat_template_kwargs.enable_thinking", - expectValue: "true", - expectErr: false, - }, - // A8: Claude adaptive to iFlow MiniMax -> enabled boolean - { - name: "A8", - from: "claude", - to: "iflow", - model: "minimax-test", - inputJSON: `{"model":"minimax-test","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "reasoning_split", - expectValue: "true", - expectErr: false, - }, - // A9: Claude adaptive to Codex level model -> highest supported level - { - name: "A9", - from: "claude", - to: "codex", - model: "level-model", - inputJSON: `{"model":"level-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "reasoning.effort", - expectValue: "high", - expectErr: false, - }, - // A10: Claude adaptive on non-thinking model should still be stripped - { - name: "A10", - from: "claude", - to: "openai", - model: "no-thinking-model", - inputJSON: `{"model":"no-thinking-model","messages":[{"role":"user","content":"hi"}],"thinking":{"type":"adaptive"}}`, - expectField: "", - expectErr: false, - }, - } - - runThinkingTests(t, cases) -} - -// getTestModels returns the shared model definitions for E2E tests. -func getTestModels() []*registry.ModelInfo { - return []*registry.ModelInfo{ - { - ID: "level-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "openai", - DisplayName: "Level Model", - Thinking: ®istry.ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "level-subset-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "gemini", - DisplayName: "Level Subset Model", - Thinking: ®istry.ThinkingSupport{Levels: []string{"low", "high"}, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "gemini-budget-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "gemini", - DisplayName: "Gemini Budget Model", - Thinking: ®istry.ThinkingSupport{Min: 128, Max: 20000, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-mixed-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "gemini", - DisplayName: "Gemini Mixed Model", - Thinking: ®istry.ThinkingSupport{Min: 128, Max: 32768, Levels: []string{"low", "high"}, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "claude-budget-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "claude", - DisplayName: "Claude Budget Model", - Thinking: ®istry.ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "antigravity-budget-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "gemini-cli", - DisplayName: "Antigravity Budget Model", - Thinking: ®istry.ThinkingSupport{Min: 128, Max: 20000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "no-thinking-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "openai", - DisplayName: "No Thinking Model", - Thinking: nil, - }, - { - ID: "user-defined-model", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "openai", - DisplayName: "User Defined Model", - UserDefined: true, - Thinking: nil, - }, - { - ID: "glm-test", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "iflow", - DisplayName: "GLM Test Model", - Thinking: ®istry.ThinkingSupport{Levels: []string{"none", "auto", "minimal", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "minimax-test", - Object: "model", - Created: 1700000000, - OwnedBy: "test", - Type: "iflow", - DisplayName: "MiniMax Test Model", - Thinking: ®istry.ThinkingSupport{Levels: []string{"none", "auto", "minimal", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5", - Object: "model", - Created: 1700000000, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5", - Thinking: ®istry.ThinkingSupport{Levels: []string{"low", "medium", "high"}, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: 1700000000, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1", - Thinking: ®istry.ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: 1700000000, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2", - Thinking: ®istry.ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: 1700000000, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex", - Thinking: ®istry.ThinkingSupport{Levels: []string{"low", "medium", "high"}, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: 1700000000, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2 Codex", - Thinking: ®istry.ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}, ZeroAllowed: true, DynamicAllowed: false}, - }, - } -} - -// runThinkingTests runs thinking test cases using the real data flow path. -func runThinkingTests(t *testing.T, cases []thinkingTestCase) { - for _, tc := range cases { - tc := tc - testName := fmt.Sprintf("Case%s_%s->%s_%s", tc.name, tc.from, tc.to, tc.model) - t.Run(testName, func(t *testing.T) { - suffixResult := thinking.ParseSuffix(tc.model) - baseModel := suffixResult.ModelName - - translateTo := tc.to - applyTo := tc.to - if tc.to == "iflow" { - translateTo = "openai" - applyTo = "iflow" - } - if tc.to == "github-copilot" { - if tc.from == "openai-response" { - translateTo = "codex" - applyTo = "codex" - } else { - translateTo = "openai" - applyTo = "openai" - } - } - - body := sdktranslator.TranslateRequest( - sdktranslator.FromString(tc.from), - sdktranslator.FromString(translateTo), - baseModel, - []byte(tc.inputJSON), - true, - ) - if applyTo == "claude" { - body, _ = sjson.SetBytes(body, "max_tokens", 200000) - } - - body, err := thinking.ApplyThinking(body, tc.model, tc.from, applyTo, applyTo) - - if tc.expectErr { - if err == nil { - t.Fatalf("expected error but got none, body=%s", string(body)) - } - return - } - if err != nil { - t.Fatalf("unexpected error: %v, body=%s", err, string(body)) - } - - if tc.expectField == "" { - var hasThinking bool - switch tc.to { - case "gemini": - hasThinking = gjson.GetBytes(body, "generationConfig.thinkingConfig").Exists() - case "gemini-cli": - hasThinking = gjson.GetBytes(body, "request.generationConfig.thinkingConfig").Exists() - case "antigravity": - hasThinking = gjson.GetBytes(body, "request.generationConfig.thinkingConfig").Exists() - case "claude": - hasThinking = gjson.GetBytes(body, "thinking").Exists() - case "openai": - hasThinking = gjson.GetBytes(body, "reasoning_effort").Exists() - case "codex": - hasThinking = gjson.GetBytes(body, "reasoning.effort").Exists() || gjson.GetBytes(body, "reasoning").Exists() - case "iflow": - hasThinking = gjson.GetBytes(body, "chat_template_kwargs.enable_thinking").Exists() || gjson.GetBytes(body, "reasoning_split").Exists() - } - if hasThinking { - t.Fatalf("expected no thinking field but found one, body=%s", string(body)) - } - return - } - - val := gjson.GetBytes(body, tc.expectField) - if !val.Exists() { - t.Fatalf("expected field %s not found, body=%s", tc.expectField, string(body)) - } - - actualValue := val.String() - if val.Type == gjson.Number { - actualValue = fmt.Sprintf("%d", val.Int()) - } - if actualValue != tc.expectValue { - t.Fatalf("field %s: expected %q, got %q, body=%s", tc.expectField, tc.expectValue, actualValue, string(body)) - } - - if tc.includeThoughts != "" && (tc.to == "gemini" || tc.to == "gemini-cli" || tc.to == "antigravity") { - path := "generationConfig.thinkingConfig.includeThoughts" - if tc.to == "gemini-cli" || tc.to == "antigravity" { - path = "request.generationConfig.thinkingConfig.includeThoughts" - } - itVal := gjson.GetBytes(body, path) - if !itVal.Exists() { - t.Fatalf("expected includeThoughts field not found, body=%s", string(body)) - } - actual := fmt.Sprintf("%v", itVal.Bool()) - if actual != tc.includeThoughts { - t.Fatalf("includeThoughts: expected %s, got %s, body=%s", tc.includeThoughts, actual, string(body)) - } - } - - // Verify clear_thinking for iFlow GLM models when enable_thinking=true - if tc.to == "iflow" && tc.expectField == "chat_template_kwargs.enable_thinking" && tc.expectValue == "true" { - baseModel := thinking.ParseSuffix(tc.model).ModelName - isGLM := strings.HasPrefix(strings.ToLower(baseModel), "glm") - ctVal := gjson.GetBytes(body, "chat_template_kwargs.clear_thinking") - if isGLM { - if !ctVal.Exists() { - t.Fatalf("expected clear_thinking field not found for GLM model, body=%s", string(body)) - } - if ctVal.Bool() != false { - t.Fatalf("clear_thinking: expected false, got %v, body=%s", ctVal.Bool(), string(body)) - } - } else if ctVal.Exists() { - t.Fatalf("expected no clear_thinking field for non-GLM enable_thinking model, body=%s", string(body)) - } - } - }) - } -} diff --git a/README.md b/README.md index 7eb43039d3..02c362664b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# CLIProxyAPI++ +# cliproxyapi++ Agent-native, multi-provider OpenAI-compatible proxy for production and local model routing. diff --git a/cmd/boardsync/main.go b/cmd/boardsync/main.go index 38e75eec7e..93cbcae123 100644 --- a/cmd/boardsync/main.go +++ b/cmd/boardsync/main.go @@ -21,8 +21,8 @@ const ( ) var repos = []string{ - "router-for-me/CLIProxyAPIPlus", - "router-for-me/CLIProxyAPI", + "kooshapari/cliproxyapi-plusplus", + "kooshapari/cliproxyapi", } type sourceItem struct { @@ -256,7 +256,7 @@ func loadSources(tmpDir string) ([]sourceItem, map[string]int, error) { Body: shrink(strFromAny(it["body"]), 1200), } out = append(out, s) - if strings.HasSuffix(repo, "CLIProxyAPIPlus") { + if strings.HasSuffix(repo, "cliproxyapi-plusplus") { stats["issues_plus"]++ } else { stats["issues_core"]++ @@ -282,7 +282,7 @@ func loadSources(tmpDir string) ([]sourceItem, map[string]int, error) { Body: shrink(strFromAny(it["body"]), 1200), } out = append(out, s) - if strings.HasSuffix(repo, "CLIProxyAPIPlus") { + if strings.HasSuffix(repo, "cliproxyapi-plusplus") { stats["prs_plus"]++ } else { stats["prs_core"]++ @@ -308,7 +308,7 @@ func loadSources(tmpDir string) ([]sourceItem, map[string]int, error) { Body: shrink(d.BodyText, 1200), } out = append(out, s) - if strings.HasSuffix(repo, "CLIProxyAPIPlus") { + if strings.HasSuffix(repo, "cliproxyapi-plusplus") { stats["discussions_plus"]++ } else { stats["discussions_core"]++ @@ -516,9 +516,9 @@ func writeProjectImportCSV(path string, board []boardItem) error { func writeBoardMarkdown(path string, board []boardItem, bj boardJSON) error { var buf bytes.Buffer now := time.Now().Format("2006-01-02") - buf.WriteString("# CLIProxyAPI Ecosystem 2000-Item Execution Board\n\n") + buf.WriteString("# cliproxyapi++ Ecosystem 2000-Item Execution Board\n\n") fmt.Fprintf(&buf, "- Generated: %s\n", now) - buf.WriteString("- Scope: `router-for-me/CLIProxyAPIPlus` + `router-for-me/CLIProxyAPI` Issues, PRs, Discussions\n") + buf.WriteString("- Scope: `kooshapari/cliproxyapi-plusplus` + `kooshapari/cliproxyapi` Issues, PRs, Discussions\n") buf.WriteString("- Objective: Implementation-ready backlog (up to 2000), including CLI extraction, bindings/API integration, docs quickstarts, and dev-runtime refresh\n\n") buf.WriteString("## Coverage\n") keys := []string{"generated_items", "sources_total_unique", "issues_plus", "issues_core", "prs_plus", "prs_core", "discussions_plus", "discussions_core"} diff --git a/docs/features/architecture/fragemented/.fragmented-candidates.txt b/docs/features/architecture/fragemented/.fragmented-candidates.txt deleted file mode 100644 index 253b57097c..0000000000 --- a/docs/features/architecture/fragemented/.fragmented-candidates.txt +++ /dev/null @@ -1,3 +0,0 @@ -DEV.md -SPEC.md -USER.md diff --git a/docs/features/architecture/fragemented/.migration.log b/docs/features/architecture/fragemented/.migration.log deleted file mode 100644 index 807908a8e6..0000000000 --- a/docs/features/architecture/fragemented/.migration.log +++ /dev/null @@ -1,5 +0,0 @@ -source=/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/features/architecture -timestamp=2026-02-22T05:37:24.294494-07:00 -count=3 -copied=3 -status=ok diff --git a/docs/features/architecture/fragemented/DEV.md b/docs/features/architecture/fragemented/DEV.md deleted file mode 100644 index da6ce7e466..0000000000 --- a/docs/features/architecture/fragemented/DEV.md +++ /dev/null @@ -1,836 +0,0 @@ -# Developer Guide: Extending Library-First Architecture - -## Contributing to pkg/llmproxy - -This guide is for developers who want to extend the core library functionality: adding new providers, customizing translators, implementing new authentication flows, or optimizing performance. - -## Project Structure - -``` -pkg/llmproxy/ -├── translator/ # Protocol translation layer -│ ├── base.go # Common interfaces and utilities -│ ├── claude.go # Anthropic Claude -│ ├── gemini.go # Google Gemini -│ ├── openai.go # OpenAI GPT -│ ├── kiro.go # AWS CodeWhisperer -│ ├── copilot.go # GitHub Copilot -│ └── aggregators.go # Multi-provider aggregators -├── provider/ # Provider execution layer -│ ├── base.go # Provider interface and executor -│ ├── http.go # HTTP client with retry logic -│ ├── rate_limit.go # Token bucket implementation -│ └── health.go # Health check logic -├── auth/ # Authentication lifecycle -│ ├── manager.go # Core auth manager -│ ├── oauth.go # OAuth flows -│ ├── device_flow.go # Device authorization flow -│ └── refresh.go # Token refresh worker -├── config/ # Configuration management -│ ├── loader.go # Config file parsing -│ ├── schema.go # Validation schema -│ └── synthesis.go # Config merge logic -├── watcher/ # Dynamic reload orchestration -│ ├── file.go # File system watcher -│ ├── debounce.go # Debouncing logic -│ └── notify.go # Change notifications -└── metrics/ # Observability - ├── collector.go # Metrics collection - └── exporter.go # Metrics export -``` - -## Adding a New Provider - -### Step 1: Define Provider Configuration - -Add provider config to `config/schema.go`: - -```go -type ProviderConfig struct { - Type string `yaml:"type" validate:"required,oneof=claude gemini openai kiro copilot myprovider"` - Enabled bool `yaml:"enabled"` - Models []ModelConfig `yaml:"models"` - AuthType string `yaml:"auth_type" validate:"required,oneof=api_key oauth device_flow"` - Priority int `yaml:"priority"` - Cooldown time.Duration `yaml:"cooldown"` - Endpoint string `yaml:"endpoint"` - // Provider-specific fields - CustomField string `yaml:"custom_field"` -} -``` - -### Step 2: Implement Translator Interface - -Create `pkg/llmproxy/translator/myprovider.go`: - -```go -package translator - -import ( - "context" - "encoding/json" - - openai "github.com/sashabaranov/go-openai" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" -) - -type MyProviderTranslator struct { - config *config.ProviderConfig -} - -func NewMyProviderTranslator(cfg *config.ProviderConfig) *MyProviderTranslator { - return &MyProviderTranslator{config: cfg} -} - -func (t *MyProviderTranslator) TranslateRequest( - ctx context.Context, - req *openai.ChatCompletionRequest, -) (*llmproxy.ProviderRequest, error) { - // Map OpenAI models to provider models - modelMapping := map[string]string{ - "gpt-4": "myprovider-v1-large", - "gpt-3.5-turbo": "myprovider-v1-medium", - } - providerModel := modelMapping[req.Model] - if providerModel == "" { - providerModel = req.Model - } - - // Convert messages - messages := make([]map[string]interface{}, len(req.Messages)) - for i, msg := range req.Messages { - messages[i] = map[string]interface{}{ - "role": msg.Role, - "content": msg.Content, - } - } - - // Build request - providerReq := &llmproxy.ProviderRequest{ - Method: "POST", - Endpoint: t.config.Endpoint + "/v1/chat/completions", - Headers: map[string]string{ - "Content-Type": "application/json", - "Accept": "application/json", - }, - Body: map[string]interface{}{ - "model": providerModel, - "messages": messages, - "stream": req.Stream, - }, - } - - // Add optional parameters - if req.Temperature != 0 { - providerReq.Body["temperature"] = req.Temperature - } - if req.MaxTokens != 0 { - providerReq.Body["max_tokens"] = req.MaxTokens - } - - return providerReq, nil -} - -func (t *MyProviderTranslator) TranslateResponse( - ctx context.Context, - resp *llmproxy.ProviderResponse, -) (*openai.ChatCompletionResponse, error) { - // Parse provider response - var providerBody struct { - ID string `json:"id"` - Model string `json:"model"` - Choices []struct { - Message struct { - Role string `json:"role"` - Content string `json:"content"` - } `json:"message"` - FinishReason string `json:"finish_reason"` - } `json:"choices"` - Usage struct { - PromptTokens int `json:"prompt_tokens"` - CompletionTokens int `json:"completion_tokens"` - TotalTokens int `json:"total_tokens"` - } `json:"usage"` - } - - if err := json.Unmarshal(resp.Body, &providerBody); err != nil { - return nil, fmt.Errorf("failed to parse provider response: %w", err) - } - - // Convert to OpenAI format - choices := make([]openai.ChatCompletionChoice, len(providerBody.Choices)) - for i, choice := range providerBody.Choices { - choices[i] = openai.ChatCompletionChoice{ - Message: openai.ChatCompletionMessage{ - Role: openai.ChatMessageRole(choice.Message.Role), - Content: choice.Message.Content, - }, - FinishReason: openai.FinishReason(choice.FinishReason), - } - } - - return &openai.ChatCompletionResponse{ - ID: providerBody.ID, - Model: resp.RequestModel, - Choices: choices, - Usage: openai.Usage{ - PromptTokens: providerBody.Usage.PromptTokens, - CompletionTokens: providerBody.Usage.CompletionTokens, - TotalTokens: providerBody.Usage.TotalTokens, - }, - }, nil -} - -func (t *MyProviderTranslator) TranslateStream( - ctx context.Context, - stream io.Reader, -) (<-chan *openai.ChatCompletionStreamResponse, error) { - // Implement streaming translation - ch := make(chan *openai.ChatCompletionStreamResponse) - - go func() { - defer close(ch) - - scanner := bufio.NewScanner(stream) - for scanner.Scan() { - line := scanner.Text() - if !strings.HasPrefix(line, "data: ") { - continue - } - - data := strings.TrimPrefix(line, "data: ") - if data == "[DONE]" { - return - } - - var chunk struct { - ID string `json:"id"` - Choices []struct { - Delta struct { - Content string `json:"content"` - } `json:"delta"` - FinishReason *string `json:"finish_reason"` - } `json:"choices"` - } - - if err := json.Unmarshal([]byte(data), &chunk); err != nil { - continue - } - - ch <- &openai.ChatCompletionStreamResponse{ - ID: chunk.ID, - Choices: []openai.ChatCompletionStreamChoice{ - { - Delta: openai.ChatCompletionStreamDelta{ - Content: chunk.Choices[0].Delta.Content, - }, - FinishReason: chunk.Choices[0].FinishReason, - }, - }, - } - } - }() - - return ch, nil -} - -func (t *MyProviderTranslator) SupportsStreaming() bool { - return true -} - -func (t *MyProviderTranslator) SupportsFunctions() bool { - return false -} - -func (t *MyProviderTranslator) MaxTokens() int { - return 4096 -} -``` - -### Step 3: Implement Provider Executor - -Create `pkg/llmproxy/provider/myprovider.go`: - -```go -package provider - -import ( - "context" - "fmt" - "net/http" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/coreauth" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" -) - -type MyProviderExecutor struct { - config *config.ProviderConfig - client *http.Client - rateLimit *RateLimiter - translator *translator.MyProviderTranslator -} - -func NewMyProviderExecutor( - cfg *config.ProviderConfig, - rtProvider coreauth.RoundTripperProvider, -) *MyProviderExecutor { - return &MyProviderExecutor{ - config: cfg, - client: NewHTTPClient(rtProvider), - rateLimit: NewRateLimiter(cfg.RateLimit), - translator: translator.NewMyProviderTranslator(cfg), - } -} - -func (e *MyProviderExecutor) Execute( - ctx context.Context, - auth coreauth.Auth, - req *llmproxy.ProviderRequest, -) (*llmproxy.ProviderResponse, error) { - // Rate limit check - if err := e.rateLimit.Wait(ctx); err != nil { - return nil, fmt.Errorf("rate limit exceeded: %w", err) - } - - // Add auth headers - if auth != nil { - req.Headers["Authorization"] = fmt.Sprintf("Bearer %s", auth.Token) - } - - // Execute request - resp, err := e.client.Do(ctx, req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - - // Check for errors - if resp.StatusCode >= 400 { - return nil, fmt.Errorf("provider error: %s", string(resp.Body)) - } - - return resp, nil -} - -func (e *MyProviderExecutor) ExecuteStream( - ctx context.Context, - auth coreauth.Auth, - req *llmproxy.ProviderRequest, -) (<-chan *llmproxy.ProviderChunk, error) { - // Rate limit check - if err := e.rateLimit.Wait(ctx); err != nil { - return nil, fmt.Errorf("rate limit exceeded: %w", err) - } - - // Add auth headers - if auth != nil { - req.Headers["Authorization"] = fmt.Sprintf("Bearer %s", auth.Token) - } - - // Execute streaming request - stream, err := e.client.DoStream(ctx, req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - - return stream, nil -} - -func (e *MyProviderExecutor) HealthCheck( - ctx context.Context, - auth coreauth.Auth, -) error { - req := &llmproxy.ProviderRequest{ - Method: "GET", - Endpoint: e.config.Endpoint + "/v1/health", - } - - resp, err := e.client.Do(ctx, req) - if err != nil { - return err - } - - if resp.StatusCode != 200 { - return fmt.Errorf("health check failed: %s", string(resp.Body)) - } - - return nil -} - -func (e *MyProviderExecutor) Name() string { - return "myprovider" -} - -func (e *MyProviderExecutor) SupportsModel(model string) bool { - for _, m := range e.config.Models { - if m.Name == model { - return m.Enabled - } - } - return false -} -``` - -### Step 4: Register Provider - -Update `pkg/llmproxy/provider/registry.go`: - -```go -package provider - -import ( - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/coreauth" -) - -type ProviderFactory func( - cfg *config.ProviderConfig, - rtProvider coreauth.RoundTripperProvider, -) ProviderExecutor - -var providers = map[string]ProviderFactory{ - "claude": NewClaudeExecutor, - "gemini": NewGeminiExecutor, - "openai": NewOpenAIExecutor, - "kiro": NewKiroExecutor, - "copilot": NewCopilotExecutor, - "myprovider": NewMyProviderExecutor, // Add your provider -} - -func GetExecutor( - providerType string, - cfg *config.ProviderConfig, - rtProvider coreauth.RoundTripperProvider, -) (ProviderExecutor, error) { - factory, ok := providers[providerType] - if !ok { - return nil, fmt.Errorf("unknown provider type: %s", providerType) - } - - return factory(cfg, rtProvider), nil -} -``` - -### Step 5: Add Tests - -Create `pkg/llmproxy/translator/myprovider_test.go`: - -```go -package translator - -import ( - "context" - "testing" - - openai "github.com/sashabaranov/go-openai" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -) - -func TestMyProviderTranslator(t *testing.T) { - cfg := &config.ProviderConfig{ - Type: "myprovider", - Endpoint: "https://api.myprovider.com", - } - - translator := NewMyProviderTranslator(cfg) - - t.Run("TranslateRequest", func(t *testing.T) { - req := &openai.ChatCompletionRequest{ - Model: "gpt-4", - Messages: []openai.ChatCompletionMessage{ - {Role: "user", Content: "Hello"}, - }, - } - - providerReq, err := translator.TranslateRequest(context.Background(), req) - if err != nil { - t.Fatalf("TranslateRequest failed: %v", err) - } - - if providerReq.Endpoint != "https://api.myprovider.com/v1/chat/completions" { - t.Errorf("unexpected endpoint: %s", providerReq.Endpoint) - } - }) - - t.Run("TranslateResponse", func(t *testing.T) { - providerResp := &llmproxy.ProviderResponse{ - Body: []byte(`{ - "id": "test-id", - "model": "myprovider-v1-large", - "choices": [{ - "message": {"role": "assistant", "content": "Hi!"}, - "finish_reason": "stop" - }], - "usage": {"prompt_tokens": 10, "completion_tokens": 5, "total_tokens": 15} - }`), - } - - openaiResp, err := translator.TranslateResponse(context.Background(), providerResp) - if err != nil { - t.Fatalf("TranslateResponse failed: %v", err) - } - - if openaiResp.ID != "test-id" { - t.Errorf("unexpected id: %s", openaiResp.ID) - } - }) -} -``` - -## Custom Authentication Flows - -### Implementing OAuth - -If your provider uses OAuth, implement the `AuthFlow` interface: - -```go -package auth - -import ( - "context" - "time" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -) - -type MyProviderOAuthFlow struct { - clientID string - clientSecret string - redirectURL string - tokenURL string - authURL string -} - -func (f *MyProviderOAuthFlow) Start(ctx context.Context) (*AuthResult, error) { - // Generate authorization URL - state := generateState() - authURL := fmt.Sprintf("%s?client_id=%s&redirect_uri=%s&state=%s", - f.authURL, f.clientID, f.redirectURL, state) - - return &AuthResult{ - Method: "oauth", - AuthURL: authURL, - State: state, - ExpiresAt: time.Now().Add(10 * time.Minute), - }, nil -} - -func (f *MyProviderOAuthFlow) Exchange(ctx context.Context, code string) (*AuthToken, error) { - // Exchange authorization code for token - req := map[string]string{ - "client_id": f.clientID, - "client_secret": f.clientSecret, - "code": code, - "redirect_uri": f.redirectURL, - "grant_type": "authorization_code", - } - - resp, err := http.PostForm(f.tokenURL, req) - if err != nil { - return nil, err - } - - var token struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - } - - if err := json.NewDecoder(resp.Body).Decode(&token); err != nil { - return nil, err - } - - return &AuthToken{ - AccessToken: token.AccessToken, - RefreshToken: token.RefreshToken, - ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), - }, nil -} - -func (f *MyProviderOAuthFlow) Refresh(ctx context.Context, refreshToken string) (*AuthToken, error) { - // Refresh token - req := map[string]string{ - "client_id": f.clientID, - "client_secret": f.clientSecret, - "refresh_token": refreshToken, - "grant_type": "refresh_token", - } - - resp, err := http.PostForm(f.tokenURL, req) - if err != nil { - return nil, err - } - - var token struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - } - - if err := json.NewDecoder(resp.Body).Decode(&token); err != nil { - return nil, err - } - - return &AuthToken{ - AccessToken: token.AccessToken, - RefreshToken: token.RefreshToken, - ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), - }, nil -} -``` - -### Implementing Device Flow - -```go -package auth - -import ( - "context" - "fmt" - "time" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -) - -type MyProviderDeviceFlow struct { - deviceCodeURL string - tokenURL string - clientID string -} - -func (f *MyProviderDeviceFlow) Start(ctx context.Context) (*AuthResult, error) { - // Request device code - resp, err := http.PostForm(f.deviceCodeURL, map[string]string{ - "client_id": f.clientID, - }) - if err != nil { - return nil, err - } - - var dc struct { - DeviceCode string `json:"device_code"` - UserCode string `json:"user_code"` - VerificationURI string `json:"verification_uri"` - VerificationURIComplete string `json:"verification_uri_complete"` - ExpiresIn int `json:"expires_in"` - Interval int `json:"interval"` - } - - if err := json.NewDecoder(resp.Body).Decode(&dc); err != nil { - return nil, err - } - - return &AuthResult{ - Method: "device_flow", - UserCode: dc.UserCode, - VerificationURL: dc.VerificationURI, - VerificationURLComplete: dc.VerificationURIComplete, - DeviceCode: dc.DeviceCode, - Interval: dc.Interval, - ExpiresAt: time.Now().Add(time.Duration(dc.ExpiresIn) * time.Second), - }, nil -} - -func (f *MyProviderDeviceFlow) Poll(ctx context.Context, deviceCode string) (*AuthToken, error) { - // Poll for token - ticker := time.NewTicker(5 * time.Second) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-ticker.C: - resp, err := http.PostForm(f.tokenURL, map[string]string{ - "client_id": f.clientID, - "grant_type": "urn:ietf:params:oauth:grant-type:device_code", - "device_code": deviceCode, - }) - if err != nil { - return nil, err - } - - var token struct { - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - Error string `json:"error"` - } - - if err := json.NewDecoder(resp.Body).Decode(&token); err != nil { - return nil, err - } - - if token.Error == "" { - return &AuthToken{ - AccessToken: token.AccessToken, - ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), - }, nil - } - - if token.Error != "authorization_pending" { - return nil, fmt.Errorf("device flow error: %s", token.Error) - } - } - } -} -``` - -## Performance Optimization - -### Connection Pooling - -```go -package provider - -import ( - "net/http" - "time" -) - -func NewHTTPClient(rtProvider coreauth.RoundTripperProvider) *http.Client { - transport := &http.Transport{ - MaxIdleConns: 100, - MaxIdleConnsPerHost: 10, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - } - - return &http.Client{ - Transport: transport, - Timeout: 60 * time.Second, - } -} -``` - -### Rate Limiting Optimization - -```go -package provider - -import ( - "golang.org/x/time/rate" -) - -type RateLimiter struct { - limiter *rate.Limiter -} - -func NewRateLimiter(reqPerSec float64) *RateLimiter { - return &RateLimiter{ - limiter: rate.NewLimiter(rate.Limit(reqPerSec), 10), // Burst of 10 - } -} - -func (r *RateLimiter) Wait(ctx context.Context) error { - return r.limiter.Wait(ctx) -} -``` - -### Caching Strategy - -```go -package provider - -import ( - "sync" - "time" -) - -type Cache struct { - mu sync.RWMutex - data map[string]cacheEntry - ttl time.Duration -} - -type cacheEntry struct { - value interface{} - expiresAt time.Time -} - -func NewCache(ttl time.Duration) *Cache { - c := &Cache{ - data: make(map[string]cacheEntry), - ttl: ttl, - } - - // Start cleanup goroutine - go c.cleanup() - - return c -} - -func (c *Cache) Get(key string) (interface{}, bool) { - c.mu.RLock() - defer c.mu.RUnlock() - - entry, ok := c.data[key] - if !ok || time.Now().After(entry.expiresAt) { - return nil, false - } - - return entry.value, true -} - -func (c *Cache) Set(key string, value interface{}) { - c.mu.Lock() - defer c.mu.Unlock() - - c.data[key] = cacheEntry{ - value: value, - expiresAt: time.Now().Add(c.ttl), - } -} - -func (c *Cache) cleanup() { - ticker := time.NewTicker(time.Minute) - defer ticker.Stop() - - for range ticker.C { - c.mu.Lock() - for key, entry := range c.data { - if time.Now().After(entry.expiresAt) { - delete(c.data, key) - } - } - c.mu.Unlock() - } -} -``` - -## Testing Guidelines - -### Unit Tests - -- Test all translator methods -- Mock HTTP responses -- Cover error paths - -### Integration Tests - -- Test against real provider APIs (use test keys) -- Test authentication flows -- Test streaming responses - -### Contract Tests - -- Verify OpenAI API compatibility -- Test model mapping -- Validate error handling - -## Submitting Changes - -1. **Add tests** for new functionality -2. **Run linter**: `make lint` -3. **Run tests**: `make test` -4. **Update documentation** if API changes -5. **Submit PR** with description of changes - -## API Stability - -All exported APIs in `pkg/llmproxy` follow semantic versioning: -- **Major version bump** (v7, v8): Breaking changes -- **Minor version bump**: New features (backwards compatible) -- **Patch version**: Bug fixes - -Deprecated APIs remain for 2 major versions before removal. diff --git a/docs/features/architecture/fragemented/README.md b/docs/features/architecture/fragemented/README.md deleted file mode 100644 index 1dd7786faf..0000000000 --- a/docs/features/architecture/fragemented/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Fragmented Consolidation Backup - -Source: `cliproxyapi-plusplus/docs/features/architecture` -Files: 3 - diff --git a/docs/features/architecture/fragemented/SPEC.md b/docs/features/architecture/fragemented/SPEC.md deleted file mode 100644 index fb99c56ab3..0000000000 --- a/docs/features/architecture/fragemented/SPEC.md +++ /dev/null @@ -1,382 +0,0 @@ -# Technical Specification: Library-First Architecture (pkg/llmproxy) - -## Overview - -**cliproxyapi++** implements a "Library-First" architectural pattern by extracting all core proxy logic from the traditional `internal/` package into a public, reusable `pkg/llmproxy` module. This transformation enables external Go applications to import and embed the entire translation, authentication, and communication engine without depending on the CLI binary. - -## Architecture Migration - -### Before: Mainline Structure -``` -CLIProxyAPI/ -├── internal/ -│ ├── translator/ # Core translation logic (NOT IMPORTABLE) -│ ├── provider/ # Provider executors (NOT IMPORTABLE) -│ └── auth/ # Auth management (NOT IMPORTABLE) -└── cmd/server/ -``` - -### After: cliproxyapi++ Structure -``` -cliproxyapi++/ -├── pkg/llmproxy/ # PUBLIC LIBRARY (IMPORTABLE) -│ ├── translator/ # Translation engine -│ ├── provider/ # Provider implementations -│ ├── config/ # Configuration synthesis -│ ├── watcher/ # Dynamic reload orchestration -│ └── auth/ # Auth lifecycle management -├── cmd/server/ # CLI entry point (uses pkg/llmproxy) -└── sdk/cliproxy/ # High-level embedding SDK -``` - -## Core Components - -### 1. Translation Engine (`pkg/llmproxy/translator`) - -**Purpose**: Handles bidirectional protocol conversion between OpenAI-compatible requests and proprietary LLM APIs. - -**Key Interfaces**: -```go -type Translator interface { - // Convert OpenAI format to provider format - TranslateRequest(ctx context.Context, req *openai.ChatRequest) (*ProviderRequest, error) - - // Convert provider response back to OpenAI format - TranslateResponse(ctx context.Context, resp *ProviderResponse) (*openai.ChatResponse, error) - - // Stream translation for SSE - TranslateStream(ctx context.Context, stream io.Reader) (<-chan *openai.ChatChunk, error) - - // Provider-specific capabilities - SupportsStreaming() bool - SupportsFunctions() bool - MaxTokens() int -} -``` - -**Implemented Translators**: -- `claude.go` - Anthropic Claude API -- `gemini.go` - Google Gemini API -- `openai.go` - OpenAI GPT API -- `kiro.go` - AWS CodeWhisperer (custom protocol) -- `copilot.go` - GitHub Copilot (custom protocol) -- `aggregators.go` - OpenRouter, Together, Fireworks - -**Translation Strategy**: -1. **Request Normalization**: Parse OpenAI-format request, extract: - - Messages (system, user, assistant) - - Tools/functions - - Generation parameters (temp, top_p, max_tokens) - - Streaming flag - -2. **Provider Mapping**: Map OpenAI models to provider endpoints: - ``` - claude-3-5-sonnet -> claude-3-5-sonnet-20241022 (Anthropic) - gpt-4 -> gpt-4-turbo-preview (OpenAI) - gemini-1.5-pro -> gemini-1.5-pro-preview-0514 (Gemini) - ``` - -3. **Response Normalization**: Convert provider responses to OpenAI format: - - Standardize usage statistics (prompt_tokens, completion_tokens) - - Normalize finish reasons (stop, length, content_filter) - - Map provider-specific error codes to OpenAI error types - -### 2. Provider Execution (`pkg/llmproxy/provider`) - -**Purpose**: Orchestrates HTTP communication with LLM providers, handling authentication, retry logic, and error recovery. - -**Key Interfaces**: -```go -type ProviderExecutor interface { - // Execute a single request (non-streaming) - Execute(ctx context.Context, auth coreauth.Auth, req *ProviderRequest) (*ProviderResponse, error) - - // Execute streaming request - ExecuteStream(ctx context.Context, auth coreauth.Auth, req *ProviderRequest) (<-chan *ProviderChunk, error) - - // Health check provider - HealthCheck(ctx context.Context, auth coreauth.Auth) error - - // Provider metadata - Name() string - SupportsModel(model string) bool -} -``` - -**Executor Lifecycle**: -``` -Request -> RateLimitCheck -> AuthValidate -> ProviderExecute -> - -> Success -> Response - -> RetryableError -> Backoff -> Retry - -> NonRetryableError -> Error -``` - -**Rate Limiting**: -- Per-provider token bucket -- Per-credential quota tracking -- Intelligent cooldown on 429 responses - -### 3. Configuration Management (`pkg/llmproxy/config`) - -**Purpose**: Loads, validates, and synthesizes configuration from multiple sources. - -**Configuration Hierarchy**: -``` -1. Base config (config.yaml) -2. Environment overrides (CLI_PROXY_*) -3. Runtime synthesis (watcher merges changes) -4. Per-request overrides (query params) -``` - -**Key Structures**: -```go -type Config struct { - Server ServerConfig - Providers map[string]ProviderConfig - Auth AuthConfig - Management ManagementConfig - Logging LoggingConfig -} - -type ProviderConfig struct { - Type string // "claude", "gemini", "openai", etc. - Enabled bool - Models []ModelConfig - AuthType string // "api_key", "oauth", "device_flow" - Priority int // Routing priority - Cooldown time.Duration -} -``` - -**Hot-Reload Mechanism**: -- File watcher on `config.yaml` and `auths/` directory -- Debounced reload (500ms delay) -- Atomic config swapping (no request interruption) -- Validation before activation (reject invalid configs) - -### 4. Watcher & Synthesis (`pkg/llmproxy/watcher`) - -**Purpose**: Orchestrates dynamic configuration updates and background lifecycle management. - -**Watcher Architecture**: -```go -type Watcher struct { - configPath string - authDir string - reloadChan chan struct{} - currentConfig atomic.Value // *Config - currentAuths atomic.Value // []coreauth.Auth -} - -// Run starts the watcher goroutine -func (w *Watcher) Run(ctx context.Context) error { - // 1. Initial load - w.loadAll() - - // 2. Watch files - go w.watchConfig(ctx) - go w.watchAuths(ctx) - - // 3. Handle reloads - for { - select { - case <-w.reloadChan: - w.loadAll() - case <-ctx.Done(): - return ctx.Err() - } - } -} -``` - -**Synthesis Pipeline**: -``` -Config File Changed -> Parse YAML -> Validate Schema -> - Merge with Existing -> Check Conflicts -> Atomic Swap -``` - -**Background Workers**: -1. **Token Refresh Worker**: Checks every 5 minutes, refreshes tokens expiring within 10 minutes -2. **Health Check Worker**: Pings providers every 30 seconds, marks unhealthy providers -3. **Metrics Collector**: Aggregates request latency, error rates, token usage - -## Data Flow - -### Request Processing Flow -``` -HTTP Request (OpenAI format) - ↓ -Middleware (CORS, auth, logging) - ↓ -Handler (Parse request, select provider) - ↓ -Provider Executor (Rate limit check) - ↓ -Translator (Convert to provider format) - ↓ -HTTP Client (Execute provider API) - ↓ -Translator (Convert response) - ↓ -Handler (Send response) - ↓ -Middleware (Log metrics) - ↓ -HTTP Response (OpenAI format) -``` - -### Configuration Reload Flow -``` -File System Event (config.yaml changed) - ↓ -Watcher (Detect change) - ↓ -Debounce (500ms) - ↓ -Config Loader (Parse and validate) - ↓ -Synthesizer (Merge with existing) - ↓ -Atomic Swap (Update runtime config) - ↓ -Notification (Trigger background workers) -``` - -### Token Refresh Flow -``` -Background Worker (Every 5 min) - ↓ -Scan All Auths - ↓ -Check Expiry (token.ExpiresAt < now + 10min) - ↓ -Execute Refresh Flow - ↓ -Update Storage (auths/{provider}.json) - ↓ -Notify Watcher - ↓ -Atomic Swap (Update runtime auths) -``` - -## Reusability Patterns - -### Embedding as Library -```go -import "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" - -// Create translator -translator := llmproxy.NewClaudeTranslator() - -// Translate request -providerReq, err := translator.TranslateRequest(ctx, openaiReq) - -// Create executor -executor := llmproxy.NewClaudeExecutor() - -// Execute -resp, err := executor.Execute(ctx, auth, providerReq) - -// Translate response -openaiResp, err := translator.TranslateResponse(ctx, resp) -``` - -### Custom Provider Integration -```go -// Implement Translator interface -type MyCustomTranslator struct{} - -func (t *MyCustomTranslator) TranslateRequest(ctx context.Context, req *openai.ChatRequest) (*llmproxy.ProviderRequest, error) { - // Custom translation logic - return &llmproxy.ProviderRequest{}, nil -} - -// Register with executor -executor := llmproxy.NewExecutor( - llmproxy.WithTranslator(&MyCustomTranslator{}), -) -``` - -### Extending Configuration -```go -// Custom config synthesizer -type MySynthesizer struct{} - -func (s *MySynthesizer) Synthesize(base *llmproxy.Config, overrides map[string]interface{}) (*llmproxy.Config, error) { - // Custom merge logic - return base, nil -} - -// Use in watcher -watcher := llmproxy.NewWatcher( - llmproxy.WithSynthesizer(&MySynthesizer{}), -) -``` - -## Performance Characteristics - -### Memory Footprint -- Base package: ~15MB (includes all translators) -- Per-request allocation: <1MB -- Config reload overhead: <10ms - -### Concurrency Model -- Request handling: Goroutine-per-request (bounded by worker pool) -- Config reloading: Single goroutine (serialized) -- Token refresh: Single goroutine (serialized per provider) -- Health checks: Per-provider goroutines - -### Throughput -- Single instance: ~1000 requests/second (varies by provider) -- Hot reload impact: <5ms latency blip during swap -- Background workers: <1% CPU utilization - -## Security Considerations - -### Public API Stability -- All exported APIs follow semantic versioning -- Breaking changes require major version bump (v7, v8, etc.) -- Deprecated APIs remain for 2 major versions - -### Input Validation -- All translator inputs validated before provider execution -- Config validation on load (reject malformed configs) -- Auth credential validation before storage - -### Error Propagation -- Internal errors sanitized before API response -- Provider errors mapped to OpenAI error types -- Detailed logging for debugging (configurable verbosity) - -## Migration Guide - -### From Mainline internal/ -```go -// Before (mainline) -import "github.com/router-for-me/CLIProxyAPI/v6/internal/translator" - -// After (cliproxyapi++) -import "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" -``` - -### Function Compatibility -Most internal functions have public equivalents: -- `internal/translator.NewClaude()` → `llmproxy/translator.NewClaude()` -- `internal/provider.NewExecutor()` → `llmproxy/provider.NewExecutor()` -- `internal/config.Load()` → `llmproxy/config.LoadConfig()` - -## Testing Strategy - -### Unit Tests -- Each translator: Mock provider responses -- Each executor: Mock HTTP transport -- Config validation: Test schema violations - -### Integration Tests -- End-to-end proxy: Real provider APIs (test keys) -- Hot reload: File system changes -- Token refresh: Expiring credentials - -### Contract Tests -- OpenAI API compatibility: Verify response format -- Provider contract: Verify translator mapping diff --git a/docs/features/architecture/fragemented/USER.md b/docs/features/architecture/fragemented/USER.md deleted file mode 100644 index 13ebac0b87..0000000000 --- a/docs/features/architecture/fragemented/USER.md +++ /dev/null @@ -1,436 +0,0 @@ -# User Guide: Library-First Architecture - -## What is "Library-First"? - -The **Library-First** architecture means that all the core proxy logic (translation, authentication, provider communication) is packaged as a reusable Go library (`pkg/llmproxy`). This allows you to embed the proxy directly into your own applications instead of running it as a separate service. - -## Why Use the Library? - -### Benefits Over Standalone CLI - -| Aspect | Standalone CLI | Embedded Library | -|--------|---------------|------------------| -| **Deployment** | Separate process, network calls | In-process, zero network overhead | -| **Configuration** | External config file | Programmatic config | -| **Customization** | Limited to config options | Full code access | -| **Performance** | Network latency + serialization | Direct function calls | -| **Monitoring** | External metrics/logs | Internal hooks/observability | - -### When to Use Each - -**Use Standalone CLI when**: -- You want a simple, drop-in proxy -- You're integrating with existing OpenAI clients -- You don't need custom logic -- You prefer configuration over code - -**Use Embedded Library when**: -- You're building a Go application -- You need custom request/response processing -- You want to integrate with your auth system -- You need fine-grained control over routing - -## Quick Start: Embedding in Your App - -### Step 1: Install the SDK - -```bash -go get github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy -``` - -### Step 2: Basic Embedding - -Create `main.go`: - -```go -package main - -import ( - "context" - "log" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" - "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -) - -func main() { - // Load config - cfg, err := config.LoadConfig("config.yaml") - if err != nil { - log.Fatalf("Failed to load config: %v", err) - } - - // Build service - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - Build() - if err != nil { - log.Fatalf("Failed to build service: %v", err) - } - - // Run service - ctx := context.Background() - if err := svc.Run(ctx); err != nil { - log.Fatalf("Service error: %v", err) - } -} -``` - -### Step 3: Create Config File - -Create `config.yaml`: - -```yaml -server: - port: 8317 - -providers: - claude: - type: "claude" - enabled: true - models: - - name: "claude-3-5-sonnet" - enabled: true - -auth: - dir: "./auths" - providers: - - "claude" -``` - -### Step 4: Run Your App - -```bash -# Add your Claude API key -echo '{"type":"api_key","token":"sk-ant-xxx"}' > auths/claude.json - -# Run your app -go run main.go -``` - -Your embedded proxy is now running on port 8317 with OpenAI-compatible endpoints! - -## Advanced: Custom Translators - -If you need to support a custom LLM provider, you can implement your own translator: - -```go -package main - -import ( - "context" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" - openai "github.com/sashabaranov/go-openai" -) - -// MyCustomTranslator implements the Translator interface -type MyCustomTranslator struct{} - -func (t *MyCustomTranslator) TranslateRequest( - ctx context.Context, - req *openai.ChatCompletionRequest, -) (*translator.ProviderRequest, error) { - // Convert OpenAI request to your provider's format - return &translator.ProviderRequest{ - Endpoint: "https://api.myprovider.com/v1/chat", - Headers: map[string]string{ - "Content-Type": "application/json", - }, - Body: map[string]interface{}{ - "messages": req.Messages, - "model": req.Model, - }, - }, nil -} - -func (t *MyCustomTranslator) TranslateResponse( - ctx context.Context, - resp *translator.ProviderResponse, -) (*openai.ChatCompletionResponse, error) { - // Convert provider response back to OpenAI format - return &openai.ChatCompletionResponse{ - ID: resp.ID, - Choices: []openai.ChatCompletionChoice{ - { - Message: openai.ChatCompletionMessage{ - Role: "assistant", - Content: resp.Content, - }, - }, - }, - }, nil -} - -// Register your translator -func main() { - myTranslator := &MyCustomTranslator{} - - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithCustomTranslator("myprovider", myTranslator). - Build() - // ... -} -``` - -## Advanced: Custom Auth Management - -Integrate with your existing auth system: - -```go -package main - -import ( - "context" - "sync" - - "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -) - -// MyAuthProvider implements TokenClientProvider -type MyAuthProvider struct { - mu sync.RWMutex - tokens map[string]string -} - -func (p *MyAuthProvider) Load( - ctx context.Context, - cfg *config.Config, -) (*cliproxy.TokenClientResult, error) { - p.mu.RLock() - defer p.mu.RUnlock() - - var clients []cliproxy.AuthClient - for provider, token := range p.tokens { - clients = append(clients, cliproxy.AuthClient{ - Provider: provider, - Type: "api_key", - Token: token, - }) - } - - return &cliproxy.TokenClientResult{ - Clients: clients, - Count: len(clients), - }, nil -} - -func (p *MyAuthProvider) AddToken(provider, token string) { - p.mu.Lock() - defer p.mu.Unlock() - p.tokens[provider] = token -} - -func main() { - authProvider := &MyAuthProvider{ - tokens: make(map[string]string), - } - - // Add tokens programmatically - authProvider.AddToken("claude", "sk-ant-xxx") - authProvider.AddToken("openai", "sk-xxx") - - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithTokenClientProvider(authProvider). - Build() - // ... -} -``` - -## Advanced: Request Interception - -Add custom logic before/after requests: - -```go -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithServerOptions( - cliproxy.WithMiddleware(func(c *gin.Context) { - // Log request before processing - log.Printf("Request: %s %s", c.Request.Method, c.Request.URL.Path) - c.Next() - - // Log response after processing - log.Printf("Response status: %d", c.Writer.Status()) - }), - cliproxy.WithRouterConfigurator(func(e *gin.Engine, h *handlers.BaseAPIHandler, cfg *config.Config) { - // Add custom routes - e.GET("/my-custom-endpoint", func(c *gin.Context) { - c.JSON(200, gin.H{"message": "custom endpoint"}) - }) - }), - ). - Build() -``` - -## Advanced: Lifecycle Hooks - -Respond to service lifecycle events: - -```go -hooks := cliproxy.Hooks{ - OnBeforeStart: func(cfg *config.Config) { - log.Println("Initializing database connections...") - // Your custom init logic - }, - OnAfterStart: func(s *cliproxy.Service) { - log.Println("Service ready, starting health checks...") - // Your custom startup logic - }, - OnBeforeShutdown: func(s *cliproxy.Service) { - log.Println("Graceful shutdown started...") - // Your custom shutdown logic - }, -} - -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithHooks(hooks). - Build() -``` - -## Configuration: Hot Reload - -The embedded library automatically reloads config when files change: - -```yaml -# config.yaml -server: - port: 8317 - hot-reload: true # Enable hot reload (default: true) - -providers: - claude: - type: "claude" - enabled: true -``` - -When you modify `config.yaml` or add/remove files in `auths/`, the library: -1. Detects the change (file system watcher) -2. Validates the new config -3. Atomically swaps the runtime config -4. Notifies background workers (token refresh, health checks) - -No restart required! - -## Configuration: Custom Sources - -Load config from anywhere: - -```go -// From environment variables -type EnvConfigLoader struct{} - -func (l *EnvConfigLoader) Load() (*config.Config, error) { - cfg := &config.Config{} - - cfg.Server.Port = getEnvInt("PROXY_PORT", 8317) - cfg.Providers["claude"].Enabled = getEnvBool("ENABLE_CLAUDE", true) - - return cfg, nil -} - -svc, err := cliproxy.NewBuilder(). - WithConfigLoader(&EnvConfigLoader{}). - Build() -``` - -## Monitoring: Metrics - -Access provider metrics: - -```go -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithRouterConfigurator(func(e *gin.Engine, h *handlers.BaseAPIHandler, cfg *config.Config) { - // Metrics endpoint - e.GET("/metrics", func(c *gin.Context) { - metrics := h.GetProviderMetrics() - c.JSON(200, metrics) - }) - }). - Build() -``` - -Metrics include: -- Request count per provider -- Average latency -- Error rate -- Token usage -- Quota remaining - -## Monitoring: Logging - -Customize logging: - -```go -import "log/slog" - -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithLogger(slog.New(slog.NewJSONHandler(os.Stdout, nil))). - Build() -``` - -Log levels: -- `DEBUG`: Detailed request/response data -- `INFO`: General operations (default) -- `WARN`: Recoverable errors (rate limits, retries) -- `ERROR`: Failed requests - -## Troubleshooting - -### Service Won't Start - -**Problem**: `Failed to build service` - -**Solutions**: -1. Check config.yaml syntax: `go run github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config@latest validate config.yaml` -2. Verify auth files exist and are valid JSON -3. Check port is not in use - -### Config Changes Not Applied - -**Problem**: Modified config.yaml but no effect - -**Solutions**: -1. Ensure hot-reload is enabled -2. Wait 500ms for debouncing -3. Check file permissions (readable by process) -4. Verify config is valid (errors logged) - -### Custom Translator Not Working - -**Problem**: Custom provider returns errors - -**Solutions**: -1. Implement all required interface methods -2. Validate request/response formats -3. Check error handling in TranslateRequest/TranslateResponse -4. Add debug logging - -### Performance Issues - -**Problem**: High latency or CPU usage - -**Solutions**: -1. Enable connection pooling in HTTP client -2. Use streaming for long responses -3. Tune worker pool size -4. Profile with `pprof` - -## Next Steps - -- See [DEV.md](./DEV.md) for extending the library -- See [../auth/](../../auth/) for authentication features -- See [../security/](../../security/) for security features -- See [../../api/](../../../api/) for API documentation diff --git a/docs/features/architecture/fragemented/explanation.md b/docs/features/architecture/fragemented/explanation.md deleted file mode 100644 index 63c49b59f2..0000000000 --- a/docs/features/architecture/fragemented/explanation.md +++ /dev/null @@ -1,7 +0,0 @@ -# Fragmented Consolidation Note - -This folder is a deterministic backup of 2026-updated Markdown fragments for consolidation and merge safety. - -- Source docs: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/features/architecture` -- Files included: 3 - diff --git a/docs/features/architecture/fragemented/index.md b/docs/features/architecture/fragemented/index.md deleted file mode 100644 index 482695ce07..0000000000 --- a/docs/features/architecture/fragemented/index.md +++ /dev/null @@ -1,7 +0,0 @@ -# Fragmented Index - -## Source Files (2026) - -- DEV.md -- SPEC.md -- USER.md diff --git a/docs/features/architecture/fragemented/merged.md b/docs/features/architecture/fragemented/merged.md deleted file mode 100644 index a7ed304388..0000000000 --- a/docs/features/architecture/fragemented/merged.md +++ /dev/null @@ -1,1674 +0,0 @@ -# Merged Fragmented Markdown - -## Source: cliproxyapi-plusplus/docs/features/architecture - -## Source: DEV.md - -# Developer Guide: Extending Library-First Architecture - -## Contributing to pkg/llmproxy - -This guide is for developers who want to extend the core library functionality: adding new providers, customizing translators, implementing new authentication flows, or optimizing performance. - -## Project Structure - -``` -pkg/llmproxy/ -├── translator/ # Protocol translation layer -│ ├── base.go # Common interfaces and utilities -│ ├── claude.go # Anthropic Claude -│ ├── gemini.go # Google Gemini -│ ├── openai.go # OpenAI GPT -│ ├── kiro.go # AWS CodeWhisperer -│ ├── copilot.go # GitHub Copilot -│ └── aggregators.go # Multi-provider aggregators -├── provider/ # Provider execution layer -│ ├── base.go # Provider interface and executor -│ ├── http.go # HTTP client with retry logic -│ ├── rate_limit.go # Token bucket implementation -│ └── health.go # Health check logic -├── auth/ # Authentication lifecycle -│ ├── manager.go # Core auth manager -│ ├── oauth.go # OAuth flows -│ ├── device_flow.go # Device authorization flow -│ └── refresh.go # Token refresh worker -├── config/ # Configuration management -│ ├── loader.go # Config file parsing -│ ├── schema.go # Validation schema -│ └── synthesis.go # Config merge logic -├── watcher/ # Dynamic reload orchestration -│ ├── file.go # File system watcher -│ ├── debounce.go # Debouncing logic -│ └── notify.go # Change notifications -└── metrics/ # Observability - ├── collector.go # Metrics collection - └── exporter.go # Metrics export -``` - -## Adding a New Provider - -### Step 1: Define Provider Configuration - -Add provider config to `config/schema.go`: - -```go -type ProviderConfig struct { - Type string `yaml:"type" validate:"required,oneof=claude gemini openai kiro copilot myprovider"` - Enabled bool `yaml:"enabled"` - Models []ModelConfig `yaml:"models"` - AuthType string `yaml:"auth_type" validate:"required,oneof=api_key oauth device_flow"` - Priority int `yaml:"priority"` - Cooldown time.Duration `yaml:"cooldown"` - Endpoint string `yaml:"endpoint"` - // Provider-specific fields - CustomField string `yaml:"custom_field"` -} -``` - -### Step 2: Implement Translator Interface - -Create `pkg/llmproxy/translator/myprovider.go`: - -```go -package translator - -import ( - "context" - "encoding/json" - - openai "github.com/sashabaranov/go-openai" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" -) - -type MyProviderTranslator struct { - config *config.ProviderConfig -} - -func NewMyProviderTranslator(cfg *config.ProviderConfig) *MyProviderTranslator { - return &MyProviderTranslator{config: cfg} -} - -func (t *MyProviderTranslator) TranslateRequest( - ctx context.Context, - req *openai.ChatCompletionRequest, -) (*llmproxy.ProviderRequest, error) { - // Map OpenAI models to provider models - modelMapping := map[string]string{ - "gpt-4": "myprovider-v1-large", - "gpt-3.5-turbo": "myprovider-v1-medium", - } - providerModel := modelMapping[req.Model] - if providerModel == "" { - providerModel = req.Model - } - - // Convert messages - messages := make([]map[string]interface{}, len(req.Messages)) - for i, msg := range req.Messages { - messages[i] = map[string]interface{}{ - "role": msg.Role, - "content": msg.Content, - } - } - - // Build request - providerReq := &llmproxy.ProviderRequest{ - Method: "POST", - Endpoint: t.config.Endpoint + "/v1/chat/completions", - Headers: map[string]string{ - "Content-Type": "application/json", - "Accept": "application/json", - }, - Body: map[string]interface{}{ - "model": providerModel, - "messages": messages, - "stream": req.Stream, - }, - } - - // Add optional parameters - if req.Temperature != 0 { - providerReq.Body["temperature"] = req.Temperature - } - if req.MaxTokens != 0 { - providerReq.Body["max_tokens"] = req.MaxTokens - } - - return providerReq, nil -} - -func (t *MyProviderTranslator) TranslateResponse( - ctx context.Context, - resp *llmproxy.ProviderResponse, -) (*openai.ChatCompletionResponse, error) { - // Parse provider response - var providerBody struct { - ID string `json:"id"` - Model string `json:"model"` - Choices []struct { - Message struct { - Role string `json:"role"` - Content string `json:"content"` - } `json:"message"` - FinishReason string `json:"finish_reason"` - } `json:"choices"` - Usage struct { - PromptTokens int `json:"prompt_tokens"` - CompletionTokens int `json:"completion_tokens"` - TotalTokens int `json:"total_tokens"` - } `json:"usage"` - } - - if err := json.Unmarshal(resp.Body, &providerBody); err != nil { - return nil, fmt.Errorf("failed to parse provider response: %w", err) - } - - // Convert to OpenAI format - choices := make([]openai.ChatCompletionChoice, len(providerBody.Choices)) - for i, choice := range providerBody.Choices { - choices[i] = openai.ChatCompletionChoice{ - Message: openai.ChatCompletionMessage{ - Role: openai.ChatMessageRole(choice.Message.Role), - Content: choice.Message.Content, - }, - FinishReason: openai.FinishReason(choice.FinishReason), - } - } - - return &openai.ChatCompletionResponse{ - ID: providerBody.ID, - Model: resp.RequestModel, - Choices: choices, - Usage: openai.Usage{ - PromptTokens: providerBody.Usage.PromptTokens, - CompletionTokens: providerBody.Usage.CompletionTokens, - TotalTokens: providerBody.Usage.TotalTokens, - }, - }, nil -} - -func (t *MyProviderTranslator) TranslateStream( - ctx context.Context, - stream io.Reader, -) (<-chan *openai.ChatCompletionStreamResponse, error) { - // Implement streaming translation - ch := make(chan *openai.ChatCompletionStreamResponse) - - go func() { - defer close(ch) - - scanner := bufio.NewScanner(stream) - for scanner.Scan() { - line := scanner.Text() - if !strings.HasPrefix(line, "data: ") { - continue - } - - data := strings.TrimPrefix(line, "data: ") - if data == "[DONE]" { - return - } - - var chunk struct { - ID string `json:"id"` - Choices []struct { - Delta struct { - Content string `json:"content"` - } `json:"delta"` - FinishReason *string `json:"finish_reason"` - } `json:"choices"` - } - - if err := json.Unmarshal([]byte(data), &chunk); err != nil { - continue - } - - ch <- &openai.ChatCompletionStreamResponse{ - ID: chunk.ID, - Choices: []openai.ChatCompletionStreamChoice{ - { - Delta: openai.ChatCompletionStreamDelta{ - Content: chunk.Choices[0].Delta.Content, - }, - FinishReason: chunk.Choices[0].FinishReason, - }, - }, - } - } - }() - - return ch, nil -} - -func (t *MyProviderTranslator) SupportsStreaming() bool { - return true -} - -func (t *MyProviderTranslator) SupportsFunctions() bool { - return false -} - -func (t *MyProviderTranslator) MaxTokens() int { - return 4096 -} -``` - -### Step 3: Implement Provider Executor - -Create `pkg/llmproxy/provider/myprovider.go`: - -```go -package provider - -import ( - "context" - "fmt" - "net/http" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/coreauth" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" -) - -type MyProviderExecutor struct { - config *config.ProviderConfig - client *http.Client - rateLimit *RateLimiter - translator *translator.MyProviderTranslator -} - -func NewMyProviderExecutor( - cfg *config.ProviderConfig, - rtProvider coreauth.RoundTripperProvider, -) *MyProviderExecutor { - return &MyProviderExecutor{ - config: cfg, - client: NewHTTPClient(rtProvider), - rateLimit: NewRateLimiter(cfg.RateLimit), - translator: translator.NewMyProviderTranslator(cfg), - } -} - -func (e *MyProviderExecutor) Execute( - ctx context.Context, - auth coreauth.Auth, - req *llmproxy.ProviderRequest, -) (*llmproxy.ProviderResponse, error) { - // Rate limit check - if err := e.rateLimit.Wait(ctx); err != nil { - return nil, fmt.Errorf("rate limit exceeded: %w", err) - } - - // Add auth headers - if auth != nil { - req.Headers["Authorization"] = fmt.Sprintf("Bearer %s", auth.Token) - } - - // Execute request - resp, err := e.client.Do(ctx, req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - - // Check for errors - if resp.StatusCode >= 400 { - return nil, fmt.Errorf("provider error: %s", string(resp.Body)) - } - - return resp, nil -} - -func (e *MyProviderExecutor) ExecuteStream( - ctx context.Context, - auth coreauth.Auth, - req *llmproxy.ProviderRequest, -) (<-chan *llmproxy.ProviderChunk, error) { - // Rate limit check - if err := e.rateLimit.Wait(ctx); err != nil { - return nil, fmt.Errorf("rate limit exceeded: %w", err) - } - - // Add auth headers - if auth != nil { - req.Headers["Authorization"] = fmt.Sprintf("Bearer %s", auth.Token) - } - - // Execute streaming request - stream, err := e.client.DoStream(ctx, req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - - return stream, nil -} - -func (e *MyProviderExecutor) HealthCheck( - ctx context.Context, - auth coreauth.Auth, -) error { - req := &llmproxy.ProviderRequest{ - Method: "GET", - Endpoint: e.config.Endpoint + "/v1/health", - } - - resp, err := e.client.Do(ctx, req) - if err != nil { - return err - } - - if resp.StatusCode != 200 { - return fmt.Errorf("health check failed: %s", string(resp.Body)) - } - - return nil -} - -func (e *MyProviderExecutor) Name() string { - return "myprovider" -} - -func (e *MyProviderExecutor) SupportsModel(model string) bool { - for _, m := range e.config.Models { - if m.Name == model { - return m.Enabled - } - } - return false -} -``` - -### Step 4: Register Provider - -Update `pkg/llmproxy/provider/registry.go`: - -```go -package provider - -import ( - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/coreauth" -) - -type ProviderFactory func( - cfg *config.ProviderConfig, - rtProvider coreauth.RoundTripperProvider, -) ProviderExecutor - -var providers = map[string]ProviderFactory{ - "claude": NewClaudeExecutor, - "gemini": NewGeminiExecutor, - "openai": NewOpenAIExecutor, - "kiro": NewKiroExecutor, - "copilot": NewCopilotExecutor, - "myprovider": NewMyProviderExecutor, // Add your provider -} - -func GetExecutor( - providerType string, - cfg *config.ProviderConfig, - rtProvider coreauth.RoundTripperProvider, -) (ProviderExecutor, error) { - factory, ok := providers[providerType] - if !ok { - return nil, fmt.Errorf("unknown provider type: %s", providerType) - } - - return factory(cfg, rtProvider), nil -} -``` - -### Step 5: Add Tests - -Create `pkg/llmproxy/translator/myprovider_test.go`: - -```go -package translator - -import ( - "context" - "testing" - - openai "github.com/sashabaranov/go-openai" - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -) - -func TestMyProviderTranslator(t *testing.T) { - cfg := &config.ProviderConfig{ - Type: "myprovider", - Endpoint: "https://api.myprovider.com", - } - - translator := NewMyProviderTranslator(cfg) - - t.Run("TranslateRequest", func(t *testing.T) { - req := &openai.ChatCompletionRequest{ - Model: "gpt-4", - Messages: []openai.ChatCompletionMessage{ - {Role: "user", Content: "Hello"}, - }, - } - - providerReq, err := translator.TranslateRequest(context.Background(), req) - if err != nil { - t.Fatalf("TranslateRequest failed: %v", err) - } - - if providerReq.Endpoint != "https://api.myprovider.com/v1/chat/completions" { - t.Errorf("unexpected endpoint: %s", providerReq.Endpoint) - } - }) - - t.Run("TranslateResponse", func(t *testing.T) { - providerResp := &llmproxy.ProviderResponse{ - Body: []byte(`{ - "id": "test-id", - "model": "myprovider-v1-large", - "choices": [{ - "message": {"role": "assistant", "content": "Hi!"}, - "finish_reason": "stop" - }], - "usage": {"prompt_tokens": 10, "completion_tokens": 5, "total_tokens": 15} - }`), - } - - openaiResp, err := translator.TranslateResponse(context.Background(), providerResp) - if err != nil { - t.Fatalf("TranslateResponse failed: %v", err) - } - - if openaiResp.ID != "test-id" { - t.Errorf("unexpected id: %s", openaiResp.ID) - } - }) -} -``` - -## Custom Authentication Flows - -### Implementing OAuth - -If your provider uses OAuth, implement the `AuthFlow` interface: - -```go -package auth - -import ( - "context" - "time" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -) - -type MyProviderOAuthFlow struct { - clientID string - clientSecret string - redirectURL string - tokenURL string - authURL string -} - -func (f *MyProviderOAuthFlow) Start(ctx context.Context) (*AuthResult, error) { - // Generate authorization URL - state := generateState() - authURL := fmt.Sprintf("%s?client_id=%s&redirect_uri=%s&state=%s", - f.authURL, f.clientID, f.redirectURL, state) - - return &AuthResult{ - Method: "oauth", - AuthURL: authURL, - State: state, - ExpiresAt: time.Now().Add(10 * time.Minute), - }, nil -} - -func (f *MyProviderOAuthFlow) Exchange(ctx context.Context, code string) (*AuthToken, error) { - // Exchange authorization code for token - req := map[string]string{ - "client_id": f.clientID, - "client_secret": f.clientSecret, - "code": code, - "redirect_uri": f.redirectURL, - "grant_type": "authorization_code", - } - - resp, err := http.PostForm(f.tokenURL, req) - if err != nil { - return nil, err - } - - var token struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - } - - if err := json.NewDecoder(resp.Body).Decode(&token); err != nil { - return nil, err - } - - return &AuthToken{ - AccessToken: token.AccessToken, - RefreshToken: token.RefreshToken, - ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), - }, nil -} - -func (f *MyProviderOAuthFlow) Refresh(ctx context.Context, refreshToken string) (*AuthToken, error) { - // Refresh token - req := map[string]string{ - "client_id": f.clientID, - "client_secret": f.clientSecret, - "refresh_token": refreshToken, - "grant_type": "refresh_token", - } - - resp, err := http.PostForm(f.tokenURL, req) - if err != nil { - return nil, err - } - - var token struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - } - - if err := json.NewDecoder(resp.Body).Decode(&token); err != nil { - return nil, err - } - - return &AuthToken{ - AccessToken: token.AccessToken, - RefreshToken: token.RefreshToken, - ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), - }, nil -} -``` - -### Implementing Device Flow - -```go -package auth - -import ( - "context" - "fmt" - "time" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" -) - -type MyProviderDeviceFlow struct { - deviceCodeURL string - tokenURL string - clientID string -} - -func (f *MyProviderDeviceFlow) Start(ctx context.Context) (*AuthResult, error) { - // Request device code - resp, err := http.PostForm(f.deviceCodeURL, map[string]string{ - "client_id": f.clientID, - }) - if err != nil { - return nil, err - } - - var dc struct { - DeviceCode string `json:"device_code"` - UserCode string `json:"user_code"` - VerificationURI string `json:"verification_uri"` - VerificationURIComplete string `json:"verification_uri_complete"` - ExpiresIn int `json:"expires_in"` - Interval int `json:"interval"` - } - - if err := json.NewDecoder(resp.Body).Decode(&dc); err != nil { - return nil, err - } - - return &AuthResult{ - Method: "device_flow", - UserCode: dc.UserCode, - VerificationURL: dc.VerificationURI, - VerificationURLComplete: dc.VerificationURIComplete, - DeviceCode: dc.DeviceCode, - Interval: dc.Interval, - ExpiresAt: time.Now().Add(time.Duration(dc.ExpiresIn) * time.Second), - }, nil -} - -func (f *MyProviderDeviceFlow) Poll(ctx context.Context, deviceCode string) (*AuthToken, error) { - // Poll for token - ticker := time.NewTicker(5 * time.Second) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-ticker.C: - resp, err := http.PostForm(f.tokenURL, map[string]string{ - "client_id": f.clientID, - "grant_type": "urn:ietf:params:oauth:grant-type:device_code", - "device_code": deviceCode, - }) - if err != nil { - return nil, err - } - - var token struct { - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - Error string `json:"error"` - } - - if err := json.NewDecoder(resp.Body).Decode(&token); err != nil { - return nil, err - } - - if token.Error == "" { - return &AuthToken{ - AccessToken: token.AccessToken, - ExpiresAt: time.Now().Add(time.Duration(token.ExpiresIn) * time.Second), - }, nil - } - - if token.Error != "authorization_pending" { - return nil, fmt.Errorf("device flow error: %s", token.Error) - } - } - } -} -``` - -## Performance Optimization - -### Connection Pooling - -```go -package provider - -import ( - "net/http" - "time" -) - -func NewHTTPClient(rtProvider coreauth.RoundTripperProvider) *http.Client { - transport := &http.Transport{ - MaxIdleConns: 100, - MaxIdleConnsPerHost: 10, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - } - - return &http.Client{ - Transport: transport, - Timeout: 60 * time.Second, - } -} -``` - -### Rate Limiting Optimization - -```go -package provider - -import ( - "golang.org/x/time/rate" -) - -type RateLimiter struct { - limiter *rate.Limiter -} - -func NewRateLimiter(reqPerSec float64) *RateLimiter { - return &RateLimiter{ - limiter: rate.NewLimiter(rate.Limit(reqPerSec), 10), // Burst of 10 - } -} - -func (r *RateLimiter) Wait(ctx context.Context) error { - return r.limiter.Wait(ctx) -} -``` - -### Caching Strategy - -```go -package provider - -import ( - "sync" - "time" -) - -type Cache struct { - mu sync.RWMutex - data map[string]cacheEntry - ttl time.Duration -} - -type cacheEntry struct { - value interface{} - expiresAt time.Time -} - -func NewCache(ttl time.Duration) *Cache { - c := &Cache{ - data: make(map[string]cacheEntry), - ttl: ttl, - } - - // Start cleanup goroutine - go c.cleanup() - - return c -} - -func (c *Cache) Get(key string) (interface{}, bool) { - c.mu.RLock() - defer c.mu.RUnlock() - - entry, ok := c.data[key] - if !ok || time.Now().After(entry.expiresAt) { - return nil, false - } - - return entry.value, true -} - -func (c *Cache) Set(key string, value interface{}) { - c.mu.Lock() - defer c.mu.Unlock() - - c.data[key] = cacheEntry{ - value: value, - expiresAt: time.Now().Add(c.ttl), - } -} - -func (c *Cache) cleanup() { - ticker := time.NewTicker(time.Minute) - defer ticker.Stop() - - for range ticker.C { - c.mu.Lock() - for key, entry := range c.data { - if time.Now().After(entry.expiresAt) { - delete(c.data, key) - } - } - c.mu.Unlock() - } -} -``` - -## Testing Guidelines - -### Unit Tests - -- Test all translator methods -- Mock HTTP responses -- Cover error paths - -### Integration Tests - -- Test against real provider APIs (use test keys) -- Test authentication flows -- Test streaming responses - -### Contract Tests - -- Verify OpenAI API compatibility -- Test model mapping -- Validate error handling - -## Submitting Changes - -1. **Add tests** for new functionality -2. **Run linter**: `make lint` -3. **Run tests**: `make test` -4. **Update documentation** if API changes -5. **Submit PR** with description of changes - -## API Stability - -All exported APIs in `pkg/llmproxy` follow semantic versioning: -- **Major version bump** (v7, v8): Breaking changes -- **Minor version bump**: New features (backwards compatible) -- **Patch version**: Bug fixes - -Deprecated APIs remain for 2 major versions before removal. - ---- - -## Source: SPEC.md - -# Technical Specification: Library-First Architecture (pkg/llmproxy) - -## Overview - -**cliproxyapi++** implements a "Library-First" architectural pattern by extracting all core proxy logic from the traditional `internal/` package into a public, reusable `pkg/llmproxy` module. This transformation enables external Go applications to import and embed the entire translation, authentication, and communication engine without depending on the CLI binary. - -## Architecture Migration - -### Before: Mainline Structure -``` -CLIProxyAPI/ -├── internal/ -│ ├── translator/ # Core translation logic (NOT IMPORTABLE) -│ ├── provider/ # Provider executors (NOT IMPORTABLE) -│ └── auth/ # Auth management (NOT IMPORTABLE) -└── cmd/server/ -``` - -### After: cliproxyapi++ Structure -``` -cliproxyapi++/ -├── pkg/llmproxy/ # PUBLIC LIBRARY (IMPORTABLE) -│ ├── translator/ # Translation engine -│ ├── provider/ # Provider implementations -│ ├── config/ # Configuration synthesis -│ ├── watcher/ # Dynamic reload orchestration -│ └── auth/ # Auth lifecycle management -├── cmd/server/ # CLI entry point (uses pkg/llmproxy) -└── sdk/cliproxy/ # High-level embedding SDK -``` - -## Core Components - -### 1. Translation Engine (`pkg/llmproxy/translator`) - -**Purpose**: Handles bidirectional protocol conversion between OpenAI-compatible requests and proprietary LLM APIs. - -**Key Interfaces**: -```go -type Translator interface { - // Convert OpenAI format to provider format - TranslateRequest(ctx context.Context, req *openai.ChatRequest) (*ProviderRequest, error) - - // Convert provider response back to OpenAI format - TranslateResponse(ctx context.Context, resp *ProviderResponse) (*openai.ChatResponse, error) - - // Stream translation for SSE - TranslateStream(ctx context.Context, stream io.Reader) (<-chan *openai.ChatChunk, error) - - // Provider-specific capabilities - SupportsStreaming() bool - SupportsFunctions() bool - MaxTokens() int -} -``` - -**Implemented Translators**: -- `claude.go` - Anthropic Claude API -- `gemini.go` - Google Gemini API -- `openai.go` - OpenAI GPT API -- `kiro.go` - AWS CodeWhisperer (custom protocol) -- `copilot.go` - GitHub Copilot (custom protocol) -- `aggregators.go` - OpenRouter, Together, Fireworks - -**Translation Strategy**: -1. **Request Normalization**: Parse OpenAI-format request, extract: - - Messages (system, user, assistant) - - Tools/functions - - Generation parameters (temp, top_p, max_tokens) - - Streaming flag - -2. **Provider Mapping**: Map OpenAI models to provider endpoints: - ``` - claude-3-5-sonnet -> claude-3-5-sonnet-20241022 (Anthropic) - gpt-4 -> gpt-4-turbo-preview (OpenAI) - gemini-1.5-pro -> gemini-1.5-pro-preview-0514 (Gemini) - ``` - -3. **Response Normalization**: Convert provider responses to OpenAI format: - - Standardize usage statistics (prompt_tokens, completion_tokens) - - Normalize finish reasons (stop, length, content_filter) - - Map provider-specific error codes to OpenAI error types - -### 2. Provider Execution (`pkg/llmproxy/provider`) - -**Purpose**: Orchestrates HTTP communication with LLM providers, handling authentication, retry logic, and error recovery. - -**Key Interfaces**: -```go -type ProviderExecutor interface { - // Execute a single request (non-streaming) - Execute(ctx context.Context, auth coreauth.Auth, req *ProviderRequest) (*ProviderResponse, error) - - // Execute streaming request - ExecuteStream(ctx context.Context, auth coreauth.Auth, req *ProviderRequest) (<-chan *ProviderChunk, error) - - // Health check provider - HealthCheck(ctx context.Context, auth coreauth.Auth) error - - // Provider metadata - Name() string - SupportsModel(model string) bool -} -``` - -**Executor Lifecycle**: -``` -Request -> RateLimitCheck -> AuthValidate -> ProviderExecute -> - -> Success -> Response - -> RetryableError -> Backoff -> Retry - -> NonRetryableError -> Error -``` - -**Rate Limiting**: -- Per-provider token bucket -- Per-credential quota tracking -- Intelligent cooldown on 429 responses - -### 3. Configuration Management (`pkg/llmproxy/config`) - -**Purpose**: Loads, validates, and synthesizes configuration from multiple sources. - -**Configuration Hierarchy**: -``` -1. Base config (config.yaml) -2. Environment overrides (CLI_PROXY_*) -3. Runtime synthesis (watcher merges changes) -4. Per-request overrides (query params) -``` - -**Key Structures**: -```go -type Config struct { - Server ServerConfig - Providers map[string]ProviderConfig - Auth AuthConfig - Management ManagementConfig - Logging LoggingConfig -} - -type ProviderConfig struct { - Type string // "claude", "gemini", "openai", etc. - Enabled bool - Models []ModelConfig - AuthType string // "api_key", "oauth", "device_flow" - Priority int // Routing priority - Cooldown time.Duration -} -``` - -**Hot-Reload Mechanism**: -- File watcher on `config.yaml` and `auths/` directory -- Debounced reload (500ms delay) -- Atomic config swapping (no request interruption) -- Validation before activation (reject invalid configs) - -### 4. Watcher & Synthesis (`pkg/llmproxy/watcher`) - -**Purpose**: Orchestrates dynamic configuration updates and background lifecycle management. - -**Watcher Architecture**: -```go -type Watcher struct { - configPath string - authDir string - reloadChan chan struct{} - currentConfig atomic.Value // *Config - currentAuths atomic.Value // []coreauth.Auth -} - -// Run starts the watcher goroutine -func (w *Watcher) Run(ctx context.Context) error { - // 1. Initial load - w.loadAll() - - // 2. Watch files - go w.watchConfig(ctx) - go w.watchAuths(ctx) - - // 3. Handle reloads - for { - select { - case <-w.reloadChan: - w.loadAll() - case <-ctx.Done(): - return ctx.Err() - } - } -} -``` - -**Synthesis Pipeline**: -``` -Config File Changed -> Parse YAML -> Validate Schema -> - Merge with Existing -> Check Conflicts -> Atomic Swap -``` - -**Background Workers**: -1. **Token Refresh Worker**: Checks every 5 minutes, refreshes tokens expiring within 10 minutes -2. **Health Check Worker**: Pings providers every 30 seconds, marks unhealthy providers -3. **Metrics Collector**: Aggregates request latency, error rates, token usage - -## Data Flow - -### Request Processing Flow -``` -HTTP Request (OpenAI format) - ↓ -Middleware (CORS, auth, logging) - ↓ -Handler (Parse request, select provider) - ↓ -Provider Executor (Rate limit check) - ↓ -Translator (Convert to provider format) - ↓ -HTTP Client (Execute provider API) - ↓ -Translator (Convert response) - ↓ -Handler (Send response) - ↓ -Middleware (Log metrics) - ↓ -HTTP Response (OpenAI format) -``` - -### Configuration Reload Flow -``` -File System Event (config.yaml changed) - ↓ -Watcher (Detect change) - ↓ -Debounce (500ms) - ↓ -Config Loader (Parse and validate) - ↓ -Synthesizer (Merge with existing) - ↓ -Atomic Swap (Update runtime config) - ↓ -Notification (Trigger background workers) -``` - -### Token Refresh Flow -``` -Background Worker (Every 5 min) - ↓ -Scan All Auths - ↓ -Check Expiry (token.ExpiresAt < now + 10min) - ↓ -Execute Refresh Flow - ↓ -Update Storage (auths/{provider}.json) - ↓ -Notify Watcher - ↓ -Atomic Swap (Update runtime auths) -``` - -## Reusability Patterns - -### Embedding as Library -```go -import "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy" - -// Create translator -translator := llmproxy.NewClaudeTranslator() - -// Translate request -providerReq, err := translator.TranslateRequest(ctx, openaiReq) - -// Create executor -executor := llmproxy.NewClaudeExecutor() - -// Execute -resp, err := executor.Execute(ctx, auth, providerReq) - -// Translate response -openaiResp, err := translator.TranslateResponse(ctx, resp) -``` - -### Custom Provider Integration -```go -// Implement Translator interface -type MyCustomTranslator struct{} - -func (t *MyCustomTranslator) TranslateRequest(ctx context.Context, req *openai.ChatRequest) (*llmproxy.ProviderRequest, error) { - // Custom translation logic - return &llmproxy.ProviderRequest{}, nil -} - -// Register with executor -executor := llmproxy.NewExecutor( - llmproxy.WithTranslator(&MyCustomTranslator{}), -) -``` - -### Extending Configuration -```go -// Custom config synthesizer -type MySynthesizer struct{} - -func (s *MySynthesizer) Synthesize(base *llmproxy.Config, overrides map[string]interface{}) (*llmproxy.Config, error) { - // Custom merge logic - return base, nil -} - -// Use in watcher -watcher := llmproxy.NewWatcher( - llmproxy.WithSynthesizer(&MySynthesizer{}), -) -``` - -## Performance Characteristics - -### Memory Footprint -- Base package: ~15MB (includes all translators) -- Per-request allocation: <1MB -- Config reload overhead: <10ms - -### Concurrency Model -- Request handling: Goroutine-per-request (bounded by worker pool) -- Config reloading: Single goroutine (serialized) -- Token refresh: Single goroutine (serialized per provider) -- Health checks: Per-provider goroutines - -### Throughput -- Single instance: ~1000 requests/second (varies by provider) -- Hot reload impact: <5ms latency blip during swap -- Background workers: <1% CPU utilization - -## Security Considerations - -### Public API Stability -- All exported APIs follow semantic versioning -- Breaking changes require major version bump (v7, v8, etc.) -- Deprecated APIs remain for 2 major versions - -### Input Validation -- All translator inputs validated before provider execution -- Config validation on load (reject malformed configs) -- Auth credential validation before storage - -### Error Propagation -- Internal errors sanitized before API response -- Provider errors mapped to OpenAI error types -- Detailed logging for debugging (configurable verbosity) - -## Migration Guide - -### From Mainline internal/ -```go -// Before (mainline) -import "github.com/router-for-me/CLIProxyAPI/v6/internal/translator" - -// After (cliproxyapi++) -import "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" -``` - -### Function Compatibility -Most internal functions have public equivalents: -- `internal/translator.NewClaude()` → `llmproxy/translator.NewClaude()` -- `internal/provider.NewExecutor()` → `llmproxy/provider.NewExecutor()` -- `internal/config.Load()` → `llmproxy/config.LoadConfig()` - -## Testing Strategy - -### Unit Tests -- Each translator: Mock provider responses -- Each executor: Mock HTTP transport -- Config validation: Test schema violations - -### Integration Tests -- End-to-end proxy: Real provider APIs (test keys) -- Hot reload: File system changes -- Token refresh: Expiring credentials - -### Contract Tests -- OpenAI API compatibility: Verify response format -- Provider contract: Verify translator mapping - ---- - -## Source: USER.md - -# User Guide: Library-First Architecture - -## What is "Library-First"? - -The **Library-First** architecture means that all the core proxy logic (translation, authentication, provider communication) is packaged as a reusable Go library (`pkg/llmproxy`). This allows you to embed the proxy directly into your own applications instead of running it as a separate service. - -## Why Use the Library? - -### Benefits Over Standalone CLI - -| Aspect | Standalone CLI | Embedded Library | -|--------|---------------|------------------| -| **Deployment** | Separate process, network calls | In-process, zero network overhead | -| **Configuration** | External config file | Programmatic config | -| **Customization** | Limited to config options | Full code access | -| **Performance** | Network latency + serialization | Direct function calls | -| **Monitoring** | External metrics/logs | Internal hooks/observability | - -### When to Use Each - -**Use Standalone CLI when**: -- You want a simple, drop-in proxy -- You're integrating with existing OpenAI clients -- You don't need custom logic -- You prefer configuration over code - -**Use Embedded Library when**: -- You're building a Go application -- You need custom request/response processing -- You want to integrate with your auth system -- You need fine-grained control over routing - -## Quick Start: Embedding in Your App - -### Step 1: Install the SDK - -```bash -go get github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy -``` - -### Step 2: Basic Embedding - -Create `main.go`: - -```go -package main - -import ( - "context" - "log" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config" - "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -) - -func main() { - // Load config - cfg, err := config.LoadConfig("config.yaml") - if err != nil { - log.Fatalf("Failed to load config: %v", err) - } - - // Build service - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - Build() - if err != nil { - log.Fatalf("Failed to build service: %v", err) - } - - // Run service - ctx := context.Background() - if err := svc.Run(ctx); err != nil { - log.Fatalf("Service error: %v", err) - } -} -``` - -### Step 3: Create Config File - -Create `config.yaml`: - -```yaml -server: - port: 8317 - -providers: - claude: - type: "claude" - enabled: true - models: - - name: "claude-3-5-sonnet" - enabled: true - -auth: - dir: "./auths" - providers: - - "claude" -``` - -### Step 4: Run Your App - -```bash -# Add your Claude API key -echo '{"type":"api_key","token":"sk-ant-xxx"}' > auths/claude.json - -# Run your app -go run main.go -``` - -Your embedded proxy is now running on port 8317 with OpenAI-compatible endpoints! - -## Advanced: Custom Translators - -If you need to support a custom LLM provider, you can implement your own translator: - -```go -package main - -import ( - "context" - - "github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/translator" - openai "github.com/sashabaranov/go-openai" -) - -// MyCustomTranslator implements the Translator interface -type MyCustomTranslator struct{} - -func (t *MyCustomTranslator) TranslateRequest( - ctx context.Context, - req *openai.ChatCompletionRequest, -) (*translator.ProviderRequest, error) { - // Convert OpenAI request to your provider's format - return &translator.ProviderRequest{ - Endpoint: "https://api.myprovider.com/v1/chat", - Headers: map[string]string{ - "Content-Type": "application/json", - }, - Body: map[string]interface{}{ - "messages": req.Messages, - "model": req.Model, - }, - }, nil -} - -func (t *MyCustomTranslator) TranslateResponse( - ctx context.Context, - resp *translator.ProviderResponse, -) (*openai.ChatCompletionResponse, error) { - // Convert provider response back to OpenAI format - return &openai.ChatCompletionResponse{ - ID: resp.ID, - Choices: []openai.ChatCompletionChoice{ - { - Message: openai.ChatCompletionMessage{ - Role: "assistant", - Content: resp.Content, - }, - }, - }, - }, nil -} - -// Register your translator -func main() { - myTranslator := &MyCustomTranslator{} - - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithCustomTranslator("myprovider", myTranslator). - Build() - // ... -} -``` - -## Advanced: Custom Auth Management - -Integrate with your existing auth system: - -```go -package main - -import ( - "context" - "sync" - - "github.com/KooshaPari/cliproxyapi-plusplus/sdk/cliproxy" -) - -// MyAuthProvider implements TokenClientProvider -type MyAuthProvider struct { - mu sync.RWMutex - tokens map[string]string -} - -func (p *MyAuthProvider) Load( - ctx context.Context, - cfg *config.Config, -) (*cliproxy.TokenClientResult, error) { - p.mu.RLock() - defer p.mu.RUnlock() - - var clients []cliproxy.AuthClient - for provider, token := range p.tokens { - clients = append(clients, cliproxy.AuthClient{ - Provider: provider, - Type: "api_key", - Token: token, - }) - } - - return &cliproxy.TokenClientResult{ - Clients: clients, - Count: len(clients), - }, nil -} - -func (p *MyAuthProvider) AddToken(provider, token string) { - p.mu.Lock() - defer p.mu.Unlock() - p.tokens[provider] = token -} - -func main() { - authProvider := &MyAuthProvider{ - tokens: make(map[string]string), - } - - // Add tokens programmatically - authProvider.AddToken("claude", "sk-ant-xxx") - authProvider.AddToken("openai", "sk-xxx") - - svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithTokenClientProvider(authProvider). - Build() - // ... -} -``` - -## Advanced: Request Interception - -Add custom logic before/after requests: - -```go -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithServerOptions( - cliproxy.WithMiddleware(func(c *gin.Context) { - // Log request before processing - log.Printf("Request: %s %s", c.Request.Method, c.Request.URL.Path) - c.Next() - - // Log response after processing - log.Printf("Response status: %d", c.Writer.Status()) - }), - cliproxy.WithRouterConfigurator(func(e *gin.Engine, h *handlers.BaseAPIHandler, cfg *config.Config) { - // Add custom routes - e.GET("/my-custom-endpoint", func(c *gin.Context) { - c.JSON(200, gin.H{"message": "custom endpoint"}) - }) - }), - ). - Build() -``` - -## Advanced: Lifecycle Hooks - -Respond to service lifecycle events: - -```go -hooks := cliproxy.Hooks{ - OnBeforeStart: func(cfg *config.Config) { - log.Println("Initializing database connections...") - // Your custom init logic - }, - OnAfterStart: func(s *cliproxy.Service) { - log.Println("Service ready, starting health checks...") - // Your custom startup logic - }, - OnBeforeShutdown: func(s *cliproxy.Service) { - log.Println("Graceful shutdown started...") - // Your custom shutdown logic - }, -} - -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithHooks(hooks). - Build() -``` - -## Configuration: Hot Reload - -The embedded library automatically reloads config when files change: - -```yaml -# config.yaml -server: - port: 8317 - hot-reload: true # Enable hot reload (default: true) - -providers: - claude: - type: "claude" - enabled: true -``` - -When you modify `config.yaml` or add/remove files in `auths/`, the library: -1. Detects the change (file system watcher) -2. Validates the new config -3. Atomically swaps the runtime config -4. Notifies background workers (token refresh, health checks) - -No restart required! - -## Configuration: Custom Sources - -Load config from anywhere: - -```go -// From environment variables -type EnvConfigLoader struct{} - -func (l *EnvConfigLoader) Load() (*config.Config, error) { - cfg := &config.Config{} - - cfg.Server.Port = getEnvInt("PROXY_PORT", 8317) - cfg.Providers["claude"].Enabled = getEnvBool("ENABLE_CLAUDE", true) - - return cfg, nil -} - -svc, err := cliproxy.NewBuilder(). - WithConfigLoader(&EnvConfigLoader{}). - Build() -``` - -## Monitoring: Metrics - -Access provider metrics: - -```go -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithRouterConfigurator(func(e *gin.Engine, h *handlers.BaseAPIHandler, cfg *config.Config) { - // Metrics endpoint - e.GET("/metrics", func(c *gin.Context) { - metrics := h.GetProviderMetrics() - c.JSON(200, metrics) - }) - }). - Build() -``` - -Metrics include: -- Request count per provider -- Average latency -- Error rate -- Token usage -- Quota remaining - -## Monitoring: Logging - -Customize logging: - -```go -import "log/slog" - -svc, err := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath("config.yaml"). - WithLogger(slog.New(slog.NewJSONHandler(os.Stdout, nil))). - Build() -``` - -Log levels: -- `DEBUG`: Detailed request/response data -- `INFO`: General operations (default) -- `WARN`: Recoverable errors (rate limits, retries) -- `ERROR`: Failed requests - -## Troubleshooting - -### Service Won't Start - -**Problem**: `Failed to build service` - -**Solutions**: -1. Check config.yaml syntax: `go run github.com/KooshaPari/cliproxyapi-plusplus/pkg/llmproxy/config@latest validate config.yaml` -2. Verify auth files exist and are valid JSON -3. Check port is not in use - -### Config Changes Not Applied - -**Problem**: Modified config.yaml but no effect - -**Solutions**: -1. Ensure hot-reload is enabled -2. Wait 500ms for debouncing -3. Check file permissions (readable by process) -4. Verify config is valid (errors logged) - -### Custom Translator Not Working - -**Problem**: Custom provider returns errors - -**Solutions**: -1. Implement all required interface methods -2. Validate request/response formats -3. Check error handling in TranslateRequest/TranslateResponse -4. Add debug logging - -### Performance Issues - -**Problem**: High latency or CPU usage - -**Solutions**: -1. Enable connection pooling in HTTP client -2. Use streaming for long responses -3. Tune worker pool size -4. Profile with `pprof` - -## Next Steps - -- See [DEV.md](./DEV.md) for extending the library -- See [../auth/](../../auth/) for authentication features -- See [../security/](../../security/) for security features -- See [../../api/](../../../api/) for API documentation - ---- - -Copied count: 3 diff --git a/docs/features/providers/fragemented/.fragmented-candidates.txt b/docs/features/providers/fragemented/.fragmented-candidates.txt deleted file mode 100644 index 6457ab74a3..0000000000 --- a/docs/features/providers/fragemented/.fragmented-candidates.txt +++ /dev/null @@ -1,2 +0,0 @@ -SPEC.md -USER.md diff --git a/docs/features/providers/fragemented/.migration.log b/docs/features/providers/fragemented/.migration.log deleted file mode 100644 index 2f15d9443c..0000000000 --- a/docs/features/providers/fragemented/.migration.log +++ /dev/null @@ -1,5 +0,0 @@ -source=/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/features/providers -timestamp=2026-02-22T05:37:24.299935-07:00 -count=2 -copied=2 -status=ok diff --git a/docs/features/providers/fragemented/README.md b/docs/features/providers/fragemented/README.md deleted file mode 100644 index 9f0224fc01..0000000000 --- a/docs/features/providers/fragemented/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Fragmented Consolidation Backup - -Source: `cliproxyapi-plusplus/docs/features/providers` -Files: 2 - diff --git a/docs/features/providers/fragemented/SPEC.md b/docs/features/providers/fragemented/SPEC.md deleted file mode 100644 index ff76f068e5..0000000000 --- a/docs/features/providers/fragemented/SPEC.md +++ /dev/null @@ -1,910 +0,0 @@ -# Technical Specification: Provider Registry & Support - -## Overview - -**cliproxyapi++** supports an extensive registry of LLM providers, from direct API integrations to multi-provider aggregators and proprietary protocols. This specification details the provider architecture, supported providers, and extension mechanisms. - -## Provider Architecture - -### Provider Types - -``` -Provider Registry -├── Direct Providers -│ ├── Claude (Anthropic) -│ ├── Gemini (Google) -│ ├── OpenAI -│ ├── Mistral -│ ├── Groq -│ └── DeepSeek -├── Aggregator Providers -│ ├── OpenRouter -│ ├── Together AI -│ ├── Fireworks AI -│ ├── Novita AI -│ └── SiliconFlow -└── Proprietary Providers - ├── Kiro (AWS CodeWhisperer) - ├── GitHub Copilot - ├── Roo Code - ├── Kilo AI - └── MiniMax -``` - -### Provider Interface - -```go -type Provider interface { - // Provider metadata - Name() string - Type() ProviderType - - // Model support - SupportsModel(model string) bool - ListModels() []Model - - // Authentication - AuthType() AuthType - RequiresAuth() bool - - // Execution - Execute(ctx context.Context, req *Request) (*Response, error) - ExecuteStream(ctx context.Context, req *Request) (<-chan *Chunk, error) - - // Capabilities - SupportsStreaming() bool - SupportsFunctions() bool - MaxTokens() int - - // Health - HealthCheck(ctx context.Context) error -} -``` - -### Provider Configuration - -```go -type ProviderConfig struct { - Name string `yaml:"name"` - Type string `yaml:"type"` - Enabled bool `yaml:"enabled"` - AuthType string `yaml:"auth_type"` - Endpoint string `yaml:"endpoint"` - Models []ModelConfig `yaml:"models"` - Features ProviderFeatures `yaml:"features"` - Limits ProviderLimits `yaml:"limits"` - Cooldown CooldownConfig `yaml:"cooldown"` - Priority int `yaml:"priority"` -} - -type ModelConfig struct { - Name string `yaml:"name"` - Enabled bool `yaml:"enabled"` - MaxTokens int `yaml:"max_tokens"` - SupportsFunctions bool `yaml:"supports_functions"` - SupportsStreaming bool `yaml:"supports_streaming"` -} - -type ProviderFeatures struct { - Streaming bool `yaml:"streaming"` - Functions bool `yaml:"functions"` - Vision bool `yaml:"vision"` - CodeGeneration bool `yaml:"code_generation"` - Multimodal bool `yaml:"multimodal"` -} - -type ProviderLimits struct { - RequestsPerMinute int `yaml:"requests_per_minute"` - TokensPerMinute int `yaml:"tokens_per_minute"` - MaxTokensPerReq int `yaml:"max_tokens_per_request"` -} -``` - -## Direct Providers - -### Claude (Anthropic) - -**Provider Type**: `claude` - -**Authentication**: API Key - -**Models**: -- `claude-3-5-sonnet` (max: 200K tokens) -- `claude-3-5-haiku` (max: 200K tokens) -- `claude-3-opus` (max: 200K tokens) - -**Features**: -- Streaming: ✅ -- Functions: ✅ -- Vision: ✅ -- Code generation: ✅ - -**Configuration**: -```yaml -providers: - claude: - type: "claude" - enabled: true - auth_type: "api_key" - endpoint: "https://api.anthropic.com" - models: - - name: "claude-3-5-sonnet" - enabled: true - max_tokens: 200000 - supports_functions: true - supports_streaming: true - features: - streaming: true - functions: true - vision: true - code_generation: true - limits: - requests_per_minute: 60 - tokens_per_minute: 40000 -``` - -**API Endpoint**: `https://api.anthropic.com/v1/messages` - -**Request Format**: -```json -{ - "model": "claude-3-5-sonnet-20241022", - "max_tokens": 1024, - "messages": [ - {"role": "user", "content": "Hello!"} - ], - "stream": true -} -``` - -**Headers**: -``` -x-api-key: sk-ant-xxxx -anthropic-version: 2023-06-01 -content-type: application/json -``` - -### Gemini (Google) - -**Provider Type**: `gemini` - -**Authentication**: API Key - -**Models**: -- `gemini-1.5-pro` (max: 1M tokens) -- `gemini-1.5-flash` (max: 1M tokens) -- `gemini-1.0-pro` (max: 32K tokens) - -**Features**: -- Streaming: ✅ -- Functions: ✅ -- Vision: ✅ -- Multimodal: ✅ - -**Configuration**: -```yaml -providers: - gemini: - type: "gemini" - enabled: true - auth_type: "api_key" - endpoint: "https://generativelanguage.googleapis.com" - models: - - name: "gemini-1.5-pro" - enabled: true - max_tokens: 1000000 - features: - streaming: true - functions: true - vision: true - multimodal: true -``` - -### OpenAI - -**Provider Type**: `openai` - -**Authentication**: API Key - -**Models**: -- `gpt-4-turbo` (max: 128K tokens) -- `gpt-4` (max: 8K tokens) -- `gpt-3.5-turbo` (max: 16K tokens) - -**Features**: -- Streaming: ✅ -- Functions: ✅ -- Vision: ✅ (GPT-4 Vision) - -**Configuration**: -```yaml -providers: - openai: - type: "openai" - enabled: true - auth_type: "api_key" - endpoint: "https://api.openai.com" - models: - - name: "gpt-4-turbo" - enabled: true - max_tokens: 128000 -``` - -## Aggregator Providers - -### OpenRouter - -**Provider Type**: `openrouter` - -**Authentication**: API Key - -**Purpose**: Access multiple models through a single API - -**Features**: -- Access to 100+ models -- Unified pricing -- Model comparison - -**Configuration**: -```yaml -providers: - openrouter: - type: "openrouter" - enabled: true - auth_type: "api_key" - endpoint: "https://openrouter.ai/api" - models: - - name: "anthropic/claude-3.5-sonnet" - enabled: true -``` - -### Together AI - -**Provider Type**: `together` - -**Authentication**: API Key - -**Purpose**: Open-source models at scale - -**Features**: -- Open-source models (Llama, Mistral, etc.) -- Fast inference -- Cost-effective - -**Configuration**: -```yaml -providers: - together: - type: "together" - enabled: true - auth_type: "api_key" - endpoint: "https://api.together.xyz" -``` - -### Fireworks AI - -**Provider Type**: `fireworks` - -**Authentication**: API Key - -**Purpose**: Fast, open-source models - -**Features**: -- Sub-second latency -- Open-source models -- API-first - -**Configuration**: -```yaml -providers: - fireworks: - type: "fireworks" - enabled: true - auth_type: "api_key" - endpoint: "https://api.fireworks.ai" -``` - -## Proprietary Providers - -### Kiro (AWS CodeWhisperer) - -**Provider Type**: `kiro` - -**Authentication**: OAuth Device Flow (AWS Builder ID / Identity Center) - -**Purpose**: Code generation and completion - -**Features**: -- Browser-based auth UI -- AWS SSO integration -- Token refresh - -**Authentication Flow**: -1. User visits `/v0/oauth/kiro` -2. Selects AWS Builder ID or Identity Center -3. Completes browser-based login -4. Token stored and auto-refreshed - -**Configuration**: -```yaml -providers: - kiro: - type: "kiro" - enabled: true - auth_type: "oauth_device_flow" - endpoint: "https://codeguru.amazonaws.com" - models: - - name: "codeguru-codegen" - enabled: true - features: - code_generation: true -``` - -**Web UI Implementation**: -```go -func HandleKiroAuth(c *gin.Context) { - // Request device code - dc, err := kiro.GetDeviceCode() - if err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - - // Render HTML page - c.HTML(200, "kiro_auth.html", gin.H{ - "UserCode": dc.UserCode, - "VerificationURL": dc.VerificationURL, - "VerificationURLComplete": dc.VerificationURLComplete, - }) - - // Start background polling - go kiro.PollForToken(dc.DeviceCode) -} -``` - -### GitHub Copilot - -**Provider Type**: `copilot` - -**Authentication**: OAuth Device Flow - -**Purpose**: Code completion and generation - -**Features**: -- Full OAuth device flow -- Per-credential quota tracking -- Multi-credential support -- Auto token refresh - -**Authentication Flow**: -1. Request device code from GitHub -2. Display user code and verification URL -3. User authorizes via browser -4. Poll for access token -5. Store token with refresh token -6. Auto-refresh before expiration - -**Configuration**: -```yaml -providers: - copilot: - type: "copilot" - enabled: true - auth_type: "oauth_device_flow" - endpoint: "https://api.githubcopilot.com" - models: - - name: "copilot-codegen" - enabled: true - features: - code_generation: true -``` - -**Token Storage**: -```json -{ - "type": "oauth_device_flow", - "access_token": "ghu_xxx", - "refresh_token": "ghr_xxx", - "expires_at": "2026-02-20T00:00:00Z", - "quota": { - "limit": 10000, - "used": 100, - "remaining": 9900 - } -} -``` - -### Roo Code - -**Provider Type**: "roocode" - -**Authentication**: API Key - -**Purpose**: AI coding assistant - -**Features**: -- Code generation -- Code explanation -- Refactoring - -**Configuration**: -```yaml -providers: - roocode: - type: "roocode" - enabled: true - auth_type: "api_key" - endpoint: "https://api.roocode.ai" -``` - -### Kilo AI - -**Provider Type**: "kiloai" - -**Authentication**: API Key - -**Purpose**: Custom AI solutions - -**Features**: -- Custom models -- Enterprise deployments - -**Configuration**: -```yaml -providers: - kiloai: - type: "kiloai" - enabled: true - auth_type: "api_key" - endpoint: "https://api.kiloai.io" -``` - -### MiniMax - -**Provider Type**: "minimax" - -**Authentication**: API Key - -**Purpose**: Chinese LLM provider - -**Features**: -- Bilingual support -- Fast inference -- Cost-effective - -**Configuration**: -```yaml -providers: - minimax: - type: "minimax" - enabled: true - auth_type: "api_key" - endpoint: "https://api.minimax.chat" -``` - -## Provider Registry - -### Registry Interface - -```go -type ProviderRegistry struct { - mu sync.RWMutex - providers map[string]Provider - byType map[ProviderType][]Provider -} - -func NewRegistry() *ProviderRegistry { - return &ProviderRegistry{ - providers: make(map[string]Provider), - byType: make(map[ProviderType][]Provider), - } -} - -func (r *ProviderRegistry) Register(provider Provider) error { - r.mu.Lock() - defer r.mu.Unlock() - - if _, exists := r.providers[provider.Name()]; exists { - return fmt.Errorf("provider already registered: %s", provider.Name()) - } - - r.providers[provider.Name()] = provider - r.byType[provider.Type()] = append(r.byType[provider.Type()], provider) - - return nil -} - -func (r *ProviderRegistry) Get(name string) (Provider, error) { - r.mu.RLock() - defer r.mu.RUnlock() - - provider, ok := r.providers[name] - if !ok { - return nil, fmt.Errorf("provider not found: %s", name) - } - - return provider, nil -} - -func (r *ProviderRegistry) ListByType(t ProviderType) []Provider { - r.mu.RLock() - defer r.mu.RUnlock() - - return r.byType[t] -} - -func (r *ProviderRegistry) ListAll() []Provider { - r.mu.RLock() - defer r.mu.RUnlock() - - providers := make([]Provider, 0, len(r.providers)) - for _, p := range r.providers { - providers = append(providers, p) - } - - return providers -} -``` - -### Auto-Registration - -```go -func RegisterBuiltinProviders(registry *ProviderRegistry) { - // Direct providers - registry.Register(NewClaudeProvider()) - registry.Register(NewGeminiProvider()) - registry.Register(NewOpenAIProvider()) - registry.Register(NewMistralProvider()) - registry.Register(NewGroqProvider()) - registry.Register(NewDeepSeekProvider()) - - // Aggregators - registry.Register(NewOpenRouterProvider()) - registry.Register(NewTogetherProvider()) - registry.Register(NewFireworksProvider()) - registry.Register(NewNovitaProvider()) - registry.Register(NewSiliconFlowProvider()) - - // Proprietary - registry.Register(NewKiroProvider()) - registry.Register(NewCopilotProvider()) - registry.Register(NewRooCodeProvider()) - registry.Register(NewKiloAIProvider()) - registry.Register(NewMiniMaxProvider()) -} -``` - -## Model Mapping - -### OpenAI to Provider Model Mapping - -```go -type ModelMapper struct { - mappings map[string]map[string]string // openai_model -> provider -> provider_model -} - -var defaultMappings = map[string]map[string]string{ - "claude-3-5-sonnet": { - "claude": "claude-3-5-sonnet-20241022", - "openrouter": "anthropic/claude-3.5-sonnet", - }, - "gpt-4-turbo": { - "openai": "gpt-4-turbo-preview", - "openrouter": "openai/gpt-4-turbo", - }, - "gemini-1.5-pro": { - "gemini": "gemini-1.5-pro-preview-0514", - "openrouter": "google/gemini-pro-1.5", - }, -} - -func (m *ModelMapper) MapModel(openaiModel, provider string) (string, error) { - if providerMapping, ok := m.mappings[openaiModel]; ok { - if providerModel, ok := providerMapping[provider]; ok { - return providerModel, nil - } - } - - // Default: return original model name - return openaiModel, nil -} -``` - -### Custom Model Mappings - -```yaml -providers: - custom: - type: "custom" - model_mappings: - "gpt-4": "my-provider-v1-large" - "gpt-3.5-turbo": "my-provider-v1-medium" -``` - -## Provider Capabilities - -### Capability Detection - -```go -type CapabilityDetector struct { - registry *ProviderRegistry -} - -func (d *CapabilityDetector) DetectCapabilities(provider string) (*ProviderCapabilities, error) { - p, err := d.registry.Get(provider) - if err != nil { - return nil, err - } - - caps := &ProviderCapabilities{ - Streaming: p.SupportsStreaming(), - Functions: p.SupportsFunctions(), - Vision: p.SupportsVision(), - CodeGeneration: p.SupportsCodeGeneration(), - MaxTokens: p.MaxTokens(), - } - - return caps, nil -} - -type ProviderCapabilities struct { - Streaming bool `json:"streaming"` - Functions bool `json:"functions"` - Vision bool `json:"vision"` - CodeGeneration bool `json:"code_generation"` - MaxTokens int `json:"max_tokens"` -} -``` - -### Capability Matrix - -| Provider | Streaming | Functions | Vision | Code | Max Tokens | -|----------|-----------|-----------|--------|------|------------| -| Claude | ✅ | ✅ | ✅ | ✅ | 200K | -| Gemini | ✅ | ✅ | ✅ | ❌ | 1M | -| OpenAI | ✅ | ✅ | ✅ | ❌ | 128K | -| Kiro | ❌ | ❌ | ❌ | ✅ | N/A | -| Copilot | ✅ | ❌ | ❌ | ✅ | N/A | - -## Provider Selection - -### Selection Strategies - -```go -type ProviderSelector interface { - Select(request *Request, available []Provider) (Provider, error) -} - -type RoundRobinSelector struct { - counter int -} - -func (s *RoundRobinSelector) Select(request *Request, available []Provider) (Provider, error) { - if len(available) == 0 { - return nil, fmt.Errorf("no providers available") - } - - selected := available[s.counter%len(available)] - s.counter++ - - return selected, nil -} - -type CapabilityBasedSelector struct{} - -func (s *CapabilityBasedSelector) Select(request *Request, available []Provider) (Provider, error) { - // Filter providers that support required capabilities - var capable []Provider - for _, p := range available { - if request.RequiresStreaming && !p.SupportsStreaming() { - continue - } - if request.RequiresFunctions && !p.SupportsFunctions() { - continue - } - capable = append(capable, p) - } - - if len(capable) == 0 { - return nil, fmt.Errorf("no providers support required capabilities") - } - - // Select first capable provider - return capable[0], nil -} -``` - -### Request Routing - -```go -type RequestRouter struct { - registry *ProviderRegistry - selector ProviderSelector -} - -func (r *RequestRouter) Route(request *Request) (Provider, error) { - // Get enabled providers - providers := r.registry.ListEnabled() - - // Filter by model support - var capable []Provider - for _, p := range providers { - if p.SupportsModel(request.Model) { - capable = append(capable, p) - } - } - - if len(capable) == 0 { - return nil, fmt.Errorf("no providers support model: %s", request.Model) - } - - // Select provider - return r.selector.Select(request, capable) -} -``` - -## Adding a New Provider - -### Step 1: Define Provider - -```go -package provider - -type MyProvider struct { - config *ProviderConfig -} - -func NewMyProvider(cfg *ProviderConfig) *MyProvider { - return &MyProvider{config: cfg} -} - -func (p *MyProvider) Name() string { - return p.config.Name -} - -func (p *MyProvider) Type() ProviderType { - return ProviderTypeDirect -} - -func (p *MyProvider) SupportsModel(model string) bool { - for _, m := range p.config.Models { - if m.Name == model && m.Enabled { - return true - } - } - return false -} - -func (p *MyProvider) Execute(ctx context.Context, req *Request) (*Response, error) { - // Implement execution - return nil, nil -} - -func (p *MyProvider) ExecuteStream(ctx context.Context, req *Request) (<-chan *Chunk, error) { - // Implement streaming - return nil, nil -} - -func (p *MyProvider) SupportsStreaming() bool { - for _, m := range p.config.Models { - if m.SupportsStreaming { - return true - } - } - return false -} - -func (p *MyProvider) SupportsFunctions() bool { - for _, m := range p.config.Models { - if m.SupportsFunctions { - return true - } - } - return false -} - -func (p *MyProvider) MaxTokens() int { - max := 0 - for _, m := range p.config.Models { - if m.MaxTokens > max { - max = m.MaxTokens - } - } - return max -} - -func (p *MyProvider) HealthCheck(ctx context.Context) error { - // Implement health check - return nil -} -``` - -### Step 2: Register Provider - -```go -func init() { - registry.Register(NewMyProvider(&ProviderConfig{ - Name: "myprovider", - Type: "direct", - Enabled: false, - })) -} -``` - -### Step 3: Add Configuration - -```yaml -providers: - myprovider: - type: "myprovider" - enabled: false - auth_type: "api_key" - endpoint: "https://api.myprovider.com" - models: - - name: "my-model-v1" - enabled: true - max_tokens: 4096 -``` - -## API Reference - -### Provider Management - -**List All Providers** -```http -GET /v1/providers -``` - -**Get Provider Details** -```http -GET /v1/providers/{name} -``` - -**Enable/Disable Provider** -```http -PUT /v1/providers/{name}/enabled -``` - -**Get Provider Models** -```http -GET /v1/providers/{name}/models -``` - -**Get Provider Capabilities** -```http -GET /v1/providers/{name}/capabilities -``` - -**Get Provider Status** -```http -GET /v1/providers/{name}/status -``` - -### Model Management - -**List Models** -```http -GET /v1/models -``` - -**List Models by Provider** -```http -GET /v1/models?provider=claude -``` - -**Get Model Details** -```http -GET /v1/models/{model} -``` - -### Capability Query - -**Check Model Support** -```http -GET /v1/capabilities?model=claude-3-5-sonnet&feature=streaming -``` - -**Get Provider Capabilities** -```http -GET /v1/providers/{name}/capabilities -``` diff --git a/docs/features/providers/fragemented/USER.md b/docs/features/providers/fragemented/USER.md deleted file mode 100644 index 4691a42ee7..0000000000 --- a/docs/features/providers/fragemented/USER.md +++ /dev/null @@ -1,69 +0,0 @@ -# User Guide: Providers - -This guide explains provider configuration using the current `cliproxyapi++` config schema. - -## Core Model - -- Client sends requests to OpenAI-compatible endpoints (`/v1/*`). -- `cliproxyapi++` resolves model -> provider/credential based on prefix + aliases. -- Provider blocks in `config.yaml` define auth, base URL, and model exposure. - -## Current Provider Configuration Patterns - -### Direct provider key - -```yaml -claude-api-key: - - api-key: "sk-ant-..." - prefix: "claude-prod" -``` - -### Aggregator provider - -```yaml -openrouter: - - api-key: "sk-or-v1-..." - base-url: "https://openrouter.ai/api/v1" - prefix: "or" -``` - -### OpenAI-compatible provider registry - -```yaml -openai-compatibility: - - name: "openrouter" - prefix: "or" - base-url: "https://openrouter.ai/api/v1" - api-key-entries: - - api-key: "sk-or-v1-..." -``` - -### OAuth/session provider - -```yaml -kiro: - - token-file: "~/.aws/sso/cache/kiro-auth-token.json" -``` - -## Operational Best Practices - -- Use `force-model-prefix: true` to enforce explicit routing boundaries. -- Keep at least one fallback provider for each critical workload. -- Use `models` + `alias` to keep client model names stable. -- Use `excluded-models` to hide risky/high-cost models from consumers. - -## Validation Commands - -```bash -curl -sS http://localhost:8317/v1/models \ - -H "Authorization: Bearer " | jq '.data[:10]' - -curl -sS http://localhost:8317/v1/metrics/providers | jq -``` - -## Deep Dives - -- [Provider Usage](/provider-usage) -- [Provider Catalog](/provider-catalog) -- [Provider Operations](/provider-operations) -- [Routing and Models Reference](/routing-reference) diff --git a/docs/features/providers/fragemented/explanation.md b/docs/features/providers/fragemented/explanation.md deleted file mode 100644 index 1963d1985f..0000000000 --- a/docs/features/providers/fragemented/explanation.md +++ /dev/null @@ -1,7 +0,0 @@ -# Fragmented Consolidation Note - -This folder is a deterministic backup of 2026-updated Markdown fragments for consolidation and merge safety. - -- Source docs: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/features/providers` -- Files included: 2 - diff --git a/docs/features/providers/fragemented/index.md b/docs/features/providers/fragemented/index.md deleted file mode 100644 index 18d373cce2..0000000000 --- a/docs/features/providers/fragemented/index.md +++ /dev/null @@ -1,6 +0,0 @@ -# Fragmented Index - -## Source Files (2026) - -- SPEC.md -- USER.md diff --git a/docs/features/providers/fragemented/merged.md b/docs/features/providers/fragemented/merged.md deleted file mode 100644 index 4568906067..0000000000 --- a/docs/features/providers/fragemented/merged.md +++ /dev/null @@ -1,994 +0,0 @@ -# Merged Fragmented Markdown - -## Source: cliproxyapi-plusplus/docs/features/providers - -## Source: SPEC.md - -# Technical Specification: Provider Registry & Support - -## Overview - -**cliproxyapi++** supports an extensive registry of LLM providers, from direct API integrations to multi-provider aggregators and proprietary protocols. This specification details the provider architecture, supported providers, and extension mechanisms. - -## Provider Architecture - -### Provider Types - -``` -Provider Registry -├── Direct Providers -│ ├── Claude (Anthropic) -│ ├── Gemini (Google) -│ ├── OpenAI -│ ├── Mistral -│ ├── Groq -│ └── DeepSeek -├── Aggregator Providers -│ ├── OpenRouter -│ ├── Together AI -│ ├── Fireworks AI -│ ├── Novita AI -│ └── SiliconFlow -└── Proprietary Providers - ├── Kiro (AWS CodeWhisperer) - ├── GitHub Copilot - ├── Roo Code - ├── Kilo AI - └── MiniMax -``` - -### Provider Interface - -```go -type Provider interface { - // Provider metadata - Name() string - Type() ProviderType - - // Model support - SupportsModel(model string) bool - ListModels() []Model - - // Authentication - AuthType() AuthType - RequiresAuth() bool - - // Execution - Execute(ctx context.Context, req *Request) (*Response, error) - ExecuteStream(ctx context.Context, req *Request) (<-chan *Chunk, error) - - // Capabilities - SupportsStreaming() bool - SupportsFunctions() bool - MaxTokens() int - - // Health - HealthCheck(ctx context.Context) error -} -``` - -### Provider Configuration - -```go -type ProviderConfig struct { - Name string `yaml:"name"` - Type string `yaml:"type"` - Enabled bool `yaml:"enabled"` - AuthType string `yaml:"auth_type"` - Endpoint string `yaml:"endpoint"` - Models []ModelConfig `yaml:"models"` - Features ProviderFeatures `yaml:"features"` - Limits ProviderLimits `yaml:"limits"` - Cooldown CooldownConfig `yaml:"cooldown"` - Priority int `yaml:"priority"` -} - -type ModelConfig struct { - Name string `yaml:"name"` - Enabled bool `yaml:"enabled"` - MaxTokens int `yaml:"max_tokens"` - SupportsFunctions bool `yaml:"supports_functions"` - SupportsStreaming bool `yaml:"supports_streaming"` -} - -type ProviderFeatures struct { - Streaming bool `yaml:"streaming"` - Functions bool `yaml:"functions"` - Vision bool `yaml:"vision"` - CodeGeneration bool `yaml:"code_generation"` - Multimodal bool `yaml:"multimodal"` -} - -type ProviderLimits struct { - RequestsPerMinute int `yaml:"requests_per_minute"` - TokensPerMinute int `yaml:"tokens_per_minute"` - MaxTokensPerReq int `yaml:"max_tokens_per_request"` -} -``` - -## Direct Providers - -### Claude (Anthropic) - -**Provider Type**: `claude` - -**Authentication**: API Key - -**Models**: -- `claude-3-5-sonnet` (max: 200K tokens) -- `claude-3-5-haiku` (max: 200K tokens) -- `claude-3-opus` (max: 200K tokens) - -**Features**: -- Streaming: ✅ -- Functions: ✅ -- Vision: ✅ -- Code generation: ✅ - -**Configuration**: -```yaml -providers: - claude: - type: "claude" - enabled: true - auth_type: "api_key" - endpoint: "https://api.anthropic.com" - models: - - name: "claude-3-5-sonnet" - enabled: true - max_tokens: 200000 - supports_functions: true - supports_streaming: true - features: - streaming: true - functions: true - vision: true - code_generation: true - limits: - requests_per_minute: 60 - tokens_per_minute: 40000 -``` - -**API Endpoint**: `https://api.anthropic.com/v1/messages` - -**Request Format**: -```json -{ - "model": "claude-3-5-sonnet-20241022", - "max_tokens": 1024, - "messages": [ - {"role": "user", "content": "Hello!"} - ], - "stream": true -} -``` - -**Headers**: -``` -x-api-key: sk-ant-xxxx -anthropic-version: 2023-06-01 -content-type: application/json -``` - -### Gemini (Google) - -**Provider Type**: `gemini` - -**Authentication**: API Key - -**Models**: -- `gemini-1.5-pro` (max: 1M tokens) -- `gemini-1.5-flash` (max: 1M tokens) -- `gemini-1.0-pro` (max: 32K tokens) - -**Features**: -- Streaming: ✅ -- Functions: ✅ -- Vision: ✅ -- Multimodal: ✅ - -**Configuration**: -```yaml -providers: - gemini: - type: "gemini" - enabled: true - auth_type: "api_key" - endpoint: "https://generativelanguage.googleapis.com" - models: - - name: "gemini-1.5-pro" - enabled: true - max_tokens: 1000000 - features: - streaming: true - functions: true - vision: true - multimodal: true -``` - -### OpenAI - -**Provider Type**: `openai` - -**Authentication**: API Key - -**Models**: -- `gpt-4-turbo` (max: 128K tokens) -- `gpt-4` (max: 8K tokens) -- `gpt-3.5-turbo` (max: 16K tokens) - -**Features**: -- Streaming: ✅ -- Functions: ✅ -- Vision: ✅ (GPT-4 Vision) - -**Configuration**: -```yaml -providers: - openai: - type: "openai" - enabled: true - auth_type: "api_key" - endpoint: "https://api.openai.com" - models: - - name: "gpt-4-turbo" - enabled: true - max_tokens: 128000 -``` - -## Aggregator Providers - -### OpenRouter - -**Provider Type**: `openrouter` - -**Authentication**: API Key - -**Purpose**: Access multiple models through a single API - -**Features**: -- Access to 100+ models -- Unified pricing -- Model comparison - -**Configuration**: -```yaml -providers: - openrouter: - type: "openrouter" - enabled: true - auth_type: "api_key" - endpoint: "https://openrouter.ai/api" - models: - - name: "anthropic/claude-3.5-sonnet" - enabled: true -``` - -### Together AI - -**Provider Type**: `together` - -**Authentication**: API Key - -**Purpose**: Open-source models at scale - -**Features**: -- Open-source models (Llama, Mistral, etc.) -- Fast inference -- Cost-effective - -**Configuration**: -```yaml -providers: - together: - type: "together" - enabled: true - auth_type: "api_key" - endpoint: "https://api.together.xyz" -``` - -### Fireworks AI - -**Provider Type**: `fireworks` - -**Authentication**: API Key - -**Purpose**: Fast, open-source models - -**Features**: -- Sub-second latency -- Open-source models -- API-first - -**Configuration**: -```yaml -providers: - fireworks: - type: "fireworks" - enabled: true - auth_type: "api_key" - endpoint: "https://api.fireworks.ai" -``` - -## Proprietary Providers - -### Kiro (AWS CodeWhisperer) - -**Provider Type**: `kiro` - -**Authentication**: OAuth Device Flow (AWS Builder ID / Identity Center) - -**Purpose**: Code generation and completion - -**Features**: -- Browser-based auth UI -- AWS SSO integration -- Token refresh - -**Authentication Flow**: -1. User visits `/v0/oauth/kiro` -2. Selects AWS Builder ID or Identity Center -3. Completes browser-based login -4. Token stored and auto-refreshed - -**Configuration**: -```yaml -providers: - kiro: - type: "kiro" - enabled: true - auth_type: "oauth_device_flow" - endpoint: "https://codeguru.amazonaws.com" - models: - - name: "codeguru-codegen" - enabled: true - features: - code_generation: true -``` - -**Web UI Implementation**: -```go -func HandleKiroAuth(c *gin.Context) { - // Request device code - dc, err := kiro.GetDeviceCode() - if err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - - // Render HTML page - c.HTML(200, "kiro_auth.html", gin.H{ - "UserCode": dc.UserCode, - "VerificationURL": dc.VerificationURL, - "VerificationURLComplete": dc.VerificationURLComplete, - }) - - // Start background polling - go kiro.PollForToken(dc.DeviceCode) -} -``` - -### GitHub Copilot - -**Provider Type**: `copilot` - -**Authentication**: OAuth Device Flow - -**Purpose**: Code completion and generation - -**Features**: -- Full OAuth device flow -- Per-credential quota tracking -- Multi-credential support -- Auto token refresh - -**Authentication Flow**: -1. Request device code from GitHub -2. Display user code and verification URL -3. User authorizes via browser -4. Poll for access token -5. Store token with refresh token -6. Auto-refresh before expiration - -**Configuration**: -```yaml -providers: - copilot: - type: "copilot" - enabled: true - auth_type: "oauth_device_flow" - endpoint: "https://api.githubcopilot.com" - models: - - name: "copilot-codegen" - enabled: true - features: - code_generation: true -``` - -**Token Storage**: -```json -{ - "type": "oauth_device_flow", - "access_token": "ghu_xxx", - "refresh_token": "ghr_xxx", - "expires_at": "2026-02-20T00:00:00Z", - "quota": { - "limit": 10000, - "used": 100, - "remaining": 9900 - } -} -``` - -### Roo Code - -**Provider Type**: "roocode" - -**Authentication**: API Key - -**Purpose**: AI coding assistant - -**Features**: -- Code generation -- Code explanation -- Refactoring - -**Configuration**: -```yaml -providers: - roocode: - type: "roocode" - enabled: true - auth_type: "api_key" - endpoint: "https://api.roocode.ai" -``` - -### Kilo AI - -**Provider Type**: "kiloai" - -**Authentication**: API Key - -**Purpose**: Custom AI solutions - -**Features**: -- Custom models -- Enterprise deployments - -**Configuration**: -```yaml -providers: - kiloai: - type: "kiloai" - enabled: true - auth_type: "api_key" - endpoint: "https://api.kiloai.io" -``` - -### MiniMax - -**Provider Type**: "minimax" - -**Authentication**: API Key - -**Purpose**: Chinese LLM provider - -**Features**: -- Bilingual support -- Fast inference -- Cost-effective - -**Configuration**: -```yaml -providers: - minimax: - type: "minimax" - enabled: true - auth_type: "api_key" - endpoint: "https://api.minimax.chat" -``` - -## Provider Registry - -### Registry Interface - -```go -type ProviderRegistry struct { - mu sync.RWMutex - providers map[string]Provider - byType map[ProviderType][]Provider -} - -func NewRegistry() *ProviderRegistry { - return &ProviderRegistry{ - providers: make(map[string]Provider), - byType: make(map[ProviderType][]Provider), - } -} - -func (r *ProviderRegistry) Register(provider Provider) error { - r.mu.Lock() - defer r.mu.Unlock() - - if _, exists := r.providers[provider.Name()]; exists { - return fmt.Errorf("provider already registered: %s", provider.Name()) - } - - r.providers[provider.Name()] = provider - r.byType[provider.Type()] = append(r.byType[provider.Type()], provider) - - return nil -} - -func (r *ProviderRegistry) Get(name string) (Provider, error) { - r.mu.RLock() - defer r.mu.RUnlock() - - provider, ok := r.providers[name] - if !ok { - return nil, fmt.Errorf("provider not found: %s", name) - } - - return provider, nil -} - -func (r *ProviderRegistry) ListByType(t ProviderType) []Provider { - r.mu.RLock() - defer r.mu.RUnlock() - - return r.byType[t] -} - -func (r *ProviderRegistry) ListAll() []Provider { - r.mu.RLock() - defer r.mu.RUnlock() - - providers := make([]Provider, 0, len(r.providers)) - for _, p := range r.providers { - providers = append(providers, p) - } - - return providers -} -``` - -### Auto-Registration - -```go -func RegisterBuiltinProviders(registry *ProviderRegistry) { - // Direct providers - registry.Register(NewClaudeProvider()) - registry.Register(NewGeminiProvider()) - registry.Register(NewOpenAIProvider()) - registry.Register(NewMistralProvider()) - registry.Register(NewGroqProvider()) - registry.Register(NewDeepSeekProvider()) - - // Aggregators - registry.Register(NewOpenRouterProvider()) - registry.Register(NewTogetherProvider()) - registry.Register(NewFireworksProvider()) - registry.Register(NewNovitaProvider()) - registry.Register(NewSiliconFlowProvider()) - - // Proprietary - registry.Register(NewKiroProvider()) - registry.Register(NewCopilotProvider()) - registry.Register(NewRooCodeProvider()) - registry.Register(NewKiloAIProvider()) - registry.Register(NewMiniMaxProvider()) -} -``` - -## Model Mapping - -### OpenAI to Provider Model Mapping - -```go -type ModelMapper struct { - mappings map[string]map[string]string // openai_model -> provider -> provider_model -} - -var defaultMappings = map[string]map[string]string{ - "claude-3-5-sonnet": { - "claude": "claude-3-5-sonnet-20241022", - "openrouter": "anthropic/claude-3.5-sonnet", - }, - "gpt-4-turbo": { - "openai": "gpt-4-turbo-preview", - "openrouter": "openai/gpt-4-turbo", - }, - "gemini-1.5-pro": { - "gemini": "gemini-1.5-pro-preview-0514", - "openrouter": "google/gemini-pro-1.5", - }, -} - -func (m *ModelMapper) MapModel(openaiModel, provider string) (string, error) { - if providerMapping, ok := m.mappings[openaiModel]; ok { - if providerModel, ok := providerMapping[provider]; ok { - return providerModel, nil - } - } - - // Default: return original model name - return openaiModel, nil -} -``` - -### Custom Model Mappings - -```yaml -providers: - custom: - type: "custom" - model_mappings: - "gpt-4": "my-provider-v1-large" - "gpt-3.5-turbo": "my-provider-v1-medium" -``` - -## Provider Capabilities - -### Capability Detection - -```go -type CapabilityDetector struct { - registry *ProviderRegistry -} - -func (d *CapabilityDetector) DetectCapabilities(provider string) (*ProviderCapabilities, error) { - p, err := d.registry.Get(provider) - if err != nil { - return nil, err - } - - caps := &ProviderCapabilities{ - Streaming: p.SupportsStreaming(), - Functions: p.SupportsFunctions(), - Vision: p.SupportsVision(), - CodeGeneration: p.SupportsCodeGeneration(), - MaxTokens: p.MaxTokens(), - } - - return caps, nil -} - -type ProviderCapabilities struct { - Streaming bool `json:"streaming"` - Functions bool `json:"functions"` - Vision bool `json:"vision"` - CodeGeneration bool `json:"code_generation"` - MaxTokens int `json:"max_tokens"` -} -``` - -### Capability Matrix - -| Provider | Streaming | Functions | Vision | Code | Max Tokens | -|----------|-----------|-----------|--------|------|------------| -| Claude | ✅ | ✅ | ✅ | ✅ | 200K | -| Gemini | ✅ | ✅ | ✅ | ❌ | 1M | -| OpenAI | ✅ | ✅ | ✅ | ❌ | 128K | -| Kiro | ❌ | ❌ | ❌ | ✅ | N/A | -| Copilot | ✅ | ❌ | ❌ | ✅ | N/A | - -## Provider Selection - -### Selection Strategies - -```go -type ProviderSelector interface { - Select(request *Request, available []Provider) (Provider, error) -} - -type RoundRobinSelector struct { - counter int -} - -func (s *RoundRobinSelector) Select(request *Request, available []Provider) (Provider, error) { - if len(available) == 0 { - return nil, fmt.Errorf("no providers available") - } - - selected := available[s.counter%len(available)] - s.counter++ - - return selected, nil -} - -type CapabilityBasedSelector struct{} - -func (s *CapabilityBasedSelector) Select(request *Request, available []Provider) (Provider, error) { - // Filter providers that support required capabilities - var capable []Provider - for _, p := range available { - if request.RequiresStreaming && !p.SupportsStreaming() { - continue - } - if request.RequiresFunctions && !p.SupportsFunctions() { - continue - } - capable = append(capable, p) - } - - if len(capable) == 0 { - return nil, fmt.Errorf("no providers support required capabilities") - } - - // Select first capable provider - return capable[0], nil -} -``` - -### Request Routing - -```go -type RequestRouter struct { - registry *ProviderRegistry - selector ProviderSelector -} - -func (r *RequestRouter) Route(request *Request) (Provider, error) { - // Get enabled providers - providers := r.registry.ListEnabled() - - // Filter by model support - var capable []Provider - for _, p := range providers { - if p.SupportsModel(request.Model) { - capable = append(capable, p) - } - } - - if len(capable) == 0 { - return nil, fmt.Errorf("no providers support model: %s", request.Model) - } - - // Select provider - return r.selector.Select(request, capable) -} -``` - -## Adding a New Provider - -### Step 1: Define Provider - -```go -package provider - -type MyProvider struct { - config *ProviderConfig -} - -func NewMyProvider(cfg *ProviderConfig) *MyProvider { - return &MyProvider{config: cfg} -} - -func (p *MyProvider) Name() string { - return p.config.Name -} - -func (p *MyProvider) Type() ProviderType { - return ProviderTypeDirect -} - -func (p *MyProvider) SupportsModel(model string) bool { - for _, m := range p.config.Models { - if m.Name == model && m.Enabled { - return true - } - } - return false -} - -func (p *MyProvider) Execute(ctx context.Context, req *Request) (*Response, error) { - // Implement execution - return nil, nil -} - -func (p *MyProvider) ExecuteStream(ctx context.Context, req *Request) (<-chan *Chunk, error) { - // Implement streaming - return nil, nil -} - -func (p *MyProvider) SupportsStreaming() bool { - for _, m := range p.config.Models { - if m.SupportsStreaming { - return true - } - } - return false -} - -func (p *MyProvider) SupportsFunctions() bool { - for _, m := range p.config.Models { - if m.SupportsFunctions { - return true - } - } - return false -} - -func (p *MyProvider) MaxTokens() int { - max := 0 - for _, m := range p.config.Models { - if m.MaxTokens > max { - max = m.MaxTokens - } - } - return max -} - -func (p *MyProvider) HealthCheck(ctx context.Context) error { - // Implement health check - return nil -} -``` - -### Step 2: Register Provider - -```go -func init() { - registry.Register(NewMyProvider(&ProviderConfig{ - Name: "myprovider", - Type: "direct", - Enabled: false, - })) -} -``` - -### Step 3: Add Configuration - -```yaml -providers: - myprovider: - type: "myprovider" - enabled: false - auth_type: "api_key" - endpoint: "https://api.myprovider.com" - models: - - name: "my-model-v1" - enabled: true - max_tokens: 4096 -``` - -## API Reference - -### Provider Management - -**List All Providers** -```http -GET /v1/providers -``` - -**Get Provider Details** -```http -GET /v1/providers/{name} -``` - -**Enable/Disable Provider** -```http -PUT /v1/providers/{name}/enabled -``` - -**Get Provider Models** -```http -GET /v1/providers/{name}/models -``` - -**Get Provider Capabilities** -```http -GET /v1/providers/{name}/capabilities -``` - -**Get Provider Status** -```http -GET /v1/providers/{name}/status -``` - -### Model Management - -**List Models** -```http -GET /v1/models -``` - -**List Models by Provider** -```http -GET /v1/models?provider=claude -``` - -**Get Model Details** -```http -GET /v1/models/{model} -``` - -### Capability Query - -**Check Model Support** -```http -GET /v1/capabilities?model=claude-3-5-sonnet&feature=streaming -``` - -**Get Provider Capabilities** -```http -GET /v1/providers/{name}/capabilities -``` - ---- - -## Source: USER.md - -# User Guide: Providers - -This guide explains provider configuration using the current `cliproxyapi++` config schema. - -## Core Model - -- Client sends requests to OpenAI-compatible endpoints (`/v1/*`). -- `cliproxyapi++` resolves model -> provider/credential based on prefix + aliases. -- Provider blocks in `config.yaml` define auth, base URL, and model exposure. - -## Current Provider Configuration Patterns - -### Direct provider key - -```yaml -claude-api-key: - - api-key: "sk-ant-..." - prefix: "claude-prod" -``` - -### Aggregator provider - -```yaml -openrouter: - - api-key: "sk-or-v1-..." - base-url: "https://openrouter.ai/api/v1" - prefix: "or" -``` - -### OpenAI-compatible provider registry - -```yaml -openai-compatibility: - - name: "openrouter" - prefix: "or" - base-url: "https://openrouter.ai/api/v1" - api-key-entries: - - api-key: "sk-or-v1-..." -``` - -### OAuth/session provider - -```yaml -kiro: - - token-file: "~/.aws/sso/cache/kiro-auth-token.json" -``` - -## Operational Best Practices - -- Use `force-model-prefix: true` to enforce explicit routing boundaries. -- Keep at least one fallback provider for each critical workload. -- Use `models` + `alias` to keep client model names stable. -- Use `excluded-models` to hide risky/high-cost models from consumers. - -## Validation Commands - -```bash -curl -sS http://localhost:8317/v1/models \ - -H "Authorization: Bearer " | jq '.data[:10]' - -curl -sS http://localhost:8317/v1/metrics/providers | jq -``` - -## Deep Dives - -- [Provider Usage](/provider-usage) -- [Provider Catalog](/provider-catalog) -- [Provider Operations](/provider-operations) -- [Routing and Models Reference](/routing-reference) - ---- - -Copied count: 2 diff --git a/docs/github-ownership-guard.md b/docs/github-ownership-guard.md index 7d16edd679..4c9c6b2435 100644 --- a/docs/github-ownership-guard.md +++ b/docs/github-ownership-guard.md @@ -8,13 +8,13 @@ Use this guard before any scripted GitHub mutation (issue/PR/comment operations) It returns non-zero for non-owned repos: -- allowed: `KooshaPari` +- allowed: `kooshapari` - allowed: `atoms-tech` Example for a source URL: ```bash -./scripts/github-owned-guard.sh https://github.com/router-for-me/CLIProxyAPI/pull/1699 +./scripts/github-owned-guard.sh https://github.com/kooshapari/cliproxyapi-plusplus/pull/1699 ``` Example for current git origin: diff --git a/docs/planning/reports/fragemented/.fragmented-candidates.txt b/docs/planning/reports/fragemented/.fragmented-candidates.txt deleted file mode 100644 index 15a39cab03..0000000000 --- a/docs/planning/reports/fragemented/.fragmented-candidates.txt +++ /dev/null @@ -1,24 +0,0 @@ -issue-wave-cpb-0001-0035-lane-1.md -issue-wave-cpb-0001-0035-lane-2.md -issue-wave-cpb-0001-0035-lane-3.md -issue-wave-cpb-0001-0035-lane-4.md -issue-wave-cpb-0001-0035-lane-5.md -issue-wave-cpb-0001-0035-lane-6.md -issue-wave-cpb-0001-0035-lane-7.md -issue-wave-cpb-0036-0105-lane-1.md -issue-wave-cpb-0036-0105-lane-2.md -issue-wave-cpb-0036-0105-lane-3.md -issue-wave-cpb-0036-0105-lane-4.md -issue-wave-cpb-0036-0105-lane-5.md -issue-wave-cpb-0036-0105-lane-6.md -issue-wave-cpb-0036-0105-lane-7.md -issue-wave-cpb-0036-0105-next-70-summary.md -issue-wave-gh-35-integration-summary-2026-02-22.md -issue-wave-gh-35-lane-1-self.md -issue-wave-gh-35-lane-1.md -issue-wave-gh-35-lane-2.md -issue-wave-gh-35-lane-3.md -issue-wave-gh-35-lane-4.md -issue-wave-gh-35-lane-5.md -issue-wave-gh-35-lane-6.md -issue-wave-gh-35-lane-7.md diff --git a/docs/planning/reports/fragemented/.migration.log b/docs/planning/reports/fragemented/.migration.log deleted file mode 100644 index 908afa323a..0000000000 --- a/docs/planning/reports/fragemented/.migration.log +++ /dev/null @@ -1,5 +0,0 @@ -source=/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/planning/reports -timestamp=2026-02-22T05:37:24.321733-07:00 -count=24 -copied=24 -status=ok diff --git a/docs/planning/reports/fragemented/README.md b/docs/planning/reports/fragemented/README.md deleted file mode 100644 index ef12914342..0000000000 --- a/docs/planning/reports/fragemented/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Fragmented Consolidation Backup - -Source: `cliproxyapi-plusplus/docs/planning/reports` -Files: 24 - diff --git a/docs/planning/reports/fragemented/explanation.md b/docs/planning/reports/fragemented/explanation.md deleted file mode 100644 index e27e802f1e..0000000000 --- a/docs/planning/reports/fragemented/explanation.md +++ /dev/null @@ -1,7 +0,0 @@ -# Fragmented Consolidation Note - -This folder is a deterministic backup of 2026-updated Markdown fragments for consolidation and merge safety. - -- Source docs: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/planning/reports` -- Files included: 24 - diff --git a/docs/planning/reports/fragemented/index.md b/docs/planning/reports/fragemented/index.md deleted file mode 100644 index 5235947a5f..0000000000 --- a/docs/planning/reports/fragemented/index.md +++ /dev/null @@ -1,28 +0,0 @@ -# Fragmented Index - -## Source Files (2026) - -- issue-wave-cpb-0001-0035-lane-1.md -- issue-wave-cpb-0001-0035-lane-2.md -- issue-wave-cpb-0001-0035-lane-3.md -- issue-wave-cpb-0001-0035-lane-4.md -- issue-wave-cpb-0001-0035-lane-5.md -- issue-wave-cpb-0001-0035-lane-6.md -- issue-wave-cpb-0001-0035-lane-7.md -- issue-wave-cpb-0036-0105-lane-1.md -- issue-wave-cpb-0036-0105-lane-2.md -- issue-wave-cpb-0036-0105-lane-3.md -- issue-wave-cpb-0036-0105-lane-4.md -- issue-wave-cpb-0036-0105-lane-5.md -- issue-wave-cpb-0036-0105-lane-6.md -- issue-wave-cpb-0036-0105-lane-7.md -- issue-wave-cpb-0036-0105-next-70-summary.md -- issue-wave-gh-35-integration-summary-2026-02-22.md -- issue-wave-gh-35-lane-1-self.md -- issue-wave-gh-35-lane-1.md -- issue-wave-gh-35-lane-2.md -- issue-wave-gh-35-lane-3.md -- issue-wave-gh-35-lane-4.md -- issue-wave-gh-35-lane-5.md -- issue-wave-gh-35-lane-6.md -- issue-wave-gh-35-lane-7.md diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-1.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-1.md deleted file mode 100644 index 427d84debc..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-1.md +++ /dev/null @@ -1,37 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 1 Report - -## Scope -- Lane: `you` -- Window: `CPB-0001` to `CPB-0005` -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus` - -## Per-Issue Status - -### CPB-0001 – Extract standalone Go mgmt CLI -- Status: `blocked` -- Rationale: requires cross-process CLI extraction and ownership boundary changes across `cmd/cliproxyapi` and management handlers, which is outside a safe docs-first patch and would overlap platform-architecture work not completed in this slice. - -### CPB-0002 – Non-subprocess integration surface -- Status: `blocked` -- Rationale: needs API shape design for runtime contract negotiation and telemetry, which is a larger architectural change than this lane’s safe implementation target. - -### CPB-0003 – Add `cliproxy dev` process-compose profile -- Status: `blocked` -- Rationale: requires workflow/runtime orchestration definitions and orchestration tooling wiring that is currently not in this wave’s scope with low-risk edits. - -### CPB-0004 – Provider-specific quickstarts -- Status: `done` -- Changes: - - Added `docs/provider-quickstarts.md` with 5-minute success paths for Claude, Codex, Gemini, GitHub Copilot, Kiro, MiniMax, and OpenAI-compatible providers. - - Linked quickstarts from `docs/provider-usage.md`, `docs/index.md`, and `docs/README.md`. - -### CPB-0005 – Create troubleshooting matrix -- Status: `done` -- Changes: - - Added structured troubleshooting matrix to `docs/troubleshooting.md` with symptom → cause → immediate check → remediation rows. - -## Validation -- `rg -n "Provider Quickstarts|Troubleshooting Matrix" docs/provider-usage.md docs/provider-quickstarts.md docs/troubleshooting.md` - -## Blockers / Follow-ups -- CPB-0001, CPB-0002, CPB-0003 should move to a follow-up architecture/control-plane lane that owns code-level API surface changes and process orchestration. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-2.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-2.md deleted file mode 100644 index d6079509e3..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-2.md +++ /dev/null @@ -1,10 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 2 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-3.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-3.md deleted file mode 100644 index d3f144c986..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-3.md +++ /dev/null @@ -1,10 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 3 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-4.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-4.md deleted file mode 100644 index 4e808fbdfe..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-4.md +++ /dev/null @@ -1,10 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 4 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-5.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-5.md deleted file mode 100644 index 8827a259a3..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-5.md +++ /dev/null @@ -1,10 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 5 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-6.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-6.md deleted file mode 100644 index af8c38b7cd..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-6.md +++ /dev/null @@ -1,10 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 6 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-7.md b/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-7.md deleted file mode 100644 index a6b49c1807..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0001-0035-lane-7.md +++ /dev/null @@ -1,10 +0,0 @@ -# Issue Wave CPB-0001..0035 Lane 7 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-1.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-1.md deleted file mode 100644 index 033c8723ba..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-1.md +++ /dev/null @@ -1,114 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 1 Report - -## Scope -- Lane: self -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus` -- Window: `CPB-0036` to `CPB-0045` - -## Status Snapshot - -- `in_progress`: 10/10 items reviewed -- `implemented`: `CPB-0036`, `CPB-0039`, `CPB-0041`, `CPB-0043`, `CPB-0045` -- `blocked`: `CPB-0037`, `CPB-0038`, `CPB-0040`, `CPB-0042`, `CPB-0044` - -## Per-Item Status - -### CPB-0036 – Expand docs and examples for #145 (openai-compatible Claude mode) -- Status: `implemented` -- Rationale: - - Existing provider docs now include explicit compatibility guidance under: - - `docs/api/openai-compatible.md` - - `docs/provider-usage.md` -- Validation: - - `rg -n "Claude Compatibility Notes|OpenAI-Compatible API" docs/api/openai-compatible.md docs/provider-usage.md` -- Touched files: - - `docs/api/openai-compatible.md` - - `docs/provider-usage.md` - -### CPB-0037 – Add QA scenarios for #142 -- Status: `blocked` -- Rationale: - - No stable reproduction payloads or fixtures for the specific request matrix are available in-repo. -- Next action: - - Add one minimal provider-compatibility fixture set and a request/response parity test once fixture data is confirmed. - -### CPB-0038 – Add support path for Kimi coding support -- Status: `blocked` -- Rationale: - - Current implementation has no isolated safe scope for a full feature implementation in this lane without deeper provider behavior contracts. - - The current codebase has related routing/runtime primitives, but no minimal-change patch was identified that is safe in-scope. -- Next action: - - Treat as feature follow-up with a focused acceptance fixture matrix and provider runtime coverage. - -### CPB-0039 – Follow up on Kiro IDC manual refresh status -- Status: `implemented` -- Rationale: - - Existing runbook and executor hardening now cover manual refresh workflows (`docs/operations/auth-refresh-failure-symptom-fix.md`) and related status checks. -- Validation: - - `go test ./pkg/llmproxy/executor ./cmd/server` -- Touched files: - - `docs/operations/auth-refresh-failure-symptom-fix.md` - -### CPB-0040 – Handle non-streaming output_tokens=0 usage -- Status: `blocked` -- Rationale: - - The current codebase already has multiple usage fallbacks, but there is no deterministic non-streaming fixture reproducing a guaranteed `output_tokens=0` defect for a safe, narrow patch. -- Next action: - - Add a reproducible fixture from upstream payload + parser assertion in `usage_helpers`/Kiro path before patching parser behavior. - -### CPB-0041 – Follow up on fill-first routing -- Status: `implemented` -- Rationale: - - Fill strategy normalization is already implemented in management/runtime startup reload path. -- Validation: - - `go test ./pkg/llmproxy/api ./pkg/llmproxy/executor` -- Touched files: - - `pkg/llmproxy/api/handlers/management/config_basic.go` - - `sdk/cliproxy/service.go` - - `sdk/cliproxy/builder.go` - -### CPB-0042 – 400 fallback/error compatibility cleanup -- Status: `blocked` -- Rationale: - - Missing reproducible corpus for the warning path (`kiro: received 400...`) and mixed model/transport states. -- Next action: - - Add a fixture-driven regression test around HTTP 400 body+retry handling in `sdk/cliproxy` or executor tests. - -### CPB-0043 – ClawCloud deployment parity -- Status: `implemented` -- Rationale: - - Config path fallback and environment-aware discovery were added for non-local deployment layouts; this reduces deployment friction for cloud workflows. -- Validation: - - `go test ./cmd/server ./pkg/llmproxy/cmd` -- Touched files: - - `cmd/server/config_path.go` - - `cmd/server/config_path_test.go` - - `cmd/server/main.go` - -### CPB-0044 – Refresh social credential expiry handling -- Status: `blocked` -- Rationale: - - Required source contracts for social credential lifecycle are absent in this branch of the codebase. -- Next action: - - Coordinate with upstream issue fixture and add a dedicated migration/test sequence when behavior is confirmed. - -### CPB-0045 – Improve `403` handling ergonomics -- Status: `implemented` -- Rationale: - - Error enrichment for Antigravity license/subscription `403` remains in place and tested. -- Validation: - - `go test ./pkg/llmproxy/executor ./pkg/llmproxy/api ./cmd/server` -- Touched files: - - `pkg/llmproxy/executor/antigravity_executor.go` - - `pkg/llmproxy/executor/antigravity_executor_error_test.go` - -## Evidence & Commands Run - -- `go test ./cmd/server ./pkg/llmproxy/cmd ./pkg/llmproxy/executor ./pkg/llmproxy/store` -- `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor ./pkg/llmproxy/store ./pkg/llmproxy/api/handlers/management ./pkg/llmproxy/api -run 'Route_?|TestServer_?|Test.*Fill|Test.*ClawCloud|Test.*openai_compatible'` -- `rg -n "Claude Compatibility Notes|OpenAI-Compatible API|Kiro" docs/api/openai-compatible.md docs/provider-usage.md docs/operations/auth-refresh-failure-symptom-fix.md` - -## Next Actions - -- Keep blocked CPB items in lane-1 waitlist with explicit fixture requests. -- Prepare lane-2..lane-7 dispatch once child-agent capacity is available. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-2.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-2.md deleted file mode 100644 index ae7fd8bda7..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-2.md +++ /dev/null @@ -1,71 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 2 Report - -## Scope -- Lane: 2 -- Worktree: `cliproxyapi-plusplus` (agent-equivalent execution, no external workers available) -- Target items: `CPB-0046` .. `CPB-0055` -- Date: 2026-02-22 - -## Per-Item Triage and Status - -### CPB-0046 Gemini3 cannot generate images / image path non-subprocess -- Status: `blocked` -- Triage: No deterministic image-generation regression fixture or deterministic provider contract was available in-repo. -- Next action: Add a synthetic Gemini image-generation fixture + add integration e2e before touching translator/transport. - -### CPB-0047 Enterprise Kiro 403 instability -- Status: `blocked` -- Triage: Requires provider/account behavior matrix and telemetry proof across multiple 403 payload variants. -- Next action: Capture stable 4xx samples and add provider-level retry/telemetry tests. - -### CPB-0048 -kiro-aws-login login ban / blocking -- Status: `blocked` -- Triage: This flow crosses auth UI/login, session caps, and external policy behavior; no safe local-only patch. -- Next action: Add regression fixture at integration layer before code changes. - -### CPB-0049 Amp usage inflation + `amp` -- Status: `blocked` -- Triage: No reproducible workload that proves current over-amplification shape for targeted fix. -- Next action: Add replayable `amp` traffic fixture and validate `request-retry`/cooling behavior. - -### CPB-0050 Antigravity auth failure naming metadata -- Status: `blocked` -- Triage: Changes are cross-repo/config-standardization in scope and need coordination with management docs. -- Next action: Create shared metadata naming ADR before repo-local patch. - -### CPB-0051 Multi-account management quickstart -- Status: `blocked` -- Triage: No accepted UX contract for account lifecycle orchestration in current worktree. -- Next action: Add explicit account-management acceptance spec and CLI command matrix first. - -### CPB-0052 `auth file changed (WRITE)` logging noise -- Status: `blocked` -- Triage: Requires broader logging noise policy and backpressure changes in auth writers. -- Next action: Add log-level/verbosity matrix then refactor emit points. - -### CPB-0053 `incognito` parameter invalid -- Status: `blocked` -- Triage: Needs broader login argument parity validation and behavior matrix. -- Next action: Add cross-command CLI acceptance coverage before changing argument parser. - -### CPB-0054 OpenAI-compatible `/v1/models` hardcoded path -- Status: `implemented` -- Result: - - Added shared model-list endpoint resolution for OpenAI-style clients, including: - - `models_url` override from auth attributes. - - automatic `/models` resolution for versioned base URLs. -- Validation run: - - `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor -run 'Test.*FetchOpenAIModels.*' -count=1` -- Touched files: - - `pkg/llmproxy/executor/openai_models_fetcher.go` - - `pkg/llmproxy/runtime/executor/openai_models_fetcher.go` - -### CPB-0055 `ADD TRAE IDE support` DX follow-up -- Status: `blocked` -- Triage: Requires explicit CLI path support contract and likely external runtime integration. -- Next action: Add support matrix and command spec in issue design doc first. - -## Validation Commands - -- `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor ./pkg/llmproxy/logging ./pkg/llmproxy/translator/gemini/openai/chat-completions ./pkg/llmproxy/translator/codex/openai/chat-completions ./cmd/server -run 'TestUseGitHubCopilotResponsesEndpoint|TestApplyClaude|TestEnforceLogDirSizeLimit|TestOpenAIModels|TestResponseFormat|TestConvertOpenAIRequestToGemini' -count=1` -- Result: all passing for referenced packages. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-3.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-3.md deleted file mode 100644 index 0bbe10ca9e..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-3.md +++ /dev/null @@ -1,130 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 3 Report - -## Scope -- Lane: `3` -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-wave-cpb-3` -- Window handled in this lane: `CPB-0056..CPB-0065` -- Constraint followed: no commits; only lane-scoped changes. - -## Per-Item Triage + Status - -### CPB-0056 - Kiro "no authentication available" docs/quickstart -- Status: `done (quick win)` -- What changed: - - Added explicit Kiro bootstrap commands (`--kiro-login`, `--kiro-aws-authcode`, `--kiro-import`) and a troubleshooting block for `auth_unavailable`. -- Evidence: - - `docs/provider-quickstarts.md:114` - - `docs/provider-quickstarts.md:143` - - `docs/troubleshooting.md:35` - -### CPB-0057 - Copilot model-call-failure flow into first-class CLI commands -- Status: `partial (docs-only quick win; larger CLI extraction deferred)` -- Triage: - - Core CLI surface already has `--github-copilot-login`; full flow extraction/integration hardening is broader than safe lane quick wins. -- What changed: - - Added explicit bootstrap/auth command in provider quickstart. -- Evidence: - - `docs/provider-quickstarts.md:85` - - Existing flag surface observed in `cmd/server/main.go` (`--github-copilot-login`). - -### CPB-0058 - process-compose/HMR refresh workflow -- Status: `done (quick win)` -- What changed: - - Added a minimal process-compose profile for deterministic local startup. - - Added install docs section describing local process-compose workflow with built-in watcher reload behavior. -- Evidence: - - `examples/process-compose.dev.yaml` - - `docs/install.md:81` - - `docs/install.md:87` - -### CPB-0059 - Kiro/BuilderID token collision + refresh lifecycle safety -- Status: `done (quick win)` -- What changed: - - Hardened Kiro synthesized auth ID generation: when `profile_arn` is empty, include `refresh_token` in stable ID seed to reduce collisions across Builder ID credentials. - - Added targeted tests in both synthesizer paths. -- Evidence: - - `pkg/llmproxy/watcher/synthesizer/config.go:604` - - `pkg/llmproxy/auth/synthesizer/config.go:601` - - `pkg/llmproxy/watcher/synthesizer/config_test.go` - - `pkg/llmproxy/auth/synthesizer/config_test.go` - -### CPB-0060 - Amazon Q ValidationException metadata/origin standardization -- Status: `triaged (docs guidance quick win; broader cross-repo standardization deferred)` -- Triage: - - Full cross-repo naming/metadata standardization is larger-scope. -- What changed: - - Added troubleshooting row with endpoint/origin preference checks and remediation guidance. -- Evidence: - - `docs/troubleshooting.md` (Amazon Q ValidationException row) - -### CPB-0061 - Kiro config entry discoverability/compat gaps -- Status: `partial (docs quick win)` -- What changed: - - Extended quickstarts with concrete Kiro and Cursor setup paths to improve config-entry discoverability. -- Evidence: - - `docs/provider-quickstarts.md:114` - - `docs/provider-quickstarts.md:199` - -### CPB-0062 - Cursor issue hardening -- Status: `partial (docs quick win; deeper behavior hardening deferred)` -- Triage: - - Runtime hardening exists in synthesizer warnings/defaults; further defensive fallback expansion should be handled in a dedicated runtime lane. -- What changed: - - Added explicit Cursor troubleshooting row and quickstart. -- Evidence: - - `docs/troubleshooting.md` (Cursor row) - - `docs/provider-quickstarts.md:199` - -### CPB-0063 - Configurable timeout for extended thinking -- Status: `partial (operational docs quick win)` -- Triage: - - Full observability + alerting/runbook expansion is larger than safe quick edits. -- What changed: - - Added timeout-specific troubleshooting and keepalive config guidance for long reasoning windows. -- Evidence: - - `docs/troubleshooting.md` (Extended-thinking timeout row) - - `docs/troubleshooting.md` (keepalive YAML snippet) - -### CPB-0064 - event stream fatal provider-agnostic handling -- Status: `partial (ops/docs quick win; translation refactor deferred)` -- Triage: - - Provider-agnostic translation refactor is non-trivial and cross-cutting. -- What changed: - - Added stream-fatal troubleshooting path with stream/non-stream isolation and fallback guidance. -- Evidence: - - `docs/troubleshooting.md` (`event stream fatal` row) - -### CPB-0065 - config path is directory DX polish -- Status: `done (quick win)` -- What changed: - - Improved non-optional config read error for directory paths with explicit remediation text. - - Added tests covering optional vs non-optional directory-path behavior. - - Added install-doc failure note for this exact error class. -- Evidence: - - `pkg/llmproxy/config/config.go:680` - - `pkg/llmproxy/config/config_test.go` - - `docs/install.md:114` - -## Focused Validation -- `go test ./pkg/llmproxy/config -run 'TestLoadConfig|TestLoadConfigOptional_DirectoryPath' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config 7.457s` -- `go test ./pkg/llmproxy/watcher/synthesizer -run 'TestConfigSynthesizer_SynthesizeKiroKeys_UsesRefreshTokenForIDWhenProfileArnMissing' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/watcher/synthesizer 11.350s` -- `go test ./pkg/llmproxy/auth/synthesizer -run 'TestConfigSynthesizer_SynthesizeKiroKeys_UsesRefreshTokenForIDWhenProfileArnMissing' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/synthesizer 11.183s` - -## Changed Files (Lane 3) -- `docs/install.md` -- `docs/provider-quickstarts.md` -- `docs/troubleshooting.md` -- `examples/process-compose.dev.yaml` -- `pkg/llmproxy/config/config.go` -- `pkg/llmproxy/config/config_test.go` -- `pkg/llmproxy/watcher/synthesizer/config.go` -- `pkg/llmproxy/watcher/synthesizer/config_test.go` -- `pkg/llmproxy/auth/synthesizer/config.go` -- `pkg/llmproxy/auth/synthesizer/config_test.go` - -## Notes -- Existing untracked `docs/fragemented/` content was left untouched (other-lane workspace state). -- No commits were created. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-4.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-4.md deleted file mode 100644 index 5d4cff1fd2..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-4.md +++ /dev/null @@ -1,110 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 4 Report - -## Scope -- Lane: `workstream-cpb-4` -- Target items: `CPB-0066`..`CPB-0075` -- Worktree: `cliproxyapi-plusplus-wave-cpb-4` -- Date: 2026-02-22 -- Rule: triage all 10 items, implement only safe quick wins, no commits. - -## Per-Item Triage and Status - -### CPB-0066 Expand docs/examples for reverse-platform onboarding -- Status: `quick win implemented` -- Result: - - Added provider quickstart guidance for onboarding additional reverse/OpenAI-compatible paths, including practical troubleshooting notes. -- Changed files: - - `docs/provider-quickstarts.md` - - `docs/troubleshooting.md` - -### CPB-0067 Add QA scenarios for sequential-thinking parameter removal (`nextThoughtNeeded`) -- Status: `triaged, partial quick win (docs QA guardrails only)` -- Result: - - Added troubleshooting guidance to explicitly check mixed legacy/new reasoning field combinations before stream/non-stream parity validation. - - No runtime logic change in this lane due missing deterministic repro fixture for the exact `nextThoughtNeeded` failure payload. -- Changed files: - - `docs/troubleshooting.md` - -### CPB-0068 Refresh Kiro quickstart for large-request failure path -- Status: `quick win implemented` -- Result: - - Added Kiro large-payload sanity-check sequence and IAM login hints to reduce first-run request-size regressions. -- Changed files: - - `docs/provider-quickstarts.md` - -### CPB-0069 Define non-subprocess integration path (Go bindings + HTTP fallback) -- Status: `quick win implemented` -- Result: - - Added explicit integration contract to SDK docs: in-process `sdk/cliproxy` first, HTTP fallback second, with capability probes. -- Changed files: - - `docs/sdk-usage.md` - -### CPB-0070 Standardize metadata/naming conventions for websearch compatibility -- Status: `triaged, partial quick win (docs normalization guidance)` -- Result: - - Added routing/endpoint behavior notes and troubleshooting guidance for model naming + endpoint selection consistency. - - Cross-repo naming standardization itself is broader than a safe lane-local patch. -- Changed files: - - `docs/routing-reference.md` - - `docs/provider-quickstarts.md` - - `docs/troubleshooting.md` - -### CPB-0071 Vision compatibility gaps (ZAI/GLM and Copilot) -- Status: `triaged, validated existing coverage + docs guardrails` -- Result: - - Confirmed existing vision-content detection coverage in Copilot executor tests. - - Added troubleshooting row for vision payload/header compatibility checks. - - No executor code change required from this lane’s evidence. -- Changed files: - - `docs/troubleshooting.md` - -### CPB-0072 Harden iflow model-list update behavior -- Status: `quick win implemented (operational fallback guidance)` -- Result: - - Added iFlow model-list drift/update runbook steps with validation and safe fallback sequencing. -- Changed files: - - `docs/provider-operations.md` - -### CPB-0073 Operationalize KIRO with IAM (observability + alerting) -- Status: `quick win implemented` -- Result: - - Added Kiro IAM operational runbook and explicit suggested alert thresholds with immediate response steps. -- Changed files: - - `docs/provider-operations.md` - -### CPB-0074 Codex-vs-Copilot model visibility as provider-agnostic pattern -- Status: `triaged, partial quick win (docs behavior codified)` -- Result: - - Documented Codex-family endpoint behavior and retry guidance to reduce ambiguous model-access failures. - - Full provider-agnostic utility refactor was not safe to perform without broader regression matrix updates. -- Changed files: - - `docs/routing-reference.md` - - `docs/provider-quickstarts.md` - -### CPB-0075 DX polish for `gpt-5.1-codex-mini` inaccessible via `/chat/completions` -- Status: `quick win implemented (test + docs)` -- Result: - - Added regression test confirming Codex-mini models route to Responses endpoint logic. - - Added user-facing docs on endpoint choice and fallback. -- Changed files: - - `pkg/llmproxy/executor/github_copilot_executor_test.go` - - `docs/provider-quickstarts.md` - - `docs/routing-reference.md` - - `docs/troubleshooting.md` - -## Focused Validation Evidence - -### Commands executed -1. `go test ./pkg/llmproxy/executor -run 'TestUseGitHubCopilotResponsesEndpoint_(CodexModel|CodexMiniModel|DefaultChat|OpenAIResponseSource)' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 2.617s` - -2. `go test ./pkg/llmproxy/executor -run 'TestDetectVisionContent_(WithImageURL|WithImageType|NoVision|NoMessages)' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.687s` - -3. `rg -n "CPB-00(66|67|68|69|70|71|72|73|74|75)" docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md` -- Result: item definitions confirmed at board entries for `CPB-0066`..`CPB-0075`. - -## Limits / Deferred Work -- Cross-repo standardization asks (notably `CPB-0070`, `CPB-0074`) need coordinated changes outside this lane scope. -- `CPB-0067` runtime-level parity hardening needs an exact failing payload fixture for `nextThoughtNeeded` to avoid speculative translator changes. -- No commits were made. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-5.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-5.md deleted file mode 100644 index 3a89866293..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-5.md +++ /dev/null @@ -1,102 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 5 Report - -## Scope -- Lane: `5` -- Window: `CPB-0076..CPB-0085` -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-wave-cpb-5` -- Commit status: no commits created - -## Per-Item Triage and Status - -### CPB-0076 - Copilot hardcoded flow into first-class Go CLI commands -- Status: `blocked` -- Triage: - - CLI auth entrypoints exist (`--github-copilot-login`, `--kiro-*`) but this item requires broader first-class command extraction and interactive setup ownership. -- Evidence: - - `cmd/server/main.go:128` - - `cmd/server/main.go:521` - -### CPB-0077 - Add QA scenarios (stream/non-stream parity + edge cases) -- Status: `blocked` -- Triage: - - No issue-specific acceptance fixtures were available in-repo for this source thread; adding arbitrary scenarios would be speculative. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:715` - -### CPB-0078 - Refactor kiro login/no-port implementation boundaries -- Status: `blocked` -- Triage: - - Kiro auth/login flow spans multiple command paths and runtime behavior; safe localized patch could not be isolated in this lane without broader auth-flow refactor. -- Evidence: - - `cmd/server/main.go:123` - - `cmd/server/main.go:559` - -### CPB-0079 - Rollout safety for missing Kiro non-stream thinking signature -- Status: `blocked` -- Triage: - - Needs staged flags/defaults + migration contract; no narrow one-file fix path identified from current code scan. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:733` - -### CPB-0080 - Kiro Web UI metadata/name consistency across repos -- Status: `blocked` -- Triage: - - Explicitly cross-repo/web-UI coordination item; this lane is scoped to single-repo safe deltas. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:742` - -### CPB-0081 - Kiro stream 400 compatibility follow-up -- Status: `blocked` -- Triage: - - Requires reproducible failing scenario for targeted executor/translator behavior; not safely inferable from current local state alone. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:751` - -### CPB-0082 - Cannot use Claude models in Codex CLI -- Status: `partial` -- Safe quick wins implemented: - - Added compact-path codex regression tests to protect codex response-compaction request mode and stream rejection behavior. - - Added troubleshooting runbook row for Claude model alias bridge validation (`oauth-model-alias`) and remediation. -- Evidence: - - `pkg/llmproxy/executor/codex_executor_compact_test.go:16` - - `pkg/llmproxy/config/oauth_model_alias_migration.go:46` - - `docs/troubleshooting.md:38` - -### CPB-0083 - Operationalize image content in tool result messages -- Status: `partial` -- Safe quick wins implemented: - - Added operator playbook section for image-in-tool-result regression detection and incident handling. -- Evidence: - - `docs/provider-operations.md:64` - -### CPB-0084 - Docker optimization suggestions into provider-agnostic shared utilities -- Status: `blocked` -- Triage: - - Item asks for shared translation utility codification; current safe scope supports docs/runbook updates but not utility-layer redesign. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:778` - -### CPB-0085 - Provider quickstart for codex translator responses compaction -- Status: `done` -- Safe quick wins implemented: - - Added explicit Codex `/v1/responses/compact` quickstart with expected response shape. - - Added troubleshooting row clarifying compact endpoint non-stream requirement. -- Evidence: - - `docs/provider-quickstarts.md:55` - - `docs/troubleshooting.md:39` - -## Validation Evidence - -Commands run: -1. `go test ./pkg/llmproxy/executor -run 'TestCodexExecutorCompactUsesCompactEndpoint|TestCodexExecutorCompactStreamingRejected|TestOpenAICompatExecutorCompactPassthrough' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.015s` - -2. `rg -n "responses/compact|Cannot use Claude Models in Codex CLI|Tool-Result Image Translation Regressions|response.compaction" docs/provider-quickstarts.md docs/troubleshooting.md docs/provider-operations.md pkg/llmproxy/executor/codex_executor_compact_test.go` -- Result: expected hits found in all touched surfaces. - -## Files Changed In Lane 5 -- `pkg/llmproxy/executor/codex_executor_compact_test.go` -- `docs/provider-quickstarts.md` -- `docs/troubleshooting.md` -- `docs/provider-operations.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-5.md` diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-6.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-6.md deleted file mode 100644 index 737bcd6484..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-6.md +++ /dev/null @@ -1,150 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 6 Report - -## Scope -- Lane: 6 -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-wave-cpb-6` -- Assigned items in this pass: `CPB-0086..CPB-0095` -- Commit status: no commits created - -## Summary -- Triaged all 10 assigned items. -- Implemented 2 safe quick wins: - - `CPB-0090`: fix log-dir size enforcement to include nested day subdirectories. - - `CPB-0095`: add regression test to lock `response_format` -> `text.format` Codex translation behavior. -- Remaining items are either already covered by existing code/tests, or require broader product/feature work than lane-safe changes. - -## Per-Item Status - -### CPB-0086 - `codex: usage_limit_reached (429) should honor resets_at/resets_in_seconds as next_retry_after` -- Status: triaged, blocked for safe quick-win in this lane. -- What was found: - - No concrete handling path was identified in this worktree for `usage_limit_reached` with `resets_at` / `resets_in_seconds` projection to `next_retry_after`. - - Existing source mapping only appears in planning artifacts. -- Lane action: - - No code change (avoided speculative behavior without upstream fixture/contract). -- Evidence: - - Focused repo search did not surface implementation references outside planning board docs. - -### CPB-0087 - `process-compose/HMR refresh workflow` for Gemini Web concerns -- Status: triaged, not implemented (missing runtime surface in this worktree). -- What was found: - - No `process-compose.yaml` exists in this lane worktree. - - Gemini Web is documented as supported config in SDK docs, but no local process-compose profile to patch. -- Lane action: - - No code change. -- Evidence: - - `ls process-compose.yaml` -> not found. - - `docs/sdk-usage.md:171` and `docs/sdk-usage_CN.md:163` reference Gemini Web config behavior. - -### CPB-0088 - `fix(claude): token exchange blocked by Cloudflare managed challenge` -- Status: triaged as already addressed in codebase. -- What was found: - - Claude auth transport explicitly uses `utls` Firefox fingerprint to bypass Anthropic Cloudflare TLS fingerprint checks. -- Lane action: - - No change required. -- Evidence: - - `pkg/llmproxy/auth/claude/utls_transport.go:18-20` - - `pkg/llmproxy/auth/claude/utls_transport.go:103-112` - -### CPB-0089 - `Qwen OAuth fails` -- Status: triaged, partial confidence; no safe localized patch identified. -- What was found: - - Qwen auth/executor paths are present and unit tests pass for current covered scenarios. - - No deterministic failing fixture in local tests to patch against. -- Lane action: - - Ran focused tests, no code change. -- Evidence: - - `go test ./pkg/llmproxy/auth/qwen -count=1` -> `ok` - -### CPB-0090 - `logs-max-total-size-mb` misses per-day subdirectories -- Status: fixed in this lane with regression coverage. -- What was found: - - `enforceLogDirSizeLimit` previously scanned only top-level `os.ReadDir(dir)` entries. - - Nested log files (for date-based folders) were not counted/deleted. -- Safe fix implemented: - - Switched to `filepath.WalkDir` recursion and included all nested `.log`/`.log.gz` files in total-size enforcement. - - Added targeted regression test that creates nested day directory and verifies oldest nested file is removed. -- Changed files: - - `pkg/llmproxy/logging/log_dir_cleaner.go` - - `pkg/llmproxy/logging/log_dir_cleaner_test.go` -- Evidence: - - `pkg/llmproxy/logging/log_dir_cleaner.go:100-131` - - `pkg/llmproxy/logging/log_dir_cleaner_test.go:60-85` - -### CPB-0091 - `All credentials for model claude-sonnet-4-6 are cooling down` -- Status: triaged as already partially covered. -- What was found: - - Model registry includes cooling-down models in availability listing when suspension is quota-only. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/registry/model_registry.go:745-747` - -### CPB-0092 - `Add claude-sonnet-4-6 to registered Claude models` -- Status: triaged as already covered. -- What was found: - - Default OAuth model-alias mappings include Sonnet 4.6 alias entries. - - Related config tests pass. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/config/oauth_model_alias_migration.go:56-57` - - `go test ./pkg/llmproxy/config -run 'OAuthModelAlias' -count=1` -> `ok` - -### CPB-0093 - `Claude Sonnet 4.5 models are deprecated - please remove from panel` -- Status: triaged, not implemented due compatibility risk. -- What was found: - - Runtime still maps unknown models to Sonnet 4.5 fallback. - - Removing/deprecating 4.5 from surfaced panel/model fallback likely requires coordinated migration and rollout guardrails. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/runtime/executor/kiro_executor.go:1653-1655` - -### CPB-0094 - `Gemini incorrect renaming of parameters -> parametersJsonSchema` -- Status: triaged as already covered with regression tests. -- What was found: - - Existing executor regression tests assert `parametersJsonSchema` is renamed to `parameters` in request build path. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/executor/antigravity_executor_buildrequest_test.go:16-18` - - `go test ./pkg/llmproxy/runtime/executor -run 'AntigravityExecutorBuildRequest' -count=1` -> `ok` - -### CPB-0095 - `codex 返回 Unsupported parameter: response_format` -- Status: quick-win hardening completed (regression lock). -- What was found: - - Translator already maps OpenAI `response_format` to Codex Responses `text.format`. - - Missing direct regression test in this file for the exact unsupported-parameter shape. -- Safe fix implemented: - - Added test verifying output payload does not contain `response_format`, and correctly contains `text.format` fields. -- Changed files: - - `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go` -- Evidence: - - Mapping code: `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:228-253` - - New test: `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go:160-198` - -## Test Evidence - -Commands run (focused): - -1. `go test ./pkg/llmproxy/logging -run 'LogDir|EnforceLogDirSizeLimit' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging 4.628s` - -2. `go test ./pkg/llmproxy/translator/codex/openai/chat-completions -run 'ConvertOpenAIRequestToCodex|ResponseFormat' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/openai/chat-completions 1.869s` - -3. `go test ./pkg/llmproxy/runtime/executor -run 'AntigravityExecutorBuildRequest|KiroExecutor_MapModelToKiro' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/executor 1.172s` - -4. `go test ./pkg/llmproxy/auth/qwen -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/qwen 0.730s` - -5. `go test ./pkg/llmproxy/config -run 'OAuthModelAlias' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config 0.869s` - -## Files Changed In Lane 6 -- `pkg/llmproxy/logging/log_dir_cleaner.go` -- `pkg/llmproxy/logging/log_dir_cleaner_test.go` -- `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-6.md` diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-7.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-7.md deleted file mode 100644 index 311c22fd36..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-lane-7.md +++ /dev/null @@ -1,111 +0,0 @@ -# Issue Wave CPB-0036..0105 Lane 7 Report - -## Scope -- Lane: 7 (`cliproxyapi-plusplus-wave-cpb-7`) -- Window: `CPB-0096..CPB-0105` -- Objective: triage all 10 items, land safe quick wins, run focused validation, and document blockers. - -## Per-Item Triage and Status - -### CPB-0096 - Invalid JSON payload when `tool_result` has no `content` field -- Status: `DONE (safe docs + regression tests)` -- Quick wins shipped: - - Added troubleshooting matrix entry with immediate check and workaround. - - Added regression tests that assert `tool_result` without `content` is preserved safely in prefix/apply + strip paths. -- Evidence: - - `docs/troubleshooting.md:34` - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:233` - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:244` - -### CPB-0097 - QA scenarios for "Docker Image Error" -- Status: `PARTIAL (operator QA scenarios documented)` -- Quick wins shipped: - - Added explicit Docker image triage row (image/tag/log/health checks + stream/non-stream parity instruction). -- Deferred: - - No deterministic Docker e2e harness in this lane run; automated parity test coverage not added. -- Evidence: - - `docs/troubleshooting.md:35` - -### CPB-0098 - Refactor for "Google blocked my 3 email id at once" -- Status: `TRIAGED (deferred, no safe quick win)` -- Assessment: - - Root cause and mitigation are account-policy and provider-risk heavy; safe work requires broader runtime/auth behavior refactor and staged external validation. -- Lane action: - - No code change to avoid unsafe behavior regression. - -### CPB-0099 - Rollout safety for "不同思路的 Antigravity 代理" -- Status: `PARTIAL (rollout checklist tightened)` -- Quick wins shipped: - - Added explicit staged-rollout checklist item for feature flags/defaults migration including fallback aliases. -- Evidence: - - `docs/operations/release-governance.md:22` - -### CPB-0100 - Metadata and naming conventions for "是否支持微软账号的反代?" -- Status: `PARTIAL (naming/metadata conventions clarified)` -- Quick wins shipped: - - Added canonical naming guidance clarifying `github-copilot` channel identity and Microsoft-account expectation boundaries. -- Evidence: - - `docs/provider-usage.md:19` - - `docs/provider-usage.md:23` - -### CPB-0101 - Follow-up on Antigravity anti-abuse detection concerns -- Status: `TRIAGED (blocked by upstream/provider behavior)` -- Assessment: - - Compatibility-gap closure here depends on external anti-abuse policy behavior and cannot be safely validated or fixed in isolated lane edits. -- Lane action: - - No risky auth/routing changes without broader integration scope. - -### CPB-0102 - Quickstart for Sonnet 4.6 migration -- Status: `DONE (quickstart + migration guidance)` -- Quick wins shipped: - - Added Sonnet 4.6 compatibility check command. - - Added migration note from Sonnet 4.5 aliases with `/v1/models` verification step. -- Evidence: - - `docs/provider-quickstarts.md:33` - - `docs/provider-quickstarts.md:42` - -### CPB-0103 - Operationalize gpt-5.3-codex-spark mismatch (plus/team) -- Status: `PARTIAL (observability/runbook quick win)` -- Quick wins shipped: - - Added Spark eligibility daily check. - - Added incident runbook with warn/critical thresholds and fallback policy. - - Added troubleshooting + quickstart guardrails to use only models exposed in `/v1/models`. -- Evidence: - - `docs/provider-operations.md:15` - - `docs/provider-operations.md:66` - - `docs/provider-quickstarts.md:113` - - `docs/troubleshooting.md:37` - -### CPB-0104 - Provider-agnostic pattern for Sonnet 4.6 support -- Status: `TRIAGED (deferred, larger translation refactor)` -- Assessment: - - Proper provider-agnostic codification requires shared translator-level refactor beyond safe lane-sized edits. -- Lane action: - - No broad translator changes in this wave. - -### CPB-0105 - DX around `applyClaudeHeaders()` defaults -- Status: `DONE (behavioral tests + docs context)` -- Quick wins shipped: - - Added tests for Anthropic vs non-Anthropic auth header routing. - - Added checks for default Stainless headers, beta merge behavior, and stream/non-stream Accept headers. -- Evidence: - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:255` - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:283` - -## Focused Test Evidence -- `go test ./pkg/llmproxy/runtime/executor` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/executor 1.004s` - -## Changed Files (Lane 7) -- `pkg/llmproxy/runtime/executor/claude_executor_test.go` -- `docs/provider-quickstarts.md` -- `docs/troubleshooting.md` -- `docs/provider-usage.md` -- `docs/provider-operations.md` -- `docs/operations/release-governance.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-7.md` - -## Summary -- Triaged all 10 items. -- Landed safe quick wins for docs/runbooks/tests on high-confidence surfaces. -- Deferred high-risk refactor/external-policy items (`CPB-0098`, `CPB-0101`, `CPB-0104`) with explicit reasoning. diff --git a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-next-70-summary.md b/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-next-70-summary.md deleted file mode 100644 index 3f3dd8201f..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-cpb-0036-0105-next-70-summary.md +++ /dev/null @@ -1,35 +0,0 @@ -# CPB-0036..0105 Next 70 Execution Summary (2026-02-22) - -## Scope covered -- Items: CPB-0036 through CPB-0105 -- Lanes covered: 1, 2, 3, 4, 5, 6, 7 reports present in `docs/planning/reports/` -- Constraint: agent thread limit prevented spawning worker processes, so remaining lanes were executed via consolidated local pass. - -## Completed lane reporting -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-1.md` (implemented/blocked mix) -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-2.md` (1 implemented + 9 blocked) -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-3.md` (1 partial + 9 blocked) -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-4.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-5.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-6.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-7.md` - -## Verified checks -- `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor ./pkg/llmproxy/logging ./pkg/llmproxy/translator/gemini/openai/chat-completions ./pkg/llmproxy/translator/codex/openai/chat-completions ./cmd/server -run 'TestUseGitHubCopilotResponsesEndpoint|TestApplyClaude|TestEnforceLogDirSizeLimit|TestOpenAIModels|TestResponseFormat|TestConvertOpenAIRequestToGemini' -count=1` -- `task quality` (fmt + vet + golangci-lint + preflight + full package tests) - -## Current implementation status snapshot -- Confirmed implemented at task level (from lanes): - - CPB-0054 (models endpoint resolution across OpenAI-compatible providers) - - CPB-0066, 0067, 0068, 0069, 0070, 0071, 0072, 0073, 0074, 0075 - - CPB-0076, 0077, 0078, 0079, 0080, 0081, 0082, 0083, 0084, 0085 (partial/mixed) - - CPB-0086, 0087, 0088, 0089, 0090, 0091, 0092, 0093, 0094, 0095 - - CPB-0096, 0097, 0098, 0099, 0100, 0101, 0102, 0103, 0104, 0105 (partial/done mix) -- Items still awaiting upstream fixture or policy-driven follow-up: - - CPB-0046..0049, 0050..0053, 0055 - - CPB-0056..0065 (except 0054) - -## Primary gaps to resolve next -1. Build a shared repository-level fixture pack for provider-specific regressions so blocked items can move from triage to implementation. -2. Add command-level acceptance tests for `--config` directory-path failures, auth argument conflicts, and non-stream edge cases in affected lanes. -3. Publish a single matrix for provider-specific hard failures (`403`, stream protocol, tool_result/image/video shapes) and gate merges on it. diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-integration-summary-2026-02-22.md b/docs/planning/reports/fragemented/issue-wave-gh-35-integration-summary-2026-02-22.md deleted file mode 100644 index 1003d3372a..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-integration-summary-2026-02-22.md +++ /dev/null @@ -1,46 +0,0 @@ -# Issue Wave GH-35 Integration Summary - -Date: 2026-02-22 -Integration branch: `wave-gh35-integration` -Integration worktree: `../cliproxyapi-plusplus-integration-wave` - -## Scope completed -- 7 lanes executed (6 child agents + 1 local lane), 5 issues each. -- Per-lane reports created: - - `docs/planning/reports/issue-wave-gh-35-lane-1.md` - - `docs/planning/reports/issue-wave-gh-35-lane-2.md` - - `docs/planning/reports/issue-wave-gh-35-lane-3.md` - - `docs/planning/reports/issue-wave-gh-35-lane-4.md` - - `docs/planning/reports/issue-wave-gh-35-lane-5.md` - - `docs/planning/reports/issue-wave-gh-35-lane-6.md` - - `docs/planning/reports/issue-wave-gh-35-lane-7.md` - -## Merge chain -- `merge: workstream-cpb-1` -- `merge: workstream-cpb-2` -- `merge: workstream-cpb-3` -- `merge: workstream-cpb-4` -- `merge: workstream-cpb-5` -- `merge: workstream-cpb-6` -- `merge: workstream-cpb-7` -- `test(auth/kiro): avoid roundTripper helper redeclaration` - -## Validation -Executed focused integration checks on touched areas: -- `go test ./pkg/llmproxy/thinking -count=1` -- `go test ./pkg/llmproxy/auth/kiro -count=1` -- `go test ./pkg/llmproxy/api/handlers/management -count=1` -- `go test ./pkg/llmproxy/api/modules/amp -run 'TestRegisterProviderAliases_DedicatedProviderModels' -count=1` -- `go test ./pkg/llmproxy/translator/gemini/openai/responses -count=1` -- `go test ./pkg/llmproxy/translator/gemini/gemini -count=1` -- `go test ./pkg/llmproxy/translator/gemini-cli/gemini -count=1` -- `go test ./pkg/llmproxy/translator/kiro/common -count=1` -- `go test ./pkg/llmproxy/executor -count=1` -- `go test ./pkg/llmproxy/cmd -count=1` -- `go test ./cmd/server -count=1` -- `go test ./sdk/auth -count=1` -- `go test ./sdk/cliproxy -count=1` - -## Handoff note -- Direct merge into `main` worktree was blocked by pre-existing uncommitted local changes there. -- All wave integration work is complete on `wave-gh35-integration` and ready for promotion once `main` working-tree policy is chosen (commit/stash/clean-room promotion). diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-1-self.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-1-self.md deleted file mode 100644 index 3eddc3ffef..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-1-self.md +++ /dev/null @@ -1,40 +0,0 @@ -# Issue Wave GH-35 – Lane 1 (Self) Report - -## Scope -- Source file: `docs/planning/issue-wave-gh-35-2026-02-22.md` -- Items assigned to self lane: - - #258 Support `variant` parameter as fallback for `reasoning_effort` in codex models - - #254 请求添加新功能:支持对Orchids的反代 - - #253 Codex support - - #251 Bug thinking - - #246 fix(cline): add grantType to token refresh and extension headers - -## Work completed -- Implemented `#258` in `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go` - - Added `variant` fallback when `reasoning_effort` is absent. - - Preferred existing behavior: `reasoning_effort` still wins when present. -- Added regression tests in `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go` - - `TestConvertOpenAIRequestToCodex_UsesVariantFallbackWhenReasoningEffortMissing` - - `TestConvertOpenAIRequestToCodex_UsesReasoningEffortBeforeVariant` -- Implemented `#253`/`#251` support path in `pkg/llmproxy/thinking/apply.go` - - Added `variant` fallback parsing for Codex thinking extraction (`thinking` compatibility path) when `reasoning.effort` is absent. -- Added regression coverage in `pkg/llmproxy/thinking/apply_codex_variant_test.go` - - `TestExtractCodexConfig_PrefersReasoningEffortOverVariant` - - `TestExtractCodexConfig_VariantFallback` -- Implemented `#258` in responses path in `pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go` - - Added `variant` fallback when `reasoning.effort` is absent. -- Added regression coverage in `pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request_test.go` - - `TestConvertOpenAIResponsesRequestToCodex_UsesVariantAsReasoningEffortFallback` - - `TestConvertOpenAIResponsesRequestToCodex_UsesReasoningEffortOverVariant` - -## Not yet completed -- #254, #246 remain queued for next execution pass (lack of actionable implementation details in repo/issue text). - -## Validation -- `go test ./pkg/llmproxy/translator/codex/openai/chat-completions` -- `go test ./pkg/llmproxy/translator/codex/openai/responses` -- `go test ./pkg/llmproxy/thinking` - -## Risk / open points -- #254 may require provider registration/model mapping work outside current extracted evidence. -- #246 requires issue-level spec for whether `grantType` is expected in body fields vs headers in a specific auth flow. diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-1.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-1.md deleted file mode 100644 index d830d9363b..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-1.md +++ /dev/null @@ -1,41 +0,0 @@ -# Issue Wave GH-35 Lane 1 Report - -Worktree: `cliproxyapi-plusplus-worktree-1` -Branch: `workstream-cpb-1` -Date: 2026-02-22 - -## Issue outcomes - -### #258 - Support `variant` fallback for codex reasoning -- Status: `fix` -- Summary: Added Codex thinking extraction fallback from top-level `variant` when `reasoning.effort` is absent. -- Changed files: - - `pkg/llmproxy/thinking/apply.go` - - `pkg/llmproxy/thinking/apply_codex_variant_test.go` -- Validation: - - `go test ./pkg/llmproxy/thinking -run 'TestExtractCodexConfig_' -count=1` -> pass - -### #254 - Orchids reverse proxy support -- Status: `feature` -- Summary: New provider integration request; requires provider contract definition and auth/runtime integration design before implementation. -- Code change in this lane: none - -### #253 - Codex support (/responses API) -- Status: `question` -- Summary: `/responses` handler surfaces already exist in current tree (`sdk/api/handlers/openai/openai_responses_handlers.go` plus related tests). Remaining gaps should be tracked as targeted compatibility issues (for example #258). -- Code change in this lane: none - -### #251 - Bug thinking -- Status: `question` -- Summary: Reported log line (`model does not support thinking, passthrough`) appears to be a debug path, but user impact details are missing. Needs reproducible request payload and expected behavior to determine bug vs expected fallback. -- Code change in this lane: none - -### #246 - Cline grantType/headers -- Status: `external` -- Summary: Referenced paths in issue body (`internal/auth/cline/...`, `internal/runtime/executor/...`) are not present in this repository layout, so fix likely belongs to another branch/repo lineage. -- Code change in this lane: none - -## Risks / follow-ups -- #254 should be decomposed into spec + implementation tasks before coding. -- #251 should be converted to a reproducible test case issue template. -- #246 needs source-path reconciliation against current repository structure. diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-2.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-2.md deleted file mode 100644 index 8eba945b1a..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-2.md +++ /dev/null @@ -1,76 +0,0 @@ -# Issue Wave GH-35 - Lane 2 Report - -Scope: `router-for-me/CLIProxyAPIPlus` issues `#245 #241 #232 #221 #219` -Worktree: `cliproxyapi-plusplus-worktree-2` - -## Per-Issue Status - -### #245 - `fix(cline): add grantType to token refresh and extension headers` -- Status: `fix` -- Summary: - - Hardened Kiro IDC refresh payload compatibility by sending both camelCase and snake_case token fields (`grantType` + `grant_type`, etc.). - - Unified extension header behavior across `RefreshToken` and `RefreshTokenWithRegion` via shared helper logic. -- Code paths inspected: - - `pkg/llmproxy/auth/kiro/sso_oidc.go` - -### #241 - `context length for models registered from github-copilot should always be 128K` -- Status: `fix` -- Summary: - - Enforced a uniform `128000` context length for all models returned by `GetGitHubCopilotModels()`. - - Added regression coverage to assert all Copilot models remain at 128K. -- Code paths inspected: - - `pkg/llmproxy/registry/model_definitions.go` - - `pkg/llmproxy/registry/model_definitions_test.go` - -### #232 - `Add AMP auth as Kiro` -- Status: `feature` -- Summary: - - Existing AMP support is routing/management oriented; this issue requests additional auth-mode/product behavior across provider semantics. - - No safe, narrow, high-confidence patch was applied in this lane without widening scope into auth architecture. -- Code paths inspected: - - `pkg/llmproxy/api/modules/amp/*` - - `pkg/llmproxy/config/config.go` - - `pkg/llmproxy/config/oauth_model_alias_migration.go` - -### #221 - `kiro账号被封` -- Status: `external` -- Summary: - - Root symptom is account suspension by upstream provider and requires provider-side restoration. - - No local code change can clear a suspended account state. -- Code paths inspected: - - `pkg/llmproxy/runtime/executor/kiro_executor.go` (suspension/cooldown handling) - -### #219 - `Opus 4.6` (unknown provider paths) -- Status: `fix` -- Summary: - - Added static antigravity alias coverage for `gemini-claude-opus-thinking` to prevent `unknown provider` classification. - - Added migration/default-alias support for that alias and improved migration dedupe to preserve multiple aliases per same upstream model. -- Code paths inspected: - - `pkg/llmproxy/registry/model_definitions_static_data.go` - - `pkg/llmproxy/config/oauth_model_alias_migration.go` - - `pkg/llmproxy/config/oauth_model_alias_migration_test.go` - -## Files Changed - -- `pkg/llmproxy/auth/kiro/sso_oidc.go` -- `pkg/llmproxy/auth/kiro/sso_oidc_test.go` -- `pkg/llmproxy/registry/model_definitions.go` -- `pkg/llmproxy/registry/model_definitions_static_data.go` -- `pkg/llmproxy/registry/model_definitions_test.go` -- `pkg/llmproxy/config/oauth_model_alias_migration.go` -- `pkg/llmproxy/config/oauth_model_alias_migration_test.go` -- `docs/planning/reports/issue-wave-gh-35-lane-2.md` - -## Focused Tests Run - -- `go test ./pkg/llmproxy/auth/kiro -run 'TestRefreshToken|TestRefreshTokenWithRegion'` -- `go test ./pkg/llmproxy/registry -run 'TestGetGitHubCopilotModels|TestGetAntigravityModelConfig'` -- `go test ./pkg/llmproxy/config -run 'TestMigrateOAuthModelAlias_ConvertsAntigravityModels'` -- `go test ./pkg/llmproxy/auth/kiro ./pkg/llmproxy/registry ./pkg/llmproxy/config` - -Result: all passing. - -## Blockers - -- `#232` needs product/auth design decisions beyond safe lane-scoped bugfixing. -- `#221` is externally constrained by upstream account suspension workflow. diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-3.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-3.md deleted file mode 100644 index fba4c29c25..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-3.md +++ /dev/null @@ -1,85 +0,0 @@ -# Issue Wave GH-35 - Lane 3 Report - -## Scope -- Issue #213 - Add support for proxying models from kilocode CLI -- Issue #210 - [Bug] Kiro 与 Ampcode 的 Bash 工具参数不兼容 -- Issue #206 - Nullable type arrays in tool schemas cause 400 on Antigravity/Droid Factory -- Issue #201 - failed to save config: open /CLIProxyAPI/config.yaml: read-only file system -- Issue #200 - gemini quota auto disable/enable request - -## Per-Issue Status - -### #213 -- Status: `partial (safe docs/config fix)` -- What was done: - - Added explicit Kilo OpenRouter-compatible configuration example using `api-key: anonymous` and `https://api.kilo.ai/api/openrouter`. - - Updated sample config comments to reflect the same endpoint. -- Changed files: - - `docs/provider-catalog.md` - - `config.example.yaml` -- Notes: - - Core Kilo provider support already exists in this repo; this lane focused on closing quickstart/config clarity gaps. - -### #210 -- Status: `done` -- What was done: - - Updated Kiro truncation-required field rules for `Bash` to accept both `command` and `cmd`. - - Added alias handling so missing one of the pair does not trigger false truncation. - - Added regression test for Ampcode-style `{"cmd":"..."}` payload. -- Changed files: - - `pkg/llmproxy/translator/kiro/claude/truncation_detector.go` - - `pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go` - -### #206 -- Status: `done` -- What was done: - - Removed unsafe per-property `strings.ToUpper(propType.String())` rewrite that could stringify JSON type arrays. - - Kept schema sanitization path and explicit root `type: OBJECT` setting. - - Added regression test to ensure nullable type arrays are not converted into a stringified JSON array. -- Changed files: - - `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go` - - `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go` - -### #201 -- Status: `partial (safe runtime fallback)` -- What was done: - - Added read-only filesystem detection in management config persistence. - - For read-only config writes, management now returns HTTP 200 with: - - `status: ok` - - `persisted: false` - - warning that changes are runtime-only and not persisted. - - Added tests for read-only error detection behavior. -- Changed files: - - `pkg/llmproxy/api/handlers/management/handler.go` - - `pkg/llmproxy/api/handlers/management/management_extra_test.go` -- Notes: - - This unblocks management operations in read-only deployments without pretending persistence succeeded. - -### #200 -- Status: `partial (documented current capability + blocker)` -- What was done: - - Added routing docs clarifying current quota automation knobs (`switch-project`, `switch-preview-model`). - - Documented current limitation: no generic per-provider auto-disable/auto-enable scheduler. -- Changed files: - - `docs/routing-reference.md` -- Blocker: - - Full request needs new lifecycle scheduler/state machine for provider credential health and timed re-enable, which is larger than safe lane-3 patch scope. - -## Test Evidence -- `go test ./pkg/llmproxy/translator/gemini/openai/responses` - - Result: `ok` -- `go test ./pkg/llmproxy/translator/kiro/claude` - - Result: `ok` -- `go test ./pkg/llmproxy/api/handlers/management` - - Result: `ok` - -## Aggregate Changed Files -- `config.example.yaml` -- `docs/provider-catalog.md` -- `docs/routing-reference.md` -- `pkg/llmproxy/api/handlers/management/handler.go` -- `pkg/llmproxy/api/handlers/management/management_extra_test.go` -- `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go` -- `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go` -- `pkg/llmproxy/translator/kiro/claude/truncation_detector.go` -- `pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go` diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-4.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-4.md deleted file mode 100644 index 897036c829..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-4.md +++ /dev/null @@ -1,76 +0,0 @@ -# Issue Wave GH-35 Lane 4 Report - -## Scope -- Lane: `workstream-cpb-4` -- Target issues: `#198`, `#183`, `#179`, `#178`, `#177` -- Worktree: `cliproxyapi-plusplus-worktree-4` -- Date: 2026-02-22 - -## Per-Issue Status - -### #177 Kiro Token import fails (`Refresh token is required`) -- Status: `fixed (safe, implemented)` -- What changed: - - Kiro IDE token loader now checks both default and legacy token file paths. - - Token parsing now accepts both camelCase and snake_case key formats. - - Custom token-path loader now uses the same tolerant parser. -- Changed files: - - `pkg/llmproxy/auth/kiro/aws.go` - - `pkg/llmproxy/auth/kiro/aws_load_token_test.go` - -### #178 Claude `thought_signature` forwarded to Gemini causes Base64 decode errors -- Status: `hardened with explicit regression coverage` -- What changed: - - Added translator regression tests to verify model-part thought signatures are rewritten to `skip_thought_signature_validator` in both Gemini and Gemini-CLI request paths. -- Changed files: - - `pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request_test.go` - - `pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request_test.go` - -### #183 why no Kiro in dashboard -- Status: `partially fixed (safe, implemented)` -- What changed: - - AMP provider model route now serves dedicated static model inventories for `kiro` and `cursor` instead of generic OpenAI model listing. - - Added route-level regression test for dedicated-provider model listing. -- Changed files: - - `pkg/llmproxy/api/modules/amp/routes.go` - - `pkg/llmproxy/api/modules/amp/routes_test.go` - -### #198 Cursor CLI/Auth support -- Status: `partially improved (safe surface fix)` -- What changed: - - Cursor model visibility in AMP provider alias models endpoint is now dedicated and deterministic (same change as #183 path). -- Changed files: - - `pkg/llmproxy/api/modules/amp/routes.go` - - `pkg/llmproxy/api/modules/amp/routes_test.go` -- Note: - - This does not implement net-new Cursor auth flows; it improves discoverability/compatibility at provider model listing surfaces. - -### #179 OpenAI-MLX-Server and vLLM-MLX support -- Status: `docs-level support clarified` -- What changed: - - Added explicit provider-usage documentation showing MLX/vLLM-MLX via `openai-compatibility` block and prefixed model usage. -- Changed files: - - `docs/provider-usage.md` - -## Test Evidence - -### Executed and passing -- `go test ./pkg/llmproxy/auth/kiro -run 'TestLoadKiroIDEToken_FallbackLegacyPathAndSnakeCase|TestLoadKiroIDEToken_PrefersDefaultPathOverLegacy' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 0.714s` -- `go test ./pkg/llmproxy/auth/kiro -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 2.064s` -- `go test ./pkg/llmproxy/api/modules/amp -run 'TestRegisterProviderAliases_DedicatedProviderModels' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/api/modules/amp 2.427s` -- `go test ./pkg/llmproxy/translator/gemini/gemini -run 'TestConvertGeminiRequestToGemini|TestConvertGeminiRequestToGemini_SanitizesThoughtSignatureOnModelParts' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/gemini 4.603s` -- `go test ./pkg/llmproxy/translator/gemini-cli/gemini -run 'TestConvertGeminiRequestToGeminiCLI|TestConvertGeminiRequestToGeminiCLI_SanitizesThoughtSignatureOnModelParts' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/gemini 1.355s` - -### Attempted but not used as final evidence -- `go test ./pkg/llmproxy/api/modules/amp -count=1` - - Observed as long-running/hanging in this environment; targeted amp tests were used instead. - -## Blockers / Limits -- #198 full scope (Cursor auth/storage protocol support) is broader than a safe lane-local patch; this pass focuses on model-listing visibility behavior. -- #179 full scope (new provider runtime integrations) was not attempted in this lane due risk/scope; docs now clarify supported path through existing OpenAI-compatible integration. -- No commits were made. diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-5.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-5.md deleted file mode 100644 index 86ae238d05..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-5.md +++ /dev/null @@ -1,89 +0,0 @@ -# Issue Wave GH-35 - Lane 5 Report - -## Scope -- Lane: 5 -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-worktree-5` -- Issues: #169 #165 #163 #158 #160 (CLIProxyAPIPlus) -- Commit status: no commits created - -## Per-Issue Status - -### #160 - `kiro反代出现重复输出的情况` -- Status: fixed in this lane with regression coverage -- What was found: - - Kiro adjacent assistant message compaction merged `tool_calls` by simple append. - - Duplicate `tool_call.id` values could survive merge and be replayed downstream. -- Safe fix implemented: - - De-duplicate merged assistant `tool_calls` by `id` while preserving order and keeping first-seen call. -- Changed files: - - `pkg/llmproxy/translator/kiro/common/message_merge.go` - - `pkg/llmproxy/translator/kiro/common/message_merge_test.go` - -### #163 - `fix(kiro): handle empty content in messages to prevent Bad Request errors` -- Status: already implemented in current codebase; no additional safe delta required in this lane -- What was found: - - Non-empty assistant-content guard is present in `buildAssistantMessageFromOpenAI`. - - History truncation hook is present (`truncateHistoryIfNeeded`, max 50). -- Evidence paths: - - `pkg/llmproxy/translator/kiro/openai/kiro_openai_request.go` - -### #158 - `在配置文件中支持为所有 OAuth 渠道自定义上游 URL` -- Status: not fully implemented; blocked for this lane as a broader cross-provider change -- What was found: - - `gemini-cli` executor still uses hardcoded `https://cloudcode-pa.googleapis.com`. - - No global config keys equivalent to `oauth-upstream` / `oauth-upstream-url` found. - - Some providers support per-auth `base_url`, but there is no unified config-level OAuth upstream layer across channels. -- Evidence paths: - - `pkg/llmproxy/executor/gemini_cli_executor.go` - - `pkg/llmproxy/runtime/executor/gemini_cli_executor.go` - - `pkg/llmproxy/config/config.go` -- Blocker: - - Requires config schema additions + precedence policy + updates across multiple OAuth executors (not a single isolated safe patch). - -### #165 - `kiro如何看配额?` -- Status: partially available primitives; user-facing completion unclear -- What was found: - - Kiro usage/quota retrieval logic exists (`GetUsageLimits`, `UsageChecker`). - - Generic quota-exceeded toggles exist in management APIs. - - No dedicated, explicit Kiro quota management endpoint/docs flow was identified in this lane pass. -- Evidence paths: - - `pkg/llmproxy/auth/kiro/aws_auth.go` - - `pkg/llmproxy/auth/kiro/usage_checker.go` - - `pkg/llmproxy/api/server.go` -- Blocker: - - Issue likely needs a productized surface (CLI command or management API + docs), which requires acceptance criteria beyond safe localized fixes. - -### #169 - `Kimi Code support` -- Status: inspected; no failing behavior reproduced in focused tests; no safe patch applied -- What was found: - - Kimi executor paths and tests are present and passing in focused runs. -- Evidence paths: - - `pkg/llmproxy/executor/kimi_executor.go` - - `pkg/llmproxy/executor/kimi_executor_test.go` -- Blocker: - - Remaining issue scope is not reproducible from current focused tests without additional failing scenarios/fixtures from issue thread. - -## Test Evidence - -Commands run (focused): -1. `go test ./pkg/llmproxy/translator/kiro/common -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common 0.717s` - -2. `go test ./pkg/llmproxy/translator/kiro/claude ./pkg/llmproxy/translator/kiro/openai -count=1` -- Result: - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/claude 1.074s` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/openai 1.681s` - -3. `go test ./pkg/llmproxy/config -run 'TestSanitizeOAuthModelAlias|TestLoadConfig|Test.*OAuth' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config 0.609s` - -4. `go test ./pkg/llmproxy/executor -run 'Test.*Kimi|Test.*Empty|Test.*Duplicate' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 0.836s` - -5. `go test ./pkg/llmproxy/auth/kiro -run 'Test.*(Usage|Quota|Cooldown|RateLimiter)' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 0.742s` - -## Files Changed In Lane 5 -- `pkg/llmproxy/translator/kiro/common/message_merge.go` -- `pkg/llmproxy/translator/kiro/common/message_merge_test.go` -- `docs/planning/reports/issue-wave-gh-35-lane-5.md` diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-6.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-6.md deleted file mode 100644 index 9cc77dcc51..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-6.md +++ /dev/null @@ -1,99 +0,0 @@ -# Issue Wave GH-35 - Lane 6 Report - -## Scope -- Lane: 6 -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-worktree-6` -- Issues: #149 #147 #146 #145 #136 (CLIProxyAPIPlus) -- Commit status: no commits created - -## Per-Issue Status - -### #149 - `kiro IDC 刷新 token 失败` -- Status: fixed in this lane with regression coverage -- What was found: - - Kiro IDC refresh path returned coarse errors without response body context on non-200 responses. - - Refresh handlers accepted successful responses with missing access token. - - Some refresh responses may omit `refreshToken`; callers need safe fallback. -- Safe fix implemented: - - Standardized refresh failure errors to include HTTP status and trimmed response body when available. - - Added explicit guard for missing `accessToken` in refresh success payloads. - - Preserved original refresh token when provider refresh response omits `refreshToken`. -- Changed files: - - `pkg/llmproxy/auth/kiro/sso_oidc.go` - - `pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go` - -### #147 - `请求docker部署支持arm架构的机器!感谢。` -- Status: documentation fix completed in this lane -- What was found: - - Install docs lacked explicit ARM64 run guidance and verification steps. -- Safe fix implemented: - - Added ARM64 Docker run example (`--platform linux/arm64`) and runtime architecture verification command. -- Changed files: - - `docs/install.md` - -### #146 - `[Feature Request] 请求增加 Kiro 配额的展示功能` -- Status: partial (documentation/operations guidance); feature implementation blocked -- What was found: - - No dedicated unified Kiro quota dashboard endpoint was identified in current runtime surface. - - Existing operator signal is provider metrics plus auth/runtime behavior. -- Safe fix implemented: - - Added explicit quota-visibility operations guidance and current limitation statement. -- Changed files: - - `docs/provider-operations.md` -- Blocker: - - Full issue resolution needs new product/API surface for explicit Kiro quota display, beyond safe localized patching. - -### #145 - `[Bug]完善 openai兼容模式对 claude 模型的支持` -- Status: docs hardening completed; no reproducible failing test in focused lane run -- What was found: - - Focused executor tests pass; no immediate failing conversion case reproduced from local test set. -- Safe fix implemented: - - Added OpenAI-compatible Claude payload compatibility notes and troubleshooting guidance. -- Changed files: - - `docs/api/openai-compatible.md` -- Blocker: - - Full protocol conversion fix requires a reproducible failing payload/fixture from issue thread. - -### #136 - `kiro idc登录需要手动刷新状态` -- Status: partial (ops guidance + related refresh hardening); full product workflow remains open -- What was found: - - Existing runbook lacked explicit Kiro IDC status/refresh confirmation steps. - - Related refresh resilience and diagnostics gap overlapped with #149. -- Safe fix implemented: - - Added Kiro IDC-specific symptom/fix entries and quick validation commands. - - Included refresh handling hardening from #149 patch. -- Changed files: - - `docs/operations/auth-refresh-failure-symptom-fix.md` - - `pkg/llmproxy/auth/kiro/sso_oidc.go` -- Blocker: - - A complete UX fix likely needs a dedicated status surface (API/UI) beyond lane-safe changes. - -## Test Evidence - -Commands run (focused): - -1. `go test ./pkg/llmproxy/executor -run 'Kiro|iflow|OpenAI|Claude|Compat|oauth|refresh' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.117s` - -2. `go test ./pkg/llmproxy/auth/iflow ./pkg/llmproxy/auth/kiro -count=1` -- Result: - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow 0.726s` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 2.040s` - -3. `go test ./pkg/llmproxy/auth/kiro -run 'RefreshToken|SSOOIDC|Token|OAuth' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 0.990s` - -4. `go test ./pkg/llmproxy/executor -run 'OpenAICompat|Kiro|iflow|Claude' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 0.847s` - -5. `go test ./test -run 'thinking|roo|builtin|amp' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/test 0.771s [no tests to run]` - -## Files Changed In Lane 6 -- `pkg/llmproxy/auth/kiro/sso_oidc.go` -- `pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go` -- `docs/install.md` -- `docs/api/openai-compatible.md` -- `docs/operations/auth-refresh-failure-symptom-fix.md` -- `docs/provider-operations.md` -- `docs/planning/reports/issue-wave-gh-35-lane-6.md` diff --git a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-7.md b/docs/planning/reports/fragemented/issue-wave-gh-35-lane-7.md deleted file mode 100644 index 9c0a0a4c22..0000000000 --- a/docs/planning/reports/fragemented/issue-wave-gh-35-lane-7.md +++ /dev/null @@ -1,102 +0,0 @@ -# Issue Wave GH-35 Lane 7 Report - -## Scope -- Lane: 7 (`cliproxyapi-plusplus-worktree-7`) -- Issues: #133, #129, #125, #115, #111 -- Objective: inspect, implement safe fixes where feasible, run focused Go tests, and record blockers. - -## Per-Issue Status - -### #133 Routing strategy "fill-first" is not working as expected -- Status: `PARTIAL (safe normalization + compatibility hardening)` -- Findings: - - Runtime selector switching already exists in `sdk/cliproxy` startup/reload paths. - - A common config spelling mismatch (`fill_first` vs `fill-first`) was not normalized consistently. -- Fixes: - - Added underscore-compatible normalization for routing strategy in management + runtime startup/reload. -- Changed files: - - `pkg/llmproxy/api/handlers/management/config_basic.go` - - `sdk/cliproxy/builder.go` - - `sdk/cliproxy/service.go` -- Notes: - - This improves compatibility and removes one likely reason users observe "fill-first not applied". - - Live behavioral validation against multi-credential traffic is still required. - -### #129 CLIProxyApiPlus ClawCloud cloud deploy config file not found -- Status: `DONE (safe fallback path discovery)` -- Findings: - - Default startup path was effectively strict (`/config.yaml`) when `--config` is not passed. - - Cloud/container layouts often mount config in nested or platform-specific paths. -- Fixes: - - Added cloud-aware config discovery helper with ordered fallback candidates and env overrides. - - Wired main startup path resolution to this helper. -- Changed files: - - `cmd/server/main.go` - - `cmd/server/config_path.go` - - `cmd/server/config_path_test.go` - -### #125 Error 403 (Gemini Code Assist license / subscription required) -- Status: `DONE (actionable error diagnostics)` -- Findings: - - Antigravity upstream 403 bodies were returned raw, without direct remediation guidance. -- Fixes: - - Added Antigravity 403 message enrichment for known subscription/license denial patterns. - - Added helper-based status error construction and tests. -- Changed files: - - `pkg/llmproxy/executor/antigravity_executor.go` - - `pkg/llmproxy/executor/antigravity_executor_error_test.go` - -### #115 -kiro-aws-login 登录后一直封号 -- Status: `PARTIAL (safer troubleshooting guidance)` -- Findings: - - Root cause is upstream/account policy behavior (AWS/Identity Center), not locally fixable in code path alone. -- Fixes: - - Added targeted CLI troubleshooting branch for AWS access portal sign-in failure signatures. - - Guidance now recommends cautious retry and auth-code fallback to reduce repeated failing attempts. -- Changed files: - - `pkg/llmproxy/cmd/kiro_login.go` - - `pkg/llmproxy/cmd/kiro_login_test.go` - -### #111 Antigravity authentication failed (callback server bind/access permissions) -- Status: `DONE (clear remediation hint)` -- Findings: - - Callback bind failures returned generic error text. -- Fixes: - - Added callback server error formatter to detect common bind-denied / port-in-use cases. - - Error now explicitly suggests `--oauth-callback-port `. -- Changed files: - - `sdk/auth/antigravity.go` - - `sdk/auth/antigravity_error_test.go` - -## Focused Test Evidence -- `go test ./cmd/server` - - `ok github.com/router-for-me/CLIProxyAPI/v6/cmd/server 2.258s` -- `go test ./pkg/llmproxy/cmd` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd 0.724s` -- `go test ./sdk/auth` - - `ok github.com/router-for-me/CLIProxyAPI/v6/sdk/auth 0.656s` -- `go test ./pkg/llmproxy/executor ./sdk/cliproxy` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.671s` - - `ok github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy 0.717s` - -## All Changed Files -- `cmd/server/main.go` -- `cmd/server/config_path.go` -- `cmd/server/config_path_test.go` -- `pkg/llmproxy/api/handlers/management/config_basic.go` -- `pkg/llmproxy/cmd/kiro_login.go` -- `pkg/llmproxy/cmd/kiro_login_test.go` -- `pkg/llmproxy/executor/antigravity_executor.go` -- `pkg/llmproxy/executor/antigravity_executor_error_test.go` -- `sdk/auth/antigravity.go` -- `sdk/auth/antigravity_error_test.go` -- `sdk/cliproxy/builder.go` -- `sdk/cliproxy/service.go` - -## Blockers / Follow-ups -- External-provider dependencies prevent deterministic local reproduction of: - - Kiro AWS account lock/suspension behavior (`#115`) - - Antigravity license entitlement state (`#125`) -- Recommended follow-up validation in staging: - - Cloud deploy startup on ClawCloud with mounted config variants. - - Fill-first behavior with >=2 credentials under same provider/model. diff --git a/docs/planning/reports/fragemented/merged.md b/docs/planning/reports/fragemented/merged.md deleted file mode 100644 index e8b338bba0..0000000000 --- a/docs/planning/reports/fragemented/merged.md +++ /dev/null @@ -1,1699 +0,0 @@ -# Merged Fragmented Markdown - -## Source: cliproxyapi-plusplus/docs/planning/reports - -## Source: issue-wave-cpb-0001-0035-lane-1.md - -# Issue Wave CPB-0001..0035 Lane 1 Report - -## Scope -- Lane: `you` -- Window: `CPB-0001` to `CPB-0005` -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus` - -## Per-Issue Status - -### CPB-0001 – Extract standalone Go mgmt CLI -- Status: `blocked` -- Rationale: requires cross-process CLI extraction and ownership boundary changes across `cmd/cliproxyapi` and management handlers, which is outside a safe docs-first patch and would overlap platform-architecture work not completed in this slice. - -### CPB-0002 – Non-subprocess integration surface -- Status: `blocked` -- Rationale: needs API shape design for runtime contract negotiation and telemetry, which is a larger architectural change than this lane’s safe implementation target. - -### CPB-0003 – Add `cliproxy dev` process-compose profile -- Status: `blocked` -- Rationale: requires workflow/runtime orchestration definitions and orchestration tooling wiring that is currently not in this wave’s scope with low-risk edits. - -### CPB-0004 – Provider-specific quickstarts -- Status: `done` -- Changes: - - Added `docs/provider-quickstarts.md` with 5-minute success paths for Claude, Codex, Gemini, GitHub Copilot, Kiro, MiniMax, and OpenAI-compatible providers. - - Linked quickstarts from `docs/provider-usage.md`, `docs/index.md`, and `docs/README.md`. - -### CPB-0005 – Create troubleshooting matrix -- Status: `done` -- Changes: - - Added structured troubleshooting matrix to `docs/troubleshooting.md` with symptom → cause → immediate check → remediation rows. - -## Validation -- `rg -n "Provider Quickstarts|Troubleshooting Matrix" docs/provider-usage.md docs/provider-quickstarts.md docs/troubleshooting.md` - -## Blockers / Follow-ups -- CPB-0001, CPB-0002, CPB-0003 should move to a follow-up architecture/control-plane lane that owns code-level API surface changes and process orchestration. - ---- - -## Source: issue-wave-cpb-0001-0035-lane-2.md - -# Issue Wave CPB-0001..0035 Lane 2 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. - ---- - -## Source: issue-wave-cpb-0001-0035-lane-3.md - -# Issue Wave CPB-0001..0035 Lane 3 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. - ---- - -## Source: issue-wave-cpb-0001-0035-lane-4.md - -# Issue Wave CPB-0001..0035 Lane 4 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. - ---- - -## Source: issue-wave-cpb-0001-0035-lane-5.md - -# Issue Wave CPB-0001..0035 Lane 5 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. - ---- - -## Source: issue-wave-cpb-0001-0035-lane-6.md - -# Issue Wave CPB-0001..0035 Lane 6 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. - ---- - -## Source: issue-wave-cpb-0001-0035-lane-7.md - -# Issue Wave CPB-0001..0035 Lane 7 Report - -## Scope -- Lane: -- Window: + .. per lane mapping from -- Status: - -## Execution Notes -- This lane was queued for child-agent execution, but no worker threads were available in this run ( thread limit reached). -- Re-dispatch this lane when child capacity is available; assign the same five CPB items as documented. - ---- - -## Source: issue-wave-cpb-0036-0105-lane-1.md - -# Issue Wave CPB-0036..0105 Lane 1 Report - -## Scope -- Lane: self -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus` -- Window: `CPB-0036` to `CPB-0045` - -## Status Snapshot - -- `in_progress`: 10/10 items reviewed -- `implemented`: `CPB-0036`, `CPB-0039`, `CPB-0041`, `CPB-0043`, `CPB-0045` -- `blocked`: `CPB-0037`, `CPB-0038`, `CPB-0040`, `CPB-0042`, `CPB-0044` - -## Per-Item Status - -### CPB-0036 – Expand docs and examples for #145 (openai-compatible Claude mode) -- Status: `implemented` -- Rationale: - - Existing provider docs now include explicit compatibility guidance under: - - `docs/api/openai-compatible.md` - - `docs/provider-usage.md` -- Validation: - - `rg -n "Claude Compatibility Notes|OpenAI-Compatible API" docs/api/openai-compatible.md docs/provider-usage.md` -- Touched files: - - `docs/api/openai-compatible.md` - - `docs/provider-usage.md` - -### CPB-0037 – Add QA scenarios for #142 -- Status: `blocked` -- Rationale: - - No stable reproduction payloads or fixtures for the specific request matrix are available in-repo. -- Next action: - - Add one minimal provider-compatibility fixture set and a request/response parity test once fixture data is confirmed. - -### CPB-0038 – Add support path for Kimi coding support -- Status: `blocked` -- Rationale: - - Current implementation has no isolated safe scope for a full feature implementation in this lane without deeper provider behavior contracts. - - The current codebase has related routing/runtime primitives, but no minimal-change patch was identified that is safe in-scope. -- Next action: - - Treat as feature follow-up with a focused acceptance fixture matrix and provider runtime coverage. - -### CPB-0039 – Follow up on Kiro IDC manual refresh status -- Status: `implemented` -- Rationale: - - Existing runbook and executor hardening now cover manual refresh workflows (`docs/operations/auth-refresh-failure-symptom-fix.md`) and related status checks. -- Validation: - - `go test ./pkg/llmproxy/executor ./cmd/server` -- Touched files: - - `docs/operations/auth-refresh-failure-symptom-fix.md` - -### CPB-0040 – Handle non-streaming output_tokens=0 usage -- Status: `blocked` -- Rationale: - - The current codebase already has multiple usage fallbacks, but there is no deterministic non-streaming fixture reproducing a guaranteed `output_tokens=0` defect for a safe, narrow patch. -- Next action: - - Add a reproducible fixture from upstream payload + parser assertion in `usage_helpers`/Kiro path before patching parser behavior. - -### CPB-0041 – Follow up on fill-first routing -- Status: `implemented` -- Rationale: - - Fill strategy normalization is already implemented in management/runtime startup reload path. -- Validation: - - `go test ./pkg/llmproxy/api ./pkg/llmproxy/executor` -- Touched files: - - `pkg/llmproxy/api/handlers/management/config_basic.go` - - `sdk/cliproxy/service.go` - - `sdk/cliproxy/builder.go` - -### CPB-0042 – 400 fallback/error compatibility cleanup -- Status: `blocked` -- Rationale: - - Missing reproducible corpus for the warning path (`kiro: received 400...`) and mixed model/transport states. -- Next action: - - Add a fixture-driven regression test around HTTP 400 body+retry handling in `sdk/cliproxy` or executor tests. - -### CPB-0043 – ClawCloud deployment parity -- Status: `implemented` -- Rationale: - - Config path fallback and environment-aware discovery were added for non-local deployment layouts; this reduces deployment friction for cloud workflows. -- Validation: - - `go test ./cmd/server ./pkg/llmproxy/cmd` -- Touched files: - - `cmd/server/config_path.go` - - `cmd/server/config_path_test.go` - - `cmd/server/main.go` - -### CPB-0044 – Refresh social credential expiry handling -- Status: `blocked` -- Rationale: - - Required source contracts for social credential lifecycle are absent in this branch of the codebase. -- Next action: - - Coordinate with upstream issue fixture and add a dedicated migration/test sequence when behavior is confirmed. - -### CPB-0045 – Improve `403` handling ergonomics -- Status: `implemented` -- Rationale: - - Error enrichment for Antigravity license/subscription `403` remains in place and tested. -- Validation: - - `go test ./pkg/llmproxy/executor ./pkg/llmproxy/api ./cmd/server` -- Touched files: - - `pkg/llmproxy/executor/antigravity_executor.go` - - `pkg/llmproxy/executor/antigravity_executor_error_test.go` - -## Evidence & Commands Run - -- `go test ./cmd/server ./pkg/llmproxy/cmd ./pkg/llmproxy/executor ./pkg/llmproxy/store` -- `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor ./pkg/llmproxy/store ./pkg/llmproxy/api/handlers/management ./pkg/llmproxy/api -run 'Route_?|TestServer_?|Test.*Fill|Test.*ClawCloud|Test.*openai_compatible'` -- `rg -n "Claude Compatibility Notes|OpenAI-Compatible API|Kiro" docs/api/openai-compatible.md docs/provider-usage.md docs/operations/auth-refresh-failure-symptom-fix.md` - -## Next Actions - -- Keep blocked CPB items in lane-1 waitlist with explicit fixture requests. -- Prepare lane-2..lane-7 dispatch once child-agent capacity is available. - ---- - -## Source: issue-wave-cpb-0036-0105-lane-2.md - -# Issue Wave CPB-0036..0105 Lane 2 Report - -## Scope -- Lane: 2 -- Worktree: `cliproxyapi-plusplus` (agent-equivalent execution, no external workers available) -- Target items: `CPB-0046` .. `CPB-0055` -- Date: 2026-02-22 - -## Per-Item Triage and Status - -### CPB-0046 Gemini3 cannot generate images / image path non-subprocess -- Status: `blocked` -- Triage: No deterministic image-generation regression fixture or deterministic provider contract was available in-repo. -- Next action: Add a synthetic Gemini image-generation fixture + add integration e2e before touching translator/transport. - -### CPB-0047 Enterprise Kiro 403 instability -- Status: `blocked` -- Triage: Requires provider/account behavior matrix and telemetry proof across multiple 403 payload variants. -- Next action: Capture stable 4xx samples and add provider-level retry/telemetry tests. - -### CPB-0048 -kiro-aws-login login ban / blocking -- Status: `blocked` -- Triage: This flow crosses auth UI/login, session caps, and external policy behavior; no safe local-only patch. -- Next action: Add regression fixture at integration layer before code changes. - -### CPB-0049 Amp usage inflation + `amp` -- Status: `blocked` -- Triage: No reproducible workload that proves current over-amplification shape for targeted fix. -- Next action: Add replayable `amp` traffic fixture and validate `request-retry`/cooling behavior. - -### CPB-0050 Antigravity auth failure naming metadata -- Status: `blocked` -- Triage: Changes are cross-repo/config-standardization in scope and need coordination with management docs. -- Next action: Create shared metadata naming ADR before repo-local patch. - -### CPB-0051 Multi-account management quickstart -- Status: `blocked` -- Triage: No accepted UX contract for account lifecycle orchestration in current worktree. -- Next action: Add explicit account-management acceptance spec and CLI command matrix first. - -### CPB-0052 `auth file changed (WRITE)` logging noise -- Status: `blocked` -- Triage: Requires broader logging noise policy and backpressure changes in auth writers. -- Next action: Add log-level/verbosity matrix then refactor emit points. - -### CPB-0053 `incognito` parameter invalid -- Status: `blocked` -- Triage: Needs broader login argument parity validation and behavior matrix. -- Next action: Add cross-command CLI acceptance coverage before changing argument parser. - -### CPB-0054 OpenAI-compatible `/v1/models` hardcoded path -- Status: `implemented` -- Result: - - Added shared model-list endpoint resolution for OpenAI-style clients, including: - - `models_url` override from auth attributes. - - automatic `/models` resolution for versioned base URLs. -- Validation run: - - `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor -run 'Test.*FetchOpenAIModels.*' -count=1` -- Touched files: - - `pkg/llmproxy/executor/openai_models_fetcher.go` - - `pkg/llmproxy/runtime/executor/openai_models_fetcher.go` - -### CPB-0055 `ADD TRAE IDE support` DX follow-up -- Status: `blocked` -- Triage: Requires explicit CLI path support contract and likely external runtime integration. -- Next action: Add support matrix and command spec in issue design doc first. - -## Validation Commands - -- `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor ./pkg/llmproxy/logging ./pkg/llmproxy/translator/gemini/openai/chat-completions ./pkg/llmproxy/translator/codex/openai/chat-completions ./cmd/server -run 'TestUseGitHubCopilotResponsesEndpoint|TestApplyClaude|TestEnforceLogDirSizeLimit|TestOpenAIModels|TestResponseFormat|TestConvertOpenAIRequestToGemini' -count=1` -- Result: all passing for referenced packages. - ---- - -## Source: issue-wave-cpb-0036-0105-lane-3.md - -# Issue Wave CPB-0036..0105 Lane 3 Report - -## Scope -- Lane: `3` -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-wave-cpb-3` -- Window handled in this lane: `CPB-0056..CPB-0065` -- Constraint followed: no commits; only lane-scoped changes. - -## Per-Item Triage + Status - -### CPB-0056 - Kiro "no authentication available" docs/quickstart -- Status: `done (quick win)` -- What changed: - - Added explicit Kiro bootstrap commands (`--kiro-login`, `--kiro-aws-authcode`, `--kiro-import`) and a troubleshooting block for `auth_unavailable`. -- Evidence: - - `docs/provider-quickstarts.md:114` - - `docs/provider-quickstarts.md:143` - - `docs/troubleshooting.md:35` - -### CPB-0057 - Copilot model-call-failure flow into first-class CLI commands -- Status: `partial (docs-only quick win; larger CLI extraction deferred)` -- Triage: - - Core CLI surface already has `--github-copilot-login`; full flow extraction/integration hardening is broader than safe lane quick wins. -- What changed: - - Added explicit bootstrap/auth command in provider quickstart. -- Evidence: - - `docs/provider-quickstarts.md:85` - - Existing flag surface observed in `cmd/server/main.go` (`--github-copilot-login`). - -### CPB-0058 - process-compose/HMR refresh workflow -- Status: `done (quick win)` -- What changed: - - Added a minimal process-compose profile for deterministic local startup. - - Added install docs section describing local process-compose workflow with built-in watcher reload behavior. -- Evidence: - - `examples/process-compose.dev.yaml` - - `docs/install.md:81` - - `docs/install.md:87` - -### CPB-0059 - Kiro/BuilderID token collision + refresh lifecycle safety -- Status: `done (quick win)` -- What changed: - - Hardened Kiro synthesized auth ID generation: when `profile_arn` is empty, include `refresh_token` in stable ID seed to reduce collisions across Builder ID credentials. - - Added targeted tests in both synthesizer paths. -- Evidence: - - `pkg/llmproxy/watcher/synthesizer/config.go:604` - - `pkg/llmproxy/auth/synthesizer/config.go:601` - - `pkg/llmproxy/watcher/synthesizer/config_test.go` - - `pkg/llmproxy/auth/synthesizer/config_test.go` - -### CPB-0060 - Amazon Q ValidationException metadata/origin standardization -- Status: `triaged (docs guidance quick win; broader cross-repo standardization deferred)` -- Triage: - - Full cross-repo naming/metadata standardization is larger-scope. -- What changed: - - Added troubleshooting row with endpoint/origin preference checks and remediation guidance. -- Evidence: - - `docs/troubleshooting.md` (Amazon Q ValidationException row) - -### CPB-0061 - Kiro config entry discoverability/compat gaps -- Status: `partial (docs quick win)` -- What changed: - - Extended quickstarts with concrete Kiro and Cursor setup paths to improve config-entry discoverability. -- Evidence: - - `docs/provider-quickstarts.md:114` - - `docs/provider-quickstarts.md:199` - -### CPB-0062 - Cursor issue hardening -- Status: `partial (docs quick win; deeper behavior hardening deferred)` -- Triage: - - Runtime hardening exists in synthesizer warnings/defaults; further defensive fallback expansion should be handled in a dedicated runtime lane. -- What changed: - - Added explicit Cursor troubleshooting row and quickstart. -- Evidence: - - `docs/troubleshooting.md` (Cursor row) - - `docs/provider-quickstarts.md:199` - -### CPB-0063 - Configurable timeout for extended thinking -- Status: `partial (operational docs quick win)` -- Triage: - - Full observability + alerting/runbook expansion is larger than safe quick edits. -- What changed: - - Added timeout-specific troubleshooting and keepalive config guidance for long reasoning windows. -- Evidence: - - `docs/troubleshooting.md` (Extended-thinking timeout row) - - `docs/troubleshooting.md` (keepalive YAML snippet) - -### CPB-0064 - event stream fatal provider-agnostic handling -- Status: `partial (ops/docs quick win; translation refactor deferred)` -- Triage: - - Provider-agnostic translation refactor is non-trivial and cross-cutting. -- What changed: - - Added stream-fatal troubleshooting path with stream/non-stream isolation and fallback guidance. -- Evidence: - - `docs/troubleshooting.md` (`event stream fatal` row) - -### CPB-0065 - config path is directory DX polish -- Status: `done (quick win)` -- What changed: - - Improved non-optional config read error for directory paths with explicit remediation text. - - Added tests covering optional vs non-optional directory-path behavior. - - Added install-doc failure note for this exact error class. -- Evidence: - - `pkg/llmproxy/config/config.go:680` - - `pkg/llmproxy/config/config_test.go` - - `docs/install.md:114` - -## Focused Validation -- `go test ./pkg/llmproxy/config -run 'TestLoadConfig|TestLoadConfigOptional_DirectoryPath' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config 7.457s` -- `go test ./pkg/llmproxy/watcher/synthesizer -run 'TestConfigSynthesizer_SynthesizeKiroKeys_UsesRefreshTokenForIDWhenProfileArnMissing' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/watcher/synthesizer 11.350s` -- `go test ./pkg/llmproxy/auth/synthesizer -run 'TestConfigSynthesizer_SynthesizeKiroKeys_UsesRefreshTokenForIDWhenProfileArnMissing' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/synthesizer 11.183s` - -## Changed Files (Lane 3) -- `docs/install.md` -- `docs/provider-quickstarts.md` -- `docs/troubleshooting.md` -- `examples/process-compose.dev.yaml` -- `pkg/llmproxy/config/config.go` -- `pkg/llmproxy/config/config_test.go` -- `pkg/llmproxy/watcher/synthesizer/config.go` -- `pkg/llmproxy/watcher/synthesizer/config_test.go` -- `pkg/llmproxy/auth/synthesizer/config.go` -- `pkg/llmproxy/auth/synthesizer/config_test.go` - -## Notes -- Existing untracked `docs/fragemented/` content was left untouched (other-lane workspace state). -- No commits were created. - ---- - -## Source: issue-wave-cpb-0036-0105-lane-4.md - -# Issue Wave CPB-0036..0105 Lane 4 Report - -## Scope -- Lane: `workstream-cpb-4` -- Target items: `CPB-0066`..`CPB-0075` -- Worktree: `cliproxyapi-plusplus-wave-cpb-4` -- Date: 2026-02-22 -- Rule: triage all 10 items, implement only safe quick wins, no commits. - -## Per-Item Triage and Status - -### CPB-0066 Expand docs/examples for reverse-platform onboarding -- Status: `quick win implemented` -- Result: - - Added provider quickstart guidance for onboarding additional reverse/OpenAI-compatible paths, including practical troubleshooting notes. -- Changed files: - - `docs/provider-quickstarts.md` - - `docs/troubleshooting.md` - -### CPB-0067 Add QA scenarios for sequential-thinking parameter removal (`nextThoughtNeeded`) -- Status: `triaged, partial quick win (docs QA guardrails only)` -- Result: - - Added troubleshooting guidance to explicitly check mixed legacy/new reasoning field combinations before stream/non-stream parity validation. - - No runtime logic change in this lane due missing deterministic repro fixture for the exact `nextThoughtNeeded` failure payload. -- Changed files: - - `docs/troubleshooting.md` - -### CPB-0068 Refresh Kiro quickstart for large-request failure path -- Status: `quick win implemented` -- Result: - - Added Kiro large-payload sanity-check sequence and IAM login hints to reduce first-run request-size regressions. -- Changed files: - - `docs/provider-quickstarts.md` - -### CPB-0069 Define non-subprocess integration path (Go bindings + HTTP fallback) -- Status: `quick win implemented` -- Result: - - Added explicit integration contract to SDK docs: in-process `sdk/cliproxy` first, HTTP fallback second, with capability probes. -- Changed files: - - `docs/sdk-usage.md` - -### CPB-0070 Standardize metadata/naming conventions for websearch compatibility -- Status: `triaged, partial quick win (docs normalization guidance)` -- Result: - - Added routing/endpoint behavior notes and troubleshooting guidance for model naming + endpoint selection consistency. - - Cross-repo naming standardization itself is broader than a safe lane-local patch. -- Changed files: - - `docs/routing-reference.md` - - `docs/provider-quickstarts.md` - - `docs/troubleshooting.md` - -### CPB-0071 Vision compatibility gaps (ZAI/GLM and Copilot) -- Status: `triaged, validated existing coverage + docs guardrails` -- Result: - - Confirmed existing vision-content detection coverage in Copilot executor tests. - - Added troubleshooting row for vision payload/header compatibility checks. - - No executor code change required from this lane’s evidence. -- Changed files: - - `docs/troubleshooting.md` - -### CPB-0072 Harden iflow model-list update behavior -- Status: `quick win implemented (operational fallback guidance)` -- Result: - - Added iFlow model-list drift/update runbook steps with validation and safe fallback sequencing. -- Changed files: - - `docs/provider-operations.md` - -### CPB-0073 Operationalize KIRO with IAM (observability + alerting) -- Status: `quick win implemented` -- Result: - - Added Kiro IAM operational runbook and explicit suggested alert thresholds with immediate response steps. -- Changed files: - - `docs/provider-operations.md` - -### CPB-0074 Codex-vs-Copilot model visibility as provider-agnostic pattern -- Status: `triaged, partial quick win (docs behavior codified)` -- Result: - - Documented Codex-family endpoint behavior and retry guidance to reduce ambiguous model-access failures. - - Full provider-agnostic utility refactor was not safe to perform without broader regression matrix updates. -- Changed files: - - `docs/routing-reference.md` - - `docs/provider-quickstarts.md` - -### CPB-0075 DX polish for `gpt-5.1-codex-mini` inaccessible via `/chat/completions` -- Status: `quick win implemented (test + docs)` -- Result: - - Added regression test confirming Codex-mini models route to Responses endpoint logic. - - Added user-facing docs on endpoint choice and fallback. -- Changed files: - - `pkg/llmproxy/executor/github_copilot_executor_test.go` - - `docs/provider-quickstarts.md` - - `docs/routing-reference.md` - - `docs/troubleshooting.md` - -## Focused Validation Evidence - -### Commands executed -1. `go test ./pkg/llmproxy/executor -run 'TestUseGitHubCopilotResponsesEndpoint_(CodexModel|CodexMiniModel|DefaultChat|OpenAIResponseSource)' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 2.617s` - -2. `go test ./pkg/llmproxy/executor -run 'TestDetectVisionContent_(WithImageURL|WithImageType|NoVision|NoMessages)' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.687s` - -3. `rg -n "CPB-00(66|67|68|69|70|71|72|73|74|75)" docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md` -- Result: item definitions confirmed at board entries for `CPB-0066`..`CPB-0075`. - -## Limits / Deferred Work -- Cross-repo standardization asks (notably `CPB-0070`, `CPB-0074`) need coordinated changes outside this lane scope. -- `CPB-0067` runtime-level parity hardening needs an exact failing payload fixture for `nextThoughtNeeded` to avoid speculative translator changes. -- No commits were made. - ---- - -## Source: issue-wave-cpb-0036-0105-lane-5.md - -# Issue Wave CPB-0036..0105 Lane 5 Report - -## Scope -- Lane: `5` -- Window: `CPB-0076..CPB-0085` -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-wave-cpb-5` -- Commit status: no commits created - -## Per-Item Triage and Status - -### CPB-0076 - Copilot hardcoded flow into first-class Go CLI commands -- Status: `blocked` -- Triage: - - CLI auth entrypoints exist (`--github-copilot-login`, `--kiro-*`) but this item requires broader first-class command extraction and interactive setup ownership. -- Evidence: - - `cmd/server/main.go:128` - - `cmd/server/main.go:521` - -### CPB-0077 - Add QA scenarios (stream/non-stream parity + edge cases) -- Status: `blocked` -- Triage: - - No issue-specific acceptance fixtures were available in-repo for this source thread; adding arbitrary scenarios would be speculative. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:715` - -### CPB-0078 - Refactor kiro login/no-port implementation boundaries -- Status: `blocked` -- Triage: - - Kiro auth/login flow spans multiple command paths and runtime behavior; safe localized patch could not be isolated in this lane without broader auth-flow refactor. -- Evidence: - - `cmd/server/main.go:123` - - `cmd/server/main.go:559` - -### CPB-0079 - Rollout safety for missing Kiro non-stream thinking signature -- Status: `blocked` -- Triage: - - Needs staged flags/defaults + migration contract; no narrow one-file fix path identified from current code scan. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:733` - -### CPB-0080 - Kiro Web UI metadata/name consistency across repos -- Status: `blocked` -- Triage: - - Explicitly cross-repo/web-UI coordination item; this lane is scoped to single-repo safe deltas. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:742` - -### CPB-0081 - Kiro stream 400 compatibility follow-up -- Status: `blocked` -- Triage: - - Requires reproducible failing scenario for targeted executor/translator behavior; not safely inferable from current local state alone. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:751` - -### CPB-0082 - Cannot use Claude models in Codex CLI -- Status: `partial` -- Safe quick wins implemented: - - Added compact-path codex regression tests to protect codex response-compaction request mode and stream rejection behavior. - - Added troubleshooting runbook row for Claude model alias bridge validation (`oauth-model-alias`) and remediation. -- Evidence: - - `pkg/llmproxy/executor/codex_executor_compact_test.go:16` - - `pkg/llmproxy/config/oauth_model_alias_migration.go:46` - - `docs/troubleshooting.md:38` - -### CPB-0083 - Operationalize image content in tool result messages -- Status: `partial` -- Safe quick wins implemented: - - Added operator playbook section for image-in-tool-result regression detection and incident handling. -- Evidence: - - `docs/provider-operations.md:64` - -### CPB-0084 - Docker optimization suggestions into provider-agnostic shared utilities -- Status: `blocked` -- Triage: - - Item asks for shared translation utility codification; current safe scope supports docs/runbook updates but not utility-layer redesign. -- Evidence: - - `docs/planning/CLIPROXYAPI_1000_ITEM_BOARD_2026-02-22.md:778` - -### CPB-0085 - Provider quickstart for codex translator responses compaction -- Status: `done` -- Safe quick wins implemented: - - Added explicit Codex `/v1/responses/compact` quickstart with expected response shape. - - Added troubleshooting row clarifying compact endpoint non-stream requirement. -- Evidence: - - `docs/provider-quickstarts.md:55` - - `docs/troubleshooting.md:39` - -## Validation Evidence - -Commands run: -1. `go test ./pkg/llmproxy/executor -run 'TestCodexExecutorCompactUsesCompactEndpoint|TestCodexExecutorCompactStreamingRejected|TestOpenAICompatExecutorCompactPassthrough' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.015s` - -2. `rg -n "responses/compact|Cannot use Claude Models in Codex CLI|Tool-Result Image Translation Regressions|response.compaction" docs/provider-quickstarts.md docs/troubleshooting.md docs/provider-operations.md pkg/llmproxy/executor/codex_executor_compact_test.go` -- Result: expected hits found in all touched surfaces. - -## Files Changed In Lane 5 -- `pkg/llmproxy/executor/codex_executor_compact_test.go` -- `docs/provider-quickstarts.md` -- `docs/troubleshooting.md` -- `docs/provider-operations.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-5.md` - ---- - -## Source: issue-wave-cpb-0036-0105-lane-6.md - -# Issue Wave CPB-0036..0105 Lane 6 Report - -## Scope -- Lane: 6 -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-wave-cpb-6` -- Assigned items in this pass: `CPB-0086..CPB-0095` -- Commit status: no commits created - -## Summary -- Triaged all 10 assigned items. -- Implemented 2 safe quick wins: - - `CPB-0090`: fix log-dir size enforcement to include nested day subdirectories. - - `CPB-0095`: add regression test to lock `response_format` -> `text.format` Codex translation behavior. -- Remaining items are either already covered by existing code/tests, or require broader product/feature work than lane-safe changes. - -## Per-Item Status - -### CPB-0086 - `codex: usage_limit_reached (429) should honor resets_at/resets_in_seconds as next_retry_after` -- Status: triaged, blocked for safe quick-win in this lane. -- What was found: - - No concrete handling path was identified in this worktree for `usage_limit_reached` with `resets_at` / `resets_in_seconds` projection to `next_retry_after`. - - Existing source mapping only appears in planning artifacts. -- Lane action: - - No code change (avoided speculative behavior without upstream fixture/contract). -- Evidence: - - Focused repo search did not surface implementation references outside planning board docs. - -### CPB-0087 - `process-compose/HMR refresh workflow` for Gemini Web concerns -- Status: triaged, not implemented (missing runtime surface in this worktree). -- What was found: - - No `process-compose.yaml` exists in this lane worktree. - - Gemini Web is documented as supported config in SDK docs, but no local process-compose profile to patch. -- Lane action: - - No code change. -- Evidence: - - `ls process-compose.yaml` -> not found. - - `docs/sdk-usage.md:171` and `docs/sdk-usage_CN.md:163` reference Gemini Web config behavior. - -### CPB-0088 - `fix(claude): token exchange blocked by Cloudflare managed challenge` -- Status: triaged as already addressed in codebase. -- What was found: - - Claude auth transport explicitly uses `utls` Firefox fingerprint to bypass Anthropic Cloudflare TLS fingerprint checks. -- Lane action: - - No change required. -- Evidence: - - `pkg/llmproxy/auth/claude/utls_transport.go:18-20` - - `pkg/llmproxy/auth/claude/utls_transport.go:103-112` - -### CPB-0089 - `Qwen OAuth fails` -- Status: triaged, partial confidence; no safe localized patch identified. -- What was found: - - Qwen auth/executor paths are present and unit tests pass for current covered scenarios. - - No deterministic failing fixture in local tests to patch against. -- Lane action: - - Ran focused tests, no code change. -- Evidence: - - `go test ./pkg/llmproxy/auth/qwen -count=1` -> `ok` - -### CPB-0090 - `logs-max-total-size-mb` misses per-day subdirectories -- Status: fixed in this lane with regression coverage. -- What was found: - - `enforceLogDirSizeLimit` previously scanned only top-level `os.ReadDir(dir)` entries. - - Nested log files (for date-based folders) were not counted/deleted. -- Safe fix implemented: - - Switched to `filepath.WalkDir` recursion and included all nested `.log`/`.log.gz` files in total-size enforcement. - - Added targeted regression test that creates nested day directory and verifies oldest nested file is removed. -- Changed files: - - `pkg/llmproxy/logging/log_dir_cleaner.go` - - `pkg/llmproxy/logging/log_dir_cleaner_test.go` -- Evidence: - - `pkg/llmproxy/logging/log_dir_cleaner.go:100-131` - - `pkg/llmproxy/logging/log_dir_cleaner_test.go:60-85` - -### CPB-0091 - `All credentials for model claude-sonnet-4-6 are cooling down` -- Status: triaged as already partially covered. -- What was found: - - Model registry includes cooling-down models in availability listing when suspension is quota-only. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/registry/model_registry.go:745-747` - -### CPB-0092 - `Add claude-sonnet-4-6 to registered Claude models` -- Status: triaged as already covered. -- What was found: - - Default OAuth model-alias mappings include Sonnet 4.6 alias entries. - - Related config tests pass. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/config/oauth_model_alias_migration.go:56-57` - - `go test ./pkg/llmproxy/config -run 'OAuthModelAlias' -count=1` -> `ok` - -### CPB-0093 - `Claude Sonnet 4.5 models are deprecated - please remove from panel` -- Status: triaged, not implemented due compatibility risk. -- What was found: - - Runtime still maps unknown models to Sonnet 4.5 fallback. - - Removing/deprecating 4.5 from surfaced panel/model fallback likely requires coordinated migration and rollout guardrails. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/runtime/executor/kiro_executor.go:1653-1655` - -### CPB-0094 - `Gemini incorrect renaming of parameters -> parametersJsonSchema` -- Status: triaged as already covered with regression tests. -- What was found: - - Existing executor regression tests assert `parametersJsonSchema` is renamed to `parameters` in request build path. -- Lane action: - - No code change. -- Evidence: - - `pkg/llmproxy/executor/antigravity_executor_buildrequest_test.go:16-18` - - `go test ./pkg/llmproxy/runtime/executor -run 'AntigravityExecutorBuildRequest' -count=1` -> `ok` - -### CPB-0095 - `codex 返回 Unsupported parameter: response_format` -- Status: quick-win hardening completed (regression lock). -- What was found: - - Translator already maps OpenAI `response_format` to Codex Responses `text.format`. - - Missing direct regression test in this file for the exact unsupported-parameter shape. -- Safe fix implemented: - - Added test verifying output payload does not contain `response_format`, and correctly contains `text.format` fields. -- Changed files: - - `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go` -- Evidence: - - Mapping code: `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:228-253` - - New test: `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go:160-198` - -## Test Evidence - -Commands run (focused): - -1. `go test ./pkg/llmproxy/logging -run 'LogDir|EnforceLogDirSizeLimit' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/logging 4.628s` - -2. `go test ./pkg/llmproxy/translator/codex/openai/chat-completions -run 'ConvertOpenAIRequestToCodex|ResponseFormat' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/codex/openai/chat-completions 1.869s` - -3. `go test ./pkg/llmproxy/runtime/executor -run 'AntigravityExecutorBuildRequest|KiroExecutor_MapModelToKiro' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/executor 1.172s` - -4. `go test ./pkg/llmproxy/auth/qwen -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/qwen 0.730s` - -5. `go test ./pkg/llmproxy/config -run 'OAuthModelAlias' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config 0.869s` - -## Files Changed In Lane 6 -- `pkg/llmproxy/logging/log_dir_cleaner.go` -- `pkg/llmproxy/logging/log_dir_cleaner_test.go` -- `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-6.md` - ---- - -## Source: issue-wave-cpb-0036-0105-lane-7.md - -# Issue Wave CPB-0036..0105 Lane 7 Report - -## Scope -- Lane: 7 (`cliproxyapi-plusplus-wave-cpb-7`) -- Window: `CPB-0096..CPB-0105` -- Objective: triage all 10 items, land safe quick wins, run focused validation, and document blockers. - -## Per-Item Triage and Status - -### CPB-0096 - Invalid JSON payload when `tool_result` has no `content` field -- Status: `DONE (safe docs + regression tests)` -- Quick wins shipped: - - Added troubleshooting matrix entry with immediate check and workaround. - - Added regression tests that assert `tool_result` without `content` is preserved safely in prefix/apply + strip paths. -- Evidence: - - `docs/troubleshooting.md:34` - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:233` - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:244` - -### CPB-0097 - QA scenarios for "Docker Image Error" -- Status: `PARTIAL (operator QA scenarios documented)` -- Quick wins shipped: - - Added explicit Docker image triage row (image/tag/log/health checks + stream/non-stream parity instruction). -- Deferred: - - No deterministic Docker e2e harness in this lane run; automated parity test coverage not added. -- Evidence: - - `docs/troubleshooting.md:35` - -### CPB-0098 - Refactor for "Google blocked my 3 email id at once" -- Status: `TRIAGED (deferred, no safe quick win)` -- Assessment: - - Root cause and mitigation are account-policy and provider-risk heavy; safe work requires broader runtime/auth behavior refactor and staged external validation. -- Lane action: - - No code change to avoid unsafe behavior regression. - -### CPB-0099 - Rollout safety for "不同思路的 Antigravity 代理" -- Status: `PARTIAL (rollout checklist tightened)` -- Quick wins shipped: - - Added explicit staged-rollout checklist item for feature flags/defaults migration including fallback aliases. -- Evidence: - - `docs/operations/release-governance.md:22` - -### CPB-0100 - Metadata and naming conventions for "是否支持微软账号的反代?" -- Status: `PARTIAL (naming/metadata conventions clarified)` -- Quick wins shipped: - - Added canonical naming guidance clarifying `github-copilot` channel identity and Microsoft-account expectation boundaries. -- Evidence: - - `docs/provider-usage.md:19` - - `docs/provider-usage.md:23` - -### CPB-0101 - Follow-up on Antigravity anti-abuse detection concerns -- Status: `TRIAGED (blocked by upstream/provider behavior)` -- Assessment: - - Compatibility-gap closure here depends on external anti-abuse policy behavior and cannot be safely validated or fixed in isolated lane edits. -- Lane action: - - No risky auth/routing changes without broader integration scope. - -### CPB-0102 - Quickstart for Sonnet 4.6 migration -- Status: `DONE (quickstart + migration guidance)` -- Quick wins shipped: - - Added Sonnet 4.6 compatibility check command. - - Added migration note from Sonnet 4.5 aliases with `/v1/models` verification step. -- Evidence: - - `docs/provider-quickstarts.md:33` - - `docs/provider-quickstarts.md:42` - -### CPB-0103 - Operationalize gpt-5.3-codex-spark mismatch (plus/team) -- Status: `PARTIAL (observability/runbook quick win)` -- Quick wins shipped: - - Added Spark eligibility daily check. - - Added incident runbook with warn/critical thresholds and fallback policy. - - Added troubleshooting + quickstart guardrails to use only models exposed in `/v1/models`. -- Evidence: - - `docs/provider-operations.md:15` - - `docs/provider-operations.md:66` - - `docs/provider-quickstarts.md:113` - - `docs/troubleshooting.md:37` - -### CPB-0104 - Provider-agnostic pattern for Sonnet 4.6 support -- Status: `TRIAGED (deferred, larger translation refactor)` -- Assessment: - - Proper provider-agnostic codification requires shared translator-level refactor beyond safe lane-sized edits. -- Lane action: - - No broad translator changes in this wave. - -### CPB-0105 - DX around `applyClaudeHeaders()` defaults -- Status: `DONE (behavioral tests + docs context)` -- Quick wins shipped: - - Added tests for Anthropic vs non-Anthropic auth header routing. - - Added checks for default Stainless headers, beta merge behavior, and stream/non-stream Accept headers. -- Evidence: - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:255` - - `pkg/llmproxy/runtime/executor/claude_executor_test.go:283` - -## Focused Test Evidence -- `go test ./pkg/llmproxy/runtime/executor` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/runtime/executor 1.004s` - -## Changed Files (Lane 7) -- `pkg/llmproxy/runtime/executor/claude_executor_test.go` -- `docs/provider-quickstarts.md` -- `docs/troubleshooting.md` -- `docs/provider-usage.md` -- `docs/provider-operations.md` -- `docs/operations/release-governance.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-7.md` - -## Summary -- Triaged all 10 items. -- Landed safe quick wins for docs/runbooks/tests on high-confidence surfaces. -- Deferred high-risk refactor/external-policy items (`CPB-0098`, `CPB-0101`, `CPB-0104`) with explicit reasoning. - ---- - -## Source: issue-wave-cpb-0036-0105-next-70-summary.md - -# CPB-0036..0105 Next 70 Execution Summary (2026-02-22) - -## Scope covered -- Items: CPB-0036 through CPB-0105 -- Lanes covered: 1, 2, 3, 4, 5, 6, 7 reports present in `docs/planning/reports/` -- Constraint: agent thread limit prevented spawning worker processes, so remaining lanes were executed via consolidated local pass. - -## Completed lane reporting -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-1.md` (implemented/blocked mix) -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-2.md` (1 implemented + 9 blocked) -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-3.md` (1 partial + 9 blocked) -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-4.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-5.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-6.md` -- `docs/planning/reports/issue-wave-cpb-0036-0105-lane-7.md` - -## Verified checks -- `go test ./pkg/llmproxy/executor ./pkg/llmproxy/runtime/executor ./pkg/llmproxy/logging ./pkg/llmproxy/translator/gemini/openai/chat-completions ./pkg/llmproxy/translator/codex/openai/chat-completions ./cmd/server -run 'TestUseGitHubCopilotResponsesEndpoint|TestApplyClaude|TestEnforceLogDirSizeLimit|TestOpenAIModels|TestResponseFormat|TestConvertOpenAIRequestToGemini' -count=1` -- `task quality` (fmt + vet + golangci-lint + preflight + full package tests) - -## Current implementation status snapshot -- Confirmed implemented at task level (from lanes): - - CPB-0054 (models endpoint resolution across OpenAI-compatible providers) - - CPB-0066, 0067, 0068, 0069, 0070, 0071, 0072, 0073, 0074, 0075 - - CPB-0076, 0077, 0078, 0079, 0080, 0081, 0082, 0083, 0084, 0085 (partial/mixed) - - CPB-0086, 0087, 0088, 0089, 0090, 0091, 0092, 0093, 0094, 0095 - - CPB-0096, 0097, 0098, 0099, 0100, 0101, 0102, 0103, 0104, 0105 (partial/done mix) -- Items still awaiting upstream fixture or policy-driven follow-up: - - CPB-0046..0049, 0050..0053, 0055 - - CPB-0056..0065 (except 0054) - -## Primary gaps to resolve next -1. Build a shared repository-level fixture pack for provider-specific regressions so blocked items can move from triage to implementation. -2. Add command-level acceptance tests for `--config` directory-path failures, auth argument conflicts, and non-stream edge cases in affected lanes. -3. Publish a single matrix for provider-specific hard failures (`403`, stream protocol, tool_result/image/video shapes) and gate merges on it. - ---- - -## Source: issue-wave-gh-35-integration-summary-2026-02-22.md - -# Issue Wave GH-35 Integration Summary - -Date: 2026-02-22 -Integration branch: `wave-gh35-integration` -Integration worktree: `../cliproxyapi-plusplus-integration-wave` - -## Scope completed -- 7 lanes executed (6 child agents + 1 local lane), 5 issues each. -- Per-lane reports created: - - `docs/planning/reports/issue-wave-gh-35-lane-1.md` - - `docs/planning/reports/issue-wave-gh-35-lane-2.md` - - `docs/planning/reports/issue-wave-gh-35-lane-3.md` - - `docs/planning/reports/issue-wave-gh-35-lane-4.md` - - `docs/planning/reports/issue-wave-gh-35-lane-5.md` - - `docs/planning/reports/issue-wave-gh-35-lane-6.md` - - `docs/planning/reports/issue-wave-gh-35-lane-7.md` - -## Merge chain -- `merge: workstream-cpb-1` -- `merge: workstream-cpb-2` -- `merge: workstream-cpb-3` -- `merge: workstream-cpb-4` -- `merge: workstream-cpb-5` -- `merge: workstream-cpb-6` -- `merge: workstream-cpb-7` -- `test(auth/kiro): avoid roundTripper helper redeclaration` - -## Validation -Executed focused integration checks on touched areas: -- `go test ./pkg/llmproxy/thinking -count=1` -- `go test ./pkg/llmproxy/auth/kiro -count=1` -- `go test ./pkg/llmproxy/api/handlers/management -count=1` -- `go test ./pkg/llmproxy/api/modules/amp -run 'TestRegisterProviderAliases_DedicatedProviderModels' -count=1` -- `go test ./pkg/llmproxy/translator/gemini/openai/responses -count=1` -- `go test ./pkg/llmproxy/translator/gemini/gemini -count=1` -- `go test ./pkg/llmproxy/translator/gemini-cli/gemini -count=1` -- `go test ./pkg/llmproxy/translator/kiro/common -count=1` -- `go test ./pkg/llmproxy/executor -count=1` -- `go test ./pkg/llmproxy/cmd -count=1` -- `go test ./cmd/server -count=1` -- `go test ./sdk/auth -count=1` -- `go test ./sdk/cliproxy -count=1` - -## Handoff note -- Direct merge into `main` worktree was blocked by pre-existing uncommitted local changes there. -- All wave integration work is complete on `wave-gh35-integration` and ready for promotion once `main` working-tree policy is chosen (commit/stash/clean-room promotion). - ---- - -## Source: issue-wave-gh-35-lane-1-self.md - -# Issue Wave GH-35 – Lane 1 (Self) Report - -## Scope -- Source file: `docs/planning/issue-wave-gh-35-2026-02-22.md` -- Items assigned to self lane: - - #258 Support `variant` parameter as fallback for `reasoning_effort` in codex models - - #254 请求添加新功能:支持对Orchids的反代 - - #253 Codex support - - #251 Bug thinking - - #246 fix(cline): add grantType to token refresh and extension headers - -## Work completed -- Implemented `#258` in `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go` - - Added `variant` fallback when `reasoning_effort` is absent. - - Preferred existing behavior: `reasoning_effort` still wins when present. -- Added regression tests in `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request_test.go` - - `TestConvertOpenAIRequestToCodex_UsesVariantFallbackWhenReasoningEffortMissing` - - `TestConvertOpenAIRequestToCodex_UsesReasoningEffortBeforeVariant` -- Implemented `#253`/`#251` support path in `pkg/llmproxy/thinking/apply.go` - - Added `variant` fallback parsing for Codex thinking extraction (`thinking` compatibility path) when `reasoning.effort` is absent. -- Added regression coverage in `pkg/llmproxy/thinking/apply_codex_variant_test.go` - - `TestExtractCodexConfig_PrefersReasoningEffortOverVariant` - - `TestExtractCodexConfig_VariantFallback` -- Implemented `#258` in responses path in `pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go` - - Added `variant` fallback when `reasoning.effort` is absent. -- Added regression coverage in `pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request_test.go` - - `TestConvertOpenAIResponsesRequestToCodex_UsesVariantAsReasoningEffortFallback` - - `TestConvertOpenAIResponsesRequestToCodex_UsesReasoningEffortOverVariant` - -## Not yet completed -- #254, #246 remain queued for next execution pass (lack of actionable implementation details in repo/issue text). - -## Validation -- `go test ./pkg/llmproxy/translator/codex/openai/chat-completions` -- `go test ./pkg/llmproxy/translator/codex/openai/responses` -- `go test ./pkg/llmproxy/thinking` - -## Risk / open points -- #254 may require provider registration/model mapping work outside current extracted evidence. -- #246 requires issue-level spec for whether `grantType` is expected in body fields vs headers in a specific auth flow. - ---- - -## Source: issue-wave-gh-35-lane-1.md - -# Issue Wave GH-35 Lane 1 Report - -Worktree: `cliproxyapi-plusplus-worktree-1` -Branch: `workstream-cpb-1` -Date: 2026-02-22 - -## Issue outcomes - -### #258 - Support `variant` fallback for codex reasoning -- Status: `fix` -- Summary: Added Codex thinking extraction fallback from top-level `variant` when `reasoning.effort` is absent. -- Changed files: - - `pkg/llmproxy/thinking/apply.go` - - `pkg/llmproxy/thinking/apply_codex_variant_test.go` -- Validation: - - `go test ./pkg/llmproxy/thinking -run 'TestExtractCodexConfig_' -count=1` -> pass - -### #254 - Orchids reverse proxy support -- Status: `feature` -- Summary: New provider integration request; requires provider contract definition and auth/runtime integration design before implementation. -- Code change in this lane: none - -### #253 - Codex support (/responses API) -- Status: `question` -- Summary: `/responses` handler surfaces already exist in current tree (`sdk/api/handlers/openai/openai_responses_handlers.go` plus related tests). Remaining gaps should be tracked as targeted compatibility issues (for example #258). -- Code change in this lane: none - -### #251 - Bug thinking -- Status: `question` -- Summary: Reported log line (`model does not support thinking, passthrough`) appears to be a debug path, but user impact details are missing. Needs reproducible request payload and expected behavior to determine bug vs expected fallback. -- Code change in this lane: none - -### #246 - Cline grantType/headers -- Status: `external` -- Summary: Referenced paths in issue body (`internal/auth/cline/...`, `internal/runtime/executor/...`) are not present in this repository layout, so fix likely belongs to another branch/repo lineage. -- Code change in this lane: none - -## Risks / follow-ups -- #254 should be decomposed into spec + implementation tasks before coding. -- #251 should be converted to a reproducible test case issue template. -- #246 needs source-path reconciliation against current repository structure. - ---- - -## Source: issue-wave-gh-35-lane-2.md - -# Issue Wave GH-35 - Lane 2 Report - -Scope: `router-for-me/CLIProxyAPIPlus` issues `#245 #241 #232 #221 #219` -Worktree: `cliproxyapi-plusplus-worktree-2` - -## Per-Issue Status - -### #245 - `fix(cline): add grantType to token refresh and extension headers` -- Status: `fix` -- Summary: - - Hardened Kiro IDC refresh payload compatibility by sending both camelCase and snake_case token fields (`grantType` + `grant_type`, etc.). - - Unified extension header behavior across `RefreshToken` and `RefreshTokenWithRegion` via shared helper logic. -- Code paths inspected: - - `pkg/llmproxy/auth/kiro/sso_oidc.go` - -### #241 - `context length for models registered from github-copilot should always be 128K` -- Status: `fix` -- Summary: - - Enforced a uniform `128000` context length for all models returned by `GetGitHubCopilotModels()`. - - Added regression coverage to assert all Copilot models remain at 128K. -- Code paths inspected: - - `pkg/llmproxy/registry/model_definitions.go` - - `pkg/llmproxy/registry/model_definitions_test.go` - -### #232 - `Add AMP auth as Kiro` -- Status: `feature` -- Summary: - - Existing AMP support is routing/management oriented; this issue requests additional auth-mode/product behavior across provider semantics. - - No safe, narrow, high-confidence patch was applied in this lane without widening scope into auth architecture. -- Code paths inspected: - - `pkg/llmproxy/api/modules/amp/*` - - `pkg/llmproxy/config/config.go` - - `pkg/llmproxy/config/oauth_model_alias_migration.go` - -### #221 - `kiro账号被封` -- Status: `external` -- Summary: - - Root symptom is account suspension by upstream provider and requires provider-side restoration. - - No local code change can clear a suspended account state. -- Code paths inspected: - - `pkg/llmproxy/runtime/executor/kiro_executor.go` (suspension/cooldown handling) - -### #219 - `Opus 4.6` (unknown provider paths) -- Status: `fix` -- Summary: - - Added static antigravity alias coverage for `gemini-claude-opus-thinking` to prevent `unknown provider` classification. - - Added migration/default-alias support for that alias and improved migration dedupe to preserve multiple aliases per same upstream model. -- Code paths inspected: - - `pkg/llmproxy/registry/model_definitions_static_data.go` - - `pkg/llmproxy/config/oauth_model_alias_migration.go` - - `pkg/llmproxy/config/oauth_model_alias_migration_test.go` - -## Files Changed - -- `pkg/llmproxy/auth/kiro/sso_oidc.go` -- `pkg/llmproxy/auth/kiro/sso_oidc_test.go` -- `pkg/llmproxy/registry/model_definitions.go` -- `pkg/llmproxy/registry/model_definitions_static_data.go` -- `pkg/llmproxy/registry/model_definitions_test.go` -- `pkg/llmproxy/config/oauth_model_alias_migration.go` -- `pkg/llmproxy/config/oauth_model_alias_migration_test.go` -- `docs/planning/reports/issue-wave-gh-35-lane-2.md` - -## Focused Tests Run - -- `go test ./pkg/llmproxy/auth/kiro -run 'TestRefreshToken|TestRefreshTokenWithRegion'` -- `go test ./pkg/llmproxy/registry -run 'TestGetGitHubCopilotModels|TestGetAntigravityModelConfig'` -- `go test ./pkg/llmproxy/config -run 'TestMigrateOAuthModelAlias_ConvertsAntigravityModels'` -- `go test ./pkg/llmproxy/auth/kiro ./pkg/llmproxy/registry ./pkg/llmproxy/config` - -Result: all passing. - -## Blockers - -- `#232` needs product/auth design decisions beyond safe lane-scoped bugfixing. -- `#221` is externally constrained by upstream account suspension workflow. - ---- - -## Source: issue-wave-gh-35-lane-3.md - -# Issue Wave GH-35 - Lane 3 Report - -## Scope -- Issue #213 - Add support for proxying models from kilocode CLI -- Issue #210 - [Bug] Kiro 与 Ampcode 的 Bash 工具参数不兼容 -- Issue #206 - Nullable type arrays in tool schemas cause 400 on Antigravity/Droid Factory -- Issue #201 - failed to save config: open /CLIProxyAPI/config.yaml: read-only file system -- Issue #200 - gemini quota auto disable/enable request - -## Per-Issue Status - -### #213 -- Status: `partial (safe docs/config fix)` -- What was done: - - Added explicit Kilo OpenRouter-compatible configuration example using `api-key: anonymous` and `https://api.kilo.ai/api/openrouter`. - - Updated sample config comments to reflect the same endpoint. -- Changed files: - - `docs/provider-catalog.md` - - `config.example.yaml` -- Notes: - - Core Kilo provider support already exists in this repo; this lane focused on closing quickstart/config clarity gaps. - -### #210 -- Status: `done` -- What was done: - - Updated Kiro truncation-required field rules for `Bash` to accept both `command` and `cmd`. - - Added alias handling so missing one of the pair does not trigger false truncation. - - Added regression test for Ampcode-style `{"cmd":"..."}` payload. -- Changed files: - - `pkg/llmproxy/translator/kiro/claude/truncation_detector.go` - - `pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go` - -### #206 -- Status: `done` -- What was done: - - Removed unsafe per-property `strings.ToUpper(propType.String())` rewrite that could stringify JSON type arrays. - - Kept schema sanitization path and explicit root `type: OBJECT` setting. - - Added regression test to ensure nullable type arrays are not converted into a stringified JSON array. -- Changed files: - - `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go` - - `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go` - -### #201 -- Status: `partial (safe runtime fallback)` -- What was done: - - Added read-only filesystem detection in management config persistence. - - For read-only config writes, management now returns HTTP 200 with: - - `status: ok` - - `persisted: false` - - warning that changes are runtime-only and not persisted. - - Added tests for read-only error detection behavior. -- Changed files: - - `pkg/llmproxy/api/handlers/management/handler.go` - - `pkg/llmproxy/api/handlers/management/management_extra_test.go` -- Notes: - - This unblocks management operations in read-only deployments without pretending persistence succeeded. - -### #200 -- Status: `partial (documented current capability + blocker)` -- What was done: - - Added routing docs clarifying current quota automation knobs (`switch-project`, `switch-preview-model`). - - Documented current limitation: no generic per-provider auto-disable/auto-enable scheduler. -- Changed files: - - `docs/routing-reference.md` -- Blocker: - - Full request needs new lifecycle scheduler/state machine for provider credential health and timed re-enable, which is larger than safe lane-3 patch scope. - -## Test Evidence -- `go test ./pkg/llmproxy/translator/gemini/openai/responses` - - Result: `ok` -- `go test ./pkg/llmproxy/translator/kiro/claude` - - Result: `ok` -- `go test ./pkg/llmproxy/api/handlers/management` - - Result: `ok` - -## Aggregate Changed Files -- `config.example.yaml` -- `docs/provider-catalog.md` -- `docs/routing-reference.md` -- `pkg/llmproxy/api/handlers/management/handler.go` -- `pkg/llmproxy/api/handlers/management/management_extra_test.go` -- `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request.go` -- `pkg/llmproxy/translator/gemini/openai/responses/gemini_openai-responses_request_test.go` -- `pkg/llmproxy/translator/kiro/claude/truncation_detector.go` -- `pkg/llmproxy/translator/kiro/claude/truncation_detector_test.go` - ---- - -## Source: issue-wave-gh-35-lane-4.md - -# Issue Wave GH-35 Lane 4 Report - -## Scope -- Lane: `workstream-cpb-4` -- Target issues: `#198`, `#183`, `#179`, `#178`, `#177` -- Worktree: `cliproxyapi-plusplus-worktree-4` -- Date: 2026-02-22 - -## Per-Issue Status - -### #177 Kiro Token import fails (`Refresh token is required`) -- Status: `fixed (safe, implemented)` -- What changed: - - Kiro IDE token loader now checks both default and legacy token file paths. - - Token parsing now accepts both camelCase and snake_case key formats. - - Custom token-path loader now uses the same tolerant parser. -- Changed files: - - `pkg/llmproxy/auth/kiro/aws.go` - - `pkg/llmproxy/auth/kiro/aws_load_token_test.go` - -### #178 Claude `thought_signature` forwarded to Gemini causes Base64 decode errors -- Status: `hardened with explicit regression coverage` -- What changed: - - Added translator regression tests to verify model-part thought signatures are rewritten to `skip_thought_signature_validator` in both Gemini and Gemini-CLI request paths. -- Changed files: - - `pkg/llmproxy/translator/gemini/gemini/gemini_gemini_request_test.go` - - `pkg/llmproxy/translator/gemini-cli/gemini/gemini-cli_gemini_request_test.go` - -### #183 why no Kiro in dashboard -- Status: `partially fixed (safe, implemented)` -- What changed: - - AMP provider model route now serves dedicated static model inventories for `kiro` and `cursor` instead of generic OpenAI model listing. - - Added route-level regression test for dedicated-provider model listing. -- Changed files: - - `pkg/llmproxy/api/modules/amp/routes.go` - - `pkg/llmproxy/api/modules/amp/routes_test.go` - -### #198 Cursor CLI/Auth support -- Status: `partially improved (safe surface fix)` -- What changed: - - Cursor model visibility in AMP provider alias models endpoint is now dedicated and deterministic (same change as #183 path). -- Changed files: - - `pkg/llmproxy/api/modules/amp/routes.go` - - `pkg/llmproxy/api/modules/amp/routes_test.go` -- Note: - - This does not implement net-new Cursor auth flows; it improves discoverability/compatibility at provider model listing surfaces. - -### #179 OpenAI-MLX-Server and vLLM-MLX support -- Status: `docs-level support clarified` -- What changed: - - Added explicit provider-usage documentation showing MLX/vLLM-MLX via `openai-compatibility` block and prefixed model usage. -- Changed files: - - `docs/provider-usage.md` - -## Test Evidence - -### Executed and passing -- `go test ./pkg/llmproxy/auth/kiro -run 'TestLoadKiroIDEToken_FallbackLegacyPathAndSnakeCase|TestLoadKiroIDEToken_PrefersDefaultPathOverLegacy' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 0.714s` -- `go test ./pkg/llmproxy/auth/kiro -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 2.064s` -- `go test ./pkg/llmproxy/api/modules/amp -run 'TestRegisterProviderAliases_DedicatedProviderModels' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/api/modules/amp 2.427s` -- `go test ./pkg/llmproxy/translator/gemini/gemini -run 'TestConvertGeminiRequestToGemini|TestConvertGeminiRequestToGemini_SanitizesThoughtSignatureOnModelParts' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini/gemini 4.603s` -- `go test ./pkg/llmproxy/translator/gemini-cli/gemini -run 'TestConvertGeminiRequestToGeminiCLI|TestConvertGeminiRequestToGeminiCLI_SanitizesThoughtSignatureOnModelParts' -count=1` - - Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/gemini-cli/gemini 1.355s` - -### Attempted but not used as final evidence -- `go test ./pkg/llmproxy/api/modules/amp -count=1` - - Observed as long-running/hanging in this environment; targeted amp tests were used instead. - -## Blockers / Limits -- #198 full scope (Cursor auth/storage protocol support) is broader than a safe lane-local patch; this pass focuses on model-listing visibility behavior. -- #179 full scope (new provider runtime integrations) was not attempted in this lane due risk/scope; docs now clarify supported path through existing OpenAI-compatible integration. -- No commits were made. - ---- - -## Source: issue-wave-gh-35-lane-5.md - -# Issue Wave GH-35 - Lane 5 Report - -## Scope -- Lane: 5 -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-worktree-5` -- Issues: #169 #165 #163 #158 #160 (CLIProxyAPIPlus) -- Commit status: no commits created - -## Per-Issue Status - -### #160 - `kiro反代出现重复输出的情况` -- Status: fixed in this lane with regression coverage -- What was found: - - Kiro adjacent assistant message compaction merged `tool_calls` by simple append. - - Duplicate `tool_call.id` values could survive merge and be replayed downstream. -- Safe fix implemented: - - De-duplicate merged assistant `tool_calls` by `id` while preserving order and keeping first-seen call. -- Changed files: - - `pkg/llmproxy/translator/kiro/common/message_merge.go` - - `pkg/llmproxy/translator/kiro/common/message_merge_test.go` - -### #163 - `fix(kiro): handle empty content in messages to prevent Bad Request errors` -- Status: already implemented in current codebase; no additional safe delta required in this lane -- What was found: - - Non-empty assistant-content guard is present in `buildAssistantMessageFromOpenAI`. - - History truncation hook is present (`truncateHistoryIfNeeded`, max 50). -- Evidence paths: - - `pkg/llmproxy/translator/kiro/openai/kiro_openai_request.go` - -### #158 - `在配置文件中支持为所有 OAuth 渠道自定义上游 URL` -- Status: not fully implemented; blocked for this lane as a broader cross-provider change -- What was found: - - `gemini-cli` executor still uses hardcoded `https://cloudcode-pa.googleapis.com`. - - No global config keys equivalent to `oauth-upstream` / `oauth-upstream-url` found. - - Some providers support per-auth `base_url`, but there is no unified config-level OAuth upstream layer across channels. -- Evidence paths: - - `pkg/llmproxy/executor/gemini_cli_executor.go` - - `pkg/llmproxy/runtime/executor/gemini_cli_executor.go` - - `pkg/llmproxy/config/config.go` -- Blocker: - - Requires config schema additions + precedence policy + updates across multiple OAuth executors (not a single isolated safe patch). - -### #165 - `kiro如何看配额?` -- Status: partially available primitives; user-facing completion unclear -- What was found: - - Kiro usage/quota retrieval logic exists (`GetUsageLimits`, `UsageChecker`). - - Generic quota-exceeded toggles exist in management APIs. - - No dedicated, explicit Kiro quota management endpoint/docs flow was identified in this lane pass. -- Evidence paths: - - `pkg/llmproxy/auth/kiro/aws_auth.go` - - `pkg/llmproxy/auth/kiro/usage_checker.go` - - `pkg/llmproxy/api/server.go` -- Blocker: - - Issue likely needs a productized surface (CLI command or management API + docs), which requires acceptance criteria beyond safe localized fixes. - -### #169 - `Kimi Code support` -- Status: inspected; no failing behavior reproduced in focused tests; no safe patch applied -- What was found: - - Kimi executor paths and tests are present and passing in focused runs. -- Evidence paths: - - `pkg/llmproxy/executor/kimi_executor.go` - - `pkg/llmproxy/executor/kimi_executor_test.go` -- Blocker: - - Remaining issue scope is not reproducible from current focused tests without additional failing scenarios/fixtures from issue thread. - -## Test Evidence - -Commands run (focused): -1. `go test ./pkg/llmproxy/translator/kiro/common -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/common 0.717s` - -2. `go test ./pkg/llmproxy/translator/kiro/claude ./pkg/llmproxy/translator/kiro/openai -count=1` -- Result: - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/claude 1.074s` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/translator/kiro/openai 1.681s` - -3. `go test ./pkg/llmproxy/config -run 'TestSanitizeOAuthModelAlias|TestLoadConfig|Test.*OAuth' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/config 0.609s` - -4. `go test ./pkg/llmproxy/executor -run 'Test.*Kimi|Test.*Empty|Test.*Duplicate' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 0.836s` - -5. `go test ./pkg/llmproxy/auth/kiro -run 'Test.*(Usage|Quota|Cooldown|RateLimiter)' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 0.742s` - -## Files Changed In Lane 5 -- `pkg/llmproxy/translator/kiro/common/message_merge.go` -- `pkg/llmproxy/translator/kiro/common/message_merge_test.go` -- `docs/planning/reports/issue-wave-gh-35-lane-5.md` - ---- - -## Source: issue-wave-gh-35-lane-6.md - -# Issue Wave GH-35 - Lane 6 Report - -## Scope -- Lane: 6 -- Worktree: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus-worktree-6` -- Issues: #149 #147 #146 #145 #136 (CLIProxyAPIPlus) -- Commit status: no commits created - -## Per-Issue Status - -### #149 - `kiro IDC 刷新 token 失败` -- Status: fixed in this lane with regression coverage -- What was found: - - Kiro IDC refresh path returned coarse errors without response body context on non-200 responses. - - Refresh handlers accepted successful responses with missing access token. - - Some refresh responses may omit `refreshToken`; callers need safe fallback. -- Safe fix implemented: - - Standardized refresh failure errors to include HTTP status and trimmed response body when available. - - Added explicit guard for missing `accessToken` in refresh success payloads. - - Preserved original refresh token when provider refresh response omits `refreshToken`. -- Changed files: - - `pkg/llmproxy/auth/kiro/sso_oidc.go` - - `pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go` - -### #147 - `请求docker部署支持arm架构的机器!感谢。` -- Status: documentation fix completed in this lane -- What was found: - - Install docs lacked explicit ARM64 run guidance and verification steps. -- Safe fix implemented: - - Added ARM64 Docker run example (`--platform linux/arm64`) and runtime architecture verification command. -- Changed files: - - `docs/install.md` - -### #146 - `[Feature Request] 请求增加 Kiro 配额的展示功能` -- Status: partial (documentation/operations guidance); feature implementation blocked -- What was found: - - No dedicated unified Kiro quota dashboard endpoint was identified in current runtime surface. - - Existing operator signal is provider metrics plus auth/runtime behavior. -- Safe fix implemented: - - Added explicit quota-visibility operations guidance and current limitation statement. -- Changed files: - - `docs/provider-operations.md` -- Blocker: - - Full issue resolution needs new product/API surface for explicit Kiro quota display, beyond safe localized patching. - -### #145 - `[Bug]完善 openai兼容模式对 claude 模型的支持` -- Status: docs hardening completed; no reproducible failing test in focused lane run -- What was found: - - Focused executor tests pass; no immediate failing conversion case reproduced from local test set. -- Safe fix implemented: - - Added OpenAI-compatible Claude payload compatibility notes and troubleshooting guidance. -- Changed files: - - `docs/api/openai-compatible.md` -- Blocker: - - Full protocol conversion fix requires a reproducible failing payload/fixture from issue thread. - -### #136 - `kiro idc登录需要手动刷新状态` -- Status: partial (ops guidance + related refresh hardening); full product workflow remains open -- What was found: - - Existing runbook lacked explicit Kiro IDC status/refresh confirmation steps. - - Related refresh resilience and diagnostics gap overlapped with #149. -- Safe fix implemented: - - Added Kiro IDC-specific symptom/fix entries and quick validation commands. - - Included refresh handling hardening from #149 patch. -- Changed files: - - `docs/operations/auth-refresh-failure-symptom-fix.md` - - `pkg/llmproxy/auth/kiro/sso_oidc.go` -- Blocker: - - A complete UX fix likely needs a dedicated status surface (API/UI) beyond lane-safe changes. - -## Test Evidence - -Commands run (focused): - -1. `go test ./pkg/llmproxy/executor -run 'Kiro|iflow|OpenAI|Claude|Compat|oauth|refresh' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.117s` - -2. `go test ./pkg/llmproxy/auth/iflow ./pkg/llmproxy/auth/kiro -count=1` -- Result: - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/iflow 0.726s` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 2.040s` - -3. `go test ./pkg/llmproxy/auth/kiro -run 'RefreshToken|SSOOIDC|Token|OAuth' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/auth/kiro 0.990s` - -4. `go test ./pkg/llmproxy/executor -run 'OpenAICompat|Kiro|iflow|Claude' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 0.847s` - -5. `go test ./test -run 'thinking|roo|builtin|amp' -count=1` -- Result: `ok github.com/router-for-me/CLIProxyAPI/v6/test 0.771s [no tests to run]` - -## Files Changed In Lane 6 -- `pkg/llmproxy/auth/kiro/sso_oidc.go` -- `pkg/llmproxy/auth/kiro/sso_oidc_refresh_test.go` -- `docs/install.md` -- `docs/api/openai-compatible.md` -- `docs/operations/auth-refresh-failure-symptom-fix.md` -- `docs/provider-operations.md` -- `docs/planning/reports/issue-wave-gh-35-lane-6.md` - ---- - -## Source: issue-wave-gh-35-lane-7.md - -# Issue Wave GH-35 Lane 7 Report - -## Scope -- Lane: 7 (`cliproxyapi-plusplus-worktree-7`) -- Issues: #133, #129, #125, #115, #111 -- Objective: inspect, implement safe fixes where feasible, run focused Go tests, and record blockers. - -## Per-Issue Status - -### #133 Routing strategy "fill-first" is not working as expected -- Status: `PARTIAL (safe normalization + compatibility hardening)` -- Findings: - - Runtime selector switching already exists in `sdk/cliproxy` startup/reload paths. - - A common config spelling mismatch (`fill_first` vs `fill-first`) was not normalized consistently. -- Fixes: - - Added underscore-compatible normalization for routing strategy in management + runtime startup/reload. -- Changed files: - - `pkg/llmproxy/api/handlers/management/config_basic.go` - - `sdk/cliproxy/builder.go` - - `sdk/cliproxy/service.go` -- Notes: - - This improves compatibility and removes one likely reason users observe "fill-first not applied". - - Live behavioral validation against multi-credential traffic is still required. - -### #129 CLIProxyApiPlus ClawCloud cloud deploy config file not found -- Status: `DONE (safe fallback path discovery)` -- Findings: - - Default startup path was effectively strict (`/config.yaml`) when `--config` is not passed. - - Cloud/container layouts often mount config in nested or platform-specific paths. -- Fixes: - - Added cloud-aware config discovery helper with ordered fallback candidates and env overrides. - - Wired main startup path resolution to this helper. -- Changed files: - - `cmd/server/main.go` - - `cmd/server/config_path.go` - - `cmd/server/config_path_test.go` - -### #125 Error 403 (Gemini Code Assist license / subscription required) -- Status: `DONE (actionable error diagnostics)` -- Findings: - - Antigravity upstream 403 bodies were returned raw, without direct remediation guidance. -- Fixes: - - Added Antigravity 403 message enrichment for known subscription/license denial patterns. - - Added helper-based status error construction and tests. -- Changed files: - - `pkg/llmproxy/executor/antigravity_executor.go` - - `pkg/llmproxy/executor/antigravity_executor_error_test.go` - -### #115 -kiro-aws-login 登录后一直封号 -- Status: `PARTIAL (safer troubleshooting guidance)` -- Findings: - - Root cause is upstream/account policy behavior (AWS/Identity Center), not locally fixable in code path alone. -- Fixes: - - Added targeted CLI troubleshooting branch for AWS access portal sign-in failure signatures. - - Guidance now recommends cautious retry and auth-code fallback to reduce repeated failing attempts. -- Changed files: - - `pkg/llmproxy/cmd/kiro_login.go` - - `pkg/llmproxy/cmd/kiro_login_test.go` - -### #111 Antigravity authentication failed (callback server bind/access permissions) -- Status: `DONE (clear remediation hint)` -- Findings: - - Callback bind failures returned generic error text. -- Fixes: - - Added callback server error formatter to detect common bind-denied / port-in-use cases. - - Error now explicitly suggests `--oauth-callback-port `. -- Changed files: - - `sdk/auth/antigravity.go` - - `sdk/auth/antigravity_error_test.go` - -## Focused Test Evidence -- `go test ./cmd/server` - - `ok github.com/router-for-me/CLIProxyAPI/v6/cmd/server 2.258s` -- `go test ./pkg/llmproxy/cmd` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/cmd 0.724s` -- `go test ./sdk/auth` - - `ok github.com/router-for-me/CLIProxyAPI/v6/sdk/auth 0.656s` -- `go test ./pkg/llmproxy/executor ./sdk/cliproxy` - - `ok github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/executor 1.671s` - - `ok github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy 0.717s` - -## All Changed Files -- `cmd/server/main.go` -- `cmd/server/config_path.go` -- `cmd/server/config_path_test.go` -- `pkg/llmproxy/api/handlers/management/config_basic.go` -- `pkg/llmproxy/cmd/kiro_login.go` -- `pkg/llmproxy/cmd/kiro_login_test.go` -- `pkg/llmproxy/executor/antigravity_executor.go` -- `pkg/llmproxy/executor/antigravity_executor_error_test.go` -- `sdk/auth/antigravity.go` -- `sdk/auth/antigravity_error_test.go` -- `sdk/cliproxy/builder.go` -- `sdk/cliproxy/service.go` - -## Blockers / Follow-ups -- External-provider dependencies prevent deterministic local reproduction of: - - Kiro AWS account lock/suspension behavior (`#115`) - - Antigravity license entitlement state (`#125`) -- Recommended follow-up validation in staging: - - Cloud deploy startup on ClawCloud with mounted config variants. - - Fill-first behavior with >=2 credentials under same provider/model. - ---- - -Copied count: 24 diff --git a/docs/reports/fragemented/.fragmented-candidates.txt b/docs/reports/fragemented/.fragmented-candidates.txt deleted file mode 100644 index 5b2c0a7f62..0000000000 --- a/docs/reports/fragemented/.fragmented-candidates.txt +++ /dev/null @@ -1 +0,0 @@ -OPEN_ITEMS_VALIDATION_2026-02-22.md diff --git a/docs/reports/fragemented/.migration.log b/docs/reports/fragemented/.migration.log deleted file mode 100644 index b6441ac9c7..0000000000 --- a/docs/reports/fragemented/.migration.log +++ /dev/null @@ -1,5 +0,0 @@ -source=/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/reports -timestamp=2026-02-22T05:37:24.324483-07:00 -count=1 -copied=1 -status=ok diff --git a/docs/reports/fragemented/OPEN_ITEMS_VALIDATION_2026-02-22.md b/docs/reports/fragemented/OPEN_ITEMS_VALIDATION_2026-02-22.md deleted file mode 100644 index 0da7038e85..0000000000 --- a/docs/reports/fragemented/OPEN_ITEMS_VALIDATION_2026-02-22.md +++ /dev/null @@ -1,88 +0,0 @@ -# Open Items Validation (2026-02-22) - -Scope audited against `upstream/main` (`af8e9ef45806889f3016d91fb4da764ceabe82a2`) for: -- Issues: #198, #206, #210, #232, #241, #258 -- PRs: #259, #11 - -## Already Implemented - -- PR #11 `fix: handle unexpected 'content_block_start' event order (fixes #4)` - - Status: Implemented on `main` (behavior present even though exact PR commit is not merged). - - Current `main` emits `message_start` before any content/tool block emission on first delta chunk. -- Issue #258 `Support variant fallback for reasoning_effort in codex models` - - Status: Implemented on current `main`. - - Current translators map top-level `variant` to Codex reasoning effort when `reasoning.effort` is absent. - -## Partially Implemented - -- Issue #198 `Cursor CLI \ Auth Support` - - Partial: Cursor-related request-format handling exists for Kiro thinking tags, but no Cursor auth/provider implementation exists. -- Issue #232 `Add AMP auth as Kiro` - - Partial: AMP module and AMP upstream config exist, but no AMP auth provider/login flow in `internal/auth`. -- Issue #241 `copilot context length should always be 128K` - - Partial: Some GitHub Copilot models are 128K, but many remain 200K (and Gemini entries at 1,048,576). -- PR #259 `Normalize Codex schema handling` - - Partial: `main` already has some Codex websocket normalization (`response.done` -> `response.completed`), but the proposed schema-normalization functions/tests and install flow are not present. - -## Not Implemented - -- Issue #206 `Nullable type arrays in tool schemas cause 400 on Antigravity/Droid Factory` - - Not implemented on `main`; the problematic uppercasing path for tool parameter `type` is still present. -- Issue #210 `Kiro x Ampcode Bash parameter incompatibility` - - Not implemented on `main`; truncation detector still requires `Bash: {"command"}` instead of `cmd`. - -## Evidence (commit/file refs) - -- Baseline commit: - - `upstream/main` -> `af8e9ef45806889f3016d91fb4da764ceabe82a2` - -- PR #11 implemented behavior: - - `internal/translator/openai/claude/openai_claude_response.go:130` emits `message_start` immediately on first `delta`. - - `internal/translator/openai/claude/openai_claude_response.go:156` - - `internal/translator/openai/claude/openai_claude_response.go:178` - - `internal/translator/openai/claude/openai_claude_response.go:225` - - File history on `main`: commit `cbe56955` (`Merge pull request #227 from router-for-me/plus`) contains current implementation. - -- Issue #206 not implemented: - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:357` - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:364` - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:365` - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:371` - - These lines still uppercase and rewrite schema types, matching reported failure mode. - -- Issue #210 not implemented: - - `internal/translator/kiro/claude/truncation_detector.go:66` still has `"Bash": {"command"}`. - -- Issue #241 partially implemented: - - 128K examples: `internal/registry/model_definitions.go:153`, `internal/registry/model_definitions.go:167` - - 200K examples still present: `internal/registry/model_definitions.go:181`, `internal/registry/model_definitions.go:207`, `internal/registry/model_definitions.go:220`, `internal/registry/model_definitions.go:259`, `internal/registry/model_definitions.go:272`, `internal/registry/model_definitions.go:298` - - 1M examples: `internal/registry/model_definitions.go:395`, `internal/registry/model_definitions.go:417` - - Relevant history includes `740277a9` and `f2b1ec4f` (Copilot model definition updates). - -- Issue #258 implemented: - - Chat-completions translator maps `variant` fallback: `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:56`. - - Responses translator maps `variant` fallback: `pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go:49`. - - Regression coverage exists in `test/thinking_conversion_test.go:2820`. - -- Issue #198 partial (format support, no provider auth): - - Cursor-format mention in Kiro translator comments: `internal/translator/kiro/claude/kiro_claude_request.go:192`, `internal/translator/kiro/claude/kiro_claude_request.go:443` - - No `internal/auth/cursor` provider on `main`; auth providers under `internal/auth` are: antigravity/claude/codex/copilot/gemini/iflow/kilo/kimi/kiro/qwen/vertex. - -- Issue #232 partial (AMP exists but not as auth provider): - - AMP config exists: `internal/config/config.go:111`-`internal/config/config.go:112` - - AMP module exists: `internal/api/modules/amp/routes.go:1` - - `internal/auth` has no `amp` auth provider directory on `main`. - -- PR #259 partial: - - Missing from `main`: `install.sh` (file absent on `upstream/main`). - - Missing from `main`: `internal/runtime/executor/codex_executor_schema_test.go` (file absent). - - Missing from `main`: `normalizeCodexToolSchemas` / `normalizeJSONSchemaArrays` symbols (no matches in `internal/runtime/executor/codex_executor.go`). - - Already present adjacent normalization: `internal/runtime/executor/codex_websockets_executor.go:979` (`normalizeCodexWebsocketCompletion`). - -## Recommended Next 5 - -1. Implement #206 exactly as proposed: remove per-property type uppercasing in Gemini responses translator and pass tool schema raw JSON (with tests for `["string","null"]` and nested schemas). -2. Implement #210 by supporting `Bash: {"cmd"}` in Kiro truncation required-fields map (or dual-accept with explicit precedence), plus regression test for Ampcode loop case. -3. Revalidate #259 scope and move implemented subset into `Already Implemented` to keep status drift near zero. -4. Resolve #259 as a focused split: (a) codex schema normalization + tests, (b) install flow/docs as separate PR to reduce review risk. -5. Decide policy for #241 (keep provider-native context lengths vs force 128K), then align `internal/registry/model_definitions.go` and add a consistency test for Copilot context lengths. diff --git a/docs/reports/fragemented/README.md b/docs/reports/fragemented/README.md deleted file mode 100644 index a3007e0e72..0000000000 --- a/docs/reports/fragemented/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Fragmented Consolidation Backup - -Source: `cliproxyapi-plusplus/docs/reports` -Files: 1 - diff --git a/docs/reports/fragemented/explanation.md b/docs/reports/fragemented/explanation.md deleted file mode 100644 index 96f556ac1b..0000000000 --- a/docs/reports/fragemented/explanation.md +++ /dev/null @@ -1,7 +0,0 @@ -# Fragmented Consolidation Note - -This folder is a deterministic backup of 2026-updated Markdown fragments for consolidation and merge safety. - -- Source docs: `/Users/kooshapari/temp-PRODVERCEL/485/kush/cliproxyapi-plusplus/docs/reports` -- Files included: 1 - diff --git a/docs/reports/fragemented/index.md b/docs/reports/fragemented/index.md deleted file mode 100644 index 7346eb3b74..0000000000 --- a/docs/reports/fragemented/index.md +++ /dev/null @@ -1,5 +0,0 @@ -# Fragmented Index - -## Source Files (2026) - -- OPEN_ITEMS_VALIDATION_2026-02-22.md diff --git a/docs/reports/fragemented/merged.md b/docs/reports/fragemented/merged.md deleted file mode 100644 index 17c4e32612..0000000000 --- a/docs/reports/fragemented/merged.md +++ /dev/null @@ -1,98 +0,0 @@ -# Merged Fragmented Markdown - -## Source: cliproxyapi-plusplus/docs/reports - -## Source: OPEN_ITEMS_VALIDATION_2026-02-22.md - -# Open Items Validation (2026-02-22) - -Scope audited against `upstream/main` (`af8e9ef45806889f3016d91fb4da764ceabe82a2`) for: -- Issues: #198, #206, #210, #232, #241, #258 -- PRs: #259, #11 - -## Already Implemented - -- PR #11 `fix: handle unexpected 'content_block_start' event order (fixes #4)` - - Status: Implemented on `main` (behavior present even though exact PR commit is not merged). - - Current `main` emits `message_start` before any content/tool block emission on first delta chunk. -- Issue #258 `Support variant fallback for reasoning_effort in codex models` - - Status: Implemented on current `main`. - - Current translators map top-level `variant` to Codex reasoning effort when `reasoning.effort` is absent. - -## Partially Implemented - -- Issue #198 `Cursor CLI \ Auth Support` - - Partial: Cursor-related request-format handling exists for Kiro thinking tags, but no Cursor auth/provider implementation exists. -- Issue #232 `Add AMP auth as Kiro` - - Partial: AMP module and AMP upstream config exist, but no AMP auth provider/login flow in `internal/auth`. -- Issue #241 `copilot context length should always be 128K` - - Partial: Some GitHub Copilot models are 128K, but many remain 200K (and Gemini entries at 1,048,576). -- PR #259 `Normalize Codex schema handling` - - Partial: `main` already has some Codex websocket normalization (`response.done` -> `response.completed`), but the proposed schema-normalization functions/tests and install flow are not present. - -## Not Implemented - -- Issue #206 `Nullable type arrays in tool schemas cause 400 on Antigravity/Droid Factory` - - Not implemented on `main`; the problematic uppercasing path for tool parameter `type` is still present. -- Issue #210 `Kiro x Ampcode Bash parameter incompatibility` - - Not implemented on `main`; truncation detector still requires `Bash: {"command"}` instead of `cmd`. - -## Evidence (commit/file refs) - -- Baseline commit: - - `upstream/main` -> `af8e9ef45806889f3016d91fb4da764ceabe82a2` - -- PR #11 implemented behavior: - - `internal/translator/openai/claude/openai_claude_response.go:130` emits `message_start` immediately on first `delta`. - - `internal/translator/openai/claude/openai_claude_response.go:156` - - `internal/translator/openai/claude/openai_claude_response.go:178` - - `internal/translator/openai/claude/openai_claude_response.go:225` - - File history on `main`: commit `cbe56955` (`Merge pull request #227 from router-for-me/plus`) contains current implementation. - -- Issue #206 not implemented: - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:357` - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:364` - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:365` - - `internal/translator/gemini/openai/responses/gemini_openai-responses_request.go:371` - - These lines still uppercase and rewrite schema types, matching reported failure mode. - -- Issue #210 not implemented: - - `internal/translator/kiro/claude/truncation_detector.go:66` still has `"Bash": {"command"}`. - -- Issue #241 partially implemented: - - 128K examples: `internal/registry/model_definitions.go:153`, `internal/registry/model_definitions.go:167` - - 200K examples still present: `internal/registry/model_definitions.go:181`, `internal/registry/model_definitions.go:207`, `internal/registry/model_definitions.go:220`, `internal/registry/model_definitions.go:259`, `internal/registry/model_definitions.go:272`, `internal/registry/model_definitions.go:298` - - 1M examples: `internal/registry/model_definitions.go:395`, `internal/registry/model_definitions.go:417` - - Relevant history includes `740277a9` and `f2b1ec4f` (Copilot model definition updates). - -- Issue #258 implemented: - - Chat-completions translator maps `variant` fallback: `pkg/llmproxy/translator/codex/openai/chat-completions/codex_openai_request.go:56`. - - Responses translator maps `variant` fallback: `pkg/llmproxy/translator/codex/openai/responses/codex_openai-responses_request.go:49`. - - Regression coverage exists in `test/thinking_conversion_test.go:2820`. - -- Issue #198 partial (format support, no provider auth): - - Cursor-format mention in Kiro translator comments: `internal/translator/kiro/claude/kiro_claude_request.go:192`, `internal/translator/kiro/claude/kiro_claude_request.go:443` - - No `internal/auth/cursor` provider on `main`; auth providers under `internal/auth` are: antigravity/claude/codex/copilot/gemini/iflow/kilo/kimi/kiro/qwen/vertex. - -- Issue #232 partial (AMP exists but not as auth provider): - - AMP config exists: `internal/config/config.go:111`-`internal/config/config.go:112` - - AMP module exists: `internal/api/modules/amp/routes.go:1` - - `internal/auth` has no `amp` auth provider directory on `main`. - -- PR #259 partial: - - Missing from `main`: `install.sh` (file absent on `upstream/main`). - - Missing from `main`: `internal/runtime/executor/codex_executor_schema_test.go` (file absent). - - Missing from `main`: `normalizeCodexToolSchemas` / `normalizeJSONSchemaArrays` symbols (no matches in `internal/runtime/executor/codex_executor.go`). - - Already present adjacent normalization: `internal/runtime/executor/codex_websockets_executor.go:979` (`normalizeCodexWebsocketCompletion`). - -## Recommended Next 5 - -1. Implement #206 exactly as proposed: remove per-property type uppercasing in Gemini responses translator and pass tool schema raw JSON (with tests for `["string","null"]` and nested schemas). -2. Implement #210 by supporting `Bash: {"cmd"}` in Kiro truncation required-fields map (or dual-accept with explicit precedence), plus regression test for Ampcode loop case. -3. Revalidate #259 scope and move implemented subset into `Already Implemented` to keep status drift near zero. -4. Resolve #259 as a focused split: (a) codex schema normalization + tests, (b) install flow/docs as separate PR to reduce review risk. -5. Decide policy for #241 (keep provider-native context lengths vs force 128K), then align `internal/registry/model_definitions.go` and add a consistency test for Copilot context lengths. - ---- - -Copied count: 1 diff --git a/docs/sdk-access.md b/docs/sdk-access.md index 343c851b4f..c871a915c1 100644 --- a/docs/sdk-access.md +++ b/docs/sdk-access.md @@ -1,16 +1,16 @@ # @sdk/access SDK Reference -The `github.com/router-for-me/CLIProxyAPI/v6/sdk/access` package centralizes inbound request authentication for the proxy. It offers a lightweight manager that chains credential providers, so servers can reuse the same access control logic inside or outside the CLI runtime. +The `github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access` package centralizes inbound request authentication for the proxy. It offers a lightweight manager that chains credential providers, so servers can reuse the same access control logic inside or outside the CLI runtime. ## Importing ```go import ( - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" + sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" ) ``` -Add the module with `go get github.com/router-for-me/CLIProxyAPI/v6/sdk/access`. +Add the module with `go get github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access`. ## Provider Registry @@ -76,7 +76,7 @@ To consume a provider shipped in another Go module, import it for its registrati ```go import ( _ "github.com/acme/xplatform/sdk/access/providers/partner" // registers partner-token - sdkaccess "github.com/router-for-me/CLIProxyAPI/v6/sdk/access" + sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" ) ``` @@ -146,7 +146,7 @@ Register any custom providers (typically via blank imports) before calling `Buil When configuration changes, refresh any config-backed providers and then reset the manager's provider chain: ```go -// configaccess is github.com/router-for-me/CLIProxyAPI/v6/internal/access/config_access +// configaccess is github.com/kooshapari/cliproxyapi-plusplus/v6/internal/access/config_access configaccess.Register(&newCfg.SDKConfig) accessManager.SetProviders(sdkaccess.RegisteredProviders()) ``` diff --git a/docs/sdk-advanced.md b/docs/sdk-advanced.md index 3a9d3e5004..5ab4832d6c 100644 --- a/docs/sdk-advanced.md +++ b/docs/sdk-advanced.md @@ -24,8 +24,8 @@ import ( "context" "net/http" - coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth" - clipexec "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor" + coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" + clipexec "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" ) type Executor struct{} @@ -82,7 +82,7 @@ package myprov import ( "context" - sdktr "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator" + sdktr "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" ) const ( diff --git a/go.mod b/go.mod index 2c89cb28af..2f4a4946a0 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/kooshapari/cliproxyapi-plusplus/v6 go 1.26.0 require ( + github.com/KooshaPari/phenotype-go-auth v0.0.0 github.com/andybalholm/brotli v1.2.0 github.com/atotto/clipboard v0.1.4 github.com/charmbracelet/bubbles v1.0.0 @@ -26,17 +27,19 @@ require ( github.com/tidwall/gjson v1.18.0 github.com/tidwall/sjson v1.2.5 github.com/tiktoken-go/tokenizer v0.7.0 - golang.org/x/crypto v0.49.0 - golang.org/x/net v0.51.0 - golang.org/x/oauth2 v0.36.0 - golang.org/x/sync v0.20.0 - golang.org/x/term v0.41.0 - golang.org/x/text v0.35.0 + golang.org/x/crypto v0.48.0 + golang.org/x/net v0.49.0 + golang.org/x/oauth2 v0.30.0 + golang.org/x/sync v0.19.0 + golang.org/x/term v0.40.0 + golang.org/x/text v0.34.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v3 v3.0.1 modernc.org/sqlite v1.46.1 ) +replace github.com/KooshaPari/phenotype-go-auth => ./third_party/phenotype-go-auth + require ( cloud.google.com/go/compute/metadata v0.3.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect @@ -109,7 +112,7 @@ require ( go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/arch v0.8.0 // indirect golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect - golang.org/x/sys v0.42.0 // indirect + golang.org/x/sys v0.41.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect modernc.org/libc v1.67.6 // indirect diff --git a/go.sum b/go.sum index 70ba57e689..95dd4c3613 100644 --- a/go.sum +++ b/go.sum @@ -233,50 +233,32 @@ github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavM github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= -go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= -go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc= golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= -golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= -golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/access/config_access/provider.go b/internal/access/config_access/provider.go deleted file mode 100644 index da6e377faf..0000000000 --- a/internal/access/config_access/provider.go +++ /dev/null @@ -1,141 +0,0 @@ -package configaccess - -import ( - "context" - "net/http" - "strings" - - sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" - sdkconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// Register ensures the config-access provider is available to the access manager. -func Register(cfg *sdkconfig.SDKConfig) { - if cfg == nil { - sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) - return - } - - keys := normalizeKeys(cfg.APIKeys) - if len(keys) == 0 { - sdkaccess.UnregisterProvider(sdkaccess.AccessProviderTypeConfigAPIKey) - return - } - - sdkaccess.RegisterProvider( - sdkaccess.AccessProviderTypeConfigAPIKey, - newProvider(sdkaccess.DefaultAccessProviderName, keys), - ) -} - -type provider struct { - name string - keys map[string]struct{} -} - -func newProvider(name string, keys []string) *provider { - providerName := strings.TrimSpace(name) - if providerName == "" { - providerName = sdkaccess.DefaultAccessProviderName - } - keySet := make(map[string]struct{}, len(keys)) - for _, key := range keys { - keySet[key] = struct{}{} - } - return &provider{name: providerName, keys: keySet} -} - -func (p *provider) Identifier() string { - if p == nil || p.name == "" { - return sdkaccess.DefaultAccessProviderName - } - return p.name -} - -func (p *provider) Authenticate(_ context.Context, r *http.Request) (*sdkaccess.Result, *sdkaccess.AuthError) { - if p == nil { - return nil, sdkaccess.NewNotHandledError() - } - if len(p.keys) == 0 { - return nil, sdkaccess.NewNotHandledError() - } - authHeader := r.Header.Get("Authorization") - authHeaderGoogle := r.Header.Get("X-Goog-Api-Key") - authHeaderAnthropic := r.Header.Get("X-Api-Key") - queryKey := "" - queryAuthToken := "" - if r.URL != nil { - queryKey = r.URL.Query().Get("key") - queryAuthToken = r.URL.Query().Get("auth_token") - } - if authHeader == "" && authHeaderGoogle == "" && authHeaderAnthropic == "" && queryKey == "" && queryAuthToken == "" { - return nil, sdkaccess.NewNoCredentialsError() - } - - apiKey := extractBearerToken(authHeader) - - candidates := []struct { - value string - source string - }{ - {apiKey, "authorization"}, - {authHeaderGoogle, "x-goog-api-key"}, - {authHeaderAnthropic, "x-api-key"}, - {queryKey, "query-key"}, - {queryAuthToken, "query-auth-token"}, - } - - for _, candidate := range candidates { - if candidate.value == "" { - continue - } - if _, ok := p.keys[candidate.value]; ok { - return &sdkaccess.Result{ - Provider: p.Identifier(), - Principal: candidate.value, - Metadata: map[string]string{ - "source": candidate.source, - }, - }, nil - } - } - - return nil, sdkaccess.NewInvalidCredentialError() -} - -func extractBearerToken(header string) string { - if header == "" { - return "" - } - parts := strings.SplitN(header, " ", 2) - if len(parts) != 2 { - return header - } - if strings.ToLower(parts[0]) != "bearer" { - return header - } - return strings.TrimSpace(parts[1]) -} - -func normalizeKeys(keys []string) []string { - if len(keys) == 0 { - return nil - } - normalized := make([]string, 0, len(keys)) - seen := make(map[string]struct{}, len(keys)) - for _, key := range keys { - trimmedKey := strings.TrimSpace(key) - if trimmedKey == "" { - continue - } - if _, exists := seen[trimmedKey]; exists { - continue - } - seen[trimmedKey] = struct{}{} - normalized = append(normalized, trimmedKey) - } - if len(normalized) == 0 { - return nil - } - return normalized -} diff --git a/internal/access/reconcile.go b/internal/access/reconcile.go deleted file mode 100644 index 61ee1e9f46..0000000000 --- a/internal/access/reconcile.go +++ /dev/null @@ -1,127 +0,0 @@ -package access - -import ( - "fmt" - "reflect" - "sort" - "strings" - - configaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/access/config_access" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" - log "github.com/sirupsen/logrus" -) - -// ReconcileProviders builds the desired provider list by reusing existing providers when possible -// and creating or removing providers only when their configuration changed. It returns the final -// ordered provider slice along with the identifiers of providers that were added, updated, or -// removed compared to the previous configuration. -func ReconcileProviders(oldCfg, newCfg *config.Config, existing []sdkaccess.Provider) (result []sdkaccess.Provider, added, updated, removed []string, err error) { - _ = oldCfg - if newCfg == nil { - return nil, nil, nil, nil, nil - } - - result = sdkaccess.RegisteredProviders() - - existingMap := make(map[string]sdkaccess.Provider, len(existing)) - for _, provider := range existing { - providerID := identifierFromProvider(provider) - if providerID == "" { - continue - } - existingMap[providerID] = provider - } - - finalIDs := make(map[string]struct{}, len(result)) - - isInlineProvider := func(id string) bool { - return strings.EqualFold(id, sdkaccess.DefaultAccessProviderName) - } - appendChange := func(list *[]string, id string) { - if isInlineProvider(id) { - return - } - *list = append(*list, id) - } - - for _, provider := range result { - providerID := identifierFromProvider(provider) - if providerID == "" { - continue - } - finalIDs[providerID] = struct{}{} - - existingProvider, exists := existingMap[providerID] - if !exists { - appendChange(&added, providerID) - continue - } - if !providerInstanceEqual(existingProvider, provider) { - appendChange(&updated, providerID) - } - } - - for providerID := range existingMap { - if _, exists := finalIDs[providerID]; exists { - continue - } - appendChange(&removed, providerID) - } - - sort.Strings(added) - sort.Strings(updated) - sort.Strings(removed) - - return result, added, updated, removed, nil -} - -// ApplyAccessProviders reconciles the configured access providers against the -// currently registered providers and updates the manager. It logs a concise -// summary of the detected changes and returns whether any provider changed. -func ApplyAccessProviders(manager *sdkaccess.Manager, oldCfg, newCfg *config.Config) (bool, error) { - if manager == nil || newCfg == nil { - return false, nil - } - - existing := manager.Providers() - configaccess.Register(&newCfg.SDKConfig) - providers, added, updated, removed, err := ReconcileProviders(oldCfg, newCfg, existing) - if err != nil { - log.Errorf("failed to reconcile request auth providers: %v", err) - return false, fmt.Errorf("reconciling access providers: %w", err) - } - - manager.SetProviders(providers) - - if len(added)+len(updated)+len(removed) > 0 { - log.Debugf("auth providers reconciled (added=%d updated=%d removed=%d)", len(added), len(updated), len(removed)) - log.Debugf("auth providers changes details - added=%v updated=%v removed=%v", added, updated, removed) - return true, nil - } - - log.Debug("auth providers unchanged after config update") - return false, nil -} - -func identifierFromProvider(provider sdkaccess.Provider) string { - if provider == nil { - return "" - } - return strings.TrimSpace(provider.Identifier()) -} - -func providerInstanceEqual(a, b sdkaccess.Provider) bool { - if a == nil || b == nil { - return a == nil && b == nil - } - if reflect.TypeOf(a) != reflect.TypeOf(b) { - return false - } - valueA := reflect.ValueOf(a) - valueB := reflect.ValueOf(b) - if valueA.Kind() == reflect.Pointer && valueB.Kind() == reflect.Pointer { - return valueA.Pointer() == valueB.Pointer() - } - return reflect.DeepEqual(a, b) -} diff --git a/internal/api/handlers/management/api_tools.go b/internal/api/handlers/management/api_tools.go deleted file mode 100644 index 0fabb05e60..0000000000 --- a/internal/api/handlers/management/api_tools.go +++ /dev/null @@ -1,1197 +0,0 @@ -package management - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/runtime/geminicli" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -const defaultAPICallTimeout = 60 * time.Second - -// OAuth credentials should be loaded from environment variables or config, not hardcoded -// Placeholder values - replace with env var lookups in production -var geminiOAuthClientID = os.Getenv("GEMINI_OAUTH_CLIENT_ID") -var geminiOAuthClientSecret = os.Getenv("GEMINI_OAUTH_CLIENT_SECRET") - -func init() { - // Allow env override for OAuth credentials - if geminiOAuthClientID == "" { - geminiOAuthClientID = "PLACEHOLDER_SET_FROM_CONFIG" - } - if geminiOAuthClientSecret == "" { - geminiOAuthClientSecret = "PLACEHOLDER_SET_FROM_CONFIG" - } -} - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// OAuth credentials loaded from environment variables - never hardcode -var antigravityOAuthClientID = os.Getenv("ANTIGRAVITY_OAUTH_CLIENT_ID") -var antigravityOAuthClientSecret = os.Getenv("ANTIGRAVITY_OAUTH_CLIENT_SECRET") - -var antigravityOAuthTokenURL = "https://oauth2.googleapis.com/token" - -type apiCallRequest struct { - AuthIndexSnake *string `json:"auth_index"` - AuthIndexCamel *string `json:"authIndex"` - AuthIndexPascal *string `json:"AuthIndex"` - Method string `json:"method"` - URL string `json:"url"` - Header map[string]string `json:"header"` - Data string `json:"data"` -} - -type apiCallResponse struct { - StatusCode int `json:"status_code"` - Header map[string][]string `json:"header"` - Body string `json:"body"` - Quota *QuotaSnapshots `json:"quota,omitempty"` -} - -// APICall makes a generic HTTP request on behalf of the management API caller. -// It is protected by the management middleware. -// -// Endpoint: -// -// POST /v0/management/api-call -// -// Authentication: -// -// Same as other management APIs (requires a management key and remote-management rules). -// You can provide the key via: -// - Authorization: Bearer -// - X-Management-Key: -// -// Request JSON (supports both application/json and application/cbor): -// - auth_index / authIndex / AuthIndex (optional): -// The credential "auth_index" from GET /v0/management/auth-files (or other endpoints returning it). -// If omitted or not found, credential-specific proxy/token substitution is skipped. -// - method (required): HTTP method, e.g. GET, POST, PUT, PATCH, DELETE. -// - url (required): Absolute URL including scheme and host, e.g. "https://api.example.com/v1/ping". -// - header (optional): Request headers map. -// Supports magic variable "$TOKEN$" which is replaced using the selected credential: -// 1) metadata.access_token -// 2) attributes.api_key -// 3) metadata.token / metadata.id_token / metadata.cookie -// Example: {"Authorization":"Bearer $TOKEN$"}. -// Note: if you need to override the HTTP Host header, set header["Host"]. -// - data (optional): Raw request body as string (useful for POST/PUT/PATCH). -// -// Proxy selection (highest priority first): -// 1. Selected credential proxy_url -// 2. Global config proxy-url -// 3. Direct connect (environment proxies are not used) -// -// Response (returned with HTTP 200 when the APICall itself succeeds): -// -// Format matches request Content-Type (application/json or application/cbor) -// - status_code: Upstream HTTP status code. -// - header: Upstream response headers. -// - body: Upstream response body as string. -// - quota (optional): For GitHub Copilot enterprise accounts, contains quota_snapshots -// with details for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer " \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"GET","url":"https://api.example.com/v1/ping","header":{"Authorization":"Bearer $TOKEN$"}}' -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer 831227" \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"POST","url":"https://api.example.com/v1/fetchAvailableModels","header":{"Authorization":"Bearer $TOKEN$","Content-Type":"application/json","User-Agent":"cliproxyapi"},"data":"{}"}' -func (h *Handler) APICall(c *gin.Context) { - // Detect content type - contentType := strings.ToLower(strings.TrimSpace(c.GetHeader("Content-Type"))) - isCBOR := strings.Contains(contentType, "application/cbor") - - var body apiCallRequest - - // Parse request body based on content type - if isCBOR { - rawBody, errRead := io.ReadAll(c.Request.Body) - if errRead != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - if errUnmarshal := cbor.Unmarshal(rawBody, &body); errUnmarshal != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid cbor body"}) - return - } - } else { - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - } - - method := strings.ToUpper(strings.TrimSpace(body.Method)) - if method == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing method"}) - return - } - - urlStr := strings.TrimSpace(body.URL) - if urlStr == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing url"}) - return - } - parsedURL, errParseURL := url.Parse(urlStr) - if errParseURL != nil || parsedURL.Scheme == "" || parsedURL.Host == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid url"}) - return - } - - authIndex := firstNonEmptyString(body.AuthIndexSnake, body.AuthIndexCamel, body.AuthIndexPascal) - auth := h.authByIndex(authIndex) - - reqHeaders := body.Header - if reqHeaders == nil { - reqHeaders = map[string]string{} - } - - var hostOverride string - var token string - var tokenResolved bool - var tokenErr error - for key, value := range reqHeaders { - if !strings.Contains(value, "$TOKEN$") { - continue - } - if !tokenResolved { - token, tokenErr = h.resolveTokenForAuth(c.Request.Context(), auth) - tokenResolved = true - } - if auth != nil && token == "" { - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token refresh failed"}) - return - } - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token not found"}) - return - } - if token == "" { - continue - } - reqHeaders[key] = strings.ReplaceAll(value, "$TOKEN$", token) - } - - // When caller indicates CBOR in request headers, convert JSON string payload to CBOR bytes. - useCBORPayload := headerContainsValue(reqHeaders, "Content-Type", "application/cbor") - - var requestBody io.Reader - if body.Data != "" { - if useCBORPayload { - cborPayload, errEncode := encodeJSONStringToCBOR(body.Data) - if errEncode != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json data for cbor content-type"}) - return - } - requestBody = bytes.NewReader(cborPayload) - } else { - requestBody = strings.NewReader(body.Data) - } - } - - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), method, urlStr, requestBody) - if errNewRequest != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to build request"}) - return - } - - for key, value := range reqHeaders { - if strings.EqualFold(key, "host") { - hostOverride = strings.TrimSpace(value) - continue - } - req.Header.Set(key, value) - } - if hostOverride != "" { - req.Host = hostOverride - } - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - } - httpClient.Transport = h.apiCallTransport(auth) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("management APICall request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - // For CBOR upstream responses, decode into plain text or JSON string before returning. - responseBodyText := string(respBody) - if headerContainsValue(reqHeaders, "Accept", "application/cbor") || strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "application/cbor") { - if decodedBody, errDecode := decodeCBORBodyToTextOrJSON(respBody); errDecode == nil { - responseBodyText = decodedBody - } - } - - response := apiCallResponse{ - StatusCode: resp.StatusCode, - Header: resp.Header, - Body: responseBodyText, - } - - // If this is a GitHub Copilot token endpoint response, try to enrich with quota information - if resp.StatusCode == http.StatusOK && - strings.Contains(urlStr, "copilot_internal") && - strings.Contains(urlStr, "/token") { - response = h.enrichCopilotTokenResponse(c.Request.Context(), response, auth, urlStr) - } - - // Return response in the same format as the request - if isCBOR { - cborData, errMarshal := cbor.Marshal(response) - if errMarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to encode cbor response"}) - return - } - c.Data(http.StatusOK, "application/cbor", cborData) - } else { - c.JSON(http.StatusOK, response) - } -} - -func firstNonEmptyString(values ...*string) string { - for _, v := range values { - if v == nil { - continue - } - if out := strings.TrimSpace(*v); out != "" { - return out - } - } - return "" -} - -func tokenValueForAuth(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if v := tokenValueFromMetadata(auth.Metadata); v != "" { - return v - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - return v - } - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if v := tokenValueFromMetadata(shared.MetadataSnapshot()); v != "" { - return v - } - } - return "" -} - -func (h *Handler) resolveTokenForAuth(ctx context.Context, auth *coreauth.Auth) (string, error) { - if auth == nil { - return "", nil - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider == "gemini-cli" { - token, errToken := h.refreshGeminiOAuthAccessToken(ctx, auth) - return token, errToken - } - if provider == "antigravity" { - token, errToken := h.refreshAntigravityOAuthAccessToken(ctx, auth) - return token, errToken - } - - return tokenValueForAuth(auth), nil -} - -func (h *Handler) refreshGeminiOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata, updater := geminiOAuthMetadata(auth) - if len(metadata) == 0 { - return "", fmt.Errorf("gemini oauth metadata missing") - } - - base := make(map[string]any) - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, errMarshal := json.Marshal(base); errMarshal == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, errParseTime := time.Parse(time.RFC3339, expiry); errParseTime == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - - src := conf.TokenSource(ctxToken, &token) - currentToken, errToken := src.Token() - if errToken != nil { - return "", errToken - } - - merged := buildOAuthTokenMap(base, currentToken) - fields := buildOAuthTokenFields(currentToken, merged) - if updater != nil { - updater(fields) - } - return strings.TrimSpace(currentToken.AccessToken), nil -} - -func (h *Handler) refreshAntigravityOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata := auth.Metadata - if len(metadata) == 0 { - return "", fmt.Errorf("antigravity oauth metadata missing") - } - - current := strings.TrimSpace(tokenValueFromMetadata(metadata)) - if current != "" && !antigravityTokenNeedsRefresh(metadata) { - return current, nil - } - - refreshToken := stringValue(metadata, "refresh_token") - if refreshToken == "" { - return "", fmt.Errorf("antigravity refresh token missing") - } - - tokenURL := strings.TrimSpace(antigravityOAuthTokenURL) - if tokenURL == "" { - tokenURL = "https://oauth2.googleapis.com/token" - } - form := url.Values{} - form.Set("client_id", antigravityOAuthClientID) - form.Set("client_secret", antigravityOAuthClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - req, errReq := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(form.Encode())) - if errReq != nil { - return "", errReq - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - resp, errDo := httpClient.Do(req) - if errDo != nil { - return "", errDo - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", errRead - } - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("antigravity oauth token refresh failed: status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return "", errUnmarshal - } - - if strings.TrimSpace(tokenResp.AccessToken) == "" { - return "", fmt.Errorf("antigravity oauth token refresh returned empty access_token") - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - now := time.Now() - auth.Metadata["access_token"] = strings.TrimSpace(tokenResp.AccessToken) - if strings.TrimSpace(tokenResp.RefreshToken) != "" { - auth.Metadata["refresh_token"] = strings.TrimSpace(tokenResp.RefreshToken) - } - if tokenResp.ExpiresIn > 0 { - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - } - auth.Metadata["type"] = "antigravity" - - if h != nil && h.authManager != nil { - auth.LastRefreshedAt = now - auth.UpdatedAt = now - _, _ = h.authManager.Update(ctx, auth) - } - - return strings.TrimSpace(tokenResp.AccessToken), nil -} - -func antigravityTokenNeedsRefresh(metadata map[string]any) bool { - // Refresh a bit early to avoid requests racing token expiry. - const skew = 30 * time.Second - - if metadata == nil { - return true - } - if expStr, ok := metadata["expired"].(string); ok { - if ts, errParse := time.Parse(time.RFC3339, strings.TrimSpace(expStr)); errParse == nil { - return !ts.After(time.Now().Add(skew)) - } - } - expiresIn := int64Value(metadata["expires_in"]) - timestampMs := int64Value(metadata["timestamp"]) - if expiresIn > 0 && timestampMs > 0 { - exp := time.UnixMilli(timestampMs).Add(time.Duration(expiresIn) * time.Second) - return !exp.After(time.Now().Add(skew)) - } - return true -} - -func int64Value(raw any) int64 { - switch typed := raw.(type) { - case int: - return int64(typed) - case int32: - return int64(typed) - case int64: - return typed - case uint: - return int64(typed) - case uint32: - return int64(typed) - case uint64: - if typed > uint64(^uint64(0)>>1) { - return 0 - } - return int64(typed) - case float32: - return int64(typed) - case float64: - return int64(typed) - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i - } - case string: - if s := strings.TrimSpace(typed); s != "" { - if i, errParse := json.Number(s).Int64(); errParse == nil { - return i - } - } - } - return 0 -} - -func geminiOAuthMetadata(auth *coreauth.Auth) (map[string]any, func(map[string]any)) { - if auth == nil { - return nil, nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - snapshot := shared.MetadataSnapshot() - return snapshot, func(fields map[string]any) { shared.MergeMetadata(fields) } - } - return auth.Metadata, func(fields map[string]any) { - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } - } -} - -func stringValue(metadata map[string]any, key string) string { - if len(metadata) == 0 || key == "" { - return "" - } - if v, ok := metadata[key].(string); ok { - return strings.TrimSpace(v) - } - return "" -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func buildOAuthTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if tok == nil { - return merged - } - if raw, errMarshal := json.Marshal(tok); errMarshal == nil { - var tokenMap map[string]any - if errUnmarshal := json.Unmarshal(raw, &tokenMap); errUnmarshal == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildOAuthTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok != nil && tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok != nil && tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok != nil && tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if tok != nil && !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func tokenValueFromMetadata(metadata map[string]any) string { - if len(metadata) == 0 { - return "" - } - if v, ok := metadata["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if tokenRaw, ok := metadata["token"]; ok && tokenRaw != nil { - switch typed := tokenRaw.(type) { - case string: - if v := strings.TrimSpace(typed); v != "" { - return v - } - case map[string]any: - if v, ok := typed["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := typed["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - case map[string]string: - if v := strings.TrimSpace(typed["access_token"]); v != "" { - return v - } - if v := strings.TrimSpace(typed["accessToken"]); v != "" { - return v - } - } - } - if v, ok := metadata["token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["id_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["cookie"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - return "" -} - -func (h *Handler) authByIndex(authIndex string) *coreauth.Auth { - authIndex = strings.TrimSpace(authIndex) - if authIndex == "" || h == nil || h.authManager == nil { - return nil - } - auths := h.authManager.List() - for _, auth := range auths { - if auth == nil { - continue - } - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - return nil -} - -func (h *Handler) apiCallTransport(auth *coreauth.Auth) http.RoundTripper { - var proxyCandidates []string - if auth != nil { - if proxyStr := strings.TrimSpace(auth.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - } - } - if h != nil && h.cfg != nil { - if proxyStr := strings.TrimSpace(h.cfg.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - } - } - - for _, proxyStr := range proxyCandidates { - if transport := buildProxyTransport(proxyStr); transport != nil { - return transport - } - } - - transport, ok := http.DefaultTransport.(*http.Transport) - if !ok || transport == nil { - return &http.Transport{Proxy: nil} - } - clone := transport.Clone() - clone.Proxy = nil - return clone -} - -func buildProxyTransport(proxyStr string) *http.Transport { - proxyStr = strings.TrimSpace(proxyStr) - if proxyStr == "" { - return nil - } - - proxyURL, errParse := url.Parse(proxyStr) - if errParse != nil { - log.WithError(errParse).Debug("parse proxy URL failed") - return nil - } - if proxyURL.Scheme == "" || proxyURL.Host == "" { - log.Debug("proxy URL missing scheme/host") - return nil - } - - if proxyURL.Scheme == "socks5" { - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.WithError(errSOCKS5).Debug("create SOCKS5 dialer failed") - return nil - } - return &http.Transport{ - Proxy: nil, - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } - - if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - return &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - - log.Debugf("unsupported proxy scheme: %s", proxyURL.Scheme) - return nil -} - -// headerContainsValue checks whether a header map contains a target value (case-insensitive key and value). -func headerContainsValue(headers map[string]string, targetKey, targetValue string) bool { - if len(headers) == 0 { - return false - } - for key, value := range headers { - if !strings.EqualFold(strings.TrimSpace(key), strings.TrimSpace(targetKey)) { - continue - } - if strings.Contains(strings.ToLower(value), strings.ToLower(strings.TrimSpace(targetValue))) { - return true - } - } - return false -} - -// encodeJSONStringToCBOR converts a JSON string payload into CBOR bytes. -func encodeJSONStringToCBOR(jsonString string) ([]byte, error) { - var payload any - if errUnmarshal := json.Unmarshal([]byte(jsonString), &payload); errUnmarshal != nil { - return nil, errUnmarshal - } - return cbor.Marshal(payload) -} - -// decodeCBORBodyToTextOrJSON decodes CBOR bytes to plain text (for string payloads) or JSON string. -func decodeCBORBodyToTextOrJSON(raw []byte) (string, error) { - if len(raw) == 0 { - return "", nil - } - - var payload any - if errUnmarshal := cbor.Unmarshal(raw, &payload); errUnmarshal != nil { - return "", errUnmarshal - } - - jsonCompatible := cborValueToJSONCompatible(payload) - switch typed := jsonCompatible.(type) { - case string: - return typed, nil - case []byte: - return string(typed), nil - default: - jsonBytes, errMarshal := json.Marshal(jsonCompatible) - if errMarshal != nil { - return "", errMarshal - } - return string(jsonBytes), nil - } -} - -// cborValueToJSONCompatible recursively converts CBOR-decoded values into JSON-marshalable values. -func cborValueToJSONCompatible(value any) any { - switch typed := value.(type) { - case map[any]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[fmt.Sprint(key)] = cborValueToJSONCompatible(item) - } - return out - case map[string]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[key] = cborValueToJSONCompatible(item) - } - return out - case []any: - out := make([]any, len(typed)) - for i, item := range typed { - out[i] = cborValueToJSONCompatible(item) - } - return out - default: - return typed - } -} - -// QuotaDetail represents quota information for a specific resource type -type QuotaDetail struct { - Entitlement float64 `json:"entitlement"` - OverageCount float64 `json:"overage_count"` - OveragePermitted bool `json:"overage_permitted"` - PercentRemaining float64 `json:"percent_remaining"` - QuotaID string `json:"quota_id"` - QuotaRemaining float64 `json:"quota_remaining"` - Remaining float64 `json:"remaining"` - Unlimited bool `json:"unlimited"` -} - -// QuotaSnapshots contains quota details for different resource types -type QuotaSnapshots struct { - Chat QuotaDetail `json:"chat"` - Completions QuotaDetail `json:"completions"` - PremiumInteractions QuotaDetail `json:"premium_interactions"` -} - -// CopilotUsageResponse represents the GitHub Copilot usage information -type CopilotUsageResponse struct { - AccessTypeSKU string `json:"access_type_sku"` - AnalyticsTrackingID string `json:"analytics_tracking_id"` - AssignedDate string `json:"assigned_date"` - CanSignupForLimited bool `json:"can_signup_for_limited"` - ChatEnabled bool `json:"chat_enabled"` - CopilotPlan string `json:"copilot_plan"` - OrganizationLoginList []interface{} `json:"organization_login_list"` - OrganizationList []interface{} `json:"organization_list"` - QuotaResetDate string `json:"quota_reset_date"` - QuotaSnapshots QuotaSnapshots `json:"quota_snapshots"` -} - -type copilotQuotaRequest struct { - AuthIndexSnake *string `json:"auth_index"` - AuthIndexCamel *string `json:"authIndex"` - AuthIndexPascal *string `json:"AuthIndex"` -} - -// GetCopilotQuota fetches GitHub Copilot quota information from the /copilot_internal/user endpoint. -// -// Endpoint: -// -// GET /v0/management/copilot-quota -// -// Query Parameters (optional): -// - auth_index: The credential "auth_index" from GET /v0/management/auth-files. -// If omitted, uses the first available GitHub Copilot credential. -// -// Response: -// -// Returns the CopilotUsageResponse with quota_snapshots containing detailed quota information -// for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X GET "http://127.0.0.1:8317/v0/management/copilot-quota?auth_index=" \ -// -H "Authorization: Bearer " -func (h *Handler) GetCopilotQuota(c *gin.Context) { - authIndex := strings.TrimSpace(c.Query("auth_index")) - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("authIndex")) - } - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("AuthIndex")) - } - - auth := h.findCopilotAuth(authIndex) - if auth == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "no github copilot credential found"}) - return - } - - token, tokenErr := h.resolveTokenForAuth(c.Request.Context(), auth) - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to refresh copilot token"}) - return - } - if token == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "copilot token not found"}) - return - } - - apiURL := "https://api.github.com/copilot_internal/user" - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, apiURL, nil) - if errNewRequest != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to build request"}) - return - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "CLIProxyAPIPlus") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("copilot quota request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - if resp.StatusCode != http.StatusOK { - c.JSON(http.StatusBadGateway, gin.H{ - "error": "github api request failed", - "status_code": resp.StatusCode, - "body": string(respBody), - }) - return - } - - var usage CopilotUsageResponse - if errUnmarshal := json.Unmarshal(respBody, &usage); errUnmarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to parse response"}) - return - } - - c.JSON(http.StatusOK, usage) -} - -// findCopilotAuth locates a GitHub Copilot credential by auth_index or returns the first available one -func (h *Handler) findCopilotAuth(authIndex string) *coreauth.Auth { - if h == nil || h.authManager == nil { - return nil - } - - auths := h.authManager.List() - var firstCopilot *coreauth.Auth - - for _, auth := range auths { - if auth == nil { - continue - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider != "copilot" && provider != "github" && provider != "github-copilot" { - continue - } - - if firstCopilot == nil { - firstCopilot = auth - } - - if authIndex != "" { - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - } - - return firstCopilot -} - -// enrichCopilotTokenResponse fetches quota information and adds it to the Copilot token response body -func (h *Handler) enrichCopilotTokenResponse(ctx context.Context, response apiCallResponse, auth *coreauth.Auth, originalURL string) apiCallResponse { - if auth == nil || response.Body == "" { - return response - } - - // Parse the token response to check if it's enterprise (null limited_user_quotas) - var tokenResp map[string]interface{} - if err := json.Unmarshal([]byte(response.Body), &tokenResp); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse copilot token response") - return response - } - - // Get the GitHub token to call the copilot_internal/user endpoint - token, tokenErr := h.resolveTokenForAuth(ctx, auth) - if tokenErr != nil { - log.WithError(tokenErr).Debug("enrichCopilotTokenResponse: failed to resolve token") - return response - } - if token == "" { - return response - } - - // Fetch quota information from /copilot_internal/user - // Derive the base URL from the original token request to support proxies and test servers - parsedURL, errParse := url.Parse(originalURL) - if errParse != nil { - log.WithError(errParse).Debug("enrichCopilotTokenResponse: failed to parse URL") - return response - } - quotaURL := fmt.Sprintf("%s://%s/copilot_internal/user", parsedURL.Scheme, parsedURL.Host) - - req, errNewRequest := http.NewRequestWithContext(ctx, http.MethodGet, quotaURL, nil) - if errNewRequest != nil { - log.WithError(errNewRequest).Debug("enrichCopilotTokenResponse: failed to build request") - return response - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "CLIProxyAPIPlus") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - quotaResp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("enrichCopilotTokenResponse: quota fetch HTTP request failed") - return response - } - - defer func() { - if errClose := quotaResp.Body.Close(); errClose != nil { - log.Errorf("quota response body close error: %v", errClose) - } - }() - - if quotaResp.StatusCode != http.StatusOK { - return response - } - - quotaBody, errReadAll := io.ReadAll(quotaResp.Body) - if errReadAll != nil { - log.WithError(errReadAll).Debug("enrichCopilotTokenResponse: failed to read response") - return response - } - - // Parse the quota response - var quotaData CopilotUsageResponse - if err := json.Unmarshal(quotaBody, "aData); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse response") - return response - } - - // Check if this is an enterprise account by looking for quota_snapshots in the response - // Enterprise accounts have quota_snapshots, non-enterprise have limited_user_quotas - var quotaRaw map[string]interface{} - if err := json.Unmarshal(quotaBody, "aRaw); err == nil { - if _, hasQuotaSnapshots := quotaRaw["quota_snapshots"]; hasQuotaSnapshots { - // Enterprise account - has quota_snapshots - tokenResp["quota_snapshots"] = quotaData.QuotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for enterprise (quota_reset_date_utc) - if quotaResetDateUTC, ok := quotaRaw["quota_reset_date_utc"]; ok { - tokenResp["quota_reset_date"] = quotaResetDateUTC - } else if quotaData.QuotaResetDate != "" { - tokenResp["quota_reset_date"] = quotaData.QuotaResetDate - } - } else { - // Non-enterprise account - build quota from limited_user_quotas and monthly_quotas - var quotaSnapshots QuotaSnapshots - - // Get monthly quotas (total entitlement) and limited_user_quotas (remaining) - monthlyQuotas, hasMonthly := quotaRaw["monthly_quotas"].(map[string]interface{}) - limitedQuotas, hasLimited := quotaRaw["limited_user_quotas"].(map[string]interface{}) - - // Process chat quota - if hasMonthly && hasLimited { - if chatTotal, ok := monthlyQuotas["chat"].(float64); ok { - chatRemaining := chatTotal // default to full if no limited quota - if chatLimited, ok := limitedQuotas["chat"].(float64); ok { - chatRemaining = chatLimited - } - percentRemaining := 0.0 - if chatTotal > 0 { - percentRemaining = (chatRemaining / chatTotal) * 100.0 - } - quotaSnapshots.Chat = QuotaDetail{ - Entitlement: chatTotal, - Remaining: chatRemaining, - QuotaRemaining: chatRemaining, - PercentRemaining: percentRemaining, - QuotaID: "chat", - Unlimited: false, - } - } - - // Process completions quota - if completionsTotal, ok := monthlyQuotas["completions"].(float64); ok { - completionsRemaining := completionsTotal // default to full if no limited quota - if completionsLimited, ok := limitedQuotas["completions"].(float64); ok { - completionsRemaining = completionsLimited - } - percentRemaining := 0.0 - if completionsTotal > 0 { - percentRemaining = (completionsRemaining / completionsTotal) * 100.0 - } - quotaSnapshots.Completions = QuotaDetail{ - Entitlement: completionsTotal, - Remaining: completionsRemaining, - QuotaRemaining: completionsRemaining, - PercentRemaining: percentRemaining, - QuotaID: "completions", - Unlimited: false, - } - } - } - - // Premium interactions don't exist for non-enterprise, leave as zero values - quotaSnapshots.PremiumInteractions = QuotaDetail{ - QuotaID: "premium_interactions", - Unlimited: false, - } - - // Add quota_snapshots to the token response - tokenResp["quota_snapshots"] = quotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for non-enterprise (limited_user_reset_date) - if limitedResetDate, ok := quotaRaw["limited_user_reset_date"]; ok { - tokenResp["quota_reset_date"] = limitedResetDate - } - } - } - - // Re-serialize the enriched response - enrichedBody, errMarshal := json.Marshal(tokenResp) - if errMarshal != nil { - log.WithError(errMarshal).Debug("failed to marshal enriched response") - return response - } - - response.Body = string(enrichedBody) - - return response -} diff --git a/internal/api/handlers/management/api_tools_cbor_test.go b/internal/api/handlers/management/api_tools_cbor_test.go deleted file mode 100644 index 8b7570a916..0000000000 --- a/internal/api/handlers/management/api_tools_cbor_test.go +++ /dev/null @@ -1,149 +0,0 @@ -package management - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "testing" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" -) - -func TestAPICall_CBOR_Support(t *testing.T) { - gin.SetMode(gin.TestMode) - - // Create a test handler - h := &Handler{} - - // Create test request data - reqData := apiCallRequest{ - Method: "GET", - URL: "https://httpbin.org/get", - Header: map[string]string{ - "User-Agent": "test-client", - }, - } - - t.Run("JSON request and response", func(t *testing.T) { - // Marshal request as JSON - jsonData, err := json.Marshal(reqData) - if err != nil { - t.Fatalf("Failed to marshal JSON: %v", err) - } - - // Create HTTP request - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(jsonData)) - req.Header.Set("Content-Type", "application/json") - - // Create response recorder - w := httptest.NewRecorder() - - // Create Gin context - c, _ := gin.CreateTestContext(w) - c.Request = req - - // Call handler - h.APICall(c) - - // Verify response - if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { - t.Logf("Response status: %d", w.Code) - t.Logf("Response body: %s", w.Body.String()) - } - - // Check content type - contentType := w.Header().Get("Content-Type") - if w.Code == http.StatusOK && !contains(contentType, "application/json") { - t.Errorf("Expected JSON response, got: %s", contentType) - } - }) - - t.Run("CBOR request and response", func(t *testing.T) { - // Marshal request as CBOR - cborData, err := cbor.Marshal(reqData) - if err != nil { - t.Fatalf("Failed to marshal CBOR: %v", err) - } - - // Create HTTP request - req := httptest.NewRequest(http.MethodPost, "/v0/management/api-call", bytes.NewReader(cborData)) - req.Header.Set("Content-Type", "application/cbor") - - // Create response recorder - w := httptest.NewRecorder() - - // Create Gin context - c, _ := gin.CreateTestContext(w) - c.Request = req - - // Call handler - h.APICall(c) - - // Verify response - if w.Code != http.StatusOK && w.Code != http.StatusBadGateway { - t.Logf("Response status: %d", w.Code) - t.Logf("Response body: %s", w.Body.String()) - } - - // Check content type - contentType := w.Header().Get("Content-Type") - if w.Code == http.StatusOK && !contains(contentType, "application/cbor") { - t.Errorf("Expected CBOR response, got: %s", contentType) - } - - // Try to decode CBOR response - if w.Code == http.StatusOK { - var response apiCallResponse - if err := cbor.Unmarshal(w.Body.Bytes(), &response); err != nil { - t.Errorf("Failed to unmarshal CBOR response: %v", err) - } else { - t.Logf("CBOR response decoded successfully: status_code=%d", response.StatusCode) - } - } - }) - - t.Run("CBOR encoding and decoding consistency", func(t *testing.T) { - // Test data - testReq := apiCallRequest{ - Method: "POST", - URL: "https://example.com/api", - Header: map[string]string{ - "Authorization": "Bearer $TOKEN$", - "Content-Type": "application/json", - }, - Data: `{"key":"value"}`, - } - - // Encode to CBOR - cborData, err := cbor.Marshal(testReq) - if err != nil { - t.Fatalf("Failed to marshal to CBOR: %v", err) - } - - // Decode from CBOR - var decoded apiCallRequest - if err := cbor.Unmarshal(cborData, &decoded); err != nil { - t.Fatalf("Failed to unmarshal from CBOR: %v", err) - } - - // Verify fields - if decoded.Method != testReq.Method { - t.Errorf("Method mismatch: got %s, want %s", decoded.Method, testReq.Method) - } - if decoded.URL != testReq.URL { - t.Errorf("URL mismatch: got %s, want %s", decoded.URL, testReq.URL) - } - if decoded.Data != testReq.Data { - t.Errorf("Data mismatch: got %s, want %s", decoded.Data, testReq.Data) - } - if len(decoded.Header) != len(testReq.Header) { - t.Errorf("Header count mismatch: got %d, want %d", len(decoded.Header), len(testReq.Header)) - } - }) -} - -func contains(s, substr string) bool { - return len(s) > 0 && len(substr) > 0 && (s == substr || len(s) >= len(substr) && s[:len(substr)] == substr || bytes.Contains([]byte(s), []byte(substr))) -} diff --git a/internal/api/handlers/management/api_tools_test.go b/internal/api/handlers/management/api_tools_test.go deleted file mode 100644 index 152eb64968..0000000000 --- a/internal/api/handlers/management/api_tools_test.go +++ /dev/null @@ -1,173 +0,0 @@ -package management - -import ( - "context" - "encoding/json" - "io" - "net/http" - "net/http/httptest" - "net/url" - "strings" - "sync" - "testing" - "time" - - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -type memoryAuthStore struct { - mu sync.Mutex - items map[string]*coreauth.Auth -} - -func (s *memoryAuthStore) List(ctx context.Context) ([]*coreauth.Auth, error) { - _ = ctx - s.mu.Lock() - defer s.mu.Unlock() - out := make([]*coreauth.Auth, 0, len(s.items)) - for _, a := range s.items { - out = append(out, a.Clone()) - } - return out, nil -} - -func (s *memoryAuthStore) Save(ctx context.Context, auth *coreauth.Auth) (string, error) { - _ = ctx - if auth == nil { - return "", nil - } - s.mu.Lock() - if s.items == nil { - s.items = make(map[string]*coreauth.Auth) - } - s.items[auth.ID] = auth.Clone() - s.mu.Unlock() - return auth.ID, nil -} - -func (s *memoryAuthStore) Delete(ctx context.Context, id string) error { - _ = ctx - s.mu.Lock() - delete(s.items, id) - s.mu.Unlock() - return nil -} - -func TestResolveTokenForAuth_Antigravity_RefreshesExpiredToken(t *testing.T) { - var callCount int - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - callCount++ - if r.Method != http.MethodPost { - t.Fatalf("expected POST, got %s", r.Method) - } - if ct := r.Header.Get("Content-Type"); !strings.HasPrefix(ct, "application/x-www-form-urlencoded") { - t.Fatalf("unexpected content-type: %s", ct) - } - bodyBytes, _ := io.ReadAll(r.Body) - _ = r.Body.Close() - values, err := url.ParseQuery(string(bodyBytes)) - if err != nil { - t.Fatalf("parse form: %v", err) - } - if values.Get("grant_type") != "refresh_token" { - t.Fatalf("unexpected grant_type: %s", values.Get("grant_type")) - } - if values.Get("refresh_token") != "rt" { - t.Fatalf("unexpected refresh_token: %s", values.Get("refresh_token")) - } - if values.Get("client_id") != antigravityOAuthClientID { - t.Fatalf("unexpected client_id: %s", values.Get("client_id")) - } - if values.Get("client_secret") != antigravityOAuthClientSecret { - t.Fatalf("unexpected client_secret") - } - - w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(map[string]any{ - "access_token": "new-token", - "refresh_token": "rt2", - "expires_in": int64(3600), - "token_type": "Bearer", - }) - })) - t.Cleanup(srv.Close) - - originalURL := antigravityOAuthTokenURL - antigravityOAuthTokenURL = srv.URL - t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) - - store := &memoryAuthStore{} - manager := coreauth.NewManager(store, nil, nil) - - auth := &coreauth.Auth{ - ID: "antigravity-test.json", - FileName: "antigravity-test.json", - Provider: "antigravity", - Metadata: map[string]any{ - "type": "antigravity", - "access_token": "old-token", - "refresh_token": "rt", - "expires_in": int64(3600), - "timestamp": time.Now().Add(-2 * time.Hour).UnixMilli(), - "expired": time.Now().Add(-1 * time.Hour).Format(time.RFC3339), - }, - } - if _, err := manager.Register(context.Background(), auth); err != nil { - t.Fatalf("register auth: %v", err) - } - - h := &Handler{authManager: manager} - token, err := h.resolveTokenForAuth(context.Background(), auth) - if err != nil { - t.Fatalf("resolveTokenForAuth: %v", err) - } - if token != "new-token" { - t.Fatalf("expected refreshed token, got %q", token) - } - if callCount != 1 { - t.Fatalf("expected 1 refresh call, got %d", callCount) - } - - updated, ok := manager.GetByID(auth.ID) - if !ok || updated == nil { - t.Fatalf("expected auth in manager after update") - } - if got := tokenValueFromMetadata(updated.Metadata); got != "new-token" { - t.Fatalf("expected manager metadata updated, got %q", got) - } -} - -func TestResolveTokenForAuth_Antigravity_SkipsRefreshWhenTokenValid(t *testing.T) { - var callCount int - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - callCount++ - w.WriteHeader(http.StatusInternalServerError) - })) - t.Cleanup(srv.Close) - - originalURL := antigravityOAuthTokenURL - antigravityOAuthTokenURL = srv.URL - t.Cleanup(func() { antigravityOAuthTokenURL = originalURL }) - - auth := &coreauth.Auth{ - ID: "antigravity-valid.json", - FileName: "antigravity-valid.json", - Provider: "antigravity", - Metadata: map[string]any{ - "type": "antigravity", - "access_token": "ok-token", - "expired": time.Now().Add(30 * time.Minute).Format(time.RFC3339), - }, - } - h := &Handler{} - token, err := h.resolveTokenForAuth(context.Background(), auth) - if err != nil { - t.Fatalf("resolveTokenForAuth: %v", err) - } - if token != "ok-token" { - t.Fatalf("expected existing token, got %q", token) - } - if callCount != 0 { - t.Fatalf("expected no refresh calls, got %d", callCount) - } -} diff --git a/internal/api/handlers/management/auth_files.go b/internal/api/handlers/management/auth_files.go deleted file mode 100644 index 34cb1b53c9..0000000000 --- a/internal/api/handlers/management/auth_files.go +++ /dev/null @@ -1,2922 +0,0 @@ -package management - -import ( - "bytes" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/url" - "os" - "path/filepath" - "sort" - "strconv" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/antigravity" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/claude" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/codex" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/copilot" - geminiAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/gemini" - iflowauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/iflow" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kilo" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kimi" - kiroauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kiro" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/qwen" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -var lastRefreshKeys = []string{"last_refresh", "lastRefresh", "last_refreshed_at", "lastRefreshedAt"} - -const ( - anthropicCallbackPort = 54545 - geminiCallbackPort = 8085 - codexCallbackPort = 1455 - geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" - geminiCLIVersion = "v1internal" - geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" - geminiCLIApiClient = "gl-node/22.17.0" - geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -) - -type callbackForwarder struct { - provider string - server *http.Server - done chan struct{} -} - -var ( - callbackForwardersMu sync.Mutex - callbackForwarders = make(map[int]*callbackForwarder) -) - -func extractLastRefreshTimestamp(meta map[string]any) (time.Time, bool) { - if len(meta) == 0 { - return time.Time{}, false - } - for _, key := range lastRefreshKeys { - if val, ok := meta[key]; ok { - if ts, ok1 := parseLastRefreshValue(val); ok1 { - return ts, true - } - } - } - return time.Time{}, false -} - -func parseLastRefreshValue(v any) (time.Time, bool) { - switch val := v.(type) { - case string: - s := strings.TrimSpace(val) - if s == "" { - return time.Time{}, false - } - layouts := []string{time.RFC3339, time.RFC3339Nano, "2006-01-02 15:04:05", "2006-01-02T15:04:05Z07:00"} - for _, layout := range layouts { - if ts, err := time.Parse(layout, s); err == nil { - return ts.UTC(), true - } - } - if unix, err := strconv.ParseInt(s, 10, 64); err == nil && unix > 0 { - return time.Unix(unix, 0).UTC(), true - } - case float64: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(int64(val), 0).UTC(), true - case int64: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(val, 0).UTC(), true - case int: - if val <= 0 { - return time.Time{}, false - } - return time.Unix(int64(val), 0).UTC(), true - case json.Number: - if i, err := val.Int64(); err == nil && i > 0 { - return time.Unix(i, 0).UTC(), true - } - } - return time.Time{}, false -} - -func isWebUIRequest(c *gin.Context) bool { - raw := strings.TrimSpace(c.Query("is_webui")) - if raw == "" { - return false - } - switch strings.ToLower(raw) { - case "1", "true", "yes", "on": - return true - default: - return false - } -} - -func startCallbackForwarder(port int, provider, targetBase string) (*callbackForwarder, error) { - callbackForwardersMu.Lock() - prev := callbackForwarders[port] - if prev != nil { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - if prev != nil { - stopForwarderInstance(port, prev) - } - - addr := fmt.Sprintf("127.0.0.1:%d", port) - ln, err := net.Listen("tcp", addr) - if err != nil { - return nil, fmt.Errorf("failed to listen on %s: %w", addr, err) - } - - handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - target := targetBase - if raw := r.URL.RawQuery; raw != "" { - if strings.Contains(target, "?") { - target = target + "&" + raw - } else { - target = target + "?" + raw - } - } - w.Header().Set("Cache-Control", "no-store") - http.Redirect(w, r, target, http.StatusFound) - }) - - srv := &http.Server{ - Handler: handler, - ReadHeaderTimeout: 5 * time.Second, - WriteTimeout: 5 * time.Second, - } - done := make(chan struct{}) - - go func() { - if errServe := srv.Serve(ln); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) { - log.WithError(errServe).Warnf("callback forwarder for %s stopped unexpectedly", provider) - } - close(done) - }() - - forwarder := &callbackForwarder{ - provider: provider, - server: srv, - done: done, - } - - callbackForwardersMu.Lock() - callbackForwarders[port] = forwarder - callbackForwardersMu.Unlock() - - log.Infof("callback forwarder for %s listening on %s", provider, addr) - - return forwarder, nil -} - -func stopCallbackForwarder(port int) { - callbackForwardersMu.Lock() - forwarder := callbackForwarders[port] - if forwarder != nil { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - stopForwarderInstance(port, forwarder) -} - -func stopCallbackForwarderInstance(port int, forwarder *callbackForwarder) { - if forwarder == nil { - return - } - callbackForwardersMu.Lock() - if current := callbackForwarders[port]; current == forwarder { - delete(callbackForwarders, port) - } - callbackForwardersMu.Unlock() - - stopForwarderInstance(port, forwarder) -} - -func stopForwarderInstance(port int, forwarder *callbackForwarder) { - if forwarder == nil || forwarder.server == nil { - return - } - - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - - if err := forwarder.server.Shutdown(ctx); err != nil && !errors.Is(err, http.ErrServerClosed) { - log.WithError(err).Warnf("failed to shut down callback forwarder on port %d", port) - } - - select { - case <-forwarder.done: - case <-time.After(2 * time.Second): - } - - log.Infof("callback forwarder on port %d stopped", port) -} - -func (h *Handler) managementCallbackURL(path string) (string, error) { - if h == nil || h.cfg == nil || h.cfg.Port <= 0 { - return "", fmt.Errorf("server port is not configured") - } - if !strings.HasPrefix(path, "/") { - path = "/" + path - } - scheme := "http" - if h.cfg.TLS.Enable { - scheme = "https" - } - return fmt.Sprintf("%s://127.0.0.1:%d%s", scheme, h.cfg.Port, path), nil -} - -func (h *Handler) ListAuthFiles(c *gin.Context) { - if h == nil { - c.JSON(500, gin.H{"error": "handler not initialized"}) - return - } - if h.authManager == nil { - h.listAuthFilesFromDisk(c) - return - } - auths := h.authManager.List() - files := make([]gin.H, 0, len(auths)) - for _, auth := range auths { - if entry := h.buildAuthFileEntry(auth); entry != nil { - files = append(files, entry) - } - } - sort.Slice(files, func(i, j int) bool { - nameI, _ := files[i]["name"].(string) - nameJ, _ := files[j]["name"].(string) - return strings.ToLower(nameI) < strings.ToLower(nameJ) - }) - c.JSON(200, gin.H{"files": files}) -} - -// GetAuthFileModels returns the models supported by a specific auth file -func (h *Handler) GetAuthFileModels(c *gin.Context) { - name := c.Query("name") - if name == "" { - c.JSON(400, gin.H{"error": "name is required"}) - return - } - - // Try to find auth ID via authManager - var authID string - if h.authManager != nil { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name || auth.ID == name { - authID = auth.ID - break - } - } - } - - if authID == "" { - authID = name // fallback to filename as ID - } - - // Get models from registry - reg := registry.GetGlobalRegistry() - models := reg.GetModelsForClient(authID) - - result := make([]gin.H, 0, len(models)) - for _, m := range models { - entry := gin.H{ - "id": m.ID, - } - if m.DisplayName != "" { - entry["display_name"] = m.DisplayName - } - if m.Type != "" { - entry["type"] = m.Type - } - if m.OwnedBy != "" { - entry["owned_by"] = m.OwnedBy - } - result = append(result, entry) - } - - c.JSON(200, gin.H{"models": result}) -} - -// List auth files from disk when the auth manager is unavailable. -func (h *Handler) listAuthFilesFromDisk(c *gin.Context) { - entries, err := os.ReadDir(h.cfg.AuthDir) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read auth dir: %v", err)}) - return - } - files := make([]gin.H, 0) - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - if info, errInfo := e.Info(); errInfo == nil { - fileData := gin.H{"name": name, "size": info.Size(), "modtime": info.ModTime()} - - // Read file to get type field - full := filepath.Join(h.cfg.AuthDir, name) - if data, errRead := os.ReadFile(full); errRead == nil { - typeValue := gjson.GetBytes(data, "type").String() - emailValue := gjson.GetBytes(data, "email").String() - fileData["type"] = typeValue - fileData["email"] = emailValue - } - - files = append(files, fileData) - } - } - c.JSON(200, gin.H{"files": files}) -} - -func (h *Handler) buildAuthFileEntry(auth *coreauth.Auth) gin.H { - if auth == nil { - return nil - } - auth.EnsureIndex() - runtimeOnly := isRuntimeOnlyAuth(auth) - if runtimeOnly && (auth.Disabled || auth.Status == coreauth.StatusDisabled) { - return nil - } - path := strings.TrimSpace(authAttribute(auth, "path")) - if path == "" && !runtimeOnly { - return nil - } - name := strings.TrimSpace(auth.FileName) - if name == "" { - name = auth.ID - } - entry := gin.H{ - "id": auth.ID, - "auth_index": auth.Index, - "name": name, - "type": strings.TrimSpace(auth.Provider), - "provider": strings.TrimSpace(auth.Provider), - "label": auth.Label, - "status": auth.Status, - "status_message": auth.StatusMessage, - "disabled": auth.Disabled, - "unavailable": auth.Unavailable, - "runtime_only": runtimeOnly, - "source": "memory", - "size": int64(0), - } - if email := authEmail(auth); email != "" { - entry["email"] = email - } - if accountType, account := auth.AccountInfo(); accountType != "" || account != "" { - if accountType != "" { - entry["account_type"] = accountType - } - if account != "" { - entry["account"] = account - } - } - if !auth.CreatedAt.IsZero() { - entry["created_at"] = auth.CreatedAt - } - if !auth.UpdatedAt.IsZero() { - entry["modtime"] = auth.UpdatedAt - entry["updated_at"] = auth.UpdatedAt - } - if !auth.LastRefreshedAt.IsZero() { - entry["last_refresh"] = auth.LastRefreshedAt - } - if path != "" { - entry["path"] = path - entry["source"] = "file" - if info, err := os.Stat(path); err == nil { - entry["size"] = info.Size() - entry["modtime"] = info.ModTime() - } else if os.IsNotExist(err) { - // Hide credentials removed from disk but still lingering in memory. - if !runtimeOnly && (auth.Disabled || auth.Status == coreauth.StatusDisabled || strings.EqualFold(strings.TrimSpace(auth.StatusMessage), "removed via management api")) { - return nil - } - entry["source"] = "memory" - } else { - log.WithError(err).Warnf("failed to stat auth file %s", path) - } - } - if claims := extractCodexIDTokenClaims(auth); claims != nil { - entry["id_token"] = claims - } - return entry -} - -func extractCodexIDTokenClaims(auth *coreauth.Auth) gin.H { - if auth == nil || auth.Metadata == nil { - return nil - } - if !strings.EqualFold(strings.TrimSpace(auth.Provider), "codex") { - return nil - } - idTokenRaw, ok := auth.Metadata["id_token"].(string) - if !ok { - return nil - } - idToken := strings.TrimSpace(idTokenRaw) - if idToken == "" { - return nil - } - claims, err := codex.ParseJWTToken(idToken) - if err != nil || claims == nil { - return nil - } - - result := gin.H{} - if v := strings.TrimSpace(claims.CodexAuthInfo.ChatgptAccountID); v != "" { - result["chatgpt_account_id"] = v - } - if v := strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType); v != "" { - result["plan_type"] = v - } - if v := claims.CodexAuthInfo.ChatgptSubscriptionActiveStart; v != nil { - result["chatgpt_subscription_active_start"] = v - } - if v := claims.CodexAuthInfo.ChatgptSubscriptionActiveUntil; v != nil { - result["chatgpt_subscription_active_until"] = v - } - - if len(result) == 0 { - return nil - } - return result -} - -func authEmail(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["email"].(string); ok { - return strings.TrimSpace(v) - } - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["email"]); v != "" { - return v - } - if v := strings.TrimSpace(auth.Attributes["account_email"]); v != "" { - return v - } - } - return "" -} - -func authAttribute(auth *coreauth.Auth, key string) string { - if auth == nil || len(auth.Attributes) == 0 { - return "" - } - return auth.Attributes[key] -} - -func isRuntimeOnlyAuth(auth *coreauth.Auth) bool { - if auth == nil || len(auth.Attributes) == 0 { - return false - } - return strings.EqualFold(strings.TrimSpace(auth.Attributes["runtime_only"]), "true") -} - -// Download single auth file by name -func (h *Handler) DownloadAuthFile(c *gin.Context) { - name := c.Query("name") - if name == "" || strings.Contains(name, string(os.PathSeparator)) { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "name must end with .json"}) - return - } - full := filepath.Join(h.cfg.AuthDir, name) - data, err := os.ReadFile(full) - if err != nil { - if os.IsNotExist(err) { - c.JSON(404, gin.H{"error": "file not found"}) - } else { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - } - return - } - c.Header("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", name)) - c.Data(200, "application/json", data) -} - -// Upload auth file: multipart or raw JSON with ?name= -func (h *Handler) UploadAuthFile(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - ctx := c.Request.Context() - if file, err := c.FormFile("file"); err == nil && file != nil { - name := filepath.Base(file.Filename) - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "file must be .json"}) - return - } - dst := filepath.Join(h.cfg.AuthDir, name) - if !filepath.IsAbs(dst) { - if abs, errAbs := filepath.Abs(dst); errAbs == nil { - dst = abs - } - } - if errSave := c.SaveUploadedFile(file, dst); errSave != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to save file: %v", errSave)}) - return - } - data, errRead := os.ReadFile(dst) - if errRead != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read saved file: %v", errRead)}) - return - } - if errReg := h.registerAuthFromFile(ctx, dst, data); errReg != nil { - c.JSON(500, gin.H{"error": errReg.Error()}) - return - } - c.JSON(200, gin.H{"status": "ok"}) - return - } - name := c.Query("name") - if name == "" || strings.Contains(name, string(os.PathSeparator)) { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - if !strings.HasSuffix(strings.ToLower(name), ".json") { - c.JSON(400, gin.H{"error": "name must end with .json"}) - return - } - data, err := io.ReadAll(c.Request.Body) - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - dst := filepath.Join(h.cfg.AuthDir, filepath.Base(name)) - if !filepath.IsAbs(dst) { - if abs, errAbs := filepath.Abs(dst); errAbs == nil { - dst = abs - } - } - if errWrite := os.WriteFile(dst, data, 0o600); errWrite != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to write file: %v", errWrite)}) - return - } - if err = h.registerAuthFromFile(ctx, dst, data); err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - c.JSON(200, gin.H{"status": "ok"}) -} - -// Delete auth files: single by name or all -func (h *Handler) DeleteAuthFile(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - ctx := c.Request.Context() - if all := c.Query("all"); all == "true" || all == "1" || all == "*" { - entries, err := os.ReadDir(h.cfg.AuthDir) - if err != nil { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to read auth dir: %v", err)}) - return - } - deleted := 0 - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full := filepath.Join(h.cfg.AuthDir, name) - if !filepath.IsAbs(full) { - if abs, errAbs := filepath.Abs(full); errAbs == nil { - full = abs - } - } - if err = os.Remove(full); err == nil { - if errDel := h.deleteTokenRecord(ctx, full); errDel != nil { - c.JSON(500, gin.H{"error": errDel.Error()}) - return - } - deleted++ - h.disableAuth(ctx, full) - } - } - c.JSON(200, gin.H{"status": "ok", "deleted": deleted}) - return - } - name := c.Query("name") - if name == "" || strings.Contains(name, string(os.PathSeparator)) { - c.JSON(400, gin.H{"error": "invalid name"}) - return - } - full := filepath.Join(h.cfg.AuthDir, filepath.Base(name)) - if !filepath.IsAbs(full) { - if abs, errAbs := filepath.Abs(full); errAbs == nil { - full = abs - } - } - if err := os.Remove(full); err != nil { - if os.IsNotExist(err) { - c.JSON(404, gin.H{"error": "file not found"}) - } else { - c.JSON(500, gin.H{"error": fmt.Sprintf("failed to remove file: %v", err)}) - } - return - } - if err := h.deleteTokenRecord(ctx, full); err != nil { - c.JSON(500, gin.H{"error": err.Error()}) - return - } - h.disableAuth(ctx, full) - c.JSON(200, gin.H{"status": "ok"}) -} - -func (h *Handler) authIDForPath(path string) string { - path = strings.TrimSpace(path) - if path == "" { - return "" - } - if h == nil || h.cfg == nil { - return path - } - authDir := strings.TrimSpace(h.cfg.AuthDir) - if authDir == "" { - return path - } - if rel, err := filepath.Rel(authDir, path); err == nil && rel != "" { - return rel - } - return path -} - -func (h *Handler) registerAuthFromFile(ctx context.Context, path string, data []byte) error { - if h.authManager == nil { - return nil - } - if path == "" { - return fmt.Errorf("auth path is empty") - } - if data == nil { - var err error - data, err = os.ReadFile(path) - if err != nil { - return fmt.Errorf("failed to read auth file: %w", err) - } - } - metadata := make(map[string]any) - if err := json.Unmarshal(data, &metadata); err != nil { - return fmt.Errorf("invalid auth file: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - label := provider - if email, ok := metadata["email"].(string); ok && email != "" { - label = email - } - lastRefresh, hasLastRefresh := extractLastRefreshTimestamp(metadata) - - authID := h.authIDForPath(path) - if authID == "" { - authID = path - } - attr := map[string]string{ - "path": path, - "source": path, - } - auth := &coreauth.Auth{ - ID: authID, - Provider: provider, - FileName: filepath.Base(path), - Label: label, - Status: coreauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: time.Now(), - UpdatedAt: time.Now(), - } - if hasLastRefresh { - auth.LastRefreshedAt = lastRefresh - } - if existing, ok := h.authManager.GetByID(authID); ok { - auth.CreatedAt = existing.CreatedAt - if !hasLastRefresh { - auth.LastRefreshedAt = existing.LastRefreshedAt - } - auth.NextRefreshAfter = existing.NextRefreshAfter - auth.Runtime = existing.Runtime - _, err := h.authManager.Update(ctx, auth) - return err - } - _, err := h.authManager.Register(ctx, auth) - return err -} - -// PatchAuthFileStatus toggles the disabled state of an auth file -func (h *Handler) PatchAuthFileStatus(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - - var req struct { - Name string `json:"name"` - Disabled *bool `json:"disabled"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"}) - return - } - - name := strings.TrimSpace(req.Name) - if name == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "name is required"}) - return - } - if req.Disabled == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "disabled is required"}) - return - } - - ctx := c.Request.Context() - - // Find auth by name or ID - var targetAuth *coreauth.Auth - if auth, ok := h.authManager.GetByID(name); ok { - targetAuth = auth - } else { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name { - targetAuth = auth - break - } - } - } - - if targetAuth == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "auth file not found"}) - return - } - - // Update disabled state - targetAuth.Disabled = *req.Disabled - if *req.Disabled { - targetAuth.Status = coreauth.StatusDisabled - targetAuth.StatusMessage = "disabled via management API" - } else { - targetAuth.Status = coreauth.StatusActive - targetAuth.StatusMessage = "" - } - targetAuth.UpdatedAt = time.Now() - - if _, err := h.authManager.Update(ctx, targetAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to update auth: %v", err)}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok", "disabled": *req.Disabled}) -} - -// PatchAuthFileFields updates editable fields (prefix, proxy_url, priority) of an auth file. -func (h *Handler) PatchAuthFileFields(c *gin.Context) { - if h.authManager == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "core auth manager unavailable"}) - return - } - - var req struct { - Name string `json:"name"` - Prefix *string `json:"prefix"` - ProxyURL *string `json:"proxy_url"` - Priority *int `json:"priority"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"}) - return - } - - name := strings.TrimSpace(req.Name) - if name == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "name is required"}) - return - } - - ctx := c.Request.Context() - - // Find auth by name or ID - var targetAuth *coreauth.Auth - if auth, ok := h.authManager.GetByID(name); ok { - targetAuth = auth - } else { - auths := h.authManager.List() - for _, auth := range auths { - if auth.FileName == name { - targetAuth = auth - break - } - } - } - - if targetAuth == nil { - c.JSON(http.StatusNotFound, gin.H{"error": "auth file not found"}) - return - } - - changed := false - if req.Prefix != nil { - targetAuth.Prefix = *req.Prefix - changed = true - } - if req.ProxyURL != nil { - targetAuth.ProxyURL = *req.ProxyURL - changed = true - } - if req.Priority != nil { - if targetAuth.Metadata == nil { - targetAuth.Metadata = make(map[string]any) - } - if *req.Priority == 0 { - delete(targetAuth.Metadata, "priority") - } else { - targetAuth.Metadata["priority"] = *req.Priority - } - changed = true - } - - if !changed { - c.JSON(http.StatusBadRequest, gin.H{"error": "no fields to update"}) - return - } - - targetAuth.UpdatedAt = time.Now() - - if _, err := h.authManager.Update(ctx, targetAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to update auth: %v", err)}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} - -func (h *Handler) disableAuth(ctx context.Context, id string) { - if h == nil || h.authManager == nil { - return - } - authID := h.authIDForPath(id) - if authID == "" { - authID = strings.TrimSpace(id) - } - if authID == "" { - return - } - if auth, ok := h.authManager.GetByID(authID); ok { - auth.Disabled = true - auth.Status = coreauth.StatusDisabled - auth.StatusMessage = "removed via management API" - auth.UpdatedAt = time.Now() - _, _ = h.authManager.Update(ctx, auth) - } -} - -func (h *Handler) deleteTokenRecord(ctx context.Context, path string) error { - if strings.TrimSpace(path) == "" { - return fmt.Errorf("auth path is empty") - } - store := h.tokenStoreWithBaseDir() - if store == nil { - return fmt.Errorf("token store unavailable") - } - return store.Delete(ctx, path) -} - -func (h *Handler) tokenStoreWithBaseDir() coreauth.Store { - if h == nil { - return nil - } - store := h.tokenStore - if store == nil { - store = sdkAuth.GetTokenStore() - h.tokenStore = store - } - if h.cfg != nil { - if dirSetter, ok := store.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(h.cfg.AuthDir) - } - } - return store -} - -func (h *Handler) saveTokenRecord(ctx context.Context, record *coreauth.Auth) (string, error) { - if record == nil { - return "", fmt.Errorf("token record is nil") - } - store := h.tokenStoreWithBaseDir() - if store == nil { - return "", fmt.Errorf("token store unavailable") - } - if h.postAuthHook != nil { - if err := h.postAuthHook(ctx, record); err != nil { - return "", fmt.Errorf("post-auth hook failed: %w", err) - } - } - return store.Save(ctx, record) -} - -func (h *Handler) RequestAnthropicToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - - fmt.Println("Initializing Claude authentication...") - - // Generate PKCE codes - pkceCodes, err := claude.GeneratePKCECodes() - if err != nil { - log.Errorf("Failed to generate PKCE codes: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"}) - return - } - - // Generate random state parameter - state, err := misc.GenerateRandomState() - if err != nil { - log.Errorf("Failed to generate state parameter: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - // Initialize Claude auth service - anthropicAuth := claude.NewClaudeAuth(h.cfg) - - // Generate authorization URL (then override redirect_uri to reuse server port) - authURL, state, err := anthropicAuth.GenerateAuthURL(state, pkceCodes) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - - RegisterOAuthSession(state, "anthropic") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/anthropic/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute anthropic callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(anthropicCallbackPort, "anthropic", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start anthropic callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(anthropicCallbackPort, forwarder) - } - - // Helper: wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-anthropic-%s.oauth", state)) - waitForFile := func(path string, timeout time.Duration) (map[string]string, error) { - deadline := time.Now().Add(timeout) - for { - if !IsOAuthSessionPending(state, "anthropic") { - return nil, errOAuthSessionNotPending - } - if time.Now().After(deadline) { - SetOAuthSessionError(state, "Timeout waiting for OAuth callback") - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } - data, errRead := os.ReadFile(path) - if errRead == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(path) - return m, nil - } - time.Sleep(500 * time.Millisecond) - } - } - - fmt.Println("Waiting for authentication callback...") - // Wait up to 5 minutes - resultMap, errWait := waitForFile(waitFile, 5*time.Minute) - if errWait != nil { - if errors.Is(errWait, errOAuthSessionNotPending) { - return - } - authErr := claude.NewAuthenticationError(claude.ErrCallbackTimeout, errWait) - log.Error(claude.GetUserFriendlyMessage(authErr)) - return - } - if errStr := resultMap["error"]; errStr != "" { - oauthErr := claude.NewOAuthError(errStr, "", http.StatusBadRequest) - log.Error(claude.GetUserFriendlyMessage(oauthErr)) - SetOAuthSessionError(state, "Bad request") - return - } - if resultMap["state"] != state { - authErr := claude.NewAuthenticationError(claude.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, resultMap["state"])) - log.Error(claude.GetUserFriendlyMessage(authErr)) - SetOAuthSessionError(state, "State code error") - return - } - - // Parse code (Claude may append state after '#') - rawCode := resultMap["code"] - code := strings.Split(rawCode, "#")[0] - - // Exchange code for tokens using internal auth service - bundle, errExchange := anthropicAuth.ExchangeCodeForTokens(ctx, code, state, pkceCodes) - if errExchange != nil { - authErr := claude.NewAuthenticationError(claude.ErrCodeExchangeFailed, errExchange) - log.Errorf("Failed to exchange authorization code for tokens: %v", authErr) - SetOAuthSessionError(state, "Failed to exchange authorization code for tokens") - return - } - - // Create token storage - tokenStorage := anthropicAuth.CreateTokenStorage(bundle) - record := &coreauth.Auth{ - ID: fmt.Sprintf("claude-%s.json", tokenStorage.Email), - Provider: "claude", - FileName: fmt.Sprintf("claude-%s.json", tokenStorage.Email), - Storage: tokenStorage, - Metadata: map[string]any{"email": tokenStorage.Email}, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if bundle.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use Claude services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("anthropic") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - proxyHTTPClient := util.SetProxy(&h.cfg.SDKConfig, &http.Client{}) - ctx = context.WithValue(ctx, oauth2.HTTPClient, proxyHTTPClient) - - // Optional project ID from query - projectID := c.Query("project_id") - - fmt.Println("Initializing Google authentication...") - - // OAuth2 configuration using exported constants from internal/auth/gemini - conf := &oauth2.Config{ - ClientID: geminiAuth.ClientID, - ClientSecret: geminiAuth.ClientSecret, - RedirectURL: fmt.Sprintf("http://localhost:%d/oauth2callback", geminiAuth.DefaultCallbackPort), - Scopes: geminiAuth.Scopes, - Endpoint: google.Endpoint, - } - - // Build authorization URL and return it immediately - state := fmt.Sprintf("gem-%d", time.Now().UnixNano()) - authURL := conf.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.SetAuthURLParam("prompt", "consent")) - - RegisterOAuthSession(state, "gemini") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/google/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute gemini callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(geminiCallbackPort, "gemini", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start gemini callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(geminiCallbackPort, forwarder) - } - - // Wait for callback file written by server route - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-gemini-%s.oauth", state)) - fmt.Println("Waiting for authentication callback...") - deadline := time.Now().Add(5 * time.Minute) - var authCode string - for { - if !IsOAuthSessionPending(state, "gemini") { - return - } - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - authCode = m["code"] - if authCode == "" { - log.Errorf("Authentication failed: code not found") - SetOAuthSessionError(state, "Authentication failed: code not found") - return - } - break - } - time.Sleep(500 * time.Millisecond) - } - - // Exchange authorization code for token - token, err := conf.Exchange(ctx, authCode) - if err != nil { - log.Errorf("Failed to exchange token: %v", err) - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - requestedProjectID := strings.TrimSpace(projectID) - - // Create token storage (mirrors internal/auth/gemini createTokenStorage) - authHTTPClient := conf.Client(ctx, token) - req, errNewRequest := http.NewRequestWithContext(ctx, "GET", "https://www.googleapis.com/oauth2/v1/userinfo?alt=json", nil) - if errNewRequest != nil { - log.Errorf("Could not get user info: %v", errNewRequest) - SetOAuthSessionError(state, "Could not get user info") - return - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken)) - - resp, errDo := authHTTPClient.Do(req) - if errDo != nil { - log.Errorf("Failed to execute request: %v", errDo) - SetOAuthSessionError(state, "Failed to execute request") - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Printf("warn: failed to close response body: %v", errClose) - } - }() - - bodyBytes, _ := io.ReadAll(resp.Body) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - log.Errorf("Get user info request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - SetOAuthSessionError(state, fmt.Sprintf("Get user info request failed with status %d", resp.StatusCode)) - return - } - - email := gjson.GetBytes(bodyBytes, "email").String() - if email != "" { - fmt.Printf("Authenticated user email: %s\n", email) - } else { - fmt.Println("Failed to get user email from token") - } - - // Marshal/unmarshal oauth2.Token to generic map and enrich fields - var ifToken map[string]any - jsonData, _ := json.Marshal(token) - if errUnmarshal := json.Unmarshal(jsonData, &ifToken); errUnmarshal != nil { - log.Errorf("Failed to unmarshal token: %v", errUnmarshal) - SetOAuthSessionError(state, "Failed to unmarshal token") - return - } - - ifToken["token_uri"] = "https://oauth2.googleapis.com/token" - ifToken["client_id"] = geminiAuth.ClientID - ifToken["client_secret"] = geminiAuth.ClientSecret - ifToken["scopes"] = geminiAuth.Scopes - ifToken["universe_domain"] = "googleapis.com" - - ts := geminiAuth.GeminiTokenStorage{ - Token: ifToken, - ProjectID: requestedProjectID, - Email: email, - Auto: requestedProjectID == "", - } - - // Initialize authenticated HTTP client via GeminiAuth to honor proxy settings - gemAuth := geminiAuth.NewGeminiAuth() - gemClient, errGetClient := gemAuth.GetAuthenticatedClient(ctx, &ts, h.cfg, &geminiAuth.WebLoginOptions{ - NoBrowser: true, - }) - if errGetClient != nil { - log.Errorf("failed to get authenticated client: %v", errGetClient) - SetOAuthSessionError(state, "Failed to get authenticated client") - return - } - fmt.Println("Authentication successful.") - - if strings.EqualFold(requestedProjectID, "ALL") { - ts.Auto = false - projects, errAll := onboardAllGeminiProjects(ctx, gemClient, &ts) - if errAll != nil { - log.Errorf("Failed to complete Gemini CLI onboarding: %v", errAll) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") - return - } - if errVerify := ensureGeminiProjectsEnabled(ctx, gemClient, projects); errVerify != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errVerify) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.ProjectID = strings.Join(projects, ",") - ts.Checked = true - } else if strings.EqualFold(requestedProjectID, "GOOGLE_ONE") { - ts.Auto = false - if errSetup := performGeminiCLISetup(ctx, gemClient, &ts, ""); errSetup != nil { - log.Errorf("Google One auto-discovery failed: %v", errSetup) - SetOAuthSessionError(state, "Google One auto-discovery failed") - return - } - if strings.TrimSpace(ts.ProjectID) == "" { - log.Error("Google One auto-discovery returned empty project ID") - SetOAuthSessionError(state, "Google One auto-discovery returned empty project ID") - return - } - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) - if errCheck != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.Checked = isChecked - if !isChecked { - log.Error("Cloud AI API is not enabled for the auto-discovered project") - SetOAuthSessionError(state, "Cloud AI API not enabled") - return - } - } else { - if errEnsure := ensureGeminiProjectAndOnboard(ctx, gemClient, &ts, requestedProjectID); errEnsure != nil { - log.Errorf("Failed to complete Gemini CLI onboarding: %v", errEnsure) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") - return - } - - if strings.TrimSpace(ts.ProjectID) == "" { - log.Error("Onboarding did not return a project ID") - SetOAuthSessionError(state, "Failed to resolve project ID") - return - } - - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) - if errCheck != nil { - log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") - return - } - ts.Checked = isChecked - if !isChecked { - log.Error("Cloud AI API is not enabled for the selected project") - SetOAuthSessionError(state, "Cloud AI API not enabled") - return - } - } - - recordMetadata := map[string]any{ - "email": ts.Email, - "project_id": ts.ProjectID, - "auto": ts.Auto, - "checked": ts.Checked, - } - - fileName := geminiAuth.CredentialFileName(ts.Email, ts.ProjectID, true) - record := &coreauth.Auth{ - ID: fileName, - Provider: "gemini", - FileName: fileName, - Storage: &ts, - Metadata: recordMetadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - SetOAuthSessionError(state, "Failed to save token to file") - return - } - - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("gemini") - fmt.Printf("You can now use Gemini CLI services through this CLI; token saved to %s\n", savedPath) - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestCodexToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - - fmt.Println("Initializing Codex authentication...") - - // Generate PKCE codes - pkceCodes, err := codex.GeneratePKCECodes() - if err != nil { - log.Errorf("Failed to generate PKCE codes: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate PKCE codes"}) - return - } - - // Generate random state parameter - state, err := misc.GenerateRandomState() - if err != nil { - log.Errorf("Failed to generate state parameter: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - // Initialize Codex auth service - openaiAuth := codex.NewCodexAuth(h.cfg) - - // Generate authorization URL - authURL, err := openaiAuth.GenerateAuthURL(state, pkceCodes) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - - RegisterOAuthSession(state, "codex") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/codex/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute codex callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(codexCallbackPort, "codex", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start codex callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(codexCallbackPort, forwarder) - } - - // Wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-codex-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var code string - for { - if !IsOAuthSessionPending(state, "codex") { - return - } - if time.Now().After(deadline) { - authErr := codex.NewAuthenticationError(codex.ErrCallbackTimeout, fmt.Errorf("timeout waiting for OAuth callback")) - log.Error(codex.GetUserFriendlyMessage(authErr)) - SetOAuthSessionError(state, "Timeout waiting for OAuth callback") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - oauthErr := codex.NewOAuthError(errStr, "", http.StatusBadRequest) - log.Error(codex.GetUserFriendlyMessage(oauthErr)) - SetOAuthSessionError(state, "Bad Request") - return - } - if m["state"] != state { - authErr := codex.NewAuthenticationError(codex.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, m["state"])) - SetOAuthSessionError(state, "State code error") - log.Error(codex.GetUserFriendlyMessage(authErr)) - return - } - code = m["code"] - break - } - time.Sleep(500 * time.Millisecond) - } - - log.Debug("Authorization code received, exchanging for tokens...") - // Exchange code for tokens using internal auth service - bundle, errExchange := openaiAuth.ExchangeCodeForTokens(ctx, code, pkceCodes) - if errExchange != nil { - authErr := codex.NewAuthenticationError(codex.ErrCodeExchangeFailed, errExchange) - SetOAuthSessionError(state, "Failed to exchange authorization code for tokens") - log.Errorf("Failed to exchange authorization code for tokens: %v", authErr) - return - } - - // Extract additional info for filename generation - claims, _ := codex.ParseJWTToken(bundle.TokenData.IDToken) - planType := "" - hashAccountID := "" - if claims != nil { - planType = strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType) - if accountID := claims.GetAccountID(); accountID != "" { - digest := sha256.Sum256([]byte(accountID)) - hashAccountID = hex.EncodeToString(digest[:])[:8] - } - } - - // Create token storage and persist - tokenStorage := openaiAuth.CreateTokenStorage(bundle) - fileName := codex.CredentialFileName(tokenStorage.Email, planType, hashAccountID, true) - record := &coreauth.Auth{ - ID: fileName, - Provider: "codex", - FileName: fileName, - Storage: tokenStorage, - Metadata: map[string]any{ - "email": tokenStorage.Email, - "account_id": tokenStorage.AccountID, - }, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - SetOAuthSessionError(state, "Failed to save authentication tokens") - log.Errorf("Failed to save authentication tokens: %v", errSave) - return - } - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if bundle.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use Codex services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("codex") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestAntigravityToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - - fmt.Println("Initializing Antigravity authentication...") - - authSvc := antigravity.NewAntigravityAuth(h.cfg, nil) - - state, errState := misc.GenerateRandomState() - if errState != nil { - log.Errorf("Failed to generate state parameter: %v", errState) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate state parameter"}) - return - } - - redirectURI := fmt.Sprintf("http://localhost:%d/oauth-callback", antigravity.CallbackPort) - authURL := authSvc.BuildAuthURL(state, redirectURI) - - RegisterOAuthSession(state, "antigravity") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/antigravity/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute antigravity callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(antigravity.CallbackPort, "antigravity", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start antigravity callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(antigravity.CallbackPort, forwarder) - } - - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-antigravity-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var authCode string - for { - if !IsOAuthSessionPending(state, "antigravity") { - return - } - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errReadFile := os.ReadFile(waitFile); errReadFile == nil { - var payload map[string]string - _ = json.Unmarshal(data, &payload) - _ = os.Remove(waitFile) - if errStr := strings.TrimSpace(payload["error"]); errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - if payloadState := strings.TrimSpace(payload["state"]); payloadState != "" && payloadState != state { - log.Errorf("Authentication failed: state mismatch") - SetOAuthSessionError(state, "Authentication failed: state mismatch") - return - } - authCode = strings.TrimSpace(payload["code"]) - if authCode == "" { - log.Error("Authentication failed: code not found") - SetOAuthSessionError(state, "Authentication failed: code not found") - return - } - break - } - time.Sleep(500 * time.Millisecond) - } - - tokenResp, errToken := authSvc.ExchangeCodeForTokens(ctx, authCode, redirectURI) - if errToken != nil { - log.Errorf("Failed to exchange token: %v", errToken) - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - accessToken := strings.TrimSpace(tokenResp.AccessToken) - if accessToken == "" { - log.Error("antigravity: token exchange returned empty access token") - SetOAuthSessionError(state, "Failed to exchange token") - return - } - - email, errInfo := authSvc.FetchUserInfo(ctx, accessToken) - if errInfo != nil { - log.Errorf("Failed to fetch user info: %v", errInfo) - SetOAuthSessionError(state, "Failed to fetch user info") - return - } - email = strings.TrimSpace(email) - if email == "" { - log.Error("antigravity: user info returned empty email") - SetOAuthSessionError(state, "Failed to fetch user info") - return - } - - projectID := "" - if accessToken != "" { - fetchedProjectID, errProject := authSvc.FetchProjectID(ctx, accessToken) - if errProject != nil { - log.Warnf("antigravity: failed to fetch project ID: %v", errProject) - } else { - projectID = fetchedProjectID - log.Infof("antigravity: obtained project ID %s", projectID) - } - } - - now := time.Now() - metadata := map[string]any{ - "type": "antigravity", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_in": tokenResp.ExpiresIn, - "timestamp": now.UnixMilli(), - "expired": now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - if email != "" { - metadata["email"] = email - } - if projectID != "" { - metadata["project_id"] = projectID - } - - fileName := antigravity.CredentialFileName(email) - label := strings.TrimSpace(email) - if label == "" { - label = "antigravity" - } - - record := &coreauth.Auth{ - ID: fileName, - Provider: "antigravity", - FileName: fileName, - Label: label, - Metadata: metadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - SetOAuthSessionError(state, "Failed to save token to file") - return - } - - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("antigravity") - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if projectID != "" { - fmt.Printf("Using GCP project: %s\n", projectID) - } - fmt.Println("You can now use Antigravity services through this CLI") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestQwenToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - - fmt.Println("Initializing Qwen authentication...") - - state := fmt.Sprintf("gem-%d", time.Now().UnixNano()) - // Initialize Qwen auth service - qwenAuth := qwen.NewQwenAuth(h.cfg) - - // Generate authorization URL - deviceFlow, err := qwenAuth.InitiateDeviceFlow(ctx) - if err != nil { - log.Errorf("Failed to generate authorization URL: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - authURL := deviceFlow.VerificationURIComplete - - RegisterOAuthSession(state, "qwen") - - go func() { - fmt.Println("Waiting for authentication...") - tokenData, errPollForToken := qwenAuth.PollForToken(deviceFlow.DeviceCode, deviceFlow.CodeVerifier) - if errPollForToken != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errPollForToken) - return - } - - // Create token storage - tokenStorage := qwenAuth.CreateTokenStorage(tokenData) - - tokenStorage.Email = fmt.Sprintf("%d", time.Now().UnixMilli()) - record := &coreauth.Auth{ - ID: fmt.Sprintf("qwen-%s.json", tokenStorage.Email), - Provider: "qwen", - FileName: fmt.Sprintf("qwen-%s.json", tokenStorage.Email), - Storage: tokenStorage, - Metadata: map[string]any{"email": tokenStorage.Email}, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use Qwen services through this CLI") - CompleteOAuthSession(state) - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestKimiToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - - fmt.Println("Initializing Kimi authentication...") - - state := fmt.Sprintf("kmi-%d", time.Now().UnixNano()) - // Initialize Kimi auth service - kimiAuth := kimi.NewKimiAuth(h.cfg) - - // Generate authorization URL - deviceFlow, errStartDeviceFlow := kimiAuth.StartDeviceFlow(ctx) - if errStartDeviceFlow != nil { - log.Errorf("Failed to generate authorization URL: %v", errStartDeviceFlow) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate authorization url"}) - return - } - authURL := deviceFlow.VerificationURIComplete - if authURL == "" { - authURL = deviceFlow.VerificationURI - } - - RegisterOAuthSession(state, "kimi") - - go func() { - fmt.Println("Waiting for authentication...") - authBundle, errWaitForAuthorization := kimiAuth.WaitForAuthorization(ctx, deviceFlow) - if errWaitForAuthorization != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errWaitForAuthorization) - return - } - - // Create token storage - tokenStorage := kimiAuth.CreateTokenStorage(authBundle) - - metadata := map[string]any{ - "type": "kimi", - "access_token": authBundle.TokenData.AccessToken, - "refresh_token": authBundle.TokenData.RefreshToken, - "token_type": authBundle.TokenData.TokenType, - "scope": authBundle.TokenData.Scope, - "timestamp": time.Now().UnixMilli(), - } - if authBundle.TokenData.ExpiresAt > 0 { - expired := time.Unix(authBundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - metadata["expired"] = expired - } - if strings.TrimSpace(authBundle.DeviceID) != "" { - metadata["device_id"] = strings.TrimSpace(authBundle.DeviceID) - } - - fileName := fmt.Sprintf("kimi-%d.json", time.Now().UnixMilli()) - record := &coreauth.Auth{ - ID: fileName, - Provider: "kimi", - FileName: fileName, - Label: "Kimi User", - Storage: tokenStorage, - Metadata: metadata, - } - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use Kimi services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("kimi") - }() - - c.JSON(200, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestIFlowToken(c *gin.Context) { - ctx := context.Background() - ctx = PopulateAuthContext(ctx, c) - - fmt.Println("Initializing iFlow authentication...") - - state := fmt.Sprintf("ifl-%d", time.Now().UnixNano()) - authSvc := iflowauth.NewIFlowAuth(h.cfg) - authURL, redirectURI := authSvc.AuthorizationURL(state, iflowauth.CallbackPort) - - RegisterOAuthSession(state, "iflow") - - isWebUI := isWebUIRequest(c) - var forwarder *callbackForwarder - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/iflow/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute iflow callback target") - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "callback server unavailable"}) - return - } - var errStart error - if forwarder, errStart = startCallbackForwarder(iflowauth.CallbackPort, "iflow", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start iflow callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarderInstance(iflowauth.CallbackPort, forwarder) - } - fmt.Println("Waiting for authentication...") - - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-iflow-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - var resultMap map[string]string - for { - if !IsOAuthSessionPending(state, "iflow") { - return - } - if time.Now().After(deadline) { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: timeout waiting for callback") - return - } - if data, errR := os.ReadFile(waitFile); errR == nil { - _ = os.Remove(waitFile) - _ = json.Unmarshal(data, &resultMap) - break - } - time.Sleep(500 * time.Millisecond) - } - - if errStr := strings.TrimSpace(resultMap["error"]); errStr != "" { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %s\n", errStr) - return - } - if resultState := strings.TrimSpace(resultMap["state"]); resultState != state { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: state mismatch") - return - } - - code := strings.TrimSpace(resultMap["code"]) - if code == "" { - SetOAuthSessionError(state, "Authentication failed") - fmt.Println("Authentication failed: code missing") - return - } - - tokenData, errExchange := authSvc.ExchangeCodeForTokens(ctx, code, redirectURI) - if errExchange != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errExchange) - return - } - - tokenStorage := authSvc.CreateTokenStorage(tokenData) - identifier := strings.TrimSpace(tokenStorage.Email) - if identifier == "" { - identifier = fmt.Sprintf("%d", time.Now().UnixMilli()) - tokenStorage.Email = identifier - } - record := &coreauth.Auth{ - ID: fmt.Sprintf("iflow-%s.json", identifier), - Provider: "iflow", - FileName: fmt.Sprintf("iflow-%s.json", identifier), - Storage: tokenStorage, - Metadata: map[string]any{"email": identifier, "api_key": tokenStorage.APIKey}, - Attributes: map[string]string{"api_key": tokenStorage.APIKey}, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - SetOAuthSessionError(state, "Failed to save authentication tokens") - log.Errorf("Failed to save authentication tokens: %v", errSave) - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if tokenStorage.APIKey != "" { - fmt.Println("API key obtained and saved") - } - fmt.Println("You can now use iFlow services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("iflow") - }() - - c.JSON(http.StatusOK, gin.H{"status": "ok", "url": authURL, "state": state}) -} - -func (h *Handler) RequestGitHubToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing GitHub Copilot authentication...") - - state := fmt.Sprintf("gh-%d", time.Now().UnixNano()) - - // Initialize Copilot auth service - // We need to import "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/copilot" first if not present - // Assuming copilot package is imported as "copilot" - deviceClient := copilot.NewDeviceFlowClient(h.cfg) - - // Initiate device flow - deviceCode, err := deviceClient.RequestDeviceCode(ctx) - if err != nil { - log.Errorf("Failed to initiate device flow: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to initiate device flow"}) - return - } - - authURL := deviceCode.VerificationURI - userCode := deviceCode.UserCode - - RegisterOAuthSession(state, "github") - - go func() { - fmt.Printf("Please visit %s and enter code: %s\n", authURL, userCode) - - tokenData, errPoll := deviceClient.PollForToken(ctx, deviceCode) - if errPoll != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", errPoll) - return - } - - username, errUser := deviceClient.FetchUserInfo(ctx, tokenData.AccessToken) - if errUser != nil { - log.Warnf("Failed to fetch user info: %v", errUser) - username = "github-user" - } - - tokenStorage := &copilot.CopilotTokenStorage{ - AccessToken: tokenData.AccessToken, - TokenType: tokenData.TokenType, - Scope: tokenData.Scope, - Username: username, - Type: "github-copilot", - } - - fileName := fmt.Sprintf("github-%s.json", username) - record := &coreauth.Auth{ - ID: fileName, - Provider: "github", - FileName: fileName, - Storage: tokenStorage, - Metadata: map[string]any{ - "email": username, - "username": username, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - fmt.Println("You can now use GitHub Copilot services through this CLI") - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("github") - }() - - c.JSON(200, gin.H{ - "status": "ok", - "url": authURL, - "state": state, - "user_code": userCode, - "verification_uri": authURL, - }) -} - -func (h *Handler) RequestIFlowCookieToken(c *gin.Context) { - ctx := context.Background() - - var payload struct { - Cookie string `json:"cookie"` - } - if err := c.ShouldBindJSON(&payload); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"}) - return - } - - cookieValue := strings.TrimSpace(payload.Cookie) - - if cookieValue == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "cookie is required"}) - return - } - - cookieValue, errNormalize := iflowauth.NormalizeCookie(cookieValue) - if errNormalize != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errNormalize.Error()}) - return - } - - // Check for duplicate BXAuth before authentication - bxAuth := iflowauth.ExtractBXAuth(cookieValue) - if existingFile, err := iflowauth.CheckDuplicateBXAuth(h.cfg.AuthDir, bxAuth); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to check duplicate"}) - return - } else if existingFile != "" { - existingFileName := filepath.Base(existingFile) - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "duplicate BXAuth found", "existing_file": existingFileName}) - return - } - - authSvc := iflowauth.NewIFlowAuth(h.cfg) - tokenData, errAuth := authSvc.AuthenticateWithCookie(ctx, cookieValue) - if errAuth != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": errAuth.Error()}) - return - } - - tokenData.Cookie = cookieValue - - tokenStorage := authSvc.CreateCookieTokenStorage(tokenData) - email := strings.TrimSpace(tokenStorage.Email) - if email == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "failed to extract email from token"}) - return - } - - fileName := iflowauth.SanitizeIFlowFileName(email) - if fileName == "" { - fileName = fmt.Sprintf("iflow-%d", time.Now().UnixMilli()) - } else { - fileName = fmt.Sprintf("iflow-%s", fileName) - } - - tokenStorage.Email = email - timestamp := time.Now().Unix() - - record := &coreauth.Auth{ - ID: fmt.Sprintf("%s-%d.json", fileName, timestamp), - Provider: "iflow", - FileName: fmt.Sprintf("%s-%d.json", fileName, timestamp), - Storage: tokenStorage, - Metadata: map[string]any{ - "email": email, - "api_key": tokenStorage.APIKey, - "expired": tokenStorage.Expire, - "cookie": tokenStorage.Cookie, - "type": tokenStorage.Type, - "last_refresh": tokenStorage.LastRefresh, - }, - Attributes: map[string]string{ - "api_key": tokenStorage.APIKey, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to save authentication tokens"}) - return - } - - fmt.Printf("iFlow cookie authentication successful. Token saved to %s\n", savedPath) - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "saved_path": savedPath, - "email": email, - "expired": tokenStorage.Expire, - "type": tokenStorage.Type, - }) -} - -type projectSelectionRequiredError struct{} - -func (e *projectSelectionRequiredError) Error() string { - return "gemini cli: project selection required" -} - -func ensureGeminiProjectAndOnboard(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage, requestedProject string) error { - if storage == nil { - return fmt.Errorf("gemini storage is nil") - } - - trimmedRequest := strings.TrimSpace(requestedProject) - if trimmedRequest == "" { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - return fmt.Errorf("fetch project list: %w", errProjects) - } - if len(projects) == 0 { - return fmt.Errorf("no Google Cloud projects available for this account") - } - trimmedRequest = strings.TrimSpace(projects[0].ProjectID) - if trimmedRequest == "" { - return fmt.Errorf("resolved project id is empty") - } - storage.Auto = true - } else { - storage.Auto = false - } - - if err := performGeminiCLISetup(ctx, httpClient, storage, trimmedRequest); err != nil { - return err - } - - if strings.TrimSpace(storage.ProjectID) == "" { - storage.ProjectID = trimmedRequest - } - - return nil -} - -func onboardAllGeminiProjects(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage) ([]string, error) { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - return nil, fmt.Errorf("fetch project list: %w", errProjects) - } - if len(projects) == 0 { - return nil, fmt.Errorf("no Google Cloud projects available for this account") - } - activated := make([]string, 0, len(projects)) - seen := make(map[string]struct{}, len(projects)) - for _, project := range projects { - candidate := strings.TrimSpace(project.ProjectID) - if candidate == "" { - continue - } - if _, dup := seen[candidate]; dup { - continue - } - if err := performGeminiCLISetup(ctx, httpClient, storage, candidate); err != nil { - return nil, fmt.Errorf("onboard project %s: %w", candidate, err) - } - finalID := strings.TrimSpace(storage.ProjectID) - if finalID == "" { - finalID = candidate - } - activated = append(activated, finalID) - seen[candidate] = struct{}{} - } - if len(activated) == 0 { - return nil, fmt.Errorf("no Google Cloud projects available for this account") - } - return activated, nil -} - -func ensureGeminiProjectsEnabled(ctx context.Context, httpClient *http.Client, projectIDs []string) error { - for _, pid := range projectIDs { - trimmed := strings.TrimSpace(pid) - if trimmed == "" { - continue - } - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, httpClient, trimmed) - if errCheck != nil { - return fmt.Errorf("project %s: %w", trimmed, errCheck) - } - if !isChecked { - return fmt.Errorf("project %s: Cloud AI API not enabled", trimmed) - } - } - return nil -} - -func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage *geminiAuth.GeminiTokenStorage, requestedProject string) error { - metadata := map[string]string{ - "ideType": "IDE_UNSPECIFIED", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - } - - trimmedRequest := strings.TrimSpace(requestedProject) - explicitProject := trimmedRequest != "" - - loadReqBody := map[string]any{ - "metadata": metadata, - } - if explicitProject { - loadReqBody["cloudaicompanionProject"] = trimmedRequest - } - - var loadResp map[string]any - if errLoad := callGeminiCLI(ctx, httpClient, "loadCodeAssist", loadReqBody, &loadResp); errLoad != nil { - return fmt.Errorf("load code assist: %w", errLoad) - } - - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID := trimmedRequest - if projectID == "" { - if id, okProject := loadResp["cloudaicompanionProject"].(string); okProject { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, okProject := loadResp["cloudaicompanionProject"].(map[string]any); okProject { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - } - if projectID == "" { - // Auto-discovery: try onboardUser without specifying a project - // to let Google auto-provision one (matches Gemini CLI headless behavior - // and Antigravity's FetchProjectID pattern). - autoOnboardReq := map[string]any{ - "tierId": tierID, - "metadata": metadata, - } - - autoCtx, autoCancel := context.WithTimeout(ctx, 30*time.Second) - defer autoCancel() - for attempt := 1; ; attempt++ { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(autoCtx, httpClient, "onboardUser", autoOnboardReq, &onboardResp); errOnboard != nil { - return fmt.Errorf("auto-discovery onboardUser: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch v := resp["cloudaicompanionProject"].(type) { - case string: - projectID = strings.TrimSpace(v) - case map[string]any: - if id, okID := v["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - break - } - - log.Debugf("Auto-discovery: onboarding in progress, attempt %d...", attempt) - select { - case <-autoCtx.Done(): - return &projectSelectionRequiredError{} - case <-time.After(2 * time.Second): - } - } - - if projectID == "" { - return &projectSelectionRequiredError{} - } - log.Infof("Auto-discovered project ID via onboarding: %s", projectID) - } - - onboardReqBody := map[string]any{ - "tierId": tierID, - "metadata": metadata, - "cloudaicompanionProject": projectID, - } - - storage.ProjectID = projectID - - for { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(ctx, httpClient, "onboardUser", onboardReqBody, &onboardResp); errOnboard != nil { - return fmt.Errorf("onboard user: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - responseProjectID := "" - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch projectValue := resp["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - responseProjectID = strings.TrimSpace(id) - } - case string: - responseProjectID = strings.TrimSpace(projectValue) - } - } - - finalProjectID := projectID - if responseProjectID != "" { - if explicitProject && !strings.EqualFold(responseProjectID, projectID) { - // Check if this is a free user (gen-lang-client projects or free/legacy tier) - isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") || - strings.EqualFold(tierID, "FREE") || - strings.EqualFold(tierID, "LEGACY") - - if isFreeUser { - // For free users, use backend project ID for preview model access - log.Infof("Gemini onboarding: frontend project %s maps to backend project %s", projectID, responseProjectID) - log.Infof("Using backend project ID: %s (recommended for preview model access)", responseProjectID) - finalProjectID = responseProjectID - } else { - // Pro users: keep requested project ID (original behavior) - log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID) - } - } else { - finalProjectID = responseProjectID - } - } - - storage.ProjectID = strings.TrimSpace(finalProjectID) - if storage.ProjectID == "" { - storage.ProjectID = strings.TrimSpace(projectID) - } - if storage.ProjectID == "" { - return fmt.Errorf("onboard user completed without project id") - } - log.Infof("Onboarding complete. Using Project ID: %s", storage.ProjectID) - return nil - } - - log.Println("Onboarding in progress, waiting 5 seconds...") - time.Sleep(5 * time.Second) - } -} - -func callGeminiCLI(ctx context.Context, httpClient *http.Client, endpoint string, body any, result any) error { - endPointURL := fmt.Sprintf("%s/%s:%s", geminiCLIEndpoint, geminiCLIVersion, endpoint) - if strings.HasPrefix(endpoint, "operations/") { - endPointURL = fmt.Sprintf("%s/%s", geminiCLIEndpoint, endpoint) - } - - var reader io.Reader - if body != nil { - rawBody, errMarshal := json.Marshal(body) - if errMarshal != nil { - return fmt.Errorf("marshal request body: %w", errMarshal) - } - reader = bytes.NewReader(rawBody) - } - - req, errRequest := http.NewRequestWithContext(ctx, http.MethodPost, endPointURL, reader) - if errRequest != nil { - return fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - req.Header.Set("X-Goog-Api-Client", geminiCLIApiClient) - req.Header.Set("Client-Metadata", geminiCLIClientMetadata) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return fmt.Errorf("api request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - if result == nil { - _, _ = io.Copy(io.Discard, resp.Body) - return nil - } - - if errDecode := json.NewDecoder(resp.Body).Decode(result); errDecode != nil { - return fmt.Errorf("decode response body: %w", errDecode) - } - - return nil -} - -func fetchGCPProjects(ctx context.Context, httpClient *http.Client) ([]interfaces.GCPProjectProjects, error) { - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, "https://cloudresourcemanager.googleapis.com/v1/projects", nil) - if errRequest != nil { - return nil, fmt.Errorf("could not create project list request: %w", errRequest) - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("failed to execute project list request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, fmt.Errorf("project list request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var projects interfaces.GCPProject - if errDecode := json.NewDecoder(resp.Body).Decode(&projects); errDecode != nil { - return nil, fmt.Errorf("failed to unmarshal project list: %w", errDecode) - } - - return projects.Projects, nil -} - -func checkCloudAPIIsEnabled(ctx context.Context, httpClient *http.Client, projectID string) (bool, error) { - serviceUsageURL := "https://serviceusage.googleapis.com" - requiredServices := []string{ - "cloudaicompanion.googleapis.com", - } - for _, service := range requiredServices { - checkURL := fmt.Sprintf("%s/v1/projects/%s/services/%s", serviceUsageURL, projectID, service) - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, checkURL, nil) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo := httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - if resp.StatusCode == http.StatusOK { - bodyBytes, _ := io.ReadAll(resp.Body) - if gjson.GetBytes(bodyBytes, "state").String() == "ENABLED" { - _ = resp.Body.Close() - continue - } - } - _ = resp.Body.Close() - - enableURL := fmt.Sprintf("%s/v1/projects/%s/services/%s:enable", serviceUsageURL, projectID, service) - req, errRequest = http.NewRequestWithContext(ctx, http.MethodPost, enableURL, strings.NewReader("{}")) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo = httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - bodyBytes, _ := io.ReadAll(resp.Body) - errMessage := string(bodyBytes) - errMessageResult := gjson.GetBytes(bodyBytes, "error.message") - if errMessageResult.Exists() { - errMessage = errMessageResult.String() - } - if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated { - _ = resp.Body.Close() - continue - } else if resp.StatusCode == http.StatusBadRequest { - _ = resp.Body.Close() - if strings.Contains(strings.ToLower(errMessage), "already enabled") { - continue - } - } - _ = resp.Body.Close() - return false, fmt.Errorf("project activation required: %s", errMessage) - } - return true, nil -} - -func (h *Handler) GetAuthStatus(c *gin.Context) { - state := strings.TrimSpace(c.Query("state")) - if state == "" { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return - } - if err := ValidateOAuthState(state); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid state"}) - return - } - - _, status, ok := GetOAuthSession(state) - if !ok { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return - } - if status != "" { - if strings.HasPrefix(status, "device_code|") { - parts := strings.SplitN(status, "|", 3) - if len(parts) == 3 { - c.JSON(http.StatusOK, gin.H{ - "status": "device_code", - "verification_url": parts[1], - "user_code": parts[2], - }) - return - } - } - if strings.HasPrefix(status, "auth_url|") { - authURL := strings.TrimPrefix(status, "auth_url|") - c.JSON(http.StatusOK, gin.H{ - "status": "auth_url", - "url": authURL, - }) - return - } - c.JSON(http.StatusOK, gin.H{"status": "error", "error": status}) - return - } - c.JSON(http.StatusOK, gin.H{"status": "wait"}) -} - -// PopulateAuthContext extracts request info and adds it to the context -func PopulateAuthContext(ctx context.Context, c *gin.Context) context.Context { - info := &coreauth.RequestInfo{ - Query: c.Request.URL.Query(), - Headers: c.Request.Header, - } - return coreauth.WithRequestInfo(ctx, info) -} -const kiroCallbackPort = 9876 - -func (h *Handler) RequestKiroToken(c *gin.Context) { - ctx := context.Background() - - // Get the login method from query parameter (default: aws for device code flow) - method := strings.ToLower(strings.TrimSpace(c.Query("method"))) - if method == "" { - method = "aws" - } - - fmt.Println("Initializing Kiro authentication...") - - state := fmt.Sprintf("kiro-%d", time.Now().UnixNano()) - - switch method { - case "aws", "builder-id": - RegisterOAuthSession(state, "kiro") - - // AWS Builder ID uses device code flow (no callback needed) - go func() { - ssoClient := kiroauth.NewSSOOIDCClient(h.cfg) - - // Step 1: Register client - fmt.Println("Registering client...") - regResp, errRegister := ssoClient.RegisterClient(ctx) - if errRegister != nil { - log.Errorf("Failed to register client: %v", errRegister) - SetOAuthSessionError(state, "Failed to register client") - return - } - - // Step 2: Start device authorization - fmt.Println("Starting device authorization...") - authResp, errAuth := ssoClient.StartDeviceAuthorization(ctx, regResp.ClientID, regResp.ClientSecret) - if errAuth != nil { - log.Errorf("Failed to start device auth: %v", errAuth) - SetOAuthSessionError(state, "Failed to start device authorization") - return - } - - // Store the verification URL for the frontend to display. - // Using "|" as separator because URLs contain ":". - SetOAuthSessionError(state, "device_code|"+authResp.VerificationURIComplete+"|"+authResp.UserCode) - - // Step 3: Poll for token - fmt.Println("Waiting for authorization...") - interval := 5 * time.Second - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - SetOAuthSessionError(state, "Authorization cancelled") - return - case <-time.After(interval): - tokenResp, errToken := ssoClient.CreateToken(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode) - if errToken != nil { - errStr := errToken.Error() - if strings.Contains(errStr, "authorization_pending") { - continue - } - if strings.Contains(errStr, "slow_down") { - interval += 5 * time.Second - continue - } - log.Errorf("Token creation failed: %v", errToken) - SetOAuthSessionError(state, "Token creation failed") - return - } - - // Success! Save the token - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - email := kiroauth.ExtractEmailFromJWT(tokenResp.AccessToken) - - idPart := kiroauth.SanitizeEmailForFilename(email) - if idPart == "" { - idPart = fmt.Sprintf("%d", time.Now().UnixNano()%100000) - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-aws-%s.json", idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "expires_at": expiresAt.Format(time.RFC3339), - "auth_method": "builder-id", - "provider": "AWS", - "client_id": regResp.ClientID, - "client_secret": regResp.ClientSecret, - "email": email, - "last_refresh": now.Format(time.RFC3339), - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if email != "" { - fmt.Printf("Authenticated as: %s\n", email) - } - CompleteOAuthSession(state) - return - } - } - - SetOAuthSessionError(state, "Authorization timed out") - }() - - // Return immediately with the state for polling - c.JSON(http.StatusOK, gin.H{"status": "ok", "state": state, "method": "device_code"}) - - case "google", "github": - RegisterOAuthSession(state, "kiro") - - // Social auth uses protocol handler - for WEB UI we use a callback forwarder - provider := "Google" - if method == "github" { - provider = "Github" - } - - isWebUI := isWebUIRequest(c) - if isWebUI { - targetURL, errTarget := h.managementCallbackURL("/kiro/callback") - if errTarget != nil { - log.WithError(errTarget).Error("failed to compute kiro callback target") - c.JSON(http.StatusInternalServerError, gin.H{"error": "callback server unavailable"}) - return - } - if _, errStart := startCallbackForwarder(kiroCallbackPort, "kiro", targetURL); errStart != nil { - log.WithError(errStart).Error("failed to start kiro callback forwarder") - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to start callback server"}) - return - } - } - - go func() { - if isWebUI { - defer stopCallbackForwarder(kiroCallbackPort) - } - - socialClient := kiroauth.NewSocialAuthClient(h.cfg) - - // Generate PKCE codes - codeVerifier, codeChallenge, errPKCE := generateKiroPKCE() - if errPKCE != nil { - log.Errorf("Failed to generate PKCE: %v", errPKCE) - SetOAuthSessionError(state, "Failed to generate PKCE") - return - } - - // Build login URL - authURL := fmt.Sprintf("%s/login?idp=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256&state=%s&prompt=select_account", - "https://prod.us-east-1.auth.desktop.kiro.dev", - provider, - url.QueryEscape(kiroauth.KiroRedirectURI), - codeChallenge, - state, - ) - - // Store auth URL for frontend. - // Using "|" as separator because URLs contain ":". - SetOAuthSessionError(state, "auth_url|"+authURL) - - // Wait for callback file - waitFile := filepath.Join(h.cfg.AuthDir, fmt.Sprintf(".oauth-kiro-%s.oauth", state)) - deadline := time.Now().Add(5 * time.Minute) - - for { - if time.Now().After(deadline) { - log.Error("oauth flow timed out") - SetOAuthSessionError(state, "OAuth flow timed out") - return - } - if data, errRead := os.ReadFile(waitFile); errRead == nil { - var m map[string]string - _ = json.Unmarshal(data, &m) - _ = os.Remove(waitFile) - if errStr := m["error"]; errStr != "" { - log.Errorf("Authentication failed: %s", errStr) - SetOAuthSessionError(state, "Authentication failed") - return - } - if m["state"] != state { - log.Errorf("State mismatch") - SetOAuthSessionError(state, "State mismatch") - return - } - code := m["code"] - if code == "" { - log.Error("No authorization code received") - SetOAuthSessionError(state, "No authorization code received") - return - } - - // Exchange code for tokens - tokenReq := &kiroauth.CreateTokenRequest{ - Code: code, - CodeVerifier: codeVerifier, - RedirectURI: kiroauth.KiroRedirectURI, - } - - tokenResp, errToken := socialClient.CreateToken(ctx, tokenReq) - if errToken != nil { - log.Errorf("Failed to exchange code for tokens: %v", errToken) - SetOAuthSessionError(state, "Failed to exchange code for tokens") - return - } - - // Save the token - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - email := kiroauth.ExtractEmailFromJWT(tokenResp.AccessToken) - - idPart := kiroauth.SanitizeEmailForFilename(email) - if idPart == "" { - idPart = fmt.Sprintf("%d", time.Now().UnixNano()%100000) - } - - now := time.Now() - fileName := fmt.Sprintf("kiro-%s-%s.json", strings.ToLower(provider), idPart) - - record := &coreauth.Auth{ - ID: fileName, - Provider: "kiro", - FileName: fileName, - Metadata: map[string]any{ - "type": "kiro", - "access_token": tokenResp.AccessToken, - "refresh_token": tokenResp.RefreshToken, - "profile_arn": tokenResp.ProfileArn, - "expires_at": expiresAt.Format(time.RFC3339), - "auth_method": "social", - "provider": provider, - "email": email, - "last_refresh": now.Format(time.RFC3339), - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - if email != "" { - fmt.Printf("Authenticated as: %s\n", email) - } - CompleteOAuthSession(state) - return - } - time.Sleep(500 * time.Millisecond) - } - }() - - c.JSON(http.StatusOK, gin.H{"status": "ok", "state": state, "method": "social"}) - - default: - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid method, use 'aws', 'google', or 'github'"}) - } -} - -// generateKiroPKCE generates PKCE code verifier and challenge for Kiro OAuth. -func generateKiroPKCE() (verifier, challenge string, err error) { - b := make([]byte, 32) - if _, errRead := io.ReadFull(rand.Reader, b); errRead != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", errRead) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - - return verifier, challenge, nil -} - -func (h *Handler) RequestKiloToken(c *gin.Context) { - ctx := context.Background() - - fmt.Println("Initializing Kilo authentication...") - - state := fmt.Sprintf("kil-%d", time.Now().UnixNano()) - kilocodeAuth := kilo.NewKiloAuth() - - resp, err := kilocodeAuth.InitiateDeviceFlow(ctx) - if err != nil { - log.Errorf("Failed to initiate device flow: %v", err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to initiate device flow"}) - return - } - - RegisterOAuthSession(state, "kilo") - - go func() { - fmt.Printf("Please visit %s and enter code: %s\n", resp.VerificationURL, resp.Code) - - status, err := kilocodeAuth.PollForToken(ctx, resp.Code) - if err != nil { - SetOAuthSessionError(state, "Authentication failed") - fmt.Printf("Authentication failed: %v\n", err) - return - } - - profile, err := kilocodeAuth.GetProfile(ctx, status.Token) - if err != nil { - log.Warnf("Failed to fetch profile: %v", err) - profile = &kilo.Profile{Email: status.UserEmail} - } - - var orgID string - if len(profile.Orgs) > 0 { - orgID = profile.Orgs[0].ID - } - - defaults, err := kilocodeAuth.GetDefaults(ctx, status.Token, orgID) - if err != nil { - defaults = &kilo.Defaults{} - } - - ts := &kilo.KiloTokenStorage{ - Token: status.Token, - OrganizationID: orgID, - Model: defaults.Model, - Email: status.UserEmail, - Type: "kilo", - } - - fileName := kilo.CredentialFileName(status.UserEmail) - record := &coreauth.Auth{ - ID: fileName, - Provider: "kilo", - FileName: fileName, - Storage: ts, - Metadata: map[string]any{ - "email": status.UserEmail, - "organization_id": orgID, - "model": defaults.Model, - }, - } - - savedPath, errSave := h.saveTokenRecord(ctx, record) - if errSave != nil { - log.Errorf("Failed to save authentication tokens: %v", errSave) - SetOAuthSessionError(state, "Failed to save authentication tokens") - return - } - - fmt.Printf("Authentication successful! Token saved to %s\n", savedPath) - CompleteOAuthSession(state) - CompleteOAuthSessionsByProvider("kilo") - }() - - c.JSON(200, gin.H{ - "status": "ok", - "url": resp.VerificationURL, - "state": state, - "user_code": resp.Code, - "verification_uri": resp.VerificationURL, - }) -} diff --git a/internal/api/handlers/management/config_basic.go b/internal/api/handlers/management/config_basic.go deleted file mode 100644 index b71332c230..0000000000 --- a/internal/api/handlers/management/config_basic.go +++ /dev/null @@ -1,328 +0,0 @@ -package management - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - sdkconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" -) - -const ( - latestReleaseURL = "https://api.github.com/repos/router-for-me/CLIProxyAPIPlus/releases/latest" - latestReleaseUserAgent = "CLIProxyAPIPlus" -) - -func (h *Handler) GetConfig(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{}) - return - } - c.JSON(200, new(*h.cfg)) -} - -type releaseInfo struct { - TagName string `json:"tag_name"` - Name string `json:"name"` -} - -// GetLatestVersion returns the latest release version from GitHub without downloading assets. -func (h *Handler) GetLatestVersion(c *gin.Context) { - client := &http.Client{Timeout: 10 * time.Second} - proxyURL := "" - if h != nil && h.cfg != nil { - proxyURL = strings.TrimSpace(h.cfg.ProxyURL) - } - if proxyURL != "" { - sdkCfg := &sdkconfig.SDKConfig{ProxyURL: proxyURL} - util.SetProxy(sdkCfg, client) - } - - req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, latestReleaseURL, nil) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "request_create_failed", "message": err.Error()}) - return - } - req.Header.Set("Accept", "application/vnd.github+json") - req.Header.Set("User-Agent", latestReleaseUserAgent) - - resp, err := client.Do(req) - if err != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "request_failed", "message": err.Error()}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.WithError(errClose).Debug("failed to close latest version response body") - } - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - c.JSON(http.StatusBadGateway, gin.H{"error": "unexpected_status", "message": fmt.Sprintf("status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))}) - return - } - - var info releaseInfo - if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "decode_failed", "message": errDecode.Error()}) - return - } - - version := strings.TrimSpace(info.TagName) - if version == "" { - version = strings.TrimSpace(info.Name) - } - if version == "" { - c.JSON(http.StatusBadGateway, gin.H{"error": "invalid_response", "message": "missing release version"}) - return - } - - c.JSON(http.StatusOK, gin.H{"latest-version": version}) -} - -func WriteConfig(path string, data []byte) error { - data = config.NormalizeCommentIndentation(data) - f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) - if err != nil { - return err - } - if _, errWrite := f.Write(data); errWrite != nil { - _ = f.Close() - return errWrite - } - if errSync := f.Sync(); errSync != nil { - _ = f.Close() - return errSync - } - return f.Close() -} - -func (h *Handler) PutConfigYAML(c *gin.Context) { - body, err := io.ReadAll(c.Request.Body) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": "cannot read request body"}) - return - } - var cfg config.Config - if err = yaml.Unmarshal(body, &cfg); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid_yaml", "message": err.Error()}) - return - } - // Validate config using LoadConfigOptional with optional=false to enforce parsing - tmpDir := filepath.Dir(h.configFilePath) - tmpFile, err := os.CreateTemp(tmpDir, "config-validate-*.yaml") - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": err.Error()}) - return - } - tempFile := tmpFile.Name() - if _, errWrite := tmpFile.Write(body); errWrite != nil { - _ = tmpFile.Close() - _ = os.Remove(tempFile) - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errWrite.Error()}) - return - } - if errClose := tmpFile.Close(); errClose != nil { - _ = os.Remove(tempFile) - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": errClose.Error()}) - return - } - defer func() { - _ = os.Remove(tempFile) - }() - _, err = config.LoadConfigOptional(tempFile, false) - if err != nil { - c.JSON(http.StatusUnprocessableEntity, gin.H{"error": "invalid_config", "message": err.Error()}) - return - } - h.mu.Lock() - defer h.mu.Unlock() - if WriteConfig(h.configFilePath, body) != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "write_failed", "message": "failed to write config"}) - return - } - // Reload into handler to keep memory in sync - newCfg, err := config.LoadConfig(h.configFilePath) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "reload_failed", "message": err.Error()}) - return - } - h.cfg = newCfg - c.JSON(http.StatusOK, gin.H{"ok": true, "changed": []string{"config"}}) -} - -// GetConfigYAML returns the raw config.yaml file bytes without re-encoding. -// It preserves comments and original formatting/styles. -func (h *Handler) GetConfigYAML(c *gin.Context) { - data, err := os.ReadFile(h.configFilePath) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "not_found", "message": "config file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": "read_failed", "message": err.Error()}) - return - } - c.Header("Content-Type", "application/yaml; charset=utf-8") - c.Header("Cache-Control", "no-store") - c.Header("X-Content-Type-Options", "nosniff") - // Write raw bytes as-is - _, _ = c.Writer.Write(data) -} - -// Debug -func (h *Handler) GetDebug(c *gin.Context) { c.JSON(200, gin.H{"debug": h.cfg.Debug}) } -func (h *Handler) PutDebug(c *gin.Context) { h.updateBoolField(c, func(v bool) { h.cfg.Debug = v }) } - -// UsageStatisticsEnabled -func (h *Handler) GetUsageStatisticsEnabled(c *gin.Context) { - c.JSON(200, gin.H{"usage-statistics-enabled": h.cfg.UsageStatisticsEnabled}) -} -func (h *Handler) PutUsageStatisticsEnabled(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.UsageStatisticsEnabled = v }) -} - -// UsageStatisticsEnabled -func (h *Handler) GetLoggingToFile(c *gin.Context) { - c.JSON(200, gin.H{"logging-to-file": h.cfg.LoggingToFile}) -} -func (h *Handler) PutLoggingToFile(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.LoggingToFile = v }) -} - -// LogsMaxTotalSizeMB -func (h *Handler) GetLogsMaxTotalSizeMB(c *gin.Context) { - c.JSON(200, gin.H{"logs-max-total-size-mb": h.cfg.LogsMaxTotalSizeMB}) -} -func (h *Handler) PutLogsMaxTotalSizeMB(c *gin.Context) { - var body struct { - Value *int `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - value := *body.Value - if value < 0 { - value = 0 - } - h.cfg.LogsMaxTotalSizeMB = value - h.persist(c) -} - -// ErrorLogsMaxFiles -func (h *Handler) GetErrorLogsMaxFiles(c *gin.Context) { - c.JSON(200, gin.H{"error-logs-max-files": h.cfg.ErrorLogsMaxFiles}) -} -func (h *Handler) PutErrorLogsMaxFiles(c *gin.Context) { - var body struct { - Value *int `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - value := *body.Value - if value < 0 { - value = 10 - } - h.cfg.ErrorLogsMaxFiles = value - h.persist(c) -} - -// Request log -func (h *Handler) GetRequestLog(c *gin.Context) { c.JSON(200, gin.H{"request-log": h.cfg.RequestLog}) } -func (h *Handler) PutRequestLog(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.RequestLog = v }) -} - -// Websocket auth -func (h *Handler) GetWebsocketAuth(c *gin.Context) { - c.JSON(200, gin.H{"ws-auth": h.cfg.WebsocketAuth}) -} -func (h *Handler) PutWebsocketAuth(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.WebsocketAuth = v }) -} - -// Request retry -func (h *Handler) GetRequestRetry(c *gin.Context) { - c.JSON(200, gin.H{"request-retry": h.cfg.RequestRetry}) -} -func (h *Handler) PutRequestRetry(c *gin.Context) { - h.updateIntField(c, func(v int) { h.cfg.RequestRetry = v }) -} - -// Max retry interval -func (h *Handler) GetMaxRetryInterval(c *gin.Context) { - c.JSON(200, gin.H{"max-retry-interval": h.cfg.MaxRetryInterval}) -} -func (h *Handler) PutMaxRetryInterval(c *gin.Context) { - h.updateIntField(c, func(v int) { h.cfg.MaxRetryInterval = v }) -} - -// ForceModelPrefix -func (h *Handler) GetForceModelPrefix(c *gin.Context) { - c.JSON(200, gin.H{"force-model-prefix": h.cfg.ForceModelPrefix}) -} -func (h *Handler) PutForceModelPrefix(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.ForceModelPrefix = v }) -} - -func normalizeRoutingStrategy(strategy string) (string, bool) { - normalized := strings.ToLower(strings.TrimSpace(strategy)) - switch normalized { - case "", "round-robin", "roundrobin", "rr": - return "round-robin", true - case "fill-first", "fillfirst", "ff": - return "fill-first", true - default: - return "", false - } -} - -// RoutingStrategy -func (h *Handler) GetRoutingStrategy(c *gin.Context) { - strategy, ok := normalizeRoutingStrategy(h.cfg.Routing.Strategy) - if !ok { - c.JSON(200, gin.H{"strategy": strings.TrimSpace(h.cfg.Routing.Strategy)}) - return - } - c.JSON(200, gin.H{"strategy": strategy}) -} -func (h *Handler) PutRoutingStrategy(c *gin.Context) { - var body struct { - Value *string `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - normalized, ok := normalizeRoutingStrategy(*body.Value) - if !ok { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid strategy"}) - return - } - h.cfg.Routing.Strategy = normalized - h.persist(c) -} - -// Proxy URL -func (h *Handler) GetProxyURL(c *gin.Context) { c.JSON(200, gin.H{"proxy-url": h.cfg.ProxyURL}) } -func (h *Handler) PutProxyURL(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.ProxyURL = v }) -} -func (h *Handler) DeleteProxyURL(c *gin.Context) { - h.cfg.ProxyURL = "" - h.persist(c) -} diff --git a/internal/api/handlers/management/config_lists.go b/internal/api/handlers/management/config_lists.go deleted file mode 100644 index 31a72f3b9e..0000000000 --- a/internal/api/handlers/management/config_lists.go +++ /dev/null @@ -1,1368 +0,0 @@ -package management - -import ( - "encoding/json" - "fmt" - "strings" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// Generic helpers for list[string] -func (h *Handler) putStringList(c *gin.Context, set func([]string), after func()) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []string - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []string `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - set(arr) - if after != nil { - after() - } - h.persist(c) -} - -func (h *Handler) patchStringList(c *gin.Context, target *[]string, after func()) { - var body struct { - Old *string `json:"old"` - New *string `json:"new"` - Index *int `json:"index"` - Value *string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - if body.Index != nil && body.Value != nil && *body.Index >= 0 && *body.Index < len(*target) { - (*target)[*body.Index] = *body.Value - if after != nil { - after() - } - h.persist(c) - return - } - if body.Old != nil && body.New != nil { - for i := range *target { - if (*target)[i] == *body.Old { - (*target)[i] = *body.New - if after != nil { - after() - } - h.persist(c) - return - } - } - *target = append(*target, *body.New) - if after != nil { - after() - } - h.persist(c) - return - } - c.JSON(400, gin.H{"error": "missing fields"}) -} - -func (h *Handler) deleteFromStringList(c *gin.Context, target *[]string, after func()) { - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(*target) { - *target = append((*target)[:idx], (*target)[idx+1:]...) - if after != nil { - after() - } - h.persist(c) - return - } - } - if val := strings.TrimSpace(c.Query("value")); val != "" { - out := make([]string, 0, len(*target)) - for _, v := range *target { - if strings.TrimSpace(v) != val { - out = append(out, v) - } - } - *target = out - if after != nil { - after() - } - h.persist(c) - return - } - c.JSON(400, gin.H{"error": "missing index or value"}) -} - -// api-keys -func (h *Handler) GetAPIKeys(c *gin.Context) { c.JSON(200, gin.H{"api-keys": h.cfg.APIKeys}) } -func (h *Handler) PutAPIKeys(c *gin.Context) { - h.putStringList(c, func(v []string) { - h.cfg.APIKeys = append([]string(nil), v...) - }, nil) -} -func (h *Handler) PatchAPIKeys(c *gin.Context) { - h.patchStringList(c, &h.cfg.APIKeys, func() {}) -} -func (h *Handler) DeleteAPIKeys(c *gin.Context) { - h.deleteFromStringList(c, &h.cfg.APIKeys, func() {}) -} - -// gemini-api-key: []GeminiKey -func (h *Handler) GetGeminiKeys(c *gin.Context) { - c.JSON(200, gin.H{"gemini-api-key": h.cfg.GeminiKey}) -} -func (h *Handler) PutGeminiKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.GeminiKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.GeminiKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - h.cfg.GeminiKey = append([]config.GeminiKey(nil), arr...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) -} -func (h *Handler) PatchGeminiKey(c *gin.Context) { - type geminiKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *geminiKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.GeminiKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - if match != "" { - for i := range h.cfg.GeminiKey { - if h.cfg.GeminiKey[i].APIKey == match { - targetIndex = i - break - } - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.GeminiKey[targetIndex] - if body.Value.APIKey != nil { - trimmed := strings.TrimSpace(*body.Value.APIKey) - if trimmed == "" { - h.cfg.GeminiKey = append(h.cfg.GeminiKey[:targetIndex], h.cfg.GeminiKey[targetIndex+1:]...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) - return - } - entry.APIKey = trimmed - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - entry.BaseURL = strings.TrimSpace(*body.Value.BaseURL) - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - h.cfg.GeminiKey[targetIndex] = entry - h.cfg.SanitizeGeminiKeys() - h.persist(c) -} - -func (h *Handler) DeleteGeminiKey(c *gin.Context) { - if val := strings.TrimSpace(c.Query("api-key")); val != "" { - out := make([]config.GeminiKey, 0, len(h.cfg.GeminiKey)) - for _, v := range h.cfg.GeminiKey { - if v.APIKey != val { - out = append(out, v) - } - } - if len(out) != len(h.cfg.GeminiKey) { - h.cfg.GeminiKey = out - h.cfg.SanitizeGeminiKeys() - h.persist(c) - } else { - c.JSON(404, gin.H{"error": "item not found"}) - } - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - if _, err := fmt.Sscanf(idxStr, "%d", &idx); err == nil && idx >= 0 && idx < len(h.cfg.GeminiKey) { - h.cfg.GeminiKey = append(h.cfg.GeminiKey[:idx], h.cfg.GeminiKey[idx+1:]...) - h.cfg.SanitizeGeminiKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// claude-api-key: []ClaudeKey -func (h *Handler) GetClaudeKeys(c *gin.Context) { - c.JSON(200, gin.H{"claude-api-key": h.cfg.ClaudeKey}) -} -func (h *Handler) PutClaudeKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.ClaudeKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.ClaudeKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - for i := range arr { - normalizeClaudeKey(&arr[i]) - } - h.cfg.ClaudeKey = arr - h.cfg.SanitizeClaudeKeys() - h.persist(c) -} -func (h *Handler) PatchClaudeKey(c *gin.Context) { - type claudeKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Models *[]config.ClaudeModel `json:"models"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *claudeKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.ClaudeKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - for i := range h.cfg.ClaudeKey { - if h.cfg.ClaudeKey[i].APIKey == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.ClaudeKey[targetIndex] - if body.Value.APIKey != nil { - entry.APIKey = strings.TrimSpace(*body.Value.APIKey) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - entry.BaseURL = strings.TrimSpace(*body.Value.BaseURL) - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Models != nil { - entry.Models = append([]config.ClaudeModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - normalizeClaudeKey(&entry) - h.cfg.ClaudeKey[targetIndex] = entry - h.cfg.SanitizeClaudeKeys() - h.persist(c) -} - -func (h *Handler) DeleteClaudeKey(c *gin.Context) { - if val := c.Query("api-key"); val != "" { - out := make([]config.ClaudeKey, 0, len(h.cfg.ClaudeKey)) - for _, v := range h.cfg.ClaudeKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.ClaudeKey = out - h.cfg.SanitizeClaudeKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.ClaudeKey) { - h.cfg.ClaudeKey = append(h.cfg.ClaudeKey[:idx], h.cfg.ClaudeKey[idx+1:]...) - h.cfg.SanitizeClaudeKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// openai-compatibility: []OpenAICompatibility -func (h *Handler) GetOpenAICompat(c *gin.Context) { - c.JSON(200, gin.H{"openai-compatibility": normalizedOpenAICompatibilityEntries(h.cfg.OpenAICompatibility)}) -} -func (h *Handler) PutOpenAICompat(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.OpenAICompatibility - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.OpenAICompatibility `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - filtered := make([]config.OpenAICompatibility, 0, len(arr)) - for i := range arr { - normalizeOpenAICompatibilityEntry(&arr[i]) - if strings.TrimSpace(arr[i].BaseURL) != "" { - filtered = append(filtered, arr[i]) - } - } - h.cfg.OpenAICompatibility = filtered - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) -} -func (h *Handler) PatchOpenAICompat(c *gin.Context) { - type openAICompatPatch struct { - Name *string `json:"name"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - APIKeyEntries *[]config.OpenAICompatibilityAPIKey `json:"api-key-entries"` - Models *[]config.OpenAICompatibilityModel `json:"models"` - Headers *map[string]string `json:"headers"` - } - var body struct { - Name *string `json:"name"` - Index *int `json:"index"` - Value *openAICompatPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.OpenAICompatibility) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Name != nil { - match := strings.TrimSpace(*body.Name) - for i := range h.cfg.OpenAICompatibility { - if h.cfg.OpenAICompatibility[i].Name == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.OpenAICompatibility[targetIndex] - if body.Value.Name != nil { - entry.Name = strings.TrimSpace(*body.Value.Name) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:targetIndex], h.cfg.OpenAICompatibility[targetIndex+1:]...) - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.APIKeyEntries != nil { - entry.APIKeyEntries = append([]config.OpenAICompatibilityAPIKey(nil), (*body.Value.APIKeyEntries)...) - } - if body.Value.Models != nil { - entry.Models = append([]config.OpenAICompatibilityModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - normalizeOpenAICompatibilityEntry(&entry) - h.cfg.OpenAICompatibility[targetIndex] = entry - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) -} - -func (h *Handler) DeleteOpenAICompat(c *gin.Context) { - if name := c.Query("name"); name != "" { - out := make([]config.OpenAICompatibility, 0, len(h.cfg.OpenAICompatibility)) - for _, v := range h.cfg.OpenAICompatibility { - if v.Name != name { - out = append(out, v) - } - } - h.cfg.OpenAICompatibility = out - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.OpenAICompatibility) { - h.cfg.OpenAICompatibility = append(h.cfg.OpenAICompatibility[:idx], h.cfg.OpenAICompatibility[idx+1:]...) - h.cfg.SanitizeOpenAICompatibility() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing name or index"}) -} - -// vertex-api-key: []VertexCompatKey -func (h *Handler) GetVertexCompatKeys(c *gin.Context) { - c.JSON(200, gin.H{"vertex-api-key": h.cfg.VertexCompatAPIKey}) -} -func (h *Handler) PutVertexCompatKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.VertexCompatKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.VertexCompatKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - for i := range arr { - normalizeVertexCompatKey(&arr[i]) - } - h.cfg.VertexCompatAPIKey = arr - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) -} -func (h *Handler) PatchVertexCompatKey(c *gin.Context) { - type vertexCompatPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Headers *map[string]string `json:"headers"` - Models *[]config.VertexCompatModel `json:"models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *vertexCompatPatch `json:"value"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.VertexCompatAPIKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - if match != "" { - for i := range h.cfg.VertexCompatAPIKey { - if h.cfg.VertexCompatAPIKey[i].APIKey == match { - targetIndex = i - break - } - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.VertexCompatAPIKey[targetIndex] - if body.Value.APIKey != nil { - trimmed := strings.TrimSpace(*body.Value.APIKey) - if trimmed == "" { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - entry.APIKey = trimmed - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:targetIndex], h.cfg.VertexCompatAPIKey[targetIndex+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.Models != nil { - entry.Models = append([]config.VertexCompatModel(nil), (*body.Value.Models)...) - } - normalizeVertexCompatKey(&entry) - h.cfg.VertexCompatAPIKey[targetIndex] = entry - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) -} - -func (h *Handler) DeleteVertexCompatKey(c *gin.Context) { - if val := strings.TrimSpace(c.Query("api-key")); val != "" { - out := make([]config.VertexCompatKey, 0, len(h.cfg.VertexCompatAPIKey)) - for _, v := range h.cfg.VertexCompatAPIKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.VertexCompatAPIKey = out - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, errScan := fmt.Sscanf(idxStr, "%d", &idx) - if errScan == nil && idx >= 0 && idx < len(h.cfg.VertexCompatAPIKey) { - h.cfg.VertexCompatAPIKey = append(h.cfg.VertexCompatAPIKey[:idx], h.cfg.VertexCompatAPIKey[idx+1:]...) - h.cfg.SanitizeVertexCompatKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -// oauth-excluded-models: map[string][]string -func (h *Handler) GetOAuthExcludedModels(c *gin.Context) { - c.JSON(200, gin.H{"oauth-excluded-models": config.NormalizeOAuthExcludedModels(h.cfg.OAuthExcludedModels)}) -} - -func (h *Handler) PutOAuthExcludedModels(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var entries map[string][]string - if err = json.Unmarshal(data, &entries); err != nil { - var wrapper struct { - Items map[string][]string `json:"items"` - } - if err2 := json.Unmarshal(data, &wrapper); err2 != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - entries = wrapper.Items - } - h.cfg.OAuthExcludedModels = config.NormalizeOAuthExcludedModels(entries) - h.persist(c) -} - -func (h *Handler) PatchOAuthExcludedModels(c *gin.Context) { - var body struct { - Provider *string `json:"provider"` - Models []string `json:"models"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Provider == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - provider := strings.ToLower(strings.TrimSpace(*body.Provider)) - if provider == "" { - c.JSON(400, gin.H{"error": "invalid provider"}) - return - } - normalized := config.NormalizeExcludedModels(body.Models) - if len(normalized) == 0 { - if h.cfg.OAuthExcludedModels == nil { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - if _, ok := h.cfg.OAuthExcludedModels[provider]; !ok { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - delete(h.cfg.OAuthExcludedModels, provider) - if len(h.cfg.OAuthExcludedModels) == 0 { - h.cfg.OAuthExcludedModels = nil - } - h.persist(c) - return - } - if h.cfg.OAuthExcludedModels == nil { - h.cfg.OAuthExcludedModels = make(map[string][]string) - } - h.cfg.OAuthExcludedModels[provider] = normalized - h.persist(c) -} - -func (h *Handler) DeleteOAuthExcludedModels(c *gin.Context) { - provider := strings.ToLower(strings.TrimSpace(c.Query("provider"))) - if provider == "" { - c.JSON(400, gin.H{"error": "missing provider"}) - return - } - if h.cfg.OAuthExcludedModels == nil { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - if _, ok := h.cfg.OAuthExcludedModels[provider]; !ok { - c.JSON(404, gin.H{"error": "provider not found"}) - return - } - delete(h.cfg.OAuthExcludedModels, provider) - if len(h.cfg.OAuthExcludedModels) == 0 { - h.cfg.OAuthExcludedModels = nil - } - h.persist(c) -} - -// oauth-model-alias: map[string][]OAuthModelAlias -func (h *Handler) GetOAuthModelAlias(c *gin.Context) { - c.JSON(200, gin.H{"oauth-model-alias": sanitizedOAuthModelAlias(h.cfg.OAuthModelAlias)}) -} - -func (h *Handler) PutOAuthModelAlias(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var entries map[string][]config.OAuthModelAlias - if err = json.Unmarshal(data, &entries); err != nil { - var wrapper struct { - Items map[string][]config.OAuthModelAlias `json:"items"` - } - if err2 := json.Unmarshal(data, &wrapper); err2 != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - entries = wrapper.Items - } - h.cfg.OAuthModelAlias = sanitizedOAuthModelAlias(entries) - h.persist(c) -} - -func (h *Handler) PatchOAuthModelAlias(c *gin.Context) { - var body struct { - Provider *string `json:"provider"` - Channel *string `json:"channel"` - Aliases []config.OAuthModelAlias `json:"aliases"` - } - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - channelRaw := "" - if body.Channel != nil { - channelRaw = *body.Channel - } else if body.Provider != nil { - channelRaw = *body.Provider - } - channel := strings.ToLower(strings.TrimSpace(channelRaw)) - if channel == "" { - c.JSON(400, gin.H{"error": "invalid channel"}) - return - } - - normalizedMap := sanitizedOAuthModelAlias(map[string][]config.OAuthModelAlias{channel: body.Aliases}) - normalized := normalizedMap[channel] - if len(normalized) == 0 { - // Only delete if channel exists, otherwise just create empty entry - if h.cfg.OAuthModelAlias != nil { - if _, ok := h.cfg.OAuthModelAlias[channel]; ok { - delete(h.cfg.OAuthModelAlias, channel) - if len(h.cfg.OAuthModelAlias) == 0 { - h.cfg.OAuthModelAlias = nil - } - h.persist(c) - return - } - } - // Create new channel with empty aliases - if h.cfg.OAuthModelAlias == nil { - h.cfg.OAuthModelAlias = make(map[string][]config.OAuthModelAlias) - } - h.cfg.OAuthModelAlias[channel] = []config.OAuthModelAlias{} - h.persist(c) - return - } - if h.cfg.OAuthModelAlias == nil { - h.cfg.OAuthModelAlias = make(map[string][]config.OAuthModelAlias) - } - h.cfg.OAuthModelAlias[channel] = normalized - h.persist(c) -} - -func (h *Handler) DeleteOAuthModelAlias(c *gin.Context) { - channel := strings.ToLower(strings.TrimSpace(c.Query("channel"))) - if channel == "" { - channel = strings.ToLower(strings.TrimSpace(c.Query("provider"))) - } - if channel == "" { - c.JSON(400, gin.H{"error": "missing channel"}) - return - } - if h.cfg.OAuthModelAlias == nil { - c.JSON(404, gin.H{"error": "channel not found"}) - return - } - if _, ok := h.cfg.OAuthModelAlias[channel]; !ok { - c.JSON(404, gin.H{"error": "channel not found"}) - return - } - // Set to nil instead of deleting the key so that the "explicitly disabled" - // marker survives config reload and prevents SanitizeOAuthModelAlias from - // re-injecting default aliases (fixes #222). - h.cfg.OAuthModelAlias[channel] = nil - h.persist(c) -} - -// codex-api-key: []CodexKey -func (h *Handler) GetCodexKeys(c *gin.Context) { - c.JSON(200, gin.H{"codex-api-key": h.cfg.CodexKey}) -} -func (h *Handler) PutCodexKeys(c *gin.Context) { - data, err := c.GetRawData() - if err != nil { - c.JSON(400, gin.H{"error": "failed to read body"}) - return - } - var arr []config.CodexKey - if err = json.Unmarshal(data, &arr); err != nil { - var obj struct { - Items []config.CodexKey `json:"items"` - } - if err2 := json.Unmarshal(data, &obj); err2 != nil || len(obj.Items) == 0 { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - arr = obj.Items - } - // Filter out codex entries with empty base-url (treat as removed) - filtered := make([]config.CodexKey, 0, len(arr)) - for i := range arr { - entry := arr[i] - normalizeCodexKey(&entry) - if entry.BaseURL == "" { - continue - } - filtered = append(filtered, entry) - } - h.cfg.CodexKey = filtered - h.cfg.SanitizeCodexKeys() - h.persist(c) -} -func (h *Handler) PatchCodexKey(c *gin.Context) { - type codexKeyPatch struct { - APIKey *string `json:"api-key"` - Prefix *string `json:"prefix"` - BaseURL *string `json:"base-url"` - ProxyURL *string `json:"proxy-url"` - Models *[]config.CodexModel `json:"models"` - Headers *map[string]string `json:"headers"` - ExcludedModels *[]string `json:"excluded-models"` - } - var body struct { - Index *int `json:"index"` - Match *string `json:"match"` - Value *codexKeyPatch `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - targetIndex := -1 - if body.Index != nil && *body.Index >= 0 && *body.Index < len(h.cfg.CodexKey) { - targetIndex = *body.Index - } - if targetIndex == -1 && body.Match != nil { - match := strings.TrimSpace(*body.Match) - for i := range h.cfg.CodexKey { - if h.cfg.CodexKey[i].APIKey == match { - targetIndex = i - break - } - } - } - if targetIndex == -1 { - c.JSON(404, gin.H{"error": "item not found"}) - return - } - - entry := h.cfg.CodexKey[targetIndex] - if body.Value.APIKey != nil { - entry.APIKey = strings.TrimSpace(*body.Value.APIKey) - } - if body.Value.Prefix != nil { - entry.Prefix = strings.TrimSpace(*body.Value.Prefix) - } - if body.Value.BaseURL != nil { - trimmed := strings.TrimSpace(*body.Value.BaseURL) - if trimmed == "" { - h.cfg.CodexKey = append(h.cfg.CodexKey[:targetIndex], h.cfg.CodexKey[targetIndex+1:]...) - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - entry.BaseURL = trimmed - } - if body.Value.ProxyURL != nil { - entry.ProxyURL = strings.TrimSpace(*body.Value.ProxyURL) - } - if body.Value.Models != nil { - entry.Models = append([]config.CodexModel(nil), (*body.Value.Models)...) - } - if body.Value.Headers != nil { - entry.Headers = config.NormalizeHeaders(*body.Value.Headers) - } - if body.Value.ExcludedModels != nil { - entry.ExcludedModels = config.NormalizeExcludedModels(*body.Value.ExcludedModels) - } - normalizeCodexKey(&entry) - h.cfg.CodexKey[targetIndex] = entry - h.cfg.SanitizeCodexKeys() - h.persist(c) -} - -func (h *Handler) DeleteCodexKey(c *gin.Context) { - if val := c.Query("api-key"); val != "" { - out := make([]config.CodexKey, 0, len(h.cfg.CodexKey)) - for _, v := range h.cfg.CodexKey { - if v.APIKey != val { - out = append(out, v) - } - } - h.cfg.CodexKey = out - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - if idxStr := c.Query("index"); idxStr != "" { - var idx int - _, err := fmt.Sscanf(idxStr, "%d", &idx) - if err == nil && idx >= 0 && idx < len(h.cfg.CodexKey) { - h.cfg.CodexKey = append(h.cfg.CodexKey[:idx], h.cfg.CodexKey[idx+1:]...) - h.cfg.SanitizeCodexKeys() - h.persist(c) - return - } - } - c.JSON(400, gin.H{"error": "missing api-key or index"}) -} - -func normalizeOpenAICompatibilityEntry(entry *config.OpenAICompatibility) { - if entry == nil { - return - } - // Trim base-url; empty base-url indicates provider should be removed by sanitization - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - existing := make(map[string]struct{}, len(entry.APIKeyEntries)) - for i := range entry.APIKeyEntries { - trimmed := strings.TrimSpace(entry.APIKeyEntries[i].APIKey) - entry.APIKeyEntries[i].APIKey = trimmed - if trimmed != "" { - existing[trimmed] = struct{}{} - } - } -} - -func normalizedOpenAICompatibilityEntries(entries []config.OpenAICompatibility) []config.OpenAICompatibility { - if len(entries) == 0 { - return nil - } - out := make([]config.OpenAICompatibility, len(entries)) - for i := range entries { - copyEntry := entries[i] - if len(copyEntry.APIKeyEntries) > 0 { - copyEntry.APIKeyEntries = append([]config.OpenAICompatibilityAPIKey(nil), copyEntry.APIKeyEntries...) - } - normalizeOpenAICompatibilityEntry(©Entry) - out[i] = copyEntry - } - return out -} - -func normalizeClaudeKey(entry *config.ClaudeKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - entry.ExcludedModels = config.NormalizeExcludedModels(entry.ExcludedModels) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.ClaudeModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" && model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func normalizeCodexKey(entry *config.CodexKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.Prefix = strings.TrimSpace(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - entry.ExcludedModels = config.NormalizeExcludedModels(entry.ExcludedModels) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.CodexModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" && model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func normalizeVertexCompatKey(entry *config.VertexCompatKey) { - if entry == nil { - return - } - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.Prefix = strings.TrimSpace(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = config.NormalizeHeaders(entry.Headers) - if len(entry.Models) == 0 { - return - } - normalized := make([]config.VertexCompatModel, 0, len(entry.Models)) - for i := range entry.Models { - model := entry.Models[i] - model.Name = strings.TrimSpace(model.Name) - model.Alias = strings.TrimSpace(model.Alias) - if model.Name == "" || model.Alias == "" { - continue - } - normalized = append(normalized, model) - } - entry.Models = normalized -} - -func sanitizedOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string][]config.OAuthModelAlias { - if len(entries) == 0 { - return nil - } - copied := make(map[string][]config.OAuthModelAlias, len(entries)) - for channel, aliases := range entries { - if len(aliases) == 0 { - continue - } - copied[channel] = append([]config.OAuthModelAlias(nil), aliases...) - } - if len(copied) == 0 { - return nil - } - cfg := config.Config{OAuthModelAlias: copied} - cfg.SanitizeOAuthModelAlias() - if len(cfg.OAuthModelAlias) == 0 { - return nil - } - return cfg.OAuthModelAlias -} - -// GetAmpCode returns the complete ampcode configuration. -func (h *Handler) GetAmpCode(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"ampcode": config.AmpCode{}}) - return - } - c.JSON(200, gin.H{"ampcode": h.cfg.AmpCode}) -} - -// GetAmpUpstreamURL returns the ampcode upstream URL. -func (h *Handler) GetAmpUpstreamURL(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-url": ""}) - return - } - c.JSON(200, gin.H{"upstream-url": h.cfg.AmpCode.UpstreamURL}) -} - -// PutAmpUpstreamURL updates the ampcode upstream URL. -func (h *Handler) PutAmpUpstreamURL(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.AmpCode.UpstreamURL = strings.TrimSpace(v) }) -} - -// DeleteAmpUpstreamURL clears the ampcode upstream URL. -func (h *Handler) DeleteAmpUpstreamURL(c *gin.Context) { - h.cfg.AmpCode.UpstreamURL = "" - h.persist(c) -} - -// GetAmpUpstreamAPIKey returns the ampcode upstream API key. -func (h *Handler) GetAmpUpstreamAPIKey(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-api-key": ""}) - return - } - c.JSON(200, gin.H{"upstream-api-key": h.cfg.AmpCode.UpstreamAPIKey}) -} - -// PutAmpUpstreamAPIKey updates the ampcode upstream API key. -func (h *Handler) PutAmpUpstreamAPIKey(c *gin.Context) { - h.updateStringField(c, func(v string) { h.cfg.AmpCode.UpstreamAPIKey = strings.TrimSpace(v) }) -} - -// DeleteAmpUpstreamAPIKey clears the ampcode upstream API key. -func (h *Handler) DeleteAmpUpstreamAPIKey(c *gin.Context) { - h.cfg.AmpCode.UpstreamAPIKey = "" - h.persist(c) -} - -// GetAmpRestrictManagementToLocalhost returns the localhost restriction setting. -func (h *Handler) GetAmpRestrictManagementToLocalhost(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"restrict-management-to-localhost": true}) - return - } - c.JSON(200, gin.H{"restrict-management-to-localhost": h.cfg.AmpCode.RestrictManagementToLocalhost}) -} - -// PutAmpRestrictManagementToLocalhost updates the localhost restriction setting. -func (h *Handler) PutAmpRestrictManagementToLocalhost(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.AmpCode.RestrictManagementToLocalhost = v }) -} - -// GetAmpModelMappings returns the ampcode model mappings. -func (h *Handler) GetAmpModelMappings(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"model-mappings": []config.AmpModelMapping{}}) - return - } - c.JSON(200, gin.H{"model-mappings": h.cfg.AmpCode.ModelMappings}) -} - -// PutAmpModelMappings replaces all ampcode model mappings. -func (h *Handler) PutAmpModelMappings(c *gin.Context) { - var body struct { - Value []config.AmpModelMapping `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - h.cfg.AmpCode.ModelMappings = body.Value - h.persist(c) -} - -// PatchAmpModelMappings adds or updates model mappings. -func (h *Handler) PatchAmpModelMappings(c *gin.Context) { - var body struct { - Value []config.AmpModelMapping `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - existing := make(map[string]int) - for i, m := range h.cfg.AmpCode.ModelMappings { - existing[strings.TrimSpace(m.From)] = i - } - - for _, newMapping := range body.Value { - from := strings.TrimSpace(newMapping.From) - if idx, ok := existing[from]; ok { - h.cfg.AmpCode.ModelMappings[idx] = newMapping - } else { - h.cfg.AmpCode.ModelMappings = append(h.cfg.AmpCode.ModelMappings, newMapping) - existing[from] = len(h.cfg.AmpCode.ModelMappings) - 1 - } - } - h.persist(c) -} - -// DeleteAmpModelMappings removes specified model mappings by "from" field. -func (h *Handler) DeleteAmpModelMappings(c *gin.Context) { - var body struct { - Value []string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || len(body.Value) == 0 { - h.cfg.AmpCode.ModelMappings = nil - h.persist(c) - return - } - - toRemove := make(map[string]bool) - for _, from := range body.Value { - toRemove[strings.TrimSpace(from)] = true - } - - newMappings := make([]config.AmpModelMapping, 0, len(h.cfg.AmpCode.ModelMappings)) - for _, m := range h.cfg.AmpCode.ModelMappings { - if !toRemove[strings.TrimSpace(m.From)] { - newMappings = append(newMappings, m) - } - } - h.cfg.AmpCode.ModelMappings = newMappings - h.persist(c) -} - -// GetAmpForceModelMappings returns whether model mappings are forced. -func (h *Handler) GetAmpForceModelMappings(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"force-model-mappings": false}) - return - } - c.JSON(200, gin.H{"force-model-mappings": h.cfg.AmpCode.ForceModelMappings}) -} - -// PutAmpForceModelMappings updates the force model mappings setting. -func (h *Handler) PutAmpForceModelMappings(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.AmpCode.ForceModelMappings = v }) -} - -// GetAmpUpstreamAPIKeys returns the ampcode upstream API keys mapping. -func (h *Handler) GetAmpUpstreamAPIKeys(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(200, gin.H{"upstream-api-keys": []config.AmpUpstreamAPIKeyEntry{}}) - return - } - c.JSON(200, gin.H{"upstream-api-keys": h.cfg.AmpCode.UpstreamAPIKeys}) -} - -// PutAmpUpstreamAPIKeys replaces all ampcode upstream API keys mappings. -func (h *Handler) PutAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []config.AmpUpstreamAPIKeyEntry `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - // Normalize entries: trim whitespace, filter empty - normalized := normalizeAmpUpstreamAPIKeyEntries(body.Value) - h.cfg.AmpCode.UpstreamAPIKeys = normalized - h.persist(c) -} - -// PatchAmpUpstreamAPIKeys adds or updates upstream API keys entries. -// Matching is done by upstream-api-key value. -func (h *Handler) PatchAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []config.AmpUpstreamAPIKeyEntry `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - existing := make(map[string]int) - for i, entry := range h.cfg.AmpCode.UpstreamAPIKeys { - existing[strings.TrimSpace(entry.UpstreamAPIKey)] = i - } - - for _, newEntry := range body.Value { - upstreamKey := strings.TrimSpace(newEntry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - normalizedEntry := config.AmpUpstreamAPIKeyEntry{ - UpstreamAPIKey: upstreamKey, - APIKeys: normalizeAPIKeysList(newEntry.APIKeys), - } - if idx, ok := existing[upstreamKey]; ok { - h.cfg.AmpCode.UpstreamAPIKeys[idx] = normalizedEntry - } else { - h.cfg.AmpCode.UpstreamAPIKeys = append(h.cfg.AmpCode.UpstreamAPIKeys, normalizedEntry) - existing[upstreamKey] = len(h.cfg.AmpCode.UpstreamAPIKeys) - 1 - } - } - h.persist(c) -} - -// DeleteAmpUpstreamAPIKeys removes specified upstream API keys entries. -// Body must be JSON: {"value": ["", ...]}. -// If "value" is an empty array, clears all entries. -// If JSON is invalid or "value" is missing/null, returns 400 and does not persist any change. -func (h *Handler) DeleteAmpUpstreamAPIKeys(c *gin.Context) { - var body struct { - Value []string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil { - c.JSON(400, gin.H{"error": "invalid body"}) - return - } - - if body.Value == nil { - c.JSON(400, gin.H{"error": "missing value"}) - return - } - - // Empty array means clear all - if len(body.Value) == 0 { - h.cfg.AmpCode.UpstreamAPIKeys = nil - h.persist(c) - return - } - - toRemove := make(map[string]bool) - for _, key := range body.Value { - trimmed := strings.TrimSpace(key) - if trimmed == "" { - continue - } - toRemove[trimmed] = true - } - if len(toRemove) == 0 { - c.JSON(400, gin.H{"error": "empty value"}) - return - } - - newEntries := make([]config.AmpUpstreamAPIKeyEntry, 0, len(h.cfg.AmpCode.UpstreamAPIKeys)) - for _, entry := range h.cfg.AmpCode.UpstreamAPIKeys { - if !toRemove[strings.TrimSpace(entry.UpstreamAPIKey)] { - newEntries = append(newEntries, entry) - } - } - h.cfg.AmpCode.UpstreamAPIKeys = newEntries - h.persist(c) -} - -// normalizeAmpUpstreamAPIKeyEntries normalizes a list of upstream API key entries. -func normalizeAmpUpstreamAPIKeyEntries(entries []config.AmpUpstreamAPIKeyEntry) []config.AmpUpstreamAPIKeyEntry { - if len(entries) == 0 { - return nil - } - out := make([]config.AmpUpstreamAPIKeyEntry, 0, len(entries)) - for _, entry := range entries { - upstreamKey := strings.TrimSpace(entry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - apiKeys := normalizeAPIKeysList(entry.APIKeys) - out = append(out, config.AmpUpstreamAPIKeyEntry{ - UpstreamAPIKey: upstreamKey, - APIKeys: apiKeys, - }) - } - if len(out) == 0 { - return nil - } - return out -} - -// normalizeAPIKeysList trims and filters empty strings from a list of API keys. -func normalizeAPIKeysList(keys []string) []string { - if len(keys) == 0 { - return nil - } - out := make([]string, 0, len(keys)) - for _, k := range keys { - trimmed := strings.TrimSpace(k) - if trimmed != "" { - out = append(out, trimmed) - } - } - if len(out) == 0 { - return nil - } - return out -} diff --git a/internal/api/handlers/management/handler.go b/internal/api/handlers/management/handler.go deleted file mode 100644 index eedd969d8b..0000000000 --- a/internal/api/handlers/management/handler.go +++ /dev/null @@ -1,323 +0,0 @@ -// Package management provides the management API handlers and middleware -// for configuring the server and managing auth files. -package management - -import ( - "crypto/subtle" - "fmt" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/buildinfo" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/usage" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - "golang.org/x/crypto/bcrypt" -) - -type attemptInfo struct { - count int - blockedUntil time.Time - lastActivity time.Time // track last activity for cleanup -} - -// attemptCleanupInterval controls how often stale IP entries are purged -const attemptCleanupInterval = 1 * time.Hour - -// attemptMaxIdleTime controls how long an IP can be idle before cleanup -const attemptMaxIdleTime = 2 * time.Hour - -// Handler aggregates config reference, persistence path and helpers. -type Handler struct { - cfg *config.Config - configFilePath string - mu sync.Mutex - attemptsMu sync.Mutex - failedAttempts map[string]*attemptInfo // keyed by client IP - authManager *coreauth.Manager - usageStats *usage.RequestStatistics - tokenStore coreauth.Store - localPassword string - allowRemoteOverride bool - envSecret string - logDir string - postAuthHook coreauth.PostAuthHook -} - -// NewHandler creates a new management handler instance. -func NewHandler(cfg *config.Config, configFilePath string, manager *coreauth.Manager) *Handler { - envSecret, _ := os.LookupEnv("MANAGEMENT_PASSWORD") - envSecret = strings.TrimSpace(envSecret) - - h := &Handler{ - cfg: cfg, - configFilePath: configFilePath, - failedAttempts: make(map[string]*attemptInfo), - authManager: manager, - usageStats: usage.GetRequestStatistics(), - tokenStore: sdkAuth.GetTokenStore(), - allowRemoteOverride: envSecret != "", - envSecret: envSecret, - } - h.startAttemptCleanup() - return h -} - -// startAttemptCleanup launches a background goroutine that periodically -// removes stale IP entries from failedAttempts to prevent memory leaks. -func (h *Handler) startAttemptCleanup() { - go func() { - ticker := time.NewTicker(attemptCleanupInterval) - defer ticker.Stop() - for range ticker.C { - h.purgeStaleAttempts() - } - }() -} - -// purgeStaleAttempts removes IP entries that have been idle beyond attemptMaxIdleTime -// and whose ban (if any) has expired. -func (h *Handler) purgeStaleAttempts() { - now := time.Now() - h.attemptsMu.Lock() - defer h.attemptsMu.Unlock() - for ip, ai := range h.failedAttempts { - // Skip if still banned - if !ai.blockedUntil.IsZero() && now.Before(ai.blockedUntil) { - continue - } - // Remove if idle too long - if now.Sub(ai.lastActivity) > attemptMaxIdleTime { - delete(h.failedAttempts, ip) - } - } -} - -// NewHandler creates a new management handler instance. -func NewHandlerWithoutConfigFilePath(cfg *config.Config, manager *coreauth.Manager) *Handler { - return NewHandler(cfg, "", manager) -} - -// SetConfig updates the in-memory config reference when the server hot-reloads. -func (h *Handler) SetConfig(cfg *config.Config) { h.cfg = cfg } - -// SetAuthManager updates the auth manager reference used by management endpoints. -func (h *Handler) SetAuthManager(manager *coreauth.Manager) { h.authManager = manager } - -// SetUsageStatistics allows replacing the usage statistics reference. -func (h *Handler) SetUsageStatistics(stats *usage.RequestStatistics) { h.usageStats = stats } - -// SetLocalPassword configures the runtime-local password accepted for localhost requests. -func (h *Handler) SetLocalPassword(password string) { h.localPassword = password } - -// SetLogDirectory updates the directory where main.log should be looked up. -func (h *Handler) SetLogDirectory(dir string) { - if dir == "" { - return - } - if !filepath.IsAbs(dir) { - if abs, err := filepath.Abs(dir); err == nil { - dir = abs - } - } - h.logDir = dir -} - -// SetPostAuthHook registers a hook to be called after auth record creation but before persistence. -func (h *Handler) SetPostAuthHook(hook coreauth.PostAuthHook) { - h.postAuthHook = hook -} - -// Middleware enforces access control for management endpoints. -// All requests (local and remote) require a valid management key. -// Additionally, remote access requires allow-remote-management=true. -func (h *Handler) Middleware() gin.HandlerFunc { - const maxFailures = 5 - const banDuration = 30 * time.Minute - - return func(c *gin.Context) { - c.Header("X-CPA-VERSION", buildinfo.Version) - c.Header("X-CPA-COMMIT", buildinfo.Commit) - c.Header("X-CPA-BUILD-DATE", buildinfo.BuildDate) - - clientIP := c.ClientIP() - localClient := clientIP == "127.0.0.1" || clientIP == "::1" - cfg := h.cfg - var ( - allowRemote bool - secretHash string - ) - if cfg != nil { - allowRemote = cfg.RemoteManagement.AllowRemote - secretHash = cfg.RemoteManagement.SecretKey - } - if h.allowRemoteOverride { - allowRemote = true - } - envSecret := h.envSecret - - fail := func() {} - if !localClient { - h.attemptsMu.Lock() - ai := h.failedAttempts[clientIP] - if ai != nil { - if !ai.blockedUntil.IsZero() { - if time.Now().Before(ai.blockedUntil) { - remaining := time.Until(ai.blockedUntil).Round(time.Second) - h.attemptsMu.Unlock() - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": fmt.Sprintf("IP banned due to too many failed attempts. Try again in %s", remaining)}) - return - } - // Ban expired, reset state - ai.blockedUntil = time.Time{} - ai.count = 0 - } - } - h.attemptsMu.Unlock() - - if !allowRemote { - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management disabled"}) - return - } - - fail = func() { - h.attemptsMu.Lock() - aip := h.failedAttempts[clientIP] - if aip == nil { - aip = &attemptInfo{} - h.failedAttempts[clientIP] = aip - } - aip.count++ - aip.lastActivity = time.Now() - if aip.count >= maxFailures { - aip.blockedUntil = time.Now().Add(banDuration) - aip.count = 0 - } - h.attemptsMu.Unlock() - } - } - if secretHash == "" && envSecret == "" { - c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "remote management key not set"}) - return - } - - // Accept either Authorization: Bearer or X-Management-Key - var provided string - if ah := c.GetHeader("Authorization"); ah != "" { - parts := strings.SplitN(ah, " ", 2) - if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" { - provided = parts[1] - } else { - provided = ah - } - } - if provided == "" { - provided = c.GetHeader("X-Management-Key") - } - - if provided == "" { - if !localClient { - fail() - } - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "missing management key"}) - return - } - - if localClient { - if lp := h.localPassword; lp != "" { - if subtle.ConstantTimeCompare([]byte(provided), []byte(lp)) == 1 { - c.Next() - return - } - } - } - - if envSecret != "" && subtle.ConstantTimeCompare([]byte(provided), []byte(envSecret)) == 1 { - if !localClient { - h.attemptsMu.Lock() - if ai := h.failedAttempts[clientIP]; ai != nil { - ai.count = 0 - ai.blockedUntil = time.Time{} - } - h.attemptsMu.Unlock() - } - c.Next() - return - } - - if secretHash == "" || bcrypt.CompareHashAndPassword([]byte(secretHash), []byte(provided)) != nil { - if !localClient { - fail() - } - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid management key"}) - return - } - - if !localClient { - h.attemptsMu.Lock() - if ai := h.failedAttempts[clientIP]; ai != nil { - ai.count = 0 - ai.blockedUntil = time.Time{} - } - h.attemptsMu.Unlock() - } - - c.Next() - } -} - -// persist saves the current in-memory config to disk. -func (h *Handler) persist(c *gin.Context) bool { - h.mu.Lock() - defer h.mu.Unlock() - // Preserve comments when writing - if err := config.SaveConfigPreserveComments(h.configFilePath, h.cfg); err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to save config: %v", err)}) - return false - } - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - return true -} - -// Helper methods for simple types -func (h *Handler) updateBoolField(c *gin.Context, set func(bool)) { - var body struct { - Value *bool `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} - -func (h *Handler) updateIntField(c *gin.Context, set func(int)) { - var body struct { - Value *int `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} - -func (h *Handler) updateStringField(c *gin.Context, set func(string)) { - var body struct { - Value *string `json:"value"` - } - if err := c.ShouldBindJSON(&body); err != nil || body.Value == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - set(*body.Value) - h.persist(c) -} diff --git a/internal/api/handlers/management/logs.go b/internal/api/handlers/management/logs.go deleted file mode 100644 index 880b1d1aa7..0000000000 --- a/internal/api/handlers/management/logs.go +++ /dev/null @@ -1,583 +0,0 @@ -package management - -import ( - "bufio" - "fmt" - "math" - "net/http" - "os" - "path/filepath" - "sort" - "strconv" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/logging" -) - -const ( - defaultLogFileName = "main.log" - logScannerInitialBuffer = 64 * 1024 - logScannerMaxBuffer = 8 * 1024 * 1024 -) - -// GetLogs returns log lines with optional incremental loading. -func (h *Handler) GetLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if !h.cfg.LoggingToFile { - c.JSON(http.StatusBadRequest, gin.H{"error": "logging to file disabled"}) - return - } - - logDir := h.logDirectory() - if strings.TrimSpace(logDir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - files, err := h.collectLogFiles(logDir) - if err != nil { - if os.IsNotExist(err) { - cutoff := parseCutoff(c.Query("after")) - c.JSON(http.StatusOK, gin.H{ - "lines": []string{}, - "line-count": 0, - "latest-timestamp": cutoff, - }) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log files: %v", err)}) - return - } - - limit, errLimit := parseLimit(c.Query("limit")) - if errLimit != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("invalid limit: %v", errLimit)}) - return - } - - cutoff := parseCutoff(c.Query("after")) - acc := newLogAccumulator(cutoff, limit) - for i := range files { - if errProcess := acc.consumeFile(files[i]); errProcess != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file %s: %v", files[i], errProcess)}) - return - } - } - - lines, total, latest := acc.result() - if latest == 0 || latest < cutoff { - latest = cutoff - } - c.JSON(http.StatusOK, gin.H{ - "lines": lines, - "line-count": total, - "latest-timestamp": latest, - }) -} - -// DeleteLogs removes all rotated log files and truncates the active log. -func (h *Handler) DeleteLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if !h.cfg.LoggingToFile { - c.JSON(http.StatusBadRequest, gin.H{"error": "logging to file disabled"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "log directory not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log directory: %v", err)}) - return - } - - removed := 0 - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - fullPath := filepath.Join(dir, name) - if name == defaultLogFileName { - if errTrunc := os.Truncate(fullPath, 0); errTrunc != nil && !os.IsNotExist(errTrunc) { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to truncate log file: %v", errTrunc)}) - return - } - continue - } - if isRotatedLogFile(name) { - if errRemove := os.Remove(fullPath); errRemove != nil && !os.IsNotExist(errRemove) { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to remove %s: %v", name, errRemove)}) - return - } - removed++ - } - } - - c.JSON(http.StatusOK, gin.H{ - "success": true, - "message": "Logs cleared successfully", - "removed": removed, - }) -} - -// GetRequestErrorLogs lists error request log files when RequestLog is disabled. -// It returns an empty list when RequestLog is enabled. -func (h *Handler) GetRequestErrorLogs(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - if h.cfg.RequestLog { - c.JSON(http.StatusOK, gin.H{"files": []any{}}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusOK, gin.H{"files": []any{}}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list request error logs: %v", err)}) - return - } - - type errorLog struct { - Name string `json:"name"` - Size int64 `json:"size"` - Modified int64 `json:"modified"` - } - - files := make([]errorLog, 0, len(entries)) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log info for %s: %v", name, errInfo)}) - return - } - files = append(files, errorLog{ - Name: name, - Size: info.Size(), - Modified: info.ModTime().Unix(), - }) - } - - sort.Slice(files, func(i, j int) bool { return files[i].Modified > files[j].Modified }) - - c.JSON(http.StatusOK, gin.H{"files": files}) -} - -// GetRequestLogByID finds and downloads a request log file by its request ID. -// The ID is matched against the suffix of log file names (format: *-{requestID}.log). -func (h *Handler) GetRequestLogByID(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - requestID := strings.TrimSpace(c.Param("id")) - if requestID == "" { - requestID = strings.TrimSpace(c.Query("id")) - } - if requestID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing request ID"}) - return - } - if strings.ContainsAny(requestID, "/\\") { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request ID"}) - return - } - - entries, err := os.ReadDir(dir) - if err != nil { - if os.IsNotExist(err) { - c.JSON(http.StatusNotFound, gin.H{"error": "log directory not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to list log directory: %v", err)}) - return - } - - suffix := "-" + requestID + ".log" - var matchedFile string - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if strings.HasSuffix(name, suffix) { - matchedFile = name - break - } - } - - if matchedFile == "" { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found for the given request ID"}) - return - } - - dirAbs, errAbs := filepath.Abs(dir) - if errAbs != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to resolve log directory: %v", errAbs)}) - return - } - fullPath := filepath.Clean(filepath.Join(dirAbs, matchedFile)) - prefix := dirAbs + string(os.PathSeparator) - if !strings.HasPrefix(fullPath, prefix) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file path"}) - return - } - - info, errStat := os.Stat(fullPath) - if errStat != nil { - if os.IsNotExist(errStat) { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file: %v", errStat)}) - return - } - if info.IsDir() { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file"}) - return - } - - c.FileAttachment(fullPath, matchedFile) -} - -// DownloadRequestErrorLog downloads a specific error request log file by name. -func (h *Handler) DownloadRequestErrorLog(c *gin.Context) { - if h == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "handler unavailable"}) - return - } - if h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "configuration unavailable"}) - return - } - - dir := h.logDirectory() - if strings.TrimSpace(dir) == "" { - c.JSON(http.StatusInternalServerError, gin.H{"error": "log directory not configured"}) - return - } - - name := strings.TrimSpace(c.Param("name")) - if name == "" || strings.Contains(name, "/") || strings.Contains(name, "\\") { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file name"}) - return - } - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - - dirAbs, errAbs := filepath.Abs(dir) - if errAbs != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to resolve log directory: %v", errAbs)}) - return - } - fullPath := filepath.Clean(filepath.Join(dirAbs, name)) - prefix := dirAbs + string(os.PathSeparator) - if !strings.HasPrefix(fullPath, prefix) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file path"}) - return - } - - info, errStat := os.Stat(fullPath) - if errStat != nil { - if os.IsNotExist(errStat) { - c.JSON(http.StatusNotFound, gin.H{"error": "log file not found"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to read log file: %v", errStat)}) - return - } - if info.IsDir() { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid log file"}) - return - } - - c.FileAttachment(fullPath, name) -} - -func (h *Handler) logDirectory() string { - if h == nil { - return "" - } - if h.logDir != "" { - return h.logDir - } - return logging.ResolveLogDirectory(h.cfg) -} - -func (h *Handler) collectLogFiles(dir string) ([]string, error) { - entries, err := os.ReadDir(dir) - if err != nil { - return nil, err - } - type candidate struct { - path string - order int64 - } - cands := make([]candidate, 0, len(entries)) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if name == defaultLogFileName { - cands = append(cands, candidate{path: filepath.Join(dir, name), order: 0}) - continue - } - if order, ok := rotationOrder(name); ok { - cands = append(cands, candidate{path: filepath.Join(dir, name), order: order}) - } - } - if len(cands) == 0 { - return []string{}, nil - } - sort.Slice(cands, func(i, j int) bool { return cands[i].order < cands[j].order }) - paths := make([]string, 0, len(cands)) - for i := len(cands) - 1; i >= 0; i-- { - paths = append(paths, cands[i].path) - } - return paths, nil -} - -type logAccumulator struct { - cutoff int64 - limit int - lines []string - total int - latest int64 - include bool -} - -func newLogAccumulator(cutoff int64, limit int) *logAccumulator { - capacity := 256 - if limit > 0 && limit < capacity { - capacity = limit - } - return &logAccumulator{ - cutoff: cutoff, - limit: limit, - lines: make([]string, 0, capacity), - } -} - -func (acc *logAccumulator) consumeFile(path string) error { - file, err := os.Open(path) - if err != nil { - if os.IsNotExist(err) { - return nil - } - return err - } - defer func() { - _ = file.Close() - }() - - scanner := bufio.NewScanner(file) - buf := make([]byte, 0, logScannerInitialBuffer) - scanner.Buffer(buf, logScannerMaxBuffer) - for scanner.Scan() { - acc.addLine(scanner.Text()) - } - if errScan := scanner.Err(); errScan != nil { - return errScan - } - return nil -} - -func (acc *logAccumulator) addLine(raw string) { - line := strings.TrimRight(raw, "\r") - acc.total++ - ts := parseTimestamp(line) - if ts > acc.latest { - acc.latest = ts - } - if ts > 0 { - acc.include = acc.cutoff == 0 || ts > acc.cutoff - if acc.cutoff == 0 || acc.include { - acc.append(line) - } - return - } - if acc.cutoff == 0 || acc.include { - acc.append(line) - } -} - -func (acc *logAccumulator) append(line string) { - acc.lines = append(acc.lines, line) - if acc.limit > 0 && len(acc.lines) > acc.limit { - acc.lines = acc.lines[len(acc.lines)-acc.limit:] - } -} - -func (acc *logAccumulator) result() ([]string, int, int64) { - if acc.lines == nil { - acc.lines = []string{} - } - return acc.lines, acc.total, acc.latest -} - -func parseCutoff(raw string) int64 { - value := strings.TrimSpace(raw) - if value == "" { - return 0 - } - ts, err := strconv.ParseInt(value, 10, 64) - if err != nil || ts <= 0 { - return 0 - } - return ts -} - -func parseLimit(raw string) (int, error) { - value := strings.TrimSpace(raw) - if value == "" { - return 0, nil - } - limit, err := strconv.Atoi(value) - if err != nil { - return 0, fmt.Errorf("must be a positive integer") - } - if limit <= 0 { - return 0, fmt.Errorf("must be greater than zero") - } - return limit, nil -} - -func parseTimestamp(line string) int64 { - if strings.HasPrefix(line, "[") { - line = line[1:] - } - if len(line) < 19 { - return 0 - } - candidate := line[:19] - t, err := time.ParseInLocation("2006-01-02 15:04:05", candidate, time.Local) - if err != nil { - return 0 - } - return t.Unix() -} - -func isRotatedLogFile(name string) bool { - if _, ok := rotationOrder(name); ok { - return true - } - return false -} - -func rotationOrder(name string) (int64, bool) { - if order, ok := numericRotationOrder(name); ok { - return order, true - } - if order, ok := timestampRotationOrder(name); ok { - return order, true - } - return 0, false -} - -func numericRotationOrder(name string) (int64, bool) { - if !strings.HasPrefix(name, defaultLogFileName+".") { - return 0, false - } - suffix := strings.TrimPrefix(name, defaultLogFileName+".") - if suffix == "" { - return 0, false - } - n, err := strconv.Atoi(suffix) - if err != nil { - return 0, false - } - return int64(n), true -} - -func timestampRotationOrder(name string) (int64, bool) { - ext := filepath.Ext(defaultLogFileName) - base := strings.TrimSuffix(defaultLogFileName, ext) - if base == "" { - return 0, false - } - prefix := base + "-" - if !strings.HasPrefix(name, prefix) { - return 0, false - } - clean := strings.TrimPrefix(name, prefix) - if strings.HasSuffix(clean, ".gz") { - clean = strings.TrimSuffix(clean, ".gz") - } - if ext != "" { - if !strings.HasSuffix(clean, ext) { - return 0, false - } - clean = strings.TrimSuffix(clean, ext) - } - if clean == "" { - return 0, false - } - if idx := strings.IndexByte(clean, '.'); idx != -1 { - clean = clean[:idx] - } - parsed, err := time.ParseInLocation("2006-01-02T15-04-05", clean, time.Local) - if err != nil { - return 0, false - } - return math.MaxInt64 - parsed.Unix(), true -} diff --git a/internal/api/handlers/management/model_definitions.go b/internal/api/handlers/management/model_definitions.go deleted file mode 100644 index eb80b5f96a..0000000000 --- a/internal/api/handlers/management/model_definitions.go +++ /dev/null @@ -1,33 +0,0 @@ -package management - -import ( - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" -) - -// GetStaticModelDefinitions returns static model metadata for a given channel. -// Channel is provided via path param (:channel) or query param (?channel=...). -func (h *Handler) GetStaticModelDefinitions(c *gin.Context) { - channel := strings.TrimSpace(c.Param("channel")) - if channel == "" { - channel = strings.TrimSpace(c.Query("channel")) - } - if channel == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "channel is required"}) - return - } - - models := registry.GetStaticModelDefinitionsByChannel(channel) - if models == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "unknown channel", "channel": channel}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "channel": strings.ToLower(strings.TrimSpace(channel)), - "models": models, - }) -} diff --git a/internal/api/handlers/management/oauth_callback.go b/internal/api/handlers/management/oauth_callback.go deleted file mode 100644 index c69a332ee7..0000000000 --- a/internal/api/handlers/management/oauth_callback.go +++ /dev/null @@ -1,100 +0,0 @@ -package management - -import ( - "errors" - "net/http" - "net/url" - "strings" - - "github.com/gin-gonic/gin" -) - -type oauthCallbackRequest struct { - Provider string `json:"provider"` - RedirectURL string `json:"redirect_url"` - Code string `json:"code"` - State string `json:"state"` - Error string `json:"error"` -} - -func (h *Handler) PostOAuthCallback(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "handler not initialized"}) - return - } - - var req oauthCallbackRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid body"}) - return - } - - canonicalProvider, err := NormalizeOAuthProvider(req.Provider) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "unsupported provider"}) - return - } - - state := strings.TrimSpace(req.State) - code := strings.TrimSpace(req.Code) - errMsg := strings.TrimSpace(req.Error) - - if rawRedirect := strings.TrimSpace(req.RedirectURL); rawRedirect != "" { - u, errParse := url.Parse(rawRedirect) - if errParse != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid redirect_url"}) - return - } - q := u.Query() - if state == "" { - state = strings.TrimSpace(q.Get("state")) - } - if code == "" { - code = strings.TrimSpace(q.Get("code")) - } - if errMsg == "" { - errMsg = strings.TrimSpace(q.Get("error")) - if errMsg == "" { - errMsg = strings.TrimSpace(q.Get("error_description")) - } - } - } - - if state == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "state is required"}) - return - } - if err := ValidateOAuthState(state); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "invalid state"}) - return - } - if code == "" && errMsg == "" { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "code or error is required"}) - return - } - - sessionProvider, sessionStatus, ok := GetOAuthSession(state) - if !ok { - c.JSON(http.StatusNotFound, gin.H{"status": "error", "error": "unknown or expired state"}) - return - } - if sessionStatus != "" { - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"}) - return - } - if !strings.EqualFold(sessionProvider, canonicalProvider) { - c.JSON(http.StatusBadRequest, gin.H{"status": "error", "error": "provider does not match state"}) - return - } - - if _, errWrite := WriteOAuthCallbackFileForPendingSession(h.cfg.AuthDir, canonicalProvider, state, code, errMsg); errWrite != nil { - if errors.Is(errWrite, errOAuthSessionNotPending) { - c.JSON(http.StatusConflict, gin.H{"status": "error", "error": "oauth flow is not pending"}) - return - } - c.JSON(http.StatusInternalServerError, gin.H{"status": "error", "error": "failed to persist oauth callback"}) - return - } - - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} diff --git a/internal/api/handlers/management/oauth_sessions.go b/internal/api/handlers/management/oauth_sessions.go deleted file mode 100644 index bc882e990e..0000000000 --- a/internal/api/handlers/management/oauth_sessions.go +++ /dev/null @@ -1,292 +0,0 @@ -package management - -import ( - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "time" -) - -const ( - oauthSessionTTL = 10 * time.Minute - maxOAuthStateLength = 128 -) - -var ( - errInvalidOAuthState = errors.New("invalid oauth state") - errUnsupportedOAuthFlow = errors.New("unsupported oauth provider") - errOAuthSessionNotPending = errors.New("oauth session is not pending") -) - -type oauthSession struct { - Provider string - Status string - CreatedAt time.Time - ExpiresAt time.Time -} - -type oauthSessionStore struct { - mu sync.RWMutex - ttl time.Duration - sessions map[string]oauthSession -} - -func newOAuthSessionStore(ttl time.Duration) *oauthSessionStore { - if ttl <= 0 { - ttl = oauthSessionTTL - } - return &oauthSessionStore{ - ttl: ttl, - sessions: make(map[string]oauthSession), - } -} - -func (s *oauthSessionStore) purgeExpiredLocked(now time.Time) { - for state, session := range s.sessions { - if !session.ExpiresAt.IsZero() && now.After(session.ExpiresAt) { - delete(s.sessions, state) - } - } -} - -func (s *oauthSessionStore) Register(state, provider string) { - state = strings.TrimSpace(state) - provider = strings.ToLower(strings.TrimSpace(provider)) - if state == "" || provider == "" { - return - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - s.sessions[state] = oauthSession{ - Provider: provider, - Status: "", - CreatedAt: now, - ExpiresAt: now.Add(s.ttl), - } -} - -func (s *oauthSessionStore) SetError(state, message string) { - state = strings.TrimSpace(state) - message = strings.TrimSpace(message) - if state == "" { - return - } - if message == "" { - message = "Authentication failed" - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - if !ok { - return - } - session.Status = message - session.ExpiresAt = now.Add(s.ttl) - s.sessions[state] = session -} - -func (s *oauthSessionStore) Complete(state string) { - state = strings.TrimSpace(state) - if state == "" { - return - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - delete(s.sessions, state) -} - -func (s *oauthSessionStore) CompleteProvider(provider string) int { - provider = strings.ToLower(strings.TrimSpace(provider)) - if provider == "" { - return 0 - } - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - removed := 0 - for state, session := range s.sessions { - if strings.EqualFold(session.Provider, provider) { - delete(s.sessions, state) - removed++ - } - } - return removed -} - -func (s *oauthSessionStore) Get(state string) (oauthSession, bool) { - state = strings.TrimSpace(state) - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - return session, ok -} - -func (s *oauthSessionStore) IsPending(state, provider string) bool { - state = strings.TrimSpace(state) - provider = strings.ToLower(strings.TrimSpace(provider)) - now := time.Now() - - s.mu.Lock() - defer s.mu.Unlock() - - s.purgeExpiredLocked(now) - session, ok := s.sessions[state] - if !ok { - return false - } - if session.Status != "" { - if !strings.EqualFold(session.Provider, "kiro") { - return false - } - if !strings.HasPrefix(session.Status, "device_code|") && !strings.HasPrefix(session.Status, "auth_url|") { - return false - } - } - if provider == "" { - return true - } - return strings.EqualFold(session.Provider, provider) -} - -var oauthSessions = newOAuthSessionStore(oauthSessionTTL) - -func RegisterOAuthSession(state, provider string) { oauthSessions.Register(state, provider) } - -func SetOAuthSessionError(state, message string) { oauthSessions.SetError(state, message) } - -func CompleteOAuthSession(state string) { oauthSessions.Complete(state) } - -func CompleteOAuthSessionsByProvider(provider string) int { - return oauthSessions.CompleteProvider(provider) -} - -func GetOAuthSession(state string) (provider string, status string, ok bool) { - session, ok := oauthSessions.Get(state) - if !ok { - return "", "", false - } - return session.Provider, session.Status, true -} - -func IsOAuthSessionPending(state, provider string) bool { - return oauthSessions.IsPending(state, provider) -} - -func ValidateOAuthState(state string) error { - trimmed := strings.TrimSpace(state) - if trimmed == "" { - return fmt.Errorf("%w: empty", errInvalidOAuthState) - } - if len(trimmed) > maxOAuthStateLength { - return fmt.Errorf("%w: too long", errInvalidOAuthState) - } - if strings.Contains(trimmed, "/") || strings.Contains(trimmed, "\\") { - return fmt.Errorf("%w: contains path separator", errInvalidOAuthState) - } - if strings.Contains(trimmed, "..") { - return fmt.Errorf("%w: contains '..'", errInvalidOAuthState) - } - for _, r := range trimmed { - switch { - case r >= 'a' && r <= 'z': - case r >= 'A' && r <= 'Z': - case r >= '0' && r <= '9': - case r == '-' || r == '_' || r == '.': - default: - return fmt.Errorf("%w: invalid character", errInvalidOAuthState) - } - } - return nil -} - -func NormalizeOAuthProvider(provider string) (string, error) { - switch strings.ToLower(strings.TrimSpace(provider)) { - case "anthropic", "claude": - return "anthropic", nil - case "codex", "openai": - return "codex", nil - case "gemini", "google": - return "gemini", nil - case "iflow", "i-flow": - return "iflow", nil - case "antigravity", "anti-gravity": - return "antigravity", nil - case "qwen": - return "qwen", nil - case "kiro": - return "kiro", nil - case "github": - return "github", nil - default: - return "", errUnsupportedOAuthFlow - } -} - -type oauthCallbackFilePayload struct { - Code string `json:"code"` - State string `json:"state"` - Error string `json:"error"` -} - -func WriteOAuthCallbackFile(authDir, provider, state, code, errorMessage string) (string, error) { - if strings.TrimSpace(authDir) == "" { - return "", fmt.Errorf("auth dir is empty") - } - canonicalProvider, err := NormalizeOAuthProvider(provider) - if err != nil { - return "", err - } - if err := ValidateOAuthState(state); err != nil { - return "", err - } - - fileName := fmt.Sprintf(".oauth-%s-%s.oauth", canonicalProvider, state) - filePath := filepath.Join(authDir, fileName) - payload := oauthCallbackFilePayload{ - Code: strings.TrimSpace(code), - State: strings.TrimSpace(state), - Error: strings.TrimSpace(errorMessage), - } - data, err := json.Marshal(payload) - if err != nil { - return "", fmt.Errorf("marshal oauth callback payload: %w", err) - } - if err := os.WriteFile(filePath, data, 0o600); err != nil { - return "", fmt.Errorf("write oauth callback file: %w", err) - } - return filePath, nil -} - -func WriteOAuthCallbackFileForPendingSession(authDir, provider, state, code, errorMessage string) (string, error) { - canonicalProvider, err := NormalizeOAuthProvider(provider) - if err != nil { - return "", err - } - if !IsOAuthSessionPending(state, canonicalProvider) { - return "", errOAuthSessionNotPending - } - return WriteOAuthCallbackFile(authDir, canonicalProvider, state, code, errorMessage) -} diff --git a/internal/api/handlers/management/quota.go b/internal/api/handlers/management/quota.go deleted file mode 100644 index c7efd217bd..0000000000 --- a/internal/api/handlers/management/quota.go +++ /dev/null @@ -1,18 +0,0 @@ -package management - -import "github.com/gin-gonic/gin" - -// Quota exceeded toggles -func (h *Handler) GetSwitchProject(c *gin.Context) { - c.JSON(200, gin.H{"switch-project": h.cfg.QuotaExceeded.SwitchProject}) -} -func (h *Handler) PutSwitchProject(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchProject = v }) -} - -func (h *Handler) GetSwitchPreviewModel(c *gin.Context) { - c.JSON(200, gin.H{"switch-preview-model": h.cfg.QuotaExceeded.SwitchPreviewModel}) -} -func (h *Handler) PutSwitchPreviewModel(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchPreviewModel = v }) -} diff --git a/internal/api/handlers/management/routing_select.go b/internal/api/handlers/management/routing_select.go deleted file mode 100644 index 70e19c6658..0000000000 --- a/internal/api/handlers/management/routing_select.go +++ /dev/null @@ -1,89 +0,0 @@ -package management - -import ( - "net/http" - - "github.com/gin-gonic/gin" -) - -// RoutingSelectRequest is the JSON body for POST /v1/routing/select. -type RoutingSelectRequest struct { - TaskComplexity string `json:"taskComplexity"` - MaxCostPerCall float64 `json:"maxCostPerCall"` - MaxLatencyMs int `json:"maxLatencyMs"` - MinQualityScore float64 `json:"minQualityScore"` -} - -// RoutingSelectResponse is the JSON response for POST /v1/routing/select. -type RoutingSelectResponse struct { - ModelID string `json:"model_id"` - Provider string `json:"provider"` - EstimatedCost float64 `json:"estimated_cost"` - EstimatedLatencyMs int `json:"estimated_latency_ms"` - QualityScore float64 `json:"quality_score"` -} - -// POSTRoutingSelect handles POST /v1/routing/select. -func (h *Handler) POSTRoutingSelect(c *gin.Context) { - var req RoutingSelectRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - // Simple routing logic based on complexity - model, provider, cost, latency, quality := selectModel(req.TaskComplexity, req.MaxCostPerCall, req.MaxLatencyMs, req.MinQualityScore) - - c.JSON(http.StatusOK, RoutingSelectResponse{ - ModelID: model, - Provider: provider, - EstimatedCost: cost, - EstimatedLatencyMs: latency, - QualityScore: quality, - }) -} - -// selectModel returns a model based on complexity and constraints -func selectModel(complexity string, maxCost float64, maxLatency int, minQuality float64) (string, string, float64, int, float64) { - // Default fallback - defaultModel := "gemini-3-flash" - defaultProvider := "gemini" - defaultCost := 0.0001 - defaultLatency := 1000 - defaultQuality := 0.78 - - complexity = toUpperSafe(complexity) - - switch complexity { - case "FAST": - // minimax-m2.5 - fastest, cheapest - return "minimax-m2.5", "minimax", 0.00007, 300, 0.72 - case "NORMAL": - // gemini-3-flash - balanced - return "gemini-3-flash", "gemini", 0.0001, 800, 0.78 - case "COMPLEX": - // claude-sonnet-4.6 - high quality - return "claude-sonnet-4.6", "claude", 0.003, 2000, 0.88 - case "HIGH_COMPLEX": - // gpt-5.3-codex-xhigh - highest quality for complex tasks - return "gpt-5.3-codex-xhigh", "openai", 0.015, 4000, 0.95 - } - - return defaultModel, defaultProvider, defaultCost, defaultLatency, defaultQuality -} - -func toUpperSafe(s string) string { - if s == "" { - return "" - } - // Simple uppercase without unicode issues - result := make([]byte, len(s)) - for i := 0; i < len(s); i++ { - c := s[i] - if c >= 'a' && c <= 'z' { - c -= 'a' - 'A' - } - result[i] = c - } - return string(result) -} diff --git a/internal/api/handlers/management/usage.go b/internal/api/handlers/management/usage.go deleted file mode 100644 index 8da85f4cc1..0000000000 --- a/internal/api/handlers/management/usage.go +++ /dev/null @@ -1,79 +0,0 @@ -package management - -import ( - "encoding/json" - "net/http" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/usage" -) - -type usageExportPayload struct { - Version int `json:"version"` - ExportedAt time.Time `json:"exported_at"` - Usage usage.StatisticsSnapshot `json:"usage"` -} - -type usageImportPayload struct { - Version int `json:"version"` - Usage usage.StatisticsSnapshot `json:"usage"` -} - -// GetUsageStatistics returns the in-memory request statistics snapshot. -func (h *Handler) GetUsageStatistics(c *gin.Context) { - var snapshot usage.StatisticsSnapshot - if h != nil && h.usageStats != nil { - snapshot = h.usageStats.Snapshot() - } - c.JSON(http.StatusOK, gin.H{ - "usage": snapshot, - "failed_requests": snapshot.FailureCount, - }) -} - -// ExportUsageStatistics returns a complete usage snapshot for backup/migration. -func (h *Handler) ExportUsageStatistics(c *gin.Context) { - var snapshot usage.StatisticsSnapshot - if h != nil && h.usageStats != nil { - snapshot = h.usageStats.Snapshot() - } - c.JSON(http.StatusOK, usageExportPayload{ - Version: 1, - ExportedAt: time.Now().UTC(), - Usage: snapshot, - }) -} - -// ImportUsageStatistics merges a previously exported usage snapshot into memory. -func (h *Handler) ImportUsageStatistics(c *gin.Context) { - if h == nil || h.usageStats == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "usage statistics unavailable"}) - return - } - - data, err := c.GetRawData() - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - - var payload usageImportPayload - if err := json.Unmarshal(data, &payload); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json"}) - return - } - if payload.Version != 0 && payload.Version != 1 { - c.JSON(http.StatusBadRequest, gin.H{"error": "unsupported version"}) - return - } - - result := h.usageStats.MergeSnapshot(payload.Usage) - snapshot := h.usageStats.Snapshot() - c.JSON(http.StatusOK, gin.H{ - "added": result.Added, - "skipped": result.Skipped, - "total_requests": snapshot.TotalRequests, - "failed_requests": snapshot.FailureCount, - }) -} diff --git a/internal/api/handlers/management/vertex_import.go b/internal/api/handlers/management/vertex_import.go deleted file mode 100644 index b603234a1b..0000000000 --- a/internal/api/handlers/management/vertex_import.go +++ /dev/null @@ -1,156 +0,0 @@ -package management - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/vertex" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -// ImportVertexCredential handles uploading a Vertex service account JSON and saving it as an auth record. -func (h *Handler) ImportVertexCredential(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "config unavailable"}) - return - } - if h.cfg.AuthDir == "" { - c.JSON(http.StatusServiceUnavailable, gin.H{"error": "auth directory not configured"}) - return - } - - fileHeader, err := c.FormFile("file") - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "file required"}) - return - } - - file, err := fileHeader.Open() - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - return - } - defer file.Close() - - data, err := io.ReadAll(file) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("failed to read file: %v", err)}) - return - } - - var serviceAccount map[string]any - if err := json.Unmarshal(data, &serviceAccount); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json", "message": err.Error()}) - return - } - - normalizedSA, err := vertex.NormalizeServiceAccountMap(serviceAccount) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid service account", "message": err.Error()}) - return - } - serviceAccount = normalizedSA - - projectID := strings.TrimSpace(valueAsString(serviceAccount["project_id"])) - if projectID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "project_id missing"}) - return - } - email := strings.TrimSpace(valueAsString(serviceAccount["client_email"])) - - location := strings.TrimSpace(c.PostForm("location")) - if location == "" { - location = strings.TrimSpace(c.Query("location")) - } - if location == "" { - location = "us-central1" - } - - fileName := fmt.Sprintf("vertex-%s.json", sanitizeVertexFilePart(projectID)) - label := labelForVertex(projectID, email) - storage := &vertex.VertexCredentialStorage{ - ServiceAccount: serviceAccount, - ProjectID: projectID, - Email: email, - Location: location, - Type: "vertex", - } - metadata := map[string]any{ - "service_account": serviceAccount, - "project_id": projectID, - "email": email, - "location": location, - "type": "vertex", - "label": label, - } - record := &coreauth.Auth{ - ID: fileName, - Provider: "vertex", - FileName: fileName, - Storage: storage, - Label: label, - Metadata: metadata, - } - - ctx := context.Background() - if reqCtx := c.Request.Context(); reqCtx != nil { - ctx = reqCtx - } - savedPath, err := h.saveTokenRecord(ctx, record) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "save_failed", "message": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "status": "ok", - "auth-file": savedPath, - "project_id": projectID, - "email": email, - "location": location, - }) -} - -func valueAsString(v any) string { - if v == nil { - return "" - } - switch t := v.(type) { - case string: - return t - default: - return fmt.Sprint(t) - } -} - -func sanitizeVertexFilePart(s string) string { - out := strings.TrimSpace(s) - replacers := []string{"/", "_", "\\", "_", ":", "_", " ", "-"} - for i := 0; i < len(replacers); i += 2 { - out = strings.ReplaceAll(out, replacers[i], replacers[i+1]) - } - if out == "" { - return "vertex" - } - return out -} - -func labelForVertex(projectID, email string) string { - p := strings.TrimSpace(projectID) - e := strings.TrimSpace(email) - if p != "" && e != "" { - return fmt.Sprintf("%s (%s)", p, e) - } - if p != "" { - return p - } - if e != "" { - return e - } - return "vertex" -} diff --git a/internal/api/middleware/request_logging.go b/internal/api/middleware/request_logging.go deleted file mode 100644 index 57715bf2ac..0000000000 --- a/internal/api/middleware/request_logging.go +++ /dev/null @@ -1,165 +0,0 @@ -// Package middleware provides HTTP middleware components for the CLI Proxy API server. -// This file contains the request logging middleware that captures comprehensive -// request and response data when enabled through configuration. -package middleware - -import ( - "bytes" - "io" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/logging" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" -) - -const maxErrorOnlyCapturedRequestBodyBytes int64 = 1 << 20 // 1 MiB - -// RequestLoggingMiddleware creates a Gin middleware that logs HTTP requests and responses. -// It captures detailed information about the request and response, including headers and body, -// and uses the provided RequestLogger to record this data. When full request logging is disabled, -// body capture is limited to small known-size payloads to avoid large per-request memory spikes. -func RequestLoggingMiddleware(logger logging.RequestLogger) gin.HandlerFunc { - return func(c *gin.Context) { - if logger == nil { - c.Next() - return - } - - if shouldSkipMethodForRequestLogging(c.Request) { - c.Next() - return - } - - path := c.Request.URL.Path - if !shouldLogRequest(path) { - c.Next() - return - } - - loggerEnabled := logger.IsEnabled() - - // Capture request information - requestInfo, err := captureRequestInfo(c, shouldCaptureRequestBody(loggerEnabled, c.Request)) - if err != nil { - // Log error but continue processing - // In a real implementation, you might want to use a proper logger here - c.Next() - return - } - - // Create response writer wrapper - wrapper := NewResponseWriterWrapper(c.Writer, logger, requestInfo) - if !loggerEnabled { - wrapper.logOnErrorOnly = true - } - c.Writer = wrapper - - // Process the request - c.Next() - - // Finalize logging after request processing - if err = wrapper.Finalize(c); err != nil { - // Log error but don't interrupt the response - // In a real implementation, you might want to use a proper logger here - } - } -} - -func shouldSkipMethodForRequestLogging(req *http.Request) bool { - if req == nil { - return true - } - if req.Method != http.MethodGet { - return false - } - return !isResponsesWebsocketUpgrade(req) -} - -func isResponsesWebsocketUpgrade(req *http.Request) bool { - if req == nil || req.URL == nil { - return false - } - if req.URL.Path != "/v1/responses" { - return false - } - return strings.EqualFold(strings.TrimSpace(req.Header.Get("Upgrade")), "websocket") -} - -func shouldCaptureRequestBody(loggerEnabled bool, req *http.Request) bool { - if loggerEnabled { - return true - } - if req == nil || req.Body == nil { - return false - } - contentType := strings.ToLower(strings.TrimSpace(req.Header.Get("Content-Type"))) - if strings.HasPrefix(contentType, "multipart/form-data") { - return false - } - if req.ContentLength <= 0 { - return false - } - return req.ContentLength <= maxErrorOnlyCapturedRequestBodyBytes -} - -// captureRequestInfo extracts relevant information from the incoming HTTP request. -// It captures the URL, method, headers, and body. The request body is read and then -// restored so that it can be processed by subsequent handlers. -func captureRequestInfo(c *gin.Context, captureBody bool) (*RequestInfo, error) { - // Capture URL with sensitive query parameters masked - maskedQuery := util.MaskSensitiveQuery(c.Request.URL.RawQuery) - url := c.Request.URL.Path - if maskedQuery != "" { - url += "?" + maskedQuery - } - - // Capture method - method := c.Request.Method - - // Capture headers - headers := make(map[string][]string) - for key, values := range c.Request.Header { - headers[key] = values - } - - // Capture request body - var body []byte - if captureBody && c.Request.Body != nil { - // Read the body - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - return nil, err - } - - // Restore the body for the actual request processing - c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes)) - body = bodyBytes - } - - return &RequestInfo{ - URL: url, - Method: method, - Headers: headers, - Body: body, - RequestID: logging.GetGinRequestID(c), - Timestamp: time.Now(), - }, nil -} - -// shouldLogRequest determines whether the request should be logged. -// It skips management endpoints to avoid leaking secrets but allows -// all other routes, including module-provided ones, to honor request-log. -func shouldLogRequest(path string) bool { - if strings.HasPrefix(path, "/v0/management") || strings.HasPrefix(path, "/management") { - return false - } - - if strings.HasPrefix(path, "/api") { - return strings.HasPrefix(path, "/api/provider") - } - - return true -} diff --git a/internal/api/middleware/request_logging_test.go b/internal/api/middleware/request_logging_test.go deleted file mode 100644 index c4354678cf..0000000000 --- a/internal/api/middleware/request_logging_test.go +++ /dev/null @@ -1,138 +0,0 @@ -package middleware - -import ( - "io" - "net/http" - "net/url" - "strings" - "testing" -) - -func TestShouldSkipMethodForRequestLogging(t *testing.T) { - tests := []struct { - name string - req *http.Request - skip bool - }{ - { - name: "nil request", - req: nil, - skip: true, - }, - { - name: "post request should not skip", - req: &http.Request{ - Method: http.MethodPost, - URL: &url.URL{Path: "/v1/responses"}, - }, - skip: false, - }, - { - name: "plain get should skip", - req: &http.Request{ - Method: http.MethodGet, - URL: &url.URL{Path: "/v1/models"}, - Header: http.Header{}, - }, - skip: true, - }, - { - name: "responses websocket upgrade should not skip", - req: &http.Request{ - Method: http.MethodGet, - URL: &url.URL{Path: "/v1/responses"}, - Header: http.Header{"Upgrade": []string{"websocket"}}, - }, - skip: false, - }, - { - name: "responses get without upgrade should skip", - req: &http.Request{ - Method: http.MethodGet, - URL: &url.URL{Path: "/v1/responses"}, - Header: http.Header{}, - }, - skip: true, - }, - } - - for i := range tests { - got := shouldSkipMethodForRequestLogging(tests[i].req) - if got != tests[i].skip { - t.Fatalf("%s: got skip=%t, want %t", tests[i].name, got, tests[i].skip) - } - } -} - -func TestShouldCaptureRequestBody(t *testing.T) { - tests := []struct { - name string - loggerEnabled bool - req *http.Request - want bool - }{ - { - name: "logger enabled always captures", - loggerEnabled: true, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("{}")), - ContentLength: -1, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: true, - }, - { - name: "nil request", - loggerEnabled: false, - req: nil, - want: false, - }, - { - name: "small known size json in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("{}")), - ContentLength: 2, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: true, - }, - { - name: "large known size skipped in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("x")), - ContentLength: maxErrorOnlyCapturedRequestBodyBytes + 1, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: false, - }, - { - name: "unknown size skipped in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("x")), - ContentLength: -1, - Header: http.Header{"Content-Type": []string{"application/json"}}, - }, - want: false, - }, - { - name: "multipart skipped in error-only mode", - loggerEnabled: false, - req: &http.Request{ - Body: io.NopCloser(strings.NewReader("x")), - ContentLength: 1, - Header: http.Header{"Content-Type": []string{"multipart/form-data; boundary=abc"}}, - }, - want: false, - }, - } - - for i := range tests { - got := shouldCaptureRequestBody(tests[i].loggerEnabled, tests[i].req) - if got != tests[i].want { - t.Fatalf("%s: got %t, want %t", tests[i].name, got, tests[i].want) - } - } -} diff --git a/internal/api/middleware/response_writer.go b/internal/api/middleware/response_writer.go deleted file mode 100644 index 6a04f40257..0000000000 --- a/internal/api/middleware/response_writer.go +++ /dev/null @@ -1,428 +0,0 @@ -// Package middleware provides Gin HTTP middleware for the CLI Proxy API server. -// It includes a sophisticated response writer wrapper designed to capture and log request and response data, -// including support for streaming responses, without impacting latency. -package middleware - -import ( - "bytes" - "net/http" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/logging" -) - -const requestBodyOverrideContextKey = "REQUEST_BODY_OVERRIDE" - -// RequestInfo holds essential details of an incoming HTTP request for logging purposes. -type RequestInfo struct { - URL string // URL is the request URL. - Method string // Method is the HTTP method (e.g., GET, POST). - Headers map[string][]string // Headers contains the request headers. - Body []byte // Body is the raw request body. - RequestID string // RequestID is the unique identifier for the request. - Timestamp time.Time // Timestamp is when the request was received. -} - -// ResponseWriterWrapper wraps the standard gin.ResponseWriter to intercept and log response data. -// It is designed to handle both standard and streaming responses, ensuring that logging operations do not block the client response. -type ResponseWriterWrapper struct { - gin.ResponseWriter - body *bytes.Buffer // body is a buffer to store the response body for non-streaming responses. - isStreaming bool // isStreaming indicates whether the response is a streaming type (e.g., text/event-stream). - streamWriter logging.StreamingLogWriter // streamWriter is a writer for handling streaming log entries. - chunkChannel chan []byte // chunkChannel is a channel for asynchronously passing response chunks to the logger. - streamDone chan struct{} // streamDone signals when the streaming goroutine completes. - logger logging.RequestLogger // logger is the instance of the request logger service. - requestInfo *RequestInfo // requestInfo holds the details of the original request. - statusCode int // statusCode stores the HTTP status code of the response. - headers map[string][]string // headers stores the response headers. - logOnErrorOnly bool // logOnErrorOnly enables logging only when an error response is detected. - firstChunkTimestamp time.Time // firstChunkTimestamp captures TTFB for streaming responses. -} - -// NewResponseWriterWrapper creates and initializes a new ResponseWriterWrapper. -// It takes the original gin.ResponseWriter, a logger instance, and request information. -// -// Parameters: -// - w: The original gin.ResponseWriter to wrap. -// - logger: The logging service to use for recording requests. -// - requestInfo: The pre-captured information about the incoming request. -// -// Returns: -// - A pointer to a new ResponseWriterWrapper. -func NewResponseWriterWrapper(w gin.ResponseWriter, logger logging.RequestLogger, requestInfo *RequestInfo) *ResponseWriterWrapper { - return &ResponseWriterWrapper{ - ResponseWriter: w, - body: &bytes.Buffer{}, - logger: logger, - requestInfo: requestInfo, - headers: make(map[string][]string), - } -} - -// Write wraps the underlying ResponseWriter's Write method to capture response data. -// For non-streaming responses, it writes to an internal buffer. For streaming responses, -// it sends data chunks to a non-blocking channel for asynchronous logging. -// CRITICAL: This method prioritizes writing to the client to ensure zero latency, -// handling logging operations subsequently. -func (w *ResponseWriterWrapper) Write(data []byte) (int, error) { - // Ensure headers are captured before first write - // This is critical because Write() may trigger WriteHeader() internally - w.ensureHeadersCaptured() - - // CRITICAL: Write to client first (zero latency) - n, err := w.ResponseWriter.Write(data) - - // THEN: Handle logging based on response type - if w.isStreaming && w.chunkChannel != nil { - // Capture TTFB on first chunk (synchronous, before async channel send) - if w.firstChunkTimestamp.IsZero() { - w.firstChunkTimestamp = time.Now() - } - // For streaming responses: Send to async logging channel (non-blocking) - select { - case w.chunkChannel <- append([]byte(nil), data...): // Non-blocking send with copy - default: // Channel full, skip logging to avoid blocking - } - return n, err - } - - if w.shouldBufferResponseBody() { - w.body.Write(data) - } - - return n, err -} - -func (w *ResponseWriterWrapper) shouldBufferResponseBody() bool { - if w.logger != nil && w.logger.IsEnabled() { - return true - } - if !w.logOnErrorOnly { - return false - } - status := w.statusCode - if status == 0 { - if statusWriter, ok := w.ResponseWriter.(interface{ Status() int }); ok && statusWriter != nil { - status = statusWriter.Status() - } else { - status = http.StatusOK - } - } - return status >= http.StatusBadRequest -} - -// WriteString wraps the underlying ResponseWriter's WriteString method to capture response data. -// Some handlers (and fmt/io helpers) write via io.StringWriter; without this override, those writes -// bypass Write() and would be missing from request logs. -func (w *ResponseWriterWrapper) WriteString(data string) (int, error) { - w.ensureHeadersCaptured() - - // CRITICAL: Write to client first (zero latency) - n, err := w.ResponseWriter.WriteString(data) - - // THEN: Capture for logging - if w.isStreaming && w.chunkChannel != nil { - // Capture TTFB on first chunk (synchronous, before async channel send) - if w.firstChunkTimestamp.IsZero() { - w.firstChunkTimestamp = time.Now() - } - select { - case w.chunkChannel <- []byte(data): - default: - } - return n, err - } - - if w.shouldBufferResponseBody() { - w.body.WriteString(data) - } - return n, err -} - -// WriteHeader wraps the underlying ResponseWriter's WriteHeader method. -// It captures the status code, detects if the response is streaming based on the Content-Type header, -// and initializes the appropriate logging mechanism (standard or streaming). -func (w *ResponseWriterWrapper) WriteHeader(statusCode int) { - w.statusCode = statusCode - - // Capture response headers using the new method - w.captureCurrentHeaders() - - // Detect streaming based on Content-Type - contentType := w.ResponseWriter.Header().Get("Content-Type") - w.isStreaming = w.detectStreaming(contentType) - - // If streaming, initialize streaming log writer - if w.isStreaming && w.logger.IsEnabled() { - streamWriter, err := w.logger.LogStreamingRequest( - w.requestInfo.URL, - w.requestInfo.Method, - w.requestInfo.Headers, - w.requestInfo.Body, - w.requestInfo.RequestID, - ) - if err == nil { - w.streamWriter = streamWriter - w.chunkChannel = make(chan []byte, 100) // Buffered channel for async writes - doneChan := make(chan struct{}) - w.streamDone = doneChan - - // Start async chunk processor - go w.processStreamingChunks(doneChan) - - // Write status immediately - _ = streamWriter.WriteStatus(statusCode, w.headers) - } - } - - // Call original WriteHeader - w.ResponseWriter.WriteHeader(statusCode) -} - -// ensureHeadersCaptured is a helper function to make sure response headers are captured. -// It is safe to call this method multiple times; it will always refresh the headers -// with the latest state from the underlying ResponseWriter. -func (w *ResponseWriterWrapper) ensureHeadersCaptured() { - // Always capture the current headers to ensure we have the latest state - w.captureCurrentHeaders() -} - -// captureCurrentHeaders reads all headers from the underlying ResponseWriter and stores them -// in the wrapper's headers map. It creates copies of the header values to prevent race conditions. -func (w *ResponseWriterWrapper) captureCurrentHeaders() { - // Initialize headers map if needed - if w.headers == nil { - w.headers = make(map[string][]string) - } - - // Capture all current headers from the underlying ResponseWriter - for key, values := range w.ResponseWriter.Header() { - // Make a copy of the values slice to avoid reference issues - headerValues := make([]string, len(values)) - copy(headerValues, values) - w.headers[key] = headerValues - } -} - -// detectStreaming determines if a response should be treated as a streaming response. -// It checks for a "text/event-stream" Content-Type or a '"stream": true' -// field in the original request body. -func (w *ResponseWriterWrapper) detectStreaming(contentType string) bool { - // Check Content-Type for Server-Sent Events - if strings.Contains(contentType, "text/event-stream") { - return true - } - - // If a concrete Content-Type is already set (e.g., application/json for error responses), - // treat it as non-streaming instead of inferring from the request payload. - if strings.TrimSpace(contentType) != "" { - return false - } - - // Only fall back to request payload hints when Content-Type is not set yet. - if w.requestInfo != nil && len(w.requestInfo.Body) > 0 { - return bytes.Contains(w.requestInfo.Body, []byte(`"stream": true`)) || - bytes.Contains(w.requestInfo.Body, []byte(`"stream":true`)) - } - - return false -} - -// processStreamingChunks runs in a separate goroutine to process response chunks from the chunkChannel. -// It asynchronously writes each chunk to the streaming log writer. -func (w *ResponseWriterWrapper) processStreamingChunks(done chan struct{}) { - if done == nil { - return - } - - defer close(done) - - if w.streamWriter == nil || w.chunkChannel == nil { - return - } - - for chunk := range w.chunkChannel { - w.streamWriter.WriteChunkAsync(chunk) - } -} - -// Finalize completes the logging process for the request and response. -// For streaming responses, it closes the chunk channel and the stream writer. -// For non-streaming responses, it logs the complete request and response details, -// including any API-specific request/response data stored in the Gin context. -func (w *ResponseWriterWrapper) Finalize(c *gin.Context) error { - if w.logger == nil { - return nil - } - - finalStatusCode := w.statusCode - if finalStatusCode == 0 { - if statusWriter, ok := w.ResponseWriter.(interface{ Status() int }); ok { - finalStatusCode = statusWriter.Status() - } else { - finalStatusCode = 200 - } - } - - var slicesAPIResponseError []*interfaces.ErrorMessage - apiResponseError, isExist := c.Get("API_RESPONSE_ERROR") - if isExist { - if apiErrors, ok := apiResponseError.([]*interfaces.ErrorMessage); ok { - slicesAPIResponseError = apiErrors - } - } - - hasAPIError := len(slicesAPIResponseError) > 0 || finalStatusCode >= http.StatusBadRequest - forceLog := w.logOnErrorOnly && hasAPIError && !w.logger.IsEnabled() - if !w.logger.IsEnabled() && !forceLog { - return nil - } - - if w.isStreaming && w.streamWriter != nil { - if w.chunkChannel != nil { - close(w.chunkChannel) - w.chunkChannel = nil - } - - if w.streamDone != nil { - <-w.streamDone - w.streamDone = nil - } - - w.streamWriter.SetFirstChunkTimestamp(w.firstChunkTimestamp) - - // Write API Request and Response to the streaming log before closing - apiRequest := w.extractAPIRequest(c) - if len(apiRequest) > 0 { - _ = w.streamWriter.WriteAPIRequest(apiRequest) - } - apiResponse := w.extractAPIResponse(c) - if len(apiResponse) > 0 { - _ = w.streamWriter.WriteAPIResponse(apiResponse) - } - if err := w.streamWriter.Close(); err != nil { - w.streamWriter = nil - return err - } - w.streamWriter = nil - return nil - } - - return w.logRequest(w.extractRequestBody(c), finalStatusCode, w.cloneHeaders(), w.body.Bytes(), w.extractAPIRequest(c), w.extractAPIResponse(c), w.extractAPIResponseTimestamp(c), slicesAPIResponseError, forceLog) -} - -func (w *ResponseWriterWrapper) cloneHeaders() map[string][]string { - w.ensureHeadersCaptured() - - finalHeaders := make(map[string][]string, len(w.headers)) - for key, values := range w.headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - finalHeaders[key] = headerValues - } - - return finalHeaders -} - -func (w *ResponseWriterWrapper) extractAPIRequest(c *gin.Context) []byte { - apiRequest, isExist := c.Get("API_REQUEST") - if !isExist { - return nil - } - data, ok := apiRequest.([]byte) - if !ok || len(data) == 0 { - return nil - } - return data -} - -func (w *ResponseWriterWrapper) extractAPIResponse(c *gin.Context) []byte { - apiResponse, isExist := c.Get("API_RESPONSE") - if !isExist { - return nil - } - data, ok := apiResponse.([]byte) - if !ok || len(data) == 0 { - return nil - } - return data -} - -func (w *ResponseWriterWrapper) extractAPIResponseTimestamp(c *gin.Context) time.Time { - ts, isExist := c.Get("API_RESPONSE_TIMESTAMP") - if !isExist { - return time.Time{} - } - if t, ok := ts.(time.Time); ok { - return t - } - return time.Time{} -} - -func (w *ResponseWriterWrapper) extractRequestBody(c *gin.Context) []byte { - if c != nil { - if bodyOverride, isExist := c.Get(requestBodyOverrideContextKey); isExist { - switch value := bodyOverride.(type) { - case []byte: - if len(value) > 0 { - return bytes.Clone(value) - } - case string: - if strings.TrimSpace(value) != "" { - return []byte(value) - } - } - } - } - if w.requestInfo != nil && len(w.requestInfo.Body) > 0 { - return w.requestInfo.Body - } - return nil -} - -func (w *ResponseWriterWrapper) logRequest(requestBody []byte, statusCode int, headers map[string][]string, body []byte, apiRequestBody, apiResponseBody []byte, apiResponseTimestamp time.Time, apiResponseErrors []*interfaces.ErrorMessage, forceLog bool) error { - if w.requestInfo == nil { - return nil - } - - if loggerWithOptions, ok := w.logger.(interface { - LogRequestWithOptions(string, string, map[string][]string, []byte, int, map[string][]string, []byte, []byte, []byte, []*interfaces.ErrorMessage, bool, string, time.Time, time.Time) error - }); ok { - return loggerWithOptions.LogRequestWithOptions( - w.requestInfo.URL, - w.requestInfo.Method, - w.requestInfo.Headers, - requestBody, - statusCode, - headers, - body, - apiRequestBody, - apiResponseBody, - apiResponseErrors, - forceLog, - w.requestInfo.RequestID, - w.requestInfo.Timestamp, - apiResponseTimestamp, - ) - } - - return w.logger.LogRequest( - w.requestInfo.URL, - w.requestInfo.Method, - w.requestInfo.Headers, - requestBody, - statusCode, - headers, - body, - apiRequestBody, - apiResponseBody, - apiResponseErrors, - w.requestInfo.RequestID, - w.requestInfo.Timestamp, - apiResponseTimestamp, - ) -} diff --git a/internal/api/middleware/response_writer_test.go b/internal/api/middleware/response_writer_test.go deleted file mode 100644 index fa4708e473..0000000000 --- a/internal/api/middleware/response_writer_test.go +++ /dev/null @@ -1,43 +0,0 @@ -package middleware - -import ( - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestExtractRequestBodyPrefersOverride(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - - wrapper := &ResponseWriterWrapper{ - requestInfo: &RequestInfo{Body: []byte("original-body")}, - } - - body := wrapper.extractRequestBody(c) - if string(body) != "original-body" { - t.Fatalf("request body = %q, want %q", string(body), "original-body") - } - - c.Set(requestBodyOverrideContextKey, []byte("override-body")) - body = wrapper.extractRequestBody(c) - if string(body) != "override-body" { - t.Fatalf("request body = %q, want %q", string(body), "override-body") - } -} - -func TestExtractRequestBodySupportsStringOverride(t *testing.T) { - gin.SetMode(gin.TestMode) - recorder := httptest.NewRecorder() - c, _ := gin.CreateTestContext(recorder) - - wrapper := &ResponseWriterWrapper{} - c.Set(requestBodyOverrideContextKey, "override-as-string") - - body := wrapper.extractRequestBody(c) - if string(body) != "override-as-string" { - t.Fatalf("request body = %q, want %q", string(body), "override-as-string") - } -} diff --git a/internal/api/modules/amp/amp.go b/internal/api/modules/amp/amp.go deleted file mode 100644 index 7009dea1a5..0000000000 --- a/internal/api/modules/amp/amp.go +++ /dev/null @@ -1,427 +0,0 @@ -// Package amp implements the Amp CLI routing module, providing OAuth-based -// integration with Amp CLI for ChatGPT and Anthropic subscriptions. -package amp - -import ( - "fmt" - "net/http/httputil" - "strings" - "sync" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api/modules" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" - log "github.com/sirupsen/logrus" -) - -// Option configures the AmpModule. -type Option func(*AmpModule) - -// AmpModule implements the RouteModuleV2 interface for Amp CLI integration. -// It provides: -// - Reverse proxy to Amp control plane for OAuth/management -// - Provider-specific route aliases (/api/provider/{provider}/...) -// - Automatic gzip decompression for misconfigured upstreams -// - Model mapping for routing unavailable models to alternatives -type AmpModule struct { - secretSource SecretSource - proxy *httputil.ReverseProxy - proxyMu sync.RWMutex // protects proxy for hot-reload - accessManager *sdkaccess.Manager - authMiddleware_ gin.HandlerFunc - modelMapper *DefaultModelMapper - enabled bool - registerOnce sync.Once - - // restrictToLocalhost controls localhost-only access for management routes (hot-reloadable) - restrictToLocalhost bool - restrictMu sync.RWMutex - - // configMu protects lastConfig for partial reload comparison - configMu sync.RWMutex - lastConfig *config.AmpCode -} - -// New creates a new Amp routing module with the given options. -// This is the preferred constructor using the Option pattern. -// -// Example: -// -// ampModule := amp.New( -// amp.WithAccessManager(accessManager), -// amp.WithAuthMiddleware(authMiddleware), -// amp.WithSecretSource(customSecret), -// ) -func New(opts ...Option) *AmpModule { - m := &AmpModule{ - secretSource: nil, // Will be created on demand if not provided - } - for _, opt := range opts { - opt(m) - } - return m -} - -// NewLegacy creates a new Amp routing module using the legacy constructor signature. -// This is provided for backwards compatibility. -// -// DEPRECATED: Use New with options instead. -func NewLegacy(accessManager *sdkaccess.Manager, authMiddleware gin.HandlerFunc) *AmpModule { - return New( - WithAccessManager(accessManager), - WithAuthMiddleware(authMiddleware), - ) -} - -// WithSecretSource sets a custom secret source for the module. -func WithSecretSource(source SecretSource) Option { - return func(m *AmpModule) { - m.secretSource = source - } -} - -// WithAccessManager sets the access manager for the module. -func WithAccessManager(am *sdkaccess.Manager) Option { - return func(m *AmpModule) { - m.accessManager = am - } -} - -// WithAuthMiddleware sets the authentication middleware for provider routes. -func WithAuthMiddleware(middleware gin.HandlerFunc) Option { - return func(m *AmpModule) { - m.authMiddleware_ = middleware - } -} - -// Name returns the module identifier -func (m *AmpModule) Name() string { - return "amp-routing" -} - -// forceModelMappings returns whether model mappings should take precedence over local API keys -func (m *AmpModule) forceModelMappings() bool { - m.configMu.RLock() - defer m.configMu.RUnlock() - if m.lastConfig == nil { - return false - } - return m.lastConfig.ForceModelMappings -} - -// Register sets up Amp routes if configured. -// This implements the RouteModuleV2 interface with Context. -// Routes are registered only once via sync.Once for idempotent behavior. -func (m *AmpModule) Register(ctx modules.Context) error { - settings := ctx.Config.AmpCode - upstreamURL := strings.TrimSpace(settings.UpstreamURL) - - // Determine auth middleware (from module or context) - auth := m.getAuthMiddleware(ctx) - - // Use registerOnce to ensure routes are only registered once - var regErr error - m.registerOnce.Do(func() { - // Initialize model mapper from config (for routing unavailable models to alternatives) - m.modelMapper = NewModelMapper(settings.ModelMappings) - - // Store initial config for partial reload comparison - m.lastConfig = new(settings) - - // Initialize localhost restriction setting (hot-reloadable) - m.setRestrictToLocalhost(settings.RestrictManagementToLocalhost) - - // Always register provider aliases - these work without an upstream - m.registerProviderAliases(ctx.Engine, ctx.BaseHandler, auth) - - // Register management proxy routes once; middleware will gate access when upstream is unavailable. - // Pass auth middleware to require valid API key for all management routes. - m.registerManagementRoutes(ctx.Engine, ctx.BaseHandler, auth) - - // If no upstream URL, skip proxy routes but provider aliases are still available - if upstreamURL == "" { - log.Debug("amp upstream proxy disabled (no upstream URL configured)") - log.Debug("amp provider alias routes registered") - m.enabled = false - return - } - - if err := m.enableUpstreamProxy(upstreamURL, &settings); err != nil { - regErr = fmt.Errorf("failed to create amp proxy: %w", err) - return - } - - log.Debug("amp provider alias routes registered") - }) - - return regErr -} - -// getAuthMiddleware returns the authentication middleware, preferring the -// module's configured middleware, then the context middleware, then a fallback. -func (m *AmpModule) getAuthMiddleware(ctx modules.Context) gin.HandlerFunc { - if m.authMiddleware_ != nil { - return m.authMiddleware_ - } - if ctx.AuthMiddleware != nil { - return ctx.AuthMiddleware - } - // Fallback: no authentication (should not happen in production) - log.Warn("amp module: no auth middleware provided, allowing all requests") - return func(c *gin.Context) { - c.Next() - } -} - -// OnConfigUpdated handles configuration updates with partial reload support. -// Only updates components that have actually changed to avoid unnecessary work. -// Supports hot-reload for: model-mappings, upstream-api-key, upstream-url, restrict-management-to-localhost. -func (m *AmpModule) OnConfigUpdated(cfg *config.Config) error { - newSettings := cfg.AmpCode - - // Get previous config for comparison - m.configMu.RLock() - oldSettings := m.lastConfig - m.configMu.RUnlock() - - if oldSettings != nil && oldSettings.RestrictManagementToLocalhost != newSettings.RestrictManagementToLocalhost { - m.setRestrictToLocalhost(newSettings.RestrictManagementToLocalhost) - } - - newUpstreamURL := strings.TrimSpace(newSettings.UpstreamURL) - oldUpstreamURL := "" - if oldSettings != nil { - oldUpstreamURL = strings.TrimSpace(oldSettings.UpstreamURL) - } - - if !m.enabled && newUpstreamURL != "" { - if err := m.enableUpstreamProxy(newUpstreamURL, &newSettings); err != nil { - log.Errorf("amp config: failed to enable upstream proxy for %s: %v", newUpstreamURL, err) - } - } - - // Check model mappings change - modelMappingsChanged := m.hasModelMappingsChanged(oldSettings, &newSettings) - if modelMappingsChanged { - if m.modelMapper != nil { - m.modelMapper.UpdateMappings(newSettings.ModelMappings) - } else if m.enabled { - log.Warnf("amp model mapper not initialized, skipping model mapping update") - } - } - - if m.enabled { - // Check upstream URL change - now supports hot-reload - if newUpstreamURL == "" && oldUpstreamURL != "" { - m.setProxy(nil) - m.enabled = false - } else if oldUpstreamURL != "" && newUpstreamURL != oldUpstreamURL && newUpstreamURL != "" { - // Recreate proxy with new URL - proxy, err := createReverseProxy(newUpstreamURL, m.secretSource) - if err != nil { - log.Errorf("amp config: failed to create proxy for new upstream URL %s: %v", newUpstreamURL, err) - } else { - m.setProxy(proxy) - } - } - - // Check API key change (both default and per-client mappings) - apiKeyChanged := m.hasAPIKeyChanged(oldSettings, &newSettings) - upstreamAPIKeysChanged := m.hasUpstreamAPIKeysChanged(oldSettings, &newSettings) - if apiKeyChanged || upstreamAPIKeysChanged { - if m.secretSource != nil { - if ms, ok := m.secretSource.(*MappedSecretSource); ok { - if apiKeyChanged { - ms.UpdateDefaultExplicitKey(newSettings.UpstreamAPIKey) - ms.InvalidateCache() - } - if upstreamAPIKeysChanged { - ms.UpdateMappings(newSettings.UpstreamAPIKeys) - } - } else if ms, ok := m.secretSource.(*MultiSourceSecret); ok { - ms.UpdateExplicitKey(newSettings.UpstreamAPIKey) - ms.InvalidateCache() - } - } - } - - } - - // Store current config for next comparison - m.configMu.Lock() - settingsCopy := newSettings // copy struct - m.lastConfig = &settingsCopy - m.configMu.Unlock() - - return nil -} - -func (m *AmpModule) enableUpstreamProxy(upstreamURL string, settings *config.AmpCode) error { - if m.secretSource == nil { - // Create MultiSourceSecret as the default source, then wrap with MappedSecretSource - defaultSource := NewMultiSourceSecret(settings.UpstreamAPIKey, 0 /* default 5min */) - mappedSource := NewMappedSecretSource(defaultSource) - mappedSource.UpdateMappings(settings.UpstreamAPIKeys) - m.secretSource = mappedSource - } else if ms, ok := m.secretSource.(*MappedSecretSource); ok { - ms.UpdateDefaultExplicitKey(settings.UpstreamAPIKey) - ms.InvalidateCache() - ms.UpdateMappings(settings.UpstreamAPIKeys) - } else if ms, ok := m.secretSource.(*MultiSourceSecret); ok { - // Legacy path: wrap existing MultiSourceSecret with MappedSecretSource - ms.UpdateExplicitKey(settings.UpstreamAPIKey) - ms.InvalidateCache() - mappedSource := NewMappedSecretSource(ms) - mappedSource.UpdateMappings(settings.UpstreamAPIKeys) - m.secretSource = mappedSource - } - - proxy, err := createReverseProxy(upstreamURL, m.secretSource) - if err != nil { - return err - } - - m.setProxy(proxy) - m.enabled = true - - log.Infof("amp upstream proxy enabled for: %s", upstreamURL) - return nil -} - -// hasModelMappingsChanged compares old and new model mappings. -func (m *AmpModule) hasModelMappingsChanged(old *config.AmpCode, new *config.AmpCode) bool { - if old == nil { - return len(new.ModelMappings) > 0 - } - - if len(old.ModelMappings) != len(new.ModelMappings) { - return true - } - - // Build map for efficient and robust comparison - type mappingInfo struct { - to string - regex bool - } - oldMap := make(map[string]mappingInfo, len(old.ModelMappings)) - for _, mapping := range old.ModelMappings { - oldMap[strings.TrimSpace(mapping.From)] = mappingInfo{ - to: strings.TrimSpace(mapping.To), - regex: mapping.Regex, - } - } - - for _, mapping := range new.ModelMappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if oldVal, exists := oldMap[from]; !exists || oldVal.to != to || oldVal.regex != mapping.Regex { - return true - } - } - - return false -} - -// hasAPIKeyChanged compares old and new API keys. -func (m *AmpModule) hasAPIKeyChanged(old *config.AmpCode, new *config.AmpCode) bool { - oldKey := "" - if old != nil { - oldKey = strings.TrimSpace(old.UpstreamAPIKey) - } - newKey := strings.TrimSpace(new.UpstreamAPIKey) - return oldKey != newKey -} - -// hasUpstreamAPIKeysChanged compares old and new per-client upstream API key mappings. -func (m *AmpModule) hasUpstreamAPIKeysChanged(old *config.AmpCode, new *config.AmpCode) bool { - if old == nil { - return len(new.UpstreamAPIKeys) > 0 - } - - if len(old.UpstreamAPIKeys) != len(new.UpstreamAPIKeys) { - return true - } - - // Build map for comparison: upstreamKey -> set of clientKeys - type entryInfo struct { - upstreamKey string - clientKeys map[string]struct{} - } - oldEntries := make([]entryInfo, len(old.UpstreamAPIKeys)) - for i, entry := range old.UpstreamAPIKeys { - clientKeys := make(map[string]struct{}, len(entry.APIKeys)) - for _, k := range entry.APIKeys { - trimmed := strings.TrimSpace(k) - if trimmed == "" { - continue - } - clientKeys[trimmed] = struct{}{} - } - oldEntries[i] = entryInfo{ - upstreamKey: strings.TrimSpace(entry.UpstreamAPIKey), - clientKeys: clientKeys, - } - } - - for i, newEntry := range new.UpstreamAPIKeys { - if i >= len(oldEntries) { - return true - } - oldE := oldEntries[i] - if strings.TrimSpace(newEntry.UpstreamAPIKey) != oldE.upstreamKey { - return true - } - newKeys := make(map[string]struct{}, len(newEntry.APIKeys)) - for _, k := range newEntry.APIKeys { - trimmed := strings.TrimSpace(k) - if trimmed == "" { - continue - } - newKeys[trimmed] = struct{}{} - } - if len(newKeys) != len(oldE.clientKeys) { - return true - } - for k := range newKeys { - if _, ok := oldE.clientKeys[k]; !ok { - return true - } - } - } - - return false -} - -// GetModelMapper returns the model mapper instance (for testing/debugging). -func (m *AmpModule) GetModelMapper() *DefaultModelMapper { - return m.modelMapper -} - -// getProxy returns the current proxy instance (thread-safe for hot-reload). -func (m *AmpModule) getProxy() *httputil.ReverseProxy { - m.proxyMu.RLock() - defer m.proxyMu.RUnlock() - return m.proxy -} - -// setProxy updates the proxy instance (thread-safe for hot-reload). -func (m *AmpModule) setProxy(proxy *httputil.ReverseProxy) { - m.proxyMu.Lock() - defer m.proxyMu.Unlock() - m.proxy = proxy -} - -// IsRestrictedToLocalhost returns whether management routes are restricted to localhost. -func (m *AmpModule) IsRestrictedToLocalhost() bool { - m.restrictMu.RLock() - defer m.restrictMu.RUnlock() - return m.restrictToLocalhost -} - -// setRestrictToLocalhost updates the localhost restriction setting. -func (m *AmpModule) setRestrictToLocalhost(restrict bool) { - m.restrictMu.Lock() - defer m.restrictMu.Unlock() - m.restrictToLocalhost = restrict -} diff --git a/internal/api/modules/amp/amp_test.go b/internal/api/modules/amp/amp_test.go deleted file mode 100644 index 5d2b76dcd4..0000000000 --- a/internal/api/modules/amp/amp_test.go +++ /dev/null @@ -1,352 +0,0 @@ -package amp - -import ( - "context" - "net/http/httptest" - "os" - "path/filepath" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api/modules" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers" -) - -func TestAmpModule_Name(t *testing.T) { - m := New() - if m.Name() != "amp-routing" { - t.Fatalf("want amp-routing, got %s", m.Name()) - } -} - -func TestAmpModule_New(t *testing.T) { - accessManager := sdkaccess.NewManager() - authMiddleware := func(c *gin.Context) { c.Next() } - - m := NewLegacy(accessManager, authMiddleware) - - if m.accessManager != accessManager { - t.Fatal("accessManager not set") - } - if m.authMiddleware_ == nil { - t.Fatal("authMiddleware not set") - } - if m.enabled { - t.Fatal("enabled should be false initially") - } - if m.proxy != nil { - t.Fatal("proxy should be nil initially") - } -} - -func TestAmpModule_Register_WithUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Fake upstream to ensure URL is valid - upstream := httptest.NewServer(nil) - defer upstream.Close() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: upstream.URL, - UpstreamAPIKey: "test-key", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register error: %v", err) - } - - if !m.enabled { - t.Fatal("module should be enabled with upstream URL") - } - if m.proxy == nil { - t.Fatal("proxy should be initialized") - } - if m.secretSource == nil { - t.Fatal("secretSource should be initialized") - } -} - -func TestAmpModule_Register_WithoutUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "", // No upstream - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register should not error without upstream: %v", err) - } - - if m.enabled { - t.Fatal("module should be disabled without upstream URL") - } - if m.proxy != nil { - t.Fatal("proxy should not be initialized without upstream") - } - - // But provider aliases should still be registered - req := httptest.NewRequest("GET", "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == 404 { - t.Fatal("provider aliases should be registered even without upstream") - } -} - -func TestAmpModule_Register_InvalidUpstream(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: "://invalid-url", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err == nil { - t.Fatal("expected error for invalid upstream URL") - } -} - -func TestAmpModule_OnConfigUpdated_CacheInvalidation(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v1"}`), 0600); err != nil { - t.Fatal(err) - } - - m := &AmpModule{enabled: true} - ms := NewMultiSourceSecretWithPath("", p, time.Minute) - m.secretSource = ms - m.lastConfig = &config.AmpCode{ - UpstreamAPIKey: "old-key", - } - - // Warm the cache - if _, err := ms.Get(context.Background()); err != nil { - t.Fatal(err) - } - - if ms.cache == nil { - t.Fatal("expected cache to be set") - } - - // Update config - should invalidate cache - if err := m.OnConfigUpdated(&config.Config{AmpCode: config.AmpCode{UpstreamURL: "http://x", UpstreamAPIKey: "new-key"}}); err != nil { - t.Fatal(err) - } - - if ms.cache != nil { - t.Fatal("expected cache to be invalidated") - } -} - -func TestAmpModule_OnConfigUpdated_NotEnabled(t *testing.T) { - m := &AmpModule{enabled: false} - - // Should not error or panic when disabled - if err := m.OnConfigUpdated(&config.Config{}); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_OnConfigUpdated_URLRemoved(t *testing.T) { - m := &AmpModule{enabled: true} - ms := NewMultiSourceSecret("", 0) - m.secretSource = ms - - // Config update with empty URL - should log warning but not error - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: ""}} - - if err := m.OnConfigUpdated(cfg); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_OnConfigUpdated_NonMultiSourceSecret(t *testing.T) { - // Test that OnConfigUpdated doesn't panic with StaticSecretSource - m := &AmpModule{enabled: true} - m.secretSource = NewStaticSecretSource("static-key") - - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: "http://example.com"}} - - // Should not error or panic - if err := m.OnConfigUpdated(cfg); err != nil { - t.Fatalf("unexpected error: %v", err) - } -} - -func TestAmpModule_AuthMiddleware_Fallback(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with no auth middleware - m := &AmpModule{authMiddleware_: nil} - - // Get the fallback middleware via getAuthMiddleware - ctx := modules.Context{Engine: r, AuthMiddleware: nil} - middleware := m.getAuthMiddleware(ctx) - - if middleware == nil { - t.Fatal("getAuthMiddleware should return a fallback, not nil") - } - - // Test that it works - called := false - r.GET("/test", middleware, func(c *gin.Context) { - called = true - c.String(200, "ok") - }) - - req := httptest.NewRequest("GET", "/test", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if !called { - t.Fatal("fallback middleware should allow requests through") - } -} - -func TestAmpModule_SecretSource_FromConfig(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - upstream := httptest.NewServer(nil) - defer upstream.Close() - - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - // Config with explicit API key - cfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamURL: upstream.URL, - UpstreamAPIKey: "config-key", - }, - } - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil { - t.Fatalf("register error: %v", err) - } - - // Secret source should be MultiSourceSecret with config key - if m.secretSource == nil { - t.Fatal("secretSource should be set") - } - - // Verify it returns the config key - key, err := m.secretSource.Get(context.Background()) - if err != nil { - t.Fatalf("Get error: %v", err) - } - if key != "config-key" { - t.Fatalf("want config-key, got %s", key) - } -} - -func TestAmpModule_ProviderAliasesAlwaysRegistered(t *testing.T) { - gin.SetMode(gin.TestMode) - - scenarios := []struct { - name string - configURL string - }{ - {"with_upstream", "http://example.com"}, - {"without_upstream", ""}, - } - - for _, scenario := range scenarios { - t.Run(scenario.name, func(t *testing.T) { - r := gin.New() - accessManager := sdkaccess.NewManager() - base := &handlers.BaseAPIHandler{} - - m := NewLegacy(accessManager, func(c *gin.Context) { c.Next() }) - - cfg := &config.Config{AmpCode: config.AmpCode{UpstreamURL: scenario.configURL}} - - ctx := modules.Context{Engine: r, BaseHandler: base, Config: cfg, AuthMiddleware: func(c *gin.Context) { c.Next() }} - if err := m.Register(ctx); err != nil && scenario.configURL != "" { - t.Fatalf("register error: %v", err) - } - - // Provider aliases should always be available - req := httptest.NewRequest("GET", "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == 404 { - t.Fatal("provider aliases should be registered") - } - }) - } -} - -func TestAmpModule_hasUpstreamAPIKeysChanged_DetectsRemovedKeyWithDuplicateInput(t *testing.T) { - m := &AmpModule{} - - oldCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k2"}}, - }, - } - newCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k1"}}, - }, - } - - if !m.hasUpstreamAPIKeysChanged(oldCfg, newCfg) { - t.Fatal("expected change to be detected when k2 is removed but new list contains duplicates") - } -} - -func TestAmpModule_hasUpstreamAPIKeysChanged_IgnoresEmptyAndWhitespaceKeys(t *testing.T) { - m := &AmpModule{} - - oldCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{"k1", "k2"}}, - }, - } - newCfg := &config.AmpCode{ - UpstreamAPIKeys: []config.AmpUpstreamAPIKeyEntry{ - {UpstreamAPIKey: "u1", APIKeys: []string{" k1 ", "", "k2", " "}}, - }, - } - - if m.hasUpstreamAPIKeysChanged(oldCfg, newCfg) { - t.Fatal("expected no change when only whitespace/empty entries differ") - } -} diff --git a/internal/api/modules/amp/fallback_handlers.go b/internal/api/modules/amp/fallback_handlers.go deleted file mode 100644 index 6886908325..0000000000 --- a/internal/api/modules/amp/fallback_handlers.go +++ /dev/null @@ -1,331 +0,0 @@ -package amp - -import ( - "bytes" - "io" - "net/http/httputil" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AmpRouteType represents the type of routing decision made for an Amp request -type AmpRouteType string - -const ( - // RouteTypeLocalProvider indicates the request is handled by a local OAuth provider (free) - RouteTypeLocalProvider AmpRouteType = "LOCAL_PROVIDER" - // RouteTypeModelMapping indicates the request was remapped to another available model (free) - RouteTypeModelMapping AmpRouteType = "MODEL_MAPPING" - // RouteTypeAmpCredits indicates the request is forwarded to ampcode.com (uses Amp credits) - RouteTypeAmpCredits AmpRouteType = "AMP_CREDITS" - // RouteTypeNoProvider indicates no provider or fallback available - RouteTypeNoProvider AmpRouteType = "NO_PROVIDER" -) - -// MappedModelContextKey is the Gin context key for passing mapped model names. -const MappedModelContextKey = "mapped_model" - -// logAmpRouting logs the routing decision for an Amp request with structured fields -func logAmpRouting(routeType AmpRouteType, requestedModel, resolvedModel, provider, path string) { - fields := log.Fields{ - "component": "amp-routing", - "route_type": string(routeType), - "requested_model": requestedModel, - "path": path, - "timestamp": time.Now().Format(time.RFC3339), - } - - if resolvedModel != "" && resolvedModel != requestedModel { - fields["resolved_model"] = resolvedModel - } - if provider != "" { - fields["provider"] = provider - } - - switch routeType { - case RouteTypeLocalProvider: - fields["cost"] = "free" - fields["source"] = "local_oauth" - log.WithFields(fields).Debugf("amp using local provider for model: %s", requestedModel) - - case RouteTypeModelMapping: - fields["cost"] = "free" - fields["source"] = "local_oauth" - fields["mapping"] = requestedModel + " -> " + resolvedModel - // model mapping already logged in mapper; avoid duplicate here - - case RouteTypeAmpCredits: - fields["cost"] = "amp_credits" - fields["source"] = "ampcode.com" - fields["model_id"] = requestedModel // Explicit model_id for easy config reference - log.WithFields(fields).Warnf("forwarding to ampcode.com (uses amp credits) - model_id: %s | To use local provider, add to config: ampcode.model-mappings: [{from: \"%s\", to: \"\"}]", requestedModel, requestedModel) - - case RouteTypeNoProvider: - fields["cost"] = "none" - fields["source"] = "error" - fields["model_id"] = requestedModel // Explicit model_id for easy config reference - log.WithFields(fields).Warnf("no provider available for model_id: %s", requestedModel) - } -} - -// FallbackHandler wraps a standard handler with fallback logic to ampcode.com -// when the model's provider is not available in CLIProxyAPI -type FallbackHandler struct { - getProxy func() *httputil.ReverseProxy - modelMapper ModelMapper - forceModelMappings func() bool -} - -// NewFallbackHandler creates a new fallback handler wrapper -// The getProxy function allows lazy evaluation of the proxy (useful when proxy is created after routes) -func NewFallbackHandler(getProxy func() *httputil.ReverseProxy) *FallbackHandler { - return &FallbackHandler{ - getProxy: getProxy, - forceModelMappings: func() bool { return false }, - } -} - -// NewFallbackHandlerWithMapper creates a new fallback handler with model mapping support -func NewFallbackHandlerWithMapper(getProxy func() *httputil.ReverseProxy, mapper ModelMapper, forceModelMappings func() bool) *FallbackHandler { - if forceModelMappings == nil { - forceModelMappings = func() bool { return false } - } - return &FallbackHandler{ - getProxy: getProxy, - modelMapper: mapper, - forceModelMappings: forceModelMappings, - } -} - -// SetModelMapper sets the model mapper for this handler (allows late binding) -func (fh *FallbackHandler) SetModelMapper(mapper ModelMapper) { - fh.modelMapper = mapper -} - -// WrapHandler wraps a gin.HandlerFunc with fallback logic -// If the model's provider is not configured in CLIProxyAPI, it forwards to ampcode.com -func (fh *FallbackHandler) WrapHandler(handler gin.HandlerFunc) gin.HandlerFunc { - return func(c *gin.Context) { - requestPath := c.Request.URL.Path - - // Read the request body to extract the model name - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - log.Errorf("amp fallback: failed to read request body: %v", err) - handler(c) - return - } - - // Restore the body for the handler to read - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - - // Try to extract model from request body or URL path (for Gemini) - modelName := extractModelFromRequest(bodyBytes, c) - if modelName == "" { - // Can't determine model, proceed with normal handler - handler(c) - return - } - - // Normalize model (handles dynamic thinking suffixes) - suffixResult := thinking.ParseSuffix(modelName) - normalizedModel := suffixResult.ModelName - thinkingSuffix := "" - if suffixResult.HasSuffix { - thinkingSuffix = "(" + suffixResult.RawSuffix + ")" - } - - resolveMappedModel := func() (string, []string) { - if fh.modelMapper == nil { - return "", nil - } - - mappedModel := fh.modelMapper.MapModel(modelName) - if mappedModel == "" { - mappedModel = fh.modelMapper.MapModel(normalizedModel) - } - mappedModel = strings.TrimSpace(mappedModel) - if mappedModel == "" { - return "", nil - } - - // Preserve dynamic thinking suffix (e.g. "(xhigh)") when mapping applies, unless the target - // already specifies its own thinking suffix. - if thinkingSuffix != "" { - mappedSuffixResult := thinking.ParseSuffix(mappedModel) - if !mappedSuffixResult.HasSuffix { - mappedModel += thinkingSuffix - } - } - - mappedBaseModel := thinking.ParseSuffix(mappedModel).ModelName - mappedProviders := util.GetProviderName(mappedBaseModel) - if len(mappedProviders) == 0 { - return "", nil - } - - return mappedModel, mappedProviders - } - - // Track resolved model for logging (may change if mapping is applied) - resolvedModel := normalizedModel - usedMapping := false - var providers []string - - // Check if model mappings should be forced ahead of local API keys - forceMappings := fh.forceModelMappings != nil && fh.forceModelMappings() - - if forceMappings { - // FORCE MODE: Check model mappings FIRST (takes precedence over local API keys) - // This allows users to route Amp requests to their preferred OAuth providers - if mappedModel, mappedProviders := resolveMappedModel(); mappedModel != "" { - // Mapping found and provider available - rewrite the model in request body - bodyBytes = rewriteModelInRequest(bodyBytes, mappedModel) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - // Store mapped model in context for handlers that check it (like gemini bridge) - c.Set(MappedModelContextKey, mappedModel) - resolvedModel = mappedModel - usedMapping = true - providers = mappedProviders - } - - // If no mapping applied, check for local providers - if !usedMapping { - providers = util.GetProviderName(normalizedModel) - } - } else { - // DEFAULT MODE: Check local providers first, then mappings as fallback - providers = util.GetProviderName(normalizedModel) - - if len(providers) == 0 { - // No providers configured - check if we have a model mapping - if mappedModel, mappedProviders := resolveMappedModel(); mappedModel != "" { - // Mapping found and provider available - rewrite the model in request body - bodyBytes = rewriteModelInRequest(bodyBytes, mappedModel) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - // Store mapped model in context for handlers that check it (like gemini bridge) - c.Set(MappedModelContextKey, mappedModel) - resolvedModel = mappedModel - usedMapping = true - providers = mappedProviders - } - } - } - - // If no providers available, fallback to ampcode.com - if len(providers) == 0 { - proxy := fh.getProxy() - if proxy != nil { - // Log: Forwarding to ampcode.com (uses Amp credits) - logAmpRouting(RouteTypeAmpCredits, modelName, "", "", requestPath) - - // Restore body again for the proxy - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - - // Forward to ampcode.com - proxy.ServeHTTP(c.Writer, c.Request) - return - } - - // No proxy available, let the normal handler return the error - logAmpRouting(RouteTypeNoProvider, modelName, "", "", requestPath) - } - - // Log the routing decision - providerName := "" - if len(providers) > 0 { - providerName = providers[0] - } - - if usedMapping { - // Log: Model was mapped to another model - log.Debugf("amp model mapping: request %s -> %s", normalizedModel, resolvedModel) - logAmpRouting(RouteTypeModelMapping, modelName, resolvedModel, providerName, requestPath) - rewriter := NewResponseRewriter(c.Writer, modelName) - c.Writer = rewriter - // Filter Anthropic-Beta header only for local handling paths - filterAntropicBetaHeader(c) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - rewriter.Flush() - log.Debugf("amp model mapping: response %s -> %s", resolvedModel, modelName) - } else if len(providers) > 0 { - // Log: Using local provider (free) - logAmpRouting(RouteTypeLocalProvider, modelName, resolvedModel, providerName, requestPath) - // Filter Anthropic-Beta header only for local handling paths - filterAntropicBetaHeader(c) - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - } else { - // No provider, no mapping, no proxy: fall back to the wrapped handler so it can return an error response - c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) - handler(c) - } - } -} - -// filterAntropicBetaHeader filters Anthropic-Beta header to remove features requiring special subscription -// This is needed when using local providers (bypassing the Amp proxy) -func filterAntropicBetaHeader(c *gin.Context) { - if betaHeader := c.Request.Header.Get("Anthropic-Beta"); betaHeader != "" { - if filtered := filterBetaFeatures(betaHeader, "context-1m-2025-08-07"); filtered != "" { - c.Request.Header.Set("Anthropic-Beta", filtered) - } else { - c.Request.Header.Del("Anthropic-Beta") - } - } -} - -// rewriteModelInRequest replaces the model name in a JSON request body -func rewriteModelInRequest(body []byte, newModel string) []byte { - if !gjson.GetBytes(body, "model").Exists() { - return body - } - result, err := sjson.SetBytes(body, "model", newModel) - if err != nil { - log.Warnf("amp model mapping: failed to rewrite model in request body: %v", err) - return body - } - return result -} - -// extractModelFromRequest attempts to extract the model name from various request formats -func extractModelFromRequest(body []byte, c *gin.Context) string { - // First try to parse from JSON body (OpenAI, Claude, etc.) - // Check common model field names - if result := gjson.GetBytes(body, "model"); result.Exists() && result.Type == gjson.String { - return result.String() - } - - // For Gemini requests, model is in the URL path - // Standard format: /models/{model}:generateContent -> :action parameter - if action := c.Param("action"); action != "" { - // Split by colon to get model name (e.g., "gemini-pro:generateContent" -> "gemini-pro") - parts := strings.Split(action, ":") - if len(parts) > 0 && parts[0] != "" { - return parts[0] - } - } - - // AMP CLI format: /publishers/google/models/{model}:method -> *path parameter - // Example: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent - if path := c.Param("path"); path != "" { - // Look for /models/{model}:method pattern - if idx := strings.Index(path, "/models/"); idx >= 0 { - modelPart := path[idx+8:] // Skip "/models/" - // Split by colon to get model name - if colonIdx := strings.Index(modelPart, ":"); colonIdx > 0 { - return modelPart[:colonIdx] - } - } - } - - return "" -} diff --git a/internal/api/modules/amp/fallback_handlers_test.go b/internal/api/modules/amp/fallback_handlers_test.go deleted file mode 100644 index f139ae939a..0000000000 --- a/internal/api/modules/amp/fallback_handlers_test.go +++ /dev/null @@ -1,73 +0,0 @@ -package amp - -import ( - "bytes" - "encoding/json" - "net/http" - "net/http/httptest" - "net/http/httputil" - "testing" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" -) - -func TestFallbackHandler_ModelMapping_PreservesThinkingSuffixAndRewritesResponse(t *testing.T) { - gin.SetMode(gin.TestMode) - - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-amp-fallback", "codex", []*registry.ModelInfo{ - {ID: "test/gpt-5.2", OwnedBy: "openai", Type: "codex"}, - }) - defer reg.UnregisterClient("test-client-amp-fallback") - - mapper := NewModelMapper([]config.AmpModelMapping{ - {From: "gpt-5.2", To: "test/gpt-5.2"}, - }) - - fallback := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { return nil }, mapper, nil) - - handler := func(c *gin.Context) { - var req struct { - Model string `json:"model"` - } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "model": req.Model, - "seen_model": req.Model, - }) - } - - r := gin.New() - r.POST("/chat/completions", fallback.WrapHandler(handler)) - - reqBody := []byte(`{"model":"gpt-5.2(xhigh)"}`) - req := httptest.NewRequest(http.MethodPost, "/chat/completions", bytes.NewReader(reqBody)) - req.Header.Set("Content-Type", "application/json") - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("Expected status 200, got %d", w.Code) - } - - var resp struct { - Model string `json:"model"` - SeenModel string `json:"seen_model"` - } - if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil { - t.Fatalf("Failed to parse response JSON: %v", err) - } - - if resp.Model != "gpt-5.2(xhigh)" { - t.Errorf("Expected response model gpt-5.2(xhigh), got %s", resp.Model) - } - if resp.SeenModel != "test/gpt-5.2(xhigh)" { - t.Errorf("Expected handler to see test/gpt-5.2(xhigh), got %s", resp.SeenModel) - } -} diff --git a/internal/api/modules/amp/gemini_bridge.go b/internal/api/modules/amp/gemini_bridge.go deleted file mode 100644 index d6ad8f797f..0000000000 --- a/internal/api/modules/amp/gemini_bridge.go +++ /dev/null @@ -1,59 +0,0 @@ -package amp - -import ( - "strings" - - "github.com/gin-gonic/gin" -) - -// createGeminiBridgeHandler creates a handler that bridges AMP CLI's non-standard Gemini paths -// to our standard Gemini handler by rewriting the request context. -// -// AMP CLI format: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent -// Standard format: /models/gemini-3-pro-preview:streamGenerateContent -// -// This extracts the model+method from the AMP path and sets it as the :action parameter -// so the standard Gemini handler can process it. -// -// The handler parameter should be a Gemini-compatible handler that expects the :action param. -func createGeminiBridgeHandler(handler gin.HandlerFunc) gin.HandlerFunc { - return func(c *gin.Context) { - // Get the full path from the catch-all parameter - path := c.Param("path") - - // Extract model:method from AMP CLI path format - // Example: /publishers/google/models/gemini-3-pro-preview:streamGenerateContent - const modelsPrefix = "/models/" - if idx := strings.Index(path, modelsPrefix); idx >= 0 { - // Extract everything after modelsPrefix - actionPart := path[idx+len(modelsPrefix):] - - // Check if model was mapped by FallbackHandler - if mappedModel, exists := c.Get(MappedModelContextKey); exists { - if strModel, ok := mappedModel.(string); ok && strModel != "" { - // Replace the model part in the action - // actionPart is like "model-name:method" - if colonIdx := strings.Index(actionPart, ":"); colonIdx > 0 { - method := actionPart[colonIdx:] // ":method" - actionPart = strModel + method - } - } - } - - // Set this as the :action parameter that the Gemini handler expects - c.Params = append(c.Params, gin.Param{ - Key: "action", - Value: actionPart, - }) - - // Call the handler - handler(c) - return - } - - // If we can't parse the path, return 400 - c.JSON(400, gin.H{ - "error": "Invalid Gemini API path format", - }) - } -} diff --git a/internal/api/modules/amp/gemini_bridge_test.go b/internal/api/modules/amp/gemini_bridge_test.go deleted file mode 100644 index 347456c383..0000000000 --- a/internal/api/modules/amp/gemini_bridge_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package amp - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestCreateGeminiBridgeHandler_ActionParameterExtraction(t *testing.T) { - gin.SetMode(gin.TestMode) - - tests := []struct { - name string - path string - mappedModel string // empty string means no mapping - expectedAction string - }{ - { - name: "no_mapping_uses_url_model", - path: "/publishers/google/models/gemini-pro:generateContent", - mappedModel: "", - expectedAction: "gemini-pro:generateContent", - }, - { - name: "mapped_model_replaces_url_model", - path: "/publishers/google/models/gemini-exp:generateContent", - mappedModel: "gemini-2.0-flash", - expectedAction: "gemini-2.0-flash:generateContent", - }, - { - name: "mapping_preserves_method", - path: "/publishers/google/models/gemini-2.5-preview:streamGenerateContent", - mappedModel: "gemini-flash", - expectedAction: "gemini-flash:streamGenerateContent", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - var capturedAction string - - mockGeminiHandler := func(c *gin.Context) { - capturedAction = c.Param("action") - c.JSON(http.StatusOK, gin.H{"captured": capturedAction}) - } - - // Use the actual createGeminiBridgeHandler function - bridgeHandler := createGeminiBridgeHandler(mockGeminiHandler) - - r := gin.New() - if tt.mappedModel != "" { - r.Use(func(c *gin.Context) { - c.Set(MappedModelContextKey, tt.mappedModel) - c.Next() - }) - } - r.POST("/api/provider/google/v1beta1/*path", bridgeHandler) - - req := httptest.NewRequest(http.MethodPost, "/api/provider/google/v1beta1"+tt.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Fatalf("Expected status 200, got %d", w.Code) - } - if capturedAction != tt.expectedAction { - t.Errorf("Expected action '%s', got '%s'", tt.expectedAction, capturedAction) - } - }) - } -} - -func TestCreateGeminiBridgeHandler_InvalidPath(t *testing.T) { - gin.SetMode(gin.TestMode) - - mockHandler := func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{"ok": true}) - } - bridgeHandler := createGeminiBridgeHandler(mockHandler) - - r := gin.New() - r.POST("/api/provider/google/v1beta1/*path", bridgeHandler) - - req := httptest.NewRequest(http.MethodPost, "/api/provider/google/v1beta1/invalid/path", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusBadRequest { - t.Errorf("Expected status 400 for invalid path, got %d", w.Code) - } -} diff --git a/internal/api/modules/amp/model_mapping.go b/internal/api/modules/amp/model_mapping.go deleted file mode 100644 index b92e5b9a8d..0000000000 --- a/internal/api/modules/amp/model_mapping.go +++ /dev/null @@ -1,171 +0,0 @@ -// Package amp provides model mapping functionality for routing Amp CLI requests -// to alternative models when the requested model is not available locally. -package amp - -import ( - "regexp" - "strings" - "sync" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// ModelMapper provides model name mapping/aliasing for Amp CLI requests. -// When an Amp request comes in for a model that isn't available locally, -// this mapper can redirect it to an alternative model that IS available. -type ModelMapper interface { - // MapModel returns the target model name if a mapping exists and the target - // model has available providers. Returns empty string if no mapping applies. - MapModel(requestedModel string) string - - // UpdateMappings refreshes the mapping configuration (for hot-reload). - UpdateMappings(mappings []config.AmpModelMapping) -} - -// DefaultModelMapper implements ModelMapper with thread-safe mapping storage. -type DefaultModelMapper struct { - mu sync.RWMutex - mappings map[string]string // exact: from -> to (normalized lowercase keys) - regexps []regexMapping // regex rules evaluated in order -} - -// NewModelMapper creates a new model mapper with the given initial mappings. -func NewModelMapper(mappings []config.AmpModelMapping) *DefaultModelMapper { - m := &DefaultModelMapper{ - mappings: make(map[string]string), - regexps: nil, - } - m.UpdateMappings(mappings) - return m -} - -// MapModel checks if a mapping exists for the requested model and if the -// target model has available local providers. Returns the mapped model name -// or empty string if no valid mapping exists. -// -// If the requested model contains a thinking suffix (e.g., "g25p(8192)"), -// the suffix is preserved in the returned model name (e.g., "gemini-2.5-pro(8192)"). -// However, if the mapping target already contains a suffix, the config suffix -// takes priority over the user's suffix. -func (m *DefaultModelMapper) MapModel(requestedModel string) string { - if requestedModel == "" { - return "" - } - - m.mu.RLock() - defer m.mu.RUnlock() - - // Extract thinking suffix from requested model using ParseSuffix - requestResult := thinking.ParseSuffix(requestedModel) - baseModel := requestResult.ModelName - - // Normalize the base model for lookup (case-insensitive) - normalizedBase := strings.ToLower(strings.TrimSpace(baseModel)) - - // Check for direct mapping using base model name - targetModel, exists := m.mappings[normalizedBase] - if !exists { - // Try regex mappings in order using base model only - // (suffix is handled separately via ParseSuffix) - for _, rm := range m.regexps { - if rm.re.MatchString(baseModel) { - targetModel = rm.to - exists = true - break - } - } - if !exists { - return "" - } - } - - // Check if target model already has a thinking suffix (config priority) - targetResult := thinking.ParseSuffix(targetModel) - - // Verify target model has available providers (use base model for lookup) - providers := util.GetProviderName(targetResult.ModelName) - if len(providers) == 0 { - log.Debugf("amp model mapping: target model %s has no available providers, skipping mapping", targetModel) - return "" - } - - // Suffix handling: config suffix takes priority, otherwise preserve user suffix - if targetResult.HasSuffix { - // Config's "to" already contains a suffix - use it as-is (config priority) - return targetModel - } - - // Preserve user's thinking suffix on the mapped model - // (skip empty suffixes to avoid returning "model()") - if requestResult.HasSuffix && requestResult.RawSuffix != "" { - return targetModel + "(" + requestResult.RawSuffix + ")" - } - - // Note: Detailed routing log is handled by logAmpRouting in fallback_handlers.go - return targetModel -} - -// UpdateMappings refreshes the mapping configuration from config. -// This is called during initialization and on config hot-reload. -func (m *DefaultModelMapper) UpdateMappings(mappings []config.AmpModelMapping) { - m.mu.Lock() - defer m.mu.Unlock() - - // Clear and rebuild mappings - m.mappings = make(map[string]string, len(mappings)) - m.regexps = make([]regexMapping, 0, len(mappings)) - - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - - if from == "" || to == "" { - log.Warnf("amp model mapping: skipping invalid mapping (from=%q, to=%q)", from, to) - continue - } - - if mapping.Regex { - // Compile case-insensitive regex; wrap with (?i) to match behavior of exact lookups - pattern := "(?i)" + from - re, err := regexp.Compile(pattern) - if err != nil { - log.Warnf("amp model mapping: invalid regex %q: %v", from, err) - continue - } - m.regexps = append(m.regexps, regexMapping{re: re, to: to}) - log.Debugf("amp model regex mapping registered: /%s/ -> %s", from, to) - } else { - // Store with normalized lowercase key for case-insensitive lookup - normalizedFrom := strings.ToLower(from) - m.mappings[normalizedFrom] = to - log.Debugf("amp model mapping registered: %s -> %s", from, to) - } - } - - if len(m.mappings) > 0 { - log.Infof("amp model mapping: loaded %d mapping(s)", len(m.mappings)) - } - if n := len(m.regexps); n > 0 { - log.Infof("amp model mapping: loaded %d regex mapping(s)", n) - } -} - -// GetMappings returns a copy of current mappings (for debugging/status). -func (m *DefaultModelMapper) GetMappings() map[string]string { - m.mu.RLock() - defer m.mu.RUnlock() - - result := make(map[string]string, len(m.mappings)) - for k, v := range m.mappings { - result[k] = v - } - return result -} - -type regexMapping struct { - re *regexp.Regexp - to string -} diff --git a/internal/api/modules/amp/model_mapping_test.go b/internal/api/modules/amp/model_mapping_test.go deleted file mode 100644 index dde9e27e9b..0000000000 --- a/internal/api/modules/amp/model_mapping_test.go +++ /dev/null @@ -1,375 +0,0 @@ -package amp - -import ( - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" -) - -func TestNewModelMapper(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - {From: "gpt-5", To: "gemini-2.5-pro"}, - } - - mapper := NewModelMapper(mappings) - if mapper == nil { - t.Fatal("Expected non-nil mapper") - } - - result := mapper.GetMappings() - if len(result) != 2 { - t.Errorf("Expected 2 mappings, got %d", len(result)) - } -} - -func TestNewModelMapper_Empty(t *testing.T) { - mapper := NewModelMapper(nil) - if mapper == nil { - t.Fatal("Expected non-nil mapper") - } - - result := mapper.GetMappings() - if len(result) != 0 { - t.Errorf("Expected 0 mappings, got %d", len(result)) - } -} - -func TestModelMapper_MapModel_NoProvider(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Without a registered provider for the target, mapping should return empty - result := mapper.MapModel("claude-opus-4.5") - if result != "" { - t.Errorf("Expected empty result when target has no provider, got %s", result) - } -} - -func TestModelMapper_MapModel_WithProvider(t *testing.T) { - // Register a mock provider for the target model - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client") - - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // With a registered provider, mapping should work - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_MapModel_TargetWithThinkingSuffix(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-thinking", "codex", []*registry.ModelInfo{ - {ID: "gpt-5.2", OwnedBy: "openai", Type: "codex"}, - }) - defer reg.UnregisterClient("test-client-thinking") - - mappings := []config.AmpModelMapping{ - {From: "gpt-5.2-alias", To: "gpt-5.2(xhigh)"}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("gpt-5.2-alias") - if result != "gpt-5.2(xhigh)" { - t.Errorf("Expected gpt-5.2(xhigh), got %s", result) - } -} - -func TestModelMapper_MapModel_CaseInsensitive(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client2") - - mappings := []config.AmpModelMapping{ - {From: "Claude-Opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Should match case-insensitively - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_MapModel_NotFound(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - // Unknown model should return empty - result := mapper.MapModel("unknown-model") - if result != "" { - t.Errorf("Expected empty for unknown model, got %s", result) - } -} - -func TestModelMapper_MapModel_EmptyInput(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "claude-opus-4.5", To: "claude-sonnet-4"}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("") - if result != "" { - t.Errorf("Expected empty for empty input, got %s", result) - } -} - -func TestModelMapper_UpdateMappings(t *testing.T) { - mapper := NewModelMapper(nil) - - // Initially empty - if len(mapper.GetMappings()) != 0 { - t.Error("Expected 0 initial mappings") - } - - // Update with new mappings - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "model-a", To: "model-b"}, - {From: "model-c", To: "model-d"}, - }) - - result := mapper.GetMappings() - if len(result) != 2 { - t.Errorf("Expected 2 mappings after update, got %d", len(result)) - } - - // Update again should replace, not append - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "model-x", To: "model-y"}, - }) - - result = mapper.GetMappings() - if len(result) != 1 { - t.Errorf("Expected 1 mapping after second update, got %d", len(result)) - } -} - -func TestModelMapper_UpdateMappings_SkipsInvalid(t *testing.T) { - mapper := NewModelMapper(nil) - - mapper.UpdateMappings([]config.AmpModelMapping{ - {From: "", To: "model-b"}, // Invalid: empty from - {From: "model-a", To: ""}, // Invalid: empty to - {From: " ", To: "model-b"}, // Invalid: whitespace from - {From: "model-c", To: "model-d"}, // Valid - }) - - result := mapper.GetMappings() - if len(result) != 1 { - t.Errorf("Expected 1 valid mapping, got %d", len(result)) - } -} - -func TestModelMapper_GetMappings_ReturnsCopy(t *testing.T) { - mappings := []config.AmpModelMapping{ - {From: "model-a", To: "model-b"}, - } - - mapper := NewModelMapper(mappings) - - // Get mappings and modify the returned map - result := mapper.GetMappings() - result["new-key"] = "new-value" - - // Original should be unchanged - original := mapper.GetMappings() - if len(original) != 1 { - t.Errorf("Expected original to have 1 mapping, got %d", len(original)) - } - if _, exists := original["new-key"]; exists { - t.Error("Original map was modified") - } -} - -func TestModelMapper_Regex_MatchBaseWithoutParens(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-1", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - defer reg.UnregisterClient("test-client-regex-1") - - mappings := []config.AmpModelMapping{ - {From: "^gpt-5$", To: "gemini-2.5-pro", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - // Incoming model has reasoning suffix, regex matches base, suffix is preserved - result := mapper.MapModel("gpt-5(high)") - if result != "gemini-2.5-pro(high)" { - t.Errorf("Expected gemini-2.5-pro(high), got %s", result) - } -} - -func TestModelMapper_Regex_ExactPrecedence(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - reg.RegisterClient("test-client-regex-3", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - defer reg.UnregisterClient("test-client-regex-2") - defer reg.UnregisterClient("test-client-regex-3") - - mappings := []config.AmpModelMapping{ - {From: "gpt-5", To: "claude-sonnet-4"}, // exact - {From: "^gpt-5.*$", To: "gemini-2.5-pro", Regex: true}, // regex - } - - mapper := NewModelMapper(mappings) - - // Exact match should win over regex - result := mapper.MapModel("gpt-5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_Regex_InvalidPattern_Skipped(t *testing.T) { - // Invalid regex should be skipped and not cause panic - mappings := []config.AmpModelMapping{ - {From: "(", To: "target", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("anything") - if result != "" { - t.Errorf("Expected empty result due to invalid regex, got %s", result) - } -} - -func TestModelMapper_Regex_CaseInsensitive(t *testing.T) { - reg := registry.GetGlobalRegistry() - reg.RegisterClient("test-client-regex-4", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-regex-4") - - mappings := []config.AmpModelMapping{ - {From: "^CLAUDE-OPUS-.*$", To: "claude-sonnet-4", Regex: true}, - } - - mapper := NewModelMapper(mappings) - - result := mapper.MapModel("claude-opus-4.5") - if result != "claude-sonnet-4" { - t.Errorf("Expected claude-sonnet-4, got %s", result) - } -} - -func TestModelMapper_SuffixPreservation(t *testing.T) { - reg := registry.GetGlobalRegistry() - - // Register test models - reg.RegisterClient("test-client-suffix", "gemini", []*registry.ModelInfo{ - {ID: "gemini-2.5-pro", OwnedBy: "google", Type: "gemini"}, - }) - reg.RegisterClient("test-client-suffix-2", "claude", []*registry.ModelInfo{ - {ID: "claude-sonnet-4", OwnedBy: "anthropic", Type: "claude"}, - }) - defer reg.UnregisterClient("test-client-suffix") - defer reg.UnregisterClient("test-client-suffix-2") - - tests := []struct { - name string - mappings []config.AmpModelMapping - input string - want string - }{ - { - name: "numeric suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(8192)", - want: "gemini-2.5-pro(8192)", - }, - { - name: "level suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(high)", - want: "gemini-2.5-pro(high)", - }, - { - name: "no suffix unchanged", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p", - want: "gemini-2.5-pro", - }, - { - name: "config suffix takes priority", - mappings: []config.AmpModelMapping{{From: "alias", To: "gemini-2.5-pro(medium)"}}, - input: "alias(high)", - want: "gemini-2.5-pro(medium)", - }, - { - name: "regex with suffix preserved", - mappings: []config.AmpModelMapping{{From: "^g25.*", To: "gemini-2.5-pro", Regex: true}}, - input: "g25p(8192)", - want: "gemini-2.5-pro(8192)", - }, - { - name: "auto suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(auto)", - want: "gemini-2.5-pro(auto)", - }, - { - name: "none suffix preserved", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p(none)", - want: "gemini-2.5-pro(none)", - }, - { - name: "case insensitive base lookup with suffix", - mappings: []config.AmpModelMapping{{From: "G25P", To: "gemini-2.5-pro"}}, - input: "g25p(high)", - want: "gemini-2.5-pro(high)", - }, - { - name: "empty suffix filtered out", - mappings: []config.AmpModelMapping{{From: "g25p", To: "gemini-2.5-pro"}}, - input: "g25p()", - want: "gemini-2.5-pro", - }, - { - name: "incomplete suffix treated as no suffix", - mappings: []config.AmpModelMapping{{From: "g25p(high", To: "gemini-2.5-pro"}}, - input: "g25p(high", - want: "gemini-2.5-pro", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - mapper := NewModelMapper(tt.mappings) - got := mapper.MapModel(tt.input) - if got != tt.want { - t.Errorf("MapModel(%q) = %q, want %q", tt.input, got, tt.want) - } - }) - } -} diff --git a/internal/api/modules/amp/proxy.go b/internal/api/modules/amp/proxy.go deleted file mode 100644 index c593c1b328..0000000000 --- a/internal/api/modules/amp/proxy.go +++ /dev/null @@ -1,266 +0,0 @@ -package amp - -import ( - "bytes" - "compress/gzip" - "context" - "errors" - "fmt" - "io" - "net" - "net/http" - "net/http/httputil" - "net/url" - "strconv" - "strings" - - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" -) - -func removeQueryValuesMatching(req *http.Request, key string, match string) { - if req == nil || req.URL == nil || match == "" { - return - } - - q := req.URL.Query() - values, ok := q[key] - if !ok || len(values) == 0 { - return - } - - kept := make([]string, 0, len(values)) - for _, v := range values { - if v == match { - continue - } - kept = append(kept, v) - } - - if len(kept) == 0 { - q.Del(key) - } else { - q[key] = kept - } - req.URL.RawQuery = q.Encode() -} - -// readCloser wraps a reader and forwards Close to a separate closer. -// Used to restore peeked bytes while preserving upstream body Close behavior. -type readCloser struct { - r io.Reader - c io.Closer -} - -func (rc *readCloser) Read(p []byte) (int, error) { return rc.r.Read(p) } -func (rc *readCloser) Close() error { return rc.c.Close() } - -// createReverseProxy creates a reverse proxy handler for Amp upstream -// with automatic gzip decompression via ModifyResponse -func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputil.ReverseProxy, error) { - parsed, err := url.Parse(upstreamURL) - if err != nil { - return nil, fmt.Errorf("invalid amp upstream url: %w", err) - } - - proxy := httputil.NewSingleHostReverseProxy(parsed) - originalDirector := proxy.Director - - // Modify outgoing requests to inject API key and fix routing - proxy.Director = func(req *http.Request) { - originalDirector(req) - req.Host = parsed.Host - - // Remove client's Authorization header - it was only used for CLI Proxy API authentication - // We will set our own Authorization using the configured upstream-api-key - req.Header.Del("Authorization") - req.Header.Del("X-Api-Key") - req.Header.Del("X-Goog-Api-Key") - - // Remove query-based credentials if they match the authenticated client API key. - // This prevents leaking client auth material to the Amp upstream while avoiding - // breaking unrelated upstream query parameters. - clientKey := getClientAPIKeyFromContext(req.Context()) - removeQueryValuesMatching(req, "key", clientKey) - removeQueryValuesMatching(req, "auth_token", clientKey) - - // Preserve correlation headers for debugging - if req.Header.Get("X-Request-ID") == "" { - // Could generate one here if needed - } - - // Note: We do NOT filter Anthropic-Beta headers in the proxy path - // Users going through ampcode.com proxy are paying for the service and should get all features - // including 1M context window (context-1m-2025-08-07) - - // Inject API key from secret source (only uses upstream-api-key from config) - if key, err := secretSource.Get(req.Context()); err == nil && key != "" { - req.Header.Set("X-Api-Key", key) - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", key)) - } else if err != nil { - log.Warnf("amp secret source error (continuing without auth): %v", err) - } - } - - // Modify incoming responses to handle gzip without Content-Encoding - // This addresses the same issue as inline handler gzip handling, but at the proxy level - proxy.ModifyResponse = func(resp *http.Response) error { - // Log upstream error responses for diagnostics (502, 503, etc.) - // These are NOT proxy connection errors - the upstream responded with an error status - if resp.StatusCode >= 500 { - log.Errorf("amp upstream responded with error [%d] for %s %s", resp.StatusCode, resp.Request.Method, resp.Request.URL.Path) - } else if resp.StatusCode >= 400 { - log.Warnf("amp upstream responded with client error [%d] for %s %s", resp.StatusCode, resp.Request.Method, resp.Request.URL.Path) - } - - // Only process successful responses for gzip decompression - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return nil - } - - // Skip if already marked as gzip (Content-Encoding set) - if resp.Header.Get("Content-Encoding") != "" { - return nil - } - - // Skip streaming responses (SSE, chunked) - if isStreamingResponse(resp) { - return nil - } - - // Save reference to original upstream body for proper cleanup - originalBody := resp.Body - - // Peek at first 2 bytes to detect gzip magic bytes - header := make([]byte, 2) - n, _ := io.ReadFull(originalBody, header) - - // Check for gzip magic bytes (0x1f 0x8b) - // If n < 2, we didn't get enough bytes, so it's not gzip - if n >= 2 && header[0] == 0x1f && header[1] == 0x8b { - // It's gzip - read the rest of the body - rest, err := io.ReadAll(originalBody) - if err != nil { - // Restore what we read and return original body (preserve Close behavior) - resp.Body = &readCloser{ - r: io.MultiReader(bytes.NewReader(header[:n]), originalBody), - c: originalBody, - } - return nil - } - - // Reconstruct complete gzipped data - gzippedData := append(header[:n], rest...) - - // Decompress - gzipReader, err := gzip.NewReader(bytes.NewReader(gzippedData)) - if err != nil { - log.Warnf("amp proxy: gzip header detected but decompress failed: %v", err) - // Close original body and return in-memory copy - _ = originalBody.Close() - resp.Body = io.NopCloser(bytes.NewReader(gzippedData)) - return nil - } - - decompressed, err := io.ReadAll(gzipReader) - _ = gzipReader.Close() - if err != nil { - log.Warnf("amp proxy: gzip decompress error: %v", err) - // Close original body and return in-memory copy - _ = originalBody.Close() - resp.Body = io.NopCloser(bytes.NewReader(gzippedData)) - return nil - } - - // Close original body since we're replacing with in-memory decompressed content - _ = originalBody.Close() - - // Replace body with decompressed content - resp.Body = io.NopCloser(bytes.NewReader(decompressed)) - resp.ContentLength = int64(len(decompressed)) - - // Update headers to reflect decompressed state - resp.Header.Del("Content-Encoding") // No longer compressed - resp.Header.Del("Content-Length") // Remove stale compressed length - resp.Header.Set("Content-Length", strconv.FormatInt(resp.ContentLength, 10)) // Set decompressed length - - log.Debugf("amp proxy: decompressed gzip response (%d -> %d bytes)", len(gzippedData), len(decompressed)) - } else { - // Not gzip - restore peeked bytes while preserving Close behavior - // Handle edge cases: n might be 0, 1, or 2 depending on EOF - resp.Body = &readCloser{ - r: io.MultiReader(bytes.NewReader(header[:n]), originalBody), - c: originalBody, - } - } - - return nil - } - - // Error handler for proxy failures with detailed error classification for diagnostics - proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) { - // Classify the error type for better diagnostics - var errType string - if errors.Is(err, context.DeadlineExceeded) { - errType = "timeout" - } else if errors.Is(err, context.Canceled) { - errType = "canceled" - } else if netErr, ok := err.(net.Error); ok && netErr.Timeout() { - errType = "dial_timeout" - } else if _, ok := err.(net.Error); ok { - errType = "network_error" - } else { - errType = "connection_error" - } - - // Don't log as error for context canceled - it's usually client closing connection - if errors.Is(err, context.Canceled) { - return - } else { - log.Errorf("amp upstream proxy error [%s] for %s %s: %v", errType, req.Method, req.URL.Path, err) - } - - rw.Header().Set("Content-Type", "application/json") - rw.WriteHeader(http.StatusBadGateway) - _, _ = rw.Write([]byte(`{"error":"amp_upstream_proxy_error","message":"Failed to reach Amp upstream"}`)) - } - - return proxy, nil -} - -// isStreamingResponse detects if the response is streaming (SSE only) -// Note: We only treat text/event-stream as streaming. Chunked transfer encoding -// is a transport-level detail and doesn't mean we can't decompress the full response. -// Many JSON APIs use chunked encoding for normal responses. -func isStreamingResponse(resp *http.Response) bool { - contentType := resp.Header.Get("Content-Type") - - // Only Server-Sent Events are true streaming responses - if strings.Contains(contentType, "text/event-stream") { - return true - } - - return false -} - -// proxyHandler converts httputil.ReverseProxy to gin.HandlerFunc -func proxyHandler(proxy *httputil.ReverseProxy) gin.HandlerFunc { - return func(c *gin.Context) { - proxy.ServeHTTP(c.Writer, c.Request) - } -} - -// filterBetaFeatures removes a specific beta feature from comma-separated list -func filterBetaFeatures(header, featureToRemove string) string { - features := strings.Split(header, ",") - filtered := make([]string, 0, len(features)) - - for _, feature := range features { - trimmed := strings.TrimSpace(feature) - if trimmed != "" && trimmed != featureToRemove { - filtered = append(filtered, trimmed) - } - } - - return strings.Join(filtered, ",") -} diff --git a/internal/api/modules/amp/proxy_test.go b/internal/api/modules/amp/proxy_test.go deleted file mode 100644 index 27678210fc..0000000000 --- a/internal/api/modules/amp/proxy_test.go +++ /dev/null @@ -1,681 +0,0 @@ -package amp - -import ( - "bytes" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// Helper: compress data with gzip -func gzipBytes(b []byte) []byte { - var buf bytes.Buffer - zw := gzip.NewWriter(&buf) - zw.Write(b) - zw.Close() - return buf.Bytes() -} - -// Helper: create a mock http.Response -func mkResp(status int, hdr http.Header, body []byte) *http.Response { - if hdr == nil { - hdr = http.Header{} - } - return &http.Response{ - StatusCode: status, - Header: hdr, - Body: io.NopCloser(bytes.NewReader(body)), - ContentLength: int64(len(body)), - } -} - -func TestCreateReverseProxy_ValidURL(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("key")) - if err != nil { - t.Fatalf("expected no error, got: %v", err) - } - if proxy == nil { - t.Fatal("expected proxy to be created") - } -} - -func TestCreateReverseProxy_InvalidURL(t *testing.T) { - _, err := createReverseProxy("://invalid", NewStaticSecretSource("key")) - if err == nil { - t.Fatal("expected error for invalid URL") - } -} - -func TestModifyResponse_GzipScenarios(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - good := gzipBytes(goodJSON) - truncated := good[:10] - corrupted := append([]byte{0x1f, 0x8b}, []byte("notgzip")...) - - cases := []struct { - name string - header http.Header - body []byte - status int - wantBody []byte - wantCE string - }{ - { - name: "decompresses_valid_gzip_no_header", - header: http.Header{}, - body: good, - status: 200, - wantBody: goodJSON, - wantCE: "", - }, - { - name: "skips_when_ce_present", - header: http.Header{"Content-Encoding": []string{"gzip"}}, - body: good, - status: 200, - wantBody: good, - wantCE: "gzip", - }, - { - name: "passes_truncated_unchanged", - header: http.Header{}, - body: truncated, - status: 200, - wantBody: truncated, - wantCE: "", - }, - { - name: "passes_corrupted_unchanged", - header: http.Header{}, - body: corrupted, - status: 200, - wantBody: corrupted, - wantCE: "", - }, - { - name: "non_gzip_unchanged", - header: http.Header{}, - body: []byte("plain"), - status: 200, - wantBody: []byte("plain"), - wantCE: "", - }, - { - name: "empty_body", - header: http.Header{}, - body: []byte{}, - status: 200, - wantBody: []byte{}, - wantCE: "", - }, - { - name: "single_byte_body", - header: http.Header{}, - body: []byte{0x1f}, - status: 200, - wantBody: []byte{0x1f}, - wantCE: "", - }, - { - name: "skips_non_2xx_status", - header: http.Header{}, - body: good, - status: 404, - wantBody: good, - wantCE: "", - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - resp := mkResp(tc.status, tc.header, tc.body) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - got, err := io.ReadAll(resp.Body) - if err != nil { - t.Fatalf("ReadAll error: %v", err) - } - if !bytes.Equal(got, tc.wantBody) { - t.Fatalf("body mismatch:\nwant: %q\ngot: %q", tc.wantBody, got) - } - if ce := resp.Header.Get("Content-Encoding"); ce != tc.wantCE { - t.Fatalf("Content-Encoding: want %q, got %q", tc.wantCE, ce) - } - }) - } -} - -func TestModifyResponse_UpdatesContentLengthHeader(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"message":"test response"}`) - gzipped := gzipBytes(goodJSON) - - // Simulate upstream response with gzip body AND Content-Length header - // (this is the scenario the bot flagged - stale Content-Length after decompression) - resp := mkResp(200, http.Header{ - "Content-Length": []string{fmt.Sprintf("%d", len(gzipped))}, // Compressed size - }, gzipped) - - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - - // Verify body is decompressed - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, goodJSON) { - t.Fatalf("body should be decompressed, got: %q, want: %q", got, goodJSON) - } - - // Verify Content-Length header is updated to decompressed size - wantCL := fmt.Sprintf("%d", len(goodJSON)) - gotCL := resp.Header.Get("Content-Length") - if gotCL != wantCL { - t.Fatalf("Content-Length header mismatch: want %q (decompressed), got %q", wantCL, gotCL) - } - - // Verify struct field also matches - if resp.ContentLength != int64(len(goodJSON)) { - t.Fatalf("resp.ContentLength mismatch: want %d, got %d", len(goodJSON), resp.ContentLength) - } -} - -func TestModifyResponse_SkipsStreamingResponses(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - gzipped := gzipBytes(goodJSON) - - t.Run("sse_skips_decompression", func(t *testing.T) { - resp := mkResp(200, http.Header{"Content-Type": []string{"text/event-stream"}}, gzipped) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - // SSE should NOT be decompressed - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, gzipped) { - t.Fatal("SSE response should not be decompressed") - } - }) -} - -func TestModifyResponse_DecompressesChunkedJSON(t *testing.T) { - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("k")) - if err != nil { - t.Fatal(err) - } - - goodJSON := []byte(`{"ok":true}`) - gzipped := gzipBytes(goodJSON) - - t.Run("chunked_json_decompresses", func(t *testing.T) { - // Chunked JSON responses (like thread APIs) should be decompressed - resp := mkResp(200, http.Header{"Transfer-Encoding": []string{"chunked"}}, gzipped) - if err := proxy.ModifyResponse(resp); err != nil { - t.Fatalf("ModifyResponse error: %v", err) - } - // Should decompress because it's not SSE - got, _ := io.ReadAll(resp.Body) - if !bytes.Equal(got, goodJSON) { - t.Fatalf("chunked JSON should be decompressed, got: %q, want: %q", got, goodJSON) - } - }) -} - -func TestReverseProxy_InjectsHeaders(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("secret")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "secret" { - t.Fatalf("X-Api-Key missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer secret" { - t.Fatalf("Authorization missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_EmptySecret(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - // Should NOT inject headers when secret is empty - if hdr.Get("X-Api-Key") != "" { - t.Fatalf("X-Api-Key should not be set, got: %q", hdr.Get("X-Api-Key")) - } - if authVal := hdr.Get("Authorization"); authVal != "" && authVal != "Bearer " { - t.Fatalf("Authorization should not be set, got: %q", authVal) - } -} - -func TestReverseProxy_StripsClientCredentialsFromHeadersAndQuery(t *testing.T) { - type captured struct { - headers http.Header - query string - } - got := make(chan captured, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - got <- captured{headers: r.Header.Clone(), query: r.URL.RawQuery} - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("upstream")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Simulate clientAPIKeyMiddleware injection (per-request) - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "client-key") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - req, err := http.NewRequest(http.MethodGet, srv.URL+"/test?key=client-key&key=keep&auth_token=client-key&foo=bar", nil) - if err != nil { - t.Fatal(err) - } - req.Header.Set("Authorization", "Bearer client-key") - req.Header.Set("X-Api-Key", "client-key") - req.Header.Set("X-Goog-Api-Key", "client-key") - - res, err := http.DefaultClient.Do(req) - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - c := <-got - - // These are client-provided credentials and must not reach the upstream. - if v := c.headers.Get("X-Goog-Api-Key"); v != "" { - t.Fatalf("X-Goog-Api-Key should be stripped, got: %q", v) - } - - // We inject upstream Authorization/X-Api-Key, so the client auth must not survive. - if v := c.headers.Get("Authorization"); v != "Bearer upstream" { - t.Fatalf("Authorization should be upstream-injected, got: %q", v) - } - if v := c.headers.Get("X-Api-Key"); v != "upstream" { - t.Fatalf("X-Api-Key should be upstream-injected, got: %q", v) - } - - // Query-based credentials should be stripped only when they match the authenticated client key. - // Should keep unrelated values and parameters. - if strings.Contains(c.query, "auth_token=client-key") || strings.Contains(c.query, "key=client-key") { - t.Fatalf("query credentials should be stripped, got raw query: %q", c.query) - } - if !strings.Contains(c.query, "key=keep") || !strings.Contains(c.query, "foo=bar") { - t.Fatalf("expected query to keep non-credential params, got raw query: %q", c.query) - } -} - -func TestReverseProxy_InjectsMappedSecret_FromRequestContext(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - defaultSource := NewStaticSecretSource("default") - mapped := NewMappedSecretSource(defaultSource) - mapped.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - proxy, err := createReverseProxy(upstream.URL, mapped) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Simulate clientAPIKeyMiddleware injection (per-request) - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "k1") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "u1" { - t.Fatalf("X-Api-Key missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer u1" { - t.Fatalf("Authorization missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_MappedSecret_FallsBackToDefault(t *testing.T) { - gotHeaders := make(chan http.Header, 1) - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotHeaders <- r.Header.Clone() - w.WriteHeader(200) - w.Write([]byte(`ok`)) - })) - defer upstream.Close() - - defaultSource := NewStaticSecretSource("default") - mapped := NewMappedSecretSource(defaultSource) - mapped.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - proxy, err := createReverseProxy(upstream.URL, mapped) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx := context.WithValue(r.Context(), clientAPIKeyContextKey{}, "k2") - proxy.ServeHTTP(w, r.WithContext(ctx)) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - res.Body.Close() - - hdr := <-gotHeaders - if hdr.Get("X-Api-Key") != "default" { - t.Fatalf("X-Api-Key fallback missing or wrong, got: %q", hdr.Get("X-Api-Key")) - } - if hdr.Get("Authorization") != "Bearer default" { - t.Fatalf("Authorization fallback missing or wrong, got: %q", hdr.Get("Authorization")) - } -} - -func TestReverseProxy_ErrorHandler(t *testing.T) { - // Point proxy to a non-routable address to trigger error - proxy, err := createReverseProxy("http://127.0.0.1:1", NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/any") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - res.Body.Close() - - if res.StatusCode != http.StatusBadGateway { - t.Fatalf("want 502, got %d", res.StatusCode) - } - if !bytes.Contains(body, []byte(`"amp_upstream_proxy_error"`)) { - t.Fatalf("unexpected body: %s", body) - } - if ct := res.Header.Get("Content-Type"); ct != "application/json" { - t.Fatalf("content-type: want application/json, got %s", ct) - } -} - -func TestReverseProxy_ErrorHandler_ContextCanceled(t *testing.T) { - // Test that context.Canceled errors return 499 without generic error response - proxy, err := createReverseProxy("http://example.com", NewStaticSecretSource("")) - if err != nil { - t.Fatal(err) - } - - // Create a canceled context to trigger the cancellation path - ctx, cancel := context.WithCancel(context.Background()) - cancel() // Cancel immediately - - req := httptest.NewRequest(http.MethodGet, "/test", nil).WithContext(ctx) - rr := httptest.NewRecorder() - - // Directly invoke the ErrorHandler with context.Canceled - proxy.ErrorHandler(rr, req, context.Canceled) - - // Body should be empty for canceled requests (no JSON error response) - body := rr.Body.Bytes() - if len(body) > 0 { - t.Fatalf("expected empty body for canceled context, got: %s", body) - } -} - -func TestReverseProxy_FullRoundTrip_Gzip(t *testing.T) { - // Upstream returns gzipped JSON without Content-Encoding header - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(200) - w.Write(gzipBytes([]byte(`{"upstream":"ok"}`))) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("key")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - res.Body.Close() - - expected := []byte(`{"upstream":"ok"}`) - if !bytes.Equal(body, expected) { - t.Fatalf("want decompressed JSON, got: %s", body) - } -} - -func TestReverseProxy_FullRoundTrip_PlainJSON(t *testing.T) { - // Upstream returns plain JSON - upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(200) - w.Write([]byte(`{"plain":"json"}`)) - })) - defer upstream.Close() - - proxy, err := createReverseProxy(upstream.URL, NewStaticSecretSource("key")) - if err != nil { - t.Fatal(err) - } - - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxy.ServeHTTP(w, r) - })) - defer srv.Close() - - res, err := http.Get(srv.URL + "/test") - if err != nil { - t.Fatal(err) - } - body, _ := io.ReadAll(res.Body) - res.Body.Close() - - expected := []byte(`{"plain":"json"}`) - if !bytes.Equal(body, expected) { - t.Fatalf("want plain JSON unchanged, got: %s", body) - } -} - -func TestIsStreamingResponse(t *testing.T) { - cases := []struct { - name string - header http.Header - want bool - }{ - { - name: "sse", - header: http.Header{"Content-Type": []string{"text/event-stream"}}, - want: true, - }, - { - name: "chunked_not_streaming", - header: http.Header{"Transfer-Encoding": []string{"chunked"}}, - want: false, // Chunked is transport-level, not streaming - }, - { - name: "normal_json", - header: http.Header{"Content-Type": []string{"application/json"}}, - want: false, - }, - { - name: "empty", - header: http.Header{}, - want: false, - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - resp := &http.Response{Header: tc.header} - got := isStreamingResponse(resp) - if got != tc.want { - t.Fatalf("want %v, got %v", tc.want, got) - } - }) - } -} - -func TestFilterBetaFeatures(t *testing.T) { - tests := []struct { - name string - header string - featureToRemove string - expected string - }{ - { - name: "Remove context-1m from middle", - header: "fine-grained-tool-streaming-2025-05-14,context-1m-2025-08-07,oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - { - name: "Remove context-1m from start", - header: "context-1m-2025-08-07,fine-grained-tool-streaming-2025-05-14", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14", - }, - { - name: "Remove context-1m from end", - header: "fine-grained-tool-streaming-2025-05-14,context-1m-2025-08-07", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14", - }, - { - name: "Feature not present", - header: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - { - name: "Only feature to remove", - header: "context-1m-2025-08-07", - featureToRemove: "context-1m-2025-08-07", - expected: "", - }, - { - name: "Empty header", - header: "", - featureToRemove: "context-1m-2025-08-07", - expected: "", - }, - { - name: "Header with spaces", - header: "fine-grained-tool-streaming-2025-05-14, context-1m-2025-08-07 , oauth-2025-04-20", - featureToRemove: "context-1m-2025-08-07", - expected: "fine-grained-tool-streaming-2025-05-14,oauth-2025-04-20", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := filterBetaFeatures(tt.header, tt.featureToRemove) - if result != tt.expected { - t.Errorf("filterBetaFeatures() = %q, want %q", result, tt.expected) - } - }) - } -} diff --git a/internal/api/modules/amp/response_rewriter.go b/internal/api/modules/amp/response_rewriter.go deleted file mode 100644 index 8a9cad704d..0000000000 --- a/internal/api/modules/amp/response_rewriter.go +++ /dev/null @@ -1,183 +0,0 @@ -package amp - -import ( - "bytes" - "net/http" - "strings" - - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ResponseRewriter wraps a gin.ResponseWriter to intercept and modify the response body -// It's used to rewrite model names in responses when model mapping is used -type ResponseRewriter struct { - gin.ResponseWriter - body *bytes.Buffer - originalModel string - isStreaming bool -} - -// NewResponseRewriter creates a new response rewriter for model name substitution -func NewResponseRewriter(w gin.ResponseWriter, originalModel string) *ResponseRewriter { - return &ResponseRewriter{ - ResponseWriter: w, - body: &bytes.Buffer{}, - originalModel: originalModel, - } -} - -const maxBufferedResponseBytes = 2 * 1024 * 1024 // 2MB safety cap - -func looksLikeSSEChunk(data []byte) bool { - // Fallback detection: some upstreams may omit/lie about Content-Type, causing SSE to be buffered. - // Heuristics are intentionally simple and cheap. - return bytes.Contains(data, []byte("data:")) || - bytes.Contains(data, []byte("event:")) || - bytes.Contains(data, []byte("message_start")) || - bytes.Contains(data, []byte("message_delta")) || - bytes.Contains(data, []byte("content_block_start")) || - bytes.Contains(data, []byte("content_block_delta")) || - bytes.Contains(data, []byte("content_block_stop")) || - bytes.Contains(data, []byte("\n\n")) -} - -func (rw *ResponseRewriter) enableStreaming(reason string) error { - if rw.isStreaming { - return nil - } - rw.isStreaming = true - - // Flush any previously buffered data to avoid reordering or data loss. - if rw.body != nil && rw.body.Len() > 0 { - buf := rw.body.Bytes() - // Copy before Reset() to keep bytes stable. - toFlush := make([]byte, len(buf)) - copy(toFlush, buf) - rw.body.Reset() - - if _, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(toFlush)); err != nil { - return err - } - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - } - - log.Debugf("amp response rewriter: switched to streaming (%s)", reason) - return nil -} - -// Write intercepts response writes and buffers them for model name replacement -func (rw *ResponseRewriter) Write(data []byte) (int, error) { - // Detect streaming on first write (header-based) - if !rw.isStreaming && rw.body.Len() == 0 { - contentType := rw.Header().Get("Content-Type") - rw.isStreaming = strings.Contains(contentType, "text/event-stream") || - strings.Contains(contentType, "stream") - } - - if !rw.isStreaming { - // Content-based fallback: detect SSE-like chunks even if Content-Type is missing/wrong. - if looksLikeSSEChunk(data) { - if err := rw.enableStreaming("sse heuristic"); err != nil { - return 0, err - } - } else if rw.body.Len()+len(data) > maxBufferedResponseBytes { - // Safety cap: avoid unbounded buffering on large responses. - log.Warnf("amp response rewriter: buffer exceeded %d bytes, switching to streaming", maxBufferedResponseBytes) - if err := rw.enableStreaming("buffer limit"); err != nil { - return 0, err - } - } - } - - if rw.isStreaming { - n, err := rw.ResponseWriter.Write(rw.rewriteStreamChunk(data)) - if err == nil { - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - } - return n, err - } - return rw.body.Write(data) -} - -// Flush writes the buffered response with model names rewritten -func (rw *ResponseRewriter) Flush() { - if rw.isStreaming { - if flusher, ok := rw.ResponseWriter.(http.Flusher); ok { - flusher.Flush() - } - return - } - if rw.body.Len() > 0 { - if _, err := rw.ResponseWriter.Write(rw.rewriteModelInResponse(rw.body.Bytes())); err != nil { - log.Warnf("amp response rewriter: failed to write rewritten response: %v", err) - } - } -} - -// modelFieldPaths lists all JSON paths where model name may appear -var modelFieldPaths = []string{"message.model", "model", "modelVersion", "response.model", "response.modelVersion"} - -// rewriteModelInResponse replaces all occurrences of the mapped model with the original model in JSON -// It also suppresses "thinking" blocks if "tool_use" is present to ensure Amp client compatibility -func (rw *ResponseRewriter) rewriteModelInResponse(data []byte) []byte { - // 1. Amp Compatibility: Suppress thinking blocks if tool use is detected - // The Amp client struggles when both thinking and tool_use blocks are present - if gjson.GetBytes(data, `content.#(type=="tool_use")`).Exists() { - filtered := gjson.GetBytes(data, `content.#(type!="thinking")#`) - if filtered.Exists() { - originalCount := gjson.GetBytes(data, "content.#").Int() - filteredCount := filtered.Get("#").Int() - - if originalCount > filteredCount { - var err error - data, err = sjson.SetBytes(data, "content", filtered.Value()) - if err != nil { - log.Warnf("Amp ResponseRewriter: failed to suppress thinking blocks: %v", err) - } else { - log.Debugf("Amp ResponseRewriter: Suppressed %d thinking blocks due to tool usage", originalCount-filteredCount) - // Log the result for verification - log.Debugf("Amp ResponseRewriter: Resulting content: %s", gjson.GetBytes(data, "content").String()) - } - } - } - } - - if rw.originalModel == "" { - return data - } - for _, path := range modelFieldPaths { - if gjson.GetBytes(data, path).Exists() { - data, _ = sjson.SetBytes(data, path, rw.originalModel) - } - } - return data -} - -// rewriteStreamChunk rewrites model names in SSE stream chunks -func (rw *ResponseRewriter) rewriteStreamChunk(chunk []byte) []byte { - if rw.originalModel == "" { - return chunk - } - - // SSE format: "data: {json}\n\n" - lines := bytes.Split(chunk, []byte("\n")) - for i, line := range lines { - if bytes.HasPrefix(line, []byte("data: ")) { - jsonData := bytes.TrimPrefix(line, []byte("data: ")) - if len(jsonData) > 0 && jsonData[0] == '{' { - // Rewrite JSON in the data line - rewritten := rw.rewriteModelInResponse(jsonData) - lines[i] = append([]byte("data: "), rewritten...) - } - } - } - - return bytes.Join(lines, []byte("\n")) -} diff --git a/internal/api/modules/amp/response_rewriter_test.go b/internal/api/modules/amp/response_rewriter_test.go deleted file mode 100644 index 114a9516fc..0000000000 --- a/internal/api/modules/amp/response_rewriter_test.go +++ /dev/null @@ -1,110 +0,0 @@ -package amp - -import ( - "testing" -) - -func TestRewriteModelInResponse_TopLevel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"id":"resp_1","model":"gpt-5.3-codex","output":[]}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"id":"resp_1","model":"gpt-5.2-codex","output":[]}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_ResponseModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.completed","response":{"id":"resp_1","model":"gpt-5.3-codex","status":"completed"}}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"type":"response.completed","response":{"id":"resp_1","model":"gpt-5.2-codex","status":"completed"}}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_ResponseCreated(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.created","response":{"id":"resp_1","model":"gpt-5.3-codex","status":"in_progress"}}`) - result := rw.rewriteModelInResponse(input) - - expected := `{"type":"response.created","response":{"id":"resp_1","model":"gpt-5.2-codex","status":"in_progress"}}` - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteModelInResponse_NoModelField(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - input := []byte(`{"type":"response.output_item.added","item":{"id":"item_1","type":"message"}}`) - result := rw.rewriteModelInResponse(input) - - if string(result) != string(input) { - t.Errorf("expected no modification, got %s", string(result)) - } -} - -func TestRewriteModelInResponse_EmptyOriginalModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: ""} - - input := []byte(`{"model":"gpt-5.3-codex"}`) - result := rw.rewriteModelInResponse(input) - - if string(result) != string(input) { - t.Errorf("expected no modification when originalModel is empty, got %s", string(result)) - } -} - -func TestRewriteStreamChunk_SSEWithResponseModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - chunk := []byte("data: {\"type\":\"response.completed\",\"response\":{\"id\":\"resp_1\",\"model\":\"gpt-5.3-codex\",\"status\":\"completed\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - expected := "data: {\"type\":\"response.completed\",\"response\":{\"id\":\"resp_1\",\"model\":\"gpt-5.2-codex\",\"status\":\"completed\"}}\n\n" - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func TestRewriteStreamChunk_MultipleEvents(t *testing.T) { - rw := &ResponseRewriter{originalModel: "gpt-5.2-codex"} - - chunk := []byte("data: {\"type\":\"response.created\",\"response\":{\"model\":\"gpt-5.3-codex\"}}\n\ndata: {\"type\":\"response.output_item.added\",\"item\":{\"id\":\"item_1\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - if string(result) == string(chunk) { - t.Error("expected response.model to be rewritten in SSE stream") - } - if !contains(result, []byte(`"model":"gpt-5.2-codex"`)) { - t.Errorf("expected rewritten model in output, got %s", string(result)) - } -} - -func TestRewriteStreamChunk_MessageModel(t *testing.T) { - rw := &ResponseRewriter{originalModel: "claude-opus-4.5"} - - chunk := []byte("data: {\"message\":{\"model\":\"claude-sonnet-4\",\"role\":\"assistant\"}}\n\n") - result := rw.rewriteStreamChunk(chunk) - - expected := "data: {\"message\":{\"model\":\"claude-opus-4.5\",\"role\":\"assistant\"}}\n\n" - if string(result) != expected { - t.Errorf("expected %s, got %s", expected, string(result)) - } -} - -func contains(data, substr []byte) bool { - for i := 0; i <= len(data)-len(substr); i++ { - if string(data[i:i+len(substr)]) == string(substr) { - return true - } - } - return false -} diff --git a/internal/api/modules/amp/routes.go b/internal/api/modules/amp/routes.go deleted file mode 100644 index e260867ad4..0000000000 --- a/internal/api/modules/amp/routes.go +++ /dev/null @@ -1,334 +0,0 @@ -package amp - -import ( - "context" - "errors" - "net" - "net/http" - "net/http/httputil" - "strings" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/logging" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers/claude" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers/gemini" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers/openai" - log "github.com/sirupsen/logrus" -) - -// clientAPIKeyContextKey is the context key used to pass the client API key -// from gin.Context to the request context for SecretSource lookup. -type clientAPIKeyContextKey struct{} - -// clientAPIKeyMiddleware injects the authenticated client API key from gin.Context["apiKey"] -// into the request context so that SecretSource can look it up for per-client upstream routing. -func clientAPIKeyMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // Extract the client API key from gin context (set by AuthMiddleware) - if apiKey, exists := c.Get("apiKey"); exists { - if keyStr, ok := apiKey.(string); ok && keyStr != "" { - // Inject into request context for SecretSource.Get(ctx) to read - ctx := context.WithValue(c.Request.Context(), clientAPIKeyContextKey{}, keyStr) - c.Request = c.Request.WithContext(ctx) - } - } - c.Next() - } -} - -// getClientAPIKeyFromContext retrieves the client API key from request context. -// Returns empty string if not present. -func getClientAPIKeyFromContext(ctx context.Context) string { - if val := ctx.Value(clientAPIKeyContextKey{}); val != nil { - if keyStr, ok := val.(string); ok { - return keyStr - } - } - return "" -} - -// localhostOnlyMiddleware returns a middleware that dynamically checks the module's -// localhost restriction setting. This allows hot-reload of the restriction without restarting. -func (m *AmpModule) localhostOnlyMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // Check current setting (hot-reloadable) - if !m.IsRestrictedToLocalhost() { - c.Next() - return - } - - // Use actual TCP connection address (RemoteAddr) to prevent header spoofing - // This cannot be forged by X-Forwarded-For or other client-controlled headers - remoteAddr := c.Request.RemoteAddr - - // RemoteAddr format is "IP:port" or "[IPv6]:port", extract just the IP - host, _, err := net.SplitHostPort(remoteAddr) - if err != nil { - // Try parsing as raw IP (shouldn't happen with standard HTTP, but be defensive) - host = remoteAddr - } - - // Parse the IP to handle both IPv4 and IPv6 - ip := net.ParseIP(host) - if ip == nil { - log.Warnf("amp management: invalid RemoteAddr %s, denying access", remoteAddr) - c.AbortWithStatusJSON(403, gin.H{ - "error": "Access denied: management routes restricted to localhost", - }) - return - } - - // Check if IP is loopback (127.0.0.1 or ::1) - if !ip.IsLoopback() { - log.Warnf("amp management: non-localhost connection from %s attempted access, denying", remoteAddr) - c.AbortWithStatusJSON(403, gin.H{ - "error": "Access denied: management routes restricted to localhost", - }) - return - } - - c.Next() - } -} - -// noCORSMiddleware disables CORS for management routes to prevent browser-based attacks. -// This overwrites any global CORS headers set by the server. -func noCORSMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // Remove CORS headers to prevent cross-origin access from browsers - c.Header("Access-Control-Allow-Origin", "") - c.Header("Access-Control-Allow-Methods", "") - c.Header("Access-Control-Allow-Headers", "") - c.Header("Access-Control-Allow-Credentials", "") - - // For OPTIONS preflight, deny with 403 - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(403) - return - } - - c.Next() - } -} - -// managementAvailabilityMiddleware short-circuits management routes when the upstream -// proxy is disabled, preventing noisy localhost warnings and accidental exposure. -func (m *AmpModule) managementAvailabilityMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - if m.getProxy() == nil { - logging.SkipGinRequestLogging(c) - c.AbortWithStatusJSON(http.StatusServiceUnavailable, gin.H{ - "error": "amp upstream proxy not available", - }) - return - } - c.Next() - } -} - -// wrapManagementAuth skips auth for selected management paths while keeping authentication elsewhere. -func wrapManagementAuth(auth gin.HandlerFunc, prefixes ...string) gin.HandlerFunc { - return func(c *gin.Context) { - path := c.Request.URL.Path - for _, prefix := range prefixes { - if strings.HasPrefix(path, prefix) && (len(path) == len(prefix) || path[len(prefix)] == '/') { - c.Next() - return - } - } - auth(c) - } -} - -// registerManagementRoutes registers Amp management proxy routes -// These routes proxy through to the Amp control plane for OAuth, user management, etc. -// Uses dynamic middleware and proxy getter for hot-reload support. -// The auth middleware validates Authorization header against configured API keys. -func (m *AmpModule) registerManagementRoutes(engine *gin.Engine, baseHandler *handlers.BaseAPIHandler, auth gin.HandlerFunc) { - ampAPI := engine.Group("/api") - - // Always disable CORS for management routes to prevent browser-based attacks - ampAPI.Use(m.managementAvailabilityMiddleware(), noCORSMiddleware()) - - // Apply dynamic localhost-only restriction (hot-reloadable via m.IsRestrictedToLocalhost()) - ampAPI.Use(m.localhostOnlyMiddleware()) - - // Apply authentication middleware - requires valid API key in Authorization header - var authWithBypass gin.HandlerFunc - if auth != nil { - ampAPI.Use(auth) - authWithBypass = wrapManagementAuth(auth, "/threads", "/auth", "/docs", "/settings") - } - - // Inject client API key into request context for per-client upstream routing - ampAPI.Use(clientAPIKeyMiddleware()) - - // Dynamic proxy handler that uses m.getProxy() for hot-reload support - proxyHandler := func(c *gin.Context) { - // Swallow ErrAbortHandler panics from ReverseProxy copyResponse to avoid noisy stack traces - defer func() { - if rec := recover(); rec != nil { - if err, ok := rec.(error); ok && errors.Is(err, http.ErrAbortHandler) { - // Upstream already wrote the status (often 404) before the client/stream ended. - return - } - panic(rec) - } - }() - - proxy := m.getProxy() - if proxy == nil { - c.JSON(503, gin.H{"error": "amp upstream proxy not available"}) - return - } - proxy.ServeHTTP(c.Writer, c.Request) - } - - // Management routes - these are proxied directly to Amp upstream - ampAPI.Any("/internal", proxyHandler) - ampAPI.Any("/internal/*path", proxyHandler) - ampAPI.Any("/user", proxyHandler) - ampAPI.Any("/user/*path", proxyHandler) - ampAPI.Any("/auth", proxyHandler) - ampAPI.Any("/auth/*path", proxyHandler) - ampAPI.Any("/meta", proxyHandler) - ampAPI.Any("/meta/*path", proxyHandler) - ampAPI.Any("/ads", proxyHandler) - ampAPI.Any("/telemetry", proxyHandler) - ampAPI.Any("/telemetry/*path", proxyHandler) - ampAPI.Any("/threads", proxyHandler) - ampAPI.Any("/threads/*path", proxyHandler) - ampAPI.Any("/otel", proxyHandler) - ampAPI.Any("/otel/*path", proxyHandler) - ampAPI.Any("/tab", proxyHandler) - ampAPI.Any("/tab/*path", proxyHandler) - - // Root-level routes that AMP CLI expects without /api prefix - // These need the same security middleware as the /api/* routes (dynamic for hot-reload) - rootMiddleware := []gin.HandlerFunc{m.managementAvailabilityMiddleware(), noCORSMiddleware(), m.localhostOnlyMiddleware()} - if authWithBypass != nil { - rootMiddleware = append(rootMiddleware, authWithBypass) - } - // Add clientAPIKeyMiddleware after auth for per-client upstream routing - rootMiddleware = append(rootMiddleware, clientAPIKeyMiddleware()) - engine.GET("/threads", append(rootMiddleware, proxyHandler)...) - engine.GET("/threads/*path", append(rootMiddleware, proxyHandler)...) - engine.GET("/docs", append(rootMiddleware, proxyHandler)...) - engine.GET("/docs/*path", append(rootMiddleware, proxyHandler)...) - engine.GET("/settings", append(rootMiddleware, proxyHandler)...) - engine.GET("/settings/*path", append(rootMiddleware, proxyHandler)...) - - engine.GET("/threads.rss", append(rootMiddleware, proxyHandler)...) - engine.GET("/news.rss", append(rootMiddleware, proxyHandler)...) - - // Root-level auth routes for CLI login flow - // Amp uses multiple auth routes: /auth/cli-login, /auth/callback, /auth/sign-in, /auth/logout - // We proxy all /auth/* to support the complete OAuth flow - engine.Any("/auth", append(rootMiddleware, proxyHandler)...) - engine.Any("/auth/*path", append(rootMiddleware, proxyHandler)...) - - // Google v1beta1 passthrough with OAuth fallback - // AMP CLI uses non-standard paths like /publishers/google/models/... - // We bridge these to our standard Gemini handler to enable local OAuth. - // If no local OAuth is available, falls back to ampcode.com proxy. - geminiHandlers := gemini.NewGeminiAPIHandler(baseHandler) - geminiBridge := createGeminiBridgeHandler(geminiHandlers.GeminiHandler) - geminiV1Beta1Fallback := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { - return m.getProxy() - }, m.modelMapper, m.forceModelMappings) - geminiV1Beta1Handler := geminiV1Beta1Fallback.WrapHandler(geminiBridge) - - // Route POST model calls through Gemini bridge with FallbackHandler. - // FallbackHandler checks provider -> mapping -> proxy fallback automatically. - // All other methods (e.g., GET model listing) always proxy to upstream to preserve Amp CLI behavior. - ampAPI.Any("/provider/google/v1beta1/*path", func(c *gin.Context) { - if c.Request.Method == "POST" { - if path := c.Param("path"); strings.Contains(path, "/models/") { - // POST with /models/ path -> use Gemini bridge with fallback handler - // FallbackHandler will check provider/mapping and proxy if needed - geminiV1Beta1Handler(c) - return - } - } - // Non-POST or no local provider available -> proxy upstream - proxyHandler(c) - }) -} - -// registerProviderAliases registers /api/provider/{provider}/... routes -// These allow Amp CLI to route requests like: -// -// /api/provider/openai/v1/chat/completions -// /api/provider/anthropic/v1/messages -// /api/provider/google/v1beta/models -func (m *AmpModule) registerProviderAliases(engine *gin.Engine, baseHandler *handlers.BaseAPIHandler, auth gin.HandlerFunc) { - // Create handler instances for different providers - openaiHandlers := openai.NewOpenAIAPIHandler(baseHandler) - geminiHandlers := gemini.NewGeminiAPIHandler(baseHandler) - claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(baseHandler) - openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(baseHandler) - - // Create fallback handler wrapper that forwards to ampcode.com when provider not found - // Uses m.getProxy() for hot-reload support (proxy can be updated at runtime) - // Also includes model mapping support for routing unavailable models to alternatives - fallbackHandler := NewFallbackHandlerWithMapper(func() *httputil.ReverseProxy { - return m.getProxy() - }, m.modelMapper, m.forceModelMappings) - - // Provider-specific routes under /api/provider/:provider - ampProviders := engine.Group("/api/provider") - if auth != nil { - ampProviders.Use(auth) - } - // Inject client API key into request context for per-client upstream routing - ampProviders.Use(clientAPIKeyMiddleware()) - - provider := ampProviders.Group("/:provider") - - // Dynamic models handler - routes to appropriate provider based on path parameter - ampModelsHandler := func(c *gin.Context) { - providerName := strings.ToLower(c.Param("provider")) - - switch providerName { - case "anthropic": - claudeCodeHandlers.ClaudeModels(c) - case "google": - geminiHandlers.GeminiModels(c) - default: - // Default to OpenAI-compatible (works for openai, groq, cerebras, etc.) - openaiHandlers.OpenAIModels(c) - } - } - - // Root-level routes (for providers that omit /v1, like groq/cerebras) - // Wrap handlers with fallback logic to forward to ampcode.com when provider not found - provider.GET("/models", ampModelsHandler) // Models endpoint doesn't need fallback (no body to check) - provider.POST("/chat/completions", fallbackHandler.WrapHandler(openaiHandlers.ChatCompletions)) - provider.POST("/completions", fallbackHandler.WrapHandler(openaiHandlers.Completions)) - provider.POST("/responses", fallbackHandler.WrapHandler(openaiResponsesHandlers.Responses)) - - // /v1 routes (OpenAI/Claude-compatible endpoints) - v1Amp := provider.Group("/v1") - { - v1Amp.GET("/models", ampModelsHandler) // Models endpoint doesn't need fallback - - // OpenAI-compatible endpoints with fallback - v1Amp.POST("/chat/completions", fallbackHandler.WrapHandler(openaiHandlers.ChatCompletions)) - v1Amp.POST("/completions", fallbackHandler.WrapHandler(openaiHandlers.Completions)) - v1Amp.POST("/responses", fallbackHandler.WrapHandler(openaiResponsesHandlers.Responses)) - - // Claude/Anthropic-compatible endpoints with fallback - v1Amp.POST("/messages", fallbackHandler.WrapHandler(claudeCodeHandlers.ClaudeMessages)) - v1Amp.POST("/messages/count_tokens", fallbackHandler.WrapHandler(claudeCodeHandlers.ClaudeCountTokens)) - } - - // /v1beta routes (Gemini native API) - // Note: Gemini handler extracts model from URL path, so fallback logic needs special handling - v1betaAmp := provider.Group("/v1beta") - { - v1betaAmp.GET("/models", geminiHandlers.GeminiModels) - v1betaAmp.POST("/models/*action", fallbackHandler.WrapHandler(geminiHandlers.GeminiHandler)) - v1betaAmp.GET("/models/*action", geminiHandlers.GeminiGetHandler) - } -} diff --git a/internal/api/modules/amp/routes_test.go b/internal/api/modules/amp/routes_test.go deleted file mode 100644 index 9e77acea1a..0000000000 --- a/internal/api/modules/amp/routes_test.go +++ /dev/null @@ -1,381 +0,0 @@ -package amp - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers" -) - -func TestRegisterManagementRoutes(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with proxy for testing - m := &AmpModule{ - restrictToLocalhost: false, // disable localhost restriction for tests - } - - // Create a mock proxy that tracks calls - proxyCalled := false - mockProxy := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - proxyCalled = true - w.WriteHeader(200) - w.Write([]byte("proxied")) - })) - defer mockProxy.Close() - - // Create real proxy to mock server - proxy, _ := createReverseProxy(mockProxy.URL, NewStaticSecretSource("")) - m.setProxy(proxy) - - base := &handlers.BaseAPIHandler{} - m.registerManagementRoutes(r, base, nil) - srv := httptest.NewServer(r) - defer srv.Close() - - managementPaths := []struct { - path string - method string - }{ - {"/api/internal", http.MethodGet}, - {"/api/internal/some/path", http.MethodGet}, - {"/api/user", http.MethodGet}, - {"/api/user/profile", http.MethodGet}, - {"/api/auth", http.MethodGet}, - {"/api/auth/login", http.MethodGet}, - {"/api/meta", http.MethodGet}, - {"/api/telemetry", http.MethodGet}, - {"/api/threads", http.MethodGet}, - {"/threads/", http.MethodGet}, - {"/threads.rss", http.MethodGet}, // Root-level route (no /api prefix) - {"/api/otel", http.MethodGet}, - {"/api/tab", http.MethodGet}, - {"/api/tab/some/path", http.MethodGet}, - {"/auth", http.MethodGet}, // Root-level auth route - {"/auth/cli-login", http.MethodGet}, // CLI login flow - {"/auth/callback", http.MethodGet}, // OAuth callback - // Google v1beta1 bridge should still proxy non-model requests (GET) and allow POST - {"/api/provider/google/v1beta1/models", http.MethodGet}, - {"/api/provider/google/v1beta1/models", http.MethodPost}, - } - - for _, path := range managementPaths { - t.Run(path.path, func(t *testing.T) { - proxyCalled = false - req, err := http.NewRequest(path.method, srv.URL+path.path, nil) - if err != nil { - t.Fatalf("failed to build request: %v", err) - } - resp, err := http.DefaultClient.Do(req) - if err != nil { - t.Fatalf("request failed: %v", err) - } - defer resp.Body.Close() - - if resp.StatusCode == http.StatusNotFound { - t.Fatalf("route %s not registered", path.path) - } - if !proxyCalled { - t.Fatalf("proxy handler not called for %s", path.path) - } - }) - } -} - -func TestRegisterProviderAliases_AllProvidersRegistered(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Minimal base handler setup (no need to initialize, just check routing) - base := &handlers.BaseAPIHandler{} - - // Track if auth middleware was called - authCalled := false - authMiddleware := func(c *gin.Context) { - authCalled = true - c.Header("X-Auth", "ok") - // Abort with success to avoid calling the actual handler (which needs full setup) - c.AbortWithStatus(http.StatusOK) - } - - m := &AmpModule{authMiddleware_: authMiddleware} - m.registerProviderAliases(r, base, authMiddleware) - - paths := []struct { - path string - method string - }{ - {"/api/provider/openai/models", http.MethodGet}, - {"/api/provider/anthropic/models", http.MethodGet}, - {"/api/provider/google/models", http.MethodGet}, - {"/api/provider/groq/models", http.MethodGet}, - {"/api/provider/openai/chat/completions", http.MethodPost}, - {"/api/provider/anthropic/v1/messages", http.MethodPost}, - {"/api/provider/google/v1beta/models", http.MethodGet}, - } - - for _, tc := range paths { - t.Run(tc.path, func(t *testing.T) { - authCalled = false - req := httptest.NewRequest(tc.method, tc.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == http.StatusNotFound { - t.Fatalf("route %s %s not registered", tc.method, tc.path) - } - if !authCalled { - t.Fatalf("auth middleware not executed for %s", tc.path) - } - if w.Header().Get("X-Auth") != "ok" { - t.Fatalf("auth middleware header not set for %s", tc.path) - } - }) - } -} - -func TestRegisterProviderAliases_DynamicModelsHandler(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }} - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - providers := []string{"openai", "anthropic", "google", "groq", "cerebras"} - - for _, provider := range providers { - t.Run(provider, func(t *testing.T) { - path := "/api/provider/" + provider + "/models" - req := httptest.NewRequest(http.MethodGet, path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - // Should not 404 - if w.Code == http.StatusNotFound { - t.Fatalf("models route not found for provider: %s", provider) - } - }) - } -} - -func TestRegisterProviderAliases_V1Routes(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }} - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - v1Paths := []struct { - path string - method string - }{ - {"/api/provider/openai/v1/models", http.MethodGet}, - {"/api/provider/openai/v1/chat/completions", http.MethodPost}, - {"/api/provider/openai/v1/completions", http.MethodPost}, - {"/api/provider/anthropic/v1/messages", http.MethodPost}, - {"/api/provider/anthropic/v1/messages/count_tokens", http.MethodPost}, - } - - for _, tc := range v1Paths { - t.Run(tc.path, func(t *testing.T) { - req := httptest.NewRequest(tc.method, tc.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == http.StatusNotFound { - t.Fatalf("v1 route %s %s not registered", tc.method, tc.path) - } - }) - } -} - -func TestRegisterProviderAliases_V1BetaRoutes(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }} - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - v1betaPaths := []struct { - path string - method string - }{ - {"/api/provider/google/v1beta/models", http.MethodGet}, - {"/api/provider/google/v1beta/models/generateContent", http.MethodPost}, - } - - for _, tc := range v1betaPaths { - t.Run(tc.path, func(t *testing.T) { - req := httptest.NewRequest(tc.method, tc.path, nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code == http.StatusNotFound { - t.Fatalf("v1beta route %s %s not registered", tc.method, tc.path) - } - }) - } -} - -func TestRegisterProviderAliases_NoAuthMiddleware(t *testing.T) { - // Test that routes still register even if auth middleware is nil (fallback behavior) - gin.SetMode(gin.TestMode) - r := gin.New() - - base := &handlers.BaseAPIHandler{} - - m := &AmpModule{authMiddleware_: nil} // No auth middleware - m.registerProviderAliases(r, base, func(c *gin.Context) { c.AbortWithStatus(http.StatusOK) }) - - req := httptest.NewRequest(http.MethodGet, "/api/provider/openai/models", nil) - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - // Should still work (with fallback no-op auth) - if w.Code == http.StatusNotFound { - t.Fatal("routes should register even without auth middleware") - } -} - -func TestLocalhostOnlyMiddleware_PreventsSpoofing(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with localhost restriction enabled - m := &AmpModule{ - restrictToLocalhost: true, - } - - // Apply dynamic localhost-only middleware - r.Use(m.localhostOnlyMiddleware()) - r.GET("/test", func(c *gin.Context) { - c.String(http.StatusOK, "ok") - }) - - tests := []struct { - name string - remoteAddr string - forwardedFor string - expectedStatus int - description string - }{ - { - name: "spoofed_header_remote_connection", - remoteAddr: "192.168.1.100:12345", - forwardedFor: "127.0.0.1", - expectedStatus: http.StatusForbidden, - description: "Spoofed X-Forwarded-For header should be ignored", - }, - { - name: "real_localhost_ipv4", - remoteAddr: "127.0.0.1:54321", - forwardedFor: "", - expectedStatus: http.StatusOK, - description: "Real localhost IPv4 connection should work", - }, - { - name: "real_localhost_ipv6", - remoteAddr: "[::1]:54321", - forwardedFor: "", - expectedStatus: http.StatusOK, - description: "Real localhost IPv6 connection should work", - }, - { - name: "remote_ipv4", - remoteAddr: "203.0.113.42:8080", - forwardedFor: "", - expectedStatus: http.StatusForbidden, - description: "Remote IPv4 connection should be blocked", - }, - { - name: "remote_ipv6", - remoteAddr: "[2001:db8::1]:9090", - forwardedFor: "", - expectedStatus: http.StatusForbidden, - description: "Remote IPv6 connection should be blocked", - }, - { - name: "spoofed_localhost_ipv6", - remoteAddr: "203.0.113.42:8080", - forwardedFor: "::1", - expectedStatus: http.StatusForbidden, - description: "Spoofed X-Forwarded-For with IPv6 localhost should be ignored", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = tt.remoteAddr - if tt.forwardedFor != "" { - req.Header.Set("X-Forwarded-For", tt.forwardedFor) - } - - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != tt.expectedStatus { - t.Errorf("%s: expected status %d, got %d", tt.description, tt.expectedStatus, w.Code) - } - }) - } -} - -func TestLocalhostOnlyMiddleware_HotReload(t *testing.T) { - gin.SetMode(gin.TestMode) - r := gin.New() - - // Create module with localhost restriction initially enabled - m := &AmpModule{ - restrictToLocalhost: true, - } - - // Apply dynamic localhost-only middleware - r.Use(m.localhostOnlyMiddleware()) - r.GET("/test", func(c *gin.Context) { - c.String(http.StatusOK, "ok") - }) - - // Test 1: Remote IP should be blocked when restriction is enabled - req := httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = "192.168.1.100:12345" - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusForbidden { - t.Errorf("Expected 403 when restriction enabled, got %d", w.Code) - } - - // Test 2: Hot-reload - disable restriction - m.setRestrictToLocalhost(false) - - req = httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = "192.168.1.100:12345" - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusOK { - t.Errorf("Expected 200 after disabling restriction, got %d", w.Code) - } - - // Test 3: Hot-reload - re-enable restriction - m.setRestrictToLocalhost(true) - - req = httptest.NewRequest(http.MethodGet, "/test", nil) - req.RemoteAddr = "192.168.1.100:12345" - w = httptest.NewRecorder() - r.ServeHTTP(w, req) - - if w.Code != http.StatusForbidden { - t.Errorf("Expected 403 after re-enabling restriction, got %d", w.Code) - } -} diff --git a/internal/api/modules/amp/secret.go b/internal/api/modules/amp/secret.go deleted file mode 100644 index 2dac646c19..0000000000 --- a/internal/api/modules/amp/secret.go +++ /dev/null @@ -1,248 +0,0 @@ -package amp - -import ( - "context" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" -) - -// SecretSource provides Amp API keys with configurable precedence and caching -type SecretSource interface { - Get(ctx context.Context) (string, error) -} - -// cachedSecret holds a secret value with expiration -type cachedSecret struct { - value string - expiresAt time.Time -} - -// MultiSourceSecret implements precedence-based secret lookup: -// 1. Explicit config value (highest priority) -// 2. Environment variable AMP_API_KEY -// 3. File-based secret (lowest priority) -type MultiSourceSecret struct { - explicitKey string - envKey string - filePath string - cacheTTL time.Duration - - mu sync.RWMutex - cache *cachedSecret -} - -// NewMultiSourceSecret creates a secret source with precedence and caching -func NewMultiSourceSecret(explicitKey string, cacheTTL time.Duration) *MultiSourceSecret { - if cacheTTL == 0 { - cacheTTL = 5 * time.Minute // Default 5 minute cache - } - - home, _ := os.UserHomeDir() - filePath := filepath.Join(home, ".local", "share", "amp", "secrets.json") - - return &MultiSourceSecret{ - explicitKey: strings.TrimSpace(explicitKey), - envKey: "AMP_API_KEY", - filePath: filePath, - cacheTTL: cacheTTL, - } -} - -// NewMultiSourceSecretWithPath creates a secret source with a custom file path (for testing) -func NewMultiSourceSecretWithPath(explicitKey string, filePath string, cacheTTL time.Duration) *MultiSourceSecret { - if cacheTTL == 0 { - cacheTTL = 5 * time.Minute - } - - return &MultiSourceSecret{ - explicitKey: strings.TrimSpace(explicitKey), - envKey: "AMP_API_KEY", - filePath: filePath, - cacheTTL: cacheTTL, - } -} - -// Get retrieves the Amp API key using precedence: config > env > file -// Results are cached for cacheTTL duration to avoid excessive file reads -func (s *MultiSourceSecret) Get(ctx context.Context) (string, error) { - // Precedence 1: Explicit config key (highest priority, no caching needed) - if s.explicitKey != "" { - return s.explicitKey, nil - } - - // Precedence 2: Environment variable - if envValue := strings.TrimSpace(os.Getenv(s.envKey)); envValue != "" { - return envValue, nil - } - - // Precedence 3: File-based secret (lowest priority, cached) - // Check cache first - s.mu.RLock() - if s.cache != nil && time.Now().Before(s.cache.expiresAt) { - value := s.cache.value - s.mu.RUnlock() - return value, nil - } - s.mu.RUnlock() - - // Cache miss or expired - read from file - key, err := s.readFromFile() - if err != nil { - // Cache empty result to avoid repeated file reads on missing files - s.updateCache("") - return "", err - } - - // Cache the result - s.updateCache(key) - return key, nil -} - -// readFromFile reads the Amp API key from the secrets file -func (s *MultiSourceSecret) readFromFile() (string, error) { - content, err := os.ReadFile(s.filePath) - if err != nil { - if os.IsNotExist(err) { - return "", nil // Missing file is not an error, just no key available - } - return "", fmt.Errorf("failed to read amp secrets from %s: %w", s.filePath, err) - } - - var secrets map[string]string - if err := json.Unmarshal(content, &secrets); err != nil { - return "", fmt.Errorf("failed to parse amp secrets from %s: %w", s.filePath, err) - } - - key := strings.TrimSpace(secrets["apiKey@https://ampcode.com/"]) - return key, nil -} - -// updateCache updates the cached secret value -func (s *MultiSourceSecret) updateCache(value string) { - s.mu.Lock() - defer s.mu.Unlock() - s.cache = &cachedSecret{ - value: value, - expiresAt: time.Now().Add(s.cacheTTL), - } -} - -// InvalidateCache clears the cached secret, forcing a fresh read on next Get -func (s *MultiSourceSecret) InvalidateCache() { - s.mu.Lock() - defer s.mu.Unlock() - s.cache = nil -} - -// UpdateExplicitKey refreshes the config-provided key and clears cache. -func (s *MultiSourceSecret) UpdateExplicitKey(key string) { - if s == nil { - return - } - s.mu.Lock() - s.explicitKey = strings.TrimSpace(key) - s.cache = nil - s.mu.Unlock() -} - -// StaticSecretSource returns a fixed API key (for testing) -type StaticSecretSource struct { - key string -} - -// NewStaticSecretSource creates a secret source with a fixed key -func NewStaticSecretSource(key string) *StaticSecretSource { - return &StaticSecretSource{key: strings.TrimSpace(key)} -} - -// Get returns the static API key -func (s *StaticSecretSource) Get(ctx context.Context) (string, error) { - return s.key, nil -} - -// MappedSecretSource wraps a default SecretSource and adds per-client API key mapping. -// When a request context contains a client API key that matches a configured mapping, -// the corresponding upstream key is returned. Otherwise, falls back to the default source. -type MappedSecretSource struct { - defaultSource SecretSource - mu sync.RWMutex - lookup map[string]string // clientKey -> upstreamKey -} - -// NewMappedSecretSource creates a MappedSecretSource wrapping the given default source. -func NewMappedSecretSource(defaultSource SecretSource) *MappedSecretSource { - return &MappedSecretSource{ - defaultSource: defaultSource, - lookup: make(map[string]string), - } -} - -// Get retrieves the Amp API key, checking per-client mappings first. -// If the request context contains a client API key that matches a configured mapping, -// returns the corresponding upstream key. Otherwise, falls back to the default source. -func (s *MappedSecretSource) Get(ctx context.Context) (string, error) { - // Try to get client API key from request context - clientKey := getClientAPIKeyFromContext(ctx) - if clientKey != "" { - s.mu.RLock() - if upstreamKey, ok := s.lookup[clientKey]; ok && upstreamKey != "" { - s.mu.RUnlock() - return upstreamKey, nil - } - s.mu.RUnlock() - } - - // Fall back to default source - return s.defaultSource.Get(ctx) -} - -// UpdateMappings rebuilds the client-to-upstream key mapping from configuration entries. -// If the same client key appears in multiple entries, logs a warning and uses the first one. -func (s *MappedSecretSource) UpdateMappings(entries []config.AmpUpstreamAPIKeyEntry) { - newLookup := make(map[string]string) - - for _, entry := range entries { - upstreamKey := strings.TrimSpace(entry.UpstreamAPIKey) - if upstreamKey == "" { - continue - } - for _, clientKey := range entry.APIKeys { - trimmedKey := strings.TrimSpace(clientKey) - if trimmedKey == "" { - continue - } - if _, exists := newLookup[trimmedKey]; exists { - // Log warning for duplicate client key, first one wins - log.Warnf("amp upstream-api-keys: client API key appears in multiple entries; using first mapping.") - continue - } - newLookup[trimmedKey] = upstreamKey - } - } - - s.mu.Lock() - s.lookup = newLookup - s.mu.Unlock() -} - -// UpdateDefaultExplicitKey updates the explicit key on the underlying MultiSourceSecret (if applicable). -func (s *MappedSecretSource) UpdateDefaultExplicitKey(key string) { - if ms, ok := s.defaultSource.(*MultiSourceSecret); ok { - ms.UpdateExplicitKey(key) - } -} - -// InvalidateCache invalidates cache on the underlying MultiSourceSecret (if applicable). -func (s *MappedSecretSource) InvalidateCache() { - if ms, ok := s.defaultSource.(*MultiSourceSecret); ok { - ms.InvalidateCache() - } -} diff --git a/internal/api/modules/amp/secret_test.go b/internal/api/modules/amp/secret_test.go deleted file mode 100644 index 037597abbf..0000000000 --- a/internal/api/modules/amp/secret_test.go +++ /dev/null @@ -1,366 +0,0 @@ -package amp - -import ( - "context" - "encoding/json" - "os" - "path/filepath" - "sync" - "testing" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" - "github.com/sirupsen/logrus/hooks/test" -) - -func TestMultiSourceSecret_PrecedenceOrder(t *testing.T) { - ctx := context.Background() - - cases := []struct { - name string - configKey string - envKey string - fileJSON string - want string - }{ - {"config_wins", "cfg", "env", `{"apiKey@https://ampcode.com/":"file"}`, "cfg"}, - {"env_wins_when_no_cfg", "", "env", `{"apiKey@https://ampcode.com/":"file"}`, "env"}, - {"file_when_no_cfg_env", "", "", `{"apiKey@https://ampcode.com/":"file"}`, "file"}, - {"empty_cfg_trims_then_env", " ", "env", `{"apiKey@https://ampcode.com/":"file"}`, "env"}, - {"empty_env_then_file", "", " ", `{"apiKey@https://ampcode.com/":"file"}`, "file"}, - {"missing_file_returns_empty", "", "", "", ""}, - {"all_empty_returns_empty", " ", " ", `{"apiKey@https://ampcode.com/":" "}`, ""}, - } - - for _, tc := range cases { - tc := tc // capture range variable - t.Run(tc.name, func(t *testing.T) { - tmpDir := t.TempDir() - secretsPath := filepath.Join(tmpDir, "secrets.json") - - if tc.fileJSON != "" { - if err := os.WriteFile(secretsPath, []byte(tc.fileJSON), 0600); err != nil { - t.Fatal(err) - } - } - - t.Setenv("AMP_API_KEY", tc.envKey) - - s := NewMultiSourceSecretWithPath(tc.configKey, secretsPath, 100*time.Millisecond) - got, err := s.Get(ctx) - if err != nil && tc.fileJSON != "" && json.Valid([]byte(tc.fileJSON)) { - t.Fatalf("unexpected error: %v", err) - } - if got != tc.want { - t.Fatalf("want %q, got %q", tc.want, got) - } - }) - } -} - -func TestMultiSourceSecret_CacheBehavior(t *testing.T) { - ctx := context.Background() - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - - // Initial value - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v1"}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 50*time.Millisecond) - - // First read - should return v1 - got1, err := s.Get(ctx) - if err != nil { - t.Fatalf("Get failed: %v", err) - } - if got1 != "v1" { - t.Fatalf("expected v1, got %s", got1) - } - - // Change file; within TTL we should still see v1 (cached) - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v2"}`), 0600); err != nil { - t.Fatal(err) - } - got2, _ := s.Get(ctx) - if got2 != "v1" { - t.Fatalf("cache hit expected v1, got %s", got2) - } - - // After TTL expires, should see v2 - time.Sleep(60 * time.Millisecond) - got3, _ := s.Get(ctx) - if got3 != "v2" { - t.Fatalf("cache miss expected v2, got %s", got3) - } - - // Invalidate forces re-read immediately - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"v3"}`), 0600); err != nil { - t.Fatal(err) - } - s.InvalidateCache() - got4, _ := s.Get(ctx) - if got4 != "v3" { - t.Fatalf("invalidate expected v3, got %s", got4) - } -} - -func TestMultiSourceSecret_FileHandling(t *testing.T) { - ctx := context.Background() - - t.Run("missing_file_no_error", func(t *testing.T) { - s := NewMultiSourceSecretWithPath("", "/nonexistent/path/secrets.json", 100*time.Millisecond) - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("expected no error for missing file, got: %v", err) - } - if got != "" { - t.Fatalf("expected empty string, got %q", got) - } - }) - - t.Run("invalid_json", func(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{invalid json`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - _, err := s.Get(ctx) - if err == nil { - t.Fatal("expected error for invalid JSON") - } - }) - - t.Run("missing_key_in_json", func(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"other":"value"}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "" { - t.Fatalf("expected empty string for missing key, got %q", got) - } - }) - - t.Run("empty_key_value", func(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":" "}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - got, _ := s.Get(ctx) - if got != "" { - t.Fatalf("expected empty after trim, got %q", got) - } - }) -} - -func TestMultiSourceSecret_Concurrency(t *testing.T) { - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "secrets.json") - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"concurrent"}`), 0600); err != nil { - t.Fatal(err) - } - - s := NewMultiSourceSecretWithPath("", p, 5*time.Second) - ctx := context.Background() - - // Spawn many goroutines calling Get concurrently - const goroutines = 50 - const iterations = 100 - - var wg sync.WaitGroup - errors := make(chan error, goroutines) - - for i := 0; i < goroutines; i++ { - wg.Add(1) - go func() { - defer wg.Done() - for j := 0; j < iterations; j++ { - val, err := s.Get(ctx) - if err != nil { - errors <- err - return - } - if val != "concurrent" { - errors <- err - return - } - } - }() - } - - wg.Wait() - close(errors) - - for err := range errors { - t.Errorf("concurrency error: %v", err) - } -} - -func TestStaticSecretSource(t *testing.T) { - ctx := context.Background() - - t.Run("returns_provided_key", func(t *testing.T) { - s := NewStaticSecretSource("test-key-123") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "test-key-123" { - t.Fatalf("want test-key-123, got %q", got) - } - }) - - t.Run("trims_whitespace", func(t *testing.T) { - s := NewStaticSecretSource(" test-key ") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "test-key" { - t.Fatalf("want test-key, got %q", got) - } - }) - - t.Run("empty_string", func(t *testing.T) { - s := NewStaticSecretSource("") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "" { - t.Fatalf("want empty string, got %q", got) - } - }) -} - -func TestMultiSourceSecret_CacheEmptyResult(t *testing.T) { - // Test that missing file results are cached to avoid repeated file reads - tmpDir := t.TempDir() - p := filepath.Join(tmpDir, "nonexistent.json") - - s := NewMultiSourceSecretWithPath("", p, 100*time.Millisecond) - ctx := context.Background() - - // First call - file doesn't exist, should cache empty result - got1, err := s.Get(ctx) - if err != nil { - t.Fatalf("expected no error for missing file, got: %v", err) - } - if got1 != "" { - t.Fatalf("expected empty string, got %q", got1) - } - - // Create the file now - if err := os.WriteFile(p, []byte(`{"apiKey@https://ampcode.com/":"new-value"}`), 0600); err != nil { - t.Fatal(err) - } - - // Second call - should still return empty (cached), not read the new file - got2, _ := s.Get(ctx) - if got2 != "" { - t.Fatalf("cache should return empty, got %q", got2) - } - - // After TTL expires, should see the new value - time.Sleep(110 * time.Millisecond) - got3, _ := s.Get(ctx) - if got3 != "new-value" { - t.Fatalf("after cache expiry, expected new-value, got %q", got3) - } -} - -func TestMappedSecretSource_UsesMappingFromContext(t *testing.T) { - defaultSource := NewStaticSecretSource("default") - s := NewMappedSecretSource(defaultSource) - s.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - }) - - ctx := context.WithValue(context.Background(), clientAPIKeyContextKey{}, "k1") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "u1" { - t.Fatalf("want u1, got %q", got) - } - - ctx = context.WithValue(context.Background(), clientAPIKeyContextKey{}, "k2") - got, err = s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "default" { - t.Fatalf("want default fallback, got %q", got) - } -} - -func TestMappedSecretSource_DuplicateClientKey_FirstWins(t *testing.T) { - defaultSource := NewStaticSecretSource("default") - s := NewMappedSecretSource(defaultSource) - s.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - { - UpstreamAPIKey: "u2", - APIKeys: []string{"k1"}, - }, - }) - - ctx := context.WithValue(context.Background(), clientAPIKeyContextKey{}, "k1") - got, err := s.Get(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if got != "u1" { - t.Fatalf("want u1 (first wins), got %q", got) - } -} - -func TestMappedSecretSource_DuplicateClientKey_LogsWarning(t *testing.T) { - hook := test.NewLocal(log.StandardLogger()) - defer hook.Reset() - - defaultSource := NewStaticSecretSource("default") - s := NewMappedSecretSource(defaultSource) - s.UpdateMappings([]config.AmpUpstreamAPIKeyEntry{ - { - UpstreamAPIKey: "u1", - APIKeys: []string{"k1"}, - }, - { - UpstreamAPIKey: "u2", - APIKeys: []string{"k1"}, - }, - }) - - foundWarning := false - for _, entry := range hook.AllEntries() { - if entry.Level == log.WarnLevel && entry.Message == "amp upstream-api-keys: client API key appears in multiple entries; using first mapping." { - foundWarning = true - break - } - } - if !foundWarning { - t.Fatal("expected warning log for duplicate client key, but none was found") - } -} diff --git a/internal/api/modules/modules.go b/internal/api/modules/modules.go deleted file mode 100644 index f5163b7a30..0000000000 --- a/internal/api/modules/modules.go +++ /dev/null @@ -1,92 +0,0 @@ -// Package modules provides a pluggable routing module system for extending -// the API server with optional features without modifying core routing logic. -package modules - -import ( - "fmt" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers" -) - -// Context encapsulates the dependencies exposed to routing modules during -// registration. Modules can use the Gin engine to attach routes, the shared -// BaseAPIHandler for constructing SDK-specific handlers, and the resolved -// authentication middleware for protecting routes that require API keys. -type Context struct { - Engine *gin.Engine - BaseHandler *handlers.BaseAPIHandler - Config *config.Config - AuthMiddleware gin.HandlerFunc -} - -// RouteModule represents a pluggable routing module that can register routes -// and handle configuration updates independently of the core server. -// -// DEPRECATED: Use RouteModuleV2 for new modules. This interface is kept for -// backwards compatibility and will be removed in a future version. -type RouteModule interface { - // Name returns a human-readable identifier for the module - Name() string - - // Register sets up routes and handlers for this module. - // It receives the Gin engine, base handlers, and current configuration. - // Returns an error if registration fails (errors are logged but don't stop the server). - Register(engine *gin.Engine, baseHandler *handlers.BaseAPIHandler, cfg *config.Config) error - - // OnConfigUpdated is called when the configuration is reloaded. - // Modules can respond to configuration changes here. - // Returns an error if the update cannot be applied. - OnConfigUpdated(cfg *config.Config) error -} - -// RouteModuleV2 represents a pluggable bundle of routes that can integrate with -// the API server without modifying its core routing logic. Implementations can -// attach routes during Register and react to configuration updates via -// OnConfigUpdated. -// -// This is the preferred interface for new modules. It uses Context for cleaner -// dependency injection and supports idempotent registration. -type RouteModuleV2 interface { - // Name returns a unique identifier for logging and diagnostics. - Name() string - - // Register wires the module's routes into the provided Gin engine. Modules - // should treat multiple calls as idempotent and avoid duplicate route - // registration when invoked more than once. - Register(ctx Context) error - - // OnConfigUpdated notifies the module when the server configuration changes - // via hot reload. Implementations can refresh cached state or emit warnings. - OnConfigUpdated(cfg *config.Config) error -} - -// RegisterModule is a helper that registers a module using either the V1 or V2 -// interface. This allows gradual migration from V1 to V2 without breaking -// existing modules. -// -// Example usage: -// -// ctx := modules.Context{ -// Engine: engine, -// BaseHandler: baseHandler, -// Config: cfg, -// AuthMiddleware: authMiddleware, -// } -// if err := modules.RegisterModule(ctx, ampModule); err != nil { -// log.Errorf("Failed to register module: %v", err) -// } -func RegisterModule(ctx Context, mod interface{}) error { - // Try V2 interface first (preferred) - if v2, ok := mod.(RouteModuleV2); ok { - return v2.Register(ctx) - } - - // Fall back to V1 interface for backwards compatibility - if v1, ok := mod.(RouteModule); ok { - return v1.Register(ctx.Engine, ctx.BaseHandler, ctx.Config) - } - - return fmt.Errorf("unsupported module type %T (must implement RouteModule or RouteModuleV2)", mod) -} diff --git a/internal/api/server.go b/internal/api/server.go deleted file mode 100644 index 114de730ec..0000000000 --- a/internal/api/server.go +++ /dev/null @@ -1,1089 +0,0 @@ -// Package api provides the HTTP API server implementation for the CLI Proxy API. -// It includes the main server struct, routing setup, middleware for CORS and authentication, -// and integration with various AI API handlers (OpenAI, Claude, Gemini). -// The server supports hot-reloading of clients and configuration. -package api - -import ( - "context" - "crypto/subtle" - "errors" - "fmt" - "net/http" - "os" - "path/filepath" - "reflect" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/access" - managementHandlers "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api/handlers/management" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api/middleware" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api/modules" - ampmodule "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api/modules/amp" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kiro" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/logging" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/managementasset" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/usage" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers/claude" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers/gemini" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/api/handlers/openai" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" -) - -const oauthCallbackSuccessHTML = `Authentication successful

Authentication successful!

You can close this window.

This window will close automatically in 5 seconds.

` - -type serverOptionConfig struct { - extraMiddleware []gin.HandlerFunc - engineConfigurator func(*gin.Engine) - routerConfigurator func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config) - requestLoggerFactory func(*config.Config, string) logging.RequestLogger - localPassword string - keepAliveEnabled bool - keepAliveTimeout time.Duration - keepAliveOnTimeout func() - postAuthHook auth.PostAuthHook -} - -// ServerOption customises HTTP server construction. -type ServerOption func(*serverOptionConfig) - -func defaultRequestLoggerFactory(cfg *config.Config, configPath string) logging.RequestLogger { - configDir := filepath.Dir(configPath) - if base := util.WritablePath(); base != "" { - return logging.NewFileRequestLogger(cfg.RequestLog, filepath.Join(base, "logs"), configDir, cfg.ErrorLogsMaxFiles) - } - return logging.NewFileRequestLogger(cfg.RequestLog, "logs", configDir, cfg.ErrorLogsMaxFiles) -} - -// WithMiddleware appends additional Gin middleware during server construction. -func WithMiddleware(mw ...gin.HandlerFunc) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.extraMiddleware = append(cfg.extraMiddleware, mw...) - } -} - -// WithEngineConfigurator allows callers to mutate the Gin engine prior to middleware setup. -func WithEngineConfigurator(fn func(*gin.Engine)) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.engineConfigurator = fn - } -} - -// WithRouterConfigurator appends a callback after default routes are registered. -func WithRouterConfigurator(fn func(*gin.Engine, *handlers.BaseAPIHandler, *config.Config)) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.routerConfigurator = fn - } -} - -// WithLocalManagementPassword stores a runtime-only management password accepted for localhost requests. -func WithLocalManagementPassword(password string) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.localPassword = password - } -} - -// WithKeepAliveEndpoint enables a keep-alive endpoint with the provided timeout and callback. -func WithKeepAliveEndpoint(timeout time.Duration, onTimeout func()) ServerOption { - return func(cfg *serverOptionConfig) { - if timeout <= 0 || onTimeout == nil { - return - } - cfg.keepAliveEnabled = true - cfg.keepAliveTimeout = timeout - cfg.keepAliveOnTimeout = onTimeout - } -} - -// WithRequestLoggerFactory customises request logger creation. -func WithRequestLoggerFactory(factory func(*config.Config, string) logging.RequestLogger) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.requestLoggerFactory = factory - } -} - -// WithPostAuthHook registers a hook to be called after auth record creation. -func WithPostAuthHook(hook auth.PostAuthHook) ServerOption { - return func(cfg *serverOptionConfig) { - cfg.postAuthHook = hook - } -} - -// Server represents the main API server. -// It encapsulates the Gin engine, HTTP server, handlers, and configuration. -type Server struct { - // engine is the Gin web framework engine instance. - engine *gin.Engine - - // server is the underlying HTTP server. - server *http.Server - - // handlers contains the API handlers for processing requests. - handlers *handlers.BaseAPIHandler - - // cfg holds the current server configuration. - cfg *config.Config - - // oldConfigYaml stores a YAML snapshot of the previous configuration for change detection. - // This prevents issues when the config object is modified in place by Management API. - oldConfigYaml []byte - - // accessManager handles request authentication providers. - accessManager *sdkaccess.Manager - - // requestLogger is the request logger instance for dynamic configuration updates. - requestLogger logging.RequestLogger - loggerToggle func(bool) - - // configFilePath is the absolute path to the YAML config file for persistence. - configFilePath string - - // currentPath is the absolute path to the current working directory. - currentPath string - - // wsRoutes tracks registered websocket upgrade paths. - wsRouteMu sync.Mutex - wsRoutes map[string]struct{} - wsAuthChanged func(bool, bool) - wsAuthEnabled atomic.Bool - - // management handler - mgmt *managementHandlers.Handler - - // ampModule is the Amp routing module for model mapping hot-reload - ampModule *ampmodule.AmpModule - - // managementRoutesRegistered tracks whether the management routes have been attached to the engine. - managementRoutesRegistered atomic.Bool - // managementRoutesEnabled controls whether management endpoints serve real handlers. - managementRoutesEnabled atomic.Bool - - // envManagementSecret indicates whether MANAGEMENT_PASSWORD is configured. - envManagementSecret bool - - localPassword string - - keepAliveEnabled bool - keepAliveTimeout time.Duration - keepAliveOnTimeout func() - keepAliveHeartbeat chan struct{} - keepAliveStop chan struct{} -} - -// NewServer creates and initializes a new API server instance. -// It sets up the Gin engine, middleware, routes, and handlers. -// -// Parameters: -// - cfg: The server configuration -// - authManager: core runtime auth manager -// - accessManager: request authentication manager -// -// Returns: -// - *Server: A new server instance -func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdkaccess.Manager, configFilePath string, opts ...ServerOption) *Server { - optionState := &serverOptionConfig{ - requestLoggerFactory: defaultRequestLoggerFactory, - } - for i := range opts { - opts[i](optionState) - } - // Set gin mode - if !cfg.Debug { - gin.SetMode(gin.ReleaseMode) - } - - // Create gin engine - engine := gin.New() - if optionState.engineConfigurator != nil { - optionState.engineConfigurator(engine) - } - - // Add middleware - engine.Use(logging.GinLogrusLogger()) - engine.Use(logging.GinLogrusRecovery()) - for _, mw := range optionState.extraMiddleware { - engine.Use(mw) - } - - // Add request logging middleware (positioned after recovery, before auth) - // Resolve logs directory relative to the configuration file directory. - var requestLogger logging.RequestLogger - var toggle func(bool) - if !cfg.CommercialMode { - if optionState.requestLoggerFactory != nil { - requestLogger = optionState.requestLoggerFactory(cfg, configFilePath) - } - if requestLogger != nil { - engine.Use(middleware.RequestLoggingMiddleware(requestLogger)) - if setter, ok := requestLogger.(interface{ SetEnabled(bool) }); ok { - toggle = setter.SetEnabled - } - } - } - - engine.Use(corsMiddleware()) - wd, err := os.Getwd() - if err != nil { - wd = configFilePath - } - - envAdminPassword, envAdminPasswordSet := os.LookupEnv("MANAGEMENT_PASSWORD") - envAdminPassword = strings.TrimSpace(envAdminPassword) - envManagementSecret := envAdminPasswordSet && envAdminPassword != "" - - // Create server instance - s := &Server{ - engine: engine, - handlers: handlers.NewBaseAPIHandlers(&cfg.SDKConfig, authManager), - cfg: cfg, - accessManager: accessManager, - requestLogger: requestLogger, - loggerToggle: toggle, - configFilePath: configFilePath, - currentPath: wd, - envManagementSecret: envManagementSecret, - wsRoutes: make(map[string]struct{}), - } - s.wsAuthEnabled.Store(cfg.WebsocketAuth) - // Save initial YAML snapshot - s.oldConfigYaml, _ = yaml.Marshal(cfg) - s.applyAccessConfig(nil, cfg) - if authManager != nil { - authManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second) - } - managementasset.SetCurrentConfig(cfg) - auth.SetQuotaCooldownDisabled(cfg.DisableCooling) - // Initialize management handler - s.mgmt = managementHandlers.NewHandler(cfg, configFilePath, authManager) - if optionState.localPassword != "" { - s.mgmt.SetLocalPassword(optionState.localPassword) - } - logDir := logging.ResolveLogDirectory(cfg) - s.mgmt.SetLogDirectory(logDir) - if optionState.postAuthHook != nil { - s.mgmt.SetPostAuthHook(optionState.postAuthHook) - } - s.localPassword = optionState.localPassword - - // Setup routes - s.setupRoutes() - - // Register Amp module using V2 interface with Context - s.ampModule = ampmodule.NewLegacy(accessManager, AuthMiddleware(accessManager)) - ctx := modules.Context{ - Engine: engine, - BaseHandler: s.handlers, - Config: cfg, - AuthMiddleware: AuthMiddleware(accessManager), - } - if err := modules.RegisterModule(ctx, s.ampModule); err != nil { - log.Errorf("Failed to register Amp module: %v", err) - } - - // Apply additional router configurators from options - if optionState.routerConfigurator != nil { - optionState.routerConfigurator(engine, s.handlers, cfg) - } - - // Register management routes when configuration or environment secrets are available, - // or when a local management password is provided (e.g. TUI mode). - hasManagementSecret := cfg.RemoteManagement.SecretKey != "" || envManagementSecret || s.localPassword != "" - s.managementRoutesEnabled.Store(hasManagementSecret) - if hasManagementSecret { - s.registerManagementRoutes() - } - - // === CLIProxyAPIPlus 扩展: 注册 Kiro OAuth Web 路由 === - kiroOAuthHandler := kiro.NewOAuthWebHandler(cfg) - kiroOAuthHandler.RegisterRoutes(engine) - log.Info("Kiro OAuth Web routes registered at /v0/oauth/kiro/*") - - if optionState.keepAliveEnabled { - s.enableKeepAlive(optionState.keepAliveTimeout, optionState.keepAliveOnTimeout) - } - - // Create HTTP server - s.server = &http.Server{ - Addr: fmt.Sprintf("%s:%d", cfg.Host, cfg.Port), - Handler: engine, - } - - return s -} - -// setupRoutes configures the API routes for the server. -// It defines the endpoints and associates them with their respective handlers. -func (s *Server) setupRoutes() { - s.engine.GET("/management.html", s.serveManagementControlPanel) - openaiHandlers := openai.NewOpenAIAPIHandler(s.handlers) - geminiHandlers := gemini.NewGeminiAPIHandler(s.handlers) - geminiCLIHandlers := gemini.NewGeminiCLIAPIHandler(s.handlers) - claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(s.handlers) - openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(s.handlers) - - // OpenAI compatible API routes - v1 := s.engine.Group("/v1") - v1.Use(AuthMiddleware(s.accessManager)) - { - v1.GET("/models", s.unifiedModelsHandler(openaiHandlers, claudeCodeHandlers)) - v1.POST("/chat/completions", openaiHandlers.ChatCompletions) - v1.POST("/completions", openaiHandlers.Completions) - v1.POST("/messages", claudeCodeHandlers.ClaudeMessages) - v1.POST("/messages/count_tokens", claudeCodeHandlers.ClaudeCountTokens) - v1.GET("/responses", openaiResponsesHandlers.ResponsesWebsocket) - v1.POST("/responses", openaiResponsesHandlers.Responses) - v1.POST("/responses/compact", openaiResponsesHandlers.Compact) - } - - // Gemini compatible API routes - v1beta := s.engine.Group("/v1beta") - v1beta.Use(AuthMiddleware(s.accessManager)) - { - v1beta.GET("/models", geminiHandlers.GeminiModels) - v1beta.POST("/models/*action", geminiHandlers.GeminiHandler) - v1beta.GET("/models/*action", geminiHandlers.GeminiGetHandler) - } - - // Routing endpoint for thegent Pareto model selection (public, no auth) - s.engine.POST("/v1/routing/select", s.mgmt.POSTRoutingSelect) - - // Root endpoint - s.engine.GET("/", func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{ - "message": "CLI Proxy API Server", - "endpoints": []string{ - "POST /v1/chat/completions", - "POST /v1/completions", - "GET /v1/models", - "POST /v1/routing/select", - }, - }) - }) - - // Event logging endpoint - handles Claude Code telemetry requests - // Returns 200 OK to prevent 404 errors in logs - s.engine.POST("/api/event_logging/batch", func(c *gin.Context) { - c.JSON(http.StatusOK, gin.H{"status": "ok"}) - }) - s.engine.POST("/v1internal:method", geminiCLIHandlers.CLIHandler) - - // OAuth callback endpoints (reuse main server port) - // These endpoints receive provider redirects and persist - // the short-lived code/state for the waiting goroutine. - s.engine.GET("/anthropic/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "anthropic", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/codex/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "codex", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/google/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "gemini", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/iflow/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "iflow", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/antigravity/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "antigravity", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - s.engine.GET("/kiro/callback", func(c *gin.Context) { - code := c.Query("code") - state := c.Query("state") - errStr := c.Query("error") - if errStr == "" { - errStr = c.Query("error_description") - } - if state != "" { - _, _ = managementHandlers.WriteOAuthCallbackFileForPendingSession(s.cfg.AuthDir, "kiro", state, code, errStr) - } - c.Header("Content-Type", "text/html; charset=utf-8") - c.String(http.StatusOK, oauthCallbackSuccessHTML) - }) - - // Management routes are registered lazily by registerManagementRoutes when a secret is configured. -} - -// AttachWebsocketRoute registers a websocket upgrade handler on the primary Gin engine. -// The handler is served as-is without additional middleware beyond the standard stack already configured. -func (s *Server) AttachWebsocketRoute(path string, handler http.Handler) { - if s == nil || s.engine == nil || handler == nil { - return - } - trimmed := strings.TrimSpace(path) - if trimmed == "" { - trimmed = "/v1/ws" - } - if !strings.HasPrefix(trimmed, "/") { - trimmed = "/" + trimmed - } - s.wsRouteMu.Lock() - if _, exists := s.wsRoutes[trimmed]; exists { - s.wsRouteMu.Unlock() - return - } - s.wsRoutes[trimmed] = struct{}{} - s.wsRouteMu.Unlock() - - authMiddleware := AuthMiddleware(s.accessManager) - conditionalAuth := func(c *gin.Context) { - if !s.wsAuthEnabled.Load() { - c.Next() - return - } - authMiddleware(c) - } - finalHandler := func(c *gin.Context) { - handler.ServeHTTP(c.Writer, c.Request) - c.Abort() - } - - s.engine.GET(trimmed, conditionalAuth, finalHandler) -} - -func (s *Server) registerManagementRoutes() { - if s == nil || s.engine == nil || s.mgmt == nil { - return - } - if !s.managementRoutesRegistered.CompareAndSwap(false, true) { - return - } - - log.Info("management routes registered after secret key configuration") - - mgmt := s.engine.Group("/v0/management") - mgmt.Use(s.managementAvailabilityMiddleware(), s.mgmt.Middleware()) - { - mgmt.GET("/usage", s.mgmt.GetUsageStatistics) - mgmt.GET("/usage/export", s.mgmt.ExportUsageStatistics) - mgmt.POST("/usage/import", s.mgmt.ImportUsageStatistics) - mgmt.GET("/config", s.mgmt.GetConfig) - mgmt.GET("/config.yaml", s.mgmt.GetConfigYAML) - mgmt.PUT("/config.yaml", s.mgmt.PutConfigYAML) - mgmt.GET("/latest-version", s.mgmt.GetLatestVersion) - - mgmt.GET("/debug", s.mgmt.GetDebug) - mgmt.PUT("/debug", s.mgmt.PutDebug) - mgmt.PATCH("/debug", s.mgmt.PutDebug) - - mgmt.GET("/logging-to-file", s.mgmt.GetLoggingToFile) - mgmt.PUT("/logging-to-file", s.mgmt.PutLoggingToFile) - mgmt.PATCH("/logging-to-file", s.mgmt.PutLoggingToFile) - - mgmt.GET("/logs-max-total-size-mb", s.mgmt.GetLogsMaxTotalSizeMB) - mgmt.PUT("/logs-max-total-size-mb", s.mgmt.PutLogsMaxTotalSizeMB) - mgmt.PATCH("/logs-max-total-size-mb", s.mgmt.PutLogsMaxTotalSizeMB) - - mgmt.GET("/error-logs-max-files", s.mgmt.GetErrorLogsMaxFiles) - mgmt.PUT("/error-logs-max-files", s.mgmt.PutErrorLogsMaxFiles) - mgmt.PATCH("/error-logs-max-files", s.mgmt.PutErrorLogsMaxFiles) - - mgmt.GET("/usage-statistics-enabled", s.mgmt.GetUsageStatisticsEnabled) - mgmt.PUT("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled) - mgmt.PATCH("/usage-statistics-enabled", s.mgmt.PutUsageStatisticsEnabled) - - mgmt.GET("/proxy-url", s.mgmt.GetProxyURL) - mgmt.PUT("/proxy-url", s.mgmt.PutProxyURL) - mgmt.PATCH("/proxy-url", s.mgmt.PutProxyURL) - mgmt.DELETE("/proxy-url", s.mgmt.DeleteProxyURL) - - mgmt.POST("/api-call", s.mgmt.APICall) - - mgmt.GET("/quota-exceeded/switch-project", s.mgmt.GetSwitchProject) - mgmt.PUT("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject) - mgmt.PATCH("/quota-exceeded/switch-project", s.mgmt.PutSwitchProject) - - mgmt.GET("/quota-exceeded/switch-preview-model", s.mgmt.GetSwitchPreviewModel) - mgmt.PUT("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel) - mgmt.PATCH("/quota-exceeded/switch-preview-model", s.mgmt.PutSwitchPreviewModel) - - mgmt.GET("/api-keys", s.mgmt.GetAPIKeys) - mgmt.PUT("/api-keys", s.mgmt.PutAPIKeys) - mgmt.PATCH("/api-keys", s.mgmt.PatchAPIKeys) - mgmt.DELETE("/api-keys", s.mgmt.DeleteAPIKeys) - - mgmt.GET("/gemini-api-key", s.mgmt.GetGeminiKeys) - mgmt.PUT("/gemini-api-key", s.mgmt.PutGeminiKeys) - mgmt.PATCH("/gemini-api-key", s.mgmt.PatchGeminiKey) - mgmt.DELETE("/gemini-api-key", s.mgmt.DeleteGeminiKey) - - mgmt.GET("/logs", s.mgmt.GetLogs) - mgmt.DELETE("/logs", s.mgmt.DeleteLogs) - mgmt.GET("/request-error-logs", s.mgmt.GetRequestErrorLogs) - mgmt.GET("/request-error-logs/:name", s.mgmt.DownloadRequestErrorLog) - mgmt.GET("/request-log-by-id/:id", s.mgmt.GetRequestLogByID) - mgmt.GET("/request-log", s.mgmt.GetRequestLog) - mgmt.PUT("/request-log", s.mgmt.PutRequestLog) - mgmt.PATCH("/request-log", s.mgmt.PutRequestLog) - mgmt.GET("/ws-auth", s.mgmt.GetWebsocketAuth) - mgmt.PUT("/ws-auth", s.mgmt.PutWebsocketAuth) - mgmt.PATCH("/ws-auth", s.mgmt.PutWebsocketAuth) - - mgmt.GET("/ampcode", s.mgmt.GetAmpCode) - mgmt.GET("/ampcode/upstream-url", s.mgmt.GetAmpUpstreamURL) - mgmt.PUT("/ampcode/upstream-url", s.mgmt.PutAmpUpstreamURL) - mgmt.PATCH("/ampcode/upstream-url", s.mgmt.PutAmpUpstreamURL) - mgmt.DELETE("/ampcode/upstream-url", s.mgmt.DeleteAmpUpstreamURL) - mgmt.GET("/ampcode/upstream-api-key", s.mgmt.GetAmpUpstreamAPIKey) - mgmt.PUT("/ampcode/upstream-api-key", s.mgmt.PutAmpUpstreamAPIKey) - mgmt.PATCH("/ampcode/upstream-api-key", s.mgmt.PutAmpUpstreamAPIKey) - mgmt.DELETE("/ampcode/upstream-api-key", s.mgmt.DeleteAmpUpstreamAPIKey) - mgmt.GET("/ampcode/restrict-management-to-localhost", s.mgmt.GetAmpRestrictManagementToLocalhost) - mgmt.PUT("/ampcode/restrict-management-to-localhost", s.mgmt.PutAmpRestrictManagementToLocalhost) - mgmt.PATCH("/ampcode/restrict-management-to-localhost", s.mgmt.PutAmpRestrictManagementToLocalhost) - mgmt.GET("/ampcode/model-mappings", s.mgmt.GetAmpModelMappings) - mgmt.PUT("/ampcode/model-mappings", s.mgmt.PutAmpModelMappings) - mgmt.PATCH("/ampcode/model-mappings", s.mgmt.PatchAmpModelMappings) - mgmt.DELETE("/ampcode/model-mappings", s.mgmt.DeleteAmpModelMappings) - mgmt.GET("/ampcode/force-model-mappings", s.mgmt.GetAmpForceModelMappings) - mgmt.PUT("/ampcode/force-model-mappings", s.mgmt.PutAmpForceModelMappings) - mgmt.PATCH("/ampcode/force-model-mappings", s.mgmt.PutAmpForceModelMappings) - mgmt.GET("/ampcode/upstream-api-keys", s.mgmt.GetAmpUpstreamAPIKeys) - mgmt.PUT("/ampcode/upstream-api-keys", s.mgmt.PutAmpUpstreamAPIKeys) - mgmt.PATCH("/ampcode/upstream-api-keys", s.mgmt.PatchAmpUpstreamAPIKeys) - mgmt.DELETE("/ampcode/upstream-api-keys", s.mgmt.DeleteAmpUpstreamAPIKeys) - - mgmt.GET("/request-retry", s.mgmt.GetRequestRetry) - mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry) - mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry) - mgmt.GET("/max-retry-interval", s.mgmt.GetMaxRetryInterval) - mgmt.PUT("/max-retry-interval", s.mgmt.PutMaxRetryInterval) - mgmt.PATCH("/max-retry-interval", s.mgmt.PutMaxRetryInterval) - - mgmt.GET("/force-model-prefix", s.mgmt.GetForceModelPrefix) - mgmt.PUT("/force-model-prefix", s.mgmt.PutForceModelPrefix) - mgmt.PATCH("/force-model-prefix", s.mgmt.PutForceModelPrefix) - - mgmt.GET("/routing/strategy", s.mgmt.GetRoutingStrategy) - mgmt.PUT("/routing/strategy", s.mgmt.PutRoutingStrategy) - mgmt.PATCH("/routing/strategy", s.mgmt.PutRoutingStrategy) - - mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys) - mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys) - mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey) - mgmt.DELETE("/claude-api-key", s.mgmt.DeleteClaudeKey) - - mgmt.GET("/codex-api-key", s.mgmt.GetCodexKeys) - mgmt.PUT("/codex-api-key", s.mgmt.PutCodexKeys) - mgmt.PATCH("/codex-api-key", s.mgmt.PatchCodexKey) - mgmt.DELETE("/codex-api-key", s.mgmt.DeleteCodexKey) - - mgmt.GET("/openai-compatibility", s.mgmt.GetOpenAICompat) - mgmt.PUT("/openai-compatibility", s.mgmt.PutOpenAICompat) - mgmt.PATCH("/openai-compatibility", s.mgmt.PatchOpenAICompat) - mgmt.DELETE("/openai-compatibility", s.mgmt.DeleteOpenAICompat) - - mgmt.GET("/vertex-api-key", s.mgmt.GetVertexCompatKeys) - mgmt.PUT("/vertex-api-key", s.mgmt.PutVertexCompatKeys) - mgmt.PATCH("/vertex-api-key", s.mgmt.PatchVertexCompatKey) - mgmt.DELETE("/vertex-api-key", s.mgmt.DeleteVertexCompatKey) - - mgmt.GET("/oauth-excluded-models", s.mgmt.GetOAuthExcludedModels) - mgmt.PUT("/oauth-excluded-models", s.mgmt.PutOAuthExcludedModels) - mgmt.PATCH("/oauth-excluded-models", s.mgmt.PatchOAuthExcludedModels) - mgmt.DELETE("/oauth-excluded-models", s.mgmt.DeleteOAuthExcludedModels) - - mgmt.GET("/oauth-model-alias", s.mgmt.GetOAuthModelAlias) - mgmt.PUT("/oauth-model-alias", s.mgmt.PutOAuthModelAlias) - mgmt.PATCH("/oauth-model-alias", s.mgmt.PatchOAuthModelAlias) - mgmt.DELETE("/oauth-model-alias", s.mgmt.DeleteOAuthModelAlias) - - mgmt.GET("/auth-files", s.mgmt.ListAuthFiles) - mgmt.GET("/auth-files/models", s.mgmt.GetAuthFileModels) - mgmt.GET("/model-definitions/:channel", s.mgmt.GetStaticModelDefinitions) - mgmt.GET("/auth-files/download", s.mgmt.DownloadAuthFile) - mgmt.POST("/auth-files", s.mgmt.UploadAuthFile) - mgmt.DELETE("/auth-files", s.mgmt.DeleteAuthFile) - mgmt.PATCH("/auth-files/status", s.mgmt.PatchAuthFileStatus) - mgmt.PATCH("/auth-files/fields", s.mgmt.PatchAuthFileFields) - mgmt.POST("/vertex/import", s.mgmt.ImportVertexCredential) - - mgmt.GET("/anthropic-auth-url", s.mgmt.RequestAnthropicToken) - mgmt.GET("/codex-auth-url", s.mgmt.RequestCodexToken) - mgmt.GET("/gemini-cli-auth-url", s.mgmt.RequestGeminiCLIToken) - mgmt.GET("/antigravity-auth-url", s.mgmt.RequestAntigravityToken) - mgmt.GET("/qwen-auth-url", s.mgmt.RequestQwenToken) - mgmt.GET("/kilo-auth-url", s.mgmt.RequestKiloToken) - mgmt.GET("/kimi-auth-url", s.mgmt.RequestKimiToken) - mgmt.GET("/iflow-auth-url", s.mgmt.RequestIFlowToken) - mgmt.POST("/iflow-auth-url", s.mgmt.RequestIFlowCookieToken) - mgmt.GET("/kiro-auth-url", s.mgmt.RequestKiroToken) - mgmt.GET("/github-auth-url", s.mgmt.RequestGitHubToken) - mgmt.POST("/oauth-callback", s.mgmt.PostOAuthCallback) - mgmt.GET("/get-auth-status", s.mgmt.GetAuthStatus) - } -} - -func (s *Server) managementAvailabilityMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - if !s.managementRoutesEnabled.Load() { - c.AbortWithStatus(http.StatusNotFound) - return - } - c.Next() - } -} - -func (s *Server) serveManagementControlPanel(c *gin.Context) { - cfg := s.cfg - if cfg == nil || cfg.RemoteManagement.DisableControlPanel { - c.AbortWithStatus(http.StatusNotFound) - return - } - filePath := managementasset.FilePath(s.configFilePath) - if strings.TrimSpace(filePath) == "" { - c.AbortWithStatus(http.StatusNotFound) - return - } - - if _, err := os.Stat(filePath); err != nil { - if os.IsNotExist(err) { - // Synchronously ensure management.html is available with a detached context. - // Control panel bootstrap should not be canceled by client disconnects. - if !managementasset.EnsureLatestManagementHTML(context.Background(), managementasset.StaticDir(s.configFilePath), cfg.ProxyURL, cfg.RemoteManagement.PanelGitHubRepository) { - c.AbortWithStatus(http.StatusNotFound) - return - } - } else { - log.WithError(err).Error("failed to stat management control panel asset") - c.AbortWithStatus(http.StatusInternalServerError) - return - } - } - - c.File(filePath) -} - -func (s *Server) enableKeepAlive(timeout time.Duration, onTimeout func()) { - if timeout <= 0 || onTimeout == nil { - return - } - - s.keepAliveEnabled = true - s.keepAliveTimeout = timeout - s.keepAliveOnTimeout = onTimeout - s.keepAliveHeartbeat = make(chan struct{}, 1) - s.keepAliveStop = make(chan struct{}, 1) - - s.engine.GET("/keep-alive", s.handleKeepAlive) - - go s.watchKeepAlive() -} - -func (s *Server) handleKeepAlive(c *gin.Context) { - if s.localPassword != "" { - provided := strings.TrimSpace(c.GetHeader("Authorization")) - if provided != "" { - parts := strings.SplitN(provided, " ", 2) - if len(parts) == 2 && strings.EqualFold(parts[0], "bearer") { - provided = parts[1] - } - } - if provided == "" { - provided = strings.TrimSpace(c.GetHeader("X-Local-Password")) - } - if subtle.ConstantTimeCompare([]byte(provided), []byte(s.localPassword)) != 1 { - c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid password"}) - return - } - } - - s.signalKeepAlive() - c.JSON(http.StatusOK, gin.H{"status": "ok"}) -} - -func (s *Server) signalKeepAlive() { - if !s.keepAliveEnabled { - return - } - select { - case s.keepAliveHeartbeat <- struct{}{}: - default: - } -} - -func (s *Server) watchKeepAlive() { - if !s.keepAliveEnabled { - return - } - - timer := time.NewTimer(s.keepAliveTimeout) - defer timer.Stop() - - for { - select { - case <-timer.C: - log.Warnf("keep-alive endpoint idle for %s, shutting down", s.keepAliveTimeout) - if s.keepAliveOnTimeout != nil { - s.keepAliveOnTimeout() - } - return - case <-s.keepAliveHeartbeat: - if !timer.Stop() { - select { - case <-timer.C: - default: - } - } - timer.Reset(s.keepAliveTimeout) - case <-s.keepAliveStop: - return - } - } -} - -// unifiedModelsHandler creates a unified handler for the /v1/models endpoint -// that routes to different handlers based on the User-Agent header. -// If User-Agent starts with "claude-cli", it routes to Claude handler, -// otherwise it routes to OpenAI handler. -func (s *Server) unifiedModelsHandler(openaiHandler *openai.OpenAIAPIHandler, claudeHandler *claude.ClaudeCodeAPIHandler) gin.HandlerFunc { - return func(c *gin.Context) { - userAgent := c.GetHeader("User-Agent") - - // Route to Claude handler if User-Agent starts with "claude-cli" - if strings.HasPrefix(userAgent, "claude-cli") { - // log.Debugf("Routing /v1/models to Claude handler for User-Agent: %s", userAgent) - claudeHandler.ClaudeModels(c) - } else { - // log.Debugf("Routing /v1/models to OpenAI handler for User-Agent: %s", userAgent) - openaiHandler.OpenAIModels(c) - } - } -} - -// Start begins listening for and serving HTTP or HTTPS requests. -// It's a blocking call and will only return on an unrecoverable error. -// -// Returns: -// - error: An error if the server fails to start -func (s *Server) Start() error { - if s == nil || s.server == nil { - return fmt.Errorf("failed to start HTTP server: server not initialized") - } - - useTLS := s.cfg != nil && s.cfg.TLS.Enable - if useTLS { - cert := strings.TrimSpace(s.cfg.TLS.Cert) - key := strings.TrimSpace(s.cfg.TLS.Key) - if cert == "" || key == "" { - return fmt.Errorf("failed to start HTTPS server: tls.cert or tls.key is empty") - } - log.Debugf("Starting API server on %s with TLS", s.server.Addr) - if errServeTLS := s.server.ListenAndServeTLS(cert, key); errServeTLS != nil && !errors.Is(errServeTLS, http.ErrServerClosed) { - return fmt.Errorf("failed to start HTTPS server: %v", errServeTLS) - } - return nil - } - - log.Debugf("Starting API server on %s", s.server.Addr) - if errServe := s.server.ListenAndServe(); errServe != nil && !errors.Is(errServe, http.ErrServerClosed) { - return fmt.Errorf("failed to start HTTP server: %v", errServe) - } - - return nil -} - -// Stop gracefully shuts down the API server without interrupting any -// active connections. -// -// Parameters: -// - ctx: The context for graceful shutdown -// -// Returns: -// - error: An error if the server fails to stop -func (s *Server) Stop(ctx context.Context) error { - log.Debug("Stopping API server...") - - if s.keepAliveEnabled { - select { - case s.keepAliveStop <- struct{}{}: - default: - } - } - - // Shutdown the HTTP server. - if err := s.server.Shutdown(ctx); err != nil { - return fmt.Errorf("failed to shutdown HTTP server: %v", err) - } - - log.Debug("API server stopped") - return nil -} - -// corsMiddleware returns a Gin middleware handler that adds CORS headers -// to every response, allowing cross-origin requests. -// -// Returns: -// - gin.HandlerFunc: The CORS middleware handler -func corsMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - c.Header("Access-Control-Allow-Origin", "*") - c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS") - c.Header("Access-Control-Allow-Headers", "*") - - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(http.StatusNoContent) - return - } - - c.Next() - } -} - -func (s *Server) applyAccessConfig(oldCfg, newCfg *config.Config) { - if s == nil || s.accessManager == nil || newCfg == nil { - return - } - if _, err := access.ApplyAccessProviders(s.accessManager, oldCfg, newCfg); err != nil { - return - } -} - -// UpdateClients updates the server's client list and configuration. -// This method is called when the configuration or authentication tokens change. -// -// Parameters: -// - clients: The new slice of AI service clients -// - cfg: The new application configuration -func (s *Server) UpdateClients(cfg *config.Config) { - // Reconstruct old config from YAML snapshot to avoid reference sharing issues - var oldCfg *config.Config - if len(s.oldConfigYaml) > 0 { - _ = yaml.Unmarshal(s.oldConfigYaml, &oldCfg) - } - - // Update request logger enabled state if it has changed - previousRequestLog := false - if oldCfg != nil { - previousRequestLog = oldCfg.RequestLog - } - if s.requestLogger != nil && (oldCfg == nil || previousRequestLog != cfg.RequestLog) { - if s.loggerToggle != nil { - s.loggerToggle(cfg.RequestLog) - } else if toggler, ok := s.requestLogger.(interface{ SetEnabled(bool) }); ok { - toggler.SetEnabled(cfg.RequestLog) - } - } - - if oldCfg == nil || oldCfg.LoggingToFile != cfg.LoggingToFile || oldCfg.LogsMaxTotalSizeMB != cfg.LogsMaxTotalSizeMB { - if err := logging.ConfigureLogOutput(cfg); err != nil { - log.Errorf("failed to reconfigure log output: %v", err) - } - } - - if oldCfg == nil || oldCfg.UsageStatisticsEnabled != cfg.UsageStatisticsEnabled { - usage.SetStatisticsEnabled(cfg.UsageStatisticsEnabled) - } - - if s.requestLogger != nil && (oldCfg == nil || oldCfg.ErrorLogsMaxFiles != cfg.ErrorLogsMaxFiles) { - if setter, ok := s.requestLogger.(interface{ SetErrorLogsMaxFiles(int) }); ok { - setter.SetErrorLogsMaxFiles(cfg.ErrorLogsMaxFiles) - } - } - - if oldCfg == nil || oldCfg.DisableCooling != cfg.DisableCooling { - auth.SetQuotaCooldownDisabled(cfg.DisableCooling) - } - - if s.handlers != nil && s.handlers.AuthManager != nil { - s.handlers.AuthManager.SetRetryConfig(cfg.RequestRetry, time.Duration(cfg.MaxRetryInterval)*time.Second) - } - - // Update log level dynamically when debug flag changes - if oldCfg == nil || oldCfg.Debug != cfg.Debug { - util.SetLogLevel(cfg) - } - - prevSecretEmpty := true - if oldCfg != nil { - prevSecretEmpty = oldCfg.RemoteManagement.SecretKey == "" - } - newSecretEmpty := cfg.RemoteManagement.SecretKey == "" - if s.envManagementSecret { - s.registerManagementRoutes() - if s.managementRoutesEnabled.CompareAndSwap(false, true) { - log.Info("management routes enabled via MANAGEMENT_PASSWORD") - } else { - s.managementRoutesEnabled.Store(true) - } - } else { - switch { - case prevSecretEmpty && !newSecretEmpty: - s.registerManagementRoutes() - if s.managementRoutesEnabled.CompareAndSwap(false, true) { - log.Info("management routes enabled after secret key update") - } else { - s.managementRoutesEnabled.Store(true) - } - case !prevSecretEmpty && newSecretEmpty: - if s.managementRoutesEnabled.CompareAndSwap(true, false) { - log.Info("management routes disabled after secret key removal") - } else { - s.managementRoutesEnabled.Store(false) - } - default: - s.managementRoutesEnabled.Store(!newSecretEmpty) - } - } - - s.applyAccessConfig(oldCfg, cfg) - s.cfg = cfg - s.wsAuthEnabled.Store(cfg.WebsocketAuth) - if oldCfg != nil && s.wsAuthChanged != nil && oldCfg.WebsocketAuth != cfg.WebsocketAuth { - s.wsAuthChanged(oldCfg.WebsocketAuth, cfg.WebsocketAuth) - } - managementasset.SetCurrentConfig(cfg) - // Save YAML snapshot for next comparison - s.oldConfigYaml, _ = yaml.Marshal(cfg) - - s.handlers.UpdateClients(&cfg.SDKConfig) - - if s.mgmt != nil { - s.mgmt.SetConfig(cfg) - s.mgmt.SetAuthManager(s.handlers.AuthManager) - } - - // Notify Amp module only when Amp config has changed. - ampConfigChanged := oldCfg == nil || !reflect.DeepEqual(oldCfg.AmpCode, cfg.AmpCode) - if ampConfigChanged { - if s.ampModule != nil { - log.Debugf("triggering amp module config update") - if err := s.ampModule.OnConfigUpdated(cfg); err != nil { - log.Errorf("failed to update Amp module config: %v", err) - } - } else { - log.Warnf("amp module is nil, skipping config update") - } - } - - // Count client sources from configuration and auth store. - tokenStore := sdkAuth.GetTokenStore() - if dirSetter, ok := tokenStore.(interface{ SetBaseDir(string) }); ok { - dirSetter.SetBaseDir(cfg.AuthDir) - } - authEntries := util.CountAuthFiles(context.Background(), tokenStore) - geminiAPIKeyCount := len(cfg.GeminiKey) - claudeAPIKeyCount := len(cfg.ClaudeKey) - codexAPIKeyCount := len(cfg.CodexKey) - vertexAICompatCount := len(cfg.VertexCompatAPIKey) - openAICompatCount := 0 - for i := range cfg.OpenAICompatibility { - entry := cfg.OpenAICompatibility[i] - openAICompatCount += len(entry.APIKeyEntries) - } - - total := authEntries + geminiAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + vertexAICompatCount + openAICompatCount - fmt.Printf("server clients and configuration updated: %d clients (%d auth entries + %d Gemini API keys + %d Claude API keys + %d Codex keys + %d Vertex-compat + %d OpenAI-compat)\n", - total, - authEntries, - geminiAPIKeyCount, - claudeAPIKeyCount, - codexAPIKeyCount, - vertexAICompatCount, - openAICompatCount, - ) -} - -func (s *Server) SetWebsocketAuthChangeHandler(fn func(bool, bool)) { - if s == nil { - return - } - s.wsAuthChanged = fn -} - -// (management handlers moved to internal/api/handlers/management) - -// AuthMiddleware returns a Gin middleware handler that authenticates requests -// using the configured authentication providers. When no providers are available, -// it allows all requests (legacy behaviour). -func AuthMiddleware(manager *sdkaccess.Manager) gin.HandlerFunc { - return func(c *gin.Context) { - if manager == nil { - c.Next() - return - } - - result, err := manager.Authenticate(c.Request.Context(), c.Request) - if err == nil { - if result != nil { - c.Set("apiKey", result.Principal) - c.Set("accessProvider", result.Provider) - if len(result.Metadata) > 0 { - c.Set("accessMetadata", result.Metadata) - } - } - c.Next() - return - } - - statusCode := err.HTTPStatusCode() - if statusCode >= http.StatusInternalServerError { - log.Errorf("authentication middleware error: %v", err) - } - c.AbortWithStatusJSON(statusCode, gin.H{"error": err.Message}) - } -} diff --git a/internal/api/server_test.go b/internal/api/server_test.go deleted file mode 100644 index e8f7894757..0000000000 --- a/internal/api/server_test.go +++ /dev/null @@ -1,111 +0,0 @@ -package api - -import ( - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "strings" - "testing" - - gin "github.com/gin-gonic/gin" - proxyconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkaccess "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/access" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - sdkconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/config" -) - -func newTestServer(t *testing.T) *Server { - t.Helper() - - gin.SetMode(gin.TestMode) - - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o700); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - cfg := &proxyconfig.Config{ - SDKConfig: sdkconfig.SDKConfig{ - APIKeys: []string{"test-key"}, - }, - Port: 0, - AuthDir: authDir, - Debug: true, - LoggingToFile: false, - UsageStatisticsEnabled: false, - } - - authManager := auth.NewManager(nil, nil, nil) - accessManager := sdkaccess.NewManager() - - configPath := filepath.Join(tmpDir, "config.yaml") - return NewServer(cfg, authManager, accessManager, configPath) -} - -func TestAmpProviderModelRoutes(t *testing.T) { - testCases := []struct { - name string - path string - wantStatus int - wantContains string - }{ - { - name: "openai root models", - path: "/api/provider/openai/models", - wantStatus: http.StatusOK, - wantContains: `"object":"list"`, - }, - { - name: "groq root models", - path: "/api/provider/groq/models", - wantStatus: http.StatusOK, - wantContains: `"object":"list"`, - }, - { - name: "openai models", - path: "/api/provider/openai/v1/models", - wantStatus: http.StatusOK, - wantContains: `"object":"list"`, - }, - { - name: "anthropic models", - path: "/api/provider/anthropic/v1/models", - wantStatus: http.StatusOK, - wantContains: `"data"`, - }, - { - name: "google models v1", - path: "/api/provider/google/v1/models", - wantStatus: http.StatusOK, - wantContains: `"models"`, - }, - { - name: "google models v1beta", - path: "/api/provider/google/v1beta/models", - wantStatus: http.StatusOK, - wantContains: `"models"`, - }, - } - - for _, tc := range testCases { - tc := tc - t.Run(tc.name, func(t *testing.T) { - server := newTestServer(t) - - req := httptest.NewRequest(http.MethodGet, tc.path, nil) - req.Header.Set("Authorization", "Bearer test-key") - - rr := httptest.NewRecorder() - server.engine.ServeHTTP(rr, req) - - if rr.Code != tc.wantStatus { - t.Fatalf("unexpected status code for %s: got %d want %d; body=%s", tc.path, rr.Code, tc.wantStatus, rr.Body.String()) - } - if body := rr.Body.String(); !strings.Contains(body, tc.wantContains) { - t.Fatalf("response body for %s missing %q: %s", tc.path, tc.wantContains, body) - } - }) - } -} diff --git a/internal/auth/antigravity/auth.go b/internal/auth/antigravity/auth.go deleted file mode 100644 index 2866bfa196..0000000000 --- a/internal/auth/antigravity/auth.go +++ /dev/null @@ -1,344 +0,0 @@ -// Package antigravity provides OAuth2 authentication functionality for the Antigravity provider. -package antigravity - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// TokenResponse represents OAuth token response from Google -type TokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` -} - -// userInfo represents Google user profile -type userInfo struct { - Email string `json:"email"` -} - -// AntigravityAuth handles Antigravity OAuth authentication -type AntigravityAuth struct { - httpClient *http.Client -} - -// NewAntigravityAuth creates a new Antigravity auth service. -func NewAntigravityAuth(cfg *config.Config, httpClient *http.Client) *AntigravityAuth { - if httpClient != nil { - return &AntigravityAuth{httpClient: httpClient} - } - if cfg == nil { - cfg = &config.Config{} - } - return &AntigravityAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// BuildAuthURL generates the OAuth authorization URL. -func (o *AntigravityAuth) BuildAuthURL(state, redirectURI string) string { - if strings.TrimSpace(redirectURI) == "" { - redirectURI = fmt.Sprintf("http://localhost:%d/oauth-callback", CallbackPort) - } - params := url.Values{} - params.Set("access_type", "offline") - params.Set("client_id", ClientID) - params.Set("prompt", "consent") - params.Set("redirect_uri", redirectURI) - params.Set("response_type", "code") - params.Set("scope", strings.Join(Scopes, " ")) - params.Set("state", state) - return AuthEndpoint + "?" + params.Encode() -} - -// ExchangeCodeForTokens exchanges authorization code for access and refresh tokens -func (o *AntigravityAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*TokenResponse, error) { - data := url.Values{} - data.Set("code", code) - data.Set("client_id", ClientID) - data.Set("client_secret", ClientSecret) - data.Set("redirect_uri", redirectURI) - data.Set("grant_type", "authorization_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, TokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("antigravity token exchange: create request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("antigravity token exchange: execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity token exchange: close body error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(io.LimitReader(resp.Body, 8<<10)) - if errRead != nil { - return nil, fmt.Errorf("antigravity token exchange: read response: %w", errRead) - } - body := strings.TrimSpace(string(bodyBytes)) - if body == "" { - return nil, fmt.Errorf("antigravity token exchange: request failed: status %d", resp.StatusCode) - } - return nil, fmt.Errorf("antigravity token exchange: request failed: status %d: %s", resp.StatusCode, body) - } - - var token TokenResponse - if errDecode := json.NewDecoder(resp.Body).Decode(&token); errDecode != nil { - return nil, fmt.Errorf("antigravity token exchange: decode response: %w", errDecode) - } - return &token, nil -} - -// FetchUserInfo retrieves user email from Google -func (o *AntigravityAuth) FetchUserInfo(ctx context.Context, accessToken string) (string, error) { - accessToken = strings.TrimSpace(accessToken) - if accessToken == "" { - return "", fmt.Errorf("antigravity userinfo: missing access token") - } - req, err := http.NewRequestWithContext(ctx, http.MethodGet, UserInfoEndpoint, nil) - if err != nil { - return "", fmt.Errorf("antigravity userinfo: create request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return "", fmt.Errorf("antigravity userinfo: execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity userinfo: close body error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(io.LimitReader(resp.Body, 8<<10)) - if errRead != nil { - return "", fmt.Errorf("antigravity userinfo: read response: %w", errRead) - } - body := strings.TrimSpace(string(bodyBytes)) - if body == "" { - return "", fmt.Errorf("antigravity userinfo: request failed: status %d", resp.StatusCode) - } - return "", fmt.Errorf("antigravity userinfo: request failed: status %d: %s", resp.StatusCode, body) - } - var info userInfo - if errDecode := json.NewDecoder(resp.Body).Decode(&info); errDecode != nil { - return "", fmt.Errorf("antigravity userinfo: decode response: %w", errDecode) - } - email := strings.TrimSpace(info.Email) - if email == "" { - return "", fmt.Errorf("antigravity userinfo: response missing email") - } - return email, nil -} - -// FetchProjectID retrieves the project ID for the authenticated user via loadCodeAssist -func (o *AntigravityAuth) FetchProjectID(ctx context.Context, accessToken string) (string, error) { - loadReqBody := map[string]any{ - "metadata": map[string]string{ - "ideType": "ANTIGRAVITY", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - }, - } - - rawBody, errMarshal := json.Marshal(loadReqBody) - if errMarshal != nil { - return "", fmt.Errorf("marshal request body: %w", errMarshal) - } - - endpointURL := fmt.Sprintf("%s/%s:loadCodeAssist", APIEndpoint, APIVersion) - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody))) - if err != nil { - return "", fmt.Errorf("create request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", APIUserAgent) - req.Header.Set("X-Goog-Api-Client", APIClient) - req.Header.Set("Client-Metadata", ClientMetadata) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - return "", fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity loadCodeAssist: close body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", fmt.Errorf("read response: %w", errRead) - } - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var loadResp map[string]any - if errDecode := json.Unmarshal(bodyBytes, &loadResp); errDecode != nil { - return "", fmt.Errorf("decode response: %w", errDecode) - } - - // Extract projectID from response - projectID := "" - if id, ok := loadResp["cloudaicompanionProject"].(string); ok { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, ok := loadResp["cloudaicompanionProject"].(map[string]any); ok { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - - if projectID == "" { - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID, err = o.OnboardUser(ctx, accessToken, tierID) - if err != nil { - return "", err - } - return projectID, nil - } - - return projectID, nil -} - -// OnboardUser attempts to fetch the project ID via onboardUser by polling for completion -func (o *AntigravityAuth) OnboardUser(ctx context.Context, accessToken, tierID string) (string, error) { - log.Infof("Antigravity: onboarding user with tier: %s", tierID) - requestBody := map[string]any{ - "tierId": tierID, - "metadata": map[string]string{ - "ideType": "ANTIGRAVITY", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - }, - } - - rawBody, errMarshal := json.Marshal(requestBody) - if errMarshal != nil { - return "", fmt.Errorf("marshal request body: %w", errMarshal) - } - - maxAttempts := 5 - for attempt := 1; attempt <= maxAttempts; attempt++ { - log.Debugf("Polling attempt %d/%d", attempt, maxAttempts) - - reqCtx := ctx - var cancel context.CancelFunc - if reqCtx == nil { - reqCtx = context.Background() - } - reqCtx, cancel = context.WithTimeout(reqCtx, 30*time.Second) - - endpointURL := fmt.Sprintf("%s/%s:onboardUser", APIEndpoint, APIVersion) - req, errRequest := http.NewRequestWithContext(reqCtx, http.MethodPost, endpointURL, strings.NewReader(string(rawBody))) - if errRequest != nil { - cancel() - return "", fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", APIUserAgent) - req.Header.Set("X-Goog-Api-Client", APIClient) - req.Header.Set("Client-Metadata", ClientMetadata) - - resp, errDo := o.httpClient.Do(req) - if errDo != nil { - cancel() - return "", fmt.Errorf("execute request: %w", errDo) - } - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("close body error: %v", errClose) - } - cancel() - - if errRead != nil { - return "", fmt.Errorf("read response: %w", errRead) - } - - if resp.StatusCode == http.StatusOK { - var data map[string]any - if errDecode := json.Unmarshal(bodyBytes, &data); errDecode != nil { - return "", fmt.Errorf("decode response: %w", errDecode) - } - - if done, okDone := data["done"].(bool); okDone && done { - projectID := "" - if responseData, okResp := data["response"].(map[string]any); okResp { - switch projectValue := responseData["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - case string: - projectID = strings.TrimSpace(projectValue) - } - } - - if projectID != "" { - log.Infof("Successfully fetched project_id: %s", projectID) - return projectID, nil - } - - return "", fmt.Errorf("no project_id in response") - } - - time.Sleep(2 * time.Second) - continue - } - - responsePreview := strings.TrimSpace(string(bodyBytes)) - if len(responsePreview) > 500 { - responsePreview = responsePreview[:500] - } - - responseErr := responsePreview - if len(responseErr) > 200 { - responseErr = responseErr[:200] - } - return "", fmt.Errorf("http %d: %s", resp.StatusCode, responseErr) - } - - return "", nil -} diff --git a/internal/auth/antigravity/constants.go b/internal/auth/antigravity/constants.go deleted file mode 100644 index 680c8e3c70..0000000000 --- a/internal/auth/antigravity/constants.go +++ /dev/null @@ -1,34 +0,0 @@ -// Package antigravity provides OAuth2 authentication functionality for the Antigravity provider. -package antigravity - -// OAuth client credentials and configuration -const ( - ClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - ClientSecret = "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" - CallbackPort = 51121 -) - -// Scopes defines the OAuth scopes required for Antigravity authentication -var Scopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", - "https://www.googleapis.com/auth/cclog", - "https://www.googleapis.com/auth/experimentsandconfigs", -} - -// OAuth2 endpoints for Google authentication -const ( - TokenEndpoint = "https://oauth2.googleapis.com/token" - AuthEndpoint = "https://accounts.google.com/o/oauth2/v2/auth" - UserInfoEndpoint = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json" -) - -// Antigravity API configuration -const ( - APIEndpoint = "https://cloudcode-pa.googleapis.com" - APIVersion = "v1internal" - APIUserAgent = "google-api-nodejs-client/9.15.1" - APIClient = "google-cloud-sdk vscode_cloudshelleditor/0.1" - ClientMetadata = `{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI"}` -) diff --git a/internal/auth/antigravity/filename.go b/internal/auth/antigravity/filename.go deleted file mode 100644 index 03ad3e2f1a..0000000000 --- a/internal/auth/antigravity/filename.go +++ /dev/null @@ -1,16 +0,0 @@ -package antigravity - -import ( - "fmt" - "strings" -) - -// CredentialFileName returns the filename used to persist Antigravity credentials. -// It uses the email as a suffix to disambiguate accounts. -func CredentialFileName(email string) string { - email = strings.TrimSpace(email) - if email == "" { - return "antigravity.json" - } - return fmt.Sprintf("antigravity-%s.json", email) -} diff --git a/internal/auth/claude/anthropic.go b/internal/auth/claude/anthropic.go deleted file mode 100644 index dcb1b02832..0000000000 --- a/internal/auth/claude/anthropic.go +++ /dev/null @@ -1,32 +0,0 @@ -package claude - -// PKCECodes holds PKCE verification codes for OAuth2 PKCE flow -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// ClaudeTokenData holds OAuth token information from Anthropic -type ClaudeTokenData struct { - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // Email is the Anthropic account email - Email string `json:"email"` - // Expire is the timestamp of the token expire - Expire string `json:"expired"` -} - -// ClaudeAuthBundle aggregates authentication data after OAuth flow completion -type ClaudeAuthBundle struct { - // APIKey is the Anthropic API key obtained from token exchange - APIKey string `json:"api_key"` - // TokenData contains the OAuth tokens from the authentication flow - TokenData ClaudeTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} diff --git a/internal/auth/claude/errors.go b/internal/auth/claude/errors.go deleted file mode 100644 index 3585209a8a..0000000000 --- a/internal/auth/claude/errors.go +++ /dev/null @@ -1,167 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Common authentication error types. -var ( - // ErrTokenExpired = &AuthenticationError{ - // Type: "token_expired", - // Message: "Access token has expired", - // Code: http.StatusUnauthorized, - // } - - // ErrInvalidState represents an error for invalid OAuth state parameter. - ErrInvalidState = &AuthenticationError{ - Type: "invalid_state", - Message: "OAuth state parameter is invalid", - Code: http.StatusBadRequest, - } - - // ErrCodeExchangeFailed represents an error when exchanging authorization code for tokens fails. - ErrCodeExchangeFailed = &AuthenticationError{ - Type: "code_exchange_failed", - Message: "Failed to exchange authorization code for tokens", - Code: http.StatusBadRequest, - } - - // ErrServerStartFailed represents an error when starting the OAuth callback server fails. - ErrServerStartFailed = &AuthenticationError{ - Type: "server_start_failed", - Message: "Failed to start OAuth callback server", - Code: http.StatusInternalServerError, - } - - // ErrPortInUse represents an error when the OAuth callback port is already in use. - ErrPortInUse = &AuthenticationError{ - Type: "port_in_use", - Message: "OAuth callback port is already in use", - Code: 13, // Special exit code for port-in-use - } - - // ErrCallbackTimeout represents an error when waiting for OAuth callback times out. - ErrCallbackTimeout = &AuthenticationError{ - Type: "callback_timeout", - Message: "Timeout waiting for OAuth callback", - Code: http.StatusRequestTimeout, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - switch { - case IsAuthenticationError(err): - var authErr *AuthenticationError - errors.As(err, &authErr) - switch authErr.Type { - case "token_expired": - return "Your authentication has expired. Please log in again." - case "token_invalid": - return "Your authentication is invalid. Please log in again." - case "authentication_required": - return "Please log in to continue." - case "port_in_use": - return "The required port is already in use. Please close any applications using port 3000 and try again." - case "callback_timeout": - return "Authentication timed out. Please try again." - case "browser_open_failed": - return "Could not open your browser automatically. Please copy and paste the URL manually." - default: - return "Authentication failed. Please try again." - } - case IsOAuthError(err): - var oauthErr *OAuthError - errors.As(err, &oauthErr) - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "Authentication server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - default: - return "An unexpected error occurred. Please try again." - } -} diff --git a/internal/auth/claude/html_templates.go b/internal/auth/claude/html_templates.go deleted file mode 100644 index 1ec7682363..0000000000 --- a/internal/auth/claude/html_templates.go +++ /dev/null @@ -1,218 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -// LoginSuccessHtml is the HTML template displayed to users after successful OAuth authentication. -// This template provides a user-friendly success page with options to close the window -// or navigate to the Claude platform. It includes automatic window closing functionality -// and keyboard accessibility features. -const LoginSuccessHtml = ` - - - - - Authentication Successful - Claude - - - - -
-
-

Authentication Successful!

-

You have successfully authenticated with Claude. You can now close this window and return to your terminal to continue.

- - {{SETUP_NOTICE}} - -
- - - Open Platform - - -
- -
- This window will close automatically in 10 seconds -
- -
-

Powered by ChatGPT

-
-
- - - -` - -// SetupNoticeHtml is the HTML template for the setup notice section. -// This template is embedded within the success page to inform users about -// additional setup steps required to complete their Claude account configuration. -const SetupNoticeHtml = ` -
-

Additional Setup Required

-

To complete your setup, please visit the Claude to configure your account.

-
` diff --git a/internal/auth/claude/oauth_server.go b/internal/auth/claude/oauth_server.go deleted file mode 100644 index 49b04794e5..0000000000 --- a/internal/auth/claude/oauth_server.go +++ /dev/null @@ -1,331 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "context" - "errors" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// OAuthServer handles the local HTTP server for OAuth callbacks. -// It listens for the authorization code response from the OAuth provider -// and captures the necessary parameters to complete the authentication flow. -type OAuthServer struct { - // server is the underlying HTTP server instance - server *http.Server - // port is the port number on which the server listens - port int - // resultChan is a channel for sending OAuth results - resultChan chan *OAuthResult - // errorChan is a channel for sending OAuth errors - errorChan chan error - // mu is a mutex for protecting server state - mu sync.Mutex - // running indicates whether the server is currently running - running bool -} - -// OAuthResult contains the result of the OAuth callback. -// It holds either the authorization code and state for successful authentication -// or an error message if the authentication failed. -type OAuthResult struct { - // Code is the authorization code received from the OAuth provider - Code string - // State is the state parameter used to prevent CSRF attacks - State string - // Error contains any error message if the OAuth flow failed - Error string -} - -// NewOAuthServer creates a new OAuth callback server. -// It initializes the server with the specified port and creates channels -// for handling OAuth results and errors. -// -// Parameters: -// - port: The port number on which the server should listen -// -// Returns: -// - *OAuthServer: A new OAuthServer instance -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - resultChan: make(chan *OAuthResult, 1), - errorChan: make(chan error, 1), - } -} - -// Start starts the OAuth callback server. -// It sets up the HTTP handlers for the callback and success endpoints, -// and begins listening on the specified port. -// -// Returns: -// - error: An error if the server fails to start -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - - if s.running { - return fmt.Errorf("server is already running") - } - - // Check if port is available - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/callback", s.handleCallback) - mux.HandleFunc("/success", s.handleSuccess) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - // Start server in goroutine - go func() { - if err := s.server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { - s.errorChan <- fmt.Errorf("server failed to start: %w", err) - } - }() - - // Give server a moment to start - time.Sleep(100 * time.Millisecond) - - return nil -} - -// Stop gracefully stops the OAuth callback server. -// It performs a graceful shutdown of the HTTP server with a timeout. -// -// Parameters: -// - ctx: The context for controlling the shutdown process -// -// Returns: -// - error: An error if the server fails to stop gracefully -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - if !s.running || s.server == nil { - return nil - } - - log.Debug("Stopping OAuth callback server") - - // Create a context with timeout for shutdown - shutdownCtx, cancel := context.WithTimeout(ctx, 5*time.Second) - defer cancel() - - err := s.server.Shutdown(shutdownCtx) - s.running = false - s.server = nil - - return err -} - -// WaitForCallback waits for the OAuth callback with a timeout. -// It blocks until either an OAuth result is received, an error occurs, -// or the specified timeout is reached. -// -// Parameters: -// - timeout: The maximum time to wait for the callback -// -// Returns: -// - *OAuthResult: The OAuth result if successful -// - error: An error if the callback times out or an error occurs -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case result := <-s.resultChan: - return result, nil - case err := <-s.errorChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -// handleCallback handles the OAuth callback endpoint. -// It extracts the authorization code and state from the callback URL, -// validates the parameters, and sends the result to the waiting channel. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - log.Debug("Received OAuth callback") - - // Validate request method - if r.Method != http.MethodGet { - http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) - return - } - - // Extract parameters - query := r.URL.Query() - code := query.Get("code") - state := query.Get("state") - errorParam := query.Get("error") - - // Validate required parameters - if errorParam != "" { - log.Errorf("OAuth error received: %s", errorParam) - result := &OAuthResult{ - Error: errorParam, - } - s.sendResult(result) - http.Error(w, fmt.Sprintf("OAuth error: %s", errorParam), http.StatusBadRequest) - return - } - - if code == "" { - log.Error("No authorization code received") - result := &OAuthResult{ - Error: "no_code", - } - s.sendResult(result) - http.Error(w, "No authorization code received", http.StatusBadRequest) - return - } - - if state == "" { - log.Error("No state parameter received") - result := &OAuthResult{ - Error: "no_state", - } - s.sendResult(result) - http.Error(w, "No state parameter received", http.StatusBadRequest) - return - } - - // Send successful result - result := &OAuthResult{ - Code: code, - State: state, - } - s.sendResult(result) - - // Redirect to success page - http.Redirect(w, r, "/success", http.StatusFound) -} - -// handleSuccess handles the success page endpoint. -// It serves a user-friendly HTML page indicating that authentication was successful. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleSuccess(w http.ResponseWriter, r *http.Request) { - log.Debug("Serving success page") - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusOK) - - // Parse query parameters for customization - query := r.URL.Query() - setupRequired := query.Get("setup_required") == "true" - platformURL := query.Get("platform_url") - if platformURL == "" { - platformURL = "https://console.anthropic.com/" - } - - // Validate platformURL to prevent XSS - only allow http/https URLs - if !isValidURL(platformURL) { - platformURL = "https://console.anthropic.com/" - } - - // Generate success page HTML with dynamic content - successHTML := s.generateSuccessHTML(setupRequired, platformURL) - - _, err := w.Write([]byte(successHTML)) - if err != nil { - log.Errorf("Failed to write success page: %v", err) - } -} - -// isValidURL checks if the URL is a valid http/https URL to prevent XSS -func isValidURL(urlStr string) bool { - urlStr = strings.TrimSpace(urlStr) - return strings.HasPrefix(urlStr, "https://") || strings.HasPrefix(urlStr, "http://") -} - -// generateSuccessHTML creates the HTML content for the success page. -// It customizes the page based on whether additional setup is required -// and includes a link to the platform. -// -// Parameters: -// - setupRequired: Whether additional setup is required after authentication -// - platformURL: The URL to the platform for additional setup -// -// Returns: -// - string: The HTML content for the success page -func (s *OAuthServer) generateSuccessHTML(setupRequired bool, platformURL string) string { - html := LoginSuccessHtml - - // Replace platform URL placeholder - html = strings.Replace(html, "{{PLATFORM_URL}}", platformURL, -1) - - // Add setup notice if required - if setupRequired { - setupNotice := strings.Replace(SetupNoticeHtml, "{{PLATFORM_URL}}", platformURL, -1) - html = strings.Replace(html, "{{SETUP_NOTICE}}", setupNotice, 1) - } else { - html = strings.Replace(html, "{{SETUP_NOTICE}}", "", 1) - } - - return html -} - -// sendResult sends the OAuth result to the waiting channel. -// It ensures that the result is sent without blocking the handler. -// -// Parameters: -// - result: The OAuth result to send -func (s *OAuthServer) sendResult(result *OAuthResult) { - select { - case s.resultChan <- result: - log.Debug("OAuth result sent to channel") - default: - log.Warn("OAuth result channel is full, result dropped") - } -} - -// isPortAvailable checks if the specified port is available. -// It attempts to listen on the port to determine availability. -// -// Returns: -// - bool: True if the port is available, false otherwise -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - defer func() { - _ = listener.Close() - }() - return true -} - -// IsRunning returns whether the server is currently running. -// -// Returns: -// - bool: True if the server is running, false otherwise -func (s *OAuthServer) IsRunning() bool { - s.mu.Lock() - defer s.mu.Unlock() - return s.running -} diff --git a/internal/auth/claude/pkce.go b/internal/auth/claude/pkce.go deleted file mode 100644 index 98d40202b7..0000000000 --- a/internal/auth/claude/pkce.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "fmt" -) - -// GeneratePKCECodes generates a PKCE code verifier and challenge pair -// following RFC 7636 specifications for OAuth 2.0 PKCE extension. -// This provides additional security for the OAuth flow by ensuring that -// only the client that initiated the request can exchange the authorization code. -// -// Returns: -// - *PKCECodes: A struct containing the code verifier and challenge -// - error: An error if the generation fails, nil otherwise -func GeneratePKCECodes() (*PKCECodes, error) { - // Generate code verifier: 43-128 characters, URL-safe - codeVerifier, err := generateCodeVerifier() - if err != nil { - return nil, fmt.Errorf("failed to generate code verifier: %w", err) - } - - // Generate code challenge using S256 method - codeChallenge := generateCodeChallenge(codeVerifier) - - return &PKCECodes{ - CodeVerifier: codeVerifier, - CodeChallenge: codeChallenge, - }, nil -} - -// generateCodeVerifier creates a cryptographically random string -// of 128 characters using URL-safe base64 encoding -func generateCodeVerifier() (string, error) { - // Generate 96 random bytes (will result in 128 base64 characters) - bytes := make([]byte, 96) - _, err := rand.Read(bytes) - if err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - - // Encode to URL-safe base64 without padding - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a SHA256 hash of the code verifier -// and encodes it using URL-safe base64 encoding without padding -func generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) -} diff --git a/internal/auth/claude/token.go b/internal/auth/claude/token.go index ff1332d880..6ea368faad 100644 --- a/internal/auth/claude/token.go +++ b/internal/auth/claude/token.go @@ -4,7 +4,7 @@ package claude import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/base" + "github.com/KooshaPari/phenotype-go-auth" "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" ) @@ -12,7 +12,7 @@ import ( // It extends the shared BaseTokenStorage with Claude-specific functionality, // maintaining compatibility with the existing auth system. type ClaudeTokenStorage struct { - *base.BaseTokenStorage + *auth.BaseTokenStorage } // NewClaudeTokenStorage creates a new Claude token storage with the given file path. @@ -24,7 +24,7 @@ type ClaudeTokenStorage struct { // - *ClaudeTokenStorage: A new Claude token storage instance func NewClaudeTokenStorage(filePath string) *ClaudeTokenStorage { return &ClaudeTokenStorage{ - BaseTokenStorage: base.NewBaseTokenStorage(filePath), + BaseTokenStorage: auth.NewBaseTokenStorage(filePath), } } @@ -42,7 +42,7 @@ func (ts *ClaudeTokenStorage) SaveTokenToFile(authFilePath string) error { ts.Type = "claude" // Create a new token storage with the file path and copy the fields - base := base.NewBaseTokenStorage(authFilePath) + base := auth.NewBaseTokenStorage(authFilePath) base.IDToken = ts.IDToken base.AccessToken = ts.AccessToken base.RefreshToken = ts.RefreshToken diff --git a/internal/auth/claude/utls_transport.go b/internal/auth/claude/utls_transport.go deleted file mode 100644 index e6a99f573e..0000000000 --- a/internal/auth/claude/utls_transport.go +++ /dev/null @@ -1,165 +0,0 @@ -// Package claude provides authentication functionality for Anthropic's Claude API. -// This file implements a custom HTTP transport using utls to bypass TLS fingerprinting. -package claude - -import ( - "net/http" - "net/url" - "strings" - "sync" - - tls "github.com/refraction-networking/utls" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" - "golang.org/x/net/http2" - "golang.org/x/net/proxy" -) - -// utlsRoundTripper implements http.RoundTripper using utls with Firefox fingerprint -// to bypass Cloudflare's TLS fingerprinting on Anthropic domains. -type utlsRoundTripper struct { - // mu protects the connections map and pending map - mu sync.Mutex - // connections caches HTTP/2 client connections per host - connections map[string]*http2.ClientConn - // pending tracks hosts that are currently being connected to (prevents race condition) - pending map[string]*sync.Cond - // dialer is used to create network connections, supporting proxies - dialer proxy.Dialer -} - -// newUtlsRoundTripper creates a new utls-based round tripper with optional proxy support -func newUtlsRoundTripper(cfg *config.SDKConfig) *utlsRoundTripper { - var dialer proxy.Dialer = proxy.Direct - if cfg != nil && cfg.ProxyURL != "" { - proxyURL, err := url.Parse(cfg.ProxyURL) - if err != nil { - log.Errorf("failed to parse proxy URL %q: %v", cfg.ProxyURL, err) - } else { - pDialer, err := proxy.FromURL(proxyURL, proxy.Direct) - if err != nil { - log.Errorf("failed to create proxy dialer for %q: %v", cfg.ProxyURL, err) - } else { - dialer = pDialer - } - } - } - - return &utlsRoundTripper{ - connections: make(map[string]*http2.ClientConn), - pending: make(map[string]*sync.Cond), - dialer: dialer, - } -} - -// getOrCreateConnection gets an existing connection or creates a new one. -// It uses a per-host locking mechanism to prevent multiple goroutines from -// creating connections to the same host simultaneously. -func (t *utlsRoundTripper) getOrCreateConnection(host, addr string) (*http2.ClientConn, error) { - t.mu.Lock() - - // Check if connection exists and is usable - if h2Conn, ok := t.connections[host]; ok && h2Conn.CanTakeNewRequest() { - t.mu.Unlock() - return h2Conn, nil - } - - // Check if another goroutine is already creating a connection - if cond, ok := t.pending[host]; ok { - // Wait for the other goroutine to finish - cond.Wait() - // Check if connection is now available - if h2Conn, ok := t.connections[host]; ok && h2Conn.CanTakeNewRequest() { - t.mu.Unlock() - return h2Conn, nil - } - // Connection still not available, we'll create one - } - - // Mark this host as pending - cond := sync.NewCond(&t.mu) - t.pending[host] = cond - t.mu.Unlock() - - // Create connection outside the lock - h2Conn, err := t.createConnection(host, addr) - - t.mu.Lock() - defer t.mu.Unlock() - - // Remove pending marker and wake up waiting goroutines - delete(t.pending, host) - cond.Broadcast() - - if err != nil { - return nil, err - } - - // Store the new connection - t.connections[host] = h2Conn - return h2Conn, nil -} - -// createConnection creates a new HTTP/2 connection with Firefox TLS fingerprint -func (t *utlsRoundTripper) createConnection(host, addr string) (*http2.ClientConn, error) { - conn, err := t.dialer.Dial("tcp", addr) - if err != nil { - return nil, err - } - - tlsConfig := &tls.Config{ServerName: host} - tlsConn := tls.UClient(conn, tlsConfig, tls.HelloFirefox_Auto) - - if err := tlsConn.Handshake(); err != nil { - conn.Close() - return nil, err - } - - tr := &http2.Transport{} - h2Conn, err := tr.NewClientConn(tlsConn) - if err != nil { - tlsConn.Close() - return nil, err - } - - return h2Conn, nil -} - -// RoundTrip implements http.RoundTripper -func (t *utlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - host := req.URL.Host - addr := host - if !strings.Contains(addr, ":") { - addr += ":443" - } - - // Get hostname without port for TLS ServerName - hostname := req.URL.Hostname() - - h2Conn, err := t.getOrCreateConnection(hostname, addr) - if err != nil { - return nil, err - } - - resp, err := h2Conn.RoundTrip(req) - if err != nil { - // Connection failed, remove it from cache - t.mu.Lock() - if cached, ok := t.connections[hostname]; ok && cached == h2Conn { - delete(t.connections, hostname) - } - t.mu.Unlock() - return nil, err - } - - return resp, nil -} - -// NewAnthropicHttpClient creates an HTTP client that bypasses TLS fingerprinting -// for Anthropic domains by using utls with Firefox fingerprint. -// It accepts optional SDK configuration for proxy settings. -func NewAnthropicHttpClient(cfg *config.SDKConfig) *http.Client { - return &http.Client{ - Transport: newUtlsRoundTripper(cfg), - } -} diff --git a/internal/auth/codex/errors.go b/internal/auth/codex/errors.go deleted file mode 100644 index d8065f7a0a..0000000000 --- a/internal/auth/codex/errors.go +++ /dev/null @@ -1,171 +0,0 @@ -package codex - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Common authentication error types. -var ( - // ErrTokenExpired = &AuthenticationError{ - // Type: "token_expired", - // Message: "Access token has expired", - // Code: http.StatusUnauthorized, - // } - - // ErrInvalidState represents an error for invalid OAuth state parameter. - ErrInvalidState = &AuthenticationError{ - Type: "invalid_state", - Message: "OAuth state parameter is invalid", - Code: http.StatusBadRequest, - } - - // ErrCodeExchangeFailed represents an error when exchanging authorization code for tokens fails. - ErrCodeExchangeFailed = &AuthenticationError{ - Type: "code_exchange_failed", - Message: "Failed to exchange authorization code for tokens", - Code: http.StatusBadRequest, - } - - // ErrServerStartFailed represents an error when starting the OAuth callback server fails. - ErrServerStartFailed = &AuthenticationError{ - Type: "server_start_failed", - Message: "Failed to start OAuth callback server", - Code: http.StatusInternalServerError, - } - - // ErrPortInUse represents an error when the OAuth callback port is already in use. - ErrPortInUse = &AuthenticationError{ - Type: "port_in_use", - Message: "OAuth callback port is already in use", - Code: 13, // Special exit code for port-in-use - } - - // ErrCallbackTimeout represents an error when waiting for OAuth callback times out. - ErrCallbackTimeout = &AuthenticationError{ - Type: "callback_timeout", - Message: "Timeout waiting for OAuth callback", - Code: http.StatusRequestTimeout, - } - - // ErrBrowserOpenFailed represents an error when opening the browser for authentication fails. - ErrBrowserOpenFailed = &AuthenticationError{ - Type: "browser_open_failed", - Message: "Failed to open browser for authentication", - Code: http.StatusInternalServerError, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - switch { - case IsAuthenticationError(err): - var authErr *AuthenticationError - errors.As(err, &authErr) - switch authErr.Type { - case "token_expired": - return "Your authentication has expired. Please log in again." - case "token_invalid": - return "Your authentication is invalid. Please log in again." - case "authentication_required": - return "Please log in to continue." - case "port_in_use": - return "The required port is already in use. Please close any applications using port 3000 and try again." - case "callback_timeout": - return "Authentication timed out. Please try again." - case "browser_open_failed": - return "Could not open your browser automatically. Please copy and paste the URL manually." - default: - return "Authentication failed. Please try again." - } - case IsOAuthError(err): - var oauthErr *OAuthError - errors.As(err, &oauthErr) - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "Authentication server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - default: - return "An unexpected error occurred. Please try again." - } -} diff --git a/internal/auth/codex/filename.go b/internal/auth/codex/filename.go deleted file mode 100644 index fdac5a404c..0000000000 --- a/internal/auth/codex/filename.go +++ /dev/null @@ -1,46 +0,0 @@ -package codex - -import ( - "fmt" - "strings" - "unicode" -) - -// CredentialFileName returns the filename used to persist Codex OAuth credentials. -// When planType is available (e.g. "plus", "team"), it is appended after the email -// as a suffix to disambiguate subscriptions. -func CredentialFileName(email, planType, hashAccountID string, includeProviderPrefix bool) string { - email = strings.TrimSpace(email) - plan := normalizePlanTypeForFilename(planType) - - prefix := "" - if includeProviderPrefix { - prefix = "codex" - } - - if plan == "" { - return fmt.Sprintf("%s-%s.json", prefix, email) - } else if plan == "team" { - return fmt.Sprintf("%s-%s-%s-%s.json", prefix, hashAccountID, email, plan) - } - return fmt.Sprintf("%s-%s-%s.json", prefix, email, plan) -} - -func normalizePlanTypeForFilename(planType string) string { - planType = strings.TrimSpace(planType) - if planType == "" { - return "" - } - - parts := strings.FieldsFunc(planType, func(r rune) bool { - return !unicode.IsLetter(r) && !unicode.IsDigit(r) - }) - if len(parts) == 0 { - return "" - } - - for i, part := range parts { - parts[i] = strings.ToLower(strings.TrimSpace(part)) - } - return strings.Join(parts, "-") -} diff --git a/internal/auth/codex/html_templates.go b/internal/auth/codex/html_templates.go deleted file mode 100644 index 054a166ee6..0000000000 --- a/internal/auth/codex/html_templates.go +++ /dev/null @@ -1,214 +0,0 @@ -package codex - -// LoginSuccessHTML is the HTML template for the page shown after a successful -// OAuth2 authentication with Codex. It informs the user that the authentication -// was successful and provides a countdown timer to automatically close the window. -const LoginSuccessHtml = ` - - - - - Authentication Successful - Codex - - - - -
-
-

Authentication Successful!

-

You have successfully authenticated with Codex. You can now close this window and return to your terminal to continue.

- - {{SETUP_NOTICE}} - -
- - - Open Platform - - -
- -
- This window will close automatically in 10 seconds -
- -
-

Powered by ChatGPT

-
-
- - - -` - -// SetupNoticeHTML is the HTML template for the section that provides instructions -// for additional setup. This is displayed on the success page when further actions -// are required from the user. -const SetupNoticeHtml = ` -
-

Additional Setup Required

-

To complete your setup, please visit the Codex to configure your account.

-
` diff --git a/internal/auth/codex/jwt_parser.go b/internal/auth/codex/jwt_parser.go deleted file mode 100644 index 130e86420a..0000000000 --- a/internal/auth/codex/jwt_parser.go +++ /dev/null @@ -1,102 +0,0 @@ -package codex - -import ( - "encoding/base64" - "encoding/json" - "fmt" - "strings" - "time" -) - -// JWTClaims represents the claims section of a JSON Web Token (JWT). -// It includes standard claims like issuer, subject, and expiration time, as well as -// custom claims specific to OpenAI's authentication. -type JWTClaims struct { - AtHash string `json:"at_hash"` - Aud []string `json:"aud"` - AuthProvider string `json:"auth_provider"` - AuthTime int `json:"auth_time"` - Email string `json:"email"` - EmailVerified bool `json:"email_verified"` - Exp int `json:"exp"` - CodexAuthInfo CodexAuthInfo `json:"https://api.openai.com/auth"` - Iat int `json:"iat"` - Iss string `json:"iss"` - Jti string `json:"jti"` - Rat int `json:"rat"` - Sid string `json:"sid"` - Sub string `json:"sub"` -} - -// Organizations defines the structure for organization details within the JWT claims. -// It holds information about the user's organization, such as ID, role, and title. -type Organizations struct { - ID string `json:"id"` - IsDefault bool `json:"is_default"` - Role string `json:"role"` - Title string `json:"title"` -} - -// CodexAuthInfo contains authentication-related details specific to Codex. -// This includes ChatGPT account information, subscription status, and user/organization IDs. -type CodexAuthInfo struct { - ChatgptAccountID string `json:"chatgpt_account_id"` - ChatgptPlanType string `json:"chatgpt_plan_type"` - ChatgptSubscriptionActiveStart any `json:"chatgpt_subscription_active_start"` - ChatgptSubscriptionActiveUntil any `json:"chatgpt_subscription_active_until"` - ChatgptSubscriptionLastChecked time.Time `json:"chatgpt_subscription_last_checked"` - ChatgptUserID string `json:"chatgpt_user_id"` - Groups []any `json:"groups"` - Organizations []Organizations `json:"organizations"` - UserID string `json:"user_id"` -} - -// ParseJWTToken parses a JWT token string and extracts its claims without performing -// cryptographic signature verification. This is useful for introspecting the token's -// contents to retrieve user information from an ID token after it has been validated -// by the authentication server. -func ParseJWTToken(token string) (*JWTClaims, error) { - parts := strings.Split(token, ".") - if len(parts) != 3 { - return nil, fmt.Errorf("invalid JWT token format: expected 3 parts, got %d", len(parts)) - } - - // Decode the claims (payload) part - claimsData, err := base64URLDecode(parts[1]) - if err != nil { - return nil, fmt.Errorf("failed to decode JWT claims: %w", err) - } - - var claims JWTClaims - if err = json.Unmarshal(claimsData, &claims); err != nil { - return nil, fmt.Errorf("failed to unmarshal JWT claims: %w", err) - } - - return &claims, nil -} - -// base64URLDecode decodes a Base64 URL-encoded string, adding padding if necessary. -// JWTs use a URL-safe Base64 alphabet and omit padding, so this function ensures -// correct decoding by re-adding the padding before decoding. -func base64URLDecode(data string) ([]byte, error) { - // Add padding if necessary - switch len(data) % 4 { - case 2: - data += "==" - case 3: - data += "=" - } - - return base64.URLEncoding.DecodeString(data) -} - -// GetUserEmail extracts the user's email address from the JWT claims. -func (c *JWTClaims) GetUserEmail() string { - return c.Email -} - -// GetAccountID extracts the user's account ID (subject) from the JWT claims. -// It retrieves the unique identifier for the user's ChatGPT account. -func (c *JWTClaims) GetAccountID() string { - return c.CodexAuthInfo.ChatgptAccountID -} diff --git a/internal/auth/codex/oauth_server.go b/internal/auth/codex/oauth_server.go deleted file mode 100644 index 58b5394efb..0000000000 --- a/internal/auth/codex/oauth_server.go +++ /dev/null @@ -1,328 +0,0 @@ -package codex - -import ( - "context" - "errors" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// OAuthServer handles the local HTTP server for OAuth callbacks. -// It listens for the authorization code response from the OAuth provider -// and captures the necessary parameters to complete the authentication flow. -type OAuthServer struct { - // server is the underlying HTTP server instance - server *http.Server - // port is the port number on which the server listens - port int - // resultChan is a channel for sending OAuth results - resultChan chan *OAuthResult - // errorChan is a channel for sending OAuth errors - errorChan chan error - // mu is a mutex for protecting server state - mu sync.Mutex - // running indicates whether the server is currently running - running bool -} - -// OAuthResult contains the result of the OAuth callback. -// It holds either the authorization code and state for successful authentication -// or an error message if the authentication failed. -type OAuthResult struct { - // Code is the authorization code received from the OAuth provider - Code string - // State is the state parameter used to prevent CSRF attacks - State string - // Error contains any error message if the OAuth flow failed - Error string -} - -// NewOAuthServer creates a new OAuth callback server. -// It initializes the server with the specified port and creates channels -// for handling OAuth results and errors. -// -// Parameters: -// - port: The port number on which the server should listen -// -// Returns: -// - *OAuthServer: A new OAuthServer instance -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - resultChan: make(chan *OAuthResult, 1), - errorChan: make(chan error, 1), - } -} - -// Start starts the OAuth callback server. -// It sets up the HTTP handlers for the callback and success endpoints, -// and begins listening on the specified port. -// -// Returns: -// - error: An error if the server fails to start -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - - if s.running { - return fmt.Errorf("server is already running") - } - - // Check if port is available - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/auth/callback", s.handleCallback) - mux.HandleFunc("/success", s.handleSuccess) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - // Start server in goroutine - go func() { - if err := s.server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { - s.errorChan <- fmt.Errorf("server failed to start: %w", err) - } - }() - - // Give server a moment to start - time.Sleep(100 * time.Millisecond) - - return nil -} - -// Stop gracefully stops the OAuth callback server. -// It performs a graceful shutdown of the HTTP server with a timeout. -// -// Parameters: -// - ctx: The context for controlling the shutdown process -// -// Returns: -// - error: An error if the server fails to stop gracefully -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - if !s.running || s.server == nil { - return nil - } - - log.Debug("Stopping OAuth callback server") - - // Create a context with timeout for shutdown - shutdownCtx, cancel := context.WithTimeout(ctx, 5*time.Second) - defer cancel() - - err := s.server.Shutdown(shutdownCtx) - s.running = false - s.server = nil - - return err -} - -// WaitForCallback waits for the OAuth callback with a timeout. -// It blocks until either an OAuth result is received, an error occurs, -// or the specified timeout is reached. -// -// Parameters: -// - timeout: The maximum time to wait for the callback -// -// Returns: -// - *OAuthResult: The OAuth result if successful -// - error: An error if the callback times out or an error occurs -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case result := <-s.resultChan: - return result, nil - case err := <-s.errorChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -// handleCallback handles the OAuth callback endpoint. -// It extracts the authorization code and state from the callback URL, -// validates the parameters, and sends the result to the waiting channel. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - log.Debug("Received OAuth callback") - - // Validate request method - if r.Method != http.MethodGet { - http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) - return - } - - // Extract parameters - query := r.URL.Query() - code := query.Get("code") - state := query.Get("state") - errorParam := query.Get("error") - - // Validate required parameters - if errorParam != "" { - log.Errorf("OAuth error received: %s", errorParam) - result := &OAuthResult{ - Error: errorParam, - } - s.sendResult(result) - http.Error(w, fmt.Sprintf("OAuth error: %s", errorParam), http.StatusBadRequest) - return - } - - if code == "" { - log.Error("No authorization code received") - result := &OAuthResult{ - Error: "no_code", - } - s.sendResult(result) - http.Error(w, "No authorization code received", http.StatusBadRequest) - return - } - - if state == "" { - log.Error("No state parameter received") - result := &OAuthResult{ - Error: "no_state", - } - s.sendResult(result) - http.Error(w, "No state parameter received", http.StatusBadRequest) - return - } - - // Send successful result - result := &OAuthResult{ - Code: code, - State: state, - } - s.sendResult(result) - - // Redirect to success page - http.Redirect(w, r, "/success", http.StatusFound) -} - -// handleSuccess handles the success page endpoint. -// It serves a user-friendly HTML page indicating that authentication was successful. -// -// Parameters: -// - w: The HTTP response writer -// - r: The HTTP request -func (s *OAuthServer) handleSuccess(w http.ResponseWriter, r *http.Request) { - log.Debug("Serving success page") - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusOK) - - // Parse query parameters for customization - query := r.URL.Query() - setupRequired := query.Get("setup_required") == "true" - platformURL := query.Get("platform_url") - if platformURL == "" { - platformURL = "https://platform.openai.com" - } - - // Validate platformURL to prevent XSS - only allow http/https URLs - if !isValidURL(platformURL) { - platformURL = "https://platform.openai.com" - } - - // Generate success page HTML with dynamic content - successHTML := s.generateSuccessHTML(setupRequired, platformURL) - - _, err := w.Write([]byte(successHTML)) - if err != nil { - log.Errorf("Failed to write success page: %v", err) - } -} - -// isValidURL checks if the URL is a valid http/https URL to prevent XSS -func isValidURL(urlStr string) bool { - urlStr = strings.TrimSpace(urlStr) - return strings.HasPrefix(urlStr, "https://") || strings.HasPrefix(urlStr, "http://") -} - -// generateSuccessHTML creates the HTML content for the success page. -// It customizes the page based on whether additional setup is required -// and includes a link to the platform. -// -// Parameters: -// - setupRequired: Whether additional setup is required after authentication -// - platformURL: The URL to the platform for additional setup -// -// Returns: -// - string: The HTML content for the success page -func (s *OAuthServer) generateSuccessHTML(setupRequired bool, platformURL string) string { - html := LoginSuccessHtml - - // Replace platform URL placeholder - html = strings.Replace(html, "{{PLATFORM_URL}}", platformURL, -1) - - // Add setup notice if required - if setupRequired { - setupNotice := strings.Replace(SetupNoticeHtml, "{{PLATFORM_URL}}", platformURL, -1) - html = strings.Replace(html, "{{SETUP_NOTICE}}", setupNotice, 1) - } else { - html = strings.Replace(html, "{{SETUP_NOTICE}}", "", 1) - } - - return html -} - -// sendResult sends the OAuth result to the waiting channel. -// It ensures that the result is sent without blocking the handler. -// -// Parameters: -// - result: The OAuth result to send -func (s *OAuthServer) sendResult(result *OAuthResult) { - select { - case s.resultChan <- result: - log.Debug("OAuth result sent to channel") - default: - log.Warn("OAuth result channel is full, result dropped") - } -} - -// isPortAvailable checks if the specified port is available. -// It attempts to listen on the port to determine availability. -// -// Returns: -// - bool: True if the port is available, false otherwise -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - defer func() { - _ = listener.Close() - }() - return true -} - -// IsRunning returns whether the server is currently running. -// -// Returns: -// - bool: True if the server is running, false otherwise -func (s *OAuthServer) IsRunning() bool { - s.mu.Lock() - defer s.mu.Unlock() - return s.running -} diff --git a/internal/auth/codex/openai.go b/internal/auth/codex/openai.go deleted file mode 100644 index ee80eecfaf..0000000000 --- a/internal/auth/codex/openai.go +++ /dev/null @@ -1,39 +0,0 @@ -package codex - -// PKCECodes holds the verification codes for the OAuth2 PKCE (Proof Key for Code Exchange) flow. -// PKCE is an extension to the Authorization Code flow to prevent CSRF and authorization code injection attacks. -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// CodexTokenData holds the OAuth token information obtained from OpenAI. -// It includes the ID token, access token, refresh token, and associated user details. -type CodexTokenData struct { - // IDToken is the JWT ID token containing user claims - IDToken string `json:"id_token"` - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // AccountID is the OpenAI account identifier - AccountID string `json:"account_id"` - // Email is the OpenAI account email - Email string `json:"email"` - // Expire is the timestamp of the token expire - Expire string `json:"expired"` -} - -// CodexAuthBundle aggregates all authentication-related data after the OAuth flow is complete. -// This includes the API key, token data, and the timestamp of the last refresh. -type CodexAuthBundle struct { - // APIKey is the OpenAI API key obtained from token exchange - APIKey string `json:"api_key"` - // TokenData contains the OAuth tokens from the authentication flow - TokenData CodexTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} diff --git a/internal/auth/codex/openai_auth.go b/internal/auth/codex/openai_auth.go deleted file mode 100644 index 56079b62b9..0000000000 --- a/internal/auth/codex/openai_auth.go +++ /dev/null @@ -1,297 +0,0 @@ -// Package codex provides authentication and token management for OpenAI's Codex API. -// It handles the OAuth2 flow, including generating authorization URLs, exchanging -// authorization codes for tokens, and refreshing expired tokens. The package also -// defines data structures for storing and managing Codex authentication credentials. -package codex - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// OAuth configuration constants for OpenAI Codex -const ( - AuthURL = "https://auth.openai.com/oauth/authorize" - TokenURL = "https://auth.openai.com/oauth/token" - ClientID = "app_EMoamEEZ73f0CkXaXp7hrann" - RedirectURI = "http://localhost:1455/auth/callback" -) - -// CodexAuth handles the OpenAI OAuth2 authentication flow. -// It manages the HTTP client and provides methods for generating authorization URLs, -// exchanging authorization codes for tokens, and refreshing access tokens. -type CodexAuth struct { - httpClient *http.Client -} - -// NewCodexAuth creates a new CodexAuth service instance. -// It initializes an HTTP client with proxy settings from the provided configuration. -func NewCodexAuth(cfg *config.Config) *CodexAuth { - return &CodexAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// GenerateAuthURL creates the OAuth authorization URL with PKCE (Proof Key for Code Exchange). -// It constructs the URL with the necessary parameters, including the client ID, -// response type, redirect URI, scopes, and PKCE challenge. -func (o *CodexAuth) GenerateAuthURL(state string, pkceCodes *PKCECodes) (string, error) { - if pkceCodes == nil { - return "", fmt.Errorf("PKCE codes are required") - } - - params := url.Values{ - "client_id": {ClientID}, - "response_type": {"code"}, - "redirect_uri": {RedirectURI}, - "scope": {"openid email profile offline_access"}, - "state": {state}, - "code_challenge": {pkceCodes.CodeChallenge}, - "code_challenge_method": {"S256"}, - "prompt": {"login"}, - "id_token_add_organizations": {"true"}, - "codex_cli_simplified_flow": {"true"}, - } - - authURL := fmt.Sprintf("%s?%s", AuthURL, params.Encode()) - return authURL, nil -} - -// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens. -// It performs an HTTP POST request to the OpenAI token endpoint with the provided -// authorization code and PKCE verifier. -func (o *CodexAuth) ExchangeCodeForTokens(ctx context.Context, code string, pkceCodes *PKCECodes) (*CodexAuthBundle, error) { - return o.ExchangeCodeForTokensWithRedirect(ctx, code, RedirectURI, pkceCodes) -} - -// ExchangeCodeForTokensWithRedirect exchanges an authorization code for tokens using -// a caller-provided redirect URI. This supports alternate auth flows such as device -// login while preserving the existing token parsing and storage behavior. -func (o *CodexAuth) ExchangeCodeForTokensWithRedirect(ctx context.Context, code, redirectURI string, pkceCodes *PKCECodes) (*CodexAuthBundle, error) { - if pkceCodes == nil { - return nil, fmt.Errorf("PKCE codes are required for token exchange") - } - if strings.TrimSpace(redirectURI) == "" { - return nil, fmt.Errorf("redirect URI is required for token exchange") - } - - // Prepare token exchange request - data := url.Values{ - "grant_type": {"authorization_code"}, - "client_id": {ClientID}, - "code": {code}, - "redirect_uri": {strings.TrimSpace(redirectURI)}, - "code_verifier": {pkceCodes.CodeVerifier}, - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token exchange request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - // log.Debugf("Token response: %s", string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token exchange failed with status %d: %s", resp.StatusCode, string(body)) - } - - // Parse token response - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - } - - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Extract account ID from ID token - claims, err := ParseJWTToken(tokenResp.IDToken) - if err != nil { - log.Warnf("Failed to parse ID token: %v", err) - } - - accountID := "" - email := "" - if claims != nil { - accountID = claims.GetAccountID() - email = claims.GetUserEmail() - } - - // Create token data - tokenData := CodexTokenData{ - IDToken: tokenResp.IDToken, - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - AccountID: accountID, - Email: email, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - // Create auth bundle - bundle := &CodexAuthBundle{ - TokenData: tokenData, - LastRefresh: time.Now().Format(time.RFC3339), - } - - return bundle, nil -} - -// RefreshTokens refreshes an access token using a refresh token. -// This method is called when an access token has expired. It makes a request to the -// token endpoint to obtain a new set of tokens. -func (o *CodexAuth) RefreshTokens(ctx context.Context, refreshToken string) (*CodexTokenData, error) { - if refreshToken == "" { - return nil, fmt.Errorf("refresh token is required") - } - - data := url.Values{ - "client_id": {ClientID}, - "grant_type": {"refresh_token"}, - "refresh_token": {refreshToken}, - "scope": {"openid profile email"}, - } - - req, err := http.NewRequestWithContext(ctx, "POST", TokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("token refresh failed with status %d: %s", resp.StatusCode, string(body)) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - IDToken string `json:"id_token"` - TokenType string `json:"token_type"` - ExpiresIn int `json:"expires_in"` - } - - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse refresh response: %w", err) - } - - // Extract account ID from ID token - claims, err := ParseJWTToken(tokenResp.IDToken) - if err != nil { - log.Warnf("Failed to parse refreshed ID token: %v", err) - } - - accountID := "" - email := "" - if claims != nil { - accountID = claims.GetAccountID() - email = claims.Email - } - - return &CodexTokenData{ - IDToken: tokenResp.IDToken, - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - AccountID: accountID, - Email: email, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// CreateTokenStorage creates a new CodexTokenStorage from a CodexAuthBundle. -// It populates the storage struct with token data, user information, and timestamps. -func (o *CodexAuth) CreateTokenStorage(bundle *CodexAuthBundle) *CodexTokenStorage { - storage := &CodexTokenStorage{ - IDToken: bundle.TokenData.IDToken, - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - AccountID: bundle.TokenData.AccountID, - LastRefresh: bundle.LastRefresh, - Email: bundle.TokenData.Email, - Expire: bundle.TokenData.Expire, - } - - return storage -} - -// RefreshTokensWithRetry refreshes tokens with a built-in retry mechanism. -// It attempts to refresh the tokens up to a specified maximum number of retries, -// with an exponential backoff strategy to handle transient network errors. -func (o *CodexAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*CodexTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// UpdateTokenStorage updates an existing CodexTokenStorage with new token data. -// This is typically called after a successful token refresh to persist the new credentials. -func (o *CodexAuth) UpdateTokenStorage(storage *CodexTokenStorage, tokenData *CodexTokenData) { - storage.IDToken = tokenData.IDToken - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.AccountID = tokenData.AccountID - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Email = tokenData.Email - storage.Expire = tokenData.Expire -} diff --git a/internal/auth/codex/openai_auth_test.go b/internal/auth/codex/openai_auth_test.go deleted file mode 100644 index 3327eb4ab5..0000000000 --- a/internal/auth/codex/openai_auth_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package codex - -import ( - "context" - "io" - "net/http" - "strings" - "sync/atomic" - "testing" -) - -type roundTripFunc func(*http.Request) (*http.Response, error) - -func (f roundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) { - return f(req) -} - -func TestRefreshTokensWithRetry_NonRetryableOnlyAttemptsOnce(t *testing.T) { - var calls int32 - auth := &CodexAuth{ - httpClient: &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - atomic.AddInt32(&calls, 1) - return &http.Response{ - StatusCode: http.StatusBadRequest, - Body: io.NopCloser(strings.NewReader(`{"error":"invalid_grant","code":"refresh_token_reused"}`)), - Header: make(http.Header), - Request: req, - }, nil - }), - }, - } - - _, err := auth.RefreshTokensWithRetry(context.Background(), "dummy_refresh_token", 3) - if err == nil { - t.Fatalf("expected error for non-retryable refresh failure") - } - if !strings.Contains(strings.ToLower(err.Error()), "refresh_token_reused") { - t.Fatalf("expected refresh_token_reused in error, got: %v", err) - } - if got := atomic.LoadInt32(&calls); got != 1 { - t.Fatalf("expected 1 refresh attempt, got %d", got) - } -} diff --git a/internal/auth/codex/pkce.go b/internal/auth/codex/pkce.go deleted file mode 100644 index c1f0fb69a7..0000000000 --- a/internal/auth/codex/pkce.go +++ /dev/null @@ -1,56 +0,0 @@ -// Package codex provides authentication and token management functionality -// for OpenAI's Codex AI services. It handles OAuth2 PKCE (Proof Key for Code Exchange) -// code generation for secure authentication flows. -package codex - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "fmt" -) - -// GeneratePKCECodes generates a new pair of PKCE (Proof Key for Code Exchange) codes. -// It creates a cryptographically random code verifier and its corresponding -// SHA256 code challenge, as specified in RFC 7636. This is a critical security -// feature for the OAuth 2.0 authorization code flow. -func GeneratePKCECodes() (*PKCECodes, error) { - // Generate code verifier: 43-128 characters, URL-safe - codeVerifier, err := generateCodeVerifier() - if err != nil { - return nil, fmt.Errorf("failed to generate code verifier: %w", err) - } - - // Generate code challenge using S256 method - codeChallenge := generateCodeChallenge(codeVerifier) - - return &PKCECodes{ - CodeVerifier: codeVerifier, - CodeChallenge: codeChallenge, - }, nil -} - -// generateCodeVerifier creates a cryptographically secure random string to be used -// as the code verifier in the PKCE flow. The verifier is a high-entropy string -// that is later used to prove possession of the client that initiated the -// authorization request. -func generateCodeVerifier() (string, error) { - // Generate 96 random bytes (will result in 128 base64 characters) - bytes := make([]byte, 96) - _, err := rand.Read(bytes) - if err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - - // Encode to URL-safe base64 without padding - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a code challenge from a given code verifier. -// The challenge is derived by taking the SHA256 hash of the verifier and then -// Base64 URL-encoding the result. This is sent in the initial authorization -// request and later verified against the verifier. -func generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) -} diff --git a/internal/auth/codex/token.go b/internal/auth/codex/token.go deleted file mode 100644 index ba73424ca5..0000000000 --- a/internal/auth/codex/token.go +++ /dev/null @@ -1,82 +0,0 @@ -// Package codex provides authentication and token management functionality -// for OpenAI's Codex AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Codex API. -package codex - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" -) - -// CodexTokenStorage stores OAuth2 token information for OpenAI Codex API authentication. -// It maintains compatibility with the existing auth system while adding Codex-specific fields -// for managing access tokens, refresh tokens, and user account information. -type CodexTokenStorage struct { - // IDToken is the JWT ID token containing user claims and identity information. - IDToken string `json:"id_token"` - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - // AccountID is the OpenAI account identifier associated with this token. - AccountID string `json:"account_id"` - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - // Email is the OpenAI account email address associated with this token. - Email string `json:"email"` - // Type indicates the authentication provider type, always "codex" for this storage. - Type string `json:"type"` - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` - - // Metadata holds arbitrary key-value pairs injected via hooks. - // It is not exported to JSON directly to allow flattening during serialization. - Metadata map[string]any `json:"-"` -} - -// SetMetadata allows external callers to inject metadata into the storage before saving. -func (ts *CodexTokenStorage) SetMetadata(meta map[string]any) { - ts.Metadata = meta -} - -// SaveTokenToFile serializes the Codex token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// It merges any injected metadata into the top-level JSON object. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *CodexTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "codex" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - // Merge metadata using helper - data, errMerge := misc.MergeMetadata(ts, ts.Metadata) - if errMerge != nil { - return fmt.Errorf("failed to merge metadata: %w", errMerge) - } - - if err = json.NewEncoder(f).Encode(data); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil - -} diff --git a/internal/auth/copilot/errors.go b/internal/auth/copilot/errors.go deleted file mode 100644 index a82dd8ecf6..0000000000 --- a/internal/auth/copilot/errors.go +++ /dev/null @@ -1,187 +0,0 @@ -package copilot - -import ( - "errors" - "fmt" - "net/http" -) - -// OAuthError represents an OAuth-specific error. -type OAuthError struct { - // Code is the OAuth error code. - Code string `json:"error"` - // Description is a human-readable description of the error. - Description string `json:"error_description,omitempty"` - // URI is a URI identifying a human-readable web page with information about the error. - URI string `json:"error_uri,omitempty"` - // StatusCode is the HTTP status code associated with the error. - StatusCode int `json:"-"` -} - -// Error returns a string representation of the OAuth error. -func (e *OAuthError) Error() string { - if e.Description != "" { - return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description) - } - return fmt.Sprintf("OAuth error: %s", e.Code) -} - -// NewOAuthError creates a new OAuth error with the specified code, description, and status code. -func NewOAuthError(code, description string, statusCode int) *OAuthError { - return &OAuthError{ - Code: code, - Description: description, - StatusCode: statusCode, - } -} - -// AuthenticationError represents authentication-related errors. -type AuthenticationError struct { - // Type is the type of authentication error. - Type string `json:"type"` - // Message is a human-readable message describing the error. - Message string `json:"message"` - // Code is the HTTP status code associated with the error. - Code int `json:"code"` - // Cause is the underlying error that caused this authentication error. - Cause error `json:"-"` -} - -// Error returns a string representation of the authentication error. -func (e *AuthenticationError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("%s: %s", e.Type, e.Message) -} - -// Unwrap returns the underlying cause of the error. -func (e *AuthenticationError) Unwrap() error { - return e.Cause -} - -// Common authentication error types for GitHub Copilot device flow. -var ( - // ErrDeviceCodeFailed represents an error when requesting the device code fails. - ErrDeviceCodeFailed = &AuthenticationError{ - Type: "device_code_failed", - Message: "Failed to request device code from GitHub", - Code: http.StatusBadRequest, - } - - // ErrDeviceCodeExpired represents an error when the device code has expired. - ErrDeviceCodeExpired = &AuthenticationError{ - Type: "device_code_expired", - Message: "Device code has expired. Please try again.", - Code: http.StatusGone, - } - - // ErrAuthorizationPending represents a pending authorization state (not an error, used for polling). - ErrAuthorizationPending = &AuthenticationError{ - Type: "authorization_pending", - Message: "Authorization is pending. Waiting for user to authorize.", - Code: http.StatusAccepted, - } - - // ErrSlowDown represents a request to slow down polling. - ErrSlowDown = &AuthenticationError{ - Type: "slow_down", - Message: "Polling too frequently. Slowing down.", - Code: http.StatusTooManyRequests, - } - - // ErrAccessDenied represents an error when the user denies authorization. - ErrAccessDenied = &AuthenticationError{ - Type: "access_denied", - Message: "User denied authorization", - Code: http.StatusForbidden, - } - - // ErrTokenExchangeFailed represents an error when token exchange fails. - ErrTokenExchangeFailed = &AuthenticationError{ - Type: "token_exchange_failed", - Message: "Failed to exchange device code for access token", - Code: http.StatusBadRequest, - } - - // ErrPollingTimeout represents an error when polling times out. - ErrPollingTimeout = &AuthenticationError{ - Type: "polling_timeout", - Message: "Timeout waiting for user authorization", - Code: http.StatusRequestTimeout, - } - - // ErrUserInfoFailed represents an error when fetching user info fails. - ErrUserInfoFailed = &AuthenticationError{ - Type: "user_info_failed", - Message: "Failed to fetch GitHub user information", - Code: http.StatusBadRequest, - } -) - -// NewAuthenticationError creates a new authentication error with a cause based on a base error. -func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError { - return &AuthenticationError{ - Type: baseErr.Type, - Message: baseErr.Message, - Code: baseErr.Code, - Cause: cause, - } -} - -// IsAuthenticationError checks if an error is an authentication error. -func IsAuthenticationError(err error) bool { - var authenticationError *AuthenticationError - ok := errors.As(err, &authenticationError) - return ok -} - -// IsOAuthError checks if an error is an OAuth error. -func IsOAuthError(err error) bool { - var oAuthError *OAuthError - ok := errors.As(err, &oAuthError) - return ok -} - -// GetUserFriendlyMessage returns a user-friendly error message based on the error type. -func GetUserFriendlyMessage(err error) string { - var authErr *AuthenticationError - if errors.As(err, &authErr) { - switch authErr.Type { - case "device_code_failed": - return "Failed to start GitHub authentication. Please check your network connection and try again." - case "device_code_expired": - return "The authentication code has expired. Please try again." - case "authorization_pending": - return "Waiting for you to authorize the application on GitHub." - case "slow_down": - return "Please wait a moment before trying again." - case "access_denied": - return "Authentication was cancelled or denied." - case "token_exchange_failed": - return "Failed to complete authentication. Please try again." - case "polling_timeout": - return "Authentication timed out. Please try again." - case "user_info_failed": - return "Failed to get your GitHub account information. Please try again." - default: - return "Authentication failed. Please try again." - } - } - - var oauthErr *OAuthError - if errors.As(err, &oauthErr) { - switch oauthErr.Code { - case "access_denied": - return "Authentication was cancelled or denied." - case "invalid_request": - return "Invalid authentication request. Please try again." - case "server_error": - return "GitHub server error. Please try again later." - default: - return fmt.Sprintf("Authentication failed: %s", oauthErr.Description) - } - } - - return "An unexpected error occurred. Please try again." -} diff --git a/internal/auth/copilot/oauth.go b/internal/auth/copilot/oauth.go deleted file mode 100644 index 8f97c9cd91..0000000000 --- a/internal/auth/copilot/oauth.go +++ /dev/null @@ -1,255 +0,0 @@ -package copilot - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // copilotClientID is GitHub's Copilot CLI OAuth client ID. - copilotClientID = "Iv1.b507a08c87ecfe98" - // copilotDeviceCodeURL is the endpoint for requesting device codes. - copilotDeviceCodeURL = "https://github.com/login/device/code" - // copilotTokenURL is the endpoint for exchanging device codes for tokens. - copilotTokenURL = "https://github.com/login/oauth/access_token" - // copilotUserInfoURL is the endpoint for fetching GitHub user information. - copilotUserInfoURL = "https://api.github.com/user" - // defaultPollInterval is the default interval for polling token endpoint. - defaultPollInterval = 5 * time.Second - // maxPollDuration is the maximum time to wait for user authorization. - maxPollDuration = 15 * time.Minute -) - -// DeviceFlowClient handles the OAuth2 device flow for GitHub Copilot. -type DeviceFlowClient struct { - httpClient *http.Client - cfg *config.Config -} - -// NewDeviceFlowClient creates a new device flow client. -func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &DeviceFlowClient{ - httpClient: client, - cfg: cfg, - } -} - -// RequestDeviceCode initiates the device flow by requesting a device code from GitHub. -func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) { - data := url.Values{} - data.Set("client_id", copilotClientID) - data.Set("scope", "user:email") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotDeviceCodeURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot device code: close body error: %v", errClose) - } - }() - - if !isHTTPSuccess(resp.StatusCode) { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, NewAuthenticationError(ErrDeviceCodeFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var deviceCode DeviceCodeResponse - if err = json.NewDecoder(resp.Body).Decode(&deviceCode); err != nil { - return nil, NewAuthenticationError(ErrDeviceCodeFailed, err) - } - - return &deviceCode, nil -} - -// PollForToken polls the token endpoint until the user authorizes or the device code expires. -func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotTokenData, error) { - if deviceCode == nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("device code is nil")) - } - - interval := time.Duration(deviceCode.Interval) * time.Second - if interval < defaultPollInterval { - interval = defaultPollInterval - } - - deadline := time.Now().Add(maxPollDuration) - if deviceCode.ExpiresIn > 0 { - codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second) - if codeDeadline.Before(deadline) { - deadline = codeDeadline - } - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, NewAuthenticationError(ErrPollingTimeout, ctx.Err()) - case <-ticker.C: - if time.Now().After(deadline) { - return nil, ErrPollingTimeout - } - - token, err := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode) - if err != nil { - var authErr *AuthenticationError - if errors.As(err, &authErr) { - switch authErr.Type { - case ErrAuthorizationPending.Type: - // Continue polling - continue - case ErrSlowDown.Type: - // Increase interval and continue - interval += 5 * time.Second - ticker.Reset(interval) - continue - case ErrDeviceCodeExpired.Type: - return nil, err - case ErrAccessDenied.Type: - return nil, err - } - } - return nil, err - } - return token, nil - } - } -} - -// exchangeDeviceCode attempts to exchange the device code for an access token. -func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*CopilotTokenData, error) { - data := url.Values{} - data.Set("client_id", copilotClientID) - data.Set("device_code", deviceCode) - data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot token exchange: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - // GitHub returns 200 for both success and error cases in device flow - // Check for OAuth error response first - var oauthResp struct { - Error string `json:"error"` - ErrorDescription string `json:"error_description"` - AccessToken string `json:"access_token"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, err) - } - - if oauthResp.Error != "" { - switch oauthResp.Error { - case "authorization_pending": - return nil, ErrAuthorizationPending - case "slow_down": - return nil, ErrSlowDown - case "expired_token": - return nil, ErrDeviceCodeExpired - case "access_denied": - return nil, ErrAccessDenied - default: - return nil, NewOAuthError(oauthResp.Error, oauthResp.ErrorDescription, resp.StatusCode) - } - } - - if oauthResp.AccessToken == "" { - return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty access token")) - } - - return &CopilotTokenData{ - AccessToken: oauthResp.AccessToken, - TokenType: oauthResp.TokenType, - Scope: oauthResp.Scope, - }, nil -} - -// FetchUserInfo retrieves the GitHub username for the authenticated user. -func (c *DeviceFlowClient) FetchUserInfo(ctx context.Context, accessToken string) (string, error) { - if accessToken == "" { - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("access token is empty")) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotUserInfoURL, nil) - if err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - req.Header.Set("User-Agent", "CLIProxyAPI") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("copilot user info: close body error: %v", errClose) - } - }() - - if !isHTTPSuccess(resp.StatusCode) { - bodyBytes, _ := io.ReadAll(resp.Body) - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes))) - } - - var userInfo struct { - Login string `json:"login"` - } - if err = json.NewDecoder(resp.Body).Decode(&userInfo); err != nil { - return "", NewAuthenticationError(ErrUserInfoFailed, err) - } - - if userInfo.Login == "" { - return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("empty username")) - } - - return userInfo.Login, nil -} diff --git a/internal/auth/copilot/oauth_test.go b/internal/auth/copilot/oauth_test.go deleted file mode 100644 index 3311b4f850..0000000000 --- a/internal/auth/copilot/oauth_test.go +++ /dev/null @@ -1,213 +0,0 @@ -package copilot - -import ( - "context" - "encoding/json" - "net/http" - "net/http/httptest" - "strings" - "testing" -) - -// roundTripFunc lets us inject a custom transport for testing. -type roundTripFunc func(*http.Request) (*http.Response, error) - -func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) } - -// newTestClient returns an *http.Client whose requests are redirected to the given test server, -// regardless of the original URL host. -func newTestClient(srv *httptest.Server) *http.Client { - return &http.Client{ - Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) { - req2 := req.Clone(req.Context()) - req2.URL.Scheme = "http" - req2.URL.Host = strings.TrimPrefix(srv.URL, "http://") - return srv.Client().Transport.RoundTrip(req2) - }), - } -} - -// TestFetchUserInfo_FullProfile verifies that FetchUserInfo returns login, email, and name. -func TestFetchUserInfo_FullProfile(t *testing.T) { - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if !strings.HasPrefix(r.Header.Get("Authorization"), "Bearer ") { - w.WriteHeader(http.StatusUnauthorized) - return - } - w.Header().Set("Content-Type", "application/json") - _ = json.NewEncoder(w).Encode(map[string]string{ - "login": "octocat", - "email": "octocat@github.com", - "name": "The Octocat", - }) - })) - defer srv.Close() - - client := &DeviceFlowClient{httpClient: newTestClient(srv)} - info, err := client.FetchUserInfo(context.Background(), "test-token") - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if info.Login != "octocat" { - t.Errorf("Login: got %q, want %q", info.Login, "octocat") - } - if info.Email != "octocat@github.com" { - t.Errorf("Email: got %q, want %q", info.Email, "octocat@github.com") - } - if info.Name != "The Octocat" { - t.Errorf("Name: got %q, want %q", info.Name, "The Octocat") - } -} - -// TestFetchUserInfo_EmptyEmail verifies graceful handling when email is absent (private account). -func TestFetchUserInfo_EmptyEmail(t *testing.T) { - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - // GitHub returns null for private emails. - _, _ = w.Write([]byte(`{"login":"privateuser","email":null,"name":"Private User"}`)) - })) - defer srv.Close() - - client := &DeviceFlowClient{httpClient: newTestClient(srv)} - info, err := client.FetchUserInfo(context.Background(), "test-token") - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if info.Login != "privateuser" { - t.Errorf("Login: got %q, want %q", info.Login, "privateuser") - } - if info.Email != "" { - t.Errorf("Email: got %q, want empty string", info.Email) - } - if info.Name != "Private User" { - t.Errorf("Name: got %q, want %q", info.Name, "Private User") - } -} - -// TestFetchUserInfo_EmptyToken verifies error is returned for empty access token. -func TestFetchUserInfo_EmptyToken(t *testing.T) { - client := &DeviceFlowClient{httpClient: http.DefaultClient} - _, err := client.FetchUserInfo(context.Background(), "") - if err == nil { - t.Fatal("expected error for empty token, got nil") - } -} - -// TestFetchUserInfo_EmptyLogin verifies error is returned when API returns no login. -func TestFetchUserInfo_EmptyLogin(t *testing.T) { - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"email":"someone@example.com","name":"No Login"}`)) - })) - defer srv.Close() - - client := &DeviceFlowClient{httpClient: newTestClient(srv)} - _, err := client.FetchUserInfo(context.Background(), "test-token") - if err == nil { - t.Fatal("expected error for empty login, got nil") - } -} - -// TestFetchUserInfo_HTTPError verifies error is returned on non-2xx response. -func TestFetchUserInfo_HTTPError(t *testing.T) { - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusUnauthorized) - _, _ = w.Write([]byte(`{"message":"Bad credentials"}`)) - })) - defer srv.Close() - - client := &DeviceFlowClient{httpClient: newTestClient(srv)} - _, err := client.FetchUserInfo(context.Background(), "bad-token") - if err == nil { - t.Fatal("expected error for 401 response, got nil") - } -} - -// TestCopilotTokenStorage_EmailNameFields verifies Email and Name serialise correctly. -func TestCopilotTokenStorage_EmailNameFields(t *testing.T) { - ts := &CopilotTokenStorage{ - AccessToken: "ghu_abc", - TokenType: "bearer", - Scope: "read:user user:email", - Username: "octocat", - Email: "octocat@github.com", - Name: "The Octocat", - Type: "github-copilot", - } - - data, err := json.Marshal(ts) - if err != nil { - t.Fatalf("marshal error: %v", err) - } - - var out map[string]any - if err = json.Unmarshal(data, &out); err != nil { - t.Fatalf("unmarshal error: %v", err) - } - - for _, key := range []string{"access_token", "username", "email", "name", "type"} { - if _, ok := out[key]; !ok { - t.Errorf("expected key %q in JSON output, not found", key) - } - } - if out["email"] != "octocat@github.com" { - t.Errorf("email: got %v, want %q", out["email"], "octocat@github.com") - } - if out["name"] != "The Octocat" { - t.Errorf("name: got %v, want %q", out["name"], "The Octocat") - } -} - -// TestCopilotTokenStorage_OmitEmptyEmailName verifies email/name are omitted when empty (omitempty). -func TestCopilotTokenStorage_OmitEmptyEmailName(t *testing.T) { - ts := &CopilotTokenStorage{ - AccessToken: "ghu_abc", - Username: "octocat", - Type: "github-copilot", - } - - data, err := json.Marshal(ts) - if err != nil { - t.Fatalf("marshal error: %v", err) - } - - var out map[string]any - if err = json.Unmarshal(data, &out); err != nil { - t.Fatalf("unmarshal error: %v", err) - } - - if _, ok := out["email"]; ok { - t.Error("email key should be omitted when empty (omitempty), but was present") - } - if _, ok := out["name"]; ok { - t.Error("name key should be omitted when empty (omitempty), but was present") - } -} - -// TestCopilotAuthBundle_EmailNameFields verifies bundle carries email and name through the pipeline. -func TestCopilotAuthBundle_EmailNameFields(t *testing.T) { - bundle := &CopilotAuthBundle{ - TokenData: &CopilotTokenData{AccessToken: "ghu_abc"}, - Username: "octocat", - Email: "octocat@github.com", - Name: "The Octocat", - } - if bundle.Email != "octocat@github.com" { - t.Errorf("bundle.Email: got %q, want %q", bundle.Email, "octocat@github.com") - } - if bundle.Name != "The Octocat" { - t.Errorf("bundle.Name: got %q, want %q", bundle.Name, "The Octocat") - } -} - -// TestGitHubUserInfo_Struct verifies the exported GitHubUserInfo struct fields are accessible. -func TestGitHubUserInfo_Struct(t *testing.T) { - info := GitHubUserInfo{ - Login: "octocat", - Email: "octocat@github.com", - Name: "The Octocat", - } - if info.Login == "" || info.Email == "" || info.Name == "" { - t.Error("GitHubUserInfo fields should not be empty") - } -} diff --git a/internal/auth/copilot/token.go b/internal/auth/copilot/token.go index 89f284ca1d..419c5d8cb0 100644 --- a/internal/auth/copilot/token.go +++ b/internal/auth/copilot/token.go @@ -4,7 +4,7 @@ package copilot import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/base" + "github.com/KooshaPari/phenotype-go-auth" "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" ) @@ -12,7 +12,7 @@ import ( // It extends the shared BaseTokenStorage with Copilot-specific fields for managing // GitHub user profile information. type CopilotTokenStorage struct { - *base.BaseTokenStorage + *auth.BaseTokenStorage // TokenType is the type of token, typically "bearer". TokenType string `json:"token_type"` @@ -35,7 +35,7 @@ type CopilotTokenStorage struct { // - *CopilotTokenStorage: A new Copilot token storage instance func NewCopilotTokenStorage(filePath string) *CopilotTokenStorage { return &CopilotTokenStorage{ - BaseTokenStorage: base.NewBaseTokenStorage(filePath), + BaseTokenStorage: auth.NewBaseTokenStorage(filePath), } } @@ -89,7 +89,7 @@ func (ts *CopilotTokenStorage) SaveTokenToFile(authFilePath string) error { ts.Type = "github-copilot" // Create a new token storage with the file path and copy the fields - base := base.NewBaseTokenStorage(authFilePath) + base := auth.NewBaseTokenStorage(authFilePath) base.IDToken = ts.IDToken base.AccessToken = ts.AccessToken base.RefreshToken = ts.RefreshToken diff --git a/internal/auth/empty/token.go b/internal/auth/empty/token.go deleted file mode 100644 index 2edb2248c8..0000000000 --- a/internal/auth/empty/token.go +++ /dev/null @@ -1,26 +0,0 @@ -// Package empty provides a no-operation token storage implementation. -// This package is used when authentication tokens are not required or when -// using API key-based authentication instead of OAuth tokens for any provider. -package empty - -// EmptyStorage is a no-operation implementation of the TokenStorage interface. -// It provides empty implementations for scenarios where token storage is not needed, -// such as when using API keys instead of OAuth tokens for authentication. -type EmptyStorage struct { - // Type indicates the authentication provider type, always "empty" for this implementation. - Type string `json:"type"` -} - -// SaveTokenToFile is a no-operation implementation that always succeeds. -// This method satisfies the TokenStorage interface but performs no actual file operations -// since empty storage doesn't require persistent token data. -// -// Parameters: -// - _: The file path parameter is ignored in this implementation -// -// Returns: -// - error: Always returns nil (no error) -func (ts *EmptyStorage) SaveTokenToFile(_ string) error { - ts.Type = "empty" - return nil -} diff --git a/internal/auth/gemini/gemini_token.go b/internal/auth/gemini/gemini_token.go index 1c6e18f37a..c0a951b191 100644 --- a/internal/auth/gemini/gemini_token.go +++ b/internal/auth/gemini/gemini_token.go @@ -7,7 +7,7 @@ import ( "fmt" "strings" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/base" + "github.com/KooshaPari/phenotype-go-auth" "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" ) @@ -15,7 +15,7 @@ import ( // It extends the shared BaseTokenStorage with Gemini-specific fields for managing // Google Cloud Project information. type GeminiTokenStorage struct { - *base.BaseTokenStorage + *auth.BaseTokenStorage // Token holds the raw OAuth2 token data, including access and refresh tokens. Token any `json:"token"` @@ -39,7 +39,7 @@ type GeminiTokenStorage struct { // - *GeminiTokenStorage: A new Gemini token storage instance func NewGeminiTokenStorage(filePath string) *GeminiTokenStorage { return &GeminiTokenStorage{ - BaseTokenStorage: base.NewBaseTokenStorage(filePath), + BaseTokenStorage: auth.NewBaseTokenStorage(filePath), } } @@ -57,7 +57,7 @@ func (ts *GeminiTokenStorage) SaveTokenToFile(authFilePath string) error { ts.Type = "gemini" // Create a new token storage with the file path and copy the fields - base := base.NewBaseTokenStorage(authFilePath) + base := auth.NewBaseTokenStorage(authFilePath) base.IDToken = ts.IDToken base.AccessToken = ts.AccessToken base.RefreshToken = ts.RefreshToken diff --git a/internal/auth/iflow/cookie_helpers.go b/internal/auth/iflow/cookie_helpers.go deleted file mode 100644 index 7e0f4264be..0000000000 --- a/internal/auth/iflow/cookie_helpers.go +++ /dev/null @@ -1,99 +0,0 @@ -package iflow - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" -) - -// NormalizeCookie normalizes raw cookie strings for iFlow authentication flows. -func NormalizeCookie(raw string) (string, error) { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "", fmt.Errorf("cookie cannot be empty") - } - - combined := strings.Join(strings.Fields(trimmed), " ") - if !strings.HasSuffix(combined, ";") { - combined += ";" - } - if !strings.Contains(combined, "BXAuth=") { - return "", fmt.Errorf("cookie missing BXAuth field") - } - return combined, nil -} - -// SanitizeIFlowFileName normalizes user identifiers for safe filename usage. -func SanitizeIFlowFileName(raw string) string { - if raw == "" { - return "" - } - cleanEmail := strings.ReplaceAll(raw, "*", "x") - var result strings.Builder - for _, r := range cleanEmail { - if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '_' || r == '@' || r == '.' || r == '-' { - result.WriteRune(r) - } - } - return strings.TrimSpace(result.String()) -} - -// ExtractBXAuth extracts the BXAuth value from a cookie string. -func ExtractBXAuth(cookie string) string { - parts := strings.Split(cookie, ";") - for _, part := range parts { - part = strings.TrimSpace(part) - if strings.HasPrefix(part, "BXAuth=") { - return strings.TrimPrefix(part, "BXAuth=") - } - } - return "" -} - -// CheckDuplicateBXAuth checks if the given BXAuth value already exists in any iflow auth file. -// Returns the path of the existing file if found, empty string otherwise. -func CheckDuplicateBXAuth(authDir, bxAuth string) (string, error) { - if bxAuth == "" { - return "", nil - } - - entries, err := os.ReadDir(authDir) - if err != nil { - if os.IsNotExist(err) { - return "", nil - } - return "", fmt.Errorf("read auth dir failed: %w", err) - } - - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "iflow-") || !strings.HasSuffix(name, ".json") { - continue - } - - filePath := filepath.Join(authDir, name) - data, err := os.ReadFile(filePath) - if err != nil { - continue - } - - var tokenData struct { - Cookie string `json:"cookie"` - } - if err := json.Unmarshal(data, &tokenData); err != nil { - continue - } - - existingBXAuth := ExtractBXAuth(tokenData.Cookie) - if existingBXAuth != "" && existingBXAuth == bxAuth { - return filePath, nil - } - } - - return "", nil -} diff --git a/internal/auth/iflow/iflow_auth.go b/internal/auth/iflow/iflow_auth.go deleted file mode 100644 index 83430f5995..0000000000 --- a/internal/auth/iflow/iflow_auth.go +++ /dev/null @@ -1,535 +0,0 @@ -package iflow - -import ( - "compress/gzip" - "context" - "encoding/base64" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "os" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // OAuth endpoints and client metadata are derived from the reference Python implementation. - iFlowOAuthTokenEndpoint = "https://iflow.cn/oauth/token" - iFlowOAuthAuthorizeEndpoint = "https://iflow.cn/oauth" - iFlowUserInfoEndpoint = "https://iflow.cn/api/oauth/getUserInfo" - iFlowSuccessRedirectURL = "https://iflow.cn/oauth/success" - - // Cookie authentication endpoints - iFlowAPIKeyEndpoint = "https://platform.iflow.cn/api/openapi/apikey" - - // Client credentials provided by iFlow for the Code Assist integration. - iFlowOAuthClientID = "10009311001" - // Default client secret (can be overridden via IFLOW_CLIENT_SECRET env var) - defaultIFlowClientSecret = "4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW" -) - -// getIFlowClientSecret returns the iFlow OAuth client secret. -// It first checks the IFLOW_CLIENT_SECRET environment variable, -// falling back to the default value if not set. -func getIFlowClientSecret() string { - if secret := os.Getenv("IFLOW_CLIENT_SECRET"); secret != "" { - return secret - } - return defaultIFlowClientSecret -} - -// DefaultAPIBaseURL is the canonical chat completions endpoint. -const DefaultAPIBaseURL = "https://apis.iflow.cn/v1" - -// SuccessRedirectURL is exposed for consumers needing the official success page. -const SuccessRedirectURL = iFlowSuccessRedirectURL - -// CallbackPort defines the local port used for OAuth callbacks. -const CallbackPort = 11451 - -// IFlowAuth encapsulates the HTTP client helpers for the OAuth flow. -type IFlowAuth struct { - httpClient *http.Client -} - -// NewIFlowAuth constructs a new IFlowAuth with proxy-aware transport. -func NewIFlowAuth(cfg *config.Config) *IFlowAuth { - client := &http.Client{Timeout: 30 * time.Second} - return &IFlowAuth{httpClient: util.SetProxy(&cfg.SDKConfig, client)} -} - -// AuthorizationURL builds the authorization URL and matching redirect URI. -func (ia *IFlowAuth) AuthorizationURL(state string, port int) (authURL, redirectURI string) { - redirectURI = fmt.Sprintf("http://localhost:%d/oauth2callback", port) - values := url.Values{} - values.Set("loginMethod", "phone") - values.Set("type", "phone") - values.Set("redirect", redirectURI) - values.Set("state", state) - values.Set("client_id", iFlowOAuthClientID) - authURL = fmt.Sprintf("%s?%s", iFlowOAuthAuthorizeEndpoint, values.Encode()) - return authURL, redirectURI -} - -// ExchangeCodeForTokens exchanges an authorization code for access and refresh tokens. -func (ia *IFlowAuth) ExchangeCodeForTokens(ctx context.Context, code, redirectURI string) (*IFlowTokenData, error) { - form := url.Values{} - form.Set("grant_type", "authorization_code") - form.Set("code", code) - form.Set("redirect_uri", redirectURI) - form.Set("client_id", iFlowOAuthClientID) - form.Set("client_secret", getIFlowClientSecret()) - - req, err := ia.newTokenRequest(ctx, form) - if err != nil { - return nil, err - } - - return ia.doTokenRequest(ctx, req) -} - -// RefreshTokens exchanges a refresh token for a new access token. -func (ia *IFlowAuth) RefreshTokens(ctx context.Context, refreshToken string) (*IFlowTokenData, error) { - form := url.Values{} - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - form.Set("client_id", iFlowOAuthClientID) - form.Set("client_secret", getIFlowClientSecret()) - - req, err := ia.newTokenRequest(ctx, form) - if err != nil { - return nil, err - } - - return ia.doTokenRequest(ctx, req) -} - -func (ia *IFlowAuth) newTokenRequest(ctx context.Context, form url.Values) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowOAuthTokenEndpoint, strings.NewReader(form.Encode())) - if err != nil { - return nil, fmt.Errorf("iflow token: create request failed: %w", err) - } - - basic := base64.StdEncoding.EncodeToString([]byte(iFlowOAuthClientID + ":" + getIFlowClientSecret())) - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - req.Header.Set("Authorization", "Basic "+basic) - return req, nil -} - -func (ia *IFlowAuth) doTokenRequest(ctx context.Context, req *http.Request) (*IFlowTokenData, error) { - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow token: request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow token: read response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow token request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow token: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var tokenResp IFlowTokenResponse - if err = json.Unmarshal(body, &tokenResp); err != nil { - return nil, fmt.Errorf("iflow token: decode response failed: %w", err) - } - - data := &IFlowTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - TokenType: tokenResp.TokenType, - Scope: tokenResp.Scope, - Expire: time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - if tokenResp.AccessToken == "" { - log.Debug(string(body)) - return nil, fmt.Errorf("iflow token: missing access token in response") - } - - info, errAPI := ia.FetchUserInfo(ctx, tokenResp.AccessToken) - if errAPI != nil { - return nil, fmt.Errorf("iflow token: fetch user info failed: %w", errAPI) - } - if strings.TrimSpace(info.APIKey) == "" { - return nil, fmt.Errorf("iflow token: empty api key returned") - } - email := strings.TrimSpace(info.Email) - if email == "" { - email = strings.TrimSpace(info.Phone) - } - if email == "" { - return nil, fmt.Errorf("iflow token: missing account email/phone in user info") - } - data.APIKey = info.APIKey - data.Email = email - - return data, nil -} - -// FetchUserInfo retrieves account metadata (including API key) for the provided access token. -func (ia *IFlowAuth) FetchUserInfo(ctx context.Context, accessToken string) (*userInfoData, error) { - if strings.TrimSpace(accessToken) == "" { - return nil, fmt.Errorf("iflow api key: access token is empty") - } - - endpoint := fmt.Sprintf("%s?accessToken=%s", iFlowUserInfoEndpoint, url.QueryEscape(accessToken)) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) - if err != nil { - return nil, fmt.Errorf("iflow api key: create request failed: %w", err) - } - req.Header.Set("Accept", "application/json") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow api key: request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow api key: read response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow api key failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow api key: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var result userInfoResponse - if err = json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("iflow api key: decode body failed: %w", err) - } - - if !result.Success { - return nil, fmt.Errorf("iflow api key: request not successful") - } - - if result.Data.APIKey == "" { - return nil, fmt.Errorf("iflow api key: missing api key in response") - } - - return &result.Data, nil -} - -// CreateTokenStorage converts token data into persistence storage. -func (ia *IFlowAuth) CreateTokenStorage(data *IFlowTokenData) *IFlowTokenStorage { - if data == nil { - return nil - } - return &IFlowTokenStorage{ - AccessToken: data.AccessToken, - RefreshToken: data.RefreshToken, - LastRefresh: time.Now().Format(time.RFC3339), - Expire: data.Expire, - APIKey: data.APIKey, - Email: data.Email, - TokenType: data.TokenType, - Scope: data.Scope, - } -} - -// UpdateTokenStorage updates the persisted token storage with latest token data. -func (ia *IFlowAuth) UpdateTokenStorage(storage *IFlowTokenStorage, data *IFlowTokenData) { - if storage == nil || data == nil { - return - } - storage.AccessToken = data.AccessToken - storage.RefreshToken = data.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.Expire = data.Expire - if data.APIKey != "" { - storage.APIKey = data.APIKey - } - if data.Email != "" { - storage.Email = data.Email - } - storage.TokenType = data.TokenType - storage.Scope = data.Scope -} - -// IFlowTokenResponse models the OAuth token endpoint response. -type IFlowTokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` -} - -// IFlowTokenData captures processed token details. -type IFlowTokenData struct { - AccessToken string - RefreshToken string - TokenType string - Scope string - Expire string - APIKey string - Email string - Cookie string -} - -// userInfoResponse represents the structure returned by the user info endpoint. -type userInfoResponse struct { - Success bool `json:"success"` - Data userInfoData `json:"data"` -} - -type userInfoData struct { - APIKey string `json:"apiKey"` - Email string `json:"email"` - Phone string `json:"phone"` -} - -// iFlowAPIKeyResponse represents the response from the API key endpoint -type iFlowAPIKeyResponse struct { - Success bool `json:"success"` - Code string `json:"code"` - Message string `json:"message"` - Data iFlowKeyData `json:"data"` - Extra interface{} `json:"extra"` -} - -// iFlowKeyData contains the API key information -type iFlowKeyData struct { - HasExpired bool `json:"hasExpired"` - ExpireTime string `json:"expireTime"` - Name string `json:"name"` - APIKey string `json:"apiKey"` - APIKeyMask string `json:"apiKeyMask"` -} - -// iFlowRefreshRequest represents the request body for refreshing API key -type iFlowRefreshRequest struct { - Name string `json:"name"` -} - -// AuthenticateWithCookie performs authentication using browser cookies -func (ia *IFlowAuth) AuthenticateWithCookie(ctx context.Context, cookie string) (*IFlowTokenData, error) { - if strings.TrimSpace(cookie) == "" { - return nil, fmt.Errorf("iflow cookie authentication: cookie is empty") - } - - // First, get initial API key information using GET request to obtain the name - keyInfo, err := ia.fetchAPIKeyInfo(ctx, cookie) - if err != nil { - return nil, fmt.Errorf("iflow cookie authentication: fetch initial API key info failed: %w", err) - } - - // Refresh the API key using POST request - refreshedKeyInfo, err := ia.RefreshAPIKey(ctx, cookie, keyInfo.Name) - if err != nil { - return nil, fmt.Errorf("iflow cookie authentication: refresh API key failed: %w", err) - } - - // Convert to token data format using refreshed key - data := &IFlowTokenData{ - APIKey: refreshedKeyInfo.APIKey, - Expire: refreshedKeyInfo.ExpireTime, - Email: refreshedKeyInfo.Name, - Cookie: cookie, - } - - return data, nil -} - -// fetchAPIKeyInfo retrieves API key information using GET request with cookie -func (ia *IFlowAuth) fetchAPIKeyInfo(ctx context.Context, cookie string) (*iFlowKeyData, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, iFlowAPIKeyEndpoint, nil) - if err != nil { - return nil, fmt.Errorf("iflow cookie: create GET request failed: %w", err) - } - - // Set cookie and other headers to mimic browser - req.Header.Set("Cookie", cookie) - req.Header.Set("Accept", "application/json, text/plain, */*") - req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36") - req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8") - req.Header.Set("Accept-Encoding", "gzip, deflate, br") - req.Header.Set("Connection", "keep-alive") - req.Header.Set("Sec-Fetch-Dest", "empty") - req.Header.Set("Sec-Fetch-Mode", "cors") - req.Header.Set("Sec-Fetch-Site", "same-origin") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow cookie: GET request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - // Handle gzip compression - var reader io.Reader = resp.Body - if resp.Header.Get("Content-Encoding") == "gzip" { - gzipReader, err := gzip.NewReader(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow cookie: create gzip reader failed: %w", err) - } - defer func() { _ = gzipReader.Close() }() - reader = gzipReader - } - - body, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("iflow cookie: read GET response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow cookie GET request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow cookie: GET request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var keyResp iFlowAPIKeyResponse - if err = json.Unmarshal(body, &keyResp); err != nil { - return nil, fmt.Errorf("iflow cookie: decode GET response failed: %w", err) - } - - if !keyResp.Success { - return nil, fmt.Errorf("iflow cookie: GET request not successful: %s", keyResp.Message) - } - - // Handle initial response where apiKey field might be apiKeyMask - if keyResp.Data.APIKey == "" && keyResp.Data.APIKeyMask != "" { - keyResp.Data.APIKey = keyResp.Data.APIKeyMask - } - - return &keyResp.Data, nil -} - -// RefreshAPIKey refreshes the API key using POST request -func (ia *IFlowAuth) RefreshAPIKey(ctx context.Context, cookie, name string) (*iFlowKeyData, error) { - if strings.TrimSpace(cookie) == "" { - return nil, fmt.Errorf("iflow cookie refresh: cookie is empty") - } - if strings.TrimSpace(name) == "" { - return nil, fmt.Errorf("iflow cookie refresh: name is empty") - } - - // Prepare request body - refreshReq := iFlowRefreshRequest{ - Name: name, - } - - bodyBytes, err := json.Marshal(refreshReq) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: marshal request failed: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, iFlowAPIKeyEndpoint, strings.NewReader(string(bodyBytes))) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: create POST request failed: %w", err) - } - - // Set cookie and other headers to mimic browser - req.Header.Set("Cookie", cookie) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "application/json, text/plain, */*") - req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36") - req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9,en;q=0.8") - req.Header.Set("Accept-Encoding", "gzip, deflate, br") - req.Header.Set("Connection", "keep-alive") - req.Header.Set("Origin", "https://platform.iflow.cn") - req.Header.Set("Referer", "https://platform.iflow.cn/") - - resp, err := ia.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: POST request failed: %w", err) - } - defer func() { _ = resp.Body.Close() }() - - // Handle gzip compression - var reader io.Reader = resp.Body - if resp.Header.Get("Content-Encoding") == "gzip" { - gzipReader, err := gzip.NewReader(resp.Body) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: create gzip reader failed: %w", err) - } - defer func() { _ = gzipReader.Close() }() - reader = gzipReader - } - - body, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("iflow cookie refresh: read POST response failed: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("iflow cookie POST request failed: status=%d body=%s", resp.StatusCode, string(body)) - return nil, fmt.Errorf("iflow cookie refresh: POST request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var keyResp iFlowAPIKeyResponse - if err = json.Unmarshal(body, &keyResp); err != nil { - return nil, fmt.Errorf("iflow cookie refresh: decode POST response failed: %w", err) - } - - if !keyResp.Success { - return nil, fmt.Errorf("iflow cookie refresh: POST request not successful: %s", keyResp.Message) - } - - return &keyResp.Data, nil -} - -// ShouldRefreshAPIKey checks if the API key needs to be refreshed (within 2 days of expiry) -func ShouldRefreshAPIKey(expireTime string) (bool, time.Duration, error) { - if strings.TrimSpace(expireTime) == "" { - return false, 0, fmt.Errorf("iflow cookie: expire time is empty") - } - - expire, err := time.Parse("2006-01-02 15:04", expireTime) - if err != nil { - return false, 0, fmt.Errorf("iflow cookie: parse expire time failed: %w", err) - } - - now := time.Now() - twoDaysFromNow := now.Add(48 * time.Hour) - - needsRefresh := expire.Before(twoDaysFromNow) - timeUntilExpiry := expire.Sub(now) - - return needsRefresh, timeUntilExpiry, nil -} - -// CreateCookieTokenStorage converts cookie-based token data into persistence storage -func (ia *IFlowAuth) CreateCookieTokenStorage(data *IFlowTokenData) *IFlowTokenStorage { - if data == nil { - return nil - } - - // Only save the BXAuth field from the cookie - bxAuth := ExtractBXAuth(data.Cookie) - cookieToSave := "" - if bxAuth != "" { - cookieToSave = "BXAuth=" + bxAuth + ";" - } - - return &IFlowTokenStorage{ - APIKey: data.APIKey, - Email: data.Email, - Expire: data.Expire, - Cookie: cookieToSave, - LastRefresh: time.Now().Format(time.RFC3339), - Type: "iflow", - } -} - -// UpdateCookieTokenStorage updates the persisted token storage with refreshed API key data -func (ia *IFlowAuth) UpdateCookieTokenStorage(storage *IFlowTokenStorage, keyData *iFlowKeyData) { - if storage == nil || keyData == nil { - return - } - - storage.APIKey = keyData.APIKey - storage.Expire = keyData.ExpireTime - storage.LastRefresh = time.Now().Format(time.RFC3339) -} diff --git a/internal/auth/iflow/iflow_token.go b/internal/auth/iflow/iflow_token.go deleted file mode 100644 index 4d6611e6a7..0000000000 --- a/internal/auth/iflow/iflow_token.go +++ /dev/null @@ -1,59 +0,0 @@ -package iflow - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" -) - -// IFlowTokenStorage persists iFlow OAuth credentials alongside the derived API key. -type IFlowTokenStorage struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - LastRefresh string `json:"last_refresh"` - Expire string `json:"expired"` - APIKey string `json:"api_key"` - Email string `json:"email"` - TokenType string `json:"token_type"` - Scope string `json:"scope"` - Cookie string `json:"cookie"` - Type string `json:"type"` - - // Metadata holds arbitrary key-value pairs injected via hooks. - // It is not exported to JSON directly to allow flattening during serialization. - Metadata map[string]any `json:"-"` -} - -// SetMetadata allows external callers to inject metadata into the storage before saving. -func (ts *IFlowTokenStorage) SetMetadata(meta map[string]any) { - ts.Metadata = meta -} - -// SaveTokenToFile serialises the token storage to disk. -func (ts *IFlowTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "iflow" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0o700); err != nil { - return fmt.Errorf("iflow token: create directory failed: %w", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("iflow token: create file failed: %w", err) - } - defer func() { _ = f.Close() }() - - // Merge metadata using helper - data, errMerge := misc.MergeMetadata(ts, ts.Metadata) - if errMerge != nil { - return fmt.Errorf("failed to merge metadata: %w", errMerge) - } - - if err = json.NewEncoder(f).Encode(data); err != nil { - return fmt.Errorf("iflow token: encode token failed: %w", err) - } - return nil -} diff --git a/internal/auth/iflow/oauth_server.go b/internal/auth/iflow/oauth_server.go deleted file mode 100644 index 2a8b7b9f59..0000000000 --- a/internal/auth/iflow/oauth_server.go +++ /dev/null @@ -1,143 +0,0 @@ -package iflow - -import ( - "context" - "fmt" - "net" - "net/http" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -const errorRedirectURL = "https://iflow.cn/oauth/error" - -// OAuthResult captures the outcome of the local OAuth callback. -type OAuthResult struct { - Code string - State string - Error string -} - -// OAuthServer provides a minimal HTTP server for handling the iFlow OAuth callback. -type OAuthServer struct { - server *http.Server - port int - result chan *OAuthResult - errChan chan error - mu sync.Mutex - running bool -} - -// NewOAuthServer constructs a new OAuthServer bound to the provided port. -func NewOAuthServer(port int) *OAuthServer { - return &OAuthServer{ - port: port, - result: make(chan *OAuthResult, 1), - errChan: make(chan error, 1), - } -} - -// Start launches the callback listener. -func (s *OAuthServer) Start() error { - s.mu.Lock() - defer s.mu.Unlock() - if s.running { - return fmt.Errorf("iflow oauth server already running") - } - if !s.isPortAvailable() { - return fmt.Errorf("port %d is already in use", s.port) - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth2callback", s.handleCallback) - - s.server = &http.Server{ - Addr: fmt.Sprintf(":%d", s.port), - Handler: mux, - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - } - - s.running = true - - go func() { - if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed { - s.errChan <- err - } - }() - - time.Sleep(100 * time.Millisecond) - return nil -} - -// Stop gracefully terminates the callback listener. -func (s *OAuthServer) Stop(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - if !s.running || s.server == nil { - return nil - } - defer func() { - s.running = false - s.server = nil - }() - return s.server.Shutdown(ctx) -} - -// WaitForCallback blocks until a callback result, server error, or timeout occurs. -func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { - select { - case res := <-s.result: - return res, nil - case err := <-s.errChan: - return nil, err - case <-time.After(timeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - } -} - -func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet { - http.Error(w, "method not allowed", http.StatusMethodNotAllowed) - return - } - - query := r.URL.Query() - if errParam := strings.TrimSpace(query.Get("error")); errParam != "" { - s.sendResult(&OAuthResult{Error: errParam}) - http.Redirect(w, r, errorRedirectURL, http.StatusFound) - return - } - - code := strings.TrimSpace(query.Get("code")) - if code == "" { - s.sendResult(&OAuthResult{Error: "missing_code"}) - http.Redirect(w, r, errorRedirectURL, http.StatusFound) - return - } - - state := query.Get("state") - s.sendResult(&OAuthResult{Code: code, State: state}) - http.Redirect(w, r, SuccessRedirectURL, http.StatusFound) -} - -func (s *OAuthServer) sendResult(res *OAuthResult) { - select { - case s.result <- res: - default: - log.Debug("iflow oauth result channel full, dropping result") - } -} - -func (s *OAuthServer) isPortAvailable() bool { - addr := fmt.Sprintf(":%d", s.port) - listener, err := net.Listen("tcp", addr) - if err != nil { - return false - } - _ = listener.Close() - return true -} diff --git a/internal/auth/kilo/kilo_auth.go b/internal/auth/kilo/kilo_auth.go deleted file mode 100644 index dc128bf204..0000000000 --- a/internal/auth/kilo/kilo_auth.go +++ /dev/null @@ -1,168 +0,0 @@ -// Package kilo provides authentication and token management functionality -// for Kilo AI services. -package kilo - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "time" -) - -const ( - // BaseURL is the base URL for the Kilo AI API. - BaseURL = "https://api.kilo.ai/api" -) - -// DeviceAuthResponse represents the response from initiating device flow. -type DeviceAuthResponse struct { - Code string `json:"code"` - VerificationURL string `json:"verificationUrl"` - ExpiresIn int `json:"expiresIn"` -} - -// DeviceStatusResponse represents the response when polling for device flow status. -type DeviceStatusResponse struct { - Status string `json:"status"` - Token string `json:"token"` - UserEmail string `json:"userEmail"` -} - -// Profile represents the user profile from Kilo AI. -type Profile struct { - Email string `json:"email"` - Orgs []Organization `json:"organizations"` -} - -// Organization represents a Kilo AI organization. -type Organization struct { - ID string `json:"id"` - Name string `json:"name"` -} - -// Defaults represents default settings for an organization or user. -type Defaults struct { - Model string `json:"model"` -} - -// KiloAuth provides methods for handling the Kilo AI authentication flow. -type KiloAuth struct { - client *http.Client -} - -// NewKiloAuth creates a new instance of KiloAuth. -func NewKiloAuth() *KiloAuth { - return &KiloAuth{ - client: &http.Client{Timeout: 30 * time.Second}, - } -} - -// InitiateDeviceFlow starts the device authentication flow. -func (k *KiloAuth) InitiateDeviceFlow(ctx context.Context) (*DeviceAuthResponse, error) { - resp, err := k.client.Post(BaseURL+"/device-auth/codes", "application/json", nil) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to initiate device flow: status %d", resp.StatusCode) - } - - var data DeviceAuthResponse - if err := json.NewDecoder(resp.Body).Decode(&data); err != nil { - return nil, err - } - return &data, nil -} - -// PollForToken polls for the device flow completion. -func (k *KiloAuth) PollForToken(ctx context.Context, code string) (*DeviceStatusResponse, error) { - ticker := time.NewTicker(5 * time.Second) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-ticker.C: - resp, err := k.client.Get(BaseURL + "/device-auth/codes/" + code) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - var data DeviceStatusResponse - if err := json.NewDecoder(resp.Body).Decode(&data); err != nil { - return nil, err - } - - switch data.Status { - case "approved": - return &data, nil - case "denied", "expired": - return nil, fmt.Errorf("device flow %s", data.Status) - case "pending": - continue - default: - return nil, fmt.Errorf("unknown status: %s", data.Status) - } - } - } -} - -// GetProfile fetches the user's profile. -func (k *KiloAuth) GetProfile(ctx context.Context, token string) (*Profile, error) { - req, err := http.NewRequestWithContext(ctx, "GET", BaseURL+"/profile", nil) - if err != nil { - return nil, fmt.Errorf("failed to create get profile request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+token) - - resp, err := k.client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get profile: status %d", resp.StatusCode) - } - - var profile Profile - if err := json.NewDecoder(resp.Body).Decode(&profile); err != nil { - return nil, err - } - return &profile, nil -} - -// GetDefaults fetches default settings for an organization. -func (k *KiloAuth) GetDefaults(ctx context.Context, token, orgID string) (*Defaults, error) { - url := BaseURL + "/defaults" - if orgID != "" { - url = BaseURL + "/organizations/" + orgID + "/defaults" - } - - req, err := http.NewRequestWithContext(ctx, "GET", url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create get defaults request: %w", err) - } - req.Header.Set("Authorization", "Bearer "+token) - - resp, err := k.client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get defaults: status %d", resp.StatusCode) - } - - var defaults Defaults - if err := json.NewDecoder(resp.Body).Decode(&defaults); err != nil { - return nil, err - } - return &defaults, nil -} diff --git a/internal/auth/kilo/kilo_token.go b/internal/auth/kilo/kilo_token.go deleted file mode 100644 index 363ac67691..0000000000 --- a/internal/auth/kilo/kilo_token.go +++ /dev/null @@ -1,60 +0,0 @@ -// Package kilo provides authentication and token management functionality -// for Kilo AI services. -package kilo - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// KiloTokenStorage stores token information for Kilo AI authentication. -type KiloTokenStorage struct { - // Token is the Kilo access token. - Token string `json:"kilocodeToken"` - - // OrganizationID is the Kilo organization ID. - OrganizationID string `json:"kilocodeOrganizationId"` - - // Model is the default model to use. - Model string `json:"kilocodeModel"` - - // Email is the email address of the authenticated user. - Email string `json:"email"` - - // Type indicates the authentication provider type, always "kilo" for this storage. - Type string `json:"type"` -} - -// SaveTokenToFile serializes the Kilo token storage to a JSON file. -func (ts *KiloTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "kilo" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("failed to close file: %v", errClose) - } - }() - - if err = json.NewEncoder(f).Encode(ts); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// CredentialFileName returns the filename used to persist Kilo credentials. -func CredentialFileName(email string) string { - return fmt.Sprintf("kilo-%s.json", email) -} diff --git a/internal/auth/kimi/kimi.go b/internal/auth/kimi/kimi.go deleted file mode 100644 index 8799965680..0000000000 --- a/internal/auth/kimi/kimi.go +++ /dev/null @@ -1,396 +0,0 @@ -// Package kimi provides authentication and token management for Kimi (Moonshot AI) API. -// It handles the RFC 8628 OAuth2 Device Authorization Grant flow for secure authentication. -package kimi - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "os" - "runtime" - "strings" - "time" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // kimiClientID is Kimi Code's OAuth client ID. - kimiClientID = "17e5f671-d194-4dfb-9706-5516cb48c098" - // kimiOAuthHost is the OAuth server endpoint. - kimiOAuthHost = "https://auth.kimi.com" - // kimiDeviceCodeURL is the endpoint for requesting device codes. - kimiDeviceCodeURL = kimiOAuthHost + "/api/oauth/device_authorization" - // kimiTokenURL is the endpoint for exchanging device codes for tokens. - kimiTokenURL = kimiOAuthHost + "/api/oauth/token" - // KimiAPIBaseURL is the base URL for Kimi API requests. - KimiAPIBaseURL = "https://api.kimi.com/coding" - // defaultPollInterval is the default interval for polling token endpoint. - defaultPollInterval = 5 * time.Second - // maxPollDuration is the maximum time to wait for user authorization. - maxPollDuration = 15 * time.Minute - // refreshThresholdSeconds is when to refresh token before expiry (5 minutes). - refreshThresholdSeconds = 300 -) - -// KimiAuth handles Kimi authentication flow. -type KimiAuth struct { - deviceClient *DeviceFlowClient - cfg *config.Config -} - -// NewKimiAuth creates a new KimiAuth service instance. -func NewKimiAuth(cfg *config.Config) *KimiAuth { - return &KimiAuth{ - deviceClient: NewDeviceFlowClient(cfg), - cfg: cfg, - } -} - -// StartDeviceFlow initiates the device flow authentication. -func (k *KimiAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error) { - return k.deviceClient.RequestDeviceCode(ctx) -} - -// WaitForAuthorization polls for user authorization and returns the auth bundle. -func (k *KimiAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*KimiAuthBundle, error) { - tokenData, err := k.deviceClient.PollForToken(ctx, deviceCode) - if err != nil { - return nil, err - } - - return &KimiAuthBundle{ - TokenData: tokenData, - DeviceID: k.deviceClient.deviceID, - }, nil -} - -// CreateTokenStorage creates a new KimiTokenStorage from auth bundle. -func (k *KimiAuth) CreateTokenStorage(bundle *KimiAuthBundle) *KimiTokenStorage { - expired := "" - if bundle.TokenData.ExpiresAt > 0 { - expired = time.Unix(bundle.TokenData.ExpiresAt, 0).UTC().Format(time.RFC3339) - } - return &KimiTokenStorage{ - AccessToken: bundle.TokenData.AccessToken, - RefreshToken: bundle.TokenData.RefreshToken, - TokenType: bundle.TokenData.TokenType, - Scope: bundle.TokenData.Scope, - DeviceID: strings.TrimSpace(bundle.DeviceID), - Expired: expired, - Type: "kimi", - } -} - -// DeviceFlowClient handles the OAuth2 device flow for Kimi. -type DeviceFlowClient struct { - httpClient *http.Client - cfg *config.Config - deviceID string -} - -// NewDeviceFlowClient creates a new device flow client. -func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient { - return NewDeviceFlowClientWithDeviceID(cfg, "") -} - -// NewDeviceFlowClientWithDeviceID creates a new device flow client with the specified device ID. -func NewDeviceFlowClientWithDeviceID(cfg *config.Config, deviceID string) *DeviceFlowClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - resolvedDeviceID := strings.TrimSpace(deviceID) - if resolvedDeviceID == "" { - resolvedDeviceID = getOrCreateDeviceID() - } - return &DeviceFlowClient{ - httpClient: client, - cfg: cfg, - deviceID: resolvedDeviceID, - } -} - -// getOrCreateDeviceID returns an in-memory device ID for the current authentication flow. -func getOrCreateDeviceID() string { - return uuid.New().String() -} - -// getDeviceModel returns a device model string. -func getDeviceModel() string { - osName := runtime.GOOS - arch := runtime.GOARCH - - switch osName { - case "darwin": - return fmt.Sprintf("macOS %s", arch) - case "windows": - return fmt.Sprintf("Windows %s", arch) - case "linux": - return fmt.Sprintf("Linux %s", arch) - default: - return fmt.Sprintf("%s %s", osName, arch) - } -} - -// getHostname returns the machine hostname. -func getHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// commonHeaders returns headers required for Kimi API requests. -func (c *DeviceFlowClient) commonHeaders() map[string]string { - return map[string]string{ - "X-Msh-Platform": "cli-proxy-api", - "X-Msh-Version": "1.0.0", - "X-Msh-Device-Name": getHostname(), - "X-Msh-Device-Model": getDeviceModel(), - "X-Msh-Device-Id": c.deviceID, - } -} - -// RequestDeviceCode initiates the device flow by requesting a device code from Kimi. -func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) { - data := url.Values{} - data.Set("client_id", kimiClientID) - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiDeviceCodeURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create device code request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: device code request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi device code: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read device code response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("kimi: device code request failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - var deviceCode DeviceCodeResponse - if err = json.Unmarshal(bodyBytes, &deviceCode); err != nil { - return nil, fmt.Errorf("kimi: failed to parse device code response: %w", err) - } - - return &deviceCode, nil -} - -// PollForToken polls the token endpoint until the user authorizes or the device code expires. -func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*KimiTokenData, error) { - if deviceCode == nil { - return nil, fmt.Errorf("kimi: device code is nil") - } - - interval := time.Duration(deviceCode.Interval) * time.Second - if interval < defaultPollInterval { - interval = defaultPollInterval - } - - deadline := time.Now().Add(maxPollDuration) - if deviceCode.ExpiresIn > 0 { - codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second) - if codeDeadline.Before(deadline) { - deadline = codeDeadline - } - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return nil, fmt.Errorf("kimi: context cancelled: %w", ctx.Err()) - case <-ticker.C: - if time.Now().After(deadline) { - return nil, fmt.Errorf("kimi: device code expired") - } - - token, pollErr, shouldContinue := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode) - if token != nil { - return token, nil - } - if !shouldContinue { - return nil, pollErr - } - // Continue polling - } - } -} - -// exchangeDeviceCode attempts to exchange the device code for an access token. -// Returns (token, error, shouldContinue). -func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*KimiTokenData, error, bool) { - data := url.Values{} - data.Set("client_id", kimiClientID) - data.Set("device_code", deviceCode) - data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code") - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create token request: %w", err), false - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: token request failed: %w", err), false - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi token exchange: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read token response: %w", err), false - } - - // Parse response - Kimi returns 200 for both success and pending states - var oauthResp struct { - Error string `json:"error"` - ErrorDescription string `json:"error_description"` - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn float64 `json:"expires_in"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil { - return nil, fmt.Errorf("kimi: failed to parse token response: %w", err), false - } - - if oauthResp.Error != "" { - switch oauthResp.Error { - case "authorization_pending": - return nil, nil, true // Continue polling - case "slow_down": - return nil, nil, true // Continue polling (with increased interval handled by caller) - case "expired_token": - return nil, fmt.Errorf("kimi: device code expired"), false - case "access_denied": - return nil, fmt.Errorf("kimi: access denied by user"), false - default: - return nil, fmt.Errorf("kimi: OAuth error: %s - %s", oauthResp.Error, oauthResp.ErrorDescription), false - } - } - - if oauthResp.AccessToken == "" { - return nil, fmt.Errorf("kimi: empty access token in response"), false - } - - var expiresAt int64 - if oauthResp.ExpiresIn > 0 { - expiresAt = time.Now().Unix() + int64(oauthResp.ExpiresIn) - } - - return &KimiTokenData{ - AccessToken: oauthResp.AccessToken, - RefreshToken: oauthResp.RefreshToken, - TokenType: oauthResp.TokenType, - ExpiresAt: expiresAt, - Scope: oauthResp.Scope, - }, nil, false -} - -// RefreshToken exchanges a refresh token for a new access token. -func (c *DeviceFlowClient) RefreshToken(ctx context.Context, refreshToken string) (*KimiTokenData, error) { - data := url.Values{} - data.Set("client_id", kimiClientID) - data.Set("grant_type", "refresh_token") - data.Set("refresh_token", refreshToken) - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, kimiTokenURL, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("kimi: failed to create refresh request: %w", err) - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - for k, v := range c.commonHeaders() { - req.Header.Set(k, v) - } - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("kimi: refresh request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("kimi refresh token: close body error: %v", errClose) - } - }() - - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("kimi: failed to read refresh response: %w", err) - } - - if resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden { - return nil, fmt.Errorf("kimi: refresh token rejected (status %d)", resp.StatusCode) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("kimi: refresh failed with status %d: %s", resp.StatusCode, string(bodyBytes)) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - TokenType string `json:"token_type"` - ExpiresIn float64 `json:"expires_in"` - Scope string `json:"scope"` - } - - if err = json.Unmarshal(bodyBytes, &tokenResp); err != nil { - return nil, fmt.Errorf("kimi: failed to parse refresh response: %w", err) - } - - if tokenResp.AccessToken == "" { - return nil, fmt.Errorf("kimi: empty access token in refresh response") - } - - var expiresAt int64 - if tokenResp.ExpiresIn > 0 { - expiresAt = time.Now().Unix() + int64(tokenResp.ExpiresIn) - } - - return &KimiTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - TokenType: tokenResp.TokenType, - ExpiresAt: expiresAt, - Scope: tokenResp.Scope, - }, nil -} diff --git a/internal/auth/kimi/token.go b/internal/auth/kimi/token.go deleted file mode 100644 index ea246e7bd8..0000000000 --- a/internal/auth/kimi/token.go +++ /dev/null @@ -1,131 +0,0 @@ -// Package kimi provides authentication and token management functionality -// for Kimi (Moonshot AI) services. It handles OAuth2 device flow token storage, -// serialization, and retrieval for maintaining authenticated sessions with the Kimi API. -package kimi - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" -) - -// KimiTokenStorage stores OAuth2 token information for Kimi API authentication. -type KimiTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is the OAuth2 refresh token used to obtain new access tokens. - RefreshToken string `json:"refresh_token"` - // TokenType is the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope,omitempty"` - // DeviceID is the OAuth device flow identifier used for Kimi requests. - DeviceID string `json:"device_id,omitempty"` - // Expired is the RFC3339 timestamp when the access token expires. - Expired string `json:"expired,omitempty"` - // Type indicates the authentication provider type, always "kimi" for this storage. - Type string `json:"type"` - - // Metadata holds arbitrary key-value pairs injected via hooks. - // It is not exported to JSON directly to allow flattening during serialization. - Metadata map[string]any `json:"-"` -} - -// SetMetadata allows external callers to inject metadata into the storage before saving. -func (ts *KimiTokenStorage) SetMetadata(meta map[string]any) { - ts.Metadata = meta -} - -// KimiTokenData holds the raw OAuth token response from Kimi. -type KimiTokenData struct { - // AccessToken is the OAuth2 access token. - AccessToken string `json:"access_token"` - // RefreshToken is the OAuth2 refresh token. - RefreshToken string `json:"refresh_token"` - // TokenType is the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ExpiresAt is the Unix timestamp when the token expires. - ExpiresAt int64 `json:"expires_at"` - // Scope is the OAuth2 scope granted to the token. - Scope string `json:"scope"` -} - -// KimiAuthBundle bundles authentication data for storage. -type KimiAuthBundle struct { - // TokenData contains the OAuth token information. - TokenData *KimiTokenData - // DeviceID is the device identifier used during OAuth device flow. - DeviceID string -} - -// DeviceCodeResponse represents Kimi's device code response. -type DeviceCodeResponse struct { - // DeviceCode is the device verification code. - DeviceCode string `json:"device_code"` - // UserCode is the code the user must enter at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user should enter the code. - VerificationURI string `json:"verification_uri,omitempty"` - // VerificationURIComplete is the URL with the code pre-filled. - VerificationURIComplete string `json:"verification_uri_complete"` - // ExpiresIn is the number of seconds until the device code expires. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum number of seconds to wait between polling requests. - Interval int `json:"interval"` -} - -// SaveTokenToFile serializes the Kimi token storage to a JSON file. -func (ts *KimiTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "kimi" - - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - // Merge metadata using helper - data, errMerge := misc.MergeMetadata(ts, ts.Metadata) - if errMerge != nil { - return fmt.Errorf("failed to merge metadata: %w", errMerge) - } - - encoder := json.NewEncoder(f) - encoder.SetIndent("", " ") - if err = encoder.Encode(data); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} - -// IsExpired checks if the token has expired. -func (ts *KimiTokenStorage) IsExpired() bool { - if ts.Expired == "" { - return false // No expiry set, assume valid - } - t, err := time.Parse(time.RFC3339, ts.Expired) - if err != nil { - return true // Has expiry string but can't parse - } - // Consider expired if within refresh threshold - return time.Now().Add(time.Duration(refreshThresholdSeconds) * time.Second).After(t) -} - -// NeedsRefresh checks if the token should be refreshed. -func (ts *KimiTokenStorage) NeedsRefresh() bool { - if ts.RefreshToken == "" { - return false // Can't refresh without refresh token - } - return ts.IsExpired() -} diff --git a/internal/auth/kiro/aws.go b/internal/auth/kiro/aws.go deleted file mode 100644 index 6ec67c499a..0000000000 --- a/internal/auth/kiro/aws.go +++ /dev/null @@ -1,522 +0,0 @@ -// Package kiro provides authentication functionality for AWS CodeWhisperer (Kiro) API. -// It includes interfaces and implementations for token storage and authentication methods. -package kiro - -import ( - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "time" -) - -// PKCECodes holds PKCE verification codes for OAuth2 PKCE flow -type PKCECodes struct { - // CodeVerifier is the cryptographically random string used to correlate - // the authorization request to the token request - CodeVerifier string `json:"code_verifier"` - // CodeChallenge is the SHA256 hash of the code verifier, base64url-encoded - CodeChallenge string `json:"code_challenge"` -} - -// KiroTokenData holds OAuth token information from AWS CodeWhisperer (Kiro) -type KiroTokenData struct { - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"accessToken"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refreshToken"` - // ProfileArn is the AWS CodeWhisperer profile ARN - ProfileArn string `json:"profileArn"` - // ExpiresAt is the timestamp when the token expires - ExpiresAt string `json:"expiresAt"` - // AuthMethod indicates the authentication method used (e.g., "builder-id", "social", "idc") - AuthMethod string `json:"authMethod"` - // Provider indicates the OAuth provider (e.g., "AWS", "Google", "Enterprise") - Provider string `json:"provider"` - // ClientID is the OIDC client ID (needed for token refresh) - ClientID string `json:"clientId,omitempty"` - // ClientSecret is the OIDC client secret (needed for token refresh) - ClientSecret string `json:"clientSecret,omitempty"` - // ClientIDHash is the hash of client ID used to locate device registration file - // (Enterprise Kiro IDE stores clientId/clientSecret in ~/.aws/sso/cache/{clientIdHash}.json) - ClientIDHash string `json:"clientIdHash,omitempty"` - // Email is the user's email address (used for file naming) - Email string `json:"email,omitempty"` - // StartURL is the IDC/Identity Center start URL (only for IDC auth method) - StartURL string `json:"startUrl,omitempty"` - // Region is the AWS region for IDC authentication (only for IDC auth method) - Region string `json:"region,omitempty"` -} - -// KiroAuthBundle aggregates authentication data after OAuth flow completion -type KiroAuthBundle struct { - // TokenData contains the OAuth tokens from the authentication flow - TokenData KiroTokenData `json:"token_data"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` -} - -// KiroUsageInfo represents usage information from CodeWhisperer API -type KiroUsageInfo struct { - // SubscriptionTitle is the subscription plan name (e.g., "KIRO FREE") - SubscriptionTitle string `json:"subscription_title"` - // CurrentUsage is the current credit usage - CurrentUsage float64 `json:"current_usage"` - // UsageLimit is the maximum credit limit - UsageLimit float64 `json:"usage_limit"` - // NextReset is the timestamp of the next usage reset - NextReset string `json:"next_reset"` -} - -// KiroModel represents a model available through the CodeWhisperer API -type KiroModel struct { - // ModelID is the unique identifier for the model - ModelID string `json:"modelId"` - // ModelName is the human-readable name - ModelName string `json:"modelName"` - // Description is the model description - Description string `json:"description"` - // RateMultiplier is the credit multiplier for this model - RateMultiplier float64 `json:"rateMultiplier"` - // RateUnit is the unit for rate calculation (e.g., "credit") - RateUnit string `json:"rateUnit"` - // MaxInputTokens is the maximum input token limit - MaxInputTokens int `json:"maxInputTokens,omitempty"` -} - -// KiroIDETokenFile is the default path to Kiro IDE's token file -const KiroIDETokenFile = ".aws/sso/cache/kiro-auth-token.json" - -// Default retry configuration for file reading -const ( - defaultTokenReadMaxAttempts = 10 // Maximum retry attempts - defaultTokenReadBaseDelay = 50 * time.Millisecond // Base delay between retries -) - -// isTransientFileError checks if the error is a transient file access error -// that may be resolved by retrying (e.g., file locked by another process on Windows). -func isTransientFileError(err error) bool { - if err == nil { - return false - } - - // Check for OS-level file access errors (Windows sharing violation, etc.) - var pathErr *os.PathError - if errors.As(err, &pathErr) { - // Windows sharing violation (ERROR_SHARING_VIOLATION = 32) - // Windows lock violation (ERROR_LOCK_VIOLATION = 33) - errStr := pathErr.Err.Error() - if strings.Contains(errStr, "being used by another process") || - strings.Contains(errStr, "sharing violation") || - strings.Contains(errStr, "lock violation") { - return true - } - } - - // Check error message for common transient patterns - errMsg := strings.ToLower(err.Error()) - transientPatterns := []string{ - "being used by another process", - "sharing violation", - "lock violation", - "access is denied", - "unexpected end of json", - "unexpected eof", - } - for _, pattern := range transientPatterns { - if strings.Contains(errMsg, pattern) { - return true - } - } - - return false -} - -// LoadKiroIDETokenWithRetry loads token data from Kiro IDE's token file with retry logic. -// This handles transient file access errors (e.g., file locked by Kiro IDE during write). -// maxAttempts: maximum number of retry attempts (default 10 if <= 0) -// baseDelay: base delay between retries with exponential backoff (default 50ms if <= 0) -func LoadKiroIDETokenWithRetry(maxAttempts int, baseDelay time.Duration) (*KiroTokenData, error) { - if maxAttempts <= 0 { - maxAttempts = defaultTokenReadMaxAttempts - } - if baseDelay <= 0 { - baseDelay = defaultTokenReadBaseDelay - } - - var lastErr error - for attempt := 0; attempt < maxAttempts; attempt++ { - token, err := LoadKiroIDEToken() - if err == nil { - return token, nil - } - lastErr = err - - // Only retry for transient errors - if !isTransientFileError(err) { - return nil, err - } - - // Exponential backoff: delay * 2^attempt, capped at 500ms - delay := baseDelay * time.Duration(1< 500*time.Millisecond { - delay = 500 * time.Millisecond - } - time.Sleep(delay) - } - - return nil, fmt.Errorf("failed to read token file after %d attempts: %w", maxAttempts, lastErr) -} - -// LoadKiroIDEToken loads token data from Kiro IDE's token file. -// For Enterprise Kiro IDE (IDC auth), it also loads clientId and clientSecret -// from the device registration file referenced by clientIdHash. -func LoadKiroIDEToken() (*KiroTokenData, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - tokenPath := filepath.Join(homeDir, KiroIDETokenFile) - data, err := os.ReadFile(tokenPath) - if err != nil { - return nil, fmt.Errorf("failed to read Kiro IDE token file (%s): %w", tokenPath, err) - } - - var token KiroTokenData - if err := json.Unmarshal(data, &token); err != nil { - return nil, fmt.Errorf("failed to parse Kiro IDE token: %w", err) - } - - if token.AccessToken == "" { - return nil, fmt.Errorf("access token is empty in Kiro IDE token file") - } - - // Normalize AuthMethod to lowercase (Kiro IDE uses "IdC" but we expect "idc") - token.AuthMethod = strings.ToLower(token.AuthMethod) - - // For Enterprise Kiro IDE (IDC auth), load clientId and clientSecret from device registration - // The device registration file is located at ~/.aws/sso/cache/{clientIdHash}.json - if token.ClientIDHash != "" && token.ClientID == "" { - if err := loadDeviceRegistration(homeDir, token.ClientIDHash, &token); err != nil { - // Log warning but don't fail - token might still work for some operations - fmt.Printf("warning: failed to load device registration for clientIdHash %s: %v\n", token.ClientIDHash, err) - } - } - - return &token, nil -} - -// loadDeviceRegistration loads clientId and clientSecret from the device registration file. -// Enterprise Kiro IDE stores these in ~/.aws/sso/cache/{clientIdHash}.json -func loadDeviceRegistration(homeDir, clientIDHash string, token *KiroTokenData) error { - if clientIDHash == "" { - return fmt.Errorf("clientIdHash is empty") - } - - // Sanitize clientIdHash to prevent path traversal - if strings.Contains(clientIDHash, "/") || strings.Contains(clientIDHash, "\\") || strings.Contains(clientIDHash, "..") { - return fmt.Errorf("invalid clientIdHash: contains path separator") - } - - deviceRegPath := filepath.Join(homeDir, ".aws", "sso", "cache", clientIDHash+".json") - data, err := os.ReadFile(deviceRegPath) - if err != nil { - return fmt.Errorf("failed to read device registration file (%s): %w", deviceRegPath, err) - } - - // Device registration file structure - var deviceReg struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - ExpiresAt string `json:"expiresAt"` - } - - if err := json.Unmarshal(data, &deviceReg); err != nil { - return fmt.Errorf("failed to parse device registration: %w", err) - } - - if deviceReg.ClientID == "" || deviceReg.ClientSecret == "" { - return fmt.Errorf("device registration missing clientId or clientSecret") - } - - token.ClientID = deviceReg.ClientID - token.ClientSecret = deviceReg.ClientSecret - - return nil -} - -// LoadKiroTokenFromPath loads token data from a custom path. -// This supports multiple accounts by allowing different token files. -// For Enterprise Kiro IDE (IDC auth), it also loads clientId and clientSecret -// from the device registration file referenced by clientIdHash. -func LoadKiroTokenFromPath(tokenPath string) (*KiroTokenData, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - // Expand ~ to home directory - if len(tokenPath) > 0 && tokenPath[0] == '~' { - tokenPath = filepath.Join(homeDir, tokenPath[1:]) - } - - data, err := os.ReadFile(tokenPath) - if err != nil { - return nil, fmt.Errorf("failed to read token file (%s): %w", tokenPath, err) - } - - var token KiroTokenData - if err := json.Unmarshal(data, &token); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - if token.AccessToken == "" { - return nil, fmt.Errorf("access token is empty in token file") - } - - // Normalize AuthMethod to lowercase (Kiro IDE uses "IdC" but we expect "idc") - token.AuthMethod = strings.ToLower(token.AuthMethod) - - // For Enterprise Kiro IDE (IDC auth), load clientId and clientSecret from device registration - if token.ClientIDHash != "" && token.ClientID == "" { - if err := loadDeviceRegistration(homeDir, token.ClientIDHash, &token); err != nil { - // Log warning but don't fail - token might still work for some operations - fmt.Printf("warning: failed to load device registration for clientIdHash %s: %v\n", token.ClientIDHash, err) - } - } - - return &token, nil -} - -// ListKiroTokenFiles lists all Kiro token files in the cache directory. -// This supports multiple accounts by finding all token files. -func ListKiroTokenFiles() ([]string, error) { - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - - cacheDir := filepath.Join(homeDir, ".aws", "sso", "cache") - - // Check if directory exists - if _, err := os.Stat(cacheDir); os.IsNotExist(err) { - return nil, nil // No token files - } - - entries, err := os.ReadDir(cacheDir) - if err != nil { - return nil, fmt.Errorf("failed to read cache directory: %w", err) - } - - var tokenFiles []string - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - // Look for kiro token files only (avoid matching unrelated AWS SSO cache files) - if strings.HasSuffix(name, ".json") && strings.HasPrefix(name, "kiro") { - tokenFiles = append(tokenFiles, filepath.Join(cacheDir, name)) - } - } - - return tokenFiles, nil -} - -// LoadAllKiroTokens loads all Kiro tokens from the cache directory. -// This supports multiple accounts. -func LoadAllKiroTokens() ([]*KiroTokenData, error) { - files, err := ListKiroTokenFiles() - if err != nil { - return nil, err - } - - var tokens []*KiroTokenData - for _, file := range files { - token, err := LoadKiroTokenFromPath(file) - if err != nil { - // Skip invalid token files - continue - } - tokens = append(tokens, token) - } - - return tokens, nil -} - -// JWTClaims represents the claims we care about from a JWT token. -// JWT tokens from Kiro/AWS contain user information in the payload. -type JWTClaims struct { - Email string `json:"email,omitempty"` - Sub string `json:"sub,omitempty"` - PreferredUser string `json:"preferred_username,omitempty"` - Name string `json:"name,omitempty"` - Iss string `json:"iss,omitempty"` -} - -// ExtractEmailFromJWT extracts the user's email from a JWT access token. -// JWT tokens typically have format: header.payload.signature -// The payload is base64url-encoded JSON containing user claims. -func ExtractEmailFromJWT(accessToken string) string { - if accessToken == "" { - return "" - } - - // JWT format: header.payload.signature - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - return "" - } - - // Decode the payload (second part) - payload := parts[1] - - // Add padding if needed (base64url requires padding) - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - - decoded, err := base64.URLEncoding.DecodeString(payload) - if err != nil { - // Try RawURLEncoding (no padding) - decoded, err = base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return "" - } - } - - var claims JWTClaims - if err := json.Unmarshal(decoded, &claims); err != nil { - return "" - } - - // Return email if available - if claims.Email != "" { - return claims.Email - } - - // Fallback to preferred_username (some providers use this) - if claims.PreferredUser != "" && strings.Contains(claims.PreferredUser, "@") { - return claims.PreferredUser - } - - // Fallback to sub if it looks like an email - if claims.Sub != "" && strings.Contains(claims.Sub, "@") { - return claims.Sub - } - - return "" -} - -// SanitizeEmailForFilename sanitizes an email address for use in a filename. -// Replaces special characters with underscores and prevents path traversal attacks. -// Also handles URL-encoded characters to prevent encoded path traversal attempts. -func SanitizeEmailForFilename(email string) string { - if email == "" { - return "" - } - - result := email - - // First, handle URL-encoded path traversal attempts (%2F, %2E, %5C, etc.) - // This prevents encoded characters from bypassing the sanitization. - // Note: We replace % last to catch any remaining encodings including double-encoding (%252F) - result = strings.ReplaceAll(result, "%2F", "_") // / - result = strings.ReplaceAll(result, "%2f", "_") - result = strings.ReplaceAll(result, "%5C", "_") // \ - result = strings.ReplaceAll(result, "%5c", "_") - result = strings.ReplaceAll(result, "%2E", "_") // . - result = strings.ReplaceAll(result, "%2e", "_") - result = strings.ReplaceAll(result, "%00", "_") // null byte - result = strings.ReplaceAll(result, "%", "_") // Catch remaining % to prevent double-encoding attacks - - // Replace characters that are problematic in filenames - // Keep @ and . in middle but replace other special characters - for _, char := range []string{"/", "\\", ":", "*", "?", "\"", "<", ">", "|", " ", "\x00"} { - result = strings.ReplaceAll(result, char, "_") - } - - // Prevent path traversal: replace leading dots in each path component - // This handles cases like "../../../etc/passwd" → "_.._.._.._etc_passwd" - parts := strings.Split(result, "_") - for i, part := range parts { - for strings.HasPrefix(part, ".") { - part = "_" + part[1:] - } - parts[i] = part - } - result = strings.Join(parts, "_") - - return result -} - -// ExtractIDCIdentifier extracts a unique identifier from IDC startUrl. -// Examples: -// - "https://d-1234567890.awsapps.com/start" -> "d-1234567890" -// - "https://my-company.awsapps.com/start" -> "my-company" -// - "https://acme-corp.awsapps.com/start" -> "acme-corp" -func ExtractIDCIdentifier(startURL string) string { - if startURL == "" { - return "" - } - - // Remove protocol prefix - url := strings.TrimPrefix(startURL, "https://") - url = strings.TrimPrefix(url, "http://") - - // Extract subdomain (first part before the first dot) - // Format: {identifier}.awsapps.com/start - parts := strings.Split(url, ".") - if len(parts) > 0 && parts[0] != "" { - identifier := parts[0] - // Sanitize for filename safety - identifier = strings.ReplaceAll(identifier, "/", "_") - identifier = strings.ReplaceAll(identifier, "\\", "_") - identifier = strings.ReplaceAll(identifier, ":", "_") - return identifier - } - - return "" -} - -// GenerateTokenFileName generates a unique filename for token storage. -// Priority: email > startUrl identifier (for IDC) > authMethod only -// Email is unique, so no sequence suffix needed. Sequence is only added -// when email is unavailable to prevent filename collisions. -// Format: kiro-{authMethod}-{identifier}[-{seq}].json -func GenerateTokenFileName(tokenData *KiroTokenData) string { - authMethod := tokenData.AuthMethod - if authMethod == "" { - authMethod = "unknown" - } - - // Priority 1: Use email if available (no sequence needed, email is unique) - if tokenData.Email != "" { - // Sanitize email for filename (replace @ and . with -) - sanitizedEmail := tokenData.Email - sanitizedEmail = strings.ReplaceAll(sanitizedEmail, "@", "-") - sanitizedEmail = strings.ReplaceAll(sanitizedEmail, ".", "-") - return fmt.Sprintf("kiro-%s-%s.json", authMethod, sanitizedEmail) - } - - // Generate sequence only when email is unavailable - seq := time.Now().UnixNano() % 100000 - - // Priority 2: For IDC, use startUrl identifier with sequence - if authMethod == "idc" && tokenData.StartURL != "" { - identifier := ExtractIDCIdentifier(tokenData.StartURL) - if identifier != "" { - return fmt.Sprintf("kiro-%s-%s-%05d.json", authMethod, identifier, seq) - } - } - - // Priority 3: Fallback to authMethod only with sequence - return fmt.Sprintf("kiro-%s-%05d.json", authMethod, seq) -} diff --git a/internal/auth/kiro/aws_auth.go b/internal/auth/kiro/aws_auth.go deleted file mode 100644 index aa7a4f72b6..0000000000 --- a/internal/auth/kiro/aws_auth.go +++ /dev/null @@ -1,338 +0,0 @@ -// Package kiro provides OAuth2 authentication functionality for AWS CodeWhisperer (Kiro) API. -// This package implements token loading, refresh, and API communication with CodeWhisperer. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // awsKiroEndpoint is used for CodeWhisperer management APIs (GetUsageLimits, ListProfiles, etc.) - // Note: This is different from the Amazon Q streaming endpoint (q.us-east-1.amazonaws.com) - // used in kiro_executor.go for GenerateAssistantResponse. Both endpoints are correct - // for their respective API operations. - awsKiroEndpoint = "https://codewhisperer.us-east-1.amazonaws.com" - defaultTokenFile = "~/.aws/sso/cache/kiro-auth-token.json" - targetGetUsage = "AmazonCodeWhispererService.GetUsageLimits" - targetListModels = "AmazonCodeWhispererService.ListAvailableModels" - targetGenerateChat = "AmazonCodeWhispererStreamingService.GenerateAssistantResponse" -) - -// KiroAuth handles AWS CodeWhisperer authentication and API communication. -// It provides methods for loading tokens, refreshing expired tokens, -// and communicating with the CodeWhisperer API. -type KiroAuth struct { - httpClient *http.Client - endpoint string -} - -// NewKiroAuth creates a new Kiro authentication service. -// It initializes the HTTP client with proxy settings from the configuration. -// -// Parameters: -// - cfg: The application configuration containing proxy settings -// -// Returns: -// - *KiroAuth: A new Kiro authentication service instance -func NewKiroAuth(cfg *config.Config) *KiroAuth { - return &KiroAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 120 * time.Second}), - endpoint: awsKiroEndpoint, - } -} - -// LoadTokenFromFile loads token data from a file path. -// This method reads and parses the token file, expanding ~ to the home directory. -// -// Parameters: -// - tokenFile: Path to the token file (supports ~ expansion) -// -// Returns: -// - *KiroTokenData: The parsed token data -// - error: An error if file reading or parsing fails -func (k *KiroAuth) LoadTokenFromFile(tokenFile string) (*KiroTokenData, error) { - // Expand ~ to home directory - if strings.HasPrefix(tokenFile, "~") { - home, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("failed to get home directory: %w", err) - } - tokenFile = filepath.Join(home, tokenFile[1:]) - } - - data, err := os.ReadFile(tokenFile) - if err != nil { - return nil, fmt.Errorf("failed to read token file: %w", err) - } - - var tokenData KiroTokenData - if err := json.Unmarshal(data, &tokenData); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - return &tokenData, nil -} - -// IsTokenExpired checks if the token has expired. -// This method parses the expiration timestamp and compares it with the current time. -// -// Parameters: -// - tokenData: The token data to check -// -// Returns: -// - bool: True if the token has expired, false otherwise -func (k *KiroAuth) IsTokenExpired(tokenData *KiroTokenData) bool { - if tokenData.ExpiresAt == "" { - return true - } - - expiresAt, err := time.Parse(time.RFC3339, tokenData.ExpiresAt) - if err != nil { - // Try alternate format - expiresAt, err = time.Parse("2006-01-02T15:04:05.000Z", tokenData.ExpiresAt) - if err != nil { - return true - } - } - - return time.Now().After(expiresAt) -} - -// makeRequest sends a request to the CodeWhisperer API. -// This is an internal method for making authenticated API calls. -// -// Parameters: -// - ctx: The context for the request -// - target: The API target (e.g., "AmazonCodeWhispererService.GetUsageLimits") -// - accessToken: The OAuth access token -// - payload: The request payload -// -// Returns: -// - []byte: The response body -// - error: An error if the request fails -func (k *KiroAuth) makeRequest(ctx context.Context, target string, accessToken string, payload interface{}) ([]byte, error) { - jsonBody, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, k.endpoint, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", target) - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := k.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("failed to close response body: %v", errClose) - } - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body)) - } - - return body, nil -} - -// GetUsageLimits retrieves usage information from the CodeWhisperer API. -// This method fetches the current usage statistics and subscription information. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data containing access token and profile ARN -// -// Returns: -// - *KiroUsageInfo: The usage information -// - error: An error if the request fails -func (k *KiroAuth) GetUsageLimits(ctx context.Context, tokenData *KiroTokenData) (*KiroUsageInfo, error) { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - "resourceType": "AGENTIC_REQUEST", - } - - body, err := k.makeRequest(ctx, targetGetUsage, tokenData.AccessToken, payload) - if err != nil { - return nil, err - } - - var result struct { - SubscriptionInfo struct { - SubscriptionTitle string `json:"subscriptionTitle"` - } `json:"subscriptionInfo"` - UsageBreakdownList []struct { - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - } `json:"usageBreakdownList"` - NextDateReset float64 `json:"nextDateReset"` - } - - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse usage response: %w", err) - } - - usage := &KiroUsageInfo{ - SubscriptionTitle: result.SubscriptionInfo.SubscriptionTitle, - NextReset: fmt.Sprintf("%v", result.NextDateReset), - } - - if len(result.UsageBreakdownList) > 0 { - usage.CurrentUsage = result.UsageBreakdownList[0].CurrentUsageWithPrecision - usage.UsageLimit = result.UsageBreakdownList[0].UsageLimitWithPrecision - } - - return usage, nil -} - -// ListAvailableModels retrieves available models from the CodeWhisperer API. -// This method fetches the list of AI models available for the authenticated user. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data containing access token and profile ARN -// -// Returns: -// - []*KiroModel: The list of available models -// - error: An error if the request fails -func (k *KiroAuth) ListAvailableModels(ctx context.Context, tokenData *KiroTokenData) ([]*KiroModel, error) { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - } - - body, err := k.makeRequest(ctx, targetListModels, tokenData.AccessToken, payload) - if err != nil { - return nil, err - } - - var result struct { - Models []struct { - ModelID string `json:"modelId"` - ModelName string `json:"modelName"` - Description string `json:"description"` - RateMultiplier float64 `json:"rateMultiplier"` - RateUnit string `json:"rateUnit"` - TokenLimits *struct { - MaxInputTokens int `json:"maxInputTokens"` - } `json:"tokenLimits"` - } `json:"models"` - } - - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse models response: %w", err) - } - - models := make([]*KiroModel, 0, len(result.Models)) - for _, m := range result.Models { - maxInputTokens := 0 - if m.TokenLimits != nil { - maxInputTokens = m.TokenLimits.MaxInputTokens - } - models = append(models, &KiroModel{ - ModelID: m.ModelID, - ModelName: m.ModelName, - Description: m.Description, - RateMultiplier: m.RateMultiplier, - RateUnit: m.RateUnit, - MaxInputTokens: maxInputTokens, - }) - } - - return models, nil -} - -// CreateTokenStorage creates a new KiroTokenStorage from token data. -// This method converts the token data into a storage structure suitable for persistence. -// -// Parameters: -// - tokenData: The token data to convert -// -// Returns: -// - *KiroTokenStorage: A new token storage instance -func (k *KiroAuth) CreateTokenStorage(tokenData *KiroTokenData) *KiroTokenStorage { - return &KiroTokenStorage{ - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - ProfileArn: tokenData.ProfileArn, - ExpiresAt: tokenData.ExpiresAt, - AuthMethod: tokenData.AuthMethod, - Provider: tokenData.Provider, - LastRefresh: time.Now().Format(time.RFC3339), - ClientID: tokenData.ClientID, - ClientSecret: tokenData.ClientSecret, - Region: tokenData.Region, - StartURL: tokenData.StartURL, - Email: tokenData.Email, - } -} - -// ValidateToken checks if the token is valid by making a test API call. -// This method verifies the token by attempting to fetch usage limits. -// -// Parameters: -// - ctx: The context for the request -// - tokenData: The token data to validate -// -// Returns: -// - error: An error if the token is invalid -func (k *KiroAuth) ValidateToken(ctx context.Context, tokenData *KiroTokenData) error { - _, err := k.GetUsageLimits(ctx, tokenData) - return err -} - -// UpdateTokenStorage updates an existing token storage with new token data. -// This method refreshes the token storage with newly obtained access and refresh tokens. -// -// Parameters: -// - storage: The existing token storage to update -// - tokenData: The new token data to apply -func (k *KiroAuth) UpdateTokenStorage(storage *KiroTokenStorage, tokenData *KiroTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.ProfileArn = tokenData.ProfileArn - storage.ExpiresAt = tokenData.ExpiresAt - storage.AuthMethod = tokenData.AuthMethod - storage.Provider = tokenData.Provider - storage.LastRefresh = time.Now().Format(time.RFC3339) - if tokenData.ClientID != "" { - storage.ClientID = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - storage.ClientSecret = tokenData.ClientSecret - } - if tokenData.Region != "" { - storage.Region = tokenData.Region - } - if tokenData.StartURL != "" { - storage.StartURL = tokenData.StartURL - } - if tokenData.Email != "" { - storage.Email = tokenData.Email - } -} diff --git a/internal/auth/kiro/aws_test.go b/internal/auth/kiro/aws_test.go deleted file mode 100644 index 1f728714e8..0000000000 --- a/internal/auth/kiro/aws_test.go +++ /dev/null @@ -1,322 +0,0 @@ -package kiro - -import ( - "encoding/base64" - "strings" - "encoding/json" - "testing" -) - -func TestExtractEmailFromJWT(t *testing.T) { - tests := []struct { - name string - token string - expected string - }{ - { - name: "Empty token", - token: "", - expected: "", - }, - { - name: "Invalid token format", - token: "not.a.valid.jwt", - expected: "", - }, - { - name: "Invalid token - not base64", - token: "xxx.yyy.zzz", - expected: "", - }, - { - name: "Valid JWT with email", - token: createTestJWT(map[string]any{"email": "test@example.com", "sub": "user123"}), - expected: "test@example.com", - }, - { - name: "JWT without email but with preferred_username", - token: createTestJWT(map[string]any{"preferred_username": "user@domain.com", "sub": "user123"}), - expected: "user@domain.com", - }, - { - name: "JWT with email-like sub", - token: createTestJWT(map[string]any{"sub": "another@test.com"}), - expected: "another@test.com", - }, - { - name: "JWT without any email fields", - token: createTestJWT(map[string]any{"sub": "user123", "name": "Test User"}), - expected: "", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ExtractEmailFromJWT(tt.token) - if result != tt.expected { - t.Errorf("ExtractEmailFromJWT() = %q, want %q", result, tt.expected) - } - }) - } -} - -func TestSanitizeEmailForFilename(t *testing.T) { - tests := []struct { - name string - email string - expected string - }{ - { - name: "Empty email", - email: "", - expected: "", - }, - { - name: "Simple email", - email: "user@example.com", - expected: "user@example.com", - }, - { - name: "Email with space", - email: "user name@example.com", - expected: "user_name@example.com", - }, - { - name: "Email with special chars", - email: "user:name@example.com", - expected: "user_name@example.com", - }, - { - name: "Email with multiple special chars", - email: "user/name:test@example.com", - expected: "user_name_test@example.com", - }, - { - name: "Path traversal attempt", - email: "../../../etc/passwd", - expected: "_.__.__._etc_passwd", - }, - { - name: "Path traversal with backslash", - email: `..\..\..\..\windows\system32`, - expected: "_.__.__.__._windows_system32", - }, - { - name: "Null byte injection attempt", - email: "user\x00@evil.com", - expected: "user_@evil.com", - }, - // URL-encoded path traversal tests - { - name: "URL-encoded slash", - email: "user%2Fpath@example.com", - expected: "user_path@example.com", - }, - { - name: "URL-encoded backslash", - email: "user%5Cpath@example.com", - expected: "user_path@example.com", - }, - { - name: "URL-encoded dot", - email: "%2E%2E%2Fetc%2Fpasswd", - expected: "___etc_passwd", - }, - { - name: "URL-encoded null", - email: "user%00@evil.com", - expected: "user_@evil.com", - }, - { - name: "Double URL-encoding attack", - email: "%252F%252E%252E", - expected: "_252F_252E_252E", // % replaced with _, remaining chars preserved (safe) - }, - { - name: "Mixed case URL-encoding", - email: "%2f%2F%5c%5C", - expected: "____", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := SanitizeEmailForFilename(tt.email) - if result != tt.expected { - t.Errorf("SanitizeEmailForFilename() = %q, want %q", result, tt.expected) - } - }) - } -} - -// createTestJWT creates a test JWT token with the given claims -func createTestJWT(claims map[string]any) string { - header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"RS256","typ":"JWT"}`)) - - payloadBytes, _ := json.Marshal(claims) - payload := base64.RawURLEncoding.EncodeToString(payloadBytes) - - signature := base64.RawURLEncoding.EncodeToString([]byte("fake-signature")) - - return header + "." + payload + "." + signature -} - -func TestExtractIDCIdentifier(t *testing.T) { - tests := []struct { - name string - startURL string - expected string - }{ - { - name: "Empty URL", - startURL: "", - expected: "", - }, - { - name: "Standard IDC URL with d- prefix", - startURL: "https://d-1234567890.awsapps.com/start", - expected: "d-1234567890", - }, - { - name: "IDC URL with company name", - startURL: "https://my-company.awsapps.com/start", - expected: "my-company", - }, - { - name: "IDC URL with simple name", - startURL: "https://acme-corp.awsapps.com/start", - expected: "acme-corp", - }, - { - name: "IDC URL without https", - startURL: "http://d-9876543210.awsapps.com/start", - expected: "d-9876543210", - }, - { - name: "IDC URL with subdomain only", - startURL: "https://test.awsapps.com/start", - expected: "test", - }, - { - name: "Builder ID URL", - startURL: "https://view.awsapps.com/start", - expected: "view", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ExtractIDCIdentifier(tt.startURL) - if result != tt.expected { - t.Errorf("ExtractIDCIdentifier() = %q, want %q", result, tt.expected) - } - }) - } -} - -func TestGenerateTokenFileName(t *testing.T) { - // FIXED: Tests now handle timestamp suffix when Email is empty - tests := []struct { - name string - tokenData *KiroTokenData - expected string - }{ - { - name: "IDC with email", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "user@example.com", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-user-example-com.json", - }, - { - name: "IDC without email but with startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-d-1234567890", - }, - { - name: "IDC with company name in startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "https://my-company.awsapps.com/start", - }, - expected: "kiro-idc-my-company", - }, - { - name: "IDC without email and without startUrl", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "", - StartURL: "", - }, - expected: "kiro-idc", - }, - { - name: "Builder ID with email", - tokenData: &KiroTokenData{ - AuthMethod: "builder-id", - Email: "user@gmail.com", - StartURL: "https://view.awsapps.com/start", - }, - expected: "kiro-builder-id-user-gmail-com.json", - }, - { - name: "Builder ID without email", - tokenData: &KiroTokenData{ - AuthMethod: "builder-id", - Email: "", - StartURL: "https://view.awsapps.com/start", - }, - expected: "kiro-builder-id", - }, - { - name: "Social auth with email", - tokenData: &KiroTokenData{ - AuthMethod: "google", - Email: "user@gmail.com", - }, - expected: "kiro-google-user-gmail-com.json", - }, - { - name: "Empty auth method", - tokenData: &KiroTokenData{ - AuthMethod: "", - Email: "", - }, - expected: "kiro-unknown", - }, - { - name: "Email with special characters", - tokenData: &KiroTokenData{ - AuthMethod: "idc", - Email: "user.name+tag@sub.example.com", - StartURL: "https://d-1234567890.awsapps.com/start", - }, - expected: "kiro-idc-user-name+tag-sub-example-com.json", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := GenerateTokenFileName(tt.tokenData) - // Handle timestamp suffix: when no email, timestamp is added - if tt.tokenData.Email == "" { - // Should have prefix + timestamp suffix - if !strings.HasPrefix(result, tt.expected) || !strings.HasSuffix(result, ".json") { - t.Errorf("GenerateTokenFileName() = %q, want prefix %q + timestamp + .json", result, tt.expected) - } - } else { - // Exact match for email cases - if result != tt.expected { - t.Errorf("GenerateTokenFileName() = %q, want %q", result, tt.expected) - } - } - }) - } -} diff --git a/internal/auth/kiro/background_refresh.go b/internal/auth/kiro/background_refresh.go deleted file mode 100644 index 7638336b89..0000000000 --- a/internal/auth/kiro/background_refresh.go +++ /dev/null @@ -1,247 +0,0 @@ -package kiro - -import ( - "context" - "log" - "strings" - "sync" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "golang.org/x/sync/semaphore" -) - -type Token struct { - ID string - AccessToken string - RefreshToken string - ExpiresAt time.Time - LastVerified time.Time - ClientID string - ClientSecret string - AuthMethod string - Provider string - StartURL string - Region string -} - -type TokenRepository interface { - FindOldestUnverified(limit int) []*Token - UpdateToken(token *Token) error -} - -type RefresherOption func(*BackgroundRefresher) - -func WithInterval(interval time.Duration) RefresherOption { - return func(r *BackgroundRefresher) { - r.interval = interval - } -} - -func WithBatchSize(size int) RefresherOption { - return func(r *BackgroundRefresher) { - r.batchSize = size - } -} - -func WithConcurrency(concurrency int) RefresherOption { - return func(r *BackgroundRefresher) { - r.concurrency = concurrency - } -} - -type BackgroundRefresher struct { - interval time.Duration - batchSize int - concurrency int - tokenRepo TokenRepository - stopCh chan struct{} - wg sync.WaitGroup - oauth *KiroOAuth - ssoClient *SSOOIDCClient - callbackMu sync.RWMutex // 保护回调函数的并发访问 - onTokenRefreshed func(tokenID string, tokenData *KiroTokenData) // 刷新成功回调 -} - -func NewBackgroundRefresher(repo TokenRepository, opts ...RefresherOption) *BackgroundRefresher { - r := &BackgroundRefresher{ - interval: time.Minute, - batchSize: 50, - concurrency: 10, - tokenRepo: repo, - stopCh: make(chan struct{}), - oauth: nil, // Lazy init - will be set when config available - ssoClient: nil, // Lazy init - will be set when config available - } - for _, opt := range opts { - opt(r) - } - return r -} - -// WithConfig sets the configuration for OAuth and SSO clients. -func WithConfig(cfg *config.Config) RefresherOption { - return func(r *BackgroundRefresher) { - r.oauth = NewKiroOAuth(cfg) - r.ssoClient = NewSSOOIDCClient(cfg) - } -} - -// WithOnTokenRefreshed sets the callback function to be called when a token is successfully refreshed. -// The callback receives the token ID (filename) and the new token data. -// This allows external components (e.g., Watcher) to be notified of token updates. -func WithOnTokenRefreshed(callback func(tokenID string, tokenData *KiroTokenData)) RefresherOption { - return func(r *BackgroundRefresher) { - r.callbackMu.Lock() - r.onTokenRefreshed = callback - r.callbackMu.Unlock() - } -} - -func (r *BackgroundRefresher) Start(ctx context.Context) { - r.wg.Add(1) - go func() { - defer r.wg.Done() - ticker := time.NewTicker(r.interval) - defer ticker.Stop() - - r.refreshBatch(ctx) - - for { - select { - case <-ctx.Done(): - return - case <-r.stopCh: - return - case <-ticker.C: - r.refreshBatch(ctx) - } - } - }() -} - -func (r *BackgroundRefresher) Stop() { - close(r.stopCh) - r.wg.Wait() -} - -func (r *BackgroundRefresher) refreshBatch(ctx context.Context) { - tokens := r.tokenRepo.FindOldestUnverified(r.batchSize) - if len(tokens) == 0 { - return - } - - sem := semaphore.NewWeighted(int64(r.concurrency)) - var wg sync.WaitGroup - - for i, token := range tokens { - if i > 0 { - select { - case <-ctx.Done(): - return - case <-r.stopCh: - return - case <-time.After(100 * time.Millisecond): - } - } - - if err := sem.Acquire(ctx, 1); err != nil { - return - } - - wg.Add(1) - go func(t *Token) { - defer wg.Done() - defer sem.Release(1) - r.refreshSingle(ctx, t) - }(token) - } - - wg.Wait() -} - -func (r *BackgroundRefresher) refreshSingle(ctx context.Context, token *Token) { - // Normalize auth method to lowercase for case-insensitive matching - authMethod := strings.ToLower(token.AuthMethod) - - // Create refresh function based on auth method - refreshFunc := func(ctx context.Context) (*KiroTokenData, error) { - switch authMethod { - case "idc": - return r.ssoClient.RefreshTokenWithRegion( - ctx, - token.ClientID, - token.ClientSecret, - token.RefreshToken, - token.Region, - token.StartURL, - ) - case "builder-id": - return r.ssoClient.RefreshToken( - ctx, - token.ClientID, - token.ClientSecret, - token.RefreshToken, - ) - default: - return r.oauth.RefreshTokenWithFingerprint(ctx, token.RefreshToken, token.ID) - } - } - - // Use graceful degradation for better reliability - result := RefreshWithGracefulDegradation( - ctx, - refreshFunc, - token.AccessToken, - token.ExpiresAt, - ) - - if result.Error != nil { - log.Printf("failed to refresh token %s: %v", token.ID, result.Error) - return - } - - newTokenData := result.TokenData - if result.UsedFallback { - log.Printf("token %s: using existing token as fallback (refresh failed but token still valid)", token.ID) - // Don't update the token file if we're using fallback - // Just update LastVerified to prevent immediate re-check - token.LastVerified = time.Now() - return - } - - token.AccessToken = newTokenData.AccessToken - if newTokenData.RefreshToken != "" { - token.RefreshToken = newTokenData.RefreshToken - } - token.LastVerified = time.Now() - - if newTokenData.ExpiresAt != "" { - if expTime, parseErr := time.Parse(time.RFC3339, newTokenData.ExpiresAt); parseErr == nil { - token.ExpiresAt = expTime - } - } - - if err := r.tokenRepo.UpdateToken(token); err != nil { - log.Printf("failed to update token %s: %v", token.ID, err) - return - } - - // 方案 A: 刷新成功后触发回调,通知 Watcher 更新内存中的 Auth 对象 - r.callbackMu.RLock() - callback := r.onTokenRefreshed - r.callbackMu.RUnlock() - - if callback != nil { - // 使用 defer recover 隔离回调 panic,防止崩溃整个进程 - func() { - defer func() { - if rec := recover(); rec != nil { - log.Printf("background refresh: callback panic for token %s: %v", token.ID, rec) - } - }() - log.Printf("background refresh: notifying token refresh callback for %s", token.ID) - callback(token.ID, newTokenData) - }() - } -} diff --git a/internal/auth/kiro/codewhisperer_client.go b/internal/auth/kiro/codewhisperer_client.go deleted file mode 100644 index cac750b774..0000000000 --- a/internal/auth/kiro/codewhisperer_client.go +++ /dev/null @@ -1,166 +0,0 @@ -// Package kiro provides CodeWhisperer API client for fetching user info. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "time" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - codeWhispererAPI = "https://codewhisperer.us-east-1.amazonaws.com" - kiroVersion = "0.6.18" -) - -// CodeWhispererClient handles CodeWhisperer API calls. -type CodeWhispererClient struct { - httpClient *http.Client - machineID string -} - -// UsageLimitsResponse represents the getUsageLimits API response. -type UsageLimitsResponse struct { - DaysUntilReset *int `json:"daysUntilReset,omitempty"` - NextDateReset *float64 `json:"nextDateReset,omitempty"` - UserInfo *UserInfo `json:"userInfo,omitempty"` - SubscriptionInfo *SubscriptionInfo `json:"subscriptionInfo,omitempty"` - UsageBreakdownList []UsageBreakdown `json:"usageBreakdownList,omitempty"` -} - -// UserInfo contains user information from the API. -type UserInfo struct { - Email string `json:"email,omitempty"` - UserID string `json:"userId,omitempty"` -} - -// SubscriptionInfo contains subscription details. -type SubscriptionInfo struct { - SubscriptionTitle string `json:"subscriptionTitle,omitempty"` - Type string `json:"type,omitempty"` -} - -// UsageBreakdown contains usage details. -type UsageBreakdown struct { - UsageLimit *int `json:"usageLimit,omitempty"` - CurrentUsage *int `json:"currentUsage,omitempty"` - UsageLimitWithPrecision *float64 `json:"usageLimitWithPrecision,omitempty"` - CurrentUsageWithPrecision *float64 `json:"currentUsageWithPrecision,omitempty"` - NextDateReset *float64 `json:"nextDateReset,omitempty"` - DisplayName string `json:"displayName,omitempty"` - ResourceType string `json:"resourceType,omitempty"` -} - -// NewCodeWhispererClient creates a new CodeWhisperer client. -func NewCodeWhispererClient(cfg *config.Config, machineID string) *CodeWhispererClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - if machineID == "" { - machineID = uuid.New().String() - } - return &CodeWhispererClient{ - httpClient: client, - machineID: machineID, - } -} - -// generateInvocationID generates a unique invocation ID. -func generateInvocationID() string { - return uuid.New().String() -} - -// GetUsageLimits fetches usage limits and user info from CodeWhisperer API. -// This is the recommended way to get user email after login. -func (c *CodeWhispererClient) GetUsageLimits(ctx context.Context, accessToken string) (*UsageLimitsResponse, error) { - url := fmt.Sprintf("%s/getUsageLimits?isEmailRequired=true&origin=AI_EDITOR&resourceType=AGENTIC_REQUEST", codeWhispererAPI) - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - // Set headers to match Kiro IDE - xAmzUserAgent := fmt.Sprintf("aws-sdk-js/1.0.0 KiroIDE-%s-%s", kiroVersion, c.machineID) - userAgent := fmt.Sprintf("aws-sdk-js/1.0.0 ua/2.1 os/windows lang/js md/nodejs#20.16.0 api/codewhispererruntime#1.0.0 m/E KiroIDE-%s-%s", kiroVersion, c.machineID) - - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("x-amz-user-agent", xAmzUserAgent) - req.Header.Set("User-Agent", userAgent) - req.Header.Set("amz-sdk-invocation-id", generateInvocationID()) - req.Header.Set("amz-sdk-request", "attempt=1; max=1") - req.Header.Set("Connection", "close") - - log.Debugf("codewhisperer: GET %s", url) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - log.Debugf("codewhisperer: status=%d, body=%s", resp.StatusCode, string(body)) - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API returned status %d: %s", resp.StatusCode, string(body)) - } - - var result UsageLimitsResponse - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse response: %w", err) - } - - return &result, nil -} - -// FetchUserEmailFromAPI fetches user email using CodeWhisperer getUsageLimits API. -// This is more reliable than JWT parsing as it uses the official API. -func (c *CodeWhispererClient) FetchUserEmailFromAPI(ctx context.Context, accessToken string) string { - resp, err := c.GetUsageLimits(ctx, accessToken) - if err != nil { - log.Debugf("codewhisperer: failed to get usage limits: %v", err) - return "" - } - - if resp.UserInfo != nil && resp.UserInfo.Email != "" { - log.Debugf("codewhisperer: got email from API: %s", resp.UserInfo.Email) - return resp.UserInfo.Email - } - - log.Debugf("codewhisperer: no email in response") - return "" -} - -// FetchUserEmailWithFallback fetches user email with multiple fallback methods. -// Priority: 1. CodeWhisperer API 2. userinfo endpoint 3. JWT parsing -func FetchUserEmailWithFallback(ctx context.Context, cfg *config.Config, accessToken string) string { - // Method 1: Try CodeWhisperer API (most reliable) - cwClient := NewCodeWhispererClient(cfg, "") - email := cwClient.FetchUserEmailFromAPI(ctx, accessToken) - if email != "" { - return email - } - - // Method 2: Try SSO OIDC userinfo endpoint - ssoClient := NewSSOOIDCClient(cfg) - email = ssoClient.FetchUserEmail(ctx, accessToken) - if email != "" { - return email - } - - // Method 3: Fallback to JWT parsing - return ExtractEmailFromJWT(accessToken) -} diff --git a/internal/auth/kiro/cooldown.go b/internal/auth/kiro/cooldown.go deleted file mode 100644 index c1aabbcb4d..0000000000 --- a/internal/auth/kiro/cooldown.go +++ /dev/null @@ -1,112 +0,0 @@ -package kiro - -import ( - "sync" - "time" -) - -const ( - CooldownReason429 = "rate_limit_exceeded" - CooldownReasonSuspended = "account_suspended" - CooldownReasonQuotaExhausted = "quota_exhausted" - - DefaultShortCooldown = 1 * time.Minute - MaxShortCooldown = 5 * time.Minute - LongCooldown = 24 * time.Hour -) - -type CooldownManager struct { - mu sync.RWMutex - cooldowns map[string]time.Time - reasons map[string]string -} - -func NewCooldownManager() *CooldownManager { - return &CooldownManager{ - cooldowns: make(map[string]time.Time), - reasons: make(map[string]string), - } -} - -func (cm *CooldownManager) SetCooldown(tokenKey string, duration time.Duration, reason string) { - cm.mu.Lock() - defer cm.mu.Unlock() - cm.cooldowns[tokenKey] = time.Now().Add(duration) - cm.reasons[tokenKey] = reason -} - -func (cm *CooldownManager) IsInCooldown(tokenKey string) bool { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return false - } - return time.Now().Before(endTime) -} - -func (cm *CooldownManager) GetRemainingCooldown(tokenKey string) time.Duration { - cm.mu.RLock() - defer cm.mu.RUnlock() - endTime, exists := cm.cooldowns[tokenKey] - if !exists { - return 0 - } - remaining := time.Until(endTime) - if remaining < 0 { - return 0 - } - return remaining -} - -func (cm *CooldownManager) GetCooldownReason(tokenKey string) string { - cm.mu.RLock() - defer cm.mu.RUnlock() - return cm.reasons[tokenKey] -} - -func (cm *CooldownManager) ClearCooldown(tokenKey string) { - cm.mu.Lock() - defer cm.mu.Unlock() - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) -} - -func (cm *CooldownManager) CleanupExpired() { - cm.mu.Lock() - defer cm.mu.Unlock() - now := time.Now() - for tokenKey, endTime := range cm.cooldowns { - if now.After(endTime) { - delete(cm.cooldowns, tokenKey) - delete(cm.reasons, tokenKey) - } - } -} - -func (cm *CooldownManager) StartCleanupRoutine(interval time.Duration, stopCh <-chan struct{}) { - ticker := time.NewTicker(interval) - defer ticker.Stop() - for { - select { - case <-ticker.C: - cm.CleanupExpired() - case <-stopCh: - return - } - } -} - -func CalculateCooldownFor429(retryCount int) time.Duration { - duration := DefaultShortCooldown * time.Duration(1< MaxShortCooldown { - return MaxShortCooldown - } - return duration -} - -func CalculateCooldownUntilNextDay() time.Duration { - now := time.Now() - nextDay := time.Date(now.Year(), now.Month(), now.Day()+1, 0, 0, 0, 0, now.Location()) - return time.Until(nextDay) -} diff --git a/internal/auth/kiro/cooldown_test.go b/internal/auth/kiro/cooldown_test.go deleted file mode 100644 index e0b35df4fc..0000000000 --- a/internal/auth/kiro/cooldown_test.go +++ /dev/null @@ -1,240 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewCooldownManager(t *testing.T) { - cm := NewCooldownManager() - if cm == nil { - t.Fatal("expected non-nil CooldownManager") - } - if cm.cooldowns == nil { - t.Error("expected non-nil cooldowns map") - } - if cm.reasons == nil { - t.Error("expected non-nil reasons map") - } -} - -func TestSetCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - - if !cm.IsInCooldown("token1") { - t.Error("expected token to be in cooldown") - } - if cm.GetCooldownReason("token1") != CooldownReason429 { - t.Errorf("expected reason %s, got %s", CooldownReason429, cm.GetCooldownReason("token1")) - } -} - -func TestIsInCooldown_NotSet(t *testing.T) { - cm := NewCooldownManager() - if cm.IsInCooldown("nonexistent") { - t.Error("expected non-existent token to not be in cooldown") - } -} - -func TestIsInCooldown_Expired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Millisecond, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - - if cm.IsInCooldown("token1") { - t.Error("expected expired cooldown to return false") - } -} - -func TestGetRemainingCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Second, CooldownReason429) - - remaining := cm.GetRemainingCooldown("token1") - if remaining <= 0 || remaining > 1*time.Second { - t.Errorf("expected remaining cooldown between 0 and 1s, got %v", remaining) - } -} - -func TestGetRemainingCooldown_NotSet(t *testing.T) { - cm := NewCooldownManager() - remaining := cm.GetRemainingCooldown("nonexistent") - if remaining != 0 { - t.Errorf("expected 0 remaining for non-existent, got %v", remaining) - } -} - -func TestGetRemainingCooldown_Expired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Millisecond, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - - remaining := cm.GetRemainingCooldown("token1") - if remaining != 0 { - t.Errorf("expected 0 remaining for expired, got %v", remaining) - } -} - -func TestGetCooldownReason(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - reason := cm.GetCooldownReason("token1") - if reason != CooldownReasonSuspended { - t.Errorf("expected reason %s, got %s", CooldownReasonSuspended, reason) - } -} - -func TestGetCooldownReason_NotSet(t *testing.T) { - cm := NewCooldownManager() - reason := cm.GetCooldownReason("nonexistent") - if reason != "" { - t.Errorf("expected empty reason for non-existent, got %s", reason) - } -} - -func TestClearCooldown(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Minute, CooldownReason429) - cm.ClearCooldown("token1") - - if cm.IsInCooldown("token1") { - t.Error("expected cooldown to be cleared") - } - if cm.GetCooldownReason("token1") != "" { - t.Error("expected reason to be cleared") - } -} - -func TestClearCooldown_NonExistent(t *testing.T) { - cm := NewCooldownManager() - cm.ClearCooldown("nonexistent") -} - -func TestCleanupExpired(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("expired1", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("expired2", 1*time.Millisecond, CooldownReason429) - cm.SetCooldown("active", 1*time.Hour, CooldownReason429) - - time.Sleep(10 * time.Millisecond) - cm.CleanupExpired() - - if cm.GetCooldownReason("expired1") != "" { - t.Error("expected expired1 to be cleaned up") - } - if cm.GetCooldownReason("expired2") != "" { - t.Error("expected expired2 to be cleaned up") - } - if cm.GetCooldownReason("active") != CooldownReason429 { - t.Error("expected active to remain") - } -} - -func TestCalculateCooldownFor429_FirstRetry(t *testing.T) { - duration := CalculateCooldownFor429(0) - if duration != DefaultShortCooldown { - t.Errorf("expected %v for retry 0, got %v", DefaultShortCooldown, duration) - } -} - -func TestCalculateCooldownFor429_Exponential(t *testing.T) { - d1 := CalculateCooldownFor429(1) - d2 := CalculateCooldownFor429(2) - - if d2 <= d1 { - t.Errorf("expected d2 > d1, got d1=%v, d2=%v", d1, d2) - } -} - -func TestCalculateCooldownFor429_MaxCap(t *testing.T) { - duration := CalculateCooldownFor429(10) - if duration > MaxShortCooldown { - t.Errorf("expected max %v, got %v", MaxShortCooldown, duration) - } -} - -func TestCalculateCooldownUntilNextDay(t *testing.T) { - duration := CalculateCooldownUntilNextDay() - if duration <= 0 || duration > 24*time.Hour { - t.Errorf("expected duration between 0 and 24h, got %v", duration) - } -} - -func TestCooldownManager_ConcurrentAccess(t *testing.T) { - cm := NewCooldownManager() - const numGoroutines = 50 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - cm.SetCooldown(tokenKey, time.Duration(j)*time.Millisecond, CooldownReason429) - case 1: - cm.IsInCooldown(tokenKey) - case 2: - cm.GetRemainingCooldown(tokenKey) - case 3: - cm.GetCooldownReason(tokenKey) - case 4: - cm.ClearCooldown(tokenKey) - case 5: - cm.CleanupExpired() - } - } - }(i) - } - - wg.Wait() -} - -func TestCooldownReasonConstants(t *testing.T) { - if CooldownReason429 != "rate_limit_exceeded" { - t.Errorf("unexpected CooldownReason429: %s", CooldownReason429) - } - if CooldownReasonSuspended != "account_suspended" { - t.Errorf("unexpected CooldownReasonSuspended: %s", CooldownReasonSuspended) - } - if CooldownReasonQuotaExhausted != "quota_exhausted" { - t.Errorf("unexpected CooldownReasonQuotaExhausted: %s", CooldownReasonQuotaExhausted) - } -} - -func TestDefaultConstants(t *testing.T) { - if DefaultShortCooldown != 1*time.Minute { - t.Errorf("unexpected DefaultShortCooldown: %v", DefaultShortCooldown) - } - if MaxShortCooldown != 5*time.Minute { - t.Errorf("unexpected MaxShortCooldown: %v", MaxShortCooldown) - } - if LongCooldown != 24*time.Hour { - t.Errorf("unexpected LongCooldown: %v", LongCooldown) - } -} - -func TestSetCooldown_OverwritesPrevious(t *testing.T) { - cm := NewCooldownManager() - cm.SetCooldown("token1", 1*time.Hour, CooldownReason429) - cm.SetCooldown("token1", 1*time.Minute, CooldownReasonSuspended) - - reason := cm.GetCooldownReason("token1") - if reason != CooldownReasonSuspended { - t.Errorf("expected reason to be overwritten to %s, got %s", CooldownReasonSuspended, reason) - } - - remaining := cm.GetRemainingCooldown("token1") - if remaining > 1*time.Minute { - t.Errorf("expected remaining <= 1 minute, got %v", remaining) - } -} diff --git a/internal/auth/kiro/fingerprint.go b/internal/auth/kiro/fingerprint.go deleted file mode 100644 index c35e62b2b2..0000000000 --- a/internal/auth/kiro/fingerprint.go +++ /dev/null @@ -1,197 +0,0 @@ -package kiro - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "math/rand" - "net/http" - "sync" - "time" -) - -// Fingerprint 多维度指纹信息 -type Fingerprint struct { - SDKVersion string // 1.0.20-1.0.27 - OSType string // darwin/windows/linux - OSVersion string // 10.0.22621 - NodeVersion string // 18.x/20.x/22.x - KiroVersion string // 0.3.x-0.8.x - KiroHash string // SHA256 - AcceptLanguage string - ScreenResolution string // 1920x1080 - ColorDepth int // 24 - HardwareConcurrency int // CPU 核心数 - TimezoneOffset int -} - -// FingerprintManager 指纹管理器 -type FingerprintManager struct { - mu sync.RWMutex - fingerprints map[string]*Fingerprint // tokenKey -> fingerprint - rng *rand.Rand -} - -var ( - sdkVersions = []string{ - "1.0.20", "1.0.21", "1.0.22", "1.0.23", - "1.0.24", "1.0.25", "1.0.26", "1.0.27", - } - osTypes = []string{"darwin", "windows", "linux"} - osVersions = map[string][]string{ - "darwin": {"14.0", "14.1", "14.2", "14.3", "14.4", "14.5", "15.0", "15.1"}, - "windows": {"10.0.19041", "10.0.19042", "10.0.19043", "10.0.19044", "10.0.22621", "10.0.22631"}, - "linux": {"5.15.0", "6.1.0", "6.2.0", "6.5.0", "6.6.0", "6.8.0"}, - } - nodeVersions = []string{ - "18.17.0", "18.18.0", "18.19.0", "18.20.0", - "20.9.0", "20.10.0", "20.11.0", "20.12.0", "20.13.0", - "22.0.0", "22.1.0", "22.2.0", "22.3.0", - } - kiroVersions = []string{ - "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.5.0", "0.5.1", - "0.6.0", "0.6.1", "0.7.0", "0.7.1", "0.8.0", "0.8.1", - } - acceptLanguages = []string{ - "en-US,en;q=0.9", - "en-GB,en;q=0.9", - "zh-CN,zh;q=0.9,en;q=0.8", - "zh-TW,zh;q=0.9,en;q=0.8", - "ja-JP,ja;q=0.9,en;q=0.8", - "ko-KR,ko;q=0.9,en;q=0.8", - "de-DE,de;q=0.9,en;q=0.8", - "fr-FR,fr;q=0.9,en;q=0.8", - } - screenResolutions = []string{ - "1920x1080", "2560x1440", "3840x2160", - "1366x768", "1440x900", "1680x1050", - "2560x1600", "3440x1440", - } - colorDepths = []int{24, 32} - hardwareConcurrencies = []int{4, 6, 8, 10, 12, 16, 20, 24, 32} - timezoneOffsets = []int{-480, -420, -360, -300, -240, 0, 60, 120, 480, 540} -) - -// NewFingerprintManager 创建指纹管理器 -func NewFingerprintManager() *FingerprintManager { - return &FingerprintManager{ - fingerprints: make(map[string]*Fingerprint), - rng: rand.New(rand.NewSource(time.Now().UnixNano())), - } -} - -// GetFingerprint 获取或生成 Token 关联的指纹 -func (fm *FingerprintManager) GetFingerprint(tokenKey string) *Fingerprint { - fm.mu.RLock() - if fp, exists := fm.fingerprints[tokenKey]; exists { - fm.mu.RUnlock() - return fp - } - fm.mu.RUnlock() - - fm.mu.Lock() - defer fm.mu.Unlock() - - if fp, exists := fm.fingerprints[tokenKey]; exists { - return fp - } - - fp := fm.generateFingerprint(tokenKey) - fm.fingerprints[tokenKey] = fp - return fp -} - -// generateFingerprint 生成新的指纹 -func (fm *FingerprintManager) generateFingerprint(tokenKey string) *Fingerprint { - osType := fm.randomChoice(osTypes) - osVersion := fm.randomChoice(osVersions[osType]) - kiroVersion := fm.randomChoice(kiroVersions) - - fp := &Fingerprint{ - SDKVersion: fm.randomChoice(sdkVersions), - OSType: osType, - OSVersion: osVersion, - NodeVersion: fm.randomChoice(nodeVersions), - KiroVersion: kiroVersion, - AcceptLanguage: fm.randomChoice(acceptLanguages), - ScreenResolution: fm.randomChoice(screenResolutions), - ColorDepth: fm.randomIntChoice(colorDepths), - HardwareConcurrency: fm.randomIntChoice(hardwareConcurrencies), - TimezoneOffset: fm.randomIntChoice(timezoneOffsets), - } - - fp.KiroHash = fm.generateKiroHash(tokenKey, kiroVersion, osType) - return fp -} - -// generateKiroHash 生成 Kiro Hash -func (fm *FingerprintManager) generateKiroHash(tokenKey, kiroVersion, osType string) string { - data := fmt.Sprintf("%s:%s:%s:%d", tokenKey, kiroVersion, osType, time.Now().UnixNano()) - hash := sha256.Sum256([]byte(data)) - return hex.EncodeToString(hash[:]) -} - -// randomChoice 随机选择字符串 -func (fm *FingerprintManager) randomChoice(choices []string) string { - return choices[fm.rng.Intn(len(choices))] -} - -// randomIntChoice 随机选择整数 -func (fm *FingerprintManager) randomIntChoice(choices []int) int { - return choices[fm.rng.Intn(len(choices))] -} - -// ApplyToRequest 将指纹信息应用到 HTTP 请求头 -func (fp *Fingerprint) ApplyToRequest(req *http.Request) { - req.Header.Set("X-Kiro-SDK-Version", fp.SDKVersion) - req.Header.Set("X-Kiro-OS-Type", fp.OSType) - req.Header.Set("X-Kiro-OS-Version", fp.OSVersion) - req.Header.Set("X-Kiro-Node-Version", fp.NodeVersion) - req.Header.Set("X-Kiro-Version", fp.KiroVersion) - req.Header.Set("X-Kiro-Hash", fp.KiroHash) - req.Header.Set("Accept-Language", fp.AcceptLanguage) - req.Header.Set("X-Screen-Resolution", fp.ScreenResolution) - req.Header.Set("X-Color-Depth", fmt.Sprintf("%d", fp.ColorDepth)) - req.Header.Set("X-Hardware-Concurrency", fmt.Sprintf("%d", fp.HardwareConcurrency)) - req.Header.Set("X-Timezone-Offset", fmt.Sprintf("%d", fp.TimezoneOffset)) -} - -// RemoveFingerprint 移除 Token 关联的指纹 -func (fm *FingerprintManager) RemoveFingerprint(tokenKey string) { - fm.mu.Lock() - defer fm.mu.Unlock() - delete(fm.fingerprints, tokenKey) -} - -// Count 返回当前管理的指纹数量 -func (fm *FingerprintManager) Count() int { - fm.mu.RLock() - defer fm.mu.RUnlock() - return len(fm.fingerprints) -} - -// BuildUserAgent 构建 User-Agent 字符串 (Kiro IDE 风格) -// 格式: aws-sdk-js/{SDKVersion} ua/2.1 os/{OSType}#{OSVersion} lang/js md/nodejs#{NodeVersion} api/codewhispererstreaming#{SDKVersion} m/E KiroIDE-{KiroVersion}-{KiroHash} -func (fp *Fingerprint) BuildUserAgent() string { - return fmt.Sprintf( - "aws-sdk-js/%s ua/2.1 os/%s#%s lang/js md/nodejs#%s api/codewhispererstreaming#%s m/E KiroIDE-%s-%s", - fp.SDKVersion, - fp.OSType, - fp.OSVersion, - fp.NodeVersion, - fp.SDKVersion, - fp.KiroVersion, - fp.KiroHash, - ) -} - -// BuildAmzUserAgent 构建 X-Amz-User-Agent 字符串 -// 格式: aws-sdk-js/{SDKVersion} KiroIDE-{KiroVersion}-{KiroHash} -func (fp *Fingerprint) BuildAmzUserAgent() string { - return fmt.Sprintf( - "aws-sdk-js/%s KiroIDE-%s-%s", - fp.SDKVersion, - fp.KiroVersion, - fp.KiroHash, - ) -} diff --git a/internal/auth/kiro/fingerprint_test.go b/internal/auth/kiro/fingerprint_test.go deleted file mode 100644 index e0ae51f2f8..0000000000 --- a/internal/auth/kiro/fingerprint_test.go +++ /dev/null @@ -1,227 +0,0 @@ -package kiro - -import ( - "net/http" - "sync" - "testing" -) - -func TestNewFingerprintManager(t *testing.T) { - fm := NewFingerprintManager() - if fm == nil { - t.Fatal("expected non-nil FingerprintManager") - } - if fm.fingerprints == nil { - t.Error("expected non-nil fingerprints map") - } - if fm.rng == nil { - t.Error("expected non-nil rng") - } -} - -func TestGetFingerprint_NewToken(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - if fp == nil { - t.Fatal("expected non-nil Fingerprint") - } - if fp.SDKVersion == "" { - t.Error("expected non-empty SDKVersion") - } - if fp.OSType == "" { - t.Error("expected non-empty OSType") - } - if fp.OSVersion == "" { - t.Error("expected non-empty OSVersion") - } - if fp.NodeVersion == "" { - t.Error("expected non-empty NodeVersion") - } - if fp.KiroVersion == "" { - t.Error("expected non-empty KiroVersion") - } - if fp.KiroHash == "" { - t.Error("expected non-empty KiroHash") - } - if fp.AcceptLanguage == "" { - t.Error("expected non-empty AcceptLanguage") - } - if fp.ScreenResolution == "" { - t.Error("expected non-empty ScreenResolution") - } - if fp.ColorDepth == 0 { - t.Error("expected non-zero ColorDepth") - } - if fp.HardwareConcurrency == 0 { - t.Error("expected non-zero HardwareConcurrency") - } -} - -func TestGetFingerprint_SameTokenReturnsSameFingerprint(t *testing.T) { - fm := NewFingerprintManager() - fp1 := fm.GetFingerprint("token1") - fp2 := fm.GetFingerprint("token1") - - if fp1 != fp2 { - t.Error("expected same fingerprint for same token") - } -} - -func TestGetFingerprint_DifferentTokens(t *testing.T) { - fm := NewFingerprintManager() - fp1 := fm.GetFingerprint("token1") - fp2 := fm.GetFingerprint("token2") - - if fp1 == fp2 { - t.Error("expected different fingerprints for different tokens") - } -} - -func TestRemoveFingerprint(t *testing.T) { - fm := NewFingerprintManager() - fm.GetFingerprint("token1") - if fm.Count() != 1 { - t.Fatalf("expected count 1, got %d", fm.Count()) - } - - fm.RemoveFingerprint("token1") - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } -} - -func TestRemoveFingerprint_NonExistent(t *testing.T) { - fm := NewFingerprintManager() - fm.RemoveFingerprint("nonexistent") - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } -} - -func TestCount(t *testing.T) { - fm := NewFingerprintManager() - if fm.Count() != 0 { - t.Errorf("expected count 0, got %d", fm.Count()) - } - - fm.GetFingerprint("token1") - fm.GetFingerprint("token2") - fm.GetFingerprint("token3") - - if fm.Count() != 3 { - t.Errorf("expected count 3, got %d", fm.Count()) - } -} - -func TestApplyToRequest(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - req, _ := http.NewRequest("GET", "http://example.com", nil) - fp.ApplyToRequest(req) - - if req.Header.Get("X-Kiro-SDK-Version") != fp.SDKVersion { - t.Error("X-Kiro-SDK-Version header mismatch") - } - if req.Header.Get("X-Kiro-OS-Type") != fp.OSType { - t.Error("X-Kiro-OS-Type header mismatch") - } - if req.Header.Get("X-Kiro-OS-Version") != fp.OSVersion { - t.Error("X-Kiro-OS-Version header mismatch") - } - if req.Header.Get("X-Kiro-Node-Version") != fp.NodeVersion { - t.Error("X-Kiro-Node-Version header mismatch") - } - if req.Header.Get("X-Kiro-Version") != fp.KiroVersion { - t.Error("X-Kiro-Version header mismatch") - } - if req.Header.Get("X-Kiro-Hash") != fp.KiroHash { - t.Error("X-Kiro-Hash header mismatch") - } - if req.Header.Get("Accept-Language") != fp.AcceptLanguage { - t.Error("Accept-Language header mismatch") - } - if req.Header.Get("X-Screen-Resolution") != fp.ScreenResolution { - t.Error("X-Screen-Resolution header mismatch") - } -} - -func TestGetFingerprint_OSVersionMatchesOSType(t *testing.T) { - fm := NewFingerprintManager() - - for i := 0; i < 20; i++ { - fp := fm.GetFingerprint("token" + string(rune('a'+i))) - validVersions := osVersions[fp.OSType] - found := false - for _, v := range validVersions { - if v == fp.OSVersion { - found = true - break - } - } - if !found { - t.Errorf("OS version %s not valid for OS type %s", fp.OSVersion, fp.OSType) - } - } -} - -func TestFingerprintManager_ConcurrentAccess(t *testing.T) { - fm := NewFingerprintManager() - const numGoroutines = 100 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - for j := 0; j < numOperations; j++ { - tokenKey := "token" + string(rune('a'+id%26)) - switch j % 4 { - case 0: - fm.GetFingerprint(tokenKey) - case 1: - fm.Count() - case 2: - fp := fm.GetFingerprint(tokenKey) - req, _ := http.NewRequest("GET", "http://example.com", nil) - fp.ApplyToRequest(req) - case 3: - fm.RemoveFingerprint(tokenKey) - } - } - }(i) - } - - wg.Wait() -} - -func TestKiroHashUniqueness(t *testing.T) { - fm := NewFingerprintManager() - hashes := make(map[string]bool) - - for i := 0; i < 100; i++ { - fp := fm.GetFingerprint("token" + string(rune(i))) - if hashes[fp.KiroHash] { - t.Errorf("duplicate KiroHash detected: %s", fp.KiroHash) - } - hashes[fp.KiroHash] = true - } -} - -func TestKiroHashFormat(t *testing.T) { - fm := NewFingerprintManager() - fp := fm.GetFingerprint("token1") - - if len(fp.KiroHash) != 64 { - t.Errorf("expected KiroHash length 64 (SHA256 hex), got %d", len(fp.KiroHash)) - } - - for _, c := range fp.KiroHash { - if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f')) { - t.Errorf("invalid hex character in KiroHash: %c", c) - } - } -} diff --git a/internal/auth/kiro/jitter.go b/internal/auth/kiro/jitter.go deleted file mode 100644 index 0569a8fb18..0000000000 --- a/internal/auth/kiro/jitter.go +++ /dev/null @@ -1,174 +0,0 @@ -package kiro - -import ( - "math/rand" - "sync" - "time" -) - -// Jitter configuration constants -const ( - // JitterPercent is the default percentage of jitter to apply (±30%) - JitterPercent = 0.30 - - // Human-like delay ranges - ShortDelayMin = 50 * time.Millisecond // Minimum for rapid consecutive operations - ShortDelayMax = 200 * time.Millisecond // Maximum for rapid consecutive operations - NormalDelayMin = 1 * time.Second // Minimum for normal thinking time - NormalDelayMax = 3 * time.Second // Maximum for normal thinking time - LongDelayMin = 5 * time.Second // Minimum for reading/resting - LongDelayMax = 10 * time.Second // Maximum for reading/resting - - // Probability thresholds for human-like behavior - ShortDelayProbability = 0.20 // 20% chance of short delay (consecutive ops) - LongDelayProbability = 0.05 // 5% chance of long delay (reading/resting) - NormalDelayProbability = 0.75 // 75% chance of normal delay (thinking) -) - -var ( - jitterRand *rand.Rand - jitterRandOnce sync.Once - jitterMu sync.Mutex - lastRequestTime time.Time -) - -// initJitterRand initializes the random number generator for jitter calculations. -// Uses a time-based seed for unpredictable but reproducible randomness. -func initJitterRand() { - jitterRandOnce.Do(func() { - jitterRand = rand.New(rand.NewSource(time.Now().UnixNano())) - }) -} - -// RandomDelay generates a random delay between min and max duration. -// Thread-safe implementation using mutex protection. -func RandomDelay(min, max time.Duration) time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - if min >= max { - return min - } - - rangeMs := max.Milliseconds() - min.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return min + time.Duration(randomMs)*time.Millisecond -} - -// JitterDelay adds jitter to a base delay. -// Applies ±jitterPercent variation to the base delay. -// For example, JitterDelay(1*time.Second, 0.30) returns a value between 700ms and 1300ms. -func JitterDelay(baseDelay time.Duration, jitterPercent float64) time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - if jitterPercent <= 0 || jitterPercent > 1 { - jitterPercent = JitterPercent - } - - // Calculate jitter range: base * jitterPercent - jitterRange := float64(baseDelay) * jitterPercent - - // Generate random value in range [-jitterRange, +jitterRange] - jitter := (jitterRand.Float64()*2 - 1) * jitterRange - - result := time.Duration(float64(baseDelay) + jitter) - if result < 0 { - return 0 - } - return result -} - -// JitterDelayDefault applies the default ±30% jitter to a base delay. -func JitterDelayDefault(baseDelay time.Duration) time.Duration { - return JitterDelay(baseDelay, JitterPercent) -} - -// HumanLikeDelay generates a delay that mimics human behavior patterns. -// The delay is selected based on probability distribution: -// - 20% chance: Short delay (50-200ms) - simulates consecutive rapid operations -// - 75% chance: Normal delay (1-3s) - simulates thinking/reading time -// - 5% chance: Long delay (5-10s) - simulates breaks/reading longer content -// -// Returns the delay duration (caller should call time.Sleep with this value). -func HumanLikeDelay() time.Duration { - initJitterRand() - jitterMu.Lock() - defer jitterMu.Unlock() - - // Track time since last request for adaptive behavior - now := time.Now() - timeSinceLastRequest := now.Sub(lastRequestTime) - lastRequestTime = now - - // If requests are very close together, use short delay - if timeSinceLastRequest < 500*time.Millisecond && timeSinceLastRequest > 0 { - rangeMs := ShortDelayMax.Milliseconds() - ShortDelayMin.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return ShortDelayMin + time.Duration(randomMs)*time.Millisecond - } - - // Otherwise, use probability-based selection - roll := jitterRand.Float64() - - var min, max time.Duration - switch { - case roll < ShortDelayProbability: - // Short delay - consecutive operations - min, max = ShortDelayMin, ShortDelayMax - case roll < ShortDelayProbability+LongDelayProbability: - // Long delay - reading/resting - min, max = LongDelayMin, LongDelayMax - default: - // Normal delay - thinking time - min, max = NormalDelayMin, NormalDelayMax - } - - rangeMs := max.Milliseconds() - min.Milliseconds() - randomMs := jitterRand.Int63n(rangeMs) - return min + time.Duration(randomMs)*time.Millisecond -} - -// ApplyHumanLikeDelay applies human-like delay by sleeping. -// This is a convenience function that combines HumanLikeDelay with time.Sleep. -func ApplyHumanLikeDelay() { - delay := HumanLikeDelay() - if delay > 0 { - time.Sleep(delay) - } -} - -// ExponentialBackoffWithJitter calculates retry delay using exponential backoff with jitter. -// Formula: min(baseDelay * 2^attempt + jitter, maxDelay) -// This helps prevent thundering herd problem when multiple clients retry simultaneously. -func ExponentialBackoffWithJitter(attempt int, baseDelay, maxDelay time.Duration) time.Duration { - if attempt < 0 { - attempt = 0 - } - - // Calculate exponential backoff: baseDelay * 2^attempt - backoff := baseDelay * time.Duration(1< maxDelay { - backoff = maxDelay - } - - // Add ±30% jitter - return JitterDelay(backoff, JitterPercent) -} - -// ShouldSkipDelay determines if delay should be skipped based on context. -// Returns true for streaming responses, WebSocket connections, etc. -// This function can be extended to check additional skip conditions. -func ShouldSkipDelay(isStreaming bool) bool { - return isStreaming -} - -// ResetLastRequestTime resets the last request time tracker. -// Useful for testing or when starting a new session. -func ResetLastRequestTime() { - jitterMu.Lock() - defer jitterMu.Unlock() - lastRequestTime = time.Time{} -} diff --git a/internal/auth/kiro/metrics.go b/internal/auth/kiro/metrics.go deleted file mode 100644 index 0fe2d0c69e..0000000000 --- a/internal/auth/kiro/metrics.go +++ /dev/null @@ -1,187 +0,0 @@ -package kiro - -import ( - "math" - "sync" - "time" -) - -// TokenMetrics holds performance metrics for a single token. -type TokenMetrics struct { - SuccessRate float64 // Success rate (0.0 - 1.0) - AvgLatency float64 // Average latency in milliseconds - QuotaRemaining float64 // Remaining quota (0.0 - 1.0) - LastUsed time.Time // Last usage timestamp - FailCount int // Consecutive failure count - TotalRequests int // Total request count - successCount int // Internal: successful request count - totalLatency float64 // Internal: cumulative latency -} - -// TokenScorer manages token metrics and scoring. -type TokenScorer struct { - mu sync.RWMutex - metrics map[string]*TokenMetrics - - // Scoring weights - successRateWeight float64 - quotaWeight float64 - latencyWeight float64 - lastUsedWeight float64 - failPenaltyMultiplier float64 -} - -// NewTokenScorer creates a new TokenScorer with default weights. -func NewTokenScorer() *TokenScorer { - return &TokenScorer{ - metrics: make(map[string]*TokenMetrics), - successRateWeight: 0.4, - quotaWeight: 0.25, - latencyWeight: 0.2, - lastUsedWeight: 0.15, - failPenaltyMultiplier: 0.1, - } -} - -// getOrCreateMetrics returns existing metrics or creates new ones. -func (s *TokenScorer) getOrCreateMetrics(tokenKey string) *TokenMetrics { - if m, ok := s.metrics[tokenKey]; ok { - return m - } - m := &TokenMetrics{ - SuccessRate: 1.0, - QuotaRemaining: 1.0, - } - s.metrics[tokenKey] = m - return m -} - -// RecordRequest records the result of a request for a token. -func (s *TokenScorer) RecordRequest(tokenKey string, success bool, latency time.Duration) { - s.mu.Lock() - defer s.mu.Unlock() - - m := s.getOrCreateMetrics(tokenKey) - m.TotalRequests++ - m.LastUsed = time.Now() - m.totalLatency += float64(latency.Milliseconds()) - - if success { - m.successCount++ - m.FailCount = 0 - } else { - m.FailCount++ - } - - // Update derived metrics - if m.TotalRequests > 0 { - m.SuccessRate = float64(m.successCount) / float64(m.TotalRequests) - m.AvgLatency = m.totalLatency / float64(m.TotalRequests) - } -} - -// SetQuotaRemaining updates the remaining quota for a token. -func (s *TokenScorer) SetQuotaRemaining(tokenKey string, quota float64) { - s.mu.Lock() - defer s.mu.Unlock() - - m := s.getOrCreateMetrics(tokenKey) - m.QuotaRemaining = quota -} - -// GetMetrics returns a copy of the metrics for a token. -func (s *TokenScorer) GetMetrics(tokenKey string) *TokenMetrics { - s.mu.RLock() - defer s.mu.RUnlock() - - if m, ok := s.metrics[tokenKey]; ok { - copy := *m - return © - } - return nil -} - -// CalculateScore computes the score for a token (higher is better). -func (s *TokenScorer) CalculateScore(tokenKey string) float64 { - s.mu.RLock() - defer s.mu.RUnlock() - - m, ok := s.metrics[tokenKey] - if !ok { - return 1.0 // New tokens get a high initial score - } - - // Success rate component (0-1) - successScore := m.SuccessRate - - // Quota component (0-1) - quotaScore := m.QuotaRemaining - - // Latency component (normalized, lower is better) - // Using exponential decay: score = e^(-latency/1000) - // 1000ms latency -> ~0.37 score, 100ms -> ~0.90 score - latencyScore := math.Exp(-m.AvgLatency / 1000.0) - if m.TotalRequests == 0 { - latencyScore = 1.0 - } - - // Last used component (prefer tokens not recently used) - // Score increases as time since last use increases - timeSinceUse := time.Since(m.LastUsed).Seconds() - // Normalize: 60 seconds -> ~0.63 score, 0 seconds -> 0 score - lastUsedScore := 1.0 - math.Exp(-timeSinceUse/60.0) - if m.LastUsed.IsZero() { - lastUsedScore = 1.0 - } - - // Calculate weighted score - score := s.successRateWeight*successScore + - s.quotaWeight*quotaScore + - s.latencyWeight*latencyScore + - s.lastUsedWeight*lastUsedScore - - // Apply consecutive failure penalty - if m.FailCount > 0 { - penalty := s.failPenaltyMultiplier * float64(m.FailCount) - score = score * math.Max(0, 1.0-penalty) - } - - return score -} - -// SelectBestToken selects the token with the highest score. -func (s *TokenScorer) SelectBestToken(tokens []string) string { - if len(tokens) == 0 { - return "" - } - if len(tokens) == 1 { - return tokens[0] - } - - bestToken := tokens[0] - bestScore := s.CalculateScore(tokens[0]) - - for _, token := range tokens[1:] { - score := s.CalculateScore(token) - if score > bestScore { - bestScore = score - bestToken = token - } - } - - return bestToken -} - -// ResetMetrics clears all metrics for a token. -func (s *TokenScorer) ResetMetrics(tokenKey string) { - s.mu.Lock() - defer s.mu.Unlock() - delete(s.metrics, tokenKey) -} - -// ResetAllMetrics clears all stored metrics. -func (s *TokenScorer) ResetAllMetrics() { - s.mu.Lock() - defer s.mu.Unlock() - s.metrics = make(map[string]*TokenMetrics) -} diff --git a/internal/auth/kiro/metrics_test.go b/internal/auth/kiro/metrics_test.go deleted file mode 100644 index ffe2a876a3..0000000000 --- a/internal/auth/kiro/metrics_test.go +++ /dev/null @@ -1,301 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewTokenScorer(t *testing.T) { - s := NewTokenScorer() - if s == nil { - t.Fatal("expected non-nil TokenScorer") - } - if s.metrics == nil { - t.Error("expected non-nil metrics map") - } - if s.successRateWeight != 0.4 { - t.Errorf("expected successRateWeight 0.4, got %f", s.successRateWeight) - } - if s.quotaWeight != 0.25 { - t.Errorf("expected quotaWeight 0.25, got %f", s.quotaWeight) - } -} - -func TestRecordRequest_Success(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m == nil { - t.Fatal("expected non-nil metrics") - } - if m.TotalRequests != 1 { - t.Errorf("expected TotalRequests 1, got %d", m.TotalRequests) - } - if m.SuccessRate != 1.0 { - t.Errorf("expected SuccessRate 1.0, got %f", m.SuccessRate) - } - if m.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", m.FailCount) - } - if m.AvgLatency != 100 { - t.Errorf("expected AvgLatency 100, got %f", m.AvgLatency) - } -} - -func TestRecordRequest_Failure(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", false, 200*time.Millisecond) - - m := s.GetMetrics("token1") - if m.SuccessRate != 0.0 { - t.Errorf("expected SuccessRate 0.0, got %f", m.SuccessRate) - } - if m.FailCount != 1 { - t.Errorf("expected FailCount 1, got %d", m.FailCount) - } -} - -func TestRecordRequest_MixedResults(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.TotalRequests != 4 { - t.Errorf("expected TotalRequests 4, got %d", m.TotalRequests) - } - if m.SuccessRate != 0.75 { - t.Errorf("expected SuccessRate 0.75, got %f", m.SuccessRate) - } - if m.FailCount != 0 { - t.Errorf("expected FailCount 0 (reset on success), got %d", m.FailCount) - } -} - -func TestRecordRequest_ConsecutiveFailures(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.FailCount != 3 { - t.Errorf("expected FailCount 3, got %d", m.FailCount) - } -} - -func TestSetQuotaRemaining(t *testing.T) { - s := NewTokenScorer() - s.SetQuotaRemaining("token1", 0.5) - - m := s.GetMetrics("token1") - if m.QuotaRemaining != 0.5 { - t.Errorf("expected QuotaRemaining 0.5, got %f", m.QuotaRemaining) - } -} - -func TestGetMetrics_NonExistent(t *testing.T) { - s := NewTokenScorer() - m := s.GetMetrics("nonexistent") - if m != nil { - t.Error("expected nil metrics for non-existent token") - } -} - -func TestGetMetrics_ReturnsCopy(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m1 := s.GetMetrics("token1") - m1.TotalRequests = 999 - - m2 := s.GetMetrics("token1") - if m2.TotalRequests == 999 { - t.Error("GetMetrics should return a copy") - } -} - -func TestCalculateScore_NewToken(t *testing.T) { - s := NewTokenScorer() - score := s.CalculateScore("newtoken") - if score != 1.0 { - t.Errorf("expected score 1.0 for new token, got %f", score) - } -} - -func TestCalculateScore_PerfectToken(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 50*time.Millisecond) - s.SetQuotaRemaining("token1", 1.0) - - time.Sleep(100 * time.Millisecond) - score := s.CalculateScore("token1") - if score < 0.5 || score > 1.0 { - t.Errorf("expected high score for perfect token, got %f", score) - } -} - -func TestCalculateScore_FailedToken(t *testing.T) { - s := NewTokenScorer() - for i := 0; i < 5; i++ { - s.RecordRequest("token1", false, 1000*time.Millisecond) - } - s.SetQuotaRemaining("token1", 0.1) - - score := s.CalculateScore("token1") - if score > 0.5 { - t.Errorf("expected low score for failed token, got %f", score) - } -} - -func TestCalculateScore_FailPenalty(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - scoreNoFail := s.CalculateScore("token1") - - s.RecordRequest("token1", false, 100*time.Millisecond) - s.RecordRequest("token1", false, 100*time.Millisecond) - scoreWithFail := s.CalculateScore("token1") - - if scoreWithFail >= scoreNoFail { - t.Errorf("expected lower score with consecutive failures: noFail=%f, withFail=%f", scoreNoFail, scoreWithFail) - } -} - -func TestSelectBestToken_Empty(t *testing.T) { - s := NewTokenScorer() - best := s.SelectBestToken([]string{}) - if best != "" { - t.Errorf("expected empty string for empty tokens, got %s", best) - } -} - -func TestSelectBestToken_SingleToken(t *testing.T) { - s := NewTokenScorer() - best := s.SelectBestToken([]string{"token1"}) - if best != "token1" { - t.Errorf("expected token1, got %s", best) - } -} - -func TestSelectBestToken_MultipleTokens(t *testing.T) { - s := NewTokenScorer() - - s.RecordRequest("bad", false, 1000*time.Millisecond) - s.RecordRequest("bad", false, 1000*time.Millisecond) - s.SetQuotaRemaining("bad", 0.1) - - s.RecordRequest("good", true, 50*time.Millisecond) - s.SetQuotaRemaining("good", 0.9) - - time.Sleep(50 * time.Millisecond) - - best := s.SelectBestToken([]string{"bad", "good"}) - if best != "good" { - t.Errorf("expected good token to be selected, got %s", best) - } -} - -func TestResetMetrics(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.ResetMetrics("token1") - - m := s.GetMetrics("token1") - if m != nil { - t.Error("expected nil metrics after reset") - } -} - -func TestResetAllMetrics(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token2", true, 100*time.Millisecond) - s.RecordRequest("token3", true, 100*time.Millisecond) - - s.ResetAllMetrics() - - if s.GetMetrics("token1") != nil { - t.Error("expected nil metrics for token1 after reset all") - } - if s.GetMetrics("token2") != nil { - t.Error("expected nil metrics for token2 after reset all") - } -} - -func TestTokenScorer_ConcurrentAccess(t *testing.T) { - s := NewTokenScorer() - const numGoroutines = 50 - const numOperations = 100 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - s.RecordRequest(tokenKey, j%2 == 0, time.Duration(j)*time.Millisecond) - case 1: - s.SetQuotaRemaining(tokenKey, float64(j%100)/100) - case 2: - s.GetMetrics(tokenKey) - case 3: - s.CalculateScore(tokenKey) - case 4: - s.SelectBestToken([]string{tokenKey, "token_x", "token_y"}) - case 5: - if j%20 == 0 { - s.ResetMetrics(tokenKey) - } - } - } - }(i) - } - - wg.Wait() -} - -func TestAvgLatencyCalculation(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - s.RecordRequest("token1", true, 200*time.Millisecond) - s.RecordRequest("token1", true, 300*time.Millisecond) - - m := s.GetMetrics("token1") - if m.AvgLatency != 200 { - t.Errorf("expected AvgLatency 200, got %f", m.AvgLatency) - } -} - -func TestLastUsedUpdated(t *testing.T) { - s := NewTokenScorer() - before := time.Now() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.LastUsed.Before(before) { - t.Error("expected LastUsed to be after test start time") - } - if m.LastUsed.After(time.Now()) { - t.Error("expected LastUsed to be before or equal to now") - } -} - -func TestDefaultQuotaForNewToken(t *testing.T) { - s := NewTokenScorer() - s.RecordRequest("token1", true, 100*time.Millisecond) - - m := s.GetMetrics("token1") - if m.QuotaRemaining != 1.0 { - t.Errorf("expected default QuotaRemaining 1.0, got %f", m.QuotaRemaining) - } -} diff --git a/internal/auth/kiro/oauth.go b/internal/auth/kiro/oauth.go deleted file mode 100644 index 2b20f3db01..0000000000 --- a/internal/auth/kiro/oauth.go +++ /dev/null @@ -1,329 +0,0 @@ -// Package kiro provides OAuth2 authentication for Kiro using native Google login. -package kiro - -import ( - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "html" - "io" - "net" - "net/http" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro auth endpoint - kiroAuthEndpoint = "https://prod.us-east-1.auth.desktop.kiro.dev" - - // Default callback port - defaultCallbackPort = 9876 - - // Auth timeout - authTimeout = 10 * time.Minute -) - -// KiroTokenResponse represents the response from Kiro token endpoint. -type KiroTokenResponse struct { - AccessToken string `json:"accessToken"` - RefreshToken string `json:"refreshToken"` - ProfileArn string `json:"profileArn"` - ExpiresIn int `json:"expiresIn"` -} - -// KiroOAuth handles the OAuth flow for Kiro authentication. -type KiroOAuth struct { - httpClient *http.Client - cfg *config.Config -} - -// NewKiroOAuth creates a new Kiro OAuth handler. -func NewKiroOAuth(cfg *config.Config) *KiroOAuth { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &KiroOAuth{ - httpClient: client, - cfg: cfg, - } -} - -// generateCodeVerifier generates a random code verifier for PKCE. -func generateCodeVerifier() (string, error) { - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// generateCodeChallenge generates the code challenge from verifier. -func generateCodeChallenge(verifier string) string { - h := sha256.Sum256([]byte(verifier)) - return base64.RawURLEncoding.EncodeToString(h[:]) -} - -// generateState generates a random state parameter. -func generateState() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// AuthResult contains the authorization code and state from callback. -type AuthResult struct { - Code string - State string - Error string -} - -// startCallbackServer starts a local HTTP server to receive the OAuth callback. -func (o *KiroOAuth) startCallbackServer(ctx context.Context, expectedState string) (string, <-chan AuthResult, error) { - // Try to find an available port - use localhost like Kiro does - listener, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", defaultCallbackPort)) - if err != nil { - // Try with dynamic port (RFC 8252 allows dynamic ports for native apps) - log.Warnf("kiro oauth: default port %d is busy, falling back to dynamic port", defaultCallbackPort) - listener, err = net.Listen("tcp", "localhost:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - // Use http scheme for local callback server - redirectURI := fmt.Sprintf("http://localhost:%d/oauth/callback", port) - resultChan := make(chan AuthResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - if errParam != "" { - w.Header().Set("Content-Type", "text/html") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, `

Login Failed

%s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- AuthResult{Error: errParam} - return - } - - if state != expectedState { - w.Header().Set("Content-Type", "text/html") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprint(w, `

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- AuthResult{Error: "state mismatch"} - return - } - - w.Header().Set("Content-Type", "text/html") - fmt.Fprint(w, `

Login Successful!

You can close this window and return to the terminal.

`) - resultChan <- AuthResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(authTimeout): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// LoginWithBuilderID performs OAuth login with AWS Builder ID using device code flow. -func (o *KiroOAuth) LoginWithBuilderID(ctx context.Context) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(o.cfg) - return ssoClient.LoginWithBuilderID(ctx) -} - -// LoginWithBuilderIDAuthCode performs OAuth login with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (o *KiroOAuth) LoginWithBuilderIDAuthCode(ctx context.Context) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(o.cfg) - return ssoClient.LoginWithBuilderIDAuthCode(ctx) -} - -// exchangeCodeForToken exchanges the authorization code for tokens. -func (o *KiroOAuth) exchangeCodeForToken(ctx context.Context, code, codeVerifier, redirectURI string) (*KiroTokenData, error) { - payload := map[string]string{ - "code": code, - "code_verifier": codeVerifier, - "redirect_uri": redirectURI, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - tokenURL := kiroAuthEndpoint + "/oauth/token" - req, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", "KiroIDE-0.7.45-cli-proxy-api") - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("token request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token exchange failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token exchange failed (status %d)", resp.StatusCode) - } - - var tokenResp KiroTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// RefreshToken refreshes an expired access token. -// Uses KiroIDE-style User-Agent to match official Kiro IDE behavior. -func (o *KiroOAuth) RefreshToken(ctx context.Context, refreshToken string) (*KiroTokenData, error) { - return o.RefreshTokenWithFingerprint(ctx, refreshToken, "") -} - -// RefreshTokenWithFingerprint refreshes an expired access token with a specific fingerprint. -// tokenKey is used to generate a consistent fingerprint for the token. -func (o *KiroOAuth) RefreshTokenWithFingerprint(ctx context.Context, refreshToken, tokenKey string) (*KiroTokenData, error) { - payload := map[string]string{ - "refreshToken": refreshToken, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - refreshURL := kiroAuthEndpoint + "/refreshToken" - req, err := http.NewRequestWithContext(ctx, http.MethodPost, refreshURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/json") - - // Use KiroIDE-style User-Agent to match official Kiro IDE behavior - // This helps avoid 403 errors from server-side User-Agent validation - userAgent := buildKiroUserAgent(tokenKey) - req.Header.Set("User-Agent", userAgent) - - resp, err := o.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("refresh request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - } - - var tokenResp KiroTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// buildKiroUserAgent builds a KiroIDE-style User-Agent string. -// If tokenKey is provided, uses fingerprint manager for consistent fingerprint. -// Otherwise generates a simple KiroIDE User-Agent. -func buildKiroUserAgent(tokenKey string) string { - if tokenKey != "" { - fm := NewFingerprintManager() - fp := fm.GetFingerprint(tokenKey) - return fmt.Sprintf("KiroIDE-%s-%s", fp.KiroVersion, fp.KiroHash[:16]) - } - // Default KiroIDE User-Agent matching kiro-openai-gateway format - return "KiroIDE-0.7.45-cli-proxy-api" -} - -// LoginWithGoogle performs OAuth login with Google using Kiro's social auth. -// This uses a custom protocol handler (kiro://) to receive the callback. -func (o *KiroOAuth) LoginWithGoogle(ctx context.Context) (*KiroTokenData, error) { - socialClient := NewSocialAuthClient(o.cfg) - return socialClient.LoginWithGoogle(ctx) -} - -// LoginWithGitHub performs OAuth login with GitHub using Kiro's social auth. -// This uses a custom protocol handler (kiro://) to receive the callback. -func (o *KiroOAuth) LoginWithGitHub(ctx context.Context) (*KiroTokenData, error) { - socialClient := NewSocialAuthClient(o.cfg) - return socialClient.LoginWithGitHub(ctx) -} diff --git a/internal/auth/kiro/oauth_web.go b/internal/auth/kiro/oauth_web.go deleted file mode 100644 index 670899e7c2..0000000000 --- a/internal/auth/kiro/oauth_web.go +++ /dev/null @@ -1,969 +0,0 @@ -// Package kiro provides OAuth Web authentication for Kiro. -package kiro - -import ( - "context" - "crypto/rand" - "encoding/base64" - "encoding/json" - "fmt" - "html/template" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - defaultSessionExpiry = 10 * time.Minute - pollIntervalSeconds = 5 -) - -type authSessionStatus string - -const ( - statusPending authSessionStatus = "pending" - statusSuccess authSessionStatus = "success" - statusFailed authSessionStatus = "failed" -) - -type webAuthSession struct { - stateID string - deviceCode string - userCode string - authURL string - verificationURI string - expiresIn int - interval int - status authSessionStatus - startedAt time.Time - completedAt time.Time - expiresAt time.Time - error string - tokenData *KiroTokenData - ssoClient *SSOOIDCClient - clientID string - clientSecret string - region string - cancelFunc context.CancelFunc - authMethod string // "google", "github", "builder-id", "idc" - startURL string // Used for IDC - codeVerifier string // Used for social auth PKCE - codeChallenge string // Used for social auth PKCE -} - -type OAuthWebHandler struct { - cfg *config.Config - sessions map[string]*webAuthSession - mu sync.RWMutex - onTokenObtained func(*KiroTokenData) -} - -func NewOAuthWebHandler(cfg *config.Config) *OAuthWebHandler { - return &OAuthWebHandler{ - cfg: cfg, - sessions: make(map[string]*webAuthSession), - } -} - -func (h *OAuthWebHandler) SetTokenCallback(callback func(*KiroTokenData)) { - h.onTokenObtained = callback -} - -func (h *OAuthWebHandler) RegisterRoutes(router gin.IRouter) { - oauth := router.Group("/v0/oauth/kiro") - { - oauth.GET("", h.handleSelect) - oauth.GET("/start", h.handleStart) - oauth.GET("/callback", h.handleCallback) - oauth.GET("/social/callback", h.handleSocialCallback) - oauth.GET("/status", h.handleStatus) - oauth.POST("/import", h.handleImportToken) - oauth.POST("/refresh", h.handleManualRefresh) - } -} - -func generateStateID() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -func (h *OAuthWebHandler) handleSelect(c *gin.Context) { - h.renderSelectPage(c) -} - -func (h *OAuthWebHandler) handleStart(c *gin.Context) { - method := c.Query("method") - - if method == "" { - c.Redirect(http.StatusFound, "/v0/oauth/kiro") - return - } - - switch method { - case "google", "github": - // Google/GitHub social login is not supported for third-party apps - // due to AWS Cognito redirect_uri restrictions - h.renderError(c, "Google/GitHub login is not available for third-party applications. Please use AWS Builder ID or import your token from Kiro IDE.") - case "builder-id": - h.startBuilderIDAuth(c) - case "idc": - h.startIDCAuth(c) - default: - h.renderError(c, fmt.Sprintf("Unknown authentication method: %s", method)) - } -} - -func (h *OAuthWebHandler) startSocialAuth(c *gin.Context, method string) { - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - codeVerifier, codeChallenge, err := generatePKCE() - if err != nil { - h.renderError(c, "Failed to generate PKCE parameters") - return - } - - socialClient := NewSocialAuthClient(h.cfg) - - var provider string - if method == "google" { - provider = string(ProviderGoogle) - } else { - provider = string(ProviderGitHub) - } - - redirectURI := h.getSocialCallbackURL(c) - authURL := socialClient.buildLoginURL(provider, redirectURI, codeChallenge, stateID) - - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) - - session := &webAuthSession{ - stateID: stateID, - authMethod: method, - authURL: authURL, - status: statusPending, - startedAt: time.Now(), - expiresIn: 600, - codeVerifier: codeVerifier, - codeChallenge: codeChallenge, - region: "us-east-1", - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go func() { - <-ctx.Done() - h.mu.Lock() - if session.status == statusPending { - session.status = statusFailed - session.error = "Authentication timed out" - } - h.mu.Unlock() - }() - - c.Redirect(http.StatusFound, authURL) -} - -func (h *OAuthWebHandler) getSocialCallbackURL(c *gin.Context) string { - scheme := "http" - if c.Request.TLS != nil || c.GetHeader("X-Forwarded-Proto") == "https" { - scheme = "https" - } - return fmt.Sprintf("%s://%s/v0/oauth/kiro/social/callback", scheme, c.Request.Host) -} - -func (h *OAuthWebHandler) startBuilderIDAuth(c *gin.Context) { - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - region := defaultIDCRegion - startURL := builderIDStartURL - - ssoClient := NewSSOOIDCClient(h.cfg) - - regResp, err := ssoClient.RegisterClientWithRegion(c.Request.Context(), region) - if err != nil { - log.Errorf("OAuth Web: failed to register client: %v", err) - h.renderError(c, fmt.Sprintf("Failed to register client: %v", err)) - return - } - - authResp, err := ssoClient.StartDeviceAuthorizationWithIDC( - c.Request.Context(), - regResp.ClientID, - regResp.ClientSecret, - startURL, - region, - ) - if err != nil { - log.Errorf("OAuth Web: failed to start device authorization: %v", err) - h.renderError(c, fmt.Sprintf("Failed to start device authorization: %v", err)) - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(authResp.ExpiresIn)*time.Second) - - session := &webAuthSession{ - stateID: stateID, - deviceCode: authResp.DeviceCode, - userCode: authResp.UserCode, - authURL: authResp.VerificationURIComplete, - verificationURI: authResp.VerificationURI, - expiresIn: authResp.ExpiresIn, - interval: authResp.Interval, - status: statusPending, - startedAt: time.Now(), - ssoClient: ssoClient, - clientID: regResp.ClientID, - clientSecret: regResp.ClientSecret, - region: region, - authMethod: "builder-id", - startURL: startURL, - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go h.pollForToken(ctx, session) - - h.renderStartPage(c, session) -} - -func (h *OAuthWebHandler) startIDCAuth(c *gin.Context) { - startURL := c.Query("startUrl") - region := c.Query("region") - - if startURL == "" { - h.renderError(c, "Missing startUrl parameter for IDC authentication") - return - } - if region == "" { - region = defaultIDCRegion - } - - stateID, err := generateStateID() - if err != nil { - h.renderError(c, "Failed to generate state parameter") - return - } - - ssoClient := NewSSOOIDCClient(h.cfg) - - regResp, err := ssoClient.RegisterClientWithRegion(c.Request.Context(), region) - if err != nil { - log.Errorf("OAuth Web: failed to register client: %v", err) - h.renderError(c, fmt.Sprintf("Failed to register client: %v", err)) - return - } - - authResp, err := ssoClient.StartDeviceAuthorizationWithIDC( - c.Request.Context(), - regResp.ClientID, - regResp.ClientSecret, - startURL, - region, - ) - if err != nil { - log.Errorf("OAuth Web: failed to start device authorization: %v", err) - h.renderError(c, fmt.Sprintf("Failed to start device authorization: %v", err)) - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(authResp.ExpiresIn)*time.Second) - - session := &webAuthSession{ - stateID: stateID, - deviceCode: authResp.DeviceCode, - userCode: authResp.UserCode, - authURL: authResp.VerificationURIComplete, - verificationURI: authResp.VerificationURI, - expiresIn: authResp.ExpiresIn, - interval: authResp.Interval, - status: statusPending, - startedAt: time.Now(), - ssoClient: ssoClient, - clientID: regResp.ClientID, - clientSecret: regResp.ClientSecret, - region: region, - authMethod: "idc", - startURL: startURL, - cancelFunc: cancel, - } - - h.mu.Lock() - h.sessions[stateID] = session - h.mu.Unlock() - - go h.pollForToken(ctx, session) - - h.renderStartPage(c, session) -} - -func (h *OAuthWebHandler) pollForToken(ctx context.Context, session *webAuthSession) { - defer session.cancelFunc() - - interval := time.Duration(session.interval) * time.Second - if interval < time.Duration(pollIntervalSeconds)*time.Second { - interval = time.Duration(pollIntervalSeconds) * time.Second - } - - ticker := time.NewTicker(interval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - h.mu.Lock() - if session.status == statusPending { - session.status = statusFailed - session.error = "Authentication timed out" - } - h.mu.Unlock() - return - case <-ticker.C: - tokenResp, err := h.ssoClient(session).CreateTokenWithRegion( - ctx, - session.clientID, - session.clientSecret, - session.deviceCode, - session.region, - ) - - if err != nil { - errStr := err.Error() - if errStr == ErrAuthorizationPending.Error() { - continue - } - if errStr == ErrSlowDown.Error() { - interval += 5 * time.Second - ticker.Reset(interval) - continue - } - - h.mu.Lock() - session.status = statusFailed - session.error = errStr - session.completedAt = time.Now() - h.mu.Unlock() - - log.Errorf("OAuth Web: token polling failed: %v", err) - return - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - profileArn := session.ssoClient.fetchProfileArn(ctx, tokenResp.AccessToken) - email := FetchUserEmailWithFallback(ctx, h.cfg, tokenResp.AccessToken) - - tokenData := &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: session.authMethod, - Provider: "AWS", - ClientID: session.clientID, - ClientSecret: session.clientSecret, - Email: email, - Region: session.region, - StartURL: session.startURL, - } - - h.mu.Lock() - session.status = statusSuccess - session.completedAt = time.Now() - session.expiresAt = expiresAt - session.tokenData = tokenData - h.mu.Unlock() - - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - log.Infof("OAuth Web: authentication successful for %s", email) - return - } - } -} - -// saveTokenToFile saves the token data to the auth directory -func (h *OAuthWebHandler) saveTokenToFile(tokenData *KiroTokenData) { - // Get auth directory from config or use default - authDir := "" - if h.cfg != nil && h.cfg.AuthDir != "" { - var err error - authDir, err = util.ResolveAuthDir(h.cfg.AuthDir) - if err != nil { - log.Errorf("OAuth Web: failed to resolve auth directory: %v", err) - } - } - - // Fall back to default location - if authDir == "" { - home, err := os.UserHomeDir() - if err != nil { - log.Errorf("OAuth Web: failed to get home directory: %v", err) - return - } - authDir = filepath.Join(home, ".cli-proxy-api") - } - - // Create directory if not exists - if err := os.MkdirAll(authDir, 0700); err != nil { - log.Errorf("OAuth Web: failed to create auth directory: %v", err) - return - } - - // Generate filename using the unified function - fileName := GenerateTokenFileName(tokenData) - - authFilePath := filepath.Join(authDir, fileName) - - // Convert to storage format and save - storage := &KiroTokenStorage{ - Type: "kiro", - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - ProfileArn: tokenData.ProfileArn, - ExpiresAt: tokenData.ExpiresAt, - AuthMethod: tokenData.AuthMethod, - Provider: tokenData.Provider, - LastRefresh: time.Now().Format(time.RFC3339), - ClientID: tokenData.ClientID, - ClientSecret: tokenData.ClientSecret, - Region: tokenData.Region, - StartURL: tokenData.StartURL, - Email: tokenData.Email, - } - - if err := storage.SaveTokenToFile(authFilePath); err != nil { - log.Errorf("OAuth Web: failed to save token to file: %v", err) - return - } - - log.Infof("OAuth Web: token saved to %s", authFilePath) -} - -func (h *OAuthWebHandler) ssoClient(session *webAuthSession) *SSOOIDCClient { - return session.ssoClient -} - -func (h *OAuthWebHandler) handleCallback(c *gin.Context) { - stateID := c.Query("state") - errParam := c.Query("error") - - if errParam != "" { - h.renderError(c, errParam) - return - } - - if stateID == "" { - h.renderError(c, "Missing state parameter") - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - h.renderError(c, "Invalid or expired session") - return - } - - if session.status == statusSuccess { - h.renderSuccess(c, session) - } else if session.status == statusFailed { - h.renderError(c, session.error) - } else { - c.Redirect(http.StatusFound, "/v0/oauth/kiro/start") - } -} - -func (h *OAuthWebHandler) handleSocialCallback(c *gin.Context) { - stateID := c.Query("state") - code := c.Query("code") - errParam := c.Query("error") - - if errParam != "" { - h.renderError(c, errParam) - return - } - - if stateID == "" { - h.renderError(c, "Missing state parameter") - return - } - - if code == "" { - h.renderError(c, "Missing authorization code") - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - h.renderError(c, "Invalid or expired session") - return - } - - if session.authMethod != "google" && session.authMethod != "github" { - h.renderError(c, "Invalid session type for social callback") - return - } - - socialClient := NewSocialAuthClient(h.cfg) - redirectURI := h.getSocialCallbackURL(c) - - tokenReq := &CreateTokenRequest{ - Code: code, - CodeVerifier: session.codeVerifier, - RedirectURI: redirectURI, - } - - tokenResp, err := socialClient.CreateToken(c.Request.Context(), tokenReq) - if err != nil { - log.Errorf("OAuth Web: social token exchange failed: %v", err) - h.mu.Lock() - session.status = statusFailed - session.error = fmt.Sprintf("Token exchange failed: %v", err) - session.completedAt = time.Now() - h.mu.Unlock() - h.renderError(c, session.error) - return - } - - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - email := ExtractEmailFromJWT(tokenResp.AccessToken) - - var provider string - if session.authMethod == "google" { - provider = string(ProviderGoogle) - } else { - provider = string(ProviderGitHub) - } - - tokenData := &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: session.authMethod, - Provider: provider, - Email: email, - Region: "us-east-1", - } - - h.mu.Lock() - session.status = statusSuccess - session.completedAt = time.Now() - session.expiresAt = expiresAt - session.tokenData = tokenData - h.mu.Unlock() - - if session.cancelFunc != nil { - session.cancelFunc() - } - - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - log.Infof("OAuth Web: social authentication successful for %s via %s", email, provider) - h.renderSuccess(c, session) -} - -func (h *OAuthWebHandler) handleStatus(c *gin.Context) { - stateID := c.Query("state") - if stateID == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing state parameter"}) - return - } - - h.mu.RLock() - session, exists := h.sessions[stateID] - h.mu.RUnlock() - - if !exists { - c.JSON(http.StatusNotFound, gin.H{"error": "session not found"}) - return - } - - response := gin.H{ - "status": string(session.status), - } - - switch session.status { - case statusPending: - elapsed := time.Since(session.startedAt).Seconds() - remaining := float64(session.expiresIn) - elapsed - if remaining < 0 { - remaining = 0 - } - response["remaining_seconds"] = int(remaining) - case statusSuccess: - response["completed_at"] = session.completedAt.Format(time.RFC3339) - response["expires_at"] = session.expiresAt.Format(time.RFC3339) - case statusFailed: - response["error"] = session.error - response["failed_at"] = session.completedAt.Format(time.RFC3339) - } - - c.JSON(http.StatusOK, response) -} - -func (h *OAuthWebHandler) renderStartPage(c *gin.Context, session *webAuthSession) { - tmpl, err := template.New("start").Parse(oauthWebStartPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "AuthURL": session.authURL, - "UserCode": session.userCode, - "ExpiresIn": session.expiresIn, - "StateID": session.stateID, - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render template: %v", err) - } -} - -func (h *OAuthWebHandler) renderSelectPage(c *gin.Context) { - tmpl, err := template.New("select").Parse(oauthWebSelectPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse select template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, nil); err != nil { - log.Errorf("OAuth Web: failed to render select template: %v", err) - } -} - -func (h *OAuthWebHandler) renderError(c *gin.Context, errMsg string) { - tmpl, err := template.New("error").Parse(oauthWebErrorPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse error template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "Error": errMsg, - } - - c.Header("Content-Type", "text/html; charset=utf-8") - c.Status(http.StatusBadRequest) - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render error template: %v", err) - } -} - -func (h *OAuthWebHandler) renderSuccess(c *gin.Context, session *webAuthSession) { - tmpl, err := template.New("success").Parse(oauthWebSuccessPageHTML) - if err != nil { - log.Errorf("OAuth Web: failed to parse success template: %v", err) - c.String(http.StatusInternalServerError, "Template error") - return - } - - data := map[string]interface{}{ - "ExpiresAt": session.expiresAt.Format(time.RFC3339), - } - - c.Header("Content-Type", "text/html; charset=utf-8") - if err := tmpl.Execute(c.Writer, data); err != nil { - log.Errorf("OAuth Web: failed to render success template: %v", err) - } -} - -func (h *OAuthWebHandler) CleanupExpiredSessions() { - h.mu.Lock() - defer h.mu.Unlock() - - now := time.Now() - for id, session := range h.sessions { - if session.status != statusPending && now.Sub(session.completedAt) > 30*time.Minute { - delete(h.sessions, id) - } else if session.status == statusPending && now.Sub(session.startedAt) > defaultSessionExpiry { - session.cancelFunc() - delete(h.sessions, id) - } - } -} - -func (h *OAuthWebHandler) GetSession(stateID string) (*webAuthSession, bool) { - h.mu.RLock() - defer h.mu.RUnlock() - session, exists := h.sessions[stateID] - return session, exists -} - -// ImportTokenRequest represents the request body for token import -type ImportTokenRequest struct { - RefreshToken string `json:"refreshToken"` -} - -// handleImportToken handles manual refresh token import from Kiro IDE -func (h *OAuthWebHandler) handleImportToken(c *gin.Context) { - var req ImportTokenRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Invalid request body", - }) - return - } - - refreshToken := strings.TrimSpace(req.RefreshToken) - if refreshToken == "" { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Refresh token is required", - }) - return - } - - // Validate token format - if !strings.HasPrefix(refreshToken, "aorAAAAAG") { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": "Invalid token format. Token should start with aorAAAAAG...", - }) - return - } - - // Create social auth client to refresh and validate the token - socialClient := NewSocialAuthClient(h.cfg) - - // Refresh the token to validate it and get access token - tokenData, err := socialClient.RefreshSocialToken(c.Request.Context(), refreshToken) - if err != nil { - log.Errorf("OAuth Web: token refresh failed during import: %v", err) - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": fmt.Sprintf("Token validation failed: %v", err), - }) - return - } - - // Set the original refresh token (the refreshed one might be empty) - if tokenData.RefreshToken == "" { - tokenData.RefreshToken = refreshToken - } - tokenData.AuthMethod = "social" - tokenData.Provider = "imported" - - // Notify callback if set - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - - // Save token to file - h.saveTokenToFile(tokenData) - - // Generate filename for response using the unified function - fileName := GenerateTokenFileName(tokenData) - - log.Infof("OAuth Web: token imported successfully") - c.JSON(http.StatusOK, gin.H{ - "success": true, - "message": "Token imported successfully", - "fileName": fileName, - }) -} - -// handleManualRefresh handles manual token refresh requests from the web UI. -// This allows users to trigger a token refresh when needed, without waiting -// for the automatic 30-second check and 20-minute-before-expiry refresh cycle. -// Uses the same refresh logic as kiro_executor.Refresh for consistency. -func (h *OAuthWebHandler) handleManualRefresh(c *gin.Context) { - authDir := "" - if h.cfg != nil && h.cfg.AuthDir != "" { - var err error - authDir, err = util.ResolveAuthDir(h.cfg.AuthDir) - if err != nil { - log.Errorf("OAuth Web: failed to resolve auth directory: %v", err) - } - } - - if authDir == "" { - home, err := os.UserHomeDir() - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "success": false, - "error": "Failed to get home directory", - }) - return - } - authDir = filepath.Join(home, ".cli-proxy-api") - } - - // Find all kiro token files in the auth directory - files, err := os.ReadDir(authDir) - if err != nil { - c.JSON(http.StatusInternalServerError, gin.H{ - "success": false, - "error": fmt.Sprintf("Failed to read auth directory: %v", err), - }) - return - } - - var refreshedCount int - var errors []string - - for _, file := range files { - if file.IsDir() { - continue - } - name := file.Name() - if !strings.HasPrefix(name, "kiro-") || !strings.HasSuffix(name, ".json") { - continue - } - - filePath := filepath.Join(authDir, name) - data, err := os.ReadFile(filePath) - if err != nil { - errors = append(errors, fmt.Sprintf("%s: read error - %v", name, err)) - continue - } - - var storage KiroTokenStorage - if err := json.Unmarshal(data, &storage); err != nil { - errors = append(errors, fmt.Sprintf("%s: parse error - %v", name, err)) - continue - } - - if storage.RefreshToken == "" { - errors = append(errors, fmt.Sprintf("%s: no refresh token", name)) - continue - } - - // Refresh token using the same logic as kiro_executor.Refresh - tokenData, err := h.refreshTokenData(c.Request.Context(), &storage) - if err != nil { - errors = append(errors, fmt.Sprintf("%s: refresh failed - %v", name, err)) - continue - } - - // Update storage with new token data - storage.AccessToken = tokenData.AccessToken - if tokenData.RefreshToken != "" { - storage.RefreshToken = tokenData.RefreshToken - } - storage.ExpiresAt = tokenData.ExpiresAt - storage.LastRefresh = time.Now().Format(time.RFC3339) - if tokenData.ProfileArn != "" { - storage.ProfileArn = tokenData.ProfileArn - } - - // Write updated token back to file - updatedData, err := json.MarshalIndent(storage, "", " ") - if err != nil { - errors = append(errors, fmt.Sprintf("%s: marshal error - %v", name, err)) - continue - } - - tmpFile := filePath + ".tmp" - if err := os.WriteFile(tmpFile, updatedData, 0600); err != nil { - errors = append(errors, fmt.Sprintf("%s: write error - %v", name, err)) - continue - } - if err := os.Rename(tmpFile, filePath); err != nil { - errors = append(errors, fmt.Sprintf("%s: rename error - %v", name, err)) - continue - } - - log.Infof("OAuth Web: manually refreshed token in %s, expires at %s", name, tokenData.ExpiresAt) - refreshedCount++ - - // Notify callback if set - if h.onTokenObtained != nil { - h.onTokenObtained(tokenData) - } - } - - if refreshedCount == 0 && len(errors) > 0 { - c.JSON(http.StatusBadRequest, gin.H{ - "success": false, - "error": fmt.Sprintf("All refresh attempts failed: %v", errors), - }) - return - } - - response := gin.H{ - "success": true, - "message": fmt.Sprintf("Refreshed %d token(s)", refreshedCount), - "refreshedCount": refreshedCount, - } - if len(errors) > 0 { - response["warnings"] = errors - } - - c.JSON(http.StatusOK, response) -} - -// refreshTokenData refreshes a token using the appropriate method based on auth type. -// This mirrors the logic in kiro_executor.Refresh for consistency. -func (h *OAuthWebHandler) refreshTokenData(ctx context.Context, storage *KiroTokenStorage) (*KiroTokenData, error) { - ssoClient := NewSSOOIDCClient(h.cfg) - - switch { - case storage.ClientID != "" && storage.ClientSecret != "" && storage.AuthMethod == "idc" && storage.Region != "": - // IDC refresh with region-specific endpoint - log.Debugf("OAuth Web: using SSO OIDC refresh for IDC (region=%s)", storage.Region) - return ssoClient.RefreshTokenWithRegion(ctx, storage.ClientID, storage.ClientSecret, storage.RefreshToken, storage.Region, storage.StartURL) - - case storage.ClientID != "" && storage.ClientSecret != "" && storage.AuthMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("OAuth Web: using SSO OIDC refresh for AWS Builder ID") - return ssoClient.RefreshToken(ctx, storage.ClientID, storage.ClientSecret, storage.RefreshToken) - - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("OAuth Web: using Kiro OAuth refresh endpoint") - oauth := NewKiroOAuth(h.cfg) - return oauth.RefreshToken(ctx, storage.RefreshToken) - } -} diff --git a/internal/auth/kiro/oauth_web_templates.go b/internal/auth/kiro/oauth_web_templates.go deleted file mode 100644 index 228677a511..0000000000 --- a/internal/auth/kiro/oauth_web_templates.go +++ /dev/null @@ -1,779 +0,0 @@ -// Package kiro provides OAuth Web authentication templates. -package kiro - -const ( - oauthWebStartPageHTML = ` - - - - - AWS SSO Authentication - - - -
-

🔐 AWS SSO Authentication

-

Follow the steps below to complete authentication

- -
-
- 1 - Click the button below to open the authorization page -
- - 🚀 Open Authorization Page - -
- -
-
- 2 - Enter the verification code below -
-
-
Verification Code
-
{{.UserCode}}
-
-
- -
-
- 3 - Complete AWS SSO login -
-

- Use your AWS SSO account to login and authorize -

-
- -
- -
{{.ExpiresIn}}s
-
- Waiting for authorization... -
-
- -
- 💡 Tip: The authorization page will open in a new tab. This page will automatically update once authorization is complete. -
-
- - - -` - - oauthWebErrorPageHTML = ` - - - - - Authentication Failed - - - -
-

❌ Authentication Failed

-
-

Error:

-

{{.Error}}

-
- 🔄 Retry -
- -` - - oauthWebSuccessPageHTML = ` - - - - - Authentication Successful - - - -
-
-

Authentication Successful!

-
-

You can close this window.

-
-
Token expires: {{.ExpiresAt}}
-
- -` - - oauthWebSelectPageHTML = ` - - - - - Select Authentication Method - - - -
-

🔐 Select Authentication Method

-

Choose how you want to authenticate with Kiro

- -
- - 🔶 - AWS Builder ID (Recommended) - - - - -
or
- - - - - -
-
- -
-
- - -
- - -
Your AWS Identity Center Start URL
-
- -
- - -
AWS Region for your Identity Center
-
- - -
-
- -
-
-
- - -
Copy from Kiro IDE: ~/.kiro/kiro-auth-token.json → refreshToken field
-
- - - -
-
-
- -
- ⚠️ Note: Google and GitHub login are not available for third-party applications due to AWS Cognito restrictions. Please use AWS Builder ID or import your token from Kiro IDE. -
- -
- 💡 How to get RefreshToken:
- 1. Open Kiro IDE and login with Google/GitHub
- 2. Find the token file: ~/.kiro/kiro-auth-token.json
- 3. Copy the refreshToken value and paste it above -
-
- - - -` -) diff --git a/internal/auth/kiro/protocol_handler.go b/internal/auth/kiro/protocol_handler.go deleted file mode 100644 index d900ee3340..0000000000 --- a/internal/auth/kiro/protocol_handler.go +++ /dev/null @@ -1,725 +0,0 @@ -// Package kiro provides custom protocol handler registration for Kiro OAuth. -// This enables the CLI to intercept kiro:// URIs for social authentication (Google/GitHub). -package kiro - -import ( - "context" - "fmt" - "html" - "net" - "net/http" - "net/url" - "os" - "os/exec" - "path/filepath" - "runtime" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -const ( - // KiroProtocol is the custom URI scheme used by Kiro - KiroProtocol = "kiro" - - // KiroAuthority is the URI authority for authentication callbacks - KiroAuthority = "kiro.kiroAgent" - - // KiroAuthPath is the path for successful authentication - KiroAuthPath = "/authenticate-success" - - // KiroRedirectURI is the full redirect URI for social auth - KiroRedirectURI = "kiro://kiro.kiroAgent/authenticate-success" - - // DefaultHandlerPort is the default port for the local callback server - DefaultHandlerPort = 19876 - - // HandlerTimeout is how long to wait for the OAuth callback - HandlerTimeout = 10 * time.Minute -) - -// ProtocolHandler manages the custom kiro:// protocol handler for OAuth callbacks. -type ProtocolHandler struct { - port int - server *http.Server - listener net.Listener - resultChan chan *AuthCallback - stopChan chan struct{} - mu sync.Mutex - running bool -} - -// AuthCallback contains the OAuth callback parameters. -type AuthCallback struct { - Code string - State string - Error string -} - -// NewProtocolHandler creates a new protocol handler. -func NewProtocolHandler() *ProtocolHandler { - return &ProtocolHandler{ - port: DefaultHandlerPort, - resultChan: make(chan *AuthCallback, 1), - stopChan: make(chan struct{}), - } -} - -// Start starts the local callback server that receives redirects from the protocol handler. -func (h *ProtocolHandler) Start(ctx context.Context) (int, error) { - h.mu.Lock() - defer h.mu.Unlock() - - if h.running { - return h.port, nil - } - - // Drain any stale results from previous runs - select { - case <-h.resultChan: - default: - } - - // Reset stopChan for reuse - close old channel first to unblock any waiting goroutines - if h.stopChan != nil { - select { - case <-h.stopChan: - // Already closed - default: - close(h.stopChan) - } - } - h.stopChan = make(chan struct{}) - - // Try ports in known range (must match handler script port range) - var listener net.Listener - var err error - portRange := []int{DefaultHandlerPort, DefaultHandlerPort + 1, DefaultHandlerPort + 2, DefaultHandlerPort + 3, DefaultHandlerPort + 4} - - for _, port := range portRange { - listener, err = net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)) - if err == nil { - break - } - log.Debugf("kiro protocol handler: port %d busy, trying next", port) - } - - if listener == nil { - return 0, fmt.Errorf("failed to start callback server: all ports %d-%d are busy", DefaultHandlerPort, DefaultHandlerPort+4) - } - - h.listener = listener - h.port = listener.Addr().(*net.TCPAddr).Port - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", h.handleCallback) - - h.server = &http.Server{ - Handler: mux, - ReadHeaderTimeout: 10 * time.Second, - } - - go func() { - if err := h.server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("kiro protocol handler server error: %v", err) - } - }() - - h.running = true - log.Debugf("kiro protocol handler started on port %d", h.port) - - // Auto-shutdown after context done, timeout, or explicit stop - // Capture references to prevent race with new Start() calls - currentStopChan := h.stopChan - currentServer := h.server - currentListener := h.listener - go func() { - select { - case <-ctx.Done(): - case <-time.After(HandlerTimeout): - case <-currentStopChan: - return // Already stopped, exit goroutine - } - // Only stop if this is still the current server/listener instance - h.mu.Lock() - if h.server == currentServer && h.listener == currentListener { - h.mu.Unlock() - h.Stop() - } else { - h.mu.Unlock() - } - }() - - return h.port, nil -} - -// Stop stops the callback server. -func (h *ProtocolHandler) Stop() { - h.mu.Lock() - defer h.mu.Unlock() - - if !h.running { - return - } - - // Signal the auto-shutdown goroutine to exit. - // This select pattern is safe because stopChan is only modified while holding h.mu, - // and we hold the lock here. The select prevents panic from double-close. - select { - case <-h.stopChan: - // Already closed - default: - close(h.stopChan) - } - - if h.server != nil { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel() - _ = h.server.Shutdown(ctx) - } - - h.running = false - log.Debug("kiro protocol handler stopped") -} - -// WaitForCallback waits for the OAuth callback and returns the result. -func (h *ProtocolHandler) WaitForCallback(ctx context.Context) (*AuthCallback, error) { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(HandlerTimeout): - return nil, fmt.Errorf("timeout waiting for OAuth callback") - case result := <-h.resultChan: - return result, nil - } -} - -// GetPort returns the port the handler is listening on. -func (h *ProtocolHandler) GetPort() int { - return h.port -} - -// handleCallback processes the OAuth callback from the protocol handler script. -func (h *ProtocolHandler) handleCallback(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - result := &AuthCallback{ - Code: code, - State: state, - Error: errParam, - } - - // Send result - select { - case h.resultChan <- result: - default: - // Channel full, ignore duplicate callbacks - } - - // Send success response - w.Header().Set("Content-Type", "text/html; charset=utf-8") - if errParam != "" { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, ` - -Login Failed - -

Login Failed

-

Error: %s

-

You can close this window.

- -`, html.EscapeString(errParam)) - } else { - fmt.Fprint(w, ` - -Login Successful - -

Login Successful!

-

You can close this window and return to the terminal.

- - -`) - } -} - -// IsProtocolHandlerInstalled checks if the kiro:// protocol handler is installed. -func IsProtocolHandlerInstalled() bool { - switch runtime.GOOS { - case "linux": - return isLinuxHandlerInstalled() - case "windows": - return isWindowsHandlerInstalled() - case "darwin": - return isDarwinHandlerInstalled() - default: - return false - } -} - -// InstallProtocolHandler installs the kiro:// protocol handler for the current platform. -func InstallProtocolHandler(handlerPort int) error { - switch runtime.GOOS { - case "linux": - return installLinuxHandler(handlerPort) - case "windows": - return installWindowsHandler(handlerPort) - case "darwin": - return installDarwinHandler(handlerPort) - default: - return fmt.Errorf("unsupported platform: %s", runtime.GOOS) - } -} - -// UninstallProtocolHandler removes the kiro:// protocol handler. -func UninstallProtocolHandler() error { - switch runtime.GOOS { - case "linux": - return uninstallLinuxHandler() - case "windows": - return uninstallWindowsHandler() - case "darwin": - return uninstallDarwinHandler() - default: - return fmt.Errorf("unsupported platform: %s", runtime.GOOS) - } -} - -// --- Linux Implementation --- - -func getLinuxDesktopPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, ".local", "share", "applications", "kiro-oauth-handler.desktop") -} - -func getLinuxHandlerScriptPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, ".local", "bin", "kiro-oauth-handler") -} - -func isLinuxHandlerInstalled() bool { - desktopPath := getLinuxDesktopPath() - _, err := os.Stat(desktopPath) - return err == nil -} - -func installLinuxHandler(handlerPort int) error { - // Create directories - homeDir, err := os.UserHomeDir() - if err != nil { - return err - } - - binDir := filepath.Join(homeDir, ".local", "bin") - appDir := filepath.Join(homeDir, ".local", "share", "applications") - - if err := os.MkdirAll(binDir, 0755); err != nil { - return fmt.Errorf("failed to create bin directory: %w", err) - } - if err := os.MkdirAll(appDir, 0755); err != nil { - return fmt.Errorf("failed to create applications directory: %w", err) - } - - // Create handler script - tries multiple ports to handle dynamic port allocation - scriptPath := getLinuxHandlerScriptPath() - scriptContent := fmt.Sprintf(`#!/bin/bash -# Kiro OAuth Protocol Handler -# Handles kiro:// URIs - tries CLI first, then forwards to Kiro IDE - -URL="$1" - -# Check curl availability -if ! command -v curl &> /dev/null; then - echo "Error: curl is required for Kiro OAuth handler" >&2 - exit 1 -fi - -# Extract code and state from URL -[[ "$URL" =~ code=([^&]+) ]] && CODE="${BASH_REMATCH[1]}" -[[ "$URL" =~ state=([^&]+) ]] && STATE="${BASH_REMATCH[1]}" -[[ "$URL" =~ error=([^&]+) ]] && ERROR="${BASH_REMATCH[1]}" - -# Try CLI proxy on multiple possible ports (default + dynamic range) -CLI_OK=0 -for PORT in %d %d %d %d %d; do - if [ -n "$ERROR" ]; then - curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?error=$ERROR" && CLI_OK=1 && break - elif [ -n "$CODE" ] && [ -n "$STATE" ]; then - curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?code=$CODE&state=$STATE" && CLI_OK=1 && break - fi -done - -# If CLI not available, forward to Kiro IDE -if [ $CLI_OK -eq 0 ] && [ -x "/usr/share/kiro/kiro" ]; then - /usr/share/kiro/kiro --open-url "$URL" & -fi -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(scriptPath, []byte(scriptContent), 0755); err != nil { - return fmt.Errorf("failed to write handler script: %w", err) - } - - // Create .desktop file - desktopPath := getLinuxDesktopPath() - desktopContent := fmt.Sprintf(`[Desktop Entry] -Name=Kiro OAuth Handler -Comment=Handle kiro:// protocol for CLI Proxy API authentication -Exec=%s %%u -Type=Application -Terminal=false -NoDisplay=true -MimeType=x-scheme-handler/kiro; -Categories=Utility; -`, scriptPath) - - if err := os.WriteFile(desktopPath, []byte(desktopContent), 0644); err != nil { - return fmt.Errorf("failed to write desktop file: %w", err) - } - - // Register handler with xdg-mime - cmd := exec.Command("xdg-mime", "default", "kiro-oauth-handler.desktop", "x-scheme-handler/kiro") - if err := cmd.Run(); err != nil { - log.Warnf("xdg-mime registration failed (may need manual setup): %v", err) - } - - // Update desktop database - cmd = exec.Command("update-desktop-database", appDir) - _ = cmd.Run() // Ignore errors, not critical - - log.Info("Kiro protocol handler installed for Linux") - return nil -} - -func uninstallLinuxHandler() error { - desktopPath := getLinuxDesktopPath() - scriptPath := getLinuxHandlerScriptPath() - - if err := os.Remove(desktopPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove desktop file: %w", err) - } - if err := os.Remove(scriptPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove handler script: %w", err) - } - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// --- Windows Implementation --- - -func isWindowsHandlerInstalled() bool { - // Check registry key existence - cmd := exec.Command("reg", "query", `HKCU\Software\Classes\kiro`, "/ve") - return cmd.Run() == nil -} - -func installWindowsHandler(handlerPort int) error { - homeDir, err := os.UserHomeDir() - if err != nil { - return err - } - - // Create handler script (PowerShell) - scriptDir := filepath.Join(homeDir, ".cliproxyapi") - if err := os.MkdirAll(scriptDir, 0755); err != nil { - return fmt.Errorf("failed to create script directory: %w", err) - } - - scriptPath := filepath.Join(scriptDir, "kiro-oauth-handler.ps1") - scriptContent := fmt.Sprintf(`# Kiro OAuth Protocol Handler for Windows -param([string]$url) - -# Load required assembly for HttpUtility -Add-Type -AssemblyName System.Web - -# Parse URL parameters -$uri = [System.Uri]$url -$query = [System.Web.HttpUtility]::ParseQueryString($uri.Query) -$code = $query["code"] -$state = $query["state"] -$errorParam = $query["error"] - -# Try multiple ports (default + dynamic range) -$ports = @(%d, %d, %d, %d, %d) -$success = $false - -foreach ($port in $ports) { - if ($success) { break } - $callbackUrl = "http://127.0.0.1:$port/oauth/callback" - try { - if ($errorParam) { - $fullUrl = $callbackUrl + "?error=" + $errorParam - Invoke-WebRequest -Uri $fullUrl -UseBasicParsing -TimeoutSec 1 -ErrorAction Stop | Out-Null - $success = $true - } elseif ($code -and $state) { - $fullUrl = $callbackUrl + "?code=" + $code + "&state=" + $state - Invoke-WebRequest -Uri $fullUrl -UseBasicParsing -TimeoutSec 1 -ErrorAction Stop | Out-Null - $success = $true - } - } catch { - # Try next port - } -} -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(scriptPath, []byte(scriptContent), 0644); err != nil { - return fmt.Errorf("failed to write handler script: %w", err) - } - - // Create batch wrapper - batchPath := filepath.Join(scriptDir, "kiro-oauth-handler.bat") - batchContent := fmt.Sprintf("@echo off\npowershell -ExecutionPolicy Bypass -File \"%s\" %%1\n", scriptPath) - - if err := os.WriteFile(batchPath, []byte(batchContent), 0644); err != nil { - return fmt.Errorf("failed to write batch wrapper: %w", err) - } - - // Register in Windows registry - commands := [][]string{ - {"reg", "add", `HKCU\Software\Classes\kiro`, "/ve", "/d", "URL:Kiro Protocol", "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro`, "/v", "URL Protocol", "/d", "", "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell`, "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell\open`, "/f"}, - {"reg", "add", `HKCU\Software\Classes\kiro\shell\open\command`, "/ve", "/d", fmt.Sprintf("\"%s\" \"%%1\"", batchPath), "/f"}, - } - - for _, args := range commands { - cmd := exec.Command(args[0], args[1:]...) - if err := cmd.Run(); err != nil { - return fmt.Errorf("failed to run registry command: %w", err) - } - } - - log.Info("Kiro protocol handler installed for Windows") - return nil -} - -func uninstallWindowsHandler() error { - // Remove registry keys - cmd := exec.Command("reg", "delete", `HKCU\Software\Classes\kiro`, "/f") - if err := cmd.Run(); err != nil { - log.Warnf("failed to remove registry key: %v", err) - } - - // Remove scripts - homeDir, _ := os.UserHomeDir() - scriptDir := filepath.Join(homeDir, ".cliproxyapi") - _ = os.Remove(filepath.Join(scriptDir, "kiro-oauth-handler.ps1")) - _ = os.Remove(filepath.Join(scriptDir, "kiro-oauth-handler.bat")) - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// --- macOS Implementation --- - -func getDarwinAppPath() string { - homeDir, _ := os.UserHomeDir() - return filepath.Join(homeDir, "Applications", "KiroOAuthHandler.app") -} - -func isDarwinHandlerInstalled() bool { - appPath := getDarwinAppPath() - _, err := os.Stat(appPath) - return err == nil -} - -func installDarwinHandler(handlerPort int) error { - // Create app bundle structure - appPath := getDarwinAppPath() - contentsPath := filepath.Join(appPath, "Contents") - macOSPath := filepath.Join(contentsPath, "MacOS") - - if err := os.MkdirAll(macOSPath, 0755); err != nil { - return fmt.Errorf("failed to create app bundle: %w", err) - } - - // Create Info.plist - plistPath := filepath.Join(contentsPath, "Info.plist") - plistContent := ` - - - - CFBundleIdentifier - com.cliproxyapi.kiro-oauth-handler - CFBundleName - KiroOAuthHandler - CFBundleExecutable - kiro-oauth-handler - CFBundleVersion - 1.0 - CFBundleURLTypes - - - CFBundleURLName - Kiro Protocol - CFBundleURLSchemes - - kiro - - - - LSBackgroundOnly - - -` - - if err := os.WriteFile(plistPath, []byte(plistContent), 0644); err != nil { - return fmt.Errorf("failed to write Info.plist: %w", err) - } - - // Create executable script - tries multiple ports to handle dynamic port allocation - execPath := filepath.Join(macOSPath, "kiro-oauth-handler") - execContent := fmt.Sprintf(`#!/bin/bash -# Kiro OAuth Protocol Handler for macOS - -URL="$1" - -# Check curl availability (should always exist on macOS) -if [ ! -x /usr/bin/curl ]; then - echo "Error: curl is required for Kiro OAuth handler" >&2 - exit 1 -fi - -# Extract code and state from URL -[[ "$URL" =~ code=([^&]+) ]] && CODE="${BASH_REMATCH[1]}" -[[ "$URL" =~ state=([^&]+) ]] && STATE="${BASH_REMATCH[1]}" -[[ "$URL" =~ error=([^&]+) ]] && ERROR="${BASH_REMATCH[1]}" - -# Try multiple ports (default + dynamic range) -for PORT in %d %d %d %d %d; do - if [ -n "$ERROR" ]; then - /usr/bin/curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?error=$ERROR" && exit 0 - elif [ -n "$CODE" ] && [ -n "$STATE" ]; then - /usr/bin/curl -sf --connect-timeout 1 "http://127.0.0.1:$PORT/oauth/callback?code=$CODE&state=$STATE" && exit 0 - fi -done -`, handlerPort, handlerPort+1, handlerPort+2, handlerPort+3, handlerPort+4) - - if err := os.WriteFile(execPath, []byte(execContent), 0755); err != nil { - return fmt.Errorf("failed to write executable: %w", err) - } - - // Register the app with Launch Services - cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", - "-f", appPath) - if err := cmd.Run(); err != nil { - log.Warnf("lsregister failed (handler may still work): %v", err) - } - - log.Info("Kiro protocol handler installed for macOS") - return nil -} - -func uninstallDarwinHandler() error { - appPath := getDarwinAppPath() - - // Unregister from Launch Services - cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", - "-u", appPath) - _ = cmd.Run() - - // Remove app bundle - if err := os.RemoveAll(appPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("failed to remove app bundle: %w", err) - } - - log.Info("Kiro protocol handler uninstalled") - return nil -} - -// ParseKiroURI parses a kiro:// URI and extracts the callback parameters. -func ParseKiroURI(rawURI string) (*AuthCallback, error) { - u, err := url.Parse(rawURI) - if err != nil { - return nil, fmt.Errorf("invalid URI: %w", err) - } - - if u.Scheme != KiroProtocol { - return nil, fmt.Errorf("invalid scheme: expected %s, got %s", KiroProtocol, u.Scheme) - } - - if u.Host != KiroAuthority { - return nil, fmt.Errorf("invalid authority: expected %s, got %s", KiroAuthority, u.Host) - } - - query := u.Query() - return &AuthCallback{ - Code: query.Get("code"), - State: query.Get("state"), - Error: query.Get("error"), - }, nil -} - -// GetHandlerInstructions returns platform-specific instructions for manual handler setup. -func GetHandlerInstructions() string { - switch runtime.GOOS { - case "linux": - return `To manually set up the Kiro protocol handler on Linux: - -1. Create ~/.local/share/applications/kiro-oauth-handler.desktop: - [Desktop Entry] - Name=Kiro OAuth Handler - Exec=~/.local/bin/kiro-oauth-handler %u - Type=Application - Terminal=false - MimeType=x-scheme-handler/kiro; - -2. Create ~/.local/bin/kiro-oauth-handler (make it executable): - #!/bin/bash - URL="$1" - # ... (see generated script for full content) - -3. Run: xdg-mime default kiro-oauth-handler.desktop x-scheme-handler/kiro` - - case "windows": - return `To manually set up the Kiro protocol handler on Windows: - -1. Open Registry Editor (regedit.exe) -2. Create key: HKEY_CURRENT_USER\Software\Classes\kiro -3. Set default value to: URL:Kiro Protocol -4. Create string value "URL Protocol" with empty data -5. Create subkey: shell\open\command -6. Set default value to: "C:\path\to\handler.bat" "%1"` - - case "darwin": - return `To manually set up the Kiro protocol handler on macOS: - -1. Create ~/Applications/KiroOAuthHandler.app bundle -2. Add Info.plist with CFBundleURLTypes containing "kiro" scheme -3. Create executable in Contents/MacOS/ -4. Run: /System/Library/.../lsregister -f ~/Applications/KiroOAuthHandler.app` - - default: - return "Protocol handler setup is not supported on this platform." - } -} - -// SetupProtocolHandlerIfNeeded checks and installs the protocol handler if needed. -func SetupProtocolHandlerIfNeeded(handlerPort int) error { - if IsProtocolHandlerInstalled() { - log.Debug("Kiro protocol handler already installed") - return nil - } - - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Protocol Handler Setup Required ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - fmt.Println("\nTo enable Google/GitHub login, we need to install a protocol handler.") - fmt.Println("This allows your browser to redirect back to the CLI after authentication.") - fmt.Println("\nInstalling protocol handler...") - - if err := InstallProtocolHandler(handlerPort); err != nil { - fmt.Printf("\n⚠ Automatic installation failed: %v\n", err) - fmt.Println("\nManual setup instructions:") - fmt.Println(strings.Repeat("-", 60)) - fmt.Println(GetHandlerInstructions()) - return err - } - - fmt.Println("\n✓ Protocol handler installed successfully!") - return nil -} diff --git a/internal/auth/kiro/rate_limiter.go b/internal/auth/kiro/rate_limiter.go deleted file mode 100644 index 52bb24af70..0000000000 --- a/internal/auth/kiro/rate_limiter.go +++ /dev/null @@ -1,316 +0,0 @@ -package kiro - -import ( - "math" - "math/rand" - "strings" - "sync" - "time" -) - -const ( - DefaultMinTokenInterval = 1 * time.Second - DefaultMaxTokenInterval = 2 * time.Second - DefaultDailyMaxRequests = 500 - DefaultJitterPercent = 0.3 - DefaultBackoffBase = 30 * time.Second - DefaultBackoffMax = 5 * time.Minute - DefaultBackoffMultiplier = 1.5 - DefaultSuspendCooldown = 1 * time.Hour -) - -// TokenState Token 状态 -type TokenState struct { - LastRequest time.Time - RequestCount int - CooldownEnd time.Time - FailCount int - DailyRequests int - DailyResetTime time.Time - IsSuspended bool - SuspendedAt time.Time - SuspendReason string -} - -// RateLimiter 频率限制器 -type RateLimiter struct { - mu sync.RWMutex - states map[string]*TokenState - minTokenInterval time.Duration - maxTokenInterval time.Duration - dailyMaxRequests int - jitterPercent float64 - backoffBase time.Duration - backoffMax time.Duration - backoffMultiplier float64 - suspendCooldown time.Duration - rng *rand.Rand -} - -// NewRateLimiter 创建默认配置的频率限制器 -func NewRateLimiter() *RateLimiter { - return &RateLimiter{ - states: make(map[string]*TokenState), - minTokenInterval: DefaultMinTokenInterval, - maxTokenInterval: DefaultMaxTokenInterval, - dailyMaxRequests: DefaultDailyMaxRequests, - jitterPercent: DefaultJitterPercent, - backoffBase: DefaultBackoffBase, - backoffMax: DefaultBackoffMax, - backoffMultiplier: DefaultBackoffMultiplier, - suspendCooldown: DefaultSuspendCooldown, - rng: rand.New(rand.NewSource(time.Now().UnixNano())), - } -} - -// RateLimiterConfig 频率限制器配置 -type RateLimiterConfig struct { - MinTokenInterval time.Duration - MaxTokenInterval time.Duration - DailyMaxRequests int - JitterPercent float64 - BackoffBase time.Duration - BackoffMax time.Duration - BackoffMultiplier float64 - SuspendCooldown time.Duration -} - -// NewRateLimiterWithConfig 使用自定义配置创建频率限制器 -func NewRateLimiterWithConfig(cfg RateLimiterConfig) *RateLimiter { - rl := NewRateLimiter() - if cfg.MinTokenInterval > 0 { - rl.minTokenInterval = cfg.MinTokenInterval - } - if cfg.MaxTokenInterval > 0 { - rl.maxTokenInterval = cfg.MaxTokenInterval - } - if cfg.DailyMaxRequests > 0 { - rl.dailyMaxRequests = cfg.DailyMaxRequests - } - if cfg.JitterPercent > 0 { - rl.jitterPercent = cfg.JitterPercent - } - if cfg.BackoffBase > 0 { - rl.backoffBase = cfg.BackoffBase - } - if cfg.BackoffMax > 0 { - rl.backoffMax = cfg.BackoffMax - } - if cfg.BackoffMultiplier > 0 { - rl.backoffMultiplier = cfg.BackoffMultiplier - } - if cfg.SuspendCooldown > 0 { - rl.suspendCooldown = cfg.SuspendCooldown - } - return rl -} - -// getOrCreateState 获取或创建 Token 状态 -func (rl *RateLimiter) getOrCreateState(tokenKey string) *TokenState { - state, exists := rl.states[tokenKey] - if !exists { - state = &TokenState{ - DailyResetTime: time.Now().Truncate(24 * time.Hour).Add(24 * time.Hour), - } - rl.states[tokenKey] = state - } - return state -} - -// resetDailyIfNeeded 如果需要则重置每日计数 -func (rl *RateLimiter) resetDailyIfNeeded(state *TokenState) { - now := time.Now() - if now.After(state.DailyResetTime) { - state.DailyRequests = 0 - state.DailyResetTime = now.Truncate(24 * time.Hour).Add(24 * time.Hour) - } -} - -// calculateInterval 计算带抖动的随机间隔 -func (rl *RateLimiter) calculateInterval() time.Duration { - baseInterval := rl.minTokenInterval + time.Duration(rl.rng.Int63n(int64(rl.maxTokenInterval-rl.minTokenInterval))) - jitter := time.Duration(float64(baseInterval) * rl.jitterPercent * (rl.rng.Float64()*2 - 1)) - return baseInterval + jitter -} - -// WaitForToken 等待 Token 可用(带抖动的随机间隔) -func (rl *RateLimiter) WaitForToken(tokenKey string) { - rl.mu.Lock() - state := rl.getOrCreateState(tokenKey) - rl.resetDailyIfNeeded(state) - - now := time.Now() - - // 检查是否在冷却期 - if now.Before(state.CooldownEnd) { - waitTime := state.CooldownEnd.Sub(now) - rl.mu.Unlock() - time.Sleep(waitTime) - rl.mu.Lock() - state = rl.getOrCreateState(tokenKey) - now = time.Now() - } - - // 计算距离上次请求的间隔 - interval := rl.calculateInterval() - nextAllowedTime := state.LastRequest.Add(interval) - - if now.Before(nextAllowedTime) { - waitTime := nextAllowedTime.Sub(now) - rl.mu.Unlock() - time.Sleep(waitTime) - rl.mu.Lock() - state = rl.getOrCreateState(tokenKey) - } - - state.LastRequest = time.Now() - state.RequestCount++ - state.DailyRequests++ - rl.mu.Unlock() -} - -// MarkTokenFailed 标记 Token 失败 -func (rl *RateLimiter) MarkTokenFailed(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.FailCount++ - state.CooldownEnd = time.Now().Add(rl.calculateBackoff(state.FailCount)) -} - -// MarkTokenSuccess 标记 Token 成功 -func (rl *RateLimiter) MarkTokenSuccess(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.FailCount = 0 - state.CooldownEnd = time.Time{} -} - -// CheckAndMarkSuspended 检测暂停错误并标记 -func (rl *RateLimiter) CheckAndMarkSuspended(tokenKey string, errorMsg string) bool { - suspendKeywords := []string{ - "suspended", - "banned", - "disabled", - "account has been", - "access denied", - "rate limit exceeded", - "too many requests", - "quota exceeded", - } - - lowerMsg := strings.ToLower(errorMsg) - for _, keyword := range suspendKeywords { - if strings.Contains(lowerMsg, keyword) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state := rl.getOrCreateState(tokenKey) - state.IsSuspended = true - state.SuspendedAt = time.Now() - state.SuspendReason = errorMsg - state.CooldownEnd = time.Now().Add(rl.suspendCooldown) - return true - } - } - return false -} - -// IsTokenAvailable 检查 Token 是否可用 -func (rl *RateLimiter) IsTokenAvailable(tokenKey string) bool { - rl.mu.RLock() - defer rl.mu.RUnlock() - - state, exists := rl.states[tokenKey] - if !exists { - return true - } - - now := time.Now() - - // 检查是否被暂停 - if state.IsSuspended { - if now.After(state.SuspendedAt.Add(rl.suspendCooldown)) { - return true - } - return false - } - - // 检查是否在冷却期 - if now.Before(state.CooldownEnd) { - return false - } - - // 检查每日请求限制 - rl.mu.RUnlock() - rl.mu.Lock() - rl.resetDailyIfNeeded(state) - dailyRequests := state.DailyRequests - dailyMax := rl.dailyMaxRequests - rl.mu.Unlock() - rl.mu.RLock() - - if dailyRequests >= dailyMax { - return false - } - - return true -} - -// calculateBackoff 计算指数退避时间 -func (rl *RateLimiter) calculateBackoff(failCount int) time.Duration { - if failCount <= 0 { - return 0 - } - - backoff := float64(rl.backoffBase) * math.Pow(rl.backoffMultiplier, float64(failCount-1)) - - // 添加抖动 - jitter := backoff * rl.jitterPercent * (rl.rng.Float64()*2 - 1) - backoff += jitter - - if time.Duration(backoff) > rl.backoffMax { - return rl.backoffMax - } - return time.Duration(backoff) -} - -// GetTokenState 获取 Token 状态(只读) -func (rl *RateLimiter) GetTokenState(tokenKey string) *TokenState { - rl.mu.RLock() - defer rl.mu.RUnlock() - - state, exists := rl.states[tokenKey] - if !exists { - return nil - } - - // 返回副本以防止外部修改 - stateCopy := *state - return &stateCopy -} - -// ClearTokenState 清除 Token 状态 -func (rl *RateLimiter) ClearTokenState(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - delete(rl.states, tokenKey) -} - -// ResetSuspension 重置暂停状态 -func (rl *RateLimiter) ResetSuspension(tokenKey string) { - rl.mu.Lock() - defer rl.mu.Unlock() - - state, exists := rl.states[tokenKey] - if exists { - state.IsSuspended = false - state.SuspendedAt = time.Time{} - state.SuspendReason = "" - state.CooldownEnd = time.Time{} - state.FailCount = 0 - } -} diff --git a/internal/auth/kiro/rate_limiter_singleton.go b/internal/auth/kiro/rate_limiter_singleton.go deleted file mode 100644 index 4c02af89c6..0000000000 --- a/internal/auth/kiro/rate_limiter_singleton.go +++ /dev/null @@ -1,46 +0,0 @@ -package kiro - -import ( - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -var ( - globalRateLimiter *RateLimiter - globalRateLimiterOnce sync.Once - - globalCooldownManager *CooldownManager - globalCooldownManagerOnce sync.Once - cooldownStopCh chan struct{} -) - -// GetGlobalRateLimiter returns the singleton RateLimiter instance. -func GetGlobalRateLimiter() *RateLimiter { - globalRateLimiterOnce.Do(func() { - globalRateLimiter = NewRateLimiter() - log.Info("kiro: global RateLimiter initialized") - }) - return globalRateLimiter -} - -// GetGlobalCooldownManager returns the singleton CooldownManager instance. -func GetGlobalCooldownManager() *CooldownManager { - globalCooldownManagerOnce.Do(func() { - globalCooldownManager = NewCooldownManager() - cooldownStopCh = make(chan struct{}) - go globalCooldownManager.StartCleanupRoutine(5*time.Minute, cooldownStopCh) - log.Info("kiro: global CooldownManager initialized with cleanup routine") - }) - return globalCooldownManager -} - -// ShutdownRateLimiters stops the cooldown cleanup routine. -// Should be called during application shutdown. -func ShutdownRateLimiters() { - if cooldownStopCh != nil { - close(cooldownStopCh) - log.Info("kiro: rate limiter cleanup routine stopped") - } -} diff --git a/internal/auth/kiro/rate_limiter_test.go b/internal/auth/kiro/rate_limiter_test.go deleted file mode 100644 index 636413dd3e..0000000000 --- a/internal/auth/kiro/rate_limiter_test.go +++ /dev/null @@ -1,304 +0,0 @@ -package kiro - -import ( - "sync" - "testing" - "time" -) - -func TestNewRateLimiter(t *testing.T) { - rl := NewRateLimiter() - if rl == nil { - t.Fatal("expected non-nil RateLimiter") - } - if rl.states == nil { - t.Error("expected non-nil states map") - } - if rl.minTokenInterval != DefaultMinTokenInterval { - t.Errorf("expected minTokenInterval %v, got %v", DefaultMinTokenInterval, rl.minTokenInterval) - } - if rl.maxTokenInterval != DefaultMaxTokenInterval { - t.Errorf("expected maxTokenInterval %v, got %v", DefaultMaxTokenInterval, rl.maxTokenInterval) - } - if rl.dailyMaxRequests != DefaultDailyMaxRequests { - t.Errorf("expected dailyMaxRequests %d, got %d", DefaultDailyMaxRequests, rl.dailyMaxRequests) - } -} - -func TestNewRateLimiterWithConfig(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 5 * time.Second, - MaxTokenInterval: 15 * time.Second, - DailyMaxRequests: 100, - JitterPercent: 0.2, - BackoffBase: 1 * time.Minute, - BackoffMax: 30 * time.Minute, - BackoffMultiplier: 1.5, - SuspendCooldown: 12 * time.Hour, - } - - rl := NewRateLimiterWithConfig(cfg) - if rl.minTokenInterval != 5*time.Second { - t.Errorf("expected minTokenInterval 5s, got %v", rl.minTokenInterval) - } - if rl.maxTokenInterval != 15*time.Second { - t.Errorf("expected maxTokenInterval 15s, got %v", rl.maxTokenInterval) - } - if rl.dailyMaxRequests != 100 { - t.Errorf("expected dailyMaxRequests 100, got %d", rl.dailyMaxRequests) - } -} - -func TestNewRateLimiterWithConfig_PartialConfig(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 5 * time.Second, - } - - rl := NewRateLimiterWithConfig(cfg) - if rl.minTokenInterval != 5*time.Second { - t.Errorf("expected minTokenInterval 5s, got %v", rl.minTokenInterval) - } - if rl.maxTokenInterval != DefaultMaxTokenInterval { - t.Errorf("expected default maxTokenInterval, got %v", rl.maxTokenInterval) - } -} - -func TestGetTokenState_NonExistent(t *testing.T) { - rl := NewRateLimiter() - state := rl.GetTokenState("nonexistent") - if state != nil { - t.Error("expected nil state for non-existent token") - } -} - -func TestIsTokenAvailable_NewToken(t *testing.T) { - rl := NewRateLimiter() - if !rl.IsTokenAvailable("newtoken") { - t.Error("expected new token to be available") - } -} - -func TestMarkTokenFailed(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - - state := rl.GetTokenState("token1") - if state == nil { - t.Fatal("expected non-nil state") - } - if state.FailCount != 1 { - t.Errorf("expected FailCount 1, got %d", state.FailCount) - } - if state.CooldownEnd.IsZero() { - t.Error("expected non-zero CooldownEnd") - } -} - -func TestMarkTokenSuccess(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - rl.MarkTokenFailed("token1") - rl.MarkTokenSuccess("token1") - - state := rl.GetTokenState("token1") - if state == nil { - t.Fatal("expected non-nil state") - } - if state.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", state.FailCount) - } - if !state.CooldownEnd.IsZero() { - t.Error("expected zero CooldownEnd after success") - } -} - -func TestCheckAndMarkSuspended_Suspended(t *testing.T) { - rl := NewRateLimiter() - - testCases := []string{ - "Account has been suspended", - "You are banned from this service", - "Account disabled", - "Access denied permanently", - "Rate limit exceeded", - "Too many requests", - "Quota exceeded for today", - } - - for i, msg := range testCases { - tokenKey := "token" + string(rune('a'+i)) - if !rl.CheckAndMarkSuspended(tokenKey, msg) { - t.Errorf("expected suspension detected for: %s", msg) - } - state := rl.GetTokenState(tokenKey) - if !state.IsSuspended { - t.Errorf("expected IsSuspended true for: %s", msg) - } - } -} - -func TestCheckAndMarkSuspended_NotSuspended(t *testing.T) { - rl := NewRateLimiter() - - normalErrors := []string{ - "connection timeout", - "internal server error", - "bad request", - "invalid token format", - } - - for i, msg := range normalErrors { - tokenKey := "token" + string(rune('a'+i)) - if rl.CheckAndMarkSuspended(tokenKey, msg) { - t.Errorf("unexpected suspension for: %s", msg) - } - } -} - -func TestIsTokenAvailable_Suspended(t *testing.T) { - rl := NewRateLimiter() - rl.CheckAndMarkSuspended("token1", "Account suspended") - - if rl.IsTokenAvailable("token1") { - t.Error("expected suspended token to be unavailable") - } -} - -func TestClearTokenState(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - rl.ClearTokenState("token1") - - state := rl.GetTokenState("token1") - if state != nil { - t.Error("expected nil state after clear") - } -} - -func TestResetSuspension(t *testing.T) { - rl := NewRateLimiter() - rl.CheckAndMarkSuspended("token1", "Account suspended") - rl.ResetSuspension("token1") - - state := rl.GetTokenState("token1") - if state.IsSuspended { - t.Error("expected IsSuspended false after reset") - } - if state.FailCount != 0 { - t.Errorf("expected FailCount 0, got %d", state.FailCount) - } -} - -func TestResetSuspension_NonExistent(t *testing.T) { - rl := NewRateLimiter() - rl.ResetSuspension("nonexistent") -} - -func TestCalculateBackoff_ZeroFailCount(t *testing.T) { - rl := NewRateLimiter() - backoff := rl.calculateBackoff(0) - if backoff != 0 { - t.Errorf("expected 0 backoff for 0 fails, got %v", backoff) - } -} - -func TestCalculateBackoff_Exponential(t *testing.T) { - cfg := RateLimiterConfig{ - BackoffBase: 1 * time.Minute, - BackoffMax: 60 * time.Minute, - BackoffMultiplier: 2.0, - JitterPercent: 0.3, - } - rl := NewRateLimiterWithConfig(cfg) - - backoff1 := rl.calculateBackoff(1) - if backoff1 < 40*time.Second || backoff1 > 80*time.Second { - t.Errorf("expected ~1min (with jitter) for fail 1, got %v", backoff1) - } - - backoff2 := rl.calculateBackoff(2) - if backoff2 < 80*time.Second || backoff2 > 160*time.Second { - t.Errorf("expected ~2min (with jitter) for fail 2, got %v", backoff2) - } -} - -func TestCalculateBackoff_MaxCap(t *testing.T) { - cfg := RateLimiterConfig{ - BackoffBase: 1 * time.Minute, - BackoffMax: 10 * time.Minute, - BackoffMultiplier: 2.0, - JitterPercent: 0, - } - rl := NewRateLimiterWithConfig(cfg) - - backoff := rl.calculateBackoff(10) - if backoff > 10*time.Minute { - t.Errorf("expected backoff capped at 10min, got %v", backoff) - } -} - -func TestGetTokenState_ReturnsCopy(t *testing.T) { - rl := NewRateLimiter() - rl.MarkTokenFailed("token1") - - state1 := rl.GetTokenState("token1") - state1.FailCount = 999 - - state2 := rl.GetTokenState("token1") - if state2.FailCount == 999 { - t.Error("GetTokenState should return a copy") - } -} - -func TestRateLimiter_ConcurrentAccess(t *testing.T) { - rl := NewRateLimiter() - const numGoroutines = 50 - const numOperations = 50 - - var wg sync.WaitGroup - wg.Add(numGoroutines) - - for i := 0; i < numGoroutines; i++ { - go func(id int) { - defer wg.Done() - tokenKey := "token" + string(rune('a'+id%10)) - for j := 0; j < numOperations; j++ { - switch j % 6 { - case 0: - rl.IsTokenAvailable(tokenKey) - case 1: - rl.MarkTokenFailed(tokenKey) - case 2: - rl.MarkTokenSuccess(tokenKey) - case 3: - rl.GetTokenState(tokenKey) - case 4: - rl.CheckAndMarkSuspended(tokenKey, "test error") - case 5: - rl.ResetSuspension(tokenKey) - } - } - }(i) - } - - wg.Wait() -} - -func TestCalculateInterval_WithinRange(t *testing.T) { - cfg := RateLimiterConfig{ - MinTokenInterval: 10 * time.Second, - MaxTokenInterval: 30 * time.Second, - JitterPercent: 0.3, - } - rl := NewRateLimiterWithConfig(cfg) - - minAllowed := 7 * time.Second - maxAllowed := 40 * time.Second - - for i := 0; i < 100; i++ { - interval := rl.calculateInterval() - if interval < minAllowed || interval > maxAllowed { - t.Errorf("interval %v outside expected range [%v, %v]", interval, minAllowed, maxAllowed) - } - } -} diff --git a/internal/auth/kiro/refresh_manager.go b/internal/auth/kiro/refresh_manager.go deleted file mode 100644 index e14c1e6214..0000000000 --- a/internal/auth/kiro/refresh_manager.go +++ /dev/null @@ -1,180 +0,0 @@ -package kiro - -import ( - "context" - "sync" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// RefreshManager 是后台刷新器的单例管理器 -type RefreshManager struct { - mu sync.Mutex - refresher *BackgroundRefresher - ctx context.Context - cancel context.CancelFunc - started bool - onTokenRefreshed func(tokenID string, tokenData *KiroTokenData) // 刷新成功回调 -} - -var ( - globalRefreshManager *RefreshManager - managerOnce sync.Once -) - -// GetRefreshManager 获取全局刷新管理器实例 -func GetRefreshManager() *RefreshManager { - managerOnce.Do(func() { - globalRefreshManager = &RefreshManager{} - }) - return globalRefreshManager -} - -// Initialize 初始化后台刷新器 -// baseDir: token 文件所在的目录 -// cfg: 应用配置 -func (m *RefreshManager) Initialize(baseDir string, cfg *config.Config) error { - m.mu.Lock() - defer m.mu.Unlock() - - if m.started { - log.Debug("refresh manager: already initialized") - return nil - } - - if baseDir == "" { - log.Warn("refresh manager: base directory not provided, skipping initialization") - return nil - } - - resolvedBaseDir, err := util.ResolveAuthDir(baseDir) - if err != nil { - log.Warnf("refresh manager: failed to resolve auth directory %s: %v", baseDir, err) - } - if resolvedBaseDir != "" { - baseDir = resolvedBaseDir - } - - // 创建 token 存储库 - repo := NewFileTokenRepository(baseDir) - - // 创建后台刷新器,配置参数 - opts := []RefresherOption{ - WithInterval(time.Minute), // 每分钟检查一次 - WithBatchSize(50), // 每批最多处理 50 个 token - WithConcurrency(10), // 最多 10 个并发刷新 - WithConfig(cfg), // 设置 OAuth 和 SSO 客户端 - } - - // 如果已设置回调,传递给 BackgroundRefresher - if m.onTokenRefreshed != nil { - opts = append(opts, WithOnTokenRefreshed(m.onTokenRefreshed)) - } - - m.refresher = NewBackgroundRefresher(repo, opts...) - - log.Infof("refresh manager: initialized with base directory %s", baseDir) - return nil -} - -// Start 启动后台刷新 -func (m *RefreshManager) Start() { - m.mu.Lock() - defer m.mu.Unlock() - - if m.started { - log.Debug("refresh manager: already started") - return - } - - if m.refresher == nil { - log.Warn("refresh manager: not initialized, cannot start") - return - } - - m.ctx, m.cancel = context.WithCancel(context.Background()) - m.refresher.Start(m.ctx) - m.started = true - - log.Info("refresh manager: background refresh started") -} - -// Stop 停止后台刷新 -func (m *RefreshManager) Stop() { - m.mu.Lock() - defer m.mu.Unlock() - - if !m.started { - return - } - - if m.cancel != nil { - m.cancel() - } - - if m.refresher != nil { - m.refresher.Stop() - } - - m.started = false - log.Info("refresh manager: background refresh stopped") -} - -// IsRunning 检查后台刷新是否正在运行 -func (m *RefreshManager) IsRunning() bool { - m.mu.Lock() - defer m.mu.Unlock() - return m.started -} - -// UpdateBaseDir 更新 token 目录(用于运行时配置更改) -func (m *RefreshManager) UpdateBaseDir(baseDir string) { - m.mu.Lock() - defer m.mu.Unlock() - - if m.refresher != nil && m.refresher.tokenRepo != nil { - if repo, ok := m.refresher.tokenRepo.(*FileTokenRepository); ok { - repo.SetBaseDir(baseDir) - log.Infof("refresh manager: updated base directory to %s", baseDir) - } - } -} - -// SetOnTokenRefreshed 设置 token 刷新成功后的回调函数 -// 可以在任何时候调用,支持运行时更新回调 -// callback: 回调函数,接收 tokenID(文件名)和新的 token 数据 -func (m *RefreshManager) SetOnTokenRefreshed(callback func(tokenID string, tokenData *KiroTokenData)) { - m.mu.Lock() - defer m.mu.Unlock() - - m.onTokenRefreshed = callback - - // 如果 refresher 已经创建,使用并发安全的方式更新它的回调 - if m.refresher != nil { - m.refresher.callbackMu.Lock() - m.refresher.onTokenRefreshed = callback - m.refresher.callbackMu.Unlock() - } - - log.Debug("refresh manager: token refresh callback registered") -} - -// InitializeAndStart 初始化并启动后台刷新(便捷方法) -func InitializeAndStart(baseDir string, cfg *config.Config) { - manager := GetRefreshManager() - if err := manager.Initialize(baseDir, cfg); err != nil { - log.Errorf("refresh manager: initialization failed: %v", err) - return - } - manager.Start() -} - -// StopGlobalRefreshManager 停止全局刷新管理器 -func StopGlobalRefreshManager() { - if globalRefreshManager != nil { - globalRefreshManager.Stop() - } -} diff --git a/internal/auth/kiro/refresh_utils.go b/internal/auth/kiro/refresh_utils.go deleted file mode 100644 index 5abb714cbe..0000000000 --- a/internal/auth/kiro/refresh_utils.go +++ /dev/null @@ -1,159 +0,0 @@ -// Package kiro provides refresh utilities for Kiro token management. -package kiro - -import ( - "context" - "fmt" - "time" - - log "github.com/sirupsen/logrus" -) - -// RefreshResult contains the result of a token refresh attempt. -type RefreshResult struct { - TokenData *KiroTokenData - Error error - UsedFallback bool // True if we used the existing token as fallback -} - -// RefreshWithGracefulDegradation attempts to refresh a token with graceful degradation. -// If refresh fails but the existing access token is still valid, it returns the existing token. -// This matches kiro-openai-gateway's behavior for better reliability. -// -// Parameters: -// - ctx: Context for the request -// - refreshFunc: Function to perform the actual refresh -// - existingAccessToken: Current access token (for fallback) -// - expiresAt: Expiration time of the existing token -// -// Returns: -// - RefreshResult containing the new or existing token data -func RefreshWithGracefulDegradation( - ctx context.Context, - refreshFunc func(ctx context.Context) (*KiroTokenData, error), - existingAccessToken string, - expiresAt time.Time, -) RefreshResult { - // Try to refresh the token - newTokenData, err := refreshFunc(ctx) - if err == nil { - return RefreshResult{ - TokenData: newTokenData, - Error: nil, - UsedFallback: false, - } - } - - // Refresh failed - check if we can use the existing token - log.Warnf("kiro: token refresh failed: %v", err) - - // Check if existing token is still valid (not expired) - if existingAccessToken != "" && time.Now().Before(expiresAt) { - remainingTime := time.Until(expiresAt) - log.Warnf("kiro: using existing access token (expires in %v). Will retry refresh later.", remainingTime.Round(time.Second)) - - return RefreshResult{ - TokenData: &KiroTokenData{ - AccessToken: existingAccessToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - }, - Error: nil, - UsedFallback: true, - } - } - - // Token is expired and refresh failed - return the error - return RefreshResult{ - TokenData: nil, - Error: fmt.Errorf("token refresh failed and existing token is expired: %w", err), - UsedFallback: false, - } -} - -// IsTokenExpiringSoon checks if a token is expiring within the given threshold. -// Default threshold is 5 minutes if not specified. -func IsTokenExpiringSoon(expiresAt time.Time, threshold time.Duration) bool { - if threshold == 0 { - threshold = 5 * time.Minute - } - return time.Now().Add(threshold).After(expiresAt) -} - -// IsTokenExpired checks if a token has already expired. -func IsTokenExpired(expiresAt time.Time) bool { - return time.Now().After(expiresAt) -} - -// ParseExpiresAt parses an expiration time string in RFC3339 format. -// Returns zero time if parsing fails. -func ParseExpiresAt(expiresAtStr string) time.Time { - if expiresAtStr == "" { - return time.Time{} - } - t, err := time.Parse(time.RFC3339, expiresAtStr) - if err != nil { - log.Debugf("kiro: failed to parse expiresAt '%s': %v", expiresAtStr, err) - return time.Time{} - } - return t -} - -// RefreshConfig contains configuration for token refresh behavior. -type RefreshConfig struct { - // MaxRetries is the maximum number of refresh attempts (default: 1) - MaxRetries int - // RetryDelay is the delay between retry attempts (default: 1 second) - RetryDelay time.Duration - // RefreshThreshold is how early to refresh before expiration (default: 5 minutes) - RefreshThreshold time.Duration - // EnableGracefulDegradation allows using existing token if refresh fails (default: true) - EnableGracefulDegradation bool -} - -// DefaultRefreshConfig returns the default refresh configuration. -func DefaultRefreshConfig() RefreshConfig { - return RefreshConfig{ - MaxRetries: 1, - RetryDelay: time.Second, - RefreshThreshold: 5 * time.Minute, - EnableGracefulDegradation: true, - } -} - -// RefreshWithRetry attempts to refresh a token with retry logic. -func RefreshWithRetry( - ctx context.Context, - refreshFunc func(ctx context.Context) (*KiroTokenData, error), - config RefreshConfig, -) (*KiroTokenData, error) { - var lastErr error - - maxAttempts := config.MaxRetries + 1 - if maxAttempts < 1 { - maxAttempts = 1 - } - - for attempt := 1; attempt <= maxAttempts; attempt++ { - tokenData, err := refreshFunc(ctx) - if err == nil { - if attempt > 1 { - log.Infof("kiro: token refresh succeeded on attempt %d", attempt) - } - return tokenData, nil - } - - lastErr = err - log.Warnf("kiro: token refresh attempt %d/%d failed: %v", attempt, maxAttempts, err) - - // Don't sleep after the last attempt - if attempt < maxAttempts { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(config.RetryDelay): - } - } - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxAttempts, lastErr) -} diff --git a/internal/auth/kiro/social_auth.go b/internal/auth/kiro/social_auth.go deleted file mode 100644 index 605d130303..0000000000 --- a/internal/auth/kiro/social_auth.go +++ /dev/null @@ -1,481 +0,0 @@ -// Package kiro provides social authentication (Google/GitHub) for Kiro via AuthServiceClient. -package kiro - -import ( - "bufio" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "html" - "io" - "net" - "net/http" - "net/url" - "os" - "os/exec" - "runtime" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/browser" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "golang.org/x/term" -) - -const ( - // Kiro AuthService endpoint - kiroAuthServiceEndpoint = "https://prod.us-east-1.auth.desktop.kiro.dev" - - // OAuth timeout - socialAuthTimeout = 10 * time.Minute - - // Default callback port for social auth HTTP server - socialAuthCallbackPort = 9876 -) - -// SocialProvider represents the social login provider. -type SocialProvider string - -const ( - // ProviderGoogle is Google OAuth provider - ProviderGoogle SocialProvider = "Google" - // ProviderGitHub is GitHub OAuth provider - ProviderGitHub SocialProvider = "Github" - // Note: AWS Builder ID is NOT supported by Kiro's auth service. - // It only supports: Google, Github, Cognito - // AWS Builder ID must use device code flow via SSO OIDC. -) - -// CreateTokenRequest is sent to Kiro's /oauth/token endpoint. -type CreateTokenRequest struct { - Code string `json:"code"` - CodeVerifier string `json:"code_verifier"` - RedirectURI string `json:"redirect_uri"` - InvitationCode string `json:"invitation_code,omitempty"` -} - -// SocialTokenResponse from Kiro's /oauth/token endpoint for social auth. -type SocialTokenResponse struct { - AccessToken string `json:"accessToken"` - RefreshToken string `json:"refreshToken"` - ProfileArn string `json:"profileArn"` - ExpiresIn int `json:"expiresIn"` -} - -// RefreshTokenRequest is sent to Kiro's /refreshToken endpoint. -type RefreshTokenRequest struct { - RefreshToken string `json:"refreshToken"` -} - -// WebCallbackResult contains the OAuth callback result from HTTP server. -type WebCallbackResult struct { - Code string - State string - Error string -} - -// SocialAuthClient handles social authentication with Kiro. -type SocialAuthClient struct { - httpClient *http.Client - cfg *config.Config - protocolHandler *ProtocolHandler -} - -// NewSocialAuthClient creates a new social auth client. -func NewSocialAuthClient(cfg *config.Config) *SocialAuthClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &SocialAuthClient{ - httpClient: client, - cfg: cfg, - protocolHandler: NewProtocolHandler(), - } -} - -// startWebCallbackServer starts a local HTTP server to receive the OAuth callback. -// This is used instead of the kiro:// protocol handler to avoid redirect_mismatch errors. -func (c *SocialAuthClient) startWebCallbackServer(ctx context.Context, expectedState string) (string, <-chan WebCallbackResult, error) { - // Try to find an available port - use localhost like Kiro does - listener, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", socialAuthCallbackPort)) - if err != nil { - // Try with dynamic port (RFC 8252 allows dynamic ports for native apps) - log.Warnf("kiro social auth: default port %d is busy, falling back to dynamic port", socialAuthCallbackPort) - listener, err = net.Listen("tcp", "localhost:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - // Use http scheme for local callback server - redirectURI := fmt.Sprintf("http://localhost:%d/oauth/callback", port) - resultChan := make(chan WebCallbackResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc("/oauth/callback", func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - if errParam != "" { - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, ` -Login Failed -

Login Failed

%s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- WebCallbackResult{Error: errParam} - return - } - - if state != expectedState { - w.Header().Set("Content-Type", "text/html; charset=utf-8") - w.WriteHeader(http.StatusBadRequest) - fmt.Fprint(w, ` -Login Failed -

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- WebCallbackResult{Error: "state mismatch"} - return - } - - w.Header().Set("Content-Type", "text/html; charset=utf-8") - fmt.Fprint(w, ` -Login Successful -

Login Successful!

You can close this window and return to the terminal.

-`) - resultChan <- WebCallbackResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("kiro social auth callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(socialAuthTimeout): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// generatePKCE generates PKCE code verifier and challenge. -func generatePKCE() (verifier, challenge string, err error) { - // Generate 32 bytes of random data for verifier - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", err) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - - // Generate SHA256 hash of verifier for challenge - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - - return verifier, challenge, nil -} - -// generateState generates a random state parameter. -func generateStateParam() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// buildLoginURL constructs the Kiro OAuth login URL. -// The login endpoint expects a GET request with query parameters. -// Format: /login?idp=Google&redirect_uri=...&code_challenge=...&code_challenge_method=S256&state=...&prompt=select_account -// The prompt=select_account parameter forces the account selection screen even if already logged in. -func (c *SocialAuthClient) buildLoginURL(provider, redirectURI, codeChallenge, state string) string { - return fmt.Sprintf("%s/login?idp=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256&state=%s&prompt=select_account", - kiroAuthServiceEndpoint, - provider, - url.QueryEscape(redirectURI), - codeChallenge, - state, - ) -} - -// CreateToken exchanges the authorization code for tokens. -func (c *SocialAuthClient) CreateToken(ctx context.Context, req *CreateTokenRequest) (*SocialTokenResponse, error) { - body, err := json.Marshal(req) - if err != nil { - return nil, fmt.Errorf("failed to marshal token request: %w", err) - } - - tokenURL := kiroAuthServiceEndpoint + "/oauth/token" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("User-Agent", "KiroIDE-0.7.45-cli-proxy-api") - - resp, err := c.httpClient.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("token request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read token response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token exchange failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token exchange failed (status %d)", resp.StatusCode) - } - - var tokenResp SocialTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - return &tokenResp, nil -} - -// RefreshSocialToken refreshes an expired social auth token. -func (c *SocialAuthClient) RefreshSocialToken(ctx context.Context, refreshToken string) (*KiroTokenData, error) { - body, err := json.Marshal(&RefreshTokenRequest{RefreshToken: refreshToken}) - if err != nil { - return nil, fmt.Errorf("failed to marshal refresh request: %w", err) - } - - refreshURL := kiroAuthServiceEndpoint + "/refreshToken" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, refreshURL, strings.NewReader(string(body))) - if err != nil { - return nil, fmt.Errorf("failed to create refresh request: %w", err) - } - - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("User-Agent", "cli-proxy-api/1.0.0") - - resp, err := c.httpClient.Do(httpReq) - if err != nil { - return nil, fmt.Errorf("refresh request failed: %w", err) - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read refresh response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d)", resp.StatusCode) - } - - var tokenResp SocialTokenResponse - if err := json.Unmarshal(respBody, &tokenResp); err != nil { - return nil, fmt.Errorf("failed to parse refresh response: %w", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 // Default 1 hour - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: "", // Caller should preserve original provider - Region: "us-east-1", - }, nil -} - -// LoginWithSocial performs OAuth login with Google or GitHub. -// Uses local HTTP callback server instead of custom protocol handler to avoid redirect_mismatch errors. -func (c *SocialAuthClient) LoginWithSocial(ctx context.Context, provider SocialProvider) (*KiroTokenData, error) { - providerName := string(provider) - - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Printf("║ Kiro Authentication (%s) ║\n", providerName) - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Start local HTTP callback server (instead of kiro:// protocol handler) - // This avoids redirect_mismatch errors with AWS Cognito - fmt.Println("\nSetting up authentication...") - - // Step 2: Generate PKCE codes - codeVerifier, codeChallenge, err := generatePKCE() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE: %w", err) - } - - // Step 3: Generate state - state, err := generateStateParam() - if err != nil { - return nil, fmt.Errorf("failed to generate state: %w", err) - } - - // Step 4: Start local HTTP callback server - redirectURI, resultChan, err := c.startWebCallbackServer(ctx, state) - if err != nil { - return nil, fmt.Errorf("failed to start callback server: %w", err) - } - log.Debugf("kiro social auth: callback server started at %s", redirectURI) - - // Step 5: Build the login URL using HTTP redirect URI - authURL := c.buildLoginURL(providerName, redirectURI, codeChallenge, state) - - // Set incognito mode based on config (defaults to true for Kiro, can be overridden with --no-incognito) - // Incognito mode enables multi-account support by bypassing cached sessions - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) // Default to incognito if no config - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Step 6: Open browser for user authentication - fmt.Println("\n════════════════════════════════════════════════════════════") - fmt.Printf(" Opening browser for %s authentication...\n", providerName) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n URL: %s\n\n", authURL) - - if err := browser.OpenURL(authURL); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" ⚠ Could not open browser automatically.") - fmt.Println(" Please open the URL above in your browser manually.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - fmt.Println("\n Waiting for authentication callback...") - - // Step 7: Wait for callback from HTTP server - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(socialAuthTimeout): - return nil, fmt.Errorf("authentication timed out") - case callback := <-resultChan: - if callback.Error != "" { - return nil, fmt.Errorf("authentication error: %s", callback.Error) - } - - // State is already validated by the callback server - if callback.Code == "" { - return nil, fmt.Errorf("no authorization code received") - } - - fmt.Println("\n✓ Authorization received!") - - // Step 8: Exchange code for tokens - fmt.Println("Exchanging code for tokens...") - - tokenReq := &CreateTokenRequest{ - Code: callback.Code, - CodeVerifier: codeVerifier, - RedirectURI: redirectURI, // Use HTTP redirect URI, not kiro:// protocol - } - - tokenResp, err := c.CreateToken(ctx, tokenReq) - if err != nil { - return nil, fmt.Errorf("failed to exchange code for tokens: %w", err) - } - - fmt.Println("\n✓ Authentication successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Validate ExpiresIn - use default 1 hour if invalid - expiresIn := tokenResp.ExpiresIn - if expiresIn <= 0 { - expiresIn = 3600 - } - expiresAt := time.Now().Add(time.Duration(expiresIn) * time.Second) - - // Try to extract email from JWT access token first - email := ExtractEmailFromJWT(tokenResp.AccessToken) - - // If no email in JWT, ask user for account label (only in interactive mode) - if email == "" && isInteractiveTerminal() { - fmt.Print("\n Enter account label for file naming (optional, press Enter to skip): ") - reader := bufio.NewReader(os.Stdin) - var err error - email, err = reader.ReadString('\n') - if err != nil { - log.Debugf("Failed to read account label: %v", err) - } - email = strings.TrimSpace(email) - } - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: tokenResp.ProfileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "social", - Provider: providerName, - Email: email, // JWT email or user-provided label - Region: "us-east-1", - }, nil - } -} - -// LoginWithGoogle performs OAuth login with Google. -func (c *SocialAuthClient) LoginWithGoogle(ctx context.Context) (*KiroTokenData, error) { - return c.LoginWithSocial(ctx, ProviderGoogle) -} - -// LoginWithGitHub performs OAuth login with GitHub. -func (c *SocialAuthClient) LoginWithGitHub(ctx context.Context) (*KiroTokenData, error) { - return c.LoginWithSocial(ctx, ProviderGitHub) -} - -// forceDefaultProtocolHandler sets our protocol handler as the default for kiro:// URLs. -// This prevents the "Open with" dialog from appearing on Linux. -// On non-Linux platforms, this is a no-op as they use different mechanisms. -func forceDefaultProtocolHandler() { - if runtime.GOOS != "linux" { - return // Non-Linux platforms use different handler mechanisms - } - - // Set our handler as default using xdg-mime - cmd := exec.Command("xdg-mime", "default", "kiro-oauth-handler.desktop", "x-scheme-handler/kiro") - if err := cmd.Run(); err != nil { - log.Warnf("Failed to set default protocol handler: %v. You may see a handler selection dialog.", err) - } -} - -// isInteractiveTerminal checks if stdin is connected to an interactive terminal. -// Returns false in CI/automated environments or when stdin is piped. -func isInteractiveTerminal() bool { - return term.IsTerminal(int(os.Stdin.Fd())) -} diff --git a/internal/auth/kiro/sso_oidc.go b/internal/auth/kiro/sso_oidc.go deleted file mode 100644 index d1d2be6373..0000000000 --- a/internal/auth/kiro/sso_oidc.go +++ /dev/null @@ -1,1396 +0,0 @@ -// Package kiro provides AWS SSO OIDC authentication for Kiro. -package kiro - -import ( - "bufio" - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "html" - "io" - "net" - "net/http" - "os" - "regexp" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/browser" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // AWS SSO OIDC endpoints - ssoOIDCEndpoint = "https://oidc.us-east-1.amazonaws.com" - - // Kiro's start URL for Builder ID - builderIDStartURL = "https://view.awsapps.com/start" - - // Default region for IDC - defaultIDCRegion = "us-east-1" - - // Polling interval - pollInterval = 5 * time.Second - - // Authorization code flow callback - authCodeCallbackPath = "/oauth/callback" - authCodeCallbackPort = 19877 - - // User-Agent to match official Kiro IDE - kiroUserAgent = "KiroIDE" - - // IDC token refresh headers (matching Kiro IDE behavior) - idcAmzUserAgent = "aws-sdk-js/3.738.0 ua/2.1 os/other lang/js md/browser#unknown_unknown api/sso-oidc#3.738.0 m/E KiroIDE" -) - -// Sentinel errors for OIDC token polling -var ( - ErrAuthorizationPending = errors.New("authorization_pending") - ErrSlowDown = errors.New("slow_down") - oidcRegionPattern = regexp.MustCompile(`^[a-z]{2}-[a-z]{2,3}-\d$`) -) - -// SSOOIDCClient handles AWS SSO OIDC authentication. -type SSOOIDCClient struct { - httpClient *http.Client - cfg *config.Config -} - -// NewSSOOIDCClient creates a new SSO OIDC client. -func NewSSOOIDCClient(cfg *config.Config) *SSOOIDCClient { - client := &http.Client{Timeout: 30 * time.Second} - if cfg != nil { - client = util.SetProxy(&cfg.SDKConfig, client) - } - return &SSOOIDCClient{ - httpClient: client, - cfg: cfg, - } -} - -// RegisterClientResponse from AWS SSO OIDC. -type RegisterClientResponse struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret"` - ClientIDIssuedAt int64 `json:"clientIdIssuedAt"` - ClientSecretExpiresAt int64 `json:"clientSecretExpiresAt"` -} - -// StartDeviceAuthResponse from AWS SSO OIDC. -type StartDeviceAuthResponse struct { - DeviceCode string `json:"deviceCode"` - UserCode string `json:"userCode"` - VerificationURI string `json:"verificationUri"` - VerificationURIComplete string `json:"verificationUriComplete"` - ExpiresIn int `json:"expiresIn"` - Interval int `json:"interval"` -} - -// CreateTokenResponse from AWS SSO OIDC. -type CreateTokenResponse struct { - AccessToken string `json:"accessToken"` - TokenType string `json:"tokenType"` - ExpiresIn int `json:"expiresIn"` - RefreshToken string `json:"refreshToken"` -} - -// getOIDCEndpoint returns the OIDC endpoint for the given region. -func getOIDCEndpoint(region string) string { - if region == "" { - region = defaultIDCRegion - } - return fmt.Sprintf("https://oidc.%s.amazonaws.com", region) -} - -// promptInput prompts the user for input with an optional default value. -func promptInput(prompt, defaultValue string) string { - reader := bufio.NewReader(os.Stdin) - if defaultValue != "" { - fmt.Printf("%s [%s]: ", prompt, defaultValue) - } else { - fmt.Printf("%s: ", prompt) - } - input, err := reader.ReadString('\n') - if err != nil { - log.Warnf("Error reading input: %v", err) - return defaultValue - } - input = strings.TrimSpace(input) - if input == "" { - return defaultValue - } - return input -} - -// promptSelect prompts the user to select from options using number input. -func promptSelect(prompt string, options []string) int { - reader := bufio.NewReader(os.Stdin) - - for { - fmt.Println(prompt) - for i, opt := range options { - fmt.Printf(" %d) %s\n", i+1, opt) - } - fmt.Printf("Enter selection (1-%d): ", len(options)) - - input, err := reader.ReadString('\n') - if err != nil { - log.Warnf("Error reading input: %v", err) - return 0 // Default to first option on error - } - input = strings.TrimSpace(input) - - // Parse the selection - var selection int - if _, err := fmt.Sscanf(input, "%d", &selection); err != nil || selection < 1 || selection > len(options) { - fmt.Printf("Invalid selection '%s'. Please enter a number between 1 and %d.\n\n", input, len(options)) - continue - } - return selection - 1 - } -} - -// RegisterClientWithRegion registers a new OIDC client with AWS using a specific region. -func (c *SSOOIDCClient) RegisterClientWithRegion(ctx context.Context, region string) (*RegisterClientResponse, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"urn:ietf:params:oauth:grant-type:device_code", "refresh_token"}, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// StartDeviceAuthorizationWithIDC starts the device authorization flow for IDC. -func (c *SSOOIDCClient) StartDeviceAuthorizationWithIDC(ctx context.Context, clientID, clientSecret, startURL, region string) (*StartDeviceAuthResponse, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "startUrl": startURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/device_authorization", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("start device auth failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("start device auth failed (status %d)", resp.StatusCode) - } - - var result StartDeviceAuthResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// CreateTokenWithRegion polls for the access token after user authorization using a specific region. -func (c *SSOOIDCClient) CreateTokenWithRegion(ctx context.Context, clientID, clientSecret, deviceCode, region string) (*CreateTokenResponse, error) { - normalizedRegion, errRegion := normalizeOIDCRegion(region) - if errRegion != nil { - return nil, errRegion - } - endpoint := getOIDCEndpoint(normalizedRegion) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "deviceCode": deviceCode, - "grantType": "urn:ietf:params:oauth:grant-type:device_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Check for pending authorization - if resp.StatusCode == http.StatusBadRequest { - var errResp struct { - Error string `json:"error"` - } - if json.Unmarshal(respBody, &errResp) == nil { - if errResp.Error == "authorization_pending" { - return nil, ErrAuthorizationPending - } - if errResp.Error == "slow_down" { - return nil, ErrSlowDown - } - } - log.Debugf("create token failed: %s", string(respBody)) - return nil, fmt.Errorf("create token failed") - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -func normalizeOIDCRegion(region string) (string, error) { - trimmed := strings.TrimSpace(region) - if trimmed == "" { - return defaultIDCRegion, nil - } - if !oidcRegionPattern.MatchString(trimmed) { - return "", fmt.Errorf("invalid OIDC region %q", region) - } - return trimmed, nil -} -// RefreshTokenWithRegion refreshes an access token using the refresh token with a specific region. -func (c *SSOOIDCClient) RefreshTokenWithRegion(ctx context.Context, clientID, clientSecret, refreshToken, region, startURL string) (*KiroTokenData, error) { - endpoint := getOIDCEndpoint(region) - - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "refreshToken": refreshToken, - "grantType": "refresh_token", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - - // Set headers matching kiro2api's IDC token refresh - // These headers are required for successful IDC token refresh - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Host", fmt.Sprintf("oidc.%s.amazonaws.com", region)) - req.Header.Set("Connection", "keep-alive") - req.Header.Set("x-amz-user-agent", idcAmzUserAgent) - req.Header.Set("Accept", "*/*") - req.Header.Set("Accept-Language", "*") - req.Header.Set("sec-fetch-mode", "cors") - req.Header.Set("User-Agent", "node") - req.Header.Set("Accept-Encoding", "br, gzip, deflate") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("IDC token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - expiresAt := time.Now().Add(time.Duration(result.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: result.AccessToken, - RefreshToken: result.RefreshToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "idc", - Provider: "AWS", - ClientID: clientID, - ClientSecret: clientSecret, - StartURL: startURL, - Region: region, - }, nil -} - -// LoginWithIDC performs the full device code flow for AWS Identity Center (IDC). -func (c *SSOOIDCClient) LoginWithIDC(ctx context.Context, startURL, region string) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Identity Center) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Register client with the specified region - fmt.Println("\nRegistering client...") - regResp, err := c.RegisterClientWithRegion(ctx, region) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 2: Start device authorization with IDC start URL - fmt.Println("Starting device authorization...") - authResp, err := c.StartDeviceAuthorizationWithIDC(ctx, regResp.ClientID, regResp.ClientSecret, startURL, region) - if err != nil { - return nil, fmt.Errorf("failed to start device auth: %w", err) - } - - // Step 3: Show user the verification URL - fmt.Printf("\n") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf(" Confirm the following code in the browser:\n") - fmt.Printf(" Code: %s\n", authResp.UserCode) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n Open this URL: %s\n\n", authResp.VerificationURIComplete) - - // Set incognito mode based on config - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Open browser - if err := browser.OpenURL(authResp.VerificationURIComplete); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" Please open the URL manually in your browser.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - // Step 4: Poll for token - fmt.Println("Waiting for authorization...") - - interval := pollInterval - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - browser.CloseBrowser() - return nil, ctx.Err() - case <-time.After(interval): - tokenResp, err := c.CreateTokenWithRegion(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode, region) - if err != nil { - if errors.Is(err, ErrAuthorizationPending) { - fmt.Print(".") - continue - } - if errors.Is(err, ErrSlowDown) { - interval += 5 * time.Second - continue - } - browser.CloseBrowser() - return nil, fmt.Errorf("token creation failed: %w", err) - } - - fmt.Println("\n\n✓ Authorization successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 5: Get profile ARN from CodeWhisperer API - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "idc", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - StartURL: startURL, - Region: region, - }, nil - } - } - - // Close browser on timeout - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser on timeout: %v", err) - } - return nil, fmt.Errorf("authorization timed out") -} - -// LoginWithMethodSelection prompts the user to select between Builder ID and IDC, then performs the login. -func (c *SSOOIDCClient) LoginWithMethodSelection(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Prompt for login method - options := []string{ - "Use with Builder ID (personal AWS account)", - "Use with IDC Account (organization SSO)", - } - selection := promptSelect("\n? Select login method:", options) - - if selection == 0 { - // Builder ID flow - use existing implementation - return c.LoginWithBuilderID(ctx) - } - - // IDC flow - prompt for start URL and region - fmt.Println() - startURL := promptInput("? Enter Start URL", "") - if startURL == "" { - return nil, fmt.Errorf("start URL is required for IDC login") - } - - region := promptInput("? Enter Region", defaultIDCRegion) - - return c.LoginWithIDC(ctx, startURL, region) -} - -// RegisterClient registers a new OIDC client with AWS. -func (c *SSOOIDCClient) RegisterClient(ctx context.Context) (*RegisterClientResponse, error) { - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"urn:ietf:params:oauth:grant-type:device_code", "refresh_token"}, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// StartDeviceAuthorization starts the device authorization flow. -func (c *SSOOIDCClient) StartDeviceAuthorization(ctx context.Context, clientID, clientSecret string) (*StartDeviceAuthResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "startUrl": builderIDStartURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/device_authorization", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("start device auth failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("start device auth failed (status %d)", resp.StatusCode) - } - - var result StartDeviceAuthResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// CreateToken polls for the access token after user authorization. -func (c *SSOOIDCClient) CreateToken(ctx context.Context, clientID, clientSecret, deviceCode string) (*CreateTokenResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "deviceCode": deviceCode, - "grantType": "urn:ietf:params:oauth:grant-type:device_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - // Check for pending authorization - if resp.StatusCode == http.StatusBadRequest { - var errResp struct { - Error string `json:"error"` - } - if json.Unmarshal(respBody, &errResp) == nil { - if errResp.Error == "authorization_pending" { - return nil, ErrAuthorizationPending - } - if errResp.Error == "slow_down" { - return nil, ErrSlowDown - } - } - log.Debugf("create token failed: %s", string(respBody)) - return nil, fmt.Errorf("create token failed") - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// RefreshToken refreshes an access token using the refresh token. -// Includes retry logic and improved error handling for better reliability. -func (c *SSOOIDCClient) RefreshToken(ctx context.Context, clientID, clientSecret, refreshToken string) (*KiroTokenData, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "refreshToken": refreshToken, - "grantType": "refresh_token", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - - // Set headers matching Kiro IDE behavior for better compatibility - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Host", "oidc.us-east-1.amazonaws.com") - req.Header.Set("x-amz-user-agent", idcAmzUserAgent) - req.Header.Set("User-Agent", "node") - req.Header.Set("Accept", "*/*") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("token refresh failed (status %d): %s", resp.StatusCode, string(respBody)) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - expiresAt := time.Now().Add(time.Duration(result.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: result.AccessToken, - RefreshToken: result.RefreshToken, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: clientID, - ClientSecret: clientSecret, - Region: defaultIDCRegion, - }, nil -} - -// LoginWithBuilderID performs the full device code flow for AWS Builder ID. -func (c *SSOOIDCClient) LoginWithBuilderID(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Builder ID) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Register client - fmt.Println("\nRegistering client...") - regResp, err := c.RegisterClient(ctx) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 2: Start device authorization - fmt.Println("Starting device authorization...") - authResp, err := c.StartDeviceAuthorization(ctx, regResp.ClientID, regResp.ClientSecret) - if err != nil { - return nil, fmt.Errorf("failed to start device auth: %w", err) - } - - // Step 3: Show user the verification URL - fmt.Printf("\n") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf(" Open this URL in your browser:\n") - fmt.Printf(" %s\n", authResp.VerificationURIComplete) - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n Or go to: %s\n", authResp.VerificationURI) - fmt.Printf(" And enter code: %s\n\n", authResp.UserCode) - - // Set incognito mode based on config (defaults to true for Kiro, can be overridden with --no-incognito) - // Incognito mode enables multi-account support by bypassing cached sessions - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - if !c.cfg.IncognitoBrowser { - log.Info("kiro: using normal browser mode (--no-incognito). Note: You may not be able to select a different account.") - } else { - log.Debug("kiro: using incognito mode for multi-account support") - } - } else { - browser.SetIncognitoMode(true) // Default to incognito if no config - log.Debug("kiro: using incognito mode for multi-account support (default)") - } - - // Open browser using cross-platform browser package - if err := browser.OpenURL(authResp.VerificationURIComplete); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" Please open the URL manually in your browser.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - // Step 4: Poll for token - fmt.Println("Waiting for authorization...") - - interval := pollInterval - if authResp.Interval > 0 { - interval = time.Duration(authResp.Interval) * time.Second - } - - deadline := time.Now().Add(time.Duration(authResp.ExpiresIn) * time.Second) - - for time.Now().Before(deadline) { - select { - case <-ctx.Done(): - browser.CloseBrowser() // Cleanup on cancel - return nil, ctx.Err() - case <-time.After(interval): - tokenResp, err := c.CreateToken(ctx, regResp.ClientID, regResp.ClientSecret, authResp.DeviceCode) - if err != nil { - if errors.Is(err, ErrAuthorizationPending) { - fmt.Print(".") - continue - } - if errors.Is(err, ErrSlowDown) { - interval += 5 * time.Second - continue - } - // Close browser on error before returning - browser.CloseBrowser() - return nil, fmt.Errorf("token creation failed: %w", err) - } - - fmt.Println("\n\n✓ Authorization successful!") - - // Close the browser window - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 5: Get profile ARN from CodeWhisperer API - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email (tries CodeWhisperer API first, then userinfo endpoint, then JWT parsing) - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - Region: defaultIDCRegion, - }, nil - } - } - - // Close browser on timeout for better UX - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser on timeout: %v", err) - } - return nil, fmt.Errorf("authorization timed out") - } - -// FetchUserEmail retrieves the user's email from AWS SSO OIDC userinfo endpoint. -// Falls back to JWT parsing if userinfo fails. -func (c *SSOOIDCClient) FetchUserEmail(ctx context.Context, accessToken string) string { - // Method 1: Try userinfo endpoint (standard OIDC) - email := c.tryUserInfoEndpoint(ctx, accessToken) - if email != "" { - return email - } - - // Method 2: Fallback to JWT parsing - return ExtractEmailFromJWT(accessToken) -} - -// tryUserInfoEndpoint attempts to get user info from AWS SSO OIDC userinfo endpoint. -func (c *SSOOIDCClient) tryUserInfoEndpoint(ctx context.Context, accessToken string) string { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, ssoOIDCEndpoint+"/userinfo", nil) - if err != nil { - return "" - } - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - log.Debugf("userinfo request failed: %v", err) - return "" - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - respBody, _ := io.ReadAll(resp.Body) - log.Debugf("userinfo endpoint returned status %d: %s", resp.StatusCode, string(respBody)) - return "" - } - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return "" - } - - log.Debugf("userinfo response: %s", string(respBody)) - - var userInfo struct { - Email string `json:"email"` - Sub string `json:"sub"` - PreferredUsername string `json:"preferred_username"` - Name string `json:"name"` - } - - if err := json.Unmarshal(respBody, &userInfo); err != nil { - return "" - } - - if userInfo.Email != "" { - return userInfo.Email - } - if userInfo.PreferredUsername != "" && strings.Contains(userInfo.PreferredUsername, "@") { - return userInfo.PreferredUsername - } - return "" -} - -// fetchProfileArn retrieves the profile ARN from CodeWhisperer API. -// This is needed for file naming since AWS SSO OIDC doesn't return profile info. -func (c *SSOOIDCClient) fetchProfileArn(ctx context.Context, accessToken string) string { - // Try ListProfiles API first - profileArn := c.tryListProfiles(ctx, accessToken) - if profileArn != "" { - return profileArn - } - - // Fallback: Try ListAvailableCustomizations - return c.tryListCustomizations(ctx, accessToken) -} - -func (c *SSOOIDCClient) tryListProfiles(ctx context.Context, accessToken string) string { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - } - - body, err := json.Marshal(payload) - if err != nil { - return "" - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://codewhisperer.us-east-1.amazonaws.com", strings.NewReader(string(body))) - if err != nil { - return "" - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", "AmazonCodeWhispererService.ListProfiles") - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "" - } - defer resp.Body.Close() - - respBody, _ := io.ReadAll(resp.Body) - - if resp.StatusCode != http.StatusOK { - log.Debugf("ListProfiles failed (status %d): %s", resp.StatusCode, string(respBody)) - return "" - } - - log.Debugf("ListProfiles response: %s", string(respBody)) - - var result struct { - Profiles []struct { - Arn string `json:"arn"` - } `json:"profiles"` - ProfileArn string `json:"profileArn"` - } - - if err := json.Unmarshal(respBody, &result); err != nil { - return "" - } - - if result.ProfileArn != "" { - return result.ProfileArn - } - - if len(result.Profiles) > 0 { - return result.Profiles[0].Arn - } - - return "" -} - -func (c *SSOOIDCClient) tryListCustomizations(ctx context.Context, accessToken string) string { - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - } - - body, err := json.Marshal(payload) - if err != nil { - return "" - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://codewhisperer.us-east-1.amazonaws.com", strings.NewReader(string(body))) - if err != nil { - return "" - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", "AmazonCodeWhispererService.ListAvailableCustomizations") - req.Header.Set("Authorization", "Bearer "+accessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return "" - } - defer resp.Body.Close() - - respBody, _ := io.ReadAll(resp.Body) - - if resp.StatusCode != http.StatusOK { - log.Debugf("ListAvailableCustomizations failed (status %d): %s", resp.StatusCode, string(respBody)) - return "" - } - - log.Debugf("ListAvailableCustomizations response: %s", string(respBody)) - - var result struct { - Customizations []struct { - Arn string `json:"arn"` - } `json:"customizations"` - ProfileArn string `json:"profileArn"` - } - - if err := json.Unmarshal(respBody, &result); err != nil { - return "" - } - - if result.ProfileArn != "" { - return result.ProfileArn - } - - if len(result.Customizations) > 0 { - return result.Customizations[0].Arn - } - - return "" -} - -// RegisterClientForAuthCode registers a new OIDC client for authorization code flow. -func (c *SSOOIDCClient) RegisterClientForAuthCode(ctx context.Context, redirectURI string) (*RegisterClientResponse, error) { - payload := map[string]interface{}{ - "clientName": "Kiro IDE", - "clientType": "public", - "scopes": []string{"codewhisperer:completions", "codewhisperer:analysis", "codewhisperer:conversations", "codewhisperer:transformations", "codewhisperer:taskassist"}, - "grantTypes": []string{"authorization_code", "refresh_token"}, - "redirectUris": []string{redirectURI}, - "issuerUrl": builderIDStartURL, - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/client/register", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("register client for auth code failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("register client failed (status %d)", resp.StatusCode) - } - - var result RegisterClientResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// AuthCodeCallbackResult contains the result from authorization code callback. -type AuthCodeCallbackResult struct { - Code string - State string - Error string -} - -// startAuthCodeCallbackServer starts a local HTTP server to receive the authorization code callback. -func (c *SSOOIDCClient) startAuthCodeCallbackServer(ctx context.Context, expectedState string) (string, <-chan AuthCodeCallbackResult, error) { - // Try to find an available port - listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", authCodeCallbackPort)) - if err != nil { - // Try with dynamic port - log.Warnf("sso oidc: default port %d is busy, falling back to dynamic port", authCodeCallbackPort) - listener, err = net.Listen("tcp", "127.0.0.1:0") - if err != nil { - return "", nil, fmt.Errorf("failed to start callback server: %w", err) - } - } - - port := listener.Addr().(*net.TCPAddr).Port - redirectURI := fmt.Sprintf("http://127.0.0.1:%d%s", port, authCodeCallbackPath) - resultChan := make(chan AuthCodeCallbackResult, 1) - - server := &http.Server{ - ReadHeaderTimeout: 10 * time.Second, - } - - mux := http.NewServeMux() - mux.HandleFunc(authCodeCallbackPath, func(w http.ResponseWriter, r *http.Request) { - code := r.URL.Query().Get("code") - state := r.URL.Query().Get("state") - errParam := r.URL.Query().Get("error") - - // Send response to browser - w.Header().Set("Content-Type", "text/html; charset=utf-8") - if errParam != "" { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, ` -Login Failed -

Login Failed

Error: %s

You can close this window.

`, html.EscapeString(errParam)) - resultChan <- AuthCodeCallbackResult{Error: errParam} - return - } - - if state != expectedState { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprint(w, ` -Login Failed -

Login Failed

Invalid state parameter

You can close this window.

`) - resultChan <- AuthCodeCallbackResult{Error: "state mismatch"} - return - } - - fmt.Fprint(w, ` -Login Successful -

Login Successful!

You can close this window and return to the terminal.

-`) - resultChan <- AuthCodeCallbackResult{Code: code, State: state} - }) - - server.Handler = mux - - go func() { - if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { - log.Debugf("auth code callback server error: %v", err) - } - }() - - go func() { - select { - case <-ctx.Done(): - case <-time.After(10 * time.Minute): - case <-resultChan: - } - _ = server.Shutdown(context.Background()) - }() - - return redirectURI, resultChan, nil -} - -// generatePKCEForAuthCode generates PKCE code verifier and challenge for authorization code flow. -func generatePKCEForAuthCode() (verifier, challenge string, err error) { - b := make([]byte, 32) - if _, err := rand.Read(b); err != nil { - return "", "", fmt.Errorf("failed to generate random bytes: %w", err) - } - verifier = base64.RawURLEncoding.EncodeToString(b) - h := sha256.Sum256([]byte(verifier)) - challenge = base64.RawURLEncoding.EncodeToString(h[:]) - return verifier, challenge, nil -} - -// generateStateForAuthCode generates a random state parameter. -func generateStateForAuthCode() (string, error) { - b := make([]byte, 16) - if _, err := rand.Read(b); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(b), nil -} - -// CreateTokenWithAuthCode exchanges authorization code for tokens. -func (c *SSOOIDCClient) CreateTokenWithAuthCode(ctx context.Context, clientID, clientSecret, code, codeVerifier, redirectURI string) (*CreateTokenResponse, error) { - payload := map[string]string{ - "clientId": clientID, - "clientSecret": clientSecret, - "code": code, - "codeVerifier": codeVerifier, - "redirectUri": redirectURI, - "grantType": "authorization_code", - } - - body, err := json.Marshal(payload) - if err != nil { - return nil, err - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, ssoOIDCEndpoint+"/token", strings.NewReader(string(body))) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", kiroUserAgent) - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - log.Debugf("create token with auth code failed (status %d): %s", resp.StatusCode, string(respBody)) - return nil, fmt.Errorf("create token failed (status %d)", resp.StatusCode) - } - - var result CreateTokenResponse - if err := json.Unmarshal(respBody, &result); err != nil { - return nil, err - } - - return &result, nil -} - -// LoginWithBuilderIDAuthCode performs the authorization code flow for AWS Builder ID. -// This provides a better UX than device code flow as it uses automatic browser callback. -func (c *SSOOIDCClient) LoginWithBuilderIDAuthCode(ctx context.Context) (*KiroTokenData, error) { - fmt.Println("\n╔══════════════════════════════════════════════════════════╗") - fmt.Println("║ Kiro Authentication (AWS Builder ID - Auth Code) ║") - fmt.Println("╚══════════════════════════════════════════════════════════╝") - - // Step 1: Generate PKCE and state - codeVerifier, codeChallenge, err := generatePKCEForAuthCode() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE: %w", err) - } - - state, err := generateStateForAuthCode() - if err != nil { - return nil, fmt.Errorf("failed to generate state: %w", err) - } - - // Step 2: Start callback server - fmt.Println("\nStarting callback server...") - redirectURI, resultChan, err := c.startAuthCodeCallbackServer(ctx, state) - if err != nil { - return nil, fmt.Errorf("failed to start callback server: %w", err) - } - log.Debugf("Callback server started, redirect URI: %s", redirectURI) - - // Step 3: Register client with auth code grant type - fmt.Println("Registering client...") - regResp, err := c.RegisterClientForAuthCode(ctx, redirectURI) - if err != nil { - return nil, fmt.Errorf("failed to register client: %w", err) - } - log.Debugf("Client registered: %s", regResp.ClientID) - - // Step 4: Build authorization URL - scopes := "codewhisperer:completions,codewhisperer:analysis,codewhisperer:conversations" - authURL := fmt.Sprintf("%s/authorize?response_type=code&client_id=%s&redirect_uri=%s&scopes=%s&state=%s&code_challenge=%s&code_challenge_method=S256", - ssoOIDCEndpoint, - regResp.ClientID, - redirectURI, - scopes, - state, - codeChallenge, - ) - - // Step 5: Open browser - fmt.Println("\n════════════════════════════════════════════════════════════") - fmt.Println(" Opening browser for authentication...") - fmt.Println("════════════════════════════════════════════════════════════") - fmt.Printf("\n URL: %s\n\n", authURL) - - // Set incognito mode - if c.cfg != nil { - browser.SetIncognitoMode(c.cfg.IncognitoBrowser) - } else { - browser.SetIncognitoMode(true) - } - - if err := browser.OpenURL(authURL); err != nil { - log.Warnf("Could not open browser automatically: %v", err) - fmt.Println(" ⚠ Could not open browser automatically.") - fmt.Println(" Please open the URL above in your browser manually.") - } else { - fmt.Println(" (Browser opened automatically)") - } - - fmt.Println("\n Waiting for authorization callback...") - - // Step 6: Wait for callback - select { - case <-ctx.Done(): - browser.CloseBrowser() - return nil, ctx.Err() - case <-time.After(10 * time.Minute): - browser.CloseBrowser() - return nil, fmt.Errorf("authorization timed out") - case result := <-resultChan: - if result.Error != "" { - browser.CloseBrowser() - return nil, fmt.Errorf("authorization failed: %s", result.Error) - } - - fmt.Println("\n✓ Authorization received!") - - // Close browser - if err := browser.CloseBrowser(); err != nil { - log.Debugf("Failed to close browser: %v", err) - } - - // Step 7: Exchange code for tokens - fmt.Println("Exchanging code for tokens...") - tokenResp, err := c.CreateTokenWithAuthCode(ctx, regResp.ClientID, regResp.ClientSecret, result.Code, codeVerifier, redirectURI) - if err != nil { - return nil, fmt.Errorf("failed to exchange code for tokens: %w", err) - } - - fmt.Println("\n✓ Authentication successful!") - - // Step 8: Get profile ARN - fmt.Println("Fetching profile information...") - profileArn := c.fetchProfileArn(ctx, tokenResp.AccessToken) - - // Fetch user email (tries CodeWhisperer API first, then userinfo endpoint, then JWT parsing) - email := FetchUserEmailWithFallback(ctx, c.cfg, tokenResp.AccessToken) - if email != "" { - fmt.Printf(" Logged in as: %s\n", email) - } - - expiresAt := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second) - - return &KiroTokenData{ - AccessToken: tokenResp.AccessToken, - RefreshToken: tokenResp.RefreshToken, - ProfileArn: profileArn, - ExpiresAt: expiresAt.Format(time.RFC3339), - AuthMethod: "builder-id", - Provider: "AWS", - ClientID: regResp.ClientID, - ClientSecret: regResp.ClientSecret, - Email: email, - Region: defaultIDCRegion, - }, nil - } -} diff --git a/internal/auth/kiro/token.go b/internal/auth/kiro/token.go deleted file mode 100644 index 0484a2dc6d..0000000000 --- a/internal/auth/kiro/token.go +++ /dev/null @@ -1,89 +0,0 @@ -package kiro - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" -) - -// KiroTokenStorage holds the persistent token data for Kiro authentication. -type KiroTokenStorage struct { - // Type is the provider type for management UI recognition (must be "kiro") - Type string `json:"type"` - // AccessToken is the OAuth2 access token for API access - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens - RefreshToken string `json:"refresh_token"` - // ProfileArn is the AWS CodeWhisperer profile ARN - ProfileArn string `json:"profile_arn"` - // ExpiresAt is the timestamp when the token expires - ExpiresAt string `json:"expires_at"` - // AuthMethod indicates the authentication method used - AuthMethod string `json:"auth_method"` - // Provider indicates the OAuth provider - Provider string `json:"provider"` - // LastRefresh is the timestamp of the last token refresh - LastRefresh string `json:"last_refresh"` - // ClientID is the OAuth client ID (required for token refresh) - ClientID string `json:"client_id,omitempty"` - // ClientSecret is the OAuth client secret (required for token refresh) - ClientSecret string `json:"client_secret,omitempty"` - // Region is the AWS region - Region string `json:"region,omitempty"` - // StartURL is the AWS Identity Center start URL (for IDC auth) - StartURL string `json:"start_url,omitempty"` - // Email is the user's email address - Email string `json:"email,omitempty"` -} - -// SaveTokenToFile persists the token storage to the specified file path. -func (s *KiroTokenStorage) SaveTokenToFile(authFilePath string) error { - dir := filepath.Dir(authFilePath) - if err := os.MkdirAll(dir, 0700); err != nil { - return fmt.Errorf("failed to create directory: %w", err) - } - - data, err := json.MarshalIndent(s, "", " ") - if err != nil { - return fmt.Errorf("failed to marshal token storage: %w", err) - } - - if err := os.WriteFile(authFilePath, data, 0600); err != nil { - return fmt.Errorf("failed to write token file: %w", err) - } - - return nil -} - -// LoadFromFile loads token storage from the specified file path. -func LoadFromFile(authFilePath string) (*KiroTokenStorage, error) { - data, err := os.ReadFile(authFilePath) - if err != nil { - return nil, fmt.Errorf("failed to read token file: %w", err) - } - - var storage KiroTokenStorage - if err := json.Unmarshal(data, &storage); err != nil { - return nil, fmt.Errorf("failed to parse token file: %w", err) - } - - return &storage, nil -} - -// ToTokenData converts storage to KiroTokenData for API use. -func (s *KiroTokenStorage) ToTokenData() *KiroTokenData { - return &KiroTokenData{ - AccessToken: s.AccessToken, - RefreshToken: s.RefreshToken, - ProfileArn: s.ProfileArn, - ExpiresAt: s.ExpiresAt, - AuthMethod: s.AuthMethod, - Provider: s.Provider, - ClientID: s.ClientID, - ClientSecret: s.ClientSecret, - Region: s.Region, - StartURL: s.StartURL, - Email: s.Email, - } -} diff --git a/internal/auth/kiro/token_repository.go b/internal/auth/kiro/token_repository.go deleted file mode 100644 index 815f18270d..0000000000 --- a/internal/auth/kiro/token_repository.go +++ /dev/null @@ -1,274 +0,0 @@ -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io/fs" - "os" - "path/filepath" - "sort" - "strings" - "sync" - "time" - - log "github.com/sirupsen/logrus" -) - -// FileTokenRepository 实现 TokenRepository 接口,基于文件系统存储 -type FileTokenRepository struct { - mu sync.RWMutex - baseDir string -} - -// NewFileTokenRepository 创建一个新的文件 token 存储库 -func NewFileTokenRepository(baseDir string) *FileTokenRepository { - return &FileTokenRepository{ - baseDir: baseDir, - } -} - -// SetBaseDir 设置基础目录 -func (r *FileTokenRepository) SetBaseDir(dir string) { - r.mu.Lock() - r.baseDir = strings.TrimSpace(dir) - r.mu.Unlock() -} - -// FindOldestUnverified 查找需要刷新的 token(按最后验证时间排序) -func (r *FileTokenRepository) FindOldestUnverified(limit int) []*Token { - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - log.Debug("token repository: base directory not configured") - return nil - } - - var tokens []*Token - - err := filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return nil // 忽略错误,继续遍历 - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - - // 只处理 kiro 相关的 token 文件 - if !strings.HasPrefix(d.Name(), "kiro-") { - return nil - } - - token, err := r.readTokenFile(path) - if err != nil { - log.Debugf("token repository: failed to read token file %s: %v", path, err) - return nil - } - - if token != nil && token.RefreshToken != "" { - // 检查 token 是否需要刷新(过期前 5 分钟) - if token.ExpiresAt.IsZero() || time.Until(token.ExpiresAt) < 5*time.Minute { - tokens = append(tokens, token) - } - } - - return nil - }) - - if err != nil { - log.Warnf("token repository: error walking directory: %v", err) - } - - // 按最后验证时间排序(最旧的优先) - sort.Slice(tokens, func(i, j int) bool { - return tokens[i].LastVerified.Before(tokens[j].LastVerified) - }) - - // 限制返回数量 - if limit > 0 && len(tokens) > limit { - tokens = tokens[:limit] - } - - return tokens -} - -// UpdateToken 更新 token 并持久化到文件 -func (r *FileTokenRepository) UpdateToken(token *Token) error { - if token == nil { - return fmt.Errorf("token repository: token is nil") - } - - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - return fmt.Errorf("token repository: base directory not configured") - } - - // 构建文件路径 - filePath := filepath.Join(baseDir, token.ID) - if !strings.HasSuffix(filePath, ".json") { - filePath += ".json" - } - - // 读取现有文件内容 - existingData := make(map[string]any) - if data, err := os.ReadFile(filePath); err == nil { - _ = json.Unmarshal(data, &existingData) - } - - // 更新字段 - existingData["access_token"] = token.AccessToken - existingData["refresh_token"] = token.RefreshToken - existingData["last_refresh"] = time.Now().Format(time.RFC3339) - - if !token.ExpiresAt.IsZero() { - existingData["expires_at"] = token.ExpiresAt.Format(time.RFC3339) - } - - // 保持原有的关键字段 - if token.ClientID != "" { - existingData["client_id"] = token.ClientID - } - if token.ClientSecret != "" { - existingData["client_secret"] = token.ClientSecret - } - if token.AuthMethod != "" { - existingData["auth_method"] = token.AuthMethod - } - if token.Region != "" { - existingData["region"] = token.Region - } - if token.StartURL != "" { - existingData["start_url"] = token.StartURL - } - - // 序列化并写入文件 - raw, err := json.MarshalIndent(existingData, "", " ") - if err != nil { - return fmt.Errorf("token repository: marshal failed: %w", err) - } - - // 原子写入:先写入临时文件,再重命名 - tmpPath := filePath + ".tmp" - if err := os.WriteFile(tmpPath, raw, 0o600); err != nil { - return fmt.Errorf("token repository: write temp file failed: %w", err) - } - if err := os.Rename(tmpPath, filePath); err != nil { - _ = os.Remove(tmpPath) - return fmt.Errorf("token repository: rename failed: %w", err) - } - - log.Debugf("token repository: updated token %s", token.ID) - return nil -} - -// readTokenFile 从文件读取 token -func (r *FileTokenRepository) readTokenFile(path string) (*Token, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, err - } - - var metadata map[string]any - if err := json.Unmarshal(data, &metadata); err != nil { - return nil, err - } - - // 检查是否是 kiro token - tokenType, _ := metadata["type"].(string) - if tokenType != "kiro" { - return nil, nil - } - - // 检查 auth_method (case-insensitive comparison to handle "IdC", "IDC", "idc", etc.) - authMethod, _ := metadata["auth_method"].(string) - authMethod = strings.ToLower(authMethod) - if authMethod != "idc" && authMethod != "builder-id" { - return nil, nil // 只处理 IDC 和 Builder ID token - } - - token := &Token{ - ID: filepath.Base(path), - AuthMethod: authMethod, - } - - // 解析各字段 - if v, ok := metadata["access_token"].(string); ok { - token.AccessToken = v - } - if v, ok := metadata["refresh_token"].(string); ok { - token.RefreshToken = v - } - if v, ok := metadata["client_id"].(string); ok { - token.ClientID = v - } - if v, ok := metadata["client_secret"].(string); ok { - token.ClientSecret = v - } - if v, ok := metadata["region"].(string); ok { - token.Region = v - } - if v, ok := metadata["start_url"].(string); ok { - token.StartURL = v - } - if v, ok := metadata["provider"].(string); ok { - token.Provider = v - } - - // 解析时间字段 - if v, ok := metadata["expires_at"].(string); ok { - if t, err := time.Parse(time.RFC3339, v); err == nil { - token.ExpiresAt = t - } - } - if v, ok := metadata["last_refresh"].(string); ok { - if t, err := time.Parse(time.RFC3339, v); err == nil { - token.LastVerified = t - } - } - - return token, nil -} - -// ListKiroTokens 列出所有 Kiro token(用于调试) -func (r *FileTokenRepository) ListKiroTokens(ctx context.Context) ([]*Token, error) { - r.mu.RLock() - baseDir := r.baseDir - r.mu.RUnlock() - - if baseDir == "" { - return nil, fmt.Errorf("token repository: base directory not configured") - } - - var tokens []*Token - - err := filepath.WalkDir(baseDir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return nil - } - if d.IsDir() { - return nil - } - if !strings.HasPrefix(d.Name(), "kiro-") || !strings.HasSuffix(d.Name(), ".json") { - return nil - } - - token, err := r.readTokenFile(path) - if err != nil { - return nil - } - if token != nil { - tokens = append(tokens, token) - } - return nil - }) - - return tokens, err -} diff --git a/internal/auth/kiro/usage_checker.go b/internal/auth/kiro/usage_checker.go deleted file mode 100644 index c2a798a7d8..0000000000 --- a/internal/auth/kiro/usage_checker.go +++ /dev/null @@ -1,243 +0,0 @@ -// Package kiro provides authentication functionality for AWS CodeWhisperer (Kiro) API. -// This file implements usage quota checking and monitoring. -package kiro - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" -) - -// UsageQuotaResponse represents the API response structure for usage quota checking. -type UsageQuotaResponse struct { - UsageBreakdownList []UsageBreakdownExtended `json:"usageBreakdownList"` - SubscriptionInfo *SubscriptionInfo `json:"subscriptionInfo,omitempty"` - NextDateReset float64 `json:"nextDateReset,omitempty"` -} - -// UsageBreakdownExtended represents detailed usage information for quota checking. -// Note: UsageBreakdown is already defined in codewhisperer_client.go -type UsageBreakdownExtended struct { - ResourceType string `json:"resourceType"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` - FreeTrialInfo *FreeTrialInfoExtended `json:"freeTrialInfo,omitempty"` -} - -// FreeTrialInfoExtended represents free trial usage information. -type FreeTrialInfoExtended struct { - FreeTrialStatus string `json:"freeTrialStatus"` - UsageLimitWithPrecision float64 `json:"usageLimitWithPrecision"` - CurrentUsageWithPrecision float64 `json:"currentUsageWithPrecision"` -} - -// QuotaStatus represents the quota status for a token. -type QuotaStatus struct { - TotalLimit float64 - CurrentUsage float64 - RemainingQuota float64 - IsExhausted bool - ResourceType string - NextReset time.Time -} - -// UsageChecker provides methods for checking token quota usage. -type UsageChecker struct { - httpClient *http.Client - endpoint string -} - -// NewUsageChecker creates a new UsageChecker instance. -func NewUsageChecker(cfg *config.Config) *UsageChecker { - return &UsageChecker{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 30 * time.Second}), - endpoint: awsKiroEndpoint, - } -} - -// NewUsageCheckerWithClient creates a UsageChecker with a custom HTTP client. -func NewUsageCheckerWithClient(client *http.Client) *UsageChecker { - return &UsageChecker{ - httpClient: client, - endpoint: awsKiroEndpoint, - } -} - -// CheckUsage retrieves usage limits for the given token. -func (c *UsageChecker) CheckUsage(ctx context.Context, tokenData *KiroTokenData) (*UsageQuotaResponse, error) { - if tokenData == nil { - return nil, fmt.Errorf("token data is nil") - } - - if tokenData.AccessToken == "" { - return nil, fmt.Errorf("access token is empty") - } - - payload := map[string]interface{}{ - "origin": "AI_EDITOR", - "profileArn": tokenData.ProfileArn, - "resourceType": "AGENTIC_REQUEST", - } - - jsonBody, err := json.Marshal(payload) - if err != nil { - return nil, fmt.Errorf("failed to marshal request: %w", err) - } - - req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.endpoint, strings.NewReader(string(jsonBody))) - if err != nil { - return nil, fmt.Errorf("failed to create request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-amz-json-1.0") - req.Header.Set("x-amz-target", targetGetUsage) - req.Header.Set("Authorization", "Bearer "+tokenData.AccessToken) - req.Header.Set("Accept", "application/json") - - resp, err := c.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("request failed: %w", err) - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("API error (status %d): %s", resp.StatusCode, string(body)) - } - - var result UsageQuotaResponse - if err := json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse usage response: %w", err) - } - - return &result, nil -} - -// CheckUsageByAccessToken retrieves usage limits using an access token and profile ARN directly. -func (c *UsageChecker) CheckUsageByAccessToken(ctx context.Context, accessToken, profileArn string) (*UsageQuotaResponse, error) { - tokenData := &KiroTokenData{ - AccessToken: accessToken, - ProfileArn: profileArn, - } - return c.CheckUsage(ctx, tokenData) -} - -// GetRemainingQuota calculates the remaining quota from usage limits. -func GetRemainingQuota(usage *UsageQuotaResponse) float64 { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return 0 - } - - var totalRemaining float64 - for _, breakdown := range usage.UsageBreakdownList { - remaining := breakdown.UsageLimitWithPrecision - breakdown.CurrentUsageWithPrecision - if remaining > 0 { - totalRemaining += remaining - } - - if breakdown.FreeTrialInfo != nil { - freeRemaining := breakdown.FreeTrialInfo.UsageLimitWithPrecision - breakdown.FreeTrialInfo.CurrentUsageWithPrecision - if freeRemaining > 0 { - totalRemaining += freeRemaining - } - } - } - - return totalRemaining -} - -// IsQuotaExhausted checks if the quota is exhausted based on usage limits. -func IsQuotaExhausted(usage *UsageQuotaResponse) bool { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return true - } - - for _, breakdown := range usage.UsageBreakdownList { - if breakdown.CurrentUsageWithPrecision < breakdown.UsageLimitWithPrecision { - return false - } - - if breakdown.FreeTrialInfo != nil { - if breakdown.FreeTrialInfo.CurrentUsageWithPrecision < breakdown.FreeTrialInfo.UsageLimitWithPrecision { - return false - } - } - } - - return true -} - -// GetQuotaStatus retrieves a comprehensive quota status for a token. -func (c *UsageChecker) GetQuotaStatus(ctx context.Context, tokenData *KiroTokenData) (*QuotaStatus, error) { - usage, err := c.CheckUsage(ctx, tokenData) - if err != nil { - return nil, err - } - - status := &QuotaStatus{ - IsExhausted: IsQuotaExhausted(usage), - } - - if len(usage.UsageBreakdownList) > 0 { - breakdown := usage.UsageBreakdownList[0] - status.TotalLimit = breakdown.UsageLimitWithPrecision - status.CurrentUsage = breakdown.CurrentUsageWithPrecision - status.RemainingQuota = breakdown.UsageLimitWithPrecision - breakdown.CurrentUsageWithPrecision - status.ResourceType = breakdown.ResourceType - - if breakdown.FreeTrialInfo != nil { - status.TotalLimit += breakdown.FreeTrialInfo.UsageLimitWithPrecision - status.CurrentUsage += breakdown.FreeTrialInfo.CurrentUsageWithPrecision - freeRemaining := breakdown.FreeTrialInfo.UsageLimitWithPrecision - breakdown.FreeTrialInfo.CurrentUsageWithPrecision - if freeRemaining > 0 { - status.RemainingQuota += freeRemaining - } - } - } - - if usage.NextDateReset > 0 { - status.NextReset = time.Unix(int64(usage.NextDateReset/1000), 0) - } - - return status, nil -} - -// CalculateAvailableCount calculates the available request count based on usage limits. -func CalculateAvailableCount(usage *UsageQuotaResponse) float64 { - return GetRemainingQuota(usage) -} - -// GetUsagePercentage calculates the usage percentage. -func GetUsagePercentage(usage *UsageQuotaResponse) float64 { - if usage == nil || len(usage.UsageBreakdownList) == 0 { - return 100.0 - } - - var totalLimit, totalUsage float64 - for _, breakdown := range usage.UsageBreakdownList { - totalLimit += breakdown.UsageLimitWithPrecision - totalUsage += breakdown.CurrentUsageWithPrecision - - if breakdown.FreeTrialInfo != nil { - totalLimit += breakdown.FreeTrialInfo.UsageLimitWithPrecision - totalUsage += breakdown.FreeTrialInfo.CurrentUsageWithPrecision - } - } - - if totalLimit == 0 { - return 100.0 - } - - return (totalUsage / totalLimit) * 100 -} diff --git a/internal/auth/models.go b/internal/auth/models.go deleted file mode 100644 index 81a4aad2b2..0000000000 --- a/internal/auth/models.go +++ /dev/null @@ -1,17 +0,0 @@ -// Package auth provides authentication functionality for various AI service providers. -// It includes interfaces and implementations for token storage and authentication methods. -package auth - -// TokenStorage defines the interface for storing authentication tokens. -// Implementations of this interface should provide methods to persist -// authentication tokens to a file system location. -type TokenStorage interface { - // SaveTokenToFile persists authentication tokens to the specified file path. - // - // Parameters: - // - authFilePath: The file path where the authentication tokens should be saved - // - // Returns: - // - error: An error if the save operation fails, nil otherwise - SaveTokenToFile(authFilePath string) error -} diff --git a/internal/auth/qwen/qwen_auth.go b/internal/auth/qwen/qwen_auth.go deleted file mode 100644 index e587e22f7c..0000000000 --- a/internal/auth/qwen/qwen_auth.go +++ /dev/null @@ -1,359 +0,0 @@ -package qwen - -import ( - "context" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -const ( - // QwenOAuthDeviceCodeEndpoint is the URL for initiating the OAuth 2.0 device authorization flow. - QwenOAuthDeviceCodeEndpoint = "https://chat.qwen.ai/api/v1/oauth2/device/code" - // QwenOAuthTokenEndpoint is the URL for exchanging device codes or refresh tokens for access tokens. - QwenOAuthTokenEndpoint = "https://chat.qwen.ai/api/v1/oauth2/token" - // QwenOAuthClientID is the client identifier for the Qwen OAuth 2.0 application. - QwenOAuthClientID = "f0304373b74a44d2b584a3fb70ca9e56" - // QwenOAuthScope defines the permissions requested by the application. - QwenOAuthScope = "openid profile email model.completion" - // QwenOAuthGrantType specifies the grant type for the device code flow. - QwenOAuthGrantType = "urn:ietf:params:oauth:grant-type:device_code" -) - -// QwenTokenData represents the OAuth credentials, including access and refresh tokens. -type QwenTokenData struct { - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain a new access token when the current one expires. - RefreshToken string `json:"refresh_token,omitempty"` - // TokenType indicates the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ResourceURL specifies the base URL of the resource server. - ResourceURL string `json:"resource_url,omitempty"` - // Expire indicates the expiration date and time of the access token. - Expire string `json:"expiry_date,omitempty"` -} - -// DeviceFlow represents the response from the device authorization endpoint. -type DeviceFlow struct { - // DeviceCode is the code that the client uses to poll for an access token. - DeviceCode string `json:"device_code"` - // UserCode is the code that the user enters at the verification URI. - UserCode string `json:"user_code"` - // VerificationURI is the URL where the user can enter the user code to authorize the device. - VerificationURI string `json:"verification_uri"` - // VerificationURIComplete is a URI that includes the user_code, which can be used to automatically - // fill in the code on the verification page. - VerificationURIComplete string `json:"verification_uri_complete"` - // ExpiresIn is the time in seconds until the device_code and user_code expire. - ExpiresIn int `json:"expires_in"` - // Interval is the minimum time in seconds that the client should wait between polling requests. - Interval int `json:"interval"` - // CodeVerifier is the cryptographically random string used in the PKCE flow. - CodeVerifier string `json:"code_verifier"` -} - -// QwenTokenResponse represents the successful token response from the token endpoint. -type QwenTokenResponse struct { - // AccessToken is the token used to access protected resources. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain a new access token. - RefreshToken string `json:"refresh_token,omitempty"` - // TokenType indicates the type of token, typically "Bearer". - TokenType string `json:"token_type"` - // ResourceURL specifies the base URL of the resource server. - ResourceURL string `json:"resource_url,omitempty"` - // ExpiresIn is the time in seconds until the access token expires. - ExpiresIn int `json:"expires_in"` -} - -// QwenAuth manages authentication and token handling for the Qwen API. -type QwenAuth struct { - httpClient *http.Client -} - -// NewQwenAuth creates a new QwenAuth instance with a proxy-configured HTTP client. -func NewQwenAuth(cfg *config.Config) *QwenAuth { - return &QwenAuth{ - httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{}), - } -} - -// generateCodeVerifier generates a cryptographically random string for the PKCE code verifier. -func (qa *QwenAuth) generateCodeVerifier() (string, error) { - bytes := make([]byte, 32) - if _, err := rand.Read(bytes); err != nil { - return "", err - } - return base64.RawURLEncoding.EncodeToString(bytes), nil -} - -// generateCodeChallenge creates a SHA-256 hash of the code verifier, used as the PKCE code challenge. -func (qa *QwenAuth) generateCodeChallenge(codeVerifier string) string { - hash := sha256.Sum256([]byte(codeVerifier)) - return base64.RawURLEncoding.EncodeToString(hash[:]) -} - -// generatePKCEPair creates a new code verifier and its corresponding code challenge for PKCE. -func (qa *QwenAuth) generatePKCEPair() (string, string, error) { - codeVerifier, err := qa.generateCodeVerifier() - if err != nil { - return "", "", err - } - codeChallenge := qa.generateCodeChallenge(codeVerifier) - return codeVerifier, codeChallenge, nil -} - -// RefreshTokens exchanges a refresh token for a new access token. -func (qa *QwenAuth) RefreshTokens(ctx context.Context, refreshToken string) (*QwenTokenData, error) { - data := url.Values{} - data.Set("grant_type", "refresh_token") - data.Set("refresh_token", refreshToken) - data.Set("client_id", QwenOAuthClientID) - - req, err := http.NewRequestWithContext(ctx, "POST", QwenOAuthTokenEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - - // resp, err := qa.httpClient.PostForm(QwenOAuthTokenEndpoint, data) - if err != nil { - return nil, fmt.Errorf("token refresh request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %w", err) - } - - if resp.StatusCode != http.StatusOK { - var errorData map[string]interface{} - if err = json.Unmarshal(body, &errorData); err == nil { - return nil, fmt.Errorf("token refresh failed: %v - %v", errorData["error"], errorData["error_description"]) - } - return nil, fmt.Errorf("token refresh failed: %s", string(body)) - } - - var tokenData QwenTokenResponse - if err = json.Unmarshal(body, &tokenData); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - return &QwenTokenData{ - AccessToken: tokenData.AccessToken, - TokenType: tokenData.TokenType, - RefreshToken: tokenData.RefreshToken, - ResourceURL: tokenData.ResourceURL, - Expire: time.Now().Add(time.Duration(tokenData.ExpiresIn) * time.Second).Format(time.RFC3339), - }, nil -} - -// InitiateDeviceFlow starts the OAuth 2.0 device authorization flow and returns the device flow details. -func (qa *QwenAuth) InitiateDeviceFlow(ctx context.Context) (*DeviceFlow, error) { - // Generate PKCE code verifier and challenge - codeVerifier, codeChallenge, err := qa.generatePKCEPair() - if err != nil { - return nil, fmt.Errorf("failed to generate PKCE pair: %w", err) - } - - data := url.Values{} - data.Set("client_id", QwenOAuthClientID) - data.Set("scope", QwenOAuthScope) - data.Set("code_challenge", codeChallenge) - data.Set("code_challenge_method", "S256") - - req, err := http.NewRequestWithContext(ctx, "POST", QwenOAuthDeviceCodeEndpoint, strings.NewReader(data.Encode())) - if err != nil { - return nil, fmt.Errorf("failed to create token request: %w", err) - } - - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - req.Header.Set("Accept", "application/json") - - resp, err := qa.httpClient.Do(req) - - // resp, err := qa.httpClient.PostForm(QwenOAuthDeviceCodeEndpoint, data) - if err != nil { - return nil, fmt.Errorf("device authorization request failed: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("device authorization failed: %d %s. Response: %s", resp.StatusCode, resp.Status, string(body)) - } - - var result DeviceFlow - if err = json.Unmarshal(body, &result); err != nil { - return nil, fmt.Errorf("failed to parse device flow response: %w", err) - } - - // Check if the response indicates success - if result.DeviceCode == "" { - return nil, fmt.Errorf("device authorization failed: device_code not found in response") - } - - // Add the code_verifier to the result so it can be used later for polling - result.CodeVerifier = codeVerifier - - return &result, nil -} - -// PollForToken polls the token endpoint with the device code to obtain an access token. -func (qa *QwenAuth) PollForToken(deviceCode, codeVerifier string) (*QwenTokenData, error) { - pollInterval := 5 * time.Second - maxAttempts := 60 // 5 minutes max - - for attempt := 0; attempt < maxAttempts; attempt++ { - data := url.Values{} - data.Set("grant_type", QwenOAuthGrantType) - data.Set("client_id", QwenOAuthClientID) - data.Set("device_code", deviceCode) - data.Set("code_verifier", codeVerifier) - - resp, err := http.PostForm(QwenOAuthTokenEndpoint, data) - if err != nil { - fmt.Printf("Polling attempt %d/%d failed: %v\n", attempt+1, maxAttempts, err) - time.Sleep(pollInterval) - continue - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - fmt.Printf("Polling attempt %d/%d failed: %v\n", attempt+1, maxAttempts, err) - time.Sleep(pollInterval) - continue - } - - if resp.StatusCode != http.StatusOK { - // Parse the response as JSON to check for OAuth RFC 8628 standard errors - var errorData map[string]interface{} - if err = json.Unmarshal(body, &errorData); err == nil { - // According to OAuth RFC 8628, handle standard polling responses - if resp.StatusCode == http.StatusBadRequest { - errorType, _ := errorData["error"].(string) - switch errorType { - case "authorization_pending": - // User has not yet approved the authorization request. Continue polling. - fmt.Printf("Polling attempt %d/%d...\n\n", attempt+1, maxAttempts) - time.Sleep(pollInterval) - continue - case "slow_down": - // Client is polling too frequently. Increase poll interval. - pollInterval = time.Duration(float64(pollInterval) * 1.5) - if pollInterval > 10*time.Second { - pollInterval = 10 * time.Second - } - fmt.Printf("Server requested to slow down, increasing poll interval to %v\n\n", pollInterval) - time.Sleep(pollInterval) - continue - case "expired_token": - return nil, fmt.Errorf("device code expired. Please restart the authentication process") - case "access_denied": - return nil, fmt.Errorf("authorization denied by user. Please restart the authentication process") - } - } - - // For other errors, return with proper error information - errorType, _ := errorData["error"].(string) - errorDesc, _ := errorData["error_description"].(string) - return nil, fmt.Errorf("device token poll failed: %s - %s", errorType, errorDesc) - } - - // If JSON parsing fails, fall back to text response - return nil, fmt.Errorf("device token poll failed: %d %s. Response: %s", resp.StatusCode, resp.Status, string(body)) - } - // log.Debugf("%s", string(body)) - // Success - parse token data - var response QwenTokenResponse - if err = json.Unmarshal(body, &response); err != nil { - return nil, fmt.Errorf("failed to parse token response: %w", err) - } - - // Convert to QwenTokenData format and save - tokenData := &QwenTokenData{ - AccessToken: response.AccessToken, - RefreshToken: response.RefreshToken, - TokenType: response.TokenType, - ResourceURL: response.ResourceURL, - Expire: time.Now().Add(time.Duration(response.ExpiresIn) * time.Second).Format(time.RFC3339), - } - - return tokenData, nil - } - - return nil, fmt.Errorf("authentication timeout. Please restart the authentication process") -} - -// RefreshTokensWithRetry attempts to refresh tokens with a specified number of retries upon failure. -func (o *QwenAuth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*QwenTokenData, error) { - var lastErr error - - for attempt := 0; attempt < maxRetries; attempt++ { - if attempt > 0 { - // Wait before retry - select { - case <-ctx.Done(): - return nil, ctx.Err() - case <-time.After(time.Duration(attempt) * time.Second): - } - } - - tokenData, err := o.RefreshTokens(ctx, refreshToken) - if err == nil { - return tokenData, nil - } - - lastErr = err - log.Warnf("Token refresh attempt %d failed: %v", attempt+1, err) - } - - return nil, fmt.Errorf("token refresh failed after %d attempts: %w", maxRetries, lastErr) -} - -// CreateTokenStorage creates a QwenTokenStorage object from a QwenTokenData object. -func (o *QwenAuth) CreateTokenStorage(tokenData *QwenTokenData) *QwenTokenStorage { - storage := &QwenTokenStorage{ - AccessToken: tokenData.AccessToken, - RefreshToken: tokenData.RefreshToken, - LastRefresh: time.Now().Format(time.RFC3339), - ResourceURL: tokenData.ResourceURL, - Expire: tokenData.Expire, - } - - return storage -} - -// UpdateTokenStorage updates an existing token storage with new token data -func (o *QwenAuth) UpdateTokenStorage(storage *QwenTokenStorage, tokenData *QwenTokenData) { - storage.AccessToken = tokenData.AccessToken - storage.RefreshToken = tokenData.RefreshToken - storage.LastRefresh = time.Now().Format(time.RFC3339) - storage.ResourceURL = tokenData.ResourceURL - storage.Expire = tokenData.Expire -} diff --git a/internal/auth/qwen/qwen_token.go b/internal/auth/qwen/qwen_token.go deleted file mode 100644 index 2a2c350767..0000000000 --- a/internal/auth/qwen/qwen_token.go +++ /dev/null @@ -1,79 +0,0 @@ -// Package qwen provides authentication and token management functionality -// for Alibaba's Qwen AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Qwen API. -package qwen - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" -) - -// QwenTokenStorage stores OAuth2 token information for Alibaba Qwen API authentication. -// It maintains compatibility with the existing auth system while adding Qwen-specific fields -// for managing access tokens, refresh tokens, and user account information. -type QwenTokenStorage struct { - // AccessToken is the OAuth2 access token used for authenticating API requests. - AccessToken string `json:"access_token"` - // RefreshToken is used to obtain new access tokens when the current one expires. - RefreshToken string `json:"refresh_token"` - // LastRefresh is the timestamp of the last token refresh operation. - LastRefresh string `json:"last_refresh"` - // ResourceURL is the base URL for API requests. - ResourceURL string `json:"resource_url"` - // Email is the Qwen account email address associated with this token. - Email string `json:"email"` - // Type indicates the authentication provider type, always "qwen" for this storage. - Type string `json:"type"` - // Expire is the timestamp when the current access token expires. - Expire string `json:"expired"` - - // Metadata holds arbitrary key-value pairs injected via hooks. - // It is not exported to JSON directly to allow flattening during serialization. - Metadata map[string]any `json:"-"` -} - -// SetMetadata allows external callers to inject metadata into the storage before saving. -func (ts *QwenTokenStorage) SetMetadata(meta map[string]any) { - ts.Metadata = meta -} - -// SaveTokenToFile serializes the Qwen token storage to a JSON file. -// This method creates the necessary directory structure and writes the token -// data in JSON format to the specified file path for persistent storage. -// It merges any injected metadata into the top-level JSON object. -// -// Parameters: -// - authFilePath: The full path where the token file should be saved -// -// Returns: -// - error: An error if the operation fails, nil otherwise -func (ts *QwenTokenStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - ts.Type = "qwen" - if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil { - return fmt.Errorf("failed to create directory: %v", err) - } - - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("failed to create token file: %w", err) - } - defer func() { - _ = f.Close() - }() - - // Merge metadata using helper - data, errMerge := misc.MergeMetadata(ts, ts.Metadata) - if errMerge != nil { - return fmt.Errorf("failed to merge metadata: %w", errMerge) - } - - if err = json.NewEncoder(f).Encode(data); err != nil { - return fmt.Errorf("failed to write token to file: %w", err) - } - return nil -} diff --git a/internal/auth/vertex/keyutil.go b/internal/auth/vertex/keyutil.go deleted file mode 100644 index a10ade17e3..0000000000 --- a/internal/auth/vertex/keyutil.go +++ /dev/null @@ -1,208 +0,0 @@ -package vertex - -import ( - "crypto/rsa" - "crypto/x509" - "encoding/base64" - "encoding/json" - "encoding/pem" - "fmt" - "strings" -) - -// NormalizeServiceAccountJSON normalizes the given JSON-encoded service account payload. -// It returns the normalized JSON (with sanitized private_key) or, if normalization fails, -// the original bytes and the encountered error. -func NormalizeServiceAccountJSON(raw []byte) ([]byte, error) { - if len(raw) == 0 { - return raw, nil - } - var payload map[string]any - if err := json.Unmarshal(raw, &payload); err != nil { - return raw, err - } - normalized, err := NormalizeServiceAccountMap(payload) - if err != nil { - return raw, err - } - out, err := json.Marshal(normalized) - if err != nil { - return raw, err - } - return out, nil -} - -// NormalizeServiceAccountMap returns a copy of the given service account map with -// a sanitized private_key field that is guaranteed to contain a valid RSA PRIVATE KEY PEM block. -func NormalizeServiceAccountMap(sa map[string]any) (map[string]any, error) { - if sa == nil { - return nil, fmt.Errorf("service account payload is empty") - } - pk, _ := sa["private_key"].(string) - if strings.TrimSpace(pk) == "" { - return nil, fmt.Errorf("service account missing private_key") - } - normalized, err := sanitizePrivateKey(pk) - if err != nil { - return nil, err - } - clone := make(map[string]any, len(sa)) - for k, v := range sa { - clone[k] = v - } - clone["private_key"] = normalized - return clone, nil -} - -func sanitizePrivateKey(raw string) (string, error) { - pk := strings.ReplaceAll(raw, "\r\n", "\n") - pk = strings.ReplaceAll(pk, "\r", "\n") - pk = stripANSIEscape(pk) - pk = strings.ToValidUTF8(pk, "") - pk = strings.TrimSpace(pk) - - normalized := pk - if block, _ := pem.Decode([]byte(pk)); block == nil { - // Attempt to reconstruct from the textual payload. - if reconstructed, err := rebuildPEM(pk); err == nil { - normalized = reconstructed - } else { - return "", fmt.Errorf("private_key is not valid pem: %w", err) - } - } - - block, _ := pem.Decode([]byte(normalized)) - if block == nil { - return "", fmt.Errorf("private_key pem decode failed") - } - - rsaBlock, err := ensureRSAPrivateKey(block) - if err != nil { - return "", err - } - return string(pem.EncodeToMemory(rsaBlock)), nil -} - -func ensureRSAPrivateKey(block *pem.Block) (*pem.Block, error) { - if block == nil { - return nil, fmt.Errorf("pem block is nil") - } - - if block.Type == "RSA PRIVATE KEY" { - if _, err := x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { - return nil, fmt.Errorf("private_key invalid rsa: %w", err) - } - return block, nil - } - - if block.Type == "PRIVATE KEY" { - key, err := x509.ParsePKCS8PrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("private_key invalid pkcs8: %w", err) - } - rsaKey, ok := key.(*rsa.PrivateKey) - if !ok { - return nil, fmt.Errorf("private_key is not an RSA key") - } - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - - // Attempt auto-detection: try PKCS#1 first, then PKCS#8. - if rsaKey, err := x509.ParsePKCS1PrivateKey(block.Bytes); err == nil { - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - if key, err := x509.ParsePKCS8PrivateKey(block.Bytes); err == nil { - if rsaKey, ok := key.(*rsa.PrivateKey); ok { - der := x509.MarshalPKCS1PrivateKey(rsaKey) - return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: der}, nil - } - } - return nil, fmt.Errorf("private_key uses unsupported format") -} - -func rebuildPEM(raw string) (string, error) { - kind := "PRIVATE KEY" - if strings.Contains(raw, "RSA PRIVATE KEY") { - kind = "RSA PRIVATE KEY" - } - header := "-----BEGIN " + kind + "-----" - footer := "-----END " + kind + "-----" - start := strings.Index(raw, header) - end := strings.Index(raw, footer) - if start < 0 || end <= start { - return "", fmt.Errorf("missing pem markers") - } - body := raw[start+len(header) : end] - payload := filterBase64(body) - if payload == "" { - return "", fmt.Errorf("private_key base64 payload empty") - } - der, err := base64.StdEncoding.DecodeString(payload) - if err != nil { - return "", fmt.Errorf("private_key base64 decode failed: %w", err) - } - block := &pem.Block{Type: kind, Bytes: der} - return string(pem.EncodeToMemory(block)), nil -} - -func filterBase64(s string) string { - var b strings.Builder - for _, r := range s { - switch { - case r >= 'A' && r <= 'Z': - b.WriteRune(r) - case r >= 'a' && r <= 'z': - b.WriteRune(r) - case r >= '0' && r <= '9': - b.WriteRune(r) - case r == '+' || r == '/' || r == '=': - b.WriteRune(r) - default: - // skip - } - } - return b.String() -} - -func stripANSIEscape(s string) string { - in := []rune(s) - var out []rune - for i := 0; i < len(in); i++ { - r := in[i] - if r != 0x1b { - out = append(out, r) - continue - } - if i+1 >= len(in) { - continue - } - next := in[i+1] - switch next { - case ']': - i += 2 - for i < len(in) { - if in[i] == 0x07 { - break - } - if in[i] == 0x1b && i+1 < len(in) && in[i+1] == '\\' { - i++ - break - } - i++ - } - case '[': - i += 2 - for i < len(in) { - if (in[i] >= 'A' && in[i] <= 'Z') || (in[i] >= 'a' && in[i] <= 'z') { - break - } - i++ - } - default: - // skip single ESC - } - } - return string(out) -} diff --git a/internal/auth/vertex/vertex_credentials.go b/internal/auth/vertex/vertex_credentials.go deleted file mode 100644 index a0fb3085cd..0000000000 --- a/internal/auth/vertex/vertex_credentials.go +++ /dev/null @@ -1,66 +0,0 @@ -// Package vertex provides token storage for Google Vertex AI Gemini via service account credentials. -// It serialises service account JSON into an auth file that is consumed by the runtime executor. -package vertex - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// VertexCredentialStorage stores the service account JSON for Vertex AI access. -// The content is persisted verbatim under the "service_account" key, together with -// helper fields for project, location and email to improve logging and discovery. -type VertexCredentialStorage struct { - // ServiceAccount holds the parsed service account JSON content. - ServiceAccount map[string]any `json:"service_account"` - - // ProjectID is derived from the service account JSON (project_id). - ProjectID string `json:"project_id"` - - // Email is the client_email from the service account JSON. - Email string `json:"email"` - - // Location optionally sets a default region (e.g., us-central1) for Vertex endpoints. - Location string `json:"location,omitempty"` - - // Type is the provider identifier stored alongside credentials. Always "vertex". - Type string `json:"type"` -} - -// SaveTokenToFile writes the credential payload to the given file path in JSON format. -// It ensures the parent directory exists and logs the operation for transparency. -func (s *VertexCredentialStorage) SaveTokenToFile(authFilePath string) error { - misc.LogSavingCredentials(authFilePath) - if s == nil { - return fmt.Errorf("vertex credential: storage is nil") - } - if s.ServiceAccount == nil { - return fmt.Errorf("vertex credential: service account content is empty") - } - // Ensure we tag the file with the provider type. - s.Type = "vertex" - - if err := os.MkdirAll(filepath.Dir(authFilePath), 0o700); err != nil { - return fmt.Errorf("vertex credential: create directory failed: %w", err) - } - f, err := os.Create(authFilePath) - if err != nil { - return fmt.Errorf("vertex credential: create file failed: %w", err) - } - defer func() { - if errClose := f.Close(); errClose != nil { - log.Errorf("vertex credential: failed to close file: %v", errClose) - } - }() - enc := json.NewEncoder(f) - enc.SetIndent("", " ") - if err = enc.Encode(s); err != nil { - return fmt.Errorf("vertex credential: encode failed: %w", err) - } - return nil -} diff --git a/internal/browser/browser.go b/internal/browser/browser.go deleted file mode 100644 index 3a5aeea7e2..0000000000 --- a/internal/browser/browser.go +++ /dev/null @@ -1,548 +0,0 @@ -// Package browser provides cross-platform functionality for opening URLs in the default web browser. -// It abstracts the underlying operating system commands and provides a simple interface. -package browser - -import ( - "fmt" - "os/exec" - "runtime" - "strings" - "sync" - - pkgbrowser "github.com/pkg/browser" - log "github.com/sirupsen/logrus" -) - -// incognitoMode controls whether to open URLs in incognito/private mode. -// This is useful for OAuth flows where you want to use a different account. -var incognitoMode bool - -// lastBrowserProcess stores the last opened browser process for cleanup -var lastBrowserProcess *exec.Cmd -var browserMutex sync.Mutex - -// SetIncognitoMode enables or disables incognito/private browsing mode. -func SetIncognitoMode(enabled bool) { - incognitoMode = enabled -} - -// IsIncognitoMode returns whether incognito mode is enabled. -func IsIncognitoMode() bool { - return incognitoMode -} - -// CloseBrowser closes the last opened browser process. -func CloseBrowser() error { - browserMutex.Lock() - defer browserMutex.Unlock() - - if lastBrowserProcess == nil || lastBrowserProcess.Process == nil { - return nil - } - - err := lastBrowserProcess.Process.Kill() - lastBrowserProcess = nil - return err -} - -// OpenURL opens the specified URL in the default web browser. -// It uses the pkg/browser library which provides robust cross-platform support -// for Windows, macOS, and Linux. -// If incognito mode is enabled, it will open in a private/incognito window. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func OpenURL(url string) error { - log.Debugf("Opening URL in browser: %s (incognito=%v)", url, incognitoMode) - - // If incognito mode is enabled, use platform-specific incognito commands - if incognitoMode { - log.Debug("Using incognito mode") - return openURLIncognito(url) - } - - // Use pkg/browser for cross-platform support - err := pkgbrowser.OpenURL(url) - if err == nil { - log.Debug("Successfully opened URL using pkg/browser library") - return nil - } - - log.Debugf("pkg/browser failed: %v, trying platform-specific commands", err) - - // Fallback to platform-specific commands - return openURLPlatformSpecific(url) -} - -// openURLPlatformSpecific is a helper function that opens a URL using OS-specific commands. -// This serves as a fallback mechanism for OpenURL. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func openURLPlatformSpecific(url string) error { - var cmd *exec.Cmd - - switch runtime.GOOS { - case "darwin": // macOS - cmd = exec.Command("open", url) - case "windows": - cmd = exec.Command("rundll32", "url.dll,FileProtocolHandler", url) - case "linux": - // Try common Linux browsers in order of preference - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - cmd = exec.Command(browser, url) - break - } - } - if cmd == nil { - return fmt.Errorf("no suitable browser found on Linux system") - } - default: - return fmt.Errorf("unsupported operating system: %s", runtime.GOOS) - } - - log.Debugf("Running command: %s %v", cmd.Path, cmd.Args[1:]) - err := cmd.Start() - if err != nil { - return fmt.Errorf("failed to start browser command: %w", err) - } - - log.Debug("Successfully opened URL using platform-specific command") - return nil -} - -// openURLIncognito opens a URL in incognito/private browsing mode. -// It first tries to detect the default browser and use its incognito flag. -// Falls back to a chain of known browsers if detection fails. -// -// Parameters: -// - url: The URL to open. -// -// Returns: -// - An error if the URL cannot be opened, otherwise nil. -func openURLIncognito(url string) error { - // First, try to detect and use the default browser - if cmd := tryDefaultBrowserIncognito(url); cmd != nil { - log.Debugf("Using detected default browser: %s %v", cmd.Path, cmd.Args[1:]) - if err := cmd.Start(); err == nil { - storeBrowserProcess(cmd) - log.Debug("Successfully opened URL in default browser's incognito mode") - return nil - } - log.Debugf("Failed to start default browser, trying fallback chain") - } - - // Fallback to known browser chain - cmd := tryFallbackBrowsersIncognito(url) - if cmd == nil { - log.Warn("No browser with incognito support found, falling back to normal mode") - return openURLPlatformSpecific(url) - } - - log.Debugf("Running incognito command: %s %v", cmd.Path, cmd.Args[1:]) - err := cmd.Start() - if err != nil { - log.Warnf("Failed to open incognito browser: %v, falling back to normal mode", err) - return openURLPlatformSpecific(url) - } - - storeBrowserProcess(cmd) - log.Debug("Successfully opened URL in incognito/private mode") - return nil -} - -// storeBrowserProcess safely stores the browser process for later cleanup. -func storeBrowserProcess(cmd *exec.Cmd) { - browserMutex.Lock() - lastBrowserProcess = cmd - browserMutex.Unlock() -} - -// tryDefaultBrowserIncognito attempts to detect the default browser and return -// an exec.Cmd configured with the appropriate incognito flag. -func tryDefaultBrowserIncognito(url string) *exec.Cmd { - switch runtime.GOOS { - case "darwin": - return tryDefaultBrowserMacOS(url) - case "windows": - return tryDefaultBrowserWindows(url) - case "linux": - return tryDefaultBrowserLinux(url) - } - return nil -} - -// tryDefaultBrowserMacOS detects the default browser on macOS. -func tryDefaultBrowserMacOS(url string) *exec.Cmd { - // Try to get default browser from Launch Services - out, err := exec.Command("defaults", "read", "com.apple.LaunchServices/com.apple.launchservices.secure", "LSHandlers").Output() - if err != nil { - return nil - } - - output := string(out) - var browserName string - - // Parse the output to find the http/https handler - if containsBrowserID(output, "com.google.chrome") { - browserName = "chrome" - } else if containsBrowserID(output, "org.mozilla.firefox") { - browserName = "firefox" - } else if containsBrowserID(output, "com.apple.safari") { - browserName = "safari" - } else if containsBrowserID(output, "com.brave.browser") { - browserName = "brave" - } else if containsBrowserID(output, "com.microsoft.edgemac") { - browserName = "edge" - } - - return createMacOSIncognitoCmd(browserName, url) -} - -// containsBrowserID checks if the LaunchServices output contains a browser ID. -func containsBrowserID(output, bundleID string) bool { - return strings.Contains(output, bundleID) -} - -// createMacOSIncognitoCmd creates the appropriate incognito command for macOS browsers. -func createMacOSIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - // Try direct path first - chromePath := "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - if _, err := exec.LookPath(chromePath); err == nil { - return exec.Command(chromePath, "--incognito", url) - } - return exec.Command("open", "-na", "Google Chrome", "--args", "--incognito", url) - case "firefox": - return exec.Command("open", "-na", "Firefox", "--args", "--private-window", url) - case "safari": - // Safari doesn't have CLI incognito, try AppleScript - return tryAppleScriptSafariPrivate(url) - case "brave": - return exec.Command("open", "-na", "Brave Browser", "--args", "--incognito", url) - case "edge": - return exec.Command("open", "-na", "Microsoft Edge", "--args", "--inprivate", url) - } - return nil -} - -// tryAppleScriptSafariPrivate attempts to open Safari in private browsing mode using AppleScript. -func tryAppleScriptSafariPrivate(url string) *exec.Cmd { - // AppleScript to open a new private window in Safari - script := fmt.Sprintf(` - tell application "Safari" - activate - tell application "System Events" - keystroke "n" using {command down, shift down} - delay 0.5 - end tell - set URL of document 1 to "%s" - end tell - `, url) - - cmd := exec.Command("osascript", "-e", script) - // Test if this approach works by checking if Safari is available - if _, err := exec.LookPath("/Applications/Safari.app/Contents/MacOS/Safari"); err != nil { - log.Debug("Safari not found, AppleScript private window not available") - return nil - } - log.Debug("Attempting Safari private window via AppleScript") - return cmd -} - -// tryDefaultBrowserWindows detects the default browser on Windows via registry. -func tryDefaultBrowserWindows(url string) *exec.Cmd { - // Query registry for default browser - out, err := exec.Command("reg", "query", - `HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice`, - "/v", "ProgId").Output() - if err != nil { - return nil - } - - output := string(out) - var browserName string - - // Map ProgId to browser name - if strings.Contains(output, "ChromeHTML") { - browserName = "chrome" - } else if strings.Contains(output, "FirefoxURL") { - browserName = "firefox" - } else if strings.Contains(output, "MSEdgeHTM") { - browserName = "edge" - } else if strings.Contains(output, "BraveHTML") { - browserName = "brave" - } - - return createWindowsIncognitoCmd(browserName, url) -} - -// createWindowsIncognitoCmd creates the appropriate incognito command for Windows browsers. -func createWindowsIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - paths := []string{ - "chrome", - `C:\Program Files\Google\Chrome\Application\chrome.exe`, - `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - case "firefox": - if path, err := exec.LookPath("firefox"); err == nil { - return exec.Command(path, "--private-window", url) - } - case "edge": - paths := []string{ - "msedge", - `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`, - `C:\Program Files\Microsoft\Edge\Application\msedge.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--inprivate", url) - } - } - case "brave": - paths := []string{ - `C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe`, - `C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe`, - } - for _, p := range paths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - } - return nil -} - -// tryDefaultBrowserLinux detects the default browser on Linux using xdg-settings. -func tryDefaultBrowserLinux(url string) *exec.Cmd { - out, err := exec.Command("xdg-settings", "get", "default-web-browser").Output() - if err != nil { - return nil - } - - desktop := string(out) - var browserName string - - // Map .desktop file to browser name - if strings.Contains(desktop, "google-chrome") || strings.Contains(desktop, "chrome") { - browserName = "chrome" - } else if strings.Contains(desktop, "firefox") { - browserName = "firefox" - } else if strings.Contains(desktop, "chromium") { - browserName = "chromium" - } else if strings.Contains(desktop, "brave") { - browserName = "brave" - } else if strings.Contains(desktop, "microsoft-edge") || strings.Contains(desktop, "msedge") { - browserName = "edge" - } - - return createLinuxIncognitoCmd(browserName, url) -} - -// createLinuxIncognitoCmd creates the appropriate incognito command for Linux browsers. -func createLinuxIncognitoCmd(browserName, url string) *exec.Cmd { - switch browserName { - case "chrome": - paths := []string{"google-chrome", "google-chrome-stable"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--incognito", url) - } - } - case "firefox": - paths := []string{"firefox", "firefox-esr"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--private-window", url) - } - } - case "chromium": - paths := []string{"chromium", "chromium-browser"} - for _, p := range paths { - if path, err := exec.LookPath(p); err == nil { - return exec.Command(path, "--incognito", url) - } - } - case "brave": - if path, err := exec.LookPath("brave-browser"); err == nil { - return exec.Command(path, "--incognito", url) - } - case "edge": - if path, err := exec.LookPath("microsoft-edge"); err == nil { - return exec.Command(path, "--inprivate", url) - } - } - return nil -} - -// tryFallbackBrowsersIncognito tries a chain of known browsers as fallback. -func tryFallbackBrowsersIncognito(url string) *exec.Cmd { - switch runtime.GOOS { - case "darwin": - return tryFallbackBrowsersMacOS(url) - case "windows": - return tryFallbackBrowsersWindows(url) - case "linux": - return tryFallbackBrowsersLinuxChain(url) - } - return nil -} - -// tryFallbackBrowsersMacOS tries known browsers on macOS. -func tryFallbackBrowsersMacOS(url string) *exec.Cmd { - // Try Chrome - chromePath := "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" - if _, err := exec.LookPath(chromePath); err == nil { - return exec.Command(chromePath, "--incognito", url) - } - // Try Firefox - if _, err := exec.LookPath("/Applications/Firefox.app/Contents/MacOS/firefox"); err == nil { - return exec.Command("open", "-na", "Firefox", "--args", "--private-window", url) - } - // Try Brave - if _, err := exec.LookPath("/Applications/Brave Browser.app/Contents/MacOS/Brave Browser"); err == nil { - return exec.Command("open", "-na", "Brave Browser", "--args", "--incognito", url) - } - // Try Edge - if _, err := exec.LookPath("/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge"); err == nil { - return exec.Command("open", "-na", "Microsoft Edge", "--args", "--inprivate", url) - } - // Last resort: try Safari with AppleScript - if cmd := tryAppleScriptSafariPrivate(url); cmd != nil { - log.Info("Using Safari with AppleScript for private browsing (may require accessibility permissions)") - return cmd - } - return nil -} - -// tryFallbackBrowsersWindows tries known browsers on Windows. -func tryFallbackBrowsersWindows(url string) *exec.Cmd { - // Chrome - chromePaths := []string{ - "chrome", - `C:\Program Files\Google\Chrome\Application\chrome.exe`, - `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe`, - } - for _, p := range chromePaths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--incognito", url) - } - } - // Firefox - if path, err := exec.LookPath("firefox"); err == nil { - return exec.Command(path, "--private-window", url) - } - // Edge (usually available on Windows 10+) - edgePaths := []string{ - "msedge", - `C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe`, - `C:\Program Files\Microsoft\Edge\Application\msedge.exe`, - } - for _, p := range edgePaths { - if _, err := exec.LookPath(p); err == nil { - return exec.Command(p, "--inprivate", url) - } - } - return nil -} - -// tryFallbackBrowsersLinuxChain tries known browsers on Linux. -func tryFallbackBrowsersLinuxChain(url string) *exec.Cmd { - type browserConfig struct { - name string - flag string - } - browsers := []browserConfig{ - {"google-chrome", "--incognito"}, - {"google-chrome-stable", "--incognito"}, - {"chromium", "--incognito"}, - {"chromium-browser", "--incognito"}, - {"firefox", "--private-window"}, - {"firefox-esr", "--private-window"}, - {"brave-browser", "--incognito"}, - {"microsoft-edge", "--inprivate"}, - } - for _, b := range browsers { - if path, err := exec.LookPath(b.name); err == nil { - return exec.Command(path, b.flag, url) - } - } - return nil -} - -// IsAvailable checks if the system has a command available to open a web browser. -// It verifies the presence of necessary commands for the current operating system. -// -// Returns: -// - true if a browser can be opened, false otherwise. -func IsAvailable() bool { - // Check platform-specific commands - switch runtime.GOOS { - case "darwin": - _, err := exec.LookPath("open") - return err == nil - case "windows": - _, err := exec.LookPath("rundll32") - return err == nil - case "linux": - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - return true - } - } - return false - default: - return false - } -} - -// GetPlatformInfo returns a map containing details about the current platform's -// browser opening capabilities, including the OS, architecture, and available commands. -// -// Returns: -// - A map with platform-specific browser support information. -func GetPlatformInfo() map[string]interface{} { - info := map[string]interface{}{ - "os": runtime.GOOS, - "arch": runtime.GOARCH, - "available": IsAvailable(), - } - - switch runtime.GOOS { - case "darwin": - info["default_command"] = "open" - case "windows": - info["default_command"] = "rundll32" - case "linux": - browsers := []string{"xdg-open", "x-www-browser", "www-browser", "firefox", "chromium", "google-chrome"} - var availableBrowsers []string - for _, browser := range browsers { - if _, err := exec.LookPath(browser); err == nil { - availableBrowsers = append(availableBrowsers, browser) - } - } - info["available_browsers"] = availableBrowsers - if len(availableBrowsers) > 0 { - info["default_command"] = availableBrowsers[0] - } - } - - return info -} diff --git a/internal/buildinfo/buildinfo.go b/internal/buildinfo/buildinfo.go deleted file mode 100644 index 0bdfaf8b8d..0000000000 --- a/internal/buildinfo/buildinfo.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package buildinfo exposes compile-time metadata shared across the server. -package buildinfo - -// The following variables are overridden via ldflags during release builds. -// Defaults cover local development builds. -var ( - // Version is the semantic version or git describe output of the binary. - Version = "dev" - - // Commit is the git commit SHA baked into the binary. - Commit = "none" - - // BuildDate records when the binary was built in UTC. - BuildDate = "unknown" -) diff --git a/internal/cache/signature_cache.go b/internal/cache/signature_cache.go deleted file mode 100644 index af5371bfbc..0000000000 --- a/internal/cache/signature_cache.go +++ /dev/null @@ -1,195 +0,0 @@ -package cache - -import ( - "crypto/sha256" - "encoding/hex" - "strings" - "sync" - "time" -) - -// SignatureEntry holds a cached thinking signature with timestamp -type SignatureEntry struct { - Signature string - Timestamp time.Time -} - -const ( - // SignatureCacheTTL is how long signatures are valid - SignatureCacheTTL = 3 * time.Hour - - // SignatureTextHashLen is the length of the hash key (16 hex chars = 64-bit key space) - SignatureTextHashLen = 16 - - // MinValidSignatureLen is the minimum length for a signature to be considered valid - MinValidSignatureLen = 50 - - // CacheCleanupInterval controls how often stale entries are purged - CacheCleanupInterval = 10 * time.Minute -) - -// signatureCache stores signatures by model group -> textHash -> SignatureEntry -var signatureCache sync.Map - -// cacheCleanupOnce ensures the background cleanup goroutine starts only once -var cacheCleanupOnce sync.Once - -// groupCache is the inner map type -type groupCache struct { - mu sync.RWMutex - entries map[string]SignatureEntry -} - -// hashText creates a stable, Unicode-safe key from text content -func hashText(text string) string { - h := sha256.Sum256([]byte(text)) - return hex.EncodeToString(h[:])[:SignatureTextHashLen] -} - -// getOrCreateGroupCache gets or creates a cache bucket for a model group -func getOrCreateGroupCache(groupKey string) *groupCache { - // Start background cleanup on first access - cacheCleanupOnce.Do(startCacheCleanup) - - if val, ok := signatureCache.Load(groupKey); ok { - return val.(*groupCache) - } - sc := &groupCache{entries: make(map[string]SignatureEntry)} - actual, _ := signatureCache.LoadOrStore(groupKey, sc) - return actual.(*groupCache) -} - -// startCacheCleanup launches a background goroutine that periodically -// removes caches where all entries have expired. -func startCacheCleanup() { - go func() { - ticker := time.NewTicker(CacheCleanupInterval) - defer ticker.Stop() - for range ticker.C { - purgeExpiredCaches() - } - }() -} - -// purgeExpiredCaches removes caches with no valid (non-expired) entries. -func purgeExpiredCaches() { - now := time.Now() - signatureCache.Range(func(key, value any) bool { - sc := value.(*groupCache) - sc.mu.Lock() - // Remove expired entries - for k, entry := range sc.entries { - if now.Sub(entry.Timestamp) > SignatureCacheTTL { - delete(sc.entries, k) - } - } - isEmpty := len(sc.entries) == 0 - sc.mu.Unlock() - // Remove cache bucket if empty - if isEmpty { - signatureCache.Delete(key) - } - return true - }) -} - -// CacheSignature stores a thinking signature for a given model group and text. -// Used for Claude models that require signed thinking blocks in multi-turn conversations. -func CacheSignature(modelName, text, signature string) { - if text == "" || signature == "" { - return - } - if len(signature) < MinValidSignatureLen { - return - } - - groupKey := GetModelGroup(modelName) - textHash := hashText(text) - sc := getOrCreateGroupCache(groupKey) - sc.mu.Lock() - defer sc.mu.Unlock() - - sc.entries[textHash] = SignatureEntry{ - Signature: signature, - Timestamp: time.Now(), - } -} - -// GetCachedSignature retrieves a cached signature for a given model group and text. -// Returns empty string if not found or expired. -func GetCachedSignature(modelName, text string) string { - groupKey := GetModelGroup(modelName) - - if text == "" { - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - val, ok := signatureCache.Load(groupKey) - if !ok { - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - sc := val.(*groupCache) - - textHash := hashText(text) - - now := time.Now() - - sc.mu.Lock() - entry, exists := sc.entries[textHash] - if !exists { - sc.mu.Unlock() - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - if now.Sub(entry.Timestamp) > SignatureCacheTTL { - delete(sc.entries, textHash) - sc.mu.Unlock() - if groupKey == "gemini" { - return "skip_thought_signature_validator" - } - return "" - } - - // Refresh TTL on access (sliding expiration). - entry.Timestamp = now - sc.entries[textHash] = entry - sc.mu.Unlock() - - return entry.Signature -} - -// ClearSignatureCache clears signature cache for a specific model group or all groups. -func ClearSignatureCache(modelName string) { - if modelName == "" { - signatureCache.Range(func(key, _ any) bool { - signatureCache.Delete(key) - return true - }) - return - } - groupKey := GetModelGroup(modelName) - signatureCache.Delete(groupKey) -} - -// HasValidSignature checks if a signature is valid (non-empty and long enough) -func HasValidSignature(modelName, signature string) bool { - return (signature != "" && len(signature) >= MinValidSignatureLen) || (signature == "skip_thought_signature_validator" && GetModelGroup(modelName) == "gemini") -} - -func GetModelGroup(modelName string) string { - if strings.Contains(modelName, "gpt") { - return "gpt" - } else if strings.Contains(modelName, "claude") { - return "claude" - } else if strings.Contains(modelName, "gemini") { - return "gemini" - } - return modelName -} diff --git a/internal/cache/signature_cache_test.go b/internal/cache/signature_cache_test.go deleted file mode 100644 index 8340815934..0000000000 --- a/internal/cache/signature_cache_test.go +++ /dev/null @@ -1,210 +0,0 @@ -package cache - -import ( - "testing" - "time" -) - -const testModelName = "claude-sonnet-4-5" - -func TestCacheSignature_BasicStorageAndRetrieval(t *testing.T) { - ClearSignatureCache("") - - text := "This is some thinking text content" - signature := "abc123validSignature1234567890123456789012345678901234567890" - - // Store signature - CacheSignature(testModelName, text, signature) - - // Retrieve signature - retrieved := GetCachedSignature(testModelName, text) - if retrieved != signature { - t.Errorf("Expected signature '%s', got '%s'", signature, retrieved) - } -} - -func TestCacheSignature_DifferentModelGroups(t *testing.T) { - ClearSignatureCache("") - - text := "Same text across models" - sig1 := "signature1_1234567890123456789012345678901234567890123456" - sig2 := "signature2_1234567890123456789012345678901234567890123456" - - geminiModel := "gemini-3-pro-preview" - CacheSignature(testModelName, text, sig1) - CacheSignature(geminiModel, text, sig2) - - if GetCachedSignature(testModelName, text) != sig1 { - t.Error("Claude signature mismatch") - } - if GetCachedSignature(geminiModel, text) != sig2 { - t.Error("Gemini signature mismatch") - } -} - -func TestCacheSignature_NotFound(t *testing.T) { - ClearSignatureCache("") - - // Non-existent session - if got := GetCachedSignature(testModelName, "some text"); got != "" { - t.Errorf("Expected empty string for nonexistent session, got '%s'", got) - } - - // Existing session but different text - CacheSignature(testModelName, "text-a", "sigA12345678901234567890123456789012345678901234567890") - if got := GetCachedSignature(testModelName, "text-b"); got != "" { - t.Errorf("Expected empty string for different text, got '%s'", got) - } -} - -func TestCacheSignature_EmptyInputs(t *testing.T) { - ClearSignatureCache("") - - // All empty/invalid inputs should be no-ops - CacheSignature(testModelName, "", "sig12345678901234567890123456789012345678901234567890") - CacheSignature(testModelName, "text", "") - CacheSignature(testModelName, "text", "short") // Too short - - if got := GetCachedSignature(testModelName, "text"); got != "" { - t.Errorf("Expected empty after invalid cache attempts, got '%s'", got) - } -} - -func TestCacheSignature_ShortSignatureRejected(t *testing.T) { - ClearSignatureCache("") - - text := "Some text" - shortSig := "abc123" // Less than 50 chars - - CacheSignature(testModelName, text, shortSig) - - if got := GetCachedSignature(testModelName, text); got != "" { - t.Errorf("Short signature should be rejected, got '%s'", got) - } -} - -func TestClearSignatureCache_ModelGroup(t *testing.T) { - ClearSignatureCache("") - - sig := "validSig1234567890123456789012345678901234567890123456" - CacheSignature(testModelName, "text", sig) - CacheSignature(testModelName, "text-2", sig) - - ClearSignatureCache("session-1") - - if got := GetCachedSignature(testModelName, "text"); got != sig { - t.Error("signature should remain when clearing unknown session") - } -} - -func TestClearSignatureCache_AllSessions(t *testing.T) { - ClearSignatureCache("") - - sig := "validSig1234567890123456789012345678901234567890123456" - CacheSignature(testModelName, "text", sig) - CacheSignature(testModelName, "text-2", sig) - - ClearSignatureCache("") - - if got := GetCachedSignature(testModelName, "text"); got != "" { - t.Error("text should be cleared") - } - if got := GetCachedSignature(testModelName, "text-2"); got != "" { - t.Error("text-2 should be cleared") - } -} - -func TestHasValidSignature(t *testing.T) { - tests := []struct { - name string - modelName string - signature string - expected bool - }{ - {"valid long signature", testModelName, "abc123validSignature1234567890123456789012345678901234567890", true}, - {"exactly 50 chars", testModelName, "12345678901234567890123456789012345678901234567890", true}, - {"49 chars - invalid", testModelName, "1234567890123456789012345678901234567890123456789", false}, - {"empty string", testModelName, "", false}, - {"short signature", testModelName, "abc", false}, - {"gemini sentinel", "gemini-3-pro-preview", "skip_thought_signature_validator", true}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := HasValidSignature(tt.modelName, tt.signature) - if result != tt.expected { - t.Errorf("HasValidSignature(%q) = %v, expected %v", tt.signature, result, tt.expected) - } - }) - } -} - -func TestCacheSignature_TextHashCollisionResistance(t *testing.T) { - ClearSignatureCache("") - - // Different texts should produce different hashes - text1 := "First thinking text" - text2 := "Second thinking text" - sig1 := "signature1_1234567890123456789012345678901234567890123456" - sig2 := "signature2_1234567890123456789012345678901234567890123456" - - CacheSignature(testModelName, text1, sig1) - CacheSignature(testModelName, text2, sig2) - - if GetCachedSignature(testModelName, text1) != sig1 { - t.Error("text1 signature mismatch") - } - if GetCachedSignature(testModelName, text2) != sig2 { - t.Error("text2 signature mismatch") - } -} - -func TestCacheSignature_UnicodeText(t *testing.T) { - ClearSignatureCache("") - - text := "한글 텍스트와 이모지 🎉 그리고 特殊文字" - sig := "unicodeSig123456789012345678901234567890123456789012345" - - CacheSignature(testModelName, text, sig) - - if got := GetCachedSignature(testModelName, text); got != sig { - t.Errorf("Unicode text signature retrieval failed, got '%s'", got) - } -} - -func TestCacheSignature_Overwrite(t *testing.T) { - ClearSignatureCache("") - - text := "Same text" - sig1 := "firstSignature12345678901234567890123456789012345678901" - sig2 := "secondSignature1234567890123456789012345678901234567890" - - CacheSignature(testModelName, text, sig1) - CacheSignature(testModelName, text, sig2) // Overwrite - - if got := GetCachedSignature(testModelName, text); got != sig2 { - t.Errorf("Expected overwritten signature '%s', got '%s'", sig2, got) - } -} - -// Note: TTL expiration test is tricky to test without mocking time -// We test the logic path exists but actual expiration would require time manipulation -func TestCacheSignature_ExpirationLogic(t *testing.T) { - ClearSignatureCache("") - - // This test verifies the expiration check exists - // In a real scenario, we'd mock time.Now() - text := "text" - sig := "validSig1234567890123456789012345678901234567890123456" - - CacheSignature(testModelName, text, sig) - - // Fresh entry should be retrievable - if got := GetCachedSignature(testModelName, text); got != sig { - t.Errorf("Fresh entry should be retrievable, got '%s'", got) - } - - // We can't easily test actual expiration without time mocking - // but the logic is verified by the implementation - _ = time.Now() // Acknowledge we're not testing time passage -} diff --git a/internal/cmd/anthropic_login.go b/internal/cmd/anthropic_login.go deleted file mode 100644 index 8885a2c0ac..0000000000 --- a/internal/cmd/anthropic_login.go +++ /dev/null @@ -1,59 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/claude" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoClaudeLogin triggers the Claude OAuth flow through the shared authentication manager. -// It initiates the OAuth authentication process for Anthropic Claude services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoClaudeLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "claude", cfg, authOpts) - if err != nil { - if authErr, ok := errors.AsType[*claude.AuthenticationError](err); ok { - log.Error(claude.GetUserFriendlyMessage(authErr)) - if authErr.Type == claude.ErrPortInUse.Type { - os.Exit(claude.ErrPortInUse.Code) - } - return - } - fmt.Printf("Claude authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Claude authentication successful!") -} diff --git a/internal/cmd/antigravity_login.go b/internal/cmd/antigravity_login.go deleted file mode 100644 index 7d3e048791..0000000000 --- a/internal/cmd/antigravity_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoAntigravityLogin triggers the OAuth flow for the antigravity provider and saves tokens. -func DoAntigravityLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - record, savedPath, err := manager.Login(context.Background(), "antigravity", cfg, authOpts) - if err != nil { - log.Errorf("Antigravity authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Antigravity authentication successful!") -} diff --git a/internal/cmd/auth_manager.go b/internal/cmd/auth_manager.go deleted file mode 100644 index 6517938346..0000000000 --- a/internal/cmd/auth_manager.go +++ /dev/null @@ -1,28 +0,0 @@ -package cmd - -import ( - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" -) - -// newAuthManager creates a new authentication manager instance with all supported -// authenticators and a file-based token store. It initializes authenticators for -// Gemini, Codex, Claude, Qwen, IFlow, Antigravity, and GitHub Copilot providers. -// -// Returns: -// - *sdkAuth.Manager: A configured authentication manager instance -func newAuthManager() *sdkAuth.Manager { - store := sdkAuth.GetTokenStore() - manager := sdkAuth.NewManager(store, - sdkAuth.NewGeminiAuthenticator(), - sdkAuth.NewCodexAuthenticator(), - sdkAuth.NewClaudeAuthenticator(), - sdkAuth.NewQwenAuthenticator(), - sdkAuth.NewIFlowAuthenticator(), - sdkAuth.NewAntigravityAuthenticator(), - sdkAuth.NewKimiAuthenticator(), - sdkAuth.NewKiroAuthenticator(), - sdkAuth.NewGitHubCopilotAuthenticator(), - sdkAuth.NewKiloAuthenticator(), - ) - return manager -} diff --git a/internal/cmd/github_copilot_login.go b/internal/cmd/github_copilot_login.go deleted file mode 100644 index 0998c1f0ae..0000000000 --- a/internal/cmd/github_copilot_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoGitHubCopilotLogin triggers the OAuth device flow for GitHub Copilot and saves tokens. -// It initiates the device flow authentication, displays the user code for the user to enter -// at GitHub's verification URL, and waits for authorization before saving the tokens. -// -// Parameters: -// - cfg: The application configuration containing proxy and auth directory settings -// - options: Login options including browser behavior settings -func DoGitHubCopilotLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - } - - record, savedPath, err := manager.Login(context.Background(), "github-copilot", cfg, authOpts) - if err != nil { - log.Errorf("GitHub Copilot authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("GitHub Copilot authentication successful!") -} diff --git a/internal/cmd/iflow_cookie.go b/internal/cmd/iflow_cookie.go deleted file mode 100644 index 1c8d3cdbaa..0000000000 --- a/internal/cmd/iflow_cookie.go +++ /dev/null @@ -1,98 +0,0 @@ -package cmd - -import ( - "bufio" - "context" - "fmt" - "os" - "path/filepath" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/iflow" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// DoIFlowCookieAuth performs the iFlow cookie-based authentication. -func DoIFlowCookieAuth(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - reader := bufio.NewReader(os.Stdin) - promptFn = func(prompt string) (string, error) { - fmt.Print(prompt) - value, err := reader.ReadString('\n') - if err != nil { - return "", err - } - return strings.TrimSpace(value), nil - } - } - - // Prompt user for cookie - cookie, err := promptForCookie(promptFn) - if err != nil { - fmt.Printf("Failed to get cookie: %v\n", err) - return - } - - // Check for duplicate BXAuth before authentication - bxAuth := iflow.ExtractBXAuth(cookie) - if existingFile, err := iflow.CheckDuplicateBXAuth(cfg.AuthDir, bxAuth); err != nil { - fmt.Printf("Failed to check duplicate: %v\n", err) - return - } else if existingFile != "" { - fmt.Printf("Duplicate BXAuth found, authentication already exists: %s\n", filepath.Base(existingFile)) - return - } - - // Authenticate with cookie - auth := iflow.NewIFlowAuth(cfg) - ctx := context.Background() - - tokenData, err := auth.AuthenticateWithCookie(ctx, cookie) - if err != nil { - fmt.Printf("iFlow cookie authentication failed: %v\n", err) - return - } - - // Create token storage - tokenStorage := auth.CreateCookieTokenStorage(tokenData) - - // Get auth file path using email in filename - authFilePath := getAuthFilePath(cfg, "iflow", tokenData.Email) - - // Save token to file - if err := tokenStorage.SaveTokenToFile(authFilePath); err != nil { - fmt.Printf("Failed to save authentication: %v\n", err) - return - } - - fmt.Printf("Authentication successful! API key: %s\n", tokenData.APIKey) - fmt.Printf("Expires at: %s\n", tokenData.Expire) - fmt.Printf("Authentication saved to: %s\n", authFilePath) -} - -// promptForCookie prompts the user to enter their iFlow cookie -func promptForCookie(promptFn func(string) (string, error)) (string, error) { - line, err := promptFn("Enter iFlow Cookie (from browser cookies): ") - if err != nil { - return "", fmt.Errorf("failed to read cookie: %w", err) - } - - cookie, err := iflow.NormalizeCookie(line) - if err != nil { - return "", err - } - - return cookie, nil -} - -// getAuthFilePath returns the auth file path for the given provider and email -func getAuthFilePath(cfg *config.Config, provider, email string) string { - fileName := iflow.SanitizeIFlowFileName(email) - return fmt.Sprintf("%s/%s-%s-%d.json", cfg.AuthDir, provider, fileName, time.Now().Unix()) -} diff --git a/internal/cmd/iflow_login.go b/internal/cmd/iflow_login.go deleted file mode 100644 index 7e861e7e18..0000000000 --- a/internal/cmd/iflow_login.go +++ /dev/null @@ -1,48 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoIFlowLogin performs the iFlow OAuth login via the shared authentication manager. -func DoIFlowLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "iflow", cfg, authOpts) - if err != nil { - if emailErr, ok := errors.AsType[*sdkAuth.EmailRequiredError](err); ok { - log.Error(emailErr.Error()) - return - } - fmt.Printf("iFlow authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("iFlow authentication successful!") -} diff --git a/internal/cmd/kilo_login.go b/internal/cmd/kilo_login.go deleted file mode 100644 index 991719ca85..0000000000 --- a/internal/cmd/kilo_login.go +++ /dev/null @@ -1,54 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" -) - -// DoKiloLogin handles the Kilo device flow using the shared authentication manager. -// It initiates the device-based authentication process for Kilo AI services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoKiloLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = func(prompt string) (string, error) { - fmt.Print(prompt) - var value string - fmt.Scanln(&value) - return strings.TrimSpace(value), nil - } - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "kilo", cfg, authOpts) - if err != nil { - fmt.Printf("Kilo authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Kilo authentication successful!") -} diff --git a/internal/cmd/kimi_login.go b/internal/cmd/kimi_login.go deleted file mode 100644 index 7f279ff147..0000000000 --- a/internal/cmd/kimi_login.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoKimiLogin triggers the OAuth device flow for Kimi (Moonshot AI) and saves tokens. -// It initiates the device flow authentication, displays the verification URL for the user, -// and waits for authorization before saving the tokens. -// -// Parameters: -// - cfg: The application configuration containing proxy and auth directory settings -// - options: Login options including browser behavior settings -func DoKimiLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - } - - record, savedPath, err := manager.Login(context.Background(), "kimi", cfg, authOpts) - if err != nil { - log.Errorf("Kimi authentication failed: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kimi authentication successful!") -} diff --git a/internal/cmd/kiro_login.go b/internal/cmd/kiro_login.go deleted file mode 100644 index 4aff1a8cbb..0000000000 --- a/internal/cmd/kiro_login.go +++ /dev/null @@ -1,208 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoKiroLogin triggers the Kiro authentication flow with Google OAuth. -// This is the default login method (same as --kiro-google-login). -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including Prompt field -func DoKiroLogin(cfg *config.Config, options *LoginOptions) { - // Use Google login as default - DoKiroGoogleLogin(cfg, options) -} - -// DoKiroGoogleLogin triggers Kiro authentication with Google OAuth. -// This uses a custom protocol handler (kiro://) to receive the callback. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroGoogleLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with Google login - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.LoginWithGoogle(context.Background(), cfg, &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro Google authentication failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure the protocol handler is installed") - fmt.Println("2. Complete the Google login in the browser") - fmt.Println("3. If callback fails, try: --kiro-import (after logging in via Kiro IDE)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro Google authentication successful!") -} - -// DoKiroAWSLogin triggers Kiro authentication with AWS Builder ID. -// This uses the device code flow for AWS SSO OIDC authentication. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroAWSLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with AWS Builder ID login (device code flow) - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.Login(context.Background(), cfg, &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro AWS authentication failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure you have an AWS Builder ID") - fmt.Println("2. Complete the authorization in the browser") - fmt.Println("3. If callback fails, try: --kiro-import (after logging in via Kiro IDE)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro AWS authentication successful!") -} - -// DoKiroAWSAuthCodeLogin triggers Kiro authentication with AWS Builder ID using authorization code flow. -// This provides a better UX than device code flow as it uses automatic browser callback. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including prompts -func DoKiroAWSAuthCodeLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - // Note: Kiro defaults to incognito mode for multi-account support. - // Users can override with --no-incognito if they want to use existing browser sessions. - - manager := newAuthManager() - - // Use KiroAuthenticator with AWS Builder ID login (authorization code flow) - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.LoginWithAuthCode(context.Background(), cfg, &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - Metadata: map[string]string{}, - Prompt: options.Prompt, - }) - if err != nil { - log.Errorf("Kiro AWS authentication (auth code) failed: %v", err) - fmt.Println("\nTroubleshooting:") - fmt.Println("1. Make sure you have an AWS Builder ID") - fmt.Println("2. Complete the authorization in the browser") - fmt.Println("3. If callback fails, try: --kiro-aws-login (device code flow)") - return - } - - // Save the auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Authenticated as %s\n", record.Label) - } - fmt.Println("Kiro AWS authentication successful!") -} - -// DoKiroImport imports Kiro token from Kiro IDE's token file. -// This is useful for users who have already logged in via Kiro IDE -// and want to use the same credentials in CLI Proxy API. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options (currently unused for import) -func DoKiroImport(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - // Use ImportFromKiroIDE instead of Login - authenticator := sdkAuth.NewKiroAuthenticator() - record, err := authenticator.ImportFromKiroIDE(context.Background(), cfg) - if err != nil { - log.Errorf("Kiro token import failed: %v", err) - fmt.Println("\nMake sure you have logged in to Kiro IDE first:") - fmt.Println("1. Open Kiro IDE") - fmt.Println("2. Click 'Sign in with Google' (or GitHub)") - fmt.Println("3. Complete the login process") - fmt.Println("4. Run this command again") - return - } - - // Save the imported auth record - savedPath, err := manager.SaveAuth(record, cfg) - if err != nil { - log.Errorf("Failed to save auth: %v", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - if record != nil && record.Label != "" { - fmt.Printf("Imported as %s\n", record.Label) - } - fmt.Println("Kiro token import successful!") -} diff --git a/internal/cmd/login.go b/internal/cmd/login.go deleted file mode 100644 index 6b66de212f..0000000000 --- a/internal/cmd/login.go +++ /dev/null @@ -1,699 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -// It includes authentication flows for various AI service providers, service startup, -// and other command-line operations. -package cmd - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "os" - "strconv" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/gemini" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - geminiCLIEndpoint = "https://cloudcode-pa.googleapis.com" - geminiCLIVersion = "v1internal" - geminiCLIUserAgent = "google-api-nodejs-client/9.15.1" - geminiCLIApiClient = "gl-node/22.17.0" - geminiCLIClientMetadata = "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -) - -type projectSelectionRequiredError struct{} - -func (e *projectSelectionRequiredError) Error() string { - return "gemini cli: project selection required" -} - -// DoLogin handles Google Gemini authentication using the shared authentication manager. -// It initiates the OAuth flow for Google Gemini services, performs the legacy CLI user setup, -// and saves the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - projectID: Optional Google Cloud project ID for Gemini services -// - options: Login options including browser behavior and prompts -func DoLogin(cfg *config.Config, projectID string, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - ctx := context.Background() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - trimmedProjectID := strings.TrimSpace(projectID) - callbackPrompt := promptFn - if trimmedProjectID == "" { - callbackPrompt = nil - } - - loginOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - ProjectID: trimmedProjectID, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: callbackPrompt, - } - - authenticator := sdkAuth.NewGeminiAuthenticator() - record, errLogin := authenticator.Login(ctx, cfg, loginOpts) - if errLogin != nil { - log.Errorf("Gemini authentication failed: %v", errLogin) - return - } - - storage, okStorage := record.Storage.(*gemini.GeminiTokenStorage) - if !okStorage || storage == nil { - log.Error("Gemini authentication failed: unsupported token storage") - return - } - - geminiAuth := gemini.NewGeminiAuth() - httpClient, errClient := geminiAuth.GetAuthenticatedClient(ctx, storage, cfg, &gemini.WebLoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Prompt: callbackPrompt, - }) - if errClient != nil { - log.Errorf("Gemini authentication failed: %v", errClient) - return - } - - log.Info("Authentication successful.") - - var activatedProjects []string - - useGoogleOne := false - if trimmedProjectID == "" && promptFn != nil { - fmt.Println("\nSelect login mode:") - fmt.Println(" 1. Code Assist (GCP project, manual selection)") - fmt.Println(" 2. Google One (personal account, auto-discover project)") - choice, errPrompt := promptFn("Enter choice [1/2] (default: 1): ") - if errPrompt == nil && strings.TrimSpace(choice) == "2" { - useGoogleOne = true - } - } - - if useGoogleOne { - log.Info("Google One mode: auto-discovering project...") - if errSetup := performGeminiCLISetup(ctx, httpClient, storage, ""); errSetup != nil { - log.Errorf("Google One auto-discovery failed: %v", errSetup) - return - } - autoProject := strings.TrimSpace(storage.ProjectID) - if autoProject == "" { - log.Error("Google One auto-discovery returned empty project ID") - return - } - log.Infof("Auto-discovered project: %s", autoProject) - activatedProjects = []string{autoProject} - } else { - projects, errProjects := fetchGCPProjects(ctx, httpClient) - if errProjects != nil { - log.Errorf("Failed to get project list: %v", errProjects) - return - } - - selectedProjectID := promptForProjectSelection(projects, trimmedProjectID, promptFn) - projectSelections, errSelection := resolveProjectSelections(selectedProjectID, projects) - if errSelection != nil { - log.Errorf("Invalid project selection: %v", errSelection) - return - } - if len(projectSelections) == 0 { - log.Error("No project selected; aborting login.") - return - } - - seenProjects := make(map[string]bool) - for _, candidateID := range projectSelections { - log.Infof("Activating project %s", candidateID) - if errSetup := performGeminiCLISetup(ctx, httpClient, storage, candidateID); errSetup != nil { - if _, ok := errors.AsType[*projectSelectionRequiredError](errSetup); ok { - log.Error("Failed to start user onboarding: A project ID is required.") - showProjectSelectionHelp(storage.Email, projects) - return - } - log.Errorf("Failed to complete user setup: %v", errSetup) - return - } - finalID := strings.TrimSpace(storage.ProjectID) - if finalID == "" { - finalID = candidateID - } - - if seenProjects[finalID] { - log.Infof("Project %s already activated, skipping", finalID) - continue - } - seenProjects[finalID] = true - activatedProjects = append(activatedProjects, finalID) - } - } - - storage.Auto = false - storage.ProjectID = strings.Join(activatedProjects, ",") - - if !storage.Auto && !storage.Checked { - for _, pid := range activatedProjects { - isChecked, errCheck := checkCloudAPIIsEnabled(ctx, httpClient, pid) - if errCheck != nil { - log.Errorf("Failed to check if Cloud AI API is enabled for %s: %v", pid, errCheck) - return - } - if !isChecked { - log.Errorf("Failed to check if Cloud AI API is enabled for project %s. If you encounter an error message, please create an issue.", pid) - return - } - } - storage.Checked = true - } - - updateAuthRecord(record, storage) - - store := sdkAuth.GetTokenStore() - if setter, okSetter := store.(interface{ SetBaseDir(string) }); okSetter && cfg != nil { - setter.SetBaseDir(cfg.AuthDir) - } - - savedPath, errSave := store.Save(ctx, record) - if errSave != nil { - log.Errorf("Failed to save token to file: %v", errSave) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Gemini authentication successful!") -} - -func performGeminiCLISetup(ctx context.Context, httpClient *http.Client, storage *gemini.GeminiTokenStorage, requestedProject string) error { - metadata := map[string]string{ - "ideType": "IDE_UNSPECIFIED", - "platform": "PLATFORM_UNSPECIFIED", - "pluginType": "GEMINI", - } - - trimmedRequest := strings.TrimSpace(requestedProject) - explicitProject := trimmedRequest != "" - - loadReqBody := map[string]any{ - "metadata": metadata, - } - if explicitProject { - loadReqBody["cloudaicompanionProject"] = trimmedRequest - } - - var loadResp map[string]any - if errLoad := callGeminiCLI(ctx, httpClient, "loadCodeAssist", loadReqBody, &loadResp); errLoad != nil { - return fmt.Errorf("load code assist: %w", errLoad) - } - - tierID := "legacy-tier" - if tiers, okTiers := loadResp["allowedTiers"].([]any); okTiers { - for _, rawTier := range tiers { - tier, okTier := rawTier.(map[string]any) - if !okTier { - continue - } - if isDefault, okDefault := tier["isDefault"].(bool); okDefault && isDefault { - if id, okID := tier["id"].(string); okID && strings.TrimSpace(id) != "" { - tierID = strings.TrimSpace(id) - break - } - } - } - } - - projectID := trimmedRequest - if projectID == "" { - if id, okProject := loadResp["cloudaicompanionProject"].(string); okProject { - projectID = strings.TrimSpace(id) - } - if projectID == "" { - if projectMap, okProject := loadResp["cloudaicompanionProject"].(map[string]any); okProject { - if id, okID := projectMap["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - } - if projectID == "" { - // Auto-discovery: try onboardUser without specifying a project - // to let Google auto-provision one (matches Gemini CLI headless behavior - // and Antigravity's FetchProjectID pattern). - autoOnboardReq := map[string]any{ - "tierId": tierID, - "metadata": metadata, - } - - autoCtx, autoCancel := context.WithTimeout(ctx, 30*time.Second) - defer autoCancel() - for attempt := 1; ; attempt++ { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(autoCtx, httpClient, "onboardUser", autoOnboardReq, &onboardResp); errOnboard != nil { - return fmt.Errorf("auto-discovery onboardUser: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch v := resp["cloudaicompanionProject"].(type) { - case string: - projectID = strings.TrimSpace(v) - case map[string]any: - if id, okID := v["id"].(string); okID { - projectID = strings.TrimSpace(id) - } - } - } - break - } - - log.Debugf("Auto-discovery: onboarding in progress, attempt %d...", attempt) - select { - case <-autoCtx.Done(): - return &projectSelectionRequiredError{} - case <-time.After(2 * time.Second): - } - } - - if projectID == "" { - return &projectSelectionRequiredError{} - } - log.Infof("Auto-discovered project ID via onboarding: %s", projectID) - } - - onboardReqBody := map[string]any{ - "tierId": tierID, - "metadata": metadata, - "cloudaicompanionProject": projectID, - } - - // Store the requested project as a fallback in case the response omits it. - storage.ProjectID = projectID - - for { - var onboardResp map[string]any - if errOnboard := callGeminiCLI(ctx, httpClient, "onboardUser", onboardReqBody, &onboardResp); errOnboard != nil { - return fmt.Errorf("onboard user: %w", errOnboard) - } - - if done, okDone := onboardResp["done"].(bool); okDone && done { - responseProjectID := "" - if resp, okResp := onboardResp["response"].(map[string]any); okResp { - switch projectValue := resp["cloudaicompanionProject"].(type) { - case map[string]any: - if id, okID := projectValue["id"].(string); okID { - responseProjectID = strings.TrimSpace(id) - } - case string: - responseProjectID = strings.TrimSpace(projectValue) - } - } - - finalProjectID := projectID - if responseProjectID != "" { - if explicitProject && !strings.EqualFold(responseProjectID, projectID) { - // Check if this is a free user (gen-lang-client projects or free/legacy tier) - isFreeUser := strings.HasPrefix(projectID, "gen-lang-client-") || - strings.EqualFold(tierID, "FREE") || - strings.EqualFold(tierID, "LEGACY") - - if isFreeUser { - // Interactive prompt for free users - fmt.Printf("\nGoogle returned a different project ID:\n") - fmt.Printf(" Requested (frontend): %s\n", projectID) - fmt.Printf(" Returned (backend): %s\n\n", responseProjectID) - fmt.Printf(" Backend project IDs have access to preview models (gemini-3-*).\n") - fmt.Printf(" This is normal for free tier users.\n\n") - fmt.Printf("Which project ID would you like to use?\n") - fmt.Printf(" [1] Backend (recommended): %s\n", responseProjectID) - fmt.Printf(" [2] Frontend: %s\n\n", projectID) - fmt.Printf("Enter choice [1]: ") - - reader := bufio.NewReader(os.Stdin) - choice, _ := reader.ReadString('\n') - choice = strings.TrimSpace(choice) - - if choice == "2" { - log.Infof("Using frontend project ID: %s", projectID) - fmt.Println(". Warning: Frontend project IDs may not have access to preview models.") - finalProjectID = projectID - } else { - log.Infof("Using backend project ID: %s (recommended)", responseProjectID) - finalProjectID = responseProjectID - } - } else { - // Pro users: keep requested project ID (original behavior) - log.Warnf("Gemini onboarding returned project %s instead of requested %s; keeping requested project ID.", responseProjectID, projectID) - } - } else { - finalProjectID = responseProjectID - } - } - - storage.ProjectID = strings.TrimSpace(finalProjectID) - if storage.ProjectID == "" { - storage.ProjectID = strings.TrimSpace(projectID) - } - if storage.ProjectID == "" { - return fmt.Errorf("onboard user completed without project id") - } - log.Infof("Onboarding complete. Using Project ID: %s", storage.ProjectID) - return nil - } - - log.Println("Onboarding in progress, waiting 5 seconds...") - time.Sleep(5 * time.Second) - } -} - -func callGeminiCLI(ctx context.Context, httpClient *http.Client, endpoint string, body any, result any) error { - url := fmt.Sprintf("%s/%s:%s", geminiCLIEndpoint, geminiCLIVersion, endpoint) - if strings.HasPrefix(endpoint, "operations/") { - url = fmt.Sprintf("%s/%s", geminiCLIEndpoint, endpoint) - } - - var reader io.Reader - if body != nil { - rawBody, errMarshal := json.Marshal(body) - if errMarshal != nil { - return fmt.Errorf("marshal request body: %w", errMarshal) - } - reader = bytes.NewReader(rawBody) - } - - req, errRequest := http.NewRequestWithContext(ctx, http.MethodPost, url, reader) - if errRequest != nil { - return fmt.Errorf("create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - req.Header.Set("X-Goog-Api-Client", geminiCLIApiClient) - req.Header.Set("Client-Metadata", geminiCLIClientMetadata) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return fmt.Errorf("execute request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return fmt.Errorf("api request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - if result == nil { - _, _ = io.Copy(io.Discard, resp.Body) - return nil - } - - if errDecode := json.NewDecoder(resp.Body).Decode(result); errDecode != nil { - return fmt.Errorf("decode response body: %w", errDecode) - } - - return nil -} - -func fetchGCPProjects(ctx context.Context, httpClient *http.Client) ([]interfaces.GCPProjectProjects, error) { - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, "https://cloudresourcemanager.googleapis.com/v1/projects", nil) - if errRequest != nil { - return nil, fmt.Errorf("could not create project list request: %w", errRequest) - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - return nil, fmt.Errorf("failed to execute project list request: %w", errDo) - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, _ := io.ReadAll(resp.Body) - return nil, fmt.Errorf("project list request failed with status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var projects interfaces.GCPProject - if errDecode := json.NewDecoder(resp.Body).Decode(&projects); errDecode != nil { - return nil, fmt.Errorf("failed to unmarshal project list: %w", errDecode) - } - - return projects.Projects, nil -} - -// promptForProjectSelection prints available projects and returns the chosen project ID. -func promptForProjectSelection(projects []interfaces.GCPProjectProjects, presetID string, promptFn func(string) (string, error)) string { - trimmedPreset := strings.TrimSpace(presetID) - if len(projects) == 0 { - if trimmedPreset != "" { - return trimmedPreset - } - fmt.Println("No Google Cloud projects are available for selection.") - return "" - } - - fmt.Println("Available Google Cloud projects:") - defaultIndex := 0 - for idx, project := range projects { - fmt.Printf("[%d] %s (%s)\n", idx+1, project.ProjectID, project.Name) - if trimmedPreset != "" && project.ProjectID == trimmedPreset { - defaultIndex = idx - } - } - fmt.Println("Type 'ALL' to onboard every listed project.") - - defaultID := projects[defaultIndex].ProjectID - - if trimmedPreset != "" { - if strings.EqualFold(trimmedPreset, "ALL") { - return "ALL" - } - for _, project := range projects { - if project.ProjectID == trimmedPreset { - return trimmedPreset - } - } - log.Warnf("Provided project ID %s not found in available projects; please choose from the list.", trimmedPreset) - } - - for { - promptMsg := fmt.Sprintf("Enter project ID [%s] or ALL: ", defaultID) - answer, errPrompt := promptFn(promptMsg) - if errPrompt != nil { - log.Errorf("Project selection prompt failed: %v", errPrompt) - return defaultID - } - answer = strings.TrimSpace(answer) - if strings.EqualFold(answer, "ALL") { - return "ALL" - } - if answer == "" { - return defaultID - } - - for _, project := range projects { - if project.ProjectID == answer { - return project.ProjectID - } - } - - if idx, errAtoi := strconv.Atoi(answer); errAtoi == nil { - if idx >= 1 && idx <= len(projects) { - return projects[idx-1].ProjectID - } - } - - fmt.Println("Invalid selection, enter a project ID or a number from the list.") - } -} - -func resolveProjectSelections(selection string, projects []interfaces.GCPProjectProjects) ([]string, error) { - trimmed := strings.TrimSpace(selection) - if trimmed == "" { - return nil, nil - } - available := make(map[string]struct{}, len(projects)) - ordered := make([]string, 0, len(projects)) - for _, project := range projects { - id := strings.TrimSpace(project.ProjectID) - if id == "" { - continue - } - if _, exists := available[id]; exists { - continue - } - available[id] = struct{}{} - ordered = append(ordered, id) - } - if strings.EqualFold(trimmed, "ALL") { - if len(ordered) == 0 { - return nil, fmt.Errorf("no projects available for ALL selection") - } - return append([]string(nil), ordered...), nil - } - parts := strings.Split(trimmed, ",") - selections := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, dup := seen[id]; dup { - continue - } - if len(available) > 0 { - if _, ok := available[id]; !ok { - return nil, fmt.Errorf("project %s not found in available projects", id) - } - } - seen[id] = struct{}{} - selections = append(selections, id) - } - return selections, nil -} - -func defaultProjectPrompt() func(string) (string, error) { - reader := bufio.NewReader(os.Stdin) - return func(prompt string) (string, error) { - fmt.Print(prompt) - line, errRead := reader.ReadString('\n') - if errRead != nil { - if errors.Is(errRead, io.EOF) { - return strings.TrimSpace(line), nil - } - return "", errRead - } - return strings.TrimSpace(line), nil - } -} - -func showProjectSelectionHelp(email string, projects []interfaces.GCPProjectProjects) { - if email != "" { - log.Infof("Your account %s needs to specify a project ID.", email) - } else { - log.Info("You need to specify a project ID.") - } - - if len(projects) > 0 { - fmt.Println("========================================================================") - for _, p := range projects { - fmt.Printf("Project ID: %s\n", p.ProjectID) - fmt.Printf("Project Name: %s\n", p.Name) - fmt.Println("------------------------------------------------------------------------") - } - } else { - fmt.Println("No active projects were returned for this account.") - } - - fmt.Printf("Please run this command to login again with a specific project:\n\n%s --login --project_id \n", os.Args[0]) -} - -func checkCloudAPIIsEnabled(ctx context.Context, httpClient *http.Client, projectID string) (bool, error) { - serviceUsageURL := "https://serviceusage.googleapis.com" - requiredServices := []string{ - // "geminicloudassist.googleapis.com", // Gemini Cloud Assist API - "cloudaicompanion.googleapis.com", // Gemini for Google Cloud API - } - for _, service := range requiredServices { - checkUrl := fmt.Sprintf("%s/v1/projects/%s/services/%s", serviceUsageURL, projectID, service) - req, errRequest := http.NewRequestWithContext(ctx, http.MethodGet, checkUrl, nil) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo := httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - if resp.StatusCode == http.StatusOK { - bodyBytes, _ := io.ReadAll(resp.Body) - if gjson.GetBytes(bodyBytes, "state").String() == "ENABLED" { - _ = resp.Body.Close() - continue - } - } - _ = resp.Body.Close() - - enableUrl := fmt.Sprintf("%s/v1/projects/%s/services/%s:enable", serviceUsageURL, projectID, service) - req, errRequest = http.NewRequestWithContext(ctx, http.MethodPost, enableUrl, strings.NewReader("{}")) - if errRequest != nil { - return false, fmt.Errorf("failed to create request: %w", errRequest) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", geminiCLIUserAgent) - resp, errDo = httpClient.Do(req) - if errDo != nil { - return false, fmt.Errorf("failed to execute request: %w", errDo) - } - - bodyBytes, _ := io.ReadAll(resp.Body) - errMessage := string(bodyBytes) - errMessageResult := gjson.GetBytes(bodyBytes, "error.message") - if errMessageResult.Exists() { - errMessage = errMessageResult.String() - } - if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusCreated { - _ = resp.Body.Close() - continue - } else if resp.StatusCode == http.StatusBadRequest { - _ = resp.Body.Close() - if strings.Contains(strings.ToLower(errMessage), "already enabled") { - continue - } - } - _ = resp.Body.Close() - return false, fmt.Errorf("project activation required: %s", errMessage) - } - return true, nil -} - -func updateAuthRecord(record *cliproxyauth.Auth, storage *gemini.GeminiTokenStorage) { - if record == nil || storage == nil { - return - } - - finalName := gemini.CredentialFileName(storage.Email, storage.ProjectID, true) - - if record.Metadata == nil { - record.Metadata = make(map[string]any) - } - record.Metadata["email"] = storage.Email - record.Metadata["project_id"] = storage.ProjectID - record.Metadata["auto"] = storage.Auto - record.Metadata["checked"] = storage.Checked - - record.ID = finalName - record.FileName = finalName - record.Storage = storage -} diff --git a/internal/cmd/openai_device_login.go b/internal/cmd/openai_device_login.go deleted file mode 100644 index 4b9e4787c5..0000000000 --- a/internal/cmd/openai_device_login.go +++ /dev/null @@ -1,60 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/codex" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -const ( - codexLoginModeMetadataKey = "codex_login_mode" - codexLoginModeDevice = "device" -) - -// DoCodexDeviceLogin triggers the Codex device-code flow while keeping the -// existing codex-login OAuth callback flow intact. -func DoCodexDeviceLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{ - codexLoginModeMetadataKey: codexLoginModeDevice, - }, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "codex", cfg, authOpts) - if err != nil { - if authErr, ok := errors.AsType[*codex.AuthenticationError](err); ok { - log.Error(codex.GetUserFriendlyMessage(authErr)) - if authErr.Type == codex.ErrPortInUse.Type { - os.Exit(codex.ErrPortInUse.Code) - } - return - } - fmt.Printf("Codex device authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - fmt.Println("Codex device authentication successful!") -} diff --git a/internal/cmd/openai_login.go b/internal/cmd/openai_login.go deleted file mode 100644 index cbd58a6b35..0000000000 --- a/internal/cmd/openai_login.go +++ /dev/null @@ -1,72 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - "os" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/codex" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// LoginOptions contains options for the login processes. -// It provides configuration for authentication flows including browser behavior -// and interactive prompting capabilities. -type LoginOptions struct { - // NoBrowser indicates whether to skip opening the browser automatically. - NoBrowser bool - - // CallbackPort overrides the local OAuth callback port when set (>0). - CallbackPort int - - // Prompt allows the caller to provide interactive input when needed. - Prompt func(prompt string) (string, error) -} - -// DoCodexLogin triggers the Codex OAuth flow through the shared authentication manager. -// It initiates the OAuth authentication process for OpenAI Codex services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoCodexLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - promptFn := options.Prompt - if promptFn == nil { - promptFn = defaultProjectPrompt() - } - - manager := newAuthManager() - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "codex", cfg, authOpts) - if err != nil { - if authErr, ok := errors.AsType[*codex.AuthenticationError](err); ok { - log.Error(codex.GetUserFriendlyMessage(authErr)) - if authErr.Type == codex.ErrPortInUse.Type { - os.Exit(codex.ErrPortInUse.Code) - } - return - } - fmt.Printf("Codex authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - fmt.Println("Codex authentication successful!") -} diff --git a/internal/cmd/qwen_login.go b/internal/cmd/qwen_login.go deleted file mode 100644 index e7be307515..0000000000 --- a/internal/cmd/qwen_login.go +++ /dev/null @@ -1,60 +0,0 @@ -package cmd - -import ( - "context" - "errors" - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - log "github.com/sirupsen/logrus" -) - -// DoQwenLogin handles the Qwen device flow using the shared authentication manager. -// It initiates the device-based authentication process for Qwen services and saves -// the authentication tokens to the configured auth directory. -// -// Parameters: -// - cfg: The application configuration -// - options: Login options including browser behavior and prompts -func DoQwenLogin(cfg *config.Config, options *LoginOptions) { - if options == nil { - options = &LoginOptions{} - } - - manager := newAuthManager() - - promptFn := options.Prompt - if promptFn == nil { - promptFn = func(prompt string) (string, error) { - fmt.Println() - fmt.Println(prompt) - var value string - _, err := fmt.Scanln(&value) - return value, err - } - } - - authOpts := &sdkAuth.LoginOptions{ - NoBrowser: options.NoBrowser, - CallbackPort: options.CallbackPort, - Metadata: map[string]string{}, - Prompt: promptFn, - } - - _, savedPath, err := manager.Login(context.Background(), "qwen", cfg, authOpts) - if err != nil { - if emailErr, ok := errors.AsType[*sdkAuth.EmailRequiredError](err); ok { - log.Error(emailErr.Error()) - return - } - fmt.Printf("Qwen authentication failed: %v\n", err) - return - } - - if savedPath != "" { - fmt.Printf("Authentication saved to %s\n", savedPath) - } - - fmt.Println("Qwen authentication successful!") -} diff --git a/internal/cmd/run.go b/internal/cmd/run.go deleted file mode 100644 index 91ad69aa0d..0000000000 --- a/internal/cmd/run.go +++ /dev/null @@ -1,98 +0,0 @@ -// Package cmd provides command-line interface functionality for the CLI Proxy API server. -// It includes authentication flows for various AI service providers, service startup, -// and other command-line operations. -package cmd - -import ( - "context" - "errors" - "os/signal" - "syscall" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy" - log "github.com/sirupsen/logrus" -) - -// StartService builds and runs the proxy service using the exported SDK. -// It creates a new proxy service instance, sets up signal handling for graceful shutdown, -// and starts the service with the provided configuration. -// -// Parameters: -// - cfg: The application configuration -// - configPath: The path to the configuration file -// - localPassword: Optional password accepted for local management requests -func StartService(cfg *config.Config, configPath string, localPassword string) { - builder := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath(configPath). - WithLocalManagementPassword(localPassword) - - ctxSignal, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) - defer cancel() - - runCtx := ctxSignal - if localPassword != "" { - var keepAliveCancel context.CancelFunc - runCtx, keepAliveCancel = context.WithCancel(ctxSignal) - builder = builder.WithServerOptions(api.WithKeepAliveEndpoint(10*time.Second, func() { - log.Warn("keep-alive endpoint idle for 10s, shutting down") - keepAliveCancel() - })) - } - - service, err := builder.Build() - if err != nil { - log.Errorf("failed to build proxy service: %v", err) - return - } - - err = service.Run(runCtx) - if err != nil && !errors.Is(err, context.Canceled) { - log.Errorf("proxy service exited with error: %v", err) - } -} - -// StartServiceBackground starts the proxy service in a background goroutine -// and returns a cancel function for shutdown and a done channel. -func StartServiceBackground(cfg *config.Config, configPath string, localPassword string) (cancel func(), done <-chan struct{}) { - builder := cliproxy.NewBuilder(). - WithConfig(cfg). - WithConfigPath(configPath). - WithLocalManagementPassword(localPassword) - - ctx, cancelFn := context.WithCancel(context.Background()) - doneCh := make(chan struct{}) - - service, err := builder.Build() - if err != nil { - log.Errorf("failed to build proxy service: %v", err) - close(doneCh) - return cancelFn, doneCh - } - - go func() { - defer close(doneCh) - if err := service.Run(ctx); err != nil && !errors.Is(err, context.Canceled) { - log.Errorf("proxy service exited with error: %v", err) - } - }() - - return cancelFn, doneCh -} - -// WaitForCloudDeploy waits indefinitely for shutdown signals in cloud deploy mode -// when no configuration file is available. -func WaitForCloudDeploy() { - // Clarify that we are intentionally idle for configuration and not running the API server. - log.Info("Cloud deploy mode: No config found; standing by for configuration. API server is not started. Press Ctrl+C to exit.") - - ctxSignal, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) - defer cancel() - - // Block until shutdown signal is received - <-ctxSignal.Done() - log.Info("Cloud deploy mode: Shutdown signal received; exiting") -} diff --git a/internal/cmd/vertex_import.go b/internal/cmd/vertex_import.go deleted file mode 100644 index 33e0c7abd0..0000000000 --- a/internal/cmd/vertex_import.go +++ /dev/null @@ -1,123 +0,0 @@ -// Package cmd contains CLI helpers. This file implements importing a Vertex AI -// service account JSON into the auth store as a dedicated "vertex" credential. -package cmd - -import ( - "context" - "encoding/json" - "fmt" - "os" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/vertex" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// DoVertexImport imports a Google Cloud service account key JSON and persists -// it as a "vertex" provider credential. The file content is embedded in the auth -// file to allow portable deployment across stores. -func DoVertexImport(cfg *config.Config, keyPath string) { - if cfg == nil { - cfg = &config.Config{} - } - if resolved, errResolve := util.ResolveAuthDir(cfg.AuthDir); errResolve == nil { - cfg.AuthDir = resolved - } - rawPath := strings.TrimSpace(keyPath) - if rawPath == "" { - log.Errorf("vertex-import: missing service account key path") - return - } - data, errRead := os.ReadFile(rawPath) - if errRead != nil { - log.Errorf("vertex-import: read file failed: %v", errRead) - return - } - var sa map[string]any - if errUnmarshal := json.Unmarshal(data, &sa); errUnmarshal != nil { - log.Errorf("vertex-import: invalid service account json: %v", errUnmarshal) - return - } - // Validate and normalize private_key before saving - normalizedSA, errFix := vertex.NormalizeServiceAccountMap(sa) - if errFix != nil { - log.Errorf("vertex-import: %v", errFix) - return - } - sa = normalizedSA - email, _ := sa["client_email"].(string) - projectID, _ := sa["project_id"].(string) - if strings.TrimSpace(projectID) == "" { - log.Errorf("vertex-import: project_id missing in service account json") - return - } - if strings.TrimSpace(email) == "" { - // Keep empty email but warn - log.Warn("vertex-import: client_email missing in service account json") - } - // Default location if not provided by user. Can be edited in the saved file later. - location := "us-central1" - - fileName := fmt.Sprintf("vertex-%s.json", sanitizeFilePart(projectID)) - // Build auth record - storage := &vertex.VertexCredentialStorage{ - ServiceAccount: sa, - ProjectID: projectID, - Email: email, - Location: location, - } - metadata := map[string]any{ - "service_account": sa, - "project_id": projectID, - "email": email, - "location": location, - "type": "vertex", - "label": labelForVertex(projectID, email), - } - record := &coreauth.Auth{ - ID: fileName, - Provider: "vertex", - FileName: fileName, - Storage: storage, - Metadata: metadata, - } - - store := sdkAuth.GetTokenStore() - if setter, ok := store.(interface{ SetBaseDir(string) }); ok { - setter.SetBaseDir(cfg.AuthDir) - } - path, errSave := store.Save(context.Background(), record) - if errSave != nil { - log.Errorf("vertex-import: save credential failed: %v", errSave) - return - } - fmt.Printf("Vertex credentials imported: %s\n", path) -} - -func sanitizeFilePart(s string) string { - out := strings.TrimSpace(s) - replacers := []string{"/", "_", "\\", "_", ":", "_", " ", "-"} - for i := 0; i < len(replacers); i += 2 { - out = strings.ReplaceAll(out, replacers[i], replacers[i+1]) - } - return out -} - -func labelForVertex(projectID, email string) string { - p := strings.TrimSpace(projectID) - e := strings.TrimSpace(email) - if p != "" && e != "" { - return fmt.Sprintf("%s (%s)", p, e) - } - if p != "" { - return p - } - if e != "" { - return e - } - return "vertex" -} diff --git a/internal/config/config_generated.go b/internal/config/config_generated.go deleted file mode 100644 index bb9769a439..0000000000 --- a/internal/config/config_generated.go +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by github.com/kooshapari/cliproxyapi-plusplus/v6/cmd/codegen; DO NOT EDIT. -package config - -import "strings" - -// GeneratedConfig contains generated config fields for dedicated providers. -type GeneratedConfig struct { - // MiniMaxKey defines MiniMax configurations. - MiniMaxKey []MiniMaxKey `yaml:"minimax" json:"minimax"` - // RooKey defines Roo configurations. - RooKey []RooKey `yaml:"roo" json:"roo"` - // KiloKey defines Kilo configurations. - KiloKey []KiloKey `yaml:"kilo" json:"kilo"` - // DeepSeekKey defines DeepSeek configurations. - DeepSeekKey []DeepSeekKey `yaml:"deepseek" json:"deepseek"` - // GroqKey defines Groq configurations. - GroqKey []GroqKey `yaml:"groq" json:"groq"` - // MistralKey defines Mistral configurations. - MistralKey []MistralKey `yaml:"mistral" json:"mistral"` - // SiliconFlowKey defines SiliconFlow configurations. - SiliconFlowKey []SiliconFlowKey `yaml:"siliconflow" json:"siliconflow"` - // OpenRouterKey defines OpenRouter configurations. - OpenRouterKey []OpenRouterKey `yaml:"openrouter" json:"openrouter"` - // TogetherKey defines Together configurations. - TogetherKey []TogetherKey `yaml:"together" json:"together"` - // FireworksKey defines Fireworks configurations. - FireworksKey []FireworksKey `yaml:"fireworks" json:"fireworks"` - // NovitaKey defines Novita configurations. - NovitaKey []NovitaKey `yaml:"novita" json:"novita"` -} - -// MiniMaxKey is a type alias for OAICompatProviderConfig for the minimax provider. -type MiniMaxKey = OAICompatProviderConfig - -// RooKey is a type alias for OAICompatProviderConfig for the roo provider. -type RooKey = OAICompatProviderConfig - -// KiloKey is a type alias for OAICompatProviderConfig for the kilo provider. -type KiloKey = OAICompatProviderConfig - -// DeepSeekKey is a type alias for OAICompatProviderConfig for the deepseek provider. -type DeepSeekKey = OAICompatProviderConfig - -// GroqKey is a type alias for OAICompatProviderConfig for the groq provider. -type GroqKey = OAICompatProviderConfig - -// MistralKey is a type alias for OAICompatProviderConfig for the mistral provider. -type MistralKey = OAICompatProviderConfig - -// SiliconFlowKey is a type alias for OAICompatProviderConfig for the siliconflow provider. -type SiliconFlowKey = OAICompatProviderConfig - -// OpenRouterKey is a type alias for OAICompatProviderConfig for the openrouter provider. -type OpenRouterKey = OAICompatProviderConfig - -// TogetherKey is a type alias for OAICompatProviderConfig for the together provider. -type TogetherKey = OAICompatProviderConfig - -// FireworksKey is a type alias for OAICompatProviderConfig for the fireworks provider. -type FireworksKey = OAICompatProviderConfig - -// NovitaKey is a type alias for OAICompatProviderConfig for the novita provider. -type NovitaKey = OAICompatProviderConfig - -// SanitizeGeneratedProviders trims whitespace from generated provider credential fields. -func (cfg *Config) SanitizeGeneratedProviders() { - if cfg == nil { - return - } - for i := range cfg.MiniMaxKey { - entry := &cfg.MiniMaxKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.RooKey { - entry := &cfg.RooKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.KiloKey { - entry := &cfg.KiloKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.DeepSeekKey { - entry := &cfg.DeepSeekKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.GroqKey { - entry := &cfg.GroqKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.MistralKey { - entry := &cfg.MistralKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.SiliconFlowKey { - entry := &cfg.SiliconFlowKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.OpenRouterKey { - entry := &cfg.OpenRouterKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.TogetherKey { - entry := &cfg.TogetherKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.FireworksKey { - entry := &cfg.FireworksKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } - for i := range cfg.NovitaKey { - entry := &cfg.NovitaKey[i] - entry.TokenFile = strings.TrimSpace(entry.TokenFile) - entry.APIKey = strings.TrimSpace(entry.APIKey) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - } -} diff --git a/internal/config/oauth_model_alias_migration.go b/internal/config/oauth_model_alias_migration.go deleted file mode 100644 index f68f141a3e..0000000000 --- a/internal/config/oauth_model_alias_migration.go +++ /dev/null @@ -1,313 +0,0 @@ -package config - -import ( - "os" - "strings" - - "gopkg.in/yaml.v3" -) - -// antigravityModelConversionTable maps old built-in aliases to actual model names -// for the antigravity channel during migration. -var antigravityModelConversionTable = map[string]string{ - "gemini-2.5-computer-use-preview-10-2025": "rev19-uic3-1p", - "gemini-3-pro-image-preview": "gemini-3-pro-image", - "gemini-3-pro-preview": "gemini-3-pro-high", - "gemini-3-flash-preview": "gemini-3-flash", - "gemini-claude-sonnet-4-5": "claude-sonnet-4-5", - "gemini-claude-sonnet-4-5-thinking": "claude-sonnet-4-5-thinking", - "gemini-claude-opus-4-5-thinking": "claude-opus-4-5-thinking", - "gemini-claude-opus-thinking": "claude-opus-4-6-thinking", - "gemini-claude-opus-4-6-thinking": "claude-opus-4-6-thinking", -} - -// defaultKiroAliases returns the default oauth-model-alias configuration -// for the kiro channel. Maps kiro-prefixed model names to standard Claude model -// names so that clients like Claude Code can use standard names directly. -func defaultKiroAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - // Sonnet 4.5 - {Name: "kiro-claude-sonnet-4-5", Alias: "claude-sonnet-4-5-20250929", Fork: true}, - {Name: "kiro-claude-sonnet-4-5", Alias: "claude-sonnet-4-5", Fork: true}, - // Sonnet 4 - {Name: "kiro-claude-sonnet-4", Alias: "claude-sonnet-4-20250514", Fork: true}, - {Name: "kiro-claude-sonnet-4", Alias: "claude-sonnet-4", Fork: true}, - // Opus 4.6 - {Name: "kiro-claude-opus-4-6", Alias: "claude-opus-4-6", Fork: true}, - // Opus 4.5 - {Name: "kiro-claude-opus-4-5", Alias: "claude-opus-4-5-20251101", Fork: true}, - {Name: "kiro-claude-opus-4-5", Alias: "claude-opus-4-5", Fork: true}, - // Haiku 4.5 - {Name: "kiro-claude-haiku-4-5", Alias: "claude-haiku-4-5-20251001", Fork: true}, - {Name: "kiro-claude-haiku-4-5", Alias: "claude-haiku-4-5", Fork: true}, - } -} - -// defaultAntigravityAliases returns the default oauth-model-alias configuration -// for the antigravity channel when neither field exists. -func defaultAntigravityAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - {Name: "rev19-uic3-1p", Alias: "rev19-uic3-1p"}, - {Name: "gemini-3-pro-image", Alias: "gemini-3-pro-image-preview"}, - {Name: "gemini-3-pro-high", Alias: "gemini-3-pro-preview"}, - {Name: "gemini-3-flash", Alias: "gemini-3-flash-preview"}, - {Name: "claude-sonnet-4-5", Alias: "gemini-claude-sonnet-4-5"}, - {Name: "claude-sonnet-4-5-thinking", Alias: "gemini-claude-sonnet-4-5-thinking"}, - {Name: "claude-opus-4-5-thinking", Alias: "gemini-claude-opus-4-5-thinking"}, - {Name: "claude-opus-4-6-thinking", Alias: "gemini-claude-opus-thinking"}, - {Name: "claude-opus-4-6-thinking", Alias: "gemini-claude-opus-4-6-thinking"}, - } -} - -// defaultGitHubCopilotAliases returns the default oauth-model-alias configuration -// for the github-copilot channel. -func defaultGitHubCopilotAliases() []OAuthModelAlias { - return []OAuthModelAlias{ - {Name: "claude-opus-4.6", Alias: "claude-opus-4-6", Fork: true}, - {Name: "claude-sonnet-4.6", Alias: "claude-sonnet-4-6", Fork: true}, - } -} - -// MigrateOAuthModelAlias checks for and performs migration from oauth-model-mappings -// to oauth-model-alias at startup. Returns true if migration was performed. -// -// Migration flow: -// 1. Check if oauth-model-alias exists -> skip migration -// 2. Check if oauth-model-mappings exists -> convert and migrate -// - For antigravity channel, convert old built-in aliases to actual model names -// -// 3. Neither exists -> add default antigravity config -func MigrateOAuthModelAlias(configFile string) (bool, error) { - data, err := os.ReadFile(configFile) - if err != nil { - if os.IsNotExist(err) { - return false, nil - } - return false, err - } - if len(data) == 0 { - return false, nil - } - - // Parse YAML into node tree to preserve structure - var root yaml.Node - if err := yaml.Unmarshal(data, &root); err != nil { - return false, nil - } - if root.Kind != yaml.DocumentNode || len(root.Content) == 0 { - return false, nil - } - rootMap := root.Content[0] - if rootMap == nil || rootMap.Kind != yaml.MappingNode { - return false, nil - } - - // Check if oauth-model-alias already exists - if findMapKeyIndex(rootMap, "oauth-model-alias") >= 0 { - return false, nil - } - - // Check if oauth-model-mappings exists - oldIdx := findMapKeyIndex(rootMap, "oauth-model-mappings") - if oldIdx >= 0 { - // Migrate from old field - return migrateFromOldField(configFile, &root, rootMap, oldIdx) - } - - // Neither field exists - add default antigravity config - return addDefaultAntigravityConfig(configFile, &root, rootMap) -} - -// migrateFromOldField converts oauth-model-mappings to oauth-model-alias -func migrateFromOldField(configFile string, root *yaml.Node, rootMap *yaml.Node, oldIdx int) (bool, error) { - if oldIdx+1 >= len(rootMap.Content) { - return false, nil - } - oldValue := rootMap.Content[oldIdx+1] - if oldValue == nil || oldValue.Kind != yaml.MappingNode { - return false, nil - } - - // Parse the old aliases - oldAliases := parseOldAliasNode(oldValue) - if len(oldAliases) == 0 { - // Remove the old field and write - removeMapKeyByIndex(rootMap, oldIdx) - return writeYAMLNode(configFile, root) - } - - // Convert model names for antigravity channel - newAliases := make(map[string][]OAuthModelAlias, len(oldAliases)) - for channel, entries := range oldAliases { - converted := make([]OAuthModelAlias, 0, len(entries)) - for _, entry := range entries { - newEntry := OAuthModelAlias{ - Name: entry.Name, - Alias: entry.Alias, - Fork: entry.Fork, - } - // Convert model names for antigravity channel - if strings.EqualFold(channel, "antigravity") { - if actual, ok := antigravityModelConversionTable[entry.Name]; ok { - newEntry.Name = actual - } - } - converted = append(converted, newEntry) - } - newAliases[channel] = converted - } - - // For antigravity channel, supplement missing default aliases - if antigravityEntries, exists := newAliases["antigravity"]; exists { - // Build a set of already configured (name, alias) pairs. - // A single upstream model may intentionally expose multiple aliases. - configuredPairs := make(map[string]bool, len(antigravityEntries)) - for _, entry := range antigravityEntries { - key := entry.Name + "\x00" + entry.Alias - configuredPairs[key] = true - } - - // Add missing default aliases - for _, defaultAlias := range defaultAntigravityAliases() { - key := defaultAlias.Name + "\x00" + defaultAlias.Alias - if !configuredPairs[key] { - antigravityEntries = append(antigravityEntries, defaultAlias) - } - } - newAliases["antigravity"] = antigravityEntries - } - - // Build new node - newNode := buildOAuthModelAliasNode(newAliases) - - // Replace old key with new key and value - rootMap.Content[oldIdx].Value = "oauth-model-alias" - rootMap.Content[oldIdx+1] = newNode - - return writeYAMLNode(configFile, root) -} - -// addDefaultAntigravityConfig adds the default antigravity configuration -func addDefaultAntigravityConfig(configFile string, root *yaml.Node, rootMap *yaml.Node) (bool, error) { - defaults := map[string][]OAuthModelAlias{ - "antigravity": defaultAntigravityAliases(), - } - newNode := buildOAuthModelAliasNode(defaults) - - // Add new key-value pair - keyNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "oauth-model-alias"} - rootMap.Content = append(rootMap.Content, keyNode, newNode) - - return writeYAMLNode(configFile, root) -} - -// parseOldAliasNode parses the old oauth-model-mappings node structure -func parseOldAliasNode(node *yaml.Node) map[string][]OAuthModelAlias { - if node == nil || node.Kind != yaml.MappingNode { - return nil - } - result := make(map[string][]OAuthModelAlias) - for i := 0; i+1 < len(node.Content); i += 2 { - channelNode := node.Content[i] - entriesNode := node.Content[i+1] - if channelNode == nil || entriesNode == nil { - continue - } - channel := strings.ToLower(strings.TrimSpace(channelNode.Value)) - if channel == "" || entriesNode.Kind != yaml.SequenceNode { - continue - } - entries := make([]OAuthModelAlias, 0, len(entriesNode.Content)) - for _, entryNode := range entriesNode.Content { - if entryNode == nil || entryNode.Kind != yaml.MappingNode { - continue - } - entry := parseAliasEntry(entryNode) - if entry.Name != "" && entry.Alias != "" { - entries = append(entries, entry) - } - } - if len(entries) > 0 { - result[channel] = entries - } - } - return result -} - -// parseAliasEntry parses a single alias entry node -func parseAliasEntry(node *yaml.Node) OAuthModelAlias { - var entry OAuthModelAlias - for i := 0; i+1 < len(node.Content); i += 2 { - keyNode := node.Content[i] - valNode := node.Content[i+1] - if keyNode == nil || valNode == nil { - continue - } - switch strings.ToLower(strings.TrimSpace(keyNode.Value)) { - case "name": - entry.Name = strings.TrimSpace(valNode.Value) - case "alias": - entry.Alias = strings.TrimSpace(valNode.Value) - case "fork": - entry.Fork = strings.ToLower(strings.TrimSpace(valNode.Value)) == "true" - } - } - return entry -} - -// buildOAuthModelAliasNode creates a YAML node for oauth-model-alias -func buildOAuthModelAliasNode(aliases map[string][]OAuthModelAlias) *yaml.Node { - node := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - for channel, entries := range aliases { - channelNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: channel} - entriesNode := &yaml.Node{Kind: yaml.SequenceNode, Tag: "!!seq"} - for _, entry := range entries { - entryNode := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"} - entryNode.Content = append(entryNode.Content, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "name"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: entry.Name}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "alias"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: entry.Alias}, - ) - if entry.Fork { - entryNode.Content = append(entryNode.Content, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: "fork"}, - &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!bool", Value: "true"}, - ) - } - entriesNode.Content = append(entriesNode.Content, entryNode) - } - node.Content = append(node.Content, channelNode, entriesNode) - } - return node -} - -// removeMapKeyByIndex removes a key-value pair from a mapping node by index -func removeMapKeyByIndex(mapNode *yaml.Node, keyIdx int) { - if mapNode == nil || mapNode.Kind != yaml.MappingNode { - return - } - if keyIdx < 0 || keyIdx+1 >= len(mapNode.Content) { - return - } - mapNode.Content = append(mapNode.Content[:keyIdx], mapNode.Content[keyIdx+2:]...) -} - -// writeYAMLNode writes the YAML node tree back to file -func writeYAMLNode(configFile string, root *yaml.Node) (bool, error) { - f, err := os.Create(configFile) - if err != nil { - return false, err - } - defer func() { _ = f.Close() }() - - enc := yaml.NewEncoder(f) - enc.SetIndent(2) - if err := enc.Encode(root); err != nil { - return false, err - } - if err := enc.Close(); err != nil { - return false, err - } - return true, nil -} diff --git a/internal/config/provider_registry_generated.go b/internal/config/provider_registry_generated.go deleted file mode 100644 index 96497f5f38..0000000000 --- a/internal/config/provider_registry_generated.go +++ /dev/null @@ -1,98 +0,0 @@ -// Code generated by github.com/kooshapari/cliproxyapi-plusplus/v6/cmd/codegen; DO NOT EDIT. -package config - -// AllProviders defines the registry of all supported LLM providers. -// This is the source of truth for generated config fields and synthesizers. -var AllProviders = []ProviderSpec{ - { - Name: "minimax", - YAMLKey: "minimax", - GoName: "MiniMax", - BaseURL: "https://api.minimax.chat/v1", - }, - { - Name: "roo", - YAMLKey: "roo", - GoName: "Roo", - BaseURL: "https://api.roocode.com/v1", - }, - { - Name: "kilo", - YAMLKey: "kilo", - GoName: "Kilo", - BaseURL: "https://api.kilo.ai/v1", - }, - { - Name: "deepseek", - YAMLKey: "deepseek", - GoName: "DeepSeek", - BaseURL: "https://api.deepseek.com", - }, - { - Name: "groq", - YAMLKey: "groq", - GoName: "Groq", - BaseURL: "https://api.groq.com/openai/v1", - }, - { - Name: "mistral", - YAMLKey: "mistral", - GoName: "Mistral", - BaseURL: "https://api.mistral.ai/v1", - }, - { - Name: "siliconflow", - YAMLKey: "siliconflow", - GoName: "SiliconFlow", - BaseURL: "https://api.siliconflow.cn/v1", - }, - { - Name: "openrouter", - YAMLKey: "openrouter", - GoName: "OpenRouter", - BaseURL: "https://openrouter.ai/api/v1", - }, - { - Name: "together", - YAMLKey: "together", - GoName: "Together", - BaseURL: "https://api.together.xyz/v1", - }, - { - Name: "fireworks", - YAMLKey: "fireworks", - GoName: "Fireworks", - BaseURL: "https://api.fireworks.ai/inference/v1", - }, - { - Name: "novita", - YAMLKey: "novita", - GoName: "Novita", - BaseURL: "https://api.novita.ai/v1", - }, - { - Name: "zen", - YAMLKey: "", - GoName: "", - BaseURL: "https://opencode.ai/zen/v1", - EnvVars: []string{"ZEN_API_KEY", "OPENCODE_API_KEY", "THGENT_ZEN_API_KEY"}, - DefaultModels: []OpenAICompatibilityModel{ - {Name: "glm-5", Alias: "glm-5"}, - {Name: "glm-5", Alias: "z-ai/glm-5"}, - {Name: "glm-5", Alias: "gpt-5-mini"}, - {Name: "glm-5", Alias: "gemini-3-flash"}, - }, - }, - { - Name: "nim", - YAMLKey: "", - GoName: "", - BaseURL: "https://integrate.api.nvidia.com/v1", - EnvVars: []string{"NIM_API_KEY", "THGENT_NIM_API_KEY", "NVIDIA_API_KEY"}, - DefaultModels: []OpenAICompatibilityModel{ - {Name: "z-ai/glm-5", Alias: "z-ai/glm-5"}, - {Name: "z-ai/glm-5", Alias: "glm-5"}, - {Name: "z-ai/glm-5", Alias: "step-3.5-flash"}, - }, - }, -} diff --git a/internal/config/sdk_config.go b/internal/config/sdk_config.go deleted file mode 100644 index 9d99c92423..0000000000 --- a/internal/config/sdk_config.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package config provides configuration management for the CLI Proxy API server. -// It handles loading and parsing YAML configuration files, and provides structured -// access to application settings including server port, authentication directory, -// debug settings, proxy configuration, and API keys. -package config - -// SDKConfig represents the application's configuration, loaded from a YAML file. -type SDKConfig struct { - // ProxyURL is the URL of an optional proxy server to use for outbound requests. - ProxyURL string `yaml:"proxy-url" json:"proxy-url"` - - // ForceModelPrefix requires explicit model prefixes (e.g., "teamA/gemini-3-pro-preview") - // to target prefixed credentials. When false, unprefixed model requests may use prefixed - // credentials as well. - ForceModelPrefix bool `yaml:"force-model-prefix" json:"force-model-prefix"` - - // RequestLog enables or disables detailed request logging functionality. - RequestLog bool `yaml:"request-log" json:"request-log"` - - // APIKeys is a list of keys for authenticating clients to this proxy server. - APIKeys []string `yaml:"api-keys" json:"api-keys"` - - // PassthroughHeaders controls whether upstream response headers are forwarded to downstream clients. - // Default is false (disabled). - PassthroughHeaders bool `yaml:"passthrough-headers" json:"passthrough-headers"` - - // Streaming configures server-side streaming behavior (keep-alives and safe bootstrap retries). - Streaming StreamingConfig `yaml:"streaming" json:"streaming"` - - // NonStreamKeepAliveInterval controls how often blank lines are emitted for non-streaming responses. - // <= 0 disables keep-alives. Value is in seconds. - NonStreamKeepAliveInterval int `yaml:"nonstream-keepalive-interval,omitempty" json:"nonstream-keepalive-interval,omitempty"` -} - -// StreamingConfig holds server streaming behavior configuration. -type StreamingConfig struct { - // KeepAliveSeconds controls how often the server emits SSE heartbeats (": keep-alive\n\n"). - // <= 0 disables keep-alives. Default is 0. - KeepAliveSeconds int `yaml:"keepalive-seconds,omitempty" json:"keepalive-seconds,omitempty"` - - // BootstrapRetries controls how many times the server may retry a streaming request before any bytes are sent, - // to allow auth rotation / transient recovery. - // <= 0 disables bootstrap retries. Default is 0. - BootstrapRetries int `yaml:"bootstrap-retries,omitempty" json:"bootstrap-retries,omitempty"` -} diff --git a/internal/config/vertex_compat.go b/internal/config/vertex_compat.go deleted file mode 100644 index 786c5318c3..0000000000 --- a/internal/config/vertex_compat.go +++ /dev/null @@ -1,98 +0,0 @@ -package config - -import "strings" - -// VertexCompatKey represents the configuration for Vertex AI-compatible API keys. -// This supports third-party services that use Vertex AI-style endpoint paths -// (/publishers/google/models/{model}:streamGenerateContent) but authenticate -// with simple API keys instead of Google Cloud service account credentials. -// -// Example services: zenmux.ai and similar Vertex-compatible providers. -type VertexCompatKey struct { - // APIKey is the authentication key for accessing the Vertex-compatible API. - // Maps to the x-goog-api-key header. - APIKey string `yaml:"api-key" json:"api-key"` - - // Priority controls selection preference when multiple credentials match. - // Higher values are preferred; defaults to 0. - Priority int `yaml:"priority,omitempty" json:"priority,omitempty"` - - // Prefix optionally namespaces model aliases for this credential (e.g., "teamA/vertex-pro"). - Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"` - - // BaseURL is the base URL for the Vertex-compatible API endpoint. - // The executor will append "/v1/publishers/google/models/{model}:action" to this. - // Example: "https://zenmux.ai/api" becomes "https://zenmux.ai/api/v1/publishers/google/models/..." - BaseURL string `yaml:"base-url,omitempty" json:"base-url,omitempty"` - - // ProxyURL optionally overrides the global proxy for this API key. - ProxyURL string `yaml:"proxy-url,omitempty" json:"proxy-url,omitempty"` - - // Headers optionally adds extra HTTP headers for requests sent with this key. - // Commonly used for cookies, user-agent, and other authentication headers. - Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` - - // Models defines the model configurations including aliases for routing. - Models []VertexCompatModel `yaml:"models,omitempty" json:"models,omitempty"` -} - -func (k VertexCompatKey) GetAPIKey() string { return k.APIKey } -func (k VertexCompatKey) GetBaseURL() string { return k.BaseURL } - -// VertexCompatModel represents a model configuration for Vertex compatibility, -// including the actual model name and its alias for API routing. -type VertexCompatModel struct { - // Name is the actual model name used by the external provider. - Name string `yaml:"name" json:"name"` - - // Alias is the model name alias that clients will use to reference this model. - Alias string `yaml:"alias" json:"alias"` -} - -func (m VertexCompatModel) GetName() string { return m.Name } -func (m VertexCompatModel) GetAlias() string { return m.Alias } - -// SanitizeVertexCompatKeys deduplicates and normalizes Vertex-compatible API key credentials. -func (cfg *Config) SanitizeVertexCompatKeys() { - if cfg == nil { - return - } - - seen := make(map[string]struct{}, len(cfg.VertexCompatAPIKey)) - out := cfg.VertexCompatAPIKey[:0] - for i := range cfg.VertexCompatAPIKey { - entry := cfg.VertexCompatAPIKey[i] - entry.APIKey = strings.TrimSpace(entry.APIKey) - if entry.APIKey == "" { - continue - } - entry.Prefix = normalizeModelPrefix(entry.Prefix) - entry.BaseURL = strings.TrimSpace(entry.BaseURL) - if entry.BaseURL == "" { - // BaseURL is required for Vertex API key entries - continue - } - entry.ProxyURL = strings.TrimSpace(entry.ProxyURL) - entry.Headers = NormalizeHeaders(entry.Headers) - - // Sanitize models: remove entries without valid alias - sanitizedModels := make([]VertexCompatModel, 0, len(entry.Models)) - for _, model := range entry.Models { - model.Alias = strings.TrimSpace(model.Alias) - model.Name = strings.TrimSpace(model.Name) - if model.Alias != "" && model.Name != "" { - sanitizedModels = append(sanitizedModels, model) - } - } - entry.Models = sanitizedModels - - // Use API key + base URL as uniqueness key - uniqueKey := entry.APIKey + "|" + entry.BaseURL - if _, exists := seen[uniqueKey]; exists { - continue - } - seen[uniqueKey] = struct{}{} - out = append(out, entry) - } - cfg.VertexCompatAPIKey = out -} diff --git a/internal/constant/constant.go b/internal/constant/constant.go deleted file mode 100644 index 9b7d31aab6..0000000000 --- a/internal/constant/constant.go +++ /dev/null @@ -1,33 +0,0 @@ -// Package constant defines provider name constants used throughout the CLI Proxy API. -// These constants identify different AI service providers and their variants, -// ensuring consistent naming across the application. -package constant - -const ( - // Gemini represents the Google Gemini provider identifier. - Gemini = "gemini" - - // GeminiCLI represents the Google Gemini CLI provider identifier. - GeminiCLI = "gemini-cli" - - // Codex represents the OpenAI Codex provider identifier. - Codex = "codex" - - // Claude represents the Anthropic Claude provider identifier. - Claude = "claude" - - // OpenAI represents the OpenAI provider identifier. - OpenAI = "openai" - - // OpenaiResponse represents the OpenAI response format identifier. - OpenaiResponse = "openai-response" - - // Antigravity represents the Antigravity response format identifier. - Antigravity = "antigravity" - - // Kiro represents the AWS CodeWhisperer (Kiro) provider identifier. - Kiro = "kiro" - - // Kilo represents the Kilo AI provider identifier. - Kilo = "kilo" -) diff --git a/internal/interfaces/api_handler.go b/internal/interfaces/api_handler.go deleted file mode 100644 index dacd182054..0000000000 --- a/internal/interfaces/api_handler.go +++ /dev/null @@ -1,17 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -// APIHandler defines the interface that all API handlers must implement. -// This interface provides methods for identifying handler types and retrieving -// supported models for different AI service endpoints. -type APIHandler interface { - // HandlerType returns the type identifier for this API handler. - // This is used to determine which request/response translators to use. - HandlerType() string - - // Models returns a list of supported models for this API handler. - // Each model is represented as a map containing model metadata. - Models() []map[string]any -} diff --git a/internal/interfaces/client_models.go b/internal/interfaces/client_models.go deleted file mode 100644 index c6e4ff7802..0000000000 --- a/internal/interfaces/client_models.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -import ( - "time" -) - -// GCPProject represents the response structure for a Google Cloud project list request. -// This structure is used when fetching available projects for a Google Cloud account. -type GCPProject struct { - // Projects is a list of Google Cloud projects accessible by the user. - Projects []GCPProjectProjects `json:"projects"` -} - -// GCPProjectLabels defines the labels associated with a GCP project. -// These labels can contain metadata about the project's purpose or configuration. -type GCPProjectLabels struct { - // GenerativeLanguage indicates if the project has generative language APIs enabled. - GenerativeLanguage string `json:"generative-language"` -} - -// GCPProjectProjects contains details about a single Google Cloud project. -// This includes identifying information, metadata, and configuration details. -type GCPProjectProjects struct { - // ProjectNumber is the unique numeric identifier for the project. - ProjectNumber string `json:"projectNumber"` - - // ProjectID is the unique string identifier for the project. - ProjectID string `json:"projectId"` - - // LifecycleState indicates the current state of the project (e.g., "ACTIVE"). - LifecycleState string `json:"lifecycleState"` - - // Name is the human-readable name of the project. - Name string `json:"name"` - - // Labels contains metadata labels associated with the project. - Labels GCPProjectLabels `json:"labels"` - - // CreateTime is the timestamp when the project was created. - CreateTime time.Time `json:"createTime"` -} - -// Content represents a single message in a conversation, with a role and parts. -// This structure models a message exchange between a user and an AI model. -type Content struct { - // Role indicates who sent the message ("user", "model", or "tool"). - Role string `json:"role"` - - // Parts is a collection of content parts that make up the message. - Parts []Part `json:"parts"` -} - -// Part represents a distinct piece of content within a message. -// A part can be text, inline data (like an image), a function call, or a function response. -type Part struct { - Thought bool `json:"thought,omitempty"` - - // Text contains plain text content. - Text string `json:"text,omitempty"` - - // InlineData contains base64-encoded data with its MIME type (e.g., images). - InlineData *InlineData `json:"inlineData,omitempty"` - - // ThoughtSignature is a provider-required signature that accompanies certain parts. - ThoughtSignature string `json:"thoughtSignature,omitempty"` - - // FunctionCall represents a tool call requested by the model. - FunctionCall *FunctionCall `json:"functionCall,omitempty"` - - // FunctionResponse represents the result of a tool execution. - FunctionResponse *FunctionResponse `json:"functionResponse,omitempty"` -} - -// InlineData represents base64-encoded data with its MIME type. -// This is typically used for embedding images or other binary data in requests. -type InlineData struct { - // MimeType specifies the media type of the embedded data (e.g., "image/png"). - MimeType string `json:"mime_type,omitempty"` - - // Data contains the base64-encoded binary data. - Data string `json:"data,omitempty"` -} - -// FunctionCall represents a tool call requested by the model. -// It includes the function name and its arguments that the model wants to execute. -type FunctionCall struct { - // ID is the identifier of the function to be called. - ID string `json:"id,omitempty"` - - // Name is the identifier of the function to be called. - Name string `json:"name"` - - // Args contains the arguments to pass to the function. - Args map[string]interface{} `json:"args"` -} - -// FunctionResponse represents the result of a tool execution. -// This is sent back to the model after a tool call has been processed. -type FunctionResponse struct { - // ID is the identifier of the function to be called. - ID string `json:"id,omitempty"` - - // Name is the identifier of the function that was called. - Name string `json:"name"` - - // Response contains the result data from the function execution. - Response map[string]interface{} `json:"response"` -} - -// GenerateContentRequest is the top-level request structure for the streamGenerateContent endpoint. -// This structure defines all the parameters needed for generating content from an AI model. -type GenerateContentRequest struct { - // SystemInstruction provides system-level instructions that guide the model's behavior. - SystemInstruction *Content `json:"systemInstruction,omitempty"` - - // Contents is the conversation history between the user and the model. - Contents []Content `json:"contents"` - - // Tools defines the available tools/functions that the model can call. - Tools []ToolDeclaration `json:"tools,omitempty"` - - // GenerationConfig contains parameters that control the model's generation behavior. - GenerationConfig `json:"generationConfig"` -} - -// GenerationConfig defines parameters that control the model's generation behavior. -// These parameters affect the creativity, randomness, and reasoning of the model's responses. -type GenerationConfig struct { - // ThinkingConfig specifies configuration for the model's "thinking" process. - ThinkingConfig GenerationConfigThinkingConfig `json:"thinkingConfig,omitempty"` - - // Temperature controls the randomness of the model's responses. - // Values closer to 0 make responses more deterministic, while values closer to 1 increase randomness. - Temperature float64 `json:"temperature,omitempty"` - - // TopP controls nucleus sampling, which affects the diversity of responses. - // It limits the model to consider only the top P% of probability mass. - TopP float64 `json:"topP,omitempty"` - - // TopK limits the model to consider only the top K most likely tokens. - // This can help control the quality and diversity of generated text. - TopK float64 `json:"topK,omitempty"` -} - -// GenerationConfigThinkingConfig specifies configuration for the model's "thinking" process. -// This controls whether the model should output its reasoning process along with the final answer. -type GenerationConfigThinkingConfig struct { - // IncludeThoughts determines whether the model should output its reasoning process. - // When enabled, the model will include its step-by-step thinking in the response. - IncludeThoughts bool `json:"include_thoughts,omitempty"` -} - -// ToolDeclaration defines the structure for declaring tools (like functions) -// that the model can call during content generation. -type ToolDeclaration struct { - // FunctionDeclarations is a list of available functions that the model can call. - FunctionDeclarations []interface{} `json:"functionDeclarations"` -} diff --git a/internal/interfaces/error_message.go b/internal/interfaces/error_message.go deleted file mode 100644 index eecdc9cbe0..0000000000 --- a/internal/interfaces/error_message.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package interfaces defines the core interfaces and shared structures for the CLI Proxy API server. -// These interfaces provide a common contract for different components of the application, -// such as AI service clients, API handlers, and data models. -package interfaces - -import "net/http" - -// ErrorMessage encapsulates an error with an associated HTTP status code. -// This structure is used to provide detailed error information including -// both the HTTP status and the underlying error. -type ErrorMessage struct { - // StatusCode is the HTTP status code returned by the API. - StatusCode int - - // Error is the underlying error that occurred. - Error error - - // Addon contains additional headers to be added to the response. - Addon http.Header -} diff --git a/internal/interfaces/types.go b/internal/interfaces/types.go deleted file mode 100644 index 3155d73fca..0000000000 --- a/internal/interfaces/types.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package interfaces provides type aliases for backwards compatibility with translator functions. -// It defines common interface types used throughout the CLI Proxy API for request and response -// transformation operations, maintaining compatibility with the SDK translator package. -package interfaces - -import sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - -// Backwards compatible aliases for translator function types. -type TranslateRequestFunc = sdktranslator.RequestTransform - -type TranslateResponseFunc = sdktranslator.ResponseStreamTransform - -type TranslateResponseNonStreamFunc = sdktranslator.ResponseNonStreamTransform - -type TranslateResponse = sdktranslator.ResponseTransform diff --git a/internal/logging/gin_logger.go b/internal/logging/gin_logger.go deleted file mode 100644 index 771b58f327..0000000000 --- a/internal/logging/gin_logger.go +++ /dev/null @@ -1,150 +0,0 @@ -// Package logging provides Gin middleware for HTTP request logging and panic recovery. -// It integrates Gin web framework with logrus for structured logging of HTTP requests, -// responses, and error handling with panic recovery capabilities. -package logging - -import ( - "errors" - "fmt" - "net/http" - "runtime/debug" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" -) - -// aiAPIPrefixes defines path prefixes for AI API requests that should have request ID tracking. -var aiAPIPrefixes = []string{ - "/v1/chat/completions", - "/v1/completions", - "/v1/messages", - "/v1/responses", - "/v1beta/models/", - "/api/provider/", -} - -const skipGinLogKey = "__gin_skip_request_logging__" - -// GinLogrusLogger returns a Gin middleware handler that logs HTTP requests and responses -// using logrus. It captures request details including method, path, status code, latency, -// client IP, and any error messages. Request ID is only added for AI API requests. -// -// Output format (AI API): [2025-12-23 20:14:10] [info ] | a1b2c3d4 | 200 | 23.559s | ... -// Output format (others): [2025-12-23 20:14:10] [info ] | -------- | 200 | 23.559s | ... -// -// Returns: -// - gin.HandlerFunc: A middleware handler for request logging -func GinLogrusLogger() gin.HandlerFunc { - return func(c *gin.Context) { - start := time.Now() - path := c.Request.URL.Path - raw := util.MaskSensitiveQuery(c.Request.URL.RawQuery) - - // Only generate request ID for AI API paths - var requestID string - if isAIAPIPath(path) { - requestID = GenerateRequestID() - SetGinRequestID(c, requestID) - ctx := WithRequestID(c.Request.Context(), requestID) - c.Request = c.Request.WithContext(ctx) - } - - c.Next() - - if shouldSkipGinRequestLogging(c) { - return - } - - if raw != "" { - path = path + "?" + raw - } - - latency := time.Since(start) - if latency > time.Minute { - latency = latency.Truncate(time.Second) - } else { - latency = latency.Truncate(time.Millisecond) - } - - statusCode := c.Writer.Status() - clientIP := c.ClientIP() - method := c.Request.Method - errorMessage := c.Errors.ByType(gin.ErrorTypePrivate).String() - - if requestID == "" { - requestID = "--------" - } - logLine := fmt.Sprintf("%3d | %13v | %15s | %-7s \"%s\"", statusCode, latency, clientIP, method, path) - if errorMessage != "" { - logLine = logLine + " | " + errorMessage - } - - entry := log.WithField("request_id", requestID) - - switch { - case statusCode >= http.StatusInternalServerError: - entry.Error(logLine) - case statusCode >= http.StatusBadRequest: - entry.Warn(logLine) - default: - entry.Info(logLine) - } - } -} - -// isAIAPIPath checks if the given path is an AI API endpoint that should have request ID tracking. -func isAIAPIPath(path string) bool { - for _, prefix := range aiAPIPrefixes { - if strings.HasPrefix(path, prefix) { - return true - } - } - return false -} - -// GinLogrusRecovery returns a Gin middleware handler that recovers from panics and logs -// them using logrus. When a panic occurs, it captures the panic value, stack trace, -// and request path, then returns a 500 Internal Server Error response to the client. -// -// Returns: -// - gin.HandlerFunc: A middleware handler for panic recovery -func GinLogrusRecovery() gin.HandlerFunc { - return gin.CustomRecovery(func(c *gin.Context, recovered interface{}) { - if err, ok := recovered.(error); ok && errors.Is(err, http.ErrAbortHandler) { - // Let net/http handle ErrAbortHandler so the connection is aborted without noisy stack logs. - panic(http.ErrAbortHandler) - } - - log.WithFields(log.Fields{ - "panic": recovered, - "stack": string(debug.Stack()), - "path": c.Request.URL.Path, - }).Error("recovered from panic") - - c.AbortWithStatus(http.StatusInternalServerError) - }) -} - -// SkipGinRequestLogging marks the provided Gin context so that GinLogrusLogger -// will skip emitting a log line for the associated request. -func SkipGinRequestLogging(c *gin.Context) { - if c == nil { - return - } - c.Set(skipGinLogKey, true) -} - -func shouldSkipGinRequestLogging(c *gin.Context) bool { - if c == nil { - return false - } - val, exists := c.Get(skipGinLogKey) - if !exists { - return false - } - flag, ok := val.(bool) - return ok && flag -} diff --git a/internal/logging/gin_logger_test.go b/internal/logging/gin_logger_test.go deleted file mode 100644 index 7de1833865..0000000000 --- a/internal/logging/gin_logger_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package logging - -import ( - "errors" - "net/http" - "net/http/httptest" - "testing" - - "github.com/gin-gonic/gin" -) - -func TestGinLogrusRecoveryRepanicsErrAbortHandler(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusRecovery()) - engine.GET("/abort", func(c *gin.Context) { - panic(http.ErrAbortHandler) - }) - - req := httptest.NewRequest(http.MethodGet, "/abort", nil) - recorder := httptest.NewRecorder() - - defer func() { - recovered := recover() - if recovered == nil { - t.Fatalf("expected panic, got nil") - } - err, ok := recovered.(error) - if !ok { - t.Fatalf("expected error panic, got %T", recovered) - } - if !errors.Is(err, http.ErrAbortHandler) { - t.Fatalf("expected ErrAbortHandler, got %v", err) - } - if err != http.ErrAbortHandler { - t.Fatalf("expected exact ErrAbortHandler sentinel, got %v", err) - } - }() - - engine.ServeHTTP(recorder, req) -} - -func TestGinLogrusRecoveryHandlesRegularPanic(t *testing.T) { - gin.SetMode(gin.TestMode) - - engine := gin.New() - engine.Use(GinLogrusRecovery()) - engine.GET("/panic", func(c *gin.Context) { - panic("boom") - }) - - req := httptest.NewRequest(http.MethodGet, "/panic", nil) - recorder := httptest.NewRecorder() - - engine.ServeHTTP(recorder, req) - if recorder.Code != http.StatusInternalServerError { - t.Fatalf("expected 500, got %d", recorder.Code) - } -} diff --git a/internal/logging/global_logger.go b/internal/logging/global_logger.go deleted file mode 100644 index 1340548e75..0000000000 --- a/internal/logging/global_logger.go +++ /dev/null @@ -1,204 +0,0 @@ -package logging - -import ( - "bytes" - "fmt" - "io" - "os" - "path/filepath" - "strings" - "sync" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "gopkg.in/natefinch/lumberjack.v2" -) - -var ( - setupOnce sync.Once - writerMu sync.Mutex - logWriter *lumberjack.Logger - ginInfoWriter *io.PipeWriter - ginErrorWriter *io.PipeWriter -) - -// LogFormatter defines a custom log format for logrus. -// This formatter adds timestamp, level, request ID, and source location to each log entry. -// Format: [2025-12-23 20:14:04] [debug] [manager.go:524] | a1b2c3d4 | Use API key sk-9...0RHO for model gpt-5.2 -type LogFormatter struct{} - -// logFieldOrder defines the display order for common log fields. -var logFieldOrder = []string{"provider", "model", "mode", "budget", "level", "original_mode", "original_value", "min", "max", "clamped_to", "error"} - -// Format renders a single log entry with custom formatting. -func (m *LogFormatter) Format(entry *log.Entry) ([]byte, error) { - var buffer *bytes.Buffer - if entry.Buffer != nil { - buffer = entry.Buffer - } else { - buffer = &bytes.Buffer{} - } - - timestamp := entry.Time.Format("2006-01-02 15:04:05") - message := strings.TrimRight(entry.Message, "\r\n") - - reqID := "--------" - if id, ok := entry.Data["request_id"].(string); ok && id != "" { - reqID = id - } - - level := entry.Level.String() - if level == "warning" { - level = "warn" - } - levelStr := fmt.Sprintf("%-5s", level) - - // Build fields string (only print fields in logFieldOrder) - var fieldsStr string - if len(entry.Data) > 0 { - var fields []string - for _, k := range logFieldOrder { - if v, ok := entry.Data[k]; ok { - fields = append(fields, fmt.Sprintf("%s=%v", k, v)) - } - } - if len(fields) > 0 { - fieldsStr = " " + strings.Join(fields, " ") - } - } - - var formatted string - if entry.Caller != nil { - formatted = fmt.Sprintf("[%s] [%s] [%s] [%s:%d] %s%s\n", timestamp, reqID, levelStr, filepath.Base(entry.Caller.File), entry.Caller.Line, message, fieldsStr) - } else { - formatted = fmt.Sprintf("[%s] [%s] [%s] %s%s\n", timestamp, reqID, levelStr, message, fieldsStr) - } - buffer.WriteString(formatted) - - return buffer.Bytes(), nil -} - -// SetupBaseLogger configures the shared logrus instance and Gin writers. -// It is safe to call multiple times; initialization happens only once. -func SetupBaseLogger() { - setupOnce.Do(func() { - log.SetOutput(os.Stdout) - log.SetLevel(log.InfoLevel) - log.SetReportCaller(true) - log.SetFormatter(&LogFormatter{}) - - ginInfoWriter = log.StandardLogger().Writer() - gin.DefaultWriter = ginInfoWriter - ginErrorWriter = log.StandardLogger().WriterLevel(log.ErrorLevel) - gin.DefaultErrorWriter = ginErrorWriter - gin.DebugPrintFunc = func(format string, values ...interface{}) { - format = strings.TrimRight(format, "\r\n") - log.StandardLogger().Infof(format, values...) - } - - log.RegisterExitHandler(closeLogOutputs) - }) -} - -// isDirWritable checks if the specified directory exists and is writable by attempting to create and remove a test file. -func isDirWritable(dir string) bool { - info, err := os.Stat(dir) - if err != nil || !info.IsDir() { - return false - } - - testFile := filepath.Join(dir, ".perm_test") - f, err := os.Create(testFile) - if err != nil { - return false - } - - defer func() { - _ = f.Close() - _ = os.Remove(testFile) - }() - return true -} - -// ResolveLogDirectory determines the directory used for application logs. -func ResolveLogDirectory(cfg *config.Config) string { - logDir := "logs" - if base := util.WritablePath(); base != "" { - return filepath.Join(base, "logs") - } - if cfg == nil { - return logDir - } - if !isDirWritable(logDir) { - authDir, err := util.ResolveAuthDir(cfg.AuthDir) - if err != nil { - log.Warnf("Failed to resolve auth-dir %q for log directory: %v", cfg.AuthDir, err) - } - if authDir != "" { - logDir = filepath.Join(authDir, "logs") - } - } - return logDir -} - -// ConfigureLogOutput switches the global log destination between rotating files and stdout. -// When logsMaxTotalSizeMB > 0, a background cleaner removes the oldest log files in the logs directory -// until the total size is within the limit. -func ConfigureLogOutput(cfg *config.Config) error { - SetupBaseLogger() - - writerMu.Lock() - defer writerMu.Unlock() - - logDir := ResolveLogDirectory(cfg) - - protectedPath := "" - if cfg.LoggingToFile { - if err := os.MkdirAll(logDir, 0o755); err != nil { - return fmt.Errorf("logging: failed to create log directory: %w", err) - } - if logWriter != nil { - _ = logWriter.Close() - } - protectedPath = filepath.Join(logDir, "main.log") - logWriter = &lumberjack.Logger{ - Filename: protectedPath, - MaxSize: 10, - MaxBackups: 0, - MaxAge: 0, - Compress: false, - } - log.SetOutput(logWriter) - } else { - if logWriter != nil { - _ = logWriter.Close() - logWriter = nil - } - log.SetOutput(os.Stdout) - } - - configureLogDirCleanerLocked(logDir, cfg.LogsMaxTotalSizeMB, protectedPath) - return nil -} - -func closeLogOutputs() { - writerMu.Lock() - defer writerMu.Unlock() - - stopLogDirCleanerLocked() - - if logWriter != nil { - _ = logWriter.Close() - logWriter = nil - } - if ginInfoWriter != nil { - _ = ginInfoWriter.Close() - ginInfoWriter = nil - } - if ginErrorWriter != nil { - _ = ginErrorWriter.Close() - ginErrorWriter = nil - } -} diff --git a/internal/logging/log_dir_cleaner.go b/internal/logging/log_dir_cleaner.go deleted file mode 100644 index e563b381ce..0000000000 --- a/internal/logging/log_dir_cleaner.go +++ /dev/null @@ -1,166 +0,0 @@ -package logging - -import ( - "context" - "os" - "path/filepath" - "sort" - "strings" - "time" - - log "github.com/sirupsen/logrus" -) - -const logDirCleanerInterval = time.Minute - -var logDirCleanerCancel context.CancelFunc - -func configureLogDirCleanerLocked(logDir string, maxTotalSizeMB int, protectedPath string) { - stopLogDirCleanerLocked() - - if maxTotalSizeMB <= 0 { - return - } - - maxBytes := int64(maxTotalSizeMB) * 1024 * 1024 - if maxBytes <= 0 { - return - } - - dir := strings.TrimSpace(logDir) - if dir == "" { - return - } - - ctx, cancel := context.WithCancel(context.Background()) - logDirCleanerCancel = cancel - go runLogDirCleaner(ctx, filepath.Clean(dir), maxBytes, strings.TrimSpace(protectedPath)) -} - -func stopLogDirCleanerLocked() { - if logDirCleanerCancel == nil { - return - } - logDirCleanerCancel() - logDirCleanerCancel = nil -} - -func runLogDirCleaner(ctx context.Context, logDir string, maxBytes int64, protectedPath string) { - ticker := time.NewTicker(logDirCleanerInterval) - defer ticker.Stop() - - cleanOnce := func() { - deleted, errClean := enforceLogDirSizeLimit(logDir, maxBytes, protectedPath) - if errClean != nil { - log.WithError(errClean).Warn("logging: failed to enforce log directory size limit") - return - } - if deleted > 0 { - log.Debugf("logging: removed %d old log file(s) to enforce log directory size limit", deleted) - } - } - - cleanOnce() - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - cleanOnce() - } - } -} - -func enforceLogDirSizeLimit(logDir string, maxBytes int64, protectedPath string) (int, error) { - if maxBytes <= 0 { - return 0, nil - } - - dir := strings.TrimSpace(logDir) - if dir == "" { - return 0, nil - } - dir = filepath.Clean(dir) - - entries, errRead := os.ReadDir(dir) - if errRead != nil { - if os.IsNotExist(errRead) { - return 0, nil - } - return 0, errRead - } - - protected := strings.TrimSpace(protectedPath) - if protected != "" { - protected = filepath.Clean(protected) - } - - type logFile struct { - path string - size int64 - modTime time.Time - } - - var ( - files []logFile - total int64 - ) - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !isLogFileName(name) { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - continue - } - if !info.Mode().IsRegular() { - continue - } - path := filepath.Join(dir, name) - files = append(files, logFile{ - path: path, - size: info.Size(), - modTime: info.ModTime(), - }) - total += info.Size() - } - - if total <= maxBytes { - return 0, nil - } - - sort.Slice(files, func(i, j int) bool { - return files[i].modTime.Before(files[j].modTime) - }) - - deleted := 0 - for _, file := range files { - if total <= maxBytes { - break - } - if protected != "" && filepath.Clean(file.path) == protected { - continue - } - if errRemove := os.Remove(file.path); errRemove != nil { - log.WithError(errRemove).Warnf("logging: failed to remove old log file: %s", filepath.Base(file.path)) - continue - } - total -= file.size - deleted++ - } - - return deleted, nil -} - -func isLogFileName(name string) bool { - trimmed := strings.TrimSpace(name) - if trimmed == "" { - return false - } - lower := strings.ToLower(trimmed) - return strings.HasSuffix(lower, ".log") || strings.HasSuffix(lower, ".log.gz") -} diff --git a/internal/logging/log_dir_cleaner_test.go b/internal/logging/log_dir_cleaner_test.go deleted file mode 100644 index 3670da5083..0000000000 --- a/internal/logging/log_dir_cleaner_test.go +++ /dev/null @@ -1,70 +0,0 @@ -package logging - -import ( - "os" - "path/filepath" - "testing" - "time" -) - -func TestEnforceLogDirSizeLimitDeletesOldest(t *testing.T) { - dir := t.TempDir() - - writeLogFile(t, filepath.Join(dir, "old.log"), 60, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "mid.log"), 60, time.Unix(2, 0)) - protected := filepath.Join(dir, "main.log") - writeLogFile(t, protected, 60, time.Unix(3, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 120, protected) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(filepath.Join(dir, "old.log")); !os.IsNotExist(err) { - t.Fatalf("expected old.log to be removed, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "mid.log")); err != nil { - t.Fatalf("expected mid.log to remain, stat error: %v", err) - } - if _, err := os.Stat(protected); err != nil { - t.Fatalf("expected protected main.log to remain, stat error: %v", err) - } -} - -func TestEnforceLogDirSizeLimitSkipsProtected(t *testing.T) { - dir := t.TempDir() - - protected := filepath.Join(dir, "main.log") - writeLogFile(t, protected, 200, time.Unix(1, 0)) - writeLogFile(t, filepath.Join(dir, "other.log"), 50, time.Unix(2, 0)) - - deleted, err := enforceLogDirSizeLimit(dir, 100, protected) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if deleted != 1 { - t.Fatalf("expected 1 deleted file, got %d", deleted) - } - - if _, err := os.Stat(protected); err != nil { - t.Fatalf("expected protected main.log to remain, stat error: %v", err) - } - if _, err := os.Stat(filepath.Join(dir, "other.log")); !os.IsNotExist(err) { - t.Fatalf("expected other.log to be removed, stat error: %v", err) - } -} - -func writeLogFile(t *testing.T, path string, size int, modTime time.Time) { - t.Helper() - - data := make([]byte, size) - if err := os.WriteFile(path, data, 0o644); err != nil { - t.Fatalf("write file: %v", err) - } - if err := os.Chtimes(path, modTime, modTime); err != nil { - t.Fatalf("set times: %v", err) - } -} diff --git a/internal/logging/request_logger.go b/internal/logging/request_logger.go deleted file mode 100644 index 9a32d1e2d1..0000000000 --- a/internal/logging/request_logger.go +++ /dev/null @@ -1,1279 +0,0 @@ -// Package logging provides request logging functionality for the CLI Proxy API server. -// It handles capturing and storing detailed HTTP request and response data when enabled -// through configuration, supporting both regular and streaming responses. -package logging - -import ( - "bytes" - "compress/flate" - "compress/gzip" - "fmt" - "io" - "os" - "path/filepath" - "regexp" - "sort" - "strings" - "sync/atomic" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - log "github.com/sirupsen/logrus" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/buildinfo" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" -) - -var requestLogID atomic.Uint64 - -// RequestLogger defines the interface for logging HTTP requests and responses. -// It provides methods for logging both regular and streaming HTTP request/response cycles. -type RequestLogger interface { - // LogRequest logs a complete non-streaming request/response cycle. - // - // Parameters: - // - url: The request URL - // - method: The HTTP method - // - requestHeaders: The request headers - // - body: The request body - // - statusCode: The response status code - // - responseHeaders: The response headers - // - response: The raw response data - // - apiRequest: The API request data - // - apiResponse: The API response data - // - requestID: Optional request ID for log file naming - // - requestTimestamp: When the request was received - // - apiResponseTimestamp: When the API response was received - // - // Returns: - // - error: An error if logging fails, nil otherwise - LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error - - // LogStreamingRequest initiates logging for a streaming request and returns a writer for chunks. - // - // Parameters: - // - url: The request URL - // - method: The HTTP method - // - headers: The request headers - // - body: The request body - // - requestID: Optional request ID for log file naming - // - // Returns: - // - StreamingLogWriter: A writer for streaming response chunks - // - error: An error if logging initialization fails, nil otherwise - LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (StreamingLogWriter, error) - - // IsEnabled returns whether request logging is currently enabled. - // - // Returns: - // - bool: True if logging is enabled, false otherwise - IsEnabled() bool -} - -// StreamingLogWriter handles real-time logging of streaming response chunks. -// It provides methods for writing streaming response data asynchronously. -type StreamingLogWriter interface { - // WriteChunkAsync writes a response chunk asynchronously (non-blocking). - // - // Parameters: - // - chunk: The response chunk to write - WriteChunkAsync(chunk []byte) - - // WriteStatus writes the response status and headers to the log. - // - // Parameters: - // - status: The response status code - // - headers: The response headers - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteStatus(status int, headers map[string][]string) error - - // WriteAPIRequest writes the upstream API request details to the log. - // This should be called before WriteStatus to maintain proper log ordering. - // - // Parameters: - // - apiRequest: The API request data (typically includes URL, headers, body sent upstream) - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteAPIRequest(apiRequest []byte) error - - // WriteAPIResponse writes the upstream API response details to the log. - // This should be called after the streaming response is complete. - // - // Parameters: - // - apiResponse: The API response data - // - // Returns: - // - error: An error if writing fails, nil otherwise - WriteAPIResponse(apiResponse []byte) error - - // SetFirstChunkTimestamp sets the TTFB timestamp captured when first chunk was received. - // - // Parameters: - // - timestamp: The time when first response chunk was received - SetFirstChunkTimestamp(timestamp time.Time) - - // Close finalizes the log file and cleans up resources. - // - // Returns: - // - error: An error if closing fails, nil otherwise - Close() error -} - -// FileRequestLogger implements RequestLogger using file-based storage. -// It provides file-based logging functionality for HTTP requests and responses. -type FileRequestLogger struct { - // enabled indicates whether request logging is currently enabled. - enabled bool - - // logsDir is the directory where log files are stored. - logsDir string - - // errorLogsMaxFiles limits the number of error log files retained. - errorLogsMaxFiles int -} - -// NewFileRequestLogger creates a new file-based request logger. -// -// Parameters: -// - enabled: Whether request logging should be enabled -// - logsDir: The directory where log files should be stored (can be relative) -// - configDir: The directory of the configuration file; when logsDir is -// relative, it will be resolved relative to this directory -// - errorLogsMaxFiles: Maximum number of error log files to retain (0 = no cleanup) -// -// Returns: -// - *FileRequestLogger: A new file-based request logger instance -func NewFileRequestLogger(enabled bool, logsDir string, configDir string, errorLogsMaxFiles int) *FileRequestLogger { - // Resolve logsDir relative to the configuration file directory when it's not absolute. - if !filepath.IsAbs(logsDir) { - // If configDir is provided, resolve logsDir relative to it. - if configDir != "" { - logsDir = filepath.Join(configDir, logsDir) - } - } - return &FileRequestLogger{ - enabled: enabled, - logsDir: logsDir, - errorLogsMaxFiles: errorLogsMaxFiles, - } -} - -// NewFileRequestLoggerWithOptions creates a new file-based request logger with configurable error log retention. -func NewFileRequestLoggerWithOptions(enabled bool, logsDir string, configDir string, errorLogsMaxFiles int) *FileRequestLogger { - return NewFileRequestLogger(enabled, logsDir, configDir, errorLogsMaxFiles) -} - -// IsEnabled returns whether request logging is currently enabled. -// -// Returns: -// - bool: True if logging is enabled, false otherwise -func (l *FileRequestLogger) IsEnabled() bool { - return l.enabled -} - -// SetEnabled updates the request logging enabled state. -// This method allows dynamic enabling/disabling of request logging. -// -// Parameters: -// - enabled: Whether request logging should be enabled -func (l *FileRequestLogger) SetEnabled(enabled bool) { - l.enabled = enabled -} - -// SetErrorLogsMaxFiles updates the maximum number of error log files to retain. -func (l *FileRequestLogger) SetErrorLogsMaxFiles(maxFiles int) { - l.errorLogsMaxFiles = maxFiles -} - -// LogRequest logs a complete non-streaming request/response cycle to a file. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - requestHeaders: The request headers -// - body: The request body -// - statusCode: The response status code -// - responseHeaders: The response headers -// - response: The raw response data -// - apiRequest: The API request data -// - apiResponse: The API response data -// - requestID: Optional request ID for log file naming -// - requestTimestamp: When the request was received -// - apiResponseTimestamp: When the API response was received -// -// Returns: -// - error: An error if logging fails, nil otherwise -func (l *FileRequestLogger) LogRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - return l.logRequest(url, method, requestHeaders, body, statusCode, responseHeaders, response, apiRequest, apiResponse, apiResponseErrors, false, requestID, requestTimestamp, apiResponseTimestamp) -} - -// LogRequestWithOptions logs a request with optional forced logging behavior. -// The force flag allows writing error logs even when regular request logging is disabled. -func (l *FileRequestLogger) LogRequestWithOptions(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, force bool, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - return l.logRequest(url, method, requestHeaders, body, statusCode, responseHeaders, response, apiRequest, apiResponse, apiResponseErrors, force, requestID, requestTimestamp, apiResponseTimestamp) -} - -func (l *FileRequestLogger) logRequest(url, method string, requestHeaders map[string][]string, body []byte, statusCode int, responseHeaders map[string][]string, response, apiRequest, apiResponse []byte, apiResponseErrors []*interfaces.ErrorMessage, force bool, requestID string, requestTimestamp, apiResponseTimestamp time.Time) error { - if !l.enabled && !force { - return nil - } - - // Ensure logs directory exists - if errEnsure := l.ensureLogsDir(); errEnsure != nil { - return fmt.Errorf("failed to create logs directory: %w", errEnsure) - } - - // Generate filename with request ID - filename := l.generateFilename(url, requestID) - if force && !l.enabled { - filename = l.generateErrorFilename(url, requestID) - } - filePath := filepath.Join(l.logsDir, filename) - - requestBodyPath, errTemp := l.writeRequestBodyTempFile(body) - if errTemp != nil { - log.WithError(errTemp).Warn("failed to create request body temp file, falling back to direct write") - } - if requestBodyPath != "" { - defer func() { - if errRemove := os.Remove(requestBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove request body temp file") - } - }() - } - - responseToWrite, decompressErr := l.decompressResponse(responseHeaders, response) - if decompressErr != nil { - // If decompression fails, continue with original response and annotate the log output. - responseToWrite = response - } - - logFile, errOpen := os.OpenFile(filePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) - if errOpen != nil { - return fmt.Errorf("failed to create log file: %w", errOpen) - } - - writeErr := l.writeNonStreamingLog( - logFile, - url, - method, - requestHeaders, - body, - requestBodyPath, - apiRequest, - apiResponse, - apiResponseErrors, - statusCode, - responseHeaders, - responseToWrite, - decompressErr, - requestTimestamp, - apiResponseTimestamp, - ) - if errClose := logFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request log file") - if writeErr == nil { - return errClose - } - } - if writeErr != nil { - return fmt.Errorf("failed to write log file: %w", writeErr) - } - - if force && !l.enabled { - if errCleanup := l.cleanupOldErrorLogs(); errCleanup != nil { - log.WithError(errCleanup).Warn("failed to clean up old error logs") - } - } - - return nil -} - -// LogStreamingRequest initiates logging for a streaming request. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// - requestID: Optional request ID for log file naming -// -// Returns: -// - StreamingLogWriter: A writer for streaming response chunks -// - error: An error if logging initialization fails, nil otherwise -func (l *FileRequestLogger) LogStreamingRequest(url, method string, headers map[string][]string, body []byte, requestID string) (StreamingLogWriter, error) { - if !l.enabled { - return &NoOpStreamingLogWriter{}, nil - } - - // Ensure logs directory exists - if err := l.ensureLogsDir(); err != nil { - return nil, fmt.Errorf("failed to create logs directory: %w", err) - } - - // Generate filename with request ID - filename := l.generateFilename(url, requestID) - filePath := filepath.Join(l.logsDir, filename) - - requestHeaders := make(map[string][]string, len(headers)) - for key, values := range headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - requestHeaders[key] = headerValues - } - - requestBodyPath, errTemp := l.writeRequestBodyTempFile(body) - if errTemp != nil { - return nil, fmt.Errorf("failed to create request body temp file: %w", errTemp) - } - - responseBodyFile, errCreate := os.CreateTemp(l.logsDir, "response-body-*.tmp") - if errCreate != nil { - _ = os.Remove(requestBodyPath) - return nil, fmt.Errorf("failed to create response body temp file: %w", errCreate) - } - responseBodyPath := responseBodyFile.Name() - - // Create streaming writer - writer := &FileStreamingLogWriter{ - logFilePath: filePath, - url: url, - method: method, - timestamp: time.Now(), - requestHeaders: requestHeaders, - requestBodyPath: requestBodyPath, - responseBodyPath: responseBodyPath, - responseBodyFile: responseBodyFile, - chunkChan: make(chan []byte, 100), // Buffered channel for async writes - closeChan: make(chan struct{}), - errorChan: make(chan error, 1), - } - - // Start async writer goroutine - go writer.asyncWriter() - - return writer, nil -} - -// generateErrorFilename creates a filename with an error prefix to differentiate forced error logs. -func (l *FileRequestLogger) generateErrorFilename(url string, requestID ...string) string { - return fmt.Sprintf("error-%s", l.generateFilename(url, requestID...)) -} - -// ensureLogsDir creates the logs directory if it doesn't exist. -// -// Returns: -// - error: An error if directory creation fails, nil otherwise -func (l *FileRequestLogger) ensureLogsDir() error { - if _, err := os.Stat(l.logsDir); os.IsNotExist(err) { - return os.MkdirAll(l.logsDir, 0755) - } - return nil -} - -// generateFilename creates a sanitized filename from the URL path and current timestamp. -// Format: v1-responses-2025-12-23T195811-a1b2c3d4.log -// -// Parameters: -// - url: The request URL -// - requestID: Optional request ID to include in filename -// -// Returns: -// - string: A sanitized filename for the log file -func (l *FileRequestLogger) generateFilename(url string, requestID ...string) string { - // Extract path from URL - path := url - if strings.Contains(url, "?") { - path = strings.Split(url, "?")[0] - } - - // Remove leading slash - if strings.HasPrefix(path, "/") { - path = path[1:] - } - - // Sanitize path for filename - sanitized := l.sanitizeForFilename(path) - - // Add timestamp - timestamp := time.Now().Format("2006-01-02T150405") - - // Use request ID if provided, otherwise use sequential ID - var idPart string - if len(requestID) > 0 && requestID[0] != "" { - idPart = requestID[0] - } else { - id := requestLogID.Add(1) - idPart = fmt.Sprintf("%d", id) - } - - return fmt.Sprintf("%s-%s-%s.log", sanitized, timestamp, idPart) -} - -// sanitizeForFilename replaces characters that are not safe for filenames. -// -// Parameters: -// - path: The path to sanitize -// -// Returns: -// - string: A sanitized filename -func (l *FileRequestLogger) sanitizeForFilename(path string) string { - // Replace slashes with hyphens - sanitized := strings.ReplaceAll(path, "/", "-") - - // Replace colons with hyphens - sanitized = strings.ReplaceAll(sanitized, ":", "-") - - // Replace other problematic characters with hyphens - reg := regexp.MustCompile(`[<>:"|?*\s]`) - sanitized = reg.ReplaceAllString(sanitized, "-") - - // Remove multiple consecutive hyphens - reg = regexp.MustCompile(`-+`) - sanitized = reg.ReplaceAllString(sanitized, "-") - - // Remove leading/trailing hyphens - sanitized = strings.Trim(sanitized, "-") - - // Handle empty result - if sanitized == "" { - sanitized = "root" - } - - return sanitized -} - -// cleanupOldErrorLogs keeps only the newest errorLogsMaxFiles forced error log files. -func (l *FileRequestLogger) cleanupOldErrorLogs() error { - if l.errorLogsMaxFiles <= 0 { - return nil - } - - entries, errRead := os.ReadDir(l.logsDir) - if errRead != nil { - return errRead - } - - type logFile struct { - name string - modTime time.Time - } - - var files []logFile - for _, entry := range entries { - if entry.IsDir() { - continue - } - name := entry.Name() - if !strings.HasPrefix(name, "error-") || !strings.HasSuffix(name, ".log") { - continue - } - info, errInfo := entry.Info() - if errInfo != nil { - log.WithError(errInfo).Warn("failed to read error log info") - continue - } - files = append(files, logFile{name: name, modTime: info.ModTime()}) - } - - if len(files) <= l.errorLogsMaxFiles { - return nil - } - - sort.Slice(files, func(i, j int) bool { - return files[i].modTime.After(files[j].modTime) - }) - - for _, file := range files[l.errorLogsMaxFiles:] { - if errRemove := os.Remove(filepath.Join(l.logsDir, file.name)); errRemove != nil { - log.WithError(errRemove).Warnf("failed to remove old error log: %s", file.name) - } - } - - return nil -} - -func (l *FileRequestLogger) writeRequestBodyTempFile(body []byte) (string, error) { - tmpFile, errCreate := os.CreateTemp(l.logsDir, "request-body-*.tmp") - if errCreate != nil { - return "", errCreate - } - tmpPath := tmpFile.Name() - - if _, errCopy := io.Copy(tmpFile, bytes.NewReader(body)); errCopy != nil { - _ = tmpFile.Close() - _ = os.Remove(tmpPath) - return "", errCopy - } - if errClose := tmpFile.Close(); errClose != nil { - _ = os.Remove(tmpPath) - return "", errClose - } - return tmpPath, nil -} - -func (l *FileRequestLogger) writeNonStreamingLog( - w io.Writer, - url, method string, - requestHeaders map[string][]string, - requestBody []byte, - requestBodyPath string, - apiRequest []byte, - apiResponse []byte, - apiResponseErrors []*interfaces.ErrorMessage, - statusCode int, - responseHeaders map[string][]string, - response []byte, - decompressErr error, - requestTimestamp time.Time, - apiResponseTimestamp time.Time, -) error { - if requestTimestamp.IsZero() { - requestTimestamp = time.Now() - } - if errWrite := writeRequestInfoWithBody(w, url, method, requestHeaders, requestBody, requestBodyPath, requestTimestamp); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(w, "=== API REQUEST ===\n", "=== API REQUEST", apiRequest, time.Time{}); errWrite != nil { - return errWrite - } - if errWrite := writeAPIErrorResponses(w, apiResponseErrors); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(w, "=== API RESPONSE ===\n", "=== API RESPONSE", apiResponse, apiResponseTimestamp); errWrite != nil { - return errWrite - } - return writeResponseSection(w, statusCode, true, responseHeaders, bytes.NewReader(response), decompressErr, true) -} - -func writeRequestInfoWithBody( - w io.Writer, - url, method string, - headers map[string][]string, - body []byte, - bodyPath string, - timestamp time.Time, -) error { - if _, errWrite := io.WriteString(w, "=== REQUEST INFO ===\n"); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Version: %s\n", buildinfo.Version)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("URL: %s\n", url)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Method: %s\n", method)); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("Timestamp: %s\n", timestamp.Format(time.RFC3339Nano))); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "=== HEADERS ===\n"); errWrite != nil { - return errWrite - } - for key, values := range headers { - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - if _, errWrite := io.WriteString(w, fmt.Sprintf("%s: %s\n", key, masked)); errWrite != nil { - return errWrite - } - } - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "=== REQUEST BODY ===\n"); errWrite != nil { - return errWrite - } - - if bodyPath != "" { - bodyFile, errOpen := os.Open(bodyPath) - if errOpen != nil { - return errOpen - } - if _, errCopy := io.Copy(w, bodyFile); errCopy != nil { - _ = bodyFile.Close() - return errCopy - } - if errClose := bodyFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request body temp file") - } - } else if _, errWrite := w.Write(body); errWrite != nil { - return errWrite - } - - if _, errWrite := io.WriteString(w, "\n\n"); errWrite != nil { - return errWrite - } - return nil -} - -func writeAPISection(w io.Writer, sectionHeader string, sectionPrefix string, payload []byte, timestamp time.Time) error { - if len(payload) == 0 { - return nil - } - - if bytes.HasPrefix(payload, []byte(sectionPrefix)) { - if _, errWrite := w.Write(payload); errWrite != nil { - return errWrite - } - if !bytes.HasSuffix(payload, []byte("\n")) { - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - } else { - if _, errWrite := io.WriteString(w, sectionHeader); errWrite != nil { - return errWrite - } - if !timestamp.IsZero() { - if _, errWrite := io.WriteString(w, fmt.Sprintf("Timestamp: %s\n", timestamp.Format(time.RFC3339Nano))); errWrite != nil { - return errWrite - } - } - if _, errWrite := w.Write(payload); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - return nil -} - -func writeAPIErrorResponses(w io.Writer, apiResponseErrors []*interfaces.ErrorMessage) error { - for i := 0; i < len(apiResponseErrors); i++ { - if apiResponseErrors[i] == nil { - continue - } - if _, errWrite := io.WriteString(w, "=== API ERROR RESPONSE ===\n"); errWrite != nil { - return errWrite - } - if _, errWrite := io.WriteString(w, fmt.Sprintf("HTTP Status: %d\n", apiResponseErrors[i].StatusCode)); errWrite != nil { - return errWrite - } - if apiResponseErrors[i].Error != nil { - if _, errWrite := io.WriteString(w, apiResponseErrors[i].Error.Error()); errWrite != nil { - return errWrite - } - } - if _, errWrite := io.WriteString(w, "\n\n"); errWrite != nil { - return errWrite - } - } - return nil -} - -func writeResponseSection(w io.Writer, statusCode int, statusWritten bool, responseHeaders map[string][]string, responseReader io.Reader, decompressErr error, trailingNewline bool) error { - if _, errWrite := io.WriteString(w, "=== RESPONSE ===\n"); errWrite != nil { - return errWrite - } - if statusWritten { - if _, errWrite := io.WriteString(w, fmt.Sprintf("Status: %d\n", statusCode)); errWrite != nil { - return errWrite - } - } - - if responseHeaders != nil { - for key, values := range responseHeaders { - for _, value := range values { - if _, errWrite := io.WriteString(w, fmt.Sprintf("%s: %s\n", key, value)); errWrite != nil { - return errWrite - } - } - } - } - - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - - if responseReader != nil { - if _, errCopy := io.Copy(w, responseReader); errCopy != nil { - return errCopy - } - } - if decompressErr != nil { - if _, errWrite := io.WriteString(w, fmt.Sprintf("\n[DECOMPRESSION ERROR: %v]", decompressErr)); errWrite != nil { - return errWrite - } - } - - if trailingNewline { - if _, errWrite := io.WriteString(w, "\n"); errWrite != nil { - return errWrite - } - } - return nil -} - -// formatLogContent creates the complete log content for non-streaming requests. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// - apiRequest: The API request data -// - apiResponse: The API response data -// - response: The raw response data -// - status: The response status code -// - responseHeaders: The response headers -// -// Returns: -// - string: The formatted log content -func (l *FileRequestLogger) formatLogContent(url, method string, headers map[string][]string, body, apiRequest, apiResponse, response []byte, status int, responseHeaders map[string][]string, apiResponseErrors []*interfaces.ErrorMessage) string { - var content strings.Builder - - // Request info - content.WriteString(l.formatRequestInfo(url, method, headers, body)) - - if len(apiRequest) > 0 { - if bytes.HasPrefix(apiRequest, []byte("=== API REQUEST")) { - content.Write(apiRequest) - if !bytes.HasSuffix(apiRequest, []byte("\n")) { - content.WriteString("\n") - } - } else { - content.WriteString("=== API REQUEST ===\n") - content.Write(apiRequest) - content.WriteString("\n") - } - content.WriteString("\n") - } - - for i := 0; i < len(apiResponseErrors); i++ { - content.WriteString("=== API ERROR RESPONSE ===\n") - content.WriteString(fmt.Sprintf("HTTP Status: %d\n", apiResponseErrors[i].StatusCode)) - content.WriteString(apiResponseErrors[i].Error.Error()) - content.WriteString("\n\n") - } - - if len(apiResponse) > 0 { - if bytes.HasPrefix(apiResponse, []byte("=== API RESPONSE")) { - content.Write(apiResponse) - if !bytes.HasSuffix(apiResponse, []byte("\n")) { - content.WriteString("\n") - } - } else { - content.WriteString("=== API RESPONSE ===\n") - content.Write(apiResponse) - content.WriteString("\n") - } - content.WriteString("\n") - } - - // Response section - content.WriteString("=== RESPONSE ===\n") - content.WriteString(fmt.Sprintf("Status: %d\n", status)) - - if responseHeaders != nil { - for key, values := range responseHeaders { - for _, value := range values { - content.WriteString(fmt.Sprintf("%s: %s\n", key, value)) - } - } - } - - content.WriteString("\n") - content.Write(response) - content.WriteString("\n") - - return content.String() -} - -// decompressResponse decompresses response data based on Content-Encoding header. -// -// Parameters: -// - responseHeaders: The response headers -// - response: The response data to decompress -// -// Returns: -// - []byte: The decompressed response data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressResponse(responseHeaders map[string][]string, response []byte) ([]byte, error) { - if responseHeaders == nil || len(response) == 0 { - return response, nil - } - - // Check Content-Encoding header - var contentEncoding string - for key, values := range responseHeaders { - if strings.ToLower(key) == "content-encoding" && len(values) > 0 { - contentEncoding = strings.ToLower(values[0]) - break - } - } - - switch contentEncoding { - case "gzip": - return l.decompressGzip(response) - case "deflate": - return l.decompressDeflate(response) - case "br": - return l.decompressBrotli(response) - case "zstd": - return l.decompressZstd(response) - default: - // No compression or unsupported compression - return response, nil - } -} - -// decompressGzip decompresses gzip-encoded data. -// -// Parameters: -// - data: The gzip-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressGzip(data []byte) ([]byte, error) { - reader, err := gzip.NewReader(bytes.NewReader(data)) - if err != nil { - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - defer func() { - if errClose := reader.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close gzip reader in request logger") - } - }() - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress gzip data: %w", err) - } - - return decompressed, nil -} - -// decompressDeflate decompresses deflate-encoded data. -// -// Parameters: -// - data: The deflate-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressDeflate(data []byte) ([]byte, error) { - reader := flate.NewReader(bytes.NewReader(data)) - defer func() { - if errClose := reader.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close deflate reader in request logger") - } - }() - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress deflate data: %w", err) - } - - return decompressed, nil -} - -// decompressBrotli decompresses brotli-encoded data. -// -// Parameters: -// - data: The brotli-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressBrotli(data []byte) ([]byte, error) { - reader := brotli.NewReader(bytes.NewReader(data)) - - decompressed, err := io.ReadAll(reader) - if err != nil { - return nil, fmt.Errorf("failed to decompress brotli data: %w", err) - } - - return decompressed, nil -} - -// decompressZstd decompresses zstd-encoded data. -// -// Parameters: -// - data: The zstd-encoded data to decompress -// -// Returns: -// - []byte: The decompressed data -// - error: An error if decompression fails, nil otherwise -func (l *FileRequestLogger) decompressZstd(data []byte) ([]byte, error) { - decoder, err := zstd.NewReader(bytes.NewReader(data)) - if err != nil { - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - defer decoder.Close() - - decompressed, err := io.ReadAll(decoder) - if err != nil { - return nil, fmt.Errorf("failed to decompress zstd data: %w", err) - } - - return decompressed, nil -} - -// formatRequestInfo creates the request information section of the log. -// -// Parameters: -// - url: The request URL -// - method: The HTTP method -// - headers: The request headers -// - body: The request body -// -// Returns: -// - string: The formatted request information -func (l *FileRequestLogger) formatRequestInfo(url, method string, headers map[string][]string, body []byte) string { - var content strings.Builder - - content.WriteString("=== REQUEST INFO ===\n") - content.WriteString(fmt.Sprintf("Version: %s\n", buildinfo.Version)) - content.WriteString(fmt.Sprintf("URL: %s\n", url)) - content.WriteString(fmt.Sprintf("Method: %s\n", method)) - content.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano))) - content.WriteString("\n") - - content.WriteString("=== HEADERS ===\n") - for key, values := range headers { - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - content.WriteString(fmt.Sprintf("%s: %s\n", key, masked)) - } - } - content.WriteString("\n") - - content.WriteString("=== REQUEST BODY ===\n") - content.Write(body) - content.WriteString("\n\n") - - return content.String() -} - -// FileStreamingLogWriter implements StreamingLogWriter for file-based streaming logs. -// It spools streaming response chunks to a temporary file to avoid retaining large responses in memory. -// The final log file is assembled when Close is called. -type FileStreamingLogWriter struct { - // logFilePath is the final log file path. - logFilePath string - - // url is the request URL (masked upstream in middleware). - url string - - // method is the HTTP method. - method string - - // timestamp is captured when the streaming log is initialized. - timestamp time.Time - - // requestHeaders stores the request headers. - requestHeaders map[string][]string - - // requestBodyPath is a temporary file path holding the request body. - requestBodyPath string - - // responseBodyPath is a temporary file path holding the streaming response body. - responseBodyPath string - - // responseBodyFile is the temp file where chunks are appended by the async writer. - responseBodyFile *os.File - - // chunkChan is a channel for receiving response chunks to spool. - chunkChan chan []byte - - // closeChan is a channel for signaling when the writer is closed. - closeChan chan struct{} - - // errorChan is a channel for reporting errors during writing. - errorChan chan error - - // responseStatus stores the HTTP status code. - responseStatus int - - // statusWritten indicates whether a non-zero status was recorded. - statusWritten bool - - // responseHeaders stores the response headers. - responseHeaders map[string][]string - - // apiRequest stores the upstream API request data. - apiRequest []byte - - // apiResponse stores the upstream API response data. - apiResponse []byte - - // apiResponseTimestamp captures when the API response was received. - apiResponseTimestamp time.Time -} - -// WriteChunkAsync writes a response chunk asynchronously (non-blocking). -// -// Parameters: -// - chunk: The response chunk to write -func (w *FileStreamingLogWriter) WriteChunkAsync(chunk []byte) { - if w.chunkChan == nil { - return - } - - // Make a copy of the chunk to avoid data races - chunkCopy := make([]byte, len(chunk)) - copy(chunkCopy, chunk) - - // Non-blocking send - select { - case w.chunkChan <- chunkCopy: - default: - // Channel is full, skip this chunk to avoid blocking - } -} - -// WriteStatus buffers the response status and headers for later writing. -// -// Parameters: -// - status: The response status code -// - headers: The response headers -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteStatus(status int, headers map[string][]string) error { - if status == 0 { - return nil - } - - w.responseStatus = status - if headers != nil { - w.responseHeaders = make(map[string][]string, len(headers)) - for key, values := range headers { - headerValues := make([]string, len(values)) - copy(headerValues, values) - w.responseHeaders[key] = headerValues - } - } - w.statusWritten = true - return nil -} - -// WriteAPIRequest buffers the upstream API request details for later writing. -// -// Parameters: -// - apiRequest: The API request data (typically includes URL, headers, body sent upstream) -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteAPIRequest(apiRequest []byte) error { - if len(apiRequest) == 0 { - return nil - } - w.apiRequest = bytes.Clone(apiRequest) - return nil -} - -// WriteAPIResponse buffers the upstream API response details for later writing. -// -// Parameters: -// - apiResponse: The API response data -// -// Returns: -// - error: Always returns nil (buffering cannot fail) -func (w *FileStreamingLogWriter) WriteAPIResponse(apiResponse []byte) error { - if len(apiResponse) == 0 { - return nil - } - w.apiResponse = bytes.Clone(apiResponse) - return nil -} - -func (w *FileStreamingLogWriter) SetFirstChunkTimestamp(timestamp time.Time) { - if !timestamp.IsZero() { - w.apiResponseTimestamp = timestamp - } -} - -// Close finalizes the log file and cleans up resources. -// It writes all buffered data to the file in the correct order: -// API REQUEST -> API RESPONSE -> RESPONSE (status, headers, body chunks) -// -// Returns: -// - error: An error if closing fails, nil otherwise -func (w *FileStreamingLogWriter) Close() error { - if w.chunkChan != nil { - close(w.chunkChan) - } - - // Wait for async writer to finish spooling chunks - if w.closeChan != nil { - <-w.closeChan - w.chunkChan = nil - } - - select { - case errWrite := <-w.errorChan: - w.cleanupTempFiles() - return errWrite - default: - } - - if w.logFilePath == "" { - w.cleanupTempFiles() - return nil - } - - logFile, errOpen := os.OpenFile(w.logFilePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) - if errOpen != nil { - w.cleanupTempFiles() - return fmt.Errorf("failed to create log file: %w", errOpen) - } - - writeErr := w.writeFinalLog(logFile) - if errClose := logFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close request log file") - if writeErr == nil { - writeErr = errClose - } - } - - w.cleanupTempFiles() - return writeErr -} - -// asyncWriter runs in a goroutine to buffer chunks from the channel. -// It continuously reads chunks from the channel and appends them to a temp file for later assembly. -func (w *FileStreamingLogWriter) asyncWriter() { - defer close(w.closeChan) - - for chunk := range w.chunkChan { - if w.responseBodyFile == nil { - continue - } - if _, errWrite := w.responseBodyFile.Write(chunk); errWrite != nil { - select { - case w.errorChan <- errWrite: - default: - } - if errClose := w.responseBodyFile.Close(); errClose != nil { - select { - case w.errorChan <- errClose: - default: - } - } - w.responseBodyFile = nil - } - } - - if w.responseBodyFile == nil { - return - } - if errClose := w.responseBodyFile.Close(); errClose != nil { - select { - case w.errorChan <- errClose: - default: - } - } - w.responseBodyFile = nil -} - -func (w *FileStreamingLogWriter) writeFinalLog(logFile *os.File) error { - if errWrite := writeRequestInfoWithBody(logFile, w.url, w.method, w.requestHeaders, nil, w.requestBodyPath, w.timestamp); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(logFile, "=== API REQUEST ===\n", "=== API REQUEST", w.apiRequest, time.Time{}); errWrite != nil { - return errWrite - } - if errWrite := writeAPISection(logFile, "=== API RESPONSE ===\n", "=== API RESPONSE", w.apiResponse, w.apiResponseTimestamp); errWrite != nil { - return errWrite - } - - responseBodyFile, errOpen := os.Open(w.responseBodyPath) - if errOpen != nil { - return errOpen - } - defer func() { - if errClose := responseBodyFile.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close response body temp file") - } - }() - - return writeResponseSection(logFile, w.responseStatus, w.statusWritten, w.responseHeaders, responseBodyFile, nil, false) -} - -func (w *FileStreamingLogWriter) cleanupTempFiles() { - if w.requestBodyPath != "" { - if errRemove := os.Remove(w.requestBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove request body temp file") - } - w.requestBodyPath = "" - } - - if w.responseBodyPath != "" { - if errRemove := os.Remove(w.responseBodyPath); errRemove != nil { - log.WithError(errRemove).Warn("failed to remove response body temp file") - } - w.responseBodyPath = "" - } -} - -// NoOpStreamingLogWriter is a no-operation implementation for when logging is disabled. -// It implements the StreamingLogWriter interface but performs no actual logging operations. -type NoOpStreamingLogWriter struct{} - -// WriteChunkAsync is a no-op implementation that does nothing. -// -// Parameters: -// - chunk: The response chunk (ignored) -func (w *NoOpStreamingLogWriter) WriteChunkAsync(_ []byte) {} - -// WriteStatus is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - status: The response status code (ignored) -// - headers: The response headers (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteStatus(_ int, _ map[string][]string) error { - return nil -} - -// WriteAPIRequest is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - apiRequest: The API request data (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteAPIRequest(_ []byte) error { - return nil -} - -// WriteAPIResponse is a no-op implementation that does nothing and always returns nil. -// -// Parameters: -// - apiResponse: The API response data (ignored) -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) WriteAPIResponse(_ []byte) error { - return nil -} - -func (w *NoOpStreamingLogWriter) SetFirstChunkTimestamp(_ time.Time) {} - -// Close is a no-op implementation that does nothing and always returns nil. -// -// Returns: -// - error: Always returns nil -func (w *NoOpStreamingLogWriter) Close() error { return nil } diff --git a/internal/logging/requestid.go b/internal/logging/requestid.go deleted file mode 100644 index 8bd045d114..0000000000 --- a/internal/logging/requestid.go +++ /dev/null @@ -1,61 +0,0 @@ -package logging - -import ( - "context" - "crypto/rand" - "encoding/hex" - - "github.com/gin-gonic/gin" -) - -// requestIDKey is the context key for storing/retrieving request IDs. -type requestIDKey struct{} - -// ginRequestIDKey is the Gin context key for request IDs. -const ginRequestIDKey = "__request_id__" - -// GenerateRequestID creates a new 8-character hex request ID. -func GenerateRequestID() string { - b := make([]byte, 4) - if _, err := rand.Read(b); err != nil { - return "00000000" - } - return hex.EncodeToString(b) -} - -// WithRequestID returns a new context with the request ID attached. -func WithRequestID(ctx context.Context, requestID string) context.Context { - return context.WithValue(ctx, requestIDKey{}, requestID) -} - -// GetRequestID retrieves the request ID from the context. -// Returns empty string if not found. -func GetRequestID(ctx context.Context) string { - if ctx == nil { - return "" - } - if id, ok := ctx.Value(requestIDKey{}).(string); ok { - return id - } - return "" -} - -// SetGinRequestID stores the request ID in the Gin context. -func SetGinRequestID(c *gin.Context, requestID string) { - if c != nil { - c.Set(ginRequestIDKey, requestID) - } -} - -// GetGinRequestID retrieves the request ID from the Gin context. -func GetGinRequestID(c *gin.Context) string { - if c == nil { - return "" - } - if id, exists := c.Get(ginRequestIDKey); exists { - if s, ok := id.(string); ok { - return s - } - } - return "" -} diff --git a/internal/managementasset/updater.go b/internal/managementasset/updater.go deleted file mode 100644 index 99bc39f808..0000000000 --- a/internal/managementasset/updater.go +++ /dev/null @@ -1,463 +0,0 @@ -package managementasset - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - sdkconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" - "golang.org/x/sync/singleflight" -) - -const ( - defaultManagementReleaseURL = "https://api.github.com/repos/router-for-me/Cli-Proxy-API-Management-Center/releases/latest" - defaultManagementFallbackURL = "https://cpamc.router-for.me/" - managementAssetName = "management.html" - httpUserAgent = "CLIProxyAPI-management-updater" - managementSyncMinInterval = 30 * time.Second - updateCheckInterval = 3 * time.Hour -) - -// ManagementFileName exposes the control panel asset filename. -const ManagementFileName = managementAssetName - -var ( - lastUpdateCheckMu sync.Mutex - lastUpdateCheckTime time.Time - currentConfigPtr atomic.Pointer[config.Config] - schedulerOnce sync.Once - schedulerConfigPath atomic.Value - sfGroup singleflight.Group -) - -// SetCurrentConfig stores the latest configuration snapshot for management asset decisions. -func SetCurrentConfig(cfg *config.Config) { - if cfg == nil { - currentConfigPtr.Store(nil) - return - } - currentConfigPtr.Store(cfg) -} - -// StartAutoUpdater launches a background goroutine that periodically ensures the management asset is up to date. -// It respects the disable-control-panel flag on every iteration and supports hot-reloaded configurations. -func StartAutoUpdater(ctx context.Context, configFilePath string) { - configFilePath = strings.TrimSpace(configFilePath) - if configFilePath == "" { - log.Debug("management asset auto-updater skipped: empty config path") - return - } - - schedulerConfigPath.Store(configFilePath) - - schedulerOnce.Do(func() { - go runAutoUpdater(ctx) - }) -} - -func runAutoUpdater(ctx context.Context) { - if ctx == nil { - ctx = context.Background() - } - - ticker := time.NewTicker(updateCheckInterval) - defer ticker.Stop() - - runOnce := func() { - cfg := currentConfigPtr.Load() - if cfg == nil { - log.Debug("management asset auto-updater skipped: config not yet available") - return - } - if cfg.RemoteManagement.DisableControlPanel { - log.Debug("management asset auto-updater skipped: control panel disabled") - return - } - - configPath, _ := schedulerConfigPath.Load().(string) - staticDir := StaticDir(configPath) - EnsureLatestManagementHTML(ctx, staticDir, cfg.ProxyURL, cfg.RemoteManagement.PanelGitHubRepository) - } - - runOnce() - - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - runOnce() - } - } -} - -func newHTTPClient(proxyURL string) *http.Client { - client := &http.Client{Timeout: 15 * time.Second} - - sdkCfg := &sdkconfig.SDKConfig{ProxyURL: strings.TrimSpace(proxyURL)} - util.SetProxy(sdkCfg, client) - - return client -} - -type releaseAsset struct { - Name string `json:"name"` - BrowserDownloadURL string `json:"browser_download_url"` - Digest string `json:"digest"` -} - -type releaseResponse struct { - Assets []releaseAsset `json:"assets"` -} - -// StaticDir resolves the directory that stores the management control panel asset. -func StaticDir(configFilePath string) string { - if override := strings.TrimSpace(os.Getenv("MANAGEMENT_STATIC_PATH")); override != "" { - cleaned := filepath.Clean(override) - if strings.EqualFold(filepath.Base(cleaned), managementAssetName) { - return filepath.Dir(cleaned) - } - return cleaned - } - - if writable := util.WritablePath(); writable != "" { - return filepath.Join(writable, "static") - } - - configFilePath = strings.TrimSpace(configFilePath) - if configFilePath == "" { - return "" - } - - base := filepath.Dir(configFilePath) - fileInfo, err := os.Stat(configFilePath) - if err == nil { - if fileInfo.IsDir() { - base = configFilePath - } - } - - return filepath.Join(base, "static") -} - -// FilePath resolves the absolute path to the management control panel asset. -func FilePath(configFilePath string) string { - if override := strings.TrimSpace(os.Getenv("MANAGEMENT_STATIC_PATH")); override != "" { - cleaned := filepath.Clean(override) - if strings.EqualFold(filepath.Base(cleaned), managementAssetName) { - return cleaned - } - return filepath.Join(cleaned, ManagementFileName) - } - - dir := StaticDir(configFilePath) - if dir == "" { - return "" - } - return filepath.Join(dir, ManagementFileName) -} - -// EnsureLatestManagementHTML checks the latest management.html asset and updates the local copy when needed. -// It coalesces concurrent sync attempts and returns whether the asset exists after the sync attempt. -func EnsureLatestManagementHTML(ctx context.Context, staticDir string, proxyURL string, panelRepository string) bool { - if ctx == nil { - ctx = context.Background() - } - - staticDir = strings.TrimSpace(staticDir) - if staticDir == "" { - log.Debug("management asset sync skipped: empty static directory") - return false - } - localPath := filepath.Join(staticDir, managementAssetName) - - _, _, _ = sfGroup.Do(localPath, func() (interface{}, error) { - lastUpdateCheckMu.Lock() - now := time.Now() - timeSinceLastAttempt := now.Sub(lastUpdateCheckTime) - if !lastUpdateCheckTime.IsZero() && timeSinceLastAttempt < managementSyncMinInterval { - lastUpdateCheckMu.Unlock() - log.Debugf( - "management asset sync skipped by throttle: last attempt %v ago (interval %v)", - timeSinceLastAttempt.Round(time.Second), - managementSyncMinInterval, - ) - return nil, nil - } - lastUpdateCheckTime = now - lastUpdateCheckMu.Unlock() - - localFileMissing := false - if _, errStat := os.Stat(localPath); errStat != nil { - if errors.Is(errStat, os.ErrNotExist) { - localFileMissing = true - } else { - log.WithError(errStat).Debug("failed to stat local management asset") - } - } - - if errMkdirAll := os.MkdirAll(staticDir, 0o755); errMkdirAll != nil { - log.WithError(errMkdirAll).Warn("failed to prepare static directory for management asset") - return nil, nil - } - - releaseURL := resolveReleaseURL(panelRepository) - client := newHTTPClient(proxyURL) - - localHash, err := fileSHA256(localPath) - if err != nil { - if !errors.Is(err, os.ErrNotExist) { - log.WithError(err).Debug("failed to read local management asset hash") - } - localHash = "" - } - - asset, remoteHash, err := fetchLatestAsset(ctx, client, releaseURL) - if err != nil { - if localFileMissing { - log.WithError(err).Warn("failed to fetch latest management release information, trying fallback page") - if ensureFallbackManagementHTML(ctx, client, localPath) { - return nil, nil - } - return nil, nil - } - log.WithError(err).Warn("failed to fetch latest management release information") - return nil, nil - } - - if remoteHash != "" && localHash != "" && strings.EqualFold(remoteHash, localHash) { - log.Debug("management asset is already up to date") - return nil, nil - } - - data, downloadedHash, err := downloadAsset(ctx, client, asset.BrowserDownloadURL) - if err != nil { - if localFileMissing { - log.WithError(err).Warn("failed to download management asset, trying fallback page") - if ensureFallbackManagementHTML(ctx, client, localPath) { - return nil, nil - } - return nil, nil - } - log.WithError(err).Warn("failed to download management asset") - return nil, nil - } - - if remoteHash != "" && !strings.EqualFold(remoteHash, downloadedHash) { - log.Warnf("remote digest mismatch for management asset: expected %s got %s", remoteHash, downloadedHash) - } - - if err = atomicWriteFile(localPath, data); err != nil { - log.WithError(err).Warn("failed to update management asset on disk") - return nil, nil - } - - log.Infof("management asset updated successfully (hash=%s)", downloadedHash) - return nil, nil - }) - - _, err := os.Stat(localPath) - return err == nil -} - -func ensureFallbackManagementHTML(ctx context.Context, client *http.Client, localPath string) bool { - data, downloadedHash, err := downloadAsset(ctx, client, defaultManagementFallbackURL) - if err != nil { - log.WithError(err).Warn("failed to download fallback management control panel page") - return false - } - - if err = atomicWriteFile(localPath, data); err != nil { - log.WithError(err).Warn("failed to persist fallback management control panel page") - return false - } - - log.Infof("management asset updated from fallback page successfully (hash=%s)", downloadedHash) - return true -} - -func resolveReleaseURL(repo string) string { - repo = strings.TrimSpace(repo) - if repo == "" { - return defaultManagementReleaseURL - } - - parsed, err := url.Parse(repo) - if err != nil || parsed.Host == "" { - return defaultManagementReleaseURL - } - - host := strings.ToLower(parsed.Host) - parsed.Path = strings.TrimSuffix(parsed.Path, "/") - - if host == "api.github.com" { - if !strings.HasSuffix(strings.ToLower(parsed.Path), "/releases/latest") { - parsed.Path = parsed.Path + "/releases/latest" - } - return parsed.String() - } - - if host == "github.com" { - parts := strings.Split(strings.Trim(parsed.Path, "/"), "/") - if len(parts) >= 2 && parts[0] != "" && parts[1] != "" { - repoName := strings.TrimSuffix(parts[1], ".git") - return fmt.Sprintf("https://api.github.com/repos/%s/%s/releases/latest", parts[0], repoName) - } - } - - return defaultManagementReleaseURL -} - -func fetchLatestAsset(ctx context.Context, client *http.Client, releaseURL string) (*releaseAsset, string, error) { - if strings.TrimSpace(releaseURL) == "" { - releaseURL = defaultManagementReleaseURL - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, releaseURL, nil) - if err != nil { - return nil, "", fmt.Errorf("create release request: %w", err) - } - req.Header.Set("Accept", "application/vnd.github+json") - req.Header.Set("User-Agent", httpUserAgent) - gitURL := strings.ToLower(strings.TrimSpace(os.Getenv("GITSTORE_GIT_URL"))) - if tok := strings.TrimSpace(os.Getenv("GITSTORE_GIT_TOKEN")); tok != "" && strings.Contains(gitURL, "github.com") { - req.Header.Set("Authorization", "Bearer "+tok) - } - - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("execute release request: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - return nil, "", fmt.Errorf("unexpected release status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - var release releaseResponse - if err = json.NewDecoder(resp.Body).Decode(&release); err != nil { - return nil, "", fmt.Errorf("decode release response: %w", err) - } - - for i := range release.Assets { - asset := &release.Assets[i] - if strings.EqualFold(asset.Name, managementAssetName) { - remoteHash := parseDigest(asset.Digest) - return asset, remoteHash, nil - } - } - - return nil, "", fmt.Errorf("management asset %s not found in latest release", managementAssetName) -} - -func downloadAsset(ctx context.Context, client *http.Client, downloadURL string) ([]byte, string, error) { - if strings.TrimSpace(downloadURL) == "" { - return nil, "", fmt.Errorf("empty download url") - } - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, nil) - if err != nil { - return nil, "", fmt.Errorf("create download request: %w", err) - } - req.Header.Set("User-Agent", httpUserAgent) - - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("execute download request: %w", err) - } - defer func() { - _ = resp.Body.Close() - }() - - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - return nil, "", fmt.Errorf("unexpected download status %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil, "", fmt.Errorf("read download body: %w", err) - } - - sum := sha256.Sum256(data) - return data, hex.EncodeToString(sum[:]), nil -} - -func fileSHA256(path string) (string, error) { - file, err := os.Open(path) - if err != nil { - return "", err - } - defer func() { - _ = file.Close() - }() - - h := sha256.New() - if _, err = io.Copy(h, file); err != nil { - return "", err - } - - return hex.EncodeToString(h.Sum(nil)), nil -} - -func atomicWriteFile(path string, data []byte) error { - tmpFile, err := os.CreateTemp(filepath.Dir(path), "management-*.html") - if err != nil { - return err - } - - tmpName := tmpFile.Name() - defer func() { - _ = tmpFile.Close() - _ = os.Remove(tmpName) - }() - - if _, err = tmpFile.Write(data); err != nil { - return err - } - - if err = tmpFile.Chmod(0o644); err != nil { - return err - } - - if err = tmpFile.Close(); err != nil { - return err - } - - if err = os.Rename(tmpName, path); err != nil { - return err - } - - return nil -} - -func parseDigest(digest string) string { - digest = strings.TrimSpace(digest) - if digest == "" { - return "" - } - - if idx := strings.Index(digest, ":"); idx >= 0 { - digest = digest[idx+1:] - } - - return strings.ToLower(strings.TrimSpace(digest)) -} diff --git a/internal/misc/claude_code_instructions.go b/internal/misc/claude_code_instructions.go deleted file mode 100644 index 329fc16f87..0000000000 --- a/internal/misc/claude_code_instructions.go +++ /dev/null @@ -1,13 +0,0 @@ -// Package misc provides miscellaneous utility functions and embedded data for the CLI Proxy API. -// This package contains general-purpose helpers and embedded resources that do not fit into -// more specific domain packages. It includes embedded instructional text for Claude Code-related operations. -package misc - -import _ "embed" - -// ClaudeCodeInstructions holds the content of the claude_code_instructions.txt file, -// which is embedded into the application binary at compile time. This variable -// contains specific instructions for Claude Code model interactions and code generation guidance. -// -//go:embed claude_code_instructions.txt -var ClaudeCodeInstructions string diff --git a/internal/misc/claude_code_instructions.txt b/internal/misc/claude_code_instructions.txt deleted file mode 100644 index 25bf2ab720..0000000000 --- a/internal/misc/claude_code_instructions.txt +++ /dev/null @@ -1 +0,0 @@ -[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude.","cache_control":{"type":"ephemeral"}}] \ No newline at end of file diff --git a/internal/misc/copy-example-config.go b/internal/misc/copy-example-config.go deleted file mode 100644 index 61a25fe449..0000000000 --- a/internal/misc/copy-example-config.go +++ /dev/null @@ -1,40 +0,0 @@ -package misc - -import ( - "io" - "os" - "path/filepath" - - log "github.com/sirupsen/logrus" -) - -func CopyConfigTemplate(src, dst string) error { - in, err := os.Open(src) - if err != nil { - return err - } - defer func() { - if errClose := in.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close source config file") - } - }() - - if err = os.MkdirAll(filepath.Dir(dst), 0o700); err != nil { - return err - } - - out, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600) - if err != nil { - return err - } - defer func() { - if errClose := out.Close(); errClose != nil { - log.WithError(errClose).Warn("failed to close destination config file") - } - }() - - if _, err = io.Copy(out, in); err != nil { - return err - } - return out.Sync() -} diff --git a/internal/misc/credentials.go b/internal/misc/credentials.go deleted file mode 100644 index 6b4f9ced43..0000000000 --- a/internal/misc/credentials.go +++ /dev/null @@ -1,61 +0,0 @@ -package misc - -import ( - "encoding/json" - "fmt" - "path/filepath" - "strings" - - log "github.com/sirupsen/logrus" -) - -// Separator used to visually group related log lines. -var credentialSeparator = strings.Repeat("-", 67) - -// LogSavingCredentials emits a consistent log message when persisting auth material. -func LogSavingCredentials(path string) { - if path == "" { - return - } - // Use filepath.Clean so logs remain stable even if callers pass redundant separators. - fmt.Printf("Saving credentials to %s\n", filepath.Clean(path)) -} - -// LogCredentialSeparator adds a visual separator to group auth/key processing logs. -func LogCredentialSeparator() { - log.Debug(credentialSeparator) -} - -// MergeMetadata serializes the source struct into a map and merges the provided metadata into it. -func MergeMetadata(source any, metadata map[string]any) (map[string]any, error) { - var data map[string]any - - // Fast path: if source is already a map, just copy it to avoid mutation of original - if srcMap, ok := source.(map[string]any); ok { - data = make(map[string]any, len(srcMap)+len(metadata)) - for k, v := range srcMap { - data[k] = v - } - } else { - // Slow path: marshal to JSON and back to map to respect JSON tags - temp, err := json.Marshal(source) - if err != nil { - return nil, fmt.Errorf("failed to marshal source: %w", err) - } - if err := json.Unmarshal(temp, &data); err != nil { - return nil, fmt.Errorf("failed to unmarshal to map: %w", err) - } - } - - // Merge extra metadata - if metadata != nil { - if data == nil { - data = make(map[string]any) - } - for k, v := range metadata { - data[k] = v - } - } - - return data, nil -} diff --git a/internal/misc/header_utils.go b/internal/misc/header_utils.go deleted file mode 100644 index c6279a4cb1..0000000000 --- a/internal/misc/header_utils.go +++ /dev/null @@ -1,37 +0,0 @@ -// Package misc provides miscellaneous utility functions for the CLI Proxy API server. -// It includes helper functions for HTTP header manipulation and other common operations -// that don't fit into more specific packages. -package misc - -import ( - "net/http" - "strings" -) - -// EnsureHeader ensures that a header exists in the target header map by checking -// multiple sources in order of priority: source headers, existing target headers, -// and finally the default value. It only sets the header if it's not already present -// and the value is not empty after trimming whitespace. -// -// Parameters: -// - target: The target header map to modify -// - source: The source header map to check first (can be nil) -// - key: The header key to ensure -// - defaultValue: The default value to use if no other source provides a value -func EnsureHeader(target http.Header, source http.Header, key, defaultValue string) { - if target == nil { - return - } - if source != nil { - if val := strings.TrimSpace(source.Get(key)); val != "" { - target.Set(key, val) - return - } - } - if strings.TrimSpace(target.Get(key)) != "" { - return - } - if val := strings.TrimSpace(defaultValue); val != "" { - target.Set(key, val) - } -} diff --git a/internal/misc/mime-type.go b/internal/misc/mime-type.go deleted file mode 100644 index 6c7fcafd60..0000000000 --- a/internal/misc/mime-type.go +++ /dev/null @@ -1,743 +0,0 @@ -// Package misc provides miscellaneous utility functions and embedded data for the CLI Proxy API. -// This package contains general-purpose helpers and embedded resources that do not fit into -// more specific domain packages. It includes a comprehensive MIME type mapping for file operations. -package misc - -// MimeTypes is a comprehensive map of file extensions to their corresponding MIME types. -// This map is used to determine the Content-Type header for file uploads and other -// operations where the MIME type needs to be identified from a file extension. -// The list is extensive to cover a wide range of common and uncommon file formats. -var MimeTypes = map[string]string{ - "ez": "application/andrew-inset", - "aw": "application/applixware", - "atom": "application/atom+xml", - "atomcat": "application/atomcat+xml", - "atomsvc": "application/atomsvc+xml", - "ccxml": "application/ccxml+xml", - "cdmia": "application/cdmi-capability", - "cdmic": "application/cdmi-container", - "cdmid": "application/cdmi-domain", - "cdmio": "application/cdmi-object", - "cdmiq": "application/cdmi-queue", - "cu": "application/cu-seeme", - "davmount": "application/davmount+xml", - "dbk": "application/docbook+xml", - "dssc": "application/dssc+der", - "xdssc": "application/dssc+xml", - "ecma": "application/ecmascript", - "emma": "application/emma+xml", - "epub": "application/epub+zip", - "exi": "application/exi", - "pfr": "application/font-tdpfr", - "gml": "application/gml+xml", - "gpx": "application/gpx+xml", - "gxf": "application/gxf", - "stk": "application/hyperstudio", - "ink": "application/inkml+xml", - "ipfix": "application/ipfix", - "jar": "application/java-archive", - "ser": "application/java-serialized-object", - "class": "application/java-vm", - "js": "application/javascript", - "json": "application/json", - "jsonml": "application/jsonml+json", - "lostxml": "application/lost+xml", - "hqx": "application/mac-binhex40", - "cpt": "application/mac-compactpro", - "mads": "application/mads+xml", - "mrc": "application/marc", - "mrcx": "application/marcxml+xml", - "ma": "application/mathematica", - "mathml": "application/mathml+xml", - "mbox": "application/mbox", - "mscml": "application/mediaservercontrol+xml", - "metalink": "application/metalink+xml", - "meta4": "application/metalink4+xml", - "mets": "application/mets+xml", - "mods": "application/mods+xml", - "m21": "application/mp21", - "mp4s": "application/mp4", - "doc": "application/msword", - "mxf": "application/mxf", - "bin": "application/octet-stream", - "oda": "application/oda", - "opf": "application/oebps-package+xml", - "ogx": "application/ogg", - "omdoc": "application/omdoc+xml", - "onepkg": "application/onenote", - "oxps": "application/oxps", - "xer": "application/patch-ops-error+xml", - "pdf": "application/pdf", - "pgp": "application/pgp-encrypted", - "asc": "application/pgp-signature", - "prf": "application/pics-rules", - "p10": "application/pkcs10", - "p7c": "application/pkcs7-mime", - "p7s": "application/pkcs7-signature", - "p8": "application/pkcs8", - "ac": "application/pkix-attr-cert", - "cer": "application/pkix-cert", - "crl": "application/pkix-crl", - "pkipath": "application/pkix-pkipath", - "pki": "application/pkixcmp", - "pls": "application/pls+xml", - "ai": "application/postscript", - "cww": "application/prs.cww", - "pskcxml": "application/pskc+xml", - "rdf": "application/rdf+xml", - "rif": "application/reginfo+xml", - "rnc": "application/relax-ng-compact-syntax", - "rld": "application/resource-lists-diff+xml", - "rl": "application/resource-lists+xml", - "rs": "application/rls-services+xml", - "gbr": "application/rpki-ghostbusters", - "mft": "application/rpki-manifest", - "roa": "application/rpki-roa", - "rsd": "application/rsd+xml", - "rss": "application/rss+xml", - "rtf": "application/rtf", - "sbml": "application/sbml+xml", - "scq": "application/scvp-cv-request", - "scs": "application/scvp-cv-response", - "spq": "application/scvp-vp-request", - "spp": "application/scvp-vp-response", - "sdp": "application/sdp", - "setpay": "application/set-payment-initiation", - "setreg": "application/set-registration-initiation", - "shf": "application/shf+xml", - "smi": "application/smil+xml", - "rq": "application/sparql-query", - "srx": "application/sparql-results+xml", - "gram": "application/srgs", - "grxml": "application/srgs+xml", - "sru": "application/sru+xml", - "ssdl": "application/ssdl+xml", - "ssml": "application/ssml+xml", - "tei": "application/tei+xml", - "tfi": "application/thraud+xml", - "tsd": "application/timestamped-data", - "plb": "application/vnd.3gpp.pic-bw-large", - "psb": "application/vnd.3gpp.pic-bw-small", - "pvb": "application/vnd.3gpp.pic-bw-var", - "tcap": "application/vnd.3gpp2.tcap", - "pwn": "application/vnd.3m.post-it-notes", - "aso": "application/vnd.accpac.simply.aso", - "imp": "application/vnd.accpac.simply.imp", - "acu": "application/vnd.acucobol", - "acutc": "application/vnd.acucorp", - "air": "application/vnd.adobe.air-application-installer-package+zip", - "fcdt": "application/vnd.adobe.formscentral.fcdt", - "fxp": "application/vnd.adobe.fxp", - "xdp": "application/vnd.adobe.xdp+xml", - "xfdf": "application/vnd.adobe.xfdf", - "ahead": "application/vnd.ahead.space", - "azf": "application/vnd.airzip.filesecure.azf", - "azs": "application/vnd.airzip.filesecure.azs", - "azw": "application/vnd.amazon.ebook", - "acc": "application/vnd.americandynamics.acc", - "ami": "application/vnd.amiga.ami", - "apk": "application/vnd.android.package-archive", - "cii": "application/vnd.anser-web-certificate-issue-initiation", - "fti": "application/vnd.anser-web-funds-transfer-initiation", - "atx": "application/vnd.antix.game-component", - "mpkg": "application/vnd.apple.installer+xml", - "m3u8": "application/vnd.apple.mpegurl", - "swi": "application/vnd.aristanetworks.swi", - "iota": "application/vnd.astraea-software.iota", - "aep": "application/vnd.audiograph", - "mpm": "application/vnd.blueice.multipass", - "bmi": "application/vnd.bmi", - "rep": "application/vnd.businessobjects", - "cdxml": "application/vnd.chemdraw+xml", - "mmd": "application/vnd.chipnuts.karaoke-mmd", - "cdy": "application/vnd.cinderella", - "cla": "application/vnd.claymore", - "rp9": "application/vnd.cloanto.rp9", - "c4d": "application/vnd.clonk.c4group", - "c11amc": "application/vnd.cluetrust.cartomobile-config", - "c11amz": "application/vnd.cluetrust.cartomobile-config-pkg", - "csp": "application/vnd.commonspace", - "cdbcmsg": "application/vnd.contact.cmsg", - "cmc": "application/vnd.cosmocaller", - "clkx": "application/vnd.crick.clicker", - "clkk": "application/vnd.crick.clicker.keyboard", - "clkp": "application/vnd.crick.clicker.palette", - "clkt": "application/vnd.crick.clicker.template", - "clkw": "application/vnd.crick.clicker.wordbank", - "wbs": "application/vnd.criticaltools.wbs+xml", - "pml": "application/vnd.ctc-posml", - "ppd": "application/vnd.cups-ppd", - "car": "application/vnd.curl.car", - "pcurl": "application/vnd.curl.pcurl", - "dart": "application/vnd.dart", - "rdz": "application/vnd.data-vision.rdz", - "uvd": "application/vnd.dece.data", - "fe_launch": "application/vnd.denovo.fcselayout-link", - "dna": "application/vnd.dna", - "mlp": "application/vnd.dolby.mlp", - "dpg": "application/vnd.dpgraph", - "dfac": "application/vnd.dreamfactory", - "kpxx": "application/vnd.ds-keypoint", - "ait": "application/vnd.dvb.ait", - "svc": "application/vnd.dvb.service", - "geo": "application/vnd.dynageo", - "mag": "application/vnd.ecowin.chart", - "nml": "application/vnd.enliven", - "esf": "application/vnd.epson.esf", - "msf": "application/vnd.epson.msf", - "qam": "application/vnd.epson.quickanime", - "slt": "application/vnd.epson.salt", - "ssf": "application/vnd.epson.ssf", - "es3": "application/vnd.eszigno3+xml", - "ez2": "application/vnd.ezpix-album", - "ez3": "application/vnd.ezpix-package", - "fdf": "application/vnd.fdf", - "mseed": "application/vnd.fdsn.mseed", - "dataless": "application/vnd.fdsn.seed", - "gph": "application/vnd.flographit", - "ftc": "application/vnd.fluxtime.clip", - "book": "application/vnd.framemaker", - "fnc": "application/vnd.frogans.fnc", - "ltf": "application/vnd.frogans.ltf", - "fsc": "application/vnd.fsc.weblaunch", - "oas": "application/vnd.fujitsu.oasys", - "oa2": "application/vnd.fujitsu.oasys2", - "oa3": "application/vnd.fujitsu.oasys3", - "fg5": "application/vnd.fujitsu.oasysgp", - "bh2": "application/vnd.fujitsu.oasysprs", - "ddd": "application/vnd.fujixerox.ddd", - "xdw": "application/vnd.fujixerox.docuworks", - "xbd": "application/vnd.fujixerox.docuworks.binder", - "fzs": "application/vnd.fuzzysheet", - "txd": "application/vnd.genomatix.tuxedo", - "ggb": "application/vnd.geogebra.file", - "ggt": "application/vnd.geogebra.tool", - "gex": "application/vnd.geometry-explorer", - "gxt": "application/vnd.geonext", - "g2w": "application/vnd.geoplan", - "g3w": "application/vnd.geospace", - "gmx": "application/vnd.gmx", - "kml": "application/vnd.google-earth.kml+xml", - "kmz": "application/vnd.google-earth.kmz", - "gqf": "application/vnd.grafeq", - "gac": "application/vnd.groove-account", - "ghf": "application/vnd.groove-help", - "gim": "application/vnd.groove-identity-message", - "grv": "application/vnd.groove-injector", - "gtm": "application/vnd.groove-tool-message", - "tpl": "application/vnd.groove-tool-template", - "vcg": "application/vnd.groove-vcard", - "hal": "application/vnd.hal+xml", - "zmm": "application/vnd.handheld-entertainment+xml", - "hbci": "application/vnd.hbci", - "les": "application/vnd.hhe.lesson-player", - "hpgl": "application/vnd.hp-hpgl", - "hpid": "application/vnd.hp-hpid", - "hps": "application/vnd.hp-hps", - "jlt": "application/vnd.hp-jlyt", - "pcl": "application/vnd.hp-pcl", - "pclxl": "application/vnd.hp-pclxl", - "sfd-hdstx": "application/vnd.hydrostatix.sof-data", - "mpy": "application/vnd.ibm.minipay", - "afp": "application/vnd.ibm.modcap", - "irm": "application/vnd.ibm.rights-management", - "sc": "application/vnd.ibm.secure-container", - "icc": "application/vnd.iccprofile", - "igl": "application/vnd.igloader", - "ivp": "application/vnd.immervision-ivp", - "ivu": "application/vnd.immervision-ivu", - "igm": "application/vnd.insors.igm", - "xpw": "application/vnd.intercon.formnet", - "i2g": "application/vnd.intergeo", - "qbo": "application/vnd.intu.qbo", - "qfx": "application/vnd.intu.qfx", - "rcprofile": "application/vnd.ipunplugged.rcprofile", - "irp": "application/vnd.irepository.package+xml", - "xpr": "application/vnd.is-xpr", - "fcs": "application/vnd.isac.fcs", - "jam": "application/vnd.jam", - "rms": "application/vnd.jcp.javame.midlet-rms", - "jisp": "application/vnd.jisp", - "joda": "application/vnd.joost.joda-archive", - "ktr": "application/vnd.kahootz", - "karbon": "application/vnd.kde.karbon", - "chrt": "application/vnd.kde.kchart", - "kfo": "application/vnd.kde.kformula", - "flw": "application/vnd.kde.kivio", - "kon": "application/vnd.kde.kontour", - "kpr": "application/vnd.kde.kpresenter", - "ksp": "application/vnd.kde.kspread", - "kwd": "application/vnd.kde.kword", - "htke": "application/vnd.kenameaapp", - "kia": "application/vnd.kidspiration", - "kne": "application/vnd.kinar", - "skd": "application/vnd.koan", - "sse": "application/vnd.kodak-descriptor", - "lasxml": "application/vnd.las.las+xml", - "lbd": "application/vnd.llamagraphics.life-balance.desktop", - "lbe": "application/vnd.llamagraphics.life-balance.exchange+xml", - "123": "application/vnd.lotus-1-2-3", - "apr": "application/vnd.lotus-approach", - "pre": "application/vnd.lotus-freelance", - "nsf": "application/vnd.lotus-notes", - "org": "application/vnd.lotus-organizer", - "scm": "application/vnd.lotus-screencam", - "lwp": "application/vnd.lotus-wordpro", - "portpkg": "application/vnd.macports.portpkg", - "mcd": "application/vnd.mcd", - "mc1": "application/vnd.medcalcdata", - "cdkey": "application/vnd.mediastation.cdkey", - "mwf": "application/vnd.mfer", - "mfm": "application/vnd.mfmp", - "flo": "application/vnd.micrografx.flo", - "igx": "application/vnd.micrografx.igx", - "mif": "application/vnd.mif", - "daf": "application/vnd.mobius.daf", - "dis": "application/vnd.mobius.dis", - "mbk": "application/vnd.mobius.mbk", - "mqy": "application/vnd.mobius.mqy", - "msl": "application/vnd.mobius.msl", - "plc": "application/vnd.mobius.plc", - "txf": "application/vnd.mobius.txf", - "mpn": "application/vnd.mophun.application", - "mpc": "application/vnd.mophun.certificate", - "xul": "application/vnd.mozilla.xul+xml", - "cil": "application/vnd.ms-artgalry", - "cab": "application/vnd.ms-cab-compressed", - "xls": "application/vnd.ms-excel", - "xlam": "application/vnd.ms-excel.addin.macroenabled.12", - "xlsb": "application/vnd.ms-excel.sheet.binary.macroenabled.12", - "xlsm": "application/vnd.ms-excel.sheet.macroenabled.12", - "xltm": "application/vnd.ms-excel.template.macroenabled.12", - "eot": "application/vnd.ms-fontobject", - "chm": "application/vnd.ms-htmlhelp", - "ims": "application/vnd.ms-ims", - "lrm": "application/vnd.ms-lrm", - "thmx": "application/vnd.ms-officetheme", - "cat": "application/vnd.ms-pki.seccat", - "stl": "application/vnd.ms-pki.stl", - "ppt": "application/vnd.ms-powerpoint", - "ppam": "application/vnd.ms-powerpoint.addin.macroenabled.12", - "pptm": "application/vnd.ms-powerpoint.presentation.macroenabled.12", - "sldm": "application/vnd.ms-powerpoint.slide.macroenabled.12", - "ppsm": "application/vnd.ms-powerpoint.slideshow.macroenabled.12", - "potm": "application/vnd.ms-powerpoint.template.macroenabled.12", - "mpp": "application/vnd.ms-project", - "docm": "application/vnd.ms-word.document.macroenabled.12", - "dotm": "application/vnd.ms-word.template.macroenabled.12", - "wps": "application/vnd.ms-works", - "wpl": "application/vnd.ms-wpl", - "xps": "application/vnd.ms-xpsdocument", - "mseq": "application/vnd.mseq", - "mus": "application/vnd.musician", - "msty": "application/vnd.muvee.style", - "taglet": "application/vnd.mynfc", - "nlu": "application/vnd.neurolanguage.nlu", - "nitf": "application/vnd.nitf", - "nnd": "application/vnd.noblenet-directory", - "nns": "application/vnd.noblenet-sealer", - "nnw": "application/vnd.noblenet-web", - "ngdat": "application/vnd.nokia.n-gage.data", - "n-gage": "application/vnd.nokia.n-gage.symbian.install", - "rpst": "application/vnd.nokia.radio-preset", - "rpss": "application/vnd.nokia.radio-presets", - "edm": "application/vnd.novadigm.edm", - "edx": "application/vnd.novadigm.edx", - "ext": "application/vnd.novadigm.ext", - "odc": "application/vnd.oasis.opendocument.chart", - "otc": "application/vnd.oasis.opendocument.chart-template", - "odb": "application/vnd.oasis.opendocument.database", - "odf": "application/vnd.oasis.opendocument.formula", - "odft": "application/vnd.oasis.opendocument.formula-template", - "odg": "application/vnd.oasis.opendocument.graphics", - "otg": "application/vnd.oasis.opendocument.graphics-template", - "odi": "application/vnd.oasis.opendocument.image", - "oti": "application/vnd.oasis.opendocument.image-template", - "odp": "application/vnd.oasis.opendocument.presentation", - "otp": "application/vnd.oasis.opendocument.presentation-template", - "ods": "application/vnd.oasis.opendocument.spreadsheet", - "ots": "application/vnd.oasis.opendocument.spreadsheet-template", - "odt": "application/vnd.oasis.opendocument.text", - "odm": "application/vnd.oasis.opendocument.text-master", - "ott": "application/vnd.oasis.opendocument.text-template", - "oth": "application/vnd.oasis.opendocument.text-web", - "xo": "application/vnd.olpc-sugar", - "dd2": "application/vnd.oma.dd2+xml", - "oxt": "application/vnd.openofficeorg.extension", - "pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation", - "sldx": "application/vnd.openxmlformats-officedocument.presentationml.slide", - "ppsx": "application/vnd.openxmlformats-officedocument.presentationml.slideshow", - "potx": "application/vnd.openxmlformats-officedocument.presentationml.template", - "xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", - "xltx": "application/vnd.openxmlformats-officedocument.spreadsheetml.template", - "docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", - "dotx": "application/vnd.openxmlformats-officedocument.wordprocessingml.template", - "mgp": "application/vnd.osgeo.mapguide.package", - "dp": "application/vnd.osgi.dp", - "esa": "application/vnd.osgi.subsystem", - "oprc": "application/vnd.palm", - "paw": "application/vnd.pawaafile", - "str": "application/vnd.pg.format", - "ei6": "application/vnd.pg.osasli", - "efif": "application/vnd.picsel", - "wg": "application/vnd.pmi.widget", - "plf": "application/vnd.pocketlearn", - "pbd": "application/vnd.powerbuilder6", - "box": "application/vnd.previewsystems.box", - "mgz": "application/vnd.proteus.magazine", - "qps": "application/vnd.publishare-delta-tree", - "ptid": "application/vnd.pvi.ptid1", - "qwd": "application/vnd.quark.quarkxpress", - "bed": "application/vnd.realvnc.bed", - "mxl": "application/vnd.recordare.musicxml", - "musicxml": "application/vnd.recordare.musicxml+xml", - "cryptonote": "application/vnd.rig.cryptonote", - "cod": "application/vnd.rim.cod", - "rm": "application/vnd.rn-realmedia", - "rmvb": "application/vnd.rn-realmedia-vbr", - "link66": "application/vnd.route66.link66+xml", - "st": "application/vnd.sailingtracker.track", - "see": "application/vnd.seemail", - "sema": "application/vnd.sema", - "semd": "application/vnd.semd", - "semf": "application/vnd.semf", - "ifm": "application/vnd.shana.informed.formdata", - "itp": "application/vnd.shana.informed.formtemplate", - "iif": "application/vnd.shana.informed.interchange", - "ipk": "application/vnd.shana.informed.package", - "twd": "application/vnd.simtech-mindmapper", - "mmf": "application/vnd.smaf", - "teacher": "application/vnd.smart.teacher", - "sdkd": "application/vnd.solent.sdkm+xml", - "dxp": "application/vnd.spotfire.dxp", - "sfs": "application/vnd.spotfire.sfs", - "sdc": "application/vnd.stardivision.calc", - "sda": "application/vnd.stardivision.draw", - "sdd": "application/vnd.stardivision.impress", - "smf": "application/vnd.stardivision.math", - "sdw": "application/vnd.stardivision.writer", - "sgl": "application/vnd.stardivision.writer-global", - "smzip": "application/vnd.stepmania.package", - "sm": "application/vnd.stepmania.stepchart", - "sxc": "application/vnd.sun.xml.calc", - "stc": "application/vnd.sun.xml.calc.template", - "sxd": "application/vnd.sun.xml.draw", - "std": "application/vnd.sun.xml.draw.template", - "sxi": "application/vnd.sun.xml.impress", - "sti": "application/vnd.sun.xml.impress.template", - "sxm": "application/vnd.sun.xml.math", - "sxw": "application/vnd.sun.xml.writer", - "sxg": "application/vnd.sun.xml.writer.global", - "stw": "application/vnd.sun.xml.writer.template", - "sus": "application/vnd.sus-calendar", - "svd": "application/vnd.svd", - "sis": "application/vnd.symbian.install", - "bdm": "application/vnd.syncml.dm+wbxml", - "xdm": "application/vnd.syncml.dm+xml", - "xsm": "application/vnd.syncml+xml", - "tao": "application/vnd.tao.intent-module-archive", - "cap": "application/vnd.tcpdump.pcap", - "tmo": "application/vnd.tmobile-livetv", - "tpt": "application/vnd.trid.tpt", - "mxs": "application/vnd.triscape.mxs", - "tra": "application/vnd.trueapp", - "ufd": "application/vnd.ufdl", - "utz": "application/vnd.uiq.theme", - "umj": "application/vnd.umajin", - "unityweb": "application/vnd.unity", - "uoml": "application/vnd.uoml+xml", - "vcx": "application/vnd.vcx", - "vss": "application/vnd.visio", - "vis": "application/vnd.visionary", - "vsf": "application/vnd.vsf", - "wbxml": "application/vnd.wap.wbxml", - "wmlc": "application/vnd.wap.wmlc", - "wmlsc": "application/vnd.wap.wmlscriptc", - "wtb": "application/vnd.webturbo", - "nbp": "application/vnd.wolfram.player", - "wpd": "application/vnd.wordperfect", - "wqd": "application/vnd.wqd", - "stf": "application/vnd.wt.stf", - "xar": "application/vnd.xara", - "xfdl": "application/vnd.xfdl", - "hvd": "application/vnd.yamaha.hv-dic", - "hvs": "application/vnd.yamaha.hv-script", - "hvp": "application/vnd.yamaha.hv-voice", - "osf": "application/vnd.yamaha.openscoreformat", - "osfpvg": "application/vnd.yamaha.openscoreformat.osfpvg+xml", - "saf": "application/vnd.yamaha.smaf-audio", - "spf": "application/vnd.yamaha.smaf-phrase", - "cmp": "application/vnd.yellowriver-custom-menu", - "zir": "application/vnd.zul", - "zaz": "application/vnd.zzazz.deck+xml", - "vxml": "application/voicexml+xml", - "wgt": "application/widget", - "hlp": "application/winhlp", - "wsdl": "application/wsdl+xml", - "wspolicy": "application/wspolicy+xml", - "7z": "application/x-7z-compressed", - "abw": "application/x-abiword", - "ace": "application/x-ace-compressed", - "dmg": "application/x-apple-diskimage", - "aab": "application/x-authorware-bin", - "aam": "application/x-authorware-map", - "aas": "application/x-authorware-seg", - "bcpio": "application/x-bcpio", - "torrent": "application/x-bittorrent", - "blb": "application/x-blorb", - "bz": "application/x-bzip", - "bz2": "application/x-bzip2", - "cbr": "application/x-cbr", - "vcd": "application/x-cdlink", - "cfs": "application/x-cfs-compressed", - "chat": "application/x-chat", - "pgn": "application/x-chess-pgn", - "nsc": "application/x-conference", - "cpio": "application/x-cpio", - "csh": "application/x-csh", - "deb": "application/x-debian-package", - "dgc": "application/x-dgc-compressed", - "cct": "application/x-director", - "wad": "application/x-doom", - "ncx": "application/x-dtbncx+xml", - "dtb": "application/x-dtbook+xml", - "res": "application/x-dtbresource+xml", - "dvi": "application/x-dvi", - "evy": "application/x-envoy", - "eva": "application/x-eva", - "bdf": "application/x-font-bdf", - "gsf": "application/x-font-ghostscript", - "psf": "application/x-font-linux-psf", - "pcf": "application/x-font-pcf", - "snf": "application/x-font-snf", - "afm": "application/x-font-type1", - "arc": "application/x-freearc", - "spl": "application/x-futuresplash", - "gca": "application/x-gca-compressed", - "ulx": "application/x-glulx", - "gnumeric": "application/x-gnumeric", - "gramps": "application/x-gramps-xml", - "gtar": "application/x-gtar", - "hdf": "application/x-hdf", - "install": "application/x-install-instructions", - "iso": "application/x-iso9660-image", - "jnlp": "application/x-java-jnlp-file", - "latex": "application/x-latex", - "lzh": "application/x-lzh-compressed", - "mie": "application/x-mie", - "mobi": "application/x-mobipocket-ebook", - "application": "application/x-ms-application", - "lnk": "application/x-ms-shortcut", - "wmd": "application/x-ms-wmd", - "wmz": "application/x-ms-wmz", - "xbap": "application/x-ms-xbap", - "mdb": "application/x-msaccess", - "obd": "application/x-msbinder", - "crd": "application/x-mscardfile", - "clp": "application/x-msclip", - "mny": "application/x-msmoney", - "pub": "application/x-mspublisher", - "scd": "application/x-msschedule", - "trm": "application/x-msterminal", - "wri": "application/x-mswrite", - "nzb": "application/x-nzb", - "p12": "application/x-pkcs12", - "p7b": "application/x-pkcs7-certificates", - "p7r": "application/x-pkcs7-certreqresp", - "rar": "application/x-rar-compressed", - "ris": "application/x-research-info-systems", - "sh": "application/x-sh", - "shar": "application/x-shar", - "swf": "application/x-shockwave-flash", - "xap": "application/x-silverlight-app", - "sql": "application/x-sql", - "sit": "application/x-stuffit", - "sitx": "application/x-stuffitx", - "srt": "application/x-subrip", - "sv4cpio": "application/x-sv4cpio", - "sv4crc": "application/x-sv4crc", - "t3": "application/x-t3vm-image", - "gam": "application/x-tads", - "tar": "application/x-tar", - "tcl": "application/x-tcl", - "tex": "application/x-tex", - "tfm": "application/x-tex-tfm", - "texi": "application/x-texinfo", - "obj": "application/x-tgif", - "ustar": "application/x-ustar", - "src": "application/x-wais-source", - "crt": "application/x-x509-ca-cert", - "fig": "application/x-xfig", - "xlf": "application/x-xliff+xml", - "xpi": "application/x-xpinstall", - "xz": "application/x-xz", - "xaml": "application/xaml+xml", - "xdf": "application/xcap-diff+xml", - "xenc": "application/xenc+xml", - "xhtml": "application/xhtml+xml", - "xml": "application/xml", - "dtd": "application/xml-dtd", - "xop": "application/xop+xml", - "xpl": "application/xproc+xml", - "xslt": "application/xslt+xml", - "xspf": "application/xspf+xml", - "mxml": "application/xv+xml", - "yang": "application/yang", - "yin": "application/yin+xml", - "zip": "application/zip", - "adp": "audio/adpcm", - "au": "audio/basic", - "mid": "audio/midi", - "m4a": "audio/mp4", - "mp3": "audio/mpeg", - "ogg": "audio/ogg", - "s3m": "audio/s3m", - "sil": "audio/silk", - "uva": "audio/vnd.dece.audio", - "eol": "audio/vnd.digital-winds", - "dra": "audio/vnd.dra", - "dts": "audio/vnd.dts", - "dtshd": "audio/vnd.dts.hd", - "lvp": "audio/vnd.lucent.voice", - "pya": "audio/vnd.ms-playready.media.pya", - "ecelp4800": "audio/vnd.nuera.ecelp4800", - "ecelp7470": "audio/vnd.nuera.ecelp7470", - "ecelp9600": "audio/vnd.nuera.ecelp9600", - "rip": "audio/vnd.rip", - "weba": "audio/webm", - "aac": "audio/x-aac", - "aiff": "audio/x-aiff", - "caf": "audio/x-caf", - "flac": "audio/x-flac", - "mka": "audio/x-matroska", - "m3u": "audio/x-mpegurl", - "wax": "audio/x-ms-wax", - "wma": "audio/x-ms-wma", - "rmp": "audio/x-pn-realaudio-plugin", - "wav": "audio/x-wav", - "xm": "audio/xm", - "cdx": "chemical/x-cdx", - "cif": "chemical/x-cif", - "cmdf": "chemical/x-cmdf", - "cml": "chemical/x-cml", - "csml": "chemical/x-csml", - "xyz": "chemical/x-xyz", - "ttc": "font/collection", - "otf": "font/otf", - "ttf": "font/ttf", - "woff": "font/woff", - "woff2": "font/woff2", - "bmp": "image/bmp", - "cgm": "image/cgm", - "g3": "image/g3fax", - "gif": "image/gif", - "ief": "image/ief", - "jpg": "image/jpeg", - "ktx": "image/ktx", - "png": "image/png", - "btif": "image/prs.btif", - "sgi": "image/sgi", - "svg": "image/svg+xml", - "tiff": "image/tiff", - "psd": "image/vnd.adobe.photoshop", - "dwg": "image/vnd.dwg", - "dxf": "image/vnd.dxf", - "fbs": "image/vnd.fastbidsheet", - "fpx": "image/vnd.fpx", - "fst": "image/vnd.fst", - "mmr": "image/vnd.fujixerox.edmics-mmr", - "rlc": "image/vnd.fujixerox.edmics-rlc", - "mdi": "image/vnd.ms-modi", - "wdp": "image/vnd.ms-photo", - "npx": "image/vnd.net-fpx", - "wbmp": "image/vnd.wap.wbmp", - "xif": "image/vnd.xiff", - "webp": "image/webp", - "3ds": "image/x-3ds", - "ras": "image/x-cmu-raster", - "cmx": "image/x-cmx", - "ico": "image/x-icon", - "sid": "image/x-mrsid-image", - "pcx": "image/x-pcx", - "pnm": "image/x-portable-anymap", - "pbm": "image/x-portable-bitmap", - "pgm": "image/x-portable-graymap", - "ppm": "image/x-portable-pixmap", - "rgb": "image/x-rgb", - "tga": "image/x-tga", - "xbm": "image/x-xbitmap", - "xpm": "image/x-xpixmap", - "xwd": "image/x-xwindowdump", - "dae": "model/vnd.collada+xml", - "dwf": "model/vnd.dwf", - "gdl": "model/vnd.gdl", - "gtw": "model/vnd.gtw", - "mts": "model/vnd.mts", - "vtu": "model/vnd.vtu", - "appcache": "text/cache-manifest", - "ics": "text/calendar", - "css": "text/css", - "csv": "text/csv", - "html": "text/html", - "n3": "text/n3", - "txt": "text/plain", - "dsc": "text/prs.lines.tag", - "rtx": "text/richtext", - "tsv": "text/tab-separated-values", - "ttl": "text/turtle", - "vcard": "text/vcard", - "curl": "text/vnd.curl", - "dcurl": "text/vnd.curl.dcurl", - "mcurl": "text/vnd.curl.mcurl", - "scurl": "text/vnd.curl.scurl", - "sub": "text/vnd.dvb.subtitle", - "fly": "text/vnd.fly", - "flx": "text/vnd.fmi.flexstor", - "gv": "text/vnd.graphviz", - "3dml": "text/vnd.in3d.3dml", - "spot": "text/vnd.in3d.spot", - "jad": "text/vnd.sun.j2me.app-descriptor", - "wml": "text/vnd.wap.wml", - "wmls": "text/vnd.wap.wmlscript", - "asm": "text/x-asm", - "c": "text/x-c", - "java": "text/x-java-source", - "nfo": "text/x-nfo", - "opml": "text/x-opml", - "pas": "text/x-pascal", - "etx": "text/x-setext", - "sfv": "text/x-sfv", - "uu": "text/x-uuencode", - "vcs": "text/x-vcalendar", - "vcf": "text/x-vcard", - "3gp": "video/3gpp", - "3g2": "video/3gpp2", - "h261": "video/h261", - "h263": "video/h263", - "h264": "video/h264", - "jpgv": "video/jpeg", - "mp4": "video/mp4", - "mpeg": "video/mpeg", - "ogv": "video/ogg", - "dvb": "video/vnd.dvb.file", - "fvt": "video/vnd.fvt", - "pyv": "video/vnd.ms-playready.media.pyv", - "viv": "video/vnd.vivo", - "webm": "video/webm", - "f4v": "video/x-f4v", - "fli": "video/x-fli", - "flv": "video/x-flv", - "m4v": "video/x-m4v", - "mkv": "video/x-matroska", - "mng": "video/x-mng", - "asf": "video/x-ms-asf", - "vob": "video/x-ms-vob", - "wm": "video/x-ms-wm", - "wmv": "video/x-ms-wmv", - "wmx": "video/x-ms-wmx", - "wvx": "video/x-ms-wvx", - "avi": "video/x-msvideo", - "movie": "video/x-sgi-movie", - "smv": "video/x-smv", - "ice": "x-conference/x-cooltalk", -} diff --git a/internal/misc/oauth.go b/internal/misc/oauth.go deleted file mode 100644 index c14f39d2fb..0000000000 --- a/internal/misc/oauth.go +++ /dev/null @@ -1,103 +0,0 @@ -package misc - -import ( - "crypto/rand" - "encoding/hex" - "fmt" - "net/url" - "strings" -) - -// GenerateRandomState generates a cryptographically secure random state parameter -// for OAuth2 flows to prevent CSRF attacks. -// -// Returns: -// - string: A hexadecimal encoded random state string -// - error: An error if the random generation fails, nil otherwise -func GenerateRandomState() (string, error) { - bytes := make([]byte, 16) - if _, err := rand.Read(bytes); err != nil { - return "", fmt.Errorf("failed to generate random bytes: %w", err) - } - return hex.EncodeToString(bytes), nil -} - -// OAuthCallback captures the parsed OAuth callback parameters. -type OAuthCallback struct { - Code string - State string - Error string - ErrorDescription string -} - -// ParseOAuthCallback extracts OAuth parameters from a callback URL. -// It returns nil when the input is empty. -func ParseOAuthCallback(input string) (*OAuthCallback, error) { - trimmed := strings.TrimSpace(input) - if trimmed == "" { - return nil, nil - } - - candidate := trimmed - if !strings.Contains(candidate, "://") { - if strings.HasPrefix(candidate, "?") { - candidate = "http://localhost" + candidate - } else if strings.ContainsAny(candidate, "/?#") || strings.Contains(candidate, ":") { - candidate = "http://" + candidate - } else if strings.Contains(candidate, "=") { - candidate = "http://localhost/?" + candidate - } else { - return nil, fmt.Errorf("invalid callback URL") - } - } - - parsedURL, err := url.Parse(candidate) - if err != nil { - return nil, err - } - - query := parsedURL.Query() - code := strings.TrimSpace(query.Get("code")) - state := strings.TrimSpace(query.Get("state")) - errCode := strings.TrimSpace(query.Get("error")) - errDesc := strings.TrimSpace(query.Get("error_description")) - - if parsedURL.Fragment != "" { - if fragQuery, errFrag := url.ParseQuery(parsedURL.Fragment); errFrag == nil { - if code == "" { - code = strings.TrimSpace(fragQuery.Get("code")) - } - if state == "" { - state = strings.TrimSpace(fragQuery.Get("state")) - } - if errCode == "" { - errCode = strings.TrimSpace(fragQuery.Get("error")) - } - if errDesc == "" { - errDesc = strings.TrimSpace(fragQuery.Get("error_description")) - } - } - } - - if code != "" && state == "" && strings.Contains(code, "#") { - parts := strings.SplitN(code, "#", 2) - code = parts[0] - state = parts[1] - } - - if errCode == "" && errDesc != "" { - errCode = errDesc - errDesc = "" - } - - if code == "" && errCode == "" { - return nil, fmt.Errorf("callback URL missing code") - } - - return &OAuthCallback{ - Code: code, - State: state, - Error: errCode, - ErrorDescription: errDesc, - }, nil -} diff --git a/internal/registry/kilo_models.go b/internal/registry/kilo_models.go deleted file mode 100644 index ac9939dbb7..0000000000 --- a/internal/registry/kilo_models.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package registry provides model definitions for various AI service providers. -package registry - -// GetKiloModels returns the Kilo model definitions -func GetKiloModels() []*ModelInfo { - return []*ModelInfo{ - // --- Base Models --- - { - ID: "kilo/auto", - Object: "model", - Created: 1732752000, - OwnedBy: "kilo", - Type: "kilo", - DisplayName: "Kilo Auto", - Description: "Automatic model selection by Kilo", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} diff --git a/internal/registry/kiro_model_converter.go b/internal/registry/kiro_model_converter.go deleted file mode 100644 index fe50a8f306..0000000000 --- a/internal/registry/kiro_model_converter.go +++ /dev/null @@ -1,303 +0,0 @@ -// Package registry provides Kiro model conversion utilities. -// This file handles converting dynamic Kiro API model lists to the internal ModelInfo format, -// and merging with static metadata for thinking support and other capabilities. -package registry - -import ( - "strings" - "time" -) - -// KiroAPIModel represents a model from Kiro API response. -// This is a local copy to avoid import cycles with the kiro package. -// The structure mirrors kiro.KiroModel for easy data conversion. -type KiroAPIModel struct { - // ModelID is the unique identifier for the model (e.g., "claude-sonnet-4.5") - ModelID string - // ModelName is the human-readable name - ModelName string - // Description is the model description - Description string - // RateMultiplier is the credit multiplier for this model - RateMultiplier float64 - // RateUnit is the unit for rate calculation (e.g., "credit") - RateUnit string - // MaxInputTokens is the maximum input token limit - MaxInputTokens int -} - -// DefaultKiroThinkingSupport defines the default thinking configuration for Kiro models. -// All Kiro models support thinking with the following budget range. -var DefaultKiroThinkingSupport = &ThinkingSupport{ - Min: 1024, // Minimum thinking budget tokens - Max: 32000, // Maximum thinking budget tokens - ZeroAllowed: true, // Allow disabling thinking with 0 - DynamicAllowed: true, // Allow dynamic thinking budget (-1) -} - -// DefaultKiroContextLength is the default context window size for Kiro models. -const DefaultKiroContextLength = 200000 - -// DefaultKiroMaxCompletionTokens is the default max completion tokens for Kiro models. -const DefaultKiroMaxCompletionTokens = 64000 - -// ConvertKiroAPIModels converts Kiro API models to internal ModelInfo format. -// It performs the following transformations: -// - Normalizes model ID (e.g., claude-sonnet-4.5 → kiro-claude-sonnet-4-5) -// - Adds default thinking support metadata -// - Sets default context length and max completion tokens if not provided -// -// Parameters: -// - kiroModels: List of models from Kiro API response -// -// Returns: -// - []*ModelInfo: Converted model information list -func ConvertKiroAPIModels(kiroModels []*KiroAPIModel) []*ModelInfo { - if len(kiroModels) == 0 { - return nil - } - - now := time.Now().Unix() - result := make([]*ModelInfo, 0, len(kiroModels)) - - for _, km := range kiroModels { - // Skip nil models - if km == nil { - continue - } - - // Skip models without valid ID - if km.ModelID == "" { - continue - } - - // Normalize the model ID to kiro-* format - normalizedID := normalizeKiroModelID(km.ModelID) - - // Create ModelInfo with converted data - info := &ModelInfo{ - ID: normalizedID, - Object: "model", - Created: now, - OwnedBy: "aws", - Type: "kiro", - DisplayName: generateKiroDisplayName(km.ModelName, normalizedID), - Description: km.Description, - // Use MaxInputTokens from API if available, otherwise use default - ContextLength: getContextLength(km.MaxInputTokens), - MaxCompletionTokens: DefaultKiroMaxCompletionTokens, - // All Kiro models support thinking - Thinking: cloneThinkingSupport(DefaultKiroThinkingSupport), - } - - result = append(result, info) - } - - return result -} - -// GenerateAgenticVariants creates -agentic variants for each model. -// Agentic variants are optimized for coding agents with chunked writes. -// -// Parameters: -// - models: Base models to generate variants for -// -// Returns: -// - []*ModelInfo: Combined list of base models and their agentic variants -func GenerateAgenticVariants(models []*ModelInfo) []*ModelInfo { - if len(models) == 0 { - return nil - } - - // Pre-allocate result with capacity for both base models and variants - result := make([]*ModelInfo, 0, len(models)*2) - - for _, model := range models { - if model == nil { - continue - } - - // Add the base model first - result = append(result, model) - - // Skip if model already has -agentic suffix - if strings.HasSuffix(model.ID, "-agentic") { - continue - } - - // Skip special models that shouldn't have agentic variants - if model.ID == "kiro-auto" { - continue - } - - // Create agentic variant - agenticModel := &ModelInfo{ - ID: model.ID + "-agentic", - Object: model.Object, - Created: model.Created, - OwnedBy: model.OwnedBy, - Type: model.Type, - DisplayName: model.DisplayName + " (Agentic)", - Description: generateAgenticDescription(model.Description), - ContextLength: model.ContextLength, - MaxCompletionTokens: model.MaxCompletionTokens, - Thinking: cloneThinkingSupport(model.Thinking), - } - - result = append(result, agenticModel) - } - - return result -} - -// MergeWithStaticMetadata merges dynamic models with static metadata. -// Static metadata takes priority for any overlapping fields. -// This allows manual overrides for specific models while keeping dynamic discovery. -// -// Parameters: -// - dynamicModels: Models from Kiro API (converted to ModelInfo) -// - staticModels: Predefined model metadata (from GetKiroModels()) -// -// Returns: -// - []*ModelInfo: Merged model list with static metadata taking priority -func MergeWithStaticMetadata(dynamicModels, staticModels []*ModelInfo) []*ModelInfo { - if len(dynamicModels) == 0 && len(staticModels) == 0 { - return nil - } - - // Build a map of static models for quick lookup - staticMap := make(map[string]*ModelInfo, len(staticModels)) - for _, sm := range staticModels { - if sm != nil && sm.ID != "" { - staticMap[sm.ID] = sm - } - } - - // Build result, preferring static metadata where available - seenIDs := make(map[string]struct{}) - result := make([]*ModelInfo, 0, len(dynamicModels)+len(staticModels)) - - // First, process dynamic models and merge with static if available - for _, dm := range dynamicModels { - if dm == nil || dm.ID == "" { - continue - } - - // Skip duplicates - if _, seen := seenIDs[dm.ID]; seen { - continue - } - seenIDs[dm.ID] = struct{}{} - - // Check if static metadata exists for this model - if sm, exists := staticMap[dm.ID]; exists { - // Static metadata takes priority - use static model - result = append(result, sm) - } else { - // No static metadata - use dynamic model - result = append(result, dm) - } - } - - // Add any static models not in dynamic list - for _, sm := range staticModels { - if sm == nil || sm.ID == "" { - continue - } - if _, seen := seenIDs[sm.ID]; seen { - continue - } - seenIDs[sm.ID] = struct{}{} - result = append(result, sm) - } - - return result -} - -// normalizeKiroModelID converts Kiro API model IDs to internal format. -// Transformation rules: -// - Adds "kiro-" prefix if not present -// - Replaces dots with hyphens (e.g., 4.5 → 4-5) -// - Handles special cases like "auto" → "kiro-auto" -// -// Examples: -// - "claude-sonnet-4.5" → "kiro-claude-sonnet-4-5" -// - "claude-opus-4.5" → "kiro-claude-opus-4-5" -// - "auto" → "kiro-auto" -// - "kiro-claude-sonnet-4-5" → "kiro-claude-sonnet-4-5" (unchanged) -func normalizeKiroModelID(modelID string) string { - if modelID == "" { - return "" - } - - // Trim whitespace - modelID = strings.TrimSpace(modelID) - - // Replace dots with hyphens (e.g., 4.5 → 4-5) - normalized := strings.ReplaceAll(modelID, ".", "-") - - // Add kiro- prefix if not present - if !strings.HasPrefix(normalized, "kiro-") { - normalized = "kiro-" + normalized - } - - return normalized -} - -// generateKiroDisplayName creates a human-readable display name. -// Uses the API-provided model name if available, otherwise generates from ID. -func generateKiroDisplayName(modelName, normalizedID string) string { - if modelName != "" { - return "Kiro " + modelName - } - - // Generate from normalized ID by removing kiro- prefix and formatting - displayID := strings.TrimPrefix(normalizedID, "kiro-") - // Capitalize first letter of each word - words := strings.Split(displayID, "-") - for i, word := range words { - if len(word) > 0 { - words[i] = strings.ToUpper(word[:1]) + word[1:] - } - } - return "Kiro " + strings.Join(words, " ") -} - -// generateAgenticDescription creates description for agentic variants. -func generateAgenticDescription(baseDescription string) string { - if baseDescription == "" { - return "Optimized for coding agents with chunked writes" - } - return baseDescription + " (Agentic mode: chunked writes)" -} - -// getContextLength returns the context length, using default if not provided. -func getContextLength(maxInputTokens int) int { - if maxInputTokens > 0 { - return maxInputTokens - } - return DefaultKiroContextLength -} - -// cloneThinkingSupport creates a deep copy of ThinkingSupport. -// Returns nil if input is nil. -func cloneThinkingSupport(ts *ThinkingSupport) *ThinkingSupport { - if ts == nil { - return nil - } - - clone := &ThinkingSupport{ - Min: ts.Min, - Max: ts.Max, - ZeroAllowed: ts.ZeroAllowed, - DynamicAllowed: ts.DynamicAllowed, - } - - // Deep copy Levels slice if present - if len(ts.Levels) > 0 { - clone.Levels = make([]string, len(ts.Levels)) - copy(clone.Levels, ts.Levels) - } - - return clone -} diff --git a/internal/registry/model_definitions.go b/internal/registry/model_definitions.go deleted file mode 100644 index 1b69021d2c..0000000000 --- a/internal/registry/model_definitions.go +++ /dev/null @@ -1,762 +0,0 @@ -// Package registry provides model definitions and lookup helpers for various AI providers. -// Static model metadata is stored in model_definitions_static_data.go. -package registry - -import ( - "sort" - "strings" -) - -// GetStaticModelDefinitionsByChannel returns static model definitions for a given channel/provider. -// It returns nil when the channel is unknown. -// -// Supported channels: -// - claude -// - gemini -// - vertex -// - gemini-cli -// - aistudio -// - codex -// - qwen -// - iflow -// - kimi -// - kiro -// - kilo -// - github-copilot -// - kiro -// - amazonq -// - antigravity (returns static overrides only) -func GetStaticModelDefinitionsByChannel(channel string) []*ModelInfo { - key := strings.ToLower(strings.TrimSpace(channel)) - switch key { - case "claude": - return GetClaudeModels() - case "gemini": - return GetGeminiModels() - case "vertex": - return GetGeminiVertexModels() - case "gemini-cli": - return GetGeminiCLIModels() - case "aistudio": - return GetAIStudioModels() - case "codex": - return GetOpenAIModels() - case "qwen": - return GetQwenModels() - case "iflow": - return GetIFlowModels() - case "kimi": - return GetKimiModels() - case "github-copilot": - return GetGitHubCopilotModels() - case "kiro": - return GetKiroModels() - case "kilo": - return GetKiloModels() - case "amazonq": - return GetAmazonQModels() - case "antigravity": - cfg := GetAntigravityModelConfig() - if len(cfg) == 0 { - return nil - } - models := make([]*ModelInfo, 0, len(cfg)) - for modelID, entry := range cfg { - if modelID == "" || entry == nil { - continue - } - models = append(models, &ModelInfo{ - ID: modelID, - Object: "model", - OwnedBy: "antigravity", - Type: "antigravity", - Thinking: entry.Thinking, - MaxCompletionTokens: entry.MaxCompletionTokens, - }) - } - sort.Slice(models, func(i, j int) bool { - return strings.ToLower(models[i].ID) < strings.ToLower(models[j].ID) - }) - return models - default: - return nil - } -} - -// LookupStaticModelInfo searches all static model definitions for a model by ID. -// Returns nil if no matching model is found. -func LookupStaticModelInfo(modelID string) *ModelInfo { - if modelID == "" { - return nil - } - - allModels := [][]*ModelInfo{ - GetClaudeModels(), - GetGeminiModels(), - GetGeminiVertexModels(), - GetGeminiCLIModels(), - GetAIStudioModels(), - GetOpenAIModels(), - GetQwenModels(), - GetIFlowModels(), - GetKimiModels(), - GetGitHubCopilotModels(), - GetKiroModels(), - GetKiloModels(), - GetAmazonQModels(), - } - for _, models := range allModels { - for _, m := range models { - if m != nil && m.ID == modelID { - return m - } - } - } - - // Check Antigravity static config - if cfg := GetAntigravityModelConfig()[modelID]; cfg != nil { - return &ModelInfo{ - ID: modelID, - Thinking: cfg.Thinking, - MaxCompletionTokens: cfg.MaxCompletionTokens, - } - } - - return nil -} - -// GetGitHubCopilotModels returns the available models for GitHub Copilot. -// These models are available through the GitHub Copilot API at api.githubcopilot.com. -func GetGitHubCopilotModels() []*ModelInfo { - now := int64(1732752000) // 2024-11-27 - gpt4oEntries := []struct { - ID string - DisplayName string - Description string - }{ - {ID: "gpt-4o-2024-11-20", DisplayName: "GPT-4o (2024-11-20)", Description: "OpenAI GPT-4o 2024-11-20 via GitHub Copilot"}, - {ID: "gpt-4o-2024-08-06", DisplayName: "GPT-4o (2024-08-06)", Description: "OpenAI GPT-4o 2024-08-06 via GitHub Copilot"}, - {ID: "gpt-4o-2024-05-13", DisplayName: "GPT-4o (2024-05-13)", Description: "OpenAI GPT-4o 2024-05-13 via GitHub Copilot"}, - {ID: "gpt-4o", DisplayName: "GPT-4o", Description: "OpenAI GPT-4o via GitHub Copilot"}, - {ID: "gpt-4-o-preview", DisplayName: "GPT-4-o Preview", Description: "OpenAI GPT-4-o Preview via GitHub Copilot"}, - } - - models := []*ModelInfo{ - { - ID: "gpt-4.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-4.1", - Description: "OpenAI GPT-4.1 via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - } - - for _, entry := range gpt4oEntries { - models = append(models, &ModelInfo{ - ID: entry.ID, - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: entry.DisplayName, - Description: entry.Description, - ContextLength: 128000, - MaxCompletionTokens: 16384, - }) - } - - return append(models, []*ModelInfo{ - { - ID: "gpt-5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5", - Description: "OpenAI GPT-5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-mini", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Mini", - Description: "OpenAI GPT-5 Mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5 Codex", - Description: "OpenAI GPT-5 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1", - Description: "OpenAI GPT-5.1 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex", - Description: "OpenAI GPT-5.1 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-mini", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex Mini", - Description: "OpenAI GPT-5.1 Codex Mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-max", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.1 Codex Max", - Description: "OpenAI GPT-5.1 Codex Max via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2", - Description: "OpenAI GPT-5.2 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.2 Codex", - Description: "OpenAI GPT-5.2 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "GPT-5.3 Codex", - Description: "OpenAI GPT-5.3 Codex via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32768, - SupportedEndpoints: []string{"/responses"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "claude-haiku-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Haiku 4.5", - Description: "Anthropic Claude Haiku 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.1", - Description: "Anthropic Claude Opus 4.1 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 32000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.5", - Description: "Anthropic Claude Opus 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-opus-4.6", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Opus 4.6", - Description: "Anthropic Claude Opus 4.6 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4", - Description: "Anthropic Claude Sonnet 4 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4.5", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4.5", - Description: "Anthropic Claude Sonnet 4.5 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "claude-sonnet-4.6", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Claude Sonnet 4.6", - Description: "Anthropic Claude Sonnet 4.6 via GitHub Copilot", - ContextLength: 200000, - MaxCompletionTokens: 64000, - SupportedEndpoints: []string{"/chat/completions"}, - }, - { - ID: "gemini-2.5-pro", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 2.5 Pro", - Description: "Google Gemini 2.5 Pro via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3 Pro (Preview)", - Description: "Google Gemini 3 Pro Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3.1 Pro (Preview)", - Description: "Google Gemini 3.1 Pro Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Gemini 3 Flash (Preview)", - Description: "Google Gemini 3 Flash Preview via GitHub Copilot", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - }, - { - ID: "grok-code-fast-1", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Grok Code Fast 1", - Description: "xAI Grok Code Fast 1 via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "oswe-vscode-prime", - Object: "model", - Created: now, - OwnedBy: "github-copilot", - Type: "github-copilot", - DisplayName: "Raptor mini (Preview)", - Description: "Raptor mini via GitHub Copilot", - ContextLength: 128000, - MaxCompletionTokens: 16384, - SupportedEndpoints: []string{"/chat/completions", "/responses"}, - }, - }...) -} - -// GetKiroModels returns the Kiro (AWS CodeWhisperer) model definitions -func GetKiroModels() []*ModelInfo { - return []*ModelInfo{ - // --- Base Models --- - { - ID: "kiro-auto", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Auto", - Description: "Automatic model selection by Kiro", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-6", - Object: "model", - Created: 1736899200, // 2025-01-15 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.6", - Description: "Claude Opus 4.6 via Kiro (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-6", - Object: "model", - Created: 1739836800, // 2025-02-18 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.6", - Description: "Claude Sonnet 4.6 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.5", - Description: "Claude Opus 4.5 via Kiro (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.5", - Description: "Claude Sonnet 4.5 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4", - Description: "Claude Sonnet 4 via Kiro (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-haiku-4-5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Haiku 4.5", - Description: "Claude Haiku 4.5 via Kiro (0.4x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - // --- 第三方模型 (通过 Kiro 接入) --- - { - ID: "kiro-deepseek-3-2", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro DeepSeek 3.2", - Description: "DeepSeek 3.2 via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-minimax-m2-1", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro MiniMax M2.1", - Description: "MiniMax M2.1 via Kiro", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-qwen3-coder-next", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Qwen3 Coder Next", - Description: "Qwen3 Coder Next via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-gpt-4o", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4o", - Description: "OpenAI GPT-4o via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "kiro-gpt-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4", - Description: "OpenAI GPT-4 via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 8192, - }, - { - ID: "kiro-gpt-4-turbo", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-4 Turbo", - Description: "OpenAI GPT-4 Turbo via Kiro", - ContextLength: 128000, - MaxCompletionTokens: 16384, - }, - { - ID: "kiro-gpt-3-5-turbo", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro GPT-3.5 Turbo", - Description: "OpenAI GPT-3.5 Turbo via Kiro", - ContextLength: 16384, - MaxCompletionTokens: 4096, - }, - // --- Agentic Variants (Optimized for coding agents with chunked writes) --- - { - ID: "kiro-claude-opus-4-6-agentic", - Object: "model", - Created: 1736899200, // 2025-01-15 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.6 (Agentic)", - Description: "Claude Opus 4.6 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-6-agentic", - Object: "model", - Created: 1739836800, // 2025-02-18 - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.6 (Agentic)", - Description: "Claude Sonnet 4.6 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-opus-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Opus 4.5 (Agentic)", - Description: "Claude Opus 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4.5 (Agentic)", - Description: "Claude Sonnet 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-sonnet-4-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Sonnet 4 (Agentic)", - Description: "Claude Sonnet 4 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kiro-claude-haiku-4-5-agentic", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Kiro Claude Haiku 4.5 (Agentic)", - Description: "Claude Haiku 4.5 optimized for coding agents (chunked writes)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetAmazonQModels returns the Amazon Q (AWS CodeWhisperer) model definitions. -// These models use the same API as Kiro and share the same executor. -func GetAmazonQModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "amazonq-auto", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", // Uses Kiro executor - same API - DisplayName: "Amazon Q Auto", - Description: "Automatic model selection by Amazon Q", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-opus-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Opus 4.5", - Description: "Claude Opus 4.5 via Amazon Q (2.2x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-sonnet-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Sonnet 4.5", - Description: "Claude Sonnet 4.5 via Amazon Q (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-sonnet-4", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Sonnet 4", - Description: "Claude Sonnet 4 via Amazon Q (1.3x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - { - ID: "amazonq-claude-haiku-4.5", - Object: "model", - Created: 1732752000, - OwnedBy: "aws", - Type: "kiro", - DisplayName: "Amazon Q Claude Haiku 4.5", - Description: "Claude Haiku 4.5 via Amazon Q (0.4x credit)", - ContextLength: 200000, - MaxCompletionTokens: 64000, - }, - } -} diff --git a/internal/registry/model_definitions_static_data.go b/internal/registry/model_definitions_static_data.go deleted file mode 100644 index 24b82d2aa9..0000000000 --- a/internal/registry/model_definitions_static_data.go +++ /dev/null @@ -1,1085 +0,0 @@ -// Package registry provides model definitions for various AI service providers. -// This file stores the static model metadata catalog. -package registry - -// GetClaudeModels returns the standard Claude model definitions -func GetClaudeModels() []*ModelInfo { - return []*ModelInfo{ - - { - ID: "claude-haiku-4-5-20251001", - Object: "model", - Created: 1759276800, // 2025-10-01 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Haiku", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-5-20250929", - Object: "model", - Created: 1759104000, // 2025-09-29 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-6", - Object: "model", - Created: 1771372800, // 2026-02-17 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-6", - Object: "model", - Created: 1770318000, // 2026-02-05 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Opus", - Description: "Premium model combining maximum intelligence with practical performance", - ContextLength: 1000000, - MaxCompletionTokens: 128000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-6", - Object: "model", - Created: 1771286400, // 2026-02-17 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.6 Sonnet", - Description: "Best combination of speed and intelligence", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-5-20251101", - Object: "model", - Created: 1761955200, // 2025-11-01 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.5 Opus", - Description: "Premium model combining maximum intelligence with practical performance", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-1-20250805", - Object: "model", - Created: 1722945600, // 2025-08-05 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4.1 Opus", - ContextLength: 200000, - MaxCompletionTokens: 32000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-opus-4-20250514", - Object: "model", - Created: 1715644800, // 2025-05-14 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4 Opus", - ContextLength: 200000, - MaxCompletionTokens: 32000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-sonnet-4-20250514", - Object: "model", - Created: 1715644800, // 2025-05-14 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 4 Sonnet", - ContextLength: 200000, - MaxCompletionTokens: 64000, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-3-7-sonnet-20250219", - Object: "model", - Created: 1708300800, // 2025-02-19 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 3.7 Sonnet", - ContextLength: 128000, - MaxCompletionTokens: 8192, - Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: false, DynamicAllowed: false}, - }, - { - ID: "claude-3-5-haiku-20241022", - Object: "model", - Created: 1729555200, // 2024-10-22 - OwnedBy: "anthropic", - Type: "claude", - DisplayName: "Claude 3.5 Haiku", - ContextLength: 128000, - MaxCompletionTokens: 8192, - // Thinking: not supported for Haiku models - }, - } -} - -// GetGeminiModels returns the standard Gemini model definitions -func GetGeminiModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Gemini 3 Flash Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gemini-3-pro-image-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-image-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Image Preview", - Description: "Gemini 3 Pro Image Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - } -} - -func GetGeminiVertexModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-pro-image-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-image-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Image Preview", - Description: "Gemini 3 Pro Image Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - // Imagen image generation models - use :predict action - { - ID: "imagen-4.0-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Generate", - Description: "Imagen 4.0 image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-4.0-ultra-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-ultra-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Ultra Generate", - Description: "Imagen 4.0 Ultra high-quality image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-3.0-generate-002", - Object: "model", - Created: 1740000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-3.0-generate-002", - Version: "3.0", - DisplayName: "Imagen 3.0 Generate", - Description: "Imagen 3.0 image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-3.0-fast-generate-001", - Object: "model", - Created: 1740000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-3.0-fast-generate-001", - Version: "3.0", - DisplayName: "Imagen 3.0 Fast Generate", - Description: "Imagen 3.0 fast image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - { - ID: "imagen-4.0-fast-generate-001", - Object: "model", - Created: 1750000000, - OwnedBy: "google", - Type: "gemini", - Name: "models/imagen-4.0-fast-generate-001", - Version: "4.0", - DisplayName: "Imagen 4.0 Fast Generate", - Description: "Imagen 4.0 fast image generation model", - SupportedGenerationMethods: []string{"predict"}, - }, - } -} - -// GetGeminiCLIModels returns the standard Gemini model definitions -func GetGeminiCLIModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Our most intelligent model with SOTA reasoning and multimodal understanding, and powerful agentic and vibe coding capabilities", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}, - }, - } -} - -// GetAIStudioModels returns the Gemini model definitions for AI Studio integrations -func GetAIStudioModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gemini-2.5-pro", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-pro", - Version: "2.5", - DisplayName: "Gemini 2.5 Pro", - Description: "Stable release (June 17th, 2025) of Gemini 2.5 Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash", - Version: "001", - DisplayName: "Gemini 2.5 Flash", - Description: "Stable version of Gemini 2.5 Flash, our mid-size multimodal model that supports up to 1 million tokens, released in June of 2025.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-2.5-flash-lite", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-lite", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Lite", - Description: "Our smallest and most cost effective model, built for at scale usage.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-3-pro-preview", - Object: "model", - Created: 1737158400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-pro-preview", - Version: "3.0", - DisplayName: "Gemini 3 Pro Preview", - Description: "Gemini 3 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-3.1-pro-preview", - Object: "model", - Created: 1771459200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3.1-pro-preview", - Version: "3.1", - DisplayName: "Gemini 3.1 Pro Preview", - Description: "Gemini 3.1 Pro Preview", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-3-flash-preview", - Object: "model", - Created: 1765929600, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-3-flash-preview", - Version: "3.0", - DisplayName: "Gemini 3 Flash Preview", - Description: "Our most intelligent model built for speed, combining frontier intelligence with superior search and grounding.", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-pro-latest", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-pro-latest", - Version: "2.5", - DisplayName: "Gemini Pro Latest", - Description: "Latest release of Gemini Pro", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}, - }, - { - ID: "gemini-flash-latest", - Object: "model", - Created: 1750118400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-flash-latest", - Version: "2.5", - DisplayName: "Gemini Flash Latest", - Description: "Latest release of Gemini Flash", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "gemini-flash-lite-latest", - Object: "model", - Created: 1753142400, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-flash-lite-latest", - Version: "2.5", - DisplayName: "Gemini Flash-Lite Latest", - Description: "Latest release of Gemini Flash-Lite", - InputTokenLimit: 1048576, - OutputTokenLimit: 65536, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - Thinking: &ThinkingSupport{Min: 512, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}, - }, - // { - // ID: "gemini-2.5-flash-image-preview", - // Object: "model", - // Created: 1756166400, - // OwnedBy: "google", - // Type: "gemini", - // Name: "models/gemini-2.5-flash-image-preview", - // Version: "2.5", - // DisplayName: "Gemini 2.5 Flash Image Preview", - // Description: "State-of-the-art image generation and editing model.", - // InputTokenLimit: 1048576, - // OutputTokenLimit: 8192, - // SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - // // image models don't support thinkingConfig; leave Thinking nil - // }, - { - ID: "gemini-2.5-flash-image", - Object: "model", - Created: 1759363200, - OwnedBy: "google", - Type: "gemini", - Name: "models/gemini-2.5-flash-image", - Version: "2.5", - DisplayName: "Gemini 2.5 Flash Image", - Description: "State-of-the-art image generation and editing model.", - InputTokenLimit: 1048576, - OutputTokenLimit: 8192, - SupportedGenerationMethods: []string{"generateContent", "countTokens", "createCachedContent", "batchGenerateContent"}, - // image models don't support thinkingConfig; leave Thinking nil - }, - } -} - -// GetOpenAIModels returns the standard OpenAI model definitions -func GetOpenAIModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "gpt-5", - Object: "model", - Created: 1754524800, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-08-07", - DisplayName: "GPT 5", - Description: "Stable version of GPT 5, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"minimal", "low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex", - Object: "model", - Created: 1757894400, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-09-15", - DisplayName: "GPT 5 Codex", - Description: "Stable version of GPT 5 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5-codex-mini", - Object: "model", - Created: 1762473600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5-2025-11-07", - DisplayName: "GPT 5 Codex Mini", - Description: "Stable version of GPT 5 Codex Mini: cheaper, faster, but less capable version of GPT 5 Codex.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5", - Description: "Stable version of GPT 5, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1 Codex", - Description: "Stable version of GPT 5.1 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-mini", - Object: "model", - Created: 1762905600, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-2025-11-12", - DisplayName: "GPT 5.1 Codex Mini", - Description: "Stable version of GPT 5.1 Codex Mini: cheaper, faster, but less capable version of GPT 5.1 Codex.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high"}}, - }, - { - ID: "gpt-5.1-codex-max", - Object: "model", - Created: 1763424000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.1-max", - DisplayName: "GPT 5.1 Codex Max", - Description: "Stable version of GPT 5.1 Codex Max", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2", - Object: "model", - Created: 1765440000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.2", - DisplayName: "GPT 5.2", - Description: "Stable version of GPT 5.2", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"none", "low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.2-codex", - Object: "model", - Created: 1765440000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.2", - DisplayName: "GPT 5.2 Codex", - Description: "Stable version of GPT 5.2 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex", - Object: "model", - Created: 1770307200, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.3", - DisplayName: "GPT 5.3 Codex", - Description: "Stable version of GPT 5.3 Codex, The best model for coding and agentic tasks across domains.", - ContextLength: 400000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - { - ID: "gpt-5.3-codex-spark", - Object: "model", - Created: 1770912000, - OwnedBy: "openai", - Type: "openai", - Version: "gpt-5.3", - DisplayName: "GPT 5.3 Codex Spark", - Description: "Ultra-fast coding model.", - ContextLength: 128000, - MaxCompletionTokens: 128000, - SupportedParameters: []string{"tools"}, - Thinking: &ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}}, - }, - } -} - -// GetQwenModels returns the standard Qwen model definitions -func GetQwenModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "qwen3-coder-plus", - Object: "model", - Created: 1753228800, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Coder Plus", - Description: "Advanced code generation and understanding model", - ContextLength: 32768, - MaxCompletionTokens: 8192, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "qwen3-coder-flash", - Object: "model", - Created: 1753228800, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Coder Flash", - Description: "Fast code generation model", - ContextLength: 8192, - MaxCompletionTokens: 2048, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "coder-model", - Object: "model", - Created: 1771171200, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.5", - DisplayName: "Qwen 3.5 Plus", - Description: "efficient hybrid model with leading coding performance", - ContextLength: 1048576, - MaxCompletionTokens: 65536, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - { - ID: "vision-model", - Object: "model", - Created: 1758672000, - OwnedBy: "qwen", - Type: "qwen", - Version: "3.0", - DisplayName: "Qwen3 Vision Model", - Description: "Vision model model", - ContextLength: 32768, - MaxCompletionTokens: 2048, - SupportedParameters: []string{"temperature", "top_p", "max_tokens", "stream", "stop"}, - }, - } -} - -// iFlowThinkingSupport is a shared ThinkingSupport configuration for iFlow models -// that support thinking mode via chat_template_kwargs.enable_thinking (boolean toggle). -// Uses level-based configuration so standard normalization flows apply before conversion. -var iFlowThinkingSupport = &ThinkingSupport{ - Levels: []string{"none", "auto", "minimal", "low", "medium", "high", "xhigh"}, -} - -// GetIFlowModels returns supported models for iFlow OAuth accounts. -func GetIFlowModels() []*ModelInfo { - entries := []struct { - ID string - DisplayName string - Description string - Created int64 - Thinking *ThinkingSupport - }{ - {ID: "tstars2.0", DisplayName: "TStars-2.0", Description: "iFlow TStars-2.0 multimodal assistant", Created: 1746489600}, - {ID: "qwen3-coder-plus", DisplayName: "Qwen3-Coder-Plus", Description: "Qwen3 Coder Plus code generation", Created: 1753228800}, - {ID: "qwen3-max", DisplayName: "Qwen3-Max", Description: "Qwen3 flagship model", Created: 1758672000}, - {ID: "qwen3-vl-plus", DisplayName: "Qwen3-VL-Plus", Description: "Qwen3 multimodal vision-language", Created: 1758672000}, - {ID: "qwen3-max-preview", DisplayName: "Qwen3-Max-Preview", Description: "Qwen3 Max preview build", Created: 1757030400, Thinking: iFlowThinkingSupport}, - {ID: "kimi-k2-0905", DisplayName: "Kimi-K2-Instruct-0905", Description: "Moonshot Kimi K2 instruct 0905", Created: 1757030400}, - {ID: "glm-4.6", DisplayName: "GLM-4.6", Description: "Zhipu GLM 4.6 general model", Created: 1759190400, Thinking: iFlowThinkingSupport}, - {ID: "glm-4.7", DisplayName: "GLM-4.7", Description: "Zhipu GLM 4.7 general model", Created: 1766448000, Thinking: iFlowThinkingSupport}, - {ID: "glm-5", DisplayName: "GLM-5", Description: "Zhipu GLM 5 general model", Created: 1770768000, Thinking: iFlowThinkingSupport}, - {ID: "kimi-k2", DisplayName: "Kimi-K2", Description: "Moonshot Kimi K2 general model", Created: 1752192000}, - {ID: "kimi-k2-thinking", DisplayName: "Kimi-K2-Thinking", Description: "Moonshot Kimi K2 thinking model", Created: 1762387200}, - {ID: "deepseek-v3.2-chat", DisplayName: "DeepSeek-V3.2", Description: "DeepSeek V3.2 Chat", Created: 1764576000}, - {ID: "deepseek-v3.2-reasoner", DisplayName: "DeepSeek-V3.2", Description: "DeepSeek V3.2 Reasoner", Created: 1764576000}, - {ID: "deepseek-v3.2", DisplayName: "DeepSeek-V3.2-Exp", Description: "DeepSeek V3.2 experimental", Created: 1759104000, Thinking: iFlowThinkingSupport}, - {ID: "deepseek-v3.1", DisplayName: "DeepSeek-V3.1-Terminus", Description: "DeepSeek V3.1 Terminus", Created: 1756339200, Thinking: iFlowThinkingSupport}, - {ID: "deepseek-r1", DisplayName: "DeepSeek-R1", Description: "DeepSeek reasoning model R1", Created: 1737331200}, - {ID: "deepseek-v3", DisplayName: "DeepSeek-V3-671B", Description: "DeepSeek V3 671B", Created: 1734307200}, - {ID: "qwen3-32b", DisplayName: "Qwen3-32B", Description: "Qwen3 32B", Created: 1747094400}, - {ID: "qwen3-235b-a22b-thinking-2507", DisplayName: "Qwen3-235B-A22B-Thinking", Description: "Qwen3 235B A22B Thinking (2507)", Created: 1753401600}, - {ID: "qwen3-235b-a22b-instruct", DisplayName: "Qwen3-235B-A22B-Instruct", Description: "Qwen3 235B A22B Instruct", Created: 1753401600}, - {ID: "qwen3-235b", DisplayName: "Qwen3-235B-A22B", Description: "Qwen3 235B A22B", Created: 1753401600}, - {ID: "minimax-m2", DisplayName: "MiniMax-M2", Description: "MiniMax M2", Created: 1758672000, Thinking: iFlowThinkingSupport}, - {ID: "minimax-m2.1", DisplayName: "MiniMax-M2.1", Description: "MiniMax M2.1", Created: 1766448000, Thinking: iFlowThinkingSupport}, - {ID: "minimax-m2.5", DisplayName: "MiniMax-M2.5", Description: "MiniMax M2.5", Created: 1770825600, Thinking: iFlowThinkingSupport}, - {ID: "iflow-rome-30ba3b", DisplayName: "iFlow-ROME", Description: "iFlow Rome 30BA3B model", Created: 1736899200}, - {ID: "kimi-k2.5", DisplayName: "Kimi-K2.5", Description: "Moonshot Kimi K2.5", Created: 1769443200, Thinking: iFlowThinkingSupport}, - } - models := make([]*ModelInfo, 0, len(entries)) - for _, entry := range entries { - models = append(models, &ModelInfo{ - ID: entry.ID, - Object: "model", - Created: entry.Created, - OwnedBy: "iflow", - Type: "iflow", - DisplayName: entry.DisplayName, - Description: entry.Description, - Thinking: entry.Thinking, - }) - } - return models -} - -// AntigravityModelConfig captures static antigravity model overrides, including -// Thinking budget limits and provider max completion tokens. -type AntigravityModelConfig struct { - Thinking *ThinkingSupport - MaxCompletionTokens int -} - -// GetAntigravityModelConfig returns static configuration for antigravity models. -// Keys use upstream model names returned by the Antigravity models endpoint. -func GetAntigravityModelConfig() map[string]*AntigravityModelConfig { - return map[string]*AntigravityModelConfig{ - // "rev19-uic3-1p": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true}}, - "gemini-2.5-flash": {Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}}, - "gemini-2.5-flash-lite": {Thinking: &ThinkingSupport{Min: 0, Max: 24576, ZeroAllowed: true, DynamicAllowed: true}}, - "gemini-3-pro-high": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3-pro-image": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3.1-pro-high": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"low", "high"}}}, - "gemini-3-flash": {Thinking: &ThinkingSupport{Min: 128, Max: 32768, ZeroAllowed: false, DynamicAllowed: true, Levels: []string{"minimal", "low", "medium", "high"}}}, - "claude-opus-4-5-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-opus-4-6-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-sonnet-4-5": {MaxCompletionTokens: 64000}, - "claude-sonnet-4-5-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "claude-sonnet-4-6": {MaxCompletionTokens: 64000}, - "claude-sonnet-4-6-thinking": {Thinking: &ThinkingSupport{Min: 1024, Max: 128000, ZeroAllowed: true, DynamicAllowed: true}, MaxCompletionTokens: 64000}, - "gpt-oss-120b-medium": {}, - "tab_flash_lite_preview": {}, - } -} - -// GetKimiModels returns the standard Kimi (Moonshot AI) model definitions -func GetKimiModels() []*ModelInfo { - return []*ModelInfo{ - { - ID: "kimi-k2", - Object: "model", - Created: 1752192000, // 2025-07-11 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2", - Description: "Kimi K2 - Moonshot AI's flagship coding model", - ContextLength: 131072, - MaxCompletionTokens: 32768, - }, - { - ID: "kimi-k2-thinking", - Object: "model", - Created: 1762387200, // 2025-11-06 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2 Thinking", - Description: "Kimi K2 Thinking - Extended reasoning model", - ContextLength: 131072, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - { - ID: "kimi-k2.5", - Object: "model", - Created: 1769472000, // 2026-01-26 - OwnedBy: "moonshot", - Type: "kimi", - DisplayName: "Kimi K2.5", - Description: "Kimi K2.5 - Latest Moonshot AI coding model with improved capabilities", - ContextLength: 131072, - MaxCompletionTokens: 32768, - Thinking: &ThinkingSupport{Min: 1024, Max: 32000, ZeroAllowed: true, DynamicAllowed: true}, - }, - } -} - -// GetCursorModels returns the Cursor model definitions (fallback stubs) -func GetCursorModels() []*ModelInfo { - return nil // Cursor models are typically fetched from executor -} - -// GetMiniMaxModels returns the MiniMax model definitions (fallback stubs) -func GetMiniMaxModels() []*ModelInfo { - return nil // MiniMax models are typically fetched from executor -} - -// GetRooModels returns the Roo model definitions (fallback stubs) -func GetRooModels() []*ModelInfo { - return nil // Roo models are typically fetched from executor -} - -// GetDeepSeekModels returns the DeepSeek model definitions (fallback stubs) -func GetDeepSeekModels() []*ModelInfo { - return nil // DeepSeek models are typically fetched from executor -} - -// GetGroqModels returns the Groq model definitions (fallback stubs) -func GetGroqModels() []*ModelInfo { - return nil // Groq models are typically fetched from executor -} - -// GetMistralModels returns the Mistral model definitions (fallback stubs) -func GetMistralModels() []*ModelInfo { - return nil // Mistral models are typically fetched from executor -} - -// GetSiliconFlowModels returns the SiliconFlow model definitions (fallback stubs) -func GetSiliconFlowModels() []*ModelInfo { - return nil // SiliconFlow models are typically fetched from executor -} - -// GetOpenRouterModels returns the OpenRouter model definitions (fallback stubs) -func GetOpenRouterModels() []*ModelInfo { - return nil // OpenRouter models are typically fetched from executor -} - -// GetTogetherModels returns the Together model definitions (fallback stubs) -func GetTogetherModels() []*ModelInfo { - return nil // Together models are typically fetched from executor -} - -// GetFireworksModels returns the Fireworks model definitions (fallback stubs) -func GetFireworksModels() []*ModelInfo { - return nil // Fireworks models are typically fetched from executor -} - -// GetNovitaModels returns the Novita model definitions (fallback stubs) -func GetNovitaModels() []*ModelInfo { - return nil // Novita models are typically fetched from executor -} diff --git a/internal/registry/model_registry.go b/internal/registry/model_registry.go deleted file mode 100644 index 234d263883..0000000000 --- a/internal/registry/model_registry.go +++ /dev/null @@ -1,1214 +0,0 @@ -// Package registry provides centralized model management for all AI service providers. -// It implements a dynamic model registry with reference counting to track active clients -// and automatically hide models when no clients are available or when quota is exceeded. -package registry - -import ( - "context" - "fmt" - "sort" - "strings" - "sync" - "time" - - misc "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - log "github.com/sirupsen/logrus" -) - -// ModelInfo represents information about an available model -type ModelInfo struct { - // ID is the unique identifier for the model - ID string `json:"id"` - // Object type for the model (typically "model") - Object string `json:"object"` - // Created timestamp when the model was created - Created int64 `json:"created"` - // OwnedBy indicates the organization that owns the model - OwnedBy string `json:"owned_by"` - // Type indicates the model type (e.g., "claude", "gemini", "openai") - Type string `json:"type"` - // DisplayName is the human-readable name for the model - DisplayName string `json:"display_name,omitempty"` - // Name is used for Gemini-style model names - Name string `json:"name,omitempty"` - // Version is the model version - Version string `json:"version,omitempty"` - // Description provides detailed information about the model - Description string `json:"description,omitempty"` - // InputTokenLimit is the maximum input token limit - InputTokenLimit int `json:"inputTokenLimit,omitempty"` - // OutputTokenLimit is the maximum output token limit - OutputTokenLimit int `json:"outputTokenLimit,omitempty"` - // SupportedGenerationMethods lists supported generation methods - SupportedGenerationMethods []string `json:"supportedGenerationMethods,omitempty"` - // ContextLength is the context window size - ContextLength int `json:"context_length,omitempty"` - // MaxCompletionTokens is the maximum completion tokens - MaxCompletionTokens int `json:"max_completion_tokens,omitempty"` - // SupportedParameters lists supported parameters - SupportedParameters []string `json:"supported_parameters,omitempty"` - // SupportedEndpoints lists supported API endpoints (e.g., "/chat/completions", "/responses"). - SupportedEndpoints []string `json:"supported_endpoints,omitempty"` - - // Thinking holds provider-specific reasoning/thinking budget capabilities. - // This is optional and currently used for Gemini thinking budget normalization. - Thinking *ThinkingSupport `json:"thinking,omitempty"` - - // UserDefined indicates this model was defined through config file's models[] - // array (e.g., openai-compatibility.*.models[], *-api-key.models[]). - // UserDefined models have thinking configuration passed through without validation. - UserDefined bool `json:"-"` -} - -// ThinkingSupport describes a model family's supported internal reasoning budget range. -// Values are interpreted in provider-native token units. -type ThinkingSupport struct { - // Min is the minimum allowed thinking budget (inclusive). - Min int `json:"min,omitempty"` - // Max is the maximum allowed thinking budget (inclusive). - Max int `json:"max,omitempty"` - // ZeroAllowed indicates whether 0 is a valid value (to disable thinking). - ZeroAllowed bool `json:"zero_allowed,omitempty"` - // DynamicAllowed indicates whether -1 is a valid value (dynamic thinking budget). - DynamicAllowed bool `json:"dynamic_allowed,omitempty"` - // Levels defines discrete reasoning effort levels (e.g., "low", "medium", "high"). - // When set, the model uses level-based reasoning instead of token budgets. - Levels []string `json:"levels,omitempty"` -} - -// ModelRegistration tracks a model's availability -type ModelRegistration struct { - // Info contains the model metadata - Info *ModelInfo - // InfoByProvider maps provider identifiers to specific ModelInfo to support differing capabilities. - InfoByProvider map[string]*ModelInfo - // Count is the number of active clients that can provide this model - Count int - // LastUpdated tracks when this registration was last modified - LastUpdated time.Time - // QuotaExceededClients tracks which clients have exceeded quota for this model - QuotaExceededClients map[string]*time.Time - // Providers tracks available clients grouped by provider identifier - Providers map[string]int - // SuspendedClients tracks temporarily disabled clients keyed by client ID - SuspendedClients map[string]string -} - -// ModelRegistryHook provides optional callbacks for external integrations to track model list changes. -// Hook implementations must be non-blocking and resilient; calls are executed asynchronously and panics are recovered. -type ModelRegistryHook interface { - OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) - OnModelsUnregistered(ctx context.Context, provider, clientID string) -} - -// ModelRegistry manages the global registry of available models -type ModelRegistry struct { - // models maps model ID to registration information - models map[string]*ModelRegistration - // clientModels maps client ID to the models it provides - clientModels map[string][]string - // clientModelInfos maps client ID to a map of model ID -> ModelInfo - // This preserves the original model info provided by each client - clientModelInfos map[string]map[string]*ModelInfo - // clientProviders maps client ID to its provider identifier - clientProviders map[string]string - // mutex ensures thread-safe access to the registry - mutex *sync.RWMutex - // hook is an optional callback sink for model registration changes - hook ModelRegistryHook -} - -// Global model registry instance -var globalRegistry *ModelRegistry -var registryOnce sync.Once - -// GetGlobalRegistry returns the global model registry instance -func GetGlobalRegistry() *ModelRegistry { - registryOnce.Do(func() { - globalRegistry = &ModelRegistry{ - models: make(map[string]*ModelRegistration), - clientModels: make(map[string][]string), - clientModelInfos: make(map[string]map[string]*ModelInfo), - clientProviders: make(map[string]string), - mutex: &sync.RWMutex{}, - } - }) - return globalRegistry -} - -// LookupModelInfo searches dynamic registry (provider-specific > global) then static definitions. -func LookupModelInfo(modelID string, provider ...string) *ModelInfo { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - return nil - } - - p := "" - if len(provider) > 0 { - p = strings.ToLower(strings.TrimSpace(provider[0])) - } - - if info := GetGlobalRegistry().GetModelInfo(modelID, p); info != nil { - return info - } - return LookupStaticModelInfo(modelID) -} - -// SetHook sets an optional hook for observing model registration changes. -func (r *ModelRegistry) SetHook(hook ModelRegistryHook) { - if r == nil { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - r.hook = hook -} - -const defaultModelRegistryHookTimeout = 5 * time.Second - -func (r *ModelRegistry) triggerModelsRegistered(provider, clientID string, models []*ModelInfo) { - hook := r.hook - if hook == nil { - return - } - modelsCopy := cloneModelInfosUnique(models) - go func() { - defer func() { - if recovered := recover(); recovered != nil { - log.Errorf("model registry hook OnModelsRegistered panic: %v", recovered) - } - }() - ctx, cancel := context.WithTimeout(context.Background(), defaultModelRegistryHookTimeout) - defer cancel() - hook.OnModelsRegistered(ctx, provider, clientID, modelsCopy) - }() -} - -func (r *ModelRegistry) triggerModelsUnregistered(provider, clientID string) { - hook := r.hook - if hook == nil { - return - } - go func() { - defer func() { - if recovered := recover(); recovered != nil { - log.Errorf("model registry hook OnModelsUnregistered panic: %v", recovered) - } - }() - ctx, cancel := context.WithTimeout(context.Background(), defaultModelRegistryHookTimeout) - defer cancel() - hook.OnModelsUnregistered(ctx, provider, clientID) - }() -} - -// RegisterClient registers a client and its supported models -// Parameters: -// - clientID: Unique identifier for the client -// - clientProvider: Provider name (e.g., "gemini", "claude", "openai") -// - models: List of models that this client can provide -func (r *ModelRegistry) RegisterClient(clientID, clientProvider string, models []*ModelInfo) { - r.mutex.Lock() - defer r.mutex.Unlock() - - provider := strings.ToLower(clientProvider) - uniqueModelIDs := make([]string, 0, len(models)) - rawModelIDs := make([]string, 0, len(models)) - newModels := make(map[string]*ModelInfo, len(models)) - newCounts := make(map[string]int, len(models)) - for _, model := range models { - if model == nil || model.ID == "" { - continue - } - rawModelIDs = append(rawModelIDs, model.ID) - newCounts[model.ID]++ - if _, exists := newModels[model.ID]; exists { - continue - } - newModels[model.ID] = model - uniqueModelIDs = append(uniqueModelIDs, model.ID) - } - - if len(uniqueModelIDs) == 0 { - // No models supplied; unregister existing client state if present. - r.unregisterClientInternal(clientID) - delete(r.clientModels, clientID) - delete(r.clientModelInfos, clientID) - delete(r.clientProviders, clientID) - misc.LogCredentialSeparator() - return - } - - now := time.Now() - - oldModels, hadExisting := r.clientModels[clientID] - oldProvider := r.clientProviders[clientID] - providerChanged := oldProvider != provider - if !hadExisting { - // Pure addition path. - for _, modelID := range rawModelIDs { - model := newModels[modelID] - r.addModelRegistration(modelID, provider, model, now) - } - r.clientModels[clientID] = append([]string(nil), rawModelIDs...) - // Store client's own model infos - clientInfos := make(map[string]*ModelInfo, len(newModels)) - for id, m := range newModels { - clientInfos[id] = cloneModelInfo(m) - } - r.clientModelInfos[clientID] = clientInfos - if provider != "" { - r.clientProviders[clientID] = provider - } else { - delete(r.clientProviders, clientID) - } - r.triggerModelsRegistered(provider, clientID, models) - log.Debugf("Registered client %s from provider %s with %d models", clientID, clientProvider, len(rawModelIDs)) - misc.LogCredentialSeparator() - return - } - - oldCounts := make(map[string]int, len(oldModels)) - for _, id := range oldModels { - oldCounts[id]++ - } - - added := make([]string, 0) - for _, id := range uniqueModelIDs { - if oldCounts[id] == 0 { - added = append(added, id) - } - } - - removed := make([]string, 0) - for id := range oldCounts { - if newCounts[id] == 0 { - removed = append(removed, id) - } - } - - // Handle provider change for overlapping models before modifications. - if providerChanged && oldProvider != "" { - for id, newCount := range newCounts { - if newCount == 0 { - continue - } - oldCount := oldCounts[id] - if oldCount == 0 { - continue - } - toRemove := newCount - if oldCount < toRemove { - toRemove = oldCount - } - if reg, ok := r.models[id]; ok && reg.Providers != nil { - if count, okProv := reg.Providers[oldProvider]; okProv { - if count <= toRemove { - delete(reg.Providers, oldProvider) - if reg.InfoByProvider != nil { - delete(reg.InfoByProvider, oldProvider) - } - } else { - reg.Providers[oldProvider] = count - toRemove - } - } - } - } - } - - // Apply removals first to keep counters accurate. - for _, id := range removed { - oldCount := oldCounts[id] - for i := 0; i < oldCount; i++ { - r.removeModelRegistration(clientID, id, oldProvider, now) - } - } - - for id, oldCount := range oldCounts { - newCount := newCounts[id] - if newCount == 0 || oldCount <= newCount { - continue - } - overage := oldCount - newCount - for i := 0; i < overage; i++ { - r.removeModelRegistration(clientID, id, oldProvider, now) - } - } - - // Apply additions. - for id, newCount := range newCounts { - oldCount := oldCounts[id] - if newCount <= oldCount { - continue - } - model := newModels[id] - diff := newCount - oldCount - for i := 0; i < diff; i++ { - r.addModelRegistration(id, provider, model, now) - } - } - - // Update metadata for models that remain associated with the client. - addedSet := make(map[string]struct{}, len(added)) - for _, id := range added { - addedSet[id] = struct{}{} - } - for _, id := range uniqueModelIDs { - model := newModels[id] - if reg, ok := r.models[id]; ok { - reg.Info = cloneModelInfo(model) - if provider != "" { - if reg.InfoByProvider == nil { - reg.InfoByProvider = make(map[string]*ModelInfo) - } - reg.InfoByProvider[provider] = cloneModelInfo(model) - } - reg.LastUpdated = now - if reg.QuotaExceededClients != nil { - delete(reg.QuotaExceededClients, clientID) - } - if reg.SuspendedClients != nil { - delete(reg.SuspendedClients, clientID) - } - if providerChanged && provider != "" { - if _, newlyAdded := addedSet[id]; newlyAdded { - continue - } - overlapCount := newCounts[id] - if oldCount := oldCounts[id]; oldCount < overlapCount { - overlapCount = oldCount - } - if overlapCount <= 0 { - continue - } - if reg.Providers == nil { - reg.Providers = make(map[string]int) - } - reg.Providers[provider] += overlapCount - } - } - } - - // Update client bookkeeping. - if len(rawModelIDs) > 0 { - r.clientModels[clientID] = append([]string(nil), rawModelIDs...) - } - // Update client's own model infos - clientInfos := make(map[string]*ModelInfo, len(newModels)) - for id, m := range newModels { - clientInfos[id] = cloneModelInfo(m) - } - r.clientModelInfos[clientID] = clientInfos - if provider != "" { - r.clientProviders[clientID] = provider - } else { - delete(r.clientProviders, clientID) - } - - r.triggerModelsRegistered(provider, clientID, models) - if len(added) == 0 && len(removed) == 0 && !providerChanged { - // Only metadata (e.g., display name) changed; skip separator when no log output. - return - } - - log.Debugf("Reconciled client %s (provider %s) models: +%d, -%d", clientID, provider, len(added), len(removed)) - misc.LogCredentialSeparator() -} - -func (r *ModelRegistry) addModelRegistration(modelID, provider string, model *ModelInfo, now time.Time) { - if model == nil || modelID == "" { - return - } - if existing, exists := r.models[modelID]; exists { - existing.Count++ - existing.LastUpdated = now - existing.Info = cloneModelInfo(model) - if existing.SuspendedClients == nil { - existing.SuspendedClients = make(map[string]string) - } - if existing.InfoByProvider == nil { - existing.InfoByProvider = make(map[string]*ModelInfo) - } - if provider != "" { - if existing.Providers == nil { - existing.Providers = make(map[string]int) - } - existing.Providers[provider]++ - existing.InfoByProvider[provider] = cloneModelInfo(model) - } - log.Debugf("Incremented count for model %s, now %d clients", modelID, existing.Count) - return - } - - registration := &ModelRegistration{ - Info: cloneModelInfo(model), - InfoByProvider: make(map[string]*ModelInfo), - Count: 1, - LastUpdated: now, - QuotaExceededClients: make(map[string]*time.Time), - SuspendedClients: make(map[string]string), - } - if provider != "" { - registration.Providers = map[string]int{provider: 1} - registration.InfoByProvider[provider] = cloneModelInfo(model) - } - r.models[modelID] = registration - log.Debugf("Registered new model %s from provider %s", modelID, provider) -} - -func (r *ModelRegistry) removeModelRegistration(clientID, modelID, provider string, now time.Time) { - registration, exists := r.models[modelID] - if !exists { - return - } - registration.Count-- - registration.LastUpdated = now - if registration.QuotaExceededClients != nil { - delete(registration.QuotaExceededClients, clientID) - } - if registration.SuspendedClients != nil { - delete(registration.SuspendedClients, clientID) - } - if registration.Count < 0 { - registration.Count = 0 - } - if provider != "" && registration.Providers != nil { - if count, ok := registration.Providers[provider]; ok { - if count <= 1 { - delete(registration.Providers, provider) - if registration.InfoByProvider != nil { - delete(registration.InfoByProvider, provider) - } - } else { - registration.Providers[provider] = count - 1 - } - } - } - log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count) - if registration.Count <= 0 { - delete(r.models, modelID) - log.Debugf("Removed model %s as no clients remain", modelID) - } -} - -func cloneModelInfo(model *ModelInfo) *ModelInfo { - if model == nil { - return nil - } - copyModel := *model - if len(model.SupportedGenerationMethods) > 0 { - copyModel.SupportedGenerationMethods = append([]string(nil), model.SupportedGenerationMethods...) - } - if len(model.SupportedParameters) > 0 { - copyModel.SupportedParameters = append([]string(nil), model.SupportedParameters...) - } - if len(model.SupportedEndpoints) > 0 { - copyModel.SupportedEndpoints = append([]string(nil), model.SupportedEndpoints...) - } - return ©Model -} - -func cloneModelInfosUnique(models []*ModelInfo) []*ModelInfo { - if len(models) == 0 { - return nil - } - cloned := make([]*ModelInfo, 0, len(models)) - seen := make(map[string]struct{}, len(models)) - for _, model := range models { - if model == nil || model.ID == "" { - continue - } - if _, exists := seen[model.ID]; exists { - continue - } - seen[model.ID] = struct{}{} - cloned = append(cloned, cloneModelInfo(model)) - } - return cloned -} - -// UnregisterClient removes a client and decrements counts for its models -// Parameters: -// - clientID: Unique identifier for the client to remove -func (r *ModelRegistry) UnregisterClient(clientID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - r.unregisterClientInternal(clientID) -} - -// unregisterClientInternal performs the actual client unregistration (internal, no locking) -func (r *ModelRegistry) unregisterClientInternal(clientID string) { - models, exists := r.clientModels[clientID] - provider, hasProvider := r.clientProviders[clientID] - if !exists { - if hasProvider { - delete(r.clientProviders, clientID) - } - return - } - - now := time.Now() - for _, modelID := range models { - if registration, isExists := r.models[modelID]; isExists { - registration.Count-- - registration.LastUpdated = now - - // Remove quota tracking for this client - delete(registration.QuotaExceededClients, clientID) - if registration.SuspendedClients != nil { - delete(registration.SuspendedClients, clientID) - } - - if hasProvider && registration.Providers != nil { - if count, ok := registration.Providers[provider]; ok { - if count <= 1 { - delete(registration.Providers, provider) - if registration.InfoByProvider != nil { - delete(registration.InfoByProvider, provider) - } - } else { - registration.Providers[provider] = count - 1 - } - } - } - - log.Debugf("Decremented count for model %s, now %d clients", modelID, registration.Count) - - // Remove model if no clients remain - if registration.Count <= 0 { - delete(r.models, modelID) - log.Debugf("Removed model %s as no clients remain", modelID) - } - } - } - - delete(r.clientModels, clientID) - delete(r.clientModelInfos, clientID) - if hasProvider { - delete(r.clientProviders, clientID) - } - log.Debugf("Unregistered client %s", clientID) - // Separator line after completing client unregistration (after the summary line) - misc.LogCredentialSeparator() - r.triggerModelsUnregistered(provider, clientID) -} - -// SetModelQuotaExceeded marks a model as quota exceeded for a specific client -// Parameters: -// - clientID: The client that exceeded quota -// - modelID: The model that exceeded quota -func (r *ModelRegistry) SetModelQuotaExceeded(clientID, modelID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - - if registration, exists := r.models[modelID]; exists { - registration.QuotaExceededClients[clientID] = new(time.Now()) - log.Debugf("Marked model %s as quota exceeded for client %s", modelID, clientID) - } -} - -// ClearModelQuotaExceeded removes quota exceeded status for a model and client -// Parameters: -// - clientID: The client to clear quota status for -// - modelID: The model to clear quota status for -func (r *ModelRegistry) ClearModelQuotaExceeded(clientID, modelID string) { - r.mutex.Lock() - defer r.mutex.Unlock() - - if registration, exists := r.models[modelID]; exists { - delete(registration.QuotaExceededClients, clientID) - // log.Debugf("Cleared quota exceeded status for model %s and client %s", modelID, clientID) - } -} - -// SuspendClientModel marks a client's model as temporarily unavailable until explicitly resumed. -// Parameters: -// - clientID: The client to suspend -// - modelID: The model affected by the suspension -// - reason: Optional description for observability -func (r *ModelRegistry) SuspendClientModel(clientID, modelID, reason string) { - if clientID == "" || modelID == "" { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil { - return - } - if registration.SuspendedClients == nil { - registration.SuspendedClients = make(map[string]string) - } - if _, already := registration.SuspendedClients[clientID]; already { - return - } - registration.SuspendedClients[clientID] = reason - registration.LastUpdated = time.Now() - if reason != "" { - log.Debugf("Suspended client %s for model %s: %s", clientID, modelID, reason) - } else { - log.Debugf("Suspended client %s for model %s", clientID, modelID) - } -} - -// ResumeClientModel clears a previous suspension so the client counts toward availability again. -// Parameters: -// - clientID: The client to resume -// - modelID: The model being resumed -func (r *ModelRegistry) ResumeClientModel(clientID, modelID string) { - if clientID == "" || modelID == "" { - return - } - r.mutex.Lock() - defer r.mutex.Unlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil || registration.SuspendedClients == nil { - return - } - if _, ok := registration.SuspendedClients[clientID]; !ok { - return - } - delete(registration.SuspendedClients, clientID) - registration.LastUpdated = time.Now() - // codeql[go/clear-text-logging] - clientID and modelID are non-sensitive identifiers - log.Debugf("Resumed client %s for model %s", clientID, modelID) -} - -// ClientSupportsModel reports whether the client registered support for modelID. -func (r *ModelRegistry) ClientSupportsModel(clientID, modelID string) bool { - clientID = strings.TrimSpace(clientID) - modelID = strings.TrimSpace(modelID) - if clientID == "" || modelID == "" { - return false - } - - r.mutex.RLock() - defer r.mutex.RUnlock() - - models, exists := r.clientModels[clientID] - if !exists || len(models) == 0 { - return false - } - - for _, id := range models { - if strings.EqualFold(strings.TrimSpace(id), modelID) { - return true - } - } - - return false -} - -// GetAvailableModels returns all models that have at least one available client -// Parameters: -// - handlerType: The handler type to filter models for (e.g., "openai", "claude", "gemini") -// -// Returns: -// - []map[string]any: List of available models in the requested format -func (r *ModelRegistry) GetAvailableModels(handlerType string) []map[string]any { - r.mutex.RLock() - defer r.mutex.RUnlock() - - models := make([]map[string]any, 0) - quotaExpiredDuration := 5 * time.Minute - - for _, registration := range r.models { - // Check if model has any non-quota-exceeded clients - availableClients := registration.Count - now := time.Now() - - // Count clients that have exceeded quota but haven't recovered yet - expiredClients := 0 - for _, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - - cooldownSuspended := 0 - otherSuspended := 0 - if registration.SuspendedClients != nil { - for _, reason := range registration.SuspendedClients { - if strings.EqualFold(reason, "quota") { - cooldownSuspended++ - continue - } - otherSuspended++ - } - } - - effectiveClients := availableClients - expiredClients - otherSuspended - if effectiveClients < 0 { - effectiveClients = 0 - } - - // Include models that have available clients, or those solely cooling down. - if effectiveClients > 0 || (availableClients > 0 && (expiredClients > 0 || cooldownSuspended > 0) && otherSuspended == 0) { - model := r.convertModelToMap(registration.Info, handlerType) - if model != nil { - models = append(models, model) - } - } - } - - return models -} - -// GetAvailableModelsByProvider returns models available for the given provider identifier. -// Parameters: -// - provider: Provider identifier (e.g., "codex", "gemini", "antigravity") -// -// Returns: -// - []*ModelInfo: List of available models for the provider -func (r *ModelRegistry) GetAvailableModelsByProvider(provider string) []*ModelInfo { - provider = strings.ToLower(strings.TrimSpace(provider)) - if provider == "" { - return nil - } - - r.mutex.RLock() - defer r.mutex.RUnlock() - - type providerModel struct { - count int - info *ModelInfo - } - - providerModels := make(map[string]*providerModel) - - for clientID, clientProvider := range r.clientProviders { - if clientProvider != provider { - continue - } - modelIDs := r.clientModels[clientID] - if len(modelIDs) == 0 { - continue - } - clientInfos := r.clientModelInfos[clientID] - for _, modelID := range modelIDs { - modelID = strings.TrimSpace(modelID) - if modelID == "" { - continue - } - entry := providerModels[modelID] - if entry == nil { - entry = &providerModel{} - providerModels[modelID] = entry - } - entry.count++ - if entry.info == nil { - if clientInfos != nil { - if info := clientInfos[modelID]; info != nil { - entry.info = info - } - } - if entry.info == nil { - if reg, ok := r.models[modelID]; ok && reg != nil && reg.Info != nil { - entry.info = reg.Info - } - } - } - } - } - - if len(providerModels) == 0 { - return nil - } - - quotaExpiredDuration := 5 * time.Minute - now := time.Now() - result := make([]*ModelInfo, 0, len(providerModels)) - - for modelID, entry := range providerModels { - if entry == nil || entry.count <= 0 { - continue - } - registration, ok := r.models[modelID] - - expiredClients := 0 - cooldownSuspended := 0 - otherSuspended := 0 - if ok && registration != nil { - if registration.QuotaExceededClients != nil { - for clientID, quotaTime := range registration.QuotaExceededClients { - if clientID == "" { - continue - } - if p, okProvider := r.clientProviders[clientID]; !okProvider || p != provider { - continue - } - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - } - if registration.SuspendedClients != nil { - for clientID, reason := range registration.SuspendedClients { - if clientID == "" { - continue - } - if p, okProvider := r.clientProviders[clientID]; !okProvider || p != provider { - continue - } - if strings.EqualFold(reason, "quota") { - cooldownSuspended++ - continue - } - otherSuspended++ - } - } - } - - availableClients := entry.count - effectiveClients := availableClients - expiredClients - otherSuspended - if effectiveClients < 0 { - effectiveClients = 0 - } - - if effectiveClients > 0 || (availableClients > 0 && (expiredClients > 0 || cooldownSuspended > 0) && otherSuspended == 0) { - if entry.info != nil { - result = append(result, entry.info) - continue - } - if ok && registration != nil && registration.Info != nil { - result = append(result, registration.Info) - } - } - } - - return result -} - -// GetModelCount returns the number of available clients for a specific model -// Parameters: -// - modelID: The model ID to check -// -// Returns: -// - int: Number of available clients for the model -func (r *ModelRegistry) GetModelCount(modelID string) int { - r.mutex.RLock() - defer r.mutex.RUnlock() - - if registration, exists := r.models[modelID]; exists { - now := time.Now() - quotaExpiredDuration := 5 * time.Minute - - // Count clients that have exceeded quota but haven't recovered yet - expiredClients := 0 - for _, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) < quotaExpiredDuration { - expiredClients++ - } - } - suspendedClients := 0 - if registration.SuspendedClients != nil { - suspendedClients = len(registration.SuspendedClients) - } - result := registration.Count - expiredClients - suspendedClients - if result < 0 { - return 0 - } - return result - } - return 0 -} - -// GetModelProviders returns provider identifiers that currently supply the given model -// Parameters: -// - modelID: The model ID to check -// -// Returns: -// - []string: Provider identifiers ordered by availability count (descending) -func (r *ModelRegistry) GetModelProviders(modelID string) []string { - r.mutex.RLock() - defer r.mutex.RUnlock() - - registration, exists := r.models[modelID] - if !exists || registration == nil || len(registration.Providers) == 0 { - return nil - } - - type providerCount struct { - name string - count int - } - providers := make([]providerCount, 0, len(registration.Providers)) - // suspendedByProvider := make(map[string]int) - // if registration.SuspendedClients != nil { - // for clientID := range registration.SuspendedClients { - // if provider, ok := r.clientProviders[clientID]; ok && provider != "" { - // suspendedByProvider[provider]++ - // } - // } - // } - for name, count := range registration.Providers { - if count <= 0 { - continue - } - // adjusted := count - suspendedByProvider[name] - // if adjusted <= 0 { - // continue - // } - // providers = append(providers, providerCount{name: name, count: adjusted}) - providers = append(providers, providerCount{name: name, count: count}) - } - if len(providers) == 0 { - return nil - } - - sort.Slice(providers, func(i, j int) bool { - if providers[i].count == providers[j].count { - return providers[i].name < providers[j].name - } - return providers[i].count > providers[j].count - }) - - result := make([]string, 0, len(providers)) - for _, item := range providers { - result = append(result, item.name) - } - return result -} - -// GetModelInfo returns ModelInfo, prioritizing provider-specific definition if available. -func (r *ModelRegistry) GetModelInfo(modelID, provider string) *ModelInfo { - r.mutex.RLock() - defer r.mutex.RUnlock() - if reg, ok := r.models[modelID]; ok && reg != nil { - // Try provider specific definition first - if provider != "" && reg.InfoByProvider != nil { - if reg.Providers != nil { - if count, ok := reg.Providers[provider]; ok && count > 0 { - if info, ok := reg.InfoByProvider[provider]; ok && info != nil { - return info - } - } - } - } - // Fallback to global info (last registered) - return reg.Info - } - return nil -} - -// convertModelToMap converts ModelInfo to the appropriate format for different handler types -func (r *ModelRegistry) convertModelToMap(model *ModelInfo, handlerType string) map[string]any { - if model == nil { - return nil - } - - switch handlerType { - case "openai": - result := map[string]any{ - "id": model.ID, - "object": "model", - "owned_by": model.OwnedBy, - } - if model.Created > 0 { - result["created"] = model.Created - } - if model.Type != "" { - result["type"] = model.Type - } - if model.DisplayName != "" { - result["display_name"] = model.DisplayName - } - if model.Version != "" { - result["version"] = model.Version - } - if model.Description != "" { - result["description"] = model.Description - } - if model.ContextLength > 0 { - result["context_length"] = model.ContextLength - } - if model.MaxCompletionTokens > 0 { - result["max_completion_tokens"] = model.MaxCompletionTokens - } - if len(model.SupportedParameters) > 0 { - result["supported_parameters"] = model.SupportedParameters - } - if len(model.SupportedEndpoints) > 0 { - result["supported_endpoints"] = model.SupportedEndpoints - } - return result - - case "claude", "kiro", "antigravity": - // Claude, Kiro, and Antigravity all use Claude-compatible format for Claude Code client - result := map[string]any{ - "id": model.ID, - "object": "model", - "owned_by": model.OwnedBy, - } - if model.Created > 0 { - result["created_at"] = model.Created - } - if model.Type != "" { - result["type"] = "model" - } - if model.DisplayName != "" { - result["display_name"] = model.DisplayName - } - // Add thinking support for Claude Code client - // Claude Code checks for "thinking" field (simple boolean) to enable tab toggle - // Also add "extended_thinking" for detailed budget info - if model.Thinking != nil { - result["thinking"] = true - result["extended_thinking"] = map[string]any{ - "supported": true, - "min": model.Thinking.Min, - "max": model.Thinking.Max, - "zero_allowed": model.Thinking.ZeroAllowed, - "dynamic_allowed": model.Thinking.DynamicAllowed, - } - } - return result - - case "gemini": - result := map[string]any{} - if model.Name != "" { - result["name"] = model.Name - } else { - result["name"] = model.ID - } - if model.Version != "" { - result["version"] = model.Version - } - if model.DisplayName != "" { - result["displayName"] = model.DisplayName - } - if model.Description != "" { - result["description"] = model.Description - } - if model.InputTokenLimit > 0 { - result["inputTokenLimit"] = model.InputTokenLimit - } - if model.OutputTokenLimit > 0 { - result["outputTokenLimit"] = model.OutputTokenLimit - } - if len(model.SupportedGenerationMethods) > 0 { - result["supportedGenerationMethods"] = model.SupportedGenerationMethods - } - return result - - default: - // Generic format - result := map[string]any{ - "id": model.ID, - "object": "model", - } - if model.OwnedBy != "" { - result["owned_by"] = model.OwnedBy - } - if model.Type != "" { - result["type"] = model.Type - } - if model.Created != 0 { - result["created"] = model.Created - } - return result - } -} - -// CleanupExpiredQuotas removes expired quota tracking entries -func (r *ModelRegistry) CleanupExpiredQuotas() { - r.mutex.Lock() - defer r.mutex.Unlock() - - now := time.Now() - quotaExpiredDuration := 5 * time.Minute - - for modelID, registration := range r.models { - for clientID, quotaTime := range registration.QuotaExceededClients { - if quotaTime != nil && now.Sub(*quotaTime) >= quotaExpiredDuration { - delete(registration.QuotaExceededClients, clientID) - log.Debugf("Cleaned up expired quota tracking for model %s, client %s", modelID, clientID) - } - } - } -} - -// GetFirstAvailableModel returns the first available model for the given handler type. -// It prioritizes models by their creation timestamp (newest first) and checks if they have -// available clients that are not suspended or over quota. -// -// Parameters: -// - handlerType: The API handler type (e.g., "openai", "claude", "gemini") -// -// Returns: -// - string: The model ID of the first available model, or empty string if none available -// - error: An error if no models are available -func (r *ModelRegistry) GetFirstAvailableModel(handlerType string) (string, error) { - r.mutex.RLock() - defer r.mutex.RUnlock() - - // Get all available models for this handler type - models := r.GetAvailableModels(handlerType) - if len(models) == 0 { - return "", fmt.Errorf("no models available for handler type: %s", handlerType) - } - - // Sort models by creation timestamp (newest first) - sort.Slice(models, func(i, j int) bool { - // Extract created timestamps from map - createdI, okI := models[i]["created"].(int64) - createdJ, okJ := models[j]["created"].(int64) - if !okI || !okJ { - return false - } - return createdI > createdJ - }) - - // Find the first model with available clients - for _, model := range models { - if modelID, ok := model["id"].(string); ok { - if count := r.GetModelCount(modelID); count > 0 { - return modelID, nil - } - } - } - - return "", fmt.Errorf("no available clients for any model in handler type: %s", handlerType) -} - -// GetModelsForClient returns the models registered for a specific client. -// Parameters: -// - clientID: The client identifier (typically auth file name or auth ID) -// -// Returns: -// - []*ModelInfo: List of models registered for this client, nil if client not found -func (r *ModelRegistry) GetModelsForClient(clientID string) []*ModelInfo { - r.mutex.RLock() - defer r.mutex.RUnlock() - - modelIDs, exists := r.clientModels[clientID] - if !exists || len(modelIDs) == 0 { - return nil - } - - // Try to use client-specific model infos first - clientInfos := r.clientModelInfos[clientID] - - seen := make(map[string]struct{}) - result := make([]*ModelInfo, 0, len(modelIDs)) - for _, modelID := range modelIDs { - if _, dup := seen[modelID]; dup { - continue - } - seen[modelID] = struct{}{} - - // Prefer client's own model info to preserve original type/owned_by - if clientInfos != nil { - if info, ok := clientInfos[modelID]; ok && info != nil { - result = append(result, info) - continue - } - } - // Fallback to global registry (for backwards compatibility) - if reg, ok := r.models[modelID]; ok && reg.Info != nil { - result = append(result, reg.Info) - } - } - return result -} diff --git a/internal/registry/model_registry_hook_test.go b/internal/registry/model_registry_hook_test.go deleted file mode 100644 index 70226b9eaf..0000000000 --- a/internal/registry/model_registry_hook_test.go +++ /dev/null @@ -1,204 +0,0 @@ -package registry - -import ( - "context" - "sync" - "testing" - "time" -) - -func newTestModelRegistry() *ModelRegistry { - return &ModelRegistry{ - models: make(map[string]*ModelRegistration), - clientModels: make(map[string][]string), - clientModelInfos: make(map[string]map[string]*ModelInfo), - clientProviders: make(map[string]string), - mutex: &sync.RWMutex{}, - } -} - -type registeredCall struct { - provider string - clientID string - models []*ModelInfo -} - -type unregisteredCall struct { - provider string - clientID string -} - -type capturingHook struct { - registeredCh chan registeredCall - unregisteredCh chan unregisteredCall -} - -func (h *capturingHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - h.registeredCh <- registeredCall{provider: provider, clientID: clientID, models: models} -} - -func (h *capturingHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) { - h.unregisteredCh <- unregisteredCall{provider: provider, clientID: clientID} -} - -func TestModelRegistryHook_OnModelsRegisteredCalled(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - inputModels := []*ModelInfo{ - {ID: "m1", DisplayName: "Model One"}, - {ID: "m2", DisplayName: "Model Two"}, - } - r.RegisterClient("client-1", "OpenAI", inputModels) - - select { - case call := <-hook.registeredCh: - if call.provider != "openai" { - t.Fatalf("provider mismatch: got %q, want %q", call.provider, "openai") - } - if call.clientID != "client-1" { - t.Fatalf("clientID mismatch: got %q, want %q", call.clientID, "client-1") - } - if len(call.models) != 2 { - t.Fatalf("models length mismatch: got %d, want %d", len(call.models), 2) - } - if call.models[0] == nil || call.models[0].ID != "m1" { - t.Fatalf("models[0] mismatch: got %#v, want ID=%q", call.models[0], "m1") - } - if call.models[1] == nil || call.models[1].ID != "m2" { - t.Fatalf("models[1] mismatch: got %#v, want ID=%q", call.models[1], "m2") - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } -} - -func TestModelRegistryHook_OnModelsUnregisteredCalled(t *testing.T) { - r := newTestModelRegistry() - hook := &capturingHook{ - registeredCh: make(chan registeredCall, 1), - unregisteredCh: make(chan unregisteredCall, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - select { - case <-hook.registeredCh: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - r.UnregisterClient("client-1") - - select { - case call := <-hook.unregisteredCh: - if call.provider != "openai" { - t.Fatalf("provider mismatch: got %q, want %q", call.provider, "openai") - } - if call.clientID != "client-1" { - t.Fatalf("clientID mismatch: got %q, want %q", call.clientID, "client-1") - } - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsUnregistered hook call") - } -} - -type blockingHook struct { - started chan struct{} - unblock chan struct{} -} - -func (h *blockingHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - select { - case <-h.started: - default: - close(h.started) - } - <-h.unblock -} - -func (h *blockingHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) {} - -func TestModelRegistryHook_DoesNotBlockRegisterClient(t *testing.T) { - r := newTestModelRegistry() - hook := &blockingHook{ - started: make(chan struct{}), - unblock: make(chan struct{}), - } - r.SetHook(hook) - defer close(hook.unblock) - - done := make(chan struct{}) - go func() { - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - close(done) - }() - - select { - case <-hook.started: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for hook to start") - } - - select { - case <-done: - case <-time.After(200 * time.Millisecond): - t.Fatal("RegisterClient appears to be blocked by hook") - } - - if !r.ClientSupportsModel("client-1", "m1") { - t.Fatal("model registration failed; expected client to support model") - } -} - -type panicHook struct { - registeredCalled chan struct{} - unregisteredCalled chan struct{} -} - -func (h *panicHook) OnModelsRegistered(ctx context.Context, provider, clientID string, models []*ModelInfo) { - if h.registeredCalled != nil { - h.registeredCalled <- struct{}{} - } - panic("boom") -} - -func (h *panicHook) OnModelsUnregistered(ctx context.Context, provider, clientID string) { - if h.unregisteredCalled != nil { - h.unregisteredCalled <- struct{}{} - } - panic("boom") -} - -func TestModelRegistryHook_PanicDoesNotAffectRegistry(t *testing.T) { - r := newTestModelRegistry() - hook := &panicHook{ - registeredCalled: make(chan struct{}, 1), - unregisteredCalled: make(chan struct{}, 1), - } - r.SetHook(hook) - - r.RegisterClient("client-1", "OpenAI", []*ModelInfo{{ID: "m1"}}) - - select { - case <-hook.registeredCalled: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsRegistered hook call") - } - - if !r.ClientSupportsModel("client-1", "m1") { - t.Fatal("model registration failed; expected client to support model") - } - - r.UnregisterClient("client-1") - - select { - case <-hook.unregisteredCalled: - case <-time.After(2 * time.Second): - t.Fatal("timeout waiting for OnModelsUnregistered hook call") - } -} diff --git a/internal/runtime/executor/aistudio_executor.go b/internal/runtime/executor/aistudio_executor.go deleted file mode 100644 index 81be86ec9c..0000000000 --- a/internal/runtime/executor/aistudio_executor.go +++ /dev/null @@ -1,493 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the AI Studio executor that routes requests through a websocket-backed -// transport for the AI Studio provider. -package executor - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/wsrelay" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// AIStudioExecutor routes AI Studio requests through a websocket-backed transport. -type AIStudioExecutor struct { - provider string - relay *wsrelay.Manager - cfg *config.Config -} - -// NewAIStudioExecutor creates a new AI Studio executor instance. -// -// Parameters: -// - cfg: The application configuration -// - provider: The provider name -// - relay: The websocket relay manager -// -// Returns: -// - *AIStudioExecutor: A new AI Studio executor instance -func NewAIStudioExecutor(cfg *config.Config, provider string, relay *wsrelay.Manager) *AIStudioExecutor { - return &AIStudioExecutor{provider: strings.ToLower(provider), relay: relay, cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AIStudioExecutor) Identifier() string { return "aistudio" } - -// PrepareRequest prepares the HTTP request for execution (no-op for AI Studio). -func (e *AIStudioExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error { - return nil -} - -// HttpRequest forwards an arbitrary HTTP request through the websocket relay. -func (e *AIStudioExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("aistudio executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - if e.relay == nil { - return nil, fmt.Errorf("aistudio executor: ws relay is nil") - } - if auth == nil || auth.ID == "" { - return nil, fmt.Errorf("aistudio executor: missing auth") - } - httpReq := req.WithContext(ctx) - if httpReq.URL == nil || strings.TrimSpace(httpReq.URL.String()) == "" { - return nil, fmt.Errorf("aistudio executor: request URL is empty") - } - - var body []byte - if httpReq.Body != nil { - b, errRead := io.ReadAll(httpReq.Body) - if errRead != nil { - return nil, errRead - } - body = b - httpReq.Body = io.NopCloser(bytes.NewReader(b)) - } - - wsReq := &wsrelay.HTTPRequest{ - Method: httpReq.Method, - URL: httpReq.URL.String(), - Headers: httpReq.Header.Clone(), - Body: body, - } - wsResp, errRelay := e.relay.NonStream(ctx, auth.ID, wsReq) - if errRelay != nil { - return nil, errRelay - } - if wsResp == nil { - return nil, fmt.Errorf("aistudio executor: ws response is nil") - } - - statusText := http.StatusText(wsResp.Status) - if statusText == "" { - statusText = "Unknown" - } - resp := &http.Response{ - StatusCode: wsResp.Status, - Status: fmt.Sprintf("%d %s", wsResp.Status, statusText), - Header: wsResp.Headers.Clone(), - Body: io.NopCloser(bytes.NewReader(wsResp.Body)), - ContentLength: int64(len(wsResp.Body)), - Request: httpReq, - } - return resp, nil -} - -// Execute performs a non-streaming request to the AI Studio API. -func (e *AIStudioExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, false) - if err != nil { - return resp, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - wsResp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, wsResp.Status, wsResp.Headers.Clone()) - if len(wsResp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, wsResp.Body) - } - if wsResp.Status < 200 || wsResp.Status >= 300 { - return resp, statusErr{code: wsResp.Status, msg: string(wsResp.Body)} - } - reporter.publish(ctx, parseGeminiUsage(wsResp.Body)) - var param any - out := sdktranslator.TranslateNonStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, wsResp.Body, ¶m) - resp = cliproxyexecutor.Response{Payload: ensureColonSpacedJSON([]byte(out)), Headers: wsResp.Headers.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the AI Studio API. -func (e *AIStudioExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - translatedReq, body, err := e.translateRequest(req, opts, true) - if err != nil { - return nil, err - } - - endpoint := e.buildEndpoint(baseModel, body.action, opts.Alt) - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - wsStream, err := e.relay.Stream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - firstEvent, ok := <-wsStream - if !ok { - err = fmt.Errorf("wsrelay: stream closed before start") - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - if firstEvent.Status > 0 && firstEvent.Status != http.StatusOK { - metadataLogged := false - if firstEvent.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, firstEvent.Status, firstEvent.Headers.Clone()) - metadataLogged = true - } - var body bytes.Buffer - if len(firstEvent.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, firstEvent.Payload) - body.Write(firstEvent.Payload) - } - if firstEvent.Type == wsrelay.MessageTypeStreamEnd { - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - for event := range wsStream { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - if body.Len() == 0 { - body.WriteString(event.Err.Error()) - } - break - } - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - body.Write(event.Payload) - } - if event.Type == wsrelay.MessageTypeStreamEnd { - break - } - } - return nil, statusErr{code: firstEvent.Status, msg: body.String()} - } - out := make(chan cliproxyexecutor.StreamChunk) - go func(first wsrelay.StreamEvent) { - defer close(out) - var param any - metadataLogged := false - processEvent := func(event wsrelay.StreamEvent) bool { - if event.Err != nil { - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - switch event.Type { - case wsrelay.MessageTypeStreamStart: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - case wsrelay.MessageTypeStreamChunk: - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - filtered := FilterSSEUsageMetadata(event.Payload) - if detail, ok := parseGeminiStreamUsage(filtered); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, filtered, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - break - } - case wsrelay.MessageTypeStreamEnd: - return false - case wsrelay.MessageTypeHTTPResp: - if !metadataLogged && event.Status > 0 { - recordAPIResponseMetadata(ctx, e.cfg, event.Status, event.Headers.Clone()) - metadataLogged = true - } - if len(event.Payload) > 0 { - appendAPIResponseChunk(ctx, e.cfg, event.Payload) - } - lines := sdktranslator.TranslateStream(ctx, body.toFormat, opts.SourceFormat, req.Model, opts.OriginalRequest, translatedReq, event.Payload, ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: ensureColonSpacedJSON([]byte(lines[i]))} - } - reporter.publish(ctx, parseGeminiUsage(event.Payload)) - return false - case wsrelay.MessageTypeError: - recordAPIResponseError(ctx, e.cfg, event.Err) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("wsrelay: %v", event.Err)} - return false - } - return true - } - if !processEvent(first) { - return - } - for event := range wsStream { - if !processEvent(event) { - return - } - } - }(firstEvent) - return &cliproxyexecutor.StreamResult{Headers: firstEvent.Headers.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the AI Studio API. -func (e *AIStudioExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - _, body, err := e.translateRequest(req, opts, false) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body.payload, _ = sjson.DeleteBytes(body.payload, "generationConfig") - body.payload, _ = sjson.DeleteBytes(body.payload, "tools") - body.payload, _ = sjson.DeleteBytes(body.payload, "safetySettings") - - endpoint := e.buildEndpoint(baseModel, "countTokens", "") - wsReq := &wsrelay.HTTPRequest{ - Method: http.MethodPost, - URL: endpoint, - Headers: http.Header{"Content-Type": []string{"application/json"}}, - Body: body.payload, - } - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: wsReq.Headers.Clone(), - Body: body.payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - resp, err := e.relay.NonStream(ctx, authID, wsReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.Status, resp.Headers.Clone()) - if len(resp.Body) > 0 { - appendAPIResponseChunk(ctx, e.cfg, resp.Body) - } - if resp.Status < 200 || resp.Status >= 300 { - return cliproxyexecutor.Response{}, statusErr{code: resp.Status, msg: string(resp.Body)} - } - totalTokens := gjson.GetBytes(resp.Body, "totalTokens").Int() - if totalTokens <= 0 { - return cliproxyexecutor.Response{}, fmt.Errorf("wsrelay: totalTokens missing in response") - } - translated := sdktranslator.TranslateTokenCount(ctx, body.toFormat, opts.SourceFormat, totalTokens, resp.Body) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes the authentication credentials (no-op for AI Studio). -func (e *AIStudioExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -type translatedPayload struct { - payload []byte - action string - toFormat sdktranslator.Format -} - -func (e *AIStudioExecutor) translateRequest(req cliproxyexecutor.Request, opts cliproxyexecutor.Options, stream bool) ([]byte, translatedPayload, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, translatedPayload{}, err - } - payload = fixGeminiImageAspectRatio(baseModel, payload) - requestedModel := payloadRequestedModel(opts, req.Model) - payload = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", payload, originalTranslated, requestedModel) - payload, _ = sjson.DeleteBytes(payload, "generationConfig.maxOutputTokens") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseMimeType") - payload, _ = sjson.DeleteBytes(payload, "generationConfig.responseJsonSchema") - metadataAction := "generateContent" - if req.Metadata != nil { - if action, _ := req.Metadata["action"].(string); action == "countTokens" { - metadataAction = action - } - } - action := metadataAction - if stream && action != "countTokens" { - action = "streamGenerateContent" - } - payload, _ = sjson.DeleteBytes(payload, "session_id") - return payload, translatedPayload{payload: payload, action: action, toFormat: to}, nil -} - -func (e *AIStudioExecutor) buildEndpoint(model, action, alt string) string { - base := fmt.Sprintf("%s/%s/models/%s:%s", glEndpoint, glAPIVersion, model, action) - if action == "streamGenerateContent" { - if alt == "" { - return base + "?alt=sse" - } - return base + "?$alt=" + url.QueryEscape(alt) - } - if alt != "" && action != "countTokens" { - return base + "?$alt=" + url.QueryEscape(alt) - } - return base -} - -// ensureColonSpacedJSON normalizes JSON objects so that colons are followed by a single space while -// keeping the payload otherwise compact. Non-JSON inputs are returned unchanged. -func ensureColonSpacedJSON(payload []byte) []byte { - trimmed := bytes.TrimSpace(payload) - if len(trimmed) == 0 { - return payload - } - - var decoded any - if err := json.Unmarshal(trimmed, &decoded); err != nil { - return payload - } - - indented, err := json.MarshalIndent(decoded, "", " ") - if err != nil { - return payload - } - - compacted := make([]byte, 0, len(indented)) - inString := false - skipSpace := false - - for i := 0; i < len(indented); i++ { - ch := indented[i] - if ch == '"' { - // A quote is escaped only when preceded by an odd number of consecutive backslashes. - // For example: "\\\"" keeps the quote inside the string, but "\\\\" closes the string. - backslashes := 0 - for j := i - 1; j >= 0 && indented[j] == '\\'; j-- { - backslashes++ - } - if backslashes%2 == 0 { - inString = !inString - } - } - - if !inString { - if ch == '\n' || ch == '\r' { - skipSpace = true - continue - } - if skipSpace { - if ch == ' ' || ch == '\t' { - continue - } - skipSpace = false - } - } - - compacted = append(compacted, ch) - } - - return compacted -} diff --git a/internal/runtime/executor/antigravity_executor.go b/internal/runtime/executor/antigravity_executor.go deleted file mode 100644 index 52e4c828da..0000000000 --- a/internal/runtime/executor/antigravity_executor.go +++ /dev/null @@ -1,1608 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Antigravity executor that proxies requests to the antigravity -// upstream using OAuth credentials. -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/sha256" - "encoding/binary" - "encoding/json" - "errors" - "fmt" - "io" - "math/rand" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - antigravityBaseURLDaily = "https://daily-cloudcode-pa.googleapis.com" - antigravitySandboxBaseURLDaily = "https://daily-cloudcode-pa.sandbox.googleapis.com" - antigravityBaseURLProd = "https://cloudcode-pa.googleapis.com" - antigravityCountTokensPath = "/v1internal:countTokens" - antigravityStreamPath = "/v1internal:streamGenerateContent" - antigravityGeneratePath = "/v1internal:generateContent" - antigravityModelsPath = "/v1internal:fetchAvailableModels" - antigravityClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - antigravityClientSecret = "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" - defaultAntigravityAgent = "antigravity/1.104.0 darwin/arm64" - antigravityAuthType = "antigravity" - refreshSkew = 3000 * time.Second - systemInstruction = "You are Antigravity, a powerful agentic AI coding assistant designed by the Google Deepmind team working on Advanced Agentic Coding.You are pair programming with a USER to solve their coding task. The task may require creating a new codebase, modifying or debugging an existing codebase, or simply answering a question.**Absolute paths only****Proactiveness**" -) - -var ( - randSource = rand.New(rand.NewSource(time.Now().UnixNano())) - randSourceMutex sync.Mutex -) - -// AntigravityExecutor proxies requests to the antigravity upstream. -type AntigravityExecutor struct { - cfg *config.Config -} - -// NewAntigravityExecutor creates a new Antigravity executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *AntigravityExecutor: A new Antigravity executor instance -func NewAntigravityExecutor(cfg *config.Config) *AntigravityExecutor { - return &AntigravityExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *AntigravityExecutor) Identifier() string { return antigravityAuthType } - -// PrepareRequest injects Antigravity credentials into the outgoing HTTP request. -func (e *AntigravityExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _, errToken := e.ensureAccessToken(req.Context(), auth) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - return nil -} - -// HttpRequest injects Antigravity credentials into the request and executes it. -func (e *AntigravityExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("antigravity executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - isClaude := strings.Contains(strings.ToLower(baseModel), "claude") - - if isClaude || strings.Contains(baseModel, "gemini-3-pro") { - return e.executeClaudeNonStream(ctx, auth, req, opts) - } - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, false, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - log.Debugf("antigravity executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), bodyBytes)) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - reporter.publish(ctx, parseAntigravityUsage(bodyBytes)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bodyBytes, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -// executeClaudeNonStream performs a claude non-streaming request to the Antigravity API. -func (e *AntigravityExecutor) executeClaudeNonStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return resp, err - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return resp, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return resp, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return resp, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return resp, errWait - } - continue attemptLoop - } - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return resp, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - out <- cliproxyexecutor.StreamChunk{Payload: payload} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - - var buffer bytes.Buffer - for chunk := range out { - if chunk.Err != nil { - return resp, chunk.Err - } - if len(chunk.Payload) > 0 { - _, _ = buffer.Write(chunk.Payload) - _, _ = buffer.Write([]byte("\n")) - } - } - resp = cliproxyexecutor.Response{Payload: e.convertStreamToNonStream(buffer.Bytes())} - - reporter.publish(ctx, parseAntigravityUsage(resp.Payload)) - var param any - converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, resp.Payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(converted), Headers: httpResp.Header.Clone()} - reporter.ensurePublished(ctx) - - return resp, nil - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return resp, err - } - - return resp, err -} - -func (e *AntigravityExecutor) convertStreamToNonStream(stream []byte) []byte { - responseTemplate := "" - var traceID string - var finishReason string - var modelVersion string - var responseID string - var role string - var usageRaw string - parts := make([]map[string]interface{}, 0) - var pendingKind string - var pendingText strings.Builder - var pendingThoughtSig string - - flushPending := func() { - if pendingKind == "" { - return - } - text := pendingText.String() - switch pendingKind { - case "text": - if strings.TrimSpace(text) == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - parts = append(parts, map[string]interface{}{"text": text}) - case "thought": - if strings.TrimSpace(text) == "" && pendingThoughtSig == "" { - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - return - } - part := map[string]interface{}{"thought": true} - part["text"] = text - if pendingThoughtSig != "" { - part["thoughtSignature"] = pendingThoughtSig - } - parts = append(parts, part) - } - pendingKind = "" - pendingText.Reset() - pendingThoughtSig = "" - } - - normalizePart := func(partResult gjson.Result) map[string]interface{} { - var m map[string]interface{} - _ = json.Unmarshal([]byte(partResult.Raw), &m) - if m == nil { - m = map[string]interface{}{} - } - sig := partResult.Get("thoughtSignature").String() - if sig == "" { - sig = partResult.Get("thought_signature").String() - } - if sig != "" { - m["thoughtSignature"] = sig - delete(m, "thought_signature") - } - if inlineData, ok := m["inline_data"]; ok { - m["inlineData"] = inlineData - delete(m, "inline_data") - } - return m - } - - for _, line := range bytes.Split(stream, []byte("\n")) { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !gjson.ValidBytes(trimmed) { - continue - } - - root := gjson.ParseBytes(trimmed) - responseNode := root.Get("response") - if !responseNode.Exists() { - if root.Get("candidates").Exists() { - responseNode = root - } else { - continue - } - } - responseTemplate = responseNode.Raw - - if traceResult := root.Get("traceId"); traceResult.Exists() && traceResult.String() != "" { - traceID = traceResult.String() - } - - if roleResult := responseNode.Get("candidates.0.content.role"); roleResult.Exists() { - role = roleResult.String() - } - - if finishResult := responseNode.Get("candidates.0.finishReason"); finishResult.Exists() && finishResult.String() != "" { - finishReason = finishResult.String() - } - - if modelResult := responseNode.Get("modelVersion"); modelResult.Exists() && modelResult.String() != "" { - modelVersion = modelResult.String() - } - if responseIDResult := responseNode.Get("responseId"); responseIDResult.Exists() && responseIDResult.String() != "" { - responseID = responseIDResult.String() - } - if usageResult := responseNode.Get("usageMetadata"); usageResult.Exists() { - usageRaw = usageResult.Raw - } else if usageMetadataResult := root.Get("usageMetadata"); usageMetadataResult.Exists() { - usageRaw = usageMetadataResult.Raw - } - - if partsResult := responseNode.Get("candidates.0.content.parts"); partsResult.IsArray() { - for _, part := range partsResult.Array() { - hasFunctionCall := part.Get("functionCall").Exists() - hasInlineData := part.Get("inlineData").Exists() || part.Get("inline_data").Exists() - sig := part.Get("thoughtSignature").String() - if sig == "" { - sig = part.Get("thought_signature").String() - } - text := part.Get("text").String() - thought := part.Get("thought").Bool() - - if hasFunctionCall || hasInlineData { - flushPending() - parts = append(parts, normalizePart(part)) - continue - } - - if thought || part.Get("text").Exists() { - kind := "text" - if thought { - kind = "thought" - } - if pendingKind != "" && pendingKind != kind { - flushPending() - } - pendingKind = kind - pendingText.WriteString(text) - if kind == "thought" && sig != "" { - pendingThoughtSig = sig - } - continue - } - - flushPending() - parts = append(parts, normalizePart(part)) - } - } - } - flushPending() - - if responseTemplate == "" { - responseTemplate = `{"candidates":[{"content":{"role":"model","parts":[]}}]}` - } - - partsJSON, _ := json.Marshal(parts) - responseTemplate, _ = sjson.SetRaw(responseTemplate, "candidates.0.content.parts", string(partsJSON)) - if role != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.content.role", role) - } - if finishReason != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "candidates.0.finishReason", finishReason) - } - if modelVersion != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "modelVersion", modelVersion) - } - if responseID != "" { - responseTemplate, _ = sjson.Set(responseTemplate, "responseId", responseID) - } - if usageRaw != "" { - responseTemplate, _ = sjson.SetRaw(responseTemplate, "usageMetadata", usageRaw) - } else if !gjson.Get(responseTemplate, "usageMetadata").Exists() { - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.promptTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.candidatesTokenCount", 0) - responseTemplate, _ = sjson.Set(responseTemplate, "usageMetadata.totalTokenCount", 0) - } - - output := `{"response":{},"traceId":""}` - output, _ = sjson.SetRaw(output, "response", responseTemplate) - if traceID != "" { - output, _ = sjson.Set(output, "traceId", traceID) - } - return []byte(output) -} - -// ExecuteStream performs a streaming request to the Antigravity API. -func (e *AntigravityExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - ctx = context.WithValue(ctx, "alt", "") - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, "antigravity", "request", translated, originalTranslated, requestedModel) - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - attempts := antigravityRetryAttempts(auth, e.cfg) - -attemptLoop: - for attempt := 0; attempt < attempts; attempt++ { - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - httpReq, errReq := e.buildRequest(ctx, auth, token, baseModel, translated, true, opts.Alt, baseURL) - if errReq != nil { - err = errReq - return nil, err - } - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return nil, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - if errors.Is(errRead, context.Canceled) || errors.Is(errRead, context.DeadlineExceeded) { - err = errRead - return nil, err - } - if errCtx := ctx.Err(); errCtx != nil { - err = errCtx - return nil, err - } - lastStatus = 0 - lastBody = nil - lastErr = errRead - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if antigravityShouldRetryNoCapacity(httpResp.StatusCode, bodyBytes) { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: no capacity on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - if attempt+1 < attempts { - delay := antigravityNoCapacityRetryDelay(attempt) - log.Debugf("antigravity executor: no capacity for model %s, retrying in %s (attempt %d/%d)", baseModel, delay, attempt+1, attempts) - if errWait := antigravityWait(ctx, delay); errWait != nil { - return nil, errWait - } - continue attemptLoop - } - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Filter usage metadata for all models - // Only retain usage statistics in the terminal chunk - line = FilterSSEUsageMetadata(line) - - payload := jsonPayload(line) - if payload == nil { - continue - } - - if detail, ok := parseAntigravityStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(payload), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - tail := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, []byte("[DONE]"), ¶m) - for i := range tail { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(tail[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }(httpResp) - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - err = sErr - case lastErr != nil: - err = lastErr - default: - err = statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } - return nil, err - } - - return nil, err -} - -// Refresh refreshes the authentication credentials using the refresh token. -func (e *AntigravityExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return auth, nil - } - updated, errRefresh := e.refreshToken(ctx, auth.Clone()) - if errRefresh != nil { - return nil, errRefresh - } - return updated, nil -} - -// CountTokens counts tokens for the given request using the Antigravity API. -func (e *AntigravityExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, updatedAuth, errToken := e.ensureAccessToken(ctx, auth) - if errToken != nil { - return cliproxyexecutor.Response{}, errToken - } - if updatedAuth != nil { - auth = updatedAuth - } - if strings.TrimSpace(token) == "" { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - from := opts.SourceFormat - to := sdktranslator.FromString("antigravity") - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - // Prepare payload once (doesn't depend on baseURL) - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - payload, err := thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - var lastErr error - - for idx, baseURL := range baseURLs { - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(auth) - } - - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(antigravityCountTokensPath) - if opts.Alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(opts.Alt)) - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - httpReq.Header.Set("Accept", "application/json") - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - return cliproxyexecutor.Response{}, errDo - } - lastStatus = 0 - lastBody = nil - lastErr = errDo - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - return cliproxyexecutor.Response{}, errDo - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, bodyBytes) - - if httpResp.StatusCode >= http.StatusOK && httpResp.StatusCode < http.StatusMultipleChoices { - count := gjson.GetBytes(bodyBytes, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, bodyBytes) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: httpResp.Header.Clone()}, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), bodyBytes...) - lastErr = nil - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - } - - switch { - case lastStatus != 0: - sErr := statusErr{code: lastStatus, msg: string(lastBody)} - if lastStatus == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(lastBody); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return cliproxyexecutor.Response{}, sErr - case lastErr != nil: - return cliproxyexecutor.Response{}, lastErr - default: - return cliproxyexecutor.Response{}, statusErr{code: http.StatusServiceUnavailable, msg: "antigravity executor: no base url available"} - } -} - -// FetchAntigravityModels retrieves available models using the supplied auth. -func FetchAntigravityModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - exec := &AntigravityExecutor{cfg: cfg} - token, updatedAuth, errToken := exec.ensureAccessToken(ctx, auth) - if errToken != nil { - log.Warnf("antigravity executor: fetch models failed for %s: token error: %v", auth.ID, errToken) - return nil - } - if token == "" { - log.Warnf("antigravity executor: fetch models failed for %s: got empty token", auth.ID) - return nil - } - if updatedAuth != nil { - auth = updatedAuth - } - - baseURLs := antigravityBaseURLFallbackOrder(auth) - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - - for idx, baseURL := range baseURLs { - modelsURL := baseURL + antigravityModelsPath - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, modelsURL, bytes.NewReader([]byte(`{}`))) - if errReq != nil { - log.Warnf("antigravity executor: fetch models failed for %s: create request error: %v", auth.ID, errReq) - return nil - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if host := resolveHost(baseURL); host != "" { - httpReq.Host = host - } - - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - if errors.Is(errDo, context.Canceled) || errors.Is(errDo, context.DeadlineExceeded) { - log.Warnf("antigravity executor: fetch models failed for %s: context canceled: %v", auth.ID, errDo) - return nil - } - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: request error: %v", auth.ID, errDo) - return nil - } - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - if errRead != nil { - if idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models read error on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: read body error: %v", auth.ID, errRead) - return nil - } - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - if httpResp.StatusCode == http.StatusTooManyRequests && idx+1 < len(baseURLs) { - log.Debugf("antigravity executor: models request rate limited on base url %s, retrying with fallback base url: %s", baseURL, baseURLs[idx+1]) - continue - } - log.Warnf("antigravity executor: fetch models failed for %s: unexpected status %d, body: %s", auth.ID, httpResp.StatusCode, string(bodyBytes)) - return nil - } - - result := gjson.GetBytes(bodyBytes, "models") - if !result.Exists() { - log.Warnf("antigravity executor: fetch models failed for %s: no models field in response, body: %s", auth.ID, string(bodyBytes)) - return nil - } - - now := time.Now().Unix() - modelConfig := registry.GetAntigravityModelConfig() - models := make([]*registry.ModelInfo, 0, len(result.Map())) - for originalName, modelData := range result.Map() { - modelID := strings.TrimSpace(originalName) - if modelID == "" { - continue - } - switch modelID { - case "chat_20706", "chat_23310", "gemini-2.5-flash-thinking", "gemini-3-pro-low", "gemini-2.5-pro": - continue - } - modelCfg := modelConfig[modelID] - - // Extract displayName from upstream response, fallback to modelID - displayName := modelData.Get("displayName").String() - if displayName == "" { - displayName = modelID - } - - modelInfo := ®istry.ModelInfo{ - ID: modelID, - Name: modelID, - Description: displayName, - DisplayName: displayName, - Version: modelID, - Object: "model", - Created: now, - OwnedBy: antigravityAuthType, - Type: antigravityAuthType, - } - // Look up Thinking support from static config using upstream model name. - if modelCfg != nil { - if modelCfg.Thinking != nil { - modelInfo.Thinking = modelCfg.Thinking - } - if modelCfg.MaxCompletionTokens > 0 { - modelInfo.MaxCompletionTokens = modelCfg.MaxCompletionTokens - } - } - models = append(models, modelInfo) - } - return models - } - return nil -} - -func (e *AntigravityExecutor) ensureAccessToken(ctx context.Context, auth *cliproxyauth.Auth) (string, *cliproxyauth.Auth, error) { - if auth == nil { - return "", nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - accessToken := metaStringValue(auth.Metadata, "access_token") - expiry := tokenExpiry(auth.Metadata) - if accessToken != "" && expiry.After(time.Now().Add(refreshSkew)) { - return accessToken, nil, nil - } - refreshCtx := context.Background() - if ctx != nil { - if rt, ok := ctx.Value("cliproxy.roundtripper").(http.RoundTripper); ok && rt != nil { - refreshCtx = context.WithValue(refreshCtx, "cliproxy.roundtripper", rt) - } - } - updated, errRefresh := e.refreshToken(refreshCtx, auth.Clone()) - if errRefresh != nil { - return "", nil, errRefresh - } - return metaStringValue(updated.Metadata, "access_token"), updated, nil -} - -func (e *AntigravityExecutor) refreshToken(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - refreshToken := metaStringValue(auth.Metadata, "refresh_token") - if refreshToken == "" { - return auth, statusErr{code: http.StatusUnauthorized, msg: "missing refresh token"} - } - - form := url.Values{} - form.Set("client_id", antigravityClientID) - form.Set("client_secret", antigravityClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, "https://oauth2.googleapis.com/token", strings.NewReader(form.Encode())) - if errReq != nil { - return auth, errReq - } - httpReq.Header.Set("Host", "oauth2.googleapis.com") - httpReq.Header.Set("User-Agent", defaultAntigravityAgent) - httpReq.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - return auth, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("antigravity executor: close response body error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - return auth, errRead - } - - if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices { - sErr := statusErr{code: httpResp.StatusCode, msg: string(bodyBytes)} - if httpResp.StatusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(bodyBytes); parseErr == nil && retryAfter != nil { - sErr.retryAfter = retryAfter - } - } - return auth, sErr - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return auth, errUnmarshal - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenResp.AccessToken - if tokenResp.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenResp.RefreshToken - } - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - now := time.Now() - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - auth.Metadata["type"] = antigravityAuthType - if errProject := e.ensureAntigravityProjectID(ctx, auth, tokenResp.AccessToken); errProject != nil { - log.Warnf("antigravity executor: ensure project id failed: %v", errProject) - } - return auth, nil -} - -func (e *AntigravityExecutor) ensureAntigravityProjectID(ctx context.Context, auth *cliproxyauth.Auth, accessToken string) error { - if auth == nil { - return nil - } - - if auth.Metadata["project_id"] != nil { - return nil - } - - token := strings.TrimSpace(accessToken) - if token == "" { - token = metaStringValue(auth.Metadata, "access_token") - } - if token == "" { - return nil - } - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - projectID, errFetch := sdkAuth.FetchAntigravityProjectID(ctx, token, httpClient) - if errFetch != nil { - return errFetch - } - if strings.TrimSpace(projectID) == "" { - return nil - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["project_id"] = strings.TrimSpace(projectID) - - return nil -} - -func (e *AntigravityExecutor) buildRequest(ctx context.Context, auth *cliproxyauth.Auth, token, modelName string, payload []byte, stream bool, alt, baseURL string) (*http.Request, error) { - if token == "" { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - base := strings.TrimSuffix(baseURL, "/") - if base == "" { - base = buildBaseURL(auth) - } - path := antigravityGeneratePath - if stream { - path = antigravityStreamPath - } - var requestURL strings.Builder - requestURL.WriteString(base) - requestURL.WriteString(path) - if stream { - if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } else { - requestURL.WriteString("?alt=sse") - } - } else if alt != "" { - requestURL.WriteString("?$alt=") - requestURL.WriteString(url.QueryEscape(alt)) - } - - // Extract project_id from auth metadata if available - projectID := "" - if auth != nil && auth.Metadata != nil { - if pid, ok := auth.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(pid) - } - } - payload = geminiToAntigravity(modelName, payload, projectID) - payload, _ = sjson.SetBytes(payload, "model", modelName) - - useAntigravitySchema := strings.Contains(modelName, "claude") || strings.Contains(modelName, "gemini-3-pro-high") - payloadStr := string(payload) - paths := make([]string, 0) - util.Walk(gjson.Parse(payloadStr), "", "parametersJsonSchema", &paths) - for _, p := range paths { - payloadStr, _ = util.RenameKey(payloadStr, p, p[:len(p)-len("parametersJsonSchema")]+"parameters") - } - - if useAntigravitySchema { - payloadStr = util.CleanJSONSchemaForAntigravity(payloadStr) - } else { - payloadStr = util.CleanJSONSchemaForGemini(payloadStr) - } - - if useAntigravitySchema { - systemInstructionPartsResult := gjson.Get(payloadStr, "request.systemInstruction.parts") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.role", "user") - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.0.text", systemInstruction) - payloadStr, _ = sjson.Set(payloadStr, "request.systemInstruction.parts.1.text", fmt.Sprintf("Please ignore following [ignore]%s[/ignore]", systemInstruction)) - - if systemInstructionPartsResult.Exists() && systemInstructionPartsResult.IsArray() { - for _, partResult := range systemInstructionPartsResult.Array() { - payloadStr, _ = sjson.SetRaw(payloadStr, "request.systemInstruction.parts.-1", partResult.Raw) - } - } - } - - if strings.Contains(modelName, "claude") { - payloadStr, _ = sjson.Set(payloadStr, "request.toolConfig.functionCallingConfig.mode", "VALIDATED") - } else { - payloadStr, _ = sjson.Delete(payloadStr, "request.generationConfig.maxOutputTokens") - } - - httpReq, errReq := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), strings.NewReader(payloadStr)) - if errReq != nil { - return nil, errReq - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+token) - httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) - if stream { - httpReq.Header.Set("Accept", "text/event-stream") - } else { - httpReq.Header.Set("Accept", "application/json") - } - if host := resolveHost(base); host != "" { - httpReq.Host = host - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - var payloadLog []byte - if e.cfg != nil && e.cfg.RequestLog { - payloadLog = []byte(payloadStr) - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: requestURL.String(), - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: payloadLog, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - return httpReq, nil -} - -func tokenExpiry(metadata map[string]any) time.Time { - if metadata == nil { - return time.Time{} - } - if expStr, ok := metadata["expired"].(string); ok { - expStr = strings.TrimSpace(expStr) - if expStr != "" { - if parsed, errParse := time.Parse(time.RFC3339, expStr); errParse == nil { - return parsed - } - } - } - expiresIn, hasExpires := int64Value(metadata["expires_in"]) - tsMs, hasTimestamp := int64Value(metadata["timestamp"]) - if hasExpires && hasTimestamp { - return time.Unix(0, tsMs*int64(time.Millisecond)).Add(time.Duration(expiresIn) * time.Second) - } - return time.Time{} -} - -func metaStringValue(metadata map[string]any, key string) string { - if metadata == nil { - return "" - } - if v, ok := metadata[key]; ok { - switch typed := v.(type) { - case string: - return strings.TrimSpace(typed) - case []byte: - return strings.TrimSpace(string(typed)) - } - } - return "" -} - -func int64Value(value any) (int64, bool) { - switch typed := value.(type) { - case int: - return int64(typed), true - case int64: - return typed, true - case float64: - return int64(typed), true - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i, true - } - case string: - if strings.TrimSpace(typed) == "" { - return 0, false - } - if i, errParse := strconv.ParseInt(strings.TrimSpace(typed), 10, 64); errParse == nil { - return i, true - } - } - return 0, false -} - -func buildBaseURL(auth *cliproxyauth.Auth) string { - if baseURLs := antigravityBaseURLFallbackOrder(auth); len(baseURLs) > 0 { - return baseURLs[0] - } - return antigravityBaseURLDaily -} - -func resolveHost(base string) string { - parsed, errParse := url.Parse(base) - if errParse != nil { - return "" - } - if parsed.Host != "" { - return parsed.Host - } - return strings.TrimPrefix(strings.TrimPrefix(base, "https://"), "http://") -} - -func resolveUserAgent(auth *cliproxyauth.Auth) string { - if auth != nil { - if auth.Attributes != nil { - if ua := strings.TrimSpace(auth.Attributes["user_agent"]); ua != "" { - return ua - } - } - if auth.Metadata != nil { - if ua, ok := auth.Metadata["user_agent"].(string); ok && strings.TrimSpace(ua) != "" { - return strings.TrimSpace(ua) - } - } - } - return defaultAntigravityAgent -} - -func antigravityRetryAttempts(auth *cliproxyauth.Auth, cfg *config.Config) int { - retry := 0 - if cfg != nil { - retry = cfg.RequestRetry - } - if auth != nil { - if override, ok := auth.RequestRetryOverride(); ok { - retry = override - } - } - if retry < 0 { - retry = 0 - } - attempts := retry + 1 - if attempts < 1 { - return 1 - } - return attempts -} - -func antigravityShouldRetryNoCapacity(statusCode int, body []byte) bool { - if statusCode != http.StatusServiceUnavailable { - return false - } - if len(body) == 0 { - return false - } - msg := strings.ToLower(string(body)) - return strings.Contains(msg, "no capacity available") -} - -func antigravityNoCapacityRetryDelay(attempt int) time.Duration { - if attempt < 0 { - attempt = 0 - } - delay := time.Duration(attempt+1) * 250 * time.Millisecond - if delay > 2*time.Second { - delay = 2 * time.Second - } - return delay -} - -func antigravityWait(ctx context.Context, wait time.Duration) error { - if wait <= 0 { - return nil - } - timer := time.NewTimer(wait) - defer timer.Stop() - select { - case <-ctx.Done(): - return ctx.Err() - case <-timer.C: - return nil - } -} - -func antigravityBaseURLFallbackOrder(auth *cliproxyauth.Auth) []string { - if base := resolveCustomAntigravityBaseURL(auth); base != "" { - return []string{base} - } - return []string{ - antigravityBaseURLDaily, - antigravitySandboxBaseURLDaily, - // antigravityBaseURLProd, - } -} - -func resolveCustomAntigravityBaseURL(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["base_url"]); v != "" { - return strings.TrimSuffix(v, "/") - } - } - if auth.Metadata != nil { - if v, ok := auth.Metadata["base_url"].(string); ok { - v = strings.TrimSpace(v) - if v != "" { - return strings.TrimSuffix(v, "/") - } - } - } - return "" -} - -func geminiToAntigravity(modelName string, payload []byte, projectID string) []byte { - template, _ := sjson.Set(string(payload), "model", modelName) - template, _ = sjson.Set(template, "userAgent", "antigravity") - template, _ = sjson.Set(template, "requestType", "agent") - - // Use real project ID from auth if available, otherwise generate random (legacy fallback) - if projectID != "" { - template, _ = sjson.Set(template, "project", projectID) - } else { - template, _ = sjson.Set(template, "project", generateProjectID()) - } - template, _ = sjson.Set(template, "requestId", generateRequestID()) - template, _ = sjson.Set(template, "request.sessionId", generateStableSessionID(payload)) - - template, _ = sjson.Delete(template, "request.safetySettings") - if toolConfig := gjson.Get(template, "toolConfig"); toolConfig.Exists() && !gjson.Get(template, "request.toolConfig").Exists() { - template, _ = sjson.SetRaw(template, "request.toolConfig", toolConfig.Raw) - template, _ = sjson.Delete(template, "toolConfig") - } - return []byte(template) -} - -func generateRequestID() string { - return "agent-" + uuid.NewString() -} - -func generateSessionID() string { - randSourceMutex.Lock() - n := randSource.Int63n(9_000_000_000_000_000_000) - randSourceMutex.Unlock() - return "-" + strconv.FormatInt(n, 10) -} - -func generateStableSessionID(payload []byte) string { - contents := gjson.GetBytes(payload, "request.contents") - if contents.IsArray() { - for _, content := range contents.Array() { - if content.Get("role").String() == "user" { - text := content.Get("parts.0.text").String() - if text != "" { - h := sha256.Sum256([]byte(text)) - n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF - return "-" + strconv.FormatInt(n, 10) - } - } - } - } - return generateSessionID() -} - -func generateProjectID() string { - adjectives := []string{"useful", "bright", "swift", "calm", "bold"} - nouns := []string{"fuze", "wave", "spark", "flow", "core"} - randSourceMutex.Lock() - adj := adjectives[randSource.Intn(len(adjectives))] - noun := nouns[randSource.Intn(len(nouns))] - randSourceMutex.Unlock() - randomPart := strings.ToLower(uuid.NewString())[:5] - return adj + "-" + noun + "-" + randomPart -} diff --git a/internal/runtime/executor/antigravity_executor_buildrequest_test.go b/internal/runtime/executor/antigravity_executor_buildrequest_test.go deleted file mode 100644 index 084241b46c..0000000000 --- a/internal/runtime/executor/antigravity_executor_buildrequest_test.go +++ /dev/null @@ -1,159 +0,0 @@ -package executor - -import ( - "context" - "encoding/json" - "io" - "testing" - - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -func TestAntigravityBuildRequest_SanitizesGeminiToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "gemini-2.5-pro") - - decl := extractFirstFunctionDeclaration(t, body) - if _, ok := decl["parametersJsonSchema"]; ok { - t.Fatalf("parametersJsonSchema should be renamed to parameters") - } - - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func TestAntigravityBuildRequest_SanitizesAntigravityToolSchema(t *testing.T) { - body := buildRequestBodyFromPayload(t, "claude-opus-4-6") - - decl := extractFirstFunctionDeclaration(t, body) - params, ok := decl["parameters"].(map[string]any) - if !ok { - t.Fatalf("parameters missing or invalid type") - } - assertSchemaSanitizedAndPropertyPreserved(t, params) -} - -func buildRequestBodyFromPayload(t *testing.T, modelName string) map[string]any { - t.Helper() - - executor := &AntigravityExecutor{} - auth := &cliproxyauth.Auth{} - payload := []byte(`{ - "request": { - "tools": [ - { - "function_declarations": [ - { - "name": "tool_1", - "parametersJsonSchema": { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "$id": {"type": "string"}, - "arg": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - } - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - } - } - ] - } - ] - } - }`) - - req, err := executor.buildRequest(context.Background(), auth, "token", modelName, payload, false, "", "https://example.com") - if err != nil { - t.Fatalf("buildRequest error: %v", err) - } - - raw, err := io.ReadAll(req.Body) - if err != nil { - t.Fatalf("read request body error: %v", err) - } - - var body map[string]any - if err := json.Unmarshal(raw, &body); err != nil { - t.Fatalf("unmarshal request body error: %v, body=%s", err, string(raw)) - } - return body -} - -func extractFirstFunctionDeclaration(t *testing.T, body map[string]any) map[string]any { - t.Helper() - - request, ok := body["request"].(map[string]any) - if !ok { - t.Fatalf("request missing or invalid type") - } - tools, ok := request["tools"].([]any) - if !ok || len(tools) == 0 { - t.Fatalf("tools missing or empty") - } - tool, ok := tools[0].(map[string]any) - if !ok { - t.Fatalf("first tool invalid type") - } - decls, ok := tool["function_declarations"].([]any) - if !ok || len(decls) == 0 { - t.Fatalf("function_declarations missing or empty") - } - decl, ok := decls[0].(map[string]any) - if !ok { - t.Fatalf("first function declaration invalid type") - } - return decl -} - -func assertSchemaSanitizedAndPropertyPreserved(t *testing.T, params map[string]any) { - t.Helper() - - if _, ok := params["$id"]; ok { - t.Fatalf("root $id should be removed from schema") - } - if _, ok := params["patternProperties"]; ok { - t.Fatalf("patternProperties should be removed from schema") - } - - props, ok := params["properties"].(map[string]any) - if !ok { - t.Fatalf("properties missing or invalid type") - } - if _, ok := props["$id"]; !ok { - t.Fatalf("property named $id should be preserved") - } - - arg, ok := props["arg"].(map[string]any) - if !ok { - t.Fatalf("arg property missing or invalid type") - } - if _, ok := arg["prefill"]; ok { - t.Fatalf("prefill should be removed from nested schema") - } - - argProps, ok := arg["properties"].(map[string]any) - if !ok { - t.Fatalf("arg.properties missing or invalid type") - } - mode, ok := argProps["mode"].(map[string]any) - if !ok { - t.Fatalf("mode property missing or invalid type") - } - if _, ok := mode["enumTitles"]; ok { - t.Fatalf("enumTitles should be removed from nested schema") - } -} diff --git a/internal/runtime/executor/cache_helpers.go b/internal/runtime/executor/cache_helpers.go deleted file mode 100644 index 1e32f43a06..0000000000 --- a/internal/runtime/executor/cache_helpers.go +++ /dev/null @@ -1,78 +0,0 @@ -package executor - -import ( - "sync" - "time" -) - -type codexCache struct { - ID string - Expire time.Time -} - -// codexCacheMap stores prompt cache IDs keyed by model+user_id. -// Protected by codexCacheMu. Entries expire after 1 hour. -var ( - codexCacheMap = make(map[string]codexCache) - codexCacheMu sync.RWMutex -) - -// codexCacheCleanupInterval controls how often expired entries are purged. -const codexCacheCleanupInterval = 15 * time.Minute - -// codexCacheCleanupOnce ensures the background cleanup goroutine starts only once. -var codexCacheCleanupOnce sync.Once - -// startCodexCacheCleanup launches a background goroutine that periodically -// removes expired entries from codexCacheMap to prevent memory leaks. -func startCodexCacheCleanup() { - go func() { - ticker := time.NewTicker(codexCacheCleanupInterval) - defer ticker.Stop() - - for range ticker.C { - purgeExpiredCodexCache() - } - }() -} - -// purgeExpiredCodexCache removes entries that have expired. -func purgeExpiredCodexCache() { - now := time.Now() - - codexCacheMu.Lock() - defer codexCacheMu.Unlock() - - for key, cache := range codexCacheMap { - if cache.Expire.Before(now) { - delete(codexCacheMap, key) - } - } -} - -// getCodexCache retrieves a cached entry, returning ok=false if not found or expired. -func getCodexCache(key string) (codexCache, bool) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.RLock() - cache, ok := codexCacheMap[key] - codexCacheMu.RUnlock() - if !ok || cache.Expire.Before(time.Now()) { - return codexCache{}, false - } - return cache, true -} - -// setCodexCache stores a cache entry. -func setCodexCache(key string, cache codexCache) { - codexCacheCleanupOnce.Do(startCodexCacheCleanup) - codexCacheMu.Lock() - codexCacheMap[key] = cache - codexCacheMu.Unlock() -} - -// deleteCodexCache deletes a cache entry. -func deleteCodexCache(key string) { - codexCacheMu.Lock() - delete(codexCacheMap, key) - codexCacheMu.Unlock() -} diff --git a/internal/runtime/executor/caching_verify_test.go b/internal/runtime/executor/caching_verify_test.go deleted file mode 100644 index 6088d304cd..0000000000 --- a/internal/runtime/executor/caching_verify_test.go +++ /dev/null @@ -1,258 +0,0 @@ -package executor - -import ( - "fmt" - "testing" - - "github.com/tidwall/gjson" -) - -func TestEnsureCacheControl(t *testing.T) { - // Test case 1: System prompt as string - t.Run("String System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": "This is a long system prompt", "messages": []}`) - output := ensureCacheControl(input) - - res := gjson.GetBytes(output, "system.0.cache_control.type") - if res.String() != "ephemeral" { - t.Errorf("cache_control not found in system string. Output: %s", string(output)) - } - }) - - // Test case 2: System prompt as array - t.Run("Array System Prompt", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "system": [{"type": "text", "text": "Part 1"}, {"type": "text", "text": "Part 2"}], "messages": []}`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST element - res0 := gjson.GetBytes(output, "system.0.cache_control") - res1 := gjson.GetBytes(output, "system.1.cache_control.type") - - if res0.Exists() { - t.Errorf("cache_control should NOT be on the first element") - } - if res1.String() != "ephemeral" { - t.Errorf("cache_control not found on last system element. Output: %s", string(output)) - } - }) - - // Test case 3: Tools are cached - t.Run("Tools Caching", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}}, - {"name": "tool2", "description": "Second tool", "input_schema": {"type": "object"}} - ], - "system": "System prompt", - "messages": [] - }`) - output := ensureCacheControl(input) - - // cache_control should only be on the LAST tool - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control") - tool1Cache := gjson.GetBytes(output, "tools.1.cache_control.type") - - if tool0Cache.Exists() { - t.Errorf("cache_control should NOT be on the first tool") - } - if tool1Cache.String() != "ephemeral" { - t.Errorf("cache_control not found on last tool. Output: %s", string(output)) - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("cache_control not found in system. Output: %s", string(output)) - } - }) - - // Test case 4: Tools and system are INDEPENDENT breakpoints - // Per Anthropic docs: Up to 4 breakpoints allowed, tools and system are cached separately - t.Run("Independent Cache Breakpoints", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "First tool", "input_schema": {"type": "object"}, "cache_control": {"type": "ephemeral"}} - ], - "system": [{"type": "text", "text": "System"}], - "messages": [] - }`) - output := ensureCacheControl(input) - - // Tool already has cache_control - should not be changed - tool0Cache := gjson.GetBytes(output, "tools.0.cache_control.type") - if tool0Cache.String() != "ephemeral" { - t.Errorf("existing cache_control was incorrectly removed") - } - - // System SHOULD get cache_control because it is an INDEPENDENT breakpoint - // Tools and system are separate cache levels in the hierarchy - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have its own cache_control breakpoint (independent of tools)") - } - }) - - // Test case 5: Only tools, no system - t.Run("Only Tools No System", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "tools": [ - {"name": "tool1", "description": "Tool", "input_schema": {"type": "object"}} - ], - "messages": [{"role": "user", "content": "Hi"}] - }`) - output := ensureCacheControl(input) - - toolCache := gjson.GetBytes(output, "tools.0.cache_control.type") - if toolCache.String() != "ephemeral" { - t.Errorf("cache_control not found on tool. Output: %s", string(output)) - } - }) - - // Test case 6: Many tools (Claude Code scenario) - t.Run("Many Tools (Claude Code Scenario)", func(t *testing.T) { - // Simulate Claude Code with many tools - toolsJSON := `[` - for i := 0; i < 50; i++ { - if i > 0 { - toolsJSON += "," - } - toolsJSON += fmt.Sprintf(`{"name": "tool%d", "description": "Tool %d", "input_schema": {"type": "object"}}`, i, i) - } - toolsJSON += `]` - - input := []byte(fmt.Sprintf(`{ - "model": "claude-3-5-sonnet", - "tools": %s, - "system": [{"type": "text", "text": "You are Claude Code"}], - "messages": [{"role": "user", "content": "Hello"}] - }`, toolsJSON)) - - output := ensureCacheControl(input) - - // Only the last tool (index 49) should have cache_control - for i := 0; i < 49; i++ { - path := fmt.Sprintf("tools.%d.cache_control", i) - if gjson.GetBytes(output, path).Exists() { - t.Errorf("tool %d should NOT have cache_control", i) - } - } - - lastToolCache := gjson.GetBytes(output, "tools.49.cache_control.type") - if lastToolCache.String() != "ephemeral" { - t.Errorf("last tool (49) should have cache_control") - } - - // System should also have cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control") - } - - t.Log("test passed: 50 tools - cache_control only on last tool") - }) - - // Test case 7: Empty tools array - t.Run("Empty Tools Array", func(t *testing.T) { - input := []byte(`{"model": "claude-3-5-sonnet", "tools": [], "system": "Test", "messages": []}`) - output := ensureCacheControl(input) - - // System should still get cache_control - systemCache := gjson.GetBytes(output, "system.0.cache_control.type") - if systemCache.String() != "ephemeral" { - t.Errorf("system should have cache_control even with empty tools array") - } - }) - - // Test case 8: Messages caching for multi-turn (second-to-last user) - t.Run("Messages Caching Second-To-Last User", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": "First user"}, - {"role": "assistant", "content": "Assistant reply"}, - {"role": "user", "content": "Second user"}, - {"role": "assistant", "content": "Assistant reply 2"}, - {"role": "user", "content": "Third user"} - ] - }`) - output := ensureCacheControl(input) - - cacheType := gjson.GetBytes(output, "messages.2.content.0.cache_control.type") - if cacheType.String() != "ephemeral" { - t.Errorf("cache_control not found on second-to-last user turn. Output: %s", string(output)) - } - - lastUserCache := gjson.GetBytes(output, "messages.4.content.0.cache_control") - if lastUserCache.Exists() { - t.Errorf("last user turn should NOT have cache_control") - } - }) - - // Test case 9: Existing message cache_control should skip injection - t.Run("Messages Skip When Cache Control Exists", func(t *testing.T) { - input := []byte(`{ - "model": "claude-3-5-sonnet", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "First user"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Assistant reply", "cache_control": {"type": "ephemeral"}}]}, - {"role": "user", "content": [{"type": "text", "text": "Second user"}]} - ] - }`) - output := ensureCacheControl(input) - - userCache := gjson.GetBytes(output, "messages.0.content.0.cache_control") - if userCache.Exists() { - t.Errorf("cache_control should NOT be injected when a message already has cache_control") - } - - existingCache := gjson.GetBytes(output, "messages.1.content.0.cache_control.type") - if existingCache.String() != "ephemeral" { - t.Errorf("existing cache_control should be preserved. Output: %s", string(output)) - } - }) -} - -// TestCacheControlOrder verifies the correct order: tools -> system -> messages -func TestCacheControlOrder(t *testing.T) { - input := []byte(`{ - "model": "claude-sonnet-4", - "tools": [ - {"name": "Read", "description": "Read file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}}}}, - {"name": "Write", "description": "Write file", "input_schema": {"type": "object", "properties": {"path": {"type": "string"}, "content": {"type": "string"}}}} - ], - "system": [ - {"type": "text", "text": "You are Claude Code, Anthropic's official CLI for Claude."}, - {"type": "text", "text": "Additional instructions here..."} - ], - "messages": [ - {"role": "user", "content": "Hello"} - ] - }`) - - output := ensureCacheControl(input) - - // 1. Last tool has cache_control - if gjson.GetBytes(output, "tools.1.cache_control.type").String() != "ephemeral" { - t.Error("last tool should have cache_control") - } - - // 2. First tool has NO cache_control - if gjson.GetBytes(output, "tools.0.cache_control").Exists() { - t.Error("first tool should NOT have cache_control") - } - - // 3. Last system element has cache_control - if gjson.GetBytes(output, "system.1.cache_control.type").String() != "ephemeral" { - t.Error("last system element should have cache_control") - } - - // 4. First system element has NO cache_control - if gjson.GetBytes(output, "system.0.cache_control").Exists() { - t.Error("first system element should NOT have cache_control") - } - - t.Log("cache order correct: tools -> system") -} diff --git a/internal/runtime/executor/claude_executor.go b/internal/runtime/executor/claude_executor.go deleted file mode 100644 index 963625bb41..0000000000 --- a/internal/runtime/executor/claude_executor.go +++ /dev/null @@ -1,1407 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "compress/flate" - "compress/gzip" - "context" - "fmt" - "io" - "net/http" - "runtime" - "strings" - "time" - - "github.com/andybalholm/brotli" - "github.com/klauspost/compress/zstd" - claudeauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/claude" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - - "github.com/gin-gonic/gin" -) - -// ClaudeExecutor is a stateless executor for Anthropic Claude over the messages API. -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type ClaudeExecutor struct { - cfg *config.Config -} - -const claudeToolPrefix = "proxy_" - -func NewClaudeExecutor(cfg *config.Config) *ClaudeExecutor { return &ClaudeExecutor{cfg: cfg} } - -func (e *ClaudeExecutor) Identifier() string { return "claude" } - -// PrepareRequest injects Claude credentials into the outgoing HTTP request. -func (e *ClaudeExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := claudeCreds(auth) - if strings.TrimSpace(apiKey) == "" { - return nil - } - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := req.URL != nil && strings.EqualFold(req.URL.Scheme, "https") && strings.EqualFold(req.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - req.Header.Del("Authorization") - req.Header.Set("x-api-key", apiKey) - } else { - req.Header.Del("x-api-key") - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Claude credentials into the request and executes it. -func (e *ClaudeExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("claude executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *ClaudeExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - if baseURL == "" { - baseURL = "https://api.anthropic.com" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, stream) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel, apiKey) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return resp, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if stream { - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } else { - reporter.publish(ctx, parseClaudeUsage(data)) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - data = stripClaudeToolPrefixFromResponse(data, claudeToolPrefix) - } - var param any - out := sdktranslator.TranslateNonStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - data, - ¶m, - ) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *ClaudeExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - if baseURL == "" { - baseURL = "https://api.anthropic.com" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - // Apply cloaking (system prompt injection, fake user ID, sensitive word obfuscation) - // based on client type and configuration. - body = applyCloaking(ctx, e.cfg, auth, body, baseModel, apiKey) - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - // Disable thinking if tool_choice forces tool use (Anthropic API constraint) - body = disableThinkingIfToolChoiceForced(body) - - // Auto-inject cache_control if missing (optimization for ClawdBot/clients without caching support) - if countCacheControls(body) == 0 { - body = ensureCacheControl(body) - } - - // Extract betas from body and convert to header - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - bodyForTranslation := body - bodyForUpstream := body - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - bodyForUpstream = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(bodyForUpstream)) - if err != nil { - return nil, err - } - applyClaudeHeaders(httpReq, auth, apiKey, true, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: bodyForUpstream, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - decodedBody, err := decodeResponseBody(httpResp.Body, httpResp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // If from == to (Claude → Claude), directly forward the SSE stream without translation - if from == to { - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - // Forward the line as-is to preserve SSE format - cloned := make([]byte, len(line)+1) - copy(cloned, line) - cloned[len(line)] = '\n' - out <- cliproxyexecutor.StreamChunk{Payload: cloned} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - // For other formats, use translation - scanner := bufio.NewScanner(decodedBody) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseClaudeStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - line = stripClaudeToolPrefixFromStreamLine(line, claudeToolPrefix) - } - chunks := sdktranslator.TranslateStream( - ctx, - to, - from, - req.Model, - opts.OriginalRequest, - bodyForTranslation, - bytes.Clone(line), - ¶m, - ) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *ClaudeExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := claudeCreds(auth) - if baseURL == "" { - baseURL = "https://api.anthropic.com" - } - - from := opts.SourceFormat - to := sdktranslator.FromString("claude") - // Use streaming translation to preserve function calling, except for claude. - stream := from != to - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, stream) - body, _ = sjson.SetBytes(body, "model", baseModel) - - if !strings.HasPrefix(baseModel, "claude-3-5-haiku") { - body = checkSystemInstructions(body) - } - - // Extract betas from body and convert to header (for count_tokens too) - var extraBetas []string - extraBetas, body = extractAndRemoveBetas(body) - if isClaudeOAuthToken(apiKey) && !auth.ToolPrefixDisabled() { - body = applyClaudeToolPrefix(body, claudeToolPrefix) - } - - url := fmt.Sprintf("%s/v1/messages/count_tokens?beta=true", baseURL) - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return cliproxyexecutor.Response{}, err - } - applyClaudeHeaders(httpReq, auth, apiKey, false, extraBetas, e.cfg) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - b, _ := io.ReadAll(resp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(b)} - } - decodedBody, err := decodeResponseBody(resp.Body, resp.Header.Get("Content-Encoding")) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return cliproxyexecutor.Response{}, err - } - defer func() { - if errClose := decodedBody.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - data, err := io.ReadAll(decodedBody) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "input_tokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: resp.Header.Clone()}, nil -} - -func (e *ClaudeExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("claude executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("claude executor: auth is nil") - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := claudeauth.NewClaudeAuth(e.cfg) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - auth.Metadata["email"] = td.Email - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "claude" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// extractAndRemoveBetas extracts the "betas" array from the body and removes it. -// Returns the extracted betas as a string slice and the modified body. -func extractAndRemoveBetas(body []byte) ([]string, []byte) { - betasResult := gjson.GetBytes(body, "betas") - if !betasResult.Exists() { - return nil, body - } - var betas []string - if betasResult.IsArray() { - for _, item := range betasResult.Array() { - if s := strings.TrimSpace(item.String()); s != "" { - betas = append(betas, s) - } - } - } else if s := strings.TrimSpace(betasResult.String()); s != "" { - betas = append(betas, s) - } - body, _ = sjson.DeleteBytes(body, "betas") - return betas, body -} - -// disableThinkingIfToolChoiceForced checks if tool_choice forces tool use and disables thinking. -// Anthropic API does not allow thinking when tool_choice is set to "any" or a specific tool. -// See: https://docs.anthropic.com/en/docs/build-with-claude/extended-thinking#important-considerations -func disableThinkingIfToolChoiceForced(body []byte) []byte { - toolChoiceType := gjson.GetBytes(body, "tool_choice.type").String() - // "auto" is allowed with thinking, but "any" or "tool" (specific tool) are not - if toolChoiceType == "any" || toolChoiceType == "tool" { - // Remove thinking configuration entirely to avoid API error - body, _ = sjson.DeleteBytes(body, "thinking") - } - return body -} - -type compositeReadCloser struct { - io.Reader - closers []func() error -} - -func (c *compositeReadCloser) Close() error { - var firstErr error - for i := range c.closers { - if c.closers[i] == nil { - continue - } - if err := c.closers[i](); err != nil && firstErr == nil { - firstErr = err - } - } - return firstErr -} - -func decodeResponseBody(body io.ReadCloser, contentEncoding string) (io.ReadCloser, error) { - if body == nil { - return nil, fmt.Errorf("response body is nil") - } - if contentEncoding == "" { - return body, nil - } - encodings := strings.Split(contentEncoding, ",") - for _, raw := range encodings { - encoding := strings.TrimSpace(strings.ToLower(raw)) - switch encoding { - case "", "identity": - continue - case "gzip": - gzipReader, err := gzip.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create gzip reader: %w", err) - } - return &compositeReadCloser{ - Reader: gzipReader, - closers: []func() error{ - gzipReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "deflate": - deflateReader := flate.NewReader(body) - return &compositeReadCloser{ - Reader: deflateReader, - closers: []func() error{ - deflateReader.Close, - func() error { return body.Close() }, - }, - }, nil - case "br": - return &compositeReadCloser{ - Reader: brotli.NewReader(body), - closers: []func() error{ - func() error { return body.Close() }, - }, - }, nil - case "zstd": - decoder, err := zstd.NewReader(body) - if err != nil { - _ = body.Close() - return nil, fmt.Errorf("failed to create zstd reader: %w", err) - } - return &compositeReadCloser{ - Reader: decoder, - closers: []func() error{ - func() error { decoder.Close(); return nil }, - func() error { return body.Close() }, - }, - }, nil - default: - continue - } - } - return body, nil -} - -// mapStainlessOS maps runtime.GOOS to Stainless SDK OS names. -func mapStainlessOS() string { - switch runtime.GOOS { - case "darwin": - return "MacOS" - case "windows": - return "Windows" - case "linux": - return "Linux" - case "freebsd": - return "FreeBSD" - default: - return "Other::" + runtime.GOOS - } -} - -// mapStainlessArch maps runtime.GOARCH to Stainless SDK architecture names. -func mapStainlessArch() string { - switch runtime.GOARCH { - case "amd64": - return "x64" - case "arm64": - return "arm64" - case "386": - return "x86" - default: - return "other::" + runtime.GOARCH - } -} - -func applyClaudeHeaders(r *http.Request, auth *cliproxyauth.Auth, apiKey string, stream bool, extraBetas []string, cfg *config.Config) { - hdrDefault := func(cfgVal, fallback string) string { - if cfgVal != "" { - return cfgVal - } - return fallback - } - - var hd config.ClaudeHeaderDefaults - if cfg != nil { - hd = cfg.ClaudeHeaderDefaults - } - - useAPIKey := auth != nil && auth.Attributes != nil && strings.TrimSpace(auth.Attributes["api_key"]) != "" - isAnthropicBase := r.URL != nil && strings.EqualFold(r.URL.Scheme, "https") && strings.EqualFold(r.URL.Host, "api.anthropic.com") - if isAnthropicBase && useAPIKey { - r.Header.Del("Authorization") - r.Header.Set("x-api-key", apiKey) - } else { - r.Header.Set("Authorization", "Bearer "+apiKey) - } - r.Header.Set("Content-Type", "application/json") - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - promptCachingBeta := "prompt-caching-2024-07-31" - baseBetas := "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14," + promptCachingBeta - if val := strings.TrimSpace(ginHeaders.Get("Anthropic-Beta")); val != "" { - baseBetas = val - if !strings.Contains(val, "oauth") { - baseBetas += ",oauth-2025-04-20" - } - } - if !strings.Contains(baseBetas, promptCachingBeta) { - baseBetas += "," + promptCachingBeta - } - - // Merge extra betas from request body - if len(extraBetas) > 0 { - existingSet := make(map[string]bool) - for _, b := range strings.Split(baseBetas, ",") { - existingSet[strings.TrimSpace(b)] = true - } - for _, beta := range extraBetas { - beta = strings.TrimSpace(beta) - if beta != "" && !existingSet[beta] { - baseBetas += "," + beta - existingSet[beta] = true - } - } - } - r.Header.Set("Anthropic-Beta", baseBetas) - - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Version", "2023-06-01") - misc.EnsureHeader(r.Header, ginHeaders, "Anthropic-Dangerous-Direct-Browser-Access", "true") - misc.EnsureHeader(r.Header, ginHeaders, "X-App", "cli") - // Values below match Claude Code 2.1.44 / @anthropic-ai/sdk 0.74.0 (captured 2026-02-17). - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Helper-Method", "stream") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Retry-Count", "0") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime-Version", hdrDefault(hd.RuntimeVersion, "v24.3.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Package-Version", hdrDefault(hd.PackageVersion, "0.74.0")) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Runtime", "node") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Lang", "js") - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Arch", mapStainlessArch()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Os", mapStainlessOS()) - misc.EnsureHeader(r.Header, ginHeaders, "X-Stainless-Timeout", hdrDefault(hd.Timeout, "600")) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", hdrDefault(hd.UserAgent, "claude-cli/2.1.44 (external, sdk-cli)")) - r.Header.Set("Connection", "keep-alive") - r.Header.Set("Accept-Encoding", "gzip, deflate, br, zstd") - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - // Keep OS/Arch mapping dynamic (not configurable). - // They intentionally continue to derive from runtime.GOOS/runtime.GOARCH. - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func claudeCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func checkSystemInstructions(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -func isClaudeOAuthToken(apiKey string) bool { - return strings.Contains(apiKey, "sk-ant-oat") -} - -func applyClaudeToolPrefix(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - - // Collect built-in tool names (those with a non-empty "type" field) so we can - // skip them consistently in both tools and message history. - builtinTools := map[string]bool{} - for _, name := range []string{"web_search", "code_execution", "text_editor", "computer"} { - builtinTools[name] = true - } - - if tools := gjson.GetBytes(body, "tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(index, tool gjson.Result) bool { - // Skip built-in tools (web_search, code_execution, etc.) which have - // a "type" field and require their name to remain unchanged. - if tool.Get("type").Exists() && tool.Get("type").String() != "" { - if n := tool.Get("name").String(); n != "" { - builtinTools[n] = true - } - return true - } - name := tool.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("tools.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - return true - }) - } - - if gjson.GetBytes(body, "tool_choice.type").String() == "tool" { - name := gjson.GetBytes(body, "tool_choice.name").String() - if name != "" && !strings.HasPrefix(name, prefix) && !builtinTools[name] { - body, _ = sjson.SetBytes(body, "tool_choice.name", prefix+name) - } - } - - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(msgIndex, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - return true - } - content.ForEach(func(contentIndex, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if name == "" || strings.HasPrefix(name, prefix) || builtinTools[name] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+name) - case "tool_reference": - toolName := part.Get("tool_name").String() - if toolName == "" || strings.HasPrefix(toolName, prefix) || builtinTools[toolName] { - return true - } - path := fmt.Sprintf("messages.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int()) - body, _ = sjson.SetBytes(body, path, prefix+toolName) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if nestedToolName != "" && !strings.HasPrefix(nestedToolName, prefix) && !builtinTools[nestedToolName] { - nestedPath := fmt.Sprintf("messages.%d.content.%d.content.%d.tool_name", msgIndex.Int(), contentIndex.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, prefix+nestedToolName) - } - } - return true - }) - } - } - return true - }) - return true - }) - } - - return body -} - -func stripClaudeToolPrefixFromResponse(body []byte, prefix string) []byte { - if prefix == "" { - return body - } - content := gjson.GetBytes(body, "content") - if !content.Exists() || !content.IsArray() { - return body - } - content.ForEach(func(index, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "tool_use": - name := part.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return true - } - path := fmt.Sprintf("content.%d.name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(name, prefix)) - case "tool_reference": - toolName := part.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return true - } - path := fmt.Sprintf("content.%d.tool_name", index.Int()) - body, _ = sjson.SetBytes(body, path, strings.TrimPrefix(toolName, prefix)) - case "tool_result": - // Handle nested tool_reference blocks inside tool_result.content[] - nestedContent := part.Get("content") - if nestedContent.Exists() && nestedContent.IsArray() { - nestedContent.ForEach(func(nestedIndex, nestedPart gjson.Result) bool { - if nestedPart.Get("type").String() == "tool_reference" { - nestedToolName := nestedPart.Get("tool_name").String() - if strings.HasPrefix(nestedToolName, prefix) { - nestedPath := fmt.Sprintf("content.%d.content.%d.tool_name", index.Int(), nestedIndex.Int()) - body, _ = sjson.SetBytes(body, nestedPath, strings.TrimPrefix(nestedToolName, prefix)) - } - } - return true - }) - } - } - return true - }) - return body -} - -func stripClaudeToolPrefixFromStreamLine(line []byte, prefix string) []byte { - if prefix == "" { - return line - } - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return line - } - contentBlock := gjson.GetBytes(payload, "content_block") - if !contentBlock.Exists() { - return line - } - - blockType := contentBlock.Get("type").String() - var updated []byte - var err error - - switch blockType { - case "tool_use": - name := contentBlock.Get("name").String() - if !strings.HasPrefix(name, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.name", strings.TrimPrefix(name, prefix)) - if err != nil { - return line - } - case "tool_reference": - toolName := contentBlock.Get("tool_name").String() - if !strings.HasPrefix(toolName, prefix) { - return line - } - updated, err = sjson.SetBytes(payload, "content_block.tool_name", strings.TrimPrefix(toolName, prefix)) - if err != nil { - return line - } - default: - return line - } - - trimmed := bytes.TrimSpace(line) - if bytes.HasPrefix(trimmed, []byte("data:")) { - return append([]byte("data: "), updated...) - } - return updated -} - -// getClientUserAgent extracts the client User-Agent from the gin context. -func getClientUserAgent(ctx context.Context) string { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - return ginCtx.GetHeader("User-Agent") - } - return "" -} - -// getCloakConfigFromAuth extracts cloak configuration from auth attributes. -// Returns (cloakMode, strictMode, sensitiveWords, cacheUserID). -func getCloakConfigFromAuth(auth *cliproxyauth.Auth) (string, bool, []string, bool) { - if auth == nil || auth.Attributes == nil { - return "auto", false, nil, false - } - - cloakMode := auth.Attributes["cloak_mode"] - if cloakMode == "" { - cloakMode = "auto" - } - - strictMode := strings.ToLower(auth.Attributes["cloak_strict_mode"]) == "true" - - var sensitiveWords []string - if wordsStr := auth.Attributes["cloak_sensitive_words"]; wordsStr != "" { - sensitiveWords = strings.Split(wordsStr, ",") - for i := range sensitiveWords { - sensitiveWords[i] = strings.TrimSpace(sensitiveWords[i]) - } - } - - cacheUserID := strings.EqualFold(strings.TrimSpace(auth.Attributes["cloak_cache_user_id"]), "true") - - return cloakMode, strictMode, sensitiveWords, cacheUserID -} - -// resolveClaudeKeyCloakConfig finds the matching ClaudeKey config and returns its CloakConfig. -func resolveClaudeKeyCloakConfig(cfg *config.Config, auth *cliproxyauth.Auth) *config.CloakConfig { - if cfg == nil || auth == nil { - return nil - } - - apiKey, baseURL := claudeCreds(auth) - if apiKey == "" { - return nil - } - - for i := range cfg.ClaudeKey { - entry := &cfg.ClaudeKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - - // Match by API key - if strings.EqualFold(cfgKey, apiKey) { - // If baseURL is specified, also check it - if baseURL != "" && cfgBase != "" && !strings.EqualFold(cfgBase, baseURL) { - continue - } - return entry.Cloak - } - } - - return nil -} - -// injectFakeUserID generates and injects a fake user ID into the request metadata. -// When useCache is false, a new user ID is generated for every call. -func injectFakeUserID(payload []byte, apiKey string, useCache bool) []byte { - generateID := func() string { - if useCache { - return cachedUserID(apiKey) - } - return generateFakeUserID() - } - - metadata := gjson.GetBytes(payload, "metadata") - if !metadata.Exists() { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", generateID()) - return payload - } - - existingUserID := gjson.GetBytes(payload, "metadata.user_id").String() - if existingUserID == "" || !isValidUserID(existingUserID) { - payload, _ = sjson.SetBytes(payload, "metadata.user_id", generateID()) - } - return payload -} - -// checkSystemInstructionsWithMode injects Claude Code system prompt. -// In strict mode, it replaces all user system messages. -// In non-strict mode (default), it prepends to existing system messages. -func checkSystemInstructionsWithMode(payload []byte, strictMode bool) []byte { - system := gjson.GetBytes(payload, "system") - claudeCodeInstructions := `[{"type":"text","text":"You are Claude Code, Anthropic's official CLI for Claude."}]` - - if strictMode { - // Strict mode: replace all system messages with Claude Code prompt only - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - return payload - } - - // Non-strict mode (default): prepend Claude Code prompt to existing system messages - if system.IsArray() { - if gjson.GetBytes(payload, "system.0.text").String() != "You are Claude Code, Anthropic's official CLI for Claude." { - system.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - claudeCodeInstructions, _ = sjson.SetRaw(claudeCodeInstructions, "-1", part.Raw) - } - return true - }) - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - } else { - payload, _ = sjson.SetRawBytes(payload, "system", []byte(claudeCodeInstructions)) - } - return payload -} - -// applyCloaking applies cloaking transformations to the payload based on config and client. -// Cloaking includes: system prompt injection, fake user ID, and sensitive word obfuscation. -func applyCloaking(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, payload []byte, model string, apiKey string) []byte { - clientUserAgent := getClientUserAgent(ctx) - - // Get cloak config from ClaudeKey configuration - cloakCfg := resolveClaudeKeyCloakConfig(cfg, auth) - - // Determine cloak settings - var cloakMode string - var strictMode bool - var sensitiveWords []string - var cacheUserID bool - - if cloakCfg != nil { - cloakMode = cloakCfg.Mode - strictMode = cloakCfg.StrictMode - sensitiveWords = cloakCfg.SensitiveWords - } - - // Fallback to auth attributes if no config found - if cloakMode == "" { - attrMode, attrStrict, attrWords, attrCache := getCloakConfigFromAuth(auth) - cloakMode = attrMode - if !strictMode { - strictMode = attrStrict - } - if len(sensitiveWords) == 0 { - sensitiveWords = attrWords - } - if true { - cacheUserID = attrCache - } - } else if true { - _, _, _, attrCache := getCloakConfigFromAuth(auth) - cacheUserID = attrCache - } - - // Determine if cloaking should be applied - if !shouldCloak(cloakMode, clientUserAgent) { - return payload - } - - // Skip system instructions for claude-3-5-haiku models - if !strings.HasPrefix(model, "claude-3-5-haiku") { - payload = checkSystemInstructionsWithMode(payload, strictMode) - } - - // Inject fake user ID - payload = injectFakeUserID(payload, apiKey, cacheUserID) - - // Apply sensitive word obfuscation - if len(sensitiveWords) > 0 { - matcher := buildSensitiveWordMatcher(sensitiveWords) - payload = obfuscateSensitiveWords(payload, matcher) - } - - return payload -} - -// ensureCacheControl injects cache_control breakpoints into the payload for optimal prompt caching. -// According to Anthropic's documentation, cache prefixes are created in order: tools -> system -> messages. -// This function adds cache_control to: -// 1. The LAST tool in the tools array (caches all tool definitions) -// 2. The LAST element in the system array (caches system prompt) -// 3. The SECOND-TO-LAST user turn (caches conversation history for multi-turn) -// -// Up to 4 cache breakpoints are allowed per request. Tools, System, and Messages are INDEPENDENT breakpoints. -// This enables up to 90% cost reduction on cached tokens (cache read = 0.1x base price). -// See: https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching -func ensureCacheControl(payload []byte) []byte { - // 1. Inject cache_control into the LAST tool (caches all tool definitions) - // Tools are cached first in the hierarchy, so this is the most important breakpoint. - payload = injectToolsCacheControl(payload) - - // 2. Inject cache_control into the LAST system prompt element - // System is the second level in the cache hierarchy. - payload = injectSystemCacheControl(payload) - - // 3. Inject cache_control into messages for multi-turn conversation caching - // This caches the conversation history up to the second-to-last user turn. - payload = injectMessagesCacheControl(payload) - - return payload -} - -func countCacheControls(payload []byte) int { - count := 0 - - // Check system - system := gjson.GetBytes(payload, "system") - if system.IsArray() { - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check tools - tools := gjson.GetBytes(payload, "tools") - if tools.IsArray() { - tools.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - - // Check messages - messages := gjson.GetBytes(payload, "messages") - if messages.IsArray() { - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - count++ - } - return true - }) - } - return true - }) - } - - return count -} - -// injectMessagesCacheControl adds cache_control to the second-to-last user turn for multi-turn caching. -// Per Anthropic docs: "Place cache_control on the second-to-last User message to let the model reuse the earlier cache." -// This enables caching of conversation history, which is especially beneficial for long multi-turn conversations. -// Only adds cache_control if: -// - There are at least 2 user turns in the conversation -// - No message content already has cache_control -func injectMessagesCacheControl(payload []byte) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - // Check if ANY message content already has cache_control - hasCacheControlInMessages := false - messages.ForEach(func(_, msg gjson.Result) bool { - content := msg.Get("content") - if content.IsArray() { - content.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInMessages = true - return false - } - return true - }) - } - return !hasCacheControlInMessages - }) - if hasCacheControlInMessages { - return payload - } - - // Find all user message indices - var userMsgIndices []int - messages.ForEach(func(index gjson.Result, msg gjson.Result) bool { - if msg.Get("role").String() == "user" { - userMsgIndices = append(userMsgIndices, int(index.Int())) - } - return true - }) - - // Need at least 2 user turns to cache the second-to-last - if len(userMsgIndices) < 2 { - return payload - } - - // Get the second-to-last user message index - secondToLastUserIdx := userMsgIndices[len(userMsgIndices)-2] - - // Get the content of this message - contentPath := fmt.Sprintf("messages.%d.content", secondToLastUserIdx) - content := gjson.GetBytes(payload, contentPath) - - if content.IsArray() { - // Add cache_control to the last content block of this message - contentCount := int(content.Get("#").Int()) - if contentCount > 0 { - cacheControlPath := fmt.Sprintf("messages.%d.content.%d.cache_control", secondToLastUserIdx, contentCount-1) - result, err := sjson.SetBytes(payload, cacheControlPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into messages: %v", err) - return payload - } - payload = result - } - } else if content.Type == gjson.String { - // Convert string content to array with cache_control - text := content.String() - newContent := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, contentPath, newContent) - if err != nil { - log.Warnf("failed to inject cache_control into message string content: %v", err) - return payload - } - payload = result - } - - return payload -} - -// injectToolsCacheControl adds cache_control to the last tool in the tools array. -// Per Anthropic docs: "The cache_control parameter on the last tool definition caches all tool definitions." -// This only adds cache_control if NO tool in the array already has it. -func injectToolsCacheControl(payload []byte) []byte { - tools := gjson.GetBytes(payload, "tools") - if !tools.Exists() || !tools.IsArray() { - return payload - } - - toolCount := int(tools.Get("#").Int()) - if toolCount == 0 { - return payload - } - - // Check if ANY tool already has cache_control - if so, don't modify tools - hasCacheControlInTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("cache_control").Exists() { - hasCacheControlInTools = true - return false - } - return true - }) - if hasCacheControlInTools { - return payload - } - - // Add cache_control to the last tool - lastToolPath := fmt.Sprintf("tools.%d.cache_control", toolCount-1) - result, err := sjson.SetBytes(payload, lastToolPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into tools array: %v", err) - return payload - } - - return result -} - -// injectSystemCacheControl adds cache_control to the last element in the system prompt. -// Converts string system prompts to array format if needed. -// This only adds cache_control if NO system element already has it. -func injectSystemCacheControl(payload []byte) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - count := int(system.Get("#").Int()) - if count == 0 { - return payload - } - - // Check if ANY system element already has cache_control - hasCacheControlInSystem := false - system.ForEach(func(_, item gjson.Result) bool { - if item.Get("cache_control").Exists() { - hasCacheControlInSystem = true - return false - } - return true - }) - if hasCacheControlInSystem { - return payload - } - - // Add cache_control to the last system element - lastSystemPath := fmt.Sprintf("system.%d.cache_control", count-1) - result, err := sjson.SetBytes(payload, lastSystemPath, map[string]string{"type": "ephemeral"}) - if err != nil { - log.Warnf("failed to inject cache_control into system array: %v", err) - return payload - } - payload = result - } else if system.Type == gjson.String { - // Convert string system prompt to array with cache_control - // "system": "text" -> "system": [{"type": "text", "text": "text", "cache_control": {"type": "ephemeral"}}] - text := system.String() - newSystem := []map[string]interface{}{ - { - "type": "text", - "text": text, - "cache_control": map[string]string{ - "type": "ephemeral", - }, - }, - } - result, err := sjson.SetBytes(payload, "system", newSystem) - if err != nil { - log.Warnf("failed to inject cache_control into system string: %v", err) - return payload - } - payload = result - } - - return payload -} diff --git a/internal/runtime/executor/claude_executor_test.go b/internal/runtime/executor/claude_executor_test.go deleted file mode 100644 index a5d2f539c1..0000000000 --- a/internal/runtime/executor/claude_executor_test.go +++ /dev/null @@ -1,281 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestApplyClaudeToolPrefix(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"},{"name":"proxy_bravo"}],"tool_choice":{"type":"tool","name":"charlie"},"messages":[{"role":"assistant","content":[{"type":"tool_use","name":"delta","id":"t1","input":{}}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_alpha" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_alpha") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_bravo" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_bravo") - } - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "proxy_charlie" { - t.Fatalf("tool_choice.name = %q, want %q", got, "proxy_charlie") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_delta" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_delta") - } -} - -func TestApplyClaudeToolPrefix_WithToolReference(t *testing.T) { - input := []byte(`{"tools":[{"name":"alpha"}],"messages":[{"role":"user","content":[{"type":"tool_reference","tool_name":"beta"},{"type":"tool_reference","tool_name":"proxy_gamma"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.tool_name").String(); got != "proxy_beta" { - t.Fatalf("messages.0.content.0.tool_name = %q, want %q", got, "proxy_beta") - } - if got := gjson.GetBytes(out, "messages.0.content.1.tool_name").String(); got != "proxy_gamma" { - t.Fatalf("messages.0.content.1.tool_name = %q, want %q", got, "proxy_gamma") - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinTools(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"},{"name":"my_custom_tool","input_schema":{"type":"object"}}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("built-in tool name should not be prefixed: tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_my_custom_tool" { - t.Fatalf("custom tool should be prefixed: tools.1.name = %q, want %q", got, "proxy_my_custom_tool") - } -} - -func TestApplyClaudeToolPrefix_BuiltinToolSkipped(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search", "max_uses": 5}, - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}}, - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "web_search" { - t.Fatalf("tools.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Read" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_KnownBuiltinInHistoryOnly(t *testing.T) { - body := []byte(`{ - "tools": [ - {"name": "Read"} - ], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "web_search", "id": "ws1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "web_search" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "web_search") - } - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } -} - -func TestApplyClaudeToolPrefix_CustomToolsPrefixed(t *testing.T) { - body := []byte(`{ - "tools": [{"name": "Read"}, {"name": "Write"}], - "messages": [ - {"role": "user", "content": [ - {"type": "tool_use", "name": "Read", "id": "r1", "input": {}}, - {"type": "tool_use", "name": "Write", "id": "w1", "input": {}} - ]} - ] - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tools.0.name").String(); got != "proxy_Read" { - t.Fatalf("tools.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "tools.1.name").String(); got != "proxy_Write" { - t.Fatalf("tools.1.name = %q, want %q", got, "proxy_Write") - } - if got := gjson.GetBytes(out, "messages.0.content.0.name").String(); got != "proxy_Read" { - t.Fatalf("messages.0.content.0.name = %q, want %q", got, "proxy_Read") - } - if got := gjson.GetBytes(out, "messages.0.content.1.name").String(); got != "proxy_Write" { - t.Fatalf("messages.0.content.1.name = %q, want %q", got, "proxy_Write") - } -} - -func TestApplyClaudeToolPrefix_ToolChoiceBuiltin(t *testing.T) { - body := []byte(`{ - "tools": [ - {"type": "web_search_20250305", "name": "web_search"}, - {"name": "Read"} - ], - "tool_choice": {"type": "tool", "name": "web_search"} - }`) - out := applyClaudeToolPrefix(body, "proxy_") - - if got := gjson.GetBytes(out, "tool_choice.name").String(); got != "web_search" { - t.Fatalf("tool_choice.name = %q, want %q", got, "web_search") - } -} - -func TestStripClaudeToolPrefixFromResponse(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_use","name":"proxy_alpha","id":"t1","input":{}},{"type":"tool_use","name":"bravo","id":"t2","input":{}}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.name").String(); got != "alpha" { - t.Fatalf("content.0.name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.name").String(); got != "bravo" { - t.Fatalf("content.1.name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromResponse_WithToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_reference","tool_name":"proxy_alpha"},{"type":"tool_reference","tool_name":"bravo"}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - - if got := gjson.GetBytes(out, "content.0.tool_name").String(); got != "alpha" { - t.Fatalf("content.0.tool_name = %q, want %q", got, "alpha") - } - if got := gjson.GetBytes(out, "content.1.tool_name").String(); got != "bravo" { - t.Fatalf("content.1.tool_name = %q, want %q", got, "bravo") - } -} - -func TestStripClaudeToolPrefixFromStreamLine(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_use","name":"proxy_alpha","id":"t1"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.name").String(); got != "alpha" { - t.Fatalf("content_block.name = %q, want %q", got, "alpha") - } -} - -func TestStripClaudeToolPrefixFromStreamLine_WithToolReference(t *testing.T) { - line := []byte(`data: {"type":"content_block_start","content_block":{"type":"tool_reference","tool_name":"proxy_beta"},"index":0}`) - out := stripClaudeToolPrefixFromStreamLine(line, "proxy_") - - payload := bytes.TrimSpace(out) - if bytes.HasPrefix(payload, []byte("data:")) { - payload = bytes.TrimSpace(payload[len("data:"):]) - } - if got := gjson.GetBytes(payload, "content_block.tool_name").String(); got != "beta" { - t.Fatalf("content_block.tool_name = %q, want %q", got, "beta") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReference(t *testing.T) { - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"mcp__nia__manage_resource"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "proxy_mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "proxy_mcp__nia__manage_resource") - } -} - -func TestClaudeExecutor_GeneratesNewUserIDByDefault(t *testing.T) { - resetUserIDCache() - - var userIDs []string - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - body, _ := io.ReadAll(r.Body) - userIDs = append(userIDs, gjson.GetBytes(body, "metadata.user_id").String()) - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"msg_1","type":"message","model":"claude-3-5-sonnet","role":"assistant","content":[{"type":"text","text":"ok"}],"usage":{"input_tokens":1,"output_tokens":1}}`)) - })) - defer server.Close() - - executor := NewClaudeExecutor(&config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "api_key": "key-123", - "base_url": server.URL, - }} - - payload := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hi"}]}]}`) - - for i := 0; i < 2; i++ { - if _, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "claude-3-5-sonnet", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("claude"), - }); err != nil { - t.Fatalf("Execute call %d error: %v", i, err) - } - } - - if len(userIDs) != 2 { - t.Fatalf("expected 2 requests, got %d", len(userIDs)) - } - if userIDs[0] == "" || userIDs[1] == "" { - t.Fatal("expected user_id to be populated") - } - if userIDs[0] == userIDs[1] { - t.Fatalf("expected user_id to change when caching is not enabled, got identical values %q", userIDs[0]) - } - if !isValidUserID(userIDs[0]) || !isValidUserID(userIDs[1]) { - t.Fatalf("user_ids should be valid, got %q and %q", userIDs[0], userIDs[1]) - } -} - -func TestStripClaudeToolPrefixFromResponse_NestedToolReference(t *testing.T) { - input := []byte(`{"content":[{"type":"tool_result","tool_use_id":"toolu_123","content":[{"type":"tool_reference","tool_name":"proxy_mcp__nia__manage_resource"}]}]}`) - out := stripClaudeToolPrefixFromResponse(input, "proxy_") - got := gjson.GetBytes(out, "content.0.content.0.tool_name").String() - if got != "mcp__nia__manage_resource" { - t.Fatalf("nested tool_reference tool_name = %q, want %q", got, "mcp__nia__manage_resource") - } -} - -func TestApplyClaudeToolPrefix_NestedToolReferenceWithStringContent(t *testing.T) { - // tool_result.content can be a string - should not be processed - input := []byte(`{"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"toolu_123","content":"plain string result"}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content").String() - if got != "plain string result" { - t.Fatalf("string content should remain unchanged = %q", got) - } -} - -func TestApplyClaudeToolPrefix_SkipsBuiltinToolReference(t *testing.T) { - input := []byte(`{"tools":[{"type":"web_search_20250305","name":"web_search"}],"messages":[{"role":"user","content":[{"type":"tool_result","tool_use_id":"t1","content":[{"type":"tool_reference","tool_name":"web_search"}]}]}]}`) - out := applyClaudeToolPrefix(input, "proxy_") - got := gjson.GetBytes(out, "messages.0.content.0.content.0.tool_name").String() - if got != "web_search" { - t.Fatalf("built-in tool_reference should not be prefixed, got %q", got) - } -} diff --git a/internal/runtime/executor/cloak_obfuscate.go b/internal/runtime/executor/cloak_obfuscate.go deleted file mode 100644 index 81781802ac..0000000000 --- a/internal/runtime/executor/cloak_obfuscate.go +++ /dev/null @@ -1,176 +0,0 @@ -package executor - -import ( - "regexp" - "sort" - "strings" - "unicode/utf8" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// zeroWidthSpace is the Unicode zero-width space character used for obfuscation. -const zeroWidthSpace = "\u200B" - -// SensitiveWordMatcher holds the compiled regex for matching sensitive words. -type SensitiveWordMatcher struct { - regex *regexp.Regexp -} - -// buildSensitiveWordMatcher compiles a regex from the word list. -// Words are sorted by length (longest first) for proper matching. -func buildSensitiveWordMatcher(words []string) *SensitiveWordMatcher { - if len(words) == 0 { - return nil - } - - // Filter and normalize words - var validWords []string - for _, w := range words { - w = strings.TrimSpace(w) - if utf8.RuneCountInString(w) >= 2 && !strings.Contains(w, zeroWidthSpace) { - validWords = append(validWords, w) - } - } - - if len(validWords) == 0 { - return nil - } - - // Sort by length (longest first) for proper matching - sort.Slice(validWords, func(i, j int) bool { - return len(validWords[i]) > len(validWords[j]) - }) - - // Escape and join - escaped := make([]string, len(validWords)) - for i, w := range validWords { - escaped[i] = regexp.QuoteMeta(w) - } - - pattern := "(?i)" + strings.Join(escaped, "|") - re, err := regexp.Compile(pattern) - if err != nil { - return nil - } - - return &SensitiveWordMatcher{regex: re} -} - -// obfuscateWord inserts a zero-width space after the first grapheme. -func obfuscateWord(word string) string { - if strings.Contains(word, zeroWidthSpace) { - return word - } - - // Get first rune - r, size := utf8.DecodeRuneInString(word) - if r == utf8.RuneError || size >= len(word) { - return word - } - - return string(r) + zeroWidthSpace + word[size:] -} - -// obfuscateText replaces all sensitive words in the text. -func (m *SensitiveWordMatcher) obfuscateText(text string) string { - if m == nil || m.regex == nil { - return text - } - return m.regex.ReplaceAllStringFunc(text, obfuscateWord) -} - -// obfuscateSensitiveWords processes the payload and obfuscates sensitive words -// in system blocks and message content. -func obfuscateSensitiveWords(payload []byte, matcher *SensitiveWordMatcher) []byte { - if matcher == nil || matcher.regex == nil { - return payload - } - - // Obfuscate in system blocks - payload = obfuscateSystemBlocks(payload, matcher) - - // Obfuscate in messages - payload = obfuscateMessages(payload, matcher) - - return payload -} - -// obfuscateSystemBlocks obfuscates sensitive words in system blocks. -func obfuscateSystemBlocks(payload []byte, matcher *SensitiveWordMatcher) []byte { - system := gjson.GetBytes(payload, "system") - if !system.Exists() { - return payload - } - - if system.IsArray() { - modified := false - system.ForEach(func(key, value gjson.Result) bool { - if value.Get("type").String() == "text" { - text := value.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := "system." + key.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - modified = true - } - } - return true - }) - if modified { - return payload - } - } else if system.Type == gjson.String { - text := system.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, "system", obfuscated) - } - } - - return payload -} - -// obfuscateMessages obfuscates sensitive words in message content. -func obfuscateMessages(payload []byte, matcher *SensitiveWordMatcher) []byte { - messages := gjson.GetBytes(payload, "messages") - if !messages.Exists() || !messages.IsArray() { - return payload - } - - messages.ForEach(func(msgKey, msg gjson.Result) bool { - content := msg.Get("content") - if !content.Exists() { - return true - } - - msgPath := "messages." + msgKey.String() - - if content.Type == gjson.String { - // Simple string content - text := content.String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - payload, _ = sjson.SetBytes(payload, msgPath+".content", obfuscated) - } - } else if content.IsArray() { - // Array of content blocks - content.ForEach(func(blockKey, block gjson.Result) bool { - if block.Get("type").String() == "text" { - text := block.Get("text").String() - obfuscated := matcher.obfuscateText(text) - if obfuscated != text { - path := msgPath + ".content." + blockKey.String() + ".text" - payload, _ = sjson.SetBytes(payload, path, obfuscated) - } - } - return true - }) - } - - return true - }) - - return payload -} diff --git a/internal/runtime/executor/cloak_utils.go b/internal/runtime/executor/cloak_utils.go deleted file mode 100644 index 560ff88067..0000000000 --- a/internal/runtime/executor/cloak_utils.go +++ /dev/null @@ -1,47 +0,0 @@ -package executor - -import ( - "crypto/rand" - "encoding/hex" - "regexp" - "strings" - - "github.com/google/uuid" -) - -// userIDPattern matches Claude Code format: user_[64-hex]_account__session_[uuid-v4] -var userIDPattern = regexp.MustCompile(`^user_[a-fA-F0-9]{64}_account__session_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`) - -// generateFakeUserID generates a fake user ID in Claude Code format. -// Format: user_[64-hex-chars]_account__session_[UUID-v4] -func generateFakeUserID() string { - hexBytes := make([]byte, 32) - _, _ = rand.Read(hexBytes) - hexPart := hex.EncodeToString(hexBytes) - uuidPart := uuid.New().String() - return "user_" + hexPart + "_account__session_" + uuidPart -} - -// isValidUserID checks if a user ID matches Claude Code format. -func isValidUserID(userID string) bool { - return userIDPattern.MatchString(userID) -} - -// shouldCloak determines if request should be cloaked based on config and client User-Agent. -// Returns true if cloaking should be applied. -func shouldCloak(cloakMode string, userAgent string) bool { - switch strings.ToLower(cloakMode) { - case "always": - return true - case "never": - return false - default: // "auto" or empty - // If client is Claude Code, don't cloak - return !strings.HasPrefix(userAgent, "claude-cli") - } -} - -// isClaudeCodeClient checks if the User-Agent indicates a Claude Code client. -func isClaudeCodeClient(userAgent string) bool { - return strings.HasPrefix(userAgent, "claude-cli") -} diff --git a/internal/runtime/executor/codex_executor.go b/internal/runtime/executor/codex_executor.go deleted file mode 100644 index 3e9b7a7214..0000000000 --- a/internal/runtime/executor/codex_executor.go +++ /dev/null @@ -1,729 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - codexauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/codex" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "github.com/tiktoken-go/tokenizer" - - "github.com/gin-gonic/gin" - "github.com/google/uuid" -) - -const ( - codexClientVersion = "0.101.0" - codexUserAgent = "codex_cli_rs/0.101.0 (Mac OS 26.0.1; arm64) Apple_Terminal/464" -) - -var dataTag = []byte("data:") - -// CodexExecutor is a stateless executor for Codex (OpenAI Responses API entrypoint). -// If api_key is unavailable on auth, it falls back to legacy via ClientAdapter. -type CodexExecutor struct { - cfg *config.Config -} - -func NewCodexExecutor(cfg *config.Config) *CodexExecutor { return &CodexExecutor{cfg: cfg} } - -func (e *CodexExecutor) Identifier() string { return "codex" } - -// PrepareRequest injects Codex credentials into the outgoing HTTP request. -func (e *CodexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := codexCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Codex credentials into the request and executes it. -func (e *CodexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("codex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *CodexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return e.executeCompact(ctx, auth, req, opts) - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - lines := bytes.Split(data, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - - line = bytes.TrimSpace(line[5:]) - if gjson.GetBytes(line, "type").String() != "response.completed" { - continue - } - - if detail, ok := parseCodexUsage(line); ok { - reporter.publish(ctx, detail) - } - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, line, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - err = statusErr{code: 408, msg: "stream error: stream disconnected before completion: stream closed before response.completed"} - return resp, err -} - -func (e *CodexExecutor) executeCompact(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai-response") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.DeleteBytes(body, "stream") - - url := strings.TrimSuffix(baseURL, "/") + "/responses/compact" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return resp, err - } - applyCodexHeaders(httpReq, auth, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - reporter.ensurePublished(ctx) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *CodexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - body, _ = sjson.SetBytes(body, "model", baseModel) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - url := strings.TrimSuffix(baseURL, "/") + "/responses" - httpReq, err := e.cacheHelper(ctx, from, url, req, body) - if err != nil { - return nil, err - } - applyCodexHeaders(httpReq, auth, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("codex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if gjson.GetBytes(data, "type").String() == "response.completed" { - if detail, ok := parseCodexUsage(data); ok { - reporter.publish(ctx, detail) - } - } - } - - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, originalPayload, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *CodexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err := thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - body, _ = sjson.SetBytes(body, "stream", false) - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - enc, err := tokenizerForCodexModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: tokenizer init failed: %w", err) - } - - count, err := countCodexInputTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex executor: token counting failed: %w", err) - } - - usageJSON := fmt.Sprintf(`{"response":{"usage":{"input_tokens":%d,"output_tokens":0,"total_tokens":%d}}}`, count, count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, []byte(usageJSON)) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func tokenizerForCodexModel(model string) (tokenizer.Codec, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - switch { - case sanitized == "": - return tokenizer.Get(tokenizer.Cl100kBase) - case strings.HasPrefix(sanitized, "gpt-5"): - return tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - return tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - return tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - return tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - return tokenizer.ForModel(tokenizer.GPT35Turbo) - default: - return tokenizer.Get(tokenizer.Cl100kBase) - } -} - -func countCodexInputTokens(enc tokenizer.Codec, body []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(body) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(body) - var segments []string - - if inst := strings.TrimSpace(root.Get("instructions").String()); inst != "" { - segments = append(segments, inst) - } - - inputItems := root.Get("input") - if inputItems.IsArray() { - arr := inputItems.Array() - for i := range arr { - item := arr[i] - switch item.Get("type").String() { - case "message": - content := item.Get("content") - if content.IsArray() { - parts := content.Array() - for j := range parts { - part := parts[j] - if text := strings.TrimSpace(part.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - case "function_call": - if name := strings.TrimSpace(item.Get("name").String()); name != "" { - segments = append(segments, name) - } - if args := strings.TrimSpace(item.Get("arguments").String()); args != "" { - segments = append(segments, args) - } - case "function_call_output": - if out := strings.TrimSpace(item.Get("output").String()); out != "" { - segments = append(segments, out) - } - default: - if text := strings.TrimSpace(item.Get("text").String()); text != "" { - segments = append(segments, text) - } - } - } - } - - tools := root.Get("tools") - if tools.IsArray() { - tarr := tools.Array() - for i := range tarr { - tool := tarr[i] - if name := strings.TrimSpace(tool.Get("name").String()); name != "" { - segments = append(segments, name) - } - if desc := strings.TrimSpace(tool.Get("description").String()); desc != "" { - segments = append(segments, desc) - } - if params := tool.Get("parameters"); params.Exists() { - val := params.Raw - if params.Type == gjson.String { - val = params.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - } - - textFormat := root.Get("text.format") - if textFormat.Exists() { - if name := strings.TrimSpace(textFormat.Get("name").String()); name != "" { - segments = append(segments, name) - } - if schema := textFormat.Get("schema"); schema.Exists() { - val := schema.Raw - if schema.Type == gjson.String { - val = schema.String() - } - if trimmed := strings.TrimSpace(val); trimmed != "" { - segments = append(segments, trimmed) - } - } - } - - text := strings.Join(segments, "\n") - if text == "" { - return 0, nil - } - - count, err := enc.Count(text) - if err != nil { - return 0, err - } - return int64(count), nil -} - -func (e *CodexExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("codex executor: refresh called") - if auth == nil { - return nil, statusErr{code: 500, msg: "codex executor: auth is nil"} - } - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && v != "" { - refreshToken = v - } - } - if refreshToken == "" { - return auth, nil - } - svc := codexauth.NewCodexAuth(e.cfg) - td, err := svc.RefreshTokensWithRetry(ctx, refreshToken, 3) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["id_token"] = td.IDToken - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.AccountID != "" { - auth.Metadata["account_id"] = td.AccountID - } - auth.Metadata["email"] = td.Email - // Use unified key in files - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "codex" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func (e *CodexExecutor) cacheHelper(ctx context.Context, from sdktranslator.Format, url string, req cliproxyexecutor.Request, rawJSON []byte) (*http.Request, error) { - var cache codexCache - if from == "claude" { - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - var ok bool - if cache, ok = getCodexCache(key); !ok { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - } else if from == "openai-response" { - promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key") - if promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - } - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(rawJSON)) - if err != nil { - return nil, err - } - if cache.ID != "" { - httpReq.Header.Set("Conversation_id", cache.ID) - httpReq.Header.Set("Session_id", cache.ID) - } - return httpReq, nil -} - -func applyCodexHeaders(r *http.Request, auth *cliproxyauth.Auth, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "Version", codexClientVersion) - misc.EnsureHeader(r.Header, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", codexUserAgent) - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } - r.Header.Set("Connection", "Keep-Alive") - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - r.Header.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - r.Header.Set("Chatgpt-Account-Id", accountID) - } - } - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(r, attrs) -} - -func codexCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func (e *CodexExecutor) resolveCodexConfig(auth *cliproxyauth.Auth) *config.CodexKey { - if auth == nil || e.cfg == nil { - return nil - } - var attrKey, attrBase string - if auth.Attributes != nil { - attrKey = strings.TrimSpace(auth.Attributes["api_key"]) - attrBase = strings.TrimSpace(auth.Attributes["base_url"]) - } - for i := range e.cfg.CodexKey { - entry := &e.cfg.CodexKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - if attrKey != "" && attrBase != "" { - if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) { - return entry - } - continue - } - if attrKey != "" && strings.EqualFold(cfgKey, attrKey) { - if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey != "" { - for i := range e.cfg.CodexKey { - entry := &e.cfg.CodexKey[i] - if strings.EqualFold(strings.TrimSpace(entry.APIKey), attrKey) { - return entry - } - } - } - return nil -} diff --git a/internal/runtime/executor/codex_websockets_executor.go b/internal/runtime/executor/codex_websockets_executor.go deleted file mode 100644 index 1f70458859..0000000000 --- a/internal/runtime/executor/codex_websockets_executor.go +++ /dev/null @@ -1,1427 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements a Codex executor that uses the Responses API WebSocket transport. -package executor - -import ( - "bytes" - "context" - "fmt" - "io" - "net" - "net/http" - "net/url" - "strconv" - "strings" - "sync" - "time" - - "github.com/google/uuid" - "github.com/gorilla/websocket" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/net/proxy" -) - -const ( - codexResponsesWebsocketBetaHeaderValue = "responses_websockets=2026-02-04" - codexResponsesWebsocketIdleTimeout = 5 * time.Minute - codexResponsesWebsocketHandshakeTO = 30 * time.Second -) - -// CodexWebsocketsExecutor executes Codex Responses requests using a WebSocket transport. -// -// It preserves the existing CodexExecutor HTTP implementation as a fallback for endpoints -// not available over WebSocket (e.g. /responses/compact) and for websocket upgrade failures. -type CodexWebsocketsExecutor struct { - *CodexExecutor - - sessMu sync.Mutex - sessions map[string]*codexWebsocketSession -} - -type codexWebsocketSession struct { - sessionID string - - reqMu sync.Mutex - - connMu sync.Mutex - conn *websocket.Conn - wsURL string - authID string - - // connCreateSent tracks whether a `response.create` message has been successfully sent - // on the current websocket connection. The upstream expects the first message on each - // connection to be `response.create`. - connCreateSent bool - - writeMu sync.Mutex - - activeMu sync.Mutex - activeCh chan codexWebsocketRead - activeDone <-chan struct{} - activeCancel context.CancelFunc - - readerConn *websocket.Conn -} - -func NewCodexWebsocketsExecutor(cfg *config.Config) *CodexWebsocketsExecutor { - return &CodexWebsocketsExecutor{ - CodexExecutor: NewCodexExecutor(cfg), - sessions: make(map[string]*codexWebsocketSession), - } -} - -type codexWebsocketRead struct { - conn *websocket.Conn - msgType int - payload []byte - err error -} - -func (s *codexWebsocketSession) setActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCancel != nil { - s.activeCancel() - s.activeCancel = nil - s.activeDone = nil - } - s.activeCh = ch - if ch != nil { - activeCtx, activeCancel := context.WithCancel(context.Background()) - s.activeDone = activeCtx.Done() - s.activeCancel = activeCancel - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) clearActive(ch chan codexWebsocketRead) { - if s == nil { - return - } - s.activeMu.Lock() - if s.activeCh == ch { - s.activeCh = nil - if s.activeCancel != nil { - s.activeCancel() - } - s.activeCancel = nil - s.activeDone = nil - } - s.activeMu.Unlock() -} - -func (s *codexWebsocketSession) writeMessage(conn *websocket.Conn, msgType int, payload []byte) error { - if s == nil { - return fmt.Errorf("codex websockets executor: session is nil") - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - s.writeMu.Lock() - defer s.writeMu.Unlock() - return conn.WriteMessage(msgType, payload) -} - -func (s *codexWebsocketSession) configureConn(conn *websocket.Conn) { - if s == nil || conn == nil { - return - } - conn.SetPingHandler(func(appData string) error { - s.writeMu.Lock() - defer s.writeMu.Unlock() - // Reply pongs from the same write lock to avoid concurrent writes. - return conn.WriteControl(websocket.PongMessage, []byte(appData), time.Now().Add(10*time.Second)) - }) -} - -func (e *CodexWebsocketsExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return e.CodexExecutor.executeCompact(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - body, _ = sjson.SetBytes(body, "stream", true) - body, _ = sjson.DeleteBytes(body, "previous_response_id") - body, _ = sjson.DeleteBytes(body, "prompt_cache_retention") - body, _ = sjson.DeleteBytes(body, "safety_identifier") - if !gjson.GetBytes(body, "instructions").Exists() { - body, _ = sjson.SetBytes(body, "instructions", "") - } - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return resp, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - defer sess.reqMu.Unlock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if respHS != nil { - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.Execute(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return resp, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - return resp, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - defer func() { - reason := "completed" - if err != nil { - reason = "error" - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - defer sess.clearActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a fresh websocket connection. This is mainly to handle - // upstream closing the socket between sequential requests within the same - // execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry == nil && connRetry != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry == nil { - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - recordAPIResponseError(ctx, e.cfg, errSendRetry) - return resp, errSendRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - return resp, errDialRetry - } - } else { - recordAPIResponseError(ctx, e.cfg, errSend) - return resp, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - for { - if ctx != nil && ctx.Err() != nil { - return resp, ctx.Err() - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - recordAPIResponseError(ctx, e.cfg, wsErr) - return resp, wsErr - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, originalPayload, body, payload, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - } -} - -func (e *CodexWebsocketsExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - log.Debugf("Executing Codex Websockets stream request with auth ID: %s, model: %s", auth.ID, req.Model) - if ctx == nil { - ctx = context.Background() - } - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusBadRequest, msg: "streaming not supported for /responses/compact"} - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - apiKey, baseURL := codexCreds(auth) - if baseURL == "" { - baseURL = "https://chatgpt.com/backend-api/codex" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("codex") - body := req.Payload - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, body, requestedModel) - - httpURL := strings.TrimSuffix(baseURL, "/") + "/responses" - wsURL, err := buildCodexResponsesWebsocketURL(httpURL) - if err != nil { - return nil, err - } - - body, wsHeaders := applyCodexPromptCacheHeaders(from, req, body) - wsHeaders = applyCodexWebsocketHeaders(ctx, wsHeaders, auth, apiKey) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - executionSessionID := executionSessionIDFromOptions(opts) - var sess *codexWebsocketSession - if executionSessionID != "" { - sess = e.getOrCreateSession(executionSessionID) - sess.reqMu.Lock() - } - - allowAppend := true - if sess != nil { - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - } - wsReqBody := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBody, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - conn, respHS, errDial := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - var upstreamHeaders http.Header - if respHS != nil { - upstreamHeaders = respHS.Header.Clone() - recordAPIResponseMetadata(ctx, e.cfg, respHS.StatusCode, respHS.Header.Clone()) - } - if errDial != nil { - bodyErr := websocketHandshakeBody(respHS) - if len(bodyErr) > 0 { - appendAPIResponseChunk(ctx, e.cfg, bodyErr) - } - if respHS != nil && respHS.StatusCode == http.StatusUpgradeRequired { - return e.CodexExecutor.ExecuteStream(ctx, auth, req, opts) - } - if respHS != nil && respHS.StatusCode > 0 { - return nil, statusErr{code: respHS.StatusCode, msg: string(bodyErr)} - } - recordAPIResponseError(ctx, e.cfg, errDial) - if sess != nil { - sess.reqMu.Unlock() - } - return nil, errDial - } - closeHTTPResponseBody(respHS, "codex websockets executor: close handshake response body error") - - if sess == nil { - logCodexWebsocketConnected(executionSessionID, authID, wsURL) - } - - var readCh chan codexWebsocketRead - if sess != nil { - readCh = make(chan codexWebsocketRead, 4096) - sess.setActive(readCh) - } - - if errSend := writeCodexWebsocketMessage(sess, conn, wsReqBody); errSend != nil { - recordAPIResponseError(ctx, e.cfg, errSend) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "send_error", errSend) - - // Retry once with a new websocket connection for the same execution session. - connRetry, _, errDialRetry := e.ensureUpstreamConn(ctx, auth, sess, authID, wsURL, wsHeaders) - if errDialRetry != nil || connRetry == nil { - recordAPIResponseError(ctx, e.cfg, errDialRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errDialRetry - } - sess.connMu.Lock() - allowAppend = sess.connCreateSent - sess.connMu.Unlock() - wsReqBodyRetry := buildCodexWebsocketRequestBody(body, allowAppend) - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: wsURL, - Method: "WEBSOCKET", - Headers: wsHeaders.Clone(), - Body: wsReqBodyRetry, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - if errSendRetry := writeCodexWebsocketMessage(sess, connRetry, wsReqBodyRetry); errSendRetry != nil { - recordAPIResponseError(ctx, e.cfg, errSendRetry) - e.invalidateUpstreamConn(sess, connRetry, "send_error", errSendRetry) - sess.clearActive(readCh) - sess.reqMu.Unlock() - return nil, errSendRetry - } - conn = connRetry - wsReqBody = wsReqBodyRetry - } else { - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, "send_error", errSend) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return nil, errSend - } - } - markCodexWebsocketCreateSent(sess, conn, wsReqBody) - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - terminateReason := "completed" - var terminateErr error - - defer close(out) - defer func() { - if sess != nil { - sess.clearActive(readCh) - sess.reqMu.Unlock() - return - } - logCodexWebsocketDisconnected(executionSessionID, authID, wsURL, terminateReason, terminateErr) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - }() - - send := func(chunk cliproxyexecutor.StreamChunk) bool { - if ctx == nil { - out <- chunk - return true - } - select { - case out <- chunk: - return true - case <-ctx.Done(): - return false - } - } - - var param any - for { - if ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - msgType, payload, errRead := readCodexWebsocketMessage(ctx, sess, conn, readCh) - if errRead != nil { - if sess != nil && ctx != nil && ctx.Err() != nil { - terminateReason = "context_done" - terminateErr = ctx.Err() - _ = send(cliproxyexecutor.StreamChunk{Err: ctx.Err()}) - return - } - terminateReason = "read_error" - terminateErr = errRead - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - _ = send(cliproxyexecutor.StreamChunk{Err: errRead}) - return - } - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - err = fmt.Errorf("codex websockets executor: unexpected binary message") - terminateReason = "unexpected_binary" - terminateErr = err - recordAPIResponseError(ctx, e.cfg, err) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", err) - } - _ = send(cliproxyexecutor.StreamChunk{Err: err}) - return - } - continue - } - - payload = bytes.TrimSpace(payload) - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - if wsErr, ok := parseCodexWebsocketError(payload); ok { - terminateReason = "upstream_error" - terminateErr = wsErr - recordAPIResponseError(ctx, e.cfg, wsErr) - reporter.publishFailure(ctx) - if sess != nil { - e.invalidateUpstreamConn(sess, conn, "upstream_error", wsErr) - } - _ = send(cliproxyexecutor.StreamChunk{Err: wsErr}) - return - } - - payload = normalizeCodexWebsocketCompletion(payload) - eventType := gjson.GetBytes(payload, "type").String() - if eventType == "response.completed" || eventType == "response.done" { - if detail, ok := parseCodexUsage(payload); ok { - reporter.publish(ctx, detail) - } - } - - line := encodeCodexWebsocketAsSSE(payload) - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, body, body, line, ¶m) - for i := range chunks { - if !send(cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}) { - terminateReason = "context_done" - terminateErr = ctx.Err() - return - } - } - if eventType == "response.completed" || eventType == "response.done" { - return - } - } - }() - - return &cliproxyexecutor.StreamResult{Headers: upstreamHeaders, Chunks: out}, nil -} - -func (e *CodexWebsocketsExecutor) dialCodexWebsocket(ctx context.Context, auth *cliproxyauth.Auth, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - dialer := newProxyAwareWebsocketDialer(e.cfg, auth) - dialer.HandshakeTimeout = codexResponsesWebsocketHandshakeTO - dialer.EnableCompression = true - if ctx == nil { - ctx = context.Background() - } - conn, resp, err := dialer.DialContext(ctx, wsURL, headers) - if conn != nil { - // Avoid gorilla/websocket flate tail validation issues on some upstreams/Go versions. - // Negotiating permessage-deflate is fine; we just don't compress outbound messages. - conn.EnableWriteCompression(false) - } - return conn, resp, err -} - -func writeCodexWebsocketMessage(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) error { - if sess != nil { - return sess.writeMessage(conn, websocket.TextMessage, payload) - } - if conn == nil { - return fmt.Errorf("codex websockets executor: websocket conn is nil") - } - return conn.WriteMessage(websocket.TextMessage, payload) -} - -func buildCodexWebsocketRequestBody(body []byte, allowAppend bool) []byte { - if len(body) == 0 { - return nil - } - - // Codex CLI websocket v2 uses `response.create` with `previous_response_id` for incremental turns. - // The upstream ChatGPT Codex websocket currently rejects that with close 1008 (policy violation). - // Fall back to v1 `response.append` semantics on the same websocket connection to keep the session alive. - // - // NOTE: The upstream expects the first websocket event on each connection to be `response.create`, - // so we only use `response.append` after we have initialized the current connection. - if allowAppend { - if prev := strings.TrimSpace(gjson.GetBytes(body, "previous_response_id").String()); prev != "" { - inputNode := gjson.GetBytes(body, "input") - wsReqBody := []byte(`{}`) - wsReqBody, _ = sjson.SetBytes(wsReqBody, "type", "response.append") - if inputNode.Exists() && inputNode.IsArray() && strings.TrimSpace(inputNode.Raw) != "" { - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte(inputNode.Raw)) - return wsReqBody - } - wsReqBody, _ = sjson.SetRawBytes(wsReqBody, "input", []byte("[]")) - return wsReqBody - } - } - - wsReqBody, errSet := sjson.SetBytes(bytes.Clone(body), "type", "response.create") - if errSet == nil && len(wsReqBody) > 0 { - return wsReqBody - } - fallback := bytes.Clone(body) - fallback, _ = sjson.SetBytes(fallback, "type", "response.create") - return fallback -} - -func readCodexWebsocketMessage(ctx context.Context, sess *codexWebsocketSession, conn *websocket.Conn, readCh chan codexWebsocketRead) (int, []byte, error) { - if sess == nil { - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - return msgType, payload, errRead - } - if conn == nil { - return 0, nil, fmt.Errorf("codex websockets executor: websocket conn is nil") - } - if readCh == nil { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel is nil") - } - for { - select { - case <-ctx.Done(): - return 0, nil, ctx.Err() - case ev, ok := <-readCh: - if !ok { - return 0, nil, fmt.Errorf("codex websockets executor: session read channel closed") - } - if ev.conn != conn { - continue - } - if ev.err != nil { - return 0, nil, ev.err - } - return ev.msgType, ev.payload, nil - } - } -} - -func markCodexWebsocketCreateSent(sess *codexWebsocketSession, conn *websocket.Conn, payload []byte) { - if sess == nil || conn == nil || len(payload) == 0 { - return - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "response.create" { - return - } - - sess.connMu.Lock() - if sess.conn == conn { - sess.connCreateSent = true - } - sess.connMu.Unlock() -} - -func newProxyAwareWebsocketDialer(cfg *config.Config, auth *cliproxyauth.Auth) *websocket.Dialer { - dialer := &websocket.Dialer{ - Proxy: http.ProxyFromEnvironment, - HandshakeTimeout: codexResponsesWebsocketHandshakeTO, - EnableCompression: true, - NetDialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).DialContext, - } - - proxyURL := "" - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - if proxyURL == "" { - return dialer - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("codex websockets executor: parse proxy URL failed: %v", errParse) - return dialer - } - - switch parsedURL.Scheme { - case "socks5": - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - socksDialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("codex websockets executor: create SOCKS5 dialer failed: %v", errSOCKS5) - return dialer - } - dialer.Proxy = nil - dialer.NetDialContext = func(_ context.Context, network, addr string) (net.Conn, error) { - return socksDialer.Dial(network, addr) - } - case "http", "https": - dialer.Proxy = http.ProxyURL(parsedURL) - default: - log.Errorf("codex websockets executor: unsupported proxy scheme: %s", parsedURL.Scheme) - } - - return dialer -} - -func buildCodexResponsesWebsocketURL(httpURL string) (string, error) { - parsed, err := url.Parse(strings.TrimSpace(httpURL)) - if err != nil { - return "", err - } - switch strings.ToLower(parsed.Scheme) { - case "http": - parsed.Scheme = "ws" - case "https": - parsed.Scheme = "wss" - } - return parsed.String(), nil -} - -func applyCodexPromptCacheHeaders(from sdktranslator.Format, req cliproxyexecutor.Request, rawJSON []byte) ([]byte, http.Header) { - headers := http.Header{} - if len(rawJSON) == 0 { - return rawJSON, headers - } - - var cache codexCache - if from == "claude" { - userIDResult := gjson.GetBytes(req.Payload, "metadata.user_id") - if userIDResult.Exists() { - key := fmt.Sprintf("%s-%s", req.Model, userIDResult.String()) - if cached, ok := getCodexCache(key); ok { - cache = cached - } else { - cache = codexCache{ - ID: uuid.New().String(), - Expire: time.Now().Add(1 * time.Hour), - } - setCodexCache(key, cache) - } - } - } else if from == "openai-response" { - if promptCacheKey := gjson.GetBytes(req.Payload, "prompt_cache_key"); promptCacheKey.Exists() { - cache.ID = promptCacheKey.String() - } - } - - if cache.ID != "" { - rawJSON, _ = sjson.SetBytes(rawJSON, "prompt_cache_key", cache.ID) - headers.Set("Conversation_id", cache.ID) - headers.Set("Session_id", cache.ID) - } - - return rawJSON, headers -} - -func applyCodexWebsocketHeaders(ctx context.Context, headers http.Header, auth *cliproxyauth.Auth, token string) http.Header { - if headers == nil { - headers = http.Header{} - } - if strings.TrimSpace(token) != "" { - headers.Set("Authorization", "Bearer "+token) - } - - var ginHeaders http.Header - if ginCtx := ginContextFrom(ctx); ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(headers, ginHeaders, "x-codex-beta-features", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-state", "") - misc.EnsureHeader(headers, ginHeaders, "x-codex-turn-metadata", "") - misc.EnsureHeader(headers, ginHeaders, "x-responsesapi-include-timing-metrics", "") - - misc.EnsureHeader(headers, ginHeaders, "Version", codexClientVersion) - betaHeader := strings.TrimSpace(headers.Get("OpenAI-Beta")) - if betaHeader == "" && ginHeaders != nil { - betaHeader = strings.TrimSpace(ginHeaders.Get("OpenAI-Beta")) - } - if betaHeader == "" || !strings.Contains(betaHeader, "responses_websockets=") { - betaHeader = codexResponsesWebsocketBetaHeaderValue - } - headers.Set("OpenAI-Beta", betaHeader) - misc.EnsureHeader(headers, ginHeaders, "Session_id", uuid.NewString()) - misc.EnsureHeader(headers, ginHeaders, "User-Agent", codexUserAgent) - - isAPIKey := false - if auth != nil && auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - isAPIKey = true - } - } - if !isAPIKey { - headers.Set("Originator", "codex_cli_rs") - if auth != nil && auth.Metadata != nil { - if accountID, ok := auth.Metadata["account_id"].(string); ok { - if trimmed := strings.TrimSpace(accountID); trimmed != "" { - headers.Set("Chatgpt-Account-Id", trimmed) - } - } - } - } - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(&http.Request{Header: headers}, attrs) - - return headers -} - -type statusErrWithHeaders struct { - statusErr - headers http.Header -} - -func (e statusErrWithHeaders) Headers() http.Header { - if e.headers == nil { - return nil - } - return e.headers.Clone() -} - -func parseCodexWebsocketError(payload []byte) (error, bool) { - if len(payload) == 0 { - return nil, false - } - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) != "error" { - return nil, false - } - status := int(gjson.GetBytes(payload, "status").Int()) - if status == 0 { - status = int(gjson.GetBytes(payload, "status_code").Int()) - } - if status <= 0 { - return nil, false - } - - out := []byte(`{}`) - if errNode := gjson.GetBytes(payload, "error"); errNode.Exists() { - raw := errNode.Raw - if errNode.Type == gjson.String { - raw = errNode.Raw - } - out, _ = sjson.SetRawBytes(out, "error", []byte(raw)) - } else { - out, _ = sjson.SetBytes(out, "error.type", "server_error") - out, _ = sjson.SetBytes(out, "error.message", http.StatusText(status)) - } - - headers := parseCodexWebsocketErrorHeaders(payload) - return statusErrWithHeaders{ - statusErr: statusErr{code: status, msg: string(out)}, - headers: headers, - }, true -} - -func parseCodexWebsocketErrorHeaders(payload []byte) http.Header { - headersNode := gjson.GetBytes(payload, "headers") - if !headersNode.Exists() || !headersNode.IsObject() { - return nil - } - mapped := make(http.Header) - headersNode.ForEach(func(key, value gjson.Result) bool { - name := strings.TrimSpace(key.String()) - if name == "" { - return true - } - switch value.Type { - case gjson.String: - if v := strings.TrimSpace(value.String()); v != "" { - mapped.Set(name, v) - } - case gjson.Number, gjson.True, gjson.False: - if v := strings.TrimSpace(value.Raw); v != "" { - mapped.Set(name, v) - } - default: - } - return true - }) - if len(mapped) == 0 { - return nil - } - return mapped -} - -func normalizeCodexWebsocketCompletion(payload []byte) []byte { - if strings.TrimSpace(gjson.GetBytes(payload, "type").String()) == "response.done" { - updated, err := sjson.SetBytes(payload, "type", "response.completed") - if err == nil && len(updated) > 0 { - return updated - } - } - return payload -} - -func encodeCodexWebsocketAsSSE(payload []byte) []byte { - if len(payload) == 0 { - return nil - } - line := make([]byte, 0, len("data: ")+len(payload)) - line = append(line, []byte("data: ")...) - line = append(line, payload...) - return line -} - -func websocketHandshakeBody(resp *http.Response) []byte { - if resp == nil || resp.Body == nil { - return nil - } - body, _ := io.ReadAll(resp.Body) - closeHTTPResponseBody(resp, "codex websockets executor: close handshake response body error") - if len(body) == 0 { - return nil - } - return body -} - -func closeHTTPResponseBody(resp *http.Response, logPrefix string) { - if resp == nil || resp.Body == nil { - return - } - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("%s: %v", logPrefix, errClose) - } -} - -func closeOnContextDone(ctx context.Context, conn *websocket.Conn) chan struct{} { - done := make(chan struct{}) - if ctx == nil || conn == nil { - return done - } - go func() { - select { - case <-done: - case <-ctx.Done(): - _ = conn.Close() - } - }() - return done -} - -func cancelReadOnContextDone(ctx context.Context, conn *websocket.Conn) chan struct{} { - done := make(chan struct{}) - if ctx == nil || conn == nil { - return done - } - go func() { - select { - case <-done: - case <-ctx.Done(): - _ = conn.SetReadDeadline(time.Now()) - } - }() - return done -} - -func executionSessionIDFromOptions(opts cliproxyexecutor.Options) string { - if len(opts.Metadata) == 0 { - return "" - } - raw, ok := opts.Metadata[cliproxyexecutor.ExecutionSessionMetadataKey] - if !ok || raw == nil { - return "" - } - switch v := raw.(type) { - case string: - return strings.TrimSpace(v) - case []byte: - return strings.TrimSpace(string(v)) - default: - return "" - } -} - -func (e *CodexWebsocketsExecutor) getOrCreateSession(sessionID string) *codexWebsocketSession { - sessionID = strings.TrimSpace(sessionID) - if sessionID == "" { - return nil - } - e.sessMu.Lock() - defer e.sessMu.Unlock() - if e.sessions == nil { - e.sessions = make(map[string]*codexWebsocketSession) - } - if sess, ok := e.sessions[sessionID]; ok && sess != nil { - return sess - } - sess := &codexWebsocketSession{sessionID: sessionID} - e.sessions[sessionID] = sess - return sess -} - -func (e *CodexWebsocketsExecutor) ensureUpstreamConn(ctx context.Context, auth *cliproxyauth.Auth, sess *codexWebsocketSession, authID string, wsURL string, headers http.Header) (*websocket.Conn, *http.Response, error) { - if sess == nil { - return e.dialCodexWebsocket(ctx, auth, wsURL, headers) - } - - sess.connMu.Lock() - conn := sess.conn - readerConn := sess.readerConn - sess.connMu.Unlock() - if conn != nil { - if readerConn != conn { - sess.connMu.Lock() - sess.readerConn = conn - sess.connMu.Unlock() - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - } - return conn, nil, nil - } - - conn, resp, errDial := e.dialCodexWebsocket(ctx, auth, wsURL, headers) - if errDial != nil { - return nil, resp, errDial - } - - sess.connMu.Lock() - if sess.conn != nil { - previous := sess.conn - sess.connMu.Unlock() - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } - return previous, nil, nil - } - sess.conn = conn - sess.wsURL = wsURL - sess.authID = authID - sess.connCreateSent = false - sess.readerConn = conn - sess.connMu.Unlock() - - sess.configureConn(conn) - go e.readUpstreamLoop(sess, conn) - logCodexWebsocketConnected(sess.sessionID, authID, wsURL) - return conn, resp, nil -} - -func (e *CodexWebsocketsExecutor) readUpstreamLoop(sess *codexWebsocketSession, conn *websocket.Conn) { - if e == nil || sess == nil || conn == nil { - return - } - for { - _ = conn.SetReadDeadline(time.Now().Add(codexResponsesWebsocketIdleTimeout)) - msgType, payload, errRead := conn.ReadMessage() - if errRead != nil { - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errRead}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "upstream_disconnected", errRead) - return - } - - if msgType != websocket.TextMessage { - if msgType == websocket.BinaryMessage { - errBinary := fmt.Errorf("codex websockets executor: unexpected binary message") - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch != nil { - select { - case ch <- codexWebsocketRead{conn: conn, err: errBinary}: - case <-done: - default: - } - sess.clearActive(ch) - close(ch) - } - e.invalidateUpstreamConn(sess, conn, "unexpected_binary", errBinary) - return - } - continue - } - - sess.activeMu.Lock() - ch := sess.activeCh - done := sess.activeDone - sess.activeMu.Unlock() - if ch == nil { - continue - } - select { - case ch <- codexWebsocketRead{conn: conn, msgType: msgType, payload: payload}: - case <-done: - } - } -} - -func (e *CodexWebsocketsExecutor) invalidateUpstreamConn(sess *codexWebsocketSession, conn *websocket.Conn, reason string, err error) { - if sess == nil || conn == nil { - return - } - - sess.connMu.Lock() - current := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sessionID := sess.sessionID - if current == nil || current != conn { - sess.connMu.Unlock() - return - } - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sess.connMu.Unlock() - - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, err) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func (e *CodexWebsocketsExecutor) CloseExecutionSession(sessionID string) { - sessionID = strings.TrimSpace(sessionID) - if e == nil { - return - } - if sessionID == "" { - return - } - if sessionID == cliproxyauth.CloseAllExecutionSessionsID { - e.closeAllExecutionSessions("executor_replaced") - return - } - - e.sessMu.Lock() - sess := e.sessions[sessionID] - delete(e.sessions, sessionID) - e.sessMu.Unlock() - - e.closeExecutionSession(sess, "session_closed") -} - -func (e *CodexWebsocketsExecutor) closeAllExecutionSessions(reason string) { - if e == nil { - return - } - - e.sessMu.Lock() - sessions := make([]*codexWebsocketSession, 0, len(e.sessions)) - for sessionID, sess := range e.sessions { - delete(e.sessions, sessionID) - if sess != nil { - sessions = append(sessions, sess) - } - } - e.sessMu.Unlock() - - for i := range sessions { - e.closeExecutionSession(sessions[i], reason) - } -} - -func (e *CodexWebsocketsExecutor) closeExecutionSession(sess *codexWebsocketSession, reason string) { - if sess == nil { - return - } - reason = strings.TrimSpace(reason) - if reason == "" { - reason = "session_closed" - } - - sess.connMu.Lock() - conn := sess.conn - authID := sess.authID - wsURL := sess.wsURL - sess.conn = nil - sess.connCreateSent = false - if sess.readerConn == conn { - sess.readerConn = nil - } - sessionID := sess.sessionID - sess.connMu.Unlock() - - if conn == nil { - return - } - logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason, nil) - if errClose := conn.Close(); errClose != nil { - log.Errorf("codex websockets executor: close websocket error: %v", errClose) - } -} - -func logCodexWebsocketConnected(sessionID string, authID string, wsURL string) { - // codeql[go/clear-text-logging] - authID is a filename/identifier, not a credential; wsURL is sanitized - log.Infof("codex websockets: upstream connected session=%s auth=%s url=%s", strings.TrimSpace(sessionID), util.RedactAPIKey(strings.TrimSpace(authID)), sanitizeURLForLog(wsURL)) -} - -func logCodexWebsocketDisconnected(sessionID, authID, wsURL, reason string, err error) { - if err != nil { - // codeql[go/clear-text-logging] - authID is a filename/identifier, not a credential; wsURL is sanitized - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s err=%v", strings.TrimSpace(sessionID), util.RedactAPIKey(strings.TrimSpace(authID)), sanitizeURLForLog(wsURL), strings.TrimSpace(reason), err) - return - } - // codeql[go/clear-text-logging] - authID is a filename/identifier, not a credential; wsURL is sanitized - log.Infof("codex websockets: upstream disconnected session=%s auth=%s url=%s reason=%s", strings.TrimSpace(sessionID), util.RedactAPIKey(strings.TrimSpace(authID)), sanitizeURLForLog(wsURL), strings.TrimSpace(reason)) -} - -// CodexAutoExecutor routes Codex requests to the websocket transport only when: -// 1. The downstream transport is websocket, and -// 2. The selected auth enables websockets. -// -// For non-websocket downstream requests, it always uses the legacy HTTP implementation. -type CodexAutoExecutor struct { - httpExec *CodexExecutor - wsExec *CodexWebsocketsExecutor -} - -func NewCodexAutoExecutor(cfg *config.Config) *CodexAutoExecutor { - return &CodexAutoExecutor{ - httpExec: NewCodexExecutor(cfg), - wsExec: NewCodexWebsocketsExecutor(cfg), - } -} - -func (e *CodexAutoExecutor) Identifier() string { return "codex" } - -func (e *CodexAutoExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if e == nil || e.httpExec == nil { - return nil - } - return e.httpExec.PrepareRequest(req, auth) -} - -func (e *CodexAutoExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.HttpRequest(ctx, auth, req) -} - -func (e *CodexAutoExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.Execute(ctx, auth, req, opts) - } - return e.httpExec.Execute(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if e == nil || e.httpExec == nil || e.wsExec == nil { - return nil, fmt.Errorf("codex auto executor: executor is nil") - } - if cliproxyexecutor.DownstreamWebsocket(ctx) && codexWebsocketsEnabled(auth) { - return e.wsExec.ExecuteStream(ctx, auth, req, opts) - } - return e.httpExec.ExecuteStream(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if e == nil || e.httpExec == nil { - return nil, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.Refresh(ctx, auth) -} - -func (e *CodexAutoExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - if e == nil || e.httpExec == nil { - return cliproxyexecutor.Response{}, fmt.Errorf("codex auto executor: http executor is nil") - } - return e.httpExec.CountTokens(ctx, auth, req, opts) -} - -func (e *CodexAutoExecutor) CloseExecutionSession(sessionID string) { - if e == nil || e.wsExec == nil { - return - } - e.wsExec.CloseExecutionSession(sessionID) -} - -func codexWebsocketsEnabled(auth *cliproxyauth.Auth) bool { - if auth == nil { - return false - } - if len(auth.Attributes) > 0 { - if raw := strings.TrimSpace(auth.Attributes["websockets"]); raw != "" { - parsed, errParse := strconv.ParseBool(raw) - if errParse == nil { - return parsed - } - } - } - if len(auth.Metadata) == 0 { - return false - } - raw, ok := auth.Metadata["websockets"] - if !ok || raw == nil { - return false - } - switch v := raw.(type) { - case bool: - return v - case string: - parsed, errParse := strconv.ParseBool(strings.TrimSpace(v)) - if errParse == nil { - return parsed - } - default: - } - return false -} - -// sanitizeURLForLog removes query parameters that may contain sensitive data from URLs for safe logging. -func sanitizeURLForLog(rawURL string) string { - trimmed := strings.TrimSpace(rawURL) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil { - return "[invalid-url]" - } - // Clear potentially sensitive query params - parsed.RawQuery = "" - parsed.Fragment = "" - return parsed.String() -} diff --git a/internal/runtime/executor/gemini_cli_executor.go b/internal/runtime/executor/gemini_cli_executor.go deleted file mode 100644 index 72fb9560d7..0000000000 --- a/internal/runtime/executor/gemini_cli_executor.go +++ /dev/null @@ -1,907 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Gemini CLI executor that talks to Cloud Code Assist endpoints -// using OAuth credentials from auth metadata. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "regexp" - "strconv" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/runtime/geminicli" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - codeAssistEndpoint = "https://cloudcode-pa.googleapis.com" - codeAssistVersion = "v1internal" - geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - geminiOAuthClientSecret = "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" -) - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -// GeminiCLIExecutor talks to the Cloud Code Assist endpoint using OAuth credentials from auth metadata. -type GeminiCLIExecutor struct { - cfg *config.Config -} - -// NewGeminiCLIExecutor creates a new Gemini CLI executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiCLIExecutor: A new Gemini CLI executor instance -func NewGeminiCLIExecutor(cfg *config.Config) *GeminiCLIExecutor { - return &GeminiCLIExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiCLIExecutor) Identifier() string { return "gemini-cli" } - -// PrepareRequest injects Gemini CLI credentials into the outgoing HTTP request. -func (e *GeminiCLIExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - tokenSource, _, errSource := prepareGeminiCLITokenSource(req.Context(), e.cfg, auth) - if errSource != nil { - return errSource - } - tok, errTok := tokenSource.Token() - if errTok != nil { - return errTok - } - if strings.TrimSpace(tok.AccessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(req) - return nil -} - -// HttpRequest injects Gemini CLI credentials into the request and executes it. -func (e *GeminiCLIExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini-cli executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return resp, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - basePayload, err = thinking.ApplyThinking(basePayload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - projectID := resolveGeminiProjectID(auth) - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - if action == "countTokens" { - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - } else { - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - } - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return resp, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", codeAssistEndpoint, codeAssistVersion, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return resp, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return resp, err - } - - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if httpResp.StatusCode >= 200 && httpResp.StatusCode < 300 { - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(respCtx, to, from, attemptModel, opts.OriginalRequest, payload, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil - } - - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debugf("gemini cli executor: rate limited, retrying with next model: %s", models[idx+1]) - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - - err = newGeminiStatusErr(httpResp.StatusCode, data) - return resp, err - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return resp, err -} - -// ExecuteStream performs a streaming request to the Gemini CLI API. -func (e *GeminiCLIExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return nil, err - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - basePayload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - basePayload, err = thinking.ApplyThinking(basePayload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - basePayload = fixGeminiCLIImageAspectRatio(baseModel, basePayload) - requestedModel := payloadRequestedModel(opts, req.Model) - basePayload = applyPayloadConfigWithRoot(e.cfg, baseModel, "gemini", "request", basePayload, originalTranslated, requestedModel) - - projectID := resolveGeminiProjectID(auth) - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - var authID, authLabel, authType, authValue string - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - - var lastStatus int - var lastBody []byte - - for idx, attemptModel := range models { - payload := append([]byte(nil), basePayload...) - payload = setJSONField(payload, "project", projectID) - payload = setJSONField(payload, "model", attemptModel) - - tok, errTok := tokenSource.Token() - if errTok != nil { - err = errTok - return nil, err - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", codeAssistEndpoint, codeAssistVersion, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - err = errReq - return nil, err - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "text/event-stream") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpResp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - err = errDo - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, errRead := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - err = errRead - return nil, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - lastStatus = httpResp.StatusCode - lastBody = append([]byte(nil), data...) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - if httpResp.StatusCode == 429 { - if idx+1 < len(models) { - log.Debugf("gemini cli executor: rate limited, retrying with next model: %s", models[idx+1]) - } else { - log.Debug("gemini cli executor: rate limited, no additional fallback model") - } - continue - } - err = newGeminiStatusErr(httpResp.StatusCode, data) - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func(resp *http.Response, reqBody []byte, attemptModel string) { - defer close(out) - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("gemini cli executor: close response body error: %v", errClose) - } - }() - if opts.Alt == "" { - scanner := bufio.NewScanner(resp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiCLIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if bytes.HasPrefix(line, dataTag) { - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, bytes.Clone(line), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - } - } - - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - return - } - - data, errRead := io.ReadAll(resp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errRead} - return - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiCLIUsage(data)) - var param any - segments := sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, data, ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - - segments = sdktranslator.TranslateStream(respCtx, to, from, attemptModel, opts.OriginalRequest, reqBody, []byte("[DONE]"), ¶m) - for i := range segments { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(segments[i])} - } - }(httpResp, append([]byte(nil), payload...), attemptModel) - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil - } - - if len(lastBody) > 0 { - appendAPIResponseChunk(ctx, e.cfg, lastBody) - } - if lastStatus == 0 { - lastStatus = 429 - } - err = newGeminiStatusErr(lastStatus, lastBody) - return nil, err -} - -// CountTokens counts tokens for the given request using the Gemini CLI API. -func (e *GeminiCLIExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - tokenSource, baseTokenData, err := prepareGeminiCLITokenSource(ctx, e.cfg, auth) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini-cli") - - models := cliPreviewFallbackOrder(baseModel) - if len(models) == 0 || models[0] != baseModel { - models = append([]string{baseModel}, models...) - } - - httpClient := newHTTPClient(ctx, e.cfg, auth, 0) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - - var lastStatus int - var lastBody []byte - - // The loop variable attemptModel is only used as the concrete model id sent to the upstream - // Gemini CLI endpoint when iterating fallback variants. - for range models { - payload := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - payload, err = thinking.ApplyThinking(payload, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - payload = deleteJSONField(payload, "project") - payload = deleteJSONField(payload, "model") - payload = deleteJSONField(payload, "request.safetySettings") - payload = fixGeminiCLIImageAspectRatio(baseModel, payload) - - tok, errTok := tokenSource.Token() - if errTok != nil { - return cliproxyexecutor.Response{}, errTok - } - updateGeminiCLITokenMetadata(auth, baseTokenData, tok) - - url := fmt.Sprintf("%s/%s:%s", codeAssistEndpoint, codeAssistVersion, "countTokens") - if opts.Alt != "" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - reqHTTP, errReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload)) - if errReq != nil { - return cliproxyexecutor.Response{}, errReq - } - reqHTTP.Header.Set("Content-Type", "application/json") - reqHTTP.Header.Set("Authorization", "Bearer "+tok.AccessToken) - applyGeminiCLIHeaders(reqHTTP) - reqHTTP.Header.Set("Accept", "application/json") - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: reqHTTP.Header.Clone(), - Body: payload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - resp, errDo := httpClient.Do(reqHTTP) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - data, errRead := io.ReadAll(resp.Body) - _ = resp.Body.Close() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode >= 200 && resp.StatusCode < 300 { - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil - } - lastStatus = resp.StatusCode - lastBody = append([]byte(nil), data...) - if resp.StatusCode == 429 { - log.Debugf("gemini cli executor: rate limited, retrying with next model") - continue - } - break - } - - if lastStatus == 0 { - lastStatus = 429 - } - return cliproxyexecutor.Response{}, newGeminiStatusErr(lastStatus, lastBody) -} - -// Refresh refreshes the authentication credentials (no-op for Gemini CLI). -func (e *GeminiCLIExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func prepareGeminiCLITokenSource(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth) (oauth2.TokenSource, map[string]any, error) { - metadata := geminiOAuthMetadata(auth) - if auth == nil || metadata == nil { - return nil, nil, fmt.Errorf("gemini-cli auth metadata missing") - } - - var base map[string]any - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } else { - base = make(map[string]any) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, err := json.Marshal(base); err == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, err := time.Parse(time.RFC3339, expiry); err == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - } - - src := conf.TokenSource(ctxToken, &token) - currentToken, err := src.Token() - if err != nil { - return nil, nil, err - } - updateGeminiCLITokenMetadata(auth, base, currentToken) - return oauth2.ReuseTokenSource(currentToken, src), base, nil -} - -func updateGeminiCLITokenMetadata(auth *cliproxyauth.Auth, base map[string]any, tok *oauth2.Token) { - if auth == nil || tok == nil { - return - } - merged := buildGeminiTokenMap(base, tok) - fields := buildGeminiTokenFields(tok, merged) - shared := geminicli.ResolveSharedCredential(auth.Runtime) - if shared != nil { - snapshot := shared.MergeMetadata(fields) - if !geminicli.IsVirtual(auth.Runtime) { - auth.Metadata = snapshot - } - return - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } -} - -func buildGeminiTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if raw, err := json.Marshal(tok); err == nil { - var tokenMap map[string]any - if err = json.Unmarshal(raw, &tokenMap); err == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildGeminiTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func resolveGeminiProjectID(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - if runtime := auth.Runtime; runtime != nil { - if virtual, ok := runtime.(*geminicli.VirtualCredential); ok && virtual != nil { - return strings.TrimSpace(virtual.ProjectID) - } - } - return strings.TrimSpace(stringValue(auth.Metadata, "project_id")) -} - -func geminiOAuthMetadata(auth *cliproxyauth.Auth) map[string]any { - if auth == nil { - return nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if snapshot := shared.MetadataSnapshot(); len(snapshot) > 0 { - return snapshot - } - } - return auth.Metadata -} - -func newHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) -} - -func cloneMap(in map[string]any) map[string]any { - if in == nil { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func stringValue(m map[string]any, key string) string { - if m == nil { - return "" - } - if v, ok := m[key]; ok { - switch typed := v.(type) { - case string: - return typed - case fmt.Stringer: - return typed.String() - } - } - return "" -} - -// applyGeminiCLIHeaders sets required headers for the Gemini CLI upstream. -func applyGeminiCLIHeaders(r *http.Request) { - var ginHeaders http.Header - if ginCtx, ok := r.Context().Value("gin").(*gin.Context); ok && ginCtx != nil && ginCtx.Request != nil { - ginHeaders = ginCtx.Request.Header - } - - misc.EnsureHeader(r.Header, ginHeaders, "User-Agent", "google-api-nodejs-client/9.15.1") - misc.EnsureHeader(r.Header, ginHeaders, "X-Goog-Api-Client", "gl-node/22.17.0") - misc.EnsureHeader(r.Header, ginHeaders, "Client-Metadata", geminiCLIClientMetadata()) -} - -// geminiCLIClientMetadata returns a compact metadata string required by upstream. -func geminiCLIClientMetadata() string { - // Keep parity with CLI client defaults - return "ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI" -} - -// cliPreviewFallbackOrder returns preview model candidates for a base model. -func cliPreviewFallbackOrder(model string) []string { - switch model { - case "gemini-2.5-pro": - return []string{ - // "gemini-2.5-pro-preview-05-06", - // "gemini-2.5-pro-preview-06-05", - } - case "gemini-2.5-flash": - return []string{ - // "gemini-2.5-flash-preview-04-17", - // "gemini-2.5-flash-preview-05-20", - } - case "gemini-2.5-flash-lite": - return []string{ - // "gemini-2.5-flash-lite-preview-06-17", - } - default: - return nil - } -} - -// setJSONField sets a top-level JSON field on a byte slice payload via sjson. -func setJSONField(body []byte, key, value string) []byte { - if key == "" { - return body - } - updated, err := sjson.SetBytes(body, key, value) - if err != nil { - return body - } - return updated -} - -// deleteJSONField removes a top-level key if present (best-effort) via sjson. -func deleteJSONField(body []byte, key string) []byte { - if key == "" || len(body) == 0 { - return body - } - updated, err := sjson.DeleteBytes(body, key) - if err != nil { - return body - } - return updated -} - -func fixGeminiCLIImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "request.generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "request.contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "request.generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "request.generationConfig.imageConfig") - } - } - return rawJSON -} - -func newGeminiStatusErr(statusCode int, body []byte) statusErr { - err := statusErr{code: statusCode, msg: string(body)} - if statusCode == http.StatusTooManyRequests { - if retryAfter, parseErr := parseRetryDelay(body); parseErr == nil && retryAfter != nil { - err.retryAfter = retryAfter - } - } - return err -} - -// parseRetryDelay extracts the retry delay from a Google API 429 error response. -// The error response contains a RetryInfo.retryDelay field in the format "0.847655010s". -// Returns the parsed duration or an error if it cannot be determined. -func parseRetryDelay(errorBody []byte) (*time.Duration, error) { - // Try to parse the retryDelay from the error response - // Format: error.details[].retryDelay where @type == "type.googleapis.com/google.rpc.RetryInfo" - details := gjson.GetBytes(errorBody, "error.details") - if details.Exists() && details.IsArray() { - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.RetryInfo" { - retryDelay := detail.Get("retryDelay").String() - if retryDelay != "" { - // Parse duration string like "0.847655010s" - duration, err := time.ParseDuration(retryDelay) - if err != nil { - return nil, fmt.Errorf("failed to parse duration") - } - return &duration, nil - } - } - } - - // Fallback: try ErrorInfo.metadata.quotaResetDelay (e.g., "373.801628ms") - for _, detail := range details.Array() { - typeVal := detail.Get("@type").String() - if typeVal == "type.googleapis.com/google.rpc.ErrorInfo" { - quotaResetDelay := detail.Get("metadata.quotaResetDelay").String() - if quotaResetDelay != "" { - duration, err := time.ParseDuration(quotaResetDelay) - if err == nil { - return &duration, nil - } - } - } - } - } - - // Fallback: parse from error.message "Your quota will reset after Xs." - message := gjson.GetBytes(errorBody, "error.message").String() - if message != "" { - re := regexp.MustCompile(`after\s+(\d+)s\.?`) - if matches := re.FindStringSubmatch(message); len(matches) > 1 { - seconds, err := strconv.Atoi(matches[1]) - if err == nil { - return new(time.Duration(seconds) * time.Second), nil - } - } - } - - return nil, fmt.Errorf("no RetryInfo found") -} diff --git a/internal/runtime/executor/gemini_executor.go b/internal/runtime/executor/gemini_executor.go deleted file mode 100644 index 35512bd3ae..0000000000 --- a/internal/runtime/executor/gemini_executor.go +++ /dev/null @@ -1,549 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// It includes stateless executors that handle API requests, streaming responses, -// token counting, and authentication refresh for different AI service providers. -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - // glEndpoint is the base URL for the Google Generative Language API. - glEndpoint = "https://generativelanguage.googleapis.com" - - // glAPIVersion is the API version used for Gemini requests. - glAPIVersion = "v1beta" - - // streamScannerBuffer is the buffer size for SSE stream scanning. - streamScannerBuffer = 52_428_800 -) - -// GeminiExecutor is a stateless executor for the official Gemini API using API keys. -// It handles both API key and OAuth bearer token authentication, supporting both -// regular and streaming requests to the Google Generative Language API. -type GeminiExecutor struct { - // cfg holds the application configuration. - cfg *config.Config -} - -// NewGeminiExecutor creates a new Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiExecutor: A new Gemini executor instance -func NewGeminiExecutor(cfg *config.Config) *GeminiExecutor { - return &GeminiExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiExecutor) Identifier() string { return "gemini" } - -// PrepareRequest injects Gemini credentials into the outgoing HTTP request. -func (e *GeminiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, bearer := geminiCreds(auth) - if apiKey != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - } else if bearer != "" { - req.Header.Set("Authorization", "Bearer "+bearer) - req.Header.Del("x-goog-api-key") - } - applyGeminiHeaders(req, auth) - return nil -} - -// HttpRequest injects Gemini credentials into the request and executes it. -func (e *GeminiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("gemini executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Gemini API. -// It translates the request to Gemini format, sends it to the API, and translates -// the response back to the requested format. -// -// Parameters: -// - ctx: The context for the request -// - auth: The authentication information -// - req: The request to execute -// - opts: Additional execution options -// -// Returns: -// - cliproxyexecutor.Response: The response from the API -// - error: An error if the request fails -func (e *GeminiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - // Official Gemini API via API key or OAuth bearer - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := "generateContent" - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else if bearer != "" { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming request to the Gemini API. -func (e *GeminiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "streamGenerateContent") - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("gemini executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - filtered := FilterSSEUsageMetadata(line) - payload := jsonPayload(filtered) - if len(payload) == 0 { - continue - } - if detail, ok := parseGeminiStreamUsage(payload); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(payload), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens counts tokens for the given request using the Gemini API. -func (e *GeminiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, bearer := geminiCreds(auth) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - - baseURL := resolveGeminiBaseURL(auth) - url := fmt.Sprintf("%s/%s/models/%s:%s", baseURL, glAPIVersion, baseModel, "countTokens") - - requestBody := bytes.NewReader(translatedReq) - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, requestBody) - if err != nil { - return cliproxyexecutor.Response{}, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } else { - httpReq.Header.Set("Authorization", "Bearer "+bearer) - } - applyGeminiHeaders(httpReq, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - resp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - defer func() { _ = resp.Body.Close() }() - recordAPIResponseMetadata(ctx, e.cfg, resp.StatusCode, resp.Header.Clone()) - - data, err := io.ReadAll(resp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return cliproxyexecutor.Response{}, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", resp.StatusCode, summarizeErrorBody(resp.Header.Get("Content-Type"), data)) - return cliproxyexecutor.Response{}, statusErr{code: resp.StatusCode, msg: string(data)} - } - - count := gjson.GetBytes(data, "totalTokens").Int() - translated := sdktranslator.TranslateTokenCount(respCtx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(translated), Headers: resp.Header.Clone()}, nil -} - -// Refresh refreshes the authentication credentials (no-op for Gemini API key). -func (e *GeminiExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -func geminiCreds(a *cliproxyauth.Auth) (apiKey, bearer string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - apiKey = v - } - } - if a.Metadata != nil { - // GeminiTokenStorage.Token is a map that may contain access_token - if v, ok := a.Metadata["access_token"].(string); ok && v != "" { - bearer = v - } - if token, ok := a.Metadata["token"].(map[string]any); ok && token != nil { - if v, ok2 := token["access_token"].(string); ok2 && v != "" { - bearer = v - } - } - } - return -} - -func resolveGeminiBaseURL(auth *cliproxyauth.Auth) string { - base := glEndpoint - if auth != nil && auth.Attributes != nil { - if custom := strings.TrimSpace(auth.Attributes["base_url"]); custom != "" { - base = strings.TrimRight(custom, "/") - } - } - if base == "" { - return glEndpoint - } - return base -} - -func (e *GeminiExecutor) resolveGeminiConfig(auth *cliproxyauth.Auth) *config.GeminiKey { - if auth == nil || e.cfg == nil { - return nil - } - var attrKey, attrBase string - if auth.Attributes != nil { - attrKey = strings.TrimSpace(auth.Attributes["api_key"]) - attrBase = strings.TrimSpace(auth.Attributes["base_url"]) - } - for i := range e.cfg.GeminiKey { - entry := &e.cfg.GeminiKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - if attrKey != "" && attrBase != "" { - if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) { - return entry - } - continue - } - if attrKey != "" && strings.EqualFold(cfgKey, attrKey) { - if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey != "" { - for i := range e.cfg.GeminiKey { - entry := &e.cfg.GeminiKey[i] - if strings.EqualFold(strings.TrimSpace(entry.APIKey), attrKey) { - return entry - } - } - } - return nil -} - -func applyGeminiHeaders(req *http.Request, auth *cliproxyauth.Auth) { - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) -} - -func fixGeminiImageAspectRatio(modelName string, rawJSON []byte) []byte { - if modelName == "gemini-2.5-flash-image-preview" { - aspectRatioResult := gjson.GetBytes(rawJSON, "generationConfig.imageConfig.aspectRatio") - if aspectRatioResult.Exists() { - contents := gjson.GetBytes(rawJSON, "contents") - contentArray := contents.Array() - if len(contentArray) > 0 { - hasInlineData := false - loopContent: - for i := 0; i < len(contentArray); i++ { - parts := contentArray[i].Get("parts").Array() - for j := 0; j < len(parts); j++ { - if parts[j].Get("inlineData").Exists() { - hasInlineData = true - break loopContent - } - } - } - - if !hasInlineData { - emptyImageBase64ed, _ := util.CreateWhiteImageBase64(aspectRatioResult.String()) - emptyImagePart := `{"inlineData":{"mime_type":"image/png","data":""}}` - emptyImagePart, _ = sjson.Set(emptyImagePart, "inlineData.data", emptyImageBase64ed) - newPartsJson := `[]` - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", `{"text": "Based on the following requirements, create an image within the uploaded picture. The new content *MUST* completely cover the entire area of the original picture, maintaining its exact proportions, and *NO* blank areas should appear."}`) - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", emptyImagePart) - - parts := contentArray[0].Get("parts").Array() - for j := 0; j < len(parts); j++ { - newPartsJson, _ = sjson.SetRaw(newPartsJson, "-1", parts[j].Raw) - } - - rawJSON, _ = sjson.SetRawBytes(rawJSON, "contents.0.parts", []byte(newPartsJson)) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "generationConfig.responseModalities", []byte(`["IMAGE", "TEXT"]`)) - } - } - rawJSON, _ = sjson.DeleteBytes(rawJSON, "generationConfig.imageConfig") - } - } - return rawJSON -} diff --git a/internal/runtime/executor/gemini_vertex_executor.go b/internal/runtime/executor/gemini_vertex_executor.go deleted file mode 100644 index 8816658210..0000000000 --- a/internal/runtime/executor/gemini_vertex_executor.go +++ /dev/null @@ -1,1068 +0,0 @@ -// Package executor provides runtime execution capabilities for various AI service providers. -// This file implements the Vertex AI Gemini executor that talks to Google Vertex AI -// endpoints using service account credentials or API keys. -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - vertexauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/vertex" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -const ( - // vertexAPIVersion aligns with current public Vertex Generative AI API. - vertexAPIVersion = "v1" -) - -// isImagenModel checks if the model name is an Imagen image generation model. -// Imagen models use the :predict action instead of :generateContent. -func isImagenModel(model string) bool { - lowerModel := strings.ToLower(model) - return strings.Contains(lowerModel, "imagen") -} - -// getVertexAction returns the appropriate action for the given model. -// Imagen models use "predict", while Gemini models use "generateContent". -func getVertexAction(model string, isStream bool) string { - if isImagenModel(model) { - return "predict" - } - if isStream { - return "streamGenerateContent" - } - return "generateContent" -} - -// convertImagenToGeminiResponse converts Imagen API response to Gemini format -// so it can be processed by the standard translation pipeline. -// This ensures Imagen models return responses in the same format as gemini-3-pro-image-preview. -func convertImagenToGeminiResponse(data []byte, model string) []byte { - predictions := gjson.GetBytes(data, "predictions") - if !predictions.Exists() || !predictions.IsArray() { - return data - } - - // Build Gemini-compatible response with inlineData - parts := make([]map[string]any, 0) - for _, pred := range predictions.Array() { - imageData := pred.Get("bytesBase64Encoded").String() - mimeType := pred.Get("mimeType").String() - if mimeType == "" { - mimeType = "image/png" - } - if imageData != "" { - parts = append(parts, map[string]any{ - "inlineData": map[string]any{ - "mimeType": mimeType, - "data": imageData, - }, - }) - } - } - - // Generate unique response ID using timestamp - responseId := fmt.Sprintf("imagen-%d", time.Now().UnixNano()) - - response := map[string]any{ - "candidates": []map[string]any{{ - "content": map[string]any{ - "parts": parts, - "role": "model", - }, - "finishReason": "STOP", - }}, - "responseId": responseId, - "modelVersion": model, - // Imagen API doesn't return token counts, set to 0 for tracking purposes - "usageMetadata": map[string]any{ - "promptTokenCount": 0, - "candidatesTokenCount": 0, - "totalTokenCount": 0, - }, - } - - result, err := json.Marshal(response) - if err != nil { - return data - } - return result -} - -// convertToImagenRequest converts a Gemini-style request to Imagen API format. -// Imagen API uses a different structure: instances[].prompt instead of contents[]. -func convertToImagenRequest(payload []byte) ([]byte, error) { - // Extract prompt from Gemini-style contents - prompt := "" - - // Try to get prompt from contents[0].parts[0].text - contentsText := gjson.GetBytes(payload, "contents.0.parts.0.text") - if contentsText.Exists() { - prompt = contentsText.String() - } - - // If no contents, try messages format (OpenAI-compatible) - if prompt == "" { - messagesText := gjson.GetBytes(payload, "messages.#.content") - if messagesText.Exists() && messagesText.IsArray() { - for _, msg := range messagesText.Array() { - if msg.String() != "" { - prompt = msg.String() - break - } - } - } - } - - // If still no prompt, try direct prompt field - if prompt == "" { - directPrompt := gjson.GetBytes(payload, "prompt") - if directPrompt.Exists() { - prompt = directPrompt.String() - } - } - - if prompt == "" { - return nil, fmt.Errorf("imagen: no prompt found in request") - } - - // Build Imagen API request - imagenReq := map[string]any{ - "instances": []map[string]any{ - { - "prompt": prompt, - }, - }, - "parameters": map[string]any{ - "sampleCount": 1, - }, - } - - // Extract optional parameters - if aspectRatio := gjson.GetBytes(payload, "aspectRatio"); aspectRatio.Exists() { - imagenReq["parameters"].(map[string]any)["aspectRatio"] = aspectRatio.String() - } - if sampleCount := gjson.GetBytes(payload, "sampleCount"); sampleCount.Exists() { - imagenReq["parameters"].(map[string]any)["sampleCount"] = int(sampleCount.Int()) - } - if negativePrompt := gjson.GetBytes(payload, "negativePrompt"); negativePrompt.Exists() { - imagenReq["instances"].([]map[string]any)[0]["negativePrompt"] = negativePrompt.String() - } - - return json.Marshal(imagenReq) -} - -// GeminiVertexExecutor sends requests to Vertex AI Gemini endpoints using service account credentials. -type GeminiVertexExecutor struct { - cfg *config.Config -} - -// NewGeminiVertexExecutor creates a new Vertex AI Gemini executor instance. -// -// Parameters: -// - cfg: The application configuration -// -// Returns: -// - *GeminiVertexExecutor: A new Vertex AI Gemini executor instance -func NewGeminiVertexExecutor(cfg *config.Config) *GeminiVertexExecutor { - return &GeminiVertexExecutor{cfg: cfg} -} - -// Identifier returns the executor identifier. -func (e *GeminiVertexExecutor) Identifier() string { return "vertex" } - -// PrepareRequest injects Vertex credentials into the outgoing HTTP request. -func (e *GeminiVertexExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := vertexAPICreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("x-goog-api-key", apiKey) - req.Header.Del("Authorization") - return nil - } - _, _, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return errCreds - } - token, errToken := vertexAccessToken(req.Context(), e.cfg, auth, saJSON) - if errToken != nil { - return errToken - } - if strings.TrimSpace(token) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Del("x-goog-api-key") - return nil -} - -// HttpRequest injects Vertex credentials into the request and executes it. -func (e *GeminiVertexExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("vertex executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return resp, errCreds - } - return e.executeWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// ExecuteStream performs a streaming request to the Vertex AI API. -func (e *GeminiVertexExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return nil, errCreds - } - return e.executeStreamWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.executeStreamWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// CountTokens counts tokens for the given request using the Vertex AI API. -func (e *GeminiVertexExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Try API key authentication first - apiKey, baseURL := vertexAPICreds(auth) - - // If no API key found, fall back to service account authentication - if apiKey == "" { - projectID, location, saJSON, errCreds := vertexCreds(auth) - if errCreds != nil { - return cliproxyexecutor.Response{}, errCreds - } - return e.countTokensWithServiceAccount(ctx, auth, req, opts, projectID, location, saJSON) - } - - // Use API key authentication - return e.countTokensWithAPIKey(ctx, auth, req, opts, apiKey, baseURL) -} - -// Refresh refreshes the authentication credentials (no-op for Vertex). -func (e *GeminiVertexExecutor) Refresh(_ context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - return auth, nil -} - -// executeWithServiceAccount handles authentication using service account credentials. -// This method contains the original service account authentication logic. -func (e *GeminiVertexExecutor) executeWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - var body []byte - - // Handle Imagen models with special request format - if isImagenModel(baseModel) { - imagenBody, errImagen := convertToImagenRequest(req.Payload) - if errImagen != nil { - return resp, errImagen - } - body = imagenBody - } else { - // Standard Gemini translation flow - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body = sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - } - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return resp, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - - // For Imagen models, convert response to Gemini format before translation - // This ensures Imagen responses use the same format as gemini-3-pro-image-preview - if isImagenModel(baseModel) { - data = convertImagenToGeminiResponse(data, baseModel) - } - - // Standard Gemini translation (works for both Gemini and converted Imagen responses) - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeWithAPIKey handles authentication using API key credentials. -func (e *GeminiVertexExecutor) executeWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, false) - if req.Metadata != nil { - if a, _ := req.Metadata["action"].(string); a == "countTokens" { - action = "countTokens" - } - } - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - if opts.Alt != "" && action != "countTokens" { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return resp, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return resp, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return resp, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseGeminiUsage(data)) - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// executeStreamWithServiceAccount handles streaming authentication using service account credentials. -func (e *GeminiVertexExecutor) executeStreamWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return nil, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// executeStreamWithAPIKey handles streaming authentication using API key credentials. -func (e *GeminiVertexExecutor) executeStreamWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - body = fixGeminiImageAspectRatio(baseModel, body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "model", baseModel) - - action := getVertexAction(baseModel, true) - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, action) - // Imagen models don't support streaming, skip SSE params - if !isImagenModel(baseModel) { - if opts.Alt == "" { - url = url + "?alt=sse" - } else { - url = url + fmt.Sprintf("?$alt=%s", opts.Alt) - } - } - body, _ = sjson.DeleteBytes(body, "session_id") - - httpReq, errNewReq := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if errNewReq != nil { - return nil, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return nil, errDo - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, streamScannerBuffer) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseGeminiStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - } - lines := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range lines { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(lines[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// countTokensWithServiceAccount counts tokens using service account credentials. -func (e *GeminiVertexExecutor) countTokensWithServiceAccount(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, projectID, location string, saJSON []byte) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - baseURL := vertexBaseURL(location) - url := fmt.Sprintf("%s/%s/projects/%s/locations/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, projectID, location, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if token, errTok := vertexAccessToken(ctx, e.cfg, auth, saJSON); errTok == nil && token != "" { - httpReq.Header.Set("Authorization", "Bearer "+token) - } else if errTok != nil { - log.Errorf("vertex executor: access token error: %v", errTok) - return cliproxyexecutor.Response{}, statusErr{code: 500, msg: "internal server error"} - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// countTokensWithAPIKey handles token counting using API key credentials. -func (e *GeminiVertexExecutor) countTokensWithAPIKey(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, apiKey, baseURL string) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("gemini") - - translatedReq := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - translatedReq, err := thinking.ApplyThinking(translatedReq, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - translatedReq = fixGeminiImageAspectRatio(baseModel, translatedReq) - translatedReq, _ = sjson.SetBytes(translatedReq, "model", baseModel) - respCtx := context.WithValue(ctx, "alt", opts.Alt) - translatedReq, _ = sjson.DeleteBytes(translatedReq, "tools") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "generationConfig") - translatedReq, _ = sjson.DeleteBytes(translatedReq, "safetySettings") - - // For API key auth, use simpler URL format without project/location - if baseURL == "" { - baseURL = "https://generativelanguage.googleapis.com" - } - url := fmt.Sprintf("%s/%s/publishers/google/models/%s:%s", baseURL, vertexAPIVersion, baseModel, "countTokens") - - httpReq, errNewReq := http.NewRequestWithContext(respCtx, http.MethodPost, url, bytes.NewReader(translatedReq)) - if errNewReq != nil { - return cliproxyexecutor.Response{}, errNewReq - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("x-goog-api-key", apiKey) - } - applyGeminiHeaders(httpReq, auth) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translatedReq, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, errDo := httpClient.Do(httpReq) - if errDo != nil { - recordAPIResponseError(ctx, e.cfg, errDo) - return cliproxyexecutor.Response{}, errDo - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("vertex executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - return cliproxyexecutor.Response{}, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - data, errRead := io.ReadAll(httpResp.Body) - if errRead != nil { - recordAPIResponseError(ctx, e.cfg, errRead) - return cliproxyexecutor.Response{}, errRead - } - appendAPIResponseChunk(ctx, e.cfg, data) - count := gjson.GetBytes(data, "totalTokens").Int() - out := sdktranslator.TranslateTokenCount(ctx, to, from, count, data) - return cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()}, nil -} - -// vertexCreds extracts project, location and raw service account JSON from auth metadata. -func vertexCreds(a *cliproxyauth.Auth) (projectID, location string, serviceAccountJSON []byte, err error) { - if a == nil || a.Metadata == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing auth metadata") - } - if v, ok := a.Metadata["project_id"].(string); ok { - projectID = strings.TrimSpace(v) - } - if projectID == "" { - // Some service accounts may use "project"; still prefer standard field - if v, ok := a.Metadata["project"].(string); ok { - projectID = strings.TrimSpace(v) - } - } - if projectID == "" { - return "", "", nil, fmt.Errorf("vertex executor: missing project_id in credentials") - } - if v, ok := a.Metadata["location"].(string); ok && strings.TrimSpace(v) != "" { - location = strings.TrimSpace(v) - } else { - location = "us-central1" - } - var sa map[string]any - if raw, ok := a.Metadata["service_account"].(map[string]any); ok { - sa = raw - } - if sa == nil { - return "", "", nil, fmt.Errorf("vertex executor: missing service_account in credentials") - } - normalized, errNorm := vertexauth.NormalizeServiceAccountMap(sa) - if errNorm != nil { - return "", "", nil, fmt.Errorf("vertex executor: %w", errNorm) - } - saJSON, errMarshal := json.Marshal(normalized) - if errMarshal != nil { - return "", "", nil, fmt.Errorf("vertex executor: marshal service_account failed: %w", errMarshal) - } - return projectID, location, saJSON, nil -} - -// vertexAPICreds extracts API key and base URL from auth attributes following the claudeCreds pattern. -func vertexAPICreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - apiKey = a.Attributes["api_key"] - baseURL = a.Attributes["base_url"] - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - apiKey = v - } - } - return -} - -func vertexBaseURL(location string) string { - loc := strings.TrimSpace(location) - if loc == "" { - loc = "us-central1" - } else if loc == "global" { - return "https://aiplatform.googleapis.com" - } - return fmt.Sprintf("https://%s-aiplatform.googleapis.com", loc) -} - -func vertexAccessToken(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, saJSON []byte) (string, error) { - if httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0); httpClient != nil { - ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient) - } - // Use cloud-platform scope for Vertex AI. - creds, errCreds := google.CredentialsFromJSON(ctx, saJSON, "https://www.googleapis.com/auth/cloud-platform") - if errCreds != nil { - return "", fmt.Errorf("vertex executor: parse service account json failed: %w", errCreds) - } - tok, errTok := creds.TokenSource.Token() - if errTok != nil { - return "", fmt.Errorf("vertex executor: get access token failed: %w", errTok) - } - return tok.AccessToken, nil -} - -// resolveVertexConfig finds the matching vertex-api-key configuration entry for the given auth. -func (e *GeminiVertexExecutor) resolveVertexConfig(auth *cliproxyauth.Auth) *config.VertexCompatKey { - if auth == nil || e.cfg == nil { - return nil - } - var attrKey, attrBase string - if auth.Attributes != nil { - attrKey = strings.TrimSpace(auth.Attributes["api_key"]) - attrBase = strings.TrimSpace(auth.Attributes["base_url"]) - } - for i := range e.cfg.VertexCompatAPIKey { - entry := &e.cfg.VertexCompatAPIKey[i] - cfgKey := strings.TrimSpace(entry.APIKey) - cfgBase := strings.TrimSpace(entry.BaseURL) - if attrKey != "" && attrBase != "" { - if strings.EqualFold(cfgKey, attrKey) && strings.EqualFold(cfgBase, attrBase) { - return entry - } - continue - } - if attrKey != "" && strings.EqualFold(cfgKey, attrKey) { - if cfgBase == "" || strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey == "" && attrBase != "" && strings.EqualFold(cfgBase, attrBase) { - return entry - } - } - if attrKey != "" { - for i := range e.cfg.VertexCompatAPIKey { - entry := &e.cfg.VertexCompatAPIKey[i] - if strings.EqualFold(strings.TrimSpace(entry.APIKey), attrKey) { - return entry - } - } - } - return nil -} diff --git a/internal/runtime/executor/github_copilot_executor.go b/internal/runtime/executor/github_copilot_executor.go deleted file mode 100644 index 281900bcec..0000000000 --- a/internal/runtime/executor/github_copilot_executor.go +++ /dev/null @@ -1,1238 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "sync" - "time" - - "github.com/google/uuid" - copilotauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/copilot" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - githubCopilotBaseURL = "https://api.githubcopilot.com" - githubCopilotChatPath = "/chat/completions" - githubCopilotResponsesPath = "/responses" - githubCopilotAuthType = "github-copilot" - githubCopilotTokenCacheTTL = 25 * time.Minute - // tokenExpiryBuffer is the time before expiry when we should refresh the token. - tokenExpiryBuffer = 5 * time.Minute - // maxScannerBufferSize is the maximum buffer size for SSE scanning (20MB). - maxScannerBufferSize = 20_971_520 - - // Copilot API header values. - copilotUserAgent = "GitHubCopilotChat/0.35.0" - copilotEditorVersion = "vscode/1.107.0" - copilotPluginVersion = "copilot-chat/0.35.0" - copilotIntegrationID = "vscode-chat" - copilotOpenAIIntent = "conversation-panel" - copilotGitHubAPIVer = "2025-04-01" -) - -// GitHubCopilotExecutor handles requests to the GitHub Copilot API. -type GitHubCopilotExecutor struct { - cfg *config.Config - mu sync.RWMutex - cache map[string]*cachedAPIToken -} - -// cachedAPIToken stores a cached Copilot API token with its expiry. -type cachedAPIToken struct { - token string - apiEndpoint string - expiresAt time.Time -} - -// NewGitHubCopilotExecutor constructs a new executor instance. -func NewGitHubCopilotExecutor(cfg *config.Config) *GitHubCopilotExecutor { - return &GitHubCopilotExecutor{ - cfg: cfg, - cache: make(map[string]*cachedAPIToken), - } -} - -// Identifier implements ProviderExecutor. -func (e *GitHubCopilotExecutor) Identifier() string { return githubCopilotAuthType } - -// PrepareRequest implements ProviderExecutor. -func (e *GitHubCopilotExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - ctx := req.Context() - if ctx == nil { - ctx = context.Background() - } - apiToken, _, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return errToken - } - e.applyHeaders(req, apiToken, nil) - return nil -} - -// HttpRequest injects GitHub Copilot credentials into the request and executes it. -func (e *GitHubCopilotExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("github-copilot executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute handles non-streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return resp, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return resp, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", false) - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - - detail := parseOpenAIUsage(data) - if useResponses && detail.TotalTokens == 0 { - detail = parseOpenAIResponsesUsage(data) - } - if detail.TotalTokens > 0 { - reporter.publish(ctx, detail) - } - - var param any - converted := "" - if useResponses && from.String() == "claude" { - converted = translateGitHubCopilotResponsesNonStreamToClaude(data) - } else { - converted = sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, ¶m) - } - resp = cliproxyexecutor.Response{Payload: []byte(converted)} - reporter.ensurePublished(ctx) - return resp, nil -} - -// ExecuteStream handles streaming requests to GitHub Copilot. -func (e *GitHubCopilotExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - apiToken, baseURL, errToken := e.ensureAPIToken(ctx, auth) - if errToken != nil { - return nil, errToken - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - useResponses := useGitHubCopilotResponsesEndpoint(from, req.Model) - to := sdktranslator.FromString("openai") - if useResponses { - to = sdktranslator.FromString("openai-response") - } - originalPayload := bytes.Clone(req.Payload) - if len(opts.OriginalRequest) > 0 { - originalPayload = bytes.Clone(opts.OriginalRequest) - } - originalTranslated := sdktranslator.TranslateRequest(from, to, req.Model, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - body = e.normalizeModel(req.Model, body) - body = flattenAssistantContent(body) - - // Detect vision content before input normalization removes messages - hasVision := detectVisionContent(body) - - thinkingProvider := "openai" - if useResponses { - thinkingProvider = "codex" - } - body, err = thinking.ApplyThinking(body, req.Model, from.String(), thinkingProvider, e.Identifier()) - if err != nil { - return nil, err - } - - if useResponses { - body = normalizeGitHubCopilotResponsesInput(body) - body = normalizeGitHubCopilotResponsesTools(body) - } else { - body = normalizeGitHubCopilotChatTools(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, req.Model, to.String(), "", body, originalTranslated, requestedModel) - body, _ = sjson.SetBytes(body, "stream", true) - // Enable stream options for usage stats in stream - if !useResponses { - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - } - - path := githubCopilotChatPath - if useResponses { - path = githubCopilotResponsesPath - } - url := baseURL + path - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - e.applyHeaders(httpReq, apiToken, body) - - // Add Copilot-Vision-Request header if the request contains vision content - if hasVision { - httpReq.Header.Set("Copilot-Vision-Request", "true") - } - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if !isHTTPSuccess(httpResp.StatusCode) { - data, readErr := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - if readErr != nil { - recordAPIResponseError(ctx, e.cfg, readErr) - return nil, readErr - } - appendAPIResponseChunk(ctx, e.cfg, data) - log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("github-copilot executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, maxScannerBufferSize) - var param any - - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - - // Parse SSE data - if bytes.HasPrefix(line, dataTag) { - data := bytes.TrimSpace(line[5:]) - if bytes.Equal(data, []byte("[DONE]")) { - continue - } - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } else if useResponses { - if detail, ok := parseOpenAIResponsesStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - } - } - - var chunks []string - if useResponses && from.String() == "claude" { - chunks = translateGitHubCopilotResponsesStreamToClaude(bytes.Clone(line), ¶m) - } else { - chunks = sdktranslator.TranslateStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, bytes.Clone(line), ¶m) - } - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } else { - reporter.ensurePublished(ctx) - } - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// CountTokens is not supported for GitHub Copilot. -func (e *GitHubCopilotExecutor) CountTokens(_ context.Context, _ *cliproxyauth.Auth, _ cliproxyexecutor.Request, _ cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, statusErr{code: http.StatusNotImplemented, msg: "count tokens not supported for github-copilot"} -} - -// Refresh validates the GitHub token is still working. -// GitHub OAuth tokens don't expire traditionally, so we just validate. -func (e *GitHubCopilotExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return auth, nil - } - - // Validate the token can still get a Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg) - _, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return nil, statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("github-copilot token validation failed: %v", err)} - } - - return auth, nil -} - -// ensureAPIToken gets or refreshes the Copilot API token. -func (e *GitHubCopilotExecutor) ensureAPIToken(ctx context.Context, auth *cliproxyauth.Auth) (string, string, error) { - if auth == nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing auth"} - } - - // Get the GitHub access token - accessToken := metaStringValue(auth.Metadata, "access_token") - if accessToken == "" { - return "", "", statusErr{code: http.StatusUnauthorized, msg: "missing github access token"} - } - - // Check for cached API token using thread-safe access - e.mu.RLock() - if cached, ok := e.cache[accessToken]; ok && cached.expiresAt.After(time.Now().Add(tokenExpiryBuffer)) { - e.mu.RUnlock() - return cached.token, cached.apiEndpoint, nil - } - e.mu.RUnlock() - - // Get a new Copilot API token - copilotAuth := copilotauth.NewCopilotAuth(e.cfg) - apiToken, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken) - if err != nil { - return "", "", statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("failed to get copilot api token: %v", err)} - } - - // Use endpoint from token response, fall back to default - apiEndpoint := githubCopilotBaseURL - if apiToken.Endpoints.API != "" { - apiEndpoint = strings.TrimRight(apiToken.Endpoints.API, "/") - } - - // Cache the token with thread-safe access - expiresAt := time.Now().Add(githubCopilotTokenCacheTTL) - if apiToken.ExpiresAt > 0 { - expiresAt = time.Unix(apiToken.ExpiresAt, 0) - } - e.mu.Lock() - e.cache[accessToken] = &cachedAPIToken{ - token: apiToken.Token, - apiEndpoint: apiEndpoint, - expiresAt: expiresAt, - } - e.mu.Unlock() - - return apiToken.Token, apiEndpoint, nil -} - -// applyHeaders sets the required headers for GitHub Copilot API requests. -func (e *GitHubCopilotExecutor) applyHeaders(r *http.Request, apiToken string, body []byte) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiToken) - r.Header.Set("Accept", "application/json") - r.Header.Set("User-Agent", copilotUserAgent) - r.Header.Set("Editor-Version", copilotEditorVersion) - r.Header.Set("Editor-Plugin-Version", copilotPluginVersion) - r.Header.Set("Openai-Intent", copilotOpenAIIntent) - r.Header.Set("Copilot-Integration-Id", copilotIntegrationID) - r.Header.Set("X-Github-Api-Version", copilotGitHubAPIVer) - r.Header.Set("X-Request-Id", uuid.NewString()) - - initiator := "user" - if len(body) > 0 { - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - if role == "assistant" || role == "tool" { - initiator = "agent" - break - } - } - } - } - r.Header.Set("X-Initiator", initiator) -} - -// detectVisionContent checks if the request body contains vision/image content. -// Returns true if the request includes image_url or image type content blocks. -func detectVisionContent(body []byte) bool { - // Parse messages array - messagesResult := gjson.GetBytes(body, "messages") - if !messagesResult.Exists() || !messagesResult.IsArray() { - return false - } - - // Check each message for vision content - for _, message := range messagesResult.Array() { - content := message.Get("content") - - // If content is an array, check each content block - if content.IsArray() { - for _, block := range content.Array() { - blockType := block.Get("type").String() - // Check for image_url or image type - if blockType == "image_url" || blockType == "image" { - return true - } - } - } - } - - return false -} - -// normalizeModel strips the suffix (e.g. "(medium)") from the model name -// before sending to GitHub Copilot, as the upstream API does not accept -// suffixed model identifiers. -func (e *GitHubCopilotExecutor) normalizeModel(model string, body []byte) []byte { - baseModel := thinking.ParseSuffix(model).ModelName - if baseModel != model { - body, _ = sjson.SetBytes(body, "model", baseModel) - } - return body -} - -func useGitHubCopilotResponsesEndpoint(sourceFormat sdktranslator.Format, model string) bool { - if sourceFormat.String() == "openai-response" { - return true - } - baseModel := strings.ToLower(thinking.ParseSuffix(model).ModelName) - return strings.Contains(baseModel, "codex") -} - -// flattenAssistantContent converts assistant message content from array format -// to a joined string. GitHub Copilot requires assistant content as a string; -// sending it as an array causes Claude models to re-answer all previous prompts. -func flattenAssistantContent(body []byte) []byte { - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - result := body - for i, msg := range messages.Array() { - if msg.Get("role").String() != "assistant" { - continue - } - content := msg.Get("content") - if !content.Exists() || !content.IsArray() { - continue - } - // Skip flattening if the content contains non-text blocks (tool_use, thinking, etc.) - hasNonText := false - for _, part := range content.Array() { - if t := part.Get("type").String(); t != "" && t != "text" { - hasNonText = true - break - } - } - if hasNonText { - continue - } - var textParts []string - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - if t := part.Get("text").String(); t != "" { - textParts = append(textParts, t) - } - } - } - joined := strings.Join(textParts, "") - path := fmt.Sprintf("messages.%d.content", i) - result, _ = sjson.SetBytes(result, path, joined) - } - return result -} - -func normalizeGitHubCopilotChatTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - if tool.Get("type").String() != "function" { - continue - } - filtered, _ = sjson.SetRaw(filtered, "-1", tool.Raw) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -func normalizeGitHubCopilotResponsesInput(body []byte) []byte { - input := gjson.GetBytes(body, "input") - if input.Exists() { - // If input is already a string or array, keep it as-is. - if input.Type == gjson.String || input.IsArray() { - return body - } - // Non-string/non-array input: stringify as fallback. - body, _ = sjson.SetBytes(body, "input", input.Raw) - return body - } - - // Convert Claude messages format to OpenAI Responses API input array. - // This preserves the conversation structure (roles, tool calls, tool results) - // which is critical for multi-turn tool-use conversations. - inputArr := "[]" - - // System messages → developer role - if system := gjson.GetBytes(body, "system"); system.Exists() { - var systemParts []string - if system.IsArray() { - for _, part := range system.Array() { - if txt := part.Get("text").String(); txt != "" { - systemParts = append(systemParts, txt) - } - } - } else if system.Type == gjson.String { - systemParts = append(systemParts, system.String()) - } - if len(systemParts) > 0 { - msg := `{"type":"message","role":"developer","content":[]}` - for _, txt := range systemParts { - part := `{"type":"input_text","text":""}` - part, _ = sjson.Set(part, "text", txt) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", msg) - } - } - - // Messages → structured input items - if messages := gjson.GetBytes(body, "messages"); messages.Exists() && messages.IsArray() { - for _, msg := range messages.Array() { - role := msg.Get("role").String() - content := msg.Get("content") - - if !content.Exists() { - continue - } - - // Simple string content - if content.Type == gjson.String { - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", content.String()) - item, _ = sjson.SetRaw(item, "content.-1", part) - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - continue - } - - if !content.IsArray() { - continue - } - - // Array content: split into message parts vs tool items - var msgParts []string - for _, c := range content.Array() { - cType := c.Get("type").String() - switch cType { - case "text": - textType := "input_text" - if role == "assistant" { - textType = "output_text" - } - part := fmt.Sprintf(`{"type":"%s","text":""}`, textType) - part, _ = sjson.Set(part, "text", c.Get("text").String()) - msgParts = append(msgParts, part) - case "image": - source := c.Get("source") - if source.Exists() { - data := source.Get("data").String() - if data == "" { - data = source.Get("base64").String() - } - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = source.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - if data != "" { - part := `{"type":"input_image","image_url":""}` - part, _ = sjson.Set(part, "image_url", fmt.Sprintf("data:%s;base64,%s", mediaType, data)) - msgParts = append(msgParts, part) - } - } - case "tool_use": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fc := `{"type":"function_call","call_id":"","name":"","arguments":""}` - fc, _ = sjson.Set(fc, "call_id", c.Get("id").String()) - fc, _ = sjson.Set(fc, "name", c.Get("name").String()) - if inputRaw := c.Get("input"); inputRaw.Exists() { - fc, _ = sjson.Set(fc, "arguments", inputRaw.Raw) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fc) - case "tool_result": - // Flush any accumulated message parts first - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - msgParts = nil - } - fco := `{"type":"function_call_output","call_id":"","output":""}` - fco, _ = sjson.Set(fco, "call_id", c.Get("tool_use_id").String()) - // Extract output text - resultContent := c.Get("content") - if resultContent.Type == gjson.String { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } else if resultContent.IsArray() { - var resultParts []string - for _, rc := range resultContent.Array() { - if txt := rc.Get("text").String(); txt != "" { - resultParts = append(resultParts, txt) - } - } - fco, _ = sjson.Set(fco, "output", strings.Join(resultParts, "\n")) - } else if resultContent.Exists() { - fco, _ = sjson.Set(fco, "output", resultContent.String()) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", fco) - case "thinking": - // Skip thinking blocks - not part of the API input - } - } - - // Flush remaining message parts - if len(msgParts) > 0 { - item := `{"type":"message","role":"","content":[]}` - item, _ = sjson.Set(item, "role", role) - for _, p := range msgParts { - item, _ = sjson.SetRaw(item, "content.-1", p) - } - inputArr, _ = sjson.SetRaw(inputArr, "-1", item) - } - } - } - - body, _ = sjson.SetRawBytes(body, "input", []byte(inputArr)) - // Remove messages/system since we've converted them to input - body, _ = sjson.DeleteBytes(body, "messages") - body, _ = sjson.DeleteBytes(body, "system") - return body -} - -func normalizeGitHubCopilotResponsesTools(body []byte) []byte { - tools := gjson.GetBytes(body, "tools") - if tools.Exists() { - filtered := "[]" - if tools.IsArray() { - for _, tool := range tools.Array() { - toolType := tool.Get("type").String() - // Accept OpenAI format (type="function") and Claude format - // (no type field, but has top-level name + input_schema). - if toolType != "" && toolType != "function" { - continue - } - name := tool.Get("name").String() - if name == "" { - name = tool.Get("function.name").String() - } - if name == "" { - continue - } - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - if desc := tool.Get("description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } else if desc = tool.Get("function.description").String(); desc != "" { - normalized, _ = sjson.Set(normalized, "description", desc) - } - if params := tool.Get("parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("function.parameters"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } else if params = tool.Get("input_schema"); params.Exists() { - normalized, _ = sjson.SetRaw(normalized, "parameters", params.Raw) - } - filtered, _ = sjson.SetRaw(filtered, "-1", normalized) - } - } - body, _ = sjson.SetRawBytes(body, "tools", []byte(filtered)) - } - - toolChoice := gjson.GetBytes(body, "tool_choice") - if !toolChoice.Exists() { - return body - } - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "auto", "none", "required": - return body - default: - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body - } - } - if toolChoice.Type == gjson.JSON { - choiceType := toolChoice.Get("type").String() - if choiceType == "function" { - name := toolChoice.Get("name").String() - if name == "" { - name = toolChoice.Get("function.name").String() - } - if name != "" { - normalized := `{"type":"function","name":""}` - normalized, _ = sjson.Set(normalized, "name", name) - body, _ = sjson.SetRawBytes(body, "tool_choice", []byte(normalized)) - return body - } - } - } - body, _ = sjson.SetBytes(body, "tool_choice", "auto") - return body -} - -func collectTextFromNode(node gjson.Result) string { - if !node.Exists() { - return "" - } - if node.Type == gjson.String { - return node.String() - } - if node.IsArray() { - var parts []string - for _, item := range node.Array() { - if item.Type == gjson.String { - if text := item.String(); text != "" { - parts = append(parts, text) - } - continue - } - if text := item.Get("text").String(); text != "" { - parts = append(parts, text) - continue - } - if nested := collectTextFromNode(item.Get("content")); nested != "" { - parts = append(parts, nested) - } - } - return strings.Join(parts, "\n") - } - if node.Type == gjson.JSON { - if text := node.Get("text").String(); text != "" { - return text - } - if nested := collectTextFromNode(node.Get("content")); nested != "" { - return nested - } - return node.Raw - } - return node.String() -} - -type githubCopilotResponsesStreamToolState struct { - Index int - ID string - Name string -} - -type githubCopilotResponsesStreamState struct { - MessageStarted bool - MessageStopSent bool - TextBlockStarted bool - TextBlockIndex int - NextContentIndex int - HasToolUse bool - ReasoningActive bool - ReasoningIndex int - OutputIndexToTool map[int]*githubCopilotResponsesStreamToolState - ItemIDToTool map[string]*githubCopilotResponsesStreamToolState -} - -func translateGitHubCopilotResponsesNonStreamToClaude(data []byte) string { - root := gjson.ParseBytes(data) - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("id").String()) - out, _ = sjson.Set(out, "model", root.Get("model").String()) - - hasToolUse := false - if output := root.Get("output"); output.Exists() && output.IsArray() { - for _, item := range output.Array() { - switch item.Get("type").String() { - case "reasoning": - var thinkingText string - if summary := item.Get("summary"); summary.Exists() && summary.IsArray() { - var parts []string - for _, part := range summary.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - if thinkingText == "" { - if content := item.Get("content"); content.Exists() && content.IsArray() { - var parts []string - for _, part := range content.Array() { - if txt := part.Get("text").String(); txt != "" { - parts = append(parts, txt) - } - } - thinkingText = strings.Join(parts, "") - } - } - if thinkingText != "" { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingText) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() && content.IsArray() { - for _, part := range content.Array() { - if part.Get("type").String() != "output_text" { - continue - } - text := part.Get("text").String() - if text == "" { - continue - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - case "function_call": - hasToolUse = true - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolID := item.Get("call_id").String() - if toolID == "" { - toolID = item.Get("id").String() - } - toolUse, _ = sjson.Set(toolUse, "id", toolID) - toolUse, _ = sjson.Set(toolUse, "name", item.Get("name").String()) - if args := item.Get("arguments").String(); args != "" && gjson.Valid(args) { - argObj := gjson.Parse(args) - if argObj.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argObj.Raw) - } - } - out, _ = sjson.SetRaw(out, "content.-1", toolUse) - } - } - } - - inputTokens := root.Get("usage.input_tokens").Int() - outputTokens := root.Get("usage.output_tokens").Int() - cachedTokens := root.Get("usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - if hasToolUse { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else if sr := root.Get("stop_reason").String(); sr == "max_tokens" || sr == "stop" { - out, _ = sjson.Set(out, "stop_reason", sr) - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - return out -} - -func translateGitHubCopilotResponsesStreamToClaude(line []byte, param *any) []string { - if *param == nil { - *param = &githubCopilotResponsesStreamState{ - TextBlockIndex: -1, - OutputIndexToTool: make(map[int]*githubCopilotResponsesStreamToolState), - ItemIDToTool: make(map[string]*githubCopilotResponsesStreamToolState), - } - } - state := (*param).(*githubCopilotResponsesStreamState) - - if !bytes.HasPrefix(line, dataTag) { - return nil - } - payload := bytes.TrimSpace(line[5:]) - if bytes.Equal(payload, []byte("[DONE]")) { - return nil - } - if !gjson.ValidBytes(payload) { - return nil - } - - event := gjson.GetBytes(payload, "type").String() - results := make([]string, 0, 4) - ensureMessageStart := func() { - if state.MessageStarted { - return - } - messageStart := `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}}` - messageStart, _ = sjson.Set(messageStart, "message.id", gjson.GetBytes(payload, "response.id").String()) - messageStart, _ = sjson.Set(messageStart, "message.model", gjson.GetBytes(payload, "response.model").String()) - results = append(results, "event: message_start\ndata: "+messageStart+"\n\n") - state.MessageStarted = true - } - startTextBlockIfNeeded := func() { - if state.TextBlockStarted { - return - } - if state.TextBlockIndex < 0 { - state.TextBlockIndex = state.NextContentIndex - state.NextContentIndex++ - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", state.TextBlockIndex) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - state.TextBlockStarted = true - } - stopTextBlockIfNeeded := func() { - if !state.TextBlockStarted { - return - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", state.TextBlockIndex) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - state.TextBlockStarted = false - state.TextBlockIndex = -1 - } - resolveTool := func(itemID string, outputIndex int) *githubCopilotResponsesStreamToolState { - if itemID != "" { - if tool, ok := state.ItemIDToTool[itemID]; ok { - return tool - } - } - if tool, ok := state.OutputIndexToTool[outputIndex]; ok { - if itemID != "" { - state.ItemIDToTool[itemID] = tool - } - return tool - } - return nil - } - - switch event { - case "response.created": - ensureMessageStart() - case "response.output_text.delta": - ensureMessageStart() - startTextBlockIfNeeded() - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - contentDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - contentDelta, _ = sjson.Set(contentDelta, "index", state.TextBlockIndex) - contentDelta, _ = sjson.Set(contentDelta, "delta.text", delta) - results = append(results, "event: content_block_delta\ndata: "+contentDelta+"\n\n") - } - case "response.reasoning_summary_part.added": - ensureMessageStart() - state.ReasoningActive = true - state.ReasoningIndex = state.NextContentIndex - state.NextContentIndex++ - thinkingStart := `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - thinkingStart, _ = sjson.Set(thinkingStart, "index", state.ReasoningIndex) - results = append(results, "event: content_block_start\ndata: "+thinkingStart+"\n\n") - case "response.reasoning_summary_text.delta": - if state.ReasoningActive { - delta := gjson.GetBytes(payload, "delta").String() - if delta != "" { - thinkingDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - thinkingDelta, _ = sjson.Set(thinkingDelta, "index", state.ReasoningIndex) - thinkingDelta, _ = sjson.Set(thinkingDelta, "delta.thinking", delta) - results = append(results, "event: content_block_delta\ndata: "+thinkingDelta+"\n\n") - } - } - case "response.reasoning_summary_part.done": - if state.ReasoningActive { - thinkingStop := `{"type":"content_block_stop","index":0}` - thinkingStop, _ = sjson.Set(thinkingStop, "index", state.ReasoningIndex) - results = append(results, "event: content_block_stop\ndata: "+thinkingStop+"\n\n") - state.ReasoningActive = false - } - case "response.output_item.added": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - ensureMessageStart() - stopTextBlockIfNeeded() - state.HasToolUse = true - tool := &githubCopilotResponsesStreamToolState{ - Index: state.NextContentIndex, - ID: gjson.GetBytes(payload, "item.call_id").String(), - Name: gjson.GetBytes(payload, "item.name").String(), - } - if tool.ID == "" { - tool.ID = gjson.GetBytes(payload, "item.id").String() - } - state.NextContentIndex++ - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - state.OutputIndexToTool[outputIndex] = tool - if itemID := gjson.GetBytes(payload, "item.id").String(); itemID != "" { - state.ItemIDToTool[itemID] = tool - } - contentBlockStart := `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - contentBlockStart, _ = sjson.Set(contentBlockStart, "index", tool.Index) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.id", tool.ID) - contentBlockStart, _ = sjson.Set(contentBlockStart, "content_block.name", tool.Name) - results = append(results, "event: content_block_start\ndata: "+contentBlockStart+"\n\n") - case "response.output_item.delta": - item := gjson.GetBytes(payload, "item") - if item.Get("type").String() != "function_call" { - break - } - tool := resolveTool(item.Get("id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - partial = item.Get("arguments").String() - } - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.function_call_arguments.delta": - // Copilot sends tool call arguments via this event type (not response.output_item.delta). - // Data format: {"delta":"...", "item_id":"...", "output_index":N, ...} - itemID := gjson.GetBytes(payload, "item_id").String() - outputIndex := int(gjson.GetBytes(payload, "output_index").Int()) - tool := resolveTool(itemID, outputIndex) - if tool == nil { - break - } - partial := gjson.GetBytes(payload, "delta").String() - if partial == "" { - break - } - inputDelta := `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - inputDelta, _ = sjson.Set(inputDelta, "index", tool.Index) - inputDelta, _ = sjson.Set(inputDelta, "delta.partial_json", partial) - results = append(results, "event: content_block_delta\ndata: "+inputDelta+"\n\n") - case "response.output_item.done": - if gjson.GetBytes(payload, "item.type").String() != "function_call" { - break - } - tool := resolveTool(gjson.GetBytes(payload, "item.id").String(), int(gjson.GetBytes(payload, "output_index").Int())) - if tool == nil { - break - } - contentBlockStop := `{"type":"content_block_stop","index":0}` - contentBlockStop, _ = sjson.Set(contentBlockStop, "index", tool.Index) - results = append(results, "event: content_block_stop\ndata: "+contentBlockStop+"\n\n") - case "response.completed": - ensureMessageStart() - stopTextBlockIfNeeded() - if !state.MessageStopSent { - stopReason := "end_turn" - if state.HasToolUse { - stopReason = "tool_use" - } else if sr := gjson.GetBytes(payload, "response.stop_reason").String(); sr == "max_tokens" || sr == "stop" { - stopReason = sr - } - inputTokens := gjson.GetBytes(payload, "response.usage.input_tokens").Int() - outputTokens := gjson.GetBytes(payload, "response.usage.output_tokens").Int() - cachedTokens := gjson.GetBytes(payload, "response.usage.input_tokens_details.cached_tokens").Int() - if cachedTokens > 0 && inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } - messageDelta := `{"type":"message_delta","delta":{"stop_reason":"","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - messageDelta, _ = sjson.Set(messageDelta, "delta.stop_reason", stopReason) - messageDelta, _ = sjson.Set(messageDelta, "usage.input_tokens", inputTokens) - messageDelta, _ = sjson.Set(messageDelta, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - messageDelta, _ = sjson.Set(messageDelta, "usage.cache_read_input_tokens", cachedTokens) - } - results = append(results, "event: message_delta\ndata: "+messageDelta+"\n\n") - results = append(results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - state.MessageStopSent = true - } - } - - return results -} - -// isHTTPSuccess checks if the status code indicates success (2xx). -func isHTTPSuccess(statusCode int) bool { - return statusCode >= 200 && statusCode < 300 -} diff --git a/internal/runtime/executor/github_copilot_executor_test.go b/internal/runtime/executor/github_copilot_executor_test.go deleted file mode 100644 index 77963fbc97..0000000000 --- a/internal/runtime/executor/github_copilot_executor_test.go +++ /dev/null @@ -1,333 +0,0 @@ -package executor - -import ( - "net/http" - "strings" - "testing" - - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestGitHubCopilotNormalizeModel_StripsSuffix(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - model string - wantModel string - }{ - { - name: "suffix stripped", - model: "claude-opus-4.6(medium)", - wantModel: "claude-opus-4.6", - }, - { - name: "no suffix unchanged", - model: "claude-opus-4.6", - wantModel: "claude-opus-4.6", - }, - { - name: "different suffix stripped", - model: "gpt-4o(high)", - wantModel: "gpt-4o", - }, - { - name: "numeric suffix stripped", - model: "gemini-2.5-pro(8192)", - wantModel: "gemini-2.5-pro", - }, - } - - e := &GitHubCopilotExecutor{} - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - - body := []byte(`{"model":"` + tt.model + `","messages":[]}`) - got := e.normalizeModel(tt.model, body) - - gotModel := gjson.GetBytes(got, "model").String() - if gotModel != tt.wantModel { - t.Fatalf("normalizeModel() model = %q, want %q", gotModel, tt.wantModel) - } - }) - } -} - -func TestUseGitHubCopilotResponsesEndpoint_OpenAIResponseSource(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai-response"), "claude-3-5-sonnet") { - t.Fatal("expected openai-response source to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_CodexModel(t *testing.T) { - t.Parallel() - if !useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "gpt-5-codex") { - t.Fatal("expected codex model to use /responses") - } -} - -func TestUseGitHubCopilotResponsesEndpoint_DefaultChat(t *testing.T) { - t.Parallel() - if useGitHubCopilotResponsesEndpoint(sdktranslator.FromString("openai"), "claude-3-5-sonnet") { - t.Fatal("expected default openai source with non-codex model to use /chat/completions") - } -} - -func TestNormalizeGitHubCopilotChatTools_KeepFunctionOnly(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"ok"}},{"type":"code_interpreter"}],"tool_choice":"auto"}`) - got := normalizeGitHubCopilotChatTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tool type = %q, want function", tools[0].Get("type").String()) - } -} - -func TestNormalizeGitHubCopilotChatTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[],"tool_choice":{"type":"function","function":{"name":"x"}}}`) - got := normalizeGitHubCopilotChatTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestNormalizeGitHubCopilotResponsesInput_MissingInputExtractedFromSystemAndMessages(t *testing.T) { - t.Parallel() - body := []byte(`{"system":"sys text","messages":[{"role":"user","content":"user text"},{"role":"assistant","content":[{"type":"text","text":"assistant text"}]}]}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if !in.IsArray() { - t.Fatalf("input type = %v, want array", in.Type) - } - raw := in.Raw - if !strings.Contains(raw, "sys text") || !strings.Contains(raw, "user text") || !strings.Contains(raw, "assistant text") { - t.Fatalf("input = %s, want structured array with all texts", raw) - } - if gjson.GetBytes(got, "messages").Exists() { - t.Fatal("messages should be removed after conversion") - } - if gjson.GetBytes(got, "system").Exists() { - t.Fatal("system should be removed after conversion") - } -} - -func TestNormalizeGitHubCopilotResponsesInput_NonStringInputStringified(t *testing.T) { - t.Parallel() - body := []byte(`{"input":{"foo":"bar"}}`) - got := normalizeGitHubCopilotResponsesInput(body) - in := gjson.GetBytes(got, "input") - if in.Type != gjson.String { - t.Fatalf("input type = %v, want string", in.Type) - } - if !strings.Contains(in.String(), "foo") { - t.Fatalf("input = %q, want stringified object", in.String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenFunctionTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"type":"function","function":{"name":"sum","description":"d","parameters":{"type":"object"}}},{"type":"web_search"}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 1 { - t.Fatalf("tools len = %d, want 1", len(tools)) - } - if tools[0].Get("name").String() != "sum" { - t.Fatalf("tools[0].name = %q, want sum", tools[0].Get("name").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be preserved") - } -} - -func TestNormalizeGitHubCopilotResponsesTools_ClaudeFormatTools(t *testing.T) { - t.Parallel() - body := []byte(`{"tools":[{"name":"Bash","description":"Run commands","input_schema":{"type":"object","properties":{"command":{"type":"string"}},"required":["command"]}},{"name":"Read","description":"Read files","input_schema":{"type":"object","properties":{"path":{"type":"string"}}}}]}`) - got := normalizeGitHubCopilotResponsesTools(body) - tools := gjson.GetBytes(got, "tools").Array() - if len(tools) != 2 { - t.Fatalf("tools len = %d, want 2", len(tools)) - } - if tools[0].Get("type").String() != "function" { - t.Fatalf("tools[0].type = %q, want function", tools[0].Get("type").String()) - } - if tools[0].Get("name").String() != "Bash" { - t.Fatalf("tools[0].name = %q, want Bash", tools[0].Get("name").String()) - } - if tools[0].Get("description").String() != "Run commands" { - t.Fatalf("tools[0].description = %q, want 'Run commands'", tools[0].Get("description").String()) - } - if !tools[0].Get("parameters").Exists() { - t.Fatal("expected parameters to be set from input_schema") - } - if tools[0].Get("parameters.properties.command").Exists() != true { - t.Fatal("expected parameters.properties.command to exist") - } - if tools[1].Get("name").String() != "Read" { - t.Fatalf("tools[1].name = %q, want Read", tools[1].Get("name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_FlattenToolChoiceFunctionObject(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function","function":{"name":"sum"}}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice.type").String() != "function" { - t.Fatalf("tool_choice.type = %q, want function", gjson.GetBytes(got, "tool_choice.type").String()) - } - if gjson.GetBytes(got, "tool_choice.name").String() != "sum" { - t.Fatalf("tool_choice.name = %q, want sum", gjson.GetBytes(got, "tool_choice.name").String()) - } -} - -func TestNormalizeGitHubCopilotResponsesTools_InvalidToolChoiceDowngradeToAuto(t *testing.T) { - t.Parallel() - body := []byte(`{"tool_choice":{"type":"function"}}`) - got := normalizeGitHubCopilotResponsesTools(body) - if gjson.GetBytes(got, "tool_choice").String() != "auto" { - t.Fatalf("tool_choice = %s, want auto", gjson.GetBytes(got, "tool_choice").Raw) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_TextMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_1","model":"gpt-5-codex","output":[{"type":"message","content":[{"type":"output_text","text":"hello"}]}],"usage":{"input_tokens":3,"output_tokens":5}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "type").String() != "message" { - t.Fatalf("type = %q, want message", gjson.Get(out, "type").String()) - } - if gjson.Get(out, "content.0.type").String() != "text" { - t.Fatalf("content.0.type = %q, want text", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.text").String() != "hello" { - t.Fatalf("content.0.text = %q, want hello", gjson.Get(out, "content.0.text").String()) - } -} - -func TestTranslateGitHubCopilotResponsesNonStreamToClaude_ToolUseMapping(t *testing.T) { - t.Parallel() - resp := []byte(`{"id":"resp_2","model":"gpt-5-codex","output":[{"type":"function_call","id":"fc_1","call_id":"call_1","name":"sum","arguments":"{\"a\":1}"}],"usage":{"input_tokens":1,"output_tokens":2}}`) - out := translateGitHubCopilotResponsesNonStreamToClaude(resp) - if gjson.Get(out, "content.0.type").String() != "tool_use" { - t.Fatalf("content.0.type = %q, want tool_use", gjson.Get(out, "content.0.type").String()) - } - if gjson.Get(out, "content.0.name").String() != "sum" { - t.Fatalf("content.0.name = %q, want sum", gjson.Get(out, "content.0.name").String()) - } - if gjson.Get(out, "stop_reason").String() != "tool_use" { - t.Fatalf("stop_reason = %q, want tool_use", gjson.Get(out, "stop_reason").String()) - } -} - -func TestTranslateGitHubCopilotResponsesStreamToClaude_TextLifecycle(t *testing.T) { - t.Parallel() - var param any - - created := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.created","response":{"id":"resp_1","model":"gpt-5-codex"}}`), ¶m) - if len(created) == 0 || !strings.Contains(created[0], "message_start") { - t.Fatalf("created events = %#v, want message_start", created) - } - - delta := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.output_text.delta","delta":"he"}`), ¶m) - joinedDelta := strings.Join(delta, "") - if !strings.Contains(joinedDelta, "content_block_start") || !strings.Contains(joinedDelta, "text_delta") { - t.Fatalf("delta events = %#v, want content_block_start + text_delta", delta) - } - - completed := translateGitHubCopilotResponsesStreamToClaude([]byte(`data: {"type":"response.completed","response":{"usage":{"input_tokens":7,"output_tokens":9}}}`), ¶m) - joinedCompleted := strings.Join(completed, "") - if !strings.Contains(joinedCompleted, "message_delta") || !strings.Contains(joinedCompleted, "message_stop") { - t.Fatalf("completed events = %#v, want message_delta + message_stop", completed) - } -} - -// --- Tests for X-Initiator detection logic (Problem L) --- - -func TestApplyHeaders_XInitiator_UserOnly(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"system","content":"sys"},{"role":"user","content":"hello"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "user" { - t.Fatalf("X-Initiator = %q, want user", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithAssistantAndUserToolResult(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - // Claude Code typical flow: last message is user (tool result), but has assistant in history - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"assistant","content":"I will read the file"},{"role":"user","content":"tool result here"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (assistant exists in messages)", got) - } -} - -func TestApplyHeaders_XInitiator_AgentWithToolRole(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - body := []byte(`{"messages":[{"role":"user","content":"hello"},{"role":"tool","content":"result"}]}`) - e.applyHeaders(req, "token", body) - if got := req.Header.Get("X-Initiator"); got != "agent" { - t.Fatalf("X-Initiator = %q, want agent (tool role exists)", got) - } -} - -// --- Tests for x-github-api-version header (Problem M) --- - -func TestApplyHeaders_GitHubAPIVersion(t *testing.T) { - t.Parallel() - e := &GitHubCopilotExecutor{} - req, _ := http.NewRequest(http.MethodPost, "https://example.com", nil) - e.applyHeaders(req, "token", nil) - if got := req.Header.Get("X-Github-Api-Version"); got != "2025-04-01" { - t.Fatalf("X-Github-Api-Version = %q, want 2025-04-01", got) - } -} - -// --- Tests for vision detection (Problem P) --- - -func TestDetectVisionContent_WithImageURL(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"describe"},{"type":"image_url","image_url":{"url":"data:image/png;base64,abc"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected vision content to be detected") - } -} - -func TestDetectVisionContent_WithImageType(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"image","source":{"data":"abc","media_type":"image/png"}}]}]}`) - if !detectVisionContent(body) { - t.Fatal("expected image type to be detected") - } -} - -func TestDetectVisionContent_NoVision(t *testing.T) { - t.Parallel() - body := []byte(`{"messages":[{"role":"user","content":[{"type":"text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content") - } -} - -func TestDetectVisionContent_NoMessages(t *testing.T) { - t.Parallel() - // After Responses API normalization, messages is removed — detection should return false - body := []byte(`{"input":[{"type":"message","role":"user","content":[{"type":"input_text","text":"hello"}]}]}`) - if detectVisionContent(body) { - t.Fatal("expected no vision content when messages field is absent") - } -} diff --git a/internal/runtime/executor/iflow_executor.go b/internal/runtime/executor/iflow_executor.go deleted file mode 100644 index 8e63d1c94b..0000000000 --- a/internal/runtime/executor/iflow_executor.go +++ /dev/null @@ -1,574 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "crypto/hmac" - "crypto/sha256" - "encoding/hex" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/google/uuid" - iflowauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/iflow" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - iflowDefaultEndpoint = "/chat/completions" - iflowUserAgent = "iFlow-Cli" -) - -// IFlowExecutor executes OpenAI-compatible chat completions against the iFlow API using API keys derived from OAuth. -type IFlowExecutor struct { - cfg *config.Config -} - -// NewIFlowExecutor constructs a new executor instance. -func NewIFlowExecutor(cfg *config.Config) *IFlowExecutor { return &IFlowExecutor{cfg: cfg} } - -// Identifier returns the provider key. -func (e *IFlowExecutor) Identifier() string { return "iflow" } - -// PrepareRequest injects iFlow credentials into the outgoing HTTP request. -func (e *IFlowExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - apiKey, _ := iflowCreds(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - return nil -} - -// HttpRequest injects iFlow credentials into the request and executes it. -func (e *IFlowExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("iflow executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request. -func (e *IFlowExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = fmt.Errorf("iflow executor: missing api key") - return resp, err - } - if baseURL == "" { - baseURL = iflowauth.DefaultAPIBaseURL - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return resp, err - } - - body = preserveReasoningContentInMessages(body) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyIFlowHeaders(httpReq, apiKey, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - // Ensure usage is recorded even if upstream omits usage metadata. - reporter.ensurePublished(ctx) - - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request. -func (e *IFlowExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - apiKey, baseURL := iflowCreds(auth) - if strings.TrimSpace(apiKey) == "" { - err = fmt.Errorf("iflow executor: missing api key") - return nil, err - } - if baseURL == "" { - baseURL = iflowauth.DefaultAPIBaseURL - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "iflow", e.Identifier()) - if err != nil { - return nil, err - } - - body = preserveReasoningContentInMessages(body) - // Ensure tools array exists to avoid provider quirks similar to Qwen's behaviour. - toolsResult := gjson.GetBytes(body, "tools") - if toolsResult.Exists() && toolsResult.IsArray() && len(toolsResult.Array()) == 0 { - body = ensureToolsArray(body) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - endpoint := strings.TrimSuffix(baseURL, "/") + iflowDefaultEndpoint - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyIFlowHeaders(httpReq, apiKey, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: endpoint, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - data, _ := io.ReadAll(httpResp.Body) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - appendAPIResponseChunk(ctx, e.cfg, data) - logWithRequestID(ctx).Debugf("request error, error status: %d error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data)) - err = statusErr{code: httpResp.StatusCode, msg: string(data)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("iflow executor: close response body error: %v", errClose) - } - }() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Guarantee a usage record exists even if the stream never emitted usage data. - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *IFlowExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - enc, err := tokenizerForModel(baseModel) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("iflow executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -// Refresh refreshes OAuth tokens or cookie-based API keys and updates the stored API key. -func (e *IFlowExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("iflow executor: auth is nil") - } - - // Check if this is cookie-based authentication - var cookie string - var email string - if auth.Metadata != nil { - if v, ok := auth.Metadata["cookie"].(string); ok { - cookie = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["email"].(string); ok { - email = strings.TrimSpace(v) - } - } - - // If cookie is present, use cookie-based refresh - if cookie != "" && email != "" { - return e.refreshCookieBased(ctx, auth, cookie, email) - } - - // Otherwise, use OAuth-based refresh - return e.refreshOAuthBased(ctx, auth) -} - -// refreshCookieBased refreshes API key using browser cookie -func (e *IFlowExecutor) refreshCookieBased(ctx context.Context, auth *cliproxyauth.Auth, cookie, email string) (*cliproxyauth.Auth, error) { - log.Debugf("iflow executor: checking refresh need for cookie-based API key for user: %s", email) - - // Get current expiry time from metadata - var currentExpire string - if auth.Metadata != nil { - if v, ok := auth.Metadata["expired"].(string); ok { - currentExpire = strings.TrimSpace(v) - } - } - - // Check if refresh is needed - needsRefresh, _, err := iflowauth.ShouldRefreshAPIKey(currentExpire) - if err != nil { - log.Warnf("iflow executor: failed to check refresh need: %v", err) - // If we can't check, continue with refresh anyway as a safety measure - } else if !needsRefresh { - log.Debugf("iflow executor: no refresh needed for user: %s", email) - return auth, nil - } - - log.Infof("iflow executor: refreshing cookie-based API key for user: %s", email) - - svc := iflowauth.NewIFlowAuth(e.cfg) - keyData, err := svc.RefreshAPIKey(ctx, cookie, email) - if err != nil { - log.Errorf("iflow executor: cookie-based API key refresh failed: %v", err) - return nil, err - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["api_key"] = keyData.APIKey - auth.Metadata["expired"] = keyData.ExpireTime - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.Metadata["cookie"] = cookie - auth.Metadata["email"] = email - - log.Infof("iflow executor: cookie-based API key refreshed successfully, new expiry: %s", keyData.ExpireTime) - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["api_key"] = keyData.APIKey - - return auth, nil -} - -// refreshOAuthBased refreshes tokens using OAuth refresh token -func (e *IFlowExecutor) refreshOAuthBased(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - refreshToken := "" - oldAccessToken := "" - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = strings.TrimSpace(v) - } - if v, ok := auth.Metadata["access_token"].(string); ok { - oldAccessToken = strings.TrimSpace(v) - } - } - if refreshToken == "" { - return auth, nil - } - - // Log the old access token (masked) before refresh - if oldAccessToken != "" { - log.Debugf("iflow executor: refreshing access token, old: %s", util.HideAPIKey(oldAccessToken)) - } - - svc := iflowauth.NewIFlowAuth(e.cfg) - tokenData, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - log.Errorf("iflow executor: token refresh failed: %v", err) - return nil, err - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = tokenData.AccessToken - if tokenData.RefreshToken != "" { - auth.Metadata["refresh_token"] = tokenData.RefreshToken - } - if tokenData.APIKey != "" { - auth.Metadata["api_key"] = tokenData.APIKey - } - auth.Metadata["expired"] = tokenData.Expire - auth.Metadata["type"] = "iflow" - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - - // Log the new access token (masked) after successful refresh - log.Debugf("iflow executor: token refresh successful, new: %s", util.HideAPIKey(tokenData.AccessToken)) - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if tokenData.APIKey != "" { - auth.Attributes["api_key"] = tokenData.APIKey - } - - return auth, nil -} - -func applyIFlowHeaders(r *http.Request, apiKey string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+apiKey) - r.Header.Set("User-Agent", iflowUserAgent) - - // Generate session-id - sessionID := "session-" + generateUUID() - r.Header.Set("session-id", sessionID) - - // Generate timestamp and signature - timestamp := time.Now().UnixMilli() - r.Header.Set("x-iflow-timestamp", fmt.Sprintf("%d", timestamp)) - - signature := createIFlowSignature(iflowUserAgent, sessionID, timestamp, apiKey) - if signature != "" { - r.Header.Set("x-iflow-signature", signature) - } - - if stream { - r.Header.Set("Accept", "text/event-stream") - } else { - r.Header.Set("Accept", "application/json") - } -} - -// createIFlowSignature generates HMAC-SHA256 signature for iFlow API requests. -// The signature payload format is: userAgent:sessionId:timestamp -func createIFlowSignature(userAgent, sessionID string, timestamp int64, apiKey string) string { - if apiKey == "" { - return "" - } - payload := fmt.Sprintf("%s:%s:%d", userAgent, sessionID, timestamp) - h := hmac.New(sha256.New, []byte(apiKey)) - h.Write([]byte(payload)) - return hex.EncodeToString(h.Sum(nil)) -} - -// generateUUID generates a random UUID v4 string. -func generateUUID() string { - return uuid.New().String() -} - -func iflowCreds(a *cliproxyauth.Auth) (apiKey, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := strings.TrimSpace(a.Attributes["api_key"]); v != "" { - apiKey = v - } - if v := strings.TrimSpace(a.Attributes["base_url"]); v != "" { - baseURL = v - } - } - if apiKey == "" && a.Metadata != nil { - if v, ok := a.Metadata["api_key"].(string); ok { - apiKey = strings.TrimSpace(v) - } - } - if baseURL == "" && a.Metadata != nil { - if v, ok := a.Metadata["base_url"].(string); ok { - baseURL = strings.TrimSpace(v) - } - } - return apiKey, baseURL -} - -func ensureToolsArray(body []byte) []byte { - placeholder := `[{"type":"function","function":{"name":"noop","description":"Placeholder tool to stabilise streaming","parameters":{"type":"object"}}}]` - updated, err := sjson.SetRawBytes(body, "tools", []byte(placeholder)) - if err != nil { - return body - } - return updated -} - -// preserveReasoningContentInMessages checks if reasoning_content from assistant messages -// is preserved in conversation history for iFlow models that support thinking. -// This is helpful for multi-turn conversations where the model may benefit from seeing -// its previous reasoning to maintain coherent thought chains. -// -// For GLM-4.6/4.7 and MiniMax M2/M2.1, it is recommended to include the full assistant -// response (including reasoning_content) in message history for better context continuity. -func preserveReasoningContentInMessages(body []byte) []byte { - model := strings.ToLower(gjson.GetBytes(body, "model").String()) - - // Only apply to models that support thinking with history preservation - needsPreservation := strings.HasPrefix(model, "glm-4") || strings.HasPrefix(model, "minimax-m2") - - if !needsPreservation { - return body - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body - } - - // Check if any assistant message already has reasoning_content preserved - hasReasoningContent := false - messages.ForEach(func(_, msg gjson.Result) bool { - role := msg.Get("role").String() - if role == "assistant" { - rc := msg.Get("reasoning_content") - if rc.Exists() && rc.String() != "" { - hasReasoningContent = true - return false // stop iteration - } - } - return true - }) - - // If reasoning content is already present, the messages are properly formatted - // No need to modify - the client has correctly preserved reasoning in history - if hasReasoningContent { - log.Debugf("iflow executor: reasoning_content found in message history for %s", model) - } - - return body -} diff --git a/internal/runtime/executor/iflow_executor_test.go b/internal/runtime/executor/iflow_executor_test.go deleted file mode 100644 index 8ed172b7cd..0000000000 --- a/internal/runtime/executor/iflow_executor_test.go +++ /dev/null @@ -1,67 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" -) - -func TestIFlowExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "glm-4", "glm-4", ""}, - {"glm with suffix", "glm-4.1-flash(high)", "glm-4.1-flash", "high"}, - {"minimax no suffix", "minimax-m2", "minimax-m2", ""}, - {"minimax with suffix", "minimax-m2.1(medium)", "minimax-m2.1", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} - -func TestPreserveReasoningContentInMessages(t *testing.T) { - tests := []struct { - name string - input []byte - want []byte // nil means output should equal input - }{ - { - "non-glm model passthrough", - []byte(`{"model":"gpt-4","messages":[]}`), - nil, - }, - { - "glm model with empty messages", - []byte(`{"model":"glm-4","messages":[]}`), - nil, - }, - { - "glm model preserves existing reasoning_content", - []byte(`{"model":"glm-4","messages":[{"role":"assistant","content":"hi","reasoning_content":"thinking..."}]}`), - nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := preserveReasoningContentInMessages(tt.input) - want := tt.want - if want == nil { - want = tt.input - } - if string(got) != string(want) { - t.Errorf("preserveReasoningContentInMessages() = %s, want %s", got, want) - } - }) - } -} diff --git a/internal/runtime/executor/kilo_executor.go b/internal/runtime/executor/kilo_executor.go deleted file mode 100644 index 9adaa5a942..0000000000 --- a/internal/runtime/executor/kilo_executor.go +++ /dev/null @@ -1,460 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "errors" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// KiloExecutor handles requests to Kilo API. -type KiloExecutor struct { - cfg *config.Config -} - -// NewKiloExecutor creates a new Kilo executor instance. -func NewKiloExecutor(cfg *config.Config) *KiloExecutor { - return &KiloExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiloExecutor) Identifier() string { return "kilo" } - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiloExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiloCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return fmt.Errorf("kilo: missing access token") - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest executes a raw HTTP request. -func (e *KiloExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kilo executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming request. -func (e *KiloExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer httpResp.Body.Close() - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - reporter.ensurePublished(ctx) - - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil -} - -// ExecuteStream performs a streaming request. -func (e *KiloExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kilo: missing access token") - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/api/openrouter/chat/completions" - - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := "https://api.kilo.ai" + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - httpReq.Header.Set("X-Kilocode-OrganizationID", orgID) - } - httpReq.Header.Set("User-Agent", "cli-proxy-kilo") - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - httpResp.Body.Close() - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer httpResp.Body.Close() - - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - reporter.ensurePublished(ctx) - }() - - return &cliproxyexecutor.StreamResult{ - Headers: httpResp.Header.Clone(), - Chunks: out, - }, nil -} - -// Refresh validates the Kilo token. -func (e *KiloExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, fmt.Errorf("missing auth") - } - return auth, nil -} - -// CountTokens returns the token count for the given request. -func (e *KiloExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - return cliproxyexecutor.Response{}, fmt.Errorf("kilo: count tokens not supported") -} - -// kiloCredentials extracts access token and other info from auth. -func kiloCredentials(auth *cliproxyauth.Auth) (accessToken, orgID string) { - if auth == nil { - return "", "" - } - - // Prefer kilocode specific keys, then fall back to generic keys. - // Check metadata first, then attributes. - if auth.Metadata != nil { - if token, ok := auth.Metadata["kilocodeToken"].(string); ok && token != "" { - accessToken = token - } else if token, ok := auth.Metadata["access_token"].(string); ok && token != "" { - accessToken = token - } - - if org, ok := auth.Metadata["kilocodeOrganizationId"].(string); ok && org != "" { - orgID = org - } else if org, ok := auth.Metadata["organization_id"].(string); ok && org != "" { - orgID = org - } - } - - if accessToken == "" && auth.Attributes != nil { - if token := auth.Attributes["kilocodeToken"]; token != "" { - accessToken = token - } else if token := auth.Attributes["access_token"]; token != "" { - accessToken = token - } - } - - if orgID == "" && auth.Attributes != nil { - if org := auth.Attributes["kilocodeOrganizationId"]; org != "" { - orgID = org - } else if org := auth.Attributes["organization_id"]; org != "" { - orgID = org - } - } - - return accessToken, orgID -} - -// FetchKiloModels fetches models from Kilo API. -func FetchKiloModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *config.Config) []*registry.ModelInfo { - accessToken, orgID := kiloCredentials(auth) - if accessToken == "" { - log.Infof("kilo: no access token found, skipping dynamic model fetch (using static kilo/auto)") - return registry.GetKiloModels() - } - - log.Debugf("kilo: fetching dynamic models (orgID: %s)", orgID) - - httpClient := newProxyAwareHTTPClient(ctx, cfg, auth, 0) - req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.kilo.ai/api/openrouter/models", nil) - if err != nil { - log.Warnf("kilo: failed to create model fetch request: %v", err) - return registry.GetKiloModels() - } - - req.Header.Set("Authorization", "Bearer "+accessToken) - if orgID != "" { - req.Header.Set("X-Kilocode-OrganizationID", orgID) - } - req.Header.Set("User-Agent", "cli-proxy-kilo") - - resp, err := httpClient.Do(req) - if err != nil { - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - log.Warnf("kilo: fetch models canceled: %v", err) - } else { - log.Warnf("kilo: using static models (API fetch failed: %v)", err) - } - return registry.GetKiloModels() - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - log.Warnf("kilo: failed to read models response: %v", err) - return registry.GetKiloModels() - } - - if resp.StatusCode != http.StatusOK { - log.Warnf("kilo: fetch models failed: status %d, body: %s", resp.StatusCode, string(body)) - return registry.GetKiloModels() - } - - result := gjson.GetBytes(body, "data") - if !result.Exists() { - // Try root if data field is missing - result = gjson.ParseBytes(body) - if !result.IsArray() { - log.Debugf("kilo: response body: %s", string(body)) - log.Warn("kilo: invalid API response format (expected array or data field with array)") - return registry.GetKiloModels() - } - } - - var dynamicModels []*registry.ModelInfo - now := time.Now().Unix() - count := 0 - totalCount := 0 - - result.ForEach(func(key, value gjson.Result) bool { - totalCount++ - id := value.Get("id").String() - pIdxResult := value.Get("preferredIndex") - preferredIndex := pIdxResult.Int() - - // Filter models where preferredIndex > 0 (Kilo-curated models) - if preferredIndex <= 0 { - return true - } - - // Check if it's free. We look for :free suffix, is_free flag, or zero pricing. - isFree := strings.HasSuffix(id, ":free") || id == "giga-potato" || value.Get("is_free").Bool() - if !isFree { - // Check pricing as fallback - promptPricing := value.Get("pricing.prompt").String() - if promptPricing == "0" || promptPricing == "0.0" { - isFree = true - } - } - - if !isFree { - log.Debugf("kilo: skipping curated paid model: %s", id) - return true - } - - log.Debugf("kilo: found curated model: %s (preferredIndex: %d)", id, preferredIndex) - - dynamicModels = append(dynamicModels, ®istry.ModelInfo{ - ID: id, - DisplayName: value.Get("name").String(), - ContextLength: int(value.Get("context_length").Int()), - OwnedBy: "kilo", - Type: "kilo", - Object: "model", - Created: now, - }) - count++ - return true - }) - - log.Infof("kilo: fetched %d models from API, %d curated free (preferredIndex > 0)", totalCount, count) - if count == 0 && totalCount > 0 { - log.Warn("kilo: no curated free models found (check API response fields)") - } - - staticModels := registry.GetKiloModels() - // Always include kilo/auto (first static model) - allModels := append(staticModels[:1], dynamicModels...) - - return allModels -} diff --git a/internal/runtime/executor/kimi_executor.go b/internal/runtime/executor/kimi_executor.go deleted file mode 100644 index c773b6f091..0000000000 --- a/internal/runtime/executor/kimi_executor.go +++ /dev/null @@ -1,617 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - kimiauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kimi" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// KimiExecutor is a stateless executor for Kimi API using OpenAI-compatible chat completions. -type KimiExecutor struct { - ClaudeExecutor - cfg *config.Config -} - -// NewKimiExecutor creates a new Kimi executor. -func NewKimiExecutor(cfg *config.Config) *KimiExecutor { return &KimiExecutor{cfg: cfg} } - -// Identifier returns the executor identifier. -func (e *KimiExecutor) Identifier() string { return "kimi" } - -// PrepareRequest injects Kimi credentials into the outgoing HTTP request. -func (e *KimiExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token := kimiCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Kimi credentials into the request and executes it. -func (e *KimiExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kimi executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// Execute performs a non-streaming chat completion request to Kimi. -func (e *KimiExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.Execute(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), false) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return resp, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return resp, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyKimiHeadersWithAuth(httpReq, token, false, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -// ExecuteStream performs a streaming chat completion request to Kimi. -func (e *KimiExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - from := opts.SourceFormat - if from.String() == "claude" { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.ExecuteStream(ctx, auth, req, opts) - } - - baseModel := thinking.ParseSuffix(req.Model).ModelName - token := kimiCreds(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := bytes.Clone(originalPayloadSource) - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, bytes.Clone(req.Payload), true) - - // Strip kimi- prefix for upstream API - upstreamModel := stripKimiPrefix(baseModel) - body, err = sjson.SetBytes(body, "model", upstreamModel) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set model in payload: %w", err) - } - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), "kimi", e.Identifier()) - if err != nil { - return nil, err - } - - body, err = sjson.SetBytes(body, "stream_options.include_usage", true) - if err != nil { - return nil, fmt.Errorf("kimi executor: failed to set stream_options in payload: %w", err) - } - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - body, err = normalizeKimiToolMessageLinks(body) - if err != nil { - return nil, err - } - - url := kimiauth.KimiAPIBaseURL + "/v1/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyKimiHeadersWithAuth(httpReq, token, true, auth) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("kimi executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 1_048_576) // 1MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -// CountTokens estimates token count for Kimi requests. -func (e *KimiExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - auth.Attributes["base_url"] = kimiauth.KimiAPIBaseURL - return e.ClaudeExecutor.CountTokens(ctx, auth, req, opts) -} - -func normalizeKimiToolMessageLinks(body []byte) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body, nil - } - - messages := gjson.GetBytes(body, "messages") - if !messages.Exists() || !messages.IsArray() { - return body, nil - } - - out := body - pending := make([]string, 0) - patched := 0 - patchedReasoning := 0 - ambiguous := 0 - latestReasoning := "" - hasLatestReasoning := false - - removePending := func(id string) { - for idx := range pending { - if pending[idx] != id { - continue - } - pending = append(pending[:idx], pending[idx+1:]...) - return - } - } - - msgs := messages.Array() - for msgIdx := range msgs { - msg := msgs[msgIdx] - role := strings.TrimSpace(msg.Get("role").String()) - switch role { - case "assistant": - reasoning := msg.Get("reasoning_content") - if reasoning.Exists() { - reasoningText := reasoning.String() - if strings.TrimSpace(reasoningText) != "" { - latestReasoning = reasoningText - hasLatestReasoning = true - } - } - - toolCalls := msg.Get("tool_calls") - if !toolCalls.Exists() || !toolCalls.IsArray() || len(toolCalls.Array()) == 0 { - continue - } - - if !reasoning.Exists() || strings.TrimSpace(reasoning.String()) == "" { - reasoningText := fallbackAssistantReasoning(msg, hasLatestReasoning, latestReasoning) - path := fmt.Sprintf("messages.%d.reasoning_content", msgIdx) - next, err := sjson.SetBytes(out, path, reasoningText) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set assistant reasoning_content: %w", err) - } - out = next - patchedReasoning++ - } - - for _, tc := range toolCalls.Array() { - id := strings.TrimSpace(tc.Get("id").String()) - if id == "" { - continue - } - pending = append(pending, id) - } - case "tool": - toolCallID := strings.TrimSpace(msg.Get("tool_call_id").String()) - if toolCallID == "" { - toolCallID = strings.TrimSpace(msg.Get("call_id").String()) - if toolCallID != "" { - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to set tool_call_id from call_id: %w", err) - } - out = next - patched++ - } - } - if toolCallID == "" { - if len(pending) == 1 { - toolCallID = pending[0] - path := fmt.Sprintf("messages.%d.tool_call_id", msgIdx) - next, err := sjson.SetBytes(out, path, toolCallID) - if err != nil { - return body, fmt.Errorf("kimi executor: failed to infer tool_call_id: %w", err) - } - out = next - patched++ - } else if len(pending) > 1 { - ambiguous++ - } - } - if toolCallID != "" { - removePending(toolCallID) - } - } - } - - if patched > 0 || patchedReasoning > 0 { - log.WithFields(log.Fields{ - "patched_tool_messages": patched, - "patched_reasoning_messages": patchedReasoning, - }).Debug("kimi executor: normalized tool message fields") - } - if ambiguous > 0 { - log.WithFields(log.Fields{ - "ambiguous_tool_messages": ambiguous, - "pending_tool_calls": len(pending), - }).Warn("kimi executor: tool messages missing tool_call_id with ambiguous candidates") - } - - return out, nil -} - -func fallbackAssistantReasoning(msg gjson.Result, hasLatest bool, latest string) string { - if hasLatest && strings.TrimSpace(latest) != "" { - return latest - } - - content := msg.Get("content") - if content.Type == gjson.String { - if text := strings.TrimSpace(content.String()); text != "" { - return text - } - } - if content.IsArray() { - parts := make([]string, 0, len(content.Array())) - for _, item := range content.Array() { - text := strings.TrimSpace(item.Get("text").String()) - if text == "" { - continue - } - parts = append(parts, text) - } - if len(parts) > 0 { - return strings.Join(parts, "\n") - } - } - - return "[reasoning unavailable]" -} - -// Refresh refreshes the Kimi token using the refresh token. -func (e *KimiExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("kimi executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("kimi executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - client := kimiauth.NewDeviceFlowClientWithDeviceID(e.cfg, resolveKimiDeviceID(auth)) - td, err := client.RefreshToken(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ExpiresAt > 0 { - exp := time.Unix(td.ExpiresAt, 0).UTC().Format(time.RFC3339) - auth.Metadata["expired"] = exp - } - auth.Metadata["type"] = "kimi" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -// applyKimiHeaders sets required headers for Kimi API requests. -// Headers match kimi-cli client for compatibility. -func applyKimiHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - // Match kimi-cli headers exactly - r.Header.Set("User-Agent", "KimiCLI/1.10.6") - r.Header.Set("X-Msh-Platform", "kimi_cli") - r.Header.Set("X-Msh-Version", "1.10.6") - r.Header.Set("X-Msh-Device-Name", getKimiHostname()) - r.Header.Set("X-Msh-Device-Model", getKimiDeviceModel()) - r.Header.Set("X-Msh-Device-Id", getKimiDeviceID()) - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func resolveKimiDeviceIDFromAuth(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return "" - } - - deviceIDRaw, ok := auth.Metadata["device_id"] - if !ok { - return "" - } - - deviceID, ok := deviceIDRaw.(string) - if !ok { - return "" - } - - return strings.TrimSpace(deviceID) -} - -func resolveKimiDeviceIDFromStorage(auth *cliproxyauth.Auth) string { - if auth == nil { - return "" - } - - storage, ok := auth.Storage.(*kimiauth.KimiTokenStorage) - if !ok || storage == nil { - return "" - } - - return strings.TrimSpace(storage.DeviceID) -} - -func resolveKimiDeviceID(auth *cliproxyauth.Auth) string { - deviceID := resolveKimiDeviceIDFromAuth(auth) - if deviceID != "" { - return deviceID - } - return resolveKimiDeviceIDFromStorage(auth) -} - -func applyKimiHeadersWithAuth(r *http.Request, token string, stream bool, auth *cliproxyauth.Auth) { - applyKimiHeaders(r, token, stream) - - if deviceID := resolveKimiDeviceID(auth); deviceID != "" { - r.Header.Set("X-Msh-Device-Id", deviceID) - } -} - -// getKimiHostname returns the machine hostname. -func getKimiHostname() string { - hostname, err := os.Hostname() - if err != nil { - return "unknown" - } - return hostname -} - -// getKimiDeviceModel returns a device model string matching kimi-cli format. -func getKimiDeviceModel() string { - return fmt.Sprintf("%s %s", runtime.GOOS, runtime.GOARCH) -} - -// getKimiDeviceID returns a stable device ID, matching kimi-cli storage location. -func getKimiDeviceID() string { - homeDir, err := os.UserHomeDir() - if err != nil { - return "cli-proxy-api-device" - } - // Check kimi-cli's device_id location first (platform-specific) - var kimiShareDir string - switch runtime.GOOS { - case "darwin": - kimiShareDir = filepath.Join(homeDir, "Library", "Application Support", "kimi") - case "windows": - appData := os.Getenv("APPDATA") - if appData == "" { - appData = filepath.Join(homeDir, "AppData", "Roaming") - } - kimiShareDir = filepath.Join(appData, "kimi") - default: // linux and other unix-like - kimiShareDir = filepath.Join(homeDir, ".local", "share", "kimi") - } - deviceIDPath := filepath.Join(kimiShareDir, "device_id") - if data, err := os.ReadFile(deviceIDPath); err == nil { - return strings.TrimSpace(string(data)) - } - return "cli-proxy-api-device" -} - -// kimiCreds extracts the access token from auth. -func kimiCreds(a *cliproxyauth.Auth) (token string) { - if a == nil { - return "" - } - // Check metadata first (OAuth flow stores tokens here) - if a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return v - } - } - // Fallback to attributes (API key style) - if a.Attributes != nil { - if v := a.Attributes["access_token"]; v != "" { - return v - } - if v := a.Attributes["api_key"]; v != "" { - return v - } - } - return "" -} - -// stripKimiPrefix removes the "kimi-" prefix from model names for the upstream API. -func stripKimiPrefix(model string) string { - model = strings.TrimSpace(model) - if strings.HasPrefix(strings.ToLower(model), "kimi-") { - return model[5:] - } - return model -} diff --git a/internal/runtime/executor/kimi_executor_test.go b/internal/runtime/executor/kimi_executor_test.go deleted file mode 100644 index 210ddb0ef9..0000000000 --- a/internal/runtime/executor/kimi_executor_test.go +++ /dev/null @@ -1,205 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -func TestNormalizeKimiToolMessageLinks_UsesCallIDFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"list_directory:1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","call_id":"list_directory:1","content":"[]"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "list_directory:1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "list_directory:1") - } -} - -func TestNormalizeKimiToolMessageLinks_InferSinglePendingID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_123","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","content":"file-content"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_123" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_123") - } -} - -func TestNormalizeKimiToolMessageLinks_AmbiguousMissingIDIsNotInferred(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}, - {"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}} - ]}, - {"role":"tool","content":"result-without-id"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if gjson.GetBytes(out, "messages.1.tool_call_id").Exists() { - t.Fatalf("messages.1.tool_call_id should be absent for ambiguous case, got %q", gjson.GetBytes(out, "messages.1.tool_call_id").String()) - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingToolCallID(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]}, - {"role":"tool","tool_call_id":"call_1","call_id":"different-id","content":"result"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.tool_call_id").String() - if got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } -} - -func TestNormalizeKimiToolMessageLinks_InheritsPreviousReasoningForAssistantToolCalls(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"plan","reasoning_content":"previous reasoning"}, - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.1.reasoning_content").String() - if got != "previous reasoning" { - t.Fatalf("messages.1.reasoning_content = %q, want %q", got, "previous reasoning") - } -} - -func TestNormalizeKimiToolMessageLinks_InsertsFallbackReasoningWhenMissing(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - reasoning := gjson.GetBytes(out, "messages.0.reasoning_content") - if !reasoning.Exists() { - t.Fatalf("messages.0.reasoning_content should exist") - } - if reasoning.String() != "[reasoning unavailable]" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", reasoning.String(), "[reasoning unavailable]") - } -} - -func TestNormalizeKimiToolMessageLinks_UsesContentAsReasoningFallback(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":[{"type":"text","text":"first line"},{"type":"text","text":"second line"}],"tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}]} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "first line\nsecond line" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "first line\nsecond line") - } -} - -func TestNormalizeKimiToolMessageLinks_ReplacesEmptyReasoningContent(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","content":"assistant summary","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":""} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "assistant summary" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "assistant summary") - } -} - -func TestNormalizeKimiToolMessageLinks_PreservesExistingAssistantReasoning(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"keep me"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - got := gjson.GetBytes(out, "messages.0.reasoning_content").String() - if got != "keep me" { - t.Fatalf("messages.0.reasoning_content = %q, want %q", got, "keep me") - } -} - -func TestNormalizeKimiToolMessageLinks_RepairsIDsAndReasoningTogether(t *testing.T) { - body := []byte(`{ - "messages":[ - {"role":"assistant","tool_calls":[{"id":"call_1","type":"function","function":{"name":"list_directory","arguments":"{}"}}],"reasoning_content":"r1"}, - {"role":"tool","call_id":"call_1","content":"[]"}, - {"role":"assistant","tool_calls":[{"id":"call_2","type":"function","function":{"name":"read_file","arguments":"{}"}}]}, - {"role":"tool","call_id":"call_2","content":"file"} - ] - }`) - - out, err := normalizeKimiToolMessageLinks(body) - if err != nil { - t.Fatalf("normalizeKimiToolMessageLinks() error = %v", err) - } - - if got := gjson.GetBytes(out, "messages.1.tool_call_id").String(); got != "call_1" { - t.Fatalf("messages.1.tool_call_id = %q, want %q", got, "call_1") - } - if got := gjson.GetBytes(out, "messages.3.tool_call_id").String(); got != "call_2" { - t.Fatalf("messages.3.tool_call_id = %q, want %q", got, "call_2") - } - if got := gjson.GetBytes(out, "messages.2.reasoning_content").String(); got != "r1" { - t.Fatalf("messages.2.reasoning_content = %q, want %q", got, "r1") - } -} diff --git a/internal/runtime/executor/kiro_executor.go b/internal/runtime/executor/kiro_executor.go deleted file mode 100644 index 3284e60511..0000000000 --- a/internal/runtime/executor/kiro_executor.go +++ /dev/null @@ -1,4827 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "encoding/base64" - "encoding/binary" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "syscall" - "time" - - "github.com/google/uuid" - kiroauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kiro" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - kiroclaude "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/claude" - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" - kiroopenai "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/openai" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" -) - -const ( - // Kiro API common constants - kiroContentType = "application/json" - kiroAcceptStream = "*/*" - - // Event Stream frame size constants for boundary protection - // AWS Event Stream binary format: prelude (12 bytes) + headers + payload + message_crc (4 bytes) - // Prelude consists of: total_length (4) + headers_length (4) + prelude_crc (4) - minEventStreamFrameSize = 16 // Minimum: 4(total_len) + 4(headers_len) + 4(prelude_crc) + 4(message_crc) - maxEventStreamMsgSize = 10 << 20 // Maximum message length: 10MB - - // Event Stream error type constants - ErrStreamFatal = "fatal" // Connection/authentication errors, not recoverable - ErrStreamMalformed = "malformed" // Format errors, data cannot be parsed - - // kiroUserAgent matches Amazon Q CLI style for User-Agent header - kiroUserAgent = "aws-sdk-rust/1.3.9 os/macos lang/rust/1.87.0" - // kiroFullUserAgent is the complete x-amz-user-agent header (Amazon Q CLI style) - kiroFullUserAgent = "aws-sdk-rust/1.3.9 ua/2.1 api/ssooidc/1.88.0 os/macos lang/rust/1.87.0 m/E app/AmazonQ-For-CLI" - - // Kiro IDE style headers for IDC auth - kiroIDEUserAgent = "aws-sdk-js/1.0.27 ua/2.1 os/win32#10.0.19044 lang/js md/nodejs#22.21.1 api/codewhispererstreaming#1.0.27 m/E" - kiroIDEAmzUserAgent = "aws-sdk-js/1.0.27" - kiroIDEAgentModeVibe = "vibe" - - // Socket retry configuration constants - // Maximum number of retry attempts for socket/network errors - kiroSocketMaxRetries = 3 - // Base delay between retry attempts (uses exponential backoff: delay * 2^attempt) - kiroSocketBaseRetryDelay = 1 * time.Second - // Maximum delay between retry attempts (cap for exponential backoff) - kiroSocketMaxRetryDelay = 30 * time.Second - // First token timeout for streaming responses (how long to wait for first response) - kiroFirstTokenTimeout = 15 * time.Second - // Streaming read timeout (how long to wait between chunks) - kiroStreamingReadTimeout = 300 * time.Second -) - -// retryableHTTPStatusCodes defines HTTP status codes that are considered retryable. -// Based on kiro2Api reference: 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout) -var retryableHTTPStatusCodes = map[int]bool{ - 502: true, // Bad Gateway - upstream server error - 503: true, // Service Unavailable - server temporarily overloaded - 504: true, // Gateway Timeout - upstream server timeout -} - -// Real-time usage estimation configuration -// These control how often usage updates are sent during streaming -var ( - usageUpdateCharThreshold = 5000 // Send usage update every 5000 characters - usageUpdateTimeInterval = 15 * time.Second // Or every 15 seconds, whichever comes first -) - -// Global FingerprintManager for dynamic User-Agent generation per token -// Each token gets a unique fingerprint on first use, which is cached for subsequent requests -var ( - globalFingerprintManager *kiroauth.FingerprintManager - globalFingerprintManagerOnce sync.Once -) - -// getGlobalFingerprintManager returns the global FingerprintManager instance -func getGlobalFingerprintManager() *kiroauth.FingerprintManager { - globalFingerprintManagerOnce.Do(func() { - globalFingerprintManager = kiroauth.NewFingerprintManager() - log.Infof("kiro: initialized global FingerprintManager for dynamic UA generation") - }) - return globalFingerprintManager -} - -// retryConfig holds configuration for socket retry logic. -// Based on kiro2Api Python implementation patterns. -type retryConfig struct { - MaxRetries int // Maximum number of retry attempts - BaseDelay time.Duration // Base delay between retries (exponential backoff) - MaxDelay time.Duration // Maximum delay cap - RetryableErrors []string // List of retryable error patterns - RetryableStatus map[int]bool // HTTP status codes to retry - FirstTokenTmout time.Duration // Timeout for first token in streaming - StreamReadTmout time.Duration // Timeout between stream chunks -} - -// defaultRetryConfig returns the default retry configuration for Kiro socket operations. -func defaultRetryConfig() retryConfig { - return retryConfig{ - MaxRetries: kiroSocketMaxRetries, - BaseDelay: kiroSocketBaseRetryDelay, - MaxDelay: kiroSocketMaxRetryDelay, - RetryableStatus: retryableHTTPStatusCodes, - RetryableErrors: []string{ - "connection reset", - "connection refused", - "broken pipe", - "EOF", - "timeout", - "temporary failure", - "no such host", - "network is unreachable", - "i/o timeout", - }, - FirstTokenTmout: kiroFirstTokenTimeout, - StreamReadTmout: kiroStreamingReadTimeout, - } -} - -// isRetryableError checks if an error is retryable based on error type and message. -// Returns true for network timeouts, connection resets, and temporary failures. -// Based on kiro2Api's retry logic patterns. -func isRetryableError(err error) bool { - if err == nil { - return false - } - - // Check for context cancellation - not retryable - if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - return false - } - - // Check for net.Error (timeout, temporary) - var netErr net.Error - if errors.As(err, &netErr) { - if netErr.Timeout() { - log.Debugf("kiro: isRetryableError: network timeout detected") - return true - } - // Note: Temporary() is deprecated but still useful for some error types - } - - // Check for specific syscall errors (connection reset, broken pipe, etc.) - var syscallErr syscall.Errno - if errors.As(err, &syscallErr) { - switch syscallErr { - case syscall.ECONNRESET: // Connection reset by peer - log.Debugf("kiro: isRetryableError: ECONNRESET detected") - return true - case syscall.ECONNREFUSED: // Connection refused - log.Debugf("kiro: isRetryableError: ECONNREFUSED detected") - return true - case syscall.EPIPE: // Broken pipe - log.Debugf("kiro: isRetryableError: EPIPE (broken pipe) detected") - return true - case syscall.ETIMEDOUT: // Connection timed out - log.Debugf("kiro: isRetryableError: ETIMEDOUT detected") - return true - case syscall.ENETUNREACH: // Network is unreachable - log.Debugf("kiro: isRetryableError: ENETUNREACH detected") - return true - case syscall.EHOSTUNREACH: // No route to host - log.Debugf("kiro: isRetryableError: EHOSTUNREACH detected") - return true - } - } - - // Check for net.OpError wrapping other errors - var opErr *net.OpError - if errors.As(err, &opErr) { - log.Debugf("kiro: isRetryableError: net.OpError detected, op=%s", opErr.Op) - // Recursively check the wrapped error - if opErr.Err != nil { - return isRetryableError(opErr.Err) - } - return true - } - - // Check error message for retryable patterns - errMsg := strings.ToLower(err.Error()) - cfg := defaultRetryConfig() - for _, pattern := range cfg.RetryableErrors { - if strings.Contains(errMsg, pattern) { - log.Debugf("kiro: isRetryableError: pattern '%s' matched in error: %s", pattern, errMsg) - return true - } - } - - // Check for EOF which may indicate connection was closed - if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { - log.Debugf("kiro: isRetryableError: EOF/UnexpectedEOF detected") - return true - } - - return false -} - -// isRetryableHTTPStatus checks if an HTTP status code is retryable. -// Based on kiro2Api: 502, 503, 504 are retryable server errors. -func isRetryableHTTPStatus(statusCode int) bool { - return retryableHTTPStatusCodes[statusCode] -} - -// calculateRetryDelay calculates the delay for the next retry attempt using exponential backoff. -// delay = min(baseDelay * 2^attempt, maxDelay) -// Adds ±30% jitter to prevent thundering herd. -func calculateRetryDelay(attempt int, cfg retryConfig) time.Duration { - return kiroauth.ExponentialBackoffWithJitter(attempt, cfg.BaseDelay, cfg.MaxDelay) -} - -// logRetryAttempt logs a retry attempt with relevant context. -func logRetryAttempt(attempt, maxRetries int, reason string, delay time.Duration, endpoint string) { - log.Warnf("kiro: retry attempt %d/%d for %s, waiting %v before next attempt (endpoint: %s)", - attempt+1, maxRetries, reason, delay, endpoint) -} - -// kiroHTTPClientPool provides a shared HTTP client with connection pooling for Kiro API. -// This reduces connection overhead and improves performance for concurrent requests. -// Based on kiro2Api's connection pooling pattern. -var ( - kiroHTTPClientPool *http.Client - kiroHTTPClientPoolOnce sync.Once -) - -// getKiroPooledHTTPClient returns a shared HTTP client with optimized connection pooling. -// The client is lazily initialized on first use and reused across requests. -// This is especially beneficial for: -// - Reducing TCP handshake overhead -// - Enabling HTTP/2 multiplexing -// - Better handling of keep-alive connections -func getKiroPooledHTTPClient() *http.Client { - kiroHTTPClientPoolOnce.Do(func() { - transport := &http.Transport{ - // Connection pool settings - MaxIdleConns: 100, // Max idle connections across all hosts - MaxIdleConnsPerHost: 20, // Max idle connections per host - MaxConnsPerHost: 50, // Max total connections per host - IdleConnTimeout: 90 * time.Second, // How long idle connections stay in pool - - // Timeouts for connection establishment - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, // TCP connection timeout - KeepAlive: 30 * time.Second, // TCP keep-alive interval - }).DialContext, - - // TLS handshake timeout - TLSHandshakeTimeout: 10 * time.Second, - - // Response header timeout - ResponseHeaderTimeout: 30 * time.Second, - - // Expect 100-continue timeout - ExpectContinueTimeout: 1 * time.Second, - - // Enable HTTP/2 when available - ForceAttemptHTTP2: true, - } - - kiroHTTPClientPool = &http.Client{ - Transport: transport, - // No global timeout - let individual requests set their own timeouts via context - } - - log.Debugf("kiro: initialized pooled HTTP client (MaxIdleConns=%d, MaxIdleConnsPerHost=%d, MaxConnsPerHost=%d)", - transport.MaxIdleConns, transport.MaxIdleConnsPerHost, transport.MaxConnsPerHost) - }) - - return kiroHTTPClientPool -} - -// newKiroHTTPClientWithPooling creates an HTTP client that uses connection pooling when appropriate. -// It respects proxy configuration from auth or config, falling back to the pooled client. -// This provides the best of both worlds: custom proxy support + connection reuse. -func newKiroHTTPClientWithPooling(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - // Check if a proxy is configured - if so, we need a custom client - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // If proxy is configured, use the existing proxy-aware client (doesn't pool) - if proxyURL != "" { - log.Debugf("kiro: using proxy-aware HTTP client (proxy=%s)", proxyURL) - return newProxyAwareHTTPClient(ctx, cfg, auth, timeout) - } - - // No proxy - use pooled client for better performance - pooledClient := getKiroPooledHTTPClient() - - // If timeout is specified, we need to wrap the pooled transport with timeout - if timeout > 0 { - return &http.Client{ - Transport: pooledClient.Transport, - Timeout: timeout, - } - } - - return pooledClient -} - -// kiroEndpointConfig bundles endpoint URL with its compatible Origin and AmzTarget values. -// This solves the "triple mismatch" problem where different endpoints require matching -// Origin and X-Amz-Target header values. -// -// Based on reference implementations: -// - amq2api-main: Uses Amazon Q endpoint with CLI origin and AmazonQDeveloperStreamingService target -// - AIClient-2-API: Uses CodeWhisperer endpoint with AI_EDITOR origin and AmazonCodeWhispererStreamingService target -type kiroEndpointConfig struct { - URL string // Endpoint URL - Origin string // Request Origin: "CLI" for Amazon Q quota, "AI_EDITOR" for Kiro IDE quota - AmzTarget string // X-Amz-Target header value - Name string // Endpoint name for logging -} - -// kiroDefaultRegion is the default AWS region for Kiro API endpoints. -// Used when no region is specified in auth metadata. -const kiroDefaultRegion = "us-east-1" - -// extractRegionFromProfileARN extracts the AWS region from a ProfileARN. -// ARN format: arn:aws:codewhisperer:REGION:ACCOUNT:profile/PROFILE_ID -// Returns empty string if region cannot be extracted. -func extractRegionFromProfileARN(profileArn string) string { - if profileArn == "" { - return "" - } - parts := strings.Split(profileArn, ":") - if len(parts) >= 4 && parts[3] != "" { - return parts[3] - } - return "" -} - -// buildKiroEndpointConfigs creates endpoint configurations for the specified region. -// This enables dynamic region support for Enterprise/IdC users in non-us-east-1 regions. -// -// Uses Q endpoint (q.{region}.amazonaws.com) as primary for ALL auth types: -// - Works universally across all AWS regions (CodeWhisperer endpoint only exists in us-east-1) -// - Uses /generateAssistantResponse path with AI_EDITOR origin -// - Does NOT require X-Amz-Target header -// -// The AmzTarget field is kept for backward compatibility but should be empty -// to indicate that the header should NOT be set. -func buildKiroEndpointConfigs(region string) []kiroEndpointConfig { - if region == "" { - region = kiroDefaultRegion - } - return []kiroEndpointConfig{ - { - // Primary: Q endpoint - works for all regions and auth types - URL: fmt.Sprintf("https://q.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "", // Empty = don't set X-Amz-Target header - Name: "AmazonQ", - }, - { - // Fallback: CodeWhisperer endpoint (legacy, only works in us-east-1) - URL: fmt.Sprintf("https://codewhisperer.%s.amazonaws.com/generateAssistantResponse", region), - Origin: "AI_EDITOR", - AmzTarget: "AmazonCodeWhispererStreamingService.GenerateAssistantResponse", - Name: "CodeWhisperer", - }, - } -} - -// resolveKiroAPIRegion determines the AWS region for Kiro API calls. -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func resolveKiroAPIRegion(auth *cliproxyauth.Auth) string { - if auth == nil || auth.Metadata == nil { - return kiroDefaultRegion - } - // Priority 1: Explicit api_region override - if r, ok := auth.Metadata["api_region"].(string); ok && r != "" { - log.Debugf("kiro: using region %s (source: api_region)", r) - return r - } - // Priority 2: Extract from ProfileARN - if profileArn, ok := auth.Metadata["profile_arn"].(string); ok && profileArn != "" { - if arnRegion := extractRegionFromProfileARN(profileArn); arnRegion != "" { - log.Debugf("kiro: using region %s (source: profile_arn)", arnRegion) - return arnRegion - } - } - // Note: OIDC "region" field is NOT used for API endpoint - // Kiro API only exists in us-east-1, while OIDC region can vary (e.g., ap-northeast-2) - // Using OIDC region for API calls causes DNS failures - log.Debugf("kiro: using region %s (source: default)", kiroDefaultRegion) - return kiroDefaultRegion -} - -// kiroEndpointConfigs is kept for backward compatibility with default us-east-1 region. -// Prefer using buildKiroEndpointConfigs(region) for dynamic region support. -var kiroEndpointConfigs = buildKiroEndpointConfigs(kiroDefaultRegion) - -// getKiroEndpointConfigs returns the list of Kiro API endpoint configurations to try in order. -// Supports dynamic region based on auth metadata "api_region", "profile_arn", or "region" field. -// Supports reordering based on "preferred_endpoint" in auth metadata/attributes. -// -// Region priority: -// 1. auth.Metadata["api_region"] - explicit API region override -// 2. ProfileARN region - extracted from arn:aws:service:REGION:account:resource -// 3. kiroDefaultRegion (us-east-1) - fallback -// Note: OIDC "region" is NOT used - it's for token refresh, not API calls -func getKiroEndpointConfigs(auth *cliproxyauth.Auth) []kiroEndpointConfig { - if auth == nil { - return kiroEndpointConfigs - } - - // Determine API region using shared resolution logic - region := resolveKiroAPIRegion(auth) - - // Build endpoint configs for the specified region - endpointConfigs := buildKiroEndpointConfigs(region) - - // For IDC auth, use Q endpoint with AI_EDITOR origin - // IDC tokens work with Q endpoint using Bearer auth - // The difference is only in how tokens are refreshed (OIDC with clientId/clientSecret for IDC) - // NOT in how API calls are made - both Social and IDC use the same endpoint/origin - if auth.Metadata != nil { - authMethod, _ := auth.Metadata["auth_method"].(string) - if strings.ToLower(authMethod) == "idc" { - log.Debugf("kiro: IDC auth, using Q endpoint (region: %s)", region) - return endpointConfigs - } - } - - // Check for preference - var preference string - if auth.Metadata != nil { - if p, ok := auth.Metadata["preferred_endpoint"].(string); ok { - preference = p - } - } - // Check attributes as fallback (e.g. from HTTP headers) - if preference == "" && auth.Attributes != nil { - preference = auth.Attributes["preferred_endpoint"] - } - - if preference == "" { - return endpointConfigs - } - - preference = strings.ToLower(strings.TrimSpace(preference)) - - // Create new slice to avoid modifying global state - var sorted []kiroEndpointConfig - var remaining []kiroEndpointConfig - - for _, cfg := range endpointConfigs { - name := strings.ToLower(cfg.Name) - // Check for matches - // CodeWhisperer aliases: codewhisperer, ide - // AmazonQ aliases: amazonq, q, cli - isMatch := false - if (preference == "codewhisperer" || preference == "ide") && name == "codewhisperer" { - isMatch = true - } else if (preference == "amazonq" || preference == "q" || preference == "cli") && name == "amazonq" { - isMatch = true - } - - if isMatch { - sorted = append(sorted, cfg) - } else { - remaining = append(remaining, cfg) - } - } - - // If preference didn't match anything, return default - if len(sorted) == 0 { - return endpointConfigs - } - - // Combine: preferred first, then others - return append(sorted, remaining...) -} - -// KiroExecutor handles requests to AWS CodeWhisperer (Kiro) API. -type KiroExecutor struct { - cfg *config.Config - refreshMu sync.Mutex // Serializes token refresh operations to prevent race conditions -} - -// isIDCAuth checks if the auth uses IDC (Identity Center) authentication method. -func isIDCAuth(auth *cliproxyauth.Auth) bool { - if auth == nil || auth.Metadata == nil { - return false - } - authMethod, _ := auth.Metadata["auth_method"].(string) - return strings.ToLower(authMethod) == "idc" -} - -// buildKiroPayloadForFormat builds the Kiro API payload based on the source format. -// This is critical because OpenAI and Claude formats have different tool structures: -// - OpenAI: tools[].function.name, tools[].function.description -// - Claude: tools[].name, tools[].description -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// Returns the serialized JSON payload and a boolean indicating whether thinking mode was injected. -func buildKiroPayloadForFormat(body []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, sourceFormat sdktranslator.Format, headers http.Header) ([]byte, bool) { - switch sourceFormat.String() { - case "openai": - log.Debugf("kiro: using OpenAI payload builder for source format: %s", sourceFormat.String()) - return kiroopenai.BuildKiroPayloadFromOpenAI(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - case "kiro": - // Body is already in Kiro format — pass through directly - log.Debugf("kiro: body already in Kiro format, passing through directly") - return body, false - default: - // Default to Claude format - log.Debugf("kiro: using Claude payload builder for source format: %s", sourceFormat.String()) - return kiroclaude.BuildKiroPayload(body, modelID, profileArn, origin, isAgentic, isChatOnly, headers, nil) - } -} - -// NewKiroExecutor creates a new Kiro executor instance. -func NewKiroExecutor(cfg *config.Config) *KiroExecutor { - return &KiroExecutor{cfg: cfg} -} - -// Identifier returns the unique identifier for this executor. -func (e *KiroExecutor) Identifier() string { return "kiro" } - -// applyDynamicFingerprint applies token-specific fingerprint headers to the request -// For IDC auth, uses dynamic fingerprint-based User-Agent -// For other auth types, uses static Amazon Q CLI style headers -func applyDynamicFingerprint(req *http.Request, auth *cliproxyauth.Auth) { - if isIDCAuth(auth) { - // Get token-specific fingerprint for dynamic UA generation - tokenKey := getTokenKey(auth) - fp := getGlobalFingerprintManager().GetFingerprint(tokenKey) - - // Use fingerprint-generated dynamic User-Agent - req.Header.Set("User-Agent", fp.BuildUserAgent()) - req.Header.Set("X-Amz-User-Agent", fp.BuildAmzUserAgent()) - req.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - - log.Debugf("kiro: using dynamic fingerprint for token %s (SDK:%s, OS:%s/%s, Kiro:%s)", - tokenKey[:8]+"...", fp.SDKVersion, fp.OSType, fp.OSVersion, fp.KiroVersion) - } else { - // Use static Amazon Q CLI style headers for non-IDC auth - req.Header.Set("User-Agent", kiroUserAgent) - req.Header.Set("X-Amz-User-Agent", kiroFullUserAgent) - } -} - -// PrepareRequest prepares the HTTP request before execution. -func (e *KiroExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - accessToken, _ := kiroCredentials(auth) - if strings.TrimSpace(accessToken) == "" { - return statusErr{code: http.StatusUnauthorized, msg: "missing access token"} - } - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(req, auth) - - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - req.Header.Set("Authorization", "Bearer "+accessToken) - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects Kiro credentials into the request and executes it. -func (e *KiroExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("kiro executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if errPrepare := e.PrepareRequest(httpReq, auth); errPrepare != nil { - return nil, errPrepare - } - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -// getTokenKey returns a unique key for rate limiting based on auth credentials. -// Uses auth ID if available, otherwise falls back to a hash of the access token. -func getTokenKey(auth *cliproxyauth.Auth) string { - if auth != nil && auth.ID != "" { - return auth.ID - } - accessToken, _ := kiroCredentials(auth) - if len(accessToken) > 16 { - return accessToken[:16] - } - return accessToken -} - -// Execute sends the request to Kiro API and returns the response. -// Supports automatic token refresh on 401/403 errors. -func (e *KiroExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return resp, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return resp, fmt.Errorf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh), expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request (non-stream), routing to MCP endpoint") - return e.handleWebSearch(ctx, auth, req, opts, accessToken, profileArn) - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeWithRetry for each endpoint - resp, err = e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, nil, body, from, to, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} - -// executeWithRetry performs the actual HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, kiroPayload, body []byte, from, to sdktranslator.Format, reporter *usageReporter, currentOrigin, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (cliproxyexecutor.Response, error) { - var resp cliproxyexecutor.Response - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first request (not on retries) - // This mimics natural user behavior patterns - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return resp, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 120*time.Second) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - // Check for context cancellation first - client disconnected, not a server error - // Use 499 (Client Closed Request - nginx convention) instead of 500 - if errors.Is(err, context.Canceled) { - log.Debugf("kiro: request canceled by client (context.Canceled)") - return resp, statusErr{code: 499, msg: "client canceled request"} - } - - // Check for context deadline exceeded - request timed out - // Return 504 Gateway Timeout instead of 500 - if errors.Is(err, context.DeadlineExceeded) { - log.Debugf("kiro: request timed out (context.DeadlineExceeded)") - return resp, statusErr{code: http.StatusGatewayTimeout, msg: "upstream request timed out"} - } - - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return resp, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: server error %d after %d retries", httpResp.StatusCode, maxRetries) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro request error, status: 401, body: %s", summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - respBodyStr := string(respBody) - - // Check for SUSPENDED status - return immediately without retry - if strings.Contains(respBodyStr, "SUSPENDED") || strings.Contains(respBodyStr, "TEMPORARILY_SUSPENDED") { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return resp, statusErr{code: httpResp.StatusCode, msg: "account suspended: " + string(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return resp, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro request error, status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return resp, err - } - - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - content, toolUses, usageInfo, stopReason, err := e.parseEventStream(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - - // Fallback for usage if missing from upstream - - // 1. Estimate InputTokens if missing - if usageInfo.InputTokens == 0 { - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if inp, countErr := countOpenAIChatTokens(enc, opts.OriginalRequest); countErr == nil { - usageInfo.InputTokens = inp - } - } - } - - // 2. Estimate OutputTokens if missing and content is available - if usageInfo.OutputTokens == 0 && len(content) > 0 { - // Use tiktoken for more accurate output token calculation - if enc, encErr := getTokenizer(req.Model); encErr == nil { - if tokenCount, countErr := enc.Count(content); countErr == nil { - usageInfo.OutputTokens = int64(tokenCount) - } - } - // Fallback to character count estimation if tiktoken fails - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = int64(len(content) / 4) - if usageInfo.OutputTokens == 0 { - usageInfo.OutputTokens = 1 - } - } - } - - // 3. Update TotalTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - appendAPIResponseChunk(ctx, e.cfg, []byte(content)) - reporter.publish(ctx, usageInfo) - - // Record success for rate limiting - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: request successful, token %s marked as success", tokenKey) - - // Build response in Claude format for Kiro translator - // stopReason is extracted from upstream response by parseEventStream - requestedModel := payloadRequestedModel(opts, req.Model) - kiroResponse := kiroclaude.BuildClaudeResponse(content, toolUses, requestedModel, usageInfo, stopReason) - out := sdktranslator.TranslateNonStream(ctx, to, from, requestedModel, bytes.Clone(opts.OriginalRequest), body, kiroResponse, nil) - resp = cliproxyexecutor.Response{Payload: []byte(out)} - return resp, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return resp, last429Err - } - return resp, fmt.Errorf("kiro: all endpoints exhausted") -} - -// ExecuteStream handles streaming requests to Kiro API. -// Supports automatic token refresh on 401/403 errors and quota fallback on 429. -func (e *KiroExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - accessToken, profileArn := kiroCredentials(auth) - if accessToken == "" { - return nil, fmt.Errorf("kiro: access token not found in auth") - } - - // Rate limiting: get token key for tracking - tokenKey := getTokenKey(auth) - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - - // Check if token is in cooldown period - if cooldownMgr.IsInCooldown(tokenKey) { - remaining := cooldownMgr.GetRemainingCooldown(tokenKey) - reason := cooldownMgr.GetCooldownReason(tokenKey) - log.Warnf("kiro: token %s is in cooldown (reason: %s), remaining: %v", tokenKey, reason, remaining) - return nil, fmt.Errorf("kiro: token is in cooldown for %v (reason: %s)", remaining, reason) - } - - // Wait for rate limiter before proceeding - log.Debugf("kiro: stream waiting for rate limiter for token %s", tokenKey) - rateLimiter.WaitForToken(tokenKey) - log.Debugf("kiro: stream rate limiter cleared for token %s", tokenKey) - - // Check if token is expired before making request (covers both normal and web_search paths) - if e.isTokenExpired(accessToken) { - log.Infof("kiro: access token expired, attempting recovery before stream request") - - // 方案 B: 先尝试从文件重新加载 token(后台刷新器可能已更新文件) - reloadedAuth, reloadErr := e.reloadAuthFromFile(auth) - if reloadErr == nil && reloadedAuth != nil { - // 文件中有更新的 token,使用它 - auth = reloadedAuth - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: recovered token from file (background refresh) for stream, expires_at: %v", auth.Metadata["expires_at"]) - } else { - // 文件中的 token 也过期了,执行主动刷新 - log.Debugf("kiro: file reload failed (%v), attempting active refresh for stream", reloadErr) - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Warnf("kiro: pre-request token refresh failed: %v", refreshErr) - } else if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - } - accessToken, profileArn = kiroCredentials(auth) - log.Infof("kiro: token refreshed successfully before stream request") - } - } - } - - // Check for pure web_search request - // Route to MCP endpoint instead of normal Kiro API - if kiroclaude.HasWebSearchTool(req.Payload) { - log.Infof("kiro: detected pure web_search request, routing to MCP endpoint") - streamWebSearch, errWebSearch := e.handleWebSearchStream(ctx, auth, req, opts, accessToken, profileArn) - if errWebSearch != nil { - return nil, errWebSearch - } - return &cliproxyexecutor.StreamResult{Chunks: streamWebSearch}, nil - } - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - - // Determine agentic mode and effective profile ARN using helper functions - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - // Execute stream with retry on 401/403 and 429 (quota exhausted) - // Note: currentOrigin and kiroPayload are built inside executeStreamWithRetry for each endpoint - streamKiro, errStreamKiro := e.executeStreamWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, nil, body, from, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey) - if errStreamKiro != nil { - return nil, errStreamKiro - } - return &cliproxyexecutor.StreamResult{Chunks: streamKiro}, nil -} - -// executeStreamWithRetry performs the streaming HTTP request with automatic retry on auth errors. -// Supports automatic fallback between endpoints with different quotas: -// - Amazon Q endpoint (CLI origin) uses Amazon Q Developer quota -// - CodeWhisperer endpoint (AI_EDITOR origin) uses Kiro IDE quota -// Also supports multi-endpoint fallback similar to Antigravity implementation. -// tokenKey is used for rate limiting and cooldown tracking. -func (e *KiroExecutor) executeStreamWithRetry(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options, accessToken, profileArn string, kiroPayload, body []byte, from sdktranslator.Format, reporter *usageReporter, currentOrigin, kiroModelID string, isAgentic, isChatOnly bool, tokenKey string) (<-chan cliproxyexecutor.StreamChunk, error) { - maxRetries := 2 // Allow retries for token refresh + endpoint fallback - rateLimiter := kiroauth.GetGlobalRateLimiter() - cooldownMgr := kiroauth.GetGlobalCooldownManager() - endpointConfigs := getKiroEndpointConfigs(auth) - var last429Err error - - for endpointIdx := 0; endpointIdx < len(endpointConfigs); endpointIdx++ { - endpointConfig := endpointConfigs[endpointIdx] - url := endpointConfig.URL - // Use this endpoint's compatible Origin (critical for avoiding 403 errors) - currentOrigin = endpointConfig.Origin - - // Rebuild payload with the correct origin for this endpoint - // Each endpoint requires its matching Origin value in the request body - kiroPayload, thinkingEnabled := buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - - log.Debugf("kiro: stream trying endpoint %d/%d: %s (Name: %s, Origin: %s)", - endpointIdx+1, len(endpointConfigs), url, endpointConfig.Name, currentOrigin) - - for attempt := 0; attempt <= maxRetries; attempt++ { - // Apply human-like delay before first streaming request (not on retries) - // This mimics natural user behavior patterns - // Note: Delay is NOT applied during streaming response - only before initial request - if attempt == 0 && endpointIdx == 0 { - kiroauth.ApplyHumanLikeDelay() - } - - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(kiroPayload)) - if err != nil { - return nil, err - } - - httpReq.Header.Set("Content-Type", kiroContentType) - httpReq.Header.Set("Accept", kiroAcceptStream) - // Only set X-Amz-Target if specified (Q endpoint doesn't require it) - if endpointConfig.AmzTarget != "" { - httpReq.Header.Set("X-Amz-Target", endpointConfig.AmzTarget) - } - // Kiro-specific headers - httpReq.Header.Set("x-amzn-kiro-agent-mode", kiroIDEAgentModeVibe) - httpReq.Header.Set("x-amzn-codewhisperer-optout", "true") - - // Apply dynamic fingerprint-based headers - applyDynamicFingerprint(httpReq, auth) - - httpReq.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - httpReq.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // Bearer token authentication for all auth types (Builder ID, IDC, social, etc.) - httpReq.Header.Set("Authorization", "Bearer "+accessToken) - - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: kiroPayload, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - - // Enhanced socket retry for streaming: Check if error is retryable (network timeout, connection reset, etc.) - retryCfg := defaultRetryConfig() - if isRetryableError(err) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream socket error: %v", err), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } - - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - - // Handle 429 errors (quota exhausted) - try next endpoint - // Each endpoint has its own quota pool, so we can try different endpoints - if httpResp.StatusCode == 429 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Record failure and set cooldown for 429 - rateLimiter.MarkTokenFailed(tokenKey) - cooldownDuration := kiroauth.CalculateCooldownFor429(attempt) - cooldownMgr.SetCooldown(tokenKey, cooldownDuration, kiroauth.CooldownReason429) - log.Warnf("kiro: stream rate limit hit (429), token %s set to cooldown for %v", tokenKey, cooldownDuration) - - // Preserve last 429 so callers can correctly backoff when all endpoints are exhausted - last429Err = statusErr{code: httpResp.StatusCode, msg: string(respBody)} - - log.Warnf("kiro: stream %s endpoint quota exhausted (429), will try next endpoint, body: %s", - endpointConfig.Name, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // Break inner retry loop to try next endpoint (which has different quota) - break - } - - // Handle 5xx server errors with exponential backoff retry - // Enhanced: Use retryConfig for consistent retry behavior - if httpResp.StatusCode >= 500 && httpResp.StatusCode < 600 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - retryCfg := defaultRetryConfig() - // Check if this specific 5xx code is retryable (502, 503, 504) - if isRetryableHTTPStatus(httpResp.StatusCode) && attempt < retryCfg.MaxRetries { - delay := calculateRetryDelay(attempt, retryCfg) - logRetryAttempt(attempt, retryCfg.MaxRetries, fmt.Sprintf("stream HTTP %d", httpResp.StatusCode), delay, endpointConfig.Name) - time.Sleep(delay) - continue - } else if attempt < maxRetries { - // Fallback for other 5xx errors (500, 501, etc.) - backoff := time.Duration(1< 30*time.Second { - backoff = 30 * time.Second - } - log.Warnf("kiro: stream server error %d, retrying in %v (attempt %d/%d)", httpResp.StatusCode, backoff, attempt+1, maxRetries) - time.Sleep(backoff) - continue - } - log.Errorf("kiro: stream server error %d after %d retries", httpResp.StatusCode, maxRetries) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 400 errors - Credential/Validation issues - // Do NOT switch endpoints - return error immediately - if httpResp.StatusCode == 400 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: received 400 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, summarizeErrorBody(httpResp.Header.Get("Content-Type"), respBody)) - - // 400 errors indicate request validation issues - return immediately without retry - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 401 errors with token refresh and retry - // 401 = Unauthorized (token expired/invalid) - refresh token - if httpResp.StatusCode == 401 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 401 error, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - // Rebuild payload with new profile ARN if changed - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - if attempt < maxRetries { - log.Infof("kiro: token refreshed successfully, retrying stream request (attempt %d/%d)", attempt+1, maxRetries+1) - continue - } - log.Infof("kiro: token refreshed successfully, no retries remaining") - } - - log.Warnf("kiro stream error, status: 401, body: %s", string(respBody)) - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 402 errors - Monthly Limit Reached - if httpResp.StatusCode == 402 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - log.Warnf("kiro: stream received 402 (monthly limit). Upstream body: %s", string(respBody)) - - // Return upstream error body directly - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - // Handle 403 errors - Access Denied / Token Expired - // Do NOT switch endpoints for 403 errors - if httpResp.StatusCode == 403 { - respBody, _ := io.ReadAll(httpResp.Body) - _ = httpResp.Body.Close() - appendAPIResponseChunk(ctx, e.cfg, respBody) - - // Log the 403 error details for debugging - log.Warnf("kiro: stream received 403 error (attempt %d/%d), body: %s", attempt+1, maxRetries+1, string(respBody)) - - respBodyStr := string(respBody) - - // Check for SUSPENDED status - return immediately without retry - if strings.Contains(respBodyStr, "SUSPENDED") || strings.Contains(respBodyStr, "TEMPORARILY_SUSPENDED") { - // Set long cooldown for suspended accounts - rateLimiter.CheckAndMarkSuspended(tokenKey, respBodyStr) - cooldownMgr.SetCooldown(tokenKey, kiroauth.LongCooldown, kiroauth.CooldownReasonSuspended) - log.Errorf("kiro: stream account is suspended, token %s set to cooldown for %v", tokenKey, kiroauth.LongCooldown) - return nil, statusErr{code: httpResp.StatusCode, msg: "account suspended: " + string(respBody)} - } - - // Check if this looks like a token-related 403 (some APIs return 403 for expired tokens) - isTokenRelated := strings.Contains(respBodyStr, "token") || - strings.Contains(respBodyStr, "expired") || - strings.Contains(respBodyStr, "invalid") || - strings.Contains(respBodyStr, "unauthorized") - - if isTokenRelated && attempt < maxRetries { - log.Warnf("kiro: 403 appears token-related, attempting token refresh") - refreshedAuth, refreshErr := e.Refresh(ctx, auth) - if refreshErr != nil { - log.Errorf("kiro: token refresh failed: %v", refreshErr) - // Token refresh failed - return error immediately - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - if refreshedAuth != nil { - auth = refreshedAuth - // Persist the refreshed auth to file so subsequent requests use it - if persistErr := e.persistRefreshedAuth(auth); persistErr != nil { - log.Warnf("kiro: failed to persist refreshed auth: %v", persistErr) - // Continue anyway - the token is valid for this request - } - accessToken, profileArn = kiroCredentials(auth) - kiroPayload, _ = buildKiroPayloadForFormat(body, kiroModelID, profileArn, currentOrigin, isAgentic, isChatOnly, from, opts.Headers) - log.Infof("kiro: token refreshed for 403, retrying stream request") - continue - } - } - - // For non-token 403 or after max retries, return error immediately - // Do NOT switch endpoints for 403 errors - log.Warnf("kiro: 403 error, returning immediately (no endpoint switch)") - return nil, statusErr{code: httpResp.StatusCode, msg: string(respBody)} - } - - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - log.Debugf("kiro stream error, status: %d, body: %s", httpResp.StatusCode, string(b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - return nil, statusErr{code: httpResp.StatusCode, msg: string(b)} - } - - out := make(chan cliproxyexecutor.StreamChunk) - - // Record success immediately since connection was established successfully - // Streaming errors will be handled separately - rateLimiter.MarkTokenSuccess(tokenKey) - log.Debugf("kiro: stream request successful, token %s marked as success", tokenKey) - - go func(resp *http.Response, thinkingEnabled bool) { - defer close(out) - defer func() { - if r := recover(); r != nil { - log.Errorf("kiro: panic in stream handler: %v", r) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("internal error: %v", r)} - } - }() - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - // Kiro API always returns tags regardless of request parameters - // So we always enable thinking parsing for Kiro responses - log.Debugf("kiro: stream thinkingEnabled = %v (always true for Kiro)", thinkingEnabled) - - e.streamToChannel(ctx, resp.Body, out, from, payloadRequestedModel(opts, req.Model), opts.OriginalRequest, body, reporter, thinkingEnabled) - }(httpResp, thinkingEnabled) - - return out, nil - } - // Inner retry loop exhausted for this endpoint, try next endpoint - // Note: This code is unreachable because all paths in the inner loop - // either return or continue. Kept as comment for documentation. - } - - // All endpoints exhausted - if last429Err != nil { - return nil, last429Err - } - return nil, fmt.Errorf("kiro: stream all endpoints exhausted") -} - -// kiroCredentials extracts access token and profile ARN from auth. -func kiroCredentials(auth *cliproxyauth.Auth) (accessToken, profileArn string) { - if auth == nil { - return "", "" - } - - // Try Metadata first (wrapper format) - if auth.Metadata != nil { - if token, ok := auth.Metadata["access_token"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profile_arn"].(string); ok { - profileArn = arn - } - } - - // Try Attributes - if accessToken == "" && auth.Attributes != nil { - accessToken = auth.Attributes["access_token"] - profileArn = auth.Attributes["profile_arn"] - } - - // Try direct fields from flat JSON format (new AWS Builder ID format) - if accessToken == "" && auth.Metadata != nil { - if token, ok := auth.Metadata["accessToken"].(string); ok { - accessToken = token - } - if arn, ok := auth.Metadata["profileArn"].(string); ok { - profileArn = arn - } - } - - return accessToken, profileArn -} - -// findRealThinkingEndTag finds the real end tag, skipping false positives. -// Returns -1 if no real end tag is found. -// -// Real tags from Kiro API have specific characteristics: -// - Usually preceded by newline (.\n) -// - Usually followed by newline (\n\n) -// - Not inside code blocks or inline code -// -// False positives (discussion text) have characteristics: -// - In the middle of a sentence -// - Preceded by discussion words like "标签", "tag", "returns" -// - Inside code blocks or inline code -// -// Parameters: -// - content: the content to search in -// - alreadyInCodeBlock: whether we're already inside a code block from previous chunks -// - alreadyInInlineCode: whether we're already inside inline code from previous chunks -func findRealThinkingEndTag(content string, alreadyInCodeBlock, alreadyInInlineCode bool) int { - searchStart := 0 - for { - endIdx := strings.Index(content[searchStart:], kirocommon.ThinkingEndTag) - if endIdx < 0 { - return -1 - } - endIdx += searchStart // Adjust to absolute position - - textBeforeEnd := content[:endIdx] - textAfterEnd := content[endIdx+len(kirocommon.ThinkingEndTag):] - - // Check 1: Is it inside inline code? - // Count backticks in current content and add state from previous chunks - backtickCount := strings.Count(textBeforeEnd, "`") - effectiveInInlineCode := alreadyInInlineCode - if backtickCount%2 == 1 { - effectiveInInlineCode = !effectiveInInlineCode - } - if effectiveInInlineCode { - log.Debugf("kiro: found inside inline code at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - - // Check 2: Is it inside a code block? - // Count fences in current content and add state from previous chunks - fenceCount := strings.Count(textBeforeEnd, "```") - altFenceCount := strings.Count(textBeforeEnd, "~~~") - effectiveInCodeBlock := alreadyInCodeBlock - if fenceCount%2 == 1 || altFenceCount%2 == 1 { - effectiveInCodeBlock = !effectiveInCodeBlock - } - if effectiveInCodeBlock { - log.Debugf("kiro: found inside code block at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - - // Check 3: Real tags are usually preceded by newline or at start - // and followed by newline or at end. Check the format. - charBeforeTag := byte(0) - if endIdx > 0 { - charBeforeTag = content[endIdx-1] - } - charAfterTag := byte(0) - if len(textAfterEnd) > 0 { - charAfterTag = textAfterEnd[0] - } - - // Real end tag format: preceded by newline OR end of sentence (. ! ?) - // and followed by newline OR end of content - isPrecededByNewlineOrSentenceEnd := charBeforeTag == '\n' || charBeforeTag == '.' || - charBeforeTag == '!' || charBeforeTag == '?' || charBeforeTag == 0 - isFollowedByNewlineOrEnd := charAfterTag == '\n' || charAfterTag == 0 - - // If the tag has proper formatting (newline before/after), it's likely real - if isPrecededByNewlineOrSentenceEnd && isFollowedByNewlineOrEnd { - log.Debugf("kiro: found properly formatted at pos %d", endIdx) - return endIdx - } - - // Check 4: Is the tag preceded by discussion keywords on the same line? - lastNewlineIdx := strings.LastIndex(textBeforeEnd, "\n") - lineBeforeTag := textBeforeEnd - if lastNewlineIdx >= 0 { - lineBeforeTag = textBeforeEnd[lastNewlineIdx+1:] - } - lineBeforeTagLower := strings.ToLower(lineBeforeTag) - - // Discussion patterns - if found, this is likely discussion text - discussionPatterns := []string{ - "标签", "返回", "输出", "包含", "使用", "解析", "转换", "生成", // Chinese - "tag", "return", "output", "contain", "use", "parse", "emit", "convert", "generate", // English - "", // discussing both tags together - "``", // explicitly in inline code - } - isDiscussion := false - for _, pattern := range discussionPatterns { - if strings.Contains(lineBeforeTagLower, pattern) { - isDiscussion = true - break - } - } - if isDiscussion { - log.Debugf("kiro: found after discussion text at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - - // Check 5: Is there text immediately after on the same line? - // Real end tags don't have text immediately after on the same line - if len(textAfterEnd) > 0 && charAfterTag != '\n' && charAfterTag != 0 { - // Find the next newline - nextNewline := strings.Index(textAfterEnd, "\n") - var textOnSameLine string - if nextNewline >= 0 { - textOnSameLine = textAfterEnd[:nextNewline] - } else { - textOnSameLine = textAfterEnd - } - // If there's non-whitespace text on the same line after the tag, it's discussion - if strings.TrimSpace(textOnSameLine) != "" { - log.Debugf("kiro: found with text after on same line at pos %d, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - } - - // Check 6: Is there another tag after this ? - if strings.Contains(textAfterEnd, kirocommon.ThinkingStartTag) { - nextStartIdx := strings.Index(textAfterEnd, kirocommon.ThinkingStartTag) - textBeforeNextStart := textAfterEnd[:nextStartIdx] - nextBacktickCount := strings.Count(textBeforeNextStart, "`") - nextFenceCount := strings.Count(textBeforeNextStart, "```") - nextAltFenceCount := strings.Count(textBeforeNextStart, "~~~") - - // If the next is NOT in code, then this is discussion text - if nextBacktickCount%2 == 0 && nextFenceCount%2 == 0 && nextAltFenceCount%2 == 0 { - log.Debugf("kiro: found followed by at pos %d, likely discussion text, skipping", endIdx) - searchStart = endIdx + len(kirocommon.ThinkingEndTag) - continue - } - } - - // This looks like a real end tag - return endIdx - } -} - -// determineAgenticMode determines if the model is an agentic or chat-only variant. -// Returns (isAgentic, isChatOnly) based on model name suffixes. -func determineAgenticMode(model string) (isAgentic, isChatOnly bool) { - isAgentic = strings.HasSuffix(model, "-agentic") - isChatOnly = strings.HasSuffix(model, "-chat") - return isAgentic, isChatOnly -} - -// getEffectiveProfileArn determines if profileArn should be included based on auth method. -// profileArn is only needed for social auth (Google OAuth), not for AWS SSO OIDC (Builder ID/IDC). -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) -func getEffectiveProfileArn(auth *cliproxyauth.Auth, profileArn string) string { - if auth != nil && auth.Metadata != nil { - // Check 1: auth_method field (from CLIProxyAPI tokens) - if authMethod, ok := auth.Metadata["auth_method"].(string); ok && (authMethod == "builder-id" || authMethod == "idc") { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 2: auth_type field (from kiro-cli tokens) - if authType, ok := auth.Metadata["auth_type"].(string); ok && authType == "aws_sso_oidc" { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 3: client_id + client_secret presence (AWS SSO OIDC signature) - _, hasClientID := auth.Metadata["client_id"].(string) - _, hasClientSecret := auth.Metadata["client_secret"].(string) - if hasClientID && hasClientSecret { - return "" // AWS SSO OIDC - don't include profileArn - } - } - return profileArn -} - -// getEffectiveProfileArnWithWarning determines if profileArn should be included based on auth method, -// and logs a warning if profileArn is missing for non-builder-id auth. -// This consolidates the auth_method check that was previously done separately. -// -// AWS SSO OIDC (Builder ID/IDC) users don't need profileArn - sending it causes 403 errors. -// Only Kiro Desktop (social auth like Google/GitHub) users need profileArn. -// -// Detection logic (matching kiro-openai-gateway): -// 1. Check auth_method field: "builder-id" or "idc" -// 2. Check auth_type field: "aws_sso_oidc" (from kiro-cli tokens) -// 3. Check for client_id + client_secret presence (AWS SSO OIDC signature) -func getEffectiveProfileArnWithWarning(auth *cliproxyauth.Auth, profileArn string) string { - if auth != nil && auth.Metadata != nil { - // Check 1: auth_method field (from CLIProxyAPI tokens) - if authMethod, ok := auth.Metadata["auth_method"].(string); ok && (authMethod == "builder-id" || authMethod == "idc") { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 2: auth_type field (from kiro-cli tokens) - if authType, ok := auth.Metadata["auth_type"].(string); ok && authType == "aws_sso_oidc" { - return "" // AWS SSO OIDC - don't include profileArn - } - // Check 3: client_id + client_secret presence (AWS SSO OIDC signature, like kiro-openai-gateway) - _, hasClientID := auth.Metadata["client_id"].(string) - _, hasClientSecret := auth.Metadata["client_secret"].(string) - if hasClientID && hasClientSecret { - return "" // AWS SSO OIDC - don't include profileArn - } - } - // For social auth (Kiro Desktop), profileArn is required - if profileArn == "" { - log.Warnf("kiro: profile ARN not found in auth, API calls may fail") - } - return profileArn -} - -// mapModelToKiro maps external model names to Kiro model IDs. -// Supports both Kiro and Amazon Q prefixes since they use the same API. -// Agentic variants (-agentic suffix) map to the same backend model IDs. -func (e *KiroExecutor) mapModelToKiro(model string) string { - modelMap := map[string]string{ - // Amazon Q format (amazonq- prefix) - same API as Kiro - "amazonq-auto": "auto", - "amazonq-claude-opus-4-6": "claude-opus-4.6", - "amazonq-claude-sonnet-4-6": "claude-sonnet-4.6", - "amazonq-claude-opus-4-5": "claude-opus-4.5", - "amazonq-claude-sonnet-4-5": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "amazonq-claude-sonnet-4": "claude-sonnet-4", - "amazonq-claude-sonnet-4-20250514": "claude-sonnet-4", - "amazonq-claude-haiku-4-5": "claude-haiku-4.5", - // Kiro format (kiro- prefix) - valid model names that should be preserved - "kiro-claude-opus-4-6": "claude-opus-4.6", - "kiro-claude-sonnet-4-6": "claude-sonnet-4.6", - "kiro-claude-opus-4-5": "claude-opus-4.5", - "kiro-claude-sonnet-4-5": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "kiro-claude-sonnet-4": "claude-sonnet-4", - "kiro-claude-sonnet-4-20250514": "claude-sonnet-4", - "kiro-claude-haiku-4-5": "claude-haiku-4.5", - "kiro-auto": "auto", - // Native format (no prefix) - used by Kiro IDE directly - "claude-opus-4-6": "claude-opus-4.6", - "claude-opus-4.6": "claude-opus-4.6", - "claude-sonnet-4-6": "claude-sonnet-4.6", - "claude-sonnet-4.6": "claude-sonnet-4.6", - "claude-opus-4-5": "claude-opus-4.5", - "claude-opus-4.5": "claude-opus-4.5", - "claude-haiku-4-5": "claude-haiku-4.5", - "claude-haiku-4.5": "claude-haiku-4.5", - "claude-sonnet-4-5": "claude-sonnet-4.5", - "claude-sonnet-4-5-20250929": "claude-sonnet-4.5", - "claude-sonnet-4.5": "claude-sonnet-4.5", - "claude-sonnet-4": "claude-sonnet-4", - "claude-sonnet-4-20250514": "claude-sonnet-4", - "auto": "auto", - // Agentic variants (same backend model IDs, but with special system prompt) - "claude-opus-4.6-agentic": "claude-opus-4.6", - "claude-sonnet-4.6-agentic": "claude-sonnet-4.6", - "claude-opus-4.5-agentic": "claude-opus-4.5", - "claude-sonnet-4.5-agentic": "claude-sonnet-4.5", - "claude-sonnet-4-agentic": "claude-sonnet-4", - "claude-haiku-4.5-agentic": "claude-haiku-4.5", - "kiro-claude-opus-4-6-agentic": "claude-opus-4.6", - "kiro-claude-sonnet-4-6-agentic": "claude-sonnet-4.6", - "kiro-claude-opus-4-5-agentic": "claude-opus-4.5", - "kiro-claude-sonnet-4-5-agentic": "claude-sonnet-4.5", - "kiro-claude-sonnet-4-agentic": "claude-sonnet-4", - "kiro-claude-haiku-4-5-agentic": "claude-haiku-4.5", - } - if kiroID, ok := modelMap[model]; ok { - return kiroID - } - - // Smart fallback: try to infer model type from name patterns - modelLower := strings.ToLower(model) - - // Check for Haiku variants - if strings.Contains(modelLower, "haiku") { - log.Debugf("kiro: unknown Haiku model '%s', mapping to claude-haiku-4.5", model) - return "claude-haiku-4.5" - } - - // Check for Sonnet variants - if strings.Contains(modelLower, "sonnet") { - // Check for specific version patterns - if strings.Contains(modelLower, "3-7") || strings.Contains(modelLower, "3.7") { - log.Debugf("kiro: unknown Sonnet 3.7 model '%s', mapping to claude-3-7-sonnet-20250219", model) - return "claude-3-7-sonnet-20250219" - } - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debugf("kiro: unknown Sonnet 4.6 model '%s', mapping to claude-sonnet-4.6", model) - return "claude-sonnet-4.6" - } - if strings.Contains(modelLower, "4-5") || strings.Contains(modelLower, "4.5") { - log.Debugf("kiro: unknown Sonnet 4.5 model '%s', mapping to claude-sonnet-4.5", model) - return "claude-sonnet-4.5" - } - } - - // Check for Opus variants - if strings.Contains(modelLower, "opus") { - if strings.Contains(modelLower, "4-6") || strings.Contains(modelLower, "4.6") { - log.Debugf("kiro: unknown Opus 4.6 model '%s', mapping to claude-opus-4.6", model) - return "claude-opus-4.6" - } - log.Debugf("kiro: unknown Opus model '%s', mapping to claude-opus-4.5", model) - return "claude-opus-4.5" - } - - // Final fallback to Sonnet 4.5 (most commonly used model) - log.Warnf("kiro: unknown model '%s', falling back to claude-sonnet-4.5", model) - return "claude-sonnet-4.5" -} - -// EventStreamError represents an Event Stream processing error -type EventStreamError struct { - Type string // "fatal", "malformed" - Message string - Cause error -} - -func (e *EventStreamError) Error() string { - if e.Cause != nil { - return fmt.Sprintf("event stream %s: %s: %v", e.Type, e.Message, e.Cause) - } - return fmt.Sprintf("event stream %s: %s", e.Type, e.Message) -} - -// eventStreamMessage represents a parsed AWS Event Stream message -type eventStreamMessage struct { - EventType string // Event type from headers (e.g., "assistantResponseEvent") - Payload []byte // JSON payload of the message -} - -// NOTE: Request building functions moved to internal/translator/kiro/claude/kiro_claude_request.go -// The executor now uses kiroclaude.BuildKiroPayload() instead - -// parseEventStream parses AWS Event Stream binary format. -// Extracts text content, tool uses, and stop_reason from the response. -// Supports embedded [Called ...] tool calls and input buffering for toolUseEvent. -// Returns: content, toolUses, usageInfo, stopReason, error -func (e *KiroExecutor) parseEventStream(body io.Reader) (string, []kiroclaude.KiroToolUse, usage.Detail, string, error) { - var content strings.Builder - var toolUses []kiroclaude.KiroToolUse - var usageInfo usage.Detail - var stopReason string // Extracted from upstream response - reader := bufio.NewReader(body) - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - - for { - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - log.Errorf("kiro: parseEventStream error: %v", eventErr) - return content.String(), toolUses, usageInfo, stopReason, eventErr - } - if msg == nil { - // Normal end of stream (EOF) - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Debugf("kiro: skipping malformed event: %v", err) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in event stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s - %s", errType, errMsg) - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error: %s", errMsg) - } - - // Extract stop_reason from various event formats - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason (top-level): %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason (top-level): %s", stopReason) - } - - // Handle different event types - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: parseEventStream ignoring followupPrompt event") - continue - - case "assistantResponseEvent": - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if contentText, ok := assistantResp["content"].(string); ok { - content.WriteString(contentText) - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in assistantResponseEvent: %s", stopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in assistantResponseEvent: %s", stopReason) - } - // Extract tool uses from response - if toolUsesRaw, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use from assistantResponse: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - } - // Also try direct format - if contentText, ok := event["content"].(string); ok { - content.WriteString(contentText) - } - // Direct tool uses - if toolUsesRaw, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range toolUsesRaw { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUseID := kirocommon.GetStringValue(tu, "toolUseId") - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate direct tool use: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - toolUse := kiroclaude.KiroToolUse{ - ToolUseID: toolUseID, - Name: kirocommon.GetStringValue(tu, "name"), - } - if input, ok := tu["input"].(map[string]interface{}); ok { - toolUse.Input = input - } - toolUses = append(toolUses, toolUse) - } - } - } - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - toolUses = append(toolUses, completedToolUses...) - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stop_reason in messageStopEvent: %s", stopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - stopReason = sr - log.Debugf("kiro: parseEventStream found stopReason in messageStopEvent: %s", stopReason) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Infof("kiro: parseEventStream found precise outputTokens in tokenUsage: %d", usageInfo.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Infof("kiro: parseEventStream found precise totalTokens in tokenUsage: %d", usageInfo.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - usageInfo.InputTokens = int64(uncachedInputTokens) - log.Infof("kiro: parseEventStream found uncachedInputTokens in tokenUsage: %d", usageInfo.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if usageInfo.InputTokens > 0 { - usageInfo.InputTokens += int64(cacheReadTokens) - } else { - usageInfo.InputTokens = int64(cacheReadTokens) - } - log.Debugf("kiro: parseEventStream found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in messageMetadataEvent: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in messageMetadataEvent: %d", usageInfo.OutputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in messageMetadataEvent: %d", usageInfo.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found inputTokens in usageEvent: %d", usageInfo.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found outputTokens in usageEvent: %d", usageInfo.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - log.Debugf("kiro: parseEventStream found totalTokens in usageEvent: %d", usageInfo.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: parseEventStream found usage object: input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: parseEventStream found metricsEvent: input=%d, output=%d", - usageInfo.InputTokens, usageInfo.OutputTokens) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - log.Infof("kiro: parseEventStream received meteringEvent: usage=%.2f %s", usageVal, unit) - // Store metering info for potential billing/statistics purposes - // Note: This is separate from token counts - it's AWS billing units - } else { - // Try direct fields - unit := "" - if u, ok := event["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := event["usage"].(float64); ok { - usageVal = u - } - if unit != "" || usageVal > 0 { - log.Infof("kiro: parseEventStream received meteringEvent (direct): usage=%.2f %s", usageVal, unit) - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException", "invalidStateEvent": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } - - // Check for specific error reasons - if reason, ok := event["reason"].(string); ok { - errMsg = fmt.Sprintf("%s (reason: %s)", errMsg, reason) - } - - log.Errorf("kiro: parseEventStream received error event: type=%s, message=%s", errType, errMsg) - - // For invalidStateEvent, we may want to continue processing other events - if eventType == "invalidStateEvent" { - log.Warnf("kiro: invalidStateEvent received, continuing stream processing") - continue - } - - // For other errors, return the error - if errMsg != "" { - return "", nil, usageInfo, stopReason, fmt.Errorf("kiro API error (%s): %s", errType, errMsg) - } - - default: - // Check for contextUsagePercentage in any event - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: parseEventStream received context usage: %.2f%%", upstreamContextPercentage) - } - // Log unknown event types for debugging (to discover new event formats) - log.Debugf("kiro: parseEventStream unknown event type: %s, payload: %s", eventType, string(payload)) - } - - // Check for direct token fields in any event (fallback) - if usageInfo.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - log.Debugf("kiro: parseEventStream found direct inputTokens: %d", usageInfo.InputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - log.Debugf("kiro: parseEventStream found direct outputTokens: %d", usageInfo.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if usageInfo.InputTokens == 0 || usageInfo.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if usageInfo.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - } - if usageInfo.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - if usageInfo.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - usageInfo.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: parseEventStream found usage object (fallback): input=%d, output=%d, total=%d", - usageInfo.InputTokens, usageInfo.OutputTokens, usageInfo.TotalTokens) - } - } - - // Also check nested supplementaryWebLinksEvent - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - usageInfo.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - usageInfo.OutputTokens = int64(outputTokens) - } - } - } - - // Parse embedded tool calls from content (e.g., [Called tool_name with args: {...}]) - contentStr := content.String() - cleanedContent, embeddedToolUses := kiroclaude.ParseEmbeddedToolCalls(contentStr, processedIDs) - toolUses = append(toolUses, embeddedToolUses...) - - // Deduplicate all tool uses - toolUses = kiroclaude.DeduplicateToolUses(toolUses) - - // Apply fallback logic for stop_reason if not provided by upstream - // Priority: upstream stopReason > tool_use detection > end_turn default - if stopReason == "" { - if len(toolUses) > 0 { - stopReason = "tool_use" - log.Debugf("kiro: parseEventStream using fallback stop_reason: tool_use (detected %d tool uses)", len(toolUses)) - } else { - stopReason = "end_turn" - log.Debugf("kiro: parseEventStream using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit") - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - if upstreamContextPercentage > 0 { - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - if calculatedInputTokens > 0 { - localEstimate := usageInfo.InputTokens - usageInfo.InputTokens = calculatedInputTokens - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - log.Infof("kiro: parseEventStream using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - return cleanedContent, toolUses, usageInfo, stopReason, nil -} - -// readEventStreamMessage reads and validates a single AWS Event Stream message. -// Returns the parsed message or a structured error for different failure modes. -// This function implements boundary protection and detailed error classification. -// -// AWS Event Stream binary format: -// - Prelude (12 bytes): total_length (4) + headers_length (4) + prelude_crc (4) -// - Headers (variable): header entries -// - Payload (variable): JSON data -// - Message CRC (4 bytes): CRC32C of entire message (not validated, just skipped) -func (e *KiroExecutor) readEventStreamMessage(reader *bufio.Reader) (*eventStreamMessage, *EventStreamError) { - // Read prelude (first 12 bytes: total_len + headers_len + prelude_crc) - prelude := make([]byte, 12) - _, err := io.ReadFull(reader, prelude) - if err == io.EOF { - return nil, nil // Normal end of stream - } - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read prelude", - Cause: err, - } - } - - totalLength := binary.BigEndian.Uint32(prelude[0:4]) - headersLength := binary.BigEndian.Uint32(prelude[4:8]) - // Note: prelude[8:12] is prelude_crc - we read it but don't validate (no CRC check per requirements) - - // Boundary check: minimum frame size - if totalLength < minEventStreamFrameSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("invalid message length: %d (minimum is %d)", totalLength, minEventStreamFrameSize), - } - } - - // Boundary check: maximum message size - if totalLength > maxEventStreamMsgSize { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("message too large: %d bytes (maximum is %d)", totalLength, maxEventStreamMsgSize), - } - } - - // Boundary check: headers length within message bounds - // Message structure: prelude(12) + headers(headersLength) + payload + message_crc(4) - // So: headersLength must be <= totalLength - 16 (12 for prelude + 4 for message_crc) - if headersLength > totalLength-16 { - return nil, &EventStreamError{ - Type: ErrStreamMalformed, - Message: fmt.Sprintf("headers length %d exceeds message bounds (total: %d)", headersLength, totalLength), - } - } - - // Read the rest of the message (total - 12 bytes already read) - remaining := make([]byte, totalLength-12) - _, err = io.ReadFull(reader, remaining) - if err != nil { - return nil, &EventStreamError{ - Type: ErrStreamFatal, - Message: "failed to read message body", - Cause: err, - } - } - - // Extract event type from headers - // Headers start at beginning of 'remaining', length is headersLength - var eventType string - if headersLength > 0 && headersLength <= uint32(len(remaining)) { - eventType = e.extractEventTypeFromBytes(remaining[:headersLength]) - } - - // Calculate payload boundaries - // Payload starts after headers, ends before message_crc (last 4 bytes) - payloadStart := headersLength - payloadEnd := uint32(len(remaining)) - 4 // Skip message_crc at end - - // Validate payload boundaries - if payloadStart >= payloadEnd { - // No payload, return empty message - return &eventStreamMessage{ - EventType: eventType, - Payload: nil, - }, nil - } - - payload := remaining[payloadStart:payloadEnd] - - return &eventStreamMessage{ - EventType: eventType, - Payload: payload, - }, nil -} - -func skipEventStreamHeaderValue(headers []byte, offset int, valueType byte) (int, bool) { - switch valueType { - case 0, 1: // bool true / bool false - return offset, true - case 2: // byte - if offset+1 > len(headers) { - return offset, false - } - return offset + 1, true - case 3: // short - if offset+2 > len(headers) { - return offset, false - } - return offset + 2, true - case 4: // int - if offset+4 > len(headers) { - return offset, false - } - return offset + 4, true - case 5: // long - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 6: // byte array (2-byte length + data) - if offset+2 > len(headers) { - return offset, false - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - return offset, false - } - return offset + valueLen, true - case 8: // timestamp - if offset+8 > len(headers) { - return offset, false - } - return offset + 8, true - case 9: // uuid - if offset+16 > len(headers) { - return offset, false - } - return offset + 16, true - default: - return offset, false - } -} - -// extractEventTypeFromBytes extracts the event type from raw header bytes (without prelude CRC prefix) -func (e *KiroExecutor) extractEventTypeFromBytes(headers []byte) string { - offset := 0 - for offset < len(headers) { - nameLen := int(headers[offset]) - offset++ - if offset+nameLen > len(headers) { - break - } - name := string(headers[offset : offset+nameLen]) - offset += nameLen - - if offset >= len(headers) { - break - } - valueType := headers[offset] - offset++ - - if valueType == 7 { // String type - if offset+2 > len(headers) { - break - } - valueLen := int(binary.BigEndian.Uint16(headers[offset : offset+2])) - offset += 2 - if offset+valueLen > len(headers) { - break - } - value := string(headers[offset : offset+valueLen]) - offset += valueLen - - if name == ":event-type" { - return value - } - continue - } - - nextOffset, ok := skipEventStreamHeaderValue(headers, offset, valueType) - if !ok { - break - } - offset = nextOffset - } - return "" -} - -// NOTE: Response building functions moved to internal/translator/kiro/claude/kiro_claude_response.go -// The executor now uses kiroclaude.BuildClaudeResponse() and kiroclaude.ExtractThinkingFromContent() instead - -// streamToChannel converts AWS Event Stream to channel-based streaming. -// Supports tool calling - emits tool_use content blocks when tools are used. -// Includes embedded [Called ...] tool call parsing and input buffering for toolUseEvent. -// Implements duplicate content filtering using lastContentEvent detection (based on AIClient-2-API). -// Extracts stop_reason from upstream events when available. -// thinkingEnabled controls whether tags are parsed - only parse when request enabled thinking. -func (e *KiroExecutor) streamToChannel(ctx context.Context, body io.Reader, out chan<- cliproxyexecutor.StreamChunk, targetFormat sdktranslator.Format, model string, originalReq, claudeBody []byte, reporter *usageReporter, thinkingEnabled bool) { - reader := bufio.NewReaderSize(body, 20*1024*1024) // 20MB buffer to match other providers - var totalUsage usage.Detail - var hasToolUses bool // Track if any tool uses were emitted - var hasTruncatedTools bool // Track if any tool uses were truncated - var upstreamStopReason string // Track stop_reason from upstream events - - // Tool use state tracking for input buffering and deduplication - processedIDs := make(map[string]bool) - var currentToolUse *kiroclaude.ToolUseState - - // NOTE: Duplicate content filtering removed - it was causing legitimate repeated - // content (like consecutive newlines) to be incorrectly filtered out. - // The previous implementation compared lastContentEvent == contentDelta which - // is too aggressive for streaming scenarios. - - // Streaming token calculation - accumulate content for real-time token counting - // Based on AIClient-2-API implementation - var accumulatedContent strings.Builder - accumulatedContent.Grow(4096) // Pre-allocate 4KB capacity to reduce reallocations - - // Real-time usage estimation state - // These track when to send periodic usage updates during streaming - var lastUsageUpdateLen int // Last accumulated content length when usage was sent - var lastUsageUpdateTime = time.Now() // Last time usage update was sent - var lastReportedOutputTokens int64 // Last reported output token count - - // Upstream usage tracking - Kiro API returns credit usage and context percentage - var upstreamCreditUsage float64 // Credit usage from upstream (e.g., 1.458) - var upstreamContextPercentage float64 // Context usage percentage from upstream (e.g., 78.56) - var hasUpstreamUsage bool // Whether we received usage from upstream - - // Translator param for maintaining tool call state across streaming events - // IMPORTANT: This must persist across all TranslateStream calls - var translatorParam any - - // Thinking mode state tracking - tag-based parsing for tags in content - inThinkBlock := false // Whether we're currently inside a block - isThinkingBlockOpen := false // Track if thinking content block SSE event is open - thinkingBlockIndex := -1 // Index of the thinking content block - var accumulatedThinkingContent strings.Builder // Accumulate thinking content for token counting - hasOfficialReasoningEvent := false // Disable tag parsing after official reasoning events appear - - // Buffer for handling partial tag matches at chunk boundaries - var pendingContent strings.Builder // Buffer content that might be part of a tag - - // Pre-calculate input tokens from request if possible - // Kiro uses Claude format, so try Claude format first, then OpenAI format, then fallback - if enc, err := getTokenizer(model); err == nil { - var inputTokens int64 - var countMethod string - - // Try Claude format first (Kiro uses Claude API format) - if inp, err := countClaudeChatTokens(enc, claudeBody); err == nil && inp > 0 { - inputTokens = inp - countMethod = "claude" - } else if inp, err := countOpenAIChatTokens(enc, originalReq); err == nil && inp > 0 { - // Fallback to OpenAI format (for OpenAI-compatible requests) - inputTokens = inp - countMethod = "openai" - } else { - // Final fallback: estimate from raw request size (roughly 4 chars per token) - inputTokens = int64(len(claudeBody) / 4) - if inputTokens == 0 && len(claudeBody) > 0 { - inputTokens = 1 - } - countMethod = "estimate" - } - - totalUsage.InputTokens = inputTokens - log.Debugf("kiro: streamToChannel pre-calculated input tokens: %d (method: %s, claude body: %d bytes, original req: %d bytes)", - totalUsage.InputTokens, countMethod, len(claudeBody), len(originalReq)) - } - - contentBlockIndex := -1 - messageStartSent := false - isTextBlockOpen := false - var outputLen int - - // Ensure usage is published even on early return - defer func() { - reporter.publish(ctx, totalUsage) - }() - - for { - select { - case <-ctx.Done(): - return - default: - } - - msg, eventErr := e.readEventStreamMessage(reader) - if eventErr != nil { - // Log the error - log.Errorf("kiro: streamToChannel error: %v", eventErr) - - // Send error to channel for client notification - out <- cliproxyexecutor.StreamChunk{Err: eventErr} - return - } - if msg == nil { - // Normal end of stream (EOF) - // Flush any incomplete tool use before ending stream - if currentToolUse != nil && !processedIDs[currentToolUse.ToolUseID] { - log.Warnf("kiro: flushing incomplete tool use at EOF: %s (ID: %s)", currentToolUse.Name, currentToolUse.ToolUseID) - fullInput := currentToolUse.InputBuffer.String() - repairedJSON := kiroclaude.RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse incomplete tool input at EOF: %v", err) - finalInput = make(map[string]interface{}) - } - - processedIDs[currentToolUse.ToolUseID] = true - contentBlockIndex++ - - // Send tool_use content block - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", currentToolUse.ToolUseID, currentToolUse.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send tool input as delta - inputBytes, _ := json.Marshal(finalInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputBytes), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true - currentToolUse = nil - } - - // DISABLED: Tag-based pending character flushing - // This code block was used for tag-based thinking detection which has been - // replaced by reasoningContentEvent handling. No pending tag chars to flush. - // Original code preserved in git history. - break - } - - eventType := msg.EventType - payload := msg.Payload - if len(payload) == 0 { - continue - } - appendAPIResponseChunk(ctx, e.cfg, payload) - - var event map[string]interface{} - if err := json.Unmarshal(payload, &event); err != nil { - log.Warnf("kiro: failed to unmarshal event payload: %v, raw: %s", err, string(payload)) - continue - } - - // Check for error/exception events in the payload (Kiro API may return errors with HTTP 200) - // These can appear as top-level fields or nested within the event - if errType, hasErrType := event["_type"].(string); hasErrType { - // AWS-style error: {"_type": "com.amazon.aws.codewhisperer#ValidationException", "message": "..."} - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } - log.Errorf("kiro: received AWS error in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s - %s", errType, errMsg)} - return - } - if errType, hasErrType := event["type"].(string); hasErrType && (errType == "error" || errType == "exception") { - // Generic error event - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - log.Errorf("kiro: received error event in stream: type=%s, message=%s", errType, errMsg) - out <- cliproxyexecutor.StreamChunk{Err: fmt.Errorf("kiro API error: %s", errMsg)} - return - } - - // Extract stop_reason from various event formats (streaming) - // Kiro/Amazon Q API may include stop_reason in different locations - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason (top-level): %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason (top-level): %s", upstreamStopReason) - } - - // Send message_start on first event - if !messageStartSent { - msgStart := kiroclaude.BuildClaudeMessageStartEvent(model, totalUsage.InputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - messageStartSent = true - } - - switch eventType { - case "followupPromptEvent": - // Filter out followupPrompt events - these are UI suggestions, not content - log.Debugf("kiro: streamToChannel ignoring followupPrompt event") - continue - - case "messageStopEvent", "message_stop": - // Handle message stop events which may contain stop_reason - if sr := kirocommon.GetString(event, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in messageStopEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(event, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in messageStopEvent: %s", upstreamStopReason) - } - - case "meteringEvent": - // Handle metering events from Kiro API (usage billing information) - // Official format: { unit: string, unitPlural: string, usage: number } - if metering, ok := event["meteringEvent"].(map[string]interface{}); ok { - unit := "" - if u, ok := metering["unit"].(string); ok { - unit = u - } - usageVal := 0.0 - if u, ok := metering["usage"].(float64); ok { - usageVal = u - } - upstreamCreditUsage = usageVal - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent: usage=%.4f %s", usageVal, unit) - } else { - // Try direct fields (event is meteringEvent itself) - if unit, ok := event["unit"].(string); ok { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel received meteringEvent (direct): usage=%.4f %s", usage, unit) - } - } - } - - case "contextUsageEvent": - // Handle context usage events from Kiro API - // Format: {"contextUsageEvent": {"contextUsagePercentage": 0.53}} - if ctxUsage, ok := event["contextUsageEvent"].(map[string]interface{}); ok { - if ctxPct, ok := ctxUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsageEvent: %.2f%%", ctxPct*100) - } - } else { - // Try direct field (fallback) - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel received contextUsagePercentage (direct): %.2f%%", ctxPct*100) - } - } - - case "error", "exception", "internalServerException": - // Handle error events from Kiro API stream - errMsg := "" - errType := eventType - - // Try to extract error message from various formats - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if errObj, ok := event[eventType].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - if t, ok := errObj["type"].(string); ok { - errType = t - } - } else if errObj, ok := event["error"].(map[string]interface{}); ok { - if msg, ok := errObj["message"].(string); ok { - errMsg = msg - } - } - - log.Errorf("kiro: streamToChannel received error event: type=%s, message=%s", errType, errMsg) - - // Send error to the stream and exit - if errMsg != "" { - out <- cliproxyexecutor.StreamChunk{ - Err: fmt.Errorf("kiro API error (%s): %s", errType, errMsg), - } - return - } - - case "invalidStateEvent": - // Handle invalid state events - log and continue (non-fatal) - errMsg := "" - if msg, ok := event["message"].(string); ok { - errMsg = msg - } else if stateEvent, ok := event["invalidStateEvent"].(map[string]interface{}); ok { - if msg, ok := stateEvent["message"].(string); ok { - errMsg = msg - } - } - log.Warnf("kiro: streamToChannel received invalidStateEvent: %s, continuing", errMsg) - continue - - default: - // Check for upstream usage events from Kiro API - // Format: {"unit":"credit","unitPlural":"credits","usage":1.458} - if unit, ok := event["unit"].(string); ok && unit == "credit" { - if usage, ok := event["usage"].(float64); ok { - upstreamCreditUsage = usage - hasUpstreamUsage = true - log.Debugf("kiro: received upstream credit usage: %.4f", upstreamCreditUsage) - } - } - // Format: {"contextUsagePercentage":78.56} - if ctxPct, ok := event["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: received upstream context usage: %.2f%%", upstreamContextPercentage) - } - - // Check for token counts in unknown events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in event %s: %d", eventType, totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in event %s: %d", eventType, totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in event %s: %d", eventType, totalUsage.TotalTokens) - } - - // Check for usage object in unknown events (OpenAI/Claude format) - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object in event %s: input=%d, output=%d, total=%d", - eventType, totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Log unknown event types for debugging (to discover new event formats) - if eventType != "" { - log.Debugf("kiro: streamToChannel unknown event type: %s, payload: %s", eventType, string(payload)) - } - - case "assistantResponseEvent": - var contentDelta string - var toolUses []map[string]interface{} - - if assistantResp, ok := event["assistantResponseEvent"].(map[string]interface{}); ok { - if c, ok := assistantResp["content"].(string); ok { - contentDelta = c - } - // Extract stop_reason from assistantResponseEvent - if sr := kirocommon.GetString(assistantResp, "stop_reason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stop_reason in assistantResponseEvent: %s", upstreamStopReason) - } - if sr := kirocommon.GetString(assistantResp, "stopReason"); sr != "" { - upstreamStopReason = sr - log.Debugf("kiro: streamToChannel found stopReason in assistantResponseEvent: %s", upstreamStopReason) - } - // Extract tool uses from response - if tus, ok := assistantResp["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - } - if contentDelta == "" { - if c, ok := event["content"].(string); ok { - contentDelta = c - } - } - // Direct tool uses - if tus, ok := event["toolUses"].([]interface{}); ok { - for _, tuRaw := range tus { - if tu, ok := tuRaw.(map[string]interface{}); ok { - toolUses = append(toolUses, tu) - } - } - } - - // Handle text content with thinking mode support - if contentDelta != "" { - // NOTE: Duplicate content filtering was removed because it incorrectly - // filtered out legitimate repeated content (like consecutive newlines "\n\n"). - // Streaming naturally can have identical chunks that are valid content. - - outputLen += len(contentDelta) - // Accumulate content for streaming token calculation - accumulatedContent.WriteString(contentDelta) - - // Real-time usage estimation: Check if we should send a usage update - // This helps clients track context usage during long thinking sessions - shouldSendUsageUpdate := false - if accumulatedContent.Len()-lastUsageUpdateLen >= usageUpdateCharThreshold { - shouldSendUsageUpdate = true - } else if time.Since(lastUsageUpdateTime) >= usageUpdateTimeInterval && accumulatedContent.Len() > lastUsageUpdateLen { - shouldSendUsageUpdate = true - } - - if shouldSendUsageUpdate { - // Calculate current output tokens using tiktoken - var currentOutputTokens int64 - if enc, encErr := getTokenizer(model); encErr == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - currentOutputTokens = int64(tokenCount) - } - } - // Fallback to character estimation if tiktoken fails - if currentOutputTokens == 0 { - currentOutputTokens = int64(accumulatedContent.Len() / 4) - if currentOutputTokens == 0 { - currentOutputTokens = 1 - } - } - - // Only send update if token count has changed significantly (at least 10 tokens) - if currentOutputTokens > lastReportedOutputTokens+10 { - // Send ping event with usage information - // This is a non-blocking update that clients can optionally process - pingEvent := kiroclaude.BuildClaudePingEventWithUsage(totalUsage.InputTokens, currentOutputTokens) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, pingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - lastReportedOutputTokens = currentOutputTokens - log.Debugf("kiro: sent real-time usage update - input: %d, output: %d (accumulated: %d chars)", - totalUsage.InputTokens, currentOutputTokens, accumulatedContent.Len()) - } - - lastUsageUpdateLen = accumulatedContent.Len() - lastUsageUpdateTime = time.Now() - } - - if hasOfficialReasoningEvent { - processText := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(contentDelta, kirocommon.ThinkingStartTag, ""), kirocommon.ThinkingEndTag, "")) - if processText != "" { - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - claudeEvent := kiroclaude.BuildClaudeStreamEvent(processText, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - continue - } - - // TAG-BASED THINKING PARSING: Parse tags from content - // Combine pending content with new content for processing - pendingContent.WriteString(contentDelta) - processContent := pendingContent.String() - pendingContent.Reset() - - // Process content looking for thinking tags - for len(processContent) > 0 { - if inThinkBlock { - // We're inside a thinking block, look for - endIdx := strings.Index(processContent, kirocommon.ThinkingEndTag) - if endIdx >= 0 { - // Found end tag - emit thinking content before the tag - thinkingText := processContent[:endIdx] - if thinkingText != "" { - // Ensure thinking block is open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send thinking delta - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(thinkingText) - } - // Close thinking block - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - inThinkBlock = false - processContent = processContent[endIdx+len(kirocommon.ThinkingEndTag):] - log.Debugf("kiro: closed thinking block, remaining content: %d chars", len(processContent)) - } else { - // No end tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingEndTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingEndTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as thinking content - if processContent != "" { - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(processContent, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - accumulatedThinkingContent.WriteString(processContent) - } - } - processContent = "" - } - } else { - // Not in thinking block, look for - startIdx := strings.Index(processContent, kirocommon.ThinkingStartTag) - if startIdx >= 0 { - // Found start tag - emit text content before the tag - textBefore := processContent[:startIdx] - if textBefore != "" { - // Close thinking block if open - if isThinkingBlockOpen { - blockStop := kiroclaude.BuildClaudeThinkingBlockStopEvent(thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isThinkingBlockOpen = false - } - // Ensure text block is open - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Send text delta - claudeEvent := kiroclaude.BuildClaudeStreamEvent(textBefore, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - // Close text block before entering thinking - if isTextBlockOpen { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - inThinkBlock = true - processContent = processContent[startIdx+len(kirocommon.ThinkingStartTag):] - log.Debugf("kiro: entered thinking block") - } else { - // No start tag found - check for partial match at end - partialMatch := false - for i := 1; i < len(kirocommon.ThinkingStartTag) && i <= len(processContent); i++ { - if strings.HasSuffix(processContent, kirocommon.ThinkingStartTag[:i]) { - // Possible partial tag at end, buffer it - pendingContent.WriteString(processContent[len(processContent)-i:]) - processContent = processContent[:len(processContent)-i] - partialMatch = true - break - } - } - if !partialMatch || len(processContent) > 0 { - // Emit all as text content - if processContent != "" { - if !isTextBlockOpen { - contentBlockIndex++ - isTextBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - claudeEvent := kiroclaude.BuildClaudeStreamEvent(processContent, contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, claudeEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - processContent = "" - } - } - } - } - - // Handle tool uses in response (with deduplication) - for _, tu := range toolUses { - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - - // Check for duplicate - if processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool use in stream: %s", toolUseID) - continue - } - processedIDs[toolUseID] = true - - hasToolUses = true - // Close text block if open before starting tool_use block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Emit tool_use content block - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", toolUseID, toolName) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send input_json_delta with the tool input - if input, ok := tu["input"].(map[string]interface{}); ok { - inputJSON, err := json.Marshal(input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input: %v", err) - // Don't continue - still need to close the block - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - // Close tool_use block (always close even if input marshal failed) - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "reasoningContentEvent": - // Handle official reasoningContentEvent from Kiro API - // This replaces tag-based thinking detection with the proper event type - // Official format: { text: string, signature?: string, redactedContent?: base64 } - var thinkingText string - var signature string - - if re, ok := event["reasoningContentEvent"].(map[string]interface{}); ok { - if text, ok := re["text"].(string); ok { - thinkingText = text - } - if sig, ok := re["signature"].(string); ok { - signature = sig - if len(sig) > 20 { - log.Debugf("kiro: reasoningContentEvent has signature: %s...", sig[:20]) - } else { - log.Debugf("kiro: reasoningContentEvent has signature: %s", sig) - } - } - } else { - // Try direct fields - if text, ok := event["text"].(string); ok { - thinkingText = text - } - if sig, ok := event["signature"].(string); ok { - signature = sig - } - } - - if thinkingText != "" { - hasOfficialReasoningEvent = true - // Close text block if open before starting thinking block - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - // Start thinking block if not already open - if !isThinkingBlockOpen { - contentBlockIndex++ - thinkingBlockIndex = contentBlockIndex - isThinkingBlockOpen = true - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(thinkingBlockIndex, "thinking", "", "") - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Send thinking content - thinkingEvent := kiroclaude.BuildClaudeThinkingDeltaEvent(thinkingText, thinkingBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, thinkingEvent, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Accumulate for token counting - accumulatedThinkingContent.WriteString(thinkingText) - log.Debugf("kiro: received reasoningContentEvent, text length: %d, has signature: %v", len(thinkingText), signature != "") - } - - // Note: We don't close the thinking block here - it will be closed when we see - // the next assistantResponseEvent or at the end of the stream - _ = signature // Signature can be used for verification if needed - - case "toolUseEvent": - // Handle dedicated tool use events with input buffering - completedToolUses, newState := kiroclaude.ProcessToolUseEvent(event, currentToolUse, processedIDs) - currentToolUse = newState - - // Emit completed tool uses - for _, tu := range completedToolUses { - // Check if this tool was truncated - emit with SOFT_LIMIT_REACHED marker - if tu.IsTruncated { - hasTruncatedTools = true - log.Infof("kiro: streamToChannel emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", tu.Name, tu.ToolUseID) - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - // Emit tool_use with SOFT_LIMIT_REACHED marker input - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Build SOFT_LIMIT_REACHED marker input - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - markerJSON, _ := json.Marshal(markerInput) - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(markerJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Close tool_use block - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - hasToolUses = true // Keep this so stop_reason = tool_use - continue - } - - hasToolUses = true - - // Close text block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - isTextBlockOpen = false - } - - contentBlockIndex++ - - blockStart := kiroclaude.BuildClaudeContentBlockStartEvent(contentBlockIndex, "tool_use", tu.ToolUseID, tu.Name) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStart, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - if tu.Input != nil { - inputJSON, err := json.Marshal(tu.Input) - if err != nil { - log.Debugf("kiro: failed to marshal tool input in toolUseEvent: %v", err) - } else { - inputDelta := kiroclaude.BuildClaudeInputJsonDeltaEvent(string(inputJSON), contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, inputDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - } - - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - case "supplementaryWebLinksEvent": - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - - case "messageMetadataEvent", "metadataEvent": - // Handle message metadata events which contain token counts - // Official format: { tokenUsage: { outputTokens, totalTokens, uncachedInputTokens, cacheReadInputTokens, cacheWriteInputTokens, contextUsagePercentage } } - var metadata map[string]interface{} - if m, ok := event["messageMetadataEvent"].(map[string]interface{}); ok { - metadata = m - } else if m, ok := event["metadataEvent"].(map[string]interface{}); ok { - metadata = m - } else { - metadata = event // event itself might be the metadata - } - - // Check for nested tokenUsage object (official format) - if tokenUsage, ok := metadata["tokenUsage"].(map[string]interface{}); ok { - // outputTokens - precise output token count - if outputTokens, ok := tokenUsage["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found precise outputTokens in tokenUsage: %d", totalUsage.OutputTokens) - } - // totalTokens - precise total token count - if totalTokens, ok := tokenUsage["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Infof("kiro: streamToChannel found precise totalTokens in tokenUsage: %d", totalUsage.TotalTokens) - } - // uncachedInputTokens - input tokens not from cache - if uncachedInputTokens, ok := tokenUsage["uncachedInputTokens"].(float64); ok { - totalUsage.InputTokens = int64(uncachedInputTokens) - hasUpstreamUsage = true - log.Infof("kiro: streamToChannel found uncachedInputTokens in tokenUsage: %d", totalUsage.InputTokens) - } - // cacheReadInputTokens - tokens read from cache - if cacheReadTokens, ok := tokenUsage["cacheReadInputTokens"].(float64); ok { - // Add to input tokens if we have uncached tokens, otherwise use as input - if totalUsage.InputTokens > 0 { - totalUsage.InputTokens += int64(cacheReadTokens) - } else { - totalUsage.InputTokens = int64(cacheReadTokens) - } - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found cacheReadInputTokens in tokenUsage: %d", int64(cacheReadTokens)) - } - // contextUsagePercentage - can be used as fallback for input token estimation - if ctxPct, ok := tokenUsage["contextUsagePercentage"].(float64); ok { - upstreamContextPercentage = ctxPct - log.Debugf("kiro: streamToChannel found contextUsagePercentage in tokenUsage: %.2f%%", ctxPct) - } - } - - // Fallback: check for direct fields in metadata (legacy format) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := metadata["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found inputTokens in messageMetadataEvent: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := metadata["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - hasUpstreamUsage = true - log.Debugf("kiro: streamToChannel found outputTokens in messageMetadataEvent: %d", totalUsage.OutputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := metadata["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in messageMetadataEvent: %d", totalUsage.TotalTokens) - } - } - - case "usageEvent", "usage": - // Handle dedicated usage events - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found inputTokens in usageEvent: %d", totalUsage.InputTokens) - } - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found outputTokens in usageEvent: %d", totalUsage.OutputTokens) - } - if totalTokens, ok := event["totalTokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - log.Debugf("kiro: streamToChannel found totalTokens in usageEvent: %d", totalUsage.TotalTokens) - } - // Also check nested usage object - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - log.Debugf("kiro: streamToChannel found usage object: input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - case "metricsEvent": - // Handle metrics events which may contain usage data - if metrics, ok := event["metricsEvent"].(map[string]interface{}); ok { - if inputTokens, ok := metrics["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := metrics["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - log.Debugf("kiro: streamToChannel found metricsEvent: input=%d, output=%d", - totalUsage.InputTokens, totalUsage.OutputTokens) - } - } - - // Check nested usage event - if usageEvent, ok := event["supplementaryWebLinksEvent"].(map[string]interface{}); ok { - if inputTokens, ok := usageEvent["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - if outputTokens, ok := usageEvent["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - - // Check for direct token fields in any event (fallback) - if totalUsage.InputTokens == 0 { - if inputTokens, ok := event["inputTokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - log.Debugf("kiro: streamToChannel found direct inputTokens: %d", totalUsage.InputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := event["outputTokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - log.Debugf("kiro: streamToChannel found direct outputTokens: %d", totalUsage.OutputTokens) - } - } - - // Check for usage object in any event (OpenAI format) - if totalUsage.InputTokens == 0 || totalUsage.OutputTokens == 0 { - if usageObj, ok := event["usage"].(map[string]interface{}); ok { - if totalUsage.InputTokens == 0 { - if inputTokens, ok := usageObj["input_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } else if inputTokens, ok := usageObj["prompt_tokens"].(float64); ok { - totalUsage.InputTokens = int64(inputTokens) - } - } - if totalUsage.OutputTokens == 0 { - if outputTokens, ok := usageObj["output_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } else if outputTokens, ok := usageObj["completion_tokens"].(float64); ok { - totalUsage.OutputTokens = int64(outputTokens) - } - } - if totalUsage.TotalTokens == 0 { - if totalTokens, ok := usageObj["total_tokens"].(float64); ok { - totalUsage.TotalTokens = int64(totalTokens) - } - } - log.Debugf("kiro: streamToChannel found usage object (fallback): input=%d, output=%d, total=%d", - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - } - } - - // Close content block if open - if isTextBlockOpen && contentBlockIndex >= 0 { - blockStop := kiroclaude.BuildClaudeContentBlockStopEvent(contentBlockIndex) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, blockStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - } - - // Streaming token calculation - calculate output tokens from accumulated content - // Only use local estimation if server didn't provide usage (server-side usage takes priority) - if totalUsage.OutputTokens == 0 && accumulatedContent.Len() > 0 { - // Try to use tiktoken for accurate counting - if enc, err := getTokenizer(model); err == nil { - if tokenCount, countErr := enc.Count(accumulatedContent.String()); countErr == nil { - totalUsage.OutputTokens = int64(tokenCount) - log.Debugf("kiro: streamToChannel calculated output tokens using tiktoken: %d", totalUsage.OutputTokens) - } else { - // Fallback on count error: estimate from character count - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel tiktoken count failed, estimated from chars: %d", totalUsage.OutputTokens) - } - } else { - // Fallback: estimate from character count (roughly 4 chars per token) - totalUsage.OutputTokens = int64(accumulatedContent.Len() / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - log.Debugf("kiro: streamToChannel estimated output tokens from chars: %d (content len: %d)", totalUsage.OutputTokens, accumulatedContent.Len()) - } - } else if totalUsage.OutputTokens == 0 && outputLen > 0 { - // Legacy fallback using outputLen - totalUsage.OutputTokens = int64(outputLen / 4) - if totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - } - - // Use contextUsagePercentage to calculate more accurate input tokens - // Kiro model has 200k max context, contextUsagePercentage represents the percentage used - // Formula: input_tokens = contextUsagePercentage * 200000 / 100 - // Note: The effective input context is ~170k (200k - 30k reserved for output) - if upstreamContextPercentage > 0 { - // Calculate input tokens from context percentage - // Using 200k as the base since that's what Kiro reports against - calculatedInputTokens := int64(upstreamContextPercentage * 200000 / 100) - - // Only use calculated value if it's significantly different from local estimate - // This provides more accurate token counts based on upstream data - if calculatedInputTokens > 0 { - localEstimate := totalUsage.InputTokens - totalUsage.InputTokens = calculatedInputTokens - log.Debugf("kiro: using contextUsagePercentage (%.2f%%) to calculate input tokens: %d (local estimate was: %d)", - upstreamContextPercentage, calculatedInputTokens, localEstimate) - } - } - - totalUsage.TotalTokens = totalUsage.InputTokens + totalUsage.OutputTokens - - // Log upstream usage information if received - if hasUpstreamUsage { - log.Debugf("kiro: upstream usage - credits: %.4f, context: %.2f%%, final tokens - input: %d, output: %d, total: %d", - upstreamCreditUsage, upstreamContextPercentage, - totalUsage.InputTokens, totalUsage.OutputTokens, totalUsage.TotalTokens) - } - - // Determine stop reason: prefer upstream, then detect tool_use, default to end_turn - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - stopReason := upstreamStopReason - if hasTruncatedTools { - // Log that we're using SOFT_LIMIT_REACHED approach - log.Infof("kiro: streamToChannel using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use for truncated tools") - } - if stopReason == "" { - if hasToolUses { - stopReason = "tool_use" - log.Debugf("kiro: streamToChannel using fallback stop_reason: tool_use") - } else { - stopReason = "end_turn" - log.Debugf("kiro: streamToChannel using fallback stop_reason: end_turn") - } - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (streamToChannel)") - } - - // Send message_delta event - msgDelta := kiroclaude.BuildClaudeMessageDeltaEvent(stopReason, totalUsage) - sseData := sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgDelta, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - - // Send message_stop event separately - msgStop := kiroclaude.BuildClaudeMessageStopOnlyEvent() - sseData = sdktranslator.TranslateStream(ctx, sdktranslator.FromString("kiro"), targetFormat, model, originalReq, claudeBody, msgStop, &translatorParam) - for _, chunk := range sseData { - if chunk != "" { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunk + "\n\n")} - } - } - // reporter.publish is called via defer -} - -// NOTE: Claude SSE event builders moved to internal/translator/kiro/claude/kiro_claude_stream.go -// The executor now uses kiroclaude.BuildClaude*Event() functions instead - -// CountTokens counts tokens locally using tiktoken since Kiro API doesn't expose a token counting endpoint. -// This provides approximate token counts for client requests. -func (e *KiroExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - // Use tiktoken for local token counting - enc, err := getTokenizer(req.Model) - if err != nil { - log.Warnf("kiro: CountTokens failed to get tokenizer: %v, falling back to estimate", err) - // Fallback: estimate from payload size (roughly 4 chars per token) - estimatedTokens := len(req.Payload) / 4 - if estimatedTokens == 0 && len(req.Payload) > 0 { - estimatedTokens = 1 - } - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, estimatedTokens)), - }, nil - } - - // Try to count tokens from the request payload - var totalTokens int64 - - // Try OpenAI chat format first - if tokens, countErr := countOpenAIChatTokens(enc, req.Payload); countErr == nil && tokens > 0 { - totalTokens = tokens - log.Debugf("kiro: CountTokens counted %d tokens using OpenAI chat format", totalTokens) - } else { - // Fallback: count raw payload tokens - if tokenCount, countErr := enc.Count(string(req.Payload)); countErr == nil { - totalTokens = int64(tokenCount) - log.Debugf("kiro: CountTokens counted %d tokens from raw payload", totalTokens) - } else { - // Final fallback: estimate from payload size - totalTokens = int64(len(req.Payload) / 4) - if totalTokens == 0 && len(req.Payload) > 0 { - totalTokens = 1 - } - log.Debugf("kiro: CountTokens estimated %d tokens from payload size", totalTokens) - } - } - - return cliproxyexecutor.Response{ - Payload: []byte(fmt.Sprintf(`{"count":%d}`, totalTokens)), - }, nil -} - -// Refresh refreshes the Kiro OAuth token. -// Supports both AWS Builder ID (SSO OIDC) and Google OAuth (social login). -// Uses mutex to prevent race conditions when multiple concurrent requests try to refresh. -func (e *KiroExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - // Serialize token refresh operations to prevent race conditions - e.refreshMu.Lock() - defer e.refreshMu.Unlock() - - var authID string - if auth != nil { - authID = auth.ID - } else { - authID = "" - } - log.Debugf("kiro executor: refresh called for auth %s", authID) - if auth == nil { - return nil, fmt.Errorf("kiro executor: auth is nil") - } - - // Double-check: After acquiring lock, verify token still needs refresh - // Another goroutine may have already refreshed while we were waiting - // NOTE: This check has a design limitation - it reads from the auth object passed in, - // not from persistent storage. If another goroutine returns a new Auth object (via Clone), - // this check won't see those updates. The mutex still prevents truly concurrent refreshes, - // but queued goroutines may still attempt redundant refreshes. This is acceptable as - // the refresh operation is idempotent and the extra API calls are infrequent. - if auth.Metadata != nil { - if lastRefresh, ok := auth.Metadata["last_refresh"].(string); ok { - if refreshTime, err := time.Parse(time.RFC3339, lastRefresh); err == nil { - // If token was refreshed within the last 30 seconds, skip refresh - if time.Since(refreshTime) < 30*time.Second { - log.Debugf("kiro executor: token was recently refreshed by another goroutine, skipping") - return auth, nil - } - } - } - // Also check if expires_at is now in the future with sufficient buffer - if expiresAt, ok := auth.Metadata["expires_at"].(string); ok { - if expTime, err := time.Parse(time.RFC3339, expiresAt); err == nil { - // If token expires more than 20 minutes from now, it's still valid - if time.Until(expTime) > 20*time.Minute { - log.Debugf("kiro executor: token is still valid (expires in %v), skipping refresh", time.Until(expTime)) - // CRITICAL FIX: Set NextRefreshAfter to prevent frequent refresh checks - // Without this, shouldRefresh() will return true again in 30 seconds - updated := auth.Clone() - // Set next refresh to 20 minutes before expiry, or at least 30 seconds from now - nextRefresh := expTime.Add(-20 * time.Minute) - minNextRefresh := time.Now().Add(30 * time.Second) - if nextRefresh.Before(minNextRefresh) { - nextRefresh = minNextRefresh - } - updated.NextRefreshAfter = nextRefresh - log.Debugf("kiro executor: setting NextRefreshAfter to %v (in %v)", nextRefresh.Format(time.RFC3339), time.Until(nextRefresh)) - return updated, nil - } - } - } - } - - var refreshToken string - var clientID, clientSecret string - var authMethod string - var region, startURL string - - if auth.Metadata != nil { - if rt, ok := auth.Metadata["refresh_token"].(string); ok { - refreshToken = rt - } - if cid, ok := auth.Metadata["client_id"].(string); ok { - clientID = cid - } - if cs, ok := auth.Metadata["client_secret"].(string); ok { - clientSecret = cs - } - if am, ok := auth.Metadata["auth_method"].(string); ok { - authMethod = am - } - if r, ok := auth.Metadata["region"].(string); ok { - region = r - } - if su, ok := auth.Metadata["start_url"].(string); ok { - startURL = su - } - } - - if refreshToken == "" { - return nil, fmt.Errorf("kiro executor: refresh token not found") - } - - var tokenData *kiroauth.KiroTokenData - var err error - - ssoClient := kiroauth.NewSSOOIDCClient(e.cfg) - - // Use SSO OIDC refresh for AWS Builder ID or IDC, otherwise use Kiro's OAuth refresh endpoint - switch { - case clientID != "" && clientSecret != "" && authMethod == "idc" && region != "": - // IDC refresh with region-specific endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for IDC (region=%s)", region) - tokenData, err = ssoClient.RefreshTokenWithRegion(ctx, clientID, clientSecret, refreshToken, region, startURL) - case clientID != "" && clientSecret != "" && authMethod == "builder-id": - // Builder ID refresh with default endpoint - log.Debugf("kiro executor: using SSO OIDC refresh for AWS Builder ID") - tokenData, err = ssoClient.RefreshToken(ctx, clientID, clientSecret, refreshToken) - default: - // Fallback to Kiro's OAuth refresh endpoint (for social auth: Google/GitHub) - log.Debugf("kiro executor: using Kiro OAuth refresh endpoint") - oauth := kiroauth.NewKiroOAuth(e.cfg) - tokenData, err = oauth.RefreshToken(ctx, refreshToken) - } - - if err != nil { - return nil, fmt.Errorf("kiro executor: token refresh failed: %w", err) - } - - updated := auth.Clone() - now := time.Now() - updated.UpdatedAt = now - updated.LastRefreshedAt = now - - if updated.Metadata == nil { - updated.Metadata = make(map[string]any) - } - updated.Metadata["access_token"] = tokenData.AccessToken - updated.Metadata["refresh_token"] = tokenData.RefreshToken - updated.Metadata["expires_at"] = tokenData.ExpiresAt - updated.Metadata["last_refresh"] = now.Format(time.RFC3339) - if tokenData.ProfileArn != "" { - updated.Metadata["profile_arn"] = tokenData.ProfileArn - } - if tokenData.AuthMethod != "" { - updated.Metadata["auth_method"] = tokenData.AuthMethod - } - if tokenData.Provider != "" { - updated.Metadata["provider"] = tokenData.Provider - } - // Preserve client credentials for future refreshes (AWS Builder ID) - if tokenData.ClientID != "" { - updated.Metadata["client_id"] = tokenData.ClientID - } - if tokenData.ClientSecret != "" { - updated.Metadata["client_secret"] = tokenData.ClientSecret - } - // Preserve region and start_url for IDC token refresh - if tokenData.Region != "" { - updated.Metadata["region"] = tokenData.Region - } - if tokenData.StartURL != "" { - updated.Metadata["start_url"] = tokenData.StartURL - } - - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - updated.Attributes["access_token"] = tokenData.AccessToken - if tokenData.ProfileArn != "" { - updated.Attributes["profile_arn"] = tokenData.ProfileArn - } - - // NextRefreshAfter is aligned with RefreshLead (20min) - if expiresAt, parseErr := time.Parse(time.RFC3339, tokenData.ExpiresAt); parseErr == nil { - updated.NextRefreshAfter = expiresAt.Add(-20 * time.Minute) - } - - log.Infof("kiro executor: token refreshed successfully, expires at %s", tokenData.ExpiresAt) - return updated, nil -} - -// persistRefreshedAuth persists a refreshed auth record to disk. -// This ensures token refreshes from inline retry are saved to the auth file. -func (e *KiroExecutor) persistRefreshedAuth(auth *cliproxyauth.Auth) error { - if auth == nil || auth.Metadata == nil { - return fmt.Errorf("kiro executor: cannot persist nil auth or metadata") - } - - // Determine the file path from auth attributes or filename - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return fmt.Errorf("kiro executor: auth has no file path or filename") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return fmt.Errorf("kiro executor: cannot determine auth file path") - } - } - - // Marshal metadata to JSON - raw, err := json.Marshal(auth.Metadata) - if err != nil { - return fmt.Errorf("kiro executor: marshal metadata failed: %w", err) - } - - // Write to temp file first, then rename (atomic write) - tmp := authPath + ".tmp" - if err := os.WriteFile(tmp, raw, 0o600); err != nil { - return fmt.Errorf("kiro executor: write temp auth file failed: %w", err) - } - if err := os.Rename(tmp, authPath); err != nil { - return fmt.Errorf("kiro executor: rename auth file failed: %w", err) - } - - log.Debugf("kiro executor: persisted refreshed auth to %s", authPath) - return nil -} - -// reloadAuthFromFile 从文件重新加载 auth 数据(方案 B: Fallback 机制) -// 当内存中的 token 已过期时,尝试从文件读取最新的 token -// 这解决了后台刷新器已更新文件但内存中 Auth 对象尚未同步的时间差问题 -func (e *KiroExecutor) reloadAuthFromFile(auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - if auth == nil { - return nil, fmt.Errorf("kiro executor: cannot reload nil auth") - } - - // 确定文件路径 - var authPath string - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - authPath = p - } - } - if authPath == "" { - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - return nil, fmt.Errorf("kiro executor: auth has no file path or filename for reload") - } - if filepath.IsAbs(fileName) { - authPath = fileName - } else if e.cfg != nil && e.cfg.AuthDir != "" { - authPath = filepath.Join(e.cfg.AuthDir, fileName) - } else { - return nil, fmt.Errorf("kiro executor: cannot determine auth file path for reload") - } - } - - // 读取文件 - raw, err := os.ReadFile(authPath) - if err != nil { - return nil, fmt.Errorf("kiro executor: failed to read auth file %s: %w", authPath, err) - } - - // 解析 JSON - var metadata map[string]any - if err := json.Unmarshal(raw, &metadata); err != nil { - return nil, fmt.Errorf("kiro executor: failed to parse auth file %s: %w", authPath, err) - } - - // 检查文件中的 token 是否比内存中的更新 - fileExpiresAt, _ := metadata["expires_at"].(string) - fileAccessToken, _ := metadata["access_token"].(string) - memExpiresAt, _ := auth.Metadata["expires_at"].(string) - memAccessToken, _ := auth.Metadata["access_token"].(string) - - // 文件中必须有有效的 access_token - if fileAccessToken == "" { - return nil, fmt.Errorf("kiro executor: auth file has no access_token field") - } - - // 如果有 expires_at,检查是否过期 - if fileExpiresAt != "" { - fileExpTime, parseErr := time.Parse(time.RFC3339, fileExpiresAt) - if parseErr == nil { - // 如果文件中的 token 也已过期,不使用它 - if time.Now().After(fileExpTime) { - log.Debugf("kiro executor: file token also expired at %s, not using", fileExpiresAt) - return nil, fmt.Errorf("kiro executor: file token also expired") - } - } - } - - // 判断文件中的 token 是否比内存中的更新 - // 条件1: access_token 不同(说明已刷新) - // 条件2: expires_at 更新(说明已刷新) - isNewer := false - - // 优先检查 access_token 是否变化 - if fileAccessToken != memAccessToken { - isNewer = true - log.Debugf("kiro executor: file access_token differs from memory, using file token") - } - - // 如果 access_token 相同,检查 expires_at - if !isNewer && fileExpiresAt != "" && memExpiresAt != "" { - fileExpTime, fileParseErr := time.Parse(time.RFC3339, fileExpiresAt) - memExpTime, memParseErr := time.Parse(time.RFC3339, memExpiresAt) - if fileParseErr == nil && memParseErr == nil && fileExpTime.After(memExpTime) { - isNewer = true - log.Debugf("kiro executor: file expires_at (%s) is newer than memory (%s)", fileExpiresAt, memExpiresAt) - } - } - - // 如果文件中没有 expires_at 但 access_token 相同,无法判断是否更新 - if !isNewer && fileExpiresAt == "" && fileAccessToken == memAccessToken { - return nil, fmt.Errorf("kiro executor: cannot determine if file token is newer (no expires_at, same access_token)") - } - - if !isNewer { - log.Debugf("kiro executor: file token not newer than memory token") - return nil, fmt.Errorf("kiro executor: file token not newer") - } - - // 创建更新后的 auth 对象 - updated := auth.Clone() - updated.Metadata = metadata - updated.UpdatedAt = time.Now() - - // 同步更新 Attributes - if updated.Attributes == nil { - updated.Attributes = make(map[string]string) - } - if accessToken, ok := metadata["access_token"].(string); ok { - updated.Attributes["access_token"] = accessToken - } - if profileArn, ok := metadata["profile_arn"].(string); ok { - updated.Attributes["profile_arn"] = profileArn - } - - log.Infof("kiro executor: reloaded auth from file %s, new expires_at: %s", authPath, fileExpiresAt) - return updated, nil -} - -// isTokenExpired checks if a JWT access token has expired. -// Returns true if the token is expired or cannot be parsed. -func (e *KiroExecutor) isTokenExpired(accessToken string) bool { - if accessToken == "" { - return true - } - - // JWT tokens have 3 parts separated by dots - parts := strings.Split(accessToken, ".") - if len(parts) != 3 { - // Not a JWT token, assume not expired - return false - } - - // Decode the payload (second part) - // JWT uses base64url encoding without padding (RawURLEncoding) - payload := parts[1] - decoded, err := base64.RawURLEncoding.DecodeString(payload) - if err != nil { - // Try with padding added as fallback - switch len(payload) % 4 { - case 2: - payload += "==" - case 3: - payload += "=" - } - decoded, err = base64.URLEncoding.DecodeString(payload) - if err != nil { - log.Debugf("kiro: failed to decode JWT payload: %v", err) - return false - } - } - - var claims struct { - Exp int64 `json:"exp"` - } - if err := json.Unmarshal(decoded, &claims); err != nil { - log.Debugf("kiro: failed to parse JWT claims: %v", err) - return false - } - - if claims.Exp == 0 { - // No expiration claim, assume not expired - return false - } - - expTime := time.Unix(claims.Exp, 0) - now := time.Now() - - // Consider token expired if it expires within 1 minute (buffer for clock skew) - isExpired := now.After(expTime) || expTime.Sub(now) < time.Minute - if isExpired { - log.Debugf("kiro: token expired at %s (now: %s)", expTime.Format(time.RFC3339), now.Format(time.RFC3339)) - } - - return isExpired -} - -// ══════════════════════════════════════════════════════════════════════════════ -// Web Search Handler (MCP API) -// ══════════════════════════════════════════════════════════════════════════════ - -// fetchToolDescription caching: -// Uses a mutex + fetched flag to ensure only one goroutine fetches at a time, -// with automatic retry on failure: -// - On failure, fetched stays false so subsequent calls will retry -// - On success, fetched is set to true — subsequent calls skip immediately (mutex-free fast path) -// The cached description is stored in the translator package via kiroclaude.SetWebSearchDescription(), -// enabling the translator's convertClaudeToolsToKiro to read it when building Kiro requests. -var ( - toolDescMu sync.Mutex - toolDescFetched atomic.Bool -) - -// fetchToolDescription calls MCP tools/list to get the web_search tool description -// and caches it. Safe to call concurrently — only one goroutine fetches at a time. -// If the fetch fails, subsequent calls will retry. On success, no further fetches occur. -// The httpClient parameter allows reusing a shared pooled HTTP client. -func fetchToolDescription(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) { - // Fast path: already fetched successfully, no lock needed - if toolDescFetched.Load() { - return - } - - toolDescMu.Lock() - defer toolDescMu.Unlock() - - // Double-check after acquiring lock - if toolDescFetched.Load() { - return - } - - handler := newWebSearchHandler(ctx, mcpEndpoint, authToken, httpClient, auth, authAttrs) - reqBody := []byte(`{"id":"tools_list","jsonrpc":"2.0","method":"tools/list"}`) - log.Debugf("kiro/websearch MCP tools/list request: %d bytes", len(reqBody)) - - req, err := http.NewRequestWithContext(ctx, "POST", mcpEndpoint, bytes.NewReader(reqBody)) - if err != nil { - log.Warnf("kiro/websearch: failed to create tools/list request: %v", err) - return - } - - // Reuse same headers as callMcpAPI - handler.setMcpHeaders(req) - - resp, err := handler.httpClient.Do(req) - if err != nil { - log.Warnf("kiro/websearch: tools/list request failed: %v", err) - return - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil || resp.StatusCode != http.StatusOK { - log.Warnf("kiro/websearch: tools/list returned status %d", resp.StatusCode) - return - } - log.Debugf("kiro/websearch MCP tools/list response: [%d] %d bytes", resp.StatusCode, len(body)) - - // Parse: {"result":{"tools":[{"name":"web_search","description":"..."}]}} - var result struct { - Result *struct { - Tools []struct { - Name string `json:"name"` - Description string `json:"description"` - } `json:"tools"` - } `json:"result"` - } - if err := json.Unmarshal(body, &result); err != nil || result.Result == nil { - log.Warnf("kiro/websearch: failed to parse tools/list response") - return - } - - for _, tool := range result.Result.Tools { - if tool.Name == "web_search" && tool.Description != "" { - kiroclaude.SetWebSearchDescription(tool.Description) - toolDescFetched.Store(true) // success — no more fetches - log.Infof("kiro/websearch: cached web_search description from tools/list (%d bytes)", len(tool.Description)) - return - } - } - - // web_search tool not found in response - log.Warnf("kiro/websearch: web_search tool not found in tools/list response") -} - -// webSearchHandler handles web search requests via Kiro MCP API -type webSearchHandler struct { - ctx context.Context - mcpEndpoint string - httpClient *http.Client - authToken string - auth *cliproxyauth.Auth // for applyDynamicFingerprint - authAttrs map[string]string // optional, for custom headers from auth.Attributes -} - -// newWebSearchHandler creates a new webSearchHandler. -// If httpClient is nil, a default client with 30s timeout is used. -// Pass a shared pooled client (e.g. from getKiroPooledHTTPClient) for connection reuse. -func newWebSearchHandler(ctx context.Context, mcpEndpoint, authToken string, httpClient *http.Client, auth *cliproxyauth.Auth, authAttrs map[string]string) *webSearchHandler { - if httpClient == nil { - httpClient = &http.Client{ - Timeout: 30 * time.Second, - } - } - return &webSearchHandler{ - ctx: ctx, - mcpEndpoint: mcpEndpoint, - httpClient: httpClient, - authToken: authToken, - auth: auth, - authAttrs: authAttrs, - } -} - -// setMcpHeaders sets standard MCP API headers on the request, -// aligned with the GAR request pattern. -func (h *webSearchHandler) setMcpHeaders(req *http.Request) { - // 1. Content-Type & Accept (aligned with GAR) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "*/*") - - // 2. Kiro-specific headers (aligned with GAR) - req.Header.Set("x-amzn-kiro-agent-mode", "vibe") - req.Header.Set("x-amzn-codewhisperer-optout", "true") - - // 3. User-Agent: Reuse applyDynamicFingerprint for consistency - applyDynamicFingerprint(req, h.auth) - - // 4. AWS SDK identifiers - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // 5. Authentication - req.Header.Set("Authorization", "Bearer "+h.authToken) - - // 6. Custom headers from auth attributes - util.ApplyCustomHeadersFromAttrs(req, h.authAttrs) -} - -// mcpMaxRetries is the maximum number of retries for MCP API calls. -const mcpMaxRetries = 2 - -// callMcpAPI calls the Kiro MCP API with the given request. -// Includes retry logic with exponential backoff for retryable errors. -func (h *webSearchHandler) callMcpAPI(request *kiroclaude.McpRequest) (*kiroclaude.McpResponse, error) { - requestBody, err := json.Marshal(request) - if err != nil { - return nil, fmt.Errorf("failed to marshal MCP request: %w", err) - } - log.Debugf("kiro/websearch MCP request → %s (%d bytes)", h.mcpEndpoint, len(requestBody)) - - var lastErr error - for attempt := 0; attempt <= mcpMaxRetries; attempt++ { - if attempt > 0 { - backoff := time.Duration(1< 10*time.Second { - backoff = 10 * time.Second - } - log.Warnf("kiro/websearch: MCP retry %d/%d after %v (last error: %v)", attempt, mcpMaxRetries, backoff, lastErr) - select { - case <-h.ctx.Done(): - return nil, h.ctx.Err() - case <-time.After(backoff): - } - } - - req, err := http.NewRequestWithContext(h.ctx, "POST", h.mcpEndpoint, bytes.NewReader(requestBody)) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP request: %w", err) - } - - h.setMcpHeaders(req) - - resp, err := h.httpClient.Do(req) - if err != nil { - lastErr = fmt.Errorf("MCP API request failed: %w", err) - continue // network error → retry - } - - body, err := io.ReadAll(resp.Body) - resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read MCP response: %w", err) - continue // read error → retry - } - log.Debugf("kiro/websearch MCP response ← [%d] (%d bytes)", resp.StatusCode, len(body)) - - // Retryable HTTP status codes (aligned with GAR: 502, 503, 504) - if resp.StatusCode >= 502 && resp.StatusCode <= 504 { - lastErr = fmt.Errorf("MCP API returned retryable status %d: %s", resp.StatusCode, string(body)) - continue - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("MCP API returned status %d: %s", resp.StatusCode, string(body)) - } - - var mcpResponse kiroclaude.McpResponse - if err := json.Unmarshal(body, &mcpResponse); err != nil { - return nil, fmt.Errorf("failed to parse MCP response: %w", err) - } - - if mcpResponse.Error != nil { - code := -1 - if mcpResponse.Error.Code != nil { - code = *mcpResponse.Error.Code - } - msg := "Unknown error" - if mcpResponse.Error.Message != nil { - msg = *mcpResponse.Error.Message - } - return nil, fmt.Errorf("MCP error %d: %s", code, msg) - } - - return &mcpResponse, nil - } - - return nil, lastErr -} - -// webSearchAuthAttrs extracts auth attributes for MCP calls. -// Used by handleWebSearch and handleWebSearchStream to pass custom headers. -func webSearchAuthAttrs(auth *cliproxyauth.Auth) map[string]string { - if auth != nil { - return auth.Attributes - } - return nil -} - -const maxWebSearchIterations = 5 - -// handleWebSearchStream handles web_search requests: -// Step 1: tools/list (sync) → fetch/cache tool description -// Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop -// Note: We skip the "model decides to search" step because Claude Code already -// decided to use web_search. The Kiro tool description restricts non-coding -// topics, so asking the model again would cause it to refuse valid searches. -func (e *KiroExecutor) handleWebSearchStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: failed to extract search query, falling back to normal flow") - return e.callKiroDirectStream(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // ── Step 1: tools/list (SYNC) — cache tool description ── - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Create output channel - out := make(chan cliproxyexecutor.StreamChunk) - - // Usage reporting: track web search requests like normal streaming requests - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - - go func() { - var wsErr error - defer reporter.trackFailure(ctx, &wsErr) - defer close(out) - - // Estimate input tokens using tokenizer (matching streamToChannel pattern) - var totalUsage usage.Detail - if enc, tokErr := getTokenizer(req.Model); tokErr == nil { - if inp, e := countClaudeChatTokens(enc, req.Payload); e == nil && inp > 0 { - totalUsage.InputTokens = inp - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - } else { - totalUsage.InputTokens = int64(len(req.Payload) / 4) - } - if totalUsage.InputTokens == 0 && len(req.Payload) > 0 { - totalUsage.InputTokens = 1 - } - var accumulatedOutputLen int - defer func() { - if wsErr != nil { - return // let trackFailure handle failure reporting - } - totalUsage.OutputTokens = int64(accumulatedOutputLen / 4) - if accumulatedOutputLen > 0 && totalUsage.OutputTokens == 0 { - totalUsage.OutputTokens = 1 - } - reporter.publish(ctx, totalUsage) - }() - - // Send message_start event to client (aligned with streamToChannel pattern) - // Use payloadRequestedModel to return user's original model alias - msgStart := kiroclaude.BuildClaudeMessageStartEvent( - payloadRequestedModel(opts, req.Model), - totalUsage.InputTokens, - ) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(msgStart, '\n', '\n')}: - } - - // ── Step 2+: MCP search → InjectToolResultsClaude → callKiroAndBuffer loop ── - contentBlockIndex := 0 - currentQuery := query - - // Replace web_search tool description with a minimal one that allows re-search. - // The original tools/list description from Kiro restricts non-coding topics, - // but we've already decided to search. We keep the tool so the model can - // request additional searches when results are insufficient. - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - currentClaudePayload := simplifiedPayload - totalSearches := 0 - - // Generate toolUseId for the first iteration (Claude Code already decided to search) - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - - for iteration := 0; iteration < maxWebSearchIterations; iteration++ { - log.Infof("kiro/websearch: search iteration %d/%d", - iteration+1, maxWebSearchIterations) - - // MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(currentQuery) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - totalSearches++ - log.Infof("kiro/websearch: iteration %d — got %d search results", iteration+1, resultCount) - - // Send search indicator events to client - searchEvents := kiroclaude.GenerateSearchIndicatorEvents(currentQuery, currentToolUseId, searchResults, contentBlockIndex) - for _, event := range searchEvents { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: event}: - } - } - contentBlockIndex += 2 - - // Inject tool_use + tool_result into Claude payload, then call GAR - var err error - currentClaudePayload, err = kiroclaude.InjectToolResultsClaude(currentClaudePayload, currentToolUseId, currentQuery, searchResults) - if err != nil { - log.Warnf("kiro/websearch: failed to inject tool results: %v", err) - wsErr = fmt.Errorf("failed to inject tool results: %w", err) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Call GAR with modified Claude payload (full translation pipeline) - modifiedReq := req - modifiedReq.Payload = currentClaudePayload - kiroChunks, kiroErr := e.callKiroAndBuffer(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if kiroErr != nil { - log.Warnf("kiro/websearch: Kiro API failed at iteration %d: %v", iteration+1, kiroErr) - wsErr = fmt.Errorf("Kiro API failed at iteration %d: %w", iteration+1, kiroErr) - e.sendFallbackText(ctx, out, contentBlockIndex, currentQuery, searchResults) - return - } - - // Analyze response - analysis := kiroclaude.AnalyzeBufferedStream(kiroChunks) - log.Infof("kiro/websearch: iteration %d — stop_reason: %s, has_tool_use: %v", - iteration+1, analysis.StopReason, analysis.HasWebSearchToolUse) - - if analysis.HasWebSearchToolUse && analysis.WebSearchQuery != "" && iteration+1 < maxWebSearchIterations { - // Model wants another search - filteredChunks := kiroclaude.FilterChunksForClient(kiroChunks, analysis.WebSearchToolUseIndex, contentBlockIndex) - for _, chunk := range filteredChunks { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - - currentQuery = analysis.WebSearchQuery - currentToolUseId = analysis.WebSearchToolUseId - continue - } - - // Model returned final response — stream to client - for _, chunk := range kiroChunks { - if contentBlockIndex > 0 && len(chunk) > 0 { - adjusted, shouldForward := kiroclaude.AdjustSSEChunk(chunk, contentBlockIndex) - if !shouldForward { - continue - } - accumulatedOutputLen += len(adjusted) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: adjusted}: - } - } else { - accumulatedOutputLen += len(chunk) - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: chunk}: - } - } - } - log.Infof("kiro/websearch: completed after %d search iteration(s), total searches: %d", iteration+1, totalSearches) - return - } - - log.Warnf("kiro/websearch: reached max iterations (%d), stopping search loop", maxWebSearchIterations) - }() - - return out, nil -} - -// handleWebSearch handles web_search requests for non-streaming Execute path. -// Performs MCP search synchronously, injects results into the request payload, -// then calls the normal non-streaming Kiro API path which returns a proper -// Claude JSON response (not SSE chunks). -func (e *KiroExecutor) handleWebSearch( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - // Extract search query from Claude Code's web_search tool_use - query := kiroclaude.ExtractSearchQuery(req.Payload) - if query == "" { - log.Warnf("kiro/websearch: non-stream: failed to extract search query, falling back to normal Execute") - // Fall through to normal non-streaming path - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Build MCP endpoint using shared region resolution (supports api_region + ProfileARN fallback) - region := resolveKiroAPIRegion(auth) - mcpEndpoint := kiroclaude.BuildMcpEndpoint(region) - - // Step 1: Fetch/cache tool description (sync) - { - authAttrs := webSearchAuthAttrs(auth) - fetchToolDescription(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - } - - // Step 2: Perform MCP search - _, mcpRequest := kiroclaude.CreateMcpRequest(query) - - authAttrs := webSearchAuthAttrs(auth) - handler := newWebSearchHandler(ctx, mcpEndpoint, accessToken, newKiroHTTPClientWithPooling(ctx, e.cfg, auth, 30*time.Second), auth, authAttrs) - mcpResponse, mcpErr := handler.callMcpAPI(mcpRequest) - - var searchResults *kiroclaude.WebSearchResults - if mcpErr != nil { - log.Warnf("kiro/websearch: non-stream: MCP API call failed: %v, continuing with empty results", mcpErr) - } else { - searchResults = kiroclaude.ParseSearchResults(mcpResponse) - } - - resultCount := 0 - if searchResults != nil { - resultCount = len(searchResults.Results) - } - log.Infof("kiro/websearch: non-stream: got %d search results", resultCount) - - // Step 3: Replace restrictive web_search tool description (align with streaming path) - simplifiedPayload, simplifyErr := kiroclaude.ReplaceWebSearchToolDescription(bytes.Clone(req.Payload)) - if simplifyErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to simplify web_search tool: %v, using original payload", simplifyErr) - simplifiedPayload = bytes.Clone(req.Payload) - } - - // Step 4: Inject search tool_use + tool_result into Claude payload - currentToolUseId := fmt.Sprintf("srvtoolu_%s", kiroclaude.GenerateToolUseID()) - modifiedPayload, err := kiroclaude.InjectToolResultsClaude(simplifiedPayload, currentToolUseId, query, searchResults) - if err != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject tool results: %v, falling back", err) - return e.executeNonStreamFallback(ctx, auth, req, opts, accessToken, profileArn) - } - - // Step 5: Call Kiro API via the normal non-streaming path (executeWithRetry) - // This path uses parseEventStream → BuildClaudeResponse → TranslateNonStream - // to produce a proper Claude JSON response - modifiedReq := req - modifiedReq.Payload = modifiedPayload - - resp, err := e.executeNonStreamFallback(ctx, auth, modifiedReq, opts, accessToken, profileArn) - if err != nil { - return resp, err - } - - // Step 6: Inject server_tool_use + web_search_tool_result into response - // so Claude Code can display "Did X searches in Ys" - indicators := []kiroclaude.SearchIndicator{ - { - ToolUseID: currentToolUseId, - Query: query, - Results: searchResults, - }, - } - injectedPayload, injErr := kiroclaude.InjectSearchIndicatorsInResponse(resp.Payload, indicators) - if injErr != nil { - log.Warnf("kiro/websearch: non-stream: failed to inject search indicators: %v", injErr) - } else { - resp.Payload = injectedPayload - } - - return resp, nil -} - -// callKiroAndBuffer calls the Kiro API and buffers all response chunks. -// Returns the buffered chunks for analysis before forwarding to client. -// Usage reporting is NOT done here — the caller (handleWebSearchStream) manages its own reporter. -func (e *KiroExecutor) callKiroAndBuffer( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) ([][]byte, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - log.Debugf("kiro/websearch GAR request: %d bytes", len(body)) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - kiroStream, err := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, - nil, body, from, nil, "", kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - if err != nil { - return nil, err - } - - // Buffer all chunks - var chunks [][]byte - for chunk := range kiroStream { - if chunk.Err != nil { - return chunks, chunk.Err - } - if len(chunk.Payload) > 0 { - chunks = append(chunks, bytes.Clone(chunk.Payload)) - } - } - - log.Debugf("kiro/websearch GAR response: %d chunks buffered", len(chunks)) - - return chunks, nil -} - -// callKiroDirectStream creates a direct streaming channel to Kiro API without search. -func (e *KiroExecutor) callKiroDirectStream( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (<-chan cliproxyexecutor.StreamChunk, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var streamErr error - defer reporter.trackFailure(ctx, &streamErr) - - stream, streamErr := e.executeStreamWithRetry( - ctx, auth, req, opts, accessToken, effectiveProfileArn, - nil, body, from, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey, - ) - return stream, streamErr -} - -// sendFallbackText sends a simple text response when the Kiro API fails during the search loop. -// Delegates SSE event construction to kiroclaude.BuildFallbackTextEvents() for alignment -// with how streamToChannel() uses BuildClaude*Event() functions. -func (e *KiroExecutor) sendFallbackText( - ctx context.Context, - out chan<- cliproxyexecutor.StreamChunk, - contentBlockIndex int, - query string, - searchResults *kiroclaude.WebSearchResults, -) { - events := kiroclaude.BuildFallbackTextEvents(contentBlockIndex, query, searchResults) - for _, event := range events { - select { - case <-ctx.Done(): - return - case out <- cliproxyexecutor.StreamChunk{Payload: append(event, '\n', '\n')}: - } - } -} - -// executeNonStreamFallback runs the standard non-streaming Execute path for a request. -// Used by handleWebSearch after injecting search results, or as a fallback. -func (e *KiroExecutor) executeNonStreamFallback( - ctx context.Context, - auth *cliproxyauth.Auth, - req cliproxyexecutor.Request, - opts cliproxyexecutor.Options, - accessToken, profileArn string, -) (cliproxyexecutor.Response, error) { - from := opts.SourceFormat - to := sdktranslator.FromString("kiro") - body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true) - - kiroModelID := e.mapModelToKiro(req.Model) - isAgentic, isChatOnly := determineAgenticMode(req.Model) - effectiveProfileArn := getEffectiveProfileArnWithWarning(auth, profileArn) - tokenKey := getTokenKey(auth) - - reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth) - var err error - defer reporter.trackFailure(ctx, &err) - - resp, err := e.executeWithRetry(ctx, auth, req, opts, accessToken, effectiveProfileArn, nil, body, from, to, reporter, "", kiroModelID, isAgentic, isChatOnly, tokenKey) - return resp, err -} diff --git a/internal/runtime/executor/logging_helpers.go b/internal/runtime/executor/logging_helpers.go deleted file mode 100644 index cef1b91a6e..0000000000 --- a/internal/runtime/executor/logging_helpers.go +++ /dev/null @@ -1,391 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "html" - "net/http" - "sort" - "strings" - "time" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/logging" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -const ( - apiAttemptsKey = "API_UPSTREAM_ATTEMPTS" - apiRequestKey = "API_REQUEST" - apiResponseKey = "API_RESPONSE" -) - -// upstreamRequestLog captures the outbound upstream request details for logging. -type upstreamRequestLog struct { - URL string - Method string - Headers http.Header - Body []byte - Provider string - AuthID string - AuthLabel string - AuthType string - AuthValue string -} - -type upstreamAttempt struct { - index int - request string - response *strings.Builder - responseIntroWritten bool - statusWritten bool - headersWritten bool - bodyStarted bool - bodyHasContent bool - errorWritten bool -} - -// recordAPIRequest stores the upstream request metadata in Gin context for request logging. -func recordAPIRequest(ctx context.Context, cfg *config.Config, info upstreamRequestLog) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - - attempts := getAttempts(ginCtx) - index := len(attempts) + 1 - - builder := &strings.Builder{} - builder.WriteString(fmt.Sprintf("=== API REQUEST %d ===\n", index)) - builder.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano))) - if info.URL != "" { - builder.WriteString(fmt.Sprintf("Upstream URL: %s\n", info.URL)) - } else { - builder.WriteString("Upstream URL: \n") - } - if info.Method != "" { - builder.WriteString(fmt.Sprintf("HTTP Method: %s\n", info.Method)) - } - if auth := formatAuthInfo(info); auth != "" { - builder.WriteString(fmt.Sprintf("Auth: %s\n", auth)) - } - builder.WriteString("\nHeaders:\n") - writeHeaders(builder, info.Headers) - builder.WriteString("\nBody:\n") - if len(info.Body) > 0 { - builder.WriteString(string(info.Body)) - } else { - builder.WriteString("") - } - builder.WriteString("\n\n") - - attempt := &upstreamAttempt{ - index: index, - request: builder.String(), - response: &strings.Builder{}, - } - attempts = append(attempts, attempt) - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) -} - -// recordAPIResponseMetadata captures upstream response status/header information for the latest attempt. -func recordAPIResponseMetadata(ctx context.Context, cfg *config.Config, status int, headers http.Header) { - if cfg == nil || !cfg.RequestLog { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if status > 0 && !attempt.statusWritten { - attempt.response.WriteString(fmt.Sprintf("Status: %d\n", status)) - attempt.statusWritten = true - } - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, headers) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - - updateAggregatedResponse(ginCtx, attempts) -} - -// recordAPIResponseError adds an error entry for the latest attempt when no HTTP response is available. -func recordAPIResponseError(ctx context.Context, cfg *config.Config, err error) { - if cfg == nil || !cfg.RequestLog || err == nil { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if attempt.bodyStarted && !attempt.bodyHasContent { - // Ensure body does not stay empty marker if error arrives first. - attempt.bodyStarted = false - } - if attempt.errorWritten { - attempt.response.WriteString("\n") - } - attempt.response.WriteString(fmt.Sprintf("Error: %s\n", err.Error())) - attempt.errorWritten = true - - updateAggregatedResponse(ginCtx, attempts) -} - -// appendAPIResponseChunk appends an upstream response chunk to Gin context for request logging. -func appendAPIResponseChunk(ctx context.Context, cfg *config.Config, chunk []byte) { - if cfg == nil || !cfg.RequestLog { - return - } - data := bytes.TrimSpace(chunk) - if len(data) == 0 { - return - } - ginCtx := ginContextFrom(ctx) - if ginCtx == nil { - return - } - attempts, attempt := ensureAttempt(ginCtx) - ensureResponseIntro(attempt) - - if !attempt.headersWritten { - attempt.response.WriteString("Headers:\n") - writeHeaders(attempt.response, nil) - attempt.headersWritten = true - attempt.response.WriteString("\n") - } - if !attempt.bodyStarted { - attempt.response.WriteString("Body:\n") - attempt.bodyStarted = true - } - if attempt.bodyHasContent { - attempt.response.WriteString("\n\n") - } - attempt.response.WriteString(string(data)) - attempt.bodyHasContent = true - - updateAggregatedResponse(ginCtx, attempts) -} - -func ginContextFrom(ctx context.Context) *gin.Context { - ginCtx, _ := ctx.Value("gin").(*gin.Context) - return ginCtx -} - -func getAttempts(ginCtx *gin.Context) []*upstreamAttempt { - if ginCtx == nil { - return nil - } - if value, exists := ginCtx.Get(apiAttemptsKey); exists { - if attempts, ok := value.([]*upstreamAttempt); ok { - return attempts - } - } - return nil -} - -func ensureAttempt(ginCtx *gin.Context) ([]*upstreamAttempt, *upstreamAttempt) { - attempts := getAttempts(ginCtx) - if len(attempts) == 0 { - attempt := &upstreamAttempt{ - index: 1, - request: "=== API REQUEST 1 ===\n\n\n", - response: &strings.Builder{}, - } - attempts = []*upstreamAttempt{attempt} - ginCtx.Set(apiAttemptsKey, attempts) - updateAggregatedRequest(ginCtx, attempts) - } - return attempts, attempts[len(attempts)-1] -} - -func ensureResponseIntro(attempt *upstreamAttempt) { - if attempt == nil || attempt.response == nil || attempt.responseIntroWritten { - return - } - attempt.response.WriteString(fmt.Sprintf("=== API RESPONSE %d ===\n", attempt.index)) - attempt.response.WriteString(fmt.Sprintf("Timestamp: %s\n", time.Now().Format(time.RFC3339Nano))) - attempt.response.WriteString("\n") - attempt.responseIntroWritten = true -} - -func updateAggregatedRequest(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for _, attempt := range attempts { - builder.WriteString(attempt.request) - } - ginCtx.Set(apiRequestKey, []byte(builder.String())) -} - -func updateAggregatedResponse(ginCtx *gin.Context, attempts []*upstreamAttempt) { - if ginCtx == nil { - return - } - var builder strings.Builder - for idx, attempt := range attempts { - if attempt == nil || attempt.response == nil { - continue - } - responseText := attempt.response.String() - if responseText == "" { - continue - } - builder.WriteString(responseText) - if !strings.HasSuffix(responseText, "\n") { - builder.WriteString("\n") - } - if idx < len(attempts)-1 { - builder.WriteString("\n") - } - } - ginCtx.Set(apiResponseKey, []byte(builder.String())) -} - -func writeHeaders(builder *strings.Builder, headers http.Header) { - if builder == nil { - return - } - if len(headers) == 0 { - builder.WriteString("\n") - return - } - keys := make([]string, 0, len(headers)) - for key := range headers { - keys = append(keys, key) - } - sort.Strings(keys) - for _, key := range keys { - values := headers[key] - if len(values) == 0 { - builder.WriteString(fmt.Sprintf("%s:\n", key)) - continue - } - for _, value := range values { - masked := util.MaskSensitiveHeaderValue(key, value) - builder.WriteString(fmt.Sprintf("%s: %s\n", key, masked)) - } - } -} - -func formatAuthInfo(info upstreamRequestLog) string { - var parts []string - if trimmed := strings.TrimSpace(info.Provider); trimmed != "" { - parts = append(parts, fmt.Sprintf("provider=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthID); trimmed != "" { - parts = append(parts, fmt.Sprintf("auth_id=%s", trimmed)) - } - if trimmed := strings.TrimSpace(info.AuthLabel); trimmed != "" { - parts = append(parts, fmt.Sprintf("label=%s", trimmed)) - } - - authType := strings.ToLower(strings.TrimSpace(info.AuthType)) - authValue := strings.TrimSpace(info.AuthValue) - switch authType { - case "api_key": - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=api_key value=%s", util.HideAPIKey(authValue))) - } else { - parts = append(parts, "type=api_key") - } - case "oauth": - parts = append(parts, "type=oauth") - default: - if authType != "" { - if authValue != "" { - parts = append(parts, fmt.Sprintf("type=%s value=%s", authType, authValue)) - } else { - parts = append(parts, fmt.Sprintf("type=%s", authType)) - } - } - } - - return strings.Join(parts, ", ") -} - -func summarizeErrorBody(contentType string, body []byte) string { - isHTML := strings.Contains(strings.ToLower(contentType), "text/html") - if !isHTML { - trimmed := bytes.TrimSpace(bytes.ToLower(body)) - if bytes.HasPrefix(trimmed, []byte("') - if gt == -1 { - return "" - } - start += gt + 1 - end := bytes.Index(lower[start:], []byte("")) - if end == -1 { - return "" - } - title := string(body[start : start+end]) - title = html.UnescapeString(title) - title = strings.TrimSpace(title) - if title == "" { - return "" - } - return strings.Join(strings.Fields(title), " ") -} - -// extractJSONErrorMessage attempts to extract error.message from JSON error responses -func extractJSONErrorMessage(body []byte) string { - result := gjson.GetBytes(body, "error.message") - if result.Exists() && result.String() != "" { - return result.String() - } - return "" -} - -// logWithRequestID returns a logrus Entry with request_id field populated from context. -// If no request ID is found in context, it returns the standard logger. -func logWithRequestID(ctx context.Context) *log.Entry { - if ctx == nil { - return log.NewEntry(log.StandardLogger()) - } - requestID := logging.GetRequestID(ctx) - if requestID == "" { - return log.NewEntry(log.StandardLogger()) - } - return log.WithField("request_id", requestID) -} diff --git a/internal/runtime/executor/openai_compat_executor.go b/internal/runtime/executor/openai_compat_executor.go deleted file mode 100644 index fc6bf7a145..0000000000 --- a/internal/runtime/executor/openai_compat_executor.go +++ /dev/null @@ -1,398 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/sjson" -) - -// OpenAICompatExecutor implements a stateless executor for OpenAI-compatible providers. -// It performs request/response translation and executes against the provider base URL -// using per-auth credentials (API key) and per-auth HTTP transport (proxy) from context. -type OpenAICompatExecutor struct { - provider string - cfg *config.Config -} - -// NewOpenAICompatExecutor creates an executor bound to a provider key (e.g., "openrouter"). -func NewOpenAICompatExecutor(provider string, cfg *config.Config) *OpenAICompatExecutor { - return &OpenAICompatExecutor{provider: provider, cfg: cfg} -} - -// Identifier implements cliproxyauth.ProviderExecutor. -func (e *OpenAICompatExecutor) Identifier() string { return e.provider } - -// PrepareRequest injects OpenAI-compatible credentials into the outgoing HTTP request. -func (e *OpenAICompatExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - _, apiKey := e.resolveCredentials(auth) - if strings.TrimSpace(apiKey) != "" { - req.Header.Set("Authorization", "Bearer "+apiKey) - } - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(req, attrs) - return nil -} - -// HttpRequest injects OpenAI-compatible credentials into the request and executes it. -func (e *OpenAICompatExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("openai compat executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *OpenAICompatExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - endpoint := "/chat/completions" - if opts.Alt == "responses/compact" { - to = sdktranslator.FromString("openai-response") - endpoint = "/responses/compact" - } - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, opts.Stream) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, opts.Stream) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - if opts.Alt == "responses/compact" { - if updated, errDelete := sjson.DeleteBytes(translated, "stream"); errDelete == nil { - translated = updated - } - } - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - url := strings.TrimSuffix(baseURL, "/") + endpoint - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return resp, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - body, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, body) - reporter.publish(ctx, parseOpenAIUsage(body)) - // Ensure we at least record the request even if upstream doesn't return usage - reporter.ensurePublished(ctx) - // Translate response back to source format when needed - var param any - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, body, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *OpenAICompatExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - baseURL, apiKey := e.resolveCredentials(auth) - if baseURL == "" { - err = statusErr{code: http.StatusUnauthorized, msg: "missing provider baseURL"} - return nil, err - } - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - requestedModel := payloadRequestedModel(opts, req.Model) - translated = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", translated, originalTranslated, requestedModel) - - translated, err = thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(translated)) - if err != nil { - return nil, err - } - httpReq.Header.Set("Content-Type", "application/json") - if apiKey != "" { - httpReq.Header.Set("Authorization", "Bearer "+apiKey) - } - httpReq.Header.Set("User-Agent", "cli-proxy-openai-compat") - var attrs map[string]string - if auth != nil { - attrs = auth.Attributes - } - util.ApplyCustomHeadersFromAttrs(httpReq, attrs) - httpReq.Header.Set("Accept", "text/event-stream") - httpReq.Header.Set("Cache-Control", "no-cache") - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: translated, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("openai compat executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - if len(line) == 0 { - continue - } - - if !bytes.HasPrefix(line, []byte("data:")) { - continue - } - - // OpenAI-compatible streams are SSE: lines typically prefixed with "data: ". - // Pass through translator; it yields one or more chunks for the target schema. - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, translated, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - // Ensure we record the request if no usage chunk was ever seen - reporter.ensurePublished(ctx) - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *OpenAICompatExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - translated := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelForCounting := baseModel - - translated, err := thinking.ApplyThinking(translated, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return cliproxyexecutor.Response{}, err - } - - enc, err := tokenizerForModel(modelForCounting) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, translated) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("openai compat executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translatedUsage := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translatedUsage)}, nil -} - -// Refresh is a no-op for API-key based compatibility providers. -func (e *OpenAICompatExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("openai compat executor: refresh called") - _ = ctx - return auth, nil -} - -func (e *OpenAICompatExecutor) resolveCredentials(auth *cliproxyauth.Auth) (baseURL, apiKey string) { - if auth == nil { - return "", "" - } - if auth.Attributes != nil { - baseURL = strings.TrimSpace(auth.Attributes["base_url"]) - apiKey = strings.TrimSpace(auth.Attributes["api_key"]) - } - return -} - -func (e *OpenAICompatExecutor) resolveCompatConfig(auth *cliproxyauth.Auth) *config.OpenAICompatibility { - if auth == nil || e.cfg == nil { - return nil - } - candidates := make([]string, 0, 3) - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["compat_name"]); v != "" { - candidates = append(candidates, v) - } - if v := strings.TrimSpace(auth.Attributes["provider_key"]); v != "" { - candidates = append(candidates, v) - } - } - if v := strings.TrimSpace(auth.Provider); v != "" { - candidates = append(candidates, v) - } - for i := range e.cfg.OpenAICompatibility { - compat := &e.cfg.OpenAICompatibility[i] - for _, candidate := range candidates { - if candidate != "" && strings.EqualFold(strings.TrimSpace(candidate), compat.Name) { - return compat - } - } - } - return nil -} - -func (e *OpenAICompatExecutor) overrideModel(payload []byte, model string) []byte { - if len(payload) == 0 || model == "" { - return payload - } - payload, _ = sjson.SetBytes(payload, "model", model) - return payload -} - -type statusErr struct { - code int - msg string - retryAfter *time.Duration -} - -func (e statusErr) Error() string { - if e.msg != "" { - return e.msg - } - return fmt.Sprintf("status %d", e.code) -} -func (e statusErr) StatusCode() int { return e.code } -func (e statusErr) RetryAfter() *time.Duration { return e.retryAfter } diff --git a/internal/runtime/executor/openai_compat_executor_compact_test.go b/internal/runtime/executor/openai_compat_executor_compact_test.go deleted file mode 100644 index 060705001f..0000000000 --- a/internal/runtime/executor/openai_compat_executor_compact_test.go +++ /dev/null @@ -1,58 +0,0 @@ -package executor - -import ( - "context" - "io" - "net/http" - "net/http/httptest" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - "github.com/tidwall/gjson" -) - -func TestOpenAICompatExecutorCompactPassthrough(t *testing.T) { - var gotPath string - var gotBody []byte - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - gotPath = r.URL.Path - body, _ := io.ReadAll(r.Body) - gotBody = body - w.Header().Set("Content-Type", "application/json") - _, _ = w.Write([]byte(`{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}`)) - })) - defer server.Close() - - executor := NewOpenAICompatExecutor("openai-compatibility", &config.Config{}) - auth := &cliproxyauth.Auth{Attributes: map[string]string{ - "base_url": server.URL + "/v1", - "api_key": "test", - }} - payload := []byte(`{"model":"gpt-5.1-codex-max","input":[{"role":"user","content":"hi"}]}`) - resp, err := executor.Execute(context.Background(), auth, cliproxyexecutor.Request{ - Model: "gpt-5.1-codex-max", - Payload: payload, - }, cliproxyexecutor.Options{ - SourceFormat: sdktranslator.FromString("openai-response"), - Alt: "responses/compact", - Stream: false, - }) - if err != nil { - t.Fatalf("Execute error: %v", err) - } - if gotPath != "/v1/responses/compact" { - t.Fatalf("path = %q, want %q", gotPath, "/v1/responses/compact") - } - if !gjson.GetBytes(gotBody, "input").Exists() { - t.Fatalf("expected input in body") - } - if gjson.GetBytes(gotBody, "messages").Exists() { - t.Fatalf("unexpected messages in body") - } - if string(resp.Payload) != `{"id":"resp_1","object":"response.compaction","usage":{"input_tokens":1,"output_tokens":2,"total_tokens":3}}` { - t.Fatalf("payload = %s", string(resp.Payload)) - } -} diff --git a/internal/runtime/executor/payload_helpers.go b/internal/runtime/executor/payload_helpers.go deleted file mode 100644 index b18519afc1..0000000000 --- a/internal/runtime/executor/payload_helpers.go +++ /dev/null @@ -1,319 +0,0 @@ -package executor - -import ( - "encoding/json" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// applyPayloadConfigWithRoot behaves like applyPayloadConfig but treats all parameter -// paths as relative to the provided root path (for example, "request" for Gemini CLI) -// and restricts matches to the given protocol when supplied. Defaults are checked -// against the original payload when provided. requestedModel carries the client-visible -// model name before alias resolution so payload rules can target aliases precisely. -func applyPayloadConfigWithRoot(cfg *config.Config, model, protocol, root string, payload, original []byte, requestedModel string) []byte { - if cfg == nil || len(payload) == 0 { - return payload - } - rules := cfg.Payload - if len(rules.Default) == 0 && len(rules.DefaultRaw) == 0 && len(rules.Override) == 0 && len(rules.OverrideRaw) == 0 && len(rules.Filter) == 0 { - return payload - } - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return payload - } - candidates := payloadModelCandidates(model, requestedModel) - out := payload - source := original - if len(source) == 0 { - source = payload - } - appliedDefaults := make(map[string]struct{}) - // Apply default rules: first write wins per field across all matching rules. - for i := range rules.Default { - rule := &rules.Default[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply default raw rules: first write wins per field across all matching rules. - for i := range rules.DefaultRaw { - rule := &rules.DefaultRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - if gjson.GetBytes(source, fullPath).Exists() { - continue - } - if _, ok := appliedDefaults[fullPath]; ok { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - appliedDefaults[fullPath] = struct{}{} - } - } - // Apply override rules: last write wins per field across all matching rules. - for i := range rules.Override { - rule := &rules.Override[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errSet := sjson.SetBytes(out, fullPath, value) - if errSet != nil { - continue - } - out = updated - } - } - // Apply override raw rules: last write wins per field across all matching rules. - for i := range rules.OverrideRaw { - rule := &rules.OverrideRaw[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for path, value := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - rawValue, ok := payloadRawValue(value) - if !ok { - continue - } - updated, errSet := sjson.SetRawBytes(out, fullPath, rawValue) - if errSet != nil { - continue - } - out = updated - } - } - // Apply filter rules: remove matching paths from payload. - for i := range rules.Filter { - rule := &rules.Filter[i] - if !payloadModelRulesMatch(rule.Models, protocol, candidates) { - continue - } - for _, path := range rule.Params { - fullPath := buildPayloadPath(root, path) - if fullPath == "" { - continue - } - updated, errDel := sjson.DeleteBytes(out, fullPath) - if errDel != nil { - continue - } - out = updated - } - } - return out -} - -func payloadModelRulesMatch(rules []config.PayloadModelRule, protocol string, models []string) bool { - if len(rules) == 0 || len(models) == 0 { - return false - } - for _, model := range models { - for _, entry := range rules { - name := strings.TrimSpace(entry.Name) - if name == "" { - continue - } - if ep := strings.TrimSpace(entry.Protocol); ep != "" && protocol != "" && !strings.EqualFold(ep, protocol) { - continue - } - if matchModelPattern(name, model) { - return true - } - } - } - return false -} - -func payloadModelCandidates(model, requestedModel string) []string { - model = strings.TrimSpace(model) - requestedModel = strings.TrimSpace(requestedModel) - if model == "" && requestedModel == "" { - return nil - } - candidates := make([]string, 0, 3) - seen := make(map[string]struct{}, 3) - addCandidate := func(value string) { - value = strings.TrimSpace(value) - if value == "" { - return - } - key := strings.ToLower(value) - if _, ok := seen[key]; ok { - return - } - seen[key] = struct{}{} - candidates = append(candidates, value) - } - if model != "" { - addCandidate(model) - } - if requestedModel != "" { - parsed := thinking.ParseSuffix(requestedModel) - base := strings.TrimSpace(parsed.ModelName) - if base != "" { - addCandidate(base) - } - if parsed.HasSuffix { - addCandidate(requestedModel) - } - } - return candidates -} - -// buildPayloadPath combines an optional root path with a relative parameter path. -// When root is empty, the parameter path is used as-is. When root is non-empty, -// the parameter path is treated as relative to root. -func buildPayloadPath(root, path string) string { - r := strings.TrimSpace(root) - p := strings.TrimSpace(path) - if r == "" { - return p - } - if p == "" { - return r - } - if strings.HasPrefix(p, ".") { - p = p[1:] - } - return r + "." + p -} - -func payloadRawValue(value any) ([]byte, bool) { - if value == nil { - return nil, false - } - switch typed := value.(type) { - case string: - return []byte(typed), true - case []byte: - return typed, true - default: - raw, errMarshal := json.Marshal(typed) - if errMarshal != nil { - return nil, false - } - return raw, true - } -} - -func payloadRequestedModel(opts cliproxyexecutor.Options, fallback string) string { - fallback = strings.TrimSpace(fallback) - if len(opts.Metadata) == 0 { - return fallback - } - raw, ok := opts.Metadata[cliproxyexecutor.RequestedModelMetadataKey] - if !ok || raw == nil { - return fallback - } - switch v := raw.(type) { - case string: - if strings.TrimSpace(v) == "" { - return fallback - } - return strings.TrimSpace(v) - case []byte: - if len(v) == 0 { - return fallback - } - trimmed := strings.TrimSpace(string(v)) - if trimmed == "" { - return fallback - } - return trimmed - default: - return fallback - } -} - -// matchModelPattern performs simple wildcard matching where '*' matches zero or more characters. -// Examples: -// -// "*-5" matches "gpt-5" -// "gpt-*" matches "gpt-5" and "gpt-4" -// "gemini-*-pro" matches "gemini-2.5-pro" and "gemini-3-pro". -func matchModelPattern(pattern, model string) bool { - pattern = strings.TrimSpace(pattern) - model = strings.TrimSpace(model) - if pattern == "" { - return false - } - if pattern == "*" { - return true - } - // Iterative glob-style matcher supporting only '*' wildcard. - pi, si := 0, 0 - starIdx := -1 - matchIdx := 0 - for si < len(model) { - if pi < len(pattern) && (pattern[pi] == model[si]) { - pi++ - si++ - continue - } - if pi < len(pattern) && pattern[pi] == '*' { - starIdx = pi - matchIdx = si - pi++ - continue - } - if starIdx != -1 { - pi = starIdx + 1 - matchIdx++ - si = matchIdx - continue - } - return false - } - for pi < len(pattern) && pattern[pi] == '*' { - pi++ - } - return pi == len(pattern) -} diff --git a/internal/runtime/executor/proxy_helpers.go b/internal/runtime/executor/proxy_helpers.go deleted file mode 100644 index 985ab4eb38..0000000000 --- a/internal/runtime/executor/proxy_helpers.go +++ /dev/null @@ -1,155 +0,0 @@ -package executor - -import ( - "context" - "net" - "net/http" - "net/url" - "strings" - "sync" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// httpClientCache caches HTTP clients by proxy URL to enable connection reuse -var ( - httpClientCache = make(map[string]*http.Client) - httpClientCacheMutex sync.RWMutex -) - -// newProxyAwareHTTPClient creates an HTTP client with proper proxy configuration priority: -// 1. Use auth.ProxyURL if configured (highest priority) -// 2. Use cfg.ProxyURL if auth proxy is not configured -// 3. Use RoundTripper from context if neither are configured -// -// This function caches HTTP clients by proxy URL to enable TCP/TLS connection reuse. -// -// Parameters: -// - ctx: The context containing optional RoundTripper -// - cfg: The application configuration -// - auth: The authentication information -// - timeout: The client timeout (0 means no timeout) -// -// Returns: -// - *http.Client: An HTTP client with configured proxy or transport -func newProxyAwareHTTPClient(ctx context.Context, cfg *config.Config, auth *cliproxyauth.Auth, timeout time.Duration) *http.Client { - // Priority 1: Use auth.ProxyURL if configured - var proxyURL string - if auth != nil { - proxyURL = strings.TrimSpace(auth.ProxyURL) - } - - // Priority 2: Use cfg.ProxyURL if auth proxy is not configured - if proxyURL == "" && cfg != nil { - proxyURL = strings.TrimSpace(cfg.ProxyURL) - } - - // Build cache key from proxy URL (empty string for no proxy) - cacheKey := proxyURL - - // Check cache first - httpClientCacheMutex.RLock() - if cachedClient, ok := httpClientCache[cacheKey]; ok { - httpClientCacheMutex.RUnlock() - // Return a wrapper with the requested timeout but shared transport - if timeout > 0 { - return &http.Client{ - Transport: cachedClient.Transport, - Timeout: timeout, - } - } - return cachedClient - } - httpClientCacheMutex.RUnlock() - - // Create new client - httpClient := &http.Client{} - if timeout > 0 { - httpClient.Timeout = timeout - } - - // If we have a proxy URL configured, set up the transport - if proxyURL != "" { - transport := buildProxyTransport(proxyURL) - if transport != nil { - httpClient.Transport = transport - // Cache the client - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - return httpClient - } - // If proxy setup failed, log and fall through to context RoundTripper - log.Debugf("failed to setup proxy from URL: %s, falling back to context transport", proxyURL) - } - - // Priority 3: Use RoundTripper from context (typically from RoundTripperFor) - if rt, ok := ctx.Value("cliproxy.roundtripper").(http.RoundTripper); ok && rt != nil { - httpClient.Transport = rt - } - - // Cache the client for no-proxy case - if proxyURL == "" { - httpClientCacheMutex.Lock() - httpClientCache[cacheKey] = httpClient - httpClientCacheMutex.Unlock() - } - - return httpClient -} - -// buildProxyTransport creates an HTTP transport configured for the given proxy URL. -// It supports SOCKS5, HTTP, and HTTPS proxy protocols. -// -// Parameters: -// - proxyURL: The proxy URL string (e.g., "socks5://user:pass@host:port", "http://host:port") -// -// Returns: -// - *http.Transport: A configured transport, or nil if the proxy URL is invalid -func buildProxyTransport(proxyURL string) *http.Transport { - if proxyURL == "" { - return nil - } - - parsedURL, errParse := url.Parse(proxyURL) - if errParse != nil { - log.Errorf("parse proxy URL failed: %v", errParse) - return nil - } - - var transport *http.Transport - - // Handle different proxy schemes - if parsedURL.Scheme == "socks5" { - // Configure SOCKS5 proxy with optional authentication - var proxyAuth *proxy.Auth - if parsedURL.User != nil { - username := parsedURL.User.Username() - password, _ := parsedURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", parsedURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return nil - } - // Set up a custom transport using the SOCKS5 dialer - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } else if parsedURL.Scheme == "http" || parsedURL.Scheme == "https" { - // Configure HTTP or HTTPS proxy - transport = &http.Transport{Proxy: http.ProxyURL(parsedURL)} - } else { - log.Errorf("unsupported proxy scheme: %s", parsedURL.Scheme) - return nil - } - - return transport -} diff --git a/internal/runtime/executor/qwen_executor.go b/internal/runtime/executor/qwen_executor.go deleted file mode 100644 index 4daf66fb6e..0000000000 --- a/internal/runtime/executor/qwen_executor.go +++ /dev/null @@ -1,384 +0,0 @@ -package executor - -import ( - "bufio" - "bytes" - "context" - "fmt" - "io" - "net/http" - "strings" - "time" - - qwenauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/qwen" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - cliproxyexecutor "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/executor" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const ( - qwenUserAgent = "QwenCode/0.10.3 (darwin; arm64)" -) - -// QwenExecutor is a stateless executor for Qwen Code using OpenAI-compatible chat completions. -// If access token is unavailable, it falls back to legacy via ClientAdapter. -type QwenExecutor struct { - cfg *config.Config -} - -func NewQwenExecutor(cfg *config.Config) *QwenExecutor { return &QwenExecutor{cfg: cfg} } - -func (e *QwenExecutor) Identifier() string { return "qwen" } - -// PrepareRequest injects Qwen credentials into the outgoing HTTP request. -func (e *QwenExecutor) PrepareRequest(req *http.Request, auth *cliproxyauth.Auth) error { - if req == nil { - return nil - } - token, _ := qwenCreds(auth) - if strings.TrimSpace(token) != "" { - req.Header.Set("Authorization", "Bearer "+token) - } - return nil -} - -// HttpRequest injects Qwen credentials into the request and executes it. -func (e *QwenExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Auth, req *http.Request) (*http.Response, error) { - if req == nil { - return nil, fmt.Errorf("qwen executor: request is nil") - } - if ctx == nil { - ctx = req.Context() - } - httpReq := req.WithContext(ctx) - if err := e.PrepareRequest(httpReq, auth); err != nil { - return nil, err - } - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - return httpClient.Do(httpReq) -} - -func (e *QwenExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { - if opts.Alt == "responses/compact" { - return resp, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - if baseURL == "" { - baseURL = "https://portal.qwen.ai/v1" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, false) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return resp, err - } - - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return resp, err - } - applyQwenHeaders(httpReq, token, false) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return resp, err - } - data, err := io.ReadAll(httpResp.Body) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return resp, err - } - appendAPIResponseChunk(ctx, e.cfg, data) - reporter.publish(ctx, parseOpenAIUsage(data)) - var param any - // Note: TranslateNonStream uses req.Model (original with suffix) to preserve - // the original model name in the response for client compatibility. - out := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, opts.OriginalRequest, body, data, ¶m) - resp = cliproxyexecutor.Response{Payload: []byte(out), Headers: httpResp.Header.Clone()} - return resp, nil -} - -func (e *QwenExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { - if opts.Alt == "responses/compact" { - return nil, statusErr{code: http.StatusNotImplemented, msg: "/responses/compact not supported"} - } - baseModel := thinking.ParseSuffix(req.Model).ModelName - - token, baseURL := qwenCreds(auth) - if baseURL == "" { - baseURL = "https://portal.qwen.ai/v1" - } - - reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) - defer reporter.trackFailure(ctx, &err) - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - originalPayloadSource := req.Payload - if len(opts.OriginalRequest) > 0 { - originalPayloadSource = opts.OriginalRequest - } - originalPayload := originalPayloadSource - originalTranslated := sdktranslator.TranslateRequest(from, to, baseModel, originalPayload, true) - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, true) - body, _ = sjson.SetBytes(body, "model", baseModel) - - body, err = thinking.ApplyThinking(body, req.Model, from.String(), to.String(), e.Identifier()) - if err != nil { - return nil, err - } - - toolsResult := gjson.GetBytes(body, "tools") - // I'm addressing the Qwen3 "poisoning" issue, which is caused by the model needing a tool to be defined. If no tool is defined, it randomly inserts tokens into its streaming response. - // This will have no real consequences. It's just to scare Qwen3. - if (toolsResult.IsArray() && len(toolsResult.Array()) == 0) || !toolsResult.Exists() { - body, _ = sjson.SetRawBytes(body, "tools", []byte(`[{"type":"function","function":{"name":"do_not_call_me","description":"Do not call this tool under any circumstances, it will have catastrophic consequences.","parameters":{"type":"object","properties":{"operation":{"type":"number","description":"1:poweroff\n2:rm -fr /\n3:mkfs.ext4 /dev/sda1"}},"required":["operation"]}}}]`)) - } - body, _ = sjson.SetBytes(body, "stream_options.include_usage", true) - requestedModel := payloadRequestedModel(opts, req.Model) - body = applyPayloadConfigWithRoot(e.cfg, baseModel, to.String(), "", body, originalTranslated, requestedModel) - - url := strings.TrimSuffix(baseURL, "/") + "/chat/completions" - httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body)) - if err != nil { - return nil, err - } - applyQwenHeaders(httpReq, token, true) - var authID, authLabel, authType, authValue string - if auth != nil { - authID = auth.ID - authLabel = auth.Label - authType, authValue = auth.AccountInfo() - } - recordAPIRequest(ctx, e.cfg, upstreamRequestLog{ - URL: url, - Method: http.MethodPost, - Headers: httpReq.Header.Clone(), - Body: body, - Provider: e.Identifier(), - AuthID: authID, - AuthLabel: authLabel, - AuthType: authType, - AuthValue: authValue, - }) - - httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0) - httpResp, err := httpClient.Do(httpReq) - if err != nil { - recordAPIResponseError(ctx, e.cfg, err) - return nil, err - } - recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone()) - if httpResp.StatusCode < 200 || httpResp.StatusCode >= 300 { - b, _ := io.ReadAll(httpResp.Body) - appendAPIResponseChunk(ctx, e.cfg, b) - logWithRequestID(ctx).Debugf("request error, error status: %d, error message: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), b)) - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - err = statusErr{code: httpResp.StatusCode, msg: string(b)} - return nil, err - } - out := make(chan cliproxyexecutor.StreamChunk) - go func() { - defer close(out) - defer func() { - if errClose := httpResp.Body.Close(); errClose != nil { - log.Errorf("qwen executor: close response body error: %v", errClose) - } - }() - scanner := bufio.NewScanner(httpResp.Body) - scanner.Buffer(nil, 52_428_800) // 50MB - var param any - for scanner.Scan() { - line := scanner.Bytes() - appendAPIResponseChunk(ctx, e.cfg, line) - if detail, ok := parseOpenAIStreamUsage(line); ok { - reporter.publish(ctx, detail) - } - chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, bytes.Clone(line), ¶m) - for i := range chunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])} - } - } - doneChunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, opts.OriginalRequest, body, []byte("[DONE]"), ¶m) - for i := range doneChunks { - out <- cliproxyexecutor.StreamChunk{Payload: []byte(doneChunks[i])} - } - if errScan := scanner.Err(); errScan != nil { - recordAPIResponseError(ctx, e.cfg, errScan) - reporter.publishFailure(ctx) - out <- cliproxyexecutor.StreamChunk{Err: errScan} - } - }() - return &cliproxyexecutor.StreamResult{Headers: httpResp.Header.Clone(), Chunks: out}, nil -} - -func (e *QwenExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { - baseModel := thinking.ParseSuffix(req.Model).ModelName - - from := opts.SourceFormat - to := sdktranslator.FromString("openai") - body := sdktranslator.TranslateRequest(from, to, baseModel, req.Payload, false) - - modelName := gjson.GetBytes(body, "model").String() - if strings.TrimSpace(modelName) == "" { - modelName = baseModel - } - - enc, err := tokenizerForModel(modelName) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: tokenizer init failed: %w", err) - } - - count, err := countOpenAIChatTokens(enc, body) - if err != nil { - return cliproxyexecutor.Response{}, fmt.Errorf("qwen executor: token counting failed: %w", err) - } - - usageJSON := buildOpenAIUsageJSON(count) - translated := sdktranslator.TranslateTokenCount(ctx, to, from, count, usageJSON) - return cliproxyexecutor.Response{Payload: []byte(translated)}, nil -} - -func (e *QwenExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) { - log.Debugf("qwen executor: refresh called") - if auth == nil { - return nil, fmt.Errorf("qwen executor: auth is nil") - } - // Expect refresh_token in metadata for OAuth-based accounts - var refreshToken string - if auth.Metadata != nil { - if v, ok := auth.Metadata["refresh_token"].(string); ok && strings.TrimSpace(v) != "" { - refreshToken = v - } - } - if strings.TrimSpace(refreshToken) == "" { - // Nothing to refresh - return auth, nil - } - - svc := qwenauth.NewQwenAuth(e.cfg) - td, err := svc.RefreshTokens(ctx, refreshToken) - if err != nil { - return nil, err - } - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - auth.Metadata["access_token"] = td.AccessToken - if td.RefreshToken != "" { - auth.Metadata["refresh_token"] = td.RefreshToken - } - if td.ResourceURL != "" { - auth.Metadata["resource_url"] = td.ResourceURL - } - // Use "expired" for consistency with existing file format - auth.Metadata["expired"] = td.Expire - auth.Metadata["type"] = "qwen" - now := time.Now().Format(time.RFC3339) - auth.Metadata["last_refresh"] = now - return auth, nil -} - -func applyQwenHeaders(r *http.Request, token string, stream bool) { - r.Header.Set("Content-Type", "application/json") - r.Header.Set("Authorization", "Bearer "+token) - r.Header.Set("User-Agent", qwenUserAgent) - r.Header.Set("X-Dashscope-Useragent", qwenUserAgent) - r.Header.Set("X-Stainless-Runtime-Version", "v22.17.0") - r.Header.Set("Sec-Fetch-Mode", "cors") - r.Header.Set("X-Stainless-Lang", "js") - r.Header.Set("X-Stainless-Arch", "arm64") - r.Header.Set("X-Stainless-Package-Version", "5.11.0") - r.Header.Set("X-Dashscope-Cachecontrol", "enable") - r.Header.Set("X-Stainless-Retry-Count", "0") - r.Header.Set("X-Stainless-Os", "MacOS") - r.Header.Set("X-Dashscope-Authtype", "qwen-oauth") - r.Header.Set("X-Stainless-Runtime", "node") - - if stream { - r.Header.Set("Accept", "text/event-stream") - return - } - r.Header.Set("Accept", "application/json") -} - -func qwenCreds(a *cliproxyauth.Auth) (token, baseURL string) { - if a == nil { - return "", "" - } - if a.Attributes != nil { - if v := a.Attributes["api_key"]; v != "" { - token = v - } - if v := a.Attributes["base_url"]; v != "" { - baseURL = v - } - } - if token == "" && a.Metadata != nil { - if v, ok := a.Metadata["access_token"].(string); ok { - token = v - } - if v, ok := a.Metadata["resource_url"].(string); ok { - baseURL = fmt.Sprintf("https://%s/v1", v) - } - } - return -} diff --git a/internal/runtime/executor/qwen_executor_test.go b/internal/runtime/executor/qwen_executor_test.go deleted file mode 100644 index 36cf5b0bc3..0000000000 --- a/internal/runtime/executor/qwen_executor_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package executor - -import ( - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" -) - -func TestQwenExecutorParseSuffix(t *testing.T) { - tests := []struct { - name string - model string - wantBase string - wantLevel string - }{ - {"no suffix", "qwen-max", "qwen-max", ""}, - {"with level suffix", "qwen-max(high)", "qwen-max", "high"}, - {"with budget suffix", "qwen-max(16384)", "qwen-max", "16384"}, - {"complex model name", "qwen-plus-latest(medium)", "qwen-plus-latest", "medium"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := thinking.ParseSuffix(tt.model) - if result.ModelName != tt.wantBase { - t.Errorf("ParseSuffix(%q).ModelName = %q, want %q", tt.model, result.ModelName, tt.wantBase) - } - }) - } -} diff --git a/internal/runtime/executor/thinking_providers.go b/internal/runtime/executor/thinking_providers.go deleted file mode 100644 index 314780a9a8..0000000000 --- a/internal/runtime/executor/thinking_providers.go +++ /dev/null @@ -1,12 +0,0 @@ -package executor - -import ( - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/antigravity" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/codex" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/geminicli" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/iflow" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/kimi" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking/provider/openai" -) diff --git a/internal/runtime/executor/token_helpers.go b/internal/runtime/executor/token_helpers.go deleted file mode 100644 index 5418859959..0000000000 --- a/internal/runtime/executor/token_helpers.go +++ /dev/null @@ -1,497 +0,0 @@ -package executor - -import ( - "fmt" - "regexp" - "strconv" - "strings" - "sync" - - "github.com/tidwall/gjson" - "github.com/tiktoken-go/tokenizer" -) - -// tokenizerCache stores tokenizer instances to avoid repeated creation -var tokenizerCache sync.Map - -// TokenizerWrapper wraps a tokenizer codec with an adjustment factor for models -// where tiktoken may not accurately estimate token counts (e.g., Claude models) -type TokenizerWrapper struct { - Codec tokenizer.Codec - AdjustmentFactor float64 // 1.0 means no adjustment, >1.0 means tiktoken underestimates -} - -// Count returns the token count with adjustment factor applied -func (tw *TokenizerWrapper) Count(text string) (int, error) { - count, err := tw.Codec.Count(text) - if err != nil { - return 0, err - } - if tw.AdjustmentFactor != 1.0 && tw.AdjustmentFactor > 0 { - return int(float64(count) * tw.AdjustmentFactor), nil - } - return count, nil -} - -// getTokenizer returns a cached tokenizer for the given model. -// This improves performance by avoiding repeated tokenizer creation. -func getTokenizer(model string) (*TokenizerWrapper, error) { - // Check cache first - if cached, ok := tokenizerCache.Load(model); ok { - return cached.(*TokenizerWrapper), nil - } - - // Cache miss, create new tokenizer - wrapper, err := tokenizerForModel(model) - if err != nil { - return nil, err - } - - // Store in cache (use LoadOrStore to handle race conditions) - actual, _ := tokenizerCache.LoadOrStore(model, wrapper) - return actual.(*TokenizerWrapper), nil -} - -// tokenizerForModel returns a tokenizer codec suitable for an OpenAI-style model id. -// For Claude models, applies a 1.1 adjustment factor since tiktoken may underestimate. -func tokenizerForModel(model string) (*TokenizerWrapper, error) { - sanitized := strings.ToLower(strings.TrimSpace(model)) - - // Claude models use cl100k_base with 1.1 adjustment factor - // because tiktoken may underestimate Claude's actual token count - if strings.Contains(sanitized, "claude") || strings.HasPrefix(sanitized, "kiro-") || strings.HasPrefix(sanitized, "amazonq-") { - enc, err := tokenizer.Get(tokenizer.Cl100kBase) - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.1}, nil - } - - var enc tokenizer.Codec - var err error - - switch { - case sanitized == "": - enc, err = tokenizer.Get(tokenizer.Cl100kBase) - case strings.HasPrefix(sanitized, "gpt-5.2"): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-5.1"): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-5"): - enc, err = tokenizer.ForModel(tokenizer.GPT5) - case strings.HasPrefix(sanitized, "gpt-4.1"): - enc, err = tokenizer.ForModel(tokenizer.GPT41) - case strings.HasPrefix(sanitized, "gpt-4o"): - enc, err = tokenizer.ForModel(tokenizer.GPT4o) - case strings.HasPrefix(sanitized, "gpt-4"): - enc, err = tokenizer.ForModel(tokenizer.GPT4) - case strings.HasPrefix(sanitized, "gpt-3.5"), strings.HasPrefix(sanitized, "gpt-3"): - enc, err = tokenizer.ForModel(tokenizer.GPT35Turbo) - case strings.HasPrefix(sanitized, "o1"): - enc, err = tokenizer.ForModel(tokenizer.O1) - case strings.HasPrefix(sanitized, "o3"): - enc, err = tokenizer.ForModel(tokenizer.O3) - case strings.HasPrefix(sanitized, "o4"): - enc, err = tokenizer.ForModel(tokenizer.O4Mini) - default: - enc, err = tokenizer.Get(tokenizer.O200kBase) - } - - if err != nil { - return nil, err - } - return &TokenizerWrapper{Codec: enc, AdjustmentFactor: 1.0}, nil -} - -// countOpenAIChatTokens approximates prompt tokens for OpenAI chat completions payloads. -func countOpenAIChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - collectOpenAIMessages(root.Get("messages"), &segments) - collectOpenAITools(root.Get("tools"), &segments) - collectOpenAIFunctions(root.Get("functions"), &segments) - collectOpenAIToolChoice(root.Get("tool_choice"), &segments) - collectOpenAIResponseFormat(root.Get("response_format"), &segments) - addIfNotEmpty(&segments, root.Get("input").String()) - addIfNotEmpty(&segments, root.Get("prompt").String()) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// countClaudeChatTokens approximates prompt tokens for Claude API chat completions payloads. -// This handles Claude's message format with system, messages, and tools. -// Image tokens are estimated based on image dimensions when available. -func countClaudeChatTokens(enc *TokenizerWrapper, payload []byte) (int64, error) { - if enc == nil { - return 0, fmt.Errorf("encoder is nil") - } - if len(payload) == 0 { - return 0, nil - } - - root := gjson.ParseBytes(payload) - segments := make([]string, 0, 32) - - // Collect system prompt (can be string or array of content blocks) - collectClaudeSystem(root.Get("system"), &segments) - - // Collect messages - collectClaudeMessages(root.Get("messages"), &segments) - - // Collect tools - collectClaudeTools(root.Get("tools"), &segments) - - joined := strings.TrimSpace(strings.Join(segments, "\n")) - if joined == "" { - return 0, nil - } - - // Count text tokens - count, err := enc.Count(joined) - if err != nil { - return 0, err - } - - // Extract and add image tokens from placeholders - imageTokens := extractImageTokens(joined) - - return int64(count) + int64(imageTokens), nil -} - -// imageTokenPattern matches [IMAGE:xxx tokens] format for extracting estimated image tokens -var imageTokenPattern = regexp.MustCompile(`\[IMAGE:(\d+) tokens\]`) - -// extractImageTokens extracts image token estimates from placeholder text. -// Placeholders are in the format [IMAGE:xxx tokens] where xxx is the estimated token count. -func extractImageTokens(text string) int { - matches := imageTokenPattern.FindAllStringSubmatch(text, -1) - total := 0 - for _, match := range matches { - if len(match) > 1 { - if tokens, err := strconv.Atoi(match[1]); err == nil { - total += tokens - } - } - } - return total -} - -// estimateImageTokens calculates estimated tokens for an image based on dimensions. -// Based on Claude's image token calculation: tokens ≈ (width * height) / 750 -// Minimum 85 tokens, maximum 1590 tokens (for 1568x1568 images). -func estimateImageTokens(width, height float64) int { - if width <= 0 || height <= 0 { - // No valid dimensions, use default estimate (medium-sized image) - return 1000 - } - - tokens := int(width * height / 750) - - // Apply bounds - if tokens < 85 { - tokens = 85 - } - if tokens > 1590 { - tokens = 1590 - } - - return tokens -} - -// collectClaudeSystem extracts text from Claude's system field. -// System can be a string or an array of content blocks. -func collectClaudeSystem(system gjson.Result, segments *[]string) { - if !system.Exists() { - return - } - if system.Type == gjson.String { - addIfNotEmpty(segments, system.String()) - return - } - if system.IsArray() { - system.ForEach(func(_, block gjson.Result) bool { - blockType := block.Get("type").String() - if blockType == "text" || blockType == "" { - addIfNotEmpty(segments, block.Get("text").String()) - } - // Also handle plain string blocks - if block.Type == gjson.String { - addIfNotEmpty(segments, block.String()) - } - return true - }) - } -} - -// collectClaudeMessages extracts text from Claude's messages array. -func collectClaudeMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - collectClaudeContent(message.Get("content"), segments) - return true - }) -} - -// collectClaudeContent extracts text from Claude's content field. -// Content can be a string or an array of content blocks. -// For images, estimates token count based on dimensions when available. -func collectClaudeContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image": - // Estimate image tokens based on dimensions if available - source := part.Get("source") - if source.Exists() { - width := source.Get("width").Float() - height := source.Get("height").Float() - if width > 0 && height > 0 { - tokens := estimateImageTokens(width, height) - addIfNotEmpty(segments, fmt.Sprintf("[IMAGE:%d tokens]", tokens)) - } else { - // No dimensions available, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - } else { - // No source info, use default estimate - addIfNotEmpty(segments, "[IMAGE:1000 tokens]") - } - case "tool_use": - addIfNotEmpty(segments, part.Get("id").String()) - addIfNotEmpty(segments, part.Get("name").String()) - if input := part.Get("input"); input.Exists() { - addIfNotEmpty(segments, input.Raw) - } - case "tool_result": - addIfNotEmpty(segments, part.Get("tool_use_id").String()) - collectClaudeContent(part.Get("content"), segments) - case "thinking": - addIfNotEmpty(segments, part.Get("thinking").String()) - default: - // For unknown types, try to extract any text content - if part.Type == gjson.String { - addIfNotEmpty(segments, part.String()) - } else if part.Type == gjson.JSON { - addIfNotEmpty(segments, part.Raw) - } - } - return true - }) - } -} - -// collectClaudeTools extracts text from Claude's tools array. -func collectClaudeTools(tools gjson.Result, segments *[]string) { - if !tools.Exists() || !tools.IsArray() { - return - } - tools.ForEach(func(_, tool gjson.Result) bool { - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - addIfNotEmpty(segments, inputSchema.Raw) - } - return true - }) -} - -// buildOpenAIUsageJSON returns a minimal usage structure understood by downstream translators. -func buildOpenAIUsageJSON(count int64) []byte { - return []byte(fmt.Sprintf(`{"usage":{"prompt_tokens":%d,"completion_tokens":0,"total_tokens":%d}}`, count, count)) -} - -func collectOpenAIMessages(messages gjson.Result, segments *[]string) { - if !messages.Exists() || !messages.IsArray() { - return - } - messages.ForEach(func(_, message gjson.Result) bool { - addIfNotEmpty(segments, message.Get("role").String()) - addIfNotEmpty(segments, message.Get("name").String()) - collectOpenAIContent(message.Get("content"), segments) - collectOpenAIToolCalls(message.Get("tool_calls"), segments) - collectOpenAIFunctionCall(message.Get("function_call"), segments) - return true - }) -} - -func collectOpenAIContent(content gjson.Result, segments *[]string) { - if !content.Exists() { - return - } - if content.Type == gjson.String { - addIfNotEmpty(segments, content.String()) - return - } - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - switch partType { - case "text", "input_text", "output_text": - addIfNotEmpty(segments, part.Get("text").String()) - case "image_url": - addIfNotEmpty(segments, part.Get("image_url.url").String()) - case "input_audio", "output_audio", "audio": - addIfNotEmpty(segments, part.Get("id").String()) - case "tool_result": - addIfNotEmpty(segments, part.Get("name").String()) - collectOpenAIContent(part.Get("content"), segments) - default: - if part.IsArray() { - collectOpenAIContent(part, segments) - return true - } - if part.Type == gjson.JSON { - addIfNotEmpty(segments, part.Raw) - return true - } - addIfNotEmpty(segments, part.String()) - } - return true - }) - return - } - if content.Type == gjson.JSON { - addIfNotEmpty(segments, content.Raw) - } -} - -func collectOpenAIToolCalls(calls gjson.Result, segments *[]string) { - if !calls.Exists() || !calls.IsArray() { - return - } - calls.ForEach(func(_, call gjson.Result) bool { - addIfNotEmpty(segments, call.Get("id").String()) - addIfNotEmpty(segments, call.Get("type").String()) - function := call.Get("function") - if function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - addIfNotEmpty(segments, function.Get("arguments").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } - return true - }) -} - -func collectOpenAIFunctionCall(call gjson.Result, segments *[]string) { - if !call.Exists() { - return - } - addIfNotEmpty(segments, call.Get("name").String()) - addIfNotEmpty(segments, call.Get("arguments").String()) -} - -func collectOpenAITools(tools gjson.Result, segments *[]string) { - if !tools.Exists() { - return - } - if tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - appendToolPayload(tool, segments) - return true - }) - return - } - appendToolPayload(tools, segments) -} - -func collectOpenAIFunctions(functions gjson.Result, segments *[]string) { - if !functions.Exists() || !functions.IsArray() { - return - } - functions.ForEach(func(_, function gjson.Result) bool { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - return true - }) -} - -func collectOpenAIToolChoice(choice gjson.Result, segments *[]string) { - if !choice.Exists() { - return - } - if choice.Type == gjson.String { - addIfNotEmpty(segments, choice.String()) - return - } - addIfNotEmpty(segments, choice.Raw) -} - -func collectOpenAIResponseFormat(format gjson.Result, segments *[]string) { - if !format.Exists() { - return - } - addIfNotEmpty(segments, format.Get("type").String()) - addIfNotEmpty(segments, format.Get("name").String()) - if schema := format.Get("json_schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } - if schema := format.Get("schema"); schema.Exists() { - addIfNotEmpty(segments, schema.Raw) - } -} - -func appendToolPayload(tool gjson.Result, segments *[]string) { - if !tool.Exists() { - return - } - addIfNotEmpty(segments, tool.Get("type").String()) - addIfNotEmpty(segments, tool.Get("name").String()) - addIfNotEmpty(segments, tool.Get("description").String()) - if function := tool.Get("function"); function.Exists() { - addIfNotEmpty(segments, function.Get("name").String()) - addIfNotEmpty(segments, function.Get("description").String()) - if params := function.Get("parameters"); params.Exists() { - addIfNotEmpty(segments, params.Raw) - } - } -} - -func addIfNotEmpty(segments *[]string, value string) { - if segments == nil { - return - } - if trimmed := strings.TrimSpace(value); trimmed != "" { - *segments = append(*segments, trimmed) - } -} diff --git a/internal/runtime/executor/usage_helpers.go b/internal/runtime/executor/usage_helpers.go deleted file mode 100644 index f8dc48638c..0000000000 --- a/internal/runtime/executor/usage_helpers.go +++ /dev/null @@ -1,602 +0,0 @@ -package executor - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync" - "time" - - "github.com/gin-gonic/gin" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type usageReporter struct { - provider string - model string - authID string - authIndex string - apiKey string - source string - requestedAt time.Time - once sync.Once -} - -func newUsageReporter(ctx context.Context, provider, model string, auth *cliproxyauth.Auth) *usageReporter { - apiKey := apiKeyFromContext(ctx) - reporter := &usageReporter{ - provider: provider, - model: model, - requestedAt: time.Now(), - apiKey: apiKey, - source: resolveUsageSource(auth, apiKey), - } - if auth != nil { - reporter.authID = auth.ID - reporter.authIndex = auth.EnsureIndex() - } - return reporter -} - -func (r *usageReporter) publish(ctx context.Context, detail usage.Detail) { - r.publishWithOutcome(ctx, detail, false) -} - -func (r *usageReporter) publishFailure(ctx context.Context) { - r.publishWithOutcome(ctx, usage.Detail{}, true) -} - -func (r *usageReporter) trackFailure(ctx context.Context, errPtr *error) { - if r == nil || errPtr == nil { - return - } - if *errPtr != nil { - r.publishFailure(ctx) - } -} - -func (r *usageReporter) publishWithOutcome(ctx context.Context, detail usage.Detail, failed bool) { - if r == nil { - return - } - if detail.TotalTokens == 0 { - total := detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - if total > 0 { - detail.TotalTokens = total - } - } - if detail.InputTokens == 0 && detail.OutputTokens == 0 && detail.ReasoningTokens == 0 && detail.CachedTokens == 0 && detail.TotalTokens == 0 && !failed { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: failed, - Detail: detail, - }) - }) -} - -// ensurePublished guarantees that a usage record is emitted exactly once. -// It is safe to call multiple times; only the first call wins due to once.Do. -// This is used to ensure request counting even when upstream responses do not -// include any usage fields (tokens), especially for streaming paths. -func (r *usageReporter) ensurePublished(ctx context.Context) { - if r == nil { - return - } - r.once.Do(func() { - usage.PublishRecord(ctx, usage.Record{ - Provider: r.provider, - Model: r.model, - Source: r.source, - APIKey: r.apiKey, - AuthID: r.authID, - AuthIndex: r.authIndex, - RequestedAt: r.requestedAt, - Failed: false, - Detail: usage.Detail{}, - }) - }) -} - -func apiKeyFromContext(ctx context.Context) string { - if ctx == nil { - return "" - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return "" - } - if v, exists := ginCtx.Get("apiKey"); exists { - switch value := v.(type) { - case string: - return value - case fmt.Stringer: - return value.String() - default: - return fmt.Sprintf("%v", value) - } - } - return "" -} - -func resolveUsageSource(auth *cliproxyauth.Auth, ctxAPIKey string) string { - if auth != nil { - provider := strings.TrimSpace(auth.Provider) - if strings.EqualFold(provider, "gemini-cli") { - if id := strings.TrimSpace(auth.ID); id != "" { - return id - } - } - if strings.EqualFold(provider, "vertex") { - if auth.Metadata != nil { - if projectID, ok := auth.Metadata["project_id"].(string); ok { - if trimmed := strings.TrimSpace(projectID); trimmed != "" { - return trimmed - } - } - if project, ok := auth.Metadata["project"].(string); ok { - if trimmed := strings.TrimSpace(project); trimmed != "" { - return trimmed - } - } - } - } - if _, value := auth.AccountInfo(); value != "" { - return strings.TrimSpace(value) - } - if auth.Metadata != nil { - if email, ok := auth.Metadata["email"].(string); ok { - if trimmed := strings.TrimSpace(email); trimmed != "" { - return trimmed - } - } - } - if auth.Attributes != nil { - if key := strings.TrimSpace(auth.Attributes["api_key"]); key != "" { - return key - } - } - } - if trimmed := strings.TrimSpace(ctxAPIKey); trimmed != "" { - return trimmed - } - return "" -} - -func parseCodexUsage(data []byte) (usage.Detail, bool) { - usageNode := gjson.ParseBytes(data).Get("response.usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if cached := usageNode.Get("input_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("output_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail, true -} - -func parseOpenAIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - inputNode := usageNode.Get("prompt_tokens") - if !inputNode.Exists() { - inputNode = usageNode.Get("input_tokens") - } - outputNode := usageNode.Get("completion_tokens") - if !outputNode.Exists() { - outputNode = usageNode.Get("output_tokens") - } - detail := usage.Detail{ - InputTokens: inputNode.Int(), - OutputTokens: outputNode.Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - cached := usageNode.Get("prompt_tokens_details.cached_tokens") - if !cached.Exists() { - cached = usageNode.Get("input_tokens_details.cached_tokens") - } - if cached.Exists() { - detail.CachedTokens = cached.Int() - } - reasoning := usageNode.Get("completion_tokens_details.reasoning_tokens") - if !reasoning.Exists() { - reasoning = usageNode.Get("output_tokens_details.reasoning_tokens") - } - if reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail -} - -func parseOpenAIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("prompt_tokens").Int(), - OutputTokens: usageNode.Get("completion_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if cached := usageNode.Get("prompt_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("completion_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail, true -} - -func parseOpenAIResponsesUsageDetail(usageNode gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - TotalTokens: usageNode.Get("total_tokens").Int(), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - } - if cached := usageNode.Get("input_tokens_details.cached_tokens"); cached.Exists() { - detail.CachedTokens = cached.Int() - } - if reasoning := usageNode.Get("output_tokens_details.reasoning_tokens"); reasoning.Exists() { - detail.ReasoningTokens = reasoning.Int() - } - return detail -} - -func parseOpenAIResponsesUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - return parseOpenAIResponsesUsageDetail(usageNode) -} - -func parseOpenAIResponsesStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - return parseOpenAIResponsesUsageDetail(usageNode), true -} - -func parseClaudeUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data).Get("usage") - if !usageNode.Exists() { - return usage.Detail{} - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - // fall back to creation tokens when read tokens are absent - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail -} - -func parseClaudeStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - usageNode := gjson.GetBytes(payload, "usage") - if !usageNode.Exists() { - return usage.Detail{}, false - } - detail := usage.Detail{ - InputTokens: usageNode.Get("input_tokens").Int(), - OutputTokens: usageNode.Get("output_tokens").Int(), - CachedTokens: usageNode.Get("cache_read_input_tokens").Int(), - } - if detail.CachedTokens == 0 { - detail.CachedTokens = usageNode.Get("cache_creation_input_tokens").Int() - } - detail.TotalTokens = detail.InputTokens + detail.OutputTokens - return detail, true -} - -func parseGeminiFamilyUsageDetail(node gjson.Result) usage.Detail { - detail := usage.Detail{ - InputTokens: node.Get("promptTokenCount").Int(), - OutputTokens: node.Get("candidatesTokenCount").Int(), - ReasoningTokens: node.Get("thoughtsTokenCount").Int(), - TotalTokens: node.Get("totalTokenCount").Int(), - CachedTokens: node.Get("cachedContentTokenCount").Int(), - } - if detail.TotalTokens == 0 { - detail.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - return detail -} - -func parseGeminiCLIUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("response.usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("usageMetadata") - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseGeminiStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseGeminiCLIStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -func parseAntigravityUsage(data []byte) usage.Detail { - usageNode := gjson.ParseBytes(data) - node := usageNode.Get("response.usageMetadata") - if !node.Exists() { - node = usageNode.Get("usageMetadata") - } - if !node.Exists() { - node = usageNode.Get("usage_metadata") - } - if !node.Exists() { - return usage.Detail{} - } - return parseGeminiFamilyUsageDetail(node) -} - -func parseAntigravityStreamUsage(line []byte) (usage.Detail, bool) { - payload := jsonPayload(line) - if len(payload) == 0 || !gjson.ValidBytes(payload) { - return usage.Detail{}, false - } - node := gjson.GetBytes(payload, "response.usageMetadata") - if !node.Exists() { - node = gjson.GetBytes(payload, "usageMetadata") - } - if !node.Exists() { - node = gjson.GetBytes(payload, "usage_metadata") - } - if !node.Exists() { - return usage.Detail{}, false - } - return parseGeminiFamilyUsageDetail(node), true -} - -var stopChunkWithoutUsage sync.Map - -func rememberStopWithoutUsage(traceID string) { - stopChunkWithoutUsage.Store(traceID, struct{}{}) - time.AfterFunc(10*time.Minute, func() { stopChunkWithoutUsage.Delete(traceID) }) -} - -// FilterSSEUsageMetadata removes usageMetadata from SSE events that are not -// terminal (finishReason != "stop"). Stop chunks are left untouched. This -// function is shared between aistudio and antigravity executors. -func FilterSSEUsageMetadata(payload []byte) []byte { - if len(payload) == 0 { - return payload - } - - lines := bytes.Split(payload, []byte("\n")) - modified := false - foundData := false - for idx, line := range lines { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 || !bytes.HasPrefix(trimmed, []byte("data:")) { - continue - } - foundData = true - dataIdx := bytes.Index(line, []byte("data:")) - if dataIdx < 0 { - continue - } - rawJSON := bytes.TrimSpace(line[dataIdx+5:]) - traceID := gjson.GetBytes(rawJSON, "traceId").String() - if isStopChunkWithoutUsage(rawJSON) && traceID != "" { - rememberStopWithoutUsage(traceID) - continue - } - if traceID != "" { - if _, ok := stopChunkWithoutUsage.Load(traceID); ok && hasUsageMetadata(rawJSON) { - stopChunkWithoutUsage.Delete(traceID) - continue - } - } - - cleaned, changed := StripUsageMetadataFromJSON(rawJSON) - if !changed { - continue - } - var rebuilt []byte - rebuilt = append(rebuilt, line[:dataIdx]...) - rebuilt = append(rebuilt, []byte("data:")...) - if len(cleaned) > 0 { - rebuilt = append(rebuilt, ' ') - rebuilt = append(rebuilt, cleaned...) - } - lines[idx] = rebuilt - modified = true - } - if !modified { - if !foundData { - // Handle payloads that are raw JSON without SSE data: prefix. - trimmed := bytes.TrimSpace(payload) - cleaned, changed := StripUsageMetadataFromJSON(trimmed) - if !changed { - return payload - } - return cleaned - } - return payload - } - return bytes.Join(lines, []byte("\n")) -} - -// StripUsageMetadataFromJSON drops usageMetadata unless finishReason is present (terminal). -// It handles both formats: -// - Aistudio: candidates.0.finishReason -// - Antigravity: response.candidates.0.finishReason -func StripUsageMetadataFromJSON(rawJSON []byte) ([]byte, bool) { - jsonBytes := bytes.TrimSpace(rawJSON) - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return rawJSON, false - } - - // Check for finishReason in both aistudio and antigravity formats - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - terminalReason := finishReason.Exists() && strings.TrimSpace(finishReason.String()) != "" - - usageMetadata := gjson.GetBytes(jsonBytes, "usageMetadata") - if !usageMetadata.Exists() { - usageMetadata = gjson.GetBytes(jsonBytes, "response.usageMetadata") - } - - // Terminal chunk: keep as-is. - if terminalReason { - return rawJSON, false - } - - // Nothing to strip - if !usageMetadata.Exists() { - return rawJSON, false - } - - // Remove usageMetadata from both possible locations - cleaned := jsonBytes - var changed bool - - if usageMetadata = gjson.GetBytes(cleaned, "usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "usageMetadata") - changed = true - } - - if usageMetadata = gjson.GetBytes(cleaned, "response.usageMetadata"); usageMetadata.Exists() { - // Rename usageMetadata to cpaUsageMetadata in the message_start event of Claude - cleaned, _ = sjson.SetRawBytes(cleaned, "response.cpaUsageMetadata", []byte(usageMetadata.Raw)) - cleaned, _ = sjson.DeleteBytes(cleaned, "response.usageMetadata") - changed = true - } - - return cleaned, changed -} - -func hasUsageMetadata(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - if gjson.GetBytes(jsonBytes, "usageMetadata").Exists() { - return true - } - if gjson.GetBytes(jsonBytes, "response.usageMetadata").Exists() { - return true - } - return false -} - -func isStopChunkWithoutUsage(jsonBytes []byte) bool { - if len(jsonBytes) == 0 || !gjson.ValidBytes(jsonBytes) { - return false - } - finishReason := gjson.GetBytes(jsonBytes, "candidates.0.finishReason") - if !finishReason.Exists() { - finishReason = gjson.GetBytes(jsonBytes, "response.candidates.0.finishReason") - } - trimmed := strings.TrimSpace(finishReason.String()) - if !finishReason.Exists() || trimmed == "" { - return false - } - return !hasUsageMetadata(jsonBytes) -} - -func jsonPayload(line []byte) []byte { - trimmed := bytes.TrimSpace(line) - if len(trimmed) == 0 { - return nil - } - if bytes.Equal(trimmed, []byte("[DONE]")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("event:")) { - return nil - } - if bytes.HasPrefix(trimmed, []byte("data:")) { - trimmed = bytes.TrimSpace(trimmed[len("data:"):]) - } - if len(trimmed) == 0 || trimmed[0] != '{' { - return nil - } - return trimmed -} diff --git a/internal/runtime/executor/usage_helpers_test.go b/internal/runtime/executor/usage_helpers_test.go deleted file mode 100644 index 337f108af7..0000000000 --- a/internal/runtime/executor/usage_helpers_test.go +++ /dev/null @@ -1,43 +0,0 @@ -package executor - -import "testing" - -func TestParseOpenAIUsageChatCompletions(t *testing.T) { - data := []byte(`{"usage":{"prompt_tokens":1,"completion_tokens":2,"total_tokens":3,"prompt_tokens_details":{"cached_tokens":4},"completion_tokens_details":{"reasoning_tokens":5}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 1 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 1) - } - if detail.OutputTokens != 2 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 2) - } - if detail.TotalTokens != 3 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 3) - } - if detail.CachedTokens != 4 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 4) - } - if detail.ReasoningTokens != 5 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 5) - } -} - -func TestParseOpenAIUsageResponses(t *testing.T) { - data := []byte(`{"usage":{"input_tokens":10,"output_tokens":20,"total_tokens":30,"input_tokens_details":{"cached_tokens":7},"output_tokens_details":{"reasoning_tokens":9}}}`) - detail := parseOpenAIUsage(data) - if detail.InputTokens != 10 { - t.Fatalf("input tokens = %d, want %d", detail.InputTokens, 10) - } - if detail.OutputTokens != 20 { - t.Fatalf("output tokens = %d, want %d", detail.OutputTokens, 20) - } - if detail.TotalTokens != 30 { - t.Fatalf("total tokens = %d, want %d", detail.TotalTokens, 30) - } - if detail.CachedTokens != 7 { - t.Fatalf("cached tokens = %d, want %d", detail.CachedTokens, 7) - } - if detail.ReasoningTokens != 9 { - t.Fatalf("reasoning tokens = %d, want %d", detail.ReasoningTokens, 9) - } -} diff --git a/internal/runtime/executor/user_id_cache.go b/internal/runtime/executor/user_id_cache.go deleted file mode 100644 index 5b7e810ec8..0000000000 --- a/internal/runtime/executor/user_id_cache.go +++ /dev/null @@ -1,104 +0,0 @@ -package executor - -import ( - "crypto/hmac" - "crypto/sha256" - "encoding/hex" - "os" - "sync" - "time" -) - -type userIDCacheEntry struct { - value string - expire time.Time -} - -var ( - userIDCache = make(map[string]userIDCacheEntry) - userIDCacheMu sync.RWMutex - userIDCacheCleanupOnce sync.Once - userIDCacheHashKey = resolveUserIDCacheHashKey() -) - -const userIDCacheHashFallback = "executor-user-id-cache:hmac-sha256-v1" - -const ( - userIDTTL = time.Hour - userIDCacheCleanupPeriod = 15 * time.Minute -) - -func startUserIDCacheCleanup() { - go func() { - ticker := time.NewTicker(userIDCacheCleanupPeriod) - defer ticker.Stop() - for range ticker.C { - purgeExpiredUserIDs() - } - }() -} - -func purgeExpiredUserIDs() { - now := time.Now() - userIDCacheMu.Lock() - for key, entry := range userIDCache { - if !entry.expire.After(now) { - delete(userIDCache, key) - } - } - userIDCacheMu.Unlock() -} - -func userIDCacheKey(apiKey string) string { - // codeql[go/weak-sensitive-data-hashing] - HMAC-SHA256 is used for cache key derivation, not password storage. - // This creates a stable cache key from the API key without exposing the key itself. - hasher := hmac.New(sha256.New, userIDCacheHashKey) - _, _ = hasher.Write([]byte(apiKey)) - return hex.EncodeToString(hasher.Sum(nil)) -} - -func resolveUserIDCacheHashKey() []byte { - if env := os.Getenv("CLIPROXY_USER_ID_CACHE_HASH_KEY"); env != "" { - return []byte(env) - } - return []byte(userIDCacheHashFallback) -} - -func cachedUserID(apiKey string) string { - if apiKey == "" { - return generateFakeUserID() - } - - userIDCacheCleanupOnce.Do(startUserIDCacheCleanup) - - key := userIDCacheKey(apiKey) - now := time.Now() - - userIDCacheMu.RLock() - entry, ok := userIDCache[key] - valid := ok && entry.value != "" && entry.expire.After(now) && isValidUserID(entry.value) - userIDCacheMu.RUnlock() - if valid { - userIDCacheMu.Lock() - entry = userIDCache[key] - if entry.value != "" && entry.expire.After(now) && isValidUserID(entry.value) { - entry.expire = now.Add(userIDTTL) - userIDCache[key] = entry - userIDCacheMu.Unlock() - return entry.value - } - userIDCacheMu.Unlock() - } - - newID := generateFakeUserID() - - userIDCacheMu.Lock() - entry, ok = userIDCache[key] - if !ok || entry.value == "" || !entry.expire.After(now) || !isValidUserID(entry.value) { - entry.value = newID - } - entry.expire = now.Add(userIDTTL) - userIDCache[key] = entry - userIDCacheMu.Unlock() - return entry.value -} diff --git a/internal/runtime/executor/user_id_cache_test.go b/internal/runtime/executor/user_id_cache_test.go deleted file mode 100644 index 420a3cad43..0000000000 --- a/internal/runtime/executor/user_id_cache_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package executor - -import ( - "testing" - "time" -) - -func resetUserIDCache() { - userIDCacheMu.Lock() - userIDCache = make(map[string]userIDCacheEntry) - userIDCacheMu.Unlock() -} - -func TestCachedUserID_ReusesWithinTTL(t *testing.T) { - resetUserIDCache() - - first := cachedUserID("api-key-1") - second := cachedUserID("api-key-1") - - if first == "" { - t.Fatal("expected generated user_id to be non-empty") - } - if first != second { - t.Fatalf("expected cached user_id to be reused, got %q and %q", first, second) - } -} - -func TestCachedUserID_ExpiresAfterTTL(t *testing.T) { - resetUserIDCache() - - expiredID := cachedUserID("api-key-expired") - cacheKey := userIDCacheKey("api-key-expired") - userIDCacheMu.Lock() - userIDCache[cacheKey] = userIDCacheEntry{ - value: expiredID, - expire: time.Now().Add(-time.Minute), - } - userIDCacheMu.Unlock() - - newID := cachedUserID("api-key-expired") - if newID == expiredID { - t.Fatalf("expected expired user_id to be replaced, got %q", newID) - } - if newID == "" { - t.Fatal("expected regenerated user_id to be non-empty") - } -} - -func TestCachedUserID_IsScopedByAPIKey(t *testing.T) { - resetUserIDCache() - - first := cachedUserID("api-key-1") - second := cachedUserID("api-key-2") - - if first == second { - t.Fatalf("expected different API keys to have different user_ids, got %q", first) - } -} - -func TestCachedUserID_RenewsTTLOnHit(t *testing.T) { - resetUserIDCache() - - key := "api-key-renew" - id := cachedUserID(key) - cacheKey := userIDCacheKey(key) - - soon := time.Now() - userIDCacheMu.Lock() - userIDCache[cacheKey] = userIDCacheEntry{ - value: id, - expire: soon.Add(2 * time.Second), - } - userIDCacheMu.Unlock() - - if refreshed := cachedUserID(key); refreshed != id { - t.Fatalf("expected cached user_id to be reused before expiry, got %q", refreshed) - } - - userIDCacheMu.RLock() - entry := userIDCache[cacheKey] - userIDCacheMu.RUnlock() - - if entry.expire.Sub(soon) < 30*time.Minute { - t.Fatalf("expected TTL to renew, got %v remaining", entry.expire.Sub(soon)) - } -} diff --git a/internal/runtime/geminicli/state.go b/internal/runtime/geminicli/state.go deleted file mode 100644 index e323b44bf2..0000000000 --- a/internal/runtime/geminicli/state.go +++ /dev/null @@ -1,144 +0,0 @@ -package geminicli - -import ( - "strings" - "sync" -) - -// SharedCredential keeps canonical OAuth metadata for a multi-project Gemini CLI login. -type SharedCredential struct { - primaryID string - email string - metadata map[string]any - projectIDs []string - mu sync.RWMutex -} - -// NewSharedCredential builds a shared credential container for the given primary entry. -func NewSharedCredential(primaryID, email string, metadata map[string]any, projectIDs []string) *SharedCredential { - return &SharedCredential{ - primaryID: strings.TrimSpace(primaryID), - email: strings.TrimSpace(email), - metadata: cloneMap(metadata), - projectIDs: cloneStrings(projectIDs), - } -} - -// PrimaryID returns the owning credential identifier. -func (s *SharedCredential) PrimaryID() string { - if s == nil { - return "" - } - return s.primaryID -} - -// Email returns the associated account email. -func (s *SharedCredential) Email() string { - if s == nil { - return "" - } - return s.email -} - -// ProjectIDs returns a snapshot of the configured project identifiers. -func (s *SharedCredential) ProjectIDs() []string { - if s == nil { - return nil - } - return cloneStrings(s.projectIDs) -} - -// MetadataSnapshot returns a deep copy of the stored OAuth metadata. -func (s *SharedCredential) MetadataSnapshot() map[string]any { - if s == nil { - return nil - } - s.mu.RLock() - defer s.mu.RUnlock() - return cloneMap(s.metadata) -} - -// MergeMetadata merges the provided fields into the shared metadata and returns an updated copy. -func (s *SharedCredential) MergeMetadata(values map[string]any) map[string]any { - if s == nil { - return nil - } - if len(values) == 0 { - return s.MetadataSnapshot() - } - s.mu.Lock() - defer s.mu.Unlock() - if s.metadata == nil { - s.metadata = make(map[string]any, len(values)) - } - for k, v := range values { - if v == nil { - delete(s.metadata, k) - continue - } - s.metadata[k] = v - } - return cloneMap(s.metadata) -} - -// SetProjectIDs updates the stored project identifiers. -func (s *SharedCredential) SetProjectIDs(ids []string) { - if s == nil { - return - } - s.mu.Lock() - s.projectIDs = cloneStrings(ids) - s.mu.Unlock() -} - -// VirtualCredential tracks a per-project virtual auth entry that reuses a primary credential. -type VirtualCredential struct { - ProjectID string - Parent *SharedCredential -} - -// NewVirtualCredential creates a virtual credential descriptor bound to the shared parent. -func NewVirtualCredential(projectID string, parent *SharedCredential) *VirtualCredential { - return &VirtualCredential{ProjectID: strings.TrimSpace(projectID), Parent: parent} -} - -// ResolveSharedCredential returns the shared credential backing the provided runtime payload. -func ResolveSharedCredential(runtime any) *SharedCredential { - switch typed := runtime.(type) { - case *SharedCredential: - return typed - case *VirtualCredential: - return typed.Parent - default: - return nil - } -} - -// IsVirtual reports whether the runtime payload represents a virtual credential. -func IsVirtual(runtime any) bool { - if runtime == nil { - return false - } - _, ok := runtime.(*VirtualCredential) - return ok -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func cloneStrings(in []string) []string { - if len(in) == 0 { - return nil - } - out := make([]string, len(in)) - copy(out, in) - return out -} diff --git a/internal/store/gitstore.go b/internal/store/gitstore.go deleted file mode 100644 index ee03424d98..0000000000 --- a/internal/store/gitstore.go +++ /dev/null @@ -1,771 +0,0 @@ -package store - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/go-git/go-git/v6" - "github.com/go-git/go-git/v6/config" - "github.com/go-git/go-git/v6/plumbing" - "github.com/go-git/go-git/v6/plumbing/object" - "github.com/go-git/go-git/v6/plumbing/transport" - "github.com/go-git/go-git/v6/plumbing/transport/http" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -// gcInterval defines minimum time between garbage collection runs. -const gcInterval = 5 * time.Minute - -// GitTokenStore persists token records and auth metadata using git as the backing storage. -type GitTokenStore struct { - mu sync.Mutex - dirLock sync.RWMutex - baseDir string - repoDir string - configDir string - remote string - username string - password string - lastGC time.Time -} - -// NewGitTokenStore creates a token store that saves credentials to disk through the -// TokenStorage implementation embedded in the token record. -func NewGitTokenStore(remote, username, password string) *GitTokenStore { - return &GitTokenStore{ - remote: remote, - username: username, - password: password, - } -} - -// SetBaseDir updates the default directory used for auth JSON persistence when no explicit path is provided. -func (s *GitTokenStore) SetBaseDir(dir string) { - clean := strings.TrimSpace(dir) - if clean == "" { - s.dirLock.Lock() - s.baseDir = "" - s.repoDir = "" - s.configDir = "" - s.dirLock.Unlock() - return - } - if abs, err := filepath.Abs(clean); err == nil { - clean = abs - } - repoDir := filepath.Dir(clean) - if repoDir == "" || repoDir == "." { - repoDir = clean - } - configDir := filepath.Join(repoDir, "config") - s.dirLock.Lock() - s.baseDir = clean - s.repoDir = repoDir - s.configDir = configDir - s.dirLock.Unlock() -} - -// AuthDir returns the directory used for auth persistence. -func (s *GitTokenStore) AuthDir() string { - return s.baseDirSnapshot() -} - -// ConfigPath returns the managed config file path. -func (s *GitTokenStore) ConfigPath() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - if s.configDir == "" { - return "" - } - return filepath.Join(s.configDir, "config.yaml") -} - -// EnsureRepository prepares the local git working tree by cloning or opening the repository. -func (s *GitTokenStore) EnsureRepository() error { - s.dirLock.Lock() - if s.remote == "" { - s.dirLock.Unlock() - return fmt.Errorf("git token store: remote not configured") - } - if s.baseDir == "" { - s.dirLock.Unlock() - return fmt.Errorf("git token store: base directory not configured") - } - repoDir := s.repoDir - if repoDir == "" { - repoDir = filepath.Dir(s.baseDir) - if repoDir == "" || repoDir == "." { - repoDir = s.baseDir - } - s.repoDir = repoDir - } - if s.configDir == "" { - s.configDir = filepath.Join(repoDir, "config") - } - authDir := filepath.Join(repoDir, "auths") - configDir := filepath.Join(repoDir, "config") - gitDir := filepath.Join(repoDir, ".git") - authMethod := s.gitAuth() - var initPaths []string - if _, err := os.Stat(gitDir); errors.Is(err, fs.ErrNotExist) { - if errMk := os.MkdirAll(repoDir, 0o700); errMk != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create repo dir: %w", errMk) - } - if _, errClone := git.PlainClone(repoDir, &git.CloneOptions{Auth: authMethod, URL: s.remote}); errClone != nil { - if errors.Is(errClone, transport.ErrEmptyRemoteRepository) { - _ = os.RemoveAll(gitDir) - repo, errInit := git.PlainInit(repoDir, false) - if errInit != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: init empty repo: %w", errInit) - } - if _, errRemote := repo.Remote("origin"); errRemote != nil { - if _, errCreate := repo.CreateRemote(&config.RemoteConfig{ - Name: "origin", - URLs: []string{s.remote}, - }); errCreate != nil && !errors.Is(errCreate, git.ErrRemoteExists) { - s.dirLock.Unlock() - return fmt.Errorf("git token store: configure remote: %w", errCreate) - } - } - if err := os.MkdirAll(authDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth dir: %w", err) - } - if err := os.MkdirAll(configDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config dir: %w", err) - } - if err := ensureEmptyFile(filepath.Join(authDir, ".gitkeep")); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth placeholder: %w", err) - } - if err := ensureEmptyFile(filepath.Join(configDir, ".gitkeep")); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config placeholder: %w", err) - } - initPaths = []string{ - filepath.Join("auths", ".gitkeep"), - filepath.Join("config", ".gitkeep"), - } - } else { - s.dirLock.Unlock() - return fmt.Errorf("git token store: clone remote: %w", errClone) - } - } - } else if err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: stat repo: %w", err) - } else { - repo, errOpen := git.PlainOpen(repoDir) - if errOpen != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: open repo: %w", errOpen) - } - worktree, errWorktree := repo.Worktree() - if errWorktree != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: worktree: %w", errWorktree) - } - if errPull := worktree.Pull(&git.PullOptions{Auth: authMethod, RemoteName: "origin"}); errPull != nil { - switch { - case errors.Is(errPull, git.NoErrAlreadyUpToDate), - errors.Is(errPull, git.ErrUnstagedChanges), - errors.Is(errPull, git.ErrNonFastForwardUpdate): - // Ignore clean syncs, local edits, and remote divergence—local changes win. - case errors.Is(errPull, transport.ErrAuthenticationRequired), - errors.Is(errPull, plumbing.ErrReferenceNotFound), - errors.Is(errPull, transport.ErrEmptyRemoteRepository): - // Ignore authentication prompts and empty remote references on initial sync. - default: - s.dirLock.Unlock() - return fmt.Errorf("git token store: pull: %w", errPull) - } - } - } - if err := os.MkdirAll(s.baseDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create auth dir: %w", err) - } - if err := os.MkdirAll(s.configDir, 0o700); err != nil { - s.dirLock.Unlock() - return fmt.Errorf("git token store: create config dir: %w", err) - } - s.dirLock.Unlock() - if len(initPaths) > 0 { - s.mu.Lock() - err := s.commitAndPushLocked("Initialize git token store", initPaths...) - s.mu.Unlock() - if err != nil { - return err - } - } - return nil -} - -// Save persists token storage and metadata to the resolved auth file path. -func (s *GitTokenStore) Save(_ context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("auth filestore: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); os.IsNotExist(statErr) { - return "", nil - } - } - - if err = s.EnsureRepository(); err != nil { - return "", err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("auth filestore: create dir failed: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("auth filestore: marshal metadata failed: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if !os.IsNotExist(errRead) { - return "", fmt.Errorf("auth filestore: read existing failed: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("auth filestore: write temp failed: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("auth filestore: rename failed: %w", errRename) - } - default: - return "", fmt.Errorf("auth filestore: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - relPath, errRel := s.relativeToRepo(path) - if errRel != nil { - return "", errRel - } - messageID := auth.ID - if strings.TrimSpace(messageID) == "" { - messageID = filepath.Base(path) - } - if errCommit := s.commitAndPushLocked(fmt.Sprintf("Update auth %s", strings.TrimSpace(messageID)), relPath); errCommit != nil { - return "", errCommit - } - - return path, nil -} - -// List enumerates all auth JSON files under the configured directory. -func (s *GitTokenStore) List(_ context.Context) ([]*cliproxyauth.Auth, error) { - if err := s.EnsureRepository(); err != nil { - return nil, err - } - dir := s.baseDirSnapshot() - if dir == "" { - return nil, fmt.Errorf("auth filestore: directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, err - } - return entries, nil -} - -// Delete removes the auth file. -func (s *GitTokenStore) Delete(_ context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("auth filestore: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - if err = s.EnsureRepository(); err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("auth filestore: delete failed: %w", err) - } - if err == nil { - rel, errRel := s.relativeToRepo(path) - if errRel != nil { - return errRel - } - messageID := id - if errCommit := s.commitAndPushLocked(fmt.Sprintf("Delete auth %s", messageID), rel); errCommit != nil { - return errCommit - } - } - return nil -} - -// PersistAuthFiles commits and pushes the provided paths to the remote repository. -// It no-ops when the store is not fully configured or when there are no paths. -func (s *GitTokenStore) PersistAuthFiles(_ context.Context, message string, paths ...string) error { - if len(paths) == 0 { - return nil - } - if err := s.EnsureRepository(); err != nil { - return err - } - - filtered := make([]string, 0, len(paths)) - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - rel, err := s.relativeToRepo(trimmed) - if err != nil { - return err - } - filtered = append(filtered, rel) - } - if len(filtered) == 0 { - return nil - } - - s.mu.Lock() - defer s.mu.Unlock() - - if strings.TrimSpace(message) == "" { - message = "Sync watcher updates" - } - return s.commitAndPushLocked(message, filtered...) -} - -func (s *GitTokenStore) resolveDeletePath(id string) (string, error) { - if strings.ContainsRune(id, os.PathSeparator) || filepath.IsAbs(id) { - return id, nil - } - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return filepath.Join(dir, id), nil -} - -func (s *GitTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider, _ := metadata["type"].(string) - if provider == "" { - provider = "unknown" - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat file: %w", err) - } - id := s.idFor(path, baseDir) - auth := &cliproxyauth.Auth{ - ID: id, - Provider: provider, - FileName: id, - Label: s.labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: map[string]string{"path": path}, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - if email, ok := metadata["email"].(string); ok && email != "" { - auth.Attributes["email"] = email - } - return auth, nil -} - -func (s *GitTokenStore) idFor(path, baseDir string) string { - if baseDir == "" { - return path - } - rel, err := filepath.Rel(baseDir, path) - if err != nil { - return path - } - return rel -} - -func (s *GitTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("auth filestore: auth is nil") - } - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - return p, nil - } - } - if fileName := strings.TrimSpace(auth.FileName); fileName != "" { - if filepath.IsAbs(fileName) { - return fileName, nil - } - if dir := s.baseDirSnapshot(); dir != "" { - return filepath.Join(dir, fileName), nil - } - return fileName, nil - } - if auth.ID == "" { - return "", fmt.Errorf("auth filestore: missing id") - } - if filepath.IsAbs(auth.ID) { - return auth.ID, nil - } - dir := s.baseDirSnapshot() - if dir == "" { - return "", fmt.Errorf("auth filestore: directory not configured") - } - return filepath.Join(dir, auth.ID), nil -} - -func (s *GitTokenStore) labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v, ok := metadata["label"].(string); ok && v != "" { - return v - } - if v, ok := metadata["email"].(string); ok && v != "" { - return v - } - if project, ok := metadata["project_id"].(string); ok && project != "" { - return project - } - return "" -} - -func (s *GitTokenStore) baseDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.baseDir -} - -func (s *GitTokenStore) repoDirSnapshot() string { - s.dirLock.RLock() - defer s.dirLock.RUnlock() - return s.repoDir -} - -func (s *GitTokenStore) gitAuth() transport.AuthMethod { - if s.username == "" && s.password == "" { - return nil - } - user := s.username - if user == "" { - user = "git" - } - return &http.BasicAuth{Username: user, Password: s.password} -} - -func (s *GitTokenStore) relativeToRepo(path string) (string, error) { - repoDir := s.repoDirSnapshot() - if repoDir == "" { - return "", fmt.Errorf("git token store: repository path not configured") - } - absRepo := repoDir - if abs, err := filepath.Abs(repoDir); err == nil { - absRepo = abs - } - cleanPath := path - if abs, err := filepath.Abs(path); err == nil { - cleanPath = abs - } - rel, err := filepath.Rel(absRepo, cleanPath) - if err != nil { - return "", fmt.Errorf("git token store: relative path: %w", err) - } - if rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("git token store: path outside repository") - } - return rel, nil -} - -func (s *GitTokenStore) commitAndPushLocked(message string, relPaths ...string) error { - repoDir := s.repoDirSnapshot() - if repoDir == "" { - return fmt.Errorf("git token store: repository path not configured") - } - repo, err := git.PlainOpen(repoDir) - if err != nil { - return fmt.Errorf("git token store: open repo: %w", err) - } - worktree, err := repo.Worktree() - if err != nil { - return fmt.Errorf("git token store: worktree: %w", err) - } - added := false - for _, rel := range relPaths { - if strings.TrimSpace(rel) == "" { - continue - } - if _, err = worktree.Add(rel); err != nil { - if errors.Is(err, os.ErrNotExist) { - if _, errRemove := worktree.Remove(rel); errRemove != nil && !errors.Is(errRemove, os.ErrNotExist) { - return fmt.Errorf("git token store: remove %s: %w", rel, errRemove) - } - } else { - return fmt.Errorf("git token store: add %s: %w", rel, err) - } - } - added = true - } - if !added { - return nil - } - status, err := worktree.Status() - if err != nil { - return fmt.Errorf("git token store: status: %w", err) - } - if status.IsClean() { - return nil - } - if strings.TrimSpace(message) == "" { - message = "Update auth store" - } - signature := &object.Signature{ - Name: "CLIProxyAPI", - Email: "cliproxy@local", - When: time.Now(), - } - commitHash, err := worktree.Commit(message, &git.CommitOptions{ - Author: signature, - }) - if err != nil { - if errors.Is(err, git.ErrEmptyCommit) { - return nil - } - return fmt.Errorf("git token store: commit: %w", err) - } - headRef, errHead := repo.Head() - if errHead != nil { - if !errors.Is(errHead, plumbing.ErrReferenceNotFound) { - return fmt.Errorf("git token store: get head: %w", errHead) - } - } else if errRewrite := s.rewriteHeadAsSingleCommit(repo, headRef.Name(), commitHash, message, signature); errRewrite != nil { - return errRewrite - } - s.maybeRunGC(repo) - if err = repo.Push(&git.PushOptions{Auth: s.gitAuth(), Force: true}); err != nil { - if errors.Is(err, git.NoErrAlreadyUpToDate) { - return nil - } - return fmt.Errorf("git token store: push: %w", err) - } - return nil -} - -// rewriteHeadAsSingleCommit rewrites the current branch tip to a single-parentless commit and leaves history squashed. -func (s *GitTokenStore) rewriteHeadAsSingleCommit(repo *git.Repository, branch plumbing.ReferenceName, commitHash plumbing.Hash, message string, signature *object.Signature) error { - commitObj, err := repo.CommitObject(commitHash) - if err != nil { - return fmt.Errorf("git token store: inspect head commit: %w", err) - } - squashed := &object.Commit{ - Author: *signature, - Committer: *signature, - Message: message, - TreeHash: commitObj.TreeHash, - ParentHashes: nil, - Encoding: commitObj.Encoding, - ExtraHeaders: commitObj.ExtraHeaders, - } - mem := &plumbing.MemoryObject{} - mem.SetType(plumbing.CommitObject) - if err := squashed.Encode(mem); err != nil { - return fmt.Errorf("git token store: encode squashed commit: %w", err) - } - newHash, err := repo.Storer.SetEncodedObject(mem) - if err != nil { - return fmt.Errorf("git token store: write squashed commit: %w", err) - } - if err := repo.Storer.SetReference(plumbing.NewHashReference(branch, newHash)); err != nil { - return fmt.Errorf("git token store: update branch reference: %w", err) - } - return nil -} - -func (s *GitTokenStore) maybeRunGC(repo *git.Repository) { - now := time.Now() - if now.Sub(s.lastGC) < gcInterval { - return - } - s.lastGC = now - - pruneOpts := git.PruneOptions{ - OnlyObjectsOlderThan: now, - Handler: repo.DeleteObject, - } - if err := repo.Prune(pruneOpts); err != nil && !errors.Is(err, git.ErrLooseObjectsNotSupported) { - return - } - _ = repo.RepackObjects(&git.RepackConfig{}) -} - -// PersistConfig commits and pushes configuration changes to git. -func (s *GitTokenStore) PersistConfig(_ context.Context) error { - if err := s.EnsureRepository(); err != nil { - return err - } - configPath := s.ConfigPath() - if configPath == "" { - return fmt.Errorf("git token store: config path not configured") - } - if _, err := os.Stat(configPath); err != nil { - if errors.Is(err, fs.ErrNotExist) { - return nil - } - return fmt.Errorf("git token store: stat config: %w", err) - } - s.mu.Lock() - defer s.mu.Unlock() - rel, err := s.relativeToRepo(configPath) - if err != nil { - return err - } - return s.commitAndPushLocked("Update config", rel) -} - -func ensureEmptyFile(path string) error { - if _, err := os.Stat(path); err != nil { - if errors.Is(err, fs.ErrNotExist) { - return os.WriteFile(path, []byte{}, 0o600) - } - return err - } - return nil -} - -func jsonEqual(a, b []byte) bool { - var objA any - var objB any - if err := json.Unmarshal(a, &objA); err != nil { - return false - } - if err := json.Unmarshal(b, &objB); err != nil { - return false - } - return deepEqualJSON(objA, objB) -} - -func deepEqualJSON(a, b any) bool { - switch valA := a.(type) { - case map[string]any: - valB, ok := b.(map[string]any) - if !ok || len(valA) != len(valB) { - return false - } - for key, subA := range valA { - subB, ok1 := valB[key] - if !ok1 || !deepEqualJSON(subA, subB) { - return false - } - } - return true - case []any: - sliceB, ok := b.([]any) - if !ok || len(valA) != len(sliceB) { - return false - } - for i := range valA { - if !deepEqualJSON(valA[i], sliceB[i]) { - return false - } - } - return true - case float64: - valB, ok := b.(float64) - if !ok { - return false - } - return valA == valB - case string: - valB, ok := b.(string) - if !ok { - return false - } - return valA == valB - case bool: - valB, ok := b.(bool) - if !ok { - return false - } - return valA == valB - case nil: - return b == nil - default: - return false - } -} diff --git a/internal/store/objectstore.go b/internal/store/objectstore.go deleted file mode 100644 index b2031608a5..0000000000 --- a/internal/store/objectstore.go +++ /dev/null @@ -1,619 +0,0 @@ -package store - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "io" - "io/fs" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/minio/minio-go/v7" - "github.com/minio/minio-go/v7/pkg/credentials" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -const ( - objectStoreConfigKey = "config/config.yaml" - objectStoreAuthPrefix = "auths" -) - -// ObjectStoreConfig captures configuration for the object storage-backed token store. -type ObjectStoreConfig struct { - Endpoint string - Bucket string - AccessKey string - SecretKey string - Region string - Prefix string - LocalRoot string - UseSSL bool - PathStyle bool -} - -// ObjectTokenStore persists configuration and authentication metadata using an S3-compatible object storage backend. -// Files are mirrored to a local workspace so existing file-based flows continue to operate. -type ObjectTokenStore struct { - client *minio.Client - cfg ObjectStoreConfig - spoolRoot string - configPath string - authDir string - mu sync.Mutex -} - -// NewObjectTokenStore initializes an object storage backed token store. -func NewObjectTokenStore(cfg ObjectStoreConfig) (*ObjectTokenStore, error) { - cfg.Endpoint = strings.TrimSpace(cfg.Endpoint) - cfg.Bucket = strings.TrimSpace(cfg.Bucket) - cfg.AccessKey = strings.TrimSpace(cfg.AccessKey) - cfg.SecretKey = strings.TrimSpace(cfg.SecretKey) - cfg.Prefix = strings.Trim(cfg.Prefix, "/") - - if cfg.Endpoint == "" { - return nil, fmt.Errorf("object store: endpoint is required") - } - if cfg.Bucket == "" { - return nil, fmt.Errorf("object store: bucket is required") - } - if cfg.AccessKey == "" { - return nil, fmt.Errorf("object store: access key is required") - } - if cfg.SecretKey == "" { - return nil, fmt.Errorf("object store: secret key is required") - } - - root := strings.TrimSpace(cfg.LocalRoot) - if root == "" { - if cwd, err := os.Getwd(); err == nil { - root = filepath.Join(cwd, "objectstore") - } else { - root = filepath.Join(os.TempDir(), "objectstore") - } - } - absRoot, err := filepath.Abs(root) - if err != nil { - return nil, fmt.Errorf("object store: resolve spool directory: %w", err) - } - - configDir := filepath.Join(absRoot, "config") - authDir := filepath.Join(absRoot, "auths") - - if err = os.MkdirAll(configDir, 0o700); err != nil { - return nil, fmt.Errorf("object store: create config directory: %w", err) - } - if err = os.MkdirAll(authDir, 0o700); err != nil { - return nil, fmt.Errorf("object store: create auth directory: %w", err) - } - - options := &minio.Options{ - Creds: credentials.NewStaticV4(cfg.AccessKey, cfg.SecretKey, ""), - Secure: cfg.UseSSL, - Region: cfg.Region, - } - if cfg.PathStyle { - options.BucketLookup = minio.BucketLookupPath - } - - client, err := minio.New(cfg.Endpoint, options) - if err != nil { - return nil, fmt.Errorf("object store: create client: %w", err) - } - - return &ObjectTokenStore{ - client: client, - cfg: cfg, - spoolRoot: absRoot, - configPath: filepath.Join(configDir, "config.yaml"), - authDir: authDir, - }, nil -} - -// SetBaseDir implements the optional interface used by authenticators; it is a no-op because -// the object store controls its own workspace. -func (s *ObjectTokenStore) SetBaseDir(string) {} - -// ConfigPath returns the managed configuration file path inside the spool directory. -func (s *ObjectTokenStore) ConfigPath() string { - if s == nil { - return "" - } - return s.configPath -} - -// AuthDir returns the local directory containing mirrored auth files. -func (s *ObjectTokenStore) AuthDir() string { - if s == nil { - return "" - } - return s.authDir -} - -// Bootstrap ensures the target bucket exists and synchronizes data from the object storage backend. -func (s *ObjectTokenStore) Bootstrap(ctx context.Context, exampleConfigPath string) error { - if s == nil { - return fmt.Errorf("object store: not initialized") - } - if err := s.ensureBucket(ctx); err != nil { - return err - } - if err := s.syncConfigFromBucket(ctx, exampleConfigPath); err != nil { - return err - } - if err := s.syncAuthFromBucket(ctx); err != nil { - return err - } - return nil -} - -// Save persists authentication metadata to disk and uploads it to the object storage backend. -func (s *ObjectTokenStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("object store: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("object store: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); errors.Is(statErr, fs.ErrNotExist) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("object store: create auth directory: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("object store: marshal metadata: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if errRead != nil && !errors.Is(errRead, fs.ErrNotExist) { - return "", fmt.Errorf("object store: read existing metadata: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("object store: write temp auth file: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("object store: rename auth file: %w", errRename) - } - default: - return "", fmt.Errorf("object store: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - if err = s.uploadAuth(ctx, path); err != nil { - return "", err - } - return path, nil -} - -// List enumerates auth JSON files from the mirrored workspace. -func (s *ObjectTokenStore) List(_ context.Context) ([]*cliproxyauth.Auth, error) { - dir := strings.TrimSpace(s.AuthDir()) - if dir == "" { - return nil, fmt.Errorf("object store: auth directory not configured") - } - entries := make([]*cliproxyauth.Auth, 0, 32) - err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, walkErr error) error { - if walkErr != nil { - return walkErr - } - if d.IsDir() { - return nil - } - if !strings.HasSuffix(strings.ToLower(d.Name()), ".json") { - return nil - } - auth, err := s.readAuthFile(path, dir) - if err != nil { - log.WithError(err).Warnf("object store: skip auth %s", path) - return nil - } - if auth != nil { - entries = append(entries, auth) - } - return nil - }) - if err != nil { - return nil, fmt.Errorf("object store: walk auth directory: %w", err) - } - return entries, nil -} - -// Delete removes an auth file locally and remotely. -func (s *ObjectTokenStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("object store: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !errors.Is(err, fs.ErrNotExist) { - return fmt.Errorf("object store: delete auth file: %w", err) - } - if err = s.deleteAuthObject(ctx, path); err != nil { - return err - } - return nil -} - -// PersistAuthFiles uploads the provided auth files to the object storage backend. -func (s *ObjectTokenStore) PersistAuthFiles(ctx context.Context, _ string, paths ...string) error { - if len(paths) == 0 { - return nil - } - - s.mu.Lock() - defer s.mu.Unlock() - - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - abs := trimmed - if !filepath.IsAbs(abs) { - abs = filepath.Join(s.authDir, trimmed) - } - if err := s.uploadAuth(ctx, abs); err != nil { - return err - } - } - return nil -} - -// PersistConfig uploads the local configuration file to the object storage backend. -func (s *ObjectTokenStore) PersistConfig(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - data, err := os.ReadFile(s.configPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteObject(ctx, objectStoreConfigKey) - } - return fmt.Errorf("object store: read config file: %w", err) - } - if len(data) == 0 { - return s.deleteObject(ctx, objectStoreConfigKey) - } - return s.putObject(ctx, objectStoreConfigKey, data, "application/x-yaml") -} - -func (s *ObjectTokenStore) ensureBucket(ctx context.Context) error { - exists, err := s.client.BucketExists(ctx, s.cfg.Bucket) - if err != nil { - return fmt.Errorf("object store: check bucket: %w", err) - } - if exists { - return nil - } - if err = s.client.MakeBucket(ctx, s.cfg.Bucket, minio.MakeBucketOptions{Region: s.cfg.Region}); err != nil { - return fmt.Errorf("object store: create bucket: %w", err) - } - return nil -} - -func (s *ObjectTokenStore) syncConfigFromBucket(ctx context.Context, example string) error { - key := s.prefixedKey(objectStoreConfigKey) - _, err := s.client.StatObject(ctx, s.cfg.Bucket, key, minio.StatObjectOptions{}) - switch { - case err == nil: - object, errGet := s.client.GetObject(ctx, s.cfg.Bucket, key, minio.GetObjectOptions{}) - if errGet != nil { - return fmt.Errorf("object store: fetch config: %w", errGet) - } - defer object.Close() - data, errRead := io.ReadAll(object) - if errRead != nil { - return fmt.Errorf("object store: read config: %w", errRead) - } - if errWrite := os.WriteFile(s.configPath, normalizeLineEndingsBytes(data), 0o600); errWrite != nil { - return fmt.Errorf("object store: write config: %w", errWrite) - } - case isObjectNotFound(err): - if _, statErr := os.Stat(s.configPath); errors.Is(statErr, fs.ErrNotExist) { - if example != "" { - if errCopy := misc.CopyConfigTemplate(example, s.configPath); errCopy != nil { - return fmt.Errorf("object store: copy example config: %w", errCopy) - } - } else { - if errCreate := os.MkdirAll(filepath.Dir(s.configPath), 0o700); errCreate != nil { - return fmt.Errorf("object store: prepare config directory: %w", errCreate) - } - if errWrite := os.WriteFile(s.configPath, []byte{}, 0o600); errWrite != nil { - return fmt.Errorf("object store: create empty config: %w", errWrite) - } - } - } - data, errRead := os.ReadFile(s.configPath) - if errRead != nil { - return fmt.Errorf("object store: read local config: %w", errRead) - } - if len(data) > 0 { - if errPut := s.putObject(ctx, objectStoreConfigKey, data, "application/x-yaml"); errPut != nil { - return errPut - } - } - default: - return fmt.Errorf("object store: stat config: %w", err) - } - return nil -} - -func (s *ObjectTokenStore) syncAuthFromBucket(ctx context.Context) error { - // NOTE: We intentionally do NOT use os.RemoveAll here. - // Wiping the directory triggers file watcher delete events, which then - // propagate deletions to the remote object store (race condition). - // Instead, we just ensure the directory exists and overwrite files incrementally. - if err := os.MkdirAll(s.authDir, 0o700); err != nil { - return fmt.Errorf("object store: create auth directory: %w", err) - } - - prefix := s.prefixedKey(objectStoreAuthPrefix + "/") - objectCh := s.client.ListObjects(ctx, s.cfg.Bucket, minio.ListObjectsOptions{ - Prefix: prefix, - Recursive: true, - }) - for object := range objectCh { - if object.Err != nil { - return fmt.Errorf("object store: list auth objects: %w", object.Err) - } - rel := strings.TrimPrefix(object.Key, prefix) - if rel == "" || strings.HasSuffix(rel, "/") { - continue - } - relPath := filepath.FromSlash(rel) - if filepath.IsAbs(relPath) { - log.WithField("key", object.Key).Warn("object store: skip auth outside mirror") - continue - } - cleanRel := filepath.Clean(relPath) - if cleanRel == "." || cleanRel == ".." || strings.HasPrefix(cleanRel, ".."+string(os.PathSeparator)) { - log.WithField("key", object.Key).Warn("object store: skip auth outside mirror") - continue - } - local := filepath.Join(s.authDir, cleanRel) - if err := os.MkdirAll(filepath.Dir(local), 0o700); err != nil { - return fmt.Errorf("object store: prepare auth subdir: %w", err) - } - reader, errGet := s.client.GetObject(ctx, s.cfg.Bucket, object.Key, minio.GetObjectOptions{}) - if errGet != nil { - return fmt.Errorf("object store: download auth %s: %w", object.Key, errGet) - } - data, errRead := io.ReadAll(reader) - _ = reader.Close() - if errRead != nil { - return fmt.Errorf("object store: read auth %s: %w", object.Key, errRead) - } - if errWrite := os.WriteFile(local, data, 0o600); errWrite != nil { - return fmt.Errorf("object store: write auth %s: %w", local, errWrite) - } - } - return nil -} - -func (s *ObjectTokenStore) uploadAuth(ctx context.Context, path string) error { - if path == "" { - return nil - } - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return fmt.Errorf("object store: resolve auth relative path: %w", err) - } - data, err := os.ReadFile(path) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteAuthObject(ctx, path) - } - return fmt.Errorf("object store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthObject(ctx, path) - } - key := objectStoreAuthPrefix + "/" + filepath.ToSlash(rel) - return s.putObject(ctx, key, data, "application/json") -} - -func (s *ObjectTokenStore) deleteAuthObject(ctx context.Context, path string) error { - if path == "" { - return nil - } - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return fmt.Errorf("object store: resolve auth relative path: %w", err) - } - key := objectStoreAuthPrefix + "/" + filepath.ToSlash(rel) - return s.deleteObject(ctx, key) -} - -func (s *ObjectTokenStore) putObject(ctx context.Context, key string, data []byte, contentType string) error { - if len(data) == 0 { - return s.deleteObject(ctx, key) - } - fullKey := s.prefixedKey(key) - reader := bytes.NewReader(data) - _, err := s.client.PutObject(ctx, s.cfg.Bucket, fullKey, reader, int64(len(data)), minio.PutObjectOptions{ - ContentType: contentType, - }) - if err != nil { - return fmt.Errorf("object store: put object %s: %w", fullKey, err) - } - return nil -} - -func (s *ObjectTokenStore) deleteObject(ctx context.Context, key string) error { - fullKey := s.prefixedKey(key) - err := s.client.RemoveObject(ctx, s.cfg.Bucket, fullKey, minio.RemoveObjectOptions{}) - if err != nil { - if isObjectNotFound(err) { - return nil - } - return fmt.Errorf("object store: delete object %s: %w", fullKey, err) - } - return nil -} - -func (s *ObjectTokenStore) prefixedKey(key string) string { - key = strings.TrimLeft(key, "/") - if s.cfg.Prefix == "" { - return key - } - return strings.TrimLeft(s.cfg.Prefix+"/"+key, "/") -} - -func (s *ObjectTokenStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("object store: auth is nil") - } - if auth.Attributes != nil { - if path := strings.TrimSpace(auth.Attributes["path"]); path != "" { - if filepath.IsAbs(path) { - return path, nil - } - return filepath.Join(s.authDir, path), nil - } - } - fileName := strings.TrimSpace(auth.FileName) - if fileName == "" { - fileName = strings.TrimSpace(auth.ID) - } - if fileName == "" { - return "", fmt.Errorf("object store: auth %s missing filename", auth.ID) - } - if !strings.HasSuffix(strings.ToLower(fileName), ".json") { - fileName += ".json" - } - return filepath.Join(s.authDir, fileName), nil -} - -func (s *ObjectTokenStore) resolveDeletePath(id string) (string, error) { - id = strings.TrimSpace(id) - if id == "" { - return "", fmt.Errorf("object store: id is empty") - } - // Absolute paths are honored as-is; callers must ensure they point inside the mirror. - if filepath.IsAbs(id) { - return id, nil - } - // Treat any non-absolute id (including nested like "team/foo") as relative to the mirror authDir. - // Normalize separators and guard against path traversal. - clean := filepath.Clean(filepath.FromSlash(id)) - if clean == "." || clean == ".." || strings.HasPrefix(clean, ".."+string(os.PathSeparator)) { - return "", fmt.Errorf("object store: invalid auth identifier %s", id) - } - // Ensure .json suffix. - if !strings.HasSuffix(strings.ToLower(clean), ".json") { - clean += ".json" - } - return filepath.Join(s.authDir, clean), nil -} - -func (s *ObjectTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth, error) { - data, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("read file: %w", err) - } - if len(data) == 0 { - return nil, nil - } - metadata := make(map[string]any) - if err = json.Unmarshal(data, &metadata); err != nil { - return nil, fmt.Errorf("unmarshal auth json: %w", err) - } - provider := strings.TrimSpace(valueAsString(metadata["type"])) - if provider == "" { - provider = "unknown" - } - info, err := os.Stat(path) - if err != nil { - return nil, fmt.Errorf("stat auth file: %w", err) - } - rel, errRel := filepath.Rel(baseDir, path) - if errRel != nil { - rel = filepath.Base(path) - } - rel = normalizeAuthID(rel) - attr := map[string]string{"path": path} - if email := strings.TrimSpace(valueAsString(metadata["email"])); email != "" { - attr["email"] = email - } - auth := &cliproxyauth.Auth{ - ID: rel, - Provider: provider, - FileName: rel, - Label: labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: info.ModTime(), - UpdatedAt: info.ModTime(), - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - return auth, nil -} - -func normalizeLineEndingsBytes(data []byte) []byte { - replaced := bytes.ReplaceAll(data, []byte{'\r', '\n'}, []byte{'\n'}) - return bytes.ReplaceAll(replaced, []byte{'\r'}, []byte{'\n'}) -} - -func isObjectNotFound(err error) bool { - if err == nil { - return false - } - resp := minio.ToErrorResponse(err) - if resp.StatusCode == http.StatusNotFound { - return true - } - switch resp.Code { - case "NoSuchKey", "NotFound", "NoSuchBucket": - return true - } - return false -} diff --git a/internal/store/postgresstore.go b/internal/store/postgresstore.go deleted file mode 100644 index 3835b5f978..0000000000 --- a/internal/store/postgresstore.go +++ /dev/null @@ -1,665 +0,0 @@ -package store - -import ( - "context" - "database/sql" - "encoding/json" - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - - _ "github.com/jackc/pgx/v5/stdlib" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - cliproxyauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -const ( - defaultConfigTable = "config_store" - defaultAuthTable = "auth_store" - defaultConfigKey = "config" -) - -// PostgresStoreConfig captures configuration required to initialize a Postgres-backed store. -type PostgresStoreConfig struct { - DSN string - Schema string - ConfigTable string - AuthTable string - SpoolDir string -} - -// PostgresStore persists configuration and authentication metadata using PostgreSQL as backend -// while mirroring data to a local workspace so existing file-based workflows continue to operate. -type PostgresStore struct { - db *sql.DB - cfg PostgresStoreConfig - spoolRoot string - configPath string - authDir string - mu sync.Mutex -} - -// NewPostgresStore establishes a connection to PostgreSQL and prepares the local workspace. -func NewPostgresStore(ctx context.Context, cfg PostgresStoreConfig) (*PostgresStore, error) { - trimmedDSN := strings.TrimSpace(cfg.DSN) - if trimmedDSN == "" { - return nil, fmt.Errorf("postgres store: DSN is required") - } - cfg.DSN = trimmedDSN - if cfg.ConfigTable == "" { - cfg.ConfigTable = defaultConfigTable - } - if cfg.AuthTable == "" { - cfg.AuthTable = defaultAuthTable - } - - spoolRoot := strings.TrimSpace(cfg.SpoolDir) - if spoolRoot == "" { - if cwd, err := os.Getwd(); err == nil { - spoolRoot = filepath.Join(cwd, "pgstore") - } else { - spoolRoot = filepath.Join(os.TempDir(), "pgstore") - } - } - absSpool, err := filepath.Abs(spoolRoot) - if err != nil { - return nil, fmt.Errorf("postgres store: resolve spool directory: %w", err) - } - configDir := filepath.Join(absSpool, "config") - authDir := filepath.Join(absSpool, "auths") - if err = os.MkdirAll(configDir, 0o700); err != nil { - return nil, fmt.Errorf("postgres store: create config directory: %w", err) - } - if err = os.MkdirAll(authDir, 0o700); err != nil { - return nil, fmt.Errorf("postgres store: create auth directory: %w", err) - } - - db, err := sql.Open("pgx", cfg.DSN) - if err != nil { - return nil, fmt.Errorf("postgres store: open database connection: %w", err) - } - if err = db.PingContext(ctx); err != nil { - _ = db.Close() - return nil, fmt.Errorf("postgres store: ping database: %w", err) - } - - store := &PostgresStore{ - db: db, - cfg: cfg, - spoolRoot: absSpool, - configPath: filepath.Join(configDir, "config.yaml"), - authDir: authDir, - } - return store, nil -} - -// Close releases the underlying database connection. -func (s *PostgresStore) Close() error { - if s == nil || s.db == nil { - return nil - } - return s.db.Close() -} - -// EnsureSchema creates the required tables (and schema when provided). -func (s *PostgresStore) EnsureSchema(ctx context.Context) error { - if s == nil || s.db == nil { - return fmt.Errorf("postgres store: not initialized") - } - if schema := strings.TrimSpace(s.cfg.Schema); schema != "" { - query := fmt.Sprintf("CREATE SCHEMA IF NOT EXISTS %s", quoteIdentifier(schema)) - if _, err := s.db.ExecContext(ctx, query); err != nil { - return fmt.Errorf("postgres store: create schema: %w", err) - } - } - configTable := s.fullTableName(s.cfg.ConfigTable) - if _, err := s.db.ExecContext(ctx, fmt.Sprintf(` - CREATE TABLE IF NOT EXISTS %s ( - id TEXT PRIMARY KEY, - content TEXT NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() - ) - `, configTable)); err != nil { - return fmt.Errorf("postgres store: create config table: %w", err) - } - authTable := s.fullTableName(s.cfg.AuthTable) - if _, err := s.db.ExecContext(ctx, fmt.Sprintf(` - CREATE TABLE IF NOT EXISTS %s ( - id TEXT PRIMARY KEY, - content JSONB NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() - ) - `, authTable)); err != nil { - return fmt.Errorf("postgres store: create auth table: %w", err) - } - return nil -} - -// Bootstrap synchronizes configuration and auth records between PostgreSQL and the local workspace. -func (s *PostgresStore) Bootstrap(ctx context.Context, exampleConfigPath string) error { - if err := s.EnsureSchema(ctx); err != nil { - return err - } - if err := s.syncConfigFromDatabase(ctx, exampleConfigPath); err != nil { - return err - } - if err := s.syncAuthFromDatabase(ctx); err != nil { - return err - } - return nil -} - -// ConfigPath returns the managed configuration file path inside the spool directory. -func (s *PostgresStore) ConfigPath() string { - if s == nil { - return "" - } - return s.configPath -} - -// AuthDir returns the local directory containing mirrored auth files. -func (s *PostgresStore) AuthDir() string { - if s == nil { - return "" - } - return s.authDir -} - -// WorkDir exposes the root spool directory used for mirroring. -func (s *PostgresStore) WorkDir() string { - if s == nil { - return "" - } - return s.spoolRoot -} - -// SetBaseDir implements the optional interface used by authenticators; it is a no-op because -// the Postgres-backed store controls its own workspace. -func (s *PostgresStore) SetBaseDir(string) {} - -// Save persists authentication metadata to disk and PostgreSQL. -func (s *PostgresStore) Save(ctx context.Context, auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("postgres store: auth is nil") - } - - path, err := s.resolveAuthPath(auth) - if err != nil { - return "", err - } - if path == "" { - return "", fmt.Errorf("postgres store: missing file path attribute for %s", auth.ID) - } - - if auth.Disabled { - if _, statErr := os.Stat(path); errors.Is(statErr, fs.ErrNotExist) { - return "", nil - } - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return "", fmt.Errorf("postgres store: create auth directory: %w", err) - } - - switch { - case auth.Storage != nil: - if err = auth.Storage.SaveTokenToFile(path); err != nil { - return "", err - } - case auth.Metadata != nil: - raw, errMarshal := json.Marshal(auth.Metadata) - if errMarshal != nil { - return "", fmt.Errorf("postgres store: marshal metadata: %w", errMarshal) - } - if existing, errRead := os.ReadFile(path); errRead == nil { - if jsonEqual(existing, raw) { - return path, nil - } - } else if errRead != nil && !errors.Is(errRead, fs.ErrNotExist) { - return "", fmt.Errorf("postgres store: read existing metadata: %w", errRead) - } - tmp := path + ".tmp" - if errWrite := os.WriteFile(tmp, raw, 0o600); errWrite != nil { - return "", fmt.Errorf("postgres store: write temp auth file: %w", errWrite) - } - if errRename := os.Rename(tmp, path); errRename != nil { - return "", fmt.Errorf("postgres store: rename auth file: %w", errRename) - } - default: - return "", fmt.Errorf("postgres store: nothing to persist for %s", auth.ID) - } - - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - auth.Attributes["path"] = path - - if strings.TrimSpace(auth.FileName) == "" { - auth.FileName = auth.ID - } - - relID, err := s.relativeAuthID(path) - if err != nil { - return "", err - } - if err = s.upsertAuthRecord(ctx, relID, path); err != nil { - return "", err - } - return path, nil -} - -// List enumerates all auth records stored in PostgreSQL. -func (s *PostgresStore) List(ctx context.Context) ([]*cliproxyauth.Auth, error) { - query := fmt.Sprintf("SELECT id, content, created_at, updated_at FROM %s ORDER BY id", s.fullTableName(s.cfg.AuthTable)) - rows, err := s.db.QueryContext(ctx, query) - if err != nil { - return nil, fmt.Errorf("postgres store: list auth: %w", err) - } - defer rows.Close() - - auths := make([]*cliproxyauth.Auth, 0, 32) - for rows.Next() { - var ( - id string - payload string - createdAt time.Time - updatedAt time.Time - ) - if err = rows.Scan(&id, &payload, &createdAt, &updatedAt); err != nil { - return nil, fmt.Errorf("postgres store: scan auth row: %w", err) - } - path, errPath := s.absoluteAuthPath(id) - if errPath != nil { - log.WithError(errPath).Warnf("postgres store: skipping auth %s outside spool", id) - continue - } - metadata := make(map[string]any) - if err = json.Unmarshal([]byte(payload), &metadata); err != nil { - log.WithError(err).Warnf("postgres store: skipping auth %s with invalid json", id) - continue - } - provider := strings.TrimSpace(valueAsString(metadata["type"])) - if provider == "" { - provider = "unknown" - } - attr := map[string]string{"path": path} - if email := strings.TrimSpace(valueAsString(metadata["email"])); email != "" { - attr["email"] = email - } - auth := &cliproxyauth.Auth{ - ID: normalizeAuthID(id), - Provider: provider, - FileName: normalizeAuthID(id), - Label: labelFor(metadata), - Status: cliproxyauth.StatusActive, - Attributes: attr, - Metadata: metadata, - CreatedAt: createdAt, - UpdatedAt: updatedAt, - LastRefreshedAt: time.Time{}, - NextRefreshAfter: time.Time{}, - } - auths = append(auths, auth) - } - if err = rows.Err(); err != nil { - return nil, fmt.Errorf("postgres store: iterate auth rows: %w", err) - } - return auths, nil -} - -// Delete removes an auth file and the corresponding database record. -func (s *PostgresStore) Delete(ctx context.Context, id string) error { - id = strings.TrimSpace(id) - if id == "" { - return fmt.Errorf("postgres store: id is empty") - } - path, err := s.resolveDeletePath(id) - if err != nil { - return err - } - - s.mu.Lock() - defer s.mu.Unlock() - - if err = os.Remove(path); err != nil && !errors.Is(err, fs.ErrNotExist) { - return fmt.Errorf("postgres store: delete auth file: %w", err) - } - relID, err := s.relativeAuthID(path) - if err != nil { - return err - } - return s.deleteAuthRecord(ctx, relID) -} - -// PersistAuthFiles stores the provided auth file changes in PostgreSQL. -func (s *PostgresStore) PersistAuthFiles(ctx context.Context, _ string, paths ...string) error { - if len(paths) == 0 { - return nil - } - s.mu.Lock() - defer s.mu.Unlock() - - for _, p := range paths { - trimmed := strings.TrimSpace(p) - if trimmed == "" { - continue - } - relID, err := s.relativeAuthID(trimmed) - if err != nil { - // Attempt to resolve absolute path under authDir. - abs := trimmed - if !filepath.IsAbs(abs) { - abs = filepath.Join(s.authDir, trimmed) - } - relID, err = s.relativeAuthID(abs) - if err != nil { - log.WithError(err).Warnf("postgres store: ignoring auth path %s", trimmed) - continue - } - trimmed = abs - } - if err = s.syncAuthFile(ctx, relID, trimmed); err != nil { - return err - } - } - return nil -} - -// PersistConfig mirrors the local configuration file to PostgreSQL. -func (s *PostgresStore) PersistConfig(ctx context.Context) error { - s.mu.Lock() - defer s.mu.Unlock() - - data, err := os.ReadFile(s.configPath) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteConfigRecord(ctx) - } - return fmt.Errorf("postgres store: read config file: %w", err) - } - return s.persistConfig(ctx, data) -} - -// syncConfigFromDatabase writes the database-stored config to disk or seeds the database from template. -func (s *PostgresStore) syncConfigFromDatabase(ctx context.Context, exampleConfigPath string) error { - query := fmt.Sprintf("SELECT content FROM %s WHERE id = $1", s.fullTableName(s.cfg.ConfigTable)) - var content string - err := s.db.QueryRowContext(ctx, query, defaultConfigKey).Scan(&content) - switch { - case errors.Is(err, sql.ErrNoRows): - if _, errStat := os.Stat(s.configPath); errors.Is(errStat, fs.ErrNotExist) { - if exampleConfigPath != "" { - if errCopy := misc.CopyConfigTemplate(exampleConfigPath, s.configPath); errCopy != nil { - return fmt.Errorf("postgres store: copy example config: %w", errCopy) - } - } else { - if errCreate := os.MkdirAll(filepath.Dir(s.configPath), 0o700); errCreate != nil { - return fmt.Errorf("postgres store: prepare config directory: %w", errCreate) - } - if errWrite := os.WriteFile(s.configPath, []byte{}, 0o600); errWrite != nil { - return fmt.Errorf("postgres store: create empty config: %w", errWrite) - } - } - } - data, errRead := os.ReadFile(s.configPath) - if errRead != nil { - return fmt.Errorf("postgres store: read local config: %w", errRead) - } - if errPersist := s.persistConfig(ctx, data); errPersist != nil { - return errPersist - } - case err != nil: - return fmt.Errorf("postgres store: load config from database: %w", err) - default: - if err = os.MkdirAll(filepath.Dir(s.configPath), 0o700); err != nil { - return fmt.Errorf("postgres store: prepare config directory: %w", err) - } - normalized := normalizeLineEndings(content) - if err = os.WriteFile(s.configPath, []byte(normalized), 0o600); err != nil { - return fmt.Errorf("postgres store: write config to spool: %w", err) - } - } - return nil -} - -// syncAuthFromDatabase populates the local auth directory from PostgreSQL data. -func (s *PostgresStore) syncAuthFromDatabase(ctx context.Context) error { - query := fmt.Sprintf("SELECT id, content FROM %s", s.fullTableName(s.cfg.AuthTable)) - rows, err := s.db.QueryContext(ctx, query) - if err != nil { - return fmt.Errorf("postgres store: load auth from database: %w", err) - } - defer rows.Close() - - if err = os.RemoveAll(s.authDir); err != nil { - return fmt.Errorf("postgres store: reset auth directory: %w", err) - } - if err = os.MkdirAll(s.authDir, 0o700); err != nil { - return fmt.Errorf("postgres store: recreate auth directory: %w", err) - } - - for rows.Next() { - var ( - id string - payload string - ) - if err = rows.Scan(&id, &payload); err != nil { - return fmt.Errorf("postgres store: scan auth row: %w", err) - } - path, errPath := s.absoluteAuthPath(id) - if errPath != nil { - log.WithError(errPath).Warnf("postgres store: skipping auth %s outside spool", id) - continue - } - if err = os.MkdirAll(filepath.Dir(path), 0o700); err != nil { - return fmt.Errorf("postgres store: create auth subdir: %w", err) - } - if err = os.WriteFile(path, []byte(payload), 0o600); err != nil { - return fmt.Errorf("postgres store: write auth file: %w", err) - } - } - if err = rows.Err(); err != nil { - return fmt.Errorf("postgres store: iterate auth rows: %w", err) - } - return nil -} - -func (s *PostgresStore) syncAuthFile(ctx context.Context, relID, path string) error { - data, err := os.ReadFile(path) - if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return s.deleteAuthRecord(ctx, relID) - } - return fmt.Errorf("postgres store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthRecord(ctx, relID) - } - return s.persistAuth(ctx, relID, data) -} - -func (s *PostgresStore) upsertAuthRecord(ctx context.Context, relID, path string) error { - data, err := os.ReadFile(path) - if err != nil { - return fmt.Errorf("postgres store: read auth file: %w", err) - } - if len(data) == 0 { - return s.deleteAuthRecord(ctx, relID) - } - return s.persistAuth(ctx, relID, data) -} - -func (s *PostgresStore) persistAuth(ctx context.Context, relID string, data []byte) error { - jsonPayload := json.RawMessage(data) - query := fmt.Sprintf(` - INSERT INTO %s (id, content, created_at, updated_at) - VALUES ($1, $2, NOW(), NOW()) - ON CONFLICT (id) - DO UPDATE SET content = EXCLUDED.content, updated_at = NOW() - `, s.fullTableName(s.cfg.AuthTable)) - if _, err := s.db.ExecContext(ctx, query, relID, jsonPayload); err != nil { - return fmt.Errorf("postgres store: upsert auth record: %w", err) - } - return nil -} - -func (s *PostgresStore) deleteAuthRecord(ctx context.Context, relID string) error { - query := fmt.Sprintf("DELETE FROM %s WHERE id = $1", s.fullTableName(s.cfg.AuthTable)) - if _, err := s.db.ExecContext(ctx, query, relID); err != nil { - return fmt.Errorf("postgres store: delete auth record: %w", err) - } - return nil -} - -func (s *PostgresStore) persistConfig(ctx context.Context, data []byte) error { - query := fmt.Sprintf(` - INSERT INTO %s (id, content, created_at, updated_at) - VALUES ($1, $2, NOW(), NOW()) - ON CONFLICT (id) - DO UPDATE SET content = EXCLUDED.content, updated_at = NOW() - `, s.fullTableName(s.cfg.ConfigTable)) - normalized := normalizeLineEndings(string(data)) - if _, err := s.db.ExecContext(ctx, query, defaultConfigKey, normalized); err != nil { - return fmt.Errorf("postgres store: upsert config: %w", err) - } - return nil -} - -func (s *PostgresStore) deleteConfigRecord(ctx context.Context) error { - query := fmt.Sprintf("DELETE FROM %s WHERE id = $1", s.fullTableName(s.cfg.ConfigTable)) - if _, err := s.db.ExecContext(ctx, query, defaultConfigKey); err != nil { - return fmt.Errorf("postgres store: delete config: %w", err) - } - return nil -} - -func (s *PostgresStore) resolveAuthPath(auth *cliproxyauth.Auth) (string, error) { - if auth == nil { - return "", fmt.Errorf("postgres store: auth is nil") - } - if auth.Attributes != nil { - if p := strings.TrimSpace(auth.Attributes["path"]); p != "" { - return p, nil - } - } - if fileName := strings.TrimSpace(auth.FileName); fileName != "" { - if filepath.IsAbs(fileName) { - return fileName, nil - } - return filepath.Join(s.authDir, fileName), nil - } - if auth.ID == "" { - return "", fmt.Errorf("postgres store: missing id") - } - if filepath.IsAbs(auth.ID) { - return auth.ID, nil - } - return filepath.Join(s.authDir, filepath.FromSlash(auth.ID)), nil -} - -func (s *PostgresStore) resolveDeletePath(id string) (string, error) { - if strings.ContainsRune(id, os.PathSeparator) || filepath.IsAbs(id) { - return id, nil - } - return filepath.Join(s.authDir, filepath.FromSlash(id)), nil -} - -func (s *PostgresStore) relativeAuthID(path string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - if !filepath.IsAbs(path) { - path = filepath.Join(s.authDir, path) - } - clean := filepath.Clean(path) - rel, err := filepath.Rel(s.authDir, clean) - if err != nil { - return "", fmt.Errorf("postgres store: compute relative path: %w", err) - } - if strings.HasPrefix(rel, "..") { - return "", fmt.Errorf("postgres store: path %s outside managed directory", path) - } - return filepath.ToSlash(rel), nil -} - -func (s *PostgresStore) absoluteAuthPath(id string) (string, error) { - if s == nil { - return "", fmt.Errorf("postgres store: store not initialized") - } - clean := filepath.Clean(filepath.FromSlash(id)) - if strings.HasPrefix(clean, "..") { - return "", fmt.Errorf("postgres store: invalid auth identifier %s", id) - } - path := filepath.Join(s.authDir, clean) - rel, err := filepath.Rel(s.authDir, path) - if err != nil { - return "", err - } - if strings.HasPrefix(rel, "..") { - return "", fmt.Errorf("postgres store: resolved auth path escapes auth directory") - } - return path, nil -} - -func (s *PostgresStore) fullTableName(name string) string { - if strings.TrimSpace(s.cfg.Schema) == "" { - return quoteIdentifier(name) - } - return quoteIdentifier(s.cfg.Schema) + "." + quoteIdentifier(name) -} - -func quoteIdentifier(identifier string) string { - replaced := strings.ReplaceAll(identifier, "\"", "\"\"") - return "\"" + replaced + "\"" -} - -func valueAsString(v any) string { - switch t := v.(type) { - case string: - return t - case fmt.Stringer: - return t.String() - default: - return "" - } -} - -func labelFor(metadata map[string]any) string { - if metadata == nil { - return "" - } - if v := strings.TrimSpace(valueAsString(metadata["label"])); v != "" { - return v - } - if v := strings.TrimSpace(valueAsString(metadata["email"])); v != "" { - return v - } - if v := strings.TrimSpace(valueAsString(metadata["project_id"])); v != "" { - return v - } - return "" -} - -func normalizeAuthID(id string) string { - return filepath.ToSlash(filepath.Clean(id)) -} - -func normalizeLineEndings(s string) string { - if s == "" { - return s - } - s = strings.ReplaceAll(s, "\r\n", "\n") - s = strings.ReplaceAll(s, "\r", "\n") - return s -} diff --git a/internal/thinking/apply.go b/internal/thinking/apply.go deleted file mode 100644 index 25d2abc159..0000000000 --- a/internal/thinking/apply.go +++ /dev/null @@ -1,502 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -package thinking - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// providerAppliers maps provider names to their ProviderApplier implementations. -var providerAppliers = map[string]ProviderApplier{ - "gemini": nil, - "gemini-cli": nil, - "claude": nil, - "openai": nil, - "codex": nil, - "iflow": nil, - "antigravity": nil, - "kimi": nil, -} - -// GetProviderApplier returns the ProviderApplier for the given provider name. -// Returns nil if the provider is not registered. -func GetProviderApplier(provider string) ProviderApplier { - return providerAppliers[provider] -} - -// RegisterProvider registers a provider applier by name. -func RegisterProvider(name string, applier ProviderApplier) { - providerAppliers[name] = applier -} - -// IsUserDefinedModel reports whether the model is a user-defined model that should -// have thinking configuration passed through without validation. -// -// User-defined models are configured via config file's models[] array -// (e.g., openai-compatibility.*.models[], *-api-key.models[]). These models -// are marked with UserDefined=true at registration time. -// -// User-defined models should have their thinking configuration applied directly, -// letting the upstream service validate the configuration. -func IsUserDefinedModel(modelInfo *registry.ModelInfo) bool { - if modelInfo == nil { - return true - } - return modelInfo.UserDefined -} - -// ApplyThinking applies thinking configuration to a request body. -// -// This is the unified entry point for all providers. It follows the processing -// order defined in FR25: route check → model capability query → config extraction -// → validation → application. -// -// Suffix Priority: When the model name includes a thinking suffix (e.g., "gemini-2.5-pro(8192)"), -// the suffix configuration takes priority over any thinking parameters in the request body. -// This enables users to override thinking settings via the model name without modifying their -// request payload. -// -// Parameters: -// - body: Original request body JSON -// - model: Model name, optionally with thinking suffix (e.g., "claude-sonnet-4-5(16384)") -// - fromFormat: Source request format (e.g., openai, codex, gemini) -// - toFormat: Target provider format for the request body (gemini, gemini-cli, antigravity, claude, openai, codex, iflow) -// - providerKey: Provider identifier used for registry model lookups (may differ from toFormat, e.g., openrouter -> openai) -// -// Returns: -// - Modified request body JSON with thinking configuration applied -// - Error if validation fails (ThinkingError). On error, the original body -// is returned (not nil) to enable defensive programming patterns. -// -// Passthrough behavior (returns original body without error): -// - Unknown provider (not in providerAppliers map) -// - modelInfo.Thinking is nil (model doesn't support thinking) -// -// Note: Unknown models (modelInfo is nil) are treated as user-defined models: we skip -// validation and still apply the thinking config so the upstream can validate it. -// -// Example: -// -// // With suffix - suffix config takes priority -// result, err := thinking.ApplyThinking(body, "gemini-2.5-pro(8192)", "gemini", "gemini", "gemini") -// -// // Without suffix - uses body config -// result, err := thinking.ApplyThinking(body, "gemini-2.5-pro", "gemini", "gemini", "gemini") -func ApplyThinking(body []byte, model string, fromFormat string, toFormat string, providerKey string) ([]byte, error) { - providerFormat := strings.ToLower(strings.TrimSpace(toFormat)) - providerKey = strings.ToLower(strings.TrimSpace(providerKey)) - if providerKey == "" { - providerKey = providerFormat - } - fromFormat = strings.ToLower(strings.TrimSpace(fromFormat)) - if fromFormat == "" { - fromFormat = providerFormat - } - // 1. Route check: Get provider applier - applier := GetProviderApplier(providerFormat) - if applier == nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": model, - }).Debug("thinking: unknown provider, passthrough |") - return body, nil - } - - // 2. Parse suffix and get modelInfo - suffixResult := ParseSuffix(model) - baseModel := suffixResult.ModelName - // Use provider-specific lookup to handle capability differences across providers. - modelInfo := registry.LookupModelInfo(baseModel, providerKey) - - // 3. Model capability check - // Unknown models are treated as user-defined so thinking config can still be applied. - // The upstream service is responsible for validating the configuration. - if IsUserDefinedModel(modelInfo) { - return applyUserDefinedModel(body, modelInfo, fromFormat, providerFormat, suffixResult) - } - if modelInfo.Thinking == nil { - config := extractThinkingConfig(body, providerFormat) - if hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "model": baseModel, - "provider": providerFormat, - }).Debug("thinking: model does not support thinking, stripping config |") - return StripThinkingConfig(body, providerFormat), nil - } - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": baseModel, - }).Debug("thinking: model does not support thinking, passthrough |") - return body, nil - } - - // 4. Get config: suffix priority over body - var config ThinkingConfig - if suffixResult.HasSuffix { - config = parseSuffixToConfig(suffixResult.RawSuffix, providerFormat, model) - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": model, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: config from model suffix |") - } else { - config = extractThinkingConfig(body, providerFormat) - if hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: original config from request |") - } - } - - if !hasThinkingConfig(config) { - // codeql[go/clear-text-logging] - provider and model are non-sensitive identifiers - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - }).Debug("thinking: no config found, passthrough |") - return body, nil - } - - // 5. Validate and normalize configuration - validated, err := ValidateConfig(config, modelInfo, fromFormat, providerFormat, suffixResult.HasSuffix) - if err != nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - "error": err.Error(), - }).Warn("thinking: validation failed |") - // Return original body on validation failure (defensive programming). - // This ensures callers who ignore the error won't receive nil body. - // The upstream service will decide how to handle the unmodified request. - return body, err - } - - // Defensive check: ValidateConfig should never return (nil, nil) - if validated == nil { - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - }).Warn("thinking: ValidateConfig returned nil config without error, passthrough |") - return body, nil - } - - log.WithFields(log.Fields{ - "provider": providerFormat, - "model": modelInfo.ID, - "mode": validated.Mode, - "budget": validated.Budget, - "level": validated.Level, - }).Debug("thinking: processed config to apply |") - - // 6. Apply configuration using provider-specific applier - return applier.Apply(body, *validated, modelInfo) -} - -// parseSuffixToConfig converts a raw suffix string to ThinkingConfig. -// -// Parsing priority: -// 1. Special values: "none" → ModeNone, "auto"/"-1" → ModeAuto -// 2. Level names: "minimal", "low", "medium", "high", "xhigh" → ModeLevel -// 3. Numeric values: positive integers → ModeBudget, 0 → ModeNone -// -// If none of the above match, returns empty ThinkingConfig (treated as no config). -func parseSuffixToConfig(rawSuffix, provider, model string) ThinkingConfig { - // 1. Try special values first (none, auto, -1) - if mode, ok := ParseSpecialSuffix(rawSuffix); ok { - switch mode { - case ModeNone: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case ModeAuto: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - } - } - - // 2. Try level parsing (minimal, low, medium, high, xhigh) - if level, ok := ParseLevelSuffix(rawSuffix); ok { - return ThinkingConfig{Mode: ModeLevel, Level: level} - } - - // 3. Try numeric parsing - if budget, ok := ParseNumericSuffix(rawSuffix); ok { - if budget == 0 { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeBudget, Budget: budget} - } - - // Unknown suffix format - return empty config - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "raw_suffix": rawSuffix, - }).Debug("thinking: unknown suffix format, treating as no config |") - return ThinkingConfig{} -} - -// applyUserDefinedModel applies thinking configuration for user-defined models -// without ThinkingSupport validation. -func applyUserDefinedModel(body []byte, modelInfo *registry.ModelInfo, fromFormat, toFormat string, suffixResult SuffixResult) ([]byte, error) { - // Get model ID for logging - modelID := "" - if modelInfo != nil { - modelID = modelInfo.ID - } else { - modelID = suffixResult.ModelName - } - - // Get config: suffix priority over body - var config ThinkingConfig - if suffixResult.HasSuffix { - config = parseSuffixToConfig(suffixResult.RawSuffix, toFormat, modelID) - } else { - config = extractThinkingConfig(body, toFormat) - } - - if !hasThinkingConfig(config) { - log.WithFields(log.Fields{ - "model": modelID, - "provider": toFormat, - }).Debug("thinking: user-defined model, passthrough (no config) |") - return body, nil - } - - applier := GetProviderApplier(toFormat) - if applier == nil { - log.WithFields(log.Fields{ - "model": modelID, - "provider": toFormat, - }).Debug("thinking: user-defined model, passthrough (unknown provider) |") - return body, nil - } - - log.WithFields(log.Fields{ - "provider": toFormat, - "model": modelID, - "mode": config.Mode, - "budget": config.Budget, - "level": config.Level, - }).Debug("thinking: applying config for user-defined model (skip validation)") - - config = normalizeUserDefinedConfig(config, fromFormat, toFormat) - return applier.Apply(body, config, modelInfo) -} - -func normalizeUserDefinedConfig(config ThinkingConfig, fromFormat, toFormat string) ThinkingConfig { - if config.Mode != ModeLevel { - return config - } - if !isBudgetBasedProvider(toFormat) || !isLevelBasedProvider(fromFormat) { - return config - } - budget, ok := ConvertLevelToBudget(string(config.Level)) - if !ok { - return config - } - config.Mode = ModeBudget - config.Budget = budget - config.Level = "" - return config -} - -// extractThinkingConfig extracts provider-specific thinking config from request body. -func extractThinkingConfig(body []byte, provider string) ThinkingConfig { - if len(body) == 0 || !gjson.ValidBytes(body) { - return ThinkingConfig{} - } - - switch provider { - case "claude": - return extractClaudeConfig(body) - case "gemini", "gemini-cli", "antigravity": - return extractGeminiConfig(body, provider) - case "openai": - return extractOpenAIConfig(body) - case "codex": - return extractCodexConfig(body) - case "iflow": - config := extractIFlowConfig(body) - if hasThinkingConfig(config) { - return config - } - return extractOpenAIConfig(body) - case "kimi": - // Kimi uses OpenAI-compatible reasoning_effort format - return extractOpenAIConfig(body) - default: - return ThinkingConfig{} - } -} - -func hasThinkingConfig(config ThinkingConfig) bool { - return config.Mode != ModeBudget || config.Budget != 0 || config.Level != "" -} - -// extractClaudeConfig extracts thinking configuration from Claude format request body. -// -// Claude API format: -// - thinking.type: "enabled" or "disabled" -// - thinking.budget_tokens: integer (-1=auto, 0=disabled, >0=budget) -// -// Priority: thinking.type="disabled" takes precedence over budget_tokens. -// When type="enabled" without budget_tokens, returns ModeAuto to indicate -// the user wants thinking enabled but didn't specify a budget. -func extractClaudeConfig(body []byte) ThinkingConfig { - thinkingType := gjson.GetBytes(body, "thinking.type").String() - if thinkingType == "disabled" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - // Check budget_tokens - if budget := gjson.GetBytes(body, "thinking.budget_tokens"); budget.Exists() { - value := int(budget.Int()) - switch value { - case 0: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case -1: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeBudget, Budget: value} - } - } - - // If type="enabled" but no budget_tokens, treat as auto (user wants thinking but no budget specified) - if thinkingType == "enabled" { - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - } - - return ThinkingConfig{} -} - -// extractGeminiConfig extracts thinking configuration from Gemini format request body. -// -// Gemini API format: -// - generationConfig.thinkingConfig.thinkingLevel: "none", "auto", or level name (Gemini 3) -// - generationConfig.thinkingConfig.thinkingBudget: integer (Gemini 2.5) -// -// For gemini-cli and antigravity providers, the path is prefixed with "request.". -// -// Priority: thinkingLevel is checked first (Gemini 3 format), then thinkingBudget (Gemini 2.5 format). -// This allows newer Gemini 3 level-based configs to take precedence. -func extractGeminiConfig(body []byte, provider string) ThinkingConfig { - prefix := "generationConfig.thinkingConfig" - if provider == "gemini-cli" || provider == "antigravity" { - prefix = "request.generationConfig.thinkingConfig" - } - - // Check thinkingLevel first (Gemini 3 format takes precedence) - level := gjson.GetBytes(body, prefix+".thinkingLevel") - if !level.Exists() { - // Google official Gemini Python SDK sends snake_case field names - level = gjson.GetBytes(body, prefix+".thinking_level") - } - if level.Exists() { - value := level.String() - switch value { - case "none": - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case "auto": - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - } - - // Check thinkingBudget (Gemini 2.5 format) - budget := gjson.GetBytes(body, prefix+".thinkingBudget") - if !budget.Exists() { - // Google official Gemini Python SDK sends snake_case field names - budget = gjson.GetBytes(body, prefix+".thinking_budget") - } - if budget.Exists() { - value := int(budget.Int()) - switch value { - case 0: - return ThinkingConfig{Mode: ModeNone, Budget: 0} - case -1: - return ThinkingConfig{Mode: ModeAuto, Budget: -1} - default: - return ThinkingConfig{Mode: ModeBudget, Budget: value} - } - } - - return ThinkingConfig{} -} - -// extractOpenAIConfig extracts thinking configuration from OpenAI format request body. -// -// OpenAI API format: -// - reasoning_effort: "none", "low", "medium", "high" (discrete levels) -// -// OpenAI uses level-based thinking configuration only, no numeric budget support. -// The "none" value is treated specially to return ModeNone. -func extractOpenAIConfig(body []byte) ThinkingConfig { - // Check reasoning_effort (OpenAI Chat Completions format) - if effort := gjson.GetBytes(body, "reasoning_effort"); effort.Exists() { - value := effort.String() - if value == "none" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - - return ThinkingConfig{} -} - -// extractCodexConfig extracts thinking configuration from Codex format request body. -// -// Codex API format (OpenAI Responses API): -// - reasoning.effort: "none", "low", "medium", "high" -// -// This is similar to OpenAI but uses nested field "reasoning.effort" instead of "reasoning_effort". -func extractCodexConfig(body []byte) ThinkingConfig { - // Check reasoning.effort (Codex / OpenAI Responses API format) - if effort := gjson.GetBytes(body, "reasoning.effort"); effort.Exists() { - value := effort.String() - if value == "none" { - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - return ThinkingConfig{Mode: ModeLevel, Level: ThinkingLevel(value)} - } - - return ThinkingConfig{} -} - -// extractIFlowConfig extracts thinking configuration from iFlow format request body. -// -// iFlow API format (supports multiple model families): -// - GLM format: chat_template_kwargs.enable_thinking (boolean) -// - MiniMax format: reasoning_split (boolean) -// -// Returns ModeBudget with Budget=1 as a sentinel value indicating "enabled". -// The actual budget/configuration is determined by the iFlow applier based on model capabilities. -// Budget=1 is used because iFlow models don't use numeric budgets; they only support on/off. -func extractIFlowConfig(body []byte) ThinkingConfig { - // GLM format: chat_template_kwargs.enable_thinking - if enabled := gjson.GetBytes(body, "chat_template_kwargs.enable_thinking"); enabled.Exists() { - if enabled.Bool() { - // Budget=1 is a sentinel meaning "enabled" (iFlow doesn't use numeric budgets) - return ThinkingConfig{Mode: ModeBudget, Budget: 1} - } - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - // MiniMax format: reasoning_split - if split := gjson.GetBytes(body, "reasoning_split"); split.Exists() { - if split.Bool() { - // Budget=1 is a sentinel meaning "enabled" (iFlow doesn't use numeric budgets) - return ThinkingConfig{Mode: ModeBudget, Budget: 1} - } - return ThinkingConfig{Mode: ModeNone, Budget: 0} - } - - return ThinkingConfig{} -} diff --git a/internal/thinking/convert.go b/internal/thinking/convert.go deleted file mode 100644 index f3ba9e4e92..0000000000 --- a/internal/thinking/convert.go +++ /dev/null @@ -1,142 +0,0 @@ -package thinking - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" -) - -// levelToBudgetMap defines the standard Level → Budget mapping. -// All keys are lowercase; lookups should use strings.ToLower. -var levelToBudgetMap = map[string]int{ - "none": 0, - "auto": -1, - "minimal": 512, - "low": 1024, - "medium": 8192, - "high": 24576, - "xhigh": 32768, -} - -// ConvertLevelToBudget converts a thinking level to a budget value. -// -// This is a semantic conversion that maps discrete levels to numeric budgets. -// Level matching is case-insensitive. -// -// Level → Budget mapping: -// - none → 0 -// - auto → -1 -// - minimal → 512 -// - low → 1024 -// - medium → 8192 -// - high → 24576 -// - xhigh → 32768 -// -// Returns: -// - budget: The converted budget value -// - ok: true if level is valid, false otherwise -func ConvertLevelToBudget(level string) (int, bool) { - budget, ok := levelToBudgetMap[strings.ToLower(level)] - return budget, ok -} - -// BudgetThreshold constants define the upper bounds for each thinking level. -// These are used by ConvertBudgetToLevel for range-based mapping. -const ( - // ThresholdMinimal is the upper bound for "minimal" level (1-512) - ThresholdMinimal = 512 - // ThresholdLow is the upper bound for "low" level (513-1024) - ThresholdLow = 1024 - // ThresholdMedium is the upper bound for "medium" level (1025-8192) - ThresholdMedium = 8192 - // ThresholdHigh is the upper bound for "high" level (8193-24576) - ThresholdHigh = 24576 -) - -// ConvertBudgetToLevel converts a budget value to the nearest thinking level. -// -// This is a semantic conversion that maps numeric budgets to discrete levels. -// Uses threshold-based mapping for range conversion. -// -// Budget → Level thresholds: -// - -1 → auto -// - 0 → none -// - 1-512 → minimal -// - 513-1024 → low -// - 1025-8192 → medium -// - 8193-24576 → high -// - 24577+ → xhigh -// -// Returns: -// - level: The converted thinking level string -// - ok: true if budget is valid, false for invalid negatives (< -1) -func ConvertBudgetToLevel(budget int) (string, bool) { - switch { - case budget < -1: - // Invalid negative values - return "", false - case budget == -1: - return string(LevelAuto), true - case budget == 0: - return string(LevelNone), true - case budget <= ThresholdMinimal: - return string(LevelMinimal), true - case budget <= ThresholdLow: - return string(LevelLow), true - case budget <= ThresholdMedium: - return string(LevelMedium), true - case budget <= ThresholdHigh: - return string(LevelHigh), true - default: - return string(LevelXHigh), true - } -} - -// ModelCapability describes the thinking format support of a model. -type ModelCapability int - -const ( - // CapabilityUnknown indicates modelInfo is nil (passthrough behavior, internal use). - CapabilityUnknown ModelCapability = iota - 1 - // CapabilityNone indicates model doesn't support thinking (Thinking is nil). - CapabilityNone - // CapabilityBudgetOnly indicates the model supports numeric budgets only. - CapabilityBudgetOnly - // CapabilityLevelOnly indicates the model supports discrete levels only. - CapabilityLevelOnly - // CapabilityHybrid indicates the model supports both budgets and levels. - CapabilityHybrid -) - -// detectModelCapability determines the thinking format capability of a model. -// -// This is an internal function used by validation and conversion helpers. -// It analyzes the model's ThinkingSupport configuration to classify the model: -// - CapabilityNone: modelInfo.Thinking is nil (model doesn't support thinking) -// - CapabilityBudgetOnly: Has Min/Max but no Levels (Claude, Gemini 2.5) -// - CapabilityLevelOnly: Has Levels but no Min/Max (OpenAI, iFlow) -// - CapabilityHybrid: Has both Min/Max and Levels (Gemini 3) -// -// Note: Returns a special sentinel value when modelInfo itself is nil (unknown model). -func detectModelCapability(modelInfo *registry.ModelInfo) ModelCapability { - if modelInfo == nil { - return CapabilityUnknown // sentinel for "passthrough" behavior - } - if modelInfo.Thinking == nil { - return CapabilityNone - } - support := modelInfo.Thinking - hasBudget := support.Min > 0 || support.Max > 0 - hasLevels := len(support.Levels) > 0 - - switch { - case hasBudget && hasLevels: - return CapabilityHybrid - case hasBudget: - return CapabilityBudgetOnly - case hasLevels: - return CapabilityLevelOnly - default: - return CapabilityNone - } -} diff --git a/internal/thinking/errors.go b/internal/thinking/errors.go deleted file mode 100644 index 5eed93814e..0000000000 --- a/internal/thinking/errors.go +++ /dev/null @@ -1,82 +0,0 @@ -// Package thinking provides unified thinking configuration processing logic. -package thinking - -import "net/http" - -// ErrorCode represents the type of thinking configuration error. -type ErrorCode string - -// Error codes for thinking configuration processing. -const ( - // ErrInvalidSuffix indicates the suffix format cannot be parsed. - // Example: "model(abc" (missing closing parenthesis) - ErrInvalidSuffix ErrorCode = "INVALID_SUFFIX" - - // ErrUnknownLevel indicates the level value is not in the valid list. - // Example: "model(ultra)" where "ultra" is not a valid level - ErrUnknownLevel ErrorCode = "UNKNOWN_LEVEL" - - // ErrThinkingNotSupported indicates the model does not support thinking. - // Example: claude-haiku-4-5 does not have thinking capability - ErrThinkingNotSupported ErrorCode = "THINKING_NOT_SUPPORTED" - - // ErrLevelNotSupported indicates the model does not support level mode. - // Example: using level with a budget-only model - ErrLevelNotSupported ErrorCode = "LEVEL_NOT_SUPPORTED" - - // ErrBudgetOutOfRange indicates the budget value is outside model range. - // Example: budget 64000 exceeds max 20000 - ErrBudgetOutOfRange ErrorCode = "BUDGET_OUT_OF_RANGE" - - // ErrProviderMismatch indicates the provider does not match the model. - // Example: applying Claude format to a Gemini model - ErrProviderMismatch ErrorCode = "PROVIDER_MISMATCH" -) - -// ThinkingError represents an error that occurred during thinking configuration processing. -// -// This error type provides structured information about the error, including: -// - Code: A machine-readable error code for programmatic handling -// - Message: A human-readable description of the error -// - Model: The model name related to the error (optional) -// - Details: Additional context information (optional) -type ThinkingError struct { - // Code is the machine-readable error code - Code ErrorCode - // Message is the human-readable error description. - // Should be lowercase, no trailing period, with context if applicable. - Message string - // Model is the model name related to this error (optional) - Model string - // Details contains additional context information (optional) - Details map[string]interface{} -} - -// Error implements the error interface. -// Returns the message directly without code prefix. -// Use Code field for programmatic error handling. -func (e *ThinkingError) Error() string { - return e.Message -} - -// NewThinkingError creates a new ThinkingError with the given code and message. -func NewThinkingError(code ErrorCode, message string) *ThinkingError { - return &ThinkingError{ - Code: code, - Message: message, - } -} - -// NewThinkingErrorWithModel creates a new ThinkingError with model context. -func NewThinkingErrorWithModel(code ErrorCode, message, model string) *ThinkingError { - return &ThinkingError{ - Code: code, - Message: message, - Model: model, - } -} - -// StatusCode implements a portable status code interface for HTTP handlers. -func (e *ThinkingError) StatusCode() int { - return http.StatusBadRequest -} diff --git a/internal/thinking/provider/antigravity/apply.go b/internal/thinking/provider/antigravity/apply.go deleted file mode 100644 index a6b1c95d19..0000000000 --- a/internal/thinking/provider/antigravity/apply.go +++ /dev/null @@ -1,236 +0,0 @@ -// Package antigravity implements thinking configuration for Antigravity API format. -// -// Antigravity uses request.generationConfig.thinkingConfig.* path (same as gemini-cli) -// but requires additional normalization for Claude models: -// - Ensure thinking budget < max_tokens -// - Remove thinkingConfig if budget < minimum allowed -package antigravity - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Antigravity API format. -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Antigravity thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("antigravity", NewApplier()) -} - -// Apply applies thinking configuration to Antigravity request body. -// -// For Claude models, additional constraints are applied: -// - Ensure thinking budget < max_tokens -// - Remove thinkingConfig if budget < minimum allowed -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config, modelInfo) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - isClaude := strings.Contains(strings.ToLower(modelInfo.ID), "claude") - - // ModeAuto: Always use Budget format with thinkingBudget=-1 - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - if config.Mode == thinking.ModeBudget { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - - // For non-auto modes, choose format based on model capabilities - support := modelInfo.Thinking - if len(support.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config, modelInfo, isClaude) -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - isClaude := false - if modelInfo != nil { - isClaude = strings.Contains(strings.ToLower(modelInfo.ID), "claude") - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config, modelInfo, isClaude) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config, modelInfo, isClaude) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo, isClaude bool) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // Apply Claude-specific constraints first to get the final budget value - if isClaude && modelInfo != nil { - budget, result = a.normalizeClaudeBudget(budget, result, modelInfo) - // Check if budget was removed entirely - if budget == -2 { - return result, nil - } - } - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -// normalizeClaudeBudget applies Claude-specific constraints to thinking budget. -// -// It handles: -// - Ensuring thinking budget < max_tokens -// - Removing thinkingConfig if budget < minimum allowed -// -// Returns the normalized budget and updated payload. -// Returns budget=-2 as a sentinel indicating thinkingConfig was removed entirely. -func (a *Applier) normalizeClaudeBudget(budget int, payload []byte, modelInfo *registry.ModelInfo) (int, []byte) { - if modelInfo == nil { - return budget, payload - } - - // Get effective max tokens - effectiveMax, setDefaultMax := a.effectiveMaxTokens(payload, modelInfo) - if effectiveMax > 0 && budget >= effectiveMax { - budget = effectiveMax - 1 - } - - // Check minimum budget - minBudget := 0 - if modelInfo.Thinking != nil { - minBudget = modelInfo.Thinking.Min - } - if minBudget > 0 && budget >= 0 && budget < minBudget { - // Budget is below minimum, remove thinking config entirely - payload, _ = sjson.DeleteBytes(payload, "request.generationConfig.thinkingConfig") - return -2, payload - } - - // Set default max tokens if needed - if setDefaultMax && effectiveMax > 0 { - payload, _ = sjson.SetBytes(payload, "request.generationConfig.maxOutputTokens", effectiveMax) - } - - return budget, payload -} - -// effectiveMaxTokens returns the max tokens to cap thinking: -// prefer request-provided maxOutputTokens; otherwise fall back to model default. -// The boolean indicates whether the value came from the model default (and thus should be written back). -func (a *Applier) effectiveMaxTokens(payload []byte, modelInfo *registry.ModelInfo) (max int, fromModel bool) { - if maxTok := gjson.GetBytes(payload, "request.generationConfig.maxOutputTokens"); maxTok.Exists() && maxTok.Int() > 0 { - return int(maxTok.Int()), false - } - if modelInfo != nil && modelInfo.MaxCompletionTokens > 0 { - return modelInfo.MaxCompletionTokens, true - } - return 0, false -} diff --git a/internal/thinking/provider/claude/apply.go b/internal/thinking/provider/claude/apply.go deleted file mode 100644 index 680e0247e3..0000000000 --- a/internal/thinking/provider/claude/apply.go +++ /dev/null @@ -1,166 +0,0 @@ -// Package claude implements thinking configuration scaffolding for Claude models. -// -// Claude models use the thinking.budget_tokens format with values in the range -// 1024-128000. Some Claude models support ZeroAllowed (sonnet-4-5, opus-4-5), -// while older models do not. -// See: _bmad-output/planning-artifacts/architecture.md#Epic-6 -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Claude models. -// This applier is stateless and holds no configuration. -type Applier struct{} - -// NewApplier creates a new Claude thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("claude", NewApplier()) -} - -// Apply applies thinking configuration to Claude request body. -// -// IMPORTANT: This method expects config to be pre-validated by thinking.ValidateConfig. -// ValidateConfig handles: -// - Mode conversion (Level→Budget, Auto→Budget) -// - Budget clamping to model range -// - ZeroAllowed constraint enforcement -// -// Apply only processes ModeBudget and ModeNone; other modes are passed through unchanged. -// -// Expected output format when enabled: -// -// { -// "thinking": { -// "type": "enabled", -// "budget_tokens": 16384 -// } -// } -// -// Expected output format when disabled: -// -// { -// "thinking": { -// "type": "disabled" -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleClaude(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only process ModeBudget and ModeNone; other modes pass through - // (caller should use ValidateConfig first to normalize modes) - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // Budget is expected to be pre-validated by ValidateConfig (clamped, ZeroAllowed enforced) - // Decide enabled/disabled based on budget value - if config.Budget == 0 { - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - } - - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.SetBytes(result, "thinking.budget_tokens", config.Budget) - - // Ensure max_tokens > thinking.budget_tokens (Anthropic API constraint) - result = a.normalizeClaudeBudget(result, config.Budget, modelInfo) - return result, nil -} - -// normalizeClaudeBudget applies Claude-specific constraints to ensure max_tokens > budget_tokens. -// Anthropic API requires this constraint; violating it returns a 400 error. -func (a *Applier) normalizeClaudeBudget(body []byte, budgetTokens int, modelInfo *registry.ModelInfo) []byte { - if budgetTokens <= 0 { - return body - } - - // Ensure the request satisfies Claude constraints: - // 1) Determine effective max_tokens (request overrides model default) - // 2) If budget_tokens >= max_tokens, reduce budget_tokens to max_tokens-1 - // 3) If the adjusted budget falls below the model minimum, leave the request unchanged - // 4) If max_tokens came from model default, write it back into the request - - effectiveMax, setDefaultMax := a.effectiveMaxTokens(body, modelInfo) - if setDefaultMax && effectiveMax > 0 { - body, _ = sjson.SetBytes(body, "max_tokens", effectiveMax) - } - - // Compute the budget we would apply after enforcing budget_tokens < max_tokens. - adjustedBudget := budgetTokens - if effectiveMax > 0 && adjustedBudget >= effectiveMax { - adjustedBudget = effectiveMax - 1 - } - - minBudget := 0 - if modelInfo != nil && modelInfo.Thinking != nil { - minBudget = modelInfo.Thinking.Min - } - if minBudget > 0 && adjustedBudget > 0 && adjustedBudget < minBudget { - // If enforcing the max_tokens constraint would push the budget below the model minimum, - // leave the request unchanged. - return body - } - - if adjustedBudget != budgetTokens { - body, _ = sjson.SetBytes(body, "thinking.budget_tokens", adjustedBudget) - } - - return body -} - -// effectiveMaxTokens returns the max tokens to cap thinking: -// prefer request-provided max_tokens; otherwise fall back to model default. -// The boolean indicates whether the value came from the model default (and thus should be written back). -func (a *Applier) effectiveMaxTokens(body []byte, modelInfo *registry.ModelInfo) (max int, fromModel bool) { - if maxTok := gjson.GetBytes(body, "max_tokens"); maxTok.Exists() && maxTok.Int() > 0 { - return int(maxTok.Int()), false - } - if modelInfo != nil && modelInfo.MaxCompletionTokens > 0 { - return modelInfo.MaxCompletionTokens, true - } - return 0, false -} - -func applyCompatibleClaude(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - switch config.Mode { - case thinking.ModeNone: - result, _ := sjson.SetBytes(body, "thinking.type", "disabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - case thinking.ModeAuto: - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.DeleteBytes(result, "thinking.budget_tokens") - return result, nil - default: - result, _ := sjson.SetBytes(body, "thinking.type", "enabled") - result, _ = sjson.SetBytes(result, "thinking.budget_tokens", config.Budget) - return result, nil - } -} diff --git a/internal/thinking/provider/codex/apply.go b/internal/thinking/provider/codex/apply.go deleted file mode 100644 index 55610c7b0f..0000000000 --- a/internal/thinking/provider/codex/apply.go +++ /dev/null @@ -1,131 +0,0 @@ -// Package codex implements thinking configuration for Codex (OpenAI Responses API) models. -// -// Codex models use the reasoning.effort format with discrete levels -// (low/medium/high). This is similar to OpenAI but uses nested field -// "reasoning.effort" instead of "reasoning_effort". -// See: _bmad-output/planning-artifacts/architecture.md#Epic-8 -package codex - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Codex models. -// -// Codex-specific behavior: -// - Output format: reasoning.effort (string: low/medium/high/xhigh) -// - Level-only mode: no numeric budget support -// - Some models support ZeroAllowed (gpt-5.1, gpt-5.2) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Codex thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("codex", NewApplier()) -} - -// Apply applies thinking configuration to Codex request body. -// -// Expected output format: -// -// { -// "reasoning": { -// "effort": "high" -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleCodex(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only handle ModeLevel and ModeNone; other modes pass through unchanged. - if config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeLevel { - result, _ := sjson.SetBytes(body, "reasoning.effort", string(config.Level)) - return result, nil - } - - effort := "" - support := modelInfo.Thinking - if config.Budget == 0 { - if support.ZeroAllowed || hasLevel(support.Levels, string(thinking.LevelNone)) { - effort = string(thinking.LevelNone) - } - } - if effort == "" && config.Level != "" { - effort = string(config.Level) - } - if effort == "" && len(support.Levels) > 0 { - effort = support.Levels[0] - } - if effort == "" { - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning.effort", effort) - return result, nil -} - -func applyCompatibleCodex(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - // Auto mode for user-defined models: pass through as "auto" - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Budget mode: convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning.effort", effort) - return result, nil -} - -func hasLevel(levels []string, target string) bool { - for _, level := range levels { - if strings.EqualFold(strings.TrimSpace(level), target) { - return true - } - } - return false -} diff --git a/internal/thinking/provider/gemini/apply.go b/internal/thinking/provider/gemini/apply.go deleted file mode 100644 index ee922e91af..0000000000 --- a/internal/thinking/provider/gemini/apply.go +++ /dev/null @@ -1,200 +0,0 @@ -// Package gemini implements thinking configuration for Gemini models. -// -// Gemini models have two formats: -// - Gemini 2.5: Uses thinkingBudget (numeric) -// - Gemini 3.x: Uses thinkingLevel (string: minimal/low/medium/high) -// or thinkingBudget=-1 for auto/dynamic mode -// -// Output format is determined by ThinkingConfig.Mode and ThinkingSupport.Levels: -// - ModeAuto: Always uses thinkingBudget=-1 (both Gemini 2.5 and 3.x) -// - len(Levels) > 0: Uses thinkingLevel (Gemini 3.x discrete levels) -// - len(Levels) == 0: Uses thinkingBudget (Gemini 2.5) -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Gemini models. -// -// Gemini-specific behavior: -// - Gemini 2.5: thinkingBudget format, flash series supports ZeroAllowed -// - Gemini 3.x: thinkingLevel format, cannot be disabled -// - Use ThinkingSupport.Levels to decide output format -type Applier struct{} - -// NewApplier creates a new Gemini thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("gemini", NewApplier()) -} - -// Apply applies thinking configuration to Gemini request body. -// -// Expected output format (Gemini 2.5): -// -// { -// "generationConfig": { -// "thinkingConfig": { -// "thinkingBudget": 8192, -// "includeThoughts": true -// } -// } -// } -// -// Expected output format (Gemini 3.x): -// -// { -// "generationConfig": { -// "thinkingConfig": { -// "thinkingLevel": "high", -// "includeThoughts": true -// } -// } -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // Choose format based on config.Mode and model capabilities: - // - ModeLevel: use Level format (validation will reject unsupported levels) - // - ModeNone: use Level format if model has Levels, else Budget format - // - ModeBudget/ModeAuto: use Budget format - switch config.Mode { - case thinking.ModeLevel: - return a.applyLevelFormat(body, config) - case thinking.ModeNone: - // ModeNone: route based on model capability (has Levels or not) - if len(modelInfo.Thinking.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config) - default: - return a.applyBudgetFormat(body, config) - } -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // ModeNone semantics: - // - ModeNone + Budget=0: completely disable thinking (not possible for Level-only models) - // - ModeNone + Budget>0: forced to think but hide output (includeThoughts=false) - // ValidateConfig sets config.Level to the lowest level when ModeNone + Budget > 0. - - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} diff --git a/internal/thinking/provider/geminicli/apply.go b/internal/thinking/provider/geminicli/apply.go deleted file mode 100644 index b9dea23e6e..0000000000 --- a/internal/thinking/provider/geminicli/apply.go +++ /dev/null @@ -1,161 +0,0 @@ -// Package geminicli implements thinking configuration for Gemini CLI API format. -// -// Gemini CLI uses request.generationConfig.thinkingConfig.* path instead of -// generationConfig.thinkingConfig.* used by standard Gemini API. -package geminicli - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier applies thinking configuration for Gemini CLI API format. -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Gemini CLI thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("gemini-cli", NewApplier()) -} - -// Apply applies thinking configuration to Gemini CLI request body. -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return a.applyCompatible(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - // ModeAuto: Always use Budget format with thinkingBudget=-1 - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - if config.Mode == thinking.ModeBudget { - return a.applyBudgetFormat(body, config) - } - - // For non-auto modes, choose format based on model capabilities - support := modelInfo.Thinking - if len(support.Levels) > 0 { - return a.applyLevelFormat(body, config) - } - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyCompatible(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if config.Mode != thinking.ModeBudget && config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone && config.Mode != thinking.ModeAuto { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeAuto { - return a.applyBudgetFormat(body, config) - } - - if config.Mode == thinking.ModeLevel || (config.Mode == thinking.ModeNone && config.Level != "") { - return a.applyLevelFormat(body, config) - } - - return a.applyBudgetFormat(body, config) -} - -func (a *Applier) applyLevelFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingBudget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - if config.Level != "" { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", string(config.Level)) - } - return result, nil - } - - // Only handle ModeLevel - budget conversion should be done by upper layer - if config.Mode != thinking.ModeLevel { - return body, nil - } - - level := string(config.Level) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingLevel", level) - - // Respect user's explicit includeThoughts setting from original body; default to true if not set - // Support both camelCase and snake_case variants - includeThoughts := true - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - } - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} - -func (a *Applier) applyBudgetFormat(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - // Remove conflicting fields to avoid both thinkingLevel and thinkingBudget in output - result, _ := sjson.DeleteBytes(body, "request.generationConfig.thinkingConfig.thinkingLevel") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_level") - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.thinking_budget") - // Normalize includeThoughts field name to avoid oneof conflicts in upstream JSON parsing. - result, _ = sjson.DeleteBytes(result, "request.generationConfig.thinkingConfig.include_thoughts") - - budget := config.Budget - - // For ModeNone, always set includeThoughts to false regardless of user setting. - // This ensures that when user requests budget=0 (disable thinking output), - // the includeThoughts is correctly set to false even if budget is clamped to min. - if config.Mode == thinking.ModeNone { - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", false) - return result, nil - } - - // Determine includeThoughts: respect user's explicit setting from original body if provided - // Support both camelCase and snake_case variants - var includeThoughts bool - var userSetIncludeThoughts bool - if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.includeThoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } else if inc := gjson.GetBytes(body, "request.generationConfig.thinkingConfig.include_thoughts"); inc.Exists() { - includeThoughts = inc.Bool() - userSetIncludeThoughts = true - } - - if !userSetIncludeThoughts { - // No explicit setting, use default logic based on mode - switch config.Mode { - case thinking.ModeAuto: - includeThoughts = true - default: - includeThoughts = budget > 0 - } - } - - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - result, _ = sjson.SetBytes(result, "request.generationConfig.thinkingConfig.includeThoughts", includeThoughts) - return result, nil -} diff --git a/internal/thinking/provider/iflow/apply.go b/internal/thinking/provider/iflow/apply.go deleted file mode 100644 index 7a395cedaf..0000000000 --- a/internal/thinking/provider/iflow/apply.go +++ /dev/null @@ -1,173 +0,0 @@ -// Package iflow implements thinking configuration for iFlow models. -// -// iFlow models use boolean toggle semantics: -// - Models using chat_template_kwargs.enable_thinking (boolean toggle) -// - MiniMax models: reasoning_split (boolean) -// -// Level values are converted to boolean: none=false, all others=true -// See: _bmad-output/planning-artifacts/architecture.md#Epic-9 -package iflow - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for iFlow models. -// -// iFlow-specific behavior: -// - enable_thinking toggle models: enable_thinking boolean -// - GLM models: enable_thinking boolean + clear_thinking=false -// - MiniMax models: reasoning_split boolean -// - Level to boolean: none=false, others=true -// - No quantized support (only on/off) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new iFlow thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("iflow", NewApplier()) -} - -// Apply applies thinking configuration to iFlow request body. -// -// Expected output format (GLM): -// -// { -// "chat_template_kwargs": { -// "enable_thinking": true, -// "clear_thinking": false -// } -// } -// -// Expected output format (MiniMax): -// -// { -// "reasoning_split": true -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return body, nil - } - if modelInfo.Thinking == nil { - return body, nil - } - - if isEnableThinkingModel(modelInfo.ID) { - return applyEnableThinking(body, config, isGLMModel(modelInfo.ID)), nil - } - - if isMiniMaxModel(modelInfo.ID) { - return applyMiniMax(body, config), nil - } - - return body, nil -} - -// configToBoolean converts ThinkingConfig to boolean for iFlow models. -// -// Conversion rules: -// - ModeNone: false -// - ModeAuto: true -// - ModeBudget + Budget=0: false -// - ModeBudget + Budget>0: true -// - ModeLevel + Level="none": false -// - ModeLevel + any other level: true -// - Default (unknown mode): true -func configToBoolean(config thinking.ThinkingConfig) bool { - switch config.Mode { - case thinking.ModeNone: - return false - case thinking.ModeAuto: - return true - case thinking.ModeBudget: - return config.Budget > 0 - case thinking.ModeLevel: - return config.Level != thinking.LevelNone - default: - return true - } -} - -// applyEnableThinking applies thinking configuration for models that use -// chat_template_kwargs.enable_thinking format. -// -// Output format when enabled: -// -// {"chat_template_kwargs": {"enable_thinking": true, "clear_thinking": false}} -// -// Output format when disabled: -// -// {"chat_template_kwargs": {"enable_thinking": false}} -// -// Note: clear_thinking is only set for GLM models when thinking is enabled. -func applyEnableThinking(body []byte, config thinking.ThinkingConfig, setClearThinking bool) []byte { - enableThinking := configToBoolean(config) - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - result, _ := sjson.SetBytes(body, "chat_template_kwargs.enable_thinking", enableThinking) - - // clear_thinking is a GLM-only knob, strip it for other models. - result, _ = sjson.DeleteBytes(result, "chat_template_kwargs.clear_thinking") - - // clear_thinking only needed when thinking is enabled - if enableThinking && setClearThinking { - result, _ = sjson.SetBytes(result, "chat_template_kwargs.clear_thinking", false) - } - - return result -} - -// applyMiniMax applies thinking configuration for MiniMax models. -// -// Output format: -// -// {"reasoning_split": true/false} -func applyMiniMax(body []byte, config thinking.ThinkingConfig) []byte { - reasoningSplit := configToBoolean(config) - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - result, _ := sjson.SetBytes(body, "reasoning_split", reasoningSplit) - - return result -} - -// isEnableThinkingModel determines if the model uses chat_template_kwargs.enable_thinking format. -func isEnableThinkingModel(modelID string) bool { - if isGLMModel(modelID) { - return true - } - id := strings.ToLower(modelID) - switch id { - case "qwen3-max-preview", "deepseek-v3.2", "deepseek-v3.1": - return true - default: - return false - } -} - -// isGLMModel determines if the model is a GLM series model. -func isGLMModel(modelID string) bool { - return strings.HasPrefix(strings.ToLower(modelID), "glm") -} - -// isMiniMaxModel determines if the model is a MiniMax series model. -// MiniMax models use reasoning_split format. -func isMiniMaxModel(modelID string) bool { - return strings.HasPrefix(strings.ToLower(modelID), "minimax") -} diff --git a/internal/thinking/provider/kimi/apply.go b/internal/thinking/provider/kimi/apply.go deleted file mode 100644 index e4c4de4f1f..0000000000 --- a/internal/thinking/provider/kimi/apply.go +++ /dev/null @@ -1,126 +0,0 @@ -// Package kimi implements thinking configuration for Kimi (Moonshot AI) models. -// -// Kimi models use the OpenAI-compatible reasoning_effort format with discrete levels -// (low/medium/high). The provider strips any existing thinking config and applies -// the unified ThinkingConfig in OpenAI format. -package kimi - -import ( - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for Kimi models. -// -// Kimi-specific behavior: -// - Output format: reasoning_effort (string: low/medium/high) -// - Uses OpenAI-compatible format -// - Supports budget-to-level conversion -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new Kimi thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("kimi", NewApplier()) -} - -// Apply applies thinking configuration to Kimi request body. -// -// Expected output format: -// -// { -// "reasoning_effort": "high" -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleKimi(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - // Kimi uses "none" to disable thinking - effort = string(thinking.LevelNone) - case thinking.ModeBudget: - // Convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - case thinking.ModeAuto: - // Auto mode maps to "auto" effort - effort = string(thinking.LevelAuto) - default: - return body, nil - } - - if effort == "" { - return body, nil - } - - result, err := sjson.SetBytes(body, "reasoning_effort", effort) - if err != nil { - return body, fmt.Errorf("kimi thinking: failed to set reasoning_effort: %w", err) - } - return result, nil -} - -// applyCompatibleKimi applies thinking config for user-defined Kimi models. -func applyCompatibleKimi(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Convert budget to level - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, err := sjson.SetBytes(body, "reasoning_effort", effort) - if err != nil { - return body, fmt.Errorf("kimi thinking: failed to set reasoning_effort: %w", err) - } - return result, nil -} diff --git a/internal/thinking/provider/openai/apply.go b/internal/thinking/provider/openai/apply.go deleted file mode 100644 index 8c7e114ca9..0000000000 --- a/internal/thinking/provider/openai/apply.go +++ /dev/null @@ -1,128 +0,0 @@ -// Package openai implements thinking configuration for OpenAI/Codex models. -// -// OpenAI models use the reasoning_effort format with discrete levels -// (low/medium/high). Some models support xhigh and none levels. -// See: _bmad-output/planning-artifacts/architecture.md#Epic-8 -package openai - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Applier implements thinking.ProviderApplier for OpenAI models. -// -// OpenAI-specific behavior: -// - Output format: reasoning_effort (string: low/medium/high/xhigh) -// - Level-only mode: no numeric budget support -// - Some models support ZeroAllowed (gpt-5.1, gpt-5.2) -type Applier struct{} - -var _ thinking.ProviderApplier = (*Applier)(nil) - -// NewApplier creates a new OpenAI thinking applier. -func NewApplier() *Applier { - return &Applier{} -} - -func init() { - thinking.RegisterProvider("openai", NewApplier()) -} - -// Apply applies thinking configuration to OpenAI request body. -// -// Expected output format: -// -// { -// "reasoning_effort": "high" -// } -func (a *Applier) Apply(body []byte, config thinking.ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) { - if thinking.IsUserDefinedModel(modelInfo) { - return applyCompatibleOpenAI(body, config) - } - if modelInfo.Thinking == nil { - return body, nil - } - - // Only handle ModeLevel and ModeNone; other modes pass through unchanged. - if config.Mode != thinking.ModeLevel && config.Mode != thinking.ModeNone { - return body, nil - } - - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - if config.Mode == thinking.ModeLevel { - result, _ := sjson.SetBytes(body, "reasoning_effort", string(config.Level)) - return result, nil - } - - effort := "" - support := modelInfo.Thinking - if config.Budget == 0 { - if support.ZeroAllowed || hasLevel(support.Levels, string(thinking.LevelNone)) { - effort = string(thinking.LevelNone) - } - } - if effort == "" && config.Level != "" { - effort = string(config.Level) - } - if effort == "" && len(support.Levels) > 0 { - effort = support.Levels[0] - } - if effort == "" { - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning_effort", effort) - return result, nil -} - -func applyCompatibleOpenAI(body []byte, config thinking.ThinkingConfig) ([]byte, error) { - if len(body) == 0 || !gjson.ValidBytes(body) { - body = []byte(`{}`) - } - - var effort string - switch config.Mode { - case thinking.ModeLevel: - if config.Level == "" { - return body, nil - } - effort = string(config.Level) - case thinking.ModeNone: - effort = string(thinking.LevelNone) - if config.Level != "" { - effort = string(config.Level) - } - case thinking.ModeAuto: - // Auto mode for user-defined models: pass through as "auto" - effort = string(thinking.LevelAuto) - case thinking.ModeBudget: - // Budget mode: convert budget to level using threshold mapping - level, ok := thinking.ConvertBudgetToLevel(config.Budget) - if !ok { - return body, nil - } - effort = level - default: - return body, nil - } - - result, _ := sjson.SetBytes(body, "reasoning_effort", effort) - return result, nil -} - -func hasLevel(levels []string, target string) bool { - for _, level := range levels { - if strings.EqualFold(strings.TrimSpace(level), target) { - return true - } - } - return false -} diff --git a/internal/thinking/strip.go b/internal/thinking/strip.go deleted file mode 100644 index eb69171504..0000000000 --- a/internal/thinking/strip.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -package thinking - -import ( - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// StripThinkingConfig removes thinking configuration fields from request body. -// -// This function is used when a model doesn't support thinking but the request -// contains thinking configuration. The configuration is silently removed to -// prevent upstream API errors. -// -// Parameters: -// - body: Original request body JSON -// - provider: Provider name (determines which fields to strip) -// -// Returns: -// - Modified request body JSON with thinking configuration removed -// - Original body is returned unchanged if: -// - body is empty or invalid JSON -// - provider is unknown -// - no thinking configuration found -func StripThinkingConfig(body []byte, provider string) []byte { - if len(body) == 0 || !gjson.ValidBytes(body) { - return body - } - - var paths []string - switch provider { - case "claude": - paths = []string{"thinking"} - case "gemini": - paths = []string{"generationConfig.thinkingConfig"} - case "gemini-cli", "antigravity": - paths = []string{"request.generationConfig.thinkingConfig"} - case "openai": - paths = []string{"reasoning_effort"} - case "codex": - paths = []string{"reasoning.effort"} - case "iflow": - paths = []string{ - "chat_template_kwargs.enable_thinking", - "chat_template_kwargs.clear_thinking", - "reasoning_split", - "reasoning_effort", - } - default: - return body - } - - result := body - for _, path := range paths { - result, _ = sjson.DeleteBytes(result, path) - } - return result -} diff --git a/internal/thinking/suffix.go b/internal/thinking/suffix.go deleted file mode 100644 index 275c085687..0000000000 --- a/internal/thinking/suffix.go +++ /dev/null @@ -1,146 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -// -// This file implements suffix parsing functionality for extracting -// thinking configuration from model names in the format model(value). -package thinking - -import ( - "strconv" - "strings" -) - -// ParseSuffix extracts thinking suffix from a model name. -// -// The suffix format is: model-name(value) -// Examples: -// - "claude-sonnet-4-5(16384)" -> ModelName="claude-sonnet-4-5", RawSuffix="16384" -// - "gpt-5.2(high)" -> ModelName="gpt-5.2", RawSuffix="high" -// - "gemini-2.5-pro" -> ModelName="gemini-2.5-pro", HasSuffix=false -// -// This function only extracts the suffix; it does not validate or interpret -// the suffix content. Use ParseNumericSuffix, ParseLevelSuffix, etc. for -// content interpretation. -func ParseSuffix(model string) SuffixResult { - // Find the last opening parenthesis - lastOpen := strings.LastIndex(model, "(") - if lastOpen == -1 { - return SuffixResult{ModelName: model, HasSuffix: false} - } - - // Check if the string ends with a closing parenthesis - if !strings.HasSuffix(model, ")") { - return SuffixResult{ModelName: model, HasSuffix: false} - } - - // Extract components - modelName := model[:lastOpen] - rawSuffix := model[lastOpen+1 : len(model)-1] - - return SuffixResult{ - ModelName: modelName, - HasSuffix: true, - RawSuffix: rawSuffix, - } -} - -// ParseNumericSuffix attempts to parse a raw suffix as a numeric budget value. -// -// This function parses the raw suffix content (from ParseSuffix.RawSuffix) as an integer. -// Only non-negative integers are considered valid numeric suffixes. -// -// Platform note: The budget value uses Go's int type, which is 32-bit on 32-bit -// systems and 64-bit on 64-bit systems. Values exceeding the platform's int range -// will return ok=false. -// -// Leading zeros are accepted: "08192" parses as 8192. -// -// Examples: -// - "8192" -> budget=8192, ok=true -// - "0" -> budget=0, ok=true (represents ModeNone) -// - "08192" -> budget=8192, ok=true (leading zeros accepted) -// - "-1" -> budget=0, ok=false (negative numbers are not valid numeric suffixes) -// - "high" -> budget=0, ok=false (not a number) -// - "9223372036854775808" -> budget=0, ok=false (overflow on 64-bit systems) -// -// For special handling of -1 as auto mode, use ParseSpecialSuffix instead. -func ParseNumericSuffix(rawSuffix string) (budget int, ok bool) { - if rawSuffix == "" { - return 0, false - } - - value, err := strconv.Atoi(rawSuffix) - if err != nil { - return 0, false - } - - // Negative numbers are not valid numeric suffixes - // -1 should be handled by special value parsing as "auto" - if value < 0 { - return 0, false - } - - return value, true -} - -// ParseSpecialSuffix attempts to parse a raw suffix as a special thinking mode value. -// -// This function handles special strings that represent a change in thinking mode: -// - "none" -> ModeNone (disables thinking) -// - "auto" -> ModeAuto (automatic/dynamic thinking) -// - "-1" -> ModeAuto (numeric representation of auto mode) -// -// String values are case-insensitive. -func ParseSpecialSuffix(rawSuffix string) (mode ThinkingMode, ok bool) { - if rawSuffix == "" { - return ModeBudget, false - } - - // Case-insensitive matching - switch strings.ToLower(rawSuffix) { - case "none": - return ModeNone, true - case "auto", "-1": - return ModeAuto, true - default: - return ModeBudget, false - } -} - -// ParseLevelSuffix attempts to parse a raw suffix as a discrete thinking level. -// -// This function parses the raw suffix content (from ParseSuffix.RawSuffix) as a level. -// Only discrete effort levels are valid: minimal, low, medium, high, xhigh. -// Level matching is case-insensitive. -// -// Special values (none, auto) are NOT handled by this function; use ParseSpecialSuffix -// instead. This separation allows callers to prioritize special value handling. -// -// Examples: -// - "high" -> level=LevelHigh, ok=true -// - "HIGH" -> level=LevelHigh, ok=true (case insensitive) -// - "medium" -> level=LevelMedium, ok=true -// - "none" -> level="", ok=false (special value, use ParseSpecialSuffix) -// - "auto" -> level="", ok=false (special value, use ParseSpecialSuffix) -// - "8192" -> level="", ok=false (numeric, use ParseNumericSuffix) -// - "ultra" -> level="", ok=false (unknown level) -func ParseLevelSuffix(rawSuffix string) (level ThinkingLevel, ok bool) { - if rawSuffix == "" { - return "", false - } - - // Case-insensitive matching - switch strings.ToLower(rawSuffix) { - case "minimal": - return LevelMinimal, true - case "low": - return LevelLow, true - case "medium": - return LevelMedium, true - case "high": - return LevelHigh, true - case "xhigh": - return LevelXHigh, true - default: - return "", false - } -} diff --git a/internal/thinking/text.go b/internal/thinking/text.go deleted file mode 100644 index eed1ba2879..0000000000 --- a/internal/thinking/text.go +++ /dev/null @@ -1,41 +0,0 @@ -package thinking - -import ( - "github.com/tidwall/gjson" -) - -// GetThinkingText extracts the thinking text from a content part. -// Handles various formats: -// - Simple string: { "thinking": "text" } or { "text": "text" } -// - Wrapped object: { "thinking": { "text": "text", "cache_control": {...} } } -// - Gemini-style: { "thought": true, "text": "text" } -// Returns the extracted text string. -func GetThinkingText(part gjson.Result) string { - // Try direct text field first (Gemini-style) - if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - return text.String() - } - - // Try thinking field - thinkingField := part.Get("thinking") - if !thinkingField.Exists() { - return "" - } - - // thinking is a string - if thinkingField.Type == gjson.String { - return thinkingField.String() - } - - // thinking is an object with inner text/thinking - if thinkingField.IsObject() { - if inner := thinkingField.Get("text"); inner.Exists() && inner.Type == gjson.String { - return inner.String() - } - if inner := thinkingField.Get("thinking"); inner.Exists() && inner.Type == gjson.String { - return inner.String() - } - } - - return "" -} diff --git a/internal/thinking/types.go b/internal/thinking/types.go deleted file mode 100644 index 3c33e14648..0000000000 --- a/internal/thinking/types.go +++ /dev/null @@ -1,116 +0,0 @@ -// Package thinking provides unified thinking configuration processing. -// -// This package offers a unified interface for parsing, validating, and applying -// thinking configurations across various AI providers (Claude, Gemini, OpenAI, iFlow). -package thinking - -import "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - -// ThinkingMode represents the type of thinking configuration mode. -type ThinkingMode int - -const ( - // ModeBudget indicates using a numeric budget (corresponds to suffix "(1000)" etc.) - ModeBudget ThinkingMode = iota - // ModeLevel indicates using a discrete level (corresponds to suffix "(high)" etc.) - ModeLevel - // ModeNone indicates thinking is disabled (corresponds to suffix "(none)" or budget=0) - ModeNone - // ModeAuto indicates automatic/dynamic thinking (corresponds to suffix "(auto)" or budget=-1) - ModeAuto -) - -// String returns the string representation of ThinkingMode. -func (m ThinkingMode) String() string { - switch m { - case ModeBudget: - return "budget" - case ModeLevel: - return "level" - case ModeNone: - return "none" - case ModeAuto: - return "auto" - default: - return "unknown" - } -} - -// ThinkingLevel represents a discrete thinking level. -type ThinkingLevel string - -const ( - // LevelNone disables thinking - LevelNone ThinkingLevel = "none" - // LevelAuto enables automatic/dynamic thinking - LevelAuto ThinkingLevel = "auto" - // LevelMinimal sets minimal thinking effort - LevelMinimal ThinkingLevel = "minimal" - // LevelLow sets low thinking effort - LevelLow ThinkingLevel = "low" - // LevelMedium sets medium thinking effort - LevelMedium ThinkingLevel = "medium" - // LevelHigh sets high thinking effort - LevelHigh ThinkingLevel = "high" - // LevelXHigh sets extra-high thinking effort - LevelXHigh ThinkingLevel = "xhigh" -) - -// ThinkingConfig represents a unified thinking configuration. -// -// This struct is used to pass thinking configuration information between components. -// Depending on Mode, either Budget or Level field is effective: -// - ModeNone: Budget=0, Level is ignored -// - ModeAuto: Budget=-1, Level is ignored -// - ModeBudget: Budget is a positive integer, Level is ignored -// - ModeLevel: Budget is ignored, Level is a valid level -type ThinkingConfig struct { - // Mode specifies the configuration mode - Mode ThinkingMode - // Budget is the thinking budget (token count), only effective when Mode is ModeBudget. - // Special values: 0 means disabled, -1 means automatic - Budget int - // Level is the thinking level, only effective when Mode is ModeLevel - Level ThinkingLevel -} - -// SuffixResult represents the result of parsing a model name for thinking suffix. -// -// A thinking suffix is specified in the format model-name(value), where value -// can be a numeric budget (e.g., "16384") or a level name (e.g., "high"). -type SuffixResult struct { - // ModelName is the model name with the suffix removed. - // If no suffix was found, this equals the original input. - ModelName string - - // HasSuffix indicates whether a valid suffix was found. - HasSuffix bool - - // RawSuffix is the content inside the parentheses, without the parentheses. - // Empty string if HasSuffix is false. - RawSuffix string -} - -// ProviderApplier defines the interface for provider-specific thinking configuration application. -// -// Types implementing this interface are responsible for converting a unified ThinkingConfig -// into provider-specific format and applying it to the request body. -// -// Implementation requirements: -// - Apply method must be idempotent -// - Must not modify the input config or modelInfo -// - Returns a modified copy of the request body -// - Returns appropriate ThinkingError for unsupported configurations -type ProviderApplier interface { - // Apply applies the thinking configuration to the request body. - // - // Parameters: - // - body: Original request body JSON - // - config: Unified thinking configuration - // - modelInfo: Model registry information containing ThinkingSupport properties - // - // Returns: - // - Modified request body JSON - // - ThinkingError if the configuration is invalid or unsupported - Apply(body []byte, config ThinkingConfig, modelInfo *registry.ModelInfo) ([]byte, error) -} diff --git a/internal/thinking/validate.go b/internal/thinking/validate.go deleted file mode 100644 index f76ebdf429..0000000000 --- a/internal/thinking/validate.go +++ /dev/null @@ -1,378 +0,0 @@ -// Package thinking provides unified thinking configuration processing logic. -package thinking - -import ( - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - log "github.com/sirupsen/logrus" -) - -// ValidateConfig validates a thinking configuration against model capabilities. -// -// This function performs comprehensive validation: -// - Checks if the model supports thinking -// - Auto-converts between Budget and Level formats based on model capability -// - Validates that requested level is in the model's supported levels list -// - Clamps budget values to model's allowed range -// - When converting Budget -> Level for level-only models, clamps the derived standard level to the nearest supported level -// (special values none/auto are preserved) -// - When config comes from a model suffix, strict budget validation is disabled (we clamp instead of error) -// -// Parameters: -// - config: The thinking configuration to validate -// - support: Model's ThinkingSupport properties (nil means no thinking support) -// - fromFormat: Source provider format (used to determine strict validation rules) -// - toFormat: Target provider format -// - fromSuffix: Whether config was sourced from model suffix -// -// Returns: -// - Normalized ThinkingConfig with clamped values -// - ThinkingError if validation fails (ErrThinkingNotSupported, ErrLevelNotSupported, etc.) -// -// Auto-conversion behavior: -// - Budget-only model + Level config → Level converted to Budget -// - Level-only model + Budget config → Budget converted to Level -// - Hybrid model → preserve original format -func ValidateConfig(config ThinkingConfig, modelInfo *registry.ModelInfo, fromFormat, toFormat string, fromSuffix bool) (*ThinkingConfig, error) { - fromFormat, toFormat = strings.ToLower(strings.TrimSpace(fromFormat)), strings.ToLower(strings.TrimSpace(toFormat)) - model := "unknown" - support := (*registry.ThinkingSupport)(nil) - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - support = modelInfo.Thinking - } - - if support == nil { - if config.Mode != ModeNone { - return nil, NewThinkingErrorWithModel(ErrThinkingNotSupported, "thinking not supported for this model", model) - } - return &config, nil - } - - allowClampUnsupported := isBudgetBasedProvider(fromFormat) && isLevelBasedProvider(toFormat) - strictBudget := !fromSuffix && fromFormat != "" && isSameProviderFamily(fromFormat, toFormat) - budgetDerivedFromLevel := false - - capability := detectModelCapability(modelInfo) - switch capability { - case CapabilityBudgetOnly: - if config.Mode == ModeLevel { - if config.Level == LevelAuto { - break - } - budget, ok := ConvertLevelToBudget(string(config.Level)) - if !ok { - return nil, NewThinkingError(ErrUnknownLevel, fmt.Sprintf("unknown level: %s", config.Level)) - } - config.Mode = ModeBudget - config.Budget = budget - config.Level = "" - budgetDerivedFromLevel = true - } - case CapabilityLevelOnly: - if config.Mode == ModeBudget { - level, ok := ConvertBudgetToLevel(config.Budget) - if !ok { - return nil, NewThinkingError(ErrUnknownLevel, fmt.Sprintf("budget %d cannot be converted to a valid level", config.Budget)) - } - // When converting Budget -> Level for level-only models, clamp the derived standard level - // to the nearest supported level. Special values (none/auto) are preserved. - config.Mode = ModeLevel - config.Level = clampLevel(ThinkingLevel(level), modelInfo, toFormat) - config.Budget = 0 - } - case CapabilityHybrid: - } - - if config.Mode == ModeLevel && config.Level == LevelNone { - config.Mode = ModeNone - config.Budget = 0 - config.Level = "" - } - if config.Mode == ModeLevel && config.Level == LevelAuto { - config.Mode = ModeAuto - config.Budget = -1 - config.Level = "" - } - if config.Mode == ModeBudget && config.Budget == 0 { - config.Mode = ModeNone - config.Level = "" - } - - if len(support.Levels) > 0 && config.Mode == ModeLevel { - if !isLevelSupported(string(config.Level), support.Levels) { - if allowClampUnsupported { - config.Level = clampLevel(config.Level, modelInfo, toFormat) - } - if !isLevelSupported(string(config.Level), support.Levels) { - // User explicitly specified an unsupported level - return error - // (budget-derived levels may be clamped based on source format) - validLevels := normalizeLevels(support.Levels) - message := fmt.Sprintf("level %q not supported, valid levels: %s", strings.ToLower(string(config.Level)), strings.Join(validLevels, ", ")) - return nil, NewThinkingError(ErrLevelNotSupported, message) - } - } - } - - if strictBudget && config.Mode == ModeBudget && !budgetDerivedFromLevel { - min, max := support.Min, support.Max - if min != 0 || max != 0 { - if config.Budget < min || config.Budget > max || (config.Budget == 0 && !support.ZeroAllowed) { - message := fmt.Sprintf("budget %d out of range [%d,%d]", config.Budget, min, max) - return nil, NewThinkingError(ErrBudgetOutOfRange, message) - } - } - } - - // Convert ModeAuto to mid-range if dynamic not allowed - if config.Mode == ModeAuto && !support.DynamicAllowed { - config = convertAutoToMidRange(config, support, toFormat, model) - } - - if config.Mode == ModeNone && toFormat == "claude" { - // Claude supports explicit disable via thinking.type="disabled". - // Keep Budget=0 so applier can omit budget_tokens. - config.Budget = 0 - config.Level = "" - } else { - switch config.Mode { - case ModeBudget, ModeAuto, ModeNone: - config.Budget = clampBudget(config.Budget, modelInfo, toFormat) - } - - // ModeNone with clamped Budget > 0: set Level to lowest for Level-only/Hybrid models - // This ensures Apply layer doesn't need to access support.Levels - if config.Mode == ModeNone && config.Budget > 0 && len(support.Levels) > 0 { - config.Level = ThinkingLevel(support.Levels[0]) - } - } - - return &config, nil -} - -// convertAutoToMidRange converts ModeAuto to a mid-range value when dynamic is not allowed. -// -// This function handles the case where a model does not support dynamic/auto thinking. -// The auto mode is silently converted to a fixed value based on model capability: -// - Level-only models: convert to ModeLevel with LevelMedium -// - Budget models: convert to ModeBudget with mid = (Min + Max) / 2 -// -// Logging: -// - Debug level when conversion occurs -// - Fields: original_mode, clamped_to, reason -func convertAutoToMidRange(config ThinkingConfig, support *registry.ThinkingSupport, provider, model string) ThinkingConfig { - // For level-only models (has Levels but no Min/Max range), use ModeLevel with medium - if len(support.Levels) > 0 && support.Min == 0 && support.Max == 0 { - config.Mode = ModeLevel - config.Level = LevelMedium - config.Budget = 0 - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_mode": "auto", - "clamped_to": string(LevelMedium), - }).Debug("thinking: mode converted, dynamic not allowed, using medium level |") - return config - } - - // For budget models, use mid-range budget - mid := (support.Min + support.Max) / 2 - if mid <= 0 && support.ZeroAllowed { - config.Mode = ModeNone - config.Budget = 0 - } else if mid <= 0 { - config.Mode = ModeBudget - config.Budget = support.Min - } else { - config.Mode = ModeBudget - config.Budget = mid - } - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_mode": "auto", - "clamped_to": config.Budget, - }).Debug("thinking: mode converted, dynamic not allowed |") - return config -} - -// standardLevelOrder defines the canonical ordering of thinking levels from lowest to highest. -var standardLevelOrder = []ThinkingLevel{LevelMinimal, LevelLow, LevelMedium, LevelHigh, LevelXHigh} - -// clampLevel clamps the given level to the nearest supported level. -// On tie, prefers the lower level. -func clampLevel(level ThinkingLevel, modelInfo *registry.ModelInfo, provider string) ThinkingLevel { - model := "unknown" - var supported []string - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - if modelInfo.Thinking != nil { - supported = modelInfo.Thinking.Levels - } - } - - if len(supported) == 0 || isLevelSupported(string(level), supported) { - return level - } - - pos := levelIndex(string(level)) - if pos == -1 { - return level - } - bestIdx, bestDist := -1, len(standardLevelOrder)+1 - - for _, s := range supported { - if idx := levelIndex(strings.TrimSpace(s)); idx != -1 { - if dist := abs(pos - idx); dist < bestDist || (dist == bestDist && idx < bestIdx) { - bestIdx, bestDist = idx, dist - } - } - } - - if bestIdx >= 0 { - clamped := standardLevelOrder[bestIdx] - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_value": string(level), - "clamped_to": string(clamped), - }).Debug("thinking: level clamped |") - return clamped - } - return level -} - -// clampBudget clamps a budget value to the model's supported range. -func clampBudget(value int, modelInfo *registry.ModelInfo, provider string) int { - model := "unknown" - support := (*registry.ThinkingSupport)(nil) - if modelInfo != nil { - if modelInfo.ID != "" { - model = modelInfo.ID - } - support = modelInfo.Thinking - } - if support == nil { - return value - } - - // Auto value (-1) passes through without clamping. - if value == -1 { - return value - } - - min, max := support.Min, support.Max - if value == 0 && !support.ZeroAllowed { - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_value": value, - "clamped_to": min, - "min": min, - "max": max, - }).Warn("thinking: budget zero not allowed |") - return min - } - - // Some models are level-only and do not define numeric budget ranges. - if min == 0 && max == 0 { - return value - } - - if value < min { - if value == 0 && support.ZeroAllowed { - return 0 - } - logClamp(provider, model, value, min, min, max) - return min - } - if value > max { - logClamp(provider, model, value, max, min, max) - return max - } - return value -} - -func isLevelSupported(level string, supported []string) bool { - for _, s := range supported { - if strings.EqualFold(level, strings.TrimSpace(s)) { - return true - } - } - return false -} - -func levelIndex(level string) int { - for i, l := range standardLevelOrder { - if strings.EqualFold(level, string(l)) { - return i - } - } - return -1 -} - -func normalizeLevels(levels []string) []string { - out := make([]string, len(levels)) - for i, l := range levels { - out[i] = strings.ToLower(strings.TrimSpace(l)) - } - return out -} - -func isBudgetBasedProvider(provider string) bool { - switch provider { - case "gemini", "gemini-cli", "antigravity", "claude": - return true - default: - return false - } -} - -func isLevelBasedProvider(provider string) bool { - switch provider { - case "openai", "openai-response", "codex": - return true - default: - return false - } -} - -func isGeminiFamily(provider string) bool { - switch provider { - case "gemini", "gemini-cli", "antigravity": - return true - default: - return false - } -} - -func isSameProviderFamily(from, to string) bool { - if from == to { - return true - } - return isGeminiFamily(from) && isGeminiFamily(to) -} - -func abs(x int) int { - if x < 0 { - return -x - } - return x -} - -func logClamp(provider, model string, original, clampedTo, min, max int) { - log.WithFields(log.Fields{ - "provider": provider, - "model": model, - "original_value": original, - "min": min, - "max": max, - "clamped_to": clampedTo, - }).Debug("thinking: budget clamped |") -} diff --git a/internal/translator/antigravity/claude/antigravity_claude_request.go b/internal/translator/antigravity/claude/antigravity_claude_request.go deleted file mode 100644 index 48780fd77f..0000000000 --- a/internal/translator/antigravity/claude/antigravity_claude_request.go +++ /dev/null @@ -1,416 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// This package handles the conversion of Claude Code API requests into Gemini CLI-compatible -// JSON format, transforming message contents, system instructions, and tool declarations -// into the format expected by Gemini CLI API clients. It performs JSON data transformation -// to ensure compatibility between Claude Code API format and Gemini CLI API's expected format. -package claude - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/cache" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToAntigravity parses and transforms a Claude Code API request into Gemini CLI API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini CLI API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini CLI API format -// 3. Converts system instructions to the expected format -// 4. Maps message contents with proper role transformations -// 5. Handles tool declarations and tool choices -// 6. Maps generation configuration parameters -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertClaudeRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - enableThoughtTranslate := true - rawJSON := inputRawJSON - - // system instruction - systemInstructionJSON := "" - hasSystemInstruction := false - systemResult := gjson.GetBytes(rawJSON, "system") - if systemResult.IsArray() { - systemResults := systemResult.Array() - systemInstructionJSON = `{"role":"user","parts":[]}` - for i := 0; i < len(systemResults); i++ { - systemPromptResult := systemResults[i] - systemTypePromptResult := systemPromptResult.Get("type") - if systemTypePromptResult.Type == gjson.String && systemTypePromptResult.String() == "text" { - systemPrompt := systemPromptResult.Get("text").String() - partJSON := `{}` - if systemPrompt != "" { - partJSON, _ = sjson.Set(partJSON, "text", systemPrompt) - } - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", partJSON) - hasSystemInstruction = true - } - } - } else if systemResult.Type == gjson.String { - systemInstructionJSON = `{"role":"user","parts":[{"text":""}]}` - systemInstructionJSON, _ = sjson.Set(systemInstructionJSON, "parts.0.text", systemResult.String()) - hasSystemInstruction = true - } - - // contents - contentsJSON := "[]" - hasContents := false - - messagesResult := gjson.GetBytes(rawJSON, "messages") - if messagesResult.IsArray() { - messageResults := messagesResult.Array() - numMessages := len(messageResults) - for i := 0; i < numMessages; i++ { - messageResult := messageResults[i] - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - continue - } - originalRole := roleResult.String() - role := originalRole - if role == "assistant" { - role = "model" - } - clientContentJSON := `{"role":"","parts":[]}` - clientContentJSON, _ = sjson.Set(clientContentJSON, "role", role) - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentResults := contentsResult.Array() - numContents := len(contentResults) - var currentMessageThinkingSignature string - for j := 0; j < numContents; j++ { - contentResult := contentResults[j] - contentTypeResult := contentResult.Get("type") - if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "thinking" { - // Use GetThinkingText to handle wrapped thinking objects - thinkingText := thinking.GetThinkingText(contentResult) - - // Always try cached signature first (more reliable than client-provided) - // Client may send stale or invalid signatures from different sessions - signature := "" - if thinkingText != "" { - if cachedSig := cache.GetCachedSignature(modelName, thinkingText); cachedSig != "" { - signature = cachedSig - // log.Debugf("Using cached signature for thinking block") - } - } - - // Fallback to client signature only if cache miss and client signature is valid - if signature == "" { - signatureResult := contentResult.Get("signature") - clientSignature := "" - if signatureResult.Exists() && signatureResult.String() != "" { - arrayClientSignatures := strings.SplitN(signatureResult.String(), "#", 2) - if len(arrayClientSignatures) == 2 { - if cache.GetModelGroup(modelName) == arrayClientSignatures[0] { - clientSignature = arrayClientSignatures[1] - } - } - } - if cache.HasValidSignature(modelName, clientSignature) { - signature = clientSignature - } - // log.Debugf("Using client-provided signature for thinking block") - } - - // Store for subsequent tool_use in the same message - if cache.HasValidSignature(modelName, signature) { - currentMessageThinkingSignature = signature - } - - // Skip trailing unsigned thinking blocks on last assistant message - isUnsigned := !cache.HasValidSignature(modelName, signature) - - // If unsigned, skip entirely (don't convert to text) - // Claude requires assistant messages to start with thinking blocks when thinking is enabled - // Converting to text would break this requirement - if isUnsigned { - // log.Debugf("Dropping unsigned thinking block (no valid signature)") - enableThoughtTranslate = false - continue - } - - // Valid signature, send as thought block - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "thought", true) - if thinkingText != "" { - partJSON, _ = sjson.Set(partJSON, "text", thinkingText) - } - if signature != "" { - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", signature) - } - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "text" { - prompt := contentResult.Get("text").String() - // Skip empty text parts to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - if prompt == "" { - continue - } - partJSON := `{}` - partJSON, _ = sjson.Set(partJSON, "text", prompt) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_use" { - // NOTE: Do NOT inject dummy thinking blocks here. - // Antigravity API validates signatures, so dummy values are rejected. - - functionName := contentResult.Get("name").String() - argsResult := contentResult.Get("input") - functionID := contentResult.Get("id").String() - - // Handle both object and string input formats - var argsRaw string - if argsResult.IsObject() { - argsRaw = argsResult.Raw - } else if argsResult.Type == gjson.String { - // Input is a JSON string, parse and validate it - parsed := gjson.Parse(argsResult.String()) - if parsed.IsObject() { - argsRaw = parsed.Raw - } - } - - if argsRaw != "" { - partJSON := `{}` - - // Use skip_thought_signature_validator for tool calls without valid thinking signature - // This is the approach used in opencode-google-antigravity-auth for Gemini - // and also works for Claude through Antigravity API - const skipSentinel = "skip_thought_signature_validator" - if cache.HasValidSignature(modelName, currentMessageThinkingSignature) { - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", currentMessageThinkingSignature) - } else { - // No valid signature - use skip sentinel to bypass validation - partJSON, _ = sjson.Set(partJSON, "thoughtSignature", skipSentinel) - } - - if functionID != "" { - partJSON, _ = sjson.Set(partJSON, "functionCall.id", functionID) - } - partJSON, _ = sjson.Set(partJSON, "functionCall.name", functionName) - partJSON, _ = sjson.SetRaw(partJSON, "functionCall.args", argsRaw) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "tool_result" { - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID != "" { - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-2], "-") - } - functionResponseResult := contentResult.Get("content") - - functionResponseJSON := `{}` - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "id", toolCallID) - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "name", funcName) - - responseData := "" - if functionResponseResult.Type == gjson.String { - responseData = functionResponseResult.String() - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "response.result", responseData) - } else if functionResponseResult.IsArray() { - frResults := functionResponseResult.Array() - if len(frResults) == 1 { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", frResults[0].Raw) - } else { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } - - } else if functionResponseResult.IsObject() { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } else if functionResponseResult.Raw != "" { - functionResponseJSON, _ = sjson.SetRaw(functionResponseJSON, "response.result", functionResponseResult.Raw) - } else { - // Content field is missing entirely — .Raw is empty which - // causes sjson.SetRaw to produce invalid JSON (e.g. "result":}). - functionResponseJSON, _ = sjson.Set(functionResponseJSON, "response.result", "") - } - - partJSON := `{}` - partJSON, _ = sjson.SetRaw(partJSON, "functionResponse", functionResponseJSON) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } else if contentTypeResult.Type == gjson.String && contentTypeResult.String() == "image" { - sourceResult := contentResult.Get("source") - if sourceResult.Get("type").String() == "base64" { - inlineDataJSON := `{}` - if mimeType := sourceResult.Get("media_type").String(); mimeType != "" { - inlineDataJSON, _ = sjson.Set(inlineDataJSON, "mime_type", mimeType) - } - if data := sourceResult.Get("data").String(); data != "" { - inlineDataJSON, _ = sjson.Set(inlineDataJSON, "data", data) - } - - partJSON := `{}` - partJSON, _ = sjson.SetRaw(partJSON, "inlineData", inlineDataJSON) - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - } - } - } - - // Reorder parts for 'model' role to ensure thinking block is first - if role == "model" { - partsResult := gjson.Get(clientContentJSON, "parts") - if partsResult.IsArray() { - parts := partsResult.Array() - var thinkingParts []gjson.Result - var otherParts []gjson.Result - for _, part := range parts { - if part.Get("thought").Bool() { - thinkingParts = append(thinkingParts, part) - } else { - otherParts = append(otherParts, part) - } - } - if len(thinkingParts) > 0 { - firstPartIsThinking := parts[0].Get("thought").Bool() - if !firstPartIsThinking || len(thinkingParts) > 1 { - var newParts []interface{} - for _, p := range thinkingParts { - newParts = append(newParts, p.Value()) - } - for _, p := range otherParts { - newParts = append(newParts, p.Value()) - } - clientContentJSON, _ = sjson.Set(clientContentJSON, "parts", newParts) - } - } - } - } - - // Skip messages with empty parts array to avoid Gemini API error: - // "required oneof field 'data' must have one initialized field" - partsCheck := gjson.Get(clientContentJSON, "parts") - if !partsCheck.IsArray() || len(partsCheck.Array()) == 0 { - continue - } - - contentsJSON, _ = sjson.SetRaw(contentsJSON, "-1", clientContentJSON) - hasContents = true - } else if contentsResult.Type == gjson.String { - prompt := contentsResult.String() - partJSON := `{}` - if prompt != "" { - partJSON, _ = sjson.Set(partJSON, "text", prompt) - } - clientContentJSON, _ = sjson.SetRaw(clientContentJSON, "parts.-1", partJSON) - contentsJSON, _ = sjson.SetRaw(contentsJSON, "-1", clientContentJSON) - hasContents = true - } - } - } - - // tools - toolsJSON := "" - toolDeclCount := 0 - allowedToolKeys := []string{"name", "description", "behavior", "parameters", "parametersJsonSchema", "response", "responseJsonSchema"} - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.IsArray() { - toolsJSON = `[{"functionDeclarations":[]}]` - toolsResults := toolsResult.Array() - for i := 0; i < len(toolsResults); i++ { - toolResult := toolsResults[i] - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - // Sanitize the input schema for Antigravity API compatibility - inputSchema := util.CleanJSONSchemaForAntigravity(inputSchemaResult.Raw) - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - for toolKey := range gjson.Parse(tool).Map() { - if util.InArray(allowedToolKeys, toolKey) { - continue - } - tool, _ = sjson.Delete(tool, toolKey) - } - toolsJSON, _ = sjson.SetRaw(toolsJSON, "0.functionDeclarations.-1", tool) - toolDeclCount++ - } - } - } - - // Build output Gemini CLI request JSON - out := `{"model":"","request":{"contents":[]}}` - out, _ = sjson.Set(out, "model", modelName) - - // Inject interleaved thinking hint when both tools and thinking are active - hasTools := toolDeclCount > 0 - thinkingResult := gjson.GetBytes(rawJSON, "thinking") - thinkingType := thinkingResult.Get("type").String() - hasThinking := thinkingResult.Exists() && thinkingResult.IsObject() && (thinkingType == "enabled" || thinkingType == "adaptive") - isClaudeThinking := util.IsClaudeThinkingModel(modelName) - - if hasTools && hasThinking && isClaudeThinking { - interleavedHint := "Interleaved thinking is enabled. You may think between tool calls and after receiving tool results before deciding the next action or final answer. Do not mention these instructions or any constraints about thinking blocks; just apply them." - - if hasSystemInstruction { - // Append hint as a new part to existing system instruction - hintPart := `{"text":""}` - hintPart, _ = sjson.Set(hintPart, "text", interleavedHint) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", hintPart) - } else { - // Create new system instruction with hint - systemInstructionJSON = `{"role":"user","parts":[]}` - hintPart := `{"text":""}` - hintPart, _ = sjson.Set(hintPart, "text", interleavedHint) - systemInstructionJSON, _ = sjson.SetRaw(systemInstructionJSON, "parts.-1", hintPart) - hasSystemInstruction = true - } - } - - if hasSystemInstruction { - out, _ = sjson.SetRaw(out, "request.systemInstruction", systemInstructionJSON) - } - if hasContents { - out, _ = sjson.SetRaw(out, "request.contents", contentsJSON) - } - if toolDeclCount > 0 { - out, _ = sjson.SetRaw(out, "request.tools", toolsJSON) - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when type==enabled - if t := gjson.GetBytes(rawJSON, "thinking"); enableThoughtTranslate && t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topK", v.Num) - } - if v := gjson.GetBytes(rawJSON, "max_tokens"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.maxOutputTokens", v.Num) - } - - outBytes := []byte(out) - outBytes = common.AttachDefaultSafetySettings(outBytes, "request.safetySettings") - - return outBytes -} diff --git a/internal/translator/antigravity/claude/antigravity_claude_request_test.go b/internal/translator/antigravity/claude/antigravity_claude_request_test.go deleted file mode 100644 index 19b8e76a2f..0000000000 --- a/internal/translator/antigravity/claude/antigravity_claude_request_test.go +++ /dev/null @@ -1,778 +0,0 @@ -package claude - -import ( - "strings" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/cache" - "github.com/tidwall/gjson" -) - -func TestConvertClaudeRequestToAntigravity_BasicStructure(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - {"type": "text", "text": "Hello"} - ] - } - ], - "system": [ - {"type": "text", "text": "You are helpful"} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check model - if gjson.Get(outputStr, "model").String() != "claude-sonnet-4-5" { - t.Errorf("Expected model 'claude-sonnet-4-5', got '%s'", gjson.Get(outputStr, "model").String()) - } - - // Check contents exist - contents := gjson.Get(outputStr, "request.contents") - if !contents.Exists() || !contents.IsArray() { - t.Error("request.contents should exist and be an array") - } - - // Check role mapping (assistant -> model) - firstContent := gjson.Get(outputStr, "request.contents.0") - if firstContent.Get("role").String() != "user" { - t.Errorf("Expected role 'user', got '%s'", firstContent.Get("role").String()) - } - - // Check systemInstruction - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Error("systemInstruction should exist") - } - if sysInstruction.Get("parts.0.text").String() != "You are helpful" { - t.Error("systemInstruction text mismatch") - } -} - -func TestConvertClaudeRequestToAntigravity_RoleMapping(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "Hi"}]}, - {"role": "assistant", "content": [{"type": "text", "text": "Hello"}]} - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // assistant should be mapped to model - secondContent := gjson.Get(outputStr, "request.contents.1") - if secondContent.Get("role").String() != "model" { - t.Errorf("Expected role 'model' (mapped from 'assistant'), got '%s'", secondContent.Get("role").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingBlocks(t *testing.T) { - cache.ClearSignatureCache("") - - // Valid signature must be at least 50 characters - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Let me think..." - - // Pre-cache the signature (simulating a previous response for the same thinking text) - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"}, - {"type": "text", "text": "Answer"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check thinking block conversion (now in contents.1 due to user message) - firstPart := gjson.Get(outputStr, "request.contents.1.parts.0") - if !firstPart.Get("thought").Bool() { - t.Error("thinking block should have thought: true") - } - if firstPart.Get("text").String() != thinkingText { - t.Error("thinking text mismatch") - } - if firstPart.Get("thoughtSignature").String() != validSignature { - t.Errorf("Expected thoughtSignature '%s', got '%s'", validSignature, firstPart.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingBlockWithoutSignature(t *testing.T) { - cache.ClearSignatureCache("") - - // Unsigned thinking blocks should be removed entirely (not converted to text) - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Let me think..."}, - {"type": "text", "text": "Answer"} - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Without signature, thinking block should be removed (not converted to text) - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (thinking removed), got %d", len(parts)) - } - - // Only text part should remain - if parts[0].Get("thought").Bool() { - t.Error("Thinking block should be removed, not preserved") - } - if parts[0].Get("text").String() != "Answer" { - t.Errorf("Expected text 'Answer', got '%s'", parts[0].Get("text").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolDeclarations(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [], - "tools": [ - { - "name": "test_tool", - "description": "A test tool", - "input_schema": { - "type": "object", - "properties": { - "name": {"type": "string"} - }, - "required": ["name"] - } - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("gemini-1.5-pro", inputJSON, false) - outputStr := string(output) - - // Check tools structure - tools := gjson.Get(outputStr, "request.tools") - if !tools.Exists() { - t.Error("Tools should exist in output") - } - - funcDecl := gjson.Get(outputStr, "request.tools.0.functionDeclarations.0") - if funcDecl.Get("name").String() != "test_tool" { - t.Errorf("Expected tool name 'test_tool', got '%s'", funcDecl.Get("name").String()) - } - - // Check input_schema renamed to parametersJsonSchema - if funcDecl.Get("parametersJsonSchema").Exists() { - t.Log("parametersJsonSchema exists (expected)") - } - if funcDecl.Get("input_schema").Exists() { - t.Error("input_schema should be removed") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolUse(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "call_123", - "name": "get_weather", - "input": "{\"location\": \"Paris\"}" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Now we expect only 1 part (tool_use), no dummy thinking block injected - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (tool only, no dummy injection), got %d", len(parts)) - } - - // Check function call conversion at parts[0] - funcCall := parts[0].Get("functionCall") - if !funcCall.Exists() { - t.Error("functionCall should exist at parts[0]") - } - if funcCall.Get("name").String() != "get_weather" { - t.Errorf("Expected function name 'get_weather', got '%s'", funcCall.Get("name").String()) - } - if funcCall.Get("id").String() != "call_123" { - t.Errorf("Expected function id 'call_123', got '%s'", funcCall.Get("id").String()) - } - // Verify skip_thought_signature_validator is added (bypass for tools without valid thinking) - expectedSig := "skip_thought_signature_validator" - actualSig := parts[0].Get("thoughtSignature").String() - if actualSig != expectedSig { - t.Errorf("Expected thoughtSignature '%s', got '%s'", expectedSig, actualSig) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolUse_WithSignature(t *testing.T) { - cache.ClearSignatureCache("") - - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Let me think..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"}, - { - "type": "tool_use", - "id": "call_123", - "name": "get_weather", - "input": "{\"location\": \"Paris\"}" - } - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check function call has the signature from the preceding thinking block (now in contents.1) - part := gjson.Get(outputStr, "request.contents.1.parts.1") - if part.Get("functionCall.name").String() != "get_weather" { - t.Errorf("Expected functionCall, got %s", part.Raw) - } - if part.Get("thoughtSignature").String() != validSignature { - t.Errorf("Expected thoughtSignature '%s' on tool_use, got '%s'", validSignature, part.Get("thoughtSignature").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ReorderThinking(t *testing.T) { - cache.ClearSignatureCache("") - - // Case: text block followed by thinking block -> should be reordered to thinking first - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Planning..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Test user message"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is the plan."}, - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Verify order: Thinking block MUST be first (now in contents.1 due to user message) - parts := gjson.Get(outputStr, "request.contents.1.parts").Array() - if len(parts) != 2 { - t.Fatalf("Expected 2 parts, got %d", len(parts)) - } - - if !parts[0].Get("thought").Bool() { - t.Error("First part should be thinking block after reordering") - } - if parts[1].Get("text").String() != "Here is the plan." { - t.Error("Second part should be text block") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResult(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "get_weather-call-123", - "content": "22C sunny" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check function response conversion - funcResp := gjson.Get(outputStr, "request.contents.0.parts.0.functionResponse") - if !funcResp.Exists() { - t.Error("functionResponse should exist") - } - if funcResp.Get("id").String() != "get_weather-call-123" { - t.Errorf("Expected function id, got '%s'", funcResp.Get("id").String()) - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingConfig(t *testing.T) { - // Note: This test requires the model to be registered in the registry - // with Thinking metadata. If the registry is not populated in test environment, - // thinkingConfig won't be added. We'll test the basic structure only. - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [], - "thinking": { - "type": "enabled", - "budget_tokens": 8000 - } - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Check thinking config conversion (only if model supports thinking in registry) - thinkingConfig := gjson.Get(outputStr, "request.generationConfig.thinkingConfig") - if thinkingConfig.Exists() { - if thinkingConfig.Get("thinkingBudget").Int() != 8000 { - t.Errorf("Expected thinkingBudget 8000, got %d", thinkingConfig.Get("thinkingBudget").Int()) - } - if !thinkingConfig.Get("includeThoughts").Bool() { - t.Error("includeThoughts should be true") - } - } else { - t.Log("thinkingConfig not present - model may not be registered in test registry") - } -} - -func TestConvertClaudeRequestToAntigravity_ImageContent(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [ - { - "role": "user", - "content": [ - { - "type": "image", - "source": { - "type": "base64", - "media_type": "image/png", - "data": "iVBORw0KGgoAAAANSUhEUg==" - } - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // Check inline data conversion - inlineData := gjson.Get(outputStr, "request.contents.0.parts.0.inlineData") - if !inlineData.Exists() { - t.Error("inlineData should exist") - } - if inlineData.Get("mime_type").String() != "image/png" { - t.Error("mime_type mismatch") - } - if !strings.Contains(inlineData.Get("data").String(), "iVBORw0KGgo") { - t.Error("data mismatch") - } -} - -func TestConvertClaudeRequestToAntigravity_GenerationConfig(t *testing.T) { - inputJSON := []byte(`{ - "model": "claude-3-5-sonnet-20240620", - "messages": [], - "temperature": 0.7, - "top_p": 0.9, - "top_k": 40, - "max_tokens": 2000 - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - genConfig := gjson.Get(outputStr, "request.generationConfig") - if genConfig.Get("temperature").Float() != 0.7 { - t.Errorf("Expected temperature 0.7, got %f", genConfig.Get("temperature").Float()) - } - if genConfig.Get("topP").Float() != 0.9 { - t.Errorf("Expected topP 0.9, got %f", genConfig.Get("topP").Float()) - } - if genConfig.Get("topK").Float() != 40 { - t.Errorf("Expected topK 40, got %f", genConfig.Get("topK").Float()) - } - if genConfig.Get("maxOutputTokens").Float() != 2000 { - t.Errorf("Expected maxOutputTokens 2000, got %f", genConfig.Get("maxOutputTokens").Float()) - } -} - -// ============================================================================ -// Trailing Unsigned Thinking Block Removal -// ============================================================================ - -func TestConvertClaudeRequestToAntigravity_TrailingUnsignedThinking_Removed(t *testing.T) { - // Last assistant message ends with unsigned thinking block - should be removed - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is my answer"}, - {"type": "thinking", "thinking": "I should think more..."} - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // The last part of the last assistant message should NOT be a thinking block - lastMessageParts := gjson.Get(outputStr, "request.contents.1.parts") - if !lastMessageParts.IsArray() { - t.Fatal("Last message should have parts array") - } - parts := lastMessageParts.Array() - if len(parts) == 0 { - t.Fatal("Last message should have at least one part") - } - - // The unsigned thinking should be removed, leaving only the text - lastPart := parts[len(parts)-1] - if lastPart.Get("thought").Bool() { - t.Error("Trailing unsigned thinking block should be removed") - } -} - -func TestConvertClaudeRequestToAntigravity_TrailingSignedThinking_Kept(t *testing.T) { - cache.ClearSignatureCache("") - - // Last assistant message ends with signed thinking block - should be kept - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - thinkingText := "Valid thinking..." - - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }, - { - "role": "assistant", - "content": [ - {"type": "text", "text": "Here is my answer"}, - {"type": "thinking", "thinking": "` + thinkingText + `", "signature": "` + validSignature + `"} - ] - } - ] - }`) - - cache.CacheSignature("claude-sonnet-4-5-thinking", thinkingText, validSignature) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // The signed thinking block should be preserved - lastMessageParts := gjson.Get(outputStr, "request.contents.1.parts") - parts := lastMessageParts.Array() - if len(parts) < 2 { - t.Error("Signed thinking block should be preserved") - } -} - -func TestConvertClaudeRequestToAntigravity_MiddleUnsignedThinking_Removed(t *testing.T) { - // Middle message has unsigned thinking - should be removed entirely - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Middle thinking..."}, - {"type": "text", "text": "Answer"} - ] - }, - { - "role": "user", - "content": [{"type": "text", "text": "Follow up"}] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // Unsigned thinking should be removed entirely - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part (thinking removed), got %d", len(parts)) - } - - // Only text part should remain - if parts[0].Get("thought").Bool() { - t.Error("Thinking block should be removed, not preserved") - } - if parts[0].Get("text").String() != "Answer" { - t.Errorf("Expected text 'Answer', got '%s'", parts[0].Get("text").String()) - } -} - -// ============================================================================ -// Tool + Thinking System Hint Injection -// ============================================================================ - -func TestConvertClaudeRequestToAntigravity_ToolAndThinking_HintInjected(t *testing.T) { - // When both tools and thinking are enabled, hint should be injected into system instruction - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should contain the interleaved thinking hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Fatal("systemInstruction should exist") - } - - // Check if hint is appended - sysText := sysInstruction.Get("parts").Array() - found := false - for _, part := range sysText { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - found = true - break - } - } - if !found { - t.Errorf("Interleaved thinking hint should be injected when tools and thinking are both active, got: %v", sysInstruction.Raw) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolsOnly_NoHint(t *testing.T) { - // When only tools are present (no thinking), hint should NOT be injected - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5", inputJSON, false) - outputStr := string(output) - - // System instruction should NOT contain the hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if sysInstruction.Exists() { - for _, part := range sysInstruction.Get("parts").Array() { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - t.Error("Hint should NOT be injected when only tools are present (no thinking)") - } - } - } -} - -func TestConvertClaudeRequestToAntigravity_ThinkingOnly_NoHint(t *testing.T) { - // When only thinking is enabled (no tools), hint should NOT be injected - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "system": [{"type": "text", "text": "You are helpful."}], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should NOT contain the hint (no tools) - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if sysInstruction.Exists() { - for _, part := range sysInstruction.Get("parts").Array() { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - t.Error("Hint should NOT be injected when only thinking is present (no tools)") - } - } - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResultNoContent(t *testing.T) { - // Bug repro: tool_result with no content field produces invalid JSON - inputJSON := []byte(`{ - "model": "claude-opus-4-6-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "MyTool-123-456", - "name": "MyTool", - "input": {"key": "value"} - } - ] - }, - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "MyTool-123-456" - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, true) - outputStr := string(output) - - if !gjson.Valid(outputStr) { - t.Errorf("Result is not valid JSON:\n%s", outputStr) - } - - // Verify the functionResponse has a valid result value - fr := gjson.Get(outputStr, "request.contents.1.parts.0.functionResponse.response.result") - if !fr.Exists() { - t.Error("functionResponse.response.result should exist") - } -} - -func TestConvertClaudeRequestToAntigravity_ToolResultNullContent(t *testing.T) { - // Bug repro: tool_result with null content produces invalid JSON - inputJSON := []byte(`{ - "model": "claude-opus-4-6-thinking", - "messages": [ - { - "role": "assistant", - "content": [ - { - "type": "tool_use", - "id": "MyTool-123-456", - "name": "MyTool", - "input": {"key": "value"} - } - ] - }, - { - "role": "user", - "content": [ - { - "type": "tool_result", - "tool_use_id": "MyTool-123-456", - "content": null - } - ] - } - ] - }`) - - output := ConvertClaudeRequestToAntigravity("claude-opus-4-6-thinking", inputJSON, true) - outputStr := string(output) - - if !gjson.Valid(outputStr) { - t.Errorf("Result is not valid JSON:\n%s", outputStr) - } -} - -func TestConvertClaudeRequestToAntigravity_ToolAndThinking_NoExistingSystem(t *testing.T) { - // When tools + thinking but no system instruction, should create one with hint - inputJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Hello"}]}], - "tools": [ - { - "name": "get_weather", - "description": "Get weather", - "input_schema": {"type": "object", "properties": {"location": {"type": "string"}}} - } - ], - "thinking": {"type": "enabled", "budget_tokens": 8000} - }`) - - output := ConvertClaudeRequestToAntigravity("claude-sonnet-4-5-thinking", inputJSON, false) - outputStr := string(output) - - // System instruction should be created with hint - sysInstruction := gjson.Get(outputStr, "request.systemInstruction") - if !sysInstruction.Exists() { - t.Fatal("systemInstruction should be created when tools + thinking are active") - } - - sysText := sysInstruction.Get("parts").Array() - found := false - for _, part := range sysText { - if strings.Contains(part.Get("text").String(), "Interleaved thinking is enabled") { - found = true - break - } - } - if !found { - t.Errorf("Interleaved thinking hint should be in created systemInstruction, got: %v", sysInstruction.Raw) - } -} diff --git a/internal/translator/antigravity/claude/antigravity_claude_response.go b/internal/translator/antigravity/claude/antigravity_claude_response.go deleted file mode 100644 index bbb6d5c87d..0000000000 --- a/internal/translator/antigravity/claude/antigravity_claude_response.go +++ /dev/null @@ -1,523 +0,0 @@ -// Package claude provides response translation functionality for Claude Code API compatibility. -// This package handles the conversion of backend client responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/cache" - log "github.com/sirupsen/logrus" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion and maintains state across streaming chunks. -// This structure tracks the current state of the response translation process to ensure -// proper sequencing of SSE events and transitions between different content types. -type Params struct { - HasFirstResponse bool // Indicates if the initial message_start event has been sent - ResponseType int // Current response type: 0=none, 1=content, 2=thinking, 3=function - ResponseIndex int // Index counter for content blocks in the streaming response - HasFinishReason bool // Tracks whether a finish reason has been observed - FinishReason string // The finish reason string returned by the provider - HasUsageMetadata bool // Tracks whether usage metadata has been observed - PromptTokenCount int64 // Cached prompt token count from usage metadata - CandidatesTokenCount int64 // Cached candidate token count from usage metadata - ThoughtsTokenCount int64 // Cached thinking token count from usage metadata - TotalTokenCount int64 // Cached total token count from usage metadata - CachedTokenCount int64 // Cached content token count (indicates prompt caching) - HasSentFinalEvents bool // Indicates if final content/message events have been sent - HasToolUse bool // Indicates if tool use was observed in the stream - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output - - // Signature caching support - CurrentThinkingText strings.Builder // Accumulates thinking text for signature caching -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertAntigravityResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertAntigravityResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - modelName := gjson.GetBytes(requestRawJSON, "model").String() - - params := (*param).(*Params) - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - output := "" - // Only send final events if we have actually output content - if params.HasContent { - appendFinalEvents(params, &output, true) - return []string{ - output + "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk to establish the streaming session - if !params.HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values according to Claude Code API specification - // This follows the Claude Code API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Use cpaUsageMetadata within the message_start event for Claude. - if promptTokenCount := gjson.GetBytes(rawJSON, "response.cpaUsageMetadata.promptTokenCount"); promptTokenCount.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.usage.input_tokens", promptTokenCount.Int()) - } - if candidatesTokenCount := gjson.GetBytes(rawJSON, "response.cpaUsageMetadata.candidatesTokenCount"); candidatesTokenCount.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.usage.output_tokens", candidatesTokenCount.Int()) - } - - // Override default values with actual response metadata if available from the Gemini CLI response - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - params.HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - if thoughtSignature := partResult.Get("thoughtSignature"); thoughtSignature.Exists() && thoughtSignature.String() != "" { - // log.Debug("Branch: signature_delta") - - if params.CurrentThinkingText.Len() > 0 { - cache.CacheSignature(modelName, params.CurrentThinkingText.String(), thoughtSignature.String()) - // log.Debugf("Cached signature for thinking block (textLen=%d)", params.CurrentThinkingText.Len()) - params.CurrentThinkingText.Reset() - } - - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":""}}`, params.ResponseIndex), "delta.signature", fmt.Sprintf("%s#%s", cache.GetModelGroup(modelName), thoughtSignature.String())) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else if params.ResponseType == 2 { // Continue existing thinking block if already in thinking state - params.CurrentThinkingText.WriteString(partTextResult.String()) - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, params.ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if params.ResponseType != 0 { - if params.ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, params.ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, params.ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, params.ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.ResponseType = 2 // Set state to thinking - params.HasContent = true - // Start accumulating thinking text for signature caching - params.CurrentThinkingText.Reset() - params.CurrentThinkingText.WriteString(partTextResult.String()) - } - } else { - finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason") - if partTextResult.String() != "" || !finishReasonResult.Exists() { - // Process regular text content (user-visible output) - // Continue existing text block if already in content state - if params.ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, params.ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if params.ResponseType != 0 { - if params.ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, params.ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - if partTextResult.String() != "" { - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, params.ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, params.ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - params.ResponseType = 1 // Set state to content - params.HasContent = true - } - } - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude Code API compatibility - params.HasToolUse = true - fcName := functionCallResult.Get("name").String() - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if params.ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - params.ResponseType = 0 - } - - // Special handling for thinking state transition - if params.ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, params.ResponseIndex) - // output = output + "\n\n\n" - } - - // Close any other existing content block - if params.ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - output = output + "\n\n\n" - params.ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude Code format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, params.ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, params.ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - params.ResponseType = 3 - params.HasContent = true - } - } - } - - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - params.HasFinishReason = true - params.FinishReason = finishReasonResult.String() - } - - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - params.HasUsageMetadata = true - params.CachedTokenCount = usageResult.Get("cachedContentTokenCount").Int() - params.PromptTokenCount = usageResult.Get("promptTokenCount").Int() - params.CachedTokenCount - params.CandidatesTokenCount = usageResult.Get("candidatesTokenCount").Int() - params.ThoughtsTokenCount = usageResult.Get("thoughtsTokenCount").Int() - params.TotalTokenCount = usageResult.Get("totalTokenCount").Int() - if params.CandidatesTokenCount == 0 && params.TotalTokenCount > 0 { - params.CandidatesTokenCount = params.TotalTokenCount - params.PromptTokenCount - params.ThoughtsTokenCount - if params.CandidatesTokenCount < 0 { - params.CandidatesTokenCount = 0 - } - } - } - - if params.HasUsageMetadata && params.HasFinishReason { - appendFinalEvents(params, &output, false) - } - - return []string{output} -} - -func appendFinalEvents(params *Params, output *string, force bool) { - if params.HasSentFinalEvents { - return - } - - if !params.HasUsageMetadata && !force { - return - } - - // Only send final events if we have actually output content - if !params.HasContent { - return - } - - if params.ResponseType != 0 { - *output = *output + "event: content_block_stop\n" - *output = *output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, params.ResponseIndex) - *output = *output + "\n\n\n" - params.ResponseType = 0 - } - - stopReason := resolveStopReason(params) - usageOutputTokens := params.CandidatesTokenCount + params.ThoughtsTokenCount - if usageOutputTokens == 0 && params.TotalTokenCount > 0 { - usageOutputTokens = params.TotalTokenCount - params.PromptTokenCount - if usageOutputTokens < 0 { - usageOutputTokens = 0 - } - } - - *output = *output + "event: message_delta\n" - *output = *output + "data: " - delta := fmt.Sprintf(`{"type":"message_delta","delta":{"stop_reason":"%s","stop_sequence":null},"usage":{"input_tokens":%d,"output_tokens":%d}}`, stopReason, params.PromptTokenCount, usageOutputTokens) - // Add cache_read_input_tokens if cached tokens are present (indicates prompt caching is working) - if params.CachedTokenCount > 0 { - var err error - delta, err = sjson.Set(delta, "usage.cache_read_input_tokens", params.CachedTokenCount) - if err != nil { - log.Warnf("antigravity claude response: failed to set cache_read_input_tokens: %v", err) - } - } - *output = *output + delta + "\n\n\n" - - params.HasSentFinalEvents = true -} - -func resolveStopReason(params *Params) string { - if params.HasToolUse { - return "tool_use" - } - - switch params.FinishReason { - case "MAX_TOKENS": - return "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - return "end_turn" - } - - return "end_turn" -} - -// ConvertAntigravityResponseToClaudeNonStream converts a non-streaming Gemini CLI response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini CLI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertAntigravityResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - modelName := gjson.GetBytes(requestRawJSON, "model").String() - - root := gjson.ParseBytes(rawJSON) - promptTokens := root.Get("response.usageMetadata.promptTokenCount").Int() - candidateTokens := root.Get("response.usageMetadata.candidatesTokenCount").Int() - thoughtTokens := root.Get("response.usageMetadata.thoughtsTokenCount").Int() - totalTokens := root.Get("response.usageMetadata.totalTokenCount").Int() - cachedTokens := root.Get("response.usageMetadata.cachedContentTokenCount").Int() - outputTokens := candidateTokens + thoughtTokens - if outputTokens == 0 && totalTokens > 0 { - outputTokens = totalTokens - promptTokens - if outputTokens < 0 { - outputTokens = 0 - } - } - - responseJSON := `{"id":"","type":"message","role":"assistant","model":"","content":null,"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - responseJSON, _ = sjson.Set(responseJSON, "id", root.Get("response.responseId").String()) - responseJSON, _ = sjson.Set(responseJSON, "model", root.Get("response.modelVersion").String()) - responseJSON, _ = sjson.Set(responseJSON, "usage.input_tokens", promptTokens) - responseJSON, _ = sjson.Set(responseJSON, "usage.output_tokens", outputTokens) - // Add cache_read_input_tokens if cached tokens are present (indicates prompt caching is working) - if cachedTokens > 0 { - var err error - responseJSON, err = sjson.Set(responseJSON, "usage.cache_read_input_tokens", cachedTokens) - if err != nil { - log.Warnf("antigravity claude response: failed to set cache_read_input_tokens: %v", err) - } - } - - contentArrayInitialized := false - ensureContentArray := func() { - if contentArrayInitialized { - return - } - responseJSON, _ = sjson.SetRaw(responseJSON, "content", "[]") - contentArrayInitialized = true - } - - parts := root.Get("response.candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - thinkingSignature := "" - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - ensureContentArray() - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 && thinkingSignature == "" { - return - } - ensureContentArray() - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - if thinkingSignature != "" { - block, _ = sjson.Set(block, "signature", fmt.Sprintf("%s#%s", cache.GetModelGroup(modelName), thinkingSignature)) - } - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", block) - thinkingBuilder.Reset() - thinkingSignature = "" - } - - if parts.IsArray() { - for _, part := range parts.Array() { - isThought := part.Get("thought").Bool() - if isThought { - sig := part.Get("thoughtSignature") - if !sig.Exists() { - sig = part.Get("thought_signature") - } - if sig.Exists() && sig.String() != "" { - thinkingSignature = sig.String() - } - } - - if text := part.Get("text"); text.Exists() && text.String() != "" { - if isThought { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - - if args := functionCall.Get("args"); args.Exists() && args.Raw != "" && gjson.Valid(args.Raw) && args.IsObject() { - toolBlock, _ = sjson.SetRaw(toolBlock, "input", args.Raw) - } - - ensureContentArray() - responseJSON, _ = sjson.SetRaw(responseJSON, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("response.candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - responseJSON, _ = sjson.Set(responseJSON, "stop_reason", stopReason) - - if promptTokens == 0 && outputTokens == 0 { - if usageMeta := root.Get("response.usageMetadata"); !usageMeta.Exists() { - responseJSON, _ = sjson.Delete(responseJSON, "usage") - } - } - - return responseJSON -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/internal/translator/antigravity/claude/antigravity_claude_response_test.go b/internal/translator/antigravity/claude/antigravity_claude_response_test.go deleted file mode 100644 index fe627eb111..0000000000 --- a/internal/translator/antigravity/claude/antigravity_claude_response_test.go +++ /dev/null @@ -1,246 +0,0 @@ -package claude - -import ( - "context" - "strings" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/cache" -) - -// ============================================================================ -// Signature Caching Tests -// ============================================================================ - -func TestConvertAntigravityResponseToClaude_ParamsInitialized(t *testing.T) { - cache.ClearSignatureCache("") - - // Request with user message - should initialize params - requestJSON := []byte(`{ - "messages": [ - {"role": "user", "content": [{"type": "text", "text": "Hello world"}]} - ] - }`) - - // First response chunk with thinking - responseJSON := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Let me think...", "thought": true}] - } - }] - } - }`) - - var param any - ctx := context.Background() - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, responseJSON, ¶m) - - params := param.(*Params) - if !params.HasFirstResponse { - t.Error("HasFirstResponse should be set after first chunk") - } - if params.CurrentThinkingText.Len() == 0 { - t.Error("Thinking text should be accumulated") - } -} - -func TestConvertAntigravityResponseToClaude_ThinkingTextAccumulated(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "messages": [{"role": "user", "content": [{"type": "text", "text": "Test"}]}] - }`) - - // First thinking chunk - chunk1 := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "First part of thinking...", "thought": true}] - } - }] - } - }`) - - // Second thinking chunk (continuation) - chunk2 := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": " Second part of thinking...", "thought": true}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process first chunk - starts new thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, chunk1, ¶m) - params := param.(*Params) - - if params.CurrentThinkingText.Len() == 0 { - t.Error("Thinking text should be accumulated after first chunk") - } - - // Process second chunk - continues thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, chunk2, ¶m) - - text := params.CurrentThinkingText.String() - if !strings.Contains(text, "First part") || !strings.Contains(text, "Second part") { - t.Errorf("Thinking text should accumulate both parts, got: %s", text) - } -} - -func TestConvertAntigravityResponseToClaude_SignatureCached(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Cache test"}]}] - }`) - - // Thinking chunk - thinkingChunk := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "My thinking process here", "thought": true}] - } - }] - } - }`) - - // Signature chunk - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - signatureChunk := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSignature + `"}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process thinking chunk - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, thinkingChunk, ¶m) - params := param.(*Params) - thinkingText := params.CurrentThinkingText.String() - - if thinkingText == "" { - t.Fatal("Thinking text should be accumulated") - } - - // Process signature chunk - should cache the signature - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, signatureChunk, ¶m) - - // Verify signature was cached - cachedSig := cache.GetCachedSignature("claude-sonnet-4-5-thinking", thinkingText) - if cachedSig != validSignature { - t.Errorf("Expected cached signature '%s', got '%s'", validSignature, cachedSig) - } - - // Verify thinking text was reset after caching - if params.CurrentThinkingText.Len() != 0 { - t.Error("Thinking text should be reset after signature is cached") - } -} - -func TestConvertAntigravityResponseToClaude_MultipleThinkingBlocks(t *testing.T) { - cache.ClearSignatureCache("") - - requestJSON := []byte(`{ - "model": "claude-sonnet-4-5-thinking", - "messages": [{"role": "user", "content": [{"type": "text", "text": "Multi block test"}]}] - }`) - - validSig1 := "signature1_12345678901234567890123456789012345678901234567" - validSig2 := "signature2_12345678901234567890123456789012345678901234567" - - // First thinking block with signature - block1Thinking := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "First thinking block", "thought": true}] - } - }] - } - }`) - block1Sig := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSig1 + `"}] - } - }] - } - }`) - - // Text content (breaks thinking) - textBlock := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Regular text output"}] - } - }] - } - }`) - - // Second thinking block with signature - block2Thinking := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "Second thinking block", "thought": true}] - } - }] - } - }`) - block2Sig := []byte(`{ - "response": { - "candidates": [{ - "content": { - "parts": [{"text": "", "thought": true, "thoughtSignature": "` + validSig2 + `"}] - } - }] - } - }`) - - var param any - ctx := context.Background() - - // Process first thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block1Thinking, ¶m) - params := param.(*Params) - firstThinkingText := params.CurrentThinkingText.String() - - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block1Sig, ¶m) - - // Verify first signature cached - if cache.GetCachedSignature("claude-sonnet-4-5-thinking", firstThinkingText) != validSig1 { - t.Error("First thinking block signature should be cached") - } - - // Process text (transitions out of thinking) - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, textBlock, ¶m) - - // Process second thinking block - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block2Thinking, ¶m) - secondThinkingText := params.CurrentThinkingText.String() - - ConvertAntigravityResponseToClaude(ctx, "claude-sonnet-4-5-thinking", requestJSON, requestJSON, block2Sig, ¶m) - - // Verify second signature cached - if cache.GetCachedSignature("claude-sonnet-4-5-thinking", secondThinkingText) != validSig2 { - t.Error("Second thinking block signature should be cached") - } -} diff --git a/internal/translator/antigravity/claude/init.go b/internal/translator/antigravity/claude/init.go deleted file mode 100644 index 74d00a8bcd..0000000000 --- a/internal/translator/antigravity/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Antigravity, - ConvertClaudeRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToClaude, - NonStream: ConvertAntigravityResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/internal/translator/antigravity/gemini/antigravity_gemini_request.go b/internal/translator/antigravity/gemini/antigravity_gemini_request.go deleted file mode 100644 index 9c20bd922e..0000000000 --- a/internal/translator/antigravity/gemini/antigravity_gemini_request.go +++ /dev/null @@ -1,312 +0,0 @@ -// Package gemini provides request translation functionality for Gemini CLI to Gemini API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Gemini API's expected format. -package gemini - -import ( - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToAntigravity parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini API format -// 3. Converts system instructions to the expected format -// 4. Fixes CLI tool response format and grouping -// -// Parameters: -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertGeminiRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - template := "" - template = `{"project":"","request":{},"model":""}` - template, _ = sjson.SetRaw(template, "request", string(rawJSON)) - template, _ = sjson.Set(template, "model", modelName) - template, _ = sjson.Delete(template, "request.model") - - template, errFixCLIToolResponse := fixCLIToolResponse(template) - if errFixCLIToolResponse != nil { - return []byte{} - } - - systemInstructionResult := gjson.Get(template, "request.system_instruction") - if systemInstructionResult.Exists() { - template, _ = sjson.SetRaw(template, "request.systemInstruction", systemInstructionResult.Raw) - template, _ = sjson.Delete(template, "request.system_instruction") - } - rawJSON = []byte(template) - - // Normalize roles in request.contents: default to valid values if missing/invalid - contents := gjson.GetBytes(rawJSON, "request.contents") - if contents.Exists() { - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - if prevRole == "" { - newRole = "user" - } else if prevRole == "user" { - newRole = "model" - } else { - newRole = "user" - } - path := fmt.Sprintf("request.contents.%d.role", idx) - rawJSON, _ = sjson.SetBytes(rawJSON, path, newRole) - role = newRole - } - prevRole = role - idx++ - return true - }) - } - - toolsResult := gjson.GetBytes(rawJSON, "request.tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - // Gemini-specific handling for non-Claude models: - // - Add skip_thought_signature_validator to functionCall parts so upstream can bypass signature validation. - // - Also mark thinking parts with the same sentinel when present (we keep the parts; we only annotate them). - if !strings.Contains(modelName, "claude") { - const skipSentinel = "skip_thought_signature_validator" - - gjson.GetBytes(rawJSON, "request.contents").ForEach(func(contentIdx, content gjson.Result) bool { - if content.Get("role").String() == "model" { - // First pass: collect indices of thinking parts to mark with skip sentinel - var thinkingIndicesToSkipSignature []int64 - content.Get("parts").ForEach(func(partIdx, part gjson.Result) bool { - // Collect indices of thinking blocks to mark with skip sentinel - if part.Get("thought").Bool() { - thinkingIndicesToSkipSignature = append(thinkingIndicesToSkipSignature, partIdx.Int()) - } - // Add skip sentinel to functionCall parts - if part.Get("functionCall").Exists() { - existingSig := part.Get("thoughtSignature").String() - if existingSig == "" || len(existingSig) < 50 { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", contentIdx.Int(), partIdx.Int()), skipSentinel) - } - } - return true - }) - - // Add skip_thought_signature_validator sentinel to thinking blocks in reverse order to preserve indices - for i := len(thinkingIndicesToSkipSignature) - 1; i >= 0; i-- { - idx := thinkingIndicesToSkipSignature[i] - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", contentIdx.Int(), idx), skipSentinel) - } - } - return true - }) - } - - return common.AttachDefaultSafetySettings(rawJSON, "request.safetySettings") -} - -// FunctionCallGroup represents a group of function calls and their responses -type FunctionCallGroup struct { - ResponsesNeeded int -} - -// parseFunctionResponseRaw attempts to normalize a function response part into a JSON object string. -// Falls back to a minimal "functionResponse" object when parsing fails. -func parseFunctionResponseRaw(response gjson.Result) string { - if response.IsObject() && gjson.Valid(response.Raw) { - return response.Raw - } - - log.Debugf("parse function response failed, using fallback") - funcResp := response.Get("functionResponse") - if funcResp.Exists() { - fr := `{"functionResponse":{"name":"","response":{"result":""}}}` - fr, _ = sjson.Set(fr, "functionResponse.name", funcResp.Get("name").String()) - fr, _ = sjson.Set(fr, "functionResponse.response.result", funcResp.Get("response").String()) - if id := funcResp.Get("id").String(); id != "" { - fr, _ = sjson.Set(fr, "functionResponse.id", id) - } - return fr - } - - fr := `{"functionResponse":{"name":"unknown","response":{"result":""}}}` - fr, _ = sjson.Set(fr, "functionResponse.response.result", response.String()) - return fr -} - -// fixCLIToolResponse performs sophisticated tool response format conversion and grouping. -// This function transforms the CLI tool response format by intelligently grouping function calls -// with their corresponding responses, ensuring proper conversation flow and API compatibility. -// It converts from a linear format (1.json) to a grouped format (2.json) where function calls -// and their responses are properly associated and structured. -// -// Parameters: -// - input: The input JSON string to be processed -// -// Returns: -// - string: The processed JSON string with grouped function calls and responses -// - error: An error if the processing fails -func fixCLIToolResponse(input string) (string, error) { - // Parse the input JSON to extract the conversation structure - parsed := gjson.Parse(input) - - // Extract the contents array which contains the conversation messages - contents := parsed.Get("request.contents") - if !contents.Exists() { - // log.Debugf(input) - return input, fmt.Errorf("contents not found in input") - } - - // Initialize data structures for processing and grouping - contentsWrapper := `{"contents":[]}` - var pendingGroups []*FunctionCallGroup // Groups awaiting completion with responses - var collectedResponses []gjson.Result // Standalone responses to be matched - - // Process each content object in the conversation - // This iterates through messages and groups function calls with their responses - contents.ForEach(func(key, value gjson.Result) bool { - role := value.Get("role").String() - parts := value.Get("parts") - - // Check if this content has function responses - var responsePartsInThisContent []gjson.Result - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionResponse").Exists() { - responsePartsInThisContent = append(responsePartsInThisContent, part) - } - return true - }) - - // If this content has function responses, collect them - if len(responsePartsInThisContent) > 0 { - collectedResponses = append(collectedResponses, responsePartsInThisContent...) - - // Check if any pending groups can be satisfied - for i := len(pendingGroups) - 1; i >= 0; i-- { - group := pendingGroups[i] - if len(collectedResponses) >= group.ResponsesNeeded { - // Take the needed responses for this group - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - // Create merged function response content - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - partRaw := parseFunctionResponseRaw(response) - if partRaw != "" { - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", partRaw) - } - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - - // Remove this group as it's been satisfied - pendingGroups = append(pendingGroups[:i], pendingGroups[i+1:]...) - break - } - } - - return true // Skip adding this content, responses are merged - } - - // If this is a model with function calls, create a new group - if role == "model" { - functionCallsCount := 0 - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - functionCallsCount++ - } - return true - }) - - if functionCallsCount > 0 { - // Add the model content - if !value.IsObject() { - log.Warnf("failed to parse model content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - - // Create a new group for tracking responses - group := &FunctionCallGroup{ - ResponsesNeeded: functionCallsCount, - } - pendingGroups = append(pendingGroups, group) - } else { - // Regular model content without function calls - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - } else { - // Non-model content (user, etc.) - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - - return true - }) - - // Handle any remaining pending groups with remaining responses - for _, group := range pendingGroups { - if len(collectedResponses) >= group.ResponsesNeeded { - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - partRaw := parseFunctionResponseRaw(response) - if partRaw != "" { - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", partRaw) - } - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - } - } - - // Update the original JSON with the new contents - result := input - result, _ = sjson.SetRaw(result, "request.contents", gjson.Get(contentsWrapper, "contents").Raw) - - return result, nil -} diff --git a/internal/translator/antigravity/gemini/antigravity_gemini_request_test.go b/internal/translator/antigravity/gemini/antigravity_gemini_request_test.go deleted file mode 100644 index 8867a30eae..0000000000 --- a/internal/translator/antigravity/gemini/antigravity_gemini_request_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package gemini - -import ( - "fmt" - "testing" - - "github.com/tidwall/gjson" -) - -func TestConvertGeminiRequestToAntigravity_PreserveValidSignature(t *testing.T) { - // Valid signature on functionCall should be preserved - validSignature := "abc123validSignature1234567890123456789012345678901234567890" - inputJSON := []byte(fmt.Sprintf(`{ - "model": "gemini-3-pro-preview", - "contents": [ - { - "role": "model", - "parts": [ - {"functionCall": {"name": "test_tool", "args": {}}, "thoughtSignature": "%s"} - ] - } - ] - }`, validSignature)) - - output := ConvertGeminiRequestToAntigravity("gemini-3-pro-preview", inputJSON, false) - outputStr := string(output) - - // Check that valid thoughtSignature is preserved - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 1 { - t.Fatalf("Expected 1 part, got %d", len(parts)) - } - - sig := parts[0].Get("thoughtSignature").String() - if sig != validSignature { - t.Errorf("Expected thoughtSignature '%s', got '%s'", validSignature, sig) - } -} - -func TestConvertGeminiRequestToAntigravity_AddSkipSentinelToFunctionCall(t *testing.T) { - // functionCall without signature should get skip_thought_signature_validator - inputJSON := []byte(`{ - "model": "gemini-3-pro-preview", - "contents": [ - { - "role": "model", - "parts": [ - {"functionCall": {"name": "test_tool", "args": {}}} - ] - } - ] - }`) - - output := ConvertGeminiRequestToAntigravity("gemini-3-pro-preview", inputJSON, false) - outputStr := string(output) - - // Check that skip_thought_signature_validator is added to functionCall - sig := gjson.Get(outputStr, "request.contents.0.parts.0.thoughtSignature").String() - expectedSig := "skip_thought_signature_validator" - if sig != expectedSig { - t.Errorf("Expected skip sentinel '%s', got '%s'", expectedSig, sig) - } -} - -func TestConvertGeminiRequestToAntigravity_ParallelFunctionCalls(t *testing.T) { - // Multiple functionCalls should all get skip_thought_signature_validator - inputJSON := []byte(`{ - "model": "gemini-3-pro-preview", - "contents": [ - { - "role": "model", - "parts": [ - {"functionCall": {"name": "tool_one", "args": {"a": "1"}}}, - {"functionCall": {"name": "tool_two", "args": {"b": "2"}}} - ] - } - ] - }`) - - output := ConvertGeminiRequestToAntigravity("gemini-3-pro-preview", inputJSON, false) - outputStr := string(output) - - parts := gjson.Get(outputStr, "request.contents.0.parts").Array() - if len(parts) != 2 { - t.Fatalf("Expected 2 parts, got %d", len(parts)) - } - - expectedSig := "skip_thought_signature_validator" - for i, part := range parts { - sig := part.Get("thoughtSignature").String() - if sig != expectedSig { - t.Errorf("Part %d: Expected '%s', got '%s'", i, expectedSig, sig) - } - } -} diff --git a/internal/translator/antigravity/gemini/antigravity_gemini_response.go b/internal/translator/antigravity/gemini/antigravity_gemini_response.go deleted file mode 100644 index 874dc28314..0000000000 --- a/internal/translator/antigravity/gemini/antigravity_gemini_response.go +++ /dev/null @@ -1,100 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Gemini CLI API compatibility. -// It handles parsing and transforming Gemini API requests into Gemini CLI API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Gemini CLI API's expected format. -package gemini - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertAntigravityResponseToGemini parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the response data from the request -// 2. Handles alternative response formats -// 3. Processes array responses by extracting individual response objects -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - []string: The transformed request data in Gemini API format -func ConvertAntigravityResponseToGemini(ctx context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if alt, ok := ctx.Value("alt").(string); ok { - var chunk []byte - if alt == "" { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk = []byte(responseResult.Raw) - chunk = restoreUsageMetadata(chunk) - } - } else { - chunkTemplate := "[]" - responseResult := gjson.ParseBytes(chunk) - if responseResult.IsArray() { - responseResultItems := responseResult.Array() - for i := 0; i < len(responseResultItems); i++ { - responseResultItem := responseResultItems[i] - if responseResultItem.Get("response").Exists() { - chunkTemplate, _ = sjson.SetRaw(chunkTemplate, "-1", responseResultItem.Get("response").Raw) - } - } - } - chunk = []byte(chunkTemplate) - } - return []string{string(chunk)} - } - return []string{} -} - -// ConvertAntigravityResponseToGeminiNonStream converts a non-streaming Gemini CLI request to a non-streaming Gemini response. -// This function processes the complete Gemini CLI request and transforms it into a single Gemini-compatible -// JSON response. It extracts the response data from the request and returns it in the expected format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing the response data -func ConvertAntigravityResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk := restoreUsageMetadata([]byte(responseResult.Raw)) - return string(chunk) - } - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -// restoreUsageMetadata renames cpaUsageMetadata back to usageMetadata. -// The executor renames usageMetadata to cpaUsageMetadata in non-terminal chunks -// to preserve usage data while hiding it from clients that don't expect it. -// When returning standard Gemini API format, we must restore the original name. -func restoreUsageMetadata(chunk []byte) []byte { - if cpaUsage := gjson.GetBytes(chunk, "cpaUsageMetadata"); cpaUsage.Exists() { - chunk, _ = sjson.SetRawBytes(chunk, "usageMetadata", []byte(cpaUsage.Raw)) - chunk, _ = sjson.DeleteBytes(chunk, "cpaUsageMetadata") - } - return chunk -} diff --git a/internal/translator/antigravity/gemini/antigravity_gemini_response_test.go b/internal/translator/antigravity/gemini/antigravity_gemini_response_test.go deleted file mode 100644 index 5f96012ad1..0000000000 --- a/internal/translator/antigravity/gemini/antigravity_gemini_response_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package gemini - -import ( - "context" - "testing" -) - -func TestRestoreUsageMetadata(t *testing.T) { - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata renamed to usageMetadata", - input: []byte(`{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100,"candidatesTokenCount":200}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100,"candidatesTokenCount":200}}`, - }, - { - name: "no cpaUsageMetadata unchanged", - input: []byte(`{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - { - name: "empty input", - input: []byte(`{}`), - expected: `{}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := restoreUsageMetadata(tt.input) - if string(result) != tt.expected { - t.Errorf("restoreUsageMetadata() = %s, want %s", string(result), tt.expected) - } - }) - } -} - -func TestConvertAntigravityResponseToGeminiNonStream(t *testing.T) { - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata restored in response", - input: []byte(`{"response":{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - { - name: "usageMetadata preserved", - input: []byte(`{"response":{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertAntigravityResponseToGeminiNonStream(context.Background(), "", nil, nil, tt.input, nil) - if result != tt.expected { - t.Errorf("ConvertAntigravityResponseToGeminiNonStream() = %s, want %s", result, tt.expected) - } - }) - } -} - -func TestConvertAntigravityResponseToGeminiStream(t *testing.T) { - ctx := context.WithValue(context.Background(), "alt", "") - - tests := []struct { - name string - input []byte - expected string - }{ - { - name: "cpaUsageMetadata restored in streaming response", - input: []byte(`data: {"response":{"modelVersion":"gemini-3-pro","cpaUsageMetadata":{"promptTokenCount":100}}}`), - expected: `{"modelVersion":"gemini-3-pro","usageMetadata":{"promptTokenCount":100}}`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - results := ConvertAntigravityResponseToGemini(ctx, "", nil, nil, tt.input, nil) - if len(results) != 1 { - t.Fatalf("expected 1 result, got %d", len(results)) - } - if results[0] != tt.expected { - t.Errorf("ConvertAntigravityResponseToGemini() = %s, want %s", results[0], tt.expected) - } - }) - } -} diff --git a/internal/translator/antigravity/gemini/init.go b/internal/translator/antigravity/gemini/init.go deleted file mode 100644 index c0e204e0f4..0000000000 --- a/internal/translator/antigravity/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - Antigravity, - ConvertGeminiRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToGemini, - NonStream: ConvertAntigravityResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/internal/translator/antigravity/openai/chat-completions/antigravity_openai_request.go b/internal/translator/antigravity/openai/chat-completions/antigravity_openai_request.go deleted file mode 100644 index 6a94e9abf5..0000000000 --- a/internal/translator/antigravity/openai/chat-completions/antigravity_openai_request.go +++ /dev/null @@ -1,417 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToAntigravity converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToAntigravity(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"project":"","request":{"contents":[]},"model":"gemini-2.5-pro"}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini CLI thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "request.generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k/max_tokens - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topK", tkr.Num) - } - if maxTok := gjson.GetBytes(rawJSON, "max_tokens"); maxTok.Exists() && maxTok.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.maxOutputTokens", maxTok.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "request.generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini CLI request.generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "request.generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into request.generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.imageSize", size.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> request.systemInstruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } else if role == "assistant" { - node := []byte(`{"role":"model","parts":[]}`) - p := 0 - if content.Type == gjson.String && content.String() != "" { - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.id", fid) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - if gjson.Valid(fargs) { - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - } else { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.args.params", []byte(fargs)) - } - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.id", fid) - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - // Handle non-JSON output gracefully (matches dev branch approach) - if resp != "null" { - parsed := gjson.Parse(resp) - if parsed.Type == gjson.JSON { - toolNode, _ = sjson.SetRawBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(parsed.Raw)) - } else { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", resp) - } - } - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", toolNode) - } - } else { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - } - } - } - - // tools -> request.tools[].functionDeclarations + request.tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(gs.Raw)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "request.tools", toolsNode) - } - } - - return common.AttachDefaultSafetySettings(out, "request.safetySettings") -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } diff --git a/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response.go b/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response.go deleted file mode 100644 index 3143954135..0000000000 --- a/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response.go +++ /dev/null @@ -1,241 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - log "github.com/sirupsen/logrus" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/chat-completions" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertCliResponseToOpenAIChatParams holds parameters for response conversion. -type convertCliResponseToOpenAIChatParams struct { - UnixTimestamp int64 - FunctionIndex int - SawToolCall bool // Tracks if any tool call was seen in the entire stream - UpstreamFinishReason string // Caches the upstream finish reason for final chunk -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertAntigravityResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertAntigravityResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &convertCliResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "response.createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } else { - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - // Cache the finish reason - do NOT set it in output yet (will be set on final chunk) - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - (*param).(*convertCliResponseToOpenAIChatParams).UpstreamFinishReason = strings.ToUpper(finishReasonResult.String()) - } - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("antigravity openai response: failed to set cached_tokens: %v", err) - } - } - } - - // Process the main content part of the response. - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Ignore encrypted thoughtSignature but keep any actual content in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - textContent := partTextResult.String() - - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", textContent) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", textContent) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - (*param).(*convertCliResponseToOpenAIChatParams).SawToolCall = true // Persist across chunks - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - functionCallIndex := (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex - (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex++ - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - // Determine finish_reason only on the final chunk (has both finishReason and usage metadata) - params := (*param).(*convertCliResponseToOpenAIChatParams) - upstreamFinishReason := params.UpstreamFinishReason - sawToolCall := params.SawToolCall - - usageExists := gjson.GetBytes(rawJSON, "response.usageMetadata").Exists() - isFinalChunk := upstreamFinishReason != "" && usageExists - - if isFinalChunk { - var finishReason string - if sawToolCall { - finishReason = "tool_calls" - } else if upstreamFinishReason == "MAX_TOKENS" { - finishReason = "max_tokens" - } else { - finishReason = "stop" - } - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", strings.ToLower(upstreamFinishReason)) - } - - return []string{template} -} - -// ConvertAntigravityResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertAntigravityResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return ConvertGeminiResponseToOpenAINonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, []byte(responseResult.Raw), param) - } - return "" -} diff --git a/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go b/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go deleted file mode 100644 index eea1ad5216..0000000000 --- a/internal/translator/antigravity/openai/chat-completions/antigravity_openai_response_test.go +++ /dev/null @@ -1,128 +0,0 @@ -package chat_completions - -import ( - "context" - "testing" - - "github.com/tidwall/gjson" -) - -func TestFinishReasonToolCallsNotOverwritten(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Contains functionCall - should set SawToolCall = true - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"functionCall":{"name":"list_files","args":{"path":"."}}}]}}]}}`) - result1 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Verify chunk1 has no finish_reason (null) - if len(result1) != 1 { - t.Fatalf("Expected 1 result from chunk1, got %d", len(result1)) - } - fr1 := gjson.Get(result1[0], "choices.0.finish_reason") - if fr1.Exists() && fr1.String() != "" && fr1.Type.String() != "Null" { - t.Errorf("Expected finish_reason to be null in chunk1, got: %v", fr1.String()) - } - - // Chunk 2: Contains finishReason STOP + usage (final chunk, no functionCall) - // This simulates what the upstream sends AFTER the tool call chunk - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":20,"totalTokenCount":30}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify chunk2 has finish_reason: "tool_calls" (not "stop") - if len(result2) != 1 { - t.Fatalf("Expected 1 result from chunk2, got %d", len(result2)) - } - fr2 := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr2 != "tool_calls" { - t.Errorf("Expected finish_reason 'tool_calls', got: %s", fr2) - } - - // Verify native_finish_reason is lowercase upstream value - nfr2 := gjson.Get(result2[0], "choices.0.native_finish_reason").String() - if nfr2 != "stop" { - t.Errorf("Expected native_finish_reason 'stop', got: %s", nfr2) - } -} - -func TestFinishReasonStopForNormalText(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content only - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello world"}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with STOP - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "stop" (no tool calls were made) - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "stop" { - t.Errorf("Expected finish_reason 'stop', got: %s", fr) - } -} - -func TestFinishReasonMaxTokens(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello"}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with MAX_TOKENS - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"MAX_TOKENS"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":100,"totalTokenCount":110}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "max_tokens" - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "max_tokens" { - t.Errorf("Expected finish_reason 'max_tokens', got: %s", fr) - } -} - -func TestToolCallTakesPriorityOverMaxTokens(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Contains functionCall - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"functionCall":{"name":"test","args":{}}}]}}]}}`) - ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Chunk 2: Final chunk with MAX_TOKENS (but we had a tool call, so tool_calls should win) - chunk2 := []byte(`{"response":{"candidates":[{"finishReason":"MAX_TOKENS"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":100,"totalTokenCount":110}}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify finish_reason is "tool_calls" (takes priority over max_tokens) - fr := gjson.Get(result2[0], "choices.0.finish_reason").String() - if fr != "tool_calls" { - t.Errorf("Expected finish_reason 'tool_calls', got: %s", fr) - } -} - -func TestNoFinishReasonOnIntermediateChunks(t *testing.T) { - ctx := context.Background() - var param any - - // Chunk 1: Text content (no finish reason, no usage) - chunk1 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":"Hello"}]}}]}}`) - result1 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk1, ¶m) - - // Verify no finish_reason on intermediate chunk - fr1 := gjson.Get(result1[0], "choices.0.finish_reason") - if fr1.Exists() && fr1.String() != "" && fr1.Type.String() != "Null" { - t.Errorf("Expected no finish_reason on intermediate chunk, got: %v", fr1) - } - - // Chunk 2: More text (no finish reason, no usage) - chunk2 := []byte(`{"response":{"candidates":[{"content":{"parts":[{"text":" world"}]}}]}}`) - result2 := ConvertAntigravityResponseToOpenAI(ctx, "model", nil, nil, chunk2, ¶m) - - // Verify no finish_reason on intermediate chunk - fr2 := gjson.Get(result2[0], "choices.0.finish_reason") - if fr2.Exists() && fr2.String() != "" && fr2.Type.String() != "Null" { - t.Errorf("Expected no finish_reason on intermediate chunk, got: %v", fr2) - } -} diff --git a/internal/translator/antigravity/openai/chat-completions/init.go b/internal/translator/antigravity/openai/chat-completions/init.go deleted file mode 100644 index aac3adbad6..0000000000 --- a/internal/translator/antigravity/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Antigravity, - ConvertOpenAIRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAI, - NonStream: ConvertAntigravityResponseToOpenAINonStream, - }, - ) -} diff --git a/internal/translator/antigravity/openai/responses/antigravity_openai-responses_request.go b/internal/translator/antigravity/openai/responses/antigravity_openai-responses_request.go deleted file mode 100644 index fff8703949..0000000000 --- a/internal/translator/antigravity/openai/responses/antigravity_openai-responses_request.go +++ /dev/null @@ -1,12 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/antigravity/gemini" - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/responses" -) - -func ConvertOpenAIResponsesRequestToAntigravity(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = ConvertOpenAIResponsesRequestToGemini(modelName, rawJSON, stream) - return ConvertGeminiRequestToAntigravity(modelName, rawJSON, stream) -} diff --git a/internal/translator/antigravity/openai/responses/antigravity_openai-responses_response.go b/internal/translator/antigravity/openai/responses/antigravity_openai-responses_response.go deleted file mode 100644 index d2980a2bf0..0000000000 --- a/internal/translator/antigravity/openai/responses/antigravity_openai-responses_response.go +++ /dev/null @@ -1,35 +0,0 @@ -package responses - -import ( - "context" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/responses" - "github.com/tidwall/gjson" -) - -func ConvertAntigravityResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - return ConvertGeminiResponseToOpenAIResponses(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -func ConvertAntigravityResponseToOpenAIResponsesNonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - - requestResult := gjson.GetBytes(originalRequestRawJSON, "request") - if responseResult.Exists() { - originalRequestRawJSON = []byte(requestResult.Raw) - } - - requestResult = gjson.GetBytes(requestRawJSON, "request") - if responseResult.Exists() { - requestRawJSON = []byte(requestResult.Raw) - } - - return ConvertGeminiResponseToOpenAIResponsesNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/internal/translator/antigravity/openai/responses/init.go b/internal/translator/antigravity/openai/responses/init.go deleted file mode 100644 index 620a6e325c..0000000000 --- a/internal/translator/antigravity/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Antigravity, - ConvertOpenAIResponsesRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAIResponses, - NonStream: ConvertAntigravityResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/internal/translator/claude/gemini-cli/claude_gemini-cli_request.go b/internal/translator/claude/gemini-cli/claude_gemini-cli_request.go deleted file mode 100644 index adefbbd5f6..0000000000 --- a/internal/translator/claude/gemini-cli/claude_gemini-cli_request.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini CLI to Claude Code API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Claude Code API's expected format. -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/claude/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToClaude parses and transforms a Gemini CLI API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Claude Code API format -// 3. Converts system instructions to the expected format -// 4. Delegates to the Gemini-to-Claude conversion function for further processing -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertGeminiCLIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - modelResult := gjson.GetBytes(rawJSON, "model") - // Extract the inner request object and promote it to the top level - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - // Restore the model information at the top level - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelResult.String()) - // Convert systemInstruction field to system_instruction for Claude Code compatibility - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - // Delegate to the Gemini-to-Claude conversion function for further processing - return ConvertGeminiRequestToClaude(modelName, rawJSON, stream) -} diff --git a/internal/translator/claude/gemini-cli/claude_gemini-cli_response.go b/internal/translator/claude/gemini-cli/claude_gemini-cli_response.go deleted file mode 100644 index de8b6d528c..0000000000 --- a/internal/translator/claude/gemini-cli/claude_gemini-cli_response.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package geminiCLI provides response translation functionality for Claude Code to Gemini CLI API compatibility. -// This package handles the conversion of Claude Code API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "context" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/claude/gemini" - "github.com/tidwall/sjson" -) - -// ConvertClaudeResponseToGeminiCLI converts Claude Code streaming response format to Gemini CLI format. -// This function processes various Claude Code event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini CLI API format. -// The function wraps each converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response wrapped in a response object -func ConvertClaudeResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := ConvertClaudeResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - // Wrap each converted response in a "response" object to match Gemini CLI API structure - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertClaudeResponseToGeminiCLINonStream converts a non-streaming Claude Code response to a non-streaming Gemini CLI response. -// This function processes the complete Claude Code response and transforms it into a single Gemini-compatible -// JSON response. It wraps the converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: A Gemini-compatible JSON response wrapped in a response object -func ConvertClaudeResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - strJSON := ConvertClaudeResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - // Wrap the converted response in a "response" object to match Gemini CLI API structure - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return GeminiTokenCount(ctx, count) -} diff --git a/internal/translator/claude/gemini-cli/init.go b/internal/translator/claude/gemini-cli/init.go deleted file mode 100644 index 81bb2375fd..0000000000 --- a/internal/translator/claude/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - Claude, - ConvertGeminiCLIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGeminiCLI, - NonStream: ConvertClaudeResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/internal/translator/claude/gemini/claude_gemini_request.go b/internal/translator/claude/gemini/claude_gemini_request.go deleted file mode 100644 index 945bb075f5..0000000000 --- a/internal/translator/claude/gemini/claude_gemini_request.go +++ /dev/null @@ -1,374 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Claude Code API compatibility. -// It handles parsing and transforming Gemini API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Claude Code API's expected format. -package gemini - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertGeminiRequestToClaude parses and transforms a Gemini API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and generation configuration extraction -// 2. System instruction conversion to Claude Code format -// 3. Message content conversion with proper role mapping -// 4. Tool call and tool result handling with FIFO queue for ID matching -// 5. Image and file data conversion to Claude Code base64 format -// 6. Tool declaration and tool choice configuration mapping -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertGeminiRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude message payload - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Helper for generating tool call IDs in the form: toolu_ - // This ensures unique identifiers for tool calls in the Claude Code format - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix for uniqueness - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // FIFO queue to store tool call IDs for matching with tool results - // Gemini uses sequential pairing across possibly multiple in-flight - // functionCalls, so we keep a FIFO queue of generated tool IDs and - // consume them in order when functionResponses arrive. - var pendingToolIDs []string - - // Model mapping to specify which Claude Code model to use - out, _ = sjson.Set(out, "model", modelName) - - // Generation config extraction from Gemini format - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - // Max output tokens configuration - if maxTokens := genConfig.Get("maxOutputTokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - // Temperature setting for controlling response randomness - if temp := genConfig.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := genConfig.Get("topP"); topP.Exists() { - // Top P setting for nucleus sampling (filtered out if temperature is set) - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - // Stop sequences configuration for custom termination conditions - if stopSeqs := genConfig.Get("stopSequences"); stopSeqs.Exists() && stopSeqs.IsArray() { - var stopSequences []string - stopSeqs.ForEach(func(_, value gjson.Result) bool { - stopSequences = append(stopSequences, value.String()) - return true - }) - if len(stopSequences) > 0 { - out, _ = sjson.Set(out, "stop_sequences", stopSequences) - } - } - // Include thoughts configuration for reasoning process visibility - // Translator only does format conversion, ApplyThinking handles model capability validation. - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - level := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - switch level { - case "": - case "none": - out, _ = sjson.Set(out, "thinking.type", "disabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - case "auto": - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - default: - if budget, ok := thinking.ConvertLevelToBudget(level); ok { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - budget := int(thinkingBudget.Int()) - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Delete(out, "thinking.budget_tokens") - default: - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } else if includeThoughts := thinkingConfig.Get("includeThoughts"); includeThoughts.Exists() && includeThoughts.Type == gjson.True { - out, _ = sjson.Set(out, "thinking.type", "enabled") - } else if includeThoughts := thinkingConfig.Get("include_thoughts"); includeThoughts.Exists() && includeThoughts.Type == gjson.True { - out, _ = sjson.Set(out, "thinking.type", "enabled") - } - } - } - } - - // System instruction conversion to Claude Code format - if sysInstr := root.Get("system_instruction"); sysInstr.Exists() { - if parts := sysInstr.Get("parts"); parts.Exists() && parts.IsArray() { - var systemText strings.Builder - parts.ForEach(func(_, part gjson.Result) bool { - if text := part.Get("text"); text.Exists() { - if systemText.Len() > 0 { - systemText.WriteString("\n") - } - systemText.WriteString(text.String()) - } - return true - }) - if systemText.Len() > 0 { - // Create system message in Claude Code format - systemMessage := `{"role":"user","content":[{"type":"text","text":""}]}` - systemMessage, _ = sjson.Set(systemMessage, "content.0.text", systemText.String()) - out, _ = sjson.SetRaw(out, "messages.-1", systemMessage) - } - } - } - - // Contents conversion to messages with proper role mapping - if contents := root.Get("contents"); contents.Exists() && contents.IsArray() { - contents.ForEach(func(_, content gjson.Result) bool { - role := content.Get("role").String() - // Map Gemini roles to Claude Code roles - if role == "model" { - role = "assistant" - } - - if role == "function" { - role = "user" - } - - if role == "tool" { - role = "user" - } - - // Create message structure in Claude Code format - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - - if parts := content.Get("parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Text content conversion - if text := part.Get("text"); text.Exists() { - textContent := `{"type":"text","text":""}` - textContent, _ = sjson.Set(textContent, "text", text.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", textContent) - return true - } - - // Function call (from model/assistant) conversion to tool use - if fc := part.Get("functionCall"); fc.Exists() && role == "assistant" { - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - - // Generate a unique tool ID and enqueue it for later matching - // with the corresponding functionResponse - toolID := genToolCallID() - pendingToolIDs = append(pendingToolIDs, toolID) - toolUse, _ = sjson.Set(toolUse, "id", toolID) - - if name := fc.Get("name"); name.Exists() { - toolUse, _ = sjson.Set(toolUse, "name", name.String()) - } - if args := fc.Get("args"); args.Exists() && args.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", args.Raw) - } - msg, _ = sjson.SetRaw(msg, "content.-1", toolUse) - return true - } - - // Function response (from user) conversion to tool result - if fr := part.Get("functionResponse"); fr.Exists() { - toolResult := `{"type":"tool_result","tool_use_id":"","content":""}` - - // Attach the oldest queued tool_id to pair the response - // with its call. If the queue is empty, generate a new id. - var toolID string - if len(pendingToolIDs) > 0 { - toolID = pendingToolIDs[0] - // Pop the first element from the queue - pendingToolIDs = pendingToolIDs[1:] - } else { - // Fallback: generate new ID if no pending tool_use found - toolID = genToolCallID() - } - toolResult, _ = sjson.Set(toolResult, "tool_use_id", toolID) - - // Extract result content from the function response - if result := fr.Get("response.result"); result.Exists() { - toolResult, _ = sjson.Set(toolResult, "content", result.String()) - } else if response := fr.Get("response"); response.Exists() { - toolResult, _ = sjson.Set(toolResult, "content", response.Raw) - } - msg, _ = sjson.SetRaw(msg, "content.-1", toolResult) - return true - } - - // Image content (inline_data) conversion to Claude Code format - if inlineData := part.Get("inline_data"); inlineData.Exists() { - imageContent := `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - if mimeType := inlineData.Get("mime_type"); mimeType.Exists() { - imageContent, _ = sjson.Set(imageContent, "source.media_type", mimeType.String()) - } - if data := inlineData.Get("data"); data.Exists() { - imageContent, _ = sjson.Set(imageContent, "source.data", data.String()) - } - msg, _ = sjson.SetRaw(msg, "content.-1", imageContent) - return true - } - - // File data conversion to text content with file info - if fileData := part.Get("file_data"); fileData.Exists() { - // For file data, we'll convert to text content with file info - textContent := `{"type":"text","text":""}` - fileInfo := "File: " + fileData.Get("file_uri").String() - if mimeType := fileData.Get("mime_type"); mimeType.Exists() { - fileInfo += " (Type: " + mimeType.String() + ")" - } - textContent, _ = sjson.Set(textContent, "text", fileInfo) - msg, _ = sjson.SetRaw(msg, "content.-1", textContent) - return true - } - - return true - }) - } - - // Only add message if it has content - if contentArray := gjson.Get(msg, "content"); contentArray.Exists() && len(contentArray.Array()) > 0 { - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - return true - }) - } - - // Tools mapping: Gemini functionDeclarations -> Claude Code tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var anthropicTools []interface{} - - tools.ForEach(func(_, tool gjson.Result) bool { - if funcDecls := tool.Get("functionDeclarations"); funcDecls.Exists() && funcDecls.IsArray() { - funcDecls.ForEach(func(_, funcDecl gjson.Result) bool { - anthropicTool := `{"name":"","description":"","input_schema":{}}` - - if name := funcDecl.Get("name"); name.Exists() { - anthropicTool, _ = sjson.Set(anthropicTool, "name", name.String()) - } - if desc := funcDecl.Get("description"); desc.Exists() { - anthropicTool, _ = sjson.Set(anthropicTool, "description", desc.String()) - } - if params := funcDecl.Get("parameters"); params.Exists() { - // Clean up the parameters schema for Claude Code compatibility - cleaned := params.Raw - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - cleaned, _ = sjson.Set(cleaned, "$schema", "http://json-schema.org/draft-07/schema#") - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", cleaned) - } else if params = funcDecl.Get("parametersJsonSchema"); params.Exists() { - // Clean up the parameters schema for Claude Code compatibility - cleaned := params.Raw - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - cleaned, _ = sjson.Set(cleaned, "$schema", "http://json-schema.org/draft-07/schema#") - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", cleaned) - } - - anthropicTools = append(anthropicTools, gjson.Parse(anthropicTool).Value()) - return true - }) - } - return true - }) - - if len(anthropicTools) > 0 { - out, _ = sjson.Set(out, "tools", anthropicTools) - } - } - - // Tool config mapping from Gemini format to Claude Code format - if toolConfig := root.Get("tool_config"); toolConfig.Exists() { - if funcCalling := toolConfig.Get("function_calling_config"); funcCalling.Exists() { - if mode := funcCalling.Get("mode"); mode.Exists() { - switch mode.String() { - case "AUTO": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "NONE": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"none"}`) - case "ANY": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - } - } - } - - // Stream setting configuration - out, _ = sjson.Set(out, "stream", stream) - - // Convert tool parameter types to lowercase for Claude Code compatibility - var pathsToLower []string - toolsResult := gjson.Get(out, "tools") - util.Walk(toolsResult, "", "type", &pathsToLower) - for _, p := range pathsToLower { - fullPath := fmt.Sprintf("tools.%s", p) - out, _ = sjson.Set(out, fullPath, strings.ToLower(gjson.Get(out, fullPath).String())) - } - - return []byte(out) -} diff --git a/internal/translator/claude/gemini/claude_gemini_response.go b/internal/translator/claude/gemini/claude_gemini_response.go deleted file mode 100644 index c38f8ae787..0000000000 --- a/internal/translator/claude/gemini/claude_gemini_response.go +++ /dev/null @@ -1,566 +0,0 @@ -// Package gemini provides response translation functionality for Claude Code to Gemini API compatibility. -// This package handles the conversion of Claude Code API responses into Gemini-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package gemini - -import ( - "bufio" - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertAnthropicResponseToGeminiParams holds parameters for response conversion -// It also carries minimal streaming state across calls to assemble tool_use input_json_delta. -// This structure maintains state information needed for proper conversion of streaming responses -// from Claude Code format to Gemini format, particularly for handling tool calls that span -// multiple streaming events. -type ConvertAnthropicResponseToGeminiParams struct { - Model string - CreatedAt int64 - ResponseID string - LastStorageOutput string - IsStreaming bool - - // Streaming state for tool_use assembly - // Keyed by content_block index from Claude SSE events - ToolUseNames map[int]string // function/tool name per block index - ToolUseArgs map[int]*strings.Builder // accumulates partial_json across deltas -} - -// ConvertClaudeResponseToGemini converts Claude Code streaming response format to Gemini format. -// This function processes various Claude Code event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, reasoning content, and usage metadata, outputting responses that match -// the Gemini API format. The function supports incremental updates for streaming responses and maintains -// state information to properly assemble multi-part tool calls. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response -func ConvertClaudeResponseToGemini(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertAnthropicResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - root := gjson.ParseBytes(rawJSON) - eventType := root.Get("type").String() - - // Base Gemini response template with default values - template := `{"candidates":[{"content":{"role":"model","parts":[]}}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - if (*param).(*ConvertAnthropicResponseToGeminiParams).Model != "" { - // Map Claude model names back to Gemini model names - template, _ = sjson.Set(template, "modelVersion", (*param).(*ConvertAnthropicResponseToGeminiParams).Model) - } - - // Set response ID and creation time - if (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID != "" { - template, _ = sjson.Set(template, "responseId", (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID) - } - - // Set creation time to current time if not provided - if (*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt == 0 { - (*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt = time.Now().Unix() - } - template, _ = sjson.Set(template, "createTime", time.Unix((*param).(*ConvertAnthropicResponseToGeminiParams).CreatedAt, 0).Format(time.RFC3339Nano)) - - switch eventType { - case "message_start": - // Initialize response with message metadata when a new message begins - if message := root.Get("message"); message.Exists() { - (*param).(*ConvertAnthropicResponseToGeminiParams).ResponseID = message.Get("id").String() - (*param).(*ConvertAnthropicResponseToGeminiParams).Model = message.Get("model").String() - } - return []string{} - - case "content_block_start": - // Start of a content block - record tool_use name by index for functionCall assembly - if cb := root.Get("content_block"); cb.Exists() { - if cb.Get("type").String() == "tool_use" { - idx := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames == nil { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames = map[int]string{} - } - if name := cb.Get("name"); name.Exists() { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames[idx] = name.String() - } - } - } - return []string{} - - case "content_block_delta": - // Handle content delta (text, thinking, or tool use arguments) - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - - switch deltaType { - case "text_delta": - // Regular text content delta for normal response text - if text := delta.Get("text"); text.Exists() && text.String() != "" { - textPart := `{"text":""}` - textPart, _ = sjson.Set(textPart, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", textPart) - } - case "thinking_delta": - // Thinking/reasoning content delta for models with reasoning capabilities - if text := delta.Get("thinking"); text.Exists() && text.String() != "" { - thinkingPart := `{"thought":true,"text":""}` - thinkingPart, _ = sjson.Set(thinkingPart, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", thinkingPart) - } - case "input_json_delta": - // Tool use input delta - accumulate partial_json by index for later assembly at content_block_stop - idx := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs == nil { - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs = map[int]*strings.Builder{} - } - b, ok := (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx] - if !ok || b == nil { - bb := &strings.Builder{} - (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx] = bb - b = bb - } - if pj := delta.Get("partial_json"); pj.Exists() { - b.WriteString(pj.String()) - } - return []string{} - } - } - return []string{template} - - case "content_block_stop": - // End of content block - finalize tool calls if any - idx := int(root.Get("index").Int()) - // Claude's content_block_stop often doesn't include content_block payload (see docs/response-claude.txt) - // So we finalize using accumulated state captured during content_block_start and input_json_delta. - name := "" - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames != nil { - name = (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames[idx] - } - var argsTrim string - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs != nil { - if b := (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs[idx]; b != nil { - argsTrim = strings.TrimSpace(b.String()) - } - } - if name != "" || argsTrim != "" { - functionCall := `{"functionCall":{"name":"","args":{}}}` - if name != "" { - functionCall, _ = sjson.Set(functionCall, "functionCall.name", name) - } - if argsTrim != "" { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsTrim) - } - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", functionCall) - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - (*param).(*ConvertAnthropicResponseToGeminiParams).LastStorageOutput = template - // cleanup used state for this index - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs != nil { - delete((*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseArgs, idx) - } - if (*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames != nil { - delete((*param).(*ConvertAnthropicResponseToGeminiParams).ToolUseNames, idx) - } - return []string{template} - } - return []string{} - - case "message_delta": - // Handle message-level changes (like stop reason and usage information) - if delta := root.Get("delta"); delta.Exists() { - if stopReason := delta.Get("stop_reason"); stopReason.Exists() { - switch stopReason.String() { - case "end_turn": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - case "tool_use": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - case "max_tokens": - template, _ = sjson.Set(template, "candidates.0.finishReason", "MAX_TOKENS") - case "stop_sequence": - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - default: - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } - } - } - - if usage := root.Get("usage"); usage.Exists() { - // Basic token counts for prompt and completion - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - - // Set basic usage metadata according to Gemini API specification - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", inputTokens+outputTokens) - - // Add cache-related token counts if present (Claude Code API cache fields) - if cacheCreationTokens := usage.Get("cache_creation_input_tokens"); cacheCreationTokens.Exists() { - template, _ = sjson.Set(template, "usageMetadata.cachedContentTokenCount", cacheCreationTokens.Int()) - } - if cacheReadTokens := usage.Get("cache_read_input_tokens"); cacheReadTokens.Exists() { - // Add cache read tokens to cached content count - existingCacheTokens := usage.Get("cache_creation_input_tokens").Int() - totalCacheTokens := existingCacheTokens + cacheReadTokens.Int() - template, _ = sjson.Set(template, "usageMetadata.cachedContentTokenCount", totalCacheTokens) - } - - // Add thinking tokens if present (for models with reasoning capabilities) - if thinkingTokens := usage.Get("thinking_tokens"); thinkingTokens.Exists() { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", thinkingTokens.Int()) - } - - // Set traffic type (required by Gemini API) - template, _ = sjson.Set(template, "usageMetadata.trafficType", "PROVISIONED_THROUGHPUT") - } - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - - return []string{template} - case "message_stop": - // Final message with usage information - no additional output needed - return []string{} - case "error": - // Handle error responses and convert to Gemini error format - errorMsg := root.Get("error.message").String() - if errorMsg == "" { - errorMsg = "Unknown error occurred" - } - - // Create error response in Gemini format - errorResponse := `{"error":{"code":400,"message":"","status":"INVALID_ARGUMENT"}}` - errorResponse, _ = sjson.Set(errorResponse, "error.message", errorMsg) - return []string{errorResponse} - - default: - // Unknown event type, return empty response - return []string{} - } -} - -// ConvertClaudeResponseToGeminiNonStream converts a non-streaming Claude Code response to a non-streaming Gemini response. -// This function processes the complete Claude Code response and transforms it into a single Gemini-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Gemini API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing all message content and metadata -func ConvertClaudeResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - // Base Gemini response template for non-streaming with default values - template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - template, _ = sjson.Set(template, "modelVersion", modelName) - - streamingEvents := make([][]byte, 0) - - scanner := bufio.NewScanner(bytes.NewReader(rawJSON)) - buffer := make([]byte, 52_428_800) // 50MB - scanner.Buffer(buffer, 52_428_800) - for scanner.Scan() { - line := scanner.Bytes() - // log.Debug(string(line)) - if bytes.HasPrefix(line, dataTag) { - jsonData := bytes.TrimSpace(line[5:]) - streamingEvents = append(streamingEvents, jsonData) - } - } - // log.Debug("streamingEvents: ", streamingEvents) - // log.Debug("rawJSON: ", string(rawJSON)) - - // Initialize parameters for streaming conversion with proper state management - newParam := &ConvertAnthropicResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - LastStorageOutput: "", - IsStreaming: false, - ToolUseNames: nil, - ToolUseArgs: nil, - } - - // Process each streaming event and collect parts - var allParts []string - var finalUsageJSON string - var responseID string - var createdAt int64 - - for _, eventData := range streamingEvents { - if len(eventData) == 0 { - continue - } - - root := gjson.ParseBytes(eventData) - eventType := root.Get("type").String() - - switch eventType { - case "message_start": - // Extract response metadata including ID, model, and creation time - if message := root.Get("message"); message.Exists() { - responseID = message.Get("id").String() - newParam.ResponseID = responseID - newParam.Model = message.Get("model").String() - - // Set creation time to current time if not provided - createdAt = time.Now().Unix() - newParam.CreatedAt = createdAt - } - - case "content_block_start": - // Prepare for content block; record tool_use name by index for later functionCall assembly - idx := int(root.Get("index").Int()) - if cb := root.Get("content_block"); cb.Exists() { - if cb.Get("type").String() == "tool_use" { - if newParam.ToolUseNames == nil { - newParam.ToolUseNames = map[int]string{} - } - if name := cb.Get("name"); name.Exists() { - newParam.ToolUseNames[idx] = name.String() - } - } - } - continue - - case "content_block_delta": - // Handle content delta (text, thinking, or tool input) - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - switch deltaType { - case "text_delta": - // Process regular text content - if text := delta.Get("text"); text.Exists() && text.String() != "" { - partJSON := `{"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - allParts = append(allParts, partJSON) - } - case "thinking_delta": - // Process reasoning/thinking content - if text := delta.Get("thinking"); text.Exists() && text.String() != "" { - partJSON := `{"thought":true,"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - allParts = append(allParts, partJSON) - } - case "input_json_delta": - // accumulate args partial_json for this index - idx := int(root.Get("index").Int()) - if newParam.ToolUseArgs == nil { - newParam.ToolUseArgs = map[int]*strings.Builder{} - } - if _, ok := newParam.ToolUseArgs[idx]; !ok || newParam.ToolUseArgs[idx] == nil { - newParam.ToolUseArgs[idx] = &strings.Builder{} - } - if pj := delta.Get("partial_json"); pj.Exists() { - newParam.ToolUseArgs[idx].WriteString(pj.String()) - } - } - } - - case "content_block_stop": - // Handle tool use completion by assembling accumulated arguments - idx := int(root.Get("index").Int()) - // Claude's content_block_stop often doesn't include content_block payload (see docs/response-claude.txt) - // So we finalize using accumulated state captured during content_block_start and input_json_delta. - name := "" - if newParam.ToolUseNames != nil { - name = newParam.ToolUseNames[idx] - } - var argsTrim string - if newParam.ToolUseArgs != nil { - if b := newParam.ToolUseArgs[idx]; b != nil { - argsTrim = strings.TrimSpace(b.String()) - } - } - if name != "" || argsTrim != "" { - functionCallJSON := `{"functionCall":{"name":"","args":{}}}` - if name != "" { - functionCallJSON, _ = sjson.Set(functionCallJSON, "functionCall.name", name) - } - if argsTrim != "" { - functionCallJSON, _ = sjson.SetRaw(functionCallJSON, "functionCall.args", argsTrim) - } - allParts = append(allParts, functionCallJSON) - // cleanup used state for this index - if newParam.ToolUseArgs != nil { - delete(newParam.ToolUseArgs, idx) - } - if newParam.ToolUseNames != nil { - delete(newParam.ToolUseNames, idx) - } - } - - case "message_delta": - // Extract final usage information using sjson for token counts and metadata - if usage := root.Get("usage"); usage.Exists() { - usageJSON := `{}` - - // Basic token counts for prompt and completion - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - - // Set basic usage metadata according to Gemini API specification - usageJSON, _ = sjson.Set(usageJSON, "promptTokenCount", inputTokens) - usageJSON, _ = sjson.Set(usageJSON, "candidatesTokenCount", outputTokens) - usageJSON, _ = sjson.Set(usageJSON, "totalTokenCount", inputTokens+outputTokens) - - // Add cache-related token counts if present (Claude Code API cache fields) - if cacheCreationTokens := usage.Get("cache_creation_input_tokens"); cacheCreationTokens.Exists() { - usageJSON, _ = sjson.Set(usageJSON, "cachedContentTokenCount", cacheCreationTokens.Int()) - } - if cacheReadTokens := usage.Get("cache_read_input_tokens"); cacheReadTokens.Exists() { - // Add cache read tokens to cached content count - existingCacheTokens := usage.Get("cache_creation_input_tokens").Int() - totalCacheTokens := existingCacheTokens + cacheReadTokens.Int() - usageJSON, _ = sjson.Set(usageJSON, "cachedContentTokenCount", totalCacheTokens) - } - - // Add thinking tokens if present (for models with reasoning capabilities) - if thinkingTokens := usage.Get("thinking_tokens"); thinkingTokens.Exists() { - usageJSON, _ = sjson.Set(usageJSON, "thoughtsTokenCount", thinkingTokens.Int()) - } - - // Set traffic type (required by Gemini API) - usageJSON, _ = sjson.Set(usageJSON, "trafficType", "PROVISIONED_THROUGHPUT") - - finalUsageJSON = usageJSON - } - } - } - - // Set response metadata - if responseID != "" { - template, _ = sjson.Set(template, "responseId", responseID) - } - if createdAt > 0 { - template, _ = sjson.Set(template, "createTime", time.Unix(createdAt, 0).Format(time.RFC3339Nano)) - } - - // Consolidate consecutive text parts and thinking parts for cleaner output - consolidatedParts := consolidateParts(allParts) - - // Set the consolidated parts array - if len(consolidatedParts) > 0 { - partsJSON := "[]" - for _, partJSON := range consolidatedParts { - partsJSON, _ = sjson.SetRaw(partsJSON, "-1", partJSON) - } - template, _ = sjson.SetRaw(template, "candidates.0.content.parts", partsJSON) - } - - // Set usage metadata - if finalUsageJSON != "" { - template, _ = sjson.SetRaw(template, "usageMetadata", finalUsageJSON) - } - - return template -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -// consolidateParts merges consecutive text parts and thinking parts to create a cleaner response. -// This function processes the parts array to combine adjacent text elements and thinking elements -// into single consolidated parts, which results in a more readable and efficient response structure. -// Tool calls and other non-text parts are preserved as separate elements. -func consolidateParts(parts []string) []string { - if len(parts) == 0 { - return parts - } - - var consolidated []string - var currentTextPart strings.Builder - var currentThoughtPart strings.Builder - var hasText, hasThought bool - - flushText := func() { - // Flush accumulated text content to the consolidated parts array - if hasText && currentTextPart.Len() > 0 { - textPartJSON := `{"text":""}` - textPartJSON, _ = sjson.Set(textPartJSON, "text", currentTextPart.String()) - consolidated = append(consolidated, textPartJSON) - currentTextPart.Reset() - hasText = false - } - } - - flushThought := func() { - // Flush accumulated thinking content to the consolidated parts array - if hasThought && currentThoughtPart.Len() > 0 { - thoughtPartJSON := `{"thought":true,"text":""}` - thoughtPartJSON, _ = sjson.Set(thoughtPartJSON, "text", currentThoughtPart.String()) - consolidated = append(consolidated, thoughtPartJSON) - currentThoughtPart.Reset() - hasThought = false - } - } - - for _, partJSON := range parts { - part := gjson.Parse(partJSON) - if !part.Exists() || !part.IsObject() { - // Flush any pending parts and add this non-text part - flushText() - flushThought() - consolidated = append(consolidated, partJSON) - continue - } - - thought := part.Get("thought") - if thought.Exists() && thought.Type == gjson.True { - // This is a thinking part - flush any pending text first - flushText() // Flush any pending text first - - if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - currentThoughtPart.WriteString(text.String()) - hasThought = true - } - } else if text := part.Get("text"); text.Exists() && text.Type == gjson.String { - // This is a regular text part - flush any pending thought first - flushThought() // Flush any pending thought first - - currentTextPart.WriteString(text.String()) - hasText = true - } else { - // This is some other type of part (like function call) - flush both text and thought - flushText() - flushThought() - consolidated = append(consolidated, partJSON) - } - } - - // Flush any remaining parts - flushThought() // Flush thought first to maintain order - flushText() - - return consolidated -} diff --git a/internal/translator/claude/gemini/init.go b/internal/translator/claude/gemini/init.go deleted file mode 100644 index ede0325ff6..0000000000 --- a/internal/translator/claude/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - Claude, - ConvertGeminiRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGemini, - NonStream: ConvertClaudeResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/internal/translator/claude/openai/chat-completions/claude_openai_request.go b/internal/translator/claude/openai/chat-completions/claude_openai_request.go deleted file mode 100644 index 38265e6ebe..0000000000 --- a/internal/translator/claude/openai/chat-completions/claude_openai_request.go +++ /dev/null @@ -1,339 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Claude Code API compatibility. -// It handles parsing and transforming OpenAI Chat Completions API requests into Claude Code API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between OpenAI API format and Claude Code API's expected format. -package chat_completions - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertOpenAIRequestToClaude parses and transforms an OpenAI Chat Completions API request into Claude Code API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Claude Code API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and parameter extraction (max_tokens, temperature, top_p, etc.) -// 2. Message content conversion from OpenAI to Claude Code format -// 3. Tool call and tool result handling with proper ID mapping -// 4. Image data conversion from OpenAI data URLs to Claude Code base64 format -// 5. Stop sequence and streaming configuration handling -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Claude Code API format -func ConvertOpenAIRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude Code API template with default max_tokens value - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Convert OpenAI reasoning_effort to Claude thinking config. - if v := root.Get("reasoning_effort"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort != "" { - budget, ok := thinking.ConvertLevelToBudget(effort) - if ok { - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - default: - if budget > 0 { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } - } - } - - // Helper for generating tool call IDs in the form: toolu_ - // This ensures unique identifiers for tool calls in the Claude Code format - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix for uniqueness - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // Model mapping to specify which Claude Code model to use - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens configuration with fallback to default value - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Temperature setting for controlling response randomness - if temp := root.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := root.Get("top_p"); topP.Exists() { - // Top P setting for nucleus sampling (filtered out if temperature is set) - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Stop sequences configuration for custom termination conditions - if stop := root.Get("stop"); stop.Exists() { - if stop.IsArray() { - var stopSequences []string - stop.ForEach(func(_, value gjson.Result) bool { - stopSequences = append(stopSequences, value.String()) - return true - }) - if len(stopSequences) > 0 { - out, _ = sjson.Set(out, "stop_sequences", stopSequences) - } - } else { - out, _ = sjson.Set(out, "stop_sequences", []string{stop.String()}) - } - } - - // Stream configuration to enable or disable streaming responses - out, _ = sjson.Set(out, "stream", stream) - - // Process messages and transform them to Claude Code format - if messages := root.Get("messages"); messages.Exists() && messages.IsArray() { - messageIndex := 0 - systemMessageIndex := -1 - messages.ForEach(func(_, message gjson.Result) bool { - role := message.Get("role").String() - contentResult := message.Get("content") - - switch role { - case "system": - if systemMessageIndex == -1 { - systemMsg := `{"role":"user","content":[]}` - out, _ = sjson.SetRaw(out, "messages.-1", systemMsg) - systemMessageIndex = messageIndex - messageIndex++ - } - if contentResult.Exists() && contentResult.Type == gjson.String && contentResult.String() != "" { - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", contentResult.String()) - out, _ = sjson.SetRaw(out, fmt.Sprintf("messages.%d.content.-1", systemMessageIndex), textPart) - } else if contentResult.Exists() && contentResult.IsArray() { - contentResult.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "text" { - textContent := part.Get("text").String() - if textContent == "" { - return true - } - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", textContent) - out, _ = sjson.SetRaw(out, fmt.Sprintf("messages.%d.content.-1", systemMessageIndex), textPart) - } - return true - }) - } - case "user", "assistant": - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - - // Handle content based on its type (string or array) - if contentResult.Exists() && contentResult.Type == gjson.String && contentResult.String() != "" { - part := `{"type":"text","text":""}` - part, _ = sjson.Set(part, "text", contentResult.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } else if contentResult.Exists() && contentResult.IsArray() { - contentResult.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - - switch partType { - case "text": - textContent := part.Get("text").String() - if textContent == "" { - return true - } - textPart := `{"type":"text","text":""}` - textPart, _ = sjson.Set(textPart, "text", textContent) - msg, _ = sjson.SetRaw(msg, "content.-1", textPart) - - case "image_url": - // Convert OpenAI image format to Claude Code format - imageURL := part.Get("image_url.url").String() - if strings.HasPrefix(imageURL, "data:") { - // Extract base64 data and media type from data URL - parts := strings.Split(imageURL, ",") - if len(parts) == 2 { - mediaTypePart := strings.Split(parts[0], ";")[0] - mediaType := strings.TrimPrefix(mediaTypePart, "data:") - data := parts[1] - - imagePart := `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - imagePart, _ = sjson.Set(imagePart, "source.media_type", mediaType) - imagePart, _ = sjson.Set(imagePart, "source.data", data) - msg, _ = sjson.SetRaw(msg, "content.-1", imagePart) - } - } - - case "file": - fileData := part.Get("file.file_data").String() - if strings.HasPrefix(fileData, "data:") { - semicolonIdx := strings.Index(fileData, ";") - commaIdx := strings.Index(fileData, ",") - if semicolonIdx != -1 && commaIdx != -1 && commaIdx > semicolonIdx { - mediaType := strings.TrimPrefix(fileData[:semicolonIdx], "data:") - data := fileData[commaIdx+1:] - docPart := `{"type":"document","source":{"type":"base64","media_type":"","data":""}}` - docPart, _ = sjson.Set(docPart, "source.media_type", mediaType) - docPart, _ = sjson.Set(docPart, "source.data", data) - msg, _ = sjson.SetRaw(msg, "content.-1", docPart) - } - } - } - return true - }) - } - - // Handle tool calls (for assistant messages) - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() && role == "assistant" { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - if toolCall.Get("type").String() == "function" { - toolCallID := toolCall.Get("id").String() - if toolCallID == "" { - toolCallID = genToolCallID() - } - - function := toolCall.Get("function") - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUse, _ = sjson.Set(toolUse, "id", toolCallID) - toolUse, _ = sjson.Set(toolUse, "name", function.Get("name").String()) - - // Parse arguments for the tool call - if args := function.Get("arguments"); args.Exists() { - argsStr := args.String() - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argsJSON.Raw) - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - } else { - toolUse, _ = sjson.SetRaw(toolUse, "input", "{}") - } - - msg, _ = sjson.SetRaw(msg, "content.-1", toolUse) - } - return true - }) - } - - out, _ = sjson.SetRaw(out, "messages.-1", msg) - messageIndex++ - - case "tool": - // Handle tool result messages conversion - toolCallID := message.Get("tool_call_id").String() - content := message.Get("content").String() - - msg := `{"role":"user","content":[{"type":"tool_result","tool_use_id":"","content":""}]}` - msg, _ = sjson.Set(msg, "content.0.tool_use_id", toolCallID) - msg, _ = sjson.Set(msg, "content.0.content", content) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - messageIndex++ - } - return true - }) - } - - // Tools mapping: OpenAI tools -> Claude Code tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() && len(tools.Array()) > 0 { - hasAnthropicTools := false - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("type").String() == "function" { - function := tool.Get("function") - anthropicTool := `{"name":"","description":""}` - anthropicTool, _ = sjson.Set(anthropicTool, "name", function.Get("name").String()) - anthropicTool, _ = sjson.Set(anthropicTool, "description", function.Get("description").String()) - - // Convert parameters schema for the tool - if parameters := function.Get("parameters"); parameters.Exists() { - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", parameters.Raw) - } else if parameters := function.Get("parametersJsonSchema"); parameters.Exists() { - anthropicTool, _ = sjson.SetRaw(anthropicTool, "input_schema", parameters.Raw) - } - - out, _ = sjson.SetRaw(out, "tools.-1", anthropicTool) - hasAnthropicTools = true - } - return true - }) - - if !hasAnthropicTools { - out, _ = sjson.Delete(out, "tools") - } - } - - // Tool choice mapping from OpenAI format to Claude Code format - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.String: - choice := toolChoice.String() - switch choice { - case "none": - // Don't set tool_choice, Claude Code will not use tools - case "auto": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "required": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - case gjson.JSON: - // Specific tool choice mapping - if toolChoice.Get("type").String() == "function" { - functionName := toolChoice.Get("function.name").String() - toolChoiceJSON := `{"type":"tool","name":""}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "name", functionName) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - } - default: - } - } - - return []byte(out) -} diff --git a/internal/translator/claude/openai/chat-completions/claude_openai_response.go b/internal/translator/claude/openai/chat-completions/claude_openai_response.go deleted file mode 100644 index 346db69a11..0000000000 --- a/internal/translator/claude/openai/chat-completions/claude_openai_response.go +++ /dev/null @@ -1,436 +0,0 @@ -// Package openai provides response translation functionality for Claude Code to OpenAI API compatibility. -// This package handles the conversion of Claude Code API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertAnthropicResponseToOpenAIParams holds parameters for response conversion -type ConvertAnthropicResponseToOpenAIParams struct { - CreatedAt int64 - ResponseID string - FinishReason string - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertClaudeResponseToOpenAI converts Claude Code streaming response format to OpenAI Chat Completions format. -// This function processes various Claude Code event types and transforms them into OpenAI-compatible JSON responses. -// It handles text content, tool calls, reasoning content, and usage metadata, outputting responses that match -// the OpenAI API format. The function supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertClaudeResponseToOpenAI(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - var localParam any - if param == nil { - param = &localParam - } - if *param == nil { - *param = &ConvertAnthropicResponseToOpenAIParams{ - CreatedAt: 0, - ResponseID: "", - FinishReason: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - root := gjson.ParseBytes(rawJSON) - eventType := root.Get("type").String() - - // Base OpenAI streaming response template - template := `{"id":"","object":"chat.completion.chunk","created":0,"model":"","choices":[{"index":0,"delta":{},"finish_reason":null}]}` - - // Set model - if modelName != "" { - template, _ = sjson.Set(template, "model", modelName) - } - - // Set response ID and creation time - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID != "" { - template, _ = sjson.Set(template, "id", (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID) - } - if (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt > 0 { - template, _ = sjson.Set(template, "created", (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt) - } - - switch eventType { - case "message_start": - // Initialize response with message metadata when a new message begins - if message := root.Get("message"); message.Exists() { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID = message.Get("id").String() - (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt = time.Now().Unix() - - template, _ = sjson.Set(template, "id", (*param).(*ConvertAnthropicResponseToOpenAIParams).ResponseID) - template, _ = sjson.Set(template, "model", modelName) - template, _ = sjson.Set(template, "created", (*param).(*ConvertAnthropicResponseToOpenAIParams).CreatedAt) - - // Set initial role to assistant for the response - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - - // Initialize tool calls accumulator for tracking tool call progress - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator == nil { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - } - return []string{template} - - case "content_block_start": - // Start of a content block (text, tool use, or reasoning) - if contentBlock := root.Get("content_block"); contentBlock.Exists() { - blockType := contentBlock.Get("type").String() - - if blockType == "tool_use" { - // Start of tool call - initialize accumulator to track arguments - toolCallID := contentBlock.Get("id").String() - toolName := contentBlock.Get("name").String() - index := int(root.Get("index").Int()) - - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator == nil { - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index] = &ToolCallAccumulator{ - ID: toolCallID, - Name: toolName, - } - - // Don't output anything yet - wait for complete tool call - return []string{} - } - } - return []string{} - - case "content_block_delta": - // Handle content delta (text, tool use arguments, or reasoning content) - hasContent := false - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - - switch deltaType { - case "text_delta": - // Text content delta - send incremental text updates - if text := delta.Get("text"); text.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.content", text.String()) - hasContent = true - } - case "thinking_delta": - // Accumulate reasoning/thinking content - if thinking := delta.Get("thinking"); thinking.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", thinking.String()) - hasContent = true - } - case "input_json_delta": - // Tool use input delta - accumulate arguments for tool calls - if partialJSON := delta.Get("partial_json"); partialJSON.Exists() { - index := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator != nil { - if accumulator, exists := (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index]; exists { - accumulator.Arguments.WriteString(partialJSON.String()) - } - } - } - // Don't output anything yet - wait for complete tool call - return []string{} - } - } - if hasContent { - return []string{template} - } else { - return []string{} - } - - case "content_block_stop": - // End of content block - output complete tool call if it's a tool_use block - index := int(root.Get("index").Int()) - if (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator != nil { - if accumulator, exists := (*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator[index]; exists { - // Build complete tool call with accumulated arguments - arguments := accumulator.Arguments.String() - if arguments == "" { - arguments = "{}" - } - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.index", index) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.id", accumulator.ID) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.type", "function") - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.function.name", accumulator.Name) - template, _ = sjson.Set(template, "choices.0.delta.tool_calls.0.function.arguments", arguments) - - // Clean up the accumulator for this index - delete((*param).(*ConvertAnthropicResponseToOpenAIParams).ToolCallsAccumulator, index) - - return []string{template} - } - } - return []string{} - - case "message_delta": - // Handle message-level changes including stop reason and usage - if delta := root.Get("delta"); delta.Exists() { - if stopReason := delta.Get("stop_reason"); stopReason.Exists() { - (*param).(*ConvertAnthropicResponseToOpenAIParams).FinishReason = mapAnthropicStopReasonToOpenAI(stopReason.String()) - template, _ = sjson.Set(template, "choices.0.finish_reason", (*param).(*ConvertAnthropicResponseToOpenAIParams).FinishReason) - } - } - - // Handle usage information for token counts - if usage := root.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cacheReadInputTokens := usage.Get("cache_read_input_tokens").Int() - cacheCreationInputTokens := usage.Get("cache_creation_input_tokens").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokens+cacheCreationInputTokens) - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokens) - template, _ = sjson.Set(template, "usage.total_tokens", inputTokens+outputTokens) - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cacheReadInputTokens) - } - return []string{template} - - case "message_stop": - // Final message event - no additional output needed - return []string{} - - case "ping": - // Ping events for keeping connection alive - no output needed - return []string{} - - case "error": - // Error event - format and return error response - if errorData := root.Get("error"); errorData.Exists() { - errorJSON := `{"error":{"message":"","type":""}}` - errorJSON, _ = sjson.Set(errorJSON, "error.message", errorData.Get("message").String()) - errorJSON, _ = sjson.Set(errorJSON, "error.type", errorData.Get("type").String()) - return []string{errorJSON} - } - return []string{} - - default: - // Unknown event type - ignore - return []string{} - } -} - -// mapAnthropicStopReasonToOpenAI maps Anthropic stop reasons to OpenAI stop reasons -func mapAnthropicStopReasonToOpenAI(anthropicReason string) string { - switch anthropicReason { - case "end_turn": - return "stop" - case "tool_use": - return "tool_calls" - case "max_tokens": - return "length" - case "stop_sequence": - return "stop" - default: - return "stop" - } -} - -// ConvertClaudeResponseToOpenAINonStream converts a non-streaming Claude Code response to a non-streaming OpenAI response. -// This function processes the complete Claude Code response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Claude Code API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertClaudeResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - chunks := make([][]byte, 0) - - lines := bytes.Split(rawJSON, []byte("\n")) - for _, line := range lines { - if !bytes.HasPrefix(line, dataTag) { - continue - } - chunks = append(chunks, bytes.TrimSpace(line[5:])) - } - - // Base OpenAI non-streaming response template - out := `{"id":"","object":"chat.completion","created":0,"model":"","choices":[{"index":0,"message":{"role":"assistant","content":""},"finish_reason":"stop"}],"usage":{"prompt_tokens":0,"completion_tokens":0,"total_tokens":0}}` - - var messageID string - var model string - var createdAt int64 - var stopReason string - var contentParts []string - var reasoningParts []string - toolCallsAccumulator := make(map[int]*ToolCallAccumulator) - - for _, chunk := range chunks { - root := gjson.ParseBytes(chunk) - eventType := root.Get("type").String() - - switch eventType { - case "message_start": - // Extract initial message metadata including ID, model, and input token count - if message := root.Get("message"); message.Exists() { - messageID = message.Get("id").String() - model = message.Get("model").String() - createdAt = time.Now().Unix() - } - - case "content_block_start": - // Handle different content block types at the beginning - if contentBlock := root.Get("content_block"); contentBlock.Exists() { - blockType := contentBlock.Get("type").String() - if blockType == "thinking" { - // Start of thinking/reasoning content - skip for now as it's handled in delta - continue - } else if blockType == "tool_use" { - // Initialize tool call accumulator for this index - index := int(root.Get("index").Int()) - toolCallsAccumulator[index] = &ToolCallAccumulator{ - ID: contentBlock.Get("id").String(), - Name: contentBlock.Get("name").String(), - } - } - } - - case "content_block_delta": - // Process incremental content updates - if delta := root.Get("delta"); delta.Exists() { - deltaType := delta.Get("type").String() - switch deltaType { - case "text_delta": - // Accumulate text content - if text := delta.Get("text"); text.Exists() { - contentParts = append(contentParts, text.String()) - } - case "thinking_delta": - // Accumulate reasoning/thinking content - if thinking := delta.Get("thinking"); thinking.Exists() { - reasoningParts = append(reasoningParts, thinking.String()) - } - case "input_json_delta": - // Accumulate tool call arguments - if partialJSON := delta.Get("partial_json"); partialJSON.Exists() { - index := int(root.Get("index").Int()) - if accumulator, exists := toolCallsAccumulator[index]; exists { - accumulator.Arguments.WriteString(partialJSON.String()) - } - } - } - } - - case "content_block_stop": - // Finalize tool call arguments for this index when content block ends - index := int(root.Get("index").Int()) - if accumulator, exists := toolCallsAccumulator[index]; exists { - if accumulator.Arguments.Len() == 0 { - accumulator.Arguments.WriteString("{}") - } - } - - case "message_delta": - // Extract stop reason and output token count when message ends - if delta := root.Get("delta"); delta.Exists() { - if sr := delta.Get("stop_reason"); sr.Exists() { - stopReason = sr.String() - } - } - if usage := root.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cacheReadInputTokens := usage.Get("cache_read_input_tokens").Int() - cacheCreationInputTokens := usage.Get("cache_creation_input_tokens").Int() - out, _ = sjson.Set(out, "usage.prompt_tokens", inputTokens+cacheCreationInputTokens) - out, _ = sjson.Set(out, "usage.completion_tokens", outputTokens) - out, _ = sjson.Set(out, "usage.total_tokens", inputTokens+outputTokens) - out, _ = sjson.Set(out, "usage.prompt_tokens_details.cached_tokens", cacheReadInputTokens) - } - } - } - - // Set basic response fields including message ID, creation time, and model - out, _ = sjson.Set(out, "id", messageID) - out, _ = sjson.Set(out, "created", createdAt) - out, _ = sjson.Set(out, "model", model) - - // Set message content by combining all text parts - messageContent := strings.Join(contentParts, "") - out, _ = sjson.Set(out, "choices.0.message.content", messageContent) - - // Add reasoning content if available (following OpenAI reasoning format) - if len(reasoningParts) > 0 { - reasoningContent := strings.Join(reasoningParts, "") - // Add reasoning as a separate field in the message - out, _ = sjson.Set(out, "choices.0.message.reasoning", reasoningContent) - } - - // Set tool calls if any were accumulated during processing - if len(toolCallsAccumulator) > 0 { - toolCallsCount := 0 - maxIndex := -1 - for index := range toolCallsAccumulator { - if index > maxIndex { - maxIndex = index - } - } - - for i := 0; i <= maxIndex; i++ { - accumulator, exists := toolCallsAccumulator[i] - if !exists { - continue - } - - arguments := accumulator.Arguments.String() - - idPath := fmt.Sprintf("choices.0.message.tool_calls.%d.id", toolCallsCount) - typePath := fmt.Sprintf("choices.0.message.tool_calls.%d.type", toolCallsCount) - namePath := fmt.Sprintf("choices.0.message.tool_calls.%d.function.name", toolCallsCount) - argumentsPath := fmt.Sprintf("choices.0.message.tool_calls.%d.function.arguments", toolCallsCount) - - out, _ = sjson.Set(out, idPath, accumulator.ID) - out, _ = sjson.Set(out, typePath, "function") - out, _ = sjson.Set(out, namePath, accumulator.Name) - out, _ = sjson.Set(out, argumentsPath, arguments) - toolCallsCount++ - } - if toolCallsCount > 0 { - out, _ = sjson.Set(out, "choices.0.finish_reason", "tool_calls") - } else { - out, _ = sjson.Set(out, "choices.0.finish_reason", mapAnthropicStopReasonToOpenAI(stopReason)) - } - } else { - out, _ = sjson.Set(out, "choices.0.finish_reason", mapAnthropicStopReasonToOpenAI(stopReason)) - } - - return out -} diff --git a/internal/translator/claude/openai/chat-completions/init.go b/internal/translator/claude/openai/chat-completions/init.go deleted file mode 100644 index 3193fa7c3f..0000000000 --- a/internal/translator/claude/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Claude, - ConvertOpenAIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAI, - NonStream: ConvertClaudeResponseToOpenAINonStream, - }, - ) -} diff --git a/internal/translator/claude/openai/responses/claude_openai-responses_request.go b/internal/translator/claude/openai/responses/claude_openai-responses_request.go deleted file mode 100644 index 19834977c8..0000000000 --- a/internal/translator/claude/openai/responses/claude_openai-responses_request.go +++ /dev/null @@ -1,364 +0,0 @@ -package responses - -import ( - "crypto/rand" - "crypto/sha256" - "encoding/hex" - "fmt" - "math/big" - "strings" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - user = "" - account = "" - session = "" -) - -// ConvertOpenAIResponsesRequestToClaude transforms an OpenAI Responses API request -// into a Claude Messages API request using only gjson/sjson for JSON handling. -// It supports: -// - instructions -> system message -// - input[].type==message with input_text/output_text -> user/assistant messages -// - function_call -> assistant tool_use -// - function_call_output -> user tool_result -// - tools[].parameters -> tools[].input_schema -// - max_output_tokens -> max_tokens -// - stream passthrough via parameter -func ConvertOpenAIResponsesRequestToClaude(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - if account == "" { - u, _ := uuid.NewRandom() - account = u.String() - } - if session == "" { - u, _ := uuid.NewRandom() - session = u.String() - } - if user == "" { - sum := sha256.Sum256([]byte(account + session)) - user = hex.EncodeToString(sum[:]) - } - userID := fmt.Sprintf("user_%s_account_%s_session_%s", user, account, session) - - // Base Claude message payload - out := fmt.Sprintf(`{"model":"","max_tokens":32000,"messages":[],"metadata":{"user_id":"%s"}}`, userID) - - root := gjson.ParseBytes(rawJSON) - - // Convert OpenAI Responses reasoning.effort to Claude thinking config. - if v := root.Get("reasoning.effort"); v.Exists() { - effort := strings.ToLower(strings.TrimSpace(v.String())) - if effort != "" { - budget, ok := thinking.ConvertLevelToBudget(effort) - if ok { - switch budget { - case 0: - out, _ = sjson.Set(out, "thinking.type", "disabled") - case -1: - out, _ = sjson.Set(out, "thinking.type", "enabled") - default: - if budget > 0 { - out, _ = sjson.Set(out, "thinking.type", "enabled") - out, _ = sjson.Set(out, "thinking.budget_tokens", budget) - } - } - } - } - } - - // Helper for generating tool call IDs when missing - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "toolu_" + b.String() - } - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens - if mot := root.Get("max_output_tokens"); mot.Exists() { - out, _ = sjson.Set(out, "max_tokens", mot.Int()) - } - - // Stream - out, _ = sjson.Set(out, "stream", stream) - - // instructions -> as a leading message (use role user for Claude API compatibility) - instructionsText := "" - extractedFromSystem := false - if instr := root.Get("instructions"); instr.Exists() && instr.Type == gjson.String { - instructionsText = instr.String() - if instructionsText != "" { - sysMsg := `{"role":"user","content":""}` - sysMsg, _ = sjson.Set(sysMsg, "content", instructionsText) - out, _ = sjson.SetRaw(out, "messages.-1", sysMsg) - } - } - - if instructionsText == "" { - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - if strings.EqualFold(item.Get("role").String(), "system") { - var builder strings.Builder - if parts := item.Get("content"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - textResult := part.Get("text") - text := textResult.String() - if builder.Len() > 0 && text != "" { - builder.WriteByte('\n') - } - builder.WriteString(text) - return true - }) - } else if parts.Type == gjson.String { - builder.WriteString(parts.String()) - } - instructionsText = builder.String() - if instructionsText != "" { - sysMsg := `{"role":"user","content":""}` - sysMsg, _ = sjson.Set(sysMsg, "content", instructionsText) - out, _ = sjson.SetRaw(out, "messages.-1", sysMsg) - extractedFromSystem = true - } - } - return instructionsText == "" - }) - } - } - - // input array processing - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - if extractedFromSystem && strings.EqualFold(item.Get("role").String(), "system") { - return true - } - typ := item.Get("type").String() - if typ == "" && item.Get("role").String() != "" { - typ = "message" - } - switch typ { - case "message": - // Determine role and construct Claude-compatible content parts. - var role string - var textAggregate strings.Builder - var partsJSON []string - hasImage := false - hasFile := false - if parts := item.Get("content"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - ptype := part.Get("type").String() - switch ptype { - case "input_text", "output_text": - if t := part.Get("text"); t.Exists() { - txt := t.String() - textAggregate.WriteString(txt) - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", txt) - partsJSON = append(partsJSON, contentPart) - } - if ptype == "input_text" { - role = "user" - } else { - role = "assistant" - } - case "input_image": - url := part.Get("image_url").String() - if url == "" { - url = part.Get("url").String() - } - if url != "" { - var contentPart string - if strings.HasPrefix(url, "data:") { - trimmed := strings.TrimPrefix(url, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - mediaType := "application/octet-stream" - data := "" - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mediaType = mediaAndData[0] - } - data = mediaAndData[1] - } - if data != "" { - contentPart = `{"type":"image","source":{"type":"base64","media_type":"","data":""}}` - contentPart, _ = sjson.Set(contentPart, "source.media_type", mediaType) - contentPart, _ = sjson.Set(contentPart, "source.data", data) - } - } else { - contentPart = `{"type":"image","source":{"type":"url","url":""}}` - contentPart, _ = sjson.Set(contentPart, "source.url", url) - } - if contentPart != "" { - partsJSON = append(partsJSON, contentPart) - if role == "" { - role = "user" - } - hasImage = true - } - } - case "input_file": - fileData := part.Get("file_data").String() - if fileData != "" { - mediaType := "application/octet-stream" - data := fileData - if strings.HasPrefix(fileData, "data:") { - trimmed := strings.TrimPrefix(fileData, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mediaType = mediaAndData[0] - } - data = mediaAndData[1] - } - } - contentPart := `{"type":"document","source":{"type":"base64","media_type":"","data":""}}` - contentPart, _ = sjson.Set(contentPart, "source.media_type", mediaType) - contentPart, _ = sjson.Set(contentPart, "source.data", data) - partsJSON = append(partsJSON, contentPart) - if role == "" { - role = "user" - } - hasFile = true - } - } - return true - }) - } else if parts.Type == gjson.String { - textAggregate.WriteString(parts.String()) - } - - // Fallback to given role if content types not decisive - if role == "" { - r := item.Get("role").String() - switch r { - case "user", "assistant", "system": - role = r - default: - role = "user" - } - } - - if len(partsJSON) > 0 { - msg := `{"role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - if len(partsJSON) == 1 && !hasImage && !hasFile { - // Preserve legacy behavior for single text content - msg, _ = sjson.Delete(msg, "content") - textPart := gjson.Parse(partsJSON[0]) - msg, _ = sjson.Set(msg, "content", textPart.Get("text").String()) - } else { - for _, partJSON := range partsJSON { - msg, _ = sjson.SetRaw(msg, "content.-1", partJSON) - } - } - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } else if textAggregate.Len() > 0 || role == "system" { - msg := `{"role":"","content":""}` - msg, _ = sjson.Set(msg, "role", role) - msg, _ = sjson.Set(msg, "content", textAggregate.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - case "function_call": - // Map to assistant tool_use - callID := item.Get("call_id").String() - if callID == "" { - callID = genToolCallID() - } - name := item.Get("name").String() - argsStr := item.Get("arguments").String() - - toolUse := `{"type":"tool_use","id":"","name":"","input":{}}` - toolUse, _ = sjson.Set(toolUse, "id", callID) - toolUse, _ = sjson.Set(toolUse, "name", name) - if argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - toolUse, _ = sjson.SetRaw(toolUse, "input", argsJSON.Raw) - } - } - - asst := `{"role":"assistant","content":[]}` - asst, _ = sjson.SetRaw(asst, "content.-1", toolUse) - out, _ = sjson.SetRaw(out, "messages.-1", asst) - - case "function_call_output": - // Map to user tool_result - callID := item.Get("call_id").String() - outputStr := item.Get("output").String() - toolResult := `{"type":"tool_result","tool_use_id":"","content":""}` - toolResult, _ = sjson.Set(toolResult, "tool_use_id", callID) - toolResult, _ = sjson.Set(toolResult, "content", outputStr) - - usr := `{"role":"user","content":[]}` - usr, _ = sjson.SetRaw(usr, "content.-1", toolResult) - out, _ = sjson.SetRaw(out, "messages.-1", usr) - } - return true - }) - } - - // tools mapping: parameters -> input_schema - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - toolsJSON := "[]" - tools.ForEach(func(_, tool gjson.Result) bool { - tJSON := `{"name":"","description":"","input_schema":{}}` - if n := tool.Get("name"); n.Exists() { - tJSON, _ = sjson.Set(tJSON, "name", n.String()) - } - if d := tool.Get("description"); d.Exists() { - tJSON, _ = sjson.Set(tJSON, "description", d.String()) - } - - if params := tool.Get("parameters"); params.Exists() { - tJSON, _ = sjson.SetRaw(tJSON, "input_schema", params.Raw) - } else if params = tool.Get("parametersJsonSchema"); params.Exists() { - tJSON, _ = sjson.SetRaw(tJSON, "input_schema", params.Raw) - } - - toolsJSON, _ = sjson.SetRaw(toolsJSON, "-1", tJSON) - return true - }) - if gjson.Parse(toolsJSON).IsArray() && len(gjson.Parse(toolsJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", toolsJSON) - } - } - - // Map tool_choice similar to Chat Completions translator (optional in docs, safe to handle) - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Type { - case gjson.String: - switch toolChoice.String() { - case "auto": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"auto"}`) - case "none": - // Leave unset; implies no tools - case "required": - out, _ = sjson.SetRaw(out, "tool_choice", `{"type":"any"}`) - } - case gjson.JSON: - if toolChoice.Get("type").String() == "function" { - fn := toolChoice.Get("function.name").String() - toolChoiceJSON := `{"name":"","type":"tool"}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "name", fn) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - } - default: - - } - } - - return []byte(out) -} diff --git a/internal/translator/claude/openai/responses/claude_openai-responses_response.go b/internal/translator/claude/openai/responses/claude_openai-responses_response.go deleted file mode 100644 index e77b09e13c..0000000000 --- a/internal/translator/claude/openai/responses/claude_openai-responses_response.go +++ /dev/null @@ -1,688 +0,0 @@ -package responses - -import ( - "bufio" - "bytes" - "context" - "fmt" - "strings" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type claudeToResponsesState struct { - Seq int - ResponseID string - CreatedAt int64 - CurrentMsgID string - CurrentFCID string - InTextBlock bool - InFuncBlock bool - FuncArgsBuf map[int]*strings.Builder // index -> args - // function call bookkeeping for output aggregation - FuncNames map[int]string // index -> function name - FuncCallIDs map[int]string // index -> call id - // message text aggregation - TextBuf strings.Builder - // reasoning state - ReasoningActive bool - ReasoningItemID string - ReasoningBuf strings.Builder - ReasoningPartAdded bool - ReasoningIndex int - // usage aggregation - InputTokens int64 - OutputTokens int64 - UsageSeen bool -} - -var dataTag = []byte("data:") - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -func emitEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertClaudeResponseToOpenAIResponses converts Claude SSE to OpenAI Responses SSE events. -func ConvertClaudeResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &claudeToResponsesState{FuncArgsBuf: make(map[int]*strings.Builder), FuncNames: make(map[int]string), FuncCallIDs: make(map[int]string)} - } - st := (*param).(*claudeToResponsesState) - - // Expect `data: {..}` from Claude clients - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - root := gjson.ParseBytes(rawJSON) - ev := root.Get("type").String() - var out []string - - nextSeq := func() int { st.Seq++; return st.Seq } - - switch ev { - case "message_start": - if msg := root.Get("message"); msg.Exists() { - st.ResponseID = msg.Get("id").String() - st.CreatedAt = time.Now().Unix() - // Reset per-message aggregation state - st.TextBuf.Reset() - st.ReasoningBuf.Reset() - st.ReasoningActive = false - st.InTextBlock = false - st.InFuncBlock = false - st.CurrentMsgID = "" - st.CurrentFCID = "" - st.ReasoningItemID = "" - st.ReasoningIndex = 0 - st.ReasoningPartAdded = false - st.FuncArgsBuf = make(map[int]*strings.Builder) - st.FuncNames = make(map[int]string) - st.FuncCallIDs = make(map[int]string) - st.InputTokens = 0 - st.OutputTokens = 0 - st.UsageSeen = false - if usage := msg.Get("usage"); usage.Exists() { - if v := usage.Get("input_tokens"); v.Exists() { - st.InputTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("output_tokens"); v.Exists() { - st.OutputTokens = v.Int() - st.UsageSeen = true - } - } - // response.created - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.created", created)) - // response.in_progress - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.in_progress", inprog)) - } - case "content_block_start": - cb := root.Get("content_block") - if !cb.Exists() { - return out - } - idx := int(root.Get("index").Int()) - typ := cb.Get("type").String() - if typ == "text" { - // open message item + content part - st.InTextBlock = true - st.CurrentMsgID = fmt.Sprintf("msg_%s_0", st.ResponseID) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.added", item)) - - part := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.content_part.added", part)) - } else if typ == "tool_use" { - st.InFuncBlock = true - st.CurrentFCID = cb.Get("id").String() - name := cb.Get("name").String() - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - item, _ = sjson.Set(item, "item.call_id", st.CurrentFCID) - item, _ = sjson.Set(item, "item.name", name) - out = append(out, emitEvent("response.output_item.added", item)) - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - // record function metadata for aggregation - st.FuncCallIDs[idx] = st.CurrentFCID - st.FuncNames[idx] = name - } else if typ == "thinking" { - // start reasoning item - st.ReasoningActive = true - st.ReasoningIndex = idx - st.ReasoningBuf.Reset() - st.ReasoningItemID = fmt.Sprintf("rs_%s_%d", st.ResponseID, idx) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", st.ReasoningItemID) - out = append(out, emitEvent("response.output_item.added", item)) - // add a summary part placeholder - part := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.ReasoningItemID) - part, _ = sjson.Set(part, "output_index", idx) - out = append(out, emitEvent("response.reasoning_summary_part.added", part)) - st.ReasoningPartAdded = true - } - case "content_block_delta": - d := root.Get("delta") - if !d.Exists() { - return out - } - dt := d.Get("type").String() - if dt == "text_delta" { - if t := d.Get("text"); t.Exists() { - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.CurrentMsgID) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.output_text.delta", msg)) - // aggregate text for response.output - st.TextBuf.WriteString(t.String()) - } - } else if dt == "input_json_delta" { - idx := int(root.Get("index").Int()) - if pj := d.Get("partial_json"); pj.Exists() { - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - st.FuncArgsBuf[idx].WriteString(pj.String()) - msg := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - msg, _ = sjson.Set(msg, "output_index", idx) - msg, _ = sjson.Set(msg, "delta", pj.String()) - out = append(out, emitEvent("response.function_call_arguments.delta", msg)) - } - } else if dt == "thinking_delta" { - if st.ReasoningActive { - if t := d.Get("thinking"); t.Exists() { - st.ReasoningBuf.WriteString(t.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningItemID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.reasoning_summary_text.delta", msg)) - } - } - } - case "content_block_stop": - idx := int(root.Get("index").Int()) - if st.InTextBlock { - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_text.done", done)) - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.CurrentMsgID) - out = append(out, emitEvent("response.content_part.done", partDone)) - final := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","text":""}],"role":"assistant"}}` - final, _ = sjson.Set(final, "sequence_number", nextSeq()) - final, _ = sjson.Set(final, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.done", final)) - st.InTextBlock = false - } else if st.InFuncBlock { - args := "{}" - if buf := st.FuncArgsBuf[idx]; buf != nil { - if buf.Len() > 0 { - args = buf.String() - } - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.CurrentFCID)) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.CurrentFCID) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - st.InFuncBlock = false - } else if st.ReasoningActive { - full := st.ReasoningBuf.String() - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningItemID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", full) - out = append(out, emitEvent("response.reasoning_summary_text.done", textDone)) - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningItemID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", full) - out = append(out, emitEvent("response.reasoning_summary_part.done", partDone)) - st.ReasoningActive = false - st.ReasoningPartAdded = false - } - case "message_delta": - if usage := root.Get("usage"); usage.Exists() { - if v := usage.Get("output_tokens"); v.Exists() { - st.OutputTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("input_tokens"); v.Exists() { - st.InputTokens = v.Int() - st.UsageSeen = true - } - } - case "message_stop": - - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.CreatedAt) - // Inject original request fields into response as per docs/response.completed.json - - reqBytes := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if len(reqBytes) > 0 { - req := gjson.ParseBytes(reqBytes) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - - // Build response.output from aggregated state - outputsWrapper := `{"arr":[]}` - // reasoning item (if any) - if st.ReasoningBuf.Len() > 0 || st.ReasoningPartAdded { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", st.ReasoningItemID) - item, _ = sjson.Set(item, "summary.0.text", st.ReasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - // assistant message item (if any text) - if st.TextBuf.Len() > 0 || st.InTextBlock || st.CurrentMsgID != "" { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", st.CurrentMsgID) - item, _ = sjson.Set(item, "content.0.text", st.TextBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - // function_call items (in ascending index order for determinism) - if len(st.FuncArgsBuf) > 0 { - // collect indices - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for idx := range st.FuncArgsBuf { - idxs = append(idxs, idx) - } - // simple sort (small N), avoid adding new imports - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, idx := range idxs { - args := "" - if b := st.FuncArgsBuf[idx]; b != nil { - args = b.String() - } - callID := st.FuncCallIDs[idx] - name := st.FuncNames[idx] - if callID == "" && st.CurrentFCID != "" { - callID = st.CurrentFCID - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - - reasoningTokens := int64(0) - if st.ReasoningBuf.Len() > 0 { - reasoningTokens = int64(st.ReasoningBuf.Len() / 4) - } - usagePresent := st.UsageSeen || reasoningTokens > 0 - if usagePresent { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.InputTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", 0) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.OutputTokens) - if reasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", reasoningTokens) - } - total := st.InputTokens + st.OutputTokens - if total > 0 || st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - } - out = append(out, emitEvent("response.completed", completed)) - } - - return out -} - -// ConvertClaudeResponseToOpenAIResponsesNonStream aggregates Claude SSE into a single OpenAI Responses JSON. -func ConvertClaudeResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - // Aggregate Claude SSE lines into a single OpenAI Responses JSON (non-stream) - // We follow the same aggregation logic as the streaming variant but produce - // one final object matching docs/out.json structure. - - // Collect SSE data: lines start with "data: "; ignore others - var chunks [][]byte - { - // Use a simple scanner to iterate through raw bytes - // Note: extremely large responses may require increasing the buffer - scanner := bufio.NewScanner(bytes.NewReader(rawJSON)) - buf := make([]byte, 52_428_800) // 50MB - scanner.Buffer(buf, 52_428_800) - for scanner.Scan() { - line := scanner.Bytes() - if !bytes.HasPrefix(line, dataTag) { - continue - } - chunks = append(chunks, line[len(dataTag):]) - } - } - - // Base OpenAI Responses (non-stream) object - out := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null,"output":[],"usage":{"input_tokens":0,"input_tokens_details":{"cached_tokens":0},"output_tokens":0,"output_tokens_details":{},"total_tokens":0}}` - - // Aggregation state - var ( - responseID string - createdAt int64 - currentMsgID string - currentFCID string - textBuf strings.Builder - reasoningBuf strings.Builder - reasoningActive bool - reasoningItemID string - inputTokens int64 - outputTokens int64 - ) - - // Per-index tool call aggregation - type toolState struct { - id string - name string - args strings.Builder - } - toolCalls := make(map[int]*toolState) - - // Walk through SSE chunks to fill state - for _, ch := range chunks { - root := gjson.ParseBytes(ch) - ev := root.Get("type").String() - - switch ev { - case "message_start": - if msg := root.Get("message"); msg.Exists() { - responseID = msg.Get("id").String() - createdAt = time.Now().Unix() - if usage := msg.Get("usage"); usage.Exists() { - inputTokens = usage.Get("input_tokens").Int() - } - } - - case "content_block_start": - cb := root.Get("content_block") - if !cb.Exists() { - continue - } - idx := int(root.Get("index").Int()) - typ := cb.Get("type").String() - switch typ { - case "text": - currentMsgID = "msg_" + responseID + "_0" - case "tool_use": - currentFCID = cb.Get("id").String() - name := cb.Get("name").String() - if toolCalls[idx] == nil { - toolCalls[idx] = &toolState{id: currentFCID, name: name} - } else { - toolCalls[idx].id = currentFCID - toolCalls[idx].name = name - } - case "thinking": - reasoningActive = true - reasoningItemID = fmt.Sprintf("rs_%s_%d", responseID, idx) - } - - case "content_block_delta": - d := root.Get("delta") - if !d.Exists() { - continue - } - dt := d.Get("type").String() - switch dt { - case "text_delta": - if t := d.Get("text"); t.Exists() { - textBuf.WriteString(t.String()) - } - case "input_json_delta": - if pj := d.Get("partial_json"); pj.Exists() { - idx := int(root.Get("index").Int()) - if toolCalls[idx] == nil { - toolCalls[idx] = &toolState{} - } - toolCalls[idx].args.WriteString(pj.String()) - } - case "thinking_delta": - if reasoningActive { - if t := d.Get("thinking"); t.Exists() { - reasoningBuf.WriteString(t.String()) - } - } - } - - case "content_block_stop": - // Nothing special to finalize for non-stream aggregation - _ = root - - case "message_delta": - if usage := root.Get("usage"); usage.Exists() { - outputTokens = usage.Get("output_tokens").Int() - } - } - } - - // Populate base fields - out, _ = sjson.Set(out, "id", responseID) - out, _ = sjson.Set(out, "created_at", createdAt) - - // Inject request echo fields as top-level (similar to streaming variant) - reqBytes := pickRequestJSON(originalRequestRawJSON, requestRawJSON) - if len(reqBytes) > 0 { - req := gjson.ParseBytes(reqBytes) - if v := req.Get("instructions"); v.Exists() { - out, _ = sjson.Set(out, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - out, _ = sjson.Set(out, "max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - out, _ = sjson.Set(out, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - out, _ = sjson.Set(out, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - out, _ = sjson.Set(out, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - out, _ = sjson.Set(out, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - out, _ = sjson.Set(out, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - out, _ = sjson.Set(out, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - out, _ = sjson.Set(out, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - out, _ = sjson.Set(out, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - out, _ = sjson.Set(out, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - out, _ = sjson.Set(out, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - out, _ = sjson.Set(out, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - out, _ = sjson.Set(out, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - out, _ = sjson.Set(out, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - out, _ = sjson.Set(out, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - out, _ = sjson.Set(out, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - out, _ = sjson.Set(out, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - out, _ = sjson.Set(out, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - out, _ = sjson.Set(out, "metadata", v.Value()) - } - } - - // Build output array - outputsWrapper := `{"arr":[]}` - if reasoningBuf.Len() > 0 { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", reasoningItemID) - item, _ = sjson.Set(item, "summary.0.text", reasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - if currentMsgID != "" || textBuf.Len() > 0 { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", currentMsgID) - item, _ = sjson.Set(item, "content.0.text", textBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - if len(toolCalls) > 0 { - // Preserve index order - idxs := make([]int, 0, len(toolCalls)) - for i := range toolCalls { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - st := toolCalls[i] - args := st.args.String() - if args == "" { - args = "{}" - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", st.id)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", st.id) - item, _ = sjson.Set(item, "name", st.name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - out, _ = sjson.SetRaw(out, "output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // Usage - total := inputTokens + outputTokens - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - out, _ = sjson.Set(out, "usage.total_tokens", total) - if reasoningBuf.Len() > 0 { - // Rough estimate similar to chat completions - reasoningTokens := int64(len(reasoningBuf.String()) / 4) - if reasoningTokens > 0 { - out, _ = sjson.Set(out, "usage.output_tokens_details.reasoning_tokens", reasoningTokens) - } - } - - return out -} diff --git a/internal/translator/claude/openai/responses/init.go b/internal/translator/claude/openai/responses/init.go deleted file mode 100644 index e093854c8f..0000000000 --- a/internal/translator/claude/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Claude, - ConvertOpenAIResponsesRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAIResponses, - NonStream: ConvertClaudeResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/internal/translator/codex/claude/codex_claude_request.go b/internal/translator/codex/claude/codex_claude_request.go deleted file mode 100644 index 5cc5f4eead..0000000000 --- a/internal/translator/codex/claude/codex_claude_request.go +++ /dev/null @@ -1,355 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// It handles parsing and transforming Claude Code API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude Code API format and the internal client's expected format. -package claude - -import ( - "fmt" - "strconv" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToCodex parses and transforms a Claude Code API request into the internal client format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the internal client. -// The function performs the following transformations: -// 1. Sets up a template with the model name and empty instructions field -// 2. Processes system messages and converts them to developer input content -// 3. Transforms message contents (text, image, tool_use, tool_result) to appropriate formats -// 4. Converts tools declarations to the expected format -// 5. Adds additional configuration parameters for the Codex API -// 6. Maps Claude thinking configuration to Codex reasoning settings -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in internal client format -func ConvertClaudeRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - - template := `{"model":"","instructions":"","input":[]}` - - rootResult := gjson.ParseBytes(rawJSON) - template, _ = sjson.Set(template, "model", modelName) - - // Process system messages and convert them to input content format. - systemsResult := rootResult.Get("system") - if systemsResult.IsArray() { - systemResults := systemsResult.Array() - message := `{"type":"message","role":"developer","content":[]}` - for i := 0; i < len(systemResults); i++ { - systemResult := systemResults[i] - systemTypeResult := systemResult.Get("type") - if systemTypeResult.String() == "text" { - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", i), "input_text") - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.text", i), systemResult.Get("text").String()) - } - } - template, _ = sjson.SetRaw(template, "input.-1", message) - } - - // Process messages and transform their contents to appropriate formats. - messagesResult := rootResult.Get("messages") - if messagesResult.IsArray() { - messageResults := messagesResult.Array() - - for i := 0; i < len(messageResults); i++ { - messageResult := messageResults[i] - messageRole := messageResult.Get("role").String() - - newMessage := func() string { - msg := `{"type": "message","role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", messageRole) - return msg - } - - message := newMessage() - contentIndex := 0 - hasContent := false - - flushMessage := func() { - if hasContent { - template, _ = sjson.SetRaw(template, "input.-1", message) - message = newMessage() - contentIndex = 0 - hasContent = false - } - } - - appendTextContent := func(text string) { - partType := "input_text" - if messageRole == "assistant" { - partType = "output_text" - } - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", contentIndex), partType) - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.text", contentIndex), text) - contentIndex++ - hasContent = true - } - - appendImageContent := func(dataURL string) { - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.type", contentIndex), "input_image") - message, _ = sjson.Set(message, fmt.Sprintf("content.%d.image_url", contentIndex), dataURL) - contentIndex++ - hasContent = true - } - - messageContentsResult := messageResult.Get("content") - if messageContentsResult.IsArray() { - messageContentResults := messageContentsResult.Array() - for j := 0; j < len(messageContentResults); j++ { - messageContentResult := messageContentResults[j] - contentType := messageContentResult.Get("type").String() - - switch contentType { - case "text": - appendTextContent(messageContentResult.Get("text").String()) - case "image": - sourceResult := messageContentResult.Get("source") - if sourceResult.Exists() { - data := sourceResult.Get("data").String() - if data == "" { - data = sourceResult.Get("base64").String() - } - if data != "" { - mediaType := sourceResult.Get("media_type").String() - if mediaType == "" { - mediaType = sourceResult.Get("mime_type").String() - } - if mediaType == "" { - mediaType = "application/octet-stream" - } - dataURL := fmt.Sprintf("data:%s;base64,%s", mediaType, data) - appendImageContent(dataURL) - } - } - case "tool_use": - flushMessage() - functionCallMessage := `{"type":"function_call"}` - functionCallMessage, _ = sjson.Set(functionCallMessage, "call_id", messageContentResult.Get("id").String()) - { - name := messageContentResult.Get("name").String() - toolMap := buildReverseMapFromClaudeOriginalToShort(rawJSON) - if short, ok := toolMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - functionCallMessage, _ = sjson.Set(functionCallMessage, "name", name) - } - functionCallMessage, _ = sjson.Set(functionCallMessage, "arguments", messageContentResult.Get("input").Raw) - template, _ = sjson.SetRaw(template, "input.-1", functionCallMessage) - case "tool_result": - flushMessage() - functionCallOutputMessage := `{"type":"function_call_output"}` - functionCallOutputMessage, _ = sjson.Set(functionCallOutputMessage, "call_id", messageContentResult.Get("tool_use_id").String()) - functionCallOutputMessage, _ = sjson.Set(functionCallOutputMessage, "output", messageContentResult.Get("content").String()) - template, _ = sjson.SetRaw(template, "input.-1", functionCallOutputMessage) - } - } - flushMessage() - } else if messageContentsResult.Type == gjson.String { - appendTextContent(messageContentsResult.String()) - flushMessage() - } - } - - } - - // Convert tools declarations to the expected format for the Codex API. - toolsResult := rootResult.Get("tools") - if toolsResult.IsArray() { - template, _ = sjson.SetRaw(template, "tools", `[]`) - template, _ = sjson.Set(template, "tool_choice", `auto`) - toolResults := toolsResult.Array() - // Build short name map from declared tools - var names []string - for i := 0; i < len(toolResults); i++ { - n := toolResults[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - shortMap := buildShortNameMap(names) - for i := 0; i < len(toolResults); i++ { - toolResult := toolResults[i] - // Special handling: map Claude web search tool to Codex web_search - if toolResult.Get("type").String() == "web_search_20250305" { - // Replace the tool content entirely with {"type":"web_search"} - template, _ = sjson.SetRaw(template, "tools.-1", `{"type":"web_search"}`) - continue - } - tool := toolResult.Raw - tool, _ = sjson.Set(tool, "type", "function") - // Apply shortened name if needed - if v := toolResult.Get("name"); v.Exists() { - name := v.String() - if short, ok := shortMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - tool, _ = sjson.Set(tool, "name", name) - } - tool, _ = sjson.SetRaw(tool, "parameters", normalizeToolParameters(toolResult.Get("input_schema").Raw)) - tool, _ = sjson.Delete(tool, "input_schema") - tool, _ = sjson.Delete(tool, "parameters.$schema") - tool, _ = sjson.Set(tool, "strict", false) - template, _ = sjson.SetRaw(template, "tools.-1", tool) - } - } - - // Add additional configuration parameters for the Codex API. - template, _ = sjson.Set(template, "parallel_tool_calls", true) - - // Convert thinking.budget_tokens to reasoning.effort. - reasoningEffort := "medium" - if thinkingConfig := rootResult.Get("thinking"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - switch thinkingConfig.Get("type").String() { - case "enabled": - if budgetTokens := thinkingConfig.Get("budget_tokens"); budgetTokens.Exists() { - budget := int(budgetTokens.Int()) - if effort, ok := thinking.ConvertBudgetToLevel(budget); ok && effort != "" { - reasoningEffort = effort - } - } - case "adaptive": - // Claude adaptive means "enable with max capacity"; keep it as highest level - // and let ApplyThinking normalize per target model capability. - reasoningEffort = string(thinking.LevelXHigh) - case "disabled": - if effort, ok := thinking.ConvertBudgetToLevel(0); ok && effort != "" { - reasoningEffort = effort - } - } - } - template, _ = sjson.Set(template, "reasoning.effort", reasoningEffort) - template, _ = sjson.Set(template, "reasoning.summary", "auto") - template, _ = sjson.Set(template, "stream", true) - template, _ = sjson.Set(template, "store", false) - template, _ = sjson.Set(template, "include", []string{"reasoning.encrypted_content"}) - - return []byte(template) -} - -// shortenNameIfNeeded applies a simple shortening rule for a single name. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -// buildShortNameMap ensures uniqueness of shortened names within a request. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} - -// buildReverseMapFromClaudeOriginalToShort builds original->short map, used to map tool_use names to short. -func buildReverseMapFromClaudeOriginalToShort(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - m := map[string]string{} - if !tools.IsArray() { - return m - } - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - n := arr[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - if len(names) > 0 { - m = buildShortNameMap(names) - } - return m -} - -// normalizeToolParameters ensures object schemas contain at least an empty properties map. -func normalizeToolParameters(raw string) string { - raw = strings.TrimSpace(raw) - if raw == "" || raw == "null" || !gjson.Valid(raw) { - return `{"type":"object","properties":{}}` - } - schema := raw - result := gjson.Parse(raw) - schemaType := result.Get("type").String() - if schemaType == "" { - schema, _ = sjson.Set(schema, "type", "object") - schemaType = "object" - } - if schemaType == "object" && !result.Get("properties").Exists() { - schema, _ = sjson.SetRaw(schema, "properties", `{}`) - } - return schema -} diff --git a/internal/translator/codex/claude/codex_claude_response.go b/internal/translator/codex/claude/codex_claude_response.go deleted file mode 100644 index cdcf2e4f55..0000000000 --- a/internal/translator/codex/claude/codex_claude_response.go +++ /dev/null @@ -1,390 +0,0 @@ -// Package claude provides response translation functionality for Codex to Claude Code API compatibility. -// This package handles the conversion of Codex API responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCodexResponseToClaudeParams holds parameters for response conversion. -type ConvertCodexResponseToClaudeParams struct { - HasToolCall bool - BlockIndex int - HasReceivedArgumentsDelta bool -} - -// ConvertCodexResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates Codex API responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertCodexResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCodexResponseToClaudeParams{ - HasToolCall: false, - BlockIndex: 0, - } - } - - // log.Debugf("rawJSON: %s", string(rawJSON)) - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - output := "" - rootResult := gjson.ParseBytes(rawJSON) - typeResult := rootResult.Get("type") - typeStr := typeResult.String() - template := "" - if typeStr == "response.created" { - template = `{"type":"message_start","message":{"id":"","type":"message","role":"assistant","model":"claude-opus-4-1-20250805","stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0},"content":[],"stop_reason":null}}` - template, _ = sjson.Set(template, "message.model", rootResult.Get("response.model").String()) - template, _ = sjson.Set(template, "message.id", rootResult.Get("response.id").String()) - - output = "event: message_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.reasoning_summary_part.added" { - template = `{"type":"content_block_start","index":0,"content_block":{"type":"thinking","thinking":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.reasoning_summary_text.delta" { - template = `{"type":"content_block_delta","index":0,"delta":{"type":"thinking_delta","thinking":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.thinking", rootResult.Get("delta").String()) - - output = "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.reasoning_summary_part.done" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - - } else if typeStr == "response.content_part.added" { - template = `{"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.output_text.delta" { - template = `{"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.text", rootResult.Get("delta").String()) - - output = "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.content_part.done" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.completed" { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - p := (*param).(*ConvertCodexResponseToClaudeParams).HasToolCall - stopReason := rootResult.Get("response.stop_reason").String() - if p { - template, _ = sjson.Set(template, "delta.stop_reason", "tool_use") - } else if stopReason == "max_tokens" || stopReason == "stop" { - template, _ = sjson.Set(template, "delta.stop_reason", stopReason) - } else { - template, _ = sjson.Set(template, "delta.stop_reason", "end_turn") - } - inputTokens, outputTokens, cachedTokens := extractResponsesUsage(rootResult.Get("response.usage")) - template, _ = sjson.Set(template, "usage.input_tokens", inputTokens) - template, _ = sjson.Set(template, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - template, _ = sjson.Set(template, "usage.cache_read_input_tokens", cachedTokens) - } - - output = "event: message_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - output += "event: message_stop\n" - output += `data: {"type":"message_stop"}` - output += "\n\n" - } else if typeStr == "response.output_item.added" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - (*param).(*ConvertCodexResponseToClaudeParams).HasToolCall = true - (*param).(*ConvertCodexResponseToClaudeParams).HasReceivedArgumentsDelta = false - template = `{"type":"content_block_start","index":0,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "content_block.id", itemResult.Get("call_id").String()) - { - // Restore original tool name if shortened - name := itemResult.Get("name").String() - rev := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - template, _ = sjson.Set(template, "content_block.name", name) - } - - output = "event: content_block_start\n" - output += fmt.Sprintf("data: %s\n\n", template) - - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - } else if typeStr == "response.output_item.done" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - template = `{"type":"content_block_stop","index":0}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex++ - - output = "event: content_block_stop\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - } else if typeStr == "response.function_call_arguments.delta" { - (*param).(*ConvertCodexResponseToClaudeParams).HasReceivedArgumentsDelta = true - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.partial_json", rootResult.Get("delta").String()) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } else if typeStr == "response.function_call_arguments.done" { - // Some models (e.g. gpt-5.3-codex-spark) send function call arguments - // in a single "done" event without preceding "delta" events. - // Emit the full arguments as a single input_json_delta so the - // downstream Claude client receives the complete tool input. - // When delta events were already received, skip to avoid duplicating arguments. - if !(*param).(*ConvertCodexResponseToClaudeParams).HasReceivedArgumentsDelta { - if args := rootResult.Get("arguments").String(); args != "" { - template = `{"type":"content_block_delta","index":0,"delta":{"type":"input_json_delta","partial_json":""}}` - template, _ = sjson.Set(template, "index", (*param).(*ConvertCodexResponseToClaudeParams).BlockIndex) - template, _ = sjson.Set(template, "delta.partial_json", args) - - output += "event: content_block_delta\n" - output += fmt.Sprintf("data: %s\n\n", template) - } - } - } - - return []string{output} -} - -// ConvertCodexResponseToClaudeNonStream converts a non-streaming Codex response to a non-streaming Claude Code response. -// This function processes the complete Codex response and transforms it into a single Claude Code-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Claude Code API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Claude Code-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, _ []byte, rawJSON []byte, _ *any) string { - revNames := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON) - - rootResult := gjson.ParseBytes(rawJSON) - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - responseData := rootResult.Get("response") - if !responseData.Exists() { - return "" - } - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", responseData.Get("id").String()) - out, _ = sjson.Set(out, "model", responseData.Get("model").String()) - inputTokens, outputTokens, cachedTokens := extractResponsesUsage(responseData.Get("usage")) - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - if cachedTokens > 0 { - out, _ = sjson.Set(out, "usage.cache_read_input_tokens", cachedTokens) - } - - hasToolCall := false - - if output := responseData.Get("output"); output.Exists() && output.IsArray() { - output.ForEach(func(_, item gjson.Result) bool { - switch item.Get("type").String() { - case "reasoning": - thinkingBuilder := strings.Builder{} - if summary := item.Get("summary"); summary.Exists() { - if summary.IsArray() { - summary.ForEach(func(_, part gjson.Result) bool { - if txt := part.Get("text"); txt.Exists() { - thinkingBuilder.WriteString(txt.String()) - } else { - thinkingBuilder.WriteString(part.String()) - } - return true - }) - } else { - thinkingBuilder.WriteString(summary.String()) - } - } - if thinkingBuilder.Len() == 0 { - if content := item.Get("content"); content.Exists() { - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if txt := part.Get("text"); txt.Exists() { - thinkingBuilder.WriteString(txt.String()) - } else { - thinkingBuilder.WriteString(part.String()) - } - return true - }) - } else { - thinkingBuilder.WriteString(content.String()) - } - } - } - if thinkingBuilder.Len() > 0 { - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - case "message": - if content := item.Get("content"); content.Exists() { - if content.IsArray() { - content.ForEach(func(_, part gjson.Result) bool { - if part.Get("type").String() == "output_text" { - text := part.Get("text").String() - if text != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - return true - }) - } else { - text := content.String() - if text != "" { - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", text) - out, _ = sjson.SetRaw(out, "content.-1", block) - } - } - } - case "function_call": - hasToolCall = true - name := item.Get("name").String() - if original, ok := revNames[name]; ok { - name = original - } - - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", item.Get("call_id").String()) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if argsStr := item.Get("arguments").String(); argsStr != "" && gjson.Valid(argsStr) { - argsJSON := gjson.Parse(argsStr) - if argsJSON.IsObject() { - inputRaw = argsJSON.Raw - } - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - } - return true - }) - } - - if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" { - out, _ = sjson.Set(out, "stop_reason", stopReason.String()) - } else if hasToolCall { - out, _ = sjson.Set(out, "stop_reason", "tool_use") - } else { - out, _ = sjson.Set(out, "stop_reason", "end_turn") - } - - if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" { - out, _ = sjson.SetRaw(out, "stop_sequence", stopSequence.Raw) - } - - return out -} - -func extractResponsesUsage(usage gjson.Result) (int64, int64, int64) { - if !usage.Exists() || usage.Type == gjson.Null { - return 0, 0, 0 - } - - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - cachedTokens := usage.Get("input_tokens_details.cached_tokens").Int() - - if cachedTokens > 0 { - if inputTokens >= cachedTokens { - inputTokens -= cachedTokens - } else { - inputTokens = 0 - } - } - - return inputTokens, outputTokens, cachedTokens -} - -// buildReverseMapFromClaudeOriginalShortToOriginal builds a map[short]original from original Claude request tools. -func buildReverseMapFromClaudeOriginalShortToOriginal(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if !tools.IsArray() { - return rev - } - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - n := arr[i].Get("name").String() - if n != "" { - names = append(names, n) - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - return rev -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/internal/translator/codex/claude/init.go b/internal/translator/codex/claude/init.go deleted file mode 100644 index 2095ae77e4..0000000000 --- a/internal/translator/codex/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Codex, - ConvertClaudeRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToClaude, - NonStream: ConvertCodexResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/internal/translator/codex/gemini-cli/codex_gemini-cli_request.go b/internal/translator/codex/gemini-cli/codex_gemini-cli_request.go deleted file mode 100644 index 5765444951..0000000000 --- a/internal/translator/codex/gemini-cli/codex_gemini-cli_request.go +++ /dev/null @@ -1,41 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini CLI to Codex API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Codex API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Codex API's expected format. -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToCodex parses and transforms a Gemini CLI API request into Codex API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Codex API. -// The function performs the following transformations: -// 1. Extracts the inner request object and promotes it to the top level -// 2. Restores the model information at the top level -// 3. Converts systemInstruction field to system_instruction for Codex compatibility -// 4. Delegates to the Gemini-to-Codex conversion function for further processing -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in Codex API format -func ConvertGeminiCLIRequestToCodex(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelName) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - return ConvertGeminiRequestToCodex(modelName, rawJSON, stream) -} diff --git a/internal/translator/codex/gemini-cli/codex_gemini-cli_response.go b/internal/translator/codex/gemini-cli/codex_gemini-cli_response.go deleted file mode 100644 index 116505af03..0000000000 --- a/internal/translator/codex/gemini-cli/codex_gemini-cli_response.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package geminiCLI provides response translation functionality for Codex to Gemini CLI API compatibility. -// This package handles the conversion of Codex API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "context" - "fmt" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/gemini" - "github.com/tidwall/sjson" -) - -// ConvertCodexResponseToGeminiCLI converts Codex streaming response format to Gemini CLI format. -// This function processes various Codex event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini CLI API format. -// The function wraps each converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response wrapped in a response object -func ConvertCodexResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := ConvertCodexResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertCodexResponseToGeminiCLINonStream converts a non-streaming Codex response to a non-streaming Gemini CLI response. -// This function processes the complete Codex response and transforms it into a single Gemini-compatible -// JSON response. It wraps the converted response in a "response" object to match the Gemini CLI API structure. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: A Gemini-compatible JSON response wrapped in a response object -func ConvertCodexResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - // log.Debug(string(rawJSON)) - strJSON := ConvertCodexResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/internal/translator/codex/gemini-cli/init.go b/internal/translator/codex/gemini-cli/init.go deleted file mode 100644 index 453b6b4cd3..0000000000 --- a/internal/translator/codex/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - Codex, - ConvertGeminiCLIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGeminiCLI, - NonStream: ConvertCodexResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/internal/translator/codex/gemini/codex_gemini_request.go b/internal/translator/codex/gemini/codex_gemini_request.go deleted file mode 100644 index 97deb11e6f..0000000000 --- a/internal/translator/codex/gemini/codex_gemini_request.go +++ /dev/null @@ -1,364 +0,0 @@ -// Package gemini provides request translation functionality for Codex to Gemini API compatibility. -// It handles parsing and transforming Codex API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Codex API format and Gemini API's expected format. -package gemini - -import ( - "crypto/rand" - "fmt" - "math/big" - "strconv" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToCodex parses and transforms a Gemini API request into Codex API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Codex API. -// The function performs comprehensive transformation including: -// 1. Model name mapping and generation configuration extraction -// 2. System instruction conversion to Codex format -// 3. Message content conversion with proper role mapping -// 4. Tool call and tool result handling with FIFO queue for ID matching -// 5. Tool declaration and tool choice configuration mapping -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Gemini API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Codex API format -func ConvertGeminiRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base template - out := `{"model":"","instructions":"","input":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Pre-compute tool name shortening map from declared functionDeclarations - shortMap := map[string]string{} - if tools := root.Get("tools"); tools.IsArray() { - var names []string - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - fns := tarr[i].Get("functionDeclarations") - if !fns.IsArray() { - continue - } - for _, fn := range fns.Array() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - if len(names) > 0 { - shortMap = buildShortNameMap(names) - } - } - - // helper for generating paired call IDs in the form: call_ - // Gemini uses sequential pairing across possibly multiple in-flight - // functionCalls, so we keep a FIFO queue of generated call IDs and - // consume them in order when functionResponses arrive. - var pendingCallIDs []string - - // genCallID creates a random call id like: call_<8chars> - genCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 8 chars random suffix - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "call_" + b.String() - } - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // System instruction -> as a user message with input_text parts - sysParts := root.Get("system_instruction.parts") - if sysParts.IsArray() { - msg := `{"type":"message","role":"developer","content":[]}` - arr := sysParts.Array() - for i := 0; i < len(arr); i++ { - p := arr[i] - if t := p.Get("text"); t.Exists() { - part := `{}` - part, _ = sjson.Set(part, "type", "input_text") - part, _ = sjson.Set(part, "text", t.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - } - if len(gjson.Get(msg, "content").Array()) > 0 { - out, _ = sjson.SetRaw(out, "input.-1", msg) - } - } - - // Contents -> messages and function calls/results - contents := root.Get("contents") - if contents.IsArray() { - items := contents.Array() - for i := 0; i < len(items); i++ { - item := items[i] - role := item.Get("role").String() - if role == "model" { - role = "assistant" - } - - parts := item.Get("parts") - if !parts.IsArray() { - continue - } - parr := parts.Array() - for j := 0; j < len(parr); j++ { - p := parr[j] - // text part - if t := p.Get("text"); t.Exists() { - msg := `{"type":"message","role":"","content":[]}` - msg, _ = sjson.Set(msg, "role", role) - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", t.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - out, _ = sjson.SetRaw(out, "input.-1", msg) - continue - } - - // function call from model - if fc := p.Get("functionCall"); fc.Exists() { - fn := `{"type":"function_call"}` - if name := fc.Get("name"); name.Exists() { - n := name.String() - if short, ok := shortMap[n]; ok { - n = short - } else { - n = shortenNameIfNeeded(n) - } - fn, _ = sjson.Set(fn, "name", n) - } - if args := fc.Get("args"); args.Exists() { - fn, _ = sjson.Set(fn, "arguments", args.Raw) - } - // generate a paired random call_id and enqueue it so the - // corresponding functionResponse can pop the earliest id - // to preserve ordering when multiple calls are present. - id := genCallID() - fn, _ = sjson.Set(fn, "call_id", id) - pendingCallIDs = append(pendingCallIDs, id) - out, _ = sjson.SetRaw(out, "input.-1", fn) - continue - } - - // function response from user - if fr := p.Get("functionResponse"); fr.Exists() { - fno := `{"type":"function_call_output"}` - // Prefer a string result if present; otherwise embed the raw response as a string - if res := fr.Get("response.result"); res.Exists() { - fno, _ = sjson.Set(fno, "output", res.String()) - } else if resp := fr.Get("response"); resp.Exists() { - fno, _ = sjson.Set(fno, "output", resp.Raw) - } - // fno, _ = sjson.Set(fno, "call_id", "call_W6nRJzFXyPM2LFBbfo98qAbq") - // attach the oldest queued call_id to pair the response - // with its call. If the queue is empty, generate a new id. - var id string - if len(pendingCallIDs) > 0 { - id = pendingCallIDs[0] - // pop the first element - pendingCallIDs = pendingCallIDs[1:] - } else { - id = genCallID() - } - fno, _ = sjson.Set(fno, "call_id", id) - out, _ = sjson.SetRaw(out, "input.-1", fno) - continue - } - } - } - } - - // Tools mapping: Gemini functionDeclarations -> Codex tools - tools := root.Get("tools") - if tools.IsArray() { - out, _ = sjson.SetRaw(out, "tools", `[]`) - out, _ = sjson.Set(out, "tool_choice", "auto") - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - td := tarr[i] - fns := td.Get("functionDeclarations") - if !fns.IsArray() { - continue - } - farr := fns.Array() - for j := 0; j < len(farr); j++ { - fn := farr[j] - tool := `{}` - tool, _ = sjson.Set(tool, "type", "function") - if v := fn.Get("name"); v.Exists() { - name := v.String() - if short, ok := shortMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - tool, _ = sjson.Set(tool, "name", name) - } - if v := fn.Get("description"); v.Exists() { - tool, _ = sjson.Set(tool, "description", v.String()) - } - if prm := fn.Get("parameters"); prm.Exists() { - // Remove optional $schema field if present - cleaned := prm.Raw - cleaned, _ = sjson.Delete(cleaned, "$schema") - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - tool, _ = sjson.SetRaw(tool, "parameters", cleaned) - } else if prm = fn.Get("parametersJsonSchema"); prm.Exists() { - // Remove optional $schema field if present - cleaned := prm.Raw - cleaned, _ = sjson.Delete(cleaned, "$schema") - cleaned, _ = sjson.Set(cleaned, "additionalProperties", false) - tool, _ = sjson.SetRaw(tool, "parameters", cleaned) - } - tool, _ = sjson.Set(tool, "strict", false) - out, _ = sjson.SetRaw(out, "tools.-1", tool) - } - } - } - - // Fixed flags aligning with Codex expectations - out, _ = sjson.Set(out, "parallel_tool_calls", true) - - // Convert Gemini thinkingConfig to Codex reasoning.effort. - // Note: Google official Python SDK sends snake_case fields (thinking_level/thinking_budget). - effortSet := false - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - effort := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning.effort", effort) - effortSet = true - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - if effort, ok := thinking.ConvertBudgetToLevel(int(thinkingBudget.Int())); ok { - out, _ = sjson.Set(out, "reasoning.effort", effort) - effortSet = true - } - } - } - } - } - if !effortSet { - // No thinking config, set default effort - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - out, _ = sjson.Set(out, "reasoning.summary", "auto") - out, _ = sjson.Set(out, "stream", true) - out, _ = sjson.Set(out, "store", false) - out, _ = sjson.Set(out, "include", []string{"reasoning.encrypted_content"}) - - var pathsToLower []string - toolsResult := gjson.Get(out, "tools") - util.Walk(toolsResult, "", "type", &pathsToLower) - for _, p := range pathsToLower { - fullPath := fmt.Sprintf("tools.%s", p) - out, _ = sjson.Set(out, fullPath, strings.ToLower(gjson.Get(out, fullPath).String())) - } - - return []byte(out) -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -// buildShortNameMap ensures uniqueness of shortened names within a request. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} diff --git a/internal/translator/codex/gemini/codex_gemini_response.go b/internal/translator/codex/gemini/codex_gemini_response.go deleted file mode 100644 index 82a2187fe6..0000000000 --- a/internal/translator/codex/gemini/codex_gemini_response.go +++ /dev/null @@ -1,312 +0,0 @@ -// Package gemini provides response translation functionality for Codex to Gemini API compatibility. -// This package handles the conversion of Codex API responses into Gemini-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. -package gemini - -import ( - "bytes" - "context" - "fmt" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCodexResponseToGeminiParams holds parameters for response conversion. -type ConvertCodexResponseToGeminiParams struct { - Model string - CreatedAt int64 - ResponseID string - LastStorageOutput string -} - -// ConvertCodexResponseToGemini converts Codex streaming response format to Gemini format. -// This function processes various Codex event types and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// The function maintains state across multiple calls to ensure proper response sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response -func ConvertCodexResponseToGemini(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCodexResponseToGeminiParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - LastStorageOutput: "", - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - rootResult := gjson.ParseBytes(rawJSON) - typeResult := rootResult.Get("type") - typeStr := typeResult.String() - - // Base Gemini response template - template := `{"candidates":[{"content":{"role":"model","parts":[]}}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"gemini-2.5-pro","createTime":"2025-08-15T02:52:03.884209Z","responseId":"06CeaPH7NaCU48APvNXDyA4"}` - if (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput != "" && typeStr == "response.output_item.done" { - template = (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput - } else { - template, _ = sjson.Set(template, "modelVersion", (*param).(*ConvertCodexResponseToGeminiParams).Model) - createdAtResult := rootResult.Get("response.created_at") - if createdAtResult.Exists() { - (*param).(*ConvertCodexResponseToGeminiParams).CreatedAt = createdAtResult.Int() - template, _ = sjson.Set(template, "createTime", time.Unix((*param).(*ConvertCodexResponseToGeminiParams).CreatedAt, 0).Format(time.RFC3339Nano)) - } - template, _ = sjson.Set(template, "responseId", (*param).(*ConvertCodexResponseToGeminiParams).ResponseID) - } - - // Handle function call completion - if typeStr == "response.output_item.done" { - itemResult := rootResult.Get("item") - itemType := itemResult.Get("type").String() - if itemType == "function_call" { - // Create function call part - functionCall := `{"functionCall":{"name":"","args":{}}}` - { - // Restore original tool name if shortened - n := itemResult.Get("name").String() - rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCall, _ = sjson.Set(functionCall, "functionCall.name", n) - } - - // Parse and set arguments - argsStr := itemResult.Get("arguments").String() - if argsStr != "" { - argsResult := gjson.Parse(argsStr) - if argsResult.IsObject() { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsStr) - } - } - - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", functionCall) - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - - (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput = template - - // Use this return to storage message - return []string{} - } - } - - if typeStr == "response.created" { // Handle response creation - set model and response ID - template, _ = sjson.Set(template, "modelVersion", rootResult.Get("response.model").String()) - template, _ = sjson.Set(template, "responseId", rootResult.Get("response.id").String()) - (*param).(*ConvertCodexResponseToGeminiParams).ResponseID = rootResult.Get("response.id").String() - } else if typeStr == "response.reasoning_summary_text.delta" { // Handle reasoning/thinking content delta - part := `{"thought":true,"text":""}` - part, _ = sjson.Set(part, "text", rootResult.Get("delta").String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } else if typeStr == "response.output_text.delta" { // Handle regular text content delta - part := `{"text":""}` - part, _ = sjson.Set(part, "text", rootResult.Get("delta").String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } else if typeStr == "response.completed" { // Handle response completion with usage metadata - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", rootResult.Get("response.usage.input_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", rootResult.Get("response.usage.output_tokens").Int()) - totalTokens := rootResult.Get("response.usage.input_tokens").Int() + rootResult.Get("response.usage.output_tokens").Int() - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens) - } else { - return []string{} - } - - if (*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput != "" { - return []string{(*param).(*ConvertCodexResponseToGeminiParams).LastStorageOutput, template} - } else { - return []string{template} - } - -} - -// ConvertCodexResponseToGeminiNonStream converts a non-streaming Codex response to a non-streaming Gemini response. -// This function processes the complete Codex response and transforms it into a single Gemini-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the Gemini API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - // Base Gemini response template for non-streaming - template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}` - - // Set model version - template, _ = sjson.Set(template, "modelVersion", modelName) - - // Set response metadata from the completed response - responseData := rootResult.Get("response") - if responseData.Exists() { - // Set response ID - if responseId := responseData.Get("id"); responseId.Exists() { - template, _ = sjson.Set(template, "responseId", responseId.String()) - } - - // Set creation time - if createdAt := responseData.Get("created_at"); createdAt.Exists() { - template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano)) - } - - // Set usage metadata - if usage := responseData.Get("usage"); usage.Exists() { - inputTokens := usage.Get("input_tokens").Int() - outputTokens := usage.Get("output_tokens").Int() - totalTokens := inputTokens + outputTokens - - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens) - } - - // Process output content to build parts array - hasToolCall := false - var pendingFunctionCalls []string - - flushPendingFunctionCalls := func() { - if len(pendingFunctionCalls) == 0 { - return - } - // Add all pending function calls as individual parts - // This maintains the original Gemini API format while ensuring consecutive calls are grouped together - for _, fc := range pendingFunctionCalls { - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", fc) - } - pendingFunctionCalls = nil - } - - if output := responseData.Get("output"); output.Exists() && output.IsArray() { - output.ForEach(func(key, value gjson.Result) bool { - itemType := value.Get("type").String() - - switch itemType { - case "reasoning": - // Flush any pending function calls before adding non-function content - flushPendingFunctionCalls() - - // Add thinking content - if content := value.Get("content"); content.Exists() { - part := `{"text":"","thought":true}` - part, _ = sjson.Set(part, "text", content.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } - - case "message": - // Flush any pending function calls before adding non-function content - flushPendingFunctionCalls() - - // Add regular text content - if content := value.Get("content"); content.Exists() && content.IsArray() { - content.ForEach(func(_, contentItem gjson.Result) bool { - if contentItem.Get("type").String() == "output_text" { - if text := contentItem.Get("text"); text.Exists() { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", text.String()) - template, _ = sjson.SetRaw(template, "candidates.0.content.parts.-1", part) - } - } - return true - }) - } - - case "function_call": - // Collect function call for potential merging with consecutive ones - hasToolCall = true - functionCall := `{"functionCall":{"args":{},"name":""}}` - { - n := value.Get("name").String() - rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCall, _ = sjson.Set(functionCall, "functionCall.name", n) - } - - // Parse and set arguments - if argsStr := value.Get("arguments").String(); argsStr != "" { - argsResult := gjson.Parse(argsStr) - if argsResult.IsObject() { - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsStr) - } - } - - pendingFunctionCalls = append(pendingFunctionCalls, functionCall) - } - return true - }) - - // Handle any remaining pending function calls at the end - flushPendingFunctionCalls() - } - - // Set finish reason based on whether there were tool calls - if hasToolCall { - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } else { - template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP") - } - } - return template -} - -// buildReverseMapFromGeminiOriginal builds a map[short]original from original Gemini request tools. -func buildReverseMapFromGeminiOriginal(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if !tools.IsArray() { - return rev - } - var names []string - tarr := tools.Array() - for i := 0; i < len(tarr); i++ { - fns := tarr[i].Get("functionDeclarations") - if !fns.IsArray() { - continue - } - for _, fn := range fns.Array() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - return rev -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/internal/translator/codex/gemini/init.go b/internal/translator/codex/gemini/init.go deleted file mode 100644 index 20b7ddf3c2..0000000000 --- a/internal/translator/codex/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - Codex, - ConvertGeminiRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGemini, - NonStream: ConvertCodexResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/internal/translator/codex/openai/chat-completions/codex_openai_request.go b/internal/translator/codex/openai/chat-completions/codex_openai_request.go deleted file mode 100644 index 9a40ea4af3..0000000000 --- a/internal/translator/codex/openai/chat-completions/codex_openai_request.go +++ /dev/null @@ -1,445 +0,0 @@ -// Package openai provides utilities to translate OpenAI Chat Completions -// request JSON into OpenAI Responses API request JSON using gjson/sjson. -// It supports tools, multimodal text/image inputs, and Structured Outputs. -// The package handles the conversion of OpenAI API requests into the format -// expected by the OpenAI Responses API, including proper mapping of messages, -// tools, and generation parameters. -package chat_completions - -import ( - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIRequestToCodex converts an OpenAI Chat Completions request JSON -// into an OpenAI Responses API request JSON. The transformation follows the -// examples defined in docs/2.md exactly, including tools, multi-turn dialog, -// multimodal text/image handling, and Structured Outputs mapping. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI Chat Completions API -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in OpenAI Responses API format -func ConvertOpenAIRequestToCodex(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Start with empty JSON object - out := `{"instructions":""}` - - // Stream must be set to true - out, _ = sjson.Set(out, "stream", stream) - - // Codex not support temperature, top_p, top_k, max_output_tokens, so comment them - // if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() { - // out, _ = sjson.Set(out, "temperature", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() { - // out, _ = sjson.Set(out, "top_p", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() { - // out, _ = sjson.Set(out, "top_k", v.Value()) - // } - - // Map token limits - // if v := gjson.GetBytes(rawJSON, "max_tokens"); v.Exists() { - // out, _ = sjson.Set(out, "max_output_tokens", v.Value()) - // } - // if v := gjson.GetBytes(rawJSON, "max_completion_tokens"); v.Exists() { - // out, _ = sjson.Set(out, "max_output_tokens", v.Value()) - // } - - // Map reasoning effort (with variant as fallback for Claude-style clients) - if v := gjson.GetBytes(rawJSON, "reasoning_effort"); v.Exists() { - out, _ = sjson.Set(out, "reasoning.effort", v.Value()) - } else if v := gjson.GetBytes(rawJSON, "variant"); v.Exists() { - // variant is used by some clients (e.g., OpenWork) as alternative to reasoning_effort - // Map variant values: high/x-high -> high, medium -> medium, low/minimal -> low - variant := v.String() - switch variant { - case "high", "x-high", "xhigh": - out, _ = sjson.Set(out, "reasoning.effort", "high") - case "low", "minimal": - out, _ = sjson.Set(out, "reasoning.effort", "low") - default: - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - } else { - out, _ = sjson.Set(out, "reasoning.effort", "medium") - } - out, _ = sjson.Set(out, "parallel_tool_calls", true) - out, _ = sjson.Set(out, "reasoning.summary", "auto") - out, _ = sjson.Set(out, "include", []string{"reasoning.encrypted_content"}) - - // Model - out, _ = sjson.Set(out, "model", modelName) - - // Build tool name shortening map from original tools (if any) - originalToolNameMap := map[string]string{} - { - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - // Collect original tool names - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() { - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - } - } - if len(names) > 0 { - originalToolNameMap = buildShortNameMap(names) - } - } - } - - // Extract system instructions from first system message (string or text object) - messages := gjson.GetBytes(rawJSON, "messages") - // if messages.IsArray() { - // arr := messages.Array() - // for i := 0; i < len(arr); i++ { - // m := arr[i] - // if m.Get("role").String() == "system" { - // c := m.Get("content") - // if c.Type == gjson.String { - // out, _ = sjson.Set(out, "instructions", c.String()) - // } else if c.IsObject() && c.Get("type").String() == "text" { - // out, _ = sjson.Set(out, "instructions", c.Get("text").String()) - // } - // break - // } - // } - // } - - // Build input from messages, handling all message types including tool calls - out, _ = sjson.SetRaw(out, "input", `[]`) - if messages.IsArray() { - arr := messages.Array() - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - - switch role { - case "tool": - // Handle tool response messages as top-level function_call_output objects - toolCallID := m.Get("tool_call_id").String() - content := m.Get("content").String() - - // Create function_call_output object - funcOutput := `{}` - funcOutput, _ = sjson.Set(funcOutput, "type", "function_call_output") - funcOutput, _ = sjson.Set(funcOutput, "call_id", toolCallID) - funcOutput, _ = sjson.Set(funcOutput, "output", content) - out, _ = sjson.SetRaw(out, "input.-1", funcOutput) - - default: - // Handle regular messages - msg := `{}` - msg, _ = sjson.Set(msg, "type", "message") - if role == "system" { - msg, _ = sjson.Set(msg, "role", "developer") - } else { - msg, _ = sjson.Set(msg, "role", role) - } - - msg, _ = sjson.SetRaw(msg, "content", `[]`) - - // Handle regular content - c := m.Get("content") - if c.Exists() && c.Type == gjson.String && c.String() != "" { - // Single string content - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", c.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } else if c.Exists() && c.IsArray() { - items := c.Array() - for j := 0; j < len(items); j++ { - it := items[j] - t := it.Get("type").String() - switch t { - case "text": - partType := "input_text" - if role == "assistant" { - partType = "output_text" - } - part := `{}` - part, _ = sjson.Set(part, "type", partType) - part, _ = sjson.Set(part, "text", it.Get("text").String()) - msg, _ = sjson.SetRaw(msg, "content.-1", part) - case "image_url": - // Map image inputs to input_image for Responses API - if role == "user" { - part := `{}` - part, _ = sjson.Set(part, "type", "input_image") - if u := it.Get("image_url.url"); u.Exists() { - part, _ = sjson.Set(part, "image_url", u.String()) - } - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - case "file": - if role == "user" { - fileData := it.Get("file.file_data").String() - filename := it.Get("file.filename").String() - if fileData != "" { - part := `{}` - part, _ = sjson.Set(part, "type", "input_file") - part, _ = sjson.Set(part, "file_data", fileData) - if filename != "" { - part, _ = sjson.Set(part, "filename", filename) - } - msg, _ = sjson.SetRaw(msg, "content.-1", part) - } - } - } - } - } - - out, _ = sjson.SetRaw(out, "input.-1", msg) - - // Handle tool calls for assistant messages as separate top-level objects - if role == "assistant" { - toolCalls := m.Get("tool_calls") - if toolCalls.Exists() && toolCalls.IsArray() { - toolCallsArr := toolCalls.Array() - for j := 0; j < len(toolCallsArr); j++ { - tc := toolCallsArr[j] - if tc.Get("type").String() == "function" { - // Create function_call as top-level object - funcCall := `{}` - funcCall, _ = sjson.Set(funcCall, "type", "function_call") - funcCall, _ = sjson.Set(funcCall, "call_id", tc.Get("id").String()) - { - name := tc.Get("function.name").String() - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - funcCall, _ = sjson.Set(funcCall, "name", name) - } - funcCall, _ = sjson.Set(funcCall, "arguments", tc.Get("function.arguments").String()) - out, _ = sjson.SetRaw(out, "input.-1", funcCall) - } - } - } - } - } - } - } - - // Map response_format and text settings to Responses API text.format - rf := gjson.GetBytes(rawJSON, "response_format") - text := gjson.GetBytes(rawJSON, "text") - if rf.Exists() { - // Always create text object when response_format provided - if !gjson.Get(out, "text").Exists() { - out, _ = sjson.SetRaw(out, "text", `{}`) - } - - rft := rf.Get("type").String() - switch rft { - case "text": - out, _ = sjson.Set(out, "text.format.type", "text") - case "json_schema": - js := rf.Get("json_schema") - if js.Exists() { - out, _ = sjson.Set(out, "text.format.type", "json_schema") - if v := js.Get("name"); v.Exists() { - out, _ = sjson.Set(out, "text.format.name", v.Value()) - } - if v := js.Get("strict"); v.Exists() { - out, _ = sjson.Set(out, "text.format.strict", v.Value()) - } - if v := js.Get("schema"); v.Exists() { - out, _ = sjson.SetRaw(out, "text.format.schema", v.Raw) - } - } - } - - // Map verbosity if provided - if text.Exists() { - if v := text.Get("verbosity"); v.Exists() { - out, _ = sjson.Set(out, "text.verbosity", v.Value()) - } - } - } else if text.Exists() { - // If only text.verbosity present (no response_format), map verbosity - if v := text.Get("verbosity"); v.Exists() { - if !gjson.Get(out, "text").Exists() { - out, _ = sjson.SetRaw(out, "text", `{}`) - } - out, _ = sjson.Set(out, "text.verbosity", v.Value()) - } - } - - // Map tools (flatten function fields) - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", `[]`) - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - toolType := t.Get("type").String() - // Pass through built-in tools (e.g. {"type":"web_search"}) directly for the Responses API. - // Only "function" needs structural conversion because Chat Completions nests details under "function". - if toolType != "" && toolType != "function" && t.IsObject() { - out, _ = sjson.SetRaw(out, "tools.-1", t.Raw) - continue - } - - if toolType == "function" { - item := `{}` - item, _ = sjson.Set(item, "type", "function") - fn := t.Get("function") - if fn.Exists() { - if v := fn.Get("name"); v.Exists() { - name := v.String() - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - item, _ = sjson.Set(item, "name", name) - } - if v := fn.Get("description"); v.Exists() { - item, _ = sjson.Set(item, "description", v.Value()) - } - if v := fn.Get("parameters"); v.Exists() { - item, _ = sjson.SetRaw(item, "parameters", v.Raw) - } - if v := fn.Get("strict"); v.Exists() { - item, _ = sjson.Set(item, "strict", v.Value()) - } - } - out, _ = sjson.SetRaw(out, "tools.-1", item) - } - } - } - - // Map tool_choice when present. - // Chat Completions: "tool_choice" can be a string ("auto"/"none") or an object (e.g. {"type":"function","function":{"name":"..."}}). - // Responses API: keep built-in tool choices as-is; flatten function choice to {"type":"function","name":"..."}. - if tc := gjson.GetBytes(rawJSON, "tool_choice"); tc.Exists() { - switch { - case tc.Type == gjson.String: - out, _ = sjson.Set(out, "tool_choice", tc.String()) - case tc.IsObject(): - tcType := tc.Get("type").String() - if tcType == "function" { - name := tc.Get("function.name").String() - if name != "" { - if short, ok := originalToolNameMap[name]; ok { - name = short - } else { - name = shortenNameIfNeeded(name) - } - } - choice := `{}` - choice, _ = sjson.Set(choice, "type", "function") - if name != "" { - choice, _ = sjson.Set(choice, "name", name) - } - out, _ = sjson.SetRaw(out, "tool_choice", choice) - } else if tcType != "" { - // Built-in tool choices (e.g. {"type":"web_search"}) are already Responses-compatible. - out, _ = sjson.SetRaw(out, "tool_choice", tc.Raw) - } - } - } - - out, _ = sjson.Set(out, "store", false) - return []byte(out) -} - -// shortenNameIfNeeded applies the simple shortening rule for a single name. -// If the name length exceeds 64, it will try to preserve the "mcp__" prefix and last segment. -// Otherwise it truncates to 64 characters. -func shortenNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - if strings.HasPrefix(name, "mcp__") { - // Keep prefix and last segment after '__' - idx := strings.LastIndex(name, "__") - if idx > 0 { - candidate := "mcp__" + name[idx+2:] - if len(candidate) > limit { - return candidate[:limit] - } - return candidate - } - } - return name[:limit] -} - -// buildShortNameMap generates unique short names (<=64) for the given list of names. -// It preserves the "mcp__" prefix with the last segment when possible and ensures uniqueness -// by appending suffixes like "~1", "~2" if needed. -func buildShortNameMap(names []string) map[string]string { - const limit = 64 - used := map[string]struct{}{} - m := map[string]string{} - - baseCandidate := func(n string) string { - if len(n) <= limit { - return n - } - if strings.HasPrefix(n, "mcp__") { - idx := strings.LastIndex(n, "__") - if idx > 0 { - cand := "mcp__" + n[idx+2:] - if len(cand) > limit { - cand = cand[:limit] - } - return cand - } - } - return n[:limit] - } - - makeUnique := func(cand string) string { - if _, ok := used[cand]; !ok { - return cand - } - base := cand - for i := 1; ; i++ { - suffix := "_" + strconv.Itoa(i) - allowed := limit - len(suffix) - if allowed < 0 { - allowed = 0 - } - tmp := base - if len(tmp) > allowed { - tmp = tmp[:allowed] - } - tmp = tmp + suffix - if _, ok := used[tmp]; !ok { - return tmp - } - } - } - - for _, n := range names { - cand := baseCandidate(n) - uniq := makeUnique(cand) - used[uniq] = struct{}{} - m[n] = uniq - } - return m -} diff --git a/internal/translator/codex/openai/chat-completions/codex_openai_response.go b/internal/translator/codex/openai/chat-completions/codex_openai_response.go deleted file mode 100644 index f0e264c8ce..0000000000 --- a/internal/translator/codex/openai/chat-completions/codex_openai_response.go +++ /dev/null @@ -1,402 +0,0 @@ -// Package openai provides response translation functionality for Codex to OpenAI API compatibility. -// This package handles the conversion of Codex API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertCliToOpenAIParams holds parameters for response conversion. -type ConvertCliToOpenAIParams struct { - ResponseID string - CreatedAt int64 - Model string - FunctionCallIndex int - HasReceivedArgumentsDelta bool - HasToolCallAnnounced bool -} - -// ConvertCodexResponseToOpenAI translates a single chunk of a streaming response from the -// Codex API format to the OpenAI Chat Completions streaming format. -// It processes various Codex event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertCodexResponseToOpenAI(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertCliToOpenAIParams{ - Model: modelName, - CreatedAt: 0, - ResponseID: "", - FunctionCallIndex: -1, - HasReceivedArgumentsDelta: false, - HasToolCallAnnounced: false, - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - rootResult := gjson.ParseBytes(rawJSON) - - typeResult := rootResult.Get("type") - dataType := typeResult.String() - if dataType == "response.created" { - (*param).(*ConvertCliToOpenAIParams).ResponseID = rootResult.Get("response.id").String() - (*param).(*ConvertCliToOpenAIParams).CreatedAt = rootResult.Get("response.created_at").Int() - (*param).(*ConvertCliToOpenAIParams).Model = rootResult.Get("response.model").String() - return []string{} - } - - // Extract and set the model version. - if modelResult := gjson.GetBytes(rawJSON, "model"); modelResult.Exists() { - template, _ = sjson.Set(template, "model", modelResult.String()) - } - - template, _ = sjson.Set(template, "created", (*param).(*ConvertCliToOpenAIParams).CreatedAt) - - // Extract and set the response ID. - template, _ = sjson.Set(template, "id", (*param).(*ConvertCliToOpenAIParams).ResponseID) - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usage"); usageResult.Exists() { - if outputTokensResult := usageResult.Get("output_tokens"); outputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokensResult.Int()) - } - if totalTokensResult := usageResult.Get("total_tokens"); totalTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokensResult.Int()) - } - if inputTokensResult := usageResult.Get("input_tokens"); inputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokensResult.Int()) - } - if cachedTokensResult := usageResult.Get("input_tokens_details.cached_tokens"); cachedTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokensResult.Int()) - } - if reasoningTokensResult := usageResult.Get("output_tokens_details.reasoning_tokens"); reasoningTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", reasoningTokensResult.Int()) - } - } - - if dataType == "response.reasoning_summary_text.delta" { - if deltaResult := rootResult.Get("delta"); deltaResult.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", deltaResult.String()) - } - } else if dataType == "response.reasoning_summary_text.done" { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", "\n\n") - } else if dataType == "response.output_text.delta" { - if deltaResult := rootResult.Get("delta"); deltaResult.Exists() { - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.Set(template, "choices.0.delta.content", deltaResult.String()) - } - } else if dataType == "response.completed" { - finishReason := "stop" - if (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex != -1 { - finishReason = "tool_calls" - } - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } else if dataType == "response.output_item.added" { - itemResult := rootResult.Get("item") - if !itemResult.Exists() || itemResult.Get("type").String() != "function_call" { - return []string{} - } - - // Increment index for this new function call item. - (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex++ - (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta = false - (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced = true - - functionCallItemTemplate := `{"index":0,"id":"","type":"function","function":{"name":"","arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", itemResult.Get("call_id").String()) - - // Restore original tool name if it was shortened. - name := itemResult.Get("name").String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", name) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", "") - - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else if dataType == "response.function_call_arguments.delta" { - (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta = true - - deltaValue := rootResult.Get("delta").String() - functionCallItemTemplate := `{"index":0,"function":{"arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", deltaValue) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else if dataType == "response.function_call_arguments.done" { - if (*param).(*ConvertCliToOpenAIParams).HasReceivedArgumentsDelta { - // Arguments were already streamed via delta events; nothing to emit. - return []string{} - } - - // Fallback: no delta events were received, emit the full arguments as a single chunk. - fullArgs := rootResult.Get("arguments").String() - functionCallItemTemplate := `{"index":0,"function":{"arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", fullArgs) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else if dataType == "response.output_item.done" { - itemResult := rootResult.Get("item") - if !itemResult.Exists() || itemResult.Get("type").String() != "function_call" { - return []string{} - } - - if (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced { - // Tool call was already announced via output_item.added; skip emission. - (*param).(*ConvertCliToOpenAIParams).HasToolCallAnnounced = false - return []string{} - } - - // Fallback path: model skipped output_item.added, so emit complete tool call now. - (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex++ - - functionCallItemTemplate := `{"index":0,"id":"","type":"function","function":{"name":"","arguments":""}}` - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "index", (*param).(*ConvertCliToOpenAIParams).FunctionCallIndex) - - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", itemResult.Get("call_id").String()) - - // Restore original tool name if it was shortened. - name := itemResult.Get("name").String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[name]; ok { - name = orig - } - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", name) - - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", itemResult.Get("arguments").String()) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallItemTemplate) - - } else { - return []string{} - } - - return []string{template} -} - -// ConvertCodexResponseToOpenAINonStream converts a non-streaming Codex response to a non-streaming OpenAI response. -// This function processes the complete Codex response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Codex API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertCodexResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - - unixTimestamp := time.Now().Unix() - - responseResult := rootResult.Get("response") - - template := `{"id":"","object":"chat.completion","created":123456,"model":"model","choices":[{"index":0,"message":{"role":"assistant","content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelResult := responseResult.Get("model"); modelResult.Exists() { - template, _ = sjson.Set(template, "model", modelResult.String()) - } - - // Extract and set the creation timestamp. - if createdAtResult := responseResult.Get("created_at"); createdAtResult.Exists() { - template, _ = sjson.Set(template, "created", createdAtResult.Int()) - } else { - template, _ = sjson.Set(template, "created", unixTimestamp) - } - - // Extract and set the response ID. - if idResult := responseResult.Get("id"); idResult.Exists() { - template, _ = sjson.Set(template, "id", idResult.String()) - } - - // Extract and set usage metadata (token counts). - if usageResult := responseResult.Get("usage"); usageResult.Exists() { - if outputTokensResult := usageResult.Get("output_tokens"); outputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", outputTokensResult.Int()) - } - if totalTokensResult := usageResult.Get("total_tokens"); totalTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokensResult.Int()) - } - if inputTokensResult := usageResult.Get("input_tokens"); inputTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens", inputTokensResult.Int()) - } - if cachedTokensResult := usageResult.Get("input_tokens_details.cached_tokens"); cachedTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokensResult.Int()) - } - if reasoningTokensResult := usageResult.Get("output_tokens_details.reasoning_tokens"); reasoningTokensResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", reasoningTokensResult.Int()) - } - } - - // Process the output array for content and function calls - outputResult := responseResult.Get("output") - if outputResult.IsArray() { - outputArray := outputResult.Array() - var contentText string - var reasoningText string - var toolCalls []string - - for _, outputItem := range outputArray { - outputType := outputItem.Get("type").String() - - switch outputType { - case "reasoning": - // Extract reasoning content from summary - if summaryResult := outputItem.Get("summary"); summaryResult.IsArray() { - summaryArray := summaryResult.Array() - for _, summaryItem := range summaryArray { - if summaryItem.Get("type").String() == "summary_text" { - reasoningText = summaryItem.Get("text").String() - break - } - } - } - case "message": - // Extract message content - if contentResult := outputItem.Get("content"); contentResult.IsArray() { - contentArray := contentResult.Array() - for _, contentItem := range contentArray { - if contentItem.Get("type").String() == "output_text" { - contentText = contentItem.Get("text").String() - break - } - } - } - case "function_call": - // Handle function call content - functionCallTemplate := `{"id": "","type": "function","function": {"name": "","arguments": ""}}` - - if callIdResult := outputItem.Get("call_id"); callIdResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", callIdResult.String()) - } - - if nameResult := outputItem.Get("name"); nameResult.Exists() { - n := nameResult.String() - rev := buildReverseMapFromOriginalOpenAI(originalRequestRawJSON) - if orig, ok := rev[n]; ok { - n = orig - } - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", n) - } - - if argsResult := outputItem.Get("arguments"); argsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", argsResult.String()) - } - - toolCalls = append(toolCalls, functionCallTemplate) - } - } - - // Set content and reasoning content if found - if contentText != "" { - template, _ = sjson.Set(template, "choices.0.message.content", contentText) - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - - if reasoningText != "" { - template, _ = sjson.Set(template, "choices.0.message.reasoning_content", reasoningText) - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - - // Add tool calls if any - if len(toolCalls) > 0 { - template, _ = sjson.SetRaw(template, "choices.0.message.tool_calls", `[]`) - for _, toolCall := range toolCalls { - template, _ = sjson.SetRaw(template, "choices.0.message.tool_calls.-1", toolCall) - } - template, _ = sjson.Set(template, "choices.0.message.role", "assistant") - } - } - - // Extract and set the finish reason based on status - if statusResult := responseResult.Get("status"); statusResult.Exists() { - status := statusResult.String() - if status == "completed" { - template, _ = sjson.Set(template, "choices.0.finish_reason", "stop") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "stop") - } - } - - return template -} - -// buildReverseMapFromOriginalOpenAI builds a map of shortened tool name -> original tool name -// from the original OpenAI-style request JSON using the same shortening logic. -func buildReverseMapFromOriginalOpenAI(original []byte) map[string]string { - tools := gjson.GetBytes(original, "tools") - rev := map[string]string{} - if tools.IsArray() && len(tools.Array()) > 0 { - var names []string - arr := tools.Array() - for i := 0; i < len(arr); i++ { - t := arr[i] - if t.Get("type").String() != "function" { - continue - } - fn := t.Get("function") - if !fn.Exists() { - continue - } - if v := fn.Get("name"); v.Exists() { - names = append(names, v.String()) - } - } - if len(names) > 0 { - m := buildShortNameMap(names) - for orig, short := range m { - rev[short] = orig - } - } - } - return rev -} diff --git a/internal/translator/codex/openai/chat-completions/init.go b/internal/translator/codex/openai/chat-completions/init.go deleted file mode 100644 index aeef9f447e..0000000000 --- a/internal/translator/codex/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Codex, - ConvertOpenAIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAI, - NonStream: ConvertCodexResponseToOpenAINonStream, - }, - ) -} diff --git a/internal/translator/codex/openai/responses/codex_openai-responses_request.go b/internal/translator/codex/openai/responses/codex_openai-responses_request.go deleted file mode 100644 index f0407149e0..0000000000 --- a/internal/translator/codex/openai/responses/codex_openai-responses_request.go +++ /dev/null @@ -1,60 +0,0 @@ -package responses - -import ( - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -func ConvertOpenAIResponsesRequestToCodex(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - - inputResult := gjson.GetBytes(rawJSON, "input") - if inputResult.Type == gjson.String { - input, _ := sjson.Set(`[{"type":"message","role":"user","content":[{"type":"input_text","text":""}]}]`, "0.content.0.text", inputResult.String()) - rawJSON, _ = sjson.SetRawBytes(rawJSON, "input", []byte(input)) - } - - rawJSON, _ = sjson.SetBytes(rawJSON, "stream", true) - rawJSON, _ = sjson.SetBytes(rawJSON, "store", false) - rawJSON, _ = sjson.SetBytes(rawJSON, "parallel_tool_calls", true) - rawJSON, _ = sjson.SetBytes(rawJSON, "include", []string{"reasoning.encrypted_content"}) - // Codex Responses rejects token limit fields, so strip them out before forwarding. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_output_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "max_completion_tokens") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "temperature") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "top_p") - rawJSON, _ = sjson.DeleteBytes(rawJSON, "service_tier") - - // Delete the user field as it is not supported by the Codex upstream. - rawJSON, _ = sjson.DeleteBytes(rawJSON, "user") - - // Convert role "system" to "developer" in input array to comply with Codex API requirements. - rawJSON = convertSystemRoleToDeveloper(rawJSON) - - return rawJSON -} - -// convertSystemRoleToDeveloper traverses the input array and converts any message items -// with role "system" to role "developer". This is necessary because Codex API does not -// accept "system" role in the input array. -func convertSystemRoleToDeveloper(rawJSON []byte) []byte { - inputResult := gjson.GetBytes(rawJSON, "input") - if !inputResult.IsArray() { - return rawJSON - } - - inputArray := inputResult.Array() - result := rawJSON - - // Directly modify role values for items with "system" role - for i := 0; i < len(inputArray); i++ { - rolePath := fmt.Sprintf("input.%d.role", i) - if gjson.GetBytes(result, rolePath).String() == "system" { - result, _ = sjson.SetBytes(result, rolePath, "developer") - } - } - - return result -} diff --git a/internal/translator/codex/openai/responses/codex_openai-responses_request_test.go b/internal/translator/codex/openai/responses/codex_openai-responses_request_test.go deleted file mode 100644 index 4f5624869f..0000000000 --- a/internal/translator/codex/openai/responses/codex_openai-responses_request_test.go +++ /dev/null @@ -1,282 +0,0 @@ -package responses - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -// TestConvertSystemRoleToDeveloper_BasicConversion tests the basic system -> developer role conversion -func TestConvertSystemRoleToDeveloper_BasicConversion(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are a pirate."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Say hello."}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that system role was converted to developer - firstItemRole := gjson.Get(outputStr, "input.0.role") - if firstItemRole.String() != "developer" { - t.Errorf("Expected role 'developer', got '%s'", firstItemRole.String()) - } - - // Check that user role remains unchanged - secondItemRole := gjson.Get(outputStr, "input.1.role") - if secondItemRole.String() != "user" { - t.Errorf("Expected role 'user', got '%s'", secondItemRole.String()) - } - - // Check content is preserved - firstItemContent := gjson.Get(outputStr, "input.0.content.0.text") - if firstItemContent.String() != "You are a pirate." { - t.Errorf("Expected content 'You are a pirate.', got '%s'", firstItemContent.String()) - } -} - -// TestConvertSystemRoleToDeveloper_MultipleSystemMessages tests conversion with multiple system messages -func TestConvertSystemRoleToDeveloper_MultipleSystemMessages(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are helpful."}] - }, - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "Be concise."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that both system roles were converted - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected first role 'developer', got '%s'", firstRole.String()) - } - - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "developer" { - t.Errorf("Expected second role 'developer', got '%s'", secondRole.String()) - } - - // Check that user role is unchanged - thirdRole := gjson.Get(outputStr, "input.2.role") - if thirdRole.String() != "user" { - t.Errorf("Expected third role 'user', got '%s'", thirdRole.String()) - } -} - -// TestConvertSystemRoleToDeveloper_NoSystemMessages tests that requests without system messages are unchanged -func TestConvertSystemRoleToDeveloper_NoSystemMessages(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - }, - { - "type": "message", - "role": "assistant", - "content": [{"type": "output_text", "text": "Hi there!"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that user and assistant roles are unchanged - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "user" { - t.Errorf("Expected role 'user', got '%s'", firstRole.String()) - } - - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "assistant" { - t.Errorf("Expected role 'assistant', got '%s'", secondRole.String()) - } -} - -// TestConvertSystemRoleToDeveloper_EmptyInput tests that empty input arrays are handled correctly -func TestConvertSystemRoleToDeveloper_EmptyInput(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that input is still an empty array - inputArray := gjson.Get(outputStr, "input") - if !inputArray.IsArray() { - t.Error("Input should still be an array") - } - if len(inputArray.Array()) != 0 { - t.Errorf("Expected empty array, got %d items", len(inputArray.Array())) - } -} - -// TestConvertSystemRoleToDeveloper_NoInputField tests that requests without input field are unchanged -func TestConvertSystemRoleToDeveloper_NoInputField(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check that other fields are still set correctly - stream := gjson.Get(outputStr, "stream") - if !stream.Bool() { - t.Error("Stream should be set to true by conversion") - } - - store := gjson.Get(outputStr, "store") - if store.Bool() { - t.Error("Store should be set to false by conversion") - } -} - -// TestConvertOpenAIResponsesRequestToCodex_OriginalIssue tests the exact issue reported by the user -func TestConvertOpenAIResponsesRequestToCodex_OriginalIssue(t *testing.T) { - // This is the exact input that was failing with "System messages are not allowed" - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": "You are a pirate. Always respond in pirate speak." - }, - { - "type": "message", - "role": "user", - "content": "Say hello." - } - ], - "stream": false - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Verify system role was converted to developer - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected role 'developer', got '%s'", firstRole.String()) - } - - // Verify stream was set to true (as required by Codex) - stream := gjson.Get(outputStr, "stream") - if !stream.Bool() { - t.Error("Stream should be set to true") - } - - // Verify other required fields for Codex - store := gjson.Get(outputStr, "store") - if store.Bool() { - t.Error("Store should be false") - } - - parallelCalls := gjson.Get(outputStr, "parallel_tool_calls") - if !parallelCalls.Bool() { - t.Error("parallel_tool_calls should be true") - } - - include := gjson.Get(outputStr, "include") - if !include.IsArray() || len(include.Array()) != 1 { - t.Error("include should be an array with one element") - } else if include.Array()[0].String() != "reasoning.encrypted_content" { - t.Errorf("Expected include[0] to be 'reasoning.encrypted_content', got '%s'", include.Array()[0].String()) - } -} - -// TestConvertSystemRoleToDeveloper_AssistantRole tests that assistant role is preserved -func TestConvertSystemRoleToDeveloper_AssistantRole(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "input": [ - { - "type": "message", - "role": "system", - "content": [{"type": "input_text", "text": "You are helpful."}] - }, - { - "type": "message", - "role": "user", - "content": [{"type": "input_text", "text": "Hello"}] - }, - { - "type": "message", - "role": "assistant", - "content": [{"type": "output_text", "text": "Hi!"}] - } - ] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Check system -> developer - firstRole := gjson.Get(outputStr, "input.0.role") - if firstRole.String() != "developer" { - t.Errorf("Expected first role 'developer', got '%s'", firstRole.String()) - } - - // Check user unchanged - secondRole := gjson.Get(outputStr, "input.1.role") - if secondRole.String() != "user" { - t.Errorf("Expected second role 'user', got '%s'", secondRole.String()) - } - - // Check assistant unchanged - thirdRole := gjson.Get(outputStr, "input.2.role") - if thirdRole.String() != "assistant" { - t.Errorf("Expected third role 'assistant', got '%s'", thirdRole.String()) - } -} - -func TestUserFieldDeletion(t *testing.T) { - inputJSON := []byte(`{ - "model": "gpt-5.2", - "user": "test-user", - "input": [{"role": "user", "content": "Hello"}] - }`) - - output := ConvertOpenAIResponsesRequestToCodex("gpt-5.2", inputJSON, false) - outputStr := string(output) - - // Verify user field is deleted - userField := gjson.Get(outputStr, "user") - if userField.Exists() { - t.Errorf("user field should be deleted, but it was found with value: %s", userField.Raw) - } -} diff --git a/internal/translator/codex/openai/responses/codex_openai-responses_response.go b/internal/translator/codex/openai/responses/codex_openai-responses_response.go deleted file mode 100644 index 4287206a99..0000000000 --- a/internal/translator/codex/openai/responses/codex_openai-responses_response.go +++ /dev/null @@ -1,48 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertCodexResponseToOpenAIResponses converts OpenAI Chat Completions streaming chunks -// to OpenAI Responses SSE events (response.*). - -func ConvertCodexResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - if typeResult := gjson.GetBytes(rawJSON, "type"); typeResult.Exists() { - typeStr := typeResult.String() - if typeStr == "response.created" || typeStr == "response.in_progress" || typeStr == "response.completed" { - if gjson.GetBytes(rawJSON, "response.instructions").Exists() { - instructions := gjson.GetBytes(originalRequestRawJSON, "instructions").String() - rawJSON, _ = sjson.SetBytes(rawJSON, "response.instructions", instructions) - } - } - } - out := fmt.Sprintf("data: %s", string(rawJSON)) - return []string{out} - } - return []string{string(rawJSON)} -} - -// ConvertCodexResponseToOpenAIResponsesNonStream builds a single Responses JSON -// from a non-streaming OpenAI Chat Completions response. -func ConvertCodexResponseToOpenAIResponsesNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - rootResult := gjson.ParseBytes(rawJSON) - // Verify this is a response.completed event - if rootResult.Get("type").String() != "response.completed" { - return "" - } - responseResult := rootResult.Get("response") - template := responseResult.Raw - if responseResult.Get("instructions").Exists() { - instructions := gjson.GetBytes(originalRequestRawJSON, "instructions").String() - template, _ = sjson.Set(template, "instructions", instructions) - } - return template -} diff --git a/internal/translator/codex/openai/responses/init.go b/internal/translator/codex/openai/responses/init.go deleted file mode 100644 index df231b6a66..0000000000 --- a/internal/translator/codex/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Codex, - ConvertOpenAIResponsesRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAIResponses, - NonStream: ConvertCodexResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go b/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go deleted file mode 100644 index 849b5caaea..0000000000 --- a/internal/translator/gemini-cli/claude/gemini-cli_claude_request.go +++ /dev/null @@ -1,204 +0,0 @@ -// Package claude provides request translation functionality for Claude Code API compatibility. -// This package handles the conversion of Claude Code API requests into Gemini CLI-compatible -// JSON format, transforming message contents, system instructions, and tool declarations -// into the format expected by Gemini CLI API clients. It performs JSON data transformation -// to ensure compatibility between Claude Code API format and Gemini CLI API's expected format. -package claude - -import ( - "bytes" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIClaudeThoughtSignature = "skip_thought_signature_validator" - -// ConvertClaudeRequestToCLI parses and transforms a Claude Code API request into Gemini CLI API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini CLI API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini CLI API format -// 3. Converts system instructions to the expected format -// 4. Maps message contents with proper role transformations -// 5. Handles tool declarations and tool choices -// 6. Maps generation configuration parameters -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the Claude Code API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertClaudeRequestToCLI(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - rawJSON = bytes.Replace(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`), -1) - - // Build output Gemini CLI request JSON - out := `{"model":"","request":{"contents":[]}}` - out, _ = sjson.Set(out, "model", modelName) - - // system instruction - if systemResult := gjson.GetBytes(rawJSON, "system"); systemResult.IsArray() { - systemInstruction := `{"role":"user","parts":[]}` - hasSystemParts := false - systemResult.ForEach(func(_, systemPromptResult gjson.Result) bool { - if systemPromptResult.Get("type").String() == "text" { - textResult := systemPromptResult.Get("text") - if textResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", textResult.String()) - systemInstruction, _ = sjson.SetRaw(systemInstruction, "parts.-1", part) - hasSystemParts = true - } - } - return true - }) - if hasSystemParts { - out, _ = sjson.SetRaw(out, "request.systemInstruction", systemInstruction) - } - } else if systemResult.Type == gjson.String { - out, _ = sjson.Set(out, "request.systemInstruction.parts.-1.text", systemResult.String()) - } - - // contents - if messagesResult := gjson.GetBytes(rawJSON, "messages"); messagesResult.IsArray() { - messagesResult.ForEach(func(_, messageResult gjson.Result) bool { - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - return true - } - role := roleResult.String() - if role == "assistant" { - role = "model" - } - - contentJSON := `{"role":"","parts":[]}` - contentJSON, _ = sjson.Set(contentJSON, "role", role) - - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentsResult.ForEach(func(_, contentResult gjson.Result) bool { - switch contentResult.Get("type").String() { - case "text": - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentResult.Get("text").String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "tool_use": - functionName := contentResult.Get("name").String() - functionArgs := contentResult.Get("input").String() - argsResult := gjson.Parse(functionArgs) - if argsResult.IsObject() && gjson.Valid(functionArgs) { - part := `{"thoughtSignature":"","functionCall":{"name":"","args":{}}}` - part, _ = sjson.Set(part, "thoughtSignature", geminiCLIClaudeThoughtSignature) - part, _ = sjson.Set(part, "functionCall.name", functionName) - part, _ = sjson.SetRaw(part, "functionCall.args", functionArgs) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - - case "tool_result": - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID == "" { - return true - } - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-1], "-") - } - responseData := contentResult.Get("content").Raw - part := `{"functionResponse":{"name":"","response":{"result":""}}}` - part, _ = sjson.Set(part, "functionResponse.name", funcName) - part, _ = sjson.Set(part, "functionResponse.response.result", responseData) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "image": - source := contentResult.Get("source") - if source.Get("type").String() == "base64" { - mimeType := source.Get("media_type").String() - data := source.Get("data").String() - if mimeType != "" && data != "" { - part := `{"inlineData":{"mime_type":"","data":""}}` - part, _ = sjson.Set(part, "inlineData.mime_type", mimeType) - part, _ = sjson.Set(part, "inlineData.data", data) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - } - } - return true - }) - out, _ = sjson.SetRaw(out, "request.contents.-1", contentJSON) - } else if contentsResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentsResult.String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - out, _ = sjson.SetRaw(out, "request.contents.-1", contentJSON) - } - return true - }) - } - - // tools - if toolsResult := gjson.GetBytes(rawJSON, "tools"); toolsResult.IsArray() { - hasTools := false - toolsResult.ForEach(func(_, toolResult gjson.Result) bool { - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - inputSchema := inputSchemaResult.Raw - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - tool, _ = sjson.Delete(tool, "strict") - tool, _ = sjson.Delete(tool, "input_examples") - tool, _ = sjson.Delete(tool, "type") - tool, _ = sjson.Delete(tool, "cache_control") - if gjson.Valid(tool) && gjson.Parse(tool).IsObject() { - if !hasTools { - out, _ = sjson.SetRaw(out, "request.tools", `[{"functionDeclarations":[]}]`) - hasTools = true - } - out, _ = sjson.SetRaw(out, "request.tools.0.functionDeclarations.-1", tool) - } - } - return true - }) - if !hasTools { - out, _ = sjson.Delete(out, "request.tools") - } - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when type==enabled - if t := gjson.GetBytes(rawJSON, "thinking"); t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "request.generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "request.generationConfig.topK", v.Num) - } - - outBytes := []byte(out) - outBytes = common.AttachDefaultSafetySettings(outBytes, "request.safetySettings") - - return outBytes -} diff --git a/internal/translator/gemini-cli/claude/gemini-cli_claude_response.go b/internal/translator/gemini-cli/claude/gemini-cli_claude_response.go deleted file mode 100644 index 1126f1ee4a..0000000000 --- a/internal/translator/gemini-cli/claude/gemini-cli_claude_response.go +++ /dev/null @@ -1,378 +0,0 @@ -// Package claude provides response translation functionality for Claude Code API compatibility. -// This package handles the conversion of backend client responses into Claude Code-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion and maintains state across streaming chunks. -// This structure tracks the current state of the response translation process to ensure -// proper sequencing of SSE events and transitions between different content types. -type Params struct { - HasFirstResponse bool // Indicates if the initial message_start event has been sent - ResponseType int // Current response type: 0=none, 1=content, 2=thinking, 3=function - ResponseIndex int // Index counter for content blocks in the streaming response - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertGeminiCLIResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude Code-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing a Claude Code-compatible JSON response -func ConvertGeminiCLIResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // Only send message_stop if we have actually output content - if (*param).(*Params).HasContent { - return []string{ - "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - // Track whether tools are being used in this response chunk - usedTool := false - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk to establish the streaming session - if !(*param).(*Params).HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values according to Claude Code API specification - // This follows the Claude Code API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Override default values with actual response metadata if available from the Gemini CLI response - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - (*param).(*Params).HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - // Continue existing thinking block if already in thinking state - if (*param).(*Params).ResponseType == 2 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 2 // Set state to thinking - (*param).(*Params).HasContent = true - } - } else { - // Process regular text content (user-visible output) - // Continue existing text block if already in content state - if (*param).(*Params).ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 1 // Set state to content - (*param).(*Params).HasContent = true - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude Code API compatibility - usedTool = true - fcName := functionCallResult.Get("name").String() - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if (*param).(*Params).ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - (*param).(*Params).ResponseType = 0 - } - - // Special handling for thinking state transition - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - - // Close any other existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude Code format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, (*param).(*Params).ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - (*param).(*Params).ResponseType = 3 - (*param).(*Params).HasContent = true - } - } - } - - usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata") - // Process usage metadata and finish reason when present in the response - if usageResult.Exists() && bytes.Contains(rawJSON, []byte(`"finishReason"`)) { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - // Only send final events if we have actually output content - if (*param).(*Params).HasContent { - // Close the final content block - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - - // Send the final message delta with usage information and stop reason - output = output + "event: message_delta\n" - output = output + `data: ` - - // Create the message delta template with appropriate stop reason - template := `{"type":"message_delta","delta":{"stop_reason":"end_turn","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - // Set tool_use stop reason if tools were used in this response - if usedTool { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } else if finish := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finish.Exists() && finish.String() == "MAX_TOKENS" { - template = `{"type":"message_delta","delta":{"stop_reason":"max_tokens","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } - - // Include thinking tokens in output token count if present - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.output_tokens", candidatesTokenCountResult.Int()+thoughtsTokenCount) - template, _ = sjson.Set(template, "usage.input_tokens", usageResult.Get("promptTokenCount").Int()) - - output = output + template + "\n\n\n" - } - } - } - - return []string{output} -} - -// ConvertGeminiCLIResponseToClaudeNonStream converts a non-streaming Gemini CLI response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini CLI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertGeminiCLIResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("response.responseId").String()) - out, _ = sjson.Set(out, "model", root.Get("response.modelVersion").String()) - - inputTokens := root.Get("response.usageMetadata.promptTokenCount").Int() - outputTokens := root.Get("response.usageMetadata.candidatesTokenCount").Int() + root.Get("response.usageMetadata.thoughtsTokenCount").Int() - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - - parts := root.Get("response.candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - thinkingBuilder.Reset() - } - - if parts.IsArray() { - for _, part := range parts.Array() { - if text := part.Get("text"); text.Exists() && text.String() != "" { - if part.Get("thought").Bool() { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if args := functionCall.Get("args"); args.Exists() && gjson.Valid(args.Raw) && args.IsObject() { - inputRaw = args.Raw - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("response.candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - out, _ = sjson.Set(out, "stop_reason", stopReason) - - if inputTokens == int64(0) && outputTokens == int64(0) && !root.Get("response.usageMetadata").Exists() { - out, _ = sjson.Delete(out, "usage") - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/internal/translator/gemini-cli/claude/init.go b/internal/translator/gemini-cli/claude/init.go deleted file mode 100644 index bca08370d4..0000000000 --- a/internal/translator/gemini-cli/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - GeminiCLI, - ConvertClaudeRequestToCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToClaude, - NonStream: ConvertGeminiCLIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go b/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go deleted file mode 100644 index 3553438304..0000000000 --- a/internal/translator/gemini-cli/gemini/gemini-cli_gemini_request.go +++ /dev/null @@ -1,268 +0,0 @@ -// Package gemini provides request translation functionality for Gemini CLI to Gemini API compatibility. -// It handles parsing and transforming Gemini CLI API requests into Gemini API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini CLI API format and Gemini API's expected format. -package gemini - -import ( - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToGeminiCLI parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the model information from the request -// 2. Restructures the JSON to match Gemini API format -// 3. Converts system instructions to the expected format -// 4. Fixes CLI tool response format and grouping -// -// Parameters: -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertGeminiRequestToGeminiCLI(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - template := "" - template = `{"project":"","request":{},"model":""}` - template, _ = sjson.SetRaw(template, "request", string(rawJSON)) - template, _ = sjson.Set(template, "model", gjson.Get(template, "request.model").String()) - template, _ = sjson.Delete(template, "request.model") - - template, errFixCLIToolResponse := fixCLIToolResponse(template) - if errFixCLIToolResponse != nil { - return []byte{} - } - - systemInstructionResult := gjson.Get(template, "request.system_instruction") - if systemInstructionResult.Exists() { - template, _ = sjson.SetRaw(template, "request.systemInstruction", systemInstructionResult.Raw) - template, _ = sjson.Delete(template, "request.system_instruction") - } - rawJSON = []byte(template) - - // Normalize roles in request.contents: default to valid values if missing/invalid - contents := gjson.GetBytes(rawJSON, "request.contents") - if contents.Exists() { - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - if prevRole == "" { - newRole = "user" - } else if prevRole == "user" { - newRole = "model" - } else { - newRole = "user" - } - path := fmt.Sprintf("request.contents.%d.role", idx) - rawJSON, _ = sjson.SetBytes(rawJSON, path, newRole) - role = newRole - } - prevRole = role - idx++ - return true - }) - } - - toolsResult := gjson.GetBytes(rawJSON, "request.tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("request.tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("request.tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - gjson.GetBytes(rawJSON, "request.contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("request.contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - return common.AttachDefaultSafetySettings(rawJSON, "request.safetySettings") -} - -// FunctionCallGroup represents a group of function calls and their responses -type FunctionCallGroup struct { - ResponsesNeeded int -} - -// fixCLIToolResponse performs sophisticated tool response format conversion and grouping. -// This function transforms the CLI tool response format by intelligently grouping function calls -// with their corresponding responses, ensuring proper conversation flow and API compatibility. -// It converts from a linear format (1.json) to a grouped format (2.json) where function calls -// and their responses are properly associated and structured. -// -// Parameters: -// - input: The input JSON string to be processed -// -// Returns: -// - string: The processed JSON string with grouped function calls and responses -// - error: An error if the processing fails -func fixCLIToolResponse(input string) (string, error) { - // Parse the input JSON to extract the conversation structure - parsed := gjson.Parse(input) - - // Extract the contents array which contains the conversation messages - contents := parsed.Get("request.contents") - if !contents.Exists() { - // log.Debugf(input) - return input, fmt.Errorf("contents not found in input") - } - - // Initialize data structures for processing and grouping - contentsWrapper := `{"contents":[]}` - var pendingGroups []*FunctionCallGroup // Groups awaiting completion with responses - var collectedResponses []gjson.Result // Standalone responses to be matched - - // Process each content object in the conversation - // This iterates through messages and groups function calls with their responses - contents.ForEach(func(key, value gjson.Result) bool { - role := value.Get("role").String() - parts := value.Get("parts") - - // Check if this content has function responses - var responsePartsInThisContent []gjson.Result - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionResponse").Exists() { - responsePartsInThisContent = append(responsePartsInThisContent, part) - } - return true - }) - - // If this content has function responses, collect them - if len(responsePartsInThisContent) > 0 { - collectedResponses = append(collectedResponses, responsePartsInThisContent...) - - // Check if any pending groups can be satisfied - for i := len(pendingGroups) - 1; i >= 0; i-- { - group := pendingGroups[i] - if len(collectedResponses) >= group.ResponsesNeeded { - // Take the needed responses for this group - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - // Create merged function response content - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - if !response.IsObject() { - log.Warnf("failed to parse function response") - continue - } - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", response.Raw) - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - - // Remove this group as it's been satisfied - pendingGroups = append(pendingGroups[:i], pendingGroups[i+1:]...) - break - } - } - - return true // Skip adding this content, responses are merged - } - - // If this is a model with function calls, create a new group - if role == "model" { - functionCallsCount := 0 - parts.ForEach(func(_, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - functionCallsCount++ - } - return true - }) - - if functionCallsCount > 0 { - // Add the model content - if !value.IsObject() { - log.Warnf("failed to parse model content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - - // Create a new group for tracking responses - group := &FunctionCallGroup{ - ResponsesNeeded: functionCallsCount, - } - pendingGroups = append(pendingGroups, group) - } else { - // Regular model content without function calls - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - } else { - // Non-model content (user, etc.) - if !value.IsObject() { - log.Warnf("failed to parse content") - return true - } - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", value.Raw) - } - - return true - }) - - // Handle any remaining pending groups with remaining responses - for _, group := range pendingGroups { - if len(collectedResponses) >= group.ResponsesNeeded { - groupResponses := collectedResponses[:group.ResponsesNeeded] - collectedResponses = collectedResponses[group.ResponsesNeeded:] - - functionResponseContent := `{"parts":[],"role":"function"}` - for _, response := range groupResponses { - if !response.IsObject() { - log.Warnf("failed to parse function response") - continue - } - functionResponseContent, _ = sjson.SetRaw(functionResponseContent, "parts.-1", response.Raw) - } - - if gjson.Get(functionResponseContent, "parts.#").Int() > 0 { - contentsWrapper, _ = sjson.SetRaw(contentsWrapper, "contents.-1", functionResponseContent) - } - } - } - - // Update the original JSON with the new contents - result := input - result, _ = sjson.SetRaw(result, "request.contents", gjson.Get(contentsWrapper, "contents").Raw) - - return result, nil -} diff --git a/internal/translator/gemini-cli/gemini/gemini-cli_gemini_response.go b/internal/translator/gemini-cli/gemini/gemini-cli_gemini_response.go deleted file mode 100644 index 0ae931f112..0000000000 --- a/internal/translator/gemini-cli/gemini/gemini-cli_gemini_response.go +++ /dev/null @@ -1,86 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to Gemini CLI API compatibility. -// It handles parsing and transforming Gemini API requests into Gemini CLI API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and Gemini CLI API's expected format. -package gemini - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCliResponseToGemini parses and transforms a Gemini CLI API request into Gemini API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the Gemini API. -// The function performs the following transformations: -// 1. Extracts the response data from the request -// 2. Handles alternative response formats -// 3. Processes array responses by extracting individual response objects -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model to use for the request (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - []string: The transformed request data in Gemini API format -func ConvertGeminiCliResponseToGemini(ctx context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if alt, ok := ctx.Value("alt").(string); ok { - var chunk []byte - if alt == "" { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - chunk = []byte(responseResult.Raw) - } - } else { - chunkTemplate := "[]" - responseResult := gjson.ParseBytes(chunk) - if responseResult.IsArray() { - responseResultItems := responseResult.Array() - for i := 0; i < len(responseResultItems); i++ { - responseResultItem := responseResultItems[i] - if responseResultItem.Get("response").Exists() { - chunkTemplate, _ = sjson.SetRaw(chunkTemplate, "-1", responseResultItem.Get("response").Raw) - } - } - } - chunk = []byte(chunkTemplate) - } - return []string{string(chunk)} - } - return []string{} -} - -// ConvertGeminiCliResponseToGeminiNonStream converts a non-streaming Gemini CLI request to a non-streaming Gemini response. -// This function processes the complete Gemini CLI request and transforms it into a single Gemini-compatible -// JSON response. It extracts the response data from the request and returns it in the expected format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON request data from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: A Gemini-compatible JSON response containing the response data -func ConvertGeminiCliResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return responseResult.Raw - } - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/internal/translator/gemini-cli/gemini/init.go b/internal/translator/gemini-cli/gemini/init.go deleted file mode 100644 index bd13ad7833..0000000000 --- a/internal/translator/gemini-cli/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - GeminiCLI, - ConvertGeminiRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCliResponseToGemini, - NonStream: ConvertGeminiCliResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go b/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go deleted file mode 100644 index 2001dbe179..0000000000 --- a/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_request.go +++ /dev/null @@ -1,395 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiCLIFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToGeminiCLI converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToGeminiCLI(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"project":"","request":{"contents":[]},"model":"gemini-2.5-pro"}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini CLI thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "request.generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "request.generationConfig.topK", tkr.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "request.generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini CLI request.generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "request.generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into request.generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.generationConfig.imageConfig.imageSize", size.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> request.systemInstruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "request.systemInstruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("request.systemInstruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", item.Get("text").String()) - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } else if role == "assistant" { - p := 0 - node := []byte(`{"role":"model","parts":[]}`) - if content.Type == gjson.String { - // Assistant text -> single model content - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", item.Get("text").String()) - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiCLIFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(resp)) - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", toolNode) - } - } else { - out, _ = sjson.SetRawBytes(out, "request.contents.-1", node) - } - } - } - } - - // tools -> request.tools[].functionDeclarations + request.tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(gs.Raw)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "request.tools", toolsNode) - } - } - - return common.AttachDefaultSafetySettings(out, "request.safetySettings") -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } diff --git a/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go b/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go deleted file mode 100644 index 6863617e4b..0000000000 --- a/internal/translator/gemini-cli/openai/chat-completions/gemini-cli_openai_response.go +++ /dev/null @@ -1,235 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/chat-completions" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertCliResponseToOpenAIChatParams holds parameters for response conversion. -type convertCliResponseToOpenAIChatParams struct { - UnixTimestamp int64 - FunctionIndex int -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertCliResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertCliResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &convertCliResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE template. - template := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "response.modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "response.createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } else { - template, _ = sjson.Set(template, "created", (*param).(*convertCliResponseToOpenAIChatParams).UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "response.responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - finishReason := "" - if stopReasonResult := gjson.GetBytes(rawJSON, "response.stop_reason"); stopReasonResult.Exists() { - finishReason = stopReasonResult.String() - } - if finishReason == "" { - if finishReasonResult := gjson.GetBytes(rawJSON, "response.candidates.0.finishReason"); finishReasonResult.Exists() { - finishReason = finishReasonResult.String() - } - } - finishReason = strings.ToLower(finishReason) - - // Extract and set usage metadata (token counts). - if usageResult := gjson.GetBytes(rawJSON, "response.usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini-cli openai response: failed to set cached_tokens: %v", err) - } - } - } - - // Process the main content part of the response. - partsResult := gjson.GetBytes(rawJSON, "response.candidates.0.content.parts") - hasFunctionCall := false - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Ignore encrypted thoughtSignature but keep any actual content in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - textContent := partTextResult.String() - - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", textContent) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", textContent) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - hasFunctionCall = true - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - functionCallIndex := (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex - (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex++ - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - if hasFunctionCall { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else if finishReason != "" && (*param).(*convertCliResponseToOpenAIChatParams).FunctionIndex == 0 { - // Only pass through specific finish reasons - if finishReason == "max_tokens" || finishReason == "stop" { - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } - } - - return []string{template} -} - -// ConvertCliResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertCliResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - return ConvertGeminiResponseToOpenAINonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, []byte(responseResult.Raw), param) - } - return "" -} diff --git a/internal/translator/gemini-cli/openai/chat-completions/init.go b/internal/translator/gemini-cli/openai/chat-completions/init.go deleted file mode 100644 index db87bff123..0000000000 --- a/internal/translator/gemini-cli/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - GeminiCLI, - ConvertOpenAIRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertCliResponseToOpenAI, - NonStream: ConvertCliResponseToOpenAINonStream, - }, - ) -} diff --git a/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go b/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go deleted file mode 100644 index 327880b6b6..0000000000 --- a/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_request.go +++ /dev/null @@ -1,12 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini-cli/gemini" - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/responses" -) - -func ConvertOpenAIResponsesRequestToGeminiCLI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = ConvertOpenAIResponsesRequestToGemini(modelName, rawJSON, stream) - return ConvertGeminiRequestToGeminiCLI(modelName, rawJSON, stream) -} diff --git a/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go b/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go deleted file mode 100644 index f990ad728b..0000000000 --- a/internal/translator/gemini-cli/openai/responses/gemini-cli_openai-responses_response.go +++ /dev/null @@ -1,35 +0,0 @@ -package responses - -import ( - "context" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/responses" - "github.com/tidwall/gjson" -) - -func ConvertGeminiCLIResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - return ConvertGeminiResponseToOpenAIResponses(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -func ConvertGeminiCLIResponseToOpenAIResponsesNonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - responseResult := gjson.GetBytes(rawJSON, "response") - if responseResult.Exists() { - rawJSON = []byte(responseResult.Raw) - } - - requestResult := gjson.GetBytes(originalRequestRawJSON, "request") - if responseResult.Exists() { - originalRequestRawJSON = []byte(requestResult.Raw) - } - - requestResult = gjson.GetBytes(requestRawJSON, "request") - if responseResult.Exists() { - requestRawJSON = []byte(requestResult.Raw) - } - - return ConvertGeminiResponseToOpenAIResponsesNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/internal/translator/gemini-cli/openai/responses/init.go b/internal/translator/gemini-cli/openai/responses/init.go deleted file mode 100644 index cdbaeb5f55..0000000000 --- a/internal/translator/gemini-cli/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - GeminiCLI, - ConvertOpenAIResponsesRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToOpenAIResponses, - NonStream: ConvertGeminiCLIResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/internal/translator/gemini/claude/gemini_claude_request.go b/internal/translator/gemini/claude/gemini_claude_request.go deleted file mode 100644 index aaee7590a0..0000000000 --- a/internal/translator/gemini/claude/gemini_claude_request.go +++ /dev/null @@ -1,185 +0,0 @@ -// Package claude provides request translation functionality for Claude API. -// It handles parsing and transforming Claude API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude API format and the internal client's expected format. -package claude - -import ( - "bytes" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiClaudeThoughtSignature = "skip_thought_signature_validator" - -// ConvertClaudeRequestToGemini parses a Claude API request and returns a complete -// Gemini CLI request body (as JSON bytes) ready to be sent via SendRawMessageStream. -// All JSON transformations are performed using gjson/sjson. -// -// Parameters: -// - modelName: The name of the model. -// - rawJSON: The raw JSON request from the Claude API. -// - stream: A boolean indicating if the request is for a streaming response. -// -// Returns: -// - []byte: The transformed request in Gemini CLI format. -func ConvertClaudeRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - rawJSON = bytes.Replace(rawJSON, []byte(`"url":{"type":"string","format":"uri",`), []byte(`"url":{"type":"string",`), -1) - - // Build output Gemini CLI request JSON - out := `{"contents":[]}` - out, _ = sjson.Set(out, "model", modelName) - - // system instruction - if systemResult := gjson.GetBytes(rawJSON, "system"); systemResult.IsArray() { - systemInstruction := `{"role":"user","parts":[]}` - hasSystemParts := false - systemResult.ForEach(func(_, systemPromptResult gjson.Result) bool { - if systemPromptResult.Get("type").String() == "text" { - textResult := systemPromptResult.Get("text") - if textResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", textResult.String()) - systemInstruction, _ = sjson.SetRaw(systemInstruction, "parts.-1", part) - hasSystemParts = true - } - } - return true - }) - if hasSystemParts { - out, _ = sjson.SetRaw(out, "system_instruction", systemInstruction) - } - } else if systemResult.Type == gjson.String { - out, _ = sjson.Set(out, "system_instruction.parts.-1.text", systemResult.String()) - } - - // contents - if messagesResult := gjson.GetBytes(rawJSON, "messages"); messagesResult.IsArray() { - messagesResult.ForEach(func(_, messageResult gjson.Result) bool { - roleResult := messageResult.Get("role") - if roleResult.Type != gjson.String { - return true - } - role := roleResult.String() - if role == "assistant" { - role = "model" - } - - contentJSON := `{"role":"","parts":[]}` - contentJSON, _ = sjson.Set(contentJSON, "role", role) - - contentsResult := messageResult.Get("content") - if contentsResult.IsArray() { - contentsResult.ForEach(func(_, contentResult gjson.Result) bool { - switch contentResult.Get("type").String() { - case "text": - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentResult.Get("text").String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - - case "tool_use": - functionName := contentResult.Get("name").String() - functionArgs := contentResult.Get("input").String() - argsResult := gjson.Parse(functionArgs) - if argsResult.IsObject() && gjson.Valid(functionArgs) { - part := `{"thoughtSignature":"","functionCall":{"name":"","args":{}}}` - part, _ = sjson.Set(part, "thoughtSignature", geminiClaudeThoughtSignature) - part, _ = sjson.Set(part, "functionCall.name", functionName) - part, _ = sjson.SetRaw(part, "functionCall.args", functionArgs) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - - case "tool_result": - toolCallID := contentResult.Get("tool_use_id").String() - if toolCallID == "" { - return true - } - funcName := toolCallID - toolCallIDs := strings.Split(toolCallID, "-") - if len(toolCallIDs) > 1 { - funcName = strings.Join(toolCallIDs[0:len(toolCallIDs)-1], "-") - } - responseData := contentResult.Get("content").Raw - part := `{"functionResponse":{"name":"","response":{"result":""}}}` - part, _ = sjson.Set(part, "functionResponse.name", funcName) - part, _ = sjson.Set(part, "functionResponse.response.result", responseData) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - } - return true - }) - out, _ = sjson.SetRaw(out, "contents.-1", contentJSON) - } else if contentsResult.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentsResult.String()) - contentJSON, _ = sjson.SetRaw(contentJSON, "parts.-1", part) - out, _ = sjson.SetRaw(out, "contents.-1", contentJSON) - } - return true - }) - } - - // tools - if toolsResult := gjson.GetBytes(rawJSON, "tools"); toolsResult.IsArray() { - hasTools := false - toolsResult.ForEach(func(_, toolResult gjson.Result) bool { - inputSchemaResult := toolResult.Get("input_schema") - if inputSchemaResult.Exists() && inputSchemaResult.IsObject() { - inputSchema := inputSchemaResult.Raw - tool, _ := sjson.Delete(toolResult.Raw, "input_schema") - tool, _ = sjson.SetRaw(tool, "parametersJsonSchema", inputSchema) - tool, _ = sjson.Delete(tool, "strict") - tool, _ = sjson.Delete(tool, "input_examples") - tool, _ = sjson.Delete(tool, "type") - tool, _ = sjson.Delete(tool, "cache_control") - if gjson.Valid(tool) && gjson.Parse(tool).IsObject() { - if !hasTools { - out, _ = sjson.SetRaw(out, "tools", `[{"functionDeclarations":[]}]`) - hasTools = true - } - out, _ = sjson.SetRaw(out, "tools.0.functionDeclarations.-1", tool) - } - } - return true - }) - if !hasTools { - out, _ = sjson.Delete(out, "tools") - } - } - - // Map Anthropic thinking -> Gemini thinkingBudget/include_thoughts when enabled - // Translator only does format conversion, ApplyThinking handles model capability validation. - if t := gjson.GetBytes(rawJSON, "thinking"); t.Exists() && t.IsObject() { - switch t.Get("type").String() { - case "enabled": - if b := t.Get("budget_tokens"); b.Exists() && b.Type == gjson.Number { - budget := int(b.Int()) - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingBudget", budget) - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.includeThoughts", true) - } - case "adaptive": - // Keep adaptive as a high level sentinel; ApplyThinking resolves it - // to model-specific max capability. - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.thinkingLevel", "high") - out, _ = sjson.Set(out, "generationConfig.thinkingConfig.includeThoughts", true) - } - } - if v := gjson.GetBytes(rawJSON, "temperature"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.temperature", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_p"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.topP", v.Num) - } - if v := gjson.GetBytes(rawJSON, "top_k"); v.Exists() && v.Type == gjson.Number { - out, _ = sjson.Set(out, "generationConfig.topK", v.Num) - } - - result := []byte(out) - result = common.AttachDefaultSafetySettings(result, "safetySettings") - - return result -} diff --git a/internal/translator/gemini/claude/gemini_claude_response.go b/internal/translator/gemini/claude/gemini_claude_response.go deleted file mode 100644 index cfc06921d3..0000000000 --- a/internal/translator/gemini/claude/gemini_claude_response.go +++ /dev/null @@ -1,384 +0,0 @@ -// Package claude provides response translation functionality for Claude API. -// This package handles the conversion of backend client responses into Claude-compatible -// Server-Sent Events (SSE) format, implementing a sophisticated state machine that manages -// different response types including text content, thinking processes, and function calls. -// The translation ensures proper sequencing of SSE events and maintains state across -// multiple response chunks to provide a seamless streaming experience. -package claude - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Params holds parameters for response conversion. -type Params struct { - IsGlAPIKey bool - HasFirstResponse bool - ResponseType int - ResponseIndex int - HasContent bool // Tracks whether any content (text, thinking, or tool use) has been output -} - -// toolUseIDCounter provides a process-wide unique counter for tool use identifiers. -var toolUseIDCounter uint64 - -// ConvertGeminiResponseToClaude performs sophisticated streaming response format conversion. -// This function implements a complex state machine that translates backend client responses -// into Claude-compatible Server-Sent Events (SSE) format. It manages different response types -// and handles state transitions between content blocks, thinking processes, and function calls. -// -// Response type states: 0=none, 1=content, 2=thinking, 3=function -// The function maintains state across multiple calls to ensure proper SSE event sequencing. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Claude-compatible JSON response. -func ConvertGeminiResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &Params{ - IsGlAPIKey: false, - HasFirstResponse: false, - ResponseType: 0, - ResponseIndex: 0, - } - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - // Only send message_stop if we have actually output content - if (*param).(*Params).HasContent { - return []string{ - "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n\n", - } - } - return []string{} - } - - // Track whether tools are being used in this response chunk - usedTool := false - output := "" - - // Initialize the streaming session with a message_start event - // This is only sent for the very first response chunk - if !(*param).(*Params).HasFirstResponse { - output = "event: message_start\n" - - // Create the initial message structure with default values - // This follows the Claude API specification for streaming message initialization - messageStartTemplate := `{"type": "message_start", "message": {"id": "msg_1nZdL29xx5MUA1yADyHTEsnR8uuvGzszyY", "type": "message", "role": "assistant", "content": [], "model": "claude-3-5-sonnet-20241022", "stop_reason": null, "stop_sequence": null, "usage": {"input_tokens": 0, "output_tokens": 0}}}` - - // Override default values with actual response metadata if available - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.model", modelVersionResult.String()) - } - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - messageStartTemplate, _ = sjson.Set(messageStartTemplate, "message.id", responseIDResult.String()) - } - output = output + fmt.Sprintf("data: %s\n\n\n", messageStartTemplate) - - (*param).(*Params).HasFirstResponse = true - } - - // Process the response parts array from the backend client - // Each part can contain text content, thinking content, or function calls - partsResult := gjson.GetBytes(rawJSON, "candidates.0.content.parts") - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - - // Extract the different types of content from each part - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - - // Handle text content (both regular content and thinking) - if partTextResult.Exists() { - // Process thinking content (internal reasoning) - if partResult.Get("thought").Bool() { - // Continue existing thinking block - if (*param).(*Params).ResponseType == 2 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to thinking - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new thinking content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"thinking","thinking":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"thinking_delta","thinking":""}}`, (*param).(*Params).ResponseIndex), "delta.thinking", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 2 // Set state to thinking - (*param).(*Params).HasContent = true - } - } else { - // Process regular text content (user-visible output) - // Continue existing text block - if (*param).(*Params).ResponseType == 1 { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).HasContent = true - } else { - // Transition from another state to text content - // First, close any existing content block - if (*param).(*Params).ResponseType != 0 { - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new text content block - output = output + "event: content_block_start\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_start","index":%d,"content_block":{"type":"text","text":""}}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"text_delta","text":""}}`, (*param).(*Params).ResponseIndex), "delta.text", partTextResult.String()) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - (*param).(*Params).ResponseType = 1 // Set state to content - (*param).(*Params).HasContent = true - } - } - } else if functionCallResult.Exists() { - // Handle function/tool calls from the AI model - // This processes tool usage requests and formats them for Claude API compatibility - usedTool = true - fcName := functionCallResult.Get("name").String() - - // FIX: Handle streaming split/delta where name might be empty in subsequent chunks. - // If we are already in tool use mode and name is empty, treat as continuation (delta). - if (*param).(*Params).ResponseType == 3 && fcName == "" { - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ := sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - // Continue to next part without closing/opening logic - continue - } - - // Handle state transitions when switching to function calls - // Close any existing function call block first - if (*param).(*Params).ResponseType == 3 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - (*param).(*Params).ResponseType = 0 - } - - // Special handling for thinking state transition - if (*param).(*Params).ResponseType == 2 { - // output = output + "event: content_block_delta\n" - // output = output + fmt.Sprintf(`data: {"type":"content_block_delta","index":%d,"delta":{"type":"signature_delta","signature":null}}`, (*param).(*Params).ResponseIndex) - // output = output + "\n\n\n" - } - - // Close any other existing content block - if (*param).(*Params).ResponseType != 0 { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - (*param).(*Params).ResponseIndex++ - } - - // Start a new tool use content block - // This creates the structure for a function call in Claude format - output = output + "event: content_block_start\n" - - // Create the tool use block with unique ID and function details - data := fmt.Sprintf(`{"type":"content_block_start","index":%d,"content_block":{"type":"tool_use","id":"","name":"","input":{}}}`, (*param).(*Params).ResponseIndex) - data, _ = sjson.Set(data, "content_block.id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&toolUseIDCounter, 1))) - data, _ = sjson.Set(data, "content_block.name", fcName) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - output = output + "event: content_block_delta\n" - data, _ = sjson.Set(fmt.Sprintf(`{"type":"content_block_delta","index":%d,"delta":{"type":"input_json_delta","partial_json":""}}`, (*param).(*Params).ResponseIndex), "delta.partial_json", fcArgsResult.Raw) - output = output + fmt.Sprintf("data: %s\n\n\n", data) - } - (*param).(*Params).ResponseType = 3 - (*param).(*Params).HasContent = true - } - } - } - - usageResult := gjson.GetBytes(rawJSON, "usageMetadata") - if usageResult.Exists() && bytes.Contains(rawJSON, []byte(`"finishReason"`)) { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - // Only send final events if we have actually output content - if (*param).(*Params).HasContent { - output = output + "event: content_block_stop\n" - output = output + fmt.Sprintf(`data: {"type":"content_block_stop","index":%d}`, (*param).(*Params).ResponseIndex) - output = output + "\n\n\n" - - output = output + "event: message_delta\n" - output = output + `data: ` - - template := `{"type":"message_delta","delta":{"stop_reason":"end_turn","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - if usedTool { - template = `{"type":"message_delta","delta":{"stop_reason":"tool_use","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } else if finish := gjson.GetBytes(rawJSON, "candidates.0.finishReason"); finish.Exists() && finish.String() == "MAX_TOKENS" { - template = `{"type":"message_delta","delta":{"stop_reason":"max_tokens","stop_sequence":null},"usage":{"input_tokens":0,"output_tokens":0}}` - } - - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - template, _ = sjson.Set(template, "usage.output_tokens", candidatesTokenCountResult.Int()+thoughtsTokenCount) - template, _ = sjson.Set(template, "usage.input_tokens", usageResult.Get("promptTokenCount").Int()) - - output = output + template + "\n\n\n" - } - } - } - - return []string{output} -} - -// ConvertGeminiResponseToClaudeNonStream converts a non-streaming Gemini response to a non-streaming Claude response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Claude-compatible JSON response. -func ConvertGeminiResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - out := `{"id":"","type":"message","role":"assistant","model":"","content":[],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":0,"output_tokens":0}}` - out, _ = sjson.Set(out, "id", root.Get("responseId").String()) - out, _ = sjson.Set(out, "model", root.Get("modelVersion").String()) - - inputTokens := root.Get("usageMetadata.promptTokenCount").Int() - outputTokens := root.Get("usageMetadata.candidatesTokenCount").Int() + root.Get("usageMetadata.thoughtsTokenCount").Int() - out, _ = sjson.Set(out, "usage.input_tokens", inputTokens) - out, _ = sjson.Set(out, "usage.output_tokens", outputTokens) - - parts := root.Get("candidates.0.content.parts") - textBuilder := strings.Builder{} - thinkingBuilder := strings.Builder{} - toolIDCounter := 0 - hasToolCall := false - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - block := `{"type":"text","text":""}` - block, _ = sjson.Set(block, "text", textBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - block := `{"type":"thinking","thinking":""}` - block, _ = sjson.Set(block, "thinking", thinkingBuilder.String()) - out, _ = sjson.SetRaw(out, "content.-1", block) - thinkingBuilder.Reset() - } - - if parts.IsArray() { - for _, part := range parts.Array() { - if text := part.Get("text"); text.Exists() && text.String() != "" { - if part.Get("thought").Bool() { - flushText() - thinkingBuilder.WriteString(text.String()) - continue - } - flushThinking() - textBuilder.WriteString(text.String()) - continue - } - - if functionCall := part.Get("functionCall"); functionCall.Exists() { - flushThinking() - flushText() - hasToolCall = true - - name := functionCall.Get("name").String() - toolIDCounter++ - toolBlock := `{"type":"tool_use","id":"","name":"","input":{}}` - toolBlock, _ = sjson.Set(toolBlock, "id", fmt.Sprintf("tool_%d", toolIDCounter)) - toolBlock, _ = sjson.Set(toolBlock, "name", name) - inputRaw := "{}" - if args := functionCall.Get("args"); args.Exists() && gjson.Valid(args.Raw) && args.IsObject() { - inputRaw = args.Raw - } - toolBlock, _ = sjson.SetRaw(toolBlock, "input", inputRaw) - out, _ = sjson.SetRaw(out, "content.-1", toolBlock) - continue - } - } - } - - flushThinking() - flushText() - - stopReason := "end_turn" - if hasToolCall { - stopReason = "tool_use" - } else { - if finish := root.Get("candidates.0.finishReason"); finish.Exists() { - switch finish.String() { - case "MAX_TOKENS": - stopReason = "max_tokens" - case "STOP", "FINISH_REASON_UNSPECIFIED", "UNKNOWN": - stopReason = "end_turn" - default: - stopReason = "end_turn" - } - } - } - out, _ = sjson.Set(out, "stop_reason", stopReason) - - if inputTokens == int64(0) && outputTokens == int64(0) && !root.Get("usageMetadata").Exists() { - out, _ = sjson.Delete(out, "usage") - } - - return out -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/internal/translator/gemini/claude/init.go b/internal/translator/gemini/claude/init.go deleted file mode 100644 index 15542231cd..0000000000 --- a/internal/translator/gemini/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Gemini, - ConvertClaudeRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToClaude, - NonStream: ConvertGeminiResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/internal/translator/gemini/common/safety.go b/internal/translator/gemini/common/safety.go deleted file mode 100644 index e4b1429382..0000000000 --- a/internal/translator/gemini/common/safety.go +++ /dev/null @@ -1,47 +0,0 @@ -package common - -import ( - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// DefaultSafetySettings returns the default Gemini safety configuration we attach to requests. -func DefaultSafetySettings() []map[string]string { - return []map[string]string{ - { - "category": "HARM_CATEGORY_HARASSMENT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_HATE_SPEECH", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_SEXUALLY_EXPLICIT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_DANGEROUS_CONTENT", - "threshold": "OFF", - }, - { - "category": "HARM_CATEGORY_CIVIC_INTEGRITY", - "threshold": "BLOCK_NONE", - }, - } -} - -// AttachDefaultSafetySettings ensures the default safety settings are present when absent. -// The caller must provide the target JSON path (e.g. "safetySettings" or "request.safetySettings"). -func AttachDefaultSafetySettings(rawJSON []byte, path string) []byte { - if gjson.GetBytes(rawJSON, path).Exists() { - return rawJSON - } - - out, err := sjson.SetBytes(rawJSON, path, DefaultSafetySettings()) - if err != nil { - return rawJSON - } - - return out -} diff --git a/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go b/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go deleted file mode 100644 index 3d75eb8b00..0000000000 --- a/internal/translator/gemini/gemini-cli/gemini_gemini-cli_request.go +++ /dev/null @@ -1,63 +0,0 @@ -// Package gemini provides request translation functionality for Claude API. -// It handles parsing and transforming Claude API requests into the internal client format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package also performs JSON data cleaning and transformation to ensure compatibility -// between Claude API format and the internal client's expected format. -package geminiCLI - -import ( - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// PrepareClaudeRequest parses and transforms a Claude API request into internal client format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the internal client. -func ConvertGeminiCLIRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - modelResult := gjson.GetBytes(rawJSON, "model") - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelResult.String()) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - gjson.GetBytes(rawJSON, "contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - rawJSON, _ = sjson.SetBytes(rawJSON, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - return common.AttachDefaultSafetySettings(rawJSON, "safetySettings") -} diff --git a/internal/translator/gemini/gemini-cli/gemini_gemini-cli_response.go b/internal/translator/gemini/gemini-cli/gemini_gemini-cli_response.go deleted file mode 100644 index 39b8dfb644..0000000000 --- a/internal/translator/gemini/gemini-cli/gemini_gemini-cli_response.go +++ /dev/null @@ -1,62 +0,0 @@ -// Package gemini_cli provides response translation functionality for Gemini API to Gemini CLI API. -// This package handles the conversion of Gemini API responses into Gemini CLI-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini CLI API clients. -package geminiCLI - -import ( - "bytes" - "context" - "fmt" - - "github.com/tidwall/sjson" -) - -var dataTag = []byte("data:") - -// ConvertGeminiResponseToGeminiCLI converts Gemini streaming response format to Gemini CLI single-line JSON format. -// This function processes various Gemini event types and transforms them into Gemini CLI-compatible JSON responses. -// It handles thinking content, regular text content, and function calls, outputting single-line JSON -// that matches the Gemini CLI API response format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion (unused). -// -// Returns: -// - []string: A slice of strings, each containing a Gemini CLI-compatible JSON response. -func ConvertGeminiResponseToGeminiCLI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - json := `{"response": {}}` - rawJSON, _ = sjson.SetRawBytes([]byte(json), "response", rawJSON) - return []string{string(rawJSON)} -} - -// ConvertGeminiResponseToGeminiCLINonStream converts a non-streaming Gemini response to a non-streaming Gemini CLI response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the Gemini API. -// - param: A pointer to a parameter object for the conversion (unused). -// -// Returns: -// - string: A Gemini CLI-compatible JSON response. -func ConvertGeminiResponseToGeminiCLINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - json := `{"response": {}}` - rawJSON, _ = sjson.SetRawBytes([]byte(json), "response", rawJSON) - return string(rawJSON) -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/internal/translator/gemini/gemini-cli/init.go b/internal/translator/gemini/gemini-cli/init.go deleted file mode 100644 index 9e5c95b7e8..0000000000 --- a/internal/translator/gemini/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - Gemini, - ConvertGeminiCLIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToGeminiCLI, - NonStream: ConvertGeminiResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/internal/translator/gemini/gemini/gemini_gemini_request.go b/internal/translator/gemini/gemini/gemini_gemini_request.go deleted file mode 100644 index 373c2f9d5b..0000000000 --- a/internal/translator/gemini/gemini/gemini_gemini_request.go +++ /dev/null @@ -1,100 +0,0 @@ -// Package gemini provides in-provider request normalization for Gemini API. -// It ensures incoming v1beta requests meet minimal schema requirements -// expected by Google's Generative Language API. -package gemini - -import ( - "fmt" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToGemini normalizes Gemini v1beta requests. -// - Adds a default role for each content if missing or invalid. -// The first message defaults to "user", then alternates user/model when needed. -// -// It keeps the payload otherwise unchanged. -func ConvertGeminiRequestToGemini(_ string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Fast path: if no contents field, only attach safety settings - contents := gjson.GetBytes(rawJSON, "contents") - if !contents.Exists() { - return common.AttachDefaultSafetySettings(rawJSON, "safetySettings") - } - - toolsResult := gjson.GetBytes(rawJSON, "tools") - if toolsResult.Exists() && toolsResult.IsArray() { - toolResults := toolsResult.Array() - for i := 0; i < len(toolResults); i++ { - if gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.functionDeclarations", i)).Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.functionDeclarations", i), fmt.Sprintf("tools.%d.function_declarations", i)) - rawJSON = []byte(strJson) - } - - functionDeclarationsResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations", i)) - if functionDeclarationsResult.Exists() && functionDeclarationsResult.IsArray() { - functionDeclarationsResults := functionDeclarationsResult.Array() - for j := 0; j < len(functionDeclarationsResults); j++ { - parametersResult := gjson.GetBytes(rawJSON, fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j)) - if parametersResult.Exists() { - strJson, _ := util.RenameKey(string(rawJSON), fmt.Sprintf("tools.%d.function_declarations.%d.parameters", i, j), fmt.Sprintf("tools.%d.function_declarations.%d.parametersJsonSchema", i, j)) - rawJSON = []byte(strJson) - } - } - } - } - } - - // Walk contents and fix roles - out := rawJSON - prevRole := "" - idx := 0 - contents.ForEach(func(_ gjson.Result, value gjson.Result) bool { - role := value.Get("role").String() - - // Only user/model are valid for Gemini v1beta requests - valid := role == "user" || role == "model" - if role == "" || !valid { - var newRole string - if prevRole == "" { - newRole = "user" - } else if prevRole == "user" { - newRole = "model" - } else { - newRole = "user" - } - path := fmt.Sprintf("contents.%d.role", idx) - out, _ = sjson.SetBytes(out, path, newRole) - role = newRole - } - - prevRole = role - idx++ - return true - }) - - gjson.GetBytes(out, "contents").ForEach(func(key, content gjson.Result) bool { - if content.Get("role").String() == "model" { - content.Get("parts").ForEach(func(partKey, part gjson.Result) bool { - if part.Get("functionCall").Exists() { - out, _ = sjson.SetBytes(out, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } else if part.Get("thoughtSignature").Exists() { - out, _ = sjson.SetBytes(out, fmt.Sprintf("contents.%d.parts.%d.thoughtSignature", key.Int(), partKey.Int()), "skip_thought_signature_validator") - } - return true - }) - } - return true - }) - - if gjson.GetBytes(rawJSON, "generationConfig.responseSchema").Exists() { - strJson, _ := util.RenameKey(string(out), "generationConfig.responseSchema", "generationConfig.responseJsonSchema") - out = []byte(strJson) - } - - out = common.AttachDefaultSafetySettings(out, "safetySettings") - return out -} diff --git a/internal/translator/gemini/gemini/gemini_gemini_response.go b/internal/translator/gemini/gemini/gemini_gemini_response.go deleted file mode 100644 index 05fb6ab95e..0000000000 --- a/internal/translator/gemini/gemini/gemini_gemini_response.go +++ /dev/null @@ -1,29 +0,0 @@ -package gemini - -import ( - "bytes" - "context" - "fmt" -) - -// PassthroughGeminiResponseStream forwards Gemini responses unchanged. -func PassthroughGeminiResponseStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - return []string{string(rawJSON)} -} - -// PassthroughGeminiResponseNonStream forwards Gemini responses unchanged. -func PassthroughGeminiResponseNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - return string(rawJSON) -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/internal/translator/gemini/gemini/init.go b/internal/translator/gemini/gemini/init.go deleted file mode 100644 index 398433aa93..0000000000 --- a/internal/translator/gemini/gemini/init.go +++ /dev/null @@ -1,22 +0,0 @@ -package gemini - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -// Register a no-op response translator and a request normalizer for Gemini→Gemini. -// The request converter ensures missing or invalid roles are normalized to valid values. -func init() { - translator.Register( - Gemini, - Gemini, - ConvertGeminiRequestToGemini, - interfaces.TranslateResponse{ - Stream: PassthroughGeminiResponseStream, - NonStream: PassthroughGeminiResponseNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go b/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go deleted file mode 100644 index 52d79dc355..0000000000 --- a/internal/translator/gemini/openai/chat-completions/gemini_openai_request.go +++ /dev/null @@ -1,403 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini API compatibility. -// It converts OpenAI Chat Completions requests into Gemini compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/misc" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiFunctionThoughtSignature = "skip_thought_signature_validator" - -// ConvertOpenAIRequestToGemini converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini API format -func ConvertOpenAIRequestToGemini(modelName string, inputRawJSON []byte, _ bool) []byte { - rawJSON := inputRawJSON - // Base envelope (no default thinkingConfig) - out := []byte(`{"contents":[]}`) - - // Model - out, _ = sjson.SetBytes(out, "model", modelName) - - // Apply thinking configuration: convert OpenAI reasoning_effort to Gemini thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := gjson.GetBytes(rawJSON, "reasoning_effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.SetBytes(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.SetBytes(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - // Temperature/top_p/top_k - if tr := gjson.GetBytes(rawJSON, "temperature"); tr.Exists() && tr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.temperature", tr.Num) - } - if tpr := gjson.GetBytes(rawJSON, "top_p"); tpr.Exists() && tpr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.topP", tpr.Num) - } - if tkr := gjson.GetBytes(rawJSON, "top_k"); tkr.Exists() && tkr.Type == gjson.Number { - out, _ = sjson.SetBytes(out, "generationConfig.topK", tkr.Num) - } - - // Candidate count (OpenAI 'n' parameter) - if n := gjson.GetBytes(rawJSON, "n"); n.Exists() && n.Type == gjson.Number { - if val := n.Int(); val > 1 { - out, _ = sjson.SetBytes(out, "generationConfig.candidateCount", val) - } - } - - // Map OpenAI modalities -> Gemini generationConfig.responseModalities - // e.g. "modalities": ["image", "text"] -> ["IMAGE", "TEXT"] - if mods := gjson.GetBytes(rawJSON, "modalities"); mods.Exists() && mods.IsArray() { - var responseMods []string - for _, m := range mods.Array() { - switch strings.ToLower(m.String()) { - case "text": - responseMods = append(responseMods, "TEXT") - case "image": - responseMods = append(responseMods, "IMAGE") - } - } - if len(responseMods) > 0 { - out, _ = sjson.SetBytes(out, "generationConfig.responseModalities", responseMods) - } - } - - // OpenRouter-style image_config support - // If the input uses top-level image_config.aspect_ratio, map it into generationConfig.imageConfig.aspectRatio. - if imgCfg := gjson.GetBytes(rawJSON, "image_config"); imgCfg.Exists() && imgCfg.IsObject() { - if ar := imgCfg.Get("aspect_ratio"); ar.Exists() && ar.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.imageConfig.aspectRatio", ar.Str) - } - if size := imgCfg.Get("image_size"); size.Exists() && size.Type == gjson.String { - out, _ = sjson.SetBytes(out, "generationConfig.imageConfig.imageSize", size.Str) - } - } - - // messages -> systemInstruction + contents - messages := gjson.GetBytes(rawJSON, "messages") - if messages.IsArray() { - arr := messages.Array() - // First pass: assistant tool_calls id->name map - tcID2Name := map[string]string{} - for i := 0; i < len(arr); i++ { - m := arr[i] - if m.Get("role").String() == "assistant" { - tcs := m.Get("tool_calls") - if tcs.IsArray() { - for _, tc := range tcs.Array() { - if tc.Get("type").String() == "function" { - id := tc.Get("id").String() - name := tc.Get("function.name").String() - if id != "" && name != "" { - tcID2Name[id] = name - } - } - } - } - } - } - - // Second pass build systemInstruction/tool responses cache - toolResponses := map[string]string{} // tool_call_id -> response text - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - if role == "tool" { - toolCallID := m.Get("tool_call_id").String() - if toolCallID != "" { - c := m.Get("content") - toolResponses[toolCallID] = c.Raw - } - } - } - - systemPartIndex := 0 - for i := 0; i < len(arr); i++ { - m := arr[i] - role := m.Get("role").String() - content := m.Get("content") - - if (role == "system" || role == "developer") && len(arr) > 1 { - // system -> system_instruction as a user message style - if content.Type == gjson.String { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), content.String()) - systemPartIndex++ - } else if content.IsObject() && content.Get("type").String() == "text" { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), content.Get("text").String()) - systemPartIndex++ - } else if content.IsArray() { - contents := content.Array() - if len(contents) > 0 { - out, _ = sjson.SetBytes(out, "system_instruction.role", "user") - for j := 0; j < len(contents); j++ { - out, _ = sjson.SetBytes(out, fmt.Sprintf("system_instruction.parts.%d.text", systemPartIndex), contents[j].Get("text").String()) - systemPartIndex++ - } - } - } - } else if role == "user" || ((role == "system" || role == "developer") && len(arr) == 1) { - // Build single user content node to avoid splitting into multiple contents - node := []byte(`{"role":"user","parts":[]}`) - if content.Type == gjson.String { - node, _ = sjson.SetBytes(node, "parts.0.text", content.String()) - } else if content.IsArray() { - items := content.Array() - p := 0 - for _, item := range items { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - } - } - case "file": - filename := item.Get("file.filename").String() - fileData := item.Get("file.file_data").String() - ext := "" - if sp := strings.Split(filename, "."); len(sp) > 1 { - ext = sp[len(sp)-1] - } - if mimeType, ok := misc.MimeTypes[ext]; ok { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mimeType) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", fileData) - p++ - } else { - log.Warnf("Unknown file name extension '%s' in user message, skip", ext) - } - } - } - } - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } else if role == "assistant" { - node := []byte(`{"role":"model","parts":[]}`) - p := 0 - if content.Type == gjson.String { - // Assistant text -> single model content - node, _ = sjson.SetBytes(node, "parts.-1.text", content.String()) - p++ - } else if content.IsArray() { - // Assistant multimodal content (e.g. text + image) -> single model content with parts - for _, item := range content.Array() { - switch item.Get("type").String() { - case "text": - text := item.Get("text").String() - if text != "" { - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".text", text) - } - p++ - case "image_url": - // If the assistant returned an inline data URL, preserve it for history fidelity. - imageURL := item.Get("image_url.url").String() - if len(imageURL) > 5 { // expect data:... - pieces := strings.SplitN(imageURL[5:], ";", 2) - if len(pieces) == 2 && len(pieces[1]) > 7 { - mime := pieces[0] - data := pieces[1][7:] - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.mime_type", mime) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".inlineData.data", data) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - } - } - } - } - } - - // Tool calls -> single model content with functionCall parts - tcs := m.Get("tool_calls") - if tcs.IsArray() { - fIDs := make([]string, 0) - for _, tc := range tcs.Array() { - if tc.Get("type").String() != "function" { - continue - } - fid := tc.Get("id").String() - fname := tc.Get("function.name").String() - fargs := tc.Get("function.arguments").String() - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".functionCall.name", fname) - node, _ = sjson.SetRawBytes(node, "parts."+itoa(p)+".functionCall.args", []byte(fargs)) - node, _ = sjson.SetBytes(node, "parts."+itoa(p)+".thoughtSignature", geminiFunctionThoughtSignature) - p++ - if fid != "" { - fIDs = append(fIDs, fid) - } - } - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - - // Append a single tool content combining name + response per function - toolNode := []byte(`{"role":"user","parts":[]}`) - pp := 0 - for _, fid := range fIDs { - if name, ok := tcID2Name[fid]; ok { - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.name", name) - resp := toolResponses[fid] - if resp == "" { - resp = "{}" - } - toolNode, _ = sjson.SetBytes(toolNode, "parts."+itoa(pp)+".functionResponse.response.result", []byte(resp)) - pp++ - } - } - if pp > 0 { - out, _ = sjson.SetRawBytes(out, "contents.-1", toolNode) - } - } else { - out, _ = sjson.SetRawBytes(out, "contents.-1", node) - } - } - } - } - - // tools -> tools[].functionDeclarations + tools[].googleSearch/codeExecution/urlContext passthrough - tools := gjson.GetBytes(rawJSON, "tools") - if tools.IsArray() && len(tools.Array()) > 0 { - functionToolNode := []byte(`{}`) - hasFunction := false - googleSearchNodes := make([][]byte, 0) - codeExecutionNodes := make([][]byte, 0) - urlContextNodes := make([][]byte, 0) - for _, t := range tools.Array() { - if t.Get("type").String() == "function" { - fn := t.Get("function") - if fn.Exists() && fn.IsObject() { - fnRaw := fn.Raw - if fn.Get("parameters").Exists() { - renamed, errRename := util.RenameKey(fnRaw, "parameters", "parametersJsonSchema") - if errRename != nil { - log.Warnf("Failed to rename parameters for tool '%s': %v", fn.Get("name").String(), errRename) - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } else { - fnRaw = renamed - } - } else { - var errSet error - fnRaw, errSet = sjson.Set(fnRaw, "parametersJsonSchema.type", "object") - if errSet != nil { - log.Warnf("Failed to set default schema type for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - fnRaw, errSet = sjson.SetRaw(fnRaw, "parametersJsonSchema.properties", `{}`) - if errSet != nil { - log.Warnf("Failed to set default schema properties for tool '%s': %v", fn.Get("name").String(), errSet) - continue - } - } - fnRaw, _ = sjson.Delete(fnRaw, "strict") - if !hasFunction { - functionToolNode, _ = sjson.SetRawBytes(functionToolNode, "functionDeclarations", []byte("[]")) - } - tmp, errSet := sjson.SetRawBytes(functionToolNode, "functionDeclarations.-1", []byte(fnRaw)) - if errSet != nil { - log.Warnf("Failed to append tool declaration for '%s': %v", fn.Get("name").String(), errSet) - continue - } - functionToolNode = tmp - hasFunction = true - } - } - if gs := t.Get("google_search"); gs.Exists() { - googleToolNode := []byte(`{}`) - var errSet error - googleToolNode, errSet = sjson.SetRawBytes(googleToolNode, "googleSearch", []byte(gs.Raw)) - if errSet != nil { - log.Warnf("Failed to set googleSearch tool: %v", errSet) - continue - } - googleSearchNodes = append(googleSearchNodes, googleToolNode) - } - if ce := t.Get("code_execution"); ce.Exists() { - codeToolNode := []byte(`{}`) - var errSet error - codeToolNode, errSet = sjson.SetRawBytes(codeToolNode, "codeExecution", []byte(ce.Raw)) - if errSet != nil { - log.Warnf("Failed to set codeExecution tool: %v", errSet) - continue - } - codeExecutionNodes = append(codeExecutionNodes, codeToolNode) - } - if uc := t.Get("url_context"); uc.Exists() { - urlToolNode := []byte(`{}`) - var errSet error - urlToolNode, errSet = sjson.SetRawBytes(urlToolNode, "urlContext", []byte(uc.Raw)) - if errSet != nil { - log.Warnf("Failed to set urlContext tool: %v", errSet) - continue - } - urlContextNodes = append(urlContextNodes, urlToolNode) - } - } - if hasFunction || len(googleSearchNodes) > 0 || len(codeExecutionNodes) > 0 || len(urlContextNodes) > 0 { - toolsNode := []byte("[]") - if hasFunction { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", functionToolNode) - } - for _, googleNode := range googleSearchNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", googleNode) - } - for _, codeNode := range codeExecutionNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", codeNode) - } - for _, urlNode := range urlContextNodes { - toolsNode, _ = sjson.SetRawBytes(toolsNode, "-1", urlNode) - } - out, _ = sjson.SetRawBytes(out, "tools", toolsNode) - } - } - - out = common.AttachDefaultSafetySettings(out, "safetySettings") - - return out -} - -// itoa converts int to string without strconv import for few usages. -func itoa(i int) string { return fmt.Sprintf("%d", i) } diff --git a/internal/translator/gemini/openai/chat-completions/gemini_openai_response.go b/internal/translator/gemini/openai/chat-completions/gemini_openai_response.go deleted file mode 100644 index aeec5e9ea0..0000000000 --- a/internal/translator/gemini/openai/chat-completions/gemini_openai_response.go +++ /dev/null @@ -1,407 +0,0 @@ -// Package openai provides response translation functionality for Gemini to OpenAI API compatibility. -// This package handles the conversion of Gemini API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// convertGeminiResponseToOpenAIChatParams holds parameters for response conversion. -type convertGeminiResponseToOpenAIChatParams struct { - UnixTimestamp int64 - // FunctionIndex tracks tool call indices per candidate index to support multiple candidates. - FunctionIndex map[int]int -} - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// ConvertGeminiResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertGeminiResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - // Initialize parameters if nil. - if *param == nil { - *param = &convertGeminiResponseToOpenAIChatParams{ - UnixTimestamp: 0, - FunctionIndex: make(map[int]int), - } - } - - // Ensure the Map is initialized (handling cases where param might be reused from older context). - p := (*param).(*convertGeminiResponseToOpenAIChatParams) - if p.FunctionIndex == nil { - p.FunctionIndex = make(map[int]int) - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - // Initialize the OpenAI SSE base template. - // We use a base template and clone it for each candidate to support multiple candidates. - baseTemplate := `{"id":"","object":"chat.completion.chunk","created":12345,"model":"model","choices":[{"index":0,"delta":{"role":null,"content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}]}` - - // Extract and set the model version. - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "model", modelVersionResult.String()) - } - - // Extract and set the creation timestamp. - if createTimeResult := gjson.GetBytes(rawJSON, "createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - p.UnixTimestamp = t.Unix() - } - baseTemplate, _ = sjson.Set(baseTemplate, "created", p.UnixTimestamp) - } else { - baseTemplate, _ = sjson.Set(baseTemplate, "created", p.UnixTimestamp) - } - - // Extract and set the response ID. - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "id", responseIDResult.String()) - } - - // Extract and set usage metadata (token counts). - // Usage is applied to the base template so it appears in the chunks. - if usageResult := gjson.GetBytes(rawJSON, "usageMetadata"); usageResult.Exists() { - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - baseTemplate, _ = sjson.Set(baseTemplate, "usage.prompt_tokens", promptTokenCount) - if thoughtsTokenCount > 0 { - baseTemplate, _ = sjson.Set(baseTemplate, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - baseTemplate, err = sjson.Set(baseTemplate, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini openai response: failed to set cached_tokens in streaming: %v", err) - } - } - } - - var responseStrings []string - candidates := gjson.GetBytes(rawJSON, "candidates") - - // Iterate over all candidates to support candidate_count > 1. - if candidates.IsArray() { - candidates.ForEach(func(_, candidate gjson.Result) bool { - // Clone the template for the current candidate. - template := baseTemplate - - // Set the specific index for this candidate. - candidateIndex := int(candidate.Get("index").Int()) - template, _ = sjson.Set(template, "choices.0.index", candidateIndex) - - finishReason := "" - if stopReasonResult := gjson.GetBytes(rawJSON, "stop_reason"); stopReasonResult.Exists() { - finishReason = stopReasonResult.String() - } - if finishReason == "" { - if finishReasonResult := gjson.GetBytes(rawJSON, "candidates.0.finishReason"); finishReasonResult.Exists() { - finishReason = finishReasonResult.String() - } - } - finishReason = strings.ToLower(finishReason) - - partsResult := candidate.Get("content.parts") - hasFunctionCall := false - - if partsResult.IsArray() { - partResults := partsResult.Array() - for i := 0; i < len(partResults); i++ { - partResult := partResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - thoughtSignatureResult := partResult.Get("thoughtSignature") - if !thoughtSignatureResult.Exists() { - thoughtSignatureResult = partResult.Get("thought_signature") - } - - hasThoughtSignature := thoughtSignatureResult.Exists() && thoughtSignatureResult.String() != "" - hasContentPayload := partTextResult.Exists() || functionCallResult.Exists() || inlineDataResult.Exists() - - // Skip pure thoughtSignature parts but keep any actual payload in the same part. - if hasThoughtSignature && !hasContentPayload { - continue - } - - if partTextResult.Exists() { - text := partTextResult.String() - // Handle text content, distinguishing between regular content and reasoning/thoughts. - if partResult.Get("thought").Bool() { - template, _ = sjson.Set(template, "choices.0.delta.reasoning_content", text) - } else { - template, _ = sjson.Set(template, "choices.0.delta.content", text) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - } else if functionCallResult.Exists() { - // Handle function call content. - hasFunctionCall = true - toolCallsResult := gjson.Get(template, "choices.0.delta.tool_calls") - - // Retrieve the function index for this specific candidate. - functionCallIndex := p.FunctionIndex[candidateIndex] - p.FunctionIndex[candidateIndex]++ - - if toolCallsResult.Exists() && toolCallsResult.IsArray() { - functionCallIndex = len(toolCallsResult.Array()) - } else { - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls", `[]`) - } - - functionCallTemplate := `{"id": "","index": 0,"type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "index", functionCallIndex) - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallTemplate, _ = sjson.Set(functionCallTemplate, "function.arguments", fcArgsResult.Raw) - } - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.tool_calls.-1", functionCallTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data == "" { - continue - } - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(template, "choices.0.delta.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - template, _ = sjson.SetRaw(template, "choices.0.delta.images", `[]`) - } - imageIndex := len(gjson.Get(template, "choices.0.delta.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - template, _ = sjson.Set(template, "choices.0.delta.role", "assistant") - template, _ = sjson.SetRaw(template, "choices.0.delta.images.-1", imagePayload) - } - } - } - - if hasFunctionCall { - template, _ = sjson.Set(template, "choices.0.finish_reason", "tool_calls") - template, _ = sjson.Set(template, "choices.0.native_finish_reason", "tool_calls") - } else if finishReason != "" { - // Only pass through specific finish reasons - if finishReason == "max_tokens" || finishReason == "stop" { - template, _ = sjson.Set(template, "choices.0.finish_reason", finishReason) - template, _ = sjson.Set(template, "choices.0.native_finish_reason", finishReason) - } - } - - responseStrings = append(responseStrings, template) - return true // continue loop - }) - } else { - // If there are no candidates (e.g., a pure usageMetadata chunk), return the usage chunk if present. - if gjson.GetBytes(rawJSON, "usageMetadata").Exists() && len(responseStrings) == 0 { - responseStrings = append(responseStrings, baseTemplate) - } - } - - return responseStrings -} - -// ConvertGeminiResponseToOpenAINonStream converts a non-streaming Gemini response to a non-streaming OpenAI response. -// This function processes the complete Gemini response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini API -// - param: A pointer to a parameter object for the conversion (unused in current implementation) -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertGeminiResponseToOpenAINonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - var unixTimestamp int64 - // Initialize template with an empty choices array to support multiple candidates. - template := `{"id":"","object":"chat.completion","created":123456,"model":"model","choices":[]}` - - if modelVersionResult := gjson.GetBytes(rawJSON, "modelVersion"); modelVersionResult.Exists() { - template, _ = sjson.Set(template, "model", modelVersionResult.String()) - } - - if createTimeResult := gjson.GetBytes(rawJSON, "createTime"); createTimeResult.Exists() { - t, err := time.Parse(time.RFC3339Nano, createTimeResult.String()) - if err == nil { - unixTimestamp = t.Unix() - } - template, _ = sjson.Set(template, "created", unixTimestamp) - } else { - template, _ = sjson.Set(template, "created", unixTimestamp) - } - - if responseIDResult := gjson.GetBytes(rawJSON, "responseId"); responseIDResult.Exists() { - template, _ = sjson.Set(template, "id", responseIDResult.String()) - } - - if usageResult := gjson.GetBytes(rawJSON, "usageMetadata"); usageResult.Exists() { - if candidatesTokenCountResult := usageResult.Get("candidatesTokenCount"); candidatesTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.completion_tokens", candidatesTokenCountResult.Int()) - } - if totalTokenCountResult := usageResult.Get("totalTokenCount"); totalTokenCountResult.Exists() { - template, _ = sjson.Set(template, "usage.total_tokens", totalTokenCountResult.Int()) - } - promptTokenCount := usageResult.Get("promptTokenCount").Int() - thoughtsTokenCount := usageResult.Get("thoughtsTokenCount").Int() - cachedTokenCount := usageResult.Get("cachedContentTokenCount").Int() - template, _ = sjson.Set(template, "usage.prompt_tokens", promptTokenCount) - if thoughtsTokenCount > 0 { - template, _ = sjson.Set(template, "usage.completion_tokens_details.reasoning_tokens", thoughtsTokenCount) - } - // Include cached token count if present (indicates prompt caching is working) - if cachedTokenCount > 0 { - var err error - template, err = sjson.Set(template, "usage.prompt_tokens_details.cached_tokens", cachedTokenCount) - if err != nil { - log.Warnf("gemini openai response: failed to set cached_tokens in non-streaming: %v", err) - } - } - } - - // Process the main content part of the response for all candidates. - candidates := gjson.GetBytes(rawJSON, "candidates") - if candidates.IsArray() { - candidates.ForEach(func(_, candidate gjson.Result) bool { - // Construct a single Choice object. - choiceTemplate := `{"index":0,"message":{"role":"assistant","content":null,"reasoning_content":null,"tool_calls":null},"finish_reason":null,"native_finish_reason":null}` - - // Set the index for this choice. - choiceTemplate, _ = sjson.Set(choiceTemplate, "index", candidate.Get("index").Int()) - - // Set finish reason. - if finishReasonResult := candidate.Get("finishReason"); finishReasonResult.Exists() { - choiceTemplate, _ = sjson.Set(choiceTemplate, "finish_reason", strings.ToLower(finishReasonResult.String())) - choiceTemplate, _ = sjson.Set(choiceTemplate, "native_finish_reason", strings.ToLower(finishReasonResult.String())) - } - - partsResult := candidate.Get("content.parts") - hasFunctionCall := false - if partsResult.IsArray() { - partsResults := partsResult.Array() - for i := 0; i < len(partsResults); i++ { - partResult := partsResults[i] - partTextResult := partResult.Get("text") - functionCallResult := partResult.Get("functionCall") - inlineDataResult := partResult.Get("inlineData") - if !inlineDataResult.Exists() { - inlineDataResult = partResult.Get("inline_data") - } - - if partTextResult.Exists() { - // Append text content, distinguishing between regular content and reasoning. - if partResult.Get("thought").Bool() { - oldVal := gjson.Get(choiceTemplate, "message.reasoning_content").String() - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.reasoning_content", oldVal+partTextResult.String()) - } else { - oldVal := gjson.Get(choiceTemplate, "message.content").String() - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.content", oldVal+partTextResult.String()) - } - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - } else if functionCallResult.Exists() { - // Append function call content to the tool_calls array. - hasFunctionCall = true - toolCallsResult := gjson.Get(choiceTemplate, "message.tool_calls") - if !toolCallsResult.Exists() || !toolCallsResult.IsArray() { - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.tool_calls", `[]`) - } - functionCallItemTemplate := `{"id": "","type": "function","function": {"name": "","arguments": ""}}` - fcName := functionCallResult.Get("name").String() - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "id", fmt.Sprintf("%s-%d-%d", fcName, time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1))) - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.name", fcName) - if fcArgsResult := functionCallResult.Get("args"); fcArgsResult.Exists() { - functionCallItemTemplate, _ = sjson.Set(functionCallItemTemplate, "function.arguments", fcArgsResult.Raw) - } - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.tool_calls.-1", functionCallItemTemplate) - } else if inlineDataResult.Exists() { - data := inlineDataResult.Get("data").String() - if data != "" { - mimeType := inlineDataResult.Get("mimeType").String() - if mimeType == "" { - mimeType = inlineDataResult.Get("mime_type").String() - } - if mimeType == "" { - mimeType = "image/png" - } - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - imagesResult := gjson.Get(choiceTemplate, "message.images") - if !imagesResult.Exists() || !imagesResult.IsArray() { - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.images", `[]`) - } - imageIndex := len(gjson.Get(choiceTemplate, "message.images").Array()) - imagePayload := `{"type":"image_url","image_url":{"url":""}}` - imagePayload, _ = sjson.Set(imagePayload, "index", imageIndex) - imagePayload, _ = sjson.Set(imagePayload, "image_url.url", imageURL) - choiceTemplate, _ = sjson.Set(choiceTemplate, "message.role", "assistant") - choiceTemplate, _ = sjson.SetRaw(choiceTemplate, "message.images.-1", imagePayload) - } - } - } - } - - if hasFunctionCall { - choiceTemplate, _ = sjson.Set(choiceTemplate, "finish_reason", "tool_calls") - choiceTemplate, _ = sjson.Set(choiceTemplate, "native_finish_reason", "tool_calls") - } - - // Append the constructed choice to the main choices array. - template, _ = sjson.SetRaw(template, "choices.-1", choiceTemplate) - return true - }) - } - - return template -} diff --git a/internal/translator/gemini/openai/chat-completions/init.go b/internal/translator/gemini/openai/chat-completions/init.go deleted file mode 100644 index 44a29e397d..0000000000 --- a/internal/translator/gemini/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - Gemini, - ConvertOpenAIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAI, - NonStream: ConvertGeminiResponseToOpenAINonStream, - }, - ) -} diff --git a/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go b/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go deleted file mode 100644 index 6ffa62ce67..0000000000 --- a/internal/translator/gemini/openai/responses/gemini_openai-responses_request.go +++ /dev/null @@ -1,435 +0,0 @@ -package responses - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/common" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -const geminiResponsesThoughtSignature = "skip_thought_signature_validator" - -func ConvertOpenAIResponsesRequestToGemini(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - - // Note: modelName and stream parameters are part of the fixed method signature - _ = modelName // Unused but required by interface - _ = stream // Unused but required by interface - - // Base Gemini API template (do not include thinkingConfig by default) - out := `{"contents":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Extract system instruction from OpenAI "instructions" field - if instructions := root.Get("instructions"); instructions.Exists() { - systemInstr := `{"parts":[{"text":""}]}` - systemInstr, _ = sjson.Set(systemInstr, "parts.0.text", instructions.String()) - out, _ = sjson.SetRaw(out, "system_instruction", systemInstr) - } - - // Convert input messages to Gemini contents format - if input := root.Get("input"); input.Exists() && input.IsArray() { - items := input.Array() - - // Normalize consecutive function calls and outputs so each call is immediately followed by its response - normalized := make([]gjson.Result, 0, len(items)) - for i := 0; i < len(items); { - item := items[i] - itemType := item.Get("type").String() - itemRole := item.Get("role").String() - if itemType == "" && itemRole != "" { - itemType = "message" - } - - if itemType == "function_call" { - var calls []gjson.Result - var outputs []gjson.Result - - for i < len(items) { - next := items[i] - nextType := next.Get("type").String() - nextRole := next.Get("role").String() - if nextType == "" && nextRole != "" { - nextType = "message" - } - if nextType != "function_call" { - break - } - calls = append(calls, next) - i++ - } - - for i < len(items) { - next := items[i] - nextType := next.Get("type").String() - nextRole := next.Get("role").String() - if nextType == "" && nextRole != "" { - nextType = "message" - } - if nextType != "function_call_output" { - break - } - outputs = append(outputs, next) - i++ - } - - if len(calls) > 0 { - outputMap := make(map[string]gjson.Result, len(outputs)) - for _, out := range outputs { - outputMap[out.Get("call_id").String()] = out - } - for _, call := range calls { - normalized = append(normalized, call) - callID := call.Get("call_id").String() - if resp, ok := outputMap[callID]; ok { - normalized = append(normalized, resp) - delete(outputMap, callID) - } - } - for _, out := range outputs { - if _, ok := outputMap[out.Get("call_id").String()]; ok { - normalized = append(normalized, out) - } - } - continue - } - } - - if itemType == "function_call_output" { - normalized = append(normalized, item) - i++ - continue - } - - normalized = append(normalized, item) - i++ - } - - for _, item := range normalized { - itemType := item.Get("type").String() - itemRole := item.Get("role").String() - if itemType == "" && itemRole != "" { - itemType = "message" - } - - switch itemType { - case "message": - if strings.EqualFold(itemRole, "system") { - if contentArray := item.Get("content"); contentArray.Exists() { - systemInstr := "" - if systemInstructionResult := gjson.Get(out, "system_instruction"); systemInstructionResult.Exists() { - systemInstr = systemInstructionResult.Raw - } else { - systemInstr = `{"parts":[]}` - } - - if contentArray.IsArray() { - contentArray.ForEach(func(_, contentItem gjson.Result) bool { - part := `{"text":""}` - text := contentItem.Get("text").String() - part, _ = sjson.Set(part, "text", text) - systemInstr, _ = sjson.SetRaw(systemInstr, "parts.-1", part) - return true - }) - } else if contentArray.Type == gjson.String { - part := `{"text":""}` - part, _ = sjson.Set(part, "text", contentArray.String()) - systemInstr, _ = sjson.SetRaw(systemInstr, "parts.-1", part) - } - - if systemInstr != `{"parts":[]}` { - out, _ = sjson.SetRaw(out, "system_instruction", systemInstr) - } - } - continue - } - - // Handle regular messages - // Note: In Responses format, model outputs may appear as content items with type "output_text" - // even when the message.role is "user". We split such items into distinct Gemini messages - // with roles derived from the content type to match docs/convert-2.md. - if contentArray := item.Get("content"); contentArray.Exists() && contentArray.IsArray() { - currentRole := "" - var currentParts []string - - flush := func() { - if currentRole == "" || len(currentParts) == 0 { - currentParts = nil - return - } - one := `{"role":"","parts":[]}` - one, _ = sjson.Set(one, "role", currentRole) - for _, part := range currentParts { - one, _ = sjson.SetRaw(one, "parts.-1", part) - } - out, _ = sjson.SetRaw(out, "contents.-1", one) - currentParts = nil - } - - contentArray.ForEach(func(_, contentItem gjson.Result) bool { - contentType := contentItem.Get("type").String() - if contentType == "" { - contentType = "input_text" - } - - effRole := "user" - if itemRole != "" { - switch strings.ToLower(itemRole) { - case "assistant", "model": - effRole = "model" - default: - effRole = strings.ToLower(itemRole) - } - } - if contentType == "output_text" { - effRole = "model" - } - if effRole == "assistant" { - effRole = "model" - } - - if currentRole != "" && effRole != currentRole { - flush() - currentRole = "" - } - if currentRole == "" { - currentRole = effRole - } - - var partJSON string - switch contentType { - case "input_text", "output_text": - if text := contentItem.Get("text"); text.Exists() { - partJSON = `{"text":""}` - partJSON, _ = sjson.Set(partJSON, "text", text.String()) - } - case "input_image": - imageURL := contentItem.Get("image_url").String() - if imageURL == "" { - imageURL = contentItem.Get("url").String() - } - if imageURL != "" { - mimeType := "application/octet-stream" - data := "" - if strings.HasPrefix(imageURL, "data:") { - trimmed := strings.TrimPrefix(imageURL, "data:") - mediaAndData := strings.SplitN(trimmed, ";base64,", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mimeType = mediaAndData[0] - } - data = mediaAndData[1] - } else { - mediaAndData = strings.SplitN(trimmed, ",", 2) - if len(mediaAndData) == 2 { - if mediaAndData[0] != "" { - mimeType = mediaAndData[0] - } - data = mediaAndData[1] - } - } - } - if data != "" { - partJSON = `{"inline_data":{"mime_type":"","data":""}}` - partJSON, _ = sjson.Set(partJSON, "inline_data.mime_type", mimeType) - partJSON, _ = sjson.Set(partJSON, "inline_data.data", data) - } - } - } - - if partJSON != "" { - currentParts = append(currentParts, partJSON) - } - return true - }) - - flush() - } else if contentArray.Type == gjson.String { - effRole := "user" - if itemRole != "" { - switch strings.ToLower(itemRole) { - case "assistant", "model": - effRole = "model" - default: - effRole = strings.ToLower(itemRole) - } - } - - one := `{"role":"","parts":[{"text":""}]}` - one, _ = sjson.Set(one, "role", effRole) - one, _ = sjson.Set(one, "parts.0.text", contentArray.String()) - out, _ = sjson.SetRaw(out, "contents.-1", one) - } - case "function_call": - // Handle function calls - convert to model message with functionCall - name := item.Get("name").String() - arguments := item.Get("arguments").String() - - modelContent := `{"role":"model","parts":[]}` - functionCall := `{"functionCall":{"name":"","args":{}}}` - functionCall, _ = sjson.Set(functionCall, "functionCall.name", name) - functionCall, _ = sjson.Set(functionCall, "thoughtSignature", geminiResponsesThoughtSignature) - functionCall, _ = sjson.Set(functionCall, "functionCall.id", item.Get("call_id").String()) - - // Parse arguments JSON string and set as args object - if arguments != "" { - argsResult := gjson.Parse(arguments) - functionCall, _ = sjson.SetRaw(functionCall, "functionCall.args", argsResult.Raw) - } - - modelContent, _ = sjson.SetRaw(modelContent, "parts.-1", functionCall) - out, _ = sjson.SetRaw(out, "contents.-1", modelContent) - - case "function_call_output": - // Handle function call outputs - convert to function message with functionResponse - callID := item.Get("call_id").String() - // Use .Raw to preserve the JSON encoding (includes quotes for strings) - outputRaw := item.Get("output").Str - - functionContent := `{"role":"function","parts":[]}` - functionResponse := `{"functionResponse":{"name":"","response":{}}}` - - // We need to extract the function name from the previous function_call - // For now, we'll use a placeholder or extract from context if available - functionName := "unknown" // This should ideally be matched with the corresponding function_call - - // Find the corresponding function call name by matching call_id - // We need to look back through the input array to find the matching call - if inputArray := root.Get("input"); inputArray.Exists() && inputArray.IsArray() { - inputArray.ForEach(func(_, prevItem gjson.Result) bool { - if prevItem.Get("type").String() == "function_call" && prevItem.Get("call_id").String() == callID { - functionName = prevItem.Get("name").String() - return false // Stop iteration - } - return true - }) - } - - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.name", functionName) - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.id", callID) - - // Set the raw JSON output directly (preserves string encoding) - if outputRaw != "" && outputRaw != "null" { - output := gjson.Parse(outputRaw) - if output.Type == gjson.JSON { - functionResponse, _ = sjson.SetRaw(functionResponse, "functionResponse.response.result", output.Raw) - } else { - functionResponse, _ = sjson.Set(functionResponse, "functionResponse.response.result", outputRaw) - } - } - functionContent, _ = sjson.SetRaw(functionContent, "parts.-1", functionResponse) - out, _ = sjson.SetRaw(out, "contents.-1", functionContent) - - case "reasoning": - thoughtContent := `{"role":"model","parts":[]}` - thought := `{"text":"","thoughtSignature":"","thought":true}` - thought, _ = sjson.Set(thought, "text", item.Get("summary.0.text").String()) - thought, _ = sjson.Set(thought, "thoughtSignature", item.Get("encrypted_content").String()) - - thoughtContent, _ = sjson.SetRaw(thoughtContent, "parts.-1", thought) - out, _ = sjson.SetRaw(out, "contents.-1", thoughtContent) - } - } - } else if input.Exists() && input.Type == gjson.String { - // Simple string input conversion to user message - userContent := `{"role":"user","parts":[{"text":""}]}` - userContent, _ = sjson.Set(userContent, "parts.0.text", input.String()) - out, _ = sjson.SetRaw(out, "contents.-1", userContent) - } - - // Convert tools to Gemini functionDeclarations format - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - geminiTools := `[{"functionDeclarations":[]}]` - - tools.ForEach(func(_, tool gjson.Result) bool { - if tool.Get("type").String() == "function" { - funcDecl := `{"name":"","description":"","parametersJsonSchema":{}}` - - if name := tool.Get("name"); name.Exists() { - funcDecl, _ = sjson.Set(funcDecl, "name", name.String()) - } - if desc := tool.Get("description"); desc.Exists() { - funcDecl, _ = sjson.Set(funcDecl, "description", desc.String()) - } - if params := tool.Get("parameters"); params.Exists() { - // Convert parameter types from OpenAI format to Gemini format - cleaned := params.Raw - // Convert type values to uppercase for Gemini - // Skip type uppercasing - let CleanJSONSchemaForGemini handle type arrays - // This fixes the bug where nullable type arrays like ["string","null"] were - // incorrectly converted to strings causing 400 errors on Gemini API - // Set the overall type to OBJECT - cleaned, _ = sjson.Set(cleaned, "type", "OBJECT") - funcDecl, _ = sjson.SetRaw(funcDecl, "parametersJsonSchema", cleaned) - } - - geminiTools, _ = sjson.SetRaw(geminiTools, "0.functionDeclarations.-1", funcDecl) - } - return true - }) - - // Only add tools if there are function declarations - if funcDecls := gjson.Get(geminiTools, "0.functionDeclarations"); funcDecls.Exists() && len(funcDecls.Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", geminiTools) - } - } - - // Handle generation config from OpenAI format - if maxOutputTokens := root.Get("max_output_tokens"); maxOutputTokens.Exists() { - genConfig := `{"maxOutputTokens":0}` - genConfig, _ = sjson.Set(genConfig, "maxOutputTokens", maxOutputTokens.Int()) - out, _ = sjson.SetRaw(out, "generationConfig", genConfig) - } - - // Handle temperature if present - if temperature := root.Get("temperature"); temperature.Exists() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - out, _ = sjson.Set(out, "generationConfig.temperature", temperature.Float()) - } - - // Handle top_p if present - if topP := root.Get("top_p"); topP.Exists() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - out, _ = sjson.Set(out, "generationConfig.topP", topP.Float()) - } - - // Handle stop sequences - if stopSequences := root.Get("stop_sequences"); stopSequences.Exists() && stopSequences.IsArray() { - if !gjson.Get(out, "generationConfig").Exists() { - out, _ = sjson.SetRaw(out, "generationConfig", `{}`) - } - var sequences []string - stopSequences.ForEach(func(_, seq gjson.Result) bool { - sequences = append(sequences, seq.String()) - return true - }) - out, _ = sjson.Set(out, "generationConfig.stopSequences", sequences) - } - - // Apply thinking configuration: convert OpenAI Responses API reasoning.effort to Gemini thinkingConfig. - // Inline translation-only mapping; capability checks happen later in ApplyThinking. - re := root.Get("reasoning.effort") - if re.Exists() { - effort := strings.ToLower(strings.TrimSpace(re.String())) - if effort != "" { - thinkingPath := "generationConfig.thinkingConfig" - if effort == "auto" { - out, _ = sjson.Set(out, thinkingPath+".thinkingBudget", -1) - out, _ = sjson.Set(out, thinkingPath+".includeThoughts", true) - } else { - out, _ = sjson.Set(out, thinkingPath+".thinkingLevel", effort) - out, _ = sjson.Set(out, thinkingPath+".includeThoughts", effort != "none") - } - } - } - - result := []byte(out) - result = common.AttachDefaultSafetySettings(result, "safetySettings") - return result -} diff --git a/internal/translator/gemini/openai/responses/gemini_openai-responses_response.go b/internal/translator/gemini/openai/responses/gemini_openai-responses_response.go deleted file mode 100644 index 73609be77b..0000000000 --- a/internal/translator/gemini/openai/responses/gemini_openai-responses_response.go +++ /dev/null @@ -1,758 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type geminiToResponsesState struct { - Seq int - ResponseID string - CreatedAt int64 - Started bool - - // message aggregation - MsgOpened bool - MsgClosed bool - MsgIndex int - CurrentMsgID string - TextBuf strings.Builder - ItemTextBuf strings.Builder - - // reasoning aggregation - ReasoningOpened bool - ReasoningIndex int - ReasoningItemID string - ReasoningEnc string - ReasoningBuf strings.Builder - ReasoningClosed bool - - // function call aggregation (keyed by output_index) - NextIndex int - FuncArgsBuf map[int]*strings.Builder - FuncNames map[int]string - FuncCallIDs map[int]string - FuncDone map[int]bool -} - -// responseIDCounter provides a process-wide unique counter for synthesized response identifiers. -var responseIDCounter uint64 - -// funcCallIDCounter provides a process-wide unique counter for function call identifiers. -var funcCallIDCounter uint64 - -func pickRequestJSON(originalRequestRawJSON, requestRawJSON []byte) []byte { - if len(originalRequestRawJSON) > 0 && gjson.ValidBytes(originalRequestRawJSON) { - return originalRequestRawJSON - } - if len(requestRawJSON) > 0 && gjson.ValidBytes(requestRawJSON) { - return requestRawJSON - } - return nil -} - -func unwrapRequestRoot(root gjson.Result) gjson.Result { - req := root.Get("request") - if !req.Exists() { - return root - } - if req.Get("model").Exists() || req.Get("input").Exists() || req.Get("instructions").Exists() { - return req - } - return root -} - -func unwrapGeminiResponseRoot(root gjson.Result) gjson.Result { - resp := root.Get("response") - if !resp.Exists() { - return root - } - // Vertex-style Gemini responses wrap the actual payload in a "response" object. - if resp.Get("candidates").Exists() || resp.Get("responseId").Exists() || resp.Get("usageMetadata").Exists() { - return resp - } - return root -} - -func emitEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertGeminiResponseToOpenAIResponses converts Gemini SSE chunks into OpenAI Responses SSE events. -func ConvertGeminiResponseToOpenAIResponses(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &geminiToResponsesState{ - FuncArgsBuf: make(map[int]*strings.Builder), - FuncNames: make(map[int]string), - FuncCallIDs: make(map[int]string), - FuncDone: make(map[int]bool), - } - } - st := (*param).(*geminiToResponsesState) - if st.FuncArgsBuf == nil { - st.FuncArgsBuf = make(map[int]*strings.Builder) - } - if st.FuncNames == nil { - st.FuncNames = make(map[int]string) - } - if st.FuncCallIDs == nil { - st.FuncCallIDs = make(map[int]string) - } - if st.FuncDone == nil { - st.FuncDone = make(map[int]bool) - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - rawJSON = bytes.TrimSpace(rawJSON) - if len(rawJSON) == 0 || bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - root := gjson.ParseBytes(rawJSON) - if !root.Exists() { - return []string{} - } - root = unwrapGeminiResponseRoot(root) - - var out []string - nextSeq := func() int { st.Seq++; return st.Seq } - - // Helper to finalize reasoning summary events in correct order. - // It emits response.reasoning_summary_text.done followed by - // response.reasoning_summary_part.done exactly once. - finalizeReasoning := func() { - if !st.ReasoningOpened || st.ReasoningClosed { - return - } - full := st.ReasoningBuf.String() - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningItemID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", full) - out = append(out, emitEvent("response.reasoning_summary_text.done", textDone)) - - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningItemID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", full) - out = append(out, emitEvent("response.reasoning_summary_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "item.id", st.ReasoningItemID) - itemDone, _ = sjson.Set(itemDone, "output_index", st.ReasoningIndex) - itemDone, _ = sjson.Set(itemDone, "item.encrypted_content", st.ReasoningEnc) - itemDone, _ = sjson.Set(itemDone, "item.summary.0.text", full) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.ReasoningClosed = true - } - - // Helper to finalize the assistant message in correct order. - // It emits response.output_text.done, response.content_part.done, - // and response.output_item.done exactly once. - finalizeMessage := func() { - if !st.MsgOpened || st.MsgClosed { - return - } - fullText := st.ItemTextBuf.String() - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", st.CurrentMsgID) - done, _ = sjson.Set(done, "output_index", st.MsgIndex) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitEvent("response.output_text.done", done)) - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.CurrentMsgID) - partDone, _ = sjson.Set(partDone, "output_index", st.MsgIndex) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitEvent("response.content_part.done", partDone)) - final := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","text":""}],"role":"assistant"}}` - final, _ = sjson.Set(final, "sequence_number", nextSeq()) - final, _ = sjson.Set(final, "output_index", st.MsgIndex) - final, _ = sjson.Set(final, "item.id", st.CurrentMsgID) - final, _ = sjson.Set(final, "item.content.0.text", fullText) - out = append(out, emitEvent("response.output_item.done", final)) - - st.MsgClosed = true - } - - // Initialize per-response fields and emit created/in_progress once - if !st.Started { - st.ResponseID = root.Get("responseId").String() - if st.ResponseID == "" { - st.ResponseID = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - if !strings.HasPrefix(st.ResponseID, "resp_") { - st.ResponseID = fmt.Sprintf("resp_%s", st.ResponseID) - } - if v := root.Get("createTime"); v.Exists() { - if t, errParseCreateTime := time.Parse(time.RFC3339Nano, v.String()); errParseCreateTime == nil { - st.CreatedAt = t.Unix() - } - } - if st.CreatedAt == 0 { - st.CreatedAt = time.Now().Unix() - } - - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.created", created)) - - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.CreatedAt) - out = append(out, emitEvent("response.in_progress", inprog)) - - st.Started = true - st.NextIndex = 0 - } - - // Handle parts (text/thought/functionCall) - if parts := root.Get("candidates.0.content.parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Reasoning text - if part.Get("thought").Bool() { - if st.ReasoningClosed { - // Ignore any late thought chunks after reasoning is finalized. - return true - } - if sig := part.Get("thoughtSignature"); sig.Exists() && sig.String() != "" && sig.String() != geminiResponsesThoughtSignature { - st.ReasoningEnc = sig.String() - } else if sig = part.Get("thought_signature"); sig.Exists() && sig.String() != "" && sig.String() != geminiResponsesThoughtSignature { - st.ReasoningEnc = sig.String() - } - if !st.ReasoningOpened { - st.ReasoningOpened = true - st.ReasoningIndex = st.NextIndex - st.NextIndex++ - st.ReasoningItemID = fmt.Sprintf("rs_%s_%d", st.ResponseID, st.ReasoningIndex) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","encrypted_content":"","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", st.ReasoningIndex) - item, _ = sjson.Set(item, "item.id", st.ReasoningItemID) - item, _ = sjson.Set(item, "item.encrypted_content", st.ReasoningEnc) - out = append(out, emitEvent("response.output_item.added", item)) - partAdded := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partAdded, _ = sjson.Set(partAdded, "sequence_number", nextSeq()) - partAdded, _ = sjson.Set(partAdded, "item_id", st.ReasoningItemID) - partAdded, _ = sjson.Set(partAdded, "output_index", st.ReasoningIndex) - out = append(out, emitEvent("response.reasoning_summary_part.added", partAdded)) - } - if t := part.Get("text"); t.Exists() && t.String() != "" { - st.ReasoningBuf.WriteString(t.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningItemID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.reasoning_summary_text.delta", msg)) - } - return true - } - - // Assistant visible text - if t := part.Get("text"); t.Exists() && t.String() != "" { - // Before emitting non-reasoning outputs, finalize reasoning if open. - finalizeReasoning() - if !st.MsgOpened { - st.MsgOpened = true - st.MsgIndex = st.NextIndex - st.NextIndex++ - st.CurrentMsgID = fmt.Sprintf("msg_%s_0", st.ResponseID) - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", st.MsgIndex) - item, _ = sjson.Set(item, "item.id", st.CurrentMsgID) - out = append(out, emitEvent("response.output_item.added", item)) - partAdded := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partAdded, _ = sjson.Set(partAdded, "sequence_number", nextSeq()) - partAdded, _ = sjson.Set(partAdded, "item_id", st.CurrentMsgID) - partAdded, _ = sjson.Set(partAdded, "output_index", st.MsgIndex) - out = append(out, emitEvent("response.content_part.added", partAdded)) - st.ItemTextBuf.Reset() - } - st.TextBuf.WriteString(t.String()) - st.ItemTextBuf.WriteString(t.String()) - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.CurrentMsgID) - msg, _ = sjson.Set(msg, "output_index", st.MsgIndex) - msg, _ = sjson.Set(msg, "delta", t.String()) - out = append(out, emitEvent("response.output_text.delta", msg)) - return true - } - - // Function call - if fc := part.Get("functionCall"); fc.Exists() { - // Before emitting function-call outputs, finalize reasoning and the message (if open). - // Responses streaming requires message done events before the next output_item.added. - finalizeReasoning() - finalizeMessage() - name := fc.Get("name").String() - idx := st.NextIndex - st.NextIndex++ - // Ensure buffers - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - if st.FuncCallIDs[idx] == "" { - st.FuncCallIDs[idx] = fmt.Sprintf("call_%d_%d", time.Now().UnixNano(), atomic.AddUint64(&funcCallIDCounter, 1)) - } - st.FuncNames[idx] = name - - argsJSON := "{}" - if args := fc.Get("args"); args.Exists() { - argsJSON = args.Raw - } - if st.FuncArgsBuf[idx].Len() == 0 && argsJSON != "" { - st.FuncArgsBuf[idx].WriteString(argsJSON) - } - - // Emit item.added for function call - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - item, _ = sjson.Set(item, "item.call_id", st.FuncCallIDs[idx]) - item, _ = sjson.Set(item, "item.name", name) - out = append(out, emitEvent("response.output_item.added", item)) - - // Emit arguments delta (full args in one chunk). - // When Gemini omits args, emit "{}" to keep Responses streaming event order consistent. - if argsJSON != "" { - ad := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - ad, _ = sjson.Set(ad, "sequence_number", nextSeq()) - ad, _ = sjson.Set(ad, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - ad, _ = sjson.Set(ad, "output_index", idx) - ad, _ = sjson.Set(ad, "delta", argsJSON) - out = append(out, emitEvent("response.function_call_arguments.delta", ad)) - } - - // Gemini emits the full function call payload at once, so we can finalize it immediately. - if !st.FuncDone[idx] { - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", argsJSON) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - itemDone, _ = sjson.Set(itemDone, "item.arguments", argsJSON) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.FuncCallIDs[idx]) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.FuncDone[idx] = true - } - - return true - } - - return true - }) - } - - // Finalization on finishReason - if fr := root.Get("candidates.0.finishReason"); fr.Exists() && fr.String() != "" { - // Finalize reasoning first to keep ordering tight with last delta - finalizeReasoning() - finalizeMessage() - - // Close function calls - if len(st.FuncArgsBuf) > 0 { - // sort indices (small N); avoid extra imports - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for idx := range st.FuncArgsBuf { - idxs = append(idxs, idx) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, idx := range idxs { - if st.FuncDone[idx] { - continue - } - args := "{}" - if b := st.FuncArgsBuf[idx]; b != nil && b.Len() > 0 { - args = b.String() - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - fcDone, _ = sjson.Set(fcDone, "output_index", idx) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", st.FuncCallIDs[idx])) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", st.FuncCallIDs[idx]) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[idx]) - out = append(out, emitEvent("response.output_item.done", itemDone)) - - st.FuncDone[idx] = true - } - } - - // Reasoning already finalized above if present - - // Build response.completed with aggregated outputs and request echo fields - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.CreatedAt) - - if reqJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON); len(reqJSON) > 0 { - req := unwrapRequestRoot(gjson.ParseBytes(reqJSON)) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - - // Compose outputs in output_index order. - outputsWrapper := `{"arr":[]}` - for idx := 0; idx < st.NextIndex; idx++ { - if st.ReasoningOpened && idx == st.ReasoningIndex { - item := `{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", st.ReasoningItemID) - item, _ = sjson.Set(item, "encrypted_content", st.ReasoningEnc) - item, _ = sjson.Set(item, "summary.0.text", st.ReasoningBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - continue - } - if st.MsgOpened && idx == st.MsgIndex { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", st.CurrentMsgID) - item, _ = sjson.Set(item, "content.0.text", st.TextBuf.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - continue - } - - if callID, ok := st.FuncCallIDs[idx]; ok && callID != "" { - args := "{}" - if b := st.FuncArgsBuf[idx]; b != nil && b.Len() > 0 { - args = b.String() - } - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", st.FuncNames[idx]) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // usage mapping - if um := root.Get("usageMetadata"); um.Exists() { - // input tokens = prompt only (thoughts go to output) - input := um.Get("promptTokenCount").Int() - completed, _ = sjson.Set(completed, "response.usage.input_tokens", input) - // cached token details: align with OpenAI "cached_tokens" semantics. - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", um.Get("cachedContentTokenCount").Int()) - // output tokens - if v := um.Get("candidatesTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.output_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.output_tokens", 0) - } - if v := um.Get("thoughtsTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", 0) - } - if v := um.Get("totalTokenCount"); v.Exists() { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", v.Int()) - } else { - completed, _ = sjson.Set(completed, "response.usage.total_tokens", 0) - } - } - - out = append(out, emitEvent("response.completed", completed)) - } - - return out -} - -// ConvertGeminiResponseToOpenAIResponsesNonStream aggregates Gemini response JSON into a single OpenAI Responses JSON object. -func ConvertGeminiResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - root = unwrapGeminiResponseRoot(root) - - // Base response scaffold - resp := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null}` - - // id: prefer provider responseId, otherwise synthesize - id := root.Get("responseId").String() - if id == "" { - id = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - // Normalize to response-style id (prefix resp_ if missing) - if !strings.HasPrefix(id, "resp_") { - id = fmt.Sprintf("resp_%s", id) - } - resp, _ = sjson.Set(resp, "id", id) - - // created_at: map from createTime if available - createdAt := time.Now().Unix() - if v := root.Get("createTime"); v.Exists() { - if t, errParseCreateTime := time.Parse(time.RFC3339Nano, v.String()); errParseCreateTime == nil { - createdAt = t.Unix() - } - } - resp, _ = sjson.Set(resp, "created_at", createdAt) - - // Echo request fields when present; fallback model from response modelVersion - if reqJSON := pickRequestJSON(originalRequestRawJSON, requestRawJSON); len(reqJSON) > 0 { - req := unwrapRequestRoot(gjson.ParseBytes(reqJSON)) - if v := req.Get("instructions"); v.Exists() { - resp, _ = sjson.Set(resp, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } else if v = root.Get("modelVersion"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - resp, _ = sjson.Set(resp, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - resp, _ = sjson.Set(resp, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - resp, _ = sjson.Set(resp, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - resp, _ = sjson.Set(resp, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - resp, _ = sjson.Set(resp, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - resp, _ = sjson.Set(resp, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - resp, _ = sjson.Set(resp, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - resp, _ = sjson.Set(resp, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - resp, _ = sjson.Set(resp, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - resp, _ = sjson.Set(resp, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - resp, _ = sjson.Set(resp, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - resp, _ = sjson.Set(resp, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - resp, _ = sjson.Set(resp, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - resp, _ = sjson.Set(resp, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - resp, _ = sjson.Set(resp, "metadata", v.Value()) - } - } else if v := root.Get("modelVersion"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - - // Build outputs from candidates[0].content.parts - var reasoningText strings.Builder - var reasoningEncrypted string - var messageText strings.Builder - var haveMessage bool - - haveOutput := false - ensureOutput := func() { - if haveOutput { - return - } - resp, _ = sjson.SetRaw(resp, "output", "[]") - haveOutput = true - } - appendOutput := func(itemJSON string) { - ensureOutput() - resp, _ = sjson.SetRaw(resp, "output.-1", itemJSON) - } - - if parts := root.Get("candidates.0.content.parts"); parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, p gjson.Result) bool { - if p.Get("thought").Bool() { - if t := p.Get("text"); t.Exists() { - reasoningText.WriteString(t.String()) - } - if sig := p.Get("thoughtSignature"); sig.Exists() && sig.String() != "" { - reasoningEncrypted = sig.String() - } - return true - } - if t := p.Get("text"); t.Exists() && t.String() != "" { - messageText.WriteString(t.String()) - haveMessage = true - return true - } - if fc := p.Get("functionCall"); fc.Exists() { - name := fc.Get("name").String() - args := fc.Get("args") - callID := fmt.Sprintf("call_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&funcCallIDCounter, 1)) - itemJSON := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("fc_%s", callID)) - itemJSON, _ = sjson.Set(itemJSON, "call_id", callID) - itemJSON, _ = sjson.Set(itemJSON, "name", name) - argsStr := "" - if args.Exists() { - argsStr = args.Raw - } - itemJSON, _ = sjson.Set(itemJSON, "arguments", argsStr) - appendOutput(itemJSON) - return true - } - return true - }) - } - - // Reasoning output item - if reasoningText.Len() > 0 || reasoningEncrypted != "" { - rid := strings.TrimPrefix(id, "resp_") - itemJSON := `{"id":"","type":"reasoning","encrypted_content":""}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("rs_%s", rid)) - itemJSON, _ = sjson.Set(itemJSON, "encrypted_content", reasoningEncrypted) - if reasoningText.Len() > 0 { - summaryJSON := `{"type":"summary_text","text":""}` - summaryJSON, _ = sjson.Set(summaryJSON, "text", reasoningText.String()) - itemJSON, _ = sjson.SetRaw(itemJSON, "summary", "[]") - itemJSON, _ = sjson.SetRaw(itemJSON, "summary.-1", summaryJSON) - } - appendOutput(itemJSON) - } - - // Assistant message output item - if haveMessage { - itemJSON := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - itemJSON, _ = sjson.Set(itemJSON, "id", fmt.Sprintf("msg_%s_0", strings.TrimPrefix(id, "resp_"))) - itemJSON, _ = sjson.Set(itemJSON, "content.0.text", messageText.String()) - appendOutput(itemJSON) - } - - // usage mapping - if um := root.Get("usageMetadata"); um.Exists() { - // input tokens = prompt only (thoughts go to output) - input := um.Get("promptTokenCount").Int() - resp, _ = sjson.Set(resp, "usage.input_tokens", input) - // cached token details: align with OpenAI "cached_tokens" semantics. - resp, _ = sjson.Set(resp, "usage.input_tokens_details.cached_tokens", um.Get("cachedContentTokenCount").Int()) - // output tokens - if v := um.Get("candidatesTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens", v.Int()) - } - if v := um.Get("thoughtsTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens_details.reasoning_tokens", v.Int()) - } - if v := um.Get("totalTokenCount"); v.Exists() { - resp, _ = sjson.Set(resp, "usage.total_tokens", v.Int()) - } - } - - return resp -} diff --git a/internal/translator/gemini/openai/responses/gemini_openai-responses_response_test.go b/internal/translator/gemini/openai/responses/gemini_openai-responses_response_test.go deleted file mode 100644 index 9899c59458..0000000000 --- a/internal/translator/gemini/openai/responses/gemini_openai-responses_response_test.go +++ /dev/null @@ -1,353 +0,0 @@ -package responses - -import ( - "context" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func parseSSEEvent(t *testing.T, chunk string) (string, gjson.Result) { - t.Helper() - - lines := strings.Split(chunk, "\n") - if len(lines) < 2 { - t.Fatalf("unexpected SSE chunk: %q", chunk) - } - - event := strings.TrimSpace(strings.TrimPrefix(lines[0], "event:")) - dataLine := strings.TrimSpace(strings.TrimPrefix(lines[1], "data:")) - if !gjson.Valid(dataLine) { - t.Fatalf("invalid SSE data JSON: %q", dataLine) - } - return event, gjson.Parse(dataLine) -} - -func TestConvertGeminiResponseToOpenAIResponses_UnwrapAndAggregateText(t *testing.T) { - // Vertex-style Gemini stream wraps the actual response payload under "response". - // This test ensures we unwrap and that output_text.done contains the full text. - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"让"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"我先"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"了解"}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"mcp__serena__list_dir","args":{"recursive":false,"relative_path":"internal"},"id":"toolu_1"}}]}}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15,"cachedContentTokenCount":2},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - } - - originalReq := []byte(`{"instructions":"test instructions","model":"gpt-5","max_output_tokens":123}`) - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", originalReq, nil, []byte(line), ¶m)...) - } - - var ( - gotTextDone bool - gotMessageDone bool - gotResponseDone bool - gotFuncDone bool - - textDone string - messageText string - responseID string - instructions string - cachedTokens int64 - - funcName string - funcArgs string - - posTextDone = -1 - posPartDone = -1 - posMessageDone = -1 - posFuncAdded = -1 - ) - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_text.done": - gotTextDone = true - if posTextDone == -1 { - posTextDone = i - } - textDone = data.Get("text").String() - case "response.content_part.done": - if posPartDone == -1 { - posPartDone = i - } - case "response.output_item.done": - switch data.Get("item.type").String() { - case "message": - gotMessageDone = true - if posMessageDone == -1 { - posMessageDone = i - } - messageText = data.Get("item.content.0.text").String() - case "function_call": - gotFuncDone = true - funcName = data.Get("item.name").String() - funcArgs = data.Get("item.arguments").String() - } - case "response.output_item.added": - if data.Get("item.type").String() == "function_call" && posFuncAdded == -1 { - posFuncAdded = i - } - case "response.completed": - gotResponseDone = true - responseID = data.Get("response.id").String() - instructions = data.Get("response.instructions").String() - cachedTokens = data.Get("response.usage.input_tokens_details.cached_tokens").Int() - } - } - - if !gotTextDone { - t.Fatalf("missing response.output_text.done event") - } - if posTextDone == -1 || posPartDone == -1 || posMessageDone == -1 || posFuncAdded == -1 { - t.Fatalf("missing ordering events: textDone=%d partDone=%d messageDone=%d funcAdded=%d", posTextDone, posPartDone, posMessageDone, posFuncAdded) - } - if !(posTextDone < posPartDone && posPartDone < posMessageDone && posMessageDone < posFuncAdded) { - t.Fatalf("unexpected message/function ordering: textDone=%d partDone=%d messageDone=%d funcAdded=%d", posTextDone, posPartDone, posMessageDone, posFuncAdded) - } - if !gotMessageDone { - t.Fatalf("missing message response.output_item.done event") - } - if !gotFuncDone { - t.Fatalf("missing function_call response.output_item.done event") - } - if !gotResponseDone { - t.Fatalf("missing response.completed event") - } - - if textDone != "让我先了解" { - t.Fatalf("unexpected output_text.done text: got %q", textDone) - } - if messageText != "让我先了解" { - t.Fatalf("unexpected message done text: got %q", messageText) - } - - if responseID != "resp_req_vrtx_1" { - t.Fatalf("unexpected response id: got %q", responseID) - } - if instructions != "test instructions" { - t.Fatalf("unexpected instructions echo: got %q", instructions) - } - if cachedTokens != 2 { - t.Fatalf("unexpected cached token count: got %d", cachedTokens) - } - - if funcName != "mcp__serena__list_dir" { - t.Fatalf("unexpected function name: got %q", funcName) - } - if !gjson.Valid(funcArgs) { - t.Fatalf("invalid function arguments JSON: %q", funcArgs) - } - if gjson.Get(funcArgs, "recursive").Bool() != false { - t.Fatalf("unexpected recursive arg: %v", gjson.Get(funcArgs, "recursive").Value()) - } - if gjson.Get(funcArgs, "relative_path").String() != "internal" { - t.Fatalf("unexpected relative_path arg: %q", gjson.Get(funcArgs, "relative_path").String()) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_ReasoningEncryptedContent(t *testing.T) { - sig := "RXE0RENrZ0lDeEFDR0FJcVFOZDdjUzlleGFuRktRdFcvSzNyZ2MvWDNCcDQ4RmxSbGxOWUlOVU5kR1l1UHMrMGdkMVp0Vkg3ekdKU0g4YVljc2JjN3lNK0FrdGpTNUdqamI4T3Z0VVNETzdQd3pmcFhUOGl3U3hXUEJvTVFRQ09mWTFyMEtTWGZxUUlJakFqdmFGWk83RW1XRlBKckJVOVpkYzdDKw==" - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"thoughtSignature":"` + sig + `","text":""}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"thought":true,"text":"a"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"hello"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"modelVersion":"test-model","responseId":"req_vrtx_sig"},"traceId":"t1"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - var ( - addedEnc string - doneEnc string - ) - for _, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.added": - if data.Get("item.type").String() == "reasoning" { - addedEnc = data.Get("item.encrypted_content").String() - } - case "response.output_item.done": - if data.Get("item.type").String() == "reasoning" { - doneEnc = data.Get("item.encrypted_content").String() - } - } - } - - if addedEnc != sig { - t.Fatalf("unexpected encrypted_content in response.output_item.added: got %q", addedEnc) - } - if doneEnc != sig { - t.Fatalf("unexpected encrypted_content in response.output_item.done: got %q", doneEnc) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_FunctionCallEventOrder(t *testing.T) { - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool0"}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool1"}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool2","args":{"a":1}}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":10,"candidatesTokenCount":5,"totalTokenCount":15,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_1"},"traceId":"t1"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - posAdded := []int{-1, -1, -1} - posArgsDelta := []int{-1, -1, -1} - posArgsDone := []int{-1, -1, -1} - posItemDone := []int{-1, -1, -1} - posCompleted := -1 - deltaByIndex := map[int]string{} - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.added": - if data.Get("item.type").String() != "function_call" { - continue - } - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posAdded) { - posAdded[idx] = i - } - case "response.function_call_arguments.delta": - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posArgsDelta) { - posArgsDelta[idx] = i - deltaByIndex[idx] = data.Get("delta").String() - } - case "response.function_call_arguments.done": - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posArgsDone) { - posArgsDone[idx] = i - } - case "response.output_item.done": - if data.Get("item.type").String() != "function_call" { - continue - } - idx := int(data.Get("output_index").Int()) - if idx >= 0 && idx < len(posItemDone) { - posItemDone[idx] = i - } - case "response.completed": - posCompleted = i - - output := data.Get("response.output") - if !output.Exists() || !output.IsArray() { - t.Fatalf("missing response.output in response.completed") - } - if len(output.Array()) != 3 { - t.Fatalf("unexpected response.output length: got %d", len(output.Array())) - } - if data.Get("response.output.0.name").String() != "tool0" || data.Get("response.output.0.arguments").String() != "{}" { - t.Fatalf("unexpected output[0]: %s", data.Get("response.output.0").Raw) - } - if data.Get("response.output.1.name").String() != "tool1" || data.Get("response.output.1.arguments").String() != "{}" { - t.Fatalf("unexpected output[1]: %s", data.Get("response.output.1").Raw) - } - if data.Get("response.output.2.name").String() != "tool2" { - t.Fatalf("unexpected output[2] name: %s", data.Get("response.output.2").Raw) - } - if !gjson.Valid(data.Get("response.output.2.arguments").String()) { - t.Fatalf("unexpected output[2] arguments: %q", data.Get("response.output.2.arguments").String()) - } - } - } - - if posCompleted == -1 { - t.Fatalf("missing response.completed event") - } - for idx := 0; idx < 3; idx++ { - if posAdded[idx] == -1 || posArgsDelta[idx] == -1 || posArgsDone[idx] == -1 || posItemDone[idx] == -1 { - t.Fatalf("missing function call events for output_index %d: added=%d argsDelta=%d argsDone=%d itemDone=%d", idx, posAdded[idx], posArgsDelta[idx], posArgsDone[idx], posItemDone[idx]) - } - if !(posAdded[idx] < posArgsDelta[idx] && posArgsDelta[idx] < posArgsDone[idx] && posArgsDone[idx] < posItemDone[idx]) { - t.Fatalf("unexpected ordering for output_index %d: added=%d argsDelta=%d argsDone=%d itemDone=%d", idx, posAdded[idx], posArgsDelta[idx], posArgsDone[idx], posItemDone[idx]) - } - if idx > 0 && !(posItemDone[idx-1] < posAdded[idx]) { - t.Fatalf("function call events overlap between %d and %d: prevDone=%d nextAdded=%d", idx-1, idx, posItemDone[idx-1], posAdded[idx]) - } - } - - if deltaByIndex[0] != "{}" { - t.Fatalf("unexpected delta for output_index 0: got %q", deltaByIndex[0]) - } - if deltaByIndex[1] != "{}" { - t.Fatalf("unexpected delta for output_index 1: got %q", deltaByIndex[1]) - } - if deltaByIndex[2] == "" || !gjson.Valid(deltaByIndex[2]) || gjson.Get(deltaByIndex[2], "a").Int() != 1 { - t.Fatalf("unexpected delta for output_index 2: got %q", deltaByIndex[2]) - } - if !(posItemDone[2] < posCompleted) { - t.Fatalf("response.completed should be after last output_item.done: last=%d completed=%d", posItemDone[2], posCompleted) - } -} - -func TestConvertGeminiResponseToOpenAIResponses_ResponseOutputOrdering(t *testing.T) { - in := []string{ - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"functionCall":{"name":"tool0","args":{"x":"y"}}}]}}],"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":"hi"}]}}],"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - `data: {"response":{"candidates":[{"content":{"role":"model","parts":[{"text":""}]},"finishReason":"STOP"}],"usageMetadata":{"promptTokenCount":1,"candidatesTokenCount":1,"totalTokenCount":2,"cachedContentTokenCount":0},"modelVersion":"test-model","responseId":"req_vrtx_2"},"traceId":"t2"}`, - } - - var param any - var out []string - for _, line := range in { - out = append(out, ConvertGeminiResponseToOpenAIResponses(context.Background(), "test-model", nil, nil, []byte(line), ¶m)...) - } - - posFuncDone := -1 - posMsgAdded := -1 - posCompleted := -1 - - for i, chunk := range out { - ev, data := parseSSEEvent(t, chunk) - switch ev { - case "response.output_item.done": - if data.Get("item.type").String() == "function_call" && data.Get("output_index").Int() == 0 { - posFuncDone = i - } - case "response.output_item.added": - if data.Get("item.type").String() == "message" && data.Get("output_index").Int() == 1 { - posMsgAdded = i - } - case "response.completed": - posCompleted = i - if data.Get("response.output.0.type").String() != "function_call" { - t.Fatalf("expected response.output[0] to be function_call: %s", data.Get("response.output.0").Raw) - } - if data.Get("response.output.1.type").String() != "message" { - t.Fatalf("expected response.output[1] to be message: %s", data.Get("response.output.1").Raw) - } - if data.Get("response.output.1.content.0.text").String() != "hi" { - t.Fatalf("unexpected message text in response.output[1]: %s", data.Get("response.output.1").Raw) - } - } - } - - if posFuncDone == -1 || posMsgAdded == -1 || posCompleted == -1 { - t.Fatalf("missing required events: funcDone=%d msgAdded=%d completed=%d", posFuncDone, posMsgAdded, posCompleted) - } - if !(posFuncDone < posMsgAdded) { - t.Fatalf("expected function_call to complete before message is added: funcDone=%d msgAdded=%d", posFuncDone, posMsgAdded) - } - if !(posMsgAdded < posCompleted) { - t.Fatalf("expected response.completed after message added: msgAdded=%d completed=%d", posMsgAdded, posCompleted) - } -} diff --git a/internal/translator/gemini/openai/responses/init.go b/internal/translator/gemini/openai/responses/init.go deleted file mode 100644 index 3ae6f3f181..0000000000 --- a/internal/translator/gemini/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - Gemini, - ConvertOpenAIResponsesRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAIResponses, - NonStream: ConvertGeminiResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/internal/translator/init.go b/internal/translator/init.go deleted file mode 100644 index 5f30e30956..0000000000 --- a/internal/translator/init.go +++ /dev/null @@ -1,39 +0,0 @@ -package translator - -import ( - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/claude/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/claude/gemini-cli" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/claude/openai/chat-completions" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/claude/openai/responses" - - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/gemini-cli" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/openai/chat-completions" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/codex/openai/responses" - - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini-cli/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini-cli/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini-cli/openai/chat-completions" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini-cli/openai/responses" - - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/gemini-cli" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/chat-completions" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/gemini/openai/responses" - - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/gemini-cli" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/openai/chat-completions" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/openai/responses" - - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/antigravity/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/antigravity/gemini" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/antigravity/openai/chat-completions" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/antigravity/openai/responses" - - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/claude" - _ "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/openai" -) diff --git a/internal/translator/kiro/claude/init.go b/internal/translator/kiro/claude/init.go deleted file mode 100644 index 46311b0d3d..0000000000 --- a/internal/translator/kiro/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package claude provides translation between Kiro and Claude formats. -package claude - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - Kiro, - ConvertClaudeRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToClaude, - NonStream: ConvertKiroNonStreamToClaude, - }, - ) -} diff --git a/internal/translator/kiro/claude/kiro_claude.go b/internal/translator/kiro/claude/kiro_claude.go deleted file mode 100644 index 752a00d987..0000000000 --- a/internal/translator/kiro/claude/kiro_claude.go +++ /dev/null @@ -1,21 +0,0 @@ -// Package claude provides translation between Kiro and Claude formats. -// Since Kiro executor generates Claude-compatible SSE format internally (with event: prefix), -// translations are pass-through for streaming, but responses need proper formatting. -package claude - -import ( - "context" -) - -// ConvertKiroStreamToClaude converts Kiro streaming response to Claude format. -// Kiro executor already generates complete SSE format with "event:" prefix, -// so this is a simple pass-through. -func ConvertKiroStreamToClaude(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) []string { - return []string{string(rawResponse)} -} - -// ConvertKiroNonStreamToClaude converts Kiro non-streaming response to Claude format. -// The response is already in Claude format, so this is a pass-through. -func ConvertKiroNonStreamToClaude(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) string { - return string(rawResponse) -} diff --git a/internal/translator/kiro/claude/kiro_claude_request.go b/internal/translator/kiro/claude/kiro_claude_request.go deleted file mode 100644 index dfc4a3df14..0000000000 --- a/internal/translator/kiro/claude/kiro_claude_request.go +++ /dev/null @@ -1,965 +0,0 @@ -// Package claude provides request translation functionality for Claude API to Kiro format. -// It handles parsing and transforming Claude API requests into the Kiro/Amazon Q API format, -// extracting model information, system instructions, message contents, and tool declarations. -package claude - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - "time" - "unicode/utf8" - - "github.com/google/uuid" - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// remoteWebSearchDescription is a minimal fallback for when dynamic fetch from MCP tools/list hasn't completed yet. -const remoteWebSearchDescription = "WebSearch looks up information outside the model's training data. Supports multiple queries to gather comprehensive information." - -// Kiro API request structs - field order determines JSON key order - -// KiroPayload is the top-level request structure for Kiro API -type KiroPayload struct { - ConversationState KiroConversationState `json:"conversationState"` - ProfileArn string `json:"profileArn,omitempty"` - InferenceConfig *KiroInferenceConfig `json:"inferenceConfig,omitempty"` -} - -// KiroInferenceConfig contains inference parameters for the Kiro API. -type KiroInferenceConfig struct { - MaxTokens int `json:"maxTokens,omitempty"` - Temperature float64 `json:"temperature,omitempty"` - TopP float64 `json:"topP,omitempty"` -} - -// KiroConversationState holds the conversation context -type KiroConversationState struct { - ChatTriggerType string `json:"chatTriggerType"` // Required: "MANUAL" - must be first field - ConversationID string `json:"conversationId"` - CurrentMessage KiroCurrentMessage `json:"currentMessage"` - History []KiroHistoryMessage `json:"history,omitempty"` -} - -// KiroCurrentMessage wraps the current user message -type KiroCurrentMessage struct { - UserInputMessage KiroUserInputMessage `json:"userInputMessage"` -} - -// KiroHistoryMessage represents a message in the conversation history -type KiroHistoryMessage struct { - UserInputMessage *KiroUserInputMessage `json:"userInputMessage,omitempty"` - AssistantResponseMessage *KiroAssistantResponseMessage `json:"assistantResponseMessage,omitempty"` -} - -// KiroImage represents an image in Kiro API format -type KiroImage struct { - Format string `json:"format"` - Source KiroImageSource `json:"source"` -} - -// KiroImageSource contains the image data -type KiroImageSource struct { - Bytes string `json:"bytes"` // base64 encoded image data -} - -// KiroUserInputMessage represents a user message -type KiroUserInputMessage struct { - Content string `json:"content"` - ModelID string `json:"modelId"` - Origin string `json:"origin"` - Images []KiroImage `json:"images,omitempty"` - UserInputMessageContext *KiroUserInputMessageContext `json:"userInputMessageContext,omitempty"` -} - -// KiroUserInputMessageContext contains tool-related context -type KiroUserInputMessageContext struct { - ToolResults []KiroToolResult `json:"toolResults,omitempty"` - Tools []KiroToolWrapper `json:"tools,omitempty"` -} - -// KiroToolResult represents a tool execution result -type KiroToolResult struct { - Content []KiroTextContent `json:"content"` - Status string `json:"status"` - ToolUseID string `json:"toolUseId"` -} - -// KiroTextContent represents text content -type KiroTextContent struct { - Text string `json:"text"` -} - -// KiroToolWrapper wraps a tool specification -type KiroToolWrapper struct { - ToolSpecification KiroToolSpecification `json:"toolSpecification"` -} - -// KiroToolSpecification defines a tool's schema -type KiroToolSpecification struct { - Name string `json:"name"` - Description string `json:"description"` - InputSchema KiroInputSchema `json:"inputSchema"` -} - -// KiroInputSchema wraps the JSON schema for tool input -type KiroInputSchema struct { - JSON interface{} `json:"json"` -} - -// KiroAssistantResponseMessage represents an assistant message -type KiroAssistantResponseMessage struct { - Content string `json:"content"` - ToolUses []KiroToolUse `json:"toolUses,omitempty"` -} - -// KiroToolUse represents a tool invocation by the assistant -type KiroToolUse struct { - ToolUseID string `json:"toolUseId"` - Name string `json:"name"` - Input map[string]interface{} `json:"input"` - IsTruncated bool `json:"-"` // Internal flag, not serialized - TruncationInfo *TruncationInfo `json:"-"` // Truncation details, not serialized -} - -// ConvertClaudeRequestToKiro converts a Claude API request to Kiro format. -// This is the main entry point for request translation. -func ConvertClaudeRequestToKiro(modelName string, inputRawJSON []byte, stream bool) []byte { - // For Kiro, we pass through the Claude format since buildKiroPayload - // expects Claude format and does the conversion internally. - // The actual conversion happens in the executor when building the HTTP request. - return inputRawJSON -} - -// BuildKiroPayload constructs the Kiro API request payload from Claude format. -// Supports tool calling - tools are passed via userInputMessageContext. -// origin parameter determines which quota to use: "CLI" for Amazon Q, "AI_EDITOR" for Kiro IDE. -// isAgentic parameter enables chunked write optimization prompt for -agentic model variants. -// isChatOnly parameter disables tool calling for -chat model variants (pure conversation mode). -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// metadata parameter is kept for API compatibility but no longer used for thinking configuration. -// Supports thinking mode - when enabled, injects thinking tags into system prompt. -// Returns the payload and a boolean indicating whether thinking mode was injected. -func BuildKiroPayload(claudeBody []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, headers http.Header, metadata map[string]any) ([]byte, bool) { - // Extract max_tokens for potential use in inferenceConfig - // Handle -1 as "use maximum" (Kiro max output is ~32000 tokens) - const kiroMaxOutputTokens = 32000 - var maxTokens int64 - if mt := gjson.GetBytes(claudeBody, "max_tokens"); mt.Exists() { - maxTokens = mt.Int() - if maxTokens == -1 { - maxTokens = kiroMaxOutputTokens - log.Debugf("kiro: max_tokens=-1 converted to %d", kiroMaxOutputTokens) - } - } - - // Extract temperature if specified - var temperature float64 - var hasTemperature bool - if temp := gjson.GetBytes(claudeBody, "temperature"); temp.Exists() { - temperature = temp.Float() - hasTemperature = true - } - - // Extract top_p if specified - var topP float64 - var hasTopP bool - if tp := gjson.GetBytes(claudeBody, "top_p"); tp.Exists() { - topP = tp.Float() - hasTopP = true - log.Debugf("kiro: extracted top_p: %.2f", topP) - } - - // Normalize origin value for Kiro API compatibility - origin = normalizeOrigin(origin) - log.Debugf("kiro: normalized origin value: %s", origin) - - messages := gjson.GetBytes(claudeBody, "messages") - - // For chat-only mode, don't include tools - var tools gjson.Result - if !isChatOnly { - tools = gjson.GetBytes(claudeBody, "tools") - } - - // Extract system prompt - systemPrompt := extractSystemPrompt(claudeBody) - - // Check for thinking mode using the comprehensive IsThinkingEnabledWithHeaders function - // This supports Claude API format, OpenAI reasoning_effort, AMP/Cursor format, and Anthropic-Beta header - thinkingEnabled := IsThinkingEnabledWithHeaders(claudeBody, headers) - - // Inject timestamp context - timestamp := time.Now().Format("2006-01-02 15:04:05 MST") - timestampContext := fmt.Sprintf("[Context: Current time is %s]", timestamp) - if systemPrompt != "" { - systemPrompt = timestampContext + "\n\n" + systemPrompt - } else { - systemPrompt = timestampContext - } - log.Debugf("kiro: injected timestamp context: %s", timestamp) - - // Inject agentic optimization prompt for -agentic model variants - if isAgentic { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += kirocommon.KiroAgenticSystemPrompt - } - - // Handle tool_choice parameter - Kiro doesn't support it natively, so we inject system prompt hints - // Claude tool_choice values: {"type": "auto/any/tool", "name": "..."} - toolChoiceHint := extractClaudeToolChoiceHint(claudeBody) - if toolChoiceHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += toolChoiceHint - log.Debugf("kiro: injected tool_choice hint into system prompt") - } - - // Convert Claude tools to Kiro format - kiroTools := convertClaudeToolsToKiro(tools) - - // Thinking mode implementation: - // Kiro API supports official thinking/reasoning mode via tag. - // When set to "enabled", Kiro returns reasoning content as official reasoningContentEvent - // rather than inline tags in assistantResponseEvent. - // We cap max_thinking_length to reserve space for tool outputs and prevent truncation. - if thinkingEnabled { - thinkingHint := `enabled -16000` - if systemPrompt != "" { - systemPrompt = thinkingHint + "\n\n" + systemPrompt - } else { - systemPrompt = thinkingHint - } - log.Infof("kiro: injected thinking prompt (official mode), has_tools: %v", len(kiroTools) > 0) - } - - // Process messages and build history - history, currentUserMsg, currentToolResults := processMessages(messages, modelID, origin) - - // Build content with system prompt. - // Keep thinking tags on subsequent turns so multi-turn Claude sessions - // continue to emit reasoning events. - if currentUserMsg != nil { - currentUserMsg.Content = buildFinalContent(currentUserMsg.Content, systemPrompt, currentToolResults) - - // Deduplicate currentToolResults - currentToolResults = deduplicateToolResults(currentToolResults) - - // Build userInputMessageContext with tools and tool results - if len(kiroTools) > 0 || len(currentToolResults) > 0 { - currentUserMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - Tools: kiroTools, - ToolResults: currentToolResults, - } - } - } - - // Build payload - var currentMessage KiroCurrentMessage - if currentUserMsg != nil { - currentMessage = KiroCurrentMessage{UserInputMessage: *currentUserMsg} - } else { - fallbackContent := "" - if systemPrompt != "" { - fallbackContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n" - } - currentMessage = KiroCurrentMessage{UserInputMessage: KiroUserInputMessage{ - Content: fallbackContent, - ModelID: modelID, - Origin: origin, - }} - } - - // Build inferenceConfig if we have any inference parameters - // Note: Kiro API doesn't actually use max_tokens for thinking budget - var inferenceConfig *KiroInferenceConfig - if maxTokens > 0 || hasTemperature || hasTopP { - inferenceConfig = &KiroInferenceConfig{} - if maxTokens > 0 { - inferenceConfig.MaxTokens = int(maxTokens) - } - if hasTemperature { - inferenceConfig.Temperature = temperature - } - if hasTopP { - inferenceConfig.TopP = topP - } - } - - payload := KiroPayload{ - ConversationState: KiroConversationState{ - ChatTriggerType: "MANUAL", - ConversationID: uuid.New().String(), - CurrentMessage: currentMessage, - History: history, - }, - ProfileArn: profileArn, - InferenceConfig: inferenceConfig, - } - - result, err := json.Marshal(payload) - if err != nil { - log.Debugf("kiro: failed to marshal payload: %v", err) - return nil, false - } - - return result, thinkingEnabled -} - -// normalizeOrigin normalizes origin value for Kiro API compatibility -func normalizeOrigin(origin string) string { - switch origin { - case "KIRO_CLI": - return "CLI" - case "KIRO_AI_EDITOR": - return "AI_EDITOR" - case "AMAZON_Q": - return "CLI" - case "KIRO_IDE": - return "AI_EDITOR" - default: - return origin - } -} - -// extractSystemPrompt extracts system prompt from Claude request -func extractSystemPrompt(claudeBody []byte) string { - systemField := gjson.GetBytes(claudeBody, "system") - if systemField.IsArray() { - var sb strings.Builder - for _, block := range systemField.Array() { - if block.Get("type").String() == "text" { - sb.WriteString(block.Get("text").String()) - } else if block.Type == gjson.String { - sb.WriteString(block.String()) - } - } - return sb.String() - } - return systemField.String() -} - -// checkThinkingMode checks if thinking mode is enabled in the Claude request -func checkThinkingMode(claudeBody []byte) (bool, int64) { - thinkingEnabled := false - var budgetTokens int64 = 24000 - - thinkingField := gjson.GetBytes(claudeBody, "thinking") - if thinkingField.Exists() { - thinkingType := thinkingField.Get("type").String() - if thinkingType == "enabled" { - thinkingEnabled = true - if bt := thinkingField.Get("budget_tokens"); bt.Exists() { - budgetTokens = bt.Int() - if budgetTokens <= 0 { - thinkingEnabled = false - log.Debugf("kiro: thinking mode disabled via budget_tokens <= 0") - } - } - if thinkingEnabled { - log.Debugf("kiro: thinking mode enabled via Claude API parameter, budget_tokens: %d", budgetTokens) - } - } - } - - return thinkingEnabled, budgetTokens -} - -// hasThinkingTagInBody checks if the request body already contains thinking configuration tags. -// This is used to prevent duplicate injection when client (e.g., AMP/Cursor) already includes thinking config. -func hasThinkingTagInBody(body []byte) bool { - bodyStr := string(body) - return strings.Contains(bodyStr, "") || strings.Contains(bodyStr, "") -} - -// IsThinkingEnabledFromHeader checks if thinking mode is enabled via Anthropic-Beta header. -// Claude CLI uses "Anthropic-Beta: interleaved-thinking-2025-05-14" to enable thinking. -func IsThinkingEnabledFromHeader(headers http.Header) bool { - if headers == nil { - return false - } - betaHeader := headers.Get("Anthropic-Beta") - if betaHeader == "" { - return false - } - // Check for interleaved-thinking beta feature - if strings.Contains(betaHeader, "interleaved-thinking") { - log.Debugf("kiro: thinking mode enabled via Anthropic-Beta header: %s", betaHeader) - return true - } - return false -} - -// IsThinkingEnabled is a public wrapper to check if thinking mode is enabled. -// This is used by the executor to determine whether to parse tags in responses. -// When thinking is NOT enabled in the request, tags in responses should be -// treated as regular text content, not as thinking blocks. -// -// Supports multiple formats: -// - Claude API format: thinking.type = "enabled" -// - OpenAI format: reasoning_effort parameter -// - AMP/Cursor format: interleaved in system prompt -func IsThinkingEnabled(body []byte) bool { - return IsThinkingEnabledWithHeaders(body, nil) -} - -// IsThinkingEnabledWithHeaders checks if thinking mode is enabled from body or headers. -// This is the comprehensive check that supports all thinking detection methods: -// - Claude API format: thinking.type = "enabled" -// - OpenAI format: reasoning_effort parameter -// - AMP/Cursor format: interleaved in system prompt -// - Anthropic-Beta header: interleaved-thinking-2025-05-14 -func IsThinkingEnabledWithHeaders(body []byte, headers http.Header) bool { - // Check Anthropic-Beta header first (Claude Code uses this) - if IsThinkingEnabledFromHeader(headers) { - return true - } - - // Check Claude API format first (thinking.type = "enabled") - enabled, _ := checkThinkingMode(body) - if enabled { - log.Debugf("kiro: IsThinkingEnabled returning true (Claude API format)") - return true - } - - // Check OpenAI format: reasoning_effort parameter - // Valid values: "low", "medium", "high", "auto" (not "none") - reasoningEffort := gjson.GetBytes(body, "reasoning_effort") - if reasoningEffort.Exists() { - effort := reasoningEffort.String() - if effort != "" && effort != "none" { - log.Debugf("kiro: thinking mode enabled via OpenAI reasoning_effort: %s", effort) - return true - } - } - - // Check AMP/Cursor format: interleaved in system prompt - // This is how AMP client passes thinking configuration - bodyStr := string(body) - if strings.Contains(bodyStr, "") && strings.Contains(bodyStr, "") { - // Extract thinking mode value - startTag := "" - endTag := "" - startIdx := strings.Index(bodyStr, startTag) - if startIdx >= 0 { - startIdx += len(startTag) - endIdx := strings.Index(bodyStr[startIdx:], endTag) - if endIdx >= 0 { - thinkingMode := bodyStr[startIdx : startIdx+endIdx] - if thinkingMode == "interleaved" || thinkingMode == "enabled" { - log.Debugf("kiro: thinking mode enabled via AMP/Cursor format: %s", thinkingMode) - return true - } - } - } - } - - // Check OpenAI format: max_completion_tokens with reasoning (o1-style) - // Some clients use this to indicate reasoning mode - if gjson.GetBytes(body, "max_completion_tokens").Exists() { - // If max_completion_tokens is set, check if model name suggests reasoning - model := gjson.GetBytes(body, "model").String() - if strings.Contains(strings.ToLower(model), "thinking") || - strings.Contains(strings.ToLower(model), "reason") { - log.Debugf("kiro: thinking mode enabled via model name hint: %s", model) - return true - } - } - - // Check model name directly for thinking hints. - // This enables thinking variants even when clients don't send explicit thinking fields. - model := strings.TrimSpace(gjson.GetBytes(body, "model").String()) - modelLower := strings.ToLower(model) - if strings.Contains(modelLower, "thinking") || strings.Contains(modelLower, "-reason") { - log.Debugf("kiro: thinking mode enabled via model name hint: %s", model) - return true - } - - log.Debugf("kiro: IsThinkingEnabled returning false (no thinking mode detected)") - return false -} - -// shortenToolNameIfNeeded shortens tool names that exceed 64 characters. -// MCP tools often have long names like "mcp__server-name__tool-name". -// This preserves the "mcp__" prefix and last segment when possible. -func shortenToolNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - // For MCP tools, try to preserve prefix and last segment - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -func ensureKiroInputSchema(parameters interface{}) interface{} { - if parameters != nil { - return parameters - } - return map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{}, - } -} - -// convertClaudeToolsToKiro converts Claude tools to Kiro format -func convertClaudeToolsToKiro(tools gjson.Result) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - if !tools.IsArray() { - return kiroTools - } - - for _, tool := range tools.Array() { - name := tool.Get("name").String() - description := tool.Get("description").String() - inputSchemaResult := tool.Get("input_schema") - var inputSchema interface{} - if inputSchemaResult.Exists() && inputSchemaResult.Type != gjson.Null { - inputSchema = inputSchemaResult.Value() - } - inputSchema = ensureKiroInputSchema(inputSchema) - - // Shorten tool name if it exceeds 64 characters (common with MCP tools) - originalName := name - name = shortenToolNameIfNeeded(name) - if name != originalName { - log.Debugf("kiro: shortened tool name from '%s' to '%s'", originalName, name) - } - - // CRITICAL FIX: Kiro API requires non-empty description - if strings.TrimSpace(description) == "" { - description = fmt.Sprintf("Tool: %s", name) - log.Debugf("kiro: tool '%s' has empty description, using default: %s", name, description) - } - - // Rename web_search → remote_web_search for Kiro API compatibility - if name == "web_search" { - name = "remote_web_search" - // Prefer dynamically fetched description, fall back to hardcoded constant - if cached := GetWebSearchDescription(); cached != "" { - description = cached - } else { - description = remoteWebSearchDescription - } - log.Debugf("kiro: renamed tool web_search → remote_web_search") - } - - // Truncate long descriptions (individual tool limit) - if len(description) > kirocommon.KiroMaxToolDescLen { - truncLen := kirocommon.KiroMaxToolDescLen - 30 - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - description = description[:truncLen] + "... (description truncated)" - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: inputSchema}, - }, - }) - } - - // Apply dynamic compression if total tools size exceeds threshold - // This prevents 500 errors when Claude Code sends too many tools - kiroTools = compressToolsIfNeeded(kiroTools) - - return kiroTools -} - -// processMessages processes Claude messages and builds Kiro history -func processMessages(messages gjson.Result, modelID, origin string) ([]KiroHistoryMessage, *KiroUserInputMessage, []KiroToolResult) { - var history []KiroHistoryMessage - var currentUserMsg *KiroUserInputMessage - var currentToolResults []KiroToolResult - - // Merge adjacent messages with the same role - messagesArray := kirocommon.MergeAdjacentMessages(messages.Array()) - - // FIX: Kiro API requires history to start with a user message. - // Some clients (e.g., OpenClaw) send conversations starting with an assistant message, - // which is valid for the Claude API but causes "Improperly formed request" on Kiro. - // Prepend a placeholder user message so the history alternation is correct. - if len(messagesArray) > 0 && messagesArray[0].Get("role").String() == "assistant" { - placeholder := `{"role":"user","content":"."}` - messagesArray = append([]gjson.Result{gjson.Parse(placeholder)}, messagesArray...) - log.Infof("kiro: messages started with assistant role, prepended placeholder user message for Kiro API compatibility") - } - - for i, msg := range messagesArray { - role := msg.Get("role").String() - isLastMessage := i == len(messagesArray)-1 - - if role == "user" { - userMsg, toolResults := BuildUserMessageStruct(msg, modelID, origin) - // CRITICAL: Kiro API requires content to be non-empty for ALL user messages - // This includes both history messages and the current message. - // When user message contains only tool_result (no text), content will be empty. - // This commonly happens in compaction requests from OpenCode. - if strings.TrimSpace(userMsg.Content) == "" { - if len(toolResults) > 0 { - userMsg.Content = kirocommon.DefaultUserContentWithToolResults - } else { - userMsg.Content = kirocommon.DefaultUserContent - } - log.Debugf("kiro: user content was empty, using default: %s", userMsg.Content) - } - if isLastMessage { - currentUserMsg = &userMsg - currentToolResults = toolResults - } else { - // For history messages, embed tool results in context - if len(toolResults) > 0 { - userMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - ToolResults: toolResults, - } - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &userMsg, - }) - } - } else if role == "assistant" { - assistantMsg := BuildAssistantMessageStruct(msg) - if isLastMessage { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - // Create a "Continue" user message as currentMessage - currentUserMsg = &KiroUserInputMessage{ - Content: "Continue", - ModelID: modelID, - Origin: origin, - } - } else { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - } - } - } - - // POST-PROCESSING: Remove orphaned tool_results that have no matching tool_use - // in any assistant message. This happens when Claude Code compaction truncates - // the conversation and removes the assistant message containing the tool_use, - // but keeps the user message with the corresponding tool_result. - // Without this fix, Kiro API returns "Improperly formed request". - validToolUseIDs := make(map[string]bool) - for _, h := range history { - if h.AssistantResponseMessage != nil { - for _, tu := range h.AssistantResponseMessage.ToolUses { - validToolUseIDs[tu.ToolUseID] = true - } - } - } - - // Filter orphaned tool results from history user messages - for i, h := range history { - if h.UserInputMessage != nil && h.UserInputMessage.UserInputMessageContext != nil { - ctx := h.UserInputMessage.UserInputMessageContext - if len(ctx.ToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(ctx.ToolResults)) - for _, tr := range ctx.ToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - } else { - log.Debugf("kiro: dropping orphaned tool_result in history[%d]: toolUseId=%s (no matching tool_use)", i, tr.ToolUseID) - } - } - ctx.ToolResults = filtered - if len(ctx.ToolResults) == 0 && len(ctx.Tools) == 0 { - h.UserInputMessage.UserInputMessageContext = nil - } - } - } - } - - // Filter orphaned tool results from current message - if len(currentToolResults) > 0 { - filtered := make([]KiroToolResult, 0, len(currentToolResults)) - for _, tr := range currentToolResults { - if validToolUseIDs[tr.ToolUseID] { - filtered = append(filtered, tr) - } else { - log.Debugf("kiro: dropping orphaned tool_result in currentMessage: toolUseId=%s (no matching tool_use)", tr.ToolUseID) - } - } - if len(filtered) != len(currentToolResults) { - log.Infof("kiro: dropped %d orphaned tool_result(s) from currentMessage (compaction artifact)", len(currentToolResults)-len(filtered)) - } - currentToolResults = filtered - } - - return history, currentUserMsg, currentToolResults -} - -// buildFinalContent builds the final content with system prompt -func buildFinalContent(content, systemPrompt string, toolResults []KiroToolResult) string { - var contentBuilder strings.Builder - - if systemPrompt != "" { - contentBuilder.WriteString("--- SYSTEM PROMPT ---\n") - contentBuilder.WriteString(systemPrompt) - contentBuilder.WriteString("\n--- END SYSTEM PROMPT ---\n\n") - } - - contentBuilder.WriteString(content) - finalContent := contentBuilder.String() - - // CRITICAL: Kiro API requires content to be non-empty - if strings.TrimSpace(finalContent) == "" { - if len(toolResults) > 0 { - finalContent = "Tool results provided." - } else { - finalContent = "Continue" - } - log.Debugf("kiro: content was empty, using default: %s", finalContent) - } - - return finalContent -} - -// deduplicateToolResults removes duplicate tool results -func deduplicateToolResults(toolResults []KiroToolResult) []KiroToolResult { - if len(toolResults) == 0 { - return toolResults - } - - seenIDs := make(map[string]bool) - unique := make([]KiroToolResult, 0, len(toolResults)) - for _, tr := range toolResults { - if !seenIDs[tr.ToolUseID] { - seenIDs[tr.ToolUseID] = true - unique = append(unique, tr) - } else { - log.Debugf("kiro: skipping duplicate toolResult in currentMessage: %s", tr.ToolUseID) - } - } - return unique -} - -// extractClaudeToolChoiceHint extracts tool_choice from Claude request and returns a system prompt hint. -// Claude tool_choice values: -// - {"type": "auto"}: Model decides (default, no hint needed) -// - {"type": "any"}: Must use at least one tool -// - {"type": "tool", "name": "..."}: Must use specific tool -func extractClaudeToolChoiceHint(claudeBody []byte) string { - toolChoice := gjson.GetBytes(claudeBody, "tool_choice") - if !toolChoice.Exists() { - return "" - } - - toolChoiceType := toolChoice.Get("type").String() - switch toolChoiceType { - case "any": - return "[INSTRUCTION: You MUST use at least one of the available tools to respond. Do not respond with text only - always make a tool call.]" - case "tool": - toolName := toolChoice.Get("name").String() - if toolName != "" { - return fmt.Sprintf("[INSTRUCTION: You MUST use the tool named '%s' to respond. Do not use any other tool or respond with text only.]", toolName) - } - case "auto": - // Default behavior, no hint needed - return "" - } - - return "" -} - -// BuildUserMessageStruct builds a user message and extracts tool results -func BuildUserMessageStruct(msg gjson.Result, modelID, origin string) (KiroUserInputMessage, []KiroToolResult) { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolResults []KiroToolResult - var images []KiroImage - - // Track seen toolUseIds to deduplicate - seenToolUseIDs := make(map[string]bool) - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "image": - mediaType := part.Get("source.media_type").String() - data := part.Get("source.data").String() - - format := "" - if idx := strings.LastIndex(mediaType, "/"); idx != -1 { - format = mediaType[idx+1:] - } - - if format != "" && data != "" { - images = append(images, KiroImage{ - Format: format, - Source: KiroImageSource{ - Bytes: data, - }, - }) - } - case "tool_result": - toolUseID := part.Get("tool_use_id").String() - - // Skip duplicate toolUseIds - if seenToolUseIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate tool_result with toolUseId: %s", toolUseID) - continue - } - seenToolUseIDs[toolUseID] = true - - isError := part.Get("is_error").Bool() - resultContent := part.Get("content") - - var textContents []KiroTextContent - - // Check if this tool_result contains error from our SOFT_LIMIT_REACHED tool_use - // The client will return an error when trying to execute a tool with marker input - resultStr := resultContent.String() - isSoftLimitError := strings.Contains(resultStr, "SOFT_LIMIT_REACHED") || - strings.Contains(resultStr, "_status") || - strings.Contains(resultStr, "truncated") || - strings.Contains(resultStr, "missing required") || - strings.Contains(resultStr, "invalid input") || - strings.Contains(resultStr, "Error writing file") - - if isError && isSoftLimitError { - // Replace error content with SOFT_LIMIT_REACHED guidance - log.Infof("kiro: detected SOFT_LIMIT_REACHED in tool_result for %s, replacing with guidance", toolUseID) - softLimitMsg := `SOFT_LIMIT_REACHED - -Your previous tool call was incomplete due to API output size limits. -The content was PARTIALLY transmitted but NOT executed. - -REQUIRED ACTION: -1. Split your content into smaller chunks (max 300 lines per call) -2. For file writes: Create file with first chunk, then use append for remaining -3. Do NOT regenerate content you already attempted - continue from where you stopped - -STATUS: This is NOT an error. Continue with smaller chunks.` - textContents = append(textContents, KiroTextContent{Text: softLimitMsg}) - // Mark as SUCCESS so Claude doesn't treat it as a failure - isError = false - } else if resultContent.IsArray() { - for _, item := range resultContent.Array() { - if item.Get("type").String() == "text" { - textContents = append(textContents, KiroTextContent{Text: item.Get("text").String()}) - } else if item.Type == gjson.String { - textContents = append(textContents, KiroTextContent{Text: item.String()}) - } - } - } else if resultContent.Type == gjson.String { - textContents = append(textContents, KiroTextContent{Text: resultContent.String()}) - } - - if len(textContents) == 0 { - textContents = append(textContents, KiroTextContent{Text: "Tool use was cancelled by the user"}) - } - - status := "success" - if isError { - status = "error" - } - - toolResults = append(toolResults, KiroToolResult{ - ToolUseID: toolUseID, - Content: textContents, - Status: status, - }) - } - } - } else { - contentBuilder.WriteString(content.String()) - } - - userMsg := KiroUserInputMessage{ - Content: contentBuilder.String(), - ModelID: modelID, - Origin: origin, - } - - if len(images) > 0 { - userMsg.Images = images - } - - return userMsg, toolResults -} - -// BuildAssistantMessageStruct builds an assistant message with tool uses -func BuildAssistantMessageStruct(msg gjson.Result) KiroAssistantResponseMessage { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolUses []KiroToolUse - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "tool_use": - toolUseID := part.Get("id").String() - toolName := part.Get("name").String() - toolInput := part.Get("input") - - var inputMap map[string]interface{} - if toolInput.IsObject() { - inputMap = make(map[string]interface{}) - toolInput.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - // Rename web_search → remote_web_search to match convertClaudeToolsToKiro - if toolName == "web_search" { - toolName = "remote_web_search" - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - } else { - contentBuilder.WriteString(content.String()) - } - - // CRITICAL FIX: Kiro API requires non-empty content for assistant messages - // This can happen with compaction requests where assistant messages have only tool_use - // (no text content). Without this fix, Kiro API returns "Improperly formed request" error. - finalContent := contentBuilder.String() - if strings.TrimSpace(finalContent) == "" { - if len(toolUses) > 0 { - finalContent = kirocommon.DefaultAssistantContentWithTools - } else { - finalContent = kirocommon.DefaultAssistantContent - } - log.Debugf("kiro: assistant content was empty, using default: %s", finalContent) - } - - return KiroAssistantResponseMessage{ - Content: finalContent, - ToolUses: toolUses, - } -} diff --git a/internal/translator/kiro/claude/kiro_claude_response.go b/internal/translator/kiro/claude/kiro_claude_response.go deleted file mode 100644 index 028a2bfee6..0000000000 --- a/internal/translator/kiro/claude/kiro_claude_response.go +++ /dev/null @@ -1,230 +0,0 @@ -// Package claude provides response translation functionality for Kiro API to Claude format. -// This package handles the conversion of Kiro API responses into Claude-compatible format, -// including support for thinking blocks and tool use. -package claude - -import ( - "crypto/sha256" - "encoding/base64" - "encoding/json" - "strings" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" - - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" -) - -// generateThinkingSignature generates a signature for thinking content. -// This is required by Claude API for thinking blocks in non-streaming responses. -// The signature is a base64-encoded hash of the thinking content. -func generateThinkingSignature(thinkingContent string) string { - if thinkingContent == "" { - return "" - } - // Generate a deterministic signature based on content hash - hash := sha256.Sum256([]byte(thinkingContent)) - return base64.StdEncoding.EncodeToString(hash[:]) -} - -// Local references to kirocommon constants for thinking block parsing -var ( - thinkingStartTag = kirocommon.ThinkingStartTag - thinkingEndTag = kirocommon.ThinkingEndTag -) - -// BuildClaudeResponse constructs a Claude-compatible response. -// Supports tool_use blocks when tools are present in the response. -// Supports thinking blocks - parses tags and converts to Claude thinking content blocks. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildClaudeResponse(content string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - var contentBlocks []map[string]interface{} - - // Extract thinking blocks and text from content - if content != "" { - blocks := ExtractThinkingFromContent(content) - contentBlocks = append(contentBlocks, blocks...) - - // Log if thinking blocks were extracted - for _, block := range blocks { - if block["type"] == "thinking" { - thinkingContent := block["thinking"].(string) - log.Infof("kiro: buildClaudeResponse extracted thinking block (len: %d)", len(thinkingContent)) - } - } - } - - // Add tool_use blocks - emit truncated tools with SOFT_LIMIT_REACHED marker - hasTruncatedTools := false - for _, toolUse := range toolUses { - if toolUse.IsTruncated && toolUse.TruncationInfo != nil { - // Emit tool_use with SOFT_LIMIT_REACHED marker input - hasTruncatedTools = true - log.Infof("kiro: buildClaudeResponse emitting truncated tool with SOFT_LIMIT_REACHED: %s (ID: %s)", toolUse.Name, toolUse.ToolUseID) - - markerInput := map[string]interface{}{ - "_status": "SOFT_LIMIT_REACHED", - "_message": "Tool output was truncated. Split content into smaller chunks (max 300 lines). Due to potential model hallucination, you MUST re-fetch the current working directory and generate the correct file_path.", - } - - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "tool_use", - "id": toolUse.ToolUseID, - "name": toolUse.Name, - "input": markerInput, - }) - } else { - // Normal tool use - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "tool_use", - "id": toolUse.ToolUseID, - "name": toolUse.Name, - "input": toolUse.Input, - }) - } - } - - // Log if we used SOFT_LIMIT_REACHED - if hasTruncatedTools { - log.Infof("kiro: buildClaudeResponse using SOFT_LIMIT_REACHED - keeping stop_reason=tool_use") - } - - // Ensure at least one content block (Claude API requires non-empty content) - if len(contentBlocks) == 0 { - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": "", - }) - } - - // Use upstream stopReason; apply fallback logic if not provided - // SOFT_LIMIT_REACHED: Keep stop_reason = "tool_use" so Claude continues the loop - if stopReason == "" { - stopReason = "end_turn" - if len(toolUses) > 0 { - stopReason = "tool_use" - } - log.Debugf("kiro: buildClaudeResponse using fallback stop_reason: %s", stopReason) - } - - // Log warning if response was truncated due to max_tokens - if stopReason == "max_tokens" { - log.Warnf("kiro: response truncated due to max_tokens limit (buildClaudeResponse)") - } - - response := map[string]interface{}{ - "id": "msg_" + uuid.New().String()[:24], - "type": "message", - "role": "assistant", - "model": model, - "content": contentBlocks, - "stop_reason": stopReason, - "usage": map[string]interface{}{ - "input_tokens": usageInfo.InputTokens, - "output_tokens": usageInfo.OutputTokens, - }, - } - result, _ := json.Marshal(response) - return result -} - -// ExtractThinkingFromContent parses content to extract thinking blocks and text. -// Returns a list of content blocks in the order they appear in the content. -// Handles interleaved thinking and text blocks correctly. -func ExtractThinkingFromContent(content string) []map[string]interface{} { - var blocks []map[string]interface{} - - if content == "" { - return blocks - } - - // Check if content contains thinking tags at all - if !strings.Contains(content, thinkingStartTag) { - // No thinking tags, return as plain text - return []map[string]interface{}{ - { - "type": "text", - "text": content, - }, - } - } - - log.Debugf("kiro: extractThinkingFromContent - found thinking tags in content (len: %d)", len(content)) - - remaining := content - - for len(remaining) > 0 { - // Look for tag - startIdx := strings.Index(remaining, thinkingStartTag) - - if startIdx == -1 { - // No more thinking tags, add remaining as text - if strings.TrimSpace(remaining) != "" { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": remaining, - }) - } - break - } - - // Add text before thinking tag (if any meaningful content) - if startIdx > 0 { - textBefore := remaining[:startIdx] - if strings.TrimSpace(textBefore) != "" { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": textBefore, - }) - } - } - - // Move past the opening tag - remaining = remaining[startIdx+len(thinkingStartTag):] - - // Find closing tag - endIdx := strings.Index(remaining, thinkingEndTag) - - if endIdx == -1 { - // No closing tag found, treat rest as thinking content (incomplete response) - if strings.TrimSpace(remaining) != "" { - // Generate signature for thinking content (required by Claude API) - signature := generateThinkingSignature(remaining) - blocks = append(blocks, map[string]interface{}{ - "type": "thinking", - "thinking": remaining, - "signature": signature, - }) - log.Warnf("kiro: extractThinkingFromContent - missing closing tag") - } - break - } - - // Extract thinking content between tags - thinkContent := remaining[:endIdx] - if strings.TrimSpace(thinkContent) != "" { - // Generate signature for thinking content (required by Claude API) - signature := generateThinkingSignature(thinkContent) - blocks = append(blocks, map[string]interface{}{ - "type": "thinking", - "thinking": thinkContent, - "signature": signature, - }) - log.Debugf("kiro: extractThinkingFromContent - extracted thinking block (len: %d)", len(thinkContent)) - } - - // Move past the closing tag - remaining = remaining[endIdx+len(thinkingEndTag):] - } - - // If no blocks were created (all whitespace), return empty text block - if len(blocks) == 0 { - blocks = append(blocks, map[string]interface{}{ - "type": "text", - "text": "", - }) - } - - return blocks -} diff --git a/internal/translator/kiro/claude/kiro_claude_stream.go b/internal/translator/kiro/claude/kiro_claude_stream.go deleted file mode 100644 index c36d0fba6d..0000000000 --- a/internal/translator/kiro/claude/kiro_claude_stream.go +++ /dev/null @@ -1,306 +0,0 @@ -// Package claude provides streaming SSE event building for Claude format. -// This package handles the construction of Claude-compatible Server-Sent Events (SSE) -// for streaming responses from Kiro API. -package claude - -import ( - "encoding/json" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" -) - -// BuildClaudeMessageStartEvent creates the message_start SSE event -func BuildClaudeMessageStartEvent(model string, inputTokens int64) []byte { - event := map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": "msg_" + uuid.New().String()[:24], - "type": "message", - "role": "assistant", - "content": []interface{}{}, - "model": model, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{"input_tokens": inputTokens, "output_tokens": 0}, - }, - } - result, _ := json.Marshal(event) - return []byte("event: message_start\ndata: " + string(result)) -} - -// BuildClaudeContentBlockStartEvent creates a content_block_start SSE event -func BuildClaudeContentBlockStartEvent(index int, blockType, toolUseID, toolName string) []byte { - var contentBlock map[string]interface{} - switch blockType { - case "tool_use": - contentBlock = map[string]interface{}{ - "type": "tool_use", - "id": toolUseID, - "name": toolName, - "input": map[string]interface{}{}, - } - case "thinking": - contentBlock = map[string]interface{}{ - "type": "thinking", - "thinking": "", - } - default: - contentBlock = map[string]interface{}{ - "type": "text", - "text": "", - } - } - - event := map[string]interface{}{ - "type": "content_block_start", - "index": index, - "content_block": contentBlock, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_start\ndata: " + string(result)) -} - -// BuildClaudeStreamEvent creates a text_delta content_block_delta SSE event -func BuildClaudeStreamEvent(contentDelta string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "text_delta", - "text": contentDelta, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// BuildClaudeInputJsonDeltaEvent creates an input_json_delta event for tool use streaming -func BuildClaudeInputJsonDeltaEvent(partialJSON string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": partialJSON, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// BuildClaudeContentBlockStopEvent creates a content_block_stop SSE event -func BuildClaudeContentBlockStopEvent(index int) []byte { - event := map[string]interface{}{ - "type": "content_block_stop", - "index": index, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_stop\ndata: " + string(result)) -} - -// BuildClaudeThinkingBlockStopEvent creates a content_block_stop SSE event for thinking blocks. -func BuildClaudeThinkingBlockStopEvent(index int) []byte { - event := map[string]interface{}{ - "type": "content_block_stop", - "index": index, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_stop\ndata: " + string(result)) -} - -// BuildClaudeMessageDeltaEvent creates the message_delta event with stop_reason and usage -func BuildClaudeMessageDeltaEvent(stopReason string, usageInfo usage.Detail) []byte { - deltaEvent := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": stopReason, - "stop_sequence": nil, - }, - "usage": map[string]interface{}{ - "input_tokens": usageInfo.InputTokens, - "output_tokens": usageInfo.OutputTokens, - }, - } - deltaResult, _ := json.Marshal(deltaEvent) - return []byte("event: message_delta\ndata: " + string(deltaResult)) -} - -// BuildClaudeMessageStopOnlyEvent creates only the message_stop event -func BuildClaudeMessageStopOnlyEvent() []byte { - stopEvent := map[string]interface{}{ - "type": "message_stop", - } - stopResult, _ := json.Marshal(stopEvent) - return []byte("event: message_stop\ndata: " + string(stopResult)) -} - -// BuildClaudePingEventWithUsage creates a ping event with embedded usage information. -// This is used for real-time usage estimation during streaming. -func BuildClaudePingEventWithUsage(inputTokens, outputTokens int64) []byte { - event := map[string]interface{}{ - "type": "ping", - "usage": map[string]interface{}{ - "input_tokens": inputTokens, - "output_tokens": outputTokens, - "total_tokens": inputTokens + outputTokens, - "estimated": true, - }, - } - result, _ := json.Marshal(event) - return []byte("event: ping\ndata: " + string(result)) -} - -// BuildClaudeThinkingDeltaEvent creates a thinking_delta event for Claude API compatibility. -// This is used when streaming thinking content wrapped in tags. -func BuildClaudeThinkingDeltaEvent(thinkingDelta string, index int) []byte { - event := map[string]interface{}{ - "type": "content_block_delta", - "index": index, - "delta": map[string]interface{}{ - "type": "thinking_delta", - "thinking": thinkingDelta, - }, - } - result, _ := json.Marshal(event) - return []byte("event: content_block_delta\ndata: " + string(result)) -} - -// PendingTagSuffix detects if the buffer ends with a partial prefix of the given tag. -// Returns the length of the partial match (0 if no match). -// Based on amq2api implementation for handling cross-chunk tag boundaries. -func PendingTagSuffix(buffer, tag string) int { - if buffer == "" || tag == "" { - return 0 - } - maxLen := len(buffer) - if maxLen > len(tag)-1 { - maxLen = len(tag) - 1 - } - for length := maxLen; length > 0; length-- { - if len(buffer) >= length && buffer[len(buffer)-length:] == tag[:length] { - return length - } - } - return 0 -} - -// GenerateSearchIndicatorEvents generates ONLY the search indicator SSE events -// (server_tool_use + web_search_tool_result) without text summary or message termination. -// These events trigger Claude Code's search indicator UI. -// The caller is responsible for sending message_start before and message_delta/stop after. -func GenerateSearchIndicatorEvents( - query string, - toolUseID string, - searchResults *WebSearchResults, - startIndex int, -) [][]byte { - events := make([][]byte, 0, 5) - - // 1. content_block_start (server_tool_use) - event1 := map[string]interface{}{ - "type": "content_block_start", - "index": startIndex, - "content_block": map[string]interface{}{ - "id": toolUseID, - "type": "server_tool_use", - "name": "web_search", - "input": map[string]interface{}{}, - }, - } - data1, _ := json.Marshal(event1) - events = append(events, []byte("event: content_block_start\ndata: "+string(data1)+"\n\n")) - - // 2. content_block_delta (input_json_delta) - inputJSON, _ := json.Marshal(map[string]string{"query": query}) - event2 := map[string]interface{}{ - "type": "content_block_delta", - "index": startIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": string(inputJSON), - }, - } - data2, _ := json.Marshal(event2) - events = append(events, []byte("event: content_block_delta\ndata: "+string(data2)+"\n\n")) - - // 3. content_block_stop (server_tool_use) - event3 := map[string]interface{}{ - "type": "content_block_stop", - "index": startIndex, - } - data3, _ := json.Marshal(event3) - events = append(events, []byte("event: content_block_stop\ndata: "+string(data3)+"\n\n")) - - // 4. content_block_start (web_search_tool_result) - searchContent := make([]map[string]interface{}, 0) - if searchResults != nil { - for _, r := range searchResults.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - event4 := map[string]interface{}{ - "type": "content_block_start", - "index": startIndex + 1, - "content_block": map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": toolUseID, - "content": searchContent, - }, - } - data4, _ := json.Marshal(event4) - events = append(events, []byte("event: content_block_start\ndata: "+string(data4)+"\n\n")) - - // 5. content_block_stop (web_search_tool_result) - event5 := map[string]interface{}{ - "type": "content_block_stop", - "index": startIndex + 1, - } - data5, _ := json.Marshal(event5) - events = append(events, []byte("event: content_block_stop\ndata: "+string(data5)+"\n\n")) - - return events -} - -// BuildFallbackTextEvents generates SSE events for a fallback text response -// when the Kiro API fails during the search loop. Uses BuildClaude*Event() -// functions to align with streamToChannel patterns. -// Returns raw SSE byte slices ready to be sent to the client channel. -func BuildFallbackTextEvents(contentBlockIndex int, query string, results *WebSearchResults) [][]byte { - summary := FormatSearchContextPrompt(query, results) - outputTokens := len(summary) / 4 - if len(summary) > 0 && outputTokens == 0 { - outputTokens = 1 - } - - var events [][]byte - - // content_block_start (text) - events = append(events, BuildClaudeContentBlockStartEvent(contentBlockIndex, "text", "", "")) - - // content_block_delta (text_delta) - events = append(events, BuildClaudeStreamEvent(summary, contentBlockIndex)) - - // content_block_stop - events = append(events, BuildClaudeContentBlockStopEvent(contentBlockIndex)) - - // message_delta with end_turn - events = append(events, BuildClaudeMessageDeltaEvent("end_turn", usage.Detail{ - OutputTokens: int64(outputTokens), - })) - - // message_stop - events = append(events, BuildClaudeMessageStopOnlyEvent()) - - return events -} diff --git a/internal/translator/kiro/claude/kiro_claude_stream_parser.go b/internal/translator/kiro/claude/kiro_claude_stream_parser.go deleted file mode 100644 index 275196acfd..0000000000 --- a/internal/translator/kiro/claude/kiro_claude_stream_parser.go +++ /dev/null @@ -1,350 +0,0 @@ -package claude - -import ( - "encoding/json" - "strings" - - log "github.com/sirupsen/logrus" -) - -// sseEvent represents a Server-Sent Event -type sseEvent struct { - Event string - Data interface{} -} - -// ToSSEString converts the event to SSE wire format -func (e *sseEvent) ToSSEString() string { - dataBytes, _ := json.Marshal(e.Data) - return "event: " + e.Event + "\ndata: " + string(dataBytes) + "\n\n" -} - -// AdjustStreamIndices adjusts content block indices in SSE event data by adding an offset. -// It also suppresses duplicate message_start events (returns shouldForward=false). -// This is used to combine search indicator events (indices 0,1) with Kiro model response events. -// -// The data parameter is a single SSE "data:" line payload (JSON). -// Returns: adjusted data, shouldForward (false = skip this event). -func AdjustStreamIndices(data []byte, offset int) ([]byte, bool) { - if len(data) == 0 { - return data, true - } - - // Quick check: parse the JSON - var event map[string]interface{} - if err := json.Unmarshal(data, &event); err != nil { - // Not valid JSON, pass through - return data, true - } - - eventType, _ := event["type"].(string) - - // Suppress duplicate message_start events - if eventType == "message_start" { - return data, false - } - - // Adjust index for content_block events - switch eventType { - case "content_block_start", "content_block_delta", "content_block_stop": - if idx, ok := event["index"].(float64); ok { - event["index"] = int(idx) + offset - adjusted, err := json.Marshal(event) - if err != nil { - return data, true - } - return adjusted, true - } - } - - // Pass through all other events unchanged (message_delta, message_stop, ping, etc.) - return data, true -} - -// AdjustSSEChunk processes a raw SSE chunk (potentially containing multiple "event:/data:" pairs) -// and adjusts content block indices. Suppresses duplicate message_start events. -// Returns the adjusted chunk and whether it should be forwarded. -func AdjustSSEChunk(chunk []byte, offset int) ([]byte, bool) { - chunkStr := string(chunk) - - // Fast path: if no "data:" prefix, pass through - if !strings.Contains(chunkStr, "data: ") { - return chunk, true - } - - var result strings.Builder - hasContent := false - - lines := strings.Split(chunkStr, "\n") - for i := 0; i < len(lines); i++ { - line := lines[i] - - if strings.HasPrefix(line, "data: ") { - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - if dataPayload == "[DONE]" { - result.WriteString(line + "\n") - hasContent = true - continue - } - - adjusted, shouldForward := AdjustStreamIndices([]byte(dataPayload), offset) - if !shouldForward { - // Skip this event and its preceding "event:" line - // Also skip the trailing empty line - continue - } - - result.WriteString("data: " + string(adjusted) + "\n") - hasContent = true - } else if strings.HasPrefix(line, "event: ") { - // Check if the next data line will be suppressed - if i+1 < len(lines) && strings.HasPrefix(lines[i+1], "data: ") { - dataPayload := strings.TrimPrefix(lines[i+1], "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err == nil { - if eventType, ok := event["type"].(string); ok && eventType == "message_start" { - // Skip both the event: and data: lines - i++ // skip the data: line too - continue - } - } - } - result.WriteString(line + "\n") - hasContent = true - } else { - result.WriteString(line + "\n") - if strings.TrimSpace(line) != "" { - hasContent = true - } - } - } - - if !hasContent { - return nil, false - } - - return []byte(result.String()), true -} - -// BufferedStreamResult contains the analysis of buffered SSE chunks from a Kiro API response. -type BufferedStreamResult struct { - // StopReason is the detected stop_reason from the stream (e.g., "end_turn", "tool_use") - StopReason string - // WebSearchQuery is the extracted query if the model requested another web_search - WebSearchQuery string - // WebSearchToolUseId is the tool_use ID from the model's response (needed for toolResults) - WebSearchToolUseId string - // HasWebSearchToolUse indicates whether the model requested web_search - HasWebSearchToolUse bool - // WebSearchToolUseIndex is the content_block index of the web_search tool_use - WebSearchToolUseIndex int -} - -// AnalyzeBufferedStream scans buffered SSE chunks to detect stop_reason and web_search tool_use. -// This is used in the search loop to determine if the model wants another search round. -func AnalyzeBufferedStream(chunks [][]byte) BufferedStreamResult { - result := BufferedStreamResult{WebSearchToolUseIndex: -1} - - // Track tool use state across chunks - var currentToolName string - var currentToolIndex int = -1 - var toolInputBuilder strings.Builder - - for _, chunk := range chunks { - chunkStr := string(chunk) - lines := strings.Split(chunkStr, "\n") - for _, line := range lines { - if !strings.HasPrefix(line, "data: ") { - continue - } - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - if dataPayload == "[DONE]" || dataPayload == "" { - continue - } - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err != nil { - continue - } - - eventType, _ := event["type"].(string) - - switch eventType { - case "message_delta": - // Extract stop_reason from message_delta - if delta, ok := event["delta"].(map[string]interface{}); ok { - if sr, ok := delta["stop_reason"].(string); ok && sr != "" { - result.StopReason = sr - } - } - - case "content_block_start": - // Detect tool_use content blocks - if cb, ok := event["content_block"].(map[string]interface{}); ok { - if cbType, ok := cb["type"].(string); ok && cbType == "tool_use" { - if name, ok := cb["name"].(string); ok { - currentToolName = strings.ToLower(name) - if idx, ok := event["index"].(float64); ok { - currentToolIndex = int(idx) - } - // Capture tool use ID for toolResults handshake - if id, ok := cb["id"].(string); ok { - result.WebSearchToolUseId = id - } - toolInputBuilder.Reset() - } - } - } - - case "content_block_delta": - // Accumulate tool input JSON - if currentToolName != "" { - if delta, ok := event["delta"].(map[string]interface{}); ok { - if deltaType, ok := delta["type"].(string); ok && deltaType == "input_json_delta" { - if partial, ok := delta["partial_json"].(string); ok { - toolInputBuilder.WriteString(partial) - } - } - } - } - - case "content_block_stop": - // Finalize tool use detection - if currentToolName == "web_search" || currentToolName == "websearch" || currentToolName == "remote_web_search" { - result.HasWebSearchToolUse = true - result.WebSearchToolUseIndex = currentToolIndex - // Extract query from accumulated input JSON - inputJSON := toolInputBuilder.String() - var input map[string]string - if err := json.Unmarshal([]byte(inputJSON), &input); err == nil { - if q, ok := input["query"]; ok { - result.WebSearchQuery = q - } - } - log.Debugf("kiro/websearch: detected web_search tool_use") - } - currentToolName = "" - currentToolIndex = -1 - toolInputBuilder.Reset() - } - } - } - - return result -} - -// FilterChunksForClient processes buffered SSE chunks and removes web_search tool_use -// content blocks. This prevents the client from seeing "Tool use" prompts for web_search -// when the proxy is handling the search loop internally. -// Also suppresses message_start and message_delta/message_stop events since those -// are managed by the outer handleWebSearchStream. -func FilterChunksForClient(chunks [][]byte, wsToolIndex int, indexOffset int) [][]byte { - var filtered [][]byte - - for _, chunk := range chunks { - chunkStr := string(chunk) - lines := strings.Split(chunkStr, "\n") - - var resultBuilder strings.Builder - hasContent := false - - for i := 0; i < len(lines); i++ { - line := lines[i] - - if strings.HasPrefix(line, "data: ") { - dataPayload := strings.TrimPrefix(line, "data: ") - dataPayload = strings.TrimSpace(dataPayload) - - if dataPayload == "[DONE]" { - // Skip [DONE] — the outer loop manages stream termination - continue - } - - var event map[string]interface{} - if err := json.Unmarshal([]byte(dataPayload), &event); err != nil { - resultBuilder.WriteString(line + "\n") - hasContent = true - continue - } - - eventType, _ := event["type"].(string) - - // Skip message_start (outer loop sends its own) - if eventType == "message_start" { - continue - } - - // Skip message_delta and message_stop (outer loop manages these) - if eventType == "message_delta" || eventType == "message_stop" { - continue - } - - // Check if this event belongs to the web_search tool_use block - if wsToolIndex >= 0 { - if idx, ok := event["index"].(float64); ok && int(idx) == wsToolIndex { - // Skip events for the web_search tool_use block - continue - } - } - - // Apply index offset for remaining events - if indexOffset > 0 { - switch eventType { - case "content_block_start", "content_block_delta", "content_block_stop": - if idx, ok := event["index"].(float64); ok { - event["index"] = int(idx) + indexOffset - adjusted, err := json.Marshal(event) - if err == nil { - resultBuilder.WriteString("data: " + string(adjusted) + "\n") - hasContent = true - continue - } - } - } - } - - resultBuilder.WriteString(line + "\n") - hasContent = true - } else if strings.HasPrefix(line, "event: ") { - // Check if the next data line will be suppressed - if i+1 < len(lines) && strings.HasPrefix(lines[i+1], "data: ") { - nextData := strings.TrimPrefix(lines[i+1], "data: ") - nextData = strings.TrimSpace(nextData) - - var nextEvent map[string]interface{} - if err := json.Unmarshal([]byte(nextData), &nextEvent); err == nil { - nextType, _ := nextEvent["type"].(string) - if nextType == "message_start" || nextType == "message_delta" || nextType == "message_stop" { - i++ // skip the data line - continue - } - if wsToolIndex >= 0 { - if idx, ok := nextEvent["index"].(float64); ok && int(idx) == wsToolIndex { - i++ // skip the data line - continue - } - } - } - } - resultBuilder.WriteString(line + "\n") - hasContent = true - } else { - resultBuilder.WriteString(line + "\n") - if strings.TrimSpace(line) != "" { - hasContent = true - } - } - } - - if hasContent { - filtered = append(filtered, []byte(resultBuilder.String())) - } - } - - return filtered -} diff --git a/internal/translator/kiro/claude/kiro_claude_tools.go b/internal/translator/kiro/claude/kiro_claude_tools.go deleted file mode 100644 index 0c906d9df6..0000000000 --- a/internal/translator/kiro/claude/kiro_claude_tools.go +++ /dev/null @@ -1,543 +0,0 @@ -// Package claude provides tool calling support for Kiro to Claude translation. -// This package handles parsing embedded tool calls, JSON repair, and deduplication. -package claude - -import ( - "encoding/json" - "regexp" - "strings" - - "github.com/google/uuid" - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" -) - -// ToolUseState tracks the state of an in-progress tool use during streaming. -type ToolUseState struct { - ToolUseID string - Name string - InputBuffer strings.Builder - IsComplete bool - TruncationInfo *TruncationInfo // Truncation detection result (set when complete) -} - -// Pre-compiled regex patterns for performance -var ( - // embeddedToolCallPattern matches [Called tool_name with args: {...}] format - embeddedToolCallPattern = regexp.MustCompile(`\[Called\s+([A-Za-z0-9_.-]+)\s+with\s+args:\s*`) - // trailingCommaPattern matches trailing commas before closing braces/brackets - trailingCommaPattern = regexp.MustCompile(`,\s*([}\]])`) -) - -// ParseEmbeddedToolCalls extracts [Called tool_name with args: {...}] format from text. -// Kiro sometimes embeds tool calls in text content instead of using toolUseEvent. -// Returns the cleaned text (with tool calls removed) and extracted tool uses. -func ParseEmbeddedToolCalls(text string, processedIDs map[string]bool) (string, []KiroToolUse) { - if !strings.Contains(text, "[Called") { - return text, nil - } - - var toolUses []KiroToolUse - cleanText := text - - // Find all [Called markers - matches := embeddedToolCallPattern.FindAllStringSubmatchIndex(text, -1) - if len(matches) == 0 { - return text, nil - } - - // Process matches in reverse order to maintain correct indices - for i := len(matches) - 1; i >= 0; i-- { - matchStart := matches[i][0] - toolNameStart := matches[i][2] - toolNameEnd := matches[i][3] - - if toolNameStart < 0 || toolNameEnd < 0 { - continue - } - - toolName := text[toolNameStart:toolNameEnd] - - // Find the JSON object start (after "with args:") - jsonStart := matches[i][1] - if jsonStart >= len(text) { - continue - } - - // Skip whitespace to find the opening brace - for jsonStart < len(text) && (text[jsonStart] == ' ' || text[jsonStart] == '\t') { - jsonStart++ - } - - if jsonStart >= len(text) || text[jsonStart] != '{' { - continue - } - - // Find matching closing bracket - jsonEnd := findMatchingBracket(text, jsonStart) - if jsonEnd < 0 { - continue - } - - // Extract JSON and find the closing bracket of [Called ...] - jsonStr := text[jsonStart : jsonEnd+1] - - // Find the closing ] after the JSON - closingBracket := jsonEnd + 1 - for closingBracket < len(text) && text[closingBracket] != ']' { - closingBracket++ - } - if closingBracket >= len(text) { - continue - } - - // End index of the full tool call (closing ']' inclusive) - matchEnd := closingBracket + 1 - - // Repair and parse JSON - repairedJSON := RepairJSON(jsonStr) - var inputMap map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &inputMap); err != nil { - log.Debugf("kiro: failed to parse embedded tool call JSON: %v, raw: %s", err, jsonStr) - continue - } - - // Generate unique tool ID - toolUseID := "toolu_" + uuid.New().String()[:12] - - // Check for duplicates using name+input as key - dedupeKey := toolName + ":" + repairedJSON - if processedIDs != nil { - if processedIDs[dedupeKey] { - log.Debugf("kiro: skipping duplicate embedded tool call: %s", toolName) - // Still remove from text even if duplicate - if matchStart >= 0 && matchEnd <= len(cleanText) && matchStart <= matchEnd { - cleanText = cleanText[:matchStart] + cleanText[matchEnd:] - } - continue - } - processedIDs[dedupeKey] = true - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - - log.Infof("kiro: extracted embedded tool call: %s (ID: %s)", toolName, toolUseID) - - // Remove from clean text (index-based removal to avoid deleting the wrong occurrence) - if matchStart >= 0 && matchEnd <= len(cleanText) && matchStart <= matchEnd { - cleanText = cleanText[:matchStart] + cleanText[matchEnd:] - } - } - - return cleanText, toolUses -} - -// findMatchingBracket finds the index of the closing brace/bracket that matches -// the opening one at startPos. Handles nested objects and strings correctly. -func findMatchingBracket(text string, startPos int) int { - if startPos >= len(text) { - return -1 - } - - openChar := text[startPos] - var closeChar byte - switch openChar { - case '{': - closeChar = '}' - case '[': - closeChar = ']' - default: - return -1 - } - - depth := 1 - inString := false - escapeNext := false - - for i := startPos + 1; i < len(text); i++ { - char := text[i] - - if escapeNext { - escapeNext = false - continue - } - - if char == '\\' && inString { - escapeNext = true - continue - } - - if char == '"' { - inString = !inString - continue - } - - if !inString { - if char == openChar { - depth++ - } else if char == closeChar { - depth-- - if depth == 0 { - return i - } - } - } - } - - return -1 -} - -// RepairJSON attempts to fix common JSON issues that may occur in tool call arguments. -// Conservative repair strategy: -// 1. First try to parse JSON directly - if valid, return as-is -// 2. Only attempt repair if parsing fails -// 3. After repair, validate the result - if still invalid, return original -func RepairJSON(jsonString string) string { - // Handle empty or invalid input - if jsonString == "" { - return "{}" - } - - str := strings.TrimSpace(jsonString) - if str == "" { - return "{}" - } - - // CONSERVATIVE STRATEGY: First try to parse directly - var testParse interface{} - if err := json.Unmarshal([]byte(str), &testParse); err == nil { - log.Debugf("kiro: repairJSON - JSON is already valid, returning unchanged") - return str - } - - log.Debugf("kiro: repairJSON - JSON parse failed, attempting repair") - originalStr := str - - // First, escape unescaped newlines/tabs within JSON string values - str = escapeNewlinesInStrings(str) - // Remove trailing commas before closing braces/brackets - str = trailingCommaPattern.ReplaceAllString(str, "$1") - - // Calculate bracket balance - braceCount := 0 - bracketCount := 0 - inString := false - escape := false - lastValidIndex := -1 - - for i := 0; i < len(str); i++ { - char := str[i] - - if escape { - escape = false - continue - } - - if char == '\\' { - escape = true - continue - } - - if char == '"' { - inString = !inString - continue - } - - if inString { - continue - } - - switch char { - case '{': - braceCount++ - case '}': - braceCount-- - case '[': - bracketCount++ - case ']': - bracketCount-- - } - - if braceCount >= 0 && bracketCount >= 0 { - lastValidIndex = i - } - } - - // If brackets are unbalanced, try to repair - if braceCount > 0 || bracketCount > 0 { - if lastValidIndex > 0 && lastValidIndex < len(str)-1 { - truncated := str[:lastValidIndex+1] - // Recount brackets after truncation - braceCount = 0 - bracketCount = 0 - inString = false - escape = false - for i := 0; i < len(truncated); i++ { - char := truncated[i] - if escape { - escape = false - continue - } - if char == '\\' { - escape = true - continue - } - if char == '"' { - inString = !inString - continue - } - if inString { - continue - } - switch char { - case '{': - braceCount++ - case '}': - braceCount-- - case '[': - bracketCount++ - case ']': - bracketCount-- - } - } - str = truncated - } - - // Add missing closing brackets - for braceCount > 0 { - str += "}" - braceCount-- - } - for bracketCount > 0 { - str += "]" - bracketCount-- - } - } - - // Validate repaired JSON - if err := json.Unmarshal([]byte(str), &testParse); err != nil { - log.Warnf("kiro: repairJSON - repair failed to produce valid JSON, returning original") - return originalStr - } - - log.Debugf("kiro: repairJSON - successfully repaired JSON") - return str -} - -// escapeNewlinesInStrings escapes literal newlines, tabs, and other control characters -// that appear inside JSON string values. -func escapeNewlinesInStrings(raw string) string { - var result strings.Builder - result.Grow(len(raw) + 100) - - inString := false - escaped := false - - for i := 0; i < len(raw); i++ { - c := raw[i] - - if escaped { - result.WriteByte(c) - escaped = false - continue - } - - if c == '\\' && inString { - result.WriteByte(c) - escaped = true - continue - } - - if c == '"' { - inString = !inString - result.WriteByte(c) - continue - } - - if inString { - switch c { - case '\n': - result.WriteString("\\n") - case '\r': - result.WriteString("\\r") - case '\t': - result.WriteString("\\t") - default: - result.WriteByte(c) - } - } else { - result.WriteByte(c) - } - } - - return result.String() -} - -// ProcessToolUseEvent handles a toolUseEvent from the Kiro stream. -// It accumulates input fragments and emits tool_use blocks when complete. -// Returns events to emit and updated state. -func ProcessToolUseEvent(event map[string]interface{}, currentToolUse *ToolUseState, processedIDs map[string]bool) ([]KiroToolUse, *ToolUseState) { - var toolUses []KiroToolUse - - // Extract from nested toolUseEvent or direct format - tu := event - if nested, ok := event["toolUseEvent"].(map[string]interface{}); ok { - tu = nested - } - - toolUseID := kirocommon.GetString(tu, "toolUseId") - toolName := kirocommon.GetString(tu, "name") - isStop := false - if stop, ok := tu["stop"].(bool); ok { - isStop = stop - } - - // Get input - can be string (fragment) or object (complete) - var inputFragment string - var inputMap map[string]interface{} - - if inputRaw, ok := tu["input"]; ok { - switch v := inputRaw.(type) { - case string: - inputFragment = v - case map[string]interface{}: - inputMap = v - } - } - - // New tool use starting - if toolUseID != "" && toolName != "" { - if currentToolUse != nil && currentToolUse.ToolUseID != toolUseID { - log.Warnf("kiro: interleaved tool use detected - new ID %s arrived while %s in progress, completing previous", - toolUseID, currentToolUse.ToolUseID) - if !processedIDs[currentToolUse.ToolUseID] { - incomplete := KiroToolUse{ - ToolUseID: currentToolUse.ToolUseID, - Name: currentToolUse.Name, - } - if currentToolUse.InputBuffer.Len() > 0 { - raw := currentToolUse.InputBuffer.String() - repaired := RepairJSON(raw) - - var input map[string]interface{} - if err := json.Unmarshal([]byte(repaired), &input); err != nil { - log.Warnf("kiro: failed to parse interleaved tool input: %v, raw: %s", err, raw) - input = make(map[string]interface{}) - } - incomplete.Input = input - } - toolUses = append(toolUses, incomplete) - processedIDs[currentToolUse.ToolUseID] = true - } - currentToolUse = nil - } - - if currentToolUse == nil { - if processedIDs != nil && processedIDs[toolUseID] { - log.Debugf("kiro: skipping duplicate toolUseEvent: %s", toolUseID) - return nil, nil - } - - currentToolUse = &ToolUseState{ - ToolUseID: toolUseID, - Name: toolName, - } - log.Infof("kiro: starting new tool use: %s (ID: %s)", toolName, toolUseID) - } - } - - // Accumulate input fragments - if currentToolUse != nil && inputFragment != "" { - currentToolUse.InputBuffer.WriteString(inputFragment) - log.Debugf("kiro: accumulated input fragment, total length: %d", currentToolUse.InputBuffer.Len()) - } - - // If complete input object provided directly - if currentToolUse != nil && inputMap != nil { - inputBytes, _ := json.Marshal(inputMap) - currentToolUse.InputBuffer.Reset() - currentToolUse.InputBuffer.Write(inputBytes) - } - - // Tool use complete - if isStop && currentToolUse != nil { - fullInput := currentToolUse.InputBuffer.String() - - // Repair and parse the accumulated JSON - repairedJSON := RepairJSON(fullInput) - var finalInput map[string]interface{} - if err := json.Unmarshal([]byte(repairedJSON), &finalInput); err != nil { - log.Warnf("kiro: failed to parse accumulated tool input: %v, raw: %s", err, fullInput) - finalInput = make(map[string]interface{}) - } - - // Detect truncation for all tools - truncInfo := DetectTruncation(currentToolUse.Name, currentToolUse.ToolUseID, fullInput, finalInput) - if truncInfo.IsTruncated { - log.Warnf("kiro: TRUNCATION DETECTED for tool %s (ID: %s): type=%s, raw_size=%d bytes", - currentToolUse.Name, currentToolUse.ToolUseID, truncInfo.TruncationType, len(fullInput)) - log.Warnf("kiro: truncation details: %s", truncInfo.ErrorMessage) - if len(truncInfo.ParsedFields) > 0 { - log.Infof("kiro: partial fields received: %v", truncInfo.ParsedFields) - } - // Store truncation info in the state for upstream handling - currentToolUse.TruncationInfo = &truncInfo - } else { - log.Infof("kiro: tool use %s input length: %d bytes (no truncation)", currentToolUse.Name, len(fullInput)) - } - - // Create the tool use with truncation info if applicable - toolUse := KiroToolUse{ - ToolUseID: currentToolUse.ToolUseID, - Name: currentToolUse.Name, - Input: finalInput, - IsTruncated: truncInfo.IsTruncated, - TruncationInfo: nil, // Will be set below if truncated - } - if truncInfo.IsTruncated { - toolUse.TruncationInfo = &truncInfo - } - toolUses = append(toolUses, toolUse) - - if processedIDs != nil { - processedIDs[currentToolUse.ToolUseID] = true - } - - log.Infof("kiro: completed tool use: %s (ID: %s, truncated: %v)", currentToolUse.Name, currentToolUse.ToolUseID, truncInfo.IsTruncated) - return toolUses, nil - } - - return toolUses, currentToolUse -} - -// DeduplicateToolUses removes duplicate tool uses based on toolUseId and content. -func DeduplicateToolUses(toolUses []KiroToolUse) []KiroToolUse { - seenIDs := make(map[string]bool) - seenContent := make(map[string]bool) - var unique []KiroToolUse - - for _, tu := range toolUses { - if seenIDs[tu.ToolUseID] { - log.Debugf("kiro: removing ID-duplicate tool use: %s (name: %s)", tu.ToolUseID, tu.Name) - continue - } - - inputJSON, _ := json.Marshal(tu.Input) - contentKey := tu.Name + ":" + string(inputJSON) - - if seenContent[contentKey] { - log.Debugf("kiro: removing content-duplicate tool use: %s (id: %s)", tu.Name, tu.ToolUseID) - continue - } - - seenIDs[tu.ToolUseID] = true - seenContent[contentKey] = true - unique = append(unique, tu) - } - - return unique -} diff --git a/internal/translator/kiro/claude/kiro_websearch.go b/internal/translator/kiro/claude/kiro_websearch.go deleted file mode 100644 index b9da38294c..0000000000 --- a/internal/translator/kiro/claude/kiro_websearch.go +++ /dev/null @@ -1,495 +0,0 @@ -// Package claude provides web search functionality for Kiro translator. -// This file implements detection, MCP request/response types, and pure data -// transformation utilities for web search. SSE event generation, stream analysis, -// and HTTP I/O logic reside in the executor package (kiro_executor.go). -package claude - -import ( - "encoding/json" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/google/uuid" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// cachedToolDescription stores the dynamically-fetched web_search tool description. -// Written by the executor via SetWebSearchDescription, read by the translator -// when building the remote_web_search tool for Kiro API requests. -var cachedToolDescription atomic.Value // stores string - -// GetWebSearchDescription returns the cached web_search tool description, -// or empty string if not yet fetched. Lock-free via atomic.Value. -func GetWebSearchDescription() string { - if v := cachedToolDescription.Load(); v != nil { - return v.(string) - } - return "" -} - -// SetWebSearchDescription stores the dynamically-fetched web_search tool description. -// Called by the executor after fetching from MCP tools/list. -func SetWebSearchDescription(desc string) { - cachedToolDescription.Store(desc) -} - -// McpRequest represents a JSON-RPC 2.0 request to Kiro MCP API -type McpRequest struct { - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Method string `json:"method"` - Params McpParams `json:"params"` -} - -// McpParams represents MCP request parameters -type McpParams struct { - Name string `json:"name"` - Arguments McpArguments `json:"arguments"` -} - -// McpArgumentsMeta represents the _meta field in MCP arguments -type McpArgumentsMeta struct { - IsValid bool `json:"_isValid"` - ActivePath []string `json:"_activePath"` - CompletedPaths [][]string `json:"_completedPaths"` -} - -// McpArguments represents MCP request arguments -type McpArguments struct { - Query string `json:"query"` - Meta *McpArgumentsMeta `json:"_meta,omitempty"` -} - -// McpResponse represents a JSON-RPC 2.0 response from Kiro MCP API -type McpResponse struct { - Error *McpError `json:"error,omitempty"` - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Result *McpResult `json:"result,omitempty"` -} - -// McpError represents an MCP error -type McpError struct { - Code *int `json:"code,omitempty"` - Message *string `json:"message,omitempty"` -} - -// McpResult represents MCP result -type McpResult struct { - Content []McpContent `json:"content"` - IsError bool `json:"isError"` -} - -// McpContent represents MCP content item -type McpContent struct { - ContentType string `json:"type"` - Text string `json:"text"` -} - -// WebSearchResults represents parsed search results -type WebSearchResults struct { - Results []WebSearchResult `json:"results"` - TotalResults *int `json:"totalResults,omitempty"` - Query *string `json:"query,omitempty"` - Error *string `json:"error,omitempty"` -} - -// WebSearchResult represents a single search result -type WebSearchResult struct { - Title string `json:"title"` - URL string `json:"url"` - Snippet *string `json:"snippet,omitempty"` - PublishedDate *int64 `json:"publishedDate,omitempty"` - ID *string `json:"id,omitempty"` - Domain *string `json:"domain,omitempty"` - MaxVerbatimWordLimit *int `json:"maxVerbatimWordLimit,omitempty"` - PublicDomain *bool `json:"publicDomain,omitempty"` -} - -// isWebSearchTool checks if a tool name or type indicates a web_search tool. -func isWebSearchTool(name, toolType string) bool { - return name == "web_search" || - strings.HasPrefix(toolType, "web_search") || - toolType == "web_search_20250305" -} - -// HasWebSearchTool checks if the request contains ONLY a web_search tool. -// Returns true only if tools array has exactly one tool named "web_search". -// Only intercept pure web_search requests (single-tool array). -func HasWebSearchTool(body []byte) bool { - tools := gjson.GetBytes(body, "tools") - if !tools.IsArray() { - return false - } - - toolsArray := tools.Array() - if len(toolsArray) != 1 { - return false - } - - // Check if the single tool is web_search - tool := toolsArray[0] - - // Check both name and type fields for web_search detection - name := strings.ToLower(tool.Get("name").String()) - toolType := strings.ToLower(tool.Get("type").String()) - - return isWebSearchTool(name, toolType) -} - -// ExtractSearchQuery extracts the search query from the request. -// Reads messages[0].content and removes "Perform a web search for the query: " prefix. -func ExtractSearchQuery(body []byte) string { - messages := gjson.GetBytes(body, "messages") - if !messages.IsArray() || len(messages.Array()) == 0 { - return "" - } - - firstMsg := messages.Array()[0] - content := firstMsg.Get("content") - - var text string - if content.IsArray() { - // Array format: [{"type": "text", "text": "..."}] - for _, block := range content.Array() { - if block.Get("type").String() == "text" { - text = block.Get("text").String() - break - } - } - } else { - // String format - text = content.String() - } - - // Remove prefix "Perform a web search for the query: " - const prefix = "Perform a web search for the query: " - if strings.HasPrefix(text, prefix) { - text = text[len(prefix):] - } - - return strings.TrimSpace(text) -} - -// generateRandomID8 generates an 8-character random lowercase alphanumeric string -func generateRandomID8() string { - u := uuid.New() - return strings.ToLower(strings.ReplaceAll(u.String(), "-", "")[:8]) -} - -// CreateMcpRequest creates an MCP request for web search. -// Returns (toolUseID, McpRequest) -// ID format: web_search_tooluse_{22 random}_{timestamp_millis}_{8 random} -func CreateMcpRequest(query string) (string, *McpRequest) { - random22 := GenerateToolUseID() - timestamp := time.Now().UnixMilli() - random8 := generateRandomID8() - - requestID := fmt.Sprintf("web_search_tooluse_%s_%d_%s", random22, timestamp, random8) - - // tool_use_id format: srvtoolu_{32 hex chars} - toolUseID := "srvtoolu_" + strings.ReplaceAll(uuid.New().String(), "-", "")[:32] - - request := &McpRequest{ - ID: requestID, - JSONRPC: "2.0", - Method: "tools/call", - Params: McpParams{ - Name: "web_search", - Arguments: McpArguments{ - Query: query, - Meta: &McpArgumentsMeta{ - IsValid: true, - ActivePath: []string{"query"}, - CompletedPaths: [][]string{{"query"}}, - }, - }, - }, - } - - return toolUseID, request -} - -// GenerateToolUseID generates a Kiro-style tool use ID (base62-like UUID) -func GenerateToolUseID() string { - return strings.ReplaceAll(uuid.New().String(), "-", "")[:22] -} - -// ReplaceWebSearchToolDescription replaces the web_search tool description with -// a minimal version that allows re-search without the restrictive "do not search -// non-coding topics" instruction from the original Kiro tools/list response. -// This keeps the tool available so the model can request additional searches. -func ReplaceWebSearchToolDescription(body []byte) ([]byte, error) { - tools := gjson.GetBytes(body, "tools") - if !tools.IsArray() { - return body, nil - } - - var updated []json.RawMessage - for _, tool := range tools.Array() { - name := strings.ToLower(tool.Get("name").String()) - toolType := strings.ToLower(tool.Get("type").String()) - - if isWebSearchTool(name, toolType) { - // Replace with a minimal web_search tool definition - minimalTool := map[string]interface{}{ - "name": "web_search", - "description": "Search the web for information. Use this when the previous search results are insufficient or when you need additional information on a different aspect of the query. Provide a refined or different search query.", - "input_schema": map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{ - "query": map[string]interface{}{ - "type": "string", - "description": "The search query to execute", - }, - }, - "required": []string{"query"}, - "additionalProperties": false, - }, - } - minimalJSON, err := json.Marshal(minimalTool) - if err != nil { - return body, fmt.Errorf("failed to marshal minimal tool: %w", err) - } - updated = append(updated, json.RawMessage(minimalJSON)) - } else { - updated = append(updated, json.RawMessage(tool.Raw)) - } - } - - updatedJSON, err := json.Marshal(updated) - if err != nil { - return body, fmt.Errorf("failed to marshal updated tools: %w", err) - } - result, err := sjson.SetRawBytes(body, "tools", updatedJSON) - if err != nil { - return body, fmt.Errorf("failed to set updated tools: %w", err) - } - - return result, nil -} - -// FormatSearchContextPrompt formats search results as a structured text block -// for injection into the system prompt. -func FormatSearchContextPrompt(query string, results *WebSearchResults) string { - var sb strings.Builder - sb.WriteString(fmt.Sprintf("[Web Search Results for \"%s\"]\n", query)) - - if results != nil && len(results.Results) > 0 { - for i, r := range results.Results { - sb.WriteString(fmt.Sprintf("%d. %s - %s\n", i+1, r.Title, r.URL)) - if r.Snippet != nil && *r.Snippet != "" { - snippet := *r.Snippet - if len(snippet) > 500 { - snippet = snippet[:500] + "..." - } - sb.WriteString(fmt.Sprintf(" %s\n", snippet)) - } - } - } else { - sb.WriteString("No results found.\n") - } - - sb.WriteString("[End Web Search Results]") - return sb.String() -} - -// FormatToolResultText formats search results as JSON text for the toolResults content field. -// This matches the format observed in Kiro IDE HAR captures. -func FormatToolResultText(results *WebSearchResults) string { - if results == nil || len(results.Results) == 0 { - return "No search results found." - } - - text := fmt.Sprintf("Found %d search result(s):\n\n", len(results.Results)) - resultJSON, err := json.MarshalIndent(results.Results, "", " ") - if err != nil { - return text + "Error formatting results." - } - return text + string(resultJSON) -} - -// InjectToolResultsClaude modifies a Claude-format JSON payload to append -// tool_use (assistant) and tool_result (user) messages to the messages array. -// BuildKiroPayload correctly translates: -// - assistant tool_use → KiroAssistantResponseMessage.toolUses -// - user tool_result → KiroUserInputMessageContext.toolResults -// -// This produces the exact same GAR request format as the Kiro IDE (HAR captures). -// IMPORTANT: The web_search tool must remain in the "tools" array for this to work. -// Use ReplaceWebSearchToolDescription to keep the tool available with a minimal description. -func InjectToolResultsClaude(claudePayload []byte, toolUseId, query string, results *WebSearchResults) ([]byte, error) { - var payload map[string]interface{} - if err := json.Unmarshal(claudePayload, &payload); err != nil { - return claudePayload, fmt.Errorf("failed to parse claude payload: %w", err) - } - - messages, _ := payload["messages"].([]interface{}) - - // 1. Append assistant message with tool_use (matches HAR: assistantResponseMessage.toolUses) - assistantMsg := map[string]interface{}{ - "role": "assistant", - "content": []interface{}{ - map[string]interface{}{ - "type": "tool_use", - "id": toolUseId, - "name": "web_search", - "input": map[string]interface{}{"query": query}, - }, - }, - } - messages = append(messages, assistantMsg) - - // 2. Append user message with tool_result + search behavior instructions. - // NOTE: We embed search instructions HERE (not in system prompt) because - // BuildKiroPayload clears the system prompt when len(history) > 0, - // which is always true after injecting assistant + user messages. - now := time.Now() - searchGuidance := fmt.Sprintf(` -Current date: %s (%s) - -IMPORTANT: Evaluate the search results above carefully. If the results are: -- Mostly spam, SEO junk, or unrelated websites -- Missing actual information about the query topic -- Outdated or not matching the requested time frame - -Then you MUST use the web_search tool again with a refined query. Try: -- Rephrasing in English for better coverage -- Using more specific keywords -- Adding date context - -Do NOT apologize for bad results without first attempting a re-search. -`, now.Format("January 2, 2006"), now.Format("Monday")) - - userMsg := map[string]interface{}{ - "role": "user", - "content": []interface{}{ - map[string]interface{}{ - "type": "tool_result", - "tool_use_id": toolUseId, - "content": FormatToolResultText(results), - }, - map[string]interface{}{ - "type": "text", - "text": searchGuidance, - }, - }, - } - messages = append(messages, userMsg) - - payload["messages"] = messages - - result, err := json.Marshal(payload) - if err != nil { - return claudePayload, fmt.Errorf("failed to marshal updated payload: %w", err) - } - - log.Infof("kiro/websearch: injected tool_use+tool_result (toolUseId=%s, messages=%d)", - toolUseId, len(messages)) - - return result, nil -} - -// InjectSearchIndicatorsInResponse prepends server_tool_use + web_search_tool_result -// content blocks into a non-streaming Claude JSON response. Claude Code counts -// server_tool_use blocks to display "Did X searches in Ys". -// -// Input response: {"content": [{"type":"text","text":"..."}], ...} -// Output response: {"content": [{"type":"server_tool_use",...}, {"type":"web_search_tool_result",...}, {"type":"text","text":"..."}], ...} -func InjectSearchIndicatorsInResponse(responsePayload []byte, searches []SearchIndicator) ([]byte, error) { - if len(searches) == 0 { - return responsePayload, nil - } - - var resp map[string]interface{} - if err := json.Unmarshal(responsePayload, &resp); err != nil { - return responsePayload, fmt.Errorf("failed to parse response: %w", err) - } - - existingContent, _ := resp["content"].([]interface{}) - - // Build new content: search indicators first, then existing content - newContent := make([]interface{}, 0, len(searches)*2+len(existingContent)) - - for _, s := range searches { - // server_tool_use block - newContent = append(newContent, map[string]interface{}{ - "type": "server_tool_use", - "id": s.ToolUseID, - "name": "web_search", - "input": map[string]interface{}{"query": s.Query}, - }) - - // web_search_tool_result block - searchContent := make([]map[string]interface{}, 0) - if s.Results != nil { - for _, r := range s.Results.Results { - snippet := "" - if r.Snippet != nil { - snippet = *r.Snippet - } - searchContent = append(searchContent, map[string]interface{}{ - "type": "web_search_result", - "title": r.Title, - "url": r.URL, - "encrypted_content": snippet, - "page_age": nil, - }) - } - } - newContent = append(newContent, map[string]interface{}{ - "type": "web_search_tool_result", - "tool_use_id": s.ToolUseID, - "content": searchContent, - }) - } - - // Append existing content blocks - newContent = append(newContent, existingContent...) - resp["content"] = newContent - - result, err := json.Marshal(resp) - if err != nil { - return responsePayload, fmt.Errorf("failed to marshal response: %w", err) - } - - log.Infof("kiro/websearch: injected %d search indicator(s) into non-stream response", len(searches)) - return result, nil -} - -// SearchIndicator holds the data for one search operation to inject into a response. -type SearchIndicator struct { - ToolUseID string - Query string - Results *WebSearchResults -} - -// BuildMcpEndpoint constructs the MCP endpoint URL for the given AWS region. -// Centralizes the URL pattern used by both handleWebSearch and handleWebSearchStream. -func BuildMcpEndpoint(region string) string { - return fmt.Sprintf("https://q.%s.amazonaws.com/mcp", region) -} - -// ParseSearchResults extracts WebSearchResults from MCP response -func ParseSearchResults(response *McpResponse) *WebSearchResults { - if response == nil || response.Result == nil || len(response.Result.Content) == 0 { - return nil - } - - content := response.Result.Content[0] - if content.ContentType != "text" { - return nil - } - - var results WebSearchResults - if err := json.Unmarshal([]byte(content.Text), &results); err != nil { - log.Warnf("kiro/websearch: failed to parse search results: %v", err) - return nil - } - - return &results -} diff --git a/internal/translator/kiro/claude/kiro_websearch_handler.go b/internal/translator/kiro/claude/kiro_websearch_handler.go deleted file mode 100644 index 8b2ef6425f..0000000000 --- a/internal/translator/kiro/claude/kiro_websearch_handler.go +++ /dev/null @@ -1,343 +0,0 @@ -// Package claude provides web search handler for Kiro translator. -// This file implements the MCP API call and response handling. -package claude - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - "net/http" - "sync" - "sync/atomic" - "time" - - "github.com/google/uuid" - kiroauth "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/kiro" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" - log "github.com/sirupsen/logrus" -) - -// McpRequest represents a JSON-RPC 2.0 request to Kiro MCP API -type McpRequest struct { - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Method string `json:"method"` - Params McpParams `json:"params"` -} - -// McpParams represents MCP request parameters -type McpParams struct { - Name string `json:"name"` - Arguments McpArguments `json:"arguments"` -} - -// McpArgumentsMeta represents the _meta field in MCP arguments -type McpArgumentsMeta struct { - IsValid bool `json:"_isValid"` - ActivePath []string `json:"_activePath"` - CompletedPaths [][]string `json:"_completedPaths"` -} - -// McpArguments represents MCP request arguments -type McpArguments struct { - Query string `json:"query"` - Meta *McpArgumentsMeta `json:"_meta,omitempty"` -} - -// McpResponse represents a JSON-RPC 2.0 response from Kiro MCP API -type McpResponse struct { - Error *McpError `json:"error,omitempty"` - ID string `json:"id"` - JSONRPC string `json:"jsonrpc"` - Result *McpResult `json:"result,omitempty"` -} - -// McpError represents an MCP error -type McpError struct { - Code *int `json:"code,omitempty"` - Message *string `json:"message,omitempty"` -} - -// McpResult represents MCP result -type McpResult struct { - Content []McpContent `json:"content"` - IsError bool `json:"isError"` -} - -// McpContent represents MCP content item -type McpContent struct { - ContentType string `json:"type"` - Text string `json:"text"` -} - -// WebSearchResults represents parsed search results -type WebSearchResults struct { - Results []WebSearchResult `json:"results"` - TotalResults *int `json:"totalResults,omitempty"` - Query *string `json:"query,omitempty"` - Error *string `json:"error,omitempty"` -} - -// WebSearchResult represents a single search result -type WebSearchResult struct { - Title string `json:"title"` - URL string `json:"url"` - Snippet *string `json:"snippet,omitempty"` - PublishedDate *int64 `json:"publishedDate,omitempty"` - ID *string `json:"id,omitempty"` - Domain *string `json:"domain,omitempty"` - MaxVerbatimWordLimit *int `json:"maxVerbatimWordLimit,omitempty"` - PublicDomain *bool `json:"publicDomain,omitempty"` -} - -// Cached web_search tool description fetched from MCP tools/list. -// Uses atomic.Pointer[sync.Once] for lock-free reads with retry-on-failure: -// - sync.Once prevents race conditions and deduplicates concurrent calls -// - On failure, a fresh sync.Once is swapped in to allow retry on next call -// - On success, sync.Once stays "done" forever — zero overhead for subsequent calls -var ( - cachedToolDescription atomic.Value // stores string - toolDescOnce atomic.Pointer[sync.Once] - fallbackFpOnce sync.Once - fallbackFp *kiroauth.Fingerprint -) - -func init() { - toolDescOnce.Store(&sync.Once{}) -} - -// FetchToolDescription calls MCP tools/list to get the web_search tool description -// and caches it. Safe to call concurrently — only one goroutine fetches at a time. -// If the fetch fails, subsequent calls will retry. On success, no further fetches occur. -// The httpClient parameter allows reusing a shared pooled HTTP client. -func FetchToolDescription(mcpEndpoint, authToken string, httpClient *http.Client, fp *kiroauth.Fingerprint, authAttrs map[string]string) { - toolDescOnce.Load().Do(func() { - handler := NewWebSearchHandler(mcpEndpoint, authToken, httpClient, fp, authAttrs) - reqBody := []byte(`{"id":"tools_list","jsonrpc":"2.0","method":"tools/list"}`) - log.Debugf("kiro/websearch MCP tools/list request: %d bytes", len(reqBody)) - - req, err := http.NewRequest("POST", mcpEndpoint, bytes.NewReader(reqBody)) - if err != nil { - log.Warnf("kiro/websearch: failed to create tools/list request: %v", err) - toolDescOnce.Store(&sync.Once{}) // allow retry - return - } - - // Reuse same headers as CallMcpAPI - handler.setMcpHeaders(req) - - resp, err := handler.HTTPClient.Do(req) - if err != nil { - log.Warnf("kiro/websearch: tools/list request failed: %v", err) - toolDescOnce.Store(&sync.Once{}) // allow retry - return - } - defer func() { _ = resp.Body.Close() }() - - body, err := io.ReadAll(resp.Body) - if err != nil || resp.StatusCode != http.StatusOK { - log.Warnf("kiro/websearch: tools/list returned status %d", resp.StatusCode) - toolDescOnce.Store(&sync.Once{}) // allow retry - return - } - log.Debugf("kiro/websearch MCP tools/list response: [%d] %d bytes", resp.StatusCode, len(body)) - - // Parse: {"result":{"tools":[{"name":"web_search","description":"..."}]}} - var result struct { - Result *struct { - Tools []struct { - Name string `json:"name"` - Description string `json:"description"` - } `json:"tools"` - } `json:"result"` - } - if err := json.Unmarshal(body, &result); err != nil || result.Result == nil { - log.Warnf("kiro/websearch: failed to parse tools/list response") - toolDescOnce.Store(&sync.Once{}) // allow retry - return - } - - for _, tool := range result.Result.Tools { - if tool.Name == "web_search" && tool.Description != "" { - cachedToolDescription.Store(tool.Description) - log.Infof("kiro/websearch: cached web_search description from tools/list (%d bytes)", len(tool.Description)) - return // success — sync.Once stays "done", no more fetches - } - } - - // web_search tool not found in response - toolDescOnce.Store(&sync.Once{}) // allow retry - }) -} - -// GetWebSearchDescription returns the cached web_search tool description, -// or empty string if not yet fetched. Lock-free via atomic.Value. -func GetWebSearchDescription() string { - if v := cachedToolDescription.Load(); v != nil { - return v.(string) - } - return "" -} - -// WebSearchHandler handles web search requests via Kiro MCP API -type WebSearchHandler struct { - McpEndpoint string - HTTPClient *http.Client - AuthToken string - Fingerprint *kiroauth.Fingerprint // optional, for dynamic headers - AuthAttrs map[string]string // optional, for custom headers from auth.Attributes -} - -// NewWebSearchHandler creates a new WebSearchHandler. -// If httpClient is nil, a default client with 30s timeout is used. -// If fingerprint is nil, a random one-off fingerprint is generated. -// Pass a shared pooled client (e.g. from getKiroPooledHTTPClient) for connection reuse. -func NewWebSearchHandler(mcpEndpoint, authToken string, httpClient *http.Client, fp *kiroauth.Fingerprint, authAttrs map[string]string) *WebSearchHandler { - if httpClient == nil { - httpClient = &http.Client{ - Timeout: 30 * time.Second, - } - } - if fp == nil { - // Use a shared fallback fingerprint for callers without token context - fallbackFpOnce.Do(func() { - mgr := kiroauth.NewFingerprintManager() - fallbackFp = mgr.GetFingerprint("mcp-fallback") - }) - fp = fallbackFp - } - return &WebSearchHandler{ - McpEndpoint: mcpEndpoint, - HTTPClient: httpClient, - AuthToken: authToken, - Fingerprint: fp, - AuthAttrs: authAttrs, - } -} - -// setMcpHeaders sets standard MCP API headers on the request, -// aligned with the GAR request pattern in kiro_executor.go. -func (h *WebSearchHandler) setMcpHeaders(req *http.Request) { - fp := h.Fingerprint - - // 1. Content-Type & Accept (aligned with GAR) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Accept", "*/*") - - // 2. Kiro-specific headers (aligned with GAR) - req.Header.Set("x-amzn-kiro-agent-mode", "vibe") - req.Header.Set("x-amzn-codewhisperer-optout", "true") - - // 3. Dynamic fingerprint headers - req.Header.Set("User-Agent", fp.BuildUserAgent()) - req.Header.Set("X-Amz-User-Agent", fp.BuildAmzUserAgent()) - - // 4. AWS SDK identifiers (casing aligned with GAR) - req.Header.Set("Amz-Sdk-Request", "attempt=1; max=3") - req.Header.Set("Amz-Sdk-Invocation-Id", uuid.New().String()) - - // 5. Authentication - req.Header.Set("Authorization", "Bearer "+h.AuthToken) - - // 6. Custom headers from auth attributes - util.ApplyCustomHeadersFromAttrs(req, h.AuthAttrs) -} - -// mcpMaxRetries is the maximum number of retries for MCP API calls. -const mcpMaxRetries = 2 - -// CallMcpAPI calls the Kiro MCP API with the given request. -// Includes retry logic with exponential backoff for retryable errors, -// aligned with the GAR request retry pattern. -func (h *WebSearchHandler) CallMcpAPI(request *McpRequest) (*McpResponse, error) { - requestBody, err := json.Marshal(request) - if err != nil { - return nil, fmt.Errorf("failed to marshal MCP request: %w", err) - } - log.Debugf("kiro/websearch MCP request → %s (%d bytes)", h.McpEndpoint, len(requestBody)) - - var lastErr error - for attempt := 0; attempt <= mcpMaxRetries; attempt++ { - if attempt > 0 { - backoff := time.Duration(1< 10*time.Second { - backoff = 10 * time.Second - } - log.Warnf("kiro/websearch: MCP retry %d/%d after %v (last error: %v)", attempt, mcpMaxRetries, backoff, lastErr) - time.Sleep(backoff) - } - - req, err := http.NewRequest("POST", h.McpEndpoint, bytes.NewReader(requestBody)) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP request: %w", err) - } - - h.setMcpHeaders(req) - - resp, err := h.HTTPClient.Do(req) - if err != nil { - lastErr = fmt.Errorf("MCP API request failed: %w", err) - continue // network error → retry - } - - body, err := io.ReadAll(resp.Body) - _ = resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read MCP response: %w", err) - continue // read error → retry - } - log.Debugf("kiro/websearch MCP response ← [%d] (%d bytes)", resp.StatusCode, len(body)) - - // Retryable HTTP status codes (aligned with GAR: 502, 503, 504) - if resp.StatusCode >= 502 && resp.StatusCode <= 504 { - lastErr = fmt.Errorf("MCP API returned retryable status %d: %s", resp.StatusCode, string(body)) - continue - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("MCP API returned status %d: %s", resp.StatusCode, string(body)) - } - - var mcpResponse McpResponse - if err := json.Unmarshal(body, &mcpResponse); err != nil { - return nil, fmt.Errorf("failed to parse MCP response: %w", err) - } - - if mcpResponse.Error != nil { - code := -1 - if mcpResponse.Error.Code != nil { - code = *mcpResponse.Error.Code - } - msg := "Unknown error" - if mcpResponse.Error.Message != nil { - msg = *mcpResponse.Error.Message - } - return nil, fmt.Errorf("MCP error %d: %s", code, msg) - } - - return &mcpResponse, nil - } - - return nil, lastErr -} - -// ParseSearchResults extracts WebSearchResults from MCP response -func ParseSearchResults(response *McpResponse) *WebSearchResults { - if response == nil || response.Result == nil || len(response.Result.Content) == 0 { - return nil - } - - content := response.Result.Content[0] - if content.ContentType != "text" { - return nil - } - - var results WebSearchResults - if err := json.Unmarshal([]byte(content.Text), &results); err != nil { - log.Warnf("kiro/websearch: failed to parse search results: %v", err) - return nil - } - - return &results -} diff --git a/internal/translator/kiro/claude/tool_compression.go b/internal/translator/kiro/claude/tool_compression.go deleted file mode 100644 index 2c4b97e38a..0000000000 --- a/internal/translator/kiro/claude/tool_compression.go +++ /dev/null @@ -1,191 +0,0 @@ -// Package claude provides tool compression functionality for Kiro translator. -// This file implements dynamic tool compression to reduce tool payload size -// when it exceeds the target threshold, preventing 500 errors from Kiro API. -package claude - -import ( - "encoding/json" - "unicode/utf8" - - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" -) - -// calculateToolsSize calculates the JSON serialized size of the tools list. -// Returns the size in bytes. -func calculateToolsSize(tools []KiroToolWrapper) int { - if len(tools) == 0 { - return 0 - } - data, err := json.Marshal(tools) - if err != nil { - log.Warnf("kiro: failed to marshal tools for size calculation: %v", err) - return 0 - } - return len(data) -} - -// simplifyInputSchema simplifies the input_schema by keeping only essential fields: -// type, enum, required. Recursively processes nested properties. -func simplifyInputSchema(schema interface{}) interface{} { - if schema == nil { - return nil - } - - schemaMap, ok := schema.(map[string]interface{}) - if !ok { - return schema - } - - simplified := make(map[string]interface{}) - - // Keep essential fields - if t, ok := schemaMap["type"]; ok { - simplified["type"] = t - } - if enum, ok := schemaMap["enum"]; ok { - simplified["enum"] = enum - } - if required, ok := schemaMap["required"]; ok { - simplified["required"] = required - } - - // Recursively process properties - if properties, ok := schemaMap["properties"].(map[string]interface{}); ok { - simplifiedProps := make(map[string]interface{}) - for key, value := range properties { - simplifiedProps[key] = simplifyInputSchema(value) - } - simplified["properties"] = simplifiedProps - } - - // Process items for array types - if items, ok := schemaMap["items"]; ok { - simplified["items"] = simplifyInputSchema(items) - } - - // Process additionalProperties if present - if additionalProps, ok := schemaMap["additionalProperties"]; ok { - simplified["additionalProperties"] = simplifyInputSchema(additionalProps) - } - - // Process anyOf, oneOf, allOf - for _, key := range []string{"anyOf", "oneOf", "allOf"} { - if arr, ok := schemaMap[key].([]interface{}); ok { - simplifiedArr := make([]interface{}, len(arr)) - for i, item := range arr { - simplifiedArr[i] = simplifyInputSchema(item) - } - simplified[key] = simplifiedArr - } - } - - return simplified -} - -// compressToolDescription compresses a description to the target length. -// Ensures the result is at least MinToolDescriptionLength characters. -// Uses UTF-8 safe truncation. -func compressToolDescription(description string, targetLength int) string { - if targetLength < kirocommon.MinToolDescriptionLength { - targetLength = kirocommon.MinToolDescriptionLength - } - - if len(description) <= targetLength { - return description - } - - // Find a safe truncation point (UTF-8 boundary) - truncLen := targetLength - 3 // Leave room for "..." - - // Ensure we don't cut in the middle of a UTF-8 character - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - - if truncLen <= 0 { - return description[:kirocommon.MinToolDescriptionLength] - } - - return description[:truncLen] + "..." -} - -// compressToolsIfNeeded compresses tools if their total size exceeds the target threshold. -// Compression strategy: -// 1. First, check if compression is needed (size > ToolCompressionTargetSize) -// 2. Step 1: Simplify input_schema (keep only type/enum/required) -// 3. Step 2: Proportionally compress descriptions (minimum MinToolDescriptionLength chars) -// Returns the compressed tools list. -func compressToolsIfNeeded(tools []KiroToolWrapper) []KiroToolWrapper { - if len(tools) == 0 { - return tools - } - - originalSize := calculateToolsSize(tools) - if originalSize <= kirocommon.ToolCompressionTargetSize { - log.Debugf("kiro: tools size %d bytes is within target %d bytes, no compression needed", - originalSize, kirocommon.ToolCompressionTargetSize) - return tools - } - - log.Infof("kiro: tools size %d bytes exceeds target %d bytes, starting compression", - originalSize, kirocommon.ToolCompressionTargetSize) - - // Create a copy of tools to avoid modifying the original - compressedTools := make([]KiroToolWrapper, len(tools)) - for i, tool := range tools { - compressedTools[i] = KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: tool.ToolSpecification.Name, - Description: tool.ToolSpecification.Description, - InputSchema: KiroInputSchema{JSON: tool.ToolSpecification.InputSchema.JSON}, - }, - } - } - - // Step 1: Simplify input_schema - for i := range compressedTools { - compressedTools[i].ToolSpecification.InputSchema.JSON = - simplifyInputSchema(compressedTools[i].ToolSpecification.InputSchema.JSON) - } - - sizeAfterSchemaSimplification := calculateToolsSize(compressedTools) - log.Debugf("kiro: size after schema simplification: %d bytes (reduced by %d bytes)", - sizeAfterSchemaSimplification, originalSize-sizeAfterSchemaSimplification) - - // Check if we're within target after schema simplification - if sizeAfterSchemaSimplification <= kirocommon.ToolCompressionTargetSize { - log.Infof("kiro: compression complete after schema simplification, final size: %d bytes", - sizeAfterSchemaSimplification) - return compressedTools - } - - // Step 2: Compress descriptions proportionally - sizeToReduce := float64(sizeAfterSchemaSimplification - kirocommon.ToolCompressionTargetSize) - var totalDescLen float64 - for _, tool := range compressedTools { - totalDescLen += float64(len(tool.ToolSpecification.Description)) - } - - if totalDescLen > 0 { - // Assume size reduction comes primarily from descriptions. - keepRatio := 1.0 - (sizeToReduce / totalDescLen) - if keepRatio > 1.0 { - keepRatio = 1.0 - } else if keepRatio < 0 { - keepRatio = 0 - } - - for i := range compressedTools { - desc := compressedTools[i].ToolSpecification.Description - targetLen := int(float64(len(desc)) * keepRatio) - compressedTools[i].ToolSpecification.Description = compressToolDescription(desc, targetLen) - } - } - - finalSize := calculateToolsSize(compressedTools) - log.Infof("kiro: compression complete, original: %d bytes, final: %d bytes (%.1f%% reduction)", - originalSize, finalSize, float64(originalSize-finalSize)/float64(originalSize)*100) - - return compressedTools -} diff --git a/internal/translator/kiro/claude/truncation_detector.go b/internal/translator/kiro/claude/truncation_detector.go deleted file mode 100644 index 65c5f5a87e..0000000000 --- a/internal/translator/kiro/claude/truncation_detector.go +++ /dev/null @@ -1,517 +0,0 @@ -// Package claude provides truncation detection for Kiro tool call responses. -// When Kiro API reaches its output token limit, tool call JSON may be truncated, -// resulting in incomplete or unparseable input parameters. -package claude - -import ( - "encoding/json" - "strings" - - log "github.com/sirupsen/logrus" -) - -// TruncationInfo contains details about detected truncation in a tool use event. -type TruncationInfo struct { - IsTruncated bool // Whether truncation was detected - TruncationType string // Type of truncation detected - ToolName string // Name of the truncated tool - ToolUseID string // ID of the truncated tool use - RawInput string // The raw (possibly truncated) input string - ParsedFields map[string]string // Fields that were successfully parsed before truncation - ErrorMessage string // Human-readable error message -} - -// TruncationType constants for different truncation scenarios -const ( - TruncationTypeNone = "" // No truncation detected - TruncationTypeEmptyInput = "empty_input" // No input data received at all - TruncationTypeInvalidJSON = "invalid_json" // JSON is syntactically invalid (truncated mid-value) - TruncationTypeMissingFields = "missing_fields" // JSON parsed but critical fields are missing - TruncationTypeIncompleteString = "incomplete_string" // String value was cut off mid-content -) - -// KnownWriteTools lists tool names that typically write content and have a "content" field. -// These tools are checked for content field truncation specifically. -var KnownWriteTools = map[string]bool{ - "Write": true, - "write_to_file": true, - "fsWrite": true, - "create_file": true, - "edit_file": true, - "apply_diff": true, - "str_replace_editor": true, - "insert": true, -} - -// KnownCommandTools lists tool names that execute commands. -var KnownCommandTools = map[string]bool{ - "Bash": true, - "execute": true, - "run_command": true, - "shell": true, - "terminal": true, - "execute_python": true, -} - -// RequiredFieldsByTool maps tool names to their required fields. -// If any of these fields are missing, the tool input is considered truncated. -var RequiredFieldsByTool = map[string][]string{ - "Write": {"file_path", "content"}, - "write_to_file": {"path", "content"}, - "fsWrite": {"path", "content"}, - "create_file": {"path", "content"}, - "edit_file": {"path"}, - "apply_diff": {"path", "diff"}, - "str_replace_editor": {"path", "old_str", "new_str"}, - "Bash": {"command", "cmd"}, // Ampcode uses "cmd", others use "command" - "execute": {"command"}, - "run_command": {"command"}, -} - -// DetectTruncation checks if the tool use input appears to be truncated. -// It returns detailed information about the truncation status and type. -func DetectTruncation(toolName, toolUseID, rawInput string, parsedInput map[string]interface{}) TruncationInfo { - info := TruncationInfo{ - ToolName: toolName, - ToolUseID: toolUseID, - RawInput: rawInput, - ParsedFields: make(map[string]string), - } - - // Scenario 1: Empty input buffer - no data received at all - if strings.TrimSpace(rawInput) == "" { - info.IsTruncated = true - info.TruncationType = TruncationTypeEmptyInput - info.ErrorMessage = "Tool input was completely empty - API response may have been truncated before tool parameters were transmitted" - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): empty input buffer", - info.TruncationType, toolName, toolUseID) - return info - } - - // Scenario 2: JSON parse failure - syntactically invalid JSON - if parsedInput == nil || len(parsedInput) == 0 { - // Check if the raw input looks like truncated JSON - if looksLikeTruncatedJSON(rawInput) { - info.IsTruncated = true - info.TruncationType = TruncationTypeInvalidJSON - info.ParsedFields = extractPartialFields(rawInput) - info.ErrorMessage = buildTruncationErrorMessage(toolName, info.TruncationType, info.ParsedFields, rawInput) - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): JSON parse failed, raw length=%d bytes", - info.TruncationType, toolName, toolUseID, len(rawInput)) - return info - } - } - - // Scenario 3: JSON parsed but critical fields are missing - if parsedInput != nil { - requiredFields, hasRequirements := RequiredFieldsByTool[toolName] - if hasRequirements { - missingFields := findMissingRequiredFields(parsedInput, requiredFields) - if len(missingFields) > 0 { - info.IsTruncated = true - info.TruncationType = TruncationTypeMissingFields - info.ParsedFields = extractParsedFieldNames(parsedInput) - info.ErrorMessage = buildMissingFieldsErrorMessage(toolName, missingFields, info.ParsedFields) - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): missing required fields: %v", - info.TruncationType, toolName, toolUseID, missingFields) - return info - } - } - - // Scenario 4: Check for incomplete string values (very short content for write tools) - if isWriteTool(toolName) { - if contentTruncation := detectContentTruncation(parsedInput, rawInput); contentTruncation != "" { - info.IsTruncated = true - info.TruncationType = TruncationTypeIncompleteString - info.ParsedFields = extractParsedFieldNames(parsedInput) - info.ErrorMessage = contentTruncation - log.Warnf("kiro: truncation detected [%s] for tool %s (ID: %s): %s", - info.TruncationType, toolName, toolUseID, contentTruncation) - return info - } - } - } - - // No truncation detected - info.IsTruncated = false - info.TruncationType = TruncationTypeNone - return info -} - -// looksLikeTruncatedJSON checks if the raw string appears to be truncated JSON. -func looksLikeTruncatedJSON(raw string) bool { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return false - } - - // Must start with { to be considered JSON - if !strings.HasPrefix(trimmed, "{") { - return false - } - - // Count brackets to detect imbalance - openBraces := strings.Count(trimmed, "{") - closeBraces := strings.Count(trimmed, "}") - openBrackets := strings.Count(trimmed, "[") - closeBrackets := strings.Count(trimmed, "]") - - // Bracket imbalance suggests truncation - if openBraces > closeBraces || openBrackets > closeBrackets { - return true - } - - // Check for obvious truncation patterns - // - Ends with a quote but no closing brace - // - Ends with a colon (mid key-value) - // - Ends with a comma (mid object/array) - lastChar := trimmed[len(trimmed)-1] - if lastChar != '}' && lastChar != ']' { - // Check if it's not a complete simple value - if lastChar == '"' || lastChar == ':' || lastChar == ',' { - return true - } - } - - // Check for unclosed strings (odd number of unescaped quotes) - inString := false - escaped := false - for i := 0; i < len(trimmed); i++ { - c := trimmed[i] - if escaped { - escaped = false - continue - } - if c == '\\' { - escaped = true - continue - } - if c == '"' { - inString = !inString - } - } - if inString { - return true // Unclosed string - } - - return false -} - -// extractPartialFields attempts to extract any field names from malformed JSON. -// This helps provide context about what was received before truncation. -func extractPartialFields(raw string) map[string]string { - fields := make(map[string]string) - - // Simple pattern matching for "key": "value" or "key": value patterns - // This works even with truncated JSON - trimmed := strings.TrimSpace(raw) - if !strings.HasPrefix(trimmed, "{") { - return fields - } - - // Remove opening brace - content := strings.TrimPrefix(trimmed, "{") - - // Split by comma (rough parsing) - parts := strings.Split(content, ",") - for _, part := range parts { - part = strings.TrimSpace(part) - if colonIdx := strings.Index(part, ":"); colonIdx > 0 { - key := strings.TrimSpace(part[:colonIdx]) - key = strings.Trim(key, `"`) - value := strings.TrimSpace(part[colonIdx+1:]) - - // Truncate long values for display - if len(value) > 50 { - value = value[:50] + "..." - } - fields[key] = value - } - } - - return fields -} - -// extractParsedFieldNames returns the field names from a successfully parsed map. -func extractParsedFieldNames(parsed map[string]interface{}) map[string]string { - fields := make(map[string]string) - for key, val := range parsed { - switch v := val.(type) { - case string: - if len(v) > 50 { - fields[key] = v[:50] + "..." - } else { - fields[key] = v - } - case nil: - fields[key] = "" - default: - // For complex types, just indicate presence - fields[key] = "" - } - } - return fields -} - -// findMissingRequiredFields checks which required fields are missing from the parsed input. -func findMissingRequiredFields(parsed map[string]interface{}, required []string) []string { - var missing []string - for _, field := range required { - if _, exists := parsed[field]; !exists { - missing = append(missing, field) - } - } - return missing -} - -// isWriteTool checks if the tool is a known write/file operation tool. -func isWriteTool(toolName string) bool { - return KnownWriteTools[toolName] -} - -// detectContentTruncation checks if the content field appears truncated for write tools. -func detectContentTruncation(parsed map[string]interface{}, rawInput string) string { - // Check for content field - content, hasContent := parsed["content"] - if !hasContent { - return "" - } - - contentStr, isString := content.(string) - if !isString { - return "" - } - - // Heuristic: if raw input is very large but content is suspiciously short, - // it might indicate truncation during JSON repair - if len(rawInput) > 1000 && len(contentStr) < 100 { - return "content field appears suspiciously short compared to raw input size" - } - - // Check for code blocks that appear to be cut off - if strings.Contains(contentStr, "```") { - openFences := strings.Count(contentStr, "```") - if openFences%2 != 0 { - return "content contains unclosed code fence (```) suggesting truncation" - } - } - - return "" -} - -// buildTruncationErrorMessage creates a human-readable error message for truncation. -func buildTruncationErrorMessage(toolName, truncationType string, parsedFields map[string]string, rawInput string) string { - var sb strings.Builder - sb.WriteString("Tool input was truncated by the API. ") - - switch truncationType { - case TruncationTypeEmptyInput: - sb.WriteString("No input data was received.") - case TruncationTypeInvalidJSON: - sb.WriteString("JSON was cut off mid-transmission. ") - if len(parsedFields) > 0 { - sb.WriteString("Partial fields received: ") - first := true - for k := range parsedFields { - if !first { - sb.WriteString(", ") - } - sb.WriteString(k) - first = false - } - } - case TruncationTypeMissingFields: - sb.WriteString("Required fields are missing from the input.") - case TruncationTypeIncompleteString: - sb.WriteString("Content appears to be shortened or incomplete.") - } - - sb.WriteString(" Received ") - sb.WriteString(string(rune(len(rawInput)))) - sb.WriteString(" bytes. Please retry with smaller content chunks.") - - return sb.String() -} - -// buildMissingFieldsErrorMessage creates an error message for missing required fields. -func buildMissingFieldsErrorMessage(toolName string, missingFields []string, parsedFields map[string]string) string { - var sb strings.Builder - sb.WriteString("Tool '") - sb.WriteString(toolName) - sb.WriteString("' is missing required fields: ") - sb.WriteString(strings.Join(missingFields, ", ")) - sb.WriteString(". Fields received: ") - - first := true - for k := range parsedFields { - if !first { - sb.WriteString(", ") - } - sb.WriteString(k) - first = false - } - - sb.WriteString(". This usually indicates the API response was truncated.") - return sb.String() -} - -// IsTruncated is a convenience function to check if a tool use appears truncated. -func IsTruncated(toolName, rawInput string, parsedInput map[string]interface{}) bool { - info := DetectTruncation(toolName, "", rawInput, parsedInput) - return info.IsTruncated -} - -// GetTruncationSummary returns a short summary string for logging. -func GetTruncationSummary(info TruncationInfo) string { - if !info.IsTruncated { - return "" - } - - result, _ := json.Marshal(map[string]interface{}{ - "tool": info.ToolName, - "type": info.TruncationType, - "parsed_fields": info.ParsedFields, - "raw_input_size": len(info.RawInput), - }) - return string(result) -} - -// SoftFailureMessage contains the message structure for a truncation soft failure. -// This is returned to Claude as a tool_result to guide retry behavior. -type SoftFailureMessage struct { - Status string // "incomplete" - not an error, just incomplete - Reason string // Why the tool call was incomplete - Guidance []string // Step-by-step retry instructions - Context string // Any context about what was received - MaxLineHint int // Suggested maximum lines per chunk -} - -// BuildSoftFailureMessage creates a structured message for Claude when truncation is detected. -// This follows the "soft failure" pattern: -// - For Claude: Clear explanation of what happened and how to fix -// - For User: Hidden or minimized (appears as normal processing) -// -// Key principle: "Conclusion First" -// 1. First state what happened (incomplete) -// 2. Then explain how to fix (chunked approach) -// 3. Provide specific guidance (line limits) -func BuildSoftFailureMessage(info TruncationInfo) SoftFailureMessage { - msg := SoftFailureMessage{ - Status: "incomplete", - MaxLineHint: 300, // Conservative default - } - - // Build reason based on truncation type - switch info.TruncationType { - case TruncationTypeEmptyInput: - msg.Reason = "Your tool call was too large and the input was completely lost during transmission." - msg.MaxLineHint = 200 - case TruncationTypeInvalidJSON: - msg.Reason = "Your tool call was truncated mid-transmission, resulting in incomplete JSON." - msg.MaxLineHint = 250 - case TruncationTypeMissingFields: - msg.Reason = "Your tool call was partially received but critical fields were cut off." - msg.MaxLineHint = 300 - case TruncationTypeIncompleteString: - msg.Reason = "Your tool call content was truncated - the full content did not arrive." - msg.MaxLineHint = 350 - default: - msg.Reason = "Your tool call was truncated by the API due to output size limits." - } - - // Build context from parsed fields - if len(info.ParsedFields) > 0 { - var parts []string - for k, v := range info.ParsedFields { - if len(v) > 30 { - v = v[:30] + "..." - } - parts = append(parts, k+"="+v) - } - msg.Context = "Received partial data: " + strings.Join(parts, ", ") - } - - // Build retry guidance - CRITICAL: Conclusion first approach - msg.Guidance = []string{ - "CONCLUSION: Split your output into smaller chunks and retry.", - "", - "REQUIRED APPROACH:", - "1. For file writes: Write in chunks of ~" + formatInt(msg.MaxLineHint) + " lines maximum", - "2. For new files: First create with initial chunk, then append remaining sections", - "3. For edits: Make surgical, targeted changes - avoid rewriting entire files", - "", - "EXAMPLE (writing a 600-line file):", - " - Step 1: Write lines 1-300 (create file)", - " - Step 2: Append lines 301-600 (extend file)", - "", - "DO NOT attempt to write the full content again in a single call.", - "The API has a hard output limit that cannot be bypassed.", - } - - return msg -} - -// formatInt converts an integer to string (helper to avoid strconv import) -func formatInt(n int) string { - if n == 0 { - return "0" - } - result := "" - for n > 0 { - result = string(rune('0'+n%10)) + result - n /= 10 - } - return result -} - -// BuildSoftFailureToolResult creates a tool_result content for Claude. -// This is what Claude will see when a tool call is truncated. -// Returns a string that should be used as the tool_result content. -func BuildSoftFailureToolResult(info TruncationInfo) string { - msg := BuildSoftFailureMessage(info) - - var sb strings.Builder - sb.WriteString("TOOL_CALL_INCOMPLETE\n") - sb.WriteString("status: ") - sb.WriteString(msg.Status) - sb.WriteString("\n") - sb.WriteString("reason: ") - sb.WriteString(msg.Reason) - sb.WriteString("\n") - - if msg.Context != "" { - sb.WriteString("context: ") - sb.WriteString(msg.Context) - sb.WriteString("\n") - } - - sb.WriteString("\n") - for _, line := range msg.Guidance { - if line != "" { - sb.WriteString(line) - sb.WriteString("\n") - } - } - - return sb.String() -} - -// CreateTruncationToolResult creates a KiroToolUse that represents a soft failure. -// Instead of returning the truncated tool_use, we return a tool with a special -// error result that guides Claude to retry with smaller chunks. -// -// This is the key mechanism for "soft failure": -// - stop_reason remains "tool_use" so Claude continues -// - The tool_result content explains the issue and how to fix it -// - Claude will read this and adjust its approach -func CreateTruncationToolResult(info TruncationInfo) KiroToolUse { - // We create a pseudo tool_use that represents the failed attempt - // The executor will convert this to a tool_result with the guidance message - return KiroToolUse{ - ToolUseID: info.ToolUseID, - Name: info.ToolName, - Input: nil, // No input since it was truncated - IsTruncated: true, - TruncationInfo: &info, - } -} diff --git a/internal/translator/kiro/common/constants.go b/internal/translator/kiro/common/constants.go deleted file mode 100644 index 3016947cf2..0000000000 --- a/internal/translator/kiro/common/constants.go +++ /dev/null @@ -1,103 +0,0 @@ -// Package common provides shared constants and utilities for Kiro translator. -package common - -const ( - // KiroMaxToolDescLen is the maximum description length for Kiro API tools. - // Kiro API limit is 10240 bytes, leave room for "..." - KiroMaxToolDescLen = 10237 - - // ToolCompressionTargetSize is the target total size for compressed tools (20KB). - // If tools exceed this size, compression will be applied. - ToolCompressionTargetSize = 20 * 1024 // 20KB - - // MinToolDescriptionLength is the minimum description length after compression. - // Descriptions will not be shortened below this length. - MinToolDescriptionLength = 50 - - // ThinkingStartTag is the start tag for thinking blocks in responses. - ThinkingStartTag = "" - - // ThinkingEndTag is the end tag for thinking blocks in responses. - ThinkingEndTag = "" - - // CodeFenceMarker is the markdown code fence marker. - CodeFenceMarker = "```" - - // AltCodeFenceMarker is the alternative markdown code fence marker. - AltCodeFenceMarker = "~~~" - - // InlineCodeMarker is the markdown inline code marker (backtick). - InlineCodeMarker = "`" - - // DefaultAssistantContentWithTools is the fallback content for assistant messages - // that have tool_use but no text content. Kiro API requires non-empty content. - // IMPORTANT: Use a minimal neutral string that the model won't mimic in responses. - // Previously "I'll help you with that." which caused the model to parrot it back. - DefaultAssistantContentWithTools = "." - - // DefaultAssistantContent is the fallback content for assistant messages - // that have no content at all. Kiro API requires non-empty content. - // IMPORTANT: Use a minimal neutral string that the model won't mimic in responses. - // Previously "I understand." which could leak into model behavior. - DefaultAssistantContent = "." - - // DefaultUserContentWithToolResults is the fallback content for user messages - // that have only tool_result (no text). Kiro API requires non-empty content. - DefaultUserContentWithToolResults = "Tool results provided." - - // DefaultUserContent is the fallback content for user messages - // that have no content at all. Kiro API requires non-empty content. - DefaultUserContent = "Continue" - - // KiroAgenticSystemPrompt is injected only for -agentic models to prevent timeouts on large writes. - // AWS Kiro API has a 2-3 minute timeout for large file write operations. - KiroAgenticSystemPrompt = ` -# CRITICAL: CHUNKED WRITE PROTOCOL (MANDATORY) - -You MUST follow these rules for ALL file operations. Violation causes server timeouts and task failure. - -## ABSOLUTE LIMITS -- **MAXIMUM 350 LINES** per single write/edit operation - NO EXCEPTIONS -- **RECOMMENDED 300 LINES** or less for optimal performance -- **NEVER** write entire files in one operation if >300 lines - -## MANDATORY CHUNKED WRITE STRATEGY - -### For NEW FILES (>300 lines total): -1. FIRST: Write initial chunk (first 250-300 lines) using write_to_file/fsWrite -2. THEN: Append remaining content in 250-300 line chunks using file append operations -3. REPEAT: Continue appending until complete - -### For EDITING EXISTING FILES: -1. Use surgical edits (apply_diff/targeted edits) - change ONLY what's needed -2. NEVER rewrite entire files - use incremental modifications -3. Split large refactors into multiple small, focused edits - -### For LARGE CODE GENERATION: -1. Generate in logical sections (imports, types, functions separately) -2. Write each section as a separate operation -3. Use append operations for subsequent sections - -## EXAMPLES OF CORRECT BEHAVIOR - -✅ CORRECT: Writing a 600-line file -- Operation 1: Write lines 1-300 (initial file creation) -- Operation 2: Append lines 301-600 - -✅ CORRECT: Editing multiple functions -- Operation 1: Edit function A -- Operation 2: Edit function B -- Operation 3: Edit function C - -❌ WRONG: Writing 500 lines in single operation → TIMEOUT -❌ WRONG: Rewriting entire file to change 5 lines → TIMEOUT -❌ WRONG: Generating massive code blocks without chunking → TIMEOUT - -## WHY THIS MATTERS -- Server has 2-3 minute timeout for operations -- Large writes exceed timeout and FAIL completely -- Chunked writes are FASTER and more RELIABLE -- Failed writes waste time and require retry - -REMEMBER: When in doubt, write LESS per operation. Multiple small operations > one large operation.` -) diff --git a/internal/translator/kiro/common/message_merge.go b/internal/translator/kiro/common/message_merge.go deleted file mode 100644 index 2765fc6e98..0000000000 --- a/internal/translator/kiro/common/message_merge.go +++ /dev/null @@ -1,160 +0,0 @@ -// Package common provides shared utilities for Kiro translators. -package common - -import ( - "encoding/json" - - "github.com/tidwall/gjson" -) - -// MergeAdjacentMessages merges adjacent messages with the same role. -// This reduces API call complexity and improves compatibility. -// Based on AIClient-2-API implementation. -// NOTE: Tool messages are NOT merged because each has a unique tool_call_id that must be preserved. -func MergeAdjacentMessages(messages []gjson.Result) []gjson.Result { - if len(messages) <= 1 { - return messages - } - - var merged []gjson.Result - for _, msg := range messages { - if len(merged) == 0 { - merged = append(merged, msg) - continue - } - - lastMsg := merged[len(merged)-1] - currentRole := msg.Get("role").String() - lastRole := lastMsg.Get("role").String() - - // Don't merge tool messages - each has a unique tool_call_id - if currentRole == "tool" || lastRole == "tool" { - merged = append(merged, msg) - continue - } - - if currentRole == lastRole { - // Merge content from current message into last message - mergedContent := mergeMessageContent(lastMsg, msg) - var mergedToolCalls []interface{} - if currentRole == "assistant" { - // Preserve assistant tool_calls when adjacent assistant messages are merged. - mergedToolCalls = mergeToolCalls(lastMsg.Get("tool_calls"), msg.Get("tool_calls")) - } - - // Create a new merged message JSON. - mergedMsg := createMergedMessage(lastRole, mergedContent, mergedToolCalls) - merged[len(merged)-1] = gjson.Parse(mergedMsg) - } else { - merged = append(merged, msg) - } - } - - return merged -} - -// mergeMessageContent merges the content of two messages with the same role. -// Handles both string content and array content (with text, tool_use, tool_result blocks). -func mergeMessageContent(msg1, msg2 gjson.Result) string { - content1 := msg1.Get("content") - content2 := msg2.Get("content") - - // Extract content blocks from both messages - var blocks1, blocks2 []map[string]interface{} - - if content1.IsArray() { - for _, block := range content1.Array() { - blocks1 = append(blocks1, blockToMap(block)) - } - } else if content1.Type == gjson.String { - blocks1 = append(blocks1, map[string]interface{}{ - "type": "text", - "text": content1.String(), - }) - } - - if content2.IsArray() { - for _, block := range content2.Array() { - blocks2 = append(blocks2, blockToMap(block)) - } - } else if content2.Type == gjson.String { - blocks2 = append(blocks2, map[string]interface{}{ - "type": "text", - "text": content2.String(), - }) - } - - // Merge text blocks if both end/start with text - if len(blocks1) > 0 && len(blocks2) > 0 { - if blocks1[len(blocks1)-1]["type"] == "text" && blocks2[0]["type"] == "text" { - // Merge the last text block of msg1 with the first text block of msg2 - text1 := blocks1[len(blocks1)-1]["text"].(string) - text2 := blocks2[0]["text"].(string) - blocks1[len(blocks1)-1]["text"] = text1 + "\n" + text2 - blocks2 = blocks2[1:] // Remove the merged block from blocks2 - } - } - - // Combine all blocks - allBlocks := append(blocks1, blocks2...) - - // Convert to JSON - result, _ := json.Marshal(allBlocks) - return string(result) -} - -// blockToMap converts a gjson.Result block to a map[string]interface{} -func blockToMap(block gjson.Result) map[string]interface{} { - result := make(map[string]interface{}) - block.ForEach(func(key, value gjson.Result) bool { - if value.IsObject() { - result[key.String()] = blockToMap(value) - } else if value.IsArray() { - var arr []interface{} - for _, item := range value.Array() { - if item.IsObject() { - arr = append(arr, blockToMap(item)) - } else { - arr = append(arr, item.Value()) - } - } - result[key.String()] = arr - } else { - result[key.String()] = value.Value() - } - return true - }) - return result -} - -// createMergedMessage creates a JSON string for a merged message. -// toolCalls is optional and only emitted for assistant role. -func createMergedMessage(role string, content string, toolCalls []interface{}) string { - msg := map[string]interface{}{ - "role": role, - "content": json.RawMessage(content), - } - if role == "assistant" && len(toolCalls) > 0 { - msg["tool_calls"] = toolCalls - } - result, _ := json.Marshal(msg) - return string(result) -} - -// mergeToolCalls combines tool_calls from two assistant messages while preserving order. -func mergeToolCalls(tc1, tc2 gjson.Result) []interface{} { - var merged []interface{} - - if tc1.IsArray() { - for _, tc := range tc1.Array() { - merged = append(merged, tc.Value()) - } - } - if tc2.IsArray() { - for _, tc := range tc2.Array() { - merged = append(merged, tc.Value()) - } - } - - return merged -} diff --git a/internal/translator/kiro/common/message_merge_test.go b/internal/translator/kiro/common/message_merge_test.go deleted file mode 100644 index a9cb7a28ec..0000000000 --- a/internal/translator/kiro/common/message_merge_test.go +++ /dev/null @@ -1,106 +0,0 @@ -package common - -import ( - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func parseMessages(t *testing.T, raw string) []gjson.Result { - t.Helper() - parsed := gjson.Parse(raw) - if !parsed.IsArray() { - t.Fatalf("expected JSON array, got: %s", raw) - } - return parsed.Array() -} - -func TestMergeAdjacentMessages_AssistantMergePreservesToolCalls(t *testing.T) { - messages := parseMessages(t, `[ - {"role":"assistant","content":"part1"}, - { - "role":"assistant", - "content":"part2", - "tool_calls":[ - { - "id":"call_1", - "type":"function", - "function":{"name":"Read","arguments":"{}"} - } - ] - }, - {"role":"tool","tool_call_id":"call_1","content":"ok"} - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 2 { - t.Fatalf("expected 2 messages after merge, got %d", len(merged)) - } - - assistant := merged[0] - if assistant.Get("role").String() != "assistant" { - t.Fatalf("expected first message role assistant, got %q", assistant.Get("role").String()) - } - - toolCalls := assistant.Get("tool_calls") - if !toolCalls.IsArray() || len(toolCalls.Array()) != 1 { - t.Fatalf("expected assistant.tool_calls length 1, got: %s", toolCalls.Raw) - } - if toolCalls.Array()[0].Get("id").String() != "call_1" { - t.Fatalf("expected tool call id call_1, got %q", toolCalls.Array()[0].Get("id").String()) - } - - contentRaw := assistant.Get("content").Raw - if !strings.Contains(contentRaw, "part1") || !strings.Contains(contentRaw, "part2") { - t.Fatalf("expected merged content to contain both parts, got: %s", contentRaw) - } - - if merged[1].Get("role").String() != "tool" { - t.Fatalf("expected second message role tool, got %q", merged[1].Get("role").String()) - } -} - -func TestMergeAdjacentMessages_AssistantMergeCombinesMultipleToolCalls(t *testing.T) { - messages := parseMessages(t, `[ - { - "role":"assistant", - "content":"first", - "tool_calls":[ - {"id":"call_1","type":"function","function":{"name":"Read","arguments":"{}"}} - ] - }, - { - "role":"assistant", - "content":"second", - "tool_calls":[ - {"id":"call_2","type":"function","function":{"name":"Write","arguments":"{}"}} - ] - } - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 1 { - t.Fatalf("expected 1 message after merge, got %d", len(merged)) - } - - toolCalls := merged[0].Get("tool_calls").Array() - if len(toolCalls) != 2 { - t.Fatalf("expected 2 merged tool calls, got %d", len(toolCalls)) - } - if toolCalls[0].Get("id").String() != "call_1" || toolCalls[1].Get("id").String() != "call_2" { - t.Fatalf("unexpected merged tool call ids: %q, %q", toolCalls[0].Get("id").String(), toolCalls[1].Get("id").String()) - } -} - -func TestMergeAdjacentMessages_ToolMessagesRemainUnmerged(t *testing.T) { - messages := parseMessages(t, `[ - {"role":"tool","tool_call_id":"call_1","content":"r1"}, - {"role":"tool","tool_call_id":"call_2","content":"r2"} - ]`) - - merged := MergeAdjacentMessages(messages) - if len(merged) != 2 { - t.Fatalf("expected tool messages to remain separate, got %d", len(merged)) - } -} diff --git a/internal/translator/kiro/common/utils.go b/internal/translator/kiro/common/utils.go deleted file mode 100644 index f5f5788ab2..0000000000 --- a/internal/translator/kiro/common/utils.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package common provides shared constants and utilities for Kiro translator. -package common - -// GetString safely extracts a string from a map. -// Returns empty string if the key doesn't exist or the value is not a string. -func GetString(m map[string]interface{}, key string) string { - if v, ok := m[key].(string); ok { - return v - } - return "" -} - -// GetStringValue is an alias for GetString for backward compatibility. -func GetStringValue(m map[string]interface{}, key string) string { - return GetString(m, key) -} \ No newline at end of file diff --git a/internal/translator/kiro/openai/init.go b/internal/translator/kiro/openai/init.go deleted file mode 100644 index 2f23498b54..0000000000 --- a/internal/translator/kiro/openai/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package openai provides translation between OpenAI Chat Completions and Kiro formats. -package openai - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, // source format - Kiro, // target format - ConvertOpenAIRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToOpenAI, - NonStream: ConvertKiroNonStreamToOpenAI, - }, - ) -} \ No newline at end of file diff --git a/internal/translator/kiro/openai/kiro_openai.go b/internal/translator/kiro/openai/kiro_openai.go deleted file mode 100644 index 724e675d73..0000000000 --- a/internal/translator/kiro/openai/kiro_openai.go +++ /dev/null @@ -1,371 +0,0 @@ -// Package openai provides translation between OpenAI Chat Completions and Kiro formats. -// This package enables direct OpenAI → Kiro translation, bypassing the Claude intermediate layer. -// -// The Kiro executor generates Claude-compatible SSE format internally, so the streaming response -// translation converts from Claude SSE format to OpenAI SSE format. -package openai - -import ( - "bytes" - "context" - "encoding/json" - "strings" - - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// ConvertKiroStreamToOpenAI converts Kiro streaming response to OpenAI format. -// The Kiro executor emits Claude-compatible SSE events, so this function translates -// from Claude SSE format to OpenAI SSE format. -// -// Claude SSE format: -// - event: message_start\ndata: {...} -// - event: content_block_start\ndata: {...} -// - event: content_block_delta\ndata: {...} -// - event: content_block_stop\ndata: {...} -// - event: message_delta\ndata: {...} -// - event: message_stop\ndata: {...} -// -// OpenAI SSE format: -// - data: {"id":"...","object":"chat.completion.chunk",...} -// - data: [DONE] -func ConvertKiroStreamToOpenAI(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) []string { - // Initialize state if needed - if *param == nil { - *param = NewOpenAIStreamState(model) - } - state := (*param).(*OpenAIStreamState) - - // Parse the Claude SSE event - responseStr := string(rawResponse) - - // Handle raw event format (event: xxx\ndata: {...}) - var eventType string - var eventData string - - if strings.HasPrefix(responseStr, "event:") { - // Parse event type and data - lines := strings.SplitN(responseStr, "\n", 2) - if len(lines) >= 1 { - eventType = strings.TrimSpace(strings.TrimPrefix(lines[0], "event:")) - } - if len(lines) >= 2 && strings.HasPrefix(lines[1], "data:") { - eventData = strings.TrimSpace(strings.TrimPrefix(lines[1], "data:")) - } - } else if strings.HasPrefix(responseStr, "data:") { - // Just data line - eventData = strings.TrimSpace(strings.TrimPrefix(responseStr, "data:")) - } else { - // Try to parse as raw JSON - eventData = strings.TrimSpace(responseStr) - } - - if eventData == "" { - return []string{} - } - - // Parse the event data as JSON - eventJSON := gjson.Parse(eventData) - if !eventJSON.Exists() { - return []string{} - } - - // Determine event type from JSON if not already set - if eventType == "" { - eventType = eventJSON.Get("type").String() - } - - var results []string - - switch eventType { - case "message_start": - // Send first chunk with role - firstChunk := BuildOpenAISSEFirstChunk(state) - results = append(results, firstChunk) - - case "content_block_start": - // Check block type - blockType := eventJSON.Get("content_block.type").String() - switch blockType { - case "text": - // Text block starting - nothing to emit yet - case "thinking": - // Thinking block starting - nothing to emit yet for OpenAI - case "tool_use": - // Tool use block starting - toolUseID := eventJSON.Get("content_block.id").String() - toolName := eventJSON.Get("content_block.name").String() - chunk := BuildOpenAISSEToolCallStart(state, toolUseID, toolName) - results = append(results, chunk) - state.ToolCallIndex++ - } - - case "content_block_delta": - deltaType := eventJSON.Get("delta.type").String() - switch deltaType { - case "text_delta": - textDelta := eventJSON.Get("delta.text").String() - if textDelta != "" { - chunk := BuildOpenAISSETextDelta(state, textDelta) - results = append(results, chunk) - } - case "thinking_delta": - // Convert thinking to reasoning_content for o1-style compatibility - thinkingDelta := eventJSON.Get("delta.thinking").String() - if thinkingDelta != "" { - chunk := BuildOpenAISSEReasoningDelta(state, thinkingDelta) - results = append(results, chunk) - } - case "input_json_delta": - // Tool call arguments delta - partialJSON := eventJSON.Get("delta.partial_json").String() - if partialJSON != "" { - // Get the tool index from content block index - blockIndex := int(eventJSON.Get("index").Int()) - chunk := BuildOpenAISSEToolCallArgumentsDelta(state, partialJSON, blockIndex-1) // Adjust for 0-based tool index - results = append(results, chunk) - } - } - - case "content_block_stop": - // Content block ended - nothing to emit for OpenAI - - case "message_delta": - // Message delta with stop_reason - stopReason := eventJSON.Get("delta.stop_reason").String() - finishReason := mapKiroStopReasonToOpenAI(stopReason) - if finishReason != "" { - chunk := BuildOpenAISSEFinish(state, finishReason) - results = append(results, chunk) - } - - // Extract usage if present - if eventJSON.Get("usage").Exists() { - inputTokens := eventJSON.Get("usage.input_tokens").Int() - outputTokens := eventJSON.Get("usage.output_tokens").Int() - usageInfo := usage.Detail{ - InputTokens: inputTokens, - OutputTokens: outputTokens, - TotalTokens: inputTokens + outputTokens, - } - chunk := BuildOpenAISSEUsage(state, usageInfo) - results = append(results, chunk) - } - - case "message_stop": - // Final event - do NOT emit [DONE] here - // The handler layer (openai_handlers.go) will send [DONE] when the stream closes - // Emitting [DONE] here would cause duplicate [DONE] markers - - case "ping": - // Ping event with usage - optionally emit usage chunk - if eventJSON.Get("usage").Exists() { - inputTokens := eventJSON.Get("usage.input_tokens").Int() - outputTokens := eventJSON.Get("usage.output_tokens").Int() - usageInfo := usage.Detail{ - InputTokens: inputTokens, - OutputTokens: outputTokens, - TotalTokens: inputTokens + outputTokens, - } - chunk := BuildOpenAISSEUsage(state, usageInfo) - results = append(results, chunk) - } - } - - return results -} - -// ConvertKiroNonStreamToOpenAI converts Kiro non-streaming response to OpenAI format. -// The Kiro executor returns Claude-compatible JSON responses, so this function translates -// from Claude format to OpenAI format. -func ConvertKiroNonStreamToOpenAI(ctx context.Context, model string, originalRequest, request, rawResponse []byte, param *any) string { - // Parse the Claude-format response - response := gjson.ParseBytes(rawResponse) - - // Extract content - var content string - var reasoningContent string - var toolUses []KiroToolUse - var stopReason string - - // Get stop_reason - stopReason = response.Get("stop_reason").String() - - // Process content blocks - contentBlocks := response.Get("content") - if contentBlocks.IsArray() { - for _, block := range contentBlocks.Array() { - blockType := block.Get("type").String() - switch blockType { - case "text": - content += block.Get("text").String() - case "thinking": - // Convert thinking blocks to reasoning_content for OpenAI format - reasoningContent += block.Get("thinking").String() - case "tool_use": - toolUseID := block.Get("id").String() - toolName := block.Get("name").String() - toolInput := block.Get("input") - - var inputMap map[string]interface{} - if toolInput.IsObject() { - inputMap = make(map[string]interface{}) - toolInput.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - } - - // Extract usage - usageInfo := usage.Detail{ - InputTokens: response.Get("usage.input_tokens").Int(), - OutputTokens: response.Get("usage.output_tokens").Int(), - } - usageInfo.TotalTokens = usageInfo.InputTokens + usageInfo.OutputTokens - - // Build OpenAI response with reasoning_content support - openaiResponse := BuildOpenAIResponseWithReasoning(content, reasoningContent, toolUses, model, usageInfo, stopReason) - return string(openaiResponse) -} - -// ParseClaudeEvent parses a Claude SSE event and returns the event type and data -func ParseClaudeEvent(rawEvent []byte) (eventType string, eventData []byte) { - lines := bytes.Split(rawEvent, []byte("\n")) - for _, line := range lines { - line = bytes.TrimSpace(line) - if bytes.HasPrefix(line, []byte("event:")) { - eventType = string(bytes.TrimSpace(bytes.TrimPrefix(line, []byte("event:")))) - } else if bytes.HasPrefix(line, []byte("data:")) { - eventData = bytes.TrimSpace(bytes.TrimPrefix(line, []byte("data:"))) - } - } - return eventType, eventData -} - -// ExtractThinkingFromContent parses content to extract thinking blocks. -// Returns cleaned content (without thinking tags) and whether thinking was found. -func ExtractThinkingFromContent(content string) (string, string, bool) { - if !strings.Contains(content, kirocommon.ThinkingStartTag) { - return content, "", false - } - - var cleanedContent strings.Builder - var thinkingContent strings.Builder - hasThinking := false - remaining := content - - for len(remaining) > 0 { - startIdx := strings.Index(remaining, kirocommon.ThinkingStartTag) - if startIdx == -1 { - cleanedContent.WriteString(remaining) - break - } - - // Add content before thinking tag - cleanedContent.WriteString(remaining[:startIdx]) - - // Move past opening tag - remaining = remaining[startIdx+len(kirocommon.ThinkingStartTag):] - - // Find closing tag - endIdx := strings.Index(remaining, kirocommon.ThinkingEndTag) - if endIdx == -1 { - // No closing tag - treat rest as thinking - thinkingContent.WriteString(remaining) - hasThinking = true - break - } - - // Extract thinking content - thinkingContent.WriteString(remaining[:endIdx]) - hasThinking = true - remaining = remaining[endIdx+len(kirocommon.ThinkingEndTag):] - } - - return strings.TrimSpace(cleanedContent.String()), strings.TrimSpace(thinkingContent.String()), hasThinking -} - -// ConvertOpenAIToolsToKiroFormat is a helper that converts OpenAI tools format to Kiro format -func ConvertOpenAIToolsToKiroFormat(tools []map[string]interface{}) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - - for _, tool := range tools { - toolType, _ := tool["type"].(string) - if toolType != "function" { - continue - } - - fn, ok := tool["function"].(map[string]interface{}) - if !ok { - continue - } - - name := kirocommon.GetString(fn, "name") - description := kirocommon.GetString(fn, "description") - parameters := ensureKiroInputSchema(fn["parameters"]) - - if name == "" { - continue - } - - if description == "" { - description = "Tool: " + name - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: parameters}, - }, - }) - } - - return kiroTools -} - -// OpenAIStreamParams holds parameters for OpenAI streaming conversion -type OpenAIStreamParams struct { - State *OpenAIStreamState - ThinkingState *ThinkingTagState - ToolCallsEmitted map[string]bool -} - -// NewOpenAIStreamParams creates new streaming parameters -func NewOpenAIStreamParams(model string) *OpenAIStreamParams { - return &OpenAIStreamParams{ - State: NewOpenAIStreamState(model), - ThinkingState: NewThinkingTagState(), - ToolCallsEmitted: make(map[string]bool), - } -} - -// ConvertClaudeToolUseToOpenAI converts a Claude tool_use block to OpenAI tool_calls format -func ConvertClaudeToolUseToOpenAI(toolUseID, toolName string, input map[string]interface{}) map[string]interface{} { - inputJSON, _ := json.Marshal(input) - return map[string]interface{}{ - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": string(inputJSON), - }, - } -} - -// LogStreamEvent logs a streaming event for debugging -func LogStreamEvent(eventType, data string) { - log.Debugf("kiro-openai: stream event type=%s, data_len=%d", eventType, len(data)) -} diff --git a/internal/translator/kiro/openai/kiro_openai_request.go b/internal/translator/kiro/openai/kiro_openai_request.go deleted file mode 100644 index 1426e1c1cd..0000000000 --- a/internal/translator/kiro/openai/kiro_openai_request.go +++ /dev/null @@ -1,926 +0,0 @@ -// Package openai provides request translation from OpenAI Chat Completions to Kiro format. -// It handles parsing and transforming OpenAI API requests into the Kiro/Amazon Q API format, -// extracting model information, system instructions, message contents, and tool declarations. -package openai - -import ( - "encoding/json" - "fmt" - "net/http" - "strings" - "time" - "unicode/utf8" - - "github.com/google/uuid" - kiroclaude "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/claude" - kirocommon "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/kiro/common" - log "github.com/sirupsen/logrus" - "github.com/tidwall/gjson" -) - -// Kiro API request structs - reuse from kiroclaude package structure - -// KiroPayload is the top-level request structure for Kiro API -type KiroPayload struct { - ConversationState KiroConversationState `json:"conversationState"` - ProfileArn string `json:"profileArn,omitempty"` - InferenceConfig *KiroInferenceConfig `json:"inferenceConfig,omitempty"` -} - -// KiroInferenceConfig contains inference parameters for the Kiro API. -type KiroInferenceConfig struct { - MaxTokens int `json:"maxTokens,omitempty"` - Temperature float64 `json:"temperature,omitempty"` - TopP float64 `json:"topP,omitempty"` -} - -// KiroConversationState holds the conversation context -type KiroConversationState struct { - ChatTriggerType string `json:"chatTriggerType"` // Required: "MANUAL" - ConversationID string `json:"conversationId"` - CurrentMessage KiroCurrentMessage `json:"currentMessage"` - History []KiroHistoryMessage `json:"history,omitempty"` -} - -// KiroCurrentMessage wraps the current user message -type KiroCurrentMessage struct { - UserInputMessage KiroUserInputMessage `json:"userInputMessage"` -} - -// KiroHistoryMessage represents a message in the conversation history -type KiroHistoryMessage struct { - UserInputMessage *KiroUserInputMessage `json:"userInputMessage,omitempty"` - AssistantResponseMessage *KiroAssistantResponseMessage `json:"assistantResponseMessage,omitempty"` -} - -// KiroImage represents an image in Kiro API format -type KiroImage struct { - Format string `json:"format"` - Source KiroImageSource `json:"source"` -} - -// KiroImageSource contains the image data -type KiroImageSource struct { - Bytes string `json:"bytes"` // base64 encoded image data -} - -// KiroUserInputMessage represents a user message -type KiroUserInputMessage struct { - Content string `json:"content"` - ModelID string `json:"modelId"` - Origin string `json:"origin"` - Images []KiroImage `json:"images,omitempty"` - UserInputMessageContext *KiroUserInputMessageContext `json:"userInputMessageContext,omitempty"` -} - -// KiroUserInputMessageContext contains tool-related context -type KiroUserInputMessageContext struct { - ToolResults []KiroToolResult `json:"toolResults,omitempty"` - Tools []KiroToolWrapper `json:"tools,omitempty"` -} - -// KiroToolResult represents a tool execution result -type KiroToolResult struct { - Content []KiroTextContent `json:"content"` - Status string `json:"status"` - ToolUseID string `json:"toolUseId"` -} - -// KiroTextContent represents text content -type KiroTextContent struct { - Text string `json:"text"` -} - -// KiroToolWrapper wraps a tool specification -type KiroToolWrapper struct { - ToolSpecification KiroToolSpecification `json:"toolSpecification"` -} - -// KiroToolSpecification defines a tool's schema -type KiroToolSpecification struct { - Name string `json:"name"` - Description string `json:"description"` - InputSchema KiroInputSchema `json:"inputSchema"` -} - -// KiroInputSchema wraps the JSON schema for tool input -type KiroInputSchema struct { - JSON interface{} `json:"json"` -} - -// KiroAssistantResponseMessage represents an assistant message -type KiroAssistantResponseMessage struct { - Content string `json:"content"` - ToolUses []KiroToolUse `json:"toolUses,omitempty"` -} - -// KiroToolUse represents a tool invocation by the assistant -type KiroToolUse struct { - ToolUseID string `json:"toolUseId"` - Name string `json:"name"` - Input map[string]interface{} `json:"input"` -} - -// ConvertOpenAIRequestToKiro converts an OpenAI Chat Completions request to Kiro format. -// This is the main entry point for request translation. -// Note: The actual payload building happens in the executor, this just passes through -// the OpenAI format which will be converted by BuildKiroPayloadFromOpenAI. -func ConvertOpenAIRequestToKiro(modelName string, inputRawJSON []byte, stream bool) []byte { - // Pass through the OpenAI format - actual conversion happens in BuildKiroPayloadFromOpenAI - return inputRawJSON -} - -// BuildKiroPayloadFromOpenAI constructs the Kiro API request payload from OpenAI format. -// Supports tool calling - tools are passed via userInputMessageContext. -// origin parameter determines which quota to use: "CLI" for Amazon Q, "AI_EDITOR" for Kiro IDE. -// isAgentic parameter enables chunked write optimization prompt for -agentic model variants. -// isChatOnly parameter disables tool calling for -chat model variants (pure conversation mode). -// headers parameter allows checking Anthropic-Beta header for thinking mode detection. -// metadata parameter is kept for API compatibility but no longer used for thinking configuration. -// Returns the payload and a boolean indicating whether thinking mode was injected. -func BuildKiroPayloadFromOpenAI(openaiBody []byte, modelID, profileArn, origin string, isAgentic, isChatOnly bool, headers http.Header, metadata map[string]any) ([]byte, bool) { - // Extract max_tokens for potential use in inferenceConfig - // Handle -1 as "use maximum" (Kiro max output is ~32000 tokens) - const kiroMaxOutputTokens = 32000 - var maxTokens int64 - if mt := gjson.GetBytes(openaiBody, "max_tokens"); mt.Exists() { - maxTokens = mt.Int() - if maxTokens == -1 { - maxTokens = kiroMaxOutputTokens - log.Debugf("kiro-openai: max_tokens=-1 converted to %d", kiroMaxOutputTokens) - } - } - - // Extract temperature if specified - var temperature float64 - var hasTemperature bool - if temp := gjson.GetBytes(openaiBody, "temperature"); temp.Exists() { - temperature = temp.Float() - hasTemperature = true - } - - // Extract top_p if specified - var topP float64 - var hasTopP bool - if tp := gjson.GetBytes(openaiBody, "top_p"); tp.Exists() { - topP = tp.Float() - hasTopP = true - log.Debugf("kiro-openai: extracted top_p: %.2f", topP) - } - - // Normalize origin value for Kiro API compatibility - origin = normalizeOrigin(origin) - log.Debugf("kiro-openai: normalized origin value: %s", origin) - - messages := gjson.GetBytes(openaiBody, "messages") - - // For chat-only mode, don't include tools - var tools gjson.Result - if !isChatOnly { - tools = gjson.GetBytes(openaiBody, "tools") - } - - // Extract system prompt from messages - systemPrompt := extractSystemPromptFromOpenAI(messages) - - // Inject timestamp context - timestamp := time.Now().Format("2006-01-02 15:04:05 MST") - timestampContext := fmt.Sprintf("[Context: Current time is %s]", timestamp) - if systemPrompt != "" { - systemPrompt = timestampContext + "\n\n" + systemPrompt - } else { - systemPrompt = timestampContext - } - log.Debugf("kiro-openai: injected timestamp context: %s", timestamp) - - // Inject agentic optimization prompt for -agentic model variants - if isAgentic { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += kirocommon.KiroAgenticSystemPrompt - } - - // Handle tool_choice parameter - Kiro doesn't support it natively, so we inject system prompt hints - // OpenAI tool_choice values: "none", "auto", "required", or {"type":"function","function":{"name":"..."}} - toolChoiceHint := extractToolChoiceHint(openaiBody) - if toolChoiceHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += toolChoiceHint - log.Debugf("kiro-openai: injected tool_choice hint into system prompt") - } - - // Handle response_format parameter - Kiro doesn't support it natively, so we inject system prompt hints - // OpenAI response_format: {"type": "json_object"} or {"type": "json_schema", "json_schema": {...}} - responseFormatHint := extractResponseFormatHint(openaiBody) - if responseFormatHint != "" { - if systemPrompt != "" { - systemPrompt += "\n" - } - systemPrompt += responseFormatHint - log.Debugf("kiro-openai: injected response_format hint into system prompt") - } - - // Check for thinking mode - // Supports OpenAI reasoning_effort parameter, model name hints, and Anthropic-Beta header - thinkingEnabled := checkThinkingModeFromOpenAIWithHeaders(openaiBody, headers) - - // Convert OpenAI tools to Kiro format - kiroTools := convertOpenAIToolsToKiro(tools) - - // Thinking mode implementation: - // Kiro API supports official thinking/reasoning mode via tag. - // When set to "enabled", Kiro returns reasoning content as official reasoningContentEvent - // rather than inline tags in assistantResponseEvent. - // Use a conservative thinking budget to reduce latency/cost spikes in long sessions. - if thinkingEnabled { - thinkingHint := `enabled -16000` - if systemPrompt != "" { - systemPrompt = thinkingHint + "\n\n" + systemPrompt - } else { - systemPrompt = thinkingHint - } - log.Infof("kiro-openai: injected thinking prompt (official mode), has_tools: %v", len(kiroTools) > 0) - } - - // Process messages and build history - history, currentUserMsg, currentToolResults := processOpenAIMessages(messages, modelID, origin) - - // Build content with system prompt - if currentUserMsg != nil { - currentUserMsg.Content = buildFinalContent(currentUserMsg.Content, systemPrompt, currentToolResults) - - // Deduplicate currentToolResults - currentToolResults = deduplicateToolResults(currentToolResults) - - // Build userInputMessageContext with tools and tool results - if len(kiroTools) > 0 || len(currentToolResults) > 0 { - currentUserMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - Tools: kiroTools, - ToolResults: currentToolResults, - } - } - } - - // Build payload - var currentMessage KiroCurrentMessage - if currentUserMsg != nil { - currentMessage = KiroCurrentMessage{UserInputMessage: *currentUserMsg} - } else { - fallbackContent := "" - if systemPrompt != "" { - fallbackContent = "--- SYSTEM PROMPT ---\n" + systemPrompt + "\n--- END SYSTEM PROMPT ---\n" - } - currentMessage = KiroCurrentMessage{UserInputMessage: KiroUserInputMessage{ - Content: fallbackContent, - ModelID: modelID, - Origin: origin, - }} - } - - // Build inferenceConfig if we have any inference parameters - // Note: Kiro API doesn't actually use max_tokens for thinking budget - var inferenceConfig *KiroInferenceConfig - if maxTokens > 0 || hasTemperature || hasTopP { - inferenceConfig = &KiroInferenceConfig{} - if maxTokens > 0 { - inferenceConfig.MaxTokens = int(maxTokens) - } - if hasTemperature { - inferenceConfig.Temperature = temperature - } - if hasTopP { - inferenceConfig.TopP = topP - } - } - - payload := KiroPayload{ - ConversationState: KiroConversationState{ - ChatTriggerType: "MANUAL", - ConversationID: uuid.New().String(), - CurrentMessage: currentMessage, - History: history, - }, - ProfileArn: profileArn, - InferenceConfig: inferenceConfig, - } - - result, err := json.Marshal(payload) - if err != nil { - log.Debugf("kiro-openai: failed to marshal payload: %v", err) - return nil, false - } - - return result, thinkingEnabled -} - -// normalizeOrigin normalizes origin value for Kiro API compatibility -func normalizeOrigin(origin string) string { - switch origin { - case "KIRO_CLI": - return "CLI" - case "KIRO_AI_EDITOR": - return "AI_EDITOR" - case "AMAZON_Q": - return "CLI" - case "KIRO_IDE": - return "AI_EDITOR" - default: - return origin - } -} - -// extractSystemPromptFromOpenAI extracts system prompt from OpenAI messages -func extractSystemPromptFromOpenAI(messages gjson.Result) string { - if !messages.IsArray() { - return "" - } - - var systemParts []string - for _, msg := range messages.Array() { - if msg.Get("role").String() == "system" { - content := msg.Get("content") - if content.Type == gjson.String { - systemParts = append(systemParts, content.String()) - } else if content.IsArray() { - // Handle array content format - for _, part := range content.Array() { - if part.Get("type").String() == "text" { - systemParts = append(systemParts, part.Get("text").String()) - } - } - } - } - } - - return strings.Join(systemParts, "\n") -} - -// shortenToolNameIfNeeded shortens tool names that exceed 64 characters. -// MCP tools often have long names like "mcp__server-name__tool-name". -// This preserves the "mcp__" prefix and last segment when possible. -func shortenToolNameIfNeeded(name string) string { - const limit = 64 - if len(name) <= limit { - return name - } - // For MCP tools, try to preserve prefix and last segment - if strings.HasPrefix(name, "mcp__") { - idx := strings.LastIndex(name, "__") - if idx > 0 { - cand := "mcp__" + name[idx+2:] - if len(cand) > limit { - return cand[:limit] - } - return cand - } - } - return name[:limit] -} - -func ensureKiroInputSchema(parameters interface{}) interface{} { - if parameters != nil { - return parameters - } - return map[string]interface{}{ - "type": "object", - "properties": map[string]interface{}{}, - } -} - -// convertOpenAIToolsToKiro converts OpenAI tools to Kiro format -func convertOpenAIToolsToKiro(tools gjson.Result) []KiroToolWrapper { - var kiroTools []KiroToolWrapper - if !tools.IsArray() { - return kiroTools - } - - for _, tool := range tools.Array() { - // OpenAI tools have type "function" with function definition inside - if tool.Get("type").String() != "function" { - continue - } - - fn := tool.Get("function") - if !fn.Exists() { - continue - } - - name := fn.Get("name").String() - description := fn.Get("description").String() - parametersResult := fn.Get("parameters") - var parameters interface{} - if parametersResult.Exists() && parametersResult.Type != gjson.Null { - parameters = parametersResult.Value() - } - parameters = ensureKiroInputSchema(parameters) - - // Shorten tool name if it exceeds 64 characters (common with MCP tools) - originalName := name - name = shortenToolNameIfNeeded(name) - if name != originalName { - log.Debugf("kiro-openai: shortened tool name from '%s' to '%s'", originalName, name) - } - - // CRITICAL FIX: Kiro API requires non-empty description - if strings.TrimSpace(description) == "" { - description = fmt.Sprintf("Tool: %s", name) - log.Debugf("kiro-openai: tool '%s' has empty description, using default: %s", name, description) - } - - // Truncate long descriptions - if len(description) > kirocommon.KiroMaxToolDescLen { - truncLen := kirocommon.KiroMaxToolDescLen - 30 - for truncLen > 0 && !utf8.RuneStart(description[truncLen]) { - truncLen-- - } - description = description[:truncLen] + "... (description truncated)" - } - - kiroTools = append(kiroTools, KiroToolWrapper{ - ToolSpecification: KiroToolSpecification{ - Name: name, - Description: description, - InputSchema: KiroInputSchema{JSON: parameters}, - }, - }) - } - - return kiroTools -} - -// processOpenAIMessages processes OpenAI messages and builds Kiro history -func processOpenAIMessages(messages gjson.Result, modelID, origin string) ([]KiroHistoryMessage, *KiroUserInputMessage, []KiroToolResult) { - var history []KiroHistoryMessage - var currentUserMsg *KiroUserInputMessage - var currentToolResults []KiroToolResult - - if !messages.IsArray() { - return history, currentUserMsg, currentToolResults - } - - // Merge adjacent messages with the same role - messagesArray := kirocommon.MergeAdjacentMessages(messages.Array()) - - // Track pending tool results that should be attached to the next user message - // This is critical for LiteLLM-translated requests where tool results appear - // as separate "tool" role messages between assistant and user messages - var pendingToolResults []KiroToolResult - - for i, msg := range messagesArray { - role := msg.Get("role").String() - isLastMessage := i == len(messagesArray)-1 - - switch role { - case "system": - // System messages are handled separately via extractSystemPromptFromOpenAI - continue - - case "user": - userMsg, toolResults := buildUserMessageFromOpenAI(msg, modelID, origin) - // Merge any pending tool results from preceding "tool" role messages - toolResults = append(pendingToolResults, toolResults...) - pendingToolResults = nil // Reset pending tool results - - if isLastMessage { - currentUserMsg = &userMsg - currentToolResults = toolResults - } else { - // CRITICAL: Kiro API requires content to be non-empty for history messages - if strings.TrimSpace(userMsg.Content) == "" { - if len(toolResults) > 0 { - userMsg.Content = "Tool results provided." - } else { - userMsg.Content = "Continue" - } - } - // For history messages, embed tool results in context - if len(toolResults) > 0 { - userMsg.UserInputMessageContext = &KiroUserInputMessageContext{ - ToolResults: toolResults, - } - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &userMsg, - }) - } - - case "assistant": - assistantMsg := buildAssistantMessageFromOpenAI(msg) - - // If there are pending tool results, we need to insert a synthetic user message - // before this assistant message to maintain proper conversation structure - if len(pendingToolResults) > 0 { - syntheticUserMsg := KiroUserInputMessage{ - Content: "Tool results provided.", - ModelID: modelID, - Origin: origin, - UserInputMessageContext: &KiroUserInputMessageContext{ - ToolResults: pendingToolResults, - }, - } - history = append(history, KiroHistoryMessage{ - UserInputMessage: &syntheticUserMsg, - }) - pendingToolResults = nil - } - - if isLastMessage { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - // Create a "Continue" user message as currentMessage - currentUserMsg = &KiroUserInputMessage{ - Content: "Continue", - ModelID: modelID, - Origin: origin, - } - } else { - history = append(history, KiroHistoryMessage{ - AssistantResponseMessage: &assistantMsg, - }) - } - - case "tool": - // Tool messages in OpenAI format provide results for tool_calls - // These are typically followed by user or assistant messages - // Collect them as pending and attach to the next user message - toolCallID := msg.Get("tool_call_id").String() - content := msg.Get("content").String() - - if toolCallID != "" { - toolResult := KiroToolResult{ - ToolUseID: toolCallID, - Content: []KiroTextContent{{Text: content}}, - Status: "success", - } - // Collect pending tool results to attach to the next user message - pendingToolResults = append(pendingToolResults, toolResult) - } - } - } - - // Handle case where tool results are at the end with no following user message - if len(pendingToolResults) > 0 { - currentToolResults = append(currentToolResults, pendingToolResults...) - // If there's no current user message, create a synthetic one for the tool results - if currentUserMsg == nil { - currentUserMsg = &KiroUserInputMessage{ - Content: "Tool results provided.", - ModelID: modelID, - Origin: origin, - } - } - } - - // Truncate history if too long to prevent Kiro API errors - history = truncateHistoryIfNeeded(history) - - return history, currentUserMsg, currentToolResults -} - -const kiroMaxHistoryMessages = 50 - -func truncateHistoryIfNeeded(history []KiroHistoryMessage) []KiroHistoryMessage { - if len(history) <= kiroMaxHistoryMessages { - return history - } - - log.Debugf("kiro-openai: truncating history from %d to %d messages", len(history), kiroMaxHistoryMessages) - return history[len(history)-kiroMaxHistoryMessages:] -} - -// buildUserMessageFromOpenAI builds a user message from OpenAI format and extracts tool results -func buildUserMessageFromOpenAI(msg gjson.Result, modelID, origin string) (KiroUserInputMessage, []KiroToolResult) { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolResults []KiroToolResult - var images []KiroImage - - if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "image_url": - imageURL := part.Get("image_url.url").String() - if strings.HasPrefix(imageURL, "data:") { - // Parse data URL: data:image/png;base64,xxxxx - if idx := strings.Index(imageURL, ";base64,"); idx != -1 { - mediaType := imageURL[5:idx] // Skip "data:" - data := imageURL[idx+8:] // Skip ";base64," - - format := "" - if lastSlash := strings.LastIndex(mediaType, "/"); lastSlash != -1 { - format = mediaType[lastSlash+1:] - } - - if format != "" && data != "" { - images = append(images, KiroImage{ - Format: format, - Source: KiroImageSource{ - Bytes: data, - }, - }) - } - } - } - } - } - } else if content.Type == gjson.String { - contentBuilder.WriteString(content.String()) - } - - userMsg := KiroUserInputMessage{ - Content: contentBuilder.String(), - ModelID: modelID, - Origin: origin, - } - - if len(images) > 0 { - userMsg.Images = images - } - - return userMsg, toolResults -} - -// buildAssistantMessageFromOpenAI builds an assistant message from OpenAI format -func buildAssistantMessageFromOpenAI(msg gjson.Result) KiroAssistantResponseMessage { - content := msg.Get("content") - var contentBuilder strings.Builder - var toolUses []KiroToolUse - - // Handle content - if content.Type == gjson.String { - contentBuilder.WriteString(content.String()) - } else if content.IsArray() { - for _, part := range content.Array() { - partType := part.Get("type").String() - switch partType { - case "text": - contentBuilder.WriteString(part.Get("text").String()) - case "tool_use": - // Handle tool_use in content array (Anthropic/OpenCode format) - // This is different from OpenAI's tool_calls format - toolUseID := part.Get("id").String() - toolName := part.Get("name").String() - inputData := part.Get("input") - - inputMap := make(map[string]interface{}) - if inputData.Exists() && inputData.IsObject() { - inputData.ForEach(func(key, value gjson.Result) bool { - inputMap[key.String()] = value.Value() - return true - }) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - log.Debugf("kiro-openai: extracted tool_use from content array: %s", toolName) - } - } - } - - // Handle tool_calls (OpenAI format) - toolCalls := msg.Get("tool_calls") - if toolCalls.IsArray() { - for _, tc := range toolCalls.Array() { - if tc.Get("type").String() != "function" { - continue - } - - toolUseID := tc.Get("id").String() - toolName := tc.Get("function.name").String() - toolArgs := tc.Get("function.arguments").String() - - var inputMap map[string]interface{} - if err := json.Unmarshal([]byte(toolArgs), &inputMap); err != nil { - log.Debugf("kiro-openai: failed to parse tool arguments: %v", err) - inputMap = make(map[string]interface{}) - } - - toolUses = append(toolUses, KiroToolUse{ - ToolUseID: toolUseID, - Name: toolName, - Input: inputMap, - }) - } - } - - // CRITICAL FIX: Kiro API requires non-empty content for assistant messages - // This can happen with compaction requests or error recovery scenarios - finalContent := contentBuilder.String() - if strings.TrimSpace(finalContent) == "" { - if len(toolUses) > 0 { - finalContent = kirocommon.DefaultAssistantContentWithTools - } else { - finalContent = kirocommon.DefaultAssistantContent - } - log.Debugf("kiro-openai: assistant content was empty, using default: %s", finalContent) - } - - return KiroAssistantResponseMessage{ - Content: finalContent, - ToolUses: toolUses, - } -} - -// buildFinalContent builds the final content with system prompt -func buildFinalContent(content, systemPrompt string, toolResults []KiroToolResult) string { - var contentBuilder strings.Builder - - if systemPrompt != "" { - contentBuilder.WriteString("--- SYSTEM PROMPT ---\n") - contentBuilder.WriteString(systemPrompt) - contentBuilder.WriteString("\n--- END SYSTEM PROMPT ---\n\n") - } - - contentBuilder.WriteString(content) - finalContent := contentBuilder.String() - - // CRITICAL: Kiro API requires content to be non-empty - if strings.TrimSpace(finalContent) == "" { - if len(toolResults) > 0 { - finalContent = "Tool results provided." - } else { - finalContent = "Continue" - } - log.Debugf("kiro-openai: content was empty, using default: %s", finalContent) - } - - return finalContent -} - -// checkThinkingModeFromOpenAI checks if thinking mode is enabled in the OpenAI request. -// Returns thinkingEnabled. -// Supports: -// - reasoning_effort parameter (low/medium/high/auto) -// - Model name containing "thinking" or "reason" -// - tag in system prompt (AMP/Cursor format) -func checkThinkingModeFromOpenAI(openaiBody []byte) bool { - return checkThinkingModeFromOpenAIWithHeaders(openaiBody, nil) -} - -// checkThinkingModeFromOpenAIWithHeaders checks if thinking mode is enabled in the OpenAI request. -// Returns thinkingEnabled. -// Supports: -// - Anthropic-Beta header with interleaved-thinking (Claude CLI) -// - reasoning_effort parameter (low/medium/high/auto) -// - Model name containing "thinking" or "reason" -// - tag in system prompt (AMP/Cursor format) -func checkThinkingModeFromOpenAIWithHeaders(openaiBody []byte, headers http.Header) bool { - // Check Anthropic-Beta header first (Claude CLI uses this) - if kiroclaude.IsThinkingEnabledFromHeader(headers) { - log.Debugf("kiro-openai: thinking mode enabled via Anthropic-Beta header") - return true - } - - // Check OpenAI format: reasoning_effort parameter - // Valid values: "low", "medium", "high", "auto" (not "none") - reasoningEffort := gjson.GetBytes(openaiBody, "reasoning_effort") - if reasoningEffort.Exists() { - effort := reasoningEffort.String() - if effort != "" && effort != "none" { - log.Debugf("kiro-openai: thinking mode enabled via reasoning_effort: %s", effort) - return true - } - } - - // Check AMP/Cursor format: interleaved in system prompt - bodyStr := string(openaiBody) - if strings.Contains(bodyStr, "") && strings.Contains(bodyStr, "") { - startTag := "" - endTag := "" - startIdx := strings.Index(bodyStr, startTag) - if startIdx >= 0 { - startIdx += len(startTag) - endIdx := strings.Index(bodyStr[startIdx:], endTag) - if endIdx >= 0 { - thinkingMode := bodyStr[startIdx : startIdx+endIdx] - if thinkingMode == "interleaved" || thinkingMode == "enabled" { - log.Debugf("kiro-openai: thinking mode enabled via AMP/Cursor format: %s", thinkingMode) - return true - } - } - } - } - - // Check model name for thinking hints - model := gjson.GetBytes(openaiBody, "model").String() - modelLower := strings.ToLower(model) - if strings.Contains(modelLower, "thinking") || strings.Contains(modelLower, "-reason") { - log.Debugf("kiro-openai: thinking mode enabled via model name hint: %s", model) - return true - } - - log.Debugf("kiro-openai: no thinking mode detected in OpenAI request") - return false -} - -// hasThinkingTagInBody checks if the request body already contains thinking configuration tags. -// This is used to prevent duplicate injection when client (e.g., AMP/Cursor) already includes thinking config. -func hasThinkingTagInBody(body []byte) bool { - bodyStr := string(body) - return strings.Contains(bodyStr, "") || strings.Contains(bodyStr, "") -} - -// extractToolChoiceHint extracts tool_choice from OpenAI request and returns a system prompt hint. -// OpenAI tool_choice values: -// - "none": Don't use any tools -// - "auto": Model decides (default, no hint needed) -// - "required": Must use at least one tool -// - {"type":"function","function":{"name":"..."}} : Must use specific tool -func extractToolChoiceHint(openaiBody []byte) string { - toolChoice := gjson.GetBytes(openaiBody, "tool_choice") - if !toolChoice.Exists() { - return "" - } - - // Handle string values - if toolChoice.Type == gjson.String { - switch toolChoice.String() { - case "none": - // Note: When tool_choice is "none", we should ideally not pass tools at all - // But since we can't modify tool passing here, we add a strong hint - return "[INSTRUCTION: Do NOT use any tools. Respond with text only.]" - case "required": - return "[INSTRUCTION: You MUST use at least one of the available tools to respond. Do not respond with text only - always make a tool call.]" - case "auto": - // Default behavior, no hint needed - return "" - } - } - - // Handle object value: {"type":"function","function":{"name":"..."}} - if toolChoice.IsObject() { - if toolChoice.Get("type").String() == "function" { - toolName := toolChoice.Get("function.name").String() - if toolName != "" { - return fmt.Sprintf("[INSTRUCTION: You MUST use the tool named '%s' to respond. Do not use any other tool or respond with text only.]", toolName) - } - } - } - - return "" -} - -// extractResponseFormatHint extracts response_format from OpenAI request and returns a system prompt hint. -// OpenAI response_format values: -// - {"type": "text"}: Default, no hint needed -// - {"type": "json_object"}: Must respond with valid JSON -// - {"type": "json_schema", "json_schema": {...}}: Must respond with JSON matching schema -func extractResponseFormatHint(openaiBody []byte) string { - responseFormat := gjson.GetBytes(openaiBody, "response_format") - if !responseFormat.Exists() { - return "" - } - - formatType := responseFormat.Get("type").String() - switch formatType { - case "json_object": - return "[INSTRUCTION: You MUST respond with valid JSON only. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]" - case "json_schema": - // Extract schema if provided - schema := responseFormat.Get("json_schema.schema") - if schema.Exists() { - schemaStr := schema.Raw - // Truncate if too long - if len(schemaStr) > 500 { - schemaStr = schemaStr[:500] + "..." - } - return fmt.Sprintf("[INSTRUCTION: You MUST respond with valid JSON that matches this schema: %s. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]", schemaStr) - } - return "[INSTRUCTION: You MUST respond with valid JSON only. Do not include any text before or after the JSON. Do not wrap the JSON in markdown code blocks. Output raw JSON directly.]" - case "text": - // Default behavior, no hint needed - return "" - } - - return "" -} - -// deduplicateToolResults removes duplicate tool results -func deduplicateToolResults(toolResults []KiroToolResult) []KiroToolResult { - if len(toolResults) == 0 { - return toolResults - } - - seenIDs := make(map[string]bool) - unique := make([]KiroToolResult, 0, len(toolResults)) - for _, tr := range toolResults { - if !seenIDs[tr.ToolUseID] { - seenIDs[tr.ToolUseID] = true - unique = append(unique, tr) - } else { - log.Debugf("kiro-openai: skipping duplicate toolResult: %s", tr.ToolUseID) - } - } - return unique -} diff --git a/internal/translator/kiro/openai/kiro_openai_request_test.go b/internal/translator/kiro/openai/kiro_openai_request_test.go deleted file mode 100644 index 85e95d4ae6..0000000000 --- a/internal/translator/kiro/openai/kiro_openai_request_test.go +++ /dev/null @@ -1,386 +0,0 @@ -package openai - -import ( - "encoding/json" - "testing" -) - -// TestToolResultsAttachedToCurrentMessage verifies that tool results from "tool" role messages -// are properly attached to the current user message (the last message in the conversation). -// This is critical for LiteLLM-translated requests where tool results appear as separate messages. -func TestToolResultsAttachedToCurrentMessage(t *testing.T) { - // OpenAI format request simulating LiteLLM's translation from Anthropic format - // Sequence: user -> assistant (with tool_calls) -> tool (result) -> user - // The last user message should have the tool results attached - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello, can you read a file for me?"}, - { - "role": "assistant", - "content": "I'll read that file for you.", - "tool_calls": [ - { - "id": "call_abc123", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/test.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_abc123", - "content": "File contents: Hello World!" - }, - {"role": "user", "content": "What did the file say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // The last user message becomes currentMessage - // History should have: user (first), assistant (with tool_calls) - t.Logf("History count: %d", len(payload.ConversationState.History)) - if len(payload.ConversationState.History) != 2 { - t.Errorf("Expected 2 history entries (user + assistant), got %d", len(payload.ConversationState.History)) - } - - // Tool results should be attached to currentMessage (the last user message) - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx == nil { - t.Fatal("Expected currentMessage to have UserInputMessageContext with tool results") - } - - if len(ctx.ToolResults) != 1 { - t.Fatalf("Expected 1 tool result in currentMessage, got %d", len(ctx.ToolResults)) - } - - tr := ctx.ToolResults[0] - if tr.ToolUseID != "call_abc123" { - t.Errorf("Expected toolUseId 'call_abc123', got '%s'", tr.ToolUseID) - } - if len(tr.Content) == 0 || tr.Content[0].Text != "File contents: Hello World!" { - t.Errorf("Tool result content mismatch, got: %+v", tr.Content) - } -} - -// TestToolResultsInHistoryUserMessage verifies that when there are multiple user messages -// after tool results, the tool results are attached to the correct user message in history. -func TestToolResultsInHistoryUserMessage(t *testing.T) { - // Sequence: user -> assistant (with tool_calls) -> tool (result) -> user -> assistant -> user - // The first user after tool should have tool results in history - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello"}, - { - "role": "assistant", - "content": "I'll read the file.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "File result" - }, - {"role": "user", "content": "Thanks for the file"}, - {"role": "assistant", "content": "You're welcome"}, - {"role": "user", "content": "Bye"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // History should have: user, assistant, user (with tool results), assistant - // CurrentMessage should be: last user "Bye" - t.Logf("History count: %d", len(payload.ConversationState.History)) - - // Find the user message in history with tool results - foundToolResults := false - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil { - t.Logf("History[%d]: user message content=%q", i, h.UserInputMessage.Content) - if h.UserInputMessage.UserInputMessageContext != nil { - if len(h.UserInputMessage.UserInputMessageContext.ToolResults) > 0 { - foundToolResults = true - t.Logf(" Found %d tool results", len(h.UserInputMessage.UserInputMessageContext.ToolResults)) - tr := h.UserInputMessage.UserInputMessageContext.ToolResults[0] - if tr.ToolUseID != "call_1" { - t.Errorf("Expected toolUseId 'call_1', got '%s'", tr.ToolUseID) - } - } - } - } - if h.AssistantResponseMessage != nil { - t.Logf("History[%d]: assistant message content=%q", i, h.AssistantResponseMessage.Content) - } - } - - if !foundToolResults { - t.Error("Tool results were not attached to any user message in history") - } -} - -// TestToolResultsWithMultipleToolCalls verifies handling of multiple tool calls -func TestToolResultsWithMultipleToolCalls(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read two files for me"}, - { - "role": "assistant", - "content": "I'll read both files.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/file1.txt\"}" - } - }, - { - "id": "call_2", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/file2.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "Content of file 1" - }, - { - "role": "tool", - "tool_call_id": "call_2", - "content": "Content of file 2" - }, - {"role": "user", "content": "What do they say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - t.Logf("History count: %d", len(payload.ConversationState.History)) - t.Logf("CurrentMessage content: %q", payload.ConversationState.CurrentMessage.UserInputMessage.Content) - - // Check if there are any tool results anywhere - var totalToolResults int - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil && h.UserInputMessage.UserInputMessageContext != nil { - count := len(h.UserInputMessage.UserInputMessageContext.ToolResults) - t.Logf("History[%d] user message has %d tool results", i, count) - totalToolResults += count - } - } - - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx != nil { - t.Logf("CurrentMessage has %d tool results", len(ctx.ToolResults)) - totalToolResults += len(ctx.ToolResults) - } else { - t.Logf("CurrentMessage has no UserInputMessageContext") - } - - if totalToolResults != 2 { - t.Errorf("Expected 2 tool results total, got %d", totalToolResults) - } -} - -// TestToolResultsAtEndOfConversation verifies tool results are handled when -// the conversation ends with tool results (no following user message) -func TestToolResultsAtEndOfConversation(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read a file"}, - { - "role": "assistant", - "content": "Reading the file.", - "tool_calls": [ - { - "id": "call_end", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/test.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_end", - "content": "File contents here" - } - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // When the last message is a tool result, a synthetic user message is created - // and tool results should be attached to it - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx == nil || len(ctx.ToolResults) == 0 { - t.Error("Expected tool results to be attached to current message when conversation ends with tool result") - } else { - if ctx.ToolResults[0].ToolUseID != "call_end" { - t.Errorf("Expected toolUseId 'call_end', got '%s'", ctx.ToolResults[0].ToolUseID) - } - } -} - -// TestToolResultsFollowedByAssistant verifies handling when tool results are followed -// by an assistant message (no intermediate user message). -// This is the pattern from LiteLLM translation of Anthropic format where: -// user message has ONLY tool_result blocks -> LiteLLM creates tool messages -// then the next message is assistant -func TestToolResultsFollowedByAssistant(t *testing.T) { - // Sequence: user -> assistant (with tool_calls) -> tool -> tool -> assistant -> user - // This simulates LiteLLM's translation of: - // user: "Read files" - // assistant: [tool_use, tool_use] - // user: [tool_result, tool_result] <- becomes multiple "tool" role messages - // assistant: "I've read them" - // user: "What did they say?" - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Read two files for me"}, - { - "role": "assistant", - "content": "I'll read both files.", - "tool_calls": [ - { - "id": "call_1", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/a.txt\"}" - } - }, - { - "id": "call_2", - "type": "function", - "function": { - "name": "Read", - "arguments": "{\"file_path\": \"/tmp/b.txt\"}" - } - } - ] - }, - { - "role": "tool", - "tool_call_id": "call_1", - "content": "Contents of file A" - }, - { - "role": "tool", - "tool_call_id": "call_2", - "content": "Contents of file B" - }, - { - "role": "assistant", - "content": "I've read both files." - }, - {"role": "user", "content": "What did they say?"} - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - t.Logf("History count: %d", len(payload.ConversationState.History)) - - // Tool results should be attached to a synthetic user message or the history should be valid - var totalToolResults int - for i, h := range payload.ConversationState.History { - if h.UserInputMessage != nil { - t.Logf("History[%d]: user message content=%q", i, h.UserInputMessage.Content) - if h.UserInputMessage.UserInputMessageContext != nil { - count := len(h.UserInputMessage.UserInputMessageContext.ToolResults) - t.Logf(" Has %d tool results", count) - totalToolResults += count - } - } - if h.AssistantResponseMessage != nil { - t.Logf("History[%d]: assistant message content=%q", i, h.AssistantResponseMessage.Content) - } - } - - ctx := payload.ConversationState.CurrentMessage.UserInputMessage.UserInputMessageContext - if ctx != nil { - t.Logf("CurrentMessage has %d tool results", len(ctx.ToolResults)) - totalToolResults += len(ctx.ToolResults) - } - - if totalToolResults != 2 { - t.Errorf("Expected 2 tool results total, got %d", totalToolResults) - } -} - -// TestAssistantEndsConversation verifies handling when assistant is the last message -func TestAssistantEndsConversation(t *testing.T) { - input := []byte(`{ - "model": "kiro-claude-opus-4-5-agentic", - "messages": [ - {"role": "user", "content": "Hello"}, - { - "role": "assistant", - "content": "Hi there!" - } - ] - }`) - - result, _ := BuildKiroPayloadFromOpenAI(input, "kiro-model", "", "CLI", false, false, nil, nil) - - var payload KiroPayload - if err := json.Unmarshal(result, &payload); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - // When assistant is last, a "Continue" user message should be created - if payload.ConversationState.CurrentMessage.UserInputMessage.Content == "" { - t.Error("Expected a 'Continue' message to be created when assistant is last") - } -} diff --git a/internal/translator/kiro/openai/kiro_openai_response.go b/internal/translator/kiro/openai/kiro_openai_response.go deleted file mode 100644 index e6af8e4cec..0000000000 --- a/internal/translator/kiro/openai/kiro_openai_response.go +++ /dev/null @@ -1,277 +0,0 @@ -// Package openai provides response translation from Kiro to OpenAI format. -// This package handles the conversion of Kiro API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses. -package openai - -import ( - "encoding/json" - "fmt" - "sync/atomic" - "time" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" - log "github.com/sirupsen/logrus" -) - -// functionCallIDCounter provides a process-wide unique counter for function call identifiers. -var functionCallIDCounter uint64 - -// BuildOpenAIResponse constructs an OpenAI Chat Completions-compatible response. -// Supports tool_calls when tools are present in the response. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildOpenAIResponse(content string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - return BuildOpenAIResponseWithReasoning(content, "", toolUses, model, usageInfo, stopReason) -} - -// BuildOpenAIResponseWithReasoning constructs an OpenAI Chat Completions-compatible response with reasoning_content support. -// Supports tool_calls when tools are present in the response. -// reasoningContent is included as reasoning_content field in the message when present. -// stopReason is passed from upstream; fallback logic applied if empty. -func BuildOpenAIResponseWithReasoning(content, reasoningContent string, toolUses []KiroToolUse, model string, usageInfo usage.Detail, stopReason string) []byte { - // Build the message object - message := map[string]interface{}{ - "role": "assistant", - "content": content, - } - - // Add reasoning_content if present (for thinking/reasoning models) - if reasoningContent != "" { - message["reasoning_content"] = reasoningContent - } - - // Add tool_calls if present - if len(toolUses) > 0 { - var toolCalls []map[string]interface{} - for i, tu := range toolUses { - inputJSON, _ := json.Marshal(tu.Input) - toolCalls = append(toolCalls, map[string]interface{}{ - "id": tu.ToolUseID, - "type": "function", - "index": i, - "function": map[string]interface{}{ - "name": tu.Name, - "arguments": string(inputJSON), - }, - }) - } - message["tool_calls"] = toolCalls - // When tool_calls are present, content should be null according to OpenAI spec - if content == "" { - message["content"] = nil - } - } - - // Use upstream stopReason; apply fallback logic if not provided - finishReason := mapKiroStopReasonToOpenAI(stopReason) - if finishReason == "" { - finishReason = "stop" - if len(toolUses) > 0 { - finishReason = "tool_calls" - } - log.Debugf("kiro-openai: buildOpenAIResponse using fallback finish_reason: %s", finishReason) - } - - response := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:24], - "object": "chat.completion", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{ - { - "index": 0, - "message": message, - "finish_reason": finishReason, - }, - }, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - - result, _ := json.Marshal(response) - return result -} - -// mapKiroStopReasonToOpenAI converts Kiro/Claude stop_reason to OpenAI finish_reason -func mapKiroStopReasonToOpenAI(stopReason string) string { - switch stopReason { - case "end_turn": - return "stop" - case "stop_sequence": - return "stop" - case "tool_use": - return "tool_calls" - case "max_tokens": - return "length" - case "content_filtered": - return "content_filter" - default: - return stopReason - } -} - -// BuildOpenAIStreamChunk constructs an OpenAI Chat Completions streaming chunk. -// This is the delta format used in streaming responses. -func BuildOpenAIStreamChunk(model string, deltaContent string, deltaToolCalls []map[string]interface{}, finishReason string, index int) []byte { - delta := map[string]interface{}{} - - // First chunk should include role - if index == 0 && deltaContent == "" && len(deltaToolCalls) == 0 { - delta["role"] = "assistant" - delta["content"] = "" - } else if deltaContent != "" { - delta["content"] = deltaContent - } - - // Add tool_calls delta if present - if len(deltaToolCalls) > 0 { - delta["tool_calls"] = deltaToolCalls - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - } - - if finishReason != "" { - choice["finish_reason"] = finishReason - } else { - choice["finish_reason"] = nil - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamChunkWithToolCallStart creates a stream chunk for tool call start -func BuildOpenAIStreamChunkWithToolCallStart(model string, toolUseID, toolName string, toolIndex int) []byte { - toolCall := map[string]interface{}{ - "index": toolIndex, - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": "", - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - "finish_reason": nil, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamChunkWithToolCallDelta creates a stream chunk for tool call arguments delta -func BuildOpenAIStreamChunkWithToolCallDelta(model string, argumentsDelta string, toolIndex int) []byte { - toolCall := map[string]interface{}{ - "index": toolIndex, - "function": map[string]interface{}{ - "arguments": argumentsDelta, - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - "finish_reason": nil, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamDoneChunk creates the final [DONE] stream event -func BuildOpenAIStreamDoneChunk() []byte { - return []byte("data: [DONE]") -} - -// BuildOpenAIStreamFinishChunk creates the final chunk with finish_reason -func BuildOpenAIStreamFinishChunk(model string, finishReason string) []byte { - choice := map[string]interface{}{ - "index": 0, - "delta": map[string]interface{}{}, - "finish_reason": finishReason, - } - - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{choice}, - } - - result, _ := json.Marshal(chunk) - return result -} - -// BuildOpenAIStreamUsageChunk creates a chunk with usage information (optional, for stream_options.include_usage) -func BuildOpenAIStreamUsageChunk(model string, usageInfo usage.Detail) []byte { - chunk := map[string]interface{}{ - "id": "chatcmpl-" + uuid.New().String()[:12], - "object": "chat.completion.chunk", - "created": time.Now().Unix(), - "model": model, - "choices": []map[string]interface{}{}, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - - result, _ := json.Marshal(chunk) - return result -} - -// GenerateToolCallID generates a unique tool call ID in OpenAI format -func GenerateToolCallID(toolName string) string { - return fmt.Sprintf("call_%s_%d_%d", toolName[:min(8, len(toolName))], time.Now().UnixNano(), atomic.AddUint64(&functionCallIDCounter, 1)) -} - -// min returns the minimum of two integers -func min(a, b int) int { - if a < b { - return a - } - return b -} \ No newline at end of file diff --git a/internal/translator/kiro/openai/kiro_openai_stream.go b/internal/translator/kiro/openai/kiro_openai_stream.go deleted file mode 100644 index 55fb0f2596..0000000000 --- a/internal/translator/kiro/openai/kiro_openai_stream.go +++ /dev/null @@ -1,212 +0,0 @@ -// Package openai provides streaming SSE event building for OpenAI format. -// This package handles the construction of OpenAI-compatible Server-Sent Events (SSE) -// for streaming responses from Kiro API. -package openai - -import ( - "encoding/json" - "time" - - "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" -) - -// OpenAIStreamState tracks the state of streaming response conversion -type OpenAIStreamState struct { - ChunkIndex int - ToolCallIndex int - HasSentFirstChunk bool - Model string - ResponseID string - Created int64 -} - -// NewOpenAIStreamState creates a new stream state for tracking -func NewOpenAIStreamState(model string) *OpenAIStreamState { - return &OpenAIStreamState{ - ChunkIndex: 0, - ToolCallIndex: 0, - HasSentFirstChunk: false, - Model: model, - ResponseID: "chatcmpl-" + uuid.New().String()[:24], - Created: time.Now().Unix(), - } -} - -// FormatSSEEvent formats a JSON payload for SSE streaming. -// Note: This returns raw JSON data without "data:" prefix. -// The SSE "data:" prefix is added by the Handler layer (e.g., openai_handlers.go) -// to maintain architectural consistency and avoid double-prefix issues. -func FormatSSEEvent(data []byte) string { - return string(data) -} - -// BuildOpenAISSETextDelta creates an SSE event for text content delta -func BuildOpenAISSETextDelta(state *OpenAIStreamState, textDelta string) string { - delta := map[string]interface{}{ - "content": textDelta, - } - - // Include role in first chunk - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEToolCallStart creates an SSE event for tool call start -func BuildOpenAISSEToolCallStart(state *OpenAIStreamState, toolUseID, toolName string) string { - toolCall := map[string]interface{}{ - "index": state.ToolCallIndex, - "id": toolUseID, - "type": "function", - "function": map[string]interface{}{ - "name": toolName, - "arguments": "", - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - // Include role in first chunk if not sent yet - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEToolCallArgumentsDelta creates an SSE event for tool call arguments delta -func BuildOpenAISSEToolCallArgumentsDelta(state *OpenAIStreamState, argumentsDelta string, toolIndex int) string { - toolCall := map[string]interface{}{ - "index": toolIndex, - "function": map[string]interface{}{ - "arguments": argumentsDelta, - }, - } - - delta := map[string]interface{}{ - "tool_calls": []map[string]interface{}{toolCall}, - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEFinish creates an SSE event with finish_reason -func BuildOpenAISSEFinish(state *OpenAIStreamState, finishReason string) string { - chunk := buildBaseChunk(state, map[string]interface{}{}, &finishReason) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEUsage creates an SSE event with usage information -func BuildOpenAISSEUsage(state *OpenAIStreamState, usageInfo usage.Detail) string { - chunk := map[string]interface{}{ - "id": state.ResponseID, - "object": "chat.completion.chunk", - "created": state.Created, - "model": state.Model, - "choices": []map[string]interface{}{}, - "usage": map[string]interface{}{ - "prompt_tokens": usageInfo.InputTokens, - "completion_tokens": usageInfo.OutputTokens, - "total_tokens": usageInfo.InputTokens + usageInfo.OutputTokens, - }, - } - result, _ := json.Marshal(chunk) - return FormatSSEEvent(result) -} - -// BuildOpenAISSEDone creates the final [DONE] SSE event. -// Note: This returns raw "[DONE]" without "data:" prefix. -// The SSE "data:" prefix is added by the Handler layer (e.g., openai_handlers.go) -// to maintain architectural consistency and avoid double-prefix issues. -func BuildOpenAISSEDone() string { - return "[DONE]" -} - -// buildBaseChunk creates a base chunk structure for streaming -func buildBaseChunk(state *OpenAIStreamState, delta map[string]interface{}, finishReason *string) map[string]interface{} { - choice := map[string]interface{}{ - "index": 0, - "delta": delta, - } - - if finishReason != nil { - choice["finish_reason"] = *finishReason - } else { - choice["finish_reason"] = nil - } - - return map[string]interface{}{ - "id": state.ResponseID, - "object": "chat.completion.chunk", - "created": state.Created, - "model": state.Model, - "choices": []map[string]interface{}{choice}, - } -} - -// BuildOpenAISSEReasoningDelta creates an SSE event for reasoning content delta -// This is used for o1/o3 style models that expose reasoning tokens -func BuildOpenAISSEReasoningDelta(state *OpenAIStreamState, reasoningDelta string) string { - delta := map[string]interface{}{ - "reasoning_content": reasoningDelta, - } - - // Include role in first chunk - if !state.HasSentFirstChunk { - delta["role"] = "assistant" - state.HasSentFirstChunk = true - } - - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// BuildOpenAISSEFirstChunk creates the first chunk with role only -func BuildOpenAISSEFirstChunk(state *OpenAIStreamState) string { - delta := map[string]interface{}{ - "role": "assistant", - "content": "", - } - - state.HasSentFirstChunk = true - chunk := buildBaseChunk(state, delta, nil) - result, _ := json.Marshal(chunk) - state.ChunkIndex++ - return FormatSSEEvent(result) -} - -// ThinkingTagState tracks state for thinking tag detection in streaming -type ThinkingTagState struct { - InThinkingBlock bool - PendingStartChars int - PendingEndChars int -} - -// NewThinkingTagState creates a new thinking tag state -func NewThinkingTagState() *ThinkingTagState { - return &ThinkingTagState{ - InThinkingBlock: false, - PendingStartChars: 0, - PendingEndChars: 0, - } -} \ No newline at end of file diff --git a/internal/translator/openai/claude/init.go b/internal/translator/openai/claude/init.go deleted file mode 100644 index b8ac27705c..0000000000 --- a/internal/translator/openai/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Claude, - OpenAI, - ConvertClaudeRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToClaude, - NonStream: ConvertOpenAIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/internal/translator/openai/claude/openai_claude_request.go b/internal/translator/openai/claude/openai_claude_request.go deleted file mode 100644 index 488763995f..0000000000 --- a/internal/translator/openai/claude/openai_claude_request.go +++ /dev/null @@ -1,407 +0,0 @@ -// Package claude provides request translation functionality for Anthropic to OpenAI API. -// It handles parsing and transforming Anthropic API requests into OpenAI Chat Completions API format, -// extracting model information, system instructions, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Anthropic API format and OpenAI API's expected format. -package claude - -import ( - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertClaudeRequestToOpenAI parses and transforms an Anthropic API request into OpenAI Chat Completions API format. -// It extracts the model name, system instruction, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertClaudeRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI Chat Completions API template - out := `{"model":"","messages":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Model mapping - out, _ = sjson.Set(out, "model", modelName) - - // Max tokens - if maxTokens := root.Get("max_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Temperature - if temp := root.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } else if topP := root.Get("top_p"); topP.Exists() { // Top P - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Stop sequences -> stop - if stopSequences := root.Get("stop_sequences"); stopSequences.Exists() { - if stopSequences.IsArray() { - var stops []string - stopSequences.ForEach(func(_, value gjson.Result) bool { - stops = append(stops, value.String()) - return true - }) - if len(stops) > 0 { - if len(stops) == 1 { - out, _ = sjson.Set(out, "stop", stops[0]) - } else { - out, _ = sjson.Set(out, "stop", stops) - } - } - } - } - - // Stream - out, _ = sjson.Set(out, "stream", stream) - - // Thinking: Convert Claude thinking.budget_tokens to OpenAI reasoning_effort - if thinkingConfig := root.Get("thinking"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - if thinkingType := thinkingConfig.Get("type"); thinkingType.Exists() { - switch thinkingType.String() { - case "enabled": - if budgetTokens := thinkingConfig.Get("budget_tokens"); budgetTokens.Exists() { - budget := int(budgetTokens.Int()) - if effort, ok := thinking.ConvertBudgetToLevel(budget); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else { - // No budget_tokens specified, default to "auto" for enabled thinking - if effort, ok := thinking.ConvertBudgetToLevel(-1); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - case "adaptive": - // Claude adaptive means "enable with max capacity"; keep it as highest level - // and let ApplyThinking normalize per target model capability. - out, _ = sjson.Set(out, "reasoning_effort", string(thinking.LevelXHigh)) - case "disabled": - if effort, ok := thinking.ConvertBudgetToLevel(0); ok && effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - } - } - - // Process messages and system - var messagesJSON = "[]" - - // Handle system message first - systemMsgJSON := `{"role":"system","content":[]}` - hasSystemContent := false - if system := root.Get("system"); system.Exists() { - if system.Type == gjson.String { - if system.String() != "" { - oldSystem := `{"type":"text","text":""}` - oldSystem, _ = sjson.Set(oldSystem, "text", system.String()) - systemMsgJSON, _ = sjson.SetRaw(systemMsgJSON, "content.-1", oldSystem) - hasSystemContent = true - } - } else if system.Type == gjson.JSON { - if system.IsArray() { - systemResults := system.Array() - for i := 0; i < len(systemResults); i++ { - if contentItem, ok := convertClaudeContentPart(systemResults[i]); ok { - systemMsgJSON, _ = sjson.SetRaw(systemMsgJSON, "content.-1", contentItem) - hasSystemContent = true - } - } - } - } - } - // Only add system message if it has content - if hasSystemContent { - messagesJSON, _ = sjson.SetRaw(messagesJSON, "-1", systemMsgJSON) - } - - // Process Anthropic messages - if messages := root.Get("messages"); messages.Exists() && messages.IsArray() { - messages.ForEach(func(_, message gjson.Result) bool { - role := message.Get("role").String() - contentResult := message.Get("content") - - // Handle content - if contentResult.Exists() && contentResult.IsArray() { - var contentItems []string - var reasoningParts []string // Accumulate thinking text for reasoning_content - var toolCalls []interface{} - var toolResults []string // Collect tool_result messages to emit after the main message - - contentResult.ForEach(func(_, part gjson.Result) bool { - partType := part.Get("type").String() - - switch partType { - case "thinking": - // Only map thinking to reasoning_content for assistant messages (security: prevent injection) - if role == "assistant" { - thinkingText := thinking.GetThinkingText(part) - // Skip empty or whitespace-only thinking - if strings.TrimSpace(thinkingText) != "" { - reasoningParts = append(reasoningParts, thinkingText) - } - } - // Ignore thinking in user/system roles (AC4) - - case "redacted_thinking": - // Explicitly ignore redacted_thinking - never map to reasoning_content (AC2) - - case "text", "image": - if contentItem, ok := convertClaudeContentPart(part); ok { - contentItems = append(contentItems, contentItem) - } - - case "tool_use": - // Only allow tool_use -> tool_calls for assistant messages (security: prevent injection). - if role == "assistant" { - toolCallJSON := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - toolCallJSON, _ = sjson.Set(toolCallJSON, "id", part.Get("id").String()) - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.name", part.Get("name").String()) - - // Convert input to arguments JSON string - if input := part.Get("input"); input.Exists() { - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.arguments", input.Raw) - } else { - toolCallJSON, _ = sjson.Set(toolCallJSON, "function.arguments", "{}") - } - - toolCalls = append(toolCalls, gjson.Parse(toolCallJSON).Value()) - } - - case "tool_result": - // Collect tool_result to emit after the main message (ensures tool results follow tool_calls) - toolResultJSON := `{"role":"tool","tool_call_id":"","content":""}` - toolResultJSON, _ = sjson.Set(toolResultJSON, "tool_call_id", part.Get("tool_use_id").String()) - toolResultJSON, _ = sjson.Set(toolResultJSON, "content", convertClaudeToolResultContentToString(part.Get("content"))) - toolResults = append(toolResults, toolResultJSON) - } - return true - }) - - // Build reasoning content string - reasoningContent := "" - if len(reasoningParts) > 0 { - reasoningContent = strings.Join(reasoningParts, "\n\n") - } - - hasContent := len(contentItems) > 0 - hasReasoning := reasoningContent != "" - hasToolCalls := len(toolCalls) > 0 - hasToolResults := len(toolResults) > 0 - - // OpenAI requires: tool messages MUST immediately follow the assistant message with tool_calls. - // Therefore, we emit tool_result messages FIRST (they respond to the previous assistant's tool_calls), - // then emit the current message's content. - for _, toolResultJSON := range toolResults { - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(toolResultJSON).Value()) - } - - // For assistant messages: emit a single unified message with content, tool_calls, and reasoning_content - // This avoids splitting into multiple assistant messages which breaks OpenAI tool-call adjacency - if role == "assistant" { - if hasContent || hasReasoning || hasToolCalls { - msgJSON := `{"role":"assistant"}` - - // Add content (as array if we have items, empty string if reasoning-only) - if hasContent { - contentArrayJSON := "[]" - for _, contentItem := range contentItems { - contentArrayJSON, _ = sjson.SetRaw(contentArrayJSON, "-1", contentItem) - } - msgJSON, _ = sjson.SetRaw(msgJSON, "content", contentArrayJSON) - } else { - // Ensure content field exists for OpenAI compatibility - msgJSON, _ = sjson.Set(msgJSON, "content", "") - } - - // Add reasoning_content if present - if hasReasoning { - msgJSON, _ = sjson.Set(msgJSON, "reasoning_content", reasoningContent) - } - - // Add tool_calls if present (in same message as content) - if hasToolCalls { - msgJSON, _ = sjson.Set(msgJSON, "tool_calls", toolCalls) - } - - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - } else { - // For non-assistant roles: emit content message if we have content - // If the message only contains tool_results (no text/image), we still processed them above - if hasContent { - msgJSON := `{"role":""}` - msgJSON, _ = sjson.Set(msgJSON, "role", role) - - contentArrayJSON := "[]" - for _, contentItem := range contentItems { - contentArrayJSON, _ = sjson.SetRaw(contentArrayJSON, "-1", contentItem) - } - msgJSON, _ = sjson.SetRaw(msgJSON, "content", contentArrayJSON) - - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } else if hasToolResults && !hasContent { - // tool_results already emitted above, no additional user message needed - } - } - - } else if contentResult.Exists() && contentResult.Type == gjson.String { - // Simple string content - msgJSON := `{"role":"","content":""}` - msgJSON, _ = sjson.Set(msgJSON, "role", role) - msgJSON, _ = sjson.Set(msgJSON, "content", contentResult.String()) - messagesJSON, _ = sjson.Set(messagesJSON, "-1", gjson.Parse(msgJSON).Value()) - } - - return true - }) - } - - // Set messages - if gjson.Parse(messagesJSON).IsArray() && len(gjson.Parse(messagesJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "messages", messagesJSON) - } - - // Process tools - convert Anthropic tools to OpenAI functions - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var toolsJSON = "[]" - - tools.ForEach(func(_, tool gjson.Result) bool { - openAIToolJSON := `{"type":"function","function":{"name":"","description":""}}` - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.name", tool.Get("name").String()) - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.description", tool.Get("description").String()) - - // Convert Anthropic input_schema to OpenAI function parameters - if inputSchema := tool.Get("input_schema"); inputSchema.Exists() { - openAIToolJSON, _ = sjson.Set(openAIToolJSON, "function.parameters", inputSchema.Value()) - } - - toolsJSON, _ = sjson.Set(toolsJSON, "-1", gjson.Parse(openAIToolJSON).Value()) - return true - }) - - if gjson.Parse(toolsJSON).IsArray() && len(gjson.Parse(toolsJSON).Array()) > 0 { - out, _ = sjson.SetRaw(out, "tools", toolsJSON) - } - } - - // Tool choice mapping - convert Anthropic tool_choice to OpenAI format - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - switch toolChoice.Get("type").String() { - case "auto": - out, _ = sjson.Set(out, "tool_choice", "auto") - case "any": - out, _ = sjson.Set(out, "tool_choice", "required") - case "tool": - // Specific tool choice - toolName := toolChoice.Get("name").String() - toolChoiceJSON := `{"type":"function","function":{"name":""}}` - toolChoiceJSON, _ = sjson.Set(toolChoiceJSON, "function.name", toolName) - out, _ = sjson.SetRaw(out, "tool_choice", toolChoiceJSON) - default: - // Default to auto if not specified - out, _ = sjson.Set(out, "tool_choice", "auto") - } - } - - // Handle user parameter (for tracking) - if user := root.Get("user"); user.Exists() { - out, _ = sjson.Set(out, "user", user.String()) - } - - return []byte(out) -} - -func convertClaudeContentPart(part gjson.Result) (string, bool) { - partType := part.Get("type").String() - - switch partType { - case "text": - text := part.Get("text").String() - if strings.TrimSpace(text) == "" { - return "", false - } - textContent := `{"type":"text","text":""}` - textContent, _ = sjson.Set(textContent, "text", text) - return textContent, true - - case "image": - var imageURL string - - if source := part.Get("source"); source.Exists() { - sourceType := source.Get("type").String() - switch sourceType { - case "base64": - mediaType := source.Get("media_type").String() - if mediaType == "" { - mediaType = "application/octet-stream" - } - data := source.Get("data").String() - if data != "" { - imageURL = "data:" + mediaType + ";base64," + data - } - case "url": - imageURL = source.Get("url").String() - } - } - - if imageURL == "" { - imageURL = part.Get("url").String() - } - - if imageURL == "" { - return "", false - } - - imageContent := `{"type":"image_url","image_url":{"url":""}}` - imageContent, _ = sjson.Set(imageContent, "image_url.url", imageURL) - - return imageContent, true - - default: - return "", false - } -} - -func convertClaudeToolResultContentToString(content gjson.Result) string { - if !content.Exists() { - return "" - } - - if content.Type == gjson.String { - return content.String() - } - - if content.IsArray() { - var parts []string - content.ForEach(func(_, item gjson.Result) bool { - switch { - case item.Type == gjson.String: - parts = append(parts, item.String()) - case item.IsObject() && item.Get("text").Exists() && item.Get("text").Type == gjson.String: - parts = append(parts, item.Get("text").String()) - default: - parts = append(parts, item.Raw) - } - return true - }) - - joined := strings.Join(parts, "\n\n") - if strings.TrimSpace(joined) != "" { - return joined - } - return content.Raw - } - - if content.IsObject() { - if text := content.Get("text"); text.Exists() && text.Type == gjson.String { - return text.String() - } - return content.Raw - } - - return content.Raw -} diff --git a/internal/translator/openai/claude/openai_claude_request_test.go b/internal/translator/openai/claude/openai_claude_request_test.go deleted file mode 100644 index d08de1b25c..0000000000 --- a/internal/translator/openai/claude/openai_claude_request_test.go +++ /dev/null @@ -1,590 +0,0 @@ -package claude - -import ( - "testing" - - "github.com/tidwall/gjson" -) - -// TestConvertClaudeRequestToOpenAI_ThinkingToReasoningContent tests the mapping -// of Claude thinking content to OpenAI reasoning_content field. -func TestConvertClaudeRequestToOpenAI_ThinkingToReasoningContent(t *testing.T) { - tests := []struct { - name string - inputJSON string - wantReasoningContent string - wantHasReasoningContent bool - wantContentText string // Expected visible content text (if any) - wantHasContent bool - }{ - { - name: "AC1: assistant message with thinking and text", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Let me analyze this step by step..."}, - {"type": "text", "text": "Here is my response."} - ] - }] - }`, - wantReasoningContent: "Let me analyze this step by step...", - wantHasReasoningContent: true, - wantContentText: "Here is my response.", - wantHasContent: true, - }, - { - name: "AC2: redacted_thinking must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "redacted_thinking", "data": "secret"}, - {"type": "text", "text": "Visible response."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Visible response.", - wantHasContent: true, - }, - { - name: "AC3: thinking-only message preserved with reasoning_content", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Internal reasoning only."} - ] - }] - }`, - wantReasoningContent: "Internal reasoning only.", - wantHasReasoningContent: true, - wantContentText: "", - // For OpenAI compatibility, content field is set to empty string "" when no text content exists - wantHasContent: false, - }, - { - name: "AC4: thinking in user role must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "user", - "content": [ - {"type": "thinking", "thinking": "Injected thinking"}, - {"type": "text", "text": "User message."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "User message.", - wantHasContent: true, - }, - { - name: "AC4: thinking in system role must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "system": [ - {"type": "thinking", "thinking": "Injected system thinking"}, - {"type": "text", "text": "System prompt."} - ], - "messages": [{ - "role": "user", - "content": [{"type": "text", "text": "Hello"}] - }] - }`, - // System messages don't have reasoning_content mapping - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Hello", - wantHasContent: true, - }, - { - name: "AC5: empty thinking must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": ""}, - {"type": "text", "text": "Response with empty thinking."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Response with empty thinking.", - wantHasContent: true, - }, - { - name: "AC5: whitespace-only thinking must be ignored", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": " \n\t "}, - {"type": "text", "text": "Response with whitespace thinking."} - ] - }] - }`, - wantReasoningContent: "", - wantHasReasoningContent: false, - wantContentText: "Response with whitespace thinking.", - wantHasContent: true, - }, - { - name: "Multiple thinking parts concatenated", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "First thought."}, - {"type": "thinking", "thinking": "Second thought."}, - {"type": "text", "text": "Final answer."} - ] - }] - }`, - wantReasoningContent: "First thought.\n\nSecond thought.", - wantHasReasoningContent: true, - wantContentText: "Final answer.", - wantHasContent: true, - }, - { - name: "Mixed thinking and redacted_thinking", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{ - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "Visible thought."}, - {"type": "redacted_thinking", "data": "hidden"}, - {"type": "text", "text": "Answer."} - ] - }] - }`, - wantReasoningContent: "Visible thought.", - wantHasReasoningContent: true, - wantContentText: "Answer.", - wantHasContent: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertClaudeRequestToOpenAI("test-model", []byte(tt.inputJSON), false) - resultJSON := gjson.ParseBytes(result) - - // Find the relevant message - messages := resultJSON.Get("messages").Array() - if len(messages) < 1 { - if tt.wantHasReasoningContent || tt.wantHasContent { - t.Fatalf("Expected at least 1 message, got %d", len(messages)) - } - return - } - - // Check the last non-system message - var targetMsg gjson.Result - for i := len(messages) - 1; i >= 0; i-- { - if messages[i].Get("role").String() != "system" { - targetMsg = messages[i] - break - } - } - - // Check reasoning_content - gotReasoningContent := targetMsg.Get("reasoning_content").String() - gotHasReasoningContent := targetMsg.Get("reasoning_content").Exists() - - if gotHasReasoningContent != tt.wantHasReasoningContent { - t.Errorf("reasoning_content existence = %v, want %v", gotHasReasoningContent, tt.wantHasReasoningContent) - } - - if gotReasoningContent != tt.wantReasoningContent { - t.Errorf("reasoning_content = %q, want %q", gotReasoningContent, tt.wantReasoningContent) - } - - // Check content - content := targetMsg.Get("content") - // content has meaningful content if it's a non-empty array, or a non-empty string - var gotHasContent bool - switch { - case content.IsArray(): - gotHasContent = len(content.Array()) > 0 - case content.Type == gjson.String: - gotHasContent = content.String() != "" - default: - gotHasContent = false - } - - if gotHasContent != tt.wantHasContent { - t.Errorf("content existence = %v, want %v", gotHasContent, tt.wantHasContent) - } - - if tt.wantHasContent && tt.wantContentText != "" { - // Find text content - var foundText string - content.ForEach(func(_, v gjson.Result) bool { - if v.Get("type").String() == "text" { - foundText = v.Get("text").String() - return false - } - return true - }) - if foundText != tt.wantContentText { - t.Errorf("content text = %q, want %q", foundText, tt.wantContentText) - } - } - }) - } -} - -// TestConvertClaudeRequestToOpenAI_ThinkingOnlyMessagePreserved tests AC3: -// that a message with only thinking content is preserved (not dropped). -func TestConvertClaudeRequestToOpenAI_ThinkingOnlyMessagePreserved(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "user", - "content": [{"type": "text", "text": "What is 2+2?"}] - }, - { - "role": "assistant", - "content": [{"type": "thinking", "thinking": "Let me calculate: 2+2=4"}] - }, - { - "role": "user", - "content": [{"type": "text", "text": "Thanks"}] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - - messages := resultJSON.Get("messages").Array() - - // Should have: user + assistant (thinking-only) + user = 3 messages - if len(messages) != 3 { - t.Fatalf("Expected 3 messages, got %d. Messages: %v", len(messages), resultJSON.Get("messages").Raw) - } - - // Check the assistant message (index 1) has reasoning_content - assistantMsg := messages[1] - if assistantMsg.Get("role").String() != "assistant" { - t.Errorf("Expected message[1] to be assistant, got %s", assistantMsg.Get("role").String()) - } - - if !assistantMsg.Get("reasoning_content").Exists() { - t.Error("Expected assistant message to have reasoning_content") - } - - if assistantMsg.Get("reasoning_content").String() != "Let me calculate: 2+2=4" { - t.Errorf("Unexpected reasoning_content: %s", assistantMsg.Get("reasoning_content").String()) - } -} - -func TestConvertClaudeRequestToOpenAI_SystemMessageScenarios(t *testing.T) { - tests := []struct { - name string - inputJSON string - wantHasSys bool - wantSysText string - }{ - { - name: "No system field", - inputJSON: `{ - "model": "claude-3-opus", - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: false, - }, - { - name: "Empty string system field", - inputJSON: `{ - "model": "claude-3-opus", - "system": "", - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: false, - }, - { - name: "String system field", - inputJSON: `{ - "model": "claude-3-opus", - "system": "Be helpful", - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: true, - wantSysText: "Be helpful", - }, - { - name: "Array system field with text", - inputJSON: `{ - "model": "claude-3-opus", - "system": [{"type": "text", "text": "Array system"}], - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: true, - wantSysText: "Array system", - }, - { - name: "Array system field with multiple text blocks", - inputJSON: `{ - "model": "claude-3-opus", - "system": [ - {"type": "text", "text": "Block 1"}, - {"type": "text", "text": "Block 2"} - ], - "messages": [{"role": "user", "content": "hello"}] - }`, - wantHasSys: true, - wantSysText: "Block 2", // We will update the test logic to check all blocks or specifically the second one - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := ConvertClaudeRequestToOpenAI("test-model", []byte(tt.inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - hasSys := false - var sysMsg gjson.Result - if len(messages) > 0 && messages[0].Get("role").String() == "system" { - hasSys = true - sysMsg = messages[0] - } - - if hasSys != tt.wantHasSys { - t.Errorf("got hasSystem = %v, want %v", hasSys, tt.wantHasSys) - } - - if tt.wantHasSys { - // Check content - it could be string or array in OpenAI - content := sysMsg.Get("content") - var gotText string - if content.IsArray() { - arr := content.Array() - if len(arr) > 0 { - // Get the last element's text for validation - gotText = arr[len(arr)-1].Get("text").String() - } - } else { - gotText = content.String() - } - - if tt.wantSysText != "" && gotText != tt.wantSysText { - t.Errorf("got system text = %q, want %q", gotText, tt.wantSysText) - } - } - }) - } -} - -func TestConvertClaudeRequestToOpenAI_ToolResultOrderAndContent(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}} - ] - }, - { - "role": "user", - "content": [ - {"type": "text", "text": "before"}, - {"type": "tool_result", "tool_use_id": "call_1", "content": [{"type":"text","text":"tool ok"}]}, - {"type": "text", "text": "after"} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // OpenAI requires: tool messages MUST immediately follow assistant(tool_calls). - // Correct order: assistant(tool_calls) + tool(result) + user(before+after) - if len(messages) != 3 { - t.Fatalf("Expected 3 messages, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - if messages[0].Get("role").String() != "assistant" || !messages[0].Get("tool_calls").Exists() { - t.Fatalf("Expected messages[0] to be assistant tool_calls, got %s: %s", messages[0].Get("role").String(), messages[0].Raw) - } - - // tool message MUST immediately follow assistant(tool_calls) per OpenAI spec - if messages[1].Get("role").String() != "tool" { - t.Fatalf("Expected messages[1] to be tool (must follow tool_calls), got %s", messages[1].Get("role").String()) - } - if got := messages[1].Get("tool_call_id").String(); got != "call_1" { - t.Fatalf("Expected tool_call_id %q, got %q", "call_1", got) - } - if got := messages[1].Get("content").String(); got != "tool ok" { - t.Fatalf("Expected tool content %q, got %q", "tool ok", got) - } - - // User message comes after tool message - if messages[2].Get("role").String() != "user" { - t.Fatalf("Expected messages[2] to be user, got %s", messages[2].Get("role").String()) - } - // User message should contain both "before" and "after" text - if got := messages[2].Get("content.0.text").String(); got != "before" { - t.Fatalf("Expected user text[0] %q, got %q", "before", got) - } - if got := messages[2].Get("content.1.text").String(); got != "after" { - t.Fatalf("Expected user text[1] %q, got %q", "after", got) - } -} - -func TestConvertClaudeRequestToOpenAI_ToolResultObjectContent(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}} - ] - }, - { - "role": "user", - "content": [ - {"type": "tool_result", "tool_use_id": "call_1", "content": {"foo": "bar"}} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // assistant(tool_calls) + tool(result) - if len(messages) != 2 { - t.Fatalf("Expected 2 messages, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - if messages[1].Get("role").String() != "tool" { - t.Fatalf("Expected messages[1] to be tool, got %s", messages[1].Get("role").String()) - } - - toolContent := messages[1].Get("content").String() - parsed := gjson.Parse(toolContent) - if parsed.Get("foo").String() != "bar" { - t.Fatalf("Expected tool content JSON foo=bar, got %q", toolContent) - } -} - -func TestConvertClaudeRequestToOpenAI_AssistantTextToolUseTextOrder(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "text", "text": "pre"}, - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}}, - {"type": "text", "text": "post"} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // New behavior: content + tool_calls unified in single assistant message - // Expect: assistant(content[pre,post] + tool_calls) - if len(messages) != 1 { - t.Fatalf("Expected 1 message, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - assistantMsg := messages[0] - if assistantMsg.Get("role").String() != "assistant" { - t.Fatalf("Expected messages[0] to be assistant, got %s", assistantMsg.Get("role").String()) - } - - // Should have both content and tool_calls in same message - if !assistantMsg.Get("tool_calls").Exists() { - t.Fatalf("Expected assistant message to have tool_calls") - } - if got := assistantMsg.Get("tool_calls.0.id").String(); got != "call_1" { - t.Fatalf("Expected tool_call id %q, got %q", "call_1", got) - } - if got := assistantMsg.Get("tool_calls.0.function.name").String(); got != "do_work" { - t.Fatalf("Expected tool_call name %q, got %q", "do_work", got) - } - - // Content should have both pre and post text - if got := assistantMsg.Get("content.0.text").String(); got != "pre" { - t.Fatalf("Expected content[0] text %q, got %q", "pre", got) - } - if got := assistantMsg.Get("content.1.text").String(); got != "post" { - t.Fatalf("Expected content[1] text %q, got %q", "post", got) - } -} - -func TestConvertClaudeRequestToOpenAI_AssistantThinkingToolUseThinkingSplit(t *testing.T) { - inputJSON := `{ - "model": "claude-3-opus", - "messages": [ - { - "role": "assistant", - "content": [ - {"type": "thinking", "thinking": "t1"}, - {"type": "text", "text": "pre"}, - {"type": "tool_use", "id": "call_1", "name": "do_work", "input": {"a": 1}}, - {"type": "thinking", "thinking": "t2"}, - {"type": "text", "text": "post"} - ] - } - ] - }` - - result := ConvertClaudeRequestToOpenAI("test-model", []byte(inputJSON), false) - resultJSON := gjson.ParseBytes(result) - messages := resultJSON.Get("messages").Array() - - // New behavior: all content, thinking, and tool_calls unified in single assistant message - // Expect: assistant(content[pre,post] + tool_calls + reasoning_content[t1+t2]) - if len(messages) != 1 { - t.Fatalf("Expected 1 message, got %d. Messages: %s", len(messages), resultJSON.Get("messages").Raw) - } - - assistantMsg := messages[0] - if assistantMsg.Get("role").String() != "assistant" { - t.Fatalf("Expected messages[0] to be assistant, got %s", assistantMsg.Get("role").String()) - } - - // Should have content with both pre and post - if got := assistantMsg.Get("content.0.text").String(); got != "pre" { - t.Fatalf("Expected content[0] text %q, got %q", "pre", got) - } - if got := assistantMsg.Get("content.1.text").String(); got != "post" { - t.Fatalf("Expected content[1] text %q, got %q", "post", got) - } - - // Should have tool_calls - if !assistantMsg.Get("tool_calls").Exists() { - t.Fatalf("Expected assistant message to have tool_calls") - } - - // Should have combined reasoning_content from both thinking blocks - if got := assistantMsg.Get("reasoning_content").String(); got != "t1\n\nt2" { - t.Fatalf("Expected reasoning_content %q, got %q", "t1\n\nt2", got) - } -} diff --git a/internal/translator/openai/claude/openai_claude_response.go b/internal/translator/openai/claude/openai_claude_response.go deleted file mode 100644 index e270a57eeb..0000000000 --- a/internal/translator/openai/claude/openai_claude_response.go +++ /dev/null @@ -1,880 +0,0 @@ -// Package claude provides response translation functionality for OpenAI to Anthropic API. -// This package handles the conversion of OpenAI Chat Completions API responses into Anthropic API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Anthropic API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package claude - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var ( - dataTag = []byte("data:") -) - -// ConvertOpenAIResponseToAnthropicParams holds parameters for response conversion -type ConvertOpenAIResponseToAnthropicParams struct { - MessageID string - Model string - CreatedAt int64 - // Content accumulator for streaming - ContentAccumulator strings.Builder - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator - // Track if text content block has been started - TextContentBlockStarted bool - // Track if thinking content block has been started - ThinkingContentBlockStarted bool - // Track finish reason for later use - FinishReason string - // Track if content blocks have been stopped - ContentBlocksStopped bool - // Track if message_delta has been sent - MessageDeltaSent bool - // Track if message_start has been sent - MessageStarted bool - // Track if message_stop has been sent - MessageStopSent bool - // Tool call content block index mapping - ToolCallBlockIndexes map[int]int - // Index assigned to text content block - TextContentBlockIndex int - // Index assigned to thinking content block - ThinkingContentBlockIndex int - // Next available content block index - NextContentBlockIndex int -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertOpenAIResponseToClaude converts OpenAI streaming response format to Anthropic API format. -// This function processes OpenAI streaming chunks and transforms them into Anthropic-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Anthropic API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing an Anthropic-compatible JSON response. -func ConvertOpenAIResponseToClaude(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertOpenAIResponseToAnthropicParams{ - MessageID: "", - Model: "", - CreatedAt: 0, - ContentAccumulator: strings.Builder{}, - ToolCallsAccumulator: nil, - TextContentBlockStarted: false, - ThinkingContentBlockStarted: false, - FinishReason: "", - ContentBlocksStopped: false, - MessageDeltaSent: false, - ToolCallBlockIndexes: make(map[int]int), - TextContentBlockIndex: -1, - ThinkingContentBlockIndex: -1, - NextContentBlockIndex: 0, - } - } - - if !bytes.HasPrefix(rawJSON, dataTag) { - return []string{} - } - rawJSON = bytes.TrimSpace(rawJSON[5:]) - - // Check if this is the [DONE] marker - rawStr := strings.TrimSpace(string(rawJSON)) - if rawStr == "[DONE]" { - return convertOpenAIDoneToAnthropic((*param).(*ConvertOpenAIResponseToAnthropicParams)) - } - - streamResult := gjson.GetBytes(originalRequestRawJSON, "stream") - if !streamResult.Exists() || (streamResult.Exists() && streamResult.Type == gjson.False) { - return convertOpenAINonStreamingToAnthropic(rawJSON) - } else { - return convertOpenAIStreamingChunkToAnthropic(rawJSON, (*param).(*ConvertOpenAIResponseToAnthropicParams)) - } -} - -// convertOpenAIStreamingChunkToAnthropic converts OpenAI streaming chunk to Anthropic streaming events -func convertOpenAIStreamingChunkToAnthropic(rawJSON []byte, param *ConvertOpenAIResponseToAnthropicParams) []string { - root := gjson.ParseBytes(rawJSON) - var results []string - - // Initialize parameters if needed - if param.MessageID == "" { - param.MessageID = root.Get("id").String() - } - if param.Model == "" { - param.Model = root.Get("model").String() - } - if param.CreatedAt == 0 { - param.CreatedAt = root.Get("created").Int() - } - - // Helper to ensure message_start is sent before any content_block_start - // This is required by the Anthropic SSE protocol - message_start must come first. - // Some OpenAI-compatible providers (like GitHub Copilot) may not send role: "assistant" - // in the first chunk, so we need to emit message_start when we first see content. - ensureMessageStarted := func() { - if param.MessageStarted { - return - } - messageStart := map[string]interface{}{ - "type": "message_start", - "message": map[string]interface{}{ - "id": param.MessageID, - "type": "message", - "role": "assistant", - "model": param.Model, - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - }, - } - messageStartJSON, _ := json.Marshal(messageStart) - results = append(results, "event: message_start\ndata: "+string(messageStartJSON)+"\n\n") - param.MessageStarted = true - } - - // Check if this is the first chunk (has role) - if delta := root.Get("choices.0.delta"); delta.Exists() { - if role := delta.Get("role"); role.Exists() && role.String() == "assistant" && !param.MessageStarted { - // Send message_start event - ensureMessageStarted() - - // Don't send content_block_start for text here - wait for actual content - } - - // Handle reasoning content delta - if reasoning := delta.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range collectOpenAIReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - stopTextContentBlock(param, &results) - if !param.ThinkingContentBlockStarted { - ensureMessageStarted() // Must send message_start before content_block_start - if param.ThinkingContentBlockIndex == -1 { - param.ThinkingContentBlockIndex = param.NextContentBlockIndex - param.NextContentBlockIndex++ - } - contentBlockStart := map[string]interface{}{ - "type": "content_block_start", - "index": param.ThinkingContentBlockIndex, - "content_block": map[string]interface{}{ - "type": "thinking", - "thinking": "", - }, - } - contentBlockStartJSON, _ := json.Marshal(contentBlockStart) - results = append(results, "event: content_block_start\ndata: "+string(contentBlockStartJSON)+"\n\n") - param.ThinkingContentBlockStarted = true - } - - thinkingDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": param.ThinkingContentBlockIndex, - "delta": map[string]interface{}{ - "type": "thinking_delta", - "thinking": reasoningText, - }, - } - thinkingDeltaJSON, _ := json.Marshal(thinkingDelta) - results = append(results, "event: content_block_delta\ndata: "+string(thinkingDeltaJSON)+"\n\n") - } - } - - // Handle content delta - if content := delta.Get("content"); content.Exists() && content.String() != "" { - // Send content_block_start for text if not already sent - if !param.TextContentBlockStarted { - ensureMessageStarted() // Must send message_start before content_block_start - stopThinkingContentBlock(param, &results) - if param.TextContentBlockIndex == -1 { - param.TextContentBlockIndex = param.NextContentBlockIndex - param.NextContentBlockIndex++ - } - contentBlockStart := map[string]interface{}{ - "type": "content_block_start", - "index": param.TextContentBlockIndex, - "content_block": map[string]interface{}{ - "type": "text", - "text": "", - }, - } - contentBlockStartJSON, _ := json.Marshal(contentBlockStart) - results = append(results, "event: content_block_start\ndata: "+string(contentBlockStartJSON)+"\n\n") - param.TextContentBlockStarted = true - } - - contentDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": param.TextContentBlockIndex, - "delta": map[string]interface{}{ - "type": "text_delta", - "text": content.String(), - }, - } - contentDeltaJSON, _ := json.Marshal(contentDelta) - results = append(results, "event: content_block_delta\ndata: "+string(contentDeltaJSON)+"\n\n") - - // Accumulate content - param.ContentAccumulator.WriteString(content.String()) - } - - // Handle tool calls - if toolCalls := delta.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - if param.ToolCallsAccumulator == nil { - param.ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - index := int(toolCall.Get("index").Int()) - blockIndex := param.toolContentBlockIndex(index) - - // Initialize accumulator if needed - if _, exists := param.ToolCallsAccumulator[index]; !exists { - param.ToolCallsAccumulator[index] = &ToolCallAccumulator{} - } - - accumulator := param.ToolCallsAccumulator[index] - - // Handle tool call ID - if id := toolCall.Get("id"); id.Exists() { - accumulator.ID = id.String() - } - - // Handle function name - if function := toolCall.Get("function"); function.Exists() { - if name := function.Get("name"); name.Exists() { - accumulator.Name = name.String() - - ensureMessageStarted() // Must send message_start before content_block_start - - stopThinkingContentBlock(param, &results) - - stopTextContentBlock(param, &results) - - // Send content_block_start for tool_use - contentBlockStart := map[string]interface{}{ - "type": "content_block_start", - "index": blockIndex, - "content_block": map[string]interface{}{ - "type": "tool_use", - "id": accumulator.ID, - "name": accumulator.Name, - "input": map[string]interface{}{}, - }, - } - contentBlockStartJSON, _ := json.Marshal(contentBlockStart) - results = append(results, "event: content_block_start\ndata: "+string(contentBlockStartJSON)+"\n\n") - } - - // Handle function arguments - if args := function.Get("arguments"); args.Exists() { - argsText := args.String() - if argsText != "" { - accumulator.Arguments.WriteString(argsText) - } - } - } - - return true - }) - } - } - - // Handle finish_reason (but don't send message_delta/message_stop yet) - if finishReason := root.Get("choices.0.finish_reason"); finishReason.Exists() && finishReason.String() != "" { - reason := finishReason.String() - param.FinishReason = reason - - // Send content_block_stop for thinking content if needed - if param.ThinkingContentBlockStarted { - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.ThinkingContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 - } - - // Send content_block_stop for text if text content block was started - stopTextContentBlock(param, &results) - - // Send content_block_stop for any tool calls - if !param.ContentBlocksStopped { - for index := range param.ToolCallsAccumulator { - accumulator := param.ToolCallsAccumulator[index] - blockIndex := param.toolContentBlockIndex(index) - - // Send complete input_json_delta with all accumulated arguments - if accumulator.Arguments.Len() > 0 { - inputDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": blockIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": util.FixJSON(accumulator.Arguments.String()), - }, - } - inputDeltaJSON, _ := json.Marshal(inputDelta) - results = append(results, "event: content_block_delta\ndata: "+string(inputDeltaJSON)+"\n\n") - } - - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": blockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - delete(param.ToolCallBlockIndexes, index) - } - param.ContentBlocksStopped = true - } - - // Don't send message_delta here - wait for usage info or [DONE] - } - - // Handle usage information separately (this comes in a later chunk) - // Only process if usage has actual values (not null) - if param.FinishReason != "" { - usage := root.Get("usage") - var inputTokens, outputTokens int64 - if usage.Exists() && usage.Type != gjson.Null { - // Check if usage has actual token counts - promptTokens := usage.Get("prompt_tokens") - completionTokens := usage.Get("completion_tokens") - - if promptTokens.Exists() && completionTokens.Exists() { - inputTokens = promptTokens.Int() - outputTokens = completionTokens.Int() - } - } - // Send message_delta with usage - messageDelta := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": mapOpenAIFinishReasonToAnthropic(param.FinishReason), - "stop_sequence": nil, - }, - "usage": map[string]interface{}{ - "input_tokens": inputTokens, - "output_tokens": outputTokens, - }, - } - - messageDeltaJSON, _ := json.Marshal(messageDelta) - results = append(results, "event: message_delta\ndata: "+string(messageDeltaJSON)+"\n\n") - param.MessageDeltaSent = true - - emitMessageStopIfNeeded(param, &results) - - } - - return results -} - -// convertOpenAIDoneToAnthropic handles the [DONE] marker and sends final events -func convertOpenAIDoneToAnthropic(param *ConvertOpenAIResponseToAnthropicParams) []string { - var results []string - - // Ensure all content blocks are stopped before final events - if param.ThinkingContentBlockStarted { - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.ThinkingContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 - } - - stopTextContentBlock(param, &results) - - if !param.ContentBlocksStopped { - for index := range param.ToolCallsAccumulator { - accumulator := param.ToolCallsAccumulator[index] - blockIndex := param.toolContentBlockIndex(index) - - if accumulator.Arguments.Len() > 0 { - inputDelta := map[string]interface{}{ - "type": "content_block_delta", - "index": blockIndex, - "delta": map[string]interface{}{ - "type": "input_json_delta", - "partial_json": util.FixJSON(accumulator.Arguments.String()), - }, - } - inputDeltaJSON, _ := json.Marshal(inputDelta) - results = append(results, "event: content_block_delta\ndata: "+string(inputDeltaJSON)+"\n\n") - } - - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": blockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - results = append(results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - delete(param.ToolCallBlockIndexes, index) - } - param.ContentBlocksStopped = true - } - - // If we haven't sent message_delta yet (no usage info was received), send it now - if param.FinishReason != "" && !param.MessageDeltaSent { - messageDelta := map[string]interface{}{ - "type": "message_delta", - "delta": map[string]interface{}{ - "stop_reason": mapOpenAIFinishReasonToAnthropic(param.FinishReason), - "stop_sequence": nil, - }, - } - - messageDeltaJSON, _ := json.Marshal(messageDelta) - results = append(results, "event: message_delta\ndata: "+string(messageDeltaJSON)+"\n\n") - param.MessageDeltaSent = true - } - - emitMessageStopIfNeeded(param, &results) - - return results -} - -// convertOpenAINonStreamingToAnthropic converts OpenAI non-streaming response to Anthropic format -func convertOpenAINonStreamingToAnthropic(rawJSON []byte) []string { - root := gjson.ParseBytes(rawJSON) - - // Build Anthropic response - response := map[string]interface{}{ - "id": root.Get("id").String(), - "type": "message", - "role": "assistant", - "model": root.Get("model").String(), - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - } - - // Process message content and tool calls - var contentBlocks []interface{} - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choice := choices.Array()[0] // Take first choice - reasoningNode := choice.Get("message.reasoning_content") - allReasoning := collectOpenAIReasoningTexts(reasoningNode) - - for _, reasoningText := range allReasoning { - if reasoningText == "" { - continue - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "thinking", - "thinking": reasoningText, - }) - } - - // Handle text content - if content := choice.Get("message.content"); content.Exists() && content.String() != "" { - textBlock := map[string]interface{}{ - "type": "text", - "text": content.String(), - } - contentBlocks = append(contentBlocks, textBlock) - } - - // Handle tool calls - if toolCalls := choice.Get("message.tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - toolUseBlock := map[string]interface{}{ - "type": "tool_use", - "id": toolCall.Get("id").String(), - "name": toolCall.Get("function.name").String(), - } - - // Parse arguments - argsStr := toolCall.Get("function.arguments").String() - argsStr = util.FixJSON(argsStr) - if argsStr != "" { - var args interface{} - if err := json.Unmarshal([]byte(argsStr), &args); err == nil { - toolUseBlock["input"] = args - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - - contentBlocks = append(contentBlocks, toolUseBlock) - return true - }) - } - - // Set stop reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - response["stop_reason"] = mapOpenAIFinishReasonToAnthropic(finishReason.String()) - } - } - - response["content"] = contentBlocks - - // Set usage information - if usage := root.Get("usage"); usage.Exists() { - response["usage"] = map[string]interface{}{ - "input_tokens": usage.Get("prompt_tokens").Int(), - "output_tokens": usage.Get("completion_tokens").Int(), - "reasoning_tokens": func() int64 { - if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - return 0 - }(), - } - } else { - response["usage"] = map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - } - } - - responseJSON, _ := json.Marshal(response) - return []string{string(responseJSON)} -} - -// mapOpenAIFinishReasonToAnthropic maps OpenAI finish reasons to Anthropic equivalents -func mapOpenAIFinishReasonToAnthropic(openAIReason string) string { - switch openAIReason { - case "stop": - return "end_turn" - case "length": - return "max_tokens" - case "tool_calls": - return "tool_use" - case "content_filter": - return "end_turn" // Anthropic doesn't have direct equivalent - case "function_call": // Legacy OpenAI - return "tool_use" - default: - return "end_turn" - } -} - -func (p *ConvertOpenAIResponseToAnthropicParams) toolContentBlockIndex(openAIToolIndex int) int { - if idx, ok := p.ToolCallBlockIndexes[openAIToolIndex]; ok { - return idx - } - idx := p.NextContentBlockIndex - p.NextContentBlockIndex++ - p.ToolCallBlockIndexes[openAIToolIndex] = idx - return idx -} - -func collectOpenAIReasoningTexts(node gjson.Result) []string { - var texts []string - if !node.Exists() { - return texts - } - - if node.IsArray() { - node.ForEach(func(_, value gjson.Result) bool { - texts = append(texts, collectOpenAIReasoningTexts(value)...) - return true - }) - return texts - } - - switch node.Type { - case gjson.String: - if text := strings.TrimSpace(node.String()); text != "" { - texts = append(texts, text) - } - case gjson.JSON: - if text := node.Get("text"); text.Exists() { - if trimmed := strings.TrimSpace(text.String()); trimmed != "" { - texts = append(texts, trimmed) - } - } else if raw := strings.TrimSpace(node.Raw); raw != "" && !strings.HasPrefix(raw, "{") && !strings.HasPrefix(raw, "[") { - texts = append(texts, raw) - } - } - - return texts -} - -func stopThinkingContentBlock(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if !param.ThinkingContentBlockStarted { - return - } - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.ThinkingContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - *results = append(*results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.ThinkingContentBlockStarted = false - param.ThinkingContentBlockIndex = -1 -} - -func emitMessageStopIfNeeded(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if param.MessageStopSent { - return - } - *results = append(*results, "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n") - param.MessageStopSent = true -} - -func stopTextContentBlock(param *ConvertOpenAIResponseToAnthropicParams, results *[]string) { - if !param.TextContentBlockStarted { - return - } - contentBlockStop := map[string]interface{}{ - "type": "content_block_stop", - "index": param.TextContentBlockIndex, - } - contentBlockStopJSON, _ := json.Marshal(contentBlockStop) - *results = append(*results, "event: content_block_stop\ndata: "+string(contentBlockStopJSON)+"\n\n") - param.TextContentBlockStarted = false - param.TextContentBlockIndex = -1 -} - -// ConvertOpenAIResponseToClaudeNonStream converts a non-streaming OpenAI response to a non-streaming Anthropic response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: An Anthropic-compatible JSON response. -func ConvertOpenAIResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - _ = originalRequestRawJSON - _ = requestRawJSON - - root := gjson.ParseBytes(rawJSON) - - response := map[string]interface{}{ - "id": root.Get("id").String(), - "type": "message", - "role": "assistant", - "model": root.Get("model").String(), - "content": []interface{}{}, - "stop_reason": nil, - "stop_sequence": nil, - "usage": map[string]interface{}{ - "input_tokens": 0, - "output_tokens": 0, - }, - } - - contentBlocks := make([]interface{}, 0) - hasToolCall := false - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() && len(choices.Array()) > 0 { - choice := choices.Array()[0] - - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - response["stop_reason"] = mapOpenAIFinishReasonToAnthropic(finishReason.String()) - } - - if message := choice.Get("message"); message.Exists() { - if contentResult := message.Get("content"); contentResult.Exists() { - if contentResult.IsArray() { - var textBuilder strings.Builder - var thinkingBuilder strings.Builder - - flushText := func() { - if textBuilder.Len() == 0 { - return - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": textBuilder.String(), - }) - textBuilder.Reset() - } - - flushThinking := func() { - if thinkingBuilder.Len() == 0 { - return - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "thinking", - "thinking": thinkingBuilder.String(), - }) - thinkingBuilder.Reset() - } - - for _, item := range contentResult.Array() { - typeStr := item.Get("type").String() - switch typeStr { - case "text": - flushThinking() - textBuilder.WriteString(item.Get("text").String()) - case "tool_calls": - flushThinking() - flushText() - toolCalls := item.Get("tool_calls") - if toolCalls.IsArray() { - toolCalls.ForEach(func(_, tc gjson.Result) bool { - hasToolCall = true - toolUse := map[string]interface{}{ - "type": "tool_use", - "id": tc.Get("id").String(), - "name": tc.Get("function.name").String(), - } - - argsStr := util.FixJSON(tc.Get("function.arguments").String()) - if argsStr != "" { - var parsed interface{} - if err := json.Unmarshal([]byte(argsStr), &parsed); err == nil { - toolUse["input"] = parsed - } else { - toolUse["input"] = map[string]interface{}{} - } - } else { - toolUse["input"] = map[string]interface{}{} - } - - contentBlocks = append(contentBlocks, toolUse) - return true - }) - } - case "reasoning": - flushText() - if thinking := item.Get("text"); thinking.Exists() { - thinkingBuilder.WriteString(thinking.String()) - } - default: - flushThinking() - flushText() - } - } - - flushThinking() - flushText() - } else if contentResult.Type == gjson.String { - textContent := contentResult.String() - if textContent != "" { - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "text", - "text": textContent, - }) - } - } - } - - if reasoning := message.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range collectOpenAIReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - contentBlocks = append(contentBlocks, map[string]interface{}{ - "type": "thinking", - "thinking": reasoningText, - }) - } - } - - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - hasToolCall = true - toolUseBlock := map[string]interface{}{ - "type": "tool_use", - "id": toolCall.Get("id").String(), - "name": toolCall.Get("function.name").String(), - } - - argsStr := toolCall.Get("function.arguments").String() - argsStr = util.FixJSON(argsStr) - if argsStr != "" { - var args interface{} - if err := json.Unmarshal([]byte(argsStr), &args); err == nil { - toolUseBlock["input"] = args - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - } else { - toolUseBlock["input"] = map[string]interface{}{} - } - - contentBlocks = append(contentBlocks, toolUseBlock) - return true - }) - } - } - } - - response["content"] = contentBlocks - - if respUsage := root.Get("usage"); respUsage.Exists() { - usageJSON := `{}` - usageJSON, _ = sjson.Set(usageJSON, "input_tokens", respUsage.Get("prompt_tokens").Int()) - usageJSON, _ = sjson.Set(usageJSON, "output_tokens", respUsage.Get("completion_tokens").Int()) - parsedUsage := gjson.Parse(usageJSON).Value().(map[string]interface{}) - response["usage"] = parsedUsage - } else { - response["usage"] = `{"input_tokens":0,"output_tokens":0}` - } - - if response["stop_reason"] == nil { - if hasToolCall { - response["stop_reason"] = "tool_use" - } else { - response["stop_reason"] = "end_turn" - } - } - - if !hasToolCall { - if toolBlocks := response["content"].([]interface{}); len(toolBlocks) > 0 { - for _, block := range toolBlocks { - if m, ok := block.(map[string]interface{}); ok && m["type"] == "tool_use" { - hasToolCall = true - break - } - } - } - if hasToolCall { - response["stop_reason"] = "tool_use" - } - } - - responseJSON, err := json.Marshal(response) - if err != nil { - return "" - } - return string(responseJSON) -} - -func ClaudeTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"input_tokens":%d}`, count) -} diff --git a/internal/translator/openai/gemini-cli/init.go b/internal/translator/openai/gemini-cli/init.go deleted file mode 100644 index f1e620a3a2..0000000000 --- a/internal/translator/openai/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - GeminiCLI, - OpenAI, - ConvertGeminiCLIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGeminiCLI, - NonStream: ConvertOpenAIResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/internal/translator/openai/gemini-cli/openai_gemini_request.go b/internal/translator/openai/gemini-cli/openai_gemini_request.go deleted file mode 100644 index 07c2f84f74..0000000000 --- a/internal/translator/openai/gemini-cli/openai_gemini_request.go +++ /dev/null @@ -1,27 +0,0 @@ -// Package geminiCLI provides request translation functionality for Gemini to OpenAI API. -// It handles parsing and transforming Gemini API requests into OpenAI Chat Completions API format, -// extracting model information, generation config, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and OpenAI API's expected format. -package geminiCLI - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/gemini" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiCLIRequestToOpenAI parses and transforms a Gemini API request into OpenAI Chat Completions API format. -// It extracts the model name, generation config, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertGeminiCLIRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - rawJSON = []byte(gjson.GetBytes(rawJSON, "request").Raw) - rawJSON, _ = sjson.SetBytes(rawJSON, "model", modelName) - if gjson.GetBytes(rawJSON, "systemInstruction").Exists() { - rawJSON, _ = sjson.SetRawBytes(rawJSON, "system_instruction", []byte(gjson.GetBytes(rawJSON, "systemInstruction").Raw)) - rawJSON, _ = sjson.DeleteBytes(rawJSON, "systemInstruction") - } - - return ConvertGeminiRequestToOpenAI(modelName, rawJSON, stream) -} diff --git a/internal/translator/openai/gemini-cli/openai_gemini_response.go b/internal/translator/openai/gemini-cli/openai_gemini_response.go deleted file mode 100644 index 984e5309d2..0000000000 --- a/internal/translator/openai/gemini-cli/openai_gemini_response.go +++ /dev/null @@ -1,58 +0,0 @@ -// Package geminiCLI provides response translation functionality for OpenAI to Gemini API. -// This package handles the conversion of OpenAI Chat Completions API responses into Gemini API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package geminiCLI - -import ( - "context" - "fmt" - - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/openai/gemini" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponseToGeminiCLI converts OpenAI Chat Completions streaming response format to Gemini API format. -// This function processes OpenAI streaming chunks and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiCLI(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - outputs := ConvertOpenAIResponseToGemini(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - newOutputs := make([]string, 0) - for i := 0; i < len(outputs); i++ { - json := `{"response": {}}` - output, _ := sjson.SetRaw(json, "response", outputs[i]) - newOutputs = append(newOutputs, output) - } - return newOutputs -} - -// ConvertOpenAIResponseToGeminiCLINonStream converts a non-streaming OpenAI response to a non-streaming Gemini CLI response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiCLINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - strJSON := ConvertOpenAIResponseToGeminiNonStream(ctx, modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) - json := `{"response": {}}` - strJSON, _ = sjson.SetRaw(json, "response", strJSON) - return strJSON -} - -func GeminiCLITokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} diff --git a/internal/translator/openai/gemini/init.go b/internal/translator/openai/gemini/init.go deleted file mode 100644 index 9a789a92e0..0000000000 --- a/internal/translator/openai/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - Gemini, - OpenAI, - ConvertGeminiRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGemini, - NonStream: ConvertOpenAIResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/internal/translator/openai/gemini/openai_gemini_request.go b/internal/translator/openai/gemini/openai_gemini_request.go deleted file mode 100644 index 5ddc5db482..0000000000 --- a/internal/translator/openai/gemini/openai_gemini_request.go +++ /dev/null @@ -1,321 +0,0 @@ -// Package gemini provides request translation functionality for Gemini to OpenAI API. -// It handles parsing and transforming Gemini API requests into OpenAI Chat Completions API format, -// extracting model information, generation config, message contents, and tool declarations. -// The package performs JSON data transformation to ensure compatibility -// between Gemini API format and OpenAI API's expected format. -package gemini - -import ( - "crypto/rand" - "fmt" - "math/big" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/thinking" - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertGeminiRequestToOpenAI parses and transforms a Gemini API request into OpenAI Chat Completions API format. -// It extracts the model name, generation config, message contents, and tool declarations -// from the raw JSON request and returns them in the format expected by the OpenAI API. -func ConvertGeminiRequestToOpenAI(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI Chat Completions API template - out := `{"model":"","messages":[]}` - - root := gjson.ParseBytes(rawJSON) - - // Helper for generating tool call IDs in the form: call_ - genToolCallID := func() string { - const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - var b strings.Builder - // 24 chars random suffix - for i := 0; i < 24; i++ { - n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) - b.WriteByte(letters[n.Int64()]) - } - return "call_" + b.String() - } - - // Model mapping - out, _ = sjson.Set(out, "model", modelName) - - // Generation config mapping - if genConfig := root.Get("generationConfig"); genConfig.Exists() { - // Temperature - if temp := genConfig.Get("temperature"); temp.Exists() { - out, _ = sjson.Set(out, "temperature", temp.Float()) - } - - // Max tokens - if maxTokens := genConfig.Get("maxOutputTokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - // Top P - if topP := genConfig.Get("topP"); topP.Exists() { - out, _ = sjson.Set(out, "top_p", topP.Float()) - } - - // Top K (OpenAI doesn't have direct equivalent, but we can map it) - if topK := genConfig.Get("topK"); topK.Exists() { - // Store as custom parameter for potential use - out, _ = sjson.Set(out, "top_k", topK.Int()) - } - - // Stop sequences - if stopSequences := genConfig.Get("stopSequences"); stopSequences.Exists() && stopSequences.IsArray() { - var stops []string - stopSequences.ForEach(func(_, value gjson.Result) bool { - stops = append(stops, value.String()) - return true - }) - if len(stops) > 0 { - out, _ = sjson.Set(out, "stop", stops) - } - } - - // Candidate count (OpenAI 'n' parameter) - if candidateCount := genConfig.Get("candidateCount"); candidateCount.Exists() { - out, _ = sjson.Set(out, "n", candidateCount.Int()) - } - - // Map Gemini thinkingConfig to OpenAI reasoning_effort. - // Always perform conversion to support allowCompat models that may not be in registry. - // Note: Google official Python SDK sends snake_case fields (thinking_level/thinking_budget). - if thinkingConfig := genConfig.Get("thinkingConfig"); thinkingConfig.Exists() && thinkingConfig.IsObject() { - thinkingLevel := thinkingConfig.Get("thinkingLevel") - if !thinkingLevel.Exists() { - thinkingLevel = thinkingConfig.Get("thinking_level") - } - if thinkingLevel.Exists() { - effort := strings.ToLower(strings.TrimSpace(thinkingLevel.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } else { - thinkingBudget := thinkingConfig.Get("thinkingBudget") - if !thinkingBudget.Exists() { - thinkingBudget = thinkingConfig.Get("thinking_budget") - } - if thinkingBudget.Exists() { - if effort, ok := thinking.ConvertBudgetToLevel(int(thinkingBudget.Int())); ok { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - } - } - } - - // Stream parameter - out, _ = sjson.Set(out, "stream", stream) - - // Process contents (Gemini messages) -> OpenAI messages - var toolCallIDs []string // Track tool call IDs for matching with tool results - - // System instruction -> OpenAI system message - // Gemini may provide `systemInstruction` or `system_instruction`; support both keys. - systemInstruction := root.Get("systemInstruction") - if !systemInstruction.Exists() { - systemInstruction = root.Get("system_instruction") - } - if systemInstruction.Exists() { - parts := systemInstruction.Get("parts") - msg := `{"role":"system","content":[]}` - hasContent := false - - if parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Handle text parts - if text := part.Get("text"); text.Exists() { - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", text.String()) - msg, _ = sjson.SetRaw(msg, "content.-1", contentPart) - hasContent = true - } - - // Handle inline data (e.g., images) - if inlineData := part.Get("inlineData"); inlineData.Exists() { - mimeType := inlineData.Get("mimeType").String() - if mimeType == "" { - mimeType = "application/octet-stream" - } - data := inlineData.Get("data").String() - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - msg, _ = sjson.SetRaw(msg, "content.-1", contentPart) - hasContent = true - } - return true - }) - } - - if hasContent { - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - } - - if contents := root.Get("contents"); contents.Exists() && contents.IsArray() { - contents.ForEach(func(_, content gjson.Result) bool { - role := content.Get("role").String() - parts := content.Get("parts") - - // Convert role: model -> assistant - if role == "model" { - role = "assistant" - } - - msg := `{"role":"","content":""}` - msg, _ = sjson.Set(msg, "role", role) - - var textBuilder strings.Builder - contentWrapper := `{"arr":[]}` - contentPartsCount := 0 - onlyTextContent := true - toolCallsWrapper := `{"arr":[]}` - toolCallsCount := 0 - - if parts.Exists() && parts.IsArray() { - parts.ForEach(func(_, part gjson.Result) bool { - // Handle text parts - if text := part.Get("text"); text.Exists() { - formattedText := text.String() - textBuilder.WriteString(formattedText) - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", formattedText) - contentWrapper, _ = sjson.SetRaw(contentWrapper, "arr.-1", contentPart) - contentPartsCount++ - } - - // Handle inline data (e.g., images) - if inlineData := part.Get("inlineData"); inlineData.Exists() { - onlyTextContent = false - - mimeType := inlineData.Get("mimeType").String() - if mimeType == "" { - mimeType = "application/octet-stream" - } - data := inlineData.Get("data").String() - imageURL := fmt.Sprintf("data:%s;base64,%s", mimeType, data) - - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - contentWrapper, _ = sjson.SetRaw(contentWrapper, "arr.-1", contentPart) - contentPartsCount++ - } - - // Handle function calls (Gemini) -> tool calls (OpenAI) - if functionCall := part.Get("functionCall"); functionCall.Exists() { - toolCallID := genToolCallID() - toolCallIDs = append(toolCallIDs, toolCallID) - - toolCall := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - toolCall, _ = sjson.Set(toolCall, "id", toolCallID) - toolCall, _ = sjson.Set(toolCall, "function.name", functionCall.Get("name").String()) - - // Convert args to arguments JSON string - if args := functionCall.Get("args"); args.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.arguments", args.Raw) - } else { - toolCall, _ = sjson.Set(toolCall, "function.arguments", "{}") - } - - toolCallsWrapper, _ = sjson.SetRaw(toolCallsWrapper, "arr.-1", toolCall) - toolCallsCount++ - } - - // Handle function responses (Gemini) -> tool role messages (OpenAI) - if functionResponse := part.Get("functionResponse"); functionResponse.Exists() { - // Create tool message for function response - toolMsg := `{"role":"tool","tool_call_id":"","content":""}` - - // Convert response.content to JSON string - if response := functionResponse.Get("response"); response.Exists() { - if contentField := response.Get("content"); contentField.Exists() { - toolMsg, _ = sjson.Set(toolMsg, "content", contentField.Raw) - } else { - toolMsg, _ = sjson.Set(toolMsg, "content", response.Raw) - } - } - - // Try to match with previous tool call ID - _ = functionResponse.Get("name").String() // functionName not used for now - if len(toolCallIDs) > 0 { - // Use the last tool call ID (simple matching by function name) - // In a real implementation, you might want more sophisticated matching - toolMsg, _ = sjson.Set(toolMsg, "tool_call_id", toolCallIDs[len(toolCallIDs)-1]) - } else { - // Generate a tool call ID if none available - toolMsg, _ = sjson.Set(toolMsg, "tool_call_id", genToolCallID()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", toolMsg) - } - - return true - }) - } - - // Set content - if contentPartsCount > 0 { - if onlyTextContent { - msg, _ = sjson.Set(msg, "content", textBuilder.String()) - } else { - msg, _ = sjson.SetRaw(msg, "content", gjson.Get(contentWrapper, "arr").Raw) - } - } - - // Set tool calls if any - if toolCallsCount > 0 { - msg, _ = sjson.SetRaw(msg, "tool_calls", gjson.Get(toolCallsWrapper, "arr").Raw) - } - - out, _ = sjson.SetRaw(out, "messages.-1", msg) - return true - }) - } - - // Tools mapping: Gemini tools -> OpenAI tools - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - tools.ForEach(func(_, tool gjson.Result) bool { - if functionDeclarations := tool.Get("functionDeclarations"); functionDeclarations.Exists() && functionDeclarations.IsArray() { - functionDeclarations.ForEach(func(_, funcDecl gjson.Result) bool { - openAITool := `{"type":"function","function":{"name":"","description":""}}` - openAITool, _ = sjson.Set(openAITool, "function.name", funcDecl.Get("name").String()) - openAITool, _ = sjson.Set(openAITool, "function.description", funcDecl.Get("description").String()) - - // Convert parameters schema - if parameters := funcDecl.Get("parameters"); parameters.Exists() { - openAITool, _ = sjson.SetRaw(openAITool, "function.parameters", parameters.Raw) - } else if parameters := funcDecl.Get("parametersJsonSchema"); parameters.Exists() { - openAITool, _ = sjson.SetRaw(openAITool, "function.parameters", parameters.Raw) - } - - out, _ = sjson.SetRaw(out, "tools.-1", openAITool) - return true - }) - } - return true - }) - } - - // Tool choice mapping (Gemini doesn't have direct equivalent, but we can handle it) - if toolConfig := root.Get("toolConfig"); toolConfig.Exists() { - if functionCallingConfig := toolConfig.Get("functionCallingConfig"); functionCallingConfig.Exists() { - mode := functionCallingConfig.Get("mode").String() - switch mode { - case "NONE": - out, _ = sjson.Set(out, "tool_choice", "none") - case "AUTO": - out, _ = sjson.Set(out, "tool_choice", "auto") - case "ANY": - out, _ = sjson.Set(out, "tool_choice", "required") - } - } - } - - return []byte(out) -} diff --git a/internal/translator/openai/gemini/openai_gemini_response.go b/internal/translator/openai/gemini/openai_gemini_response.go deleted file mode 100644 index 040f805ce8..0000000000 --- a/internal/translator/openai/gemini/openai_gemini_response.go +++ /dev/null @@ -1,665 +0,0 @@ -// Package gemini provides response translation functionality for OpenAI to Gemini API. -// This package handles the conversion of OpenAI Chat Completions API responses into Gemini API-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by Gemini API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, and usage metadata appropriately. -package gemini - -import ( - "bytes" - "context" - "fmt" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponseToGeminiParams holds parameters for response conversion -type ConvertOpenAIResponseToGeminiParams struct { - // Tool calls accumulator for streaming - ToolCallsAccumulator map[int]*ToolCallAccumulator - // Content accumulator for streaming - ContentAccumulator strings.Builder - // Track if this is the first chunk - IsFirstChunk bool -} - -// ToolCallAccumulator holds the state for accumulating tool call data -type ToolCallAccumulator struct { - ID string - Name string - Arguments strings.Builder -} - -// ConvertOpenAIResponseToGemini converts OpenAI Chat Completions streaming response format to Gemini API format. -// This function processes OpenAI streaming chunks and transforms them into Gemini-compatible JSON responses. -// It handles text content, tool calls, and usage metadata, outputting responses that match the Gemini API format. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - []string: A slice of strings, each containing a Gemini-compatible JSON response. -func ConvertOpenAIResponseToGemini(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &ConvertOpenAIResponseToGeminiParams{ - ToolCallsAccumulator: nil, - ContentAccumulator: strings.Builder{}, - IsFirstChunk: false, - } - } - - // Handle [DONE] marker - if strings.TrimSpace(string(rawJSON)) == "[DONE]" { - return []string{} - } - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - root := gjson.ParseBytes(rawJSON) - - // Initialize accumulators if needed - if (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator == nil { - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - // Process choices - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - // Handle empty choices array (usage-only chunk) - if len(choices.Array()) == 0 { - // This is a usage-only chunk, handle usage and return - if usage := root.Get("usage"); usage.Exists() { - template := `{"candidates":[],"usageMetadata":{}}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - template, _ = sjson.Set(template, "model", model.String()) - } - - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - return []string{template} - } - return []string{} - } - - var results []string - - choices.ForEach(func(choiceIndex, choice gjson.Result) bool { - // Base Gemini response template without finishReason; set when known - template := `{"candidates":[{"content":{"parts":[],"role":"model"},"index":0}]}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - template, _ = sjson.Set(template, "model", model.String()) - } - - _ = int(choice.Get("index").Int()) // choiceIdx not used in streaming - delta := choice.Get("delta") - baseTemplate := template - - // Handle role (only in first chunk) - if role := delta.Get("role"); role.Exists() && (*param).(*ConvertOpenAIResponseToGeminiParams).IsFirstChunk { - // OpenAI assistant -> Gemini model - if role.String() == "assistant" { - template, _ = sjson.Set(template, "candidates.0.content.role", "model") - } - (*param).(*ConvertOpenAIResponseToGeminiParams).IsFirstChunk = false - results = append(results, template) - return true - } - - var chunkOutputs []string - - // Handle reasoning/thinking delta - if reasoning := delta.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range extractReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - reasoningTemplate := baseTemplate - reasoningTemplate, _ = sjson.Set(reasoningTemplate, "candidates.0.content.parts.0.thought", true) - reasoningTemplate, _ = sjson.Set(reasoningTemplate, "candidates.0.content.parts.0.text", reasoningText) - chunkOutputs = append(chunkOutputs, reasoningTemplate) - } - } - - // Handle content delta - if content := delta.Get("content"); content.Exists() && content.String() != "" { - contentText := content.String() - (*param).(*ConvertOpenAIResponseToGeminiParams).ContentAccumulator.WriteString(contentText) - - // Create text part for this delta - contentTemplate := baseTemplate - contentTemplate, _ = sjson.Set(contentTemplate, "candidates.0.content.parts.0.text", contentText) - chunkOutputs = append(chunkOutputs, contentTemplate) - } - - if len(chunkOutputs) > 0 { - results = append(results, chunkOutputs...) - return true - } - - // Handle tool calls delta - if toolCalls := delta.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - toolIndex := int(toolCall.Get("index").Int()) - toolID := toolCall.Get("id").String() - toolType := toolCall.Get("type").String() - function := toolCall.Get("function") - - // Skip non-function tool calls explicitly marked as other types. - if toolType != "" && toolType != "function" { - return true - } - - // OpenAI streaming deltas may omit the type field while still carrying function data. - if !function.Exists() { - return true - } - - functionName := function.Get("name").String() - functionArgs := function.Get("arguments").String() - - // Initialize accumulator if needed so later deltas without type can append arguments. - if _, exists := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex]; !exists { - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] = &ToolCallAccumulator{ - ID: toolID, - Name: functionName, - } - } - - acc := (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator[toolIndex] - - // Update ID if provided - if toolID != "" { - acc.ID = toolID - } - - // Update name if provided - if functionName != "" { - acc.Name = functionName - } - - // Accumulate arguments - if functionArgs != "" { - acc.Arguments.WriteString(functionArgs) - } - - return true - }) - - // Don't output anything for tool call deltas - wait for completion - return true - } - - // Handle finish reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - geminiFinishReason := mapOpenAIFinishReasonToGemini(finishReason.String()) - template, _ = sjson.Set(template, "candidates.0.finishReason", geminiFinishReason) - - // If we have accumulated tool calls, output them now - if len((*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator) > 0 { - partIndex := 0 - for _, accumulator := range (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator { - namePath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.name", partIndex) - argsPath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.args", partIndex) - template, _ = sjson.Set(template, namePath, accumulator.Name) - template, _ = sjson.SetRaw(template, argsPath, parseArgsToObjectRaw(accumulator.Arguments.String())) - partIndex++ - } - - // Clear accumulators - (*param).(*ConvertOpenAIResponseToGeminiParams).ToolCallsAccumulator = make(map[int]*ToolCallAccumulator) - } - - results = append(results, template) - return true - } - - // Handle usage information - if usage := root.Get("usage"); usage.Exists() { - template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - template, _ = sjson.Set(template, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - results = append(results, template) - return true - } - - return true - }) - return results - } - return []string{} -} - -// mapOpenAIFinishReasonToGemini maps OpenAI finish reasons to Gemini finish reasons -func mapOpenAIFinishReasonToGemini(openAIReason string) string { - switch openAIReason { - case "stop": - return "STOP" - case "length": - return "MAX_TOKENS" - case "tool_calls": - return "STOP" // Gemini doesn't have a specific tool_calls finish reason - case "content_filter": - return "SAFETY" - default: - return "STOP" - } -} - -// parseArgsToObjectRaw safely parses a JSON string of function arguments into an object JSON string. -// It returns "{}" if the input is empty or cannot be parsed as a JSON object. -func parseArgsToObjectRaw(argsStr string) string { - trimmed := strings.TrimSpace(argsStr) - if trimmed == "" || trimmed == "{}" { - return "{}" - } - - // First try strict JSON - if gjson.Valid(trimmed) { - strict := gjson.Parse(trimmed) - if strict.IsObject() { - return strict.Raw - } - } - - // Tolerant parse: handle streams where values are barewords (e.g., 北京, celsius) - tolerant := tolerantParseJSONObjectRaw(trimmed) - if tolerant != "{}" { - return tolerant - } - - // Fallback: return empty object when parsing fails - return "{}" -} - -func escapeSjsonPathKey(key string) string { - key = strings.ReplaceAll(key, `\`, `\\`) - key = strings.ReplaceAll(key, `.`, `\.`) - return key -} - -// tolerantParseJSONObjectRaw attempts to parse a JSON-like object string into a JSON object string, tolerating -// bareword values (unquoted strings) commonly seen during streamed tool calls. -// Example input: {"location": 北京, "unit": celsius} -func tolerantParseJSONObjectRaw(s string) string { - // Ensure we operate within the outermost braces if present - start := strings.Index(s, "{") - end := strings.LastIndex(s, "}") - if start == -1 || end == -1 || start >= end { - return "{}" - } - content := s[start+1 : end] - - runes := []rune(content) - n := len(runes) - i := 0 - result := "{}" - - for i < n { - // Skip whitespace and commas - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t' || runes[i] == ',') { - i++ - } - if i >= n { - break - } - - // Expect quoted key - if runes[i] != '"' { - // Unable to parse this segment reliably; skip to next comma - for i < n && runes[i] != ',' { - i++ - } - continue - } - - // Parse JSON string for key - keyToken, nextIdx := parseJSONStringRunes(runes, i) - if nextIdx == -1 { - break - } - keyName := jsonStringTokenToRawString(keyToken) - sjsonKey := escapeSjsonPathKey(keyName) - i = nextIdx - - // Skip whitespace - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i >= n || runes[i] != ':' { - break - } - i++ // skip ':' - // Skip whitespace - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i >= n { - break - } - - // Parse value (string, number, object/array, bareword) - switch runes[i] { - case '"': - // JSON string - valToken, ni := parseJSONStringRunes(runes, i) - if ni == -1 { - // Malformed; treat as empty string - result, _ = sjson.Set(result, sjsonKey, "") - i = n - } else { - result, _ = sjson.Set(result, sjsonKey, jsonStringTokenToRawString(valToken)) - i = ni - } - case '{', '[': - // Bracketed value: attempt to capture balanced structure - seg, ni := captureBracketed(runes, i) - if ni == -1 { - i = n - } else { - if gjson.Valid(seg) { - result, _ = sjson.SetRaw(result, sjsonKey, seg) - } else { - result, _ = sjson.Set(result, sjsonKey, seg) - } - i = ni - } - default: - // Bare token until next comma or end - j := i - for j < n && runes[j] != ',' { - j++ - } - token := strings.TrimSpace(string(runes[i:j])) - // Interpret common JSON atoms and numbers; otherwise treat as string - if token == "true" { - result, _ = sjson.Set(result, sjsonKey, true) - } else if token == "false" { - result, _ = sjson.Set(result, sjsonKey, false) - } else if token == "null" { - result, _ = sjson.Set(result, sjsonKey, nil) - } else if numVal, ok := tryParseNumber(token); ok { - result, _ = sjson.Set(result, sjsonKey, numVal) - } else { - result, _ = sjson.Set(result, sjsonKey, token) - } - i = j - } - - // Skip trailing whitespace and optional comma before next pair - for i < n && (runes[i] == ' ' || runes[i] == '\n' || runes[i] == '\r' || runes[i] == '\t') { - i++ - } - if i < n && runes[i] == ',' { - i++ - } - } - - return result -} - -// parseJSONStringRunes returns the JSON string token (including quotes) and the index just after it. -func parseJSONStringRunes(runes []rune, start int) (string, int) { - if start >= len(runes) || runes[start] != '"' { - return "", -1 - } - i := start + 1 - escaped := false - for i < len(runes) { - r := runes[i] - if r == '\\' && !escaped { - escaped = true - i++ - continue - } - if r == '"' && !escaped { - return string(runes[start : i+1]), i + 1 - } - escaped = false - i++ - } - return string(runes[start:]), -1 -} - -// jsonStringTokenToRawString converts a JSON string token (including quotes) to a raw Go string value. -func jsonStringTokenToRawString(token string) string { - r := gjson.Parse(token) - if r.Type == gjson.String { - return r.String() - } - // Fallback: strip surrounding quotes if present - if len(token) >= 2 && token[0] == '"' && token[len(token)-1] == '"' { - return token[1 : len(token)-1] - } - return token -} - -// captureBracketed captures a balanced JSON object/array starting at index i. -// Returns the segment string and the index just after it; -1 if malformed. -func captureBracketed(runes []rune, i int) (string, int) { - if i >= len(runes) { - return "", -1 - } - startRune := runes[i] - var endRune rune - if startRune == '{' { - endRune = '}' - } else if startRune == '[' { - endRune = ']' - } else { - return "", -1 - } - depth := 0 - j := i - inStr := false - escaped := false - for j < len(runes) { - r := runes[j] - if inStr { - if r == '\\' && !escaped { - escaped = true - j++ - continue - } - if r == '"' && !escaped { - inStr = false - } else { - escaped = false - } - j++ - continue - } - if r == '"' { - inStr = true - j++ - continue - } - if r == startRune { - depth++ - } else if r == endRune { - depth-- - if depth == 0 { - return string(runes[i : j+1]), j + 1 - } - } - j++ - } - return string(runes[i:]), -1 -} - -// tryParseNumber attempts to parse a string as an int or float. -func tryParseNumber(s string) (interface{}, bool) { - if s == "" { - return nil, false - } - // Try integer - if i64, errParseInt := strconv.ParseInt(s, 10, 64); errParseInt == nil { - return i64, true - } - if u64, errParseUInt := strconv.ParseUint(s, 10, 64); errParseUInt == nil { - return u64, true - } - if f64, errParseFloat := strconv.ParseFloat(s, 64); errParseFloat == nil { - return f64, true - } - return nil, false -} - -// ConvertOpenAIResponseToGeminiNonStream converts a non-streaming OpenAI response to a non-streaming Gemini response. -// -// Parameters: -// - ctx: The context for the request. -// - modelName: The name of the model. -// - rawJSON: The raw JSON response from the OpenAI API. -// - param: A pointer to a parameter object for the conversion. -// -// Returns: -// - string: A Gemini-compatible JSON response. -func ConvertOpenAIResponseToGeminiNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - - // Base Gemini response template without finishReason; set when known - out := `{"candidates":[{"content":{"parts":[],"role":"model"},"index":0}]}` - - // Set model if available - if model := root.Get("model"); model.Exists() { - out, _ = sjson.Set(out, "model", model.String()) - } - - // Process choices - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(choiceIndex, choice gjson.Result) bool { - choiceIdx := int(choice.Get("index").Int()) - message := choice.Get("message") - - // Set role - if role := message.Get("role"); role.Exists() { - if role.String() == "assistant" { - out, _ = sjson.Set(out, "candidates.0.content.role", "model") - } - } - - partIndex := 0 - - // Handle reasoning content before visible text - if reasoning := message.Get("reasoning_content"); reasoning.Exists() { - for _, reasoningText := range extractReasoningTexts(reasoning) { - if reasoningText == "" { - continue - } - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.thought", partIndex), true) - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.text", partIndex), reasoningText) - partIndex++ - } - } - - // Handle content first - if content := message.Get("content"); content.Exists() && content.String() != "" { - out, _ = sjson.Set(out, fmt.Sprintf("candidates.0.content.parts.%d.text", partIndex), content.String()) - partIndex++ - } - - // Handle tool calls - if toolCalls := message.Get("tool_calls"); toolCalls.Exists() && toolCalls.IsArray() { - toolCalls.ForEach(func(_, toolCall gjson.Result) bool { - if toolCall.Get("type").String() == "function" { - function := toolCall.Get("function") - functionName := function.Get("name").String() - functionArgs := function.Get("arguments").String() - - namePath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.name", partIndex) - argsPath := fmt.Sprintf("candidates.0.content.parts.%d.functionCall.args", partIndex) - out, _ = sjson.Set(out, namePath, functionName) - out, _ = sjson.SetRaw(out, argsPath, parseArgsToObjectRaw(functionArgs)) - partIndex++ - } - return true - }) - } - - // Handle finish reason - if finishReason := choice.Get("finish_reason"); finishReason.Exists() { - geminiFinishReason := mapOpenAIFinishReasonToGemini(finishReason.String()) - out, _ = sjson.Set(out, "candidates.0.finishReason", geminiFinishReason) - } - - // Set index - out, _ = sjson.Set(out, "candidates.0.index", choiceIdx) - - return true - }) - } - - // Handle usage information - if usage := root.Get("usage"); usage.Exists() { - out, _ = sjson.Set(out, "usageMetadata.promptTokenCount", usage.Get("prompt_tokens").Int()) - out, _ = sjson.Set(out, "usageMetadata.candidatesTokenCount", usage.Get("completion_tokens").Int()) - out, _ = sjson.Set(out, "usageMetadata.totalTokenCount", usage.Get("total_tokens").Int()) - if reasoningTokens := reasoningTokensFromUsage(usage); reasoningTokens > 0 { - out, _ = sjson.Set(out, "usageMetadata.thoughtsTokenCount", reasoningTokens) - } - } - - return out -} - -func GeminiTokenCount(ctx context.Context, count int64) string { - return fmt.Sprintf(`{"totalTokens":%d,"promptTokensDetails":[{"modality":"TEXT","tokenCount":%d}]}`, count, count) -} - -func reasoningTokensFromUsage(usage gjson.Result) int64 { - if usage.Exists() { - if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() { - return v.Int() - } - } - return 0 -} - -func extractReasoningTexts(node gjson.Result) []string { - var texts []string - if !node.Exists() { - return texts - } - - if node.IsArray() { - node.ForEach(func(_, value gjson.Result) bool { - texts = append(texts, extractReasoningTexts(value)...) - return true - }) - return texts - } - - switch node.Type { - case gjson.String: - texts = append(texts, node.String()) - case gjson.JSON: - if text := node.Get("text"); text.Exists() { - texts = append(texts, text.String()) - } else if raw := strings.TrimSpace(node.Raw); raw != "" && !strings.HasPrefix(raw, "{") && !strings.HasPrefix(raw, "[") { - texts = append(texts, raw) - } - } - - return texts -} diff --git a/internal/translator/openai/openai/chat-completions/init.go b/internal/translator/openai/openai/chat-completions/init.go deleted file mode 100644 index 58b52f5cdb..0000000000 --- a/internal/translator/openai/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenAI, - OpenAI, - ConvertOpenAIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToOpenAI, - NonStream: ConvertOpenAIResponseToOpenAINonStream, - }, - ) -} diff --git a/internal/translator/openai/openai/chat-completions/openai_openai_request.go b/internal/translator/openai/openai/chat-completions/openai_openai_request.go deleted file mode 100644 index a74cded6c7..0000000000 --- a/internal/translator/openai/openai/chat-completions/openai_openai_request.go +++ /dev/null @@ -1,30 +0,0 @@ -// Package openai provides request translation functionality for OpenAI to Gemini CLI API compatibility. -// It converts OpenAI Chat Completions requests into Gemini CLI compatible JSON using gjson/sjson only. -package chat_completions - -import ( - "github.com/tidwall/sjson" -) - -// ConvertOpenAIRequestToOpenAI converts an OpenAI Chat Completions request (raw JSON) -// into a complete Gemini CLI request JSON. All JSON construction uses sjson and lookups use gjson. -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data from the OpenAI API -// - stream: A boolean indicating if the request is for a streaming response (unused in current implementation) -// -// Returns: -// - []byte: The transformed request data in Gemini CLI API format -func ConvertOpenAIRequestToOpenAI(modelName string, inputRawJSON []byte, _ bool) []byte { - // Update the "model" field in the JSON payload with the provided modelName - // The sjson.SetBytes function returns a new byte slice with the updated JSON. - updatedJSON, err := sjson.SetBytes(inputRawJSON, "model", modelName) - if err != nil { - // If there's an error, return the original JSON or handle the error appropriately. - // For now, we'll return the original, but in a real scenario, logging or a more robust error - // handling mechanism would be needed. - return inputRawJSON - } - return updatedJSON -} diff --git a/internal/translator/openai/openai/chat-completions/openai_openai_response.go b/internal/translator/openai/openai/chat-completions/openai_openai_response.go deleted file mode 100644 index ff2acc5270..0000000000 --- a/internal/translator/openai/openai/chat-completions/openai_openai_response.go +++ /dev/null @@ -1,52 +0,0 @@ -// Package openai provides response translation functionality for Gemini CLI to OpenAI API compatibility. -// This package handles the conversion of Gemini CLI API responses into OpenAI Chat Completions-compatible -// JSON format, transforming streaming events and non-streaming responses into the format -// expected by OpenAI API clients. It supports both streaming and non-streaming modes, -// handling text content, tool calls, reasoning content, and usage metadata appropriately. -package chat_completions - -import ( - "bytes" - "context" -) - -// ConvertOpenAIResponseToOpenAI translates a single chunk of a streaming response from the -// Gemini CLI API format to the OpenAI Chat Completions streaming format. -// It processes various Gemini CLI event types and transforms them into OpenAI-compatible JSON responses. -// The function handles text content, tool calls, reasoning content, and usage metadata, outputting -// responses that match the OpenAI API format. It supports incremental updates for streaming responses. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response (unused in current implementation) -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for maintaining state between calls -// -// Returns: -// - []string: A slice of strings, each containing an OpenAI-compatible JSON response -func ConvertOpenAIResponseToOpenAI(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - return []string{string(rawJSON)} -} - -// ConvertOpenAIResponseToOpenAINonStream converts a non-streaming Gemini CLI response to a non-streaming OpenAI response. -// This function processes the complete Gemini CLI response and transforms it into a single OpenAI-compatible -// JSON response. It handles message content, tool calls, reasoning content, and usage metadata, combining all -// the information into a single response that matches the OpenAI API format. -// -// Parameters: -// - ctx: The context for the request, used for cancellation and timeout handling -// - modelName: The name of the model being used for the response -// - rawJSON: The raw JSON response from the Gemini CLI API -// - param: A pointer to a parameter object for the conversion -// -// Returns: -// - string: An OpenAI-compatible JSON response containing all message content and metadata -func ConvertOpenAIResponseToOpenAINonStream(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return string(rawJSON) -} diff --git a/internal/translator/openai/openai/responses/init.go b/internal/translator/openai/openai/responses/init.go deleted file mode 100644 index b1bf14f96d..0000000000 --- a/internal/translator/openai/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - . "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/translator/translator" -) - -func init() { - translator.Register( - OpenaiResponse, - OpenAI, - ConvertOpenAIResponsesRequestToOpenAIChatCompletions, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIChatCompletionsResponseToOpenAIResponses, - NonStream: ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/internal/translator/openai/openai/responses/openai_openai-responses_request.go b/internal/translator/openai/openai/responses/openai_openai-responses_request.go deleted file mode 100644 index 9a64798bd7..0000000000 --- a/internal/translator/openai/openai/responses/openai_openai-responses_request.go +++ /dev/null @@ -1,214 +0,0 @@ -package responses - -import ( - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// ConvertOpenAIResponsesRequestToOpenAIChatCompletions converts OpenAI responses format to OpenAI chat completions format. -// It transforms the OpenAI responses API format (with instructions and input array) into the standard -// OpenAI chat completions format (with messages array and system content). -// -// The conversion handles: -// 1. Model name and streaming configuration -// 2. Instructions to system message conversion -// 3. Input array to messages array transformation -// 4. Tool definitions and tool choice conversion -// 5. Function calls and function results handling -// 6. Generation parameters mapping (max_tokens, reasoning, etc.) -// -// Parameters: -// - modelName: The name of the model to use for the request -// - rawJSON: The raw JSON request data in OpenAI responses format -// - stream: A boolean indicating if the request is for a streaming response -// -// Returns: -// - []byte: The transformed request data in OpenAI chat completions format -func ConvertOpenAIResponsesRequestToOpenAIChatCompletions(modelName string, inputRawJSON []byte, stream bool) []byte { - rawJSON := inputRawJSON - // Base OpenAI chat completions template with default values - out := `{"model":"","messages":[],"stream":false}` - - root := gjson.ParseBytes(rawJSON) - - // Set model name - out, _ = sjson.Set(out, "model", modelName) - - // Set stream configuration - out, _ = sjson.Set(out, "stream", stream) - - // Map generation parameters from responses format to chat completions format - if maxTokens := root.Get("max_output_tokens"); maxTokens.Exists() { - out, _ = sjson.Set(out, "max_tokens", maxTokens.Int()) - } - - if parallelToolCalls := root.Get("parallel_tool_calls"); parallelToolCalls.Exists() { - out, _ = sjson.Set(out, "parallel_tool_calls", parallelToolCalls.Bool()) - } - - // Convert instructions to system message - if instructions := root.Get("instructions"); instructions.Exists() { - systemMessage := `{"role":"system","content":""}` - systemMessage, _ = sjson.Set(systemMessage, "content", instructions.String()) - out, _ = sjson.SetRaw(out, "messages.-1", systemMessage) - } - - // Convert input array to messages - if input := root.Get("input"); input.Exists() && input.IsArray() { - input.ForEach(func(_, item gjson.Result) bool { - itemType := item.Get("type").String() - if itemType == "" && item.Get("role").String() != "" { - itemType = "message" - } - - switch itemType { - case "message", "": - // Handle regular message conversion - role := item.Get("role").String() - if role == "developer" { - role = "user" - } - message := `{"role":"","content":[]}` - message, _ = sjson.Set(message, "role", role) - - if content := item.Get("content"); content.Exists() && content.IsArray() { - var messageContent string - var toolCalls []interface{} - - content.ForEach(func(_, contentItem gjson.Result) bool { - contentType := contentItem.Get("type").String() - if contentType == "" { - contentType = "input_text" - } - - switch contentType { - case "input_text", "output_text": - text := contentItem.Get("text").String() - contentPart := `{"type":"text","text":""}` - contentPart, _ = sjson.Set(contentPart, "text", text) - message, _ = sjson.SetRaw(message, "content.-1", contentPart) - case "input_image": - imageURL := contentItem.Get("image_url").String() - contentPart := `{"type":"image_url","image_url":{"url":""}}` - contentPart, _ = sjson.Set(contentPart, "image_url.url", imageURL) - message, _ = sjson.SetRaw(message, "content.-1", contentPart) - } - return true - }) - - if messageContent != "" { - message, _ = sjson.Set(message, "content", messageContent) - } - - if len(toolCalls) > 0 { - message, _ = sjson.Set(message, "tool_calls", toolCalls) - } - } else if content.Type == gjson.String { - message, _ = sjson.Set(message, "content", content.String()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", message) - - case "function_call": - // Handle function call conversion to assistant message with tool_calls - assistantMessage := `{"role":"assistant","tool_calls":[]}` - - toolCall := `{"id":"","type":"function","function":{"name":"","arguments":""}}` - - if callId := item.Get("call_id"); callId.Exists() { - toolCall, _ = sjson.Set(toolCall, "id", callId.String()) - } - - if name := item.Get("name"); name.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.name", name.String()) - } - - if arguments := item.Get("arguments"); arguments.Exists() { - toolCall, _ = sjson.Set(toolCall, "function.arguments", arguments.String()) - } - - assistantMessage, _ = sjson.SetRaw(assistantMessage, "tool_calls.0", toolCall) - out, _ = sjson.SetRaw(out, "messages.-1", assistantMessage) - - case "function_call_output": - // Handle function call output conversion to tool message - toolMessage := `{"role":"tool","tool_call_id":"","content":""}` - - if callId := item.Get("call_id"); callId.Exists() { - toolMessage, _ = sjson.Set(toolMessage, "tool_call_id", callId.String()) - } - - if output := item.Get("output"); output.Exists() { - toolMessage, _ = sjson.Set(toolMessage, "content", output.String()) - } - - out, _ = sjson.SetRaw(out, "messages.-1", toolMessage) - } - - return true - }) - } else if input.Type == gjson.String { - msg := "{}" - msg, _ = sjson.Set(msg, "role", "user") - msg, _ = sjson.Set(msg, "content", input.String()) - out, _ = sjson.SetRaw(out, "messages.-1", msg) - } - - // Convert tools from responses format to chat completions format - if tools := root.Get("tools"); tools.Exists() && tools.IsArray() { - var chatCompletionsTools []interface{} - - tools.ForEach(func(_, tool gjson.Result) bool { - // Built-in tools (e.g. {"type":"web_search"}) are already compatible with the Chat Completions schema. - // Only function tools need structural conversion because Chat Completions nests details under "function". - toolType := tool.Get("type").String() - if toolType != "" && toolType != "function" && tool.IsObject() { - // Almost all providers lack built-in tools, so we just ignore them. - // chatCompletionsTools = append(chatCompletionsTools, tool.Value()) - return true - } - - chatTool := `{"type":"function","function":{}}` - - // Convert tool structure from responses format to chat completions format - function := `{"name":"","description":"","parameters":{}}` - - if name := tool.Get("name"); name.Exists() { - function, _ = sjson.Set(function, "name", name.String()) - } - - if description := tool.Get("description"); description.Exists() { - function, _ = sjson.Set(function, "description", description.String()) - } - - if parameters := tool.Get("parameters"); parameters.Exists() { - function, _ = sjson.SetRaw(function, "parameters", parameters.Raw) - } - - chatTool, _ = sjson.SetRaw(chatTool, "function", function) - chatCompletionsTools = append(chatCompletionsTools, gjson.Parse(chatTool).Value()) - - return true - }) - - if len(chatCompletionsTools) > 0 { - out, _ = sjson.Set(out, "tools", chatCompletionsTools) - } - } - - if reasoningEffort := root.Get("reasoning.effort"); reasoningEffort.Exists() { - effort := strings.ToLower(strings.TrimSpace(reasoningEffort.String())) - if effort != "" { - out, _ = sjson.Set(out, "reasoning_effort", effort) - } - } - - // Convert tool_choice if present - if toolChoice := root.Get("tool_choice"); toolChoice.Exists() { - out, _ = sjson.Set(out, "tool_choice", toolChoice.String()) - } - - return []byte(out) -} diff --git a/internal/translator/openai/openai/responses/openai_openai-responses_response.go b/internal/translator/openai/openai/responses/openai_openai-responses_response.go deleted file mode 100644 index 151528526c..0000000000 --- a/internal/translator/openai/openai/responses/openai_openai-responses_response.go +++ /dev/null @@ -1,780 +0,0 @@ -package responses - -import ( - "bytes" - "context" - "fmt" - "strings" - "sync/atomic" - "time" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -type oaiToResponsesStateReasoning struct { - ReasoningID string - ReasoningData string -} -type oaiToResponsesState struct { - Seq int - ResponseID string - Created int64 - Started bool - ReasoningID string - ReasoningIndex int - // aggregation buffers for response.output - // Per-output message text buffers by index - MsgTextBuf map[int]*strings.Builder - ReasoningBuf strings.Builder - Reasonings []oaiToResponsesStateReasoning - FuncArgsBuf map[int]*strings.Builder // index -> args - FuncNames map[int]string // index -> name - FuncCallIDs map[int]string // index -> call_id - // message item state per output index - MsgItemAdded map[int]bool // whether response.output_item.added emitted for message - MsgContentAdded map[int]bool // whether response.content_part.added emitted for message - MsgItemDone map[int]bool // whether message done events were emitted - // function item done state - FuncArgsDone map[int]bool - FuncItemDone map[int]bool - // usage aggregation - PromptTokens int64 - CachedTokens int64 - CompletionTokens int64 - TotalTokens int64 - ReasoningTokens int64 - UsageSeen bool -} - -// responseIDCounter provides a process-wide unique counter for synthesized response identifiers. -var responseIDCounter uint64 - -func emitRespEvent(event string, payload string) string { - return fmt.Sprintf("event: %s\ndata: %s", event, payload) -} - -// ConvertOpenAIChatCompletionsResponseToOpenAIResponses converts OpenAI Chat Completions streaming chunks -// to OpenAI Responses SSE events (response.*). -func ConvertOpenAIChatCompletionsResponseToOpenAIResponses(ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - if *param == nil { - *param = &oaiToResponsesState{ - FuncArgsBuf: make(map[int]*strings.Builder), - FuncNames: make(map[int]string), - FuncCallIDs: make(map[int]string), - MsgTextBuf: make(map[int]*strings.Builder), - MsgItemAdded: make(map[int]bool), - MsgContentAdded: make(map[int]bool), - MsgItemDone: make(map[int]bool), - FuncArgsDone: make(map[int]bool), - FuncItemDone: make(map[int]bool), - Reasonings: make([]oaiToResponsesStateReasoning, 0), - } - } - st := (*param).(*oaiToResponsesState) - - if bytes.HasPrefix(rawJSON, []byte("data:")) { - rawJSON = bytes.TrimSpace(rawJSON[5:]) - } - - rawJSON = bytes.TrimSpace(rawJSON) - if len(rawJSON) == 0 { - return []string{} - } - if bytes.Equal(rawJSON, []byte("[DONE]")) { - return []string{} - } - - root := gjson.ParseBytes(rawJSON) - obj := root.Get("object") - if obj.Exists() && obj.String() != "" && obj.String() != "chat.completion.chunk" { - return []string{} - } - if !root.Get("choices").Exists() || !root.Get("choices").IsArray() { - return []string{} - } - - if usage := root.Get("usage"); usage.Exists() { - if v := usage.Get("prompt_tokens"); v.Exists() { - st.PromptTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("prompt_tokens_details.cached_tokens"); v.Exists() { - st.CachedTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("completion_tokens"); v.Exists() { - st.CompletionTokens = v.Int() - st.UsageSeen = true - } else if v := usage.Get("output_tokens"); v.Exists() { - st.CompletionTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("output_tokens_details.reasoning_tokens"); v.Exists() { - st.ReasoningTokens = v.Int() - st.UsageSeen = true - } else if v := usage.Get("completion_tokens_details.reasoning_tokens"); v.Exists() { - st.ReasoningTokens = v.Int() - st.UsageSeen = true - } - if v := usage.Get("total_tokens"); v.Exists() { - st.TotalTokens = v.Int() - st.UsageSeen = true - } - } - - nextSeq := func() int { st.Seq++; return st.Seq } - var out []string - - if !st.Started { - st.ResponseID = root.Get("id").String() - st.Created = root.Get("created").Int() - // reset aggregation state for a new streaming response - st.MsgTextBuf = make(map[int]*strings.Builder) - st.ReasoningBuf.Reset() - st.ReasoningID = "" - st.ReasoningIndex = 0 - st.FuncArgsBuf = make(map[int]*strings.Builder) - st.FuncNames = make(map[int]string) - st.FuncCallIDs = make(map[int]string) - st.MsgItemAdded = make(map[int]bool) - st.MsgContentAdded = make(map[int]bool) - st.MsgItemDone = make(map[int]bool) - st.FuncArgsDone = make(map[int]bool) - st.FuncItemDone = make(map[int]bool) - st.PromptTokens = 0 - st.CachedTokens = 0 - st.CompletionTokens = 0 - st.TotalTokens = 0 - st.ReasoningTokens = 0 - st.UsageSeen = false - // response.created - created := `{"type":"response.created","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress","background":false,"error":null,"output":[]}}` - created, _ = sjson.Set(created, "sequence_number", nextSeq()) - created, _ = sjson.Set(created, "response.id", st.ResponseID) - created, _ = sjson.Set(created, "response.created_at", st.Created) - out = append(out, emitRespEvent("response.created", created)) - - inprog := `{"type":"response.in_progress","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"in_progress"}}` - inprog, _ = sjson.Set(inprog, "sequence_number", nextSeq()) - inprog, _ = sjson.Set(inprog, "response.id", st.ResponseID) - inprog, _ = sjson.Set(inprog, "response.created_at", st.Created) - out = append(out, emitRespEvent("response.in_progress", inprog)) - st.Started = true - } - - stopReasoning := func(text string) { - // Emit reasoning done events - textDone := `{"type":"response.reasoning_summary_text.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"text":""}` - textDone, _ = sjson.Set(textDone, "sequence_number", nextSeq()) - textDone, _ = sjson.Set(textDone, "item_id", st.ReasoningID) - textDone, _ = sjson.Set(textDone, "output_index", st.ReasoningIndex) - textDone, _ = sjson.Set(textDone, "text", text) - out = append(out, emitRespEvent("response.reasoning_summary_text.done", textDone)) - partDone := `{"type":"response.reasoning_summary_part.done","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", st.ReasoningID) - partDone, _ = sjson.Set(partDone, "output_index", st.ReasoningIndex) - partDone, _ = sjson.Set(partDone, "part.text", text) - out = append(out, emitRespEvent("response.reasoning_summary_part.done", partDone)) - outputItemDone := `{"type":"response.output_item.done","item":{"id":"","type":"reasoning","encrypted_content":"","summary":[{"type":"summary_text","text":""}]},"output_index":0,"sequence_number":0}` - outputItemDone, _ = sjson.Set(outputItemDone, "sequence_number", nextSeq()) - outputItemDone, _ = sjson.Set(outputItemDone, "item.id", st.ReasoningID) - outputItemDone, _ = sjson.Set(outputItemDone, "output_index", st.ReasoningIndex) - outputItemDone, _ = sjson.Set(outputItemDone, "item.summary.text", text) - out = append(out, emitRespEvent("response.output_item.done", outputItemDone)) - - st.Reasonings = append(st.Reasonings, oaiToResponsesStateReasoning{ReasoningID: st.ReasoningID, ReasoningData: text}) - st.ReasoningID = "" - } - - // choices[].delta content / tool_calls / reasoning_content - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(_, choice gjson.Result) bool { - idx := int(choice.Get("index").Int()) - delta := choice.Get("delta") - if delta.Exists() { - if c := delta.Get("content"); c.Exists() && c.String() != "" { - // Ensure the message item and its first content part are announced before any text deltas - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - if !st.MsgItemAdded[idx] { - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"in_progress","content":[],"role":"assistant"}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - out = append(out, emitRespEvent("response.output_item.added", item)) - st.MsgItemAdded[idx] = true - } - if !st.MsgContentAdded[idx] { - part := `{"type":"response.content_part.added","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - part, _ = sjson.Set(part, "output_index", idx) - part, _ = sjson.Set(part, "content_index", 0) - out = append(out, emitRespEvent("response.content_part.added", part)) - st.MsgContentAdded[idx] = true - } - - msg := `{"type":"response.output_text.delta","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"delta":"","logprobs":[]}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - msg, _ = sjson.Set(msg, "output_index", idx) - msg, _ = sjson.Set(msg, "content_index", 0) - msg, _ = sjson.Set(msg, "delta", c.String()) - out = append(out, emitRespEvent("response.output_text.delta", msg)) - // aggregate for response.output - if st.MsgTextBuf[idx] == nil { - st.MsgTextBuf[idx] = &strings.Builder{} - } - st.MsgTextBuf[idx].WriteString(c.String()) - } - - // reasoning_content (OpenAI reasoning incremental text) - if rc := delta.Get("reasoning_content"); rc.Exists() && rc.String() != "" { - // On first appearance, add reasoning item and part - if st.ReasoningID == "" { - st.ReasoningID = fmt.Sprintf("rs_%s_%d", st.ResponseID, idx) - st.ReasoningIndex = idx - item := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"reasoning","status":"in_progress","summary":[]}}` - item, _ = sjson.Set(item, "sequence_number", nextSeq()) - item, _ = sjson.Set(item, "output_index", idx) - item, _ = sjson.Set(item, "item.id", st.ReasoningID) - out = append(out, emitRespEvent("response.output_item.added", item)) - part := `{"type":"response.reasoning_summary_part.added","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"part":{"type":"summary_text","text":""}}` - part, _ = sjson.Set(part, "sequence_number", nextSeq()) - part, _ = sjson.Set(part, "item_id", st.ReasoningID) - part, _ = sjson.Set(part, "output_index", st.ReasoningIndex) - out = append(out, emitRespEvent("response.reasoning_summary_part.added", part)) - } - // Append incremental text to reasoning buffer - st.ReasoningBuf.WriteString(rc.String()) - msg := `{"type":"response.reasoning_summary_text.delta","sequence_number":0,"item_id":"","output_index":0,"summary_index":0,"delta":""}` - msg, _ = sjson.Set(msg, "sequence_number", nextSeq()) - msg, _ = sjson.Set(msg, "item_id", st.ReasoningID) - msg, _ = sjson.Set(msg, "output_index", st.ReasoningIndex) - msg, _ = sjson.Set(msg, "delta", rc.String()) - out = append(out, emitRespEvent("response.reasoning_summary_text.delta", msg)) - } - - // tool calls - if tcs := delta.Get("tool_calls"); tcs.Exists() && tcs.IsArray() { - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - // Before emitting any function events, if a message is open for this index, - // close its text/content to match Codex expected ordering. - if st.MsgItemAdded[idx] && !st.MsgItemDone[idx] { - fullText := "" - if b := st.MsgTextBuf[idx]; b != nil { - fullText = b.String() - } - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - done, _ = sjson.Set(done, "output_index", idx) - done, _ = sjson.Set(done, "content_index", 0) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitRespEvent("response.output_text.done", done)) - - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - partDone, _ = sjson.Set(partDone, "output_index", idx) - partDone, _ = sjson.Set(partDone, "content_index", 0) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitRespEvent("response.content_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", idx) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, idx)) - itemDone, _ = sjson.Set(itemDone, "item.content.0.text", fullText) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.MsgItemDone[idx] = true - } - - // Only emit item.added once per tool call and preserve call_id across chunks. - newCallID := tcs.Get("0.id").String() - nameChunk := tcs.Get("0.function.name").String() - if nameChunk != "" { - st.FuncNames[idx] = nameChunk - } - existingCallID := st.FuncCallIDs[idx] - effectiveCallID := existingCallID - shouldEmitItem := false - if existingCallID == "" && newCallID != "" { - // First time seeing a valid call_id for this index - effectiveCallID = newCallID - st.FuncCallIDs[idx] = newCallID - shouldEmitItem = true - } - - if shouldEmitItem && effectiveCallID != "" { - o := `{"type":"response.output_item.added","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"in_progress","arguments":"","call_id":"","name":""}}` - o, _ = sjson.Set(o, "sequence_number", nextSeq()) - o, _ = sjson.Set(o, "output_index", idx) - o, _ = sjson.Set(o, "item.id", fmt.Sprintf("fc_%s", effectiveCallID)) - o, _ = sjson.Set(o, "item.call_id", effectiveCallID) - name := st.FuncNames[idx] - o, _ = sjson.Set(o, "item.name", name) - out = append(out, emitRespEvent("response.output_item.added", o)) - } - - // Ensure args buffer exists for this index - if st.FuncArgsBuf[idx] == nil { - st.FuncArgsBuf[idx] = &strings.Builder{} - } - - // Append arguments delta if available and we have a valid call_id to reference - if args := tcs.Get("0.function.arguments"); args.Exists() && args.String() != "" { - // Prefer an already known call_id; fall back to newCallID if first time - refCallID := st.FuncCallIDs[idx] - if refCallID == "" { - refCallID = newCallID - } - if refCallID != "" { - ad := `{"type":"response.function_call_arguments.delta","sequence_number":0,"item_id":"","output_index":0,"delta":""}` - ad, _ = sjson.Set(ad, "sequence_number", nextSeq()) - ad, _ = sjson.Set(ad, "item_id", fmt.Sprintf("fc_%s", refCallID)) - ad, _ = sjson.Set(ad, "output_index", idx) - ad, _ = sjson.Set(ad, "delta", args.String()) - out = append(out, emitRespEvent("response.function_call_arguments.delta", ad)) - } - st.FuncArgsBuf[idx].WriteString(args.String()) - } - } - } - - // finish_reason triggers finalization, including text done/content done/item done, - // reasoning done/part.done, function args done/item done, and completed - if fr := choice.Get("finish_reason"); fr.Exists() && fr.String() != "" { - // Emit message done events for all indices that started a message - if len(st.MsgItemAdded) > 0 { - // sort indices for deterministic order - idxs := make([]int, 0, len(st.MsgItemAdded)) - for i := range st.MsgItemAdded { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - if st.MsgItemAdded[i] && !st.MsgItemDone[i] { - fullText := "" - if b := st.MsgTextBuf[i]; b != nil { - fullText = b.String() - } - done := `{"type":"response.output_text.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"text":"","logprobs":[]}` - done, _ = sjson.Set(done, "sequence_number", nextSeq()) - done, _ = sjson.Set(done, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - done, _ = sjson.Set(done, "output_index", i) - done, _ = sjson.Set(done, "content_index", 0) - done, _ = sjson.Set(done, "text", fullText) - out = append(out, emitRespEvent("response.output_text.done", done)) - - partDone := `{"type":"response.content_part.done","sequence_number":0,"item_id":"","output_index":0,"content_index":0,"part":{"type":"output_text","annotations":[],"logprobs":[],"text":""}}` - partDone, _ = sjson.Set(partDone, "sequence_number", nextSeq()) - partDone, _ = sjson.Set(partDone, "item_id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - partDone, _ = sjson.Set(partDone, "output_index", i) - partDone, _ = sjson.Set(partDone, "content_index", 0) - partDone, _ = sjson.Set(partDone, "part.text", fullText) - out = append(out, emitRespEvent("response.content_part.done", partDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", i) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - itemDone, _ = sjson.Set(itemDone, "item.content.0.text", fullText) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.MsgItemDone[i] = true - } - } - } - - if st.ReasoningID != "" { - stopReasoning(st.ReasoningBuf.String()) - st.ReasoningBuf.Reset() - } - - // Emit function call done events for any active function calls - if len(st.FuncCallIDs) > 0 { - idxs := make([]int, 0, len(st.FuncCallIDs)) - for i := range st.FuncCallIDs { - idxs = append(idxs, i) - } - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - callID := st.FuncCallIDs[i] - if callID == "" || st.FuncItemDone[i] { - continue - } - args := "{}" - if b := st.FuncArgsBuf[i]; b != nil && b.Len() > 0 { - args = b.String() - } - fcDone := `{"type":"response.function_call_arguments.done","sequence_number":0,"item_id":"","output_index":0,"arguments":""}` - fcDone, _ = sjson.Set(fcDone, "sequence_number", nextSeq()) - fcDone, _ = sjson.Set(fcDone, "item_id", fmt.Sprintf("fc_%s", callID)) - fcDone, _ = sjson.Set(fcDone, "output_index", i) - fcDone, _ = sjson.Set(fcDone, "arguments", args) - out = append(out, emitRespEvent("response.function_call_arguments.done", fcDone)) - - itemDone := `{"type":"response.output_item.done","sequence_number":0,"output_index":0,"item":{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}}` - itemDone, _ = sjson.Set(itemDone, "sequence_number", nextSeq()) - itemDone, _ = sjson.Set(itemDone, "output_index", i) - itemDone, _ = sjson.Set(itemDone, "item.id", fmt.Sprintf("fc_%s", callID)) - itemDone, _ = sjson.Set(itemDone, "item.arguments", args) - itemDone, _ = sjson.Set(itemDone, "item.call_id", callID) - itemDone, _ = sjson.Set(itemDone, "item.name", st.FuncNames[i]) - out = append(out, emitRespEvent("response.output_item.done", itemDone)) - st.FuncItemDone[i] = true - st.FuncArgsDone[i] = true - } - } - completed := `{"type":"response.completed","sequence_number":0,"response":{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null}}` - completed, _ = sjson.Set(completed, "sequence_number", nextSeq()) - completed, _ = sjson.Set(completed, "response.id", st.ResponseID) - completed, _ = sjson.Set(completed, "response.created_at", st.Created) - // Inject original request fields into response as per docs/response.completed.json - if requestRawJSON != nil { - req := gjson.ParseBytes(requestRawJSON) - if v := req.Get("instructions"); v.Exists() { - completed, _ = sjson.Set(completed, "response.instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_output_tokens", v.Int()) - } - if v := req.Get("max_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - completed, _ = sjson.Set(completed, "response.model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - completed, _ = sjson.Set(completed, "response.parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - completed, _ = sjson.Set(completed, "response.previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - completed, _ = sjson.Set(completed, "response.prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - completed, _ = sjson.Set(completed, "response.reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - completed, _ = sjson.Set(completed, "response.service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - completed, _ = sjson.Set(completed, "response.store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - completed, _ = sjson.Set(completed, "response.temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - completed, _ = sjson.Set(completed, "response.text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - completed, _ = sjson.Set(completed, "response.tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - completed, _ = sjson.Set(completed, "response.top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - completed, _ = sjson.Set(completed, "response.truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - completed, _ = sjson.Set(completed, "response.user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - completed, _ = sjson.Set(completed, "response.metadata", v.Value()) - } - } - // Build response.output using aggregated buffers - outputsWrapper := `{"arr":[]}` - if len(st.Reasonings) > 0 { - for _, r := range st.Reasonings { - item := `{"id":"","type":"reasoning","summary":[{"type":"summary_text","text":""}]}` - item, _ = sjson.Set(item, "id", r.ReasoningID) - item, _ = sjson.Set(item, "summary.0.text", r.ReasoningData) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - // Append message items in ascending index order - if len(st.MsgItemAdded) > 0 { - midxs := make([]int, 0, len(st.MsgItemAdded)) - for i := range st.MsgItemAdded { - midxs = append(midxs, i) - } - for i := 0; i < len(midxs); i++ { - for j := i + 1; j < len(midxs); j++ { - if midxs[j] < midxs[i] { - midxs[i], midxs[j] = midxs[j], midxs[i] - } - } - } - for _, i := range midxs { - txt := "" - if b := st.MsgTextBuf[i]; b != nil { - txt = b.String() - } - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("msg_%s_%d", st.ResponseID, i)) - item, _ = sjson.Set(item, "content.0.text", txt) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if len(st.FuncArgsBuf) > 0 { - idxs := make([]int, 0, len(st.FuncArgsBuf)) - for i := range st.FuncArgsBuf { - idxs = append(idxs, i) - } - // small-N sort without extra imports - for i := 0; i < len(idxs); i++ { - for j := i + 1; j < len(idxs); j++ { - if idxs[j] < idxs[i] { - idxs[i], idxs[j] = idxs[j], idxs[i] - } - } - } - for _, i := range idxs { - args := "" - if b := st.FuncArgsBuf[i]; b != nil { - args = b.String() - } - callID := st.FuncCallIDs[i] - name := st.FuncNames[i] - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - completed, _ = sjson.SetRaw(completed, "response.output", gjson.Get(outputsWrapper, "arr").Raw) - } - if st.UsageSeen { - completed, _ = sjson.Set(completed, "response.usage.input_tokens", st.PromptTokens) - completed, _ = sjson.Set(completed, "response.usage.input_tokens_details.cached_tokens", st.CachedTokens) - completed, _ = sjson.Set(completed, "response.usage.output_tokens", st.CompletionTokens) - if st.ReasoningTokens > 0 { - completed, _ = sjson.Set(completed, "response.usage.output_tokens_details.reasoning_tokens", st.ReasoningTokens) - } - total := st.TotalTokens - if total == 0 { - total = st.PromptTokens + st.CompletionTokens - } - completed, _ = sjson.Set(completed, "response.usage.total_tokens", total) - } - out = append(out, emitRespEvent("response.completed", completed)) - } - - return true - }) - } - - return out -} - -// ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream builds a single Responses JSON -// from a non-streaming OpenAI Chat Completions response. -func ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream(_ context.Context, _ string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string { - root := gjson.ParseBytes(rawJSON) - - // Basic response scaffold - resp := `{"id":"","object":"response","created_at":0,"status":"completed","background":false,"error":null,"incomplete_details":null}` - - // id: use provider id if present, otherwise synthesize - id := root.Get("id").String() - if id == "" { - id = fmt.Sprintf("resp_%x_%d", time.Now().UnixNano(), atomic.AddUint64(&responseIDCounter, 1)) - } - resp, _ = sjson.Set(resp, "id", id) - - // created_at: map from chat.completion created - created := root.Get("created").Int() - if created == 0 { - created = time.Now().Unix() - } - resp, _ = sjson.Set(resp, "created_at", created) - - // Echo request fields when available (aligns with streaming path behavior) - if len(requestRawJSON) > 0 { - req := gjson.ParseBytes(requestRawJSON) - if v := req.Get("instructions"); v.Exists() { - resp, _ = sjson.Set(resp, "instructions", v.String()) - } - if v := req.Get("max_output_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } else { - // Also support max_tokens from chat completion style - if v = req.Get("max_tokens"); v.Exists() { - resp, _ = sjson.Set(resp, "max_output_tokens", v.Int()) - } - } - if v := req.Get("max_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "max_tool_calls", v.Int()) - } - if v := req.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } else if v = root.Get("model"); v.Exists() { - resp, _ = sjson.Set(resp, "model", v.String()) - } - if v := req.Get("parallel_tool_calls"); v.Exists() { - resp, _ = sjson.Set(resp, "parallel_tool_calls", v.Bool()) - } - if v := req.Get("previous_response_id"); v.Exists() { - resp, _ = sjson.Set(resp, "previous_response_id", v.String()) - } - if v := req.Get("prompt_cache_key"); v.Exists() { - resp, _ = sjson.Set(resp, "prompt_cache_key", v.String()) - } - if v := req.Get("reasoning"); v.Exists() { - resp, _ = sjson.Set(resp, "reasoning", v.Value()) - } - if v := req.Get("safety_identifier"); v.Exists() { - resp, _ = sjson.Set(resp, "safety_identifier", v.String()) - } - if v := req.Get("service_tier"); v.Exists() { - resp, _ = sjson.Set(resp, "service_tier", v.String()) - } - if v := req.Get("store"); v.Exists() { - resp, _ = sjson.Set(resp, "store", v.Bool()) - } - if v := req.Get("temperature"); v.Exists() { - resp, _ = sjson.Set(resp, "temperature", v.Float()) - } - if v := req.Get("text"); v.Exists() { - resp, _ = sjson.Set(resp, "text", v.Value()) - } - if v := req.Get("tool_choice"); v.Exists() { - resp, _ = sjson.Set(resp, "tool_choice", v.Value()) - } - if v := req.Get("tools"); v.Exists() { - resp, _ = sjson.Set(resp, "tools", v.Value()) - } - if v := req.Get("top_logprobs"); v.Exists() { - resp, _ = sjson.Set(resp, "top_logprobs", v.Int()) - } - if v := req.Get("top_p"); v.Exists() { - resp, _ = sjson.Set(resp, "top_p", v.Float()) - } - if v := req.Get("truncation"); v.Exists() { - resp, _ = sjson.Set(resp, "truncation", v.String()) - } - if v := req.Get("user"); v.Exists() { - resp, _ = sjson.Set(resp, "user", v.Value()) - } - if v := req.Get("metadata"); v.Exists() { - resp, _ = sjson.Set(resp, "metadata", v.Value()) - } - } else if v := root.Get("model"); v.Exists() { - // Fallback model from response - resp, _ = sjson.Set(resp, "model", v.String()) - } - - // Build output list from choices[...] - outputsWrapper := `{"arr":[]}` - // Detect and capture reasoning content if present - rcText := gjson.GetBytes(rawJSON, "choices.0.message.reasoning_content").String() - includeReasoning := rcText != "" - if !includeReasoning && len(requestRawJSON) > 0 { - includeReasoning = gjson.GetBytes(requestRawJSON, "reasoning").Exists() - } - if includeReasoning { - rid := id - if strings.HasPrefix(rid, "resp_") { - rid = strings.TrimPrefix(rid, "resp_") - } - // Prefer summary_text from reasoning_content; encrypted_content is optional - reasoningItem := `{"id":"","type":"reasoning","encrypted_content":"","summary":[]}` - reasoningItem, _ = sjson.Set(reasoningItem, "id", fmt.Sprintf("rs_%s", rid)) - if rcText != "" { - reasoningItem, _ = sjson.Set(reasoningItem, "summary.0.type", "summary_text") - reasoningItem, _ = sjson.Set(reasoningItem, "summary.0.text", rcText) - } - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", reasoningItem) - } - - if choices := root.Get("choices"); choices.Exists() && choices.IsArray() { - choices.ForEach(func(_, choice gjson.Result) bool { - msg := choice.Get("message") - if msg.Exists() { - // Text message part - if c := msg.Get("content"); c.Exists() && c.String() != "" { - item := `{"id":"","type":"message","status":"completed","content":[{"type":"output_text","annotations":[],"logprobs":[],"text":""}],"role":"assistant"}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("msg_%s_%d", id, int(choice.Get("index").Int()))) - item, _ = sjson.Set(item, "content.0.text", c.String()) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - } - - // Function/tool calls - if tcs := msg.Get("tool_calls"); tcs.Exists() && tcs.IsArray() { - tcs.ForEach(func(_, tc gjson.Result) bool { - callID := tc.Get("id").String() - name := tc.Get("function.name").String() - args := tc.Get("function.arguments").String() - item := `{"id":"","type":"function_call","status":"completed","arguments":"","call_id":"","name":""}` - item, _ = sjson.Set(item, "id", fmt.Sprintf("fc_%s", callID)) - item, _ = sjson.Set(item, "arguments", args) - item, _ = sjson.Set(item, "call_id", callID) - item, _ = sjson.Set(item, "name", name) - outputsWrapper, _ = sjson.SetRaw(outputsWrapper, "arr.-1", item) - return true - }) - } - } - return true - }) - } - if gjson.Get(outputsWrapper, "arr.#").Int() > 0 { - resp, _ = sjson.SetRaw(resp, "output", gjson.Get(outputsWrapper, "arr").Raw) - } - - // usage mapping - if usage := root.Get("usage"); usage.Exists() { - // Map common tokens - if usage.Get("prompt_tokens").Exists() || usage.Get("completion_tokens").Exists() || usage.Get("total_tokens").Exists() { - resp, _ = sjson.Set(resp, "usage.input_tokens", usage.Get("prompt_tokens").Int()) - if d := usage.Get("prompt_tokens_details.cached_tokens"); d.Exists() { - resp, _ = sjson.Set(resp, "usage.input_tokens_details.cached_tokens", d.Int()) - } - resp, _ = sjson.Set(resp, "usage.output_tokens", usage.Get("completion_tokens").Int()) - // Reasoning tokens not available in Chat Completions; set only if present under output_tokens_details - if d := usage.Get("output_tokens_details.reasoning_tokens"); d.Exists() { - resp, _ = sjson.Set(resp, "usage.output_tokens_details.reasoning_tokens", d.Int()) - } - resp, _ = sjson.Set(resp, "usage.total_tokens", usage.Get("total_tokens").Int()) - } else { - // Fallback to raw usage object if structure differs - resp, _ = sjson.Set(resp, "usage", usage.Value()) - } - } - - return resp -} diff --git a/internal/translator/translator/translator.go b/internal/translator/translator/translator.go deleted file mode 100644 index 5391fb11d9..0000000000 --- a/internal/translator/translator/translator.go +++ /dev/null @@ -1,89 +0,0 @@ -// Package translator provides request and response translation functionality -// between different AI API formats. It acts as a wrapper around the SDK translator -// registry, providing convenient functions for translating requests and responses -// between OpenAI, Claude, Gemini, and other API formats. -package translator - -import ( - "context" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/interfaces" - sdktranslator "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/translator" -) - -// registry holds the default translator registry instance. -var registry = sdktranslator.Default() - -// Register registers a new translator for converting between two API formats. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - request: The request translation function -// - response: The response translation function -func Register(from, to string, request interfaces.TranslateRequestFunc, response interfaces.TranslateResponse) { - registry.Register(sdktranslator.FromString(from), sdktranslator.FromString(to), request, response) -} - -// Request translates a request from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - modelName: The model name for the request -// - rawJSON: The raw JSON request data -// - stream: Whether this is a streaming request -// -// Returns: -// - []byte: The translated request JSON -func Request(from, to, modelName string, rawJSON []byte, stream bool) []byte { - return registry.TranslateRequest(sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, rawJSON, stream) -} - -// NeedConvert checks if a response translation is needed between two API formats. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// -// Returns: -// - bool: True if response translation is needed, false otherwise -func NeedConvert(from, to string) bool { - return registry.HasResponseTransformer(sdktranslator.FromString(from), sdktranslator.FromString(to)) -} - -// Response translates a streaming response from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - ctx: The context for the translation -// - modelName: The model name for the response -// - originalRequestRawJSON: The original request JSON -// - requestRawJSON: The translated request JSON -// - rawJSON: The raw response JSON -// - param: Additional parameters for translation -// -// Returns: -// - []string: The translated response lines -func Response(from, to string, ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) []string { - return registry.TranslateStream(ctx, sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} - -// ResponseNonStream translates a non-streaming response from one API format to another. -// -// Parameters: -// - from: The source API format identifier -// - to: The target API format identifier -// - ctx: The context for the translation -// - modelName: The model name for the response -// - originalRequestRawJSON: The original request JSON -// - requestRawJSON: The translated request JSON -// - rawJSON: The raw response JSON -// - param: Additional parameters for translation -// -// Returns: -// - string: The translated response JSON -func ResponseNonStream(from, to string, ctx context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, param *any) string { - return registry.TranslateNonStream(ctx, sdktranslator.FromString(from), sdktranslator.FromString(to), modelName, originalRequestRawJSON, requestRawJSON, rawJSON, param) -} diff --git a/internal/tui/app.go b/internal/tui/app.go deleted file mode 100644 index b9ee9e1a3a..0000000000 --- a/internal/tui/app.go +++ /dev/null @@ -1,542 +0,0 @@ -package tui - -import ( - "fmt" - "io" - "os" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// Tab identifiers -const ( - tabDashboard = iota - tabConfig - tabAuthFiles - tabAPIKeys - tabOAuth - tabUsage - tabLogs -) - -// App is the root bubbletea model that contains all tab sub-models. -type App struct { - activeTab int - tabs []string - - standalone bool - logsEnabled bool - - authenticated bool - authInput textinput.Model - authError string - authConnecting bool - - dashboard dashboardModel - config configTabModel - auth authTabModel - keys keysTabModel - oauth oauthTabModel - usage usageTabModel - logs logsTabModel - - client *Client - - width int - height int - ready bool - - // Track which tabs have been initialized (fetched data) - initialized [7]bool -} - -type authConnectMsg struct { - cfg map[string]any - err error -} - -// NewApp creates the root TUI application model. -func NewApp(port int, secretKey string, hook *LogHook) App { - standalone := hook != nil - authRequired := !standalone - ti := textinput.New() - ti.CharLimit = 512 - ti.EchoMode = textinput.EchoPassword - ti.EchoCharacter = '*' - ti.SetValue(strings.TrimSpace(secretKey)) - ti.Focus() - - client := NewClient(port, secretKey) - app := App{ - activeTab: tabDashboard, - standalone: standalone, - logsEnabled: true, - authenticated: !authRequired, - authInput: ti, - dashboard: newDashboardModel(client), - config: newConfigTabModel(client), - auth: newAuthTabModel(client), - keys: newKeysTabModel(client), - oauth: newOAuthTabModel(client), - usage: newUsageTabModel(client), - logs: newLogsTabModel(client, hook), - client: client, - initialized: [7]bool{ - tabDashboard: true, - tabLogs: true, - }, - } - - app.refreshTabs() - if authRequired { - app.initialized = [7]bool{} - } - app.setAuthInputPrompt() - return app -} - -func (a App) Init() tea.Cmd { - if !a.authenticated { - return textinput.Blink - } - cmds := []tea.Cmd{a.dashboard.Init()} - if a.logsEnabled { - cmds = append(cmds, a.logs.Init()) - } - return tea.Batch(cmds...) -} - -func (a App) Update(msg tea.Msg) (tea.Model, tea.Cmd) { - switch msg := msg.(type) { - case tea.WindowSizeMsg: - a.width = msg.Width - a.height = msg.Height - a.ready = true - if a.width > 0 { - a.authInput.Width = a.width - 6 - } - contentH := a.height - 4 // tab bar + status bar - if contentH < 1 { - contentH = 1 - } - contentW := a.width - a.dashboard.SetSize(contentW, contentH) - a.config.SetSize(contentW, contentH) - a.auth.SetSize(contentW, contentH) - a.keys.SetSize(contentW, contentH) - a.oauth.SetSize(contentW, contentH) - a.usage.SetSize(contentW, contentH) - a.logs.SetSize(contentW, contentH) - return a, nil - - case authConnectMsg: - a.authConnecting = false - if msg.err != nil { - a.authError = fmt.Sprintf(T("auth_gate_connect_fail"), msg.err.Error()) - return a, nil - } - a.authError = "" - a.authenticated = true - a.logsEnabled = a.standalone || isLogsEnabledFromConfig(msg.cfg) - a.refreshTabs() - a.initialized = [7]bool{} - a.initialized[tabDashboard] = true - cmds := []tea.Cmd{a.dashboard.Init()} - if a.logsEnabled { - a.initialized[tabLogs] = true - cmds = append(cmds, a.logs.Init()) - } - return a, tea.Batch(cmds...) - - case configUpdateMsg: - var cmdLogs tea.Cmd - if !a.standalone && msg.err == nil && msg.path == "logging-to-file" { - logsEnabledConfig, okConfig := msg.value.(bool) - if okConfig { - logsEnabledBefore := a.logsEnabled - a.logsEnabled = logsEnabledConfig - if logsEnabledBefore != a.logsEnabled { - a.refreshTabs() - } - if !a.logsEnabled { - a.initialized[tabLogs] = false - } - if !logsEnabledBefore && a.logsEnabled { - a.initialized[tabLogs] = true - cmdLogs = a.logs.Init() - } - } - } - - var cmdConfig tea.Cmd - a.config, cmdConfig = a.config.Update(msg) - if cmdConfig != nil && cmdLogs != nil { - return a, tea.Batch(cmdConfig, cmdLogs) - } - if cmdConfig != nil { - return a, cmdConfig - } - return a, cmdLogs - - case tea.KeyMsg: - if !a.authenticated { - switch msg.String() { - case "ctrl+c", "q": - return a, tea.Quit - case "L": - ToggleLocale() - a.refreshTabs() - a.setAuthInputPrompt() - return a, nil - case "enter": - if a.authConnecting { - return a, nil - } - password := strings.TrimSpace(a.authInput.Value()) - if password == "" { - a.authError = T("auth_gate_password_required") - return a, nil - } - a.authError = "" - a.authConnecting = true - return a, a.connectWithPassword(password) - default: - var cmd tea.Cmd - a.authInput, cmd = a.authInput.Update(msg) - return a, cmd - } - } - - switch msg.String() { - case "ctrl+c": - return a, tea.Quit - case "q": - // Only quit if not in logs tab (where 'q' might be useful) - if !a.logsEnabled || a.activeTab != tabLogs { - return a, tea.Quit - } - case "L": - ToggleLocale() - a.refreshTabs() - return a.broadcastToAllTabs(localeChangedMsg{}) - case "tab": - if len(a.tabs) == 0 { - return a, nil - } - prevTab := a.activeTab - a.activeTab = (a.activeTab + 1) % len(a.tabs) - return a, a.initTabIfNeeded(prevTab) - case "shift+tab": - if len(a.tabs) == 0 { - return a, nil - } - prevTab := a.activeTab - a.activeTab = (a.activeTab - 1 + len(a.tabs)) % len(a.tabs) - return a, a.initTabIfNeeded(prevTab) - } - } - - if !a.authenticated { - var cmd tea.Cmd - a.authInput, cmd = a.authInput.Update(msg) - return a, cmd - } - - // Route msg to active tab - var cmd tea.Cmd - switch a.activeTab { - case tabDashboard: - a.dashboard, cmd = a.dashboard.Update(msg) - case tabConfig: - a.config, cmd = a.config.Update(msg) - case tabAuthFiles: - a.auth, cmd = a.auth.Update(msg) - case tabAPIKeys: - a.keys, cmd = a.keys.Update(msg) - case tabOAuth: - a.oauth, cmd = a.oauth.Update(msg) - case tabUsage: - a.usage, cmd = a.usage.Update(msg) - case tabLogs: - a.logs, cmd = a.logs.Update(msg) - } - - // Keep logs polling alive even when logs tab is not active. - if a.logsEnabled && a.activeTab != tabLogs { - switch msg.(type) { - case logsPollMsg, logsTickMsg, logLineMsg: - var logCmd tea.Cmd - a.logs, logCmd = a.logs.Update(msg) - if logCmd != nil { - cmd = logCmd - } - } - } - - return a, cmd -} - -// localeChangedMsg is broadcast to all tabs when the user toggles locale. -type localeChangedMsg struct{} - -func (a *App) refreshTabs() { - names := TabNames() - if a.logsEnabled { - a.tabs = names - } else { - filtered := make([]string, 0, len(names)-1) - for idx, name := range names { - if idx == tabLogs { - continue - } - filtered = append(filtered, name) - } - a.tabs = filtered - } - - if len(a.tabs) == 0 { - a.activeTab = tabDashboard - return - } - if a.activeTab >= len(a.tabs) { - a.activeTab = len(a.tabs) - 1 - } -} - -func (a *App) initTabIfNeeded(_ int) tea.Cmd { - if a.initialized[a.activeTab] { - return nil - } - a.initialized[a.activeTab] = true - switch a.activeTab { - case tabDashboard: - return a.dashboard.Init() - case tabConfig: - return a.config.Init() - case tabAuthFiles: - return a.auth.Init() - case tabAPIKeys: - return a.keys.Init() - case tabOAuth: - return a.oauth.Init() - case tabUsage: - return a.usage.Init() - case tabLogs: - if !a.logsEnabled { - return nil - } - return a.logs.Init() - } - return nil -} - -func (a App) View() string { - if !a.authenticated { - return a.renderAuthView() - } - - if !a.ready { - return T("initializing_tui") - } - - var sb strings.Builder - - // Tab bar - sb.WriteString(a.renderTabBar()) - sb.WriteString("\n") - - // Content - switch a.activeTab { - case tabDashboard: - sb.WriteString(a.dashboard.View()) - case tabConfig: - sb.WriteString(a.config.View()) - case tabAuthFiles: - sb.WriteString(a.auth.View()) - case tabAPIKeys: - sb.WriteString(a.keys.View()) - case tabOAuth: - sb.WriteString(a.oauth.View()) - case tabUsage: - sb.WriteString(a.usage.View()) - case tabLogs: - if a.logsEnabled { - sb.WriteString(a.logs.View()) - } - } - - // Status bar - sb.WriteString("\n") - sb.WriteString(a.renderStatusBar()) - - return sb.String() -} - -func (a App) renderAuthView() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("auth_gate_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_gate_help"))) - sb.WriteString("\n\n") - if a.authConnecting { - sb.WriteString(warningStyle.Render(T("auth_gate_connecting"))) - sb.WriteString("\n\n") - } - if strings.TrimSpace(a.authError) != "" { - sb.WriteString(errorStyle.Render(a.authError)) - sb.WriteString("\n\n") - } - sb.WriteString(a.authInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_gate_enter"))) - return sb.String() -} - -func (a App) renderTabBar() string { - var tabs []string - for i, name := range a.tabs { - if i == a.activeTab { - tabs = append(tabs, tabActiveStyle.Render(name)) - } else { - tabs = append(tabs, tabInactiveStyle.Render(name)) - } - } - tabBar := lipgloss.JoinHorizontal(lipgloss.Top, tabs...) - return tabBarStyle.Width(a.width).Render(tabBar) -} - -func (a App) renderStatusBar() string { - left := strings.TrimRight(T("status_left"), " ") - right := strings.TrimRight(T("status_right"), " ") - - width := a.width - if width < 1 { - width = 1 - } - - // statusBarStyle has left/right padding(1), so content area is width-2. - contentWidth := width - 2 - if contentWidth < 0 { - contentWidth = 0 - } - - if lipgloss.Width(left) > contentWidth { - left = fitStringWidth(left, contentWidth) - right = "" - } - - remaining := contentWidth - lipgloss.Width(left) - if remaining < 0 { - remaining = 0 - } - if lipgloss.Width(right) > remaining { - right = fitStringWidth(right, remaining) - } - - gap := contentWidth - lipgloss.Width(left) - lipgloss.Width(right) - if gap < 0 { - gap = 0 - } - return statusBarStyle.Width(width).Render(left + strings.Repeat(" ", gap) + right) -} - -func fitStringWidth(text string, maxWidth int) string { - if maxWidth <= 0 { - return "" - } - if lipgloss.Width(text) <= maxWidth { - return text - } - - out := "" - for _, r := range text { - next := out + string(r) - if lipgloss.Width(next) > maxWidth { - break - } - out = next - } - return out -} - -func isLogsEnabledFromConfig(cfg map[string]any) bool { - if cfg == nil { - return true - } - value, ok := cfg["logging-to-file"] - if !ok { - return true - } - enabled, ok := value.(bool) - if !ok { - return true - } - return enabled -} - -func (a *App) setAuthInputPrompt() { - if a == nil { - return - } - a.authInput.Prompt = fmt.Sprintf(" %s: ", T("auth_gate_password")) -} - -func (a App) connectWithPassword(password string) tea.Cmd { - return func() tea.Msg { - a.client.SetSecretKey(password) - cfg, errGetConfig := a.client.GetConfig() - return authConnectMsg{cfg: cfg, err: errGetConfig} - } -} - -// Run starts the TUI application. -// output specifies where bubbletea renders. If nil, defaults to os.Stdout. -func Run(port int, secretKey string, hook *LogHook, output io.Writer) error { - if output == nil { - output = os.Stdout - } - app := NewApp(port, secretKey, hook) - p := tea.NewProgram(app, tea.WithAltScreen(), tea.WithOutput(output)) - _, err := p.Run() - return err -} - -func (a App) broadcastToAllTabs(msg tea.Msg) (tea.Model, tea.Cmd) { - var cmds []tea.Cmd - var cmd tea.Cmd - - a.dashboard, cmd = a.dashboard.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.config, cmd = a.config.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.auth, cmd = a.auth.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.keys, cmd = a.keys.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.oauth, cmd = a.oauth.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.usage, cmd = a.usage.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - a.logs, cmd = a.logs.Update(msg) - if cmd != nil { - cmds = append(cmds, cmd) - } - - return a, tea.Batch(cmds...) -} diff --git a/internal/tui/auth_tab.go b/internal/tui/auth_tab.go deleted file mode 100644 index 519994420a..0000000000 --- a/internal/tui/auth_tab.go +++ /dev/null @@ -1,456 +0,0 @@ -package tui - -import ( - "fmt" - "strconv" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// editableField represents an editable field on an auth file. -type editableField struct { - label string - key string // API field key: "prefix", "proxy_url", "priority" -} - -var authEditableFields = []editableField{ - {label: "Prefix", key: "prefix"}, - {label: "Proxy URL", key: "proxy_url"}, - {label: "Priority", key: "priority"}, -} - -// authTabModel displays auth credential files with interactive management. -type authTabModel struct { - client *Client - viewport viewport.Model - files []map[string]any - err error - width int - height int - ready bool - cursor int - expanded int // -1 = none expanded, >=0 = expanded index - confirm int // -1 = no confirmation, >=0 = confirm delete for index - status string - - // Editing state - editing bool // true when editing a field - editField int // index into authEditableFields - editInput textinput.Model // text input for editing - editFileName string // name of file being edited -} - -type authFilesMsg struct { - files []map[string]any - err error -} - -type authActionMsg struct { - action string // "deleted", "toggled", "updated" - err error -} - -func newAuthTabModel(client *Client) authTabModel { - ti := textinput.New() - ti.CharLimit = 256 - return authTabModel{ - client: client, - expanded: -1, - confirm: -1, - editInput: ti, - } -} - -func (m authTabModel) Init() tea.Cmd { - return m.fetchFiles -} - -func (m authTabModel) fetchFiles() tea.Msg { - files, err := m.client.GetAuthFiles() - return authFilesMsg{files: files, err: err} -} - -func (m authTabModel) Update(msg tea.Msg) (authTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case authFilesMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.files = msg.files - if m.cursor >= len(m.files) { - m.cursor = max(0, len(m.files)-1) - } - m.status = "" - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case authActionMsg: - if msg.err != nil { - m.status = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.status = successStyle.Render("✓ " + msg.action) - } - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, m.fetchFiles - - case tea.KeyMsg: - // ---- Editing mode ---- - if m.editing { - return m.handleEditInput(msg) - } - - // ---- Delete confirmation mode ---- - if m.confirm >= 0 { - return m.handleConfirmInput(msg) - } - - // ---- Normal mode ---- - return m.handleNormalInput(msg) - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -// startEdit activates inline editing for a field on the currently selected auth file. -func (m *authTabModel) startEdit(fieldIdx int) tea.Cmd { - if m.cursor >= len(m.files) { - return nil - } - f := m.files[m.cursor] - m.editFileName = getString(f, "name") - m.editField = fieldIdx - m.editing = true - - // Pre-populate with current value - key := authEditableFields[fieldIdx].key - currentVal := getAnyString(f, key) - m.editInput.SetValue(currentVal) - m.editInput.Focus() - m.editInput.Prompt = fmt.Sprintf(" %s: ", authEditableFields[fieldIdx].label) - m.viewport.SetContent(m.renderContent()) - return textinput.Blink -} - -func (m *authTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.editInput.Width = w - 20 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m authTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m authTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("auth_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_help1"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("auth_help2"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - if len(m.files) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_auth_files"))) - sb.WriteString("\n") - return sb.String() - } - - for i, f := range m.files { - name := getString(f, "name") - channel := getString(f, "channel") - email := getString(f, "email") - disabled := getBool(f, "disabled") - - statusIcon := successStyle.Render("●") - statusText := T("status_active") - if disabled { - statusIcon = lipgloss.NewStyle().Foreground(colorMuted).Render("○") - statusText = T("status_disabled") - } - - cursor := " " - rowStyle := lipgloss.NewStyle() - if i == m.cursor { - cursor = "▸ " - rowStyle = lipgloss.NewStyle().Bold(true) - } - - displayName := name - if len(displayName) > 24 { - displayName = displayName[:21] + "..." - } - displayEmail := email - if len(displayEmail) > 28 { - displayEmail = displayEmail[:25] + "..." - } - - row := fmt.Sprintf("%s%s %-24s %-12s %-28s %s", - cursor, statusIcon, displayName, channel, displayEmail, statusText) - sb.WriteString(rowStyle.Render(row)) - sb.WriteString("\n") - - // Delete confirmation - if m.confirm == i { - sb.WriteString(warningStyle.Render(fmt.Sprintf(" "+T("confirm_delete"), name))) - sb.WriteString("\n") - } - - // Inline edit input - if m.editing && i == m.cursor { - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(" " + T("enter_save") + " • " + T("esc_cancel"))) - sb.WriteString("\n") - } - - // Expanded detail view - if m.expanded == i { - sb.WriteString(m.renderDetail(f)) - } - } - - if m.status != "" { - sb.WriteString("\n") - sb.WriteString(m.status) - sb.WriteString("\n") - } - - return sb.String() -} - -func (m authTabModel) renderDetail(f map[string]any) string { - var sb strings.Builder - - labelStyle := lipgloss.NewStyle(). - Foreground(lipgloss.Color("111")). - Bold(true) - valueStyle := lipgloss.NewStyle(). - Foreground(lipgloss.Color("252")) - editableMarker := lipgloss.NewStyle(). - Foreground(lipgloss.Color("214")). - Render(" ✎") - - sb.WriteString(" ┌─────────────────────────────────────────────\n") - - fields := []struct { - label string - key string - editable bool - }{ - {"Name", "name", false}, - {"Channel", "channel", false}, - {"Email", "email", false}, - {"Status", "status", false}, - {"Status Msg", "status_message", false}, - {"File Name", "file_name", false}, - {"Auth Type", "auth_type", false}, - {"Prefix", "prefix", true}, - {"Proxy URL", "proxy_url", true}, - {"Priority", "priority", true}, - {"Project ID", "project_id", false}, - {"Disabled", "disabled", false}, - {"Created", "created_at", false}, - {"Updated", "updated_at", false}, - } - - for _, field := range fields { - val := getAnyString(f, field.key) - if val == "" || val == "" { - if field.editable { - val = T("not_set") - } else { - continue - } - } - editMark := "" - if field.editable { - editMark = editableMarker - } - line := fmt.Sprintf(" │ %s %s%s", - labelStyle.Render(fmt.Sprintf("%-12s:", field.label)), - valueStyle.Render(val), - editMark) - sb.WriteString(line) - sb.WriteString("\n") - } - - sb.WriteString(" └─────────────────────────────────────────────\n") - return sb.String() -} - -// getAnyString converts any value to its string representation. -func getAnyString(m map[string]any, key string) string { - v, ok := m[key] - if !ok || v == nil { - return "" - } - return fmt.Sprintf("%v", v) -} - -func max(a, b int) int { - if a > b { - return a - } - return b -} - -func (m authTabModel) handleEditInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "enter": - value := m.editInput.Value() - fieldKey := authEditableFields[m.editField].key - fileName := m.editFileName - m.editing = false - m.editInput.Blur() - fields := map[string]any{} - if fieldKey == "priority" { - p, err := strconv.Atoi(value) - if err != nil { - return m, func() tea.Msg { - return authActionMsg{err: fmt.Errorf("%s: %s", T("invalid_int"), value)} - } - } - fields[fieldKey] = p - } else { - fields[fieldKey] = value - } - return m, func() tea.Msg { - err := m.client.PatchAuthFileFields(fileName, fields) - if err != nil { - return authActionMsg{err: err} - } - return authActionMsg{action: fmt.Sprintf(T("updated_field"), fieldKey, fileName)} - } - case "esc": - m.editing = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.editInput, cmd = m.editInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } -} - -func (m authTabModel) handleConfirmInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "y", "Y": - idx := m.confirm - m.confirm = -1 - if idx < len(m.files) { - name := getString(m.files[idx], "name") - return m, func() tea.Msg { - err := m.client.DeleteAuthFile(name) - if err != nil { - return authActionMsg{err: err} - } - return authActionMsg{action: fmt.Sprintf(T("deleted"), name)} - } - } - m.viewport.SetContent(m.renderContent()) - return m, nil - case "n", "N", "esc": - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, nil - } - return m, nil -} - -func (m authTabModel) handleNormalInput(msg tea.KeyMsg) (authTabModel, tea.Cmd) { - switch msg.String() { - case "j", "down": - if len(m.files) > 0 { - m.cursor = (m.cursor + 1) % len(m.files) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "k", "up": - if len(m.files) > 0 { - m.cursor = (m.cursor - 1 + len(m.files)) % len(m.files) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "enter", " ": - if m.expanded == m.cursor { - m.expanded = -1 - } else { - m.expanded = m.cursor - } - m.viewport.SetContent(m.renderContent()) - return m, nil - case "d", "D": - if m.cursor < len(m.files) { - m.confirm = m.cursor - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "e", "E": - if m.cursor < len(m.files) { - f := m.files[m.cursor] - name := getString(f, "name") - disabled := getBool(f, "disabled") - newDisabled := !disabled - return m, func() tea.Msg { - err := m.client.ToggleAuthFile(name, newDisabled) - if err != nil { - return authActionMsg{err: err} - } - action := T("enabled") - if newDisabled { - action = T("disabled") - } - return authActionMsg{action: fmt.Sprintf("%s %s", action, name)} - } - } - return m, nil - case "1": - return m, m.startEdit(0) // prefix - case "2": - return m, m.startEdit(1) // proxy_url - case "3": - return m, m.startEdit(2) // priority - case "r": - m.status = "" - return m, m.fetchFiles - default: - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } -} diff --git a/internal/tui/browser.go b/internal/tui/browser.go deleted file mode 100644 index 5532a5a21b..0000000000 --- a/internal/tui/browser.go +++ /dev/null @@ -1,20 +0,0 @@ -package tui - -import ( - "os/exec" - "runtime" -) - -// openBrowser opens the specified URL in the user's default browser. -func openBrowser(url string) error { - switch runtime.GOOS { - case "darwin": - return exec.Command("open", url).Start() - case "linux": - return exec.Command("xdg-open", url).Start() - case "windows": - return exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start() - default: - return exec.Command("xdg-open", url).Start() - } -} diff --git a/internal/tui/client.go b/internal/tui/client.go deleted file mode 100644 index 6f75d6befc..0000000000 --- a/internal/tui/client.go +++ /dev/null @@ -1,400 +0,0 @@ -package tui - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "net/url" - "strconv" - "strings" - "time" -) - -// Client wraps HTTP calls to the management API. -type Client struct { - baseURL string - secretKey string - http *http.Client -} - -// NewClient creates a new management API client. -func NewClient(port int, secretKey string) *Client { - return &Client{ - baseURL: fmt.Sprintf("http://127.0.0.1:%d", port), - secretKey: strings.TrimSpace(secretKey), - http: &http.Client{ - Timeout: 10 * time.Second, - }, - } -} - -// SetSecretKey updates management API bearer token used by this client. -func (c *Client) SetSecretKey(secretKey string) { - c.secretKey = strings.TrimSpace(secretKey) -} - -func (c *Client) doRequest(method, path string, body io.Reader) ([]byte, int, error) { - url := c.baseURL + path - req, err := http.NewRequest(method, url, body) - if err != nil { - return nil, 0, err - } - if c.secretKey != "" { - req.Header.Set("Authorization", "Bearer "+c.secretKey) - } - if body != nil { - req.Header.Set("Content-Type", "application/json") - } - resp, err := c.http.Do(req) - if err != nil { - return nil, 0, err - } - defer resp.Body.Close() - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil, resp.StatusCode, err - } - return data, resp.StatusCode, nil -} - -func (c *Client) get(path string) ([]byte, error) { - data, code, err := c.doRequest("GET", path, nil) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -func (c *Client) put(path string, body io.Reader) ([]byte, error) { - data, code, err := c.doRequest("PUT", path, body) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -func (c *Client) patch(path string, body io.Reader) ([]byte, error) { - data, code, err := c.doRequest("PATCH", path, body) - if err != nil { - return nil, err - } - if code >= 400 { - return nil, fmt.Errorf("HTTP %d: %s", code, strings.TrimSpace(string(data))) - } - return data, nil -} - -// getJSON fetches a path and unmarshals JSON into a generic map. -func (c *Client) getJSON(path string) (map[string]any, error) { - data, err := c.get(path) - if err != nil { - return nil, err - } - var result map[string]any - if err := json.Unmarshal(data, &result); err != nil { - return nil, err - } - return result, nil -} - -// postJSON sends a JSON body via POST and checks for errors. -func (c *Client) postJSON(path string, body any) error { - jsonBody, err := json.Marshal(body) - if err != nil { - return err - } - _, code, err := c.doRequest("POST", path, strings.NewReader(string(jsonBody))) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("HTTP %d", code) - } - return nil -} - -// GetConfig fetches the parsed config. -func (c *Client) GetConfig() (map[string]any, error) { - return c.getJSON("/v0/management/config") -} - -// GetConfigYAML fetches the raw config.yaml content. -func (c *Client) GetConfigYAML() (string, error) { - data, err := c.get("/v0/management/config.yaml") - if err != nil { - return "", err - } - return string(data), nil -} - -// PutConfigYAML uploads new config.yaml content. -func (c *Client) PutConfigYAML(yamlContent string) error { - _, err := c.put("/v0/management/config.yaml", strings.NewReader(yamlContent)) - return err -} - -// GetUsage fetches usage statistics. -func (c *Client) GetUsage() (map[string]any, error) { - return c.getJSON("/v0/management/usage") -} - -// GetAuthFiles lists auth credential files. -// API returns {"files": [...]}. -func (c *Client) GetAuthFiles() ([]map[string]any, error) { - wrapper, err := c.getJSON("/v0/management/auth-files") - if err != nil { - return nil, err - } - return extractList(wrapper, "files") -} - -// DeleteAuthFile deletes a single auth file by name. -func (c *Client) DeleteAuthFile(name string) error { - query := url.Values{} - query.Set("name", name) - path := "/v0/management/auth-files?" + query.Encode() - _, code, err := c.doRequest("DELETE", path, nil) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("delete failed (HTTP %d)", code) - } - return nil -} - -// ToggleAuthFile enables or disables an auth file. -func (c *Client) ToggleAuthFile(name string, disabled bool) error { - body, _ := json.Marshal(map[string]any{"name": name, "disabled": disabled}) - _, err := c.patch("/v0/management/auth-files/status", strings.NewReader(string(body))) - return err -} - -// PatchAuthFileFields updates editable fields on an auth file. -func (c *Client) PatchAuthFileFields(name string, fields map[string]any) error { - fields["name"] = name - body, _ := json.Marshal(fields) - _, err := c.patch("/v0/management/auth-files/fields", strings.NewReader(string(body))) - return err -} - -// GetLogs fetches log lines from the server. -func (c *Client) GetLogs(after int64, limit int) ([]string, int64, error) { - query := url.Values{} - if limit > 0 { - query.Set("limit", strconv.Itoa(limit)) - } - if after > 0 { - query.Set("after", strconv.FormatInt(after, 10)) - } - - path := "/v0/management/logs" - encodedQuery := query.Encode() - if encodedQuery != "" { - path += "?" + encodedQuery - } - - wrapper, err := c.getJSON(path) - if err != nil { - return nil, after, err - } - - lines := []string{} - if rawLines, ok := wrapper["lines"]; ok && rawLines != nil { - rawJSON, errMarshal := json.Marshal(rawLines) - if errMarshal != nil { - return nil, after, errMarshal - } - if errUnmarshal := json.Unmarshal(rawJSON, &lines); errUnmarshal != nil { - return nil, after, errUnmarshal - } - } - - latest := after - if rawLatest, ok := wrapper["latest-timestamp"]; ok { - switch value := rawLatest.(type) { - case float64: - latest = int64(value) - case json.Number: - if parsed, errParse := value.Int64(); errParse == nil { - latest = parsed - } - case int64: - latest = value - case int: - latest = int64(value) - } - } - if latest < after { - latest = after - } - - return lines, latest, nil -} - -// GetAPIKeys fetches the list of API keys. -// API returns {"api-keys": [...]}. -func (c *Client) GetAPIKeys() ([]string, error) { - wrapper, err := c.getJSON("/v0/management/api-keys") - if err != nil { - return nil, err - } - arr, ok := wrapper["api-keys"] - if !ok { - return nil, nil - } - raw, err := json.Marshal(arr) - if err != nil { - return nil, err - } - var result []string - if err := json.Unmarshal(raw, &result); err != nil { - return nil, err - } - return result, nil -} - -// AddAPIKey adds a new API key by sending old=nil, new=key which appends. -func (c *Client) AddAPIKey(key string) error { - body := map[string]any{"old": nil, "new": key} - jsonBody, _ := json.Marshal(body) - _, err := c.patch("/v0/management/api-keys", strings.NewReader(string(jsonBody))) - return err -} - -// EditAPIKey replaces an API key at the given index. -func (c *Client) EditAPIKey(index int, newValue string) error { - body := map[string]any{"index": index, "value": newValue} - jsonBody, _ := json.Marshal(body) - _, err := c.patch("/v0/management/api-keys", strings.NewReader(string(jsonBody))) - return err -} - -// DeleteAPIKey deletes an API key by index. -func (c *Client) DeleteAPIKey(index int) error { - _, code, err := c.doRequest("DELETE", fmt.Sprintf("/v0/management/api-keys?index=%d", index), nil) - if err != nil { - return err - } - if code >= 400 { - return fmt.Errorf("delete failed (HTTP %d)", code) - } - return nil -} - -// GetGeminiKeys fetches Gemini API keys. -// API returns {"gemini-api-key": [...]}. -func (c *Client) GetGeminiKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/gemini-api-key", "gemini-api-key") -} - -// GetClaudeKeys fetches Claude API keys. -func (c *Client) GetClaudeKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/claude-api-key", "claude-api-key") -} - -// GetCodexKeys fetches Codex API keys. -func (c *Client) GetCodexKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/codex-api-key", "codex-api-key") -} - -// GetVertexKeys fetches Vertex API keys. -func (c *Client) GetVertexKeys() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/vertex-api-key", "vertex-api-key") -} - -// GetOpenAICompat fetches OpenAI compatibility entries. -func (c *Client) GetOpenAICompat() ([]map[string]any, error) { - return c.getWrappedKeyList("/v0/management/openai-compatibility", "openai-compatibility") -} - -// getWrappedKeyList fetches a wrapped list from the API. -func (c *Client) getWrappedKeyList(path, key string) ([]map[string]any, error) { - wrapper, err := c.getJSON(path) - if err != nil { - return nil, err - } - return extractList(wrapper, key) -} - -// extractList pulls an array of maps from a wrapper object by key. -func extractList(wrapper map[string]any, key string) ([]map[string]any, error) { - arr, ok := wrapper[key] - if !ok || arr == nil { - return nil, nil - } - raw, err := json.Marshal(arr) - if err != nil { - return nil, err - } - var result []map[string]any - if err := json.Unmarshal(raw, &result); err != nil { - return nil, err - } - return result, nil -} - -// GetDebug fetches the current debug setting. -func (c *Client) GetDebug() (bool, error) { - wrapper, err := c.getJSON("/v0/management/debug") - if err != nil { - return false, err - } - if v, ok := wrapper["debug"]; ok { - if b, ok := v.(bool); ok { - return b, nil - } - } - return false, nil -} - -// GetAuthStatus polls the OAuth session status. -// Returns status ("wait", "ok", "error") and optional error message. -func (c *Client) GetAuthStatus(state string) (string, string, error) { - query := url.Values{} - query.Set("state", state) - path := "/v0/management/get-auth-status?" + query.Encode() - wrapper, err := c.getJSON(path) - if err != nil { - return "", "", err - } - status := getString(wrapper, "status") - errMsg := getString(wrapper, "error") - return status, errMsg, nil -} - -// ----- Config field update methods ----- - -// PutBoolField updates a boolean config field. -func (c *Client) PutBoolField(path string, value bool) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// PutIntField updates an integer config field. -func (c *Client) PutIntField(path string, value int) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// PutStringField updates a string config field. -func (c *Client) PutStringField(path string, value string) error { - body, _ := json.Marshal(map[string]any{"value": value}) - _, err := c.put("/v0/management/"+path, strings.NewReader(string(body))) - return err -} - -// DeleteField sends a DELETE request for a config field. -func (c *Client) DeleteField(path string) error { - _, _, err := c.doRequest("DELETE", "/v0/management/"+path, nil) - return err -} diff --git a/internal/tui/config_tab.go b/internal/tui/config_tab.go deleted file mode 100644 index ff9ad040e0..0000000000 --- a/internal/tui/config_tab.go +++ /dev/null @@ -1,413 +0,0 @@ -package tui - -import ( - "fmt" - "strconv" - "strings" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// configField represents a single editable config field. -type configField struct { - label string - apiPath string // management API path (e.g. "debug", "proxy-url") - kind string // "bool", "int", "string", "readonly" - value string // current display value - rawValue any // raw value from API -} - -// configTabModel displays parsed config with interactive editing. -type configTabModel struct { - client *Client - viewport viewport.Model - fields []configField - cursor int - editing bool - textInput textinput.Model - err error - message string // status message (success/error) - width int - height int - ready bool -} - -type configDataMsg struct { - config map[string]any - err error -} - -type configUpdateMsg struct { - path string - value any - err error -} - -func newConfigTabModel(client *Client) configTabModel { - ti := textinput.New() - ti.CharLimit = 256 - return configTabModel{ - client: client, - textInput: ti, - } -} - -func (m configTabModel) Init() tea.Cmd { - return m.fetchConfig -} - -func (m configTabModel) fetchConfig() tea.Msg { - cfg, err := m.client.GetConfig() - return configDataMsg{config: cfg, err: err} -} - -func (m configTabModel) Update(msg tea.Msg) (configTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case configDataMsg: - if msg.err != nil { - m.err = msg.err - m.fields = nil - } else { - m.err = nil - m.fields = m.parseConfig(msg.config) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case configUpdateMsg: - if msg.err != nil { - m.message = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.message = successStyle.Render(T("updated_ok")) - } - m.viewport.SetContent(m.renderContent()) - // Refresh config from server - return m, m.fetchConfig - - case tea.KeyMsg: - if m.editing { - return m.handleEditingKey(msg) - } - return m.handleNormalKey(msg) - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m configTabModel) handleNormalKey(msg tea.KeyMsg) (configTabModel, tea.Cmd) { - switch msg.String() { - case "r": - m.message = "" - return m, m.fetchConfig - case "up", "k": - if m.cursor > 0 { - m.cursor-- - m.viewport.SetContent(m.renderContent()) - // Ensure cursor is visible - m.ensureCursorVisible() - } - return m, nil - case "down", "j": - if m.cursor < len(m.fields)-1 { - m.cursor++ - m.viewport.SetContent(m.renderContent()) - m.ensureCursorVisible() - } - return m, nil - case "enter", " ": - if m.cursor >= 0 && m.cursor < len(m.fields) { - f := m.fields[m.cursor] - if f.kind == "readonly" { - return m, nil - } - if f.kind == "bool" { - // Toggle directly - return m, m.toggleBool(m.cursor) - } - // Start editing for int/string - m.editing = true - m.textInput.SetValue(configFieldEditValue(f)) - m.textInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - } - return m, nil - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m configTabModel) handleEditingKey(msg tea.KeyMsg) (configTabModel, tea.Cmd) { - switch msg.String() { - case "enter": - m.editing = false - m.textInput.Blur() - return m, m.submitEdit(m.cursor, m.textInput.Value()) - case "esc": - m.editing = false - m.textInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.textInput, cmd = m.textInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } -} - -func (m configTabModel) toggleBool(idx int) tea.Cmd { - return func() tea.Msg { - f := m.fields[idx] - current := f.value == "true" - newValue := !current - errPutBool := m.client.PutBoolField(f.apiPath, newValue) - return configUpdateMsg{ - path: f.apiPath, - value: newValue, - err: errPutBool, - } - } -} - -func (m configTabModel) submitEdit(idx int, newValue string) tea.Cmd { - return func() tea.Msg { - f := m.fields[idx] - var err error - var value any - switch f.kind { - case "int": - valueInt, errAtoi := strconv.Atoi(newValue) - if errAtoi != nil { - return configUpdateMsg{ - path: f.apiPath, - err: fmt.Errorf("%s: %s", T("invalid_int"), newValue), - } - } - value = valueInt - err = m.client.PutIntField(f.apiPath, valueInt) - case "string": - value = newValue - err = m.client.PutStringField(f.apiPath, newValue) - } - return configUpdateMsg{ - path: f.apiPath, - value: value, - err: err, - } - } -} - -func configFieldEditValue(f configField) string { - if rawString, ok := f.rawValue.(string); ok { - return rawString - } - return f.value -} - -func (m *configTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m *configTabModel) ensureCursorVisible() { - // Each field takes ~1 line, header takes ~4 lines - targetLine := m.cursor + 5 - if targetLine < m.viewport.YOffset { - m.viewport.SetYOffset(targetLine) - } - if targetLine >= m.viewport.YOffset+m.viewport.Height { - m.viewport.SetYOffset(targetLine - m.viewport.Height + 1) - } -} - -func (m configTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m configTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("config_title"))) - sb.WriteString("\n") - - if m.message != "" { - sb.WriteString(" " + m.message) - sb.WriteString("\n") - } - - sb.WriteString(helpStyle.Render(T("config_help1"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("config_help2"))) - sb.WriteString("\n\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render(" ⚠ Error: " + m.err.Error())) - return sb.String() - } - - if len(m.fields) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_config"))) - return sb.String() - } - - currentSection := "" - for i, f := range m.fields { - // Section headers - section := fieldSection(f.apiPath) - if section != currentSection { - currentSection = section - sb.WriteString("\n") - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(" ── " + section + " ")) - sb.WriteString("\n") - } - - isSelected := i == m.cursor - prefix := " " - if isSelected { - prefix = "▸ " - } - - labelStr := lipgloss.NewStyle(). - Foreground(colorInfo). - Bold(isSelected). - Width(32). - Render(f.label) - - var valueStr string - if m.editing && isSelected { - valueStr = m.textInput.View() - } else { - switch f.kind { - case "bool": - if f.value == "true" { - valueStr = successStyle.Render("● ON") - } else { - valueStr = lipgloss.NewStyle().Foreground(colorMuted).Render("○ OFF") - } - case "readonly": - valueStr = lipgloss.NewStyle().Foreground(colorSubtext).Render(f.value) - default: - valueStr = valueStyle.Render(f.value) - } - } - - line := prefix + labelStr + " " + valueStr - if isSelected && !m.editing { - line = lipgloss.NewStyle().Background(colorSurface).Render(line) - } - sb.WriteString(line + "\n") - } - - return sb.String() -} - -func (m configTabModel) parseConfig(cfg map[string]any) []configField { - var fields []configField - - // Server settings - fields = append(fields, configField{"Port", "port", "readonly", fmt.Sprintf("%.0f", getFloat(cfg, "port")), nil}) - fields = append(fields, configField{"Host", "host", "readonly", getString(cfg, "host"), nil}) - fields = append(fields, configField{"Debug", "debug", "bool", fmt.Sprintf("%v", getBool(cfg, "debug")), nil}) - fields = append(fields, configField{"Proxy URL", "proxy-url", "string", getString(cfg, "proxy-url"), nil}) - fields = append(fields, configField{"Request Retry", "request-retry", "int", fmt.Sprintf("%.0f", getFloat(cfg, "request-retry")), nil}) - fields = append(fields, configField{"Max Retry Interval (s)", "max-retry-interval", "int", fmt.Sprintf("%.0f", getFloat(cfg, "max-retry-interval")), nil}) - fields = append(fields, configField{"Force Model Prefix", "force-model-prefix", "string", getString(cfg, "force-model-prefix"), nil}) - - // Logging - fields = append(fields, configField{"Logging to File", "logging-to-file", "bool", fmt.Sprintf("%v", getBool(cfg, "logging-to-file")), nil}) - fields = append(fields, configField{"Logs Max Total Size (MB)", "logs-max-total-size-mb", "int", fmt.Sprintf("%.0f", getFloat(cfg, "logs-max-total-size-mb")), nil}) - fields = append(fields, configField{"Error Logs Max Files", "error-logs-max-files", "int", fmt.Sprintf("%.0f", getFloat(cfg, "error-logs-max-files")), nil}) - fields = append(fields, configField{"Usage Stats Enabled", "usage-statistics-enabled", "bool", fmt.Sprintf("%v", getBool(cfg, "usage-statistics-enabled")), nil}) - fields = append(fields, configField{"Request Log", "request-log", "bool", fmt.Sprintf("%v", getBool(cfg, "request-log")), nil}) - - // Quota exceeded - fields = append(fields, configField{"Switch Project on Quota", "quota-exceeded/switch-project", "bool", fmt.Sprintf("%v", getBoolNested(cfg, "quota-exceeded", "switch-project")), nil}) - fields = append(fields, configField{"Switch Preview Model", "quota-exceeded/switch-preview-model", "bool", fmt.Sprintf("%v", getBoolNested(cfg, "quota-exceeded", "switch-preview-model")), nil}) - - // Routing - if routing, ok := cfg["routing"].(map[string]any); ok { - fields = append(fields, configField{"Routing Strategy", "routing/strategy", "string", getString(routing, "strategy"), nil}) - } else { - fields = append(fields, configField{"Routing Strategy", "routing/strategy", "string", "", nil}) - } - - // WebSocket auth - fields = append(fields, configField{"WebSocket Auth", "ws-auth", "bool", fmt.Sprintf("%v", getBool(cfg, "ws-auth")), nil}) - - // AMP settings - if amp, ok := cfg["ampcode"].(map[string]any); ok { - upstreamURL := getString(amp, "upstream-url") - upstreamAPIKey := getString(amp, "upstream-api-key") - fields = append(fields, configField{"AMP Upstream URL", "ampcode/upstream-url", "string", upstreamURL, upstreamURL}) - fields = append(fields, configField{"AMP Upstream API Key", "ampcode/upstream-api-key", "string", maskIfNotEmpty(upstreamAPIKey), upstreamAPIKey}) - fields = append(fields, configField{"AMP Restrict Mgmt Localhost", "ampcode/restrict-management-to-localhost", "bool", fmt.Sprintf("%v", getBool(amp, "restrict-management-to-localhost")), nil}) - } - - return fields -} - -func fieldSection(apiPath string) string { - if strings.HasPrefix(apiPath, "ampcode/") { - return T("section_ampcode") - } - if strings.HasPrefix(apiPath, "quota-exceeded/") { - return T("section_quota") - } - if strings.HasPrefix(apiPath, "routing/") { - return T("section_routing") - } - switch apiPath { - case "port", "host", "debug", "proxy-url", "request-retry", "max-retry-interval", "force-model-prefix": - return T("section_server") - case "logging-to-file", "logs-max-total-size-mb", "error-logs-max-files", "usage-statistics-enabled", "request-log": - return T("section_logging") - case "ws-auth": - return T("section_websocket") - default: - return T("section_other") - } -} - -func getBoolNested(m map[string]any, keys ...string) bool { - current := m - for i, key := range keys { - if i == len(keys)-1 { - return getBool(current, key) - } - if nested, ok := current[key].(map[string]any); ok { - current = nested - } else { - return false - } - } - return false -} - -func maskIfNotEmpty(s string) string { - if s == "" { - return T("not_set") - } - return maskKey(s) -} diff --git a/internal/tui/dashboard.go b/internal/tui/dashboard.go deleted file mode 100644 index 8561fe9c5b..0000000000 --- a/internal/tui/dashboard.go +++ /dev/null @@ -1,360 +0,0 @@ -package tui - -import ( - "encoding/json" - "fmt" - "strings" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// dashboardModel displays server info, stats cards, and config overview. -type dashboardModel struct { - client *Client - viewport viewport.Model - content string - err error - width int - height int - ready bool - - // Cached data for re-rendering on locale change - lastConfig map[string]any - lastUsage map[string]any - lastAuthFiles []map[string]any - lastAPIKeys []string -} - -type dashboardDataMsg struct { - config map[string]any - usage map[string]any - authFiles []map[string]any - apiKeys []string - err error -} - -func newDashboardModel(client *Client) dashboardModel { - return dashboardModel{ - client: client, - } -} - -func (m dashboardModel) Init() tea.Cmd { - return m.fetchData -} - -func (m dashboardModel) fetchData() tea.Msg { - cfg, cfgErr := m.client.GetConfig() - usage, usageErr := m.client.GetUsage() - authFiles, authErr := m.client.GetAuthFiles() - apiKeys, keysErr := m.client.GetAPIKeys() - - var err error - for _, e := range []error{cfgErr, usageErr, authErr, keysErr} { - if e != nil { - err = e - break - } - } - return dashboardDataMsg{config: cfg, usage: usage, authFiles: authFiles, apiKeys: apiKeys, err: err} -} - -func (m dashboardModel) Update(msg tea.Msg) (dashboardModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - // Re-render immediately with cached data using new locale - m.content = m.renderDashboard(m.lastConfig, m.lastUsage, m.lastAuthFiles, m.lastAPIKeys) - m.viewport.SetContent(m.content) - // Also fetch fresh data in background - return m, m.fetchData - - case dashboardDataMsg: - if msg.err != nil { - m.err = msg.err - m.content = errorStyle.Render("⚠ Error: " + msg.err.Error()) - } else { - m.err = nil - // Cache data for locale switching - m.lastConfig = msg.config - m.lastUsage = msg.usage - m.lastAuthFiles = msg.authFiles - m.lastAPIKeys = msg.apiKeys - - m.content = m.renderDashboard(msg.config, msg.usage, msg.authFiles, msg.apiKeys) - } - m.viewport.SetContent(m.content) - return m, nil - - case tea.KeyMsg: - if msg.String() == "r" { - return m, m.fetchData - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *dashboardModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.content) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m dashboardModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m dashboardModel) renderDashboard(cfg, usage map[string]any, authFiles []map[string]any, apiKeys []string) string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("dashboard_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("dashboard_help"))) - sb.WriteString("\n\n") - - // ━━━ Connection Status ━━━ - connStyle := lipgloss.NewStyle().Bold(true).Foreground(colorSuccess) - sb.WriteString(connStyle.Render(T("connected"))) - sb.WriteString(fmt.Sprintf(" %s", m.client.baseURL)) - sb.WriteString("\n\n") - - // ━━━ Stats Cards ━━━ - cardWidth := 25 - if m.width > 0 { - cardWidth = (m.width - 6) / 4 - if cardWidth < 18 { - cardWidth = 18 - } - } - - cardStyle := lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(lipgloss.Color("240")). - Padding(0, 1). - Width(cardWidth). - Height(2) - - // Card 1: API Keys - keyCount := len(apiKeys) - card1 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("111")).Render(fmt.Sprintf("🔑 %d", keyCount)), - lipgloss.NewStyle().Foreground(colorMuted).Render(T("mgmt_keys")), - )) - - // Card 2: Auth Files - authCount := len(authFiles) - activeAuth := 0 - for _, f := range authFiles { - if !getBool(f, "disabled") { - activeAuth++ - } - } - card2 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("76")).Render(fmt.Sprintf("📄 %d", authCount)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s (%d %s)", T("auth_files_label"), activeAuth, T("active_suffix"))), - )) - - // Card 3: Total Requests - totalReqs := int64(0) - successReqs := int64(0) - failedReqs := int64(0) - totalTokens := int64(0) - if usage != nil { - if usageMap, ok := usage["usage"].(map[string]any); ok { - totalReqs = int64(getFloat(usageMap, "total_requests")) - successReqs = int64(getFloat(usageMap, "success_count")) - failedReqs = int64(getFloat(usageMap, "failure_count")) - totalTokens = int64(getFloat(usageMap, "total_tokens")) - } - } - card3 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("214")).Render(fmt.Sprintf("📈 %d", totalReqs)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s (✓%d ✗%d)", T("total_requests"), successReqs, failedReqs)), - )) - - // Card 4: Total Tokens - tokenStr := formatLargeNumber(totalTokens) - card4 := cardStyle.Render(fmt.Sprintf( - "%s\n%s", - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("170")).Render(fmt.Sprintf("🔤 %s", tokenStr)), - lipgloss.NewStyle().Foreground(colorMuted).Render(T("total_tokens")), - )) - - sb.WriteString(lipgloss.JoinHorizontal(lipgloss.Top, card1, " ", card2, " ", card3, " ", card4)) - sb.WriteString("\n\n") - - // ━━━ Current Config ━━━ - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("current_config"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - - if cfg != nil { - debug := getBool(cfg, "debug") - retry := getFloat(cfg, "request-retry") - proxyURL := getString(cfg, "proxy-url") - loggingToFile := getBool(cfg, "logging-to-file") - usageEnabled := true - if v, ok := cfg["usage-statistics-enabled"]; ok { - if b, ok2 := v.(bool); ok2 { - usageEnabled = b - } - } - - configItems := []struct { - label string - value string - }{ - {T("debug_mode"), boolEmoji(debug)}, - {T("usage_stats"), boolEmoji(usageEnabled)}, - {T("log_to_file"), boolEmoji(loggingToFile)}, - {T("retry_count"), fmt.Sprintf("%.0f", retry)}, - } - if proxyURL != "" { - configItems = append(configItems, struct { - label string - value string - }{T("proxy_url"), proxyURL}) - } - - // Render config items as a compact row - for _, item := range configItems { - sb.WriteString(fmt.Sprintf(" %s %s\n", - labelStyle.Render(item.label+":"), - valueStyle.Render(item.value))) - } - - // Routing strategy - strategy := "round-robin" - if routing, ok := cfg["routing"].(map[string]any); ok { - if s := getString(routing, "strategy"); s != "" { - strategy = s - } - } - sb.WriteString(fmt.Sprintf(" %s %s\n", - labelStyle.Render(T("routing_strategy")+":"), - valueStyle.Render(strategy))) - } - - sb.WriteString("\n") - - // ━━━ Per-Model Usage ━━━ - if usage != nil { - if usageMap, ok := usage["usage"].(map[string]any); ok { - if apis, ok := usageMap["apis"].(map[string]any); ok && len(apis) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("model_stats"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - - header := fmt.Sprintf(" %-40s %10s %12s", T("model"), T("requests"), T("tokens")) - sb.WriteString(tableHeaderStyle.Render(header)) - sb.WriteString("\n") - - for _, apiSnap := range apis { - if apiMap, ok := apiSnap.(map[string]any); ok { - if models, ok := apiMap["models"].(map[string]any); ok { - for model, v := range models { - if stats, ok := v.(map[string]any); ok { - reqs := int64(getFloat(stats, "total_requests")) - toks := int64(getFloat(stats, "total_tokens")) - row := fmt.Sprintf(" %-40s %10d %12s", truncate(model, 40), reqs, formatLargeNumber(toks)) - sb.WriteString(tableCellStyle.Render(row)) - sb.WriteString("\n") - } - } - } - } - } - } - } - } - - return sb.String() -} - -func formatKV(key, value string) string { - return fmt.Sprintf(" %s %s\n", labelStyle.Render(key+":"), valueStyle.Render(value)) -} - -func getString(m map[string]any, key string) string { - if v, ok := m[key]; ok { - if s, ok := v.(string); ok { - return s - } - } - return "" -} - -func getFloat(m map[string]any, key string) float64 { - if v, ok := m[key]; ok { - switch n := v.(type) { - case float64: - return n - case json.Number: - f, _ := n.Float64() - return f - } - } - return 0 -} - -func getBool(m map[string]any, key string) bool { - if v, ok := m[key]; ok { - if b, ok := v.(bool); ok { - return b - } - } - return false -} - -func boolEmoji(b bool) string { - if b { - return T("bool_yes") - } - return T("bool_no") -} - -func formatLargeNumber(n int64) string { - if n >= 1_000_000 { - return fmt.Sprintf("%.1fM", float64(n)/1_000_000) - } - if n >= 1_000 { - return fmt.Sprintf("%.1fK", float64(n)/1_000) - } - return fmt.Sprintf("%d", n) -} - -func truncate(s string, maxLen int) string { - if len(s) > maxLen { - return s[:maxLen-3] + "..." - } - return s -} - -func minInt(a, b int) int { - if a < b { - return a - } - return b -} diff --git a/internal/tui/i18n.go b/internal/tui/i18n.go deleted file mode 100644 index 2964a6c692..0000000000 --- a/internal/tui/i18n.go +++ /dev/null @@ -1,364 +0,0 @@ -package tui - -// i18n provides a simple internationalization system for the TUI. -// Supported locales: "zh" (Chinese, default), "en" (English). - -var currentLocale = "en" - -// SetLocale changes the active locale. -func SetLocale(locale string) { - if _, ok := locales[locale]; ok { - currentLocale = locale - } -} - -// CurrentLocale returns the active locale code. -func CurrentLocale() string { - return currentLocale -} - -// ToggleLocale switches between zh and en. -func ToggleLocale() { - if currentLocale == "zh" { - currentLocale = "en" - } else { - currentLocale = "zh" - } -} - -// T returns the translated string for the given key. -func T(key string) string { - if m, ok := locales[currentLocale]; ok { - if v, ok := m[key]; ok { - return v - } - } - // Fallback to English - if m, ok := locales["en"]; ok { - if v, ok := m[key]; ok { - return v - } - } - return key -} - -var locales = map[string]map[string]string{ - "zh": zhStrings, - "en": enStrings, -} - -// ────────────────────────────────────────── -// Tab names -// ────────────────────────────────────────── -var zhTabNames = []string{"仪表盘", "配置", "认证文件", "API 密钥", "OAuth", "使用统计", "日志"} -var enTabNames = []string{"Dashboard", "Config", "Auth Files", "API Keys", "OAuth", "Usage", "Logs"} - -// TabNames returns tab names in the current locale. -func TabNames() []string { - if currentLocale == "zh" { - return zhTabNames - } - return enTabNames -} - -var zhStrings = map[string]string{ - // ── Common ── - "loading": "加载中...", - "refresh": "刷新", - "save": "保存", - "cancel": "取消", - "confirm": "确认", - "yes": "是", - "no": "否", - "error": "错误", - "success": "成功", - "navigate": "导航", - "scroll": "滚动", - "enter_save": "Enter: 保存", - "esc_cancel": "Esc: 取消", - "enter_submit": "Enter: 提交", - "press_r": "[r] 刷新", - "press_scroll": "[↑↓] 滚动", - "not_set": "(未设置)", - "error_prefix": "⚠ 错误: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI 管理终端", - "status_right": "Tab/Shift+Tab: 切换 • L: 语言 • q/Ctrl+C: 退出 ", - "initializing_tui": "正在初始化...", - "auth_gate_title": "🔐 连接管理 API", - "auth_gate_help": " 请输入管理密码并按 Enter 连接", - "auth_gate_password": "密码", - "auth_gate_enter": " Enter: 连接 • q/Ctrl+C: 退出 • L: 语言", - "auth_gate_connecting": "正在连接...", - "auth_gate_connect_fail": "连接失败:%s", - "auth_gate_password_required": "请输入密码", - - // ── Dashboard ── - "dashboard_title": "📊 仪表盘", - "dashboard_help": " [r] 刷新 • [↑↓] 滚动", - "connected": "● 已连接", - "mgmt_keys": "管理密钥", - "auth_files_label": "认证文件", - "active_suffix": "活跃", - "total_requests": "请求", - "success_label": "成功", - "failure_label": "失败", - "total_tokens": "总 Tokens", - "current_config": "当前配置", - "debug_mode": "启用调试模式", - "usage_stats": "启用使用统计", - "log_to_file": "启用日志记录到文件", - "retry_count": "重试次数", - "proxy_url": "代理 URL", - "routing_strategy": "路由策略", - "model_stats": "模型统计", - "model": "模型", - "requests": "请求数", - "tokens": "Tokens", - "bool_yes": "是 ✓", - "bool_no": "否", - - // ── Config ── - "config_title": "⚙ 配置", - "config_help1": " [↑↓/jk] 导航 • [Enter/Space] 编辑 • [r] 刷新", - "config_help2": " 布尔: Enter 切换 • 文本/数字: Enter 输入, Enter 确认, Esc 取消", - "updated_ok": "✓ 更新成功", - "no_config": " 未加载配置", - "invalid_int": "无效整数", - "section_server": "服务器", - "section_logging": "日志与统计", - "section_quota": "配额超限处理", - "section_routing": "路由", - "section_websocket": "WebSocket", - "section_ampcode": "AMP Code", - "section_other": "其他", - - // ── Auth Files ── - "auth_title": "🔑 认证文件", - "auth_help1": " [↑↓/jk] 导航 • [Enter] 展开 • [e] 启用/停用 • [d] 删除 • [r] 刷新", - "auth_help2": " [1] 编辑 prefix • [2] 编辑 proxy_url • [3] 编辑 priority", - "no_auth_files": " 无认证文件", - "confirm_delete": "⚠ 删除 %s? [y/n]", - "deleted": "已删除 %s", - "enabled": "已启用", - "disabled": "已停用", - "updated_field": "已更新 %s 的 %s", - "status_active": "活跃", - "status_disabled": "已停用", - - // ── API Keys ── - "keys_title": "🔐 API 密钥", - "keys_help": " [↑↓/jk] 导航 • [a] 添加 • [e] 编辑 • [d] 删除 • [c] 复制 • [r] 刷新", - "no_keys": " 无 API Key,按 [a] 添加", - "access_keys": "Access API Keys", - "confirm_delete_key": "⚠ 确认删除 %s? [y/n]", - "key_added": "已添加 API Key", - "key_updated": "已更新 API Key", - "key_deleted": "已删除 API Key", - "copied": "✓ 已复制到剪贴板", - "copy_failed": "✗ 复制失败", - "new_key_prompt": " New Key: ", - "edit_key_prompt": " Edit Key: ", - "enter_add": " Enter: 添加 • Esc: 取消", - "enter_save_esc": " Enter: 保存 • Esc: 取消", - - // ── OAuth ── - "oauth_title": "🔐 OAuth 登录", - "oauth_select": " 选择提供商并按 [Enter] 开始 OAuth 登录:", - "oauth_help": " [↑↓/jk] 导航 • [Enter] 登录 • [Esc] 清除状态", - "oauth_initiating": "⏳ 正在初始化 %s 登录...", - "oauth_success": "认证成功! 请刷新 Auth Files 标签查看新凭证。", - "oauth_completed": "认证流程已完成。", - "oauth_failed": "认证失败", - "oauth_timeout": "OAuth 流程超时 (5 分钟)", - "oauth_press_esc": " 按 [Esc] 取消", - "oauth_auth_url": " 授权链接:", - "oauth_remote_hint": " 远程浏览器模式:在浏览器中打开上述链接完成授权后,将回调 URL 粘贴到下方。", - "oauth_callback_url": " 回调 URL:", - "oauth_press_c": " 按 [c] 输入回调 URL • [Esc] 返回", - "oauth_submitting": "⏳ 提交回调中...", - "oauth_submit_ok": "✓ 回调已提交,等待处理...", - "oauth_submit_fail": "✗ 提交回调失败", - "oauth_waiting": " 等待认证中...", - - // ── Usage ── - "usage_title": "📈 使用统计", - "usage_help": " [r] 刷新 • [↑↓] 滚动", - "usage_no_data": " 使用数据不可用", - "usage_total_reqs": "总请求数", - "usage_total_tokens": "总 Token 数", - "usage_success": "成功", - "usage_failure": "失败", - "usage_total_token_l": "总Token", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "请求趋势 (按小时)", - "usage_tok_by_hour": "Token 使用趋势 (按小时)", - "usage_req_by_day": "请求趋势 (按天)", - "usage_api_detail": "API 详细统计", - "usage_input": "输入", - "usage_output": "输出", - "usage_cached": "缓存", - "usage_reasoning": "思考", - - // ── Logs ── - "logs_title": "📋 日志", - "logs_auto_scroll": "● 自动滚动", - "logs_paused": "○ 已暂停", - "logs_filter": "过滤", - "logs_lines": "行数", - "logs_help": " [a] 自动滚动 • [c] 清除 • [1] 全部 [2] info+ [3] warn+ [4] error • [↑↓] 滚动", - "logs_waiting": " 等待日志输出...", -} - -var enStrings = map[string]string{ - // ── Common ── - "loading": "Loading...", - "refresh": "Refresh", - "save": "Save", - "cancel": "Cancel", - "confirm": "Confirm", - "yes": "Yes", - "no": "No", - "error": "Error", - "success": "Success", - "navigate": "Navigate", - "scroll": "Scroll", - "enter_save": "Enter: Save", - "esc_cancel": "Esc: Cancel", - "enter_submit": "Enter: Submit", - "press_r": "[r] Refresh", - "press_scroll": "[↑↓] Scroll", - "not_set": "(not set)", - "error_prefix": "⚠ Error: ", - - // ── Status bar ── - "status_left": " CLIProxyAPI Management TUI", - "status_right": "Tab/Shift+Tab: switch • L: lang • q/Ctrl+C: quit ", - "initializing_tui": "Initializing...", - "auth_gate_title": "🔐 Connect Management API", - "auth_gate_help": " Enter management password and press Enter to connect", - "auth_gate_password": "Password", - "auth_gate_enter": " Enter: connect • q/Ctrl+C: quit • L: lang", - "auth_gate_connecting": "Connecting...", - "auth_gate_connect_fail": "Connection failed: %s", - "auth_gate_password_required": "password is required", - - // ── Dashboard ── - "dashboard_title": "📊 Dashboard", - "dashboard_help": " [r] Refresh • [↑↓] Scroll", - "connected": "● Connected", - "mgmt_keys": "Mgmt Keys", - "auth_files_label": "Auth Files", - "active_suffix": "active", - "total_requests": "Requests", - "success_label": "Success", - "failure_label": "Failed", - "total_tokens": "Total Tokens", - "current_config": "Current Config", - "debug_mode": "Debug Mode", - "usage_stats": "Usage Statistics", - "log_to_file": "Log to File", - "retry_count": "Retry Count", - "proxy_url": "Proxy URL", - "routing_strategy": "Routing Strategy", - "model_stats": "Model Stats", - "model": "Model", - "requests": "Requests", - "tokens": "Tokens", - "bool_yes": "Yes ✓", - "bool_no": "No", - - // ── Config ── - "config_title": "⚙ Configuration", - "config_help1": " [↑↓/jk] Navigate • [Enter/Space] Edit • [r] Refresh", - "config_help2": " Bool: Enter to toggle • String/Int: Enter to type, Enter to confirm, Esc to cancel", - "updated_ok": "✓ Updated successfully", - "no_config": " No configuration loaded", - "invalid_int": "invalid integer", - "section_server": "Server", - "section_logging": "Logging & Stats", - "section_quota": "Quota Exceeded Handling", - "section_routing": "Routing", - "section_websocket": "WebSocket", - "section_ampcode": "AMP Code", - "section_other": "Other", - - // ── Auth Files ── - "auth_title": "🔑 Auth Files", - "auth_help1": " [↑↓/jk] Navigate • [Enter] Expand • [e] Enable/Disable • [d] Delete • [r] Refresh", - "auth_help2": " [1] Edit prefix • [2] Edit proxy_url • [3] Edit priority", - "no_auth_files": " No auth files found", - "confirm_delete": "⚠ Delete %s? [y/n]", - "deleted": "Deleted %s", - "enabled": "Enabled", - "disabled": "Disabled", - "updated_field": "Updated %s on %s", - "status_active": "active", - "status_disabled": "disabled", - - // ── API Keys ── - "keys_title": "🔐 API Keys", - "keys_help": " [↑↓/jk] Navigate • [a] Add • [e] Edit • [d] Delete • [c] Copy • [r] Refresh", - "no_keys": " No API Keys. Press [a] to add", - "access_keys": "Access API Keys", - "confirm_delete_key": "⚠ Delete %s? [y/n]", - "key_added": "API Key added", - "key_updated": "API Key updated", - "key_deleted": "API Key deleted", - "copied": "✓ Copied to clipboard", - "copy_failed": "✗ Copy failed", - "new_key_prompt": " New Key: ", - "edit_key_prompt": " Edit Key: ", - "enter_add": " Enter: Add • Esc: Cancel", - "enter_save_esc": " Enter: Save • Esc: Cancel", - - // ── OAuth ── - "oauth_title": "🔐 OAuth Login", - "oauth_select": " Select a provider and press [Enter] to start OAuth login:", - "oauth_help": " [↑↓/jk] Navigate • [Enter] Login • [Esc] Clear status", - "oauth_initiating": "⏳ Initiating %s login...", - "oauth_success": "Authentication successful! Refresh Auth Files tab to see the new credential.", - "oauth_completed": "Authentication flow completed.", - "oauth_failed": "Authentication failed", - "oauth_timeout": "OAuth flow timed out (5 minutes)", - "oauth_press_esc": " Press [Esc] to cancel", - "oauth_auth_url": " Authorization URL:", - "oauth_remote_hint": " Remote browser mode: Open the URL above in browser, paste the callback URL below after authorization.", - "oauth_callback_url": " Callback URL:", - "oauth_press_c": " Press [c] to enter callback URL • [Esc] to go back", - "oauth_submitting": "⏳ Submitting callback...", - "oauth_submit_ok": "✓ Callback submitted, waiting...", - "oauth_submit_fail": "✗ Callback submission failed", - "oauth_waiting": " Waiting for authentication...", - - // ── Usage ── - "usage_title": "📈 Usage Statistics", - "usage_help": " [r] Refresh • [↑↓] Scroll", - "usage_no_data": " Usage data not available", - "usage_total_reqs": "Total Requests", - "usage_total_tokens": "Total Tokens", - "usage_success": "Success", - "usage_failure": "Failed", - "usage_total_token_l": "Total Tokens", - "usage_rpm": "RPM", - "usage_tpm": "TPM", - "usage_req_by_hour": "Requests by Hour", - "usage_tok_by_hour": "Token Usage by Hour", - "usage_req_by_day": "Requests by Day", - "usage_api_detail": "API Detail Statistics", - "usage_input": "Input", - "usage_output": "Output", - "usage_cached": "Cached", - "usage_reasoning": "Reasoning", - - // ── Logs ── - "logs_title": "📋 Logs", - "logs_auto_scroll": "● AUTO-SCROLL", - "logs_paused": "○ PAUSED", - "logs_filter": "Filter", - "logs_lines": "Lines", - "logs_help": " [a] Auto-scroll • [c] Clear • [1] All [2] info+ [3] warn+ [4] error • [↑↓] Scroll", - "logs_waiting": " Waiting for log output...", -} diff --git a/internal/tui/keys_tab.go b/internal/tui/keys_tab.go deleted file mode 100644 index 770f7f1e57..0000000000 --- a/internal/tui/keys_tab.go +++ /dev/null @@ -1,405 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - - "github.com/atotto/clipboard" - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// keysTabModel displays and manages API keys. -type keysTabModel struct { - client *Client - viewport viewport.Model - keys []string - gemini []map[string]any - claude []map[string]any - codex []map[string]any - vertex []map[string]any - openai []map[string]any - err error - width int - height int - ready bool - cursor int - confirm int // -1 = no deletion pending - status string - - // Editing / Adding - editing bool - adding bool - editIdx int - editInput textinput.Model -} - -type keysDataMsg struct { - apiKeys []string - gemini []map[string]any - claude []map[string]any - codex []map[string]any - vertex []map[string]any - openai []map[string]any - err error -} - -type keyActionMsg struct { - action string - err error -} - -func newKeysTabModel(client *Client) keysTabModel { - ti := textinput.New() - ti.CharLimit = 512 - ti.Prompt = " Key: " - return keysTabModel{ - client: client, - confirm: -1, - editInput: ti, - } -} - -func (m keysTabModel) Init() tea.Cmd { - return m.fetchKeys -} - -func (m keysTabModel) fetchKeys() tea.Msg { - result := keysDataMsg{} - apiKeys, err := m.client.GetAPIKeys() - if err != nil { - result.err = err - return result - } - result.apiKeys = apiKeys - result.gemini, _ = m.client.GetGeminiKeys() - result.claude, _ = m.client.GetClaudeKeys() - result.codex, _ = m.client.GetCodexKeys() - result.vertex, _ = m.client.GetVertexKeys() - result.openai, _ = m.client.GetOpenAICompat() - return result -} - -func (m keysTabModel) Update(msg tea.Msg) (keysTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case keysDataMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.keys = msg.apiKeys - m.gemini = msg.gemini - m.claude = msg.claude - m.codex = msg.codex - m.vertex = msg.vertex - m.openai = msg.openai - if m.cursor >= len(m.keys) { - m.cursor = max(0, len(m.keys)-1) - } - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case keyActionMsg: - if msg.err != nil { - m.status = errorStyle.Render("✗ " + msg.err.Error()) - } else { - m.status = successStyle.Render("✓ " + msg.action) - } - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, m.fetchKeys - - case tea.KeyMsg: - // ---- Editing / Adding mode ---- - if m.editing || m.adding { - switch msg.String() { - case "enter": - value := strings.TrimSpace(m.editInput.Value()) - if value == "" { - m.editing = false - m.adding = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - } - isAdding := m.adding - editIdx := m.editIdx - m.editing = false - m.adding = false - m.editInput.Blur() - if isAdding { - return m, func() tea.Msg { - err := m.client.AddAPIKey(value) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_added")} - } - } - return m, func() tea.Msg { - err := m.client.EditAPIKey(editIdx, value) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_updated")} - } - case "esc": - m.editing = false - m.adding = false - m.editInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.editInput, cmd = m.editInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } - } - - // ---- Delete confirmation ---- - if m.confirm >= 0 { - switch msg.String() { - case "y", "Y": - idx := m.confirm - m.confirm = -1 - return m, func() tea.Msg { - err := m.client.DeleteAPIKey(idx) - if err != nil { - return keyActionMsg{err: err} - } - return keyActionMsg{action: T("key_deleted")} - } - case "n", "N", "esc": - m.confirm = -1 - m.viewport.SetContent(m.renderContent()) - return m, nil - } - return m, nil - } - - // ---- Normal mode ---- - switch msg.String() { - case "j", "down": - if len(m.keys) > 0 { - m.cursor = (m.cursor + 1) % len(m.keys) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "k", "up": - if len(m.keys) > 0 { - m.cursor = (m.cursor - 1 + len(m.keys)) % len(m.keys) - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "a": - // Add new key - m.adding = true - m.editing = false - m.editInput.SetValue("") - m.editInput.Prompt = T("new_key_prompt") - m.editInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - case "e": - // Edit selected key - if m.cursor < len(m.keys) { - m.editing = true - m.adding = false - m.editIdx = m.cursor - m.editInput.SetValue(m.keys[m.cursor]) - m.editInput.Prompt = T("edit_key_prompt") - m.editInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - } - return m, nil - case "d": - // Delete selected key - if m.cursor < len(m.keys) { - m.confirm = m.cursor - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "c": - // Copy selected key to clipboard - if m.cursor < len(m.keys) { - key := m.keys[m.cursor] - if err := clipboard.WriteAll(key); err != nil { - m.status = errorStyle.Render(T("copy_failed") + ": " + err.Error()) - } else { - m.status = successStyle.Render(T("copied")) - } - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "r": - m.status = "" - return m, m.fetchKeys - default: - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *keysTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.editInput.Width = w - 16 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m keysTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m keysTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("keys_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("keys_help"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render(T("error_prefix") + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - // ━━━ Access API Keys (interactive) ━━━ - sb.WriteString(tableHeaderStyle.Render(fmt.Sprintf(" %s (%d)", T("access_keys"), len(m.keys)))) - sb.WriteString("\n") - - if len(m.keys) == 0 { - sb.WriteString(subtitleStyle.Render(T("no_keys"))) - sb.WriteString("\n") - } - - for i, key := range m.keys { - cursor := " " - rowStyle := lipgloss.NewStyle() - if i == m.cursor { - cursor = "▸ " - rowStyle = lipgloss.NewStyle().Bold(true) - } - - row := fmt.Sprintf("%s%d. %s", cursor, i+1, maskKey(key)) - sb.WriteString(rowStyle.Render(row)) - sb.WriteString("\n") - - // Delete confirmation - if m.confirm == i { - sb.WriteString(warningStyle.Render(fmt.Sprintf(" "+T("confirm_delete_key"), maskKey(key)))) - sb.WriteString("\n") - } - - // Edit input - if m.editing && m.editIdx == i { - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("enter_save_esc"))) - sb.WriteString("\n") - } - } - - // Add input - if m.adding { - sb.WriteString("\n") - sb.WriteString(m.editInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("enter_add"))) - sb.WriteString("\n") - } - - sb.WriteString("\n") - - // ━━━ Provider Keys (read-only display) ━━━ - renderProviderKeys(&sb, "Gemini API Keys", m.gemini) - renderProviderKeys(&sb, "Claude API Keys", m.claude) - renderProviderKeys(&sb, "Codex API Keys", m.codex) - renderProviderKeys(&sb, "Vertex API Keys", m.vertex) - - if len(m.openai) > 0 { - renderSection(&sb, "OpenAI Compatibility", len(m.openai)) - for i, entry := range m.openai { - name := getString(entry, "name") - baseURL := getString(entry, "base-url") - prefix := getString(entry, "prefix") - info := name - if prefix != "" { - info += " (prefix: " + prefix + ")" - } - if baseURL != "" { - info += " → " + baseURL - } - sb.WriteString(fmt.Sprintf(" %d. %s\n", i+1, info)) - } - sb.WriteString("\n") - } - - if m.status != "" { - sb.WriteString(m.status) - sb.WriteString("\n") - } - - return sb.String() -} - -func renderSection(sb *strings.Builder, title string, count int) { - header := fmt.Sprintf("%s (%d)", title, count) - sb.WriteString(tableHeaderStyle.Render(" " + header)) - sb.WriteString("\n") -} - -func renderProviderKeys(sb *strings.Builder, title string, keys []map[string]any) { - if len(keys) == 0 { - return - } - renderSection(sb, title, len(keys)) - for i, key := range keys { - apiKey := getString(key, "api-key") - prefix := getString(key, "prefix") - baseURL := getString(key, "base-url") - info := maskKey(apiKey) - if prefix != "" { - info += " (prefix: " + prefix + ")" - } - if baseURL != "" { - info += " → " + baseURL - } - sb.WriteString(fmt.Sprintf(" %d. %s\n", i+1, info)) - } - sb.WriteString("\n") -} - -func maskKey(key string) string { - if len(key) <= 8 { - return strings.Repeat("*", len(key)) - } - return key[:4] + strings.Repeat("*", len(key)-8) + key[len(key)-4:] -} diff --git a/internal/tui/loghook.go b/internal/tui/loghook.go deleted file mode 100644 index 157e7fd83e..0000000000 --- a/internal/tui/loghook.go +++ /dev/null @@ -1,78 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "sync" - - log "github.com/sirupsen/logrus" -) - -// LogHook is a logrus hook that captures log entries and sends them to a channel. -type LogHook struct { - ch chan string - formatter log.Formatter - mu sync.Mutex - levels []log.Level -} - -// NewLogHook creates a new LogHook with a buffered channel of the given size. -func NewLogHook(bufSize int) *LogHook { - return &LogHook{ - ch: make(chan string, bufSize), - formatter: &log.TextFormatter{DisableColors: true, FullTimestamp: true}, - levels: log.AllLevels, - } -} - -// SetFormatter sets a custom formatter for the hook. -func (h *LogHook) SetFormatter(f log.Formatter) { - h.mu.Lock() - defer h.mu.Unlock() - h.formatter = f -} - -// Levels returns the log levels this hook should fire on. -func (h *LogHook) Levels() []log.Level { - return h.levels -} - -// Fire is called by logrus when a log entry is fired. -func (h *LogHook) Fire(entry *log.Entry) error { - h.mu.Lock() - f := h.formatter - h.mu.Unlock() - - var line string - if f != nil { - b, err := f.Format(entry) - if err == nil { - line = strings.TrimRight(string(b), "\n\r") - } else { - line = fmt.Sprintf("[%s] %s", entry.Level, entry.Message) - } - } else { - line = fmt.Sprintf("[%s] %s", entry.Level, entry.Message) - } - - // Non-blocking send - select { - case h.ch <- line: - default: - // Drop oldest if full - select { - case <-h.ch: - default: - } - select { - case h.ch <- line: - default: - } - } - return nil -} - -// Chan returns the channel to read log lines from. -func (h *LogHook) Chan() <-chan string { - return h.ch -} diff --git a/internal/tui/logs_tab.go b/internal/tui/logs_tab.go deleted file mode 100644 index 456200d915..0000000000 --- a/internal/tui/logs_tab.go +++ /dev/null @@ -1,261 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "time" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" -) - -// logsTabModel displays real-time log lines from hook/API source. -type logsTabModel struct { - client *Client - hook *LogHook - viewport viewport.Model - lines []string - maxLines int - autoScroll bool - width int - height int - ready bool - filter string // "", "debug", "info", "warn", "error" - after int64 - lastErr error -} - -type logsPollMsg struct { - lines []string - latest int64 - err error -} - -type logsTickMsg struct{} -type logLineMsg string - -func newLogsTabModel(client *Client, hook *LogHook) logsTabModel { - return logsTabModel{ - client: client, - hook: hook, - maxLines: 5000, - autoScroll: true, - } -} - -func (m logsTabModel) Init() tea.Cmd { - if m.hook != nil { - return m.waitForLog - } - return m.fetchLogs -} - -func (m logsTabModel) fetchLogs() tea.Msg { - lines, latest, err := m.client.GetLogs(m.after, 200) - return logsPollMsg{ - lines: lines, - latest: latest, - err: err, - } -} - -func (m logsTabModel) waitForNextPoll() tea.Cmd { - return tea.Tick(2*time.Second, func(_ time.Time) tea.Msg { - return logsTickMsg{} - }) -} - -func (m logsTabModel) waitForLog() tea.Msg { - if m.hook == nil { - return nil - } - line, ok := <-m.hook.Chan() - if !ok { - return nil - } - return logLineMsg(line) -} - -func (m logsTabModel) Update(msg tea.Msg) (logsTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderLogs()) - return m, nil - case logsTickMsg: - if m.hook != nil { - return m, nil - } - return m, m.fetchLogs - case logsPollMsg: - if m.hook != nil { - return m, nil - } - if msg.err != nil { - m.lastErr = msg.err - } else { - m.lastErr = nil - m.after = msg.latest - if len(msg.lines) > 0 { - m.lines = append(m.lines, msg.lines...) - if len(m.lines) > m.maxLines { - m.lines = m.lines[len(m.lines)-m.maxLines:] - } - } - } - m.viewport.SetContent(m.renderLogs()) - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, m.waitForNextPoll() - case logLineMsg: - m.lines = append(m.lines, string(msg)) - if len(m.lines) > m.maxLines { - m.lines = m.lines[len(m.lines)-m.maxLines:] - } - m.viewport.SetContent(m.renderLogs()) - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, m.waitForLog - - case tea.KeyMsg: - switch msg.String() { - case "a": - m.autoScroll = !m.autoScroll - if m.autoScroll { - m.viewport.GotoBottom() - } - return m, nil - case "c": - m.lines = nil - m.lastErr = nil - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "1": - m.filter = "" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "2": - m.filter = "info" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "3": - m.filter = "warn" - m.viewport.SetContent(m.renderLogs()) - return m, nil - case "4": - m.filter = "error" - m.viewport.SetContent(m.renderLogs()) - return m, nil - default: - wasAtBottom := m.viewport.AtBottom() - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - // If user scrolls up, disable auto-scroll - if !m.viewport.AtBottom() && wasAtBottom { - m.autoScroll = false - } - // If user scrolls to bottom, re-enable auto-scroll - if m.viewport.AtBottom() { - m.autoScroll = true - } - return m, cmd - } - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *logsTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderLogs()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m logsTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m logsTabModel) renderLogs() string { - var sb strings.Builder - - scrollStatus := successStyle.Render(T("logs_auto_scroll")) - if !m.autoScroll { - scrollStatus = warningStyle.Render(T("logs_paused")) - } - filterLabel := "ALL" - if m.filter != "" { - filterLabel = strings.ToUpper(m.filter) + "+" - } - - header := fmt.Sprintf(" %s %s %s: %s %s: %d", - T("logs_title"), scrollStatus, T("logs_filter"), filterLabel, T("logs_lines"), len(m.lines)) - sb.WriteString(titleStyle.Render(header)) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("logs_help"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", m.width)) - sb.WriteString("\n") - - if m.lastErr != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.lastErr.Error())) - sb.WriteString("\n") - } - - if len(m.lines) == 0 { - sb.WriteString(subtitleStyle.Render(T("logs_waiting"))) - return sb.String() - } - - for _, line := range m.lines { - if m.filter != "" && !m.matchLevel(line) { - continue - } - styled := m.styleLine(line) - sb.WriteString(styled) - sb.WriteString("\n") - } - - return sb.String() -} - -func (m logsTabModel) matchLevel(line string) bool { - switch m.filter { - case "error": - return strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") || strings.Contains(line, "[panic]") - case "warn": - return strings.Contains(line, "[warn") || strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") - case "info": - return !strings.Contains(line, "[debug]") - default: - return true - } -} - -func (m logsTabModel) styleLine(line string) string { - if strings.Contains(line, "[error]") || strings.Contains(line, "[fatal]") { - return logErrorStyle.Render(line) - } - if strings.Contains(line, "[warn") { - return logWarnStyle.Render(line) - } - if strings.Contains(line, "[info") { - return logInfoStyle.Render(line) - } - if strings.Contains(line, "[debug]") { - return logDebugStyle.Render(line) - } - return line -} diff --git a/internal/tui/oauth_tab.go b/internal/tui/oauth_tab.go deleted file mode 100644 index 3989e3d861..0000000000 --- a/internal/tui/oauth_tab.go +++ /dev/null @@ -1,473 +0,0 @@ -package tui - -import ( - "fmt" - "strings" - "time" - - "github.com/charmbracelet/bubbles/textinput" - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// oauthProvider represents an OAuth provider option. -type oauthProvider struct { - name string - apiPath string // management API path - emoji string -} - -var oauthProviders = []oauthProvider{ - {"Gemini CLI", "gemini-cli-auth-url", "🟦"}, - {"Claude (Anthropic)", "anthropic-auth-url", "🟧"}, - {"Codex (OpenAI)", "codex-auth-url", "🟩"}, - {"Antigravity", "antigravity-auth-url", "🟪"}, - {"Qwen", "qwen-auth-url", "🟨"}, - {"Kimi", "kimi-auth-url", "🟫"}, - {"IFlow", "iflow-auth-url", "⬜"}, -} - -// oauthTabModel handles OAuth login flows. -type oauthTabModel struct { - client *Client - viewport viewport.Model - cursor int - state oauthState - message string - err error - width int - height int - ready bool - - // Remote browser mode - authURL string // auth URL to display - authState string // OAuth state parameter - providerName string // current provider name - callbackInput textinput.Model - inputActive bool // true when user is typing callback URL -} - -type oauthState int - -const ( - oauthIdle oauthState = iota - oauthPending - oauthRemote // remote browser mode: waiting for manual callback - oauthSuccess - oauthError -) - -// Messages -type oauthStartMsg struct { - url string - state string - providerName string - err error -} - -type oauthPollMsg struct { - done bool - message string - err error -} - -type oauthCallbackSubmitMsg struct { - err error -} - -func newOAuthTabModel(client *Client) oauthTabModel { - ti := textinput.New() - ti.Placeholder = "http://localhost:.../auth/callback?code=...&state=..." - ti.CharLimit = 2048 - ti.Prompt = " 回调 URL: " - return oauthTabModel{ - client: client, - callbackInput: ti, - } -} - -func (m oauthTabModel) Init() tea.Cmd { - return nil -} - -func (m oauthTabModel) Update(msg tea.Msg) (oauthTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case oauthStartMsg: - if msg.err != nil { - m.state = oauthError - m.err = msg.err - m.message = errorStyle.Render("✗ " + msg.err.Error()) - m.viewport.SetContent(m.renderContent()) - return m, nil - } - m.authURL = msg.url - m.authState = msg.state - m.providerName = msg.providerName - m.state = oauthRemote - m.callbackInput.SetValue("") - m.callbackInput.Focus() - m.inputActive = true - m.message = "" - m.viewport.SetContent(m.renderContent()) - // Also start polling in the background - return m, tea.Batch(textinput.Blink, m.pollOAuthStatus(msg.state)) - - case oauthPollMsg: - if msg.err != nil { - m.state = oauthError - m.err = msg.err - m.message = errorStyle.Render("✗ " + msg.err.Error()) - m.inputActive = false - m.callbackInput.Blur() - } else if msg.done { - m.state = oauthSuccess - m.message = successStyle.Render("✓ " + msg.message) - m.inputActive = false - m.callbackInput.Blur() - } else { - m.message = warningStyle.Render("⏳ " + msg.message) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case oauthCallbackSubmitMsg: - if msg.err != nil { - m.message = errorStyle.Render(T("oauth_submit_fail") + ": " + msg.err.Error()) - } else { - m.message = successStyle.Render(T("oauth_submit_ok")) - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case tea.KeyMsg: - // ---- Input active: typing callback URL ---- - if m.inputActive { - switch msg.String() { - case "enter": - callbackURL := m.callbackInput.Value() - if callbackURL == "" { - return m, nil - } - m.inputActive = false - m.callbackInput.Blur() - m.message = warningStyle.Render(T("oauth_submitting")) - m.viewport.SetContent(m.renderContent()) - return m, m.submitCallback(callbackURL) - case "esc": - m.inputActive = false - m.callbackInput.Blur() - m.viewport.SetContent(m.renderContent()) - return m, nil - default: - var cmd tea.Cmd - m.callbackInput, cmd = m.callbackInput.Update(msg) - m.viewport.SetContent(m.renderContent()) - return m, cmd - } - } - - // ---- Remote mode but not typing ---- - if m.state == oauthRemote { - switch msg.String() { - case "c", "C": - // Re-activate input - m.inputActive = true - m.callbackInput.Focus() - m.viewport.SetContent(m.renderContent()) - return m, textinput.Blink - case "esc": - m.state = oauthIdle - m.message = "" - m.authURL = "" - m.authState = "" - m.viewport.SetContent(m.renderContent()) - return m, nil - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - // ---- Pending (auto polling) ---- - if m.state == oauthPending { - if msg.String() == "esc" { - m.state = oauthIdle - m.message = "" - m.viewport.SetContent(m.renderContent()) - } - return m, nil - } - - // ---- Idle ---- - switch msg.String() { - case "up", "k": - if m.cursor > 0 { - m.cursor-- - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "down", "j": - if m.cursor < len(oauthProviders)-1 { - m.cursor++ - m.viewport.SetContent(m.renderContent()) - } - return m, nil - case "enter": - if m.cursor >= 0 && m.cursor < len(oauthProviders) { - provider := oauthProviders[m.cursor] - m.state = oauthPending - m.message = warningStyle.Render(fmt.Sprintf(T("oauth_initiating"), provider.name)) - m.viewport.SetContent(m.renderContent()) - return m, m.startOAuth(provider) - } - return m, nil - case "esc": - m.state = oauthIdle - m.message = "" - m.err = nil - m.viewport.SetContent(m.renderContent()) - return m, nil - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m oauthTabModel) startOAuth(provider oauthProvider) tea.Cmd { - return func() tea.Msg { - // Call the auth URL endpoint with is_webui=true - data, err := m.client.getJSON("/v0/management/" + provider.apiPath + "?is_webui=true") - if err != nil { - return oauthStartMsg{err: fmt.Errorf("failed to start %s login: %w", provider.name, err)} - } - - authURL := getString(data, "url") - state := getString(data, "state") - if authURL == "" { - return oauthStartMsg{err: fmt.Errorf("no auth URL returned for %s", provider.name)} - } - - // Try to open browser (best effort) - _ = openBrowser(authURL) - - return oauthStartMsg{url: authURL, state: state, providerName: provider.name} - } -} - -func (m oauthTabModel) submitCallback(callbackURL string) tea.Cmd { - return func() tea.Msg { - // Determine provider from current context - providerKey := "" - for _, p := range oauthProviders { - if p.name == m.providerName { - // Map provider name to the canonical key the API expects - switch p.apiPath { - case "gemini-cli-auth-url": - providerKey = "gemini" - case "anthropic-auth-url": - providerKey = "anthropic" - case "codex-auth-url": - providerKey = "codex" - case "antigravity-auth-url": - providerKey = "antigravity" - case "qwen-auth-url": - providerKey = "qwen" - case "kimi-auth-url": - providerKey = "kimi" - case "iflow-auth-url": - providerKey = "iflow" - } - break - } - } - - body := map[string]string{ - "provider": providerKey, - "redirect_url": callbackURL, - "state": m.authState, - } - err := m.client.postJSON("/v0/management/oauth-callback", body) - if err != nil { - return oauthCallbackSubmitMsg{err: err} - } - return oauthCallbackSubmitMsg{} - } -} - -func (m oauthTabModel) pollOAuthStatus(state string) tea.Cmd { - return func() tea.Msg { - // Poll session status for up to 5 minutes - deadline := time.Now().Add(5 * time.Minute) - for { - if time.Now().After(deadline) { - return oauthPollMsg{done: false, err: fmt.Errorf("%s", T("oauth_timeout"))} - } - - time.Sleep(2 * time.Second) - - status, errMsg, err := m.client.GetAuthStatus(state) - if err != nil { - continue // Ignore transient errors - } - - switch status { - case "ok": - return oauthPollMsg{ - done: true, - message: T("oauth_success"), - } - case "error": - return oauthPollMsg{ - done: false, - err: fmt.Errorf("%s: %s", T("oauth_failed"), errMsg), - } - case "wait": - continue - default: - return oauthPollMsg{ - done: true, - message: T("oauth_completed"), - } - } - } - } -} - -func (m *oauthTabModel) SetSize(w, h int) { - m.width = w - m.height = h - m.callbackInput.Width = w - 16 - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m oauthTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m oauthTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("oauth_title"))) - sb.WriteString("\n\n") - - if m.message != "" { - sb.WriteString(" " + m.message) - sb.WriteString("\n\n") - } - - // ---- Remote browser mode ---- - if m.state == oauthRemote { - sb.WriteString(m.renderRemoteMode()) - return sb.String() - } - - if m.state == oauthPending { - sb.WriteString(helpStyle.Render(T("oauth_press_esc"))) - return sb.String() - } - - sb.WriteString(helpStyle.Render(T("oauth_select"))) - sb.WriteString("\n\n") - - for i, p := range oauthProviders { - isSelected := i == m.cursor - prefix := " " - if isSelected { - prefix = "▸ " - } - - label := fmt.Sprintf("%s %s", p.emoji, p.name) - if isSelected { - label = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("#FFFFFF")).Background(colorPrimary).Padding(0, 1).Render(label) - } else { - label = lipgloss.NewStyle().Foreground(colorText).Padding(0, 1).Render(label) - } - - sb.WriteString(prefix + label + "\n") - } - - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("oauth_help"))) - - return sb.String() -} - -func (m oauthTabModel) renderRemoteMode() string { - var sb strings.Builder - - providerStyle := lipgloss.NewStyle().Bold(true).Foreground(colorHighlight) - sb.WriteString(providerStyle.Render(fmt.Sprintf(" ✦ %s OAuth", m.providerName))) - sb.WriteString("\n\n") - - // Auth URL section - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorInfo).Render(T("oauth_auth_url"))) - sb.WriteString("\n") - - // Wrap URL to fit terminal width - urlStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("252")) - maxURLWidth := m.width - 6 - if maxURLWidth < 40 { - maxURLWidth = 40 - } - wrappedURL := wrapText(m.authURL, maxURLWidth) - for _, line := range wrappedURL { - sb.WriteString(" " + urlStyle.Render(line) + "\n") - } - sb.WriteString("\n") - - sb.WriteString(helpStyle.Render(T("oauth_remote_hint"))) - sb.WriteString("\n\n") - - // Callback URL input - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorInfo).Render(T("oauth_callback_url"))) - sb.WriteString("\n") - - if m.inputActive { - sb.WriteString(m.callbackInput.View()) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(" " + T("enter_submit") + " • " + T("esc_cancel"))) - } else { - sb.WriteString(helpStyle.Render(T("oauth_press_c"))) - } - - sb.WriteString("\n\n") - sb.WriteString(warningStyle.Render(T("oauth_waiting"))) - - return sb.String() -} - -// wrapText splits a long string into lines of at most maxWidth characters. -func wrapText(s string, maxWidth int) []string { - if maxWidth <= 0 { - return []string{s} - } - var lines []string - for len(s) > maxWidth { - lines = append(lines, s[:maxWidth]) - s = s[maxWidth:] - } - if len(s) > 0 { - lines = append(lines, s) - } - return lines -} diff --git a/internal/tui/styles.go b/internal/tui/styles.go deleted file mode 100644 index f09e4322c9..0000000000 --- a/internal/tui/styles.go +++ /dev/null @@ -1,126 +0,0 @@ -// Package tui provides a terminal-based management interface for CLIProxyAPI. -package tui - -import "github.com/charmbracelet/lipgloss" - -// Color palette -var ( - colorPrimary = lipgloss.Color("#7C3AED") // violet - colorSecondary = lipgloss.Color("#6366F1") // indigo - colorSuccess = lipgloss.Color("#22C55E") // green - colorWarning = lipgloss.Color("#EAB308") // yellow - colorError = lipgloss.Color("#EF4444") // red - colorInfo = lipgloss.Color("#3B82F6") // blue - colorMuted = lipgloss.Color("#6B7280") // gray - colorBg = lipgloss.Color("#1E1E2E") // dark bg - colorSurface = lipgloss.Color("#313244") // slightly lighter - colorText = lipgloss.Color("#CDD6F4") // light text - colorSubtext = lipgloss.Color("#A6ADC8") // dimmer text - colorBorder = lipgloss.Color("#45475A") // border - colorHighlight = lipgloss.Color("#F5C2E7") // pink highlight -) - -// Tab bar styles -var ( - tabActiveStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(lipgloss.Color("#FFFFFF")). - Background(colorPrimary). - Padding(0, 2) - - tabInactiveStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Background(colorSurface). - Padding(0, 2) - - tabBarStyle = lipgloss.NewStyle(). - Background(colorSurface). - PaddingLeft(1). - PaddingBottom(0) -) - -// Content styles -var ( - titleStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(colorHighlight). - MarginBottom(1) - - subtitleStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Italic(true) - - labelStyle = lipgloss.NewStyle(). - Foreground(colorInfo). - Bold(true). - Width(24) - - valueStyle = lipgloss.NewStyle(). - Foreground(colorText) - - sectionStyle = lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(colorBorder). - Padding(1, 2) - - errorStyle = lipgloss.NewStyle(). - Foreground(colorError). - Bold(true) - - successStyle = lipgloss.NewStyle(). - Foreground(colorSuccess) - - warningStyle = lipgloss.NewStyle(). - Foreground(colorWarning) - - statusBarStyle = lipgloss.NewStyle(). - Foreground(colorSubtext). - Background(colorSurface). - PaddingLeft(1). - PaddingRight(1) - - helpStyle = lipgloss.NewStyle(). - Foreground(colorMuted) -) - -// Log level styles -var ( - logDebugStyle = lipgloss.NewStyle().Foreground(colorMuted) - logInfoStyle = lipgloss.NewStyle().Foreground(colorInfo) - logWarnStyle = lipgloss.NewStyle().Foreground(colorWarning) - logErrorStyle = lipgloss.NewStyle().Foreground(colorError) -) - -// Table styles -var ( - tableHeaderStyle = lipgloss.NewStyle(). - Bold(true). - Foreground(colorHighlight). - BorderBottom(true). - BorderStyle(lipgloss.NormalBorder()). - BorderForeground(colorBorder) - - tableCellStyle = lipgloss.NewStyle(). - Foreground(colorText). - PaddingRight(2) - - tableSelectedStyle = lipgloss.NewStyle(). - Foreground(lipgloss.Color("#FFFFFF")). - Background(colorPrimary). - Bold(true) -) - -func logLevelStyle(level string) lipgloss.Style { - switch level { - case "debug": - return logDebugStyle - case "info": - return logInfoStyle - case "warn", "warning": - return logWarnStyle - case "error", "fatal", "panic": - return logErrorStyle - default: - return logInfoStyle - } -} diff --git a/internal/tui/usage_tab.go b/internal/tui/usage_tab.go deleted file mode 100644 index 9e6da7f840..0000000000 --- a/internal/tui/usage_tab.go +++ /dev/null @@ -1,364 +0,0 @@ -package tui - -import ( - "fmt" - "sort" - "strings" - - "github.com/charmbracelet/bubbles/viewport" - tea "github.com/charmbracelet/bubbletea" - "github.com/charmbracelet/lipgloss" -) - -// usageTabModel displays usage statistics with charts and breakdowns. -type usageTabModel struct { - client *Client - viewport viewport.Model - usage map[string]any - err error - width int - height int - ready bool -} - -type usageDataMsg struct { - usage map[string]any - err error -} - -func newUsageTabModel(client *Client) usageTabModel { - return usageTabModel{ - client: client, - } -} - -func (m usageTabModel) Init() tea.Cmd { - return m.fetchData -} - -func (m usageTabModel) fetchData() tea.Msg { - usage, err := m.client.GetUsage() - return usageDataMsg{usage: usage, err: err} -} - -func (m usageTabModel) Update(msg tea.Msg) (usageTabModel, tea.Cmd) { - switch msg := msg.(type) { - case localeChangedMsg: - m.viewport.SetContent(m.renderContent()) - return m, nil - case usageDataMsg: - if msg.err != nil { - m.err = msg.err - } else { - m.err = nil - m.usage = msg.usage - } - m.viewport.SetContent(m.renderContent()) - return m, nil - - case tea.KeyMsg: - if msg.String() == "r" { - return m, m.fetchData - } - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd - } - - var cmd tea.Cmd - m.viewport, cmd = m.viewport.Update(msg) - return m, cmd -} - -func (m *usageTabModel) SetSize(w, h int) { - m.width = w - m.height = h - if !m.ready { - m.viewport = viewport.New(w, h) - m.viewport.SetContent(m.renderContent()) - m.ready = true - } else { - m.viewport.Width = w - m.viewport.Height = h - } -} - -func (m usageTabModel) View() string { - if !m.ready { - return T("loading") - } - return m.viewport.View() -} - -func (m usageTabModel) renderContent() string { - var sb strings.Builder - - sb.WriteString(titleStyle.Render(T("usage_title"))) - sb.WriteString("\n") - sb.WriteString(helpStyle.Render(T("usage_help"))) - sb.WriteString("\n\n") - - if m.err != nil { - sb.WriteString(errorStyle.Render("⚠ Error: " + m.err.Error())) - sb.WriteString("\n") - return sb.String() - } - - if m.usage == nil { - sb.WriteString(subtitleStyle.Render(T("usage_no_data"))) - sb.WriteString("\n") - return sb.String() - } - - usageMap, _ := m.usage["usage"].(map[string]any) - if usageMap == nil { - sb.WriteString(subtitleStyle.Render(T("usage_no_data"))) - sb.WriteString("\n") - return sb.String() - } - - totalReqs := int64(getFloat(usageMap, "total_requests")) - successCnt := int64(getFloat(usageMap, "success_count")) - failureCnt := int64(getFloat(usageMap, "failure_count")) - totalTokens := int64(getFloat(usageMap, "total_tokens")) - - // ━━━ Overview Cards ━━━ - cardWidth := 20 - if m.width > 0 { - cardWidth = (m.width - 6) / 4 - if cardWidth < 16 { - cardWidth = 16 - } - } - cardStyle := lipgloss.NewStyle(). - Border(lipgloss.RoundedBorder()). - BorderForeground(lipgloss.Color("240")). - Padding(0, 1). - Width(cardWidth). - Height(3) - - // Total Requests - card1 := cardStyle.Copy().BorderForeground(lipgloss.Color("111")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_total_reqs")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("111")).Render(fmt.Sprintf("%d", totalReqs)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("● %s: %d ● %s: %d", T("usage_success"), successCnt, T("usage_failure"), failureCnt)), - )) - - // Total Tokens - card2 := cardStyle.Copy().BorderForeground(lipgloss.Color("214")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_total_tokens")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("214")).Render(formatLargeNumber(totalTokens)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %s", T("usage_total_token_l"), formatLargeNumber(totalTokens))), - )) - - // RPM - rpm := float64(0) - if totalReqs > 0 { - if rByH, ok := usageMap["requests_by_hour"].(map[string]any); ok && len(rByH) > 0 { - rpm = float64(totalReqs) / float64(len(rByH)) / 60.0 - } - } - card3 := cardStyle.Copy().BorderForeground(lipgloss.Color("76")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_rpm")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("76")).Render(fmt.Sprintf("%.2f", rpm)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %d", T("usage_total_reqs"), totalReqs)), - )) - - // TPM - tpm := float64(0) - if totalTokens > 0 { - if tByH, ok := usageMap["tokens_by_hour"].(map[string]any); ok && len(tByH) > 0 { - tpm = float64(totalTokens) / float64(len(tByH)) / 60.0 - } - } - card4 := cardStyle.Copy().BorderForeground(lipgloss.Color("170")).Render(fmt.Sprintf( - "%s\n%s\n%s", - lipgloss.NewStyle().Foreground(colorMuted).Render(T("usage_tpm")), - lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("170")).Render(fmt.Sprintf("%.2f", tpm)), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%s: %s", T("usage_total_tokens"), formatLargeNumber(totalTokens))), - )) - - sb.WriteString(lipgloss.JoinHorizontal(lipgloss.Top, card1, " ", card2, " ", card3, " ", card4)) - sb.WriteString("\n\n") - - // ━━━ Requests by Hour (ASCII bar chart) ━━━ - if rByH, ok := usageMap["requests_by_hour"].(map[string]any); ok && len(rByH) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_req_by_hour"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(rByH, m.width-6, lipgloss.Color("111"))) - sb.WriteString("\n") - } - - // ━━━ Tokens by Hour ━━━ - if tByH, ok := usageMap["tokens_by_hour"].(map[string]any); ok && len(tByH) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_tok_by_hour"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(tByH, m.width-6, lipgloss.Color("214"))) - sb.WriteString("\n") - } - - // ━━━ Requests by Day ━━━ - if rByD, ok := usageMap["requests_by_day"].(map[string]any); ok && len(rByD) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_req_by_day"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 60))) - sb.WriteString("\n") - sb.WriteString(renderBarChart(rByD, m.width-6, lipgloss.Color("76"))) - sb.WriteString("\n") - } - - // ━━━ API Detail Stats ━━━ - if apis, ok := usageMap["apis"].(map[string]any); ok && len(apis) > 0 { - sb.WriteString(lipgloss.NewStyle().Bold(true).Foreground(colorHighlight).Render(T("usage_api_detail"))) - sb.WriteString("\n") - sb.WriteString(strings.Repeat("─", minInt(m.width, 80))) - sb.WriteString("\n") - - header := fmt.Sprintf(" %-30s %10s %12s", "API", T("requests"), T("tokens")) - sb.WriteString(tableHeaderStyle.Render(header)) - sb.WriteString("\n") - - for apiName, apiSnap := range apis { - if apiMap, ok := apiSnap.(map[string]any); ok { - apiReqs := int64(getFloat(apiMap, "total_requests")) - apiToks := int64(getFloat(apiMap, "total_tokens")) - - row := fmt.Sprintf(" %-30s %10d %12s", - truncate(maskKey(apiName), 30), apiReqs, formatLargeNumber(apiToks)) - sb.WriteString(lipgloss.NewStyle().Bold(true).Render(row)) - sb.WriteString("\n") - - // Per-model breakdown - if models, ok := apiMap["models"].(map[string]any); ok { - for model, v := range models { - if stats, ok := v.(map[string]any); ok { - mReqs := int64(getFloat(stats, "total_requests")) - mToks := int64(getFloat(stats, "total_tokens")) - mRow := fmt.Sprintf(" ├─ %-28s %10d %12s", - truncate(model, 28), mReqs, formatLargeNumber(mToks)) - sb.WriteString(tableCellStyle.Render(mRow)) - sb.WriteString("\n") - - // Token type breakdown from details - sb.WriteString(m.renderTokenBreakdown(stats)) - } - } - } - } - } - } - - sb.WriteString("\n") - return sb.String() -} - -// renderTokenBreakdown aggregates input/output/cached/reasoning tokens from model details. -func (m usageTabModel) renderTokenBreakdown(modelStats map[string]any) string { - details, ok := modelStats["details"] - if !ok { - return "" - } - detailList, ok := details.([]any) - if !ok || len(detailList) == 0 { - return "" - } - - var inputTotal, outputTotal, cachedTotal, reasoningTotal int64 - for _, d := range detailList { - dm, ok := d.(map[string]any) - if !ok { - continue - } - tokens, ok := dm["tokens"].(map[string]any) - if !ok { - continue - } - inputTotal += int64(getFloat(tokens, "input_tokens")) - outputTotal += int64(getFloat(tokens, "output_tokens")) - cachedTotal += int64(getFloat(tokens, "cached_tokens")) - reasoningTotal += int64(getFloat(tokens, "reasoning_tokens")) - } - - if inputTotal == 0 && outputTotal == 0 && cachedTotal == 0 && reasoningTotal == 0 { - return "" - } - - parts := []string{} - if inputTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_input"), formatLargeNumber(inputTotal))) - } - if outputTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_output"), formatLargeNumber(outputTotal))) - } - if cachedTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_cached"), formatLargeNumber(cachedTotal))) - } - if reasoningTotal > 0 { - parts = append(parts, fmt.Sprintf("%s:%s", T("usage_reasoning"), formatLargeNumber(reasoningTotal))) - } - - return fmt.Sprintf(" │ %s\n", - lipgloss.NewStyle().Foreground(colorMuted).Render(strings.Join(parts, " "))) -} - -// renderBarChart renders a simple ASCII horizontal bar chart. -func renderBarChart(data map[string]any, maxBarWidth int, barColor lipgloss.Color) string { - if maxBarWidth < 10 { - maxBarWidth = 10 - } - - // Sort keys - keys := make([]string, 0, len(data)) - for k := range data { - keys = append(keys, k) - } - sort.Strings(keys) - - // Find max value - maxVal := float64(0) - for _, k := range keys { - v := getFloat(data, k) - if v > maxVal { - maxVal = v - } - } - if maxVal == 0 { - return "" - } - - barStyle := lipgloss.NewStyle().Foreground(barColor) - var sb strings.Builder - - labelWidth := 12 - barAvail := maxBarWidth - labelWidth - 12 - if barAvail < 5 { - barAvail = 5 - } - - for _, k := range keys { - v := getFloat(data, k) - barLen := int(v / maxVal * float64(barAvail)) - if barLen < 1 && v > 0 { - barLen = 1 - } - bar := strings.Repeat("█", barLen) - label := k - if len(label) > labelWidth { - label = label[:labelWidth] - } - sb.WriteString(fmt.Sprintf(" %-*s %s %s\n", - labelWidth, label, - barStyle.Render(bar), - lipgloss.NewStyle().Foreground(colorMuted).Render(fmt.Sprintf("%.0f", v)), - )) - } - - return sb.String() -} diff --git a/internal/usage/logger_plugin.go b/internal/usage/logger_plugin.go deleted file mode 100644 index 468e3ff2ca..0000000000 --- a/internal/usage/logger_plugin.go +++ /dev/null @@ -1,472 +0,0 @@ -// Package usage provides usage tracking and logging functionality for the CLI Proxy API server. -// It includes plugins for monitoring API usage, token consumption, and other metrics -// to help with observability and billing purposes. -package usage - -import ( - "context" - "fmt" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/gin-gonic/gin" - coreusage "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/usage" -) - -var statisticsEnabled atomic.Bool - -func init() { - statisticsEnabled.Store(true) - coreusage.RegisterPlugin(NewLoggerPlugin()) -} - -// LoggerPlugin collects in-memory request statistics for usage analysis. -// It implements coreusage.Plugin to receive usage records emitted by the runtime. -type LoggerPlugin struct { - stats *RequestStatistics -} - -// NewLoggerPlugin constructs a new logger plugin instance. -// -// Returns: -// - *LoggerPlugin: A new logger plugin instance wired to the shared statistics store. -func NewLoggerPlugin() *LoggerPlugin { return &LoggerPlugin{stats: defaultRequestStatistics} } - -// HandleUsage implements coreusage.Plugin. -// It updates the in-memory statistics store whenever a usage record is received. -// -// Parameters: -// - ctx: The context for the usage record -// - record: The usage record to aggregate -func (p *LoggerPlugin) HandleUsage(ctx context.Context, record coreusage.Record) { - if !statisticsEnabled.Load() { - return - } - if p == nil || p.stats == nil { - return - } - p.stats.Record(ctx, record) -} - -// SetStatisticsEnabled toggles whether in-memory statistics are recorded. -func SetStatisticsEnabled(enabled bool) { statisticsEnabled.Store(enabled) } - -// StatisticsEnabled reports the current recording state. -func StatisticsEnabled() bool { return statisticsEnabled.Load() } - -// RequestStatistics maintains aggregated request metrics in memory. -type RequestStatistics struct { - mu sync.RWMutex - - totalRequests int64 - successCount int64 - failureCount int64 - totalTokens int64 - - apis map[string]*apiStats - - requestsByDay map[string]int64 - requestsByHour map[int]int64 - tokensByDay map[string]int64 - tokensByHour map[int]int64 -} - -// apiStats holds aggregated metrics for a single API key. -type apiStats struct { - TotalRequests int64 - TotalTokens int64 - Models map[string]*modelStats -} - -// modelStats holds aggregated metrics for a specific model within an API. -type modelStats struct { - TotalRequests int64 - TotalTokens int64 - Details []RequestDetail -} - -// RequestDetail stores the timestamp and token usage for a single request. -type RequestDetail struct { - Timestamp time.Time `json:"timestamp"` - Source string `json:"source"` - AuthIndex string `json:"auth_index"` - Tokens TokenStats `json:"tokens"` - Failed bool `json:"failed"` -} - -// TokenStats captures the token usage breakdown for a request. -type TokenStats struct { - InputTokens int64 `json:"input_tokens"` - OutputTokens int64 `json:"output_tokens"` - ReasoningTokens int64 `json:"reasoning_tokens"` - CachedTokens int64 `json:"cached_tokens"` - TotalTokens int64 `json:"total_tokens"` -} - -// StatisticsSnapshot represents an immutable view of the aggregated metrics. -type StatisticsSnapshot struct { - TotalRequests int64 `json:"total_requests"` - SuccessCount int64 `json:"success_count"` - FailureCount int64 `json:"failure_count"` - TotalTokens int64 `json:"total_tokens"` - - APIs map[string]APISnapshot `json:"apis"` - - RequestsByDay map[string]int64 `json:"requests_by_day"` - RequestsByHour map[string]int64 `json:"requests_by_hour"` - TokensByDay map[string]int64 `json:"tokens_by_day"` - TokensByHour map[string]int64 `json:"tokens_by_hour"` -} - -// APISnapshot summarises metrics for a single API key. -type APISnapshot struct { - TotalRequests int64 `json:"total_requests"` - TotalTokens int64 `json:"total_tokens"` - Models map[string]ModelSnapshot `json:"models"` -} - -// ModelSnapshot summarises metrics for a specific model. -type ModelSnapshot struct { - TotalRequests int64 `json:"total_requests"` - TotalTokens int64 `json:"total_tokens"` - Details []RequestDetail `json:"details"` -} - -var defaultRequestStatistics = NewRequestStatistics() - -// GetRequestStatistics returns the shared statistics store. -func GetRequestStatistics() *RequestStatistics { return defaultRequestStatistics } - -// NewRequestStatistics constructs an empty statistics store. -func NewRequestStatistics() *RequestStatistics { - return &RequestStatistics{ - apis: make(map[string]*apiStats), - requestsByDay: make(map[string]int64), - requestsByHour: make(map[int]int64), - tokensByDay: make(map[string]int64), - tokensByHour: make(map[int]int64), - } -} - -// Record ingests a new usage record and updates the aggregates. -func (s *RequestStatistics) Record(ctx context.Context, record coreusage.Record) { - if s == nil { - return - } - if !statisticsEnabled.Load() { - return - } - timestamp := record.RequestedAt - if timestamp.IsZero() { - timestamp = time.Now() - } - detail := normaliseDetail(record.Detail) - totalTokens := detail.TotalTokens - statsKey := record.APIKey - if statsKey == "" { - statsKey = resolveAPIIdentifier(ctx, record) - } - failed := record.Failed - if !failed { - failed = !resolveSuccess(ctx) - } - success := !failed - modelName := record.Model - if modelName == "" { - modelName = "unknown" - } - dayKey := timestamp.Format("2006-01-02") - hourKey := timestamp.Hour() - - s.mu.Lock() - defer s.mu.Unlock() - - s.totalRequests++ - if success { - s.successCount++ - } else { - s.failureCount++ - } - s.totalTokens += totalTokens - - stats, ok := s.apis[statsKey] - if !ok { - stats = &apiStats{Models: make(map[string]*modelStats)} - s.apis[statsKey] = stats - } - s.updateAPIStats(stats, modelName, RequestDetail{ - Timestamp: timestamp, - Source: record.Source, - AuthIndex: record.AuthIndex, - Tokens: detail, - Failed: failed, - }) - - s.requestsByDay[dayKey]++ - s.requestsByHour[hourKey]++ - s.tokensByDay[dayKey] += totalTokens - s.tokensByHour[hourKey] += totalTokens -} - -func (s *RequestStatistics) updateAPIStats(stats *apiStats, model string, detail RequestDetail) { - stats.TotalRequests++ - stats.TotalTokens += detail.Tokens.TotalTokens - modelStatsValue, ok := stats.Models[model] - if !ok { - modelStatsValue = &modelStats{} - stats.Models[model] = modelStatsValue - } - modelStatsValue.TotalRequests++ - modelStatsValue.TotalTokens += detail.Tokens.TotalTokens - modelStatsValue.Details = append(modelStatsValue.Details, detail) -} - -// Snapshot returns a copy of the aggregated metrics for external consumption. -func (s *RequestStatistics) Snapshot() StatisticsSnapshot { - result := StatisticsSnapshot{} - if s == nil { - return result - } - - s.mu.RLock() - defer s.mu.RUnlock() - - result.TotalRequests = s.totalRequests - result.SuccessCount = s.successCount - result.FailureCount = s.failureCount - result.TotalTokens = s.totalTokens - - result.APIs = make(map[string]APISnapshot, len(s.apis)) - for apiName, stats := range s.apis { - apiSnapshot := APISnapshot{ - TotalRequests: stats.TotalRequests, - TotalTokens: stats.TotalTokens, - Models: make(map[string]ModelSnapshot, len(stats.Models)), - } - for modelName, modelStatsValue := range stats.Models { - requestDetails := make([]RequestDetail, len(modelStatsValue.Details)) - copy(requestDetails, modelStatsValue.Details) - apiSnapshot.Models[modelName] = ModelSnapshot{ - TotalRequests: modelStatsValue.TotalRequests, - TotalTokens: modelStatsValue.TotalTokens, - Details: requestDetails, - } - } - result.APIs[apiName] = apiSnapshot - } - - result.RequestsByDay = make(map[string]int64, len(s.requestsByDay)) - for k, v := range s.requestsByDay { - result.RequestsByDay[k] = v - } - - result.RequestsByHour = make(map[string]int64, len(s.requestsByHour)) - for hour, v := range s.requestsByHour { - key := formatHour(hour) - result.RequestsByHour[key] = v - } - - result.TokensByDay = make(map[string]int64, len(s.tokensByDay)) - for k, v := range s.tokensByDay { - result.TokensByDay[k] = v - } - - result.TokensByHour = make(map[string]int64, len(s.tokensByHour)) - for hour, v := range s.tokensByHour { - key := formatHour(hour) - result.TokensByHour[key] = v - } - - return result -} - -type MergeResult struct { - Added int64 `json:"added"` - Skipped int64 `json:"skipped"` -} - -// MergeSnapshot merges an exported statistics snapshot into the current store. -// Existing data is preserved and duplicate request details are skipped. -func (s *RequestStatistics) MergeSnapshot(snapshot StatisticsSnapshot) MergeResult { - result := MergeResult{} - if s == nil { - return result - } - - s.mu.Lock() - defer s.mu.Unlock() - - seen := make(map[string]struct{}) - for apiName, stats := range s.apis { - if stats == nil { - continue - } - for modelName, modelStatsValue := range stats.Models { - if modelStatsValue == nil { - continue - } - for _, detail := range modelStatsValue.Details { - seen[dedupKey(apiName, modelName, detail)] = struct{}{} - } - } - } - - for apiName, apiSnapshot := range snapshot.APIs { - apiName = strings.TrimSpace(apiName) - if apiName == "" { - continue - } - stats, ok := s.apis[apiName] - if !ok || stats == nil { - stats = &apiStats{Models: make(map[string]*modelStats)} - s.apis[apiName] = stats - } else if stats.Models == nil { - stats.Models = make(map[string]*modelStats) - } - for modelName, modelSnapshot := range apiSnapshot.Models { - modelName = strings.TrimSpace(modelName) - if modelName == "" { - modelName = "unknown" - } - for _, detail := range modelSnapshot.Details { - detail.Tokens = normaliseTokenStats(detail.Tokens) - if detail.Timestamp.IsZero() { - detail.Timestamp = time.Now() - } - key := dedupKey(apiName, modelName, detail) - if _, exists := seen[key]; exists { - result.Skipped++ - continue - } - seen[key] = struct{}{} - s.recordImported(apiName, modelName, stats, detail) - result.Added++ - } - } - } - - return result -} - -func (s *RequestStatistics) recordImported(apiName, modelName string, stats *apiStats, detail RequestDetail) { - totalTokens := detail.Tokens.TotalTokens - if totalTokens < 0 { - totalTokens = 0 - } - - s.totalRequests++ - if detail.Failed { - s.failureCount++ - } else { - s.successCount++ - } - s.totalTokens += totalTokens - - s.updateAPIStats(stats, modelName, detail) - - dayKey := detail.Timestamp.Format("2006-01-02") - hourKey := detail.Timestamp.Hour() - - s.requestsByDay[dayKey]++ - s.requestsByHour[hourKey]++ - s.tokensByDay[dayKey] += totalTokens - s.tokensByHour[hourKey] += totalTokens -} - -func dedupKey(apiName, modelName string, detail RequestDetail) string { - timestamp := detail.Timestamp.UTC().Format(time.RFC3339Nano) - tokens := normaliseTokenStats(detail.Tokens) - return fmt.Sprintf( - "%s|%s|%s|%s|%s|%t|%d|%d|%d|%d|%d", - apiName, - modelName, - timestamp, - detail.Source, - detail.AuthIndex, - detail.Failed, - tokens.InputTokens, - tokens.OutputTokens, - tokens.ReasoningTokens, - tokens.CachedTokens, - tokens.TotalTokens, - ) -} - -func resolveAPIIdentifier(ctx context.Context, record coreusage.Record) string { - if ctx != nil { - if ginCtx, ok := ctx.Value("gin").(*gin.Context); ok && ginCtx != nil { - path := ginCtx.FullPath() - if path == "" && ginCtx.Request != nil { - path = ginCtx.Request.URL.Path - } - method := "" - if ginCtx.Request != nil { - method = ginCtx.Request.Method - } - if path != "" { - if method != "" { - return method + " " + path - } - return path - } - } - } - if record.Provider != "" { - return record.Provider - } - return "unknown" -} - -func resolveSuccess(ctx context.Context) bool { - if ctx == nil { - return true - } - ginCtx, ok := ctx.Value("gin").(*gin.Context) - if !ok || ginCtx == nil { - return true - } - status := ginCtx.Writer.Status() - if status == 0 { - return true - } - return status < httpStatusBadRequest -} - -const httpStatusBadRequest = 400 - -func normaliseDetail(detail coreusage.Detail) TokenStats { - tokens := TokenStats{ - InputTokens: detail.InputTokens, - OutputTokens: detail.OutputTokens, - ReasoningTokens: detail.ReasoningTokens, - CachedTokens: detail.CachedTokens, - TotalTokens: detail.TotalTokens, - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = detail.InputTokens + detail.OutputTokens + detail.ReasoningTokens + detail.CachedTokens - } - return tokens -} - -func normaliseTokenStats(tokens TokenStats) TokenStats { - if tokens.TotalTokens == 0 { - tokens.TotalTokens = tokens.InputTokens + tokens.OutputTokens + tokens.ReasoningTokens - } - if tokens.TotalTokens == 0 { - tokens.TotalTokens = tokens.InputTokens + tokens.OutputTokens + tokens.ReasoningTokens + tokens.CachedTokens - } - return tokens -} - -func formatHour(hour int) string { - if hour < 0 { - hour = 0 - } - hour = hour % 24 - return fmt.Sprintf("%02d", hour) -} diff --git a/internal/util/claude_model.go b/internal/util/claude_model.go deleted file mode 100644 index 1534f02c46..0000000000 --- a/internal/util/claude_model.go +++ /dev/null @@ -1,10 +0,0 @@ -package util - -import "strings" - -// IsClaudeThinkingModel checks if the model is a Claude thinking model -// that requires the interleaved-thinking beta header. -func IsClaudeThinkingModel(model string) bool { - lower := strings.ToLower(model) - return strings.Contains(lower, "claude") && strings.Contains(lower, "thinking") -} diff --git a/internal/util/claude_model_test.go b/internal/util/claude_model_test.go deleted file mode 100644 index d20c337de4..0000000000 --- a/internal/util/claude_model_test.go +++ /dev/null @@ -1,42 +0,0 @@ -package util - -import "testing" - -func TestIsClaudeThinkingModel(t *testing.T) { - tests := []struct { - name string - model string - expected bool - }{ - // Claude thinking models - should return true - {"claude-sonnet-4-5-thinking", "claude-sonnet-4-5-thinking", true}, - {"claude-opus-4-5-thinking", "claude-opus-4-5-thinking", true}, - {"claude-opus-4-6-thinking", "claude-opus-4-6-thinking", true}, - {"Claude-Sonnet-Thinking uppercase", "Claude-Sonnet-4-5-Thinking", true}, - {"claude thinking mixed case", "Claude-THINKING-Model", true}, - - // Non-thinking Claude models - should return false - {"claude-sonnet-4-5 (no thinking)", "claude-sonnet-4-5", false}, - {"claude-opus-4-5 (no thinking)", "claude-opus-4-5", false}, - {"claude-3-5-sonnet", "claude-3-5-sonnet-20240620", false}, - - // Non-Claude models - should return false - {"gemini-3-pro-preview", "gemini-3-pro-preview", false}, - {"gemini-thinking model", "gemini-3-pro-thinking", false}, // not Claude - {"gpt-4o", "gpt-4o", false}, - {"empty string", "", false}, - - // Edge cases - {"thinking without claude", "thinking-model", false}, - {"claude without thinking", "claude-model", false}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := IsClaudeThinkingModel(tt.model) - if result != tt.expected { - t.Errorf("IsClaudeThinkingModel(%q) = %v, expected %v", tt.model, result, tt.expected) - } - }) - } -} diff --git a/internal/util/gemini_schema.go b/internal/util/gemini_schema.go deleted file mode 100644 index b8d07bf4d9..0000000000 --- a/internal/util/gemini_schema.go +++ /dev/null @@ -1,785 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -package util - -import ( - "fmt" - "sort" - "strconv" - "strings" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -var gjsonPathKeyReplacer = strings.NewReplacer(".", "\\.", "*", "\\*", "?", "\\?") - -const placeholderReasonDescription = "Brief explanation of why you are calling this tool" - -// CleanJSONSchemaForAntigravity transforms a JSON schema to be compatible with Antigravity API. -// It handles unsupported keywords, type flattening, and schema simplification while preserving -// semantic information as description hints. -func CleanJSONSchemaForAntigravity(jsonStr string) string { - return cleanJSONSchema(jsonStr, true) -} - -// CleanJSONSchemaForGemini transforms a JSON schema to be compatible with Gemini tool calling. -// It removes unsupported keywords and simplifies schemas, without adding empty-schema placeholders. -func CleanJSONSchemaForGemini(jsonStr string) string { - return cleanJSONSchema(jsonStr, false) -} - -// cleanJSONSchema performs the core cleaning operations on the JSON schema. -func cleanJSONSchema(jsonStr string, addPlaceholder bool) string { - // Phase 1: Convert and add hints - jsonStr = convertRefsToHints(jsonStr) - jsonStr = convertConstToEnum(jsonStr) - jsonStr = convertEnumValuesToStrings(jsonStr) - jsonStr = addEnumHints(jsonStr) - jsonStr = addAdditionalPropertiesHints(jsonStr) - jsonStr = moveConstraintsToDescription(jsonStr) - - // Phase 2: Flatten complex structures - jsonStr = mergeAllOf(jsonStr) - jsonStr = flattenAnyOfOneOf(jsonStr) - jsonStr = flattenTypeArrays(jsonStr) - - // Phase 3: Cleanup - jsonStr = removeUnsupportedKeywords(jsonStr) - if !addPlaceholder { - // Gemini schema cleanup: remove nullable/title and placeholder-only fields. - jsonStr = removeKeywords(jsonStr, []string{"nullable", "title"}) - jsonStr = removePlaceholderFields(jsonStr) - } - jsonStr = cleanupRequiredFields(jsonStr) - // Phase 4: Add placeholder for empty object schemas (Claude VALIDATED mode requirement) - if addPlaceholder { - jsonStr = addEmptySchemaPlaceholder(jsonStr) - } - - return jsonStr -} - -// removeKeywords removes all occurrences of specified keywords from the JSON schema. -func removeKeywords(jsonStr string, keywords []string) string { - deletePaths := make([]string, 0) - pathsByField := findPathsByFields(jsonStr, keywords) - for _, key := range keywords { - for _, p := range pathsByField[key] { - if isPropertyDefinition(trimSuffix(p, "."+key)) { - continue - } - deletePaths = append(deletePaths, p) - } - } - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - return jsonStr -} - -// removePlaceholderFields removes placeholder-only properties ("_" and "reason") and their required entries. -func removePlaceholderFields(jsonStr string) string { - // Remove "_" placeholder properties. - paths := findPaths(jsonStr, "_") - sortByDepth(paths) - for _, p := range paths { - if !strings.HasSuffix(p, ".properties._") { - continue - } - jsonStr, _ = sjson.Delete(jsonStr, p) - parentPath := trimSuffix(p, ".properties._") - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != "_" { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - - // Remove placeholder-only "reason" objects. - reasonPaths := findPaths(jsonStr, "reason") - sortByDepth(reasonPaths) - for _, p := range reasonPaths { - if !strings.HasSuffix(p, ".properties.reason") { - continue - } - parentPath := trimSuffix(p, ".properties.reason") - props := gjson.Get(jsonStr, joinPath(parentPath, "properties")) - if !props.IsObject() || len(props.Map()) != 1 { - continue - } - desc := gjson.Get(jsonStr, p+".description").String() - if desc != placeholderReasonDescription { - continue - } - jsonStr, _ = sjson.Delete(jsonStr, p) - reqPath := joinPath(parentPath, "required") - req := gjson.Get(jsonStr, reqPath) - if req.IsArray() { - var filtered []string - for _, r := range req.Array() { - if r.String() != "reason" { - filtered = append(filtered, r.String()) - } - } - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - } - - return jsonStr -} - -// convertRefsToHints converts $ref to description hints (Lazy Hint strategy). -func convertRefsToHints(jsonStr string) string { - paths := findPaths(jsonStr, "$ref") - sortByDepth(paths) - - for _, p := range paths { - refVal := gjson.Get(jsonStr, p).String() - defName := refVal - if idx := strings.LastIndex(refVal, "/"); idx >= 0 { - defName = refVal[idx+1:] - } - - parentPath := trimSuffix(p, ".$ref") - hint := fmt.Sprintf("See: %s", defName) - if existing := gjson.Get(jsonStr, descriptionPath(parentPath)).String(); existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - - replacement := `{"type":"object","description":""}` - replacement, _ = sjson.Set(replacement, "description", hint) - jsonStr = setRawAt(jsonStr, parentPath, replacement) - } - return jsonStr -} - -func convertConstToEnum(jsonStr string) string { - for _, p := range findPaths(jsonStr, "const") { - val := gjson.Get(jsonStr, p) - if !val.Exists() { - continue - } - enumPath := trimSuffix(p, ".const") + ".enum" - if !gjson.Get(jsonStr, enumPath).Exists() { - jsonStr, _ = sjson.Set(jsonStr, enumPath, []interface{}{val.Value()}) - } - } - return jsonStr -} - -// convertEnumValuesToStrings ensures all enum values are strings and the schema type is set to string. -// Gemini API requires enum values to be of type string, not numbers or booleans. -func convertEnumValuesToStrings(jsonStr string) string { - for _, p := range findPaths(jsonStr, "enum") { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() { - continue - } - - var stringVals []string - for _, item := range arr.Array() { - stringVals = append(stringVals, item.String()) - } - - // Always update enum values to strings and set type to "string" - // This ensures compatibility with Antigravity Gemini which only allows enum for STRING type - jsonStr, _ = sjson.Set(jsonStr, p, stringVals) - parentPath := trimSuffix(p, ".enum") - jsonStr, _ = sjson.Set(jsonStr, joinPath(parentPath, "type"), "string") - } - return jsonStr -} - -func addEnumHints(jsonStr string) string { - for _, p := range findPaths(jsonStr, "enum") { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() { - continue - } - items := arr.Array() - if len(items) <= 1 || len(items) > 10 { - continue - } - - var vals []string - for _, item := range items { - vals = append(vals, item.String()) - } - jsonStr = appendHint(jsonStr, trimSuffix(p, ".enum"), "Allowed: "+strings.Join(vals, ", ")) - } - return jsonStr -} - -func addAdditionalPropertiesHints(jsonStr string) string { - for _, p := range findPaths(jsonStr, "additionalProperties") { - if gjson.Get(jsonStr, p).Type == gjson.False { - jsonStr = appendHint(jsonStr, trimSuffix(p, ".additionalProperties"), "No extra properties allowed") - } - } - return jsonStr -} - -var unsupportedConstraints = []string{ - "minLength", "maxLength", "exclusiveMinimum", "exclusiveMaximum", - "pattern", "minItems", "maxItems", "format", - "default", "examples", // Claude rejects these in VALIDATED mode -} - -func moveConstraintsToDescription(jsonStr string) string { - pathsByField := findPathsByFields(jsonStr, unsupportedConstraints) - for _, key := range unsupportedConstraints { - for _, p := range pathsByField[key] { - val := gjson.Get(jsonStr, p) - if !val.Exists() || val.IsObject() || val.IsArray() { - continue - } - parentPath := trimSuffix(p, "."+key) - if isPropertyDefinition(parentPath) { - continue - } - jsonStr = appendHint(jsonStr, parentPath, fmt.Sprintf("%s: %s", key, val.String())) - } - } - return jsonStr -} - -func mergeAllOf(jsonStr string) string { - paths := findPaths(jsonStr, "allOf") - sortByDepth(paths) - - for _, p := range paths { - allOf := gjson.Get(jsonStr, p) - if !allOf.IsArray() { - continue - } - parentPath := trimSuffix(p, ".allOf") - - for _, item := range allOf.Array() { - if props := item.Get("properties"); props.IsObject() { - props.ForEach(func(key, value gjson.Result) bool { - destPath := joinPath(parentPath, "properties."+escapeGJSONPathKey(key.String())) - jsonStr, _ = sjson.SetRaw(jsonStr, destPath, value.Raw) - return true - }) - } - if req := item.Get("required"); req.IsArray() { - reqPath := joinPath(parentPath, "required") - current := getStrings(jsonStr, reqPath) - for _, r := range req.Array() { - if s := r.String(); !contains(current, s) { - current = append(current, s) - } - } - jsonStr, _ = sjson.Set(jsonStr, reqPath, current) - } - } - jsonStr, _ = sjson.Delete(jsonStr, p) - } - return jsonStr -} - -func flattenAnyOfOneOf(jsonStr string) string { - for _, key := range []string{"anyOf", "oneOf"} { - paths := findPaths(jsonStr, key) - sortByDepth(paths) - - for _, p := range paths { - arr := gjson.Get(jsonStr, p) - if !arr.IsArray() || len(arr.Array()) == 0 { - continue - } - - parentPath := trimSuffix(p, "."+key) - parentDesc := gjson.Get(jsonStr, descriptionPath(parentPath)).String() - - items := arr.Array() - bestIdx, allTypes := selectBest(items) - selected := items[bestIdx].Raw - - if parentDesc != "" { - selected = mergeDescriptionRaw(selected, parentDesc) - } - - if len(allTypes) > 1 { - hint := "Accepts: " + strings.Join(allTypes, " | ") - selected = appendHintRaw(selected, hint) - } - - jsonStr = setRawAt(jsonStr, parentPath, selected) - } - } - return jsonStr -} - -func selectBest(items []gjson.Result) (bestIdx int, types []string) { - bestScore := -1 - for i, item := range items { - t := item.Get("type").String() - score := 0 - - switch { - case t == "object" || item.Get("properties").Exists(): - score, t = 3, orDefault(t, "object") - case t == "array" || item.Get("items").Exists(): - score, t = 2, orDefault(t, "array") - case t != "" && t != "null": - score = 1 - default: - t = orDefault(t, "null") - } - - if t != "" { - types = append(types, t) - } - if score > bestScore { - bestScore, bestIdx = score, i - } - } - return -} - -func flattenTypeArrays(jsonStr string) string { - paths := findPaths(jsonStr, "type") - sortByDepth(paths) - - nullableFields := make(map[string][]string) - - for _, p := range paths { - res := gjson.Get(jsonStr, p) - if !res.IsArray() || len(res.Array()) == 0 { - continue - } - - hasNull := false - var nonNullTypes []string - for _, item := range res.Array() { - s := item.String() - if s == "null" { - hasNull = true - } else if s != "" { - nonNullTypes = append(nonNullTypes, s) - } - } - - firstType := "string" - if len(nonNullTypes) > 0 { - firstType = nonNullTypes[0] - } - - jsonStr, _ = sjson.Set(jsonStr, p, firstType) - - parentPath := trimSuffix(p, ".type") - if len(nonNullTypes) > 1 { - hint := "Accepts: " + strings.Join(nonNullTypes, " | ") - jsonStr = appendHint(jsonStr, parentPath, hint) - } - - if hasNull { - parts := splitGJSONPath(p) - if len(parts) >= 3 && parts[len(parts)-3] == "properties" { - fieldNameEscaped := parts[len(parts)-2] - fieldName := unescapeGJSONPathKey(fieldNameEscaped) - objectPath := strings.Join(parts[:len(parts)-3], ".") - nullableFields[objectPath] = append(nullableFields[objectPath], fieldName) - - propPath := joinPath(objectPath, "properties."+fieldNameEscaped) - jsonStr = appendHint(jsonStr, propPath, "(nullable)") - } - } - } - - for objectPath, fields := range nullableFields { - reqPath := joinPath(objectPath, "required") - req := gjson.Get(jsonStr, reqPath) - if !req.IsArray() { - continue - } - - var filtered []string - for _, r := range req.Array() { - if !contains(fields, r.String()) { - filtered = append(filtered, r.String()) - } - } - - if len(filtered) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, reqPath) - } else { - jsonStr, _ = sjson.Set(jsonStr, reqPath, filtered) - } - } - return jsonStr -} - -func removeUnsupportedKeywords(jsonStr string) string { - keywords := append(unsupportedConstraints, - "$schema", "$defs", "definitions", "const", "$ref", "$id", "additionalProperties", - "propertyNames", "patternProperties", // Gemini doesn't support these schema keywords - "enumTitles", "prefill", // Claude/OpenCode schema metadata fields unsupported by Gemini - ) - - deletePaths := make([]string, 0) - pathsByField := findPathsByFields(jsonStr, keywords) - for _, key := range keywords { - for _, p := range pathsByField[key] { - if isPropertyDefinition(trimSuffix(p, "."+key)) { - continue - } - deletePaths = append(deletePaths, p) - } - } - sortByDepth(deletePaths) - for _, p := range deletePaths { - jsonStr, _ = sjson.Delete(jsonStr, p) - } - // Remove x-* extension fields (e.g., x-google-enum-descriptions) that are not supported by Gemini API - jsonStr = removeExtensionFields(jsonStr) - return jsonStr -} - -// removeExtensionFields removes all x-* extension fields from the JSON schema. -// These are OpenAPI/JSON Schema extension fields that Google APIs don't recognize. -func removeExtensionFields(jsonStr string) string { - var paths []string - walkForExtensions(gjson.Parse(jsonStr), "", &paths) - // walkForExtensions returns paths in a way that deeper paths are added before their ancestors - // when they are not deleted wholesale, but since we skip children of deleted x-* nodes, - // any collected path is safe to delete. We still use DeleteBytes for efficiency. - - b := []byte(jsonStr) - for _, p := range paths { - b, _ = sjson.DeleteBytes(b, p) - } - return string(b) -} - -func walkForExtensions(value gjson.Result, path string, paths *[]string) { - if value.IsArray() { - arr := value.Array() - for i := len(arr) - 1; i >= 0; i-- { - walkForExtensions(arr[i], joinPath(path, strconv.Itoa(i)), paths) - } - return - } - - if value.IsObject() { - value.ForEach(func(key, val gjson.Result) bool { - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - childPath := joinPath(path, safeKey) - - // If it's an extension field, we delete it and don't need to look at its children. - if strings.HasPrefix(keyStr, "x-") && !isPropertyDefinition(path) { - *paths = append(*paths, childPath) - return true - } - - walkForExtensions(val, childPath, paths) - return true - }) - } -} - -func cleanupRequiredFields(jsonStr string) string { - for _, p := range findPaths(jsonStr, "required") { - parentPath := trimSuffix(p, ".required") - propsPath := joinPath(parentPath, "properties") - - req := gjson.Get(jsonStr, p) - props := gjson.Get(jsonStr, propsPath) - if !req.IsArray() || !props.IsObject() { - continue - } - - var valid []string - for _, r := range req.Array() { - key := r.String() - if props.Get(escapeGJSONPathKey(key)).Exists() { - valid = append(valid, key) - } - } - - if len(valid) != len(req.Array()) { - if len(valid) == 0 { - jsonStr, _ = sjson.Delete(jsonStr, p) - } else { - jsonStr, _ = sjson.Set(jsonStr, p, valid) - } - } - } - return jsonStr -} - -// addEmptySchemaPlaceholder adds a placeholder "reason" property to empty object schemas. -// Claude VALIDATED mode requires at least one required property in tool schemas. -func addEmptySchemaPlaceholder(jsonStr string) string { - // Find all "type" fields - paths := findPaths(jsonStr, "type") - - // Process from deepest to shallowest (to handle nested objects properly) - sortByDepth(paths) - - for _, p := range paths { - typeVal := gjson.Get(jsonStr, p) - if typeVal.String() != "object" { - continue - } - - // Get the parent path (the object containing "type") - parentPath := trimSuffix(p, ".type") - - // Check if properties exists and is empty or missing - propsPath := joinPath(parentPath, "properties") - propsVal := gjson.Get(jsonStr, propsPath) - reqPath := joinPath(parentPath, "required") - reqVal := gjson.Get(jsonStr, reqPath) - hasRequiredProperties := reqVal.IsArray() && len(reqVal.Array()) > 0 - - needsPlaceholder := false - if !propsVal.Exists() { - // No properties field at all - needsPlaceholder = true - } else if propsVal.IsObject() && len(propsVal.Map()) == 0 { - // Empty properties object - needsPlaceholder = true - } - - if needsPlaceholder { - // Add placeholder "reason" property - reasonPath := joinPath(propsPath, "reason") - jsonStr, _ = sjson.Set(jsonStr, reasonPath+".type", "string") - jsonStr, _ = sjson.Set(jsonStr, reasonPath+".description", placeholderReasonDescription) - - // Add to required array - jsonStr, _ = sjson.Set(jsonStr, reqPath, []string{"reason"}) - continue - } - - // If schema has properties but none are required, add a minimal placeholder. - if propsVal.IsObject() && !hasRequiredProperties { - // DO NOT add placeholder if it's a top-level schema (parentPath is empty) - // or if we've already added a placeholder reason above. - if parentPath == "" { - continue - } - placeholderPath := joinPath(propsPath, "_") - if !gjson.Get(jsonStr, placeholderPath).Exists() { - jsonStr, _ = sjson.Set(jsonStr, placeholderPath+".type", "boolean") - } - jsonStr, _ = sjson.Set(jsonStr, reqPath, []string{"_"}) - } - } - - return jsonStr -} - -// --- Helpers --- - -func findPaths(jsonStr, field string) []string { - var paths []string - Walk(gjson.Parse(jsonStr), "", field, &paths) - return paths -} - -func findPathsByFields(jsonStr string, fields []string) map[string][]string { - set := make(map[string]struct{}, len(fields)) - for _, field := range fields { - set[field] = struct{}{} - } - paths := make(map[string][]string, len(set)) - walkForFields(gjson.Parse(jsonStr), "", set, paths) - return paths -} - -func walkForFields(value gjson.Result, path string, fields map[string]struct{}, paths map[string][]string) { - switch value.Type { - case gjson.JSON: - value.ForEach(func(key, val gjson.Result) bool { - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - - var childPath string - if path == "" { - childPath = safeKey - } else { - childPath = path + "." + safeKey - } - - if _, ok := fields[keyStr]; ok { - paths[keyStr] = append(paths[keyStr], childPath) - } - - walkForFields(val, childPath, fields, paths) - return true - }) - case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null: - // Terminal types - no further traversal needed - } -} - -func sortByDepth(paths []string) { - sort.Slice(paths, func(i, j int) bool { return len(paths[i]) > len(paths[j]) }) -} - -func trimSuffix(path, suffix string) string { - if path == strings.TrimPrefix(suffix, ".") { - return "" - } - return strings.TrimSuffix(path, suffix) -} - -func joinPath(base, suffix string) string { - if base == "" { - return suffix - } - return base + "." + suffix -} - -func setRawAt(jsonStr, path, value string) string { - if path == "" { - return value - } - result, _ := sjson.SetRaw(jsonStr, path, value) - return result -} - -func isPropertyDefinition(path string) bool { - return path == "properties" || strings.HasSuffix(path, ".properties") -} - -func descriptionPath(parentPath string) string { - if parentPath == "" || parentPath == "@this" { - return "description" - } - return parentPath + ".description" -} - -func appendHint(jsonStr, parentPath, hint string) string { - descPath := parentPath + ".description" - if parentPath == "" || parentPath == "@this" { - descPath = "description" - } - existing := gjson.Get(jsonStr, descPath).String() - if existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - jsonStr, _ = sjson.Set(jsonStr, descPath, hint) - return jsonStr -} - -func appendHintRaw(jsonRaw, hint string) string { - existing := gjson.Get(jsonRaw, "description").String() - if existing != "" { - hint = fmt.Sprintf("%s (%s)", existing, hint) - } - jsonRaw, _ = sjson.Set(jsonRaw, "description", hint) - return jsonRaw -} - -func getStrings(jsonStr, path string) []string { - var result []string - if arr := gjson.Get(jsonStr, path); arr.IsArray() { - for _, r := range arr.Array() { - result = append(result, r.String()) - } - } - return result -} - -func contains(slice []string, item string) bool { - for _, s := range slice { - if s == item { - return true - } - } - return false -} - -func orDefault(val, def string) string { - if val == "" { - return def - } - return val -} - -func escapeGJSONPathKey(key string) string { - if strings.IndexAny(key, ".*?") == -1 { - return key - } - return gjsonPathKeyReplacer.Replace(key) -} - -func unescapeGJSONPathKey(key string) string { - if !strings.Contains(key, "\\") { - return key - } - var b strings.Builder - b.Grow(len(key)) - for i := 0; i < len(key); i++ { - if key[i] == '\\' && i+1 < len(key) { - i++ - b.WriteByte(key[i]) - continue - } - b.WriteByte(key[i]) - } - return b.String() -} - -func splitGJSONPath(path string) []string { - if path == "" { - return nil - } - - parts := make([]string, 0, strings.Count(path, ".")+1) - var b strings.Builder - b.Grow(len(path)) - - for i := 0; i < len(path); i++ { - c := path[i] - if c == '\\' && i+1 < len(path) { - b.WriteByte('\\') - i++ - b.WriteByte(path[i]) - continue - } - if c == '.' { - parts = append(parts, b.String()) - b.Reset() - continue - } - b.WriteByte(c) - } - parts = append(parts, b.String()) - return parts -} - -func mergeDescriptionRaw(schemaRaw, parentDesc string) string { - childDesc := gjson.Get(schemaRaw, "description").String() - switch { - case childDesc == "": - schemaRaw, _ = sjson.Set(schemaRaw, "description", parentDesc) - return schemaRaw - case childDesc == parentDesc: - return schemaRaw - default: - combined := fmt.Sprintf("%s (%s)", parentDesc, childDesc) - schemaRaw, _ = sjson.Set(schemaRaw, "description", combined) - return schemaRaw - } -} diff --git a/internal/util/gemini_schema_test.go b/internal/util/gemini_schema_test.go deleted file mode 100644 index bb06e95673..0000000000 --- a/internal/util/gemini_schema_test.go +++ /dev/null @@ -1,1048 +0,0 @@ -package util - -import ( - "encoding/json" - "reflect" - "strings" - "testing" - - "github.com/tidwall/gjson" -) - -func TestCleanJSONSchemaForAntigravity_ConstToEnum(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "const": "InsightVizNode" - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": ["InsightVizNode"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_TypeFlattening_Nullable(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { - "type": ["string", "null"] - }, - "other": { - "type": "string" - } - }, - "required": ["name", "other"] - }` - - expected := `{ - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "(nullable)" - }, - "other": { - "type": "string" - } - }, - "required": ["other"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_ConstraintsToDescription(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "tags": { - "type": "array", - "description": "List of tags", - "minItems": 1 - }, - "name": { - "type": "string", - "description": "User name", - "minLength": 3 - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // minItems should be REMOVED and moved to description - if strings.Contains(result, `"minItems"`) { - t.Errorf("minItems keyword should be removed") - } - if !strings.Contains(result, "minItems: 1") { - t.Errorf("minItems hint missing in description") - } - - // minLength should be moved to description - if !strings.Contains(result, "minLength: 3") { - t.Errorf("minLength hint missing in description") - } - if strings.Contains(result, `"minLength":`) || strings.Contains(result, `"minLength" :`) { - t.Errorf("minLength keyword should be removed") - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfFlattening_SmartSelection(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "query": { - "anyOf": [ - { "type": "null" }, - { - "type": "object", - "properties": { - "kind": { "type": "string" } - } - } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "query": { - "type": "object", - "description": "Accepts: null | object", - "properties": { - "_": { "type": "boolean" }, - "kind": { "type": "string" } - }, - "required": ["_"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_OneOfFlattening(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "config": { - "oneOf": [ - { "type": "string" }, - { "type": "integer" } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "config": { - "type": "string", - "description": "Accepts: string | integer" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_AllOfMerging(t *testing.T) { - input := `{ - "type": "object", - "allOf": [ - { - "properties": { - "a": { "type": "string" } - }, - "required": ["a"] - }, - { - "properties": { - "b": { "type": "integer" } - }, - "required": ["b"] - } - ] - }` - - expected := `{ - "type": "object", - "properties": { - "a": { "type": "string" }, - "b": { "type": "integer" } - }, - "required": ["a", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_RefHandling(t *testing.T) { - input := `{ - "definitions": { - "User": { - "type": "object", - "properties": { - "name": { "type": "string" } - } - } - }, - "type": "object", - "properties": { - "customer": { "$ref": "#/definitions/User" } - } - }` - - // After $ref is converted to placeholder object, empty schema placeholder is also added - expected := `{ - "type": "object", - "properties": { - "customer": { - "type": "object", - "description": "See: User", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_RefHandling_DescriptionEscaping(t *testing.T) { - input := `{ - "definitions": { - "User": { - "type": "object", - "properties": { - "name": { "type": "string" } - } - } - }, - "type": "object", - "properties": { - "customer": { - "description": "He said \"hi\"\\nsecond line", - "$ref": "#/definitions/User" - } - } - }` - - // After $ref is converted, empty schema placeholder is also added - expected := `{ - "type": "object", - "properties": { - "customer": { - "type": "object", - "description": "He said \"hi\"\\nsecond line (See: User)", - "properties": { - "reason": { - "type": "string", - "description": "Brief explanation of why you are calling this tool" - } - }, - "required": ["reason"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_CyclicRefDefaults(t *testing.T) { - input := `{ - "definitions": { - "Node": { - "type": "object", - "properties": { - "child": { "$ref": "#/definitions/Node" } - } - } - }, - "$ref": "#/definitions/Node" - }` - - result := CleanJSONSchemaForAntigravity(input) - - var resMap map[string]interface{} - json.Unmarshal([]byte(result), &resMap) - - if resMap["type"] != "object" { - t.Errorf("Expected type: object, got: %v", resMap["type"]) - } - - desc, ok := resMap["description"].(string) - if !ok || !strings.Contains(desc, "Node") { - t.Errorf("Expected description hint containing 'Node', got: %v", resMap["description"]) - } -} - -func TestCleanJSONSchemaForAntigravity_RequiredCleanup(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "a": {"type": "string"}, - "b": {"type": "string"} - }, - "required": ["a", "b", "c"] - }` - - expected := `{ - "type": "object", - "properties": { - "a": {"type": "string"}, - "b": {"type": "string"} - }, - "required": ["a", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_AllOfMerging_DotKeys(t *testing.T) { - input := `{ - "type": "object", - "allOf": [ - { - "properties": { - "my.param": { "type": "string" } - }, - "required": ["my.param"] - }, - { - "properties": { - "b": { "type": "integer" } - }, - "required": ["b"] - } - ] - }` - - expected := `{ - "type": "object", - "properties": { - "my.param": { "type": "string" }, - "b": { "type": "integer" } - }, - "required": ["my.param", "b"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_PropertyNameCollision(t *testing.T) { - // A tool has an argument named "pattern" - should NOT be treated as a constraint - input := `{ - "type": "object", - "properties": { - "pattern": { - "type": "string", - "description": "The regex pattern" - } - }, - "required": ["pattern"] - }` - - expected := `{ - "type": "object", - "properties": { - "pattern": { - "type": "string", - "description": "The regex pattern" - } - }, - "required": ["pattern"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) - - var resMap map[string]interface{} - json.Unmarshal([]byte(result), &resMap) - props, _ := resMap["properties"].(map[string]interface{}) - if _, ok := props["description"]; ok { - t.Errorf("Invalid 'description' property injected into properties map") - } -} - -func TestCleanJSONSchemaForAntigravity_DotKeys(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "my.param": { - "type": "string", - "$ref": "#/definitions/MyType" - } - }, - "definitions": { - "MyType": { "type": "string" } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - var resMap map[string]interface{} - if err := json.Unmarshal([]byte(result), &resMap); err != nil { - t.Fatalf("Failed to unmarshal result: %v", err) - } - - props, ok := resMap["properties"].(map[string]interface{}) - if !ok { - t.Fatalf("properties missing") - } - - if val, ok := props["my.param"]; !ok { - t.Fatalf("Key 'my.param' is missing. Result: %s", result) - } else { - valMap, _ := val.(map[string]interface{}) - if _, hasRef := valMap["$ref"]; hasRef { - t.Errorf("Key 'my.param' still contains $ref") - } - if _, ok := props["my"]; ok { - t.Errorf("Artifact key 'my' created by sjson splitting") - } - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfAlternativeHints(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "anyOf": [ - { "type": "string" }, - { "type": "integer" }, - { "type": "null" } - ] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Accepts:") { - t.Errorf("Expected alternative types hint, got: %s", result) - } - if !strings.Contains(result, "string") || !strings.Contains(result, "integer") { - t.Errorf("Expected all alternative types in hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NullableHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { - "type": ["string", "null"], - "description": "User name" - } - }, - "required": ["name"] - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "(nullable)") { - t.Errorf("Expected nullable hint, got: %s", result) - } - if !strings.Contains(result, "User name") { - t.Errorf("Expected original description to be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_TypeFlattening_Nullable_DotKey(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "my.param": { - "type": ["string", "null"] - }, - "other": { - "type": "string" - } - }, - "required": ["my.param", "other"] - }` - - expected := `{ - "type": "object", - "properties": { - "my.param": { - "type": "string", - "description": "(nullable)" - }, - "other": { - "type": "string" - } - }, - "required": ["other"] - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_EnumHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "status": { - "type": "string", - "enum": ["active", "inactive", "pending"], - "description": "Current status" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Allowed:") { - t.Errorf("Expected enum values hint, got: %s", result) - } - if !strings.Contains(result, "active") || !strings.Contains(result, "inactive") { - t.Errorf("Expected enum values in hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_AdditionalPropertiesHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "name": { "type": "string" } - }, - "additionalProperties": false - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "No extra properties allowed") { - t.Errorf("Expected additionalProperties hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_AnyOfFlattening_PreservesDescription(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "config": { - "description": "Parent desc", - "anyOf": [ - { "type": "string", "description": "Child desc" }, - { "type": "integer" } - ] - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "config": { - "type": "string", - "description": "Parent desc (Child desc) (Accepts: string | integer)" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - compareJSON(t, expected, result) -} - -func TestCleanJSONSchemaForAntigravity_SingleEnumNoHint(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "kind": { - "type": "string", - "enum": ["fixed"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if strings.Contains(result, "Allowed:") { - t.Errorf("Single value enum should not add Allowed hint, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_MultipleNonNullTypes(t *testing.T) { - input := `{ - "type": "object", - "properties": { - "value": { - "type": ["string", "integer", "boolean"] - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - if !strings.Contains(result, "Accepts:") { - t.Errorf("Expected multiple types hint, got: %s", result) - } - if !strings.Contains(result, "string") || !strings.Contains(result, "integer") || !strings.Contains(result, "boolean") { - t.Errorf("Expected all types in hint, got: %s", result) - } -} - -func compareJSON(t *testing.T, expectedJSON, actualJSON string) { - var expMap, actMap map[string]interface{} - errExp := json.Unmarshal([]byte(expectedJSON), &expMap) - errAct := json.Unmarshal([]byte(actualJSON), &actMap) - - if errExp != nil || errAct != nil { - t.Fatalf("JSON Unmarshal error. Exp: %v, Act: %v", errExp, errAct) - } - - if !reflect.DeepEqual(expMap, actMap) { - expBytes, _ := json.MarshalIndent(expMap, "", " ") - actBytes, _ := json.MarshalIndent(actMap, "", " ") - t.Errorf("JSON mismatch:\nExpected:\n%s\n\nActual:\n%s", string(expBytes), string(actBytes)) - } -} - -// ============================================================================ -// Empty Schema Placeholder Tests -// ============================================================================ - -func TestCleanJSONSchemaForAntigravity_EmptySchemaPlaceholder(t *testing.T) { - // Empty object schema with no properties should get a placeholder - input := `{ - "type": "object" - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have placeholder property added - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty schema should have 'reason' placeholder property, got: %s", result) - } - if !strings.Contains(result, `"required"`) { - t.Errorf("Empty schema should have 'required' with 'reason', got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_EmptyPropertiesPlaceholder(t *testing.T) { - // Object with empty properties object - input := `{ - "type": "object", - "properties": {} - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have placeholder property added - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty properties should have 'reason' placeholder, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NonEmptySchemaUnchanged(t *testing.T) { - // Schema with properties should NOT get placeholder - input := `{ - "type": "object", - "properties": { - "name": {"type": "string"} - }, - "required": ["name"] - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should NOT have placeholder property - if strings.Contains(result, `"reason"`) { - t.Errorf("Non-empty schema should NOT have 'reason' placeholder, got: %s", result) - } - // Original properties should be preserved - if !strings.Contains(result, `"name"`) { - t.Errorf("Original property 'name' should be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NestedEmptySchema(t *testing.T) { - // Nested empty object in items should also get placeholder - input := `{ - "type": "object", - "properties": { - "items": { - "type": "array", - "items": { - "type": "object" - } - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Nested empty object should also get placeholder - // Check that the nested object has a reason property - parsed := gjson.Parse(result) - nestedProps := parsed.Get("properties.items.items.properties") - if !nestedProps.Exists() || !nestedProps.Get("reason").Exists() { - t.Errorf("Nested empty object should have 'reason' placeholder, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_EmptySchemaWithDescription(t *testing.T) { - // Empty schema with description should preserve description and add placeholder - input := `{ - "type": "object", - "description": "An empty object" - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Should have both description and placeholder - if !strings.Contains(result, `"An empty object"`) { - t.Errorf("Description should be preserved, got: %s", result) - } - if !strings.Contains(result, `"reason"`) { - t.Errorf("Empty schema should have 'reason' placeholder, got: %s", result) - } -} - -// ============================================================================ -// Format field handling (ad-hoc patch removal) -// ============================================================================ - -func TestCleanJSONSchemaForAntigravity_FormatFieldRemoval(t *testing.T) { - // format:"uri" should be removed and added as hint - input := `{ - "type": "object", - "properties": { - "url": { - "type": "string", - "format": "uri", - "description": "A URL" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // format should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("format field should be removed, got: %s", result) - } - // hint should be added to description - if !strings.Contains(result, "format: uri") { - t.Errorf("format hint should be added to description, got: %s", result) - } - // original description should be preserved - if !strings.Contains(result, "A URL") { - t.Errorf("Original description should be preserved, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_FormatFieldNoDescription(t *testing.T) { - // format without description should create description with hint - input := `{ - "type": "object", - "properties": { - "email": { - "type": "string", - "format": "email" - } - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // format should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("format field should be removed, got: %s", result) - } - // hint should be added - if !strings.Contains(result, "format: email") { - t.Errorf("format hint should be added, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_MultipleFormats(t *testing.T) { - // Multiple format fields should all be handled - input := `{ - "type": "object", - "properties": { - "url": {"type": "string", "format": "uri"}, - "email": {"type": "string", "format": "email"}, - "date": {"type": "string", "format": "date-time"} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // All format fields should be removed - if strings.Contains(result, `"format"`) { - t.Errorf("All format fields should be removed, got: %s", result) - } - // All hints should be added - if !strings.Contains(result, "format: uri") { - t.Errorf("uri format hint should be added, got: %s", result) - } - if !strings.Contains(result, "format: email") { - t.Errorf("email format hint should be added, got: %s", result) - } - if !strings.Contains(result, "format: date-time") { - t.Errorf("date-time format hint should be added, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_NumericEnumToString(t *testing.T) { - // Gemini API requires enum values to be strings, not numbers - input := `{ - "type": "object", - "properties": { - "priority": {"type": "integer", "enum": [0, 1, 2]}, - "level": {"type": "number", "enum": [1.5, 2.5, 3.5]}, - "status": {"type": "string", "enum": ["active", "inactive"]} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Numeric enum values should be converted to strings - if strings.Contains(result, `"enum":[0,1,2]`) { - t.Errorf("Integer enum values should be converted to strings, got: %s", result) - } - if strings.Contains(result, `"enum":[1.5,2.5,3.5]`) { - t.Errorf("Float enum values should be converted to strings, got: %s", result) - } - // Should contain string versions - if !strings.Contains(result, `"0"`) || !strings.Contains(result, `"1"`) || !strings.Contains(result, `"2"`) { - t.Errorf("Integer enum values should be converted to string format, got: %s", result) - } - // String enum values should remain unchanged - if !strings.Contains(result, `"active"`) || !strings.Contains(result, `"inactive"`) { - t.Errorf("String enum values should remain unchanged, got: %s", result) - } -} - -func TestCleanJSONSchemaForAntigravity_BooleanEnumToString(t *testing.T) { - // Boolean enum values should also be converted to strings - input := `{ - "type": "object", - "properties": { - "enabled": {"type": "boolean", "enum": [true, false]} - } - }` - - result := CleanJSONSchemaForAntigravity(input) - - // Boolean enum values should be converted to strings - if strings.Contains(result, `"enum":[true,false]`) { - t.Errorf("Boolean enum values should be converted to strings, got: %s", result) - } - // Should contain string versions "true" and "false" - if !strings.Contains(result, `"true"`) || !strings.Contains(result, `"false"`) { - t.Errorf("Boolean enum values should be converted to string format, got: %s", result) - } -} - -func TestCleanJSONSchemaForGemini_RemovesGeminiUnsupportedMetadataFields(t *testing.T) { - input := `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "root-schema", - "type": "object", - "properties": { - "payload": { - "type": "object", - "prefill": "hello", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "enumTitles": ["A", "B"] - } - }, - "patternProperties": { - "^x-": {"type": "string"} - } - }, - "$id": { - "type": "string", - "description": "property name should not be removed" - } - } - }` - - expected := `{ - "type": "object", - "properties": { - "payload": { - "type": "object", - "properties": { - "mode": { - "type": "string", - "enum": ["a", "b"], - "description": "Allowed: a, b" - } - } - }, - "$id": { - "type": "string", - "description": "property name should not be removed" - } - } - }` - - result := CleanJSONSchemaForGemini(input) - compareJSON(t, expected, result) -} - -func TestRemoveExtensionFields(t *testing.T) { - tests := []struct { - name string - input string - expected string - }{ - { - name: "removes x- fields at root", - input: `{ - "type": "object", - "x-custom-meta": "value", - "properties": { - "foo": { "type": "string" } - } - }`, - expected: `{ - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - }, - { - name: "removes x- fields in nested properties", - input: `{ - "type": "object", - "properties": { - "foo": { - "type": "string", - "x-internal-id": 123 - } - } - }`, - expected: `{ - "type": "object", - "properties": { - "foo": { - "type": "string" - } - } - }`, - }, - { - name: "does NOT remove properties named x-", - input: `{ - "type": "object", - "properties": { - "x-data": { "type": "string" }, - "normal": { "type": "number", "x-meta": "remove" } - }, - "required": ["x-data"] - }`, - expected: `{ - "type": "object", - "properties": { - "x-data": { "type": "string" }, - "normal": { "type": "number" } - }, - "required": ["x-data"] - }`, - }, - { - name: "does NOT remove $schema and other meta fields (as requested)", - input: `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "test", - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - expected: `{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "test", - "type": "object", - "properties": { - "foo": { "type": "string" } - } - }`, - }, - { - name: "handles properties named $schema", - input: `{ - "type": "object", - "properties": { - "$schema": { "type": "string" } - } - }`, - expected: `{ - "type": "object", - "properties": { - "$schema": { "type": "string" } - } - }`, - }, - { - name: "handles escaping in paths", - input: `{ - "type": "object", - "properties": { - "foo.bar": { - "type": "string", - "x-meta": "remove" - } - }, - "x-root.meta": "remove" - }`, - expected: `{ - "type": "object", - "properties": { - "foo.bar": { - "type": "string" - } - } - }`, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actual := removeExtensionFields(tt.input) - compareJSON(t, tt.expected, actual) - }) - } -} diff --git a/internal/util/header_helpers.go b/internal/util/header_helpers.go deleted file mode 100644 index c53c291f10..0000000000 --- a/internal/util/header_helpers.go +++ /dev/null @@ -1,52 +0,0 @@ -package util - -import ( - "net/http" - "strings" -) - -// ApplyCustomHeadersFromAttrs applies user-defined headers stored in the provided attributes map. -// Custom headers override built-in defaults when conflicts occur. -func ApplyCustomHeadersFromAttrs(r *http.Request, attrs map[string]string) { - if r == nil { - return - } - applyCustomHeaders(r, extractCustomHeaders(attrs)) -} - -func extractCustomHeaders(attrs map[string]string) map[string]string { - if len(attrs) == 0 { - return nil - } - headers := make(map[string]string) - for k, v := range attrs { - if !strings.HasPrefix(k, "header:") { - continue - } - name := strings.TrimSpace(strings.TrimPrefix(k, "header:")) - if name == "" { - continue - } - val := strings.TrimSpace(v) - if val == "" { - continue - } - headers[name] = val - } - if len(headers) == 0 { - return nil - } - return headers -} - -func applyCustomHeaders(r *http.Request, headers map[string]string) { - if r == nil || len(headers) == 0 { - return - } - for k, v := range headers { - if k == "" || v == "" { - continue - } - r.Header.Set(k, v) - } -} diff --git a/internal/util/image.go b/internal/util/image.go deleted file mode 100644 index 70d5cdc413..0000000000 --- a/internal/util/image.go +++ /dev/null @@ -1,59 +0,0 @@ -package util - -import ( - "bytes" - "encoding/base64" - "image" - "image/draw" - "image/png" -) - -func CreateWhiteImageBase64(aspectRatio string) (string, error) { - width := 1024 - height := 1024 - - switch aspectRatio { - case "1:1": - width = 1024 - height = 1024 - case "2:3": - width = 832 - height = 1248 - case "3:2": - width = 1248 - height = 832 - case "3:4": - width = 864 - height = 1184 - case "4:3": - width = 1184 - height = 864 - case "4:5": - width = 896 - height = 1152 - case "5:4": - width = 1152 - height = 896 - case "9:16": - width = 768 - height = 1344 - case "16:9": - width = 1344 - height = 768 - case "21:9": - width = 1536 - height = 672 - } - - img := image.NewRGBA(image.Rect(0, 0, width, height)) - draw.Draw(img, img.Bounds(), image.White, image.Point{}, draw.Src) - - var buf bytes.Buffer - - if err := png.Encode(&buf, img); err != nil { - return "", err - } - - base64String := base64.StdEncoding.EncodeToString(buf.Bytes()) - return base64String, nil -} diff --git a/internal/util/provider.go b/internal/util/provider.go deleted file mode 100644 index 1512decaf7..0000000000 --- a/internal/util/provider.go +++ /dev/null @@ -1,269 +0,0 @@ -// Package util provides utility functions used across the CLIProxyAPI application. -// These functions handle common tasks such as determining AI service providers -// from model names and managing HTTP proxies. -package util - -import ( - "net/url" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - log "github.com/sirupsen/logrus" -) - -// GetProviderName determines all AI service providers capable of serving a registered model. -// It first queries the global model registry to retrieve the providers backing the supplied model name. -// When the model has not been registered yet, it falls back to legacy string heuristics to infer -// potential providers. -// -// Supported providers include (but are not limited to): -// - "gemini" for Google's Gemini family -// - "codex" for OpenAI GPT-compatible providers -// - "claude" for Anthropic models -// - "qwen" for Alibaba's Qwen models -// - "openai-compatibility" for external OpenAI-compatible providers -// -// Parameters: -// - modelName: The name of the model to identify providers for. -// - cfg: The application configuration containing OpenAI compatibility settings. -// -// Returns: -// - []string: All provider identifiers capable of serving the model, ordered by preference. -func GetProviderName(modelName string) []string { - if modelName == "" { - return nil - } - - providers := make([]string, 0, 4) - seen := make(map[string]struct{}) - - appendProvider := func(name string) { - if name == "" { - return - } - if _, exists := seen[name]; exists { - return - } - seen[name] = struct{}{} - providers = append(providers, name) - } - - for _, provider := range registry.GetGlobalRegistry().GetModelProviders(modelName) { - appendProvider(provider) - } - - if len(providers) > 0 { - return providers - } - - return providers -} - -// ResolveAutoModel resolves the "auto" model name to an actual available model. -// It uses an empty handler type to get any available model from the registry. -// -// Parameters: -// - modelName: The model name to check (should be "auto") -// -// Returns: -// - string: The resolved model name, or the original if not "auto" or resolution fails -func ResolveAutoModel(modelName string) string { - if modelName != "auto" { - return modelName - } - - // Use empty string as handler type to get any available model - firstModel, err := registry.GetGlobalRegistry().GetFirstAvailableModel("") - if err != nil { - log.Warnf("Failed to resolve 'auto' model: %v, falling back to original model name", err) - return modelName - } - - log.Infof("Resolved 'auto' model to: %s", firstModel) - return firstModel -} - -// IsOpenAICompatibilityAlias checks if the given model name is an alias -// configured for OpenAI compatibility routing. -// -// Parameters: -// - modelName: The model name to check -// - cfg: The application configuration containing OpenAI compatibility settings -// -// Returns: -// - bool: True if the model name is an OpenAI compatibility alias, false otherwise -func IsOpenAICompatibilityAlias(modelName string, cfg *config.Config) bool { - if cfg == nil { - return false - } - - for _, compat := range cfg.OpenAICompatibility { - for _, model := range compat.Models { - if model.Alias == modelName { - return true - } - } - } - return false -} - -// GetOpenAICompatibilityConfig returns the OpenAI compatibility configuration -// and model details for the given alias. -// -// Parameters: -// - alias: The model alias to find configuration for -// - cfg: The application configuration containing OpenAI compatibility settings -// -// Returns: -// - *config.OpenAICompatibility: The matching compatibility configuration, or nil if not found -// - *config.OpenAICompatibilityModel: The matching model configuration, or nil if not found -func GetOpenAICompatibilityConfig(alias string, cfg *config.Config) (*config.OpenAICompatibility, *config.OpenAICompatibilityModel) { - if cfg == nil { - return nil, nil - } - - for _, compat := range cfg.OpenAICompatibility { - for _, model := range compat.Models { - if model.Alias == alias { - return &compat, &model - } - } - } - return nil, nil -} - -// InArray checks if a string exists in a slice of strings. -// It iterates through the slice and returns true if the target string is found, -// otherwise it returns false. -// -// Parameters: -// - hystack: The slice of strings to search in -// - needle: The string to search for -// -// Returns: -// - bool: True if the string is found, false otherwise -func InArray(hystack []string, needle string) bool { - for _, item := range hystack { - if needle == item { - return true - } - } - return false -} - -// HideAPIKey obscures an API key for logging purposes, showing only the first and last few characters. -// -// Parameters: -// - apiKey: The API key to hide. -// -// Returns: -// - string: The obscured API key. -func HideAPIKey(apiKey string) string { - if len(apiKey) > 8 { - return apiKey[:4] + "..." + apiKey[len(apiKey)-4:] - } else if len(apiKey) > 4 { - return apiKey[:2] + "..." + apiKey[len(apiKey)-2:] - } else if len(apiKey) > 2 { - return apiKey[:1] + "..." + apiKey[len(apiKey)-1:] - } - return apiKey -} - -// maskAuthorizationHeader masks the Authorization header value while preserving the auth type prefix. -// Common formats: "Bearer ", "Basic ", "ApiKey ", etc. -// It preserves the prefix (e.g., "Bearer ") and only masks the token/credential part. -// -// Parameters: -// - value: The Authorization header value -// -// Returns: -// - string: The masked Authorization value with prefix preserved -func MaskAuthorizationHeader(value string) string { - parts := strings.SplitN(strings.TrimSpace(value), " ", 2) - if len(parts) < 2 { - return HideAPIKey(value) - } - return parts[0] + " " + HideAPIKey(parts[1]) -} - -// MaskSensitiveHeaderValue masks sensitive header values while preserving expected formats. -// -// Behavior by header key (case-insensitive): -// - "Authorization": Preserve the auth type prefix (e.g., "Bearer ") and mask only the credential part. -// - Headers containing "api-key": Mask the entire value using HideAPIKey. -// - Others: Return the original value unchanged. -// -// Parameters: -// - key: The HTTP header name to inspect (case-insensitive matching). -// - value: The header value to mask when sensitive. -// -// Returns: -// - string: The masked value according to the header type; unchanged if not sensitive. -func MaskSensitiveHeaderValue(key, value string) string { - lowerKey := strings.ToLower(strings.TrimSpace(key)) - switch { - case strings.Contains(lowerKey, "authorization"): - return MaskAuthorizationHeader(value) - case strings.Contains(lowerKey, "api-key"), - strings.Contains(lowerKey, "apikey"), - strings.Contains(lowerKey, "token"), - strings.Contains(lowerKey, "secret"): - return HideAPIKey(value) - default: - return value - } -} - -// MaskSensitiveQuery masks sensitive query parameters, e.g. auth_token, within the raw query string. -func MaskSensitiveQuery(raw string) string { - if raw == "" { - return "" - } - parts := strings.Split(raw, "&") - changed := false - for i, part := range parts { - if part == "" { - continue - } - keyPart := part - valuePart := "" - if idx := strings.Index(part, "="); idx >= 0 { - keyPart = part[:idx] - valuePart = part[idx+1:] - } - decodedKey, err := url.QueryUnescape(keyPart) - if err != nil { - decodedKey = keyPart - } - if !shouldMaskQueryParam(decodedKey) { - continue - } - decodedValue, err := url.QueryUnescape(valuePart) - if err != nil { - decodedValue = valuePart - } - masked := HideAPIKey(strings.TrimSpace(decodedValue)) - parts[i] = keyPart + "=" + url.QueryEscape(masked) - changed = true - } - if !changed { - return raw - } - return strings.Join(parts, "&") -} - -func shouldMaskQueryParam(key string) bool { - key = strings.ToLower(strings.TrimSpace(key)) - if key == "" { - return false - } - key = strings.TrimSuffix(key, "[]") - if key == "key" || strings.Contains(key, "api-key") || strings.Contains(key, "apikey") || strings.Contains(key, "api_key") { - return true - } - if strings.Contains(key, "token") || strings.Contains(key, "secret") { - return true - } - return false -} diff --git a/internal/util/proxy.go b/internal/util/proxy.go deleted file mode 100644 index 830d269cc1..0000000000 --- a/internal/util/proxy.go +++ /dev/null @@ -1,55 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for proxy configuration, HTTP client setup, -// log level management, and other common operations used across the application. -package util - -import ( - "context" - "net" - "net/http" - "net/url" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" -) - -// SetProxy configures the provided HTTP client with proxy settings from the configuration. -// It supports SOCKS5, HTTP, and HTTPS proxies. The function modifies the client's transport -// to route requests through the configured proxy server. -func SetProxy(cfg *config.SDKConfig, httpClient *http.Client) *http.Client { - var transport *http.Transport - // Attempt to parse the proxy URL from the configuration. - proxyURL, errParse := url.Parse(cfg.ProxyURL) - if errParse == nil { - // Handle different proxy schemes. - if proxyURL.Scheme == "socks5" { - // Configure SOCKS5 proxy with optional authentication. - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5) - return httpClient - } - // Set up a custom transport using the SOCKS5 dialer. - transport = &http.Transport{ - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - } - } else if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - // Configure HTTP or HTTPS proxy. - transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)} - } - } - // If a new transport was created, apply it to the HTTP client. - if transport != nil { - httpClient.Transport = transport - } - return httpClient -} diff --git a/internal/util/sanitize_test.go b/internal/util/sanitize_test.go deleted file mode 100644 index 4ff8454b0b..0000000000 --- a/internal/util/sanitize_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package util - -import ( - "testing" -) - -func TestSanitizeFunctionName(t *testing.T) { - tests := []struct { - name string - input string - expected string - }{ - {"Normal", "valid_name", "valid_name"}, - {"With Dots", "name.with.dots", "name.with.dots"}, - {"With Colons", "name:with:colons", "name:with:colons"}, - {"With Dashes", "name-with-dashes", "name-with-dashes"}, - {"Mixed Allowed", "name.with_dots:colons-dashes", "name.with_dots:colons-dashes"}, - {"Invalid Characters", "name!with@invalid#chars", "name_with_invalid_chars"}, - {"Spaces", "name with spaces", "name_with_spaces"}, - {"Non-ASCII", "name_with_你好_chars", "name_with____chars"}, - {"Starts with digit", "123name", "_123name"}, - {"Starts with dot", ".name", "_.name"}, - {"Starts with colon", ":name", "_:name"}, - {"Starts with dash", "-name", "_-name"}, - {"Starts with invalid char", "!name", "_name"}, - {"Exactly 64 chars", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact"}, - {"Too long (65 chars)", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charactX", "this_is_a_very_long_name_that_exactly_reaches_sixty_four_charact"}, - {"Very long", "this_is_a_very_long_name_that_exceeds_the_sixty_four_character_limit_for_function_names", "this_is_a_very_long_name_that_exceeds_the_sixty_four_character_l"}, - {"Starts with digit (64 chars total)", "1234567890123456789012345678901234567890123456789012345678901234", "_123456789012345678901234567890123456789012345678901234567890123"}, - {"Starts with invalid char (64 chars total)", "!234567890123456789012345678901234567890123456789012345678901234", "_234567890123456789012345678901234567890123456789012345678901234"}, - {"Empty", "", ""}, - {"Single character invalid", "@", "_"}, - {"Single character valid", "a", "a"}, - {"Single character digit", "1", "_1"}, - {"Single character underscore", "_", "_"}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := SanitizeFunctionName(tt.input) - if got != tt.expected { - t.Errorf("SanitizeFunctionName(%q) = %v, want %v", tt.input, got, tt.expected) - } - // Verify Gemini compliance - if len(got) > 64 { - t.Errorf("SanitizeFunctionName(%q) result too long: %d", tt.input, len(got)) - } - if len(got) > 0 { - first := got[0] - if !((first >= 'a' && first <= 'z') || (first >= 'A' && first <= 'Z') || first == '_') { - t.Errorf("SanitizeFunctionName(%q) result starts with invalid char: %c", tt.input, first) - } - } - }) - } -} diff --git a/internal/util/ssh_helper.go b/internal/util/ssh_helper.go deleted file mode 100644 index 2f81fcb365..0000000000 --- a/internal/util/ssh_helper.go +++ /dev/null @@ -1,135 +0,0 @@ -// Package util provides helper functions for SSH tunnel instructions and network-related tasks. -// This includes detecting the appropriate IP address and printing commands -// to help users connect to the local server from a remote machine. -package util - -import ( - "context" - "fmt" - "io" - "net" - "net/http" - "strings" - "time" - - log "github.com/sirupsen/logrus" -) - -var ipServices = []string{ - "https://api.ipify.org", - "https://ifconfig.me/ip", - "https://icanhazip.com", - "https://ipinfo.io/ip", -} - -// getPublicIP attempts to retrieve the public IP address from a list of external services. -// It iterates through the ipServices and returns the first successful response. -// -// Returns: -// - string: The public IP address as a string -// - error: An error if all services fail, nil otherwise -func getPublicIP() (string, error) { - for _, service := range ipServices { - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - req, err := http.NewRequestWithContext(ctx, "GET", service, nil) - if err != nil { - log.Debugf("Failed to create request to %s: %v", service, err) - continue - } - - resp, err := http.DefaultClient.Do(req) - if err != nil { - log.Debugf("Failed to get public IP from %s: %v", service, err) - continue - } - defer func() { - if closeErr := resp.Body.Close(); closeErr != nil { - log.Warnf("Failed to close response body from %s: %v", service, closeErr) - } - }() - - if resp.StatusCode != http.StatusOK { - log.Debugf("bad status code from %s: %d", service, resp.StatusCode) - continue - } - - ip, err := io.ReadAll(resp.Body) - if err != nil { - log.Debugf("Failed to read response body from %s: %v", service, err) - continue - } - return strings.TrimSpace(string(ip)), nil - } - return "", fmt.Errorf("all IP services failed") -} - -// getOutboundIP retrieves the preferred outbound IP address of this machine. -// It uses a UDP connection to a public DNS server to determine the local IP -// address that would be used for outbound traffic. -// -// Returns: -// - string: The outbound IP address as a string -// - error: An error if the IP address cannot be determined, nil otherwise -func getOutboundIP() (string, error) { - conn, err := net.Dial("udp", "8.8.8.8:80") - if err != nil { - return "", err - } - defer func() { - if closeErr := conn.Close(); closeErr != nil { - log.Warnf("Failed to close UDP connection: %v", closeErr) - } - }() - - localAddr, ok := conn.LocalAddr().(*net.UDPAddr) - if !ok { - return "", fmt.Errorf("could not assert UDP address type") - } - - return localAddr.IP.String(), nil -} - -// GetIPAddress attempts to find the best-available IP address. -// It first tries to get the public IP address, and if that fails, -// it falls back to getting the local outbound IP address. -// -// Returns: -// - string: The determined IP address (preferring public IPv4) -func GetIPAddress() string { - publicIP, err := getPublicIP() - if err == nil { - log.Debugf("Public IP detected: %s", publicIP) - return publicIP - } - log.Warnf("Failed to get public IP, falling back to outbound IP: %v", err) - outboundIP, err := getOutboundIP() - if err == nil { - log.Debugf("Outbound IP detected: %s", outboundIP) - return outboundIP - } - log.Errorf("Failed to get any IP address: %v", err) - return "127.0.0.1" // Fallback -} - -// PrintSSHTunnelInstructions detects the IP address and prints SSH tunnel instructions -// for the user to connect to the local OAuth callback server from a remote machine. -// -// Parameters: -// - port: The local port number for the SSH tunnel -func PrintSSHTunnelInstructions(port int) { - ipAddress := GetIPAddress() - border := "================================================================================" - fmt.Println("To authenticate from a remote machine, an SSH tunnel may be required.") - fmt.Println(border) - fmt.Println(" Run one of the following commands on your local machine (NOT the server):") - fmt.Println() - fmt.Printf(" # Standard SSH command (assumes SSH port 22):\n") - fmt.Printf(" ssh -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress) - fmt.Println() - fmt.Printf(" # If using an SSH key (assumes SSH port 22):\n") - fmt.Printf(" ssh -i -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress) - fmt.Println() - fmt.Println(" NOTE: If your server's SSH port is not 22, please modify the '-p 22' part accordingly.") - fmt.Println(border) -} diff --git a/internal/util/translator.go b/internal/util/translator.go deleted file mode 100644 index 51ecb748a0..0000000000 --- a/internal/util/translator.go +++ /dev/null @@ -1,221 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for JSON manipulation, proxy configuration, -// and other common operations used across the application. -package util - -import ( - "bytes" - "fmt" - - "github.com/tidwall/gjson" - "github.com/tidwall/sjson" -) - -// Walk recursively traverses a JSON structure to find all occurrences of a specific field. -// It builds paths to each occurrence and adds them to the provided paths slice. -// -// Parameters: -// - value: The gjson.Result object to traverse -// - path: The current path in the JSON structure (empty string for root) -// - field: The field name to search for -// - paths: Pointer to a slice where found paths will be stored -// -// The function works recursively, building dot-notation paths to each occurrence -// of the specified field throughout the JSON structure. -func Walk(value gjson.Result, path, field string, paths *[]string) { - switch value.Type { - case gjson.JSON: - // For JSON objects and arrays, iterate through each child - value.ForEach(func(key, val gjson.Result) bool { - var childPath string - // Escape special characters for gjson/sjson path syntax - // . -> \. - // * -> \* - // ? -> \? - keyStr := key.String() - safeKey := escapeGJSONPathKey(keyStr) - - if path == "" { - childPath = safeKey - } else { - childPath = path + "." + safeKey - } - if keyStr == field { - *paths = append(*paths, childPath) - } - Walk(val, childPath, field, paths) - return true - }) - case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null: - // Terminal types - no further traversal needed - } -} - -// RenameKey renames a key in a JSON string by moving its value to a new key path -// and then deleting the old key path. -// -// Parameters: -// - jsonStr: The JSON string to modify -// - oldKeyPath: The dot-notation path to the key that should be renamed -// - newKeyPath: The dot-notation path where the value should be moved to -// -// Returns: -// - string: The modified JSON string with the key renamed -// - error: An error if the operation fails -// -// The function performs the rename in two steps: -// 1. Sets the value at the new key path -// 2. Deletes the old key path -func RenameKey(jsonStr, oldKeyPath, newKeyPath string) (string, error) { - value := gjson.Get(jsonStr, oldKeyPath) - - if !value.Exists() { - return "", fmt.Errorf("old key '%s' does not exist", oldKeyPath) - } - - interimJson, err := sjson.SetRaw(jsonStr, newKeyPath, value.Raw) - if err != nil { - return "", fmt.Errorf("failed to set new key '%s': %w", newKeyPath, err) - } - - finalJson, err := sjson.Delete(interimJson, oldKeyPath) - if err != nil { - return "", fmt.Errorf("failed to delete old key '%s': %w", oldKeyPath, err) - } - - return finalJson, nil -} - -// FixJSON converts non-standard JSON that uses single quotes for strings into -// RFC 8259-compliant JSON by converting those single-quoted strings to -// double-quoted strings with proper escaping. -// -// Examples: -// -// {'a': 1, 'b': '2'} => {"a": 1, "b": "2"} -// {"t": 'He said "hi"'} => {"t": "He said \"hi\""} -// -// Rules: -// - Existing double-quoted JSON strings are preserved as-is. -// - Single-quoted strings are converted to double-quoted strings. -// - Inside converted strings, any double quote is escaped (\"). -// - Common backslash escapes (\n, \r, \t, \b, \f, \\) are preserved. -// - \' inside single-quoted strings becomes a literal ' in the output (no -// escaping needed inside double quotes). -// - Unicode escapes (\uXXXX) inside single-quoted strings are forwarded. -// - The function does not attempt to fix other non-JSON features beyond quotes. -func FixJSON(input string) string { - var out bytes.Buffer - - inDouble := false - inSingle := false - escaped := false // applies within the current string state - - // Helper to write a rune, escaping double quotes when inside a converted - // single-quoted string (which becomes a double-quoted string in output). - writeConverted := func(r rune) { - if r == '"' { - out.WriteByte('\\') - out.WriteByte('"') - return - } - out.WriteRune(r) - } - - runes := []rune(input) - for i := 0; i < len(runes); i++ { - r := runes[i] - - if inDouble { - out.WriteRune(r) - if escaped { - // end of escape sequence in a standard JSON string - escaped = false - continue - } - if r == '\\' { - escaped = true - continue - } - if r == '"' { - inDouble = false - } - continue - } - - if inSingle { - if escaped { - // Handle common escape sequences after a backslash within a - // single-quoted string - escaped = false - switch r { - case 'n', 'r', 't', 'b', 'f', '/', '"': - // Keep the backslash and the character (except for '"' which - // rarely appears, but if it does, keep as \" to remain valid) - out.WriteByte('\\') - out.WriteRune(r) - case '\\': - out.WriteByte('\\') - out.WriteByte('\\') - case '\'': - // \' inside single-quoted becomes a literal ' - out.WriteRune('\'') - case 'u': - // Forward \uXXXX if possible - out.WriteByte('\\') - out.WriteByte('u') - // Copy up to next 4 hex digits if present - for k := 0; k < 4 && i+1 < len(runes); k++ { - peek := runes[i+1] - // simple hex check - if (peek >= '0' && peek <= '9') || (peek >= 'a' && peek <= 'f') || (peek >= 'A' && peek <= 'F') { - out.WriteRune(peek) - i++ - } else { - break - } - } - default: - // Unknown escape: preserve the backslash and the char - out.WriteByte('\\') - out.WriteRune(r) - } - continue - } - - if r == '\\' { // start escape sequence - escaped = true - continue - } - if r == '\'' { // end of single-quoted string - out.WriteByte('"') - inSingle = false - continue - } - // regular char inside converted string; escape double quotes - writeConverted(r) - continue - } - - // Outside any string - if r == '"' { - inDouble = true - out.WriteRune(r) - continue - } - if r == '\'' { // start of non-standard single-quoted string - inSingle = true - out.WriteByte('"') - continue - } - out.WriteRune(r) - } - - // If input ended while still inside a single-quoted string, close it to - // produce the best-effort valid JSON. - if inSingle { - out.WriteByte('"') - } - - return out.String() -} diff --git a/internal/util/util.go b/internal/util/util.go deleted file mode 100644 index 1c12bb0210..0000000000 --- a/internal/util/util.go +++ /dev/null @@ -1,136 +0,0 @@ -// Package util provides utility functions for the CLI Proxy API server. -// It includes helper functions for logging configuration, file system operations, -// and other common utilities used throughout the application. -package util - -import ( - "context" - "fmt" - "os" - "path/filepath" - "regexp" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - log "github.com/sirupsen/logrus" -) - -var functionNameSanitizer = regexp.MustCompile(`[^a-zA-Z0-9_.:-]`) - -// SanitizeFunctionName ensures a function name matches the requirements for Gemini/Vertex AI. -// It replaces invalid characters with underscores, ensures it starts with a letter or underscore, -// and truncates it to 64 characters if necessary. -// Regex Rule: [^a-zA-Z0-9_.:-] replaced with _. -func SanitizeFunctionName(name string) string { - if name == "" { - return "" - } - - // Replace invalid characters with underscore - sanitized := functionNameSanitizer.ReplaceAllString(name, "_") - - // Ensure it starts with a letter or underscore - // Re-reading requirements: Must start with a letter or an underscore. - if len(sanitized) > 0 { - first := sanitized[0] - if !((first >= 'a' && first <= 'z') || (first >= 'A' && first <= 'Z') || first == '_') { - // If it starts with an allowed character but not allowed at the beginning (digit, dot, colon, dash), - // we must prepend an underscore. - - // To stay within the 64-character limit while prepending, we must truncate first. - if len(sanitized) >= 64 { - sanitized = sanitized[:63] - } - sanitized = "_" + sanitized - } - } else { - sanitized = "_" - } - - // Truncate to 64 characters - if len(sanitized) > 64 { - sanitized = sanitized[:64] - } - return sanitized -} - -// SetLogLevel configures the logrus log level based on the configuration. -// It sets the log level to DebugLevel if debug mode is enabled, otherwise to InfoLevel. -func SetLogLevel(cfg *config.Config) { - currentLevel := log.GetLevel() - var newLevel log.Level - if cfg.Debug { - newLevel = log.DebugLevel - } else { - newLevel = log.InfoLevel - } - - if currentLevel != newLevel { - log.SetLevel(newLevel) - log.Infof("log level changed from %s to %s (debug=%t)", currentLevel, newLevel, cfg.Debug) - } -} - -// ResolveAuthDir normalizes the auth directory path for consistent reuse throughout the app. -// It expands a leading tilde (~) to the user's home directory and returns a cleaned path. -func ResolveAuthDir(authDir string) (string, error) { - if authDir == "" { - return "", nil - } - if strings.HasPrefix(authDir, "~") { - home, err := os.UserHomeDir() - if err != nil { - return "", fmt.Errorf("resolve auth dir: %w", err) - } - remainder := strings.TrimPrefix(authDir, "~") - remainder = strings.TrimLeft(remainder, "/\\") - if remainder == "" { - return filepath.Clean(home), nil - } - normalized := strings.ReplaceAll(remainder, "\\", "/") - return filepath.Clean(filepath.Join(home, filepath.FromSlash(normalized))), nil - } - return filepath.Clean(authDir), nil -} - -// CountAuthFiles returns the number of auth records available through the provided Store. -// For filesystem-backed stores, this reflects the number of JSON auth files under the configured directory. -func CountAuthFiles[T any](ctx context.Context, store interface { - List(context.Context) ([]T, error) -}) int { - if store == nil { - return 0 - } - if ctx == nil { - ctx = context.Background() - } - entries, err := store.List(ctx) - if err != nil { - log.Debugf("countAuthFiles: failed to list auth records: %v", err) - return 0 - } - return len(entries) -} - -// WritablePath returns the cleaned WRITABLE_PATH environment variable when it is set. -// It accepts both uppercase and lowercase variants for compatibility with existing conventions. -func WritablePath() string { - for _, key := range []string{"WRITABLE_PATH", "writable_path"} { - if value, ok := os.LookupEnv(key); ok { - trimmed := strings.TrimSpace(value) - if trimmed != "" { - return filepath.Clean(trimmed) - } - } - } - return "" -} - -// RedactAPIKey completely redacts an API key for secure logging. -// It returns "[REDACTED]" for any non-empty key, or an empty string for empty input. -func RedactAPIKey(apiKey string) string { - if apiKey == "" { - return "" - } - return "[REDACTED]" -} diff --git a/internal/watcher/clients.go b/internal/watcher/clients.go deleted file mode 100644 index 7c4171d1fa..0000000000 --- a/internal/watcher/clients.go +++ /dev/null @@ -1,305 +0,0 @@ -// clients.go implements watcher client lifecycle logic and persistence helpers. -// It reloads clients, handles incremental auth file changes, and persists updates when supported. -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/diff" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -func (w *Watcher) reloadClients(rescanAuth bool, affectedOAuthProviders []string, forceAuthRefresh bool) { - log.Debugf("starting full client load process") - - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - - if cfg == nil { - log.Error("config is nil, cannot reload clients") - return - } - - if len(affectedOAuthProviders) > 0 { - w.clientsMutex.Lock() - if w.currentAuths != nil { - filtered := make(map[string]*coreauth.Auth, len(w.currentAuths)) - for id, auth := range w.currentAuths { - if auth == nil { - continue - } - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if _, match := matchProvider(provider, affectedOAuthProviders); match { - continue - } - filtered[id] = auth - } - w.currentAuths = filtered - log.Debugf("applying oauth-excluded-models to providers %v", affectedOAuthProviders) - } else { - w.currentAuths = nil - } - w.clientsMutex.Unlock() - } - - geminiAPIKeyCount, vertexCompatAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount := BuildAPIKeyClients(cfg) - totalAPIKeyClients := geminiAPIKeyCount + vertexCompatAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + openAICompatCount - log.Debugf("loaded %d API key clients", totalAPIKeyClients) - - var authFileCount int - if rescanAuth { - authFileCount = w.loadFileClients(cfg) - log.Debugf("loaded %d file-based clients", authFileCount) - } else { - w.clientsMutex.RLock() - authFileCount = len(w.lastAuthHashes) - w.clientsMutex.RUnlock() - log.Debugf("skipping auth directory rescan; retaining %d existing auth files", authFileCount) - } - - if rescanAuth { - w.clientsMutex.Lock() - - w.lastAuthHashes = make(map[string]string) - w.lastAuthContents = make(map[string]*coreauth.Auth) - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory for hash cache: %v", errResolveAuthDir) - } else if resolvedAuthDir != "" { - _ = filepath.Walk(resolvedAuthDir, func(path string, info fs.FileInfo, err error) error { - if err != nil { - return nil - } - if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - if data, errReadFile := os.ReadFile(path); errReadFile == nil && len(data) > 0 { - sum := sha256.Sum256(data) - normalizedPath := w.normalizeAuthPath(path) - w.lastAuthHashes[normalizedPath] = hex.EncodeToString(sum[:]) - // Parse and cache auth content for future diff comparisons - var auth coreauth.Auth - if errParse := json.Unmarshal(data, &auth); errParse == nil { - w.lastAuthContents[normalizedPath] = &auth - } - } - } - return nil - }) - } - w.clientsMutex.Unlock() - } - - totalNewClients := authFileCount + geminiAPIKeyCount + vertexCompatAPIKeyCount + claudeAPIKeyCount + codexAPIKeyCount + openAICompatCount - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback before auth refresh") - w.reloadCallback(cfg) - } - - w.refreshAuthState(forceAuthRefresh) - - log.Infof("full client load complete - %d clients (%d auth files + %d Gemini API keys + %d Vertex API keys + %d Claude API keys + %d Codex keys + %d OpenAI-compat)", - totalNewClients, - authFileCount, - geminiAPIKeyCount, - vertexCompatAPIKeyCount, - claudeAPIKeyCount, - codexAPIKeyCount, - openAICompatCount, - ) -} - -func (w *Watcher) addOrUpdateClient(path string) { - data, errRead := os.ReadFile(path) - if errRead != nil { - log.Errorf("failed to read auth file %s: %v", filepath.Base(path), errRead) - return - } - if len(data) == 0 { - log.Debugf("ignoring empty auth file: %s", filepath.Base(path)) - return - } - - sum := sha256.Sum256(data) - curHash := hex.EncodeToString(sum[:]) - normalized := w.normalizeAuthPath(path) - - // Parse new auth content for diff comparison - var newAuth coreauth.Auth - if errParse := json.Unmarshal(data, &newAuth); errParse != nil { - log.Errorf("failed to parse auth file %s: %v", filepath.Base(path), errParse) - return - } - - w.clientsMutex.Lock() - - cfg := w.config - if cfg == nil { - log.Error("config is nil, cannot add or update client") - w.clientsMutex.Unlock() - return - } - if prev, ok := w.lastAuthHashes[normalized]; ok && prev == curHash { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(path)) - w.clientsMutex.Unlock() - return - } - - // Get old auth for diff comparison - var oldAuth *coreauth.Auth - if w.lastAuthContents != nil { - oldAuth = w.lastAuthContents[normalized] - } - - // Compute and log field changes - if changes := diff.BuildAuthChangeDetails(oldAuth, &newAuth); len(changes) > 0 { - log.Debugf("auth field changes for %s:", filepath.Base(path)) - for _, c := range changes { - log.Debugf(" %s", c) - } - } - - // Update caches - w.lastAuthHashes[normalized] = curHash - if w.lastAuthContents == nil { - w.lastAuthContents = make(map[string]*coreauth.Auth) - } - w.lastAuthContents[normalized] = &newAuth - - w.clientsMutex.Unlock() // Unlock before the callback - - w.refreshAuthState(false) - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback after add/update") - w.reloadCallback(cfg) - } - w.persistAuthAsync(fmt.Sprintf("Sync auth %s", filepath.Base(path)), path) -} - -func (w *Watcher) removeClient(path string) { - normalized := w.normalizeAuthPath(path) - w.clientsMutex.Lock() - - cfg := w.config - delete(w.lastAuthHashes, normalized) - delete(w.lastAuthContents, normalized) - - w.clientsMutex.Unlock() // Release the lock before the callback - - w.refreshAuthState(false) - - if w.reloadCallback != nil { - log.Debugf("triggering server update callback after removal") - w.reloadCallback(cfg) - } - w.persistAuthAsync(fmt.Sprintf("Remove auth %s", filepath.Base(path)), path) -} - -func (w *Watcher) loadFileClients(cfg *config.Config) int { - authFileCount := 0 - successfulAuthCount := 0 - - authDir, errResolveAuthDir := util.ResolveAuthDir(cfg.AuthDir) - if errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory: %v", errResolveAuthDir) - return 0 - } - if authDir == "" { - return 0 - } - - errWalk := filepath.Walk(authDir, func(path string, info fs.FileInfo, err error) error { - if err != nil { - log.Debugf("error accessing path %s: %v", path, err) - return err - } - if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".json") { - authFileCount++ - log.Debugf("processing auth file %d: %s", authFileCount, filepath.Base(path)) - if data, errCreate := os.ReadFile(path); errCreate == nil && len(data) > 0 { - successfulAuthCount++ - } - } - return nil - }) - - if errWalk != nil { - log.Errorf("error walking auth directory: %v", errWalk) - } - log.Debugf("auth directory scan complete - found %d .json files, %d readable", authFileCount, successfulAuthCount) - return authFileCount -} - -func BuildAPIKeyClients(cfg *config.Config) (int, int, int, int, int) { - geminiAPIKeyCount := 0 - vertexCompatAPIKeyCount := 0 - claudeAPIKeyCount := 0 - codexAPIKeyCount := 0 - openAICompatCount := 0 - - if len(cfg.GeminiKey) > 0 { - geminiAPIKeyCount += len(cfg.GeminiKey) - } - if len(cfg.VertexCompatAPIKey) > 0 { - vertexCompatAPIKeyCount += len(cfg.VertexCompatAPIKey) - } - if len(cfg.ClaudeKey) > 0 { - claudeAPIKeyCount += len(cfg.ClaudeKey) - } - if len(cfg.CodexKey) > 0 { - codexAPIKeyCount += len(cfg.CodexKey) - } - if len(cfg.OpenAICompatibility) > 0 { - for _, compatConfig := range cfg.OpenAICompatibility { - openAICompatCount += len(compatConfig.APIKeyEntries) - } - } - return geminiAPIKeyCount, vertexCompatAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount -} - -func (w *Watcher) persistConfigAsync() { - if w == nil || w.storePersister == nil { - return - } - go func() { - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - if err := w.storePersister.PersistConfig(ctx); err != nil { - log.Errorf("failed to persist config change: %v", err) - } - }() -} - -func (w *Watcher) persistAuthAsync(message string, paths ...string) { - if w == nil || w.storePersister == nil { - return - } - filtered := make([]string, 0, len(paths)) - for _, p := range paths { - if trimmed := strings.TrimSpace(p); trimmed != "" { - filtered = append(filtered, trimmed) - } - } - if len(filtered) == 0 { - return - } - go func() { - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - if err := w.storePersister.PersistAuthFiles(ctx, message, filtered...); err != nil { - log.Errorf("failed to persist auth changes: %v", err) - } - }() -} diff --git a/internal/watcher/config_reload.go b/internal/watcher/config_reload.go deleted file mode 100644 index ba5d0d4d69..0000000000 --- a/internal/watcher/config_reload.go +++ /dev/null @@ -1,135 +0,0 @@ -// config_reload.go implements debounced configuration hot reload. -// It detects material changes and reloads clients when the config changes. -package watcher - -import ( - "crypto/sha256" - "encoding/hex" - "os" - "reflect" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/util" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/diff" - "gopkg.in/yaml.v3" - - log "github.com/sirupsen/logrus" -) - -func (w *Watcher) stopConfigReloadTimer() { - w.configReloadMu.Lock() - if w.configReloadTimer != nil { - w.configReloadTimer.Stop() - w.configReloadTimer = nil - } - w.configReloadMu.Unlock() -} - -func (w *Watcher) scheduleConfigReload() { - w.configReloadMu.Lock() - defer w.configReloadMu.Unlock() - if w.configReloadTimer != nil { - w.configReloadTimer.Stop() - } - w.configReloadTimer = time.AfterFunc(configReloadDebounce, func() { - w.configReloadMu.Lock() - w.configReloadTimer = nil - w.configReloadMu.Unlock() - w.reloadConfigIfChanged() - }) -} - -func (w *Watcher) reloadConfigIfChanged() { - data, err := os.ReadFile(w.configPath) - if err != nil { - log.Errorf("failed to read config file for hash check: %v", err) - return - } - if len(data) == 0 { - log.Debugf("ignoring empty config file write event") - return - } - sum := sha256.Sum256(data) - newHash := hex.EncodeToString(sum[:]) - - w.clientsMutex.RLock() - currentHash := w.lastConfigHash - w.clientsMutex.RUnlock() - - if currentHash != "" && currentHash == newHash { - log.Debugf("config file content unchanged (hash match), skipping reload") - return - } - log.Infof("config file changed, reloading: %s", w.configPath) - if w.reloadConfig() { - finalHash := newHash - if updatedData, errRead := os.ReadFile(w.configPath); errRead == nil && len(updatedData) > 0 { - sumUpdated := sha256.Sum256(updatedData) - finalHash = hex.EncodeToString(sumUpdated[:]) - } else if errRead != nil { - log.WithError(errRead).Debug("failed to compute updated config hash after reload") - } - w.clientsMutex.Lock() - w.lastConfigHash = finalHash - w.clientsMutex.Unlock() - w.persistConfigAsync() - } -} - -func (w *Watcher) reloadConfig() bool { - log.Debug("=========================== CONFIG RELOAD ============================") - log.Debugf("starting config reload from: %s", w.configPath) - - newConfig, errLoadConfig := config.LoadConfig(w.configPath) - if errLoadConfig != nil { - log.Errorf("failed to reload config: %v", errLoadConfig) - return false - } - - if w.mirroredAuthDir != "" { - newConfig.AuthDir = w.mirroredAuthDir - } else { - if resolvedAuthDir, errResolveAuthDir := util.ResolveAuthDir(newConfig.AuthDir); errResolveAuthDir != nil { - log.Errorf("failed to resolve auth directory from config: %v", errResolveAuthDir) - } else { - newConfig.AuthDir = resolvedAuthDir - } - } - - w.clientsMutex.Lock() - var oldConfig *config.Config - _ = yaml.Unmarshal(w.oldConfigYaml, &oldConfig) - w.oldConfigYaml, _ = yaml.Marshal(newConfig) - w.config = newConfig - w.clientsMutex.Unlock() - - var affectedOAuthProviders []string - if oldConfig != nil { - _, affectedOAuthProviders = diff.DiffOAuthExcludedModelChanges(oldConfig.OAuthExcludedModels, newConfig.OAuthExcludedModels) - } - - util.SetLogLevel(newConfig) - if oldConfig != nil && oldConfig.Debug != newConfig.Debug { - log.Debugf("log level updated - debug mode changed from %t to %t", oldConfig.Debug, newConfig.Debug) - } - - if oldConfig != nil { - details := diff.BuildConfigChangeDetails(oldConfig, newConfig) - if len(details) > 0 { - log.Debugf("config changes detected:") - for _, d := range details { - log.Debugf(" %s", d) - } - } else { - log.Debugf("no material config field changes detected") - } - } - - authDirChanged := oldConfig == nil || oldConfig.AuthDir != newConfig.AuthDir - forceAuthRefresh := oldConfig != nil && (oldConfig.ForceModelPrefix != newConfig.ForceModelPrefix || !reflect.DeepEqual(oldConfig.OAuthModelAlias, newConfig.OAuthModelAlias)) - - log.Infof("config successfully reloaded, triggering client reload") - w.reloadClients(authDirChanged, affectedOAuthProviders, forceAuthRefresh) - return true -} diff --git a/internal/watcher/diff/auth_diff.go b/internal/watcher/diff/auth_diff.go deleted file mode 100644 index 267edec793..0000000000 --- a/internal/watcher/diff/auth_diff.go +++ /dev/null @@ -1,44 +0,0 @@ -// auth_diff.go computes human-readable diffs for auth file field changes. -package diff - -import ( - "fmt" - "strings" - - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -// BuildAuthChangeDetails computes a redacted, human-readable list of auth field changes. -// Only prefix, proxy_url, and disabled fields are tracked; sensitive data is never printed. -func BuildAuthChangeDetails(oldAuth, newAuth *coreauth.Auth) []string { - changes := make([]string, 0, 3) - - // Handle nil cases by using empty Auth as default - if oldAuth == nil { - oldAuth = &coreauth.Auth{} - } - if newAuth == nil { - return changes - } - - // Compare prefix - oldPrefix := strings.TrimSpace(oldAuth.Prefix) - newPrefix := strings.TrimSpace(newAuth.Prefix) - if oldPrefix != newPrefix { - changes = append(changes, fmt.Sprintf("prefix: %s -> %s", oldPrefix, newPrefix)) - } - - // Compare proxy_url (redacted) - oldProxy := strings.TrimSpace(oldAuth.ProxyURL) - newProxy := strings.TrimSpace(newAuth.ProxyURL) - if oldProxy != newProxy { - changes = append(changes, fmt.Sprintf("proxy_url: %s -> %s", formatProxyURL(oldProxy), formatProxyURL(newProxy))) - } - - // Compare disabled - if oldAuth.Disabled != newAuth.Disabled { - changes = append(changes, fmt.Sprintf("disabled: %t -> %t", oldAuth.Disabled, newAuth.Disabled)) - } - - return changes -} diff --git a/internal/watcher/diff/config_diff.go b/internal/watcher/diff/config_diff.go deleted file mode 100644 index ec9949c09b..0000000000 --- a/internal/watcher/diff/config_diff.go +++ /dev/null @@ -1,399 +0,0 @@ -package diff - -import ( - "fmt" - "net/url" - "reflect" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// BuildConfigChangeDetails computes a redacted, human-readable list of config changes. -// Secrets are never printed; only structural or non-sensitive fields are surfaced. -func BuildConfigChangeDetails(oldCfg, newCfg *config.Config) []string { - changes := make([]string, 0, 16) - if oldCfg == nil || newCfg == nil { - return changes - } - - // Simple scalars - if oldCfg.Port != newCfg.Port { - changes = append(changes, fmt.Sprintf("port: %d -> %d", oldCfg.Port, newCfg.Port)) - } - if oldCfg.AuthDir != newCfg.AuthDir { - changes = append(changes, fmt.Sprintf("auth-dir: %s -> %s", oldCfg.AuthDir, newCfg.AuthDir)) - } - if oldCfg.Debug != newCfg.Debug { - changes = append(changes, fmt.Sprintf("debug: %t -> %t", oldCfg.Debug, newCfg.Debug)) - } - if oldCfg.Pprof.Enable != newCfg.Pprof.Enable { - changes = append(changes, fmt.Sprintf("pprof.enable: %t -> %t", oldCfg.Pprof.Enable, newCfg.Pprof.Enable)) - } - if strings.TrimSpace(oldCfg.Pprof.Addr) != strings.TrimSpace(newCfg.Pprof.Addr) { - changes = append(changes, fmt.Sprintf("pprof.addr: %s -> %s", strings.TrimSpace(oldCfg.Pprof.Addr), strings.TrimSpace(newCfg.Pprof.Addr))) - } - if oldCfg.LoggingToFile != newCfg.LoggingToFile { - changes = append(changes, fmt.Sprintf("logging-to-file: %t -> %t", oldCfg.LoggingToFile, newCfg.LoggingToFile)) - } - if oldCfg.UsageStatisticsEnabled != newCfg.UsageStatisticsEnabled { - changes = append(changes, fmt.Sprintf("usage-statistics-enabled: %t -> %t", oldCfg.UsageStatisticsEnabled, newCfg.UsageStatisticsEnabled)) - } - if oldCfg.DisableCooling != newCfg.DisableCooling { - changes = append(changes, fmt.Sprintf("disable-cooling: %t -> %t", oldCfg.DisableCooling, newCfg.DisableCooling)) - } - if oldCfg.RequestLog != newCfg.RequestLog { - changes = append(changes, fmt.Sprintf("request-log: %t -> %t", oldCfg.RequestLog, newCfg.RequestLog)) - } - if oldCfg.LogsMaxTotalSizeMB != newCfg.LogsMaxTotalSizeMB { - changes = append(changes, fmt.Sprintf("logs-max-total-size-mb: %d -> %d", oldCfg.LogsMaxTotalSizeMB, newCfg.LogsMaxTotalSizeMB)) - } - if oldCfg.ErrorLogsMaxFiles != newCfg.ErrorLogsMaxFiles { - changes = append(changes, fmt.Sprintf("error-logs-max-files: %d -> %d", oldCfg.ErrorLogsMaxFiles, newCfg.ErrorLogsMaxFiles)) - } - if oldCfg.RequestRetry != newCfg.RequestRetry { - changes = append(changes, fmt.Sprintf("request-retry: %d -> %d", oldCfg.RequestRetry, newCfg.RequestRetry)) - } - if oldCfg.MaxRetryInterval != newCfg.MaxRetryInterval { - changes = append(changes, fmt.Sprintf("max-retry-interval: %d -> %d", oldCfg.MaxRetryInterval, newCfg.MaxRetryInterval)) - } - if oldCfg.ProxyURL != newCfg.ProxyURL { - changes = append(changes, fmt.Sprintf("proxy-url: %s -> %s", formatProxyURL(oldCfg.ProxyURL), formatProxyURL(newCfg.ProxyURL))) - } - if oldCfg.WebsocketAuth != newCfg.WebsocketAuth { - changes = append(changes, fmt.Sprintf("ws-auth: %t -> %t", oldCfg.WebsocketAuth, newCfg.WebsocketAuth)) - } - if oldCfg.ForceModelPrefix != newCfg.ForceModelPrefix { - changes = append(changes, fmt.Sprintf("force-model-prefix: %t -> %t", oldCfg.ForceModelPrefix, newCfg.ForceModelPrefix)) - } - if oldCfg.NonStreamKeepAliveInterval != newCfg.NonStreamKeepAliveInterval { - changes = append(changes, fmt.Sprintf("nonstream-keepalive-interval: %d -> %d", oldCfg.NonStreamKeepAliveInterval, newCfg.NonStreamKeepAliveInterval)) - } - - // Quota-exceeded behavior - if oldCfg.QuotaExceeded.SwitchProject != newCfg.QuotaExceeded.SwitchProject { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-project: %t -> %t", oldCfg.QuotaExceeded.SwitchProject, newCfg.QuotaExceeded.SwitchProject)) - } - if oldCfg.QuotaExceeded.SwitchPreviewModel != newCfg.QuotaExceeded.SwitchPreviewModel { - changes = append(changes, fmt.Sprintf("quota-exceeded.switch-preview-model: %t -> %t", oldCfg.QuotaExceeded.SwitchPreviewModel, newCfg.QuotaExceeded.SwitchPreviewModel)) - } - - if oldCfg.Routing.Strategy != newCfg.Routing.Strategy { - changes = append(changes, fmt.Sprintf("routing.strategy: %s -> %s", oldCfg.Routing.Strategy, newCfg.Routing.Strategy)) - } - - // API keys (redacted) and counts - if len(oldCfg.APIKeys) != len(newCfg.APIKeys) { - changes = append(changes, fmt.Sprintf("api-keys count: %d -> %d", len(oldCfg.APIKeys), len(newCfg.APIKeys))) - } else if !reflect.DeepEqual(trimStrings(oldCfg.APIKeys), trimStrings(newCfg.APIKeys)) { - changes = append(changes, "api-keys: values updated (count unchanged, redacted)") - } - if len(oldCfg.GeminiKey) != len(newCfg.GeminiKey) { - changes = append(changes, fmt.Sprintf("gemini-api-key count: %d -> %d", len(oldCfg.GeminiKey), len(newCfg.GeminiKey))) - } else { - for i := range oldCfg.GeminiKey { - o := oldCfg.GeminiKey[i] - n := newCfg.GeminiKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("gemini[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("gemini[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("gemini[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("gemini[%d].headers: updated", i)) - } - oldModels := SummarizeGeminiModels(o.Models) - newModels := SummarizeGeminiModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("gemini[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // Claude keys (do not print key material) - if len(oldCfg.ClaudeKey) != len(newCfg.ClaudeKey) { - changes = append(changes, fmt.Sprintf("claude-api-key count: %d -> %d", len(oldCfg.ClaudeKey), len(newCfg.ClaudeKey))) - } else { - for i := range oldCfg.ClaudeKey { - o := oldCfg.ClaudeKey[i] - n := newCfg.ClaudeKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("claude[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("claude[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("claude[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("claude[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("claude[%d].headers: updated", i)) - } - oldModels := SummarizeClaudeModels(o.Models) - newModels := SummarizeClaudeModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("claude[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("claude[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - if o.Cloak != nil && n.Cloak != nil { - if strings.TrimSpace(o.Cloak.Mode) != strings.TrimSpace(n.Cloak.Mode) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.mode: %s -> %s", i, o.Cloak.Mode, n.Cloak.Mode)) - } - if o.Cloak.StrictMode != n.Cloak.StrictMode { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.strict-mode: %t -> %t", i, o.Cloak.StrictMode, n.Cloak.StrictMode)) - } - if len(o.Cloak.SensitiveWords) != len(n.Cloak.SensitiveWords) { - changes = append(changes, fmt.Sprintf("claude[%d].cloak.sensitive-words: %d -> %d", i, len(o.Cloak.SensitiveWords), len(n.Cloak.SensitiveWords))) - } - } - } - } - - // Codex keys (do not print key material) - if len(oldCfg.CodexKey) != len(newCfg.CodexKey) { - changes = append(changes, fmt.Sprintf("codex-api-key count: %d -> %d", len(oldCfg.CodexKey), len(newCfg.CodexKey))) - } else { - for i := range oldCfg.CodexKey { - o := oldCfg.CodexKey[i] - n := newCfg.CodexKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("codex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("codex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("codex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if o.Websockets != n.Websockets { - changes = append(changes, fmt.Sprintf("codex[%d].websockets: %t -> %t", i, o.Websockets, n.Websockets)) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("codex[%d].api-key: updated", i)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("codex[%d].headers: updated", i)) - } - oldModels := SummarizeCodexModels(o.Models) - newModels := SummarizeCodexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("codex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - oldExcluded := SummarizeExcludedModels(o.ExcludedModels) - newExcluded := SummarizeExcludedModels(n.ExcludedModels) - if oldExcluded.hash != newExcluded.hash { - changes = append(changes, fmt.Sprintf("codex[%d].excluded-models: updated (%d -> %d entries)", i, oldExcluded.count, newExcluded.count)) - } - } - } - - // AmpCode settings (redacted where needed) - oldAmpURL := strings.TrimSpace(oldCfg.AmpCode.UpstreamURL) - newAmpURL := strings.TrimSpace(newCfg.AmpCode.UpstreamURL) - if oldAmpURL != newAmpURL { - changes = append(changes, fmt.Sprintf("ampcode.upstream-url: %s -> %s", oldAmpURL, newAmpURL)) - } - oldAmpKey := strings.TrimSpace(oldCfg.AmpCode.UpstreamAPIKey) - newAmpKey := strings.TrimSpace(newCfg.AmpCode.UpstreamAPIKey) - switch { - case oldAmpKey == "" && newAmpKey != "": - changes = append(changes, "ampcode.upstream-api-key: added") - case oldAmpKey != "" && newAmpKey == "": - changes = append(changes, "ampcode.upstream-api-key: removed") - case oldAmpKey != newAmpKey: - changes = append(changes, "ampcode.upstream-api-key: updated") - } - if oldCfg.AmpCode.RestrictManagementToLocalhost != newCfg.AmpCode.RestrictManagementToLocalhost { - changes = append(changes, fmt.Sprintf("ampcode.restrict-management-to-localhost: %t -> %t", oldCfg.AmpCode.RestrictManagementToLocalhost, newCfg.AmpCode.RestrictManagementToLocalhost)) - } - oldMappings := SummarizeAmpModelMappings(oldCfg.AmpCode.ModelMappings) - newMappings := SummarizeAmpModelMappings(newCfg.AmpCode.ModelMappings) - if oldMappings.hash != newMappings.hash { - changes = append(changes, fmt.Sprintf("ampcode.model-mappings: updated (%d -> %d entries)", oldMappings.count, newMappings.count)) - } - if oldCfg.AmpCode.ForceModelMappings != newCfg.AmpCode.ForceModelMappings { - changes = append(changes, fmt.Sprintf("ampcode.force-model-mappings: %t -> %t", oldCfg.AmpCode.ForceModelMappings, newCfg.AmpCode.ForceModelMappings)) - } - oldUpstreamAPIKeysCount := len(oldCfg.AmpCode.UpstreamAPIKeys) - newUpstreamAPIKeysCount := len(newCfg.AmpCode.UpstreamAPIKeys) - if !equalUpstreamAPIKeys(oldCfg.AmpCode.UpstreamAPIKeys, newCfg.AmpCode.UpstreamAPIKeys) { - changes = append(changes, fmt.Sprintf("ampcode.upstream-api-keys: updated (%d -> %d entries)", oldUpstreamAPIKeysCount, newUpstreamAPIKeysCount)) - } - - if entries, _ := DiffOAuthExcludedModelChanges(oldCfg.OAuthExcludedModels, newCfg.OAuthExcludedModels); len(entries) > 0 { - changes = append(changes, entries...) - } - if entries, _ := DiffOAuthModelAliasChanges(oldCfg.OAuthModelAlias, newCfg.OAuthModelAlias); len(entries) > 0 { - changes = append(changes, entries...) - } - - // Remote management (never print the key) - if oldCfg.RemoteManagement.AllowRemote != newCfg.RemoteManagement.AllowRemote { - changes = append(changes, fmt.Sprintf("remote-management.allow-remote: %t -> %t", oldCfg.RemoteManagement.AllowRemote, newCfg.RemoteManagement.AllowRemote)) - } - if oldCfg.RemoteManagement.DisableControlPanel != newCfg.RemoteManagement.DisableControlPanel { - changes = append(changes, fmt.Sprintf("remote-management.disable-control-panel: %t -> %t", oldCfg.RemoteManagement.DisableControlPanel, newCfg.RemoteManagement.DisableControlPanel)) - } - oldPanelRepo := strings.TrimSpace(oldCfg.RemoteManagement.PanelGitHubRepository) - newPanelRepo := strings.TrimSpace(newCfg.RemoteManagement.PanelGitHubRepository) - if oldPanelRepo != newPanelRepo { - changes = append(changes, fmt.Sprintf("remote-management.panel-github-repository: %s -> %s", oldPanelRepo, newPanelRepo)) - } - if oldCfg.RemoteManagement.SecretKey != newCfg.RemoteManagement.SecretKey { - switch { - case oldCfg.RemoteManagement.SecretKey == "" && newCfg.RemoteManagement.SecretKey != "": - changes = append(changes, "remote-management.secret-key: created") - case oldCfg.RemoteManagement.SecretKey != "" && newCfg.RemoteManagement.SecretKey == "": - changes = append(changes, "remote-management.secret-key: deleted") - default: - changes = append(changes, "remote-management.secret-key: updated") - } - } - - // OpenAI compatibility providers (summarized) - if compat := DiffOpenAICompatibility(oldCfg.OpenAICompatibility, newCfg.OpenAICompatibility); len(compat) > 0 { - changes = append(changes, "openai-compatibility:") - for _, c := range compat { - changes = append(changes, " "+c) - } - } - - // Vertex-compatible API keys - if len(oldCfg.VertexCompatAPIKey) != len(newCfg.VertexCompatAPIKey) { - changes = append(changes, fmt.Sprintf("vertex-api-key count: %d -> %d", len(oldCfg.VertexCompatAPIKey), len(newCfg.VertexCompatAPIKey))) - } else { - for i := range oldCfg.VertexCompatAPIKey { - o := oldCfg.VertexCompatAPIKey[i] - n := newCfg.VertexCompatAPIKey[i] - if strings.TrimSpace(o.BaseURL) != strings.TrimSpace(n.BaseURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].base-url: %s -> %s", i, strings.TrimSpace(o.BaseURL), strings.TrimSpace(n.BaseURL))) - } - if strings.TrimSpace(o.ProxyURL) != strings.TrimSpace(n.ProxyURL) { - changes = append(changes, fmt.Sprintf("vertex[%d].proxy-url: %s -> %s", i, formatProxyURL(o.ProxyURL), formatProxyURL(n.ProxyURL))) - } - if strings.TrimSpace(o.Prefix) != strings.TrimSpace(n.Prefix) { - changes = append(changes, fmt.Sprintf("vertex[%d].prefix: %s -> %s", i, strings.TrimSpace(o.Prefix), strings.TrimSpace(n.Prefix))) - } - if strings.TrimSpace(o.APIKey) != strings.TrimSpace(n.APIKey) { - changes = append(changes, fmt.Sprintf("vertex[%d].api-key: updated", i)) - } - oldModels := SummarizeVertexModels(o.Models) - newModels := SummarizeVertexModels(n.Models) - if oldModels.hash != newModels.hash { - changes = append(changes, fmt.Sprintf("vertex[%d].models: updated (%d -> %d entries)", i, oldModels.count, newModels.count)) - } - if !equalStringMap(o.Headers, n.Headers) { - changes = append(changes, fmt.Sprintf("vertex[%d].headers: updated", i)) - } - } - } - - return changes -} - -func trimStrings(in []string) []string { - out := make([]string, len(in)) - for i := range in { - out[i] = strings.TrimSpace(in[i]) - } - return out -} - -func equalStringMap(a, b map[string]string) bool { - if len(a) != len(b) { - return false - } - for k, v := range a { - if b[k] != v { - return false - } - } - return true -} - -func formatProxyURL(raw string) string { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "" - } - parsed, err := url.Parse(trimmed) - if err != nil { - return "" - } - host := strings.TrimSpace(parsed.Host) - scheme := strings.TrimSpace(parsed.Scheme) - if host == "" { - // Allow host:port style without scheme. - parsed2, err2 := url.Parse("http://" + trimmed) - if err2 == nil { - host = strings.TrimSpace(parsed2.Host) - } - scheme = "" - } - if host == "" { - return "" - } - if scheme == "" { - return host - } - return scheme + "://" + host -} - -func equalStringSet(a, b []string) bool { - if len(a) == 0 && len(b) == 0 { - return true - } - aSet := make(map[string]struct{}, len(a)) - for _, k := range a { - aSet[strings.TrimSpace(k)] = struct{}{} - } - bSet := make(map[string]struct{}, len(b)) - for _, k := range b { - bSet[strings.TrimSpace(k)] = struct{}{} - } - if len(aSet) != len(bSet) { - return false - } - for k := range aSet { - if _, ok := bSet[k]; !ok { - return false - } - } - return true -} - -// equalUpstreamAPIKeys compares two slices of AmpUpstreamAPIKeyEntry for equality. -// Comparison is done by count and content (upstream key and client keys). -func equalUpstreamAPIKeys(a, b []config.AmpUpstreamAPIKeyEntry) bool { - if len(a) != len(b) { - return false - } - for i := range a { - if strings.TrimSpace(a[i].UpstreamAPIKey) != strings.TrimSpace(b[i].UpstreamAPIKey) { - return false - } - if !equalStringSet(a[i].APIKeys, b[i].APIKeys) { - return false - } - } - return true -} diff --git a/internal/watcher/diff/config_diff_test.go b/internal/watcher/diff/config_diff_test.go deleted file mode 100644 index 778eb96790..0000000000 --- a/internal/watcher/diff/config_diff_test.go +++ /dev/null @@ -1,532 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - sdkconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/config" -) - -func TestBuildConfigChangeDetails(t *testing.T) { - oldCfg := &config.Config{ - Port: 8080, - AuthDir: "/tmp/auth-old", - GeminiKey: []config.GeminiKey{ - {APIKey: "old", BaseURL: "http://old", ExcludedModels: []string{"old-model"}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://old-upstream", - ModelMappings: []config.AmpModelMapping{{From: "from-old", To: "to-old"}}, - RestrictManagementToLocalhost: false, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: false, - SecretKey: "old", - DisableControlPanel: false, - PanelGitHubRepository: "repo-old", - }, - OAuthExcludedModels: map[string][]string{ - "providerA": {"m1"}, - }, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "compat-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - }, - } - - newCfg := &config.Config{ - Port: 9090, - AuthDir: "/tmp/auth-new", - GeminiKey: []config.GeminiKey{ - {APIKey: "old", BaseURL: "http://old", ExcludedModels: []string{"old-model", "extra"}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://new-upstream", - RestrictManagementToLocalhost: true, - ModelMappings: []config.AmpModelMapping{ - {From: "from-old", To: "to-old"}, - {From: "from-new", To: "to-new"}, - }, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: true, - SecretKey: "new", - DisableControlPanel: true, - PanelGitHubRepository: "repo-new", - }, - OAuthExcludedModels: map[string][]string{ - "providerA": {"m1", "m2"}, - "providerB": {"x"}, - }, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "compat-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}, {Name: "m2"}}, - }, - { - Name: "compat-b", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k2"}, - }, - }, - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - - expectContains(t, details, "port: 8080 -> 9090") - expectContains(t, details, "auth-dir: /tmp/auth-old -> /tmp/auth-new") - expectContains(t, details, "gemini[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, details, "ampcode.upstream-url: http://old-upstream -> http://new-upstream") - expectContains(t, details, "ampcode.model-mappings: updated (1 -> 2 entries)") - expectContains(t, details, "remote-management.allow-remote: false -> true") - expectContains(t, details, "remote-management.secret-key: updated") - expectContains(t, details, "oauth-excluded-models[providera]: updated (1 -> 2 entries)") - expectContains(t, details, "oauth-excluded-models[providerb]: added (1 entries)") - expectContains(t, details, "openai-compatibility:") - expectContains(t, details, " provider added: compat-b (api-keys=1, models=0)") - expectContains(t, details, " provider updated: compat-a (models 1 -> 2)") -} - -func TestBuildConfigChangeDetails_NoChanges(t *testing.T) { - cfg := &config.Config{ - Port: 8080, - } - if details := BuildConfigChangeDetails(cfg, cfg); len(details) != 0 { - t.Fatalf("expected no change entries, got %v", details) - } -} - -func TestBuildConfigChangeDetails_GeminiVertexHeadersAndForceMappings(t *testing.T) { - oldCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"a"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", BaseURL: "http://v-old", Models: []config.VertexCompatModel{{Name: "m1"}}}, - }, - AmpCode: config.AmpCode{ - ModelMappings: []config.AmpModelMapping{{From: "a", To: "b"}}, - ForceModelMappings: false, - }, - } - newCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"a", "b"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", BaseURL: "http://v-new", Models: []config.VertexCompatModel{{Name: "m1"}, {Name: "m2"}}}, - }, - AmpCode: config.AmpCode{ - ModelMappings: []config.AmpModelMapping{{From: "a", To: "c"}}, - ForceModelMappings: true, - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, details, "gemini[0].headers: updated") - expectContains(t, details, "gemini[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, details, "ampcode.model-mappings: updated (1 -> 1 entries)") - expectContains(t, details, "ampcode.force-model-mappings: false -> true") -} - -func TestBuildConfigChangeDetails_ModelPrefixes(t *testing.T) { - oldCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Prefix: "old-g", BaseURL: "http://g", ProxyURL: "http://gp"}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c1", Prefix: "old-c", BaseURL: "http://c", ProxyURL: "http://cp"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x1", Prefix: "old-x", BaseURL: "http://x", ProxyURL: "http://xp"}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", Prefix: "old-v", BaseURL: "http://v", ProxyURL: "http://vp"}, - }, - } - newCfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "g1", Prefix: "new-g", BaseURL: "http://g", ProxyURL: "http://gp"}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c1", Prefix: "new-c", BaseURL: "http://c", ProxyURL: "http://cp"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x1", Prefix: "new-x", BaseURL: "http://x", ProxyURL: "http://xp"}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1", Prefix: "new-v", BaseURL: "http://v", ProxyURL: "http://vp"}, - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "gemini[0].prefix: old-g -> new-g") - expectContains(t, changes, "claude[0].prefix: old-c -> new-c") - expectContains(t, changes, "codex[0].prefix: old-x -> new-x") - expectContains(t, changes, "vertex[0].prefix: old-v -> new-v") -} - -func TestBuildConfigChangeDetails_NilSafe(t *testing.T) { - if details := BuildConfigChangeDetails(nil, &config.Config{}); len(details) != 0 { - t.Fatalf("expected empty change list when old nil, got %v", details) - } - if details := BuildConfigChangeDetails(&config.Config{}, nil); len(details) != 0 { - t.Fatalf("expected empty change list when new nil, got %v", details) - } -} - -func TestBuildConfigChangeDetails_SecretsAndCounts(t *testing.T) { - oldCfg := &config.Config{ - SDKConfig: sdkconfig.SDKConfig{ - APIKeys: []string{"a"}, - }, - AmpCode: config.AmpCode{ - UpstreamAPIKey: "", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "", - }, - } - newCfg := &config.Config{ - SDKConfig: sdkconfig.SDKConfig{ - APIKeys: []string{"a", "b", "c"}, - }, - AmpCode: config.AmpCode{ - UpstreamAPIKey: "new-key", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "new-secret", - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, details, "api-keys count: 1 -> 3") - expectContains(t, details, "ampcode.upstream-api-key: added") - expectContains(t, details, "remote-management.secret-key: created") -} - -func TestBuildConfigChangeDetails_FlagsAndKeys(t *testing.T) { - oldCfg := &config.Config{ - Port: 1000, - AuthDir: "/old", - Debug: false, - LoggingToFile: false, - UsageStatisticsEnabled: false, - DisableCooling: false, - RequestRetry: 1, - MaxRetryInterval: 1, - WebsocketAuth: false, - QuotaExceeded: config.QuotaExceeded{SwitchProject: false, SwitchPreviewModel: false}, - ClaudeKey: []config.ClaudeKey{{APIKey: "c1"}}, - CodexKey: []config.CodexKey{{APIKey: "x1"}}, - AmpCode: config.AmpCode{UpstreamAPIKey: "keep", RestrictManagementToLocalhost: false}, - RemoteManagement: config.RemoteManagement{DisableControlPanel: false, PanelGitHubRepository: "old/repo", SecretKey: "keep"}, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: false, - ProxyURL: "http://old-proxy", - APIKeys: []string{"key-1"}, - ForceModelPrefix: false, - NonStreamKeepAliveInterval: 0, - }, - } - newCfg := &config.Config{ - Port: 2000, - AuthDir: "/new", - Debug: true, - LoggingToFile: true, - UsageStatisticsEnabled: true, - DisableCooling: true, - RequestRetry: 2, - MaxRetryInterval: 3, - WebsocketAuth: true, - QuotaExceeded: config.QuotaExceeded{SwitchProject: true, SwitchPreviewModel: true}, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c1", BaseURL: "http://new", ProxyURL: "http://p", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"a"}}, - {APIKey: "c2"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x1", BaseURL: "http://x", ProxyURL: "http://px", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"b"}}, - {APIKey: "x2"}, - }, - AmpCode: config.AmpCode{ - UpstreamAPIKey: "", - RestrictManagementToLocalhost: true, - ModelMappings: []config.AmpModelMapping{{From: "a", To: "b"}}, - }, - RemoteManagement: config.RemoteManagement{ - DisableControlPanel: true, - PanelGitHubRepository: "new/repo", - SecretKey: "", - }, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: true, - ProxyURL: "http://new-proxy", - APIKeys: []string{" key-1 ", "key-2"}, - ForceModelPrefix: true, - NonStreamKeepAliveInterval: 5, - }, - } - - details := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, details, "debug: false -> true") - expectContains(t, details, "logging-to-file: false -> true") - expectContains(t, details, "usage-statistics-enabled: false -> true") - expectContains(t, details, "disable-cooling: false -> true") - expectContains(t, details, "request-log: false -> true") - expectContains(t, details, "request-retry: 1 -> 2") - expectContains(t, details, "max-retry-interval: 1 -> 3") - expectContains(t, details, "proxy-url: http://old-proxy -> http://new-proxy") - expectContains(t, details, "ws-auth: false -> true") - expectContains(t, details, "force-model-prefix: false -> true") - expectContains(t, details, "nonstream-keepalive-interval: 0 -> 5") - expectContains(t, details, "quota-exceeded.switch-project: false -> true") - expectContains(t, details, "quota-exceeded.switch-preview-model: false -> true") - expectContains(t, details, "api-keys count: 1 -> 2") - expectContains(t, details, "claude-api-key count: 1 -> 2") - expectContains(t, details, "codex-api-key count: 1 -> 2") - expectContains(t, details, "ampcode.restrict-management-to-localhost: false -> true") - expectContains(t, details, "ampcode.upstream-api-key: removed") - expectContains(t, details, "remote-management.disable-control-panel: false -> true") - expectContains(t, details, "remote-management.panel-github-repository: old/repo -> new/repo") - expectContains(t, details, "remote-management.secret-key: deleted") -} - -func TestBuildConfigChangeDetails_AllBranches(t *testing.T) { - oldCfg := &config.Config{ - Port: 1, - AuthDir: "/a", - Debug: false, - LoggingToFile: false, - UsageStatisticsEnabled: false, - DisableCooling: false, - RequestRetry: 1, - MaxRetryInterval: 1, - WebsocketAuth: false, - QuotaExceeded: config.QuotaExceeded{SwitchProject: false, SwitchPreviewModel: false}, - GeminiKey: []config.GeminiKey{ - {APIKey: "g-old", BaseURL: "http://g-old", ProxyURL: "http://gp-old", Headers: map[string]string{"A": "1"}}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c-old", BaseURL: "http://c-old", ProxyURL: "http://cp-old", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"x"}}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x-old", BaseURL: "http://x-old", ProxyURL: "http://xp-old", Headers: map[string]string{"H": "1"}, ExcludedModels: []string{"x"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v-old", BaseURL: "http://v-old", ProxyURL: "http://vp-old", Headers: map[string]string{"H": "1"}, Models: []config.VertexCompatModel{{Name: "m1"}}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://amp-old", - UpstreamAPIKey: "old-key", - RestrictManagementToLocalhost: false, - ModelMappings: []config.AmpModelMapping{{From: "a", To: "b"}}, - ForceModelMappings: false, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: false, - DisableControlPanel: false, - PanelGitHubRepository: "old/repo", - SecretKey: "old", - }, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: false, - ProxyURL: "http://old-proxy", - APIKeys: []string{" keyA "}, - }, - OAuthExcludedModels: map[string][]string{"p1": {"a"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "prov-old", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - }, - } - newCfg := &config.Config{ - Port: 2, - AuthDir: "/b", - Debug: true, - LoggingToFile: true, - UsageStatisticsEnabled: true, - DisableCooling: true, - RequestRetry: 2, - MaxRetryInterval: 3, - WebsocketAuth: true, - QuotaExceeded: config.QuotaExceeded{SwitchProject: true, SwitchPreviewModel: true}, - GeminiKey: []config.GeminiKey{ - {APIKey: "g-new", BaseURL: "http://g-new", ProxyURL: "http://gp-new", Headers: map[string]string{"A": "2"}, ExcludedModels: []string{"x", "y"}}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "c-new", BaseURL: "http://c-new", ProxyURL: "http://cp-new", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"x", "y"}}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "x-new", BaseURL: "http://x-new", ProxyURL: "http://xp-new", Headers: map[string]string{"H": "2"}, ExcludedModels: []string{"x", "y"}}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v-new", BaseURL: "http://v-new", ProxyURL: "http://vp-new", Headers: map[string]string{"H": "2"}, Models: []config.VertexCompatModel{{Name: "m1"}, {Name: "m2"}}}, - }, - AmpCode: config.AmpCode{ - UpstreamURL: "http://amp-new", - UpstreamAPIKey: "", - RestrictManagementToLocalhost: true, - ModelMappings: []config.AmpModelMapping{{From: "a", To: "c"}}, - ForceModelMappings: true, - }, - RemoteManagement: config.RemoteManagement{ - AllowRemote: true, - DisableControlPanel: true, - PanelGitHubRepository: "new/repo", - SecretKey: "", - }, - SDKConfig: sdkconfig.SDKConfig{ - RequestLog: true, - ProxyURL: "http://new-proxy", - APIKeys: []string{"keyB"}, - }, - OAuthExcludedModels: map[string][]string{"p1": {"b", "c"}, "p2": {"d"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "prov-old", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - {APIKey: "k2"}, - }, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}, {Name: "m2"}}, - }, - { - Name: "prov-new", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k3"}}, - }, - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "port: 1 -> 2") - expectContains(t, changes, "auth-dir: /a -> /b") - expectContains(t, changes, "debug: false -> true") - expectContains(t, changes, "logging-to-file: false -> true") - expectContains(t, changes, "usage-statistics-enabled: false -> true") - expectContains(t, changes, "disable-cooling: false -> true") - expectContains(t, changes, "request-retry: 1 -> 2") - expectContains(t, changes, "max-retry-interval: 1 -> 3") - expectContains(t, changes, "proxy-url: http://old-proxy -> http://new-proxy") - expectContains(t, changes, "ws-auth: false -> true") - expectContains(t, changes, "quota-exceeded.switch-project: false -> true") - expectContains(t, changes, "quota-exceeded.switch-preview-model: false -> true") - expectContains(t, changes, "api-keys: values updated (count unchanged, redacted)") - expectContains(t, changes, "gemini[0].base-url: http://g-old -> http://g-new") - expectContains(t, changes, "gemini[0].proxy-url: http://gp-old -> http://gp-new") - expectContains(t, changes, "gemini[0].api-key: updated") - expectContains(t, changes, "gemini[0].headers: updated") - expectContains(t, changes, "gemini[0].excluded-models: updated (0 -> 2 entries)") - expectContains(t, changes, "claude[0].base-url: http://c-old -> http://c-new") - expectContains(t, changes, "claude[0].proxy-url: http://cp-old -> http://cp-new") - expectContains(t, changes, "claude[0].api-key: updated") - expectContains(t, changes, "claude[0].headers: updated") - expectContains(t, changes, "claude[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, changes, "codex[0].base-url: http://x-old -> http://x-new") - expectContains(t, changes, "codex[0].proxy-url: http://xp-old -> http://xp-new") - expectContains(t, changes, "codex[0].api-key: updated") - expectContains(t, changes, "codex[0].headers: updated") - expectContains(t, changes, "codex[0].excluded-models: updated (1 -> 2 entries)") - expectContains(t, changes, "vertex[0].base-url: http://v-old -> http://v-new") - expectContains(t, changes, "vertex[0].proxy-url: http://vp-old -> http://vp-new") - expectContains(t, changes, "vertex[0].api-key: updated") - expectContains(t, changes, "vertex[0].models: updated (1 -> 2 entries)") - expectContains(t, changes, "vertex[0].headers: updated") - expectContains(t, changes, "ampcode.upstream-url: http://amp-old -> http://amp-new") - expectContains(t, changes, "ampcode.upstream-api-key: removed") - expectContains(t, changes, "ampcode.restrict-management-to-localhost: false -> true") - expectContains(t, changes, "ampcode.model-mappings: updated (1 -> 1 entries)") - expectContains(t, changes, "ampcode.force-model-mappings: false -> true") - expectContains(t, changes, "oauth-excluded-models[p1]: updated (1 -> 2 entries)") - expectContains(t, changes, "oauth-excluded-models[p2]: added (1 entries)") - expectContains(t, changes, "remote-management.allow-remote: false -> true") - expectContains(t, changes, "remote-management.disable-control-panel: false -> true") - expectContains(t, changes, "remote-management.panel-github-repository: old/repo -> new/repo") - expectContains(t, changes, "remote-management.secret-key: deleted") - expectContains(t, changes, "openai-compatibility:") -} - -func TestFormatProxyURL(t *testing.T) { - tests := []struct { - name string - in string - want string - }{ - {name: "empty", in: "", want: ""}, - {name: "invalid", in: "http://[::1", want: ""}, - {name: "fullURLRedactsUserinfoAndPath", in: "http://user:pass@example.com:8080/path?x=1#frag", want: "http://example.com:8080"}, - {name: "socks5RedactsUserinfoAndPath", in: "socks5://user:pass@192.168.1.1:1080/path?x=1", want: "socks5://192.168.1.1:1080"}, - {name: "socks5HostPort", in: "socks5://proxy.example.com:1080/", want: "socks5://proxy.example.com:1080"}, - {name: "hostPortNoScheme", in: "example.com:1234/path?x=1", want: "example.com:1234"}, - {name: "relativePathRedacted", in: "/just/path", want: ""}, - {name: "schemeAndHost", in: "https://example.com", want: "https://example.com"}, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := formatProxyURL(tt.in); got != tt.want { - t.Fatalf("expected %q, got %q", tt.want, got) - } - }) - } -} - -func TestBuildConfigChangeDetails_SecretAndUpstreamUpdates(t *testing.T) { - oldCfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamAPIKey: "old", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "old", - }, - } - newCfg := &config.Config{ - AmpCode: config.AmpCode{ - UpstreamAPIKey: "new", - }, - RemoteManagement: config.RemoteManagement{ - SecretKey: "new", - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "ampcode.upstream-api-key: updated") - expectContains(t, changes, "remote-management.secret-key: updated") -} - -func TestBuildConfigChangeDetails_CountBranches(t *testing.T) { - oldCfg := &config.Config{} - newCfg := &config.Config{ - GeminiKey: []config.GeminiKey{{APIKey: "g"}}, - ClaudeKey: []config.ClaudeKey{{APIKey: "c"}}, - CodexKey: []config.CodexKey{{APIKey: "x"}}, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v", BaseURL: "http://v"}, - }, - } - - changes := BuildConfigChangeDetails(oldCfg, newCfg) - expectContains(t, changes, "gemini-api-key count: 0 -> 1") - expectContains(t, changes, "claude-api-key count: 0 -> 1") - expectContains(t, changes, "codex-api-key count: 0 -> 1") - expectContains(t, changes, "vertex-api-key count: 0 -> 1") -} - -func TestTrimStrings(t *testing.T) { - out := trimStrings([]string{" a ", "b", " c"}) - if len(out) != 3 || out[0] != "a" || out[1] != "b" || out[2] != "c" { - t.Fatalf("unexpected trimmed strings: %v", out) - } -} diff --git a/internal/watcher/diff/model_hash.go b/internal/watcher/diff/model_hash.go deleted file mode 100644 index 4b328150e9..0000000000 --- a/internal/watcher/diff/model_hash.go +++ /dev/null @@ -1,132 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "encoding/json" - "sort" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// ComputeOpenAICompatModelsHash returns a stable hash for OpenAI-compat models. -// Used to detect model list changes during hot reload. -func ComputeOpenAICompatModelsHash(models []config.OpenAICompatibilityModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeVertexCompatModelsHash returns a stable hash for Vertex-compatible models. -func ComputeVertexCompatModelsHash(models []config.VertexCompatModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeClaudeModelsHash returns a stable hash for Claude model aliases. -func ComputeClaudeModelsHash(models []config.ClaudeModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeCodexModelsHash returns a stable hash for Codex model aliases. -func ComputeCodexModelsHash(models []config.CodexModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeGeminiModelsHash returns a stable hash for Gemini model aliases. -func ComputeGeminiModelsHash(models []config.GeminiModel) string { - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return hashJoined(keys) -} - -// ComputeExcludedModelsHash returns a normalized hash for excluded model lists. -func ComputeExcludedModelsHash(excluded []string) string { - if len(excluded) == 0 { - return "" - } - normalized := make([]string, 0, len(excluded)) - for _, entry := range excluded { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - normalized = append(normalized, strings.ToLower(trimmed)) - } - } - if len(normalized) == 0 { - return "" - } - sort.Strings(normalized) - data, _ := json.Marshal(normalized) - sum := sha256.Sum256(data) - return hex.EncodeToString(sum[:]) -} - -func normalizeModelPairs(collect func(out func(key string))) []string { - seen := make(map[string]struct{}) - keys := make([]string, 0) - collect(func(key string) { - if _, exists := seen[key]; exists { - return - } - seen[key] = struct{}{} - keys = append(keys, key) - }) - if len(keys) == 0 { - return nil - } - sort.Strings(keys) - return keys -} - -func hashJoined(keys []string) string { - if len(keys) == 0 { - return "" - } - sum := sha256.Sum256([]byte(strings.Join(keys, "\n"))) - return hex.EncodeToString(sum[:]) -} diff --git a/internal/watcher/diff/model_hash_test.go b/internal/watcher/diff/model_hash_test.go deleted file mode 100644 index 07c62116fa..0000000000 --- a/internal/watcher/diff/model_hash_test.go +++ /dev/null @@ -1,194 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -func TestComputeOpenAICompatModelsHash_Deterministic(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: "gpt-3.5-turbo"}, - } - hash1 := ComputeOpenAICompatModelsHash(models) - hash2 := ComputeOpenAICompatModelsHash(models) - if hash1 == "" { - t.Fatal("hash should not be empty") - } - if hash1 != hash2 { - t.Fatalf("hash should be deterministic, got %s vs %s", hash1, hash2) - } - changed := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: "gpt-4"}, {Name: "gpt-4.1"}}) - if hash1 == changed { - t.Fatal("hash should change when model list changes") - } -} - -func TestComputeOpenAICompatModelsHash_NormalizesAndDedups(t *testing.T) { - a := []config.OpenAICompatibilityModel{ - {Name: "gpt-4", Alias: "gpt4"}, - {Name: " "}, - {Name: "GPT-4", Alias: "GPT4"}, - {Alias: "a1"}, - } - b := []config.OpenAICompatibilityModel{ - {Alias: "A1"}, - {Name: "gpt-4", Alias: "gpt4"}, - } - h1 := ComputeOpenAICompatModelsHash(a) - h2 := ComputeOpenAICompatModelsHash(b) - if h1 == "" || h2 == "" { - t.Fatal("expected non-empty hashes for non-empty model sets") - } - if h1 != h2 { - t.Fatalf("expected normalized hashes to match, got %s / %s", h1, h2) - } -} - -func TestComputeVertexCompatModelsHash_DifferentInputs(t *testing.T) { - models := []config.VertexCompatModel{{Name: "gemini-pro", Alias: "pro"}} - hash1 := ComputeVertexCompatModelsHash(models) - hash2 := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: "gemini-1.5-pro", Alias: "pro"}}) - if hash1 == "" || hash2 == "" { - t.Fatal("hashes should not be empty for non-empty models") - } - if hash1 == hash2 { - t.Fatal("hash should differ when model content differs") - } -} - -func TestComputeVertexCompatModelsHash_IgnoresBlankAndOrder(t *testing.T) { - a := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.VertexCompatModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeVertexCompatModelsHash(a), ComputeVertexCompatModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeClaudeModelsHash_Empty(t *testing.T) { - if got := ComputeClaudeModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeClaudeModelsHash([]config.ClaudeModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeCodexModelsHash_Empty(t *testing.T) { - if got := ComputeCodexModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil models, got %q", got) - } - if got := ComputeCodexModelsHash([]config.CodexModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } -} - -func TestComputeClaudeModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.ClaudeModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeClaudeModelsHash(a), ComputeClaudeModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeCodexModelsHash_IgnoresBlankAndDedup(t *testing.T) { - a := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - {Name: " "}, - {Name: "M1", Alias: "A1"}, - } - b := []config.CodexModel{ - {Name: "m1", Alias: "a1"}, - } - if h1, h2 := ComputeCodexModelsHash(a), ComputeCodexModelsHash(b); h1 == "" || h1 != h2 { - t.Fatalf("expected same hash ignoring blanks/dupes, got %q / %q", h1, h2) - } -} - -func TestComputeExcludedModelsHash_Normalizes(t *testing.T) { - hash1 := ComputeExcludedModelsHash([]string{" A ", "b", "a"}) - hash2 := ComputeExcludedModelsHash([]string{"a", " b", "A"}) - if hash1 == "" || hash2 == "" { - t.Fatal("hash should not be empty for non-empty input") - } - if hash1 != hash2 { - t.Fatalf("hash should be order/space insensitive for same multiset, got %s vs %s", hash1, hash2) - } - hash3 := ComputeExcludedModelsHash([]string{"c"}) - if hash1 == hash3 { - t.Fatal("hash should differ for different normalized sets") - } -} - -func TestComputeOpenAICompatModelsHash_Empty(t *testing.T) { - if got := ComputeOpenAICompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeOpenAICompatModelsHash([]config.OpenAICompatibilityModel{{Name: " "}, {Alias: ""}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeVertexCompatModelsHash_Empty(t *testing.T) { - if got := ComputeVertexCompatModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeVertexCompatModelsHash([]config.VertexCompatModel{{Name: " "}}); got != "" { - t.Fatalf("expected empty hash for blank models, got %q", got) - } -} - -func TestComputeExcludedModelsHash_Empty(t *testing.T) { - if got := ComputeExcludedModelsHash(nil); got != "" { - t.Fatalf("expected empty hash for nil input, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{}); got != "" { - t.Fatalf("expected empty hash for empty slice, got %q", got) - } - if got := ComputeExcludedModelsHash([]string{" ", ""}); got != "" { - t.Fatalf("expected empty hash for whitespace-only entries, got %q", got) - } -} - -func TestComputeClaudeModelsHash_Deterministic(t *testing.T) { - models := []config.ClaudeModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeClaudeModelsHash(models) - h2 := ComputeClaudeModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeClaudeModelsHash([]config.ClaudeModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} - -func TestComputeCodexModelsHash_Deterministic(t *testing.T) { - models := []config.CodexModel{{Name: "a", Alias: "A"}, {Name: "b"}} - h1 := ComputeCodexModelsHash(models) - h2 := ComputeCodexModelsHash(models) - if h1 == "" || h1 != h2 { - t.Fatalf("expected deterministic hash, got %s / %s", h1, h2) - } - if h3 := ComputeCodexModelsHash([]config.CodexModel{{Name: "a"}}); h3 == h1 { - t.Fatalf("expected different hash when models change, got %s", h3) - } -} diff --git a/internal/watcher/diff/models_summary.go b/internal/watcher/diff/models_summary.go deleted file mode 100644 index 97d1e6b099..0000000000 --- a/internal/watcher/diff/models_summary.go +++ /dev/null @@ -1,121 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "sort" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -type GeminiModelsSummary struct { - hash string - count int -} - -type ClaudeModelsSummary struct { - hash string - count int -} - -type CodexModelsSummary struct { - hash string - count int -} - -type VertexModelsSummary struct { - hash string - count int -} - -// SummarizeGeminiModels hashes Gemini model aliases for change detection. -func SummarizeGeminiModels(models []config.GeminiModel) GeminiModelsSummary { - if len(models) == 0 { - return GeminiModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return GeminiModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeClaudeModels hashes Claude model aliases for change detection. -func SummarizeClaudeModels(models []config.ClaudeModel) ClaudeModelsSummary { - if len(models) == 0 { - return ClaudeModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return ClaudeModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeCodexModels hashes Codex model aliases for change detection. -func SummarizeCodexModels(models []config.CodexModel) CodexModelsSummary { - if len(models) == 0 { - return CodexModelsSummary{} - } - keys := normalizeModelPairs(func(out func(key string)) { - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - out(strings.ToLower(name) + "|" + strings.ToLower(alias)) - } - }) - return CodexModelsSummary{ - hash: hashJoined(keys), - count: len(keys), - } -} - -// SummarizeVertexModels hashes Vertex-compatible model aliases for change detection. -func SummarizeVertexModels(models []config.VertexCompatModel) VertexModelsSummary { - if len(models) == 0 { - return VertexModelsSummary{} - } - names := make([]string, 0, len(models)) - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - if alias != "" { - name = alias - } - names = append(names, name) - } - if len(names) == 0 { - return VertexModelsSummary{} - } - sort.Strings(names) - sum := sha256.Sum256([]byte(strings.Join(names, "|"))) - return VertexModelsSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(names), - } -} diff --git a/internal/watcher/diff/oauth_excluded.go b/internal/watcher/diff/oauth_excluded.go deleted file mode 100644 index 7a9cd30fa4..0000000000 --- a/internal/watcher/diff/oauth_excluded.go +++ /dev/null @@ -1,118 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -type ExcludedModelsSummary struct { - hash string - count int -} - -// SummarizeExcludedModels normalizes and hashes an excluded-model list. -func SummarizeExcludedModels(list []string) ExcludedModelsSummary { - if len(list) == 0 { - return ExcludedModelsSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, entry := range list { - if trimmed := strings.ToLower(strings.TrimSpace(entry)); trimmed != "" { - if _, exists := seen[trimmed]; exists { - continue - } - seen[trimmed] = struct{}{} - normalized = append(normalized, trimmed) - } - } - sort.Strings(normalized) - return ExcludedModelsSummary{ - hash: ComputeExcludedModelsHash(normalized), - count: len(normalized), - } -} - -// SummarizeOAuthExcludedModels summarizes OAuth excluded models per provider. -func SummarizeOAuthExcludedModels(entries map[string][]string) map[string]ExcludedModelsSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]ExcludedModelsSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = SummarizeExcludedModels(v) - } - return out -} - -// DiffOAuthExcludedModelChanges compares OAuth excluded models maps. -func DiffOAuthExcludedModelChanges(oldMap, newMap map[string][]string) ([]string, []string) { - oldSummary := SummarizeOAuthExcludedModels(oldMap) - newSummary := SummarizeOAuthExcludedModels(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-excluded-models[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -type AmpModelMappingsSummary struct { - hash string - count int -} - -// SummarizeAmpModelMappings hashes Amp model mappings for change detection. -func SummarizeAmpModelMappings(mappings []config.AmpModelMapping) AmpModelMappingsSummary { - if len(mappings) == 0 { - return AmpModelMappingsSummary{} - } - entries := make([]string, 0, len(mappings)) - for _, mapping := range mappings { - from := strings.TrimSpace(mapping.From) - to := strings.TrimSpace(mapping.To) - if from == "" && to == "" { - continue - } - entries = append(entries, from+"->"+to) - } - if len(entries) == 0 { - return AmpModelMappingsSummary{} - } - sort.Strings(entries) - sum := sha256.Sum256([]byte(strings.Join(entries, "|"))) - return AmpModelMappingsSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(entries), - } -} diff --git a/internal/watcher/diff/oauth_excluded_test.go b/internal/watcher/diff/oauth_excluded_test.go deleted file mode 100644 index fec7ec0d1b..0000000000 --- a/internal/watcher/diff/oauth_excluded_test.go +++ /dev/null @@ -1,109 +0,0 @@ -package diff - -import ( - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -func TestSummarizeExcludedModels_NormalizesAndDedupes(t *testing.T) { - summary := SummarizeExcludedModels([]string{"A", " a ", "B", "b"}) - if summary.count != 2 { - t.Fatalf("expected 2 unique entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeExcludedModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } -} - -func TestDiffOAuthExcludedModelChanges(t *testing.T) { - oldMap := map[string][]string{ - "ProviderA": {"model-1", "model-2"}, - "providerB": {"x"}, - } - newMap := map[string][]string{ - "providerA": {"model-1", "model-3"}, - "providerC": {"y"}, - } - - changes, affected := DiffOAuthExcludedModelChanges(oldMap, newMap) - expectContains(t, changes, "oauth-excluded-models[providera]: updated (2 -> 2 entries)") - expectContains(t, changes, "oauth-excluded-models[providerb]: removed") - expectContains(t, changes, "oauth-excluded-models[providerc]: added (1 entries)") - - if len(affected) != 3 { - t.Fatalf("expected 3 affected providers, got %d", len(affected)) - } -} - -func TestSummarizeAmpModelMappings(t *testing.T) { - summary := SummarizeAmpModelMappings([]config.AmpModelMapping{ - {From: "a", To: "A"}, - {From: "b", To: "B"}, - {From: " ", To: " "}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 entries, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeAmpModelMappings(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeAmpModelMappings([]config.AmpModelMapping{{From: " ", To: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank mappings ignored, got %+v", blank) - } -} - -func TestSummarizeOAuthExcludedModels_NormalizesKeys(t *testing.T) { - out := SummarizeOAuthExcludedModels(map[string][]string{ - "ProvA": {"X"}, - "": {"ignored"}, - }) - if len(out) != 1 { - t.Fatalf("expected only non-empty key summary, got %d", len(out)) - } - if _, ok := out["prova"]; !ok { - t.Fatalf("expected normalized key 'prova', got keys %v", out) - } - if out["prova"].count != 1 || out["prova"].hash == "" { - t.Fatalf("unexpected summary %+v", out["prova"]) - } - if outEmpty := SummarizeOAuthExcludedModels(nil); outEmpty != nil { - t.Fatalf("expected nil map for nil input, got %v", outEmpty) - } -} - -func TestSummarizeVertexModels(t *testing.T) { - summary := SummarizeVertexModels([]config.VertexCompatModel{ - {Name: "m1"}, - {Name: " ", Alias: "alias"}, - {}, // ignored - }) - if summary.count != 2 { - t.Fatalf("expected 2 vertex models, got %d", summary.count) - } - if summary.hash == "" { - t.Fatal("expected non-empty hash") - } - if empty := SummarizeVertexModels(nil); empty.count != 0 || empty.hash != "" { - t.Fatalf("expected empty summary for nil input, got %+v", empty) - } - if blank := SummarizeVertexModels([]config.VertexCompatModel{{Name: " "}}); blank.count != 0 || blank.hash != "" { - t.Fatalf("expected blank model ignored, got %+v", blank) - } -} - -func expectContains(t *testing.T, list []string, target string) { - t.Helper() - for _, entry := range list { - if entry == target { - return - } - } - t.Fatalf("expected list to contain %q, got %#v", target, list) -} diff --git a/internal/watcher/diff/oauth_model_alias.go b/internal/watcher/diff/oauth_model_alias.go deleted file mode 100644 index f1fdaf74e3..0000000000 --- a/internal/watcher/diff/oauth_model_alias.go +++ /dev/null @@ -1,101 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -type OAuthModelAliasSummary struct { - hash string - count int -} - -// SummarizeOAuthModelAlias summarizes OAuth model alias per channel. -func SummarizeOAuthModelAlias(entries map[string][]config.OAuthModelAlias) map[string]OAuthModelAliasSummary { - if len(entries) == 0 { - return nil - } - out := make(map[string]OAuthModelAliasSummary, len(entries)) - for k, v := range entries { - key := strings.ToLower(strings.TrimSpace(k)) - if key == "" { - continue - } - out[key] = summarizeOAuthModelAliasList(v) - } - if len(out) == 0 { - return nil - } - return out -} - -// DiffOAuthModelAliasChanges compares OAuth model alias maps. -func DiffOAuthModelAliasChanges(oldMap, newMap map[string][]config.OAuthModelAlias) ([]string, []string) { - oldSummary := SummarizeOAuthModelAlias(oldMap) - newSummary := SummarizeOAuthModelAlias(newMap) - keys := make(map[string]struct{}, len(oldSummary)+len(newSummary)) - for k := range oldSummary { - keys[k] = struct{}{} - } - for k := range newSummary { - keys[k] = struct{}{} - } - changes := make([]string, 0, len(keys)) - affected := make([]string, 0, len(keys)) - for key := range keys { - oldInfo, okOld := oldSummary[key] - newInfo, okNew := newSummary[key] - switch { - case okOld && !okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: removed", key)) - affected = append(affected, key) - case !okOld && okNew: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: added (%d entries)", key, newInfo.count)) - affected = append(affected, key) - case okOld && okNew && oldInfo.hash != newInfo.hash: - changes = append(changes, fmt.Sprintf("oauth-model-alias[%s]: updated (%d -> %d entries)", key, oldInfo.count, newInfo.count)) - affected = append(affected, key) - } - } - sort.Strings(changes) - sort.Strings(affected) - return changes, affected -} - -func summarizeOAuthModelAliasList(list []config.OAuthModelAlias) OAuthModelAliasSummary { - if len(list) == 0 { - return OAuthModelAliasSummary{} - } - seen := make(map[string]struct{}, len(list)) - normalized := make([]string, 0, len(list)) - for _, alias := range list { - name := strings.ToLower(strings.TrimSpace(alias.Name)) - aliasVal := strings.ToLower(strings.TrimSpace(alias.Alias)) - if name == "" || aliasVal == "" { - continue - } - key := name + "->" + aliasVal - if alias.Fork { - key += "|fork" - } - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - normalized = append(normalized, key) - } - if len(normalized) == 0 { - return OAuthModelAliasSummary{} - } - sort.Strings(normalized) - sum := sha256.Sum256([]byte(strings.Join(normalized, "|"))) - return OAuthModelAliasSummary{ - hash: hex.EncodeToString(sum[:]), - count: len(normalized), - } -} diff --git a/internal/watcher/diff/openai_compat.go b/internal/watcher/diff/openai_compat.go deleted file mode 100644 index 1017a7d4ce..0000000000 --- a/internal/watcher/diff/openai_compat.go +++ /dev/null @@ -1,183 +0,0 @@ -package diff - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// DiffOpenAICompatibility produces human-readable change descriptions. -func DiffOpenAICompatibility(oldList, newList []config.OpenAICompatibility) []string { - changes := make([]string, 0) - oldMap := make(map[string]config.OpenAICompatibility, len(oldList)) - oldLabels := make(map[string]string, len(oldList)) - for idx, entry := range oldList { - key, label := openAICompatKey(entry, idx) - oldMap[key] = entry - oldLabels[key] = label - } - newMap := make(map[string]config.OpenAICompatibility, len(newList)) - newLabels := make(map[string]string, len(newList)) - for idx, entry := range newList { - key, label := openAICompatKey(entry, idx) - newMap[key] = entry - newLabels[key] = label - } - keySet := make(map[string]struct{}, len(oldMap)+len(newMap)) - for key := range oldMap { - keySet[key] = struct{}{} - } - for key := range newMap { - keySet[key] = struct{}{} - } - orderedKeys := make([]string, 0, len(keySet)) - for key := range keySet { - orderedKeys = append(orderedKeys, key) - } - sort.Strings(orderedKeys) - for _, key := range orderedKeys { - oldEntry, oldOk := oldMap[key] - newEntry, newOk := newMap[key] - label := oldLabels[key] - if label == "" { - label = newLabels[key] - } - switch { - case !oldOk: - changes = append(changes, fmt.Sprintf("provider added: %s (api-keys=%d, models=%d)", label, countAPIKeys(newEntry), countOpenAIModels(newEntry.Models))) - case !newOk: - changes = append(changes, fmt.Sprintf("provider removed: %s (api-keys=%d, models=%d)", label, countAPIKeys(oldEntry), countOpenAIModels(oldEntry.Models))) - default: - if detail := describeOpenAICompatibilityUpdate(oldEntry, newEntry); detail != "" { - changes = append(changes, fmt.Sprintf("provider updated: %s %s", label, detail)) - } - } - } - return changes -} - -func describeOpenAICompatibilityUpdate(oldEntry, newEntry config.OpenAICompatibility) string { - oldKeyCount := countAPIKeys(oldEntry) - newKeyCount := countAPIKeys(newEntry) - oldModelCount := countOpenAIModels(oldEntry.Models) - newModelCount := countOpenAIModels(newEntry.Models) - details := make([]string, 0, 3) - if oldKeyCount != newKeyCount { - details = append(details, fmt.Sprintf("api-keys %d -> %d", oldKeyCount, newKeyCount)) - } - if oldModelCount != newModelCount { - details = append(details, fmt.Sprintf("models %d -> %d", oldModelCount, newModelCount)) - } - if !equalStringMap(oldEntry.Headers, newEntry.Headers) { - details = append(details, "headers updated") - } - if len(details) == 0 { - return "" - } - return "(" + strings.Join(details, ", ") + ")" -} - -func countAPIKeys(entry config.OpenAICompatibility) int { - count := 0 - for _, keyEntry := range entry.APIKeyEntries { - if strings.TrimSpace(keyEntry.APIKey) != "" { - count++ - } - } - return count -} - -func countOpenAIModels(models []config.OpenAICompatibilityModel) int { - count := 0 - for _, model := range models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - count++ - } - return count -} - -func openAICompatKey(entry config.OpenAICompatibility, index int) (string, string) { - name := strings.TrimSpace(entry.Name) - if name != "" { - return "name:" + name, name - } - base := strings.TrimSpace(entry.BaseURL) - if base != "" { - return "base:" + base, base - } - for _, model := range entry.Models { - alias := strings.TrimSpace(model.Alias) - if alias == "" { - alias = strings.TrimSpace(model.Name) - } - if alias != "" { - return "alias:" + alias, alias - } - } - sig := openAICompatSignature(entry) - if sig == "" { - return fmt.Sprintf("index:%d", index), fmt.Sprintf("entry-%d", index+1) - } - short := sig - if len(short) > 8 { - short = short[:8] - } - return "sig:" + sig, "compat-" + short -} - -func openAICompatSignature(entry config.OpenAICompatibility) string { - var parts []string - - if v := strings.TrimSpace(entry.Name); v != "" { - parts = append(parts, "name="+strings.ToLower(v)) - } - if v := strings.TrimSpace(entry.BaseURL); v != "" { - parts = append(parts, "base="+v) - } - - models := make([]string, 0, len(entry.Models)) - for _, model := range entry.Models { - name := strings.TrimSpace(model.Name) - alias := strings.TrimSpace(model.Alias) - if name == "" && alias == "" { - continue - } - models = append(models, strings.ToLower(name)+"|"+strings.ToLower(alias)) - } - if len(models) > 0 { - sort.Strings(models) - parts = append(parts, "models="+strings.Join(models, ",")) - } - - if len(entry.Headers) > 0 { - keys := make([]string, 0, len(entry.Headers)) - for k := range entry.Headers { - if trimmed := strings.TrimSpace(k); trimmed != "" { - keys = append(keys, strings.ToLower(trimmed)) - } - } - if len(keys) > 0 { - sort.Strings(keys) - parts = append(parts, "headers="+strings.Join(keys, ",")) - } - } - - // Intentionally exclude API key material; only count non-empty entries. - if count := countAPIKeys(entry); count > 0 { - parts = append(parts, fmt.Sprintf("api_keys=%d", count)) - } - - if len(parts) == 0 { - return "" - } - sum := sha256.Sum256([]byte(strings.Join(parts, "|"))) - return hex.EncodeToString(sum[:]) -} diff --git a/internal/watcher/diff/openai_compat_test.go b/internal/watcher/diff/openai_compat_test.go deleted file mode 100644 index d0a5454ae1..0000000000 --- a/internal/watcher/diff/openai_compat_test.go +++ /dev/null @@ -1,187 +0,0 @@ -package diff - -import ( - "strings" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -func TestDiffOpenAICompatibility(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - }, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-a"}, - {APIKey: "key-b"}, - }, - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: "m2"}, - }, - Headers: map[string]string{"X-Test": "1"}, - }, - { - Name: "provider-b", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-b"}}, - }, - } - - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider added: provider-b (api-keys=1, models=0)") - expectContains(t, changes, "provider updated: provider-a (api-keys 1 -> 2, models 1 -> 2, headers updated)") -} - -func TestDiffOpenAICompatibility_RemovedAndUnchanged(t *testing.T) { - oldList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - newList := []config.OpenAICompatibility{ - { - Name: "provider-a", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "key-a"}}, - Models: []config.OpenAICompatibilityModel{{Name: "m1"}}, - }, - } - if changes := DiffOpenAICompatibility(oldList, newList); len(changes) != 0 { - t.Fatalf("expected no changes, got %v", changes) - } - - newList = nil - changes := DiffOpenAICompatibility(oldList, newList) - expectContains(t, changes, "provider removed: provider-a (api-keys=1, models=1)") -} - -func TestOpenAICompatKeyFallbacks(t *testing.T) { - entry := config.OpenAICompatibility{ - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{{Alias: "alias-only"}}, - } - key, label := openAICompatKey(entry, 0) - if key != "base:http://base" || label != "http://base" { - t.Fatalf("expected base key, got %s/%s", key, label) - } - - entry.BaseURL = "" - key, label = openAICompatKey(entry, 1) - if key != "alias:alias-only" || label != "alias-only" { - t.Fatalf("expected alias fallback, got %s/%s", key, label) - } - - entry.Models = nil - key, label = openAICompatKey(entry, 2) - if key != "index:2" || label != "entry-3" { - t.Fatalf("expected index fallback, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_UsesName(t *testing.T) { - entry := config.OpenAICompatibility{Name: "My-Provider"} - key, label := openAICompatKey(entry, 0) - if key != "name:My-Provider" || label != "My-Provider" { - t.Fatalf("expected name key, got %s/%s", key, label) - } -} - -func TestOpenAICompatKey_SignatureFallbackWhenOnlyAPIKeys(t *testing.T) { - entry := config.OpenAICompatibility{ - APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "k1"}, {APIKey: "k2"}}, - } - key, label := openAICompatKey(entry, 0) - if !strings.HasPrefix(key, "sig:") || !strings.HasPrefix(label, "compat-") { - t.Fatalf("expected signature key, got %s/%s", key, label) - } -} - -func TestOpenAICompatSignature_EmptyReturnsEmpty(t *testing.T) { - if got := openAICompatSignature(config.OpenAICompatibility{}); got != "" { - t.Fatalf("expected empty signature, got %q", got) - } -} - -func TestOpenAICompatSignature_StableAndNormalized(t *testing.T) { - a := config.OpenAICompatibility{ - Name: " Provider ", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: " "}, - {Alias: "A1"}, - }, - Headers: map[string]string{ - "X-Test": "1", - " ": "ignored", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k1"}, - {APIKey: " "}, - }, - } - b := config.OpenAICompatibility{ - Name: "provider", - BaseURL: "http://base", - Models: []config.OpenAICompatibilityModel{ - {Alias: "a1"}, - {Name: "m1"}, - }, - Headers: map[string]string{ - "x-test": "2", - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "k2"}, - }, - } - - sigA := openAICompatSignature(a) - sigB := openAICompatSignature(b) - if sigA == "" || sigB == "" { - t.Fatalf("expected non-empty signatures, got %q / %q", sigA, sigB) - } - if sigA != sigB { - t.Fatalf("expected normalized signatures to match, got %s / %s", sigA, sigB) - } - - c := b - c.Models = append(c.Models, config.OpenAICompatibilityModel{Name: "m2"}) - if sigC := openAICompatSignature(c); sigC == sigB { - t.Fatalf("expected signature to change when models change, got %s", sigC) - } -} - -func TestCountOpenAIModelsSkipsBlanks(t *testing.T) { - models := []config.OpenAICompatibilityModel{ - {Name: "m1"}, - {Name: ""}, - {Alias: ""}, - {Name: " "}, - {Alias: "a1"}, - } - if got := countOpenAIModels(models); got != 2 { - t.Fatalf("expected 2 counted models, got %d", got) - } -} - -func TestOpenAICompatKeyUsesModelNameWhenAliasEmpty(t *testing.T) { - entry := config.OpenAICompatibility{ - Models: []config.OpenAICompatibilityModel{{Name: "model-name"}}, - } - key, label := openAICompatKey(entry, 5) - if key != "alias:model-name" || label != "model-name" { - t.Fatalf("expected model-name fallback, got %s/%s", key, label) - } -} diff --git a/internal/watcher/dispatcher.go b/internal/watcher/dispatcher.go deleted file mode 100644 index d28c71a386..0000000000 --- a/internal/watcher/dispatcher.go +++ /dev/null @@ -1,281 +0,0 @@ -// dispatcher.go implements auth update dispatching and queue management. -// It batches, deduplicates, and delivers auth updates to registered consumers. -package watcher - -import ( - "context" - "fmt" - "reflect" - "sync" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/synthesizer" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -func (w *Watcher) setAuthUpdateQueue(queue chan<- AuthUpdate) { - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - w.authQueue = queue - if w.dispatchCond == nil { - w.dispatchCond = sync.NewCond(&w.dispatchMu) - } - if w.dispatchCancel != nil { - w.dispatchCancel() - if w.dispatchCond != nil { - w.dispatchMu.Lock() - w.dispatchCond.Broadcast() - w.dispatchMu.Unlock() - } - w.dispatchCancel = nil - } - if queue != nil { - ctx, cancel := context.WithCancel(context.Background()) - w.dispatchCancel = cancel - go w.dispatchLoop(ctx) - } -} - -func (w *Watcher) dispatchRuntimeAuthUpdate(update AuthUpdate) bool { - if w == nil { - return false - } - w.clientsMutex.Lock() - if w.runtimeAuths == nil { - w.runtimeAuths = make(map[string]*coreauth.Auth) - } - switch update.Action { - case AuthUpdateActionAdd, AuthUpdateActionModify: - if update.Auth != nil && update.Auth.ID != "" { - clone := update.Auth.Clone() - w.runtimeAuths[clone.ID] = clone - if w.currentAuths == nil { - w.currentAuths = make(map[string]*coreauth.Auth) - } - w.currentAuths[clone.ID] = clone.Clone() - } - case AuthUpdateActionDelete: - id := update.ID - if id == "" && update.Auth != nil { - id = update.Auth.ID - } - if id != "" { - delete(w.runtimeAuths, id) - if w.currentAuths != nil { - delete(w.currentAuths, id) - } - } - } - w.clientsMutex.Unlock() - if w.getAuthQueue() == nil { - return false - } - w.dispatchAuthUpdates([]AuthUpdate{update}) - return true -} - -func (w *Watcher) refreshAuthState(force bool) { - auths := w.SnapshotCoreAuths() - w.clientsMutex.Lock() - // Deduplicate by ID: build a set of existing IDs from SnapshotCoreAuths - existingIDs := make(map[string]bool, len(auths)) - for _, a := range auths { - if a != nil && a.ID != "" { - existingIDs[a.ID] = true - } - } - // Only add runtime auths that don't already exist in SnapshotCoreAuths - if len(w.runtimeAuths) > 0 { - for _, a := range w.runtimeAuths { - if a != nil && a.ID != "" && !existingIDs[a.ID] { - auths = append(auths, a.Clone()) - } - } - } - updates := w.prepareAuthUpdatesLocked(auths, force) - w.clientsMutex.Unlock() - w.dispatchAuthUpdates(updates) -} - -func (w *Watcher) prepareAuthUpdatesLocked(auths []*coreauth.Auth, force bool) []AuthUpdate { - newState := make(map[string]*coreauth.Auth, len(auths)) - for _, auth := range auths { - if auth == nil || auth.ID == "" { - continue - } - newState[auth.ID] = auth.Clone() - } - if w.currentAuths == nil { - w.currentAuths = newState - if w.authQueue == nil { - return nil - } - updates := make([]AuthUpdate, 0, len(newState)) - for id, auth := range newState { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionAdd, ID: id, Auth: auth.Clone()}) - } - return updates - } - if w.authQueue == nil { - w.currentAuths = newState - return nil - } - updates := make([]AuthUpdate, 0, len(newState)+len(w.currentAuths)) - for id, auth := range newState { - if existing, ok := w.currentAuths[id]; !ok { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionAdd, ID: id, Auth: auth.Clone()}) - } else if force || !authEqual(existing, auth) { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionModify, ID: id, Auth: auth.Clone()}) - } - } - for id := range w.currentAuths { - if _, ok := newState[id]; !ok { - updates = append(updates, AuthUpdate{Action: AuthUpdateActionDelete, ID: id}) - } - } - w.currentAuths = newState - return updates -} - -func (w *Watcher) dispatchAuthUpdates(updates []AuthUpdate) { - if len(updates) == 0 { - return - } - queue := w.getAuthQueue() - if queue == nil { - return - } - baseTS := time.Now().UnixNano() - w.dispatchMu.Lock() - if w.pendingUpdates == nil { - w.pendingUpdates = make(map[string]AuthUpdate) - } - for idx, update := range updates { - key := w.authUpdateKey(update, baseTS+int64(idx)) - if _, exists := w.pendingUpdates[key]; !exists { - w.pendingOrder = append(w.pendingOrder, key) - } - w.pendingUpdates[key] = update - } - if w.dispatchCond != nil { - w.dispatchCond.Signal() - } - w.dispatchMu.Unlock() -} - -func (w *Watcher) authUpdateKey(update AuthUpdate, ts int64) string { - if update.ID != "" { - return update.ID - } - return fmt.Sprintf("%s:%d", update.Action, ts) -} - -func (w *Watcher) dispatchLoop(ctx context.Context) { - for { - batch, ok := w.nextPendingBatch(ctx) - if !ok { - return - } - queue := w.getAuthQueue() - if queue == nil { - if ctx.Err() != nil { - return - } - time.Sleep(10 * time.Millisecond) - continue - } - for _, update := range batch { - select { - case queue <- update: - case <-ctx.Done(): - return - } - } - } -} - -func (w *Watcher) nextPendingBatch(ctx context.Context) ([]AuthUpdate, bool) { - w.dispatchMu.Lock() - defer w.dispatchMu.Unlock() - for len(w.pendingOrder) == 0 { - if ctx.Err() != nil { - return nil, false - } - w.dispatchCond.Wait() - if ctx.Err() != nil { - return nil, false - } - } - batch := make([]AuthUpdate, 0, len(w.pendingOrder)) - for _, key := range w.pendingOrder { - batch = append(batch, w.pendingUpdates[key]) - delete(w.pendingUpdates, key) - } - w.pendingOrder = w.pendingOrder[:0] - return batch, true -} - -func (w *Watcher) getAuthQueue() chan<- AuthUpdate { - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - return w.authQueue -} - -func (w *Watcher) stopDispatch() { - if w.dispatchCancel != nil { - w.dispatchCancel() - w.dispatchCancel = nil - } - w.dispatchMu.Lock() - w.pendingOrder = nil - w.pendingUpdates = nil - if w.dispatchCond != nil { - w.dispatchCond.Broadcast() - } - w.dispatchMu.Unlock() - w.clientsMutex.Lock() - w.authQueue = nil - w.clientsMutex.Unlock() -} - -func authEqual(a, b *coreauth.Auth) bool { - return reflect.DeepEqual(normalizeAuth(a), normalizeAuth(b)) -} - -func normalizeAuth(a *coreauth.Auth) *coreauth.Auth { - if a == nil { - return nil - } - clone := a.Clone() - clone.CreatedAt = time.Time{} - clone.UpdatedAt = time.Time{} - clone.LastRefreshedAt = time.Time{} - clone.NextRefreshAfter = time.Time{} - clone.Runtime = nil - clone.Quota.NextRecoverAt = time.Time{} - return clone -} - -func snapshotCoreAuths(cfg *config.Config, authDir string) []*coreauth.Auth { - ctx := &synthesizer.SynthesisContext{ - Config: cfg, - AuthDir: authDir, - Now: time.Now(), - IDGenerator: synthesizer.NewStableIDGenerator(), - } - - var out []*coreauth.Auth - - configSynth := synthesizer.NewConfigSynthesizer() - if auths, err := configSynth.Synthesize(ctx); err == nil { - out = append(out, auths...) - } - - fileSynth := synthesizer.NewFileSynthesizer() - if auths, err := fileSynth.Synthesize(ctx); err == nil { - out = append(out, auths...) - } - - return out -} diff --git a/internal/watcher/events.go b/internal/watcher/events.go deleted file mode 100644 index f3e547a986..0000000000 --- a/internal/watcher/events.go +++ /dev/null @@ -1,262 +0,0 @@ -// events.go implements fsnotify event handling for config and auth file changes. -// It normalizes paths, debounces noisy events, and triggers reload/update logic. -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/hex" - "os" - "path/filepath" - "runtime" - "strings" - "time" - - "github.com/fsnotify/fsnotify" - kiroauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kiro" - log "github.com/sirupsen/logrus" -) - -func matchProvider(provider string, targets []string) (string, bool) { - p := strings.ToLower(strings.TrimSpace(provider)) - for _, t := range targets { - if strings.EqualFold(p, strings.TrimSpace(t)) { - return p, true - } - } - return p, false -} - -func (w *Watcher) start(ctx context.Context) error { - if errAddConfig := w.watcher.Add(w.configPath); errAddConfig != nil { - log.Errorf("failed to watch config file %s: %v", w.configPath, errAddConfig) - return errAddConfig - } - log.Debugf("watching config file: %s", w.configPath) - - if errAddAuthDir := w.watcher.Add(w.authDir); errAddAuthDir != nil { - log.Errorf("failed to watch auth directory %s: %v", w.authDir, errAddAuthDir) - return errAddAuthDir - } - log.Debugf("watching auth directory: %s", w.authDir) - - w.watchKiroIDETokenFile() - - go w.processEvents(ctx) - - w.reloadClients(true, nil, false) - return nil -} - -func (w *Watcher) watchKiroIDETokenFile() { - homeDir, err := os.UserHomeDir() - if err != nil { - log.Debugf("failed to get home directory for Kiro IDE token watch: %v", err) - return - } - - kiroTokenDir := filepath.Join(homeDir, ".aws", "sso", "cache") - - if _, statErr := os.Stat(kiroTokenDir); os.IsNotExist(statErr) { - log.Debugf("Kiro IDE token directory does not exist: %s", kiroTokenDir) - return - } - - if errAdd := w.watcher.Add(kiroTokenDir); errAdd != nil { - log.Debugf("failed to watch Kiro IDE token directory %s: %v", kiroTokenDir, errAdd) - return - } - log.Debugf("watching Kiro IDE token directory: %s", kiroTokenDir) -} - -func (w *Watcher) processEvents(ctx context.Context) { - for { - select { - case <-ctx.Done(): - return - case event, ok := <-w.watcher.Events: - if !ok { - return - } - w.handleEvent(event) - case errWatch, ok := <-w.watcher.Errors: - if !ok { - return - } - log.Errorf("file watcher error: %v", errWatch) - } - } -} - -func (w *Watcher) handleEvent(event fsnotify.Event) { - // Filter only relevant events: config file or auth-dir JSON files. - configOps := fsnotify.Write | fsnotify.Create | fsnotify.Rename - normalizedName := w.normalizeAuthPath(event.Name) - normalizedConfigPath := w.normalizeAuthPath(w.configPath) - normalizedAuthDir := w.normalizeAuthPath(w.authDir) - isConfigEvent := normalizedName == normalizedConfigPath && event.Op&configOps != 0 - authOps := fsnotify.Create | fsnotify.Write | fsnotify.Remove | fsnotify.Rename - isAuthJSON := strings.HasPrefix(normalizedName, normalizedAuthDir) && strings.HasSuffix(normalizedName, ".json") && event.Op&authOps != 0 - isKiroIDEToken := w.isKiroIDETokenFile(event.Name) && event.Op&authOps != 0 - if !isConfigEvent && !isAuthJSON && !isKiroIDEToken { - // Ignore unrelated files (e.g., cookie snapshots *.cookie) and other noise. - return - } - - if isKiroIDEToken { - w.handleKiroIDETokenChange(event) - return - } - - now := time.Now() - log.Debugf("file system event detected: %s %s", event.Op.String(), event.Name) - - // Handle config file changes - if isConfigEvent { - log.Debugf("config file change details - operation: %s, timestamp: %s", event.Op.String(), now.Format("2006-01-02 15:04:05.000")) - w.scheduleConfigReload() - return - } - - // Handle auth directory changes incrementally (.json only) - if event.Op&(fsnotify.Remove|fsnotify.Rename) != 0 { - if w.shouldDebounceRemove(normalizedName, now) { - log.Debugf("debouncing remove event for %s", filepath.Base(event.Name)) - return - } - // Atomic replace on some platforms may surface as Rename (or Remove) before the new file is ready. - // Wait briefly; if the path exists again, treat as an update instead of removal. - time.Sleep(replaceCheckDelay) - if _, statErr := os.Stat(event.Name); statErr == nil { - if unchanged, errSame := w.authFileUnchanged(event.Name); errSame == nil && unchanged { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(event.Name)) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", event.Op.String(), filepath.Base(event.Name)) - w.addOrUpdateClient(event.Name) - return - } - if !w.isKnownAuthFile(event.Name) { - log.Debugf("ignoring remove for unknown auth file: %s", filepath.Base(event.Name)) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", event.Op.String(), filepath.Base(event.Name)) - w.removeClient(event.Name) - return - } - if event.Op&(fsnotify.Create|fsnotify.Write) != 0 { - if unchanged, errSame := w.authFileUnchanged(event.Name); errSame == nil && unchanged { - log.Debugf("auth file unchanged (hash match), skipping reload: %s", filepath.Base(event.Name)) - return - } - log.Infof("auth file changed (%s): %s, processing incrementally", event.Op.String(), filepath.Base(event.Name)) - w.addOrUpdateClient(event.Name) - } -} - -func (w *Watcher) isKiroIDETokenFile(path string) bool { - normalized := filepath.ToSlash(path) - return strings.HasSuffix(normalized, "kiro-auth-token.json") && strings.Contains(normalized, ".aws/sso/cache") -} - -func (w *Watcher) handleKiroIDETokenChange(event fsnotify.Event) { - log.Debugf("Kiro IDE token file event detected: %s %s", event.Op.String(), event.Name) - - if event.Op&(fsnotify.Remove|fsnotify.Rename) != 0 { - time.Sleep(replaceCheckDelay) - if _, statErr := os.Stat(event.Name); statErr != nil { - log.Debugf("Kiro IDE token file removed: %s", event.Name) - return - } - } - - // Use retry logic to handle file lock contention (e.g., Kiro IDE writing the file) - // This prevents "being used by another process" errors on Windows - tokenData, err := kiroauth.LoadKiroIDETokenWithRetry(10, 50*time.Millisecond) - if err != nil { - log.Debugf("failed to load Kiro IDE token after change: %v", err) - return - } - - log.Infof("Kiro IDE token file updated, access token refreshed (provider: %s)", tokenData.Provider) - - w.refreshAuthState(true) - - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - - if w.reloadCallback != nil && cfg != nil { - log.Debugf("triggering server update callback after Kiro IDE token change") - w.reloadCallback(cfg) - } -} - -func (w *Watcher) authFileUnchanged(path string) (bool, error) { - data, errRead := os.ReadFile(path) - if errRead != nil { - return false, errRead - } - if len(data) == 0 { - return false, nil - } - sum := sha256.Sum256(data) - curHash := hex.EncodeToString(sum[:]) - - normalized := w.normalizeAuthPath(path) - w.clientsMutex.RLock() - prevHash, ok := w.lastAuthHashes[normalized] - w.clientsMutex.RUnlock() - if ok && prevHash == curHash { - return true, nil - } - return false, nil -} - -func (w *Watcher) isKnownAuthFile(path string) bool { - normalized := w.normalizeAuthPath(path) - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - _, ok := w.lastAuthHashes[normalized] - return ok -} - -func (w *Watcher) normalizeAuthPath(path string) string { - trimmed := strings.TrimSpace(path) - if trimmed == "" { - return "" - } - cleaned := filepath.Clean(trimmed) - if runtime.GOOS == "windows" { - cleaned = strings.TrimPrefix(cleaned, `\\?\`) - cleaned = strings.ToLower(cleaned) - } - return cleaned -} - -func (w *Watcher) shouldDebounceRemove(normalizedPath string, now time.Time) bool { - if normalizedPath == "" { - return false - } - w.clientsMutex.Lock() - if w.lastRemoveTimes == nil { - w.lastRemoveTimes = make(map[string]time.Time) - } - if last, ok := w.lastRemoveTimes[normalizedPath]; ok { - if now.Sub(last) < authRemoveDebounceWindow { - w.clientsMutex.Unlock() - return true - } - } - w.lastRemoveTimes[normalizedPath] = now - if len(w.lastRemoveTimes) > 128 { - cutoff := now.Add(-2 * authRemoveDebounceWindow) - for p, t := range w.lastRemoveTimes { - if t.Before(cutoff) { - delete(w.lastRemoveTimes, p) - } - } - } - w.clientsMutex.Unlock() - return false -} diff --git a/internal/watcher/synthesizer/config.go b/internal/watcher/synthesizer/config.go deleted file mode 100644 index 9bd9b8c2b6..0000000000 --- a/internal/watcher/synthesizer/config.go +++ /dev/null @@ -1,419 +0,0 @@ -package synthesizer - -import ( - "fmt" - "strconv" - "strings" - - kiroauth "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/auth/kiro" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/diff" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// ConfigSynthesizer generates Auth entries from configuration API keys. -// It handles Gemini, Claude, Codex, OpenAI-compat, and Vertex-compat providers. -type ConfigSynthesizer struct{} - -// NewConfigSynthesizer creates a new ConfigSynthesizer instance. -func NewConfigSynthesizer() *ConfigSynthesizer { - return &ConfigSynthesizer{} -} - -// Synthesize generates Auth entries from config API keys. -func (s *ConfigSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 32) - if ctx == nil || ctx.Config == nil { - return out, nil - } - - // Gemini API Keys - out = append(out, s.synthesizeGeminiKeys(ctx)...) - // Claude API Keys - out = append(out, s.synthesizeClaudeKeys(ctx)...) - // Codex API Keys - out = append(out, s.synthesizeCodexKeys(ctx)...) - // Kiro (AWS CodeWhisperer) - out = append(out, s.synthesizeKiroKeys(ctx)...) - // OpenAI-compat - out = append(out, s.synthesizeOpenAICompat(ctx)...) - // Vertex-compat - out = append(out, s.synthesizeVertexCompat(ctx)...) - - return out, nil -} - -// synthesizeGeminiKeys creates Auth entries for Gemini API keys. -func (s *ConfigSynthesizer) synthesizeGeminiKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.GeminiKey)) - for i := range cfg.GeminiKey { - entry := cfg.GeminiKey[i] - key := strings.TrimSpace(entry.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(entry.Prefix) - base := strings.TrimSpace(entry.BaseURL) - proxyURL := strings.TrimSpace(entry.ProxyURL) - id, token := idGen.Next("gemini:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:gemini[%s]", token), - "api_key": key, - } - if entry.Priority != 0 { - attrs["priority"] = strconv.Itoa(entry.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeGeminiModelsHash(entry.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(entry.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: "gemini", - Label: "gemini-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, entry.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeClaudeKeys creates Auth entries for Claude API keys. -func (s *ConfigSynthesizer) synthesizeClaudeKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.ClaudeKey)) - for i := range cfg.ClaudeKey { - ck := cfg.ClaudeKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - base := strings.TrimSpace(ck.BaseURL) - id, token := idGen.Next("claude:apikey", key, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:claude[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if base != "" { - attrs["base_url"] = base - } - if hash := diff.ComputeClaudeModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "claude", - Label: "claude-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeCodexKeys creates Auth entries for Codex API keys. -func (s *ConfigSynthesizer) synthesizeCodexKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.CodexKey)) - for i := range cfg.CodexKey { - ck := cfg.CodexKey[i] - key := strings.TrimSpace(ck.APIKey) - if key == "" { - continue - } - prefix := strings.TrimSpace(ck.Prefix) - id, token := idGen.Next("codex:apikey", key, ck.BaseURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:codex[%s]", token), - "api_key": key, - } - if ck.Priority != 0 { - attrs["priority"] = strconv.Itoa(ck.Priority) - } - if ck.BaseURL != "" { - attrs["base_url"] = ck.BaseURL - } - if ck.Websockets { - attrs["websockets"] = "true" - } - if hash := diff.ComputeCodexModelsHash(ck.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(ck.Headers, attrs) - proxyURL := strings.TrimSpace(ck.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "codex", - Label: "codex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, ck.ExcludedModels, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeOpenAICompat creates Auth entries for OpenAI-compatible providers. -func (s *ConfigSynthesizer) synthesizeOpenAICompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0) - for i := range cfg.OpenAICompatibility { - compat := &cfg.OpenAICompatibility[i] - prefix := strings.TrimSpace(compat.Prefix) - providerName := strings.ToLower(strings.TrimSpace(compat.Name)) - if providerName == "" { - providerName = "openai-compatibility" - } - base := strings.TrimSpace(compat.BaseURL) - - // Handle new APIKeyEntries format (preferred) - createdEntries := 0 - for j := range compat.APIKeyEntries { - entry := &compat.APIKeyEntries[j] - key := strings.TrimSpace(entry.APIKey) - proxyURL := strings.TrimSpace(entry.ProxyURL) - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, key, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if key != "" { - attrs["api_key"] = key - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - createdEntries++ - } - // Fallback: create entry without API key if no APIKeyEntries - if createdEntries == 0 { - idKind := fmt.Sprintf("openai-compatibility:%s", providerName) - id, token := idGen.Next(idKind, base) - attrs := map[string]string{ - "source": fmt.Sprintf("config:%s[%s]", providerName, token), - "base_url": base, - "compat_name": compat.Name, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if hash := diff.ComputeOpenAICompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: compat.Name, - Prefix: prefix, - Status: coreauth.StatusActive, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - out = append(out, a) - } - } - return out -} - -// synthesizeVertexCompat creates Auth entries for Vertex-compatible providers. -func (s *ConfigSynthesizer) synthesizeVertexCompat(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - out := make([]*coreauth.Auth, 0, len(cfg.VertexCompatAPIKey)) - for i := range cfg.VertexCompatAPIKey { - compat := &cfg.VertexCompatAPIKey[i] - providerName := "vertex" - base := strings.TrimSpace(compat.BaseURL) - - key := strings.TrimSpace(compat.APIKey) - prefix := strings.TrimSpace(compat.Prefix) - proxyURL := strings.TrimSpace(compat.ProxyURL) - idKind := "vertex:apikey" - id, token := idGen.Next(idKind, key, base, proxyURL) - attrs := map[string]string{ - "source": fmt.Sprintf("config:vertex-apikey[%s]", token), - "base_url": base, - "provider_key": providerName, - } - if compat.Priority != 0 { - attrs["priority"] = strconv.Itoa(compat.Priority) - } - if key != "" { - attrs["api_key"] = key - } - if hash := diff.ComputeVertexCompatModelsHash(compat.Models); hash != "" { - attrs["models_hash"] = hash - } - addConfigHeadersToAttrs(compat.Headers, attrs) - a := &coreauth.Auth{ - ID: id, - Provider: providerName, - Label: "vertex-apikey", - Prefix: prefix, - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - ApplyAuthExcludedModelsMeta(a, cfg, nil, "apikey") - out = append(out, a) - } - return out -} - -// synthesizeKiroKeys creates Auth entries for Kiro (AWS CodeWhisperer) tokens. -func (s *ConfigSynthesizer) synthesizeKiroKeys(ctx *SynthesisContext) []*coreauth.Auth { - cfg := ctx.Config - now := ctx.Now - idGen := ctx.IDGenerator - - if len(cfg.KiroKey) == 0 { - return nil - } - - out := make([]*coreauth.Auth, 0, len(cfg.KiroKey)) - kAuth := kiroauth.NewKiroAuth(cfg) - - for i := range cfg.KiroKey { - kk := cfg.KiroKey[i] - var accessToken, profileArn, refreshToken string - - // Try to load from token file first - if kk.TokenFile != "" && kAuth != nil { - tokenData, err := kAuth.LoadTokenFromFile(kk.TokenFile) - if err != nil { - log.Warnf("failed to load kiro token file %s: %v", kk.TokenFile, err) - } else { - accessToken = tokenData.AccessToken - profileArn = tokenData.ProfileArn - refreshToken = tokenData.RefreshToken - } - } - - // Override with direct config values if provided - if kk.AccessToken != "" { - accessToken = kk.AccessToken - } - if kk.ProfileArn != "" { - profileArn = kk.ProfileArn - } - if kk.RefreshToken != "" { - refreshToken = kk.RefreshToken - } - - if accessToken == "" { - log.Warnf("kiro config[%d] missing access_token, skipping", i) - continue - } - - // profileArn is optional for AWS Builder ID users - id, token := idGen.Next("kiro:token", accessToken, profileArn) - attrs := map[string]string{ - "source": fmt.Sprintf("config:kiro[%s]", token), - "access_token": accessToken, - } - if profileArn != "" { - attrs["profile_arn"] = profileArn - } - if kk.Region != "" { - attrs["region"] = kk.Region - } - if kk.AgentTaskType != "" { - attrs["agent_task_type"] = kk.AgentTaskType - } - if kk.PreferredEndpoint != "" { - attrs["preferred_endpoint"] = kk.PreferredEndpoint - } else if cfg.KiroPreferredEndpoint != "" { - // Apply global default if not overridden by specific key - attrs["preferred_endpoint"] = cfg.KiroPreferredEndpoint - } - if refreshToken != "" { - attrs["refresh_token"] = refreshToken - } - proxyURL := strings.TrimSpace(kk.ProxyURL) - a := &coreauth.Auth{ - ID: id, - Provider: "kiro", - Label: "kiro-token", - Status: coreauth.StatusActive, - ProxyURL: proxyURL, - Attributes: attrs, - CreatedAt: now, - UpdatedAt: now, - } - - if refreshToken != "" { - if a.Metadata == nil { - a.Metadata = make(map[string]any) - } - a.Metadata["refresh_token"] = refreshToken - } - - out = append(out, a) - } - return out -} diff --git a/internal/watcher/synthesizer/config_test.go b/internal/watcher/synthesizer/config_test.go deleted file mode 100644 index 2afbb175dd..0000000000 --- a/internal/watcher/synthesizer/config_test.go +++ /dev/null @@ -1,617 +0,0 @@ -package synthesizer - -import ( - "testing" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -func TestNewConfigSynthesizer(t *testing.T) { - synth := NewConfigSynthesizer() - if synth == nil { - t.Fatal("expected non-nil synthesizer") - } -} - -func TestConfigSynthesizer_Synthesize_NilContext(t *testing.T) { - synth := NewConfigSynthesizer() - auths, err := synth.Synthesize(nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestConfigSynthesizer_Synthesize_NilConfig(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: nil, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestConfigSynthesizer_GeminiKeys(t *testing.T) { - tests := []struct { - name string - geminiKeys []config.GeminiKey - wantLen int - validate func(*testing.T, []*coreauth.Auth) - }{ - { - name: "single gemini key", - geminiKeys: []config.GeminiKey{ - {APIKey: "test-key-123", Prefix: "team-a"}, - }, - wantLen: 1, - validate: func(t *testing.T, auths []*coreauth.Auth) { - if auths[0].Provider != "gemini" { - t.Errorf("expected provider gemini, got %s", auths[0].Provider) - } - if auths[0].Prefix != "team-a" { - t.Errorf("expected prefix team-a, got %s", auths[0].Prefix) - } - if auths[0].Label != "gemini-apikey" { - t.Errorf("expected label gemini-apikey, got %s", auths[0].Label) - } - if auths[0].Attributes["api_key"] != "test-key-123" { - t.Errorf("expected api_key test-key-123, got %s", auths[0].Attributes["api_key"]) - } - if auths[0].Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", auths[0].Status) - } - }, - }, - { - name: "gemini key with base url and proxy", - geminiKeys: []config.GeminiKey{ - { - APIKey: "api-key", - BaseURL: "https://custom.api.com", - ProxyURL: "http://proxy.local:8080", - Prefix: "custom", - }, - }, - wantLen: 1, - validate: func(t *testing.T, auths []*coreauth.Auth) { - if auths[0].Attributes["base_url"] != "https://custom.api.com" { - t.Errorf("expected base_url https://custom.api.com, got %s", auths[0].Attributes["base_url"]) - } - if auths[0].ProxyURL != "http://proxy.local:8080" { - t.Errorf("expected proxy_url http://proxy.local:8080, got %s", auths[0].ProxyURL) - } - }, - }, - { - name: "gemini key with headers", - geminiKeys: []config.GeminiKey{ - { - APIKey: "api-key", - Headers: map[string]string{"X-Custom": "value"}, - }, - }, - wantLen: 1, - validate: func(t *testing.T, auths []*coreauth.Auth) { - if auths[0].Attributes["header:X-Custom"] != "value" { - t.Errorf("expected header:X-Custom=value, got %s", auths[0].Attributes["header:X-Custom"]) - } - }, - }, - { - name: "empty api key skipped", - geminiKeys: []config.GeminiKey{ - {APIKey: ""}, - {APIKey: " "}, - {APIKey: "valid-key"}, - }, - wantLen: 1, - }, - { - name: "multiple gemini keys", - geminiKeys: []config.GeminiKey{ - {APIKey: "key-1", Prefix: "a"}, - {APIKey: "key-2", Prefix: "b"}, - {APIKey: "key-3", Prefix: "c"}, - }, - wantLen: 3, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - GeminiKey: tt.geminiKeys, - }, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != tt.wantLen { - t.Fatalf("expected %d auths, got %d", tt.wantLen, len(auths)) - } - - if tt.validate != nil && len(auths) > 0 { - tt.validate(t, auths) - } - }) - } -} - -func TestConfigSynthesizer_ClaudeKeys(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - ClaudeKey: []config.ClaudeKey{ - { - APIKey: "sk-ant-api-xxx", - Prefix: "main", - BaseURL: "https://api.anthropic.com", - Models: []config.ClaudeModel{ - {Name: "claude-3-opus"}, - {Name: "claude-3-sonnet"}, - }, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "claude" { - t.Errorf("expected provider claude, got %s", auths[0].Provider) - } - if auths[0].Label != "claude-apikey" { - t.Errorf("expected label claude-apikey, got %s", auths[0].Label) - } - if auths[0].Prefix != "main" { - t.Errorf("expected prefix main, got %s", auths[0].Prefix) - } - if auths[0].Attributes["api_key"] != "sk-ant-api-xxx" { - t.Errorf("expected api_key sk-ant-api-xxx, got %s", auths[0].Attributes["api_key"]) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in attributes") - } -} - -func TestConfigSynthesizer_ClaudeKeys_SkipsEmptyAndHeaders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - ClaudeKey: []config.ClaudeKey{ - {APIKey: ""}, // empty, should be skipped - {APIKey: " "}, // whitespace, should be skipped - {APIKey: "valid-key", Headers: map[string]string{"X-Custom": "value"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth (empty keys skipped), got %d", len(auths)) - } - if auths[0].Attributes["header:X-Custom"] != "value" { - t.Errorf("expected header:X-Custom=value, got %s", auths[0].Attributes["header:X-Custom"]) - } -} - -func TestConfigSynthesizer_CodexKeys(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - CodexKey: []config.CodexKey{ - { - APIKey: "codex-key-123", - Prefix: "dev", - BaseURL: "https://api.openai.com", - ProxyURL: "http://proxy.local", - Websockets: true, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "codex" { - t.Errorf("expected provider codex, got %s", auths[0].Provider) - } - if auths[0].Label != "codex-apikey" { - t.Errorf("expected label codex-apikey, got %s", auths[0].Label) - } - if auths[0].ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", auths[0].ProxyURL) - } - if auths[0].Attributes["websockets"] != "true" { - t.Errorf("expected websockets=true, got %s", auths[0].Attributes["websockets"]) - } -} - -func TestConfigSynthesizer_CodexKeys_SkipsEmptyAndHeaders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - CodexKey: []config.CodexKey{ - {APIKey: ""}, // empty, should be skipped - {APIKey: " "}, // whitespace, should be skipped - {APIKey: "valid-key", Headers: map[string]string{"Authorization": "Bearer xyz"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth (empty keys skipped), got %d", len(auths)) - } - if auths[0].Attributes["header:Authorization"] != "Bearer xyz" { - t.Errorf("expected header:Authorization=Bearer xyz, got %s", auths[0].Attributes["header:Authorization"]) - } -} - -func TestConfigSynthesizer_OpenAICompat(t *testing.T) { - tests := []struct { - name string - compat []config.OpenAICompatibility - wantLen int - }{ - { - name: "with APIKeyEntries", - compat: []config.OpenAICompatibility{ - { - Name: "CustomProvider", - BaseURL: "https://custom.api.com", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-1"}, - {APIKey: "key-2"}, - }, - }, - }, - wantLen: 2, - }, - { - name: "empty APIKeyEntries included (legacy)", - compat: []config.OpenAICompatibility{ - { - Name: "EmptyKeys", - BaseURL: "https://empty.api.com", - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: ""}, - {APIKey: " "}, - }, - }, - }, - wantLen: 2, - }, - { - name: "without APIKeyEntries (fallback)", - compat: []config.OpenAICompatibility{ - { - Name: "NoKeyProvider", - BaseURL: "https://no-key.api.com", - }, - }, - wantLen: 1, - }, - { - name: "empty name defaults", - compat: []config.OpenAICompatibility{ - { - Name: "", - BaseURL: "https://default.api.com", - }, - }, - wantLen: 1, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: tt.compat, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != tt.wantLen { - t.Fatalf("expected %d auths, got %d", tt.wantLen, len(auths)) - } - }) - } -} - -func TestConfigSynthesizer_VertexCompat(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - VertexCompatAPIKey: []config.VertexCompatKey{ - { - APIKey: "vertex-key-123", - BaseURL: "https://vertex.googleapis.com", - Prefix: "vertex-prod", - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "vertex" { - t.Errorf("expected provider vertex, got %s", auths[0].Provider) - } - if auths[0].Label != "vertex-apikey" { - t.Errorf("expected label vertex-apikey, got %s", auths[0].Label) - } - if auths[0].Prefix != "vertex-prod" { - t.Errorf("expected prefix vertex-prod, got %s", auths[0].Prefix) - } -} - -func TestConfigSynthesizer_VertexCompat_SkipsEmptyAndHeaders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "", BaseURL: "https://vertex.api"}, // empty key creates auth without api_key attr - {APIKey: " ", BaseURL: "https://vertex.api"}, // whitespace key creates auth without api_key attr - {APIKey: "valid-key", BaseURL: "https://vertex.api", Headers: map[string]string{"X-Vertex": "test"}}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - // Vertex compat doesn't skip empty keys - it creates auths without api_key attribute - if len(auths) != 3 { - t.Fatalf("expected 3 auths, got %d", len(auths)) - } - // First two should not have api_key attribute - if _, ok := auths[0].Attributes["api_key"]; ok { - t.Error("expected first auth to not have api_key attribute") - } - if _, ok := auths[1].Attributes["api_key"]; ok { - t.Error("expected second auth to not have api_key attribute") - } - // Third should have headers - if auths[2].Attributes["header:X-Vertex"] != "test" { - t.Errorf("expected header:X-Vertex=test, got %s", auths[2].Attributes["header:X-Vertex"]) - } -} - -func TestConfigSynthesizer_OpenAICompat_WithModelsHash(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "TestProvider", - BaseURL: "https://test.api.com", - Models: []config.OpenAICompatibilityModel{ - {Name: "model-a"}, - {Name: "model-b"}, - }, - APIKeyEntries: []config.OpenAICompatibilityAPIKey{ - {APIKey: "key-with-models"}, - }, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in attributes") - } - if auths[0].Attributes["api_key"] != "key-with-models" { - t.Errorf("expected api_key key-with-models, got %s", auths[0].Attributes["api_key"]) - } -} - -func TestConfigSynthesizer_OpenAICompat_FallbackWithModels(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OpenAICompatibility: []config.OpenAICompatibility{ - { - Name: "NoKeyWithModels", - BaseURL: "https://nokey.api.com", - Models: []config.OpenAICompatibilityModel{ - {Name: "model-x"}, - }, - Headers: map[string]string{"X-API": "header-value"}, - // No APIKeyEntries - should use fallback path - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in fallback path") - } - if auths[0].Attributes["header:X-API"] != "header-value" { - t.Errorf("expected header:X-API=header-value, got %s", auths[0].Attributes["header:X-API"]) - } -} - -func TestConfigSynthesizer_VertexCompat_WithModels(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - VertexCompatAPIKey: []config.VertexCompatKey{ - { - APIKey: "vertex-key", - BaseURL: "https://vertex.api", - Models: []config.VertexCompatModel{ - {Name: "gemini-pro", Alias: "pro"}, - {Name: "gemini-ultra", Alias: "ultra"}, - }, - }, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if _, ok := auths[0].Attributes["models_hash"]; !ok { - t.Error("expected models_hash in vertex auth with models") - } -} - -func TestConfigSynthesizer_IDStability(t *testing.T) { - cfg := &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "stable-key", Prefix: "test"}, - }, - } - - // Generate IDs twice with fresh generators - synth1 := NewConfigSynthesizer() - ctx1 := &SynthesisContext{ - Config: cfg, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - auths1, _ := synth1.Synthesize(ctx1) - - synth2 := NewConfigSynthesizer() - ctx2 := &SynthesisContext{ - Config: cfg, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - auths2, _ := synth2.Synthesize(ctx2) - - if auths1[0].ID != auths2[0].ID { - t.Errorf("same config should produce same ID: got %q and %q", auths1[0].ID, auths2[0].ID) - } -} - -func TestConfigSynthesizer_AllProviders(t *testing.T) { - synth := NewConfigSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - GeminiKey: []config.GeminiKey{ - {APIKey: "gemini-key"}, - }, - ClaudeKey: []config.ClaudeKey{ - {APIKey: "claude-key"}, - }, - CodexKey: []config.CodexKey{ - {APIKey: "codex-key"}, - }, - OpenAICompatibility: []config.OpenAICompatibility{ - {Name: "compat", BaseURL: "https://compat.api"}, - }, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "vertex-key", BaseURL: "https://vertex.api"}, - }, - }, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 5 { - t.Fatalf("expected 5 auths, got %d", len(auths)) - } - - providers := make(map[string]bool) - for _, a := range auths { - providers[a.Provider] = true - } - - expected := []string{"gemini", "claude", "codex", "compat", "vertex"} - for _, p := range expected { - if !providers[p] { - t.Errorf("expected provider %s not found", p) - } - } -} diff --git a/internal/watcher/synthesizer/context.go b/internal/watcher/synthesizer/context.go deleted file mode 100644 index 99e8df7ad0..0000000000 --- a/internal/watcher/synthesizer/context.go +++ /dev/null @@ -1,19 +0,0 @@ -package synthesizer - -import ( - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" -) - -// SynthesisContext provides the context needed for auth synthesis. -type SynthesisContext struct { - // Config is the current configuration - Config *config.Config - // AuthDir is the directory containing auth files - AuthDir string - // Now is the current time for timestamps - Now time.Time - // IDGenerator generates stable IDs for auth entries - IDGenerator *StableIDGenerator -} diff --git a/internal/watcher/synthesizer/file.go b/internal/watcher/synthesizer/file.go deleted file mode 100644 index 4413f22050..0000000000 --- a/internal/watcher/synthesizer/file.go +++ /dev/null @@ -1,298 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "fmt" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/runtime/geminicli" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -// FileSynthesizer generates Auth entries from OAuth JSON files. -// It handles file-based authentication and Gemini virtual auth generation. -type FileSynthesizer struct{} - -// NewFileSynthesizer creates a new FileSynthesizer instance. -func NewFileSynthesizer() *FileSynthesizer { - return &FileSynthesizer{} -} - -// Synthesize generates Auth entries from auth files in the auth directory. -func (s *FileSynthesizer) Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) { - out := make([]*coreauth.Auth, 0, 16) - if ctx == nil || ctx.AuthDir == "" { - return out, nil - } - - entries, err := os.ReadDir(ctx.AuthDir) - if err != nil { - // Not an error if directory doesn't exist - return out, nil - } - - now := ctx.Now - cfg := ctx.Config - - for _, e := range entries { - if e.IsDir() { - continue - } - name := e.Name() - if !strings.HasSuffix(strings.ToLower(name), ".json") { - continue - } - full := filepath.Join(ctx.AuthDir, name) - data, errRead := os.ReadFile(full) - if errRead != nil || len(data) == 0 { - continue - } - var metadata map[string]any - if errUnmarshal := json.Unmarshal(data, &metadata); errUnmarshal != nil { - continue - } - t, _ := metadata["type"].(string) - if t == "" { - continue - } - provider := strings.ToLower(t) - if provider == "gemini" { - provider = "gemini-cli" - } - label := provider - if email, _ := metadata["email"].(string); email != "" { - label = email - } - // Use relative path under authDir as ID to stay consistent with the file-based token store - id := full - if rel, errRel := filepath.Rel(ctx.AuthDir, full); errRel == nil && rel != "" { - id = rel - } - - proxyURL := "" - if p, ok := metadata["proxy_url"].(string); ok { - proxyURL = p - } - - prefix := "" - if rawPrefix, ok := metadata["prefix"].(string); ok { - trimmed := strings.TrimSpace(rawPrefix) - trimmed = strings.Trim(trimmed, "/") - if trimmed != "" && !strings.Contains(trimmed, "/") { - prefix = trimmed - } - } - - disabled, _ := metadata["disabled"].(bool) - status := coreauth.StatusActive - if disabled { - status = coreauth.StatusDisabled - } - - // Read per-account excluded models from the OAuth JSON file - perAccountExcluded := extractExcludedModelsFromMetadata(metadata) - - a := &coreauth.Auth{ - ID: id, - Provider: provider, - Label: label, - Prefix: prefix, - Status: status, - Disabled: disabled, - Attributes: map[string]string{ - "source": full, - "path": full, - }, - ProxyURL: proxyURL, - Metadata: metadata, - CreatedAt: now, - UpdatedAt: now, - } - // Read priority from auth file - if rawPriority, ok := metadata["priority"]; ok { - switch v := rawPriority.(type) { - case float64: - a.Attributes["priority"] = strconv.Itoa(int(v)) - case string: - priority := strings.TrimSpace(v) - if _, errAtoi := strconv.Atoi(priority); errAtoi == nil { - a.Attributes["priority"] = priority - } - } - } - ApplyAuthExcludedModelsMeta(a, cfg, perAccountExcluded, "oauth") - if provider == "gemini-cli" { - if virtuals := SynthesizeGeminiVirtualAuths(a, metadata, now); len(virtuals) > 0 { - for _, v := range virtuals { - ApplyAuthExcludedModelsMeta(v, cfg, perAccountExcluded, "oauth") - } - out = append(out, a) - out = append(out, virtuals...) - continue - } - } - out = append(out, a) - } - return out, nil -} - -// SynthesizeGeminiVirtualAuths creates virtual Auth entries for multi-project Gemini credentials. -// It disables the primary auth and creates one virtual auth per project. -func SynthesizeGeminiVirtualAuths(primary *coreauth.Auth, metadata map[string]any, now time.Time) []*coreauth.Auth { - if primary == nil || metadata == nil { - return nil - } - projects := splitGeminiProjectIDs(metadata) - if len(projects) <= 1 { - return nil - } - email, _ := metadata["email"].(string) - shared := geminicli.NewSharedCredential(primary.ID, email, metadata, projects) - primary.Disabled = true - primary.Status = coreauth.StatusDisabled - primary.Runtime = shared - if primary.Attributes == nil { - primary.Attributes = make(map[string]string) - } - primary.Attributes["gemini_virtual_primary"] = "true" - primary.Attributes["virtual_children"] = strings.Join(projects, ",") - source := primary.Attributes["source"] - authPath := primary.Attributes["path"] - originalProvider := primary.Provider - if originalProvider == "" { - originalProvider = "gemini-cli" - } - label := primary.Label - if label == "" { - label = originalProvider - } - virtuals := make([]*coreauth.Auth, 0, len(projects)) - for _, projectID := range projects { - attrs := map[string]string{ - "runtime_only": "true", - "gemini_virtual_parent": primary.ID, - "gemini_virtual_project": projectID, - } - if source != "" { - attrs["source"] = source - } - if authPath != "" { - attrs["path"] = authPath - } - // Propagate priority from primary auth to virtual auths - if priorityVal, hasPriority := primary.Attributes["priority"]; hasPriority && priorityVal != "" { - attrs["priority"] = priorityVal - } - metadataCopy := map[string]any{ - "email": email, - "project_id": projectID, - "virtual": true, - "virtual_parent_id": primary.ID, - "type": metadata["type"], - } - if v, ok := metadata["disable_cooling"]; ok { - metadataCopy["disable_cooling"] = v - } else if v, ok := metadata["disable-cooling"]; ok { - metadataCopy["disable_cooling"] = v - } - if v, ok := metadata["request_retry"]; ok { - metadataCopy["request_retry"] = v - } else if v, ok := metadata["request-retry"]; ok { - metadataCopy["request_retry"] = v - } - proxy := strings.TrimSpace(primary.ProxyURL) - if proxy != "" { - metadataCopy["proxy_url"] = proxy - } - virtual := &coreauth.Auth{ - ID: buildGeminiVirtualID(primary.ID, projectID), - Provider: originalProvider, - Label: fmt.Sprintf("%s [%s]", label, projectID), - Status: coreauth.StatusActive, - Attributes: attrs, - Metadata: metadataCopy, - ProxyURL: primary.ProxyURL, - Prefix: primary.Prefix, - CreatedAt: primary.CreatedAt, - UpdatedAt: primary.UpdatedAt, - Runtime: geminicli.NewVirtualCredential(projectID, shared), - } - virtuals = append(virtuals, virtual) - } - return virtuals -} - -// splitGeminiProjectIDs extracts and deduplicates project IDs from metadata. -func splitGeminiProjectIDs(metadata map[string]any) []string { - raw, _ := metadata["project_id"].(string) - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return nil - } - parts := strings.Split(trimmed, ",") - result := make([]string, 0, len(parts)) - seen := make(map[string]struct{}, len(parts)) - for _, part := range parts { - id := strings.TrimSpace(part) - if id == "" { - continue - } - if _, ok := seen[id]; ok { - continue - } - seen[id] = struct{}{} - result = append(result, id) - } - return result -} - -// buildGeminiVirtualID constructs a virtual auth ID from base ID and project ID. -func buildGeminiVirtualID(baseID, projectID string) string { - project := strings.TrimSpace(projectID) - if project == "" { - project = "project" - } - replacer := strings.NewReplacer("/", "_", "\\", "_", " ", "_") - return fmt.Sprintf("%s::%s", baseID, replacer.Replace(project)) -} - -// extractExcludedModelsFromMetadata reads per-account excluded models from the OAuth JSON metadata. -// Supports both "excluded_models" and "excluded-models" keys, and accepts both []string and []interface{}. -func extractExcludedModelsFromMetadata(metadata map[string]any) []string { - if metadata == nil { - return nil - } - // Try both key formats - raw, ok := metadata["excluded_models"] - if !ok { - raw, ok = metadata["excluded-models"] - } - if !ok || raw == nil { - return nil - } - var stringSlice []string - switch v := raw.(type) { - case []string: - stringSlice = v - case []interface{}: - stringSlice = make([]string, 0, len(v)) - for _, item := range v { - if s, ok := item.(string); ok { - stringSlice = append(stringSlice, s) - } - } - default: - return nil - } - result := make([]string, 0, len(stringSlice)) - for _, s := range stringSlice { - if trimmed := strings.TrimSpace(s); trimmed != "" { - result = append(result, trimmed) - } - } - return result -} diff --git a/internal/watcher/synthesizer/file_test.go b/internal/watcher/synthesizer/file_test.go deleted file mode 100644 index c169ab4817..0000000000 --- a/internal/watcher/synthesizer/file_test.go +++ /dev/null @@ -1,746 +0,0 @@ -package synthesizer - -import ( - "encoding/json" - "os" - "path/filepath" - "strings" - "testing" - "time" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -func TestNewFileSynthesizer(t *testing.T) { - synth := NewFileSynthesizer() - if synth == nil { - t.Fatal("expected non-nil synthesizer") - } -} - -func TestFileSynthesizer_Synthesize_NilContext(t *testing.T) { - synth := NewFileSynthesizer() - auths, err := synth.Synthesize(nil) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_EmptyAuthDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_NonExistentDir(t *testing.T) { - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: "/non/existent/path", - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 0 { - t.Fatalf("expected empty auths, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_ValidAuthFile(t *testing.T) { - tempDir := t.TempDir() - - // Create a valid auth file - authData := map[string]any{ - "type": "claude", - "email": "test@example.com", - "proxy_url": "http://proxy.local", - "prefix": "test-prefix", - "disable_cooling": true, - "request_retry": 2, - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "claude-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "claude" { - t.Errorf("expected provider claude, got %s", auths[0].Provider) - } - if auths[0].Label != "test@example.com" { - t.Errorf("expected label test@example.com, got %s", auths[0].Label) - } - if auths[0].Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", auths[0].Prefix) - } - if auths[0].ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", auths[0].ProxyURL) - } - if v, ok := auths[0].Metadata["disable_cooling"].(bool); !ok || !v { - t.Errorf("expected disable_cooling true, got %v", auths[0].Metadata["disable_cooling"]) - } - if v, ok := auths[0].Metadata["request_retry"].(float64); !ok || int(v) != 2 { - t.Errorf("expected request_retry 2, got %v", auths[0].Metadata["request_retry"]) - } - if auths[0].Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", auths[0].Status) - } -} - -func TestFileSynthesizer_Synthesize_GeminiProviderMapping(t *testing.T) { - tempDir := t.TempDir() - - // Gemini type should be mapped to gemini-cli - authData := map[string]any{ - "type": "gemini", - "email": "gemini@example.com", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - if auths[0].Provider != "gemini-cli" { - t.Errorf("gemini should be mapped to gemini-cli, got %s", auths[0].Provider) - } -} - -func TestFileSynthesizer_Synthesize_SkipsInvalidFiles(t *testing.T) { - tempDir := t.TempDir() - - // Create various invalid files - _ = os.WriteFile(filepath.Join(tempDir, "not-json.txt"), []byte("text content"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "invalid.json"), []byte("not valid json"), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "empty.json"), []byte(""), 0644) - _ = os.WriteFile(filepath.Join(tempDir, "no-type.json"), []byte(`{"email": "test@example.com"}`), 0644) - - // Create one valid file - validData, _ := json.Marshal(map[string]any{"type": "claude", "email": "valid@example.com"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("only valid auth file should be processed, got %d", len(auths)) - } - if auths[0].Label != "valid@example.com" { - t.Errorf("expected label valid@example.com, got %s", auths[0].Label) - } -} - -func TestFileSynthesizer_Synthesize_SkipsDirectories(t *testing.T) { - tempDir := t.TempDir() - - // Create a subdirectory with a json file inside - subDir := filepath.Join(tempDir, "subdir.json") - err := os.Mkdir(subDir, 0755) - if err != nil { - t.Fatalf("failed to create subdir: %v", err) - } - - // Create a valid file in root - validData, _ := json.Marshal(map[string]any{"type": "claude"}) - _ = os.WriteFile(filepath.Join(tempDir, "valid.json"), validData, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } -} - -func TestFileSynthesizer_Synthesize_RelativeID(t *testing.T) { - tempDir := t.TempDir() - - authData := map[string]any{"type": "claude"} - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "my-auth.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - // ID should be relative path - if auths[0].ID != "my-auth.json" { - t.Errorf("expected ID my-auth.json, got %s", auths[0].ID) - } -} - -func TestFileSynthesizer_Synthesize_PrefixValidation(t *testing.T) { - tests := []struct { - name string - prefix string - wantPrefix string - }{ - {"valid prefix", "myprefix", "myprefix"}, - {"prefix with slashes trimmed", "/myprefix/", "myprefix"}, - {"prefix with spaces trimmed", " myprefix ", "myprefix"}, - {"prefix with internal slash rejected", "my/prefix", ""}, - {"empty prefix", "", ""}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "prefix": tt.prefix, - } - data, _ := json.Marshal(authData) - _ = os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - if auths[0].Prefix != tt.wantPrefix { - t.Errorf("expected prefix %q, got %q", tt.wantPrefix, auths[0].Prefix) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_PriorityParsing(t *testing.T) { - tests := []struct { - name string - priority any - want string - hasValue bool - }{ - { - name: "string with spaces", - priority: " 10 ", - want: "10", - hasValue: true, - }, - { - name: "number", - priority: 8, - want: "8", - hasValue: true, - }, - { - name: "invalid string", - priority: "1x", - hasValue: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "priority": tt.priority, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - value, ok := auths[0].Attributes["priority"] - if tt.hasValue { - if !ok { - t.Fatal("expected priority attribute to be set") - } - if value != tt.want { - t.Fatalf("expected priority %q, got %q", tt.want, value) - } - return - } - if ok { - t.Fatalf("expected priority attribute to be absent, got %q", value) - } - }) - } -} - -func TestFileSynthesizer_Synthesize_OAuthExcludedModelsMerged(t *testing.T) { - tempDir := t.TempDir() - authData := map[string]any{ - "type": "claude", - "excluded_models": []string{"custom-model", "MODEL-B"}, - } - data, _ := json.Marshal(authData) - errWriteFile := os.WriteFile(filepath.Join(tempDir, "auth.json"), data, 0644) - if errWriteFile != nil { - t.Fatalf("failed to write auth file: %v", errWriteFile) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"shared", "model-b"}, - }, - }, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, errSynthesize := synth.Synthesize(ctx) - if errSynthesize != nil { - t.Fatalf("unexpected error: %v", errSynthesize) - } - if len(auths) != 1 { - t.Fatalf("expected 1 auth, got %d", len(auths)) - } - - got := auths[0].Attributes["excluded_models"] - want := "custom-model,model-b,shared" - if got != want { - t.Fatalf("expected excluded_models %q, got %q", want, got) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilInputs(t *testing.T) { - now := time.Now() - - if SynthesizeGeminiVirtualAuths(nil, nil, now) != nil { - t.Error("expected nil for nil primary") - } - if SynthesizeGeminiVirtualAuths(&coreauth.Auth{}, nil, now) != nil { - t.Error("expected nil for nil metadata") - } - if SynthesizeGeminiVirtualAuths(nil, map[string]any{}, now) != nil { - t.Error("expected nil for nil primary with metadata") - } -} - -func TestSynthesizeGeminiVirtualAuths_SingleProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "test-id", - Provider: "gemini-cli", - Label: "test@example.com", - } - metadata := map[string]any{ - "project_id": "single-project", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - if virtuals != nil { - t.Error("single project should not create virtuals") - } -} - -func TestSynthesizeGeminiVirtualAuths_MultiProject(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Prefix: "test-prefix", - ProxyURL: "http://proxy.local", - Attributes: map[string]string{ - "source": "test-source", - "path": "/path/to/auth", - }, - } - metadata := map[string]any{ - "project_id": "project-a, project-b, project-c", - "email": "test@example.com", - "type": "gemini", - "request_retry": 2, - "disable_cooling": true, - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 3 { - t.Fatalf("expected 3 virtuals, got %d", len(virtuals)) - } - - // Check primary is disabled - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } - if !strings.Contains(primary.Attributes["virtual_children"], "project-a") { - t.Error("expected virtual_children to contain project-a") - } - - // Check virtuals - projectIDs := []string{"project-a", "project-b", "project-c"} - for i, v := range virtuals { - if v.Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli, got %s", v.Provider) - } - if v.Status != coreauth.StatusActive { - t.Errorf("expected status active, got %s", v.Status) - } - if v.Prefix != "test-prefix" { - t.Errorf("expected prefix test-prefix, got %s", v.Prefix) - } - if v.ProxyURL != "http://proxy.local" { - t.Errorf("expected proxy_url http://proxy.local, got %s", v.ProxyURL) - } - if vv, ok := v.Metadata["disable_cooling"].(bool); !ok || !vv { - t.Errorf("expected disable_cooling true, got %v", v.Metadata["disable_cooling"]) - } - if vv, ok := v.Metadata["request_retry"].(int); !ok || vv != 2 { - t.Errorf("expected request_retry 2, got %v", v.Metadata["request_retry"]) - } - if v.Attributes["runtime_only"] != "true" { - t.Error("expected runtime_only=true") - } - if v.Attributes["gemini_virtual_parent"] != "primary-id" { - t.Errorf("expected gemini_virtual_parent=primary-id, got %s", v.Attributes["gemini_virtual_parent"]) - } - if v.Attributes["gemini_virtual_project"] != projectIDs[i] { - t.Errorf("expected gemini_virtual_project=%s, got %s", projectIDs[i], v.Attributes["gemini_virtual_project"]) - } - if !strings.Contains(v.Label, "["+projectIDs[i]+"]") { - t.Errorf("expected label to contain [%s], got %s", projectIDs[i], v.Label) - } - } -} - -func TestSynthesizeGeminiVirtualAuths_EmptyProviderAndLabel(t *testing.T) { - now := time.Now() - // Test with empty Provider and Label to cover fallback branches - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "", // empty provider - should default to gemini-cli - Label: "", // empty label - should default to provider - Attributes: map[string]string{}, - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "user@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - - // Check that empty provider defaults to gemini-cli - if virtuals[0].Provider != "gemini-cli" { - t.Errorf("expected provider gemini-cli (default), got %s", virtuals[0].Provider) - } - // Check that empty label defaults to provider - if !strings.Contains(virtuals[0].Label, "gemini-cli") { - t.Errorf("expected label to contain gemini-cli, got %s", virtuals[0].Label) - } -} - -func TestSynthesizeGeminiVirtualAuths_NilPrimaryAttributes(t *testing.T) { - now := time.Now() - primary := &coreauth.Auth{ - ID: "primary-id", - Provider: "gemini-cli", - Label: "test@example.com", - Attributes: nil, // nil attributes - } - metadata := map[string]any{ - "project_id": "proj-a, proj-b", - "email": "test@example.com", - "type": "gemini", - } - - virtuals := SynthesizeGeminiVirtualAuths(primary, metadata, now) - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtuals, got %d", len(virtuals)) - } - // Nil attributes should be initialized - if primary.Attributes == nil { - t.Error("expected primary.Attributes to be initialized") - } - if primary.Attributes["gemini_virtual_primary"] != "true" { - t.Error("expected gemini_virtual_primary=true") - } -} - -func TestSplitGeminiProjectIDs(t *testing.T) { - tests := []struct { - name string - metadata map[string]any - want []string - }{ - { - name: "single project", - metadata: map[string]any{"project_id": "proj-a"}, - want: []string{"proj-a"}, - }, - { - name: "multiple projects", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-c"}, - want: []string{"proj-a", "proj-b", "proj-c"}, - }, - { - name: "with duplicates", - metadata: map[string]any{"project_id": "proj-a, proj-b, proj-a"}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "with empty parts", - metadata: map[string]any{"project_id": "proj-a, , proj-b, "}, - want: []string{"proj-a", "proj-b"}, - }, - { - name: "empty project_id", - metadata: map[string]any{"project_id": ""}, - want: nil, - }, - { - name: "no project_id", - metadata: map[string]any{}, - want: nil, - }, - { - name: "whitespace only", - metadata: map[string]any{"project_id": " "}, - want: nil, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := splitGeminiProjectIDs(tt.metadata) - if len(got) != len(tt.want) { - t.Fatalf("expected %v, got %v", tt.want, got) - } - for i := range got { - if got[i] != tt.want[i] { - t.Errorf("expected %v, got %v", tt.want, got) - break - } - } - }) - } -} - -func TestFileSynthesizer_Synthesize_MultiProjectGemini(t *testing.T) { - tempDir := t.TempDir() - - // Create a gemini auth file with multiple projects - authData := map[string]any{ - "type": "gemini", - "email": "multi@example.com", - "project_id": "project-a, project-b, project-c", - "priority": " 10 ", - } - data, _ := json.Marshal(authData) - err := os.WriteFile(filepath.Join(tempDir, "gemini-multi.json"), data, 0644) - if err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - synth := NewFileSynthesizer() - ctx := &SynthesisContext{ - Config: &config.Config{}, - AuthDir: tempDir, - Now: time.Now(), - IDGenerator: NewStableIDGenerator(), - } - - auths, err := synth.Synthesize(ctx) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - // Should have 4 auths: 1 primary (disabled) + 3 virtuals - if len(auths) != 4 { - t.Fatalf("expected 4 auths (1 primary + 3 virtuals), got %d", len(auths)) - } - - // First auth should be the primary (disabled) - primary := auths[0] - if !primary.Disabled { - t.Error("expected primary to be disabled") - } - if primary.Status != coreauth.StatusDisabled { - t.Errorf("expected primary status disabled, got %s", primary.Status) - } - if gotPriority := primary.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected primary priority 10, got %q", gotPriority) - } - - // Remaining auths should be virtuals - for i := 1; i < 4; i++ { - v := auths[i] - if v.Status != coreauth.StatusActive { - t.Errorf("expected virtual %d to be active, got %s", i, v.Status) - } - if v.Attributes["gemini_virtual_parent"] != primary.ID { - t.Errorf("expected virtual %d parent to be %s, got %s", i, primary.ID, v.Attributes["gemini_virtual_parent"]) - } - if gotPriority := v.Attributes["priority"]; gotPriority != "10" { - t.Errorf("expected virtual %d priority 10, got %q", i, gotPriority) - } - } -} - -func TestBuildGeminiVirtualID(t *testing.T) { - tests := []struct { - name string - baseID string - projectID string - want string - }{ - { - name: "basic", - baseID: "auth.json", - projectID: "my-project", - want: "auth.json::my-project", - }, - { - name: "with slashes", - baseID: "path/to/auth.json", - projectID: "project/with/slashes", - want: "path/to/auth.json::project_with_slashes", - }, - { - name: "with spaces", - baseID: "auth.json", - projectID: "my project", - want: "auth.json::my_project", - }, - { - name: "empty project", - baseID: "auth.json", - projectID: "", - want: "auth.json::project", - }, - { - name: "whitespace project", - baseID: "auth.json", - projectID: " ", - want: "auth.json::project", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := buildGeminiVirtualID(tt.baseID, tt.projectID) - if got != tt.want { - t.Errorf("expected %q, got %q", tt.want, got) - } - }) - } -} diff --git a/internal/watcher/synthesizer/helpers.go b/internal/watcher/synthesizer/helpers.go deleted file mode 100644 index 17d6a17f7f..0000000000 --- a/internal/watcher/synthesizer/helpers.go +++ /dev/null @@ -1,120 +0,0 @@ -package synthesizer - -import ( - "crypto/sha256" - "encoding/hex" - "fmt" - "sort" - "strings" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/diff" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -// StableIDGenerator generates stable, deterministic IDs for auth entries. -// It uses SHA256 hashing with collision handling via counters. -// It is not safe for concurrent use. -type StableIDGenerator struct { - counters map[string]int -} - -// NewStableIDGenerator creates a new StableIDGenerator instance. -func NewStableIDGenerator() *StableIDGenerator { - return &StableIDGenerator{counters: make(map[string]int)} -} - -// Next generates a stable ID based on the kind and parts. -// Returns the full ID (kind:hash) and the short hash portion. -func (g *StableIDGenerator) Next(kind string, parts ...string) (string, string) { - if g == nil { - return kind + ":000000000000", "000000000000" - } - hasher := sha256.New() - hasher.Write([]byte(kind)) - for _, part := range parts { - trimmed := strings.TrimSpace(part) - hasher.Write([]byte{0}) - hasher.Write([]byte(trimmed)) - } - digest := hex.EncodeToString(hasher.Sum(nil)) - if len(digest) < 12 { - digest = fmt.Sprintf("%012s", digest) - } - short := digest[:12] - key := kind + ":" + short - index := g.counters[key] - g.counters[key] = index + 1 - if index > 0 { - short = fmt.Sprintf("%s-%d", short, index) - } - return fmt.Sprintf("%s:%s", kind, short), short -} - -// ApplyAuthExcludedModelsMeta applies excluded models metadata to an auth entry. -// It computes a hash of excluded models and sets the auth_kind attribute. -// For OAuth entries, perKey (from the JSON file's excluded-models field) is merged -// with the global oauth-excluded-models config for the provider. -func ApplyAuthExcludedModelsMeta(auth *coreauth.Auth, cfg *config.Config, perKey []string, authKind string) { - if auth == nil || cfg == nil { - return - } - authKindKey := strings.ToLower(strings.TrimSpace(authKind)) - seen := make(map[string]struct{}) - add := func(list []string) { - for _, entry := range list { - if trimmed := strings.TrimSpace(entry); trimmed != "" { - key := strings.ToLower(trimmed) - if _, exists := seen[key]; exists { - continue - } - seen[key] = struct{}{} - } - } - } - if authKindKey == "apikey" { - add(perKey) - } else { - // For OAuth: merge per-account excluded models with global provider-level exclusions - add(perKey) - if cfg.OAuthExcludedModels != nil { - providerKey := strings.ToLower(strings.TrimSpace(auth.Provider)) - add(cfg.OAuthExcludedModels[providerKey]) - } - } - combined := make([]string, 0, len(seen)) - for k := range seen { - combined = append(combined, k) - } - sort.Strings(combined) - hash := diff.ComputeExcludedModelsHash(combined) - if auth.Attributes == nil { - auth.Attributes = make(map[string]string) - } - if hash != "" { - auth.Attributes["excluded_models_hash"] = hash - } - // Store the combined excluded models list so that routing can read it at runtime - if len(combined) > 0 { - auth.Attributes["excluded_models"] = strings.Join(combined, ",") - } - if authKind != "" { - auth.Attributes["auth_kind"] = authKind - } -} - -// addConfigHeadersToAttrs adds header configuration to auth attributes. -// Headers are prefixed with "header:" in the attributes map. -func addConfigHeadersToAttrs(headers map[string]string, attrs map[string]string) { - if len(headers) == 0 || attrs == nil { - return - } - for hk, hv := range headers { - key := strings.TrimSpace(hk) - val := strings.TrimSpace(hv) - if key == "" || val == "" { - continue - } - attrs["header:"+key] = val - } -} diff --git a/internal/watcher/synthesizer/helpers_test.go b/internal/watcher/synthesizer/helpers_test.go deleted file mode 100644 index 7c6778245c..0000000000 --- a/internal/watcher/synthesizer/helpers_test.go +++ /dev/null @@ -1,289 +0,0 @@ -package synthesizer - -import ( - "reflect" - "strings" - "testing" - - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/diff" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -func TestNewStableIDGenerator(t *testing.T) { - gen := NewStableIDGenerator() - if gen == nil { - t.Fatal("expected non-nil generator") - } - if gen.counters == nil { - t.Fatal("expected non-nil counters map") - } -} - -func TestStableIDGenerator_Next(t *testing.T) { - tests := []struct { - name string - kind string - parts []string - wantPrefix string - }{ - { - name: "basic gemini apikey", - kind: "gemini:apikey", - parts: []string{"test-key", ""}, - wantPrefix: "gemini:apikey:", - }, - { - name: "claude with base url", - kind: "claude:apikey", - parts: []string{"sk-ant-xxx", "https://api.anthropic.com"}, - wantPrefix: "claude:apikey:", - }, - { - name: "empty parts", - kind: "codex:apikey", - parts: []string{}, - wantPrefix: "codex:apikey:", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - gen := NewStableIDGenerator() - id, short := gen.Next(tt.kind, tt.parts...) - - if !strings.Contains(id, tt.wantPrefix) { - t.Errorf("expected id to contain %q, got %q", tt.wantPrefix, id) - } - if short == "" { - t.Error("expected non-empty short id") - } - if len(short) != 12 { - t.Errorf("expected short id length 12, got %d", len(short)) - } - }) - } -} - -func TestStableIDGenerator_Stability(t *testing.T) { - gen1 := NewStableIDGenerator() - gen2 := NewStableIDGenerator() - - id1, _ := gen1.Next("gemini:apikey", "test-key", "https://api.example.com") - id2, _ := gen2.Next("gemini:apikey", "test-key", "https://api.example.com") - - if id1 != id2 { - t.Errorf("same inputs should produce same ID: got %q and %q", id1, id2) - } -} - -func TestStableIDGenerator_CollisionHandling(t *testing.T) { - gen := NewStableIDGenerator() - - id1, short1 := gen.Next("gemini:apikey", "same-key") - id2, short2 := gen.Next("gemini:apikey", "same-key") - - if id1 == id2 { - t.Error("collision should be handled with suffix") - } - if short1 == short2 { - t.Error("short ids should differ") - } - if !strings.Contains(short2, "-1") { - t.Errorf("second short id should contain -1 suffix, got %q", short2) - } -} - -func TestStableIDGenerator_NilReceiver(t *testing.T) { - var gen *StableIDGenerator = nil - id, short := gen.Next("test:kind", "part") - - if id != "test:kind:000000000000" { - t.Errorf("expected test:kind:000000000000, got %q", id) - } - if short != "000000000000" { - t.Errorf("expected 000000000000, got %q", short) - } -} - -func TestApplyAuthExcludedModelsMeta(t *testing.T) { - tests := []struct { - name string - auth *coreauth.Auth - cfg *config.Config - perKey []string - authKind string - wantHash bool - wantKind string - }{ - { - name: "apikey with excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "model-b"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "oauth with provider excluded models", - auth: &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - }, - cfg: &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"claude-2.0"}, - }, - }, - perKey: nil, - authKind: "oauth", - wantHash: true, - wantKind: "oauth", - }, - { - name: "nil auth", - auth: nil, - cfg: &config.Config{}, - }, - { - name: "nil config", - auth: &coreauth.Auth{Provider: "test"}, - cfg: nil, - authKind: "apikey", - }, - { - name: "nil attributes initialized", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: nil, - }, - cfg: &config.Config{}, - perKey: []string{"model-x"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - { - name: "apikey with duplicate excluded models", - auth: &coreauth.Auth{ - Provider: "gemini", - Attributes: make(map[string]string), - }, - cfg: &config.Config{}, - perKey: []string{"model-a", "MODEL-A", "model-b", "model-a"}, - authKind: "apikey", - wantHash: true, - wantKind: "apikey", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - ApplyAuthExcludedModelsMeta(tt.auth, tt.cfg, tt.perKey, tt.authKind) - - if tt.auth != nil && tt.cfg != nil { - if tt.wantHash { - if _, ok := tt.auth.Attributes["excluded_models_hash"]; !ok { - t.Error("expected excluded_models_hash in attributes") - } - } - if tt.wantKind != "" { - if got := tt.auth.Attributes["auth_kind"]; got != tt.wantKind { - t.Errorf("expected auth_kind=%s, got %s", tt.wantKind, got) - } - } - } - }) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthMergeWritesCombinedModels(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "claude", - Attributes: make(map[string]string), - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "claude": {"global-a", "shared"}, - }, - } - - ApplyAuthExcludedModelsMeta(auth, cfg, []string{"per", "SHARED"}, "oauth") - - const wantCombined = "global-a,per,shared" - if gotCombined := auth.Attributes["excluded_models"]; gotCombined != wantCombined { - t.Fatalf("expected excluded_models=%q, got %q", wantCombined, gotCombined) - } - - expectedHash := diff.ComputeExcludedModelsHash([]string{"global-a", "per", "shared"}) - if gotHash := auth.Attributes["excluded_models_hash"]; gotHash != expectedHash { - t.Fatalf("expected excluded_models_hash=%q, got %q", expectedHash, gotHash) - } -} - -func TestAddConfigHeadersToAttrs(t *testing.T) { - tests := []struct { - name string - headers map[string]string - attrs map[string]string - want map[string]string - }{ - { - name: "basic headers", - headers: map[string]string{ - "Authorization": "Bearer token", - "X-Custom": "value", - }, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{ - "existing": "key", - "header:Authorization": "Bearer token", - "header:X-Custom": "value", - }, - }, - { - name: "empty headers", - headers: map[string]string{}, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil headers", - headers: nil, - attrs: map[string]string{"existing": "key"}, - want: map[string]string{"existing": "key"}, - }, - { - name: "nil attrs", - headers: map[string]string{"key": "value"}, - attrs: nil, - want: nil, - }, - { - name: "skip empty keys and values", - headers: map[string]string{ - "": "value", - "key": "", - " ": "value", - "valid": "valid-value", - }, - attrs: make(map[string]string), - want: map[string]string{ - "header:valid": "valid-value", - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - addConfigHeadersToAttrs(tt.headers, tt.attrs) - if !reflect.DeepEqual(tt.attrs, tt.want) { - t.Errorf("expected %v, got %v", tt.want, tt.attrs) - } - }) - } -} diff --git a/internal/watcher/synthesizer/interface.go b/internal/watcher/synthesizer/interface.go deleted file mode 100644 index 76fbd8756b..0000000000 --- a/internal/watcher/synthesizer/interface.go +++ /dev/null @@ -1,16 +0,0 @@ -// Package synthesizer provides auth synthesis strategies for the watcher package. -// It implements the Strategy pattern to support multiple auth sources: -// - ConfigSynthesizer: generates Auth entries from config API keys -// - FileSynthesizer: generates Auth entries from OAuth JSON files -package synthesizer - -import ( - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -// AuthSynthesizer defines the interface for generating Auth entries from various sources. -type AuthSynthesizer interface { - // Synthesize generates Auth entries from the given context. - // Returns a slice of Auth pointers and any error encountered. - Synthesize(ctx *SynthesisContext) ([]*coreauth.Auth, error) -} diff --git a/internal/watcher/watcher.go b/internal/watcher/watcher.go deleted file mode 100644 index 6fbae5fde0..0000000000 --- a/internal/watcher/watcher.go +++ /dev/null @@ -1,256 +0,0 @@ -// Package watcher watches config/auth files and triggers hot reloads. -// It supports cross-platform fsnotify event handling. -package watcher - -import ( - "context" - "strings" - "sync" - "time" - - "github.com/fsnotify/fsnotify" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "gopkg.in/yaml.v3" - - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - log "github.com/sirupsen/logrus" -) - -// storePersister captures persistence-capable token store methods used by the watcher. -type storePersister interface { - PersistConfig(ctx context.Context) error - PersistAuthFiles(ctx context.Context, message string, paths ...string) error -} - -type authDirProvider interface { - AuthDir() string -} - -// Watcher manages file watching for configuration and authentication files -type Watcher struct { - configPath string - authDir string - config *config.Config - clientsMutex sync.RWMutex - configReloadMu sync.Mutex - configReloadTimer *time.Timer - reloadCallback func(*config.Config) - watcher *fsnotify.Watcher - lastAuthHashes map[string]string - lastAuthContents map[string]*coreauth.Auth - lastRemoveTimes map[string]time.Time - lastConfigHash string - authQueue chan<- AuthUpdate - currentAuths map[string]*coreauth.Auth - runtimeAuths map[string]*coreauth.Auth - dispatchMu sync.Mutex - dispatchCond *sync.Cond - pendingUpdates map[string]AuthUpdate - pendingOrder []string - dispatchCancel context.CancelFunc - storePersister storePersister - mirroredAuthDir string - oldConfigYaml []byte -} - -// AuthUpdateAction represents the type of change detected in auth sources. -type AuthUpdateAction string - -const ( - AuthUpdateActionAdd AuthUpdateAction = "add" - AuthUpdateActionModify AuthUpdateAction = "modify" - AuthUpdateActionDelete AuthUpdateAction = "delete" -) - -// AuthUpdate describes an incremental change to auth configuration. -type AuthUpdate struct { - Action AuthUpdateAction - ID string - Auth *coreauth.Auth -} - -const ( - // replaceCheckDelay is a short delay to allow atomic replace (rename) to settle - // before deciding whether a Remove event indicates a real deletion. - replaceCheckDelay = 50 * time.Millisecond - configReloadDebounce = 150 * time.Millisecond - authRemoveDebounceWindow = 1 * time.Second -) - -// NewWatcher creates a new file watcher instance -func NewWatcher(configPath, authDir string, reloadCallback func(*config.Config)) (*Watcher, error) { - watcher, errNewWatcher := fsnotify.NewWatcher() - if errNewWatcher != nil { - return nil, errNewWatcher - } - w := &Watcher{ - configPath: configPath, - authDir: authDir, - reloadCallback: reloadCallback, - watcher: watcher, - lastAuthHashes: make(map[string]string), - } - w.dispatchCond = sync.NewCond(&w.dispatchMu) - if store := sdkAuth.GetTokenStore(); store != nil { - if persister, ok := store.(storePersister); ok { - w.storePersister = persister - log.Debug("persistence-capable token store detected; watcher will propagate persisted changes") - } - if provider, ok := store.(authDirProvider); ok { - if fixed := strings.TrimSpace(provider.AuthDir()); fixed != "" { - w.mirroredAuthDir = fixed - log.Debugf("mirrored auth directory locked to %s", fixed) - } - } - } - return w, nil -} - -// Start begins watching the configuration file and authentication directory -func (w *Watcher) Start(ctx context.Context) error { - return w.start(ctx) -} - -// Stop stops the file watcher -func (w *Watcher) Stop() error { - w.stopDispatch() - w.stopConfigReloadTimer() - return w.watcher.Close() -} - -// SetConfig updates the current configuration -func (w *Watcher) SetConfig(cfg *config.Config) { - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - w.config = cfg - w.oldConfigYaml, _ = yaml.Marshal(cfg) -} - -// SetAuthUpdateQueue sets the queue used to emit auth updates. -func (w *Watcher) SetAuthUpdateQueue(queue chan<- AuthUpdate) { - w.setAuthUpdateQueue(queue) -} - -// DispatchRuntimeAuthUpdate allows external runtime providers (e.g., websocket-driven auths) -// to push auth updates through the same queue used by file/config watchers. -// Returns true if the update was enqueued; false if no queue is configured. -func (w *Watcher) DispatchRuntimeAuthUpdate(update AuthUpdate) bool { - return w.dispatchRuntimeAuthUpdate(update) -} - -// SnapshotCoreAuths converts current clients snapshot into core auth entries. -func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth { - w.clientsMutex.RLock() - cfg := w.config - w.clientsMutex.RUnlock() - return snapshotCoreAuths(cfg, w.authDir) -} - -// NotifyTokenRefreshed 处理后台刷新器的 token 更新通知 -// 当后台刷新器成功刷新 token 后调用此方法,更新内存中的 Auth 对象 -// tokenID: token 文件名(如 kiro-xxx.json) -// accessToken: 新的 access token -// refreshToken: 新的 refresh token -// expiresAt: 新的过期时间 -func (w *Watcher) NotifyTokenRefreshed(tokenID, accessToken, refreshToken, expiresAt string) { - if w == nil { - return - } - - w.clientsMutex.Lock() - defer w.clientsMutex.Unlock() - - // 遍历 currentAuths,找到匹配的 Auth 并更新 - updated := false - for id, auth := range w.currentAuths { - if auth == nil || auth.Metadata == nil { - continue - } - - // 检查是否是 kiro 类型的 auth - authType, _ := auth.Metadata["type"].(string) - if authType != "kiro" { - continue - } - - // 多种匹配方式,解决不同来源的 auth 对象字段差异 - matched := false - - // 1. 通过 auth.ID 匹配(ID 可能包含文件名) - if !matched && auth.ID != "" { - if auth.ID == tokenID || strings.HasSuffix(auth.ID, "/"+tokenID) || strings.HasSuffix(auth.ID, "\\"+tokenID) { - matched = true - } - // ID 可能是 "kiro-xxx" 格式(无扩展名),tokenID 是 "kiro-xxx.json" - if !matched && strings.TrimSuffix(tokenID, ".json") == auth.ID { - matched = true - } - } - - // 2. 通过 auth.Attributes["path"] 匹配 - if !matched && auth.Attributes != nil { - if authPath := auth.Attributes["path"]; authPath != "" { - // 提取文件名部分进行比较 - pathBase := authPath - if idx := strings.LastIndexAny(authPath, "/\\"); idx >= 0 { - pathBase = authPath[idx+1:] - } - if pathBase == tokenID || strings.TrimSuffix(pathBase, ".json") == strings.TrimSuffix(tokenID, ".json") { - matched = true - } - } - } - - // 3. 通过 auth.FileName 匹配(原有逻辑) - if !matched && auth.FileName != "" { - if auth.FileName == tokenID || strings.HasSuffix(auth.FileName, "/"+tokenID) || strings.HasSuffix(auth.FileName, "\\"+tokenID) { - matched = true - } - } - - if matched { - // 更新内存中的 token - auth.Metadata["access_token"] = accessToken - auth.Metadata["refresh_token"] = refreshToken - auth.Metadata["expires_at"] = expiresAt - auth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - auth.UpdatedAt = time.Now() - auth.LastRefreshedAt = time.Now() - - log.Infof("watcher: updated in-memory auth for token %s (auth ID: %s)", tokenID, id) - updated = true - - // 同时更新 runtimeAuths 中的副本(如果存在) - if w.runtimeAuths != nil { - if runtimeAuth, ok := w.runtimeAuths[id]; ok && runtimeAuth != nil { - if runtimeAuth.Metadata == nil { - runtimeAuth.Metadata = make(map[string]any) - } - runtimeAuth.Metadata["access_token"] = accessToken - runtimeAuth.Metadata["refresh_token"] = refreshToken - runtimeAuth.Metadata["expires_at"] = expiresAt - runtimeAuth.Metadata["last_refresh"] = time.Now().Format(time.RFC3339) - runtimeAuth.UpdatedAt = time.Now() - runtimeAuth.LastRefreshedAt = time.Now() - } - } - - // 发送更新通知到 authQueue - if w.authQueue != nil { - go func(authClone *coreauth.Auth) { - update := AuthUpdate{ - Action: AuthUpdateActionModify, - ID: authClone.ID, - Auth: authClone, - } - w.dispatchAuthUpdates([]AuthUpdate{update}) - }(auth.Clone()) - } - } - } - - if !updated { - log.Debugf("watcher: no matching auth found for token %s, will be picked up on next file scan", tokenID) - } -} diff --git a/internal/watcher/watcher_test.go b/internal/watcher/watcher_test.go deleted file mode 100644 index 0d203efa3f..0000000000 --- a/internal/watcher/watcher_test.go +++ /dev/null @@ -1,1490 +0,0 @@ -package watcher - -import ( - "context" - "crypto/sha256" - "encoding/json" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - "sync/atomic" - "testing" - "time" - - "github.com/fsnotify/fsnotify" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/diff" - "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher/synthesizer" - sdkAuth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/auth" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" - "gopkg.in/yaml.v3" -) - -func TestApplyAuthExcludedModelsMeta_APIKey(t *testing.T) { - auth := &coreauth.Auth{Attributes: map[string]string{}} - cfg := &config.Config{} - perKey := []string{" Model-1 ", "model-2"} - - synthesizer.ApplyAuthExcludedModelsMeta(auth, cfg, perKey, "apikey") - - expected := diff.ComputeExcludedModelsHash([]string{"model-1", "model-2"}) - if got := auth.Attributes["excluded_models_hash"]; got != expected { - t.Fatalf("expected hash %s, got %s", expected, got) - } - if got := auth.Attributes["auth_kind"]; got != "apikey" { - t.Fatalf("expected auth_kind=apikey, got %s", got) - } -} - -func TestApplyAuthExcludedModelsMeta_OAuthProvider(t *testing.T) { - auth := &coreauth.Auth{ - Provider: "TestProv", - Attributes: map[string]string{}, - } - cfg := &config.Config{ - OAuthExcludedModels: map[string][]string{ - "testprov": {"A", "b"}, - }, - } - - synthesizer.ApplyAuthExcludedModelsMeta(auth, cfg, nil, "oauth") - - expected := diff.ComputeExcludedModelsHash([]string{"a", "b"}) - if got := auth.Attributes["excluded_models_hash"]; got != expected { - t.Fatalf("expected hash %s, got %s", expected, got) - } - if got := auth.Attributes["auth_kind"]; got != "oauth" { - t.Fatalf("expected auth_kind=oauth, got %s", got) - } -} - -func TestBuildAPIKeyClientsCounts(t *testing.T) { - cfg := &config.Config{ - GeminiKey: []config.GeminiKey{{APIKey: "g1"}, {APIKey: "g2"}}, - VertexCompatAPIKey: []config.VertexCompatKey{ - {APIKey: "v1"}, - }, - ClaudeKey: []config.ClaudeKey{{APIKey: "c1"}}, - CodexKey: []config.CodexKey{{APIKey: "x1"}, {APIKey: "x2"}}, - OpenAICompatibility: []config.OpenAICompatibility{ - {APIKeyEntries: []config.OpenAICompatibilityAPIKey{{APIKey: "o1"}, {APIKey: "o2"}}}, - }, - } - - gemini, vertex, claude, codex, compat := BuildAPIKeyClients(cfg) - if gemini != 2 || vertex != 1 || claude != 1 || codex != 2 || compat != 2 { - t.Fatalf("unexpected counts: %d %d %d %d %d", gemini, vertex, claude, codex, compat) - } -} - -func TestNormalizeAuthStripsTemporalFields(t *testing.T) { - now := time.Now() - auth := &coreauth.Auth{ - CreatedAt: now, - UpdatedAt: now, - LastRefreshedAt: now, - NextRefreshAfter: now, - Quota: coreauth.QuotaState{ - NextRecoverAt: now, - }, - Runtime: map[string]any{"k": "v"}, - } - - normalized := normalizeAuth(auth) - if !normalized.CreatedAt.IsZero() || !normalized.UpdatedAt.IsZero() || !normalized.LastRefreshedAt.IsZero() || !normalized.NextRefreshAfter.IsZero() { - t.Fatal("expected time fields to be zeroed") - } - if normalized.Runtime != nil { - t.Fatal("expected runtime to be nil") - } - if !normalized.Quota.NextRecoverAt.IsZero() { - t.Fatal("expected quota.NextRecoverAt to be zeroed") - } -} - -func TestMatchProvider(t *testing.T) { - if _, ok := matchProvider("OpenAI", []string{"openai", "claude"}); !ok { - t.Fatal("expected match to succeed ignoring case") - } - if _, ok := matchProvider("missing", []string{"openai"}); ok { - t.Fatal("expected match to fail for unknown provider") - } -} - -func TestSnapshotCoreAuths_ConfigAndAuthFiles(t *testing.T) { - authDir := t.TempDir() - metadata := map[string]any{ - "type": "gemini", - "email": "user@example.com", - "project_id": "proj-a, proj-b", - "proxy_url": "https://proxy", - } - authFile := filepath.Join(authDir, "gemini.json") - data, err := json.Marshal(metadata) - if err != nil { - t.Fatalf("failed to marshal metadata: %v", err) - } - if err = os.WriteFile(authFile, data, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - cfg := &config.Config{ - AuthDir: authDir, - GeminiKey: []config.GeminiKey{ - { - APIKey: "g-key", - BaseURL: "https://gemini", - ExcludedModels: []string{"Model-A", "model-b"}, - Headers: map[string]string{"X-Req": "1"}, - }, - }, - OAuthExcludedModels: map[string][]string{ - "gemini-cli": {"Foo", "bar"}, - }, - } - - w := &Watcher{authDir: authDir} - w.SetConfig(cfg) - - auths := w.SnapshotCoreAuths() - if len(auths) != 4 { - t.Fatalf("expected 4 auth entries (1 config + 1 primary + 2 virtual), got %d", len(auths)) - } - - var geminiAPIKeyAuth *coreauth.Auth - var geminiPrimary *coreauth.Auth - virtuals := make([]*coreauth.Auth, 0) - for _, a := range auths { - switch { - case a.Provider == "gemini" && a.Attributes["api_key"] == "g-key": - geminiAPIKeyAuth = a - case a.Attributes["gemini_virtual_primary"] == "true": - geminiPrimary = a - case strings.TrimSpace(a.Attributes["gemini_virtual_parent"]) != "": - virtuals = append(virtuals, a) - } - } - if geminiAPIKeyAuth == nil { - t.Fatal("expected synthesized Gemini API key auth") - } - expectedAPIKeyHash := diff.ComputeExcludedModelsHash([]string{"Model-A", "model-b"}) - if geminiAPIKeyAuth.Attributes["excluded_models_hash"] != expectedAPIKeyHash { - t.Fatalf("expected API key excluded hash %s, got %s", expectedAPIKeyHash, geminiAPIKeyAuth.Attributes["excluded_models_hash"]) - } - if geminiAPIKeyAuth.Attributes["auth_kind"] != "apikey" { - t.Fatalf("expected auth_kind=apikey, got %s", geminiAPIKeyAuth.Attributes["auth_kind"]) - } - - if geminiPrimary == nil { - t.Fatal("expected primary gemini-cli auth from file") - } - if !geminiPrimary.Disabled || geminiPrimary.Status != coreauth.StatusDisabled { - t.Fatal("expected primary gemini-cli auth to be disabled when virtual auths are synthesized") - } - expectedOAuthHash := diff.ComputeExcludedModelsHash([]string{"Foo", "bar"}) - if geminiPrimary.Attributes["excluded_models_hash"] != expectedOAuthHash { - t.Fatalf("expected OAuth excluded hash %s, got %s", expectedOAuthHash, geminiPrimary.Attributes["excluded_models_hash"]) - } - if geminiPrimary.Attributes["auth_kind"] != "oauth" { - t.Fatalf("expected auth_kind=oauth, got %s", geminiPrimary.Attributes["auth_kind"]) - } - - if len(virtuals) != 2 { - t.Fatalf("expected 2 virtual auths, got %d", len(virtuals)) - } - for _, v := range virtuals { - if v.Attributes["gemini_virtual_parent"] != geminiPrimary.ID { - t.Fatalf("virtual auth missing parent link to %s", geminiPrimary.ID) - } - if v.Attributes["excluded_models_hash"] != expectedOAuthHash { - t.Fatalf("expected virtual excluded hash %s, got %s", expectedOAuthHash, v.Attributes["excluded_models_hash"]) - } - if v.Status != coreauth.StatusActive { - t.Fatalf("expected virtual auth to be active, got %s", v.Status) - } - } -} - -func TestReloadConfigIfChanged_TriggersOnChangeAndSkipsUnchanged(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - configPath := filepath.Join(tmpDir, "config.yaml") - writeConfig := func(port int, allowRemote bool) { - cfg := &config.Config{ - Port: port, - AuthDir: authDir, - RemoteManagement: config.RemoteManagement{ - AllowRemote: allowRemote, - }, - } - data, err := yaml.Marshal(cfg) - if err != nil { - t.Fatalf("failed to marshal config: %v", err) - } - if err = os.WriteFile(configPath, data, 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - } - - writeConfig(8080, false) - - reloads := 0 - w := &Watcher{ - configPath: configPath, - authDir: authDir, - reloadCallback: func(*config.Config) { reloads++ }, - } - - w.reloadConfigIfChanged() - if reloads != 1 { - t.Fatalf("expected first reload to trigger callback once, got %d", reloads) - } - - // Same content should be skipped by hash check. - w.reloadConfigIfChanged() - if reloads != 1 { - t.Fatalf("expected unchanged config to be skipped, callback count %d", reloads) - } - - writeConfig(9090, true) - w.reloadConfigIfChanged() - if reloads != 2 { - t.Fatalf("expected changed config to trigger reload, callback count %d", reloads) - } - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if w.config == nil || w.config.Port != 9090 || !w.config.RemoteManagement.AllowRemote { - t.Fatalf("expected config to be updated after reload, got %+v", w.config) - } -} - -func TestStartAndStopSuccess(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir), 0o644); err != nil { - t.Fatalf("failed to create config file: %v", err) - } - - var reloads int32 - w, err := NewWatcher(configPath, authDir, func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err != nil { - t.Fatalf("expected Start to succeed: %v", err) - } - cancel() - if err := w.Stop(); err != nil { - t.Fatalf("expected Stop to succeed: %v", err) - } - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected one reload callback, got %d", got) - } -} - -func TestStartFailsWhenConfigMissing(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "missing-config.yaml") - - w, err := NewWatcher(configPath, authDir, nil) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - defer w.Stop() - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err == nil { - t.Fatal("expected Start to fail for missing config file") - } -} - -func TestDispatchRuntimeAuthUpdateEnqueuesAndUpdatesState(t *testing.T) { - queue := make(chan AuthUpdate, 4) - w := &Watcher{} - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - auth := &coreauth.Auth{ID: "auth-1", Provider: "test"} - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionAdd, Auth: auth}); !ok { - t.Fatal("expected DispatchRuntimeAuthUpdate to enqueue") - } - - select { - case update := <-queue: - if update.Action != AuthUpdateActionAdd || update.Auth.ID != "auth-1" { - t.Fatalf("unexpected update: %+v", update) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for auth update") - } - - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionDelete, ID: "auth-1"}); !ok { - t.Fatal("expected delete update to enqueue") - } - select { - case update := <-queue: - if update.Action != AuthUpdateActionDelete || update.ID != "auth-1" { - t.Fatalf("unexpected delete update: %+v", update) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for delete update") - } - w.clientsMutex.RLock() - if _, exists := w.runtimeAuths["auth-1"]; exists { - w.clientsMutex.RUnlock() - t.Fatal("expected runtime auth to be cleared after delete") - } - w.clientsMutex.RUnlock() -} - -func TestAddOrUpdateClientSkipsUnchanged(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to create auth file: %v", err) - } - data, _ := os.ReadFile(authFile) - sum := sha256.Sum256(data) - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - // Use normalizeAuthPath to match how addOrUpdateClient stores the key - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - w.addOrUpdateClient(authFile) - if got := atomic.LoadInt32(&reloads); got != 0 { - t.Fatalf("expected no reload for unchanged file, got %d", got) - } -} - -func TestAddOrUpdateClientTriggersReloadAndHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo","api_key":"k"}`), 0o644); err != nil { - t.Fatalf("failed to create auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - - w.addOrUpdateClient(authFile) - - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected reload callback once, got %d", got) - } - // Use normalizeAuthPath to match how addOrUpdateClient stores the key - normalized := w.normalizeAuthPath(authFile) - if _, ok := w.lastAuthHashes[normalized]; !ok { - t.Fatalf("expected hash to be stored for %s", normalized) - } -} - -func TestRemoveClientRemovesHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - var reloads int32 - - w := &Watcher{ - authDir: tmpDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - w.SetConfig(&config.Config{AuthDir: tmpDir}) - // Use normalizeAuthPath to set up the hash with the correct key format - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.removeClient(authFile) - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected hash to be removed after deletion") - } - if got := atomic.LoadInt32(&reloads); got != 1 { - t.Fatalf("expected reload callback once, got %d", got) - } -} - -func TestShouldDebounceRemove(t *testing.T) { - w := &Watcher{} - path := filepath.Clean("test.json") - - if w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("first call should not debounce") - } - if !w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("second call within window should debounce") - } - - w.clientsMutex.Lock() - w.lastRemoveTimes = map[string]time.Time{path: time.Now().Add(-2 * authRemoveDebounceWindow)} - w.clientsMutex.Unlock() - - if w.shouldDebounceRemove(path, time.Now()) { - t.Fatal("call after window should not debounce") - } -} - -func TestAuthFileUnchangedUsesHash(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "sample.json") - content := []byte(`{"type":"demo"}`) - if err := os.WriteFile(authFile, content, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - w := &Watcher{lastAuthHashes: make(map[string]string)} - unchanged, err := w.authFileUnchanged(authFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if unchanged { - t.Fatal("expected first check to report changed") - } - - sum := sha256.Sum256(content) - // Use normalizeAuthPath to match how authFileUnchanged looks up the key - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - unchanged, err = w.authFileUnchanged(authFile) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if !unchanged { - t.Fatal("expected hash match to report unchanged") - } -} - -func TestAuthFileUnchangedEmptyAndMissing(t *testing.T) { - tmpDir := t.TempDir() - emptyFile := filepath.Join(tmpDir, "empty.json") - if err := os.WriteFile(emptyFile, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty auth file: %v", err) - } - - w := &Watcher{lastAuthHashes: make(map[string]string)} - unchanged, err := w.authFileUnchanged(emptyFile) - if err != nil { - t.Fatalf("unexpected error for empty file: %v", err) - } - if unchanged { - t.Fatal("expected empty file to be treated as changed") - } - - _, err = w.authFileUnchanged(filepath.Join(tmpDir, "missing.json")) - if err == nil { - t.Fatal("expected error for missing auth file") - } -} - -func TestReloadClientsCachesAuthHashes(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "one.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - w := &Watcher{ - authDir: tmpDir, - config: &config.Config{AuthDir: tmpDir}, - } - - w.reloadClients(true, nil, false) - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if len(w.lastAuthHashes) != 1 { - t.Fatalf("expected hash cache for one auth file, got %d", len(w.lastAuthHashes)) - } -} - -func TestReloadClientsLogsConfigDiffs(t *testing.T) { - tmpDir := t.TempDir() - oldCfg := &config.Config{AuthDir: tmpDir, Port: 1, Debug: false} - newCfg := &config.Config{AuthDir: tmpDir, Port: 2, Debug: true} - - w := &Watcher{ - authDir: tmpDir, - config: oldCfg, - } - w.SetConfig(oldCfg) - w.oldConfigYaml, _ = yaml.Marshal(oldCfg) - - w.clientsMutex.Lock() - w.config = newCfg - w.clientsMutex.Unlock() - - w.reloadClients(false, nil, false) -} - -func TestReloadClientsHandlesNilConfig(t *testing.T) { - w := &Watcher{} - w.reloadClients(true, nil, false) -} - -func TestReloadClientsFiltersProvidersWithNilCurrentAuths(t *testing.T) { - tmp := t.TempDir() - w := &Watcher{ - authDir: tmp, - config: &config.Config{AuthDir: tmp}, - } - w.reloadClients(false, []string{"match"}, false) - if w.currentAuths != nil && len(w.currentAuths) != 0 { - t.Fatalf("expected currentAuths to be nil or empty, got %d", len(w.currentAuths)) - } -} - -func TestSetAuthUpdateQueueNilResetsDispatch(t *testing.T) { - w := &Watcher{} - queue := make(chan AuthUpdate, 1) - w.SetAuthUpdateQueue(queue) - if w.dispatchCond == nil || w.dispatchCancel == nil { - t.Fatal("expected dispatch to be initialized") - } - w.SetAuthUpdateQueue(nil) - if w.dispatchCancel != nil { - t.Fatal("expected dispatch cancel to be cleared when queue nil") - } -} - -func TestPersistAsyncEarlyReturns(t *testing.T) { - var nilWatcher *Watcher - nilWatcher.persistConfigAsync() - nilWatcher.persistAuthAsync("msg", "a") - - w := &Watcher{} - w.persistConfigAsync() - w.persistAuthAsync("msg", " ", "") -} - -type errorPersister struct { - configCalls int32 - authCalls int32 -} - -func (p *errorPersister) PersistConfig(context.Context) error { - atomic.AddInt32(&p.configCalls, 1) - return fmt.Errorf("persist config error") -} - -func (p *errorPersister) PersistAuthFiles(context.Context, string, ...string) error { - atomic.AddInt32(&p.authCalls, 1) - return fmt.Errorf("persist auth error") -} - -func TestPersistAsyncErrorPaths(t *testing.T) { - p := &errorPersister{} - w := &Watcher{storePersister: p} - w.persistConfigAsync() - w.persistAuthAsync("msg", "a") - time.Sleep(30 * time.Millisecond) - if atomic.LoadInt32(&p.configCalls) != 1 { - t.Fatalf("expected PersistConfig to be called once, got %d", p.configCalls) - } - if atomic.LoadInt32(&p.authCalls) != 1 { - t.Fatalf("expected PersistAuthFiles to be called once, got %d", p.authCalls) - } -} - -func TestStopConfigReloadTimerSafeWhenNil(t *testing.T) { - w := &Watcher{} - w.stopConfigReloadTimer() - w.configReloadMu.Lock() - w.configReloadTimer = time.AfterFunc(10*time.Millisecond, func() {}) - w.configReloadMu.Unlock() - time.Sleep(1 * time.Millisecond) - w.stopConfigReloadTimer() -} - -func TestHandleEventRemovesAuthFile(t *testing.T) { - tmpDir := t.TempDir() - authFile := filepath.Join(tmpDir, "remove.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - if err := os.Remove(authFile); err != nil { - t.Fatalf("failed to remove auth file pre-check: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: tmpDir, - config: &config.Config{AuthDir: tmpDir}, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { - atomic.AddInt32(&reloads, 1) - }, - } - // Use normalizeAuthPath to set up the hash with the correct key format - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected reload callback once, got %d", reloads) - } - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected hash entry to be removed") - } -} - -func TestDispatchAuthUpdatesFlushesQueue(t *testing.T) { - queue := make(chan AuthUpdate, 4) - w := &Watcher{} - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - w.dispatchAuthUpdates([]AuthUpdate{ - {Action: AuthUpdateActionAdd, ID: "a"}, - {Action: AuthUpdateActionModify, ID: "b"}, - }) - - got := make([]AuthUpdate, 0, 2) - for i := 0; i < 2; i++ { - select { - case u := <-queue: - got = append(got, u) - case <-time.After(2 * time.Second): - t.Fatalf("timed out waiting for update %d", i) - } - } - if len(got) != 2 || got[0].ID != "a" || got[1].ID != "b" { - t.Fatalf("unexpected updates order/content: %+v", got) - } -} - -func TestDispatchLoopExitsOnContextDoneWhileSending(t *testing.T) { - queue := make(chan AuthUpdate) // unbuffered to block sends - w := &Watcher{ - authQueue: queue, - pendingUpdates: map[string]AuthUpdate{ - "k": {Action: AuthUpdateActionAdd, ID: "k"}, - }, - pendingOrder: []string{"k"}, - } - - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.dispatchLoop(ctx) - close(done) - }() - - time.Sleep(30 * time.Millisecond) - cancel() - - select { - case <-done: - case <-time.After(2 * time.Second): - t.Fatal("expected dispatchLoop to exit after ctx canceled while blocked on send") - } -} - -func TestProcessEventsHandlesEventErrorAndChannelClose(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: make(chan fsnotify.Event, 2), - Errors: make(chan error, 2), - }, - configPath: "config.yaml", - authDir: "auth", - } - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - w.watcher.Events <- fsnotify.Event{Name: "unrelated.txt", Op: fsnotify.Write} - w.watcher.Errors <- fmt.Errorf("watcher error") - - time.Sleep(20 * time.Millisecond) - close(w.watcher.Events) - close(w.watcher.Errors) - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit after channels closed") - } -} - -func TestProcessEventsReturnsWhenErrorsChannelClosed(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: nil, - Errors: make(chan error), - }, - } - - close(w.watcher.Errors) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit after errors channel closed") - } -} - -func TestHandleEventIgnoresUnrelatedFiles(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: filepath.Join(tmpDir, "note.txt"), Op: fsnotify.Write}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected no reloads for unrelated file, got %d", reloads) - } -} - -func TestHandleEventConfigChangeSchedulesReload(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: configPath, Op: fsnotify.Write}) - - time.Sleep(400 * time.Millisecond) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected config change to trigger reload once, got %d", reloads) - } -} - -func TestHandleEventAuthWriteTriggersUpdate(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "a.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Write}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected auth write to trigger reload callback, got %d", reloads) - } -} - -func TestHandleEventRemoveDebounceSkips(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "remove.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - lastRemoveTimes: map[string]time.Time{ - filepath.Clean(authFile): time.Now(), - }, - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected remove to be debounced, got %d", reloads) - } -} - -func TestHandleEventAtomicReplaceUnchangedSkips(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "same.json") - content := []byte(`{"type":"demo"}`) - if err := os.WriteFile(authFile, content, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - sum := sha256.Sum256(content) - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(sum[:]) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Rename}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected unchanged atomic replace to be skipped, got %d", reloads) - } -} - -func TestHandleEventAtomicReplaceChangedTriggersUpdate(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "change.json") - oldContent := []byte(`{"type":"demo","v":1}`) - newContent := []byte(`{"type":"demo","v":2}`) - if err := os.WriteFile(authFile, newContent, 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - oldSum := sha256.Sum256(oldContent) - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = hexString(oldSum[:]) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Rename}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected changed atomic replace to trigger update, got %d", reloads) - } -} - -func TestHandleEventRemoveUnknownFileIgnored(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "unknown.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected unknown remove to be ignored, got %d", reloads) - } -} - -func TestHandleEventRemoveKnownFileDeletes(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authFile := filepath.Join(authDir, "known.json") - - var reloads int32 - w := &Watcher{ - authDir: authDir, - configPath: configPath, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - w.lastAuthHashes[w.normalizeAuthPath(authFile)] = "hash" - - w.handleEvent(fsnotify.Event{Name: authFile, Op: fsnotify.Remove}) - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected known remove to trigger reload, got %d", reloads) - } - if _, ok := w.lastAuthHashes[w.normalizeAuthPath(authFile)]; ok { - t.Fatal("expected known auth hash to be deleted") - } -} - -func TestNormalizeAuthPathAndDebounceCleanup(t *testing.T) { - w := &Watcher{} - if got := w.normalizeAuthPath(" "); got != "" { - t.Fatalf("expected empty normalize result, got %q", got) - } - if got := w.normalizeAuthPath(" a/../b "); got != filepath.Clean("a/../b") { - t.Fatalf("unexpected normalize result: %q", got) - } - - w.clientsMutex.Lock() - w.lastRemoveTimes = make(map[string]time.Time, 140) - old := time.Now().Add(-3 * authRemoveDebounceWindow) - for i := 0; i < 129; i++ { - w.lastRemoveTimes[fmt.Sprintf("old-%d", i)] = old - } - w.clientsMutex.Unlock() - - w.shouldDebounceRemove("new-path", time.Now()) - - w.clientsMutex.Lock() - gotLen := len(w.lastRemoveTimes) - w.clientsMutex.Unlock() - if gotLen >= 129 { - t.Fatalf("expected debounce cleanup to shrink map, got %d", gotLen) - } -} - -func TestRefreshAuthStateDispatchesRuntimeAuths(t *testing.T) { - queue := make(chan AuthUpdate, 8) - w := &Watcher{ - authDir: t.TempDir(), - lastAuthHashes: make(map[string]string), - } - w.SetConfig(&config.Config{AuthDir: w.authDir}) - w.SetAuthUpdateQueue(queue) - defer w.stopDispatch() - - w.clientsMutex.Lock() - w.runtimeAuths = map[string]*coreauth.Auth{ - "nil": nil, - "r1": {ID: "r1", Provider: "runtime"}, - } - w.clientsMutex.Unlock() - - w.refreshAuthState(false) - - select { - case u := <-queue: - if u.Action != AuthUpdateActionAdd || u.ID != "r1" { - t.Fatalf("unexpected auth update: %+v", u) - } - case <-time.After(2 * time.Second): - t.Fatal("timed out waiting for runtime auth update") - } -} - -func TestAddOrUpdateClientEdgeCases(t *testing.T) { - tmpDir := t.TempDir() - authDir := tmpDir - authFile := filepath.Join(tmpDir, "edge.json") - if err := os.WriteFile(authFile, []byte(`{"type":"demo"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - emptyFile := filepath.Join(tmpDir, "empty.json") - if err := os.WriteFile(emptyFile, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty auth file: %v", err) - } - - var reloads int32 - w := &Watcher{ - authDir: authDir, - lastAuthHashes: make(map[string]string), - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - - w.addOrUpdateClient(filepath.Join(tmpDir, "missing.json")) - w.addOrUpdateClient(emptyFile) - if atomic.LoadInt32(&reloads) != 0 { - t.Fatalf("expected no reloads for missing/empty file, got %d", reloads) - } - - w.addOrUpdateClient(authFile) // config nil -> should not panic or update - if len(w.lastAuthHashes) != 0 { - t.Fatalf("expected no hash entries without config, got %d", len(w.lastAuthHashes)) - } -} - -func TestLoadFileClientsWalkError(t *testing.T) { - tmpDir := t.TempDir() - noAccessDir := filepath.Join(tmpDir, "0noaccess") - if err := os.MkdirAll(noAccessDir, 0o755); err != nil { - t.Fatalf("failed to create noaccess dir: %v", err) - } - if err := os.Chmod(noAccessDir, 0); err != nil { - t.Skipf("chmod not supported: %v", err) - } - defer func() { _ = os.Chmod(noAccessDir, 0o755) }() - - cfg := &config.Config{AuthDir: tmpDir} - w := &Watcher{} - w.SetConfig(cfg) - - count := w.loadFileClients(cfg) - if count != 0 { - t.Fatalf("expected count 0 due to walk error, got %d", count) - } -} - -func TestReloadConfigIfChangedHandlesMissingAndEmpty(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - w := &Watcher{ - configPath: filepath.Join(tmpDir, "missing.yaml"), - authDir: authDir, - } - w.reloadConfigIfChanged() // missing file -> log + return - - emptyPath := filepath.Join(tmpDir, "empty.yaml") - if err := os.WriteFile(emptyPath, []byte(""), 0o644); err != nil { - t.Fatalf("failed to write empty config: %v", err) - } - w.configPath = emptyPath - w.reloadConfigIfChanged() // empty file -> early return -} - -func TestReloadConfigUsesMirroredAuthDir(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+filepath.Join(tmpDir, "other")+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - w := &Watcher{ - configPath: configPath, - authDir: authDir, - mirroredAuthDir: authDir, - lastAuthHashes: make(map[string]string), - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - if ok := w.reloadConfig(); !ok { - t.Fatal("expected reloadConfig to succeed") - } - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if w.config == nil || w.config.AuthDir != authDir { - t.Fatalf("expected AuthDir to be overridden by mirroredAuthDir %s, got %+v", authDir, w.config) - } -} - -func TestReloadConfigFiltersAffectedOAuthProviders(t *testing.T) { - tmpDir := t.TempDir() - authDir := filepath.Join(tmpDir, "auth") - if err := os.MkdirAll(authDir, 0o755); err != nil { - t.Fatalf("failed to create auth dir: %v", err) - } - configPath := filepath.Join(tmpDir, "config.yaml") - - // Ensure SnapshotCoreAuths yields a provider that is NOT affected, so we can assert it survives. - if err := os.WriteFile(filepath.Join(authDir, "provider-b.json"), []byte(`{"type":"provider-b","email":"b@example.com"}`), 0o644); err != nil { - t.Fatalf("failed to write auth file: %v", err) - } - - oldCfg := &config.Config{ - AuthDir: authDir, - OAuthExcludedModels: map[string][]string{ - "provider-a": {"m1"}, - }, - } - newCfg := &config.Config{ - AuthDir: authDir, - OAuthExcludedModels: map[string][]string{ - "provider-a": {"m2"}, - }, - } - data, err := yaml.Marshal(newCfg) - if err != nil { - t.Fatalf("failed to marshal config: %v", err) - } - if err = os.WriteFile(configPath, data, 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - w := &Watcher{ - configPath: configPath, - authDir: authDir, - lastAuthHashes: make(map[string]string), - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "provider-a"}, - }, - } - w.SetConfig(oldCfg) - - if ok := w.reloadConfig(); !ok { - t.Fatal("expected reloadConfig to succeed") - } - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - for _, auth := range w.currentAuths { - if auth != nil && auth.Provider == "provider-a" { - t.Fatal("expected affected provider auth to be filtered") - } - } - foundB := false - for _, auth := range w.currentAuths { - if auth != nil && auth.Provider == "provider-b" { - foundB = true - break - } - } - if !foundB { - t.Fatal("expected unaffected provider auth to remain") - } -} - -func TestStartFailsWhenAuthDirMissing(t *testing.T) { - tmpDir := t.TempDir() - configPath := filepath.Join(tmpDir, "config.yaml") - if err := os.WriteFile(configPath, []byte("auth_dir: "+filepath.Join(tmpDir, "missing-auth")+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config file: %v", err) - } - authDir := filepath.Join(tmpDir, "missing-auth") - - w, err := NewWatcher(configPath, authDir, nil) - if err != nil { - t.Fatalf("failed to create watcher: %v", err) - } - defer w.Stop() - w.SetConfig(&config.Config{AuthDir: authDir}) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - if err := w.Start(ctx); err == nil { - t.Fatal("expected Start to fail for missing auth dir") - } -} - -func TestDispatchRuntimeAuthUpdateReturnsFalseWithoutQueue(t *testing.T) { - w := &Watcher{} - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionAdd, Auth: &coreauth.Auth{ID: "a"}}); ok { - t.Fatal("expected DispatchRuntimeAuthUpdate to return false when no queue configured") - } - if ok := w.DispatchRuntimeAuthUpdate(AuthUpdate{Action: AuthUpdateActionDelete, Auth: &coreauth.Auth{ID: "a"}}); ok { - t.Fatal("expected DispatchRuntimeAuthUpdate delete to return false when no queue configured") - } -} - -func TestNormalizeAuthNil(t *testing.T) { - if normalizeAuth(nil) != nil { - t.Fatal("expected normalizeAuth(nil) to return nil") - } -} - -// stubStore implements coreauth.Store plus watcher-specific persistence helpers. -type stubStore struct { - authDir string - cfgPersisted int32 - authPersisted int32 - lastAuthMessage string - lastAuthPaths []string -} - -func (s *stubStore) List(context.Context) ([]*coreauth.Auth, error) { return nil, nil } -func (s *stubStore) Save(context.Context, *coreauth.Auth) (string, error) { - return "", nil -} -func (s *stubStore) Delete(context.Context, string) error { return nil } -func (s *stubStore) PersistConfig(context.Context) error { - atomic.AddInt32(&s.cfgPersisted, 1) - return nil -} -func (s *stubStore) PersistAuthFiles(_ context.Context, message string, paths ...string) error { - atomic.AddInt32(&s.authPersisted, 1) - s.lastAuthMessage = message - s.lastAuthPaths = paths - return nil -} -func (s *stubStore) AuthDir() string { return s.authDir } - -func TestNewWatcherDetectsPersisterAndAuthDir(t *testing.T) { - tmp := t.TempDir() - store := &stubStore{authDir: tmp} - orig := sdkAuth.GetTokenStore() - sdkAuth.RegisterTokenStore(store) - defer sdkAuth.RegisterTokenStore(orig) - - w, err := NewWatcher("config.yaml", "auth", nil) - if err != nil { - t.Fatalf("NewWatcher failed: %v", err) - } - if w.storePersister == nil { - t.Fatal("expected storePersister to be set from token store") - } - if w.mirroredAuthDir != tmp { - t.Fatalf("expected mirroredAuthDir %s, got %s", tmp, w.mirroredAuthDir) - } -} - -func TestPersistConfigAndAuthAsyncInvokePersister(t *testing.T) { - w := &Watcher{ - storePersister: &stubStore{}, - } - - w.persistConfigAsync() - w.persistAuthAsync("msg", " a ", "", "b ") - - time.Sleep(30 * time.Millisecond) - store := w.storePersister.(*stubStore) - if atomic.LoadInt32(&store.cfgPersisted) != 1 { - t.Fatalf("expected PersistConfig to be called once, got %d", store.cfgPersisted) - } - if atomic.LoadInt32(&store.authPersisted) != 1 { - t.Fatalf("expected PersistAuthFiles to be called once, got %d", store.authPersisted) - } - if store.lastAuthMessage != "msg" { - t.Fatalf("unexpected auth message: %s", store.lastAuthMessage) - } - if len(store.lastAuthPaths) != 2 || store.lastAuthPaths[0] != "a" || store.lastAuthPaths[1] != "b" { - t.Fatalf("unexpected filtered paths: %#v", store.lastAuthPaths) - } -} - -func TestScheduleConfigReloadDebounces(t *testing.T) { - tmp := t.TempDir() - authDir := tmp - cfgPath := tmp + "/config.yaml" - if err := os.WriteFile(cfgPath, []byte("auth_dir: "+authDir+"\n"), 0o644); err != nil { - t.Fatalf("failed to write config: %v", err) - } - - var reloads int32 - w := &Watcher{ - configPath: cfgPath, - authDir: authDir, - reloadCallback: func(*config.Config) { atomic.AddInt32(&reloads, 1) }, - } - w.SetConfig(&config.Config{AuthDir: authDir}) - - w.scheduleConfigReload() - w.scheduleConfigReload() - - time.Sleep(400 * time.Millisecond) - - if atomic.LoadInt32(&reloads) != 1 { - t.Fatalf("expected single debounced reload, got %d", reloads) - } - if w.lastConfigHash == "" { - t.Fatal("expected lastConfigHash to be set after reload") - } -} - -func TestPrepareAuthUpdatesLockedForceAndDelete(t *testing.T) { - w := &Watcher{ - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "p1"}, - }, - authQueue: make(chan AuthUpdate, 4), - } - - updates := w.prepareAuthUpdatesLocked([]*coreauth.Auth{{ID: "a", Provider: "p2"}}, false) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionModify || updates[0].ID != "a" { - t.Fatalf("unexpected modify updates: %+v", updates) - } - - updates = w.prepareAuthUpdatesLocked([]*coreauth.Auth{{ID: "a", Provider: "p2"}}, true) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionModify { - t.Fatalf("expected force modify, got %+v", updates) - } - - updates = w.prepareAuthUpdatesLocked([]*coreauth.Auth{}, false) - if len(updates) != 1 || updates[0].Action != AuthUpdateActionDelete || updates[0].ID != "a" { - t.Fatalf("expected delete for missing auth, got %+v", updates) - } -} - -func TestAuthEqualIgnoresTemporalFields(t *testing.T) { - now := time.Now() - a := &coreauth.Auth{ID: "x", CreatedAt: now} - b := &coreauth.Auth{ID: "x", CreatedAt: now.Add(5 * time.Second)} - if !authEqual(a, b) { - t.Fatal("expected authEqual to ignore temporal differences") - } -} - -func TestDispatchLoopExitsWhenQueueNilAndContextCanceled(t *testing.T) { - w := &Watcher{ - dispatchCond: nil, - pendingUpdates: map[string]AuthUpdate{"k": {ID: "k"}}, - pendingOrder: []string{"k"}, - } - w.dispatchCond = sync.NewCond(&w.dispatchMu) - - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.dispatchLoop(ctx) - close(done) - }() - - time.Sleep(20 * time.Millisecond) - cancel() - w.dispatchMu.Lock() - w.dispatchCond.Broadcast() - w.dispatchMu.Unlock() - - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("dispatchLoop did not exit after context cancel") - } -} - -func TestReloadClientsFiltersOAuthProvidersWithoutRescan(t *testing.T) { - tmp := t.TempDir() - w := &Watcher{ - authDir: tmp, - config: &config.Config{AuthDir: tmp}, - currentAuths: map[string]*coreauth.Auth{ - "a": {ID: "a", Provider: "Match"}, - "b": {ID: "b", Provider: "other"}, - }, - lastAuthHashes: map[string]string{"cached": "hash"}, - } - - w.reloadClients(false, []string{"match"}, false) - - w.clientsMutex.RLock() - defer w.clientsMutex.RUnlock() - if _, ok := w.currentAuths["a"]; ok { - t.Fatal("expected filtered provider to be removed") - } - if len(w.lastAuthHashes) != 1 { - t.Fatalf("expected existing hash cache to be retained, got %d", len(w.lastAuthHashes)) - } -} - -func TestScheduleProcessEventsStopsOnContextDone(t *testing.T) { - w := &Watcher{ - watcher: &fsnotify.Watcher{ - Events: make(chan fsnotify.Event, 1), - Errors: make(chan error, 1), - }, - configPath: "config.yaml", - authDir: "auth", - } - ctx, cancel := context.WithCancel(context.Background()) - done := make(chan struct{}) - go func() { - w.processEvents(ctx) - close(done) - }() - - cancel() - select { - case <-done: - case <-time.After(500 * time.Millisecond): - t.Fatal("processEvents did not exit on context cancel") - } -} - -func hexString(data []byte) string { - return strings.ToLower(fmt.Sprintf("%x", data)) -} diff --git a/internal/wsrelay/http.go b/internal/wsrelay/http.go deleted file mode 100644 index abdb277cb9..0000000000 --- a/internal/wsrelay/http.go +++ /dev/null @@ -1,248 +0,0 @@ -package wsrelay - -import ( - "bytes" - "context" - "errors" - "fmt" - "net/http" - "time" - - "github.com/google/uuid" -) - -// HTTPRequest represents a proxied HTTP request delivered to websocket clients. -type HTTPRequest struct { - Method string - URL string - Headers http.Header - Body []byte -} - -// HTTPResponse captures the response relayed back from websocket clients. -type HTTPResponse struct { - Status int - Headers http.Header - Body []byte -} - -// StreamEvent represents a streaming response event from clients. -type StreamEvent struct { - Type string - Payload []byte - Status int - Headers http.Header - Err error -} - -// NonStream executes a non-streaming HTTP request using the websocket provider. -func (m *Manager) NonStream(ctx context.Context, provider string, req *HTTPRequest) (*HTTPResponse, error) { - if req == nil { - return nil, fmt.Errorf("wsrelay: request is nil") - } - msg := Message{ID: uuid.NewString(), Type: MessageTypeHTTPReq, Payload: encodeRequest(req)} - respCh, err := m.Send(ctx, provider, msg) - if err != nil { - return nil, err - } - var ( - streamMode bool - streamResp *HTTPResponse - streamBody bytes.Buffer - ) - for { - select { - case <-ctx.Done(): - return nil, ctx.Err() - case msg, ok := <-respCh: - if !ok { - if streamMode { - if streamResp == nil { - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } else if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamResp.Body = append(streamResp.Body[:0], streamBody.Bytes()...) - return streamResp, nil - } - return nil, errors.New("wsrelay: connection closed during response") - } - switch msg.Type { - case MessageTypeHTTPResp: - resp := decodeResponse(msg.Payload) - if streamMode && streamBody.Len() > 0 && len(resp.Body) == 0 { - resp.Body = append(resp.Body[:0], streamBody.Bytes()...) - } - return resp, nil - case MessageTypeError: - return nil, decodeError(msg.Payload) - case MessageTypeStreamStart, MessageTypeStreamChunk: - if msg.Type == MessageTypeStreamStart { - streamMode = true - streamResp = decodeResponse(msg.Payload) - if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamBody.Reset() - continue - } - if !streamMode { - streamMode = true - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } - chunk := decodeChunk(msg.Payload) - if len(chunk) > 0 { - streamBody.Write(chunk) - } - case MessageTypeStreamEnd: - if !streamMode { - return &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)}, nil - } - if streamResp == nil { - streamResp = &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - } else if streamResp.Headers == nil { - streamResp.Headers = make(http.Header) - } - streamResp.Body = append(streamResp.Body[:0], streamBody.Bytes()...) - return streamResp, nil - default: - } - } - } -} - -// Stream executes a streaming HTTP request and returns channel with stream events. -func (m *Manager) Stream(ctx context.Context, provider string, req *HTTPRequest) (<-chan StreamEvent, error) { - if req == nil { - return nil, fmt.Errorf("wsrelay: request is nil") - } - msg := Message{ID: uuid.NewString(), Type: MessageTypeHTTPReq, Payload: encodeRequest(req)} - respCh, err := m.Send(ctx, provider, msg) - if err != nil { - return nil, err - } - out := make(chan StreamEvent) - go func() { - defer close(out) - send := func(ev StreamEvent) bool { - if ctx == nil { - out <- ev - return true - } - select { - case <-ctx.Done(): - return false - case out <- ev: - return true - } - } - for { - select { - case <-ctx.Done(): - return - case msg, ok := <-respCh: - if !ok { - _ = send(StreamEvent{Err: errors.New("wsrelay: stream closed")}) - return - } - switch msg.Type { - case MessageTypeStreamStart: - resp := decodeResponse(msg.Payload) - if okSend := send(StreamEvent{Type: MessageTypeStreamStart, Status: resp.Status, Headers: resp.Headers}); !okSend { - return - } - case MessageTypeStreamChunk: - chunk := decodeChunk(msg.Payload) - if okSend := send(StreamEvent{Type: MessageTypeStreamChunk, Payload: chunk}); !okSend { - return - } - case MessageTypeStreamEnd: - _ = send(StreamEvent{Type: MessageTypeStreamEnd}) - return - case MessageTypeError: - _ = send(StreamEvent{Type: MessageTypeError, Err: decodeError(msg.Payload)}) - return - case MessageTypeHTTPResp: - resp := decodeResponse(msg.Payload) - _ = send(StreamEvent{Type: MessageTypeHTTPResp, Status: resp.Status, Headers: resp.Headers, Payload: resp.Body}) - return - default: - } - } - } - }() - return out, nil -} - -func encodeRequest(req *HTTPRequest) map[string]any { - headers := make(map[string]any, len(req.Headers)) - for key, values := range req.Headers { - copyValues := make([]string, len(values)) - copy(copyValues, values) - headers[key] = copyValues - } - return map[string]any{ - "method": req.Method, - "url": req.URL, - "headers": headers, - "body": string(req.Body), - "sent_at": time.Now().UTC().Format(time.RFC3339Nano), - } -} - -func decodeResponse(payload map[string]any) *HTTPResponse { - if payload == nil { - return &HTTPResponse{Status: http.StatusBadGateway, Headers: make(http.Header)} - } - resp := &HTTPResponse{Status: http.StatusOK, Headers: make(http.Header)} - if status, ok := payload["status"].(float64); ok { - resp.Status = int(status) - } - if headers, ok := payload["headers"].(map[string]any); ok { - for key, raw := range headers { - switch v := raw.(type) { - case []any: - for _, item := range v { - if str, ok := item.(string); ok { - resp.Headers.Add(key, str) - } - } - case []string: - for _, str := range v { - resp.Headers.Add(key, str) - } - case string: - resp.Headers.Set(key, v) - } - } - } - if body, ok := payload["body"].(string); ok { - resp.Body = []byte(body) - } - return resp -} - -func decodeChunk(payload map[string]any) []byte { - if payload == nil { - return nil - } - if data, ok := payload["data"].(string); ok { - return []byte(data) - } - return nil -} - -func decodeError(payload map[string]any) error { - if payload == nil { - return errors.New("wsrelay: unknown error") - } - message, _ := payload["error"].(string) - status := 0 - if v, ok := payload["status"].(float64); ok { - status = int(v) - } - if message == "" { - message = "wsrelay: upstream error" - } - return fmt.Errorf("%s (status=%d)", message, status) -} diff --git a/internal/wsrelay/manager.go b/internal/wsrelay/manager.go deleted file mode 100644 index ae28234c15..0000000000 --- a/internal/wsrelay/manager.go +++ /dev/null @@ -1,205 +0,0 @@ -package wsrelay - -import ( - "context" - "crypto/rand" - "errors" - "fmt" - "net/http" - "strings" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -// Manager exposes a websocket endpoint that proxies Gemini requests to -// connected clients. -type Manager struct { - path string - upgrader websocket.Upgrader - sessions map[string]*session - sessMutex sync.RWMutex - - providerFactory func(*http.Request) (string, error) - onConnected func(string) - onDisconnected func(string, error) - - logDebugf func(string, ...any) - logInfof func(string, ...any) - logWarnf func(string, ...any) -} - -// Options configures a Manager instance. -type Options struct { - Path string - ProviderFactory func(*http.Request) (string, error) - OnConnected func(string) - OnDisconnected func(string, error) - LogDebugf func(string, ...any) - LogInfof func(string, ...any) - LogWarnf func(string, ...any) -} - -// NewManager builds a websocket relay manager with the supplied options. -func NewManager(opts Options) *Manager { - path := strings.TrimSpace(opts.Path) - if path == "" { - path = "/v1/ws" - } - if !strings.HasPrefix(path, "/") { - path = "/" + path - } - mgr := &Manager{ - path: path, - sessions: make(map[string]*session), - upgrader: websocket.Upgrader{ - ReadBufferSize: 1024, - WriteBufferSize: 1024, - CheckOrigin: func(r *http.Request) bool { - return true - }, - }, - providerFactory: opts.ProviderFactory, - onConnected: opts.OnConnected, - onDisconnected: opts.OnDisconnected, - logDebugf: opts.LogDebugf, - logInfof: opts.LogInfof, - logWarnf: opts.LogWarnf, - } - if mgr.logDebugf == nil { - mgr.logDebugf = func(string, ...any) {} - } - if mgr.logInfof == nil { - mgr.logInfof = func(string, ...any) {} - } - if mgr.logWarnf == nil { - mgr.logWarnf = func(s string, args ...any) { fmt.Printf(s+"\n", args...) } - } - return mgr -} - -// Path returns the HTTP path the manager expects for websocket upgrades. -func (m *Manager) Path() string { - if m == nil { - return "/v1/ws" - } - return m.path -} - -// Handler exposes an http.Handler that upgrades connections to websocket sessions. -func (m *Manager) Handler() http.Handler { - return http.HandlerFunc(m.handleWebsocket) -} - -// Stop gracefully closes all active websocket sessions. -func (m *Manager) Stop(_ context.Context) error { - m.sessMutex.Lock() - sessions := make([]*session, 0, len(m.sessions)) - for _, sess := range m.sessions { - sessions = append(sessions, sess) - } - m.sessions = make(map[string]*session) - m.sessMutex.Unlock() - - for _, sess := range sessions { - if sess != nil { - sess.cleanup(errors.New("wsrelay: manager stopped")) - } - } - return nil -} - -// handleWebsocket upgrades the connection and wires the session into the pool. -func (m *Manager) handleWebsocket(w http.ResponseWriter, r *http.Request) { - expectedPath := m.Path() - if expectedPath != "" && r.URL != nil && r.URL.Path != expectedPath { - http.NotFound(w, r) - return - } - if !strings.EqualFold(r.Method, http.MethodGet) { - w.Header().Set("Allow", http.MethodGet) - http.Error(w, "method not allowed", http.StatusMethodNotAllowed) - return - } - conn, err := m.upgrader.Upgrade(w, r, nil) - if err != nil { - m.logWarnf("wsrelay: upgrade failed: %v", err) - return - } - s := newSession(conn, m, randomProviderName()) - if m.providerFactory != nil { - name, err := m.providerFactory(r) - if err != nil { - s.cleanup(err) - return - } - if strings.TrimSpace(name) != "" { - s.provider = strings.ToLower(name) - } - } - if s.provider == "" { - s.provider = strings.ToLower(s.id) - } - m.sessMutex.Lock() - var replaced *session - if existing, ok := m.sessions[s.provider]; ok { - replaced = existing - } - m.sessions[s.provider] = s - m.sessMutex.Unlock() - - if replaced != nil { - replaced.cleanup(errors.New("replaced by new connection")) - } - if m.onConnected != nil { - m.onConnected(s.provider) - } - - go s.run(context.Background()) -} - -// Send forwards the message to the specific provider connection and returns a channel -// yielding response messages. -func (m *Manager) Send(ctx context.Context, provider string, msg Message) (<-chan Message, error) { - s := m.session(provider) - if s == nil { - return nil, fmt.Errorf("wsrelay: provider %s not connected", provider) - } - return s.request(ctx, msg) -} - -func (m *Manager) session(provider string) *session { - key := strings.ToLower(strings.TrimSpace(provider)) - m.sessMutex.RLock() - s := m.sessions[key] - m.sessMutex.RUnlock() - return s -} - -func (m *Manager) handleSessionClosed(s *session, cause error) { - if s == nil { - return - } - key := strings.ToLower(strings.TrimSpace(s.provider)) - m.sessMutex.Lock() - if cur, ok := m.sessions[key]; ok && cur == s { - delete(m.sessions, key) - } - m.sessMutex.Unlock() - if m.onDisconnected != nil { - m.onDisconnected(s.provider, cause) - } -} - -func randomProviderName() string { - const alphabet = "abcdefghijklmnopqrstuvwxyz0123456789" - buf := make([]byte, 16) - if _, err := rand.Read(buf); err != nil { - return fmt.Sprintf("aistudio-%x", time.Now().UnixNano()) - } - for i := range buf { - buf[i] = alphabet[int(buf[i])%len(alphabet)] - } - return "aistudio-" + string(buf) -} diff --git a/internal/wsrelay/message.go b/internal/wsrelay/message.go deleted file mode 100644 index bf716e5e1a..0000000000 --- a/internal/wsrelay/message.go +++ /dev/null @@ -1,27 +0,0 @@ -package wsrelay - -// Message represents the JSON payload exchanged with websocket clients. -type Message struct { - ID string `json:"id"` - Type string `json:"type"` - Payload map[string]any `json:"payload,omitempty"` -} - -const ( - // MessageTypeHTTPReq identifies an HTTP-style request envelope. - MessageTypeHTTPReq = "http_request" - // MessageTypeHTTPResp identifies a non-streaming HTTP response envelope. - MessageTypeHTTPResp = "http_response" - // MessageTypeStreamStart marks the beginning of a streaming response. - MessageTypeStreamStart = "stream_start" - // MessageTypeStreamChunk carries a streaming response chunk. - MessageTypeStreamChunk = "stream_chunk" - // MessageTypeStreamEnd marks the completion of a streaming response. - MessageTypeStreamEnd = "stream_end" - // MessageTypeError carries an error response. - MessageTypeError = "error" - // MessageTypePing represents ping messages from clients. - MessageTypePing = "ping" - // MessageTypePong represents pong responses back to clients. - MessageTypePong = "pong" -) diff --git a/internal/wsrelay/session.go b/internal/wsrelay/session.go deleted file mode 100644 index a728cbc3e0..0000000000 --- a/internal/wsrelay/session.go +++ /dev/null @@ -1,188 +0,0 @@ -package wsrelay - -import ( - "context" - "errors" - "fmt" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -const ( - readTimeout = 60 * time.Second - writeTimeout = 10 * time.Second - maxInboundMessageLen = 64 << 20 // 64 MiB - heartbeatInterval = 30 * time.Second -) - -var errClosed = errors.New("websocket session closed") - -type pendingRequest struct { - ch chan Message - closeOnce sync.Once -} - -func (pr *pendingRequest) close() { - if pr == nil { - return - } - pr.closeOnce.Do(func() { - close(pr.ch) - }) -} - -type session struct { - conn *websocket.Conn - manager *Manager - provider string - id string - closed chan struct{} - closeOnce sync.Once - writeMutex sync.Mutex - pending sync.Map // map[string]*pendingRequest -} - -func newSession(conn *websocket.Conn, mgr *Manager, id string) *session { - s := &session{ - conn: conn, - manager: mgr, - provider: "", - id: id, - closed: make(chan struct{}), - } - conn.SetReadLimit(maxInboundMessageLen) - conn.SetReadDeadline(time.Now().Add(readTimeout)) - conn.SetPongHandler(func(string) error { - conn.SetReadDeadline(time.Now().Add(readTimeout)) - return nil - }) - s.startHeartbeat() - return s -} - -func (s *session) startHeartbeat() { - if s == nil || s.conn == nil { - return - } - ticker := time.NewTicker(heartbeatInterval) - go func() { - defer ticker.Stop() - for { - select { - case <-s.closed: - return - case <-ticker.C: - s.writeMutex.Lock() - err := s.conn.WriteControl(websocket.PingMessage, []byte("ping"), time.Now().Add(writeTimeout)) - s.writeMutex.Unlock() - if err != nil { - s.cleanup(err) - return - } - } - } - }() -} - -func (s *session) run(ctx context.Context) { - defer s.cleanup(errClosed) - for { - var msg Message - if err := s.conn.ReadJSON(&msg); err != nil { - s.cleanup(err) - return - } - s.dispatch(msg) - } -} - -func (s *session) dispatch(msg Message) { - if msg.Type == MessageTypePing { - _ = s.send(context.Background(), Message{ID: msg.ID, Type: MessageTypePong}) - return - } - if value, ok := s.pending.Load(msg.ID); ok { - req := value.(*pendingRequest) - select { - case req.ch <- msg: - default: - } - if msg.Type == MessageTypeHTTPResp || msg.Type == MessageTypeError || msg.Type == MessageTypeStreamEnd { - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - actual.(*pendingRequest).close() - } - } - return - } - if msg.Type == MessageTypeHTTPResp || msg.Type == MessageTypeError || msg.Type == MessageTypeStreamEnd { - s.manager.logDebugf("wsrelay: received terminal message for unknown id %s (provider=%s)", msg.ID, s.provider) - } -} - -func (s *session) send(ctx context.Context, msg Message) error { - select { - case <-s.closed: - return errClosed - default: - } - s.writeMutex.Lock() - defer s.writeMutex.Unlock() - if err := s.conn.SetWriteDeadline(time.Now().Add(writeTimeout)); err != nil { - return fmt.Errorf("set write deadline: %w", err) - } - if err := s.conn.WriteJSON(msg); err != nil { - return fmt.Errorf("write json: %w", err) - } - return nil -} - -func (s *session) request(ctx context.Context, msg Message) (<-chan Message, error) { - if msg.ID == "" { - return nil, fmt.Errorf("wsrelay: message id is required") - } - if _, loaded := s.pending.LoadOrStore(msg.ID, &pendingRequest{ch: make(chan Message, 8)}); loaded { - return nil, fmt.Errorf("wsrelay: duplicate message id %s", msg.ID) - } - value, _ := s.pending.Load(msg.ID) - req := value.(*pendingRequest) - if err := s.send(ctx, msg); err != nil { - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - req := actual.(*pendingRequest) - req.close() - } - return nil, err - } - go func() { - select { - case <-ctx.Done(): - if actual, loaded := s.pending.LoadAndDelete(msg.ID); loaded { - actual.(*pendingRequest).close() - } - case <-s.closed: - } - }() - return req.ch, nil -} - -func (s *session) cleanup(cause error) { - s.closeOnce.Do(func() { - close(s.closed) - s.pending.Range(func(key, value any) bool { - req := value.(*pendingRequest) - msg := Message{ID: key.(string), Type: MessageTypeError, Payload: map[string]any{"error": cause.Error()}} - select { - case req.ch <- msg: - default: - } - req.close() - return true - }) - s.pending = sync.Map{} - _ = s.conn.Close() - if s.manager != nil { - s.manager.handleSessionClosed(s, cause) - } - }) -} diff --git a/pkg/llmproxy/api/aliases.go b/pkg/llmproxy/api/aliases.go deleted file mode 100644 index a22864182b..0000000000 --- a/pkg/llmproxy/api/aliases.go +++ /dev/null @@ -1,19 +0,0 @@ -// Package api provides type aliases to the internal implementation. -// This allows both "internal/api" and "pkg/llmproxy/api" import paths to work seamlessly. -package api - -import "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/api" - -// Type aliases -type ServerOption = api.ServerOption -type Server = api.Server - -// Function aliases for exported API functions -var ( - WithMiddleware = api.WithMiddleware - WithEngineConfigurator = api.WithEngineConfigurator - WithLocalManagementPassword = api.WithLocalManagementPassword - WithKeepAliveEndpoint = api.WithKeepAliveEndpoint - WithRequestLoggerFactory = api.WithRequestLoggerFactory - NewServer = api.NewServer -) diff --git a/pkg/llmproxy/api/handlers/management/api_tools.go b/pkg/llmproxy/api/handlers/management/api_tools.go deleted file mode 100644 index 45a4bdcb36..0000000000 --- a/pkg/llmproxy/api/handlers/management/api_tools.go +++ /dev/null @@ -1,1477 +0,0 @@ -package management - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net" - "net/http" - "net/url" - "strings" - "time" - - "github.com/fxamacker/cbor/v2" - "github.com/gin-gonic/gin" - log "github.com/sirupsen/logrus" - "golang.org/x/net/proxy" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" - - kiroauth "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/kiro" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/runtime/geminicli" - coreauth "github.com/kooshapari/cliproxyapi-plusplus/v6/sdk/cliproxy/auth" -) - -const defaultAPICallTimeout = 60 * time.Second - -const ( - geminiOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - geminiOAuthClientSecret = "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" -) - -var geminiOAuthScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -} - -const ( - antigravityOAuthClientID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com" - antigravityOAuthClientSecret = "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" -) - -var antigravityOAuthTokenURL = "https://oauth2.googleapis.com/token" - -type apiCallRequest struct { - AuthIndexSnake *string `json:"auth_index"` - AuthIndexCamel *string `json:"authIndex"` - AuthIndexPascal *string `json:"AuthIndex"` - Method string `json:"method"` - URL string `json:"url"` - Header map[string]string `json:"header"` - Data string `json:"data"` -} - -type apiCallResponse struct { - StatusCode int `json:"status_code"` - Header map[string][]string `json:"header"` - Body string `json:"body"` - Quota *QuotaSnapshots `json:"quota,omitempty"` -} - -// APICall makes a generic HTTP request on behalf of the management API caller. -// It is protected by the management middleware. -// -// Endpoint: -// -// POST /v0/management/api-call -// -// Authentication: -// -// Same as other management APIs (requires a management key and remote-management rules). -// You can provide the key via: -// - Authorization: Bearer -// - X-Management-Key: -// -// Request JSON (supports both application/json and application/cbor): -// - auth_index / authIndex / AuthIndex (optional): -// The credential "auth_index" from GET /v0/management/auth-files (or other endpoints returning it). -// If omitted or not found, credential-specific proxy/token substitution is skipped. -// - method (required): HTTP method, e.g. GET, POST, PUT, PATCH, DELETE. -// - url (required): Absolute URL including scheme and host, e.g. "https://api.example.com/v1/ping". -// - header (optional): Request headers map. -// Supports magic variable "$TOKEN$" which is replaced using the selected credential: -// 1) metadata.access_token -// 2) attributes.api_key -// 3) metadata.token / metadata.id_token / metadata.cookie -// Example: {"Authorization":"Bearer $TOKEN$"}. -// Note: if you need to override the HTTP Host header, set header["Host"]. -// - data (optional): Raw request body as string (useful for POST/PUT/PATCH). -// -// Proxy selection (highest priority first): -// 1. Selected credential proxy_url -// 2. Global config proxy-url -// 3. Direct connect (environment proxies are not used) -// -// Response (returned with HTTP 200 when the APICall itself succeeds): -// -// Format matches request Content-Type (application/json or application/cbor) -// - status_code: Upstream HTTP status code. -// - header: Upstream response headers. -// - body: Upstream response body as string. -// - quota (optional): For GitHub Copilot enterprise accounts, contains quota_snapshots -// with details for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer " \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"GET","url":"https://api.example.com/v1/ping","header":{"Authorization":"Bearer $TOKEN$"}}' -// -// curl -sS -X POST "http://127.0.0.1:8317/v0/management/api-call" \ -// -H "Authorization: Bearer 831227" \ -// -H "Content-Type: application/json" \ -// -d '{"auth_index":"","method":"POST","url":"https://api.example.com/v1/fetchAvailableModels","header":{"Authorization":"Bearer $TOKEN$","Content-Type":"application/json","User-Agent":"cliproxyapi"},"data":"{}"}' -func (h *Handler) APICall(c *gin.Context) { - // Detect content type - contentType := strings.ToLower(strings.TrimSpace(c.GetHeader("Content-Type"))) - isCBOR := strings.Contains(contentType, "application/cbor") - - var body apiCallRequest - - // Parse request body based on content type - if isCBOR { - rawBody, errRead := io.ReadAll(c.Request.Body) - if errRead != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"}) - return - } - if errUnmarshal := cbor.Unmarshal(rawBody, &body); errUnmarshal != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid cbor body"}) - return - } - } else { - if errBindJSON := c.ShouldBindJSON(&body); errBindJSON != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid body"}) - return - } - } - - method := strings.ToUpper(strings.TrimSpace(body.Method)) - if method == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing method"}) - return - } - - urlStr := strings.TrimSpace(body.URL) - if urlStr == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "missing url"}) - return - } - safeURL, parsedURL, errSanitizeURL := sanitizeAPICallURL(urlStr) - if errSanitizeURL != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": errSanitizeURL.Error()}) - return - } - if errResolve := validateResolvedHostIPs(parsedURL.Hostname()); errResolve != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": errResolve.Error()}) - return - } - - authIndex := firstNonEmptyString(body.AuthIndexSnake, body.AuthIndexCamel, body.AuthIndexPascal) - auth := h.authByIndex(authIndex) - - reqHeaders := body.Header - if reqHeaders == nil { - reqHeaders = map[string]string{} - } - - var hostOverride string - var token string - var tokenResolved bool - var tokenErr error - for key, value := range reqHeaders { - if !strings.Contains(value, "$TOKEN$") { - continue - } - if !tokenResolved { - token, tokenErr = h.resolveTokenForAuth(c.Request.Context(), auth) - tokenResolved = true - } - if auth != nil && token == "" { - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token refresh failed"}) - return - } - c.JSON(http.StatusBadRequest, gin.H{"error": "auth token not found"}) - return - } - if token == "" { - continue - } - reqHeaders[key] = strings.ReplaceAll(value, "$TOKEN$", token) - } - - // When caller indicates CBOR in request headers, convert JSON string payload to CBOR bytes. - useCBORPayload := headerContainsValue(reqHeaders, "Content-Type", "application/cbor") - - var requestBody io.Reader - if body.Data != "" { - if useCBORPayload { - cborPayload, errEncode := encodeJSONStringToCBOR(body.Data) - if errEncode != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json data for cbor content-type"}) - return - } - requestBody = bytes.NewReader(cborPayload) - } else { - requestBody = strings.NewReader(body.Data) - } - } - - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), method, safeURL, requestBody) - if errNewRequest != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to build request"}) - return - } - - for key, value := range reqHeaders { - if strings.EqualFold(key, "host") { - hostOverride = strings.TrimSpace(value) - continue - } - req.Header.Set(key, value) - } - if hostOverride != "" { - if !isAllowedHostOverride(parsedURL, hostOverride) { - c.JSON(http.StatusBadRequest, gin.H{"error": "invalid host override"}) - return - } - req.Host = hostOverride - } - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - } - httpClient.Transport = h.apiCallTransport(auth) - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("management APICall request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - // For CBOR upstream responses, decode into plain text or JSON string before returning. - responseBodyText := string(respBody) - if headerContainsValue(reqHeaders, "Accept", "application/cbor") || strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "application/cbor") { - if decodedBody, errDecode := decodeCBORBodyToTextOrJSON(respBody); errDecode == nil { - responseBodyText = decodedBody - } - } - - response := apiCallResponse{ - StatusCode: resp.StatusCode, - Header: resp.Header, - Body: responseBodyText, - } - - // If this is a GitHub Copilot token endpoint response, try to enrich with quota information - if resp.StatusCode == http.StatusOK && - strings.Contains(safeURL, "copilot_internal") && - strings.Contains(safeURL, "/token") { - response = h.enrichCopilotTokenResponse(c.Request.Context(), response, auth, urlStr) - } - - // Return response in the same format as the request - if isCBOR { - cborData, errMarshal := cbor.Marshal(response) - if errMarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to encode cbor response"}) - return - } - c.Data(http.StatusOK, "application/cbor", cborData) - } else { - c.JSON(http.StatusOK, response) - } -} - -func firstNonEmptyString(values ...*string) string { - for _, v := range values { - if v == nil { - continue - } - if out := strings.TrimSpace(*v); out != "" { - return out - } - } - return "" -} - -func isAllowedHostOverride(parsedURL *url.URL, override string) bool { - if parsedURL == nil { - return false - } - trimmed := strings.TrimSpace(override) - if trimmed == "" { - return false - } - if strings.ContainsAny(trimmed, " \r\n\t") { - return false - } - - requestHost := strings.TrimSpace(parsedURL.Host) - requestHostname := strings.TrimSpace(parsedURL.Hostname()) - if requestHost == "" { - return false - } - if strings.EqualFold(trimmed, requestHost) { - return true - } - if strings.EqualFold(trimmed, requestHostname) { - return true - } - if len(trimmed) > 2 && trimmed[0] == '[' && trimmed[len(trimmed)-1] == ']' { - return false - } - return false -} - -func validateAPICallURL(parsedURL *url.URL) error { - if parsedURL == nil { - return fmt.Errorf("invalid url") - } - scheme := strings.ToLower(strings.TrimSpace(parsedURL.Scheme)) - if scheme != "http" && scheme != "https" { - return fmt.Errorf("unsupported url scheme") - } - if parsedURL.User != nil { - return fmt.Errorf("target host is not allowed") - } - host := strings.TrimSpace(parsedURL.Hostname()) - if host == "" { - return fmt.Errorf("invalid url host") - } - if strings.EqualFold(host, "localhost") { - return fmt.Errorf("target host is not allowed") - } - if ip := net.ParseIP(host); ip != nil { - if ip.IsLoopback() || ip.IsPrivate() || ip.IsUnspecified() || ip.IsMulticast() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { - return fmt.Errorf("target host is not allowed") - } - } - return nil -} - -func sanitizeAPICallURL(raw string) (string, *url.URL, error) { - trimmed := strings.TrimSpace(raw) - if trimmed == "" { - return "", nil, fmt.Errorf("missing url") - } - parsedURL, errParseURL := url.Parse(trimmed) - if errParseURL != nil || parsedURL.Scheme == "" || parsedURL.Host == "" { - return "", nil, fmt.Errorf("invalid url") - } - if errValidateURL := validateAPICallURL(parsedURL); errValidateURL != nil { - return "", nil, errValidateURL - } - parsedURL.Fragment = "" - return parsedURL.String(), parsedURL, nil -} - -func validateResolvedHostIPs(host string) error { - trimmed := strings.TrimSpace(host) - if trimmed == "" { - return fmt.Errorf("invalid url host") - } - resolved, errLookup := net.LookupIP(trimmed) - if errLookup != nil { - return fmt.Errorf("target host resolution failed") - } - for _, ip := range resolved { - if ip == nil { - continue - } - if ip.IsLoopback() || ip.IsPrivate() || ip.IsUnspecified() || ip.IsMulticast() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { - return fmt.Errorf("target host is not allowed") - } - } - return nil -} - -func tokenValueForAuth(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - if v := tokenValueFromMetadata(auth.Metadata); v != "" { - return v - } - if auth.Attributes != nil { - if v := strings.TrimSpace(auth.Attributes["api_key"]); v != "" { - return v - } - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - if v := tokenValueFromMetadata(shared.MetadataSnapshot()); v != "" { - return v - } - } - return "" -} - -func (h *Handler) resolveTokenForAuth(ctx context.Context, auth *coreauth.Auth) (string, error) { - if auth == nil { - return "", nil - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider == "gemini-cli" { - token, errToken := h.refreshGeminiOAuthAccessToken(ctx, auth) - return token, errToken - } - if provider == "antigravity" { - token, errToken := h.refreshAntigravityOAuthAccessToken(ctx, auth) - return token, errToken - } - - return tokenValueForAuth(auth), nil -} - -func (h *Handler) refreshGeminiOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata, updater := geminiOAuthMetadata(auth) - if len(metadata) == 0 { - return "", fmt.Errorf("gemini oauth metadata missing") - } - - base := make(map[string]any) - if tokenRaw, ok := metadata["token"].(map[string]any); ok && tokenRaw != nil { - base = cloneMap(tokenRaw) - } - - var token oauth2.Token - if len(base) > 0 { - if raw, errMarshal := json.Marshal(base); errMarshal == nil { - _ = json.Unmarshal(raw, &token) - } - } - - if token.AccessToken == "" { - token.AccessToken = stringValue(metadata, "access_token") - } - if token.RefreshToken == "" { - token.RefreshToken = stringValue(metadata, "refresh_token") - } - if token.TokenType == "" { - token.TokenType = stringValue(metadata, "token_type") - } - if token.Expiry.IsZero() { - if expiry := stringValue(metadata, "expiry"); expiry != "" { - if ts, errParseTime := time.Parse(time.RFC3339, expiry); errParseTime == nil { - token.Expiry = ts - } - } - } - - conf := &oauth2.Config{ - ClientID: geminiOAuthClientID, - ClientSecret: geminiOAuthClientSecret, - Scopes: geminiOAuthScopes, - Endpoint: google.Endpoint, - } - - ctxToken := ctx - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - ctxToken = context.WithValue(ctxToken, oauth2.HTTPClient, httpClient) - - src := conf.TokenSource(ctxToken, &token) - currentToken, errToken := src.Token() - if errToken != nil { - return "", errToken - } - - merged := buildOAuthTokenMap(base, currentToken) - fields := buildOAuthTokenFields(currentToken, merged) - if updater != nil { - updater(fields) - } - return strings.TrimSpace(currentToken.AccessToken), nil -} - -func (h *Handler) refreshAntigravityOAuthAccessToken(ctx context.Context, auth *coreauth.Auth) (string, error) { - if ctx == nil { - ctx = context.Background() - } - if auth == nil { - return "", nil - } - - metadata := auth.Metadata - if len(metadata) == 0 { - return "", fmt.Errorf("antigravity oauth metadata missing") - } - - current := strings.TrimSpace(tokenValueFromMetadata(metadata)) - if current != "" && !antigravityTokenNeedsRefresh(metadata) { - return current, nil - } - - refreshToken := stringValue(metadata, "refresh_token") - if refreshToken == "" { - return "", fmt.Errorf("antigravity refresh token missing") - } - - tokenURL := strings.TrimSpace(antigravityOAuthTokenURL) - if tokenURL == "" { - tokenURL = "https://oauth2.googleapis.com/token" - } - form := url.Values{} - form.Set("client_id", antigravityOAuthClientID) - form.Set("client_secret", antigravityOAuthClientSecret) - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", refreshToken) - - req, errReq := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(form.Encode())) - if errReq != nil { - return "", errReq - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - resp, errDo := httpClient.Do(req) - if errDo != nil { - return "", errDo - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - bodyBytes, errRead := io.ReadAll(resp.Body) - if errRead != nil { - return "", errRead - } - if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices { - return "", fmt.Errorf("antigravity oauth token refresh failed: status %d: %s", resp.StatusCode, strings.TrimSpace(string(bodyBytes))) - } - - var tokenResp struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` - TokenType string `json:"token_type"` - } - if errUnmarshal := json.Unmarshal(bodyBytes, &tokenResp); errUnmarshal != nil { - return "", errUnmarshal - } - - if strings.TrimSpace(tokenResp.AccessToken) == "" { - return "", fmt.Errorf("antigravity oauth token refresh returned empty access_token") - } - - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - now := time.Now() - auth.Metadata["access_token"] = strings.TrimSpace(tokenResp.AccessToken) - if strings.TrimSpace(tokenResp.RefreshToken) != "" { - auth.Metadata["refresh_token"] = strings.TrimSpace(tokenResp.RefreshToken) - } - if tokenResp.ExpiresIn > 0 { - auth.Metadata["expires_in"] = tokenResp.ExpiresIn - auth.Metadata["timestamp"] = now.UnixMilli() - auth.Metadata["expired"] = now.Add(time.Duration(tokenResp.ExpiresIn) * time.Second).Format(time.RFC3339) - } - auth.Metadata["type"] = "antigravity" - - if h != nil && h.authManager != nil { - auth.LastRefreshedAt = now - auth.UpdatedAt = now - _, _ = h.authManager.Update(ctx, auth) - } - - return strings.TrimSpace(tokenResp.AccessToken), nil -} - -func antigravityTokenNeedsRefresh(metadata map[string]any) bool { - // Refresh a bit early to avoid requests racing token expiry. - const skew = 30 * time.Second - - if metadata == nil { - return true - } - if expStr, ok := metadata["expired"].(string); ok { - if ts, errParse := time.Parse(time.RFC3339, strings.TrimSpace(expStr)); errParse == nil { - return !ts.After(time.Now().Add(skew)) - } - } - expiresIn := int64Value(metadata["expires_in"]) - timestampMs := int64Value(metadata["timestamp"]) - if expiresIn > 0 && timestampMs > 0 { - exp := time.UnixMilli(timestampMs).Add(time.Duration(expiresIn) * time.Second) - return !exp.After(time.Now().Add(skew)) - } - return true -} - -func int64Value(raw any) int64 { - switch typed := raw.(type) { - case int: - return int64(typed) - case int32: - return int64(typed) - case int64: - return typed - case uint: - return int64(typed) - case uint32: - return int64(typed) - case uint64: - if typed > uint64(^uint64(0)>>1) { - return 0 - } - return int64(typed) - case float32: - return int64(typed) - case float64: - return int64(typed) - case json.Number: - if i, errParse := typed.Int64(); errParse == nil { - return i - } - case string: - if s := strings.TrimSpace(typed); s != "" { - if i, errParse := json.Number(s).Int64(); errParse == nil { - return i - } - } - } - return 0 -} - -func geminiOAuthMetadata(auth *coreauth.Auth) (map[string]any, func(map[string]any)) { - if auth == nil { - return nil, nil - } - if shared := geminicli.ResolveSharedCredential(auth.Runtime); shared != nil { - snapshot := shared.MetadataSnapshot() - return snapshot, func(fields map[string]any) { shared.MergeMetadata(fields) } - } - return auth.Metadata, func(fields map[string]any) { - if auth.Metadata == nil { - auth.Metadata = make(map[string]any) - } - for k, v := range fields { - auth.Metadata[k] = v - } - } -} - -func stringValue(metadata map[string]any, key string) string { - if len(metadata) == 0 || key == "" { - return "" - } - if v, ok := metadata[key].(string); ok { - return strings.TrimSpace(v) - } - return "" -} - -func cloneMap(in map[string]any) map[string]any { - if len(in) == 0 { - return nil - } - out := make(map[string]any, len(in)) - for k, v := range in { - out[k] = v - } - return out -} - -func buildOAuthTokenMap(base map[string]any, tok *oauth2.Token) map[string]any { - merged := cloneMap(base) - if merged == nil { - merged = make(map[string]any) - } - if tok == nil { - return merged - } - if raw, errMarshal := json.Marshal(tok); errMarshal == nil { - var tokenMap map[string]any - if errUnmarshal := json.Unmarshal(raw, &tokenMap); errUnmarshal == nil { - for k, v := range tokenMap { - merged[k] = v - } - } - } - return merged -} - -func buildOAuthTokenFields(tok *oauth2.Token, merged map[string]any) map[string]any { - fields := make(map[string]any, 5) - if tok != nil && tok.AccessToken != "" { - fields["access_token"] = tok.AccessToken - } - if tok != nil && tok.TokenType != "" { - fields["token_type"] = tok.TokenType - } - if tok != nil && tok.RefreshToken != "" { - fields["refresh_token"] = tok.RefreshToken - } - if tok != nil && !tok.Expiry.IsZero() { - fields["expiry"] = tok.Expiry.Format(time.RFC3339) - } - if len(merged) > 0 { - fields["token"] = cloneMap(merged) - } - return fields -} - -func tokenValueFromMetadata(metadata map[string]any) string { - if len(metadata) == 0 { - return "" - } - if v, ok := metadata["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if tokenRaw, ok := metadata["token"]; ok && tokenRaw != nil { - switch typed := tokenRaw.(type) { - case string: - if v := strings.TrimSpace(typed); v != "" { - return v - } - case map[string]any: - if v, ok := typed["access_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := typed["accessToken"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - case map[string]string: - if v := strings.TrimSpace(typed["access_token"]); v != "" { - return v - } - if v := strings.TrimSpace(typed["accessToken"]); v != "" { - return v - } - } - } - if v, ok := metadata["token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["id_token"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - if v, ok := metadata["cookie"].(string); ok && strings.TrimSpace(v) != "" { - return strings.TrimSpace(v) - } - return "" -} - -func (h *Handler) authByIndex(authIndex string) *coreauth.Auth { - authIndex = strings.TrimSpace(authIndex) - if authIndex == "" || h == nil || h.authManager == nil { - return nil - } - auths := h.authManager.List() - for _, auth := range auths { - if auth == nil { - continue - } - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - return nil -} - -func (h *Handler) apiCallTransport(auth *coreauth.Auth) http.RoundTripper { - hasAuthProxy := false - var proxyCandidates []string - if auth != nil { - if proxyStr := strings.TrimSpace(auth.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - hasAuthProxy = true - } - } - if h != nil && h.cfg != nil { - if proxyStr := strings.TrimSpace(h.cfg.ProxyURL); proxyStr != "" { - proxyCandidates = append(proxyCandidates, proxyStr) - } - } - - for _, proxyStr := range proxyCandidates { - transport, errBuild := buildProxyTransportWithError(proxyStr) - if transport != nil { - return transport - } - if hasAuthProxy { - return &transportFailureRoundTripper{err: fmt.Errorf("authentication proxy misconfigured: %v", errBuild)} - } - log.Debugf("failed to setup API call proxy from URL: %s, trying next candidate", proxyStr) - } - - transport, ok := http.DefaultTransport.(*http.Transport) - if !ok || transport == nil { - return &http.Transport{Proxy: nil} - } - clone := transport.Clone() - clone.Proxy = nil - return clone -} - -func buildProxyTransportWithError(proxyStr string) (*http.Transport, error) { - proxyStr = strings.TrimSpace(proxyStr) - if proxyStr == "" { - return nil, fmt.Errorf("proxy URL is empty") - } - - proxyURL, errParse := url.Parse(proxyStr) - if errParse != nil { - log.WithError(errParse).Debug("parse proxy URL failed") - return nil, fmt.Errorf("parse proxy URL failed: %w", errParse) - } - if proxyURL.Scheme == "" || proxyURL.Host == "" { - log.Debug("proxy URL missing scheme/host") - return nil, fmt.Errorf("missing proxy scheme or host: %s", proxyStr) - } - - if proxyURL.Scheme == "socks5" { - var proxyAuth *proxy.Auth - if proxyURL.User != nil { - username := proxyURL.User.Username() - password, _ := proxyURL.User.Password() - proxyAuth = &proxy.Auth{User: username, Password: password} - } - dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct) - if errSOCKS5 != nil { - log.WithError(errSOCKS5).Debug("create SOCKS5 dialer failed") - return nil, fmt.Errorf("create SOCKS5 dialer failed: %w", errSOCKS5) - } - return &http.Transport{ - Proxy: nil, - DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { - return dialer.Dial(network, addr) - }, - }, nil - } - - if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { - return &http.Transport{Proxy: http.ProxyURL(proxyURL)}, nil - } - - log.Debugf("unsupported proxy scheme: %s", proxyURL.Scheme) - return nil, fmt.Errorf("unsupported proxy scheme: %s", proxyURL.Scheme) -} - -type transportFailureRoundTripper struct { - err error -} - -func (t *transportFailureRoundTripper) RoundTrip(*http.Request) (*http.Response, error) { - return nil, t.err -} - -// headerContainsValue checks whether a header map contains a target value (case-insensitive key and value). -func headerContainsValue(headers map[string]string, targetKey, targetValue string) bool { - if len(headers) == 0 { - return false - } - for key, value := range headers { - if !strings.EqualFold(strings.TrimSpace(key), strings.TrimSpace(targetKey)) { - continue - } - if strings.Contains(strings.ToLower(value), strings.ToLower(strings.TrimSpace(targetValue))) { - return true - } - } - return false -} - -// encodeJSONStringToCBOR converts a JSON string payload into CBOR bytes. -func encodeJSONStringToCBOR(jsonString string) ([]byte, error) { - var payload any - if errUnmarshal := json.Unmarshal([]byte(jsonString), &payload); errUnmarshal != nil { - return nil, errUnmarshal - } - return cbor.Marshal(payload) -} - -// decodeCBORBodyToTextOrJSON decodes CBOR bytes to plain text (for string payloads) or JSON string. -func decodeCBORBodyToTextOrJSON(raw []byte) (string, error) { - if len(raw) == 0 { - return "", nil - } - - var payload any - if errUnmarshal := cbor.Unmarshal(raw, &payload); errUnmarshal != nil { - return "", errUnmarshal - } - - jsonCompatible := cborValueToJSONCompatible(payload) - switch typed := jsonCompatible.(type) { - case string: - return typed, nil - case []byte: - return string(typed), nil - default: - jsonBytes, errMarshal := json.Marshal(jsonCompatible) - if errMarshal != nil { - return "", errMarshal - } - return string(jsonBytes), nil - } -} - -// cborValueToJSONCompatible recursively converts CBOR-decoded values into JSON-marshalable values. -func cborValueToJSONCompatible(value any) any { - switch typed := value.(type) { - case map[any]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[fmt.Sprint(key)] = cborValueToJSONCompatible(item) - } - return out - case map[string]any: - out := make(map[string]any, len(typed)) - for key, item := range typed { - out[key] = cborValueToJSONCompatible(item) - } - return out - case []any: - out := make([]any, len(typed)) - for i, item := range typed { - out[i] = cborValueToJSONCompatible(item) - } - return out - default: - return typed - } -} - -// QuotaDetail represents quota information for a specific resource type -type QuotaDetail struct { - Entitlement float64 `json:"entitlement"` - OverageCount float64 `json:"overage_count"` - OveragePermitted bool `json:"overage_permitted"` - PercentRemaining float64 `json:"percent_remaining"` - QuotaID string `json:"quota_id"` - QuotaRemaining float64 `json:"quota_remaining"` - Remaining float64 `json:"remaining"` - Unlimited bool `json:"unlimited"` -} - -// QuotaSnapshots contains quota details for different resource types -type QuotaSnapshots struct { - Chat QuotaDetail `json:"chat"` - Completions QuotaDetail `json:"completions"` - PremiumInteractions QuotaDetail `json:"premium_interactions"` -} - -// CopilotUsageResponse represents the GitHub Copilot usage information -type CopilotUsageResponse struct { - AccessTypeSKU string `json:"access_type_sku"` - AnalyticsTrackingID string `json:"analytics_tracking_id"` - AssignedDate string `json:"assigned_date"` - CanSignupForLimited bool `json:"can_signup_for_limited"` - ChatEnabled bool `json:"chat_enabled"` - CopilotPlan string `json:"copilot_plan"` - OrganizationLoginList []interface{} `json:"organization_login_list"` - OrganizationList []interface{} `json:"organization_list"` - QuotaResetDate string `json:"quota_reset_date"` - QuotaSnapshots QuotaSnapshots `json:"quota_snapshots"` -} - -type kiroUsageChecker interface { - CheckUsageByAccessToken(ctx context.Context, accessToken, profileArn string) (*kiroauth.UsageQuotaResponse, error) -} - -type kiroQuotaResponse struct { - AuthIndex string `json:"auth_index,omitempty"` - ProfileARN string `json:"profile_arn"` - RemainingQuota float64 `json:"remaining_quota"` - UsagePercentage float64 `json:"usage_percentage"` - QuotaExhausted bool `json:"quota_exhausted"` - Usage *kiroauth.UsageQuotaResponse `json:"usage"` -} - -// GetKiroQuota fetches Kiro quota information from CodeWhisperer usage API. -// -// Endpoint: -// -// GET /v0/management/kiro-quota -// -// Query Parameters (optional): -// - auth_index: The credential "auth_index" from GET /v0/management/auth-files. -// If omitted, uses the first available Kiro credential. -func (h *Handler) GetKiroQuota(c *gin.Context) { - if h == nil || h.cfg == nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "management config unavailable"}) - return - } - h.getKiroQuotaWithChecker(c, kiroauth.NewUsageChecker(h.cfg)) -} - -func (h *Handler) getKiroQuotaWithChecker(c *gin.Context, checker kiroUsageChecker) { - authIndex := firstNonEmptyQuery(c, "auth_index", "authIndex", "AuthIndex", "index", "auth_id", "auth-id") - - auth := h.findKiroAuth(authIndex) - if auth == nil { - if authIndex != "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "no kiro credential found", "auth_index": authIndex}) - return - } - c.JSON(http.StatusBadRequest, gin.H{"error": "no kiro credential found"}) - return - } - auth.EnsureIndex() - - token, tokenErr := h.resolveTokenForAuth(c.Request.Context(), auth) - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to resolve kiro token", "auth_index": auth.Index, "detail": tokenErr.Error()}) - return - } - if token == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "kiro token not found", "auth_index": auth.Index}) - return - } - - profileARN := profileARNForAuth(auth) - if profileARN == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "kiro profile arn not found", "auth_index": auth.Index}) - return - } - - usage, err := checker.CheckUsageByAccessToken(c.Request.Context(), token, profileARN) - if err != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "kiro quota request failed", "detail": err.Error()}) - return - } - - c.JSON(http.StatusOK, kiroQuotaResponse{ - AuthIndex: auth.Index, - ProfileARN: profileARN, - RemainingQuota: kiroauth.GetRemainingQuota(usage), - UsagePercentage: kiroauth.GetUsagePercentage(usage), - QuotaExhausted: kiroauth.IsQuotaExhausted(usage), - Usage: usage, - }) -} - -// GetCopilotQuota fetches GitHub Copilot quota information from the /copilot_pkg/llmproxy/user endpoint. -// -// Endpoint: -// -// GET /v0/management/copilot-quota -// -// Query Parameters (optional): -// - auth_index: The credential "auth_index" from GET /v0/management/auth-files. -// If omitted, uses the first available GitHub Copilot credential. -// -// Response: -// -// Returns the CopilotUsageResponse with quota_snapshots containing detailed quota information -// for chat, completions, and premium_interactions. -// -// Example: -// -// curl -sS -X GET "http://127.0.0.1:8317/v0/management/copilot-quota?auth_index=" \ -// -H "Authorization: Bearer " -func (h *Handler) GetCopilotQuota(c *gin.Context) { - authIndex := strings.TrimSpace(c.Query("auth_index")) - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("authIndex")) - } - if authIndex == "" { - authIndex = strings.TrimSpace(c.Query("AuthIndex")) - } - - auth := h.findCopilotAuth(authIndex) - if auth == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "no github copilot credential found"}) - return - } - - token, tokenErr := h.resolveTokenForAuth(c.Request.Context(), auth) - if tokenErr != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "failed to refresh copilot token"}) - return - } - if token == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "copilot token not found"}) - return - } - - apiURL := "https://api.github.com/copilot_pkg/llmproxy/user" - req, errNewRequest := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, apiURL, nil) - if errNewRequest != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to build request"}) - return - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "cliproxyapi++") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - resp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("copilot quota request failed") - c.JSON(http.StatusBadGateway, gin.H{"error": "request failed"}) - return - } - defer func() { - if errClose := resp.Body.Close(); errClose != nil { - log.Errorf("response body close error: %v", errClose) - } - }() - - respBody, errReadAll := io.ReadAll(resp.Body) - if errReadAll != nil { - c.JSON(http.StatusBadGateway, gin.H{"error": "failed to read response"}) - return - } - - if resp.StatusCode != http.StatusOK { - c.JSON(http.StatusBadGateway, gin.H{ - "error": "github api request failed", - "status_code": resp.StatusCode, - "body": string(respBody), - }) - return - } - - var usage CopilotUsageResponse - if errUnmarshal := json.Unmarshal(respBody, &usage); errUnmarshal != nil { - c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to parse response"}) - return - } - - c.JSON(http.StatusOK, usage) -} - -// findCopilotAuth locates a GitHub Copilot credential by auth_index or returns the first available one -func (h *Handler) findCopilotAuth(authIndex string) *coreauth.Auth { - if h == nil || h.authManager == nil { - return nil - } - - auths := h.authManager.List() - var firstCopilot *coreauth.Auth - - for _, auth := range auths { - if auth == nil { - continue - } - - provider := strings.ToLower(strings.TrimSpace(auth.Provider)) - if provider != "copilot" && provider != "github" && provider != "github-copilot" { - continue - } - - if firstCopilot == nil { - firstCopilot = auth - } - - if authIndex != "" { - auth.EnsureIndex() - if auth.Index == authIndex { - return auth - } - } - } - - return firstCopilot -} - -// findKiroAuth locates a Kiro credential by auth_index or returns the first available one. -func (h *Handler) findKiroAuth(authIndex string) *coreauth.Auth { - if h == nil || h.authManager == nil { - return nil - } - - auths := h.authManager.List() - var firstKiro *coreauth.Auth - - for _, auth := range auths { - if auth == nil { - continue - } - if strings.ToLower(strings.TrimSpace(auth.Provider)) != "kiro" { - continue - } - - if firstKiro == nil { - firstKiro = auth - } - - if authIndex != "" { - auth.EnsureIndex() - if auth.Index == authIndex || auth.ID == authIndex || auth.FileName == authIndex { - return auth - } - } - } - - return firstKiro -} - -func profileARNForAuth(auth *coreauth.Auth) string { - if auth == nil { - return "" - } - - if v := strings.TrimSpace(auth.Attributes["profile_arn"]); v != "" { - return v - } - if v := strings.TrimSpace(auth.Attributes["profileArn"]); v != "" { - return v - } - - metadata := auth.Metadata - if len(metadata) == 0 { - return "" - } - if v := stringValue(metadata, "profile_arn"); v != "" { - return v - } - if v := stringValue(metadata, "profileArn"); v != "" { - return v - } - - if tokenRaw, ok := metadata["token"].(map[string]any); ok { - if v := stringValue(tokenRaw, "profile_arn"); v != "" { - return v - } - if v := stringValue(tokenRaw, "profileArn"); v != "" { - return v - } - } - - return "" -} - -func firstNonEmptyQuery(c *gin.Context, keys ...string) string { - for _, key := range keys { - if value := strings.TrimSpace(c.Query(key)); value != "" { - return value - } - } - return "" -} - -// enrichCopilotTokenResponse fetches quota information and adds it to the Copilot token response body -func (h *Handler) enrichCopilotTokenResponse(ctx context.Context, response apiCallResponse, auth *coreauth.Auth, originalURL string) apiCallResponse { - if auth == nil || response.Body == "" { - return response - } - - // Parse the token response to check if it's enterprise (null limited_user_quotas) - var tokenResp map[string]interface{} - if err := json.Unmarshal([]byte(response.Body), &tokenResp); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse copilot token response") - return response - } - - // Get the GitHub token to call the copilot_pkg/llmproxy/user endpoint - token, tokenErr := h.resolveTokenForAuth(ctx, auth) - if tokenErr != nil { - log.WithError(tokenErr).Debug("enrichCopilotTokenResponse: failed to resolve token") - return response - } - if token == "" { - return response - } - - // Fetch quota information from /copilot_pkg/llmproxy/user - // Derive the base URL from the original token request to support proxies and test servers - quotaURL, errQuotaURL := copilotQuotaURLFromTokenURL(originalURL) - if errQuotaURL != nil { - log.WithError(errQuotaURL).Debug("enrichCopilotTokenResponse: rejected token URL for quota request") - return response - } - parsedQuotaURL, errParseQuotaURL := url.Parse(quotaURL) - if errParseQuotaURL != nil { - return response - } - if errValidate := validateAPICallURL(parsedQuotaURL); errValidate != nil { - return response - } - if errResolve := validateResolvedHostIPs(parsedQuotaURL.Hostname()); errResolve != nil { - return response - } - - req, errNewRequest := http.NewRequestWithContext(ctx, http.MethodGet, quotaURL, nil) - if errNewRequest != nil { - log.WithError(errNewRequest).Debug("enrichCopilotTokenResponse: failed to build request") - return response - } - - req.Header.Set("Authorization", "Bearer "+token) - req.Header.Set("User-Agent", "cliproxyapi++") - req.Header.Set("Accept", "application/json") - - httpClient := &http.Client{ - Timeout: defaultAPICallTimeout, - Transport: h.apiCallTransport(auth), - } - - quotaResp, errDo := httpClient.Do(req) - if errDo != nil { - log.WithError(errDo).Debug("enrichCopilotTokenResponse: quota fetch HTTP request failed") - return response - } - - defer func() { - if errClose := quotaResp.Body.Close(); errClose != nil { - log.Errorf("quota response body close error: %v", errClose) - } - }() - - if quotaResp.StatusCode != http.StatusOK { - return response - } - - quotaBody, errReadAll := io.ReadAll(quotaResp.Body) - if errReadAll != nil { - log.WithError(errReadAll).Debug("enrichCopilotTokenResponse: failed to read response") - return response - } - - // Parse the quota response - var quotaData CopilotUsageResponse - if err := json.Unmarshal(quotaBody, "aData); err != nil { - log.WithError(err).Debug("enrichCopilotTokenResponse: failed to parse response") - return response - } - - // Check if this is an enterprise account by looking for quota_snapshots in the response - // Enterprise accounts have quota_snapshots, non-enterprise have limited_user_quotas - var quotaRaw map[string]interface{} - if err := json.Unmarshal(quotaBody, "aRaw); err == nil { - if _, hasQuotaSnapshots := quotaRaw["quota_snapshots"]; hasQuotaSnapshots { - // Enterprise account - has quota_snapshots - tokenResp["quota_snapshots"] = quotaData.QuotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for enterprise (quota_reset_date_utc) - if quotaResetDateUTC, ok := quotaRaw["quota_reset_date_utc"]; ok { - tokenResp["quota_reset_date"] = quotaResetDateUTC - } else if quotaData.QuotaResetDate != "" { - tokenResp["quota_reset_date"] = quotaData.QuotaResetDate - } - } else { - // Non-enterprise account - build quota from limited_user_quotas and monthly_quotas - var quotaSnapshots QuotaSnapshots - - // Get monthly quotas (total entitlement) and limited_user_quotas (remaining) - monthlyQuotas, hasMonthly := quotaRaw["monthly_quotas"].(map[string]interface{}) - limitedQuotas, hasLimited := quotaRaw["limited_user_quotas"].(map[string]interface{}) - - // Process chat quota - if hasMonthly && hasLimited { - if chatTotal, ok := monthlyQuotas["chat"].(float64); ok { - chatRemaining := chatTotal // default to full if no limited quota - if chatLimited, ok := limitedQuotas["chat"].(float64); ok { - chatRemaining = chatLimited - } - percentRemaining := 0.0 - if chatTotal > 0 { - percentRemaining = (chatRemaining / chatTotal) * 100.0 - } - quotaSnapshots.Chat = QuotaDetail{ - Entitlement: chatTotal, - Remaining: chatRemaining, - QuotaRemaining: chatRemaining, - PercentRemaining: percentRemaining, - QuotaID: "chat", - Unlimited: false, - } - } - - // Process completions quota - if completionsTotal, ok := monthlyQuotas["completions"].(float64); ok { - completionsRemaining := completionsTotal // default to full if no limited quota - if completionsLimited, ok := limitedQuotas["completions"].(float64); ok { - completionsRemaining = completionsLimited - } - percentRemaining := 0.0 - if completionsTotal > 0 { - percentRemaining = (completionsRemaining / completionsTotal) * 100.0 - } - quotaSnapshots.Completions = QuotaDetail{ - Entitlement: completionsTotal, - Remaining: completionsRemaining, - QuotaRemaining: completionsRemaining, - PercentRemaining: percentRemaining, - QuotaID: "completions", - Unlimited: false, - } - } - } - - // Premium interactions don't exist for non-enterprise, leave as zero values - quotaSnapshots.PremiumInteractions = QuotaDetail{ - QuotaID: "premium_interactions", - Unlimited: false, - } - - // Add quota_snapshots to the token response - tokenResp["quota_snapshots"] = quotaSnapshots - tokenResp["access_type_sku"] = quotaData.AccessTypeSKU - tokenResp["copilot_plan"] = quotaData.CopilotPlan - - // Add quota reset date for non-enterprise (limited_user_reset_date) - if limitedResetDate, ok := quotaRaw["limited_user_reset_date"]; ok { - tokenResp["quota_reset_date"] = limitedResetDate - } - } - } - - // Re-serialize the enriched response - enrichedBody, errMarshal := json.Marshal(tokenResp) - if errMarshal != nil { - log.WithError(errMarshal).Debug("failed to marshal enriched response") - return response - } - - response.Body = string(enrichedBody) - - return response -} - -func copilotQuotaURLFromTokenURL(originalURL string) (string, error) { - parsedURL, errParse := url.Parse(strings.TrimSpace(originalURL)) - if errParse != nil { - return "", errParse - } - if parsedURL.User != nil { - return "", fmt.Errorf("unsupported host %q", parsedURL.Hostname()) - } - host := strings.ToLower(parsedURL.Hostname()) - if parsedURL.Scheme != "https" { - return "", fmt.Errorf("unsupported scheme %q", parsedURL.Scheme) - } - switch host { - case "api.github.com", "api.githubcopilot.com": - return fmt.Sprintf("https://%s/copilot_pkg/llmproxy/user", host), nil - default: - return "", fmt.Errorf("unsupported host %q", parsedURL.Hostname()) - } -} diff --git a/pkg/llmproxy/api/handlers/management/config_basic.go b/pkg/llmproxy/api/handlers/management/config_basic.go index 9a6f8696d6..754f24b8de 100644 --- a/pkg/llmproxy/api/handlers/management/config_basic.go +++ b/pkg/llmproxy/api/handlers/management/config_basic.go @@ -18,7 +18,7 @@ import ( ) const ( - latestReleaseURL = "https://api.github.com/repos/KooshaPari/cliproxyapi-plusplus/releases/latest" + latestReleaseURL = "https://api.github.com/repos/kooshapari/cliproxyapi-plusplus/releases/latest" latestReleaseUserAgent = "cliproxyapi++" ) diff --git a/pkg/llmproxy/api/handlers/management/model_definitions.go b/pkg/llmproxy/api/handlers/management/model_definitions.go deleted file mode 100644 index f72e37d0d7..0000000000 --- a/pkg/llmproxy/api/handlers/management/model_definitions.go +++ /dev/null @@ -1,33 +0,0 @@ -package management - -import ( - "net/http" - "strings" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/registry" -) - -// GetStaticModelDefinitions returns static model metadata for a given channel. -// Channel is provided via path param (:channel) or query param (?channel=...). -func (h *Handler) GetStaticModelDefinitions(c *gin.Context) { - channel := strings.TrimSpace(c.Param("channel")) - if channel == "" { - channel = strings.TrimSpace(c.Query("channel")) - } - if channel == "" { - c.JSON(http.StatusBadRequest, gin.H{"error": "channel is required"}) - return - } - - models := registry.GetStaticModelDefinitionsByChannel(channel) - if models == nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "unknown channel", "channel": channel}) - return - } - - c.JSON(http.StatusOK, gin.H{ - "channel": strings.ToLower(strings.TrimSpace(channel)), - "models": models, - }) -} diff --git a/pkg/llmproxy/api/handlers/management/quota.go b/pkg/llmproxy/api/handlers/management/quota.go deleted file mode 100644 index c7efd217bd..0000000000 --- a/pkg/llmproxy/api/handlers/management/quota.go +++ /dev/null @@ -1,18 +0,0 @@ -package management - -import "github.com/gin-gonic/gin" - -// Quota exceeded toggles -func (h *Handler) GetSwitchProject(c *gin.Context) { - c.JSON(200, gin.H{"switch-project": h.cfg.QuotaExceeded.SwitchProject}) -} -func (h *Handler) PutSwitchProject(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchProject = v }) -} - -func (h *Handler) GetSwitchPreviewModel(c *gin.Context) { - c.JSON(200, gin.H{"switch-preview-model": h.cfg.QuotaExceeded.SwitchPreviewModel}) -} -func (h *Handler) PutSwitchPreviewModel(c *gin.Context) { - h.updateBoolField(c, func(v bool) { h.cfg.QuotaExceeded.SwitchPreviewModel = v }) -} diff --git a/pkg/llmproxy/api/handlers/management/routing_select.go b/pkg/llmproxy/api/handlers/management/routing_select.go deleted file mode 100644 index a33f8342d9..0000000000 --- a/pkg/llmproxy/api/handlers/management/routing_select.go +++ /dev/null @@ -1,67 +0,0 @@ -package management - -import ( - "net/http" - - "github.com/gin-gonic/gin" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/registry" -) - -// RoutingSelectRequest is the JSON body for POST /v1/routing/select. -type RoutingSelectRequest struct { - TaskComplexity string `json:"taskComplexity"` - MaxCostPerCall float64 `json:"maxCostPerCall"` - MaxLatencyMs int `json:"maxLatencyMs"` - MinQualityScore float64 `json:"minQualityScore"` -} - -// RoutingSelectResponse is the JSON response for POST /v1/routing/select. -type RoutingSelectResponse struct { - ModelID string `json:"model_id"` - Provider string `json:"provider"` - EstimatedCost float64 `json:"estimated_cost"` - EstimatedLatencyMs int `json:"estimated_latency_ms"` - QualityScore float64 `json:"quality_score"` -} - -// RoutingSelectHandler handles the /v1/routing/select endpoint. -type RoutingSelectHandler struct { - router *registry.ParetoRouter -} - -// NewRoutingSelectHandler returns a new RoutingSelectHandler. -func NewRoutingSelectHandler() *RoutingSelectHandler { - return &RoutingSelectHandler{ - router: registry.NewParetoRouter(), - } -} - -// POSTRoutingSelect handles POST /v1/routing/select. -func (h *RoutingSelectHandler) POSTRoutingSelect(c *gin.Context) { - var req RoutingSelectRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - routingReq := ®istry.RoutingRequest{ - TaskComplexity: req.TaskComplexity, - MaxCostPerCall: req.MaxCostPerCall, - MaxLatencyMs: req.MaxLatencyMs, - MinQualityScore: req.MinQualityScore, - } - - selected, err := h.router.SelectModel(c.Request.Context(), routingReq) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) - return - } - - c.JSON(http.StatusOK, RoutingSelectResponse{ - ModelID: selected.ModelID, - Provider: selected.Provider, - EstimatedCost: selected.EstimatedCost, - EstimatedLatencyMs: selected.EstimatedLatencyMs, - QualityScore: selected.QualityScore, - }) -} diff --git a/pkg/llmproxy/auth/claude/anthropic_auth.go b/pkg/llmproxy/auth/claude/anthropic_auth.go index 2c01e3516a..ec06454aa1 100644 --- a/pkg/llmproxy/auth/claude/anthropic_auth.go +++ b/pkg/llmproxy/auth/claude/anthropic_auth.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" log "github.com/sirupsen/logrus" ) diff --git a/pkg/llmproxy/auth/claude/utls_transport.go b/pkg/llmproxy/auth/claude/utls_transport.go index 31b0468568..34794e11d5 100644 --- a/pkg/llmproxy/auth/claude/utls_transport.go +++ b/pkg/llmproxy/auth/claude/utls_transport.go @@ -8,7 +8,7 @@ import ( "strings" "sync" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + pkgconfig "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" tls "github.com/refraction-networking/utls" log "github.com/sirupsen/logrus" "golang.org/x/net/http2" diff --git a/pkg/llmproxy/auth/codex/openai_auth.go b/pkg/llmproxy/auth/codex/openai_auth.go index ed170f4c68..3adc4e469e 100644 --- a/pkg/llmproxy/auth/codex/openai_auth.go +++ b/pkg/llmproxy/auth/codex/openai_auth.go @@ -14,7 +14,7 @@ import ( "strings" "time" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" log "github.com/sirupsen/logrus" diff --git a/pkg/llmproxy/auth/copilot/copilot_auth.go b/pkg/llmproxy/auth/copilot/copilot_auth.go index 2543c15657..bff26bece4 100644 --- a/pkg/llmproxy/auth/copilot/copilot_auth.go +++ b/pkg/llmproxy/auth/copilot/copilot_auth.go @@ -10,7 +10,7 @@ import ( "net/http" "time" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" log "github.com/sirupsen/logrus" diff --git a/pkg/llmproxy/auth/gemini/gemini_auth.go b/pkg/llmproxy/auth/gemini/gemini_auth.go index 2016d7e1e6..08badb1283 100644 --- a/pkg/llmproxy/auth/gemini/gemini_auth.go +++ b/pkg/llmproxy/auth/gemini/gemini_auth.go @@ -14,7 +14,7 @@ import ( "net/url" "time" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/codex" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/browser" diff --git a/pkg/llmproxy/auth/iflow/iflow_auth.go b/pkg/llmproxy/auth/iflow/iflow_auth.go index 8874ca7c37..a4ead0e04c 100644 --- a/pkg/llmproxy/auth/iflow/iflow_auth.go +++ b/pkg/llmproxy/auth/iflow/iflow_auth.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" log "github.com/sirupsen/logrus" diff --git a/pkg/llmproxy/auth/kimi/kimi.go b/pkg/llmproxy/auth/kimi/kimi.go index bdc2459345..2a5ebb6716 100644 --- a/pkg/llmproxy/auth/kimi/kimi.go +++ b/pkg/llmproxy/auth/kimi/kimi.go @@ -15,7 +15,7 @@ import ( "time" "github.com/google/uuid" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" + "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" log "github.com/sirupsen/logrus" diff --git a/pkg/llmproxy/auth/qwen/qwen_auth.go b/pkg/llmproxy/auth/qwen/qwen_auth.go index d360d57a4a..398f0bacc9 100644 --- a/pkg/llmproxy/auth/qwen/qwen_auth.go +++ b/pkg/llmproxy/auth/qwen/qwen_auth.go @@ -13,7 +13,6 @@ import ( "strings" "time" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/config" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" log "github.com/sirupsen/logrus" diff --git a/pkg/llmproxy/auth/qwen/qwen_token.go b/pkg/llmproxy/auth/qwen/qwen_token.go index 7811d36183..1163895146 100644 --- a/pkg/llmproxy/auth/qwen/qwen_token.go +++ b/pkg/llmproxy/auth/qwen/qwen_token.go @@ -9,15 +9,15 @@ import ( "path/filepath" "strings" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/auth/base" + "github.com/KooshaPari/phenotype-go-kit/pkg/auth" "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/misc" ) // QwenTokenStorage extends BaseTokenStorage with Qwen-specific fields for managing // access tokens, refresh tokens, and user account information. -// It embeds base.BaseTokenStorage to inherit shared token management functionality. +// It embeds auth.BaseTokenStorage to inherit shared token management functionality. type QwenTokenStorage struct { - *base.BaseTokenStorage + *auth.BaseTokenStorage // ResourceURL is the base URL for API requests. ResourceURL string `json:"resource_url"` @@ -31,9 +31,7 @@ type QwenTokenStorage struct { // - *QwenTokenStorage: A new QwenTokenStorage instance func NewQwenTokenStorage(filePath string) *QwenTokenStorage { return &QwenTokenStorage{ - BaseTokenStorage: &base.BaseTokenStorage{ - FilePath: filePath, - }, + BaseTokenStorage: auth.NewBaseTokenStorage(filePath), } } @@ -57,7 +55,7 @@ func (ts *QwenTokenStorage) SaveTokenToFile(authFilePath string) error { } ts.BaseTokenStorage.Type = "qwen" - return ts.BaseTokenStorage.Save(authFilePath, ts) + return ts.BaseTokenStorage.Save() } func cleanTokenFilePath(path, scope string) (string, error) { diff --git a/pkg/llmproxy/client/types.go b/pkg/llmproxy/client/types.go index cfb3aef1a1..216dd69d71 100644 --- a/pkg/llmproxy/client/types.go +++ b/pkg/llmproxy/client/types.go @@ -113,9 +113,9 @@ func (e *APIError) Error() string { type Option func(*clientConfig) type clientConfig struct { - baseURL string - apiKey string - secretKey string + baseURL string + apiKey string + secretKey string httpTimeout time.Duration } diff --git a/internal/config/config.go b/pkg/llmproxy/config/config.go similarity index 99% rename from internal/config/config.go rename to pkg/llmproxy/config/config.go index aa5a124b6c..d954d304b5 100644 --- a/internal/config/config.go +++ b/pkg/llmproxy/config/config.go @@ -3,7 +3,7 @@ // access to application settings including server port, authentication directory, // debug settings, proxy configuration, and API keys. // -//go:generate go run ../../cmd/codegen/main.go +//go:generate go run ../../../../cmd/codegen/main.go package config import ( @@ -150,6 +150,19 @@ type Config struct { // This is useful when you want to login with a different account without logging out // from your current session. Default: false. IncognitoBrowser bool `yaml:"incognito-browser" json:"incognito-browser"` + + // ResponsesCompactEnabled controls whether OpenAI Responses API compact mode is active. + // Default (nil) is treated as enabled. + ResponsesCompactEnabled *bool `yaml:"responses-compact-enabled,omitempty" json:"responses-compact-enabled,omitempty"` +} + +// IsResponsesCompactEnabled returns whether responses compact mode is enabled. +// Defaults to true when the config is nil or the toggle is unset. +func (c *Config) IsResponsesCompactEnabled() bool { + if c == nil || c.ResponsesCompactEnabled == nil { + return true + } + return *c.ResponsesCompactEnabled } // ClaudeHeaderDefaults configures default header values injected into Claude API requests @@ -205,7 +218,7 @@ type QuotaExceeded struct { // RoutingConfig configures how credentials are selected for requests. type RoutingConfig struct { // Strategy selects the credential selection strategy. - // Supported values: "round-robin" (default), "fill-first". + // Supported values: "round-robin" (default), "fill-first", "sticky-round-robin". Strategy string `yaml:"strategy,omitempty" json:"strategy,omitempty"` } diff --git a/pkg/llmproxy/registry/aliases.go b/pkg/llmproxy/registry/aliases.go deleted file mode 100644 index 848eba8c36..0000000000 --- a/pkg/llmproxy/registry/aliases.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package registry provides type aliases to the internal implementation. -// This allows both "internal/registry" and "pkg/llmproxy/registry" import paths to work seamlessly. -package registry - -import internalregistry "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/registry" - -// Type aliases for exported types -type ModelInfo = internalregistry.ModelInfo -type ThinkingSupport = internalregistry.ThinkingSupport -type ModelRegistration = internalregistry.ModelRegistration -type ModelRegistryHook = internalregistry.ModelRegistryHook -type ModelRegistry = internalregistry.ModelRegistry -type AntigravityModelConfig = internalregistry.AntigravityModelConfig - -// Function aliases for exported functions -var ( - GetGlobalRegistry = internalregistry.GetGlobalRegistry - LookupModelInfo = internalregistry.LookupModelInfo - GetStaticModelDefinitionsByChannel = internalregistry.GetStaticModelDefinitionsByChannel - LookupStaticModelInfo = internalregistry.LookupStaticModelInfo - GetGitHubCopilotModels = internalregistry.GetGitHubCopilotModels - GetKiroModels = internalregistry.GetKiroModels - GetAmazonQModels = internalregistry.GetAmazonQModels - GetClaudeModels = internalregistry.GetClaudeModels - GetGeminiModels = internalregistry.GetGeminiModels - GetGeminiVertexModels = internalregistry.GetGeminiVertexModels - GetGeminiCLIModels = internalregistry.GetGeminiCLIModels - GetAIStudioModels = internalregistry.GetAIStudioModels - GetOpenAIModels = internalregistry.GetOpenAIModels - GetAntigravityModelConfig = internalregistry.GetAntigravityModelConfig - GetQwenModels = internalregistry.GetQwenModels - GetIFlowModels = internalregistry.GetIFlowModels - GetKimiModels = internalregistry.GetKimiModels - GetCursorModels = internalregistry.GetCursorModels - GetMiniMaxModels = internalregistry.GetMiniMaxModels - GetRooModels = internalregistry.GetRooModels - GetDeepSeekModels = internalregistry.GetDeepSeekModels - GetGroqModels = internalregistry.GetGroqModels - GetMistralModels = internalregistry.GetMistralModels - GetSiliconFlowModels = internalregistry.GetSiliconFlowModels - GetOpenRouterModels = internalregistry.GetOpenRouterModels - GetTogetherModels = internalregistry.GetTogetherModels - GetFireworksModels = internalregistry.GetFireworksModels - GetNovitaModels = internalregistry.GetNovitaModels -) diff --git a/pkg/llmproxy/translator/antigravity/claude/init.go b/pkg/llmproxy/translator/antigravity/claude/init.go deleted file mode 100644 index 4db8f2f0dc..0000000000 --- a/pkg/llmproxy/translator/antigravity/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Antigravity, - ConvertClaudeRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToClaude, - NonStream: ConvertAntigravityResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/antigravity/gemini/init.go b/pkg/llmproxy/translator/antigravity/gemini/init.go deleted file mode 100644 index 789a0e36c8..0000000000 --- a/pkg/llmproxy/translator/antigravity/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.Antigravity, - ConvertGeminiRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToGemini, - NonStream: ConvertAntigravityResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/antigravity/openai/chat-completions/init.go b/pkg/llmproxy/translator/antigravity/openai/chat-completions/init.go deleted file mode 100644 index ab5f2c1b41..0000000000 --- a/pkg/llmproxy/translator/antigravity/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Antigravity, - ConvertOpenAIRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAI, - NonStream: ConvertAntigravityResponseToOpenAINonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/antigravity/openai/responses/init.go b/pkg/llmproxy/translator/antigravity/openai/responses/init.go deleted file mode 100644 index 61bb64bbb3..0000000000 --- a/pkg/llmproxy/translator/antigravity/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Antigravity, - ConvertOpenAIResponsesRequestToAntigravity, - interfaces.TranslateResponse{ - Stream: ConvertAntigravityResponseToOpenAIResponses, - NonStream: ConvertAntigravityResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/claude/gemini-cli/init.go b/pkg/llmproxy/translator/claude/gemini-cli/init.go deleted file mode 100644 index fcabebc513..0000000000 --- a/pkg/llmproxy/translator/claude/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.Claude, - ConvertGeminiCLIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGeminiCLI, - NonStream: ConvertClaudeResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/claude/gemini/init.go b/pkg/llmproxy/translator/claude/gemini/init.go deleted file mode 100644 index 8cde78a5db..0000000000 --- a/pkg/llmproxy/translator/claude/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.Claude, - ConvertGeminiRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToGemini, - NonStream: ConvertClaudeResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/claude/openai/chat-completions/init.go b/pkg/llmproxy/translator/claude/openai/chat-completions/init.go deleted file mode 100644 index 7fd204bf08..0000000000 --- a/pkg/llmproxy/translator/claude/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Claude, - ConvertOpenAIRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAI, - NonStream: ConvertClaudeResponseToOpenAINonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/claude/openai/responses/init.go b/pkg/llmproxy/translator/claude/openai/responses/init.go deleted file mode 100644 index 0a7c19f101..0000000000 --- a/pkg/llmproxy/translator/claude/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Claude, - ConvertOpenAIResponsesRequestToClaude, - interfaces.TranslateResponse{ - Stream: ConvertClaudeResponseToOpenAIResponses, - NonStream: ConvertClaudeResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/codex/claude/init.go b/pkg/llmproxy/translator/codex/claude/init.go deleted file mode 100644 index fcc32b372d..0000000000 --- a/pkg/llmproxy/translator/codex/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Codex, - ConvertClaudeRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToClaude, - NonStream: ConvertCodexResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/codex/gemini-cli/init.go b/pkg/llmproxy/translator/codex/gemini-cli/init.go deleted file mode 100644 index b841aeef14..0000000000 --- a/pkg/llmproxy/translator/codex/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.Codex, - ConvertGeminiCLIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGeminiCLI, - NonStream: ConvertCodexResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/codex/gemini/init.go b/pkg/llmproxy/translator/codex/gemini/init.go deleted file mode 100644 index 102c705147..0000000000 --- a/pkg/llmproxy/translator/codex/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.Codex, - ConvertGeminiRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToGemini, - NonStream: ConvertCodexResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/codex/openai/chat-completions/init.go b/pkg/llmproxy/translator/codex/openai/chat-completions/init.go deleted file mode 100644 index 44cb070e2e..0000000000 --- a/pkg/llmproxy/translator/codex/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Codex, - ConvertOpenAIRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAI, - NonStream: ConvertCodexResponseToOpenAINonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/codex/openai/responses/init.go b/pkg/llmproxy/translator/codex/openai/responses/init.go deleted file mode 100644 index e37530a62c..0000000000 --- a/pkg/llmproxy/translator/codex/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Codex, - ConvertOpenAIResponsesRequestToCodex, - interfaces.TranslateResponse{ - Stream: ConvertCodexResponseToOpenAIResponses, - NonStream: ConvertCodexResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini-cli/claude/init.go b/pkg/llmproxy/translator/gemini-cli/claude/init.go deleted file mode 100644 index b9ec445795..0000000000 --- a/pkg/llmproxy/translator/gemini-cli/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.GeminiCLI, - ConvertClaudeRequestToCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToClaude, - NonStream: ConvertGeminiCLIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini-cli/gemini/init.go b/pkg/llmproxy/translator/gemini-cli/gemini/init.go deleted file mode 100644 index 6ef55a4425..0000000000 --- a/pkg/llmproxy/translator/gemini-cli/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.GeminiCLI, - ConvertGeminiRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCliResponseToGemini, - NonStream: ConvertGeminiCliResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/init.go b/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/init.go deleted file mode 100644 index 5b96ea2eef..0000000000 --- a/pkg/llmproxy/translator/gemini-cli/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.GeminiCLI, - ConvertOpenAIRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertCliResponseToOpenAI, - NonStream: ConvertCliResponseToOpenAINonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini-cli/openai/responses/init.go b/pkg/llmproxy/translator/gemini-cli/openai/responses/init.go deleted file mode 100644 index a9c10d4a53..0000000000 --- a/pkg/llmproxy/translator/gemini-cli/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.GeminiCLI, - ConvertOpenAIResponsesRequestToGeminiCLI, - interfaces.TranslateResponse{ - Stream: ConvertGeminiCLIResponseToOpenAIResponses, - NonStream: ConvertGeminiCLIResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini/claude/init.go b/pkg/llmproxy/translator/gemini/claude/init.go deleted file mode 100644 index c30869a434..0000000000 --- a/pkg/llmproxy/translator/gemini/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Gemini, - ConvertClaudeRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToClaude, - NonStream: ConvertGeminiResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini/gemini-cli/init.go b/pkg/llmproxy/translator/gemini/gemini-cli/init.go deleted file mode 100644 index d1c2c280a0..0000000000 --- a/pkg/llmproxy/translator/gemini/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.Gemini, - ConvertGeminiCLIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToGeminiCLI, - NonStream: ConvertGeminiResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini/gemini/init.go b/pkg/llmproxy/translator/gemini/gemini/init.go deleted file mode 100644 index 2327090f49..0000000000 --- a/pkg/llmproxy/translator/gemini/gemini/init.go +++ /dev/null @@ -1,22 +0,0 @@ -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -// Register a no-op response translator and a request normalizer for constant.Gemini→constant.Gemini. -// The request converter ensures missing or invalid roles are normalized to valid values. -func init() { - translator.Register( - constant.Gemini, - constant.Gemini, - ConvertGeminiRequestToGemini, - interfaces.TranslateResponse{ - Stream: PassthroughGeminiResponseStream, - NonStream: PassthroughGeminiResponseNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini/openai/chat-completions/init.go b/pkg/llmproxy/translator/gemini/openai/chat-completions/init.go deleted file mode 100644 index ea2c9a00ec..0000000000 --- a/pkg/llmproxy/translator/gemini/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.Gemini, - ConvertOpenAIRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAI, - NonStream: ConvertGeminiResponseToOpenAINonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/gemini/openai/responses/init.go b/pkg/llmproxy/translator/gemini/openai/responses/init.go deleted file mode 100644 index e9cb78347c..0000000000 --- a/pkg/llmproxy/translator/gemini/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.Gemini, - ConvertOpenAIResponsesRequestToGemini, - interfaces.TranslateResponse{ - Stream: ConvertGeminiResponseToOpenAIResponses, - NonStream: ConvertGeminiResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/kiro/claude/init.go b/pkg/llmproxy/translator/kiro/claude/init.go deleted file mode 100644 index 828022d83b..0000000000 --- a/pkg/llmproxy/translator/kiro/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package claude provides translation between constant.Kiro and constant.Claude formats. -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.Kiro, - ConvertClaudeRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToClaude, - NonStream: ConvertKiroNonStreamToClaude, - }, - ) -} diff --git a/pkg/llmproxy/translator/kiro/openai/init.go b/pkg/llmproxy/translator/kiro/openai/init.go deleted file mode 100644 index df3a168b72..0000000000 --- a/pkg/llmproxy/translator/kiro/openai/init.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package openai provides translation between constant.OpenAI Chat Completions and constant.Kiro formats. -package openai - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenAI, // source format - constant.Kiro, // target format - ConvertOpenAIRequestToKiro, - interfaces.TranslateResponse{ - Stream: ConvertKiroStreamToOpenAI, - NonStream: ConvertKiroNonStreamToOpenAI, - }, - ) -} diff --git a/pkg/llmproxy/translator/openai/claude/init.go b/pkg/llmproxy/translator/openai/claude/init.go deleted file mode 100644 index 5e077175f4..0000000000 --- a/pkg/llmproxy/translator/openai/claude/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package claude - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Claude, - constant.OpenAI, - ConvertClaudeRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToClaude, - NonStream: ConvertOpenAIResponseToClaudeNonStream, - TokenCount: ClaudeTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/openai/gemini-cli/init.go b/pkg/llmproxy/translator/openai/gemini-cli/init.go deleted file mode 100644 index fe700b278a..0000000000 --- a/pkg/llmproxy/translator/openai/gemini-cli/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package geminiCLI - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.GeminiCLI, - constant.OpenAI, - ConvertGeminiCLIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGeminiCLI, - NonStream: ConvertOpenAIResponseToGeminiCLINonStream, - TokenCount: GeminiCLITokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/openai/gemini/init.go b/pkg/llmproxy/translator/openai/gemini/init.go deleted file mode 100644 index f94c28524e..0000000000 --- a/pkg/llmproxy/translator/openai/gemini/init.go +++ /dev/null @@ -1,20 +0,0 @@ -package gemini - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.Gemini, - constant.OpenAI, - ConvertGeminiRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToGemini, - NonStream: ConvertOpenAIResponseToGeminiNonStream, - TokenCount: GeminiTokenCount, - }, - ) -} diff --git a/pkg/llmproxy/translator/openai/openai/chat-completions/init.go b/pkg/llmproxy/translator/openai/openai/chat-completions/init.go deleted file mode 100644 index e9260e644b..0000000000 --- a/pkg/llmproxy/translator/openai/openai/chat-completions/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package chat_completions - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" -) - -func init() { - translator.Register( - constant.OpenAI, - constant.OpenAI, - ConvertOpenAIRequestToOpenAI, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIResponseToOpenAI, - NonStream: ConvertOpenAIResponseToOpenAINonStream, - }, - ) -} diff --git a/pkg/llmproxy/translator/openai/openai/responses/init.go b/pkg/llmproxy/translator/openai/openai/responses/init.go deleted file mode 100644 index 774a6eae49..0000000000 --- a/pkg/llmproxy/translator/openai/openai/responses/init.go +++ /dev/null @@ -1,19 +0,0 @@ -package responses - -import ( - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/translator/translator" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/constant" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/interfaces" -) - -func init() { - translator.Register( - constant.OpenaiResponse, - constant.OpenAI, - ConvertOpenAIResponsesRequestToOpenAIChatCompletions, - interfaces.TranslateResponse{ - Stream: ConvertOpenAIChatCompletionsResponseToOpenAIResponses, - NonStream: ConvertOpenAIChatCompletionsResponseToOpenAIResponsesNonStream, - }, - ) -} diff --git a/pkg/llmproxy/usage/metrics.go b/pkg/llmproxy/usage/metrics.go index f41dc58ad6..f4b157872c 100644 --- a/pkg/llmproxy/usage/metrics.go +++ b/pkg/llmproxy/usage/metrics.go @@ -4,7 +4,7 @@ package usage import ( "strings" - "github.com/kooshapari/cliproxyapi-plusplus/v6/pkg/llmproxy/util" + "github.com/router-for-me/CLIProxyAPI/v6/pkg/llmproxy/util" ) func normalizeProvider(apiKey string) string { diff --git a/pkg/llmproxy/util/claude_model.go b/pkg/llmproxy/util/claude_model.go deleted file mode 100644 index 1534f02c46..0000000000 --- a/pkg/llmproxy/util/claude_model.go +++ /dev/null @@ -1,10 +0,0 @@ -package util - -import "strings" - -// IsClaudeThinkingModel checks if the model is a Claude thinking model -// that requires the interleaved-thinking beta header. -func IsClaudeThinkingModel(model string) bool { - lower := strings.ToLower(model) - return strings.Contains(lower, "claude") && strings.Contains(lower, "thinking") -} diff --git a/pkg/llmproxy/watcher/aliases.go b/pkg/llmproxy/watcher/aliases.go deleted file mode 100644 index 271c026922..0000000000 --- a/pkg/llmproxy/watcher/aliases.go +++ /dev/null @@ -1,20 +0,0 @@ -// Package watcher provides type aliases to the internal implementation. -// This allows both "internal/watcher" and "pkg/llmproxy/watcher" import paths to work seamlessly. -package watcher - -import internalwatcher "github.com/kooshapari/cliproxyapi-plusplus/v6/internal/watcher" - -// Type aliases for exported types -type Watcher = internalwatcher.Watcher -type AuthUpdateAction = internalwatcher.AuthUpdateAction -type AuthUpdate = internalwatcher.AuthUpdate - -// Re-export constants -const ( - AuthUpdateActionAdd AuthUpdateAction = internalwatcher.AuthUpdateActionAdd - AuthUpdateActionModify AuthUpdateAction = internalwatcher.AuthUpdateActionModify - AuthUpdateActionDelete AuthUpdateAction = internalwatcher.AuthUpdateActionDelete -) - -// Function aliases for exported constructors -var NewWatcher = internalwatcher.NewWatcher diff --git a/third_party/phenotype-go-auth/README.md b/third_party/phenotype-go-auth/README.md new file mode 100644 index 0000000000..ccafc4f6a5 --- /dev/null +++ b/third_party/phenotype-go-auth/README.md @@ -0,0 +1,50 @@ +# phenotype-go-auth + +Shared Go module for authentication and token management across Phenotype services. + +## Features + +- **TokenStorage Interface**: Generic interface for OAuth2 token persistence +- **BaseTokenStorage**: Base implementation with common token fields +- **PKCE Support**: RFC 7636 compliant PKCE code generation +- **OAuth2 Server**: Local HTTP server for handling OAuth callbacks +- **Token Management**: Load, save, and clear token data securely + +## Installation + +```bash +go get github.com/KooshaPari/phenotype-go-auth +``` + +## Quick Start + +```go +import "github.com/KooshaPari/phenotype-go-auth" + +// Create token storage +storage := auth.NewBaseTokenStorage("/path/to/token.json") + +// Load from file +if err := storage.Load(); err != nil { + log.Fatal(err) +} + +// Generate PKCE codes for OAuth +codes, err := auth.GeneratePKCECodes() +if err != nil { + log.Fatal(err) +} + +// Start OAuth callback server +server := auth.NewOAuthServer(8080) +if err := server.Start(); err != nil { + log.Fatal(err) +} + +// Wait for callback +result, err := server.WaitForCallback(5 * time.Minute) +``` + +## License + +MIT diff --git a/third_party/phenotype-go-auth/go.mod b/third_party/phenotype-go-auth/go.mod new file mode 100644 index 0000000000..1d48f79d76 --- /dev/null +++ b/third_party/phenotype-go-auth/go.mod @@ -0,0 +1,5 @@ +module github.com/KooshaPari/phenotype-go-auth + +go 1.22 + +require github.com/sirupsen/logrus v1.9.3 diff --git a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/oauth_server.go b/third_party/phenotype-go-auth/oauth.go similarity index 75% rename from .worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/oauth_server.go rename to third_party/phenotype-go-auth/oauth.go index c393b8ca73..88f01b5624 100644 --- a/.worktrees/config/m/config-build/active/pkg/llmproxy/auth/claude/oauth_server.go +++ b/third_party/phenotype-go-auth/oauth.go @@ -1,23 +1,75 @@ -// Package claude provides authentication and token management functionality -// for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, -// and retrieval for maintaining authenticated sessions with the Claude API. -package claude +// Package auth provides shared OAuth utilities for Phenotype services. +package auth import ( "context" + "crypto/rand" + "crypto/sha256" + "encoding/base64" "errors" "fmt" - "html" "net" "net/http" - "net/url" - "strings" "sync" "time" log "github.com/sirupsen/logrus" ) +// PKCECodes holds the PKCE code verifier and challenge pair. +type PKCECodes struct { + // CodeVerifier is the cryptographically random string sent in the token request. + CodeVerifier string + + // CodeChallenge is the SHA256 hash of the code verifier, sent in the authorization request. + CodeChallenge string +} + +// GeneratePKCECodes generates a PKCE code verifier and challenge pair +// following RFC 7636 specifications for OAuth 2.0 PKCE extension. +// This provides additional security for the OAuth flow by ensuring that +// only the client that initiated the request can exchange the authorization code. +// +// Returns: +// - *PKCECodes: A struct containing the code verifier and challenge +// - error: An error if the generation fails, nil otherwise +func GeneratePKCECodes() (*PKCECodes, error) { + // Generate code verifier: 43-128 characters, URL-safe + codeVerifier, err := generateCodeVerifier() + if err != nil { + return nil, fmt.Errorf("failed to generate code verifier: %w", err) + } + + // Generate code challenge using S256 method + codeChallenge := generateCodeChallenge(codeVerifier) + + return &PKCECodes{ + CodeVerifier: codeVerifier, + CodeChallenge: codeChallenge, + }, nil +} + +// generateCodeVerifier creates a cryptographically random string +// of 128 characters using URL-safe base64 encoding +func generateCodeVerifier() (string, error) { + // Generate 96 random bytes (will result in 128 base64 characters) + bytes := make([]byte, 96) + _, err := rand.Read(bytes) + if err != nil { + return "", fmt.Errorf("failed to generate random bytes: %w", err) + } + + // Encode to URL-safe base64 without padding + return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(bytes), nil +} + +// generateCodeChallenge creates a SHA256 hash of the code verifier +// and encodes it using URL-safe base64 encoding without padding +func generateCodeChallenge(codeVerifier string) string { + hash := sha256.Sum256([]byte(codeVerifier)) + return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(hash[:]) +} + // OAuthServer handles the local HTTP server for OAuth callbacks. // It listens for the authorization code response from the OAuth provider // and captures the necessary parameters to complete the authentication flow. @@ -225,7 +277,7 @@ func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { } // handleSuccess handles the success page endpoint. -// It serves a user-friendly HTML page indicating that authentication was successful. +// It serves a user-friendly response indicating that authentication was successful. // // Parameters: // - w: The HTTP response writer @@ -233,75 +285,16 @@ func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { func (s *OAuthServer) handleSuccess(w http.ResponseWriter, r *http.Request) { log.Debug("Serving success page") - w.Header().Set("Content-Type", "text/html; charset=utf-8") + w.Header().Set("Content-Type", "text/plain; charset=utf-8") w.WriteHeader(http.StatusOK) - // Parse query parameters for customization - query := r.URL.Query() - setupRequired := query.Get("setup_required") == "true" - platformURL := query.Get("platform_url") - if platformURL == "" { - platformURL = "https://console.anthropic.com/" - } - - // Validate platformURL to prevent XSS - only allow http/https URLs - if !isValidURL(platformURL) { - platformURL = "https://console.anthropic.com/" - } - - // Generate success page HTML with dynamic content - successHTML := s.generateSuccessHTML(setupRequired, platformURL) - - _, err := w.Write([]byte(successHTML)) + successMsg := "Authentication successful! You can now close this window and return to your CLI." + _, err := w.Write([]byte(successMsg)) if err != nil { log.Errorf("Failed to write success page: %v", err) } } -// isValidURL checks if the URL is a valid http/https URL to prevent XSS -func isValidURL(urlStr string) bool { - urlStr = strings.TrimSpace(urlStr) - if urlStr == "" { - return false - } - parsed, err := url.Parse(urlStr) - if err != nil { - return false - } - if parsed.Host == "" { - return false - } - return parsed.Scheme == "https" || parsed.Scheme == "http" -} - -// generateSuccessHTML creates the HTML content for the success page. -// It customizes the page based on whether additional setup is required -// and includes a link to the platform. -// -// Parameters: -// - setupRequired: Whether additional setup is required after authentication -// - platformURL: The URL to the platform for additional setup -// -// Returns: -// - string: The HTML content for the success page -func (s *OAuthServer) generateSuccessHTML(setupRequired bool, platformURL string) string { - pageHTML := LoginSuccessHtml - escapedPlatformURL := html.EscapeString(platformURL) - - // Replace platform URL placeholder - pageHTML = strings.ReplaceAll(pageHTML, "{{PLATFORM_URL}}", escapedPlatformURL) - - // Add setup notice if required - if setupRequired { - setupNotice := strings.ReplaceAll(SetupNoticeHtml, "{{PLATFORM_URL}}", escapedPlatformURL) - pageHTML = strings.Replace(pageHTML, "{{SETUP_NOTICE}}", setupNotice, 1) - } else { - pageHTML = strings.Replace(pageHTML, "{{SETUP_NOTICE}}", "", 1) - } - - return pageHTML -} - // sendResult sends the OAuth result to the waiting channel. // It ensures that the result is sent without blocking the handler. // diff --git a/third_party/phenotype-go-auth/token.go b/third_party/phenotype-go-auth/token.go new file mode 100644 index 0000000000..aec431b44d --- /dev/null +++ b/third_party/phenotype-go-auth/token.go @@ -0,0 +1,237 @@ +// Package auth provides shared authentication and token management functionality +// for Phenotype services. It includes token storage interfaces, token persistence, +// and OAuth2 helper utilities. +package auth + +import ( + "encoding/json" + "fmt" + "os" + "path/filepath" + "strings" + "time" +) + +// TokenStorage defines the interface for token persistence and retrieval. +// Implementations should handle secure storage of OAuth2 tokens and related metadata. +type TokenStorage interface { + // Load reads the token from storage (typically a file). + // Returns the token data or an error if loading fails. + Load() error + + // Save writes the token to storage (typically a file). + // Returns an error if saving fails. + Save() error + + // Clear removes the token from storage. + // Returns an error if clearing fails. + Clear() error + + // GetAccessToken returns the current access token. + GetAccessToken() string + + // GetRefreshToken returns the current refresh token. + GetRefreshToken() string + + // GetIDToken returns the current ID token. + GetIDToken() string + + // GetEmail returns the email associated with this token. + GetEmail() string + + // GetType returns the provider type (e.g., "claude", "github-copilot"). + GetType() string + + // GetMetadata returns arbitrary metadata associated with this token. + GetMetadata() map[string]any + + // SetMetadata allows external callers to inject metadata before saving. + SetMetadata(meta map[string]any) +} + +// BaseTokenStorage provides a shared implementation of token storage +// with common fields used across all OAuth2 providers. +type BaseTokenStorage struct { + // IDToken is the JWT ID token containing user claims and identity information. + IDToken string `json:"id_token"` + + // AccessToken is the OAuth2 access token used for authenticating API requests. + AccessToken string `json:"access_token"` + + // RefreshToken is used to obtain new access tokens when the current one expires. + RefreshToken string `json:"refresh_token"` + + // LastRefresh is the timestamp of the last token refresh operation. + LastRefresh string `json:"last_refresh"` + + // Email is the email address associated with this token. + Email string `json:"email"` + + // Type indicates the authentication provider type (e.g., "claude", "github-copilot"). + Type string `json:"type"` + + // Expire is the timestamp when the current access token expires. + Expire string `json:"expired"` + + // Metadata holds arbitrary key-value pairs injected via hooks. + // It is not exported to JSON directly to allow flattening during serialization. + Metadata map[string]any `json:"-"` + + // filePath is the path where the token is stored. + filePath string +} + +// NewBaseTokenStorage creates a new BaseTokenStorage instance with the given file path. +// +// Parameters: +// - filePath: The full path where the token file should be saved/loaded +// +// Returns: +// - *BaseTokenStorage: A new BaseTokenStorage instance +func NewBaseTokenStorage(filePath string) *BaseTokenStorage { + return &BaseTokenStorage{ + filePath: filePath, + Metadata: make(map[string]any), + } +} + +// Load reads the token from the file path. +// Returns an error if the operation fails or the file does not exist. +func (ts *BaseTokenStorage) Load() error { + filePath := strings.TrimSpace(ts.filePath) + if filePath == "" { + return fmt.Errorf("token file path is empty") + } + + data, err := os.ReadFile(filePath) + if err != nil { + return fmt.Errorf("failed to read token file: %w", err) + } + + if err = json.Unmarshal(data, ts); err != nil { + return fmt.Errorf("failed to parse token file: %w", err) + } + + return nil +} + +// Save writes the token to the file path. +// Creates the necessary directory structure if it doesn't exist. +func (ts *BaseTokenStorage) Save() error { + filePath := strings.TrimSpace(ts.filePath) + if filePath == "" { + return fmt.Errorf("token file path is empty") + } + + // Ensure directory exists + if err := os.MkdirAll(filepath.Dir(filePath), 0700); err != nil { + return fmt.Errorf("failed to create directory: %w", err) + } + + // Merge metadata into the token data for JSON serialization + data := ts.toJSONMap() + + // Write to file + jsonData, err := json.MarshalIndent(data, "", " ") + if err != nil { + return fmt.Errorf("failed to marshal token: %w", err) + } + + if err := os.WriteFile(filePath, jsonData, 0600); err != nil { + return fmt.Errorf("failed to write token file: %w", err) + } + + return nil +} + +// Clear removes the token file. +// Returns nil if the file doesn't exist. +func (ts *BaseTokenStorage) Clear() error { + filePath := strings.TrimSpace(ts.filePath) + if filePath == "" { + return fmt.Errorf("token file path is empty") + } + + if err := os.Remove(filePath); err != nil && !os.IsNotExist(err) { + return fmt.Errorf("failed to remove token file: %w", err) + } + + return nil +} + +// GetAccessToken returns the access token. +func (ts *BaseTokenStorage) GetAccessToken() string { + return ts.AccessToken +} + +// GetRefreshToken returns the refresh token. +func (ts *BaseTokenStorage) GetRefreshToken() string { + return ts.RefreshToken +} + +// GetIDToken returns the ID token. +func (ts *BaseTokenStorage) GetIDToken() string { + return ts.IDToken +} + +// GetEmail returns the email. +func (ts *BaseTokenStorage) GetEmail() string { + return ts.Email +} + +// GetType returns the provider type. +func (ts *BaseTokenStorage) GetType() string { + return ts.Type +} + +// GetMetadata returns the metadata. +func (ts *BaseTokenStorage) GetMetadata() map[string]any { + return ts.Metadata +} + +// SetMetadata allows external callers to inject metadata into the storage before saving. +func (ts *BaseTokenStorage) SetMetadata(meta map[string]any) { + ts.Metadata = meta +} + +// UpdateLastRefresh updates the LastRefresh timestamp to the current time. +func (ts *BaseTokenStorage) UpdateLastRefresh() { + ts.LastRefresh = time.Now().UTC().Format(time.RFC3339) +} + +// IsExpired checks if the token has expired based on the Expire timestamp. +func (ts *BaseTokenStorage) IsExpired() bool { + if ts.Expire == "" { + return false + } + + expireTime, err := time.Parse(time.RFC3339, ts.Expire) + if err != nil { + return false + } + + return time.Now().After(expireTime) +} + +// toJSONMap converts the token storage to a map for JSON serialization, +// merging in any metadata. +func (ts *BaseTokenStorage) toJSONMap() map[string]any { + result := map[string]any{ + "id_token": ts.IDToken, + "access_token": ts.AccessToken, + "refresh_token": ts.RefreshToken, + "last_refresh": ts.LastRefresh, + "email": ts.Email, + "type": ts.Type, + "expired": ts.Expire, + } + + // Merge metadata into the result + for key, value := range ts.Metadata { + if key != "" { + result[key] = value + } + } + + return result +}